diff --git a/contrib/openssl b/contrib/openssl index 5dfb0a79cf5c..19dd1ace3df5 160000 --- a/contrib/openssl +++ b/contrib/openssl @@ -1 +1 @@ -Subproject commit 5dfb0a79cf5cbba13f21fa5b065c93e318f49d8b +Subproject commit 19dd1ace3df58286c6fcf7d5cb6fb5b5ef0c3904 diff --git a/contrib/openssl-cmake/CMakeLists.txt b/contrib/openssl-cmake/CMakeLists.txt index a9e4a3df698b..42e39024e327 100644 --- a/contrib/openssl-cmake/CMakeLists.txt +++ b/contrib/openssl-cmake/CMakeLists.txt @@ -1395,14 +1395,21 @@ set(SSL_SRC ${OPENSSL_SOURCE_DIR}/ssl/tls_depr.c ${OPENSSL_SOURCE_DIR}/ssl/tls_srp.c ${OPENSSL_SOURCE_DIR}/ssl/quic/cc_newreno.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/json_enc.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/qlog.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/qlog_event_helpers.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_ackm.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_cfq.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_channel.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_demux.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_engine.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_fc.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_fifd.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_impl.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_lcidm.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_method.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_port.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_rcidm.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_reactor.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_record_rx.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_record_shared.c @@ -1411,6 +1418,8 @@ set(SSL_SRC ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_rstream.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_rx_depack.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_sf_list.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_srt_gen.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_srtm.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_sstream.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_statm.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_stream_map.c @@ -1420,6 +1429,7 @@ set(SSL_SRC ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_tserver.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_txp.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_txpim.c + ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_types.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_wire.c ${OPENSSL_SOURCE_DIR}/ssl/quic/quic_wire_pkt.c ${OPENSSL_SOURCE_DIR}/ssl/quic/uint_set.c diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/aes.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/aes.h new file mode 100644 index 000000000000..d0f9dfc6f1cd --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/aes.h @@ -0,0 +1,111 @@ +/* + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_AES_H +# define OPENSSL_AES_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_AES_H +# endif + +# include + +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define AES_BLOCK_SIZE 16 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 + +# define AES_ENCRYPT 1 +# define AES_DECRYPT 0 + +# define AES_MAXNR 14 + + +/* This should be a hidden type, but EVP requires that the size be known */ +struct aes_key_st { +# ifdef AES_LONG + unsigned long rd_key[4 * (AES_MAXNR + 1)]; +# else + unsigned int rd_key[4 * (AES_MAXNR + 1)]; +# endif + int rounds; +}; +typedef struct aes_key_st AES_KEY; + +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 const char *AES_options(void); +OSSL_DEPRECATEDIN_3_0 +int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +OSSL_DEPRECATEDIN_3_0 +int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +OSSL_DEPRECATEDIN_3_0 +void AES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +OSSL_DEPRECATEDIN_3_0 +void AES_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +OSSL_DEPRECATEDIN_3_0 +void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key, const int enc); +OSSL_DEPRECATEDIN_3_0 +void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +OSSL_DEPRECATEDIN_3_0 +void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +OSSL_DEPRECATEDIN_3_0 +void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +OSSL_DEPRECATEDIN_3_0 +void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc); +OSSL_DEPRECATEDIN_3_0 +void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num); + +/* NB: the IV is _two_ blocks long */ +OSSL_DEPRECATEDIN_3_0 +void AES_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +/* NB: the IV is _four_ blocks long */ +OSSL_DEPRECATEDIN_3_0 +void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, const AES_KEY *key2, + const unsigned char *ivec, const int enc); +OSSL_DEPRECATEDIN_3_0 +int AES_wrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, const unsigned char *in, + unsigned int inlen); +OSSL_DEPRECATEDIN_3_0 +int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, const unsigned char *in, + unsigned int inlen); +# endif + + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/asn1_mac.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/asn1_mac.h new file mode 100644 index 000000000000..fdcb983656ac --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/asn1_mac.h @@ -0,0 +1,10 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#error "This file is obsolete; please update your software." diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/asn1err.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/asn1err.h new file mode 100644 index 000000000000..8fd85ed88112 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/asn1err.h @@ -0,0 +1,142 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ASN1ERR_H +# define OPENSSL_ASN1ERR_H +# pragma once + +# include +# include +# include + + + +/* + * ASN1 reason codes. + */ +# define ASN1_R_ADDING_OBJECT 171 +# define ASN1_R_ASN1_PARSE_ERROR 203 +# define ASN1_R_ASN1_SIG_PARSE_ERROR 204 +# define ASN1_R_AUX_ERROR 100 +# define ASN1_R_BAD_OBJECT_HEADER 102 +# define ASN1_R_BAD_TEMPLATE 230 +# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 +# define ASN1_R_BN_LIB 105 +# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 +# define ASN1_R_BUFFER_TOO_SMALL 107 +# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 +# define ASN1_R_CONTEXT_NOT_INITIALISED 217 +# define ASN1_R_DATA_IS_WRONG 109 +# define ASN1_R_DECODE_ERROR 110 +# define ASN1_R_DEPTH_EXCEEDED 174 +# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 +# define ASN1_R_ENCODE_ERROR 112 +# define ASN1_R_ERROR_GETTING_TIME 173 +# define ASN1_R_ERROR_LOADING_SECTION 172 +# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 +# define ASN1_R_EXPECTING_AN_INTEGER 115 +# define ASN1_R_EXPECTING_AN_OBJECT 116 +# define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 +# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 +# define ASN1_R_FIELD_MISSING 121 +# define ASN1_R_FIRST_NUM_TOO_LARGE 122 +# define ASN1_R_GENERALIZEDTIME_IS_TOO_SHORT 232 +# define ASN1_R_HEADER_TOO_LONG 123 +# define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 +# define ASN1_R_ILLEGAL_BOOLEAN 176 +# define ASN1_R_ILLEGAL_CHARACTERS 124 +# define ASN1_R_ILLEGAL_FORMAT 177 +# define ASN1_R_ILLEGAL_HEX 178 +# define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 +# define ASN1_R_ILLEGAL_INTEGER 180 +# define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226 +# define ASN1_R_ILLEGAL_NESTED_TAGGING 181 +# define ASN1_R_ILLEGAL_NULL 125 +# define ASN1_R_ILLEGAL_NULL_VALUE 182 +# define ASN1_R_ILLEGAL_OBJECT 183 +# define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 +# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 +# define ASN1_R_ILLEGAL_PADDING 221 +# define ASN1_R_ILLEGAL_TAGGED_ANY 127 +# define ASN1_R_ILLEGAL_TIME_VALUE 184 +# define ASN1_R_ILLEGAL_ZERO_CONTENT 222 +# define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 +# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 +# define ASN1_R_INVALID_BMPSTRING_LENGTH 129 +# define ASN1_R_INVALID_DIGIT 130 +# define ASN1_R_INVALID_MIME_TYPE 205 +# define ASN1_R_INVALID_MODIFIER 186 +# define ASN1_R_INVALID_NUMBER 187 +# define ASN1_R_INVALID_OBJECT_ENCODING 216 +# define ASN1_R_INVALID_SCRYPT_PARAMETERS 227 +# define ASN1_R_INVALID_SEPARATOR 131 +# define ASN1_R_INVALID_STRING_TABLE_VALUE 218 +# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 +# define ASN1_R_INVALID_UTF8STRING 134 +# define ASN1_R_INVALID_VALUE 219 +# define ASN1_R_LENGTH_TOO_LONG 231 +# define ASN1_R_LIST_ERROR 188 +# define ASN1_R_MIME_NO_CONTENT_TYPE 206 +# define ASN1_R_MIME_PARSE_ERROR 207 +# define ASN1_R_MIME_SIG_PARSE_ERROR 208 +# define ASN1_R_MISSING_EOC 137 +# define ASN1_R_MISSING_SECOND_NUMBER 138 +# define ASN1_R_MISSING_VALUE 189 +# define ASN1_R_MSTRING_NOT_UNIVERSAL 139 +# define ASN1_R_MSTRING_WRONG_TAG 140 +# define ASN1_R_NESTED_ASN1_STRING 197 +# define ASN1_R_NESTED_TOO_DEEP 201 +# define ASN1_R_NON_HEX_CHARACTERS 141 +# define ASN1_R_NOT_ASCII_FORMAT 190 +# define ASN1_R_NOT_ENOUGH_DATA 142 +# define ASN1_R_NO_CONTENT_TYPE 209 +# define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 +# define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 +# define ASN1_R_NO_MULTIPART_BOUNDARY 211 +# define ASN1_R_NO_SIG_CONTENT_TYPE 212 +# define ASN1_R_NULL_IS_WRONG_LENGTH 144 +# define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 +# define ASN1_R_ODD_NUMBER_OF_CHARS 145 +# define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 +# define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 +# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 +# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 +# define ASN1_R_SHORT_LINE 150 +# define ASN1_R_SIG_INVALID_MIME_TYPE 213 +# define ASN1_R_STREAMING_NOT_SUPPORTED 202 +# define ASN1_R_STRING_TOO_LONG 151 +# define ASN1_R_STRING_TOO_SHORT 152 +# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 +# define ASN1_R_TIME_NOT_ASCII_FORMAT 193 +# define ASN1_R_TOO_LARGE 223 +# define ASN1_R_TOO_LONG 155 +# define ASN1_R_TOO_SMALL 224 +# define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +# define ASN1_R_TYPE_NOT_PRIMITIVE 195 +# define ASN1_R_UNEXPECTED_EOC 159 +# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 +# define ASN1_R_UNKNOWN_DIGEST 229 +# define ASN1_R_UNKNOWN_FORMAT 160 +# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 +# define ASN1_R_UNKNOWN_OBJECT_TYPE 162 +# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 +# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 +# define ASN1_R_UNKNOWN_TAG 194 +# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 +# define ASN1_R_UNSUPPORTED_CIPHER 228 +# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 +# define ASN1_R_UNSUPPORTED_TYPE 196 +# define ASN1_R_UTCTIME_IS_TOO_SHORT 233 +# define ASN1_R_WRONG_INTEGER_TYPE 225 +# define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 +# define ASN1_R_WRONG_TAG 168 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/async.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/async.h new file mode 100644 index 000000000000..826ffb993497 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/async.h @@ -0,0 +1,104 @@ +/* + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#ifndef OPENSSL_ASYNC_H +# define OPENSSL_ASYNC_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ASYNC_H +# endif + +#if defined(_WIN32) +# if defined(BASETYPES) || defined(_WINDEF_H) +/* application has to include to use this */ +#define OSSL_ASYNC_FD HANDLE +#define OSSL_BAD_ASYNC_FD INVALID_HANDLE_VALUE +# endif +#else +#define OSSL_ASYNC_FD int +#define OSSL_BAD_ASYNC_FD -1 +#endif +# include + + +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct async_job_st ASYNC_JOB; +typedef struct async_wait_ctx_st ASYNC_WAIT_CTX; +typedef int (*ASYNC_callback_fn)(void *arg); + +#define ASYNC_ERR 0 +#define ASYNC_NO_JOBS 1 +#define ASYNC_PAUSE 2 +#define ASYNC_FINISH 3 + +#define ASYNC_STATUS_UNSUPPORTED 0 +#define ASYNC_STATUS_ERR 1 +#define ASYNC_STATUS_OK 2 +#define ASYNC_STATUS_EAGAIN 3 + +int ASYNC_init_thread(size_t max_size, size_t init_size); +void ASYNC_cleanup_thread(void); + +#ifdef OSSL_ASYNC_FD +ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); +void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); +int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, + OSSL_ASYNC_FD fd, + void *custom_data, + void (*cleanup)(ASYNC_WAIT_CTX *, const void *, + OSSL_ASYNC_FD, void *)); +int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, + OSSL_ASYNC_FD *fd, void **custom_data); +int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, + size_t *numfds); +int ASYNC_WAIT_CTX_get_callback(ASYNC_WAIT_CTX *ctx, + ASYNC_callback_fn *callback, + void **callback_arg); +int ASYNC_WAIT_CTX_set_callback(ASYNC_WAIT_CTX *ctx, + ASYNC_callback_fn callback, + void *callback_arg); +int ASYNC_WAIT_CTX_set_status(ASYNC_WAIT_CTX *ctx, int status); +int ASYNC_WAIT_CTX_get_status(ASYNC_WAIT_CTX *ctx); +int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); +int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); +#endif + +int ASYNC_is_capable(void); + +typedef void *(*ASYNC_stack_alloc_fn)(size_t *num); +typedef void (*ASYNC_stack_free_fn)(void *addr); + +int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn, + ASYNC_stack_free_fn free_fn); +void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn, + ASYNC_stack_free_fn *free_fn); + +int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, + int (*func)(void *), void *args, size_t size); +int ASYNC_pause_job(void); + +ASYNC_JOB *ASYNC_get_current_job(void); +ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job); +void ASYNC_block_pause(void); +void ASYNC_unblock_pause(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/asyncerr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/asyncerr.h new file mode 100644 index 000000000000..c093f7be4547 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/asyncerr.h @@ -0,0 +1,29 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ASYNCERR_H +# define OPENSSL_ASYNCERR_H +# pragma once + +# include +# include +# include + + + +/* + * ASYNC reason codes. + */ +# define ASYNC_R_FAILED_TO_SET_POOL 101 +# define ASYNC_R_FAILED_TO_SWAP_CONTEXT 102 +# define ASYNC_R_INIT_FAILED 105 +# define ASYNC_R_INVALID_POOL_SIZE 103 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/bio.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/bio.h index ea584defe5c0..6fd5fedf7998 100644 --- a/contrib/openssl-cmake/linux_x86_64/include/openssl/bio.h +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/bio.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/bio.h.in * - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -70,7 +70,10 @@ extern "C" { # define BIO_TYPE_DGRAM_PAIR (26|BIO_TYPE_SOURCE_SINK) # define BIO_TYPE_DGRAM_MEM (27|BIO_TYPE_SOURCE_SINK) +/* Custom type starting index returned by BIO_get_new_index() */ #define BIO_TYPE_START 128 +/* Custom type maximum index that can be returned by BIO_get_new_index() */ +#define BIO_TYPE_MASK 0xFF /* * BIO_FILENAME_READ|BIO_CLOSE to open or close on free. @@ -407,6 +410,7 @@ typedef struct bio_mmsg_cb_args_st { #define BIO_POLL_DESCRIPTOR_TYPE_NONE 0 #define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD 1 +#define BIO_POLL_DESCRIPTOR_TYPE_SSL 2 #define BIO_POLL_DESCRIPTOR_CUSTOM_START 8192 typedef struct bio_poll_descriptor_st { @@ -415,6 +419,7 @@ typedef struct bio_poll_descriptor_st { int fd; void *custom; uintptr_t custom_ui; + SSL *ssl; } value; } BIO_POLL_DESCRIPTOR; diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/bioerr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/bioerr.h new file mode 100644 index 000000000000..e4fdb64974fc --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/bioerr.h @@ -0,0 +1,72 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_BIOERR_H +# define OPENSSL_BIOERR_H +# pragma once + +# include +# include +# include + + + +/* + * BIO reason codes. + */ +# define BIO_R_ACCEPT_ERROR 100 +# define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET 141 +# define BIO_R_AMBIGUOUS_HOST_OR_SERVICE 129 +# define BIO_R_BAD_FOPEN_MODE 101 +# define BIO_R_BROKEN_PIPE 124 +# define BIO_R_CONNECT_ERROR 103 +# define BIO_R_CONNECT_TIMEOUT 147 +# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 +# define BIO_R_GETSOCKNAME_ERROR 132 +# define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS 133 +# define BIO_R_GETTING_SOCKTYPE 134 +# define BIO_R_INVALID_ARGUMENT 125 +# define BIO_R_INVALID_SOCKET 135 +# define BIO_R_IN_USE 123 +# define BIO_R_LENGTH_TOO_LONG 102 +# define BIO_R_LISTEN_V6_ONLY 136 +# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE 111 +# define BIO_R_LOOKUP_RETURNED_NOTHING 142 +# define BIO_R_MALFORMED_HOST_OR_SERVICE 130 +# define BIO_R_NBIO_CONNECT_ERROR 110 +# define BIO_R_NON_FATAL 112 +# define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED 143 +# define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED 144 +# define BIO_R_NO_PORT_DEFINED 113 +# define BIO_R_NO_SUCH_FILE 128 +# define BIO_R_NULL_PARAMETER 115 /* unused */ +# define BIO_R_TFO_DISABLED 106 +# define BIO_R_TFO_NO_KERNEL_SUPPORT 108 +# define BIO_R_TRANSFER_ERROR 104 +# define BIO_R_TRANSFER_TIMEOUT 105 +# define BIO_R_UNABLE_TO_BIND_SOCKET 117 +# define BIO_R_UNABLE_TO_CREATE_SOCKET 118 +# define BIO_R_UNABLE_TO_KEEPALIVE 137 +# define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 +# define BIO_R_UNABLE_TO_NODELAY 138 +# define BIO_R_UNABLE_TO_REUSEADDR 139 +# define BIO_R_UNABLE_TO_TFO 109 +# define BIO_R_UNAVAILABLE_IP_FAMILY 145 +# define BIO_R_UNINITIALIZED 120 +# define BIO_R_UNKNOWN_INFO_TYPE 140 +# define BIO_R_UNSUPPORTED_IP_FAMILY 146 +# define BIO_R_UNSUPPORTED_METHOD 121 +# define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY 131 +# define BIO_R_WRITE_TO_READ_ONLY_BIO 126 +# define BIO_R_WSASTARTUP 122 +# define BIO_R_PORT_MISMATCH 150 +# define BIO_R_PEER_ADDR_NOT_AVAILABLE 151 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/blowfish.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/blowfish.h new file mode 100644 index 000000000000..667d6423912b --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/blowfish.h @@ -0,0 +1,78 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_BLOWFISH_H +# define OPENSSL_BLOWFISH_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_BLOWFISH_H +# endif + +# include + +# ifndef OPENSSL_NO_BF +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define BF_BLOCK 8 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 + +# define BF_ENCRYPT 1 +# define BF_DECRYPT 0 + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! BF_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define BF_LONG unsigned int + +# define BF_ROUNDS 16 + +typedef struct bf_key_st { + BF_LONG P[BF_ROUNDS + 2]; + BF_LONG S[4 * 256]; +} BF_KEY; + +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 void BF_set_key(BF_KEY *key, int len, + const unsigned char *data); +OSSL_DEPRECATEDIN_3_0 void BF_encrypt(BF_LONG *data, const BF_KEY *key); +OSSL_DEPRECATEDIN_3_0 void BF_decrypt(BF_LONG *data, const BF_KEY *key); +OSSL_DEPRECATEDIN_3_0 void BF_ecb_encrypt(const unsigned char *in, + unsigned char *out, const BF_KEY *key, + int enc); +OSSL_DEPRECATEDIN_3_0 void BF_cbc_encrypt(const unsigned char *in, + unsigned char *out, long length, + const BF_KEY *schedule, + unsigned char *ivec, int enc); +OSSL_DEPRECATEDIN_3_0 void BF_cfb64_encrypt(const unsigned char *in, + unsigned char *out, + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num, + int enc); +OSSL_DEPRECATEDIN_3_0 void BF_ofb64_encrypt(const unsigned char *in, + unsigned char *out, + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num); +OSSL_DEPRECATEDIN_3_0 const char *BF_options(void); +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/bn.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/bn.h new file mode 100644 index 000000000000..ea706dca7f2f --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/bn.h @@ -0,0 +1,590 @@ +/* + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_BN_H +# define OPENSSL_BN_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_BN_H +# endif + +# include +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * 64-bit processor with LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT_LONG +# define BN_ULONG unsigned long +# define BN_BYTES 8 +# endif + +/* + * 64-bit processor other than LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT +# define BN_ULONG unsigned long long +# define BN_BYTES 8 +# endif + +# ifdef THIRTY_TWO_BIT +# define BN_ULONG unsigned int +# define BN_BYTES 4 +# endif + +# define BN_BITS2 (BN_BYTES * 8) +# define BN_BITS (BN_BITS2 * 2) +# define BN_TBIT ((BN_ULONG)1 << (BN_BITS2 - 1)) + +# define BN_FLG_MALLOCED 0x01 +# define BN_FLG_STATIC_DATA 0x02 + +/* + * avoid leaking exponent information through timing, + * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, + * BN_div() will call BN_div_no_branch, + * BN_mod_inverse() will call bn_mod_inverse_no_branch. + */ +# define BN_FLG_CONSTTIME 0x04 +# define BN_FLG_SECURE 0x08 + +# ifndef OPENSSL_NO_DEPRECATED_0_9_8 +/* deprecated name for the flag */ +# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME +# define BN_FLG_FREE 0x8000 /* used for debugging */ +# endif + +void BN_set_flags(BIGNUM *b, int n); +int BN_get_flags(const BIGNUM *b, int n); + +/* Values for |top| in BN_rand() */ +#define BN_RAND_TOP_ANY -1 +#define BN_RAND_TOP_ONE 0 +#define BN_RAND_TOP_TWO 1 + +/* Values for |bottom| in BN_rand() */ +#define BN_RAND_BOTTOM_ANY 0 +#define BN_RAND_BOTTOM_ODD 1 + +/* + * get a clone of a BIGNUM with changed flags, for *temporary* use only (the + * two BIGNUMs cannot be used in parallel!). Also only for *read only* use. The + * value |dest| should be a newly allocated BIGNUM obtained via BN_new() that + * has not been otherwise initialised or used. + */ +void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); + +/* Wrapper function to make using BN_GENCB easier */ +int BN_GENCB_call(BN_GENCB *cb, int a, int b); + +BN_GENCB *BN_GENCB_new(void); +void BN_GENCB_free(BN_GENCB *cb); + +/* Populate a BN_GENCB structure with an "old"-style callback */ +void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *), + void *cb_arg); + +/* Populate a BN_GENCB structure with a "new"-style callback */ +void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *), + void *cb_arg); + +void *BN_GENCB_get_arg(BN_GENCB *cb); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define BN_prime_checks 0 /* default: select number of iterations based + * on the size of the number */ + +/* + * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations + * that will be done for checking that a random number is probably prime. The + * error rate for accepting a composite number as prime depends on the size of + * the prime |b|. The error rates used are for calculating an RSA key with 2 primes, + * and so the level is what you would expect for a key of double the size of the + * prime. + * + * This table is generated using the algorithm of FIPS PUB 186-4 + * Digital Signature Standard (DSS), section F.1, page 117. + * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) + * + * The following magma script was used to generate the output: + * securitybits:=125; + * k:=1024; + * for t:=1 to 65 do + * for M:=3 to Floor(2*Sqrt(k-1)-1) do + * S:=0; + * // Sum over m + * for m:=3 to M do + * s:=0; + * // Sum over j + * for j:=2 to m do + * s+:=(RealField(32)!2)^-(j+(k-1)/j); + * end for; + * S+:=2^(m-(m-1)*t)*s; + * end for; + * A:=2^(k-2-M*t); + * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S; + * pkt:=2.00743*Log(2)*k*2^-k*(A+B); + * seclevel:=Floor(-Log(2,pkt)); + * if seclevel ge securitybits then + * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M; + * break; + * end if; + * end for; + * if seclevel ge securitybits then break; end if; + * end for; + * + * It can be run online at: + * http://magma.maths.usyd.edu.au/calc + * + * And will output: + * k: 1024, security: 129 bits (t: 6, M: 23) + * + * k is the number of bits of the prime, securitybits is the level we want to + * reach. + * + * prime length | RSA key size | # MR tests | security level + * -------------+--------------|------------+--------------- + * (b) >= 6394 | >= 12788 | 3 | 256 bit + * (b) >= 3747 | >= 7494 | 3 | 192 bit + * (b) >= 1345 | >= 2690 | 4 | 128 bit + * (b) >= 1080 | >= 2160 | 5 | 128 bit + * (b) >= 852 | >= 1704 | 5 | 112 bit + * (b) >= 476 | >= 952 | 5 | 80 bit + * (b) >= 400 | >= 800 | 6 | 80 bit + * (b) >= 347 | >= 694 | 7 | 80 bit + * (b) >= 308 | >= 616 | 8 | 80 bit + * (b) >= 55 | >= 110 | 27 | 64 bit + * (b) >= 6 | >= 12 | 34 | 64 bit + */ + +# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \ + (b) >= 1345 ? 4 : \ + (b) >= 476 ? 5 : \ + (b) >= 400 ? 6 : \ + (b) >= 347 ? 7 : \ + (b) >= 308 ? 8 : \ + (b) >= 55 ? 27 : \ + /* b >= 6 */ 34) +# endif + +# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) + +int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_zero(const BIGNUM *a); +int BN_is_one(const BIGNUM *a); +int BN_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_odd(const BIGNUM *a); + +# define BN_one(a) (BN_set_word((a),1)) + +void BN_zero_ex(BIGNUM *a); + +# if OPENSSL_API_LEVEL > 908 +# define BN_zero(a) BN_zero_ex(a) +# else +# define BN_zero(a) (BN_set_word((a),0)) +# endif + +const BIGNUM *BN_value_one(void); +char *BN_options(void); +BN_CTX *BN_CTX_new_ex(OSSL_LIB_CTX *ctx); +BN_CTX *BN_CTX_new(void); +BN_CTX *BN_CTX_secure_new_ex(OSSL_LIB_CTX *ctx); +BN_CTX *BN_CTX_secure_new(void); +void BN_CTX_free(BN_CTX *c); +void BN_CTX_start(BN_CTX *ctx); +BIGNUM *BN_CTX_get(BN_CTX *ctx); +void BN_CTX_end(BN_CTX *ctx); +int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, + unsigned int strength, BN_CTX *ctx); +int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, + unsigned int strength, BN_CTX *ctx); +int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, unsigned int strength, + BN_CTX *ctx); +int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, + unsigned int strength, BN_CTX *ctx); +int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +OSSL_DEPRECATEDIN_3_0 +int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); +# endif +int BN_num_bits(const BIGNUM *a); +int BN_num_bits_word(BN_ULONG l); +int BN_security_bits(int L, int N); +BIGNUM *BN_new(void); +BIGNUM *BN_secure_new(void); +void BN_clear_free(BIGNUM *a); +BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); +void BN_swap(BIGNUM *a, BIGNUM *b); +BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2bin(const BIGNUM *a, unsigned char *to); +int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); +int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); +int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret); +BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen); +int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); +/** BN_set_negative sets sign of a BIGNUM + * \param b pointer to the BIGNUM object + * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise + */ +void BN_set_negative(BIGNUM *b, int n); +/** BN_is_negative returns 1 if the BIGNUM is negative + * \param b pointer to the BIGNUM object + * \return 1 if a < 0 and 0 otherwise + */ +int BN_is_negative(const BIGNUM *b); + +int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + BN_CTX *ctx); +# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) +int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); +int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); +int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); + +BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +int BN_mul_word(BIGNUM *a, BN_ULONG w); +int BN_add_word(BIGNUM *a, BN_ULONG w); +int BN_sub_word(BIGNUM *a, BN_ULONG w); +int BN_set_word(BIGNUM *a, BN_ULONG w); +BN_ULONG BN_get_word(const BIGNUM *a); + +int BN_cmp(const BIGNUM *a, const BIGNUM *b); +void BN_free(BIGNUM *a); +int BN_is_bit_set(const BIGNUM *a, int n); +int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_lshift1(BIGNUM *r, const BIGNUM *a); +int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); +int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, + const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_mod_exp_mont_consttime_x2(BIGNUM *rr1, const BIGNUM *a1, const BIGNUM *p1, + const BIGNUM *m1, BN_MONT_CTX *in_mont1, + BIGNUM *rr2, const BIGNUM *a2, const BIGNUM *p2, + const BIGNUM *m2, BN_MONT_CTX *in_mont2, + BN_CTX *ctx); + +int BN_mask_bits(BIGNUM *a, int n); +# ifndef OPENSSL_NO_STDIO +int BN_print_fp(FILE *fp, const BIGNUM *a); +# endif +int BN_print(BIO *bio, const BIGNUM *a); +int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); +int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_rshift1(BIGNUM *r, const BIGNUM *a); +void BN_clear(BIGNUM *a); +BIGNUM *BN_dup(const BIGNUM *a); +int BN_ucmp(const BIGNUM *a, const BIGNUM *b); +int BN_set_bit(BIGNUM *a, int n); +int BN_clear_bit(BIGNUM *a, int n); +char *BN_bn2hex(const BIGNUM *a); +char *BN_bn2dec(const BIGNUM *a); +int BN_hex2bn(BIGNUM **a, const char *str); +int BN_dec2bn(BIGNUM **a, const char *str); +int BN_asc2bn(BIGNUM **a, const char *str); +int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns + * -2 for + * error */ +int BN_are_coprime(BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +BIGNUM *BN_mod_inverse(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); +BIGNUM *BN_mod_sqrt(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); + +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + +/* Deprecated versions */ +# ifndef OPENSSL_NO_DEPRECATED_0_9_8 +OSSL_DEPRECATEDIN_0_9_8 +BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, const BIGNUM *rem, + void (*callback) (int, int, void *), + void *cb_arg); +OSSL_DEPRECATEDIN_0_9_8 +int BN_is_prime(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg); +OSSL_DEPRECATEDIN_0_9_8 +int BN_is_prime_fasttest(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg, + int do_trial_division); +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); +OSSL_DEPRECATEDIN_3_0 +int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, + int do_trial_division, BN_GENCB *cb); +# endif +/* Newer versions */ +int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb, + BN_CTX *ctx); +int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb); +int BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); + +OSSL_DEPRECATEDIN_3_0 +int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + const BIGNUM *Xp, const BIGNUM *Xp1, + const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); +OSSL_DEPRECATEDIN_3_0 +int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, + BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, + BN_CTX *ctx, BN_GENCB *cb); +# endif + +BN_MONT_CTX *BN_MONT_CTX_new(void); +int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +void BN_MONT_CTX_free(BN_MONT_CTX *mont); +int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); +BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, + const BIGNUM *mod, BN_CTX *ctx); + +/* BN_BLINDING flags */ +# define BN_BLINDING_NO_UPDATE 0x00000001 +# define BN_BLINDING_NO_RECREATE 0x00000002 + +BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); +void BN_BLINDING_free(BN_BLINDING *b); +int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); +int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, + BN_CTX *); + +int BN_BLINDING_is_current_thread(BN_BLINDING *b); +void BN_BLINDING_set_current_thread(BN_BLINDING *b); +int BN_BLINDING_lock(BN_BLINDING *b); +int BN_BLINDING_unlock(BN_BLINDING *b); + +unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, + const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, + int (*bn_mod_exp) (BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx), + BN_MONT_CTX *m_ctx); +# ifndef OPENSSL_NO_DEPRECATED_0_9_8 +OSSL_DEPRECATEDIN_0_9_8 +void BN_set_params(int mul, int high, int low, int mont); +OSSL_DEPRECATEDIN_0_9_8 +int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ +# endif + +BN_RECP_CTX *BN_RECP_CTX_new(void); +void BN_RECP_CTX_free(BN_RECP_CTX *recp); +int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); +int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, + BN_RECP_CTX *recp, BN_CTX *ctx); +int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + BN_RECP_CTX *recp, BN_CTX *ctx); + +# ifndef OPENSSL_NO_EC2M + +/* + * Functions for arithmetic over binary polynomials represented by BIGNUMs. + * The BIGNUM::neg property of BIGNUMs representing binary polynomials is + * ignored. Note that input arguments are not const so that their bit arrays + * can be expanded to the appropriate size if needed. + */ + +/* + * r = a + b + */ +int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) +/* + * r=a mod p + */ +int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); +/* r = (a * b) mod p */ +int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = (a * a) mod p */ +int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +/* r = (1 / b) mod p */ +int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); +/* r = (a / b) mod p */ +int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = (a ^ b) mod p */ +int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = sqrt(a) mod p */ +int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +/* r^2 + r = a mod p */ +int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) +/*- + * Some functions allow for representation of the irreducible polynomials + * as an unsigned int[], say p. The irreducible f(t) is then of the form: + * t^p[0] + t^p[1] + ... + t^p[k] + * where m = p[0] > p[1] > ... > p[k] = 0. + */ +/* r = a mod p */ +int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); +/* r = (a * b) mod p */ +int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = (a * a) mod p */ +int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], + BN_CTX *ctx); +/* r = (1 / b) mod p */ +int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], + BN_CTX *ctx); +/* r = (a / b) mod p */ +int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = (a ^ b) mod p */ +int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = sqrt(a) mod p */ +int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); +/* r^2 + r = a mod p */ +int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); +int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); +int BN_GF2m_arr2poly(const int p[], BIGNUM *a); + +# endif + +/* + * faster mod functions for the 'NIST primes' 0 <= a < p^2 + */ +int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +const BIGNUM *BN_get0_nist_prime_192(void); +const BIGNUM *BN_get0_nist_prime_224(void); +const BIGNUM *BN_get0_nist_prime_256(void); +const BIGNUM *BN_get0_nist_prime_384(void); +const BIGNUM *BN_get0_nist_prime_521(void); + +int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a, + const BIGNUM *field, BN_CTX *ctx); + +int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, + const BIGNUM *priv, const unsigned char *message, + size_t message_len, BN_CTX *ctx); + +/* Primes from RFC 2409 */ +BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn); +BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn); + +/* Primes from RFC 3526 */ +BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define get_rfc2409_prime_768 BN_get_rfc2409_prime_768 +# define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024 +# define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536 +# define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048 +# define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072 +# define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096 +# define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144 +# define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192 +# endif + +int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/bnerr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/bnerr.h new file mode 100644 index 000000000000..7c3f6ef3d4ba --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/bnerr.h @@ -0,0 +1,47 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_BNERR_H +# define OPENSSL_BNERR_H +# pragma once + +# include +# include +# include + + + +/* + * BN reason codes. + */ +# define BN_R_ARG2_LT_ARG3 100 +# define BN_R_BAD_RECIPROCAL 101 +# define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 +# define BN_R_CALLED_WITH_EVEN_MODULUS 102 +# define BN_R_DIV_BY_ZERO 103 +# define BN_R_ENCODING_ERROR 104 +# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 +# define BN_R_INPUT_NOT_REDUCED 110 +# define BN_R_INVALID_LENGTH 106 +# define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 +# define BN_R_NOT_A_SQUARE 111 +# define BN_R_NOT_INITIALIZED 107 +# define BN_R_NO_INVERSE 108 +# define BN_R_NO_PRIME_CANDIDATE 121 +# define BN_R_NO_SOLUTION 116 +# define BN_R_NO_SUITABLE_DIGEST 120 +# define BN_R_PRIVATE_KEY_TOO_LARGE 117 +# define BN_R_P_IS_NOT_PRIME 112 +# define BN_R_TOO_MANY_ITERATIONS 113 +# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/buffer.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/buffer.h new file mode 100644 index 000000000000..5773b986bd21 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/buffer.h @@ -0,0 +1,62 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_BUFFER_H +# define OPENSSL_BUFFER_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_BUFFER_H +# endif + +# include +# ifndef OPENSSL_CRYPTO_H +# include +# endif +# include + + +#ifdef __cplusplus +extern "C" { +#endif + +# include +# include + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define BUF_strdup(s) OPENSSL_strdup(s) +# define BUF_strndup(s, size) OPENSSL_strndup(s, size) +# define BUF_memdup(data, size) OPENSSL_memdup(data, size) +# define BUF_strlcpy(dst, src, size) OPENSSL_strlcpy(dst, src, size) +# define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size) +# define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen) +# endif + +struct buf_mem_st { + size_t length; /* current number of bytes */ + char *data; + size_t max; /* size of buffer */ + unsigned long flags; +}; + +# define BUF_MEM_FLAG_SECURE 0x01 + +BUF_MEM *BUF_MEM_new(void); +BUF_MEM *BUF_MEM_new_ex(unsigned long flags); +void BUF_MEM_free(BUF_MEM *a); +size_t BUF_MEM_grow(BUF_MEM *str, size_t len); +size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); +void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/buffererr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/buffererr.h new file mode 100644 index 000000000000..d18b1f8f0735 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/buffererr.h @@ -0,0 +1,25 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_BUFFERERR_H +# define OPENSSL_BUFFERERR_H +# pragma once + +# include +# include +# include + + + +/* + * BUF reason codes. + */ + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/camellia.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/camellia.h new file mode 100644 index 000000000000..88c2279e90f1 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/camellia.h @@ -0,0 +1,117 @@ +/* + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CAMELLIA_H +# define OPENSSL_CAMELLIA_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CAMELLIA_H +# endif + +# include + +# ifndef OPENSSL_NO_CAMELLIA +# include +#ifdef __cplusplus +extern "C" { +#endif + +# define CAMELLIA_BLOCK_SIZE 16 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 + +# define CAMELLIA_ENCRYPT 1 +# define CAMELLIA_DECRYPT 0 + +/* + * Because array size can't be a const in C, the following two are macros. + * Both sizes are in bytes. + */ + +/* This should be a hidden type, but EVP requires that the size be known */ + +# define CAMELLIA_TABLE_BYTE_LEN 272 +# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) + +typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match + * with WORD */ + +struct camellia_key_st { + union { + double d; /* ensures 64-bit align */ + KEY_TABLE_TYPE rd_key; + } u; + int grand_rounds; +}; +typedef struct camellia_key_st CAMELLIA_KEY; + +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int Camellia_set_key(const unsigned char *userKey, + const int bits, + CAMELLIA_KEY *key); +OSSL_DEPRECATEDIN_3_0 void Camellia_encrypt(const unsigned char *in, + unsigned char *out, + const CAMELLIA_KEY *key); +OSSL_DEPRECATEDIN_3_0 void Camellia_decrypt(const unsigned char *in, + unsigned char *out, + const CAMELLIA_KEY *key); +OSSL_DEPRECATEDIN_3_0 void Camellia_ecb_encrypt(const unsigned char *in, + unsigned char *out, + const CAMELLIA_KEY *key, + const int enc); +OSSL_DEPRECATEDIN_3_0 void Camellia_cbc_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const CAMELLIA_KEY *key, + unsigned char *ivec, + const int enc); +OSSL_DEPRECATEDIN_3_0 void Camellia_cfb128_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const CAMELLIA_KEY *key, + unsigned char *ivec, + int *num, + const int enc); +OSSL_DEPRECATEDIN_3_0 void Camellia_cfb1_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const CAMELLIA_KEY *key, + unsigned char *ivec, + int *num, + const int enc); +OSSL_DEPRECATEDIN_3_0 void Camellia_cfb8_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const CAMELLIA_KEY *key, + unsigned char *ivec, + int *num, + const int enc); +OSSL_DEPRECATEDIN_3_0 void Camellia_ofb128_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const CAMELLIA_KEY *key, + unsigned char *ivec, + int *num); +OSSL_DEPRECATEDIN_3_0 +void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char ivec[CAMELLIA_BLOCK_SIZE], + unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], + unsigned int *num); +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/cast.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/cast.h new file mode 100644 index 000000000000..0bf217beab23 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/cast.h @@ -0,0 +1,71 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CAST_H +# define OPENSSL_CAST_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CAST_H +# endif + +# include + +# ifndef OPENSSL_NO_CAST +# ifdef __cplusplus +extern "C" { +# endif + +# define CAST_BLOCK 8 +# define CAST_KEY_LENGTH 16 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 + +# define CAST_ENCRYPT 1 +# define CAST_DECRYPT 0 + +# define CAST_LONG unsigned int + +typedef struct cast_key_st { + CAST_LONG data[32]; + int short_key; /* Use reduced rounds for short key */ +} CAST_KEY; + +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); +OSSL_DEPRECATEDIN_3_0 +void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAST_KEY *key, int enc); +OSSL_DEPRECATEDIN_3_0 +void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key); +OSSL_DEPRECATEDIN_3_0 +void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key); +OSSL_DEPRECATEDIN_3_0 +void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *ks, unsigned char *iv, + int enc); +OSSL_DEPRECATEDIN_3_0 +void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, + unsigned char *ivec, int *num, int enc); +OSSL_DEPRECATEDIN_3_0 +void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, + unsigned char *ivec, int *num); +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/cmac.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/cmac.h new file mode 100644 index 000000000000..f50861836f48 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/cmac.h @@ -0,0 +1,52 @@ +/* + * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CMAC_H +# define OPENSSL_CMAC_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CMAC_H +# endif + +# ifndef OPENSSL_NO_CMAC + +# ifdef __cplusplus +extern "C" { +# endif + +# include + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* Opaque */ +typedef struct CMAC_CTX_st CMAC_CTX; +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 CMAC_CTX *CMAC_CTX_new(void); +OSSL_DEPRECATEDIN_3_0 void CMAC_CTX_cleanup(CMAC_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 void CMAC_CTX_free(CMAC_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in); +OSSL_DEPRECATEDIN_3_0 int CMAC_Init(CMAC_CTX *ctx, + const void *key, size_t keylen, + const EVP_CIPHER *cipher, ENGINE *impl); +OSSL_DEPRECATEDIN_3_0 int CMAC_Update(CMAC_CTX *ctx, + const void *data, size_t dlen); +OSSL_DEPRECATEDIN_3_0 int CMAC_Final(CMAC_CTX *ctx, + unsigned char *out, size_t *poutlen); +OSSL_DEPRECATEDIN_3_0 int CMAC_resume(CMAC_CTX *ctx); +# endif + +# ifdef __cplusplus +} +# endif + +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/cmp.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/cmp.h index 60beffd57ef6..80d9709f1a13 100644 --- a/contrib/openssl-cmake/linux_x86_64/include/openssl/cmp.h +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/cmp.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/cmp.h.in * - * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -380,6 +380,10 @@ int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, OSSL_CMP_ITAV *itav); void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); +OSSL_CMP_ITAV *OSSL_CMP_ITAV_new0_certProfile(STACK_OF(ASN1_UTF8STRING) + *certProfile); +int OSSL_CMP_ITAV_get0_certProfile(const OSSL_CMP_ITAV *itav, + STACK_OF(ASN1_UTF8STRING) **out); OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts); int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out); @@ -425,6 +429,7 @@ const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx); # define OSSL_CMP_OPT_DIGEST_ALGNID 34 # define OSSL_CMP_OPT_IGNORE_KEYUSAGE 35 # define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 36 +# define OSSL_CMP_OPT_NO_CACHE_EXTRACERTS 37 int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val); int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt); /* CMP-specific callback for logging and outputting the error queue: */ @@ -470,6 +475,8 @@ int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name); int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); int OSSL_CMP_CTX_reset_geninfo_ITAVs(OSSL_CMP_CTX *ctx); +STACK_OF(OSSL_CMP_ITAV) + *OSSL_CMP_CTX_get0_geninfo_ITAVs(const OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, STACK_OF(X509) *extraCertsOut); /* certificate template: */ @@ -522,10 +529,13 @@ OSSL_CMP_STATUSINFO_new(int status, int fail_info, const char *text); ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const OSSL_CMP_PKIHEADER *hdr); ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); +STACK_OF(OSSL_CMP_ITAV) + *OSSL_CMP_HDR_get0_geninfo_ITAVs(const OSSL_CMP_PKIHEADER *hdr); /* from cmp_msg.c */ OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg); +X509_PUBKEY *OSSL_CMP_MSG_get0_certreq_publickey(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); @@ -587,6 +597,13 @@ int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX *srv_ctx, void *custom_ctx, OSSL_CMP_SRV_error_cb_t process_error, OSSL_CMP_SRV_certConf_cb_t process_certConf, OSSL_CMP_SRV_pollReq_cb_t process_pollReq); +typedef int (*OSSL_CMP_SRV_delayed_delivery_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, + const OSSL_CMP_MSG *req); +typedef int (*OSSL_CMP_SRV_clean_transaction_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, + const ASN1_OCTET_STRING *id); +int OSSL_CMP_SRV_CTX_init_trans(OSSL_CMP_SRV_CTX *srv_ctx, + OSSL_CMP_SRV_delayed_delivery_cb_t delay, + OSSL_CMP_SRV_clean_transaction_cb_t clean); OSSL_CMP_CTX *OSSL_CMP_SRV_CTX_get0_cmp_ctx(const OSSL_CMP_SRV_CTX *srv_ctx); void *OSSL_CMP_SRV_CTX_get0_custom_ctx(const OSSL_CMP_SRV_CTX *srv_ctx); int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX *srv_ctx, @@ -603,6 +620,8 @@ X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type, # define OSSL_CMP_CR 2 # define OSSL_CMP_P10CR 4 # define OSSL_CMP_KUR 7 +# define OSSL_CMP_GENM 21 +# define OSSL_CMP_ERROR 23 # define OSSL_CMP_exec_IR_ses(ctx) \ OSSL_CMP_exec_certreq(ctx, OSSL_CMP_IR, NULL) # define OSSL_CMP_exec_CR_ses(ctx) \ diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/cmp_util.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/cmp_util.h new file mode 100644 index 000000000000..9a168922bfce --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/cmp_util.h @@ -0,0 +1,56 @@ +/* + * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2019 + * Copyright Siemens AG 2015-2019 + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CMP_UTIL_H +# define OPENSSL_CMP_UTIL_H +# pragma once + +# include +# ifndef OPENSSL_NO_CMP + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int OSSL_CMP_log_open(void); +void OSSL_CMP_log_close(void); +# define OSSL_CMP_LOG_PREFIX "CMP " + +/* + * generalized logging/error callback mirroring the severity levels of syslog.h + */ +typedef int OSSL_CMP_severity; +# define OSSL_CMP_LOG_EMERG 0 +# define OSSL_CMP_LOG_ALERT 1 +# define OSSL_CMP_LOG_CRIT 2 +# define OSSL_CMP_LOG_ERR 3 +# define OSSL_CMP_LOG_WARNING 4 +# define OSSL_CMP_LOG_NOTICE 5 +# define OSSL_CMP_LOG_INFO 6 +# define OSSL_CMP_LOG_DEBUG 7 +# define OSSL_CMP_LOG_TRACE 8 +# define OSSL_CMP_LOG_MAX OSSL_CMP_LOG_TRACE +typedef int (*OSSL_CMP_log_cb_t)(const char *func, const char *file, int line, + OSSL_CMP_severity level, const char *msg); + +int OSSL_CMP_print_to_bio(BIO *bio, const char *component, const char *file, + int line, OSSL_CMP_severity level, const char *msg); +/* use of the logging callback for outputting error queue */ +void OSSL_CMP_print_errors_cb(OSSL_CMP_log_cb_t log_fn); + +# ifdef __cplusplus +} +# endif +# endif /* !defined(OPENSSL_NO_CMP) */ +#endif /* !defined(OPENSSL_CMP_UTIL_H) */ diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/cmperr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/cmperr.h new file mode 100644 index 000000000000..0d876e501c5c --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/cmperr.h @@ -0,0 +1,125 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CMPERR_H +# define OPENSSL_CMPERR_H +# pragma once + +# include +# include +# include + + +# ifndef OPENSSL_NO_CMP + + +/* + * CMP reason codes. + */ +# define CMP_R_ALGORITHM_NOT_SUPPORTED 139 +# define CMP_R_BAD_CHECKAFTER_IN_POLLREP 167 +# define CMP_R_BAD_REQUEST_ID 108 +# define CMP_R_CERTHASH_UNMATCHED 156 +# define CMP_R_CERTID_NOT_FOUND 109 +# define CMP_R_CERTIFICATE_NOT_ACCEPTED 169 +# define CMP_R_CERTIFICATE_NOT_FOUND 112 +# define CMP_R_CERTREQMSG_NOT_FOUND 157 +# define CMP_R_CERTRESPONSE_NOT_FOUND 113 +# define CMP_R_CERT_AND_KEY_DO_NOT_MATCH 114 +# define CMP_R_CHECKAFTER_OUT_OF_RANGE 181 +# define CMP_R_ENCOUNTERED_KEYUPDATEWARNING 176 +# define CMP_R_ENCOUNTERED_WAITING 162 +# define CMP_R_ERROR_CALCULATING_PROTECTION 115 +# define CMP_R_ERROR_CREATING_CERTCONF 116 +# define CMP_R_ERROR_CREATING_CERTREP 117 +# define CMP_R_ERROR_CREATING_CERTREQ 163 +# define CMP_R_ERROR_CREATING_ERROR 118 +# define CMP_R_ERROR_CREATING_GENM 119 +# define CMP_R_ERROR_CREATING_GENP 120 +# define CMP_R_ERROR_CREATING_PKICONF 122 +# define CMP_R_ERROR_CREATING_POLLREP 123 +# define CMP_R_ERROR_CREATING_POLLREQ 124 +# define CMP_R_ERROR_CREATING_RP 125 +# define CMP_R_ERROR_CREATING_RR 126 +# define CMP_R_ERROR_PARSING_PKISTATUS 107 +# define CMP_R_ERROR_PROCESSING_MESSAGE 158 +# define CMP_R_ERROR_PROTECTING_MESSAGE 127 +# define CMP_R_ERROR_SETTING_CERTHASH 128 +# define CMP_R_ERROR_UNEXPECTED_CERTCONF 160 +# define CMP_R_ERROR_VALIDATING_PROTECTION 140 +# define CMP_R_ERROR_VALIDATING_SIGNATURE 171 +# define CMP_R_EXPECTED_POLLREQ 104 +# define CMP_R_FAILED_BUILDING_OWN_CHAIN 164 +# define CMP_R_FAILED_EXTRACTING_PUBKEY 141 +# define CMP_R_FAILURE_OBTAINING_RANDOM 110 +# define CMP_R_FAIL_INFO_OUT_OF_RANGE 129 +# define CMP_R_GETTING_GENP 192 +# define CMP_R_INVALID_ARGS 100 +# define CMP_R_INVALID_GENP 193 +# define CMP_R_INVALID_OPTION 174 +# define CMP_R_INVALID_ROOTCAKEYUPDATE 195 +# define CMP_R_MISSING_CERTID 165 +# define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION 130 +# define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE 142 +# define CMP_R_MISSING_P10CSR 121 +# define CMP_R_MISSING_PBM_SECRET 166 +# define CMP_R_MISSING_PRIVATE_KEY 131 +# define CMP_R_MISSING_PRIVATE_KEY_FOR_POPO 190 +# define CMP_R_MISSING_PROTECTION 143 +# define CMP_R_MISSING_PUBLIC_KEY 183 +# define CMP_R_MISSING_REFERENCE_CERT 168 +# define CMP_R_MISSING_SECRET 178 +# define CMP_R_MISSING_SENDER_IDENTIFICATION 111 +# define CMP_R_MISSING_TRUST_ANCHOR 179 +# define CMP_R_MISSING_TRUST_STORE 144 +# define CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED 161 +# define CMP_R_MULTIPLE_RESPONSES_NOT_SUPPORTED 170 +# define CMP_R_MULTIPLE_SAN_SOURCES 102 +# define CMP_R_NO_STDIO 194 +# define CMP_R_NO_SUITABLE_SENDER_CERT 145 +# define CMP_R_NULL_ARGUMENT 103 +# define CMP_R_PKIBODY_ERROR 146 +# define CMP_R_PKISTATUSINFO_NOT_FOUND 132 +# define CMP_R_POLLING_FAILED 172 +# define CMP_R_POTENTIALLY_INVALID_CERTIFICATE 147 +# define CMP_R_RECEIVED_ERROR 180 +# define CMP_R_RECIPNONCE_UNMATCHED 148 +# define CMP_R_REQUEST_NOT_ACCEPTED 149 +# define CMP_R_REQUEST_REJECTED_BY_SERVER 182 +# define CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED 150 +# define CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG 151 +# define CMP_R_TOTAL_TIMEOUT 184 +# define CMP_R_TRANSACTIONID_UNMATCHED 152 +# define CMP_R_TRANSFER_ERROR 159 +# define CMP_R_UNCLEAN_CTX 191 +# define CMP_R_UNEXPECTED_CERTPROFILE 196 +# define CMP_R_UNEXPECTED_PKIBODY 133 +# define CMP_R_UNEXPECTED_PKISTATUS 185 +# define CMP_R_UNEXPECTED_POLLREQ 105 +# define CMP_R_UNEXPECTED_PVNO 153 +# define CMP_R_UNEXPECTED_SENDER 106 +# define CMP_R_UNKNOWN_ALGORITHM_ID 134 +# define CMP_R_UNKNOWN_CERT_TYPE 135 +# define CMP_R_UNKNOWN_PKISTATUS 186 +# define CMP_R_UNSUPPORTED_ALGORITHM 136 +# define CMP_R_UNSUPPORTED_KEY_TYPE 137 +# define CMP_R_UNSUPPORTED_PKIBODY 101 +# define CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC 154 +# define CMP_R_VALUE_TOO_LARGE 175 +# define CMP_R_VALUE_TOO_SMALL 177 +# define CMP_R_WRONG_ALGORITHM_OID 138 +# define CMP_R_WRONG_CERTID 189 +# define CMP_R_WRONG_CERTID_IN_RP 187 +# define CMP_R_WRONG_PBM_VALUE 155 +# define CMP_R_WRONG_RP_COMPONENT_COUNT 188 +# define CMP_R_WRONG_SERIAL_IN_RP 173 + +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/cmserr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/cmserr.h new file mode 100644 index 000000000000..887035b1bf7d --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/cmserr.h @@ -0,0 +1,125 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CMSERR_H +# define OPENSSL_CMSERR_H +# pragma once + +# include +# include +# include + + +# ifndef OPENSSL_NO_CMS + + +/* + * CMS reason codes. + */ +# define CMS_R_ADD_SIGNER_ERROR 99 +# define CMS_R_ATTRIBUTE_ERROR 161 +# define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 +# define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 +# define CMS_R_CERTIFICATE_VERIFY_ERROR 100 +# define CMS_R_CIPHER_AEAD_SET_TAG_ERROR 184 +# define CMS_R_CIPHER_GET_TAG 185 +# define CMS_R_CIPHER_INITIALISATION_ERROR 101 +# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 +# define CMS_R_CMS_DATAFINAL_ERROR 103 +# define CMS_R_CMS_LIB 104 +# define CMS_R_CONTENTIDENTIFIER_MISMATCH 170 +# define CMS_R_CONTENT_NOT_FOUND 105 +# define CMS_R_CONTENT_TYPE_MISMATCH 171 +# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106 +# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107 +# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108 +# define CMS_R_CONTENT_VERIFY_ERROR 109 +# define CMS_R_CTRL_ERROR 110 +# define CMS_R_CTRL_FAILURE 111 +# define CMS_R_DECODE_ERROR 187 +# define CMS_R_DECRYPT_ERROR 112 +# define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 +# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 +# define CMS_R_ERROR_SETTING_KEY 115 +# define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 +# define CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR 183 +# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 +# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 +# define CMS_R_INVALID_KEY_LENGTH 118 +# define CMS_R_INVALID_LABEL 190 +# define CMS_R_INVALID_OAEP_PARAMETERS 191 +# define CMS_R_KDF_PARAMETER_ERROR 186 +# define CMS_R_MD_BIO_INIT_ERROR 119 +# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120 +# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121 +# define CMS_R_MSGSIGDIGEST_ERROR 172 +# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162 +# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163 +# define CMS_R_NEED_ONE_SIGNER 164 +# define CMS_R_NOT_A_SIGNED_RECEIPT 165 +# define CMS_R_NOT_ENCRYPTED_DATA 122 +# define CMS_R_NOT_KEK 123 +# define CMS_R_NOT_KEY_AGREEMENT 181 +# define CMS_R_NOT_KEY_TRANSPORT 124 +# define CMS_R_NOT_PWRI 177 +# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125 +# define CMS_R_NO_CIPHER 126 +# define CMS_R_NO_CONTENT 127 +# define CMS_R_NO_CONTENT_TYPE 173 +# define CMS_R_NO_DEFAULT_DIGEST 128 +# define CMS_R_NO_DIGEST_SET 129 +# define CMS_R_NO_KEY 130 +# define CMS_R_NO_KEY_OR_CERT 174 +# define CMS_R_NO_MATCHING_DIGEST 131 +# define CMS_R_NO_MATCHING_RECIPIENT 132 +# define CMS_R_NO_MATCHING_SIGNATURE 166 +# define CMS_R_NO_MSGSIGDIGEST 167 +# define CMS_R_NO_PASSWORD 178 +# define CMS_R_NO_PRIVATE_KEY 133 +# define CMS_R_NO_PUBLIC_KEY 134 +# define CMS_R_NO_RECEIPT_REQUEST 168 +# define CMS_R_NO_SIGNERS 135 +# define CMS_R_OPERATION_UNSUPPORTED 182 +# define CMS_R_PEER_KEY_ERROR 188 +# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 +# define CMS_R_RECEIPT_DECODE_ERROR 169 +# define CMS_R_RECIPIENT_ERROR 137 +# define CMS_R_SHARED_INFO_ERROR 189 +# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138 +# define CMS_R_SIGNFINAL_ERROR 139 +# define CMS_R_SMIME_TEXT_ERROR 140 +# define CMS_R_STORE_INIT_ERROR 141 +# define CMS_R_TYPE_NOT_COMPRESSED_DATA 142 +# define CMS_R_TYPE_NOT_DATA 143 +# define CMS_R_TYPE_NOT_DIGESTED_DATA 144 +# define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145 +# define CMS_R_TYPE_NOT_ENVELOPED_DATA 146 +# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147 +# define CMS_R_UNKNOWN_CIPHER 148 +# define CMS_R_UNKNOWN_DIGEST_ALGORITHM 149 +# define CMS_R_UNKNOWN_ID 150 +# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 +# define CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM 194 +# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 +# define CMS_R_UNSUPPORTED_ENCRYPTION_TYPE 192 +# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 +# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179 +# define CMS_R_UNSUPPORTED_LABEL_SOURCE 193 +# define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155 +# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 +# define CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM 195 +# define CMS_R_UNSUPPORTED_TYPE 156 +# define CMS_R_UNWRAP_ERROR 157 +# define CMS_R_UNWRAP_FAILURE 180 +# define CMS_R_VERIFICATION_FAILURE 158 +# define CMS_R_WRAP_ERROR 159 + +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/comp.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/comp.h new file mode 100644 index 000000000000..f81ba0f39c8e --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/comp.h @@ -0,0 +1,64 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_COMP_H +# define OPENSSL_COMP_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_COMP_H +# endif + +# include + +# ifndef OPENSSL_NO_COMP +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + + + +COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); +const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx); +int COMP_CTX_get_type(const COMP_CTX* comp); +int COMP_get_type(const COMP_METHOD *meth); +const char *COMP_get_name(const COMP_METHOD *meth); +void COMP_CTX_free(COMP_CTX *ctx); + +int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); +int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); + +COMP_METHOD *COMP_zlib(void); +COMP_METHOD *COMP_zlib_oneshot(void); +COMP_METHOD *COMP_brotli(void); +COMP_METHOD *COMP_brotli_oneshot(void); +COMP_METHOD *COMP_zstd(void); +COMP_METHOD *COMP_zstd_oneshot(void); + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define COMP_zlib_cleanup() while(0) continue +#endif + +# ifdef OPENSSL_BIO_H +const BIO_METHOD *BIO_f_zlib(void); +const BIO_METHOD *BIO_f_brotli(void); +const BIO_METHOD *BIO_f_zstd(void); +# endif + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/comperr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/comperr.h new file mode 100644 index 000000000000..1948d37f1a00 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/comperr.h @@ -0,0 +1,38 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_COMPERR_H +# define OPENSSL_COMPERR_H +# pragma once + +# include +# include +# include + + +# ifndef OPENSSL_NO_COMP + + +/* + * COMP reason codes. + */ +# define COMP_R_BROTLI_DECODE_ERROR 102 +# define COMP_R_BROTLI_ENCODE_ERROR 103 +# define COMP_R_BROTLI_NOT_SUPPORTED 104 +# define COMP_R_ZLIB_DEFLATE_ERROR 99 +# define COMP_R_ZLIB_INFLATE_ERROR 100 +# define COMP_R_ZLIB_NOT_SUPPORTED 101 +# define COMP_R_ZSTD_COMPRESS_ERROR 105 +# define COMP_R_ZSTD_DECODE_ERROR 106 +# define COMP_R_ZSTD_DECOMPRESS_ERROR 107 +# define COMP_R_ZSTD_NOT_SUPPORTED 108 + +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/conf.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/conf.h index 61bb008770fd..38576290bf64 100644 --- a/contrib/openssl-cmake/linux_x86_64/include/openssl/conf.h +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/conf.h @@ -68,7 +68,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(CONF_VALUE, CONF_VALUE, CONF_VALUE) #define sk_CONF_VALUE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(CONF_VALUE) *)OPENSSL_sk_deep_copy(ossl_check_const_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_copyfunc_type(copyfunc), ossl_check_CONF_VALUE_freefunc_type(freefunc))) #define sk_CONF_VALUE_set_cmp_func(sk, cmp) ((sk_CONF_VALUE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_compfunc_type(cmp))) DEFINE_LHASH_OF_INTERNAL(CONF_VALUE); -#define lh_CONF_VALUE_new(hfn, cmp) ((LHASH_OF(CONF_VALUE) *)OPENSSL_LH_new(ossl_check_CONF_VALUE_lh_hashfunc_type(hfn), ossl_check_CONF_VALUE_lh_compfunc_type(cmp))) +#define lh_CONF_VALUE_new(hfn, cmp) ((LHASH_OF(CONF_VALUE) *)OPENSSL_LH_set_thunks(OPENSSL_LH_new(ossl_check_CONF_VALUE_lh_hashfunc_type(hfn), ossl_check_CONF_VALUE_lh_compfunc_type(cmp)), lh_CONF_VALUE_hash_thunk, lh_CONF_VALUE_comp_thunk, lh_CONF_VALUE_doall_thunk, lh_CONF_VALUE_doall_arg_thunk)) #define lh_CONF_VALUE_free(lh) OPENSSL_LH_free(ossl_check_CONF_VALUE_lh_type(lh)) #define lh_CONF_VALUE_flush(lh) OPENSSL_LH_flush(ossl_check_CONF_VALUE_lh_type(lh)) #define lh_CONF_VALUE_insert(lh, ptr) ((CONF_VALUE *)OPENSSL_LH_insert(ossl_check_CONF_VALUE_lh_type(lh), ossl_check_CONF_VALUE_lh_plain_type(ptr))) diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/conf_api.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/conf_api.h new file mode 100644 index 000000000000..ed67d5778f1d --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/conf_api.h @@ -0,0 +1,46 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CONF_API_H +# define OPENSSL_CONF_API_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CONF_API_H +# endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Up until OpenSSL 0.9.5a, this was new_section */ +CONF_VALUE *_CONF_new_section(CONF *conf, const char *section); +/* Up until OpenSSL 0.9.5a, this was get_section */ +CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section); +/* Up until OpenSSL 0.9.5a, this was CONF_get_section */ +STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, + const char *section); + +int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value); +char *_CONF_get_string(const CONF *conf, const char *section, + const char *name); +long _CONF_get_number(const CONF *conf, const char *section, + const char *name); + +int _CONF_new_data(CONF *conf); +void _CONF_free_data(CONF *conf); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/conferr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/conferr.h new file mode 100644 index 000000000000..a8798e792412 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/conferr.h @@ -0,0 +1,52 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CONFERR_H +# define OPENSSL_CONFERR_H +# pragma once + +# include +# include +# include + + + +/* + * CONF reason codes. + */ +# define CONF_R_ERROR_LOADING_DSO 110 +# define CONF_R_INVALID_PRAGMA 122 +# define CONF_R_LIST_CANNOT_BE_NULL 115 +# define CONF_R_MANDATORY_BRACES_IN_VARIABLE_EXPANSION 123 +# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 +# define CONF_R_MISSING_EQUAL_SIGN 101 +# define CONF_R_MISSING_INIT_FUNCTION 112 +# define CONF_R_MODULE_INITIALIZATION_ERROR 109 +# define CONF_R_NO_CLOSE_BRACE 102 +# define CONF_R_NO_CONF 105 +# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 +# define CONF_R_NO_SECTION 107 +# define CONF_R_NO_SUCH_FILE 114 +# define CONF_R_NO_VALUE 108 +# define CONF_R_NUMBER_TOO_LARGE 121 +# define CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION 124 +# define CONF_R_RECURSIVE_DIRECTORY_INCLUDE 111 +# define CONF_R_RECURSIVE_SECTION_REFERENCE 126 +# define CONF_R_RELATIVE_PATH 125 +# define CONF_R_SSL_COMMAND_SECTION_EMPTY 117 +# define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118 +# define CONF_R_SSL_SECTION_EMPTY 119 +# define CONF_R_SSL_SECTION_NOT_FOUND 120 +# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 +# define CONF_R_UNKNOWN_MODULE_NAME 113 +# define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 +# define CONF_R_VARIABLE_HAS_NO_VALUE 104 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/configuration.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/configuration.h index deedfbf3c70e..47e7164fed16 100644 --- a/contrib/openssl-cmake/linux_x86_64/include/openssl/configuration.h +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/configuration.h @@ -27,13 +27,16 @@ extern "C" { * OpenSSL was configured with the following options: */ -# define OPENSSL_CONFIGURED_API 30200 +# define OPENSSL_CONFIGURED_API 30300 # ifndef OPENSSL_RAND_SEED_OS # define OPENSSL_RAND_SEED_OS # endif # ifndef OPENSSL_THREADS # define OPENSSL_THREADS # endif +# ifndef OPENSSL_NO_ACVP_TESTS +# define OPENSSL_NO_ACVP_TESTS +# endif # ifndef OPENSSL_NO_ASAN # define OPENSSL_NO_ASAN # endif @@ -61,6 +64,9 @@ extern "C" { # ifndef OPENSSL_NO_EXTERNAL_TESTS # define OPENSSL_NO_EXTERNAL_TESTS # endif +# ifndef OPENSSL_NO_FIPS_SECURITYCHECKS +# define OPENSSL_NO_FIPS_SECURITYCHECKS +# endif # ifndef OPENSSL_NO_FUZZ_AFL # define OPENSSL_NO_FUZZ_AFL # endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/conftypes.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/conftypes.h new file mode 100644 index 000000000000..17cefaa44335 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/conftypes.h @@ -0,0 +1,44 @@ +/* + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CONFTYPES_H +# define OPENSSL_CONFTYPES_H +# pragma once + +#ifndef OPENSSL_CONF_H +# include +#endif + +/* + * The contents of this file are deprecated and will be made opaque + */ +struct conf_method_st { + const char *name; + CONF *(*create) (CONF_METHOD *meth); + int (*init) (CONF *conf); + int (*destroy) (CONF *conf); + int (*destroy_data) (CONF *conf); + int (*load_bio) (CONF *conf, BIO *bp, long *eline); + int (*dump) (const CONF *conf, BIO *bp); + int (*is_number) (const CONF *conf, char c); + int (*to_int) (const CONF *conf, char c); + int (*load) (CONF *conf, const char *name, long *eline); +}; + +struct conf_st { + CONF_METHOD *meth; + void *meth_data; + LHASH_OF(CONF_VALUE) *data; + int flag_dollarid; + int flag_abspath; + char *includedir; + OSSL_LIB_CTX *libctx; +}; + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/core.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/core.h new file mode 100644 index 000000000000..18c199182e34 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/core.h @@ -0,0 +1,236 @@ +/* + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CORE_H +# define OPENSSL_CORE_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * Base types + * ---------- + * + * These are the types that the OpenSSL core and providers have in common + * to communicate data between them. + */ + +/* Opaque handles to be used with core upcall functions from providers */ +typedef struct ossl_core_handle_st OSSL_CORE_HANDLE; +typedef struct openssl_core_ctx_st OPENSSL_CORE_CTX; +typedef struct ossl_core_bio_st OSSL_CORE_BIO; + +/* + * Dispatch table element. function_id numbers and the functions are defined + * in core_dispatch.h, see macros with 'OSSL_CORE_MAKE_FUNC' in their names. + * + * An array of these is always terminated by function_id == 0 + */ +struct ossl_dispatch_st { + int function_id; + void (*function)(void); +}; + +# define OSSL_DISPATCH_END \ + { 0, NULL } + +/* + * Other items, essentially an int<->pointer map element. + * + * We make this type distinct from OSSL_DISPATCH to ensure that dispatch + * tables remain tables with function pointers only. + * + * This is used whenever we need to pass things like a table of error reason + * codes <-> reason string maps, ... + * + * Usage determines which field works as key if any, rather than field order. + * + * An array of these is always terminated by id == 0 && ptr == NULL + */ +struct ossl_item_st { + unsigned int id; + void *ptr; +}; + +/* + * Type to tie together algorithm names, property definition string and + * the algorithm implementation in the form of a dispatch table. + * + * An array of these is always terminated by algorithm_names == NULL + */ +struct ossl_algorithm_st { + const char *algorithm_names; /* key */ + const char *property_definition; /* key */ + const OSSL_DISPATCH *implementation; + const char *algorithm_description; +}; + +/* + * Type to pass object data in a uniform way, without exposing the object + * structure. + * + * An array of these is always terminated by key == NULL + */ +struct ossl_param_st { + const char *key; /* the name of the parameter */ + unsigned int data_type; /* declare what kind of content is in buffer */ + void *data; /* value being passed in or out */ + size_t data_size; /* data size */ + size_t return_size; /* returned content size */ +}; + +/* Currently supported OSSL_PARAM data types */ +/* + * OSSL_PARAM_INTEGER and OSSL_PARAM_UNSIGNED_INTEGER + * are arbitrary length and therefore require an arbitrarily sized buffer, + * since they may be used to pass numbers larger than what is natively + * available. + * + * The number must be buffered in native form, i.e. MSB first on B_ENDIAN + * systems and LSB first on L_ENDIAN systems. This means that arbitrary + * native integers can be stored in the buffer, just make sure that the + * buffer size is correct and the buffer itself is properly aligned (for + * example by having the buffer field point at a C integer). + */ +# define OSSL_PARAM_INTEGER 1 +# define OSSL_PARAM_UNSIGNED_INTEGER 2 +/*- + * OSSL_PARAM_REAL + * is a C binary floating point values in native form and alignment. + */ +# define OSSL_PARAM_REAL 3 +/*- + * OSSL_PARAM_UTF8_STRING + * is a printable string. It is expected to be printed as it is. + */ +# define OSSL_PARAM_UTF8_STRING 4 +/*- + * OSSL_PARAM_OCTET_STRING + * is a string of bytes with no further specification. It is expected to be + * printed as a hexdump. + */ +# define OSSL_PARAM_OCTET_STRING 5 +/*- + * OSSL_PARAM_UTF8_PTR + * is a pointer to a printable string. It is expected to be printed as it is. + * + * The difference between this and OSSL_PARAM_UTF8_STRING is that only pointers + * are manipulated for this type. + * + * This is more relevant for parameter requests, where the responding + * function doesn't need to copy the data to the provided buffer, but + * sets the provided buffer to point at the actual data instead. + * + * WARNING! Using these is FRAGILE, as it assumes that the actual + * data and its location are constant. + * + * EXTRA WARNING! If you are not completely sure you most likely want + * to use the OSSL_PARAM_UTF8_STRING type. + */ +# define OSSL_PARAM_UTF8_PTR 6 +/*- + * OSSL_PARAM_OCTET_PTR + * is a pointer to a string of bytes with no further specification. It is + * expected to be printed as a hexdump. + * + * The difference between this and OSSL_PARAM_OCTET_STRING is that only pointers + * are manipulated for this type. + * + * This is more relevant for parameter requests, where the responding + * function doesn't need to copy the data to the provided buffer, but + * sets the provided buffer to point at the actual data instead. + * + * WARNING! Using these is FRAGILE, as it assumes that the actual + * data and its location are constant. + * + * EXTRA WARNING! If you are not completely sure you most likely want + * to use the OSSL_PARAM_OCTET_STRING type. + */ +# define OSSL_PARAM_OCTET_PTR 7 + +/* + * Typedef for the thread stop handling callback. Used both internally and by + * providers. + * + * Providers may register for notifications about threads stopping by + * registering a callback to hear about such events. Providers register the + * callback using the OSSL_FUNC_CORE_THREAD_START function in the |in| dispatch + * table passed to OSSL_provider_init(). The arg passed back to a provider will + * be the provider side context object. + */ +typedef void (*OSSL_thread_stop_handler_fn)(void *arg); + + +/*- + * Provider entry point + * -------------------- + * + * This function is expected to be present in any dynamically loadable + * provider module. By definition, if this function doesn't exist in a + * module, that module is not an OpenSSL provider module. + */ +/*- + * |handle| pointer to opaque type OSSL_CORE_HANDLE. This can be used + * together with some functions passed via |in| to query data. + * |in| is the array of functions that the Core passes to the provider. + * |out| will be the array of base functions that the provider passes + * back to the Core. + * |provctx| a provider side context object, optionally created if the + * provider needs it. This value is passed to other provider + * functions, notably other context constructors. + */ +typedef int (OSSL_provider_init_fn)(const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx); +# ifdef __VMS +# pragma names save +# pragma names uppercase,truncated +# endif +OPENSSL_EXPORT OSSL_provider_init_fn OSSL_provider_init; +# ifdef __VMS +# pragma names restore +# endif + +/* + * Generic callback function signature. + * + * The expectation is that any provider function that wants to offer + * a callback / hook can do so by taking an argument with this type, + * as well as a pointer to caller-specific data. When calling the + * callback, the provider function can populate an OSSL_PARAM array + * with data of its choice and pass that in the callback call, along + * with the caller data argument. + * + * libcrypto may use the OSSL_PARAM array to create arguments for an + * application callback it knows about. + */ +typedef int (OSSL_CALLBACK)(const OSSL_PARAM params[], void *arg); +typedef int (OSSL_INOUT_CALLBACK)(const OSSL_PARAM in_params[], + OSSL_PARAM out_params[], void *arg); +/* + * Passphrase callback function signature + * + * This is similar to the generic callback function above, but adds a + * result parameter. + */ +typedef int (OSSL_PASSPHRASE_CALLBACK)(char *pass, size_t pass_size, + size_t *pass_len, + const OSSL_PARAM params[], void *arg); + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/core_dispatch.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/core_dispatch.h new file mode 100644 index 000000000000..a5bc2cf75d34 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/core_dispatch.h @@ -0,0 +1,988 @@ +/* + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CORE_NUMBERS_H +# define OPENSSL_CORE_NUMBERS_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * Identities + * ---------- + * + * All series start with 1, to allow 0 to be an array terminator. + * For any FUNC identity, we also provide a function signature typedef + * and a static inline function to extract a function pointer from a + * OSSL_DISPATCH element in a type safe manner. + * + * Names: + * for any function base name 'foo' (uppercase form 'FOO'), we will have + * the following: + * - a macro for the identity with the name OSSL_FUNC_'FOO' or derivatives + * thereof (to be specified further down) + * - a function signature typedef with the name OSSL_FUNC_'foo'_fn + * - a function pointer extractor function with the name OSSL_FUNC_'foo' + */ + +/* + * Helper macro to create the function signature typedef and the extractor + * |type| is the return-type of the function, |name| is the name of the + * function to fetch, and |args| is a parenthesized list of parameters + * for the function (that is, it is |name|'s function signature). + * Note: This is considered a "reserved" internal macro. Applications should + * not use this or assume its existence. + */ +#define OSSL_CORE_MAKE_FUNC(type,name,args) \ + typedef type (OSSL_FUNC_##name##_fn)args; \ + static ossl_unused ossl_inline \ + OSSL_FUNC_##name##_fn *OSSL_FUNC_##name(const OSSL_DISPATCH *opf) \ + { \ + return (OSSL_FUNC_##name##_fn *)opf->function; \ + } + +/* + * Core function identities, for the two OSSL_DISPATCH tables being passed + * in the OSSL_provider_init call. + * + * 0 serves as a marker for the end of the OSSL_DISPATCH array, and must + * therefore NEVER be used as a function identity. + */ +/* Functions provided by the Core to the provider, reserved numbers 1-1023 */ +# define OSSL_FUNC_CORE_GETTABLE_PARAMS 1 +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, + core_gettable_params,(const OSSL_CORE_HANDLE *prov)) +# define OSSL_FUNC_CORE_GET_PARAMS 2 +OSSL_CORE_MAKE_FUNC(int,core_get_params,(const OSSL_CORE_HANDLE *prov, + OSSL_PARAM params[])) +# define OSSL_FUNC_CORE_THREAD_START 3 +OSSL_CORE_MAKE_FUNC(int,core_thread_start,(const OSSL_CORE_HANDLE *prov, + OSSL_thread_stop_handler_fn handfn, + void *arg)) +# define OSSL_FUNC_CORE_GET_LIBCTX 4 +OSSL_CORE_MAKE_FUNC(OPENSSL_CORE_CTX *,core_get_libctx, + (const OSSL_CORE_HANDLE *prov)) +# define OSSL_FUNC_CORE_NEW_ERROR 5 +OSSL_CORE_MAKE_FUNC(void,core_new_error,(const OSSL_CORE_HANDLE *prov)) +# define OSSL_FUNC_CORE_SET_ERROR_DEBUG 6 +OSSL_CORE_MAKE_FUNC(void,core_set_error_debug, + (const OSSL_CORE_HANDLE *prov, + const char *file, int line, const char *func)) +# define OSSL_FUNC_CORE_VSET_ERROR 7 +OSSL_CORE_MAKE_FUNC(void,core_vset_error, + (const OSSL_CORE_HANDLE *prov, + uint32_t reason, const char *fmt, va_list args)) +# define OSSL_FUNC_CORE_SET_ERROR_MARK 8 +OSSL_CORE_MAKE_FUNC(int, core_set_error_mark, (const OSSL_CORE_HANDLE *prov)) +# define OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK 9 +OSSL_CORE_MAKE_FUNC(int, core_clear_last_error_mark, + (const OSSL_CORE_HANDLE *prov)) +# define OSSL_FUNC_CORE_POP_ERROR_TO_MARK 10 +OSSL_CORE_MAKE_FUNC(int, core_pop_error_to_mark, (const OSSL_CORE_HANDLE *prov)) + + +/* Functions to access the OBJ database */ + +#define OSSL_FUNC_CORE_OBJ_ADD_SIGID 11 +#define OSSL_FUNC_CORE_OBJ_CREATE 12 + +OSSL_CORE_MAKE_FUNC(int, core_obj_add_sigid, + (const OSSL_CORE_HANDLE *prov, const char *sign_name, + const char *digest_name, const char *pkey_name)) +OSSL_CORE_MAKE_FUNC(int, core_obj_create, + (const OSSL_CORE_HANDLE *prov, const char *oid, + const char *sn, const char *ln)) + +/* Memory allocation, freeing, clearing. */ +#define OSSL_FUNC_CRYPTO_MALLOC 20 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_malloc, (size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_ZALLOC 21 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_zalloc, (size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_FREE 22 +OSSL_CORE_MAKE_FUNC(void, + CRYPTO_free, (void *ptr, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_CLEAR_FREE 23 +OSSL_CORE_MAKE_FUNC(void, + CRYPTO_clear_free, (void *ptr, size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_REALLOC 24 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_realloc, (void *addr, size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_CLEAR_REALLOC 25 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_clear_realloc, (void *addr, size_t old_num, size_t num, + const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_MALLOC 26 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_secure_malloc, (size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_ZALLOC 27 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_secure_zalloc, (size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_FREE 28 +OSSL_CORE_MAKE_FUNC(void, + CRYPTO_secure_free, (void *ptr, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE 29 +OSSL_CORE_MAKE_FUNC(void, + CRYPTO_secure_clear_free, (void *ptr, size_t num, const char *file, + int line)) +#define OSSL_FUNC_CRYPTO_SECURE_ALLOCATED 30 +OSSL_CORE_MAKE_FUNC(int, + CRYPTO_secure_allocated, (const void *ptr)) +#define OSSL_FUNC_OPENSSL_CLEANSE 31 +OSSL_CORE_MAKE_FUNC(void, + OPENSSL_cleanse, (void *ptr, size_t len)) + +/* Bio functions provided by the core */ +#define OSSL_FUNC_BIO_NEW_FILE 40 +#define OSSL_FUNC_BIO_NEW_MEMBUF 41 +#define OSSL_FUNC_BIO_READ_EX 42 +#define OSSL_FUNC_BIO_WRITE_EX 43 +#define OSSL_FUNC_BIO_UP_REF 44 +#define OSSL_FUNC_BIO_FREE 45 +#define OSSL_FUNC_BIO_VPRINTF 46 +#define OSSL_FUNC_BIO_VSNPRINTF 47 +#define OSSL_FUNC_BIO_PUTS 48 +#define OSSL_FUNC_BIO_GETS 49 +#define OSSL_FUNC_BIO_CTRL 50 + + +OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_file, (const char *filename, + const char *mode)) +OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_membuf, (const void *buf, int len)) +OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (OSSL_CORE_BIO *bio, void *data, + size_t data_len, size_t *bytes_read)) +OSSL_CORE_MAKE_FUNC(int, BIO_write_ex, (OSSL_CORE_BIO *bio, const void *data, + size_t data_len, size_t *written)) +OSSL_CORE_MAKE_FUNC(int, BIO_gets, (OSSL_CORE_BIO *bio, char *buf, int size)) +OSSL_CORE_MAKE_FUNC(int, BIO_puts, (OSSL_CORE_BIO *bio, const char *str)) +OSSL_CORE_MAKE_FUNC(int, BIO_up_ref, (OSSL_CORE_BIO *bio)) +OSSL_CORE_MAKE_FUNC(int, BIO_free, (OSSL_CORE_BIO *bio)) +OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (OSSL_CORE_BIO *bio, const char *format, + va_list args)) +OSSL_CORE_MAKE_FUNC(int, BIO_vsnprintf, + (char *buf, size_t n, const char *fmt, va_list args)) +OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO *bio, + int cmd, long num, void *ptr)) + +/* New seeding functions prototypes with the 101-104 series */ +#define OSSL_FUNC_CLEANUP_USER_ENTROPY 96 +#define OSSL_FUNC_CLEANUP_USER_NONCE 97 +#define OSSL_FUNC_GET_USER_ENTROPY 98 +#define OSSL_FUNC_GET_USER_NONCE 99 + +#define OSSL_FUNC_SELF_TEST_CB 100 +OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb, + void **cbarg)) + +/* Functions to get seed material from the operating system */ +#define OSSL_FUNC_GET_ENTROPY 101 +#define OSSL_FUNC_CLEANUP_ENTROPY 102 +#define OSSL_FUNC_GET_NONCE 103 +#define OSSL_FUNC_CLEANUP_NONCE 104 +OSSL_CORE_MAKE_FUNC(size_t, get_entropy, (const OSSL_CORE_HANDLE *handle, + unsigned char **pout, int entropy, + size_t min_len, size_t max_len)) +OSSL_CORE_MAKE_FUNC(size_t, get_user_entropy, (const OSSL_CORE_HANDLE *handle, + unsigned char **pout, int entropy, + size_t min_len, size_t max_len)) +OSSL_CORE_MAKE_FUNC(void, cleanup_entropy, (const OSSL_CORE_HANDLE *handle, + unsigned char *buf, size_t len)) +OSSL_CORE_MAKE_FUNC(void, cleanup_user_entropy, (const OSSL_CORE_HANDLE *handle, + unsigned char *buf, size_t len)) +OSSL_CORE_MAKE_FUNC(size_t, get_nonce, (const OSSL_CORE_HANDLE *handle, + unsigned char **pout, size_t min_len, + size_t max_len, const void *salt, + size_t salt_len)) +OSSL_CORE_MAKE_FUNC(size_t, get_user_nonce, (const OSSL_CORE_HANDLE *handle, + unsigned char **pout, size_t min_len, + size_t max_len, const void *salt, + size_t salt_len)) +OSSL_CORE_MAKE_FUNC(void, cleanup_nonce, (const OSSL_CORE_HANDLE *handle, + unsigned char *buf, size_t len)) +OSSL_CORE_MAKE_FUNC(void, cleanup_user_nonce, (const OSSL_CORE_HANDLE *handle, + unsigned char *buf, size_t len)) + +/* Functions to access the core's providers */ +#define OSSL_FUNC_PROVIDER_REGISTER_CHILD_CB 105 +#define OSSL_FUNC_PROVIDER_DEREGISTER_CHILD_CB 106 +#define OSSL_FUNC_PROVIDER_NAME 107 +#define OSSL_FUNC_PROVIDER_GET0_PROVIDER_CTX 108 +#define OSSL_FUNC_PROVIDER_GET0_DISPATCH 109 +#define OSSL_FUNC_PROVIDER_UP_REF 110 +#define OSSL_FUNC_PROVIDER_FREE 111 + +OSSL_CORE_MAKE_FUNC(int, provider_register_child_cb, + (const OSSL_CORE_HANDLE *handle, + int (*create_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata), + int (*remove_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata), + int (*global_props_cb)(const char *props, void *cbdata), + void *cbdata)) +OSSL_CORE_MAKE_FUNC(void, provider_deregister_child_cb, + (const OSSL_CORE_HANDLE *handle)) +OSSL_CORE_MAKE_FUNC(const char *, provider_name, + (const OSSL_CORE_HANDLE *prov)) +OSSL_CORE_MAKE_FUNC(void *, provider_get0_provider_ctx, + (const OSSL_CORE_HANDLE *prov)) +OSSL_CORE_MAKE_FUNC(const OSSL_DISPATCH *, provider_get0_dispatch, + (const OSSL_CORE_HANDLE *prov)) +OSSL_CORE_MAKE_FUNC(int, provider_up_ref, + (const OSSL_CORE_HANDLE *prov, int activate)) +OSSL_CORE_MAKE_FUNC(int, provider_free, + (const OSSL_CORE_HANDLE *prov, int deactivate)) + +/* Functions provided by the provider to the Core, reserved numbers 1024-1535 */ +# define OSSL_FUNC_PROVIDER_TEARDOWN 1024 +OSSL_CORE_MAKE_FUNC(void,provider_teardown,(void *provctx)) +# define OSSL_FUNC_PROVIDER_GETTABLE_PARAMS 1025 +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, + provider_gettable_params,(void *provctx)) +# define OSSL_FUNC_PROVIDER_GET_PARAMS 1026 +OSSL_CORE_MAKE_FUNC(int,provider_get_params,(void *provctx, + OSSL_PARAM params[])) +# define OSSL_FUNC_PROVIDER_QUERY_OPERATION 1027 +OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation, + (void *provctx, int operation_id, int *no_store)) +# define OSSL_FUNC_PROVIDER_UNQUERY_OPERATION 1028 +OSSL_CORE_MAKE_FUNC(void, provider_unquery_operation, + (void *provctx, int operation_id, const OSSL_ALGORITHM *)) +# define OSSL_FUNC_PROVIDER_GET_REASON_STRINGS 1029 +OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *,provider_get_reason_strings, + (void *provctx)) +# define OSSL_FUNC_PROVIDER_GET_CAPABILITIES 1030 +OSSL_CORE_MAKE_FUNC(int, provider_get_capabilities, (void *provctx, + const char *capability, OSSL_CALLBACK *cb, void *arg)) +# define OSSL_FUNC_PROVIDER_SELF_TEST 1031 +OSSL_CORE_MAKE_FUNC(int, provider_self_test, (void *provctx)) + +/* Operations */ + +# define OSSL_OP_DIGEST 1 +# define OSSL_OP_CIPHER 2 /* Symmetric Ciphers */ +# define OSSL_OP_MAC 3 +# define OSSL_OP_KDF 4 +# define OSSL_OP_RAND 5 +# define OSSL_OP_KEYMGMT 10 +# define OSSL_OP_KEYEXCH 11 +# define OSSL_OP_SIGNATURE 12 +# define OSSL_OP_ASYM_CIPHER 13 +# define OSSL_OP_KEM 14 +/* New section for non-EVP operations */ +# define OSSL_OP_ENCODER 20 +# define OSSL_OP_DECODER 21 +# define OSSL_OP_STORE 22 +/* Highest known operation number */ +# define OSSL_OP__HIGHEST 22 + +/* Digests */ + +# define OSSL_FUNC_DIGEST_NEWCTX 1 +# define OSSL_FUNC_DIGEST_INIT 2 +# define OSSL_FUNC_DIGEST_UPDATE 3 +# define OSSL_FUNC_DIGEST_FINAL 4 +# define OSSL_FUNC_DIGEST_DIGEST 5 +# define OSSL_FUNC_DIGEST_FREECTX 6 +# define OSSL_FUNC_DIGEST_DUPCTX 7 +# define OSSL_FUNC_DIGEST_GET_PARAMS 8 +# define OSSL_FUNC_DIGEST_SET_CTX_PARAMS 9 +# define OSSL_FUNC_DIGEST_GET_CTX_PARAMS 10 +# define OSSL_FUNC_DIGEST_GETTABLE_PARAMS 11 +# define OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS 12 +# define OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS 13 +# define OSSL_FUNC_DIGEST_SQUEEZE 14 + +OSSL_CORE_MAKE_FUNC(void *, digest_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, digest_init, (void *dctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, digest_update, + (void *dctx, const unsigned char *in, size_t inl)) +OSSL_CORE_MAKE_FUNC(int, digest_final, + (void *dctx, + unsigned char *out, size_t *outl, size_t outsz)) +OSSL_CORE_MAKE_FUNC(int, digest_squeeze, + (void *dctx, + unsigned char *out, size_t *outl, size_t outsz)) +OSSL_CORE_MAKE_FUNC(int, digest_digest, + (void *provctx, const unsigned char *in, size_t inl, + unsigned char *out, size_t *outl, size_t outsz)) + +OSSL_CORE_MAKE_FUNC(void, digest_freectx, (void *dctx)) +OSSL_CORE_MAKE_FUNC(void *, digest_dupctx, (void *dctx)) + +OSSL_CORE_MAKE_FUNC(int, digest_get_params, (OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, digest_set_ctx_params, + (void *vctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, digest_get_ctx_params, + (void *vctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, digest_gettable_params, + (void *provctx)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, digest_settable_ctx_params, + (void *dctx, void *provctx)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, digest_gettable_ctx_params, + (void *dctx, void *provctx)) + +/* Symmetric Ciphers */ + +# define OSSL_FUNC_CIPHER_NEWCTX 1 +# define OSSL_FUNC_CIPHER_ENCRYPT_INIT 2 +# define OSSL_FUNC_CIPHER_DECRYPT_INIT 3 +# define OSSL_FUNC_CIPHER_UPDATE 4 +# define OSSL_FUNC_CIPHER_FINAL 5 +# define OSSL_FUNC_CIPHER_CIPHER 6 +# define OSSL_FUNC_CIPHER_FREECTX 7 +# define OSSL_FUNC_CIPHER_DUPCTX 8 +# define OSSL_FUNC_CIPHER_GET_PARAMS 9 +# define OSSL_FUNC_CIPHER_GET_CTX_PARAMS 10 +# define OSSL_FUNC_CIPHER_SET_CTX_PARAMS 11 +# define OSSL_FUNC_CIPHER_GETTABLE_PARAMS 12 +# define OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS 13 +# define OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS 14 + +OSSL_CORE_MAKE_FUNC(void *, cipher_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, cipher_encrypt_init, (void *cctx, + const unsigned char *key, + size_t keylen, + const unsigned char *iv, + size_t ivlen, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, cipher_decrypt_init, (void *cctx, + const unsigned char *key, + size_t keylen, + const unsigned char *iv, + size_t ivlen, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, cipher_update, + (void *cctx, + unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl)) +OSSL_CORE_MAKE_FUNC(int, cipher_final, + (void *cctx, + unsigned char *out, size_t *outl, size_t outsize)) +OSSL_CORE_MAKE_FUNC(int, cipher_cipher, + (void *cctx, + unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl)) +OSSL_CORE_MAKE_FUNC(void, cipher_freectx, (void *cctx)) +OSSL_CORE_MAKE_FUNC(void *, cipher_dupctx, (void *cctx)) +OSSL_CORE_MAKE_FUNC(int, cipher_get_params, (OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, cipher_get_ctx_params, (void *cctx, + OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, cipher_set_ctx_params, (void *cctx, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, cipher_gettable_params, + (void *provctx)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, cipher_settable_ctx_params, + (void *cctx, void *provctx)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, cipher_gettable_ctx_params, + (void *cctx, void *provctx)) + +/* MACs */ + +# define OSSL_FUNC_MAC_NEWCTX 1 +# define OSSL_FUNC_MAC_DUPCTX 2 +# define OSSL_FUNC_MAC_FREECTX 3 +# define OSSL_FUNC_MAC_INIT 4 +# define OSSL_FUNC_MAC_UPDATE 5 +# define OSSL_FUNC_MAC_FINAL 6 +# define OSSL_FUNC_MAC_GET_PARAMS 7 +# define OSSL_FUNC_MAC_GET_CTX_PARAMS 8 +# define OSSL_FUNC_MAC_SET_CTX_PARAMS 9 +# define OSSL_FUNC_MAC_GETTABLE_PARAMS 10 +# define OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS 11 +# define OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS 12 + +OSSL_CORE_MAKE_FUNC(void *, mac_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(void *, mac_dupctx, (void *src)) +OSSL_CORE_MAKE_FUNC(void, mac_freectx, (void *mctx)) +OSSL_CORE_MAKE_FUNC(int, mac_init, (void *mctx, const unsigned char *key, + size_t keylen, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, mac_update, + (void *mctx, const unsigned char *in, size_t inl)) +OSSL_CORE_MAKE_FUNC(int, mac_final, + (void *mctx, + unsigned char *out, size_t *outl, size_t outsize)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, mac_gettable_params, (void *provctx)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, mac_gettable_ctx_params, + (void *mctx, void *provctx)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, mac_settable_ctx_params, + (void *mctx, void *provctx)) +OSSL_CORE_MAKE_FUNC(int, mac_get_params, (OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, mac_get_ctx_params, + (void *mctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, mac_set_ctx_params, + (void *mctx, const OSSL_PARAM params[])) + +/* KDFs and PRFs */ + +# define OSSL_FUNC_KDF_NEWCTX 1 +# define OSSL_FUNC_KDF_DUPCTX 2 +# define OSSL_FUNC_KDF_FREECTX 3 +# define OSSL_FUNC_KDF_RESET 4 +# define OSSL_FUNC_KDF_DERIVE 5 +# define OSSL_FUNC_KDF_GETTABLE_PARAMS 6 +# define OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS 7 +# define OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS 8 +# define OSSL_FUNC_KDF_GET_PARAMS 9 +# define OSSL_FUNC_KDF_GET_CTX_PARAMS 10 +# define OSSL_FUNC_KDF_SET_CTX_PARAMS 11 + +OSSL_CORE_MAKE_FUNC(void *, kdf_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(void *, kdf_dupctx, (void *src)) +OSSL_CORE_MAKE_FUNC(void, kdf_freectx, (void *kctx)) +OSSL_CORE_MAKE_FUNC(void, kdf_reset, (void *kctx)) +OSSL_CORE_MAKE_FUNC(int, kdf_derive, (void *kctx, unsigned char *key, + size_t keylen, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, kdf_gettable_params, (void *provctx)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, kdf_gettable_ctx_params, + (void *kctx, void *provctx)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, kdf_settable_ctx_params, + (void *kctx, void *provctx)) +OSSL_CORE_MAKE_FUNC(int, kdf_get_params, (OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, kdf_get_ctx_params, + (void *kctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, kdf_set_ctx_params, + (void *kctx, const OSSL_PARAM params[])) + +/* RAND */ + +# define OSSL_FUNC_RAND_NEWCTX 1 +# define OSSL_FUNC_RAND_FREECTX 2 +# define OSSL_FUNC_RAND_INSTANTIATE 3 +# define OSSL_FUNC_RAND_UNINSTANTIATE 4 +# define OSSL_FUNC_RAND_GENERATE 5 +# define OSSL_FUNC_RAND_RESEED 6 +# define OSSL_FUNC_RAND_NONCE 7 +# define OSSL_FUNC_RAND_ENABLE_LOCKING 8 +# define OSSL_FUNC_RAND_LOCK 9 +# define OSSL_FUNC_RAND_UNLOCK 10 +# define OSSL_FUNC_RAND_GETTABLE_PARAMS 11 +# define OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS 12 +# define OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS 13 +# define OSSL_FUNC_RAND_GET_PARAMS 14 +# define OSSL_FUNC_RAND_GET_CTX_PARAMS 15 +# define OSSL_FUNC_RAND_SET_CTX_PARAMS 16 +# define OSSL_FUNC_RAND_VERIFY_ZEROIZATION 17 +# define OSSL_FUNC_RAND_GET_SEED 18 +# define OSSL_FUNC_RAND_CLEAR_SEED 19 + +OSSL_CORE_MAKE_FUNC(void *,rand_newctx, + (void *provctx, void *parent, + const OSSL_DISPATCH *parent_calls)) +OSSL_CORE_MAKE_FUNC(void,rand_freectx, (void *vctx)) +OSSL_CORE_MAKE_FUNC(int,rand_instantiate, + (void *vdrbg, unsigned int strength, + int prediction_resistance, + const unsigned char *pstr, size_t pstr_len, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int,rand_uninstantiate, (void *vdrbg)) +OSSL_CORE_MAKE_FUNC(int,rand_generate, + (void *vctx, unsigned char *out, size_t outlen, + unsigned int strength, int prediction_resistance, + const unsigned char *addin, size_t addin_len)) +OSSL_CORE_MAKE_FUNC(int,rand_reseed, + (void *vctx, int prediction_resistance, + const unsigned char *ent, size_t ent_len, + const unsigned char *addin, size_t addin_len)) +OSSL_CORE_MAKE_FUNC(size_t,rand_nonce, + (void *vctx, unsigned char *out, unsigned int strength, + size_t min_noncelen, size_t max_noncelen)) +OSSL_CORE_MAKE_FUNC(int,rand_enable_locking, (void *vctx)) +OSSL_CORE_MAKE_FUNC(int,rand_lock, (void *vctx)) +OSSL_CORE_MAKE_FUNC(void,rand_unlock, (void *vctx)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *,rand_gettable_params, (void *provctx)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *,rand_gettable_ctx_params, + (void *vctx, void *provctx)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *,rand_settable_ctx_params, + (void *vctx, void *provctx)) +OSSL_CORE_MAKE_FUNC(int,rand_get_params, (OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int,rand_get_ctx_params, + (void *vctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int,rand_set_ctx_params, + (void *vctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(void,rand_set_callbacks, + (void *vctx, OSSL_INOUT_CALLBACK *get_entropy, + OSSL_CALLBACK *cleanup_entropy, + OSSL_INOUT_CALLBACK *get_nonce, + OSSL_CALLBACK *cleanup_nonce, void *arg)) +OSSL_CORE_MAKE_FUNC(int,rand_verify_zeroization, + (void *vctx)) +OSSL_CORE_MAKE_FUNC(size_t,rand_get_seed, + (void *vctx, unsigned char **buffer, + int entropy, size_t min_len, size_t max_len, + int prediction_resistance, + const unsigned char *adin, size_t adin_len)) +OSSL_CORE_MAKE_FUNC(void,rand_clear_seed, + (void *vctx, unsigned char *buffer, size_t b_len)) + +/*- + * Key management + * + * The Key Management takes care of provider side key objects, and includes + * all current functionality to create them, destroy them, set parameters + * and key material, etc, essentially everything that manipulates the keys + * themselves and their parameters. + * + * The key objects are commonly referred to as |keydata|, and it MUST be able + * to contain parameters if the key has any, the public key and the private + * key. All parts are optional, but their presence determines what can be + * done with the key object in terms of encryption, signature, and so on. + * The assumption from libcrypto is that the key object contains any of the + * following data combinations: + * + * - parameters only + * - public key only + * - public key + private key + * - parameters + public key + * - parameters + public key + private key + * + * What "parameters", "public key" and "private key" means in detail is left + * to the implementation. In the case of DH and DSA, they would typically + * include domain parameters, while for certain variants of RSA, they would + * typically include PSS or OAEP parameters. + * + * Key objects are created with OSSL_FUNC_keymgmt_new() and destroyed with + * OSSL_FUNC_keymgmt_free(). Key objects can have data filled in with + * OSSL_FUNC_keymgmt_import(). + * + * Three functions are made available to check what selection of data is + * present in a key object: OSSL_FUNC_keymgmt_has_parameters(), + * OSSL_FUNC_keymgmt_has_public_key(), and OSSL_FUNC_keymgmt_has_private_key(), + */ + +/* Key data subset selection - individual bits */ +# define OSSL_KEYMGMT_SELECT_PRIVATE_KEY 0x01 +# define OSSL_KEYMGMT_SELECT_PUBLIC_KEY 0x02 +# define OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS 0x04 +# define OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS 0x80 + +/* Key data subset selection - combinations */ +# define OSSL_KEYMGMT_SELECT_ALL_PARAMETERS \ + ( OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS \ + | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) +# define OSSL_KEYMGMT_SELECT_KEYPAIR \ + ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY | OSSL_KEYMGMT_SELECT_PUBLIC_KEY ) +# define OSSL_KEYMGMT_SELECT_ALL \ + ( OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ) + +# define OSSL_KEYMGMT_VALIDATE_FULL_CHECK 0 +# define OSSL_KEYMGMT_VALIDATE_QUICK_CHECK 1 + +/* Basic key object creation */ +# define OSSL_FUNC_KEYMGMT_NEW 1 +OSSL_CORE_MAKE_FUNC(void *, keymgmt_new, (void *provctx)) + +/* Generation, a more complex constructor */ +# define OSSL_FUNC_KEYMGMT_GEN_INIT 2 +# define OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE 3 +# define OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS 4 +# define OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS 5 +# define OSSL_FUNC_KEYMGMT_GEN 6 +# define OSSL_FUNC_KEYMGMT_GEN_CLEANUP 7 +OSSL_CORE_MAKE_FUNC(void *, keymgmt_gen_init, + (void *provctx, int selection, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_set_template, + (void *genctx, void *templ)) +OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_set_params, + (void *genctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, + keymgmt_gen_settable_params, + (void *genctx, void *provctx)) +OSSL_CORE_MAKE_FUNC(void *, keymgmt_gen, + (void *genctx, OSSL_CALLBACK *cb, void *cbarg)) +OSSL_CORE_MAKE_FUNC(void, keymgmt_gen_cleanup, (void *genctx)) + +/* Key loading by object reference */ +# define OSSL_FUNC_KEYMGMT_LOAD 8 +OSSL_CORE_MAKE_FUNC(void *, keymgmt_load, + (const void *reference, size_t reference_sz)) + +/* Basic key object destruction */ +# define OSSL_FUNC_KEYMGMT_FREE 10 +OSSL_CORE_MAKE_FUNC(void, keymgmt_free, (void *keydata)) + +/* Key object information, with discovery */ +#define OSSL_FUNC_KEYMGMT_GET_PARAMS 11 +#define OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS 12 +OSSL_CORE_MAKE_FUNC(int, keymgmt_get_params, + (void *keydata, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_gettable_params, + (void *provctx)) + +#define OSSL_FUNC_KEYMGMT_SET_PARAMS 13 +#define OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS 14 +OSSL_CORE_MAKE_FUNC(int, keymgmt_set_params, + (void *keydata, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_settable_params, + (void *provctx)) + +/* Key checks - discovery of supported operations */ +# define OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME 20 +OSSL_CORE_MAKE_FUNC(const char *, keymgmt_query_operation_name, + (int operation_id)) + +/* Key checks - key data content checks */ +# define OSSL_FUNC_KEYMGMT_HAS 21 +OSSL_CORE_MAKE_FUNC(int, keymgmt_has, (const void *keydata, int selection)) + +/* Key checks - validation */ +# define OSSL_FUNC_KEYMGMT_VALIDATE 22 +OSSL_CORE_MAKE_FUNC(int, keymgmt_validate, (const void *keydata, int selection, + int checktype)) + +/* Key checks - matching */ +# define OSSL_FUNC_KEYMGMT_MATCH 23 +OSSL_CORE_MAKE_FUNC(int, keymgmt_match, + (const void *keydata1, const void *keydata2, + int selection)) + +/* Import and export functions, with discovery */ +# define OSSL_FUNC_KEYMGMT_IMPORT 40 +# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES 41 +# define OSSL_FUNC_KEYMGMT_EXPORT 42 +# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES 43 +OSSL_CORE_MAKE_FUNC(int, keymgmt_import, + (void *keydata, int selection, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types, + (int selection)) +OSSL_CORE_MAKE_FUNC(int, keymgmt_export, + (void *keydata, int selection, + OSSL_CALLBACK *param_cb, void *cbarg)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types, + (int selection)) + +/* Dup function, constructor */ +# define OSSL_FUNC_KEYMGMT_DUP 44 +OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup, + (const void *keydata_from, int selection)) + +/* Extended import and export functions */ +# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX 45 +# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX 46 +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex, + (void *provctx, int selection)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex, + (void *provctx, int selection)) + +/* Key Exchange */ + +# define OSSL_FUNC_KEYEXCH_NEWCTX 1 +# define OSSL_FUNC_KEYEXCH_INIT 2 +# define OSSL_FUNC_KEYEXCH_DERIVE 3 +# define OSSL_FUNC_KEYEXCH_SET_PEER 4 +# define OSSL_FUNC_KEYEXCH_FREECTX 5 +# define OSSL_FUNC_KEYEXCH_DUPCTX 6 +# define OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS 7 +# define OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS 8 +# define OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS 9 +# define OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS 10 + +OSSL_CORE_MAKE_FUNC(void *, keyexch_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, keyexch_init, (void *ctx, void *provkey, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, keyexch_derive, (void *ctx, unsigned char *secret, + size_t *secretlen, size_t outlen)) +OSSL_CORE_MAKE_FUNC(int, keyexch_set_peer, (void *ctx, void *provkey)) +OSSL_CORE_MAKE_FUNC(void, keyexch_freectx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(void *, keyexch_dupctx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(int, keyexch_set_ctx_params, (void *ctx, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keyexch_settable_ctx_params, + (void *ctx, void *provctx)) +OSSL_CORE_MAKE_FUNC(int, keyexch_get_ctx_params, (void *ctx, + OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keyexch_gettable_ctx_params, + (void *ctx, void *provctx)) + +/* Signature */ + +# define OSSL_FUNC_SIGNATURE_NEWCTX 1 +# define OSSL_FUNC_SIGNATURE_SIGN_INIT 2 +# define OSSL_FUNC_SIGNATURE_SIGN 3 +# define OSSL_FUNC_SIGNATURE_VERIFY_INIT 4 +# define OSSL_FUNC_SIGNATURE_VERIFY 5 +# define OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT 6 +# define OSSL_FUNC_SIGNATURE_VERIFY_RECOVER 7 +# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT 8 +# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE 9 +# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL 10 +# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN 11 +# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT 12 +# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE 13 +# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL 14 +# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY 15 +# define OSSL_FUNC_SIGNATURE_FREECTX 16 +# define OSSL_FUNC_SIGNATURE_DUPCTX 17 +# define OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS 18 +# define OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS 19 +# define OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS 20 +# define OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS 21 +# define OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS 22 +# define OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS 23 +# define OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS 24 +# define OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS 25 + +OSSL_CORE_MAKE_FUNC(void *, signature_newctx, (void *provctx, + const char *propq)) +OSSL_CORE_MAKE_FUNC(int, signature_sign_init, (void *ctx, void *provkey, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, signature_sign, (void *ctx, unsigned char *sig, + size_t *siglen, size_t sigsize, + const unsigned char *tbs, + size_t tbslen)) +OSSL_CORE_MAKE_FUNC(int, signature_verify_init, (void *ctx, void *provkey, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, signature_verify, (void *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)) +OSSL_CORE_MAKE_FUNC(int, signature_verify_recover_init, + (void *ctx, void *provkey, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, signature_verify_recover, + (void *ctx, unsigned char *rout, size_t *routlen, + size_t routsize, const unsigned char *sig, size_t siglen)) +OSSL_CORE_MAKE_FUNC(int, signature_digest_sign_init, + (void *ctx, const char *mdname, void *provkey, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, signature_digest_sign_update, + (void *ctx, const unsigned char *data, size_t datalen)) +OSSL_CORE_MAKE_FUNC(int, signature_digest_sign_final, + (void *ctx, unsigned char *sig, size_t *siglen, + size_t sigsize)) +OSSL_CORE_MAKE_FUNC(int, signature_digest_sign, + (void *ctx, unsigned char *sigret, size_t *siglen, + size_t sigsize, const unsigned char *tbs, size_t tbslen)) +OSSL_CORE_MAKE_FUNC(int, signature_digest_verify_init, + (void *ctx, const char *mdname, void *provkey, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, signature_digest_verify_update, + (void *ctx, const unsigned char *data, size_t datalen)) +OSSL_CORE_MAKE_FUNC(int, signature_digest_verify_final, + (void *ctx, const unsigned char *sig, size_t siglen)) +OSSL_CORE_MAKE_FUNC(int, signature_digest_verify, + (void *ctx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen)) +OSSL_CORE_MAKE_FUNC(void, signature_freectx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(void *, signature_dupctx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(int, signature_get_ctx_params, + (void *ctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, signature_gettable_ctx_params, + (void *ctx, void *provctx)) +OSSL_CORE_MAKE_FUNC(int, signature_set_ctx_params, + (void *ctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, signature_settable_ctx_params, + (void *ctx, void *provctx)) +OSSL_CORE_MAKE_FUNC(int, signature_get_ctx_md_params, + (void *ctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, signature_gettable_ctx_md_params, + (void *ctx)) +OSSL_CORE_MAKE_FUNC(int, signature_set_ctx_md_params, + (void *ctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, signature_settable_ctx_md_params, + (void *ctx)) + + +/* Asymmetric Ciphers */ + +# define OSSL_FUNC_ASYM_CIPHER_NEWCTX 1 +# define OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT 2 +# define OSSL_FUNC_ASYM_CIPHER_ENCRYPT 3 +# define OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT 4 +# define OSSL_FUNC_ASYM_CIPHER_DECRYPT 5 +# define OSSL_FUNC_ASYM_CIPHER_FREECTX 6 +# define OSSL_FUNC_ASYM_CIPHER_DUPCTX 7 +# define OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS 8 +# define OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS 9 +# define OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS 10 +# define OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS 11 + +OSSL_CORE_MAKE_FUNC(void *, asym_cipher_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, asym_cipher_encrypt_init, (void *ctx, void *provkey, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, asym_cipher_encrypt, (void *ctx, unsigned char *out, + size_t *outlen, + size_t outsize, + const unsigned char *in, + size_t inlen)) +OSSL_CORE_MAKE_FUNC(int, asym_cipher_decrypt_init, (void *ctx, void *provkey, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, asym_cipher_decrypt, (void *ctx, unsigned char *out, + size_t *outlen, + size_t outsize, + const unsigned char *in, + size_t inlen)) +OSSL_CORE_MAKE_FUNC(void, asym_cipher_freectx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(void *, asym_cipher_dupctx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(int, asym_cipher_get_ctx_params, + (void *ctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_gettable_ctx_params, + (void *ctx, void *provctx)) +OSSL_CORE_MAKE_FUNC(int, asym_cipher_set_ctx_params, + (void *ctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params, + (void *ctx, void *provctx)) + +/* Asymmetric Key encapsulation */ +# define OSSL_FUNC_KEM_NEWCTX 1 +# define OSSL_FUNC_KEM_ENCAPSULATE_INIT 2 +# define OSSL_FUNC_KEM_ENCAPSULATE 3 +# define OSSL_FUNC_KEM_DECAPSULATE_INIT 4 +# define OSSL_FUNC_KEM_DECAPSULATE 5 +# define OSSL_FUNC_KEM_FREECTX 6 +# define OSSL_FUNC_KEM_DUPCTX 7 +# define OSSL_FUNC_KEM_GET_CTX_PARAMS 8 +# define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS 9 +# define OSSL_FUNC_KEM_SET_CTX_PARAMS 10 +# define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS 11 +# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT 12 +# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT 13 + +OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey, + void *authprivkey, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx, + unsigned char *out, size_t *outlen, + unsigned char *secret, + size_t *secretlen)) +OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey, + void *authpubkey, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)) +OSSL_CORE_MAKE_FUNC(void, kem_freectx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(void *, kem_dupctx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(int, kem_get_ctx_params, (void *ctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, kem_gettable_ctx_params, + (void *ctx, void *provctx)) +OSSL_CORE_MAKE_FUNC(int, kem_set_ctx_params, + (void *ctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, kem_settable_ctx_params, + (void *ctx, void *provctx)) + +/* Encoders and decoders */ +# define OSSL_FUNC_ENCODER_NEWCTX 1 +# define OSSL_FUNC_ENCODER_FREECTX 2 +# define OSSL_FUNC_ENCODER_GET_PARAMS 3 +# define OSSL_FUNC_ENCODER_GETTABLE_PARAMS 4 +# define OSSL_FUNC_ENCODER_SET_CTX_PARAMS 5 +# define OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS 6 +# define OSSL_FUNC_ENCODER_DOES_SELECTION 10 +# define OSSL_FUNC_ENCODER_ENCODE 11 +# define OSSL_FUNC_ENCODER_IMPORT_OBJECT 20 +# define OSSL_FUNC_ENCODER_FREE_OBJECT 21 +OSSL_CORE_MAKE_FUNC(void *, encoder_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(void, encoder_freectx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(int, encoder_get_params, (OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, encoder_gettable_params, + (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, encoder_set_ctx_params, + (void *ctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, encoder_settable_ctx_params, + (void *provctx)) + +OSSL_CORE_MAKE_FUNC(int, encoder_does_selection, + (void *provctx, int selection)) +OSSL_CORE_MAKE_FUNC(int, encoder_encode, + (void *ctx, OSSL_CORE_BIO *out, + const void *obj_raw, const OSSL_PARAM obj_abstract[], + int selection, + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)) + +OSSL_CORE_MAKE_FUNC(void *, encoder_import_object, + (void *ctx, int selection, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(void, encoder_free_object, (void *obj)) + +# define OSSL_FUNC_DECODER_NEWCTX 1 +# define OSSL_FUNC_DECODER_FREECTX 2 +# define OSSL_FUNC_DECODER_GET_PARAMS 3 +# define OSSL_FUNC_DECODER_GETTABLE_PARAMS 4 +# define OSSL_FUNC_DECODER_SET_CTX_PARAMS 5 +# define OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS 6 +# define OSSL_FUNC_DECODER_DOES_SELECTION 10 +# define OSSL_FUNC_DECODER_DECODE 11 +# define OSSL_FUNC_DECODER_EXPORT_OBJECT 20 +OSSL_CORE_MAKE_FUNC(void *, decoder_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(void, decoder_freectx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(int, decoder_get_params, (OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, decoder_gettable_params, + (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, decoder_set_ctx_params, + (void *ctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, decoder_settable_ctx_params, + (void *provctx)) + +OSSL_CORE_MAKE_FUNC(int, decoder_does_selection, + (void *provctx, int selection)) +OSSL_CORE_MAKE_FUNC(int, decoder_decode, + (void *ctx, OSSL_CORE_BIO *in, int selection, + OSSL_CALLBACK *data_cb, void *data_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)) +OSSL_CORE_MAKE_FUNC(int, decoder_export_object, + (void *ctx, const void *objref, size_t objref_sz, + OSSL_CALLBACK *export_cb, void *export_cbarg)) + +/*- + * Store + * + * Objects are scanned by using the 'open', 'load', 'eof' and 'close' + * functions, which implement an OSSL_STORE loader. + * + * store_load() works in a way that's very similar to the decoders, in + * that they pass an abstract object through a callback, either as a DER + * octet string or as an object reference, which libcrypto will have to + * deal with. + */ + +#define OSSL_FUNC_STORE_OPEN 1 +#define OSSL_FUNC_STORE_ATTACH 2 +#define OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS 3 +#define OSSL_FUNC_STORE_SET_CTX_PARAMS 4 +#define OSSL_FUNC_STORE_LOAD 5 +#define OSSL_FUNC_STORE_EOF 6 +#define OSSL_FUNC_STORE_CLOSE 7 +#define OSSL_FUNC_STORE_EXPORT_OBJECT 8 +#define OSSL_FUNC_STORE_DELETE 9 +#define OSSL_FUNC_STORE_OPEN_EX 10 +OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri)) +OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params, + (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, store_set_ctx_params, + (void *loaderctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, store_load, + (void *loaderctx, + OSSL_CALLBACK *object_cb, void *object_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)) +OSSL_CORE_MAKE_FUNC(int, store_eof, (void *loaderctx)) +OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx)) +OSSL_CORE_MAKE_FUNC(int, store_export_object, + (void *loaderctx, const void *objref, size_t objref_sz, + OSSL_CALLBACK *export_cb, void *export_cbarg)) +OSSL_CORE_MAKE_FUNC(int, store_delete, + (void *provctx, const char *uri, const OSSL_PARAM params[], + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)) +OSSL_CORE_MAKE_FUNC(void *, store_open_ex, + (void *provctx, const char *uri, const OSSL_PARAM params[], + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)) + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/core_names.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/core_names.h index ffffe90f16f3..a61580568f78 100644 --- a/contrib/openssl-cmake/linux_x86_64/include/openssl/core_names.h +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/core_names.h @@ -384,6 +384,7 @@ extern "C" { # define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8" # define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9" # define OSSL_PKEY_PARAM_RSA_D "d" +# define OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ "rsa-derive-from-pq" # define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST # define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES # define OSSL_PKEY_PARAM_RSA_E "e" diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/core_object.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/core_object.h new file mode 100644 index 000000000000..62ccf39d3259 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/core_object.h @@ -0,0 +1,41 @@ +/* + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CORE_OBJECT_H +# define OPENSSL_CORE_OBJECT_H +# pragma once + +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * Known object types + * + * These numbers are used as values for the OSSL_PARAM parameter + * OSSL_OBJECT_PARAM_TYPE. + * + * For most of these types, there's a corresponding libcrypto object type. + * The corresponding type is indicated with a comment after the number. + */ +# define OSSL_OBJECT_UNKNOWN 0 +# define OSSL_OBJECT_NAME 1 /* char * */ +# define OSSL_OBJECT_PKEY 2 /* EVP_PKEY * */ +# define OSSL_OBJECT_CERT 3 /* X509 * */ +# define OSSL_OBJECT_CRL 4 /* X509_CRL * */ + +/* + * The rest of the associated OSSL_PARAM elements is described in core_names.h + */ + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/crmferr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/crmferr.h new file mode 100644 index 000000000000..b242b922ef1a --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/crmferr.h @@ -0,0 +1,50 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CRMFERR_H +# define OPENSSL_CRMFERR_H +# pragma once + +# include +# include +# include + + +# ifndef OPENSSL_NO_CRMF + + +/* + * CRMF reason codes. + */ +# define CRMF_R_BAD_PBM_ITERATIONCOUNT 100 +# define CRMF_R_CRMFERROR 102 +# define CRMF_R_ERROR 103 +# define CRMF_R_ERROR_DECODING_CERTIFICATE 104 +# define CRMF_R_ERROR_DECRYPTING_CERTIFICATE 105 +# define CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY 106 +# define CRMF_R_FAILURE_OBTAINING_RANDOM 107 +# define CRMF_R_ITERATIONCOUNT_BELOW_100 108 +# define CRMF_R_MALFORMED_IV 101 +# define CRMF_R_NULL_ARGUMENT 109 +# define CRMF_R_POPOSKINPUT_NOT_SUPPORTED 113 +# define CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY 117 +# define CRMF_R_POPO_MISSING 121 +# define CRMF_R_POPO_MISSING_PUBLIC_KEY 118 +# define CRMF_R_POPO_MISSING_SUBJECT 119 +# define CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED 120 +# define CRMF_R_SETTING_MAC_ALGOR_FAILURE 110 +# define CRMF_R_SETTING_OWF_ALGOR_FAILURE 111 +# define CRMF_R_UNSUPPORTED_ALGORITHM 112 +# define CRMF_R_UNSUPPORTED_CIPHER 114 +# define CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO 115 +# define CRMF_R_UNSUPPORTED_POPO_METHOD 116 + +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/cryptoerr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/cryptoerr.h new file mode 100644 index 000000000000..e84b12df6d59 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/cryptoerr.h @@ -0,0 +1,55 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CRYPTOERR_H +# define OPENSSL_CRYPTOERR_H +# pragma once + +# include +# include +# include + + + +/* + * CRYPTO reason codes. + */ +# define CRYPTO_R_BAD_ALGORITHM_NAME 117 +# define CRYPTO_R_CONFLICTING_NAMES 118 +# define CRYPTO_R_HEX_STRING_TOO_SHORT 121 +# define CRYPTO_R_ILLEGAL_HEX_DIGIT 102 +# define CRYPTO_R_INSUFFICIENT_DATA_SPACE 106 +# define CRYPTO_R_INSUFFICIENT_PARAM_SIZE 107 +# define CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE 108 +# define CRYPTO_R_INTEGER_OVERFLOW 127 +# define CRYPTO_R_INVALID_NEGATIVE_VALUE 122 +# define CRYPTO_R_INVALID_NULL_ARGUMENT 109 +# define CRYPTO_R_INVALID_OSSL_PARAM_TYPE 110 +# define CRYPTO_R_NO_PARAMS_TO_MERGE 131 +# define CRYPTO_R_NO_SPACE_FOR_TERMINATING_NULL 128 +# define CRYPTO_R_ODD_NUMBER_OF_DIGITS 103 +# define CRYPTO_R_PARAM_CANNOT_BE_REPRESENTED_EXACTLY 123 +# define CRYPTO_R_PARAM_NOT_INTEGER_TYPE 124 +# define CRYPTO_R_PARAM_OF_INCOMPATIBLE_TYPE 129 +# define CRYPTO_R_PARAM_UNSIGNED_INTEGER_NEGATIVE_VALUE_UNSUPPORTED 125 +# define CRYPTO_R_PARAM_UNSUPPORTED_FLOATING_POINT_FORMAT 130 +# define CRYPTO_R_PARAM_VALUE_TOO_LARGE_FOR_DESTINATION 126 +# define CRYPTO_R_PROVIDER_ALREADY_EXISTS 104 +# define CRYPTO_R_PROVIDER_SECTION_ERROR 105 +# define CRYPTO_R_RANDOM_SECTION_ERROR 119 +# define CRYPTO_R_SECURE_MALLOC_FAILURE 111 +# define CRYPTO_R_STRING_TOO_LONG 112 +# define CRYPTO_R_TOO_MANY_BYTES 113 +# define CRYPTO_R_TOO_MANY_RECORDS 114 +# define CRYPTO_R_TOO_SMALL_BUFFER 116 +# define CRYPTO_R_UNKNOWN_NAME_IN_RANDOM_SECTION 120 +# define CRYPTO_R_ZERO_LENGTH_NUMBER 115 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/cryptoerr_legacy.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/cryptoerr_legacy.h new file mode 100644 index 000000000000..ccab33a5d4f0 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/cryptoerr_legacy.h @@ -0,0 +1,1466 @@ +/* + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This header file preserves symbols from pre-3.0 OpenSSL. + * It should never be included directly, as it's already included + * by the public {lib}err.h headers, and since it will go away some + * time in the future. + */ + +#ifndef OPENSSL_CRYPTOERR_LEGACY_H +# define OPENSSL_CRYPTOERR_LEGACY_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int ERR_load_ASN1_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_ASYNC_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_BIO_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_BN_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_BUF_strings(void); +# ifndef OPENSSL_NO_CMS +OSSL_DEPRECATEDIN_3_0 int ERR_load_CMS_strings(void); +# endif +# ifndef OPENSSL_NO_COMP +OSSL_DEPRECATEDIN_3_0 int ERR_load_COMP_strings(void); +# endif +OSSL_DEPRECATEDIN_3_0 int ERR_load_CONF_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_CRYPTO_strings(void); +# ifndef OPENSSL_NO_CT +OSSL_DEPRECATEDIN_3_0 int ERR_load_CT_strings(void); +# endif +# ifndef OPENSSL_NO_DH +OSSL_DEPRECATEDIN_3_0 int ERR_load_DH_strings(void); +# endif +# ifndef OPENSSL_NO_DSA +OSSL_DEPRECATEDIN_3_0 int ERR_load_DSA_strings(void); +# endif +# ifndef OPENSSL_NO_EC +OSSL_DEPRECATEDIN_3_0 int ERR_load_EC_strings(void); +# endif +# ifndef OPENSSL_NO_ENGINE +OSSL_DEPRECATEDIN_3_0 int ERR_load_ENGINE_strings(void); +# endif +OSSL_DEPRECATEDIN_3_0 int ERR_load_ERR_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_EVP_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_KDF_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_OBJ_strings(void); +# ifndef OPENSSL_NO_OCSP +OSSL_DEPRECATEDIN_3_0 int ERR_load_OCSP_strings(void); +# endif +OSSL_DEPRECATEDIN_3_0 int ERR_load_PEM_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_PKCS12_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_PKCS7_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_RAND_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_RSA_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_OSSL_STORE_strings(void); +# ifndef OPENSSL_NO_TS +OSSL_DEPRECATEDIN_3_0 int ERR_load_TS_strings(void); +# endif +OSSL_DEPRECATEDIN_3_0 int ERR_load_UI_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_X509_strings(void); +OSSL_DEPRECATEDIN_3_0 int ERR_load_X509V3_strings(void); + +/* Collected _F_ macros from OpenSSL 1.1.1 */ + +/* + * ASN1 function codes. + */ +# define ASN1_F_A2D_ASN1_OBJECT 0 +# define ASN1_F_A2I_ASN1_INTEGER 0 +# define ASN1_F_A2I_ASN1_STRING 0 +# define ASN1_F_APPEND_EXP 0 +# define ASN1_F_ASN1_BIO_INIT 0 +# define ASN1_F_ASN1_BIT_STRING_SET_BIT 0 +# define ASN1_F_ASN1_CB 0 +# define ASN1_F_ASN1_CHECK_TLEN 0 +# define ASN1_F_ASN1_COLLECT 0 +# define ASN1_F_ASN1_D2I_EX_PRIMITIVE 0 +# define ASN1_F_ASN1_D2I_FP 0 +# define ASN1_F_ASN1_D2I_READ_BIO 0 +# define ASN1_F_ASN1_DIGEST 0 +# define ASN1_F_ASN1_DO_ADB 0 +# define ASN1_F_ASN1_DO_LOCK 0 +# define ASN1_F_ASN1_DUP 0 +# define ASN1_F_ASN1_ENC_SAVE 0 +# define ASN1_F_ASN1_EX_C2I 0 +# define ASN1_F_ASN1_FIND_END 0 +# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 0 +# define ASN1_F_ASN1_GENERATE_V3 0 +# define ASN1_F_ASN1_GET_INT64 0 +# define ASN1_F_ASN1_GET_OBJECT 0 +# define ASN1_F_ASN1_GET_UINT64 0 +# define ASN1_F_ASN1_I2D_BIO 0 +# define ASN1_F_ASN1_I2D_FP 0 +# define ASN1_F_ASN1_ITEM_D2I_FP 0 +# define ASN1_F_ASN1_ITEM_DUP 0 +# define ASN1_F_ASN1_ITEM_EMBED_D2I 0 +# define ASN1_F_ASN1_ITEM_EMBED_NEW 0 +# define ASN1_F_ASN1_ITEM_FLAGS_I2D 0 +# define ASN1_F_ASN1_ITEM_I2D_BIO 0 +# define ASN1_F_ASN1_ITEM_I2D_FP 0 +# define ASN1_F_ASN1_ITEM_PACK 0 +# define ASN1_F_ASN1_ITEM_SIGN 0 +# define ASN1_F_ASN1_ITEM_SIGN_CTX 0 +# define ASN1_F_ASN1_ITEM_UNPACK 0 +# define ASN1_F_ASN1_ITEM_VERIFY 0 +# define ASN1_F_ASN1_MBSTRING_NCOPY 0 +# define ASN1_F_ASN1_OBJECT_NEW 0 +# define ASN1_F_ASN1_OUTPUT_DATA 0 +# define ASN1_F_ASN1_PCTX_NEW 0 +# define ASN1_F_ASN1_PRIMITIVE_NEW 0 +# define ASN1_F_ASN1_SCTX_NEW 0 +# define ASN1_F_ASN1_SIGN 0 +# define ASN1_F_ASN1_STR2TYPE 0 +# define ASN1_F_ASN1_STRING_GET_INT64 0 +# define ASN1_F_ASN1_STRING_GET_UINT64 0 +# define ASN1_F_ASN1_STRING_SET 0 +# define ASN1_F_ASN1_STRING_TABLE_ADD 0 +# define ASN1_F_ASN1_STRING_TO_BN 0 +# define ASN1_F_ASN1_STRING_TYPE_NEW 0 +# define ASN1_F_ASN1_TEMPLATE_EX_D2I 0 +# define ASN1_F_ASN1_TEMPLATE_NEW 0 +# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 0 +# define ASN1_F_ASN1_TIME_ADJ 0 +# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 0 +# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 0 +# define ASN1_F_ASN1_UTCTIME_ADJ 0 +# define ASN1_F_ASN1_VERIFY 0 +# define ASN1_F_B64_READ_ASN1 0 +# define ASN1_F_B64_WRITE_ASN1 0 +# define ASN1_F_BIO_NEW_NDEF 0 +# define ASN1_F_BITSTR_CB 0 +# define ASN1_F_BN_TO_ASN1_STRING 0 +# define ASN1_F_C2I_ASN1_BIT_STRING 0 +# define ASN1_F_C2I_ASN1_INTEGER 0 +# define ASN1_F_C2I_ASN1_OBJECT 0 +# define ASN1_F_C2I_IBUF 0 +# define ASN1_F_C2I_UINT64_INT 0 +# define ASN1_F_COLLECT_DATA 0 +# define ASN1_F_D2I_ASN1_OBJECT 0 +# define ASN1_F_D2I_ASN1_UINTEGER 0 +# define ASN1_F_D2I_AUTOPRIVATEKEY 0 +# define ASN1_F_D2I_PRIVATEKEY 0 +# define ASN1_F_D2I_PUBLICKEY 0 +# define ASN1_F_DO_BUF 0 +# define ASN1_F_DO_CREATE 0 +# define ASN1_F_DO_DUMP 0 +# define ASN1_F_DO_TCREATE 0 +# define ASN1_F_I2A_ASN1_OBJECT 0 +# define ASN1_F_I2D_ASN1_BIO_STREAM 0 +# define ASN1_F_I2D_ASN1_OBJECT 0 +# define ASN1_F_I2D_DSA_PUBKEY 0 +# define ASN1_F_I2D_EC_PUBKEY 0 +# define ASN1_F_I2D_PRIVATEKEY 0 +# define ASN1_F_I2D_PUBLICKEY 0 +# define ASN1_F_I2D_RSA_PUBKEY 0 +# define ASN1_F_LONG_C2I 0 +# define ASN1_F_NDEF_PREFIX 0 +# define ASN1_F_NDEF_SUFFIX 0 +# define ASN1_F_OID_MODULE_INIT 0 +# define ASN1_F_PARSE_TAGGING 0 +# define ASN1_F_PKCS5_PBE2_SET_IV 0 +# define ASN1_F_PKCS5_PBE2_SET_SCRYPT 0 +# define ASN1_F_PKCS5_PBE_SET 0 +# define ASN1_F_PKCS5_PBE_SET0_ALGOR 0 +# define ASN1_F_PKCS5_PBKDF2_SET 0 +# define ASN1_F_PKCS5_SCRYPT_SET 0 +# define ASN1_F_SMIME_READ_ASN1 0 +# define ASN1_F_SMIME_TEXT 0 +# define ASN1_F_STABLE_GET 0 +# define ASN1_F_STBL_MODULE_INIT 0 +# define ASN1_F_UINT32_C2I 0 +# define ASN1_F_UINT32_NEW 0 +# define ASN1_F_UINT64_C2I 0 +# define ASN1_F_UINT64_NEW 0 +# define ASN1_F_X509_CRL_ADD0_REVOKED 0 +# define ASN1_F_X509_INFO_NEW 0 +# define ASN1_F_X509_NAME_ENCODE 0 +# define ASN1_F_X509_NAME_EX_D2I 0 +# define ASN1_F_X509_NAME_EX_NEW 0 +# define ASN1_F_X509_PKEY_NEW 0 + +/* + * ASYNC function codes. + */ +# define ASYNC_F_ASYNC_CTX_NEW 0 +# define ASYNC_F_ASYNC_INIT_THREAD 0 +# define ASYNC_F_ASYNC_JOB_NEW 0 +# define ASYNC_F_ASYNC_PAUSE_JOB 0 +# define ASYNC_F_ASYNC_START_FUNC 0 +# define ASYNC_F_ASYNC_START_JOB 0 +# define ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD 0 + +/* + * BIO function codes. + */ +# define BIO_F_ACPT_STATE 0 +# define BIO_F_ADDRINFO_WRAP 0 +# define BIO_F_ADDR_STRINGS 0 +# define BIO_F_BIO_ACCEPT 0 +# define BIO_F_BIO_ACCEPT_EX 0 +# define BIO_F_BIO_ACCEPT_NEW 0 +# define BIO_F_BIO_ADDR_NEW 0 +# define BIO_F_BIO_BIND 0 +# define BIO_F_BIO_CALLBACK_CTRL 0 +# define BIO_F_BIO_CONNECT 0 +# define BIO_F_BIO_CONNECT_NEW 0 +# define BIO_F_BIO_CTRL 0 +# define BIO_F_BIO_GETS 0 +# define BIO_F_BIO_GET_HOST_IP 0 +# define BIO_F_BIO_GET_NEW_INDEX 0 +# define BIO_F_BIO_GET_PORT 0 +# define BIO_F_BIO_LISTEN 0 +# define BIO_F_BIO_LOOKUP 0 +# define BIO_F_BIO_LOOKUP_EX 0 +# define BIO_F_BIO_MAKE_PAIR 0 +# define BIO_F_BIO_METH_NEW 0 +# define BIO_F_BIO_NEW 0 +# define BIO_F_BIO_NEW_DGRAM_SCTP 0 +# define BIO_F_BIO_NEW_FILE 0 +# define BIO_F_BIO_NEW_MEM_BUF 0 +# define BIO_F_BIO_NREAD 0 +# define BIO_F_BIO_NREAD0 0 +# define BIO_F_BIO_NWRITE 0 +# define BIO_F_BIO_NWRITE0 0 +# define BIO_F_BIO_PARSE_HOSTSERV 0 +# define BIO_F_BIO_PUTS 0 +# define BIO_F_BIO_READ 0 +# define BIO_F_BIO_READ_EX 0 +# define BIO_F_BIO_READ_INTERN 0 +# define BIO_F_BIO_SOCKET 0 +# define BIO_F_BIO_SOCKET_NBIO 0 +# define BIO_F_BIO_SOCK_INFO 0 +# define BIO_F_BIO_SOCK_INIT 0 +# define BIO_F_BIO_WRITE 0 +# define BIO_F_BIO_WRITE_EX 0 +# define BIO_F_BIO_WRITE_INTERN 0 +# define BIO_F_BUFFER_CTRL 0 +# define BIO_F_CONN_CTRL 0 +# define BIO_F_CONN_STATE 0 +# define BIO_F_DGRAM_SCTP_NEW 0 +# define BIO_F_DGRAM_SCTP_READ 0 +# define BIO_F_DGRAM_SCTP_WRITE 0 +# define BIO_F_DOAPR_OUTCH 0 +# define BIO_F_FILE_CTRL 0 +# define BIO_F_FILE_READ 0 +# define BIO_F_LINEBUFFER_CTRL 0 +# define BIO_F_LINEBUFFER_NEW 0 +# define BIO_F_MEM_WRITE 0 +# define BIO_F_NBIOF_NEW 0 +# define BIO_F_SLG_WRITE 0 +# define BIO_F_SSL_NEW 0 + +/* + * BN function codes. + */ +# define BN_F_BNRAND 0 +# define BN_F_BNRAND_RANGE 0 +# define BN_F_BN_BLINDING_CONVERT_EX 0 +# define BN_F_BN_BLINDING_CREATE_PARAM 0 +# define BN_F_BN_BLINDING_INVERT_EX 0 +# define BN_F_BN_BLINDING_NEW 0 +# define BN_F_BN_BLINDING_UPDATE 0 +# define BN_F_BN_BN2DEC 0 +# define BN_F_BN_BN2HEX 0 +# define BN_F_BN_COMPUTE_WNAF 0 +# define BN_F_BN_CTX_GET 0 +# define BN_F_BN_CTX_NEW 0 +# define BN_F_BN_CTX_START 0 +# define BN_F_BN_DIV 0 +# define BN_F_BN_DIV_RECP 0 +# define BN_F_BN_EXP 0 +# define BN_F_BN_EXPAND_INTERNAL 0 +# define BN_F_BN_GENCB_NEW 0 +# define BN_F_BN_GENERATE_DSA_NONCE 0 +# define BN_F_BN_GENERATE_PRIME_EX 0 +# define BN_F_BN_GF2M_MOD 0 +# define BN_F_BN_GF2M_MOD_EXP 0 +# define BN_F_BN_GF2M_MOD_MUL 0 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 0 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 0 +# define BN_F_BN_GF2M_MOD_SQR 0 +# define BN_F_BN_GF2M_MOD_SQRT 0 +# define BN_F_BN_LSHIFT 0 +# define BN_F_BN_MOD_EXP2_MONT 0 +# define BN_F_BN_MOD_EXP_MONT 0 +# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 0 +# define BN_F_BN_MOD_EXP_MONT_WORD 0 +# define BN_F_BN_MOD_EXP_RECP 0 +# define BN_F_BN_MOD_EXP_SIMPLE 0 +# define BN_F_BN_MOD_INVERSE 0 +# define BN_F_BN_MOD_INVERSE_NO_BRANCH 0 +# define BN_F_BN_MOD_LSHIFT_QUICK 0 +# define BN_F_BN_MOD_SQRT 0 +# define BN_F_BN_MONT_CTX_NEW 0 +# define BN_F_BN_MPI2BN 0 +# define BN_F_BN_NEW 0 +# define BN_F_BN_POOL_GET 0 +# define BN_F_BN_RAND 0 +# define BN_F_BN_RAND_RANGE 0 +# define BN_F_BN_RECP_CTX_NEW 0 +# define BN_F_BN_RSHIFT 0 +# define BN_F_BN_SET_WORDS 0 +# define BN_F_BN_STACK_PUSH 0 +# define BN_F_BN_USUB 0 + +/* + * BUF function codes. + */ +# define BUF_F_BUF_MEM_GROW 0 +# define BUF_F_BUF_MEM_GROW_CLEAN 0 +# define BUF_F_BUF_MEM_NEW 0 + +# ifndef OPENSSL_NO_CMS +/* + * CMS function codes. + */ +# define CMS_F_CHECK_CONTENT 0 +# define CMS_F_CMS_ADD0_CERT 0 +# define CMS_F_CMS_ADD0_RECIPIENT_KEY 0 +# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 0 +# define CMS_F_CMS_ADD1_RECEIPTREQUEST 0 +# define CMS_F_CMS_ADD1_RECIPIENT_CERT 0 +# define CMS_F_CMS_ADD1_SIGNER 0 +# define CMS_F_CMS_ADD1_SIGNINGTIME 0 +# define CMS_F_CMS_COMPRESS 0 +# define CMS_F_CMS_COMPRESSEDDATA_CREATE 0 +# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 0 +# define CMS_F_CMS_COPY_CONTENT 0 +# define CMS_F_CMS_COPY_MESSAGEDIGEST 0 +# define CMS_F_CMS_DATA 0 +# define CMS_F_CMS_DATAFINAL 0 +# define CMS_F_CMS_DATAINIT 0 +# define CMS_F_CMS_DECRYPT 0 +# define CMS_F_CMS_DECRYPT_SET1_KEY 0 +# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 0 +# define CMS_F_CMS_DECRYPT_SET1_PKEY 0 +# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 0 +# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 0 +# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 0 +# define CMS_F_CMS_DIGEST_VERIFY 0 +# define CMS_F_CMS_ENCODE_RECEIPT 0 +# define CMS_F_CMS_ENCRYPT 0 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT 0 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 0 +# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 0 +# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 0 +# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 0 +# define CMS_F_CMS_ENVELOPEDDATA_CREATE 0 +# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 0 +# define CMS_F_CMS_ENVELOPED_DATA_INIT 0 +# define CMS_F_CMS_ENV_ASN1_CTRL 0 +# define CMS_F_CMS_FINAL 0 +# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 0 +# define CMS_F_CMS_GET0_CONTENT 0 +# define CMS_F_CMS_GET0_ECONTENT_TYPE 0 +# define CMS_F_CMS_GET0_ENVELOPED 0 +# define CMS_F_CMS_GET0_REVOCATION_CHOICES 0 +# define CMS_F_CMS_GET0_SIGNED 0 +# define CMS_F_CMS_MSGSIGDIGEST_ADD1 0 +# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 0 +# define CMS_F_CMS_RECEIPT_VERIFY 0 +# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 0 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 0 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 0 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 0 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 0 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 0 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 0 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 0 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 0 +# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 0 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 0 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 0 +# define CMS_F_CMS_SD_ASN1_CTRL 0 +# define CMS_F_CMS_SET1_IAS 0 +# define CMS_F_CMS_SET1_KEYID 0 +# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 0 +# define CMS_F_CMS_SET_DETACHED 0 +# define CMS_F_CMS_SIGN 0 +# define CMS_F_CMS_SIGNED_DATA_INIT 0 +# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 0 +# define CMS_F_CMS_SIGNERINFO_SIGN 0 +# define CMS_F_CMS_SIGNERINFO_VERIFY 0 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 0 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 0 +# define CMS_F_CMS_SIGN_RECEIPT 0 +# define CMS_F_CMS_SI_CHECK_ATTRIBUTES 0 +# define CMS_F_CMS_STREAM 0 +# define CMS_F_CMS_UNCOMPRESS 0 +# define CMS_F_CMS_VERIFY 0 +# define CMS_F_KEK_UNWRAP_KEY 0 +# endif + +# ifndef OPENSSL_NO_COMP +/* + * COMP function codes. + */ +# define COMP_F_BIO_ZLIB_FLUSH 0 +# define COMP_F_BIO_ZLIB_NEW 0 +# define COMP_F_BIO_ZLIB_READ 0 +# define COMP_F_BIO_ZLIB_WRITE 0 +# define COMP_F_COMP_CTX_NEW 0 +# endif + +/* + * CONF function codes. + */ +# define CONF_F_CONF_DUMP_FP 0 +# define CONF_F_CONF_LOAD 0 +# define CONF_F_CONF_LOAD_FP 0 +# define CONF_F_CONF_PARSE_LIST 0 +# define CONF_F_DEF_LOAD 0 +# define CONF_F_DEF_LOAD_BIO 0 +# define CONF_F_GET_NEXT_FILE 0 +# define CONF_F_MODULE_ADD 0 +# define CONF_F_MODULE_INIT 0 +# define CONF_F_MODULE_LOAD_DSO 0 +# define CONF_F_MODULE_RUN 0 +# define CONF_F_NCONF_DUMP_BIO 0 +# define CONF_F_NCONF_DUMP_FP 0 +# define CONF_F_NCONF_GET_NUMBER_E 0 +# define CONF_F_NCONF_GET_SECTION 0 +# define CONF_F_NCONF_GET_STRING 0 +# define CONF_F_NCONF_LOAD 0 +# define CONF_F_NCONF_LOAD_BIO 0 +# define CONF_F_NCONF_LOAD_FP 0 +# define CONF_F_NCONF_NEW 0 +# define CONF_F_PROCESS_INCLUDE 0 +# define CONF_F_SSL_MODULE_INIT 0 +# define CONF_F_STR_COPY 0 + +/* + * CRYPTO function codes. + */ +# define CRYPTO_F_CMAC_CTX_NEW 0 +# define CRYPTO_F_CRYPTO_DUP_EX_DATA 0 +# define CRYPTO_F_CRYPTO_FREE_EX_DATA 0 +# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 0 +# define CRYPTO_F_CRYPTO_MEMDUP 0 +# define CRYPTO_F_CRYPTO_NEW_EX_DATA 0 +# define CRYPTO_F_CRYPTO_OCB128_COPY_CTX 0 +# define CRYPTO_F_CRYPTO_OCB128_INIT 0 +# define CRYPTO_F_CRYPTO_SET_EX_DATA 0 +# define CRYPTO_F_GET_AND_LOCK 0 +# define CRYPTO_F_OPENSSL_ATEXIT 0 +# define CRYPTO_F_OPENSSL_BUF2HEXSTR 0 +# define CRYPTO_F_OPENSSL_FOPEN 0 +# define CRYPTO_F_OPENSSL_HEXSTR2BUF 0 +# define CRYPTO_F_OPENSSL_INIT_CRYPTO 0 +# define CRYPTO_F_OPENSSL_LH_NEW 0 +# define CRYPTO_F_OPENSSL_SK_DEEP_COPY 0 +# define CRYPTO_F_OPENSSL_SK_DUP 0 +# define CRYPTO_F_PKEY_HMAC_INIT 0 +# define CRYPTO_F_PKEY_POLY1305_INIT 0 +# define CRYPTO_F_PKEY_SIPHASH_INIT 0 +# define CRYPTO_F_SK_RESERVE 0 + +# ifndef OPENSSL_NO_CT +/* + * CT function codes. + */ +# define CT_F_CTLOG_NEW 0 +# define CT_F_CTLOG_NEW_FROM_BASE64 0 +# define CT_F_CTLOG_NEW_FROM_CONF 0 +# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 0 +# define CT_F_CTLOG_STORE_LOAD_FILE 0 +# define CT_F_CTLOG_STORE_LOAD_LOG 0 +# define CT_F_CTLOG_STORE_NEW 0 +# define CT_F_CT_BASE64_DECODE 0 +# define CT_F_CT_POLICY_EVAL_CTX_NEW 0 +# define CT_F_CT_V1_LOG_ID_FROM_PKEY 0 +# define CT_F_I2O_SCT 0 +# define CT_F_I2O_SCT_LIST 0 +# define CT_F_I2O_SCT_SIGNATURE 0 +# define CT_F_O2I_SCT 0 +# define CT_F_O2I_SCT_LIST 0 +# define CT_F_O2I_SCT_SIGNATURE 0 +# define CT_F_SCT_CTX_NEW 0 +# define CT_F_SCT_CTX_VERIFY 0 +# define CT_F_SCT_NEW 0 +# define CT_F_SCT_NEW_FROM_BASE64 0 +# define CT_F_SCT_SET0_LOG_ID 0 +# define CT_F_SCT_SET1_EXTENSIONS 0 +# define CT_F_SCT_SET1_LOG_ID 0 +# define CT_F_SCT_SET1_SIGNATURE 0 +# define CT_F_SCT_SET_LOG_ENTRY_TYPE 0 +# define CT_F_SCT_SET_SIGNATURE_NID 0 +# define CT_F_SCT_SET_VERSION 0 +# endif + +# ifndef OPENSSL_NO_DH +/* + * DH function codes. + */ +# define DH_F_COMPUTE_KEY 0 +# define DH_F_DHPARAMS_PRINT_FP 0 +# define DH_F_DH_BUILTIN_GENPARAMS 0 +# define DH_F_DH_CHECK_EX 0 +# define DH_F_DH_CHECK_PARAMS_EX 0 +# define DH_F_DH_CHECK_PUB_KEY_EX 0 +# define DH_F_DH_CMS_DECRYPT 0 +# define DH_F_DH_CMS_SET_PEERKEY 0 +# define DH_F_DH_CMS_SET_SHARED_INFO 0 +# define DH_F_DH_METH_DUP 0 +# define DH_F_DH_METH_NEW 0 +# define DH_F_DH_METH_SET1_NAME 0 +# define DH_F_DH_NEW_BY_NID 0 +# define DH_F_DH_NEW_METHOD 0 +# define DH_F_DH_PARAM_DECODE 0 +# define DH_F_DH_PKEY_PUBLIC_CHECK 0 +# define DH_F_DH_PRIV_DECODE 0 +# define DH_F_DH_PRIV_ENCODE 0 +# define DH_F_DH_PUB_DECODE 0 +# define DH_F_DH_PUB_ENCODE 0 +# define DH_F_DO_DH_PRINT 0 +# define DH_F_GENERATE_KEY 0 +# define DH_F_PKEY_DH_CTRL_STR 0 +# define DH_F_PKEY_DH_DERIVE 0 +# define DH_F_PKEY_DH_INIT 0 +# define DH_F_PKEY_DH_KEYGEN 0 +# endif + +# ifndef OPENSSL_NO_DSA +/* + * DSA function codes. + */ +# define DSA_F_DSAPARAMS_PRINT 0 +# define DSA_F_DSAPARAMS_PRINT_FP 0 +# define DSA_F_DSA_BUILTIN_PARAMGEN 0 +# define DSA_F_DSA_BUILTIN_PARAMGEN2 0 +# define DSA_F_DSA_DO_SIGN 0 +# define DSA_F_DSA_DO_VERIFY 0 +# define DSA_F_DSA_METH_DUP 0 +# define DSA_F_DSA_METH_NEW 0 +# define DSA_F_DSA_METH_SET1_NAME 0 +# define DSA_F_DSA_NEW_METHOD 0 +# define DSA_F_DSA_PARAM_DECODE 0 +# define DSA_F_DSA_PRINT_FP 0 +# define DSA_F_DSA_PRIV_DECODE 0 +# define DSA_F_DSA_PRIV_ENCODE 0 +# define DSA_F_DSA_PUB_DECODE 0 +# define DSA_F_DSA_PUB_ENCODE 0 +# define DSA_F_DSA_SIGN 0 +# define DSA_F_DSA_SIGN_SETUP 0 +# define DSA_F_DSA_SIG_NEW 0 +# define DSA_F_OLD_DSA_PRIV_DECODE 0 +# define DSA_F_PKEY_DSA_CTRL 0 +# define DSA_F_PKEY_DSA_CTRL_STR 0 +# define DSA_F_PKEY_DSA_KEYGEN 0 +# endif + +# ifndef OPENSSL_NO_EC +/* + * EC function codes. + */ +# define EC_F_BN_TO_FELEM 0 +# define EC_F_D2I_ECPARAMETERS 0 +# define EC_F_D2I_ECPKPARAMETERS 0 +# define EC_F_D2I_ECPRIVATEKEY 0 +# define EC_F_DO_EC_KEY_PRINT 0 +# define EC_F_ECDH_CMS_DECRYPT 0 +# define EC_F_ECDH_CMS_SET_SHARED_INFO 0 +# define EC_F_ECDH_COMPUTE_KEY 0 +# define EC_F_ECDH_SIMPLE_COMPUTE_KEY 0 +# define EC_F_ECDSA_DO_SIGN_EX 0 +# define EC_F_ECDSA_DO_VERIFY 0 +# define EC_F_ECDSA_SIGN_EX 0 +# define EC_F_ECDSA_SIGN_SETUP 0 +# define EC_F_ECDSA_SIG_NEW 0 +# define EC_F_ECDSA_VERIFY 0 +# define EC_F_ECD_ITEM_VERIFY 0 +# define EC_F_ECKEY_PARAM2TYPE 0 +# define EC_F_ECKEY_PARAM_DECODE 0 +# define EC_F_ECKEY_PRIV_DECODE 0 +# define EC_F_ECKEY_PRIV_ENCODE 0 +# define EC_F_ECKEY_PUB_DECODE 0 +# define EC_F_ECKEY_PUB_ENCODE 0 +# define EC_F_ECKEY_TYPE2PARAM 0 +# define EC_F_ECPARAMETERS_PRINT 0 +# define EC_F_ECPARAMETERS_PRINT_FP 0 +# define EC_F_ECPKPARAMETERS_PRINT 0 +# define EC_F_ECPKPARAMETERS_PRINT_FP 0 +# define EC_F_ECP_NISTZ256_GET_AFFINE 0 +# define EC_F_ECP_NISTZ256_INV_MOD_ORD 0 +# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 0 +# define EC_F_ECP_NISTZ256_POINTS_MUL 0 +# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 0 +# define EC_F_ECP_NISTZ256_WINDOWED_MUL 0 +# define EC_F_ECX_KEY_OP 0 +# define EC_F_ECX_PRIV_ENCODE 0 +# define EC_F_ECX_PUB_ENCODE 0 +# define EC_F_EC_ASN1_GROUP2CURVE 0 +# define EC_F_EC_ASN1_GROUP2FIELDID 0 +# define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 0 +# define EC_F_EC_GF2M_SIMPLE_FIELD_INV 0 +# define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 0 +# define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 0 +# define EC_F_EC_GF2M_SIMPLE_LADDER_POST 0 +# define EC_F_EC_GF2M_SIMPLE_LADDER_PRE 0 +# define EC_F_EC_GF2M_SIMPLE_OCT2POINT 0 +# define EC_F_EC_GF2M_SIMPLE_POINT2OCT 0 +# define EC_F_EC_GF2M_SIMPLE_POINTS_MUL 0 +# define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 0 +# define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 0 +# define EC_F_EC_GFP_MONT_FIELD_DECODE 0 +# define EC_F_EC_GFP_MONT_FIELD_ENCODE 0 +# define EC_F_EC_GFP_MONT_FIELD_INV 0 +# define EC_F_EC_GFP_MONT_FIELD_MUL 0 +# define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 0 +# define EC_F_EC_GFP_MONT_FIELD_SQR 0 +# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_NISTP224_POINTS_MUL 0 +# define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_NISTP256_POINTS_MUL 0 +# define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_NISTP521_POINTS_MUL 0 +# define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_GFP_NIST_FIELD_MUL 0 +# define EC_F_EC_GFP_NIST_FIELD_SQR 0 +# define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES 0 +# define EC_F_EC_GFP_SIMPLE_FIELD_INV 0 +# define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 0 +# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 0 +# define EC_F_EC_GFP_SIMPLE_OCT2POINT 0 +# define EC_F_EC_GFP_SIMPLE_POINT2OCT 0 +# define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 0 +# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 0 +# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 0 +# define EC_F_EC_GROUP_CHECK 0 +# define EC_F_EC_GROUP_CHECK_DISCRIMINANT 0 +# define EC_F_EC_GROUP_COPY 0 +# define EC_F_EC_GROUP_GET_CURVE 0 +# define EC_F_EC_GROUP_GET_CURVE_GF2M 0 +# define EC_F_EC_GROUP_GET_CURVE_GFP 0 +# define EC_F_EC_GROUP_GET_DEGREE 0 +# define EC_F_EC_GROUP_GET_ECPARAMETERS 0 +# define EC_F_EC_GROUP_GET_ECPKPARAMETERS 0 +# define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 0 +# define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 0 +# define EC_F_EC_GROUP_NEW 0 +# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 0 +# define EC_F_EC_GROUP_NEW_FROM_DATA 0 +# define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 0 +# define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 0 +# define EC_F_EC_GROUP_SET_CURVE 0 +# define EC_F_EC_GROUP_SET_CURVE_GF2M 0 +# define EC_F_EC_GROUP_SET_CURVE_GFP 0 +# define EC_F_EC_GROUP_SET_GENERATOR 0 +# define EC_F_EC_GROUP_SET_SEED 0 +# define EC_F_EC_KEY_CHECK_KEY 0 +# define EC_F_EC_KEY_COPY 0 +# define EC_F_EC_KEY_GENERATE_KEY 0 +# define EC_F_EC_KEY_NEW 0 +# define EC_F_EC_KEY_NEW_METHOD 0 +# define EC_F_EC_KEY_OCT2PRIV 0 +# define EC_F_EC_KEY_PRINT 0 +# define EC_F_EC_KEY_PRINT_FP 0 +# define EC_F_EC_KEY_PRIV2BUF 0 +# define EC_F_EC_KEY_PRIV2OCT 0 +# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 0 +# define EC_F_EC_KEY_SIMPLE_CHECK_KEY 0 +# define EC_F_EC_KEY_SIMPLE_OCT2PRIV 0 +# define EC_F_EC_KEY_SIMPLE_PRIV2OCT 0 +# define EC_F_EC_PKEY_CHECK 0 +# define EC_F_EC_PKEY_PARAM_CHECK 0 +# define EC_F_EC_POINTS_MAKE_AFFINE 0 +# define EC_F_EC_POINTS_MUL 0 +# define EC_F_EC_POINT_ADD 0 +# define EC_F_EC_POINT_BN2POINT 0 +# define EC_F_EC_POINT_CMP 0 +# define EC_F_EC_POINT_COPY 0 +# define EC_F_EC_POINT_DBL 0 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 0 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 0 +# define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 0 +# define EC_F_EC_POINT_INVERT 0 +# define EC_F_EC_POINT_IS_AT_INFINITY 0 +# define EC_F_EC_POINT_IS_ON_CURVE 0 +# define EC_F_EC_POINT_MAKE_AFFINE 0 +# define EC_F_EC_POINT_NEW 0 +# define EC_F_EC_POINT_OCT2POINT 0 +# define EC_F_EC_POINT_POINT2BUF 0 +# define EC_F_EC_POINT_POINT2OCT 0 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES 0 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 0 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 0 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES 0 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 0 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 0 +# define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 0 +# define EC_F_EC_POINT_SET_TO_INFINITY 0 +# define EC_F_EC_PRE_COMP_NEW 0 +# define EC_F_EC_SCALAR_MUL_LADDER 0 +# define EC_F_EC_WNAF_MUL 0 +# define EC_F_EC_WNAF_PRECOMPUTE_MULT 0 +# define EC_F_I2D_ECPARAMETERS 0 +# define EC_F_I2D_ECPKPARAMETERS 0 +# define EC_F_I2D_ECPRIVATEKEY 0 +# define EC_F_I2O_ECPUBLICKEY 0 +# define EC_F_NISTP224_PRE_COMP_NEW 0 +# define EC_F_NISTP256_PRE_COMP_NEW 0 +# define EC_F_NISTP521_PRE_COMP_NEW 0 +# define EC_F_O2I_ECPUBLICKEY 0 +# define EC_F_OLD_EC_PRIV_DECODE 0 +# define EC_F_OSSL_ECDH_COMPUTE_KEY 0 +# define EC_F_OSSL_ECDSA_SIGN_SIG 0 +# define EC_F_OSSL_ECDSA_VERIFY_SIG 0 +# define EC_F_PKEY_ECD_CTRL 0 +# define EC_F_PKEY_ECD_DIGESTSIGN 0 +# define EC_F_PKEY_ECD_DIGESTSIGN25519 0 +# define EC_F_PKEY_ECD_DIGESTSIGN448 0 +# define EC_F_PKEY_ECX_DERIVE 0 +# define EC_F_PKEY_EC_CTRL 0 +# define EC_F_PKEY_EC_CTRL_STR 0 +# define EC_F_PKEY_EC_DERIVE 0 +# define EC_F_PKEY_EC_INIT 0 +# define EC_F_PKEY_EC_KDF_DERIVE 0 +# define EC_F_PKEY_EC_KEYGEN 0 +# define EC_F_PKEY_EC_PARAMGEN 0 +# define EC_F_PKEY_EC_SIGN 0 +# define EC_F_VALIDATE_ECX_DERIVE 0 +# endif + +# ifndef OPENSSL_NO_ENGINE +/* + * ENGINE function codes. + */ +# define ENGINE_F_DIGEST_UPDATE 0 +# define ENGINE_F_DYNAMIC_CTRL 0 +# define ENGINE_F_DYNAMIC_GET_DATA_CTX 0 +# define ENGINE_F_DYNAMIC_LOAD 0 +# define ENGINE_F_DYNAMIC_SET_DATA_CTX 0 +# define ENGINE_F_ENGINE_ADD 0 +# define ENGINE_F_ENGINE_BY_ID 0 +# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 0 +# define ENGINE_F_ENGINE_CTRL 0 +# define ENGINE_F_ENGINE_CTRL_CMD 0 +# define ENGINE_F_ENGINE_CTRL_CMD_STRING 0 +# define ENGINE_F_ENGINE_FINISH 0 +# define ENGINE_F_ENGINE_GET_CIPHER 0 +# define ENGINE_F_ENGINE_GET_DIGEST 0 +# define ENGINE_F_ENGINE_GET_FIRST 0 +# define ENGINE_F_ENGINE_GET_LAST 0 +# define ENGINE_F_ENGINE_GET_NEXT 0 +# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 0 +# define ENGINE_F_ENGINE_GET_PKEY_METH 0 +# define ENGINE_F_ENGINE_GET_PREV 0 +# define ENGINE_F_ENGINE_INIT 0 +# define ENGINE_F_ENGINE_LIST_ADD 0 +# define ENGINE_F_ENGINE_LIST_REMOVE 0 +# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 0 +# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 0 +# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 0 +# define ENGINE_F_ENGINE_NEW 0 +# define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR 0 +# define ENGINE_F_ENGINE_REMOVE 0 +# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 0 +# define ENGINE_F_ENGINE_SET_ID 0 +# define ENGINE_F_ENGINE_SET_NAME 0 +# define ENGINE_F_ENGINE_TABLE_REGISTER 0 +# define ENGINE_F_ENGINE_UNLOCKED_FINISH 0 +# define ENGINE_F_ENGINE_UP_REF 0 +# define ENGINE_F_INT_CLEANUP_ITEM 0 +# define ENGINE_F_INT_CTRL_HELPER 0 +# define ENGINE_F_INT_ENGINE_CONFIGURE 0 +# define ENGINE_F_INT_ENGINE_MODULE_INIT 0 +# define ENGINE_F_OSSL_HMAC_INIT 0 +# endif + +/* + * EVP function codes. + */ +# define EVP_F_AESNI_INIT_KEY 0 +# define EVP_F_AESNI_XTS_INIT_KEY 0 +# define EVP_F_AES_GCM_CTRL 0 +# define EVP_F_AES_INIT_KEY 0 +# define EVP_F_AES_OCB_CIPHER 0 +# define EVP_F_AES_T4_INIT_KEY 0 +# define EVP_F_AES_T4_XTS_INIT_KEY 0 +# define EVP_F_AES_WRAP_CIPHER 0 +# define EVP_F_AES_XTS_INIT_KEY 0 +# define EVP_F_ALG_MODULE_INIT 0 +# define EVP_F_ARIA_CCM_INIT_KEY 0 +# define EVP_F_ARIA_GCM_CTRL 0 +# define EVP_F_ARIA_GCM_INIT_KEY 0 +# define EVP_F_ARIA_INIT_KEY 0 +# define EVP_F_B64_NEW 0 +# define EVP_F_CAMELLIA_INIT_KEY 0 +# define EVP_F_CHACHA20_POLY1305_CTRL 0 +# define EVP_F_CMLL_T4_INIT_KEY 0 +# define EVP_F_DES_EDE3_WRAP_CIPHER 0 +# define EVP_F_DO_SIGVER_INIT 0 +# define EVP_F_ENC_NEW 0 +# define EVP_F_EVP_CIPHERINIT_EX 0 +# define EVP_F_EVP_CIPHER_ASN1_TO_PARAM 0 +# define EVP_F_EVP_CIPHER_CTX_COPY 0 +# define EVP_F_EVP_CIPHER_CTX_CTRL 0 +# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 0 +# define EVP_F_EVP_CIPHER_PARAM_TO_ASN1 0 +# define EVP_F_EVP_DECRYPTFINAL_EX 0 +# define EVP_F_EVP_DECRYPTUPDATE 0 +# define EVP_F_EVP_DIGESTFINALXOF 0 +# define EVP_F_EVP_DIGESTINIT_EX 0 +# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 0 +# define EVP_F_EVP_ENCRYPTFINAL_EX 0 +# define EVP_F_EVP_ENCRYPTUPDATE 0 +# define EVP_F_EVP_MD_CTX_COPY_EX 0 +# define EVP_F_EVP_MD_SIZE 0 +# define EVP_F_EVP_OPENINIT 0 +# define EVP_F_EVP_PBE_ALG_ADD 0 +# define EVP_F_EVP_PBE_ALG_ADD_TYPE 0 +# define EVP_F_EVP_PBE_CIPHERINIT 0 +# define EVP_F_EVP_PBE_SCRYPT 0 +# define EVP_F_EVP_PKCS82PKEY 0 +# define EVP_F_EVP_PKEY2PKCS8 0 +# define EVP_F_EVP_PKEY_ASN1_ADD0 0 +# define EVP_F_EVP_PKEY_CHECK 0 +# define EVP_F_EVP_PKEY_COPY_PARAMETERS 0 +# define EVP_F_EVP_PKEY_CTX_CTRL 0 +# define EVP_F_EVP_PKEY_CTX_CTRL_STR 0 +# define EVP_F_EVP_PKEY_CTX_DUP 0 +# define EVP_F_EVP_PKEY_CTX_MD 0 +# define EVP_F_EVP_PKEY_DECRYPT 0 +# define EVP_F_EVP_PKEY_DECRYPT_INIT 0 +# define EVP_F_EVP_PKEY_DECRYPT_OLD 0 +# define EVP_F_EVP_PKEY_DERIVE 0 +# define EVP_F_EVP_PKEY_DERIVE_INIT 0 +# define EVP_F_EVP_PKEY_DERIVE_SET_PEER 0 +# define EVP_F_EVP_PKEY_ENCRYPT 0 +# define EVP_F_EVP_PKEY_ENCRYPT_INIT 0 +# define EVP_F_EVP_PKEY_ENCRYPT_OLD 0 +# define EVP_F_EVP_PKEY_GET0_DH 0 +# define EVP_F_EVP_PKEY_GET0_DSA 0 +# define EVP_F_EVP_PKEY_GET0_EC_KEY 0 +# define EVP_F_EVP_PKEY_GET0_HMAC 0 +# define EVP_F_EVP_PKEY_GET0_POLY1305 0 +# define EVP_F_EVP_PKEY_GET0_RSA 0 +# define EVP_F_EVP_PKEY_GET0_SIPHASH 0 +# define EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY 0 +# define EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY 0 +# define EVP_F_EVP_PKEY_KEYGEN 0 +# define EVP_F_EVP_PKEY_KEYGEN_INIT 0 +# define EVP_F_EVP_PKEY_METH_ADD0 0 +# define EVP_F_EVP_PKEY_METH_NEW 0 +# define EVP_F_EVP_PKEY_NEW 0 +# define EVP_F_EVP_PKEY_NEW_CMAC_KEY 0 +# define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY 0 +# define EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY 0 +# define EVP_F_EVP_PKEY_PARAMGEN 0 +# define EVP_F_EVP_PKEY_PARAMGEN_INIT 0 +# define EVP_F_EVP_PKEY_PARAM_CHECK 0 +# define EVP_F_EVP_PKEY_PUBLIC_CHECK 0 +# define EVP_F_EVP_PKEY_SET1_ENGINE 0 +# define EVP_F_EVP_PKEY_SET_ALIAS_TYPE 0 +# define EVP_F_EVP_PKEY_SIGN 0 +# define EVP_F_EVP_PKEY_SIGN_INIT 0 +# define EVP_F_EVP_PKEY_VERIFY 0 +# define EVP_F_EVP_PKEY_VERIFY_INIT 0 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER 0 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 0 +# define EVP_F_EVP_SIGNFINAL 0 +# define EVP_F_EVP_VERIFYFINAL 0 +# define EVP_F_INT_CTX_NEW 0 +# define EVP_F_OK_NEW 0 +# define EVP_F_PKCS5_PBE_KEYIVGEN 0 +# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 0 +# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 0 +# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 0 +# define EVP_F_PKEY_SET_TYPE 0 +# define EVP_F_RC2_MAGIC_TO_METH 0 +# define EVP_F_RC5_CTRL 0 +# define EVP_F_R_32_12_16_INIT_KEY 0 +# define EVP_F_S390X_AES_GCM_CTRL 0 +# define EVP_F_UPDATE 0 + +/* + * KDF function codes. + */ +# define KDF_F_PKEY_HKDF_CTRL_STR 0 +# define KDF_F_PKEY_HKDF_DERIVE 0 +# define KDF_F_PKEY_HKDF_INIT 0 +# define KDF_F_PKEY_SCRYPT_CTRL_STR 0 +# define KDF_F_PKEY_SCRYPT_CTRL_UINT64 0 +# define KDF_F_PKEY_SCRYPT_DERIVE 0 +# define KDF_F_PKEY_SCRYPT_INIT 0 +# define KDF_F_PKEY_SCRYPT_SET_MEMBUF 0 +# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 0 +# define KDF_F_PKEY_TLS1_PRF_DERIVE 0 +# define KDF_F_PKEY_TLS1_PRF_INIT 0 +# define KDF_F_TLS1_PRF_ALG 0 + +/* + * KDF reason codes. + */ +# define KDF_R_INVALID_DIGEST 0 +# define KDF_R_MISSING_ITERATION_COUNT 0 +# define KDF_R_MISSING_KEY 0 +# define KDF_R_MISSING_MESSAGE_DIGEST 0 +# define KDF_R_MISSING_PARAMETER 0 +# define KDF_R_MISSING_PASS 0 +# define KDF_R_MISSING_SALT 0 +# define KDF_R_MISSING_SECRET 0 +# define KDF_R_MISSING_SEED 0 +# define KDF_R_UNKNOWN_PARAMETER_TYPE 0 +# define KDF_R_VALUE_ERROR 0 +# define KDF_R_VALUE_MISSING 0 + +/* + * OBJ function codes. + */ +# define OBJ_F_OBJ_ADD_OBJECT 0 +# define OBJ_F_OBJ_ADD_SIGID 0 +# define OBJ_F_OBJ_CREATE 0 +# define OBJ_F_OBJ_DUP 0 +# define OBJ_F_OBJ_NAME_NEW_INDEX 0 +# define OBJ_F_OBJ_NID2LN 0 +# define OBJ_F_OBJ_NID2OBJ 0 +# define OBJ_F_OBJ_NID2SN 0 +# define OBJ_F_OBJ_TXT2OBJ 0 + +# ifndef OPENSSL_NO_OCSP +/* + * OCSP function codes. + */ +# define OCSP_F_D2I_OCSP_NONCE 0 +# define OCSP_F_OCSP_BASIC_ADD1_STATUS 0 +# define OCSP_F_OCSP_BASIC_SIGN 0 +# define OCSP_F_OCSP_BASIC_SIGN_CTX 0 +# define OCSP_F_OCSP_BASIC_VERIFY 0 +# define OCSP_F_OCSP_CERT_ID_NEW 0 +# define OCSP_F_OCSP_CHECK_DELEGATED 0 +# define OCSP_F_OCSP_CHECK_IDS 0 +# define OCSP_F_OCSP_CHECK_ISSUER 0 +# define OCSP_F_OCSP_CHECK_VALIDITY 0 +# define OCSP_F_OCSP_MATCH_ISSUERID 0 +# define OCSP_F_OCSP_PARSE_URL 0 +# define OCSP_F_OCSP_REQUEST_SIGN 0 +# define OCSP_F_OCSP_REQUEST_VERIFY 0 +# define OCSP_F_OCSP_RESPONSE_GET1_BASIC 0 +# define OCSP_F_PARSE_HTTP_LINE1 0 +# endif + +/* + * PEM function codes. + */ +# define PEM_F_B2I_DSS 0 +# define PEM_F_B2I_PVK_BIO 0 +# define PEM_F_B2I_RSA 0 +# define PEM_F_CHECK_BITLEN_DSA 0 +# define PEM_F_CHECK_BITLEN_RSA 0 +# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 0 +# define PEM_F_D2I_PKCS8PRIVATEKEY_FP 0 +# define PEM_F_DO_B2I 0 +# define PEM_F_DO_B2I_BIO 0 +# define PEM_F_DO_BLOB_HEADER 0 +# define PEM_F_DO_I2B 0 +# define PEM_F_DO_PK8PKEY 0 +# define PEM_F_DO_PK8PKEY_FP 0 +# define PEM_F_DO_PVK_BODY 0 +# define PEM_F_DO_PVK_HEADER 0 +# define PEM_F_GET_HEADER_AND_DATA 0 +# define PEM_F_GET_NAME 0 +# define PEM_F_I2B_PVK 0 +# define PEM_F_I2B_PVK_BIO 0 +# define PEM_F_LOAD_IV 0 +# define PEM_F_PEM_ASN1_READ 0 +# define PEM_F_PEM_ASN1_READ_BIO 0 +# define PEM_F_PEM_ASN1_WRITE 0 +# define PEM_F_PEM_ASN1_WRITE_BIO 0 +# define PEM_F_PEM_DEF_CALLBACK 0 +# define PEM_F_PEM_DO_HEADER 0 +# define PEM_F_PEM_GET_EVP_CIPHER_INFO 0 +# define PEM_F_PEM_READ 0 +# define PEM_F_PEM_READ_BIO 0 +# define PEM_F_PEM_READ_BIO_DHPARAMS 0 +# define PEM_F_PEM_READ_BIO_EX 0 +# define PEM_F_PEM_READ_BIO_PARAMETERS 0 +# define PEM_F_PEM_READ_BIO_PRIVATEKEY 0 +# define PEM_F_PEM_READ_DHPARAMS 0 +# define PEM_F_PEM_READ_PRIVATEKEY 0 +# define PEM_F_PEM_SIGNFINAL 0 +# define PEM_F_PEM_WRITE 0 +# define PEM_F_PEM_WRITE_BIO 0 +# define PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL 0 +# define PEM_F_PEM_WRITE_PRIVATEKEY 0 +# define PEM_F_PEM_X509_INFO_READ 0 +# define PEM_F_PEM_X509_INFO_READ_BIO 0 +# define PEM_F_PEM_X509_INFO_WRITE_BIO 0 + +/* + * PKCS12 function codes. + */ +# define PKCS12_F_OPENSSL_ASC2UNI 0 +# define PKCS12_F_OPENSSL_UNI2ASC 0 +# define PKCS12_F_OPENSSL_UNI2UTF8 0 +# define PKCS12_F_OPENSSL_UTF82UNI 0 +# define PKCS12_F_PKCS12_CREATE 0 +# define PKCS12_F_PKCS12_GEN_MAC 0 +# define PKCS12_F_PKCS12_INIT 0 +# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 0 +# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 0 +# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 0 +# define PKCS12_F_PKCS12_KEY_GEN_ASC 0 +# define PKCS12_F_PKCS12_KEY_GEN_UNI 0 +# define PKCS12_F_PKCS12_KEY_GEN_UTF8 0 +# define PKCS12_F_PKCS12_NEWPASS 0 +# define PKCS12_F_PKCS12_PACK_P7DATA 0 +# define PKCS12_F_PKCS12_PACK_P7ENCDATA 0 +# define PKCS12_F_PKCS12_PARSE 0 +# define PKCS12_F_PKCS12_PBE_CRYPT 0 +# define PKCS12_F_PKCS12_PBE_KEYIVGEN 0 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF 0 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8 0 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT 0 +# define PKCS12_F_PKCS12_SETUP_MAC 0 +# define PKCS12_F_PKCS12_SET_MAC 0 +# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 0 +# define PKCS12_F_PKCS12_UNPACK_P7DATA 0 +# define PKCS12_F_PKCS12_VERIFY_MAC 0 +# define PKCS12_F_PKCS8_ENCRYPT 0 +# define PKCS12_F_PKCS8_SET0_PBE 0 + +/* + * PKCS7 function codes. + */ +# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 0 +# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 0 +# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 0 +# define PKCS7_F_PKCS7_ADD_CERTIFICATE 0 +# define PKCS7_F_PKCS7_ADD_CRL 0 +# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 0 +# define PKCS7_F_PKCS7_ADD_SIGNATURE 0 +# define PKCS7_F_PKCS7_ADD_SIGNER 0 +# define PKCS7_F_PKCS7_BIO_ADD_DIGEST 0 +# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 0 +# define PKCS7_F_PKCS7_CTRL 0 +# define PKCS7_F_PKCS7_DATADECODE 0 +# define PKCS7_F_PKCS7_DATAFINAL 0 +# define PKCS7_F_PKCS7_DATAINIT 0 +# define PKCS7_F_PKCS7_DATAVERIFY 0 +# define PKCS7_F_PKCS7_DECRYPT 0 +# define PKCS7_F_PKCS7_DECRYPT_RINFO 0 +# define PKCS7_F_PKCS7_ENCODE_RINFO 0 +# define PKCS7_F_PKCS7_ENCRYPT 0 +# define PKCS7_F_PKCS7_FINAL 0 +# define PKCS7_F_PKCS7_FIND_DIGEST 0 +# define PKCS7_F_PKCS7_GET0_SIGNERS 0 +# define PKCS7_F_PKCS7_RECIP_INFO_SET 0 +# define PKCS7_F_PKCS7_SET_CIPHER 0 +# define PKCS7_F_PKCS7_SET_CONTENT 0 +# define PKCS7_F_PKCS7_SET_DIGEST 0 +# define PKCS7_F_PKCS7_SET_TYPE 0 +# define PKCS7_F_PKCS7_SIGN 0 +# define PKCS7_F_PKCS7_SIGNATUREVERIFY 0 +# define PKCS7_F_PKCS7_SIGNER_INFO_SET 0 +# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 0 +# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 0 +# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 0 +# define PKCS7_F_PKCS7_VERIFY 0 + +/* + * RAND function codes. + */ +# define RAND_F_DATA_COLLECT_METHOD 0 +# define RAND_F_DRBG_BYTES 0 +# define RAND_F_DRBG_GET_ENTROPY 0 +# define RAND_F_DRBG_SETUP 0 +# define RAND_F_GET_ENTROPY 0 +# define RAND_F_RAND_BYTES 0 +# define RAND_F_RAND_DRBG_ENABLE_LOCKING 0 +# define RAND_F_RAND_DRBG_GENERATE 0 +# define RAND_F_RAND_DRBG_GET_ENTROPY 0 +# define RAND_F_RAND_DRBG_GET_NONCE 0 +# define RAND_F_RAND_DRBG_INSTANTIATE 0 +# define RAND_F_RAND_DRBG_NEW 0 +# define RAND_F_RAND_DRBG_RESEED 0 +# define RAND_F_RAND_DRBG_RESTART 0 +# define RAND_F_RAND_DRBG_SET 0 +# define RAND_F_RAND_DRBG_SET_DEFAULTS 0 +# define RAND_F_RAND_DRBG_UNINSTANTIATE 0 +# define RAND_F_RAND_LOAD_FILE 0 +# define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 0 +# define RAND_F_RAND_POOL_ADD 0 +# define RAND_F_RAND_POOL_ADD_BEGIN 0 +# define RAND_F_RAND_POOL_ADD_END 0 +# define RAND_F_RAND_POOL_ATTACH 0 +# define RAND_F_RAND_POOL_BYTES_NEEDED 0 +# define RAND_F_RAND_POOL_GROW 0 +# define RAND_F_RAND_POOL_NEW 0 +# define RAND_F_RAND_PSEUDO_BYTES 0 +# define RAND_F_RAND_WRITE_FILE 0 + +/* + * RSA function codes. + */ +# define RSA_F_CHECK_PADDING_MD 0 +# define RSA_F_ENCODE_PKCS1 0 +# define RSA_F_INT_RSA_VERIFY 0 +# define RSA_F_OLD_RSA_PRIV_DECODE 0 +# define RSA_F_PKEY_PSS_INIT 0 +# define RSA_F_PKEY_RSA_CTRL 0 +# define RSA_F_PKEY_RSA_CTRL_STR 0 +# define RSA_F_PKEY_RSA_SIGN 0 +# define RSA_F_PKEY_RSA_VERIFY 0 +# define RSA_F_PKEY_RSA_VERIFYRECOVER 0 +# define RSA_F_RSA_ALGOR_TO_MD 0 +# define RSA_F_RSA_BUILTIN_KEYGEN 0 +# define RSA_F_RSA_CHECK_KEY 0 +# define RSA_F_RSA_CHECK_KEY_EX 0 +# define RSA_F_RSA_CMS_DECRYPT 0 +# define RSA_F_RSA_CMS_VERIFY 0 +# define RSA_F_RSA_ITEM_VERIFY 0 +# define RSA_F_RSA_METH_DUP 0 +# define RSA_F_RSA_METH_NEW 0 +# define RSA_F_RSA_METH_SET1_NAME 0 +# define RSA_F_RSA_MGF1_TO_MD 0 +# define RSA_F_RSA_MULTIP_INFO_NEW 0 +# define RSA_F_RSA_NEW_METHOD 0 +# define RSA_F_RSA_NULL 0 +# define RSA_F_RSA_NULL_PRIVATE_DECRYPT 0 +# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 0 +# define RSA_F_RSA_NULL_PUBLIC_DECRYPT 0 +# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 0 +# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT 0 +# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 0 +# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT 0 +# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT 0 +# define RSA_F_RSA_PADDING_ADD_NONE 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 0 +# define RSA_F_RSA_PADDING_ADD_SSLV23 0 +# define RSA_F_RSA_PADDING_ADD_X931 0 +# define RSA_F_RSA_PADDING_CHECK_NONE 0 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 0 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 0 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 0 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 0 +# define RSA_F_RSA_PADDING_CHECK_SSLV23 0 +# define RSA_F_RSA_PADDING_CHECK_X931 0 +# define RSA_F_RSA_PARAM_DECODE 0 +# define RSA_F_RSA_PRINT 0 +# define RSA_F_RSA_PRINT_FP 0 +# define RSA_F_RSA_PRIV_DECODE 0 +# define RSA_F_RSA_PRIV_ENCODE 0 +# define RSA_F_RSA_PSS_GET_PARAM 0 +# define RSA_F_RSA_PSS_TO_CTX 0 +# define RSA_F_RSA_PUB_DECODE 0 +# define RSA_F_RSA_SETUP_BLINDING 0 +# define RSA_F_RSA_SIGN 0 +# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 0 +# define RSA_F_RSA_VERIFY 0 +# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 0 +# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 0 +# define RSA_F_SETUP_TBUF 0 + +/* + * OSSL_STORE function codes. + */ +# define OSSL_STORE_F_FILE_CTRL 0 +# define OSSL_STORE_F_FILE_FIND 0 +# define OSSL_STORE_F_FILE_GET_PASS 0 +# define OSSL_STORE_F_FILE_LOAD 0 +# define OSSL_STORE_F_FILE_LOAD_TRY_DECODE 0 +# define OSSL_STORE_F_FILE_NAME_TO_URI 0 +# define OSSL_STORE_F_FILE_OPEN 0 +# define OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO 0 +# define OSSL_STORE_F_OSSL_STORE_EXPECT 0 +# define OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT 0 +# define OSSL_STORE_F_OSSL_STORE_FIND 0 +# define OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION 0 +# define OSSL_STORE_F_OSSL_STORE_INIT_ONCE 0 +# define OSSL_STORE_F_OSSL_STORE_LOADER_NEW 0 +# define OSSL_STORE_F_OSSL_STORE_OPEN 0 +# define OSSL_STORE_F_OSSL_STORE_OPEN_INT 0 +# define OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT 0 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS 0 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 0 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 0 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME 0 +# define OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT 0 +# define OSSL_STORE_F_TRY_DECODE_PARAMS 0 +# define OSSL_STORE_F_TRY_DECODE_PKCS12 0 +# define OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED 0 + +# ifndef OPENSSL_NO_TS +/* + * TS function codes. + */ +# define TS_F_DEF_SERIAL_CB 0 +# define TS_F_DEF_TIME_CB 0 +# define TS_F_ESS_ADD_SIGNING_CERT 0 +# define TS_F_ESS_ADD_SIGNING_CERT_V2 0 +# define TS_F_ESS_CERT_ID_NEW_INIT 0 +# define TS_F_ESS_CERT_ID_V2_NEW_INIT 0 +# define TS_F_ESS_SIGNING_CERT_NEW_INIT 0 +# define TS_F_ESS_SIGNING_CERT_V2_NEW_INIT 0 +# define TS_F_INT_TS_RESP_VERIFY_TOKEN 0 +# define TS_F_PKCS7_TO_TS_TST_INFO 0 +# define TS_F_TS_ACCURACY_SET_MICROS 0 +# define TS_F_TS_ACCURACY_SET_MILLIS 0 +# define TS_F_TS_ACCURACY_SET_SECONDS 0 +# define TS_F_TS_CHECK_IMPRINTS 0 +# define TS_F_TS_CHECK_NONCES 0 +# define TS_F_TS_CHECK_POLICY 0 +# define TS_F_TS_CHECK_SIGNING_CERTS 0 +# define TS_F_TS_CHECK_STATUS_INFO 0 +# define TS_F_TS_COMPUTE_IMPRINT 0 +# define TS_F_TS_CONF_INVALID 0 +# define TS_F_TS_CONF_LOAD_CERT 0 +# define TS_F_TS_CONF_LOAD_CERTS 0 +# define TS_F_TS_CONF_LOAD_KEY 0 +# define TS_F_TS_CONF_LOOKUP_FAIL 0 +# define TS_F_TS_CONF_SET_DEFAULT_ENGINE 0 +# define TS_F_TS_GET_STATUS_TEXT 0 +# define TS_F_TS_MSG_IMPRINT_SET_ALGO 0 +# define TS_F_TS_REQ_SET_MSG_IMPRINT 0 +# define TS_F_TS_REQ_SET_NONCE 0 +# define TS_F_TS_REQ_SET_POLICY_ID 0 +# define TS_F_TS_RESP_CREATE_RESPONSE 0 +# define TS_F_TS_RESP_CREATE_TST_INFO 0 +# define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 0 +# define TS_F_TS_RESP_CTX_ADD_MD 0 +# define TS_F_TS_RESP_CTX_ADD_POLICY 0 +# define TS_F_TS_RESP_CTX_NEW 0 +# define TS_F_TS_RESP_CTX_SET_ACCURACY 0 +# define TS_F_TS_RESP_CTX_SET_CERTS 0 +# define TS_F_TS_RESP_CTX_SET_DEF_POLICY 0 +# define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 0 +# define TS_F_TS_RESP_CTX_SET_STATUS_INFO 0 +# define TS_F_TS_RESP_GET_POLICY 0 +# define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 0 +# define TS_F_TS_RESP_SET_STATUS_INFO 0 +# define TS_F_TS_RESP_SET_TST_INFO 0 +# define TS_F_TS_RESP_SIGN 0 +# define TS_F_TS_RESP_VERIFY_SIGNATURE 0 +# define TS_F_TS_TST_INFO_SET_ACCURACY 0 +# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 0 +# define TS_F_TS_TST_INFO_SET_NONCE 0 +# define TS_F_TS_TST_INFO_SET_POLICY_ID 0 +# define TS_F_TS_TST_INFO_SET_SERIAL 0 +# define TS_F_TS_TST_INFO_SET_TIME 0 +# define TS_F_TS_TST_INFO_SET_TSA 0 +# define TS_F_TS_VERIFY 0 +# define TS_F_TS_VERIFY_CERT 0 +# define TS_F_TS_VERIFY_CTX_NEW 0 +# endif + +/* + * UI function codes. + */ +# define UI_F_CLOSE_CONSOLE 0 +# define UI_F_ECHO_CONSOLE 0 +# define UI_F_GENERAL_ALLOCATE_BOOLEAN 0 +# define UI_F_GENERAL_ALLOCATE_PROMPT 0 +# define UI_F_NOECHO_CONSOLE 0 +# define UI_F_OPEN_CONSOLE 0 +# define UI_F_UI_CONSTRUCT_PROMPT 0 +# define UI_F_UI_CREATE_METHOD 0 +# define UI_F_UI_CTRL 0 +# define UI_F_UI_DUP_ERROR_STRING 0 +# define UI_F_UI_DUP_INFO_STRING 0 +# define UI_F_UI_DUP_INPUT_BOOLEAN 0 +# define UI_F_UI_DUP_INPUT_STRING 0 +# define UI_F_UI_DUP_USER_DATA 0 +# define UI_F_UI_DUP_VERIFY_STRING 0 +# define UI_F_UI_GET0_RESULT 0 +# define UI_F_UI_GET_RESULT_LENGTH 0 +# define UI_F_UI_NEW_METHOD 0 +# define UI_F_UI_PROCESS 0 +# define UI_F_UI_SET_RESULT 0 +# define UI_F_UI_SET_RESULT_EX 0 + +/* + * X509 function codes. + */ +# define X509_F_ADD_CERT_DIR 0 +# define X509_F_BUILD_CHAIN 0 +# define X509_F_BY_FILE_CTRL 0 +# define X509_F_CHECK_NAME_CONSTRAINTS 0 +# define X509_F_CHECK_POLICY 0 +# define X509_F_DANE_I2D 0 +# define X509_F_DIR_CTRL 0 +# define X509_F_GET_CERT_BY_SUBJECT 0 +# define X509_F_I2D_X509_AUX 0 +# define X509_F_LOOKUP_CERTS_SK 0 +# define X509_F_NETSCAPE_SPKI_B64_DECODE 0 +# define X509_F_NETSCAPE_SPKI_B64_ENCODE 0 +# define X509_F_NEW_DIR 0 +# define X509_F_X509AT_ADD1_ATTR 0 +# define X509_F_X509V3_ADD_EXT 0 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 0 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 0 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 0 +# define X509_F_X509_ATTRIBUTE_GET0_DATA 0 +# define X509_F_X509_ATTRIBUTE_SET1_DATA 0 +# define X509_F_X509_CHECK_PRIVATE_KEY 0 +# define X509_F_X509_CRL_DIFF 0 +# define X509_F_X509_CRL_METHOD_NEW 0 +# define X509_F_X509_CRL_PRINT_FP 0 +# define X509_F_X509_EXTENSION_CREATE_BY_NID 0 +# define X509_F_X509_EXTENSION_CREATE_BY_OBJ 0 +# define X509_F_X509_GET_PUBKEY_PARAMETERS 0 +# define X509_F_X509_LOAD_CERT_CRL_FILE 0 +# define X509_F_X509_LOAD_CERT_FILE 0 +# define X509_F_X509_LOAD_CRL_FILE 0 +# define X509_F_X509_LOOKUP_METH_NEW 0 +# define X509_F_X509_LOOKUP_NEW 0 +# define X509_F_X509_NAME_ADD_ENTRY 0 +# define X509_F_X509_NAME_CANON 0 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 0 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 0 +# define X509_F_X509_NAME_ENTRY_SET_OBJECT 0 +# define X509_F_X509_NAME_ONELINE 0 +# define X509_F_X509_NAME_PRINT 0 +# define X509_F_X509_OBJECT_NEW 0 +# define X509_F_X509_PRINT_EX_FP 0 +# define X509_F_X509_PUBKEY_DECODE 0 +# define X509_F_X509_PUBKEY_GET 0 +# define X509_F_X509_PUBKEY_GET0 0 +# define X509_F_X509_PUBKEY_SET 0 +# define X509_F_X509_REQ_CHECK_PRIVATE_KEY 0 +# define X509_F_X509_REQ_PRINT_EX 0 +# define X509_F_X509_REQ_PRINT_FP 0 +# define X509_F_X509_REQ_TO_X509 0 +# define X509_F_X509_STORE_ADD_CERT 0 +# define X509_F_X509_STORE_ADD_CRL 0 +# define X509_F_X509_STORE_ADD_LOOKUP 0 +# define X509_F_X509_STORE_CTX_GET1_ISSUER 0 +# define X509_F_X509_STORE_CTX_INIT 0 +# define X509_F_X509_STORE_CTX_NEW 0 +# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 0 +# define X509_F_X509_STORE_NEW 0 +# define X509_F_X509_TO_X509_REQ 0 +# define X509_F_X509_TRUST_ADD 0 +# define X509_F_X509_TRUST_SET 0 +# define X509_F_X509_VERIFY_CERT 0 +# define X509_F_X509_VERIFY_PARAM_NEW 0 + +/* + * X509V3 function codes. + */ +# define X509V3_F_A2I_GENERAL_NAME 0 +# define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 0 +# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 0 +# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 0 +# define X509V3_F_BIGNUM_TO_STRING 0 +# define X509V3_F_COPY_EMAIL 0 +# define X509V3_F_COPY_ISSUER 0 +# define X509V3_F_DO_DIRNAME 0 +# define X509V3_F_DO_EXT_I2D 0 +# define X509V3_F_DO_EXT_NCONF 0 +# define X509V3_F_GNAMES_FROM_SECTNAME 0 +# define X509V3_F_I2S_ASN1_ENUMERATED 0 +# define X509V3_F_I2S_ASN1_IA5STRING 0 +# define X509V3_F_I2S_ASN1_INTEGER 0 +# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 0 +# define X509V3_F_LEVEL_ADD_NODE 0 +# define X509V3_F_NOTICE_SECTION 0 +# define X509V3_F_NREF_NOS 0 +# define X509V3_F_POLICY_CACHE_CREATE 0 +# define X509V3_F_POLICY_CACHE_NEW 0 +# define X509V3_F_POLICY_DATA_NEW 0 +# define X509V3_F_POLICY_SECTION 0 +# define X509V3_F_PROCESS_PCI_VALUE 0 +# define X509V3_F_R2I_CERTPOL 0 +# define X509V3_F_R2I_PCI 0 +# define X509V3_F_S2I_ASN1_IA5STRING 0 +# define X509V3_F_S2I_ASN1_INTEGER 0 +# define X509V3_F_S2I_ASN1_OCTET_STRING 0 +# define X509V3_F_S2I_SKEY_ID 0 +# define X509V3_F_SET_DIST_POINT_NAME 0 +# define X509V3_F_SXNET_ADD_ID_ASC 0 +# define X509V3_F_SXNET_ADD_ID_INTEGER 0 +# define X509V3_F_SXNET_ADD_ID_ULONG 0 +# define X509V3_F_SXNET_GET_ID_ASC 0 +# define X509V3_F_SXNET_GET_ID_ULONG 0 +# define X509V3_F_TREE_INIT 0 +# define X509V3_F_V2I_ASIDENTIFIERS 0 +# define X509V3_F_V2I_ASN1_BIT_STRING 0 +# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 0 +# define X509V3_F_V2I_AUTHORITY_KEYID 0 +# define X509V3_F_V2I_BASIC_CONSTRAINTS 0 +# define X509V3_F_V2I_CRLD 0 +# define X509V3_F_V2I_EXTENDED_KEY_USAGE 0 +# define X509V3_F_V2I_GENERAL_NAMES 0 +# define X509V3_F_V2I_GENERAL_NAME_EX 0 +# define X509V3_F_V2I_IDP 0 +# define X509V3_F_V2I_IPADDRBLOCKS 0 +# define X509V3_F_V2I_ISSUER_ALT 0 +# define X509V3_F_V2I_NAME_CONSTRAINTS 0 +# define X509V3_F_V2I_POLICY_CONSTRAINTS 0 +# define X509V3_F_V2I_POLICY_MAPPINGS 0 +# define X509V3_F_V2I_SUBJECT_ALT 0 +# define X509V3_F_V2I_TLS_FEATURE 0 +# define X509V3_F_V3_GENERIC_EXTENSION 0 +# define X509V3_F_X509V3_ADD1_I2D 0 +# define X509V3_F_X509V3_ADD_VALUE 0 +# define X509V3_F_X509V3_EXT_ADD 0 +# define X509V3_F_X509V3_EXT_ADD_ALIAS 0 +# define X509V3_F_X509V3_EXT_I2D 0 +# define X509V3_F_X509V3_EXT_NCONF 0 +# define X509V3_F_X509V3_GET_SECTION 0 +# define X509V3_F_X509V3_GET_STRING 0 +# define X509V3_F_X509V3_GET_VALUE_BOOL 0 +# define X509V3_F_X509V3_PARSE_LIST 0 +# define X509V3_F_X509_PURPOSE_ADD 0 +# define X509V3_F_X509_PURPOSE_SET 0 + +/* + * Compatibility defines. + */ +# define EVP_R_OPERATON_NOT_INITIALIZED EVP_R_OPERATION_NOT_INITIALIZED + +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/cterr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/cterr.h new file mode 100644 index 000000000000..935d32d8b144 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/cterr.h @@ -0,0 +1,45 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CTERR_H +# define OPENSSL_CTERR_H +# pragma once + +# include +# include +# include + + +# ifndef OPENSSL_NO_CT + + +/* + * CT reason codes. + */ +# define CT_R_BASE64_DECODE_ERROR 108 +# define CT_R_INVALID_LOG_ID_LENGTH 100 +# define CT_R_LOG_CONF_INVALID 109 +# define CT_R_LOG_CONF_INVALID_KEY 110 +# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 +# define CT_R_LOG_CONF_MISSING_KEY 112 +# define CT_R_LOG_KEY_INVALID 113 +# define CT_R_SCT_FUTURE_TIMESTAMP 116 +# define CT_R_SCT_INVALID 104 +# define CT_R_SCT_INVALID_SIGNATURE 107 +# define CT_R_SCT_LIST_INVALID 105 +# define CT_R_SCT_LOG_ID_MISMATCH 114 +# define CT_R_SCT_NOT_SET 106 +# define CT_R_SCT_UNSUPPORTED_VERSION 115 +# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 +# define CT_R_UNSUPPORTED_ENTRY_TYPE 102 +# define CT_R_UNSUPPORTED_VERSION 103 + +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/decoder.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/decoder.h new file mode 100644 index 000000000000..d4ee2cf41340 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/decoder.h @@ -0,0 +1,133 @@ +/* + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DECODER_H +# define OPENSSL_DECODER_H +# pragma once + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +OSSL_DECODER *OSSL_DECODER_fetch(OSSL_LIB_CTX *libctx, const char *name, + const char *properties); +int OSSL_DECODER_up_ref(OSSL_DECODER *encoder); +void OSSL_DECODER_free(OSSL_DECODER *encoder); + +const OSSL_PROVIDER *OSSL_DECODER_get0_provider(const OSSL_DECODER *encoder); +const char *OSSL_DECODER_get0_properties(const OSSL_DECODER *encoder); +const char *OSSL_DECODER_get0_name(const OSSL_DECODER *decoder); +const char *OSSL_DECODER_get0_description(const OSSL_DECODER *decoder); +int OSSL_DECODER_is_a(const OSSL_DECODER *encoder, const char *name); + +void OSSL_DECODER_do_all_provided(OSSL_LIB_CTX *libctx, + void (*fn)(OSSL_DECODER *encoder, void *arg), + void *arg); +int OSSL_DECODER_names_do_all(const OSSL_DECODER *encoder, + void (*fn)(const char *name, void *data), + void *data); +const OSSL_PARAM *OSSL_DECODER_gettable_params(OSSL_DECODER *decoder); +int OSSL_DECODER_get_params(OSSL_DECODER *decoder, OSSL_PARAM params[]); + +const OSSL_PARAM *OSSL_DECODER_settable_ctx_params(OSSL_DECODER *encoder); +OSSL_DECODER_CTX *OSSL_DECODER_CTX_new(void); +int OSSL_DECODER_CTX_set_params(OSSL_DECODER_CTX *ctx, + const OSSL_PARAM params[]); +void OSSL_DECODER_CTX_free(OSSL_DECODER_CTX *ctx); + +/* Utilities that help set specific parameters */ +int OSSL_DECODER_CTX_set_passphrase(OSSL_DECODER_CTX *ctx, + const unsigned char *kstr, size_t klen); +int OSSL_DECODER_CTX_set_pem_password_cb(OSSL_DECODER_CTX *ctx, + pem_password_cb *cb, void *cbarg); +int OSSL_DECODER_CTX_set_passphrase_cb(OSSL_DECODER_CTX *ctx, + OSSL_PASSPHRASE_CALLBACK *cb, + void *cbarg); +int OSSL_DECODER_CTX_set_passphrase_ui(OSSL_DECODER_CTX *ctx, + const UI_METHOD *ui_method, + void *ui_data); + +/* + * Utilities to read the object to decode, with the result sent to cb. + * These will discover all provided methods + */ + +int OSSL_DECODER_CTX_set_selection(OSSL_DECODER_CTX *ctx, int selection); +int OSSL_DECODER_CTX_set_input_type(OSSL_DECODER_CTX *ctx, + const char *input_type); +int OSSL_DECODER_CTX_set_input_structure(OSSL_DECODER_CTX *ctx, + const char *input_structure); +int OSSL_DECODER_CTX_add_decoder(OSSL_DECODER_CTX *ctx, OSSL_DECODER *decoder); +int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx, + OSSL_LIB_CTX *libctx, const char *propq); +int OSSL_DECODER_CTX_get_num_decoders(OSSL_DECODER_CTX *ctx); + +typedef struct ossl_decoder_instance_st OSSL_DECODER_INSTANCE; +OSSL_DECODER * +OSSL_DECODER_INSTANCE_get_decoder(OSSL_DECODER_INSTANCE *decoder_inst); +void * +OSSL_DECODER_INSTANCE_get_decoder_ctx(OSSL_DECODER_INSTANCE *decoder_inst); +const char * +OSSL_DECODER_INSTANCE_get_input_type(OSSL_DECODER_INSTANCE *decoder_inst); +const char * +OSSL_DECODER_INSTANCE_get_input_structure(OSSL_DECODER_INSTANCE *decoder_inst, + int *was_set); + +typedef int OSSL_DECODER_CONSTRUCT(OSSL_DECODER_INSTANCE *decoder_inst, + const OSSL_PARAM *params, + void *construct_data); +typedef void OSSL_DECODER_CLEANUP(void *construct_data); + +int OSSL_DECODER_CTX_set_construct(OSSL_DECODER_CTX *ctx, + OSSL_DECODER_CONSTRUCT *construct); +int OSSL_DECODER_CTX_set_construct_data(OSSL_DECODER_CTX *ctx, + void *construct_data); +int OSSL_DECODER_CTX_set_cleanup(OSSL_DECODER_CTX *ctx, + OSSL_DECODER_CLEANUP *cleanup); +OSSL_DECODER_CONSTRUCT *OSSL_DECODER_CTX_get_construct(OSSL_DECODER_CTX *ctx); +void *OSSL_DECODER_CTX_get_construct_data(OSSL_DECODER_CTX *ctx); +OSSL_DECODER_CLEANUP *OSSL_DECODER_CTX_get_cleanup(OSSL_DECODER_CTX *ctx); + +int OSSL_DECODER_export(OSSL_DECODER_INSTANCE *decoder_inst, + void *reference, size_t reference_sz, + OSSL_CALLBACK *export_cb, void *export_cbarg); + +int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in); +#ifndef OPENSSL_NO_STDIO +int OSSL_DECODER_from_fp(OSSL_DECODER_CTX *ctx, FILE *in); +#endif +int OSSL_DECODER_from_data(OSSL_DECODER_CTX *ctx, const unsigned char **pdata, + size_t *pdata_len); + +/* + * Create the OSSL_DECODER_CTX with an associated type. This will perform + * an implicit OSSL_DECODER_fetch(), suitable for the object of that type. + */ +OSSL_DECODER_CTX * +OSSL_DECODER_CTX_new_for_pkey(EVP_PKEY **pkey, + const char *input_type, + const char *input_struct, + const char *keytype, int selection, + OSSL_LIB_CTX *libctx, const char *propquery); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/decodererr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/decodererr.h new file mode 100644 index 000000000000..4212a38bca2a --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/decodererr.h @@ -0,0 +1,28 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DECODERERR_H +# define OPENSSL_DECODERERR_H +# pragma once + +# include +# include +# include + + + +/* + * OSSL_DECODER reason codes. + */ +# define OSSL_DECODER_R_COULD_NOT_DECODE_OBJECT 101 +# define OSSL_DECODER_R_DECODER_NOT_FOUND 102 +# define OSSL_DECODER_R_MISSING_GET_PARAMS 100 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/des.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/des.h new file mode 100644 index 000000000000..09798a616ffb --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/des.h @@ -0,0 +1,211 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DES_H +# define OPENSSL_DES_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_DES_H +# endif + +# include + +# ifndef OPENSSL_NO_DES +# ifdef __cplusplus +extern "C" { +# endif +# include + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +typedef unsigned int DES_LONG; + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +typedef unsigned char DES_cblock[8]; +typedef /* const */ unsigned char const_DES_cblock[8]; +/* + * With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * and + * const_DES_cblock * are incompatible pointer types. + */ + +typedef struct DES_ks { + union { + DES_cblock cblock; + /* + * make sure things are correct size on machines with 8 byte longs + */ + DES_LONG deslong[2]; + } ks[16]; +} DES_key_schedule; + +# define DES_KEY_SZ (sizeof(DES_cblock)) +# define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) + +# define DES_ENCRYPT 1 +# define DES_DECRYPT 0 + +# define DES_CBC_MODE 0 +# define DES_PCBC_MODE 1 + +# define DES_ecb2_encrypt(i,o,k1,k2,e) \ + DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) + +# define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ + DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) + +# define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ + DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) + +# define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ + DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) + +# define DES_fixup_key_parity DES_set_odd_parity +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 const char *DES_options(void); +OSSL_DEPRECATEDIN_3_0 +void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, int enc); +OSSL_DEPRECATEDIN_3_0 +DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, + long length, DES_key_schedule *schedule, + const_DES_cblock *ivec); +# endif +/* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +void DES_cbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, DES_cblock *ivec, + int enc); +OSSL_DEPRECATEDIN_3_0 +void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, DES_cblock *ivec, + int enc); +OSSL_DEPRECATEDIN_3_0 +void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, DES_cblock *ivec, + const_DES_cblock *inw, const_DES_cblock *outw, int enc); +OSSL_DEPRECATEDIN_3_0 +void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, DES_cblock *ivec, + int enc); +OSSL_DEPRECATEDIN_3_0 +void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks, int enc); +# endif + +/* + * This is the DES encryption function that gets called by just about every + * other DES routine in the library. You should not use this function except + * to implement 'modes' of DES. I say this because the functions that call + * this routine do the conversion from 'char *' to long, and this needs to be + * done to make sure 'non-aligned' memory access do not occur. The + * characters are loaded 'little endian'. Data is a pointer to 2 unsigned + * long's and ks is the DES_key_schedule to use. enc, is non zero specifies + * encryption, zero if decryption. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc); +# endif + +/* + * This functions is the same as DES_encrypt1() except that the DES initial + * permutation (IP) and final permutation (FP) have been left out. As for + * DES_encrypt1(), you should not use this function. It is used by the + * routines in the library that implement triple DES. IP() DES_encrypt2() + * DES_encrypt2() DES_encrypt2() FP() is the same as DES_encrypt1() + * DES_encrypt1() DES_encrypt1() except faster :-). + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc); +OSSL_DEPRECATEDIN_3_0 +void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3); +OSSL_DEPRECATEDIN_3_0 +void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3); +OSSL_DEPRECATEDIN_3_0 +void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int enc); +OSSL_DEPRECATEDIN_3_0 +void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num, int enc); +OSSL_DEPRECATEDIN_3_0 +void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out, + int numbits, long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int enc); +OSSL_DEPRECATEDIN_3_0 +void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num); +OSSL_DEPRECATEDIN_3_0 +char *DES_fcrypt(const char *buf, const char *salt, char *ret); +OSSL_DEPRECATEDIN_3_0 +char *DES_crypt(const char *buf, const char *salt); +OSSL_DEPRECATEDIN_3_0 +void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, DES_cblock *ivec); +OSSL_DEPRECATEDIN_3_0 +void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc); +OSSL_DEPRECATEDIN_3_0 +DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], + long length, int out_count, DES_cblock *seed); +OSSL_DEPRECATEDIN_3_0 int DES_random_key(DES_cblock *ret); +OSSL_DEPRECATEDIN_3_0 void DES_set_odd_parity(DES_cblock *key); +OSSL_DEPRECATEDIN_3_0 int DES_check_key_parity(const_DES_cblock *key); +OSSL_DEPRECATEDIN_3_0 int DES_is_weak_key(const_DES_cblock *key); +# endif +/* + * DES_set_key (= set_key = DES_key_sched = key_sched) calls + * DES_set_key_checked + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); +OSSL_DEPRECATEDIN_3_0 +int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); +OSSL_DEPRECATEDIN_3_0 +int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); +OSSL_DEPRECATEDIN_3_0 +void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); +OSSL_DEPRECATEDIN_3_0 void DES_string_to_key(const char *str, DES_cblock *key); +OSSL_DEPRECATEDIN_3_0 +void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); +OSSL_DEPRECATEDIN_3_0 +void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int *num, int enc); +OSSL_DEPRECATEDIN_3_0 +void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int *num); +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/dh.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/dh.h new file mode 100644 index 000000000000..97024929a40d --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/dh.h @@ -0,0 +1,339 @@ +/* + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DH_H +# define OPENSSL_DH_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_DH_H +# endif + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +#include + +/* + * DH parameter generation types used by EVP_PKEY_CTX_set_dh_paramgen_type() + * Note that additions/changes to this set of values requires corresponding + * adjustments to range checks in dh_gen() + */ +# define DH_PARAMGEN_TYPE_GENERATOR 0 /* Use a safe prime generator */ +# define DH_PARAMGEN_TYPE_FIPS_186_2 1 /* Use FIPS186-2 standard */ +# define DH_PARAMGEN_TYPE_FIPS_186_4 2 /* Use FIPS186-4 standard */ +# define DH_PARAMGEN_TYPE_GROUP 3 /* Use a named safe prime group */ + +int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int typ); +int EVP_PKEY_CTX_set_dh_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex); +int EVP_PKEY_CTX_set_dh_paramgen_seed(EVP_PKEY_CTX *ctx, + const unsigned char *seed, + size_t seedlen); +int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int pbits); +int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int qlen); +int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen); +int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid); +int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen); +int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int gen); +int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad); + +int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); +int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx); +int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid); +int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid); +int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); +int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); +int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); +#endif + +# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13) +# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14) +# define EVP_PKEY_CTRL_DH_NID (EVP_PKEY_ALG_CTRL + 15) +# define EVP_PKEY_CTRL_DH_PAD (EVP_PKEY_ALG_CTRL + 16) + +/* KDF types */ +# define EVP_PKEY_DH_KDF_NONE 1 +# define EVP_PKEY_DH_KDF_X9_42 2 + +# ifndef OPENSSL_NO_STDIO +# include +# endif +# ifndef OPENSSL_NO_DH +# include +# include +# include +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# endif +# include + +# ifndef OPENSSL_DH_MAX_MODULUS_BITS +# define OPENSSL_DH_MAX_MODULUS_BITS 10000 +# endif + +# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS +# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768 +# endif + +# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 + +# define DH_FLAG_CACHE_MONT_P 0x01 + +# define DH_FLAG_TYPE_MASK 0xF000 +# define DH_FLAG_TYPE_DH 0x0000 +# define DH_FLAG_TYPE_DHX 0x1000 + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define DH_FLAG_NO_EXP_CONSTTIME 0x00 +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* + * If this flag is set the DH method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define DH_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define DH_FLAG_NON_FIPS_ALLOW 0x0400 +# endif + +/* Already defined in ossl_typ.h */ +/* typedef struct dh_st DH; */ +/* typedef struct dh_method DH_METHOD; */ + +DECLARE_ASN1_ITEM(DHparams) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DH_GENERATOR_2 2 +# define DH_GENERATOR_3 3 +# define DH_GENERATOR_5 5 + +/* DH_check error codes, some of them shared with DH_check_pub_key */ +/* + * NB: These values must align with the equivalently named macros in + * internal/ffc.h. + */ +# define DH_CHECK_P_NOT_PRIME 0x01 +# define DH_CHECK_P_NOT_SAFE_PRIME 0x02 +# define DH_UNABLE_TO_CHECK_GENERATOR 0x04 +# define DH_NOT_SUITABLE_GENERATOR 0x08 +# define DH_CHECK_Q_NOT_PRIME 0x10 +# define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */ +# define DH_CHECK_INVALID_J_VALUE 0x40 +# define DH_MODULUS_TOO_SMALL 0x80 +# define DH_MODULUS_TOO_LARGE 0x100 /* +DH_check_pub_key */ + +/* DH_check_pub_key error codes */ +# define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +# define DH_CHECK_PUBKEY_TOO_LARGE 0x02 +# define DH_CHECK_PUBKEY_INVALID 0x04 + +/* + * primes p where (p-1)/2 is prime too are called "safe"; we define this for + * backward compatibility: + */ +# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME + +# define d2i_DHparams_fp(fp, x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHparams_fp(fp, x) \ + ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x)) +# define d2i_DHparams_bio(bp, x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x) +# define i2d_DHparams_bio(bp, x) \ + ASN1_i2d_bio_of(DH, i2d_DHparams, bp, x) + +# define d2i_DHxparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHxparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHxparams_fp(fp, x) \ + ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x)) +# define d2i_DHxparams_bio(bp, x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x) +# define i2d_DHxparams_bio(bp, x) \ + ASN1_i2d_bio_of(DH, i2d_DHxparams, bp, x) + +DECLARE_ASN1_DUP_FUNCTION_name_attr(OSSL_DEPRECATEDIN_3_0, DH, DHparams) + +OSSL_DEPRECATEDIN_3_0 const DH_METHOD *DH_OpenSSL(void); + +OSSL_DEPRECATEDIN_3_0 void DH_set_default_method(const DH_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 const DH_METHOD *DH_get_default_method(void); +OSSL_DEPRECATEDIN_3_0 int DH_set_method(DH *dh, const DH_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 DH *DH_new_method(ENGINE *engine); + +OSSL_DEPRECATEDIN_3_0 DH *DH_new(void); +OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh); +OSSL_DEPRECATEDIN_3_0 int DH_up_ref(DH *dh); +OSSL_DEPRECATEDIN_3_0 int DH_bits(const DH *dh); +OSSL_DEPRECATEDIN_3_0 int DH_size(const DH *dh); +OSSL_DEPRECATEDIN_3_0 int DH_security_bits(const DH *dh); + +# define DH_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef) + +OSSL_DEPRECATEDIN_3_0 int DH_set_ex_data(DH *d, int idx, void *arg); +OSSL_DEPRECATEDIN_3_0 void *DH_get_ex_data(const DH *d, int idx); + +OSSL_DEPRECATEDIN_3_0 int DH_generate_parameters_ex(DH *dh, int prime_len, + int generator, + BN_GENCB *cb); + +OSSL_DEPRECATEDIN_3_0 int DH_check_params_ex(const DH *dh); +OSSL_DEPRECATEDIN_3_0 int DH_check_ex(const DH *dh); +OSSL_DEPRECATEDIN_3_0 int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key); +OSSL_DEPRECATEDIN_3_0 int DH_check_params(const DH *dh, int *ret); +OSSL_DEPRECATEDIN_3_0 int DH_check(const DH *dh, int *codes); +OSSL_DEPRECATEDIN_3_0 int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, + int *codes); +OSSL_DEPRECATEDIN_3_0 int DH_generate_key(DH *dh); +OSSL_DEPRECATEDIN_3_0 int DH_compute_key(unsigned char *key, + const BIGNUM *pub_key, DH *dh); +OSSL_DEPRECATEDIN_3_0 int DH_compute_key_padded(unsigned char *key, + const BIGNUM *pub_key, DH *dh); + +DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, DH, DHparams) +DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, DH, DHxparams) + +# ifndef OPENSSL_NO_STDIO +OSSL_DEPRECATEDIN_3_0 int DHparams_print_fp(FILE *fp, const DH *x); +# endif +OSSL_DEPRECATEDIN_3_0 int DHparams_print(BIO *bp, const DH *x); + +/* RFC 5114 parameters */ +OSSL_DEPRECATEDIN_3_0 DH *DH_get_1024_160(void); +OSSL_DEPRECATEDIN_3_0 DH *DH_get_2048_224(void); +OSSL_DEPRECATEDIN_3_0 DH *DH_get_2048_256(void); + +/* Named parameters, currently RFC7919 and RFC3526 */ +OSSL_DEPRECATEDIN_3_0 DH *DH_new_by_nid(int nid); +OSSL_DEPRECATEDIN_3_0 int DH_get_nid(const DH *dh); + +/* RFC2631 KDF */ +OSSL_DEPRECATEDIN_3_0 int DH_KDF_X9_42(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + ASN1_OBJECT *key_oid, + const unsigned char *ukm, + size_t ukmlen, const EVP_MD *md); + +OSSL_DEPRECATEDIN_3_0 void DH_get0_pqg(const DH *dh, const BIGNUM **p, + const BIGNUM **q, const BIGNUM **g); +OSSL_DEPRECATEDIN_3_0 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); +OSSL_DEPRECATEDIN_3_0 void DH_get0_key(const DH *dh, const BIGNUM **pub_key, + const BIGNUM **priv_key); +OSSL_DEPRECATEDIN_3_0 int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *DH_get0_p(const DH *dh); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *DH_get0_q(const DH *dh); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *DH_get0_g(const DH *dh); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *DH_get0_priv_key(const DH *dh); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *DH_get0_pub_key(const DH *dh); +OSSL_DEPRECATEDIN_3_0 void DH_clear_flags(DH *dh, int flags); +OSSL_DEPRECATEDIN_3_0 int DH_test_flags(const DH *dh, int flags); +OSSL_DEPRECATEDIN_3_0 void DH_set_flags(DH *dh, int flags); +OSSL_DEPRECATEDIN_3_0 ENGINE *DH_get0_engine(DH *d); +OSSL_DEPRECATEDIN_3_0 long DH_get_length(const DH *dh); +OSSL_DEPRECATEDIN_3_0 int DH_set_length(DH *dh, long length); + +OSSL_DEPRECATEDIN_3_0 DH_METHOD *DH_meth_new(const char *name, int flags); +OSSL_DEPRECATEDIN_3_0 void DH_meth_free(DH_METHOD *dhm); +OSSL_DEPRECATEDIN_3_0 DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); +OSSL_DEPRECATEDIN_3_0 const char *DH_meth_get0_name(const DH_METHOD *dhm); +OSSL_DEPRECATEDIN_3_0 int DH_meth_set1_name(DH_METHOD *dhm, const char *name); +OSSL_DEPRECATEDIN_3_0 int DH_meth_get_flags(const DH_METHOD *dhm); +OSSL_DEPRECATEDIN_3_0 int DH_meth_set_flags(DH_METHOD *dhm, int flags); +OSSL_DEPRECATEDIN_3_0 void *DH_meth_get0_app_data(const DH_METHOD *dhm); +OSSL_DEPRECATEDIN_3_0 int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); +OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *); +OSSL_DEPRECATEDIN_3_0 int DH_meth_set_generate_key(DH_METHOD *dhm, + int (*generate_key) (DH *)); +OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) + (unsigned char *key, + const BIGNUM *pub_key, + DH *dh); +OSSL_DEPRECATEDIN_3_0 int DH_meth_set_compute_key(DH_METHOD *dhm, + int (*compute_key) + (unsigned char *key, + const BIGNUM *pub_key, + DH *dh)); +OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) + (const DH *, BIGNUM *, + const BIGNUM *, + const BIGNUM *, + const BIGNUM *, BN_CTX *, + BN_MONT_CTX *); +OSSL_DEPRECATEDIN_3_0 int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, + int (*bn_mod_exp) + (const DH *, BIGNUM *, + const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, + BN_MONT_CTX *)); +OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *); +OSSL_DEPRECATEDIN_3_0 int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)); +OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *); +OSSL_DEPRECATEDIN_3_0 int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *)); +OSSL_DEPRECATEDIN_3_0 int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) + (DH *, int, int, + BN_GENCB *); +OSSL_DEPRECATEDIN_3_0 int DH_meth_set_generate_params(DH_METHOD *dhm, + int (*generate_params) + (DH *, int, int, + BN_GENCB *)); +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +# ifndef OPENSSL_NO_DEPRECATED_0_9_8 +OSSL_DEPRECATEDIN_0_9_8 DH *DH_generate_parameters(int prime_len, int generator, + void (*callback) (int, int, + void *), + void *cb_arg); +# endif + +# endif +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/dherr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/dherr.h new file mode 100644 index 000000000000..2997d7d4c2c8 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/dherr.h @@ -0,0 +1,59 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DHERR_H +# define OPENSSL_DHERR_H +# pragma once + +# include +# include +# include + + +# ifndef OPENSSL_NO_DH + + +/* + * DH reason codes. + */ +# define DH_R_BAD_FFC_PARAMETERS 127 +# define DH_R_BAD_GENERATOR 101 +# define DH_R_BN_DECODE_ERROR 109 +# define DH_R_BN_ERROR 106 +# define DH_R_CHECK_INVALID_J_VALUE 115 +# define DH_R_CHECK_INVALID_Q_VALUE 116 +# define DH_R_CHECK_PUBKEY_INVALID 122 +# define DH_R_CHECK_PUBKEY_TOO_LARGE 123 +# define DH_R_CHECK_PUBKEY_TOO_SMALL 124 +# define DH_R_CHECK_P_NOT_PRIME 117 +# define DH_R_CHECK_P_NOT_SAFE_PRIME 118 +# define DH_R_CHECK_Q_NOT_PRIME 119 +# define DH_R_DECODE_ERROR 104 +# define DH_R_INVALID_PARAMETER_NAME 110 +# define DH_R_INVALID_PARAMETER_NID 114 +# define DH_R_INVALID_PUBKEY 102 +# define DH_R_INVALID_SECRET 128 +# define DH_R_INVALID_SIZE 129 +# define DH_R_KDF_PARAMETER_ERROR 112 +# define DH_R_KEYS_NOT_SET 108 +# define DH_R_MISSING_PUBKEY 125 +# define DH_R_MODULUS_TOO_LARGE 103 +# define DH_R_MODULUS_TOO_SMALL 126 +# define DH_R_NOT_SUITABLE_GENERATOR 120 +# define DH_R_NO_PARAMETERS_SET 107 +# define DH_R_NO_PRIVATE_VALUE 100 +# define DH_R_PARAMETER_ENCODING_ERROR 105 +# define DH_R_PEER_KEY_ERROR 111 +# define DH_R_Q_TOO_LARGE 130 +# define DH_R_SHARED_INFO_ERROR 113 +# define DH_R_UNABLE_TO_CHECK_GENERATOR 121 + +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/dsa.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/dsa.h new file mode 100644 index 000000000000..109878e68863 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/dsa.h @@ -0,0 +1,280 @@ +/* + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DSA_H +# define OPENSSL_DSA_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_DSA_H +# endif + +# include +# include + +# include + +# ifndef OPENSSL_NO_DSA +# include +# include +# include +# include +# include +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# endif +# include +# ifndef OPENSSL_NO_STDIO +# include +# endif +# endif + +# ifdef __cplusplus +extern "C" { +# endif + +int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits); +int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits); +int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx, + const char *md_name, + const char *md_properties); +int EVP_PKEY_CTX_set_dsa_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex); +int EVP_PKEY_CTX_set_dsa_paramgen_type(EVP_PKEY_CTX *ctx, const char *name); +int EVP_PKEY_CTX_set_dsa_paramgen_seed(EVP_PKEY_CTX *ctx, + const unsigned char *seed, + size_t seedlen); +int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); + +# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) + +# ifndef OPENSSL_NO_DSA +# ifndef OPENSSL_DSA_MAX_MODULUS_BITS +# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 +# endif + +# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 + +typedef struct DSA_SIG_st DSA_SIG; +DSA_SIG *DSA_SIG_new(void); +void DSA_SIG_free(DSA_SIG *a); +DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA_SIG, DSA_SIG) +void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); + + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define DSA_FLAG_NO_EXP_CONSTTIME 0x00 +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DSA_FLAG_CACHE_MONT_P 0x01 + +/* + * If this flag is set the DSA method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define DSA_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define DSA_FLAG_NON_FIPS_ALLOW 0x0400 +# define DSA_FLAG_FIPS_CHECKED 0x0800 + +/* Already defined in ossl_typ.h */ +/* typedef struct dsa_st DSA; */ +/* typedef struct dsa_method DSA_METHOD; */ + +# define d2i_DSAparams_fp(fp, x) \ + (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ + (char *(*)())d2i_DSAparams, (fp), \ + (unsigned char **)(x)) +# define i2d_DSAparams_fp(fp, x) \ + ASN1_i2d_fp(i2d_DSAparams, (fp), (unsigned char *)(x)) +# define d2i_DSAparams_bio(bp, x) \ + ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAparams, bp, x) +# define i2d_DSAparams_bio(bp, x) \ + ASN1_i2d_bio_of(DSA, i2d_DSAparams, bp, x) + +DECLARE_ASN1_DUP_FUNCTION_name_attr(OSSL_DEPRECATEDIN_3_0, DSA, DSAparams) +OSSL_DEPRECATEDIN_3_0 DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, + DSA *dsa); +OSSL_DEPRECATEDIN_3_0 int DSA_do_verify(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); + +OSSL_DEPRECATEDIN_3_0 const DSA_METHOD *DSA_OpenSSL(void); + +OSSL_DEPRECATEDIN_3_0 void DSA_set_default_method(const DSA_METHOD *); +OSSL_DEPRECATEDIN_3_0 const DSA_METHOD *DSA_get_default_method(void); +OSSL_DEPRECATEDIN_3_0 int DSA_set_method(DSA *dsa, const DSA_METHOD *); +OSSL_DEPRECATEDIN_3_0 const DSA_METHOD *DSA_get_method(DSA *d); + +OSSL_DEPRECATEDIN_3_0 DSA *DSA_new(void); +OSSL_DEPRECATEDIN_3_0 DSA *DSA_new_method(ENGINE *engine); +OSSL_DEPRECATEDIN_3_0 void DSA_free(DSA *r); +/* "up" the DSA object's reference count */ +OSSL_DEPRECATEDIN_3_0 int DSA_up_ref(DSA *r); +OSSL_DEPRECATEDIN_3_0 int DSA_size(const DSA *); +OSSL_DEPRECATEDIN_3_0 int DSA_bits(const DSA *d); +OSSL_DEPRECATEDIN_3_0 int DSA_security_bits(const DSA *d); + /* next 4 return -1 on error */ +OSSL_DEPRECATEDIN_3_0 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp); +OSSL_DEPRECATEDIN_3_0 int DSA_sign(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, DSA *dsa); +OSSL_DEPRECATEDIN_3_0 int DSA_verify(int type, const unsigned char *dgst, + int dgst_len, const unsigned char *sigbuf, + int siglen, DSA *dsa); + +# define DSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef) +OSSL_DEPRECATEDIN_3_0 int DSA_set_ex_data(DSA *d, int idx, void *arg); +OSSL_DEPRECATEDIN_3_0 void *DSA_get_ex_data(const DSA *d, int idx); + +DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, + DSA, DSAPublicKey) +DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, + DSA, DSAPrivateKey) +DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, + DSA, DSAparams) +# endif + +# ifndef OPENSSL_NO_DEPRECATED_0_9_8 +/* Deprecated version */ +OSSL_DEPRECATEDIN_0_9_8 +DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + void (*callback) (int, int, void *), + void *cb_arg); +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* New version */ +OSSL_DEPRECATEDIN_3_0 int DSA_generate_parameters_ex(DSA *dsa, int bits, + const unsigned char *seed, + int seed_len, + int *counter_ret, + unsigned long *h_ret, + BN_GENCB *cb); + +OSSL_DEPRECATEDIN_3_0 int DSA_generate_key(DSA *a); + +OSSL_DEPRECATEDIN_3_0 int DSAparams_print(BIO *bp, const DSA *x); +OSSL_DEPRECATEDIN_3_0 int DSA_print(BIO *bp, const DSA *x, int off); +# ifndef OPENSSL_NO_STDIO +OSSL_DEPRECATEDIN_3_0 int DSAparams_print_fp(FILE *fp, const DSA *x); +OSSL_DEPRECATEDIN_3_0 int DSA_print_fp(FILE *bp, const DSA *x, int off); +# endif + +# define DSS_prime_checks 64 +/* + * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only + * have one value here we set the number of checks to 64 which is the 128 bit + * security level that is the highest level and valid for creating a 3072 bit + * DSA key. + */ +# define DSA_is_prime(n, callback, cb_arg) \ + BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) + +# ifndef OPENSSL_NO_DH +/* + * Convert DSA structure (key or just parameters) into DH structure (be + * careful to avoid small subgroup attacks when using this!) + */ +OSSL_DEPRECATEDIN_3_0 DH *DSA_dup_DH(const DSA *r); +# endif + +OSSL_DEPRECATEDIN_3_0 void DSA_get0_pqg(const DSA *d, const BIGNUM **p, + const BIGNUM **q, const BIGNUM **g); +OSSL_DEPRECATEDIN_3_0 int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); +OSSL_DEPRECATEDIN_3_0 void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, + const BIGNUM **priv_key); +OSSL_DEPRECATEDIN_3_0 int DSA_set0_key(DSA *d, BIGNUM *pub_key, + BIGNUM *priv_key); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *DSA_get0_p(const DSA *d); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *DSA_get0_q(const DSA *d); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *DSA_get0_g(const DSA *d); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *DSA_get0_pub_key(const DSA *d); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *DSA_get0_priv_key(const DSA *d); +OSSL_DEPRECATEDIN_3_0 void DSA_clear_flags(DSA *d, int flags); +OSSL_DEPRECATEDIN_3_0 int DSA_test_flags(const DSA *d, int flags); +OSSL_DEPRECATEDIN_3_0 void DSA_set_flags(DSA *d, int flags); +OSSL_DEPRECATEDIN_3_0 ENGINE *DSA_get0_engine(DSA *d); + +OSSL_DEPRECATEDIN_3_0 DSA_METHOD *DSA_meth_new(const char *name, int flags); +OSSL_DEPRECATEDIN_3_0 void DSA_meth_free(DSA_METHOD *dsam); +OSSL_DEPRECATEDIN_3_0 DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam); +OSSL_DEPRECATEDIN_3_0 const char *DSA_meth_get0_name(const DSA_METHOD *dsam); +OSSL_DEPRECATEDIN_3_0 int DSA_meth_set1_name(DSA_METHOD *dsam, + const char *name); +OSSL_DEPRECATEDIN_3_0 int DSA_meth_get_flags(const DSA_METHOD *dsam); +OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); +OSSL_DEPRECATEDIN_3_0 void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); +OSSL_DEPRECATEDIN_3_0 int DSA_meth_set0_app_data(DSA_METHOD *dsam, + void *app_data); +OSSL_DEPRECATEDIN_3_0 DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam)) + (const unsigned char *, int, DSA *); +OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_sign(DSA_METHOD *dsam, + DSA_SIG *(*sign) (const unsigned char *, int, DSA *)); +OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam)) + (DSA *, BN_CTX *, BIGNUM **, BIGNUM **); +OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_sign_setup(DSA_METHOD *dsam, + int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)); +OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_verify(const DSA_METHOD *dsam)) + (const unsigned char *, int, DSA_SIG *, DSA *); +OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_verify(DSA_METHOD *dsam, + int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *)); +OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam)) + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *); +OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_mod_exp(DSA_METHOD *dsam, + int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, + BN_MONT_CTX *)); +OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam)) + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + BN_CTX *, BN_MONT_CTX *); +OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, + int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, BN_MONT_CTX *)); +OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *); +OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_init(DSA_METHOD *dsam, + int (*init)(DSA *)); +OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_finish(const DSA_METHOD *dsam))(DSA *); +OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_finish(DSA_METHOD *dsam, + int (*finish)(DSA *)); +OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam)) + (DSA *, int, const unsigned char *, int, int *, unsigned long *, + BN_GENCB *); +OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_paramgen(DSA_METHOD *dsam, + int (*paramgen) (DSA *, int, const unsigned char *, int, int *, + unsigned long *, BN_GENCB *)); +OSSL_DEPRECATEDIN_3_0 int (*DSA_meth_get_keygen(const DSA_METHOD *dsam))(DSA *); +OSSL_DEPRECATEDIN_3_0 int DSA_meth_set_keygen(DSA_METHOD *dsam, + int (*keygen) (DSA *)); + +# endif +# endif +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/dsaerr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/dsaerr.h new file mode 100644 index 000000000000..26ada57d80ab --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/dsaerr.h @@ -0,0 +1,44 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DSAERR_H +# define OPENSSL_DSAERR_H +# pragma once + +# include +# include +# include + + +# ifndef OPENSSL_NO_DSA + + +/* + * DSA reason codes. + */ +# define DSA_R_BAD_FFC_PARAMETERS 114 +# define DSA_R_BAD_Q_VALUE 102 +# define DSA_R_BN_DECODE_ERROR 108 +# define DSA_R_BN_ERROR 109 +# define DSA_R_DECODE_ERROR 104 +# define DSA_R_INVALID_DIGEST_TYPE 106 +# define DSA_R_INVALID_PARAMETERS 112 +# define DSA_R_MISSING_PARAMETERS 101 +# define DSA_R_MISSING_PRIVATE_KEY 111 +# define DSA_R_MODULUS_TOO_LARGE 103 +# define DSA_R_NO_PARAMETERS_SET 107 +# define DSA_R_PARAMETER_ENCODING_ERROR 105 +# define DSA_R_P_NOT_PRIME 115 +# define DSA_R_Q_NOT_PRIME 113 +# define DSA_R_SEED_LEN_SMALL 110 +# define DSA_R_TOO_MANY_RETRIES 116 + +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/dtls1.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/dtls1.h new file mode 100644 index 000000000000..5dc6b5419c27 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/dtls1.h @@ -0,0 +1,57 @@ +/* + * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DTLS1_H +# define OPENSSL_DTLS1_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_DTLS1_H +# endif + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +/* DTLS*_VERSION constants are defined in prov_ssl.h */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DTLS_MIN_VERSION DTLS1_VERSION +# define DTLS_MAX_VERSION DTLS1_2_VERSION +# endif +# define DTLS1_VERSION_MAJOR 0xFE + +/* Special value for method supporting multiple versions */ +# define DTLS_ANY_VERSION 0x1FFFF + +/* lengths of messages */ + +# define DTLS1_COOKIE_LENGTH 255 + +# define DTLS1_RT_HEADER_LENGTH 13 + +# define DTLS1_HM_HEADER_LENGTH 12 + +# define DTLS1_HM_BAD_FRAGMENT -2 +# define DTLS1_HM_FRAGMENT_RETRY -3 + +# define DTLS1_CCS_HEADER_LENGTH 1 + +# define DTLS1_AL_HEADER_LENGTH 2 + +# define DTLS1_TMO_ALERT_COUNT 12 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/e_os2.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/e_os2.h new file mode 100644 index 000000000000..f1e17958abbc --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/e_os2.h @@ -0,0 +1,309 @@ +/* + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_E_OS2_H +# define OPENSSL_E_OS2_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_E_OS2_H +# endif + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/****************************************************************************** + * Detect operating systems. This probably needs completing. + * The result is that at least one OPENSSL_SYS_os macro should be defined. + * However, if none is defined, Unix is assumed. + **/ + +# define OPENSSL_SYS_UNIX + +/* --------------------- Microsoft operating systems ---------------------- */ + +/* + * Note that MSDOS actually denotes 32-bit environments running on top of + * MS-DOS, such as DJGPP one. + */ +# if defined(OPENSSL_SYS_MSDOS) +# undef OPENSSL_SYS_UNIX +# endif + +/* + * For 32 bit environment, there seems to be the CygWin environment and then + * all the others that try to do the same thing Microsoft does... + */ +/* + * UEFI lives here because it might be built with a Microsoft toolchain and + * we need to avoid the false positive match on Windows. + */ +# if defined(OPENSSL_SYS_UEFI) +# undef OPENSSL_SYS_UNIX +# elif defined(OPENSSL_SYS_UWIN) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WIN32_UWIN +# else +# if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN) +# define OPENSSL_SYS_WIN32_CYGWIN +# else +# if defined(_WIN32) || defined(OPENSSL_SYS_WIN32) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN32) +# define OPENSSL_SYS_WIN32 +# endif +# endif +# if defined(_WIN64) || defined(OPENSSL_SYS_WIN64) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN64) +# define OPENSSL_SYS_WIN64 +# endif +# endif +# if defined(OPENSSL_SYS_WINNT) +# undef OPENSSL_SYS_UNIX +# endif +# if defined(OPENSSL_SYS_WINCE) +# undef OPENSSL_SYS_UNIX +# endif +# endif +# endif + +/* Anything that tries to look like Microsoft is "Windows" */ +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WINDOWS +# ifndef OPENSSL_SYS_MSDOS +# define OPENSSL_SYS_MSDOS +# endif +# endif + +/* + * DLL settings. This part is a bit tough, because it's up to the + * application implementer how he or she will link the application, so it + * requires some macro to be used. + */ +# ifdef OPENSSL_SYS_WINDOWS +# ifndef OPENSSL_OPT_WINDLL +# if defined(_WINDLL) /* This is used when building OpenSSL to + * indicate that DLL linkage should be used */ +# define OPENSSL_OPT_WINDLL +# endif +# endif +# endif + +/* ------------------------------- OpenVMS -------------------------------- */ +# if defined(__VMS) || defined(VMS) +# if !defined(OPENSSL_SYS_VMS) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_VMS +# endif +# if defined(__DECC) +# define OPENSSL_SYS_VMS_DECC +# elif defined(__DECCXX) +# define OPENSSL_SYS_VMS_DECC +# define OPENSSL_SYS_VMS_DECCXX +# else +# define OPENSSL_SYS_VMS_NODECC +# endif +# endif + +/* -------------------------------- Unix ---------------------------------- */ +# ifdef OPENSSL_SYS_UNIX +# if defined(linux) || defined(__linux__) && !defined(OPENSSL_SYS_LINUX) +# define OPENSSL_SYS_LINUX +# endif +# if defined(_AIX) && !defined(OPENSSL_SYS_AIX) +# define OPENSSL_SYS_AIX +# endif +# endif + +/* -------------------------------- VOS ----------------------------------- */ +# if defined(__VOS__) && !defined(OPENSSL_SYS_VOS) +# define OPENSSL_SYS_VOS +# ifdef __HPPA__ +# define OPENSSL_SYS_VOS_HPPA +# endif +# ifdef __IA32__ +# define OPENSSL_SYS_VOS_IA32 +# endif +# endif + +/* ---------------------------- HP NonStop -------------------------------- */ +# ifdef __TANDEM +# ifdef _STRING +# include +# endif +# define OPENSSL_USE_BUILD_DATE +# if defined(OPENSSL_THREADS) && defined(_SPT_MODEL_) +# define SPT_THREAD_SIGNAL 1 +# define SPT_THREAD_AWARE 1 +# include +# elif defined(OPENSSL_THREADS) && defined(_PUT_MODEL_) +# include +# endif +# endif + +/** + * That's it for OS-specific stuff + *****************************************************************************/ + +/*- + * OPENSSL_EXTERN is normally used to declare a symbol with possible extra + * attributes to handle its presence in a shared library. + * OPENSSL_EXPORT is used to define a symbol with extra possible attributes + * to make it visible in a shared library. + * Care needs to be taken when a header file is used both to declare and + * define symbols. Basically, for any library that exports some global + * variables, the following code must be present in the header file that + * declares them, before OPENSSL_EXTERN is used: + * + * #ifdef SOME_BUILD_FLAG_MACRO + * # undef OPENSSL_EXTERN + * # define OPENSSL_EXTERN OPENSSL_EXPORT + * #endif + * + * The default is to have OPENSSL_EXPORT and OPENSSL_EXTERN + * have some generally sensible values. + */ + +# if defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) +# define OPENSSL_EXPORT extern __declspec(dllexport) +# define OPENSSL_EXTERN extern __declspec(dllimport) +# else +# define OPENSSL_EXPORT extern +# define OPENSSL_EXTERN extern +# endif + +# ifdef _WIN32 +# ifdef _WIN64 +# define ossl_ssize_t __int64 +# define OSSL_SSIZE_MAX _I64_MAX +# else +# define ossl_ssize_t int +# define OSSL_SSIZE_MAX INT_MAX +# endif +# endif + +# if defined(OPENSSL_SYS_UEFI) && !defined(ossl_ssize_t) +# define ossl_ssize_t INTN +# define OSSL_SSIZE_MAX MAX_INTN +# endif + +# ifndef ossl_ssize_t +# define ossl_ssize_t ssize_t +# if defined(SSIZE_MAX) +# define OSSL_SSIZE_MAX SSIZE_MAX +# elif defined(_POSIX_SSIZE_MAX) +# define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX +# else +# define OSSL_SSIZE_MAX ((ssize_t)(SIZE_MAX>>1)) +# endif +# endif + +# if defined(UNUSEDRESULT_DEBUG) +# define __owur __attribute__((__warn_unused_result__)) +# else +# define __owur +# endif + +/* Standard integer types */ +# define OPENSSL_NO_INTTYPES_H +# define OPENSSL_NO_STDINT_H +# if defined(OPENSSL_SYS_UEFI) +typedef INT8 int8_t; +typedef UINT8 uint8_t; +typedef INT16 int16_t; +typedef UINT16 uint16_t; +typedef INT32 int32_t; +typedef UINT32 uint32_t; +typedef INT64 int64_t; +typedef UINT64 uint64_t; +typedef UINTN uintptr_t; +# elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ + defined(__osf__) || defined(__sgi) || defined(__hpux) || \ + defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) +# include +# undef OPENSSL_NO_INTTYPES_H +/* Because the specs say that inttypes.h includes stdint.h if present */ +# undef OPENSSL_NO_STDINT_H +# elif defined(_MSC_VER) && _MSC_VER<1600 +/* + * minimally required typdefs for systems not supporting inttypes.h or + * stdint.h: currently just older VC++ + */ +typedef signed char int8_t; +typedef unsigned char uint8_t; +typedef short int16_t; +typedef unsigned short uint16_t; +typedef int int32_t; +typedef unsigned int uint32_t; +typedef __int64 int64_t; +typedef unsigned __int64 uint64_t; +# elif defined(OPENSSL_SYS_TANDEM) +# include +# include +# else +# include +# undef OPENSSL_NO_STDINT_H +# endif +# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ + defined(INTMAX_MAX) && defined(UINTMAX_MAX) +typedef intmax_t ossl_intmax_t; +typedef uintmax_t ossl_uintmax_t; +# else +/* Fall back to the largest we know we require and can handle */ +typedef int64_t ossl_intmax_t; +typedef uint64_t ossl_uintmax_t; +# endif + +/* ossl_inline: portable inline definition usable in public headers */ +# if !defined(inline) && !defined(__cplusplus) +# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L + /* just use inline */ +# define ossl_inline inline +# elif defined(__GNUC__) && __GNUC__>=2 +# define ossl_inline __inline__ +# elif defined(_MSC_VER) + /* + * Visual Studio: inline is available in C++ only, however + * __inline is available for C, see + * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx + */ +# define ossl_inline __inline +# else +# define ossl_inline +# endif +# else +# define ossl_inline inline +# endif + +# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && \ + !defined(__cplusplus) +# define ossl_noreturn _Noreturn +# elif defined(__GNUC__) && __GNUC__ >= 2 +# define ossl_noreturn __attribute__((noreturn)) +# else +# define ossl_noreturn +# endif + +/* ossl_unused: portable unused attribute for use in public headers */ +# if defined(__GNUC__) +# define ossl_unused __attribute__((unused)) +# else +# define ossl_unused +# endif + +#ifdef __cplusplus +} +#endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/e_ostime.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/e_ostime.h new file mode 100644 index 000000000000..0e1748750499 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/e_ostime.h @@ -0,0 +1,38 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_E_OSTIME_H +# define OPENSSL_E_OSTIME_H +# pragma once + +# include +# include +# include + +/* + * This header guarantees that 'struct timeval' will be available. It includes + * the minimum headers needed to facilitate this. This may still be a + * substantial set of headers on some platforms (e.g. on Win32). + */ + +# if defined(OPENSSL_SYS_WINDOWS) +# if !defined(_WINSOCKAPI_) + /* + * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define + * _WINSOCKAPI_. Both of these provide struct timeval. Don't include + * winsock2.h if either header has been included to avoid breakage with + * applications that prefer to use over . + */ +# include +# endif +# else +# include +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/ebcdic.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/ebcdic.h new file mode 100644 index 000000000000..e0ae1aa84e4a --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/ebcdic.h @@ -0,0 +1,39 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_EBCDIC_H +# define OPENSSL_EBCDIC_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_EBCDIC_H +# endif + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Avoid name clashes with other applications */ +# define os_toascii _openssl_os_toascii +# define os_toebcdic _openssl_os_toebcdic +# define ebcdic2ascii _openssl_ebcdic2ascii +# define ascii2ebcdic _openssl_ascii2ebcdic + +extern const unsigned char os_toascii[256]; +extern const unsigned char os_toebcdic[256]; +void *ebcdic2ascii(void *dest, const void *srce, size_t count); +void *ascii2ebcdic(void *dest, const void *srce, size_t count); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/ec.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/ec.h new file mode 100644 index 000000000000..e1cbe982287b --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/ec.h @@ -0,0 +1,1588 @@ +/* + * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_EC_H +# define OPENSSL_EC_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_EC_H +# endif + +# include +# include + +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/* Values for EVP_PKEY_CTX_set_ec_param_enc() */ +# define OPENSSL_EC_EXPLICIT_CURVE 0x000 +# define OPENSSL_EC_NAMED_CURVE 0x001 + +int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); +int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc); +int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode); +int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); +int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); + +int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); +int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); + +int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, + int len); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); +# endif + +# define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10) + +/* KDF types */ +# define EVP_PKEY_ECDH_KDF_NONE 1 +# define EVP_PKEY_ECDH_KDF_X9_63 2 +/* + * The old name for EVP_PKEY_ECDH_KDF_X9_63 + * The ECDH KDF specification has been mistakenly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ +# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63 + +/** Enum for the point conversion form as defined in X9.62 (ECDSA) + * for the encoding of a elliptic curve point (x,y) */ +typedef enum { + /** the point is encoded as z||x, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_COMPRESSED = 2, + /** the point is encoded as z||x||y, where z is the octet 0x04 */ + POINT_CONVERSION_UNCOMPRESSED = 4, + /** the point is encoded as z||x||y, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_HYBRID = 6 +} point_conversion_form_t; + +const char *OSSL_EC_curve_nid2name(int nid); + +# ifndef OPENSSL_NO_STDIO +# include +# endif +# ifndef OPENSSL_NO_EC +# include +# include +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# endif +# include + +# ifndef OPENSSL_ECC_MAX_FIELD_BITS +# define OPENSSL_ECC_MAX_FIELD_BITS 661 +# endif + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +typedef struct ec_method_st EC_METHOD; +# endif +typedef struct ec_group_st EC_GROUP; +typedef struct ec_point_st EC_POINT; +typedef struct ecpk_parameters_st ECPKPARAMETERS; +typedef struct ec_parameters_st ECPARAMETERS; + +/********************************************************************/ +/* EC_METHODs for curves over GF(p) */ +/********************************************************************/ + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/** Returns the basic GFp ec methods which provides the basis for the + * optimized methods. + * \return EC_METHOD object + */ +OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_simple_method(void); + +/** Returns GFp methods using montgomery multiplication. + * \return EC_METHOD object + */ +OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_mont_method(void); + +/** Returns GFp methods using optimized methods for NIST recommended curves + * \return EC_METHOD object + */ +OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_nist_method(void); + +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +/** Returns 64-bit optimized methods for nistp224 + * \return EC_METHOD object + */ +OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_nistp224_method(void); + +/** Returns 64-bit optimized methods for nistp256 + * \return EC_METHOD object + */ +OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_nistp256_method(void); + +/** Returns 64-bit optimized methods for nistp521 + * \return EC_METHOD object + */ +OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_nistp521_method(void); +# endif /* OPENSSL_NO_EC_NISTP_64_GCC_128 */ + +# ifndef OPENSSL_NO_EC2M +/********************************************************************/ +/* EC_METHOD for curves over GF(2^m) */ +/********************************************************************/ + +/** Returns the basic GF2m ec method + * \return EC_METHOD object + */ +OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GF2m_simple_method(void); + +# endif + +/********************************************************************/ +/* EC_GROUP functions */ +/********************************************************************/ + +/** + * Creates a new EC_GROUP object + * \param meth EC_METHOD to use + * \return newly created EC_GROUP object or NULL in case of an error. + */ +OSSL_DEPRECATEDIN_3_0 EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); + +/** Clears and frees a EC_GROUP object + * \param group EC_GROUP object to be cleared and freed. + */ +OSSL_DEPRECATEDIN_3_0 void EC_GROUP_clear_free(EC_GROUP *group); + +/** Returns the EC_METHOD of the EC_GROUP object. + * \param group EC_GROUP object + * \return EC_METHOD used in this EC_GROUP object. + */ +OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + +/** Returns the field type of the EC_METHOD. + * \param meth EC_METHOD object + * \return NID of the underlying field type OID. + */ +OSSL_DEPRECATEDIN_3_0 int EC_METHOD_get_field_type(const EC_METHOD *meth); +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +/** Frees a EC_GROUP object + * \param group EC_GROUP object to be freed. + */ +void EC_GROUP_free(EC_GROUP *group); + +/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD. + * \param dst destination EC_GROUP object + * \param src source EC_GROUP object + * \return 1 on success and 0 if an error occurred. + */ +int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); + +/** Creates a new EC_GROUP object and copies the content + * form src to the newly created EC_KEY object + * \param src source EC_GROUP object + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); + +/** Sets the generator and its order/cofactor of a EC_GROUP object. + * \param group EC_GROUP object + * \param generator EC_POINT object with the generator. + * \param order the order of the group generated by the generator. + * \param cofactor the index of the sub-group generated by the generator + * in the group of all points on the elliptic curve. + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, + const BIGNUM *order, const BIGNUM *cofactor); + +/** Returns the generator of a EC_GROUP object. + * \param group EC_GROUP object + * \return the currently used generator (possibly NULL). + */ +const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); + +/** Returns the montgomery data for order(Generator) + * \param group EC_GROUP object + * \return the currently used montgomery data (possibly NULL). +*/ +BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group); + +/** Gets the order of a EC_GROUP + * \param group EC_GROUP object + * \param order BIGNUM to which the order is copied + * \param ctx unused + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); + +/** Gets the order of an EC_GROUP + * \param group EC_GROUP object + * \return the group order + */ +const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); + +/** Gets the number of bits of the order of an EC_GROUP + * \param group EC_GROUP object + * \return number of bits of group order. + */ +int EC_GROUP_order_bits(const EC_GROUP *group); + +/** Gets the cofactor of a EC_GROUP + * \param group EC_GROUP object + * \param cofactor BIGNUM to which the cofactor is copied + * \param ctx unused + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, + BN_CTX *ctx); + +/** Gets the cofactor of an EC_GROUP + * \param group EC_GROUP object + * \return the group cofactor + */ +const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); + +/** Sets the name of a EC_GROUP object + * \param group EC_GROUP object + * \param nid NID of the curve name OID + */ +void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); + +/** Returns the curve name of a EC_GROUP object + * \param group EC_GROUP object + * \return NID of the curve name OID or 0 if not set. + */ +int EC_GROUP_get_curve_name(const EC_GROUP *group); + +/** Gets the field of an EC_GROUP + * \param group EC_GROUP object + * \return the group field + */ +const BIGNUM *EC_GROUP_get0_field(const EC_GROUP *group); + +/** Returns the field type of the EC_GROUP. + * \param group EC_GROUP object + * \return NID of the underlying field type OID. + */ +int EC_GROUP_get_field_type(const EC_GROUP *group); + +void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); +int EC_GROUP_get_asn1_flag(const EC_GROUP *group); + +void EC_GROUP_set_point_conversion_form(EC_GROUP *group, + point_conversion_form_t form); +point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + +unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); +size_t EC_GROUP_get_seed_len(const EC_GROUP *); +size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + +/** Sets the parameters of an ec curve defined by y^2 = x^3 + a*x + b (for GFp) + * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); + +/** Gets the parameters of the ec curve defined by y^2 = x^3 + a*x + b (for GFp) + * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, + BN_CTX *ctx); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/** Sets the parameters of an ec curve. Synonym for EC_GROUP_set_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 int EC_GROUP_set_curve_GFp(EC_GROUP *group, + const BIGNUM *p, + const BIGNUM *a, + const BIGNUM *b, + BN_CTX *ctx); + +/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 int EC_GROUP_get_curve_GFp(const EC_GROUP *group, + BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx); + +# ifndef OPENSSL_NO_EC2M +/** Sets the parameter of an ec curve. Synonym for EC_GROUP_set_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 int EC_GROUP_set_curve_GF2m(EC_GROUP *group, + const BIGNUM *p, + const BIGNUM *a, + const BIGNUM *b, + BN_CTX *ctx); + +/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, + BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx); +# endif /* OPENSSL_NO_EC2M */ +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +/** Returns the number of bits needed to represent a field element + * \param group EC_GROUP object + * \return number of bits needed to represent a field element + */ +int EC_GROUP_get_degree(const EC_GROUP *group); + +/** Checks whether the parameter in the EC_GROUP define a valid ec group + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if group is a valid ec group and 0 otherwise + */ +int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); + +/** Checks whether the discriminant of the elliptic curve is zero or not + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if the discriminant is not zero and 0 otherwise + */ +int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); + +/** Compares two EC_GROUP objects + * \param a first EC_GROUP object + * \param b second EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 0 if the groups are equal, 1 if not, or -1 on error + */ +int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); + +/* + * EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() after + * choosing an appropriate EC_METHOD + */ + +/** Creates a new EC_GROUP object with the specified parameters defined + * over GFp (defined by the equation y^2 = x^3 + a*x + b) + * \param p BIGNUM with the prime number + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +# ifndef OPENSSL_NO_EC2M +/** Creates a new EC_GROUP object with the specified parameters defined + * over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b) + * \param p BIGNUM with the polynomial defining the underlying field + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +# endif + +/** + * Creates a EC_GROUP object with a curve specified by parameters. + * The parameters may be explicit or a named curve, + * \param params A list of parameters describing the group. + * \param libctx The associated library context or NULL for the default + * context + * \param propq A property query string + * \return newly created EC_GROUP object with specified parameters or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], + OSSL_LIB_CTX *libctx, const char *propq); + +/** + * Creates an OSSL_PARAM array with the parameters describing the given + * EC_GROUP. + * The resulting parameters may contain an explicit or a named curve depending + * on the EC_GROUP. + * \param group pointer to the EC_GROUP object + * \param libctx The associated library context or NULL for the default + * context + * \param propq A property query string + * \param bnctx BN_CTX object (optional) + * \return newly created OSSL_PARAM array with the parameters + * describing the given EC_GROUP or NULL if an error occurred + */ +OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx, + const char *propq, BN_CTX *bnctx); + +/** + * Creates a EC_GROUP object with a curve specified by a NID + * \param libctx The associated library context or NULL for the default + * context + * \param propq A property query string + * \param nid NID of the OID of the curve name + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_by_curve_name_ex(OSSL_LIB_CTX *libctx, const char *propq, + int nid); + +/** + * Creates a EC_GROUP object with a curve specified by a NID. Same as + * EC_GROUP_new_by_curve_name_ex but the libctx and propq are always + * NULL. + * \param nid NID of the OID of the curve name + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_by_curve_name(int nid); + +/** Creates a new EC_GROUP object from an ECPARAMETERS object + * \param params pointer to the ECPARAMETERS object + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params); + +/** Creates an ECPARAMETERS object for the given EC_GROUP object. + * \param group pointer to the EC_GROUP object + * \param params pointer to an existing ECPARAMETERS object or NULL + * \return pointer to the new ECPARAMETERS object or NULL + * if an error occurred. + */ +ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, + ECPARAMETERS *params); + +/** Creates a new EC_GROUP object from an ECPKPARAMETERS object + * \param params pointer to an existing ECPKPARAMETERS object, or NULL + * \return newly created EC_GROUP object with specified curve, or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params); + +/** Creates an ECPKPARAMETERS object for the given EC_GROUP object. + * \param group pointer to the EC_GROUP object + * \param params pointer to an existing ECPKPARAMETERS object or NULL + * \return pointer to the new ECPKPARAMETERS object or NULL + * if an error occurred. + */ +ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, + ECPKPARAMETERS *params); + +/********************************************************************/ +/* handling of internal curves */ +/********************************************************************/ + +typedef struct { + int nid; + const char *comment; +} EC_builtin_curve; + +/* + * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all + * available curves or zero if a error occurred. In case r is not zero, + * nitems EC_builtin_curve structures are filled with the data of the first + * nitems internal groups + */ +size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + +const char *EC_curve_nid2nist(int nid); +int EC_curve_nist2nid(const char *name); +int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only, + BN_CTX *ctx); + +/********************************************************************/ +/* EC_POINT functions */ +/********************************************************************/ + +/** Creates a new EC_POINT object for the specified EC_GROUP + * \param group EC_GROUP the underlying EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_new(const EC_GROUP *group); + +/** Frees a EC_POINT object + * \param point EC_POINT object to be freed + */ +void EC_POINT_free(EC_POINT *point); + +/** Clears and frees a EC_POINT object + * \param point EC_POINT object to be cleared and freed + */ +void EC_POINT_clear_free(EC_POINT *point); + +/** Copies EC_POINT object + * \param dst destination EC_POINT object + * \param src source EC_POINT object + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); + +/** Creates a new EC_POINT object and copies the content of the supplied + * EC_POINT + * \param src source EC_POINT object + * \param group underlying the EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); + +/** Sets a point to infinity (neutral element) + * \param group underlying EC_GROUP object + * \param point EC_POINT to set to infinity + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/** Returns the EC_METHOD used in EC_POINT object + * \param point EC_POINT object + * \return the EC_METHOD used + */ +OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); + +/** Sets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param z BIGNUM with the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_Jprojective_coordinates_GFp + (const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, + BN_CTX *ctx); + +/** Gets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param z BIGNUM for the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 int EC_POINT_get_Jprojective_coordinates_GFp + (const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx); +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +/** Sets the affine coordinates of an EC_POINT + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, + BN_CTX *ctx); + +/** Gets the affine coordinates of an EC_POINT. + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/** Sets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_set_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_affine_coordinates_GFp + (const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); + +/** Gets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_get_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 int EC_POINT_get_affine_coordinates_GFp + (const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +/** Sets the x9.62 compressed coordinates of a EC_POINT + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, + BN_CTX *ctx); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of + * EC_POINT_set_compressed_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_compressed_coordinates_GFp + (const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); +# ifndef OPENSSL_NO_EC2M +/** Sets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_set_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_affine_coordinates_GF2m + (const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); + +/** Gets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_get_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 int EC_POINT_get_affine_coordinates_GF2m + (const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + +/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of + * EC_POINT_set_compressed_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_compressed_coordinates_GF2m + (const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); +# endif +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +/** Encodes a EC_POINT object to a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param form point conversion form + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Decodes a EC_POINT from a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, + const unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Encodes an EC_POINT object to an allocated octet string + * \param group underlying EC_GROUP object + * \param point EC_POINT object + * \param form point conversion form + * \param pbuf returns pointer to allocated buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, + point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); + +/* other interfaces to point2oct/oct2point: */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 BIGNUM *EC_POINT_point2bn(const EC_GROUP *, + const EC_POINT *, + point_conversion_form_t form, + BIGNUM *, BN_CTX *); +OSSL_DEPRECATEDIN_3_0 EC_POINT *EC_POINT_bn2point(const EC_GROUP *, + const BIGNUM *, + EC_POINT *, BN_CTX *); +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BN_CTX *); +EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, + EC_POINT *, BN_CTX *); + +/********************************************************************/ +/* functions for doing EC_POINT arithmetic */ +/********************************************************************/ + +/** Computes the sum of two EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = a + b) + * \param a EC_POINT object with the first summand + * \param b EC_POINT object with the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + const EC_POINT *b, BN_CTX *ctx); + +/** Computes the double of a EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = 2 * a) + * \param a EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + BN_CTX *ctx); + +/** Computes the inverse of a EC_POINT + * \param group underlying EC_GROUP object + * \param a EC_POINT object to be inverted (it's used for the result as well) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); + +/** Checks whether the point is the neutral element of the group + * \param group the underlying EC_GROUP object + * \param p EC_POINT object + * \return 1 if the point is the neutral element and 0 otherwise + */ +int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); + +/** Checks whether the point is on the curve + * \param group underlying EC_GROUP object + * \param point EC_POINT object to check + * \param ctx BN_CTX object (optional) + * \return 1 if the point is on the curve, 0 if not, or -1 on error + */ +int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, + BN_CTX *ctx); + +/** Compares two EC_POINTs + * \param group underlying EC_GROUP object + * \param a first EC_POINT object + * \param b second EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 if the points are not equal, 0 if they are, or -1 on error + */ +int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, + BN_CTX *ctx); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int EC_POINT_make_affine(const EC_GROUP *group, + EC_POINT *point, BN_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, + EC_POINT *points[], BN_CTX *ctx); + +/** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i] + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param num number further summands + * \param p array of size num of EC_POINT objects + * \param m array of size num of BIGNUM objects + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *n, size_t num, + const EC_POINT *p[], const BIGNUM *m[], + BN_CTX *ctx); +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +/** Computes r = generator * n + q * m + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param q EC_POINT object with the first factor of the second summand + * \param m BIGNUM with the second factor of the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/** Stores multiples of generator for faster point multiplication + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); + +/** Reports whether a precomputation has been done + * \param group EC_GROUP object + * \return 1 if a pre-computation has been done and 0 otherwise + */ +OSSL_DEPRECATEDIN_3_0 int EC_GROUP_have_precompute_mult(const EC_GROUP *group); +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +/********************************************************************/ +/* ASN1 stuff */ +/********************************************************************/ + +DECLARE_ASN1_ITEM(ECPKPARAMETERS) +DECLARE_ASN1_ALLOC_FUNCTIONS(ECPKPARAMETERS) +DECLARE_ASN1_ITEM(ECPARAMETERS) +DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) + +/* + * EC_GROUP_get_basis_type() returns the NID of the basis type used to + * represent the field elements + */ +int EC_GROUP_get_basis_type(const EC_GROUP *); +# ifndef OPENSSL_NO_EC2M +int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); +int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + unsigned int *k2, unsigned int *k3); +# endif + +EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); +int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); + +# define d2i_ECPKParameters_bio(bp,x) \ + ASN1_d2i_bio_of(EC_GROUP, NULL, d2i_ECPKParameters, bp, x) +# define i2d_ECPKParameters_bio(bp,x) \ + ASN1_i2d_bio_of(EC_GROUP, i2d_ECPKParameters, bp, x) +# define d2i_ECPKParameters_fp(fp,x) \ + (EC_GROUP *)ASN1_d2i_fp(NULL, (d2i_of_void *)d2i_ECPKParameters, (fp), \ + (void **)(x)) +# define i2d_ECPKParameters_fp(fp,x) \ + ASN1_i2d_fp((i2d_of_void *)i2d_ECPKParameters, (fp), (void *)(x)) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int ECPKParameters_print(BIO *bp, const EC_GROUP *x, + int off); +# ifndef OPENSSL_NO_STDIO +OSSL_DEPRECATEDIN_3_0 int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, + int off); +# endif +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +/********************************************************************/ +/* EC_KEY functions */ +/********************************************************************/ + +/* some values for the encoding_flag */ +# define EC_PKEY_NO_PARAMETERS 0x001 +# define EC_PKEY_NO_PUBKEY 0x002 + +/* some values for the flags field */ +# define EC_FLAG_SM2_RANGE 0x0004 +# define EC_FLAG_COFACTOR_ECDH 0x1000 +# define EC_FLAG_CHECK_NAMED_GROUP 0x2000 +# define EC_FLAG_CHECK_NAMED_GROUP_NIST 0x4000 +# define EC_FLAG_CHECK_NAMED_GROUP_MASK \ + (EC_FLAG_CHECK_NAMED_GROUP | EC_FLAG_CHECK_NAMED_GROUP_NIST) + +/* Deprecated flags - it was using 0x01..0x02 */ +# define EC_FLAG_NON_FIPS_ALLOW 0x0000 +# define EC_FLAG_FIPS_CHECKED 0x0000 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/** + * Creates a new EC_KEY object. + * \param ctx The library context for to use for this EC_KEY. May be NULL in + * which case the default library context is used. + * \return EC_KEY object or NULL if an error occurred. + */ +OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_ex(OSSL_LIB_CTX *ctx, const char *propq); + +/** + * Creates a new EC_KEY object. Same as calling EC_KEY_new_ex with a + * NULL library context + * \return EC_KEY object or NULL if an error occurred. + */ +OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new(void); + +OSSL_DEPRECATEDIN_3_0 int EC_KEY_get_flags(const EC_KEY *key); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_flags(EC_KEY *key, int flags); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_clear_flags(EC_KEY *key, int flags); + +OSSL_DEPRECATEDIN_3_0 int EC_KEY_decoded_from_explicit_params(const EC_KEY *key); + +/** + * Creates a new EC_KEY object using a named curve as underlying + * EC_GROUP object. + * \param ctx The library context for to use for this EC_KEY. May be NULL in + * which case the default library context is used. + * \param propq Any property query string + * \param nid NID of the named curve. + * \return EC_KEY object or NULL if an error occurred. + */ +OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name_ex(OSSL_LIB_CTX *ctx, + const char *propq, + int nid); + +/** + * Creates a new EC_KEY object using a named curve as underlying + * EC_GROUP object. Same as calling EC_KEY_new_by_curve_name_ex with a NULL + * library context and property query string. + * \param nid NID of the named curve. + * \return EC_KEY object or NULL if an error occurred. + */ +OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name(int nid); + +/** Frees a EC_KEY object. + * \param key EC_KEY object to be freed. + */ +OSSL_DEPRECATEDIN_3_0 void EC_KEY_free(EC_KEY *key); + +/** Copies a EC_KEY object. + * \param dst destination EC_KEY object + * \param src src EC_KEY object + * \return dst or NULL if an error occurred. + */ +OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); + +/** Creates a new EC_KEY object and copies the content from src to it. + * \param src the source EC_KEY object + * \return newly created EC_KEY object or NULL if an error occurred. + */ +OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_dup(const EC_KEY *src); + +/** Increases the internal reference count of a EC_KEY object. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +OSSL_DEPRECATEDIN_3_0 int EC_KEY_up_ref(EC_KEY *key); + +/** Returns the ENGINE object of a EC_KEY object + * \param eckey EC_KEY object + * \return the ENGINE object (possibly NULL). + */ +OSSL_DEPRECATEDIN_3_0 ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey); + +/** Returns the EC_GROUP object of a EC_KEY object + * \param key EC_KEY object + * \return the EC_GROUP object (possibly NULL). + */ +OSSL_DEPRECATEDIN_3_0 const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); + +/** Sets the EC_GROUP of a EC_KEY object. + * \param key EC_KEY object + * \param group EC_GROUP to use in the EC_KEY object (note: the EC_KEY + * object will use an own copy of the EC_GROUP). + * \return 1 on success and 0 if an error occurred. + */ +OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); + +/** Returns the private key of a EC_KEY object. + * \param key EC_KEY object + * \return a BIGNUM with the private key (possibly NULL). + */ +OSSL_DEPRECATEDIN_3_0 const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); + +/** Sets the private key of a EC_KEY object. + * \param key EC_KEY object + * \param prv BIGNUM with the private key (note: the EC_KEY object + * will use an own copy of the BIGNUM). + * \return 1 on success and 0 if an error occurred. + */ +OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); + +/** Returns the public key of a EC_KEY object. + * \param key the EC_KEY object + * \return a EC_POINT object with the public key (possibly NULL) + */ +OSSL_DEPRECATEDIN_3_0 const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); + +/** Sets the public key of a EC_KEY object. + * \param key EC_KEY object + * \param pub EC_POINT object with the public key (note: the EC_KEY object + * will use an own copy of the EC_POINT object). + * \return 1 on success and 0 if an error occurred. + */ +OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); + +OSSL_DEPRECATEDIN_3_0 unsigned EC_KEY_get_enc_flags(const EC_KEY *key); +OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); +OSSL_DEPRECATEDIN_3_0 point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); +OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_conv_form(EC_KEY *eckey, + point_conversion_form_t cform); +# endif /*OPENSSL_NO_DEPRECATED_3_0 */ + +# define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg); +OSSL_DEPRECATEDIN_3_0 void *EC_KEY_get_ex_data(const EC_KEY *key, int idx); + +/* wrapper functions for the underlying EC_GROUP object */ +OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); + +/** Creates a table of pre-computed multiples of the generator to + * accelerate further EC_KEY operations. + * \param key EC_KEY object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred. + */ +OSSL_DEPRECATEDIN_3_0 int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); + +/** Creates a new ec private (and optional a new public) key. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +OSSL_DEPRECATEDIN_3_0 int EC_KEY_generate_key(EC_KEY *key); + +/** Verifies that a private and/or public key is valid. + * \param key the EC_KEY object + * \return 1 on success and 0 otherwise. + */ +OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key); + +/** Indicates if an EC_KEY can be used for signing. + * \param eckey the EC_KEY object + * \return 1 if can sign and 0 otherwise. + */ +OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey); + +/** Sets a public key from affine coordinates performing + * necessary NIST PKV tests. + * \param key the EC_KEY object + * \param x public key x coordinate + * \param y public key y coordinate + * \return 1 on success and 0 otherwise. + */ +OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, + BIGNUM *x, + BIGNUM *y); + +/** Encodes an EC_KEY public key to an allocated octet string + * \param key key to encode + * \param form point conversion form + * \param pbuf returns pointer to allocated buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 size_t EC_KEY_key2buf(const EC_KEY *key, + point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); + +/** Decodes a EC_KEY public key from a octet string + * \param key key to decode + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ + +OSSL_DEPRECATEDIN_3_0 int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, + size_t len, BN_CTX *ctx); + +/** Decodes an EC_KEY private key from an octet string + * \param key key to decode + * \param buf memory buffer with the encoded private key + * \param len length of the encoded key + * \return 1 on success and 0 if an error occurred + */ + +OSSL_DEPRECATEDIN_3_0 int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, + size_t len); + +/** Encodes a EC_KEY private key to an octet string + * \param key key to encode + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \return the length of the encoded octet string or 0 if an error occurred + */ + +OSSL_DEPRECATEDIN_3_0 size_t EC_KEY_priv2oct(const EC_KEY *key, + unsigned char *buf, size_t len); + +/** Encodes an EC_KEY private key to an allocated octet string + * \param eckey key to encode + * \param pbuf returns pointer to allocated buffer + * \return the length of the encoded octet string or 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 size_t EC_KEY_priv2buf(const EC_KEY *eckey, + unsigned char **pbuf); + +/********************************************************************/ +/* de- and encoding functions for SEC1 ECPrivateKey */ +/********************************************************************/ + +/** Decodes a private key from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded private key + * \param len length of the DER encoded private key + * \return the decoded private key or NULL if an error occurred. + */ +OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey(EC_KEY **key, + const unsigned char **in, + long len); + +/** Encodes a private key object and stores the result in a buffer. + * \param key the EC_KEY object to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey(const EC_KEY *key, + unsigned char **out); + +/********************************************************************/ +/* de- and encoding functions for EC parameters */ +/********************************************************************/ + +/** Decodes ec parameter from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded ec parameters + * \param len length of the DER encoded ec parameters + * \return a EC_KEY object with the decoded parameters or NULL if an error + * occurred. + */ +OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECParameters(EC_KEY **key, + const unsigned char **in, + long len); + +/** Encodes ec parameter and stores the result in a buffer. + * \param key the EC_KEY object with ec parameters to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +OSSL_DEPRECATEDIN_3_0 int i2d_ECParameters(const EC_KEY *key, + unsigned char **out); + +/********************************************************************/ +/* de- and encoding functions for EC public key */ +/* (octet string, not DER -- hence 'o2i' and 'i2o') */ +/********************************************************************/ + +/** Decodes an ec public key from a octet string. + * \param key a pointer to a EC_KEY object which should be used + * \param in memory buffer with the encoded public key + * \param len length of the encoded public key + * \return EC_KEY object with decoded public key or NULL if an error + * occurred. + */ +OSSL_DEPRECATEDIN_3_0 EC_KEY *o2i_ECPublicKey(EC_KEY **key, + const unsigned char **in, long len); + +/** Encodes an ec public key in an octet string. + * \param key the EC_KEY object with the public key + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out); + +/** Prints out the ec parameters on human readable form. + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 int ECParameters_print(BIO *bp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); + +# ifndef OPENSSL_NO_STDIO +/** Prints out the ec parameters on human readable form. + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 int ECParameters_print_fp(FILE *fp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); +# endif /* OPENSSL_NO_STDIO */ + +OSSL_DEPRECATEDIN_3_0 const EC_KEY_METHOD *EC_KEY_OpenSSL(void); +OSSL_DEPRECATEDIN_3_0 const EC_KEY_METHOD *EC_KEY_get_default_method(void); +OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_default_method(const EC_KEY_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); +OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine); + +/** The old name for ecdh_KDF_X9_63 + * The ECDH KDF specification has been mistakenly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ +OSSL_DEPRECATEDIN_3_0 int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, + size_t sinfolen, const EVP_MD *md); + +OSSL_DEPRECATEDIN_3_0 int ECDH_compute_key(void *out, size_t outlen, + const EC_POINT *pub_key, + const EC_KEY *ecdh, + void *(*KDF)(const void *in, + size_t inlen, void *out, + size_t *outlen)); +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +typedef struct ECDSA_SIG_st ECDSA_SIG; + +/** Allocates and initialize a ECDSA_SIG structure + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_SIG_new(void); + +/** frees a ECDSA_SIG structure + * \param sig pointer to the ECDSA_SIG structure + */ +void ECDSA_SIG_free(ECDSA_SIG *sig); + +/** i2d_ECDSA_SIG encodes content of ECDSA_SIG (note: this function modifies *pp + * (*pp += length of the DER encoded signature)). + * \param sig pointer to the ECDSA_SIG object + * \param pp pointer to a unsigned char pointer for the output or NULL + * \return the length of the DER encoded ECDSA_SIG object or a negative value + * on error + */ +DECLARE_ASN1_ENCODE_FUNCTIONS_only(ECDSA_SIG, ECDSA_SIG) + +/** d2i_ECDSA_SIG decodes an ECDSA signature (note: this function modifies *pp + * (*pp += len)). + * \param sig pointer to ECDSA_SIG pointer (may be NULL) + * \param pp memory buffer with the DER encoded signature + * \param len length of the buffer + * \return pointer to the decoded ECDSA_SIG structure (or NULL) + */ + +/** Accessor for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + * \param pr pointer to BIGNUM pointer for r (may be NULL) + * \param ps pointer to BIGNUM pointer for s (may be NULL) + */ +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); + +/** Accessor for r field of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + */ +const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); + +/** Accessor for s field of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + */ +const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); + +/** Setter for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + * \param r pointer to BIGNUM for r + * \param s pointer to BIGNUM for s + */ +int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/** Computes the ECDSA signature of the given hash value using + * the supplied private key and returns the created signature. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, + int dgst_len, EC_KEY *eckey); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optional), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +OSSL_DEPRECATEDIN_3_0 ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, + int dgstlen, const BIGNUM *kinv, + const BIGNUM *rp, EC_KEY *eckey); + +/** Verifies that the supplied signature is a valid ECDSA + * signature of the supplied hash value using the supplied public key. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param sig ECDSA_SIG structure + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +OSSL_DEPRECATEDIN_3_0 int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); + +/** Precompute parts of the signing operation + * \param eckey EC_KEY object containing a private EC key + * \param ctx BN_CTX object (optional) + * \param kinv BIGNUM pointer for the inverse of k + * \param rp BIGNUM pointer for x coordinate of k * generator + * \return 1 on success and 0 otherwise + */ +OSSL_DEPRECATEDIN_3_0 int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, + BIGNUM **kinv, BIGNUM **rp); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig memory for the DER encoded created signature + * \param siglen pointer to the length of the returned signature + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +OSSL_DEPRECATEDIN_3_0 int ECDSA_sign(int type, const unsigned char *dgst, + int dgstlen, unsigned char *sig, + unsigned int *siglen, EC_KEY *eckey); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig buffer to hold the DER encoded signature + * \param siglen pointer to the length of the returned signature + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optional), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +OSSL_DEPRECATEDIN_3_0 int ECDSA_sign_ex(int type, const unsigned char *dgst, + int dgstlen, unsigned char *sig, + unsigned int *siglen, const BIGNUM *kinv, + const BIGNUM *rp, EC_KEY *eckey); + +/** Verifies that the given signature is valid ECDSA signature + * of the supplied hash value using the specified public key. + * \param type this parameter is ignored + * \param dgst pointer to the hash value + * \param dgstlen length of the hash value + * \param sig pointer to the DER encoded signature + * \param siglen length of the DER encoded signature + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +OSSL_DEPRECATEDIN_3_0 int ECDSA_verify(int type, const unsigned char *dgst, + int dgstlen, const unsigned char *sig, + int siglen, EC_KEY *eckey); + +/** Returns the maximum length of the DER encoded signature + * \param eckey EC_KEY object + * \return numbers of bytes required for the DER encoded signature + */ +OSSL_DEPRECATEDIN_3_0 int ECDSA_size(const EC_KEY *eckey); + +/********************************************************************/ +/* EC_KEY_METHOD constructors, destructors, writers and accessors */ +/********************************************************************/ + +OSSL_DEPRECATEDIN_3_0 EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_free(EC_KEY_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_init + (EC_KEY_METHOD *meth, + int (*init)(EC_KEY *key), + void (*finish)(EC_KEY *key), + int (*copy)(EC_KEY *dest, const EC_KEY *src), + int (*set_group)(EC_KEY *key, const EC_GROUP *grp), + int (*set_private)(EC_KEY *key, const BIGNUM *priv_key), + int (*set_public)(EC_KEY *key, const EC_POINT *pub_key)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, + int (*keygen)(EC_KEY *key)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_compute_key + (EC_KEY_METHOD *meth, + int (*ckey)(unsigned char **psec, size_t *pseclen, + const EC_POINT *pub_key, const EC_KEY *ecdh)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_sign + (EC_KEY_METHOD *meth, + int (*sign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_verify + (EC_KEY_METHOD *meth, + int (*verify)(int type, const unsigned + char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (*verify_sig)(const unsigned char *dgst, + int dgst_len, const ECDSA_SIG *sig, + EC_KEY *eckey)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_init + (const EC_KEY_METHOD *meth, + int (**pinit)(EC_KEY *key), + void (**pfinish)(EC_KEY *key), + int (**pcopy)(EC_KEY *dest, const EC_KEY *src), + int (**pset_group)(EC_KEY *key, const EC_GROUP *grp), + int (**pset_private)(EC_KEY *key, const BIGNUM *priv_key), + int (**pset_public)(EC_KEY *key, const EC_POINT *pub_key)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_keygen + (const EC_KEY_METHOD *meth, int (**pkeygen)(EC_KEY *key)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_compute_key + (const EC_KEY_METHOD *meth, + int (**pck)(unsigned char **psec, + size_t *pseclen, + const EC_POINT *pub_key, + const EC_KEY *ecdh)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_sign + (const EC_KEY_METHOD *meth, + int (**psign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey)); + +OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_verify + (const EC_KEY_METHOD *meth, + int (**pverify)(int type, const unsigned + char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (**pverify_sig)(const unsigned char *dgst, + int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey)); +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +# define EVP_EC_gen(curve) \ + EVP_PKEY_Q_keygen(NULL, NULL, "EC", (char *)(strstr(curve, ""))) + /* strstr is used to enable type checking for the variadic string arg */ +# define ECParameters_dup(x) ASN1_dup_of(EC_KEY, i2d_ECParameters, \ + d2i_ECParameters, x) + +# ifndef __cplusplus +# if defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif +# endif +# endif + +# endif +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/ecdh.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/ecdh.h new file mode 100644 index 000000000000..56bd4cc2ce0d --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/ecdh.h @@ -0,0 +1,10 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/ecdsa.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/ecdsa.h new file mode 100644 index 000000000000..56bd4cc2ce0d --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/ecdsa.h @@ -0,0 +1,10 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/ecerr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/ecerr.h new file mode 100644 index 000000000000..f15f91f6bf05 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/ecerr.h @@ -0,0 +1,104 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ECERR_H +# define OPENSSL_ECERR_H +# pragma once + +# include +# include +# include + + +# ifndef OPENSSL_NO_EC + + +/* + * EC reason codes. + */ +# define EC_R_ASN1_ERROR 115 +# define EC_R_BAD_SIGNATURE 156 +# define EC_R_BIGNUM_OUT_OF_RANGE 144 +# define EC_R_BUFFER_TOO_SMALL 100 +# define EC_R_CANNOT_INVERT 165 +# define EC_R_COORDINATES_OUT_OF_RANGE 146 +# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160 +# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA 170 +# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 +# define EC_R_DECODE_ERROR 142 +# define EC_R_DISCRIMINANT_IS_ZERO 118 +# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +# define EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED 127 +# define EC_R_FAILED_MAKING_PUBLIC_KEY 166 +# define EC_R_FIELD_TOO_LARGE 143 +# define EC_R_GF2M_NOT_SUPPORTED 147 +# define EC_R_GROUP2PKPARAMETERS_FAILURE 120 +# define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 +# define EC_R_INCOMPATIBLE_OBJECTS 101 +# define EC_R_INVALID_A 168 +# define EC_R_INVALID_ARGUMENT 112 +# define EC_R_INVALID_B 169 +# define EC_R_INVALID_COFACTOR 171 +# define EC_R_INVALID_COMPRESSED_POINT 110 +# define EC_R_INVALID_COMPRESSION_BIT 109 +# define EC_R_INVALID_CURVE 141 +# define EC_R_INVALID_DIGEST 151 +# define EC_R_INVALID_DIGEST_TYPE 138 +# define EC_R_INVALID_ENCODING 102 +# define EC_R_INVALID_FIELD 103 +# define EC_R_INVALID_FORM 104 +# define EC_R_INVALID_GENERATOR 173 +# define EC_R_INVALID_GROUP_ORDER 122 +# define EC_R_INVALID_KEY 116 +# define EC_R_INVALID_LENGTH 117 +# define EC_R_INVALID_NAMED_GROUP_CONVERSION 174 +# define EC_R_INVALID_OUTPUT_LENGTH 161 +# define EC_R_INVALID_P 172 +# define EC_R_INVALID_PEER_KEY 133 +# define EC_R_INVALID_PENTANOMIAL_BASIS 132 +# define EC_R_INVALID_PRIVATE_KEY 123 +# define EC_R_INVALID_SEED 175 +# define EC_R_INVALID_TRINOMIAL_BASIS 137 +# define EC_R_KDF_PARAMETER_ERROR 148 +# define EC_R_KEYS_NOT_SET 140 +# define EC_R_LADDER_POST_FAILURE 136 +# define EC_R_LADDER_PRE_FAILURE 153 +# define EC_R_LADDER_STEP_FAILURE 162 +# define EC_R_MISSING_OID 167 +# define EC_R_MISSING_PARAMETERS 124 +# define EC_R_MISSING_PRIVATE_KEY 125 +# define EC_R_NEED_NEW_SETUP_VALUES 157 +# define EC_R_NOT_A_NIST_PRIME 135 +# define EC_R_NOT_IMPLEMENTED 126 +# define EC_R_NOT_INITIALIZED 111 +# define EC_R_NO_PARAMETERS_SET 139 +# define EC_R_NO_PRIVATE_VALUE 154 +# define EC_R_OPERATION_NOT_SUPPORTED 152 +# define EC_R_PASSED_NULL_PARAMETER 134 +# define EC_R_PEER_KEY_ERROR 149 +# define EC_R_POINT_ARITHMETIC_FAILURE 155 +# define EC_R_POINT_AT_INFINITY 106 +# define EC_R_POINT_COORDINATES_BLIND_FAILURE 163 +# define EC_R_POINT_IS_NOT_ON_CURVE 107 +# define EC_R_RANDOM_NUMBER_GENERATION_FAILED 158 +# define EC_R_SHARED_INFO_ERROR 150 +# define EC_R_SLOT_FULL 108 +# define EC_R_TOO_MANY_RETRIES 176 +# define EC_R_UNDEFINED_GENERATOR 113 +# define EC_R_UNDEFINED_ORDER 128 +# define EC_R_UNKNOWN_COFACTOR 164 +# define EC_R_UNKNOWN_GROUP 129 +# define EC_R_UNKNOWN_ORDER 114 +# define EC_R_UNSUPPORTED_FIELD 131 +# define EC_R_WRONG_CURVE_PARAMETERS 145 +# define EC_R_WRONG_ORDER 130 + +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/encoder.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/encoder.h new file mode 100644 index 000000000000..c37a6f16f23c --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/encoder.h @@ -0,0 +1,124 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ENCODER_H +# define OPENSSL_ENCODER_H +# pragma once + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +OSSL_ENCODER *OSSL_ENCODER_fetch(OSSL_LIB_CTX *libctx, const char *name, + const char *properties); +int OSSL_ENCODER_up_ref(OSSL_ENCODER *encoder); +void OSSL_ENCODER_free(OSSL_ENCODER *encoder); + +const OSSL_PROVIDER *OSSL_ENCODER_get0_provider(const OSSL_ENCODER *encoder); +const char *OSSL_ENCODER_get0_properties(const OSSL_ENCODER *encoder); +const char *OSSL_ENCODER_get0_name(const OSSL_ENCODER *kdf); +const char *OSSL_ENCODER_get0_description(const OSSL_ENCODER *kdf); +int OSSL_ENCODER_is_a(const OSSL_ENCODER *encoder, const char *name); + +void OSSL_ENCODER_do_all_provided(OSSL_LIB_CTX *libctx, + void (*fn)(OSSL_ENCODER *encoder, void *arg), + void *arg); +int OSSL_ENCODER_names_do_all(const OSSL_ENCODER *encoder, + void (*fn)(const char *name, void *data), + void *data); +const OSSL_PARAM *OSSL_ENCODER_gettable_params(OSSL_ENCODER *encoder); +int OSSL_ENCODER_get_params(OSSL_ENCODER *encoder, OSSL_PARAM params[]); + +const OSSL_PARAM *OSSL_ENCODER_settable_ctx_params(OSSL_ENCODER *encoder); +OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new(void); +int OSSL_ENCODER_CTX_set_params(OSSL_ENCODER_CTX *ctx, + const OSSL_PARAM params[]); +void OSSL_ENCODER_CTX_free(OSSL_ENCODER_CTX *ctx); + +/* Utilities that help set specific parameters */ +int OSSL_ENCODER_CTX_set_passphrase(OSSL_ENCODER_CTX *ctx, + const unsigned char *kstr, size_t klen); +int OSSL_ENCODER_CTX_set_pem_password_cb(OSSL_ENCODER_CTX *ctx, + pem_password_cb *cb, void *cbarg); +int OSSL_ENCODER_CTX_set_passphrase_cb(OSSL_ENCODER_CTX *ctx, + OSSL_PASSPHRASE_CALLBACK *cb, + void *cbarg); +int OSSL_ENCODER_CTX_set_passphrase_ui(OSSL_ENCODER_CTX *ctx, + const UI_METHOD *ui_method, + void *ui_data); +int OSSL_ENCODER_CTX_set_cipher(OSSL_ENCODER_CTX *ctx, + const char *cipher_name, + const char *propquery); +int OSSL_ENCODER_CTX_set_selection(OSSL_ENCODER_CTX *ctx, int selection); +int OSSL_ENCODER_CTX_set_output_type(OSSL_ENCODER_CTX *ctx, + const char *output_type); +int OSSL_ENCODER_CTX_set_output_structure(OSSL_ENCODER_CTX *ctx, + const char *output_structure); + +/* Utilities to add encoders */ +int OSSL_ENCODER_CTX_add_encoder(OSSL_ENCODER_CTX *ctx, OSSL_ENCODER *encoder); +int OSSL_ENCODER_CTX_add_extra(OSSL_ENCODER_CTX *ctx, + OSSL_LIB_CTX *libctx, const char *propq); +int OSSL_ENCODER_CTX_get_num_encoders(OSSL_ENCODER_CTX *ctx); + +typedef struct ossl_encoder_instance_st OSSL_ENCODER_INSTANCE; +OSSL_ENCODER * +OSSL_ENCODER_INSTANCE_get_encoder(OSSL_ENCODER_INSTANCE *encoder_inst); +void * +OSSL_ENCODER_INSTANCE_get_encoder_ctx(OSSL_ENCODER_INSTANCE *encoder_inst); +const char * +OSSL_ENCODER_INSTANCE_get_output_type(OSSL_ENCODER_INSTANCE *encoder_inst); +const char * +OSSL_ENCODER_INSTANCE_get_output_structure(OSSL_ENCODER_INSTANCE *encoder_inst); + +typedef const void *OSSL_ENCODER_CONSTRUCT(OSSL_ENCODER_INSTANCE *encoder_inst, + void *construct_data); +typedef void OSSL_ENCODER_CLEANUP(void *construct_data); + +int OSSL_ENCODER_CTX_set_construct(OSSL_ENCODER_CTX *ctx, + OSSL_ENCODER_CONSTRUCT *construct); +int OSSL_ENCODER_CTX_set_construct_data(OSSL_ENCODER_CTX *ctx, + void *construct_data); +int OSSL_ENCODER_CTX_set_cleanup(OSSL_ENCODER_CTX *ctx, + OSSL_ENCODER_CLEANUP *cleanup); + +/* Utilities to output the object to encode */ +int OSSL_ENCODER_to_bio(OSSL_ENCODER_CTX *ctx, BIO *out); +#ifndef OPENSSL_NO_STDIO +int OSSL_ENCODER_to_fp(OSSL_ENCODER_CTX *ctx, FILE *fp); +#endif +int OSSL_ENCODER_to_data(OSSL_ENCODER_CTX *ctx, unsigned char **pdata, + size_t *pdata_len); + +/* + * Create the OSSL_ENCODER_CTX with an associated type. This will perform + * an implicit OSSL_ENCODER_fetch(), suitable for the object of that type. + * This is more useful than calling OSSL_ENCODER_CTX_new(). + */ +OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new_for_pkey(const EVP_PKEY *pkey, + int selection, + const char *output_type, + const char *output_struct, + const char *propquery); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/encodererr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/encodererr.h new file mode 100644 index 000000000000..5e318b145370 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/encodererr.h @@ -0,0 +1,28 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ENCODERERR_H +# define OPENSSL_ENCODERERR_H +# pragma once + +# include +# include +# include + + + +/* + * OSSL_ENCODER reason codes. + */ +# define OSSL_ENCODER_R_ENCODER_NOT_FOUND 101 +# define OSSL_ENCODER_R_INCORRECT_PROPERTY_QUERY 100 +# define OSSL_ENCODER_R_MISSING_GET_PARAMS 102 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/engine.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/engine.h new file mode 100644 index 000000000000..2fbc82c3f940 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/engine.h @@ -0,0 +1,833 @@ +/* + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ENGINE_H +# define OPENSSL_ENGINE_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ENGINE_H +# endif + +# include + +# ifndef OPENSSL_NO_ENGINE +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# include +# include +# include +# include +# include +# include +# include +# endif +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +/* + * These flags are used to control combinations of algorithm (methods) by + * bitwise "OR"ing. + */ +# define ENGINE_METHOD_RSA (unsigned int)0x0001 +# define ENGINE_METHOD_DSA (unsigned int)0x0002 +# define ENGINE_METHOD_DH (unsigned int)0x0004 +# define ENGINE_METHOD_RAND (unsigned int)0x0008 +# define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 +# define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 +# define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 +# define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 +# define ENGINE_METHOD_EC (unsigned int)0x0800 +/* Obvious all-or-nothing cases. */ +# define ENGINE_METHOD_ALL (unsigned int)0xFFFF +# define ENGINE_METHOD_NONE (unsigned int)0x0000 + +/* + * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used + * internally to control registration of ENGINE implementations, and can be + * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to + * initialise registered ENGINEs if they are not already initialised. + */ +# define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 + +/* ENGINE flags that can be set by ENGINE_set_flags(). */ +/* Not used */ +/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ + +/* + * This flag is for ENGINEs that wish to handle the various 'CMD'-related + * control commands on their own. Without this flag, ENGINE_ctrl() handles + * these control commands on behalf of the ENGINE using their "cmd_defns" + * data. + */ +# define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 + +/* + * This flag is for ENGINEs who return new duplicate structures when found + * via "ENGINE_by_id()". When an ENGINE must store state (eg. if + * ENGINE_ctrl() commands are called in sequence as part of some stateful + * process like key-generation setup and execution), it can set this flag - + * then each attempt to obtain the ENGINE will result in it being copied into + * a new structure. Normally, ENGINEs don't declare this flag so + * ENGINE_by_id() just increments the existing ENGINE's structural reference + * count. + */ +# define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 + +/* + * This flag if for an ENGINE that does not want its methods registered as + * part of ENGINE_register_all_complete() for example if the methods are not + * usable as default methods. + */ + +# define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008 + +/* + * ENGINEs can support their own command types, and these flags are used in + * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input + * each command expects. Currently only numeric and string input is + * supported. If a control command supports none of the _NUMERIC, _STRING, or + * _NO_INPUT options, then it is regarded as an "internal" control command - + * and not for use in config setting situations. As such, they're not + * available to the ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() + * access. Changes to this list of 'command types' should be reflected + * carefully in ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). + */ + +/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */ +# define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 +/* + * accepts string input (cast from 'void*' to 'const char *', 4th parameter + * to ENGINE_ctrl) + */ +# define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 +/* + * Indicates that the control command takes *no* input. Ie. the control + * command is unparameterised. + */ +# define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 +/* + * Indicates that the control command is internal. This control command won't + * be shown in any output, and is only usable through the ENGINE_ctrl_cmd() + * function. + */ +# define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 + +/* + * NB: These 3 control commands are deprecated and should not be used. + * ENGINEs relying on these commands should compile conditional support for + * compatibility (eg. if these symbols are defined) but should also migrate + * the same functionality to their own ENGINE-specific control functions that + * can be "discovered" by calling applications. The fact these control + * commands wouldn't be "executable" (ie. usable by text-based config) + * doesn't change the fact that application code can find and use them + * without requiring per-ENGINE hacking. + */ + +/* + * These flags are used to tell the ctrl function what should be done. All + * command numbers are shared between all engines, even if some don't make + * sense to some engines. In such a case, they do nothing but return the + * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. + */ +# define ENGINE_CTRL_SET_LOGSTREAM 1 +# define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 +# define ENGINE_CTRL_HUP 3/* Close and reinitialise + * any handles/connections + * etc. */ +# define ENGINE_CTRL_SET_USER_INTERFACE 4/* Alternative to callback */ +# define ENGINE_CTRL_SET_CALLBACK_DATA 5/* User-specific data, used + * when calling the password + * callback and the user + * interface */ +# define ENGINE_CTRL_LOAD_CONFIGURATION 6/* Load a configuration, + * given a string that + * represents a file name + * or so */ +# define ENGINE_CTRL_LOAD_SECTION 7/* Load data from a given + * section in the already + * loaded configuration */ + +/* + * These control commands allow an application to deal with an arbitrary + * engine in a dynamic way. Warn: Negative return values indicate errors FOR + * THESE COMMANDS because zero is used to indicate 'end-of-list'. Other + * commands, including ENGINE-specific command types, return zero for an + * error. An ENGINE can choose to implement these ctrl functions, and can + * internally manage things however it chooses - it does so by setting the + * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise + * the ENGINE_ctrl() code handles this on the ENGINE's behalf using the + * cmd_defns data (set using ENGINE_set_cmd_defns()). This means an ENGINE's + * ctrl() handler need only implement its own commands - the above "meta" + * commands will be taken care of. + */ + +/* + * Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", + * then all the remaining control commands will return failure, so it is + * worth checking this first if the caller is trying to "discover" the + * engine's capabilities and doesn't want errors generated unnecessarily. + */ +# define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 +/* + * Returns a positive command number for the first command supported by the + * engine. Returns zero if no ctrl commands are supported. + */ +# define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 +/* + * The 'long' argument specifies a command implemented by the engine, and the + * return value is the next command supported, or zero if there are no more. + */ +# define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 +/* + * The 'void*' argument is a command name (cast from 'const char *'), and the + * return value is the command that corresponds to it. + */ +# define ENGINE_CTRL_GET_CMD_FROM_NAME 13 +/* + * The next two allow a command to be converted into its corresponding string + * form. In each case, the 'long' argument supplies the command. In the + * NAME_LEN case, the return value is the length of the command name (not + * counting a trailing EOL). In the NAME case, the 'void*' argument must be a + * string buffer large enough, and it will be populated with the name of the + * command (WITH a trailing EOL). + */ +# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 +# define ENGINE_CTRL_GET_NAME_FROM_CMD 15 +/* The next two are similar but give a "short description" of a command. */ +# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 +# define ENGINE_CTRL_GET_DESC_FROM_CMD 17 +/* + * With this command, the return value is the OR'd combination of + * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given + * engine-specific ctrl command expects. + */ +# define ENGINE_CTRL_GET_CMD_FLAGS 18 + +/* + * ENGINE implementations should start the numbering of their own control + * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). + */ +# define ENGINE_CMD_BASE 200 + +/* + * NB: These 2 nCipher "chil" control commands are deprecated, and their + * functionality is now available through ENGINE-specific control commands + * (exposed through the above-mentioned 'CMD'-handling). Code using these 2 + * commands should be migrated to the more general command handling before + * these are removed. + */ + +/* Flags specific to the nCipher "chil" engine */ +# define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 + /* + * Depending on the value of the (long)i argument, this sets or + * unsets the SimpleForkCheck flag in the CHIL API to enable or + * disable checking and workarounds for applications that fork(). + */ +# define ENGINE_CTRL_CHIL_NO_LOCKING 101 + /* + * This prevents the initialisation function from providing mutex + * callbacks to the nCipher library. + */ + +/* + * If an ENGINE supports its own specific control commands and wishes the + * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on + * its behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN + * entries to ENGINE_set_cmd_defns(). It should also implement a ctrl() + * handler that supports the stated commands (ie. the "cmd_num" entries as + * described by the array). NB: The array must be ordered in increasing order + * of cmd_num. "null-terminated" means that the last ENGINE_CMD_DEFN element + * has cmd_num set to zero and/or cmd_name set to NULL. + */ +typedef struct ENGINE_CMD_DEFN_st { + unsigned int cmd_num; /* The command number */ + const char *cmd_name; /* The command name itself */ + const char *cmd_desc; /* A short description of the command */ + unsigned int cmd_flags; /* The input the command expects */ +} ENGINE_CMD_DEFN; + +/* Generic function pointer */ +typedef int (*ENGINE_GEN_FUNC_PTR) (void); +/* Generic function pointer taking no arguments */ +typedef int (*ENGINE_GEN_INT_FUNC_PTR) (ENGINE *); +/* Specific control function pointer */ +typedef int (*ENGINE_CTRL_FUNC_PTR) (ENGINE *, int, long, void *, + void (*f) (void)); +/* Generic load_key function pointer */ +typedef EVP_PKEY *(*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, + UI_METHOD *ui_method, + void *callback_data); +typedef int (*ENGINE_SSL_CLIENT_CERT_PTR) (ENGINE *, SSL *ssl, + STACK_OF(X509_NAME) *ca_dn, + X509 **pcert, EVP_PKEY **pkey, + STACK_OF(X509) **pother, + UI_METHOD *ui_method, + void *callback_data); +/*- + * These callback types are for an ENGINE's handler for cipher and digest logic. + * These handlers have these prototypes; + * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); + * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); + * Looking at how to implement these handlers in the case of cipher support, if + * the framework wants the EVP_CIPHER for 'nid', it will call; + * foo(e, &p_evp_cipher, NULL, nid); (return zero for failure) + * If the framework wants a list of supported 'nid's, it will call; + * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error) + */ +/* + * Returns to a pointer to the array of supported cipher 'nid's. If the + * second parameter is non-NULL it is set to the size of the returned array. + */ +typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **, + const int **, int); +typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **, + int); +typedef int (*ENGINE_PKEY_METHS_PTR) (ENGINE *, EVP_PKEY_METHOD **, + const int **, int); +typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **, + const int **, int); +/* + * STRUCTURE functions ... all of these functions deal with pointers to + * ENGINE structures where the pointers have a "structural reference". This + * means that their reference is to allowed access to the structure but it + * does not imply that the structure is functional. To simply increment or + * decrement the structural reference count, use ENGINE_by_id and + * ENGINE_free. NB: This is not required when iterating using ENGINE_get_next + * as it will automatically decrement the structural reference count of the + * "current" ENGINE and increment the structural reference count of the + * ENGINE it returns (unless it is NULL). + */ + +/* Get the first/last "ENGINE" type available. */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_first(void); +OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_last(void); +# endif +/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_next(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_prev(ENGINE *e); +# endif +/* Add another "ENGINE" type into the array. */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int ENGINE_add(ENGINE *e); +# endif +/* Remove an existing "ENGINE" type from the array. */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int ENGINE_remove(ENGINE *e); +# endif +/* Retrieve an engine from the list by its unique "id" value. */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_by_id(const char *id); +# endif + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define ENGINE_load_openssl() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL) +# define ENGINE_load_dynamic() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL) +# ifndef OPENSSL_NO_STATIC_ENGINE +# define ENGINE_load_padlock() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL) +# define ENGINE_load_capi() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL) +# define ENGINE_load_afalg() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL) +# endif +# define ENGINE_load_cryptodev() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL) +# define ENGINE_load_rdrand() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL) +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 void ENGINE_load_builtin_engines(void); +# endif + +/* + * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation + * "registry" handling. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 unsigned int ENGINE_get_table_flags(void); +OSSL_DEPRECATEDIN_3_0 void ENGINE_set_table_flags(unsigned int flags); +# endif + +/*- Manage registration of ENGINEs per "table". For each type, there are 3 + * functions; + * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) + * ENGINE_unregister_***(e) - unregister the implementation from 'e' + * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list + * Cleanup is automatically registered from each table when required. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int ENGINE_register_RSA(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_RSA(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_RSA(void); +OSSL_DEPRECATEDIN_3_0 int ENGINE_register_DSA(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_DSA(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_DSA(void); +OSSL_DEPRECATEDIN_3_0 int ENGINE_register_EC(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_EC(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_EC(void); +OSSL_DEPRECATEDIN_3_0 int ENGINE_register_DH(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_DH(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_DH(void); +OSSL_DEPRECATEDIN_3_0 int ENGINE_register_RAND(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_RAND(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_RAND(void); +OSSL_DEPRECATEDIN_3_0 int ENGINE_register_ciphers(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_ciphers(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_ciphers(void); +OSSL_DEPRECATEDIN_3_0 int ENGINE_register_digests(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_digests(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_digests(void); +OSSL_DEPRECATEDIN_3_0 int ENGINE_register_pkey_meths(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_pkey_meths(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_pkey_meths(void); +OSSL_DEPRECATEDIN_3_0 int ENGINE_register_pkey_asn1_meths(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_pkey_asn1_meths(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_pkey_asn1_meths(void); +# endif + +/* + * These functions register all support from the above categories. Note, use + * of these functions can result in static linkage of code your application + * may not need. If you only need a subset of functionality, consider using + * more selective initialisation. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int ENGINE_register_complete(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 int ENGINE_register_all_complete(void); +# endif + +/* + * Send parameterised control commands to the engine. The possibilities to + * send down an integer, a pointer to data or a function pointer are + * provided. Any of the parameters may or may not be NULL, depending on the + * command number. In actuality, this function only requires a structural + * (rather than functional) reference to an engine, but many control commands + * may require the engine be functional. The caller should be aware of trying + * commands that require an operational ENGINE, and only use functional + * references in such situations. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, + void (*f) (void)); +# endif + +/* + * This function tests if an ENGINE-specific command is usable as a + * "setting". Eg. in an application's config file that gets processed through + * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to + * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int ENGINE_cmd_is_executable(ENGINE *e, int cmd); +# endif + +/* + * This function works like ENGINE_ctrl() with the exception of taking a + * command name instead of a command number, and can handle optional + * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation + * on how to use the cmd_name and cmd_optional. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, + long i, void *p, void (*f) (void), + int cmd_optional); +# endif + +/* + * This function passes a command-name and argument to an ENGINE. The + * cmd_name is converted to a command number and the control command is + * called using 'arg' as an argument (unless the ENGINE doesn't support such + * a command, in which case no control command is called). The command is + * checked for input flags, and if necessary the argument will be converted + * to a numeric value. If cmd_optional is non-zero, then if the ENGINE + * doesn't support the given cmd_name the return value will be success + * anyway. This function is intended for applications to use so that users + * (or config files) can supply engine-specific config data to the ENGINE at + * run-time to control behaviour of specific engines. As such, it shouldn't + * be used for calling ENGINE_ctrl() functions that return data, deal with + * binary data, or that are otherwise supposed to be used directly through + * ENGINE_ctrl() in application code. Any "return" data from an ENGINE_ctrl() + * operation in this function will be lost - the return value is interpreted + * as failure if the return value is zero, success otherwise, and this + * function returns a boolean value as a result. In other words, vendors of + * 'ENGINE'-enabled devices should write ENGINE implementations with + * parameterisations that work in this scheme, so that compliant ENGINE-based + * applications can work consistently with the same configuration for the + * same ENGINE-enabled devices, across applications. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, + int cmd_optional); +# endif + +/* + * These functions are useful for manufacturing new ENGINE structures. They + * don't address reference counting at all - one uses them to populate an + * ENGINE structure with personalised implementations of things prior to + * using it directly or adding it to the builtin ENGINE list in OpenSSL. + * These are also here so that the ENGINE structure doesn't have to be + * exposed and break binary compatibility! + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_new(void); +OSSL_DEPRECATEDIN_3_0 int ENGINE_free(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 int ENGINE_up_ref(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_id(ENGINE *e, const char *id); +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_name(ENGINE *e, const char *name); +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ecdsa_meth); +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +OSSL_DEPRECATEDIN_3_0 +int ENGINE_set_destroy_function(ENGINE *e,ENGINE_GEN_INT_FUNC_PTR destroy_f); +OSSL_DEPRECATEDIN_3_0 +int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); +OSSL_DEPRECATEDIN_3_0 +int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); +OSSL_DEPRECATEDIN_3_0 +int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); +OSSL_DEPRECATEDIN_3_0 +int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); +OSSL_DEPRECATEDIN_3_0 +int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +OSSL_DEPRECATEDIN_3_0 +int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, + ENGINE_SSL_CLIENT_CERT_PTR loadssl_f); +OSSL_DEPRECATEDIN_3_0 +int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); +OSSL_DEPRECATEDIN_3_0 +int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +OSSL_DEPRECATEDIN_3_0 +int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f); +OSSL_DEPRECATEDIN_3_0 +int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_flags(ENGINE *e, int flags); +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_cmd_defns(ENGINE *e, + const ENGINE_CMD_DEFN *defns); +# endif +/* These functions allow control over any per-structure ENGINE data. */ +# define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, l, p, newf, dupf, freef) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); +OSSL_DEPRECATEDIN_3_0 void *ENGINE_get_ex_data(const ENGINE *e, int idx); +# endif + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +/* + * This function previously cleaned up anything that needs it. Auto-deinit will + * now take care of it so it is no longer required to call this function. + */ +# define ENGINE_cleanup() while(0) continue +# endif + +/* + * These return values from within the ENGINE structure. These can be useful + * with functional references as well as structural references - it depends + * which you obtained. Using the result for functional purposes if you only + * obtained a structural reference may be problematic! + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 const char *ENGINE_get_id(const ENGINE *e); +OSSL_DEPRECATEDIN_3_0 const char *ENGINE_get_name(const ENGINE *e); +OSSL_DEPRECATEDIN_3_0 const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); +OSSL_DEPRECATEDIN_3_0 const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +OSSL_DEPRECATEDIN_3_0 const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e); +OSSL_DEPRECATEDIN_3_0 const DH_METHOD *ENGINE_get_DH(const ENGINE *e); +OSSL_DEPRECATEDIN_3_0 const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +OSSL_DEPRECATEDIN_3_0 +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); +OSSL_DEPRECATEDIN_3_0 +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); +OSSL_DEPRECATEDIN_3_0 +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); +OSSL_DEPRECATEDIN_3_0 +ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); +OSSL_DEPRECATEDIN_3_0 +ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); +OSSL_DEPRECATEDIN_3_0 +ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +OSSL_DEPRECATEDIN_3_0 +ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e); +OSSL_DEPRECATEDIN_3_0 +ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); +OSSL_DEPRECATEDIN_3_0 +ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +OSSL_DEPRECATEDIN_3_0 +ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e); +OSSL_DEPRECATEDIN_3_0 +ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e); +OSSL_DEPRECATEDIN_3_0 +const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); +OSSL_DEPRECATEDIN_3_0 +const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +OSSL_DEPRECATEDIN_3_0 +const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid); +OSSL_DEPRECATEDIN_3_0 +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid); +OSSL_DEPRECATEDIN_3_0 +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, + const char *str, + int len); +OSSL_DEPRECATEDIN_3_0 +const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, + const char *str, int len); +OSSL_DEPRECATEDIN_3_0 +const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); +OSSL_DEPRECATEDIN_3_0 int ENGINE_get_flags(const ENGINE *e); +# endif + +/* + * FUNCTIONAL functions. These functions deal with ENGINE structures that + * have (or will) be initialised for use. Broadly speaking, the structural + * functions are useful for iterating the list of available engine types, + * creating new engine types, and other "list" operations. These functions + * actually deal with ENGINEs that are to be used. As such these functions + * can fail (if applicable) when particular engines are unavailable - eg. if + * a hardware accelerator is not attached or not functioning correctly. Each + * ENGINE has 2 reference counts; structural and functional. Every time a + * functional reference is obtained or released, a corresponding structural + * reference is automatically obtained or released too. + */ + +/* + * Initialise an engine type for use (or up its reference count if it's + * already in use). This will fail if the engine is not currently operational + * and cannot initialise. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int ENGINE_init(ENGINE *e); +# endif +/* + * Free a functional reference to an engine type. This does not require a + * corresponding call to ENGINE_free as it also releases a structural + * reference. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int ENGINE_finish(ENGINE *e); +# endif + +/* + * The following functions handle keys that are stored in some secondary + * location, handled by the engine. The storage may be on a card or + * whatever. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +OSSL_DEPRECATEDIN_3_0 +EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +OSSL_DEPRECATEDIN_3_0 +int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, STACK_OF(X509_NAME) *ca_dn, + X509 **pcert, EVP_PKEY **ppkey, + STACK_OF(X509) **pother, + UI_METHOD *ui_method, void *callback_data); +# endif + +/* + * This returns a pointer for the current ENGINE structure that is (by + * default) performing any RSA operations. The value returned is an + * incremented reference, so it should be free'd (ENGINE_finish) before it is + * discarded. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_default_RSA(void); +# endif +/* Same for the other "methods" */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_default_DSA(void); +OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_default_EC(void); +OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_default_DH(void); +OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_default_RAND(void); +# endif +/* + * These functions can be used to get a functional reference to perform + * ciphering or digesting corresponding to "nid". + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_cipher_engine(int nid); +OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_digest_engine(int nid); +OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_pkey_meth_engine(int nid); +OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid); +# endif + +/* + * This sets a new default ENGINE structure for performing RSA operations. If + * the result is non-zero (success) then the ENGINE structure will have had + * its reference count up'd so the caller should still free their own + * reference 'e'. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_RSA(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_string(ENGINE *e, + const char *def_list); +# endif +/* Same for the other "methods" */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_DSA(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_EC(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_DH(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_RAND(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_ciphers(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_digests(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_pkey_meths(ENGINE *e); +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_pkey_asn1_meths(ENGINE *e); +# endif + +/* + * The combination "set" - the flags are bitwise "OR"d from the + * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" + * function, this function can result in unnecessary static linkage. If your + * application requires only specific functionality, consider using more + * selective functions. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default(ENGINE *e, unsigned int flags); +OSSL_DEPRECATEDIN_3_0 void ENGINE_add_conf_module(void); +# endif + +/* Deprecated functions ... */ +/* int ENGINE_clear_defaults(void); */ + +/**************************/ +/* DYNAMIC ENGINE SUPPORT */ +/**************************/ + +/* Binary/behaviour compatibility levels */ +# define OSSL_DYNAMIC_VERSION (unsigned long)0x00030000 +/* + * Binary versions older than this are too old for us (whether we're a loader + * or a loadee) + */ +# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00030000 + +/* + * When compiling an ENGINE entirely as an external shared library, loadable + * by the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' + * structure type provides the calling application's (or library's) error + * functionality and memory management function pointers to the loaded + * library. These should be used/set in the loaded library code so that the + * loading application's 'state' will be used/changed in all operations. The + * 'static_state' pointer allows the loaded library to know if it shares the + * same static data as the calling application (or library), and thus whether + * these callbacks need to be set or not. + */ +typedef void *(*dyn_MEM_malloc_fn) (size_t, const char *, int); +typedef void *(*dyn_MEM_realloc_fn) (void *, size_t, const char *, int); +typedef void (*dyn_MEM_free_fn) (void *, const char *, int); +typedef struct st_dynamic_MEM_fns { + dyn_MEM_malloc_fn malloc_fn; + dyn_MEM_realloc_fn realloc_fn; + dyn_MEM_free_fn free_fn; +} dynamic_MEM_fns; +/* + * FIXME: Perhaps the memory and locking code (crypto.h) should declare and + * use these types so we (and any other dependent code) can simplify a bit?? + */ +/* The top-level structure */ +typedef struct st_dynamic_fns { + void *static_state; + dynamic_MEM_fns mem_fns; +} dynamic_fns; + +/* + * The version checking function should be of this prototype. NB: The + * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading + * code. If this function returns zero, it indicates a (potential) version + * incompatibility and the loaded library doesn't believe it can proceed. + * Otherwise, the returned value is the (latest) version supported by the + * loading library. The loader may still decide that the loaded code's + * version is unsatisfactory and could veto the load. The function is + * expected to be implemented with the symbol name "v_check", and a default + * implementation can be fully instantiated with + * IMPLEMENT_DYNAMIC_CHECK_FN(). + */ +typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version); +# define IMPLEMENT_DYNAMIC_CHECK_FN() \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ + if (v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ + return 0; } + +/* + * This function is passed the ENGINE structure to initialise with its own + * function and command settings. It should not adjust the structural or + * functional reference counts. If this function returns zero, (a) the load + * will be aborted, (b) the previous ENGINE state will be memcpy'd back onto + * the structure, and (c) the shared library will be unloaded. So + * implementations should do their own internal cleanup in failure + * circumstances otherwise they could leak. The 'id' parameter, if non-NULL, + * represents the ENGINE id that the loader is looking for. If this is NULL, + * the shared library can choose to return failure or to initialise a + * 'default' ENGINE. If non-NULL, the shared library must initialise only an + * ENGINE matching the passed 'id'. The function is expected to be + * implemented with the symbol name "bind_engine". A standard implementation + * can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where the parameter + * 'fn' is a callback function that populates the ENGINE structure and + * returns an int value (zero for failure). 'fn' should have prototype; + * [static] int fn(ENGINE *e, const char *id); + */ +typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, + const dynamic_fns *fns); +# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ + if (ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ + CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ + fns->mem_fns.realloc_fn, \ + fns->mem_fns.free_fn); \ + OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \ + skip_cbs: \ + if (!fn(e, id)) return 0; \ + return 1; } + +/* + * If the loading application (or library) and the loaded ENGINE library + * share the same static data (eg. they're both dynamically linked to the + * same libcrypto.so) we need a way to avoid trying to set system callbacks - + * this would fail, and for the same reason that it's unnecessary to try. If + * the loaded ENGINE has (or gets from through the loader) its own copy of + * the libcrypto static data, we will need to set the callbacks. The easiest + * way to detect this is to have a function that returns a pointer to some + * static data and let the loading application and loaded ENGINE compare + * their respective values. + */ +void *ENGINE_get_static_state(void); + +# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +OSSL_DEPRECATEDIN_1_1_0 void ENGINE_setup_bsd_cryptodev(void); +# endif +# endif + + +# ifdef __cplusplus +} +# endif +# endif /* OPENSSL_NO_ENGINE */ +#endif /* OPENSSL_ENGINE_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/engineerr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/engineerr.h new file mode 100644 index 000000000000..d439b6827e60 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/engineerr.h @@ -0,0 +1,63 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ENGINEERR_H +# define OPENSSL_ENGINEERR_H +# pragma once + +# include +# include +# include + + +# ifndef OPENSSL_NO_ENGINE + + +/* + * ENGINE reason codes. + */ +# define ENGINE_R_ALREADY_LOADED 100 +# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 +# define ENGINE_R_CMD_NOT_EXECUTABLE 134 +# define ENGINE_R_COMMAND_TAKES_INPUT 135 +# define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 +# define ENGINE_R_CONFLICTING_ENGINE_ID 103 +# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 +# define ENGINE_R_DSO_FAILURE 104 +# define ENGINE_R_DSO_NOT_FOUND 132 +# define ENGINE_R_ENGINES_SECTION_ERROR 148 +# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 +# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 +# define ENGINE_R_ENGINE_SECTION_ERROR 149 +# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 +# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 +# define ENGINE_R_FINISH_FAILED 106 +# define ENGINE_R_ID_OR_NAME_MISSING 108 +# define ENGINE_R_INIT_FAILED 109 +# define ENGINE_R_INTERNAL_LIST_ERROR 110 +# define ENGINE_R_INVALID_ARGUMENT 143 +# define ENGINE_R_INVALID_CMD_NAME 137 +# define ENGINE_R_INVALID_CMD_NUMBER 138 +# define ENGINE_R_INVALID_INIT_VALUE 151 +# define ENGINE_R_INVALID_STRING 150 +# define ENGINE_R_NOT_INITIALISED 117 +# define ENGINE_R_NOT_LOADED 112 +# define ENGINE_R_NO_CONTROL_FUNCTION 120 +# define ENGINE_R_NO_INDEX 144 +# define ENGINE_R_NO_LOAD_FUNCTION 125 +# define ENGINE_R_NO_REFERENCE 130 +# define ENGINE_R_NO_SUCH_ENGINE 116 +# define ENGINE_R_UNIMPLEMENTED_CIPHER 146 +# define ENGINE_R_UNIMPLEMENTED_DIGEST 147 +# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 +# define ENGINE_R_VERSION_INCOMPATIBILITY 145 + +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/err.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/err.h index b987e31f8c8f..daca18e7b757 100644 --- a/contrib/openssl-cmake/linux_x86_64/include/openssl/err.h +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/err.h @@ -372,7 +372,7 @@ typedef struct ERR_string_data_st { } ERR_STRING_DATA; DEFINE_LHASH_OF_INTERNAL(ERR_STRING_DATA); -#define lh_ERR_STRING_DATA_new(hfn, cmp) ((LHASH_OF(ERR_STRING_DATA) *)OPENSSL_LH_new(ossl_check_ERR_STRING_DATA_lh_hashfunc_type(hfn), ossl_check_ERR_STRING_DATA_lh_compfunc_type(cmp))) +#define lh_ERR_STRING_DATA_new(hfn, cmp) ((LHASH_OF(ERR_STRING_DATA) *)OPENSSL_LH_set_thunks(OPENSSL_LH_new(ossl_check_ERR_STRING_DATA_lh_hashfunc_type(hfn), ossl_check_ERR_STRING_DATA_lh_compfunc_type(cmp)), lh_ERR_STRING_DATA_hash_thunk, lh_ERR_STRING_DATA_comp_thunk, lh_ERR_STRING_DATA_doall_thunk, lh_ERR_STRING_DATA_doall_arg_thunk)) #define lh_ERR_STRING_DATA_free(lh) OPENSSL_LH_free(ossl_check_ERR_STRING_DATA_lh_type(lh)) #define lh_ERR_STRING_DATA_flush(lh) OPENSSL_LH_flush(ossl_check_ERR_STRING_DATA_lh_type(lh)) #define lh_ERR_STRING_DATA_insert(lh, ptr) ((ERR_STRING_DATA *)OPENSSL_LH_insert(ossl_check_ERR_STRING_DATA_lh_type(lh), ossl_check_ERR_STRING_DATA_lh_plain_type(ptr))) @@ -497,6 +497,7 @@ int ERR_set_mark(void); int ERR_pop_to_mark(void); int ERR_clear_last_mark(void); int ERR_count_to_mark(void); +int ERR_pop(void); ERR_STATE *OSSL_ERR_STATE_new(void); void OSSL_ERR_STATE_save(ERR_STATE *es); diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/esserr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/esserr.h new file mode 100644 index 000000000000..165ce7c43751 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/esserr.h @@ -0,0 +1,32 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ESSERR_H +# define OPENSSL_ESSERR_H +# pragma once + +# include +# include +# include + +/* + * ESS reason codes. + */ +# define ESS_R_EMPTY_ESS_CERT_ID_LIST 107 +# define ESS_R_ESS_CERT_DIGEST_ERROR 103 +# define ESS_R_ESS_CERT_ID_NOT_FOUND 104 +# define ESS_R_ESS_CERT_ID_WRONG_ORDER 105 +# define ESS_R_ESS_DIGEST_ALG_UNKNOWN 106 +# define ESS_R_ESS_SIGNING_CERTIFICATE_ERROR 102 +# define ESS_R_ESS_SIGNING_CERT_ADD_ERROR 100 +# define ESS_R_ESS_SIGNING_CERT_V2_ADD_ERROR 101 +# define ESS_R_MISSING_SIGNING_CERTIFICATE_ATTRIBUTE 108 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/evp.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/evp.h new file mode 100644 index 000000000000..f70b9d744d63 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/evp.h @@ -0,0 +1,2183 @@ +/* + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_EVP_H +# define OPENSSL_EVP_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ENVELOPE_H +# endif + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif + +# include +# include +# include +# include +# include +# include +# include +# include + +# define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ +# define EVP_MAX_KEY_LENGTH 64 +# define EVP_MAX_IV_LENGTH 16 +# define EVP_MAX_BLOCK_LENGTH 32 +# define EVP_MAX_AEAD_TAG_LENGTH 16 + +# define PKCS5_SALT_LEN 8 +/* Default PKCS#5 iteration count */ +# define PKCS5_DEFAULT_ITER 2048 + +# include + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define EVP_PK_RSA 0x0001 +# define EVP_PK_DSA 0x0002 +# define EVP_PK_DH 0x0004 +# define EVP_PK_EC 0x0008 +# define EVP_PKT_SIGN 0x0010 +# define EVP_PKT_ENC 0x0020 +# define EVP_PKT_EXCH 0x0040 +# define EVP_PKS_RSA 0x0100 +# define EVP_PKS_DSA 0x0200 +# define EVP_PKS_EC 0x0400 +# endif + +# define EVP_PKEY_NONE NID_undef +# define EVP_PKEY_RSA NID_rsaEncryption +# define EVP_PKEY_RSA2 NID_rsa +# define EVP_PKEY_RSA_PSS NID_rsassaPss +# define EVP_PKEY_DSA NID_dsa +# define EVP_PKEY_DSA1 NID_dsa_2 +# define EVP_PKEY_DSA2 NID_dsaWithSHA +# define EVP_PKEY_DSA3 NID_dsaWithSHA1 +# define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 +# define EVP_PKEY_DH NID_dhKeyAgreement +# define EVP_PKEY_DHX NID_dhpublicnumber +# define EVP_PKEY_EC NID_X9_62_id_ecPublicKey +# define EVP_PKEY_SM2 NID_sm2 +# define EVP_PKEY_HMAC NID_hmac +# define EVP_PKEY_CMAC NID_cmac +# define EVP_PKEY_SCRYPT NID_id_scrypt +# define EVP_PKEY_TLS1_PRF NID_tls1_prf +# define EVP_PKEY_HKDF NID_hkdf +# define EVP_PKEY_POLY1305 NID_poly1305 +# define EVP_PKEY_SIPHASH NID_siphash +# define EVP_PKEY_X25519 NID_X25519 +# define EVP_PKEY_ED25519 NID_ED25519 +# define EVP_PKEY_X448 NID_X448 +# define EVP_PKEY_ED448 NID_ED448 +/* Special indicator that the object is uniquely provider side */ +# define EVP_PKEY_KEYMGMT -1 + +/* Easy to use macros for EVP_PKEY related selections */ +# define EVP_PKEY_KEY_PARAMETERS \ + ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ) +# define EVP_PKEY_PRIVATE_KEY \ + ( EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PRIVATE_KEY ) +# define EVP_PKEY_PUBLIC_KEY \ + ( EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PUBLIC_KEY ) +# define EVP_PKEY_KEYPAIR \ + ( EVP_PKEY_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_PRIVATE_KEY ) + +#ifdef __cplusplus +extern "C" { +#endif + +int EVP_set_default_properties(OSSL_LIB_CTX *libctx, const char *propq); +int EVP_default_properties_is_fips_enabled(OSSL_LIB_CTX *libctx); +int EVP_default_properties_enable_fips(OSSL_LIB_CTX *libctx, int enable); + +# define EVP_PKEY_MO_SIGN 0x0001 +# define EVP_PKEY_MO_VERIFY 0x0002 +# define EVP_PKEY_MO_ENCRYPT 0x0004 +# define EVP_PKEY_MO_DECRYPT 0x0008 + +# ifndef EVP_MD +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); +OSSL_DEPRECATEDIN_3_0 EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); +OSSL_DEPRECATEDIN_3_0 void EVP_MD_meth_free(EVP_MD *md); +OSSL_DEPRECATEDIN_3_0 +int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); +OSSL_DEPRECATEDIN_3_0 +int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); +OSSL_DEPRECATEDIN_3_0 +int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); +OSSL_DEPRECATEDIN_3_0 +int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); +OSSL_DEPRECATEDIN_3_0 +int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); +OSSL_DEPRECATEDIN_3_0 +int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, + const void *data, + size_t count)); +OSSL_DEPRECATEDIN_3_0 +int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, + unsigned char *md)); +OSSL_DEPRECATEDIN_3_0 +int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, + const EVP_MD_CTX *from)); +OSSL_DEPRECATEDIN_3_0 +int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); +OSSL_DEPRECATEDIN_3_0 +int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2)); +OSSL_DEPRECATEDIN_3_0 int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); +OSSL_DEPRECATEDIN_3_0 int EVP_MD_meth_get_result_size(const EVP_MD *md); +OSSL_DEPRECATEDIN_3_0 int EVP_MD_meth_get_app_datasize(const EVP_MD *md); +OSSL_DEPRECATEDIN_3_0 unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); +OSSL_DEPRECATEDIN_3_0 +int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 +int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, + const void *data, size_t count); +OSSL_DEPRECATEDIN_3_0 +int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, + unsigned char *md); +OSSL_DEPRECATEDIN_3_0 +int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, + const EVP_MD_CTX *from); +OSSL_DEPRECATEDIN_3_0 +int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 +int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2); +# endif +/* digest can only handle a single block */ +# define EVP_MD_FLAG_ONESHOT 0x0001 + +/* digest is extensible-output function, XOF */ +# define EVP_MD_FLAG_XOF 0x0002 + +/* DigestAlgorithmIdentifier flags... */ + +# define EVP_MD_FLAG_DIGALGID_MASK 0x0018 + +/* NULL or absent parameter accepted. Use NULL */ + +# define EVP_MD_FLAG_DIGALGID_NULL 0x0000 + +/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */ + +# define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008 + +/* Custom handling via ctrl */ + +# define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 + +/* Note if suitable for use in FIPS mode */ +# define EVP_MD_FLAG_FIPS 0x0400 + +/* Digest ctrls */ + +# define EVP_MD_CTRL_DIGALGID 0x1 +# define EVP_MD_CTRL_MICALG 0x2 +# define EVP_MD_CTRL_XOF_LEN 0x3 +# define EVP_MD_CTRL_TLSTREE 0x4 + +/* Minimum Algorithm specific ctrl value */ + +# define EVP_MD_CTRL_ALG_CTRL 0x1000 + +# endif /* !EVP_MD */ + +/* values for EVP_MD_CTX flags */ + +# define EVP_MD_CTX_FLAG_ONESHOT 0x0001/* digest update will be + * called once only */ +# define EVP_MD_CTX_FLAG_CLEANED 0x0002/* context has already been + * cleaned */ +# define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data + * in EVP_MD_CTX_reset */ +/* + * FIPS and pad options are ignored in 1.0.0, definitions are here so we + * don't accidentally reuse the values for other purposes. + */ + +/* This flag has no effect from openssl-3.0 onwards */ +# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 + +/* + * The following PAD options are also currently ignored in 1.0.0, digest + * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*() + * instead. + */ +# define EVP_MD_CTX_FLAG_PAD_MASK 0xF0/* RSA mode to use */ +# define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */ +# define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */ +# define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ + +# define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */ +/* + * Some functions such as EVP_DigestSign only finalise copies of internal + * contexts so additional data can be included after the finalisation call. + * This is inefficient if this functionality is not required: it is disabled + * if the following flag is set. + */ +# define EVP_MD_CTX_FLAG_FINALISE 0x0200 +/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */ + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); +OSSL_DEPRECATEDIN_3_0 +EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); +OSSL_DEPRECATEDIN_3_0 +void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); +OSSL_DEPRECATEDIN_3_0 +int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); +OSSL_DEPRECATEDIN_3_0 +int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); +OSSL_DEPRECATEDIN_3_0 +int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); +OSSL_DEPRECATEDIN_3_0 +int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, + int (*init) (EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc)); +OSSL_DEPRECATEDIN_3_0 +int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, + int (*do_cipher) (EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl)); +OSSL_DEPRECATEDIN_3_0 +int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, + int (*cleanup) (EVP_CIPHER_CTX *)); +OSSL_DEPRECATEDIN_3_0 +int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, + int (*set_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)); +OSSL_DEPRECATEDIN_3_0 +int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, + int (*get_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)); +OSSL_DEPRECATEDIN_3_0 +int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, + int (*ctrl) (EVP_CIPHER_CTX *, int type, + int arg, void *ptr)); +OSSL_DEPRECATEDIN_3_0 int +(*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc); +OSSL_DEPRECATEDIN_3_0 int +(*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl); +OSSL_DEPRECATEDIN_3_0 int +(*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); +OSSL_DEPRECATEDIN_3_0 int +(*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *); +OSSL_DEPRECATEDIN_3_0 int +(*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *); +OSSL_DEPRECATEDIN_3_0 int +(*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, int type, + int arg, void *ptr); +# endif + +/* Values for cipher flags */ + +/* Modes for ciphers */ + +# define EVP_CIPH_STREAM_CIPHER 0x0 +# define EVP_CIPH_ECB_MODE 0x1 +# define EVP_CIPH_CBC_MODE 0x2 +# define EVP_CIPH_CFB_MODE 0x3 +# define EVP_CIPH_OFB_MODE 0x4 +# define EVP_CIPH_CTR_MODE 0x5 +# define EVP_CIPH_GCM_MODE 0x6 +# define EVP_CIPH_CCM_MODE 0x7 +# define EVP_CIPH_XTS_MODE 0x10001 +# define EVP_CIPH_WRAP_MODE 0x10002 +# define EVP_CIPH_OCB_MODE 0x10003 +# define EVP_CIPH_SIV_MODE 0x10004 +# define EVP_CIPH_GCM_SIV_MODE 0x10005 +# define EVP_CIPH_MODE 0xF0007 +/* Set if variable length cipher */ +# define EVP_CIPH_VARIABLE_LENGTH 0x8 +/* Set if the iv handling should be done by the cipher itself */ +# define EVP_CIPH_CUSTOM_IV 0x10 +/* Set if the cipher's init() function should be called if key is NULL */ +# define EVP_CIPH_ALWAYS_CALL_INIT 0x20 +/* Call ctrl() to init cipher parameters */ +# define EVP_CIPH_CTRL_INIT 0x40 +/* Don't use standard key length function */ +# define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 +/* Don't use standard block padding */ +# define EVP_CIPH_NO_PADDING 0x100 +/* cipher handles random key generation */ +# define EVP_CIPH_RAND_KEY 0x200 +/* cipher has its own additional copying logic */ +# define EVP_CIPH_CUSTOM_COPY 0x400 +/* Don't use standard iv length function */ +# define EVP_CIPH_CUSTOM_IV_LENGTH 0x800 +/* Legacy and no longer relevant: Allow use default ASN1 get/set iv */ +# define EVP_CIPH_FLAG_DEFAULT_ASN1 0 +/* Free: 0x1000 */ +/* Buffer length in bits not bytes: CFB1 mode only */ +# define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 +/* Deprecated FIPS flag: was 0x4000 */ +# define EVP_CIPH_FLAG_FIPS 0 +/* Deprecated FIPS flag: was 0x8000 */ +# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0 + +/* + * Cipher handles any and all padding logic as well as finalisation. + */ +# define EVP_CIPH_FLAG_CTS 0x4000 +# define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 +# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 +# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 +/* Cipher can handle pipeline operations */ +# define EVP_CIPH_FLAG_PIPELINE 0X800000 +/* For provider implementations that handle ASN1 get/set param themselves */ +# define EVP_CIPH_FLAG_CUSTOM_ASN1 0x1000000 +/* For ciphers generating unprotected CMS attributes */ +# define EVP_CIPH_FLAG_CIPHER_WITH_MAC 0x2000000 +/* For supplementary wrap cipher support */ +# define EVP_CIPH_FLAG_GET_WRAP_CIPHER 0x4000000 +# define EVP_CIPH_FLAG_INVERSE_CIPHER 0x8000000 + +/* + * Cipher context flag to indicate we can handle wrap mode: if allowed in + * older applications it could overflow buffers. + */ + +# define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1 + +/* ctrl() values */ + +# define EVP_CTRL_INIT 0x0 +# define EVP_CTRL_SET_KEY_LENGTH 0x1 +# define EVP_CTRL_GET_RC2_KEY_BITS 0x2 +# define EVP_CTRL_SET_RC2_KEY_BITS 0x3 +# define EVP_CTRL_GET_RC5_ROUNDS 0x4 +# define EVP_CTRL_SET_RC5_ROUNDS 0x5 +# define EVP_CTRL_RAND_KEY 0x6 +# define EVP_CTRL_PBE_PRF_NID 0x7 +# define EVP_CTRL_COPY 0x8 +# define EVP_CTRL_AEAD_SET_IVLEN 0x9 +# define EVP_CTRL_AEAD_GET_TAG 0x10 +# define EVP_CTRL_AEAD_SET_TAG 0x11 +# define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 +# define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +# define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +# define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED +# define EVP_CTRL_GCM_IV_GEN 0x13 +# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +# define EVP_CTRL_CCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED +# define EVP_CTRL_CCM_SET_L 0x14 +# define EVP_CTRL_CCM_SET_MSGLEN 0x15 +/* + * AEAD cipher deduces payload length and returns number of bytes required to + * store MAC and eventual padding. Subsequent call to EVP_Cipher even + * appends/verifies MAC. + */ +# define EVP_CTRL_AEAD_TLS1_AAD 0x16 +/* Used by composite AEAD ciphers, no-op in GCM, CCM... */ +# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 +/* Set the GCM invocation field, decrypt only */ +# define EVP_CTRL_GCM_SET_IV_INV 0x18 + +# define EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 0x19 +# define EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 0x1a +# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b +# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c + +# define EVP_CTRL_SSL3_MASTER_SECRET 0x1d + +/* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */ +# define EVP_CTRL_SET_SBOX 0x1e +/* + * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a + * pre-allocated buffer with specified size + */ +# define EVP_CTRL_SBOX_USED 0x1f +/* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after, + * 0 switches meshing off + */ +# define EVP_CTRL_KEY_MESH 0x20 +/* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */ +# define EVP_CTRL_BLOCK_PADDING_MODE 0x21 + +/* Set the output buffers to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS 0x22 +/* Set the input buffers to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_INPUT_BUFS 0x23 +/* Set the input buffer lengths to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24 +/* Get the IV length used by the cipher */ +# define EVP_CTRL_GET_IVLEN 0x25 +/* 0x26 is unused */ +/* Tell the cipher it's doing a speed test (SIV disallows multiple ops) */ +# define EVP_CTRL_SET_SPEED 0x27 +/* Get the unprotectedAttrs from cipher ctx */ +# define EVP_CTRL_PROCESS_UNPROTECTED 0x28 +/* Get the supplementary wrap cipher */ +#define EVP_CTRL_GET_WRAP_CIPHER 0x29 +/* TLSTREE key diversification */ +#define EVP_CTRL_TLSTREE 0x2A + +/* Padding modes */ +#define EVP_PADDING_PKCS7 1 +#define EVP_PADDING_ISO7816_4 2 +#define EVP_PADDING_ANSI923 3 +#define EVP_PADDING_ISO10126 4 +#define EVP_PADDING_ZERO 5 + +/* RFC 5246 defines additional data to be 13 bytes in length */ +# define EVP_AEAD_TLS1_AAD_LEN 13 + +typedef struct { + unsigned char *out; + const unsigned char *inp; + size_t len; + unsigned int interleave; +} EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM; + +/* GCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +# define EVP_GCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +# define EVP_GCM_TLS_EXPLICIT_IV_LEN 8 +/* Length of tag for TLS */ +# define EVP_GCM_TLS_TAG_LEN 16 + +/* CCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +# define EVP_CCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +# define EVP_CCM_TLS_EXPLICIT_IV_LEN 8 +/* Total length of CCM IV length for TLS */ +# define EVP_CCM_TLS_IV_LEN 12 +/* Length of tag for TLS */ +# define EVP_CCM_TLS_TAG_LEN 16 +/* Length of CCM8 tag for TLS */ +# define EVP_CCM8_TLS_TAG_LEN 8 + +/* Length of tag for TLS */ +# define EVP_CHACHAPOLY_TLS_TAG_LEN 16 + +typedef struct evp_cipher_info_st { + const EVP_CIPHER *cipher; + unsigned char iv[EVP_MAX_IV_LENGTH]; +} EVP_CIPHER_INFO; + + +/* Password based encryption function */ +typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *cipher, const EVP_MD *md, + int en_de); + +typedef int (EVP_PBE_KEYGEN_EX) (EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *cipher, const EVP_MD *md, + int en_de, OSSL_LIB_CTX *libctx, const char *propq); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ + (rsa)) +# endif + +# ifndef OPENSSL_NO_DSA +# define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ + (dsa)) +# endif + +# if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0) +# define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,(dh)) +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_EC +# define EVP_PKEY_assign_EC_KEY(pkey,eckey) \ + EVP_PKEY_assign((pkey), EVP_PKEY_EC, (eckey)) +# endif +# endif +# ifndef OPENSSL_NO_SIPHASH +# define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),\ + EVP_PKEY_SIPHASH,(shkey)) +# endif + +# ifndef OPENSSL_NO_POLY1305 +# define EVP_PKEY_assign_POLY1305(pkey,polykey) EVP_PKEY_assign((pkey),\ + EVP_PKEY_POLY1305,(polykey)) +# endif + +/* Add some extra combinations */ +# define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) +# define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) +# define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) +# define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) + +int EVP_MD_get_type(const EVP_MD *md); +# define EVP_MD_type EVP_MD_get_type +# define EVP_MD_nid EVP_MD_get_type +const char *EVP_MD_get0_name(const EVP_MD *md); +# define EVP_MD_name EVP_MD_get0_name +const char *EVP_MD_get0_description(const EVP_MD *md); +int EVP_MD_is_a(const EVP_MD *md, const char *name); +int EVP_MD_names_do_all(const EVP_MD *md, + void (*fn)(const char *name, void *data), + void *data); +const OSSL_PROVIDER *EVP_MD_get0_provider(const EVP_MD *md); +int EVP_MD_get_pkey_type(const EVP_MD *md); +# define EVP_MD_pkey_type EVP_MD_get_pkey_type +int EVP_MD_get_size(const EVP_MD *md); +# define EVP_MD_size EVP_MD_get_size +int EVP_MD_get_block_size(const EVP_MD *md); +# define EVP_MD_block_size EVP_MD_get_block_size +unsigned long EVP_MD_get_flags(const EVP_MD *md); +# define EVP_MD_flags EVP_MD_get_flags + +const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx); +EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 +int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, + const void *data, size_t count); +OSSL_DEPRECATEDIN_3_0 +void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, + int (*update) (EVP_MD_CTX *ctx, + const void *data, size_t count)); +# endif +# define EVP_MD_CTX_get0_name(e) EVP_MD_get0_name(EVP_MD_CTX_get0_md(e)) +# define EVP_MD_CTX_get_size(e) EVP_MD_get_size(EVP_MD_CTX_get0_md(e)) +# define EVP_MD_CTX_size EVP_MD_CTX_get_size +# define EVP_MD_CTX_get_block_size(e) EVP_MD_get_block_size(EVP_MD_CTX_get0_md(e)) +# define EVP_MD_CTX_block_size EVP_MD_CTX_get_block_size +# define EVP_MD_CTX_get_type(e) EVP_MD_get_type(EVP_MD_CTX_get0_md(e)) +# define EVP_MD_CTX_type EVP_MD_CTX_get_type +EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx); +# define EVP_MD_CTX_pkey_ctx EVP_MD_CTX_get_pkey_ctx +void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); +void *EVP_MD_CTX_get0_md_data(const EVP_MD_CTX *ctx); +# define EVP_MD_CTX_md_data EVP_MD_CTX_get0_md_data + +int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher); +# define EVP_CIPHER_nid EVP_CIPHER_get_nid +const char *EVP_CIPHER_get0_name(const EVP_CIPHER *cipher); +# define EVP_CIPHER_name EVP_CIPHER_get0_name +const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher); +int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name); +int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, + void (*fn)(const char *name, void *data), + void *data); +const OSSL_PROVIDER *EVP_CIPHER_get0_provider(const EVP_CIPHER *cipher); +int EVP_CIPHER_get_block_size(const EVP_CIPHER *cipher); +# define EVP_CIPHER_block_size EVP_CIPHER_get_block_size +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher); +# endif +int EVP_CIPHER_get_key_length(const EVP_CIPHER *cipher); +# define EVP_CIPHER_key_length EVP_CIPHER_get_key_length +int EVP_CIPHER_get_iv_length(const EVP_CIPHER *cipher); +# define EVP_CIPHER_iv_length EVP_CIPHER_get_iv_length +unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *cipher); +# define EVP_CIPHER_flags EVP_CIPHER_get_flags +int EVP_CIPHER_get_mode(const EVP_CIPHER *cipher); +# define EVP_CIPHER_mode EVP_CIPHER_get_mode +int EVP_CIPHER_get_type(const EVP_CIPHER *cipher); +# define EVP_CIPHER_type EVP_CIPHER_get_type +EVP_CIPHER *EVP_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, + const char *properties); +int EVP_CIPHER_up_ref(EVP_CIPHER *cipher); +void EVP_CIPHER_free(EVP_CIPHER *cipher); + +const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx); +EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_is_encrypting(const EVP_CIPHER_CTX *ctx); +# define EVP_CIPHER_CTX_encrypting EVP_CIPHER_CTX_is_encrypting +int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx); +# define EVP_CIPHER_CTX_nid EVP_CIPHER_CTX_get_nid +int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx); +# define EVP_CIPHER_CTX_block_size EVP_CIPHER_CTX_get_block_size +int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx); +# define EVP_CIPHER_CTX_key_length EVP_CIPHER_CTX_get_key_length +int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx); +# define EVP_CIPHER_CTX_iv_length EVP_CIPHER_CTX_get_iv_length +int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx); +# define EVP_CIPHER_CTX_tag_length EVP_CIPHER_CTX_get_tag_length +# ifndef OPENSSL_NO_DEPRECATED_3_0 +const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); +# endif +int EVP_CIPHER_CTX_get_updated_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len); +int EVP_CIPHER_CTX_get_original_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx); +# endif +int EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX *ctx); +# define EVP_CIPHER_CTX_num EVP_CIPHER_CTX_get_num +int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); +EVP_CIPHER_CTX *EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in); +int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); +void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); +void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); +void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); +# define EVP_CIPHER_CTX_get0_name(c) EVP_CIPHER_get0_name(EVP_CIPHER_CTX_get0_cipher(c)) +# define EVP_CIPHER_CTX_get_type(c) EVP_CIPHER_get_type(EVP_CIPHER_CTX_get0_cipher(c)) +# define EVP_CIPHER_CTX_type EVP_CIPHER_CTX_get_type +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(c)) +# endif +# define EVP_CIPHER_CTX_get_mode(c) EVP_CIPHER_get_mode(EVP_CIPHER_CTX_get0_cipher(c)) +# define EVP_CIPHER_CTX_mode EVP_CIPHER_CTX_get_mode + +# define EVP_ENCODE_LENGTH(l) ((((l)+2)/3*4)+((l)/48+1)*2+80) +# define EVP_DECODE_LENGTH(l) (((l)+3)/4*3+80) + +# define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +# define EVP_SignInit(a,b) EVP_DigestInit(a,b) +# define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +# define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) +# define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) +# define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) + +# ifdef CONST_STRICT +void BIO_set_md(BIO *, const EVP_MD *md); +# else +# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(void *)(md)) +# endif +# define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(mdp)) +# define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(mdcp)) +# define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(mdcp)) +# define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) +# define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp)) + +__owur int EVP_Cipher(EVP_CIPHER_CTX *c, + unsigned char *out, + const unsigned char *in, unsigned int inl); + +# define EVP_add_cipher_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) +# define EVP_add_digest_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) +# define EVP_delete_cipher_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); +# define EVP_delete_digest_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); + +int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]); +int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]); +int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]); +const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest); +const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md); +const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md); +const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx); +const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx); +int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); +EVP_MD_CTX *EVP_MD_CTX_new(void); +int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); +void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +# define EVP_MD_CTX_create() EVP_MD_CTX_new() +# define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx)) +# define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx)) +__owur EVP_MD_CTX *EVP_MD_CTX_dup(const EVP_MD_CTX *in); +__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); +void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); +__owur int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type, + const OSSL_PARAM params[]); +__owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, + ENGINE *impl); +__owur int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, + size_t cnt); +__owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, + unsigned int *s); +__owur int EVP_Digest(const void *data, size_t count, + unsigned char *md, unsigned int *size, + const EVP_MD *type, ENGINE *impl); +__owur int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name, + const char *propq, const void *data, size_t datalen, + unsigned char *md, size_t *mdlen); + +__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); +__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +__owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, + unsigned int *s); +__owur int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *out, + size_t outlen); +__owur int EVP_DigestSqueeze(EVP_MD_CTX *ctx, unsigned char *out, + size_t outlen); + +__owur EVP_MD *EVP_MD_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, + const char *properties); + +int EVP_MD_up_ref(EVP_MD *md); +void EVP_MD_free(EVP_MD *md); + +int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); +int EVP_read_pw_string_min(char *buf, int minlen, int maxlen, + const char *prompt, int verify); +void EVP_set_pw_prompt(const char *prompt); +char *EVP_get_pw_prompt(void); + +__owur int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + const unsigned char *salt, + const unsigned char *data, int datal, int count, + unsigned char *key, unsigned char *iv); + +void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); +void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); +int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); + +__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv); +__owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, + const unsigned char *iv, + const OSSL_PARAM params[]); +__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); +__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); + +__owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv); +__owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, + const unsigned char *iv, + const OSSL_PARAM params[]); +__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +__owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); +__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + +__owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, + int enc); +__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv, int enc); +__owur int EVP_CipherInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, + int enc, const OSSL_PARAM params[]); +__owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +__owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); +__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + +__owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, + EVP_PKEY *pkey); +__owur int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, + EVP_PKEY *pkey, OSSL_LIB_CTX *libctx, + const char *propq); + +__owur int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen, const unsigned char *tbs, + size_t tbslen); + +__owur int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + unsigned int siglen, EVP_PKEY *pkey); +__owur int EVP_VerifyFinal_ex(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + unsigned int siglen, EVP_PKEY *pkey, + OSSL_LIB_CTX *libctx, const char *propq); + +__owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, + size_t siglen, const unsigned char *tbs, + size_t tbslen); + +__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const char *mdname, OSSL_LIB_CTX *libctx, + const char *props, EVP_PKEY *pkey, + const OSSL_PARAM params[]); +__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); +__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize); +__owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen); + +__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const char *mdname, OSSL_LIB_CTX *libctx, + const char *props, EVP_PKEY *pkey, + const OSSL_PARAM params[]); +__owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); +int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize); +__owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen); + +__owur int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + const unsigned char *ek, int ekl, + const unsigned char *iv, EVP_PKEY *priv); +__owur int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +__owur int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char **ek, int *ekl, unsigned char *iv, + EVP_PKEY **pubk, int npubk); +__owur int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); +void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); +int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, const EVP_ENCODE_CTX *sctx); +int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx); +void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); + +void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned + char *out, int *outl); +int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c) +# define EVP_CIPHER_CTX_cleanup(c) EVP_CIPHER_CTX_reset(c) +# endif +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c); +int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); +int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); +int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); +int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]); +int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]); +int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]); +const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher); +const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher); +const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher); +const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *ctx); +const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *ctx); + +const BIO_METHOD *BIO_f_md(void); +const BIO_METHOD *BIO_f_base64(void); +const BIO_METHOD *BIO_f_cipher(void); +const BIO_METHOD *BIO_f_reliable(void); +__owur int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, + const unsigned char *i, int enc); + +const EVP_MD *EVP_md_null(void); +# ifndef OPENSSL_NO_MD2 +const EVP_MD *EVP_md2(void); +# endif +# ifndef OPENSSL_NO_MD4 +const EVP_MD *EVP_md4(void); +# endif +# ifndef OPENSSL_NO_MD5 +const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_md5_sha1(void); +# endif +# ifndef OPENSSL_NO_BLAKE2 +const EVP_MD *EVP_blake2b512(void); +const EVP_MD *EVP_blake2s256(void); +# endif +const EVP_MD *EVP_sha1(void); +const EVP_MD *EVP_sha224(void); +const EVP_MD *EVP_sha256(void); +const EVP_MD *EVP_sha384(void); +const EVP_MD *EVP_sha512(void); +const EVP_MD *EVP_sha512_224(void); +const EVP_MD *EVP_sha512_256(void); +const EVP_MD *EVP_sha3_224(void); +const EVP_MD *EVP_sha3_256(void); +const EVP_MD *EVP_sha3_384(void); +const EVP_MD *EVP_sha3_512(void); +const EVP_MD *EVP_shake128(void); +const EVP_MD *EVP_shake256(void); + +# ifndef OPENSSL_NO_MDC2 +const EVP_MD *EVP_mdc2(void); +# endif +# ifndef OPENSSL_NO_RMD160 +const EVP_MD *EVP_ripemd160(void); +# endif +# ifndef OPENSSL_NO_WHIRLPOOL +const EVP_MD *EVP_whirlpool(void); +# endif +# ifndef OPENSSL_NO_SM3 +const EVP_MD *EVP_sm3(void); +# endif +const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ +# ifndef OPENSSL_NO_DES +const EVP_CIPHER *EVP_des_ecb(void); +const EVP_CIPHER *EVP_des_ede(void); +const EVP_CIPHER *EVP_des_ede3(void); +const EVP_CIPHER *EVP_des_ede_ecb(void); +const EVP_CIPHER *EVP_des_ede3_ecb(void); +const EVP_CIPHER *EVP_des_cfb64(void); +# define EVP_des_cfb EVP_des_cfb64 +const EVP_CIPHER *EVP_des_cfb1(void); +const EVP_CIPHER *EVP_des_cfb8(void); +const EVP_CIPHER *EVP_des_ede_cfb64(void); +# define EVP_des_ede_cfb EVP_des_ede_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb64(void); +# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb1(void); +const EVP_CIPHER *EVP_des_ede3_cfb8(void); +const EVP_CIPHER *EVP_des_ofb(void); +const EVP_CIPHER *EVP_des_ede_ofb(void); +const EVP_CIPHER *EVP_des_ede3_ofb(void); +const EVP_CIPHER *EVP_des_cbc(void); +const EVP_CIPHER *EVP_des_ede_cbc(void); +const EVP_CIPHER *EVP_des_ede3_cbc(void); +const EVP_CIPHER *EVP_desx_cbc(void); +const EVP_CIPHER *EVP_des_ede3_wrap(void); +/* + * This should now be supported through the dev_crypto ENGINE. But also, why + * are rc4 and md5 declarations made here inside a "NO_DES" precompiler + * branch? + */ +# endif +# ifndef OPENSSL_NO_RC4 +const EVP_CIPHER *EVP_rc4(void); +const EVP_CIPHER *EVP_rc4_40(void); +# ifndef OPENSSL_NO_MD5 +const EVP_CIPHER *EVP_rc4_hmac_md5(void); +# endif +# endif +# ifndef OPENSSL_NO_IDEA +const EVP_CIPHER *EVP_idea_ecb(void); +const EVP_CIPHER *EVP_idea_cfb64(void); +# define EVP_idea_cfb EVP_idea_cfb64 +const EVP_CIPHER *EVP_idea_ofb(void); +const EVP_CIPHER *EVP_idea_cbc(void); +# endif +# ifndef OPENSSL_NO_RC2 +const EVP_CIPHER *EVP_rc2_ecb(void); +const EVP_CIPHER *EVP_rc2_cbc(void); +const EVP_CIPHER *EVP_rc2_40_cbc(void); +const EVP_CIPHER *EVP_rc2_64_cbc(void); +const EVP_CIPHER *EVP_rc2_cfb64(void); +# define EVP_rc2_cfb EVP_rc2_cfb64 +const EVP_CIPHER *EVP_rc2_ofb(void); +# endif +# ifndef OPENSSL_NO_BF +const EVP_CIPHER *EVP_bf_ecb(void); +const EVP_CIPHER *EVP_bf_cbc(void); +const EVP_CIPHER *EVP_bf_cfb64(void); +# define EVP_bf_cfb EVP_bf_cfb64 +const EVP_CIPHER *EVP_bf_ofb(void); +# endif +# ifndef OPENSSL_NO_CAST +const EVP_CIPHER *EVP_cast5_ecb(void); +const EVP_CIPHER *EVP_cast5_cbc(void); +const EVP_CIPHER *EVP_cast5_cfb64(void); +# define EVP_cast5_cfb EVP_cast5_cfb64 +const EVP_CIPHER *EVP_cast5_ofb(void); +# endif +# ifndef OPENSSL_NO_RC5 +const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); +const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); +const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); +# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 +const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); +# endif +const EVP_CIPHER *EVP_aes_128_ecb(void); +const EVP_CIPHER *EVP_aes_128_cbc(void); +const EVP_CIPHER *EVP_aes_128_cfb1(void); +const EVP_CIPHER *EVP_aes_128_cfb8(void); +const EVP_CIPHER *EVP_aes_128_cfb128(void); +# define EVP_aes_128_cfb EVP_aes_128_cfb128 +const EVP_CIPHER *EVP_aes_128_ofb(void); +const EVP_CIPHER *EVP_aes_128_ctr(void); +const EVP_CIPHER *EVP_aes_128_ccm(void); +const EVP_CIPHER *EVP_aes_128_gcm(void); +const EVP_CIPHER *EVP_aes_128_xts(void); +const EVP_CIPHER *EVP_aes_128_wrap(void); +const EVP_CIPHER *EVP_aes_128_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_128_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_192_ecb(void); +const EVP_CIPHER *EVP_aes_192_cbc(void); +const EVP_CIPHER *EVP_aes_192_cfb1(void); +const EVP_CIPHER *EVP_aes_192_cfb8(void); +const EVP_CIPHER *EVP_aes_192_cfb128(void); +# define EVP_aes_192_cfb EVP_aes_192_cfb128 +const EVP_CIPHER *EVP_aes_192_ofb(void); +const EVP_CIPHER *EVP_aes_192_ctr(void); +const EVP_CIPHER *EVP_aes_192_ccm(void); +const EVP_CIPHER *EVP_aes_192_gcm(void); +const EVP_CIPHER *EVP_aes_192_wrap(void); +const EVP_CIPHER *EVP_aes_192_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_192_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_256_ecb(void); +const EVP_CIPHER *EVP_aes_256_cbc(void); +const EVP_CIPHER *EVP_aes_256_cfb1(void); +const EVP_CIPHER *EVP_aes_256_cfb8(void); +const EVP_CIPHER *EVP_aes_256_cfb128(void); +# define EVP_aes_256_cfb EVP_aes_256_cfb128 +const EVP_CIPHER *EVP_aes_256_ofb(void); +const EVP_CIPHER *EVP_aes_256_ctr(void); +const EVP_CIPHER *EVP_aes_256_ccm(void); +const EVP_CIPHER *EVP_aes_256_gcm(void); +const EVP_CIPHER *EVP_aes_256_xts(void); +const EVP_CIPHER *EVP_aes_256_wrap(void); +const EVP_CIPHER *EVP_aes_256_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_256_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); +# ifndef OPENSSL_NO_ARIA +const EVP_CIPHER *EVP_aria_128_ecb(void); +const EVP_CIPHER *EVP_aria_128_cbc(void); +const EVP_CIPHER *EVP_aria_128_cfb1(void); +const EVP_CIPHER *EVP_aria_128_cfb8(void); +const EVP_CIPHER *EVP_aria_128_cfb128(void); +# define EVP_aria_128_cfb EVP_aria_128_cfb128 +const EVP_CIPHER *EVP_aria_128_ctr(void); +const EVP_CIPHER *EVP_aria_128_ofb(void); +const EVP_CIPHER *EVP_aria_128_gcm(void); +const EVP_CIPHER *EVP_aria_128_ccm(void); +const EVP_CIPHER *EVP_aria_192_ecb(void); +const EVP_CIPHER *EVP_aria_192_cbc(void); +const EVP_CIPHER *EVP_aria_192_cfb1(void); +const EVP_CIPHER *EVP_aria_192_cfb8(void); +const EVP_CIPHER *EVP_aria_192_cfb128(void); +# define EVP_aria_192_cfb EVP_aria_192_cfb128 +const EVP_CIPHER *EVP_aria_192_ctr(void); +const EVP_CIPHER *EVP_aria_192_ofb(void); +const EVP_CIPHER *EVP_aria_192_gcm(void); +const EVP_CIPHER *EVP_aria_192_ccm(void); +const EVP_CIPHER *EVP_aria_256_ecb(void); +const EVP_CIPHER *EVP_aria_256_cbc(void); +const EVP_CIPHER *EVP_aria_256_cfb1(void); +const EVP_CIPHER *EVP_aria_256_cfb8(void); +const EVP_CIPHER *EVP_aria_256_cfb128(void); +# define EVP_aria_256_cfb EVP_aria_256_cfb128 +const EVP_CIPHER *EVP_aria_256_ctr(void); +const EVP_CIPHER *EVP_aria_256_ofb(void); +const EVP_CIPHER *EVP_aria_256_gcm(void); +const EVP_CIPHER *EVP_aria_256_ccm(void); +# endif +# ifndef OPENSSL_NO_CAMELLIA +const EVP_CIPHER *EVP_camellia_128_ecb(void); +const EVP_CIPHER *EVP_camellia_128_cbc(void); +const EVP_CIPHER *EVP_camellia_128_cfb1(void); +const EVP_CIPHER *EVP_camellia_128_cfb8(void); +const EVP_CIPHER *EVP_camellia_128_cfb128(void); +# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 +const EVP_CIPHER *EVP_camellia_128_ofb(void); +const EVP_CIPHER *EVP_camellia_128_ctr(void); +const EVP_CIPHER *EVP_camellia_192_ecb(void); +const EVP_CIPHER *EVP_camellia_192_cbc(void); +const EVP_CIPHER *EVP_camellia_192_cfb1(void); +const EVP_CIPHER *EVP_camellia_192_cfb8(void); +const EVP_CIPHER *EVP_camellia_192_cfb128(void); +# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 +const EVP_CIPHER *EVP_camellia_192_ofb(void); +const EVP_CIPHER *EVP_camellia_192_ctr(void); +const EVP_CIPHER *EVP_camellia_256_ecb(void); +const EVP_CIPHER *EVP_camellia_256_cbc(void); +const EVP_CIPHER *EVP_camellia_256_cfb1(void); +const EVP_CIPHER *EVP_camellia_256_cfb8(void); +const EVP_CIPHER *EVP_camellia_256_cfb128(void); +# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 +const EVP_CIPHER *EVP_camellia_256_ofb(void); +const EVP_CIPHER *EVP_camellia_256_ctr(void); +# endif +# ifndef OPENSSL_NO_CHACHA +const EVP_CIPHER *EVP_chacha20(void); +# ifndef OPENSSL_NO_POLY1305 +const EVP_CIPHER *EVP_chacha20_poly1305(void); +# endif +# endif + +# ifndef OPENSSL_NO_SEED +const EVP_CIPHER *EVP_seed_ecb(void); +const EVP_CIPHER *EVP_seed_cbc(void); +const EVP_CIPHER *EVP_seed_cfb128(void); +# define EVP_seed_cfb EVP_seed_cfb128 +const EVP_CIPHER *EVP_seed_ofb(void); +# endif + +# ifndef OPENSSL_NO_SM4 +const EVP_CIPHER *EVP_sm4_ecb(void); +const EVP_CIPHER *EVP_sm4_cbc(void); +const EVP_CIPHER *EVP_sm4_cfb128(void); +# define EVP_sm4_cfb EVP_sm4_cfb128 +const EVP_CIPHER *EVP_sm4_ofb(void); +const EVP_CIPHER *EVP_sm4_ctr(void); +# endif + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define OPENSSL_add_all_algorithms_conf() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS \ + | OPENSSL_INIT_LOAD_CONFIG, NULL) +# define OPENSSL_add_all_algorithms_noconf() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + +# ifdef OPENSSL_LOAD_CONF +# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_conf() +# else +# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_noconf() +# endif + +# define OpenSSL_add_all_ciphers() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL) +# define OpenSSL_add_all_digests() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + +# define EVP_cleanup() while(0) continue +# endif + +int EVP_add_cipher(const EVP_CIPHER *cipher); +int EVP_add_digest(const EVP_MD *digest); + +const EVP_CIPHER *EVP_get_cipherbyname(const char *name); +const EVP_MD *EVP_get_digestbyname(const char *name); + +void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_CIPHER_do_all_sorted(void (*fn) + (const EVP_CIPHER *ciph, const char *from, + const char *to, void *x), void *arg); +void EVP_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, + void (*fn)(EVP_CIPHER *cipher, void *arg), + void *arg); + +void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_MD_do_all_sorted(void (*fn) + (const EVP_MD *ciph, const char *from, + const char *to, void *x), void *arg); +void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, + void (*fn)(EVP_MD *md, void *arg), + void *arg); + +/* MAC stuff */ + +EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, + const char *properties); +int EVP_MAC_up_ref(EVP_MAC *mac); +void EVP_MAC_free(EVP_MAC *mac); +const char *EVP_MAC_get0_name(const EVP_MAC *mac); +const char *EVP_MAC_get0_description(const EVP_MAC *mac); +int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); +const OSSL_PROVIDER *EVP_MAC_get0_provider(const EVP_MAC *mac); +int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); + +EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac); +void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); +EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src); +EVP_MAC *EVP_MAC_CTX_get0_mac(EVP_MAC_CTX *ctx); +int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); +int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); + +size_t EVP_MAC_CTX_get_mac_size(EVP_MAC_CTX *ctx); +size_t EVP_MAC_CTX_get_block_size(EVP_MAC_CTX *ctx); +unsigned char *EVP_Q_mac(OSSL_LIB_CTX *libctx, const char *name, const char *propq, + const char *subalg, const OSSL_PARAM *params, + const void *key, size_t keylen, + const unsigned char *data, size_t datalen, + unsigned char *out, size_t outsize, size_t *outlen); +int EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, size_t keylen, + const OSSL_PARAM params[]); +int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen); +int EVP_MAC_final(EVP_MAC_CTX *ctx, + unsigned char *out, size_t *outl, size_t outsize); +int EVP_MAC_finalXOF(EVP_MAC_CTX *ctx, unsigned char *out, size_t outsize); +const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac); +const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac); +const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac); +const OSSL_PARAM *EVP_MAC_CTX_gettable_params(EVP_MAC_CTX *ctx); +const OSSL_PARAM *EVP_MAC_CTX_settable_params(EVP_MAC_CTX *ctx); + +void EVP_MAC_do_all_provided(OSSL_LIB_CTX *libctx, + void (*fn)(EVP_MAC *mac, void *arg), + void *arg); +int EVP_MAC_names_do_all(const EVP_MAC *mac, + void (*fn)(const char *name, void *data), + void *data); + +/* RAND stuff */ +EVP_RAND *EVP_RAND_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, + const char *properties); +int EVP_RAND_up_ref(EVP_RAND *rand); +void EVP_RAND_free(EVP_RAND *rand); +const char *EVP_RAND_get0_name(const EVP_RAND *rand); +const char *EVP_RAND_get0_description(const EVP_RAND *md); +int EVP_RAND_is_a(const EVP_RAND *rand, const char *name); +const OSSL_PROVIDER *EVP_RAND_get0_provider(const EVP_RAND *rand); +int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[]); + +EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent); +int EVP_RAND_CTX_up_ref(EVP_RAND_CTX *ctx); +void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx); +EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx); +int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[]); +int EVP_RAND_CTX_set_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[]); +const OSSL_PARAM *EVP_RAND_gettable_params(const EVP_RAND *rand); +const OSSL_PARAM *EVP_RAND_gettable_ctx_params(const EVP_RAND *rand); +const OSSL_PARAM *EVP_RAND_settable_ctx_params(const EVP_RAND *rand); +const OSSL_PARAM *EVP_RAND_CTX_gettable_params(EVP_RAND_CTX *ctx); +const OSSL_PARAM *EVP_RAND_CTX_settable_params(EVP_RAND_CTX *ctx); + +void EVP_RAND_do_all_provided(OSSL_LIB_CTX *libctx, + void (*fn)(EVP_RAND *rand, void *arg), + void *arg); +int EVP_RAND_names_do_all(const EVP_RAND *rand, + void (*fn)(const char *name, void *data), + void *data); + +__owur int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength, + int prediction_resistance, + const unsigned char *pstr, size_t pstr_len, + const OSSL_PARAM params[]); +int EVP_RAND_uninstantiate(EVP_RAND_CTX *ctx); +__owur int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, + size_t outlen, unsigned int strength, + int prediction_resistance, + const unsigned char *addin, size_t addin_len); +int EVP_RAND_reseed(EVP_RAND_CTX *ctx, int prediction_resistance, + const unsigned char *ent, size_t ent_len, + const unsigned char *addin, size_t addin_len); +__owur int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen); +__owur int EVP_RAND_enable_locking(EVP_RAND_CTX *ctx); + +int EVP_RAND_verify_zeroization(EVP_RAND_CTX *ctx); +unsigned int EVP_RAND_get_strength(EVP_RAND_CTX *ctx); +int EVP_RAND_get_state(EVP_RAND_CTX *ctx); + +# define EVP_RAND_STATE_UNINITIALISED 0 +# define EVP_RAND_STATE_READY 1 +# define EVP_RAND_STATE_ERROR 2 + +/* PKEY stuff */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_decrypt_old(unsigned char *dec_key, + const unsigned char *enc_key, + int enc_key_len, + EVP_PKEY *private_key); +OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_encrypt_old(unsigned char *enc_key, + const unsigned char *key, + int key_len, EVP_PKEY *pub_key); +# endif +int EVP_PKEY_is_a(const EVP_PKEY *pkey, const char *name); +int EVP_PKEY_type_names_do_all(const EVP_PKEY *pkey, + void (*fn)(const char *name, void *data), + void *data); +int EVP_PKEY_type(int type); +int EVP_PKEY_get_id(const EVP_PKEY *pkey); +# define EVP_PKEY_id EVP_PKEY_get_id +int EVP_PKEY_get_base_id(const EVP_PKEY *pkey); +# define EVP_PKEY_base_id EVP_PKEY_get_base_id +int EVP_PKEY_get_bits(const EVP_PKEY *pkey); +# define EVP_PKEY_bits EVP_PKEY_get_bits +int EVP_PKEY_get_security_bits(const EVP_PKEY *pkey); +# define EVP_PKEY_security_bits EVP_PKEY_get_security_bits +int EVP_PKEY_get_size(const EVP_PKEY *pkey); +# define EVP_PKEY_size EVP_PKEY_get_size +int EVP_PKEY_can_sign(const EVP_PKEY *pkey); +int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); +int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); +int EVP_PKEY_set_type_by_keymgmt(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_ENGINE +OSSL_DEPRECATEDIN_3_0 +int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e); +OSSL_DEPRECATEDIN_3_0 +ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); +# endif +OSSL_DEPRECATEDIN_3_0 +int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); +OSSL_DEPRECATEDIN_3_0 +void *EVP_PKEY_get0(const EVP_PKEY *pkey); +OSSL_DEPRECATEDIN_3_0 +const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); +# ifndef OPENSSL_NO_POLY1305 +OSSL_DEPRECATEDIN_3_0 +const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); +# endif +# ifndef OPENSSL_NO_SIPHASH +OSSL_DEPRECATEDIN_3_0 +const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); +# endif + +struct rsa_st; +OSSL_DEPRECATEDIN_3_0 +int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); +OSSL_DEPRECATEDIN_3_0 +const struct rsa_st *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey); +OSSL_DEPRECATEDIN_3_0 +struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); + +# ifndef OPENSSL_NO_DSA +struct dsa_st; +OSSL_DEPRECATEDIN_3_0 +int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); +OSSL_DEPRECATEDIN_3_0 +const struct dsa_st *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey); +OSSL_DEPRECATEDIN_3_0 +struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +# endif + +# ifndef OPENSSL_NO_DH +struct dh_st; +OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); +OSSL_DEPRECATEDIN_3_0 const struct dh_st *EVP_PKEY_get0_DH(const EVP_PKEY *pkey); +OSSL_DEPRECATEDIN_3_0 struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +# endif + +# ifndef OPENSSL_NO_EC +struct ec_key_st; +OSSL_DEPRECATEDIN_3_0 +int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); +OSSL_DEPRECATEDIN_3_0 +const struct ec_key_st *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey); +OSSL_DEPRECATEDIN_3_0 +struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +# endif +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +EVP_PKEY *EVP_PKEY_new(void); +int EVP_PKEY_up_ref(EVP_PKEY *pkey); +EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey); +void EVP_PKEY_free(EVP_PKEY *pkey); +const char *EVP_PKEY_get0_description(const EVP_PKEY *pkey); +const OSSL_PROVIDER *EVP_PKEY_get0_provider(const EVP_PKEY *key); + +EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp); + + +EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const unsigned char **pp, + long length, OSSL_LIB_CTX *libctx, + const char *propq); +EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +EVP_PKEY *d2i_AutoPrivateKey_ex(EVP_PKEY **a, const unsigned char **pp, + long length, OSSL_LIB_CTX *libctx, + const char *propq); +EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp); + +int i2d_KeyParams(const EVP_PKEY *a, unsigned char **pp); +EVP_PKEY *d2i_KeyParams(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_KeyParams_bio(BIO *bp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_KeyParams_bio(int type, EVP_PKEY **a, BIO *in); + +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); +int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode); +int EVP_PKEY_parameters_eq(const EVP_PKEY *a, const EVP_PKEY *b); +int EVP_PKEY_eq(const EVP_PKEY *a, const EVP_PKEY *b); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); +OSSL_DEPRECATEDIN_3_0 +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); +# endif + +int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +# ifndef OPENSSL_NO_STDIO +int EVP_PKEY_print_public_fp(FILE *fp, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_private_fp(FILE *fp, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_params_fp(FILE *fp, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +# endif + +int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); +int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey, + char *mdname, size_t mdname_sz); +int EVP_PKEY_digestsign_supports_digest(EVP_PKEY *pkey, OSSL_LIB_CTX *libctx, + const char *name, const char *propq); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* + * For backwards compatibility. Use EVP_PKEY_set1_encoded_public_key in + * preference + */ +# define EVP_PKEY_set1_tls_encodedpoint(pkey, pt, ptlen) \ + EVP_PKEY_set1_encoded_public_key((pkey), (pt), (ptlen)) +# endif + +int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey, + const unsigned char *pub, size_t publen); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* + * For backwards compatibility. Use EVP_PKEY_get1_encoded_public_key in + * preference + */ +# define EVP_PKEY_get1_tls_encodedpoint(pkey, ppt) \ + EVP_PKEY_get1_encoded_public_key((pkey), (ppt)) +# endif + +size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub); + +/* calls methods */ +int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +/* These are used by EVP_CIPHER methods */ +int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +/* PKCS5 password based encryption */ +int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); +int PKCS5_PBE_keyivgen_ex(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de, OSSL_LIB_CTX *libctx, + const char *propq); +int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + int keylen, unsigned char *out); +int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + const EVP_MD *digest, int keylen, unsigned char *out); +int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); +int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de, + OSSL_LIB_CTX *libctx, const char *propq); + +#ifndef OPENSSL_NO_SCRYPT +int EVP_PBE_scrypt(const char *pass, size_t passlen, + const unsigned char *salt, size_t saltlen, + uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, + unsigned char *key, size_t keylen); +int EVP_PBE_scrypt_ex(const char *pass, size_t passlen, + const unsigned char *salt, size_t saltlen, + uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, + unsigned char *key, size_t keylen, + OSSL_LIB_CTX *ctx, const char *propq); + +int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, int en_de); +int PKCS5_v2_scrypt_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, int en_de, + OSSL_LIB_CTX *libctx, const char *propq); +#endif + +void PKCS5_PBE_add(void); + +int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); + +int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de, + OSSL_LIB_CTX *libctx, const char *propq); + +/* PBE type */ + +/* Can appear as the outermost AlgorithmIdentifier */ +# define EVP_PBE_TYPE_OUTER 0x0 +/* Is an PRF type OID */ +# define EVP_PBE_TYPE_PRF 0x1 +/* Is a PKCS#5 v2.0 KDF */ +# define EVP_PBE_TYPE_KDF 0x2 + +int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, + int md_nid, EVP_PBE_KEYGEN *keygen); +int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, + EVP_PBE_KEYGEN *keygen); +int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, + EVP_PBE_KEYGEN **pkeygen); +int EVP_PBE_find_ex(int type, int pbe_nid, int *pcnid, int *pmnid, + EVP_PBE_KEYGEN **pkeygen, EVP_PBE_KEYGEN_EX **pkeygen_ex); +void EVP_PBE_cleanup(void); +int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num); + +# define ASN1_PKEY_ALIAS 0x1 +# define ASN1_PKEY_DYNAMIC 0x2 +# define ASN1_PKEY_SIGPARAM_NULL 0x4 + +# define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1 +# define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2 +# define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3 +# define ASN1_PKEY_CTRL_CMS_SIGN 0x5 +# define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 +# define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8 + +# define ASN1_PKEY_CTRL_SET1_TLS_ENCPT 0x9 +# define ASN1_PKEY_CTRL_GET1_TLS_ENCPT 0xa +# define ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED 0xb + +int EVP_PKEY_asn1_get_count(void); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, + const char *str, int len); +int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); +int EVP_PKEY_asn1_add_alias(int to, int from); +int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, + int *ppkey_flags, const char **pinfo, + const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth); + +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); +EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, + const char *pem_str, + const char *info); +void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, + const EVP_PKEY_ASN1_METHOD *src); +void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); +void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, + int (*pub_decode) (EVP_PKEY *pk, + const X509_PUBKEY *pub), + int (*pub_encode) (X509_PUBKEY *pub, + const EVP_PKEY *pk), + int (*pub_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*pub_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx), + int (*pkey_size) (const EVP_PKEY *pk), + int (*pkey_bits) (const EVP_PKEY *pk)); +void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, + int (*priv_decode) (EVP_PKEY *pk, + const PKCS8_PRIV_KEY_INFO + *p8inf), + int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, + const EVP_PKEY *pk), + int (*priv_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); +void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, + int (*param_decode) (EVP_PKEY *pkey, + const unsigned char **pder, + int derlen), + int (*param_encode) (const EVP_PKEY *pkey, + unsigned char **pder), + int (*param_missing) (const EVP_PKEY *pk), + int (*param_copy) (EVP_PKEY *to, + const EVP_PKEY *from), + int (*param_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*param_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); + +void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, + void (*pkey_free) (EVP_PKEY *pkey)); +void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_ctrl) (EVP_PKEY *pkey, int op, + long arg1, void *arg2)); +void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, + int (*item_verify) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + const void *data, + const X509_ALGOR *a, + const ASN1_BIT_STRING *sig, + EVP_PKEY *pkey), + int (*item_sign) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + const void *data, + X509_ALGOR *alg1, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)); + +void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, + int (*siginf_set) (X509_SIG_INFO *siginf, + const X509_ALGOR *alg, + const ASN1_STRING *sig)); + +void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_pub_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_param_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_priv_key) (EVP_PKEY *pk, + const unsigned char + *priv, + size_t len)); +void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_pub_key) (EVP_PKEY *pk, + const unsigned char *pub, + size_t len)); +void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_priv_key) (const EVP_PKEY *pk, + unsigned char *priv, + size_t *len)); +void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_pub_key) (const EVP_PKEY *pk, + unsigned char *pub, + size_t *len)); + +void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_security_bits) (const EVP_PKEY + *pk)); + +int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); + +int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, const void *id, int len); +int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id); +int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len); + +int EVP_PKEY_CTX_set_kem_op(EVP_PKEY_CTX *ctx, const char *op); + +const char *EVP_PKEY_get0_type_name(const EVP_PKEY *key); + +# define EVP_PKEY_OP_UNDEFINED 0 +# define EVP_PKEY_OP_PARAMGEN (1<<1) +# define EVP_PKEY_OP_KEYGEN (1<<2) +# define EVP_PKEY_OP_FROMDATA (1<<3) +# define EVP_PKEY_OP_SIGN (1<<4) +# define EVP_PKEY_OP_VERIFY (1<<5) +# define EVP_PKEY_OP_VERIFYRECOVER (1<<6) +# define EVP_PKEY_OP_SIGNCTX (1<<7) +# define EVP_PKEY_OP_VERIFYCTX (1<<8) +# define EVP_PKEY_OP_ENCRYPT (1<<9) +# define EVP_PKEY_OP_DECRYPT (1<<10) +# define EVP_PKEY_OP_DERIVE (1<<11) +# define EVP_PKEY_OP_ENCAPSULATE (1<<12) +# define EVP_PKEY_OP_DECAPSULATE (1<<13) + +# define EVP_PKEY_OP_TYPE_SIG \ + (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \ + | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) + +# define EVP_PKEY_OP_TYPE_CRYPT \ + (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) + +# define EVP_PKEY_OP_TYPE_NOGEN \ + (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE) + +# define EVP_PKEY_OP_TYPE_GEN \ + (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) + + +int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, const unsigned char *key, + int keylen); + +# define EVP_PKEY_CTRL_MD 1 +# define EVP_PKEY_CTRL_PEER_KEY 2 +# define EVP_PKEY_CTRL_SET_MAC_KEY 6 +# define EVP_PKEY_CTRL_DIGESTINIT 7 +/* Used by GOST key encryption in TLS */ +# define EVP_PKEY_CTRL_SET_IV 8 +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3 +# define EVP_PKEY_CTRL_PKCS7_DECRYPT 4 +# define EVP_PKEY_CTRL_PKCS7_SIGN 5 +# define EVP_PKEY_CTRL_CMS_ENCRYPT 9 +# define EVP_PKEY_CTRL_CMS_DECRYPT 10 +# define EVP_PKEY_CTRL_CMS_SIGN 11 +# endif +# define EVP_PKEY_CTRL_CIPHER 12 +# define EVP_PKEY_CTRL_GET_MD 13 +# define EVP_PKEY_CTRL_SET_DIGEST_SIZE 14 +# define EVP_PKEY_CTRL_SET1_ID 15 +# define EVP_PKEY_CTRL_GET1_ID 16 +# define EVP_PKEY_CTRL_GET1_ID_LEN 17 + +# define EVP_PKEY_ALG_CTRL 0x1000 + +# define EVP_PKEY_FLAG_AUTOARGLEN 2 +/* + * Method handles all operations: don't assume any digest related defaults. + */ +# define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); +OSSL_DEPRECATEDIN_3_0 EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, + const EVP_PKEY_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, + const EVP_PKEY_METHOD *src); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); +OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); +OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); +OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void); +OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); +# endif + +EVP_KEYMGMT *EVP_KEYMGMT_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, + const char *properties); +int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt); +void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt); +const OSSL_PROVIDER *EVP_KEYMGMT_get0_provider(const EVP_KEYMGMT *keymgmt); +const char *EVP_KEYMGMT_get0_name(const EVP_KEYMGMT *keymgmt); +const char *EVP_KEYMGMT_get0_description(const EVP_KEYMGMT *keymgmt); +int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name); +void EVP_KEYMGMT_do_all_provided(OSSL_LIB_CTX *libctx, + void (*fn)(EVP_KEYMGMT *keymgmt, void *arg), + void *arg); +int EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt, + void (*fn)(const char *name, void *data), + void *data); +const OSSL_PARAM *EVP_KEYMGMT_gettable_params(const EVP_KEYMGMT *keymgmt); +const OSSL_PARAM *EVP_KEYMGMT_settable_params(const EVP_KEYMGMT *keymgmt); +const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt); + +EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OSSL_LIB_CTX *libctx, + const char *name, + const char *propquery); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX *libctx, + EVP_PKEY *pkey, const char *propquery); +EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); +int EVP_PKEY_CTX_is_a(EVP_PKEY_CTX *ctx, const char *keytype); + +int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); +const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx); +int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params); +const OSSL_PARAM *EVP_PKEY_CTX_settable_params(const EVP_PKEY_CTX *ctx); +int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2); +int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); +int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, uint64_t value); + +int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str); +int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex); + +int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md); + +int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); + +EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, + const unsigned char *key, int keylen); +EVP_PKEY *EVP_PKEY_new_raw_private_key_ex(OSSL_LIB_CTX *libctx, + const char *keytype, + const char *propq, + const unsigned char *priv, size_t len); +EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, + const unsigned char *priv, + size_t len); +EVP_PKEY *EVP_PKEY_new_raw_public_key_ex(OSSL_LIB_CTX *libctx, + const char *keytype, const char *propq, + const unsigned char *pub, size_t len); +EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, + const unsigned char *pub, + size_t len); +int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len); +int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, + size_t *len); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, + size_t len, const EVP_CIPHER *cipher); +# endif + +void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_data(const EVP_PKEY_CTX *ctx); +EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); + +EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); + +void EVP_SIGNATURE_free(EVP_SIGNATURE *signature); +int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature); +OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature); +EVP_SIGNATURE *EVP_SIGNATURE_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, + const char *properties); +int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name); +const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature); +const char *EVP_SIGNATURE_get0_description(const EVP_SIGNATURE *signature); +void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx, + void (*fn)(EVP_SIGNATURE *signature, + void *data), + void *data); +int EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature, + void (*fn)(const char *name, void *data), + void *data); +const OSSL_PARAM *EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig); +const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig); + +void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher); +int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher); +OSSL_PROVIDER *EVP_ASYM_CIPHER_get0_provider(const EVP_ASYM_CIPHER *cipher); +EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, + const char *properties); +int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name); +const char *EVP_ASYM_CIPHER_get0_name(const EVP_ASYM_CIPHER *cipher); +const char *EVP_ASYM_CIPHER_get0_description(const EVP_ASYM_CIPHER *cipher); +void EVP_ASYM_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, + void (*fn)(EVP_ASYM_CIPHER *cipher, + void *arg), + void *arg); +int EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher, + void (*fn)(const char *name, void *data), + void *data); +const OSSL_PARAM *EVP_ASYM_CIPHER_gettable_ctx_params(const EVP_ASYM_CIPHER *ciph); +const OSSL_PARAM *EVP_ASYM_CIPHER_settable_ctx_params(const EVP_ASYM_CIPHER *ciph); + +void EVP_KEM_free(EVP_KEM *wrap); +int EVP_KEM_up_ref(EVP_KEM *wrap); +OSSL_PROVIDER *EVP_KEM_get0_provider(const EVP_KEM *wrap); +EVP_KEM *EVP_KEM_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, + const char *properties); +int EVP_KEM_is_a(const EVP_KEM *wrap, const char *name); +const char *EVP_KEM_get0_name(const EVP_KEM *wrap); +const char *EVP_KEM_get0_description(const EVP_KEM *wrap); +void EVP_KEM_do_all_provided(OSSL_LIB_CTX *libctx, + void (*fn)(EVP_KEM *wrap, void *arg), void *arg); +int EVP_KEM_names_do_all(const EVP_KEM *wrap, + void (*fn)(const char *name, void *data), void *data); +const OSSL_PARAM *EVP_KEM_gettable_ctx_params(const EVP_KEM *kem); +const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem); + +int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); +int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); +int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx, + const OSSL_PARAM params[]); +int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); +int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_encrypt_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); +int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); +int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_decrypt_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); +int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); +int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer, + int validate_peer); +int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); +int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + +int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); +int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv, + const OSSL_PARAM params[]); +int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx, + unsigned char *wrappedkey, size_t *wrappedkeylen, + unsigned char *genkey, size_t *genkeylen); +int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); +int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub, + const OSSL_PARAM params[]); +int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx, + unsigned char *unwrapped, size_t *unwrappedlen, + const unsigned char *wrapped, size_t wrappedlen); +typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection, + OSSL_PARAM param[]); +const OSSL_PARAM *EVP_PKEY_fromdata_settable(EVP_PKEY_CTX *ctx, int selection); + +int EVP_PKEY_todata(const EVP_PKEY *pkey, int selection, OSSL_PARAM **params); +int EVP_PKEY_export(const EVP_PKEY *pkey, int selection, + OSSL_CALLBACK *export_cb, void *export_cbarg); + +const OSSL_PARAM *EVP_PKEY_gettable_params(const EVP_PKEY *pkey); +int EVP_PKEY_get_params(const EVP_PKEY *pkey, OSSL_PARAM params[]); +int EVP_PKEY_get_int_param(const EVP_PKEY *pkey, const char *key_name, + int *out); +int EVP_PKEY_get_size_t_param(const EVP_PKEY *pkey, const char *key_name, + size_t *out); +int EVP_PKEY_get_bn_param(const EVP_PKEY *pkey, const char *key_name, + BIGNUM **bn); +int EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey, const char *key_name, + char *str, size_t max_buf_sz, size_t *out_sz); +int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name, + unsigned char *buf, size_t max_buf_sz, + size_t *out_sz); + +const OSSL_PARAM *EVP_PKEY_settable_params(const EVP_PKEY *pkey); +int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[]); +int EVP_PKEY_set_int_param(EVP_PKEY *pkey, const char *key_name, int in); +int EVP_PKEY_set_size_t_param(EVP_PKEY *pkey, const char *key_name, size_t in); +int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, + const BIGNUM *bn); +int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name, + const char *str); +int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name, + const unsigned char *buf, size_t bsize); + +int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey); +int EVP_PKEY_get_field_type(const EVP_PKEY *pkey); + +EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq, + const char *type, ...); +int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_public_check_quick(EVP_PKEY_CTX *ctx); +int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_param_check_quick(EVP_PKEY_CTX *ctx); +int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx); + +# define EVP_PKEY_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EVP_PKEY, l, p, newf, dupf, freef) +int EVP_PKEY_set_ex_data(EVP_PKEY *key, int idx, void *arg); +void *EVP_PKEY_get_ex_data(const EVP_PKEY *key, int idx); + +void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); +EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, + int (*init) (EVP_PKEY_CTX *ctx)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_copy + (EVP_PKEY_METHOD *pmeth, int (*copy) (EVP_PKEY_CTX *dst, + const EVP_PKEY_CTX *src)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_cleanup + (EVP_PKEY_METHOD *pmeth, void (*cleanup) (EVP_PKEY_CTX *ctx)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_paramgen + (EVP_PKEY_METHOD *pmeth, int (*paramgen_init) (EVP_PKEY_CTX *ctx), + int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_keygen + (EVP_PKEY_METHOD *pmeth, int (*keygen_init) (EVP_PKEY_CTX *ctx), + int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_sign + (EVP_PKEY_METHOD *pmeth, int (*sign_init) (EVP_PKEY_CTX *ctx), + int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_verify + (EVP_PKEY_METHOD *pmeth, int (*verify_init) (EVP_PKEY_CTX *ctx), + int (*verify) (EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_verify_recover + (EVP_PKEY_METHOD *pmeth, int (*verify_recover_init) (EVP_PKEY_CTX *ctx), + int (*verify_recover) (EVP_PKEY_CTX *ctx, unsigned char *sig, + size_t *siglen, const unsigned char *tbs, + size_t tbslen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_signctx + (EVP_PKEY_METHOD *pmeth, int (*signctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_verifyctx + (EVP_PKEY_METHOD *pmeth, int (*verifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, + EVP_MD_CTX *mctx)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_encrypt + (EVP_PKEY_METHOD *pmeth, int (*encrypt_init) (EVP_PKEY_CTX *ctx), + int (*encryptfn) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_decrypt + (EVP_PKEY_METHOD *pmeth, int (*decrypt_init) (EVP_PKEY_CTX *ctx), + int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_derive + (EVP_PKEY_METHOD *pmeth, int (*derive_init) (EVP_PKEY_CTX *ctx), + int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_ctrl + (EVP_PKEY_METHOD *pmeth, int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_digestsign + (EVP_PKEY_METHOD *pmeth, + int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_digestverify + (EVP_PKEY_METHOD *pmeth, + int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_check + (EVP_PKEY_METHOD *pmeth, int (*check) (EVP_PKEY *pkey)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_public_check + (EVP_PKEY_METHOD *pmeth, int (*check) (EVP_PKEY *pkey)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_param_check + (EVP_PKEY_METHOD *pmeth, int (*check) (EVP_PKEY *pkey)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_set_digest_custom + (EVP_PKEY_METHOD *pmeth, int (*digest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_init + (const EVP_PKEY_METHOD *pmeth, int (**pinit) (EVP_PKEY_CTX *ctx)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_copy + (const EVP_PKEY_METHOD *pmeth, int (**pcopy) (EVP_PKEY_CTX *dst, + const EVP_PKEY_CTX *src)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_cleanup + (const EVP_PKEY_METHOD *pmeth, void (**pcleanup) (EVP_PKEY_CTX *ctx)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_paramgen + (const EVP_PKEY_METHOD *pmeth, int (**pparamgen_init) (EVP_PKEY_CTX *ctx), + int (**pparamgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_keygen + (const EVP_PKEY_METHOD *pmeth, int (**pkeygen_init) (EVP_PKEY_CTX *ctx), + int (**pkeygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_sign + (const EVP_PKEY_METHOD *pmeth, int (**psign_init) (EVP_PKEY_CTX *ctx), + int (**psign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_verify + (const EVP_PKEY_METHOD *pmeth, int (**pverify_init) (EVP_PKEY_CTX *ctx), + int (**pverify) (EVP_PKEY_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, size_t tbslen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_verify_recover + (const EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init) (EVP_PKEY_CTX *ctx), + int (**pverify_recover) (EVP_PKEY_CTX *ctx, unsigned char *sig, + size_t *siglen, const unsigned char *tbs, + size_t tbslen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_signctx + (const EVP_PKEY_METHOD *pmeth, + int (**psignctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), + int (**psignctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_verifyctx + (const EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), + int (**pverifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, + int siglen, EVP_MD_CTX *mctx)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_encrypt + (const EVP_PKEY_METHOD *pmeth, int (**pencrypt_init) (EVP_PKEY_CTX *ctx), + int (**pencryptfn) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_decrypt + (const EVP_PKEY_METHOD *pmeth, int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), + int (**pdecrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_derive + (const EVP_PKEY_METHOD *pmeth, int (**pderive_init) (EVP_PKEY_CTX *ctx), + int (**pderive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_ctrl + (const EVP_PKEY_METHOD *pmeth, + int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2), + int (**pctrl_str) (EVP_PKEY_CTX *ctx, const char *type, + const char *value)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_digestsign + (const EVP_PKEY_METHOD *pmeth, + int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_digestverify + (const EVP_PKEY_METHOD *pmeth, + int (**digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_check + (const EVP_PKEY_METHOD *pmeth, int (**pcheck) (EVP_PKEY *pkey)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_public_check + (const EVP_PKEY_METHOD *pmeth, int (**pcheck) (EVP_PKEY *pkey)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_param_check + (const EVP_PKEY_METHOD *pmeth, int (**pcheck) (EVP_PKEY *pkey)); +OSSL_DEPRECATEDIN_3_0 void EVP_PKEY_meth_get_digest_custom + (const EVP_PKEY_METHOD *pmeth, + int (**pdigest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)); +# endif + +void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange); +int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange); +EVP_KEYEXCH *EVP_KEYEXCH_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, + const char *properties); +OSSL_PROVIDER *EVP_KEYEXCH_get0_provider(const EVP_KEYEXCH *exchange); +int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *keyexch, const char *name); +const char *EVP_KEYEXCH_get0_name(const EVP_KEYEXCH *keyexch); +const char *EVP_KEYEXCH_get0_description(const EVP_KEYEXCH *keyexch); +void EVP_KEYEXCH_do_all_provided(OSSL_LIB_CTX *libctx, + void (*fn)(EVP_KEYEXCH *keyexch, void *data), + void *data); +int EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *keyexch, + void (*fn)(const char *name, void *data), + void *data); +const OSSL_PARAM *EVP_KEYEXCH_gettable_ctx_params(const EVP_KEYEXCH *keyexch); +const OSSL_PARAM *EVP_KEYEXCH_settable_ctx_params(const EVP_KEYEXCH *keyexch); + +void EVP_add_alg_module(void); + +int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name); +int EVP_PKEY_CTX_get_group_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen); +int EVP_PKEY_get_group_name(const EVP_PKEY *pkey, char *name, size_t name_sz, + size_t *gname_len); + +OSSL_LIB_CTX *EVP_PKEY_CTX_get0_libctx(EVP_PKEY_CTX *ctx); +const char *EVP_PKEY_CTX_get0_propq(const EVP_PKEY_CTX *ctx); +const OSSL_PROVIDER *EVP_PKEY_CTX_get0_provider(const EVP_PKEY_CTX *ctx); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/evperr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/evperr.h new file mode 100644 index 000000000000..11f3faa459ed --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/evperr.h @@ -0,0 +1,137 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_EVPERR_H +# define OPENSSL_EVPERR_H +# pragma once + +# include +# include +# include + + + +/* + * EVP reason codes. + */ +# define EVP_R_AES_KEY_SETUP_FAILED 143 +# define EVP_R_ARIA_KEY_SETUP_FAILED 176 +# define EVP_R_BAD_ALGORITHM_NAME 200 +# define EVP_R_BAD_DECRYPT 100 +# define EVP_R_BAD_KEY_LENGTH 195 +# define EVP_R_BUFFER_TOO_SMALL 155 +# define EVP_R_CACHE_CONSTANTS_FAILED 225 +# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 +# define EVP_R_CANNOT_GET_PARAMETERS 197 +# define EVP_R_CANNOT_SET_PARAMETERS 198 +# define EVP_R_CIPHER_NOT_GCM_MODE 184 +# define EVP_R_CIPHER_PARAMETER_ERROR 122 +# define EVP_R_COMMAND_NOT_SUPPORTED 147 +# define EVP_R_CONFLICTING_ALGORITHM_NAME 201 +# define EVP_R_COPY_ERROR 173 +# define EVP_R_CTRL_NOT_IMPLEMENTED 132 +# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 +# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 +# define EVP_R_DECODE_ERROR 114 +# define EVP_R_DEFAULT_QUERY_PARSE_ERROR 210 +# define EVP_R_DIFFERENT_KEY_TYPES 101 +# define EVP_R_DIFFERENT_PARAMETERS 153 +# define EVP_R_ERROR_LOADING_SECTION 165 +# define EVP_R_EXPECTING_AN_HMAC_KEY 174 +# define EVP_R_EXPECTING_AN_RSA_KEY 127 +# define EVP_R_EXPECTING_A_DH_KEY 128 +# define EVP_R_EXPECTING_A_DSA_KEY 129 +# define EVP_R_EXPECTING_A_ECX_KEY 219 +# define EVP_R_EXPECTING_A_EC_KEY 142 +# define EVP_R_EXPECTING_A_POLY1305_KEY 164 +# define EVP_R_EXPECTING_A_SIPHASH_KEY 175 +# define EVP_R_FINAL_ERROR 188 +# define EVP_R_GENERATE_ERROR 214 +# define EVP_R_GET_RAW_KEY_FAILED 182 +# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171 +# define EVP_R_INACCESSIBLE_DOMAIN_PARAMETERS 204 +# define EVP_R_INACCESSIBLE_KEY 203 +# define EVP_R_INITIALIZATION_ERROR 134 +# define EVP_R_INPUT_NOT_INITIALIZED 111 +# define EVP_R_INVALID_CUSTOM_LENGTH 185 +# define EVP_R_INVALID_DIGEST 152 +# define EVP_R_INVALID_IV_LENGTH 194 +# define EVP_R_INVALID_KEY 163 +# define EVP_R_INVALID_KEY_LENGTH 130 +# define EVP_R_INVALID_LENGTH 221 +# define EVP_R_INVALID_NULL_ALGORITHM 218 +# define EVP_R_INVALID_OPERATION 148 +# define EVP_R_INVALID_PROVIDER_FUNCTIONS 193 +# define EVP_R_INVALID_SALT_LENGTH 186 +# define EVP_R_INVALID_SECRET_LENGTH 223 +# define EVP_R_INVALID_SEED_LENGTH 220 +# define EVP_R_INVALID_VALUE 222 +# define EVP_R_KEYMGMT_EXPORT_FAILURE 205 +# define EVP_R_KEY_SETUP_FAILED 180 +# define EVP_R_LOCKING_NOT_SUPPORTED 213 +# define EVP_R_MEMORY_LIMIT_EXCEEDED 172 +# define EVP_R_MESSAGE_DIGEST_IS_NULL 159 +# define EVP_R_METHOD_NOT_SUPPORTED 144 +# define EVP_R_MISSING_PARAMETERS 103 +# define EVP_R_NOT_ABLE_TO_COPY_CTX 190 +# define EVP_R_NOT_XOF_OR_INVALID_LENGTH 178 +# define EVP_R_NO_CIPHER_SET 131 +# define EVP_R_NO_DEFAULT_DIGEST 158 +# define EVP_R_NO_DIGEST_SET 139 +# define EVP_R_NO_IMPORT_FUNCTION 206 +# define EVP_R_NO_KEYMGMT_AVAILABLE 199 +# define EVP_R_NO_KEYMGMT_PRESENT 196 +# define EVP_R_NO_KEY_SET 154 +# define EVP_R_NO_OPERATION_SET 149 +# define EVP_R_NULL_MAC_PKEY_CTX 208 +# define EVP_R_ONLY_ONESHOT_SUPPORTED 177 +# define EVP_R_OPERATION_NOT_INITIALIZED 151 +# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 +# define EVP_R_OUTPUT_WOULD_OVERFLOW 202 +# define EVP_R_PARAMETER_TOO_LARGE 187 +# define EVP_R_PARTIALLY_OVERLAPPING 162 +# define EVP_R_PBKDF2_ERROR 181 +# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179 +# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 +# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 +# define EVP_R_PUBLIC_KEY_NOT_RSA 106 +# define EVP_R_SETTING_XOF_FAILED 227 +# define EVP_R_SET_DEFAULT_PROPERTY_FAILURE 209 +# define EVP_R_TOO_MANY_RECORDS 183 +# define EVP_R_UNABLE_TO_ENABLE_LOCKING 212 +# define EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE 215 +# define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH 216 +# define EVP_R_UNABLE_TO_LOCK_CONTEXT 211 +# define EVP_R_UNABLE_TO_SET_CALLBACKS 217 +# define EVP_R_UNKNOWN_BITS 166 +# define EVP_R_UNKNOWN_CIPHER 160 +# define EVP_R_UNKNOWN_DIGEST 161 +# define EVP_R_UNKNOWN_KEY_TYPE 207 +# define EVP_R_UNKNOWN_MAX_SIZE 167 +# define EVP_R_UNKNOWN_OPTION 169 +# define EVP_R_UNKNOWN_PBE_ALGORITHM 121 +# define EVP_R_UNKNOWN_SECURITY_BITS 168 +# define EVP_R_UNSUPPORTED_ALGORITHM 156 +# define EVP_R_UNSUPPORTED_CIPHER 107 +# define EVP_R_UNSUPPORTED_KEYLENGTH 123 +# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 +# define EVP_R_UNSUPPORTED_KEY_SIZE 108 +# define EVP_R_UNSUPPORTED_KEY_TYPE 224 +# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS 135 +# define EVP_R_UNSUPPORTED_PRF 125 +# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 +# define EVP_R_UNSUPPORTED_SALT_TYPE 126 +# define EVP_R_UPDATE_ERROR 189 +# define EVP_R_WRAP_MODE_NOT_ALLOWED 170 +# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 +# define EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE 191 +# define EVP_R_XTS_DUPLICATED_KEYS 192 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/fips_names.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/fips_names.h new file mode 100644 index 000000000000..5c77f6d69122 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/fips_names.h @@ -0,0 +1,77 @@ +/* + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_FIPS_NAMES_H +# define OPENSSL_FIPS_NAMES_H +# pragma once + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * Parameter names that the FIPS Provider defines + */ + +/* + * The calculated MAC of the module file (Used for FIPS Self Testing) + * Type: OSSL_PARAM_UTF8_STRING + */ +# define OSSL_PROV_FIPS_PARAM_MODULE_MAC "module-mac" +/* + * A version number for the fips install process (Used for FIPS Self Testing) + * Type: OSSL_PARAM_UTF8_STRING + */ +# define OSSL_PROV_FIPS_PARAM_INSTALL_VERSION "install-version" +/* + * The calculated MAC of the install status indicator (Used for FIPS Self Testing) + * Type: OSSL_PARAM_UTF8_STRING + */ +# define OSSL_PROV_FIPS_PARAM_INSTALL_MAC "install-mac" +/* + * The install status indicator (Used for FIPS Self Testing) + * Type: OSSL_PARAM_UTF8_STRING + */ +# define OSSL_PROV_FIPS_PARAM_INSTALL_STATUS "install-status" + +/* + * A boolean that determines if the FIPS conditional test errors result in + * the module entering an error state. + * Type: OSSL_PARAM_UTF8_STRING + */ +# define OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS "conditional-errors" + +/* + * A boolean that determines if the runtime FIPS security checks are performed. + * This is enabled by default. + * Type: OSSL_PARAM_UTF8_STRING + */ +# define OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS "security-checks" + +/* + * A boolean that determines if the runtime FIPS check for TLS1_PRF EMS is performed. + * This is disabled by default. + * Type: OSSL_PARAM_UTF8_STRING + */ +# define OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check" + +/* + * A boolean that determines if truncated digests can be used with Hash and HMAC + * DRBGs. FIPS 140-3 IG D.R disallows such use for efficiency rather than + * security reasons. + * This is disabled by default. + * Type: OSSL_PARAM_UTF8_STRING + */ +# define OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md" + +# ifdef __cplusplus +} +# endif + +#endif /* OPENSSL_FIPS_NAMES_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/hmac.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/hmac.h new file mode 100644 index 000000000000..f9e1bff3f747 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/hmac.h @@ -0,0 +1,62 @@ +/* + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_HMAC_H +# define OPENSSL_HMAC_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_HMAC_H +# endif + +# include + +# include + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HMAC_MAX_MD_CBLOCK 200 /* Deprecated */ +# endif + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 size_t HMAC_size(const HMAC_CTX *e); +OSSL_DEPRECATEDIN_3_0 HMAC_CTX *HMAC_CTX_new(void); +OSSL_DEPRECATEDIN_3_0 int HMAC_CTX_reset(HMAC_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 void HMAC_CTX_free(HMAC_CTX *ctx); +# endif +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +OSSL_DEPRECATEDIN_1_1_0 __owur int HMAC_Init(HMAC_CTX *ctx, + const void *key, int len, + const EVP_MD *md); +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md, ENGINE *impl); +OSSL_DEPRECATEDIN_3_0 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, + size_t len); +OSSL_DEPRECATEDIN_3_0 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, + unsigned int *len); +OSSL_DEPRECATEDIN_3_0 __owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); +OSSL_DEPRECATEDIN_3_0 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); +OSSL_DEPRECATEDIN_3_0 const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); +# endif + +unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + const unsigned char *data, size_t data_len, + unsigned char *md, unsigned int *md_len); + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/hpke.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/hpke.h new file mode 100644 index 000000000000..482acd22c38b --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/hpke.h @@ -0,0 +1,169 @@ +/* + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* APIs and data structures for HPKE (RFC9180) */ +#ifndef OSSL_HPKE_H +# define OSSL_HPKE_H +# pragma once + +# include + +/* HPKE modes */ +# define OSSL_HPKE_MODE_BASE 0 /* Base mode */ +# define OSSL_HPKE_MODE_PSK 1 /* Pre-shared key mode */ +# define OSSL_HPKE_MODE_AUTH 2 /* Authenticated mode */ +# define OSSL_HPKE_MODE_PSKAUTH 3 /* PSK+authenticated mode */ + +/* + * Max for ikm, psk, pskid, info and exporter contexts. + * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from + * Appendix A.6.1 with a 66 octet IKM so we'll allow that. + */ +# define OSSL_HPKE_MAX_PARMLEN 66 +# define OSSL_HPKE_MIN_PSKLEN 32 +# define OSSL_HPKE_MAX_INFOLEN 1024 + +/* + * The (16bit) HPKE algorithm ID IANA codepoints + * If/when new IANA codepoints are added there are tables in + * crypto/hpke/hpke_util.c that must also be updated. + */ +# define OSSL_HPKE_KEM_ID_RESERVED 0x0000 /* not used */ +# define OSSL_HPKE_KEM_ID_P256 0x0010 /* NIST P-256 */ +# define OSSL_HPKE_KEM_ID_P384 0x0011 /* NIST P-384 */ +# define OSSL_HPKE_KEM_ID_P521 0x0012 /* NIST P-521 */ +# define OSSL_HPKE_KEM_ID_X25519 0x0020 /* Curve25519 */ +# define OSSL_HPKE_KEM_ID_X448 0x0021 /* Curve448 */ + +# define OSSL_HPKE_KDF_ID_RESERVED 0x0000 /* not used */ +# define OSSL_HPKE_KDF_ID_HKDF_SHA256 0x0001 /* HKDF-SHA256 */ +# define OSSL_HPKE_KDF_ID_HKDF_SHA384 0x0002 /* HKDF-SHA384 */ +# define OSSL_HPKE_KDF_ID_HKDF_SHA512 0x0003 /* HKDF-SHA512 */ + +# define OSSL_HPKE_AEAD_ID_RESERVED 0x0000 /* not used */ +# define OSSL_HPKE_AEAD_ID_AES_GCM_128 0x0001 /* AES-GCM-128 */ +# define OSSL_HPKE_AEAD_ID_AES_GCM_256 0x0002 /* AES-GCM-256 */ +# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */ +# define OSSL_HPKE_AEAD_ID_EXPORTONLY 0xFFFF /* export-only fake ID */ + +/* strings for suite components */ +# define OSSL_HPKE_KEMSTR_P256 "P-256" /* KEM id 0x10 */ +# define OSSL_HPKE_KEMSTR_P384 "P-384" /* KEM id 0x11 */ +# define OSSL_HPKE_KEMSTR_P521 "P-521" /* KEM id 0x12 */ +# define OSSL_HPKE_KEMSTR_X25519 "X25519" /* KEM id 0x20 */ +# define OSSL_HPKE_KEMSTR_X448 "X448" /* KEM id 0x21 */ +# define OSSL_HPKE_KDFSTR_256 "hkdf-sha256" /* KDF id 1 */ +# define OSSL_HPKE_KDFSTR_384 "hkdf-sha384" /* KDF id 2 */ +# define OSSL_HPKE_KDFSTR_512 "hkdf-sha512" /* KDF id 3 */ +# define OSSL_HPKE_AEADSTR_AES128GCM "aes-128-gcm" /* AEAD id 1 */ +# define OSSL_HPKE_AEADSTR_AES256GCM "aes-256-gcm" /* AEAD id 2 */ +# define OSSL_HPKE_AEADSTR_CP "chacha20-poly1305" /* AEAD id 3 */ +# define OSSL_HPKE_AEADSTR_EXP "exporter" /* AEAD id 0xff */ + +/* + * Roles for use in creating an OSSL_HPKE_CTX, most + * important use of this is to control nonce reuse. + */ +# define OSSL_HPKE_ROLE_SENDER 0 +# define OSSL_HPKE_ROLE_RECEIVER 1 + +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct { + uint16_t kem_id; /* Key Encapsulation Method id */ + uint16_t kdf_id; /* Key Derivation Function id */ + uint16_t aead_id; /* AEAD alg id */ +} OSSL_HPKE_SUITE; + +/** + * Suite constants, use this like: + * OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT; + */ +# ifndef OPENSSL_NO_ECX +# define OSSL_HPKE_SUITE_DEFAULT \ + {\ + OSSL_HPKE_KEM_ID_X25519, \ + OSSL_HPKE_KDF_ID_HKDF_SHA256, \ + OSSL_HPKE_AEAD_ID_AES_GCM_128 \ + } +# else +# define OSSL_HPKE_SUITE_DEFAULT \ + {\ + OSSL_HPKE_KEM_ID_P256, \ + OSSL_HPKE_KDF_ID_HKDF_SHA256, \ + OSSL_HPKE_AEAD_ID_AES_GCM_128 \ + } +#endif + +typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX; + +OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role, + OSSL_LIB_CTX *libctx, const char *propq); +void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx); + +int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx, + unsigned char *enc, size_t *enclen, + const unsigned char *pub, size_t publen, + const unsigned char *info, size_t infolen); +int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx, + unsigned char *ct, size_t *ctlen, + const unsigned char *aad, size_t aadlen, + const unsigned char *pt, size_t ptlen); + +int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite, + unsigned char *pub, size_t *publen, EVP_PKEY **priv, + const unsigned char *ikm, size_t ikmlen, + OSSL_LIB_CTX *libctx, const char *propq); +int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx, + const unsigned char *enc, size_t enclen, + EVP_PKEY *recippriv, + const unsigned char *info, size_t infolen); +int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx, + unsigned char *pt, size_t *ptlen, + const unsigned char *aad, size_t aadlen, + const unsigned char *ct, size_t ctlen); + +int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx, + unsigned char *secret, + size_t secretlen, + const unsigned char *label, + size_t labellen); + +int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv); +int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx, + const unsigned char *pub, + size_t publen); +int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx, + const char *pskid, + const unsigned char *psk, size_t psklen); + +int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx, + const unsigned char *ikme, size_t ikmelen); + +int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq); +int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq); + +int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite); +int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in, + OSSL_HPKE_SUITE *suite, + unsigned char *enc, size_t *enclen, + unsigned char *ct, size_t ctlen, + OSSL_LIB_CTX *libctx, const char *propq); +int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite); +size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen); +size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite); +size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite); + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/http.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/http.h new file mode 100644 index 000000000000..8f4e9da30b36 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/http.h @@ -0,0 +1,117 @@ +/* + * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Siemens AG 2018-2020 + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_HTTP_H +# define OPENSSL_HTTP_H +# pragma once + +# include + +# include +# include +# include + + +# ifdef __cplusplus +extern "C" { +# endif + +# define OSSL_HTTP_NAME "http" +# define OSSL_HTTPS_NAME "https" +# define OSSL_HTTP_PREFIX OSSL_HTTP_NAME"://" +# define OSSL_HTTPS_PREFIX OSSL_HTTPS_NAME"://" +# define OSSL_HTTP_PORT "80" +# define OSSL_HTTPS_PORT "443" +# define OPENSSL_NO_PROXY "NO_PROXY" +# define OPENSSL_HTTP_PROXY "HTTP_PROXY" +# define OPENSSL_HTTPS_PROXY "HTTPS_PROXY" + +# ifndef OPENSSL_NO_HTTP + +#define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024) +#define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024) +#define OSSL_HTTP_DEFAULT_MAX_RESP_HDR_LINES 256 + + +/* Low-level HTTP API */ +OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int buf_size); +void OSSL_HTTP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx); +int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST, + const char *server, const char *port, + const char *path); +int OSSL_HTTP_REQ_CTX_add1_header(OSSL_HTTP_REQ_CTX *rctx, + const char *name, const char *value); +int OSSL_HTTP_REQ_CTX_set_expected(OSSL_HTTP_REQ_CTX *rctx, + const char *content_type, int asn1, + int timeout, int keep_alive); +int OSSL_HTTP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const char *content_type, + const ASN1_ITEM *it, const ASN1_VALUE *req); +int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx); +int OSSL_HTTP_REQ_CTX_nbio_d2i(OSSL_HTTP_REQ_CTX *rctx, + ASN1_VALUE **pval, const ASN1_ITEM *it); +BIO *OSSL_HTTP_REQ_CTX_exchange(OSSL_HTTP_REQ_CTX *rctx); +BIO *OSSL_HTTP_REQ_CTX_get0_mem_bio(const OSSL_HTTP_REQ_CTX *rctx); +size_t OSSL_HTTP_REQ_CTX_get_resp_len(const OSSL_HTTP_REQ_CTX *rctx); +void OSSL_HTTP_REQ_CTX_set_max_response_length(OSSL_HTTP_REQ_CTX *rctx, + unsigned long len); +int OSSL_HTTP_is_alive(const OSSL_HTTP_REQ_CTX *rctx); + +/* High-level HTTP API */ +typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail); +OSSL_HTTP_REQ_CTX *OSSL_HTTP_open(const char *server, const char *port, + const char *proxy, const char *no_proxy, + int use_ssl, BIO *bio, BIO *rbio, + OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, + int buf_size, int overall_timeout); +int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port, + const char *proxyuser, const char *proxypass, + int timeout, BIO *bio_err, const char *prog); +int OSSL_HTTP_set1_request(OSSL_HTTP_REQ_CTX *rctx, const char *path, + const STACK_OF(CONF_VALUE) *headers, + const char *content_type, BIO *req, + const char *expected_content_type, int expect_asn1, + size_t max_resp_len, int timeout, int keep_alive); +BIO *OSSL_HTTP_exchange(OSSL_HTTP_REQ_CTX *rctx, char **redirection_url); +BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy, + BIO *bio, BIO *rbio, + OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, + int buf_size, const STACK_OF(CONF_VALUE) *headers, + const char *expected_content_type, int expect_asn1, + size_t max_resp_len, int timeout); +BIO *OSSL_HTTP_transfer(OSSL_HTTP_REQ_CTX **prctx, + const char *server, const char *port, + const char *path, int use_ssl, + const char *proxy, const char *no_proxy, + BIO *bio, BIO *rbio, + OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, + int buf_size, const STACK_OF(CONF_VALUE) *headers, + const char *content_type, BIO *req, + const char *expected_content_type, int expect_asn1, + size_t max_resp_len, int timeout, int keep_alive); +int OSSL_HTTP_close(OSSL_HTTP_REQ_CTX *rctx, int ok); + +/* Auxiliary functions */ +int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost, + char **pport, int *pport_num, + char **ppath, char **pquery, char **pfrag); +int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost, + char **pport, int *pport_num, + char **ppath, char **pquery, char **pfrag); +const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy, + const char *server, int use_ssl); + +void OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines(OSSL_HTTP_REQ_CTX *rctx, + size_t count); + +# endif /* !defined(OPENSSL_NO_HTTP) */ +# ifdef __cplusplus +} +# endif +#endif /* !defined(OPENSSL_HTTP_H) */ diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/httperr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/httperr.h new file mode 100644 index 000000000000..ae7f00cac0a1 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/httperr.h @@ -0,0 +1,56 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_HTTPERR_H +# define OPENSSL_HTTPERR_H +# pragma once + +# include +# include +# include + + + +/* + * HTTP reason codes. + */ +# define HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN 108 +# define HTTP_R_CONNECT_FAILURE 100 +# define HTTP_R_ERROR_PARSING_ASN1_LENGTH 109 +# define HTTP_R_ERROR_PARSING_CONTENT_LENGTH 119 +# define HTTP_R_ERROR_PARSING_URL 101 +# define HTTP_R_ERROR_RECEIVING 103 +# define HTTP_R_ERROR_SENDING 102 +# define HTTP_R_FAILED_READING_DATA 128 +# define HTTP_R_HEADER_PARSE_ERROR 126 +# define HTTP_R_INCONSISTENT_CONTENT_LENGTH 120 +# define HTTP_R_INVALID_PORT_NUMBER 123 +# define HTTP_R_INVALID_URL_PATH 125 +# define HTTP_R_INVALID_URL_SCHEME 124 +# define HTTP_R_MAX_RESP_LEN_EXCEEDED 117 +# define HTTP_R_MISSING_ASN1_ENCODING 110 +# define HTTP_R_MISSING_CONTENT_TYPE 121 +# define HTTP_R_MISSING_REDIRECT_LOCATION 111 +# define HTTP_R_RECEIVED_ERROR 105 +# define HTTP_R_RECEIVED_WRONG_HTTP_VERSION 106 +# define HTTP_R_REDIRECTION_FROM_HTTPS_TO_HTTP 112 +# define HTTP_R_REDIRECTION_NOT_ENABLED 116 +# define HTTP_R_RESPONSE_LINE_TOO_LONG 113 +# define HTTP_R_RESPONSE_PARSE_ERROR 104 +# define HTTP_R_RESPONSE_TOO_MANY_HDRLINES 130 +# define HTTP_R_RETRY_TIMEOUT 129 +# define HTTP_R_SERVER_CANCELED_CONNECTION 127 +# define HTTP_R_SOCK_NOT_SUPPORTED 122 +# define HTTP_R_STATUS_CODE_UNSUPPORTED 114 +# define HTTP_R_TLS_NOT_ENABLED 107 +# define HTTP_R_TOO_MANY_REDIRECTIONS 115 +# define HTTP_R_UNEXPECTED_CONTENT_TYPE 118 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/idea.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/idea.h new file mode 100644 index 000000000000..1f9bb3b3c71f --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/idea.h @@ -0,0 +1,82 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_IDEA_H +# define OPENSSL_IDEA_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_IDEA_H +# endif + +# include + +# ifndef OPENSSL_NO_IDEA +# ifdef __cplusplus +extern "C" { +# endif + +# define IDEA_BLOCK 8 +# define IDEA_KEY_LENGTH 16 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 + +typedef unsigned int IDEA_INT; + +# define IDEA_ENCRYPT 1 +# define IDEA_DECRYPT 0 + +typedef struct idea_key_st { + IDEA_INT data[9][6]; +} IDEA_KEY_SCHEDULE; +#endif +#ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 const char *IDEA_options(void); +OSSL_DEPRECATEDIN_3_0 void IDEA_ecb_encrypt(const unsigned char *in, + unsigned char *out, + IDEA_KEY_SCHEDULE *ks); +OSSL_DEPRECATEDIN_3_0 void IDEA_set_encrypt_key(const unsigned char *key, + IDEA_KEY_SCHEDULE *ks); +OSSL_DEPRECATEDIN_3_0 void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, + IDEA_KEY_SCHEDULE *dk); +OSSL_DEPRECATEDIN_3_0 void IDEA_cbc_encrypt(const unsigned char *in, + unsigned char *out, long length, + IDEA_KEY_SCHEDULE *ks, + unsigned char *iv, int enc); +OSSL_DEPRECATEDIN_3_0 void IDEA_cfb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + IDEA_KEY_SCHEDULE *ks, + unsigned char *iv, int *num, + int enc); +OSSL_DEPRECATEDIN_3_0 void IDEA_ofb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + IDEA_KEY_SCHEDULE *ks, + unsigned char *iv, int *num); +OSSL_DEPRECATEDIN_3_0 void IDEA_encrypt(unsigned long *in, + IDEA_KEY_SCHEDULE *ks); +#endif + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define idea_options IDEA_options +# define idea_ecb_encrypt IDEA_ecb_encrypt +# define idea_set_encrypt_key IDEA_set_encrypt_key +# define idea_set_decrypt_key IDEA_set_decrypt_key +# define idea_cbc_encrypt IDEA_cbc_encrypt +# define idea_cfb64_encrypt IDEA_cfb64_encrypt +# define idea_ofb64_encrypt IDEA_ofb64_encrypt +# define idea_encrypt IDEA_encrypt +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/kdf.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/kdf.h new file mode 100644 index 000000000000..0983230a488a --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/kdf.h @@ -0,0 +1,138 @@ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_KDF_H +# define OPENSSL_KDF_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_KDF_H +# endif + +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int EVP_KDF_up_ref(EVP_KDF *kdf); +void EVP_KDF_free(EVP_KDF *kdf); +EVP_KDF *EVP_KDF_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, + const char *properties); + +EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf); +void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); +EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src); +const char *EVP_KDF_get0_description(const EVP_KDF *kdf); +int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name); +const char *EVP_KDF_get0_name(const EVP_KDF *kdf); +const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf); +const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx); + +void EVP_KDF_CTX_reset(EVP_KDF_CTX *ctx); +size_t EVP_KDF_CTX_get_kdf_size(EVP_KDF_CTX *ctx); +int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen, + const OSSL_PARAM params[]); +int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]); +int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]); +int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]); +const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf); +const OSSL_PARAM *EVP_KDF_gettable_ctx_params(const EVP_KDF *kdf); +const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf); +const OSSL_PARAM *EVP_KDF_CTX_gettable_params(EVP_KDF_CTX *ctx); +const OSSL_PARAM *EVP_KDF_CTX_settable_params(EVP_KDF_CTX *ctx); + +void EVP_KDF_do_all_provided(OSSL_LIB_CTX *libctx, + void (*fn)(EVP_KDF *kdf, void *arg), + void *arg); +int EVP_KDF_names_do_all(const EVP_KDF *kdf, + void (*fn)(const char *name, void *data), + void *data); + +# define EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND 0 +# define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 +# define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2 + +#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65 +#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66 +#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67 +#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI 68 +#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV 69 +#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI 70 + +/**** The legacy PKEY-based KDF API follows. ****/ + +# define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL) +# define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_TLS_SEED (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_HKDF_MODE (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_PASS (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_SCRYPT_SALT (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_SCRYPT_N (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_SCRYPT_R (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_SCRYPT_P (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES (EVP_PKEY_ALG_CTRL + 13) + +# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND \ + EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND +# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY \ + EVP_KDF_HKDF_MODE_EXTRACT_ONLY +# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY \ + EVP_KDF_HKDF_MODE_EXPAND_ONLY + +int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); + +int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx, + const unsigned char *sec, int seclen); + +int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx, + const unsigned char *seed, int seedlen); + +int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); + +int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *ctx, + const unsigned char *salt, int saltlen); + +int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx, + const unsigned char *key, int keylen); + +int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx, + const unsigned char *info, int infolen); + +int EVP_PKEY_CTX_set_hkdf_mode(EVP_PKEY_CTX *ctx, int mode); +# define EVP_PKEY_CTX_hkdf_mode EVP_PKEY_CTX_set_hkdf_mode + +int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *ctx, const char *pass, + int passlen); + +int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *ctx, + const unsigned char *salt, int saltlen); + +int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *ctx, uint64_t n); + +int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *ctx, uint64_t r); + +int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *ctx, uint64_t p); + +int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *ctx, + uint64_t maxmem_bytes); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/kdferr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/kdferr.h new file mode 100644 index 000000000000..963d766dfc85 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/kdferr.h @@ -0,0 +1,16 @@ +/* + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_KDFERR_H +# define OPENSSL_KDFERR_H +# pragma once + +#include + +#endif /* !defined(OPENSSL_KDFERR_H) */ diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/lhash.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/lhash.h index 8af9edd24a83..62c55b20fd97 100644 --- a/contrib/openssl-cmake/linux_x86_64/include/openssl/lhash.h +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/lhash.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -34,9 +34,13 @@ extern "C" { typedef struct lhash_node_st OPENSSL_LH_NODE; typedef int (*OPENSSL_LH_COMPFUNC) (const void *, const void *); +typedef int (*OPENSSL_LH_COMPFUNCTHUNK) (const void *, const void *, OPENSSL_LH_COMPFUNC cfn); typedef unsigned long (*OPENSSL_LH_HASHFUNC) (const void *); +typedef unsigned long (*OPENSSL_LH_HASHFUNCTHUNK) (const void *, OPENSSL_LH_HASHFUNC hfn); typedef void (*OPENSSL_LH_DOALL_FUNC) (void *); +typedef void (*OPENSSL_LH_DOALL_FUNC_THUNK) (void *, OPENSSL_LH_DOALL_FUNC doall); typedef void (*OPENSSL_LH_DOALL_FUNCARG) (void *, void *); +typedef void (*OPENSSL_LH_DOALL_FUNCARG_THUNK) (void *, void *, OPENSSL_LH_DOALL_FUNCARG doall); typedef struct lhash_st OPENSSL_LHASH; /* @@ -82,13 +86,23 @@ typedef struct lhash_st OPENSSL_LHASH; int OPENSSL_LH_error(OPENSSL_LHASH *lh); OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c); +OPENSSL_LHASH *OPENSSL_LH_set_thunks(OPENSSL_LHASH *lh, + OPENSSL_LH_HASHFUNCTHUNK hw, + OPENSSL_LH_COMPFUNCTHUNK cw, + OPENSSL_LH_DOALL_FUNC_THUNK daw, + OPENSSL_LH_DOALL_FUNCARG_THUNK daaw); void OPENSSL_LH_free(OPENSSL_LHASH *lh); void OPENSSL_LH_flush(OPENSSL_LHASH *lh); void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data); void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data); void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data); void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func); -void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg); +void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, + OPENSSL_LH_DOALL_FUNCARG func, void *arg); +void OPENSSL_LH_doall_arg_thunk(OPENSSL_LHASH *lh, + OPENSSL_LH_DOALL_FUNCARG_THUNK daaw, + OPENSSL_LH_DOALL_FUNCARG fn, void *arg); + unsigned long OPENSSL_LH_strhash(const char *c); unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh); unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh); @@ -142,6 +156,26 @@ OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH * typedef int (*lh_##type##_compfunc)(const type *a, const type *b); \ typedef unsigned long (*lh_##type##_hashfunc)(const type *a); \ typedef void (*lh_##type##_doallfunc)(type *a); \ + static ossl_inline unsigned long lh_##type##_hash_thunk(const void *data, OPENSSL_LH_HASHFUNC hfn) \ + { \ + unsigned long (*hfn_conv)(const type *) = (unsigned long (*)(const type *))hfn; \ + return hfn_conv((const type *)data); \ + } \ + static ossl_inline int lh_##type##_comp_thunk(const void *da, const void *db, OPENSSL_LH_COMPFUNC cfn) \ + { \ + int (*cfn_conv)(const type *, const type *) = (int (*)(const type *, const type *))cfn; \ + return cfn_conv((const type *)da, (const type *)db); \ + } \ + static ossl_inline void lh_##type##_doall_thunk(void *node, OPENSSL_LH_DOALL_FUNC doall) \ + { \ + void (*doall_conv)(type *) = (void (*)(type *))doall; \ + doall_conv((type *)node); \ + } \ + static ossl_inline void lh_##type##_doall_arg_thunk(void *node, void *arg, OPENSSL_LH_DOALL_FUNCARG doall) \ + { \ + void (*doall_conv)(type *, void *) = (void (*)(type *, void *))doall; \ + doall_conv((type *)node, arg); \ + } \ static ossl_unused ossl_inline type *\ ossl_check_##type##_lh_plain_type(type *ptr) \ { \ @@ -204,12 +238,16 @@ OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH * LHASH_OF(type) { \ union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; \ }; \ - static ossl_unused ossl_inline LHASH_OF(type) * \ - lh_##type##_new(unsigned long (*hfn)(const type *), \ - int (*cfn)(const type *, const type *)) \ + static unsigned long \ + lh_##type##_hfn_thunk(const void *data, OPENSSL_LH_HASHFUNC hfn) \ { \ - return (LHASH_OF(type) *) \ - OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \ + unsigned long (*hfn_conv)(const type *) = (unsigned long (*)(const type *))hfn; \ + return hfn_conv((const type *)data); \ + } \ + static int lh_##type##_cfn_thunk(const void *da, const void *db, OPENSSL_LH_COMPFUNC cfn) \ + { \ + int (*cfn_conv)(const type *, const type *) = (int (*)(const type *, const type *))cfn; \ + return cfn_conv((const type *)da, (const type *)db); \ } \ static ossl_unused ossl_inline void \ lh_##type##_free(LHASH_OF(type) *lh) \ @@ -257,10 +295,31 @@ OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH * OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \ } \ static ossl_unused ossl_inline void \ + lh_##type##_doall_thunk(void *node, OPENSSL_LH_DOALL_FUNC doall) \ + { \ + void (*doall_conv)(type *) = (void (*)(type *))doall; \ + doall_conv((type *)node); \ + } \ + static ossl_unused ossl_inline void \ + lh_##type##_doall_arg_thunk(void *node, void *arg, OPENSSL_LH_DOALL_FUNCARG doall) \ + { \ + void (*doall_conv)(type *, void *) = (void (*)(type *, void *))doall; \ + doall_conv((type *)node, arg); \ + } \ + static ossl_unused ossl_inline void \ lh_##type##_doall(LHASH_OF(type) *lh, void (*doall)(type *)) \ { \ OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \ } \ + static ossl_unused ossl_inline LHASH_OF(type) * \ + lh_##type##_new(unsigned long (*hfn)(const type *), \ + int (*cfn)(const type *, const type *)) \ + { \ + return (LHASH_OF(type) *)OPENSSL_LH_set_thunks(OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn), \ + lh_##type##_hfn_thunk, lh_##type##_cfn_thunk, \ + lh_##type##_doall_thunk, \ + lh_##type##_doall_arg_thunk); \ + } \ static ossl_unused ossl_inline void \ lh_##type##_doall_arg(LHASH_OF(type) *lh, \ void (*doallarg)(type *, void *), void *arg) \ @@ -282,18 +341,26 @@ OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH * int_implement_lhash_doall(type, argtype, type) #define int_implement_lhash_doall(type, argtype, cbargtype) \ + static ossl_unused ossl_inline void \ + lh_##type##_doall_##argtype##_thunk(void *node, void *arg, OPENSSL_LH_DOALL_FUNCARG fn) \ + { \ + void (*fn_conv)(cbargtype *, argtype *) = (void (*)(cbargtype *, argtype *))fn; \ + fn_conv((cbargtype *)node, (argtype *)arg); \ + } \ static ossl_unused ossl_inline void \ lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \ void (*fn)(cbargtype *, argtype *), \ argtype *arg) \ { \ - OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, \ - (OPENSSL_LH_DOALL_FUNCARG)fn, (void *)arg); \ + OPENSSL_LH_doall_arg_thunk((OPENSSL_LHASH *)lh, \ + lh_##type##_doall_##argtype##_thunk, \ + (OPENSSL_LH_DOALL_FUNCARG)fn, \ + (void *)arg); \ } \ LHASH_OF(type) DEFINE_LHASH_OF_INTERNAL(OPENSSL_STRING); -#define lh_OPENSSL_STRING_new(hfn, cmp) ((LHASH_OF(OPENSSL_STRING) *)OPENSSL_LH_new(ossl_check_OPENSSL_STRING_lh_hashfunc_type(hfn), ossl_check_OPENSSL_STRING_lh_compfunc_type(cmp))) +#define lh_OPENSSL_STRING_new(hfn, cmp) ((LHASH_OF(OPENSSL_STRING) *)OPENSSL_LH_set_thunks(OPENSSL_LH_new(ossl_check_OPENSSL_STRING_lh_hashfunc_type(hfn), ossl_check_OPENSSL_STRING_lh_compfunc_type(cmp)), lh_OPENSSL_STRING_hash_thunk, lh_OPENSSL_STRING_comp_thunk, lh_OPENSSL_STRING_doall_thunk, lh_OPENSSL_STRING_doall_arg_thunk)) #define lh_OPENSSL_STRING_free(lh) OPENSSL_LH_free(ossl_check_OPENSSL_STRING_lh_type(lh)) #define lh_OPENSSL_STRING_flush(lh) OPENSSL_LH_flush(ossl_check_OPENSSL_STRING_lh_type(lh)) #define lh_OPENSSL_STRING_insert(lh, ptr) ((OPENSSL_STRING *)OPENSSL_LH_insert(ossl_check_OPENSSL_STRING_lh_type(lh), ossl_check_OPENSSL_STRING_lh_plain_type(ptr))) @@ -308,7 +375,7 @@ DEFINE_LHASH_OF_INTERNAL(OPENSSL_STRING); #define lh_OPENSSL_STRING_set_down_load(lh, dl) OPENSSL_LH_set_down_load(ossl_check_OPENSSL_STRING_lh_type(lh), dl) #define lh_OPENSSL_STRING_doall(lh, dfn) OPENSSL_LH_doall(ossl_check_OPENSSL_STRING_lh_type(lh), ossl_check_OPENSSL_STRING_lh_doallfunc_type(dfn)) DEFINE_LHASH_OF_INTERNAL(OPENSSL_CSTRING); -#define lh_OPENSSL_CSTRING_new(hfn, cmp) ((LHASH_OF(OPENSSL_CSTRING) *)OPENSSL_LH_new(ossl_check_OPENSSL_CSTRING_lh_hashfunc_type(hfn), ossl_check_OPENSSL_CSTRING_lh_compfunc_type(cmp))) +#define lh_OPENSSL_CSTRING_new(hfn, cmp) ((LHASH_OF(OPENSSL_CSTRING) *)OPENSSL_LH_set_thunks(OPENSSL_LH_new(ossl_check_OPENSSL_CSTRING_lh_hashfunc_type(hfn), ossl_check_OPENSSL_CSTRING_lh_compfunc_type(cmp)), lh_OPENSSL_CSTRING_hash_thunk, lh_OPENSSL_CSTRING_comp_thunk, lh_OPENSSL_CSTRING_doall_thunk, lh_OPENSSL_CSTRING_doall_arg_thunk)) #define lh_OPENSSL_CSTRING_free(lh) OPENSSL_LH_free(ossl_check_OPENSSL_CSTRING_lh_type(lh)) #define lh_OPENSSL_CSTRING_flush(lh) OPENSSL_LH_flush(ossl_check_OPENSSL_CSTRING_lh_type(lh)) #define lh_OPENSSL_CSTRING_insert(lh, ptr) ((OPENSSL_CSTRING *)OPENSSL_LH_insert(ossl_check_OPENSSL_CSTRING_lh_type(lh), ossl_check_OPENSSL_CSTRING_lh_plain_type(ptr))) diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/macros.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/macros.h new file mode 100644 index 000000000000..e9ef9387470c --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/macros.h @@ -0,0 +1,326 @@ +/* + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_MACROS_H +# define OPENSSL_MACROS_H +# pragma once + +#include +#include + + +/* Helper macros for CPP string composition */ +# define OPENSSL_MSTR_HELPER(x) #x +# define OPENSSL_MSTR(x) OPENSSL_MSTR_HELPER(x) + +/* + * Sometimes OPENSSL_NO_xxx ends up with an empty file and some compilers + * don't like that. This will hopefully silence them. + */ +# define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy; + +/* + * Generic deprecation macro + * + * If OPENSSL_SUPPRESS_DEPRECATED is defined, then OSSL_DEPRECATED and + * OSSL_DEPRECATED_FOR become no-ops + */ +# ifndef OSSL_DEPRECATED +# undef OSSL_DEPRECATED_FOR +# ifndef OPENSSL_SUPPRESS_DEPRECATED +# if defined(_MSC_VER) + /* + * MSVC supports __declspec(deprecated) since MSVC 2003 (13.10), + * and __declspec(deprecated(message)) since MSVC 2005 (14.00) + */ +# if _MSC_VER >= 1400 +# define OSSL_DEPRECATED(since) \ + __declspec(deprecated("Since OpenSSL " # since)) +# define OSSL_DEPRECATED_FOR(since, message) \ + __declspec(deprecated("Since OpenSSL " # since ";" message)) +# elif _MSC_VER >= 1310 +# define OSSL_DEPRECATED(since) __declspec(deprecated) +# define OSSL_DEPRECATED_FOR(since, message) __declspec(deprecated) +# endif +# elif defined(__GNUC__) + /* + * According to GCC documentation, deprecations with message appeared in + * GCC 4.5.0 + */ +# if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) +# define OSSL_DEPRECATED(since) \ + __attribute__((deprecated("Since OpenSSL " # since))) +# define OSSL_DEPRECATED_FOR(since, message) \ + __attribute__((deprecated("Since OpenSSL " # since ";" message))) +# elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# define OSSL_DEPRECATED(since) __attribute__((deprecated)) +# define OSSL_DEPRECATED_FOR(since, message) __attribute__((deprecated)) +# endif +# elif defined(__SUNPRO_C) +# if (__SUNPRO_C >= 0x5130) +# define OSSL_DEPRECATED(since) __attribute__ ((deprecated)) +# define OSSL_DEPRECATED_FOR(since, message) __attribute__ ((deprecated)) +# endif +# endif +# endif +# endif + +/* + * Still not defined? Then define no-op macros. This means these macros + * are unsuitable for use in a typedef. + */ +# ifndef OSSL_DEPRECATED +# define OSSL_DEPRECATED(since) extern +# define OSSL_DEPRECATED_FOR(since, message) extern +# endif + +/* + * Applications should use -DOPENSSL_API_COMPAT= to suppress the + * declarations of functions deprecated in or before . If this is + * undefined, the value of the macro OPENSSL_CONFIGURED_API (defined in + * ) is the default. + * + * For any version number up until version 1.1.x, is expected to be + * the calculated version number 0xMNNFFPPSL. + * For version numbers 3.0 and on, is expected to be a computation + * of the major and minor numbers in decimal using this formula: + * + * MAJOR * 10000 + MINOR * 100 + * + * So version 3.0 becomes 30000, version 3.2 becomes 30200, etc. + */ + +/* + * We use the OPENSSL_API_COMPAT value to define API level macros. These + * macros are used to enable or disable features at that API version boundary. + */ + +# ifdef OPENSSL_API_LEVEL +# error "OPENSSL_API_LEVEL must not be defined by application" +# endif + +/* + * We figure out what API level was intended by simple numeric comparison. + * The lowest old style number we recognise is 0x00908000L, so we take some + * safety margin and assume that anything below 0x00900000L is a new style + * number. This allows new versions up to and including v943.71.83. + */ +# ifdef OPENSSL_API_COMPAT +# if OPENSSL_API_COMPAT < 0x900000L +# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT) +# else +# define OPENSSL_API_LEVEL \ + (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \ + + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \ + + ((OPENSSL_API_COMPAT >> 12) & 0xFF)) +# endif +# endif + +/* + * If OPENSSL_API_COMPAT wasn't given, we use default numbers to set + * the API compatibility level. + */ +# ifndef OPENSSL_API_LEVEL +# if OPENSSL_CONFIGURED_API > 0 +# define OPENSSL_API_LEVEL (OPENSSL_CONFIGURED_API) +# else +# define OPENSSL_API_LEVEL \ + (OPENSSL_VERSION_MAJOR * 10000 + OPENSSL_VERSION_MINOR * 100) +# endif +# endif + +# if OPENSSL_API_LEVEL > OPENSSL_CONFIGURED_API +# error "The requested API level higher than the configured API compatibility level" +# endif + +/* + * Check of sane values. + */ +/* Can't go higher than the current version. */ +# if OPENSSL_API_LEVEL > (OPENSSL_VERSION_MAJOR * 10000 + OPENSSL_VERSION_MINOR * 100) +# error "OPENSSL_API_COMPAT expresses an impossible API compatibility level" +# endif +/* OpenSSL will have no version 2.y.z */ +# if OPENSSL_API_LEVEL < 30000 && OPENSSL_API_LEVEL >= 20000 +# error "OPENSSL_API_COMPAT expresses an impossible API compatibility level" +# endif +/* Below 0.9.8 is unacceptably low */ +# if OPENSSL_API_LEVEL < 908 +# error "OPENSSL_API_COMPAT expresses an impossible API compatibility level" +# endif + +/* + * Define macros for deprecation and simulated removal purposes. + * + * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for + * all OpenSSL versions we care for. They can be used as attributes + * in function declarations where appropriate. + * + * The macros OPENSSL_NO_DEPRECATED_{major}_{minor} are defined for + * all OpenSSL versions up to or equal to the version given with + * OPENSSL_API_COMPAT. They are used as guards around anything that's + * deprecated up to that version, as an effect of the developer option + * 'no-deprecated'. + */ + +# undef OPENSSL_NO_DEPRECATED_3_1 +# undef OPENSSL_NO_DEPRECATED_3_0 +# undef OPENSSL_NO_DEPRECATED_1_1_1 +# undef OPENSSL_NO_DEPRECATED_1_1_0 +# undef OPENSSL_NO_DEPRECATED_1_0_2 +# undef OPENSSL_NO_DEPRECATED_1_0_1 +# undef OPENSSL_NO_DEPRECATED_1_0_0 +# undef OPENSSL_NO_DEPRECATED_0_9_8 + +# if OPENSSL_API_LEVEL >= 30100 +# ifndef OPENSSL_NO_DEPRECATED +# define OSSL_DEPRECATEDIN_3_1 OSSL_DEPRECATED(3.1) +# define OSSL_DEPRECATEDIN_3_1_FOR(msg) OSSL_DEPRECATED_FOR(3.1, msg) +# else +# define OPENSSL_NO_DEPRECATED_3_1 +# endif +# else +# define OSSL_DEPRECATEDIN_3_1 +# define OSSL_DEPRECATEDIN_3_1_FOR(msg) +# endif +# if OPENSSL_API_LEVEL >= 30000 +# ifndef OPENSSL_NO_DEPRECATED +# define OSSL_DEPRECATEDIN_3_0 OSSL_DEPRECATED(3.0) +# define OSSL_DEPRECATEDIN_3_0_FOR(msg) OSSL_DEPRECATED_FOR(3.0, msg) +# else +# define OPENSSL_NO_DEPRECATED_3_0 +# endif +# else +# define OSSL_DEPRECATEDIN_3_0 +# define OSSL_DEPRECATEDIN_3_0_FOR(msg) +# endif +# if OPENSSL_API_LEVEL >= 10101 +# ifndef OPENSSL_NO_DEPRECATED +# define OSSL_DEPRECATEDIN_1_1_1 OSSL_DEPRECATED(1.1.1) +# define OSSL_DEPRECATEDIN_1_1_1_FOR(msg) OSSL_DEPRECATED_FOR(1.1.1, msg) +# else +# define OPENSSL_NO_DEPRECATED_1_1_1 +# endif +# else +# define OSSL_DEPRECATEDIN_1_1_1 +# define OSSL_DEPRECATEDIN_1_1_1_FOR(msg) +# endif +# if OPENSSL_API_LEVEL >= 10100 +# ifndef OPENSSL_NO_DEPRECATED +# define OSSL_DEPRECATEDIN_1_1_0 OSSL_DEPRECATED(1.1.0) +# define OSSL_DEPRECATEDIN_1_1_0_FOR(msg) OSSL_DEPRECATED_FOR(1.1.0, msg) +# else +# define OPENSSL_NO_DEPRECATED_1_1_0 +# endif +# else +# define OSSL_DEPRECATEDIN_1_1_0 +# define OSSL_DEPRECATEDIN_1_1_0_FOR(msg) +# endif +# if OPENSSL_API_LEVEL >= 10002 +# ifndef OPENSSL_NO_DEPRECATED +# define OSSL_DEPRECATEDIN_1_0_2 OSSL_DEPRECATED(1.0.2) +# define OSSL_DEPRECATEDIN_1_0_2_FOR(msg) OSSL_DEPRECATED_FOR(1.0.2, msg) +# else +# define OPENSSL_NO_DEPRECATED_1_0_2 +# endif +# else +# define OSSL_DEPRECATEDIN_1_0_2 +# define OSSL_DEPRECATEDIN_1_0_2_FOR(msg) +# endif +# if OPENSSL_API_LEVEL >= 10001 +# ifndef OPENSSL_NO_DEPRECATED +# define OSSL_DEPRECATEDIN_1_0_1 OSSL_DEPRECATED(1.0.1) +# define OSSL_DEPRECATEDIN_1_0_1_FOR(msg) OSSL_DEPRECATED_FOR(1.0.1, msg) +# else +# define OPENSSL_NO_DEPRECATED_1_0_1 +# endif +# else +# define OSSL_DEPRECATEDIN_1_0_1 +# define OSSL_DEPRECATEDIN_1_0_1_FOR(msg) +# endif +# if OPENSSL_API_LEVEL >= 10000 +# ifndef OPENSSL_NO_DEPRECATED +# define OSSL_DEPRECATEDIN_1_0_0 OSSL_DEPRECATED(1.0.0) +# define OSSL_DEPRECATEDIN_1_0_0_FOR(msg) OSSL_DEPRECATED_FOR(1.0.0, msg) +# else +# define OPENSSL_NO_DEPRECATED_1_0_0 +# endif +# else +# define OSSL_DEPRECATEDIN_1_0_0 +# define OSSL_DEPRECATEDIN_1_0_0_FOR(msg) +# endif +# if OPENSSL_API_LEVEL >= 908 +# ifndef OPENSSL_NO_DEPRECATED +# define OSSL_DEPRECATEDIN_0_9_8 OSSL_DEPRECATED(0.9.8) +# define OSSL_DEPRECATEDIN_0_9_8_FOR(msg) OSSL_DEPRECATED_FOR(0.9.8, msg) +# else +# define OPENSSL_NO_DEPRECATED_0_9_8 +# endif +# else +# define OSSL_DEPRECATEDIN_0_9_8 +# define OSSL_DEPRECATEDIN_0_9_8_FOR(msg) +# endif + +/* + * Make our own variants of __FILE__ and __LINE__, depending on configuration + */ + +# ifndef OPENSSL_FILE +# ifdef OPENSSL_NO_FILENAMES +# define OPENSSL_FILE "" +# define OPENSSL_LINE 0 +# else +# define OPENSSL_FILE __FILE__ +# define OPENSSL_LINE __LINE__ +# endif +# endif + +/* + * __func__ was standardized in C99, so for any compiler that claims + * to implement that language level or newer, we assume we can safely + * use that symbol. + * + * GNU C also provides __FUNCTION__ since version 2, which predates + * C99. We can, however, only use this if __STDC_VERSION__ exists, + * as it's otherwise not allowed according to ISO C standards (C90). + * (compiling with GNU C's -pedantic tells us so) + * + * If none of the above applies, we check if the compiler is MSVC, + * and use __FUNCTION__ if that's the case. + */ +# ifndef OPENSSL_FUNC +# if defined(__STDC_VERSION__) +# if __STDC_VERSION__ >= 199901L +# define OPENSSL_FUNC __func__ +# elif defined(__GNUC__) && __GNUC__ >= 2 +# define OPENSSL_FUNC __FUNCTION__ +# endif +# elif defined(_MSC_VER) +# define OPENSSL_FUNC __FUNCTION__ +# endif +/* + * If all these possibilities are exhausted, we give up and use a + * static string. + */ +# ifndef OPENSSL_FUNC +# define OPENSSL_FUNC "(unknown function)" +# endif +# endif + +# ifndef OSSL_CRYPTO_ALLOC +# if defined(__GNUC__) +# define OSSL_CRYPTO_ALLOC __attribute__((__malloc__)) +# elif defined(_MSC_VER) +# define OSSL_CRYPTO_ALLOC __declspec(restrict) +# else +# define OSSL_CRYPTO_ALLOC +# endif +# endif + +#endif /* OPENSSL_MACROS_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/md2.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/md2.h new file mode 100644 index 000000000000..5d4cb77e71cb --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/md2.h @@ -0,0 +1,56 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_MD2_H +# define OPENSSL_MD2_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_MD2_H +# endif + +# include + +# ifndef OPENSSL_NO_MD2 +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define MD2_DIGEST_LENGTH 16 + +# if !defined(OPENSSL_NO_DEPRECATED_3_0) + +typedef unsigned char MD2_INT; + +# define MD2_BLOCK 16 + +typedef struct MD2state_st { + unsigned int num; + unsigned char data[MD2_BLOCK]; + MD2_INT cksm[MD2_BLOCK]; + MD2_INT state[MD2_BLOCK]; +} MD2_CTX; +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 const char *MD2_options(void); +OSSL_DEPRECATEDIN_3_0 int MD2_Init(MD2_CTX *c); +OSSL_DEPRECATEDIN_3_0 int MD2_Update(MD2_CTX *c, const unsigned char *data, + size_t len); +OSSL_DEPRECATEDIN_3_0 int MD2_Final(unsigned char *md, MD2_CTX *c); +OSSL_DEPRECATEDIN_3_0 unsigned char *MD2(const unsigned char *d, size_t n, + unsigned char *md); +# endif + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/md4.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/md4.h new file mode 100644 index 000000000000..6c150a6cb24c --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/md4.h @@ -0,0 +1,63 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_MD4_H +# define OPENSSL_MD4_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_MD4_H +# endif + +# include + +# ifndef OPENSSL_NO_MD4 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define MD4_DIGEST_LENGTH 16 + +# if !defined(OPENSSL_NO_DEPRECATED_3_0) + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD4_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define MD4_LONG unsigned int + +# define MD4_CBLOCK 64 +# define MD4_LBLOCK (MD4_CBLOCK/4) + +typedef struct MD4state_st { + MD4_LONG A, B, C, D; + MD4_LONG Nl, Nh; + MD4_LONG data[MD4_LBLOCK]; + unsigned int num; +} MD4_CTX; +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int MD4_Init(MD4_CTX *c); +OSSL_DEPRECATEDIN_3_0 int MD4_Update(MD4_CTX *c, const void *data, size_t len); +OSSL_DEPRECATEDIN_3_0 int MD4_Final(unsigned char *md, MD4_CTX *c); +OSSL_DEPRECATEDIN_3_0 unsigned char *MD4(const unsigned char *d, size_t n, + unsigned char *md); +OSSL_DEPRECATEDIN_3_0 void MD4_Transform(MD4_CTX *c, const unsigned char *b); +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/md5.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/md5.h new file mode 100644 index 000000000000..77a577340f71 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/md5.h @@ -0,0 +1,62 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_MD5_H +# define OPENSSL_MD5_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_MD5_H +# endif + +# include + +# ifndef OPENSSL_NO_MD5 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define MD5_DIGEST_LENGTH 16 + +# if !defined(OPENSSL_NO_DEPRECATED_3_0) +/* + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD5_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define MD5_LONG unsigned int + +# define MD5_CBLOCK 64 +# define MD5_LBLOCK (MD5_CBLOCK/4) + +typedef struct MD5state_st { + MD5_LONG A, B, C, D; + MD5_LONG Nl, Nh; + MD5_LONG data[MD5_LBLOCK]; + unsigned int num; +} MD5_CTX; +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int MD5_Init(MD5_CTX *c); +OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len); +OSSL_DEPRECATEDIN_3_0 int MD5_Final(unsigned char *md, MD5_CTX *c); +OSSL_DEPRECATEDIN_3_0 unsigned char *MD5(const unsigned char *d, size_t n, + unsigned char *md); +OSSL_DEPRECATEDIN_3_0 void MD5_Transform(MD5_CTX *c, const unsigned char *b); +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/mdc2.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/mdc2.h new file mode 100644 index 000000000000..5a7ee289d1d0 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/mdc2.h @@ -0,0 +1,55 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_MDC2_H +# define OPENSSL_MDC2_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_MDC2_H +# endif + +# include + +# ifndef OPENSSL_NO_MDC2 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define MDC2_DIGEST_LENGTH 16 + +# if !defined(OPENSSL_NO_DEPRECATED_3_0) + +# define MDC2_BLOCK 8 + +typedef struct mdc2_ctx_st { + unsigned int num; + unsigned char data[MDC2_BLOCK]; + DES_cblock h, hh; + unsigned int pad_type; /* either 1 or 2, default 1 */ +} MDC2_CTX; +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int MDC2_Init(MDC2_CTX *c); +OSSL_DEPRECATEDIN_3_0 int MDC2_Update(MDC2_CTX *c, const unsigned char *data, + size_t len); +OSSL_DEPRECATEDIN_3_0 int MDC2_Final(unsigned char *md, MDC2_CTX *c); +OSSL_DEPRECATEDIN_3_0 unsigned char *MDC2(const unsigned char *d, size_t n, + unsigned char *md); +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/modes.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/modes.h new file mode 100644 index 000000000000..e19079912ba2 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/modes.h @@ -0,0 +1,219 @@ +/* + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_MODES_H +# define OPENSSL_MODES_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_MODES_H +# endif + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif +typedef void (*block128_f) (const unsigned char in[16], + unsigned char out[16], const void *key); + +typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int enc); + +typedef void (*ecb128_f) (const unsigned char *in, unsigned char *out, + size_t len, const void *key, + int enc); + +typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16]); + +typedef void (*ccm128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16], + unsigned char cmac[16]); + +void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); + +void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], unsigned int *num, + block128_f block); + +void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], + unsigned int *num, ctr128_f ctr); + +void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + block128_f block); + +void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, + size_t bits, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); + +size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); +size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); +size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); +size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); +size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +typedef struct gcm128_context GCM128_CONTEXT; + +GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block); +void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block); +void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, + size_t len); +int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx); + +typedef struct ccm128_context CCM128_CONTEXT; + +void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, + unsigned int M, unsigned int L, void *key, + block128_f block); +int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, const unsigned char *nonce, + size_t nlen, size_t mlen); +void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, const unsigned char *aad, + size_t alen); +int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len); +int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len); +int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len, + ccm128_f stream); +int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len, + ccm128_f stream); +size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len); + +typedef struct xts128_context XTS128_CONTEXT; + +int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, + const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, + size_t len, int enc); + +size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); + +size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); +size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); +size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); + +# ifndef OPENSSL_NO_OCB +typedef struct ocb128_context OCB128_CONTEXT; + +typedef void (*ocb128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); + +OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec, + block128_f encrypt, block128_f decrypt, + ocb128_f stream); +int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, + block128_f encrypt, block128_f decrypt, + ocb128_f stream); +int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src, + void *keyenc, void *keydec); +int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, + size_t len, size_t taglen); +int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, const unsigned char *in, + unsigned char *out, size_t len); +int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, const unsigned char *in, + unsigned char *out, size_t len); +int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx); +# endif /* OPENSSL_NO_OCB */ + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/obj_mac.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/obj_mac.h new file mode 100644 index 000000000000..1b7d9240a996 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/obj_mac.h @@ -0,0 +1,5806 @@ +/* + * WARNING: do not edit! + * Generated by crypto/objects/objects.pl + * + * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OBJ_MAC_H +# define OPENSSL_OBJ_MAC_H +# pragma once + +#define SN_undef "UNDEF" +#define LN_undef "undefined" +#define NID_undef 0 +#define OBJ_undef 0L + +#define SN_itu_t "ITU-T" +#define LN_itu_t "itu-t" +#define NID_itu_t 645 +#define OBJ_itu_t 0L + +#define NID_ccitt 404 +#define OBJ_ccitt OBJ_itu_t + +#define SN_iso "ISO" +#define LN_iso "iso" +#define NID_iso 181 +#define OBJ_iso 1L + +#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" +#define LN_joint_iso_itu_t "joint-iso-itu-t" +#define NID_joint_iso_itu_t 646 +#define OBJ_joint_iso_itu_t 2L + +#define NID_joint_iso_ccitt 393 +#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t + +#define SN_member_body "member-body" +#define LN_member_body "ISO Member Body" +#define NID_member_body 182 +#define OBJ_member_body OBJ_iso,2L + +#define SN_identified_organization "identified-organization" +#define NID_identified_organization 676 +#define OBJ_identified_organization OBJ_iso,3L + +#define SN_gmac "GMAC" +#define LN_gmac "gmac" +#define NID_gmac 1195 +#define OBJ_gmac OBJ_iso,0L,9797L,3L,4L + +#define SN_hmac_md5 "HMAC-MD5" +#define LN_hmac_md5 "hmac-md5" +#define NID_hmac_md5 780 +#define OBJ_hmac_md5 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L + +#define SN_hmac_sha1 "HMAC-SHA1" +#define LN_hmac_sha1 "hmac-sha1" +#define NID_hmac_sha1 781 +#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L + +#define SN_x509ExtAdmission "x509ExtAdmission" +#define LN_x509ExtAdmission "Professional Information or basis for Admission" +#define NID_x509ExtAdmission 1093 +#define OBJ_x509ExtAdmission OBJ_identified_organization,36L,8L,3L,3L + +#define SN_certicom_arc "certicom-arc" +#define NID_certicom_arc 677 +#define OBJ_certicom_arc OBJ_identified_organization,132L + +#define SN_ieee "ieee" +#define NID_ieee 1170 +#define OBJ_ieee OBJ_identified_organization,111L + +#define SN_ieee_siswg "ieee-siswg" +#define LN_ieee_siswg "IEEE Security in Storage Working Group" +#define NID_ieee_siswg 1171 +#define OBJ_ieee_siswg OBJ_ieee,2L,1619L + +#define SN_international_organizations "international-organizations" +#define LN_international_organizations "International Organizations" +#define NID_international_organizations 647 +#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L + +#define SN_wap "wap" +#define NID_wap 678 +#define OBJ_wap OBJ_international_organizations,43L + +#define SN_wap_wsg "wap-wsg" +#define NID_wap_wsg 679 +#define OBJ_wap_wsg OBJ_wap,1L + +#define SN_selected_attribute_types "selected-attribute-types" +#define LN_selected_attribute_types "Selected Attribute Types" +#define NID_selected_attribute_types 394 +#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L + +#define SN_clearance "clearance" +#define NID_clearance 395 +#define OBJ_clearance OBJ_selected_attribute_types,55L + +#define SN_ISO_US "ISO-US" +#define LN_ISO_US "ISO US Member Body" +#define NID_ISO_US 183 +#define OBJ_ISO_US OBJ_member_body,840L + +#define SN_X9_57 "X9-57" +#define LN_X9_57 "X9.57" +#define NID_X9_57 184 +#define OBJ_X9_57 OBJ_ISO_US,10040L + +#define SN_X9cm "X9cm" +#define LN_X9cm "X9.57 CM ?" +#define NID_X9cm 185 +#define OBJ_X9cm OBJ_X9_57,4L + +#define SN_ISO_CN "ISO-CN" +#define LN_ISO_CN "ISO CN Member Body" +#define NID_ISO_CN 1140 +#define OBJ_ISO_CN OBJ_member_body,156L + +#define SN_oscca "oscca" +#define NID_oscca 1141 +#define OBJ_oscca OBJ_ISO_CN,10197L + +#define SN_sm_scheme "sm-scheme" +#define NID_sm_scheme 1142 +#define OBJ_sm_scheme OBJ_oscca,1L + +#define SN_dsa "DSA" +#define LN_dsa "dsaEncryption" +#define NID_dsa 116 +#define OBJ_dsa OBJ_X9cm,1L + +#define SN_dsaWithSHA1 "DSA-SHA1" +#define LN_dsaWithSHA1 "dsaWithSHA1" +#define NID_dsaWithSHA1 113 +#define OBJ_dsaWithSHA1 OBJ_X9cm,3L + +#define SN_ansi_X9_62 "ansi-X9-62" +#define LN_ansi_X9_62 "ANSI X9.62" +#define NID_ansi_X9_62 405 +#define OBJ_ansi_X9_62 OBJ_ISO_US,10045L + +#define OBJ_X9_62_id_fieldType OBJ_ansi_X9_62,1L + +#define SN_X9_62_prime_field "prime-field" +#define NID_X9_62_prime_field 406 +#define OBJ_X9_62_prime_field OBJ_X9_62_id_fieldType,1L + +#define SN_X9_62_characteristic_two_field "characteristic-two-field" +#define NID_X9_62_characteristic_two_field 407 +#define OBJ_X9_62_characteristic_two_field OBJ_X9_62_id_fieldType,2L + +#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis" +#define NID_X9_62_id_characteristic_two_basis 680 +#define OBJ_X9_62_id_characteristic_two_basis OBJ_X9_62_characteristic_two_field,3L + +#define SN_X9_62_onBasis "onBasis" +#define NID_X9_62_onBasis 681 +#define OBJ_X9_62_onBasis OBJ_X9_62_id_characteristic_two_basis,1L + +#define SN_X9_62_tpBasis "tpBasis" +#define NID_X9_62_tpBasis 682 +#define OBJ_X9_62_tpBasis OBJ_X9_62_id_characteristic_two_basis,2L + +#define SN_X9_62_ppBasis "ppBasis" +#define NID_X9_62_ppBasis 683 +#define OBJ_X9_62_ppBasis OBJ_X9_62_id_characteristic_two_basis,3L + +#define OBJ_X9_62_id_publicKeyType OBJ_ansi_X9_62,2L + +#define SN_X9_62_id_ecPublicKey "id-ecPublicKey" +#define NID_X9_62_id_ecPublicKey 408 +#define OBJ_X9_62_id_ecPublicKey OBJ_X9_62_id_publicKeyType,1L + +#define OBJ_X9_62_ellipticCurve OBJ_ansi_X9_62,3L + +#define OBJ_X9_62_c_TwoCurve OBJ_X9_62_ellipticCurve,0L + +#define SN_X9_62_c2pnb163v1 "c2pnb163v1" +#define NID_X9_62_c2pnb163v1 684 +#define OBJ_X9_62_c2pnb163v1 OBJ_X9_62_c_TwoCurve,1L + +#define SN_X9_62_c2pnb163v2 "c2pnb163v2" +#define NID_X9_62_c2pnb163v2 685 +#define OBJ_X9_62_c2pnb163v2 OBJ_X9_62_c_TwoCurve,2L + +#define SN_X9_62_c2pnb163v3 "c2pnb163v3" +#define NID_X9_62_c2pnb163v3 686 +#define OBJ_X9_62_c2pnb163v3 OBJ_X9_62_c_TwoCurve,3L + +#define SN_X9_62_c2pnb176v1 "c2pnb176v1" +#define NID_X9_62_c2pnb176v1 687 +#define OBJ_X9_62_c2pnb176v1 OBJ_X9_62_c_TwoCurve,4L + +#define SN_X9_62_c2tnb191v1 "c2tnb191v1" +#define NID_X9_62_c2tnb191v1 688 +#define OBJ_X9_62_c2tnb191v1 OBJ_X9_62_c_TwoCurve,5L + +#define SN_X9_62_c2tnb191v2 "c2tnb191v2" +#define NID_X9_62_c2tnb191v2 689 +#define OBJ_X9_62_c2tnb191v2 OBJ_X9_62_c_TwoCurve,6L + +#define SN_X9_62_c2tnb191v3 "c2tnb191v3" +#define NID_X9_62_c2tnb191v3 690 +#define OBJ_X9_62_c2tnb191v3 OBJ_X9_62_c_TwoCurve,7L + +#define SN_X9_62_c2onb191v4 "c2onb191v4" +#define NID_X9_62_c2onb191v4 691 +#define OBJ_X9_62_c2onb191v4 OBJ_X9_62_c_TwoCurve,8L + +#define SN_X9_62_c2onb191v5 "c2onb191v5" +#define NID_X9_62_c2onb191v5 692 +#define OBJ_X9_62_c2onb191v5 OBJ_X9_62_c_TwoCurve,9L + +#define SN_X9_62_c2pnb208w1 "c2pnb208w1" +#define NID_X9_62_c2pnb208w1 693 +#define OBJ_X9_62_c2pnb208w1 OBJ_X9_62_c_TwoCurve,10L + +#define SN_X9_62_c2tnb239v1 "c2tnb239v1" +#define NID_X9_62_c2tnb239v1 694 +#define OBJ_X9_62_c2tnb239v1 OBJ_X9_62_c_TwoCurve,11L + +#define SN_X9_62_c2tnb239v2 "c2tnb239v2" +#define NID_X9_62_c2tnb239v2 695 +#define OBJ_X9_62_c2tnb239v2 OBJ_X9_62_c_TwoCurve,12L + +#define SN_X9_62_c2tnb239v3 "c2tnb239v3" +#define NID_X9_62_c2tnb239v3 696 +#define OBJ_X9_62_c2tnb239v3 OBJ_X9_62_c_TwoCurve,13L + +#define SN_X9_62_c2onb239v4 "c2onb239v4" +#define NID_X9_62_c2onb239v4 697 +#define OBJ_X9_62_c2onb239v4 OBJ_X9_62_c_TwoCurve,14L + +#define SN_X9_62_c2onb239v5 "c2onb239v5" +#define NID_X9_62_c2onb239v5 698 +#define OBJ_X9_62_c2onb239v5 OBJ_X9_62_c_TwoCurve,15L + +#define SN_X9_62_c2pnb272w1 "c2pnb272w1" +#define NID_X9_62_c2pnb272w1 699 +#define OBJ_X9_62_c2pnb272w1 OBJ_X9_62_c_TwoCurve,16L + +#define SN_X9_62_c2pnb304w1 "c2pnb304w1" +#define NID_X9_62_c2pnb304w1 700 +#define OBJ_X9_62_c2pnb304w1 OBJ_X9_62_c_TwoCurve,17L + +#define SN_X9_62_c2tnb359v1 "c2tnb359v1" +#define NID_X9_62_c2tnb359v1 701 +#define OBJ_X9_62_c2tnb359v1 OBJ_X9_62_c_TwoCurve,18L + +#define SN_X9_62_c2pnb368w1 "c2pnb368w1" +#define NID_X9_62_c2pnb368w1 702 +#define OBJ_X9_62_c2pnb368w1 OBJ_X9_62_c_TwoCurve,19L + +#define SN_X9_62_c2tnb431r1 "c2tnb431r1" +#define NID_X9_62_c2tnb431r1 703 +#define OBJ_X9_62_c2tnb431r1 OBJ_X9_62_c_TwoCurve,20L + +#define OBJ_X9_62_primeCurve OBJ_X9_62_ellipticCurve,1L + +#define SN_X9_62_prime192v1 "prime192v1" +#define NID_X9_62_prime192v1 409 +#define OBJ_X9_62_prime192v1 OBJ_X9_62_primeCurve,1L + +#define SN_X9_62_prime192v2 "prime192v2" +#define NID_X9_62_prime192v2 410 +#define OBJ_X9_62_prime192v2 OBJ_X9_62_primeCurve,2L + +#define SN_X9_62_prime192v3 "prime192v3" +#define NID_X9_62_prime192v3 411 +#define OBJ_X9_62_prime192v3 OBJ_X9_62_primeCurve,3L + +#define SN_X9_62_prime239v1 "prime239v1" +#define NID_X9_62_prime239v1 412 +#define OBJ_X9_62_prime239v1 OBJ_X9_62_primeCurve,4L + +#define SN_X9_62_prime239v2 "prime239v2" +#define NID_X9_62_prime239v2 413 +#define OBJ_X9_62_prime239v2 OBJ_X9_62_primeCurve,5L + +#define SN_X9_62_prime239v3 "prime239v3" +#define NID_X9_62_prime239v3 414 +#define OBJ_X9_62_prime239v3 OBJ_X9_62_primeCurve,6L + +#define SN_X9_62_prime256v1 "prime256v1" +#define NID_X9_62_prime256v1 415 +#define OBJ_X9_62_prime256v1 OBJ_X9_62_primeCurve,7L + +#define OBJ_X9_62_id_ecSigType OBJ_ansi_X9_62,4L + +#define SN_ecdsa_with_SHA1 "ecdsa-with-SHA1" +#define NID_ecdsa_with_SHA1 416 +#define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L + +#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended" +#define NID_ecdsa_with_Recommended 791 +#define OBJ_ecdsa_with_Recommended OBJ_X9_62_id_ecSigType,2L + +#define SN_ecdsa_with_Specified "ecdsa-with-Specified" +#define NID_ecdsa_with_Specified 792 +#define OBJ_ecdsa_with_Specified OBJ_X9_62_id_ecSigType,3L + +#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224" +#define NID_ecdsa_with_SHA224 793 +#define OBJ_ecdsa_with_SHA224 OBJ_ecdsa_with_Specified,1L + +#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256" +#define NID_ecdsa_with_SHA256 794 +#define OBJ_ecdsa_with_SHA256 OBJ_ecdsa_with_Specified,2L + +#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384" +#define NID_ecdsa_with_SHA384 795 +#define OBJ_ecdsa_with_SHA384 OBJ_ecdsa_with_Specified,3L + +#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512" +#define NID_ecdsa_with_SHA512 796 +#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L + +#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L + +#define SN_secp112r1 "secp112r1" +#define NID_secp112r1 704 +#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L + +#define SN_secp112r2 "secp112r2" +#define NID_secp112r2 705 +#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L + +#define SN_secp128r1 "secp128r1" +#define NID_secp128r1 706 +#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L + +#define SN_secp128r2 "secp128r2" +#define NID_secp128r2 707 +#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L + +#define SN_secp160k1 "secp160k1" +#define NID_secp160k1 708 +#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L + +#define SN_secp160r1 "secp160r1" +#define NID_secp160r1 709 +#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L + +#define SN_secp160r2 "secp160r2" +#define NID_secp160r2 710 +#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L + +#define SN_secp192k1 "secp192k1" +#define NID_secp192k1 711 +#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L + +#define SN_secp224k1 "secp224k1" +#define NID_secp224k1 712 +#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L + +#define SN_secp224r1 "secp224r1" +#define NID_secp224r1 713 +#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L + +#define SN_secp256k1 "secp256k1" +#define NID_secp256k1 714 +#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L + +#define SN_secp384r1 "secp384r1" +#define NID_secp384r1 715 +#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L + +#define SN_secp521r1 "secp521r1" +#define NID_secp521r1 716 +#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L + +#define SN_sect113r1 "sect113r1" +#define NID_sect113r1 717 +#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L + +#define SN_sect113r2 "sect113r2" +#define NID_sect113r2 718 +#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L + +#define SN_sect131r1 "sect131r1" +#define NID_sect131r1 719 +#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L + +#define SN_sect131r2 "sect131r2" +#define NID_sect131r2 720 +#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L + +#define SN_sect163k1 "sect163k1" +#define NID_sect163k1 721 +#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L + +#define SN_sect163r1 "sect163r1" +#define NID_sect163r1 722 +#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L + +#define SN_sect163r2 "sect163r2" +#define NID_sect163r2 723 +#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L + +#define SN_sect193r1 "sect193r1" +#define NID_sect193r1 724 +#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L + +#define SN_sect193r2 "sect193r2" +#define NID_sect193r2 725 +#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L + +#define SN_sect233k1 "sect233k1" +#define NID_sect233k1 726 +#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L + +#define SN_sect233r1 "sect233r1" +#define NID_sect233r1 727 +#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L + +#define SN_sect239k1 "sect239k1" +#define NID_sect239k1 728 +#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L + +#define SN_sect283k1 "sect283k1" +#define NID_sect283k1 729 +#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L + +#define SN_sect283r1 "sect283r1" +#define NID_sect283r1 730 +#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L + +#define SN_sect409k1 "sect409k1" +#define NID_sect409k1 731 +#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L + +#define SN_sect409r1 "sect409r1" +#define NID_sect409r1 732 +#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L + +#define SN_sect571k1 "sect571k1" +#define NID_sect571k1 733 +#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L + +#define SN_sect571r1 "sect571r1" +#define NID_sect571r1 734 +#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L + +#define OBJ_wap_wsg_idm_ecid OBJ_wap_wsg,4L + +#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1" +#define NID_wap_wsg_idm_ecid_wtls1 735 +#define OBJ_wap_wsg_idm_ecid_wtls1 OBJ_wap_wsg_idm_ecid,1L + +#define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3" +#define NID_wap_wsg_idm_ecid_wtls3 736 +#define OBJ_wap_wsg_idm_ecid_wtls3 OBJ_wap_wsg_idm_ecid,3L + +#define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4" +#define NID_wap_wsg_idm_ecid_wtls4 737 +#define OBJ_wap_wsg_idm_ecid_wtls4 OBJ_wap_wsg_idm_ecid,4L + +#define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5" +#define NID_wap_wsg_idm_ecid_wtls5 738 +#define OBJ_wap_wsg_idm_ecid_wtls5 OBJ_wap_wsg_idm_ecid,5L + +#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6" +#define NID_wap_wsg_idm_ecid_wtls6 739 +#define OBJ_wap_wsg_idm_ecid_wtls6 OBJ_wap_wsg_idm_ecid,6L + +#define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7" +#define NID_wap_wsg_idm_ecid_wtls7 740 +#define OBJ_wap_wsg_idm_ecid_wtls7 OBJ_wap_wsg_idm_ecid,7L + +#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8" +#define NID_wap_wsg_idm_ecid_wtls8 741 +#define OBJ_wap_wsg_idm_ecid_wtls8 OBJ_wap_wsg_idm_ecid,8L + +#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9" +#define NID_wap_wsg_idm_ecid_wtls9 742 +#define OBJ_wap_wsg_idm_ecid_wtls9 OBJ_wap_wsg_idm_ecid,9L + +#define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10" +#define NID_wap_wsg_idm_ecid_wtls10 743 +#define OBJ_wap_wsg_idm_ecid_wtls10 OBJ_wap_wsg_idm_ecid,10L + +#define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11" +#define NID_wap_wsg_idm_ecid_wtls11 744 +#define OBJ_wap_wsg_idm_ecid_wtls11 OBJ_wap_wsg_idm_ecid,11L + +#define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12" +#define NID_wap_wsg_idm_ecid_wtls12 745 +#define OBJ_wap_wsg_idm_ecid_wtls12 OBJ_wap_wsg_idm_ecid,12L + +#define SN_cast5_cbc "CAST5-CBC" +#define LN_cast5_cbc "cast5-cbc" +#define NID_cast5_cbc 108 +#define OBJ_cast5_cbc OBJ_ISO_US,113533L,7L,66L,10L + +#define SN_cast5_ecb "CAST5-ECB" +#define LN_cast5_ecb "cast5-ecb" +#define NID_cast5_ecb 109 + +#define SN_cast5_cfb64 "CAST5-CFB" +#define LN_cast5_cfb64 "cast5-cfb" +#define NID_cast5_cfb64 110 + +#define SN_cast5_ofb64 "CAST5-OFB" +#define LN_cast5_ofb64 "cast5-ofb" +#define NID_cast5_ofb64 111 + +#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" +#define NID_pbeWithMD5AndCast5_CBC 112 +#define OBJ_pbeWithMD5AndCast5_CBC OBJ_ISO_US,113533L,7L,66L,12L + +#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC" +#define LN_id_PasswordBasedMAC "password based MAC" +#define NID_id_PasswordBasedMAC 782 +#define OBJ_id_PasswordBasedMAC OBJ_ISO_US,113533L,7L,66L,13L + +#define SN_id_DHBasedMac "id-DHBasedMac" +#define LN_id_DHBasedMac "Diffie-Hellman based MAC" +#define NID_id_DHBasedMac 783 +#define OBJ_id_DHBasedMac OBJ_ISO_US,113533L,7L,66L,30L + +#define SN_rsadsi "rsadsi" +#define LN_rsadsi "RSA Data Security, Inc." +#define NID_rsadsi 1 +#define OBJ_rsadsi OBJ_ISO_US,113549L + +#define SN_pkcs "pkcs" +#define LN_pkcs "RSA Data Security, Inc. PKCS" +#define NID_pkcs 2 +#define OBJ_pkcs OBJ_rsadsi,1L + +#define SN_pkcs1 "pkcs1" +#define NID_pkcs1 186 +#define OBJ_pkcs1 OBJ_pkcs,1L + +#define LN_rsaEncryption "rsaEncryption" +#define NID_rsaEncryption 6 +#define OBJ_rsaEncryption OBJ_pkcs1,1L + +#define SN_md2WithRSAEncryption "RSA-MD2" +#define LN_md2WithRSAEncryption "md2WithRSAEncryption" +#define NID_md2WithRSAEncryption 7 +#define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L + +#define SN_md4WithRSAEncryption "RSA-MD4" +#define LN_md4WithRSAEncryption "md4WithRSAEncryption" +#define NID_md4WithRSAEncryption 396 +#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L + +#define SN_md5WithRSAEncryption "RSA-MD5" +#define LN_md5WithRSAEncryption "md5WithRSAEncryption" +#define NID_md5WithRSAEncryption 8 +#define OBJ_md5WithRSAEncryption OBJ_pkcs1,4L + +#define SN_sha1WithRSAEncryption "RSA-SHA1" +#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" +#define NID_sha1WithRSAEncryption 65 +#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L + +#define SN_rsaesOaep "RSAES-OAEP" +#define LN_rsaesOaep "rsaesOaep" +#define NID_rsaesOaep 919 +#define OBJ_rsaesOaep OBJ_pkcs1,7L + +#define SN_mgf1 "MGF1" +#define LN_mgf1 "mgf1" +#define NID_mgf1 911 +#define OBJ_mgf1 OBJ_pkcs1,8L + +#define SN_pSpecified "PSPECIFIED" +#define LN_pSpecified "pSpecified" +#define NID_pSpecified 935 +#define OBJ_pSpecified OBJ_pkcs1,9L + +#define SN_rsassaPss "RSASSA-PSS" +#define LN_rsassaPss "rsassaPss" +#define NID_rsassaPss 912 +#define OBJ_rsassaPss OBJ_pkcs1,10L + +#define SN_sha256WithRSAEncryption "RSA-SHA256" +#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" +#define NID_sha256WithRSAEncryption 668 +#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L + +#define SN_sha384WithRSAEncryption "RSA-SHA384" +#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption" +#define NID_sha384WithRSAEncryption 669 +#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L + +#define SN_sha512WithRSAEncryption "RSA-SHA512" +#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption" +#define NID_sha512WithRSAEncryption 670 +#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L + +#define SN_sha224WithRSAEncryption "RSA-SHA224" +#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption" +#define NID_sha224WithRSAEncryption 671 +#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L + +#define SN_sha512_224WithRSAEncryption "RSA-SHA512/224" +#define LN_sha512_224WithRSAEncryption "sha512-224WithRSAEncryption" +#define NID_sha512_224WithRSAEncryption 1145 +#define OBJ_sha512_224WithRSAEncryption OBJ_pkcs1,15L + +#define SN_sha512_256WithRSAEncryption "RSA-SHA512/256" +#define LN_sha512_256WithRSAEncryption "sha512-256WithRSAEncryption" +#define NID_sha512_256WithRSAEncryption 1146 +#define OBJ_sha512_256WithRSAEncryption OBJ_pkcs1,16L + +#define SN_pkcs3 "pkcs3" +#define NID_pkcs3 27 +#define OBJ_pkcs3 OBJ_pkcs,3L + +#define LN_dhKeyAgreement "dhKeyAgreement" +#define NID_dhKeyAgreement 28 +#define OBJ_dhKeyAgreement OBJ_pkcs3,1L + +#define SN_pkcs5 "pkcs5" +#define NID_pkcs5 187 +#define OBJ_pkcs5 OBJ_pkcs,5L + +#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" +#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" +#define NID_pbeWithMD2AndDES_CBC 9 +#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs5,1L + +#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" +#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" +#define NID_pbeWithMD5AndDES_CBC 10 +#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs5,3L + +#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" +#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" +#define NID_pbeWithMD2AndRC2_CBC 168 +#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs5,4L + +#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" +#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" +#define NID_pbeWithMD5AndRC2_CBC 169 +#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs5,6L + +#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" +#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" +#define NID_pbeWithSHA1AndDES_CBC 170 +#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs5,10L + +#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" +#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" +#define NID_pbeWithSHA1AndRC2_CBC 68 +#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs5,11L + +#define LN_id_pbkdf2 "PBKDF2" +#define NID_id_pbkdf2 69 +#define OBJ_id_pbkdf2 OBJ_pkcs5,12L + +#define LN_pbes2 "PBES2" +#define NID_pbes2 161 +#define OBJ_pbes2 OBJ_pkcs5,13L + +#define LN_pbmac1 "PBMAC1" +#define NID_pbmac1 162 +#define OBJ_pbmac1 OBJ_pkcs5,14L + +#define SN_pkcs7 "pkcs7" +#define NID_pkcs7 20 +#define OBJ_pkcs7 OBJ_pkcs,7L + +#define LN_pkcs7_data "pkcs7-data" +#define NID_pkcs7_data 21 +#define OBJ_pkcs7_data OBJ_pkcs7,1L + +#define LN_pkcs7_signed "pkcs7-signedData" +#define NID_pkcs7_signed 22 +#define OBJ_pkcs7_signed OBJ_pkcs7,2L + +#define LN_pkcs7_enveloped "pkcs7-envelopedData" +#define NID_pkcs7_enveloped 23 +#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L + +#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" +#define NID_pkcs7_signedAndEnveloped 24 +#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L + +#define LN_pkcs7_digest "pkcs7-digestData" +#define NID_pkcs7_digest 25 +#define OBJ_pkcs7_digest OBJ_pkcs7,5L + +#define LN_pkcs7_encrypted "pkcs7-encryptedData" +#define NID_pkcs7_encrypted 26 +#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L + +#define SN_pkcs9 "pkcs9" +#define NID_pkcs9 47 +#define OBJ_pkcs9 OBJ_pkcs,9L + +#define LN_pkcs9_emailAddress "emailAddress" +#define NID_pkcs9_emailAddress 48 +#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L + +#define LN_pkcs9_unstructuredName "unstructuredName" +#define NID_pkcs9_unstructuredName 49 +#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L + +#define LN_pkcs9_contentType "contentType" +#define NID_pkcs9_contentType 50 +#define OBJ_pkcs9_contentType OBJ_pkcs9,3L + +#define LN_pkcs9_messageDigest "messageDigest" +#define NID_pkcs9_messageDigest 51 +#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L + +#define LN_pkcs9_signingTime "signingTime" +#define NID_pkcs9_signingTime 52 +#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L + +#define LN_pkcs9_countersignature "countersignature" +#define NID_pkcs9_countersignature 53 +#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L + +#define LN_pkcs9_challengePassword "challengePassword" +#define NID_pkcs9_challengePassword 54 +#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L + +#define LN_pkcs9_unstructuredAddress "unstructuredAddress" +#define NID_pkcs9_unstructuredAddress 55 +#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L + +#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" +#define NID_pkcs9_extCertAttributes 56 +#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L + +#define SN_ext_req "extReq" +#define LN_ext_req "Extension Request" +#define NID_ext_req 172 +#define OBJ_ext_req OBJ_pkcs9,14L + +#define SN_SMIMECapabilities "SMIME-CAPS" +#define LN_SMIMECapabilities "S/MIME Capabilities" +#define NID_SMIMECapabilities 167 +#define OBJ_SMIMECapabilities OBJ_pkcs9,15L + +#define SN_SMIME "SMIME" +#define LN_SMIME "S/MIME" +#define NID_SMIME 188 +#define OBJ_SMIME OBJ_pkcs9,16L + +#define SN_id_smime_mod "id-smime-mod" +#define NID_id_smime_mod 189 +#define OBJ_id_smime_mod OBJ_SMIME,0L + +#define SN_id_smime_ct "id-smime-ct" +#define NID_id_smime_ct 190 +#define OBJ_id_smime_ct OBJ_SMIME,1L + +#define SN_id_smime_aa "id-smime-aa" +#define NID_id_smime_aa 191 +#define OBJ_id_smime_aa OBJ_SMIME,2L + +#define SN_id_smime_alg "id-smime-alg" +#define NID_id_smime_alg 192 +#define OBJ_id_smime_alg OBJ_SMIME,3L + +#define SN_id_smime_cd "id-smime-cd" +#define NID_id_smime_cd 193 +#define OBJ_id_smime_cd OBJ_SMIME,4L + +#define SN_id_smime_spq "id-smime-spq" +#define NID_id_smime_spq 194 +#define OBJ_id_smime_spq OBJ_SMIME,5L + +#define SN_id_smime_cti "id-smime-cti" +#define NID_id_smime_cti 195 +#define OBJ_id_smime_cti OBJ_SMIME,6L + +#define SN_id_smime_mod_cms "id-smime-mod-cms" +#define NID_id_smime_mod_cms 196 +#define OBJ_id_smime_mod_cms OBJ_id_smime_mod,1L + +#define SN_id_smime_mod_ess "id-smime-mod-ess" +#define NID_id_smime_mod_ess 197 +#define OBJ_id_smime_mod_ess OBJ_id_smime_mod,2L + +#define SN_id_smime_mod_oid "id-smime-mod-oid" +#define NID_id_smime_mod_oid 198 +#define OBJ_id_smime_mod_oid OBJ_id_smime_mod,3L + +#define SN_id_smime_mod_msg_v3 "id-smime-mod-msg-v3" +#define NID_id_smime_mod_msg_v3 199 +#define OBJ_id_smime_mod_msg_v3 OBJ_id_smime_mod,4L + +#define SN_id_smime_mod_ets_eSignature_88 "id-smime-mod-ets-eSignature-88" +#define NID_id_smime_mod_ets_eSignature_88 200 +#define OBJ_id_smime_mod_ets_eSignature_88 OBJ_id_smime_mod,5L + +#define SN_id_smime_mod_ets_eSignature_97 "id-smime-mod-ets-eSignature-97" +#define NID_id_smime_mod_ets_eSignature_97 201 +#define OBJ_id_smime_mod_ets_eSignature_97 OBJ_id_smime_mod,6L + +#define SN_id_smime_mod_ets_eSigPolicy_88 "id-smime-mod-ets-eSigPolicy-88" +#define NID_id_smime_mod_ets_eSigPolicy_88 202 +#define OBJ_id_smime_mod_ets_eSigPolicy_88 OBJ_id_smime_mod,7L + +#define SN_id_smime_mod_ets_eSigPolicy_97 "id-smime-mod-ets-eSigPolicy-97" +#define NID_id_smime_mod_ets_eSigPolicy_97 203 +#define OBJ_id_smime_mod_ets_eSigPolicy_97 OBJ_id_smime_mod,8L + +#define SN_id_smime_ct_receipt "id-smime-ct-receipt" +#define NID_id_smime_ct_receipt 204 +#define OBJ_id_smime_ct_receipt OBJ_id_smime_ct,1L + +#define SN_id_smime_ct_authData "id-smime-ct-authData" +#define NID_id_smime_ct_authData 205 +#define OBJ_id_smime_ct_authData OBJ_id_smime_ct,2L + +#define SN_id_smime_ct_publishCert "id-smime-ct-publishCert" +#define NID_id_smime_ct_publishCert 206 +#define OBJ_id_smime_ct_publishCert OBJ_id_smime_ct,3L + +#define SN_id_smime_ct_TSTInfo "id-smime-ct-TSTInfo" +#define NID_id_smime_ct_TSTInfo 207 +#define OBJ_id_smime_ct_TSTInfo OBJ_id_smime_ct,4L + +#define SN_id_smime_ct_TDTInfo "id-smime-ct-TDTInfo" +#define NID_id_smime_ct_TDTInfo 208 +#define OBJ_id_smime_ct_TDTInfo OBJ_id_smime_ct,5L + +#define SN_id_smime_ct_contentInfo "id-smime-ct-contentInfo" +#define NID_id_smime_ct_contentInfo 209 +#define OBJ_id_smime_ct_contentInfo OBJ_id_smime_ct,6L + +#define SN_id_smime_ct_DVCSRequestData "id-smime-ct-DVCSRequestData" +#define NID_id_smime_ct_DVCSRequestData 210 +#define OBJ_id_smime_ct_DVCSRequestData OBJ_id_smime_ct,7L + +#define SN_id_smime_ct_DVCSResponseData "id-smime-ct-DVCSResponseData" +#define NID_id_smime_ct_DVCSResponseData 211 +#define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L + +#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData" +#define NID_id_smime_ct_compressedData 786 +#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L + +#define SN_id_smime_ct_contentCollection "id-smime-ct-contentCollection" +#define NID_id_smime_ct_contentCollection 1058 +#define OBJ_id_smime_ct_contentCollection OBJ_id_smime_ct,19L + +#define SN_id_smime_ct_authEnvelopedData "id-smime-ct-authEnvelopedData" +#define NID_id_smime_ct_authEnvelopedData 1059 +#define OBJ_id_smime_ct_authEnvelopedData OBJ_id_smime_ct,23L + +#define SN_id_ct_routeOriginAuthz "id-ct-routeOriginAuthz" +#define NID_id_ct_routeOriginAuthz 1234 +#define OBJ_id_ct_routeOriginAuthz OBJ_id_smime_ct,24L + +#define SN_id_ct_rpkiManifest "id-ct-rpkiManifest" +#define NID_id_ct_rpkiManifest 1235 +#define OBJ_id_ct_rpkiManifest OBJ_id_smime_ct,26L + +#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" +#define NID_id_ct_asciiTextWithCRLF 787 +#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L + +#define SN_id_ct_xml "id-ct-xml" +#define NID_id_ct_xml 1060 +#define OBJ_id_ct_xml OBJ_id_smime_ct,28L + +#define SN_id_ct_rpkiGhostbusters "id-ct-rpkiGhostbusters" +#define NID_id_ct_rpkiGhostbusters 1236 +#define OBJ_id_ct_rpkiGhostbusters OBJ_id_smime_ct,35L + +#define SN_id_ct_resourceTaggedAttest "id-ct-resourceTaggedAttest" +#define NID_id_ct_resourceTaggedAttest 1237 +#define OBJ_id_ct_resourceTaggedAttest OBJ_id_smime_ct,36L + +#define SN_id_ct_geofeedCSVwithCRLF "id-ct-geofeedCSVwithCRLF" +#define NID_id_ct_geofeedCSVwithCRLF 1246 +#define OBJ_id_ct_geofeedCSVwithCRLF OBJ_id_smime_ct,47L + +#define SN_id_ct_signedChecklist "id-ct-signedChecklist" +#define NID_id_ct_signedChecklist 1247 +#define OBJ_id_ct_signedChecklist OBJ_id_smime_ct,48L + +#define SN_id_ct_ASPA "id-ct-ASPA" +#define NID_id_ct_ASPA 1250 +#define OBJ_id_ct_ASPA OBJ_id_smime_ct,49L + +#define SN_id_ct_signedTAL "id-ct-signedTAL" +#define NID_id_ct_signedTAL 1284 +#define OBJ_id_ct_signedTAL OBJ_id_smime_ct,50L + +#define SN_id_ct_rpkiSignedPrefixList "id-ct-rpkiSignedPrefixList" +#define NID_id_ct_rpkiSignedPrefixList 1320 +#define OBJ_id_ct_rpkiSignedPrefixList OBJ_id_smime_ct,51L + +#define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" +#define NID_id_smime_aa_receiptRequest 212 +#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L + +#define SN_id_smime_aa_securityLabel "id-smime-aa-securityLabel" +#define NID_id_smime_aa_securityLabel 213 +#define OBJ_id_smime_aa_securityLabel OBJ_id_smime_aa,2L + +#define SN_id_smime_aa_mlExpandHistory "id-smime-aa-mlExpandHistory" +#define NID_id_smime_aa_mlExpandHistory 214 +#define OBJ_id_smime_aa_mlExpandHistory OBJ_id_smime_aa,3L + +#define SN_id_smime_aa_contentHint "id-smime-aa-contentHint" +#define NID_id_smime_aa_contentHint 215 +#define OBJ_id_smime_aa_contentHint OBJ_id_smime_aa,4L + +#define SN_id_smime_aa_msgSigDigest "id-smime-aa-msgSigDigest" +#define NID_id_smime_aa_msgSigDigest 216 +#define OBJ_id_smime_aa_msgSigDigest OBJ_id_smime_aa,5L + +#define SN_id_smime_aa_encapContentType "id-smime-aa-encapContentType" +#define NID_id_smime_aa_encapContentType 217 +#define OBJ_id_smime_aa_encapContentType OBJ_id_smime_aa,6L + +#define SN_id_smime_aa_contentIdentifier "id-smime-aa-contentIdentifier" +#define NID_id_smime_aa_contentIdentifier 218 +#define OBJ_id_smime_aa_contentIdentifier OBJ_id_smime_aa,7L + +#define SN_id_smime_aa_macValue "id-smime-aa-macValue" +#define NID_id_smime_aa_macValue 219 +#define OBJ_id_smime_aa_macValue OBJ_id_smime_aa,8L + +#define SN_id_smime_aa_equivalentLabels "id-smime-aa-equivalentLabels" +#define NID_id_smime_aa_equivalentLabels 220 +#define OBJ_id_smime_aa_equivalentLabels OBJ_id_smime_aa,9L + +#define SN_id_smime_aa_contentReference "id-smime-aa-contentReference" +#define NID_id_smime_aa_contentReference 221 +#define OBJ_id_smime_aa_contentReference OBJ_id_smime_aa,10L + +#define SN_id_smime_aa_encrypKeyPref "id-smime-aa-encrypKeyPref" +#define NID_id_smime_aa_encrypKeyPref 222 +#define OBJ_id_smime_aa_encrypKeyPref OBJ_id_smime_aa,11L + +#define SN_id_smime_aa_signingCertificate "id-smime-aa-signingCertificate" +#define NID_id_smime_aa_signingCertificate 223 +#define OBJ_id_smime_aa_signingCertificate OBJ_id_smime_aa,12L + +#define SN_id_smime_aa_smimeEncryptCerts "id-smime-aa-smimeEncryptCerts" +#define NID_id_smime_aa_smimeEncryptCerts 224 +#define OBJ_id_smime_aa_smimeEncryptCerts OBJ_id_smime_aa,13L + +#define SN_id_smime_aa_timeStampToken "id-smime-aa-timeStampToken" +#define NID_id_smime_aa_timeStampToken 225 +#define OBJ_id_smime_aa_timeStampToken OBJ_id_smime_aa,14L + +#define SN_id_smime_aa_ets_sigPolicyId "id-smime-aa-ets-sigPolicyId" +#define NID_id_smime_aa_ets_sigPolicyId 226 +#define OBJ_id_smime_aa_ets_sigPolicyId OBJ_id_smime_aa,15L + +#define SN_id_smime_aa_ets_commitmentType "id-smime-aa-ets-commitmentType" +#define NID_id_smime_aa_ets_commitmentType 227 +#define OBJ_id_smime_aa_ets_commitmentType OBJ_id_smime_aa,16L + +#define SN_id_smime_aa_ets_signerLocation "id-smime-aa-ets-signerLocation" +#define NID_id_smime_aa_ets_signerLocation 228 +#define OBJ_id_smime_aa_ets_signerLocation OBJ_id_smime_aa,17L + +#define SN_id_smime_aa_ets_signerAttr "id-smime-aa-ets-signerAttr" +#define NID_id_smime_aa_ets_signerAttr 229 +#define OBJ_id_smime_aa_ets_signerAttr OBJ_id_smime_aa,18L + +#define SN_id_smime_aa_ets_otherSigCert "id-smime-aa-ets-otherSigCert" +#define NID_id_smime_aa_ets_otherSigCert 230 +#define OBJ_id_smime_aa_ets_otherSigCert OBJ_id_smime_aa,19L + +#define SN_id_smime_aa_ets_contentTimestamp "id-smime-aa-ets-contentTimestamp" +#define NID_id_smime_aa_ets_contentTimestamp 231 +#define OBJ_id_smime_aa_ets_contentTimestamp OBJ_id_smime_aa,20L + +#define SN_id_smime_aa_ets_CertificateRefs "id-smime-aa-ets-CertificateRefs" +#define NID_id_smime_aa_ets_CertificateRefs 232 +#define OBJ_id_smime_aa_ets_CertificateRefs OBJ_id_smime_aa,21L + +#define SN_id_smime_aa_ets_RevocationRefs "id-smime-aa-ets-RevocationRefs" +#define NID_id_smime_aa_ets_RevocationRefs 233 +#define OBJ_id_smime_aa_ets_RevocationRefs OBJ_id_smime_aa,22L + +#define SN_id_smime_aa_ets_certValues "id-smime-aa-ets-certValues" +#define NID_id_smime_aa_ets_certValues 234 +#define OBJ_id_smime_aa_ets_certValues OBJ_id_smime_aa,23L + +#define SN_id_smime_aa_ets_revocationValues "id-smime-aa-ets-revocationValues" +#define NID_id_smime_aa_ets_revocationValues 235 +#define OBJ_id_smime_aa_ets_revocationValues OBJ_id_smime_aa,24L + +#define SN_id_smime_aa_ets_escTimeStamp "id-smime-aa-ets-escTimeStamp" +#define NID_id_smime_aa_ets_escTimeStamp 236 +#define OBJ_id_smime_aa_ets_escTimeStamp OBJ_id_smime_aa,25L + +#define SN_id_smime_aa_ets_certCRLTimestamp "id-smime-aa-ets-certCRLTimestamp" +#define NID_id_smime_aa_ets_certCRLTimestamp 237 +#define OBJ_id_smime_aa_ets_certCRLTimestamp OBJ_id_smime_aa,26L + +#define SN_id_smime_aa_ets_archiveTimeStamp "id-smime-aa-ets-archiveTimeStamp" +#define NID_id_smime_aa_ets_archiveTimeStamp 238 +#define OBJ_id_smime_aa_ets_archiveTimeStamp OBJ_id_smime_aa,27L + +#define SN_id_smime_aa_signatureType "id-smime-aa-signatureType" +#define NID_id_smime_aa_signatureType 239 +#define OBJ_id_smime_aa_signatureType OBJ_id_smime_aa,28L + +#define SN_id_smime_aa_dvcs_dvc "id-smime-aa-dvcs-dvc" +#define NID_id_smime_aa_dvcs_dvc 240 +#define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L + +#define SN_id_aa_ets_attrCertificateRefs "id-aa-ets-attrCertificateRefs" +#define NID_id_aa_ets_attrCertificateRefs 1261 +#define OBJ_id_aa_ets_attrCertificateRefs OBJ_id_smime_aa,44L + +#define SN_id_aa_ets_attrRevocationRefs "id-aa-ets-attrRevocationRefs" +#define NID_id_aa_ets_attrRevocationRefs 1262 +#define OBJ_id_aa_ets_attrRevocationRefs OBJ_id_smime_aa,45L + +#define SN_id_smime_aa_signingCertificateV2 "id-smime-aa-signingCertificateV2" +#define NID_id_smime_aa_signingCertificateV2 1086 +#define OBJ_id_smime_aa_signingCertificateV2 OBJ_id_smime_aa,47L + +#define SN_id_aa_ets_archiveTimestampV2 "id-aa-ets-archiveTimestampV2" +#define NID_id_aa_ets_archiveTimestampV2 1280 +#define OBJ_id_aa_ets_archiveTimestampV2 OBJ_id_smime_aa,48L + +#define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" +#define NID_id_smime_alg_ESDHwith3DES 241 +#define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L + +#define SN_id_smime_alg_ESDHwithRC2 "id-smime-alg-ESDHwithRC2" +#define NID_id_smime_alg_ESDHwithRC2 242 +#define OBJ_id_smime_alg_ESDHwithRC2 OBJ_id_smime_alg,2L + +#define SN_id_smime_alg_3DESwrap "id-smime-alg-3DESwrap" +#define NID_id_smime_alg_3DESwrap 243 +#define OBJ_id_smime_alg_3DESwrap OBJ_id_smime_alg,3L + +#define SN_id_smime_alg_RC2wrap "id-smime-alg-RC2wrap" +#define NID_id_smime_alg_RC2wrap 244 +#define OBJ_id_smime_alg_RC2wrap OBJ_id_smime_alg,4L + +#define SN_id_smime_alg_ESDH "id-smime-alg-ESDH" +#define NID_id_smime_alg_ESDH 245 +#define OBJ_id_smime_alg_ESDH OBJ_id_smime_alg,5L + +#define SN_id_smime_alg_CMS3DESwrap "id-smime-alg-CMS3DESwrap" +#define NID_id_smime_alg_CMS3DESwrap 246 +#define OBJ_id_smime_alg_CMS3DESwrap OBJ_id_smime_alg,6L + +#define SN_id_smime_alg_CMSRC2wrap "id-smime-alg-CMSRC2wrap" +#define NID_id_smime_alg_CMSRC2wrap 247 +#define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L + +#define SN_id_alg_PWRI_KEK "id-alg-PWRI-KEK" +#define NID_id_alg_PWRI_KEK 893 +#define OBJ_id_alg_PWRI_KEK OBJ_id_smime_alg,9L + +#define SN_id_smime_cd_ldap "id-smime-cd-ldap" +#define NID_id_smime_cd_ldap 248 +#define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L + +#define SN_id_smime_spq_ets_sqt_uri "id-smime-spq-ets-sqt-uri" +#define NID_id_smime_spq_ets_sqt_uri 249 +#define OBJ_id_smime_spq_ets_sqt_uri OBJ_id_smime_spq,1L + +#define SN_id_smime_spq_ets_sqt_unotice "id-smime-spq-ets-sqt-unotice" +#define NID_id_smime_spq_ets_sqt_unotice 250 +#define OBJ_id_smime_spq_ets_sqt_unotice OBJ_id_smime_spq,2L + +#define SN_id_smime_cti_ets_proofOfOrigin "id-smime-cti-ets-proofOfOrigin" +#define NID_id_smime_cti_ets_proofOfOrigin 251 +#define OBJ_id_smime_cti_ets_proofOfOrigin OBJ_id_smime_cti,1L + +#define SN_id_smime_cti_ets_proofOfReceipt "id-smime-cti-ets-proofOfReceipt" +#define NID_id_smime_cti_ets_proofOfReceipt 252 +#define OBJ_id_smime_cti_ets_proofOfReceipt OBJ_id_smime_cti,2L + +#define SN_id_smime_cti_ets_proofOfDelivery "id-smime-cti-ets-proofOfDelivery" +#define NID_id_smime_cti_ets_proofOfDelivery 253 +#define OBJ_id_smime_cti_ets_proofOfDelivery OBJ_id_smime_cti,3L + +#define SN_id_smime_cti_ets_proofOfSender "id-smime-cti-ets-proofOfSender" +#define NID_id_smime_cti_ets_proofOfSender 254 +#define OBJ_id_smime_cti_ets_proofOfSender OBJ_id_smime_cti,4L + +#define SN_id_smime_cti_ets_proofOfApproval "id-smime-cti-ets-proofOfApproval" +#define NID_id_smime_cti_ets_proofOfApproval 255 +#define OBJ_id_smime_cti_ets_proofOfApproval OBJ_id_smime_cti,5L + +#define SN_id_smime_cti_ets_proofOfCreation "id-smime-cti-ets-proofOfCreation" +#define NID_id_smime_cti_ets_proofOfCreation 256 +#define OBJ_id_smime_cti_ets_proofOfCreation OBJ_id_smime_cti,6L + +#define LN_friendlyName "friendlyName" +#define NID_friendlyName 156 +#define OBJ_friendlyName OBJ_pkcs9,20L + +#define LN_localKeyID "localKeyID" +#define NID_localKeyID 157 +#define OBJ_localKeyID OBJ_pkcs9,21L + +#define OBJ_ms_corp 1L,3L,6L,1L,4L,1L,311L + +#define SN_ms_csp_name "CSPName" +#define LN_ms_csp_name "Microsoft CSP Name" +#define NID_ms_csp_name 417 +#define OBJ_ms_csp_name OBJ_ms_corp,17L,1L + +#define SN_LocalKeySet "LocalKeySet" +#define LN_LocalKeySet "Microsoft Local Key set" +#define NID_LocalKeySet 856 +#define OBJ_LocalKeySet OBJ_ms_corp,17L,2L + +#define OBJ_certTypes OBJ_pkcs9,22L + +#define LN_x509Certificate "x509Certificate" +#define NID_x509Certificate 158 +#define OBJ_x509Certificate OBJ_certTypes,1L + +#define LN_sdsiCertificate "sdsiCertificate" +#define NID_sdsiCertificate 159 +#define OBJ_sdsiCertificate OBJ_certTypes,2L + +#define OBJ_crlTypes OBJ_pkcs9,23L + +#define LN_x509Crl "x509Crl" +#define NID_x509Crl 160 +#define OBJ_x509Crl OBJ_crlTypes,1L + +#define SN_id_aa_CMSAlgorithmProtection "id-aa-CMSAlgorithmProtection" +#define NID_id_aa_CMSAlgorithmProtection 1263 +#define OBJ_id_aa_CMSAlgorithmProtection OBJ_pkcs9,52L + +#define OBJ_pkcs12 OBJ_pkcs,12L + +#define OBJ_pkcs12_pbeids OBJ_pkcs12,1L + +#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" +#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" +#define NID_pbe_WithSHA1And128BitRC4 144 +#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids,1L + +#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" +#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" +#define NID_pbe_WithSHA1And40BitRC4 145 +#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids,2L + +#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" +#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 +#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids,3L + +#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" +#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 +#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids,4L + +#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" +#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" +#define NID_pbe_WithSHA1And128BitRC2_CBC 148 +#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids,5L + +#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" +#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" +#define NID_pbe_WithSHA1And40BitRC2_CBC 149 +#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids,6L + +#define OBJ_pkcs12_Version1 OBJ_pkcs12,10L + +#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1,1L + +#define LN_keyBag "keyBag" +#define NID_keyBag 150 +#define OBJ_keyBag OBJ_pkcs12_BagIds,1L + +#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" +#define NID_pkcs8ShroudedKeyBag 151 +#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds,2L + +#define LN_certBag "certBag" +#define NID_certBag 152 +#define OBJ_certBag OBJ_pkcs12_BagIds,3L + +#define LN_crlBag "crlBag" +#define NID_crlBag 153 +#define OBJ_crlBag OBJ_pkcs12_BagIds,4L + +#define LN_secretBag "secretBag" +#define NID_secretBag 154 +#define OBJ_secretBag OBJ_pkcs12_BagIds,5L + +#define LN_safeContentsBag "safeContentsBag" +#define NID_safeContentsBag 155 +#define OBJ_safeContentsBag OBJ_pkcs12_BagIds,6L + +#define SN_md2 "MD2" +#define LN_md2 "md2" +#define NID_md2 3 +#define OBJ_md2 OBJ_rsadsi,2L,2L + +#define SN_md4 "MD4" +#define LN_md4 "md4" +#define NID_md4 257 +#define OBJ_md4 OBJ_rsadsi,2L,4L + +#define SN_md5 "MD5" +#define LN_md5 "md5" +#define NID_md5 4 +#define OBJ_md5 OBJ_rsadsi,2L,5L + +#define SN_md5_sha1 "MD5-SHA1" +#define LN_md5_sha1 "md5-sha1" +#define NID_md5_sha1 114 + +#define LN_hmacWithMD5 "hmacWithMD5" +#define NID_hmacWithMD5 797 +#define OBJ_hmacWithMD5 OBJ_rsadsi,2L,6L + +#define LN_hmacWithSHA1 "hmacWithSHA1" +#define NID_hmacWithSHA1 163 +#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L + +#define SN_sm2 "SM2" +#define LN_sm2 "sm2" +#define NID_sm2 1172 +#define OBJ_sm2 OBJ_sm_scheme,301L + +#define SN_sm3 "SM3" +#define LN_sm3 "sm3" +#define NID_sm3 1143 +#define OBJ_sm3 OBJ_sm_scheme,401L + +#define SN_sm3WithRSAEncryption "RSA-SM3" +#define LN_sm3WithRSAEncryption "sm3WithRSAEncryption" +#define NID_sm3WithRSAEncryption 1144 +#define OBJ_sm3WithRSAEncryption OBJ_sm_scheme,504L + +#define SN_SM2_with_SM3 "SM2-SM3" +#define LN_SM2_with_SM3 "SM2-with-SM3" +#define NID_SM2_with_SM3 1204 +#define OBJ_SM2_with_SM3 OBJ_sm_scheme,501L + +#define LN_hmacWithSM3 "hmacWithSM3" +#define NID_hmacWithSM3 1281 +#define OBJ_hmacWithSM3 OBJ_sm3,3L,1L + +#define LN_hmacWithSHA224 "hmacWithSHA224" +#define NID_hmacWithSHA224 798 +#define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L + +#define LN_hmacWithSHA256 "hmacWithSHA256" +#define NID_hmacWithSHA256 799 +#define OBJ_hmacWithSHA256 OBJ_rsadsi,2L,9L + +#define LN_hmacWithSHA384 "hmacWithSHA384" +#define NID_hmacWithSHA384 800 +#define OBJ_hmacWithSHA384 OBJ_rsadsi,2L,10L + +#define LN_hmacWithSHA512 "hmacWithSHA512" +#define NID_hmacWithSHA512 801 +#define OBJ_hmacWithSHA512 OBJ_rsadsi,2L,11L + +#define LN_hmacWithSHA512_224 "hmacWithSHA512-224" +#define NID_hmacWithSHA512_224 1193 +#define OBJ_hmacWithSHA512_224 OBJ_rsadsi,2L,12L + +#define LN_hmacWithSHA512_256 "hmacWithSHA512-256" +#define NID_hmacWithSHA512_256 1194 +#define OBJ_hmacWithSHA512_256 OBJ_rsadsi,2L,13L + +#define SN_rc2_cbc "RC2-CBC" +#define LN_rc2_cbc "rc2-cbc" +#define NID_rc2_cbc 37 +#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L + +#define SN_rc2_ecb "RC2-ECB" +#define LN_rc2_ecb "rc2-ecb" +#define NID_rc2_ecb 38 + +#define SN_rc2_cfb64 "RC2-CFB" +#define LN_rc2_cfb64 "rc2-cfb" +#define NID_rc2_cfb64 39 + +#define SN_rc2_ofb64 "RC2-OFB" +#define LN_rc2_ofb64 "rc2-ofb" +#define NID_rc2_ofb64 40 + +#define SN_rc2_40_cbc "RC2-40-CBC" +#define LN_rc2_40_cbc "rc2-40-cbc" +#define NID_rc2_40_cbc 98 + +#define SN_rc2_64_cbc "RC2-64-CBC" +#define LN_rc2_64_cbc "rc2-64-cbc" +#define NID_rc2_64_cbc 166 + +#define SN_rc4 "RC4" +#define LN_rc4 "rc4" +#define NID_rc4 5 +#define OBJ_rc4 OBJ_rsadsi,3L,4L + +#define SN_rc4_40 "RC4-40" +#define LN_rc4_40 "rc4-40" +#define NID_rc4_40 97 + +#define SN_des_ede3_cbc "DES-EDE3-CBC" +#define LN_des_ede3_cbc "des-ede3-cbc" +#define NID_des_ede3_cbc 44 +#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L + +#define SN_rc5_cbc "RC5-CBC" +#define LN_rc5_cbc "rc5-cbc" +#define NID_rc5_cbc 120 +#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L + +#define SN_rc5_ecb "RC5-ECB" +#define LN_rc5_ecb "rc5-ecb" +#define NID_rc5_ecb 121 + +#define SN_rc5_cfb64 "RC5-CFB" +#define LN_rc5_cfb64 "rc5-cfb" +#define NID_rc5_cfb64 122 + +#define SN_rc5_ofb64 "RC5-OFB" +#define LN_rc5_ofb64 "rc5-ofb" +#define NID_rc5_ofb64 123 + +#define SN_ms_ext_req "msExtReq" +#define LN_ms_ext_req "Microsoft Extension Request" +#define NID_ms_ext_req 171 +#define OBJ_ms_ext_req OBJ_ms_corp,2L,1L,14L + +#define SN_ms_code_ind "msCodeInd" +#define LN_ms_code_ind "Microsoft Individual Code Signing" +#define NID_ms_code_ind 134 +#define OBJ_ms_code_ind OBJ_ms_corp,2L,1L,21L + +#define SN_ms_code_com "msCodeCom" +#define LN_ms_code_com "Microsoft Commercial Code Signing" +#define NID_ms_code_com 135 +#define OBJ_ms_code_com OBJ_ms_corp,2L,1L,22L + +#define SN_ms_ctl_sign "msCTLSign" +#define LN_ms_ctl_sign "Microsoft Trust List Signing" +#define NID_ms_ctl_sign 136 +#define OBJ_ms_ctl_sign OBJ_ms_corp,10L,3L,1L + +#define SN_ms_sgc "msSGC" +#define LN_ms_sgc "Microsoft Server Gated Crypto" +#define NID_ms_sgc 137 +#define OBJ_ms_sgc OBJ_ms_corp,10L,3L,3L + +#define SN_ms_efs "msEFS" +#define LN_ms_efs "Microsoft Encrypted File System" +#define NID_ms_efs 138 +#define OBJ_ms_efs OBJ_ms_corp,10L,3L,4L + +#define SN_ms_smartcard_login "msSmartcardLogin" +#define LN_ms_smartcard_login "Microsoft Smartcard Login" +#define NID_ms_smartcard_login 648 +#define OBJ_ms_smartcard_login OBJ_ms_corp,20L,2L,2L + +#define SN_ms_upn "msUPN" +#define LN_ms_upn "Microsoft User Principal Name" +#define NID_ms_upn 649 +#define OBJ_ms_upn OBJ_ms_corp,20L,2L,3L + +#define SN_ms_ntds_sec_ext "ms-ntds-sec-ext" +#define LN_ms_ntds_sec_ext "Microsoft NTDS CA Extension" +#define NID_ms_ntds_sec_ext 1292 +#define OBJ_ms_ntds_sec_ext OBJ_ms_corp,25L,2L + +#define SN_ms_ntds_obj_sid "ms-ntds-obj-sid" +#define LN_ms_ntds_obj_sid "Microsoft NTDS AD objectSid" +#define NID_ms_ntds_obj_sid 1291 +#define OBJ_ms_ntds_obj_sid OBJ_ms_corp,25L,2L,1L + +#define SN_ms_cert_templ "ms-cert-templ" +#define LN_ms_cert_templ "Microsoft certificate template" +#define NID_ms_cert_templ 1293 +#define OBJ_ms_cert_templ OBJ_ms_corp,21L,7L + +#define SN_ms_app_policies "ms-app-policies" +#define LN_ms_app_policies "Microsoft Application Policies Extension" +#define NID_ms_app_policies 1294 +#define OBJ_ms_app_policies OBJ_ms_corp,21L,10L + +#define SN_idea_cbc "IDEA-CBC" +#define LN_idea_cbc "idea-cbc" +#define NID_idea_cbc 34 +#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L + +#define SN_idea_ecb "IDEA-ECB" +#define LN_idea_ecb "idea-ecb" +#define NID_idea_ecb 36 + +#define SN_idea_cfb64 "IDEA-CFB" +#define LN_idea_cfb64 "idea-cfb" +#define NID_idea_cfb64 35 + +#define SN_idea_ofb64 "IDEA-OFB" +#define LN_idea_ofb64 "idea-ofb" +#define NID_idea_ofb64 46 + +#define SN_bf_cbc "BF-CBC" +#define LN_bf_cbc "bf-cbc" +#define NID_bf_cbc 91 +#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L + +#define SN_bf_ecb "BF-ECB" +#define LN_bf_ecb "bf-ecb" +#define NID_bf_ecb 92 + +#define SN_bf_cfb64 "BF-CFB" +#define LN_bf_cfb64 "bf-cfb" +#define NID_bf_cfb64 93 + +#define SN_bf_ofb64 "BF-OFB" +#define LN_bf_ofb64 "bf-ofb" +#define NID_bf_ofb64 94 + +#define SN_id_pkix "PKIX" +#define NID_id_pkix 127 +#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L + +#define SN_id_pkix_mod "id-pkix-mod" +#define NID_id_pkix_mod 258 +#define OBJ_id_pkix_mod OBJ_id_pkix,0L + +#define SN_id_pe "id-pe" +#define NID_id_pe 175 +#define OBJ_id_pe OBJ_id_pkix,1L + +#define SN_id_qt "id-qt" +#define NID_id_qt 259 +#define OBJ_id_qt OBJ_id_pkix,2L + +#define SN_id_kp "id-kp" +#define NID_id_kp 128 +#define OBJ_id_kp OBJ_id_pkix,3L + +#define SN_id_it "id-it" +#define NID_id_it 260 +#define OBJ_id_it OBJ_id_pkix,4L + +#define SN_id_pkip "id-pkip" +#define NID_id_pkip 261 +#define OBJ_id_pkip OBJ_id_pkix,5L + +#define SN_id_alg "id-alg" +#define NID_id_alg 262 +#define OBJ_id_alg OBJ_id_pkix,6L + +#define SN_id_cmc "id-cmc" +#define NID_id_cmc 263 +#define OBJ_id_cmc OBJ_id_pkix,7L + +#define SN_id_on "id-on" +#define NID_id_on 264 +#define OBJ_id_on OBJ_id_pkix,8L + +#define SN_id_pda "id-pda" +#define NID_id_pda 265 +#define OBJ_id_pda OBJ_id_pkix,9L + +#define SN_id_aca "id-aca" +#define NID_id_aca 266 +#define OBJ_id_aca OBJ_id_pkix,10L + +#define SN_id_qcs "id-qcs" +#define NID_id_qcs 267 +#define OBJ_id_qcs OBJ_id_pkix,11L + +#define SN_id_cp "id-cp" +#define NID_id_cp 1238 +#define OBJ_id_cp OBJ_id_pkix,14L + +#define SN_id_cct "id-cct" +#define NID_id_cct 268 +#define OBJ_id_cct OBJ_id_pkix,12L + +#define SN_id_ppl "id-ppl" +#define NID_id_ppl 662 +#define OBJ_id_ppl OBJ_id_pkix,21L + +#define SN_id_ad "id-ad" +#define NID_id_ad 176 +#define OBJ_id_ad OBJ_id_pkix,48L + +#define SN_id_pkix1_explicit_88 "id-pkix1-explicit-88" +#define NID_id_pkix1_explicit_88 269 +#define OBJ_id_pkix1_explicit_88 OBJ_id_pkix_mod,1L + +#define SN_id_pkix1_implicit_88 "id-pkix1-implicit-88" +#define NID_id_pkix1_implicit_88 270 +#define OBJ_id_pkix1_implicit_88 OBJ_id_pkix_mod,2L + +#define SN_id_pkix1_explicit_93 "id-pkix1-explicit-93" +#define NID_id_pkix1_explicit_93 271 +#define OBJ_id_pkix1_explicit_93 OBJ_id_pkix_mod,3L + +#define SN_id_pkix1_implicit_93 "id-pkix1-implicit-93" +#define NID_id_pkix1_implicit_93 272 +#define OBJ_id_pkix1_implicit_93 OBJ_id_pkix_mod,4L + +#define SN_id_mod_crmf "id-mod-crmf" +#define NID_id_mod_crmf 273 +#define OBJ_id_mod_crmf OBJ_id_pkix_mod,5L + +#define SN_id_mod_cmc "id-mod-cmc" +#define NID_id_mod_cmc 274 +#define OBJ_id_mod_cmc OBJ_id_pkix_mod,6L + +#define SN_id_mod_kea_profile_88 "id-mod-kea-profile-88" +#define NID_id_mod_kea_profile_88 275 +#define OBJ_id_mod_kea_profile_88 OBJ_id_pkix_mod,7L + +#define SN_id_mod_kea_profile_93 "id-mod-kea-profile-93" +#define NID_id_mod_kea_profile_93 276 +#define OBJ_id_mod_kea_profile_93 OBJ_id_pkix_mod,8L + +#define SN_id_mod_cmp "id-mod-cmp" +#define NID_id_mod_cmp 277 +#define OBJ_id_mod_cmp OBJ_id_pkix_mod,9L + +#define SN_id_mod_qualified_cert_88 "id-mod-qualified-cert-88" +#define NID_id_mod_qualified_cert_88 278 +#define OBJ_id_mod_qualified_cert_88 OBJ_id_pkix_mod,10L + +#define SN_id_mod_qualified_cert_93 "id-mod-qualified-cert-93" +#define NID_id_mod_qualified_cert_93 279 +#define OBJ_id_mod_qualified_cert_93 OBJ_id_pkix_mod,11L + +#define SN_id_mod_attribute_cert "id-mod-attribute-cert" +#define NID_id_mod_attribute_cert 280 +#define OBJ_id_mod_attribute_cert OBJ_id_pkix_mod,12L + +#define SN_id_mod_timestamp_protocol "id-mod-timestamp-protocol" +#define NID_id_mod_timestamp_protocol 281 +#define OBJ_id_mod_timestamp_protocol OBJ_id_pkix_mod,13L + +#define SN_id_mod_ocsp "id-mod-ocsp" +#define NID_id_mod_ocsp 282 +#define OBJ_id_mod_ocsp OBJ_id_pkix_mod,14L + +#define SN_id_mod_dvcs "id-mod-dvcs" +#define NID_id_mod_dvcs 283 +#define OBJ_id_mod_dvcs OBJ_id_pkix_mod,15L + +#define SN_id_mod_cmp2000 "id-mod-cmp2000" +#define NID_id_mod_cmp2000 284 +#define OBJ_id_mod_cmp2000 OBJ_id_pkix_mod,16L + +#define SN_id_mod_cmp2000_02 "id-mod-cmp2000-02" +#define NID_id_mod_cmp2000_02 1251 +#define OBJ_id_mod_cmp2000_02 OBJ_id_pkix_mod,50L + +#define SN_id_mod_cmp2021_88 "id-mod-cmp2021-88" +#define NID_id_mod_cmp2021_88 1252 +#define OBJ_id_mod_cmp2021_88 OBJ_id_pkix_mod,99L + +#define SN_id_mod_cmp2021_02 "id-mod-cmp2021-02" +#define NID_id_mod_cmp2021_02 1253 +#define OBJ_id_mod_cmp2021_02 OBJ_id_pkix_mod,100L + +#define SN_info_access "authorityInfoAccess" +#define LN_info_access "Authority Information Access" +#define NID_info_access 177 +#define OBJ_info_access OBJ_id_pe,1L + +#define SN_biometricInfo "biometricInfo" +#define LN_biometricInfo "Biometric Info" +#define NID_biometricInfo 285 +#define OBJ_biometricInfo OBJ_id_pe,2L + +#define SN_qcStatements "qcStatements" +#define NID_qcStatements 286 +#define OBJ_qcStatements OBJ_id_pe,3L + +#define SN_ac_auditEntity "ac-auditEntity" +#define NID_ac_auditEntity 287 +#define OBJ_ac_auditEntity OBJ_id_pe,4L + +#define SN_ac_targeting "ac-targeting" +#define NID_ac_targeting 288 +#define OBJ_ac_targeting OBJ_id_pe,5L + +#define SN_aaControls "aaControls" +#define NID_aaControls 289 +#define OBJ_aaControls OBJ_id_pe,6L + +#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock" +#define NID_sbgp_ipAddrBlock 290 +#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L + +#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum" +#define NID_sbgp_autonomousSysNum 291 +#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L + +#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier" +#define NID_sbgp_routerIdentifier 292 +#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L + +#define SN_ac_proxying "ac-proxying" +#define NID_ac_proxying 397 +#define OBJ_ac_proxying OBJ_id_pe,10L + +#define SN_sinfo_access "subjectInfoAccess" +#define LN_sinfo_access "Subject Information Access" +#define NID_sinfo_access 398 +#define OBJ_sinfo_access OBJ_id_pe,11L + +#define SN_proxyCertInfo "proxyCertInfo" +#define LN_proxyCertInfo "Proxy Certificate Information" +#define NID_proxyCertInfo 663 +#define OBJ_proxyCertInfo OBJ_id_pe,14L + +#define SN_tlsfeature "tlsfeature" +#define LN_tlsfeature "TLS Feature" +#define NID_tlsfeature 1020 +#define OBJ_tlsfeature OBJ_id_pe,24L + +#define SN_sbgp_ipAddrBlockv2 "sbgp-ipAddrBlockv2" +#define NID_sbgp_ipAddrBlockv2 1239 +#define OBJ_sbgp_ipAddrBlockv2 OBJ_id_pe,28L + +#define SN_sbgp_autonomousSysNumv2 "sbgp-autonomousSysNumv2" +#define NID_sbgp_autonomousSysNumv2 1240 +#define OBJ_sbgp_autonomousSysNumv2 OBJ_id_pe,29L + +#define SN_id_qt_cps "id-qt-cps" +#define LN_id_qt_cps "Policy Qualifier CPS" +#define NID_id_qt_cps 164 +#define OBJ_id_qt_cps OBJ_id_qt,1L + +#define SN_id_qt_unotice "id-qt-unotice" +#define LN_id_qt_unotice "Policy Qualifier User Notice" +#define NID_id_qt_unotice 165 +#define OBJ_id_qt_unotice OBJ_id_qt,2L + +#define SN_textNotice "textNotice" +#define NID_textNotice 293 +#define OBJ_textNotice OBJ_id_qt,3L + +#define SN_server_auth "serverAuth" +#define LN_server_auth "TLS Web Server Authentication" +#define NID_server_auth 129 +#define OBJ_server_auth OBJ_id_kp,1L + +#define SN_client_auth "clientAuth" +#define LN_client_auth "TLS Web Client Authentication" +#define NID_client_auth 130 +#define OBJ_client_auth OBJ_id_kp,2L + +#define SN_code_sign "codeSigning" +#define LN_code_sign "Code Signing" +#define NID_code_sign 131 +#define OBJ_code_sign OBJ_id_kp,3L + +#define SN_email_protect "emailProtection" +#define LN_email_protect "E-mail Protection" +#define NID_email_protect 132 +#define OBJ_email_protect OBJ_id_kp,4L + +#define SN_ipsecEndSystem "ipsecEndSystem" +#define LN_ipsecEndSystem "IPSec End System" +#define NID_ipsecEndSystem 294 +#define OBJ_ipsecEndSystem OBJ_id_kp,5L + +#define SN_ipsecTunnel "ipsecTunnel" +#define LN_ipsecTunnel "IPSec Tunnel" +#define NID_ipsecTunnel 295 +#define OBJ_ipsecTunnel OBJ_id_kp,6L + +#define SN_ipsecUser "ipsecUser" +#define LN_ipsecUser "IPSec User" +#define NID_ipsecUser 296 +#define OBJ_ipsecUser OBJ_id_kp,7L + +#define SN_time_stamp "timeStamping" +#define LN_time_stamp "Time Stamping" +#define NID_time_stamp 133 +#define OBJ_time_stamp OBJ_id_kp,8L + +#define SN_OCSP_sign "OCSPSigning" +#define LN_OCSP_sign "OCSP Signing" +#define NID_OCSP_sign 180 +#define OBJ_OCSP_sign OBJ_id_kp,9L + +#define SN_dvcs "DVCS" +#define LN_dvcs "dvcs" +#define NID_dvcs 297 +#define OBJ_dvcs OBJ_id_kp,10L + +#define SN_ipsec_IKE "ipsecIKE" +#define LN_ipsec_IKE "ipsec Internet Key Exchange" +#define NID_ipsec_IKE 1022 +#define OBJ_ipsec_IKE OBJ_id_kp,17L + +#define SN_capwapAC "capwapAC" +#define LN_capwapAC "Ctrl/provision WAP Access" +#define NID_capwapAC 1023 +#define OBJ_capwapAC OBJ_id_kp,18L + +#define SN_capwapWTP "capwapWTP" +#define LN_capwapWTP "Ctrl/Provision WAP Termination" +#define NID_capwapWTP 1024 +#define OBJ_capwapWTP OBJ_id_kp,19L + +#define SN_sshClient "secureShellClient" +#define LN_sshClient "SSH Client" +#define NID_sshClient 1025 +#define OBJ_sshClient OBJ_id_kp,21L + +#define SN_sshServer "secureShellServer" +#define LN_sshServer "SSH Server" +#define NID_sshServer 1026 +#define OBJ_sshServer OBJ_id_kp,22L + +#define SN_sendRouter "sendRouter" +#define LN_sendRouter "Send Router" +#define NID_sendRouter 1027 +#define OBJ_sendRouter OBJ_id_kp,23L + +#define SN_sendProxiedRouter "sendProxiedRouter" +#define LN_sendProxiedRouter "Send Proxied Router" +#define NID_sendProxiedRouter 1028 +#define OBJ_sendProxiedRouter OBJ_id_kp,24L + +#define SN_sendOwner "sendOwner" +#define LN_sendOwner "Send Owner" +#define NID_sendOwner 1029 +#define OBJ_sendOwner OBJ_id_kp,25L + +#define SN_sendProxiedOwner "sendProxiedOwner" +#define LN_sendProxiedOwner "Send Proxied Owner" +#define NID_sendProxiedOwner 1030 +#define OBJ_sendProxiedOwner OBJ_id_kp,26L + +#define SN_cmcCA "cmcCA" +#define LN_cmcCA "CMC Certificate Authority" +#define NID_cmcCA 1131 +#define OBJ_cmcCA OBJ_id_kp,27L + +#define SN_cmcRA "cmcRA" +#define LN_cmcRA "CMC Registration Authority" +#define NID_cmcRA 1132 +#define OBJ_cmcRA OBJ_id_kp,28L + +#define SN_cmcArchive "cmcArchive" +#define LN_cmcArchive "CMC Archive Server" +#define NID_cmcArchive 1219 +#define OBJ_cmcArchive OBJ_id_kp,29L + +#define SN_id_kp_bgpsec_router "id-kp-bgpsec-router" +#define LN_id_kp_bgpsec_router "BGPsec Router" +#define NID_id_kp_bgpsec_router 1220 +#define OBJ_id_kp_bgpsec_router OBJ_id_kp,30L + +#define SN_id_kp_BrandIndicatorforMessageIdentification "id-kp-BrandIndicatorforMessageIdentification" +#define LN_id_kp_BrandIndicatorforMessageIdentification "Brand Indicator for Message Identification" +#define NID_id_kp_BrandIndicatorforMessageIdentification 1221 +#define OBJ_id_kp_BrandIndicatorforMessageIdentification OBJ_id_kp,31L + +#define SN_cmKGA "cmKGA" +#define LN_cmKGA "Certificate Management Key Generation Authority" +#define NID_cmKGA 1222 +#define OBJ_cmKGA OBJ_id_kp,32L + +#define SN_id_it_caProtEncCert "id-it-caProtEncCert" +#define NID_id_it_caProtEncCert 298 +#define OBJ_id_it_caProtEncCert OBJ_id_it,1L + +#define SN_id_it_signKeyPairTypes "id-it-signKeyPairTypes" +#define NID_id_it_signKeyPairTypes 299 +#define OBJ_id_it_signKeyPairTypes OBJ_id_it,2L + +#define SN_id_it_encKeyPairTypes "id-it-encKeyPairTypes" +#define NID_id_it_encKeyPairTypes 300 +#define OBJ_id_it_encKeyPairTypes OBJ_id_it,3L + +#define SN_id_it_preferredSymmAlg "id-it-preferredSymmAlg" +#define NID_id_it_preferredSymmAlg 301 +#define OBJ_id_it_preferredSymmAlg OBJ_id_it,4L + +#define SN_id_it_caKeyUpdateInfo "id-it-caKeyUpdateInfo" +#define NID_id_it_caKeyUpdateInfo 302 +#define OBJ_id_it_caKeyUpdateInfo OBJ_id_it,5L + +#define SN_id_it_currentCRL "id-it-currentCRL" +#define NID_id_it_currentCRL 303 +#define OBJ_id_it_currentCRL OBJ_id_it,6L + +#define SN_id_it_unsupportedOIDs "id-it-unsupportedOIDs" +#define NID_id_it_unsupportedOIDs 304 +#define OBJ_id_it_unsupportedOIDs OBJ_id_it,7L + +#define SN_id_it_subscriptionRequest "id-it-subscriptionRequest" +#define NID_id_it_subscriptionRequest 305 +#define OBJ_id_it_subscriptionRequest OBJ_id_it,8L + +#define SN_id_it_subscriptionResponse "id-it-subscriptionResponse" +#define NID_id_it_subscriptionResponse 306 +#define OBJ_id_it_subscriptionResponse OBJ_id_it,9L + +#define SN_id_it_keyPairParamReq "id-it-keyPairParamReq" +#define NID_id_it_keyPairParamReq 307 +#define OBJ_id_it_keyPairParamReq OBJ_id_it,10L + +#define SN_id_it_keyPairParamRep "id-it-keyPairParamRep" +#define NID_id_it_keyPairParamRep 308 +#define OBJ_id_it_keyPairParamRep OBJ_id_it,11L + +#define SN_id_it_revPassphrase "id-it-revPassphrase" +#define NID_id_it_revPassphrase 309 +#define OBJ_id_it_revPassphrase OBJ_id_it,12L + +#define SN_id_it_implicitConfirm "id-it-implicitConfirm" +#define NID_id_it_implicitConfirm 310 +#define OBJ_id_it_implicitConfirm OBJ_id_it,13L + +#define SN_id_it_confirmWaitTime "id-it-confirmWaitTime" +#define NID_id_it_confirmWaitTime 311 +#define OBJ_id_it_confirmWaitTime OBJ_id_it,14L + +#define SN_id_it_origPKIMessage "id-it-origPKIMessage" +#define NID_id_it_origPKIMessage 312 +#define OBJ_id_it_origPKIMessage OBJ_id_it,15L + +#define SN_id_it_suppLangTags "id-it-suppLangTags" +#define NID_id_it_suppLangTags 784 +#define OBJ_id_it_suppLangTags OBJ_id_it,16L + +#define SN_id_it_caCerts "id-it-caCerts" +#define NID_id_it_caCerts 1223 +#define OBJ_id_it_caCerts OBJ_id_it,17L + +#define SN_id_it_rootCaKeyUpdate "id-it-rootCaKeyUpdate" +#define NID_id_it_rootCaKeyUpdate 1224 +#define OBJ_id_it_rootCaKeyUpdate OBJ_id_it,18L + +#define SN_id_it_certReqTemplate "id-it-certReqTemplate" +#define NID_id_it_certReqTemplate 1225 +#define OBJ_id_it_certReqTemplate OBJ_id_it,19L + +#define SN_id_it_rootCaCert "id-it-rootCaCert" +#define NID_id_it_rootCaCert 1254 +#define OBJ_id_it_rootCaCert OBJ_id_it,20L + +#define SN_id_it_certProfile "id-it-certProfile" +#define NID_id_it_certProfile 1255 +#define OBJ_id_it_certProfile OBJ_id_it,21L + +#define SN_id_it_crlStatusList "id-it-crlStatusList" +#define NID_id_it_crlStatusList 1256 +#define OBJ_id_it_crlStatusList OBJ_id_it,22L + +#define SN_id_it_crls "id-it-crls" +#define NID_id_it_crls 1257 +#define OBJ_id_it_crls OBJ_id_it,23L + +#define SN_id_regCtrl "id-regCtrl" +#define NID_id_regCtrl 313 +#define OBJ_id_regCtrl OBJ_id_pkip,1L + +#define SN_id_regInfo "id-regInfo" +#define NID_id_regInfo 314 +#define OBJ_id_regInfo OBJ_id_pkip,2L + +#define SN_id_regCtrl_regToken "id-regCtrl-regToken" +#define NID_id_regCtrl_regToken 315 +#define OBJ_id_regCtrl_regToken OBJ_id_regCtrl,1L + +#define SN_id_regCtrl_authenticator "id-regCtrl-authenticator" +#define NID_id_regCtrl_authenticator 316 +#define OBJ_id_regCtrl_authenticator OBJ_id_regCtrl,2L + +#define SN_id_regCtrl_pkiPublicationInfo "id-regCtrl-pkiPublicationInfo" +#define NID_id_regCtrl_pkiPublicationInfo 317 +#define OBJ_id_regCtrl_pkiPublicationInfo OBJ_id_regCtrl,3L + +#define SN_id_regCtrl_pkiArchiveOptions "id-regCtrl-pkiArchiveOptions" +#define NID_id_regCtrl_pkiArchiveOptions 318 +#define OBJ_id_regCtrl_pkiArchiveOptions OBJ_id_regCtrl,4L + +#define SN_id_regCtrl_oldCertID "id-regCtrl-oldCertID" +#define NID_id_regCtrl_oldCertID 319 +#define OBJ_id_regCtrl_oldCertID OBJ_id_regCtrl,5L + +#define SN_id_regCtrl_protocolEncrKey "id-regCtrl-protocolEncrKey" +#define NID_id_regCtrl_protocolEncrKey 320 +#define OBJ_id_regCtrl_protocolEncrKey OBJ_id_regCtrl,6L + +#define SN_id_regCtrl_altCertTemplate "id-regCtrl-altCertTemplate" +#define NID_id_regCtrl_altCertTemplate 1258 +#define OBJ_id_regCtrl_altCertTemplate OBJ_id_regCtrl,7L + +#define SN_id_regCtrl_algId "id-regCtrl-algId" +#define NID_id_regCtrl_algId 1259 +#define OBJ_id_regCtrl_algId OBJ_id_regCtrl,11L + +#define SN_id_regCtrl_rsaKeyLen "id-regCtrl-rsaKeyLen" +#define NID_id_regCtrl_rsaKeyLen 1260 +#define OBJ_id_regCtrl_rsaKeyLen OBJ_id_regCtrl,12L + +#define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs" +#define NID_id_regInfo_utf8Pairs 321 +#define OBJ_id_regInfo_utf8Pairs OBJ_id_regInfo,1L + +#define SN_id_regInfo_certReq "id-regInfo-certReq" +#define NID_id_regInfo_certReq 322 +#define OBJ_id_regInfo_certReq OBJ_id_regInfo,2L + +#define SN_id_alg_des40 "id-alg-des40" +#define NID_id_alg_des40 323 +#define OBJ_id_alg_des40 OBJ_id_alg,1L + +#define SN_id_alg_noSignature "id-alg-noSignature" +#define NID_id_alg_noSignature 324 +#define OBJ_id_alg_noSignature OBJ_id_alg,2L + +#define SN_id_alg_dh_sig_hmac_sha1 "id-alg-dh-sig-hmac-sha1" +#define NID_id_alg_dh_sig_hmac_sha1 325 +#define OBJ_id_alg_dh_sig_hmac_sha1 OBJ_id_alg,3L + +#define SN_id_alg_dh_pop "id-alg-dh-pop" +#define NID_id_alg_dh_pop 326 +#define OBJ_id_alg_dh_pop OBJ_id_alg,4L + +#define SN_id_cmc_statusInfo "id-cmc-statusInfo" +#define NID_id_cmc_statusInfo 327 +#define OBJ_id_cmc_statusInfo OBJ_id_cmc,1L + +#define SN_id_cmc_identification "id-cmc-identification" +#define NID_id_cmc_identification 328 +#define OBJ_id_cmc_identification OBJ_id_cmc,2L + +#define SN_id_cmc_identityProof "id-cmc-identityProof" +#define NID_id_cmc_identityProof 329 +#define OBJ_id_cmc_identityProof OBJ_id_cmc,3L + +#define SN_id_cmc_dataReturn "id-cmc-dataReturn" +#define NID_id_cmc_dataReturn 330 +#define OBJ_id_cmc_dataReturn OBJ_id_cmc,4L + +#define SN_id_cmc_transactionId "id-cmc-transactionId" +#define NID_id_cmc_transactionId 331 +#define OBJ_id_cmc_transactionId OBJ_id_cmc,5L + +#define SN_id_cmc_senderNonce "id-cmc-senderNonce" +#define NID_id_cmc_senderNonce 332 +#define OBJ_id_cmc_senderNonce OBJ_id_cmc,6L + +#define SN_id_cmc_recipientNonce "id-cmc-recipientNonce" +#define NID_id_cmc_recipientNonce 333 +#define OBJ_id_cmc_recipientNonce OBJ_id_cmc,7L + +#define SN_id_cmc_addExtensions "id-cmc-addExtensions" +#define NID_id_cmc_addExtensions 334 +#define OBJ_id_cmc_addExtensions OBJ_id_cmc,8L + +#define SN_id_cmc_encryptedPOP "id-cmc-encryptedPOP" +#define NID_id_cmc_encryptedPOP 335 +#define OBJ_id_cmc_encryptedPOP OBJ_id_cmc,9L + +#define SN_id_cmc_decryptedPOP "id-cmc-decryptedPOP" +#define NID_id_cmc_decryptedPOP 336 +#define OBJ_id_cmc_decryptedPOP OBJ_id_cmc,10L + +#define SN_id_cmc_lraPOPWitness "id-cmc-lraPOPWitness" +#define NID_id_cmc_lraPOPWitness 337 +#define OBJ_id_cmc_lraPOPWitness OBJ_id_cmc,11L + +#define SN_id_cmc_getCert "id-cmc-getCert" +#define NID_id_cmc_getCert 338 +#define OBJ_id_cmc_getCert OBJ_id_cmc,15L + +#define SN_id_cmc_getCRL "id-cmc-getCRL" +#define NID_id_cmc_getCRL 339 +#define OBJ_id_cmc_getCRL OBJ_id_cmc,16L + +#define SN_id_cmc_revokeRequest "id-cmc-revokeRequest" +#define NID_id_cmc_revokeRequest 340 +#define OBJ_id_cmc_revokeRequest OBJ_id_cmc,17L + +#define SN_id_cmc_regInfo "id-cmc-regInfo" +#define NID_id_cmc_regInfo 341 +#define OBJ_id_cmc_regInfo OBJ_id_cmc,18L + +#define SN_id_cmc_responseInfo "id-cmc-responseInfo" +#define NID_id_cmc_responseInfo 342 +#define OBJ_id_cmc_responseInfo OBJ_id_cmc,19L + +#define SN_id_cmc_queryPending "id-cmc-queryPending" +#define NID_id_cmc_queryPending 343 +#define OBJ_id_cmc_queryPending OBJ_id_cmc,21L + +#define SN_id_cmc_popLinkRandom "id-cmc-popLinkRandom" +#define NID_id_cmc_popLinkRandom 344 +#define OBJ_id_cmc_popLinkRandom OBJ_id_cmc,22L + +#define SN_id_cmc_popLinkWitness "id-cmc-popLinkWitness" +#define NID_id_cmc_popLinkWitness 345 +#define OBJ_id_cmc_popLinkWitness OBJ_id_cmc,23L + +#define SN_id_cmc_confirmCertAcceptance "id-cmc-confirmCertAcceptance" +#define NID_id_cmc_confirmCertAcceptance 346 +#define OBJ_id_cmc_confirmCertAcceptance OBJ_id_cmc,24L + +#define SN_id_on_personalData "id-on-personalData" +#define NID_id_on_personalData 347 +#define OBJ_id_on_personalData OBJ_id_on,1L + +#define SN_id_on_permanentIdentifier "id-on-permanentIdentifier" +#define LN_id_on_permanentIdentifier "Permanent Identifier" +#define NID_id_on_permanentIdentifier 858 +#define OBJ_id_on_permanentIdentifier OBJ_id_on,3L + +#define SN_XmppAddr "id-on-xmppAddr" +#define LN_XmppAddr "XmppAddr" +#define NID_XmppAddr 1209 +#define OBJ_XmppAddr OBJ_id_on,5L + +#define SN_SRVName "id-on-dnsSRV" +#define LN_SRVName "SRVName" +#define NID_SRVName 1210 +#define OBJ_SRVName OBJ_id_on,7L + +#define SN_NAIRealm "id-on-NAIRealm" +#define LN_NAIRealm "NAIRealm" +#define NID_NAIRealm 1211 +#define OBJ_NAIRealm OBJ_id_on,8L + +#define SN_id_on_SmtpUTF8Mailbox "id-on-SmtpUTF8Mailbox" +#define LN_id_on_SmtpUTF8Mailbox "Smtp UTF8 Mailbox" +#define NID_id_on_SmtpUTF8Mailbox 1208 +#define OBJ_id_on_SmtpUTF8Mailbox OBJ_id_on,9L + +#define SN_id_pda_dateOfBirth "id-pda-dateOfBirth" +#define NID_id_pda_dateOfBirth 348 +#define OBJ_id_pda_dateOfBirth OBJ_id_pda,1L + +#define SN_id_pda_placeOfBirth "id-pda-placeOfBirth" +#define NID_id_pda_placeOfBirth 349 +#define OBJ_id_pda_placeOfBirth OBJ_id_pda,2L + +#define SN_id_pda_gender "id-pda-gender" +#define NID_id_pda_gender 351 +#define OBJ_id_pda_gender OBJ_id_pda,3L + +#define SN_id_pda_countryOfCitizenship "id-pda-countryOfCitizenship" +#define NID_id_pda_countryOfCitizenship 352 +#define OBJ_id_pda_countryOfCitizenship OBJ_id_pda,4L + +#define SN_id_pda_countryOfResidence "id-pda-countryOfResidence" +#define NID_id_pda_countryOfResidence 353 +#define OBJ_id_pda_countryOfResidence OBJ_id_pda,5L + +#define SN_id_aca_authenticationInfo "id-aca-authenticationInfo" +#define NID_id_aca_authenticationInfo 354 +#define OBJ_id_aca_authenticationInfo OBJ_id_aca,1L + +#define SN_id_aca_accessIdentity "id-aca-accessIdentity" +#define NID_id_aca_accessIdentity 355 +#define OBJ_id_aca_accessIdentity OBJ_id_aca,2L + +#define SN_id_aca_chargingIdentity "id-aca-chargingIdentity" +#define NID_id_aca_chargingIdentity 356 +#define OBJ_id_aca_chargingIdentity OBJ_id_aca,3L + +#define SN_id_aca_group "id-aca-group" +#define NID_id_aca_group 357 +#define OBJ_id_aca_group OBJ_id_aca,4L + +#define SN_id_aca_role "id-aca-role" +#define NID_id_aca_role 358 +#define OBJ_id_aca_role OBJ_id_aca,5L + +#define SN_id_aca_encAttrs "id-aca-encAttrs" +#define NID_id_aca_encAttrs 399 +#define OBJ_id_aca_encAttrs OBJ_id_aca,6L + +#define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1" +#define NID_id_qcs_pkixQCSyntax_v1 359 +#define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L + +#define SN_ipAddr_asNumber "ipAddr-asNumber" +#define NID_ipAddr_asNumber 1241 +#define OBJ_ipAddr_asNumber OBJ_id_cp,2L + +#define SN_ipAddr_asNumberv2 "ipAddr-asNumberv2" +#define NID_ipAddr_asNumberv2 1242 +#define OBJ_ipAddr_asNumberv2 OBJ_id_cp,3L + +#define SN_id_cct_crs "id-cct-crs" +#define NID_id_cct_crs 360 +#define OBJ_id_cct_crs OBJ_id_cct,1L + +#define SN_id_cct_PKIData "id-cct-PKIData" +#define NID_id_cct_PKIData 361 +#define OBJ_id_cct_PKIData OBJ_id_cct,2L + +#define SN_id_cct_PKIResponse "id-cct-PKIResponse" +#define NID_id_cct_PKIResponse 362 +#define OBJ_id_cct_PKIResponse OBJ_id_cct,3L + +#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" +#define LN_id_ppl_anyLanguage "Any language" +#define NID_id_ppl_anyLanguage 664 +#define OBJ_id_ppl_anyLanguage OBJ_id_ppl,0L + +#define SN_id_ppl_inheritAll "id-ppl-inheritAll" +#define LN_id_ppl_inheritAll "Inherit all" +#define NID_id_ppl_inheritAll 665 +#define OBJ_id_ppl_inheritAll OBJ_id_ppl,1L + +#define SN_Independent "id-ppl-independent" +#define LN_Independent "Independent" +#define NID_Independent 667 +#define OBJ_Independent OBJ_id_ppl,2L + +#define SN_ad_OCSP "OCSP" +#define LN_ad_OCSP "OCSP" +#define NID_ad_OCSP 178 +#define OBJ_ad_OCSP OBJ_id_ad,1L + +#define SN_ad_ca_issuers "caIssuers" +#define LN_ad_ca_issuers "CA Issuers" +#define NID_ad_ca_issuers 179 +#define OBJ_ad_ca_issuers OBJ_id_ad,2L + +#define SN_ad_timeStamping "ad_timestamping" +#define LN_ad_timeStamping "AD Time Stamping" +#define NID_ad_timeStamping 363 +#define OBJ_ad_timeStamping OBJ_id_ad,3L + +#define SN_ad_dvcs "AD_DVCS" +#define LN_ad_dvcs "ad dvcs" +#define NID_ad_dvcs 364 +#define OBJ_ad_dvcs OBJ_id_ad,4L + +#define SN_caRepository "caRepository" +#define LN_caRepository "CA Repository" +#define NID_caRepository 785 +#define OBJ_caRepository OBJ_id_ad,5L + +#define SN_rpkiManifest "rpkiManifest" +#define LN_rpkiManifest "RPKI Manifest" +#define NID_rpkiManifest 1243 +#define OBJ_rpkiManifest OBJ_id_ad,10L + +#define SN_signedObject "signedObject" +#define LN_signedObject "Signed Object" +#define NID_signedObject 1244 +#define OBJ_signedObject OBJ_id_ad,11L + +#define SN_rpkiNotify "rpkiNotify" +#define LN_rpkiNotify "RPKI Notify" +#define NID_rpkiNotify 1245 +#define OBJ_rpkiNotify OBJ_id_ad,13L + +#define OBJ_id_pkix_OCSP OBJ_ad_OCSP + +#define SN_id_pkix_OCSP_basic "basicOCSPResponse" +#define LN_id_pkix_OCSP_basic "Basic OCSP Response" +#define NID_id_pkix_OCSP_basic 365 +#define OBJ_id_pkix_OCSP_basic OBJ_id_pkix_OCSP,1L + +#define SN_id_pkix_OCSP_Nonce "Nonce" +#define LN_id_pkix_OCSP_Nonce "OCSP Nonce" +#define NID_id_pkix_OCSP_Nonce 366 +#define OBJ_id_pkix_OCSP_Nonce OBJ_id_pkix_OCSP,2L + +#define SN_id_pkix_OCSP_CrlID "CrlID" +#define LN_id_pkix_OCSP_CrlID "OCSP CRL ID" +#define NID_id_pkix_OCSP_CrlID 367 +#define OBJ_id_pkix_OCSP_CrlID OBJ_id_pkix_OCSP,3L + +#define SN_id_pkix_OCSP_acceptableResponses "acceptableResponses" +#define LN_id_pkix_OCSP_acceptableResponses "Acceptable OCSP Responses" +#define NID_id_pkix_OCSP_acceptableResponses 368 +#define OBJ_id_pkix_OCSP_acceptableResponses OBJ_id_pkix_OCSP,4L + +#define SN_id_pkix_OCSP_noCheck "noCheck" +#define LN_id_pkix_OCSP_noCheck "OCSP No Check" +#define NID_id_pkix_OCSP_noCheck 369 +#define OBJ_id_pkix_OCSP_noCheck OBJ_id_pkix_OCSP,5L + +#define SN_id_pkix_OCSP_archiveCutoff "archiveCutoff" +#define LN_id_pkix_OCSP_archiveCutoff "OCSP Archive Cutoff" +#define NID_id_pkix_OCSP_archiveCutoff 370 +#define OBJ_id_pkix_OCSP_archiveCutoff OBJ_id_pkix_OCSP,6L + +#define SN_id_pkix_OCSP_serviceLocator "serviceLocator" +#define LN_id_pkix_OCSP_serviceLocator "OCSP Service Locator" +#define NID_id_pkix_OCSP_serviceLocator 371 +#define OBJ_id_pkix_OCSP_serviceLocator OBJ_id_pkix_OCSP,7L + +#define SN_id_pkix_OCSP_extendedStatus "extendedStatus" +#define LN_id_pkix_OCSP_extendedStatus "Extended OCSP Status" +#define NID_id_pkix_OCSP_extendedStatus 372 +#define OBJ_id_pkix_OCSP_extendedStatus OBJ_id_pkix_OCSP,8L + +#define SN_id_pkix_OCSP_valid "valid" +#define NID_id_pkix_OCSP_valid 373 +#define OBJ_id_pkix_OCSP_valid OBJ_id_pkix_OCSP,9L + +#define SN_id_pkix_OCSP_path "path" +#define NID_id_pkix_OCSP_path 374 +#define OBJ_id_pkix_OCSP_path OBJ_id_pkix_OCSP,10L + +#define SN_id_pkix_OCSP_trustRoot "trustRoot" +#define LN_id_pkix_OCSP_trustRoot "Trust Root" +#define NID_id_pkix_OCSP_trustRoot 375 +#define OBJ_id_pkix_OCSP_trustRoot OBJ_id_pkix_OCSP,11L + +#define SN_algorithm "algorithm" +#define LN_algorithm "algorithm" +#define NID_algorithm 376 +#define OBJ_algorithm 1L,3L,14L,3L,2L + +#define SN_md5WithRSA "RSA-NP-MD5" +#define LN_md5WithRSA "md5WithRSA" +#define NID_md5WithRSA 104 +#define OBJ_md5WithRSA OBJ_algorithm,3L + +#define SN_des_ecb "DES-ECB" +#define LN_des_ecb "des-ecb" +#define NID_des_ecb 29 +#define OBJ_des_ecb OBJ_algorithm,6L + +#define SN_des_cbc "DES-CBC" +#define LN_des_cbc "des-cbc" +#define NID_des_cbc 31 +#define OBJ_des_cbc OBJ_algorithm,7L + +#define SN_des_ofb64 "DES-OFB" +#define LN_des_ofb64 "des-ofb" +#define NID_des_ofb64 45 +#define OBJ_des_ofb64 OBJ_algorithm,8L + +#define SN_des_cfb64 "DES-CFB" +#define LN_des_cfb64 "des-cfb" +#define NID_des_cfb64 30 +#define OBJ_des_cfb64 OBJ_algorithm,9L + +#define SN_rsaSignature "rsaSignature" +#define NID_rsaSignature 377 +#define OBJ_rsaSignature OBJ_algorithm,11L + +#define SN_dsa_2 "DSA-old" +#define LN_dsa_2 "dsaEncryption-old" +#define NID_dsa_2 67 +#define OBJ_dsa_2 OBJ_algorithm,12L + +#define SN_dsaWithSHA "DSA-SHA" +#define LN_dsaWithSHA "dsaWithSHA" +#define NID_dsaWithSHA 66 +#define OBJ_dsaWithSHA OBJ_algorithm,13L + +#define SN_shaWithRSAEncryption "RSA-SHA" +#define LN_shaWithRSAEncryption "shaWithRSAEncryption" +#define NID_shaWithRSAEncryption 42 +#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L + +#define SN_des_ede_ecb "DES-EDE" +#define LN_des_ede_ecb "des-ede" +#define NID_des_ede_ecb 32 +#define OBJ_des_ede_ecb OBJ_algorithm,17L + +#define SN_des_ede3_ecb "DES-EDE3" +#define LN_des_ede3_ecb "des-ede3" +#define NID_des_ede3_ecb 33 + +#define SN_des_ede_cbc "DES-EDE-CBC" +#define LN_des_ede_cbc "des-ede-cbc" +#define NID_des_ede_cbc 43 + +#define SN_des_ede_cfb64 "DES-EDE-CFB" +#define LN_des_ede_cfb64 "des-ede-cfb" +#define NID_des_ede_cfb64 60 + +#define SN_des_ede3_cfb64 "DES-EDE3-CFB" +#define LN_des_ede3_cfb64 "des-ede3-cfb" +#define NID_des_ede3_cfb64 61 + +#define SN_des_ede_ofb64 "DES-EDE-OFB" +#define LN_des_ede_ofb64 "des-ede-ofb" +#define NID_des_ede_ofb64 62 + +#define SN_des_ede3_ofb64 "DES-EDE3-OFB" +#define LN_des_ede3_ofb64 "des-ede3-ofb" +#define NID_des_ede3_ofb64 63 + +#define SN_desx_cbc "DESX-CBC" +#define LN_desx_cbc "desx-cbc" +#define NID_desx_cbc 80 + +#define SN_sha "SHA" +#define LN_sha "sha" +#define NID_sha 41 +#define OBJ_sha OBJ_algorithm,18L + +#define SN_sha1 "SHA1" +#define LN_sha1 "sha1" +#define NID_sha1 64 +#define OBJ_sha1 OBJ_algorithm,26L + +#define SN_dsaWithSHA1_2 "DSA-SHA1-old" +#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" +#define NID_dsaWithSHA1_2 70 +#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L + +#define SN_sha1WithRSA "RSA-SHA1-2" +#define LN_sha1WithRSA "sha1WithRSA" +#define NID_sha1WithRSA 115 +#define OBJ_sha1WithRSA OBJ_algorithm,29L + +#define SN_ripemd160 "RIPEMD160" +#define LN_ripemd160 "ripemd160" +#define NID_ripemd160 117 +#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L + +#define SN_ripemd160WithRSA "RSA-RIPEMD160" +#define LN_ripemd160WithRSA "ripemd160WithRSA" +#define NID_ripemd160WithRSA 119 +#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L + +#define SN_blake2bmac "BLAKE2BMAC" +#define LN_blake2bmac "blake2bmac" +#define NID_blake2bmac 1201 +#define OBJ_blake2bmac 1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L + +#define SN_blake2smac "BLAKE2SMAC" +#define LN_blake2smac "blake2smac" +#define NID_blake2smac 1202 +#define OBJ_blake2smac 1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L + +#define SN_blake2b512 "BLAKE2b512" +#define LN_blake2b512 "blake2b512" +#define NID_blake2b512 1056 +#define OBJ_blake2b512 OBJ_blake2bmac,16L + +#define SN_blake2s256 "BLAKE2s256" +#define LN_blake2s256 "blake2s256" +#define NID_blake2s256 1057 +#define OBJ_blake2s256 OBJ_blake2smac,8L + +#define SN_sxnet "SXNetID" +#define LN_sxnet "Strong Extranet ID" +#define NID_sxnet 143 +#define OBJ_sxnet 1L,3L,101L,1L,4L,1L + +#define SN_X500 "X500" +#define LN_X500 "directory services (X.500)" +#define NID_X500 11 +#define OBJ_X500 2L,5L + +#define SN_X509 "X509" +#define NID_X509 12 +#define OBJ_X509 OBJ_X500,4L + +#define SN_commonName "CN" +#define LN_commonName "commonName" +#define NID_commonName 13 +#define OBJ_commonName OBJ_X509,3L + +#define SN_surname "SN" +#define LN_surname "surname" +#define NID_surname 100 +#define OBJ_surname OBJ_X509,4L + +#define LN_serialNumber "serialNumber" +#define NID_serialNumber 105 +#define OBJ_serialNumber OBJ_X509,5L + +#define SN_countryName "C" +#define LN_countryName "countryName" +#define NID_countryName 14 +#define OBJ_countryName OBJ_X509,6L + +#define SN_localityName "L" +#define LN_localityName "localityName" +#define NID_localityName 15 +#define OBJ_localityName OBJ_X509,7L + +#define SN_stateOrProvinceName "ST" +#define LN_stateOrProvinceName "stateOrProvinceName" +#define NID_stateOrProvinceName 16 +#define OBJ_stateOrProvinceName OBJ_X509,8L + +#define SN_streetAddress "street" +#define LN_streetAddress "streetAddress" +#define NID_streetAddress 660 +#define OBJ_streetAddress OBJ_X509,9L + +#define SN_organizationName "O" +#define LN_organizationName "organizationName" +#define NID_organizationName 17 +#define OBJ_organizationName OBJ_X509,10L + +#define SN_organizationalUnitName "OU" +#define LN_organizationalUnitName "organizationalUnitName" +#define NID_organizationalUnitName 18 +#define OBJ_organizationalUnitName OBJ_X509,11L + +#define SN_title "title" +#define LN_title "title" +#define NID_title 106 +#define OBJ_title OBJ_X509,12L + +#define LN_description "description" +#define NID_description 107 +#define OBJ_description OBJ_X509,13L + +#define LN_searchGuide "searchGuide" +#define NID_searchGuide 859 +#define OBJ_searchGuide OBJ_X509,14L + +#define LN_businessCategory "businessCategory" +#define NID_businessCategory 860 +#define OBJ_businessCategory OBJ_X509,15L + +#define LN_postalAddress "postalAddress" +#define NID_postalAddress 861 +#define OBJ_postalAddress OBJ_X509,16L + +#define LN_postalCode "postalCode" +#define NID_postalCode 661 +#define OBJ_postalCode OBJ_X509,17L + +#define LN_postOfficeBox "postOfficeBox" +#define NID_postOfficeBox 862 +#define OBJ_postOfficeBox OBJ_X509,18L + +#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" +#define NID_physicalDeliveryOfficeName 863 +#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L + +#define LN_telephoneNumber "telephoneNumber" +#define NID_telephoneNumber 864 +#define OBJ_telephoneNumber OBJ_X509,20L + +#define LN_telexNumber "telexNumber" +#define NID_telexNumber 865 +#define OBJ_telexNumber OBJ_X509,21L + +#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" +#define NID_teletexTerminalIdentifier 866 +#define OBJ_teletexTerminalIdentifier OBJ_X509,22L + +#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" +#define NID_facsimileTelephoneNumber 867 +#define OBJ_facsimileTelephoneNumber OBJ_X509,23L + +#define LN_x121Address "x121Address" +#define NID_x121Address 868 +#define OBJ_x121Address OBJ_X509,24L + +#define LN_internationaliSDNNumber "internationaliSDNNumber" +#define NID_internationaliSDNNumber 869 +#define OBJ_internationaliSDNNumber OBJ_X509,25L + +#define LN_registeredAddress "registeredAddress" +#define NID_registeredAddress 870 +#define OBJ_registeredAddress OBJ_X509,26L + +#define LN_destinationIndicator "destinationIndicator" +#define NID_destinationIndicator 871 +#define OBJ_destinationIndicator OBJ_X509,27L + +#define LN_preferredDeliveryMethod "preferredDeliveryMethod" +#define NID_preferredDeliveryMethod 872 +#define OBJ_preferredDeliveryMethod OBJ_X509,28L + +#define LN_presentationAddress "presentationAddress" +#define NID_presentationAddress 873 +#define OBJ_presentationAddress OBJ_X509,29L + +#define LN_supportedApplicationContext "supportedApplicationContext" +#define NID_supportedApplicationContext 874 +#define OBJ_supportedApplicationContext OBJ_X509,30L + +#define SN_member "member" +#define NID_member 875 +#define OBJ_member OBJ_X509,31L + +#define SN_owner "owner" +#define NID_owner 876 +#define OBJ_owner OBJ_X509,32L + +#define LN_roleOccupant "roleOccupant" +#define NID_roleOccupant 877 +#define OBJ_roleOccupant OBJ_X509,33L + +#define SN_seeAlso "seeAlso" +#define NID_seeAlso 878 +#define OBJ_seeAlso OBJ_X509,34L + +#define LN_userPassword "userPassword" +#define NID_userPassword 879 +#define OBJ_userPassword OBJ_X509,35L + +#define LN_userCertificate "userCertificate" +#define NID_userCertificate 880 +#define OBJ_userCertificate OBJ_X509,36L + +#define LN_cACertificate "cACertificate" +#define NID_cACertificate 881 +#define OBJ_cACertificate OBJ_X509,37L + +#define LN_authorityRevocationList "authorityRevocationList" +#define NID_authorityRevocationList 882 +#define OBJ_authorityRevocationList OBJ_X509,38L + +#define LN_certificateRevocationList "certificateRevocationList" +#define NID_certificateRevocationList 883 +#define OBJ_certificateRevocationList OBJ_X509,39L + +#define LN_crossCertificatePair "crossCertificatePair" +#define NID_crossCertificatePair 884 +#define OBJ_crossCertificatePair OBJ_X509,40L + +#define SN_name "name" +#define LN_name "name" +#define NID_name 173 +#define OBJ_name OBJ_X509,41L + +#define SN_givenName "GN" +#define LN_givenName "givenName" +#define NID_givenName 99 +#define OBJ_givenName OBJ_X509,42L + +#define SN_initials "initials" +#define LN_initials "initials" +#define NID_initials 101 +#define OBJ_initials OBJ_X509,43L + +#define LN_generationQualifier "generationQualifier" +#define NID_generationQualifier 509 +#define OBJ_generationQualifier OBJ_X509,44L + +#define LN_x500UniqueIdentifier "x500UniqueIdentifier" +#define NID_x500UniqueIdentifier 503 +#define OBJ_x500UniqueIdentifier OBJ_X509,45L + +#define SN_dnQualifier "dnQualifier" +#define LN_dnQualifier "dnQualifier" +#define NID_dnQualifier 174 +#define OBJ_dnQualifier OBJ_X509,46L + +#define LN_enhancedSearchGuide "enhancedSearchGuide" +#define NID_enhancedSearchGuide 885 +#define OBJ_enhancedSearchGuide OBJ_X509,47L + +#define LN_protocolInformation "protocolInformation" +#define NID_protocolInformation 886 +#define OBJ_protocolInformation OBJ_X509,48L + +#define LN_distinguishedName "distinguishedName" +#define NID_distinguishedName 887 +#define OBJ_distinguishedName OBJ_X509,49L + +#define LN_uniqueMember "uniqueMember" +#define NID_uniqueMember 888 +#define OBJ_uniqueMember OBJ_X509,50L + +#define LN_houseIdentifier "houseIdentifier" +#define NID_houseIdentifier 889 +#define OBJ_houseIdentifier OBJ_X509,51L + +#define LN_supportedAlgorithms "supportedAlgorithms" +#define NID_supportedAlgorithms 890 +#define OBJ_supportedAlgorithms OBJ_X509,52L + +#define LN_deltaRevocationList "deltaRevocationList" +#define NID_deltaRevocationList 891 +#define OBJ_deltaRevocationList OBJ_X509,53L + +#define SN_dmdName "dmdName" +#define NID_dmdName 892 +#define OBJ_dmdName OBJ_X509,54L + +#define LN_pseudonym "pseudonym" +#define NID_pseudonym 510 +#define OBJ_pseudonym OBJ_X509,65L + +#define SN_role "role" +#define LN_role "role" +#define NID_role 400 +#define OBJ_role OBJ_X509,72L + +#define LN_organizationIdentifier "organizationIdentifier" +#define NID_organizationIdentifier 1089 +#define OBJ_organizationIdentifier OBJ_X509,97L + +#define SN_countryCode3c "c3" +#define LN_countryCode3c "countryCode3c" +#define NID_countryCode3c 1090 +#define OBJ_countryCode3c OBJ_X509,98L + +#define SN_countryCode3n "n3" +#define LN_countryCode3n "countryCode3n" +#define NID_countryCode3n 1091 +#define OBJ_countryCode3n OBJ_X509,99L + +#define LN_dnsName "dnsName" +#define NID_dnsName 1092 +#define OBJ_dnsName OBJ_X509,100L + +#define SN_X500algorithms "X500algorithms" +#define LN_X500algorithms "directory services - algorithms" +#define NID_X500algorithms 378 +#define OBJ_X500algorithms OBJ_X500,8L + +#define SN_rsa "RSA" +#define LN_rsa "rsa" +#define NID_rsa 19 +#define OBJ_rsa OBJ_X500algorithms,1L,1L + +#define SN_mdc2WithRSA "RSA-MDC2" +#define LN_mdc2WithRSA "mdc2WithRSA" +#define NID_mdc2WithRSA 96 +#define OBJ_mdc2WithRSA OBJ_X500algorithms,3L,100L + +#define SN_mdc2 "MDC2" +#define LN_mdc2 "mdc2" +#define NID_mdc2 95 +#define OBJ_mdc2 OBJ_X500algorithms,3L,101L + +#define SN_id_ce "id-ce" +#define NID_id_ce 81 +#define OBJ_id_ce OBJ_X500,29L + +#define SN_subject_directory_attributes "subjectDirectoryAttributes" +#define LN_subject_directory_attributes "X509v3 Subject Directory Attributes" +#define NID_subject_directory_attributes 769 +#define OBJ_subject_directory_attributes OBJ_id_ce,9L + +#define SN_subject_key_identifier "subjectKeyIdentifier" +#define LN_subject_key_identifier "X509v3 Subject Key Identifier" +#define NID_subject_key_identifier 82 +#define OBJ_subject_key_identifier OBJ_id_ce,14L + +#define SN_key_usage "keyUsage" +#define LN_key_usage "X509v3 Key Usage" +#define NID_key_usage 83 +#define OBJ_key_usage OBJ_id_ce,15L + +#define SN_private_key_usage_period "privateKeyUsagePeriod" +#define LN_private_key_usage_period "X509v3 Private Key Usage Period" +#define NID_private_key_usage_period 84 +#define OBJ_private_key_usage_period OBJ_id_ce,16L + +#define SN_subject_alt_name "subjectAltName" +#define LN_subject_alt_name "X509v3 Subject Alternative Name" +#define NID_subject_alt_name 85 +#define OBJ_subject_alt_name OBJ_id_ce,17L + +#define SN_issuer_alt_name "issuerAltName" +#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" +#define NID_issuer_alt_name 86 +#define OBJ_issuer_alt_name OBJ_id_ce,18L + +#define SN_basic_constraints "basicConstraints" +#define LN_basic_constraints "X509v3 Basic Constraints" +#define NID_basic_constraints 87 +#define OBJ_basic_constraints OBJ_id_ce,19L + +#define SN_crl_number "crlNumber" +#define LN_crl_number "X509v3 CRL Number" +#define NID_crl_number 88 +#define OBJ_crl_number OBJ_id_ce,20L + +#define SN_crl_reason "CRLReason" +#define LN_crl_reason "X509v3 CRL Reason Code" +#define NID_crl_reason 141 +#define OBJ_crl_reason OBJ_id_ce,21L + +#define SN_invalidity_date "invalidityDate" +#define LN_invalidity_date "Invalidity Date" +#define NID_invalidity_date 142 +#define OBJ_invalidity_date OBJ_id_ce,24L + +#define SN_delta_crl "deltaCRL" +#define LN_delta_crl "X509v3 Delta CRL Indicator" +#define NID_delta_crl 140 +#define OBJ_delta_crl OBJ_id_ce,27L + +#define SN_issuing_distribution_point "issuingDistributionPoint" +#define LN_issuing_distribution_point "X509v3 Issuing Distribution Point" +#define NID_issuing_distribution_point 770 +#define OBJ_issuing_distribution_point OBJ_id_ce,28L + +#define SN_certificate_issuer "certificateIssuer" +#define LN_certificate_issuer "X509v3 Certificate Issuer" +#define NID_certificate_issuer 771 +#define OBJ_certificate_issuer OBJ_id_ce,29L + +#define SN_name_constraints "nameConstraints" +#define LN_name_constraints "X509v3 Name Constraints" +#define NID_name_constraints 666 +#define OBJ_name_constraints OBJ_id_ce,30L + +#define SN_crl_distribution_points "crlDistributionPoints" +#define LN_crl_distribution_points "X509v3 CRL Distribution Points" +#define NID_crl_distribution_points 103 +#define OBJ_crl_distribution_points OBJ_id_ce,31L + +#define SN_certificate_policies "certificatePolicies" +#define LN_certificate_policies "X509v3 Certificate Policies" +#define NID_certificate_policies 89 +#define OBJ_certificate_policies OBJ_id_ce,32L + +#define SN_any_policy "anyPolicy" +#define LN_any_policy "X509v3 Any Policy" +#define NID_any_policy 746 +#define OBJ_any_policy OBJ_certificate_policies,0L + +#define SN_policy_mappings "policyMappings" +#define LN_policy_mappings "X509v3 Policy Mappings" +#define NID_policy_mappings 747 +#define OBJ_policy_mappings OBJ_id_ce,33L + +#define SN_authority_key_identifier "authorityKeyIdentifier" +#define LN_authority_key_identifier "X509v3 Authority Key Identifier" +#define NID_authority_key_identifier 90 +#define OBJ_authority_key_identifier OBJ_id_ce,35L + +#define SN_policy_constraints "policyConstraints" +#define LN_policy_constraints "X509v3 Policy Constraints" +#define NID_policy_constraints 401 +#define OBJ_policy_constraints OBJ_id_ce,36L + +#define SN_ext_key_usage "extendedKeyUsage" +#define LN_ext_key_usage "X509v3 Extended Key Usage" +#define NID_ext_key_usage 126 +#define OBJ_ext_key_usage OBJ_id_ce,37L + +#define SN_authority_attribute_identifier "authorityAttributeIdentifier" +#define LN_authority_attribute_identifier "X509v3 Authority Attribute Identifier" +#define NID_authority_attribute_identifier 1295 +#define OBJ_authority_attribute_identifier OBJ_id_ce,38L + +#define SN_role_spec_cert_identifier "roleSpecCertIdentifier" +#define LN_role_spec_cert_identifier "X509v3 Role Specification Certificate Identifier" +#define NID_role_spec_cert_identifier 1296 +#define OBJ_role_spec_cert_identifier OBJ_id_ce,39L + +#define SN_basic_att_constraints "basicAttConstraints" +#define LN_basic_att_constraints "X509v3 Basic Attribute Certificate Constraints" +#define NID_basic_att_constraints 1297 +#define OBJ_basic_att_constraints OBJ_id_ce,41L + +#define SN_delegated_name_constraints "delegatedNameConstraints" +#define LN_delegated_name_constraints "X509v3 Delegated Name Constraints" +#define NID_delegated_name_constraints 1298 +#define OBJ_delegated_name_constraints OBJ_id_ce,42L + +#define SN_time_specification "timeSpecification" +#define LN_time_specification "X509v3 Time Specification" +#define NID_time_specification 1299 +#define OBJ_time_specification OBJ_id_ce,43L + +#define SN_freshest_crl "freshestCRL" +#define LN_freshest_crl "X509v3 Freshest CRL" +#define NID_freshest_crl 857 +#define OBJ_freshest_crl OBJ_id_ce,46L + +#define SN_attribute_descriptor "attributeDescriptor" +#define LN_attribute_descriptor "X509v3 Attribute Descriptor" +#define NID_attribute_descriptor 1300 +#define OBJ_attribute_descriptor OBJ_id_ce,48L + +#define SN_user_notice "userNotice" +#define LN_user_notice "X509v3 User Notice" +#define NID_user_notice 1301 +#define OBJ_user_notice OBJ_id_ce,49L + +#define SN_soa_identifier "sOAIdentifier" +#define LN_soa_identifier "X509v3 Source of Authority Identifier" +#define NID_soa_identifier 1302 +#define OBJ_soa_identifier OBJ_id_ce,50L + +#define SN_acceptable_cert_policies "acceptableCertPolicies" +#define LN_acceptable_cert_policies "X509v3 Acceptable Certification Policies" +#define NID_acceptable_cert_policies 1303 +#define OBJ_acceptable_cert_policies OBJ_id_ce,52L + +#define SN_inhibit_any_policy "inhibitAnyPolicy" +#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" +#define NID_inhibit_any_policy 748 +#define OBJ_inhibit_any_policy OBJ_id_ce,54L + +#define SN_target_information "targetInformation" +#define LN_target_information "X509v3 AC Targeting" +#define NID_target_information 402 +#define OBJ_target_information OBJ_id_ce,55L + +#define SN_no_rev_avail "noRevAvail" +#define LN_no_rev_avail "X509v3 No Revocation Available" +#define NID_no_rev_avail 403 +#define OBJ_no_rev_avail OBJ_id_ce,56L + +#define SN_acceptable_privilege_policies "acceptablePrivPolicies" +#define LN_acceptable_privilege_policies "X509v3 Acceptable Privilege Policies" +#define NID_acceptable_privilege_policies 1304 +#define OBJ_acceptable_privilege_policies OBJ_id_ce,57L + +#define SN_indirect_issuer "indirectIssuer" +#define LN_indirect_issuer "X509v3 Indirect Issuer" +#define NID_indirect_issuer 1305 +#define OBJ_indirect_issuer OBJ_id_ce,61L + +#define SN_no_assertion "noAssertion" +#define LN_no_assertion "X509v3 No Assertion" +#define NID_no_assertion 1306 +#define OBJ_no_assertion OBJ_id_ce,62L + +#define SN_id_aa_issuing_distribution_point "aAissuingDistributionPoint" +#define LN_id_aa_issuing_distribution_point "X509v3 Attribute Authority Issuing Distribution Point" +#define NID_id_aa_issuing_distribution_point 1307 +#define OBJ_id_aa_issuing_distribution_point OBJ_id_ce,63L + +#define SN_issued_on_behalf_of "issuedOnBehalfOf" +#define LN_issued_on_behalf_of "X509v3 Issued On Behalf Of" +#define NID_issued_on_behalf_of 1308 +#define OBJ_issued_on_behalf_of OBJ_id_ce,64L + +#define SN_single_use "singleUse" +#define LN_single_use "X509v3 Single Use" +#define NID_single_use 1309 +#define OBJ_single_use OBJ_id_ce,65L + +#define SN_group_ac "groupAC" +#define LN_group_ac "X509v3 Group Attribute Certificate" +#define NID_group_ac 1310 +#define OBJ_group_ac OBJ_id_ce,66L + +#define SN_allowed_attribute_assignments "allowedAttributeAssignments" +#define LN_allowed_attribute_assignments "X509v3 Allowed Attribute Assignments" +#define NID_allowed_attribute_assignments 1311 +#define OBJ_allowed_attribute_assignments OBJ_id_ce,67L + +#define SN_attribute_mappings "attributeMappings" +#define LN_attribute_mappings "X509v3 Attribute Mappings" +#define NID_attribute_mappings 1312 +#define OBJ_attribute_mappings OBJ_id_ce,68L + +#define SN_holder_name_constraints "holderNameConstraints" +#define LN_holder_name_constraints "X509v3 Holder Name Constraints" +#define NID_holder_name_constraints 1313 +#define OBJ_holder_name_constraints OBJ_id_ce,69L + +#define SN_authorization_validation "authorizationValidation" +#define LN_authorization_validation "X509v3 Authorization Validation" +#define NID_authorization_validation 1314 +#define OBJ_authorization_validation OBJ_id_ce,70L + +#define SN_prot_restrict "protRestrict" +#define LN_prot_restrict "X509v3 Protocol Restriction" +#define NID_prot_restrict 1315 +#define OBJ_prot_restrict OBJ_id_ce,71L + +#define SN_subject_alt_public_key_info "subjectAltPublicKeyInfo" +#define LN_subject_alt_public_key_info "X509v3 Subject Alternative Public Key Info" +#define NID_subject_alt_public_key_info 1316 +#define OBJ_subject_alt_public_key_info OBJ_id_ce,72L + +#define SN_alt_signature_algorithm "altSignatureAlgorithm" +#define LN_alt_signature_algorithm "X509v3 Alternative Signature Algorithm" +#define NID_alt_signature_algorithm 1317 +#define OBJ_alt_signature_algorithm OBJ_id_ce,73L + +#define SN_alt_signature_value "altSignatureValue" +#define LN_alt_signature_value "X509v3 Alternative Signature Value" +#define NID_alt_signature_value 1318 +#define OBJ_alt_signature_value OBJ_id_ce,74L + +#define SN_associated_information "associatedInformation" +#define LN_associated_information "X509v3 Associated Information" +#define NID_associated_information 1319 +#define OBJ_associated_information OBJ_id_ce,75L + +#define SN_anyExtendedKeyUsage "anyExtendedKeyUsage" +#define LN_anyExtendedKeyUsage "Any Extended Key Usage" +#define NID_anyExtendedKeyUsage 910 +#define OBJ_anyExtendedKeyUsage OBJ_ext_key_usage,0L + +#define SN_netscape "Netscape" +#define LN_netscape "Netscape Communications Corp." +#define NID_netscape 57 +#define OBJ_netscape 2L,16L,840L,1L,113730L + +#define SN_netscape_cert_extension "nsCertExt" +#define LN_netscape_cert_extension "Netscape Certificate Extension" +#define NID_netscape_cert_extension 58 +#define OBJ_netscape_cert_extension OBJ_netscape,1L + +#define SN_netscape_data_type "nsDataType" +#define LN_netscape_data_type "Netscape Data Type" +#define NID_netscape_data_type 59 +#define OBJ_netscape_data_type OBJ_netscape,2L + +#define SN_netscape_cert_type "nsCertType" +#define LN_netscape_cert_type "Netscape Cert Type" +#define NID_netscape_cert_type 71 +#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L + +#define SN_netscape_base_url "nsBaseUrl" +#define LN_netscape_base_url "Netscape Base Url" +#define NID_netscape_base_url 72 +#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L + +#define SN_netscape_revocation_url "nsRevocationUrl" +#define LN_netscape_revocation_url "Netscape Revocation Url" +#define NID_netscape_revocation_url 73 +#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L + +#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" +#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" +#define NID_netscape_ca_revocation_url 74 +#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L + +#define SN_netscape_renewal_url "nsRenewalUrl" +#define LN_netscape_renewal_url "Netscape Renewal Url" +#define NID_netscape_renewal_url 75 +#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L + +#define SN_netscape_ca_policy_url "nsCaPolicyUrl" +#define LN_netscape_ca_policy_url "Netscape CA Policy Url" +#define NID_netscape_ca_policy_url 76 +#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L + +#define SN_netscape_ssl_server_name "nsSslServerName" +#define LN_netscape_ssl_server_name "Netscape SSL Server Name" +#define NID_netscape_ssl_server_name 77 +#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L + +#define SN_netscape_comment "nsComment" +#define LN_netscape_comment "Netscape Comment" +#define NID_netscape_comment 78 +#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L + +#define SN_netscape_cert_sequence "nsCertSequence" +#define LN_netscape_cert_sequence "Netscape Certificate Sequence" +#define NID_netscape_cert_sequence 79 +#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L + +#define SN_ns_sgc "nsSGC" +#define LN_ns_sgc "Netscape Server Gated Crypto" +#define NID_ns_sgc 139 +#define OBJ_ns_sgc OBJ_netscape,4L,1L + +#define SN_org "ORG" +#define LN_org "org" +#define NID_org 379 +#define OBJ_org OBJ_iso,3L + +#define SN_dod "DOD" +#define LN_dod "dod" +#define NID_dod 380 +#define OBJ_dod OBJ_org,6L + +#define SN_iana "IANA" +#define LN_iana "iana" +#define NID_iana 381 +#define OBJ_iana OBJ_dod,1L + +#define OBJ_internet OBJ_iana + +#define SN_Directory "directory" +#define LN_Directory "Directory" +#define NID_Directory 382 +#define OBJ_Directory OBJ_internet,1L + +#define SN_Management "mgmt" +#define LN_Management "Management" +#define NID_Management 383 +#define OBJ_Management OBJ_internet,2L + +#define SN_Experimental "experimental" +#define LN_Experimental "Experimental" +#define NID_Experimental 384 +#define OBJ_Experimental OBJ_internet,3L + +#define SN_Private "private" +#define LN_Private "Private" +#define NID_Private 385 +#define OBJ_Private OBJ_internet,4L + +#define SN_Security "security" +#define LN_Security "Security" +#define NID_Security 386 +#define OBJ_Security OBJ_internet,5L + +#define SN_SNMPv2 "snmpv2" +#define LN_SNMPv2 "SNMPv2" +#define NID_SNMPv2 387 +#define OBJ_SNMPv2 OBJ_internet,6L + +#define LN_Mail "Mail" +#define NID_Mail 388 +#define OBJ_Mail OBJ_internet,7L + +#define SN_Enterprises "enterprises" +#define LN_Enterprises "Enterprises" +#define NID_Enterprises 389 +#define OBJ_Enterprises OBJ_Private,1L + +#define SN_dcObject "dcobject" +#define LN_dcObject "dcObject" +#define NID_dcObject 390 +#define OBJ_dcObject OBJ_Enterprises,1466L,344L + +#define SN_mime_mhs "mime-mhs" +#define LN_mime_mhs "MIME MHS" +#define NID_mime_mhs 504 +#define OBJ_mime_mhs OBJ_Mail,1L + +#define SN_mime_mhs_headings "mime-mhs-headings" +#define LN_mime_mhs_headings "mime-mhs-headings" +#define NID_mime_mhs_headings 505 +#define OBJ_mime_mhs_headings OBJ_mime_mhs,1L + +#define SN_mime_mhs_bodies "mime-mhs-bodies" +#define LN_mime_mhs_bodies "mime-mhs-bodies" +#define NID_mime_mhs_bodies 506 +#define OBJ_mime_mhs_bodies OBJ_mime_mhs,2L + +#define SN_id_hex_partial_message "id-hex-partial-message" +#define LN_id_hex_partial_message "id-hex-partial-message" +#define NID_id_hex_partial_message 507 +#define OBJ_id_hex_partial_message OBJ_mime_mhs_headings,1L + +#define SN_id_hex_multipart_message "id-hex-multipart-message" +#define LN_id_hex_multipart_message "id-hex-multipart-message" +#define NID_id_hex_multipart_message 508 +#define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L + +#define SN_zlib_compression "ZLIB" +#define LN_zlib_compression "zlib compression" +#define NID_zlib_compression 125 +#define OBJ_zlib_compression OBJ_id_smime_alg,8L + +#define OBJ_csor 2L,16L,840L,1L,101L,3L + +#define OBJ_nistAlgorithms OBJ_csor,4L + +#define OBJ_aes OBJ_nistAlgorithms,1L + +#define SN_aes_128_ecb "AES-128-ECB" +#define LN_aes_128_ecb "aes-128-ecb" +#define NID_aes_128_ecb 418 +#define OBJ_aes_128_ecb OBJ_aes,1L + +#define SN_aes_128_cbc "AES-128-CBC" +#define LN_aes_128_cbc "aes-128-cbc" +#define NID_aes_128_cbc 419 +#define OBJ_aes_128_cbc OBJ_aes,2L + +#define SN_aes_128_ofb128 "AES-128-OFB" +#define LN_aes_128_ofb128 "aes-128-ofb" +#define NID_aes_128_ofb128 420 +#define OBJ_aes_128_ofb128 OBJ_aes,3L + +#define SN_aes_128_cfb128 "AES-128-CFB" +#define LN_aes_128_cfb128 "aes-128-cfb" +#define NID_aes_128_cfb128 421 +#define OBJ_aes_128_cfb128 OBJ_aes,4L + +#define SN_id_aes128_wrap "id-aes128-wrap" +#define NID_id_aes128_wrap 788 +#define OBJ_id_aes128_wrap OBJ_aes,5L + +#define SN_aes_128_gcm "id-aes128-GCM" +#define LN_aes_128_gcm "aes-128-gcm" +#define NID_aes_128_gcm 895 +#define OBJ_aes_128_gcm OBJ_aes,6L + +#define SN_aes_128_ccm "id-aes128-CCM" +#define LN_aes_128_ccm "aes-128-ccm" +#define NID_aes_128_ccm 896 +#define OBJ_aes_128_ccm OBJ_aes,7L + +#define SN_id_aes128_wrap_pad "id-aes128-wrap-pad" +#define NID_id_aes128_wrap_pad 897 +#define OBJ_id_aes128_wrap_pad OBJ_aes,8L + +#define SN_aes_192_ecb "AES-192-ECB" +#define LN_aes_192_ecb "aes-192-ecb" +#define NID_aes_192_ecb 422 +#define OBJ_aes_192_ecb OBJ_aes,21L + +#define SN_aes_192_cbc "AES-192-CBC" +#define LN_aes_192_cbc "aes-192-cbc" +#define NID_aes_192_cbc 423 +#define OBJ_aes_192_cbc OBJ_aes,22L + +#define SN_aes_192_ofb128 "AES-192-OFB" +#define LN_aes_192_ofb128 "aes-192-ofb" +#define NID_aes_192_ofb128 424 +#define OBJ_aes_192_ofb128 OBJ_aes,23L + +#define SN_aes_192_cfb128 "AES-192-CFB" +#define LN_aes_192_cfb128 "aes-192-cfb" +#define NID_aes_192_cfb128 425 +#define OBJ_aes_192_cfb128 OBJ_aes,24L + +#define SN_id_aes192_wrap "id-aes192-wrap" +#define NID_id_aes192_wrap 789 +#define OBJ_id_aes192_wrap OBJ_aes,25L + +#define SN_aes_192_gcm "id-aes192-GCM" +#define LN_aes_192_gcm "aes-192-gcm" +#define NID_aes_192_gcm 898 +#define OBJ_aes_192_gcm OBJ_aes,26L + +#define SN_aes_192_ccm "id-aes192-CCM" +#define LN_aes_192_ccm "aes-192-ccm" +#define NID_aes_192_ccm 899 +#define OBJ_aes_192_ccm OBJ_aes,27L + +#define SN_id_aes192_wrap_pad "id-aes192-wrap-pad" +#define NID_id_aes192_wrap_pad 900 +#define OBJ_id_aes192_wrap_pad OBJ_aes,28L + +#define SN_aes_256_ecb "AES-256-ECB" +#define LN_aes_256_ecb "aes-256-ecb" +#define NID_aes_256_ecb 426 +#define OBJ_aes_256_ecb OBJ_aes,41L + +#define SN_aes_256_cbc "AES-256-CBC" +#define LN_aes_256_cbc "aes-256-cbc" +#define NID_aes_256_cbc 427 +#define OBJ_aes_256_cbc OBJ_aes,42L + +#define SN_aes_256_ofb128 "AES-256-OFB" +#define LN_aes_256_ofb128 "aes-256-ofb" +#define NID_aes_256_ofb128 428 +#define OBJ_aes_256_ofb128 OBJ_aes,43L + +#define SN_aes_256_cfb128 "AES-256-CFB" +#define LN_aes_256_cfb128 "aes-256-cfb" +#define NID_aes_256_cfb128 429 +#define OBJ_aes_256_cfb128 OBJ_aes,44L + +#define SN_id_aes256_wrap "id-aes256-wrap" +#define NID_id_aes256_wrap 790 +#define OBJ_id_aes256_wrap OBJ_aes,45L + +#define SN_aes_256_gcm "id-aes256-GCM" +#define LN_aes_256_gcm "aes-256-gcm" +#define NID_aes_256_gcm 901 +#define OBJ_aes_256_gcm OBJ_aes,46L + +#define SN_aes_256_ccm "id-aes256-CCM" +#define LN_aes_256_ccm "aes-256-ccm" +#define NID_aes_256_ccm 902 +#define OBJ_aes_256_ccm OBJ_aes,47L + +#define SN_id_aes256_wrap_pad "id-aes256-wrap-pad" +#define NID_id_aes256_wrap_pad 903 +#define OBJ_id_aes256_wrap_pad OBJ_aes,48L + +#define SN_aes_128_xts "AES-128-XTS" +#define LN_aes_128_xts "aes-128-xts" +#define NID_aes_128_xts 913 +#define OBJ_aes_128_xts OBJ_ieee_siswg,0L,1L,1L + +#define SN_aes_256_xts "AES-256-XTS" +#define LN_aes_256_xts "aes-256-xts" +#define NID_aes_256_xts 914 +#define OBJ_aes_256_xts OBJ_ieee_siswg,0L,1L,2L + +#define SN_aes_128_cfb1 "AES-128-CFB1" +#define LN_aes_128_cfb1 "aes-128-cfb1" +#define NID_aes_128_cfb1 650 + +#define SN_aes_192_cfb1 "AES-192-CFB1" +#define LN_aes_192_cfb1 "aes-192-cfb1" +#define NID_aes_192_cfb1 651 + +#define SN_aes_256_cfb1 "AES-256-CFB1" +#define LN_aes_256_cfb1 "aes-256-cfb1" +#define NID_aes_256_cfb1 652 + +#define SN_aes_128_cfb8 "AES-128-CFB8" +#define LN_aes_128_cfb8 "aes-128-cfb8" +#define NID_aes_128_cfb8 653 + +#define SN_aes_192_cfb8 "AES-192-CFB8" +#define LN_aes_192_cfb8 "aes-192-cfb8" +#define NID_aes_192_cfb8 654 + +#define SN_aes_256_cfb8 "AES-256-CFB8" +#define LN_aes_256_cfb8 "aes-256-cfb8" +#define NID_aes_256_cfb8 655 + +#define SN_aes_128_ctr "AES-128-CTR" +#define LN_aes_128_ctr "aes-128-ctr" +#define NID_aes_128_ctr 904 + +#define SN_aes_192_ctr "AES-192-CTR" +#define LN_aes_192_ctr "aes-192-ctr" +#define NID_aes_192_ctr 905 + +#define SN_aes_256_ctr "AES-256-CTR" +#define LN_aes_256_ctr "aes-256-ctr" +#define NID_aes_256_ctr 906 + +#define SN_aes_128_ocb "AES-128-OCB" +#define LN_aes_128_ocb "aes-128-ocb" +#define NID_aes_128_ocb 958 + +#define SN_aes_192_ocb "AES-192-OCB" +#define LN_aes_192_ocb "aes-192-ocb" +#define NID_aes_192_ocb 959 + +#define SN_aes_256_ocb "AES-256-OCB" +#define LN_aes_256_ocb "aes-256-ocb" +#define NID_aes_256_ocb 960 + +#define SN_des_cfb1 "DES-CFB1" +#define LN_des_cfb1 "des-cfb1" +#define NID_des_cfb1 656 + +#define SN_des_cfb8 "DES-CFB8" +#define LN_des_cfb8 "des-cfb8" +#define NID_des_cfb8 657 + +#define SN_des_ede3_cfb1 "DES-EDE3-CFB1" +#define LN_des_ede3_cfb1 "des-ede3-cfb1" +#define NID_des_ede3_cfb1 658 + +#define SN_des_ede3_cfb8 "DES-EDE3-CFB8" +#define LN_des_ede3_cfb8 "des-ede3-cfb8" +#define NID_des_ede3_cfb8 659 + +#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L + +#define SN_sha256 "SHA256" +#define LN_sha256 "sha256" +#define NID_sha256 672 +#define OBJ_sha256 OBJ_nist_hashalgs,1L + +#define SN_sha384 "SHA384" +#define LN_sha384 "sha384" +#define NID_sha384 673 +#define OBJ_sha384 OBJ_nist_hashalgs,2L + +#define SN_sha512 "SHA512" +#define LN_sha512 "sha512" +#define NID_sha512 674 +#define OBJ_sha512 OBJ_nist_hashalgs,3L + +#define SN_sha224 "SHA224" +#define LN_sha224 "sha224" +#define NID_sha224 675 +#define OBJ_sha224 OBJ_nist_hashalgs,4L + +#define SN_sha512_224 "SHA512-224" +#define LN_sha512_224 "sha512-224" +#define NID_sha512_224 1094 +#define OBJ_sha512_224 OBJ_nist_hashalgs,5L + +#define SN_sha512_256 "SHA512-256" +#define LN_sha512_256 "sha512-256" +#define NID_sha512_256 1095 +#define OBJ_sha512_256 OBJ_nist_hashalgs,6L + +#define SN_sha3_224 "SHA3-224" +#define LN_sha3_224 "sha3-224" +#define NID_sha3_224 1096 +#define OBJ_sha3_224 OBJ_nist_hashalgs,7L + +#define SN_sha3_256 "SHA3-256" +#define LN_sha3_256 "sha3-256" +#define NID_sha3_256 1097 +#define OBJ_sha3_256 OBJ_nist_hashalgs,8L + +#define SN_sha3_384 "SHA3-384" +#define LN_sha3_384 "sha3-384" +#define NID_sha3_384 1098 +#define OBJ_sha3_384 OBJ_nist_hashalgs,9L + +#define SN_sha3_512 "SHA3-512" +#define LN_sha3_512 "sha3-512" +#define NID_sha3_512 1099 +#define OBJ_sha3_512 OBJ_nist_hashalgs,10L + +#define SN_shake128 "SHAKE128" +#define LN_shake128 "shake128" +#define NID_shake128 1100 +#define OBJ_shake128 OBJ_nist_hashalgs,11L + +#define SN_shake256 "SHAKE256" +#define LN_shake256 "shake256" +#define NID_shake256 1101 +#define OBJ_shake256 OBJ_nist_hashalgs,12L + +#define SN_hmac_sha3_224 "id-hmacWithSHA3-224" +#define LN_hmac_sha3_224 "hmac-sha3-224" +#define NID_hmac_sha3_224 1102 +#define OBJ_hmac_sha3_224 OBJ_nist_hashalgs,13L + +#define SN_hmac_sha3_256 "id-hmacWithSHA3-256" +#define LN_hmac_sha3_256 "hmac-sha3-256" +#define NID_hmac_sha3_256 1103 +#define OBJ_hmac_sha3_256 OBJ_nist_hashalgs,14L + +#define SN_hmac_sha3_384 "id-hmacWithSHA3-384" +#define LN_hmac_sha3_384 "hmac-sha3-384" +#define NID_hmac_sha3_384 1104 +#define OBJ_hmac_sha3_384 OBJ_nist_hashalgs,15L + +#define SN_hmac_sha3_512 "id-hmacWithSHA3-512" +#define LN_hmac_sha3_512 "hmac-sha3-512" +#define NID_hmac_sha3_512 1105 +#define OBJ_hmac_sha3_512 OBJ_nist_hashalgs,16L + +#define SN_kmac128 "KMAC128" +#define LN_kmac128 "kmac128" +#define NID_kmac128 1196 +#define OBJ_kmac128 OBJ_nist_hashalgs,19L + +#define SN_kmac256 "KMAC256" +#define LN_kmac256 "kmac256" +#define NID_kmac256 1197 +#define OBJ_kmac256 OBJ_nist_hashalgs,20L + +#define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA224 "dsa_with_SHA224" +#define NID_dsa_with_SHA224 802 +#define OBJ_dsa_with_SHA224 OBJ_dsa_with_sha2,1L + +#define SN_dsa_with_SHA256 "dsa_with_SHA256" +#define NID_dsa_with_SHA256 803 +#define OBJ_dsa_with_SHA256 OBJ_dsa_with_sha2,2L + +#define OBJ_sigAlgs OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA384 "id-dsa-with-sha384" +#define LN_dsa_with_SHA384 "dsa_with_SHA384" +#define NID_dsa_with_SHA384 1106 +#define OBJ_dsa_with_SHA384 OBJ_sigAlgs,3L + +#define SN_dsa_with_SHA512 "id-dsa-with-sha512" +#define LN_dsa_with_SHA512 "dsa_with_SHA512" +#define NID_dsa_with_SHA512 1107 +#define OBJ_dsa_with_SHA512 OBJ_sigAlgs,4L + +#define SN_dsa_with_SHA3_224 "id-dsa-with-sha3-224" +#define LN_dsa_with_SHA3_224 "dsa_with_SHA3-224" +#define NID_dsa_with_SHA3_224 1108 +#define OBJ_dsa_with_SHA3_224 OBJ_sigAlgs,5L + +#define SN_dsa_with_SHA3_256 "id-dsa-with-sha3-256" +#define LN_dsa_with_SHA3_256 "dsa_with_SHA3-256" +#define NID_dsa_with_SHA3_256 1109 +#define OBJ_dsa_with_SHA3_256 OBJ_sigAlgs,6L + +#define SN_dsa_with_SHA3_384 "id-dsa-with-sha3-384" +#define LN_dsa_with_SHA3_384 "dsa_with_SHA3-384" +#define NID_dsa_with_SHA3_384 1110 +#define OBJ_dsa_with_SHA3_384 OBJ_sigAlgs,7L + +#define SN_dsa_with_SHA3_512 "id-dsa-with-sha3-512" +#define LN_dsa_with_SHA3_512 "dsa_with_SHA3-512" +#define NID_dsa_with_SHA3_512 1111 +#define OBJ_dsa_with_SHA3_512 OBJ_sigAlgs,8L + +#define SN_ecdsa_with_SHA3_224 "id-ecdsa-with-sha3-224" +#define LN_ecdsa_with_SHA3_224 "ecdsa_with_SHA3-224" +#define NID_ecdsa_with_SHA3_224 1112 +#define OBJ_ecdsa_with_SHA3_224 OBJ_sigAlgs,9L + +#define SN_ecdsa_with_SHA3_256 "id-ecdsa-with-sha3-256" +#define LN_ecdsa_with_SHA3_256 "ecdsa_with_SHA3-256" +#define NID_ecdsa_with_SHA3_256 1113 +#define OBJ_ecdsa_with_SHA3_256 OBJ_sigAlgs,10L + +#define SN_ecdsa_with_SHA3_384 "id-ecdsa-with-sha3-384" +#define LN_ecdsa_with_SHA3_384 "ecdsa_with_SHA3-384" +#define NID_ecdsa_with_SHA3_384 1114 +#define OBJ_ecdsa_with_SHA3_384 OBJ_sigAlgs,11L + +#define SN_ecdsa_with_SHA3_512 "id-ecdsa-with-sha3-512" +#define LN_ecdsa_with_SHA3_512 "ecdsa_with_SHA3-512" +#define NID_ecdsa_with_SHA3_512 1115 +#define OBJ_ecdsa_with_SHA3_512 OBJ_sigAlgs,12L + +#define SN_RSA_SHA3_224 "id-rsassa-pkcs1-v1_5-with-sha3-224" +#define LN_RSA_SHA3_224 "RSA-SHA3-224" +#define NID_RSA_SHA3_224 1116 +#define OBJ_RSA_SHA3_224 OBJ_sigAlgs,13L + +#define SN_RSA_SHA3_256 "id-rsassa-pkcs1-v1_5-with-sha3-256" +#define LN_RSA_SHA3_256 "RSA-SHA3-256" +#define NID_RSA_SHA3_256 1117 +#define OBJ_RSA_SHA3_256 OBJ_sigAlgs,14L + +#define SN_RSA_SHA3_384 "id-rsassa-pkcs1-v1_5-with-sha3-384" +#define LN_RSA_SHA3_384 "RSA-SHA3-384" +#define NID_RSA_SHA3_384 1118 +#define OBJ_RSA_SHA3_384 OBJ_sigAlgs,15L + +#define SN_RSA_SHA3_512 "id-rsassa-pkcs1-v1_5-with-sha3-512" +#define LN_RSA_SHA3_512 "RSA-SHA3-512" +#define NID_RSA_SHA3_512 1119 +#define OBJ_RSA_SHA3_512 OBJ_sigAlgs,16L + +#define SN_hold_instruction_code "holdInstructionCode" +#define LN_hold_instruction_code "Hold Instruction Code" +#define NID_hold_instruction_code 430 +#define OBJ_hold_instruction_code OBJ_id_ce,23L + +#define OBJ_holdInstruction OBJ_X9_57,2L + +#define SN_hold_instruction_none "holdInstructionNone" +#define LN_hold_instruction_none "Hold Instruction None" +#define NID_hold_instruction_none 431 +#define OBJ_hold_instruction_none OBJ_holdInstruction,1L + +#define SN_hold_instruction_call_issuer "holdInstructionCallIssuer" +#define LN_hold_instruction_call_issuer "Hold Instruction Call Issuer" +#define NID_hold_instruction_call_issuer 432 +#define OBJ_hold_instruction_call_issuer OBJ_holdInstruction,2L + +#define SN_hold_instruction_reject "holdInstructionReject" +#define LN_hold_instruction_reject "Hold Instruction Reject" +#define NID_hold_instruction_reject 433 +#define OBJ_hold_instruction_reject OBJ_holdInstruction,3L + +#define SN_itu_t_identified_organization "itu-t-identified-organization" +#define NID_itu_t_identified_organization 1264 +#define OBJ_itu_t_identified_organization OBJ_itu_t,4L + +#define SN_etsi "etsi" +#define NID_etsi 1265 +#define OBJ_etsi OBJ_itu_t_identified_organization,0L + +#define SN_electronic_signature_standard "electronic-signature-standard" +#define NID_electronic_signature_standard 1266 +#define OBJ_electronic_signature_standard OBJ_etsi,1733L + +#define SN_ess_attributes "ess-attributes" +#define NID_ess_attributes 1267 +#define OBJ_ess_attributes OBJ_electronic_signature_standard,2L + +#define SN_id_aa_ets_mimeType "id-aa-ets-mimeType" +#define NID_id_aa_ets_mimeType 1268 +#define OBJ_id_aa_ets_mimeType OBJ_ess_attributes,1L + +#define SN_id_aa_ets_longTermValidation "id-aa-ets-longTermValidation" +#define NID_id_aa_ets_longTermValidation 1269 +#define OBJ_id_aa_ets_longTermValidation OBJ_ess_attributes,2L + +#define SN_id_aa_ets_SignaturePolicyDocument "id-aa-ets-SignaturePolicyDocument" +#define NID_id_aa_ets_SignaturePolicyDocument 1270 +#define OBJ_id_aa_ets_SignaturePolicyDocument OBJ_ess_attributes,3L + +#define SN_id_aa_ets_archiveTimestampV3 "id-aa-ets-archiveTimestampV3" +#define NID_id_aa_ets_archiveTimestampV3 1271 +#define OBJ_id_aa_ets_archiveTimestampV3 OBJ_ess_attributes,4L + +#define SN_id_aa_ATSHashIndex "id-aa-ATSHashIndex" +#define NID_id_aa_ATSHashIndex 1272 +#define OBJ_id_aa_ATSHashIndex OBJ_ess_attributes,5L + +#define SN_cades "cades" +#define NID_cades 1273 +#define OBJ_cades OBJ_etsi,19122L + +#define SN_cades_attributes "cades-attributes" +#define NID_cades_attributes 1274 +#define OBJ_cades_attributes OBJ_cades,1L + +#define SN_id_aa_ets_signerAttrV2 "id-aa-ets-signerAttrV2" +#define NID_id_aa_ets_signerAttrV2 1275 +#define OBJ_id_aa_ets_signerAttrV2 OBJ_cades_attributes,1L + +#define SN_id_aa_ets_sigPolicyStore "id-aa-ets-sigPolicyStore" +#define NID_id_aa_ets_sigPolicyStore 1276 +#define OBJ_id_aa_ets_sigPolicyStore OBJ_cades_attributes,3L + +#define SN_id_aa_ATSHashIndex_v2 "id-aa-ATSHashIndex-v2" +#define NID_id_aa_ATSHashIndex_v2 1277 +#define OBJ_id_aa_ATSHashIndex_v2 OBJ_cades_attributes,4L + +#define SN_id_aa_ATSHashIndex_v3 "id-aa-ATSHashIndex-v3" +#define NID_id_aa_ATSHashIndex_v3 1278 +#define OBJ_id_aa_ATSHashIndex_v3 OBJ_cades_attributes,5L + +#define SN_signedAssertion "signedAssertion" +#define NID_signedAssertion 1279 +#define OBJ_signedAssertion OBJ_cades_attributes,6L + +#define SN_data "data" +#define NID_data 434 +#define OBJ_data OBJ_itu_t,9L + +#define SN_pss "pss" +#define NID_pss 435 +#define OBJ_pss OBJ_data,2342L + +#define SN_ucl "ucl" +#define NID_ucl 436 +#define OBJ_ucl OBJ_pss,19200300L + +#define SN_pilot "pilot" +#define NID_pilot 437 +#define OBJ_pilot OBJ_ucl,100L + +#define LN_pilotAttributeType "pilotAttributeType" +#define NID_pilotAttributeType 438 +#define OBJ_pilotAttributeType OBJ_pilot,1L + +#define LN_pilotAttributeSyntax "pilotAttributeSyntax" +#define NID_pilotAttributeSyntax 439 +#define OBJ_pilotAttributeSyntax OBJ_pilot,3L + +#define LN_pilotObjectClass "pilotObjectClass" +#define NID_pilotObjectClass 440 +#define OBJ_pilotObjectClass OBJ_pilot,4L + +#define LN_pilotGroups "pilotGroups" +#define NID_pilotGroups 441 +#define OBJ_pilotGroups OBJ_pilot,10L + +#define LN_iA5StringSyntax "iA5StringSyntax" +#define NID_iA5StringSyntax 442 +#define OBJ_iA5StringSyntax OBJ_pilotAttributeSyntax,4L + +#define LN_caseIgnoreIA5StringSyntax "caseIgnoreIA5StringSyntax" +#define NID_caseIgnoreIA5StringSyntax 443 +#define OBJ_caseIgnoreIA5StringSyntax OBJ_pilotAttributeSyntax,5L + +#define LN_pilotObject "pilotObject" +#define NID_pilotObject 444 +#define OBJ_pilotObject OBJ_pilotObjectClass,3L + +#define LN_pilotPerson "pilotPerson" +#define NID_pilotPerson 445 +#define OBJ_pilotPerson OBJ_pilotObjectClass,4L + +#define SN_account "account" +#define NID_account 446 +#define OBJ_account OBJ_pilotObjectClass,5L + +#define SN_document "document" +#define NID_document 447 +#define OBJ_document OBJ_pilotObjectClass,6L + +#define SN_room "room" +#define NID_room 448 +#define OBJ_room OBJ_pilotObjectClass,7L + +#define LN_documentSeries "documentSeries" +#define NID_documentSeries 449 +#define OBJ_documentSeries OBJ_pilotObjectClass,9L + +#define SN_Domain "domain" +#define LN_Domain "Domain" +#define NID_Domain 392 +#define OBJ_Domain OBJ_pilotObjectClass,13L + +#define LN_rFC822localPart "rFC822localPart" +#define NID_rFC822localPart 450 +#define OBJ_rFC822localPart OBJ_pilotObjectClass,14L + +#define LN_dNSDomain "dNSDomain" +#define NID_dNSDomain 451 +#define OBJ_dNSDomain OBJ_pilotObjectClass,15L + +#define LN_domainRelatedObject "domainRelatedObject" +#define NID_domainRelatedObject 452 +#define OBJ_domainRelatedObject OBJ_pilotObjectClass,17L + +#define LN_friendlyCountry "friendlyCountry" +#define NID_friendlyCountry 453 +#define OBJ_friendlyCountry OBJ_pilotObjectClass,18L + +#define LN_simpleSecurityObject "simpleSecurityObject" +#define NID_simpleSecurityObject 454 +#define OBJ_simpleSecurityObject OBJ_pilotObjectClass,19L + +#define LN_pilotOrganization "pilotOrganization" +#define NID_pilotOrganization 455 +#define OBJ_pilotOrganization OBJ_pilotObjectClass,20L + +#define LN_pilotDSA "pilotDSA" +#define NID_pilotDSA 456 +#define OBJ_pilotDSA OBJ_pilotObjectClass,21L + +#define LN_qualityLabelledData "qualityLabelledData" +#define NID_qualityLabelledData 457 +#define OBJ_qualityLabelledData OBJ_pilotObjectClass,22L + +#define SN_userId "UID" +#define LN_userId "userId" +#define NID_userId 458 +#define OBJ_userId OBJ_pilotAttributeType,1L + +#define LN_textEncodedORAddress "textEncodedORAddress" +#define NID_textEncodedORAddress 459 +#define OBJ_textEncodedORAddress OBJ_pilotAttributeType,2L + +#define SN_rfc822Mailbox "mail" +#define LN_rfc822Mailbox "rfc822Mailbox" +#define NID_rfc822Mailbox 460 +#define OBJ_rfc822Mailbox OBJ_pilotAttributeType,3L + +#define SN_info "info" +#define NID_info 461 +#define OBJ_info OBJ_pilotAttributeType,4L + +#define LN_favouriteDrink "favouriteDrink" +#define NID_favouriteDrink 462 +#define OBJ_favouriteDrink OBJ_pilotAttributeType,5L + +#define LN_roomNumber "roomNumber" +#define NID_roomNumber 463 +#define OBJ_roomNumber OBJ_pilotAttributeType,6L + +#define SN_photo "photo" +#define NID_photo 464 +#define OBJ_photo OBJ_pilotAttributeType,7L + +#define LN_userClass "userClass" +#define NID_userClass 465 +#define OBJ_userClass OBJ_pilotAttributeType,8L + +#define SN_host "host" +#define NID_host 466 +#define OBJ_host OBJ_pilotAttributeType,9L + +#define SN_manager "manager" +#define NID_manager 467 +#define OBJ_manager OBJ_pilotAttributeType,10L + +#define LN_documentIdentifier "documentIdentifier" +#define NID_documentIdentifier 468 +#define OBJ_documentIdentifier OBJ_pilotAttributeType,11L + +#define LN_documentTitle "documentTitle" +#define NID_documentTitle 469 +#define OBJ_documentTitle OBJ_pilotAttributeType,12L + +#define LN_documentVersion "documentVersion" +#define NID_documentVersion 470 +#define OBJ_documentVersion OBJ_pilotAttributeType,13L + +#define LN_documentAuthor "documentAuthor" +#define NID_documentAuthor 471 +#define OBJ_documentAuthor OBJ_pilotAttributeType,14L + +#define LN_documentLocation "documentLocation" +#define NID_documentLocation 472 +#define OBJ_documentLocation OBJ_pilotAttributeType,15L + +#define LN_homeTelephoneNumber "homeTelephoneNumber" +#define NID_homeTelephoneNumber 473 +#define OBJ_homeTelephoneNumber OBJ_pilotAttributeType,20L + +#define SN_secretary "secretary" +#define NID_secretary 474 +#define OBJ_secretary OBJ_pilotAttributeType,21L + +#define LN_otherMailbox "otherMailbox" +#define NID_otherMailbox 475 +#define OBJ_otherMailbox OBJ_pilotAttributeType,22L + +#define LN_lastModifiedTime "lastModifiedTime" +#define NID_lastModifiedTime 476 +#define OBJ_lastModifiedTime OBJ_pilotAttributeType,23L + +#define LN_lastModifiedBy "lastModifiedBy" +#define NID_lastModifiedBy 477 +#define OBJ_lastModifiedBy OBJ_pilotAttributeType,24L + +#define SN_domainComponent "DC" +#define LN_domainComponent "domainComponent" +#define NID_domainComponent 391 +#define OBJ_domainComponent OBJ_pilotAttributeType,25L + +#define LN_aRecord "aRecord" +#define NID_aRecord 478 +#define OBJ_aRecord OBJ_pilotAttributeType,26L + +#define LN_pilotAttributeType27 "pilotAttributeType27" +#define NID_pilotAttributeType27 479 +#define OBJ_pilotAttributeType27 OBJ_pilotAttributeType,27L + +#define LN_mXRecord "mXRecord" +#define NID_mXRecord 480 +#define OBJ_mXRecord OBJ_pilotAttributeType,28L + +#define LN_nSRecord "nSRecord" +#define NID_nSRecord 481 +#define OBJ_nSRecord OBJ_pilotAttributeType,29L + +#define LN_sOARecord "sOARecord" +#define NID_sOARecord 482 +#define OBJ_sOARecord OBJ_pilotAttributeType,30L + +#define LN_cNAMERecord "cNAMERecord" +#define NID_cNAMERecord 483 +#define OBJ_cNAMERecord OBJ_pilotAttributeType,31L + +#define LN_associatedDomain "associatedDomain" +#define NID_associatedDomain 484 +#define OBJ_associatedDomain OBJ_pilotAttributeType,37L + +#define LN_associatedName "associatedName" +#define NID_associatedName 485 +#define OBJ_associatedName OBJ_pilotAttributeType,38L + +#define LN_homePostalAddress "homePostalAddress" +#define NID_homePostalAddress 486 +#define OBJ_homePostalAddress OBJ_pilotAttributeType,39L + +#define LN_personalTitle "personalTitle" +#define NID_personalTitle 487 +#define OBJ_personalTitle OBJ_pilotAttributeType,40L + +#define LN_mobileTelephoneNumber "mobileTelephoneNumber" +#define NID_mobileTelephoneNumber 488 +#define OBJ_mobileTelephoneNumber OBJ_pilotAttributeType,41L + +#define LN_pagerTelephoneNumber "pagerTelephoneNumber" +#define NID_pagerTelephoneNumber 489 +#define OBJ_pagerTelephoneNumber OBJ_pilotAttributeType,42L + +#define LN_friendlyCountryName "friendlyCountryName" +#define NID_friendlyCountryName 490 +#define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L + +#define SN_uniqueIdentifier "uid" +#define LN_uniqueIdentifier "uniqueIdentifier" +#define NID_uniqueIdentifier 102 +#define OBJ_uniqueIdentifier OBJ_pilotAttributeType,44L + +#define LN_organizationalStatus "organizationalStatus" +#define NID_organizationalStatus 491 +#define OBJ_organizationalStatus OBJ_pilotAttributeType,45L + +#define LN_janetMailbox "janetMailbox" +#define NID_janetMailbox 492 +#define OBJ_janetMailbox OBJ_pilotAttributeType,46L + +#define LN_mailPreferenceOption "mailPreferenceOption" +#define NID_mailPreferenceOption 493 +#define OBJ_mailPreferenceOption OBJ_pilotAttributeType,47L + +#define LN_buildingName "buildingName" +#define NID_buildingName 494 +#define OBJ_buildingName OBJ_pilotAttributeType,48L + +#define LN_dSAQuality "dSAQuality" +#define NID_dSAQuality 495 +#define OBJ_dSAQuality OBJ_pilotAttributeType,49L + +#define LN_singleLevelQuality "singleLevelQuality" +#define NID_singleLevelQuality 496 +#define OBJ_singleLevelQuality OBJ_pilotAttributeType,50L + +#define LN_subtreeMinimumQuality "subtreeMinimumQuality" +#define NID_subtreeMinimumQuality 497 +#define OBJ_subtreeMinimumQuality OBJ_pilotAttributeType,51L + +#define LN_subtreeMaximumQuality "subtreeMaximumQuality" +#define NID_subtreeMaximumQuality 498 +#define OBJ_subtreeMaximumQuality OBJ_pilotAttributeType,52L + +#define LN_personalSignature "personalSignature" +#define NID_personalSignature 499 +#define OBJ_personalSignature OBJ_pilotAttributeType,53L + +#define LN_dITRedirect "dITRedirect" +#define NID_dITRedirect 500 +#define OBJ_dITRedirect OBJ_pilotAttributeType,54L + +#define SN_audio "audio" +#define NID_audio 501 +#define OBJ_audio OBJ_pilotAttributeType,55L + +#define LN_documentPublisher "documentPublisher" +#define NID_documentPublisher 502 +#define OBJ_documentPublisher OBJ_pilotAttributeType,56L + +#define SN_id_set "id-set" +#define LN_id_set "Secure Electronic Transactions" +#define NID_id_set 512 +#define OBJ_id_set OBJ_international_organizations,42L + +#define SN_set_ctype "set-ctype" +#define LN_set_ctype "content types" +#define NID_set_ctype 513 +#define OBJ_set_ctype OBJ_id_set,0L + +#define SN_set_msgExt "set-msgExt" +#define LN_set_msgExt "message extensions" +#define NID_set_msgExt 514 +#define OBJ_set_msgExt OBJ_id_set,1L + +#define SN_set_attr "set-attr" +#define NID_set_attr 515 +#define OBJ_set_attr OBJ_id_set,3L + +#define SN_set_policy "set-policy" +#define NID_set_policy 516 +#define OBJ_set_policy OBJ_id_set,5L + +#define SN_set_certExt "set-certExt" +#define LN_set_certExt "certificate extensions" +#define NID_set_certExt 517 +#define OBJ_set_certExt OBJ_id_set,7L + +#define SN_set_brand "set-brand" +#define NID_set_brand 518 +#define OBJ_set_brand OBJ_id_set,8L + +#define SN_setct_PANData "setct-PANData" +#define NID_setct_PANData 519 +#define OBJ_setct_PANData OBJ_set_ctype,0L + +#define SN_setct_PANToken "setct-PANToken" +#define NID_setct_PANToken 520 +#define OBJ_setct_PANToken OBJ_set_ctype,1L + +#define SN_setct_PANOnly "setct-PANOnly" +#define NID_setct_PANOnly 521 +#define OBJ_setct_PANOnly OBJ_set_ctype,2L + +#define SN_setct_OIData "setct-OIData" +#define NID_setct_OIData 522 +#define OBJ_setct_OIData OBJ_set_ctype,3L + +#define SN_setct_PI "setct-PI" +#define NID_setct_PI 523 +#define OBJ_setct_PI OBJ_set_ctype,4L + +#define SN_setct_PIData "setct-PIData" +#define NID_setct_PIData 524 +#define OBJ_setct_PIData OBJ_set_ctype,5L + +#define SN_setct_PIDataUnsigned "setct-PIDataUnsigned" +#define NID_setct_PIDataUnsigned 525 +#define OBJ_setct_PIDataUnsigned OBJ_set_ctype,6L + +#define SN_setct_HODInput "setct-HODInput" +#define NID_setct_HODInput 526 +#define OBJ_setct_HODInput OBJ_set_ctype,7L + +#define SN_setct_AuthResBaggage "setct-AuthResBaggage" +#define NID_setct_AuthResBaggage 527 +#define OBJ_setct_AuthResBaggage OBJ_set_ctype,8L + +#define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage" +#define NID_setct_AuthRevReqBaggage 528 +#define OBJ_setct_AuthRevReqBaggage OBJ_set_ctype,9L + +#define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage" +#define NID_setct_AuthRevResBaggage 529 +#define OBJ_setct_AuthRevResBaggage OBJ_set_ctype,10L + +#define SN_setct_CapTokenSeq "setct-CapTokenSeq" +#define NID_setct_CapTokenSeq 530 +#define OBJ_setct_CapTokenSeq OBJ_set_ctype,11L + +#define SN_setct_PInitResData "setct-PInitResData" +#define NID_setct_PInitResData 531 +#define OBJ_setct_PInitResData OBJ_set_ctype,12L + +#define SN_setct_PI_TBS "setct-PI-TBS" +#define NID_setct_PI_TBS 532 +#define OBJ_setct_PI_TBS OBJ_set_ctype,13L + +#define SN_setct_PResData "setct-PResData" +#define NID_setct_PResData 533 +#define OBJ_setct_PResData OBJ_set_ctype,14L + +#define SN_setct_AuthReqTBS "setct-AuthReqTBS" +#define NID_setct_AuthReqTBS 534 +#define OBJ_setct_AuthReqTBS OBJ_set_ctype,16L + +#define SN_setct_AuthResTBS "setct-AuthResTBS" +#define NID_setct_AuthResTBS 535 +#define OBJ_setct_AuthResTBS OBJ_set_ctype,17L + +#define SN_setct_AuthResTBSX "setct-AuthResTBSX" +#define NID_setct_AuthResTBSX 536 +#define OBJ_setct_AuthResTBSX OBJ_set_ctype,18L + +#define SN_setct_AuthTokenTBS "setct-AuthTokenTBS" +#define NID_setct_AuthTokenTBS 537 +#define OBJ_setct_AuthTokenTBS OBJ_set_ctype,19L + +#define SN_setct_CapTokenData "setct-CapTokenData" +#define NID_setct_CapTokenData 538 +#define OBJ_setct_CapTokenData OBJ_set_ctype,20L + +#define SN_setct_CapTokenTBS "setct-CapTokenTBS" +#define NID_setct_CapTokenTBS 539 +#define OBJ_setct_CapTokenTBS OBJ_set_ctype,21L + +#define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg" +#define NID_setct_AcqCardCodeMsg 540 +#define OBJ_setct_AcqCardCodeMsg OBJ_set_ctype,22L + +#define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS" +#define NID_setct_AuthRevReqTBS 541 +#define OBJ_setct_AuthRevReqTBS OBJ_set_ctype,23L + +#define SN_setct_AuthRevResData "setct-AuthRevResData" +#define NID_setct_AuthRevResData 542 +#define OBJ_setct_AuthRevResData OBJ_set_ctype,24L + +#define SN_setct_AuthRevResTBS "setct-AuthRevResTBS" +#define NID_setct_AuthRevResTBS 543 +#define OBJ_setct_AuthRevResTBS OBJ_set_ctype,25L + +#define SN_setct_CapReqTBS "setct-CapReqTBS" +#define NID_setct_CapReqTBS 544 +#define OBJ_setct_CapReqTBS OBJ_set_ctype,26L + +#define SN_setct_CapReqTBSX "setct-CapReqTBSX" +#define NID_setct_CapReqTBSX 545 +#define OBJ_setct_CapReqTBSX OBJ_set_ctype,27L + +#define SN_setct_CapResData "setct-CapResData" +#define NID_setct_CapResData 546 +#define OBJ_setct_CapResData OBJ_set_ctype,28L + +#define SN_setct_CapRevReqTBS "setct-CapRevReqTBS" +#define NID_setct_CapRevReqTBS 547 +#define OBJ_setct_CapRevReqTBS OBJ_set_ctype,29L + +#define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX" +#define NID_setct_CapRevReqTBSX 548 +#define OBJ_setct_CapRevReqTBSX OBJ_set_ctype,30L + +#define SN_setct_CapRevResData "setct-CapRevResData" +#define NID_setct_CapRevResData 549 +#define OBJ_setct_CapRevResData OBJ_set_ctype,31L + +#define SN_setct_CredReqTBS "setct-CredReqTBS" +#define NID_setct_CredReqTBS 550 +#define OBJ_setct_CredReqTBS OBJ_set_ctype,32L + +#define SN_setct_CredReqTBSX "setct-CredReqTBSX" +#define NID_setct_CredReqTBSX 551 +#define OBJ_setct_CredReqTBSX OBJ_set_ctype,33L + +#define SN_setct_CredResData "setct-CredResData" +#define NID_setct_CredResData 552 +#define OBJ_setct_CredResData OBJ_set_ctype,34L + +#define SN_setct_CredRevReqTBS "setct-CredRevReqTBS" +#define NID_setct_CredRevReqTBS 553 +#define OBJ_setct_CredRevReqTBS OBJ_set_ctype,35L + +#define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX" +#define NID_setct_CredRevReqTBSX 554 +#define OBJ_setct_CredRevReqTBSX OBJ_set_ctype,36L + +#define SN_setct_CredRevResData "setct-CredRevResData" +#define NID_setct_CredRevResData 555 +#define OBJ_setct_CredRevResData OBJ_set_ctype,37L + +#define SN_setct_PCertReqData "setct-PCertReqData" +#define NID_setct_PCertReqData 556 +#define OBJ_setct_PCertReqData OBJ_set_ctype,38L + +#define SN_setct_PCertResTBS "setct-PCertResTBS" +#define NID_setct_PCertResTBS 557 +#define OBJ_setct_PCertResTBS OBJ_set_ctype,39L + +#define SN_setct_BatchAdminReqData "setct-BatchAdminReqData" +#define NID_setct_BatchAdminReqData 558 +#define OBJ_setct_BatchAdminReqData OBJ_set_ctype,40L + +#define SN_setct_BatchAdminResData "setct-BatchAdminResData" +#define NID_setct_BatchAdminResData 559 +#define OBJ_setct_BatchAdminResData OBJ_set_ctype,41L + +#define SN_setct_CardCInitResTBS "setct-CardCInitResTBS" +#define NID_setct_CardCInitResTBS 560 +#define OBJ_setct_CardCInitResTBS OBJ_set_ctype,42L + +#define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS" +#define NID_setct_MeAqCInitResTBS 561 +#define OBJ_setct_MeAqCInitResTBS OBJ_set_ctype,43L + +#define SN_setct_RegFormResTBS "setct-RegFormResTBS" +#define NID_setct_RegFormResTBS 562 +#define OBJ_setct_RegFormResTBS OBJ_set_ctype,44L + +#define SN_setct_CertReqData "setct-CertReqData" +#define NID_setct_CertReqData 563 +#define OBJ_setct_CertReqData OBJ_set_ctype,45L + +#define SN_setct_CertReqTBS "setct-CertReqTBS" +#define NID_setct_CertReqTBS 564 +#define OBJ_setct_CertReqTBS OBJ_set_ctype,46L + +#define SN_setct_CertResData "setct-CertResData" +#define NID_setct_CertResData 565 +#define OBJ_setct_CertResData OBJ_set_ctype,47L + +#define SN_setct_CertInqReqTBS "setct-CertInqReqTBS" +#define NID_setct_CertInqReqTBS 566 +#define OBJ_setct_CertInqReqTBS OBJ_set_ctype,48L + +#define SN_setct_ErrorTBS "setct-ErrorTBS" +#define NID_setct_ErrorTBS 567 +#define OBJ_setct_ErrorTBS OBJ_set_ctype,49L + +#define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE" +#define NID_setct_PIDualSignedTBE 568 +#define OBJ_setct_PIDualSignedTBE OBJ_set_ctype,50L + +#define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE" +#define NID_setct_PIUnsignedTBE 569 +#define OBJ_setct_PIUnsignedTBE OBJ_set_ctype,51L + +#define SN_setct_AuthReqTBE "setct-AuthReqTBE" +#define NID_setct_AuthReqTBE 570 +#define OBJ_setct_AuthReqTBE OBJ_set_ctype,52L + +#define SN_setct_AuthResTBE "setct-AuthResTBE" +#define NID_setct_AuthResTBE 571 +#define OBJ_setct_AuthResTBE OBJ_set_ctype,53L + +#define SN_setct_AuthResTBEX "setct-AuthResTBEX" +#define NID_setct_AuthResTBEX 572 +#define OBJ_setct_AuthResTBEX OBJ_set_ctype,54L + +#define SN_setct_AuthTokenTBE "setct-AuthTokenTBE" +#define NID_setct_AuthTokenTBE 573 +#define OBJ_setct_AuthTokenTBE OBJ_set_ctype,55L + +#define SN_setct_CapTokenTBE "setct-CapTokenTBE" +#define NID_setct_CapTokenTBE 574 +#define OBJ_setct_CapTokenTBE OBJ_set_ctype,56L + +#define SN_setct_CapTokenTBEX "setct-CapTokenTBEX" +#define NID_setct_CapTokenTBEX 575 +#define OBJ_setct_CapTokenTBEX OBJ_set_ctype,57L + +#define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE" +#define NID_setct_AcqCardCodeMsgTBE 576 +#define OBJ_setct_AcqCardCodeMsgTBE OBJ_set_ctype,58L + +#define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE" +#define NID_setct_AuthRevReqTBE 577 +#define OBJ_setct_AuthRevReqTBE OBJ_set_ctype,59L + +#define SN_setct_AuthRevResTBE "setct-AuthRevResTBE" +#define NID_setct_AuthRevResTBE 578 +#define OBJ_setct_AuthRevResTBE OBJ_set_ctype,60L + +#define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB" +#define NID_setct_AuthRevResTBEB 579 +#define OBJ_setct_AuthRevResTBEB OBJ_set_ctype,61L + +#define SN_setct_CapReqTBE "setct-CapReqTBE" +#define NID_setct_CapReqTBE 580 +#define OBJ_setct_CapReqTBE OBJ_set_ctype,62L + +#define SN_setct_CapReqTBEX "setct-CapReqTBEX" +#define NID_setct_CapReqTBEX 581 +#define OBJ_setct_CapReqTBEX OBJ_set_ctype,63L + +#define SN_setct_CapResTBE "setct-CapResTBE" +#define NID_setct_CapResTBE 582 +#define OBJ_setct_CapResTBE OBJ_set_ctype,64L + +#define SN_setct_CapRevReqTBE "setct-CapRevReqTBE" +#define NID_setct_CapRevReqTBE 583 +#define OBJ_setct_CapRevReqTBE OBJ_set_ctype,65L + +#define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX" +#define NID_setct_CapRevReqTBEX 584 +#define OBJ_setct_CapRevReqTBEX OBJ_set_ctype,66L + +#define SN_setct_CapRevResTBE "setct-CapRevResTBE" +#define NID_setct_CapRevResTBE 585 +#define OBJ_setct_CapRevResTBE OBJ_set_ctype,67L + +#define SN_setct_CredReqTBE "setct-CredReqTBE" +#define NID_setct_CredReqTBE 586 +#define OBJ_setct_CredReqTBE OBJ_set_ctype,68L + +#define SN_setct_CredReqTBEX "setct-CredReqTBEX" +#define NID_setct_CredReqTBEX 587 +#define OBJ_setct_CredReqTBEX OBJ_set_ctype,69L + +#define SN_setct_CredResTBE "setct-CredResTBE" +#define NID_setct_CredResTBE 588 +#define OBJ_setct_CredResTBE OBJ_set_ctype,70L + +#define SN_setct_CredRevReqTBE "setct-CredRevReqTBE" +#define NID_setct_CredRevReqTBE 589 +#define OBJ_setct_CredRevReqTBE OBJ_set_ctype,71L + +#define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX" +#define NID_setct_CredRevReqTBEX 590 +#define OBJ_setct_CredRevReqTBEX OBJ_set_ctype,72L + +#define SN_setct_CredRevResTBE "setct-CredRevResTBE" +#define NID_setct_CredRevResTBE 591 +#define OBJ_setct_CredRevResTBE OBJ_set_ctype,73L + +#define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE" +#define NID_setct_BatchAdminReqTBE 592 +#define OBJ_setct_BatchAdminReqTBE OBJ_set_ctype,74L + +#define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE" +#define NID_setct_BatchAdminResTBE 593 +#define OBJ_setct_BatchAdminResTBE OBJ_set_ctype,75L + +#define SN_setct_RegFormReqTBE "setct-RegFormReqTBE" +#define NID_setct_RegFormReqTBE 594 +#define OBJ_setct_RegFormReqTBE OBJ_set_ctype,76L + +#define SN_setct_CertReqTBE "setct-CertReqTBE" +#define NID_setct_CertReqTBE 595 +#define OBJ_setct_CertReqTBE OBJ_set_ctype,77L + +#define SN_setct_CertReqTBEX "setct-CertReqTBEX" +#define NID_setct_CertReqTBEX 596 +#define OBJ_setct_CertReqTBEX OBJ_set_ctype,78L + +#define SN_setct_CertResTBE "setct-CertResTBE" +#define NID_setct_CertResTBE 597 +#define OBJ_setct_CertResTBE OBJ_set_ctype,79L + +#define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS" +#define NID_setct_CRLNotificationTBS 598 +#define OBJ_setct_CRLNotificationTBS OBJ_set_ctype,80L + +#define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS" +#define NID_setct_CRLNotificationResTBS 599 +#define OBJ_setct_CRLNotificationResTBS OBJ_set_ctype,81L + +#define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS" +#define NID_setct_BCIDistributionTBS 600 +#define OBJ_setct_BCIDistributionTBS OBJ_set_ctype,82L + +#define SN_setext_genCrypt "setext-genCrypt" +#define LN_setext_genCrypt "generic cryptogram" +#define NID_setext_genCrypt 601 +#define OBJ_setext_genCrypt OBJ_set_msgExt,1L + +#define SN_setext_miAuth "setext-miAuth" +#define LN_setext_miAuth "merchant initiated auth" +#define NID_setext_miAuth 602 +#define OBJ_setext_miAuth OBJ_set_msgExt,3L + +#define SN_setext_pinSecure "setext-pinSecure" +#define NID_setext_pinSecure 603 +#define OBJ_setext_pinSecure OBJ_set_msgExt,4L + +#define SN_setext_pinAny "setext-pinAny" +#define NID_setext_pinAny 604 +#define OBJ_setext_pinAny OBJ_set_msgExt,5L + +#define SN_setext_track2 "setext-track2" +#define NID_setext_track2 605 +#define OBJ_setext_track2 OBJ_set_msgExt,7L + +#define SN_setext_cv "setext-cv" +#define LN_setext_cv "additional verification" +#define NID_setext_cv 606 +#define OBJ_setext_cv OBJ_set_msgExt,8L + +#define SN_set_policy_root "set-policy-root" +#define NID_set_policy_root 607 +#define OBJ_set_policy_root OBJ_set_policy,0L + +#define SN_setCext_hashedRoot "setCext-hashedRoot" +#define NID_setCext_hashedRoot 608 +#define OBJ_setCext_hashedRoot OBJ_set_certExt,0L + +#define SN_setCext_certType "setCext-certType" +#define NID_setCext_certType 609 +#define OBJ_setCext_certType OBJ_set_certExt,1L + +#define SN_setCext_merchData "setCext-merchData" +#define NID_setCext_merchData 610 +#define OBJ_setCext_merchData OBJ_set_certExt,2L + +#define SN_setCext_cCertRequired "setCext-cCertRequired" +#define NID_setCext_cCertRequired 611 +#define OBJ_setCext_cCertRequired OBJ_set_certExt,3L + +#define SN_setCext_tunneling "setCext-tunneling" +#define NID_setCext_tunneling 612 +#define OBJ_setCext_tunneling OBJ_set_certExt,4L + +#define SN_setCext_setExt "setCext-setExt" +#define NID_setCext_setExt 613 +#define OBJ_setCext_setExt OBJ_set_certExt,5L + +#define SN_setCext_setQualf "setCext-setQualf" +#define NID_setCext_setQualf 614 +#define OBJ_setCext_setQualf OBJ_set_certExt,6L + +#define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities" +#define NID_setCext_PGWYcapabilities 615 +#define OBJ_setCext_PGWYcapabilities OBJ_set_certExt,7L + +#define SN_setCext_TokenIdentifier "setCext-TokenIdentifier" +#define NID_setCext_TokenIdentifier 616 +#define OBJ_setCext_TokenIdentifier OBJ_set_certExt,8L + +#define SN_setCext_Track2Data "setCext-Track2Data" +#define NID_setCext_Track2Data 617 +#define OBJ_setCext_Track2Data OBJ_set_certExt,9L + +#define SN_setCext_TokenType "setCext-TokenType" +#define NID_setCext_TokenType 618 +#define OBJ_setCext_TokenType OBJ_set_certExt,10L + +#define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities" +#define NID_setCext_IssuerCapabilities 619 +#define OBJ_setCext_IssuerCapabilities OBJ_set_certExt,11L + +#define SN_setAttr_Cert "setAttr-Cert" +#define NID_setAttr_Cert 620 +#define OBJ_setAttr_Cert OBJ_set_attr,0L + +#define SN_setAttr_PGWYcap "setAttr-PGWYcap" +#define LN_setAttr_PGWYcap "payment gateway capabilities" +#define NID_setAttr_PGWYcap 621 +#define OBJ_setAttr_PGWYcap OBJ_set_attr,1L + +#define SN_setAttr_TokenType "setAttr-TokenType" +#define NID_setAttr_TokenType 622 +#define OBJ_setAttr_TokenType OBJ_set_attr,2L + +#define SN_setAttr_IssCap "setAttr-IssCap" +#define LN_setAttr_IssCap "issuer capabilities" +#define NID_setAttr_IssCap 623 +#define OBJ_setAttr_IssCap OBJ_set_attr,3L + +#define SN_set_rootKeyThumb "set-rootKeyThumb" +#define NID_set_rootKeyThumb 624 +#define OBJ_set_rootKeyThumb OBJ_setAttr_Cert,0L + +#define SN_set_addPolicy "set-addPolicy" +#define NID_set_addPolicy 625 +#define OBJ_set_addPolicy OBJ_setAttr_Cert,1L + +#define SN_setAttr_Token_EMV "setAttr-Token-EMV" +#define NID_setAttr_Token_EMV 626 +#define OBJ_setAttr_Token_EMV OBJ_setAttr_TokenType,1L + +#define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime" +#define NID_setAttr_Token_B0Prime 627 +#define OBJ_setAttr_Token_B0Prime OBJ_setAttr_TokenType,2L + +#define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM" +#define NID_setAttr_IssCap_CVM 628 +#define OBJ_setAttr_IssCap_CVM OBJ_setAttr_IssCap,3L + +#define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2" +#define NID_setAttr_IssCap_T2 629 +#define OBJ_setAttr_IssCap_T2 OBJ_setAttr_IssCap,4L + +#define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig" +#define NID_setAttr_IssCap_Sig 630 +#define OBJ_setAttr_IssCap_Sig OBJ_setAttr_IssCap,5L + +#define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm" +#define LN_setAttr_GenCryptgrm "generate cryptogram" +#define NID_setAttr_GenCryptgrm 631 +#define OBJ_setAttr_GenCryptgrm OBJ_setAttr_IssCap_CVM,1L + +#define SN_setAttr_T2Enc "setAttr-T2Enc" +#define LN_setAttr_T2Enc "encrypted track 2" +#define NID_setAttr_T2Enc 632 +#define OBJ_setAttr_T2Enc OBJ_setAttr_IssCap_T2,1L + +#define SN_setAttr_T2cleartxt "setAttr-T2cleartxt" +#define LN_setAttr_T2cleartxt "cleartext track 2" +#define NID_setAttr_T2cleartxt 633 +#define OBJ_setAttr_T2cleartxt OBJ_setAttr_IssCap_T2,2L + +#define SN_setAttr_TokICCsig "setAttr-TokICCsig" +#define LN_setAttr_TokICCsig "ICC or token signature" +#define NID_setAttr_TokICCsig 634 +#define OBJ_setAttr_TokICCsig OBJ_setAttr_IssCap_Sig,1L + +#define SN_setAttr_SecDevSig "setAttr-SecDevSig" +#define LN_setAttr_SecDevSig "secure device signature" +#define NID_setAttr_SecDevSig 635 +#define OBJ_setAttr_SecDevSig OBJ_setAttr_IssCap_Sig,2L + +#define SN_set_brand_IATA_ATA "set-brand-IATA-ATA" +#define NID_set_brand_IATA_ATA 636 +#define OBJ_set_brand_IATA_ATA OBJ_set_brand,1L + +#define SN_set_brand_Diners "set-brand-Diners" +#define NID_set_brand_Diners 637 +#define OBJ_set_brand_Diners OBJ_set_brand,30L + +#define SN_set_brand_AmericanExpress "set-brand-AmericanExpress" +#define NID_set_brand_AmericanExpress 638 +#define OBJ_set_brand_AmericanExpress OBJ_set_brand,34L + +#define SN_set_brand_JCB "set-brand-JCB" +#define NID_set_brand_JCB 639 +#define OBJ_set_brand_JCB OBJ_set_brand,35L + +#define SN_set_brand_Visa "set-brand-Visa" +#define NID_set_brand_Visa 640 +#define OBJ_set_brand_Visa OBJ_set_brand,4L + +#define SN_set_brand_MasterCard "set-brand-MasterCard" +#define NID_set_brand_MasterCard 641 +#define OBJ_set_brand_MasterCard OBJ_set_brand,5L + +#define SN_set_brand_Novus "set-brand-Novus" +#define NID_set_brand_Novus 642 +#define OBJ_set_brand_Novus OBJ_set_brand,6011L + +#define SN_des_cdmf "DES-CDMF" +#define LN_des_cdmf "des-cdmf" +#define NID_des_cdmf 643 +#define OBJ_des_cdmf OBJ_rsadsi,3L,10L + +#define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET" +#define NID_rsaOAEPEncryptionSET 644 +#define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L + +#define SN_ipsec3 "Oakley-EC2N-3" +#define LN_ipsec3 "ipsec3" +#define NID_ipsec3 749 + +#define SN_ipsec4 "Oakley-EC2N-4" +#define LN_ipsec4 "ipsec4" +#define NID_ipsec4 750 + +#define SN_whirlpool "whirlpool" +#define NID_whirlpool 804 +#define OBJ_whirlpool OBJ_iso,0L,10118L,3L,0L,55L + +#define SN_cryptopro "cryptopro" +#define NID_cryptopro 805 +#define OBJ_cryptopro OBJ_member_body,643L,2L,2L + +#define SN_cryptocom "cryptocom" +#define NID_cryptocom 806 +#define OBJ_cryptocom OBJ_member_body,643L,2L,9L + +#define SN_id_tc26 "id-tc26" +#define NID_id_tc26 974 +#define OBJ_id_tc26 OBJ_member_body,643L,7L,1L + +#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" +#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" +#define NID_id_GostR3411_94_with_GostR3410_2001 807 +#define OBJ_id_GostR3411_94_with_GostR3410_2001 OBJ_cryptopro,3L + +#define SN_id_GostR3411_94_with_GostR3410_94 "id-GostR3411-94-with-GostR3410-94" +#define LN_id_GostR3411_94_with_GostR3410_94 "GOST R 34.11-94 with GOST R 34.10-94" +#define NID_id_GostR3411_94_with_GostR3410_94 808 +#define OBJ_id_GostR3411_94_with_GostR3410_94 OBJ_cryptopro,4L + +#define SN_id_GostR3411_94 "md_gost94" +#define LN_id_GostR3411_94 "GOST R 34.11-94" +#define NID_id_GostR3411_94 809 +#define OBJ_id_GostR3411_94 OBJ_cryptopro,9L + +#define SN_id_HMACGostR3411_94 "id-HMACGostR3411-94" +#define LN_id_HMACGostR3411_94 "HMAC GOST 34.11-94" +#define NID_id_HMACGostR3411_94 810 +#define OBJ_id_HMACGostR3411_94 OBJ_cryptopro,10L + +#define SN_id_GostR3410_2001 "gost2001" +#define LN_id_GostR3410_2001 "GOST R 34.10-2001" +#define NID_id_GostR3410_2001 811 +#define OBJ_id_GostR3410_2001 OBJ_cryptopro,19L + +#define SN_id_GostR3410_94 "gost94" +#define LN_id_GostR3410_94 "GOST R 34.10-94" +#define NID_id_GostR3410_94 812 +#define OBJ_id_GostR3410_94 OBJ_cryptopro,20L + +#define SN_id_Gost28147_89 "gost89" +#define LN_id_Gost28147_89 "GOST 28147-89" +#define NID_id_Gost28147_89 813 +#define OBJ_id_Gost28147_89 OBJ_cryptopro,21L + +#define SN_gost89_cnt "gost89-cnt" +#define NID_gost89_cnt 814 + +#define SN_gost89_cnt_12 "gost89-cnt-12" +#define NID_gost89_cnt_12 975 + +#define SN_gost89_cbc "gost89-cbc" +#define NID_gost89_cbc 1009 + +#define SN_gost89_ecb "gost89-ecb" +#define NID_gost89_ecb 1010 + +#define SN_gost89_ctr "gost89-ctr" +#define NID_gost89_ctr 1011 + +#define SN_id_Gost28147_89_MAC "gost-mac" +#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" +#define NID_id_Gost28147_89_MAC 815 +#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L + +#define SN_gost_mac_12 "gost-mac-12" +#define NID_gost_mac_12 976 + +#define SN_id_GostR3411_94_prf "prf-gostr3411-94" +#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" +#define NID_id_GostR3411_94_prf 816 +#define OBJ_id_GostR3411_94_prf OBJ_cryptopro,23L + +#define SN_id_GostR3410_2001DH "id-GostR3410-2001DH" +#define LN_id_GostR3410_2001DH "GOST R 34.10-2001 DH" +#define NID_id_GostR3410_2001DH 817 +#define OBJ_id_GostR3410_2001DH OBJ_cryptopro,98L + +#define SN_id_GostR3410_94DH "id-GostR3410-94DH" +#define LN_id_GostR3410_94DH "GOST R 34.10-94 DH" +#define NID_id_GostR3410_94DH 818 +#define OBJ_id_GostR3410_94DH OBJ_cryptopro,99L + +#define SN_id_Gost28147_89_CryptoPro_KeyMeshing "id-Gost28147-89-CryptoPro-KeyMeshing" +#define NID_id_Gost28147_89_CryptoPro_KeyMeshing 819 +#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing OBJ_cryptopro,14L,1L + +#define SN_id_Gost28147_89_None_KeyMeshing "id-Gost28147-89-None-KeyMeshing" +#define NID_id_Gost28147_89_None_KeyMeshing 820 +#define OBJ_id_Gost28147_89_None_KeyMeshing OBJ_cryptopro,14L,0L + +#define SN_id_GostR3411_94_TestParamSet "id-GostR3411-94-TestParamSet" +#define NID_id_GostR3411_94_TestParamSet 821 +#define OBJ_id_GostR3411_94_TestParamSet OBJ_cryptopro,30L,0L + +#define SN_id_GostR3411_94_CryptoProParamSet "id-GostR3411-94-CryptoProParamSet" +#define NID_id_GostR3411_94_CryptoProParamSet 822 +#define OBJ_id_GostR3411_94_CryptoProParamSet OBJ_cryptopro,30L,1L + +#define SN_id_Gost28147_89_TestParamSet "id-Gost28147-89-TestParamSet" +#define NID_id_Gost28147_89_TestParamSet 823 +#define OBJ_id_Gost28147_89_TestParamSet OBJ_cryptopro,31L,0L + +#define SN_id_Gost28147_89_CryptoPro_A_ParamSet "id-Gost28147-89-CryptoPro-A-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_A_ParamSet 824 +#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet OBJ_cryptopro,31L,1L + +#define SN_id_Gost28147_89_CryptoPro_B_ParamSet "id-Gost28147-89-CryptoPro-B-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_B_ParamSet 825 +#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet OBJ_cryptopro,31L,2L + +#define SN_id_Gost28147_89_CryptoPro_C_ParamSet "id-Gost28147-89-CryptoPro-C-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_C_ParamSet 826 +#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet OBJ_cryptopro,31L,3L + +#define SN_id_Gost28147_89_CryptoPro_D_ParamSet "id-Gost28147-89-CryptoPro-D-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_D_ParamSet 827 +#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet OBJ_cryptopro,31L,4L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet OBJ_cryptopro,31L,5L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet OBJ_cryptopro,31L,6L + +#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 +#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet OBJ_cryptopro,31L,7L + +#define SN_id_GostR3410_94_TestParamSet "id-GostR3410-94-TestParamSet" +#define NID_id_GostR3410_94_TestParamSet 831 +#define OBJ_id_GostR3410_94_TestParamSet OBJ_cryptopro,32L,0L + +#define SN_id_GostR3410_94_CryptoPro_A_ParamSet "id-GostR3410-94-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_A_ParamSet 832 +#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet OBJ_cryptopro,32L,2L + +#define SN_id_GostR3410_94_CryptoPro_B_ParamSet "id-GostR3410-94-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_B_ParamSet 833 +#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet OBJ_cryptopro,32L,3L + +#define SN_id_GostR3410_94_CryptoPro_C_ParamSet "id-GostR3410-94-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_C_ParamSet 834 +#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet OBJ_cryptopro,32L,4L + +#define SN_id_GostR3410_94_CryptoPro_D_ParamSet "id-GostR3410-94-CryptoPro-D-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_D_ParamSet 835 +#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet OBJ_cryptopro,32L,5L + +#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet "id-GostR3410-94-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet 836 +#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet OBJ_cryptopro,33L,1L + +#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet "id-GostR3410-94-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet 837 +#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet OBJ_cryptopro,33L,2L + +#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet "id-GostR3410-94-CryptoPro-XchC-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet 838 +#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet OBJ_cryptopro,33L,3L + +#define SN_id_GostR3410_2001_TestParamSet "id-GostR3410-2001-TestParamSet" +#define NID_id_GostR3410_2001_TestParamSet 839 +#define OBJ_id_GostR3410_2001_TestParamSet OBJ_cryptopro,35L,0L + +#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet "id-GostR3410-2001-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet 840 +#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet OBJ_cryptopro,35L,1L + +#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet "id-GostR3410-2001-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet 841 +#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet OBJ_cryptopro,35L,2L + +#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet "id-GostR3410-2001-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet 842 +#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet OBJ_cryptopro,35L,3L + +#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet "id-GostR3410-2001-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 +#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet OBJ_cryptopro,36L,0L + +#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet "id-GostR3410-2001-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 +#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet OBJ_cryptopro,36L,1L + +#define SN_id_GostR3410_94_a "id-GostR3410-94-a" +#define NID_id_GostR3410_94_a 845 +#define OBJ_id_GostR3410_94_a OBJ_id_GostR3410_94,1L + +#define SN_id_GostR3410_94_aBis "id-GostR3410-94-aBis" +#define NID_id_GostR3410_94_aBis 846 +#define OBJ_id_GostR3410_94_aBis OBJ_id_GostR3410_94,2L + +#define SN_id_GostR3410_94_b "id-GostR3410-94-b" +#define NID_id_GostR3410_94_b 847 +#define OBJ_id_GostR3410_94_b OBJ_id_GostR3410_94,3L + +#define SN_id_GostR3410_94_bBis "id-GostR3410-94-bBis" +#define NID_id_GostR3410_94_bBis 848 +#define OBJ_id_GostR3410_94_bBis OBJ_id_GostR3410_94,4L + +#define SN_id_Gost28147_89_cc "id-Gost28147-89-cc" +#define LN_id_Gost28147_89_cc "GOST 28147-89 Cryptocom ParamSet" +#define NID_id_Gost28147_89_cc 849 +#define OBJ_id_Gost28147_89_cc OBJ_cryptocom,1L,6L,1L + +#define SN_id_GostR3410_94_cc "gost94cc" +#define LN_id_GostR3410_94_cc "GOST 34.10-94 Cryptocom" +#define NID_id_GostR3410_94_cc 850 +#define OBJ_id_GostR3410_94_cc OBJ_cryptocom,1L,5L,3L + +#define SN_id_GostR3410_2001_cc "gost2001cc" +#define LN_id_GostR3410_2001_cc "GOST 34.10-2001 Cryptocom" +#define NID_id_GostR3410_2001_cc 851 +#define OBJ_id_GostR3410_2001_cc OBJ_cryptocom,1L,5L,4L + +#define SN_id_GostR3411_94_with_GostR3410_94_cc "id-GostR3411-94-with-GostR3410-94-cc" +#define LN_id_GostR3411_94_with_GostR3410_94_cc "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_94_cc 852 +#define OBJ_id_GostR3411_94_with_GostR3410_94_cc OBJ_cryptocom,1L,3L,3L + +#define SN_id_GostR3411_94_with_GostR3410_2001_cc "id-GostR3411-94-with-GostR3410-2001-cc" +#define LN_id_GostR3411_94_with_GostR3410_2001_cc "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_2001_cc 853 +#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc OBJ_cryptocom,1L,3L,4L + +#define SN_id_GostR3410_2001_ParamSet_cc "id-GostR3410-2001-ParamSet-cc" +#define LN_id_GostR3410_2001_ParamSet_cc "GOST R 3410-2001 Parameter Set Cryptocom" +#define NID_id_GostR3410_2001_ParamSet_cc 854 +#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L + +#define SN_id_tc26_algorithms "id-tc26-algorithms" +#define NID_id_tc26_algorithms 977 +#define OBJ_id_tc26_algorithms OBJ_id_tc26,1L + +#define SN_id_tc26_sign "id-tc26-sign" +#define NID_id_tc26_sign 978 +#define OBJ_id_tc26_sign OBJ_id_tc26_algorithms,1L + +#define SN_id_GostR3410_2012_256 "gost2012_256" +#define LN_id_GostR3410_2012_256 "GOST R 34.10-2012 with 256 bit modulus" +#define NID_id_GostR3410_2012_256 979 +#define OBJ_id_GostR3410_2012_256 OBJ_id_tc26_sign,1L + +#define SN_id_GostR3410_2012_512 "gost2012_512" +#define LN_id_GostR3410_2012_512 "GOST R 34.10-2012 with 512 bit modulus" +#define NID_id_GostR3410_2012_512 980 +#define OBJ_id_GostR3410_2012_512 OBJ_id_tc26_sign,2L + +#define SN_id_tc26_digest "id-tc26-digest" +#define NID_id_tc26_digest 981 +#define OBJ_id_tc26_digest OBJ_id_tc26_algorithms,2L + +#define SN_id_GostR3411_2012_256 "md_gost12_256" +#define LN_id_GostR3411_2012_256 "GOST R 34.11-2012 with 256 bit hash" +#define NID_id_GostR3411_2012_256 982 +#define OBJ_id_GostR3411_2012_256 OBJ_id_tc26_digest,2L + +#define SN_id_GostR3411_2012_512 "md_gost12_512" +#define LN_id_GostR3411_2012_512 "GOST R 34.11-2012 with 512 bit hash" +#define NID_id_GostR3411_2012_512 983 +#define OBJ_id_GostR3411_2012_512 OBJ_id_tc26_digest,3L + +#define SN_id_tc26_signwithdigest "id-tc26-signwithdigest" +#define NID_id_tc26_signwithdigest 984 +#define OBJ_id_tc26_signwithdigest OBJ_id_tc26_algorithms,3L + +#define SN_id_tc26_signwithdigest_gost3410_2012_256 "id-tc26-signwithdigest-gost3410-2012-256" +#define LN_id_tc26_signwithdigest_gost3410_2012_256 "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" +#define NID_id_tc26_signwithdigest_gost3410_2012_256 985 +#define OBJ_id_tc26_signwithdigest_gost3410_2012_256 OBJ_id_tc26_signwithdigest,2L + +#define SN_id_tc26_signwithdigest_gost3410_2012_512 "id-tc26-signwithdigest-gost3410-2012-512" +#define LN_id_tc26_signwithdigest_gost3410_2012_512 "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" +#define NID_id_tc26_signwithdigest_gost3410_2012_512 986 +#define OBJ_id_tc26_signwithdigest_gost3410_2012_512 OBJ_id_tc26_signwithdigest,3L + +#define SN_id_tc26_mac "id-tc26-mac" +#define NID_id_tc26_mac 987 +#define OBJ_id_tc26_mac OBJ_id_tc26_algorithms,4L + +#define SN_id_tc26_hmac_gost_3411_2012_256 "id-tc26-hmac-gost-3411-2012-256" +#define LN_id_tc26_hmac_gost_3411_2012_256 "HMAC GOST 34.11-2012 256 bit" +#define NID_id_tc26_hmac_gost_3411_2012_256 988 +#define OBJ_id_tc26_hmac_gost_3411_2012_256 OBJ_id_tc26_mac,1L + +#define SN_id_tc26_hmac_gost_3411_2012_512 "id-tc26-hmac-gost-3411-2012-512" +#define LN_id_tc26_hmac_gost_3411_2012_512 "HMAC GOST 34.11-2012 512 bit" +#define NID_id_tc26_hmac_gost_3411_2012_512 989 +#define OBJ_id_tc26_hmac_gost_3411_2012_512 OBJ_id_tc26_mac,2L + +#define SN_id_tc26_cipher "id-tc26-cipher" +#define NID_id_tc26_cipher 990 +#define OBJ_id_tc26_cipher OBJ_id_tc26_algorithms,5L + +#define SN_id_tc26_cipher_gostr3412_2015_magma "id-tc26-cipher-gostr3412-2015-magma" +#define NID_id_tc26_cipher_gostr3412_2015_magma 1173 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma OBJ_id_tc26_cipher,1L + +#define SN_magma_ctr_acpkm "magma-ctr-acpkm" +#define NID_magma_ctr_acpkm 1174 +#define OBJ_magma_ctr_acpkm OBJ_id_tc26_cipher_gostr3412_2015_magma,1L + +#define SN_magma_ctr_acpkm_omac "magma-ctr-acpkm-omac" +#define NID_magma_ctr_acpkm_omac 1175 +#define OBJ_magma_ctr_acpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_magma,2L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik "id-tc26-cipher-gostr3412-2015-kuznyechik" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik 1176 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik OBJ_id_tc26_cipher,2L + +#define SN_kuznyechik_ctr_acpkm "kuznyechik-ctr-acpkm" +#define NID_kuznyechik_ctr_acpkm 1177 +#define OBJ_kuznyechik_ctr_acpkm OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,1L + +#define SN_kuznyechik_ctr_acpkm_omac "kuznyechik-ctr-acpkm-omac" +#define NID_kuznyechik_ctr_acpkm_omac 1178 +#define OBJ_kuznyechik_ctr_acpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,2L + +#define SN_id_tc26_agreement "id-tc26-agreement" +#define NID_id_tc26_agreement 991 +#define OBJ_id_tc26_agreement OBJ_id_tc26_algorithms,6L + +#define SN_id_tc26_agreement_gost_3410_2012_256 "id-tc26-agreement-gost-3410-2012-256" +#define NID_id_tc26_agreement_gost_3410_2012_256 992 +#define OBJ_id_tc26_agreement_gost_3410_2012_256 OBJ_id_tc26_agreement,1L + +#define SN_id_tc26_agreement_gost_3410_2012_512 "id-tc26-agreement-gost-3410-2012-512" +#define NID_id_tc26_agreement_gost_3410_2012_512 993 +#define OBJ_id_tc26_agreement_gost_3410_2012_512 OBJ_id_tc26_agreement,2L + +#define SN_id_tc26_wrap "id-tc26-wrap" +#define NID_id_tc26_wrap 1179 +#define OBJ_id_tc26_wrap OBJ_id_tc26_algorithms,7L + +#define SN_id_tc26_wrap_gostr3412_2015_magma "id-tc26-wrap-gostr3412-2015-magma" +#define NID_id_tc26_wrap_gostr3412_2015_magma 1180 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma OBJ_id_tc26_wrap,1L + +#define SN_magma_kexp15 "magma-kexp15" +#define NID_magma_kexp15 1181 +#define OBJ_magma_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_magma,1L + +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik "id-tc26-wrap-gostr3412-2015-kuznyechik" +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik 1182 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik OBJ_id_tc26_wrap,2L + +#define SN_kuznyechik_kexp15 "kuznyechik-kexp15" +#define NID_kuznyechik_kexp15 1183 +#define OBJ_kuznyechik_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik,1L + +#define SN_id_tc26_constants "id-tc26-constants" +#define NID_id_tc26_constants 994 +#define OBJ_id_tc26_constants OBJ_id_tc26,2L + +#define SN_id_tc26_sign_constants "id-tc26-sign-constants" +#define NID_id_tc26_sign_constants 995 +#define OBJ_id_tc26_sign_constants OBJ_id_tc26_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_constants "id-tc26-gost-3410-2012-256-constants" +#define NID_id_tc26_gost_3410_2012_256_constants 1147 +#define OBJ_id_tc26_gost_3410_2012_256_constants OBJ_id_tc26_sign_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_paramSetA "id-tc26-gost-3410-2012-256-paramSetA" +#define LN_id_tc26_gost_3410_2012_256_paramSetA "GOST R 34.10-2012 (256 bit) ParamSet A" +#define NID_id_tc26_gost_3410_2012_256_paramSetA 1148 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetA OBJ_id_tc26_gost_3410_2012_256_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_paramSetB "id-tc26-gost-3410-2012-256-paramSetB" +#define LN_id_tc26_gost_3410_2012_256_paramSetB "GOST R 34.10-2012 (256 bit) ParamSet B" +#define NID_id_tc26_gost_3410_2012_256_paramSetB 1184 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetB OBJ_id_tc26_gost_3410_2012_256_constants,2L + +#define SN_id_tc26_gost_3410_2012_256_paramSetC "id-tc26-gost-3410-2012-256-paramSetC" +#define LN_id_tc26_gost_3410_2012_256_paramSetC "GOST R 34.10-2012 (256 bit) ParamSet C" +#define NID_id_tc26_gost_3410_2012_256_paramSetC 1185 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetC OBJ_id_tc26_gost_3410_2012_256_constants,3L + +#define SN_id_tc26_gost_3410_2012_256_paramSetD "id-tc26-gost-3410-2012-256-paramSetD" +#define LN_id_tc26_gost_3410_2012_256_paramSetD "GOST R 34.10-2012 (256 bit) ParamSet D" +#define NID_id_tc26_gost_3410_2012_256_paramSetD 1186 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetD OBJ_id_tc26_gost_3410_2012_256_constants,4L + +#define SN_id_tc26_gost_3410_2012_512_constants "id-tc26-gost-3410-2012-512-constants" +#define NID_id_tc26_gost_3410_2012_512_constants 996 +#define OBJ_id_tc26_gost_3410_2012_512_constants OBJ_id_tc26_sign_constants,2L + +#define SN_id_tc26_gost_3410_2012_512_paramSetTest "id-tc26-gost-3410-2012-512-paramSetTest" +#define LN_id_tc26_gost_3410_2012_512_paramSetTest "GOST R 34.10-2012 (512 bit) testing parameter set" +#define NID_id_tc26_gost_3410_2012_512_paramSetTest 997 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetTest OBJ_id_tc26_gost_3410_2012_512_constants,0L + +#define SN_id_tc26_gost_3410_2012_512_paramSetA "id-tc26-gost-3410-2012-512-paramSetA" +#define LN_id_tc26_gost_3410_2012_512_paramSetA "GOST R 34.10-2012 (512 bit) ParamSet A" +#define NID_id_tc26_gost_3410_2012_512_paramSetA 998 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetA OBJ_id_tc26_gost_3410_2012_512_constants,1L + +#define SN_id_tc26_gost_3410_2012_512_paramSetB "id-tc26-gost-3410-2012-512-paramSetB" +#define LN_id_tc26_gost_3410_2012_512_paramSetB "GOST R 34.10-2012 (512 bit) ParamSet B" +#define NID_id_tc26_gost_3410_2012_512_paramSetB 999 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetB OBJ_id_tc26_gost_3410_2012_512_constants,2L + +#define SN_id_tc26_gost_3410_2012_512_paramSetC "id-tc26-gost-3410-2012-512-paramSetC" +#define LN_id_tc26_gost_3410_2012_512_paramSetC "GOST R 34.10-2012 (512 bit) ParamSet C" +#define NID_id_tc26_gost_3410_2012_512_paramSetC 1149 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetC OBJ_id_tc26_gost_3410_2012_512_constants,3L + +#define SN_id_tc26_digest_constants "id-tc26-digest-constants" +#define NID_id_tc26_digest_constants 1000 +#define OBJ_id_tc26_digest_constants OBJ_id_tc26_constants,2L + +#define SN_id_tc26_cipher_constants "id-tc26-cipher-constants" +#define NID_id_tc26_cipher_constants 1001 +#define OBJ_id_tc26_cipher_constants OBJ_id_tc26_constants,5L + +#define SN_id_tc26_gost_28147_constants "id-tc26-gost-28147-constants" +#define NID_id_tc26_gost_28147_constants 1002 +#define OBJ_id_tc26_gost_28147_constants OBJ_id_tc26_cipher_constants,1L + +#define SN_id_tc26_gost_28147_param_Z "id-tc26-gost-28147-param-Z" +#define LN_id_tc26_gost_28147_param_Z "GOST 28147-89 TC26 parameter set" +#define NID_id_tc26_gost_28147_param_Z 1003 +#define OBJ_id_tc26_gost_28147_param_Z OBJ_id_tc26_gost_28147_constants,1L + +#define SN_INN "INN" +#define LN_INN "INN" +#define NID_INN 1004 +#define OBJ_INN OBJ_member_body,643L,3L,131L,1L,1L + +#define SN_OGRN "OGRN" +#define LN_OGRN "OGRN" +#define NID_OGRN 1005 +#define OBJ_OGRN OBJ_member_body,643L,100L,1L + +#define SN_SNILS "SNILS" +#define LN_SNILS "SNILS" +#define NID_SNILS 1006 +#define OBJ_SNILS OBJ_member_body,643L,100L,3L + +#define SN_OGRNIP "OGRNIP" +#define LN_OGRNIP "OGRNIP" +#define NID_OGRNIP 1226 +#define OBJ_OGRNIP OBJ_member_body,643L,100L,5L + +#define SN_subjectSignTool "subjectSignTool" +#define LN_subjectSignTool "Signing Tool of Subject" +#define NID_subjectSignTool 1007 +#define OBJ_subjectSignTool OBJ_member_body,643L,100L,111L + +#define SN_issuerSignTool "issuerSignTool" +#define LN_issuerSignTool "Signing Tool of Issuer" +#define NID_issuerSignTool 1008 +#define OBJ_issuerSignTool OBJ_member_body,643L,100L,112L + +#define SN_classSignTool "classSignTool" +#define LN_classSignTool "Class of Signing Tool" +#define NID_classSignTool 1227 +#define OBJ_classSignTool OBJ_member_body,643L,100L,113L + +#define SN_classSignToolKC1 "classSignToolKC1" +#define LN_classSignToolKC1 "Class of Signing Tool KC1" +#define NID_classSignToolKC1 1228 +#define OBJ_classSignToolKC1 OBJ_member_body,643L,100L,113L,1L + +#define SN_classSignToolKC2 "classSignToolKC2" +#define LN_classSignToolKC2 "Class of Signing Tool KC2" +#define NID_classSignToolKC2 1229 +#define OBJ_classSignToolKC2 OBJ_member_body,643L,100L,113L,2L + +#define SN_classSignToolKC3 "classSignToolKC3" +#define LN_classSignToolKC3 "Class of Signing Tool KC3" +#define NID_classSignToolKC3 1230 +#define OBJ_classSignToolKC3 OBJ_member_body,643L,100L,113L,3L + +#define SN_classSignToolKB1 "classSignToolKB1" +#define LN_classSignToolKB1 "Class of Signing Tool KB1" +#define NID_classSignToolKB1 1231 +#define OBJ_classSignToolKB1 OBJ_member_body,643L,100L,113L,4L + +#define SN_classSignToolKB2 "classSignToolKB2" +#define LN_classSignToolKB2 "Class of Signing Tool KB2" +#define NID_classSignToolKB2 1232 +#define OBJ_classSignToolKB2 OBJ_member_body,643L,100L,113L,5L + +#define SN_classSignToolKA1 "classSignToolKA1" +#define LN_classSignToolKA1 "Class of Signing Tool KA1" +#define NID_classSignToolKA1 1233 +#define OBJ_classSignToolKA1 OBJ_member_body,643L,100L,113L,6L + +#define SN_kuznyechik_ecb "kuznyechik-ecb" +#define NID_kuznyechik_ecb 1012 + +#define SN_kuznyechik_ctr "kuznyechik-ctr" +#define NID_kuznyechik_ctr 1013 + +#define SN_kuznyechik_ofb "kuznyechik-ofb" +#define NID_kuznyechik_ofb 1014 + +#define SN_kuznyechik_cbc "kuznyechik-cbc" +#define NID_kuznyechik_cbc 1015 + +#define SN_kuznyechik_cfb "kuznyechik-cfb" +#define NID_kuznyechik_cfb 1016 + +#define SN_kuznyechik_mac "kuznyechik-mac" +#define NID_kuznyechik_mac 1017 + +#define SN_magma_ecb "magma-ecb" +#define NID_magma_ecb 1187 + +#define SN_magma_ctr "magma-ctr" +#define NID_magma_ctr 1188 + +#define SN_magma_ofb "magma-ofb" +#define NID_magma_ofb 1189 + +#define SN_magma_cbc "magma-cbc" +#define NID_magma_cbc 1190 + +#define SN_magma_cfb "magma-cfb" +#define NID_magma_cfb 1191 + +#define SN_magma_mac "magma-mac" +#define NID_magma_mac 1192 + +#define SN_camellia_128_cbc "CAMELLIA-128-CBC" +#define LN_camellia_128_cbc "camellia-128-cbc" +#define NID_camellia_128_cbc 751 +#define OBJ_camellia_128_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,2L + +#define SN_camellia_192_cbc "CAMELLIA-192-CBC" +#define LN_camellia_192_cbc "camellia-192-cbc" +#define NID_camellia_192_cbc 752 +#define OBJ_camellia_192_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,3L + +#define SN_camellia_256_cbc "CAMELLIA-256-CBC" +#define LN_camellia_256_cbc "camellia-256-cbc" +#define NID_camellia_256_cbc 753 +#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L + +#define SN_id_camellia128_wrap "id-camellia128-wrap" +#define NID_id_camellia128_wrap 907 +#define OBJ_id_camellia128_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,2L + +#define SN_id_camellia192_wrap "id-camellia192-wrap" +#define NID_id_camellia192_wrap 908 +#define OBJ_id_camellia192_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,3L + +#define SN_id_camellia256_wrap "id-camellia256-wrap" +#define NID_id_camellia256_wrap 909 +#define OBJ_id_camellia256_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,4L + +#define OBJ_ntt_ds 0L,3L,4401L,5L + +#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L + +#define SN_camellia_128_ecb "CAMELLIA-128-ECB" +#define LN_camellia_128_ecb "camellia-128-ecb" +#define NID_camellia_128_ecb 754 +#define OBJ_camellia_128_ecb OBJ_camellia,1L + +#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB" +#define LN_camellia_128_ofb128 "camellia-128-ofb" +#define NID_camellia_128_ofb128 766 +#define OBJ_camellia_128_ofb128 OBJ_camellia,3L + +#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB" +#define LN_camellia_128_cfb128 "camellia-128-cfb" +#define NID_camellia_128_cfb128 757 +#define OBJ_camellia_128_cfb128 OBJ_camellia,4L + +#define SN_camellia_128_gcm "CAMELLIA-128-GCM" +#define LN_camellia_128_gcm "camellia-128-gcm" +#define NID_camellia_128_gcm 961 +#define OBJ_camellia_128_gcm OBJ_camellia,6L + +#define SN_camellia_128_ccm "CAMELLIA-128-CCM" +#define LN_camellia_128_ccm "camellia-128-ccm" +#define NID_camellia_128_ccm 962 +#define OBJ_camellia_128_ccm OBJ_camellia,7L + +#define SN_camellia_128_ctr "CAMELLIA-128-CTR" +#define LN_camellia_128_ctr "camellia-128-ctr" +#define NID_camellia_128_ctr 963 +#define OBJ_camellia_128_ctr OBJ_camellia,9L + +#define SN_camellia_128_cmac "CAMELLIA-128-CMAC" +#define LN_camellia_128_cmac "camellia-128-cmac" +#define NID_camellia_128_cmac 964 +#define OBJ_camellia_128_cmac OBJ_camellia,10L + +#define SN_camellia_192_ecb "CAMELLIA-192-ECB" +#define LN_camellia_192_ecb "camellia-192-ecb" +#define NID_camellia_192_ecb 755 +#define OBJ_camellia_192_ecb OBJ_camellia,21L + +#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB" +#define LN_camellia_192_ofb128 "camellia-192-ofb" +#define NID_camellia_192_ofb128 767 +#define OBJ_camellia_192_ofb128 OBJ_camellia,23L + +#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB" +#define LN_camellia_192_cfb128 "camellia-192-cfb" +#define NID_camellia_192_cfb128 758 +#define OBJ_camellia_192_cfb128 OBJ_camellia,24L + +#define SN_camellia_192_gcm "CAMELLIA-192-GCM" +#define LN_camellia_192_gcm "camellia-192-gcm" +#define NID_camellia_192_gcm 965 +#define OBJ_camellia_192_gcm OBJ_camellia,26L + +#define SN_camellia_192_ccm "CAMELLIA-192-CCM" +#define LN_camellia_192_ccm "camellia-192-ccm" +#define NID_camellia_192_ccm 966 +#define OBJ_camellia_192_ccm OBJ_camellia,27L + +#define SN_camellia_192_ctr "CAMELLIA-192-CTR" +#define LN_camellia_192_ctr "camellia-192-ctr" +#define NID_camellia_192_ctr 967 +#define OBJ_camellia_192_ctr OBJ_camellia,29L + +#define SN_camellia_192_cmac "CAMELLIA-192-CMAC" +#define LN_camellia_192_cmac "camellia-192-cmac" +#define NID_camellia_192_cmac 968 +#define OBJ_camellia_192_cmac OBJ_camellia,30L + +#define SN_camellia_256_ecb "CAMELLIA-256-ECB" +#define LN_camellia_256_ecb "camellia-256-ecb" +#define NID_camellia_256_ecb 756 +#define OBJ_camellia_256_ecb OBJ_camellia,41L + +#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB" +#define LN_camellia_256_ofb128 "camellia-256-ofb" +#define NID_camellia_256_ofb128 768 +#define OBJ_camellia_256_ofb128 OBJ_camellia,43L + +#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB" +#define LN_camellia_256_cfb128 "camellia-256-cfb" +#define NID_camellia_256_cfb128 759 +#define OBJ_camellia_256_cfb128 OBJ_camellia,44L + +#define SN_camellia_256_gcm "CAMELLIA-256-GCM" +#define LN_camellia_256_gcm "camellia-256-gcm" +#define NID_camellia_256_gcm 969 +#define OBJ_camellia_256_gcm OBJ_camellia,46L + +#define SN_camellia_256_ccm "CAMELLIA-256-CCM" +#define LN_camellia_256_ccm "camellia-256-ccm" +#define NID_camellia_256_ccm 970 +#define OBJ_camellia_256_ccm OBJ_camellia,47L + +#define SN_camellia_256_ctr "CAMELLIA-256-CTR" +#define LN_camellia_256_ctr "camellia-256-ctr" +#define NID_camellia_256_ctr 971 +#define OBJ_camellia_256_ctr OBJ_camellia,49L + +#define SN_camellia_256_cmac "CAMELLIA-256-CMAC" +#define LN_camellia_256_cmac "camellia-256-cmac" +#define NID_camellia_256_cmac 972 +#define OBJ_camellia_256_cmac OBJ_camellia,50L + +#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" +#define LN_camellia_128_cfb1 "camellia-128-cfb1" +#define NID_camellia_128_cfb1 760 + +#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1" +#define LN_camellia_192_cfb1 "camellia-192-cfb1" +#define NID_camellia_192_cfb1 761 + +#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1" +#define LN_camellia_256_cfb1 "camellia-256-cfb1" +#define NID_camellia_256_cfb1 762 + +#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8" +#define LN_camellia_128_cfb8 "camellia-128-cfb8" +#define NID_camellia_128_cfb8 763 + +#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8" +#define LN_camellia_192_cfb8 "camellia-192-cfb8" +#define NID_camellia_192_cfb8 764 + +#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8" +#define LN_camellia_256_cfb8 "camellia-256-cfb8" +#define NID_camellia_256_cfb8 765 + +#define OBJ_aria 1L,2L,410L,200046L,1L,1L + +#define SN_aria_128_ecb "ARIA-128-ECB" +#define LN_aria_128_ecb "aria-128-ecb" +#define NID_aria_128_ecb 1065 +#define OBJ_aria_128_ecb OBJ_aria,1L + +#define SN_aria_128_cbc "ARIA-128-CBC" +#define LN_aria_128_cbc "aria-128-cbc" +#define NID_aria_128_cbc 1066 +#define OBJ_aria_128_cbc OBJ_aria,2L + +#define SN_aria_128_cfb128 "ARIA-128-CFB" +#define LN_aria_128_cfb128 "aria-128-cfb" +#define NID_aria_128_cfb128 1067 +#define OBJ_aria_128_cfb128 OBJ_aria,3L + +#define SN_aria_128_ofb128 "ARIA-128-OFB" +#define LN_aria_128_ofb128 "aria-128-ofb" +#define NID_aria_128_ofb128 1068 +#define OBJ_aria_128_ofb128 OBJ_aria,4L + +#define SN_aria_128_ctr "ARIA-128-CTR" +#define LN_aria_128_ctr "aria-128-ctr" +#define NID_aria_128_ctr 1069 +#define OBJ_aria_128_ctr OBJ_aria,5L + +#define SN_aria_192_ecb "ARIA-192-ECB" +#define LN_aria_192_ecb "aria-192-ecb" +#define NID_aria_192_ecb 1070 +#define OBJ_aria_192_ecb OBJ_aria,6L + +#define SN_aria_192_cbc "ARIA-192-CBC" +#define LN_aria_192_cbc "aria-192-cbc" +#define NID_aria_192_cbc 1071 +#define OBJ_aria_192_cbc OBJ_aria,7L + +#define SN_aria_192_cfb128 "ARIA-192-CFB" +#define LN_aria_192_cfb128 "aria-192-cfb" +#define NID_aria_192_cfb128 1072 +#define OBJ_aria_192_cfb128 OBJ_aria,8L + +#define SN_aria_192_ofb128 "ARIA-192-OFB" +#define LN_aria_192_ofb128 "aria-192-ofb" +#define NID_aria_192_ofb128 1073 +#define OBJ_aria_192_ofb128 OBJ_aria,9L + +#define SN_aria_192_ctr "ARIA-192-CTR" +#define LN_aria_192_ctr "aria-192-ctr" +#define NID_aria_192_ctr 1074 +#define OBJ_aria_192_ctr OBJ_aria,10L + +#define SN_aria_256_ecb "ARIA-256-ECB" +#define LN_aria_256_ecb "aria-256-ecb" +#define NID_aria_256_ecb 1075 +#define OBJ_aria_256_ecb OBJ_aria,11L + +#define SN_aria_256_cbc "ARIA-256-CBC" +#define LN_aria_256_cbc "aria-256-cbc" +#define NID_aria_256_cbc 1076 +#define OBJ_aria_256_cbc OBJ_aria,12L + +#define SN_aria_256_cfb128 "ARIA-256-CFB" +#define LN_aria_256_cfb128 "aria-256-cfb" +#define NID_aria_256_cfb128 1077 +#define OBJ_aria_256_cfb128 OBJ_aria,13L + +#define SN_aria_256_ofb128 "ARIA-256-OFB" +#define LN_aria_256_ofb128 "aria-256-ofb" +#define NID_aria_256_ofb128 1078 +#define OBJ_aria_256_ofb128 OBJ_aria,14L + +#define SN_aria_256_ctr "ARIA-256-CTR" +#define LN_aria_256_ctr "aria-256-ctr" +#define NID_aria_256_ctr 1079 +#define OBJ_aria_256_ctr OBJ_aria,15L + +#define SN_aria_128_cfb1 "ARIA-128-CFB1" +#define LN_aria_128_cfb1 "aria-128-cfb1" +#define NID_aria_128_cfb1 1080 + +#define SN_aria_192_cfb1 "ARIA-192-CFB1" +#define LN_aria_192_cfb1 "aria-192-cfb1" +#define NID_aria_192_cfb1 1081 + +#define SN_aria_256_cfb1 "ARIA-256-CFB1" +#define LN_aria_256_cfb1 "aria-256-cfb1" +#define NID_aria_256_cfb1 1082 + +#define SN_aria_128_cfb8 "ARIA-128-CFB8" +#define LN_aria_128_cfb8 "aria-128-cfb8" +#define NID_aria_128_cfb8 1083 + +#define SN_aria_192_cfb8 "ARIA-192-CFB8" +#define LN_aria_192_cfb8 "aria-192-cfb8" +#define NID_aria_192_cfb8 1084 + +#define SN_aria_256_cfb8 "ARIA-256-CFB8" +#define LN_aria_256_cfb8 "aria-256-cfb8" +#define NID_aria_256_cfb8 1085 + +#define SN_aria_128_ccm "ARIA-128-CCM" +#define LN_aria_128_ccm "aria-128-ccm" +#define NID_aria_128_ccm 1120 +#define OBJ_aria_128_ccm OBJ_aria,37L + +#define SN_aria_192_ccm "ARIA-192-CCM" +#define LN_aria_192_ccm "aria-192-ccm" +#define NID_aria_192_ccm 1121 +#define OBJ_aria_192_ccm OBJ_aria,38L + +#define SN_aria_256_ccm "ARIA-256-CCM" +#define LN_aria_256_ccm "aria-256-ccm" +#define NID_aria_256_ccm 1122 +#define OBJ_aria_256_ccm OBJ_aria,39L + +#define SN_aria_128_gcm "ARIA-128-GCM" +#define LN_aria_128_gcm "aria-128-gcm" +#define NID_aria_128_gcm 1123 +#define OBJ_aria_128_gcm OBJ_aria,34L + +#define SN_aria_192_gcm "ARIA-192-GCM" +#define LN_aria_192_gcm "aria-192-gcm" +#define NID_aria_192_gcm 1124 +#define OBJ_aria_192_gcm OBJ_aria,35L + +#define SN_aria_256_gcm "ARIA-256-GCM" +#define LN_aria_256_gcm "aria-256-gcm" +#define NID_aria_256_gcm 1125 +#define OBJ_aria_256_gcm OBJ_aria,36L + +#define SN_kisa "KISA" +#define LN_kisa "kisa" +#define NID_kisa 773 +#define OBJ_kisa OBJ_member_body,410L,200004L + +#define SN_seed_ecb "SEED-ECB" +#define LN_seed_ecb "seed-ecb" +#define NID_seed_ecb 776 +#define OBJ_seed_ecb OBJ_kisa,1L,3L + +#define SN_seed_cbc "SEED-CBC" +#define LN_seed_cbc "seed-cbc" +#define NID_seed_cbc 777 +#define OBJ_seed_cbc OBJ_kisa,1L,4L + +#define SN_seed_cfb128 "SEED-CFB" +#define LN_seed_cfb128 "seed-cfb" +#define NID_seed_cfb128 779 +#define OBJ_seed_cfb128 OBJ_kisa,1L,5L + +#define SN_seed_ofb128 "SEED-OFB" +#define LN_seed_ofb128 "seed-ofb" +#define NID_seed_ofb128 778 +#define OBJ_seed_ofb128 OBJ_kisa,1L,6L + +#define SN_sm4_ecb "SM4-ECB" +#define LN_sm4_ecb "sm4-ecb" +#define NID_sm4_ecb 1133 +#define OBJ_sm4_ecb OBJ_sm_scheme,104L,1L + +#define SN_sm4_cbc "SM4-CBC" +#define LN_sm4_cbc "sm4-cbc" +#define NID_sm4_cbc 1134 +#define OBJ_sm4_cbc OBJ_sm_scheme,104L,2L + +#define SN_sm4_ofb128 "SM4-OFB" +#define LN_sm4_ofb128 "sm4-ofb" +#define NID_sm4_ofb128 1135 +#define OBJ_sm4_ofb128 OBJ_sm_scheme,104L,3L + +#define SN_sm4_cfb128 "SM4-CFB" +#define LN_sm4_cfb128 "sm4-cfb" +#define NID_sm4_cfb128 1137 +#define OBJ_sm4_cfb128 OBJ_sm_scheme,104L,4L + +#define SN_sm4_cfb1 "SM4-CFB1" +#define LN_sm4_cfb1 "sm4-cfb1" +#define NID_sm4_cfb1 1136 +#define OBJ_sm4_cfb1 OBJ_sm_scheme,104L,5L + +#define SN_sm4_cfb8 "SM4-CFB8" +#define LN_sm4_cfb8 "sm4-cfb8" +#define NID_sm4_cfb8 1138 +#define OBJ_sm4_cfb8 OBJ_sm_scheme,104L,6L + +#define SN_sm4_ctr "SM4-CTR" +#define LN_sm4_ctr "sm4-ctr" +#define NID_sm4_ctr 1139 +#define OBJ_sm4_ctr OBJ_sm_scheme,104L,7L + +#define SN_sm4_gcm "SM4-GCM" +#define LN_sm4_gcm "sm4-gcm" +#define NID_sm4_gcm 1248 +#define OBJ_sm4_gcm OBJ_sm_scheme,104L,8L + +#define SN_sm4_ccm "SM4-CCM" +#define LN_sm4_ccm "sm4-ccm" +#define NID_sm4_ccm 1249 +#define OBJ_sm4_ccm OBJ_sm_scheme,104L,9L + +#define SN_sm4_xts "SM4-XTS" +#define LN_sm4_xts "sm4-xts" +#define NID_sm4_xts 1290 +#define OBJ_sm4_xts OBJ_sm_scheme,104L,10L + +#define SN_hmac "HMAC" +#define LN_hmac "hmac" +#define NID_hmac 855 + +#define SN_cmac "CMAC" +#define LN_cmac "cmac" +#define NID_cmac 894 + +#define SN_rc4_hmac_md5 "RC4-HMAC-MD5" +#define LN_rc4_hmac_md5 "rc4-hmac-md5" +#define NID_rc4_hmac_md5 915 + +#define SN_aes_128_cbc_hmac_sha1 "AES-128-CBC-HMAC-SHA1" +#define LN_aes_128_cbc_hmac_sha1 "aes-128-cbc-hmac-sha1" +#define NID_aes_128_cbc_hmac_sha1 916 + +#define SN_aes_192_cbc_hmac_sha1 "AES-192-CBC-HMAC-SHA1" +#define LN_aes_192_cbc_hmac_sha1 "aes-192-cbc-hmac-sha1" +#define NID_aes_192_cbc_hmac_sha1 917 + +#define SN_aes_256_cbc_hmac_sha1 "AES-256-CBC-HMAC-SHA1" +#define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" +#define NID_aes_256_cbc_hmac_sha1 918 + +#define SN_aes_128_cbc_hmac_sha256 "AES-128-CBC-HMAC-SHA256" +#define LN_aes_128_cbc_hmac_sha256 "aes-128-cbc-hmac-sha256" +#define NID_aes_128_cbc_hmac_sha256 948 + +#define SN_aes_192_cbc_hmac_sha256 "AES-192-CBC-HMAC-SHA256" +#define LN_aes_192_cbc_hmac_sha256 "aes-192-cbc-hmac-sha256" +#define NID_aes_192_cbc_hmac_sha256 949 + +#define SN_aes_256_cbc_hmac_sha256 "AES-256-CBC-HMAC-SHA256" +#define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256" +#define NID_aes_256_cbc_hmac_sha256 950 + +#define SN_chacha20_poly1305 "ChaCha20-Poly1305" +#define LN_chacha20_poly1305 "chacha20-poly1305" +#define NID_chacha20_poly1305 1018 + +#define SN_chacha20 "ChaCha20" +#define LN_chacha20 "chacha20" +#define NID_chacha20 1019 + +#define SN_dhpublicnumber "dhpublicnumber" +#define LN_dhpublicnumber "X9.42 DH" +#define NID_dhpublicnumber 920 +#define OBJ_dhpublicnumber OBJ_ISO_US,10046L,2L,1L + +#define SN_brainpoolP160r1 "brainpoolP160r1" +#define NID_brainpoolP160r1 921 +#define OBJ_brainpoolP160r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,1L + +#define SN_brainpoolP160t1 "brainpoolP160t1" +#define NID_brainpoolP160t1 922 +#define OBJ_brainpoolP160t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,2L + +#define SN_brainpoolP192r1 "brainpoolP192r1" +#define NID_brainpoolP192r1 923 +#define OBJ_brainpoolP192r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,3L + +#define SN_brainpoolP192t1 "brainpoolP192t1" +#define NID_brainpoolP192t1 924 +#define OBJ_brainpoolP192t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,4L + +#define SN_brainpoolP224r1 "brainpoolP224r1" +#define NID_brainpoolP224r1 925 +#define OBJ_brainpoolP224r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,5L + +#define SN_brainpoolP224t1 "brainpoolP224t1" +#define NID_brainpoolP224t1 926 +#define OBJ_brainpoolP224t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,6L + +#define SN_brainpoolP256r1 "brainpoolP256r1" +#define NID_brainpoolP256r1 927 +#define OBJ_brainpoolP256r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,7L + +#define SN_brainpoolP256r1tls13 "brainpoolP256r1tls13" +#define NID_brainpoolP256r1tls13 1285 + +#define SN_brainpoolP256t1 "brainpoolP256t1" +#define NID_brainpoolP256t1 928 +#define OBJ_brainpoolP256t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,8L + +#define SN_brainpoolP320r1 "brainpoolP320r1" +#define NID_brainpoolP320r1 929 +#define OBJ_brainpoolP320r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,9L + +#define SN_brainpoolP320t1 "brainpoolP320t1" +#define NID_brainpoolP320t1 930 +#define OBJ_brainpoolP320t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,10L + +#define SN_brainpoolP384r1 "brainpoolP384r1" +#define NID_brainpoolP384r1 931 +#define OBJ_brainpoolP384r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,11L + +#define SN_brainpoolP384r1tls13 "brainpoolP384r1tls13" +#define NID_brainpoolP384r1tls13 1286 + +#define SN_brainpoolP384t1 "brainpoolP384t1" +#define NID_brainpoolP384t1 932 +#define OBJ_brainpoolP384t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,12L + +#define SN_brainpoolP512r1 "brainpoolP512r1" +#define NID_brainpoolP512r1 933 +#define OBJ_brainpoolP512r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,13L + +#define SN_brainpoolP512r1tls13 "brainpoolP512r1tls13" +#define NID_brainpoolP512r1tls13 1287 + +#define SN_brainpoolP512t1 "brainpoolP512t1" +#define NID_brainpoolP512t1 934 +#define OBJ_brainpoolP512t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,14L + +#define OBJ_x9_63_scheme 1L,3L,133L,16L,840L,63L,0L + +#define OBJ_secg_scheme OBJ_certicom_arc,1L + +#define SN_dhSinglePass_stdDH_sha1kdf_scheme "dhSinglePass-stdDH-sha1kdf-scheme" +#define NID_dhSinglePass_stdDH_sha1kdf_scheme 936 +#define OBJ_dhSinglePass_stdDH_sha1kdf_scheme OBJ_x9_63_scheme,2L + +#define SN_dhSinglePass_stdDH_sha224kdf_scheme "dhSinglePass-stdDH-sha224kdf-scheme" +#define NID_dhSinglePass_stdDH_sha224kdf_scheme 937 +#define OBJ_dhSinglePass_stdDH_sha224kdf_scheme OBJ_secg_scheme,11L,0L + +#define SN_dhSinglePass_stdDH_sha256kdf_scheme "dhSinglePass-stdDH-sha256kdf-scheme" +#define NID_dhSinglePass_stdDH_sha256kdf_scheme 938 +#define OBJ_dhSinglePass_stdDH_sha256kdf_scheme OBJ_secg_scheme,11L,1L + +#define SN_dhSinglePass_stdDH_sha384kdf_scheme "dhSinglePass-stdDH-sha384kdf-scheme" +#define NID_dhSinglePass_stdDH_sha384kdf_scheme 939 +#define OBJ_dhSinglePass_stdDH_sha384kdf_scheme OBJ_secg_scheme,11L,2L + +#define SN_dhSinglePass_stdDH_sha512kdf_scheme "dhSinglePass-stdDH-sha512kdf-scheme" +#define NID_dhSinglePass_stdDH_sha512kdf_scheme 940 +#define OBJ_dhSinglePass_stdDH_sha512kdf_scheme OBJ_secg_scheme,11L,3L + +#define SN_dhSinglePass_cofactorDH_sha1kdf_scheme "dhSinglePass-cofactorDH-sha1kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha1kdf_scheme 941 +#define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme OBJ_x9_63_scheme,3L + +#define SN_dhSinglePass_cofactorDH_sha224kdf_scheme "dhSinglePass-cofactorDH-sha224kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha224kdf_scheme 942 +#define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme OBJ_secg_scheme,14L,0L + +#define SN_dhSinglePass_cofactorDH_sha256kdf_scheme "dhSinglePass-cofactorDH-sha256kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha256kdf_scheme 943 +#define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme OBJ_secg_scheme,14L,1L + +#define SN_dhSinglePass_cofactorDH_sha384kdf_scheme "dhSinglePass-cofactorDH-sha384kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha384kdf_scheme 944 +#define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme OBJ_secg_scheme,14L,2L + +#define SN_dhSinglePass_cofactorDH_sha512kdf_scheme "dhSinglePass-cofactorDH-sha512kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha512kdf_scheme 945 +#define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme OBJ_secg_scheme,14L,3L + +#define SN_dh_std_kdf "dh-std-kdf" +#define NID_dh_std_kdf 946 + +#define SN_dh_cofactor_kdf "dh-cofactor-kdf" +#define NID_dh_cofactor_kdf 947 + +#define SN_ct_precert_scts "ct_precert_scts" +#define LN_ct_precert_scts "CT Precertificate SCTs" +#define NID_ct_precert_scts 951 +#define OBJ_ct_precert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L + +#define SN_ct_precert_poison "ct_precert_poison" +#define LN_ct_precert_poison "CT Precertificate Poison" +#define NID_ct_precert_poison 952 +#define OBJ_ct_precert_poison 1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L + +#define SN_ct_precert_signer "ct_precert_signer" +#define LN_ct_precert_signer "CT Precertificate Signer" +#define NID_ct_precert_signer 953 +#define OBJ_ct_precert_signer 1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L + +#define SN_ct_cert_scts "ct_cert_scts" +#define LN_ct_cert_scts "CT Certificate SCTs" +#define NID_ct_cert_scts 954 +#define OBJ_ct_cert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L + +#define SN_jurisdictionLocalityName "jurisdictionL" +#define LN_jurisdictionLocalityName "jurisdictionLocalityName" +#define NID_jurisdictionLocalityName 955 +#define OBJ_jurisdictionLocalityName OBJ_ms_corp,60L,2L,1L,1L + +#define SN_jurisdictionStateOrProvinceName "jurisdictionST" +#define LN_jurisdictionStateOrProvinceName "jurisdictionStateOrProvinceName" +#define NID_jurisdictionStateOrProvinceName 956 +#define OBJ_jurisdictionStateOrProvinceName OBJ_ms_corp,60L,2L,1L,2L + +#define SN_jurisdictionCountryName "jurisdictionC" +#define LN_jurisdictionCountryName "jurisdictionCountryName" +#define NID_jurisdictionCountryName 957 +#define OBJ_jurisdictionCountryName OBJ_ms_corp,60L,2L,1L,3L + +#define SN_id_scrypt "id-scrypt" +#define LN_id_scrypt "scrypt" +#define NID_id_scrypt 973 +#define OBJ_id_scrypt 1L,3L,6L,1L,4L,1L,11591L,4L,11L + +#define SN_tls1_prf "TLS1-PRF" +#define LN_tls1_prf "tls1-prf" +#define NID_tls1_prf 1021 + +#define SN_hkdf "HKDF" +#define LN_hkdf "hkdf" +#define NID_hkdf 1036 + +#define SN_sshkdf "SSHKDF" +#define LN_sshkdf "sshkdf" +#define NID_sshkdf 1203 + +#define SN_sskdf "SSKDF" +#define LN_sskdf "sskdf" +#define NID_sskdf 1205 + +#define SN_x942kdf "X942KDF" +#define LN_x942kdf "x942kdf" +#define NID_x942kdf 1207 + +#define SN_x963kdf "X963KDF" +#define LN_x963kdf "x963kdf" +#define NID_x963kdf 1206 + +#define SN_id_pkinit "id-pkinit" +#define NID_id_pkinit 1031 +#define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L + +#define SN_pkInitClientAuth "pkInitClientAuth" +#define LN_pkInitClientAuth "PKINIT Client Auth" +#define NID_pkInitClientAuth 1032 +#define OBJ_pkInitClientAuth OBJ_id_pkinit,4L + +#define SN_pkInitKDC "pkInitKDC" +#define LN_pkInitKDC "Signing KDC Response" +#define NID_pkInitKDC 1033 +#define OBJ_pkInitKDC OBJ_id_pkinit,5L + +#define SN_X25519 "X25519" +#define NID_X25519 1034 +#define OBJ_X25519 1L,3L,101L,110L + +#define SN_X448 "X448" +#define NID_X448 1035 +#define OBJ_X448 1L,3L,101L,111L + +#define SN_ED25519 "ED25519" +#define NID_ED25519 1087 +#define OBJ_ED25519 1L,3L,101L,112L + +#define SN_ED448 "ED448" +#define NID_ED448 1088 +#define OBJ_ED448 1L,3L,101L,113L + +#define SN_kx_rsa "KxRSA" +#define LN_kx_rsa "kx-rsa" +#define NID_kx_rsa 1037 + +#define SN_kx_ecdhe "KxECDHE" +#define LN_kx_ecdhe "kx-ecdhe" +#define NID_kx_ecdhe 1038 + +#define SN_kx_dhe "KxDHE" +#define LN_kx_dhe "kx-dhe" +#define NID_kx_dhe 1039 + +#define SN_kx_ecdhe_psk "KxECDHE-PSK" +#define LN_kx_ecdhe_psk "kx-ecdhe-psk" +#define NID_kx_ecdhe_psk 1040 + +#define SN_kx_dhe_psk "KxDHE-PSK" +#define LN_kx_dhe_psk "kx-dhe-psk" +#define NID_kx_dhe_psk 1041 + +#define SN_kx_rsa_psk "KxRSA_PSK" +#define LN_kx_rsa_psk "kx-rsa-psk" +#define NID_kx_rsa_psk 1042 + +#define SN_kx_psk "KxPSK" +#define LN_kx_psk "kx-psk" +#define NID_kx_psk 1043 + +#define SN_kx_srp "KxSRP" +#define LN_kx_srp "kx-srp" +#define NID_kx_srp 1044 + +#define SN_kx_gost "KxGOST" +#define LN_kx_gost "kx-gost" +#define NID_kx_gost 1045 + +#define SN_kx_gost18 "KxGOST18" +#define LN_kx_gost18 "kx-gost18" +#define NID_kx_gost18 1218 + +#define SN_kx_any "KxANY" +#define LN_kx_any "kx-any" +#define NID_kx_any 1063 + +#define SN_auth_rsa "AuthRSA" +#define LN_auth_rsa "auth-rsa" +#define NID_auth_rsa 1046 + +#define SN_auth_ecdsa "AuthECDSA" +#define LN_auth_ecdsa "auth-ecdsa" +#define NID_auth_ecdsa 1047 + +#define SN_auth_psk "AuthPSK" +#define LN_auth_psk "auth-psk" +#define NID_auth_psk 1048 + +#define SN_auth_dss "AuthDSS" +#define LN_auth_dss "auth-dss" +#define NID_auth_dss 1049 + +#define SN_auth_gost01 "AuthGOST01" +#define LN_auth_gost01 "auth-gost01" +#define NID_auth_gost01 1050 + +#define SN_auth_gost12 "AuthGOST12" +#define LN_auth_gost12 "auth-gost12" +#define NID_auth_gost12 1051 + +#define SN_auth_srp "AuthSRP" +#define LN_auth_srp "auth-srp" +#define NID_auth_srp 1052 + +#define SN_auth_null "AuthNULL" +#define LN_auth_null "auth-null" +#define NID_auth_null 1053 + +#define SN_auth_any "AuthANY" +#define LN_auth_any "auth-any" +#define NID_auth_any 1064 + +#define SN_poly1305 "Poly1305" +#define LN_poly1305 "poly1305" +#define NID_poly1305 1061 + +#define SN_siphash "SipHash" +#define LN_siphash "siphash" +#define NID_siphash 1062 + +#define SN_ffdhe2048 "ffdhe2048" +#define NID_ffdhe2048 1126 + +#define SN_ffdhe3072 "ffdhe3072" +#define NID_ffdhe3072 1127 + +#define SN_ffdhe4096 "ffdhe4096" +#define NID_ffdhe4096 1128 + +#define SN_ffdhe6144 "ffdhe6144" +#define NID_ffdhe6144 1129 + +#define SN_ffdhe8192 "ffdhe8192" +#define NID_ffdhe8192 1130 + +#define SN_modp_1536 "modp_1536" +#define NID_modp_1536 1212 + +#define SN_modp_2048 "modp_2048" +#define NID_modp_2048 1213 + +#define SN_modp_3072 "modp_3072" +#define NID_modp_3072 1214 + +#define SN_modp_4096 "modp_4096" +#define NID_modp_4096 1215 + +#define SN_modp_6144 "modp_6144" +#define NID_modp_6144 1216 + +#define SN_modp_8192 "modp_8192" +#define NID_modp_8192 1217 + +#define SN_ISO_UA "ISO-UA" +#define NID_ISO_UA 1150 +#define OBJ_ISO_UA OBJ_member_body,804L + +#define SN_ua_pki "ua-pki" +#define NID_ua_pki 1151 +#define OBJ_ua_pki OBJ_ISO_UA,2L,1L,1L,1L + +#define SN_dstu28147 "dstu28147" +#define LN_dstu28147 "DSTU Gost 28147-2009" +#define NID_dstu28147 1152 +#define OBJ_dstu28147 OBJ_ua_pki,1L,1L,1L + +#define SN_dstu28147_ofb "dstu28147-ofb" +#define LN_dstu28147_ofb "DSTU Gost 28147-2009 OFB mode" +#define NID_dstu28147_ofb 1153 +#define OBJ_dstu28147_ofb OBJ_dstu28147,2L + +#define SN_dstu28147_cfb "dstu28147-cfb" +#define LN_dstu28147_cfb "DSTU Gost 28147-2009 CFB mode" +#define NID_dstu28147_cfb 1154 +#define OBJ_dstu28147_cfb OBJ_dstu28147,3L + +#define SN_dstu28147_wrap "dstu28147-wrap" +#define LN_dstu28147_wrap "DSTU Gost 28147-2009 key wrap" +#define NID_dstu28147_wrap 1155 +#define OBJ_dstu28147_wrap OBJ_dstu28147,5L + +#define SN_hmacWithDstu34311 "hmacWithDstu34311" +#define LN_hmacWithDstu34311 "HMAC DSTU Gost 34311-95" +#define NID_hmacWithDstu34311 1156 +#define OBJ_hmacWithDstu34311 OBJ_ua_pki,1L,1L,2L + +#define SN_dstu34311 "dstu34311" +#define LN_dstu34311 "DSTU Gost 34311-95" +#define NID_dstu34311 1157 +#define OBJ_dstu34311 OBJ_ua_pki,1L,2L,1L + +#define SN_dstu4145le "dstu4145le" +#define LN_dstu4145le "DSTU 4145-2002 little endian" +#define NID_dstu4145le 1158 +#define OBJ_dstu4145le OBJ_ua_pki,1L,3L,1L,1L + +#define SN_dstu4145be "dstu4145be" +#define LN_dstu4145be "DSTU 4145-2002 big endian" +#define NID_dstu4145be 1159 +#define OBJ_dstu4145be OBJ_dstu4145le,1L,1L + +#define SN_uacurve0 "uacurve0" +#define LN_uacurve0 "DSTU curve 0" +#define NID_uacurve0 1160 +#define OBJ_uacurve0 OBJ_dstu4145le,2L,0L + +#define SN_uacurve1 "uacurve1" +#define LN_uacurve1 "DSTU curve 1" +#define NID_uacurve1 1161 +#define OBJ_uacurve1 OBJ_dstu4145le,2L,1L + +#define SN_uacurve2 "uacurve2" +#define LN_uacurve2 "DSTU curve 2" +#define NID_uacurve2 1162 +#define OBJ_uacurve2 OBJ_dstu4145le,2L,2L + +#define SN_uacurve3 "uacurve3" +#define LN_uacurve3 "DSTU curve 3" +#define NID_uacurve3 1163 +#define OBJ_uacurve3 OBJ_dstu4145le,2L,3L + +#define SN_uacurve4 "uacurve4" +#define LN_uacurve4 "DSTU curve 4" +#define NID_uacurve4 1164 +#define OBJ_uacurve4 OBJ_dstu4145le,2L,4L + +#define SN_uacurve5 "uacurve5" +#define LN_uacurve5 "DSTU curve 5" +#define NID_uacurve5 1165 +#define OBJ_uacurve5 OBJ_dstu4145le,2L,5L + +#define SN_uacurve6 "uacurve6" +#define LN_uacurve6 "DSTU curve 6" +#define NID_uacurve6 1166 +#define OBJ_uacurve6 OBJ_dstu4145le,2L,6L + +#define SN_uacurve7 "uacurve7" +#define LN_uacurve7 "DSTU curve 7" +#define NID_uacurve7 1167 +#define OBJ_uacurve7 OBJ_dstu4145le,2L,7L + +#define SN_uacurve8 "uacurve8" +#define LN_uacurve8 "DSTU curve 8" +#define NID_uacurve8 1168 +#define OBJ_uacurve8 OBJ_dstu4145le,2L,8L + +#define SN_uacurve9 "uacurve9" +#define LN_uacurve9 "DSTU curve 9" +#define NID_uacurve9 1169 +#define OBJ_uacurve9 OBJ_dstu4145le,2L,9L + +#define SN_aes_128_siv "AES-128-SIV" +#define LN_aes_128_siv "aes-128-siv" +#define NID_aes_128_siv 1198 + +#define SN_aes_192_siv "AES-192-SIV" +#define LN_aes_192_siv "aes-192-siv" +#define NID_aes_192_siv 1199 + +#define SN_aes_256_siv "AES-256-SIV" +#define LN_aes_256_siv "aes-256-siv" +#define NID_aes_256_siv 1200 + +#define SN_oracle "oracle-organization" +#define LN_oracle "Oracle organization" +#define NID_oracle 1282 +#define OBJ_oracle OBJ_joint_iso_itu_t,16L,840L,1L,113894L + +#define SN_oracle_jdk_trustedkeyusage "oracle-jdk-trustedkeyusage" +#define LN_oracle_jdk_trustedkeyusage "Trusted key usage (Oracle)" +#define NID_oracle_jdk_trustedkeyusage 1283 +#define OBJ_oracle_jdk_trustedkeyusage OBJ_oracle,746875L,1L,1L + +#define SN_brotli "brotli" +#define LN_brotli "Brotli compression" +#define NID_brotli 1288 + +#define SN_zstd "zstd" +#define LN_zstd "Zstandard compression" +#define NID_zstd 1289 + +#endif /* OPENSSL_OBJ_MAC_H */ + +#ifndef OPENSSL_NO_DEPRECATED_3_0 + +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm SN_magma_ctr_acpkm +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm NID_magma_ctr_acpkm +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm OBJ_magma_ctr_acpkm + +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac SN_magma_ctr_acpkm_omac +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac NID_magma_ctr_acpkm_omac +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac OBJ_magma_ctr_acpkm_omac + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm SN_kuznyechik_ctr_acpkm +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm NID_kuznyechik_ctr_acpkm +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm OBJ_kuznyechik_ctr_acpkm + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac SN_kuznyechik_ctr_acpkm_omac +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac NID_kuznyechik_ctr_acpkm_omac +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac OBJ_kuznyechik_ctr_acpkm_omac + +#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15 SN_magma_kexp15 +#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15 NID_magma_kexp15 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 OBJ_magma_kexp15 + +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 SN_kuznyechik_kexp15 +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 NID_kuznyechik_kexp15 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 OBJ_kuznyechik_kexp15 + +#define SN_grasshopper_ecb SN_kuznyechik_ecb +#define NID_grasshopper_ecb NID_kuznyechik_ecb + +#define SN_grasshopper_ctr SN_kuznyechik_ctr +#define NID_grasshopper_ctr NID_kuznyechik_ctr + +#define SN_grasshopper_ofb SN_kuznyechik_ofb +#define NID_grasshopper_ofb NID_kuznyechik_ofb + +#define SN_grasshopper_cbc SN_kuznyechik_cbc +#define NID_grasshopper_cbc NID_kuznyechik_cbc + +#define SN_grasshopper_cfb SN_kuznyechik_cfb +#define NID_grasshopper_cfb NID_kuznyechik_cfb + +#define SN_grasshopper_mac SN_kuznyechik_mac +#define NID_grasshopper_mac NID_kuznyechik_mac + +#endif /* OPENSSL_NO_DEPRECATED_3_0 */ diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/objects.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/objects.h new file mode 100644 index 000000000000..9ea91c27c86a --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/objects.h @@ -0,0 +1,183 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OBJECTS_H +# define OPENSSL_OBJECTS_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OBJECTS_H +# endif + +# include +# include +# include +# include + +# define OBJ_NAME_TYPE_UNDEF 0x00 +# define OBJ_NAME_TYPE_MD_METH 0x01 +# define OBJ_NAME_TYPE_CIPHER_METH 0x02 +# define OBJ_NAME_TYPE_PKEY_METH 0x03 +# define OBJ_NAME_TYPE_COMP_METH 0x04 +# define OBJ_NAME_TYPE_MAC_METH 0x05 +# define OBJ_NAME_TYPE_KDF_METH 0x06 +# define OBJ_NAME_TYPE_NUM 0x07 + +# define OBJ_NAME_ALIAS 0x8000 + +# define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 +# define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 + + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct obj_name_st { + int type; + int alias; + const char *name; + const char *data; +} OBJ_NAME; + +# define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c) + +int OBJ_NAME_init(void); +int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), + int (*cmp_func) (const char *, const char *), + void (*free_func) (const char *, int, const char *)); +const char *OBJ_NAME_get(const char *name, int type); +int OBJ_NAME_add(const char *name, int type, const char *data); +int OBJ_NAME_remove(const char *name, int type); +void OBJ_NAME_cleanup(int type); /* -1 for everything */ +void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg), + void *arg); +void OBJ_NAME_do_all_sorted(int type, + void (*fn) (const OBJ_NAME *, void *arg), + void *arg); + +DECLARE_ASN1_DUP_FUNCTION_name(ASN1_OBJECT, OBJ) +ASN1_OBJECT *OBJ_nid2obj(int n); +const char *OBJ_nid2ln(int n); +const char *OBJ_nid2sn(int n); +int OBJ_obj2nid(const ASN1_OBJECT *o); +ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name); +int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +int OBJ_txt2nid(const char *s); +int OBJ_ln2nid(const char *s); +int OBJ_sn2nid(const char *s); +int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); +const void *OBJ_bsearch_(const void *key, const void *base, int num, int size, + int (*cmp) (const void *, const void *)); +const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, + int size, + int (*cmp) (const void *, const void *), + int flags); + +# define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \ + static int nm##_cmp(type1 const *, type2 const *); \ + scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +# define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \ + _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp) +# define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +/*- + * Unsolved problem: if a type is actually a pointer type, like + * nid_triple is, then its impossible to get a const where you need + * it. Consider: + * + * typedef int nid_triple[3]; + * const void *a_; + * const nid_triple const *a = a_; + * + * The assignment discards a const because what you really want is: + * + * const int const * const *a = a_; + * + * But if you do that, you lose the fact that a is an array of 3 ints, + * which breaks comparison functions. + * + * Thus we end up having to cast, sadly, or unpack the + * declarations. Or, as I finally did in this case, declare nid_triple + * to be a struct, which it should have been in the first place. + * + * Ben, August 2008. + * + * Also, strictly speaking not all types need be const, but handling + * the non-constness means a lot of complication, and in practice + * comparison routines do always not touch their arguments. + */ + +# define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +# define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +# define OBJ_bsearch(type1,key,type2,base,num,cmp) \ + ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN))) + +# define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags) \ + ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN)),flags) + +int OBJ_new_nid(int num); +int OBJ_add_object(const ASN1_OBJECT *obj); +int OBJ_create(const char *oid, const char *sn, const char *ln); +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define OBJ_cleanup() while(0) continue +#endif +int OBJ_create_objects(BIO *in); + +size_t OBJ_length(const ASN1_OBJECT *obj); +const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); + +int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid); +int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); +int OBJ_add_sigid(int signid, int dig_id, int pkey_id); +void OBJ_sigid_free(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/objectserr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/objectserr.h new file mode 100644 index 000000000000..585217f6f7d1 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/objectserr.h @@ -0,0 +1,28 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OBJECTSERR_H +# define OPENSSL_OBJECTSERR_H +# pragma once + +# include +# include +# include + + + +/* + * OBJ reason codes. + */ +# define OBJ_R_OID_EXISTS 102 +# define OBJ_R_UNKNOWN_NID 101 +# define OBJ_R_UNKNOWN_OBJECT_NAME 103 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/ocsperr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/ocsperr.h new file mode 100644 index 000000000000..46a0523c2de4 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/ocsperr.h @@ -0,0 +1,53 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OCSPERR_H +# define OPENSSL_OCSPERR_H +# pragma once + +# include +# include +# include + + +# ifndef OPENSSL_NO_OCSP + + +/* + * OCSP reason codes. + */ +# define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 +# define OCSP_R_DIGEST_ERR 102 +# define OCSP_R_DIGEST_NAME_ERR 106 +# define OCSP_R_DIGEST_SIZE_ERR 107 +# define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 +# define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 +# define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 +# define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 +# define OCSP_R_NOT_BASIC_RESPONSE 104 +# define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 +# define OCSP_R_NO_RESPONSE_DATA 108 +# define OCSP_R_NO_REVOKED_TIME 109 +# define OCSP_R_NO_SIGNER_KEY 130 +# define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 +# define OCSP_R_REQUEST_NOT_SIGNED 128 +# define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 +# define OCSP_R_ROOT_CA_NOT_TRUSTED 112 +# define OCSP_R_SIGNATURE_FAILURE 117 +# define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 +# define OCSP_R_STATUS_EXPIRED 125 +# define OCSP_R_STATUS_NOT_YET_VALID 126 +# define OCSP_R_STATUS_TOO_OLD 127 +# define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 +# define OCSP_R_UNKNOWN_NID 120 +# define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 + +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/opensslconf.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/opensslconf.h new file mode 100644 index 000000000000..1e83371f1a43 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/opensslconf.h @@ -0,0 +1,17 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OPENSSLCONF_H +# define OPENSSL_OPENSSLCONF_H +# pragma once + +# include +# include + +#endif /* OPENSSL_OPENSSLCONF_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/opensslv.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/opensslv.h index b38d64da5930..f62a43cfaeac 100644 --- a/contrib/openssl-cmake/linux_x86_64/include/openssl/opensslv.h +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/opensslv.h @@ -28,8 +28,8 @@ extern "C" { * These macros express version number MAJOR.MINOR.PATCH exactly */ # define OPENSSL_VERSION_MAJOR 3 -# define OPENSSL_VERSION_MINOR 2 -# define OPENSSL_VERSION_PATCH 1 +# define OPENSSL_VERSION_MINOR 3 +# define OPENSSL_VERSION_PATCH 2 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.2.1" -# define OPENSSL_FULL_VERSION_STR "3.2.1" +# define OPENSSL_VERSION_STR "3.3.2" +# define OPENSSL_FULL_VERSION_STR "3.3.2" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 Jan 2024" +# define OPENSSL_RELEASE_DATE "3 Sep 2024" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.1 30 Jan 2024" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.3.2 3 Sep 2024" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/ossl_typ.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/ossl_typ.h new file mode 100644 index 000000000000..82a58988ff2d --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/ossl_typ.h @@ -0,0 +1,16 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * The original was renamed to + * + * This header file only exists for compatibility reasons with older + * applications which #include . + */ +# include diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/param_build.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/param_build.h new file mode 100644 index 000000000000..f29fdb2963d3 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/param_build.h @@ -0,0 +1,63 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PARAM_BUILD_H +# define OPENSSL_PARAM_BUILD_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +OSSL_PARAM_BLD *OSSL_PARAM_BLD_new(void); +OSSL_PARAM *OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD *bld); +void OSSL_PARAM_BLD_free(OSSL_PARAM_BLD *bld); + +int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int val); +int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key, + unsigned int val); +int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key, + long int val); +int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key, + unsigned long int val); +int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key, + int32_t val); +int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key, + uint32_t val); +int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key, + int64_t val); +int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key, + uint64_t val); +int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key, + size_t val); +int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key, + time_t val); +int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key, + double val); +int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key, + const BIGNUM *bn); +int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key, + const BIGNUM *bn, size_t sz); +int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key, + const char *buf, size_t bsize); +int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key, + char *buf, size_t bsize); +int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key, + const void *buf, size_t bsize); +int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key, + void *buf, size_t bsize); + +# ifdef __cplusplus +} +# endif +#endif /* OPENSSL_PARAM_BUILD_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/params.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/params.h new file mode 100644 index 000000000000..d75eab076490 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/params.h @@ -0,0 +1,160 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PARAMS_H +# define OPENSSL_PARAMS_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# define OSSL_PARAM_UNMODIFIED ((size_t)-1) + +# define OSSL_PARAM_END \ + { NULL, 0, NULL, 0, 0 } + +# define OSSL_PARAM_DEFN(key, type, addr, sz) \ + { (key), (type), (addr), (sz), OSSL_PARAM_UNMODIFIED } + +/* Basic parameter types without return sizes */ +# define OSSL_PARAM_int(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_INTEGER, (addr), sizeof(int)) +# define OSSL_PARAM_uint(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (addr), \ + sizeof(unsigned int)) +# define OSSL_PARAM_long(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_INTEGER, (addr), sizeof(long int)) +# define OSSL_PARAM_ulong(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (addr), \ + sizeof(unsigned long int)) +# define OSSL_PARAM_int32(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_INTEGER, (addr), sizeof(int32_t)) +# define OSSL_PARAM_uint32(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (addr), \ + sizeof(uint32_t)) +# define OSSL_PARAM_int64(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_INTEGER, (addr), sizeof(int64_t)) +# define OSSL_PARAM_uint64(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (addr), \ + sizeof(uint64_t)) +# define OSSL_PARAM_size_t(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (addr), sizeof(size_t)) +# define OSSL_PARAM_time_t(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_INTEGER, (addr), sizeof(time_t)) +# define OSSL_PARAM_double(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_REAL, (addr), sizeof(double)) + +# define OSSL_PARAM_BN(key, bn, sz) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (bn), (sz)) +# define OSSL_PARAM_utf8_string(key, addr, sz) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UTF8_STRING, (addr), sz) +# define OSSL_PARAM_octet_string(key, addr, sz) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_OCTET_STRING, (addr), sz) + +# define OSSL_PARAM_utf8_ptr(key, addr, sz) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UTF8_PTR, (addr), sz) +# define OSSL_PARAM_octet_ptr(key, addr, sz) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_OCTET_PTR, (addr), sz) + +/* Search an OSSL_PARAM array for a matching name */ +OSSL_PARAM *OSSL_PARAM_locate(OSSL_PARAM *p, const char *key); +const OSSL_PARAM *OSSL_PARAM_locate_const(const OSSL_PARAM *p, const char *key); + +/* Basic parameter type run-time construction */ +OSSL_PARAM OSSL_PARAM_construct_int(const char *key, int *buf); +OSSL_PARAM OSSL_PARAM_construct_uint(const char *key, unsigned int *buf); +OSSL_PARAM OSSL_PARAM_construct_long(const char *key, long int *buf); +OSSL_PARAM OSSL_PARAM_construct_ulong(const char *key, unsigned long int *buf); +OSSL_PARAM OSSL_PARAM_construct_int32(const char *key, int32_t *buf); +OSSL_PARAM OSSL_PARAM_construct_uint32(const char *key, uint32_t *buf); +OSSL_PARAM OSSL_PARAM_construct_int64(const char *key, int64_t *buf); +OSSL_PARAM OSSL_PARAM_construct_uint64(const char *key, uint64_t *buf); +OSSL_PARAM OSSL_PARAM_construct_size_t(const char *key, size_t *buf); +OSSL_PARAM OSSL_PARAM_construct_time_t(const char *key, time_t *buf); +OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf, + size_t bsize); +OSSL_PARAM OSSL_PARAM_construct_double(const char *key, double *buf); +OSSL_PARAM OSSL_PARAM_construct_utf8_string(const char *key, char *buf, + size_t bsize); +OSSL_PARAM OSSL_PARAM_construct_utf8_ptr(const char *key, char **buf, + size_t bsize); +OSSL_PARAM OSSL_PARAM_construct_octet_string(const char *key, void *buf, + size_t bsize); +OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf, + size_t bsize); +OSSL_PARAM OSSL_PARAM_construct_end(void); + +int OSSL_PARAM_allocate_from_text(OSSL_PARAM *to, + const OSSL_PARAM *paramdefs, + const char *key, const char *value, + size_t value_n, int *found); + +int OSSL_PARAM_get_int(const OSSL_PARAM *p, int *val); +int OSSL_PARAM_get_uint(const OSSL_PARAM *p, unsigned int *val); +int OSSL_PARAM_get_long(const OSSL_PARAM *p, long int *val); +int OSSL_PARAM_get_ulong(const OSSL_PARAM *p, unsigned long int *val); +int OSSL_PARAM_get_int32(const OSSL_PARAM *p, int32_t *val); +int OSSL_PARAM_get_uint32(const OSSL_PARAM *p, uint32_t *val); +int OSSL_PARAM_get_int64(const OSSL_PARAM *p, int64_t *val); +int OSSL_PARAM_get_uint64(const OSSL_PARAM *p, uint64_t *val); +int OSSL_PARAM_get_size_t(const OSSL_PARAM *p, size_t *val); +int OSSL_PARAM_get_time_t(const OSSL_PARAM *p, time_t *val); + +int OSSL_PARAM_set_int(OSSL_PARAM *p, int val); +int OSSL_PARAM_set_uint(OSSL_PARAM *p, unsigned int val); +int OSSL_PARAM_set_long(OSSL_PARAM *p, long int val); +int OSSL_PARAM_set_ulong(OSSL_PARAM *p, unsigned long int val); +int OSSL_PARAM_set_int32(OSSL_PARAM *p, int32_t val); +int OSSL_PARAM_set_uint32(OSSL_PARAM *p, uint32_t val); +int OSSL_PARAM_set_int64(OSSL_PARAM *p, int64_t val); +int OSSL_PARAM_set_uint64(OSSL_PARAM *p, uint64_t val); +int OSSL_PARAM_set_size_t(OSSL_PARAM *p, size_t val); +int OSSL_PARAM_set_time_t(OSSL_PARAM *p, time_t val); + +int OSSL_PARAM_get_double(const OSSL_PARAM *p, double *val); +int OSSL_PARAM_set_double(OSSL_PARAM *p, double val); + +int OSSL_PARAM_get_BN(const OSSL_PARAM *p, BIGNUM **val); +int OSSL_PARAM_set_BN(OSSL_PARAM *p, const BIGNUM *val); + +int OSSL_PARAM_get_utf8_string(const OSSL_PARAM *p, char **val, size_t max_len); +int OSSL_PARAM_set_utf8_string(OSSL_PARAM *p, const char *val); + +int OSSL_PARAM_get_octet_string(const OSSL_PARAM *p, void **val, size_t max_len, + size_t *used_len); +int OSSL_PARAM_set_octet_string(OSSL_PARAM *p, const void *val, size_t len); + +int OSSL_PARAM_get_utf8_ptr(const OSSL_PARAM *p, const char **val); +int OSSL_PARAM_set_utf8_ptr(OSSL_PARAM *p, const char *val); + +int OSSL_PARAM_get_octet_ptr(const OSSL_PARAM *p, const void **val, + size_t *used_len); +int OSSL_PARAM_set_octet_ptr(OSSL_PARAM *p, const void *val, + size_t used_len); + +int OSSL_PARAM_get_utf8_string_ptr(const OSSL_PARAM *p, const char **val); +int OSSL_PARAM_get_octet_string_ptr(const OSSL_PARAM *p, const void **val, + size_t *used_len); + +int OSSL_PARAM_modified(const OSSL_PARAM *p); +void OSSL_PARAM_set_all_unmodified(OSSL_PARAM *p); + +OSSL_PARAM *OSSL_PARAM_dup(const OSSL_PARAM *p); +OSSL_PARAM *OSSL_PARAM_merge(const OSSL_PARAM *p1, const OSSL_PARAM *p2); +void OSSL_PARAM_free(OSSL_PARAM *p); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/pem.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/pem.h new file mode 100644 index 000000000000..0446c77019ab --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/pem.h @@ -0,0 +1,542 @@ +/* + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PEM_H +# define OPENSSL_PEM_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_PEM_H +# endif + +# include +# include +# include +# include +# include +# include +# ifndef OPENSSL_NO_STDIO +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define PEM_BUFSIZE 1024 + +# define PEM_STRING_X509_OLD "X509 CERTIFICATE" +# define PEM_STRING_X509 "CERTIFICATE" +# define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" +# define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" +# define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" +# define PEM_STRING_X509_CRL "X509 CRL" +# define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" +# define PEM_STRING_PUBLIC "PUBLIC KEY" +# define PEM_STRING_RSA "RSA PRIVATE KEY" +# define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" +# define PEM_STRING_DSA "DSA PRIVATE KEY" +# define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" +# define PEM_STRING_PKCS7 "PKCS7" +# define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" +# define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" +# define PEM_STRING_PKCS8INF "PRIVATE KEY" +# define PEM_STRING_DHPARAMS "DH PARAMETERS" +# define PEM_STRING_DHXPARAMS "X9.42 DH PARAMETERS" +# define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" +# define PEM_STRING_DSAPARAMS "DSA PARAMETERS" +# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" +# define PEM_STRING_ECPARAMETERS "EC PARAMETERS" +# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" +# define PEM_STRING_PARAMETERS "PARAMETERS" +# define PEM_STRING_CMS "CMS" +# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS" + +# define PEM_TYPE_ENCRYPTED 10 +# define PEM_TYPE_MIC_ONLY 20 +# define PEM_TYPE_MIC_CLEAR 30 +# define PEM_TYPE_CLEAR 40 + +/* + * These macros make the PEM_read/PEM_write functions easier to maintain and + * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or + * IMPLEMENT_PEM_rw_cb(...) + */ + +# define PEM_read_cb_fnsig(name, type, INTYPE, readname) \ + type *PEM_##readname##_##name(INTYPE *out, type **x, \ + pem_password_cb *cb, void *u) +# define PEM_read_cb_ex_fnsig(name, type, INTYPE, readname) \ + type *PEM_##readname##_##name##_ex(INTYPE *out, type **x, \ + pem_password_cb *cb, void *u, \ + OSSL_LIB_CTX *libctx, \ + const char *propq) + +# define PEM_write_fnsig(name, type, OUTTYPE, writename) \ + int PEM_##writename##_##name(OUTTYPE *out, const type *x) +# define PEM_write_cb_fnsig(name, type, OUTTYPE, writename) \ + int PEM_##writename##_##name(OUTTYPE *out, const type *x, \ + const EVP_CIPHER *enc, \ + const unsigned char *kstr, int klen, \ + pem_password_cb *cb, void *u) +# define PEM_write_ex_fnsig(name, type, OUTTYPE, writename) \ + int PEM_##writename##_##name##_ex(OUTTYPE *out, const type *x, \ + OSSL_LIB_CTX *libctx, \ + const char *propq) +# define PEM_write_cb_ex_fnsig(name, type, OUTTYPE, writename) \ + int PEM_##writename##_##name##_ex(OUTTYPE *out, const type *x, \ + const EVP_CIPHER *enc, \ + const unsigned char *kstr, int klen, \ + pem_password_cb *cb, void *u, \ + OSSL_LIB_CTX *libctx, \ + const char *propq) + +# ifdef OPENSSL_NO_STDIO + +# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ +# endif +# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ +# endif +# else + +# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ + type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str, fp, \ + (void **)x, cb, u); \ + } + +# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ + PEM_write_fnsig(name, type, FILE, write) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1, str, out, \ + x, NULL, NULL, 0, NULL, NULL); \ + } + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp(name, type, str, asn1) +# endif + +# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ + PEM_write_cb_fnsig(name, type, FILE, write) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1, str, out, \ + x, enc, kstr, klen, cb, u); \ + } + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) +# endif +# endif + +# define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ + type *PEM_read_bio_##name(BIO *bp, type **x, \ + pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str, bp, \ + (void **)x, cb, u); \ + } + +# define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ + PEM_write_fnsig(name, type, BIO, write_bio) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1, str, out, \ + x, NULL,NULL,0,NULL,NULL); \ + } + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio(name, type, str, asn1) +# endif + +# define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ + PEM_write_cb_fnsig(name, type, BIO, write_bio) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1, str, out, \ + x, enc, kstr, klen, cb, u); \ + } + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) +# endif + +# define IMPLEMENT_PEM_write(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp(name, type, str, asn1) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) +# endif + +# define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) +# endif + +# define IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_read_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write(name, type, str, asn1) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_const(name, type, str, asn1) +# endif + +# define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb(name, type, str, asn1) + +/* These are the same except they are for the declarations */ + +/* + * The mysterious 'extern' that's passed to some macros is innocuous, + * and is there to quiet pre-C99 compilers that may complain about empty + * arguments in macro calls. + */ +# if defined(OPENSSL_NO_STDIO) + +# define DECLARE_PEM_read_fp_attr(attr, name, type) /**/ +# define DECLARE_PEM_read_fp_ex_attr(attr, name, type) /**/ +# define DECLARE_PEM_write_fp_attr(attr, name, type) /**/ +# define DECLARE_PEM_write_fp_ex_attr(attr, name, type) /**/ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DECLARE_PEM_write_fp_const_attr(attr, name, type) /**/ +# endif +# define DECLARE_PEM_write_cb_fp_attr(attr, name, type) /**/ +# define DECLARE_PEM_write_cb_fp_ex_attr(attr, name, type) /**/ + +# else + +# define DECLARE_PEM_read_fp_attr(attr, name, type) \ + attr PEM_read_cb_fnsig(name, type, FILE, read); +# define DECLARE_PEM_read_fp_ex_attr(attr, name, type) \ + attr PEM_read_cb_fnsig(name, type, FILE, read); \ + attr PEM_read_cb_ex_fnsig(name, type, FILE, read); + +# define DECLARE_PEM_write_fp_attr(attr, name, type) \ + attr PEM_write_fnsig(name, type, FILE, write); +# define DECLARE_PEM_write_fp_ex_attr(attr, name, type) \ + attr PEM_write_fnsig(name, type, FILE, write); \ + attr PEM_write_ex_fnsig(name, type, FILE, write); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DECLARE_PEM_write_fp_const_attr(attr, name, type) \ + attr PEM_write_fnsig(name, type, FILE, write); +# endif +# define DECLARE_PEM_write_cb_fp_attr(attr, name, type) \ + attr PEM_write_cb_fnsig(name, type, FILE, write); +# define DECLARE_PEM_write_cb_fp_ex_attr(attr, name, type) \ + attr PEM_write_cb_fnsig(name, type, FILE, write); \ + attr PEM_write_cb_ex_fnsig(name, type, FILE, write); + +# endif + +# define DECLARE_PEM_read_fp(name, type) \ + DECLARE_PEM_read_fp_attr(extern, name, type) +# define DECLARE_PEM_write_fp(name, type) \ + DECLARE_PEM_write_fp_attr(extern, name, type) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DECLARE_PEM_write_fp_const(name, type) \ + DECLARE_PEM_write_fp_const_attr(extern, name, type) +# endif +# define DECLARE_PEM_write_cb_fp(name, type) \ + DECLARE_PEM_write_cb_fp_attr(extern, name, type) + +# define DECLARE_PEM_read_bio_attr(attr, name, type) \ + attr PEM_read_cb_fnsig(name, type, BIO, read_bio); +# define DECLARE_PEM_read_bio_ex_attr(attr, name, type) \ + attr PEM_read_cb_fnsig(name, type, BIO, read_bio); \ + attr PEM_read_cb_ex_fnsig(name, type, BIO, read_bio); +# define DECLARE_PEM_read_bio(name, type) \ + DECLARE_PEM_read_bio_attr(extern, name, type) +# define DECLARE_PEM_read_bio_ex(name, type) \ + DECLARE_PEM_read_bio_ex_attr(extern, name, type) + +# define DECLARE_PEM_write_bio_attr(attr, name, type) \ + attr PEM_write_fnsig(name, type, BIO, write_bio); +# define DECLARE_PEM_write_bio_ex_attr(attr, name, type) \ + attr PEM_write_fnsig(name, type, BIO, write_bio); \ + attr PEM_write_ex_fnsig(name, type, BIO, write_bio); +# define DECLARE_PEM_write_bio(name, type) \ + DECLARE_PEM_write_bio_attr(extern, name, type) +# define DECLARE_PEM_write_bio_ex(name, type) \ + DECLARE_PEM_write_bio_ex_attr(extern, name, type) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DECLARE_PEM_write_bio_const_attr(attr, name, type) \ + attr PEM_write_fnsig(name, type, BIO, write_bio); +# define DECLARE_PEM_write_bio_const(name, type) \ + DECLARE_PEM_write_bio_const_attr(extern, name, type) +# endif + +# define DECLARE_PEM_write_cb_bio_attr(attr, name, type) \ + attr PEM_write_cb_fnsig(name, type, BIO, write_bio); +# define DECLARE_PEM_write_cb_bio_ex_attr(attr, name, type) \ + attr PEM_write_cb_fnsig(name, type, BIO, write_bio); \ + attr PEM_write_cb_ex_fnsig(name, type, BIO, write_bio); +# define DECLARE_PEM_write_cb_bio(name, type) \ + DECLARE_PEM_write_cb_bio_attr(extern, name, type) +# define DECLARE_PEM_write_cb_ex_bio(name, type) \ + DECLARE_PEM_write_cb_bio_ex_attr(extern, name, type) + +# define DECLARE_PEM_write_attr(attr, name, type) \ + DECLARE_PEM_write_bio_attr(attr, name, type) \ + DECLARE_PEM_write_fp_attr(attr, name, type) +# define DECLARE_PEM_write_ex_attr(attr, name, type) \ + DECLARE_PEM_write_bio_ex_attr(attr, name, type) \ + DECLARE_PEM_write_fp_ex_attr(attr, name, type) +# define DECLARE_PEM_write(name, type) \ + DECLARE_PEM_write_attr(extern, name, type) +# define DECLARE_PEM_write_ex(name, type) \ + DECLARE_PEM_write_ex_attr(extern, name, type) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DECLARE_PEM_write_const_attr(attr, name, type) \ + DECLARE_PEM_write_bio_const_attr(attr, name, type) \ + DECLARE_PEM_write_fp_const_attr(attr, name, type) +# define DECLARE_PEM_write_const(name, type) \ + DECLARE_PEM_write_const_attr(extern, name, type) +# endif +# define DECLARE_PEM_write_cb_attr(attr, name, type) \ + DECLARE_PEM_write_cb_bio_attr(attr, name, type) \ + DECLARE_PEM_write_cb_fp_attr(attr, name, type) +# define DECLARE_PEM_write_cb_ex_attr(attr, name, type) \ + DECLARE_PEM_write_cb_bio_ex_attr(attr, name, type) \ + DECLARE_PEM_write_cb_fp_ex_attr(attr, name, type) +# define DECLARE_PEM_write_cb(name, type) \ + DECLARE_PEM_write_cb_attr(extern, name, type) +# define DECLARE_PEM_write_cb_ex(name, type) \ + DECLARE_PEM_write_cb_ex_attr(extern, name, type) +# define DECLARE_PEM_read_attr(attr, name, type) \ + DECLARE_PEM_read_bio_attr(attr, name, type) \ + DECLARE_PEM_read_fp_attr(attr, name, type) +# define DECLARE_PEM_read_ex_attr(attr, name, type) \ + DECLARE_PEM_read_bio_ex_attr(attr, name, type) \ + DECLARE_PEM_read_fp_ex_attr(attr, name, type) +# define DECLARE_PEM_read(name, type) \ + DECLARE_PEM_read_attr(extern, name, type) +# define DECLARE_PEM_read_ex(name, type) \ + DECLARE_PEM_read_ex_attr(extern, name, type) +# define DECLARE_PEM_rw_attr(attr, name, type) \ + DECLARE_PEM_read_attr(attr, name, type) \ + DECLARE_PEM_write_attr(attr, name, type) +# define DECLARE_PEM_rw_ex_attr(attr, name, type) \ + DECLARE_PEM_read_ex_attr(attr, name, type) \ + DECLARE_PEM_write_ex_attr(attr, name, type) +# define DECLARE_PEM_rw(name, type) \ + DECLARE_PEM_rw_attr(extern, name, type) +# define DECLARE_PEM_rw_ex(name, type) \ + DECLARE_PEM_rw_ex_attr(extern, name, type) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DECLARE_PEM_rw_const_attr(attr, name, type) \ + DECLARE_PEM_read_attr(attr, name, type) \ + DECLARE_PEM_write_const_attr(attr, name, type) +# define DECLARE_PEM_rw_const(name, type) \ + DECLARE_PEM_rw_const_attr(extern, name, type) +# endif +# define DECLARE_PEM_rw_cb_attr(attr, name, type) \ + DECLARE_PEM_read_attr(attr, name, type) \ + DECLARE_PEM_write_cb_attr(attr, name, type) +# define DECLARE_PEM_rw_cb_ex_attr(attr, name, type) \ + DECLARE_PEM_read_ex_attr(attr, name, type) \ + DECLARE_PEM_write_cb_ex_attr(attr, name, type) +# define DECLARE_PEM_rw_cb(name, type) \ + DECLARE_PEM_rw_cb_attr(extern, name, type) +# define DECLARE_PEM_rw_cb_ex(name, type) \ + DECLARE_PEM_rw_cb_ex_attr(extern, name, type) + +int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); +int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, + pem_password_cb *callback, void *u); + +int PEM_read_bio(BIO *bp, char **name, char **header, + unsigned char **data, long *len); +# define PEM_FLAG_SECURE 0x1 +# define PEM_FLAG_EAY_COMPATIBLE 0x2 +# define PEM_FLAG_ONLY_B64 0x4 +int PEM_read_bio_ex(BIO *bp, char **name, char **header, + unsigned char **data, long *len, unsigned int flags); +int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); +int PEM_write_bio(BIO *bp, const char *name, const char *hdr, + const unsigned char *data, long len); +int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); +void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, + const void *x, const EVP_CIPHER *enc, + const unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); +STACK_OF(X509_INFO) +*PEM_X509_INFO_read_bio_ex(BIO *bp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u, OSSL_LIB_CTX *libctx, + const char *propq); + +int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc, + const unsigned char *kstr, int klen, + pem_password_cb *cd, void *u); + +#ifndef OPENSSL_NO_STDIO +int PEM_read(FILE *fp, char **name, char **header, + unsigned char **data, long *len); +int PEM_write(FILE *fp, const char *name, const char *hdr, + const unsigned char *data, long len); +void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, + const void *x, const EVP_CIPHER *enc, + const unsigned char *kstr, int klen, + pem_password_cb *callback, void *u); +STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); +STACK_OF(X509_INFO) +*PEM_X509_INFO_read_ex(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, + void *u, OSSL_LIB_CTX *libctx, const char *propq); +#endif + +int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); +int PEM_SignUpdate(EVP_MD_CTX *ctx, const unsigned char *d, unsigned int cnt); +int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + unsigned int *siglen, EVP_PKEY *pkey); + +/* The default pem_password_cb that's used internally */ +int PEM_def_callback(char *buf, int num, int rwflag, void *userdata); +void PEM_proc_type(char *buf, int type); +void PEM_dek_info(char *buf, const char *type, int len, const char *str); + +# include + +DECLARE_PEM_rw(X509, X509) +DECLARE_PEM_rw(X509_AUX, X509) +DECLARE_PEM_rw(X509_REQ, X509_REQ) +DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) +DECLARE_PEM_rw(X509_CRL, X509_CRL) +DECLARE_PEM_rw(X509_PUBKEY, X509_PUBKEY) +DECLARE_PEM_rw(PKCS7, PKCS7) +DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) +DECLARE_PEM_rw(PKCS8, X509_SIG) +DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, RSAPrivateKey, RSA) +DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSAPublicKey, RSA) +DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSA_PUBKEY, RSA) +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_DSA +DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, DSAPrivateKey, DSA) +DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DSA_PUBKEY, DSA) +DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DSAparams, DSA) +# endif +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_EC +DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, ECPKParameters, EC_GROUP) +DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, ECPrivateKey, EC_KEY) +DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, EC_PUBKEY, EC_KEY) +# endif +# endif + +# ifndef OPENSSL_NO_DH +# ifndef OPENSSL_NO_DEPRECATED_3_0 +DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH) +DECLARE_PEM_write_attr(OSSL_DEPRECATEDIN_3_0, DHxparams, DH) +# endif +# endif +DECLARE_PEM_rw_cb_ex(PrivateKey, EVP_PKEY) +DECLARE_PEM_rw_ex(PUBKEY, EVP_PKEY) + +int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x, + const EVP_CIPHER *enc, + const unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +/* Why do these take a signed char *kstr? */ +int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, const EVP_PKEY *x, int nid, + const char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_bio_PKCS8PrivateKey(BIO *, const EVP_PKEY *, const EVP_CIPHER *, + const char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_bio(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc, + const char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, const EVP_PKEY *x, int nid, + const char *kstr, int klen, + pem_password_cb *cb, void *u); +EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +# ifndef OPENSSL_NO_STDIO +int i2d_PKCS8PrivateKey_fp(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc, + const char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, const EVP_PKEY *x, int nid, + const char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_PKCS8PrivateKey_nid(FILE *fp, const EVP_PKEY *x, int nid, + const char *kstr, int klen, + pem_password_cb *cb, void *u); + +EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +int PEM_write_PKCS8PrivateKey(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc, + const char *kstr, int klen, + pem_password_cb *cd, void *u); +# endif +EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x, + OSSL_LIB_CTX *libctx, const char *propq); +EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); +int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x); + +EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PrivateKey_bio(BIO *in); +EVP_PKEY *b2i_PublicKey_bio(BIO *in); +int i2b_PrivateKey_bio(BIO *out, const EVP_PKEY *pk); +int i2b_PublicKey_bio(BIO *out, const EVP_PKEY *pk); +EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +EVP_PKEY *b2i_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, const char *propq); +int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u); +int i2b_PVK_bio_ex(BIO *out, const EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, const char *propq); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/pem2.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/pem2.h new file mode 100644 index 000000000000..a8a5325bd4ba --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/pem2.h @@ -0,0 +1,19 @@ +/* + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PEM2_H +# define OPENSSL_PEM2_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_PEM2_H +# endif +# include +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/pemerr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/pemerr.h new file mode 100644 index 000000000000..18f6d9ef4cfd --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/pemerr.h @@ -0,0 +1,58 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PEMERR_H +# define OPENSSL_PEMERR_H +# pragma once + +# include +# include +# include + + + +/* + * PEM reason codes. + */ +# define PEM_R_BAD_BASE64_DECODE 100 +# define PEM_R_BAD_DECRYPT 101 +# define PEM_R_BAD_END_LINE 102 +# define PEM_R_BAD_IV_CHARS 103 +# define PEM_R_BAD_MAGIC_NUMBER 116 +# define PEM_R_BAD_PASSWORD_READ 104 +# define PEM_R_BAD_VERSION_NUMBER 117 +# define PEM_R_BIO_WRITE_FAILURE 118 +# define PEM_R_CIPHER_IS_NULL 127 +# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 +# define PEM_R_EXPECTING_DSS_KEY_BLOB 131 +# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 +# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 +# define PEM_R_EXPECTING_RSA_KEY_BLOB 132 +# define PEM_R_HEADER_TOO_LONG 128 +# define PEM_R_INCONSISTENT_HEADER 121 +# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 +# define PEM_R_KEYBLOB_TOO_SHORT 123 +# define PEM_R_MISSING_DEK_IV 129 +# define PEM_R_NOT_DEK_INFO 105 +# define PEM_R_NOT_ENCRYPTED 106 +# define PEM_R_NOT_PROC_TYPE 107 +# define PEM_R_NO_START_LINE 108 +# define PEM_R_PROBLEMS_GETTING_PASSWORD 109 +# define PEM_R_PVK_DATA_TOO_SHORT 124 +# define PEM_R_PVK_TOO_SHORT 125 +# define PEM_R_READ_KEY 111 +# define PEM_R_SHORT_HEADER 112 +# define PEM_R_UNEXPECTED_DEK_IV 130 +# define PEM_R_UNSUPPORTED_CIPHER 113 +# define PEM_R_UNSUPPORTED_ENCRYPTION 114 +# define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 +# define PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE 110 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/pkcs12err.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/pkcs12err.h new file mode 100644 index 000000000000..abce3736289b --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/pkcs12err.h @@ -0,0 +1,46 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PKCS12ERR_H +# define OPENSSL_PKCS12ERR_H +# pragma once + +# include +# include +# include + + + +/* + * PKCS12 reason codes. + */ +# define PKCS12_R_CALLBACK_FAILED 115 +# define PKCS12_R_CANT_PACK_STRUCTURE 100 +# define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 +# define PKCS12_R_DECODE_ERROR 101 +# define PKCS12_R_ENCODE_ERROR 102 +# define PKCS12_R_ENCRYPT_ERROR 103 +# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 +# define PKCS12_R_INVALID_NULL_ARGUMENT 104 +# define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 +# define PKCS12_R_INVALID_TYPE 112 +# define PKCS12_R_IV_GEN_ERROR 106 +# define PKCS12_R_KEY_GEN_ERROR 107 +# define PKCS12_R_MAC_ABSENT 108 +# define PKCS12_R_MAC_GENERATION_ERROR 109 +# define PKCS12_R_MAC_SETUP_ERROR 110 +# define PKCS12_R_MAC_STRING_SET_ERROR 111 +# define PKCS12_R_MAC_VERIFY_FAILURE 113 +# define PKCS12_R_PARSE_ERROR 114 +# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 +# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 +# define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/pkcs7.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/pkcs7.h index dc46c51118a0..fa68462aff97 100644 --- a/contrib/openssl-cmake/linux_x86_64/include/openssl/pkcs7.h +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/pkcs7.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/pkcs7.h.in * - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/pkcs7err.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/pkcs7err.h new file mode 100644 index 000000000000..ceb1a5019867 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/pkcs7err.h @@ -0,0 +1,63 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PKCS7ERR_H +# define OPENSSL_PKCS7ERR_H +# pragma once + +# include +# include +# include + + + +/* + * PKCS7 reason codes. + */ +# define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 +# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 +# define PKCS7_R_CIPHER_NOT_INITIALIZED 116 +# define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 +# define PKCS7_R_CTRL_ERROR 152 +# define PKCS7_R_DECRYPT_ERROR 119 +# define PKCS7_R_DIGEST_FAILURE 101 +# define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 +# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 +# define PKCS7_R_ERROR_ADDING_RECIPIENT 120 +# define PKCS7_R_ERROR_SETTING_CIPHER 121 +# define PKCS7_R_INVALID_NULL_POINTER 143 +# define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 +# define PKCS7_R_NO_CONTENT 122 +# define PKCS7_R_NO_DEFAULT_DIGEST 151 +# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 +# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +# define PKCS7_R_NO_SIGNATURES_ON_DATA 123 +# define PKCS7_R_NO_SIGNERS 142 +# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 +# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 +# define PKCS7_R_PKCS7_DATASIGN 145 +# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 +# define PKCS7_R_SIGNATURE_FAILURE 105 +# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 +# define PKCS7_R_SIGNING_CTRL_FAILURE 147 +# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 +# define PKCS7_R_SMIME_TEXT_ERROR 129 +# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 +# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 +# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 +# define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 +# define PKCS7_R_UNKNOWN_OPERATION 110 +# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 +# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 +# define PKCS7_R_WRONG_CONTENT_TYPE 113 +# define PKCS7_R_WRONG_PKCS7_TYPE 114 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/prov_ssl.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/prov_ssl.h new file mode 100644 index 000000000000..76d01e1eb89c --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/prov_ssl.h @@ -0,0 +1,38 @@ +/* + * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PROV_SSL_H +# define OPENSSL_PROV_SSL_H +# pragma once + +# ifdef __cplusplus +extern "C" { +# endif + +/* SSL/TLS related defines useful to providers */ + +# define SSL_MAX_MASTER_KEY_LENGTH 48 + +/* SSL/TLS uses a 2 byte unsigned version number */ +# define SSL3_VERSION 0x0300 +# define TLS1_VERSION 0x0301 +# define TLS1_1_VERSION 0x0302 +# define TLS1_2_VERSION 0x0303 +# define TLS1_3_VERSION 0x0304 +# define DTLS1_VERSION 0xFEFF +# define DTLS1_2_VERSION 0xFEFD +# define DTLS1_BAD_VER 0x0100 + +/* QUIC uses a 4 byte unsigned version number */ +# define OSSL_QUIC1_VERSION 0x0000001 + +# ifdef __cplusplus +} +# endif +#endif /* OPENSSL_PROV_SSL_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/proverr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/proverr.h new file mode 100644 index 000000000000..d9ef56815cf3 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/proverr.h @@ -0,0 +1,153 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PROVERR_H +# define OPENSSL_PROVERR_H +# pragma once + +# include +# include +# include + + + +/* + * PROV reason codes. + */ +# define PROV_R_ADDITIONAL_INPUT_TOO_LONG 184 +# define PROV_R_ALGORITHM_MISMATCH 173 +# define PROV_R_ALREADY_INSTANTIATED 185 +# define PROV_R_BAD_DECRYPT 100 +# define PROV_R_BAD_ENCODING 141 +# define PROV_R_BAD_LENGTH 142 +# define PROV_R_BAD_TLS_CLIENT_VERSION 161 +# define PROV_R_BN_ERROR 160 +# define PROV_R_CIPHER_OPERATION_FAILED 102 +# define PROV_R_DERIVATION_FUNCTION_INIT_FAILED 205 +# define PROV_R_DIGEST_NOT_ALLOWED 174 +# define PROV_R_EMS_NOT_ENABLED 233 +# define PROV_R_ENTROPY_SOURCE_STRENGTH_TOO_WEAK 186 +# define PROV_R_ERROR_INSTANTIATING_DRBG 188 +# define PROV_R_ERROR_RETRIEVING_ENTROPY 189 +# define PROV_R_ERROR_RETRIEVING_NONCE 190 +# define PROV_R_FAILED_DURING_DERIVATION 164 +# define PROV_R_FAILED_TO_CREATE_LOCK 180 +# define PROV_R_FAILED_TO_DECRYPT 162 +# define PROV_R_FAILED_TO_GENERATE_KEY 121 +# define PROV_R_FAILED_TO_GET_PARAMETER 103 +# define PROV_R_FAILED_TO_SET_PARAMETER 104 +# define PROV_R_FAILED_TO_SIGN 175 +# define PROV_R_FIPS_MODULE_CONDITIONAL_ERROR 227 +# define PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE 224 +# define PROV_R_FIPS_MODULE_IN_ERROR_STATE 225 +# define PROV_R_GENERATE_ERROR 191 +# define PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 165 +# define PROV_R_INDICATOR_INTEGRITY_FAILURE 210 +# define PROV_R_INSUFFICIENT_DRBG_STRENGTH 181 +# define PROV_R_INVALID_AAD 108 +# define PROV_R_INVALID_AEAD 231 +# define PROV_R_INVALID_CONFIG_DATA 211 +# define PROV_R_INVALID_CONSTANT_LENGTH 157 +# define PROV_R_INVALID_CURVE 176 +# define PROV_R_INVALID_CUSTOM_LENGTH 111 +# define PROV_R_INVALID_DATA 115 +# define PROV_R_INVALID_DIGEST 122 +# define PROV_R_INVALID_DIGEST_LENGTH 166 +# define PROV_R_INVALID_DIGEST_SIZE 218 +# define PROV_R_INVALID_INPUT_LENGTH 230 +# define PROV_R_INVALID_ITERATION_COUNT 123 +# define PROV_R_INVALID_IV_LENGTH 109 +# define PROV_R_INVALID_KDF 232 +# define PROV_R_INVALID_KEY 158 +# define PROV_R_INVALID_KEY_LENGTH 105 +# define PROV_R_INVALID_MAC 151 +# define PROV_R_INVALID_MEMORY_SIZE 235 +# define PROV_R_INVALID_MGF1_MD 167 +# define PROV_R_INVALID_MODE 125 +# define PROV_R_INVALID_OUTPUT_LENGTH 217 +# define PROV_R_INVALID_PADDING_MODE 168 +# define PROV_R_INVALID_PUBINFO 198 +# define PROV_R_INVALID_SALT_LENGTH 112 +# define PROV_R_INVALID_SEED_LENGTH 154 +# define PROV_R_INVALID_SIGNATURE_SIZE 179 +# define PROV_R_INVALID_STATE 212 +# define PROV_R_INVALID_TAG 110 +# define PROV_R_INVALID_TAG_LENGTH 118 +# define PROV_R_INVALID_THREAD_POOL_SIZE 234 +# define PROV_R_INVALID_UKM_LENGTH 200 +# define PROV_R_INVALID_X931_DIGEST 170 +# define PROV_R_IN_ERROR_STATE 192 +# define PROV_R_KEY_SETUP_FAILED 101 +# define PROV_R_KEY_SIZE_TOO_SMALL 171 +# define PROV_R_LENGTH_TOO_LARGE 202 +# define PROV_R_MISMATCHING_DOMAIN_PARAMETERS 203 +# define PROV_R_MISSING_CEK_ALG 144 +# define PROV_R_MISSING_CIPHER 155 +# define PROV_R_MISSING_CONFIG_DATA 213 +# define PROV_R_MISSING_CONSTANT 156 +# define PROV_R_MISSING_KEY 128 +# define PROV_R_MISSING_MAC 150 +# define PROV_R_MISSING_MESSAGE_DIGEST 129 +# define PROV_R_MISSING_OID 209 +# define PROV_R_MISSING_PASS 130 +# define PROV_R_MISSING_SALT 131 +# define PROV_R_MISSING_SECRET 132 +# define PROV_R_MISSING_SEED 140 +# define PROV_R_MISSING_SESSION_ID 133 +# define PROV_R_MISSING_TYPE 134 +# define PROV_R_MISSING_XCGHASH 135 +# define PROV_R_MODULE_INTEGRITY_FAILURE 214 +# define PROV_R_NOT_A_PRIVATE_KEY 221 +# define PROV_R_NOT_A_PUBLIC_KEY 220 +# define PROV_R_NOT_INSTANTIATED 193 +# define PROV_R_NOT_PARAMETERS 226 +# define PROV_R_NOT_SUPPORTED 136 +# define PROV_R_NOT_XOF_OR_INVALID_LENGTH 113 +# define PROV_R_NO_KEY_SET 114 +# define PROV_R_NO_PARAMETERS_SET 177 +# define PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 178 +# define PROV_R_OUTPUT_BUFFER_TOO_SMALL 106 +# define PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS 228 +# define PROV_R_PARENT_CANNOT_SUPPLY_ENTROPY_SEED 187 +# define PROV_R_PARENT_LOCKING_NOT_ENABLED 182 +# define PROV_R_PARENT_STRENGTH_TOO_WEAK 194 +# define PROV_R_PATH_MUST_BE_ABSOLUTE 219 +# define PROV_R_PERSONALISATION_STRING_TOO_LONG 195 +# define PROV_R_PSS_SALTLEN_TOO_SMALL 172 +# define PROV_R_REQUEST_TOO_LARGE_FOR_DRBG 196 +# define PROV_R_REQUIRE_CTR_MODE_CIPHER 206 +# define PROV_R_RESEED_ERROR 197 +# define PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 222 +# define PROV_R_SEED_SOURCES_MUST_NOT_HAVE_A_PARENT 229 +# define PROV_R_SELF_TEST_KAT_FAILURE 215 +# define PROV_R_SELF_TEST_POST_FAILURE 216 +# define PROV_R_TAG_NOT_NEEDED 120 +# define PROV_R_TAG_NOT_SET 119 +# define PROV_R_TOO_MANY_RECORDS 126 +# define PROV_R_UNABLE_TO_FIND_CIPHERS 207 +# define PROV_R_UNABLE_TO_GET_PARENT_STRENGTH 199 +# define PROV_R_UNABLE_TO_GET_PASSPHRASE 159 +# define PROV_R_UNABLE_TO_INITIALISE_CIPHERS 208 +# define PROV_R_UNABLE_TO_LOAD_SHA256 147 +# define PROV_R_UNABLE_TO_LOCK_PARENT 201 +# define PROV_R_UNABLE_TO_RESEED 204 +# define PROV_R_UNSUPPORTED_CEK_ALG 145 +# define PROV_R_UNSUPPORTED_KEY_SIZE 153 +# define PROV_R_UNSUPPORTED_MAC_TYPE 137 +# define PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS 152 +# define PROV_R_URI_AUTHORITY_UNSUPPORTED 223 +# define PROV_R_VALUE_ERROR 138 +# define PROV_R_WRONG_FINAL_BLOCK_LENGTH 107 +# define PROV_R_WRONG_OUTPUT_BUFFER_SIZE 139 +# define PROV_R_XOF_DIGESTS_NOT_ALLOWED 183 +# define PROV_R_XTS_DATA_UNIT_IS_TOO_LARGE 148 +# define PROV_R_XTS_DUPLICATED_KEYS 149 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/provider.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/provider.h new file mode 100644 index 000000000000..24ec0827bd6b --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/provider.h @@ -0,0 +1,66 @@ +/* + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PROVIDER_H +# define OPENSSL_PROVIDER_H +# pragma once + +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/* Set and Get a library context search path */ +int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path); +const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx); + +/* Load and unload a provider */ +OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name); +OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name, + OSSL_PARAM *params); +OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name, + int retain_fallbacks); +OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name, + OSSL_PARAM *params, + int retain_fallbacks); +int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov); +int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name); +int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx, + int (*cb)(OSSL_PROVIDER *provider, void *cbdata), + void *cbdata); + +const OSSL_PARAM *OSSL_PROVIDER_gettable_params(const OSSL_PROVIDER *prov); +int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); +int OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov); +int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov, + const char *capability, + OSSL_CALLBACK *cb, + void *arg); + +const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov, + int operation_id, + int *no_cache); +void OSSL_PROVIDER_unquery_operation(const OSSL_PROVIDER *prov, + int operation_id, const OSSL_ALGORITHM *algs); +void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov); +const OSSL_DISPATCH *OSSL_PROVIDER_get0_dispatch(const OSSL_PROVIDER *prov); + +/* Add a built in providers */ +int OSSL_PROVIDER_add_builtin(OSSL_LIB_CTX *, const char *name, + OSSL_provider_init_fn *init_fn); + +/* Information */ +const char *OSSL_PROVIDER_get0_name(const OSSL_PROVIDER *prov); + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/quic.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/quic.h new file mode 100644 index 000000000000..3dc2f5e747b4 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/quic.h @@ -0,0 +1,70 @@ +/* + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_QUIC_H +# define OPENSSL_QUIC_H +# pragma once + +# include +# include + +# ifndef OPENSSL_NO_QUIC + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * Method used for non-thread-assisted QUIC client operation. + */ +__owur const SSL_METHOD *OSSL_QUIC_client_method(void); + +/* + * Method used for thread-assisted QUIC client operation. + */ +__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void); + +/* + * QUIC transport error codes (RFC 9000 s. 20.1) + */ +# define OSSL_QUIC_ERR_NO_ERROR 0x00 +# define OSSL_QUIC_ERR_INTERNAL_ERROR 0x01 +# define OSSL_QUIC_ERR_CONNECTION_REFUSED 0x02 +# define OSSL_QUIC_ERR_FLOW_CONTROL_ERROR 0x03 +# define OSSL_QUIC_ERR_STREAM_LIMIT_ERROR 0x04 +# define OSSL_QUIC_ERR_STREAM_STATE_ERROR 0x05 +# define OSSL_QUIC_ERR_FINAL_SIZE_ERROR 0x06 +# define OSSL_QUIC_ERR_FRAME_ENCODING_ERROR 0x07 +# define OSSL_QUIC_ERR_TRANSPORT_PARAMETER_ERROR 0x08 +# define OSSL_QUIC_ERR_CONNECTION_ID_LIMIT_ERROR 0x09 +# define OSSL_QUIC_ERR_PROTOCOL_VIOLATION 0x0A +# define OSSL_QUIC_ERR_INVALID_TOKEN 0x0B +# define OSSL_QUIC_ERR_APPLICATION_ERROR 0x0C +# define OSSL_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED 0x0D +# define OSSL_QUIC_ERR_KEY_UPDATE_ERROR 0x0E +# define OSSL_QUIC_ERR_AEAD_LIMIT_REACHED 0x0F +# define OSSL_QUIC_ERR_NO_VIABLE_PATH 0x10 + +/* Inclusive range for handshake-specific errors. */ +# define OSSL_QUIC_ERR_CRYPTO_ERR_BEGIN 0x0100 +# define OSSL_QUIC_ERR_CRYPTO_ERR_END 0x01FF + +# define OSSL_QUIC_ERR_CRYPTO_ERR(X) \ + (OSSL_QUIC_ERR_CRYPTO_ERR_BEGIN + (X)) + +/* Local errors. */ +# define OSSL_QUIC_LOCAL_ERR_IDLE_TIMEOUT \ + ((uint64_t)0xFFFFFFFFFFFFFFFFULL) + +# ifdef __cplusplus +} +# endif + +# endif /* OPENSSL_NO_QUIC */ +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/rand.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/rand.h new file mode 100644 index 000000000000..1fa1129e3cf7 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/rand.h @@ -0,0 +1,125 @@ +/* + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RAND_H +# define OPENSSL_RAND_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RAND_H +# endif + +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Default security strength (in the sense of [NIST SP 800-90Ar1]) + * + * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that + * of the cipher by collecting less entropy. The current DRBG implementation + * does not take RAND_DRBG_STRENGTH into account and sets the strength of the + * DRBG to that of the cipher. + */ +# define RAND_DRBG_STRENGTH 256 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +struct rand_meth_st { + int (*seed) (const void *buf, int num); + int (*bytes) (unsigned char *buf, int num); + void (*cleanup) (void); + int (*add) (const void *buf, int num, double randomness); + int (*pseudorand) (unsigned char *buf, int num); + int (*status) (void); +}; + +OSSL_DEPRECATEDIN_3_0 int RAND_set_rand_method(const RAND_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 const RAND_METHOD *RAND_get_rand_method(void); +# ifndef OPENSSL_NO_ENGINE +OSSL_DEPRECATEDIN_3_0 int RAND_set_rand_engine(ENGINE *engine); +# endif + +OSSL_DEPRECATEDIN_3_0 RAND_METHOD *RAND_OpenSSL(void); +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define RAND_cleanup() while(0) continue +# endif +int RAND_bytes(unsigned char *buf, int num); +int RAND_priv_bytes(unsigned char *buf, int num); + +/* + * Equivalent of RAND_priv_bytes() but additionally taking an OSSL_LIB_CTX and + * a strength. + */ +int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, + unsigned int strength); + +/* + * Equivalent of RAND_bytes() but additionally taking an OSSL_LIB_CTX and + * a strength. + */ +int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, + unsigned int strength); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +OSSL_DEPRECATEDIN_1_1_0 int RAND_pseudo_bytes(unsigned char *buf, int num); +# endif + +EVP_RAND_CTX *RAND_get0_primary(OSSL_LIB_CTX *ctx); +EVP_RAND_CTX *RAND_get0_public(OSSL_LIB_CTX *ctx); +EVP_RAND_CTX *RAND_get0_private(OSSL_LIB_CTX *ctx); +int RAND_set0_public(OSSL_LIB_CTX *ctx, EVP_RAND_CTX *rand); +int RAND_set0_private(OSSL_LIB_CTX *ctx, EVP_RAND_CTX *rand); + +int RAND_set_DRBG_type(OSSL_LIB_CTX *ctx, const char *drbg, const char *propq, + const char *cipher, const char *digest); +int RAND_set_seed_source_type(OSSL_LIB_CTX *ctx, const char *seed, + const char *propq); + +void RAND_seed(const void *buf, int num); +void RAND_keep_random_devices_open(int keep); + +# if defined(__ANDROID__) && defined(__NDK_FPABI__) +__NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */ +# endif +void RAND_add(const void *buf, int num, double randomness); +int RAND_load_file(const char *file, long max_bytes); +int RAND_write_file(const char *file); +const char *RAND_file_name(char *file, size_t num); +int RAND_status(void); + +# ifndef OPENSSL_NO_EGD +int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); +int RAND_egd(const char *path); +int RAND_egd_bytes(const char *path, int bytes); +# endif + +int RAND_poll(void); + +# if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H)) +/* application has to include in order to use these */ +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +OSSL_DEPRECATEDIN_1_1_0 void RAND_screen(void); +OSSL_DEPRECATEDIN_1_1_0 int RAND_event(UINT, WPARAM, LPARAM); +# endif +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/randerr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/randerr.h new file mode 100644 index 000000000000..04880374a3b7 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/randerr.h @@ -0,0 +1,69 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RANDERR_H +# define OPENSSL_RANDERR_H +# pragma once + +# include +# include +# include + + + +/* + * RAND reason codes. + */ +# define RAND_R_ADDITIONAL_INPUT_TOO_LONG 102 +# define RAND_R_ALREADY_INSTANTIATED 103 +# define RAND_R_ARGUMENT_OUT_OF_RANGE 105 +# define RAND_R_CANNOT_OPEN_FILE 121 +# define RAND_R_DRBG_ALREADY_INITIALIZED 129 +# define RAND_R_DRBG_NOT_INITIALISED 104 +# define RAND_R_ENTROPY_INPUT_TOO_LONG 106 +# define RAND_R_ENTROPY_OUT_OF_RANGE 124 +# define RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED 127 +# define RAND_R_ERROR_INITIALISING_DRBG 107 +# define RAND_R_ERROR_INSTANTIATING_DRBG 108 +# define RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 109 +# define RAND_R_ERROR_RETRIEVING_ENTROPY 110 +# define RAND_R_ERROR_RETRIEVING_NONCE 111 +# define RAND_R_FAILED_TO_CREATE_LOCK 126 +# define RAND_R_FUNC_NOT_IMPLEMENTED 101 +# define RAND_R_FWRITE_ERROR 123 +# define RAND_R_GENERATE_ERROR 112 +# define RAND_R_INSUFFICIENT_DRBG_STRENGTH 139 +# define RAND_R_INTERNAL_ERROR 113 +# define RAND_R_INVALID_PROPERTY_QUERY 137 +# define RAND_R_IN_ERROR_STATE 114 +# define RAND_R_NOT_A_REGULAR_FILE 122 +# define RAND_R_NOT_INSTANTIATED 115 +# define RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED 128 +# define RAND_R_PARENT_LOCKING_NOT_ENABLED 130 +# define RAND_R_PARENT_STRENGTH_TOO_WEAK 131 +# define RAND_R_PERSONALISATION_STRING_TOO_LONG 116 +# define RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED 133 +# define RAND_R_PRNG_NOT_SEEDED 100 +# define RAND_R_RANDOM_POOL_OVERFLOW 125 +# define RAND_R_RANDOM_POOL_UNDERFLOW 134 +# define RAND_R_REQUEST_TOO_LARGE_FOR_DRBG 117 +# define RAND_R_RESEED_ERROR 118 +# define RAND_R_SELFTEST_FAILURE 119 +# define RAND_R_TOO_LITTLE_NONCE_REQUESTED 135 +# define RAND_R_TOO_MUCH_NONCE_REQUESTED 136 +# define RAND_R_UNABLE_TO_CREATE_DRBG 143 +# define RAND_R_UNABLE_TO_FETCH_DRBG 144 +# define RAND_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER 141 +# define RAND_R_UNABLE_TO_GET_PARENT_STRENGTH 138 +# define RAND_R_UNABLE_TO_LOCK_PARENT 140 +# define RAND_R_UNSUPPORTED_DRBG_FLAGS 132 +# define RAND_R_UNSUPPORTED_DRBG_TYPE 120 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/rc2.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/rc2.h new file mode 100644 index 000000000000..ff633fd80f16 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/rc2.h @@ -0,0 +1,68 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RC2_H +# define OPENSSL_RC2_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RC2_H +# endif + +# include + +# ifndef OPENSSL_NO_RC2 +# ifdef __cplusplus +extern "C" { +# endif + +# define RC2_BLOCK 8 +# define RC2_KEY_LENGTH 16 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +typedef unsigned int RC2_INT; + +# define RC2_ENCRYPT 1 +# define RC2_DECRYPT 0 + +typedef struct rc2_key_st { + RC2_INT data[64]; +} RC2_KEY; +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 void RC2_set_key(RC2_KEY *key, int len, + const unsigned char *data, int bits); +OSSL_DEPRECATEDIN_3_0 void RC2_ecb_encrypt(const unsigned char *in, + unsigned char *out, RC2_KEY *key, + int enc); +OSSL_DEPRECATEDIN_3_0 void RC2_encrypt(unsigned long *data, RC2_KEY *key); +OSSL_DEPRECATEDIN_3_0 void RC2_decrypt(unsigned long *data, RC2_KEY *key); +OSSL_DEPRECATEDIN_3_0 void RC2_cbc_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC2_KEY *ks, unsigned char *iv, + int enc); +OSSL_DEPRECATEDIN_3_0 void RC2_cfb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC2_KEY *schedule, + unsigned char *ivec, + int *num, int enc); +OSSL_DEPRECATEDIN_3_0 void RC2_ofb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC2_KEY *schedule, + unsigned char *ivec, + int *num); +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/rc4.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/rc4.h new file mode 100644 index 000000000000..600b2885df1b --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/rc4.h @@ -0,0 +1,47 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RC4_H +# define OPENSSL_RC4_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RC4_H +# endif + +# include + +# ifndef OPENSSL_NO_RC4 +# include +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +typedef struct rc4_key_st { + RC4_INT x, y; + RC4_INT data[256]; +} RC4_KEY; +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 const char *RC4_options(void); +OSSL_DEPRECATEDIN_3_0 void RC4_set_key(RC4_KEY *key, int len, + const unsigned char *data); +OSSL_DEPRECATEDIN_3_0 void RC4(RC4_KEY *key, size_t len, + const unsigned char *indata, + unsigned char *outdata); +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/rc5.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/rc5.h new file mode 100644 index 000000000000..de833523102a --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/rc5.h @@ -0,0 +1,79 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RC5_H +# define OPENSSL_RC5_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RC5_H +# endif + +# include + +# ifndef OPENSSL_NO_RC5 +# ifdef __cplusplus +extern "C" { +# endif + +# define RC5_32_BLOCK 8 +# define RC5_32_KEY_LENGTH 16/* This is a default, max is 255 */ + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define RC5_ENCRYPT 1 +# define RC5_DECRYPT 0 + +# define RC5_32_INT unsigned int + +/* + * This are the only values supported. Tweak the code if you want more The + * most supported modes will be RC5-32/12/16 RC5-32/16/8 + */ +# define RC5_8_ROUNDS 8 +# define RC5_12_ROUNDS 12 +# define RC5_16_ROUNDS 16 + +typedef struct rc5_key_st { + /* Number of rounds */ + int rounds; + RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)]; +} RC5_32_KEY; +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int RC5_32_set_key(RC5_32_KEY *key, int len, + const unsigned char *data, + int rounds); +OSSL_DEPRECATEDIN_3_0 void RC5_32_ecb_encrypt(const unsigned char *in, + unsigned char *out, + RC5_32_KEY *key, + int enc); +OSSL_DEPRECATEDIN_3_0 void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key); +OSSL_DEPRECATEDIN_3_0 void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key); +OSSL_DEPRECATEDIN_3_0 void RC5_32_cbc_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC5_32_KEY *ks, unsigned char *iv, + int enc); +OSSL_DEPRECATEDIN_3_0 void RC5_32_cfb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC5_32_KEY *schedule, + unsigned char *ivec, int *num, + int enc); +OSSL_DEPRECATEDIN_3_0 void RC5_32_ofb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC5_32_KEY *schedule, + unsigned char *ivec, int *num); +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/ripemd.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/ripemd.h new file mode 100644 index 000000000000..900ee317b928 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/ripemd.h @@ -0,0 +1,59 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RIPEMD_H +# define OPENSSL_RIPEMD_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RIPEMD_H +# endif + +# include + +# ifndef OPENSSL_NO_RMD160 +# include +# include + +# define RIPEMD160_DIGEST_LENGTH 20 + +# ifdef __cplusplus +extern "C" { +# endif +# if !defined(OPENSSL_NO_DEPRECATED_3_0) + +# define RIPEMD160_LONG unsigned int + +# define RIPEMD160_CBLOCK 64 +# define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) + +typedef struct RIPEMD160state_st { + RIPEMD160_LONG A, B, C, D, E; + RIPEMD160_LONG Nl, Nh; + RIPEMD160_LONG data[RIPEMD160_LBLOCK]; + unsigned int num; +} RIPEMD160_CTX; +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int RIPEMD160_Init(RIPEMD160_CTX *c); +OSSL_DEPRECATEDIN_3_0 int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, + size_t len); +OSSL_DEPRECATEDIN_3_0 int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); +OSSL_DEPRECATEDIN_3_0 unsigned char *RIPEMD160(const unsigned char *d, size_t n, + unsigned char *md); +OSSL_DEPRECATEDIN_3_0 void RIPEMD160_Transform(RIPEMD160_CTX *c, + const unsigned char *b); +# endif + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/rsa.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/rsa.h new file mode 100644 index 000000000000..167427d3c486 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/rsa.h @@ -0,0 +1,615 @@ +/* + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RSA_H +# define OPENSSL_RSA_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RSA_H +# endif + +# include + +# include +# include +# include +# include +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# endif +# include +# include +# ifndef OPENSSL_NO_STDIO +# include +# endif + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_RSA_MAX_MODULUS_BITS +# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 +# endif + +# define RSA_3 0x3L +# define RSA_F4 0x10001L + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* The types RSA and RSA_METHOD are defined in ossl_typ.h */ + +# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 2048 + +# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS +# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 +# endif + +/* exponent limit enforced for "large" modulus only */ +# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS +# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 +# endif +/* based on RFC 8017 appendix A.1.2 */ +# define RSA_ASN1_VERSION_DEFAULT 0 +# define RSA_ASN1_VERSION_MULTI 1 + +# define RSA_DEFAULT_PRIME_NUM 2 + +# define RSA_METHOD_FLAG_NO_CHECK 0x0001 +# define RSA_FLAG_CACHE_PUBLIC 0x0002 +# define RSA_FLAG_CACHE_PRIVATE 0x0004 +# define RSA_FLAG_BLINDING 0x0008 +# define RSA_FLAG_THREAD_SAFE 0x0010 +/* + * This flag means the private key operations will be handled by rsa_mod_exp + * and that they do not depend on the private key components being present: + * for example a key stored in external hardware. Without this flag + * bn_mod_exp gets called when private key components are absent. + */ +# define RSA_FLAG_EXT_PKEY 0x0020 + +/* + * new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ +# define RSA_FLAG_NO_BLINDING 0x0080 +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define RSA_FLAG_NO_CONSTTIME 0x0000 +# endif +/* deprecated name for the flag*/ +/* + * new with 0.9.7h; the built-in RSA + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ +# ifndef OPENSSL_NO_DEPRECATED_0_9_8 +# define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME +# endif + +/*- + * New with 3.0: use part of the flags to denote exact type of RSA key, + * some of which are limited to specific signature and encryption schemes. + * These different types share the same RSA structure, but indicate the + * use of certain fields in that structure. + * Currently known are: + * RSA - this is the "normal" unlimited RSA structure (typenum 0) + * RSASSA-PSS - indicates that the PSS parameters are used. + * RSAES-OAEP - no specific field used for the moment, but OAEP padding + * is expected. (currently unused) + * + * 4 bits allow for 16 types + */ +# define RSA_FLAG_TYPE_MASK 0xF000 +# define RSA_FLAG_TYPE_RSA 0x0000 +# define RSA_FLAG_TYPE_RSASSAPSS 0x1000 +# define RSA_FLAG_TYPE_RSAESOAEP 0x2000 + +int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode); +int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad_mode); + +int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen); +int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *saltlen); + +int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int bits); +int EVP_PKEY_CTX_set1_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); +int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes); +int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *ctx, int saltlen); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); +# endif + +/* Salt length matches digest */ +# define RSA_PSS_SALTLEN_DIGEST -1 +/* Verify only: auto detect salt length */ +# define RSA_PSS_SALTLEN_AUTO -2 +/* Set salt length to maximum possible */ +# define RSA_PSS_SALTLEN_MAX -3 +/* Auto-detect on verify, set salt length to min(maximum possible, digest + * length) on sign */ +# define RSA_PSS_SALTLEN_AUTO_DIGEST_MAX -4 +/* Old compatible max salt length for sign only */ +# define RSA_PSS_SALTLEN_MAX_SIGN -2 + +int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname, + const char *mdprops); +int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +int EVP_PKEY_CTX_get_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, char *name, + size_t namelen); +int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name(EVP_PKEY_CTX *ctx, + const char *mdname); + +int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +int EVP_PKEY_CTX_set_rsa_pss_keygen_md_name(EVP_PKEY_CTX *ctx, + const char *mdname, + const char *mdprops); + +int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname, + const char *mdprops); +int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name, + size_t namelen); +int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen); +int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); + +# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) + +# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5) + +# define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8) + +# define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10) + +# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) + +# define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) + +# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14) + +# define RSA_PKCS1_PADDING 1 +# define RSA_NO_PADDING 3 +# define RSA_PKCS1_OAEP_PADDING 4 +# define RSA_X931_PADDING 5 + +/* EVP_PKEY_ only */ +# define RSA_PKCS1_PSS_PADDING 6 +# define RSA_PKCS1_WITH_TLS_PADDING 7 + +/* internal RSA_ only */ +# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8 + +# define RSA_PKCS1_PADDING_SIZE 11 + +# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) +# define RSA_get_app_data(s) RSA_get_ex_data(s,0) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void); +OSSL_DEPRECATEDIN_3_0 RSA *RSA_new_method(ENGINE *engine); +OSSL_DEPRECATEDIN_3_0 int RSA_bits(const RSA *rsa); +OSSL_DEPRECATEDIN_3_0 int RSA_size(const RSA *rsa); +OSSL_DEPRECATEDIN_3_0 int RSA_security_bits(const RSA *rsa); + +OSSL_DEPRECATEDIN_3_0 int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +OSSL_DEPRECATEDIN_3_0 int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +OSSL_DEPRECATEDIN_3_0 int RSA_set0_crt_params(RSA *r, + BIGNUM *dmp1, BIGNUM *dmq1, + BIGNUM *iqmp); +OSSL_DEPRECATEDIN_3_0 int RSA_set0_multi_prime_params(RSA *r, + BIGNUM *primes[], + BIGNUM *exps[], + BIGNUM *coeffs[], + int pnum); +OSSL_DEPRECATEDIN_3_0 void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, + const BIGNUM **d); +OSSL_DEPRECATEDIN_3_0 void RSA_get0_factors(const RSA *r, + const BIGNUM **p, const BIGNUM **q); +OSSL_DEPRECATEDIN_3_0 int RSA_get_multi_prime_extra_count(const RSA *r); +OSSL_DEPRECATEDIN_3_0 int RSA_get0_multi_prime_factors(const RSA *r, + const BIGNUM *primes[]); +OSSL_DEPRECATEDIN_3_0 void RSA_get0_crt_params(const RSA *r, + const BIGNUM **dmp1, + const BIGNUM **dmq1, + const BIGNUM **iqmp); +OSSL_DEPRECATEDIN_3_0 +int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], + const BIGNUM *coeffs[]); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_n(const RSA *d); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_e(const RSA *d); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_d(const RSA *d); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_p(const RSA *d); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_q(const RSA *d); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_dmp1(const RSA *r); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_dmq1(const RSA *r); +OSSL_DEPRECATEDIN_3_0 const BIGNUM *RSA_get0_iqmp(const RSA *r); +OSSL_DEPRECATEDIN_3_0 const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r); +OSSL_DEPRECATEDIN_3_0 void RSA_clear_flags(RSA *r, int flags); +OSSL_DEPRECATEDIN_3_0 int RSA_test_flags(const RSA *r, int flags); +OSSL_DEPRECATEDIN_3_0 void RSA_set_flags(RSA *r, int flags); +OSSL_DEPRECATEDIN_3_0 int RSA_get_version(RSA *r); +OSSL_DEPRECATEDIN_3_0 ENGINE *RSA_get0_engine(const RSA *r); +# endif /* !OPENSSL_NO_DEPRECATED_3_0 */ + +# define EVP_RSA_gen(bits) \ + EVP_PKEY_Q_keygen(NULL, NULL, "RSA", (size_t)(0 + (bits))) + +/* Deprecated version */ +# ifndef OPENSSL_NO_DEPRECATED_0_9_8 +OSSL_DEPRECATEDIN_0_9_8 RSA *RSA_generate_key(int bits, unsigned long e, void + (*callback) (int, int, void *), + void *cb_arg); +# endif + +/* New version */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb); +/* Multi-prime version */ +OSSL_DEPRECATEDIN_3_0 int RSA_generate_multi_prime_key(RSA *rsa, int bits, + int primes, BIGNUM *e, + BN_GENCB *cb); + +OSSL_DEPRECATEDIN_3_0 +int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, + BIGNUM *q1, BIGNUM *q2, + const BIGNUM *Xp1, const BIGNUM *Xp2, + const BIGNUM *Xp, const BIGNUM *Xq1, + const BIGNUM *Xq2, const BIGNUM *Xq, + const BIGNUM *e, BN_GENCB *cb); +OSSL_DEPRECATEDIN_3_0 int RSA_X931_generate_key_ex(RSA *rsa, int bits, + const BIGNUM *e, + BN_GENCB *cb); + +OSSL_DEPRECATEDIN_3_0 int RSA_check_key(const RSA *); +OSSL_DEPRECATEDIN_3_0 int RSA_check_key_ex(const RSA *, BN_GENCB *cb); + /* next 4 return -1 on error */ +OSSL_DEPRECATEDIN_3_0 +int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding); +OSSL_DEPRECATEDIN_3_0 +int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding); +OSSL_DEPRECATEDIN_3_0 +int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding); +OSSL_DEPRECATEDIN_3_0 +int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding); +OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r); +/* "up" the RSA object's reference count */ +OSSL_DEPRECATEDIN_3_0 int RSA_up_ref(RSA *r); +OSSL_DEPRECATEDIN_3_0 int RSA_flags(const RSA *r); + +OSSL_DEPRECATEDIN_3_0 void RSA_set_default_method(const RSA_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 const RSA_METHOD *RSA_get_default_method(void); +OSSL_DEPRECATEDIN_3_0 const RSA_METHOD *RSA_null_method(void); +OSSL_DEPRECATEDIN_3_0 const RSA_METHOD *RSA_get_method(const RSA *rsa); +OSSL_DEPRECATEDIN_3_0 int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); + +/* these are the actual RSA functions */ +OSSL_DEPRECATEDIN_3_0 const RSA_METHOD *RSA_PKCS1_OpenSSL(void); + +DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(OSSL_DEPRECATEDIN_3_0, + RSA, RSAPublicKey) +DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(OSSL_DEPRECATEDIN_3_0, + RSA, RSAPrivateKey) +# endif /* !OPENSSL_NO_DEPRECATED_3_0 */ + +int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2); + +struct rsa_pss_params_st { + X509_ALGOR *hashAlgorithm; + X509_ALGOR *maskGenAlgorithm; + ASN1_INTEGER *saltLength; + ASN1_INTEGER *trailerField; + /* Decoded hash algorithm from maskGenAlgorithm */ + X509_ALGOR *maskHash; +}; + +DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) +DECLARE_ASN1_DUP_FUNCTION(RSA_PSS_PARAMS) + +typedef struct rsa_oaep_params_st { + X509_ALGOR *hashFunc; + X509_ALGOR *maskGenFunc; + X509_ALGOR *pSourceFunc; + /* Decoded hash algorithm from maskGenFunc */ + X509_ALGOR *maskHash; +} RSA_OAEP_PARAMS; + +DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_STDIO +OSSL_DEPRECATEDIN_3_0 int RSA_print_fp(FILE *fp, const RSA *r, int offset); +# endif + +OSSL_DEPRECATEDIN_3_0 int RSA_print(BIO *bp, const RSA *r, int offset); + +/* + * The following 2 functions sign and verify a X509_SIG ASN1 object inside + * PKCS#1 padded RSA encryption + */ +OSSL_DEPRECATEDIN_3_0 int RSA_sign(int type, const unsigned char *m, + unsigned int m_length, unsigned char *sigret, + unsigned int *siglen, RSA *rsa); +OSSL_DEPRECATEDIN_3_0 int RSA_verify(int type, const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, RSA *rsa); + +/* + * The following 2 function sign and verify a ASN1_OCTET_STRING object inside + * PKCS#1 padded RSA encryption + */ +OSSL_DEPRECATEDIN_3_0 +int RSA_sign_ASN1_OCTET_STRING(int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + RSA *rsa); +OSSL_DEPRECATEDIN_3_0 +int RSA_verify_ASN1_OCTET_STRING(int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigbuf, unsigned int siglen, + RSA *rsa); + +OSSL_DEPRECATEDIN_3_0 int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 void RSA_blinding_off(RSA *rsa); +OSSL_DEPRECATEDIN_3_0 BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx); + +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, int fl); +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, int fl); +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +OSSL_DEPRECATEDIN_3_0 int PKCS1_MGF1(unsigned char *mask, long len, + const unsigned char *seed, long seedlen, + const EVP_MD *dgst); +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, + const unsigned char *p, int pl); +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len, + const unsigned char *p, int pl); +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + const unsigned char *param, int plen, + const EVP_MD *md, const EVP_MD *mgf1md); +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + int num, + const unsigned char *param, int plen, + const EVP_MD *md, const EVP_MD *mgf1md); +OSSL_DEPRECATEDIN_3_0 int RSA_padding_add_none(unsigned char *to, int tlen, + const unsigned char *f, int fl); +OSSL_DEPRECATEDIN_3_0 int RSA_padding_check_none(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +OSSL_DEPRECATEDIN_3_0 int RSA_padding_add_X931(unsigned char *to, int tlen, + const unsigned char *f, int fl); +OSSL_DEPRECATEDIN_3_0 int RSA_padding_check_X931(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len); +OSSL_DEPRECATEDIN_3_0 int RSA_X931_hash_id(int nid); + +OSSL_DEPRECATEDIN_3_0 +int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const unsigned char *EM, + int sLen); +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, const EVP_MD *Hash, + int sLen); + +OSSL_DEPRECATEDIN_3_0 +int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + const unsigned char *EM, int sLen); + +OSSL_DEPRECATEDIN_3_0 +int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + int sLen); + +# define RSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef) +OSSL_DEPRECATEDIN_3_0 int RSA_set_ex_data(RSA *r, int idx, void *arg); +OSSL_DEPRECATEDIN_3_0 void *RSA_get_ex_data(const RSA *r, int idx); + +DECLARE_ASN1_DUP_FUNCTION_name_attr(OSSL_DEPRECATEDIN_3_0, RSA, RSAPublicKey) +DECLARE_ASN1_DUP_FUNCTION_name_attr(OSSL_DEPRECATEDIN_3_0, RSA, RSAPrivateKey) + +/* + * If this flag is set the RSA method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define RSA_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define RSA_FLAG_NON_FIPS_ALLOW 0x0400 +/* + * Application has decided PRNG is good enough to generate a key: don't + * check. + */ +# define RSA_FLAG_CHECKED 0x0800 + +OSSL_DEPRECATEDIN_3_0 RSA_METHOD *RSA_meth_new(const char *name, int flags); +OSSL_DEPRECATEDIN_3_0 void RSA_meth_free(RSA_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 const char *RSA_meth_get0_name(const RSA_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 int RSA_meth_set1_name(RSA_METHOD *meth, + const char *name); +OSSL_DEPRECATEDIN_3_0 int RSA_meth_get_flags(const RSA_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 int RSA_meth_set_flags(RSA_METHOD *meth, int flags); +OSSL_DEPRECATEDIN_3_0 void *RSA_meth_get0_app_data(const RSA_METHOD *meth); +OSSL_DEPRECATEDIN_3_0 int RSA_meth_set0_app_data(RSA_METHOD *meth, + void *app_data); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) (int flen, + const unsigned char *from, + unsigned char *to, + RSA *rsa, int padding); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_pub_enc(RSA_METHOD *rsa, + int (*pub_enc) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) (int flen, + const unsigned char *from, + unsigned char *to, + RSA *rsa, int padding); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_pub_dec(RSA_METHOD *rsa, + int (*pub_dec) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) (int flen, + const unsigned char *from, + unsigned char *to, + RSA *rsa, int padding); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_priv_enc(RSA_METHOD *rsa, + int (*priv_enc) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) (int flen, + const unsigned char *from, + unsigned char *to, + RSA *rsa, int padding); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_priv_dec(RSA_METHOD *rsa, + int (*priv_dec) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) (BIGNUM *r0, + const BIGNUM *i, + RSA *rsa, BN_CTX *ctx); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_mod_exp(RSA_METHOD *rsa, + int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, + BN_CTX *ctx)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) (BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, + int (*bn_mod_exp) (BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_sign(const RSA_METHOD *meth)) (int type, + const unsigned char *m, + unsigned int m_length, + unsigned char *sigret, + unsigned int *siglen, + const RSA *rsa); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_sign(RSA_METHOD *rsa, + int (*sign) (int type, const unsigned char *m, + unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_verify(const RSA_METHOD *meth)) (int dtype, + const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, + const RSA *rsa); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_verify(RSA_METHOD *rsa, + int (*verify) (int dtype, const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) (RSA *rsa, int bits, + BIGNUM *e, BN_GENCB *cb); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_keygen(RSA_METHOD *rsa, + int (*keygen) (RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb)); +OSSL_DEPRECATEDIN_3_0 +int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth)) (RSA *rsa, + int bits, + int primes, + BIGNUM *e, + BN_GENCB *cb); +OSSL_DEPRECATEDIN_3_0 +int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, + int (*keygen) (RSA *rsa, int bits, + int primes, BIGNUM *e, + BN_GENCB *cb)); +#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/rsaerr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/rsaerr.h new file mode 100644 index 000000000000..c58463c7c19f --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/rsaerr.h @@ -0,0 +1,107 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RSAERR_H +# define OPENSSL_RSAERR_H +# pragma once + +# include +# include +# include + + + +/* + * RSA reason codes. + */ +# define RSA_R_ALGORITHM_MISMATCH 100 +# define RSA_R_BAD_E_VALUE 101 +# define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 +# define RSA_R_BAD_PAD_BYTE_COUNT 103 +# define RSA_R_BAD_SIGNATURE 104 +# define RSA_R_BLOCK_TYPE_IS_NOT_01 106 +# define RSA_R_BLOCK_TYPE_IS_NOT_02 107 +# define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 +# define RSA_R_DATA_TOO_LARGE 109 +# define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 +# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 +# define RSA_R_DATA_TOO_SMALL 111 +# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 +# define RSA_R_DIGEST_DOES_NOT_MATCH 158 +# define RSA_R_DIGEST_NOT_ALLOWED 145 +# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 +# define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 +# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 +# define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 +# define RSA_R_FIRST_OCTET_INVALID 133 +# define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 +# define RSA_R_INVALID_DIGEST 157 +# define RSA_R_INVALID_DIGEST_LENGTH 143 +# define RSA_R_INVALID_HEADER 137 +# define RSA_R_INVALID_KEYPAIR 171 +# define RSA_R_INVALID_KEY_LENGTH 173 +# define RSA_R_INVALID_LABEL 160 +# define RSA_R_INVALID_LENGTH 181 +# define RSA_R_INVALID_MESSAGE_LENGTH 131 +# define RSA_R_INVALID_MGF1_MD 156 +# define RSA_R_INVALID_MODULUS 174 +# define RSA_R_INVALID_MULTI_PRIME_KEY 167 +# define RSA_R_INVALID_OAEP_PARAMETERS 161 +# define RSA_R_INVALID_PADDING 138 +# define RSA_R_INVALID_PADDING_MODE 141 +# define RSA_R_INVALID_PSS_PARAMETERS 149 +# define RSA_R_INVALID_PSS_SALTLEN 146 +# define RSA_R_INVALID_REQUEST 175 +# define RSA_R_INVALID_SALT_LENGTH 150 +# define RSA_R_INVALID_STRENGTH 176 +# define RSA_R_INVALID_TRAILER 139 +# define RSA_R_INVALID_X931_DIGEST 142 +# define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 +# define RSA_R_KEY_PRIME_NUM_INVALID 165 +# define RSA_R_KEY_SIZE_TOO_SMALL 120 +# define RSA_R_LAST_OCTET_INVALID 134 +# define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152 +# define RSA_R_MISSING_PRIVATE_KEY 179 +# define RSA_R_MODULUS_TOO_LARGE 105 +# define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 168 +# define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169 +# define RSA_R_MP_R_NOT_PRIME 170 +# define RSA_R_NO_PUBLIC_EXPONENT 140 +# define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 +# define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 172 +# define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 +# define RSA_R_OAEP_DECODING_ERROR 121 +# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 +# define RSA_R_PADDING_CHECK_FAILED 114 +# define RSA_R_PAIRWISE_TEST_FAILURE 177 +# define RSA_R_PKCS_DECODING_ERROR 159 +# define RSA_R_PSS_SALTLEN_TOO_SMALL 164 +# define RSA_R_PUB_EXPONENT_OUT_OF_RANGE 178 +# define RSA_R_P_NOT_PRIME 128 +# define RSA_R_Q_NOT_PRIME 129 +# define RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT 180 +# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 +# define RSA_R_SLEN_CHECK_FAILED 136 +# define RSA_R_SLEN_RECOVERY_FAILED 135 +# define RSA_R_SSLV3_ROLLBACK_ATTACK 115 +# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 +# define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 +# define RSA_R_UNKNOWN_DIGEST 166 +# define RSA_R_UNKNOWN_MASK_DIGEST 151 +# define RSA_R_UNKNOWN_PADDING_TYPE 118 +# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162 +# define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 +# define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 +# define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 +# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 +# define RSA_R_VALUE_MISSING 147 +# define RSA_R_WRONG_SIGNATURE_LENGTH 119 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/seed.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/seed.h new file mode 100644 index 000000000000..edb218ae6e2d --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/seed.h @@ -0,0 +1,113 @@ +/* + * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Neither the name of author nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef OPENSSL_SEED_H +# define OPENSSL_SEED_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SEED_H +# endif + +# include + +# ifndef OPENSSL_NO_SEED +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# define SEED_BLOCK_SIZE 16 +# define SEED_KEY_LENGTH 16 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* look whether we need 'long' to get 32 bits */ +# ifdef AES_LONG +# ifndef SEED_LONG +# define SEED_LONG 1 +# endif +# endif + + +typedef struct seed_key_st { +# ifdef SEED_LONG + unsigned long data[32]; +# else + unsigned int data[32]; +# endif +} SEED_KEY_SCHEDULE; +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], + SEED_KEY_SCHEDULE *ks); +OSSL_DEPRECATEDIN_3_0 +void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks); +OSSL_DEPRECATEDIN_3_0 +void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks); +OSSL_DEPRECATEDIN_3_0 +void SEED_ecb_encrypt(const unsigned char *in, + unsigned char *out, + const SEED_KEY_SCHEDULE *ks, int enc); +OSSL_DEPRECATEDIN_3_0 +void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, + const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], + int enc); +OSSL_DEPRECATEDIN_3_0 +void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], + int *num, int enc); +OSSL_DEPRECATEDIN_3_0 +void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], + int *num); +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/self_test.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/self_test.h new file mode 100644 index 000000000000..17822049acfb --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/self_test.h @@ -0,0 +1,96 @@ +/* + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SELF_TEST_H +# define OPENSSL_SELF_TEST_H +# pragma once + +# include /* OSSL_CALLBACK */ + +# ifdef __cplusplus +extern "C" { +# endif + +/* The test event phases */ +# define OSSL_SELF_TEST_PHASE_NONE "None" +# define OSSL_SELF_TEST_PHASE_START "Start" +# define OSSL_SELF_TEST_PHASE_CORRUPT "Corrupt" +# define OSSL_SELF_TEST_PHASE_PASS "Pass" +# define OSSL_SELF_TEST_PHASE_FAIL "Fail" + +/* Test event categories */ +# define OSSL_SELF_TEST_TYPE_NONE "None" +# define OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY "Module_Integrity" +# define OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY "Install_Integrity" +# define OSSL_SELF_TEST_TYPE_CRNG "Continuous_RNG_Test" +# define OSSL_SELF_TEST_TYPE_PCT "Conditional_PCT" +# define OSSL_SELF_TEST_TYPE_PCT_KAT "Conditional_KAT" +# define OSSL_SELF_TEST_TYPE_KAT_INTEGRITY "KAT_Integrity" +# define OSSL_SELF_TEST_TYPE_KAT_CIPHER "KAT_Cipher" +# define OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER "KAT_AsymmetricCipher" +# define OSSL_SELF_TEST_TYPE_KAT_DIGEST "KAT_Digest" +# define OSSL_SELF_TEST_TYPE_KAT_SIGNATURE "KAT_Signature" +# define OSSL_SELF_TEST_TYPE_PCT_SIGNATURE "PCT_Signature" +# define OSSL_SELF_TEST_TYPE_KAT_KDF "KAT_KDF" +# define OSSL_SELF_TEST_TYPE_KAT_KA "KAT_KA" +# define OSSL_SELF_TEST_TYPE_DRBG "DRBG" + +/* Test event sub categories */ +# define OSSL_SELF_TEST_DESC_NONE "None" +# define OSSL_SELF_TEST_DESC_INTEGRITY_HMAC "HMAC" +# define OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1 "RSA" +# define OSSL_SELF_TEST_DESC_PCT_ECDSA "ECDSA" +# define OSSL_SELF_TEST_DESC_PCT_EDDSA "EDDSA" +# define OSSL_SELF_TEST_DESC_PCT_DSA "DSA" +# define OSSL_SELF_TEST_DESC_CIPHER_AES_GCM "AES_GCM" +# define OSSL_SELF_TEST_DESC_CIPHER_AES_ECB "AES_ECB_Decrypt" +# define OSSL_SELF_TEST_DESC_CIPHER_TDES "TDES" +# define OSSL_SELF_TEST_DESC_ASYM_RSA_ENC "RSA_Encrypt" +# define OSSL_SELF_TEST_DESC_ASYM_RSA_DEC "RSA_Decrypt" +# define OSSL_SELF_TEST_DESC_MD_SHA1 "SHA1" +# define OSSL_SELF_TEST_DESC_MD_SHA2 "SHA2" +# define OSSL_SELF_TEST_DESC_MD_SHA3 "SHA3" +# define OSSL_SELF_TEST_DESC_SIGN_DSA "DSA" +# define OSSL_SELF_TEST_DESC_SIGN_RSA "RSA" +# define OSSL_SELF_TEST_DESC_SIGN_ECDSA "ECDSA" +# define OSSL_SELF_TEST_DESC_DRBG_CTR "CTR" +# define OSSL_SELF_TEST_DESC_DRBG_HASH "HASH" +# define OSSL_SELF_TEST_DESC_DRBG_HMAC "HMAC" +# define OSSL_SELF_TEST_DESC_KA_DH "DH" +# define OSSL_SELF_TEST_DESC_KA_ECDH "ECDH" +# define OSSL_SELF_TEST_DESC_KDF_HKDF "HKDF" +# define OSSL_SELF_TEST_DESC_KDF_SSKDF "SSKDF" +# define OSSL_SELF_TEST_DESC_KDF_X963KDF "X963KDF" +# define OSSL_SELF_TEST_DESC_KDF_X942KDF "X942KDF" +# define OSSL_SELF_TEST_DESC_KDF_PBKDF2 "PBKDF2" +# define OSSL_SELF_TEST_DESC_KDF_SSHKDF "SSHKDF" +# define OSSL_SELF_TEST_DESC_KDF_TLS12_PRF "TLS12_PRF" +# define OSSL_SELF_TEST_DESC_KDF_KBKDF "KBKDF" +# define OSSL_SELF_TEST_DESC_KDF_KBKDF_KMAC "KBKDF_KMAC" +# define OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT "TLS13_KDF_EXTRACT" +# define OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND "TLS13_KDF_EXPAND" +# define OSSL_SELF_TEST_DESC_RNG "RNG" + +void OSSL_SELF_TEST_set_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK *cb, + void *cbarg); +void OSSL_SELF_TEST_get_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK **cb, + void **cbarg); + +OSSL_SELF_TEST *OSSL_SELF_TEST_new(OSSL_CALLBACK *cb, void *cbarg); +void OSSL_SELF_TEST_free(OSSL_SELF_TEST *st); + +void OSSL_SELF_TEST_onbegin(OSSL_SELF_TEST *st, const char *type, + const char *desc); +int OSSL_SELF_TEST_oncorrupt_byte(OSSL_SELF_TEST *st, unsigned char *bytes); +void OSSL_SELF_TEST_onend(OSSL_SELF_TEST *st, int ret); + +# ifdef __cplusplus +} +# endif +#endif /* OPENSSL_SELF_TEST_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/sha.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/sha.h new file mode 100644 index 000000000000..163a7d588af9 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/sha.h @@ -0,0 +1,139 @@ +/* + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SHA_H +# define OPENSSL_SHA_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SHA_H +# endif + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# define SHA_DIGEST_LENGTH 20 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! SHA_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define SHA_LONG unsigned int + +# define SHA_LBLOCK 16 +# define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ +# define SHA_LAST_BLOCK (SHA_CBLOCK-8) + +typedef struct SHAstate_st { + SHA_LONG h0, h1, h2, h3, h4; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num; +} SHA_CTX; + +OSSL_DEPRECATEDIN_3_0 int SHA1_Init(SHA_CTX *c); +OSSL_DEPRECATEDIN_3_0 int SHA1_Update(SHA_CTX *c, const void *data, size_t len); +OSSL_DEPRECATEDIN_3_0 int SHA1_Final(unsigned char *md, SHA_CTX *c); +OSSL_DEPRECATEDIN_3_0 void SHA1_Transform(SHA_CTX *c, const unsigned char *data); +# endif + +unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ + +typedef struct SHA256state_st { + SHA_LONG h[8]; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num, md_len; +} SHA256_CTX; + +OSSL_DEPRECATEDIN_3_0 int SHA224_Init(SHA256_CTX *c); +OSSL_DEPRECATEDIN_3_0 int SHA224_Update(SHA256_CTX *c, + const void *data, size_t len); +OSSL_DEPRECATEDIN_3_0 int SHA224_Final(unsigned char *md, SHA256_CTX *c); +OSSL_DEPRECATEDIN_3_0 int SHA256_Init(SHA256_CTX *c); +OSSL_DEPRECATEDIN_3_0 int SHA256_Update(SHA256_CTX *c, + const void *data, size_t len); +OSSL_DEPRECATEDIN_3_0 int SHA256_Final(unsigned char *md, SHA256_CTX *c); +OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c, + const unsigned char *data); +# endif + +unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md); +unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); + +# define SHA256_192_DIGEST_LENGTH 24 +# define SHA224_DIGEST_LENGTH 28 +# define SHA256_DIGEST_LENGTH 32 +# define SHA384_DIGEST_LENGTH 48 +# define SHA512_DIGEST_LENGTH 64 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* + * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 + * being exactly 64-bit wide. See Implementation Notes in sha512.c + * for further details. + */ +/* + * SHA-512 treats input data as a + * contiguous array of 64 bit + * wide big-endian values. + */ +# define SHA512_CBLOCK (SHA_LBLOCK*8) +# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +# define SHA_LONG64 unsigned __int64 +# elif defined(__arch64__) +# define SHA_LONG64 unsigned long +# else +# define SHA_LONG64 unsigned long long +# endif + +typedef struct SHA512state_st { + SHA_LONG64 h[8]; + SHA_LONG64 Nl, Nh; + union { + SHA_LONG64 d[SHA_LBLOCK]; + unsigned char p[SHA512_CBLOCK]; + } u; + unsigned int num, md_len; +} SHA512_CTX; + +OSSL_DEPRECATEDIN_3_0 int SHA384_Init(SHA512_CTX *c); +OSSL_DEPRECATEDIN_3_0 int SHA384_Update(SHA512_CTX *c, + const void *data, size_t len); +OSSL_DEPRECATEDIN_3_0 int SHA384_Final(unsigned char *md, SHA512_CTX *c); +OSSL_DEPRECATEDIN_3_0 int SHA512_Init(SHA512_CTX *c); +OSSL_DEPRECATEDIN_3_0 int SHA512_Update(SHA512_CTX *c, + const void *data, size_t len); +OSSL_DEPRECATEDIN_3_0 int SHA512_Final(unsigned char *md, SHA512_CTX *c); +OSSL_DEPRECATEDIN_3_0 void SHA512_Transform(SHA512_CTX *c, + const unsigned char *data); +# endif + +unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md); +unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/srtp.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/srtp.h new file mode 100644 index 000000000000..2c2c334443c4 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/srtp.h @@ -0,0 +1,68 @@ +/* + * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * DTLS code by Eric Rescorla + * + * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc. + */ + +#ifndef OPENSSL_SRTP_H +# define OPENSSL_SRTP_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_D1_SRTP_H +# endif + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define SRTP_AES128_CM_SHA1_80 0x0001 +# define SRTP_AES128_CM_SHA1_32 0x0002 +# define SRTP_AES128_F8_SHA1_80 0x0003 +# define SRTP_AES128_F8_SHA1_32 0x0004 +# define SRTP_NULL_SHA1_80 0x0005 +# define SRTP_NULL_SHA1_32 0x0006 + +/* AEAD SRTP protection profiles from RFC 7714 */ +# define SRTP_AEAD_AES_128_GCM 0x0007 +# define SRTP_AEAD_AES_256_GCM 0x0008 + +/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */ +# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM 0x0009 +# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM 0x000A + +/* ARIA SRTP protection profiles from RFC 8269 */ +# define SRTP_ARIA_128_CTR_HMAC_SHA1_80 0x000B +# define SRTP_ARIA_128_CTR_HMAC_SHA1_32 0x000C +# define SRTP_ARIA_256_CTR_HMAC_SHA1_80 0x000D +# define SRTP_ARIA_256_CTR_HMAC_SHA1_32 0x000E +# define SRTP_AEAD_ARIA_128_GCM 0x000F +# define SRTP_AEAD_ARIA_256_GCM 0x0010 + +# ifndef OPENSSL_NO_SRTP + +__owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); +__owur int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); + +__owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +__owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); + +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/ssl.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/ssl.h index 2b43485f7258..6815f846cc2c 100644 --- a/contrib/openssl-cmake/linux_x86_64/include/openssl/ssl.h +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/ssl.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/ssl.h.in * - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -449,6 +449,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); /* Enable KTLS TX zerocopy on Linux */ # define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE SSL_OP_BIT(34) +#define SSL_OP_PREFER_NO_DHE_KEX SSL_OP_BIT(35) + /* * Option "collections." */ @@ -1761,6 +1763,9 @@ __owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); __owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); __owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); +__owur time_t SSL_SESSION_get_time_ex(const SSL_SESSION *s); +__owur time_t SSL_SESSION_set_time_ex(SSL_SESSION *s, time_t t); + __owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); __owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, @@ -2014,6 +2019,12 @@ long SSL_callback_ctrl(SSL *, int, void (*)(void)); long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); +# define SSL_WRITE_FLAG_CONCLUDE (1U << 0) + +__owur int SSL_write_ex2(SSL *s, const void *buf, size_t num, + uint64_t flags, + size_t *written); + # define SSL_EARLY_DATA_NOT_SENT 0 # define SSL_EARLY_DATA_REJECTED 1 # define SSL_EARLY_DATA_ACCEPTED 2 @@ -2430,6 +2441,124 @@ __owur int SSL_get_conn_close_info(SSL *ssl, SSL_CONN_CLOSE_INFO *info, size_t info_len); +# define SSL_VALUE_CLASS_GENERIC 0 +# define SSL_VALUE_CLASS_FEATURE_REQUEST 1 +# define SSL_VALUE_CLASS_FEATURE_PEER_REQUEST 2 +# define SSL_VALUE_CLASS_FEATURE_NEGOTIATED 3 + +# define SSL_VALUE_NONE 0 +# define SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL 1 +# define SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL 2 +# define SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL 3 +# define SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL 4 +# define SSL_VALUE_QUIC_IDLE_TIMEOUT 5 +# define SSL_VALUE_EVENT_HANDLING_MODE 6 +# define SSL_VALUE_STREAM_WRITE_BUF_SIZE 7 +# define SSL_VALUE_STREAM_WRITE_BUF_USED 8 +# define SSL_VALUE_STREAM_WRITE_BUF_AVAIL 9 + +# define SSL_VALUE_EVENT_HANDLING_MODE_INHERIT 0 +# define SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT 1 +# define SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT 2 + +int SSL_get_value_uint(SSL *s, uint32_t class_, uint32_t id, uint64_t *v); +int SSL_set_value_uint(SSL *s, uint32_t class_, uint32_t id, uint64_t v); + +# define SSL_get_generic_value_uint(ssl, id, v) \ + SSL_get_value_uint((ssl), SSL_VALUE_CLASS_GENERIC, (id), (v)) +# define SSL_set_generic_value_uint(ssl, id, v) \ + SSL_set_value_uint((ssl), SSL_VALUE_CLASS_GENERIC, (id), (v)) +# define SSL_get_feature_request_uint(ssl, id, v) \ + SSL_get_value_uint((ssl), SSL_VALUE_CLASS_FEATURE_REQUEST, (id), (v)) +# define SSL_set_feature_request_uint(ssl, id, v) \ + SSL_set_value_uint((ssl), SSL_VALUE_CLASS_FEATURE_REQUEST, (id), (v)) +# define SSL_get_feature_peer_request_uint(ssl, id, v) \ + SSL_get_value_uint((ssl), SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, (id), (v)) +# define SSL_get_feature_negotiated_uint(ssl, id, v) \ + SSL_get_value_uint((ssl), SSL_VALUE_CLASS_FEATURE_NEGOTIATED, (id), (v)) + +# define SSL_get_quic_stream_bidi_local_avail(ssl, value) \ + SSL_get_generic_value_uint((ssl), SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL, \ + (value)) +# define SSL_get_quic_stream_bidi_remote_avail(ssl, value) \ + SSL_get_generic_value_uint((ssl), SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL, \ + (value)) +# define SSL_get_quic_stream_uni_local_avail(ssl, value) \ + SSL_get_generic_value_uint((ssl), SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL, \ + (value)) +# define SSL_get_quic_stream_uni_remote_avail(ssl, value) \ + SSL_get_generic_value_uint((ssl), SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL, \ + (value)) + +# define SSL_get_event_handling_mode(ssl, value) \ + SSL_get_generic_value_uint((ssl), SSL_VALUE_EVENT_HANDLING_MODE, \ + (value)) +# define SSL_set_event_handling_mode(ssl, value) \ + SSL_set_generic_value_uint((ssl), SSL_VALUE_EVENT_HANDLING_MODE, \ + (value)) + +# define SSL_get_stream_write_buf_size(ssl, value) \ + SSL_get_generic_value_uint((ssl), SSL_VALUE_STREAM_WRITE_BUF_SIZE, \ + (value)) +# define SSL_get_stream_write_buf_used(ssl, value) \ + SSL_get_generic_value_uint((ssl), SSL_VALUE_STREAM_WRITE_BUF_USED, \ + (value)) +# define SSL_get_stream_write_buf_avail(ssl, value) \ + SSL_get_generic_value_uint((ssl), SSL_VALUE_STREAM_WRITE_BUF_AVAIL, \ + (value)) + +# define SSL_POLL_EVENT_NONE 0 + +# define SSL_POLL_EVENT_F (1U << 0) /* F (Failure) */ +# define SSL_POLL_EVENT_EL (1U << 1) /* EL (Exception on Listener) */ +# define SSL_POLL_EVENT_EC (1U << 2) /* EC (Exception on Conn) */ +# define SSL_POLL_EVENT_ECD (1U << 3) /* ECD (Exception on Conn Drained) */ +# define SSL_POLL_EVENT_ER (1U << 4) /* ER (Exception on Read) */ +# define SSL_POLL_EVENT_EW (1U << 5) /* EW (Exception on Write) */ +# define SSL_POLL_EVENT_R (1U << 6) /* R (Readable) */ +# define SSL_POLL_EVENT_W (1U << 7) /* W (Writable) */ +# define SSL_POLL_EVENT_IC (1U << 8) /* IC (Incoming Connection) */ +# define SSL_POLL_EVENT_ISB (1U << 9) /* ISB (Incoming Stream: Bidi) */ +# define SSL_POLL_EVENT_ISU (1U << 10) /* ISU (Incoming Stream: Uni) */ +# define SSL_POLL_EVENT_OSB (1U << 11) /* OSB (Outgoing Stream: Bidi) */ +# define SSL_POLL_EVENT_OSU (1U << 12) /* OSU (Outgoing Stream: Uni) */ + +# define SSL_POLL_EVENT_RW (SSL_POLL_EVENT_R | SSL_POLL_EVENT_W) +# define SSL_POLL_EVENT_RE (SSL_POLL_EVENT_R | SSL_POLL_EVENT_ER) +# define SSL_POLL_EVENT_WE (SSL_POLL_EVENT_W | SSL_POLL_EVENT_EW) +# define SSL_POLL_EVENT_RWE (SSL_POLL_EVENT_RE | SSL_POLL_EVENT_WE) +# define SSL_POLL_EVENT_E (SSL_POLL_EVENT_EL | SSL_POLL_EVENT_EC \ + | SSL_POLL_EVENT_ER | SSL_POLL_EVENT_EW) +# define SSL_POLL_EVENT_IS (SSL_POLL_EVENT_ISB | SSL_POLL_EVENT_ISU) +# define SSL_POLL_EVENT_ISE (SSL_POLL_EVENT_IS | SSL_POLL_EVENT_EC) +# define SSL_POLL_EVENT_I (SSL_POLL_EVENT_IS | SSL_POLL_EVENT_IC) +# define SSL_POLL_EVENT_OS (SSL_POLL_EVENT_OSB | SSL_POLL_EVENT_OSU) +# define SSL_POLL_EVENT_OSE (SSL_POLL_EVENT_OS | SSL_POLL_EVENT_EC) + +typedef struct ssl_poll_item_st { + BIO_POLL_DESCRIPTOR desc; + uint64_t events, revents; +} SSL_POLL_ITEM; + +# define SSL_POLL_FLAG_NO_HANDLE_EVENTS (1U << 0) + +__owur int SSL_poll(SSL_POLL_ITEM *items, + size_t num_items, + size_t stride, + const struct timeval *timeout, + uint64_t flags, + size_t *result_count); + +static ossl_inline ossl_unused BIO_POLL_DESCRIPTOR +SSL_as_poll_descriptor(SSL *s) +{ + BIO_POLL_DESCRIPTOR d; + + d.type = BIO_POLL_DESCRIPTOR_TYPE_SSL; + d.value.ssl = s; + return d; +} + # ifndef OPENSSL_NO_DEPRECATED_1_1_0 # define SSL_cache_hit(s) SSL_session_reused(s) # endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/ssl2.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/ssl2.h new file mode 100644 index 000000000000..428ead0540e9 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/ssl2.h @@ -0,0 +1,30 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SSL2_H +# define OPENSSL_SSL2_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SSL2_H +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define SSL2_VERSION 0x0002 + +# define SSL2_MT_CLIENT_HELLO 1 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/ssl3.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/ssl3.h new file mode 100644 index 000000000000..4f076c6c9dfb --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/ssl3.h @@ -0,0 +1,357 @@ +/* + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SSL3_H +# define OPENSSL_SSL3_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SSL3_H +# endif + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Signalling cipher suite value from RFC 5746 + * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) + */ +# define SSL3_CK_SCSV 0x030000FF + +/* + * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 + * (TLS_FALLBACK_SCSV) + */ +# define SSL3_CK_FALLBACK_SCSV 0x03005600 + +# define SSL3_CK_RSA_NULL_MD5 0x03000001 +# define SSL3_CK_RSA_NULL_SHA 0x03000002 +# define SSL3_CK_RSA_RC4_40_MD5 0x03000003 +# define SSL3_CK_RSA_RC4_128_MD5 0x03000004 +# define SSL3_CK_RSA_RC4_128_SHA 0x03000005 +# define SSL3_CK_RSA_RC2_40_MD5 0x03000006 +# define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 +# define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 +# define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 +# define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A + +# define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B +# define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C +# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D +# define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E +# define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F +# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 + +# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA 0x03000011 +# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA SSL3_CK_DHE_DSS_DES_40_CBC_SHA +# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA 0x03000012 +# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA SSL3_CK_DHE_DSS_DES_64_CBC_SHA +# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA 0x03000013 +# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA SSL3_CK_DHE_DSS_DES_192_CBC3_SHA +# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA 0x03000014 +# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA SSL3_CK_DHE_RSA_DES_40_CBC_SHA +# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA 0x03000015 +# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA SSL3_CK_DHE_RSA_DES_64_CBC_SHA +# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA 0x03000016 +# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA SSL3_CK_DHE_RSA_DES_192_CBC3_SHA + +# define SSL3_CK_ADH_RC4_40_MD5 0x03000017 +# define SSL3_CK_ADH_RC4_128_MD5 0x03000018 +# define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 +# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A +# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B + +/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ +# define SSL3_RFC_RSA_NULL_MD5 "TLS_RSA_WITH_NULL_MD5" +# define SSL3_RFC_RSA_NULL_SHA "TLS_RSA_WITH_NULL_SHA" +# define SSL3_RFC_RSA_DES_192_CBC3_SHA "TLS_RSA_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_ADH_DES_192_CBC_SHA "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_RSA_IDEA_128_SHA "TLS_RSA_WITH_IDEA_CBC_SHA" +# define SSL3_RFC_RSA_RC4_128_MD5 "TLS_RSA_WITH_RC4_128_MD5" +# define SSL3_RFC_RSA_RC4_128_SHA "TLS_RSA_WITH_RC4_128_SHA" +# define SSL3_RFC_ADH_RC4_128_MD5 "TLS_DH_anon_WITH_RC4_128_MD5" + +# define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" +# define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" +# define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" +# define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" +# define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" +# define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" +# define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" +# define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" +# define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" +# define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" + +# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" +# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" +# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" +# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" +# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" +# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" + +# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA" +# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA" +# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA" +# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA" +# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA" +# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA" + +/* + * This next block of six "EDH" labels is for backward compatibility with + * older versions of OpenSSL. New code should use the six "DHE" labels above + * instead: + */ +# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" +# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" +# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" +# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" +# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" +# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" + +# define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" +# define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" +# define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" +# define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" +# define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" + +# define SSL3_SSL_SESSION_ID_LENGTH 32 +# define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 + +# define SSL3_MASTER_SECRET_SIZE 48 +# define SSL3_RANDOM_SIZE 32 +# define SSL3_SESSION_ID_SIZE 32 +# define SSL3_RT_HEADER_LENGTH 5 + +# define SSL3_HM_HEADER_LENGTH 4 + +# ifndef SSL3_ALIGN_PAYLOAD + /* + * Some will argue that this increases memory footprint, but it's not + * actually true. Point is that malloc has to return at least 64-bit aligned + * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case. + * Suggested pre-gaping simply moves these wasted bytes from the end of + * allocated region to its front, but makes data payload aligned, which + * improves performance:-) + */ +# define SSL3_ALIGN_PAYLOAD 8 +# else +# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 +# error "insane SSL3_ALIGN_PAYLOAD" +# undef SSL3_ALIGN_PAYLOAD +# endif +# endif + +/* + * This is the maximum MAC (digest) size used by the SSL library. Currently + * maximum of 20 is used by SHA1, but we reserve for future extension for + * 512-bit hashes. + */ + +# define SSL3_RT_MAX_MD_SIZE 64 + +/* + * Maximum block size used in all ciphersuites. Currently 16 for AES. + */ + +# define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 + +# define SSL3_RT_MAX_EXTRA (16384) + +/* Maximum plaintext length: defined by SSL/TLS standards */ +# define SSL3_RT_MAX_PLAIN_LENGTH 16384 +/* Maximum compression overhead: defined by SSL/TLS standards */ +# define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 + +/* + * The standards give a maximum encryption overhead of 1024 bytes. In + * practice the value is lower than this. The overhead is the maximum number + * of padding bytes (256) plus the mac size. + */ +# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD 256 + +/* + * OpenSSL currently only uses a padding length of at most one block so the + * send overhead is smaller. + */ + +# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ + (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) + +/* If compression isn't used don't include the compression overhead */ + +# ifdef OPENSSL_NO_COMP +# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH +# else +# define SSL3_RT_MAX_COMPRESSED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) +# endif +# define SSL3_RT_MAX_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD) +# define SSL3_RT_MAX_PACKET_SIZE \ + (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) + +# define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" +# define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" + +/* SSL3_VERSION is defined in prov_ssl.h */ +# define SSL3_VERSION_MAJOR 0x03 +# define SSL3_VERSION_MINOR 0x00 + +# define SSL3_RT_CHANGE_CIPHER_SPEC 20 +# define SSL3_RT_ALERT 21 +# define SSL3_RT_HANDSHAKE 22 +# define SSL3_RT_APPLICATION_DATA 23 + +/* Pseudo content types to indicate additional parameters */ +# define TLS1_RT_CRYPTO 0x1000 +# define TLS1_RT_CRYPTO_PREMASTER (TLS1_RT_CRYPTO | 0x1) +# define TLS1_RT_CRYPTO_CLIENT_RANDOM (TLS1_RT_CRYPTO | 0x2) +# define TLS1_RT_CRYPTO_SERVER_RANDOM (TLS1_RT_CRYPTO | 0x3) +# define TLS1_RT_CRYPTO_MASTER (TLS1_RT_CRYPTO | 0x4) + +# define TLS1_RT_CRYPTO_READ 0x0000 +# define TLS1_RT_CRYPTO_WRITE 0x0100 +# define TLS1_RT_CRYPTO_MAC (TLS1_RT_CRYPTO | 0x5) +# define TLS1_RT_CRYPTO_KEY (TLS1_RT_CRYPTO | 0x6) +# define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7) +# define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8) + +/* Pseudo content types for SSL/TLS header info */ +# define SSL3_RT_HEADER 0x100 +# define SSL3_RT_INNER_CONTENT_TYPE 0x101 + +/* Pseudo content types for QUIC */ +# define SSL3_RT_QUIC_DATAGRAM 0x200 +# define SSL3_RT_QUIC_PACKET 0x201 +# define SSL3_RT_QUIC_FRAME_FULL 0x202 +# define SSL3_RT_QUIC_FRAME_HEADER 0x203 +# define SSL3_RT_QUIC_FRAME_PADDING 0x204 + +# define SSL3_AL_WARNING 1 +# define SSL3_AL_FATAL 2 + +# define SSL3_AD_CLOSE_NOTIFY 0 +# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */ +# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */ +# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */ +# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */ +# define SSL3_AD_NO_CERTIFICATE 41 +# define SSL3_AD_BAD_CERTIFICATE 42 +# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 +# define SSL3_AD_CERTIFICATE_REVOKED 44 +# define SSL3_AD_CERTIFICATE_EXPIRED 45 +# define SSL3_AD_CERTIFICATE_UNKNOWN 46 +# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */ + +# define TLS1_HB_REQUEST 1 +# define TLS1_HB_RESPONSE 2 + + +# define SSL3_CT_RSA_SIGN 1 +# define SSL3_CT_DSS_SIGN 2 +# define SSL3_CT_RSA_FIXED_DH 3 +# define SSL3_CT_DSS_FIXED_DH 4 +# define SSL3_CT_RSA_EPHEMERAL_DH 5 +# define SSL3_CT_DSS_EPHEMERAL_DH 6 +# define SSL3_CT_FORTEZZA_DMS 20 +/* + * SSL3_CT_NUMBER is used to size arrays and it must be large enough to + * contain all of the cert types defined for *either* SSLv3 and TLSv1. + */ +# define SSL3_CT_NUMBER 12 + +# if defined(TLS_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif + +/* No longer used as of OpenSSL 1.1.1 */ +# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 + +/* Removed from OpenSSL 1.1.0 */ +# define TLS1_FLAGS_TLS_PADDING_BUG 0x0 + +# define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 + +/* Set if we encrypt then mac instead of usual mac then encrypt */ +# define TLS1_FLAGS_ENCRYPT_THEN_MAC_READ 0x0100 +# define TLS1_FLAGS_ENCRYPT_THEN_MAC TLS1_FLAGS_ENCRYPT_THEN_MAC_READ + +/* Set if extended master secret extension received from peer */ +# define TLS1_FLAGS_RECEIVED_EXTMS 0x0200 + +# define TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE 0x0400 + +# define TLS1_FLAGS_STATELESS 0x0800 + +/* Set if extended master secret extension required on renegotiation */ +# define TLS1_FLAGS_REQUIRED_EXTMS 0x1000 + +/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */ + +# define SSL3_MT_HELLO_REQUEST 0 +# define SSL3_MT_CLIENT_HELLO 1 +# define SSL3_MT_SERVER_HELLO 2 +# define SSL3_MT_NEWSESSION_TICKET 4 +# define SSL3_MT_END_OF_EARLY_DATA 5 +# define SSL3_MT_ENCRYPTED_EXTENSIONS 8 +# define SSL3_MT_CERTIFICATE 11 +# define SSL3_MT_SERVER_KEY_EXCHANGE 12 +# define SSL3_MT_CERTIFICATE_REQUEST 13 +# define SSL3_MT_SERVER_DONE 14 +# define SSL3_MT_CERTIFICATE_VERIFY 15 +# define SSL3_MT_CLIENT_KEY_EXCHANGE 16 +# define SSL3_MT_FINISHED 20 +# define SSL3_MT_CERTIFICATE_URL 21 +# define SSL3_MT_CERTIFICATE_STATUS 22 +# define SSL3_MT_SUPPLEMENTAL_DATA 23 +# define SSL3_MT_KEY_UPDATE 24 +# define SSL3_MT_COMPRESSED_CERTIFICATE 25 +# ifndef OPENSSL_NO_NEXTPROTONEG +# define SSL3_MT_NEXT_PROTO 67 +# endif +# define SSL3_MT_MESSAGE_HASH 254 +# define DTLS1_MT_HELLO_VERIFY_REQUEST 3 + +/* Dummy message type for handling CCS like a normal handshake message */ +# define SSL3_MT_CHANGE_CIPHER_SPEC 0x0101 + +# define SSL3_MT_CCS 1 + +/* These are used when changing over to a new cipher */ +# define SSL3_CC_READ 0x001 +# define SSL3_CC_WRITE 0x002 +# define SSL3_CC_CLIENT 0x010 +# define SSL3_CC_SERVER 0x020 +# define SSL3_CC_EARLY 0x040 +# define SSL3_CC_HANDSHAKE 0x080 +# define SSL3_CC_APPLICATION 0x100 +# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) +# define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) +# define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) +# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) + +#ifdef __cplusplus +} +#endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/sslerr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/sslerr.h new file mode 100644 index 000000000000..ec35df64e5b2 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/sslerr.h @@ -0,0 +1,377 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SSLERR_H +# define OPENSSL_SSLERR_H +# pragma once + +# include +# include +# include + + + +/* + * SSL reason codes. + */ +# define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY 291 +# define SSL_R_APP_DATA_IN_HANDSHAKE 100 +# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 +# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158 +# define SSL_R_BAD_CERTIFICATE 348 +# define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 +# define SSL_R_BAD_CIPHER 186 +# define SSL_R_BAD_COMPRESSION_ALGORITHM 326 +# define SSL_R_BAD_DATA 390 +# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 +# define SSL_R_BAD_DECOMPRESSION 107 +# define SSL_R_BAD_DH_VALUE 102 +# define SSL_R_BAD_DIGEST_LENGTH 111 +# define SSL_R_BAD_EARLY_DATA 233 +# define SSL_R_BAD_ECC_CERT 304 +# define SSL_R_BAD_ECPOINT 306 +# define SSL_R_BAD_EXTENSION 110 +# define SSL_R_BAD_HANDSHAKE_LENGTH 332 +# define SSL_R_BAD_HANDSHAKE_STATE 236 +# define SSL_R_BAD_HELLO_REQUEST 105 +# define SSL_R_BAD_HRR_VERSION 263 +# define SSL_R_BAD_KEY_SHARE 108 +# define SSL_R_BAD_KEY_UPDATE 122 +# define SSL_R_BAD_LEGACY_VERSION 292 +# define SSL_R_BAD_LENGTH 271 +# define SSL_R_BAD_PACKET 240 +# define SSL_R_BAD_PACKET_LENGTH 115 +# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 +# define SSL_R_BAD_PSK 219 +# define SSL_R_BAD_PSK_IDENTITY 114 +# define SSL_R_BAD_RECORD_TYPE 443 +# define SSL_R_BAD_RSA_ENCRYPT 119 +# define SSL_R_BAD_SIGNATURE 123 +# define SSL_R_BAD_SRP_A_LENGTH 347 +# define SSL_R_BAD_SRP_PARAMETERS 371 +# define SSL_R_BAD_SRTP_MKI_VALUE 352 +# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 +# define SSL_R_BAD_SSL_FILETYPE 124 +# define SSL_R_BAD_VALUE 384 +# define SSL_R_BAD_WRITE_RETRY 127 +# define SSL_R_BINDER_DOES_NOT_VERIFY 253 +# define SSL_R_BIO_NOT_SET 128 +# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 +# define SSL_R_BN_LIB 130 +# define SSL_R_CALLBACK_FAILED 234 +# define SSL_R_CANNOT_CHANGE_CIPHER 109 +# define SSL_R_CANNOT_GET_GROUP_NAME 299 +# define SSL_R_CA_DN_LENGTH_MISMATCH 131 +# define SSL_R_CA_KEY_TOO_SMALL 397 +# define SSL_R_CA_MD_TOO_WEAK 398 +# define SSL_R_CCS_RECEIVED_EARLY 133 +# define SSL_R_CERTIFICATE_VERIFY_FAILED 134 +# define SSL_R_CERT_CB_ERROR 377 +# define SSL_R_CERT_LENGTH_MISMATCH 135 +# define SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED 218 +# define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 +# define SSL_R_CLIENTHELLO_TLSEXT 226 +# define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 +# define SSL_R_COMPRESSION_DISABLED 343 +# define SSL_R_COMPRESSION_FAILURE 141 +# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 +# define SSL_R_COMPRESSION_LIBRARY_ERROR 142 +# define SSL_R_CONNECTION_TYPE_NOT_SET 144 +# define SSL_R_CONN_USE_ONLY 356 +# define SSL_R_CONTEXT_NOT_DANE_ENABLED 167 +# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400 +# define SSL_R_COOKIE_MISMATCH 308 +# define SSL_R_COPY_PARAMETERS_FAILED 296 +# define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED 206 +# define SSL_R_DANE_ALREADY_ENABLED 172 +# define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL 173 +# define SSL_R_DANE_NOT_ENABLED 175 +# define SSL_R_DANE_TLSA_BAD_CERTIFICATE 180 +# define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE 184 +# define SSL_R_DANE_TLSA_BAD_DATA_LENGTH 189 +# define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH 192 +# define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE 200 +# define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY 201 +# define SSL_R_DANE_TLSA_BAD_SELECTOR 202 +# define SSL_R_DANE_TLSA_NULL_DATA 203 +# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 +# define SSL_R_DATA_LENGTH_TOO_LONG 146 +# define SSL_R_DECRYPTION_FAILED 147 +# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +# define SSL_R_DH_KEY_TOO_SMALL 394 +# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 +# define SSL_R_DIGEST_CHECK_FAILED 149 +# define SSL_R_DTLS_MESSAGE_TOO_BIG 334 +# define SSL_R_DUPLICATE_COMPRESSION_ID 309 +# define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 +# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 +# define SSL_R_EE_KEY_TOO_SMALL 399 +# define SSL_R_EMPTY_RAW_PUBLIC_KEY 349 +# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 +# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 +# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 +# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204 +# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE 194 +# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 +# define SSL_R_EXTENSION_NOT_RECEIVED 279 +# define SSL_R_EXTRA_DATA_IN_MESSAGE 153 +# define SSL_R_EXT_LENGTH_MISMATCH 163 +# define SSL_R_FAILED_TO_GET_PARAMETER 316 +# define SSL_R_FAILED_TO_INIT_ASYNC 405 +# define SSL_R_FEATURE_NEGOTIATION_NOT_COMPLETE 417 +# define SSL_R_FEATURE_NOT_RENEGOTIABLE 413 +# define SSL_R_FRAGMENTED_CLIENT_HELLO 401 +# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 +# define SSL_R_HTTPS_PROXY_REQUEST 155 +# define SSL_R_HTTP_REQUEST 156 +# define SSL_R_ILLEGAL_POINT_COMPRESSION 162 +# define SSL_R_ILLEGAL_SUITEB_DIGEST 380 +# define SSL_R_INAPPROPRIATE_FALLBACK 373 +# define SSL_R_INCONSISTENT_COMPRESSION 340 +# define SSL_R_INCONSISTENT_EARLY_DATA_ALPN 222 +# define SSL_R_INCONSISTENT_EARLY_DATA_SNI 231 +# define SSL_R_INCONSISTENT_EXTMS 104 +# define SSL_R_INSUFFICIENT_SECURITY 241 +# define SSL_R_INVALID_ALERT 205 +# define SSL_R_INVALID_CCS_MESSAGE 260 +# define SSL_R_INVALID_CERTIFICATE_OR_ALG 238 +# define SSL_R_INVALID_COMMAND 280 +# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 +# define SSL_R_INVALID_CONFIG 283 +# define SSL_R_INVALID_CONFIGURATION_NAME 113 +# define SSL_R_INVALID_CONTEXT 282 +# define SSL_R_INVALID_CT_VALIDATION_TYPE 212 +# define SSL_R_INVALID_KEY_UPDATE_TYPE 120 +# define SSL_R_INVALID_MAX_EARLY_DATA 174 +# define SSL_R_INVALID_NULL_CMD_NAME 385 +# define SSL_R_INVALID_RAW_PUBLIC_KEY 350 +# define SSL_R_INVALID_RECORD 317 +# define SSL_R_INVALID_SEQUENCE_NUMBER 402 +# define SSL_R_INVALID_SERVERINFO_DATA 388 +# define SSL_R_INVALID_SESSION_ID 999 +# define SSL_R_INVALID_SRP_USERNAME 357 +# define SSL_R_INVALID_STATUS_RESPONSE 328 +# define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 +# define SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED 333 +# define SSL_R_LENGTH_MISMATCH 159 +# define SSL_R_LENGTH_TOO_LONG 404 +# define SSL_R_LENGTH_TOO_SHORT 160 +# define SSL_R_LIBRARY_BUG 274 +# define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED 395 +# define SSL_R_MISSING_DSA_SIGNING_CERT 165 +# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 +# define SSL_R_MISSING_FATAL 256 +# define SSL_R_MISSING_PARAMETERS 290 +# define SSL_R_MISSING_PSK_KEX_MODES_EXTENSION 310 +# define SSL_R_MISSING_RSA_CERTIFICATE 168 +# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 +# define SSL_R_MISSING_RSA_SIGNING_CERT 170 +# define SSL_R_MISSING_SIGALGS_EXTENSION 112 +# define SSL_R_MISSING_SIGNING_CERT 221 +# define SSL_R_MISSING_SRP_PARAM 358 +# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION 209 +# define SSL_R_MISSING_TMP_DH_KEY 171 +# define SSL_R_MISSING_TMP_ECDH_KEY 311 +# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293 +# define SSL_R_NOT_ON_RECORD_BOUNDARY 182 +# define SSL_R_NOT_REPLACING_CERTIFICATE 289 +# define SSL_R_NOT_SERVER 284 +# define SSL_R_NO_APPLICATION_PROTOCOL 235 +# define SSL_R_NO_CERTIFICATES_RETURNED 176 +# define SSL_R_NO_CERTIFICATE_ASSIGNED 177 +# define SSL_R_NO_CERTIFICATE_SET 179 +# define SSL_R_NO_CHANGE_FOLLOWING_HRR 214 +# define SSL_R_NO_CIPHERS_AVAILABLE 181 +# define SSL_R_NO_CIPHERS_SPECIFIED 183 +# define SSL_R_NO_CIPHER_MATCH 185 +# define SSL_R_NO_CLIENT_CERT_METHOD 331 +# define SSL_R_NO_COMPRESSION_SPECIFIED 187 +# define SSL_R_NO_COOKIE_CALLBACK_SET 287 +# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 +# define SSL_R_NO_METHOD_SPECIFIED 188 +# define SSL_R_NO_PEM_EXTENSIONS 389 +# define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 +# define SSL_R_NO_PROTOCOLS_AVAILABLE 191 +# define SSL_R_NO_RENEGOTIATION 339 +# define SSL_R_NO_REQUIRED_DIGEST 324 +# define SSL_R_NO_SHARED_CIPHER 193 +# define SSL_R_NO_SHARED_GROUPS 410 +# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376 +# define SSL_R_NO_SRTP_PROFILES 359 +# define SSL_R_NO_STREAM 355 +# define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM 297 +# define SSL_R_NO_SUITABLE_GROUPS 295 +# define SSL_R_NO_SUITABLE_KEY_SHARE 101 +# define SSL_R_NO_SUITABLE_RECORD_LAYER 322 +# define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM 118 +# define SSL_R_NO_VALID_SCTS 216 +# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 +# define SSL_R_NULL_SSL_CTX 195 +# define SSL_R_NULL_SSL_METHOD_PASSED 196 +# define SSL_R_OCSP_CALLBACK_FAILURE 305 +# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 +# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 +# define SSL_R_OVERFLOW_ERROR 237 +# define SSL_R_PACKET_LENGTH_TOO_LONG 198 +# define SSL_R_PARSE_TLSEXT 227 +# define SSL_R_PATH_TOO_LONG 270 +# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 +# define SSL_R_PEM_NAME_BAD_PREFIX 391 +# define SSL_R_PEM_NAME_TOO_SHORT 392 +# define SSL_R_PIPELINE_FAILURE 406 +# define SSL_R_POLL_REQUEST_NOT_SUPPORTED 418 +# define SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR 278 +# define SSL_R_PRIVATE_KEY_MISMATCH 288 +# define SSL_R_PROTOCOL_IS_SHUTDOWN 207 +# define SSL_R_PSK_IDENTITY_NOT_FOUND 223 +# define SSL_R_PSK_NO_CLIENT_CB 224 +# define SSL_R_PSK_NO_SERVER_CB 225 +# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR 393 +# define SSL_R_QUIC_NETWORK_ERROR 387 +# define SSL_R_QUIC_PROTOCOL_ERROR 382 +# define SSL_R_READ_BIO_NOT_SET 211 +# define SSL_R_READ_TIMEOUT_EXPIRED 312 +# define SSL_R_RECORDS_NOT_RELEASED 321 +# define SSL_R_RECORD_LAYER_FAILURE 313 +# define SSL_R_RECORD_LENGTH_MISMATCH 213 +# define SSL_R_RECORD_TOO_SMALL 298 +# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET 346 +# define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 +# define SSL_R_RENEGOTIATION_ENCODING_ERR 336 +# define SSL_R_RENEGOTIATION_MISMATCH 337 +# define SSL_R_REQUEST_PENDING 285 +# define SSL_R_REQUEST_SENT 286 +# define SSL_R_REQUIRED_CIPHER_MISSING 215 +# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING 342 +# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 +# define SSL_R_SCT_VERIFICATION_FAILED 208 +# define SSL_R_SEQUENCE_CTR_WRAPPED 327 +# define SSL_R_SERVERHELLO_TLSEXT 275 +# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 +# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 +# define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 +# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 +# define SSL_R_SRP_A_CALC 361 +# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 +# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 +# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 +# define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH 232 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 +# define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 +# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 +# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 +# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 +# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 +# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 +# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 +# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 +# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +# define SSL_R_SSL_COMMAND_SECTION_EMPTY 117 +# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125 +# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 +# define SSL_R_SSL_HANDSHAKE_FAILURE 229 +# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 +# define SSL_R_SSL_NEGATIVE_LENGTH 372 +# define SSL_R_SSL_SECTION_EMPTY 126 +# define SSL_R_SSL_SECTION_NOT_FOUND 136 +# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 +# define SSL_R_SSL_SESSION_ID_CONFLICT 302 +# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 +# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 +# define SSL_R_SSL_SESSION_ID_TOO_LONG 408 +# define SSL_R_SSL_SESSION_VERSION_MISMATCH 210 +# define SSL_R_STILL_IN_INIT 121 +# define SSL_R_STREAM_COUNT_LIMITED 411 +# define SSL_R_STREAM_FINISHED 365 +# define SSL_R_STREAM_RECV_ONLY 366 +# define SSL_R_STREAM_RESET 375 +# define SSL_R_STREAM_SEND_ONLY 379 +# define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 +# define SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 +# define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 +# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 +# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 +# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 +# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 +# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 +# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +# define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120 +# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 +# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 +# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 +# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 +# define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115 +# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 +# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 +# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 +# define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 +# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 +# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 +# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 +# define SSL_R_TOO_MANY_KEY_UPDATES 132 +# define SSL_R_TOO_MANY_WARN_ALERTS 409 +# define SSL_R_TOO_MUCH_EARLY_DATA 164 +# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 +# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 +# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 +# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 +# define SSL_R_UNEXPECTED_CCS_MESSAGE 262 +# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 +# define SSL_R_UNEXPECTED_EOF_WHILE_READING 294 +# define SSL_R_UNEXPECTED_MESSAGE 244 +# define SSL_R_UNEXPECTED_RECORD 245 +# define SSL_R_UNINITIALIZED 276 +# define SSL_R_UNKNOWN_ALERT_TYPE 246 +# define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 +# define SSL_R_UNKNOWN_CIPHER_RETURNED 248 +# define SSL_R_UNKNOWN_CIPHER_TYPE 249 +# define SSL_R_UNKNOWN_CMD_NAME 386 +# define SSL_R_UNKNOWN_COMMAND 139 +# define SSL_R_UNKNOWN_DIGEST 368 +# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 +# define SSL_R_UNKNOWN_MANDATORY_PARAMETER 323 +# define SSL_R_UNKNOWN_PKEY_TYPE 251 +# define SSL_R_UNKNOWN_PROTOCOL 252 +# define SSL_R_UNKNOWN_SSL_VERSION 254 +# define SSL_R_UNKNOWN_STATE 255 +# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 +# define SSL_R_UNSOLICITED_EXTENSION 217 +# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 +# define SSL_R_UNSUPPORTED_CONFIG_VALUE 414 +# define SSL_R_UNSUPPORTED_CONFIG_VALUE_CLASS 415 +# define SSL_R_UNSUPPORTED_CONFIG_VALUE_OP 416 +# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 +# define SSL_R_UNSUPPORTED_PROTOCOL 258 +# define SSL_R_UNSUPPORTED_SSL_VERSION 259 +# define SSL_R_UNSUPPORTED_STATUS_TYPE 329 +# define SSL_R_UNSUPPORTED_WRITE_FLAG 412 +# define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 +# define SSL_R_VERSION_TOO_HIGH 166 +# define SSL_R_VERSION_TOO_LOW 396 +# define SSL_R_WRONG_CERTIFICATE_TYPE 383 +# define SSL_R_WRONG_CIPHER_RETURNED 261 +# define SSL_R_WRONG_CURVE 378 +# define SSL_R_WRONG_RPK_TYPE 351 +# define SSL_R_WRONG_SIGNATURE_LENGTH 264 +# define SSL_R_WRONG_SIGNATURE_SIZE 265 +# define SSL_R_WRONG_SIGNATURE_TYPE 370 +# define SSL_R_WRONG_SSL_VERSION 266 +# define SSL_R_WRONG_VERSION_NUMBER 267 +# define SSL_R_X509_LIB 268 +# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/sslerr_legacy.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/sslerr_legacy.h new file mode 100644 index 000000000000..4c353671c7e8 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/sslerr_legacy.h @@ -0,0 +1,467 @@ +/* + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This header file preserves symbols from pre-3.0 OpenSSL. + * It should never be included directly, as it's already included + * by the public sslerr.h headers, and since it will go away some + * time in the future. + */ + +#ifndef OPENSSL_SSLERR_LEGACY_H +# define OPENSSL_SSLERR_LEGACY_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int ERR_load_SSL_strings(void); + +/* Collected _F_ macros from OpenSSL 1.1.1 */ + +/* + * SSL function codes. + */ +# define SSL_F_ADD_CLIENT_KEY_SHARE_EXT 0 +# define SSL_F_ADD_KEY_SHARE 0 +# define SSL_F_BYTES_TO_CIPHER_LIST 0 +# define SSL_F_CHECK_SUITEB_CIPHER_LIST 0 +# define SSL_F_CIPHERSUITE_CB 0 +# define SSL_F_CONSTRUCT_CA_NAMES 0 +# define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS 0 +# define SSL_F_CONSTRUCT_STATEFUL_TICKET 0 +# define SSL_F_CONSTRUCT_STATELESS_TICKET 0 +# define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH 0 +# define SSL_F_CREATE_TICKET_PREQUEL 0 +# define SSL_F_CT_MOVE_SCTS 0 +# define SSL_F_CT_STRICT 0 +# define SSL_F_CUSTOM_EXT_ADD 0 +# define SSL_F_CUSTOM_EXT_PARSE 0 +# define SSL_F_D2I_SSL_SESSION 0 +# define SSL_F_DANE_CTX_ENABLE 0 +# define SSL_F_DANE_MTYPE_SET 0 +# define SSL_F_DANE_TLSA_ADD 0 +# define SSL_F_DERIVE_SECRET_KEY_AND_IV 0 +# define SSL_F_DO_DTLS1_WRITE 0 +# define SSL_F_DO_SSL3_WRITE 0 +# define SSL_F_DTLS1_BUFFER_RECORD 0 +# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 0 +# define SSL_F_DTLS1_HEARTBEAT 0 +# define SSL_F_DTLS1_HM_FRAGMENT_NEW 0 +# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 0 +# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 0 +# define SSL_F_DTLS1_PROCESS_RECORD 0 +# define SSL_F_DTLS1_READ_BYTES 0 +# define SSL_F_DTLS1_READ_FAILED 0 +# define SSL_F_DTLS1_RETRANSMIT_MESSAGE 0 +# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 0 +# define SSL_F_DTLS1_WRITE_BYTES 0 +# define SSL_F_DTLSV1_LISTEN 0 +# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 0 +# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 0 +# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 0 +# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 0 +# define SSL_F_DTLS_RECORD_LAYER_NEW 0 +# define SSL_F_DTLS_WAIT_FOR_DRY 0 +# define SSL_F_EARLY_DATA_COUNT_OK 0 +# define SSL_F_FINAL_EARLY_DATA 0 +# define SSL_F_FINAL_EC_PT_FORMATS 0 +# define SSL_F_FINAL_EMS 0 +# define SSL_F_FINAL_KEY_SHARE 0 +# define SSL_F_FINAL_MAXFRAGMENTLEN 0 +# define SSL_F_FINAL_RENEGOTIATE 0 +# define SSL_F_FINAL_SERVER_NAME 0 +# define SSL_F_FINAL_SIG_ALGS 0 +# define SSL_F_GET_CERT_VERIFY_TBS_DATA 0 +# define SSL_F_NSS_KEYLOG_INT 0 +# define SSL_F_OPENSSL_INIT_SSL 0 +# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION 0 +# define SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION 0 +# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE 0 +# define SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE 0 +# define SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE 0 +# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 0 +# define SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION 0 +# define SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION 0 +# define SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION 0 +# define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE 0 +# define SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE 0 +# define SSL_F_OSSL_STATEM_SERVER_POST_WORK 0 +# define SSL_F_OSSL_STATEM_SERVER_PRE_WORK 0 +# define SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE 0 +# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 0 +# define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION 0 +# define SSL_F_PARSE_CA_NAMES 0 +# define SSL_F_PITEM_NEW 0 +# define SSL_F_PQUEUE_NEW 0 +# define SSL_F_PROCESS_KEY_SHARE_EXT 0 +# define SSL_F_READ_STATE_MACHINE 0 +# define SSL_F_SET_CLIENT_CIPHERSUITE 0 +# define SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET 0 +# define SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET 0 +# define SSL_F_SRP_VERIFY_SERVER_PARAM 0 +# define SSL_F_SSL3_CHANGE_CIPHER_STATE 0 +# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 0 +# define SSL_F_SSL3_CTRL 0 +# define SSL_F_SSL3_CTX_CTRL 0 +# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 0 +# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 0 +# define SSL_F_SSL3_ENC 0 +# define SSL_F_SSL3_FINAL_FINISH_MAC 0 +# define SSL_F_SSL3_FINISH_MAC 0 +# define SSL_F_SSL3_GENERATE_KEY_BLOCK 0 +# define SSL_F_SSL3_GENERATE_MASTER_SECRET 0 +# define SSL_F_SSL3_GET_RECORD 0 +# define SSL_F_SSL3_INIT_FINISHED_MAC 0 +# define SSL_F_SSL3_OUTPUT_CERT_CHAIN 0 +# define SSL_F_SSL3_READ_BYTES 0 +# define SSL_F_SSL3_READ_N 0 +# define SSL_F_SSL3_SETUP_KEY_BLOCK 0 +# define SSL_F_SSL3_SETUP_READ_BUFFER 0 +# define SSL_F_SSL3_SETUP_WRITE_BUFFER 0 +# define SSL_F_SSL3_WRITE_BYTES 0 +# define SSL_F_SSL3_WRITE_PENDING 0 +# define SSL_F_SSL_ADD_CERT_CHAIN 0 +# define SSL_F_SSL_ADD_CERT_TO_BUF 0 +# define SSL_F_SSL_ADD_CERT_TO_WPACKET 0 +# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 0 +# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 0 +# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 0 +# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 0 +# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 0 +# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 0 +# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 0 +# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 0 +# define SSL_F_SSL_BUILD_CERT_CHAIN 0 +# define SSL_F_SSL_BYTES_TO_CIPHER_LIST 0 +# define SSL_F_SSL_CACHE_CIPHERLIST 0 +# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 0 +# define SSL_F_SSL_CERT_DUP 0 +# define SSL_F_SSL_CERT_NEW 0 +# define SSL_F_SSL_CERT_SET0_CHAIN 0 +# define SSL_F_SSL_CHECK_PRIVATE_KEY 0 +# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 0 +# define SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO 0 +# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 0 +# define SSL_F_SSL_CHOOSE_CLIENT_VERSION 0 +# define SSL_F_SSL_CIPHER_DESCRIPTION 0 +# define SSL_F_SSL_CIPHER_LIST_TO_BYTES 0 +# define SSL_F_SSL_CIPHER_PROCESS_RULESTR 0 +# define SSL_F_SSL_CIPHER_STRENGTH_SORT 0 +# define SSL_F_SSL_CLEAR 0 +# define SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT 0 +# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 0 +# define SSL_F_SSL_CONF_CMD 0 +# define SSL_F_SSL_CREATE_CIPHER_LIST 0 +# define SSL_F_SSL_CTRL 0 +# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 0 +# define SSL_F_SSL_CTX_ENABLE_CT 0 +# define SSL_F_SSL_CTX_MAKE_PROFILES 0 +# define SSL_F_SSL_CTX_NEW 0 +# define SSL_F_SSL_CTX_SET_ALPN_PROTOS 0 +# define SSL_F_SSL_CTX_SET_CIPHER_LIST 0 +# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 0 +# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK 0 +# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 0 +# define SSL_F_SSL_CTX_SET_SSL_VERSION 0 +# define SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH 0 +# define SSL_F_SSL_CTX_USE_CERTIFICATE 0 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 0 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 0 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY 0 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 0 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 0 +# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 0 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 0 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 0 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 0 +# define SSL_F_SSL_CTX_USE_SERVERINFO 0 +# define SSL_F_SSL_CTX_USE_SERVERINFO_EX 0 +# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 0 +# define SSL_F_SSL_DANE_DUP 0 +# define SSL_F_SSL_DANE_ENABLE 0 +# define SSL_F_SSL_DERIVE 0 +# define SSL_F_SSL_DO_CONFIG 0 +# define SSL_F_SSL_DO_HANDSHAKE 0 +# define SSL_F_SSL_DUP_CA_LIST 0 +# define SSL_F_SSL_ENABLE_CT 0 +# define SSL_F_SSL_GENERATE_PKEY_GROUP 0 +# define SSL_F_SSL_GENERATE_SESSION_ID 0 +# define SSL_F_SSL_GET_NEW_SESSION 0 +# define SSL_F_SSL_GET_PREV_SESSION 0 +# define SSL_F_SSL_GET_SERVER_CERT_INDEX 0 +# define SSL_F_SSL_GET_SIGN_PKEY 0 +# define SSL_F_SSL_HANDSHAKE_HASH 0 +# define SSL_F_SSL_INIT_WBIO_BUFFER 0 +# define SSL_F_SSL_KEY_UPDATE 0 +# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 0 +# define SSL_F_SSL_LOG_MASTER_SECRET 0 +# define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE 0 +# define SSL_F_SSL_MODULE_INIT 0 +# define SSL_F_SSL_NEW 0 +# define SSL_F_SSL_NEXT_PROTO_VALIDATE 0 +# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 0 +# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 0 +# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 0 +# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 0 +# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 0 +# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 0 +# define SSL_F_SSL_PEEK 0 +# define SSL_F_SSL_PEEK_EX 0 +# define SSL_F_SSL_PEEK_INTERNAL 0 +# define SSL_F_SSL_READ 0 +# define SSL_F_SSL_READ_EARLY_DATA 0 +# define SSL_F_SSL_READ_EX 0 +# define SSL_F_SSL_READ_INTERNAL 0 +# define SSL_F_SSL_RENEGOTIATE 0 +# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED 0 +# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 0 +# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 0 +# define SSL_F_SSL_SESSION_DUP 0 +# define SSL_F_SSL_SESSION_NEW 0 +# define SSL_F_SSL_SESSION_PRINT_FP 0 +# define SSL_F_SSL_SESSION_SET1_ID 0 +# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 0 +# define SSL_F_SSL_SET_ALPN_PROTOS 0 +# define SSL_F_SSL_SET_CERT 0 +# define SSL_F_SSL_SET_CERT_AND_KEY 0 +# define SSL_F_SSL_SET_CIPHER_LIST 0 +# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 0 +# define SSL_F_SSL_SET_FD 0 +# define SSL_F_SSL_SET_PKEY 0 +# define SSL_F_SSL_SET_RFD 0 +# define SSL_F_SSL_SET_SESSION 0 +# define SSL_F_SSL_SET_SESSION_ID_CONTEXT 0 +# define SSL_F_SSL_SET_SESSION_TICKET_EXT 0 +# define SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH 0 +# define SSL_F_SSL_SET_WFD 0 +# define SSL_F_SSL_SHUTDOWN 0 +# define SSL_F_SSL_SRP_CTX_INIT 0 +# define SSL_F_SSL_START_ASYNC_JOB 0 +# define SSL_F_SSL_UNDEFINED_FUNCTION 0 +# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 0 +# define SSL_F_SSL_USE_CERTIFICATE 0 +# define SSL_F_SSL_USE_CERTIFICATE_ASN1 0 +# define SSL_F_SSL_USE_CERTIFICATE_FILE 0 +# define SSL_F_SSL_USE_PRIVATEKEY 0 +# define SSL_F_SSL_USE_PRIVATEKEY_ASN1 0 +# define SSL_F_SSL_USE_PRIVATEKEY_FILE 0 +# define SSL_F_SSL_USE_PSK_IDENTITY_HINT 0 +# define SSL_F_SSL_USE_RSAPRIVATEKEY 0 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 0 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 0 +# define SSL_F_SSL_VALIDATE_CT 0 +# define SSL_F_SSL_VERIFY_CERT_CHAIN 0 +# define SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE 0 +# define SSL_F_SSL_WRITE 0 +# define SSL_F_SSL_WRITE_EARLY_DATA 0 +# define SSL_F_SSL_WRITE_EARLY_FINISH 0 +# define SSL_F_SSL_WRITE_EX 0 +# define SSL_F_SSL_WRITE_INTERNAL 0 +# define SSL_F_STATE_MACHINE 0 +# define SSL_F_TLS12_CHECK_PEER_SIGALG 0 +# define SSL_F_TLS12_COPY_SIGALGS 0 +# define SSL_F_TLS13_CHANGE_CIPHER_STATE 0 +# define SSL_F_TLS13_ENC 0 +# define SSL_F_TLS13_FINAL_FINISH_MAC 0 +# define SSL_F_TLS13_GENERATE_SECRET 0 +# define SSL_F_TLS13_HKDF_EXPAND 0 +# define SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA 0 +# define SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA 0 +# define SSL_F_TLS13_SETUP_KEY_BLOCK 0 +# define SSL_F_TLS1_CHANGE_CIPHER_STATE 0 +# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 0 +# define SSL_F_TLS1_ENC 0 +# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 0 +# define SSL_F_TLS1_GET_CURVELIST 0 +# define SSL_F_TLS1_PRF 0 +# define SSL_F_TLS1_SAVE_U16 0 +# define SSL_F_TLS1_SETUP_KEY_BLOCK 0 +# define SSL_F_TLS1_SET_GROUPS 0 +# define SSL_F_TLS1_SET_RAW_SIGALGS 0 +# define SSL_F_TLS1_SET_SERVER_SIGALGS 0 +# define SSL_F_TLS1_SET_SHARED_SIGALGS 0 +# define SSL_F_TLS1_SET_SIGALGS 0 +# define SSL_F_TLS_CHOOSE_SIGALG 0 +# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 0 +# define SSL_F_TLS_COLLECT_EXTENSIONS 0 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES 0 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 0 +# define SSL_F_TLS_CONSTRUCT_CERT_STATUS 0 +# define SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY 0 +# define SSL_F_TLS_CONSTRUCT_CERT_VERIFY 0 +# define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC 0 +# define SSL_F_TLS_CONSTRUCT_CKE_DHE 0 +# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 0 +# define SSL_F_TLS_CONSTRUCT_CKE_GOST 0 +# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 0 +# define SSL_F_TLS_CONSTRUCT_CKE_RSA 0 +# define SSL_F_TLS_CONSTRUCT_CKE_SRP 0 +# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 0 +# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 0 +# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 0 +# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_ALPN 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_COOKIE 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_EMS 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_ETM 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_HELLO 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_NPN 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_PSK 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SCT 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SRP 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_VERIFY 0 +# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS 0 +# define SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA 0 +# define SSL_F_TLS_CONSTRUCT_EXTENSIONS 0 +# define SSL_F_TLS_CONSTRUCT_FINISHED 0 +# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 0 +# define SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST 0 +# define SSL_F_TLS_CONSTRUCT_KEY_UPDATE 0 +# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 0 +# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO 0 +# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 0 +# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 0 +# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_ALPN 0 +# define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_COOKIE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG 0 +# define SSL_F_TLS_CONSTRUCT_STOC_DONE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA 0 +# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO 0 +# define SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS 0 +# define SSL_F_TLS_CONSTRUCT_STOC_EMS 0 +# define SSL_F_TLS_CONSTRUCT_STOC_ETM 0 +# define SSL_F_TLS_CONSTRUCT_STOC_HELLO 0 +# define SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN 0 +# define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG 0 +# define SSL_F_TLS_CONSTRUCT_STOC_PSK 0 +# define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME 0 +# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET 0 +# define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST 0 +# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS 0 +# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS 0 +# define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP 0 +# define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO 0 +# define SSL_F_TLS_FINISH_HANDSHAKE 0 +# define SSL_F_TLS_GET_MESSAGE_BODY 0 +# define SSL_F_TLS_GET_MESSAGE_HEADER 0 +# define SSL_F_TLS_HANDLE_ALPN 0 +# define SSL_F_TLS_HANDLE_STATUS_REQUEST 0 +# define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES 0 +# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT 0 +# define SSL_F_TLS_PARSE_CTOS_ALPN 0 +# define SSL_F_TLS_PARSE_CTOS_COOKIE 0 +# define SSL_F_TLS_PARSE_CTOS_EARLY_DATA 0 +# define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS 0 +# define SSL_F_TLS_PARSE_CTOS_EMS 0 +# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE 0 +# define SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN 0 +# define SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH 0 +# define SSL_F_TLS_PARSE_CTOS_PSK 0 +# define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES 0 +# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 0 +# define SSL_F_TLS_PARSE_CTOS_SERVER_NAME 0 +# define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET 0 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS 0 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT 0 +# define SSL_F_TLS_PARSE_CTOS_SRP 0 +# define SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST 0 +# define SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS 0 +# define SSL_F_TLS_PARSE_CTOS_USE_SRTP 0 +# define SSL_F_TLS_PARSE_STOC_ALPN 0 +# define SSL_F_TLS_PARSE_STOC_COOKIE 0 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA 0 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 0 +# define SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS 0 +# define SSL_F_TLS_PARSE_STOC_KEY_SHARE 0 +# define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN 0 +# define SSL_F_TLS_PARSE_STOC_NPN 0 +# define SSL_F_TLS_PARSE_STOC_PSK 0 +# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 0 +# define SSL_F_TLS_PARSE_STOC_SCT 0 +# define SSL_F_TLS_PARSE_STOC_SERVER_NAME 0 +# define SSL_F_TLS_PARSE_STOC_SESSION_TICKET 0 +# define SSL_F_TLS_PARSE_STOC_STATUS_REQUEST 0 +# define SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS 0 +# define SSL_F_TLS_PARSE_STOC_USE_SRTP 0 +# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 0 +# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 0 +# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 0 +# define SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST 0 +# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 0 +# define SSL_F_TLS_PROCESS_CERT_STATUS 0 +# define SSL_F_TLS_PROCESS_CERT_STATUS_BODY 0 +# define SSL_F_TLS_PROCESS_CERT_VERIFY 0 +# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 0 +# define SSL_F_TLS_PROCESS_CKE_DHE 0 +# define SSL_F_TLS_PROCESS_CKE_ECDHE 0 +# define SSL_F_TLS_PROCESS_CKE_GOST 0 +# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE 0 +# define SSL_F_TLS_PROCESS_CKE_RSA 0 +# define SSL_F_TLS_PROCESS_CKE_SRP 0 +# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 0 +# define SSL_F_TLS_PROCESS_CLIENT_HELLO 0 +# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 0 +# define SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS 0 +# define SSL_F_TLS_PROCESS_END_OF_EARLY_DATA 0 +# define SSL_F_TLS_PROCESS_FINISHED 0 +# define SSL_F_TLS_PROCESS_HELLO_REQ 0 +# define SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST 0 +# define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT 0 +# define SSL_F_TLS_PROCESS_KEY_EXCHANGE 0 +# define SSL_F_TLS_PROCESS_KEY_UPDATE 0 +# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET 0 +# define SSL_F_TLS_PROCESS_NEXT_PROTO 0 +# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 0 +# define SSL_F_TLS_PROCESS_SERVER_DONE 0 +# define SSL_F_TLS_PROCESS_SERVER_HELLO 0 +# define SSL_F_TLS_PROCESS_SKE_DHE 0 +# define SSL_F_TLS_PROCESS_SKE_ECDHE 0 +# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 0 +# define SSL_F_TLS_PROCESS_SKE_SRP 0 +# define SSL_F_TLS_PSK_DO_BINDER 0 +# define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT 0 +# define SSL_F_TLS_SETUP_HANDSHAKE 0 +# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 0 +# define SSL_F_WPACKET_INTERN_INIT_LEN 0 +# define SSL_F_WPACKET_START_SUB_PACKET_LEN__ 0 +# define SSL_F_WRITE_STATE_MACHINE 0 +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/stack.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/stack.h new file mode 100644 index 000000000000..f0c5c54765af --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/stack.h @@ -0,0 +1,90 @@ +/* + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_STACK_H +# define OPENSSL_STACK_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_STACK_H +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */ + +typedef int (*OPENSSL_sk_compfunc)(const void *, const void *); +typedef void (*OPENSSL_sk_freefunc)(void *); +typedef void *(*OPENSSL_sk_copyfunc)(const void *); + +int OPENSSL_sk_num(const OPENSSL_STACK *); +void *OPENSSL_sk_value(const OPENSSL_STACK *, int); + +void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data); + +OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc cmp); +OPENSSL_STACK *OPENSSL_sk_new_null(void); +OPENSSL_STACK *OPENSSL_sk_new_reserve(OPENSSL_sk_compfunc c, int n); +int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n); +void OPENSSL_sk_free(OPENSSL_STACK *); +void OPENSSL_sk_pop_free(OPENSSL_STACK *st, void (*func) (void *)); +OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *, + OPENSSL_sk_copyfunc c, + OPENSSL_sk_freefunc f); +int OPENSSL_sk_insert(OPENSSL_STACK *sk, const void *data, int where); +void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc); +void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p); +int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_find_all(OPENSSL_STACK *st, const void *data, int *pnum); +int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data); +void *OPENSSL_sk_shift(OPENSSL_STACK *st); +void *OPENSSL_sk_pop(OPENSSL_STACK *st); +void OPENSSL_sk_zero(OPENSSL_STACK *st); +OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, + OPENSSL_sk_compfunc cmp); +OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st); +void OPENSSL_sk_sort(OPENSSL_STACK *st); +int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define _STACK OPENSSL_STACK +# define sk_num OPENSSL_sk_num +# define sk_value OPENSSL_sk_value +# define sk_set OPENSSL_sk_set +# define sk_new OPENSSL_sk_new +# define sk_new_null OPENSSL_sk_new_null +# define sk_free OPENSSL_sk_free +# define sk_pop_free OPENSSL_sk_pop_free +# define sk_deep_copy OPENSSL_sk_deep_copy +# define sk_insert OPENSSL_sk_insert +# define sk_delete OPENSSL_sk_delete +# define sk_delete_ptr OPENSSL_sk_delete_ptr +# define sk_find OPENSSL_sk_find +# define sk_find_ex OPENSSL_sk_find_ex +# define sk_push OPENSSL_sk_push +# define sk_unshift OPENSSL_sk_unshift +# define sk_shift OPENSSL_sk_shift +# define sk_pop OPENSSL_sk_pop +# define sk_zero OPENSSL_sk_zero +# define sk_set_cmp_func OPENSSL_sk_set_cmp_func +# define sk_dup OPENSSL_sk_dup +# define sk_sort OPENSSL_sk_sort +# define sk_is_sorted OPENSSL_sk_is_sorted +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/store.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/store.h new file mode 100644 index 000000000000..e6ea3cf87886 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/store.h @@ -0,0 +1,377 @@ +/* + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_STORE_H +# define OPENSSL_STORE_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OSSL_STORE_H +# endif + +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * The main OSSL_STORE functions. + * ------------------------------ + * + * These allow applications to open a channel to a resource with supported + * data (keys, certs, crls, ...), read the data a piece at a time and decide + * what to do with it, and finally close. + */ + +typedef struct ossl_store_ctx_st OSSL_STORE_CTX; + +/* + * Typedef for the OSSL_STORE_INFO post processing callback. This can be used + * to massage the given OSSL_STORE_INFO, or to drop it entirely (by returning + * NULL). + */ +typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *, + void *); + +/* + * Open a channel given a URI. The given UI method will be used any time the + * loader needs extra input, for example when a password or pin is needed, and + * will be passed the same user data every time it's needed in this context. + * + * Returns a context reference which represents the channel to communicate + * through. + */ +OSSL_STORE_CTX * +OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, void *ui_data, + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data); +OSSL_STORE_CTX * +OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data, + const OSSL_PARAM params[], + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data); + +/* + * Control / fine tune the OSSL_STORE channel. |cmd| determines what is to be + * done, and depends on the underlying loader (use OSSL_STORE_get0_scheme to + * determine which loader is used), except for common commands (see below). + * Each command takes different arguments. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, + ... /* args */); +OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, + va_list args); +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 + +/* + * Common ctrl commands that different loaders may choose to support. + */ +/* int on = 0 or 1; STORE_ctrl(ctx, STORE_C_USE_SECMEM, &on); */ +# define OSSL_STORE_C_USE_SECMEM 1 +/* Where custom commands start */ +# define OSSL_STORE_C_CUSTOM_START 100 + +# endif + +/* + * Read one data item (a key, a cert, a CRL) that is supported by the OSSL_STORE + * functionality, given a context. + * Returns a OSSL_STORE_INFO pointer, from which OpenSSL typed data can be + * extracted with OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT(), ... + * NULL is returned on error, which may include that the data found at the URI + * can't be figured out for certain or is ambiguous. + */ +OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); + +/* + * Deletes the object in the store by URI. + * Returns 1 on success, 0 otherwise. + */ +int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data, + const OSSL_PARAM params[]); + +/* + * Check if end of data (end of file) is reached + * Returns 1 on end, 0 otherwise. + */ +int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); + +/* + * Check if an error occurred + * Returns 1 if it did, 0 otherwise. + */ +int OSSL_STORE_error(OSSL_STORE_CTX *ctx); + +/* + * Close the channel + * Returns 1 on success, 0 on error. + */ +int OSSL_STORE_close(OSSL_STORE_CTX *ctx); + +/* + * Attach to a BIO. This works like OSSL_STORE_open() except it takes a + * BIO instead of a uri, along with a scheme to use when reading. + * The given UI method will be used any time the loader needs extra input, + * for example when a password or pin is needed, and will be passed the + * same user data every time it's needed in this context. + * + * Returns a context reference which represents the channel to communicate + * through. + * + * Note that this function is considered unsafe, all depending on what the + * BIO actually reads. + */ +OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bio, const char *scheme, + OSSL_LIB_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data, + const OSSL_PARAM params[], + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data); + +/*- + * Extracting OpenSSL types from and creating new OSSL_STORE_INFOs + * --------------------------------------------------------------- + */ + +/* + * Types of data that can be ossl_stored in a OSSL_STORE_INFO. + * OSSL_STORE_INFO_NAME is typically found when getting a listing of + * available "files" / "tokens" / what have you. + */ +# define OSSL_STORE_INFO_NAME 1 /* char * */ +# define OSSL_STORE_INFO_PARAMS 2 /* EVP_PKEY * */ +# define OSSL_STORE_INFO_PUBKEY 3 /* EVP_PKEY * */ +# define OSSL_STORE_INFO_PKEY 4 /* EVP_PKEY * */ +# define OSSL_STORE_INFO_CERT 5 /* X509 * */ +# define OSSL_STORE_INFO_CRL 6 /* X509_CRL * */ + +/* + * Functions to generate OSSL_STORE_INFOs, one function for each type we + * support having in them, as well as a generic constructor. + * + * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO + * and will therefore be freed when the OSSL_STORE_INFO is freed. + */ +OSSL_STORE_INFO *OSSL_STORE_INFO_new(int type, void *data); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); +int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY *pubkey); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); + +/* + * Functions to try to extract data from a OSSL_STORE_INFO. + */ +int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info); +void *OSSL_STORE_INFO_get0_data(int type, const OSSL_STORE_INFO *info); +const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info); +char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info); +const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info); +char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info); +X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info); +X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info); +X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info); +X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info); + +const char *OSSL_STORE_INFO_type_string(int type); + +/* + * Free the OSSL_STORE_INFO + */ +void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info); + + +/*- + * Functions to construct a search URI from a base URI and search criteria + * ----------------------------------------------------------------------- + */ + +/* OSSL_STORE search types */ +# define OSSL_STORE_SEARCH_BY_NAME 1 /* subject in certs, issuer in CRLs */ +# define OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 2 +# define OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 3 +# define OSSL_STORE_SEARCH_BY_ALIAS 4 + +/* To check what search types the scheme handler supports */ +int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type); + +/* Search term constructors */ +/* + * The input is considered to be owned by the caller, and must therefore + * remain present throughout the lifetime of the returned OSSL_STORE_SEARCH + */ +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, + const ASN1_INTEGER + *serial); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, + const unsigned char + *bytes, size_t len); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias); + +/* Search term destructor */ +void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search); + +/* Search term accessors */ +int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion); +X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion); +const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH + *criterion); +const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH + *criterion, size_t *length); +const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion); +const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion); + +/* + * Add search criterion and expected return type (which can be unspecified) + * to the loading channel. This MUST happen before the first OSSL_STORE_load(). + */ +int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type); +int OSSL_STORE_find(OSSL_STORE_CTX *ctx, const OSSL_STORE_SEARCH *search); + + +/*- + * Function to fetch a loader and extract data from it + * --------------------------------------------------- + */ + +typedef struct ossl_store_loader_st OSSL_STORE_LOADER; + +OSSL_STORE_LOADER *OSSL_STORE_LOADER_fetch(OSSL_LIB_CTX *libctx, + const char *scheme, + const char *properties); +int OSSL_STORE_LOADER_up_ref(OSSL_STORE_LOADER *loader); +void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader); +const OSSL_PROVIDER *OSSL_STORE_LOADER_get0_provider(const OSSL_STORE_LOADER * + loader); +const char *OSSL_STORE_LOADER_get0_properties(const OSSL_STORE_LOADER *loader); +const char *OSSL_STORE_LOADER_get0_description(const OSSL_STORE_LOADER *loader); +int OSSL_STORE_LOADER_is_a(const OSSL_STORE_LOADER *loader, + const char *scheme); +void OSSL_STORE_LOADER_do_all_provided(OSSL_LIB_CTX *libctx, + void (*fn)(OSSL_STORE_LOADER *loader, + void *arg), + void *arg); +int OSSL_STORE_LOADER_names_do_all(const OSSL_STORE_LOADER *loader, + void (*fn)(const char *name, void *data), + void *data); + +/*- + * Function to register a loader for the given URI scheme. + * ------------------------------------------------------- + * + * The loader receives all the main components of an URI except for the + * scheme. + */ + +# ifndef OPENSSL_NO_DEPRECATED_3_0 + +/* struct ossl_store_loader_ctx_st is defined differently by each loader */ +typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; +typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn) + (const OSSL_STORE_LOADER *loader, const char *uri, + const UI_METHOD *ui_method, void *ui_data); +typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_ex_fn) + (const OSSL_STORE_LOADER *loader, + const char *uri, OSSL_LIB_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data); + +typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_attach_fn) + (const OSSL_STORE_LOADER *loader, BIO *bio, + OSSL_LIB_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data); +typedef int (*OSSL_STORE_ctrl_fn) + (OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args); +typedef int (*OSSL_STORE_expect_fn) + (OSSL_STORE_LOADER_CTX *ctx, int expected); +typedef int (*OSSL_STORE_find_fn) + (OSSL_STORE_LOADER_CTX *ctx, const OSSL_STORE_SEARCH *criteria); +typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn) + (OSSL_STORE_LOADER_CTX *ctx, const UI_METHOD *ui_method, void *ui_data); +typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); +typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx); +typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); + +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); +OSSL_DEPRECATEDIN_3_0 +int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader, + OSSL_STORE_open_fn open_function); +OSSL_DEPRECATEDIN_3_0 +int OSSL_STORE_LOADER_set_open_ex(OSSL_STORE_LOADER *loader, + OSSL_STORE_open_ex_fn open_ex_function); +OSSL_DEPRECATEDIN_3_0 +int OSSL_STORE_LOADER_set_attach(OSSL_STORE_LOADER *loader, + OSSL_STORE_attach_fn attach_function); +OSSL_DEPRECATEDIN_3_0 +int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader, + OSSL_STORE_ctrl_fn ctrl_function); +OSSL_DEPRECATEDIN_3_0 +int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, + OSSL_STORE_expect_fn expect_function); +OSSL_DEPRECATEDIN_3_0 +int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, + OSSL_STORE_find_fn find_function); +OSSL_DEPRECATEDIN_3_0 +int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader, + OSSL_STORE_load_fn load_function); +OSSL_DEPRECATEDIN_3_0 +int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader, + OSSL_STORE_eof_fn eof_function); +OSSL_DEPRECATEDIN_3_0 +int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader, + OSSL_STORE_error_fn error_function); +OSSL_DEPRECATEDIN_3_0 +int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader, + OSSL_STORE_close_fn close_function); +OSSL_DEPRECATEDIN_3_0 +const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader); +OSSL_DEPRECATEDIN_3_0 +const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader); +OSSL_DEPRECATEDIN_3_0 +int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); +OSSL_DEPRECATEDIN_3_0 +OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); +# endif + +/*- + * Functions to list STORE loaders + * ------------------------------- + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 +int OSSL_STORE_do_all_loaders(void (*do_function)(const OSSL_STORE_LOADER *loader, + void *do_arg), + void *do_arg); +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/storeerr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/storeerr.h new file mode 100644 index 000000000000..00529c88b59a --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/storeerr.h @@ -0,0 +1,49 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_STOREERR_H +# define OPENSSL_STOREERR_H +# pragma once + +# include +# include +# include + + + +/* + * OSSL_STORE reason codes. + */ +# define OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE 107 +# define OSSL_STORE_R_BAD_PASSWORD_READ 115 +# define OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC 113 +# define OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST 121 +# define OSSL_STORE_R_INVALID_SCHEME 106 +# define OSSL_STORE_R_IS_NOT_A 112 +# define OSSL_STORE_R_LOADER_INCOMPLETE 116 +# define OSSL_STORE_R_LOADING_STARTED 117 +# define OSSL_STORE_R_NOT_A_CERTIFICATE 100 +# define OSSL_STORE_R_NOT_A_CRL 101 +# define OSSL_STORE_R_NOT_A_NAME 103 +# define OSSL_STORE_R_NOT_A_PRIVATE_KEY 102 +# define OSSL_STORE_R_NOT_A_PUBLIC_KEY 122 +# define OSSL_STORE_R_NOT_PARAMETERS 104 +# define OSSL_STORE_R_NO_LOADERS_FOUND 123 +# define OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR 114 +# define OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE 108 +# define OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 119 +# define OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED 109 +# define OSSL_STORE_R_UNREGISTERED_SCHEME 105 +# define OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE 110 +# define OSSL_STORE_R_UNSUPPORTED_OPERATION 118 +# define OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE 120 +# define OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED 111 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/symhacks.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/symhacks.h new file mode 100644 index 000000000000..816f8f998910 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/symhacks.h @@ -0,0 +1,39 @@ +/* + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SYMHACKS_H +# define OPENSSL_SYMHACKS_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SYMHACKS_H +# endif + +# include + +/* Case insensitive linking causes problems.... */ +# if defined(OPENSSL_SYS_VMS) +# undef ERR_load_CRYPTO_strings +# define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings +# undef OCSP_crlID_new +# define OCSP_crlID_new OCSP_crlID2_new + +# undef d2i_ECPARAMETERS +# define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS +# undef i2d_ECPARAMETERS +# define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS +# undef d2i_ECPKPARAMETERS +# define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS +# undef i2d_ECPKPARAMETERS +# define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS + +# endif + +#endif /* ! defined HEADER_VMS_IDHACKS_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/thread.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/thread.h new file mode 100644 index 000000000000..3926ce54d78b --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/thread.h @@ -0,0 +1,31 @@ +/* + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_THREAD_H +# define OPENSSL_THREAD_H + +# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0) +# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1) + +# include + +# ifdef __cplusplus +extern "C" { +# endif + +uint32_t OSSL_get_thread_support_flags(void); +int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads); +uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx); + +# ifdef __cplusplus +} +# endif + +#endif /* OPENSSL_THREAD_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/tls1.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/tls1.h new file mode 100644 index 000000000000..5329338efa52 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/tls1.h @@ -0,0 +1,1212 @@ +/* + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_TLS1_H +# define OPENSSL_TLS1_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_TLS1_H +# endif + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Default security level if not overridden at config time */ +# ifndef OPENSSL_TLS_SECURITY_LEVEL +# define OPENSSL_TLS_SECURITY_LEVEL 2 +# endif + +/* TLS*_VERSION constants are defined in prov_ssl.h */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define TLS_MAX_VERSION TLS1_3_VERSION +# endif + +/* Special value for method supporting multiple versions */ +# define TLS_ANY_VERSION 0x10000 + +# define TLS1_VERSION_MAJOR 0x03 +# define TLS1_VERSION_MINOR 0x01 + +# define TLS1_1_VERSION_MAJOR 0x03 +# define TLS1_1_VERSION_MINOR 0x02 + +# define TLS1_2_VERSION_MAJOR 0x03 +# define TLS1_2_VERSION_MINOR 0x03 + +# define TLS1_get_version(s) \ + ((SSL_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_version(s) : 0) + +# define TLS1_get_client_version(s) \ + ((SSL_client_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_client_version(s) : 0) + +# define TLS1_AD_DECRYPTION_FAILED 21 +# define TLS1_AD_RECORD_OVERFLOW 22 +# define TLS1_AD_UNKNOWN_CA 48/* fatal */ +# define TLS1_AD_ACCESS_DENIED 49/* fatal */ +# define TLS1_AD_DECODE_ERROR 50/* fatal */ +# define TLS1_AD_DECRYPT_ERROR 51 +# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */ +# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */ +# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */ +# define TLS1_AD_INTERNAL_ERROR 80/* fatal */ +# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */ +# define TLS1_AD_USER_CANCELLED 90 +# define TLS1_AD_NO_RENEGOTIATION 100 +/* TLSv1.3 alerts */ +# define TLS13_AD_MISSING_EXTENSION 109 /* fatal */ +# define TLS13_AD_CERTIFICATE_REQUIRED 116 /* fatal */ +/* codes 110-114 are from RFC3546 */ +# define TLS1_AD_UNSUPPORTED_EXTENSION 110 +# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 +# define TLS1_AD_UNRECOGNIZED_NAME 112 +# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 +# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 +# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ +# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */ + +/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ +# define TLSEXT_TYPE_server_name 0 +# define TLSEXT_TYPE_max_fragment_length 1 +# define TLSEXT_TYPE_client_certificate_url 2 +# define TLSEXT_TYPE_trusted_ca_keys 3 +# define TLSEXT_TYPE_truncated_hmac 4 +# define TLSEXT_TYPE_status_request 5 +/* ExtensionType values from RFC4681 */ +# define TLSEXT_TYPE_user_mapping 6 +/* ExtensionType values from RFC5878 */ +# define TLSEXT_TYPE_client_authz 7 +# define TLSEXT_TYPE_server_authz 8 +/* ExtensionType values from RFC6091 */ +# define TLSEXT_TYPE_cert_type 9 + +/* ExtensionType values from RFC4492 */ +/* + * Prior to TLSv1.3 the supported_groups extension was known as + * elliptic_curves + */ +# define TLSEXT_TYPE_supported_groups 10 +# define TLSEXT_TYPE_elliptic_curves TLSEXT_TYPE_supported_groups +# define TLSEXT_TYPE_ec_point_formats 11 + + +/* ExtensionType value from RFC5054 */ +# define TLSEXT_TYPE_srp 12 + +/* ExtensionType values from RFC5246 */ +# define TLSEXT_TYPE_signature_algorithms 13 + +/* ExtensionType value from RFC5764 */ +# define TLSEXT_TYPE_use_srtp 14 + +/* ExtensionType value from RFC7301 */ +# define TLSEXT_TYPE_application_layer_protocol_negotiation 16 + +/* + * Extension type for Certificate Transparency + * https://tools.ietf.org/html/rfc6962#section-3.3.1 + */ +# define TLSEXT_TYPE_signed_certificate_timestamp 18 + +/* + * Extension type for Raw Public Keys + * https://tools.ietf.org/html/rfc7250 + * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml + */ +# define TLSEXT_TYPE_client_cert_type 19 +# define TLSEXT_TYPE_server_cert_type 20 + +/* + * ExtensionType value for TLS padding extension. + * http://tools.ietf.org/html/draft-agl-tls-padding + */ +# define TLSEXT_TYPE_padding 21 + +/* ExtensionType value from RFC7366 */ +# define TLSEXT_TYPE_encrypt_then_mac 22 + +/* ExtensionType value from RFC7627 */ +# define TLSEXT_TYPE_extended_master_secret 23 + +/* ExtensionType value from RFC8879 */ +# define TLSEXT_TYPE_compress_certificate 27 + +/* ExtensionType value from RFC4507 */ +# define TLSEXT_TYPE_session_ticket 35 + +/* As defined for TLS1.3 */ +# define TLSEXT_TYPE_psk 41 +# define TLSEXT_TYPE_early_data 42 +# define TLSEXT_TYPE_supported_versions 43 +# define TLSEXT_TYPE_cookie 44 +# define TLSEXT_TYPE_psk_kex_modes 45 +# define TLSEXT_TYPE_certificate_authorities 47 +# define TLSEXT_TYPE_post_handshake_auth 49 +# define TLSEXT_TYPE_signature_algorithms_cert 50 +# define TLSEXT_TYPE_key_share 51 +# define TLSEXT_TYPE_quic_transport_parameters 57 + +/* Temporary extension type */ +# define TLSEXT_TYPE_renegotiate 0xff01 + +# ifndef OPENSSL_NO_NEXTPROTONEG +/* This is not an IANA defined extension number */ +# define TLSEXT_TYPE_next_proto_neg 13172 +# endif + +/* NameType value from RFC3546 */ +# define TLSEXT_NAMETYPE_host_name 0 +/* status request value from RFC3546 */ +# define TLSEXT_STATUSTYPE_ocsp 1 + +/* ECPointFormat values from RFC4492 */ +# define TLSEXT_ECPOINTFORMAT_first 0 +# define TLSEXT_ECPOINTFORMAT_uncompressed 0 +# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 +# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 +# define TLSEXT_ECPOINTFORMAT_last 2 + +/* Signature and hash algorithms from RFC5246 */ +# define TLSEXT_signature_anonymous 0 +# define TLSEXT_signature_rsa 1 +# define TLSEXT_signature_dsa 2 +# define TLSEXT_signature_ecdsa 3 +# define TLSEXT_signature_gostr34102001 237 +# define TLSEXT_signature_gostr34102012_256 238 +# define TLSEXT_signature_gostr34102012_512 239 + +/* Total number of different signature algorithms */ +# define TLSEXT_signature_num 7 + +# define TLSEXT_hash_none 0 +# define TLSEXT_hash_md5 1 +# define TLSEXT_hash_sha1 2 +# define TLSEXT_hash_sha224 3 +# define TLSEXT_hash_sha256 4 +# define TLSEXT_hash_sha384 5 +# define TLSEXT_hash_sha512 6 +# define TLSEXT_hash_gostr3411 237 +# define TLSEXT_hash_gostr34112012_256 238 +# define TLSEXT_hash_gostr34112012_512 239 + +/* Total number of different digest algorithms */ + +# define TLSEXT_hash_num 10 + +/* Possible compression values from RFC8879 */ +/* Not defined in RFC8879, but used internally for no-compression */ +# define TLSEXT_comp_cert_none 0 +# define TLSEXT_comp_cert_zlib 1 +# define TLSEXT_comp_cert_brotli 2 +# define TLSEXT_comp_cert_zstd 3 +/* one more than the number of defined values - used as size of 0-terminated array */ +# define TLSEXT_comp_cert_limit 4 + +/* Flag set for unrecognised algorithms */ +# define TLSEXT_nid_unknown 0x1000000 + +/* ECC curves */ + +# define TLSEXT_curve_P_256 23 +# define TLSEXT_curve_P_384 24 + +/* OpenSSL value to disable maximum fragment length extension */ +# define TLSEXT_max_fragment_length_DISABLED 0 +/* Allowed values for max fragment length extension */ +# define TLSEXT_max_fragment_length_512 1 +# define TLSEXT_max_fragment_length_1024 2 +# define TLSEXT_max_fragment_length_2048 3 +# define TLSEXT_max_fragment_length_4096 4 +/* OpenSSL value for unset maximum fragment length extension */ +# define TLSEXT_max_fragment_length_UNSPECIFIED 255 + +/* + * TLS Certificate Type (for RFC7250) + * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3 + */ +# define TLSEXT_cert_type_x509 0 +# define TLSEXT_cert_type_pgp 1 /* recognized, but not supported */ +# define TLSEXT_cert_type_rpk 2 +# define TLSEXT_cert_type_1609dot2 3 /* recognized, but not supported */ + +int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); +int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); + +# define TLSEXT_MAXLEN_host_name 255 + +__owur const char *SSL_get_servername(const SSL *s, const int type); +__owur int SSL_get_servername_type(const SSL *s); +/* + * SSL_export_keying_material exports a value derived from the master secret, + * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and + * optional context. (Since a zero length context is allowed, the |use_context| + * flag controls whether a context is included.) It returns 1 on success and + * 0 or -1 otherwise. + */ +__owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context); + +/* + * SSL_export_keying_material_early exports a value derived from the + * early exporter master secret, as specified in + * https://tools.ietf.org/html/draft-ietf-tls-tls13-23. It writes + * |olen| bytes to |out| given a label and optional context. It + * returns 1 on success and 0 otherwise. + */ +__owur int SSL_export_keying_material_early(SSL *s, unsigned char *out, + size_t olen, const char *label, + size_t llen, + const unsigned char *context, + size_t contextlen); + +int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid); +int SSL_get_signature_type_nid(const SSL *s, int *pnid); + +int SSL_get_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +int SSL_get_shared_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +__owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); + +# define SSL_set_tlsext_host_name(s,name) \ + SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,\ + (void *)name) + +# define SSL_set_tlsext_debug_callback(ssl, cb) \ + SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,\ + (void (*)(void))cb) + +# define SSL_set_tlsext_debug_arg(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0,arg) + +# define SSL_get_tlsext_status_type(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL) + +# define SSL_set_tlsext_status_type(ssl, type) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL) + +# define SSL_get_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0,arg) + +# define SSL_set_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0,arg) + +# define SSL_get_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0,arg) + +# define SSL_set_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0,arg) + +# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0,arg) + +# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen,arg) + +# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ + SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,\ + (void (*)(void))cb) + +# define SSL_TLSEXT_ERR_OK 0 +# define SSL_TLSEXT_ERR_ALERT_WARNING 1 +# define SSL_TLSEXT_ERR_ALERT_FATAL 2 +# define SSL_TLSEXT_ERR_NOACK 3 + +# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0,arg) + +# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_TICKET_KEYS,keylen,keys) +# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_TICKET_KEYS,keylen,keys) + +# define SSL_CTX_get_tlsext_status_cb(ssl, cb) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0,(void *)cb) +# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,\ + (void (*)(void))cb) + +# define SSL_CTX_get_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0,arg) +# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0,arg) + +# define SSL_CTX_set_tlsext_status_type(ssl, type) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL) + +# define SSL_CTX_get_tlsext_status_type(ssl) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,\ + (void (*)(void))cb) +# endif +int SSL_CTX_set_tlsext_ticket_key_evp_cb + (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *, + EVP_CIPHER_CTX *, EVP_MAC_CTX *, int)); + +/* PSK ciphersuites from 4279 */ +# define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A +# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B +# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C +# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D +# define TLS1_CK_DHE_PSK_WITH_RC4_128_SHA 0x0300008E +# define TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008F +# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA 0x03000090 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA 0x03000091 +# define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA 0x03000092 +# define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x03000093 +# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA 0x03000094 +# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA 0x03000095 + +/* PSK ciphersuites from 5487 */ +# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8 +# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9 +# define TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256 0x030000AA +# define TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384 0x030000AB +# define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256 0x030000AC +# define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384 0x030000AD +# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256 0x030000AE +# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384 0x030000AF +# define TLS1_CK_PSK_WITH_NULL_SHA256 0x030000B0 +# define TLS1_CK_PSK_WITH_NULL_SHA384 0x030000B1 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256 0x030000B2 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384 0x030000B3 +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA256 0x030000B4 +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA384 0x030000B5 +# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256 0x030000B6 +# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384 0x030000B7 +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA256 0x030000B8 +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA384 0x030000B9 + +/* NULL PSK ciphersuites from RFC4785 */ +# define TLS1_CK_PSK_WITH_NULL_SHA 0x0300002C +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA 0x0300002D +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA 0x0300002E + +/* AES ciphersuites from RFC3268 */ +# define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F +# define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 +# define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 +# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 +# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 +# define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 +# define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 +# define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 +# define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 +# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 +# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 +# define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A + +/* TLS v1.2 ciphersuites */ +# define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B +# define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C +# define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D +# define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E +# define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F +# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 +# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 + +/* TLS v1.2 ciphersuites */ +# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067 +# define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068 +# define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069 +# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A +# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B +# define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C +# define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 +# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 + +/* SEED ciphersuites from RFC4162 */ +# define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 +# define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 +# define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 +# define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 +# define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A +# define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +# define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C +# define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D +# define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E +# define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F +# define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0 +# define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1 +# define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2 +# define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3 +# define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4 +# define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5 +# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 +# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 + +/* CCM ciphersuites from RFC6655 */ +# define TLS1_CK_RSA_WITH_AES_128_CCM 0x0300C09C +# define TLS1_CK_RSA_WITH_AES_256_CCM 0x0300C09D +# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM 0x0300C09E +# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM 0x0300C09F +# define TLS1_CK_RSA_WITH_AES_128_CCM_8 0x0300C0A0 +# define TLS1_CK_RSA_WITH_AES_256_CCM_8 0x0300C0A1 +# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8 0x0300C0A2 +# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8 0x0300C0A3 +# define TLS1_CK_PSK_WITH_AES_128_CCM 0x0300C0A4 +# define TLS1_CK_PSK_WITH_AES_256_CCM 0x0300C0A5 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM 0x0300C0A6 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM 0x0300C0A7 +# define TLS1_CK_PSK_WITH_AES_128_CCM_8 0x0300C0A8 +# define TLS1_CK_PSK_WITH_AES_256_CCM_8 0x0300C0A9 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8 0x0300C0AA +# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8 0x0300C0AB + +/* CCM ciphersuites from RFC7251 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM 0x0300C0AC +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM 0x0300C0AD +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8 0x0300C0AE +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8 0x0300C0AF + +/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BC +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BD +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BE +# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 0x030000BF + +# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C0 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C1 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C2 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C3 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4 +# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5 + +/* ECC ciphersuites from RFC4492 */ +# define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 +# define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 +# define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 + +# define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 +# define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 +# define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A + +# define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B +# define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C +# define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D +# define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E +# define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F + +# define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 +# define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 +# define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 + +# define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 +# define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 +# define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 +# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 +# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 + +/* SRP ciphersuites from RFC 5054 */ +# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A +# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B +# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C +# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D +# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E +# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F +# define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020 +# define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 +# define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 + +/* ECDH HMAC based ciphersuites from RFC5289 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026 +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027 +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028 +# define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 +# define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A + +/* ECDH GCM based ciphersuites from RFC5289 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030 +# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 +# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 + +/* ECDHE PSK ciphersuites from RFC5489 */ +# define TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA 0x0300C033 +# define TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300C034 +# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035 +# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036 + +# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0x0300C037 +# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0x0300C038 + +/* NULL PSK ciphersuites from RFC4785 */ +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA 0x0300C039 +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256 0x0300C03A +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384 0x0300C03B + +/* Camellia-CBC ciphersuites from RFC6367 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072 +# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073 +# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C074 +# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C075 +# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C076 +# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C077 +# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C078 +# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C079 + +# define TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C094 +# define TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C095 +# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C096 +# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C097 +# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C098 +# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C099 +# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A +# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B + +/* draft-ietf-tls-chacha20-poly1305-03 */ +# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8 +# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9 +# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA +# define TLS1_CK_PSK_WITH_CHACHA20_POLY1305 0x0300CCAB +# define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAC +# define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAD +# define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305 0x0300CCAE + +/* TLS v1.3 ciphersuites */ +# define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301 +# define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302 +# define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303 +# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 +# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305 + +/* Aria ciphersuites from RFC6209 */ +# define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C050 +# define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C051 +# define TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C052 +# define TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C053 +# define TLS1_CK_DH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C054 +# define TLS1_CK_DH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C055 +# define TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C056 +# define TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C057 +# define TLS1_CK_DH_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C058 +# define TLS1_CK_DH_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C059 +# define TLS1_CK_DH_anon_WITH_ARIA_128_GCM_SHA256 0x0300C05A +# define TLS1_CK_DH_anon_WITH_ARIA_256_GCM_SHA384 0x0300C05B +# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05C +# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05D +# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05E +# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05F +# define TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C060 +# define TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C061 +# define TLS1_CK_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C062 +# define TLS1_CK_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C063 +# define TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06A +# define TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06B +# define TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06C +# define TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06D +# define TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06E +# define TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06F + +/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ +# define TLS1_RFC_RSA_WITH_AES_128_SHA "TLS_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ADH_WITH_AES_128_SHA "TLS_DH_anon_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_RSA_WITH_AES_256_SHA "TLS_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ADH_WITH_AES_256_SHA "TLS_DH_anon_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_RSA_WITH_NULL_SHA256 "TLS_RSA_WITH_NULL_SHA256" +# define TLS1_RFC_RSA_WITH_AES_128_SHA256 "TLS_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_AES_256_SHA256 "TLS_RSA_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_AES_128_SHA256 "TLS_DH_anon_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_AES_256_SHA256 "TLS_DH_anon_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256 "TLS_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384 "TLS_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256 "TLS_DH_anon_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384 "TLS_DH_anon_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_RSA_WITH_AES_128_CCM "TLS_RSA_WITH_AES_128_CCM" +# define TLS1_RFC_RSA_WITH_AES_256_CCM "TLS_RSA_WITH_AES_256_CCM" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM "TLS_DHE_RSA_WITH_AES_128_CCM" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM "TLS_DHE_RSA_WITH_AES_256_CCM" +# define TLS1_RFC_RSA_WITH_AES_128_CCM_8 "TLS_RSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_RSA_WITH_AES_256_CCM_8 "TLS_RSA_WITH_AES_256_CCM_8" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8 "TLS_DHE_RSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8 "TLS_DHE_RSA_WITH_AES_256_CCM_8" +# define TLS1_RFC_PSK_WITH_AES_128_CCM "TLS_PSK_WITH_AES_128_CCM" +# define TLS1_RFC_PSK_WITH_AES_256_CCM "TLS_PSK_WITH_AES_256_CCM" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM "TLS_DHE_PSK_WITH_AES_128_CCM" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM "TLS_DHE_PSK_WITH_AES_256_CCM" +# define TLS1_RFC_PSK_WITH_AES_128_CCM_8 "TLS_PSK_WITH_AES_128_CCM_8" +# define TLS1_RFC_PSK_WITH_AES_256_CCM_8 "TLS_PSK_WITH_AES_256_CCM_8" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8 "TLS_PSK_DHE_WITH_AES_128_CCM_8" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8 "TLS_PSK_DHE_WITH_AES_256_CCM_8" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" +# define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" +# define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" +# define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" +# define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" +# define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA "TLS_ECDHE_RSA_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_NULL_SHA "TLS_ECDH_anon_WITH_NULL_SHA" +# define TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_NULL_SHA "TLS_PSK_WITH_NULL_SHA" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA "TLS_DHE_PSK_WITH_NULL_SHA" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA "TLS_RSA_PSK_WITH_NULL_SHA" +# define TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA "TLS_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA "TLS_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA "TLS_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256 "TLS_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384 "TLS_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256 "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384 "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256 "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384 "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256 "TLS_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384 "TLS_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_PSK_WITH_NULL_SHA256 "TLS_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_PSK_WITH_NULL_SHA384 "TLS_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA256 "TLS_DHE_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA384 "TLS_DHE_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256 "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384 "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA256 "TLS_RSA_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA384 "TLS_RSA_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA "TLS_ECDHE_PSK_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256 "TLS_ECDHE_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384 "TLS_ECDHE_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305 "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_RSA_WITH_SEED_SHA "TLS_RSA_WITH_SEED_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_SEED_SHA "TLS_DHE_DSS_WITH_SEED_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_SEED_SHA "TLS_DHE_RSA_WITH_SEED_CBC_SHA" +# define TLS1_RFC_ADH_WITH_SEED_SHA "TLS_DH_anon_WITH_SEED_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA "TLS_ECDHE_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA "TLS_ECDH_anon_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA "TLS_ECDHE_RSA_WITH_RC4_128_SHA" +# define TLS1_RFC_PSK_WITH_RC4_128_SHA "TLS_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA "TLS_RSA_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA "TLS_DHE_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_anon_WITH_ARIA_128_GCM_SHA256 "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_anon_WITH_ARIA_256_GCM_SHA384 "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_PSK_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" + + +/* + * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE + * ciphers names with "EDH" instead of "DHE". Going forward, we should be + * using DHE everywhere, though we may indefinitely maintain aliases for + * users or configurations that used "EDH" + */ +# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" + +# define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA "DHE-PSK-NULL-SHA" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA "RSA-PSK-NULL-SHA" + +/* AES ciphersuites from RFC3268 */ +# define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" +# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" +# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" +# define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" + +# define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" +# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" +# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" +# define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" + +/* ECC ciphersuites from RFC4492 */ +# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" + +# define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" + +# define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" + +# define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" + +# define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" +# define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" +# define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" +# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" + +/* PSK ciphersuites from RFC 4279 */ +# define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" +# define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" +# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" + +# define TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA "DHE-PSK-RC4-SHA" +# define TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA "DHE-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA "DHE-PSK-AES128-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA "DHE-PSK-AES256-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA "RSA-PSK-RC4-SHA" +# define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA "RSA-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA "RSA-PSK-AES128-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA "RSA-PSK-AES256-CBC-SHA" + +/* PSK ciphersuites from RFC 5487 */ +# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256 "DHE-PSK-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384 "DHE-PSK-AES256-GCM-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256 "RSA-PSK-AES128-GCM-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384 "RSA-PSK-AES256-GCM-SHA384" + +# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384 "PSK-AES256-CBC-SHA384" +# define TLS1_TXT_PSK_WITH_NULL_SHA256 "PSK-NULL-SHA256" +# define TLS1_TXT_PSK_WITH_NULL_SHA384 "PSK-NULL-SHA384" + +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256 "DHE-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384 "DHE-PSK-AES256-CBC-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA256 "DHE-PSK-NULL-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA384 "DHE-PSK-NULL-SHA384" + +# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256 "RSA-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384 "RSA-PSK-AES256-CBC-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA256 "RSA-PSK-NULL-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA384 "RSA-PSK-NULL-SHA384" + +/* SRP ciphersuite from RFC 5054 */ +# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" +# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" + +# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" +# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" + +/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 "CAMELLIA128-SHA256" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DH-DSS-CAMELLIA128-SHA256" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DH-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DHE-DSS-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DHE-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 "ADH-CAMELLIA128-SHA256" + +# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 "CAMELLIA256-SHA256" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DH-DSS-CAMELLIA256-SHA256" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DH-RSA-CAMELLIA256-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DHE-DSS-CAMELLIA256-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256" +# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256" + +# define TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256 "PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384 "PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "DHE-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "DHE-PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "RSA-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "RSA-PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-PSK-CAMELLIA256-SHA384" + +/* SEED ciphersuites from RFC4162 */ +# define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" +# define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" +# define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" +# define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" +# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" +# define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" + +/* TLS v1.2 ciphersuites */ +# define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" +# define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" +# define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256" +# define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" +# define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +# define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" +# define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384" +# define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384" +# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" +# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" + +/* CCM ciphersuites from RFC6655 */ +# define TLS1_TXT_RSA_WITH_AES_128_CCM "AES128-CCM" +# define TLS1_TXT_RSA_WITH_AES_256_CCM "AES256-CCM" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM "DHE-RSA-AES128-CCM" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM "DHE-RSA-AES256-CCM" + +# define TLS1_TXT_RSA_WITH_AES_128_CCM_8 "AES128-CCM8" +# define TLS1_TXT_RSA_WITH_AES_256_CCM_8 "AES256-CCM8" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8 "DHE-RSA-AES128-CCM8" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8 "DHE-RSA-AES256-CCM8" + +# define TLS1_TXT_PSK_WITH_AES_128_CCM "PSK-AES128-CCM" +# define TLS1_TXT_PSK_WITH_AES_256_CCM "PSK-AES256-CCM" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM "DHE-PSK-AES128-CCM" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM "DHE-PSK-AES256-CCM" + +# define TLS1_TXT_PSK_WITH_AES_128_CCM_8 "PSK-AES128-CCM8" +# define TLS1_TXT_PSK_WITH_AES_256_CCM_8 "PSK-AES256-CCM8" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8 "DHE-PSK-AES128-CCM8" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8 "DHE-PSK-AES256-CCM8" + +/* CCM ciphersuites from RFC7251 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM "ECDHE-ECDSA-AES128-CCM" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM "ECDHE-ECDSA-AES256-CCM" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8 "ECDHE-ECDSA-AES128-CCM8" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8 "ECDHE-ECDSA-AES256-CCM8" + +/* ECDH HMAC based ciphersuites from RFC5289 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" + +/* ECDH GCM based ciphersuites from RFC5289 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" + +/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */ +# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" + +/* ECDHE PSK ciphersuites from RFC 5489 */ +# define TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA "ECDHE-PSK-RC4-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "ECDHE-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA" + +# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "ECDHE-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "ECDHE-PSK-AES256-CBC-SHA384" + +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA "ECDHE-PSK-NULL-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256 "ECDHE-PSK-NULL-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384 "ECDHE-PSK-NULL-SHA384" + +/* Camellia-CBC ciphersuites from RFC6367 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-ECDSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-ECDSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-RSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384" + +/* draft-ietf-tls-chacha20-poly1305-03 */ +# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" +# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" +# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" +# define TLS1_TXT_PSK_WITH_CHACHA20_POLY1305 "PSK-CHACHA20-POLY1305" +# define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305 "ECDHE-PSK-CHACHA20-POLY1305" +# define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305 "DHE-PSK-CHACHA20-POLY1305" +# define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305 "RSA-PSK-CHACHA20-POLY1305" + +/* Aria ciphersuites from RFC6209 */ +# define TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256 "ARIA128-GCM-SHA256" +# define TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384 "ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "DHE-RSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "DHE-RSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_RSA_WITH_ARIA_128_GCM_SHA256 "DH-RSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_RSA_WITH_ARIA_256_GCM_SHA384 "DH-RSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "DHE-DSS-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "DHE-DSS-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_DSS_WITH_ARIA_128_GCM_SHA256 "DH-DSS-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_DSS_WITH_ARIA_256_GCM_SHA384 "DH-DSS-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_anon_WITH_ARIA_128_GCM_SHA256 "ADH-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_anon_WITH_ARIA_256_GCM_SHA384 "ADH-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ECDSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ECDSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ECDSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ECDSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ARIA256-GCM-SHA384" +# define TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256 "PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384 "PSK-ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "DHE-PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "DHE-PSK-ARIA256-GCM-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "RSA-PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "RSA-PSK-ARIA256-GCM-SHA384" + +# define TLS_CT_RSA_SIGN 1 +# define TLS_CT_DSS_SIGN 2 +# define TLS_CT_RSA_FIXED_DH 3 +# define TLS_CT_DSS_FIXED_DH 4 +# define TLS_CT_ECDSA_SIGN 64 +# define TLS_CT_RSA_FIXED_ECDH 65 +# define TLS_CT_ECDSA_FIXED_ECDH 66 +# define TLS_CT_GOST01_SIGN 22 +# define TLS_CT_GOST12_IANA_SIGN 67 +# define TLS_CT_GOST12_IANA_512_SIGN 68 +# define TLS_CT_GOST12_LEGACY_SIGN 238 +# define TLS_CT_GOST12_LEGACY_512_SIGN 239 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define TLS_CT_GOST12_SIGN TLS_CT_GOST12_LEGACY_SIGN +# define TLS_CT_GOST12_512_SIGN TLS_CT_GOST12_LEGACY_512_SIGN +# endif + +/* + * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see + * comment there) + */ +# define TLS_CT_NUMBER 12 + +# if defined(SSL3_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif + +# define TLS1_FINISH_MAC_LENGTH 12 + +# define TLS_MD_MAX_CONST_SIZE 22 + +/* ASCII: "client finished", in hex for EBCDIC compatibility */ +# define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" +# define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 +/* ASCII: "server finished", in hex for EBCDIC compatibility */ +# define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" +# define TLS_MD_SERVER_FINISH_CONST_SIZE 15 +/* ASCII: "server write key", in hex for EBCDIC compatibility */ +# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" +# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 +/* ASCII: "key expansion", in hex for EBCDIC compatibility */ +# define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" +# define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 +/* ASCII: "client write key", in hex for EBCDIC compatibility */ +# define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" +# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 +/* ASCII: "server write key", in hex for EBCDIC compatibility */ +# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" +# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 +/* ASCII: "IV block", in hex for EBCDIC compatibility */ +# define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" +# define TLS_MD_IV_BLOCK_CONST_SIZE 8 +/* ASCII: "master secret", in hex for EBCDIC compatibility */ +# define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# define TLS_MD_MASTER_SECRET_CONST_SIZE 13 +/* ASCII: "extended master secret", in hex for EBCDIC compatibility */ +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x6e\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22 + +/* TLS Session Ticket extension struct */ +struct tls_session_ticket_ext_st { + unsigned short length; + void *data; +}; + +#ifdef __cplusplus +} +#endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/trace.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/trace.h new file mode 100644 index 000000000000..9a5b56ea5fc4 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/trace.h @@ -0,0 +1,320 @@ +/* + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_TRACE_H +# define OPENSSL_TRACE_H +# pragma once + +# include + +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * TRACE CATEGORIES + */ + +/* + * The trace messages of the OpenSSL libraries are organized into different + * categories. For every trace category, the application can register a separate + * tracer callback. When a callback is registered, a so called trace channel is + * created for this category. This channel consists essentially of an internal + * BIO which sends all trace output it receives to the registered application + * callback. + * + * The ALL category can be used as a fallback category to register a single + * channel which receives the output from all categories. However, if the + * application intends to print the trace channel name in the line prefix, + * it is better to register channels for all categories separately. + * (This is how the openssl application does it.) + */ +# define OSSL_TRACE_CATEGORY_ALL 0 /* The fallback */ +# define OSSL_TRACE_CATEGORY_TRACE 1 +# define OSSL_TRACE_CATEGORY_INIT 2 +# define OSSL_TRACE_CATEGORY_TLS 3 +# define OSSL_TRACE_CATEGORY_TLS_CIPHER 4 +# define OSSL_TRACE_CATEGORY_CONF 5 +# define OSSL_TRACE_CATEGORY_ENGINE_TABLE 6 +# define OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT 7 +# define OSSL_TRACE_CATEGORY_PKCS5V2 8 +# define OSSL_TRACE_CATEGORY_PKCS12_KEYGEN 9 +# define OSSL_TRACE_CATEGORY_PKCS12_DECRYPT 10 +# define OSSL_TRACE_CATEGORY_X509V3_POLICY 11 +# define OSSL_TRACE_CATEGORY_BN_CTX 12 +# define OSSL_TRACE_CATEGORY_CMP 13 +# define OSSL_TRACE_CATEGORY_STORE 14 +# define OSSL_TRACE_CATEGORY_DECODER 15 +# define OSSL_TRACE_CATEGORY_ENCODER 16 +# define OSSL_TRACE_CATEGORY_REF_COUNT 17 +# define OSSL_TRACE_CATEGORY_HTTP 18 +/* Count of available categories. */ +# define OSSL_TRACE_CATEGORY_NUM 19 +/* KEEP THIS LIST IN SYNC with trace_categories[] in crypto/trace.c */ + +/* Returns the trace category number for the given |name| */ +int OSSL_trace_get_category_num(const char *name); + +/* Returns the trace category name for the given |num| */ +const char *OSSL_trace_get_category_name(int num); + +/* + * TRACE CONSUMERS + */ + +/* + * Enables tracing for the given |category| by providing a BIO sink + * as |channel|. If a null pointer is passed as |channel|, an existing + * trace channel is removed and tracing for the category is disabled. + * + * Returns 1 on success and 0 on failure + */ +int OSSL_trace_set_channel(int category, BIO* channel); + +/* + * Attach a prefix and a suffix to the given |category|, to be printed at the + * beginning and at the end of each trace output group, i.e. when + * OSSL_trace_begin() and OSSL_trace_end() are called. + * If a null pointer is passed as argument, the existing prefix or suffix is + * removed. + * + * They return 1 on success and 0 on failure + */ +int OSSL_trace_set_prefix(int category, const char *prefix); +int OSSL_trace_set_suffix(int category, const char *suffix); + +/* + * OSSL_trace_cb is the type tracing callback provided by the application. + * It MUST return the number of bytes written, or 0 on error (in other words, + * it can never write zero bytes). + * + * The |buffer| will always contain text, which may consist of several lines. + * The |data| argument points to whatever data was provided by the application + * when registering the tracer function. + * + * The |category| number is given, as well as a |cmd| number, described below. + */ +typedef size_t (*OSSL_trace_cb)(const char *buffer, size_t count, + int category, int cmd, void *data); +/* + * Possible |cmd| numbers. + */ +# define OSSL_TRACE_CTRL_BEGIN 0 +# define OSSL_TRACE_CTRL_WRITE 1 +# define OSSL_TRACE_CTRL_END 2 + +/* + * Enables tracing for the given |category| by creating an internal + * trace channel which sends the output to the given |callback|. + * If a null pointer is passed as callback, an existing trace channel + * is removed and tracing for the category is disabled. + * + * NOTE: OSSL_trace_set_channel() and OSSL_trace_set_callback() are mutually + * exclusive. + * + * Returns 1 on success and 0 on failure + */ +int OSSL_trace_set_callback(int category, OSSL_trace_cb callback, void *data); + +/* + * TRACE PRODUCERS + */ + +/* + * Returns 1 if tracing for the specified category is enabled, otherwise 0 + */ +int OSSL_trace_enabled(int category); + +/* + * Wrap a group of tracing output calls. OSSL_trace_begin() locks tracing and + * returns the trace channel associated with the given category, or NULL if no + * channel is associated with the category. OSSL_trace_end() unlocks tracing. + * + * Usage: + * + * BIO *out; + * if ((out = OSSL_trace_begin(category)) != NULL) { + * ... + * BIO_fprintf(out, ...); + * ... + * OSSL_trace_end(category, out); + * } + * + * See also the convenience macros OSSL_TRACE_BEGIN and OSSL_TRACE_END below. + */ +BIO *OSSL_trace_begin(int category); +void OSSL_trace_end(int category, BIO *channel); + +/* + * OSSL_TRACE* Convenience Macros + */ + +/* + * When the tracing feature is disabled, these macros are defined to + * produce dead code, which a good compiler should eliminate. + */ + +/* + * OSSL_TRACE_BEGIN, OSSL_TRACE_END - Define a Trace Group + * + * These two macros can be used to create a block which is executed only + * if the corresponding trace category is enabled. Inside this block, a + * local variable named |trc_out| is defined, which points to the channel + * associated with the given trace category. + * + * Usage: (using 'TLS' as an example category) + * + * OSSL_TRACE_BEGIN(TLS) { + * + * BIO_fprintf(trc_out, ... ); + * + * } OSSL_TRACE_END(TLS); + * + * + * This expands to the following code + * + * do { + * BIO *trc_out = OSSL_trace_begin(OSSL_TRACE_CATEGORY_TLS); + * if (trc_out != NULL) { + * ... + * BIO_fprintf(trc_out, ...); + * } + * OSSL_trace_end(OSSL_TRACE_CATEGORY_TLS, trc_out); + * } while (0); + * + * The use of the inner '{...}' group and the trailing ';' is enforced + * by the definition of the macros in order to make the code look as much + * like C code as possible. + * + * Before returning from inside the trace block, it is necessary to + * call OSSL_TRACE_CANCEL(category). + */ + +# if !defined OPENSSL_NO_TRACE && !defined FIPS_MODULE + +# define OSSL_TRACE_BEGIN(category) \ + do { \ + BIO *trc_out = OSSL_trace_begin(OSSL_TRACE_CATEGORY_##category); \ + \ + if (trc_out != NULL) + +# define OSSL_TRACE_END(category) \ + OSSL_trace_end(OSSL_TRACE_CATEGORY_##category, trc_out); \ + } while (0) + +# define OSSL_TRACE_CANCEL(category) \ + OSSL_trace_end(OSSL_TRACE_CATEGORY_##category, trc_out) \ + +# else + +# define OSSL_TRACE_BEGIN(category) \ + do { \ + BIO *trc_out = NULL; \ + if (0) + +# define OSSL_TRACE_END(category) \ + } while(0) + +# define OSSL_TRACE_CANCEL(category) \ + ((void)0) + +# endif + +/* + * OSSL_TRACE_ENABLED() - Check whether tracing is enabled for |category| + * + * Usage: + * + * if (OSSL_TRACE_ENABLED(TLS)) { + * ... + * } + */ +# if !defined OPENSSL_NO_TRACE && !defined FIPS_MODULE + +# define OSSL_TRACE_ENABLED(category) \ + OSSL_trace_enabled(OSSL_TRACE_CATEGORY_##category) + +# else + +# define OSSL_TRACE_ENABLED(category) (0) + +# endif + +/* + * OSSL_TRACE*() - OneShot Trace Macros + * + * These macros are intended to produce a simple printf-style trace output. + * Unfortunately, C90 macros don't support variable arguments, so the + * "vararg" OSSL_TRACEV() macro has a rather weird usage pattern: + * + * OSSL_TRACEV(category, (trc_out, "format string", ...args...)); + * + * Where 'channel' is the literal symbol of this name, not a variable. + * For that reason, it is currently not intended to be used directly, + * but only as helper macro for the other oneshot trace macros + * OSSL_TRACE(), OSSL_TRACE1(), OSSL_TRACE2(), ... + * + * Usage: + * + * OSSL_TRACE(INIT, "Hello world!\n"); + * OSSL_TRACE1(TLS, "The answer is %d\n", 42); + * OSSL_TRACE2(TLS, "The ultimate question to answer %d is '%s'\n", + * 42, "What do you get when you multiply six by nine?"); + */ + +# if !defined OPENSSL_NO_TRACE && !defined FIPS_MODULE + +# define OSSL_TRACEV(category, args) \ + OSSL_TRACE_BEGIN(category) \ + BIO_printf args; \ + OSSL_TRACE_END(category) + +# else + +# define OSSL_TRACEV(category, args) ((void)0) + +# endif + +# define OSSL_TRACE(category, text) \ + OSSL_TRACEV(category, (trc_out, "%s", text)) + +# define OSSL_TRACE1(category, format, arg1) \ + OSSL_TRACEV(category, (trc_out, format, arg1)) +# define OSSL_TRACE2(category, format, arg1, arg2) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2)) +# define OSSL_TRACE3(category, format, arg1, arg2, arg3) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3)) +# define OSSL_TRACE4(category, format, arg1, arg2, arg3, arg4) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4)) +# define OSSL_TRACE5(category, format, arg1, arg2, arg3, arg4, arg5) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5)) +# define OSSL_TRACE6(category, format, arg1, arg2, arg3, arg4, arg5, arg6) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6)) +# define OSSL_TRACE7(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7)) +# define OSSL_TRACE8(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8)) +# define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9)) + +#define OSSL_TRACE_STRING_MAX 80 +int OSSL_trace_string(BIO *out, int text, int full, + const unsigned char *data, size_t size); +#define OSSL_TRACE_STRING(category, text, full, data, len) \ + OSSL_TRACE_BEGIN(category) { \ + OSSL_trace_string(trc_out, text, full, data, len); \ + } OSSL_TRACE_END(category) + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/ts.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/ts.h new file mode 100644 index 000000000000..b09b646dffe1 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/ts.h @@ -0,0 +1,505 @@ +/* + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_TS_H +# define OPENSSL_TS_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_TS_H +# endif + +# include + +# ifndef OPENSSL_NO_TS +# include +# include +# include +# include +# include +# include +# include +# include +# include +# include +# include +# include +# include +# ifndef OPENSSL_NO_STDIO +# include +# endif +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct TS_msg_imprint_st TS_MSG_IMPRINT; +typedef struct TS_req_st TS_REQ; +typedef struct TS_accuracy_st TS_ACCURACY; +typedef struct TS_tst_info_st TS_TST_INFO; + +/* Possible values for status. */ +# define TS_STATUS_GRANTED 0 +# define TS_STATUS_GRANTED_WITH_MODS 1 +# define TS_STATUS_REJECTION 2 +# define TS_STATUS_WAITING 3 +# define TS_STATUS_REVOCATION_WARNING 4 +# define TS_STATUS_REVOCATION_NOTIFICATION 5 + +/* Possible values for failure_info. */ +# define TS_INFO_BAD_ALG 0 +# define TS_INFO_BAD_REQUEST 2 +# define TS_INFO_BAD_DATA_FORMAT 5 +# define TS_INFO_TIME_NOT_AVAILABLE 14 +# define TS_INFO_UNACCEPTED_POLICY 15 +# define TS_INFO_UNACCEPTED_EXTENSION 16 +# define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 +# define TS_INFO_SYSTEM_FAILURE 25 + + +typedef struct TS_status_info_st TS_STATUS_INFO; + +typedef struct TS_resp_st TS_RESP; + +DECLARE_ASN1_ALLOC_FUNCTIONS(TS_REQ) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(TS_REQ, TS_REQ) +DECLARE_ASN1_DUP_FUNCTION(TS_REQ) + +#ifndef OPENSSL_NO_STDIO +TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); +int i2d_TS_REQ_fp(FILE *fp, const TS_REQ *a); +#endif +TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); +int i2d_TS_REQ_bio(BIO *fp, const TS_REQ *a); + +DECLARE_ASN1_ALLOC_FUNCTIONS(TS_MSG_IMPRINT) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(TS_MSG_IMPRINT, TS_MSG_IMPRINT) +DECLARE_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT) + +#ifndef OPENSSL_NO_STDIO +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_fp(FILE *fp, const TS_MSG_IMPRINT *a); +#endif +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_bio(BIO *bio, const TS_MSG_IMPRINT *a); + +DECLARE_ASN1_ALLOC_FUNCTIONS(TS_RESP) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(TS_RESP, TS_RESP) +DECLARE_ASN1_DUP_FUNCTION(TS_RESP) + +#ifndef OPENSSL_NO_STDIO +TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); +int i2d_TS_RESP_fp(FILE *fp, const TS_RESP *a); +#endif +TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a); +int i2d_TS_RESP_bio(BIO *bio, const TS_RESP *a); + +DECLARE_ASN1_ALLOC_FUNCTIONS(TS_STATUS_INFO) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(TS_STATUS_INFO, TS_STATUS_INFO) +DECLARE_ASN1_DUP_FUNCTION(TS_STATUS_INFO) + +DECLARE_ASN1_ALLOC_FUNCTIONS(TS_TST_INFO) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(TS_TST_INFO, TS_TST_INFO) +DECLARE_ASN1_DUP_FUNCTION(TS_TST_INFO) +TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); + +#ifndef OPENSSL_NO_STDIO +TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_fp(FILE *fp, const TS_TST_INFO *a); +#endif +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a); +int i2d_TS_TST_INFO_bio(BIO *bio, const TS_TST_INFO *a); + +DECLARE_ASN1_ALLOC_FUNCTIONS(TS_ACCURACY) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(TS_ACCURACY, TS_ACCURACY) +DECLARE_ASN1_DUP_FUNCTION(TS_ACCURACY) + +int TS_REQ_set_version(TS_REQ *a, long version); +long TS_REQ_get_version(const TS_REQ *a); + +int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i); +const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a); + +const STACK_OF(ASN1_UTF8STRING) * +TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a); + +const ASN1_BIT_STRING * +TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a); + +int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); + +int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg); +X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); + +int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); +ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); + +int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy); +ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); + +int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a); + +int TS_REQ_set_cert_req(TS_REQ *a, int cert_req); +int TS_REQ_get_cert_req(const TS_REQ *a); + +STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); +void TS_REQ_ext_free(TS_REQ *a); +int TS_REQ_get_ext_count(TS_REQ *a); +int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos); +int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); +X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); +X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); +int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc); +void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); + +/* Function declarations for TS_REQ defined in ts/ts_req_print.c */ + +int TS_REQ_print_bio(BIO *bio, TS_REQ *a); + +/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */ + +int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); +TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); + +/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ +void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); +PKCS7 *TS_RESP_get_token(TS_RESP *a); +TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a); + +int TS_TST_INFO_set_version(TS_TST_INFO *a, long version); +long TS_TST_INFO_get_version(const TS_TST_INFO *a); + +int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id); +ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a); + +int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a); + +int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial); +const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a); + +int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime); +const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a); + +int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy); +TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a); + +int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds); +const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a); + +int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis); +const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a); + +int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros); +const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a); + +int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering); +int TS_TST_INFO_get_ordering(const TS_TST_INFO *a); + +int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a); + +int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa); +GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a); + +STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); +void TS_TST_INFO_ext_free(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); +int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, + int lastpos); +int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); +X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); +X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); +int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); +void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); + +/* + * Declarations related to response generation, defined in ts/ts_resp_sign.c. + */ + +/* Optional flags for response generation. */ + +/* Don't include the TSA name in response. */ +# define TS_TSA_NAME 0x01 + +/* Set ordering to true in response. */ +# define TS_ORDERING 0x02 + +/* + * Include the signer certificate and the other specified certificates in + * the ESS signing certificate attribute beside the PKCS7 signed data. + * Only the signer certificates is included by default. + */ +# define TS_ESS_CERT_ID_CHAIN 0x04 + +/* Forward declaration. */ +struct TS_resp_ctx; + +/* This must return a unique number less than 160 bits long. */ +typedef ASN1_INTEGER *(*TS_serial_cb) (struct TS_resp_ctx *, void *); + +/* + * This must return the seconds and microseconds since Jan 1, 1970 in the sec + * and usec variables allocated by the caller. Return non-zero for success + * and zero for failure. + */ +typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec, + long *usec); + +/* + * This must process the given extension. It can modify the TS_TST_INFO + * object of the context. Return values: !0 (processed), 0 (error, it must + * set the status info/failure info of the response). + */ +typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *, + void *); + +typedef struct TS_resp_ctx TS_RESP_CTX; + +/* Creates a response context that can be used for generating responses. */ +TS_RESP_CTX *TS_RESP_CTX_new(void); +TS_RESP_CTX *TS_RESP_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq); +void TS_RESP_CTX_free(TS_RESP_CTX *ctx); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); + +int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, + const EVP_MD *signer_digest); +int TS_RESP_CTX_set_ess_cert_id_digest(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy); + +/* No additional certs are included in the response by default. */ +int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); + +/* + * Adds a new acceptable policy, only the default policy is accepted by + * default. + */ +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy); + +/* + * Adds a new acceptable message digest. Note that no message digests are + * accepted by default. The md argument is shared with the caller. + */ +int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* Accuracy is not included by default. */ +int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, + int secs, int millis, int micros); + +/* + * Clock precision digits, i.e. the number of decimal digits: '0' means sec, + * '3' msec, '6' usec, and so on. Default is 0. + */ +int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, + unsigned clock_precision_digits); +/* At most we accept usec precision. */ +# define TS_MAX_CLOCK_PRECISION_DIGITS 6 + +/* Maximum status message length */ +# define TS_MAX_STATUS_LENGTH (1024 * 1024) + +/* No flags are set by default. */ +void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); + +/* Default callback always returns a constant. */ +void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); + +/* Default callback uses the gettimeofday() and gmtime() system calls. */ +void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); + +/* + * Default callback rejects all extensions. The extension callback is called + * when the TS_TST_INFO object is already set up and not signed yet. + */ +/* FIXME: extension handling is not tested yet. */ +void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, + TS_extension_cb cb, void *data); + +/* The following methods can be used in the callbacks. */ +int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, + int status, const char *text); + +/* Sets the status info only if it is still TS_STATUS_GRANTED. */ +int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, + int status, const char *text); + +int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure); + +/* The get methods below can be used in the extension callback. */ +TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx); + +TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx); + +/* + * Creates the signed TS_TST_INFO and puts it in TS_RESP. + * In case of errors it sets the status info properly. + * Returns NULL only in case of memory allocation/fatal error. + */ +TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio); + +/* + * Declarations related to response verification, + * they are defined in ts/ts_resp_verify.c. + */ + +int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, + X509_STORE *store, X509 **signer_out); + +/* Context structure for the generic verify method. */ + +/* Verify the signer's certificate and the signature of the response. */ +# define TS_VFY_SIGNATURE (1u << 0) +/* Verify the version number of the response. */ +# define TS_VFY_VERSION (1u << 1) +/* Verify if the policy supplied by the user matches the policy of the TSA. */ +# define TS_VFY_POLICY (1u << 2) +/* + * Verify the message imprint provided by the user. This flag should not be + * specified with TS_VFY_DATA. + */ +# define TS_VFY_IMPRINT (1u << 3) +/* + * Verify the message imprint computed by the verify method from the user + * provided data and the MD algorithm of the response. This flag should not + * be specified with TS_VFY_IMPRINT. + */ +# define TS_VFY_DATA (1u << 4) +/* Verify the nonce value. */ +# define TS_VFY_NONCE (1u << 5) +/* Verify if the TSA name field matches the signer certificate. */ +# define TS_VFY_SIGNER (1u << 6) +/* Verify if the TSA name field equals to the user provided name. */ +# define TS_VFY_TSA_NAME (1u << 7) + +/* You can use the following convenience constants. */ +# define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_IMPRINT \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) +# define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_DATA \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) + +typedef struct TS_verify_ctx TS_VERIFY_CTX; + +int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); +int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); + +/* + * Declarations related to response verification context, + */ +TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); +void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); +int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f); +int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f); +BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b); +unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, + unsigned char *hexstr, long len); +X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define TS_VERIFY_CTS_set_certs(ctx, cert) TS_VERIFY_CTX_set_certs(ctx,cert) +# endif +STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs); + +/*- + * If ctx is NULL, it allocates and returns a new object, otherwise + * it returns ctx. It initialises all the members as follows: + * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE) + * certs = NULL + * store = NULL + * policy = policy from the request or NULL if absent (in this case + * TS_VFY_POLICY is cleared from flags as well) + * md_alg = MD algorithm from request + * imprint, imprint_len = imprint from request + * data = NULL + * nonce, nonce_len = nonce from the request or NULL if absent (in this case + * TS_VFY_NONCE is cleared from flags as well) + * tsa_name = NULL + * Important: after calling this method TS_VFY_SIGNATURE should be added! + */ +TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx); + +/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */ + +int TS_RESP_print_bio(BIO *bio, TS_RESP *a); +int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a); +int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a); + +/* Common utility functions defined in ts/ts_lib.c */ + +int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num); +int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj); +int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions); +int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg); +int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); + +/* + * Function declarations for handling configuration options, defined in + * ts/ts_conf.c + */ + +X509 *TS_CONF_load_cert(const char *file); +STACK_OF(X509) *TS_CONF_load_certs(const char *file); +EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); +const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); +int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, + TS_RESP_CTX *ctx); +#ifndef OPENSSL_NO_ENGINE +int TS_CONF_set_crypto_device(CONF *conf, const char *section, + const char *device); +int TS_CONF_set_default_engine(const char *name); +#endif +int TS_CONF_set_signer_cert(CONF *conf, const char *section, + const char *cert, TS_RESP_CTX *ctx); +int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_key(CONF *conf, const char *section, + const char *key, const char *pass, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_digest(CONF *conf, const char *section, + const char *md, TS_RESP_CTX *ctx); +int TS_CONF_set_def_policy(CONF *conf, const char *section, + const char *policy, TS_RESP_CTX *ctx); +int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_clock_precision_digits(const CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section, + TS_RESP_CTX *ctx); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/tserr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/tserr.h new file mode 100644 index 000000000000..e1b943e42dbd --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/tserr.h @@ -0,0 +1,67 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_TSERR_H +# define OPENSSL_TSERR_H +# pragma once + +# include +# include +# include + + +# ifndef OPENSSL_NO_TS + + +/* + * TS reason codes. + */ +# define TS_R_BAD_PKCS7_TYPE 132 +# define TS_R_BAD_TYPE 133 +# define TS_R_CANNOT_LOAD_CERT 137 +# define TS_R_CANNOT_LOAD_KEY 138 +# define TS_R_CERTIFICATE_VERIFY_ERROR 100 +# define TS_R_COULD_NOT_SET_ENGINE 127 +# define TS_R_COULD_NOT_SET_TIME 115 +# define TS_R_DETACHED_CONTENT 134 +# define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 +# define TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR 139 +# define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 +# define TS_R_INVALID_NULL_POINTER 102 +# define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 +# define TS_R_MESSAGE_IMPRINT_MISMATCH 103 +# define TS_R_NONCE_MISMATCH 104 +# define TS_R_NONCE_NOT_RETURNED 105 +# define TS_R_NO_CONTENT 106 +# define TS_R_NO_TIME_STAMP_TOKEN 107 +# define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 +# define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 +# define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 +# define TS_R_POLICY_MISMATCH 108 +# define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 +# define TS_R_RESPONSE_SETUP_ERROR 121 +# define TS_R_SIGNATURE_FAILURE 109 +# define TS_R_THERE_MUST_BE_ONE_SIGNER 110 +# define TS_R_TIME_SYSCALL_ERROR 122 +# define TS_R_TOKEN_NOT_PRESENT 130 +# define TS_R_TOKEN_PRESENT 131 +# define TS_R_TSA_NAME_MISMATCH 111 +# define TS_R_TSA_UNTRUSTED 112 +# define TS_R_TST_INFO_SETUP_ERROR 123 +# define TS_R_TS_DATASIGN 124 +# define TS_R_UNACCEPTABLE_POLICY 125 +# define TS_R_UNSUPPORTED_MD_ALGORITHM 126 +# define TS_R_UNSUPPORTED_VERSION 113 +# define TS_R_VAR_BAD_VALUE 135 +# define TS_R_VAR_LOOKUP_FAILURE 136 +# define TS_R_WRONG_CONTENT_TYPE 114 + +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/txt_db.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/txt_db.h new file mode 100644 index 000000000000..af169a309ebc --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/txt_db.h @@ -0,0 +1,63 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_TXT_DB_H +# define OPENSSL_TXT_DB_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_TXT_DB_H +# endif + +# include +# include +# include +# include + +# define DB_ERROR_OK 0 +# define DB_ERROR_MALLOC 1 +# define DB_ERROR_INDEX_CLASH 2 +# define DB_ERROR_INDEX_OUT_OF_RANGE 3 +# define DB_ERROR_NO_INDEX 4 +# define DB_ERROR_INSERT_INDEX_CLASH 5 +# define DB_ERROR_WRONG_NUM_FIELDS 6 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef OPENSSL_STRING *OPENSSL_PSTRING; +DEFINE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) + +typedef struct txt_db_st { + int num_fields; + STACK_OF(OPENSSL_PSTRING) *data; + LHASH_OF(OPENSSL_STRING) **index; + int (**qual) (OPENSSL_STRING *); + long error; + long arg1; + long arg2; + OPENSSL_STRING *arg_row; +} TXT_DB; + +TXT_DB *TXT_DB_read(BIO *in, int num); +long TXT_DB_write(BIO *out, TXT_DB *db); +int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), + OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp); +void TXT_DB_free(TXT_DB *db); +OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, + OPENSSL_STRING *value); +int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/types.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/types.h new file mode 100644 index 000000000000..c28028681fce --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/types.h @@ -0,0 +1,239 @@ +/* + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Unfortunate workaround to avoid symbol conflict with wincrypt.h + * See https://github.com/openssl/openssl/issues/9981 + */ +#ifdef _WIN32 +# define WINCRYPT_USE_SYMBOL_PREFIX +# undef X509_NAME +# undef X509_EXTENSIONS +# undef PKCS7_SIGNER_INFO +# undef OCSP_REQUEST +# undef OCSP_RESPONSE +#endif + +#ifndef OPENSSL_TYPES_H +# define OPENSSL_TYPES_H + +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# include +# include +# include + +typedef struct ossl_provider_st OSSL_PROVIDER; /* Provider Object */ + +# ifdef NO_ASN1_TYPEDEFS +# define ASN1_INTEGER ASN1_STRING +# define ASN1_ENUMERATED ASN1_STRING +# define ASN1_BIT_STRING ASN1_STRING +# define ASN1_OCTET_STRING ASN1_STRING +# define ASN1_PRINTABLESTRING ASN1_STRING +# define ASN1_T61STRING ASN1_STRING +# define ASN1_IA5STRING ASN1_STRING +# define ASN1_UTCTIME ASN1_STRING +# define ASN1_GENERALIZEDTIME ASN1_STRING +# define ASN1_TIME ASN1_STRING +# define ASN1_GENERALSTRING ASN1_STRING +# define ASN1_UNIVERSALSTRING ASN1_STRING +# define ASN1_BMPSTRING ASN1_STRING +# define ASN1_VISIBLESTRING ASN1_STRING +# define ASN1_UTF8STRING ASN1_STRING +# define ASN1_BOOLEAN int +# define ASN1_NULL int +# else +typedef struct asn1_string_st ASN1_INTEGER; +typedef struct asn1_string_st ASN1_ENUMERATED; +typedef struct asn1_string_st ASN1_BIT_STRING; +typedef struct asn1_string_st ASN1_OCTET_STRING; +typedef struct asn1_string_st ASN1_PRINTABLESTRING; +typedef struct asn1_string_st ASN1_T61STRING; +typedef struct asn1_string_st ASN1_IA5STRING; +typedef struct asn1_string_st ASN1_GENERALSTRING; +typedef struct asn1_string_st ASN1_UNIVERSALSTRING; +typedef struct asn1_string_st ASN1_BMPSTRING; +typedef struct asn1_string_st ASN1_UTCTIME; +typedef struct asn1_string_st ASN1_TIME; +typedef struct asn1_string_st ASN1_GENERALIZEDTIME; +typedef struct asn1_string_st ASN1_VISIBLESTRING; +typedef struct asn1_string_st ASN1_UTF8STRING; +typedef struct asn1_string_st ASN1_STRING; +typedef int ASN1_BOOLEAN; +typedef int ASN1_NULL; +# endif + +typedef struct asn1_type_st ASN1_TYPE; +typedef struct asn1_object_st ASN1_OBJECT; +typedef struct asn1_string_table_st ASN1_STRING_TABLE; + +typedef struct ASN1_ITEM_st ASN1_ITEM; +typedef struct asn1_pctx_st ASN1_PCTX; +typedef struct asn1_sctx_st ASN1_SCTX; + +# ifdef BIGNUM +# undef BIGNUM +# endif + +typedef struct bio_st BIO; +typedef struct bignum_st BIGNUM; +typedef struct bignum_ctx BN_CTX; +typedef struct bn_blinding_st BN_BLINDING; +typedef struct bn_mont_ctx_st BN_MONT_CTX; +typedef struct bn_recp_ctx_st BN_RECP_CTX; +typedef struct bn_gencb_st BN_GENCB; + +typedef struct buf_mem_st BUF_MEM; + +STACK_OF(BIGNUM); +STACK_OF(BIGNUM_const); + +typedef struct err_state_st ERR_STATE; + +typedef struct evp_cipher_st EVP_CIPHER; +typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; +typedef struct evp_md_st EVP_MD; +typedef struct evp_md_ctx_st EVP_MD_CTX; +typedef struct evp_mac_st EVP_MAC; +typedef struct evp_mac_ctx_st EVP_MAC_CTX; +typedef struct evp_pkey_st EVP_PKEY; + +typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; + +typedef struct evp_pkey_method_st EVP_PKEY_METHOD; +typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; + +typedef struct evp_keymgmt_st EVP_KEYMGMT; + +typedef struct evp_kdf_st EVP_KDF; +typedef struct evp_kdf_ctx_st EVP_KDF_CTX; + +typedef struct evp_rand_st EVP_RAND; +typedef struct evp_rand_ctx_st EVP_RAND_CTX; + +typedef struct evp_keyexch_st EVP_KEYEXCH; + +typedef struct evp_signature_st EVP_SIGNATURE; + +typedef struct evp_asym_cipher_st EVP_ASYM_CIPHER; + +typedef struct evp_kem_st EVP_KEM; + +typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; + +typedef struct hmac_ctx_st HMAC_CTX; + +typedef struct dh_st DH; +typedef struct dh_method DH_METHOD; + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +typedef struct dsa_st DSA; +typedef struct dsa_method DSA_METHOD; +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +typedef struct rsa_st RSA; +typedef struct rsa_meth_st RSA_METHOD; +# endif +typedef struct rsa_pss_params_st RSA_PSS_PARAMS; + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +typedef struct ec_key_st EC_KEY; +typedef struct ec_key_method_st EC_KEY_METHOD; +# endif + +typedef struct rand_meth_st RAND_METHOD; +typedef struct rand_drbg_st RAND_DRBG; + +typedef struct ssl_dane_st SSL_DANE; +typedef struct x509_st X509; +typedef struct X509_algor_st X509_ALGOR; +typedef struct X509_crl_st X509_CRL; +typedef struct x509_crl_method_st X509_CRL_METHOD; +typedef struct x509_revoked_st X509_REVOKED; +typedef struct X509_name_st X509_NAME; +typedef struct X509_pubkey_st X509_PUBKEY; +typedef struct x509_store_st X509_STORE; +typedef struct x509_store_ctx_st X509_STORE_CTX; + +typedef struct x509_object_st X509_OBJECT; +typedef struct x509_lookup_st X509_LOOKUP; +typedef struct x509_lookup_method_st X509_LOOKUP_METHOD; +typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; + +typedef struct x509_sig_info_st X509_SIG_INFO; + +typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; + +typedef struct v3_ext_ctx X509V3_CTX; +typedef struct conf_st CONF; +typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS; + +typedef struct ui_st UI; +typedef struct ui_method_st UI_METHOD; + +typedef struct engine_st ENGINE; +typedef struct ssl_st SSL; +typedef struct ssl_ctx_st SSL_CTX; + +typedef struct comp_ctx_st COMP_CTX; +typedef struct comp_method_st COMP_METHOD; + +typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; +typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL; +typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; +typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE; + +typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID; +typedef struct DIST_POINT_st DIST_POINT; +typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; +typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; + +typedef struct crypto_ex_data_st CRYPTO_EX_DATA; + +typedef struct ossl_http_req_ctx_st OSSL_HTTP_REQ_CTX; +typedef struct ocsp_response_st OCSP_RESPONSE; +typedef struct ocsp_responder_id_st OCSP_RESPID; + +typedef struct sct_st SCT; +typedef struct sct_ctx_st SCT_CTX; +typedef struct ctlog_st CTLOG; +typedef struct ctlog_store_st CTLOG_STORE; +typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX; + +typedef struct ossl_store_info_st OSSL_STORE_INFO; +typedef struct ossl_store_search_st OSSL_STORE_SEARCH; + +typedef struct ossl_lib_ctx_st OSSL_LIB_CTX; + +typedef struct ossl_dispatch_st OSSL_DISPATCH; +typedef struct ossl_item_st OSSL_ITEM; +typedef struct ossl_algorithm_st OSSL_ALGORITHM; +typedef struct ossl_param_st OSSL_PARAM; +typedef struct ossl_param_bld_st OSSL_PARAM_BLD; + +typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata); + +typedef struct ossl_encoder_st OSSL_ENCODER; +typedef struct ossl_encoder_ctx_st OSSL_ENCODER_CTX; +typedef struct ossl_decoder_st OSSL_DECODER; +typedef struct ossl_decoder_ctx_st OSSL_DECODER_CTX; + +typedef struct ossl_self_test_st OSSL_SELF_TEST; + +#ifdef __cplusplus +} +#endif + +#endif /* OPENSSL_TYPES_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/uierr.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/uierr.h new file mode 100644 index 000000000000..473b04ed1138 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/uierr.h @@ -0,0 +1,38 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_UIERR_H +# define OPENSSL_UIERR_H +# pragma once + +# include +# include +# include + + + +/* + * UI reason codes. + */ +# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104 +# define UI_R_INDEX_TOO_LARGE 102 +# define UI_R_INDEX_TOO_SMALL 103 +# define UI_R_NO_RESULT_BUFFER 105 +# define UI_R_PROCESSING_ERROR 107 +# define UI_R_RESULT_TOO_LARGE 100 +# define UI_R_RESULT_TOO_SMALL 101 +# define UI_R_SYSASSIGN_ERROR 109 +# define UI_R_SYSDASSGN_ERROR 110 +# define UI_R_SYSQIOW_ERROR 111 +# define UI_R_UNKNOWN_CONTROL_COMMAND 106 +# define UI_R_UNKNOWN_TTYGET_ERRNO_VALUE 108 +# define UI_R_USER_DATA_DUPLICATION_UNSUPPORTED 112 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/whrlpool.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/whrlpool.h new file mode 100644 index 000000000000..05ba46324626 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/whrlpool.h @@ -0,0 +1,62 @@ +/* + * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_WHRLPOOL_H +# define OPENSSL_WHRLPOOL_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_WHRLPOOL_H +# endif + +# include + +# ifndef OPENSSL_NO_WHIRLPOOL +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define WHIRLPOOL_DIGEST_LENGTH (512/8) + +# if !defined(OPENSSL_NO_DEPRECATED_3_0) + +# define WHIRLPOOL_BBLOCK 512 +# define WHIRLPOOL_COUNTER (256/8) + +typedef struct { + union { + unsigned char c[WHIRLPOOL_DIGEST_LENGTH]; + /* double q is here to ensure 64-bit alignment */ + double q[WHIRLPOOL_DIGEST_LENGTH / sizeof(double)]; + } H; + unsigned char data[WHIRLPOOL_BBLOCK / 8]; + unsigned int bitoff; + size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)]; +} WHIRLPOOL_CTX; +# endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int WHIRLPOOL_Init(WHIRLPOOL_CTX *c); +OSSL_DEPRECATEDIN_3_0 int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, + const void *inp, size_t bytes); +OSSL_DEPRECATEDIN_3_0 void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, + const void *inp, size_t bits); +OSSL_DEPRECATEDIN_3_0 int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c); +OSSL_DEPRECATEDIN_3_0 unsigned char *WHIRLPOOL(const void *inp, size_t bytes, + unsigned char *md); +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/x509_vfy.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/x509_vfy.h index d3dfff8c0d97..f84c3554425e 100644 --- a/contrib/openssl-cmake/linux_x86_64/include/openssl/x509_vfy.h +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/x509_vfy.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/x509_vfy.h.in * - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -497,6 +497,7 @@ int X509_STORE_lock(X509_STORE *xs); int X509_STORE_unlock(X509_STORE *xs); int X509_STORE_up_ref(X509_STORE *xs); STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs); +STACK_OF(X509_OBJECT) *X509_STORE_get1_objects(X509_STORE *xs); STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs); STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs, const X509_NAME *nm); diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/x509err.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/x509err.h new file mode 100644 index 000000000000..71b557a3e6b3 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/x509err.h @@ -0,0 +1,69 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_X509ERR_H +# define OPENSSL_X509ERR_H +# pragma once + +# include +# include +# include + + + +/* + * X509 reason codes. + */ +# define X509_R_AKID_MISMATCH 110 +# define X509_R_BAD_SELECTOR 133 +# define X509_R_BAD_X509_FILETYPE 100 +# define X509_R_BASE64_DECODE_ERROR 118 +# define X509_R_CANT_CHECK_DH_KEY 114 +# define X509_R_CERTIFICATE_VERIFICATION_FAILED 139 +# define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +# define X509_R_CRL_ALREADY_DELTA 127 +# define X509_R_CRL_VERIFY_FAILURE 131 +# define X509_R_DUPLICATE_ATTRIBUTE 140 +# define X509_R_ERROR_GETTING_MD_BY_NID 141 +# define X509_R_ERROR_USING_SIGINF_SET 142 +# define X509_R_IDP_MISMATCH 128 +# define X509_R_INVALID_ATTRIBUTES 138 +# define X509_R_INVALID_DIRECTORY 113 +# define X509_R_INVALID_DISTPOINT 143 +# define X509_R_INVALID_FIELD_NAME 119 +# define X509_R_INVALID_TRUST 123 +# define X509_R_ISSUER_MISMATCH 129 +# define X509_R_KEY_TYPE_MISMATCH 115 +# define X509_R_KEY_VALUES_MISMATCH 116 +# define X509_R_LOADING_CERT_DIR 103 +# define X509_R_LOADING_DEFAULTS 104 +# define X509_R_METHOD_NOT_SUPPORTED 124 +# define X509_R_NAME_TOO_LONG 134 +# define X509_R_NEWER_CRL_NOT_NEWER 132 +# define X509_R_NO_CERTIFICATE_FOUND 135 +# define X509_R_NO_CERTIFICATE_OR_CRL_FOUND 136 +# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 +# define X509_R_NO_CRL_FOUND 137 +# define X509_R_NO_CRL_NUMBER 130 +# define X509_R_PUBLIC_KEY_DECODE_ERROR 125 +# define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 +# define X509_R_SHOULD_RETRY 106 +# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 +# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 +# define X509_R_UNKNOWN_KEY_TYPE 117 +# define X509_R_UNKNOWN_NID 109 +# define X509_R_UNKNOWN_PURPOSE_ID 121 +# define X509_R_UNKNOWN_SIGID_ALGS 144 +# define X509_R_UNKNOWN_TRUST_ID 120 +# define X509_R_UNSUPPORTED_ALGORITHM 111 +# define X509_R_WRONG_LOOKUP_TYPE 112 +# define X509_R_WRONG_TYPE 122 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include/openssl/x509v3err.h b/contrib/openssl-cmake/linux_x86_64/include/openssl/x509v3err.h new file mode 100644 index 000000000000..deede2795285 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include/openssl/x509v3err.h @@ -0,0 +1,96 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_X509V3ERR_H +# define OPENSSL_X509V3ERR_H +# pragma once + +# include +# include +# include + + + +/* + * X509V3 reason codes. + */ +# define X509V3_R_BAD_IP_ADDRESS 118 +# define X509V3_R_BAD_OBJECT 119 +# define X509V3_R_BAD_OPTION 170 +# define X509V3_R_BAD_VALUE 171 +# define X509V3_R_BN_DEC2BN_ERROR 100 +# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 +# define X509V3_R_DIRNAME_ERROR 149 +# define X509V3_R_DISTPOINT_ALREADY_SET 160 +# define X509V3_R_DUPLICATE_ZONE_ID 133 +# define X509V3_R_EMPTY_KEY_USAGE 169 +# define X509V3_R_ERROR_CONVERTING_ZONE 131 +# define X509V3_R_ERROR_CREATING_EXTENSION 144 +# define X509V3_R_ERROR_IN_EXTENSION 128 +# define X509V3_R_EXPECTED_A_SECTION_NAME 137 +# define X509V3_R_EXTENSION_EXISTS 145 +# define X509V3_R_EXTENSION_NAME_ERROR 115 +# define X509V3_R_EXTENSION_NOT_FOUND 102 +# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 +# define X509V3_R_EXTENSION_VALUE_ERROR 116 +# define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 +# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 +# define X509V3_R_INVALID_ASNUMBER 162 +# define X509V3_R_INVALID_ASRANGE 163 +# define X509V3_R_INVALID_BOOLEAN_STRING 104 +# define X509V3_R_INVALID_CERTIFICATE 158 +# define X509V3_R_INVALID_EMPTY_NAME 108 +# define X509V3_R_INVALID_EXTENSION_STRING 105 +# define X509V3_R_INVALID_INHERITANCE 165 +# define X509V3_R_INVALID_IPADDRESS 166 +# define X509V3_R_INVALID_MULTIPLE_RDNS 161 +# define X509V3_R_INVALID_NAME 106 +# define X509V3_R_INVALID_NULL_ARGUMENT 107 +# define X509V3_R_INVALID_NULL_VALUE 109 +# define X509V3_R_INVALID_NUMBER 140 +# define X509V3_R_INVALID_NUMBERS 141 +# define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 +# define X509V3_R_INVALID_OPTION 138 +# define X509V3_R_INVALID_POLICY_IDENTIFIER 134 +# define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 +# define X509V3_R_INVALID_PURPOSE 146 +# define X509V3_R_INVALID_SAFI 164 +# define X509V3_R_INVALID_SECTION 135 +# define X509V3_R_INVALID_SYNTAX 143 +# define X509V3_R_ISSUER_DECODE_ERROR 126 +# define X509V3_R_MISSING_VALUE 124 +# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 +# define X509V3_R_NEGATIVE_PATHLEN 168 +# define X509V3_R_NO_CONFIG_DATABASE 136 +# define X509V3_R_NO_ISSUER_CERTIFICATE 121 +# define X509V3_R_NO_ISSUER_DETAILS 127 +# define X509V3_R_NO_POLICY_IDENTIFIER 139 +# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 +# define X509V3_R_NO_PUBLIC_KEY 114 +# define X509V3_R_NO_SUBJECT_DETAILS 125 +# define X509V3_R_OPERATION_NOT_DEFINED 148 +# define X509V3_R_OTHERNAME_ERROR 147 +# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 +# define X509V3_R_POLICY_PATH_LENGTH 156 +# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 +# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 +# define X509V3_R_SECTION_NOT_FOUND 150 +# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 +# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 +# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 +# define X509V3_R_UNKNOWN_EXTENSION 129 +# define X509V3_R_UNKNOWN_EXTENSION_NAME 130 +# define X509V3_R_UNKNOWN_OPTION 120 +# define X509V3_R_UNKNOWN_VALUE 172 +# define X509V3_R_UNSUPPORTED_OPTION 117 +# define X509V3_R_UNSUPPORTED_TYPE 167 +# define X509V3_R_USER_TOO_LONG 132 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/aes_platform.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/aes_platform.h new file mode 100644 index 000000000000..65fd694a60fe --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/aes_platform.h @@ -0,0 +1,590 @@ +/* + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_AES_PLATFORM_H +# define OSSL_AES_PLATFORM_H +# pragma once + +# include + +# ifdef VPAES_ASM +int vpaes_set_encrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); +int vpaes_set_decrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); +void vpaes_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void vpaes_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void vpaes_cbc_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const AES_KEY *key, unsigned char *ivec, int enc); +# endif /* VPAES_ASM */ + +# ifdef BSAES_ASM +void ossl_bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char ivec[16], int enc); +void ossl_bsaes_ctr32_encrypt_blocks(const unsigned char *in, + unsigned char *out, size_t len, + const AES_KEY *key, + const unsigned char ivec[16]); +void ossl_bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out, + size_t len, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char iv[16]); +void ossl_bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out, + size_t len, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char iv[16]); +# endif /* BSAES_ASM */ + +# ifdef AES_CTR_ASM +void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key, + const unsigned char ivec[AES_BLOCK_SIZE]); +# endif /* AES_CTR_ASM */ + +# ifdef AES_XTS_ASM +void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len, + const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); +void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, + const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); +# endif /* AES_XTS_ASM */ + +# if defined(OPENSSL_CPUID_OBJ) +# if (defined(__powerpc__) || defined(__POWERPC__) || defined(_ARCH_PPC)) +# include "crypto/ppc_arch.h" +# ifdef VPAES_ASM +# define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC) +# endif +# if !defined(OPENSSL_SYS_MACOSX) +# define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207) +# define HWAES_set_encrypt_key aes_p8_set_encrypt_key +# define HWAES_set_decrypt_key aes_p8_set_decrypt_key +# define HWAES_encrypt aes_p8_encrypt +# define HWAES_decrypt aes_p8_decrypt +# define HWAES_cbc_encrypt aes_p8_cbc_encrypt +# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks +# define HWAES_xts_encrypt aes_p8_xts_encrypt +# define HWAES_xts_decrypt aes_p8_xts_decrypt +# endif /* OPENSSL_SYS_MACOSX */ +# if !defined(OPENSSL_SYS_AIX) && !defined(OPENSSL_SYS_MACOSX) +# define PPC_AES_GCM_CAPABLE (OPENSSL_ppccap_P & PPC_MADD300) +# define AES_GCM_ENC_BYTES 128 +# define AES_GCM_DEC_BYTES 128 +size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, unsigned char ivec[16], + u64 *Xi); +size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, unsigned char ivec[16], + u64 *Xi); +# define AES_GCM_ASM_PPC(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \ + (gctx)->gcm.funcs.ghash==gcm_ghash_p8) +void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); +# endif /* OPENSSL_SYS_AIX || OPENSSL_SYS_MACOSX */ +# endif /* PPC */ + +# if (defined(__arm__) || defined(__arm) || defined(__aarch64__) || defined(_M_ARM64)) +# include "arm_arch.h" +# if __ARM_MAX_ARCH__>=7 +# if defined(BSAES_ASM) +# define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) +# endif +# if defined(VPAES_ASM) +# define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) +# endif +# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) +# define HWAES_set_encrypt_key aes_v8_set_encrypt_key +# define HWAES_set_decrypt_key aes_v8_set_decrypt_key +# define HWAES_encrypt aes_v8_encrypt +# define HWAES_decrypt aes_v8_decrypt +# define HWAES_cbc_encrypt aes_v8_cbc_encrypt +# define HWAES_ecb_encrypt aes_v8_ecb_encrypt +# if __ARM_MAX_ARCH__>=8 && (defined(__aarch64__) || defined(_M_ARM64)) +# define ARMv8_HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) +# define HWAES_xts_encrypt aes_v8_xts_encrypt +# define HWAES_xts_decrypt aes_v8_xts_decrypt +# endif +# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks +# define HWAES_ctr32_encrypt_blocks_unroll12_eor3 aes_v8_ctr32_encrypt_blocks_unroll12_eor3 +# define AES_PMULL_CAPABLE ((OPENSSL_armcap_P & ARMV8_PMULL) && (OPENSSL_armcap_P & ARMV8_AES)) +# define AES_UNROLL12_EOR3_CAPABLE (OPENSSL_armcap_P & ARMV8_UNROLL12_EOR3) +# define AES_GCM_ENC_BYTES 512 +# define AES_GCM_DEC_BYTES 512 +# if __ARM_MAX_ARCH__>=8 && (defined(__aarch64__) || defined(_M_ARM64)) +# define AES_gcm_encrypt armv8_aes_gcm_encrypt +# define AES_gcm_decrypt armv8_aes_gcm_decrypt +# define AES_GCM_ASM(gctx) (((gctx)->ctr==aes_v8_ctr32_encrypt_blocks_unroll12_eor3 || \ + (gctx)->ctr==aes_v8_ctr32_encrypt_blocks) && \ + (gctx)->gcm.funcs.ghash==gcm_ghash_v8) +/* The [unroll8_eor3_]aes_gcm_(enc|dec)_(128|192|256)_kernel() functions + * take input length in BITS and return number of BYTES processed */ +size_t aes_gcm_enc_128_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t aes_gcm_enc_192_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t aes_gcm_enc_256_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t aes_gcm_dec_128_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t aes_gcm_dec_192_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t aes_gcm_dec_256_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t unroll8_eor3_aes_gcm_enc_128_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t unroll8_eor3_aes_gcm_enc_192_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t unroll8_eor3_aes_gcm_enc_256_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t unroll8_eor3_aes_gcm_dec_128_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t unroll8_eor3_aes_gcm_dec_192_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t unroll8_eor3_aes_gcm_dec_256_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, + uint64_t *Xi, unsigned char ivec[16], const void *key); +size_t armv8_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, + unsigned char ivec[16], u64 *Xi); +size_t armv8_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, + unsigned char ivec[16], u64 *Xi); +void gcm_ghash_v8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); +# endif +# endif +# endif +# endif /* OPENSSL_CPUID_OBJ */ + +# if defined(AES_ASM) && ( \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) ) +# define AES_CBC_HMAC_SHA_CAPABLE 1 +# define AESNI_CBC_HMAC_SHA_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) +# endif + +# if defined(__loongarch__) || defined(__loongarch64) +# include "loongarch_arch.h" +# if defined(VPAES_ASM) +# define VPAES_CAPABLE (OPENSSL_loongarch_hwcap_P & LOONGARCH_HWCAP_LSX) +# endif +# endif + +# if defined(AES_ASM) && !defined(I386_ONLY) && ( \ + ((defined(__i386) || defined(__i386__) || \ + defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) ) + +/* AES-NI section */ + +# define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) +# ifdef VPAES_ASM +# define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) +# endif +# ifdef BSAES_ASM +# define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) +# endif + +# define AES_GCM_ENC_BYTES 32 +# define AES_GCM_DEC_BYTES 16 + +int aesni_set_encrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); +int aesni_set_decrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); + +void aesni_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void aesni_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); + +void aesni_ecb_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, const AES_KEY *key, int enc); +void aesni_cbc_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const AES_KEY *key, unsigned char *ivec, int enc); +# ifndef OPENSSL_NO_OCB +void aesni_ocb_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); +void aesni_ocb_decrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); +# endif /* OPENSSL_NO_OCB */ + +void aesni_ctr32_encrypt_blocks(const unsigned char *in, + unsigned char *out, + size_t blocks, + const void *key, const unsigned char *ivec); + +void aesni_xts_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); + +void aesni_xts_decrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); + +void aesni_ccm64_encrypt_blocks(const unsigned char *in, + unsigned char *out, + size_t blocks, + const void *key, + const unsigned char ivec[16], + unsigned char cmac[16]); + +void aesni_ccm64_decrypt_blocks(const unsigned char *in, + unsigned char *out, + size_t blocks, + const void *key, + const unsigned char ivec[16], + unsigned char cmac[16]); + +# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) +size_t aesni_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], u64 *Xi); +size_t aesni_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], u64 *Xi); +void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in, size_t len); + +# define AES_gcm_encrypt aesni_gcm_encrypt +# define AES_gcm_decrypt aesni_gcm_decrypt +# define AES_GCM_ASM(ctx) (ctx->ctr == aesni_ctr32_encrypt_blocks && \ + ctx->gcm.funcs.ghash == gcm_ghash_avx) +# endif + + +# elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) + +/* Fujitsu SPARC64 X support */ +# include "crypto/sparc_arch.h" + +# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES) +# define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX) +# define HWAES_set_encrypt_key aes_fx_set_encrypt_key +# define HWAES_set_decrypt_key aes_fx_set_decrypt_key +# define HWAES_encrypt aes_fx_encrypt +# define HWAES_decrypt aes_fx_decrypt +# define HWAES_cbc_encrypt aes_fx_cbc_encrypt +# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks + +void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks); +void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks); +void aes_t4_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void aes_t4_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +/* + * Key-length specific subroutines were chosen for following reason. + * Each SPARC T4 core can execute up to 8 threads which share core's + * resources. Loading as much key material to registers allows to + * minimize references to shared memory interface, as well as amount + * of instructions in inner loops [much needed on T4]. But then having + * non-key-length specific routines would require conditional branches + * either in inner loops or on subroutines' entries. Former is hardly + * acceptable, while latter means code size increase to size occupied + * by multiple key-length specific subroutines, so why fight? + */ +void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + unsigned char *ivec, int /*unused*/); +void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + unsigned char *ivec, int /*unused*/); +void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + unsigned char *ivec, int /*unused*/); +void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + unsigned char *ivec, int /*unused*/); +void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + unsigned char *ivec, int /*unused*/); +void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + unsigned char *ivec, int /*unused*/); +void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key, + unsigned char *ivec); +void aes192_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key, + unsigned char *ivec); +void aes256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key, + unsigned char *ivec); +void aes128_t4_xts_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char *ivec); +void aes128_t4_xts_decrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char *ivec); +void aes256_t4_xts_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char *ivec); +void aes256_t4_xts_decrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char *ivec); + +# elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__) +/* IBM S390X support */ +# include "s390x_arch.h" + + +/* Convert key size to function code: [16,24,32] -> [18,19,20]. */ +# define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6)) + +/* Most modes of operation need km for partial block processing. */ +# define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ + S390X_CAPBIT(S390X_AES_128)) +# define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ + S390X_CAPBIT(S390X_AES_192)) +# define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ + S390X_CAPBIT(S390X_AES_256)) + +# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */ +# define S390X_aes_192_cbc_CAPABLE 1 +# define S390X_aes_256_cbc_CAPABLE 1 + +# define S390X_aes_128_ecb_CAPABLE S390X_aes_128_CAPABLE +# define S390X_aes_192_ecb_CAPABLE S390X_aes_192_CAPABLE +# define S390X_aes_256_ecb_CAPABLE S390X_aes_256_CAPABLE + +# define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE && \ + (OPENSSL_s390xcap_P.kmo[0] & \ + S390X_CAPBIT(S390X_AES_128))) +# define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE && \ + (OPENSSL_s390xcap_P.kmo[0] & \ + S390X_CAPBIT(S390X_AES_192))) +# define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE && \ + (OPENSSL_s390xcap_P.kmo[0] & \ + S390X_CAPBIT(S390X_AES_256))) + +# define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE && \ + (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_128))) +# define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE && \ + (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_192))) +# define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE && \ + (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_256))) +# define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_128)) +# define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_192)) +# define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_256)) +# define S390X_aes_128_cfb1_CAPABLE 0 +# define S390X_aes_192_cfb1_CAPABLE 0 +# define S390X_aes_256_cfb1_CAPABLE 0 + +# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */ +# define S390X_aes_192_ctr_CAPABLE 1 +# define S390X_aes_256_ctr_CAPABLE 1 + +# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */ +# define S390X_aes_256_xts_CAPABLE 1 + +# define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE && \ + (OPENSSL_s390xcap_P.kma[0] & \ + S390X_CAPBIT(S390X_AES_128))) +# define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE && \ + (OPENSSL_s390xcap_P.kma[0] & \ + S390X_CAPBIT(S390X_AES_192))) +# define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE && \ + (OPENSSL_s390xcap_P.kma[0] & \ + S390X_CAPBIT(S390X_AES_256))) + +# define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE && \ + (OPENSSL_s390xcap_P.kmac[0] & \ + S390X_CAPBIT(S390X_AES_128))) +# define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE && \ + (OPENSSL_s390xcap_P.kmac[0] & \ + S390X_CAPBIT(S390X_AES_192))) +# define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE && \ + (OPENSSL_s390xcap_P.kmac[0] & \ + S390X_CAPBIT(S390X_AES_256))) +# define S390X_CCM_AAD_FLAG 0x40 + +# ifndef OPENSSL_NO_OCB +# define S390X_aes_128_ocb_CAPABLE 0 +# define S390X_aes_192_ocb_CAPABLE 0 +# define S390X_aes_256_ocb_CAPABLE 0 +# endif /* OPENSSL_NO_OCB */ + +# ifndef OPENSSL_NO_SIV +# define S390X_aes_128_siv_CAPABLE 0 +# define S390X_aes_192_siv_CAPABLE 0 +# define S390X_aes_256_siv_CAPABLE 0 +# endif /* OPENSSL_NO_SIV */ + +/* Convert key size to function code: [16,24,32] -> [18,19,20]. */ +# define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6)) +# elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64 +/* RISC-V 64 support */ +# include "riscv_arch.h" + +/* Zkne and Zknd extensions (scalar crypto AES). */ +int rv64i_zkne_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int rv64i_zknd_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +void rv64i_zkne_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void rv64i_zknd_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +/* Zvkned extension (vector crypto AES). */ +int rv64i_zvkned_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int rv64i_zvkned_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +void rv64i_zvkned_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void rv64i_zvkned_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); + +void rv64i_zvkned_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); + +void rv64i_zvkned_cbc_decrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); + +void rv64i_zvkned_ecb_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + const int enc); + +void rv64i_zvkned_ecb_decrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + const int enc); + +void rv64i_zvkb_zvkned_ctr32_encrypt_blocks(const unsigned char *in, + unsigned char *out, size_t blocks, + const void *key, + const unsigned char ivec[16]); + +size_t rv64i_zvkb_zvkg_zvkned_aes_gcm_encrypt(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], u64 *Xi); + +size_t rv64i_zvkb_zvkg_zvkned_aes_gcm_decrypt(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], u64 *Xi); + +void rv64i_zvbb_zvkg_zvkned_aes_xts_encrypt(const unsigned char *in, + unsigned char *out, size_t length, + const AES_KEY *key1, + const AES_KEY *key2, + const unsigned char iv[16]); + +void rv64i_zvbb_zvkg_zvkned_aes_xts_decrypt(const unsigned char *in, + unsigned char *out, size_t length, + const AES_KEY *key1, + const AES_KEY *key2, + const unsigned char iv[16]); + +void gcm_ghash_rv64i_zvkg(u64 Xi[2], const u128 Htable[16], const u8 *inp, + size_t len); + +#define AES_GCM_ENC_BYTES 64 +#define AES_GCM_DEC_BYTES 64 +#define AES_gcm_encrypt rv64i_zvkb_zvkg_zvkned_aes_gcm_encrypt +#define AES_gcm_decrypt rv64i_zvkb_zvkg_zvkned_aes_gcm_decrypt +#define AES_GCM_ASM(ctx) \ + (ctx->ctr == rv64i_zvkb_zvkned_ctr32_encrypt_blocks && \ + ctx->gcm.funcs.ghash == gcm_ghash_rv64i_zvkg) + +# elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32 +/* RISC-V 32 support */ +# include "riscv_arch.h" + +int rv32i_zkne_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +/* set_decrypt_key needs both zknd and zkne */ +int rv32i_zknd_zkne_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int rv32i_zbkb_zkne_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int rv32i_zbkb_zknd_zkne_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +void rv32i_zkne_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void rv32i_zknd_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +# endif + +# if defined(HWAES_CAPABLE) +int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +void HWAES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void HWAES_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +void HWAES_ecb_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + const int enc); +void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + const unsigned char ivec[16]); +# if defined(AES_UNROLL12_EOR3_CAPABLE) +void HWAES_ctr32_encrypt_blocks_unroll12_eor3(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + const unsigned char ivec[16]); +# endif +void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out, + size_t len, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char iv[16]); +void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out, + size_t len, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char iv[16]); +# ifndef OPENSSL_NO_OCB +# ifdef HWAES_ocb_encrypt +void HWAES_ocb_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); +# else +# define HWAES_ocb_encrypt ((ocb128_f)NULL) +# endif +# ifdef HWAES_ocb_decrypt +void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); +# else +# define HWAES_ocb_decrypt ((ocb128_f)NULL) +# endif +# endif /* OPENSSL_NO_OCB */ + +# endif /* HWAES_CAPABLE */ + +#endif /* OSSL_AES_PLATFORM_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/aria.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/aria.h new file mode 100644 index 000000000000..21a9932e847c --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/aria.h @@ -0,0 +1,51 @@ +/* + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + /* Copyright (c) 2017 National Security Research Institute. All rights reserved. */ + +#ifndef OSSL_CRYPTO_ARIA_H +# define OSSL_CRYPTO_ARIA_H +# pragma once + +# include + +# ifdef OPENSSL_NO_ARIA +# error ARIA is disabled. +# endif + +# define ARIA_ENCRYPT 1 +# define ARIA_DECRYPT 0 + +# define ARIA_BLOCK_SIZE 16 /* Size of each encryption/decryption block */ +# define ARIA_MAX_KEYS 17 /* Number of keys needed in the worst case */ + +typedef union { + unsigned char c[ARIA_BLOCK_SIZE]; + unsigned int u[ARIA_BLOCK_SIZE / sizeof(unsigned int)]; +} ARIA_u128; + +typedef unsigned char ARIA_c128[ARIA_BLOCK_SIZE]; + +struct aria_key_st { + ARIA_u128 rd_key[ARIA_MAX_KEYS]; + unsigned int rounds; +}; +typedef struct aria_key_st ARIA_KEY; + + +int ossl_aria_set_encrypt_key(const unsigned char *userKey, const int bits, + ARIA_KEY *key); +int ossl_aria_set_decrypt_key(const unsigned char *userKey, const int bits, + ARIA_KEY *key); + +void ossl_aria_encrypt(const unsigned char *in, unsigned char *out, + const ARIA_KEY *key); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/asn1.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/asn1.h new file mode 100644 index 000000000000..36af1d768929 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/asn1.h @@ -0,0 +1,153 @@ +/* + * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_ASN1_H +# define OSSL_CRYPTO_ASN1_H +# pragma once + +# include +# include /* OSSL_FUNC_keymgmt_import() */ + +/* Internal ASN1 structures and functions: not for application use */ + +/* ASN1 public key method structure */ + +#include + +struct evp_pkey_asn1_method_st { + int pkey_id; + int pkey_base_id; + unsigned long pkey_flags; + char *pem_str; + char *info; + int (*pub_decode) (EVP_PKEY *pk, const X509_PUBKEY *pub); + int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); + int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); + int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); + int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); + int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); + int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); + int (*pkey_size) (const EVP_PKEY *pk); + int (*pkey_bits) (const EVP_PKEY *pk); + int (*pkey_security_bits) (const EVP_PKEY *pk); + int (*param_decode) (EVP_PKEY *pkey, + const unsigned char **pder, int derlen); + int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder); + int (*param_missing) (const EVP_PKEY *pk); + int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from); + int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); + int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); + int (*sig_print) (BIO *out, + const X509_ALGOR *sigalg, const ASN1_STRING *sig, + int indent, ASN1_PCTX *pctx); + void (*pkey_free) (EVP_PKEY *pkey); + int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2); + /* Legacy functions for old PEM */ + int (*old_priv_decode) (EVP_PKEY *pkey, + const unsigned char **pder, int derlen); + int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); + /* Custom ASN1 signature verification */ + int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *data, + const X509_ALGOR *a, const ASN1_BIT_STRING *sig, + EVP_PKEY *pkey); + int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *data, + X509_ALGOR *alg1, X509_ALGOR *alg2, + ASN1_BIT_STRING *sig); + int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg, + const ASN1_STRING *sig); + /* Check */ + int (*pkey_check) (const EVP_PKEY *pk); + int (*pkey_public_check) (const EVP_PKEY *pk); + int (*pkey_param_check) (const EVP_PKEY *pk); + /* Get/set raw private/public key data */ + int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len); + int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len); + int (*get_priv_key) (const EVP_PKEY *pk, unsigned char *priv, size_t *len); + int (*get_pub_key) (const EVP_PKEY *pk, unsigned char *pub, size_t *len); + + /* Exports and imports to / from providers */ + size_t (*dirty_cnt) (const EVP_PKEY *pk); + int (*export_to) (const EVP_PKEY *pk, void *to_keydata, + OSSL_FUNC_keymgmt_import_fn *importer, + OSSL_LIB_CTX *libctx, const char *propq); + OSSL_CALLBACK *import_from; + int (*copy) (EVP_PKEY *to, EVP_PKEY *from); + + int (*priv_decode_ex) (EVP_PKEY *pk, + const PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *libctx, + const char *propq); +} /* EVP_PKEY_ASN1_METHOD */ ; + +DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD) + +extern const EVP_PKEY_ASN1_METHOD ossl_dh_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD ossl_dhx_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD ossl_dsa_asn1_meths[5]; +extern const EVP_PKEY_ASN1_METHOD ossl_eckey_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD ossl_ecx25519_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD ossl_ecx448_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD ossl_ed25519_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD ossl_ed448_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD ossl_sm2_asn1_meth; + +extern const EVP_PKEY_ASN1_METHOD ossl_rsa_asn1_meths[2]; +extern const EVP_PKEY_ASN1_METHOD ossl_rsa_pss_asn1_meth; + +/* + * These are used internally in the ASN1_OBJECT to keep track of whether the + * names and data need to be free()ed + */ +# define ASN1_OBJECT_FLAG_DYNAMIC 0x01/* internal use */ +# define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */ +# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */ +# define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */ +struct asn1_object_st { + const char *sn, *ln; + int nid; + int length; + const unsigned char *data; /* data remains const after init */ + int flags; /* Should we free this one */ +}; + +/* ASN1 print context structure */ + +struct asn1_pctx_st { + unsigned long flags; + unsigned long nm_flags; + unsigned long cert_flags; + unsigned long oid_flags; + unsigned long str_flags; +} /* ASN1_PCTX */ ; + +/* ASN1 type functions */ + +int ossl_asn1_type_set_octetstring_int(ASN1_TYPE *a, long num, + unsigned char *data, int len); +int ossl_asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num, + unsigned char *data, int max_len); + +int ossl_x509_algor_new_from_md(X509_ALGOR **palg, const EVP_MD *md); +const EVP_MD *ossl_x509_algor_get_md(X509_ALGOR *alg); +X509_ALGOR *ossl_x509_algor_mgf1_decode(X509_ALGOR *alg); +int ossl_x509_algor_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md); +int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags); + +EVP_PKEY *ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, + const unsigned char **pp, long length, + OSSL_LIB_CTX *libctx, const char *propq); +X509_ALGOR *ossl_X509_ALGOR_from_nid(int nid, int ptype, void *pval); + +time_t ossl_asn1_string_to_time_t(const char *asn1_string); +void ossl_asn1_string_set_bits_left(ASN1_STRING *str, unsigned int num); + +#endif /* ndef OSSL_CRYPTO_ASN1_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/asn1_dsa.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/asn1_dsa.h new file mode 100644 index 000000000000..3eadb9ec3c54 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/asn1_dsa.h @@ -0,0 +1,24 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_ASN1_DSA_H +# define OSSL_CRYPTO_ASN1_DSA_H +# pragma once + +#include "internal/packet.h" + +int ossl_encode_der_length(WPACKET *pkt, size_t cont_len); +int ossl_encode_der_integer(WPACKET *pkt, const BIGNUM *n); +int ossl_encode_der_dsa_sig(WPACKET *pkt, const BIGNUM *r, const BIGNUM *s); +int ossl_decode_der_length(PACKET *pkt, PACKET *subpkt); +int ossl_decode_der_integer(PACKET *pkt, BIGNUM *n); +size_t ossl_decode_der_dsa_sig(BIGNUM *r, BIGNUM *s, const unsigned char **ppin, + size_t len); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/asn1err.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/asn1err.h new file mode 100644 index 000000000000..6441386bbc4a --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/asn1err.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_ASN1ERR_H +# define OSSL_CRYPTO_ASN1ERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_ASN1_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/async.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/async.h new file mode 100644 index 000000000000..7bc0dbb65b79 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/async.h @@ -0,0 +1,19 @@ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_ASYNC_H +# define OSSL_CRYPTO_ASYNC_H +# pragma once + +# include + +int async_init(void); +void async_deinit(void); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/asyncerr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/asyncerr.h new file mode 100644 index 000000000000..574e0af733ba --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/asyncerr.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_ASYNCERR_H +# define OSSL_CRYPTO_ASYNCERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_ASYNC_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/bioerr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/bioerr.h new file mode 100644 index 000000000000..e38b981ab544 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/bioerr.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_BIOERR_H +# define OSSL_CRYPTO_BIOERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_BIO_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/bn.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/bn.h new file mode 100644 index 000000000000..302f031c2ff1 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/bn.h @@ -0,0 +1,137 @@ +/* + * Copyright 2014-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_BN_H +# define OSSL_CRYPTO_BN_H +# pragma once + +# include +# include + +BIGNUM *bn_wexpand(BIGNUM *a, int words); +BIGNUM *bn_expand2(BIGNUM *a, int words); + +void bn_correct_top(BIGNUM *a); + +/* + * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. + * This is an array r[] of values that are either zero or odd with an + * absolute value less than 2^w satisfying scalar = \sum_j r[j]*2^j where at + * most one of any w+1 consecutive digits is non-zero with the exception that + * the most significant digit may be only w-1 zeros away from that next + * non-zero digit. + */ +signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len); + +int bn_get_top(const BIGNUM *a); + +int bn_get_dmax(const BIGNUM *a); + +/* Set all words to zero */ +void bn_set_all_zero(BIGNUM *a); + +/* + * Copy the internal BIGNUM words into out which holds size elements (and size + * must be bigger than top) + */ +int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size); + +BN_ULONG *bn_get_words(const BIGNUM *a); + +/* + * Set the internal data words in a to point to words which contains size + * elements. The BN_FLG_STATIC_DATA flag is set + */ +void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size); + +/* + * Copy words into the BIGNUM |a|, reallocating space as necessary. + * The negative flag of |a| is not modified. + * Returns 1 on success and 0 on failure. + */ +/* + * |num_words| is int because bn_expand2 takes an int. This is an internal + * function so we simply trust callers not to pass negative values. + */ +int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words); + +/* + * Some BIGNUM functions assume most significant limb to be non-zero, which + * is customarily arranged by bn_correct_top. Output from below functions + * is not processed with bn_correct_top, and for this reason it may not be + * returned out of public API. It may only be passed internally into other + * functions known to support non-minimal or zero-padded BIGNUMs. Even + * though the goal is to facilitate constant-time-ness, not each subroutine + * is constant-time by itself. They all have pre-conditions, consult source + * code... + */ +int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); +int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); +int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); +int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + const BIGNUM *d, BN_CTX *ctx); +int ossl_bn_mask_bits_fixed_top(BIGNUM *a, int n); +int ossl_bn_is_word_fixed_top(const BIGNUM *a, const BN_ULONG w); +int ossl_bn_priv_rand_range_fixed_top(BIGNUM *r, const BIGNUM *range, + unsigned int strength, BN_CTX *ctx); +int ossl_bn_gen_dsa_nonce_fixed_top(BIGNUM *out, const BIGNUM *range, + const BIGNUM *priv, + const unsigned char *message, + size_t message_len, BN_CTX *ctx); + +#define BN_PRIMETEST_COMPOSITE 0 +#define BN_PRIMETEST_COMPOSITE_WITH_FACTOR 1 +#define BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME 2 +#define BN_PRIMETEST_PROBABLY_PRIME 3 + +int ossl_bn_miller_rabin_is_prime(const BIGNUM *w, int iterations, BN_CTX *ctx, + BN_GENCB *cb, int enhanced, int *status); +int ossl_bn_check_generated_prime(const BIGNUM *w, int checks, BN_CTX *ctx, + BN_GENCB *cb); + +const BIGNUM *ossl_bn_get0_small_factors(void); + +int ossl_bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout, + BIGNUM *p1, BIGNUM *p2, + const BIGNUM *Xp, const BIGNUM *Xp1, + const BIGNUM *Xp2, int nlen, + const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); + +int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin, + const BIGNUM *r1, const BIGNUM *r2, + int nlen, const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); + +OSSL_LIB_CTX *ossl_bn_get_libctx(BN_CTX *ctx); + +extern const BIGNUM ossl_bn_inv_sqrt_2; + +#if defined(OPENSSL_SYS_LINUX) && !defined(FIPS_MODULE) && defined (__s390x__) \ + && !defined (OPENSSL_NO_ASM) +# define S390X_MOD_EXP +#endif + +int s390x_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int s390x_crt(BIGNUM *r, const BIGNUM *i, const BIGNUM *p, const BIGNUM *q, + const BIGNUM *dmp, const BIGNUM *dmq, const BIGNUM *iqmp); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/bn_conf.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/bn_conf.h new file mode 100644 index 000000000000..0347a6ddc067 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/bn_conf.h @@ -0,0 +1,29 @@ +/* WARNING: do not edit! */ +/* Generated by Makefile from include/crypto/bn_conf.h.in */ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_BN_CONF_H +# define OSSL_CRYPTO_BN_CONF_H +# pragma once + +/* + * The contents of this file are not used in the UEFI build, as + * both 32-bit and 64-bit builds are supported from a single run + * of the Configure script. + */ + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +#define SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#undef THIRTY_TWO_BIT + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/bn_dh.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/bn_dh.h new file mode 100644 index 000000000000..6d12c20e0212 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/bn_dh.h @@ -0,0 +1,43 @@ +/* + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#define declare_dh_bn(x) \ + extern const BIGNUM ossl_bignum_dh##x##_p; \ + extern const BIGNUM ossl_bignum_dh##x##_q; \ + extern const BIGNUM ossl_bignum_dh##x##_g; \ + +declare_dh_bn(1024_160) +declare_dh_bn(2048_224) +declare_dh_bn(2048_256) + +extern const BIGNUM ossl_bignum_const_2; + +extern const BIGNUM ossl_bignum_ffdhe2048_p; +extern const BIGNUM ossl_bignum_ffdhe3072_p; +extern const BIGNUM ossl_bignum_ffdhe4096_p; +extern const BIGNUM ossl_bignum_ffdhe6144_p; +extern const BIGNUM ossl_bignum_ffdhe8192_p; +extern const BIGNUM ossl_bignum_ffdhe2048_q; +extern const BIGNUM ossl_bignum_ffdhe3072_q; +extern const BIGNUM ossl_bignum_ffdhe4096_q; +extern const BIGNUM ossl_bignum_ffdhe6144_q; +extern const BIGNUM ossl_bignum_ffdhe8192_q; + +extern const BIGNUM ossl_bignum_modp_1536_p; +extern const BIGNUM ossl_bignum_modp_2048_p; +extern const BIGNUM ossl_bignum_modp_3072_p; +extern const BIGNUM ossl_bignum_modp_4096_p; +extern const BIGNUM ossl_bignum_modp_6144_p; +extern const BIGNUM ossl_bignum_modp_8192_p; +extern const BIGNUM ossl_bignum_modp_1536_q; +extern const BIGNUM ossl_bignum_modp_2048_q; +extern const BIGNUM ossl_bignum_modp_3072_q; +extern const BIGNUM ossl_bignum_modp_4096_q; +extern const BIGNUM ossl_bignum_modp_6144_q; +extern const BIGNUM ossl_bignum_modp_8192_q; diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/bn_srp.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/bn_srp.h new file mode 100644 index 000000000000..00b160aad120 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/bn_srp.h @@ -0,0 +1,32 @@ +/* + * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_NO_SRP + +extern const BIGNUM ossl_bn_group_1024; + +extern const BIGNUM ossl_bn_group_1536; + +extern const BIGNUM ossl_bn_group_2048; + +extern const BIGNUM ossl_bn_group_3072; + +extern const BIGNUM ossl_bn_group_4096; + +extern const BIGNUM ossl_bn_group_6144; + +extern const BIGNUM ossl_bn_group_8192; + +extern const BIGNUM ossl_bn_generator_19; + +extern const BIGNUM ossl_bn_generator_5; + +extern const BIGNUM ossl_bn_generator_2; + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/bnerr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/bnerr.h new file mode 100644 index 000000000000..131e30fa71df --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/bnerr.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_BNERR_H +# define OSSL_CRYPTO_BNERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_BN_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/buffererr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/buffererr.h new file mode 100644 index 000000000000..54976d95b5a8 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/buffererr.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_BUFFERERR_H +# define OSSL_CRYPTO_BUFFERERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_BUF_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/chacha.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/chacha.h new file mode 100644 index 000000000000..2af2c2ecf7de --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/chacha.h @@ -0,0 +1,49 @@ +/* + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_CHACHA_H +#define OSSL_CRYPTO_CHACHA_H +# pragma once + +#include + +/* + * ChaCha20_ctr32 encrypts |len| bytes from |inp| with the given key and + * nonce and writes the result to |out|, which may be equal to |inp|. + * The |key| is not 32 bytes of verbatim key material though, but the + * said material collected into 8 32-bit elements array in host byte + * order. Same approach applies to nonce: the |counter| argument is + * pointer to concatenated nonce and counter values collected into 4 + * 32-bit elements. This, passing crypto material collected into 32-bit + * elements as opposite to passing verbatim byte vectors, is chosen for + * efficiency in multi-call scenarios. + */ +void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, + size_t len, const unsigned int key[8], + const unsigned int counter[4]); +#ifdef INCLUDE_C_CHACHA20 +/* The fallback implementation for `ChaCha20_ctr32`. */ +void ChaCha20_ctr32_c(unsigned char *out, const unsigned char *inp, size_t len, + const unsigned int key[8], const unsigned int counter[4]); +#endif + +/* + * You can notice that there is no key setup procedure. Because it's + * as trivial as collecting bytes into 32-bit elements, it's reckoned + * that below macro is sufficient. + */ +#define CHACHA_U8TOU32(p) ( \ + ((unsigned int)(p)[0]) | ((unsigned int)(p)[1]<<8) | \ + ((unsigned int)(p)[2]<<16) | ((unsigned int)(p)[3]<<24) ) + +#define CHACHA_KEY_SIZE 32 +#define CHACHA_CTR_SIZE 16 +#define CHACHA_BLK_SIZE 64 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/cmll_platform.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/cmll_platform.h new file mode 100644 index 000000000000..8cadadf68aa0 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/cmll_platform.h @@ -0,0 +1,51 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CMLL_PLATFORM_H +# define OSSL_CMLL_PLATFORM_H +# pragma once + +# if defined(CMLL_ASM) && (defined(__sparc) || defined(__sparc__)) + +/* Fujitsu SPARC64 X support */ +# include "crypto/sparc_arch.h" + +# ifndef OPENSSL_NO_CAMELLIA +# define SPARC_CMLL_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_CAMELLIA) +# include + +void cmll_t4_set_key(const unsigned char *key, int bits, CAMELLIA_KEY *ks); +void cmll_t4_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); +void cmll_t4_decrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); + +void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const CAMELLIA_KEY *key, + unsigned char *ivec, int /*unused*/); +void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const CAMELLIA_KEY *key, + unsigned char *ivec, int /*unused*/); +void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const CAMELLIA_KEY *key, + unsigned char *ivec, int /*unused*/); +void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const CAMELLIA_KEY *key, + unsigned char *ivec, int /*unused*/); +void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const CAMELLIA_KEY *key, + unsigned char *ivec); +void cmll256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const CAMELLIA_KEY *key, + unsigned char *ivec); +# endif /* OPENSSL_NO_CAMELLIA */ + +# endif /* CMLL_ASM && sparc */ + +#endif /* OSSL_CRYPTO_CIPHERMODE_PLATFORM_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/cmperr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/cmperr.h new file mode 100644 index 000000000000..2bd163738466 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/cmperr.h @@ -0,0 +1,30 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_CMPERR_H +# define OSSL_CRYPTO_CMPERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_CMP + +int ossl_err_load_CMP_strings(void); +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/cmserr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/cmserr.h new file mode 100644 index 000000000000..a7fcf11fa957 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/cmserr.h @@ -0,0 +1,30 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_CMSERR_H +# define OSSL_CRYPTO_CMSERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_CMS + +int ossl_err_load_CMS_strings(void); +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/comperr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/comperr.h new file mode 100644 index 000000000000..0fd9c6de711a --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/comperr.h @@ -0,0 +1,30 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_COMPERR_H +# define OSSL_CRYPTO_COMPERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_COMP + +int ossl_err_load_COMP_strings(void); +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/conferr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/conferr.h new file mode 100644 index 000000000000..fc9645127d12 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/conferr.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_CONFERR_H +# define OSSL_CRYPTO_CONFERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_CONF_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/context.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/context.h new file mode 100644 index 000000000000..7369a730fb81 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/context.h @@ -0,0 +1,48 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +void *ossl_provider_store_new(OSSL_LIB_CTX *); +void *ossl_property_string_data_new(OSSL_LIB_CTX *); +void *ossl_stored_namemap_new(OSSL_LIB_CTX *); +void *ossl_property_defns_new(OSSL_LIB_CTX *); +void *ossl_ctx_global_properties_new(OSSL_LIB_CTX *); +void *ossl_rand_ctx_new(OSSL_LIB_CTX *); +void *ossl_prov_conf_ctx_new(OSSL_LIB_CTX *); +void *ossl_bio_core_globals_new(OSSL_LIB_CTX *); +void *ossl_child_prov_ctx_new(OSSL_LIB_CTX *); +void *ossl_prov_drbg_nonce_ctx_new(OSSL_LIB_CTX *); +void *ossl_self_test_set_callback_new(OSSL_LIB_CTX *); +void *ossl_rand_crng_ctx_new(OSSL_LIB_CTX *); +int ossl_thread_register_fips(OSSL_LIB_CTX *); +void *ossl_thread_event_ctx_new(OSSL_LIB_CTX *); +void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *); +#if defined(OPENSSL_THREADS) +void *ossl_threads_ctx_new(OSSL_LIB_CTX *); +#endif + +void ossl_provider_store_free(void *); +void ossl_property_string_data_free(void *); +void ossl_stored_namemap_free(void *); +void ossl_property_defns_free(void *); +void ossl_ctx_global_properties_free(void *); +void ossl_rand_ctx_free(void *); +void ossl_prov_conf_ctx_free(void *); +void ossl_bio_core_globals_free(void *); +void ossl_child_prov_ctx_free(void *); +void ossl_prov_drbg_nonce_ctx_free(void *); +void ossl_self_test_set_callback_free(void *); +void ossl_rand_crng_ctx_free(void *); +void ossl_thread_event_ctx_free(void *); +void ossl_fips_prov_ossl_ctx_free(void *); +void ossl_release_default_drbg_ctx(void); +#if defined(OPENSSL_THREADS) +void ossl_threads_ctx_free(void *); +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/crmferr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/crmferr.h new file mode 100644 index 000000000000..f1a27e04993b --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/crmferr.h @@ -0,0 +1,30 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_CRMFERR_H +# define OSSL_CRYPTO_CRMFERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_CRMF + +int ossl_err_load_CRMF_strings(void); +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/cryptlib.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/cryptlib.h new file mode 100644 index 000000000000..39a956bfd362 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/cryptlib.h @@ -0,0 +1,39 @@ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_CRYPTLIB_H +# define OSSL_CRYPTO_CRYPTLIB_H +# pragma once + +# include +# include "internal/cryptlib.h" + +/* This file is not scanned by mkdef.pl, whereas cryptlib.h is */ + +int ossl_init_thread_start(const void *index, void *arg, + OSSL_thread_stop_handler_fn handfn); +int ossl_init_thread_deregister(void *index); +int ossl_init_thread(void); +void ossl_cleanup_thread(void); +void ossl_ctx_thread_stop(OSSL_LIB_CTX *ctx); + +/* + * OPENSSL_INIT flags. The primary list of these is in crypto.h. Flags below + * are those omitted from crypto.h because they are "reserved for internal + * use". + */ +# define OPENSSL_INIT_BASE_ONLY 0x00040000L + +void ossl_trace_cleanup(void); +void ossl_malloc_setup_failures(void); + +int ossl_crypto_alloc_ex_data_intern(int class_index, void *obj, + CRYPTO_EX_DATA *ad, int idx); + +#endif /* OSSL_CRYPTO_CRYPTLIB_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/cryptoerr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/cryptoerr.h new file mode 100644 index 000000000000..1b6192e3f0a9 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/cryptoerr.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_CRYPTOERR_H +# define OSSL_CRYPTO_CRYPTOERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_CRYPTO_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/cterr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/cterr.h new file mode 100644 index 000000000000..760bc796be4d --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/cterr.h @@ -0,0 +1,30 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_CTERR_H +# define OSSL_CRYPTO_CTERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_CT + +int ossl_err_load_CT_strings(void); +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ctype.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ctype.h new file mode 100644 index 000000000000..22f6922183b5 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ctype.h @@ -0,0 +1,86 @@ +/* + * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This version of ctype.h provides a standardised and platform + * independent implementation that supports seven bit ASCII characters. + * The specific intent is to not pass extended ASCII characters (> 127) + * even if the host operating system would. + * + * There is EBCDIC support included for machines which use this. However, + * there are a number of concerns about how well EBCDIC is supported + * throughout the rest of the source code. Refer to issue #4154 for + * details. + */ +#ifndef OSSL_CRYPTO_CTYPE_H +# define OSSL_CRYPTO_CTYPE_H +# pragma once + +# include + +# define CTYPE_MASK_lower 0x1 +# define CTYPE_MASK_upper 0x2 +# define CTYPE_MASK_digit 0x4 +# define CTYPE_MASK_space 0x8 +# define CTYPE_MASK_xdigit 0x10 +# define CTYPE_MASK_blank 0x20 +# define CTYPE_MASK_cntrl 0x40 +# define CTYPE_MASK_graph 0x80 +# define CTYPE_MASK_print 0x100 +# define CTYPE_MASK_punct 0x200 +# define CTYPE_MASK_base64 0x400 +# define CTYPE_MASK_asn1print 0x800 + +# define CTYPE_MASK_alpha (CTYPE_MASK_lower | CTYPE_MASK_upper) +# define CTYPE_MASK_alnum (CTYPE_MASK_alpha | CTYPE_MASK_digit) + +/* + * The ascii mask assumes that any other classification implies that + * the character is ASCII and that there are no ASCII characters + * that aren't in any of the classifications. + * + * This assumption holds at the moment, but it might not in the future. + */ +# define CTYPE_MASK_ascii (~0) + +# ifdef CHARSET_EBCDIC +int ossl_toascii(int c); +int ossl_fromascii(int c); +# else +# define ossl_toascii(c) (c) +# define ossl_fromascii(c) (c) +# endif +int ossl_ctype_check(int c, unsigned int mask); + +int ossl_tolower(int c); +int ossl_toupper(int c); + +int ossl_isdigit(int c); +int ossl_islower(int c); +int ossl_isupper(int c); + +int ossl_ascii_isdigit(int c); + +# define ossl_isalnum(c) (ossl_ctype_check((c), CTYPE_MASK_alnum)) +# define ossl_isalpha(c) (ossl_ctype_check((c), CTYPE_MASK_alpha)) +# ifdef CHARSET_EBCDIC +# define ossl_isascii(c) (ossl_ctype_check((c), CTYPE_MASK_ascii)) +# else +# define ossl_isascii(c) (((c) & ~127) == 0) +# endif +# define ossl_isblank(c) (ossl_ctype_check((c), CTYPE_MASK_blank)) +# define ossl_iscntrl(c) (ossl_ctype_check((c), CTYPE_MASK_cntrl)) +# define ossl_isgraph(c) (ossl_ctype_check((c), CTYPE_MASK_graph)) +# define ossl_isprint(c) (ossl_ctype_check((c), CTYPE_MASK_print)) +# define ossl_ispunct(c) (ossl_ctype_check((c), CTYPE_MASK_punct)) +# define ossl_isspace(c) (ossl_ctype_check((c), CTYPE_MASK_space)) +# define ossl_isxdigit(c) (ossl_ctype_check((c), CTYPE_MASK_xdigit)) +# define ossl_isbase64(c) (ossl_ctype_check((c), CTYPE_MASK_base64)) +# define ossl_isasn1print(c) (ossl_ctype_check((c), CTYPE_MASK_asn1print)) +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/decoder.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/decoder.h new file mode 100644 index 000000000000..a0d5de65211e --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/decoder.h @@ -0,0 +1,40 @@ +/* + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_DECODER_H +# define OSSL_CRYPTO_DECODER_H +# pragma once + +# include + +/* + * These are specially made for the 'file:' provider-native loader, which + * uses this to install a DER to anything decoder, which doesn't do much + * except read a DER blob and pass it on as a provider object abstraction + * (provider-object(7)). + */ +void *ossl_decoder_from_algorithm(int id, const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov); + +OSSL_DECODER_INSTANCE * +ossl_decoder_instance_new(OSSL_DECODER *decoder, void *decoderctx); +void ossl_decoder_instance_free(OSSL_DECODER_INSTANCE *decoder_inst); +OSSL_DECODER_INSTANCE *ossl_decoder_instance_dup(const OSSL_DECODER_INSTANCE *src); +int ossl_decoder_ctx_add_decoder_inst(OSSL_DECODER_CTX *ctx, + OSSL_DECODER_INSTANCE *di); + +int ossl_decoder_get_number(const OSSL_DECODER *encoder); +int ossl_decoder_store_cache_flush(OSSL_LIB_CTX *libctx); +int ossl_decoder_store_remove_all_provided(const OSSL_PROVIDER *prov); + +void *ossl_decoder_cache_new(OSSL_LIB_CTX *ctx); +void ossl_decoder_cache_free(void *vcache); +int ossl_decoder_cache_flush(OSSL_LIB_CTX *libctx); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/decodererr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/decodererr.h new file mode 100644 index 000000000000..d7badc43793c --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/decodererr.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_DECODERERR_H +# define OSSL_CRYPTO_DECODERERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_OSSL_DECODER_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/des_platform.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/des_platform.h new file mode 100644 index 000000000000..07ea1ddd0acc --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/des_platform.h @@ -0,0 +1,35 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_DES_PLATFORM_H +# define OSSL_DES_PLATFORM_H +# pragma once + +# if defined(DES_ASM) && (defined(__sparc) || defined(__sparc__)) + +/* Fujitsu SPARC64 X support */ +# include "crypto/sparc_arch.h" + +# ifndef OPENSSL_NO_DES +# define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES) +# include +void des_t4_key_expand(const void *key, DES_key_schedule *ks); +void des_t4_ede3_cbc_encrypt(const void *inp, void *out, size_t len, + const DES_key_schedule ks[3], unsigned char iv[8]); +void des_t4_ede3_cbc_decrypt(const void *inp, void *out, size_t len, + const DES_key_schedule ks[3], unsigned char iv[8]); +void des_t4_cbc_encrypt(const void *inp, void *out, size_t len, + const DES_key_schedule *ks, unsigned char iv[8]); +void des_t4_cbc_decrypt(const void *inp, void *out, size_t len, + const DES_key_schedule *ks, unsigned char iv[8]); +# endif /* OPENSSL_NO_DES */ + +# endif /* DES_ASM && sparc */ + +#endif /* OSSL_CRYPTO_CIPHERMODE_PLATFORM_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/dh.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/dh.h new file mode 100644 index 000000000000..51232d18c244 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/dh.h @@ -0,0 +1,62 @@ +/* + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_DH_H +# define OSSL_CRYPTO_DH_H +# pragma once + +# include +# include +# include +# include "internal/ffc.h" + +DH *ossl_dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid); +DH *ossl_dh_new_ex(OSSL_LIB_CTX *libctx); +void ossl_dh_set0_libctx(DH *d, OSSL_LIB_CTX *libctx); +int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits, + BN_GENCB *cb); +int ossl_dh_generate_public_key(BN_CTX *ctx, const DH *dh, + const BIGNUM *priv_key, BIGNUM *pub_key); +int ossl_dh_get_named_group_uid_from_size(int pbits); +const char *ossl_dh_gen_type_id2name(int id); +int ossl_dh_gen_type_name2id(const char *name, int type); +void ossl_dh_cache_named_group(DH *dh); +int ossl_dh_is_named_safe_prime_group(const DH *dh); + +FFC_PARAMS *ossl_dh_get0_params(DH *dh); +int ossl_dh_get0_nid(const DH *dh); +int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[]); +int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[], int include_private); +int ossl_dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]); +int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[], + int include_private); +DH *ossl_dh_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *libctx, const char *propq); +int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); + +int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret); +int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret); +int ossl_dh_check_pairwise(const DH *dh); + +const DH_METHOD *ossl_dh_get_method(const DH *dh); + +int ossl_dh_buf2key(DH *key, const unsigned char *buf, size_t len); +size_t ossl_dh_key2buf(const DH *dh, unsigned char **pbuf, size_t size, + int alloc); + +int ossl_dh_kdf_X9_42_asn1(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const char *cek_alg, + const unsigned char *ukm, size_t ukmlen, + const EVP_MD *md, + OSSL_LIB_CTX *libctx, const char *propq); +int ossl_dh_is_foreign(const DH *dh); +DH *ossl_dh_dup(const DH *dh, int selection); + +#endif /* OSSL_CRYPTO_DH_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/dherr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/dherr.h new file mode 100644 index 000000000000..519327f79574 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/dherr.h @@ -0,0 +1,30 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_DHERR_H +# define OSSL_CRYPTO_DHERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_DH + +int ossl_err_load_DH_strings(void); +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/dsa.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/dsa.h new file mode 100644 index 000000000000..b08a42c7f286 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/dsa.h @@ -0,0 +1,56 @@ +/* + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_DSA_H +# define OSSL_CRYPTO_DSA_H +# pragma once + +# include +# include +# include "internal/ffc.h" + +/* + * DSA Paramgen types + * Note, adding to this list requires adjustments to various checks + * in dsa_gen range validation checks + */ +#define DSA_PARAMGEN_TYPE_FIPS_186_4 0 /* Use FIPS186-4 standard */ +#define DSA_PARAMGEN_TYPE_FIPS_186_2 1 /* Use legacy FIPS186-2 standard */ +#define DSA_PARAMGEN_TYPE_FIPS_DEFAULT 2 + +DSA *ossl_dsa_new(OSSL_LIB_CTX *libctx); +void ossl_dsa_set0_libctx(DSA *d, OSSL_LIB_CTX *libctx); + +int ossl_dsa_generate_ffc_parameters(DSA *dsa, int type, int pbits, int qbits, + BN_GENCB *cb); + +int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, DSA *dsa, + unsigned int nonce_type, const char *digestname, + OSSL_LIB_CTX *libctx, const char *propq); + +FFC_PARAMS *ossl_dsa_get0_params(DSA *dsa); +int ossl_dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[]); +int ossl_dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[], + int include_private); +DSA *ossl_dsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *libctx, const char *propq); + +int ossl_dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa, + const BIGNUM *priv_key, BIGNUM *pub_key); +int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret); +int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret); +int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, + int *ret); +int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret); +int ossl_dsa_check_pairwise(const DSA *dsa); +int ossl_dsa_is_foreign(const DSA *dsa); +DSA *ossl_dsa_dup(const DSA *dsa, int selection); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/dsaerr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/dsaerr.h new file mode 100644 index 000000000000..fde8358fc96d --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/dsaerr.h @@ -0,0 +1,30 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_DSAERR_H +# define OSSL_CRYPTO_DSAERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_DSA + +int ossl_err_load_DSA_strings(void); +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/dso_conf.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/dso_conf.h new file mode 100644 index 000000000000..795dfa0f1a66 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/dso_conf.h @@ -0,0 +1,19 @@ +/* WARNING: do not edit! */ +/* Generated by Makefile from include/crypto/dso_conf.h.in */ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_DSO_CONF_H +# define OSSL_CRYPTO_DSO_CONF_H +# pragma once + +# define DSO_DLFCN +# define HAVE_DLFCN_H +# define DSO_EXTENSION ".so" +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ec.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ec.h new file mode 100644 index 000000000000..da85a7bd88d7 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ec.h @@ -0,0 +1,106 @@ +/* + * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Internal EC functions for other submodules: not for application use */ + +#ifndef OSSL_CRYPTO_EC_H +# define OSSL_CRYPTO_EC_H +# pragma once + +# include +# include + +int ossl_ec_curve_name2nid(const char *name); +const char *ossl_ec_curve_nid2nist_int(int nid); +int ossl_ec_curve_nist2nid_int(const char *name); +int evp_pkey_ctx_set_ec_param_enc_prov(EVP_PKEY_CTX *ctx, int param_enc); + +# ifndef OPENSSL_NO_EC +# include +# include +# include "crypto/types.h" + +/*- + * Computes the multiplicative inverse of x in the range + * [1,EC_GROUP::order), where EC_GROUP::order is the cardinality of the + * subgroup generated by the generator G: + * + * res := x^(-1) (mod EC_GROUP::order). + * + * This function expects the following two conditions to hold: + * - the EC_GROUP order is prime, and + * - x is included in the range [1, EC_GROUP::order). + * + * This function returns 1 on success, 0 on error. + * + * If the EC_GROUP order is even, this function explicitly returns 0 as + * an error. + * In case any of the two conditions stated above is not satisfied, + * the correctness of its output is not guaranteed, even if the return + * value could still be 1 (as primality testing and a conditional modular + * reduction round on the input can be omitted by the underlying + * implementations for better SCA properties on regular input values). + */ +__owur int ossl_ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, + const BIGNUM *x, BN_CTX *ctx); + +/*- + * ECDH Key Derivation Function as defined in ANSI X9.63 + */ +int ossl_ecdh_kdf_X9_63(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md, OSSL_LIB_CTX *libctx, + const char *propq); + +int ossl_ec_key_public_check(const EC_KEY *eckey, BN_CTX *ctx); +int ossl_ec_key_public_check_quick(const EC_KEY *eckey, BN_CTX *ctx); +int ossl_ec_key_private_check(const EC_KEY *eckey); +int ossl_ec_key_pairwise_check(const EC_KEY *eckey, BN_CTX *ctx); +OSSL_LIB_CTX *ossl_ec_key_get_libctx(const EC_KEY *eckey); +const char *ossl_ec_key_get0_propq(const EC_KEY *eckey); +void ossl_ec_key_set0_libctx(EC_KEY *key, OSSL_LIB_CTX *libctx); + +/* Backend support */ +int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl, + OSSL_PARAM params[], OSSL_LIB_CTX *libctx, + const char *propq, + BN_CTX *bnctx, unsigned char **genbuf); +int ossl_ec_group_fromdata(EC_KEY *ec, const OSSL_PARAM params[]); +int ossl_ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[]); +int ossl_ec_key_fromdata(EC_KEY *ecx, const OSSL_PARAM params[], + int include_private); +int ossl_ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]); +int ossl_ec_key_is_foreign(const EC_KEY *ec); +EC_KEY *ossl_ec_key_dup(const EC_KEY *key, int selection); +int ossl_x509_algor_is_sm2(const X509_ALGOR *palg); +EC_KEY *ossl_ec_key_param_from_x509_algor(const X509_ALGOR *palg, + OSSL_LIB_CTX *libctx, + const char *propq); +EC_KEY *ossl_ec_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *libctx, const char *propq); + +int ossl_ec_set_ecdh_cofactor_mode(EC_KEY *ec, int mode); +int ossl_ec_encoding_name2id(const char *name); +int ossl_ec_encoding_param2id(const OSSL_PARAM *p, int *id); +int ossl_ec_pt_format_name2id(const char *name); +int ossl_ec_pt_format_param2id(const OSSL_PARAM *p, int *id); +char *ossl_ec_pt_format_id2name(int id); + +char *ossl_ec_check_group_type_id2name(int flags); +int ossl_ec_set_check_group_type_from_name(EC_KEY *ec, const char *name); +int ossl_ec_generate_key_dhkem(EC_KEY *eckey, + const unsigned char *ikm, size_t ikmlen); +int ossl_ecdsa_deterministic_sign(const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, + EC_KEY *eckey, unsigned int nonce_type, + const char *digestname, + OSSL_LIB_CTX *libctx, const char *propq); +# endif /* OPENSSL_NO_EC */ +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ecerr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ecerr.h new file mode 100644 index 000000000000..782526bf8565 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ecerr.h @@ -0,0 +1,30 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_ECERR_H +# define OSSL_CRYPTO_ECERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_EC + +int ossl_err_load_EC_strings(void); +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ecx.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ecx.h new file mode 100644 index 000000000000..f35b875fb64f --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ecx.h @@ -0,0 +1,158 @@ +/* + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Internal EC functions for other submodules: not for application use */ + +#ifndef OSSL_CRYPTO_ECX_H +# define OSSL_CRYPTO_ECX_H +# pragma once + +# include + +# ifndef OPENSSL_NO_ECX + +# include +# include +# include +# include "internal/refcount.h" +# include "crypto/types.h" + +# define X25519_KEYLEN 32 +# define X448_KEYLEN 56 +# define ED25519_KEYLEN 32 +# define ED448_KEYLEN 57 + +# define MAX_KEYLEN ED448_KEYLEN + +# define X25519_BITS 253 +# define X25519_SECURITY_BITS 128 + +# define X448_BITS 448 +# define X448_SECURITY_BITS 224 + +# define ED25519_BITS 256 +/* RFC8032 Section 8.5 */ +# define ED25519_SECURITY_BITS 128 +# define ED25519_SIGSIZE 64 + +# define ED448_BITS 456 +/* RFC8032 Section 8.5 */ +# define ED448_SECURITY_BITS 224 +# define ED448_SIGSIZE 114 + + +typedef enum { + ECX_KEY_TYPE_X25519, + ECX_KEY_TYPE_X448, + ECX_KEY_TYPE_ED25519, + ECX_KEY_TYPE_ED448 +} ECX_KEY_TYPE; + +#define KEYTYPE2NID(type) \ + ((type) == ECX_KEY_TYPE_X25519 \ + ? EVP_PKEY_X25519 \ + : ((type) == ECX_KEY_TYPE_X448 \ + ? EVP_PKEY_X448 \ + : ((type) == ECX_KEY_TYPE_ED25519 \ + ? EVP_PKEY_ED25519 \ + : EVP_PKEY_ED448))) + +struct ecx_key_st { + OSSL_LIB_CTX *libctx; + char *propq; + unsigned int haspubkey:1; + unsigned char pubkey[MAX_KEYLEN]; + unsigned char *privkey; + size_t keylen; + ECX_KEY_TYPE type; + CRYPTO_REF_COUNT references; +}; + +size_t ossl_ecx_key_length(ECX_KEY_TYPE type); +ECX_KEY *ossl_ecx_key_new(OSSL_LIB_CTX *libctx, ECX_KEY_TYPE type, + int haspubkey, const char *propq); +void ossl_ecx_key_set0_libctx(ECX_KEY *key, OSSL_LIB_CTX *libctx); +unsigned char *ossl_ecx_key_allocate_privkey(ECX_KEY *key); +void ossl_ecx_key_free(ECX_KEY *key); +int ossl_ecx_key_up_ref(ECX_KEY *key); +ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key, int selection); +int ossl_ecx_compute_key(ECX_KEY *peer, ECX_KEY *priv, size_t keylen, + unsigned char *secret, size_t *secretlen, + size_t outlen); + +int ossl_x25519(uint8_t out_shared_key[32], const uint8_t private_key[32], + const uint8_t peer_public_value[32]); +void ossl_x25519_public_from_private(uint8_t out_public_value[32], + const uint8_t private_key[32]); + +int +ossl_ed25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32], + const uint8_t private_key[32], + const char *propq); +int +ossl_ed25519_sign(uint8_t *out_sig, const uint8_t *tbs, size_t tbs_len, + const uint8_t public_key[32], const uint8_t private_key[32], + const uint8_t dom2flag, const uint8_t phflag, const uint8_t csflag, + const uint8_t *context, size_t context_len, + OSSL_LIB_CTX *libctx, const char *propq); +int +ossl_ed25519_verify(const uint8_t *tbs, size_t tbs_len, + const uint8_t signature[64], const uint8_t public_key[32], + const uint8_t dom2flag, const uint8_t phflag, const uint8_t csflag, + const uint8_t *context, size_t context_len, + OSSL_LIB_CTX *libctx, const char *propq); +int +ossl_ed448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57], + const uint8_t private_key[57], const char *propq); +int +ossl_ed448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, + const uint8_t *message, size_t message_len, + const uint8_t public_key[57], const uint8_t private_key[57], + const uint8_t *context, size_t context_len, + const uint8_t phflag, const char *propq); + +int +ossl_ed448_verify(OSSL_LIB_CTX *ctx, + const uint8_t *message, size_t message_len, + const uint8_t signature[114], const uint8_t public_key[57], + const uint8_t *context, size_t context_len, + const uint8_t phflag, const char *propq); + +int +ossl_x448(uint8_t out_shared_key[56], const uint8_t private_key[56], + const uint8_t peer_public_value[56]); +void +ossl_x448_public_from_private(uint8_t out_public_value[56], + const uint8_t private_key[56]); + + +/* Backend support */ +typedef enum { + KEY_OP_PUBLIC, + KEY_OP_PRIVATE, + KEY_OP_KEYGEN +} ecx_key_op_t; + +ECX_KEY *ossl_ecx_key_op(const X509_ALGOR *palg, + const unsigned char *p, int plen, + int pkey_id, ecx_key_op_t op, + OSSL_LIB_CTX *libctx, const char *propq); + +int ossl_ecx_public_from_private(ECX_KEY *key); +int ossl_ecx_key_fromdata(ECX_KEY *ecx, const OSSL_PARAM params[], + int include_private); +ECX_KEY *ossl_ecx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *libctx, const char *propq); + +ECX_KEY *ossl_evp_pkey_get1_X25519(EVP_PKEY *pkey); +ECX_KEY *ossl_evp_pkey_get1_X448(EVP_PKEY *pkey); +ECX_KEY *ossl_evp_pkey_get1_ED25519(EVP_PKEY *pkey); +ECX_KEY *ossl_evp_pkey_get1_ED448(EVP_PKEY *pkey); +# endif /* OPENSSL_NO_ECX */ +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/encoder.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/encoder.h new file mode 100644 index 000000000000..6240438d6d2a --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/encoder.h @@ -0,0 +1,20 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_ENCODER_H +# define OSSL_CRYPTO_ENCODER_H +# pragma once + +# include + +int ossl_encoder_get_number(const OSSL_ENCODER *encoder); +int ossl_encoder_store_cache_flush(OSSL_LIB_CTX *libctx); +int ossl_encoder_store_remove_all_provided(const OSSL_PROVIDER *prov); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/encodererr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/encodererr.h new file mode 100644 index 000000000000..56c458234bdd --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/encodererr.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_ENCODERERR_H +# define OSSL_CRYPTO_ENCODERERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_OSSL_ENCODER_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/engine.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/engine.h new file mode 100644 index 000000000000..fac6ed0966ae --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/engine.h @@ -0,0 +1,20 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +void engine_load_openssl_int(void); +void engine_load_devcrypto_int(void); +void engine_load_rdrand_int(void); +void engine_load_dynamic_int(void); +void engine_load_padlock_int(void); +void engine_load_capi_int(void); +void engine_load_dasync_int(void); +void engine_load_afalg_int(void); +void engine_cleanup_int(void); diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/engineerr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/engineerr.h new file mode 100644 index 000000000000..737c841d645a --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/engineerr.h @@ -0,0 +1,30 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_ENGINEERR_H +# define OSSL_CRYPTO_ENGINEERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_ENGINE + +int ossl_err_load_ENGINE_strings(void); +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/err.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/err.h new file mode 100644 index 000000000000..15ec6fd0390a --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/err.h @@ -0,0 +1,20 @@ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_ERR_H +# define OSSL_CRYPTO_ERR_H +# pragma once + +int ossl_err_load_ERR_strings(void); +int ossl_err_load_crypto_strings(void); +void err_cleanup(void); +int err_shelve_state(void **); +void err_unshelve_state(void *); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ess.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ess.h new file mode 100644 index 000000000000..7acde5f8a4f5 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ess.h @@ -0,0 +1,76 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_ESS_H +# define OSSL_CRYPTO_ESS_H +# pragma once + +/*- + * IssuerSerial ::= SEQUENCE { + * issuer GeneralNames, + * serialNumber CertificateSerialNumber + * } + */ + +struct ESS_issuer_serial { + STACK_OF(GENERAL_NAME) *issuer; + ASN1_INTEGER *serial; +}; + +/*- + * ESSCertID ::= SEQUENCE { + * certHash Hash, + * issuerSerial IssuerSerial OPTIONAL + * } + */ + +struct ESS_cert_id { + ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ + ESS_ISSUER_SERIAL *issuer_serial; +}; + +/*- + * SigningCertificate ::= SEQUENCE { + * certs SEQUENCE OF ESSCertID, + * policies SEQUENCE OF PolicyInformation OPTIONAL + * } + */ + +struct ESS_signing_cert { + STACK_OF(ESS_CERT_ID) *cert_ids; + STACK_OF(POLICYINFO) *policy_info; +}; + +/*- + * ESSCertIDv2 ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier DEFAULT id-sha256, + * certHash Hash, + * issuerSerial IssuerSerial OPTIONAL + * } + */ + +struct ESS_cert_id_v2_st { + X509_ALGOR *hash_alg; /* Default: SHA-256 */ + ASN1_OCTET_STRING *hash; + ESS_ISSUER_SERIAL *issuer_serial; +}; + +/*- + * SigningCertificateV2 ::= SEQUENCE { + * certs SEQUENCE OF ESSCertIDv2, + * policies SEQUENCE OF PolicyInformation OPTIONAL + * } + */ + +struct ESS_signing_cert_v2_st { + STACK_OF(ESS_CERT_ID_V2) *cert_ids; + STACK_OF(POLICYINFO) *policy_info; +}; + +#endif /* OSSL_CRYPTO_ESS_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/esserr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/esserr.h new file mode 100644 index 000000000000..8df2df11eded --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/esserr.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_ESSERR_H +# define OSSL_CRYPTO_ESSERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_ESS_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/evp.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/evp.h new file mode 100644 index 000000000000..50ad737fc827 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/evp.h @@ -0,0 +1,972 @@ +/* + * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_EVP_H +# define OSSL_CRYPTO_EVP_H +# pragma once + +# include +# include +# include "internal/refcount.h" +# include "crypto/ecx.h" + +/* + * Default PKCS5 PBE KDF salt lengths + * In RFC 8018, PBE1 uses 8 bytes (64 bits) for its salt length. + * It also specifies to use at least 8 bytes for PBES2. + * The NIST requirement for PBKDF2 is 128 bits so we use this as the + * default for PBE2 (scrypt and HKDF2) + */ +# define PKCS5_DEFAULT_PBE1_SALT_LEN PKCS5_SALT_LEN +# define PKCS5_DEFAULT_PBE2_SALT_LEN 16 +/* + * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag + * values in evp.h + */ +#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400 +#define EVP_MD_CTX_FLAG_FINALISED 0x0800 + +#define evp_pkey_ctx_is_legacy(ctx) \ + ((ctx)->keymgmt == NULL) +#define evp_pkey_ctx_is_provided(ctx) \ + (!evp_pkey_ctx_is_legacy(ctx)) + +struct evp_pkey_ctx_st { + /* Actual operation */ + int operation; + + /* + * Library context, property query, keytype and keymgmt associated with + * this context + */ + OSSL_LIB_CTX *libctx; + char *propquery; + const char *keytype; + /* If |pkey| below is set, this field is always a reference to its keymgmt */ + EVP_KEYMGMT *keymgmt; + + union { + struct { + void *genctx; + } keymgmt; + + struct { + EVP_KEYEXCH *exchange; + /* + * Opaque ctx returned from a providers exchange algorithm + * implementation OSSL_FUNC_keyexch_newctx() + */ + void *algctx; + } kex; + + struct { + EVP_SIGNATURE *signature; + /* + * Opaque ctx returned from a providers signature algorithm + * implementation OSSL_FUNC_signature_newctx() + */ + void *algctx; + } sig; + + struct { + EVP_ASYM_CIPHER *cipher; + /* + * Opaque ctx returned from a providers asymmetric cipher algorithm + * implementation OSSL_FUNC_asym_cipher_newctx() + */ + void *algctx; + } ciph; + struct { + EVP_KEM *kem; + /* + * Opaque ctx returned from a providers KEM algorithm + * implementation OSSL_FUNC_kem_newctx() + */ + void *algctx; + } encap; + } op; + + /* + * Cached parameters. Inits of operations that depend on these should + * call evp_pkey_ctx_use_delayed_data() when the operation has been set + * up properly. + */ + struct { + /* Distinguishing Identifier, ISO/IEC 15946-3, FIPS 196 */ + char *dist_id_name; /* The name used with EVP_PKEY_CTX_ctrl_str() */ + void *dist_id; /* The distinguishing ID itself */ + size_t dist_id_len; /* The length of the distinguishing ID */ + + /* Indicators of what has been set. Keep them together! */ + unsigned int dist_id_set : 1; + } cached_parameters; + + /* Application specific data, usually used by the callback */ + void *app_data; + /* Keygen callback */ + EVP_PKEY_gen_cb *pkey_gencb; + /* implementation specific keygen data */ + int *keygen_info; + int keygen_info_count; + + /* Legacy fields below */ + + /* EVP_PKEY identity */ + int legacy_keytype; + /* Method associated with this operation */ + const EVP_PKEY_METHOD *pmeth; + /* Engine that implements this method or NULL if builtin */ + ENGINE *engine; + /* Key: may be NULL */ + EVP_PKEY *pkey; + /* Peer key for key agreement, may be NULL */ + EVP_PKEY *peerkey; + /* Algorithm specific data */ + void *data; + /* Indicator if digest_custom needs to be called */ + unsigned int flag_call_digest_custom:1; + /* + * Used to support taking custody of memory in the case of a provider being + * used with the deprecated EVP_PKEY_CTX_set_rsa_keygen_pubexp() API. This + * member should NOT be used for any other purpose and should be removed + * when said deprecated API is excised completely. + */ + BIGNUM *rsa_pubexp; +} /* EVP_PKEY_CTX */ ; + +#define EVP_PKEY_FLAG_DYNAMIC 1 + +struct evp_pkey_method_st { + int pkey_id; + int flags; + int (*init) (EVP_PKEY_CTX *ctx); + int (*copy) (EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); + void (*cleanup) (EVP_PKEY_CTX *ctx); + int (*paramgen_init) (EVP_PKEY_CTX *ctx); + int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); + int (*keygen_init) (EVP_PKEY_CTX *ctx); + int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); + int (*sign_init) (EVP_PKEY_CTX *ctx); + int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + int (*verify_init) (EVP_PKEY_CTX *ctx); + int (*verify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); + int (*verify_recover_init) (EVP_PKEY_CTX *ctx); + int (*verify_recover) (EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); + int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); + int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx); + int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); + int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, + EVP_MD_CTX *mctx); + int (*encrypt_init) (EVP_PKEY_CTX *ctx); + int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + int (*decrypt_init) (EVP_PKEY_CTX *ctx); + int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + int (*derive_init) (EVP_PKEY_CTX *ctx); + int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); + int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); + int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen); + int (*check) (EVP_PKEY *pkey); + int (*public_check) (EVP_PKEY *pkey); + int (*param_check) (EVP_PKEY *pkey); + + int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); +} /* EVP_PKEY_METHOD */ ; + +DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD) + +void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); + +const EVP_PKEY_METHOD *ossl_dh_pkey_method(void); +const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void); +const EVP_PKEY_METHOD *ossl_dsa_pkey_method(void); +const EVP_PKEY_METHOD *ossl_ec_pkey_method(void); +const EVP_PKEY_METHOD *ossl_ecx25519_pkey_method(void); +const EVP_PKEY_METHOD *ossl_ecx448_pkey_method(void); +const EVP_PKEY_METHOD *ossl_ed25519_pkey_method(void); +const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void); +const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void); +const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void); + +struct evp_mac_st { + OSSL_PROVIDER *prov; + int name_id; + char *type_name; + const char *description; + + CRYPTO_REF_COUNT refcnt; + + OSSL_FUNC_mac_newctx_fn *newctx; + OSSL_FUNC_mac_dupctx_fn *dupctx; + OSSL_FUNC_mac_freectx_fn *freectx; + OSSL_FUNC_mac_init_fn *init; + OSSL_FUNC_mac_update_fn *update; + OSSL_FUNC_mac_final_fn *final; + OSSL_FUNC_mac_gettable_params_fn *gettable_params; + OSSL_FUNC_mac_gettable_ctx_params_fn *gettable_ctx_params; + OSSL_FUNC_mac_settable_ctx_params_fn *settable_ctx_params; + OSSL_FUNC_mac_get_params_fn *get_params; + OSSL_FUNC_mac_get_ctx_params_fn *get_ctx_params; + OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params; +}; + +struct evp_kdf_st { + OSSL_PROVIDER *prov; + int name_id; + char *type_name; + const char *description; + CRYPTO_REF_COUNT refcnt; + + OSSL_FUNC_kdf_newctx_fn *newctx; + OSSL_FUNC_kdf_dupctx_fn *dupctx; + OSSL_FUNC_kdf_freectx_fn *freectx; + OSSL_FUNC_kdf_reset_fn *reset; + OSSL_FUNC_kdf_derive_fn *derive; + OSSL_FUNC_kdf_gettable_params_fn *gettable_params; + OSSL_FUNC_kdf_gettable_ctx_params_fn *gettable_ctx_params; + OSSL_FUNC_kdf_settable_ctx_params_fn *settable_ctx_params; + OSSL_FUNC_kdf_get_params_fn *get_params; + OSSL_FUNC_kdf_get_ctx_params_fn *get_ctx_params; + OSSL_FUNC_kdf_set_ctx_params_fn *set_ctx_params; +}; + +#define EVP_ORIG_DYNAMIC 0 +#define EVP_ORIG_GLOBAL 1 +#define EVP_ORIG_METH 2 + +struct evp_md_st { + /* nid */ + int type; + + /* Legacy structure members */ + int pkey_type; + int md_size; + unsigned long flags; + int origin; + int (*init) (EVP_MD_CTX *ctx); + int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); + int (*final) (EVP_MD_CTX *ctx, unsigned char *md); + int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); + int (*cleanup) (EVP_MD_CTX *ctx); + int block_size; + int ctx_size; /* how big does the ctx->md_data need to be */ + /* control function */ + int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); + + /* New structure members */ + /* Above comment to be removed when legacy has gone */ + int name_id; + char *type_name; + const char *description; + OSSL_PROVIDER *prov; + CRYPTO_REF_COUNT refcnt; + OSSL_FUNC_digest_newctx_fn *newctx; + OSSL_FUNC_digest_init_fn *dinit; + OSSL_FUNC_digest_update_fn *dupdate; + OSSL_FUNC_digest_final_fn *dfinal; + OSSL_FUNC_digest_squeeze_fn *dsqueeze; + OSSL_FUNC_digest_digest_fn *digest; + OSSL_FUNC_digest_freectx_fn *freectx; + OSSL_FUNC_digest_dupctx_fn *dupctx; + OSSL_FUNC_digest_get_params_fn *get_params; + OSSL_FUNC_digest_set_ctx_params_fn *set_ctx_params; + OSSL_FUNC_digest_get_ctx_params_fn *get_ctx_params; + OSSL_FUNC_digest_gettable_params_fn *gettable_params; + OSSL_FUNC_digest_settable_ctx_params_fn *settable_ctx_params; + OSSL_FUNC_digest_gettable_ctx_params_fn *gettable_ctx_params; + +} /* EVP_MD */ ; + +struct evp_cipher_st { + int nid; + + int block_size; + /* Default value for variable length ciphers */ + int key_len; + int iv_len; + + /* Legacy structure members */ + /* Various flags */ + unsigned long flags; + /* How the EVP_CIPHER was created. */ + int origin; + /* init key */ + int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); + /* encrypt/decrypt data */ + int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); + /* cleanup ctx */ + int (*cleanup) (EVP_CIPHER_CTX *); + /* how big ctx->cipher_data needs to be */ + int ctx_size; + /* Populate a ASN1_TYPE with parameters */ + int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); + /* Get parameters from a ASN1_TYPE */ + int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); + /* Miscellaneous operations */ + int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); + /* Application data */ + void *app_data; + + /* New structure members */ + /* Above comment to be removed when legacy has gone */ + int name_id; + char *type_name; + const char *description; + OSSL_PROVIDER *prov; + CRYPTO_REF_COUNT refcnt; + OSSL_FUNC_cipher_newctx_fn *newctx; + OSSL_FUNC_cipher_encrypt_init_fn *einit; + OSSL_FUNC_cipher_decrypt_init_fn *dinit; + OSSL_FUNC_cipher_update_fn *cupdate; + OSSL_FUNC_cipher_final_fn *cfinal; + OSSL_FUNC_cipher_cipher_fn *ccipher; + OSSL_FUNC_cipher_freectx_fn *freectx; + OSSL_FUNC_cipher_dupctx_fn *dupctx; + OSSL_FUNC_cipher_get_params_fn *get_params; + OSSL_FUNC_cipher_get_ctx_params_fn *get_ctx_params; + OSSL_FUNC_cipher_set_ctx_params_fn *set_ctx_params; + OSSL_FUNC_cipher_gettable_params_fn *gettable_params; + OSSL_FUNC_cipher_gettable_ctx_params_fn *gettable_ctx_params; + OSSL_FUNC_cipher_settable_ctx_params_fn *settable_ctx_params; +} /* EVP_CIPHER */ ; + +/* Macros to code block cipher wrappers */ + +/* Wrapper functions for each cipher mode */ + +#define EVP_C_DATA(kstruct, ctx) \ + ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx)) + +#define BLOCK_CIPHER_ecb_loop() \ + size_t i, bl; \ + bl = EVP_CIPHER_CTX_get0_cipher(ctx)->block_size; \ + if (inl < bl) return 1;\ + inl -= bl; \ + for (i=0; i <= inl; i+=bl) + +#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ +static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ +{\ + BLOCK_CIPHER_ecb_loop() \ + cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_is_encrypting(ctx)); \ + return 1;\ +} + +#define EVP_MAXCHUNK ((size_t)1 << 30) + +#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ + static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ +{\ + while(inl>=EVP_MAXCHUNK) {\ + int num = EVP_CIPHER_CTX_get_num(ctx);\ + cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \ + EVP_CIPHER_CTX_set_num(ctx, num);\ + inl-=EVP_MAXCHUNK;\ + in +=EVP_MAXCHUNK;\ + out+=EVP_MAXCHUNK;\ + }\ + if (inl) {\ + int num = EVP_CIPHER_CTX_get_num(ctx);\ + cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \ + EVP_CIPHER_CTX_set_num(ctx, num);\ + }\ + return 1;\ +} + +#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ +static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ +{\ + while(inl>=EVP_MAXCHUNK) \ + {\ + cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\ + inl-=EVP_MAXCHUNK;\ + in +=EVP_MAXCHUNK;\ + out+=EVP_MAXCHUNK;\ + }\ + if (inl)\ + cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\ + return 1;\ +} + +#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ +static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ +{\ + size_t chunk = EVP_MAXCHUNK;\ + if (cbits == 1) chunk >>= 3;\ + if (inl < chunk) chunk = inl;\ + while (inl && inl >= chunk)\ + {\ + int num = EVP_CIPHER_CTX_get_num(ctx);\ + cprefix##_cfb##cbits##_encrypt(in, out, (long) \ + ((cbits == 1) \ + && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \ + ? chunk*8 : chunk), \ + &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv,\ + &num, EVP_CIPHER_CTX_is_encrypting(ctx));\ + EVP_CIPHER_CTX_set_num(ctx, num);\ + inl -= chunk;\ + in += chunk;\ + out += chunk;\ + if (inl < chunk) chunk = inl;\ + }\ + return 1;\ +} + +#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ + BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ + BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ + BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ + BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) + +#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \ + key_len, iv_len, flags, init_key, cleanup, \ + set_asn1, get_asn1, ctrl) \ +static const EVP_CIPHER cname##_##mode = { \ + nid##_##nmode, block_size, key_len, iv_len, \ + flags | EVP_CIPH_##MODE##_MODE, \ + EVP_ORIG_GLOBAL, \ + init_key, \ + cname##_##mode##_cipher, \ + cleanup, \ + sizeof(kstruct), \ + set_asn1, get_asn1,\ + ctrl, \ + NULL \ +}; \ +const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; } + +#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \ + iv_len, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) \ +BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ + iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) + +#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ + iv_len, cbits, flags, init_key, cleanup, \ + set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \ + key_len, iv_len, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) + +#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \ + iv_len, cbits, flags, init_key, cleanup, \ + set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \ + key_len, iv_len, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) + +#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \ + flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) \ +BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ + 0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) + +#define BLOCK_CIPHER_defs(cname, kstruct, \ + nid, block_size, key_len, iv_len, cbits, flags, \ + init_key, cleanup, set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ + init_key, cleanup, set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \ + flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \ + flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \ + init_key, cleanup, set_asn1, get_asn1, ctrl) + +/*- +#define BLOCK_CIPHER_defs(cname, kstruct, \ + nid, block_size, key_len, iv_len, flags,\ + init_key, cleanup, set_asn1, get_asn1, ctrl)\ +static const EVP_CIPHER cname##_cbc = {\ + nid##_cbc, block_size, key_len, iv_len, \ + flags | EVP_CIPH_CBC_MODE,\ + EVP_ORIG_GLOBAL,\ + init_key,\ + cname##_cbc_cipher,\ + cleanup,\ + sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ + sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ + set_asn1, get_asn1,\ + ctrl, \ + NULL \ +};\ +const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ +static const EVP_CIPHER cname##_cfb = {\ + nid##_cfb64, 1, key_len, iv_len, \ + flags | EVP_CIPH_CFB_MODE,\ + EVP_ORIG_GLOBAL,\ + init_key,\ + cname##_cfb_cipher,\ + cleanup,\ + sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ + sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ + set_asn1, get_asn1,\ + ctrl,\ + NULL \ +};\ +const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ +static const EVP_CIPHER cname##_ofb = {\ + nid##_ofb64, 1, key_len, iv_len, \ + flags | EVP_CIPH_OFB_MODE,\ + EVP_ORIG_GLOBAL,\ + init_key,\ + cname##_ofb_cipher,\ + cleanup,\ + sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ + sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ + set_asn1, get_asn1,\ + ctrl,\ + NULL \ +};\ +const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ +static const EVP_CIPHER cname##_ecb = {\ + nid##_ecb, block_size, key_len, iv_len, \ + flags | EVP_CIPH_ECB_MODE,\ + EVP_ORIG_GLOBAL,\ + init_key,\ + cname##_ecb_cipher,\ + cleanup,\ + sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ + sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ + set_asn1, get_asn1,\ + ctrl,\ + NULL \ +};\ +const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } +*/ + +#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ + block_size, key_len, iv_len, cbits, \ + flags, init_key, \ + cleanup, set_asn1, get_asn1, ctrl) \ + BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ + BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ + cbits, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) + +#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \ + BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ + BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ + NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ + (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \ + cipher##_init_key, NULL, NULL, NULL, NULL) + +typedef struct { + unsigned char iv[EVP_MAX_IV_LENGTH]; + unsigned int iv_len; + unsigned int tag_len; +} evp_cipher_aead_asn1_params; + +int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, + evp_cipher_aead_asn1_params *params); + +int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, + evp_cipher_aead_asn1_params *params); + +/* + * To support transparent execution of operation in backends other + * than the "origin" key, we support transparent export/import to + * those providers, and maintain a cache of the imported keydata, + * so we don't need to redo the export/import every time we perform + * the same operation in that same provider. + * This requires that the "origin" backend (whether it's a legacy or a + * provider "origin") implements exports, and that the target provider + * has an EVP_KEYMGMT that implements import. + */ +typedef struct { + EVP_KEYMGMT *keymgmt; + void *keydata; + int selection; +} OP_CACHE_ELEM; + +DEFINE_STACK_OF(OP_CACHE_ELEM) + +/* + * An EVP_PKEY can have the following states: + * + * untyped & empty: + * + * type == EVP_PKEY_NONE && keymgmt == NULL + * + * typed & empty: + * + * (type != EVP_PKEY_NONE && pkey.ptr == NULL) ## legacy (libcrypto only) + * || (keymgmt != NULL && keydata == NULL) ## provider side + * + * fully assigned: + * + * (type != EVP_PKEY_NONE && pkey.ptr != NULL) ## legacy (libcrypto only) + * || (keymgmt != NULL && keydata != NULL) ## provider side + * + * The easiest way to detect a legacy key is: + * + * keymgmt == NULL && type != EVP_PKEY_NONE + * + * The easiest way to detect a provider side key is: + * + * keymgmt != NULL + */ +#define evp_pkey_is_blank(pk) \ + ((pk)->type == EVP_PKEY_NONE && (pk)->keymgmt == NULL) +#define evp_pkey_is_typed(pk) \ + ((pk)->type != EVP_PKEY_NONE || (pk)->keymgmt != NULL) +#ifndef FIPS_MODULE +# define evp_pkey_is_assigned(pk) \ + ((pk)->pkey.ptr != NULL || (pk)->keydata != NULL) +#else +# define evp_pkey_is_assigned(pk) \ + ((pk)->keydata != NULL) +#endif +#define evp_pkey_is_legacy(pk) \ + ((pk)->type != EVP_PKEY_NONE && (pk)->keymgmt == NULL) +#define evp_pkey_is_provided(pk) \ + ((pk)->keymgmt != NULL) + +union legacy_pkey_st { + void *ptr; + struct rsa_st *rsa; /* RSA */ +# ifndef OPENSSL_NO_DSA + struct dsa_st *dsa; /* DSA */ +# endif +# ifndef OPENSSL_NO_DH + struct dh_st *dh; /* DH */ +# endif +# ifndef OPENSSL_NO_EC + struct ec_key_st *ec; /* ECC */ +# ifndef OPENSSL_NO_ECX + ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */ +# endif +# endif +}; + +struct evp_pkey_st { + /* == Legacy attributes == */ + int type; + int save_type; + +# ifndef FIPS_MODULE + /* + * Legacy key "origin" is composed of a pointer to an EVP_PKEY_ASN1_METHOD, + * a pointer to a low level key and possibly a pointer to an engine. + */ + const EVP_PKEY_ASN1_METHOD *ameth; + ENGINE *engine; + ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */ + + /* Union to store the reference to an origin legacy key */ + union legacy_pkey_st pkey; + + /* Union to store the reference to a non-origin legacy key */ + union legacy_pkey_st legacy_cache_pkey; +# endif + + /* == Common attributes == */ + CRYPTO_REF_COUNT references; + CRYPTO_RWLOCK *lock; +#ifndef FIPS_MODULE + STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ + int save_parameters; + unsigned int foreign:1; /* the low-level key is using an engine or an app-method */ + CRYPTO_EX_DATA ex_data; +#endif + + /* == Provider attributes == */ + + /* + * Provider keydata "origin" is composed of a pointer to an EVP_KEYMGMT + * and a pointer to the provider side key data. This is never used at + * the same time as the legacy key data above. + */ + EVP_KEYMGMT *keymgmt; + void *keydata; + /* + * If any libcrypto code does anything that may modify the keydata + * contents, this dirty counter must be incremented. + */ + size_t dirty_cnt; + + /* + * To support transparent execution of operation in backends other + * than the "origin" key, we support transparent export/import to + * those providers, and maintain a cache of the imported keydata, + * so we don't need to redo the export/import every time we perform + * the same operation in that same provider. + */ + STACK_OF(OP_CACHE_ELEM) *operation_cache; + + /* + * We keep a copy of that "origin"'s dirty count, so we know if the + * operation cache needs flushing. + */ + size_t dirty_cnt_copy; + + /* Cache of key object information */ + struct { + int bits; + int security_bits; + int size; + } cache; +} /* EVP_PKEY */ ; + +#define EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) \ + ((ctx)->operation == EVP_PKEY_OP_SIGN \ + || (ctx)->operation == EVP_PKEY_OP_SIGNCTX \ + || (ctx)->operation == EVP_PKEY_OP_VERIFY \ + || (ctx)->operation == EVP_PKEY_OP_VERIFYCTX \ + || (ctx)->operation == EVP_PKEY_OP_VERIFYRECOVER) + +#define EVP_PKEY_CTX_IS_DERIVE_OP(ctx) \ + ((ctx)->operation == EVP_PKEY_OP_DERIVE) + +#define EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) \ + ((ctx)->operation == EVP_PKEY_OP_ENCRYPT \ + || (ctx)->operation == EVP_PKEY_OP_DECRYPT) + +#define EVP_PKEY_CTX_IS_GEN_OP(ctx) \ + ((ctx)->operation == EVP_PKEY_OP_PARAMGEN \ + || (ctx)->operation == EVP_PKEY_OP_KEYGEN) + +#define EVP_PKEY_CTX_IS_FROMDATA_OP(ctx) \ + ((ctx)->operation == EVP_PKEY_OP_FROMDATA) + +#define EVP_PKEY_CTX_IS_KEM_OP(ctx) \ + ((ctx)->operation == EVP_PKEY_OP_ENCAPSULATE \ + || (ctx)->operation == EVP_PKEY_OP_DECAPSULATE) + +void openssl_add_all_ciphers_int(void); +void openssl_add_all_digests_int(void); +void evp_cleanup_int(void); +void evp_app_cleanup_int(void); +void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx, + EVP_KEYMGMT **keymgmt, + const char *propquery); +#ifndef FIPS_MODULE +int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src); +void *evp_pkey_get_legacy(EVP_PKEY *pk); +void evp_pkey_free_legacy(EVP_PKEY *x); +EVP_PKEY *evp_pkcs82pkey_legacy(const PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *libctx, const char *propq); +#endif + +/* + * KEYMGMT utility functions + */ + +/* + * Key import structure and helper function, to be used as an export callback + */ +struct evp_keymgmt_util_try_import_data_st { + EVP_KEYMGMT *keymgmt; + void *keydata; + + int selection; +}; +int evp_keymgmt_util_try_import(const OSSL_PARAM params[], void *arg); +int evp_keymgmt_util_assign_pkey(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt, + void *keydata); +EVP_PKEY *evp_keymgmt_util_make_pkey(EVP_KEYMGMT *keymgmt, void *keydata); + +int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection, + OSSL_CALLBACK *export_cb, void *export_cbarg); +void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, + int selection); +OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, + EVP_KEYMGMT *keymgmt, + int selection); +int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk); +int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, + void *keydata, int selection); +void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk); +void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, + int selection, const OSSL_PARAM params[]); +int evp_keymgmt_util_has(EVP_PKEY *pk, int selection); +int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection); +int evp_keymgmt_util_copy(EVP_PKEY *to, EVP_PKEY *from, int selection); +void *evp_keymgmt_util_gen(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, + void *genctx, OSSL_CALLBACK *cb, void *cbarg); +int evp_keymgmt_util_get_deflt_digest_name(EVP_KEYMGMT *keymgmt, + void *keydata, + char *mdname, size_t mdname_sz); +const char *evp_keymgmt_util_query_operation_name(EVP_KEYMGMT *keymgmt, + int op_id); + +/* + * KEYMGMT provider interface functions + */ +void *evp_keymgmt_newdata(const EVP_KEYMGMT *keymgmt); +void evp_keymgmt_freedata(const EVP_KEYMGMT *keymgmt, void *keyddata); +int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt, + void *keydata, OSSL_PARAM params[]); +int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt, + void *keydata, const OSSL_PARAM params[]); +void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection, + const OSSL_PARAM params[]); +int evp_keymgmt_gen_set_template(const EVP_KEYMGMT *keymgmt, void *genctx, + void *templ); +int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx, + const OSSL_PARAM params[]); +void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx, + OSSL_CALLBACK *cb, void *cbarg); +void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx); + +int evp_keymgmt_has_load(const EVP_KEYMGMT *keymgmt); +void *evp_keymgmt_load(const EVP_KEYMGMT *keymgmt, + const void *objref, size_t objref_sz); + +int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keyddata, int selection); +int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata, + int selection, int checktype); +int evp_keymgmt_match(const EVP_KEYMGMT *keymgmt, + const void *keydata1, const void *keydata2, + int selection); + +int evp_keymgmt_import(const EVP_KEYMGMT *keymgmt, void *keydata, + int selection, const OSSL_PARAM params[]); +const OSSL_PARAM *evp_keymgmt_import_types(const EVP_KEYMGMT *keymgmt, + int selection); +int evp_keymgmt_export(const EVP_KEYMGMT *keymgmt, void *keydata, + int selection, OSSL_CALLBACK *param_cb, void *cbarg); +const OSSL_PARAM *evp_keymgmt_export_types(const EVP_KEYMGMT *keymgmt, + int selection); +void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt, + const void *keydata_from, int selection); +EVP_KEYMGMT *evp_keymgmt_fetch_from_prov(OSSL_PROVIDER *prov, + const char *name, + const char *properties); + +/* Pulling defines out of C source files */ + +# define EVP_RC4_KEY_SIZE 16 +# ifndef TLS1_1_VERSION +# define TLS1_1_VERSION 0x0302 +# endif + +void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags); + +/* EVP_ENCODE_CTX flags */ +/* Don't generate new lines when encoding */ +#define EVP_ENCODE_CTX_NO_NEWLINES 1 +/* Use the SRP base64 alphabet instead of the standard one */ +#define EVP_ENCODE_CTX_USE_SRP_ALPHABET 2 + +const EVP_CIPHER *evp_get_cipherbyname_ex(OSSL_LIB_CTX *libctx, + const char *name); +const EVP_MD *evp_get_digestbyname_ex(OSSL_LIB_CTX *libctx, + const char *name); + +int ossl_pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + const EVP_MD *digest, int keylen, + unsigned char *out, + OSSL_LIB_CTX *libctx, const char *propq); + +# ifndef FIPS_MODULE +/* + * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params(). + * + * Return 1 on success, 0 or negative for errors. + * + * In particular they return -2 if any of the params is not supported. + * + * They are not available in FIPS_MODULE as they depend on + * - EVP_PKEY_CTX_{get,set}_params() + * - EVP_PKEY_CTX_{gettable,settable}_params() + * + */ +int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); +int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); + +EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id, + OSSL_LIB_CTX *libctx, const char *propq); +int evp_pkey_name2type(const char *name); +const char *evp_pkey_type2name(int type); + +int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx); +# endif /* !defined(FIPS_MODULE) */ + +int evp_method_store_cache_flush(OSSL_LIB_CTX *libctx); +int evp_method_store_remove_all_provided(const OSSL_PROVIDER *prov); + +int evp_default_properties_enable_fips_int(OSSL_LIB_CTX *libctx, int enable, + int loadconfig); +int evp_set_default_properties_int(OSSL_LIB_CTX *libctx, const char *propq, + int loadconfig, int mirrored); +char *evp_get_global_properties_str(OSSL_LIB_CTX *libctx, int loadconfig); + +void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force, int keep_digest); +/* just free the algctx if set, returns 0 on inconsistent state of ctx */ +int evp_md_ctx_free_algctx(EVP_MD_CTX *ctx); + +/* Three possible states: */ +# define EVP_PKEY_STATE_UNKNOWN 0 +# define EVP_PKEY_STATE_LEGACY 1 +# define EVP_PKEY_STATE_PROVIDER 2 +int evp_pkey_ctx_state(const EVP_PKEY_CTX *ctx); + +/* These two must ONLY be called for provider side operations */ +int evp_pkey_ctx_ctrl_to_param(EVP_PKEY_CTX *ctx, + int keytype, int optype, + int cmd, int p1, void *p2); +int evp_pkey_ctx_ctrl_str_to_param(EVP_PKEY_CTX *ctx, + const char *name, const char *value); + +/* These two must ONLY be called for legacy operations */ +int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params); +int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); + +/* This must ONLY be called for legacy EVP_PKEYs */ +int evp_pkey_get_params_to_ctrl(const EVP_PKEY *pkey, OSSL_PARAM *params); + +/* Same as the public get0 functions but are not const */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +DH *evp_pkey_get0_DH_int(const EVP_PKEY *pkey); +EC_KEY *evp_pkey_get0_EC_KEY_int(const EVP_PKEY *pkey); +RSA *evp_pkey_get0_RSA_int(const EVP_PKEY *pkey); +# endif + +/* Get internal identification number routines */ +int evp_asym_cipher_get_number(const EVP_ASYM_CIPHER *cipher); +int evp_cipher_get_number(const EVP_CIPHER *cipher); +int evp_kdf_get_number(const EVP_KDF *kdf); +int evp_kem_get_number(const EVP_KEM *wrap); +int evp_keyexch_get_number(const EVP_KEYEXCH *keyexch); +int evp_keymgmt_get_number(const EVP_KEYMGMT *keymgmt); +int evp_keymgmt_get_legacy_alg(const EVP_KEYMGMT *keymgmt); +int evp_mac_get_number(const EVP_MAC *mac); +int evp_md_get_number(const EVP_MD *md); +int evp_rand_get_number(const EVP_RAND *rand); +int evp_rand_can_seed(EVP_RAND_CTX *ctx); +size_t evp_rand_get_seed(EVP_RAND_CTX *ctx, + unsigned char **buffer, + int entropy, size_t min_len, size_t max_len, + int prediction_resistance, + const unsigned char *adin, size_t adin_len); +void evp_rand_clear_seed(EVP_RAND_CTX *ctx, + unsigned char *buffer, size_t b_len); +int evp_signature_get_number(const EVP_SIGNATURE *signature); + +int evp_pkey_decrypt_alloc(EVP_PKEY_CTX *ctx, unsigned char **outp, + size_t *outlenp, size_t expected_outlen, + const unsigned char *in, size_t inlen); + +#endif /* OSSL_CRYPTO_EVP_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/evperr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/evperr.h new file mode 100644 index 000000000000..4a00110791ee --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/evperr.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_EVPERR_H +# define OSSL_CRYPTO_EVPERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_EVP_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/httperr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/httperr.h new file mode 100644 index 000000000000..827d61a235d6 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/httperr.h @@ -0,0 +1,30 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_HTTPERR_H +# define OSSL_CRYPTO_HTTPERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_HTTP + +int ossl_err_load_HTTP_strings(void); +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/lhash.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/lhash.h new file mode 100644 index 000000000000..0f64869f54ba --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/lhash.h @@ -0,0 +1,16 @@ +/* + * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_LHASH_H +# define OSSL_CRYPTO_LHASH_H +# pragma once + +unsigned long ossl_lh_strcasehash(const char *); + +#endif /* OSSL_CRYPTO_LHASH_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/md32_common.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/md32_common.h new file mode 100644 index 000000000000..46214f3237cc --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/md32_common.h @@ -0,0 +1,284 @@ +/* + * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/*- + * This is a generic 32 bit "collector" for message digest algorithms. + * Whenever needed it collects input character stream into chunks of + * 32 bit values and invokes a block function that performs actual hash + * calculations. + * + * Porting guide. + * + * Obligatory macros: + * + * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN + * this macro defines byte order of input stream. + * HASH_CBLOCK + * size of a unit chunk HASH_BLOCK operates on. + * HASH_LONG + * has to be at least 32 bit wide. + * HASH_CTX + * context structure that at least contains following + * members: + * typedef struct { + * ... + * HASH_LONG Nl,Nh; + * either { + * HASH_LONG data[HASH_LBLOCK]; + * unsigned char data[HASH_CBLOCK]; + * }; + * unsigned int num; + * ... + * } HASH_CTX; + * data[] vector is expected to be zeroed upon first call to + * HASH_UPDATE. + * HASH_UPDATE + * name of "Update" function, implemented here. + * HASH_TRANSFORM + * name of "Transform" function, implemented here. + * HASH_FINAL + * name of "Final" function, implemented here. + * HASH_BLOCK_DATA_ORDER + * name of "block" function capable of treating *unaligned* input + * message in original (data) byte order, implemented externally. + * HASH_MAKE_STRING + * macro converting context variables to an ASCII hash string. + * + * MD5 example: + * + * #define DATA_ORDER_IS_LITTLE_ENDIAN + * + * #define HASH_LONG MD5_LONG + * #define HASH_CTX MD5_CTX + * #define HASH_CBLOCK MD5_CBLOCK + * #define HASH_UPDATE MD5_Update + * #define HASH_TRANSFORM MD5_Transform + * #define HASH_FINAL MD5_Final + * #define HASH_BLOCK_DATA_ORDER md5_block_data_order + */ + +#ifndef OSSL_CRYPTO_MD32_COMMON_H +# define OSSL_CRYPTO_MD32_COMMON_H +# pragma once + +# include + +# if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) +# error "DATA_ORDER must be defined!" +# endif + +# ifndef HASH_CBLOCK +# error "HASH_CBLOCK must be defined!" +# endif +# ifndef HASH_LONG +# error "HASH_LONG must be defined!" +# endif +# ifndef HASH_CTX +# error "HASH_CTX must be defined!" +# endif + +# ifndef HASH_UPDATE +# error "HASH_UPDATE must be defined!" +# endif +# ifndef HASH_TRANSFORM +# error "HASH_TRANSFORM must be defined!" +# endif +# ifndef HASH_FINAL +# error "HASH_FINAL must be defined!" +# endif + +# ifndef HASH_BLOCK_DATA_ORDER +# error "HASH_BLOCK_DATA_ORDER must be defined!" +# endif + +# define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) + +#ifndef PEDANTIC +# if defined(__GNUC__) && __GNUC__>=2 && \ + !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(__riscv_zbb) || defined(__riscv_zbkb) +# if __riscv_xlen == 64 +# undef ROTATE +# define ROTATE(x, n) ({ MD32_REG_T ret; \ + asm ("roriw %0, %1, %2" \ + : "=r"(ret) \ + : "r"(x), "i"(32 - (n))); ret;}) +# endif +# if __riscv_xlen == 32 +# undef ROTATE +# define ROTATE(x, n) ({ MD32_REG_T ret; \ + asm ("rori %0, %1, %2" \ + : "=r"(ret) \ + : "r"(x), "i"(32 - (n))); ret;}) +# endif +# endif +# endif +#endif + +# if defined(DATA_ORDER_IS_BIG_ENDIAN) + +# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ + l|=(((unsigned long)(*((c)++)))<<16), \ + l|=(((unsigned long)(*((c)++)))<< 8), \ + l|=(((unsigned long)(*((c)++))) ) ) +# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff), \ + l) + +# elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) + +# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ + l|=(((unsigned long)(*((c)++)))<< 8), \ + l|=(((unsigned long)(*((c)++)))<<16), \ + l|=(((unsigned long)(*((c)++)))<<24) ) +# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24)&0xff), \ + l) + +# endif + +/* + * Time for some action :-) + */ + +int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) +{ + const unsigned char *data = data_; + unsigned char *p; + HASH_LONG l; + size_t n; + + if (len == 0) + return 1; + + l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL; + if (l < c->Nl) /* overflow */ + c->Nh++; + c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on + * 16-bit */ + c->Nl = l; + + n = c->num; + if (n != 0) { + p = (unsigned char *)c->data; + + if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) { + memcpy(p + n, data, HASH_CBLOCK - n); + HASH_BLOCK_DATA_ORDER(c, p, 1); + n = HASH_CBLOCK - n; + data += n; + len -= n; + c->num = 0; + /* + * We use memset rather than OPENSSL_cleanse() here deliberately. + * Using OPENSSL_cleanse() here could be a performance issue. It + * will get properly cleansed on finalisation so this isn't a + * security problem. + */ + memset(p, 0, HASH_CBLOCK); /* keep it zeroed */ + } else { + memcpy(p + n, data, len); + c->num += (unsigned int)len; + return 1; + } + } + + n = len / HASH_CBLOCK; + if (n > 0) { + HASH_BLOCK_DATA_ORDER(c, data, n); + n *= HASH_CBLOCK; + data += n; + len -= n; + } + + if (len != 0) { + p = (unsigned char *)c->data; + c->num = (unsigned int)len; + memcpy(p, data, len); + } + return 1; +} + +void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data) +{ + HASH_BLOCK_DATA_ORDER(c, data, 1); +} + +int HASH_FINAL(unsigned char *md, HASH_CTX *c) +{ + unsigned char *p = (unsigned char *)c->data; + size_t n = c->num; + + p[n] = 0x80; /* there is always room for one */ + n++; + + if (n > (HASH_CBLOCK - 8)) { + memset(p + n, 0, HASH_CBLOCK - n); + n = 0; + HASH_BLOCK_DATA_ORDER(c, p, 1); + } + memset(p + n, 0, HASH_CBLOCK - 8 - n); + + p += HASH_CBLOCK - 8; +# if defined(DATA_ORDER_IS_BIG_ENDIAN) + (void)HOST_l2c(c->Nh, p); + (void)HOST_l2c(c->Nl, p); +# elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) + (void)HOST_l2c(c->Nl, p); + (void)HOST_l2c(c->Nh, p); +# endif + p -= HASH_CBLOCK; + HASH_BLOCK_DATA_ORDER(c, p, 1); + c->num = 0; + OPENSSL_cleanse(p, HASH_CBLOCK); + +# ifndef HASH_MAKE_STRING +# error "HASH_MAKE_STRING must be defined!" +# else + HASH_MAKE_STRING(c, md); +# endif + + return 1; +} + +# ifndef MD32_REG_T +# if defined(__alpha) || defined(__sparcv9) || defined(__mips) +# define MD32_REG_T long +/* + * This comment was originally written for MD5, which is why it + * discusses A-D. But it basically applies to all 32-bit digests, + * which is why it was moved to common header file. + * + * In case you wonder why A-D are declared as long and not + * as MD5_LONG. Doing so results in slight performance + * boost on LP64 architectures. The catch is we don't + * really care if 32 MSBs of a 64-bit register get polluted + * with eventual overflows as we *save* only 32 LSBs in + * *either* case. Now declaring 'em long excuses the compiler + * from keeping 32 MSBs zeroed resulting in 13% performance + * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. + * Well, to be honest it should say that this *prevents* + * performance degradation. + */ +# else +/* + * Above is not absolute and there are LP64 compilers that + * generate better code if MD32_REG_T is defined int. The above + * pre-processor condition reflects the circumstances under which + * the conclusion was made and is subject to further extension. + */ +# define MD32_REG_T int +# endif +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/modes.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/modes.h new file mode 100644 index 000000000000..d03ca83d00f2 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/modes.h @@ -0,0 +1,236 @@ +/* + * Copyright 2010-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* This header can move into provider when legacy support is removed */ +#include + +#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +typedef __int64 i64; +typedef unsigned __int64 u64; +# define U64(C) C##UI64 +#elif defined(__arch64__) +typedef long i64; +typedef unsigned long u64; +# define U64(C) C##UL +#else +typedef long long i64; +typedef unsigned long long u64; +# define U64(C) C##ULL +#endif + +typedef unsigned int u32; +typedef unsigned char u8; + +#define STRICT_ALIGNMENT 1 +#ifndef PEDANTIC +# if defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__aarch64__) || \ + defined(__s390__) || defined(__s390x__) +# undef STRICT_ALIGNMENT +# endif +#endif + +#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(__GNUC__) && __GNUC__>=2 +# if defined(__x86_64) || defined(__x86_64__) +# define BSWAP8(x) ({ u64 ret_=(x); \ + asm ("bswapq %0" \ + : "+r"(ret_)); ret_; }) +# define BSWAP4(x) ({ u32 ret_=(x); \ + asm ("bswapl %0" \ + : "+r"(ret_)); ret_; }) +# elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY) +# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ + asm ("bswapl %0; bswapl %1" \ + : "+r"(hi_),"+r"(lo_)); \ + (u64)hi_<<32|lo_; }) +# define BSWAP4(x) ({ u32 ret_=(x); \ + asm ("bswapl %0" \ + : "+r"(ret_)); ret_; }) +# elif defined(__aarch64__) +# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ + __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ +# define BSWAP8(x) ({ u64 ret_; \ + asm ("rev %0,%1" \ + : "=r"(ret_) : "r"(x)); ret_; }) +# define BSWAP4(x) ({ u32 ret_; \ + asm ("rev %w0,%w1" \ + : "=r"(ret_) : "r"(x)); ret_; }) +# endif +# elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT) +# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ + asm ("rev %0,%0; rev %1,%1" \ + : "+r"(hi_),"+r"(lo_)); \ + (u64)hi_<<32|lo_; }) +# define BSWAP4(x) ({ u32 ret_; \ + asm ("rev %0,%1" \ + : "=r"(ret_) : "r"((u32)(x))); \ + ret_; }) +# elif (defined(__riscv_zbb) || defined(__riscv_zbkb)) && __riscv_xlen == 64 +# define BSWAP8(x) ({ u64 ret_=(x); \ + asm ("rev8 %0,%0" \ + : "+r"(ret_)); ret_; }) +# define BSWAP4(x) ({ u32 ret_=(x); \ + asm ("rev8 %0,%0; srli %0,%0,32"\ + : "+&r"(ret_)); ret_; }) +# endif +# elif defined(_MSC_VER) +# if _MSC_VER>=1300 +# include +# pragma intrinsic(_byteswap_uint64,_byteswap_ulong) +# define BSWAP8(x) _byteswap_uint64((u64)(x)) +# define BSWAP4(x) _byteswap_ulong((u32)(x)) +# elif defined(_M_IX86) +__inline u32 _bswap4(u32 val) +{ +_asm mov eax, val _asm bswap eax} +# define BSWAP4(x) _bswap4(x) +# endif +# endif +#endif +#if defined(BSWAP4) && !defined(STRICT_ALIGNMENT) +# define GETU32(p) BSWAP4(*(const u32 *)(p)) +# define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v) +#else +# define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3]) +# define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v)) +#endif +/*- GCM definitions */ typedef struct { + u64 hi, lo; +} u128; + +typedef void (*gcm_init_fn)(u128 Htable[16], const u64 H[2]); +typedef void (*gcm_ghash_fn)(u64 Xi[2], const u128 Htable[16], const u8 *inp, size_t len); +typedef void (*gcm_gmult_fn)(u64 Xi[2], const u128 Htable[16]); +struct gcm_funcs_st { + gcm_init_fn ginit; + gcm_ghash_fn ghash; + gcm_gmult_fn gmult; +}; + +struct gcm128_context { + /* Following 6 names follow names in GCM specification */ + union { + u64 u[2]; + u32 d[4]; + u8 c[16]; + size_t t[16 / sizeof(size_t)]; + } Yi, EKi, EK0, len, Xi, H; + /* + * Relative position of Yi, EKi, EK0, len, Xi, H and pre-computed Htable is + * used in some assembler modules, i.e. don't change the order! + */ + u128 Htable[16]; + struct gcm_funcs_st funcs; + unsigned int mres, ares; + block128_f block; + void *key; +#if !defined(OPENSSL_SMALL_FOOTPRINT) + unsigned char Xn[48]; +#endif +}; + +/* GHASH functions */ +void ossl_gcm_init_4bit(u128 Htable[16], const u64 H[2]); +void ossl_gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], + const u8 *inp, size_t len); +void ossl_gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]); + +/* + * The maximum permitted number of cipher blocks per data unit in XTS mode. + * Reference IEEE Std 1619-2018. + */ +#define XTS_MAX_BLOCKS_PER_DATA_UNIT (1<<20) + +struct xts128_context { + void *key1, *key2; + block128_f block1, block2; +}; + +/* XTS mode for SM4 algorithm specified by GB/T 17964-2021 */ +int ossl_crypto_xts128gb_encrypt(const XTS128_CONTEXT *ctx, + const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, + size_t len, int enc); + +struct ccm128_context { + union { + u64 u[2]; + u8 c[16]; + } nonce, cmac; + u64 blocks; + block128_f block; + void *key; +}; + +#ifndef OPENSSL_NO_OCB + +typedef union { + u64 a[2]; + unsigned char c[16]; +} OCB_BLOCK; +# define ocb_block16_xor(in1,in2,out) \ + ( (out)->a[0]=(in1)->a[0]^(in2)->a[0], \ + (out)->a[1]=(in1)->a[1]^(in2)->a[1] ) +# if STRICT_ALIGNMENT +# define ocb_block16_xor_misaligned(in1,in2,out) \ + ocb_block_xor((in1)->c,(in2)->c,16,(out)->c) +# else +# define ocb_block16_xor_misaligned ocb_block16_xor +# endif + +struct ocb128_context { + /* Need both encrypt and decrypt key schedules for decryption */ + block128_f encrypt; + block128_f decrypt; + void *keyenc; + void *keydec; + ocb128_f stream; /* direction dependent */ + /* Key dependent variables. Can be reused if key remains the same */ + size_t l_index; + size_t max_l_index; + OCB_BLOCK l_star; + OCB_BLOCK l_dollar; + OCB_BLOCK *l; + /* Must be reset for each session */ + struct { + u64 blocks_hashed; + u64 blocks_processed; + OCB_BLOCK offset_aad; + OCB_BLOCK sum; + OCB_BLOCK offset; + OCB_BLOCK checksum; + } sess; +}; +#endif /* OPENSSL_NO_OCB */ + +#ifndef OPENSSL_NO_SIV + +#define SIV_LEN 16 + +typedef union siv_block_u { + uint64_t word[SIV_LEN/sizeof(uint64_t)]; + unsigned char byte[SIV_LEN]; +} SIV_BLOCK; + +struct siv128_context { + /* d stores intermediate results of S2V; it corresponds to D from the + pseudocode in section 2.4 of RFC 5297. */ + SIV_BLOCK d; + SIV_BLOCK tag; + EVP_CIPHER_CTX *cipher_ctx; + EVP_MAC *mac; + EVP_MAC_CTX *mac_ctx_init; + int final_ret; + int crypto_ok; +}; + +#endif /* OPENSSL_NO_SIV */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/objects.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/objects.h new file mode 100644 index 000000000000..f22e9287723a --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/objects.h @@ -0,0 +1,12 @@ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +void ossl_obj_cleanup_int(void); diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/objectserr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/objectserr.h new file mode 100644 index 000000000000..ec9948241c35 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/objectserr.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_OBJECTSERR_H +# define OSSL_CRYPTO_OBJECTSERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_OBJ_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ocsperr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ocsperr.h new file mode 100644 index 000000000000..f9529b2a2f72 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ocsperr.h @@ -0,0 +1,30 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_OCSPERR_H +# define OSSL_CRYPTO_OCSPERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_OCSP + +int ossl_err_load_OCSP_strings(void); +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/pem.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/pem.h new file mode 100644 index 000000000000..2cb4253d6a14 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/pem.h @@ -0,0 +1,51 @@ +/* + * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_PEM_H +# define OSSL_INTERNAL_PEM_H +# pragma once + +# include +# include "crypto/types.h" + +/* Found in crypto/pem/pvkfmt.c */ + +/* Maximum length of a blob after header */ +# define BLOB_MAX_LENGTH 102400 + +int ossl_do_blob_header(const unsigned char **in, unsigned int length, + unsigned int *pmagic, unsigned int *pbitlen, + int *pisdss, int *pispub); +unsigned int ossl_blob_length(unsigned bitlen, int isdss, int ispub); +int ossl_do_PVK_header(const unsigned char **in, unsigned int length, + int skip_magic, + unsigned int *psaltlen, unsigned int *pkeylen); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_DSA +DSA *ossl_b2i_DSA_after_header(const unsigned char **in, unsigned int bitlen, + int ispub); +# endif +RSA *ossl_b2i_RSA_after_header(const unsigned char **in, unsigned int bitlen, + int ispub); +# endif +EVP_PKEY *ossl_b2i(const unsigned char **in, unsigned int length, int *ispub); +EVP_PKEY *ossl_b2i_bio(BIO *in, int *ispub); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_DSA +DSA *b2i_DSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +DSA *b2i_DSA_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, const char *propq); +# endif +RSA *b2i_RSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +RSA *b2i_RSA_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, const char *propq); +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/pemerr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/pemerr.h new file mode 100644 index 000000000000..b255ff5c6488 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/pemerr.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_PEMERR_H +# define OSSL_CRYPTO_PEMERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_PEM_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/pkcs12err.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/pkcs12err.h new file mode 100644 index 000000000000..114971c607cd --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/pkcs12err.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_PKCS12ERR_H +# define OSSL_CRYPTO_PKCS12ERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_PKCS12_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/pkcs7.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/pkcs7.h new file mode 100644 index 000000000000..9caa9af4a25f --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/pkcs7.h @@ -0,0 +1,19 @@ +/* + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_PKCS7_H +# define OSSL_CRYPTO_PKCS7_H +# pragma once + +void ossl_pkcs7_resolve_libctx(PKCS7 *p7); + +void ossl_pkcs7_set0_libctx(PKCS7 *p7, OSSL_LIB_CTX *ctx); +int ossl_pkcs7_set1_propq(PKCS7 *p7, const char *propq); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/pkcs7err.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/pkcs7err.h new file mode 100644 index 000000000000..c195190bf8f6 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/pkcs7err.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_PKCS7ERR_H +# define OSSL_CRYPTO_PKCS7ERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_PKCS7_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/poly1305.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/poly1305.h new file mode 100644 index 000000000000..ba54f3bdcbe1 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/poly1305.h @@ -0,0 +1,46 @@ +/* + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_POLY1305_H +# define OSSL_CRYPTO_POLY1305_H +# pragma once + +#include + +#define POLY1305_BLOCK_SIZE 16 +#define POLY1305_DIGEST_SIZE 16 +#define POLY1305_KEY_SIZE 32 + +typedef struct poly1305_context POLY1305; + +typedef void (*poly1305_blocks_f) (void *ctx, const unsigned char *inp, + size_t len, unsigned int padbit); +typedef void (*poly1305_emit_f) (void *ctx, unsigned char mac[16], + const unsigned int nonce[4]); + +struct poly1305_context { + double opaque[24]; /* large enough to hold internal state, declared + * 'double' to ensure at least 64-bit invariant + * alignment across all platforms and + * configurations */ + unsigned int nonce[4]; + unsigned char data[POLY1305_BLOCK_SIZE]; + size_t num; + struct { + poly1305_blocks_f blocks; + poly1305_emit_f emit; + } func; +}; + +size_t Poly1305_ctx_size(void); +void Poly1305_Init(POLY1305 *ctx, const unsigned char key[32]); +void Poly1305_Update(POLY1305 *ctx, const unsigned char *inp, size_t len); +void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16]); + +#endif /* OSSL_CRYPTO_POLY1305_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ppc_arch.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ppc_arch.h new file mode 100644 index 000000000000..d999396a2f5c --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/ppc_arch.h @@ -0,0 +1,29 @@ +/* + * Copyright 2014-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_PPC_ARCH_H +# define OSSL_CRYPTO_PPC_ARCH_H + +extern unsigned int OPENSSL_ppccap_P; + +/* + * Flags' usage can appear ambiguous, because they are set rather + * to reflect OpenSSL performance preferences than actual processor + * capabilities. + */ +# define PPC_FPU64 (1<<0) +# define PPC_ALTIVEC (1<<1) +# define PPC_CRYPTO207 (1<<2) +# define PPC_FPU (1<<3) +# define PPC_MADD300 (1<<4) +# define PPC_MFTB (1<<5) +# define PPC_MFSPR268 (1<<6) +# define PPC_BRD31 (1<<7) + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/punycode.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/punycode.h new file mode 100644 index 000000000000..2e1c85c1f74f --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/punycode.h @@ -0,0 +1,25 @@ +/* + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_PUNYCODE_H +# define OSSL_CRYPTO_PUNYCODE_H +# pragma once + +# include /* for size_t */ + +int ossl_punycode_decode ( + const char *pEncoded, + const size_t enc_len, + unsigned int *pDecoded, + unsigned int *pout_length +); + +int ossl_a2ulabel(const char *in, char *out, size_t outlen); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/rand.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/rand.h new file mode 100644 index 000000000000..d375c2f933ce --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/rand.h @@ -0,0 +1,154 @@ +/* + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Licensed under the Apache License 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +#ifndef OSSL_CRYPTO_RAND_H +# define OSSL_CRYPTO_RAND_H +# pragma once + +# include +# include "crypto/rand_pool.h" + +# if defined(__APPLE__) && !defined(OPENSSL_NO_APPLE_CRYPTO_RANDOM) +# include +# if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200) || \ + (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 80000) +# define OPENSSL_APPLE_CRYPTO_RANDOM 1 +# include +# include +# endif +# endif + +/* + * Defines related to seed sources + */ +#ifndef DEVRANDOM +/* + * set this to a comma-separated list of 'random' device files to try out. By + * default, we will try to read at least one of these files + */ +# define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng", "/dev/srandom" +# if defined(__linux) && !defined(__ANDROID__) +# ifndef DEVRANDOM_WAIT +# define DEVRANDOM_WAIT "/dev/random" +# endif +/* + * Linux kernels 4.8 and later changes how their random device works and there + * is no reliable way to tell that /dev/urandom has been seeded -- getentropy(2) + * should be used instead. + */ +# ifndef DEVRANDOM_SAFE_KERNEL +# define DEVRANDOM_SAFE_KERNEL 4, 8 +# endif +/* + * Some operating systems do not permit select(2) on their random devices, + * defining this to zero will force the use of read(2) to extract one byte + * from /dev/random. + */ +# ifndef DEVRANDM_WAIT_USE_SELECT +# define DEVRANDM_WAIT_USE_SELECT 1 +# endif +/* + * Define the shared memory identifier used to indicate if the operating + * system has properly seeded the DEVRANDOM source. + */ +# ifndef OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID +# define OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID 114 +# endif + +# endif +#endif + +#if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD) +/* + * set this to a comma-separated list of 'egd' sockets to try out. These + * sockets will be tried in the order listed in case accessing the device + * files listed in DEVRANDOM did not return enough randomness. + */ +# define DEVRANDOM_EGD "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy" +#endif + +void ossl_rand_cleanup_int(void); + +/* + * Initialise the random pool reseeding sources. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_rand_pool_init(void); + +/* + * Finalise the random pool reseeding sources. + */ +void ossl_rand_pool_cleanup(void); + +/* + * Control the random pool use of open file descriptors. + */ +void ossl_rand_pool_keep_random_devices_open(int keep); + +/* + * Configuration + */ +void ossl_random_add_conf_module(void); + +/* + * Get and cleanup random seed material. + */ +size_t ossl_rand_get_entropy(OSSL_LIB_CTX *ctx, + unsigned char **pout, int entropy, + size_t min_len, size_t max_len); +size_t ossl_rand_get_user_entropy(OSSL_LIB_CTX *ctx, + unsigned char **pout, int entropy, + size_t min_len, size_t max_len); +void ossl_rand_cleanup_entropy(OSSL_LIB_CTX *ctx, + unsigned char *buf, size_t len); +void ossl_rand_cleanup_user_entropy(OSSL_LIB_CTX *ctx, + unsigned char *buf, size_t len); +size_t ossl_rand_get_nonce(OSSL_LIB_CTX *ctx, + unsigned char **pout, size_t min_len, size_t max_len, + const void *salt, size_t salt_len); +size_t ossl_rand_get_user_nonce(OSSL_LIB_CTX *ctx, unsigned char **pout, + size_t min_len, size_t max_len, + const void *salt, size_t salt_len); +void ossl_rand_cleanup_nonce(OSSL_LIB_CTX *ctx, + unsigned char *buf, size_t len); +void ossl_rand_cleanup_user_nonce(OSSL_LIB_CTX *ctx, + unsigned char *buf, size_t len); + +/* + * Get seeding material from the operating system sources. + */ +size_t ossl_pool_acquire_entropy(RAND_POOL *pool); +int ossl_pool_add_nonce_data(RAND_POOL *pool); + +# ifdef FIPS_MODULE +EVP_RAND_CTX *ossl_rand_get0_private_noncreating(OSSL_LIB_CTX *ctx); +# else +EVP_RAND_CTX *ossl_rand_get0_seed_noncreating(OSSL_LIB_CTX *ctx); +# endif + +/* Generate a uniformly distributed random integer in the interval [0, upper) */ +uint32_t ossl_rand_uniform_uint32(OSSL_LIB_CTX *ctx, uint32_t upper, int *err); + +/* + * Generate a uniformly distributed random integer in the interval + * [lower, upper). + */ +uint32_t ossl_rand_range_uint32(OSSL_LIB_CTX *ctx, uint32_t lower, uint32_t upper, + int *err); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/rand_pool.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/rand_pool.h new file mode 100644 index 000000000000..f4d1d954bc80 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/rand_pool.h @@ -0,0 +1,109 @@ +/* + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_PROVIDER_RAND_POOL_H +# define OSSL_PROVIDER_RAND_POOL_H +# pragma once + +# include +# include + +/* + * Maximum allocation size for RANDOM_POOL buffers + * + * The max_len value for the buffer provided to the rand_drbg_get_entropy() + * callback is currently 2^31 bytes (2 gigabytes), if a derivation function + * is used. Since this is much too large to be allocated, the ossl_rand_pool_new() + * function chooses more modest values as default pool length, bounded + * by RAND_POOL_MIN_LENGTH and RAND_POOL_MAX_LENGTH + * + * The choice of the RAND_POOL_FACTOR is large enough such that the + * RAND_POOL can store a random input which has a lousy entropy rate of + * 8/256 (= 0.03125) bits per byte. This input will be sent through the + * derivation function which 'compresses' the low quality input into a + * high quality output. + * + * The factor 1.5 below is the pessimistic estimate for the extra amount + * of entropy required when no get_nonce() callback is defined. + */ +# define RAND_POOL_FACTOR 256 +# define RAND_POOL_MAX_LENGTH (RAND_POOL_FACTOR * \ + 3 * (RAND_DRBG_STRENGTH / 16)) +/* + * = (RAND_POOL_FACTOR * \ + * 1.5 * (RAND_DRBG_STRENGTH / 8)) + */ + +/* + * Initial allocation minimum. + * + * There is a distinction between the secure and normal allocation minimums. + * Ideally, the secure allocation size should be a power of two. The normal + * allocation size doesn't have any such restriction. + * + * The secure value is based on 128 bits of secure material, which is 16 bytes. + * Typically, the DRBGs will set a minimum larger than this so optimal + * allocation ought to take place (for full quality seed material). + * + * The normal value has been chosen by noticing that the rand_drbg_get_nonce + * function is usually the largest of the built in allocation (twenty four + * bytes and then appending another sixteen bytes). This means the buffer ends + * with 40 bytes. The value of forty eight is comfortably above this which + * allows some slack in the platform specific values used. + */ +# define RAND_POOL_MIN_ALLOCATION(secure) ((secure) ? 16 : 48) + +/* + * The 'random pool' acts as a dumb container for collecting random + * input from various entropy sources. It is the callers duty to 1) initialize + * the random pool, 2) pass it to the polling callbacks, 3) seed the RNG, and + * 4) cleanup the random pool again. + * + * The random pool contains no locking mechanism because its scope and + * lifetime is intended to be restricted to a single stack frame. + */ +typedef struct rand_pool_st { + unsigned char *buffer; /* points to the beginning of the random pool */ + size_t len; /* current number of random bytes contained in the pool */ + + int attached; /* true pool was attached to existing buffer */ + int secure; /* 1: allocated on the secure heap, 0: otherwise */ + + size_t min_len; /* minimum number of random bytes requested */ + size_t max_len; /* maximum number of random bytes (allocated buffer size) */ + size_t alloc_len; /* current number of bytes allocated */ + size_t entropy; /* current entropy count in bits */ + size_t entropy_requested; /* requested entropy count in bits */ +} RAND_POOL; + +RAND_POOL *ossl_rand_pool_new(int entropy_requested, int secure, + size_t min_len, size_t max_len); +RAND_POOL *ossl_rand_pool_attach(const unsigned char *buffer, size_t len, + size_t entropy); +void ossl_rand_pool_free(RAND_POOL *pool); + +const unsigned char *ossl_rand_pool_buffer(RAND_POOL *pool); +unsigned char *ossl_rand_pool_detach(RAND_POOL *pool); +void ossl_rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer); + +size_t ossl_rand_pool_entropy(RAND_POOL *pool); +size_t ossl_rand_pool_length(RAND_POOL *pool); + +size_t ossl_rand_pool_entropy_available(RAND_POOL *pool); +size_t ossl_rand_pool_entropy_needed(RAND_POOL *pool); +/* |entropy_factor| expresses how many bits of data contain 1 bit of entropy */ +size_t ossl_rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor); +size_t ossl_rand_pool_bytes_remaining(RAND_POOL *pool); + +int ossl_rand_pool_add(RAND_POOL *pool, + const unsigned char *buffer, size_t len, size_t entropy); +unsigned char *ossl_rand_pool_add_begin(RAND_POOL *pool, size_t len); +int ossl_rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy); + +#endif /* OSSL_PROVIDER_RAND_POOL_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/randerr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/randerr.h new file mode 100644 index 000000000000..6e2eb0716fb3 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/randerr.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_RANDERR_H +# define OSSL_CRYPTO_RANDERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_RAND_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/riscv_arch.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/riscv_arch.h new file mode 100644 index 000000000000..6950137f4518 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/riscv_arch.h @@ -0,0 +1,79 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_RISCV_ARCH_H +# define OSSL_CRYPTO_RISCV_ARCH_H + +# include +# include + +# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX) +1 +extern uint32_t OPENSSL_riscvcap_P[ (( +# include "riscv_arch.def" +) + sizeof(uint32_t) - 1) / sizeof(uint32_t) ]; + +# ifdef OPENSSL_RISCVCAP_IMPL +# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX) +1 +uint32_t OPENSSL_riscvcap_P[ (( +# include "riscv_arch.def" +) + sizeof(uint32_t) - 1) / sizeof(uint32_t) ]; +# endif + +# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX) \ + static inline int RISCV_HAS_##NAME(void) \ + { \ + return (OPENSSL_riscvcap_P[INDEX] & (1 << BIT_INDEX)) != 0; \ + } +# include "riscv_arch.def" + +struct RISCV_capability_s { + const char *name; + size_t index; + size_t bit_offset; +}; + +# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX) +1 +extern const struct RISCV_capability_s RISCV_capabilities[ +# include "riscv_arch.def" +]; + +# ifdef OPENSSL_RISCVCAP_IMPL +# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX) \ + { #NAME, INDEX, BIT_INDEX }, +const struct RISCV_capability_s RISCV_capabilities[] = { +# include "riscv_arch.def" +}; +# endif + +# define RISCV_DEFINE_CAP(NAME, INDEX, BIT_INDEX) +1 +static const size_t kRISCVNumCaps = +# include "riscv_arch.def" +; + +/* Extension combination tests. */ +#define RISCV_HAS_ZBB_AND_ZBC() (RISCV_HAS_ZBB() && RISCV_HAS_ZBC()) +#define RISCV_HAS_ZBKB_AND_ZKND_AND_ZKNE() (RISCV_HAS_ZBKB() && RISCV_HAS_ZKND() && RISCV_HAS_ZKNE()) +#define RISCV_HAS_ZKND_AND_ZKNE() (RISCV_HAS_ZKND() && RISCV_HAS_ZKNE()) +/* + * The ZVBB is the superset of ZVKB extension. We use macro here to replace the + * `RISCV_HAS_ZVKB()` with `RISCV_HAS_ZVBB() || RISCV_HAS_ZVKB()`. + */ +#define RISCV_HAS_ZVKB() (RISCV_HAS_ZVBB() || RISCV_HAS_ZVKB()) +#define RISCV_HAS_ZVKB_AND_ZVKNHA() (RISCV_HAS_ZVKB() && RISCV_HAS_ZVKNHA()) +#define RISCV_HAS_ZVKB_AND_ZVKNHB() (RISCV_HAS_ZVKB() && RISCV_HAS_ZVKNHB()) +#define RISCV_HAS_ZVKB_AND_ZVKSED() (RISCV_HAS_ZVKB() && RISCV_HAS_ZVKSED()) +#define RISCV_HAS_ZVKB_AND_ZVKSH() (RISCV_HAS_ZVKB() && RISCV_HAS_ZVKSH()) + +/* + * Get the size of a vector register in bits (VLEN). + * If RISCV_HAS_V() is false, then this returns 0. + */ +size_t riscv_vlen(void); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/rsa.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/rsa.h new file mode 100644 index 000000000000..592efdb7fc87 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/rsa.h @@ -0,0 +1,132 @@ +/* + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_RSA_H +# define OSSL_INTERNAL_RSA_H +# pragma once + +# include +# include +# include "crypto/types.h" + +#define RSA_MIN_MODULUS_BITS 512 + +typedef struct rsa_pss_params_30_st { + int hash_algorithm_nid; + struct { + int algorithm_nid; /* Currently always NID_mgf1 */ + int hash_algorithm_nid; + } mask_gen; + int salt_len; + int trailer_field; +} RSA_PSS_PARAMS_30; + +RSA_PSS_PARAMS_30 *ossl_rsa_get0_pss_params_30(RSA *r); +int ossl_rsa_pss_params_30_set_defaults(RSA_PSS_PARAMS_30 *rsa_pss_params); +int ossl_rsa_pss_params_30_copy(RSA_PSS_PARAMS_30 *to, + const RSA_PSS_PARAMS_30 *from); +int ossl_rsa_pss_params_30_is_unrestricted(const RSA_PSS_PARAMS_30 *rsa_pss_params); +int ossl_rsa_pss_params_30_set_hashalg(RSA_PSS_PARAMS_30 *rsa_pss_params, + int hashalg_nid); +int ossl_rsa_pss_params_30_set_maskgenhashalg(RSA_PSS_PARAMS_30 *rsa_pss_params, + int maskgenhashalg_nid); +int ossl_rsa_pss_params_30_set_saltlen(RSA_PSS_PARAMS_30 *rsa_pss_params, + int saltlen); +int ossl_rsa_pss_params_30_set_trailerfield(RSA_PSS_PARAMS_30 *rsa_pss_params, + int trailerfield); +int ossl_rsa_pss_params_30_hashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params); +int ossl_rsa_pss_params_30_maskgenalg(const RSA_PSS_PARAMS_30 *rsa_pss_params); +int ossl_rsa_pss_params_30_maskgenhashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params); +int ossl_rsa_pss_params_30_saltlen(const RSA_PSS_PARAMS_30 *rsa_pss_params); +int ossl_rsa_pss_params_30_trailerfield(const RSA_PSS_PARAMS_30 *rsa_pss_params); + +const char *ossl_rsa_mgf_nid2name(int mgf); +int ossl_rsa_oaeppss_md2nid(const EVP_MD *md); +const char *ossl_rsa_oaeppss_nid2name(int md); + +RSA *ossl_rsa_new_with_ctx(OSSL_LIB_CTX *libctx); +OSSL_LIB_CTX *ossl_rsa_get0_libctx(RSA *r); +void ossl_rsa_set0_libctx(RSA *r, OSSL_LIB_CTX *libctx); + +int ossl_rsa_set0_all_params(RSA *r, STACK_OF(BIGNUM) *primes, + STACK_OF(BIGNUM) *exps, + STACK_OF(BIGNUM) *coeffs); +int ossl_rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes, + STACK_OF(BIGNUM_const) *exps, + STACK_OF(BIGNUM_const) *coeffs); +int ossl_rsa_is_foreign(const RSA *rsa); +RSA *ossl_rsa_dup(const RSA *rsa, int selection); + +int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[], + int include_private); +int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[], int include_private); +int ossl_rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss, + OSSL_PARAM_BLD *bld, OSSL_PARAM params[]); +int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params, + int *defaults_set, + const OSSL_PARAM params[], + OSSL_LIB_CTX *libctx); +int ossl_rsa_set0_pss_params(RSA *r, RSA_PSS_PARAMS *pss); +int ossl_rsa_pss_get_param_unverified(const RSA_PSS_PARAMS *pss, + const EVP_MD **pmd, const EVP_MD **pmgf1md, + int *psaltlen, int *ptrailerField); +RSA_PSS_PARAMS *ossl_rsa_pss_decode(const X509_ALGOR *alg); +int ossl_rsa_param_decode(RSA *rsa, const X509_ALGOR *alg); +RSA *ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *libctx, const char *propq); + +int ossl_rsa_padding_check_PKCS1_type_2(OSSL_LIB_CTX *ctx, + unsigned char *to, int tlen, + const unsigned char *from, int flen, + int num, unsigned char *kdk); +int ossl_rsa_padding_check_PKCS1_type_2_TLS(OSSL_LIB_CTX *ctx, unsigned char *to, + size_t tlen, + const unsigned char *from, + size_t flen, int client_version, + int alt_version); +int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, + unsigned char *to, int tlen, + const unsigned char *from, int flen, + const unsigned char *param, + int plen, const EVP_MD *md, + const EVP_MD *mgf1md); + +int ossl_rsa_validate_public(const RSA *key); +int ossl_rsa_validate_private(const RSA *key); +int ossl_rsa_validate_pairwise(const RSA *key); + +int ossl_rsa_verify(int dtype, const unsigned char *m, + unsigned int m_len, unsigned char *rm, + size_t *prm_len, const unsigned char *sigbuf, + size_t siglen, RSA *rsa); + +const unsigned char *ossl_rsa_digestinfo_encoding(int md_nid, size_t *len); + +extern const char *ossl_rsa_mp_factor_names[]; +extern const char *ossl_rsa_mp_exp_names[]; +extern const char *ossl_rsa_mp_coeff_names[]; + +ASN1_STRING *ossl_rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx); +int ossl_rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, + const X509_ALGOR *sigalg, EVP_PKEY *pkey); + +# if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) +int ossl_rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[]); +void ossl_rsa_acvp_test_gen_params_free(OSSL_PARAM *dst); + +int ossl_rsa_acvp_test_set_params(RSA *r, const OSSL_PARAM params[]); +int ossl_rsa_acvp_test_get_params(RSA *r, OSSL_PARAM params[]); +typedef struct rsa_acvp_test_st RSA_ACVP_TEST; +void ossl_rsa_acvp_test_free(RSA_ACVP_TEST *t); +# else +# define RSA_ACVP_TEST void +# endif + +RSA *evp_pkey_get1_RSA_PSS(EVP_PKEY *pkey); +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/rsaerr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/rsaerr.h new file mode 100644 index 000000000000..9b23500b3708 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/rsaerr.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_RSAERR_H +# define OSSL_CRYPTO_RSAERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_RSA_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/security_bits.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/security_bits.h new file mode 100644 index 000000000000..58f49681dc63 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/security_bits.h @@ -0,0 +1,16 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_SECURITY_BITS_H +# define OSSL_SECURITY_BITS_H +# pragma once + +uint16_t ossl_ifc_ffc_compute_security_bits(int n); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sha.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sha.h new file mode 100644 index 000000000000..99bcf0ff8835 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sha.h @@ -0,0 +1,23 @@ +/* + * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_SHA_H +# define OSSL_CRYPTO_SHA_H +# pragma once + +# include + +int ossl_sha256_192_init(SHA256_CTX *c); +int sha512_224_init(SHA512_CTX *); +int sha512_256_init(SHA512_CTX *); +int ossl_sha1_ctrl(SHA_CTX *ctx, int cmd, int mslen, void *ms); +unsigned char *ossl_sha1(const unsigned char *d, size_t n, unsigned char *md); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/siphash.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/siphash.h new file mode 100644 index 000000000000..0d0767fcf481 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/siphash.h @@ -0,0 +1,50 @@ +/* + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_SIPHASH_H +# define OSSL_CRYPTO_SIPHASH_H +# pragma once + +# include + +# define SIPHASH_BLOCK_SIZE 8 +# define SIPHASH_KEY_SIZE 16 +# define SIPHASH_MIN_DIGEST_SIZE 8 +# define SIPHASH_MAX_DIGEST_SIZE 16 + +typedef struct siphash_st SIPHASH; + +size_t SipHash_ctx_size(void); +size_t SipHash_hash_size(SIPHASH *ctx); +int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size); +int SipHash_Init(SIPHASH *ctx, const unsigned char *k, + int crounds, int drounds); +void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen); +int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen); + +/* Based on https://131002.net/siphash C reference implementation */ + +struct siphash_st { + uint64_t total_inlen; + uint64_t v0; + uint64_t v1; + uint64_t v2; + uint64_t v3; + unsigned int len; + unsigned int hash_size; + unsigned int crounds; + unsigned int drounds; + unsigned char leavings[SIPHASH_BLOCK_SIZE]; +}; + +/* default: SipHash-2-4 */ +# define SIPHASH_C_ROUNDS 2 +# define SIPHASH_D_ROUNDS 4 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/siv.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/siv.h new file mode 100644 index 000000000000..8dc58bd32106 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/siv.h @@ -0,0 +1,33 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_NO_SIV + +typedef struct siv128_context SIV128_CONTEXT; + +SIV128_CONTEXT *ossl_siv128_new(const unsigned char *key, int klen, + EVP_CIPHER *cbc, EVP_CIPHER *ctr, + OSSL_LIB_CTX *libctx, const char *propq); +int ossl_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, + const EVP_CIPHER *cbc, const EVP_CIPHER *ctr, + OSSL_LIB_CTX *libctx, const char *propq); +int ossl_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src); +int ossl_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad, size_t len); +int ossl_siv128_encrypt(SIV128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, size_t len); +int ossl_siv128_decrypt(SIV128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, size_t len); +int ossl_siv128_finish(SIV128_CONTEXT *ctx); +int ossl_siv128_set_tag(SIV128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +int ossl_siv128_get_tag(SIV128_CONTEXT *ctx, unsigned char *tag, size_t len); +int ossl_siv128_cleanup(SIV128_CONTEXT *ctx); +int ossl_siv128_speed(SIV128_CONTEXT *ctx, int arg); + +#endif /* OPENSSL_NO_SIV */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sm2.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sm2.h new file mode 100644 index 000000000000..9ab6c0b72236 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sm2.h @@ -0,0 +1,86 @@ +/* + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 Ribose Inc. All Rights Reserved. + * Ported from Ribose contributions from Botan. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_SM2_H +# define OSSL_CRYPTO_SM2_H +# pragma once + +# include + +# if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE) + +# include +# include "crypto/types.h" + +int ossl_sm2_key_private_check(const EC_KEY *eckey); + +/* The default user id as specified in GM/T 0009-2012 */ +# define SM2_DEFAULT_USERID "1234567812345678" + +int ossl_sm2_compute_z_digest(uint8_t *out, + const EVP_MD *digest, + const uint8_t *id, + const size_t id_len, + const EC_KEY *key); + +/* + * SM2 signature operation. Computes Z and then signs H(Z || msg) using SM2 + */ +ECDSA_SIG *ossl_sm2_do_sign(const EC_KEY *key, + const EVP_MD *digest, + const uint8_t *id, + const size_t id_len, + const uint8_t *msg, size_t msg_len); + +int ossl_sm2_do_verify(const EC_KEY *key, + const EVP_MD *digest, + const ECDSA_SIG *signature, + const uint8_t *id, + const size_t id_len, + const uint8_t *msg, size_t msg_len); + +/* + * SM2 signature generation. + */ +int ossl_sm2_internal_sign(const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, + EC_KEY *eckey); + +/* + * SM2 signature verification. + */ +int ossl_sm2_internal_verify(const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int siglen, + EC_KEY *eckey); + +/* + * SM2 encryption + */ +int ossl_sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, + size_t msg_len, size_t *ct_size); + +int ossl_sm2_plaintext_size(const unsigned char *ct, size_t ct_size, + size_t *pt_size); + +int ossl_sm2_encrypt(const EC_KEY *key, + const EVP_MD *digest, + const uint8_t *msg, size_t msg_len, + uint8_t *ciphertext_buf, size_t *ciphertext_len); + +int ossl_sm2_decrypt(const EC_KEY *key, + const EVP_MD *digest, + const uint8_t *ciphertext, size_t ciphertext_len, + uint8_t *ptext_buf, size_t *ptext_len); + +const unsigned char *ossl_sm2_algorithmidentifier_encoding(int md_nid, + size_t *len); +# endif /* OPENSSL_NO_SM2 */ +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sm2err.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sm2err.h new file mode 100644 index 000000000000..706f4d69dec2 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sm2err.h @@ -0,0 +1,49 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_SM2ERR_H +# define OSSL_CRYPTO_SM2ERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_SM2 + +int ossl_err_load_SM2_strings(void); + +/* + * SM2 reason codes. + */ +# define SM2_R_ASN1_ERROR 100 +# define SM2_R_BAD_SIGNATURE 101 +# define SM2_R_BUFFER_TOO_SMALL 107 +# define SM2_R_DIST_ID_TOO_LARGE 110 +# define SM2_R_ID_NOT_SET 112 +# define SM2_R_ID_TOO_LARGE 111 +# define SM2_R_INVALID_CURVE 108 +# define SM2_R_INVALID_DIGEST 102 +# define SM2_R_INVALID_DIGEST_TYPE 103 +# define SM2_R_INVALID_ENCODING 104 +# define SM2_R_INVALID_FIELD 105 +# define SM2_R_INVALID_PRIVATE_KEY 113 +# define SM2_R_NO_PARAMETERS_SET 109 +# define SM2_R_USER_ID_TOO_LARGE 106 + +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sm4.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sm4.h new file mode 100644 index 000000000000..e21ec81ca6a8 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sm4.h @@ -0,0 +1,38 @@ +/* + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 Ribose Inc. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_SM4_H +# define OSSL_CRYPTO_SM4_H +# pragma once + +# include +# include + +# ifdef OPENSSL_NO_SM4 +# error SM4 is disabled. +# endif + +# define SM4_ENCRYPT 1 +# define SM4_DECRYPT 0 + +# define SM4_BLOCK_SIZE 16 +# define SM4_KEY_SCHEDULE 32 + +typedef struct SM4_KEY_st { + uint32_t rk[SM4_KEY_SCHEDULE]; +} SM4_KEY; + +int ossl_sm4_set_key(const uint8_t *key, SM4_KEY *ks); + +void ossl_sm4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks); + +void ossl_sm4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sm4_platform.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sm4_platform.h new file mode 100644 index 000000000000..3df1b4256de7 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sm4_platform.h @@ -0,0 +1,123 @@ +/* + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_SM4_PLATFORM_H +# define OSSL_SM4_PLATFORM_H +# pragma once + +# if defined(OPENSSL_CPUID_OBJ) +# if defined(__aarch64__) || defined (_M_ARM64) +# include "arm_arch.h" +extern unsigned int OPENSSL_arm_midr; +static inline int vpsm4_capable(void) +{ + return (OPENSSL_armcap_P & ARMV8_CPUID) && + (MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_V1) || + MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_N1)); +} +static inline int vpsm4_ex_capable(void) +{ + return (OPENSSL_armcap_P & ARMV8_CPUID) && + (MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, HISI_CPU_IMP, HISI_CPU_PART_KP920)); +} +# if defined(VPSM4_ASM) +# define VPSM4_CAPABLE vpsm4_capable() +# define VPSM4_EX_CAPABLE vpsm4_ex_capable() +# endif +# define HWSM4_CAPABLE (OPENSSL_armcap_P & ARMV8_SM4) +# define HWSM4_set_encrypt_key sm4_v8_set_encrypt_key +# define HWSM4_set_decrypt_key sm4_v8_set_decrypt_key +# define HWSM4_encrypt sm4_v8_encrypt +# define HWSM4_decrypt sm4_v8_decrypt +# define HWSM4_cbc_encrypt sm4_v8_cbc_encrypt +# define HWSM4_ecb_encrypt sm4_v8_ecb_encrypt +# define HWSM4_ctr32_encrypt_blocks sm4_v8_ctr32_encrypt_blocks +# elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64 +/* RV64 support */ +# include "riscv_arch.h" +/* Zvksed extension (vector crypto SM4). */ +int rv64i_zvksed_sm4_set_encrypt_key(const unsigned char *userKey, + SM4_KEY *key); +int rv64i_zvksed_sm4_set_decrypt_key(const unsigned char *userKey, + SM4_KEY *key); +void rv64i_zvksed_sm4_encrypt(const unsigned char *in, unsigned char *out, + const SM4_KEY *key); +void rv64i_zvksed_sm4_decrypt(const unsigned char *in, unsigned char *out, + const SM4_KEY *key); +# endif /* RV64 */ +# endif /* OPENSSL_CPUID_OBJ */ + +# if defined(HWSM4_CAPABLE) +int HWSM4_set_encrypt_key(const unsigned char *userKey, SM4_KEY *key); +int HWSM4_set_decrypt_key(const unsigned char *userKey, SM4_KEY *key); +void HWSM4_encrypt(const unsigned char *in, unsigned char *out, + const SM4_KEY *key); +void HWSM4_decrypt(const unsigned char *in, unsigned char *out, + const SM4_KEY *key); +void HWSM4_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const SM4_KEY *key, + unsigned char *ivec, const int enc); +void HWSM4_ecb_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const SM4_KEY *key, + const int enc); +void HWSM4_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + const unsigned char ivec[16]); +# endif /* HWSM4_CAPABLE */ + +# ifdef VPSM4_CAPABLE +int vpsm4_set_encrypt_key(const unsigned char *userKey, SM4_KEY *key); +int vpsm4_set_decrypt_key(const unsigned char *userKey, SM4_KEY *key); +void vpsm4_encrypt(const unsigned char *in, unsigned char *out, + const SM4_KEY *key); +void vpsm4_decrypt(const unsigned char *in, unsigned char *out, + const SM4_KEY *key); +void vpsm4_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const SM4_KEY *key, + unsigned char *ivec, const int enc); +void vpsm4_ecb_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const SM4_KEY *key, + const int enc); +void vpsm4_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + const unsigned char ivec[16]); +void vpsm4_xts_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SM4_KEY *key1, const SM4_KEY *key2, + const unsigned char ivec[16], const int enc); +void vpsm4_xts_encrypt_gb(const unsigned char *in, unsigned char *out, + size_t len, const SM4_KEY *key1, const SM4_KEY *key2, + const unsigned char ivec[16], const int enc); +# endif /* VPSM4_CAPABLE */ + +# ifdef VPSM4_EX_CAPABLE +int vpsm4_ex_set_encrypt_key(const unsigned char *userKey, SM4_KEY *key); +int vpsm4_ex_set_decrypt_key(const unsigned char *userKey, SM4_KEY *key); +void vpsm4_ex_encrypt(const unsigned char *in, unsigned char *out, + const SM4_KEY *key); +void vpsm4_ex_decrypt(const unsigned char *in, unsigned char *out, + const SM4_KEY *key); +void vpsm4_ex_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const SM4_KEY *key, + unsigned char *ivec, const int enc); +void vpsm4_ex_ecb_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const SM4_KEY *key, + const int enc); +void vpsm4_ex_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + const unsigned char ivec[16]); +void vpsm4_ex_xts_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SM4_KEY *key1, const SM4_KEY *key2, + const unsigned char ivec[16], const int enc); +void vpsm4_ex_xts_encrypt_gb(const unsigned char *in, unsigned char *out, + size_t len, const SM4_KEY *key1, + const SM4_KEY *key2, const unsigned char ivec[16], + const int enc); +# endif /* VPSM4_EX_CAPABLE */ + +#endif /* OSSL_SM4_PLATFORM_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sparc_arch.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sparc_arch.h new file mode 100644 index 000000000000..447e715bf205 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sparc_arch.h @@ -0,0 +1,122 @@ +/* + * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_SPARC_ARCH_H +# define OSSL_CRYPTO_SPARC_ARCH_H + +# define SPARCV9_TICK_PRIVILEGED (1<<0) +# define SPARCV9_PREFER_FPU (1<<1) +# define SPARCV9_VIS1 (1<<2) +# define SPARCV9_VIS2 (1<<3)/* reserved */ +# define SPARCV9_FMADD (1<<4) +# define SPARCV9_BLK (1<<5)/* VIS1 block copy */ +# define SPARCV9_VIS3 (1<<6) +# define SPARCV9_RANDOM (1<<7) +# define SPARCV9_64BIT_STACK (1<<8) +# define SPARCV9_FJAESX (1<<9)/* Fujitsu SPARC64 X AES */ +# define SPARCV9_FJDESX (1<<10)/* Fujitsu SPARC64 X DES, reserved */ +# define SPARCV9_FJHPCACE (1<<11)/* Fujitsu HPC-ACE, reserved */ +# define SPARCV9_IMA (1<<13)/* reserved */ +# define SPARCV9_VIS4 (1<<14)/* reserved */ + +/* + * OPENSSL_sparcv9cap_P[1] is copy of Compatibility Feature Register, + * %asr26, SPARC-T4 and later. There is no SPARCV9_CFR bit in + * OPENSSL_sparcv9cap_P[0], as %cfr copy is sufficient... + */ +# define CFR_AES 0x00000001/* Supports AES opcodes */ +# define CFR_DES 0x00000002/* Supports DES opcodes */ +# define CFR_KASUMI 0x00000004/* Supports KASUMI opcodes */ +# define CFR_CAMELLIA 0x00000008/* Supports CAMELLIA opcodes */ +# define CFR_MD5 0x00000010/* Supports MD5 opcodes */ +# define CFR_SHA1 0x00000020/* Supports SHA1 opcodes */ +# define CFR_SHA256 0x00000040/* Supports SHA256 opcodes */ +# define CFR_SHA512 0x00000080/* Supports SHA512 opcodes */ +# define CFR_MPMUL 0x00000100/* Supports MPMUL opcodes */ +# define CFR_MONTMUL 0x00000200/* Supports MONTMUL opcodes */ +# define CFR_MONTSQR 0x00000400/* Supports MONTSQR opcodes */ +# define CFR_CRC32C 0x00000800/* Supports CRC32C opcodes */ +# define CFR_XMPMUL 0x00001000/* Supports XMPMUL opcodes */ +# define CFR_XMONTMUL 0x00002000/* Supports XMONTMUL opcodes */ +# define CFR_XMONTSQR 0x00004000/* Supports XMONTSQR opcodes */ + +# if defined(OPENSSL_PIC) && !defined(__PIC__) +# define __PIC__ +# endif + +# if defined(__SUNPRO_C) && defined(__sparcv9) && !defined(__arch64__) +# define __arch64__ +# endif + +# define SPARC_PIC_THUNK(reg) \ + .align 32; \ +.Lpic_thunk: \ + jmp %o7 + 8; \ + add %o7, reg, reg; + +# define SPARC_PIC_THUNK_CALL(reg) \ + sethi %hi(_GLOBAL_OFFSET_TABLE_-4), reg; \ + call .Lpic_thunk; \ + or reg, %lo(_GLOBAL_OFFSET_TABLE_+4), reg; + +# if 1 +# define SPARC_SETUP_GOT_REG(reg) SPARC_PIC_THUNK_CALL(reg) +# else +# define SPARC_SETUP_GOT_REG(reg) \ + sethi %hi(_GLOBAL_OFFSET_TABLE_-4), reg; \ + call .+8; \ + or reg,%lo(_GLOBAL_OFFSET_TABLE_+4), reg; \ + add %o7, reg, reg +# endif + +# if defined(__arch64__) + +# define SPARC_LOAD_ADDRESS(SYM, reg) \ + setx SYM, %o7, reg; +# define LDPTR ldx +# define SIZE_T_CC %xcc +# define STACK_FRAME 192 +# define STACK_BIAS 2047 +# define STACK_7thARG (STACK_BIAS+176) + +# else + +# define SPARC_LOAD_ADDRESS(SYM, reg) \ + set SYM, reg; +# define LDPTR ld +# define SIZE_T_CC %icc +# define STACK_FRAME 112 +# define STACK_BIAS 0 +# define STACK_7thARG 92 +# define SPARC_LOAD_ADDRESS_LEAF(SYM,reg,tmp) SPARC_LOAD_ADDRESS(SYM,reg) + +# endif + +# ifdef __PIC__ +# undef SPARC_LOAD_ADDRESS +# undef SPARC_LOAD_ADDRESS_LEAF +# define SPARC_LOAD_ADDRESS(SYM, reg) \ + SPARC_SETUP_GOT_REG(reg); \ + sethi %hi(SYM), %o7; \ + or %o7, %lo(SYM), %o7; \ + LDPTR [reg + %o7], reg; +# endif + +# ifndef SPARC_LOAD_ADDRESS_LEAF +# define SPARC_LOAD_ADDRESS_LEAF(SYM, reg, tmp) \ + mov %o7, tmp; \ + SPARC_LOAD_ADDRESS(SYM, reg) \ + mov tmp, %o7; +# endif + +# ifndef __ASSEMBLER__ +extern unsigned int OPENSSL_sparcv9cap_P[2]; +# endif + +#endif /* OSSL_CRYPTO_SPARC_ARCH_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sparse_array.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sparse_array.h new file mode 100644 index 000000000000..7ef742837989 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/sparse_array.h @@ -0,0 +1,92 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_SPARSE_ARRAY_H +# define OSSL_CRYPTO_SPARSE_ARRAY_H +# pragma once + +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# define SPARSE_ARRAY_OF(type) struct sparse_array_st_ ## type + +# define DEFINE_SPARSE_ARRAY_OF_INTERNAL(type, ctype) \ + SPARSE_ARRAY_OF(type); \ + static ossl_unused ossl_inline SPARSE_ARRAY_OF(type) * \ + ossl_sa_##type##_new(void) \ + { \ + return (SPARSE_ARRAY_OF(type) *)ossl_sa_new(); \ + } \ + static ossl_unused ossl_inline void \ + ossl_sa_##type##_free(SPARSE_ARRAY_OF(type) *sa) \ + { \ + ossl_sa_free((OPENSSL_SA *)sa); \ + } \ + static ossl_unused ossl_inline void \ + ossl_sa_##type##_free_leaves(SPARSE_ARRAY_OF(type) *sa) \ + { \ + ossl_sa_free_leaves((OPENSSL_SA *)sa); \ + } \ + static ossl_unused ossl_inline size_t \ + ossl_sa_##type##_num(const SPARSE_ARRAY_OF(type) *sa) \ + { \ + return ossl_sa_num((OPENSSL_SA *)sa); \ + } \ + static ossl_unused ossl_inline void \ + ossl_sa_##type##_doall(const SPARSE_ARRAY_OF(type) *sa, \ + void (*leaf)(ossl_uintmax_t, type *)) \ + { \ + ossl_sa_doall((OPENSSL_SA *)sa, \ + (void (*)(ossl_uintmax_t, void *))leaf); \ + } \ + static ossl_unused ossl_inline void \ + ossl_sa_##type##_doall_arg(const SPARSE_ARRAY_OF(type) *sa, \ + void (*leaf)(ossl_uintmax_t, type *, void *), \ + void *arg) \ + { \ + ossl_sa_doall_arg((OPENSSL_SA *)sa, \ + (void (*)(ossl_uintmax_t, void *, void *))leaf, arg); \ + } \ + static ossl_unused ossl_inline ctype \ + *ossl_sa_##type##_get(const SPARSE_ARRAY_OF(type) *sa, ossl_uintmax_t n) \ + { \ + return (type *)ossl_sa_get((OPENSSL_SA *)sa, n); \ + } \ + static ossl_unused ossl_inline int \ + ossl_sa_##type##_set(SPARSE_ARRAY_OF(type) *sa, \ + ossl_uintmax_t n, ctype *val) \ + { \ + return ossl_sa_set((OPENSSL_SA *)sa, n, (void *)val); \ + } \ + SPARSE_ARRAY_OF(type) + +# define DEFINE_SPARSE_ARRAY_OF(type) \ + DEFINE_SPARSE_ARRAY_OF_INTERNAL(type, type) +# define DEFINE_SPARSE_ARRAY_OF_CONST(type) \ + DEFINE_SPARSE_ARRAY_OF_INTERNAL(type, const type) + +typedef struct sparse_array_st OPENSSL_SA; +OPENSSL_SA *ossl_sa_new(void); +void ossl_sa_free(OPENSSL_SA *sa); +void ossl_sa_free_leaves(OPENSSL_SA *sa); +size_t ossl_sa_num(const OPENSSL_SA *sa); +void ossl_sa_doall(const OPENSSL_SA *sa, void (*leaf)(ossl_uintmax_t, void *)); +void ossl_sa_doall_arg(const OPENSSL_SA *sa, + void (*leaf)(ossl_uintmax_t, void *, void *), void *); +void *ossl_sa_get(const OPENSSL_SA *sa, ossl_uintmax_t n); +int ossl_sa_set(OPENSSL_SA *sa, ossl_uintmax_t n, void *val); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/store.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/store.h new file mode 100644 index 000000000000..9b7be71acd6f --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/store.h @@ -0,0 +1,23 @@ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_STORE_H +# define OSSL_CRYPTO_STORE_H +# pragma once + +# include +# include +# include + +void ossl_store_cleanup_int(void); +int ossl_store_loader_get_number(const OSSL_STORE_LOADER *loader); +int ossl_store_loader_store_cache_flush(OSSL_LIB_CTX *libctx); +int ossl_store_loader_store_remove_all_provided(const OSSL_PROVIDER *prov); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/storeerr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/storeerr.h new file mode 100644 index 000000000000..c46d845f8e41 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/storeerr.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_STOREERR_H +# define OSSL_CRYPTO_STOREERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_OSSL_STORE_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/tserr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/tserr.h new file mode 100644 index 000000000000..2f34ba319de8 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/tserr.h @@ -0,0 +1,30 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_TSERR_H +# define OSSL_CRYPTO_TSERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_TS + +int ossl_err_load_TS_strings(void); +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/types.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/types.h new file mode 100644 index 000000000000..ad17f052e45f --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/types.h @@ -0,0 +1,32 @@ +/* + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* When removal is simulated, we still need the type internally */ + +#ifndef OSSL_CRYPTO_TYPES_H +# define OSSL_CRYPTO_TYPES_H +# pragma once + +# ifdef OPENSSL_NO_DEPRECATED_3_0 +typedef struct rsa_st RSA; +typedef struct rsa_meth_st RSA_METHOD; +# ifndef OPENSSL_NO_EC +typedef struct ec_key_st EC_KEY; +typedef struct ec_key_method_st EC_KEY_METHOD; +# endif +# ifndef OPENSSL_NO_DSA +typedef struct dsa_st DSA; +# endif +# endif + +# ifndef OPENSSL_NO_EC +typedef struct ecx_key_st ECX_KEY; +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/uierr.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/uierr.h new file mode 100644 index 000000000000..789077a89f3e --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/uierr.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_UIERR_H +# define OSSL_CRYPTO_UIERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_UI_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/x509.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/x509.h new file mode 100644 index 000000000000..18eb2f7c63f9 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/x509.h @@ -0,0 +1,391 @@ +/* + * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_X509_H +# define OSSL_CRYPTO_X509_H +# pragma once + +# include "internal/refcount.h" +# include +# include +# include +# include "crypto/types.h" + +/* Internal X509 structures and functions: not for application use */ + +/* Note: unless otherwise stated a field pointer is mandatory and should + * never be set to NULL: the ASN.1 code and accessors rely on mandatory + * fields never being NULL. + */ + +/* + * name entry structure, equivalent to AttributeTypeAndValue defined + * in RFC5280 et al. + */ +struct X509_name_entry_st { + ASN1_OBJECT *object; /* AttributeType */ + ASN1_STRING *value; /* AttributeValue */ + int set; /* index of RDNSequence for this entry */ + int size; /* temp variable */ +}; + +/* Name from RFC 5280. */ +struct X509_name_st { + STACK_OF(X509_NAME_ENTRY) *entries; /* DN components */ + int modified; /* true if 'bytes' needs to be built */ + BUF_MEM *bytes; /* cached encoding: cannot be NULL */ + /* canonical encoding used for rapid Name comparison */ + unsigned char *canon_enc; + int canon_enclen; +} /* X509_NAME */ ; + +/* Signature info structure */ + +struct x509_sig_info_st { + /* NID of message digest */ + int mdnid; + /* NID of public key algorithm */ + int pknid; + /* Security bits */ + int secbits; + /* Various flags */ + uint32_t flags; +}; + +/* PKCS#10 certificate request */ + +struct X509_req_info_st { + ASN1_ENCODING enc; /* cached encoding of signed part */ + ASN1_INTEGER *version; /* version, defaults to v1(0) so can be NULL */ + X509_NAME *subject; /* certificate request DN */ + X509_PUBKEY *pubkey; /* public key of request */ + /* + * Zero or more attributes. + * NB: although attributes is a mandatory field some broken + * encodings omit it so this may be NULL in that case. + */ + STACK_OF(X509_ATTRIBUTE) *attributes; +}; + +struct X509_req_st { + X509_REQ_INFO req_info; /* signed certificate request data */ + X509_ALGOR sig_alg; /* signature algorithm */ + ASN1_BIT_STRING *signature; /* signature */ + CRYPTO_REF_COUNT references; + CRYPTO_RWLOCK *lock; + + /* Set on live certificates for authentication purposes */ + ASN1_OCTET_STRING *distinguishing_id; + OSSL_LIB_CTX *libctx; + char *propq; +}; + +struct X509_crl_info_st { + ASN1_INTEGER *version; /* version: defaults to v1(0) so may be NULL */ + X509_ALGOR sig_alg; /* signature algorithm */ + X509_NAME *issuer; /* CRL issuer name */ + ASN1_TIME *lastUpdate; /* lastUpdate field */ + ASN1_TIME *nextUpdate; /* nextUpdate field: optional */ + STACK_OF(X509_REVOKED) *revoked; /* revoked entries: optional */ + STACK_OF(X509_EXTENSION) *extensions; /* extensions: optional */ + ASN1_ENCODING enc; /* encoding of signed portion of CRL */ +}; + +struct X509_crl_st { + X509_CRL_INFO crl; /* signed CRL data */ + X509_ALGOR sig_alg; /* CRL signature algorithm */ + ASN1_BIT_STRING signature; /* CRL signature */ + CRYPTO_REF_COUNT references; + int flags; + /* + * Cached copies of decoded extension values, since extensions + * are optional any of these can be NULL. + */ + AUTHORITY_KEYID *akid; + ISSUING_DIST_POINT *idp; + /* Convenient breakdown of IDP */ + int idp_flags; + int idp_reasons; + /* CRL and base CRL numbers for delta processing */ + ASN1_INTEGER *crl_number; + ASN1_INTEGER *base_crl_number; + STACK_OF(GENERAL_NAMES) *issuers; + /* hash of CRL */ + unsigned char sha1_hash[SHA_DIGEST_LENGTH]; + /* alternative method to handle this CRL */ + const X509_CRL_METHOD *meth; + void *meth_data; + CRYPTO_RWLOCK *lock; + + OSSL_LIB_CTX *libctx; + char *propq; +}; + +struct x509_revoked_st { + ASN1_INTEGER serialNumber; /* revoked entry serial number */ + ASN1_TIME *revocationDate; /* revocation date */ + STACK_OF(X509_EXTENSION) *extensions; /* CRL entry extensions: optional */ + /* decoded value of CRLissuer extension: set if indirect CRL */ + STACK_OF(GENERAL_NAME) *issuer; + /* revocation reason: set to CRL_REASON_NONE if reason extension absent */ + int reason; + /* + * CRL entries are reordered for faster lookup of serial numbers. This + * field contains the original load sequence for this entry. + */ + int sequence; +}; + +/* + * This stuff is certificate "auxiliary info": it contains details which are + * useful in certificate stores and databases. When used this is tagged onto + * the end of the certificate itself. OpenSSL specific structure not defined + * in any RFC. + */ + +struct x509_cert_aux_st { + STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ + STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ + ASN1_UTF8STRING *alias; /* "friendly name" */ + ASN1_OCTET_STRING *keyid; /* key id of private key */ + STACK_OF(X509_ALGOR) *other; /* other unspecified info */ +}; + +struct x509_cinf_st { + ASN1_INTEGER *version; /* [ 0 ] default of v1 */ + ASN1_INTEGER serialNumber; + X509_ALGOR signature; + X509_NAME *issuer; + X509_VAL validity; + X509_NAME *subject; + X509_PUBKEY *key; + ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ + ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ + STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ + ASN1_ENCODING enc; +}; + +struct x509_st { + X509_CINF cert_info; + X509_ALGOR sig_alg; + ASN1_BIT_STRING signature; + X509_SIG_INFO siginf; + CRYPTO_REF_COUNT references; + CRYPTO_EX_DATA ex_data; + /* These contain copies of various extension values */ + long ex_pathlen; + long ex_pcpathlen; + uint32_t ex_flags; + uint32_t ex_kusage; + uint32_t ex_xkusage; + uint32_t ex_nscert; + ASN1_OCTET_STRING *skid; + AUTHORITY_KEYID *akid; + X509_POLICY_CACHE *policy_cache; + STACK_OF(DIST_POINT) *crldp; + STACK_OF(GENERAL_NAME) *altname; + NAME_CONSTRAINTS *nc; +# ifndef OPENSSL_NO_RFC3779 + STACK_OF(IPAddressFamily) *rfc3779_addr; + struct ASIdentifiers_st *rfc3779_asid; +# endif + unsigned char sha1_hash[SHA_DIGEST_LENGTH]; + X509_CERT_AUX *aux; + CRYPTO_RWLOCK *lock; + volatile int ex_cached; + + /* Set on live certificates for authentication purposes */ + ASN1_OCTET_STRING *distinguishing_id; + + OSSL_LIB_CTX *libctx; + char *propq; +} /* X509 */ ; + +/* + * This is a used when verifying cert chains. Since the gathering of the + * cert chain can take some time (and have to be 'retried', this needs to be + * kept and passed around. + */ +struct x509_store_ctx_st { /* X509_STORE_CTX */ + X509_STORE *store; + /* The following are set by the caller */ + /* The cert to check */ + X509 *cert; + /* chain of X509s - untrusted - passed in */ + STACK_OF(X509) *untrusted; + /* set of CRLs passed in */ + STACK_OF(X509_CRL) *crls; + X509_VERIFY_PARAM *param; + /* Other info for use with get_issuer() */ + void *other_ctx; + /* Callbacks for various operations */ + /* called to verify a certificate */ + int (*verify) (X509_STORE_CTX *ctx); + /* error callback */ + int (*verify_cb) (int ok, X509_STORE_CTX *ctx); + /* get issuers cert from ctx */ + int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + /* check issued */ + int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); + /* Check revocation status of chain */ + int (*check_revocation) (X509_STORE_CTX *ctx); + /* retrieve CRL */ + int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); + /* Check CRL validity */ + int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); + /* Check certificate against CRL */ + int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); + /* Check policy status of the chain */ + int (*check_policy) (X509_STORE_CTX *ctx); + STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, + const X509_NAME *nm); + /* cannot constify 'ctx' param due to lookup_certs_sk() in x509_vfy.c */ + STACK_OF(X509_CRL) *(*lookup_crls) (const X509_STORE_CTX *ctx, + const X509_NAME *nm); + int (*cleanup) (X509_STORE_CTX *ctx); + /* The following is built up */ + /* if 0, rebuild chain */ + int valid; + /* number of untrusted certs */ + int num_untrusted; + /* chain of X509s - built up and trusted */ + STACK_OF(X509) *chain; + /* Valid policy tree */ + X509_POLICY_TREE *tree; + /* Require explicit policy value */ + int explicit_policy; + /* When something goes wrong, this is why */ + int error_depth; + int error; + X509 *current_cert; + /* cert currently being tested as valid issuer */ + X509 *current_issuer; + /* current CRL */ + X509_CRL *current_crl; + /* score of current CRL */ + int current_crl_score; + /* Reason mask */ + unsigned int current_reasons; + /* For CRL path validation: parent context */ + X509_STORE_CTX *parent; + CRYPTO_EX_DATA ex_data; + SSL_DANE *dane; + /* signed via bare TA public key, rather than CA certificate */ + int bare_ta_signed; + /* Raw Public Key */ + EVP_PKEY *rpk; + + OSSL_LIB_CTX *libctx; + char *propq; +}; + +/* PKCS#8 private key info structure */ + +struct pkcs8_priv_key_info_st { + ASN1_INTEGER *version; + X509_ALGOR *pkeyalg; + ASN1_OCTET_STRING *pkey; + STACK_OF(X509_ATTRIBUTE) *attributes; +}; + +struct X509_sig_st { + X509_ALGOR *algor; + ASN1_OCTET_STRING *digest; +}; + +struct x509_object_st { + /* one of the above types */ + X509_LOOKUP_TYPE type; + union { + char *ptr; + X509 *x509; + X509_CRL *crl; + EVP_PKEY *pkey; + } data; +}; + +int ossl_a2i_ipadd(unsigned char *ipout, const char *ipasc); +int ossl_x509_set1_time(int *modified, ASN1_TIME **ptm, const ASN1_TIME *tm); +int ossl_x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags); +int ossl_x509v3_cache_extensions(X509 *x); +int ossl_x509_init_sig_info(X509 *x); + +int ossl_x509_set0_libctx(X509 *x, OSSL_LIB_CTX *libctx, const char *propq); +int ossl_x509_crl_set0_libctx(X509_CRL *x, OSSL_LIB_CTX *libctx, + const char *propq); +int ossl_x509_req_set0_libctx(X509_REQ *x, OSSL_LIB_CTX *libctx, + const char *propq); +int ossl_asn1_item_digest_ex(const ASN1_ITEM *it, const EVP_MD *type, + void *data, unsigned char *md, unsigned int *len, + OSSL_LIB_CTX *libctx, const char *propq); +int ossl_x509_add_cert_new(STACK_OF(X509) **sk, X509 *cert, int flags); +int ossl_x509_add_certs_new(STACK_OF(X509) **p_sk, STACK_OF(X509) *certs, + int flags); + +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_dup(const STACK_OF(X509_ATTRIBUTE) *x); + +int ossl_x509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq, + const X509_PUBKEY *key); +/* Calculate default key identifier according to RFC 5280 section 4.2.1.2 (1) */ +ASN1_OCTET_STRING *ossl_x509_pubkey_hash(X509_PUBKEY *pubkey); + +X509_PUBKEY *ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, + long len, OSSL_LIB_CTX *libctx, + const char *propq); +void ossl_X509_PUBKEY_INTERNAL_free(X509_PUBKEY *xpub); + +RSA *ossl_d2i_RSA_PSS_PUBKEY(RSA **a, const unsigned char **pp, long length); +int ossl_i2d_RSA_PSS_PUBKEY(const RSA *a, unsigned char **pp); +# ifndef OPENSSL_NO_DSA +DSA *ossl_d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length); +# endif /* OPENSSL_NO_DSA */ +# ifndef OPENSSL_NO_DH +DH *ossl_d2i_DH_PUBKEY(DH **a, const unsigned char **pp, long length); +int ossl_i2d_DH_PUBKEY(const DH *a, unsigned char **pp); +DH *ossl_d2i_DHx_PUBKEY(DH **a, const unsigned char **pp, long length); +int ossl_i2d_DHx_PUBKEY(const DH *a, unsigned char **pp); +# endif /* OPENSSL_NO_DH */ +# ifndef OPENSSL_NO_EC +ECX_KEY *ossl_d2i_ED25519_PUBKEY(ECX_KEY **a, + const unsigned char **pp, long length); +int ossl_i2d_ED25519_PUBKEY(const ECX_KEY *a, unsigned char **pp); +ECX_KEY *ossl_d2i_ED448_PUBKEY(ECX_KEY **a, + const unsigned char **pp, long length); +int ossl_i2d_ED448_PUBKEY(const ECX_KEY *a, unsigned char **pp); +ECX_KEY *ossl_d2i_X25519_PUBKEY(ECX_KEY **a, + const unsigned char **pp, long length); +int ossl_i2d_X25519_PUBKEY(const ECX_KEY *a, unsigned char **pp); +ECX_KEY *ossl_d2i_X448_PUBKEY(ECX_KEY **a, + const unsigned char **pp, long length); +int ossl_i2d_X448_PUBKEY(const ECX_KEY *a, unsigned char **pp); +# endif /* OPENSSL_NO_EC */ +EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a, const unsigned char **pp, + long length); +int ossl_x509_check_private_key(const EVP_PKEY *k, const EVP_PKEY *pkey); + +int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, + size_t vallen, STACK_OF(CONF_VALUE) **extlist); +/* Attribute addition functions not checking for duplicate attributes */ +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr); +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, + const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, + int nid, int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, + const char *attrname, + int type, + const unsigned char *bytes, + int len); +#endif /* OSSL_CRYPTO_X509_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/x509err.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/x509err.h new file mode 100644 index 000000000000..c7c7d25e97f7 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/x509err.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_X509ERR_H +# define OSSL_CRYPTO_X509ERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_X509_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/crypto/x509v3err.h b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/x509v3err.h new file mode 100644 index 000000000000..66d3ad92f865 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/crypto/x509v3err.h @@ -0,0 +1,27 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_X509V3ERR_H +# define OSSL_CRYPTO_X509V3ERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_X509V3_strings(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/asn1.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/asn1.h new file mode 100644 index 000000000000..36dbe0fcd32d --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/asn1.h @@ -0,0 +1,18 @@ +/* + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_ASN1_H +# define OSSL_INTERNAL_ASN1_H +# pragma once + +# include + +int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/bio.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/bio.h new file mode 100644 index 000000000000..9481f4c985e0 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/bio.h @@ -0,0 +1,101 @@ +/* + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_BIO_H +# define OSSL_INTERNAL_BIO_H +# pragma once + +# include +# include + +struct bio_method_st { + int type; + char *name; + int (*bwrite) (BIO *, const char *, size_t, size_t *); + int (*bwrite_old) (BIO *, const char *, int); + int (*bread) (BIO *, char *, size_t, size_t *); + int (*bread_old) (BIO *, char *, int); + int (*bputs) (BIO *, const char *); + int (*bgets) (BIO *, char *, int); + long (*ctrl) (BIO *, int, long, void *); + int (*create) (BIO *); + int (*destroy) (BIO *); + long (*callback_ctrl) (BIO *, int, BIO_info_cb *); + int (*bsendmmsg) (BIO *, BIO_MSG *, size_t, size_t, uint64_t, size_t *); + int (*brecvmmsg) (BIO *, BIO_MSG *, size_t, size_t, uint64_t, size_t *); +}; + +void bio_free_ex_data(BIO *bio); +void bio_cleanup(void); + + +/* Old style to new style BIO_METHOD conversion functions */ +int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written); +int bread_conv(BIO *bio, char *data, size_t datal, size_t *read); + +/* Changes to these internal BIOs must also update include/openssl/bio.h */ +# define BIO_CTRL_SET_KTLS 72 +# define BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG 74 +# define BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG 75 +# define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90 + +/* + * This is used with socket BIOs: + * BIO_FLAGS_KTLS_TX means we are using ktls with this BIO for sending. + * BIO_FLAGS_KTLS_TX_CTRL_MSG means we are about to send a ctrl message next. + * BIO_FLAGS_KTLS_RX means we are using ktls with this BIO for receiving. + * BIO_FLAGS_KTLS_TX_ZEROCOPY_SENDFILE means we are using the zerocopy mode with + * this BIO for sending using sendfile. + */ +# define BIO_FLAGS_KTLS_TX_CTRL_MSG 0x1000 +# define BIO_FLAGS_KTLS_RX 0x2000 +# define BIO_FLAGS_KTLS_TX 0x4000 +# define BIO_FLAGS_KTLS_TX_ZEROCOPY_SENDFILE 0x8000 + +/* KTLS related controls and flags */ +# define BIO_set_ktls_flag(b, is_tx) \ + BIO_set_flags(b, (is_tx) ? BIO_FLAGS_KTLS_TX : BIO_FLAGS_KTLS_RX) +# define BIO_should_ktls_flag(b, is_tx) \ + BIO_test_flags(b, (is_tx) ? BIO_FLAGS_KTLS_TX : BIO_FLAGS_KTLS_RX) +# define BIO_set_ktls_ctrl_msg_flag(b) \ + BIO_set_flags(b, BIO_FLAGS_KTLS_TX_CTRL_MSG) +# define BIO_should_ktls_ctrl_msg_flag(b) \ + BIO_test_flags(b, BIO_FLAGS_KTLS_TX_CTRL_MSG) +# define BIO_clear_ktls_ctrl_msg_flag(b) \ + BIO_clear_flags(b, BIO_FLAGS_KTLS_TX_CTRL_MSG) +# define BIO_set_ktls_zerocopy_sendfile_flag(b) \ + BIO_set_flags(b, BIO_FLAGS_KTLS_TX_ZEROCOPY_SENDFILE) + +# define BIO_set_ktls(b, keyblob, is_tx) \ + BIO_ctrl(b, BIO_CTRL_SET_KTLS, is_tx, keyblob) +# define BIO_set_ktls_ctrl_msg(b, record_type) \ + BIO_ctrl(b, BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG, record_type, NULL) +# define BIO_clear_ktls_ctrl_msg(b) \ + BIO_ctrl(b, BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG, 0, NULL) +# define BIO_set_ktls_tx_zerocopy_sendfile(b) \ + BIO_ctrl(b, BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE, 0, NULL) + +/* Functions to allow the core to offer the CORE_BIO type to providers */ +OSSL_CORE_BIO *ossl_core_bio_new_from_bio(BIO *bio); +OSSL_CORE_BIO *ossl_core_bio_new_file(const char *filename, const char *mode); +OSSL_CORE_BIO *ossl_core_bio_new_mem_buf(const void *buf, int len); +int ossl_core_bio_read_ex(OSSL_CORE_BIO *cb, void *data, size_t dlen, + size_t *readbytes); +int ossl_core_bio_write_ex(OSSL_CORE_BIO *cb, const void *data, size_t dlen, + size_t *written); +int ossl_core_bio_gets(OSSL_CORE_BIO *cb, char *buf, int size); +int ossl_core_bio_puts(OSSL_CORE_BIO *cb, const char *buf); +long ossl_core_bio_ctrl(OSSL_CORE_BIO *cb, int cmd, long larg, void *parg); +int ossl_core_bio_up_ref(OSSL_CORE_BIO *cb); +int ossl_core_bio_free(OSSL_CORE_BIO *cb); +int ossl_core_bio_vprintf(OSSL_CORE_BIO *cb, const char *format, va_list args); + +int ossl_bio_init_core(OSSL_LIB_CTX *libctx, const OSSL_DISPATCH *fns); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/bio_addr.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/bio_addr.h new file mode 100644 index 000000000000..a6449b7eb051 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/bio_addr.h @@ -0,0 +1,29 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_BIO_ADDR_H +# define OSSL_BIO_ADDR_H + +# include "internal/e_os.h" +# include "internal/sockets.h" + +# ifndef OPENSSL_NO_SOCK +union bio_addr_st { + struct sockaddr sa; +# if OPENSSL_USE_IPV6 + struct sockaddr_in6 s_in6; +# endif + struct sockaddr_in s_in; +# ifndef OPENSSL_NO_UNIX_SOCK + struct sockaddr_un s_un; +# endif +}; +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/bio_tfo.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/bio_tfo.h new file mode 100644 index 000000000000..64c0d4c32724 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/bio_tfo.h @@ -0,0 +1,151 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Contains definitions for simplifying the use of TCP Fast Open + * (RFC7413) in OpenSSL socket BIOs. + */ + +/* If a supported OS is added here, update test/bio_tfo_test.c */ +#if defined(TCP_FASTOPEN) && !defined(OPENSSL_NO_TFO) + +# if defined(OPENSSL_SYS_MACOSX) || defined(__FreeBSD__) +# include +# endif + +/* + * OSSL_TFO_SYSCTL is used to determine if TFO is supported by + * this kernel, and if supported, if it is enabled. This is more of + * a problem on FreeBSD 10.3 ~ 11.4, where TCP_FASTOPEN was defined, + * but not enabled by default in the kernel, and only for the server. + * Linux does not have sysctlbyname(), and the closest equivalent + * is to go into the /proc filesystem, but I'm not sure it's + * worthwhile. + * + * On MacOS and Linux: + * These operating systems use a single parameter to control TFO. + * The OSSL_TFO_CLIENT_FLAG and OSSL_TFO_SERVER_FLAGS are used to + * determine if TFO is enabled for the client and server respectively. + * + * OSSL_TFO_CLIENT_FLAG = 1 = client TFO enabled + * OSSL_TFO_SERVER_FLAG = 2 = server TFO enabled + * + * Such that: + * 0 = TFO disabled + * 3 = server and client TFO enabled + * + * macOS 10.14 and later support TFO. + * Linux kernel 3.6 added support for client TFO. + * Linux kernel 3.7 added support for server TFO. + * Linux kernel 3.13 enabled TFO by default. + * Linux kernel 4.11 added the TCP_FASTOPEN_CONNECT option. + * + * On FreeBSD: + * FreeBSD 10.3 ~ 11.4 uses a single sysctl for server enable. + * FreeBSD 12.0 and later uses separate sysctls for server and + * client enable. + * + * Some options are purposely NOT defined per-platform + * + * OSSL_TFO_SYSCTL + * Defined as a sysctlbyname() option to determine if + * TFO is enabled in the kernel (macOS, FreeBSD) + * + * OSSL_TFO_SERVER_SOCKOPT + * Defined to indicate the socket option used to enable + * TFO on a server socket (all) + * + * OSSL_TFO_SERVER_SOCKOPT_VALUE + * Value to be used with OSSL_TFO_SERVER_SOCKOPT + * + * OSSL_TFO_CONNECTX + * Use the connectx() function to make a client connection + * (macOS) + * + * OSSL_TFO_CLIENT_SOCKOPT + * Defined to indicate the socket option used to enable + * TFO on a client socket (FreeBSD, Linux 4.14 and later) + * + * OSSL_TFO_SENDTO + * Defined to indicate the sendto() message type to + * be used to initiate a TFO connection (FreeBSD, + * Linux pre-4.14) + * + * OSSL_TFO_DO_NOT_CONNECT + * Defined to skip calling connect() when creating a + * client socket (macOS, FreeBSD, Linux pre-4.14) + */ + +# if defined(OPENSSL_SYS_WINDOWS) +/* + * NO WINDOWS SUPPORT + * + * But this is what would be used on the server: + * + * define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN + * define OSSL_TFO_SERVER_SOCKOPT_VALUE 1 + * + * Still have to figure out client support + */ +# undef TCP_FASTOPEN +# endif + +/* NO VMS SUPPORT */ +# if defined(OPENSSL_SYS_VMS) +# undef TCP_FASTOPEN +# endif + +# if defined(OPENSSL_SYS_MACOSX) +# define OSSL_TFO_SYSCTL "net.inet.tcp.fastopen" +# define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN +# define OSSL_TFO_SERVER_SOCKOPT_VALUE 1 +# define OSSL_TFO_CONNECTX 1 +# define OSSL_TFO_DO_NOT_CONNECT 1 +# define OSSL_TFO_CLIENT_FLAG 1 +# define OSSL_TFO_SERVER_FLAG 2 +# endif + +# if defined(__FreeBSD__) +# if defined(TCP_FASTOPEN_PSK_LEN) +/* As of 12.0 these are the SYSCTLs */ +# define OSSL_TFO_SYSCTL_SERVER "net.inet.tcp.fastopen.server_enable" +# define OSSL_TFO_SYSCTL_CLIENT "net.inet.tcp.fastopen.client_enable" +# define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN +# define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN +# define OSSL_TFO_CLIENT_SOCKOPT TCP_FASTOPEN +# define OSSL_TFO_DO_NOT_CONNECT 1 +# define OSSL_TFO_SENDTO 0 +/* These are the same because the sysctl are client/server-specific */ +# define OSSL_TFO_CLIENT_FLAG 1 +# define OSSL_TFO_SERVER_FLAG 1 +# else +/* 10.3 through 11.4 SYSCTL - ONLY SERVER SUPPORT */ +# define OSSL_TFO_SYSCTL "net.inet.tcp.fastopen.enabled" +# define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN +# define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN +# define OSSL_TFO_SERVER_FLAG 1 +# endif +# endif + +# if defined(OPENSSL_SYS_LINUX) +/* OSSL_TFO_PROC not used, but of interest */ +# define OSSL_TFO_PROC "/proc/sys/net/ipv4/tcp_fastopen" +# define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN +# define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN +# if defined(TCP_FASTOPEN_CONNECT) +# define OSSL_TFO_CLIENT_SOCKOPT TCP_FASTOPEN_CONNECT +# else +# define OSSL_TFO_SENDTO MSG_FASTOPEN +# define OSSL_TFO_DO_NOT_CONNECT 1 +# endif +# define OSSL_TFO_CLIENT_FLAG 1 +# define OSSL_TFO_SERVER_FLAG 2 +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/common.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/common.h new file mode 100644 index 000000000000..b176a27494ed --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/common.h @@ -0,0 +1,231 @@ +/* + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_COMMON_H +# define OSSL_INTERNAL_COMMON_H +# pragma once + +# include +# include +# include "openssl/configuration.h" + +# include "internal/e_os.h" /* ossl_inline in many files */ +# include "internal/nelem.h" + +# if defined(__GNUC__) || defined(__clang__) +# define ossl_likely(x) __builtin_expect(!!(x), 1) +# define ossl_unlikely(x) __builtin_expect(!!(x), 0) +# else +# define ossl_likely(x) x +# define ossl_unlikely(x) x +# endif + +# if defined(__GNUC__) || defined(__clang__) +# define ALIGN32 __attribute((aligned(32))) +# define ALIGN64 __attribute((aligned(64))) +# elif defined(_MSC_VER) +# define ALIGN32 __declspec(align(32)) +# define ALIGN64 __declspec(align(64)) +# else +# define ALIGN32 +# define ALIGN64 +# endif + +# ifdef NDEBUG +# define ossl_assert(x) ossl_likely((x) != 0) +# else +__owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr, + const char *file, int line) +{ + if (!expr) + OPENSSL_die(exprstr, file, line); + + return expr; +} + +# define ossl_assert(x) ossl_assert_int((x) != 0, "Assertion failed: "#x, \ + __FILE__, __LINE__) + +# endif + +/* Check if |pre|, which must be a string literal, is a prefix of |str| */ +#define HAS_PREFIX(str, pre) (strncmp(str, pre "", sizeof(pre) - 1) == 0) +/* As before, and if check succeeds, advance |str| past the prefix |pre| */ +#define CHECK_AND_SKIP_PREFIX(str, pre) \ + (HAS_PREFIX(str, pre) ? ((str) += sizeof(pre) - 1, 1) : 0) +/* Check if the string literal |p| is a case-insensitive prefix of |s| */ +#define HAS_CASE_PREFIX(s, p) (OPENSSL_strncasecmp(s, p "", sizeof(p) - 1) == 0) +/* As before, and if check succeeds, advance |str| past the prefix |pre| */ +#define CHECK_AND_SKIP_CASE_PREFIX(str, pre) \ + (HAS_CASE_PREFIX(str, pre) ? ((str) += sizeof(pre) - 1, 1) : 0) +/* Check if the string literal |suffix| is a case-insensitive suffix of |str| */ +#define HAS_CASE_SUFFIX(str, suffix) (strlen(str) < sizeof(suffix) - 1 ? 0 : \ + OPENSSL_strcasecmp(str + strlen(str) - sizeof(suffix) + 1, suffix "") == 0) + +/* + * Use this inside a union with the field that needs to be aligned to a + * reasonable boundary for the platform. The most pessimistic alignment + * of the listed types will be used by the compiler. + */ +# define OSSL_UNION_ALIGN \ + double align; \ + ossl_uintmax_t align_int; \ + void *align_ptr + +# define OPENSSL_CONF "openssl.cnf" + +# ifndef OPENSSL_SYS_VMS +# define X509_CERT_AREA OPENSSLDIR +# define X509_CERT_DIR OPENSSLDIR "/certs" +# define X509_CERT_FILE OPENSSLDIR "/cert.pem" +# define X509_PRIVATE_DIR OPENSSLDIR "/private" +# define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf" +# else +# define X509_CERT_AREA "OSSL$DATAROOT:[000000]" +# define X509_CERT_DIR "OSSL$DATAROOT:[CERTS]" +# define X509_CERT_FILE "OSSL$DATAROOT:[000000]cert.pem" +# define X509_PRIVATE_DIR "OSSL$DATAROOT:[PRIVATE]" +# define CTLOG_FILE "OSSL$DATAROOT:[000000]ct_log_list.cnf" +# endif + +# define X509_CERT_DIR_EVP "SSL_CERT_DIR" +# define X509_CERT_FILE_EVP "SSL_CERT_FILE" +# define CTLOG_FILE_EVP "CTLOG_FILE" + +/* size of string representations */ +# define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) +# define HEX_SIZE(type) (sizeof(type)*2) + +# define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ + l|=(((unsigned long)(*((c)++)))<< 8), \ + l|=(((unsigned long)(*((c)++)))<<16), \ + l|=(((unsigned long)(*((c)++)))<<24)) + +/* NOTE - c is not incremented as per c2l */ +# define c2ln(c,l1,l2,n) { \ + c+=n; \ + l1=l2=0; \ + switch (n) { \ + case 8: l2 =((unsigned long)(*(--(c))))<<24; \ + case 7: l2|=((unsigned long)(*(--(c))))<<16; \ + case 6: l2|=((unsigned long)(*(--(c))))<< 8; \ + case 5: l2|=((unsigned long)(*(--(c)))); \ + case 4: l1 =((unsigned long)(*(--(c))))<<24; \ + case 3: l1|=((unsigned long)(*(--(c))))<<16; \ + case 2: l1|=((unsigned long)(*(--(c))))<< 8; \ + case 1: l1|=((unsigned long)(*(--(c)))); \ + } \ + } + +# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24)&0xff)) + +# define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \ + l|=((unsigned long)(*((c)++)))<<16, \ + l|=((unsigned long)(*((c)++)))<< 8, \ + l|=((unsigned long)(*((c)++)))) + +# define n2l8(c,l) (l =((uint64_t)(*((c)++)))<<56, \ + l|=((uint64_t)(*((c)++)))<<48, \ + l|=((uint64_t)(*((c)++)))<<40, \ + l|=((uint64_t)(*((c)++)))<<32, \ + l|=((uint64_t)(*((c)++)))<<24, \ + l|=((uint64_t)(*((c)++)))<<16, \ + l|=((uint64_t)(*((c)++)))<< 8, \ + l|=((uint64_t)(*((c)++)))) + +# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +# define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ + *((c)++)=(unsigned char)(((l)>>48)&0xff), \ + *((c)++)=(unsigned char)(((l)>>40)&0xff), \ + *((c)++)=(unsigned char)(((l)>>32)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +/* NOTE - c is not incremented as per l2c */ +# define l2cn(l1,l2,c,n) { \ + c+=n; \ + switch (n) { \ + case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ + case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ + case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ + case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ + case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ + case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ + case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ + case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ + } \ + } + +# define n2s(c,s) ((s=(((unsigned int)((c)[0]))<< 8)| \ + (((unsigned int)((c)[1])) )),(c)+=2) +# define s2n(s,c) (((c)[0]=(unsigned char)(((s)>> 8)&0xff), \ + (c)[1]=(unsigned char)(((s) )&0xff)),(c)+=2) + +# define n2l3(c,l) ((l =(((unsigned long)((c)[0]))<<16)| \ + (((unsigned long)((c)[1]))<< 8)| \ + (((unsigned long)((c)[2])) )),(c)+=3) + +# define l2n3(l,c) (((c)[0]=(unsigned char)(((l)>>16)&0xff), \ + (c)[1]=(unsigned char)(((l)>> 8)&0xff), \ + (c)[2]=(unsigned char)(((l) )&0xff)),(c)+=3) + +static ossl_inline int ossl_ends_with_dirsep(const char *path) +{ + if (*path != '\0') + path += strlen(path) - 1; +# if defined __VMS + if (*path == ']' || *path == '>' || *path == ':') + return 1; +# elif defined _WIN32 + if (*path == '\\') + return 1; +# endif + return *path == '/'; +} + +static ossl_inline char ossl_determine_dirsep(const char *path) +{ + if (ossl_ends_with_dirsep(path)) + return '\0'; + +# if defined(_WIN32) + return '\\'; +# elif defined(__VMS) + return ':'; +# else + return '/'; +# endif +} + +static ossl_inline int ossl_is_absolute_path(const char *path) +{ +# if defined __VMS + if (strchr(path, ':') != NULL + || ((path[0] == '[' || path[0] == '<') + && path[1] != '.' && path[1] != '-' + && path[1] != ']' && path[1] != '>')) + return 1; +# elif defined _WIN32 + if (path[0] == '\\' + || (path[0] != '\0' && path[1] == ':')) + return 1; +# endif + return path[0] == '/'; +} + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/comp.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/comp.h new file mode 100644 index 000000000000..c48c29d56200 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/comp.h @@ -0,0 +1,14 @@ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +void ossl_comp_zlib_cleanup(void); +void ossl_comp_brotli_cleanup(void); +void ossl_comp_zstd_cleanup(void); diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/conf.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/conf.h new file mode 100644 index 000000000000..8c6c29cd2c5f --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/conf.h @@ -0,0 +1,31 @@ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_CONF_H +# define OSSL_INTERNAL_CONF_H +# pragma once + +# include + +# define DEFAULT_CONF_MFLAGS \ + (CONF_MFLAGS_DEFAULT_SECTION | \ + CONF_MFLAGS_IGNORE_MISSING_FILE | \ + CONF_MFLAGS_IGNORE_RETURN_CODES) + +struct ossl_init_settings_st { + char *filename; + char *appname; + unsigned long flags; +}; + +int ossl_config_int(const OPENSSL_INIT_SETTINGS *); +void ossl_no_config_int(void); +void ossl_config_modules_free(void); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/constant_time.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/constant_time.h new file mode 100644 index 000000000000..2b49afe1ea2a --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/constant_time.h @@ -0,0 +1,444 @@ +/* + * Copyright 2014-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_CONSTANT_TIME_H +# define OSSL_INTERNAL_CONSTANT_TIME_H +# pragma once + +# include +# include +# include /* For 'ossl_inline' */ + +/*- + * The boolean methods return a bitmask of all ones (0xff...f) for true + * and 0 for false. This is useful for choosing a value based on the result + * of a conditional in constant time. For example, + * if (a < b) { + * c = a; + * } else { + * c = b; + * } + * can be written as + * unsigned int lt = constant_time_lt(a, b); + * c = constant_time_select(lt, a, b); + */ + +/* Returns the given value with the MSB copied to all the other bits. */ +static ossl_inline unsigned int constant_time_msb(unsigned int a); +/* Convenience method for uint32_t. */ +static ossl_inline uint32_t constant_time_msb_32(uint32_t a); +/* Convenience method for uint64_t. */ +static ossl_inline uint64_t constant_time_msb_64(uint64_t a); + +/* Returns 0xff..f if a < b and 0 otherwise. */ +static ossl_inline unsigned int constant_time_lt(unsigned int a, + unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static ossl_inline unsigned char constant_time_lt_8(unsigned int a, + unsigned int b); +/* Convenience method for uint64_t. */ +static ossl_inline uint64_t constant_time_lt_64(uint64_t a, uint64_t b); + +/* Returns 0xff..f if a >= b and 0 otherwise. */ +static ossl_inline unsigned int constant_time_ge(unsigned int a, + unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static ossl_inline unsigned char constant_time_ge_8(unsigned int a, + unsigned int b); + +/* Returns 0xff..f if a == 0 and 0 otherwise. */ +static ossl_inline unsigned int constant_time_is_zero(unsigned int a); +/* Convenience method for getting an 8-bit mask. */ +static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a); +/* Convenience method for getting a 32-bit mask. */ +static ossl_inline uint32_t constant_time_is_zero_32(uint32_t a); + +/* Returns 0xff..f if a == b and 0 otherwise. */ +static ossl_inline unsigned int constant_time_eq(unsigned int a, + unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static ossl_inline unsigned char constant_time_eq_8(unsigned int a, + unsigned int b); +/* Signed integers. */ +static ossl_inline unsigned int constant_time_eq_int(int a, int b); +/* Convenience method for getting an 8-bit mask. */ +static ossl_inline unsigned char constant_time_eq_int_8(int a, int b); + +/*- + * Returns (mask & a) | (~mask & b). + * + * When |mask| is all 1s or all 0s (as returned by the methods above), + * the select methods return either |a| (if |mask| is nonzero) or |b| + * (if |mask| is zero). + */ +static ossl_inline unsigned int constant_time_select(unsigned int mask, + unsigned int a, + unsigned int b); +/* Convenience method for unsigned chars. */ +static ossl_inline unsigned char constant_time_select_8(unsigned char mask, + unsigned char a, + unsigned char b); + +/* Convenience method for uint32_t. */ +static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a, + uint32_t b); + +/* Convenience method for uint64_t. */ +static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a, + uint64_t b); +/* Convenience method for signed integers. */ +static ossl_inline int constant_time_select_int(unsigned int mask, int a, + int b); + + +static ossl_inline unsigned int constant_time_msb(unsigned int a) +{ + return 0 - (a >> (sizeof(a) * 8 - 1)); +} + + +static ossl_inline uint32_t constant_time_msb_32(uint32_t a) +{ + return 0 - (a >> 31); +} + +static ossl_inline uint64_t constant_time_msb_64(uint64_t a) +{ + return 0 - (a >> 63); +} + +static ossl_inline size_t constant_time_msb_s(size_t a) +{ + return 0 - (a >> (sizeof(a) * 8 - 1)); +} + +static ossl_inline unsigned int constant_time_lt(unsigned int a, + unsigned int b) +{ + return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b))); +} + +static ossl_inline size_t constant_time_lt_s(size_t a, size_t b) +{ + return constant_time_msb_s(a ^ ((a ^ b) | ((a - b) ^ b))); +} + +static ossl_inline unsigned char constant_time_lt_8(unsigned int a, + unsigned int b) +{ + return (unsigned char)constant_time_lt(a, b); +} + +static ossl_inline uint64_t constant_time_lt_64(uint64_t a, uint64_t b) +{ + return constant_time_msb_64(a ^ ((a ^ b) | ((a - b) ^ b))); +} + +#ifdef BN_ULONG +static ossl_inline BN_ULONG constant_time_msb_bn(BN_ULONG a) +{ + return 0 - (a >> (sizeof(a) * 8 - 1)); +} + +static ossl_inline BN_ULONG constant_time_lt_bn(BN_ULONG a, BN_ULONG b) +{ + return constant_time_msb_bn(a ^ ((a ^ b) | ((a - b) ^ b))); +} + +static ossl_inline BN_ULONG constant_time_is_zero_bn(BN_ULONG a) +{ + return constant_time_msb_bn(~a & (a - 1)); +} + +static ossl_inline BN_ULONG constant_time_eq_bn(BN_ULONG a, + BN_ULONG b) +{ + return constant_time_is_zero_bn(a ^ b); +} +#endif + +static ossl_inline unsigned int constant_time_ge(unsigned int a, + unsigned int b) +{ + return ~constant_time_lt(a, b); +} + +static ossl_inline size_t constant_time_ge_s(size_t a, size_t b) +{ + return ~constant_time_lt_s(a, b); +} + +static ossl_inline unsigned char constant_time_ge_8(unsigned int a, + unsigned int b) +{ + return (unsigned char)constant_time_ge(a, b); +} + +static ossl_inline unsigned char constant_time_ge_8_s(size_t a, size_t b) +{ + return (unsigned char)constant_time_ge_s(a, b); +} + +static ossl_inline unsigned int constant_time_is_zero(unsigned int a) +{ + return constant_time_msb(~a & (a - 1)); +} + +static ossl_inline size_t constant_time_is_zero_s(size_t a) +{ + return constant_time_msb_s(~a & (a - 1)); +} + +static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a) +{ + return (unsigned char)constant_time_is_zero(a); +} + +static ossl_inline uint32_t constant_time_is_zero_32(uint32_t a) +{ + return constant_time_msb_32(~a & (a - 1)); +} + +static ossl_inline uint64_t constant_time_is_zero_64(uint64_t a) +{ + return constant_time_msb_64(~a & (a - 1)); +} + +static ossl_inline unsigned int constant_time_eq(unsigned int a, + unsigned int b) +{ + return constant_time_is_zero(a ^ b); +} + +static ossl_inline size_t constant_time_eq_s(size_t a, size_t b) +{ + return constant_time_is_zero_s(a ^ b); +} + +static ossl_inline unsigned char constant_time_eq_8(unsigned int a, + unsigned int b) +{ + return (unsigned char)constant_time_eq(a, b); +} + +static ossl_inline unsigned char constant_time_eq_8_s(size_t a, size_t b) +{ + return (unsigned char)constant_time_eq_s(a, b); +} + +static ossl_inline unsigned int constant_time_eq_int(int a, int b) +{ + return constant_time_eq((unsigned)(a), (unsigned)(b)); +} + +static ossl_inline unsigned char constant_time_eq_int_8(int a, int b) +{ + return constant_time_eq_8((unsigned)(a), (unsigned)(b)); +} + +/* + * Returns the value unmodified, but avoids optimizations. + * The barriers prevent the compiler from narrowing down the + * possible value range of the mask and ~mask in the select + * statements, which avoids the recognition of the select + * and turning it into a conditional load or branch. + */ +static ossl_inline unsigned int value_barrier(unsigned int a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + unsigned int r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile unsigned int r = a; +#endif + return r; +} + +/* Convenience method for uint32_t. */ +static ossl_inline uint32_t value_barrier_32(uint32_t a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + uint32_t r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile uint32_t r = a; +#endif + return r; +} + +/* Convenience method for uint64_t. */ +static ossl_inline uint64_t value_barrier_64(uint64_t a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + uint64_t r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile uint64_t r = a; +#endif + return r; +} + +/* Convenience method for size_t. */ +static ossl_inline size_t value_barrier_s(size_t a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + size_t r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile size_t r = a; +#endif + return r; +} + +static ossl_inline unsigned int constant_time_select(unsigned int mask, + unsigned int a, + unsigned int b) +{ + return (value_barrier(mask) & a) | (value_barrier(~mask) & b); +} + +static ossl_inline size_t constant_time_select_s(size_t mask, + size_t a, + size_t b) +{ + return (value_barrier_s(mask) & a) | (value_barrier_s(~mask) & b); +} + +static ossl_inline unsigned char constant_time_select_8(unsigned char mask, + unsigned char a, + unsigned char b) +{ + return (unsigned char)constant_time_select(mask, a, b); +} + +static ossl_inline int constant_time_select_int(unsigned int mask, int a, + int b) +{ + return (int)constant_time_select(mask, (unsigned)(a), (unsigned)(b)); +} + +static ossl_inline int constant_time_select_int_s(size_t mask, int a, int b) +{ + return (int)constant_time_select((unsigned)mask, (unsigned)(a), + (unsigned)(b)); +} + +static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a, + uint32_t b) +{ + return (value_barrier_32(mask) & a) | (value_barrier_32(~mask) & b); +} + +static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a, + uint64_t b) +{ + return (value_barrier_64(mask) & a) | (value_barrier_64(~mask) & b); +} + +/* + * mask must be 0xFFFFFFFF or 0x00000000. + * + * if (mask) { + * uint32_t tmp = *a; + * + * *a = *b; + * *b = tmp; + * } + */ +static ossl_inline void constant_time_cond_swap_32(uint32_t mask, uint32_t *a, + uint32_t *b) +{ + uint32_t xor = *a ^ *b; + + xor &= mask; + *a ^= xor; + *b ^= xor; +} + +/* + * mask must be 0xFFFFFFFF or 0x00000000. + * + * if (mask) { + * uint64_t tmp = *a; + * + * *a = *b; + * *b = tmp; + * } + */ +static ossl_inline void constant_time_cond_swap_64(uint64_t mask, uint64_t *a, + uint64_t *b) +{ + uint64_t xor = *a ^ *b; + + xor &= mask; + *a ^= xor; + *b ^= xor; +} + +/* + * mask must be 0xFF or 0x00. + * "constant time" is per len. + * + * if (mask) { + * unsigned char tmp[len]; + * + * memcpy(tmp, a, len); + * memcpy(a, b); + * memcpy(b, tmp); + * } + */ +static ossl_inline void constant_time_cond_swap_buff(unsigned char mask, + unsigned char *a, + unsigned char *b, + size_t len) +{ + size_t i; + unsigned char tmp; + + for (i = 0; i < len; i++) { + tmp = a[i] ^ b[i]; + tmp &= mask; + a[i] ^= tmp; + b[i] ^= tmp; + } +} + +/* + * table is a two dimensional array of bytes. Each row has rowsize elements. + * Copies row number idx into out. rowsize and numrows are not considered + * private. + */ +static ossl_inline void constant_time_lookup(void *out, + const void *table, + size_t rowsize, + size_t numrows, + size_t idx) +{ + size_t i, j; + const unsigned char *tablec = (const unsigned char *)table; + unsigned char *outc = (unsigned char *)out; + unsigned char mask; + + memset(out, 0, rowsize); + + /* Note idx may underflow - but that is well defined */ + for (i = 0; i < numrows; i++, idx--) { + mask = (unsigned char)constant_time_is_zero_s(idx); + for (j = 0; j < rowsize; j++) + *(outc + j) |= constant_time_select_8(mask, *(tablec++), 0); + } +} + +/* + * Expected usage pattern is to unconditionally set error and then + * wipe it if there was no actual error. |clear| is 1 or 0. + */ +void err_clear_last_constant_time(int clear); + +#endif /* OSSL_INTERNAL_CONSTANT_TIME_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/core.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/core.h new file mode 100644 index 000000000000..03adb66bd342 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/core.h @@ -0,0 +1,71 @@ +/* + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_CORE_H +# define OSSL_INTERNAL_CORE_H +# pragma once + +/* + * namespaces: + * + * ossl_method_ Core Method API + */ + +/* + * construct an arbitrary method from a dispatch table found by looking + * up a match for the < operation_id, name, property > combination. + * constructor and destructor are the constructor and destructor for that + * arbitrary object. + * + * These objects are normally cached, unless the provider says not to cache. + * However, force_cache can be used to force caching whatever the provider + * says (for example, because the application knows better). + */ +typedef struct ossl_method_construct_method_st { + /* Get a temporary store */ + void *(*get_tmp_store)(void *data); + /* Reserve the appropriate method store */ + int (*lock_store)(void *store, void *data); + /* Unreserve the appropriate method store */ + int (*unlock_store)(void *store, void *data); + /* Get an already existing method from a store */ + void *(*get)(void *store, const OSSL_PROVIDER **prov, void *data); + /* Store a method in a store */ + int (*put)(void *store, void *method, const OSSL_PROVIDER *prov, + const char *name, const char *propdef, void *data); + /* Construct a new method */ + void *(*construct)(const OSSL_ALGORITHM *algodef, OSSL_PROVIDER *prov, + void *data); + /* Destruct a method */ + void (*destruct)(void *method, void *data); +} OSSL_METHOD_CONSTRUCT_METHOD; + +void *ossl_method_construct(OSSL_LIB_CTX *ctx, int operation_id, + OSSL_PROVIDER **provider_rw, int force_cache, + OSSL_METHOD_CONSTRUCT_METHOD *mcm, void *mcm_data); + +void ossl_algorithm_do_all(OSSL_LIB_CTX *libctx, int operation_id, + OSSL_PROVIDER *provider, + int (*pre)(OSSL_PROVIDER *, int operation_id, + int no_store, void *data, int *result), + int (*reserve_store)(int no_store, void *data), + void (*fn)(OSSL_PROVIDER *provider, + const OSSL_ALGORITHM *algo, + int no_store, void *data), + int (*unreserve_store)(void *data), + int (*post)(OSSL_PROVIDER *, int operation_id, + int no_store, void *data, int *result), + void *data); +char *ossl_algorithm_get1_first_name(const OSSL_ALGORITHM *algo); + +__owur int ossl_lib_ctx_write_lock(OSSL_LIB_CTX *ctx); +__owur int ossl_lib_ctx_read_lock(OSSL_LIB_CTX *ctx); +int ossl_lib_ctx_unlock(OSSL_LIB_CTX *ctx); +int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx); +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/cryptlib.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/cryptlib.h new file mode 100644 index 000000000000..a4fa4ce8d027 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/cryptlib.h @@ -0,0 +1,164 @@ +/* + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_CRYPTLIB_H +# define OSSL_INTERNAL_CRYPTLIB_H +# pragma once + +# ifdef OPENSSL_USE_APPLINK +# define BIO_FLAGS_UPLINK_INTERNAL 0x8000 +# include "ms/uplink.h" +# else +# define BIO_FLAGS_UPLINK_INTERNAL 0 +# endif + +# include "internal/common.h" + +# include +# include +# include +# include +# include + +typedef struct ex_callback_st EX_CALLBACK; +DEFINE_STACK_OF(EX_CALLBACK) + +typedef struct mem_st MEM; +DEFINE_LHASH_OF_EX(MEM); + +void OPENSSL_cpuid_setup(void); +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) +extern unsigned int OPENSSL_ia32cap_P[]; +#endif +void OPENSSL_showfatal(const char *fmta, ...); +int ossl_do_ex_data_init(OSSL_LIB_CTX *ctx); +void ossl_crypto_cleanup_all_ex_data_int(OSSL_LIB_CTX *ctx); +int openssl_init_fork_handlers(void); +int openssl_get_fork_id(void); + +char *ossl_safe_getenv(const char *name); + +extern CRYPTO_RWLOCK *memdbg_lock; +int openssl_strerror_r(int errnum, char *buf, size_t buflen); +# if !defined(OPENSSL_NO_STDIO) +FILE *openssl_fopen(const char *filename, const char *mode); +# else +void *openssl_fopen(const char *filename, const char *mode); +# endif + +uint32_t OPENSSL_rdtsc(void); +size_t OPENSSL_instrument_bus(unsigned int *, size_t); +size_t OPENSSL_instrument_bus2(unsigned int *, size_t, size_t); + +/* ex_data structures */ + +/* + * Each structure type (sometimes called a class), that supports + * exdata has a stack of callbacks for each instance. + */ +struct ex_callback_st { + long argl; /* Arbitrary long */ + void *argp; /* Arbitrary void * */ + int priority; /* Priority ordering for freeing */ + CRYPTO_EX_new *new_func; + CRYPTO_EX_free *free_func; + CRYPTO_EX_dup *dup_func; +}; + +/* + * The state for each class. This could just be a typedef, but + * a structure allows future changes. + */ +typedef struct ex_callbacks_st { + STACK_OF(EX_CALLBACK) *meth; +} EX_CALLBACKS; + +typedef struct ossl_ex_data_global_st { + CRYPTO_RWLOCK *ex_data_lock; + EX_CALLBACKS ex_data[CRYPTO_EX_INDEX__COUNT]; +} OSSL_EX_DATA_GLOBAL; + + +/* OSSL_LIB_CTX */ + +# define OSSL_LIB_CTX_PROVIDER_STORE_RUN_ONCE_INDEX 0 +# define OSSL_LIB_CTX_DEFAULT_METHOD_STORE_RUN_ONCE_INDEX 1 +# define OSSL_LIB_CTX_METHOD_STORE_RUN_ONCE_INDEX 2 +# define OSSL_LIB_CTX_MAX_RUN_ONCE 3 + +# define OSSL_LIB_CTX_EVP_METHOD_STORE_INDEX 0 +# define OSSL_LIB_CTX_PROVIDER_STORE_INDEX 1 +# define OSSL_LIB_CTX_PROPERTY_DEFN_INDEX 2 +# define OSSL_LIB_CTX_PROPERTY_STRING_INDEX 3 +# define OSSL_LIB_CTX_NAMEMAP_INDEX 4 +# define OSSL_LIB_CTX_DRBG_INDEX 5 +# define OSSL_LIB_CTX_DRBG_NONCE_INDEX 6 +# define OSSL_LIB_CTX_RAND_CRNGT_INDEX 7 +# ifdef FIPS_MODULE +# define OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX 8 +# endif +# define OSSL_LIB_CTX_FIPS_PROV_INDEX 9 +# define OSSL_LIB_CTX_ENCODER_STORE_INDEX 10 +# define OSSL_LIB_CTX_DECODER_STORE_INDEX 11 +# define OSSL_LIB_CTX_SELF_TEST_CB_INDEX 12 +# define OSSL_LIB_CTX_BIO_PROV_INDEX 13 +# define OSSL_LIB_CTX_GLOBAL_PROPERTIES 14 +# define OSSL_LIB_CTX_STORE_LOADER_STORE_INDEX 15 +# define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16 +# define OSSL_LIB_CTX_BIO_CORE_INDEX 17 +# define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 +# define OSSL_LIB_CTX_THREAD_INDEX 19 +# define OSSL_LIB_CTX_DECODER_CACHE_INDEX 20 +# define OSSL_LIB_CTX_MAX_INDEXES 20 + +OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx); +int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx); +int ossl_lib_ctx_is_global_default(OSSL_LIB_CTX *ctx); + +/* Functions to retrieve pointers to data by index */ +void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *, int /* index */); + +void ossl_lib_ctx_default_deinit(void); +OSSL_EX_DATA_GLOBAL *ossl_lib_ctx_get_ex_data_global(OSSL_LIB_CTX *ctx); + +const char *ossl_lib_ctx_get_descriptor(OSSL_LIB_CTX *libctx); +CRYPTO_THREAD_LOCAL *ossl_lib_ctx_get_rcukey(OSSL_LIB_CTX *libctx); + +OSSL_LIB_CTX *ossl_crypto_ex_data_get_ossl_lib_ctx(const CRYPTO_EX_DATA *ad); +int ossl_crypto_new_ex_data_ex(OSSL_LIB_CTX *ctx, int class_index, void *obj, + CRYPTO_EX_DATA *ad); +int ossl_crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index, + long argl, void *argp, + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func, + int priority); +int ossl_crypto_free_ex_index_ex(OSSL_LIB_CTX *ctx, int class_index, int idx); + +/* Function for simple binary search */ + +/* Flags */ +# define OSSL_BSEARCH_VALUE_ON_NOMATCH 0x01 +# define OSSL_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 + +const void *ossl_bsearch(const void *key, const void *base, int num, + int size, int (*cmp) (const void *, const void *), + int flags); + +char *ossl_sk_ASN1_UTF8STRING2text(STACK_OF(ASN1_UTF8STRING) *text, + const char *sep, size_t max_len); +char *ossl_ipaddr_to_asc(unsigned char *p, int len); + +char *ossl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep); +unsigned char *ossl_hexstr2buf_sep(const char *str, long *buflen, + const char sep); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/dane.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/dane.h new file mode 100644 index 000000000000..a3d78a7f8050 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/dane.h @@ -0,0 +1,104 @@ +/* + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_DANE_H +#define OSSL_INTERNAL_DANE_H +# pragma once + +# include + +/*- + * Certificate usages: + * https://tools.ietf.org/html/rfc6698#section-2.1.1 + */ +#define DANETLS_USAGE_PKIX_TA 0 +#define DANETLS_USAGE_PKIX_EE 1 +#define DANETLS_USAGE_DANE_TA 2 +#define DANETLS_USAGE_DANE_EE 3 +#define DANETLS_USAGE_LAST DANETLS_USAGE_DANE_EE + +/*- + * Selectors: + * https://tools.ietf.org/html/rfc6698#section-2.1.2 + */ +#define DANETLS_SELECTOR_CERT 0 +#define DANETLS_SELECTOR_SPKI 1 +#define DANETLS_SELECTOR_LAST DANETLS_SELECTOR_SPKI + +/*- + * Matching types: + * https://tools.ietf.org/html/rfc6698#section-2.1.3 + */ +#define DANETLS_MATCHING_FULL 0 +#define DANETLS_MATCHING_2256 1 +#define DANETLS_MATCHING_2512 2 +#define DANETLS_MATCHING_LAST DANETLS_MATCHING_2512 + +typedef struct danetls_record_st { + uint8_t usage; + uint8_t selector; + uint8_t mtype; + unsigned char *data; + size_t dlen; + EVP_PKEY *spki; +} danetls_record; + +DEFINE_STACK_OF(danetls_record) + +/* + * Shared DANE context + */ +struct dane_ctx_st { + const EVP_MD **mdevp; /* mtype -> digest */ + uint8_t *mdord; /* mtype -> preference */ + uint8_t mdmax; /* highest supported mtype */ + unsigned long flags; /* feature bitmask */ +}; + +/* + * Per connection DANE state + */ +struct ssl_dane_st { + struct dane_ctx_st *dctx; + STACK_OF(danetls_record) *trecs; + STACK_OF(X509) *certs; /* DANE-TA(2) Cert(0) Full(0) certs */ + danetls_record *mtlsa; /* Matching TLSA record */ + X509 *mcert; /* DANE matched cert */ + uint32_t umask; /* Usages present */ + int mdpth; /* Depth of matched cert */ + int pdpth; /* Depth of PKIX trust */ + unsigned long flags; /* feature bitmask */ +}; + +#define DANETLS_ENABLED(dane) \ + ((dane) != NULL && sk_danetls_record_num((dane)->trecs) > 0) + +#define DANETLS_USAGE_BIT(u) (((uint32_t)1) << u) + +#define DANETLS_PKIX_TA_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_TA)) +#define DANETLS_PKIX_EE_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_EE)) +#define DANETLS_DANE_TA_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_DANE_TA)) +#define DANETLS_DANE_EE_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_DANE_EE)) + +#define DANETLS_PKIX_MASK (DANETLS_PKIX_TA_MASK | DANETLS_PKIX_EE_MASK) +#define DANETLS_DANE_MASK (DANETLS_DANE_TA_MASK | DANETLS_DANE_EE_MASK) +#define DANETLS_TA_MASK (DANETLS_PKIX_TA_MASK | DANETLS_DANE_TA_MASK) +#define DANETLS_EE_MASK (DANETLS_PKIX_EE_MASK | DANETLS_DANE_EE_MASK) + +#define DANETLS_HAS_PKIX(dane) ((dane) && ((dane)->umask & DANETLS_PKIX_MASK)) +#define DANETLS_HAS_DANE(dane) ((dane) && ((dane)->umask & DANETLS_DANE_MASK)) +#define DANETLS_HAS_TA(dane) ((dane) && ((dane)->umask & DANETLS_TA_MASK)) +#define DANETLS_HAS_EE(dane) ((dane) && ((dane)->umask & DANETLS_EE_MASK)) + +#define DANETLS_HAS_PKIX_TA(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_TA_MASK)) +#define DANETLS_HAS_PKIX_EE(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_EE_MASK)) +#define DANETLS_HAS_DANE_TA(dane) ((dane)&&((dane)->umask & DANETLS_DANE_TA_MASK)) +#define DANETLS_HAS_DANE_EE(dane) ((dane)&&((dane)->umask & DANETLS_DANE_EE_MASK)) + +#endif /* OSSL_INTERNAL_DANE_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/deprecated.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/deprecated.h new file mode 100644 index 000000000000..a313a015459e --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/deprecated.h @@ -0,0 +1,30 @@ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This header file should be included by internal code that needs to use APIs + * that have been deprecated for public use, but where those symbols will still + * be available internally. For example the EVP and provider code needs to use + * low level APIs that are otherwise deprecated. + * + * This header *must* be the first OpenSSL header included by a source file. + */ + +#ifndef OSSL_INTERNAL_DEPRECATED_H +# define OSSL_INTERNAL_DEPRECATED_H +# pragma once + +# include + +# undef OPENSSL_NO_DEPRECATED +# define OPENSSL_SUPPRESS_DEPRECATED + +# include + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/der.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/der.h new file mode 100644 index 000000000000..8d6db8f06625 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/der.h @@ -0,0 +1,94 @@ +/* + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_DER_H +# define OSSL_INTERNAL_DER_H +# pragma once + +# include +# include "internal/packet.h" + +/* + * NOTE: X.690 numbers the identifier octet bits 1 to 8. + * We use the same numbering in comments here. + */ + +/* Well known primitive tags */ + +/* + * DER UNIVERSAL tags, occupying bits 1-5 in the DER identifier byte + * These are only valid for the UNIVERSAL class. With the other classes, + * these bits have a different meaning. + */ +# define DER_P_EOC 0 /* BER End Of Contents tag */ +# define DER_P_BOOLEAN 1 +# define DER_P_INTEGER 2 +# define DER_P_BIT_STRING 3 +# define DER_P_OCTET_STRING 4 +# define DER_P_NULL 5 +# define DER_P_OBJECT 6 +# define DER_P_OBJECT_DESCRIPTOR 7 +# define DER_P_EXTERNAL 8 +# define DER_P_REAL 9 +# define DER_P_ENUMERATED 10 +# define DER_P_UTF8STRING 12 +# define DER_P_SEQUENCE 16 +# define DER_P_SET 17 +# define DER_P_NUMERICSTRING 18 +# define DER_P_PRINTABLESTRING 19 +# define DER_P_T61STRING 20 +# define DER_P_VIDEOTEXSTRING 21 +# define DER_P_IA5STRING 22 +# define DER_P_UTCTIME 23 +# define DER_P_GENERALIZEDTIME 24 +# define DER_P_GRAPHICSTRING 25 +# define DER_P_ISO64STRING 26 +# define DER_P_GENERALSTRING 27 +# define DER_P_UNIVERSALSTRING 28 +# define DER_P_BMPSTRING 30 + +/* DER Flags, occupying bit 6 in the DER identifier byte */ +# define DER_F_PRIMITIVE 0x00 +# define DER_F_CONSTRUCTED 0x20 + +/* DER classes tags, occupying bits 7-8 in the DER identifier byte */ +# define DER_C_UNIVERSAL 0x00 +# define DER_C_APPLICATION 0x40 +# define DER_C_CONTEXT 0x80 +# define DER_C_PRIVATE 0xC0 + +/* + * Run-time constructors. + * + * They all construct DER backwards, so care should be taken to use them + * that way. + */ + +/* This can be used for all items that don't have a context */ +# define DER_NO_CONTEXT -1 + +int ossl_DER_w_precompiled(WPACKET *pkt, int tag, + const unsigned char *precompiled, + size_t precompiled_n); + +int ossl_DER_w_boolean(WPACKET *pkt, int tag, int b); +int ossl_DER_w_uint32(WPACKET *pkt, int tag, uint32_t v); +int ossl_DER_w_bn(WPACKET *pkt, int tag, const BIGNUM *v); +int ossl_DER_w_null(WPACKET *pkt, int tag); +int ossl_DER_w_octet_string(WPACKET *pkt, int tag, + const unsigned char *data, size_t data_n); +int ossl_DER_w_octet_string_uint32(WPACKET *pkt, int tag, uint32_t value); + +/* + * All constructors for constructed elements have a begin and a end function + */ +int ossl_DER_w_begin_sequence(WPACKET *pkt, int tag); +int ossl_DER_w_end_sequence(WPACKET *pkt, int tag); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/deterministic_nonce.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/deterministic_nonce.h new file mode 100644 index 000000000000..5f0313fe3842 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/deterministic_nonce.h @@ -0,0 +1,24 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_DETERMINISTIC_NONCE_H +# define OSSL_INTERNAL_DETERMINISTIC_NONCE_H +# pragma once + +# include + +int ossl_gen_deterministic_nonce_rfc6979(BIGNUM *out, const BIGNUM *q, + const BIGNUM *priv, + const unsigned char *message, + size_t message_len, + const char *digestname, + OSSL_LIB_CTX *libctx, + const char *propq); + +#endif /*OSSL_INTERNAL_DETERMINISTIC_NONCE_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/dso.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/dso.h new file mode 100644 index 000000000000..160ddb98db14 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/dso.h @@ -0,0 +1,164 @@ +/* + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_DSO_H +# define OSSL_INTERNAL_DSO_H +# pragma once + +# include +# include "internal/dsoerr.h" + +/* These values are used as commands to DSO_ctrl() */ +# define DSO_CTRL_GET_FLAGS 1 +# define DSO_CTRL_SET_FLAGS 2 +# define DSO_CTRL_OR_FLAGS 3 + +/* + * By default, DSO_load() will translate the provided filename into a form + * typical for the platform using the dso_name_converter function of the + * method. Eg. win32 will transform "blah" into "blah.dll", and dlfcn will + * transform it into "libblah.so". This callback could even utilise the + * DSO_METHOD's converter too if it only wants to override behaviour for + * one or two possible DSO methods. However, the following flag can be + * set in a DSO to prevent *any* native name-translation at all - eg. if + * the caller has prompted the user for a path to a driver library so the + * filename should be interpreted as-is. + */ +# define DSO_FLAG_NO_NAME_TRANSLATION 0x01 +/* + * An extra flag to give if only the extension should be added as + * translation. This is obviously only of importance on Unix and other + * operating systems where the translation also may prefix the name with + * something, like 'lib', and ignored everywhere else. This flag is also + * ignored if DSO_FLAG_NO_NAME_TRANSLATION is used at the same time. + */ +# define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY 0x02 + +/* + * Don't unload the DSO when we call DSO_free() + */ +# define DSO_FLAG_NO_UNLOAD_ON_FREE 0x04 + +/* + * This flag loads the library with public symbols. Meaning: The exported + * symbols of this library are public to all libraries loaded after this + * library. At the moment only implemented in unix. + */ +# define DSO_FLAG_GLOBAL_SYMBOLS 0x20 + +typedef void (*DSO_FUNC_TYPE) (void); + +typedef struct dso_st DSO; +typedef struct dso_meth_st DSO_METHOD; + +/* + * The function prototype used for method functions (or caller-provided + * callbacks) that transform filenames. They are passed a DSO structure + * pointer (or NULL if they are to be used independently of a DSO object) and + * a filename to transform. They should either return NULL (if there is an + * error condition) or a newly allocated string containing the transformed + * form that the caller will need to free with OPENSSL_free() when done. + */ +typedef char *(*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); +/* + * The function prototype used for method functions (or caller-provided + * callbacks) that merge two file specifications. They are passed a DSO + * structure pointer (or NULL if they are to be used independently of a DSO + * object) and two file specifications to merge. They should either return + * NULL (if there is an error condition) or a newly allocated string + * containing the result of merging that the caller will need to free with + * OPENSSL_free() when done. Here, merging means that bits and pieces are + * taken from each of the file specifications and added together in whatever + * fashion that is sensible for the DSO method in question. The only rule + * that really applies is that if the two specification contain pieces of the + * same type, the copy from the first string takes priority. One could see + * it as the first specification is the one given by the user and the second + * being a bunch of defaults to add on if they're missing in the first. + */ +typedef char *(*DSO_MERGER_FUNC)(DSO *, const char *, const char *); + +DSO *DSO_new(void); +int DSO_free(DSO *dso); +int DSO_flags(DSO *dso); +int DSO_up_ref(DSO *dso); +long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg); + +/* + * These functions can be used to get/set the platform-independent filename + * used for a DSO. NB: set will fail if the DSO is already loaded. + */ +const char *DSO_get_filename(DSO *dso); +int DSO_set_filename(DSO *dso, const char *filename); +/* + * This function will invoke the DSO's name_converter callback to translate a + * filename, or if the callback isn't set it will instead use the DSO_METHOD's + * converter. If "filename" is NULL, the "filename" in the DSO itself will be + * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is + * simply duplicated. NB: This function is usually called from within a + * DSO_METHOD during the processing of a DSO_load() call, and is exposed so + * that caller-created DSO_METHODs can do the same thing. A non-NULL return + * value will need to be OPENSSL_free()'d. + */ +char *DSO_convert_filename(DSO *dso, const char *filename); +/* + * This function will invoke the DSO's merger callback to merge two file + * specifications, or if the callback isn't set it will instead use the + * DSO_METHOD's merger. A non-NULL return value will need to be + * OPENSSL_free()'d. + */ +char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2); + +/* + * The all-singing all-dancing load function, you normally pass NULL for the + * first and third parameters. Use DSO_up_ref and DSO_free for subsequent + * reference count handling. Any flags passed in will be set in the + * constructed DSO after its init() function but before the load operation. + * If 'dso' is non-NULL, 'flags' is ignored. + */ +DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags); + +/* This function binds to a function inside a shared library. */ +DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname); + +/* + * This method is the default, but will beg, borrow, or steal whatever method + * should be the default on any particular platform (including + * DSO_METH_null() if necessary). + */ +DSO_METHOD *DSO_METHOD_openssl(void); + +/* + * This function writes null-terminated pathname of DSO module containing + * 'addr' into 'sz' large caller-provided 'path' and returns the number of + * characters [including trailing zero] written to it. If 'sz' is 0 or + * negative, 'path' is ignored and required amount of characters [including + * trailing zero] to accommodate pathname is returned. If 'addr' is NULL, then + * pathname of cryptolib itself is returned. Negative or zero return value + * denotes error. + */ +int DSO_pathbyaddr(void *addr, char *path, int sz); + +/* + * Like DSO_pathbyaddr() but instead returns a handle to the DSO for the symbol + * or NULL on error. + */ +DSO *DSO_dsobyaddr(void *addr, int flags); + +/* + * This function should be used with caution! It looks up symbols in *all* + * loaded modules and if module gets unloaded by somebody else attempt to + * dereference the pointer is doomed to have fatal consequences. Primary + * usage for this function is to probe *core* system functionality, e.g. + * check if getnameinfo(3) is available at run-time without bothering about + * OS-specific details such as libc.so.versioning or where does it actually + * reside: in libc itself or libsocket. + */ +void *DSO_global_lookup(const char *name); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/dsoerr.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/dsoerr.h new file mode 100644 index 000000000000..b1719e8377f4 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/dsoerr.h @@ -0,0 +1,48 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_DSOERR_H +# define OSSL_INTERNAL_DSOERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_DSO_strings(void); + +/* + * DSO reason codes. + */ +# define DSO_R_CTRL_FAILED 100 +# define DSO_R_DSO_ALREADY_LOADED 110 +# define DSO_R_EMPTY_FILE_STRUCTURE 113 +# define DSO_R_FAILURE 114 +# define DSO_R_FILENAME_TOO_BIG 101 +# define DSO_R_FINISH_FAILED 102 +# define DSO_R_INCORRECT_FILE_SYNTAX 115 +# define DSO_R_LOAD_FAILED 103 +# define DSO_R_NAME_TRANSLATION_FAILED 109 +# define DSO_R_NO_FILENAME 111 +# define DSO_R_NULL_HANDLE 104 +# define DSO_R_SET_FILENAME_FAILED 112 +# define DSO_R_STACK_ERROR 105 +# define DSO_R_SYM_FAILURE 106 +# define DSO_R_UNLOAD_FAILED 107 +# define DSO_R_UNSUPPORTED 108 + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/e_os.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/e_os.h new file mode 100644 index 000000000000..003d63e17f2a --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/e_os.h @@ -0,0 +1,385 @@ +/* + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_E_OS_H +# define OSSL_E_OS_H + +# include +# include + +# include +# include +# include "internal/numbers.h" /* Ensure the definition of SIZE_MAX */ + +/* + * contains what we can justify to make visible to the + * outside; this file e_os.h is not part of the exported interface. + */ + +# if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) +# define NO_CHMOD +# define NO_SYSLOG +# endif + +# define get_last_sys_error() errno +# define clear_sys_error() errno=0 +# define set_sys_error(e) errno=(e) + +/******************************************************************** + The Microsoft section + ********************************************************************/ +# if defined(OPENSSL_SYS_WIN32) && !defined(WIN32) +# define WIN32 +# endif +# if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS) +# define WINDOWS +# endif +# if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS) +# define MSDOS +# endif + +# ifdef WIN32 +# undef get_last_sys_error +# undef clear_sys_error +# undef set_sys_error +# define get_last_sys_error() GetLastError() +# define clear_sys_error() SetLastError(0) +# define set_sys_error(e) SetLastError(e) +# if !defined(WINNT) +# define WIN_CONSOLE_BUG +# endif +# else +# endif + +# if (defined(WINDOWS) || defined(MSDOS)) + +# ifdef __DJGPP__ +# include +# include +# define _setmode setmode +# define _O_TEXT O_TEXT +# define _O_BINARY O_BINARY +# undef DEVRANDOM_EGD /* Neither MS-DOS nor FreeDOS provide 'egd' sockets. */ +# undef DEVRANDOM +# define DEVRANDOM "/dev/urandom\x24" +# endif /* __DJGPP__ */ + +# ifndef S_IFDIR +# define S_IFDIR _S_IFDIR +# endif + +# ifndef S_IFMT +# define S_IFMT _S_IFMT +# endif + +# if !defined(WINNT) && !defined(__DJGPP__) +# define NO_SYSLOG +# endif + +# ifdef WINDOWS +# if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT) + /* + * Defining _WIN32_WINNT here in e_os.h implies certain "discipline." + * Most notably we ought to check for availability of each specific + * routine that was introduced after denoted _WIN32_WINNT with + * GetProcAddress(). Normally newer functions are masked with higher + * _WIN32_WINNT in SDK headers. So that if you wish to use them in + * some module, you'd need to override _WIN32_WINNT definition in + * the target module in order to "reach for" prototypes, but replace + * calls to new functions with indirect calls. Alternatively it + * might be possible to achieve the goal by /DELAYLOAD-ing .DLLs + * and check for current OS version instead. + */ +# define _WIN32_WINNT 0x0501 +# endif +# if defined(_WIN32_WINNT) || defined(_WIN32_WCE) + /* + * Just like defining _WIN32_WINNT including winsock2.h implies + * certain "discipline" for maintaining [broad] binary compatibility. + * As long as structures are invariant among Winsock versions, + * it's sufficient to check for specific Winsock2 API availability + * at run-time [DSO_global_lookup is recommended]... + */ +# include +# include + /* + * Clang-based C++Builder 10.3.3 toolchains cannot find C inline + * definitions at link-time. This header defines WspiapiLoad() as an + * __inline function. https://quality.embarcadero.com/browse/RSP-33806 + */ +# if !defined(__BORLANDC__) || !defined(__clang__) +# include +# endif + /* yes, they have to be #included prior to */ +# endif +# include +# include +# include +# include +# if defined(_WIN32_WCE) && !defined(EACCES) +# define EACCES 13 +# endif +# include +# ifdef _WIN64 +# define strlen(s) _strlen31(s) +/* cut strings to 2GB */ +static __inline unsigned int _strlen31(const char *str) +{ + unsigned int len = 0; + while (*str && len < 0x80000000U) + str++, len++; + return len & 0x7FFFFFFF; +} +# endif +# include +# if defined(_MSC_VER) && !defined(_WIN32_WCE) && !defined(_DLL) && defined(stdin) +# if _MSC_VER>=1300 && _MSC_VER<1600 +# undef stdin +# undef stdout +# undef stderr +FILE *__iob_func(void); +# define stdin (&__iob_func()[0]) +# define stdout (&__iob_func()[1]) +# define stderr (&__iob_func()[2]) +# endif +# endif +# endif +# include +# include + +# ifdef OPENSSL_SYS_WINCE +# define OPENSSL_NO_POSIX_IO +# endif + +# define EXIT(n) exit(n) +# define LIST_SEPARATOR_CHAR ';' +# ifndef W_OK +# define W_OK 2 +# endif +# ifndef R_OK +# define R_OK 4 +# endif +# ifdef OPENSSL_SYS_WINCE +# define DEFAULT_HOME "" +# else +# define DEFAULT_HOME "C:" +# endif + +/* Avoid Visual Studio 13 GetVersion deprecated problems */ +# if defined(_MSC_VER) && _MSC_VER>=1800 +# define check_winnt() (1) +# define check_win_minplat(x) (1) +# else +# define check_winnt() (GetVersion() < 0x80000000) +# define check_win_minplat(x) (LOBYTE(LOWORD(GetVersion())) >= (x)) +# endif + +# else /* The non-microsoft world */ + +# if defined(OPENSSL_SYS_VXWORKS) +# include +# else +# include +# endif + +# ifdef OPENSSL_SYS_VMS +# define VMS 1 + /* + * some programs don't include stdlib, so exit() and others give implicit + * function warnings + */ +# include +# if defined(__DECC) +# include +# else +# include +# endif +# define LIST_SEPARATOR_CHAR ',' + /* We don't have any well-defined random devices on VMS, yet... */ +# undef DEVRANDOM + /*- + We need to do this since VMS has the following coding on status codes: + + Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ... + The important thing to know is that odd numbers are considered + good, while even ones are considered errors. + Bits 3-15: actual status number + Bits 16-27: facility number. 0 is considered "unknown" + Bits 28-31: control bits. If bit 28 is set, the shell won't try to + output the message (which, for random codes, just looks ugly) + + So, what we do here is to change 0 to 1 to get the default success status, + and everything else is shifted up to fit into the status number field, and + the status is tagged as an error, which is what is wanted here. + + Finally, we add the VMS C facility code 0x35a000, because there are some + programs, such as Perl, that will reinterpret the code back to something + POSIX. 'man perlvms' explains it further. + + NOTE: the perlvms manual wants to turn all codes 2 to 255 into success + codes (status type = 1). I couldn't disagree more. Fortunately, the + status type doesn't seem to bother Perl. + -- Richard Levitte + */ +# define EXIT(n) exit((n) ? (((n) << 3) | 2 | 0x10000000 | 0x35a000) : 1) + +# define DEFAULT_HOME "SYS$LOGIN:" + +# else + /* !defined VMS */ +# include +# include +# ifdef OPENSSL_SYS_WIN32_CYGWIN +# include +# include +# endif + +# define LIST_SEPARATOR_CHAR ':' +# define EXIT(n) exit(n) +# endif + +# endif + +/***********************************************/ + +# if defined(OPENSSL_SYS_WINDOWS) +# if defined(_MSC_VER) && (_MSC_VER >= 1310) && !defined(_WIN32_WCE) +# define open _open +# define fdopen _fdopen +# define close _close +# ifndef strdup +# define strdup _strdup +# endif +# define unlink _unlink +# define fileno _fileno +# define isatty _isatty +# endif +# else +# include +# endif + +/* vxworks */ +# if defined(OPENSSL_SYS_VXWORKS) +# include +# include +# include +# include +# include +# include + +# define TTY_STRUCT int +# define sleep(a) taskDelay((a) * sysClkRateGet()) + +/* + * NOTE: these are implemented by helpers in database app! if the database is + * not linked, we need to implement them elsewhere + */ +struct hostent *gethostbyname(const char *name); +struct hostent *gethostbyaddr(const char *addr, int length, int type); +struct servent *getservbyname(const char *name, const char *proto); + +# endif +/* end vxworks */ + +/* ----------------------------- HP NonStop -------------------------------- */ +/* Required to support platform variant without getpid() and pid_t. */ +# if defined(__TANDEM) && defined(_GUARDIAN_TARGET) +# include +# include +# define getservbyname(name,proto) getservbyname((char*)name,proto) +# define gethostbyname(name) gethostbyname((char*)name) +# define ioctlsocket(a,b,c) ioctl(a,b,c) +# ifdef NO_GETPID +inline int nssgetpid(void); +# ifndef NSSGETPID_MACRO +# define NSSGETPID_MACRO +# include +# include + inline int nssgetpid(void) + { + short phandle[10]={0}; + union pseudo_pid { + struct { + short cpu; + short pin; + } cpu_pin ; + int ppid; + } ppid = { 0 }; + PROCESSHANDLE_GETMINE_(phandle); + PROCESSHANDLE_DECOMPOSE_(phandle, &ppid.cpu_pin.cpu, &ppid.cpu_pin.pin); + return ppid.ppid; + } +# define getpid(a) nssgetpid(a) +# endif /* NSSGETPID_MACRO */ +# endif /* NO_GETPID */ +/*# define setsockopt(a,b,c,d,f) setsockopt(a,b,c,(char*)d,f)*/ +/*# define getsockopt(a,b,c,d,f) getsockopt(a,b,c,(char*)d,f)*/ +/*# define connect(a,b,c) connect(a,(struct sockaddr *)b,c)*/ +/*# define bind(a,b,c) bind(a,(struct sockaddr *)b,c)*/ +/*# define sendto(a,b,c,d,e,f) sendto(a,(char*)b,c,d,(struct sockaddr *)e,f)*/ +# if defined(OPENSSL_THREADS) && !defined(_PUT_MODEL_) + /* + * HPNS SPT threads + */ +# define SPT_THREAD_SIGNAL 1 +# define SPT_THREAD_AWARE 1 +# include +# undef close +# define close spt_close +/* +# define get_last_socket_error() errno +# define clear_socket_error() errno=0 +# define ioctlsocket(a,b,c) ioctl(a,b,c) +# define closesocket(s) close(s) +# define readsocket(s,b,n) read((s),(char*)(b),(n)) +# define writesocket(s,b,n) write((s),(char*)(b),(n) +*/ +# define accept(a,b,c) accept(a,(struct sockaddr *)b,c) +# define recvfrom(a,b,c,d,e,f) recvfrom(a,b,(socklen_t)c,d,e,f) +# endif +# endif + +# ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION +# define CRYPTO_memcmp memcmp +# endif + +# ifndef OPENSSL_NO_SECURE_MEMORY + /* unistd.h defines _POSIX_VERSION */ +# if (defined(OPENSSL_SYS_UNIX) \ + && ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \ + || defined(__sun) || defined(__hpux) || defined(__sgi) \ + || defined(__osf__) )) \ + || defined(_WIN32) + /* secure memory is implemented */ +# else +# define OPENSSL_NO_SECURE_MEMORY +# endif +# endif + +/* + * str[n]casecmp_l is defined in POSIX 2008-01. Value is taken accordingly + * https://www.gnu.org/software/libc/manual/html_node/Feature-Test-Macros.html + * There are also equivalent functions on Windows. + * There is no locale_t on NONSTOP. + */ +# if defined(OPENSSL_SYS_WINDOWS) +# define locale_t _locale_t +# define freelocale _free_locale +# define strcasecmp_l _stricmp_l +# define strncasecmp_l _strnicmp_l +# define strcasecmp _stricmp +# define strncasecmp _strnicmp +# elif !defined(_POSIX_C_SOURCE) || _POSIX_C_SOURCE < 200809L \ + || defined(OPENSSL_SYS_TANDEM) +# ifndef OPENSSL_NO_LOCALE +# define OPENSSL_NO_LOCALE +# endif +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/endian.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/endian.h new file mode 100644 index 000000000000..7d5a73b1bb1f --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/endian.h @@ -0,0 +1,51 @@ +/* + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_ENDIAN_H +# define OSSL_INTERNAL_ENDIAN_H +# pragma once + +/* + * IS_LITTLE_ENDIAN and IS_BIG_ENDIAN can be used to detect the endianness + * at compile time. To use it, DECLARE_IS_ENDIAN must be used to declare + * a variable. + * + * L_ENDIAN and B_ENDIAN can be used at preprocessor time. They can be set + * in the configarion using the lib_cppflags variable. If neither is + * set, it will fall back to code works with either endianness. + */ + +# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) +# define DECLARE_IS_ENDIAN const int ossl_is_little_endian = __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ +# define IS_LITTLE_ENDIAN (ossl_is_little_endian) +# define IS_BIG_ENDIAN (!ossl_is_little_endian) +# if defined(L_ENDIAN) && (__BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__) +# error "L_ENDIAN defined on a big endian machine" +# endif +# if defined(B_ENDIAN) && (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) +# error "B_ENDIAN defined on a little endian machine" +# endif +# if !defined(L_ENDIAN) && (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) +# define L_ENDIAN +# endif +# if !defined(B_ENDIAN) && (__BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__) +# define B_ENDIAN +# endif +# else +# define DECLARE_IS_ENDIAN \ + const union { \ + long one; \ + char little; \ + } ossl_is_endian = { 1 } + +# define IS_LITTLE_ENDIAN (ossl_is_endian.little != 0) +# define IS_BIG_ENDIAN (ossl_is_endian.little == 0) +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/err.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/err.h new file mode 100644 index 000000000000..d8a308f0b46f --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/err.h @@ -0,0 +1,16 @@ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_ERR_H +# define OSSL_INTERNAL_ERR_H +# pragma once + +void err_free_strings_int(void); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/event_queue.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/event_queue.h new file mode 100644 index 000000000000..bda1ee6ad46d --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/event_queue.h @@ -0,0 +1,163 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_EVENT_QUEUE_H +# define OSSL_INTERNAL_EVENT_QUEUE_H +# pragma once + +# include "internal/priority_queue.h" +# include "internal/time.h" + +/* + * Opaque type holding an event. + */ +typedef struct ossl_event_st OSSL_EVENT; + +DEFINE_PRIORITY_QUEUE_OF(OSSL_EVENT); + +/* + * Public type representing an event queue, the underlying structure being + * opaque. + */ +typedef struct ossl_event_queue_st OSSL_EVENT_QUEUE; + +/* + * Public type representing a event queue entry. + * It is (internally) public so that it can be embedded into other structures, + * it should otherwise be treated as opaque. + */ +struct ossl_event_st { + uint32_t type; /* What type of event this is */ + uint32_t priority; /* What priority this event has */ + OSSL_TIME when; /* When the event is scheduled to happen */ + void *ctx; /* User argument passed to call backs */ + void *payload; /* Event specific data of unknown kind */ + size_t payload_size; /* Length (in bytes) of event specific data */ + + /* These fields are for internal use only */ + PRIORITY_QUEUE_OF(OSSL_EVENT) *queue; /* Queue containing this event */ + size_t ref; /* ID for this event */ + unsigned int flag_dynamic : 1; /* Malloced or not? */ +}; + +/* + * Utility function to populate an event structure and add it to the queue + */ +int ossl_event_queue_add(OSSL_EVENT_QUEUE *queue, OSSL_EVENT *event, + uint32_t type, uint32_t priority, + OSSL_TIME when, void *ctx, + void *payload, size_t payload_size); + +/* + * Utility functions to extract event fields + */ +static ossl_unused ossl_inline +uint32_t ossl_event_get_type(const OSSL_EVENT *event) +{ + return event->type; +} + +static ossl_unused ossl_inline +uint32_t ossl_event_get_priority(const OSSL_EVENT *event) +{ + return event->priority; +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_event_get_when(const OSSL_EVENT *event) +{ + return event->when; +} + +static ossl_unused ossl_inline +void *ossl_event_get0_ctx(const OSSL_EVENT *event) +{ + return event->ctx; +} + +static ossl_unused ossl_inline +void *ossl_event_get0_payload(const OSSL_EVENT *event, size_t *length) +{ + if (length != NULL) + *length = event->payload_size; + return event->payload; +} + +/* + * Create and free a queue. + */ +OSSL_EVENT_QUEUE *ossl_event_queue_new(void); +void ossl_event_queue_free(OSSL_EVENT_QUEUE *queue); + +/* + * Schedule a new event into an event queue. + * + * The event parameters are taken from the function arguments. + * + * The function returns NULL on failure and the added event on success. + */ +OSSL_EVENT *ossl_event_queue_add_new(OSSL_EVENT_QUEUE *queue, + uint32_t type, uint32_t priority, + OSSL_TIME when, void *ctx, + void *payload, size_t payload_size) +; + +/* + * Schedule an event into an event queue. + * + * The event parameters are taken from the function arguments. + * + * The function returns 0 on failure and 1 on success. + */ +int ossl_event_queue_add(OSSL_EVENT_QUEUE *queue, OSSL_EVENT *event, + uint32_t type, uint32_t priority, + OSSL_TIME when, void *ctx, + void *payload, size_t payload_size); + +/* + * Delete an event from the queue. + * This will cause the early deletion function to be called if it is non-NULL. + * A pointer to the event structure is returned. + */ +int ossl_event_queue_remove(OSSL_EVENT_QUEUE *queue, OSSL_EVENT *event); + +/* + * Free a dynamic event. + * Is a NOP for a static event. + */ +void ossl_event_free(OSSL_EVENT *event); + +/* + * Return the time until the next event for the specified event, if the event's + * time is past, zero is returned. Once activated, the event reference becomes + * invalid and this function becomes undefined. + */ +OSSL_TIME ossl_event_time_until(const OSSL_EVENT *event); + +/* + * Return the time until the next event in the queue. + * If the next event is in the past, zero is returned. + */ +OSSL_TIME ossl_event_queue_time_until_next(const OSSL_EVENT_QUEUE *queue); + +/* + * Postpone an event to trigger at the specified time. + * If the event has triggered, this function's behaviour is undefined. + */ +int ossl_event_queue_postpone_until(OSSL_EVENT_QUEUE *queue, + OSSL_EVENT *event, + OSSL_TIME when); + +/* + * Return the next event to process. + */ +int ossl_event_queue_get1_next_event(OSSL_EVENT_QUEUE *queue, + OSSL_EVENT **event); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/ffc.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/ffc.h new file mode 100644 index 000000000000..edd8381e8df4 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/ffc.h @@ -0,0 +1,221 @@ +/* + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_FFC_H +# define OSSL_INTERNAL_FFC_H +# pragma once + +# include +# include +# include +# include /* Uses Error codes from DH */ +# include +# include +# include "internal/sizes.h" + +/* Default value for gindex when canonical generation of g is not used */ +# define FFC_UNVERIFIABLE_GINDEX -1 + +/* The different types of FFC keys */ +# define FFC_PARAM_TYPE_DSA 0 +# define FFC_PARAM_TYPE_DH 1 + +/* + * The mode used by functions that share code for both generation and + * verification. See ossl_ffc_params_FIPS186_4_gen_verify(). + */ +#define FFC_PARAM_MODE_VERIFY 0 +#define FFC_PARAM_MODE_GENERATE 1 + +/* Return codes for generation and validation of FFC parameters */ +#define FFC_PARAM_RET_STATUS_FAILED 0 +#define FFC_PARAM_RET_STATUS_SUCCESS 1 +/* Returned if validating and g is only partially verifiable */ +#define FFC_PARAM_RET_STATUS_UNVERIFIABLE_G 2 + +/* Validation flags */ +# define FFC_PARAM_FLAG_VALIDATE_PQ 0x01 +# define FFC_PARAM_FLAG_VALIDATE_G 0x02 +# define FFC_PARAM_FLAG_VALIDATE_PQG \ + (FFC_PARAM_FLAG_VALIDATE_PQ | FFC_PARAM_FLAG_VALIDATE_G) +#define FFC_PARAM_FLAG_VALIDATE_LEGACY 0x04 + +/* + * NB: These values must align with the equivalently named macros in + * openssl/dh.h. We cannot use those macros here in case DH has been disabled. + */ +# define FFC_CHECK_P_NOT_PRIME 0x00001 +# define FFC_CHECK_P_NOT_SAFE_PRIME 0x00002 +# define FFC_CHECK_UNKNOWN_GENERATOR 0x00004 +# define FFC_CHECK_NOT_SUITABLE_GENERATOR 0x00008 +# define FFC_CHECK_Q_NOT_PRIME 0x00010 +# define FFC_CHECK_INVALID_Q_VALUE 0x00020 +# define FFC_CHECK_INVALID_J_VALUE 0x00040 + +/* + * 0x80, 0x100 reserved by include/openssl/dh.h with check bits that are not + * relevant for FFC. + */ + +# define FFC_CHECK_MISSING_SEED_OR_COUNTER 0x00200 +# define FFC_CHECK_INVALID_G 0x00400 +# define FFC_CHECK_INVALID_PQ 0x00800 +# define FFC_CHECK_INVALID_COUNTER 0x01000 +# define FFC_CHECK_P_MISMATCH 0x02000 +# define FFC_CHECK_Q_MISMATCH 0x04000 +# define FFC_CHECK_G_MISMATCH 0x08000 +# define FFC_CHECK_COUNTER_MISMATCH 0x10000 +# define FFC_CHECK_BAD_LN_PAIR 0x20000 +# define FFC_CHECK_INVALID_SEED_SIZE 0x40000 + +/* Validation Return codes */ +# define FFC_ERROR_PUBKEY_TOO_SMALL 0x01 +# define FFC_ERROR_PUBKEY_TOO_LARGE 0x02 +# define FFC_ERROR_PUBKEY_INVALID 0x04 +# define FFC_ERROR_NOT_SUITABLE_GENERATOR 0x08 +# define FFC_ERROR_PRIVKEY_TOO_SMALL 0x10 +# define FFC_ERROR_PRIVKEY_TOO_LARGE 0x20 +# define FFC_ERROR_PASSED_NULL_PARAM 0x40 + +/* + * Finite field cryptography (FFC) domain parameters are used by DH and DSA. + * Refer to FIPS186_4 Appendix A & B. + */ +typedef struct ffc_params_st { + /* Primes */ + BIGNUM *p; + BIGNUM *q; + /* Generator */ + BIGNUM *g; + /* DH X9.42 Optional Subgroup factor j >= 2 where p = j * q + 1 */ + BIGNUM *j; + + /* Required for FIPS186_4 validation of p, q and optionally canonical g */ + unsigned char *seed; + /* If this value is zero the hash size is used as the seed length */ + size_t seedlen; + /* Required for FIPS186_4 validation of p and q */ + int pcounter; + int nid; /* The identity of a named group */ + + /* + * Required for FIPS186_4 generation & validation of canonical g. + * It uses unverifiable g if this value is -1. + */ + int gindex; + int h; /* loop counter for unverifiable g */ + + unsigned int flags; + /* + * The digest to use for generation or validation. If this value is NULL, + * then the digest is chosen using the value of N. + */ + const char *mdname; + const char *mdprops; + /* Default key length for known named groups according to RFC7919 */ + int keylength; +} FFC_PARAMS; + +void ossl_ffc_params_init(FFC_PARAMS *params); +void ossl_ffc_params_cleanup(FFC_PARAMS *params); +void ossl_ffc_params_set0_pqg(FFC_PARAMS *params, BIGNUM *p, BIGNUM *q, + BIGNUM *g); +void ossl_ffc_params_get0_pqg(const FFC_PARAMS *params, const BIGNUM **p, + const BIGNUM **q, const BIGNUM **g); +void ossl_ffc_params_set0_j(FFC_PARAMS *d, BIGNUM *j); +int ossl_ffc_params_set_seed(FFC_PARAMS *params, + const unsigned char *seed, size_t seedlen); +void ossl_ffc_params_set_gindex(FFC_PARAMS *params, int index); +void ossl_ffc_params_set_pcounter(FFC_PARAMS *params, int index); +void ossl_ffc_params_set_h(FFC_PARAMS *params, int index); +void ossl_ffc_params_set_flags(FFC_PARAMS *params, unsigned int flags); +void ossl_ffc_params_enable_flags(FFC_PARAMS *params, unsigned int flags, + int enable); +void ossl_ffc_set_digest(FFC_PARAMS *params, const char *alg, const char *props); + +int ossl_ffc_params_set_validate_params(FFC_PARAMS *params, + const unsigned char *seed, + size_t seedlen, int counter); +void ossl_ffc_params_get_validate_params(const FFC_PARAMS *params, + unsigned char **seed, size_t *seedlen, + int *pcounter); + +int ossl_ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src); +int ossl_ffc_params_cmp(const FFC_PARAMS *a, const FFC_PARAMS *b, int ignore_q); + +#ifndef FIPS_MODULE +int ossl_ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent); +#endif /* FIPS_MODULE */ + + +int ossl_ffc_params_FIPS186_4_generate(OSSL_LIB_CTX *libctx, FFC_PARAMS *params, + int type, size_t L, size_t N, + int *res, BN_GENCB *cb); +int ossl_ffc_params_FIPS186_2_generate(OSSL_LIB_CTX *libctx, FFC_PARAMS *params, + int type, size_t L, size_t N, + int *res, BN_GENCB *cb); + +int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx, + FFC_PARAMS *params, int mode, int type, + size_t L, size_t N, int *res, + BN_GENCB *cb); +int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx, + FFC_PARAMS *params, int mode, int type, + size_t L, size_t N, int *res, + BN_GENCB *cb); + +int ossl_ffc_params_simple_validate(OSSL_LIB_CTX *libctx, + const FFC_PARAMS *params, + int paramstype, int *res); +int ossl_ffc_params_full_validate(OSSL_LIB_CTX *libctx, + const FFC_PARAMS *params, + int paramstype, int *res); +int ossl_ffc_params_FIPS186_4_validate(OSSL_LIB_CTX *libctx, + const FFC_PARAMS *params, + int type, int *res, BN_GENCB *cb); +int ossl_ffc_params_FIPS186_2_validate(OSSL_LIB_CTX *libctx, + const FFC_PARAMS *params, + int type, int *res, BN_GENCB *cb); + +int ossl_ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params, + int N, int s, BIGNUM *priv); + +int ossl_ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont, + const BIGNUM *p, const BIGNUM *q, + const BIGNUM *g, BIGNUM *tmp, + int *ret); + +int ossl_ffc_validate_public_key(const FFC_PARAMS *params, + const BIGNUM *pub_key, int *ret); +int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params, + const BIGNUM *pub_key, int *ret); +int ossl_ffc_validate_private_key(const BIGNUM *upper, const BIGNUM *priv_key, + int *ret); + +int ossl_ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *tmpl, + OSSL_PARAM params[]); +int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]); + +typedef struct dh_named_group_st DH_NAMED_GROUP; +const DH_NAMED_GROUP *ossl_ffc_name_to_dh_named_group(const char *name); +const DH_NAMED_GROUP *ossl_ffc_uid_to_dh_named_group(int uid); +#ifndef OPENSSL_NO_DH +const DH_NAMED_GROUP *ossl_ffc_numbers_to_dh_named_group(const BIGNUM *p, + const BIGNUM *q, + const BIGNUM *g); +#endif +int ossl_ffc_named_group_get_uid(const DH_NAMED_GROUP *group); +const char *ossl_ffc_named_group_get_name(const DH_NAMED_GROUP *); +#ifndef OPENSSL_NO_DH +int ossl_ffc_named_group_get_keylength(const DH_NAMED_GROUP *group); +const BIGNUM *ossl_ffc_named_group_get_q(const DH_NAMED_GROUP *group); +int ossl_ffc_named_group_set(FFC_PARAMS *ffc, const DH_NAMED_GROUP *group); +#endif + +#endif /* OSSL_INTERNAL_FFC_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/hpke_util.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/hpke_util.h new file mode 100644 index 000000000000..e1da5e0596fb --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/hpke_util.h @@ -0,0 +1,100 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_HPKE_UTIL_H +# define OSSL_INTERNAL_HPKE_UTIL_H +# pragma once + +/* Constants from RFC 9180 Section 7.1 and 7.3 */ +# define OSSL_HPKE_MAX_SECRET 64 +# define OSSL_HPKE_MAX_PUBLIC 133 +# define OSSL_HPKE_MAX_PRIVATE 66 +# define OSSL_HPKE_MAX_KDF_INPUTLEN 64 + +/* + * max length of a base-nonce (the Nn field from OSSL_HPKE_AEAD_INFO), this + * is used for a local stack array size + */ +# define OSSL_HPKE_MAX_NONCELEN 12 + +/* + * @brief info about a KEM + * Used to store constants from Section 7.1 "Table 2 KEM IDs" + * and the bitmask for EC curves described in Section 7.1.3 DeriveKeyPair + */ +typedef struct { + uint16_t kem_id; /* code point for key encipherment method */ + const char *keytype; /* string form of algtype "EC"/"X25519"/"X448" */ + const char *groupname; /* string form of EC group for NIST curves */ + const char *mdname; /* hash alg name for the HKDF */ + size_t Nsecret; /* size of secrets */ + size_t Nenc; /* length of encapsulated key */ + size_t Npk; /* length of public key */ + size_t Nsk; /* length of raw private key */ + uint8_t bitmask; +} OSSL_HPKE_KEM_INFO; + +/* + * @brief info about a KDF + */ +typedef struct { + uint16_t kdf_id; /* code point for KDF */ + const char *mdname; /* hash alg name for the HKDF */ + size_t Nh; /* length of hash/extract output */ +} OSSL_HPKE_KDF_INFO; + +/* + * @brief info about an AEAD + */ +typedef struct { + uint16_t aead_id; /* code point for aead alg */ + const char *name; /* alg name */ + size_t taglen; /* aead tag len */ + size_t Nk; /* size of a key for this aead */ + size_t Nn; /* length of a nonce for this aead */ +} OSSL_HPKE_AEAD_INFO; + +const OSSL_HPKE_KEM_INFO *ossl_HPKE_KEM_INFO_find_curve(const char *curve); +const OSSL_HPKE_KEM_INFO *ossl_HPKE_KEM_INFO_find_id(uint16_t kemid); +const OSSL_HPKE_KEM_INFO *ossl_HPKE_KEM_INFO_find_random(OSSL_LIB_CTX *ctx); +const OSSL_HPKE_KDF_INFO *ossl_HPKE_KDF_INFO_find_id(uint16_t kdfid); +const OSSL_HPKE_KDF_INFO *ossl_HPKE_KDF_INFO_find_random(OSSL_LIB_CTX *ctx); +const OSSL_HPKE_AEAD_INFO *ossl_HPKE_AEAD_INFO_find_id(uint16_t aeadid); +const OSSL_HPKE_AEAD_INFO *ossl_HPKE_AEAD_INFO_find_random(OSSL_LIB_CTX *ctx); + +int ossl_hpke_kdf_extract(EVP_KDF_CTX *kctx, + unsigned char *prk, size_t prklen, + const unsigned char *salt, size_t saltlen, + const unsigned char *ikm, size_t ikmlen); + +int ossl_hpke_kdf_expand(EVP_KDF_CTX *kctx, + unsigned char *okm, size_t okmlen, + const unsigned char *prk, size_t prklen, + const unsigned char *info, size_t infolen); + +int ossl_hpke_labeled_extract(EVP_KDF_CTX *kctx, + unsigned char *prk, size_t prklen, + const unsigned char *salt, size_t saltlen, + const char *protocol_label, + const unsigned char *suiteid, size_t suiteidlen, + const char *label, + const unsigned char *ikm, size_t ikmlen); +int ossl_hpke_labeled_expand(EVP_KDF_CTX *kctx, + unsigned char *okm, size_t okmlen, + const unsigned char *prk, size_t prklen, + const char *protocol_label, + const unsigned char *suiteid, size_t suiteidlen, + const char *label, + const unsigned char *info, size_t infolen); + +EVP_KDF_CTX *ossl_kdf_ctx_create(const char *kdfname, const char *mdname, + OSSL_LIB_CTX *libctx, const char *propq); + +int ossl_hpke_str2suite(const char *suitestr, OSSL_HPKE_SUITE *suite); +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/json_enc.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/json_enc.h new file mode 100644 index 000000000000..e7d9a6d922e7 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/json_enc.h @@ -0,0 +1,226 @@ +/* + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_JSON_ENC_H +# define OSSL_JSON_ENC_H + +# include + +/* + * JSON Encoder + * ============ + * + * This JSON encoder is used for qlog. It supports ordinary JSON (RFC 7159), + * JSON-SEQ (RFC 7464) and I-JSON (RFC 7493). It supports only basic ASCII. + */ + +struct json_write_buf { + BIO *bio; + char *buf; + size_t alloc, cur; +}; + +typedef struct ossl_json_enc_st { + uint32_t flags; + /* error: 1 if an error has occurred. */ + /* state: current state. */ + /* stack stores a bitmap. 0=object, 1=array. */ + /* stack cur size: stack_end_byte bytes, stack_end_bit bits. */ + /* stack alloc size: stack_bytes bytes. */ + unsigned char error, stack_end_bit, state, *stack, defer_indent; + unsigned char stack_small[16]; + struct json_write_buf wbuf; + size_t stack_end_byte, stack_bytes; +} OSSL_JSON_ENC; + +/* + * ossl_json_init + * -------------- + * + * Initialises a JSON encoder. + * + * If the flag OSSL_JSON_FLAG_SEQ is passed, the output is in JSON-SEQ. The + * caller should use the encoder as though it is encoding members of a JSON + * array (but without calling ossl_json_array_begin() or ossl_json_array_end()). + * Each top-level JSON item (e.g. JSON object) encoded will be separated + * correctly as per the JSON-SEQ format. + * + * If the flag OSSL_JSON_FLAG_SEQ is not passed, the output is in JSON format. + * Generally the caller should encode only a single output item (e.g. a JSON + * object). + * + * By default, JSON output is maximally compact. If OSSL_JSON_FLAG_PRETTY is + * set, JSON/JSON-SEQ output is spaced for optimal human readability. + * + * If OSSL_JSON_FLAG_IJSON is set, integers outside the range `[-2**53 + 1, + * 2**53 - 1]` are automatically converted to decimal strings before + * serialization. + */ +#define OSSL_JSON_FLAG_NONE 0 +#define OSSL_JSON_FLAG_SEQ (1U << 0) +#define OSSL_JSON_FLAG_PRETTY (1U << 1) +#define OSSL_JSON_FLAG_IJSON (1U << 2) + +int ossl_json_init(OSSL_JSON_ENC *json, BIO *bio, uint32_t flags); + +/* + * ossl_json_cleanup + * ----------------- + * + * Destroys a JSON encoder. + */ +void ossl_json_cleanup(OSSL_JSON_ENC *json); + +/* + * ossl_json_reset + * --------------- + * + * Resets a JSON encoder, as though it has just been initialised, allowing it + * to be used again for new output syntactically unrelated to any previous + * output. This is similar to calling ossl_json_cleanup followed by + * ossl_json_init but may allow internal buffers to be reused. + * + * If the JSON encoder has entered an error state, this function MAY allow + * recovery from this error state, in which case it will return 1. If this + * function returns 0, the JSON encoder is unrecoverable and + * ossl_json_cleanup() must be called. + * + * Automatically calls ossl_json_flush(). + */ +int ossl_json_reset(OSSL_JSON_ENC *json); + +/* + * ossl_json_flush + * --------------- + * + * Flushes the JSON encoder, ensuring that any residual bytes in internal + * buffers are written to the provided sink BIO. Flushing may also happen + * autonomously as buffers are filled, but the caller must use this function + * to guarantee all data has been flushed. + */ +int ossl_json_flush(OSSL_JSON_ENC *json); + +/* + * ossl_json_flush_cleanup + * ----------------------- + * + * Tries to flush as in a call to ossl_json_flush, and then calls + * ossl_json_cleanup regardless of the result. The result of the flush call is + * returned. + */ +int ossl_json_flush_cleanup(OSSL_JSON_ENC *json); + +/* + * ossl_json_set0_sink + * ------------------- + * + * Changes the sink used by the JSON encoder. + */ +int ossl_json_set0_sink(OSSL_JSON_ENC *json, BIO *bio); + +/* + * ossl_json_in_error + * ------------------ + * + * To enhance the ergonomics of the JSON API, the JSON object uses an implicit + * error tracking model. When a JSON API call fails (for example due to caller + * error, such as trying to close an array which was not opened), the JSON + * object enters an error state and all further calls are silently ignored. + * + * The caller can detect this condition after it is finished making builder + * calls to the JSON object by calling this function. This function returns 1 + * if an error occurred. At this point the caller's only recourse is to call + * ossl_json_reset() or ossl_json_cleanup(). + * + * Note that partial (i.e., invalid) output may still have been sent to the BIO + * in this case. Since the amount of output which can potentially be produced + * by a JSON object is unbounded, it is impractical to buffer it all before + * flushing. It is expected that errors will ordinarily be either caller errors + * (programming errors) or BIO errors. + */ +int ossl_json_in_error(OSSL_JSON_ENC *json); + +/* + * JSON Builder Calls + * ================== + * + * These functions are used to build JSON output. The functions which have + * begin and end function pairs must be called in correctly nested sequence. + * When writing an object, ossl_json_key() must be called exactly once before + * each call to write a JSON item. + * + * The JSON library takes responsibility for enforcing correct usage patterns. + * If a call is made that does not correspond to the JSON syntax, the JSON + * object enters the error state and all subsequent calls are ignored. + * + * In JSON-SEQ mode, the caller should act as though the library implicitly + * places all calls between an ossl_json_array_begin() and + * ossl_json_array_end() pair; for example, the normal usage pattern would be + * to call ossl_json_object_begin() followed by ossl_json_object_end(), in + * repeated sequence. + * + * The library does not enforce non-generation of duplicate keys. Avoiding this + * is the caller's responsibility. It is also the caller's responsibility to + * pass valid UTF-8 strings. All other forms of invalid output will cause an + * error. Note that due to the immediate nature of the API, partial output may + * have already been generated in such a case. + */ + +/* Begin a new JSON object. */ +void ossl_json_object_begin(OSSL_JSON_ENC *json); + +/* End a JSON object. Must be matched with a call to ossl_json_object_begin(). */ +void ossl_json_object_end(OSSL_JSON_ENC *json); + +/* Begin a new JSON array. */ +void ossl_json_array_begin(OSSL_JSON_ENC *json); + +/* End a JSON array. Must be matched with a call to ossl_json_array_end(). */ +void ossl_json_array_end(OSSL_JSON_ENC *json); + +/* + * Encode a JSON key within an object. Pass a zero-terminated string, which can + * be freed immediately following the call to this function. + */ +void ossl_json_key(OSSL_JSON_ENC *json, const char *key); + +/* Encode a JSON 'null' value. */ +void ossl_json_null(OSSL_JSON_ENC *json); + +/* Encode a JSON boolean value. */ +void ossl_json_bool(OSSL_JSON_ENC *json, int value); + +/* Encode a JSON integer from a uint64_t. */ +void ossl_json_u64(OSSL_JSON_ENC *json, uint64_t value); + +/* Encode a JSON integer from an int64_t. */ +void ossl_json_i64(OSSL_JSON_ENC *json, int64_t value); + +/* Encode a JSON number from a 64-bit floating point value. */ +void ossl_json_f64(OSSL_JSON_ENC *json, double value); + +/* + * Encode a JSON UTF-8 string from a zero-terminated string. The string passed + * can be freed immediately following the call to this function. + */ +void ossl_json_str(OSSL_JSON_ENC *json, const char *str); + +/* + * Encode a JSON UTF-8 string from a string with the given length. The string + * passed can be freed immediately following the call to this function. + */ +void ossl_json_str_len(OSSL_JSON_ENC *json, const char *str, size_t str_len); + +/* + * Encode binary data as a lowercase hex string. data_len is the data length in + * bytes. + */ +void ossl_json_str_hex(OSSL_JSON_ENC *json, const void *data, size_t data_len); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/ktls.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/ktls.h new file mode 100644 index 000000000000..072653dc5eeb --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/ktls.h @@ -0,0 +1,434 @@ +/* + * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#if defined(OPENSSL_SYS_LINUX) +# ifndef OPENSSL_NO_KTLS +# include +# if LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0) +# define OPENSSL_NO_KTLS +# ifndef PEDANTIC +# warning "KTLS requires Kernel Headers >= 4.13.0" +# warning "Skipping Compilation of KTLS" +# endif +# endif +# endif +#endif + +#ifndef HEADER_INTERNAL_KTLS +# define HEADER_INTERNAL_KTLS +# pragma once + +# ifndef OPENSSL_NO_KTLS + +# if defined(__FreeBSD__) +# include +# include +# include +# include +# include +# include + +# ifndef TCP_RXTLS_ENABLE +# define OPENSSL_NO_KTLS_RX +# endif +# define OPENSSL_KTLS_AES_GCM_128 +# define OPENSSL_KTLS_AES_GCM_256 +# define OPENSSL_KTLS_TLS13 +# ifdef TLS_CHACHA20_IV_LEN +# ifndef OPENSSL_NO_CHACHA +# define OPENSSL_KTLS_CHACHA20_POLY1305 +# endif +# endif + +typedef struct tls_enable ktls_crypto_info_t; + +/* + * FreeBSD does not require any additional steps to enable KTLS before + * setting keys. + */ +static ossl_inline int ktls_enable(int fd) +{ + return 1; +} + +/* + * The TCP_TXTLS_ENABLE socket option marks the outgoing socket buffer + * as using TLS. If successful, then data sent using this socket will + * be encrypted and encapsulated in TLS records using the tls_en + * provided here. + * + * The TCP_RXTLS_ENABLE socket option marks the incoming socket buffer + * as using TLS. If successful, then data received for this socket will + * be authenticated and decrypted using the tls_en provided here. + */ +static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *tls_en, int is_tx) +{ + if (is_tx) + return setsockopt(fd, IPPROTO_TCP, TCP_TXTLS_ENABLE, + tls_en, sizeof(*tls_en)) ? 0 : 1; +# ifndef OPENSSL_NO_KTLS_RX + return setsockopt(fd, IPPROTO_TCP, TCP_RXTLS_ENABLE, tls_en, + sizeof(*tls_en)) ? 0 : 1; +# else + return 0; +# endif +} + +/* Not supported on FreeBSD */ +static ossl_inline int ktls_enable_tx_zerocopy_sendfile(int fd) +{ + return 0; +} + +/* + * Send a TLS record using the tls_en provided in ktls_start and use + * record_type instead of the default SSL3_RT_APPLICATION_DATA. + * When the socket is non-blocking, then this call either returns EAGAIN or + * the entire record is pushed to TCP. It is impossible to send a partial + * record using this control message. + */ +static ossl_inline int ktls_send_ctrl_message(int fd, unsigned char record_type, + const void *data, size_t length) +{ + struct msghdr msg = { 0 }; + int cmsg_len = sizeof(record_type); + struct cmsghdr *cmsg; + char buf[CMSG_SPACE(cmsg_len)]; + struct iovec msg_iov; /* Vector of data to send/receive into */ + + msg.msg_control = buf; + msg.msg_controllen = sizeof(buf); + cmsg = CMSG_FIRSTHDR(&msg); + cmsg->cmsg_level = IPPROTO_TCP; + cmsg->cmsg_type = TLS_SET_RECORD_TYPE; + cmsg->cmsg_len = CMSG_LEN(cmsg_len); + *((unsigned char *)CMSG_DATA(cmsg)) = record_type; + msg.msg_controllen = cmsg->cmsg_len; + + msg_iov.iov_base = (void *)data; + msg_iov.iov_len = length; + msg.msg_iov = &msg_iov; + msg.msg_iovlen = 1; + + return sendmsg(fd, &msg, 0); +} + +# ifdef OPENSSL_NO_KTLS_RX + +static ossl_inline int ktls_read_record(int fd, void *data, size_t length) +{ + return -1; +} + +# else /* !defined(OPENSSL_NO_KTLS_RX) */ + +/* + * Receive a TLS record using the tls_en provided in ktls_start. The + * kernel strips any explicit IV and authentication tag, but provides + * the TLS record header via a control message. If there is an error + * with the TLS record such as an invalid header, invalid padding, or + * authentication failure recvmsg() will fail with an error. + */ +static ossl_inline int ktls_read_record(int fd, void *data, size_t length) +{ + struct msghdr msg = { 0 }; + int cmsg_len = sizeof(struct tls_get_record); + struct tls_get_record *tgr; + struct cmsghdr *cmsg; + char buf[CMSG_SPACE(cmsg_len)]; + struct iovec msg_iov; /* Vector of data to send/receive into */ + int ret; + unsigned char *p = data; + const size_t prepend_length = SSL3_RT_HEADER_LENGTH; + + if (length <= prepend_length) { + errno = EINVAL; + return -1; + } + + msg.msg_control = buf; + msg.msg_controllen = sizeof(buf); + + msg_iov.iov_base = p + prepend_length; + msg_iov.iov_len = length - prepend_length; + msg.msg_iov = &msg_iov; + msg.msg_iovlen = 1; + + ret = recvmsg(fd, &msg, 0); + if (ret <= 0) + return ret; + + if ((msg.msg_flags & (MSG_EOR | MSG_CTRUNC)) != MSG_EOR) { + errno = EMSGSIZE; + return -1; + } + + if (msg.msg_controllen == 0) { + errno = EBADMSG; + return -1; + } + + cmsg = CMSG_FIRSTHDR(&msg); + if (cmsg->cmsg_level != IPPROTO_TCP || cmsg->cmsg_type != TLS_GET_RECORD + || cmsg->cmsg_len != CMSG_LEN(cmsg_len)) { + errno = EBADMSG; + return -1; + } + + tgr = (struct tls_get_record *)CMSG_DATA(cmsg); + p[0] = tgr->tls_type; + p[1] = tgr->tls_vmajor; + p[2] = tgr->tls_vminor; + *(uint16_t *)(p + 3) = htons(ret); + + return ret + prepend_length; +} + +# endif /* OPENSSL_NO_KTLS_RX */ + +/* + * KTLS enables the sendfile system call to send data from a file over + * TLS. + */ +static ossl_inline ossl_ssize_t ktls_sendfile(int s, int fd, off_t off, + size_t size, int flags) +{ + off_t sbytes = 0; + int ret; + + ret = sendfile(fd, s, off, size, NULL, &sbytes, flags); + if (ret == -1 && sbytes == 0) + return -1; + return sbytes; +} + +# endif /* __FreeBSD__ */ + +# if defined(OPENSSL_SYS_LINUX) + +# include +# if LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0) +# define OPENSSL_NO_KTLS_RX +# ifndef PEDANTIC +# warning "KTLS requires Kernel Headers >= 4.17.0 for receiving" +# warning "Skipping Compilation of KTLS receive data path" +# endif +# endif +# if LINUX_VERSION_CODE < KERNEL_VERSION(5, 19, 0) +# define OPENSSL_NO_KTLS_ZC_TX +# ifndef PEDANTIC +# warning "KTLS requires Kernel Headers >= 5.19.0 for zerocopy sendfile" +# warning "Skipping Compilation of KTLS zerocopy sendfile" +# endif +# endif +# define OPENSSL_KTLS_AES_GCM_128 +# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0) +# define OPENSSL_KTLS_AES_GCM_256 +# define OPENSSL_KTLS_TLS13 +# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 2, 0) +# define OPENSSL_KTLS_AES_CCM_128 +# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 11, 0) +# ifndef OPENSSL_NO_CHACHA +# define OPENSSL_KTLS_CHACHA20_POLY1305 +# endif +# endif +# endif +# endif + +# include +# include +# include +# include +# include +# include + +# ifndef SOL_TLS +# define SOL_TLS 282 +# endif + +# ifndef TCP_ULP +# define TCP_ULP 31 +# endif + +# ifndef TLS_RX +# define TLS_RX 2 +# endif + +struct tls_crypto_info_all { + union { +# ifdef OPENSSL_KTLS_AES_GCM_128 + struct tls12_crypto_info_aes_gcm_128 gcm128; +# endif +# ifdef OPENSSL_KTLS_AES_GCM_256 + struct tls12_crypto_info_aes_gcm_256 gcm256; +# endif +# ifdef OPENSSL_KTLS_AES_CCM_128 + struct tls12_crypto_info_aes_ccm_128 ccm128; +# endif +# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 + struct tls12_crypto_info_chacha20_poly1305 chacha20poly1305; +# endif + }; + size_t tls_crypto_info_len; +}; + +typedef struct tls_crypto_info_all ktls_crypto_info_t; + +/* + * When successful, this socket option doesn't change the behaviour of the + * TCP socket, except changing the TCP setsockopt handler to enable the + * processing of SOL_TLS socket options. All other functionality remains the + * same. + */ +static ossl_inline int ktls_enable(int fd) +{ + return setsockopt(fd, SOL_TCP, TCP_ULP, "tls", sizeof("tls")) ? 0 : 1; +} + +/* + * The TLS_TX socket option changes the send/sendmsg handlers of the TCP socket. + * If successful, then data sent using this socket will be encrypted and + * encapsulated in TLS records using the crypto_info provided here. + * The TLS_RX socket option changes the recv/recvmsg handlers of the TCP socket. + * If successful, then data received using this socket will be decrypted, + * authenticated and decapsulated using the crypto_info provided here. + */ +static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *crypto_info, + int is_tx) +{ + return setsockopt(fd, SOL_TLS, is_tx ? TLS_TX : TLS_RX, + crypto_info, crypto_info->tls_crypto_info_len) ? 0 : 1; +} + +static ossl_inline int ktls_enable_tx_zerocopy_sendfile(int fd) +{ +#ifndef OPENSSL_NO_KTLS_ZC_TX + int enable = 1; + + return setsockopt(fd, SOL_TLS, TLS_TX_ZEROCOPY_RO, + &enable, sizeof(enable)) ? 0 : 1; +#else + return 0; +#endif +} + +/* + * Send a TLS record using the crypto_info provided in ktls_start and use + * record_type instead of the default SSL3_RT_APPLICATION_DATA. + * When the socket is non-blocking, then this call either returns EAGAIN or + * the entire record is pushed to TCP. It is impossible to send a partial + * record using this control message. + */ +static ossl_inline int ktls_send_ctrl_message(int fd, unsigned char record_type, + const void *data, size_t length) +{ + struct msghdr msg; + int cmsg_len = sizeof(record_type); + struct cmsghdr *cmsg; + union { + struct cmsghdr hdr; + char buf[CMSG_SPACE(sizeof(unsigned char))]; + } cmsgbuf; + struct iovec msg_iov; /* Vector of data to send/receive into */ + + memset(&msg, 0, sizeof(msg)); + msg.msg_control = cmsgbuf.buf; + msg.msg_controllen = sizeof(cmsgbuf.buf); + cmsg = CMSG_FIRSTHDR(&msg); + cmsg->cmsg_level = SOL_TLS; + cmsg->cmsg_type = TLS_SET_RECORD_TYPE; + cmsg->cmsg_len = CMSG_LEN(cmsg_len); + *((unsigned char *)CMSG_DATA(cmsg)) = record_type; + msg.msg_controllen = cmsg->cmsg_len; + + msg_iov.iov_base = (void *)data; + msg_iov.iov_len = length; + msg.msg_iov = &msg_iov; + msg.msg_iovlen = 1; + + return sendmsg(fd, &msg, 0); +} + +/* + * KTLS enables the sendfile system call to send data from a file over TLS. + * @flags are ignored on Linux. (placeholder for FreeBSD sendfile) + * */ +static ossl_inline ossl_ssize_t ktls_sendfile(int s, int fd, off_t off, size_t size, int flags) +{ + return sendfile(s, fd, &off, size); +} + +# ifdef OPENSSL_NO_KTLS_RX + + +static ossl_inline int ktls_read_record(int fd, void *data, size_t length) +{ + return -1; +} + +# else /* !defined(OPENSSL_NO_KTLS_RX) */ + +/* + * Receive a TLS record using the crypto_info provided in ktls_start. + * The kernel strips the TLS record header, IV and authentication tag, + * returning only the plaintext data or an error on failure. + * We add the TLS record header here to satisfy routines in rec_layer_s3.c + */ +static ossl_inline int ktls_read_record(int fd, void *data, size_t length) +{ + struct msghdr msg; + struct cmsghdr *cmsg; + union { + struct cmsghdr hdr; + char buf[CMSG_SPACE(sizeof(unsigned char))]; + } cmsgbuf; + struct iovec msg_iov; + int ret; + unsigned char *p = data; + const size_t prepend_length = SSL3_RT_HEADER_LENGTH; + + if (length < prepend_length + EVP_GCM_TLS_TAG_LEN) { + errno = EINVAL; + return -1; + } + + memset(&msg, 0, sizeof(msg)); + msg.msg_control = cmsgbuf.buf; + msg.msg_controllen = sizeof(cmsgbuf.buf); + + msg_iov.iov_base = p + prepend_length; + msg_iov.iov_len = length - prepend_length - EVP_GCM_TLS_TAG_LEN; + msg.msg_iov = &msg_iov; + msg.msg_iovlen = 1; + + ret = recvmsg(fd, &msg, 0); + if (ret < 0) + return ret; + + if (msg.msg_controllen > 0) { + cmsg = CMSG_FIRSTHDR(&msg); + if (cmsg->cmsg_type == TLS_GET_RECORD_TYPE) { + p[0] = *((unsigned char *)CMSG_DATA(cmsg)); + p[1] = TLS1_2_VERSION_MAJOR; + p[2] = TLS1_2_VERSION_MINOR; + /* returned length is limited to msg_iov.iov_len above */ + p[3] = (ret >> 8) & 0xff; + p[4] = ret & 0xff; + ret += prepend_length; + } + } + + return ret; +} + +# endif /* OPENSSL_NO_KTLS_RX */ + +# endif /* OPENSSL_SYS_LINUX */ +# endif /* OPENSSL_NO_KTLS */ +#endif /* HEADER_INTERNAL_KTLS */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/list.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/list.h new file mode 100644 index 000000000000..902047641f7b --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/list.h @@ -0,0 +1,203 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_LIST_H +# define OSSL_INTERNAL_LIST_H +# pragma once + +# include +# include + +# ifdef NDEBUG +# define OSSL_LIST_DBG(x) +# else +# define OSSL_LIST_DBG(x) x; +# endif + +# define LIST_FOREACH_FROM(p, name, init) \ + for ((p) = (init); \ + (p) != NULL; \ + (p) = ossl_list_##name##_next(p)) +# define LIST_FOREACH(p, name, l) \ + LIST_FOREACH_FROM(p, name, ossl_list_##name##_head(l)) + +# define LIST_FOREACH_REV_FROM(p, name, init) \ + for ((p) = (init); \ + (p) != NULL; \ + (p) = ossl_list_##name##_prev(p)) +# define LIST_FOREACH_REV(p, name, l) \ + LIST_FOREACH_FROM(p, name, ossl_list_##name##_tail(l)) + +# define LIST_FOREACH_DELSAFE_FROM(p, pn, name, init) \ + for ((p) = (init); \ + (p) != NULL && (((pn) = ossl_list_##name##_next(p)), 1); \ + (p) = (pn)) +#define LIST_FOREACH_DELSAFE(p, pn, name, l) \ + LIST_FOREACH_DELSAFE_FROM(p, pn, name, ossl_list_##name##_head(l)) + +# define LIST_FOREACH_REV_DELSAFE_FROM(p, pn, name, init) \ + for ((p) = (init); \ + (p) != NULL && (((pn) = ossl_list_##name##_prev(p)), 1); \ + (p) = (pn)) +# define LIST_FOREACH_REV_DELSAFE(p, pn, name, l) \ + LIST_FOREACH_REV_DELSAFE_FROM(p, pn, name, ossl_list_##name##_tail(l)) + +/* Define a list structure */ +# define OSSL_LIST(name) OSSL_LIST_ ## name + +/* Define fields to include an element of a list */ +# define OSSL_LIST_MEMBER(name, type) \ + struct { \ + type *next, *prev; \ + OSSL_LIST_DBG(struct ossl_list_st_ ## name *list) \ + } ossl_list_ ## name + +# define DECLARE_LIST_OF(name, type) \ + typedef struct ossl_list_st_ ## name OSSL_LIST(name); \ + struct ossl_list_st_ ## name { \ + type *alpha, *omega; \ + size_t num_elems; \ + } \ + +# define DEFINE_LIST_OF_IMPL(name, type) \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_init(OSSL_LIST(name) *list) \ + { \ + memset(list, 0, sizeof(*list)); \ + } \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_init_elem(type *elem) \ + { \ + memset(&elem->ossl_list_ ## name, 0, \ + sizeof(elem->ossl_list_ ## name)); \ + } \ + static ossl_unused ossl_inline int \ + ossl_list_##name##_is_empty(const OSSL_LIST(name) *list) \ + { \ + return list->num_elems == 0; \ + } \ + static ossl_unused ossl_inline size_t \ + ossl_list_##name##_num(const OSSL_LIST(name) *list) \ + { \ + return list->num_elems; \ + } \ + static ossl_unused ossl_inline type * \ + ossl_list_##name##_head(const OSSL_LIST(name) *list) \ + { \ + assert(list->alpha == NULL \ + || list->alpha->ossl_list_ ## name.list == list); \ + return list->alpha; \ + } \ + static ossl_unused ossl_inline type * \ + ossl_list_##name##_tail(const OSSL_LIST(name) *list) \ + { \ + assert(list->omega == NULL \ + || list->omega->ossl_list_ ## name.list == list); \ + return list->omega; \ + } \ + static ossl_unused ossl_inline type * \ + ossl_list_##name##_next(const type *elem) \ + { \ + assert(elem->ossl_list_ ## name.next == NULL \ + || elem->ossl_list_ ## name.next \ + ->ossl_list_ ## name.prev == elem); \ + return elem->ossl_list_ ## name.next; \ + } \ + static ossl_unused ossl_inline type * \ + ossl_list_##name##_prev(const type *elem) \ + { \ + assert(elem->ossl_list_ ## name.prev == NULL \ + || elem->ossl_list_ ## name.prev \ + ->ossl_list_ ## name.next == elem); \ + return elem->ossl_list_ ## name.prev; \ + } \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_remove(OSSL_LIST(name) *list, type *elem) \ + { \ + assert(elem->ossl_list_ ## name.list == list); \ + OSSL_LIST_DBG(elem->ossl_list_ ## name.list = NULL) \ + if (list->alpha == elem) \ + list->alpha = elem->ossl_list_ ## name.next; \ + if (list->omega == elem) \ + list->omega = elem->ossl_list_ ## name.prev; \ + if (elem->ossl_list_ ## name.prev != NULL) \ + elem->ossl_list_ ## name.prev->ossl_list_ ## name.next = \ + elem->ossl_list_ ## name.next; \ + if (elem->ossl_list_ ## name.next != NULL) \ + elem->ossl_list_ ## name.next->ossl_list_ ## name.prev = \ + elem->ossl_list_ ## name.prev; \ + list->num_elems--; \ + memset(&elem->ossl_list_ ## name, 0, \ + sizeof(elem->ossl_list_ ## name)); \ + } \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_insert_head(OSSL_LIST(name) *list, type *elem) \ + { \ + assert(elem->ossl_list_ ## name.list == NULL); \ + OSSL_LIST_DBG(elem->ossl_list_ ## name.list = list) \ + if (list->alpha != NULL) \ + list->alpha->ossl_list_ ## name.prev = elem; \ + elem->ossl_list_ ## name.next = list->alpha; \ + elem->ossl_list_ ## name.prev = NULL; \ + list->alpha = elem; \ + if (list->omega == NULL) \ + list->omega = elem; \ + list->num_elems++; \ + } \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_insert_tail(OSSL_LIST(name) *list, type *elem) \ + { \ + assert(elem->ossl_list_ ## name.list == NULL); \ + OSSL_LIST_DBG(elem->ossl_list_ ## name.list = list) \ + if (list->omega != NULL) \ + list->omega->ossl_list_ ## name.next = elem; \ + elem->ossl_list_ ## name.prev = list->omega; \ + elem->ossl_list_ ## name.next = NULL; \ + list->omega = elem; \ + if (list->alpha == NULL) \ + list->alpha = elem; \ + list->num_elems++; \ + } \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_insert_before(OSSL_LIST(name) *list, type *e, \ + type *elem) \ + { \ + assert(elem->ossl_list_ ## name.list == NULL); \ + OSSL_LIST_DBG(elem->ossl_list_ ## name.list = list) \ + elem->ossl_list_ ## name.next = e; \ + elem->ossl_list_ ## name.prev = e->ossl_list_ ## name.prev; \ + if (e->ossl_list_ ## name.prev != NULL) \ + e->ossl_list_ ## name.prev->ossl_list_ ## name.next = elem; \ + e->ossl_list_ ## name.prev = elem; \ + if (list->alpha == e) \ + list->alpha = elem; \ + list->num_elems++; \ + } \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_insert_after(OSSL_LIST(name) *list, type *e, \ + type *elem) \ + { \ + assert(elem->ossl_list_ ## name.list == NULL); \ + OSSL_LIST_DBG(elem->ossl_list_ ## name.list = list) \ + elem->ossl_list_ ## name.prev = e; \ + elem->ossl_list_ ## name.next = e->ossl_list_ ## name.next; \ + if (e->ossl_list_ ## name.next != NULL) \ + e->ossl_list_ ## name.next->ossl_list_ ## name.prev = elem; \ + e->ossl_list_ ## name.next = elem; \ + if (list->omega == e) \ + list->omega = elem; \ + list->num_elems++; \ + } \ + struct ossl_list_st_ ## name + +# define DEFINE_LIST_OF(name, type) \ + DECLARE_LIST_OF(name, type); \ + DEFINE_LIST_OF_IMPL(name, type) + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/namemap.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/namemap.h new file mode 100644 index 000000000000..6c42a9cd7c41 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/namemap.h @@ -0,0 +1,41 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/cryptlib.h" + +typedef struct ossl_namemap_st OSSL_NAMEMAP; + +OSSL_NAMEMAP *ossl_namemap_stored(OSSL_LIB_CTX *libctx); + +OSSL_NAMEMAP *ossl_namemap_new(void); +void ossl_namemap_free(OSSL_NAMEMAP *namemap); +int ossl_namemap_empty(OSSL_NAMEMAP *namemap); + +int ossl_namemap_add_name(OSSL_NAMEMAP *namemap, int number, const char *name); + +/* + * The number<->name relationship is 1<->many + * Therefore, the name->number mapping is a simple function, while the + * number->name mapping is an iterator. + */ +int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name); +int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap, + const char *name, size_t name_len); +const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number, + size_t idx); +int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number, + void (*fn)(const char *name, void *data), + void *data); + +/* + * A utility that handles several names in a string, divided by a given + * separator. + */ +int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number, + const char *names, const char separator); diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/nelem.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/nelem.h new file mode 100644 index 000000000000..b758513b4cae --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/nelem.h @@ -0,0 +1,15 @@ +/* + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_NELEM_H +# define OSSL_INTERNAL_NELEM_H +# pragma once + +# define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0])) +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/numbers.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/numbers.h new file mode 100644 index 000000000000..47fb167709f5 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/numbers.h @@ -0,0 +1,110 @@ +/* + * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_NUMBERS_H +# define OSSL_INTERNAL_NUMBERS_H +# pragma once + +# include + +# if (-1 & 3) == 0x03 /* Two's complement */ + +# define __MAXUINT__(T) ((T) -1) +# define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T))) +# define __MININT__(T) (-__MAXINT__(T) - 1) + +# elif (-1 & 3) == 0x02 /* One's complement */ + +# define __MAXUINT__(T) (((T) -1) + 1) +# define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T))) +# define __MININT__(T) (-__MAXINT__(T)) + +# elif (-1 & 3) == 0x01 /* Sign/magnitude */ + +# define __MAXINT__(T) ((T) (((((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)) - 1) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)))) +# define __MAXUINT__(T) ((T) (__MAXINT__(T) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)))) +# define __MININT__(T) (-__MAXINT__(T)) + +# else + +# error "do not know the integer encoding on this architecture" + +# endif + +# ifndef INT8_MAX +# define INT8_MIN __MININT__(int8_t) +# define INT8_MAX __MAXINT__(int8_t) +# define UINT8_MAX __MAXUINT__(uint8_t) +# endif + +# ifndef INT16_MAX +# define INT16_MIN __MININT__(int16_t) +# define INT16_MAX __MAXINT__(int16_t) +# define UINT16_MAX __MAXUINT__(uint16_t) +# endif + +# ifndef INT32_MAX +# define INT32_MIN __MININT__(int32_t) +# define INT32_MAX __MAXINT__(int32_t) +# define UINT32_MAX __MAXUINT__(uint32_t) +# endif + +# ifndef INT64_MAX +# define INT64_MIN __MININT__(int64_t) +# define INT64_MAX __MAXINT__(int64_t) +# define UINT64_MAX __MAXUINT__(uint64_t) +# endif + +/* + * 64-bit processor with LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT_LONG +# ifndef UINT32_C +# define UINT32_C(c) (c) +# endif +# ifndef UINT64_C +# define UINT64_C(c) (c##UL) +# endif +# endif + +/* + * 64-bit processor other than LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT +# ifndef UINT32_C +# define UINT32_C(c) (c##UL) +# endif +# ifndef UINT64_C +# define UINT64_C(c) (c##ULL) +# endif +# endif + + +# ifndef INT128_MAX +# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16 +typedef __int128_t int128_t; +typedef __uint128_t uint128_t; +# define INT128_MIN __MININT__(int128_t) +# define INT128_MAX __MAXINT__(int128_t) +# define UINT128_MAX __MAXUINT__(uint128_t) +# endif +# endif + +# ifndef SIZE_MAX +# define SIZE_MAX __MAXUINT__(size_t) +# endif + +# ifndef OSSL_INTMAX_MAX +# define OSSL_INTMAX_MIN __MININT__(ossl_intmax_t) +# define OSSL_INTMAX_MAX __MAXINT__(ossl_intmax_t) +# define OSSL_UINTMAX_MAX __MAXUINT__(ossl_uintmax_t) +# endif + +#endif + diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/o_dir.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/o_dir.h new file mode 100644 index 000000000000..add34d14be11 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/o_dir.h @@ -0,0 +1,53 @@ +/* + * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This file is dual-licensed and is also available under the following + * terms: + * + * Copyright (c) 2004, Richard Levitte + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef OSSL_INTERNAL_O_DIR_H +# define OSSL_INTERNAL_O_DIR_H +# pragma once + +typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX; + +/* + * returns NULL on error or end-of-directory. If it is end-of-directory, + * errno will be zero + */ +const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory); +/* returns 1 on success, 0 on error */ +int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx); + +#endif /* LPDIR_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/packet.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/packet.h new file mode 100644 index 000000000000..7abc6b8b1bc9 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/packet.h @@ -0,0 +1,939 @@ +/* + * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_PACKET_H +# define OSSL_INTERNAL_PACKET_H +# pragma once + +# include +# include +# include +# include +# include + +# include "internal/numbers.h" + +typedef struct { + /* Pointer to where we are currently reading from */ + const unsigned char *curr; + /* Number of bytes remaining */ + size_t remaining; +} PACKET; + +/* Internal unchecked shorthand; don't use outside this file. */ +static ossl_inline void packet_forward(PACKET *pkt, size_t len) +{ + pkt->curr += len; + pkt->remaining -= len; +} + +/* + * Returns the number of bytes remaining to be read in the PACKET + */ +static ossl_inline size_t PACKET_remaining(const PACKET *pkt) +{ + return pkt->remaining; +} + +/* + * Returns a pointer to the first byte after the packet data. + * Useful for integrating with non-PACKET parsing code. + * Specifically, we use PACKET_end() to verify that a d2i_... call + * has consumed the entire packet contents. + */ +static ossl_inline const unsigned char *PACKET_end(const PACKET *pkt) +{ + return pkt->curr + pkt->remaining; +} + +/* + * Returns a pointer to the PACKET's current position. + * For use in non-PACKETized APIs. + */ +static ossl_inline const unsigned char *PACKET_data(const PACKET *pkt) +{ + return pkt->curr; +} + +/* + * Initialise a PACKET with |len| bytes held in |buf|. This does not make a + * copy of the data so |buf| must be present for the whole time that the PACKET + * is being used. + */ +__owur static ossl_inline int PACKET_buf_init(PACKET *pkt, + const unsigned char *buf, + size_t len) +{ + /* Sanity check for negative values. */ + if (len > (size_t)(SIZE_MAX / 2)) + return 0; + + pkt->curr = buf; + pkt->remaining = len; + return 1; +} + +/* Initialize a PACKET to hold zero bytes. */ +static ossl_inline void PACKET_null_init(PACKET *pkt) +{ + pkt->curr = NULL; + pkt->remaining = 0; +} + +/* + * Returns 1 if the packet has length |num| and its contents equal the |num| + * bytes read from |ptr|. Returns 0 otherwise (lengths or contents not equal). + * If lengths are equal, performs the comparison in constant time. + */ +__owur static ossl_inline int PACKET_equal(const PACKET *pkt, const void *ptr, + size_t num) +{ + if (PACKET_remaining(pkt) != num) + return 0; + return CRYPTO_memcmp(pkt->curr, ptr, num) == 0; +} + +/* + * Peek ahead and initialize |subpkt| with the next |len| bytes read from |pkt|. + * Data is not copied: the |subpkt| packet will share its underlying buffer with + * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|. + */ +__owur static ossl_inline int PACKET_peek_sub_packet(const PACKET *pkt, + PACKET *subpkt, size_t len) +{ + if (PACKET_remaining(pkt) < len) + return 0; + + return PACKET_buf_init(subpkt, pkt->curr, len); +} + +/* + * Initialize |subpkt| with the next |len| bytes read from |pkt|. Data is not + * copied: the |subpkt| packet will share its underlying buffer with the + * original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|. + */ +__owur static ossl_inline int PACKET_get_sub_packet(PACKET *pkt, + PACKET *subpkt, size_t len) +{ + if (!PACKET_peek_sub_packet(pkt, subpkt, len)) + return 0; + + packet_forward(pkt, len); + + return 1; +} + +/* + * Peek ahead at 2 bytes in network order from |pkt| and store the value in + * |*data| + */ +__owur static ossl_inline int PACKET_peek_net_2(const PACKET *pkt, + unsigned int *data) +{ + if (PACKET_remaining(pkt) < 2) + return 0; + + *data = ((unsigned int)(*pkt->curr)) << 8; + *data |= *(pkt->curr + 1); + + return 1; +} + +/* Equivalent of n2s */ +/* Get 2 bytes in network order from |pkt| and store the value in |*data| */ +__owur static ossl_inline int PACKET_get_net_2(PACKET *pkt, unsigned int *data) +{ + if (!PACKET_peek_net_2(pkt, data)) + return 0; + + packet_forward(pkt, 2); + + return 1; +} + +/* Same as PACKET_get_net_2() but for a size_t */ +__owur static ossl_inline int PACKET_get_net_2_len(PACKET *pkt, size_t *data) +{ + unsigned int i; + int ret = PACKET_get_net_2(pkt, &i); + + if (ret) + *data = (size_t)i; + + return ret; +} + +/* + * Peek ahead at 3 bytes in network order from |pkt| and store the value in + * |*data| + */ +__owur static ossl_inline int PACKET_peek_net_3(const PACKET *pkt, + unsigned long *data) +{ + if (PACKET_remaining(pkt) < 3) + return 0; + + *data = ((unsigned long)(*pkt->curr)) << 16; + *data |= ((unsigned long)(*(pkt->curr + 1))) << 8; + *data |= *(pkt->curr + 2); + + return 1; +} + +/* Equivalent of n2l3 */ +/* Get 3 bytes in network order from |pkt| and store the value in |*data| */ +__owur static ossl_inline int PACKET_get_net_3(PACKET *pkt, unsigned long *data) +{ + if (!PACKET_peek_net_3(pkt, data)) + return 0; + + packet_forward(pkt, 3); + + return 1; +} + +/* Same as PACKET_get_net_3() but for a size_t */ +__owur static ossl_inline int PACKET_get_net_3_len(PACKET *pkt, size_t *data) +{ + unsigned long i; + int ret = PACKET_get_net_3(pkt, &i); + + if (ret) + *data = (size_t)i; + + return ret; +} + +/* + * Peek ahead at 4 bytes in network order from |pkt| and store the value in + * |*data| + */ +__owur static ossl_inline int PACKET_peek_net_4(const PACKET *pkt, + unsigned long *data) +{ + if (PACKET_remaining(pkt) < 4) + return 0; + + *data = ((unsigned long)(*pkt->curr)) << 24; + *data |= ((unsigned long)(*(pkt->curr + 1))) << 16; + *data |= ((unsigned long)(*(pkt->curr + 2))) << 8; + *data |= *(pkt->curr + 3); + + return 1; +} + +/* + * Peek ahead at 8 bytes in network order from |pkt| and store the value in + * |*data| + */ +__owur static ossl_inline int PACKET_peek_net_8(const PACKET *pkt, + uint64_t *data) +{ + if (PACKET_remaining(pkt) < 8) + return 0; + + *data = ((uint64_t)(*pkt->curr)) << 56; + *data |= ((uint64_t)(*(pkt->curr + 1))) << 48; + *data |= ((uint64_t)(*(pkt->curr + 2))) << 40; + *data |= ((uint64_t)(*(pkt->curr + 3))) << 32; + *data |= ((uint64_t)(*(pkt->curr + 4))) << 24; + *data |= ((uint64_t)(*(pkt->curr + 5))) << 16; + *data |= ((uint64_t)(*(pkt->curr + 6))) << 8; + *data |= *(pkt->curr + 7); + + return 1; +} + +/* Equivalent of n2l */ +/* Get 4 bytes in network order from |pkt| and store the value in |*data| */ +__owur static ossl_inline int PACKET_get_net_4(PACKET *pkt, unsigned long *data) +{ + if (!PACKET_peek_net_4(pkt, data)) + return 0; + + packet_forward(pkt, 4); + + return 1; +} + +/* Same as PACKET_get_net_4() but for a size_t */ +__owur static ossl_inline int PACKET_get_net_4_len(PACKET *pkt, size_t *data) +{ + unsigned long i; + int ret = PACKET_get_net_4(pkt, &i); + + if (ret) + *data = (size_t)i; + + return ret; +} + +/* Get 8 bytes in network order from |pkt| and store the value in |*data| */ +__owur static ossl_inline int PACKET_get_net_8(PACKET *pkt, uint64_t *data) +{ + if (!PACKET_peek_net_8(pkt, data)) + return 0; + + packet_forward(pkt, 8); + + return 1; +} + +/* Peek ahead at 1 byte from |pkt| and store the value in |*data| */ +__owur static ossl_inline int PACKET_peek_1(const PACKET *pkt, + unsigned int *data) +{ + if (!PACKET_remaining(pkt)) + return 0; + + *data = *pkt->curr; + + return 1; +} + +/* Get 1 byte from |pkt| and store the value in |*data| */ +__owur static ossl_inline int PACKET_get_1(PACKET *pkt, unsigned int *data) +{ + if (!PACKET_peek_1(pkt, data)) + return 0; + + packet_forward(pkt, 1); + + return 1; +} + +/* Same as PACKET_get_1() but for a size_t */ +__owur static ossl_inline int PACKET_get_1_len(PACKET *pkt, size_t *data) +{ + unsigned int i; + int ret = PACKET_get_1(pkt, &i); + + if (ret) + *data = (size_t)i; + + return ret; +} + +/* + * Peek ahead at 4 bytes in reverse network order from |pkt| and store the value + * in |*data| + */ +__owur static ossl_inline int PACKET_peek_4(const PACKET *pkt, + unsigned long *data) +{ + if (PACKET_remaining(pkt) < 4) + return 0; + + *data = *pkt->curr; + *data |= ((unsigned long)(*(pkt->curr + 1))) << 8; + *data |= ((unsigned long)(*(pkt->curr + 2))) << 16; + *data |= ((unsigned long)(*(pkt->curr + 3))) << 24; + + return 1; +} + +/* Equivalent of c2l */ +/* + * Get 4 bytes in reverse network order from |pkt| and store the value in + * |*data| + */ +__owur static ossl_inline int PACKET_get_4(PACKET *pkt, unsigned long *data) +{ + if (!PACKET_peek_4(pkt, data)) + return 0; + + packet_forward(pkt, 4); + + return 1; +} + +/* + * Peek ahead at |len| bytes from the |pkt| and store a pointer to them in + * |*data|. This just points at the underlying buffer that |pkt| is using. The + * caller should not free this data directly (it will be freed when the + * underlying buffer gets freed + */ +__owur static ossl_inline int PACKET_peek_bytes(const PACKET *pkt, + const unsigned char **data, + size_t len) +{ + if (PACKET_remaining(pkt) < len) + return 0; + + *data = pkt->curr; + + return 1; +} + +/* + * Read |len| bytes from the |pkt| and store a pointer to them in |*data|. This + * just points at the underlying buffer that |pkt| is using. The caller should + * not free this data directly (it will be freed when the underlying buffer gets + * freed + */ +__owur static ossl_inline int PACKET_get_bytes(PACKET *pkt, + const unsigned char **data, + size_t len) +{ + if (!PACKET_peek_bytes(pkt, data, len)) + return 0; + + packet_forward(pkt, len); + + return 1; +} + +/* Peek ahead at |len| bytes from |pkt| and copy them to |data| */ +__owur static ossl_inline int PACKET_peek_copy_bytes(const PACKET *pkt, + unsigned char *data, + size_t len) +{ + if (PACKET_remaining(pkt) < len) + return 0; + + memcpy(data, pkt->curr, len); + + return 1; +} + +/* + * Read |len| bytes from |pkt| and copy them to |data|. + * The caller is responsible for ensuring that |data| can hold |len| bytes. + */ +__owur static ossl_inline int PACKET_copy_bytes(PACKET *pkt, + unsigned char *data, size_t len) +{ + if (!PACKET_peek_copy_bytes(pkt, data, len)) + return 0; + + packet_forward(pkt, len); + + return 1; +} + +/* + * Copy packet data to |dest|, and set |len| to the number of copied bytes. + * If the packet has more than |dest_len| bytes, nothing is copied. + * Returns 1 if the packet data fits in |dest_len| bytes, 0 otherwise. + * Does not forward PACKET position (because it is typically the last thing + * done with a given PACKET). + */ +__owur static ossl_inline int PACKET_copy_all(const PACKET *pkt, + unsigned char *dest, + size_t dest_len, size_t *len) +{ + if (PACKET_remaining(pkt) > dest_len) { + *len = 0; + return 0; + } + *len = pkt->remaining; + memcpy(dest, pkt->curr, pkt->remaining); + return 1; +} + +/* + * Copy |pkt| bytes to a newly allocated buffer and store a pointer to the + * result in |*data|, and the length in |len|. + * If |*data| is not NULL, the old data is OPENSSL_free'd. + * If the packet is empty, or malloc fails, |*data| will be set to NULL. + * Returns 1 if the malloc succeeds and 0 otherwise. + * Does not forward PACKET position (because it is typically the last thing + * done with a given PACKET). + */ +__owur static ossl_inline int PACKET_memdup(const PACKET *pkt, + unsigned char **data, size_t *len) +{ + size_t length; + + OPENSSL_free(*data); + *data = NULL; + *len = 0; + + length = PACKET_remaining(pkt); + + if (length == 0) + return 1; + + *data = OPENSSL_memdup(pkt->curr, length); + if (*data == NULL) + return 0; + + *len = length; + return 1; +} + +/* + * Read a C string from |pkt| and copy to a newly allocated, NUL-terminated + * buffer. Store a pointer to the result in |*data|. + * If |*data| is not NULL, the old data is OPENSSL_free'd. + * If the data in |pkt| does not contain a NUL-byte, the entire data is + * copied and NUL-terminated. + * Returns 1 if the malloc succeeds and 0 otherwise. + * Does not forward PACKET position (because it is typically the last thing done + * with a given PACKET). + */ +__owur static ossl_inline int PACKET_strndup(const PACKET *pkt, char **data) +{ + OPENSSL_free(*data); + + /* This will succeed on an empty packet, unless pkt->curr == NULL. */ + *data = OPENSSL_strndup((const char *)pkt->curr, PACKET_remaining(pkt)); + return (*data != NULL); +} + +/* Returns 1 if |pkt| contains at least one 0-byte, 0 otherwise. */ +static ossl_inline int PACKET_contains_zero_byte(const PACKET *pkt) +{ + return memchr(pkt->curr, 0, pkt->remaining) != NULL; +} + +/* Move the current reading position forward |len| bytes */ +__owur static ossl_inline int PACKET_forward(PACKET *pkt, size_t len) +{ + if (PACKET_remaining(pkt) < len) + return 0; + + packet_forward(pkt, len); + + return 1; +} + +/* + * Reads a variable-length vector prefixed with a one-byte length, and stores + * the contents in |subpkt|. |pkt| can equal |subpkt|. + * Data is not copied: the |subpkt| packet will share its underlying buffer with + * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|. + * Upon failure, the original |pkt| and |subpkt| are not modified. + */ +__owur static ossl_inline int PACKET_get_length_prefixed_1(PACKET *pkt, + PACKET *subpkt) +{ + unsigned int length; + const unsigned char *data; + PACKET tmp = *pkt; + if (!PACKET_get_1(&tmp, &length) || + !PACKET_get_bytes(&tmp, &data, (size_t)length)) { + return 0; + } + + *pkt = tmp; + subpkt->curr = data; + subpkt->remaining = length; + + return 1; +} + +/* + * Like PACKET_get_length_prefixed_1, but additionally, fails when there are + * leftover bytes in |pkt|. + */ +__owur static ossl_inline int PACKET_as_length_prefixed_1(PACKET *pkt, + PACKET *subpkt) +{ + unsigned int length; + const unsigned char *data; + PACKET tmp = *pkt; + if (!PACKET_get_1(&tmp, &length) || + !PACKET_get_bytes(&tmp, &data, (size_t)length) || + PACKET_remaining(&tmp) != 0) { + return 0; + } + + *pkt = tmp; + subpkt->curr = data; + subpkt->remaining = length; + + return 1; +} + +/* + * Reads a variable-length vector prefixed with a two-byte length, and stores + * the contents in |subpkt|. |pkt| can equal |subpkt|. + * Data is not copied: the |subpkt| packet will share its underlying buffer with + * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|. + * Upon failure, the original |pkt| and |subpkt| are not modified. + */ +__owur static ossl_inline int PACKET_get_length_prefixed_2(PACKET *pkt, + PACKET *subpkt) +{ + unsigned int length; + const unsigned char *data; + PACKET tmp = *pkt; + + if (!PACKET_get_net_2(&tmp, &length) || + !PACKET_get_bytes(&tmp, &data, (size_t)length)) { + return 0; + } + + *pkt = tmp; + subpkt->curr = data; + subpkt->remaining = length; + + return 1; +} + +/* + * Like PACKET_get_length_prefixed_2, but additionally, fails when there are + * leftover bytes in |pkt|. + */ +__owur static ossl_inline int PACKET_as_length_prefixed_2(PACKET *pkt, + PACKET *subpkt) +{ + unsigned int length; + const unsigned char *data; + PACKET tmp = *pkt; + + if (!PACKET_get_net_2(&tmp, &length) || + !PACKET_get_bytes(&tmp, &data, (size_t)length) || + PACKET_remaining(&tmp) != 0) { + return 0; + } + + *pkt = tmp; + subpkt->curr = data; + subpkt->remaining = length; + + return 1; +} + +/* + * Reads a variable-length vector prefixed with a three-byte length, and stores + * the contents in |subpkt|. |pkt| can equal |subpkt|. + * Data is not copied: the |subpkt| packet will share its underlying buffer with + * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|. + * Upon failure, the original |pkt| and |subpkt| are not modified. + */ +__owur static ossl_inline int PACKET_get_length_prefixed_3(PACKET *pkt, + PACKET *subpkt) +{ + unsigned long length; + const unsigned char *data; + PACKET tmp = *pkt; + if (!PACKET_get_net_3(&tmp, &length) || + !PACKET_get_bytes(&tmp, &data, (size_t)length)) { + return 0; + } + + *pkt = tmp; + subpkt->curr = data; + subpkt->remaining = length; + + return 1; +} + +/* Writeable packets */ + +typedef struct wpacket_sub WPACKET_SUB; +struct wpacket_sub { + /* The parent WPACKET_SUB if we have one or NULL otherwise */ + WPACKET_SUB *parent; + + /* + * Offset into the buffer where the length of this WPACKET goes. We use an + * offset in case the buffer grows and gets reallocated. + */ + size_t packet_len; + + /* Number of bytes in the packet_len or 0 if we don't write the length */ + size_t lenbytes; + + /* Number of bytes written to the buf prior to this packet starting */ + size_t pwritten; + + /* Flags for this sub-packet */ + unsigned int flags; +}; + +typedef struct wpacket_st WPACKET; +struct wpacket_st { + /* The buffer where we store the output data */ + BUF_MEM *buf; + + /* Fixed sized buffer which can be used as an alternative to buf */ + unsigned char *staticbuf; + + /* + * Offset into the buffer where we are currently writing. We use an offset + * in case the buffer grows and gets reallocated. + */ + size_t curr; + + /* Number of bytes written so far */ + size_t written; + + /* Maximum number of bytes we will allow to be written to this WPACKET */ + size_t maxsize; + + /* Our sub-packets (always at least one if not finished) */ + WPACKET_SUB *subs; + + /* Writing from the end first? */ + unsigned int endfirst : 1; +}; + +/* Flags */ + +/* Default */ +#define WPACKET_FLAGS_NONE 0 + +/* Error on WPACKET_close() if no data written to the WPACKET */ +#define WPACKET_FLAGS_NON_ZERO_LENGTH 1 + +/* + * Abandon all changes on WPACKET_close() if no data written to the WPACKET, + * i.e. this does not write out a zero packet length + */ +#define WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH 2 + +/* QUIC variable-length integer length prefix */ +#define WPACKET_FLAGS_QUIC_VLINT 4 + +/* + * Initialise a WPACKET with the buffer in |buf|. The buffer must exist + * for the whole time that the WPACKET is being used. Additionally |lenbytes| of + * data is preallocated at the start of the buffer to store the length of the + * WPACKET once we know it. + */ +int WPACKET_init_len(WPACKET *pkt, BUF_MEM *buf, size_t lenbytes); + +/* + * Same as WPACKET_init_len except there is no preallocation of the WPACKET + * length. + */ +int WPACKET_init(WPACKET *pkt, BUF_MEM *buf); + +/* + * Same as WPACKET_init_len except there is no underlying buffer. No data is + * ever actually written. We just keep track of how much data would have been + * written if a buffer was there. + */ +int WPACKET_init_null(WPACKET *pkt, size_t lenbytes); + +/* + * Same as WPACKET_init_null except we set the WPACKET to assume DER length + * encoding for sub-packets. + */ +int WPACKET_init_null_der(WPACKET *pkt); + +/* + * Same as WPACKET_init_len except we do not use a growable BUF_MEM structure. + * A fixed buffer of memory |buf| of size |len| is used instead. A failure will + * occur if you attempt to write beyond the end of the buffer + */ +int WPACKET_init_static_len(WPACKET *pkt, unsigned char *buf, size_t len, + size_t lenbytes); + +/* + * Same as WPACKET_init_static_len except lenbytes is always 0, and we set the + * WPACKET to write to the end of the buffer moving towards the start and use + * DER length encoding for sub-packets. + */ +int WPACKET_init_der(WPACKET *pkt, unsigned char *buf, size_t len); + +/* + * Set the flags to be applied to the current sub-packet + */ +int WPACKET_set_flags(WPACKET *pkt, unsigned int flags); + +/* + * Closes the most recent sub-packet. It also writes out the length of the + * packet to the required location (normally the start of the WPACKET) if + * appropriate. The top level WPACKET should be closed using WPACKET_finish() + * instead of this function. + */ +int WPACKET_close(WPACKET *pkt); + +/* + * The same as WPACKET_close() but only for the top most WPACKET. Additionally + * frees memory resources for this WPACKET. + */ +int WPACKET_finish(WPACKET *pkt); + +/* + * Iterate through all the sub-packets and write out their lengths as if they + * were being closed. The lengths will be overwritten with the final lengths + * when the sub-packets are eventually closed (which may be different if more + * data is added to the WPACKET). This function fails if a sub-packet is of 0 + * length and WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH is set. + */ +int WPACKET_fill_lengths(WPACKET *pkt); + +/* + * Initialise a new sub-packet. Additionally |lenbytes| of data is preallocated + * at the start of the sub-packet to store its length once we know it. Don't + * call this directly. Use the convenience macros below instead. + */ +int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes); + +/* + * Convenience macros for calling WPACKET_start_sub_packet_len with different + * lengths + */ +#define WPACKET_start_sub_packet_u8(pkt) \ + WPACKET_start_sub_packet_len__((pkt), 1) +#define WPACKET_start_sub_packet_u16(pkt) \ + WPACKET_start_sub_packet_len__((pkt), 2) +#define WPACKET_start_sub_packet_u24(pkt) \ + WPACKET_start_sub_packet_len__((pkt), 3) +#define WPACKET_start_sub_packet_u32(pkt) \ + WPACKET_start_sub_packet_len__((pkt), 4) + +/* + * Same as WPACKET_start_sub_packet_len__() except no bytes are pre-allocated + * for the sub-packet length. + */ +int WPACKET_start_sub_packet(WPACKET *pkt); + +/* + * Allocate bytes in the WPACKET for the output. This reserves the bytes + * and counts them as "written", but doesn't actually do the writing. A pointer + * to the allocated bytes is stored in |*allocbytes|. |allocbytes| may be NULL. + * WARNING: the allocated bytes must be filled in immediately, without further + * WPACKET_* calls. If not then the underlying buffer may be realloc'd and + * change its location. + */ +int WPACKET_allocate_bytes(WPACKET *pkt, size_t len, + unsigned char **allocbytes); + +/* + * The same as WPACKET_allocate_bytes() except additionally a new sub-packet is + * started for the allocated bytes, and then closed immediately afterwards. The + * number of length bytes for the sub-packet is in |lenbytes|. Don't call this + * directly. Use the convenience macros below instead. + */ +int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len, + unsigned char **allocbytes, size_t lenbytes); + +/* + * Convenience macros for calling WPACKET_sub_allocate_bytes with different + * lengths + */ +#define WPACKET_sub_allocate_bytes_u8(pkt, len, bytes) \ + WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 1) +#define WPACKET_sub_allocate_bytes_u16(pkt, len, bytes) \ + WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 2) +#define WPACKET_sub_allocate_bytes_u24(pkt, len, bytes) \ + WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 3) +#define WPACKET_sub_allocate_bytes_u32(pkt, len, bytes) \ + WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 4) + +/* + * The same as WPACKET_allocate_bytes() except the reserved bytes are not + * actually counted as written. Typically this will be for when we don't know + * how big arbitrary data is going to be up front, but we do know what the + * maximum size will be. If this function is used, then it should be immediately + * followed by a WPACKET_allocate_bytes() call before any other WPACKET + * functions are called (unless the write to the allocated bytes is abandoned). + * + * For example: If we are generating a signature, then the size of that + * signature may not be known in advance. We can use WPACKET_reserve_bytes() to + * handle this: + * + * if (!WPACKET_sub_reserve_bytes_u16(&pkt, EVP_PKEY_get_size(pkey), &sigbytes1) + * || EVP_SignFinal(md_ctx, sigbytes1, &siglen, pkey) <= 0 + * || !WPACKET_sub_allocate_bytes_u16(&pkt, siglen, &sigbytes2) + * || sigbytes1 != sigbytes2) + * goto err; + */ +int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes); + +/* + * The "reserve_bytes" equivalent of WPACKET_sub_allocate_bytes__() + */ +int WPACKET_sub_reserve_bytes__(WPACKET *pkt, size_t len, + unsigned char **allocbytes, size_t lenbytes); + +/* + * Convenience macros for WPACKET_sub_reserve_bytes with different lengths + */ +#define WPACKET_sub_reserve_bytes_u8(pkt, len, bytes) \ + WPACKET_reserve_bytes__((pkt), (len), (bytes), 1) +#define WPACKET_sub_reserve_bytes_u16(pkt, len, bytes) \ + WPACKET_sub_reserve_bytes__((pkt), (len), (bytes), 2) +#define WPACKET_sub_reserve_bytes_u24(pkt, len, bytes) \ + WPACKET_sub_reserve_bytes__((pkt), (len), (bytes), 3) +#define WPACKET_sub_reserve_bytes_u32(pkt, len, bytes) \ + WPACKET_sub_reserve_bytes__((pkt), (len), (bytes), 4) + +/* + * Write the value stored in |val| into the WPACKET. The value will consume + * |bytes| amount of storage. An error will occur if |val| cannot be + * accommodated in |bytes| storage, e.g. attempting to write the value 256 into + * 1 byte will fail. Don't call this directly. Use the convenience macros below + * instead. + */ +int WPACKET_put_bytes__(WPACKET *pkt, uint64_t val, size_t bytes); + +/* + * Convenience macros for calling WPACKET_put_bytes with different + * lengths + */ +#define WPACKET_put_bytes_u8(pkt, val) \ + WPACKET_put_bytes__((pkt), (val), 1) +#define WPACKET_put_bytes_u16(pkt, val) \ + WPACKET_put_bytes__((pkt), (val), 2) +#define WPACKET_put_bytes_u24(pkt, val) \ + WPACKET_put_bytes__((pkt), (val), 3) +#define WPACKET_put_bytes_u32(pkt, val) \ + WPACKET_put_bytes__((pkt), (val), 4) +#define WPACKET_put_bytes_u64(pkt, val) \ + WPACKET_put_bytes__((pkt), (val), 8) + +/* Set a maximum size that we will not allow the WPACKET to grow beyond */ +int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize); + +/* Copy |len| bytes of data from |*src| into the WPACKET. */ +int WPACKET_memcpy(WPACKET *pkt, const void *src, size_t len); + +/* Set |len| bytes of data to |ch| into the WPACKET. */ +int WPACKET_memset(WPACKET *pkt, int ch, size_t len); + +/* + * Copy |len| bytes of data from |*src| into the WPACKET and prefix with its + * length (consuming |lenbytes| of data for the length). Don't call this + * directly. Use the convenience macros below instead. + */ +int WPACKET_sub_memcpy__(WPACKET *pkt, const void *src, size_t len, + size_t lenbytes); + +/* Convenience macros for calling WPACKET_sub_memcpy with different lengths */ +#define WPACKET_sub_memcpy_u8(pkt, src, len) \ + WPACKET_sub_memcpy__((pkt), (src), (len), 1) +#define WPACKET_sub_memcpy_u16(pkt, src, len) \ + WPACKET_sub_memcpy__((pkt), (src), (len), 2) +#define WPACKET_sub_memcpy_u24(pkt, src, len) \ + WPACKET_sub_memcpy__((pkt), (src), (len), 3) +#define WPACKET_sub_memcpy_u32(pkt, src, len) \ + WPACKET_sub_memcpy__((pkt), (src), (len), 4) + +/* + * Return the total number of bytes written so far to the underlying buffer + * including any storage allocated for length bytes + */ +int WPACKET_get_total_written(WPACKET *pkt, size_t *written); + +/* + * Returns the length of the current sub-packet. This excludes any bytes + * allocated for the length itself. + */ +int WPACKET_get_length(WPACKET *pkt, size_t *len); + +/* + * Returns a pointer to the current write location, but does not allocate any + * bytes. + */ +unsigned char *WPACKET_get_curr(WPACKET *pkt); + +/* Returns true if the underlying buffer is actually NULL */ +int WPACKET_is_null_buf(WPACKET *pkt); + +/* Release resources in a WPACKET if a failure has occurred. */ +void WPACKET_cleanup(WPACKET *pkt); + +#endif /* OSSL_INTERNAL_PACKET_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/packet_quic.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/packet_quic.h new file mode 100644 index 000000000000..5173b4675d8d --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/packet_quic.h @@ -0,0 +1,150 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_PACKET_QUIC_H +# define OSSL_INTERNAL_PACKET_QUIC_H +# pragma once + +# include "internal/packet.h" +# include "internal/quic_vlint.h" + +# ifndef OPENSSL_NO_QUIC +/* + * Decodes a QUIC variable-length integer in |pkt| and stores the result in + * |data|. + */ +__owur static ossl_inline int PACKET_get_quic_vlint(PACKET *pkt, + uint64_t *data) +{ + size_t enclen; + + if (PACKET_remaining(pkt) < 1) + return 0; + + enclen = ossl_quic_vlint_decode_len(*pkt->curr); + + if (PACKET_remaining(pkt) < enclen) + return 0; + + *data = ossl_quic_vlint_decode_unchecked(pkt->curr); + packet_forward(pkt, enclen); + return 1; +} + +/* + * Decodes a QUIC variable-length integer in |pkt| and stores the result in + * |data|. Unlike PACKET_get_quic_vlint, this does not advance the current + * position. If was_minimal is non-NULL, *was_minimal is set to 1 if the integer + * was encoded using the minimal possible number of bytes and 0 otherwise. + */ +__owur static ossl_inline int PACKET_peek_quic_vlint_ex(PACKET *pkt, + uint64_t *data, + int *was_minimal) +{ + size_t enclen; + + if (PACKET_remaining(pkt) < 1) + return 0; + + enclen = ossl_quic_vlint_decode_len(*pkt->curr); + + if (PACKET_remaining(pkt) < enclen) + return 0; + + *data = ossl_quic_vlint_decode_unchecked(pkt->curr); + + if (was_minimal != NULL) + *was_minimal = (enclen == ossl_quic_vlint_encode_len(*data)); + + return 1; +} + +__owur static ossl_inline int PACKET_peek_quic_vlint(PACKET *pkt, + uint64_t *data) +{ + return PACKET_peek_quic_vlint_ex(pkt, data, NULL); +} + +/* + * Skips over a QUIC variable-length integer in |pkt| without decoding it. + */ +__owur static ossl_inline int PACKET_skip_quic_vlint(PACKET *pkt) +{ + size_t enclen; + + if (PACKET_remaining(pkt) < 1) + return 0; + + enclen = ossl_quic_vlint_decode_len(*pkt->curr); + + if (PACKET_remaining(pkt) < enclen) + return 0; + + packet_forward(pkt, enclen); + return 1; +} + +/* + * Reads a variable-length vector prefixed with a QUIC variable-length integer + * denoting the length, and stores the contents in |subpkt|. |pkt| can equal + * |subpkt|. Data is not copied: the |subpkt| packet will share its underlying + * buffer with the original |pkt|, so data wrapped by |pkt| must outlive the + * |subpkt|. Upon failure, the original |pkt| and |subpkt| are not modified. + */ +__owur static ossl_inline int PACKET_get_quic_length_prefixed(PACKET *pkt, + PACKET *subpkt) +{ + uint64_t length; + const unsigned char *data; + PACKET tmp = *pkt; + + if (!PACKET_get_quic_vlint(&tmp, &length) || + length > SIZE_MAX || + !PACKET_get_bytes(&tmp, &data, (size_t)length)) { + return 0; + } + + *pkt = tmp; + subpkt->curr = data; + subpkt->remaining = (size_t)length; + + return 1; +} + +/* + * Starts a QUIC sub-packet headed by a QUIC variable-length integer. A 4-byte + * representation is used. + */ +__owur int WPACKET_start_quic_sub_packet(WPACKET *pkt); + +/* + * Starts a QUIC sub-packet headed by a QUIC variable-length integer. max_len + * specifies the upper bound for the sub-packet size at the time the sub-packet + * is closed, which determines the encoding size for the variable-length + * integer header. max_len can be a precise figure or a worst-case bound + * if a precise figure is not available. + */ +__owur int WPACKET_start_quic_sub_packet_bound(WPACKET *pkt, size_t max_len); + +/* + * Allocates a QUIC sub-packet with exactly len bytes of payload, headed by a + * QUIC variable-length integer. The pointer to the payload buffer is output and + * must be filled by the caller. This function assures optimal selection of + * variable-length integer encoding length. + */ +__owur int WPACKET_quic_sub_allocate_bytes(WPACKET *pkt, size_t len, + unsigned char **bytes); + +/* + * Write a QUIC variable-length integer to the packet. + */ +__owur int WPACKET_quic_write_vlint(WPACKET *pkt, uint64_t v); + +# endif /* OPENSSL_NO_QUIC */ +#endif /* OSSL_INTERNAL_PACKET_QUIC_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/param_build_set.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/param_build_set.h new file mode 100644 index 000000000000..3518f008f009 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/param_build_set.h @@ -0,0 +1,51 @@ +/* + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_PARAM_BUILD_SET_H +# define OSSL_INTERNAL_PARAM_BUILD_SET_H +# pragma once + +# include +# include +# include "internal/cryptlib.h" + +typedef union { + OSSL_UNION_ALIGN; +} OSSL_PARAM_ALIGNED_BLOCK; + +# define OSSL_PARAM_ALIGN_SIZE sizeof(OSSL_PARAM_ALIGNED_BLOCK) + +size_t ossl_param_bytes_to_blocks(size_t bytes); +void ossl_param_set_secure_block(OSSL_PARAM *last, void *secure_buffer, + size_t secure_buffer_sz); + +int ossl_param_build_set_int(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, + const char *key, int num); +int ossl_param_build_set_long(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, + const char *key, long num); +int ossl_param_build_set_utf8_string(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, + const char *key, const char *buf); +int ossl_param_build_set_octet_string(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, + const char *key, + const unsigned char *data, + size_t data_len); +int ossl_param_build_set_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, + const char *key, const BIGNUM *bn); +int ossl_param_build_set_bn_pad(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, + const char *key, const BIGNUM *bn, size_t sz); +int ossl_param_build_set_signed_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, + const char *key, const BIGNUM *bn); +int ossl_param_build_set_signed_bn_pad(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, + const char *key, const BIGNUM *bn, + size_t sz); +int ossl_param_build_set_multi_key_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, + const char *names[], + STACK_OF(BIGNUM_const) *stk); + +#endif /* OSSL_INTERNAL_PARAM_BUILD_SET_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/param_names.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/param_names.h new file mode 100644 index 000000000000..2ef29db4fa85 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/param_names.h @@ -0,0 +1,377 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/internal/param_names.h.in + * + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + +int ossl_param_find_pidx(const char *s); + +/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */ +#define NUM_PIDX 291 + +#define PIDX_ALG_PARAM_CIPHER 0 +#define PIDX_ALG_PARAM_DIGEST 1 +#define PIDX_ALG_PARAM_ENGINE 2 +#define PIDX_ALG_PARAM_MAC 3 +#define PIDX_ALG_PARAM_PROPERTIES 4 +#define PIDX_ASYM_CIPHER_PARAM_DIGEST PIDX_PKEY_PARAM_DIGEST +#define PIDX_ASYM_CIPHER_PARAM_ENGINE PIDX_PKEY_PARAM_ENGINE +#define PIDX_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION 5 +#define PIDX_ASYM_CIPHER_PARAM_MGF1_DIGEST PIDX_PKEY_PARAM_MGF1_DIGEST +#define PIDX_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS PIDX_PKEY_PARAM_MGF1_PROPERTIES +#define PIDX_ASYM_CIPHER_PARAM_OAEP_DIGEST PIDX_ALG_PARAM_DIGEST +#define PIDX_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS 6 +#define PIDX_ASYM_CIPHER_PARAM_OAEP_LABEL 7 +#define PIDX_ASYM_CIPHER_PARAM_PAD_MODE PIDX_PKEY_PARAM_PAD_MODE +#define PIDX_ASYM_CIPHER_PARAM_PROPERTIES PIDX_PKEY_PARAM_PROPERTIES +#define PIDX_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION 8 +#define PIDX_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION 9 +#define PIDX_CAPABILITY_TLS_GROUP_ALG 10 +#define PIDX_CAPABILITY_TLS_GROUP_ID 11 +#define PIDX_CAPABILITY_TLS_GROUP_IS_KEM 12 +#define PIDX_CAPABILITY_TLS_GROUP_MAX_DTLS 13 +#define PIDX_CAPABILITY_TLS_GROUP_MAX_TLS 14 +#define PIDX_CAPABILITY_TLS_GROUP_MIN_DTLS 15 +#define PIDX_CAPABILITY_TLS_GROUP_MIN_TLS 16 +#define PIDX_CAPABILITY_TLS_GROUP_NAME 17 +#define PIDX_CAPABILITY_TLS_GROUP_NAME_INTERNAL 18 +#define PIDX_CAPABILITY_TLS_GROUP_SECURITY_BITS 19 +#define PIDX_CAPABILITY_TLS_SIGALG_CODE_POINT 20 +#define PIDX_CAPABILITY_TLS_SIGALG_HASH_NAME 21 +#define PIDX_CAPABILITY_TLS_SIGALG_HASH_OID 22 +#define PIDX_CAPABILITY_TLS_SIGALG_IANA_NAME 23 +#define PIDX_CAPABILITY_TLS_SIGALG_KEYTYPE 24 +#define PIDX_CAPABILITY_TLS_SIGALG_KEYTYPE_OID 25 +#define PIDX_CAPABILITY_TLS_SIGALG_MAX_TLS 14 +#define PIDX_CAPABILITY_TLS_SIGALG_MIN_TLS 16 +#define PIDX_CAPABILITY_TLS_SIGALG_NAME 26 +#define PIDX_CAPABILITY_TLS_SIGALG_OID 27 +#define PIDX_CAPABILITY_TLS_SIGALG_SECURITY_BITS 28 +#define PIDX_CAPABILITY_TLS_SIGALG_SIG_NAME 29 +#define PIDX_CAPABILITY_TLS_SIGALG_SIG_OID 30 +#define PIDX_CIPHER_PARAM_AEAD 31 +#define PIDX_CIPHER_PARAM_AEAD_IVLEN PIDX_CIPHER_PARAM_IVLEN +#define PIDX_CIPHER_PARAM_AEAD_MAC_KEY 32 +#define PIDX_CIPHER_PARAM_AEAD_TAG 33 +#define PIDX_CIPHER_PARAM_AEAD_TAGLEN 34 +#define PIDX_CIPHER_PARAM_AEAD_TLS1_AAD 35 +#define PIDX_CIPHER_PARAM_AEAD_TLS1_AAD_PAD 36 +#define PIDX_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN 37 +#define PIDX_CIPHER_PARAM_AEAD_TLS1_IV_FIXED 38 +#define PIDX_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV 39 +#define PIDX_CIPHER_PARAM_ALGORITHM_ID_PARAMS 40 +#define PIDX_CIPHER_PARAM_BLOCK_SIZE 41 +#define PIDX_CIPHER_PARAM_CTS 42 +#define PIDX_CIPHER_PARAM_CTS_MODE 43 +#define PIDX_CIPHER_PARAM_CUSTOM_IV 44 +#define PIDX_CIPHER_PARAM_HAS_RAND_KEY 45 +#define PIDX_CIPHER_PARAM_IV 46 +#define PIDX_CIPHER_PARAM_IVLEN 47 +#define PIDX_CIPHER_PARAM_KEYLEN 48 +#define PIDX_CIPHER_PARAM_MODE 49 +#define PIDX_CIPHER_PARAM_NUM 50 +#define PIDX_CIPHER_PARAM_PADDING 51 +#define PIDX_CIPHER_PARAM_RANDOM_KEY 52 +#define PIDX_CIPHER_PARAM_RC2_KEYBITS 53 +#define PIDX_CIPHER_PARAM_ROUNDS 54 +#define PIDX_CIPHER_PARAM_SPEED 55 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK 56 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD 57 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN 58 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC 59 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN 60 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN 61 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE 62 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE 63 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT 64 +#define PIDX_CIPHER_PARAM_TLS_MAC 65 +#define PIDX_CIPHER_PARAM_TLS_MAC_SIZE 66 +#define PIDX_CIPHER_PARAM_TLS_VERSION 67 +#define PIDX_CIPHER_PARAM_UPDATED_IV 68 +#define PIDX_CIPHER_PARAM_USE_BITS 69 +#define PIDX_CIPHER_PARAM_XTS_STANDARD 70 +#define PIDX_DECODER_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_DIGEST_PARAM_ALGID_ABSENT 71 +#define PIDX_DIGEST_PARAM_BLOCK_SIZE 41 +#define PIDX_DIGEST_PARAM_MICALG 72 +#define PIDX_DIGEST_PARAM_PAD_TYPE 73 +#define PIDX_DIGEST_PARAM_SIZE 74 +#define PIDX_DIGEST_PARAM_SSL3_MS 75 +#define PIDX_DIGEST_PARAM_XOF 76 +#define PIDX_DIGEST_PARAM_XOFLEN 77 +#define PIDX_DRBG_PARAM_CIPHER PIDX_ALG_PARAM_CIPHER +#define PIDX_DRBG_PARAM_DIGEST PIDX_ALG_PARAM_DIGEST +#define PIDX_DRBG_PARAM_ENTROPY_REQUIRED 78 +#define PIDX_DRBG_PARAM_MAC PIDX_ALG_PARAM_MAC +#define PIDX_DRBG_PARAM_MAX_ADINLEN 79 +#define PIDX_DRBG_PARAM_MAX_ENTROPYLEN 80 +#define PIDX_DRBG_PARAM_MAX_LENGTH 81 +#define PIDX_DRBG_PARAM_MAX_NONCELEN 82 +#define PIDX_DRBG_PARAM_MAX_PERSLEN 83 +#define PIDX_DRBG_PARAM_MIN_ENTROPYLEN 84 +#define PIDX_DRBG_PARAM_MIN_LENGTH 85 +#define PIDX_DRBG_PARAM_MIN_NONCELEN 86 +#define PIDX_DRBG_PARAM_PREDICTION_RESISTANCE 87 +#define PIDX_DRBG_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_DRBG_PARAM_RANDOM_DATA 88 +#define PIDX_DRBG_PARAM_RESEED_COUNTER 89 +#define PIDX_DRBG_PARAM_RESEED_REQUESTS 90 +#define PIDX_DRBG_PARAM_RESEED_TIME 91 +#define PIDX_DRBG_PARAM_RESEED_TIME_INTERVAL 92 +#define PIDX_DRBG_PARAM_SIZE 74 +#define PIDX_DRBG_PARAM_USE_DF 93 +#define PIDX_ENCODER_PARAM_CIPHER PIDX_ALG_PARAM_CIPHER +#define PIDX_ENCODER_PARAM_ENCRYPT_LEVEL 94 +#define PIDX_ENCODER_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_ENCODER_PARAM_SAVE_PARAMETERS 95 +#define PIDX_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE 96 +#define PIDX_EXCHANGE_PARAM_KDF_DIGEST 97 +#define PIDX_EXCHANGE_PARAM_KDF_DIGEST_PROPS 98 +#define PIDX_EXCHANGE_PARAM_KDF_OUTLEN 99 +#define PIDX_EXCHANGE_PARAM_KDF_TYPE 100 +#define PIDX_EXCHANGE_PARAM_KDF_UKM 101 +#define PIDX_EXCHANGE_PARAM_PAD 102 +#define PIDX_GEN_PARAM_ITERATION 103 +#define PIDX_GEN_PARAM_POTENTIAL 104 +#define PIDX_KDF_PARAM_ARGON2_AD 105 +#define PIDX_KDF_PARAM_ARGON2_LANES 106 +#define PIDX_KDF_PARAM_ARGON2_MEMCOST 107 +#define PIDX_KDF_PARAM_ARGON2_VERSION 108 +#define PIDX_KDF_PARAM_CEK_ALG 109 +#define PIDX_KDF_PARAM_CIPHER PIDX_ALG_PARAM_CIPHER +#define PIDX_KDF_PARAM_CONSTANT 110 +#define PIDX_KDF_PARAM_DATA 111 +#define PIDX_KDF_PARAM_DIGEST PIDX_ALG_PARAM_DIGEST +#define PIDX_KDF_PARAM_EARLY_CLEAN 112 +#define PIDX_KDF_PARAM_HMACDRBG_ENTROPY 113 +#define PIDX_KDF_PARAM_HMACDRBG_NONCE 114 +#define PIDX_KDF_PARAM_INFO 115 +#define PIDX_KDF_PARAM_ITER 116 +#define PIDX_KDF_PARAM_KBKDF_R 117 +#define PIDX_KDF_PARAM_KBKDF_USE_L 118 +#define PIDX_KDF_PARAM_KBKDF_USE_SEPARATOR 119 +#define PIDX_KDF_PARAM_KEY 120 +#define PIDX_KDF_PARAM_LABEL 121 +#define PIDX_KDF_PARAM_MAC PIDX_ALG_PARAM_MAC +#define PIDX_KDF_PARAM_MAC_SIZE 122 +#define PIDX_KDF_PARAM_MODE 49 +#define PIDX_KDF_PARAM_PASSWORD 123 +#define PIDX_KDF_PARAM_PKCS12_ID 124 +#define PIDX_KDF_PARAM_PKCS5 125 +#define PIDX_KDF_PARAM_PREFIX 126 +#define PIDX_KDF_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_KDF_PARAM_SALT 127 +#define PIDX_KDF_PARAM_SCRYPT_MAXMEM 128 +#define PIDX_KDF_PARAM_SCRYPT_N 129 +#define PIDX_KDF_PARAM_SCRYPT_P 130 +#define PIDX_KDF_PARAM_SCRYPT_R 117 +#define PIDX_KDF_PARAM_SECRET 131 +#define PIDX_KDF_PARAM_SEED 132 +#define PIDX_KDF_PARAM_SIZE 74 +#define PIDX_KDF_PARAM_SSHKDF_SESSION_ID 133 +#define PIDX_KDF_PARAM_SSHKDF_TYPE 134 +#define PIDX_KDF_PARAM_SSHKDF_XCGHASH 135 +#define PIDX_KDF_PARAM_THREADS 136 +#define PIDX_KDF_PARAM_UKM 137 +#define PIDX_KDF_PARAM_X942_ACVPINFO 138 +#define PIDX_KDF_PARAM_X942_PARTYUINFO 139 +#define PIDX_KDF_PARAM_X942_PARTYVINFO 140 +#define PIDX_KDF_PARAM_X942_SUPP_PRIVINFO 141 +#define PIDX_KDF_PARAM_X942_SUPP_PUBINFO 142 +#define PIDX_KDF_PARAM_X942_USE_KEYBITS 143 +#define PIDX_KEM_PARAM_IKME 144 +#define PIDX_KEM_PARAM_OPERATION 145 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING 146 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA 147 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN 148 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_MODE 49 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_OPTIONS 149 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD 150 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC 151 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_TLSTREE 152 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_USE_ETM 153 +#define PIDX_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN 154 +#define PIDX_MAC_PARAM_BLOCK_SIZE 155 +#define PIDX_MAC_PARAM_CIPHER PIDX_ALG_PARAM_CIPHER +#define PIDX_MAC_PARAM_CUSTOM 156 +#define PIDX_MAC_PARAM_C_ROUNDS 157 +#define PIDX_MAC_PARAM_DIGEST PIDX_ALG_PARAM_DIGEST +#define PIDX_MAC_PARAM_DIGEST_NOINIT 158 +#define PIDX_MAC_PARAM_DIGEST_ONESHOT 159 +#define PIDX_MAC_PARAM_D_ROUNDS 160 +#define PIDX_MAC_PARAM_IV 46 +#define PIDX_MAC_PARAM_KEY 120 +#define PIDX_MAC_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_MAC_PARAM_SALT 127 +#define PIDX_MAC_PARAM_SIZE 74 +#define PIDX_MAC_PARAM_TLS_DATA_SIZE 161 +#define PIDX_MAC_PARAM_XOF 76 +#define PIDX_OBJECT_PARAM_DATA 111 +#define PIDX_OBJECT_PARAM_DATA_STRUCTURE 162 +#define PIDX_OBJECT_PARAM_DATA_TYPE 163 +#define PIDX_OBJECT_PARAM_DESC 164 +#define PIDX_OBJECT_PARAM_REFERENCE 165 +#define PIDX_OBJECT_PARAM_TYPE 134 +#define PIDX_PASSPHRASE_PARAM_INFO 115 +#define PIDX_PKEY_PARAM_BITS 166 +#define PIDX_PKEY_PARAM_CIPHER PIDX_ALG_PARAM_CIPHER +#define PIDX_PKEY_PARAM_DEFAULT_DIGEST 167 +#define PIDX_PKEY_PARAM_DHKEM_IKM 168 +#define PIDX_PKEY_PARAM_DH_GENERATOR 169 +#define PIDX_PKEY_PARAM_DH_PRIV_LEN 170 +#define PIDX_PKEY_PARAM_DIGEST PIDX_ALG_PARAM_DIGEST +#define PIDX_PKEY_PARAM_DIGEST_SIZE 171 +#define PIDX_PKEY_PARAM_DIST_ID 172 +#define PIDX_PKEY_PARAM_EC_A 173 +#define PIDX_PKEY_PARAM_EC_B 174 +#define PIDX_PKEY_PARAM_EC_CHAR2_M 175 +#define PIDX_PKEY_PARAM_EC_CHAR2_PP_K1 176 +#define PIDX_PKEY_PARAM_EC_CHAR2_PP_K2 177 +#define PIDX_PKEY_PARAM_EC_CHAR2_PP_K3 178 +#define PIDX_PKEY_PARAM_EC_CHAR2_TP_BASIS 179 +#define PIDX_PKEY_PARAM_EC_CHAR2_TYPE 180 +#define PIDX_PKEY_PARAM_EC_COFACTOR 181 +#define PIDX_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS 182 +#define PIDX_PKEY_PARAM_EC_ENCODING 183 +#define PIDX_PKEY_PARAM_EC_FIELD_TYPE 184 +#define PIDX_PKEY_PARAM_EC_GENERATOR 185 +#define PIDX_PKEY_PARAM_EC_GROUP_CHECK_TYPE 186 +#define PIDX_PKEY_PARAM_EC_INCLUDE_PUBLIC 187 +#define PIDX_PKEY_PARAM_EC_ORDER 188 +#define PIDX_PKEY_PARAM_EC_P 130 +#define PIDX_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT 189 +#define PIDX_PKEY_PARAM_EC_PUB_X 190 +#define PIDX_PKEY_PARAM_EC_PUB_Y 191 +#define PIDX_PKEY_PARAM_EC_SEED 132 +#define PIDX_PKEY_PARAM_ENCODED_PUBLIC_KEY 192 +#define PIDX_PKEY_PARAM_ENGINE PIDX_ALG_PARAM_ENGINE +#define PIDX_PKEY_PARAM_FFC_COFACTOR 193 +#define PIDX_PKEY_PARAM_FFC_DIGEST PIDX_PKEY_PARAM_DIGEST +#define PIDX_PKEY_PARAM_FFC_DIGEST_PROPS PIDX_PKEY_PARAM_PROPERTIES +#define PIDX_PKEY_PARAM_FFC_G 194 +#define PIDX_PKEY_PARAM_FFC_GINDEX 195 +#define PIDX_PKEY_PARAM_FFC_H 196 +#define PIDX_PKEY_PARAM_FFC_P 130 +#define PIDX_PKEY_PARAM_FFC_PBITS 197 +#define PIDX_PKEY_PARAM_FFC_PCOUNTER 198 +#define PIDX_PKEY_PARAM_FFC_Q 199 +#define PIDX_PKEY_PARAM_FFC_QBITS 200 +#define PIDX_PKEY_PARAM_FFC_SEED 132 +#define PIDX_PKEY_PARAM_FFC_TYPE 134 +#define PIDX_PKEY_PARAM_FFC_VALIDATE_G 201 +#define PIDX_PKEY_PARAM_FFC_VALIDATE_LEGACY 202 +#define PIDX_PKEY_PARAM_FFC_VALIDATE_PQ 203 +#define PIDX_PKEY_PARAM_GROUP_NAME 204 +#define PIDX_PKEY_PARAM_IMPLICIT_REJECTION 5 +#define PIDX_PKEY_PARAM_MANDATORY_DIGEST 205 +#define PIDX_PKEY_PARAM_MASKGENFUNC 206 +#define PIDX_PKEY_PARAM_MAX_SIZE 207 +#define PIDX_PKEY_PARAM_MGF1_DIGEST 208 +#define PIDX_PKEY_PARAM_MGF1_PROPERTIES 209 +#define PIDX_PKEY_PARAM_PAD_MODE 210 +#define PIDX_PKEY_PARAM_PRIV_KEY 211 +#define PIDX_PKEY_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_PKEY_PARAM_PUB_KEY 212 +#define PIDX_PKEY_PARAM_RSA_BITS PIDX_PKEY_PARAM_BITS +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT 213 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT1 214 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT2 215 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT3 216 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT4 217 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT5 218 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT6 219 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT7 220 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT8 221 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT9 222 +#define PIDX_PKEY_PARAM_RSA_D 223 +#define PIDX_PKEY_PARAM_RSA_DERIVE_FROM_PQ 224 +#define PIDX_PKEY_PARAM_RSA_DIGEST PIDX_PKEY_PARAM_DIGEST +#define PIDX_PKEY_PARAM_RSA_DIGEST_PROPS PIDX_PKEY_PARAM_PROPERTIES +#define PIDX_PKEY_PARAM_RSA_E 225 +#define PIDX_PKEY_PARAM_RSA_EXPONENT 226 +#define PIDX_PKEY_PARAM_RSA_EXPONENT1 227 +#define PIDX_PKEY_PARAM_RSA_EXPONENT10 228 +#define PIDX_PKEY_PARAM_RSA_EXPONENT2 229 +#define PIDX_PKEY_PARAM_RSA_EXPONENT3 230 +#define PIDX_PKEY_PARAM_RSA_EXPONENT4 231 +#define PIDX_PKEY_PARAM_RSA_EXPONENT5 232 +#define PIDX_PKEY_PARAM_RSA_EXPONENT6 233 +#define PIDX_PKEY_PARAM_RSA_EXPONENT7 234 +#define PIDX_PKEY_PARAM_RSA_EXPONENT8 235 +#define PIDX_PKEY_PARAM_RSA_EXPONENT9 236 +#define PIDX_PKEY_PARAM_RSA_FACTOR 237 +#define PIDX_PKEY_PARAM_RSA_FACTOR1 238 +#define PIDX_PKEY_PARAM_RSA_FACTOR10 239 +#define PIDX_PKEY_PARAM_RSA_FACTOR2 240 +#define PIDX_PKEY_PARAM_RSA_FACTOR3 241 +#define PIDX_PKEY_PARAM_RSA_FACTOR4 242 +#define PIDX_PKEY_PARAM_RSA_FACTOR5 243 +#define PIDX_PKEY_PARAM_RSA_FACTOR6 244 +#define PIDX_PKEY_PARAM_RSA_FACTOR7 245 +#define PIDX_PKEY_PARAM_RSA_FACTOR8 246 +#define PIDX_PKEY_PARAM_RSA_FACTOR9 247 +#define PIDX_PKEY_PARAM_RSA_MASKGENFUNC PIDX_PKEY_PARAM_MASKGENFUNC +#define PIDX_PKEY_PARAM_RSA_MGF1_DIGEST PIDX_PKEY_PARAM_MGF1_DIGEST +#define PIDX_PKEY_PARAM_RSA_N 129 +#define PIDX_PKEY_PARAM_RSA_PRIMES 248 +#define PIDX_PKEY_PARAM_RSA_PSS_SALTLEN 249 +#define PIDX_PKEY_PARAM_RSA_TEST_P1 250 +#define PIDX_PKEY_PARAM_RSA_TEST_P2 251 +#define PIDX_PKEY_PARAM_RSA_TEST_Q1 252 +#define PIDX_PKEY_PARAM_RSA_TEST_Q2 253 +#define PIDX_PKEY_PARAM_RSA_TEST_XP 254 +#define PIDX_PKEY_PARAM_RSA_TEST_XP1 255 +#define PIDX_PKEY_PARAM_RSA_TEST_XP2 256 +#define PIDX_PKEY_PARAM_RSA_TEST_XQ 257 +#define PIDX_PKEY_PARAM_RSA_TEST_XQ1 258 +#define PIDX_PKEY_PARAM_RSA_TEST_XQ2 259 +#define PIDX_PKEY_PARAM_SECURITY_BITS 260 +#define PIDX_PKEY_PARAM_USE_COFACTOR_ECDH PIDX_PKEY_PARAM_USE_COFACTOR_FLAG +#define PIDX_PKEY_PARAM_USE_COFACTOR_FLAG 261 +#define PIDX_PROV_PARAM_BUILDINFO 262 +#define PIDX_PROV_PARAM_CORE_MODULE_FILENAME 263 +#define PIDX_PROV_PARAM_CORE_PROV_NAME 264 +#define PIDX_PROV_PARAM_CORE_VERSION 265 +#define PIDX_PROV_PARAM_DRBG_TRUNC_DIGEST 266 +#define PIDX_PROV_PARAM_NAME 267 +#define PIDX_PROV_PARAM_SECURITY_CHECKS 268 +#define PIDX_PROV_PARAM_SELF_TEST_DESC 269 +#define PIDX_PROV_PARAM_SELF_TEST_PHASE 270 +#define PIDX_PROV_PARAM_SELF_TEST_TYPE 271 +#define PIDX_PROV_PARAM_STATUS 272 +#define PIDX_PROV_PARAM_TLS1_PRF_EMS_CHECK 273 +#define PIDX_PROV_PARAM_VERSION 108 +#define PIDX_RAND_PARAM_GENERATE 274 +#define PIDX_RAND_PARAM_MAX_REQUEST 275 +#define PIDX_RAND_PARAM_STATE 276 +#define PIDX_RAND_PARAM_STRENGTH 277 +#define PIDX_RAND_PARAM_TEST_ENTROPY 278 +#define PIDX_RAND_PARAM_TEST_NONCE 279 +#define PIDX_SIGNATURE_PARAM_ALGORITHM_ID 280 +#define PIDX_SIGNATURE_PARAM_CONTEXT_STRING 281 +#define PIDX_SIGNATURE_PARAM_DIGEST PIDX_PKEY_PARAM_DIGEST +#define PIDX_SIGNATURE_PARAM_DIGEST_SIZE PIDX_PKEY_PARAM_DIGEST_SIZE +#define PIDX_SIGNATURE_PARAM_INSTANCE 282 +#define PIDX_SIGNATURE_PARAM_KAT 283 +#define PIDX_SIGNATURE_PARAM_MGF1_DIGEST PIDX_PKEY_PARAM_MGF1_DIGEST +#define PIDX_SIGNATURE_PARAM_MGF1_PROPERTIES PIDX_PKEY_PARAM_MGF1_PROPERTIES +#define PIDX_SIGNATURE_PARAM_NONCE_TYPE 284 +#define PIDX_SIGNATURE_PARAM_PAD_MODE PIDX_PKEY_PARAM_PAD_MODE +#define PIDX_SIGNATURE_PARAM_PROPERTIES PIDX_PKEY_PARAM_PROPERTIES +#define PIDX_SIGNATURE_PARAM_PSS_SALTLEN 249 +#define PIDX_STORE_PARAM_ALIAS 285 +#define PIDX_STORE_PARAM_DIGEST 1 +#define PIDX_STORE_PARAM_EXPECT 286 +#define PIDX_STORE_PARAM_FINGERPRINT 287 +#define PIDX_STORE_PARAM_INPUT_TYPE 288 +#define PIDX_STORE_PARAM_ISSUER 267 +#define PIDX_STORE_PARAM_PROPERTIES 4 +#define PIDX_STORE_PARAM_SERIAL 289 +#define PIDX_STORE_PARAM_SUBJECT 290 diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/params.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/params.h new file mode 100644 index 000000000000..3fbd0cf954c5 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/params.h @@ -0,0 +1,38 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +/* + * Extract the parameter into an allocated buffer. + * Any existing allocation in *out is cleared and freed. + * + * Returns 1 on success, 0 on failure and -1 if there are no matching params. + * + * *out and *out_len are guaranteed to be untouched if this function + * doesn't return success. + */ +int ossl_param_get1_octet_string(const OSSL_PARAM *params, const char *name, + unsigned char **out, size_t *out_len); +/* + * Concatenate all of the matching params together. + * *out will point to an allocated buffer on successful return. + * Any existing allocation in *out is cleared and freed. + * + * Passing 0 for maxsize means unlimited size output. + * + * Returns 1 on success, 0 on failure and -1 if there are no matching params. + * + * *out and *out_len are guaranteed to be untouched if this function + * doesn't return success. + */ +int ossl_param_get1_concat_octet_string(const OSSL_PARAM *params, const char *name, + unsigned char **out, size_t *out_len, + size_t maxsize); diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/passphrase.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/passphrase.h new file mode 100644 index 000000000000..54d997b0d90b --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/passphrase.h @@ -0,0 +1,122 @@ +/* + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_PASSPHRASE_H +# define OSSL_INTERNAL_PASSPHRASE_H +# pragma once + +/* + * This is a passphrase reader bridge with bells and whistles. + * + * On one hand, an API may wish to offer all sorts of passphrase callback + * possibilities to users, or may have to do so for historical reasons. + * On the other hand, that same API may have demands from other interfaces, + * notably from the libcrypto <-> provider interface, which uses + * OSSL_PASSPHRASE_CALLBACK consistently. + * + * The structure and functions below are the fundaments for bridging one + * passphrase callback form to another. + * + * In addition, extra features are included (this may be a growing list): + * + * - password caching. This is to be used by APIs where it's likely + * that the same passphrase may be asked for more than once, but the + * user shouldn't get prompted more than once. For example, this is + * useful for OSSL_DECODER, which may have to use a passphrase while + * trying to find out what input it has. + */ + +/* + * Structure to hold whatever the calling user may specify. This structure + * is intended to be integrated into API specific structures or to be used + * as a local on-stack variable type. Therefore, no functions to allocate + * or freed it on the heap is offered. + */ +struct ossl_passphrase_data_st { + enum { + is_expl_passphrase = 1, /* Explicit passphrase given by user */ + is_pem_password, /* pem_password_cb given by user */ + is_ossl_passphrase, /* OSSL_PASSPHRASE_CALLBACK given by user */ + is_ui_method /* UI_METHOD given by user */ + } type; + union { + struct { + char *passphrase_copy; + size_t passphrase_len; + } expl_passphrase; + + struct { + pem_password_cb *password_cb; + void *password_cbarg; + } pem_password; + + struct { + OSSL_PASSPHRASE_CALLBACK *passphrase_cb; + void *passphrase_cbarg; + } ossl_passphrase; + + struct { + const UI_METHOD *ui_method; + void *ui_method_data; + } ui_method; + } _; + + /*- + * Flags section + */ + + /* Set to indicate that caching should be done */ + unsigned int flag_cache_passphrase:1; + + /*- + * Misc section: caches and other + */ + + char *cached_passphrase; + size_t cached_passphrase_len; +}; + +/* Structure manipulation */ + +void ossl_pw_clear_passphrase_data(struct ossl_passphrase_data_st *data); +void ossl_pw_clear_passphrase_cache(struct ossl_passphrase_data_st *data); + +int ossl_pw_set_passphrase(struct ossl_passphrase_data_st *data, + const unsigned char *passphrase, + size_t passphrase_len); +int ossl_pw_set_pem_password_cb(struct ossl_passphrase_data_st *data, + pem_password_cb *cb, void *cbarg); +int ossl_pw_set_ossl_passphrase_cb(struct ossl_passphrase_data_st *data, + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg); +int ossl_pw_set_ui_method(struct ossl_passphrase_data_st *data, + const UI_METHOD *ui_method, void *ui_data); + +int ossl_pw_enable_passphrase_caching(struct ossl_passphrase_data_st *data); +int ossl_pw_disable_passphrase_caching(struct ossl_passphrase_data_st *data); + +/* Central function for direct calls */ + +int ossl_pw_get_passphrase(char *pass, size_t pass_size, size_t *pass_len, + const OSSL_PARAM params[], int verify, + struct ossl_passphrase_data_st *data); + +/* Callback functions */ + +/* + * All of these callback expect that the callback argument is a + * struct ossl_passphrase_data_st + */ + +pem_password_cb ossl_pw_pem_password; +pem_password_cb ossl_pw_pvk_password; +/* One callback for encoding (verification prompt) and one for decoding */ +OSSL_PASSPHRASE_CALLBACK ossl_pw_passphrase_callback_enc; +OSSL_PASSPHRASE_CALLBACK ossl_pw_passphrase_callback_dec; + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/priority_queue.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/priority_queue.h new file mode 100644 index 000000000000..5be03bf131c8 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/priority_queue.h @@ -0,0 +1,88 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_PRIORITY_QUEUE_H +# define OSSL_INTERNAL_PRIORITY_QUEUE_H +# pragma once + +# include +# include + +# define PRIORITY_QUEUE_OF(type) OSSL_PRIORITY_QUEUE_ ## type + +# define DEFINE_PRIORITY_QUEUE_OF_INTERNAL(type, ctype) \ + typedef struct ossl_priority_queue_st_ ## type PRIORITY_QUEUE_OF(type); \ + static ossl_unused ossl_inline PRIORITY_QUEUE_OF(type) * \ + ossl_pqueue_##type##_new(int (*compare)(const ctype *, const ctype *)) \ + { \ + return (PRIORITY_QUEUE_OF(type) *)ossl_pqueue_new( \ + (int (*)(const void *, const void *))compare); \ + } \ + static ossl_unused ossl_inline void \ + ossl_pqueue_##type##_free(PRIORITY_QUEUE_OF(type) *pq) \ + { \ + ossl_pqueue_free((OSSL_PQUEUE *)pq); \ + } \ + static ossl_unused ossl_inline void \ + ossl_pqueue_##type##_pop_free(PRIORITY_QUEUE_OF(type) *pq, \ + void (*freefunc)(ctype *)) \ + { \ + ossl_pqueue_pop_free((OSSL_PQUEUE *)pq, (void (*)(void *))freefunc);\ + } \ + static ossl_unused ossl_inline int \ + ossl_pqueue_##type##_reserve(PRIORITY_QUEUE_OF(type) *pq, size_t n) \ + { \ + return ossl_pqueue_reserve((OSSL_PQUEUE *)pq, n); \ + } \ + static ossl_unused ossl_inline size_t \ + ossl_pqueue_##type##_num(const PRIORITY_QUEUE_OF(type) *pq) \ + { \ + return ossl_pqueue_num((OSSL_PQUEUE *)pq); \ + } \ + static ossl_unused ossl_inline int \ + ossl_pqueue_##type##_push(PRIORITY_QUEUE_OF(type) *pq, \ + ctype *data, size_t *elem) \ + { \ + return ossl_pqueue_push((OSSL_PQUEUE *)pq, (void *)data, elem); \ + } \ + static ossl_unused ossl_inline ctype * \ + ossl_pqueue_##type##_peek(const PRIORITY_QUEUE_OF(type) *pq) \ + { \ + return (type *)ossl_pqueue_peek((OSSL_PQUEUE *)pq); \ + } \ + static ossl_unused ossl_inline ctype * \ + ossl_pqueue_##type##_pop(PRIORITY_QUEUE_OF(type) *pq) \ + { \ + return (type *)ossl_pqueue_pop((OSSL_PQUEUE *)pq); \ + } \ + static ossl_unused ossl_inline ctype * \ + ossl_pqueue_##type##_remove(PRIORITY_QUEUE_OF(type) *pq, \ + size_t elem) \ + { \ + return (type *)ossl_pqueue_remove((OSSL_PQUEUE *)pq, elem); \ + } \ + struct ossl_priority_queue_st_ ## type + +# define DEFINE_PRIORITY_QUEUE_OF(type) \ + DEFINE_PRIORITY_QUEUE_OF_INTERNAL(type, type) + +typedef struct ossl_pqueue_st OSSL_PQUEUE; + +OSSL_PQUEUE *ossl_pqueue_new(int (*compare)(const void *, const void *)); +void ossl_pqueue_free(OSSL_PQUEUE *pq); +void ossl_pqueue_pop_free(OSSL_PQUEUE *pq, void (*freefunc)(void *)); +int ossl_pqueue_reserve(OSSL_PQUEUE *pq, size_t n); + +size_t ossl_pqueue_num(const OSSL_PQUEUE *pq); +int ossl_pqueue_push(OSSL_PQUEUE *pq, void *data, size_t *elem); +void *ossl_pqueue_peek(const OSSL_PQUEUE *pq); +void *ossl_pqueue_pop(OSSL_PQUEUE *pq); +void *ossl_pqueue_remove(OSSL_PQUEUE *pq, size_t elem); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/property.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/property.h new file mode 100644 index 000000000000..3adff4994003 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/property.h @@ -0,0 +1,99 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_PROPERTY_H +# define OSSL_INTERNAL_PROPERTY_H +# pragma once + +# include "internal/cryptlib.h" + +typedef struct ossl_method_store_st OSSL_METHOD_STORE; +typedef struct ossl_property_list_st OSSL_PROPERTY_LIST; + +typedef enum { + OSSL_PROPERTY_TYPE_STRING, OSSL_PROPERTY_TYPE_NUMBER, + OSSL_PROPERTY_TYPE_VALUE_UNDEFINED +} OSSL_PROPERTY_TYPE; +typedef struct ossl_property_definition_st OSSL_PROPERTY_DEFINITION; + +/* Initialisation */ +int ossl_property_parse_init(OSSL_LIB_CTX *ctx); + +/* Property definition parser */ +OSSL_PROPERTY_LIST *ossl_parse_property(OSSL_LIB_CTX *ctx, const char *defn); +/* Property query parser */ +OSSL_PROPERTY_LIST *ossl_parse_query(OSSL_LIB_CTX *ctx, const char *s, + int create_values); +/* Property checker of query vs definition */ +int ossl_property_match_count(const OSSL_PROPERTY_LIST *query, + const OSSL_PROPERTY_LIST *defn); +int ossl_property_is_enabled(OSSL_LIB_CTX *ctx, const char *property_name, + const OSSL_PROPERTY_LIST *prop_list); +/* Free a parsed property list */ +void ossl_property_free(OSSL_PROPERTY_LIST *p); + +/* Get a property from a property list */ +const OSSL_PROPERTY_DEFINITION * +ossl_property_find_property(const OSSL_PROPERTY_LIST *list, + OSSL_LIB_CTX *libctx, const char *name); +OSSL_PROPERTY_TYPE ossl_property_get_type(const OSSL_PROPERTY_DEFINITION *prop); +const char *ossl_property_get_string_value(OSSL_LIB_CTX *libctx, + const OSSL_PROPERTY_DEFINITION *prop); +int64_t ossl_property_get_number_value(const OSSL_PROPERTY_DEFINITION *prop); + + +/* Implementation store functions */ +OSSL_METHOD_STORE *ossl_method_store_new(OSSL_LIB_CTX *ctx); +void ossl_method_store_free(OSSL_METHOD_STORE *store); + +int ossl_method_lock_store(OSSL_METHOD_STORE *store); +int ossl_method_unlock_store(OSSL_METHOD_STORE *store); + +int ossl_method_store_add(OSSL_METHOD_STORE *store, const OSSL_PROVIDER *prov, + int nid, const char *properties, void *method, + int (*method_up_ref)(void *), + void (*method_destruct)(void *)); +int ossl_method_store_remove(OSSL_METHOD_STORE *store, int nid, + const void *method); +void ossl_method_store_do_all(OSSL_METHOD_STORE *store, + void (*fn)(int id, void *method, void *fnarg), + void *fnarg); +int ossl_method_store_fetch(OSSL_METHOD_STORE *store, + int nid, const char *prop_query, + const OSSL_PROVIDER **prov, void **method); +int ossl_method_store_remove_all_provided(OSSL_METHOD_STORE *store, + const OSSL_PROVIDER *prov); + +/* Get the global properties associate with the specified library context */ +OSSL_PROPERTY_LIST **ossl_ctx_global_properties(OSSL_LIB_CTX *ctx, + int loadconfig); + +/* property query cache functions */ +int ossl_method_store_cache_get(OSSL_METHOD_STORE *store, OSSL_PROVIDER *prov, + int nid, const char *prop_query, void **result); +int ossl_method_store_cache_set(OSSL_METHOD_STORE *store, OSSL_PROVIDER *prov, + int nid, const char *prop_query, void *result, + int (*method_up_ref)(void *), + void (*method_destruct)(void *)); + +__owur int ossl_method_store_cache_flush_all(OSSL_METHOD_STORE *store); + +/* Merge two property queries together */ +OSSL_PROPERTY_LIST *ossl_property_merge(const OSSL_PROPERTY_LIST *a, + const OSSL_PROPERTY_LIST *b); + +size_t ossl_property_list_to_string(OSSL_LIB_CTX *ctx, + const OSSL_PROPERTY_LIST *list, char *buf, + size_t bufsize); + +int ossl_global_properties_no_mirrored(OSSL_LIB_CTX *libctx); +void ossl_global_properties_stop_mirroring(OSSL_LIB_CTX *libctx); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/propertyerr.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/propertyerr.h new file mode 100644 index 000000000000..fbee53f11e84 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/propertyerr.h @@ -0,0 +1,43 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_PROPERTYERR_H +# define OSSL_INTERNAL_PROPERTYERR_H +# pragma once + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_PROP_strings(void); + +/* + * PROP reason codes. + */ +# define PROP_R_NAME_TOO_LONG 100 +# define PROP_R_NOT_AN_ASCII_CHARACTER 101 +# define PROP_R_NOT_AN_HEXADECIMAL_DIGIT 102 +# define PROP_R_NOT_AN_IDENTIFIER 103 +# define PROP_R_NOT_AN_OCTAL_DIGIT 104 +# define PROP_R_NOT_A_DECIMAL_DIGIT 105 +# define PROP_R_NO_MATCHING_STRING_DELIMITER 106 +# define PROP_R_NO_VALUE 107 +# define PROP_R_PARSE_FAILED 108 +# define PROP_R_STRING_TOO_LONG 109 +# define PROP_R_TRAILING_CHARACTERS 110 + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/provider.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/provider.h new file mode 100644 index 000000000000..ab41d643df06 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/provider.h @@ -0,0 +1,119 @@ +/* + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_PROVIDER_H +# define OSSL_INTERNAL_PROVIDER_H +# pragma once + +# include +# include +# include "internal/dso.h" +# include "internal/symhacks.h" + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * namespaces: + * + * ossl_provider_ Provider Object internal API + * OSSL_PROVIDER Provider Object + */ + +/* Provider Object finder, constructor and destructor */ +OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name, + int noconfig); +OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name, + OSSL_provider_init_fn *init_function, + OSSL_PARAM *params, int noconfig); +int ossl_provider_up_ref(OSSL_PROVIDER *prov); +void ossl_provider_free(OSSL_PROVIDER *prov); + +/* Setters */ +int ossl_provider_set_module_path(OSSL_PROVIDER *prov, const char *module_path); +int ossl_provider_add_parameter(OSSL_PROVIDER *prov, const char *name, + const char *value); + +int ossl_provider_is_child(const OSSL_PROVIDER *prov); +int ossl_provider_set_child(OSSL_PROVIDER *prov, const OSSL_CORE_HANDLE *handle); +const OSSL_CORE_HANDLE *ossl_provider_get_parent(OSSL_PROVIDER *prov); +int ossl_provider_up_ref_parent(OSSL_PROVIDER *prov, int activate); +int ossl_provider_free_parent(OSSL_PROVIDER *prov, int deactivate); +int ossl_provider_default_props_update(OSSL_LIB_CTX *libctx, const char *props); + +/* Disable fallback loading */ +int ossl_provider_disable_fallback_loading(OSSL_LIB_CTX *libctx); + +/* + * Activate the Provider + * If the Provider is a module, the module will be loaded + */ +int ossl_provider_activate(OSSL_PROVIDER *prov, int upcalls, int aschild); +int ossl_provider_deactivate(OSSL_PROVIDER *prov, int removechildren); +int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov, + int retain_fallbacks); + +/* Return pointer to the provider's context */ +void *ossl_provider_ctx(const OSSL_PROVIDER *prov); + +/* Iterate over all loaded providers */ +int ossl_provider_doall_activated(OSSL_LIB_CTX *, + int (*cb)(OSSL_PROVIDER *provider, + void *cbdata), + void *cbdata); + +/* Getters for other library functions */ +const char *ossl_provider_name(const OSSL_PROVIDER *prov); +const DSO *ossl_provider_dso(const OSSL_PROVIDER *prov); +const char *ossl_provider_module_name(const OSSL_PROVIDER *prov); +const char *ossl_provider_module_path(const OSSL_PROVIDER *prov); +void *ossl_provider_prov_ctx(const OSSL_PROVIDER *prov); +const OSSL_DISPATCH *ossl_provider_get0_dispatch(const OSSL_PROVIDER *prov); +OSSL_LIB_CTX *ossl_provider_libctx(const OSSL_PROVIDER *prov); + +/* Thin wrappers around calls to the provider */ +void ossl_provider_teardown(const OSSL_PROVIDER *prov); +const OSSL_PARAM *ossl_provider_gettable_params(const OSSL_PROVIDER *prov); +int ossl_provider_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); +int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov, + const char *capability, + OSSL_CALLBACK *cb, + void *arg); +int ossl_provider_self_test(const OSSL_PROVIDER *prov); +const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, + int operation_id, + int *no_cache); +void ossl_provider_unquery_operation(const OSSL_PROVIDER *prov, + int operation_id, + const OSSL_ALGORITHM *algs); + +/* + * Cache of bits to see if we already added methods for an operation in + * the "permanent" method store. + * They should never be called for temporary method stores! + */ +int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum); +int ossl_provider_test_operation_bit(OSSL_PROVIDER *provider, size_t bitnum, + int *result); + +/* Configuration */ +void ossl_provider_add_conf_module(void); + +/* Child providers */ +int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx, + const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *in); +void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx); + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/qlog.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/qlog.h new file mode 100644 index 000000000000..b81bfe7e4b96 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/qlog.h @@ -0,0 +1,131 @@ +/* + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QLOG_H +# define OSSL_QLOG_H + +# include +# include "internal/quic_types.h" +# include "internal/time.h" + +typedef struct qlog_st QLOG; + +# ifndef OPENSSL_NO_QLOG + +enum { + QLOG_EVENT_TYPE_NONE, + +# define QLOG_EVENT(cat, name) QLOG_EVENT_TYPE_##cat##_##name, +# include "internal/qlog_events.h" +# undef QLOG_EVENT + + QLOG_EVENT_TYPE_NUM +}; + +typedef struct qlog_trace_info_st { + QUIC_CONN_ID odcid; + const char *title, *description, *group_id; + int is_server; + OSSL_TIME (*now_cb)(void *arg); + void *now_cb_arg; + uint64_t override_process_id; + const char *override_impl_name; +} QLOG_TRACE_INFO; + +QLOG *ossl_qlog_new(const QLOG_TRACE_INFO *info); +QLOG *ossl_qlog_new_from_env(const QLOG_TRACE_INFO *info); + +void ossl_qlog_free(QLOG *qlog); + +/* Configuration */ +int ossl_qlog_set_event_type_enabled(QLOG *qlog, uint32_t event_type, + int enable); +int ossl_qlog_set_filter(QLOG *qlog, const char *filter); + +int ossl_qlog_set_sink_bio(QLOG *qlog, BIO *bio); +# ifndef OPENSSL_NO_STDIO +int ossl_qlog_set_sink_file(QLOG *qlog, FILE *file, int close_flag); +# endif +int ossl_qlog_set_sink_filename(QLOG *qlog, const char *filename); + +/* Operations */ +int ossl_qlog_flush(QLOG *qlog); + +/* Queries */ +int ossl_qlog_enabled(QLOG *qlog, uint32_t event_type); + +/* Grouping Functions */ +int ossl_qlog_event_try_begin(QLOG *qlog, uint32_t event_type, + const char *event_cat, const char *event_name, + const char *event_combined_name); +void ossl_qlog_event_end(QLOG *qlog); + +void ossl_qlog_group_begin(QLOG *qlog, const char *name); +void ossl_qlog_group_end(QLOG *qlog); + +void ossl_qlog_array_begin(QLOG *qlog, const char *name); +void ossl_qlog_array_end(QLOG *qlog); + +void ossl_qlog_override_time(QLOG *qlog, OSSL_TIME event_time); + +/* Grouping Macros */ +# define QLOG_EVENT_BEGIN(qlog, cat, name) \ + { \ + QLOG *qlog_instance = (qlog); \ + uint32_t qlog_event_type = QLOG_EVENT_TYPE_##cat##_##name; \ + \ + if (ossl_qlog_event_try_begin(qlog_instance, qlog_event_type, \ + #cat, #name, #cat ":" #name)) { + +# define QLOG_EVENT_END() \ + ossl_qlog_event_end(qlog_instance); \ + } \ + } + +# define QLOG_BEGIN(name) \ + { \ + ossl_qlog_group_begin(qlog_instance, (name)); + +# define QLOG_END() \ + ossl_qlog_group_end(qlog_instance); \ + } + +# define QLOG_BEGIN_ARRAY(name) \ + { \ + ossl_qlog_array_begin(qlog_instance, (name)); + +# define QLOG_END_ARRAY() \ + ossl_qlog_array_end(qlog_instance); \ + } + +/* Field Functions */ +void ossl_qlog_str(QLOG *qlog, const char *name, const char *value); +void ossl_qlog_str_len(QLOG *qlog, const char *name, + const char *value, size_t value_len); +void ossl_qlog_u64(QLOG *qlog, const char *name, uint64_t value); +void ossl_qlog_i64(QLOG *qlog, const char *name, int64_t value); +void ossl_qlog_bool(QLOG *qlog, const char *name, int value); +void ossl_qlog_bin(QLOG *qlog, const char *name, + const void *value, size_t value_len); + +/* Field Macros */ +# define QLOG_STR(name, value) ossl_qlog_str(qlog_instance, (name), (value)) +# define QLOG_STR_LEN(name, value, value_len) \ + ossl_qlog_str_len(qlog_instance, (name), (value), (value_len)) +# define QLOG_I64(name, value) ossl_qlog_i64(qlog_instance, (name), (value)) +# define QLOG_U64(name, value) ossl_qlog_u64(qlog_instance, (name), (value)) +# define QLOG_F64(name, value) ossl_qlog_f64(qlog_instance, (name), (value)) +# define QLOG_BOOL(name, value) ossl_qlog_bool(qlog_instance, (name), (value)) +# define QLOG_BIN(name, value, value_len) \ + ossl_qlog_bin(qlog_instance, (name), (value), (value_len)) +# define QLOG_CID(name, value) QLOG_BIN((name), (value)->id, (value)->id_len) + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/qlog_event_helpers.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/qlog_event_helpers.h new file mode 100644 index 000000000000..43d62360805a --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/qlog_event_helpers.h @@ -0,0 +1,56 @@ +/* + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QLOG_EVENT_HELPERS_H +# define OSSL_QLOG_EVENT_HELPERS_H + +# include +# include "internal/qlog.h" +# include "internal/quic_types.h" +# include "internal/quic_channel.h" +# include "internal/quic_txpim.h" +# include "internal/quic_record_tx.h" +# include "internal/quic_wire_pkt.h" + +/* connectivity:connection_started */ +void ossl_qlog_event_connectivity_connection_started(QLOG *qlog, + const QUIC_CONN_ID *init_dcid); + +/* connectivity:connection_state_updated */ +void ossl_qlog_event_connectivity_connection_state_updated(QLOG *qlog, + uint32_t old_state, + uint32_t new_state, + int handshake_complete, + int handshake_confirmed); + +/* connectivity:connection_closed */ +void ossl_qlog_event_connectivity_connection_closed(QLOG *qlog, + const QUIC_TERMINATE_CAUSE *tcause); + +/* recovery:packet_lost */ +void ossl_qlog_event_recovery_packet_lost(QLOG *qlog, + const QUIC_TXPIM_PKT *tpkt); + +/* transport:packet_sent */ +void ossl_qlog_event_transport_packet_sent(QLOG *qlog, + const QUIC_PKT_HDR *hdr, + QUIC_PN pn, + const OSSL_QTX_IOVEC *iovec, + size_t numn_iovec, + uint64_t datagram_id); + +/* transport:packet_received */ +void ossl_qlog_event_transport_packet_received(QLOG *qlog, + const QUIC_PKT_HDR *hdr, + QUIC_PN pn, + const OSSL_QTX_IOVEC *iovec, + size_t numn_iovec, + uint64_t datagram_id); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/qlog_events.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/qlog_events.h new file mode 100644 index 000000000000..6dd44bf36565 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/qlog_events.h @@ -0,0 +1,15 @@ +/* + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +QLOG_EVENT(connectivity, connection_started) +QLOG_EVENT(connectivity, connection_state_updated) +QLOG_EVENT(connectivity, connection_closed) +QLOG_EVENT(transport, parameters_set) +QLOG_EVENT(transport, packet_sent) +QLOG_EVENT(transport, packet_received) +QLOG_EVENT(recovery, packet_lost) diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_ackm.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_ackm.h new file mode 100644 index 000000000000..69b862d9c55a --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_ackm.h @@ -0,0 +1,296 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef OSSL_QUIC_ACKM_H +# define OSSL_QUIC_ACKM_H + +# include "internal/quic_statm.h" +# include "internal/quic_cc.h" +# include "internal/quic_types.h" +# include "internal/quic_wire.h" +# include "internal/quic_predef.h" +# include "internal/time.h" +# include "internal/list.h" + +# ifndef OPENSSL_NO_QUIC + +OSSL_ACKM *ossl_ackm_new(OSSL_TIME (*now)(void *arg), + void *now_arg, + OSSL_STATM *statm, + const OSSL_CC_METHOD *cc_method, + OSSL_CC_DATA *cc_data); +void ossl_ackm_free(OSSL_ACKM *ackm); + +void ossl_ackm_set_loss_detection_deadline_callback(OSSL_ACKM *ackm, + void (*fn)(OSSL_TIME deadline, + void *arg), + void *arg); + +void ossl_ackm_set_ack_deadline_callback(OSSL_ACKM *ackm, + void (*fn)(OSSL_TIME deadline, + int pkt_space, + void *arg), + void *arg); + +/* + * Configures the RX-side maximum ACK delay. This is the maximum amount of time + * the peer is allowed to delay sending an ACK frame after receiving an + * ACK-eliciting packet. The peer communicates this value via a transport + * parameter and it must be provided to the ACKM. + */ +void ossl_ackm_set_rx_max_ack_delay(OSSL_ACKM *ackm, OSSL_TIME rx_max_ack_delay); + +/* + * Configures the TX-side maximum ACK delay. This is the maximum amount of time + * we are allowed to delay sending an ACK frame after receiving an ACK-eliciting + * packet. Note that this cannot be changed after a connection is established as + * it must be accurately reported in the transport parameters we send to our + * peer. + */ +void ossl_ackm_set_tx_max_ack_delay(OSSL_ACKM *ackm, OSSL_TIME tx_max_ack_delay); + +typedef struct ossl_ackm_tx_pkt_st OSSL_ACKM_TX_PKT; +struct ossl_ackm_tx_pkt_st { + /* The packet number of the transmitted packet. */ + QUIC_PN pkt_num; + + /* The number of bytes in the packet which was sent. */ + size_t num_bytes; + + /* The time at which the packet was sent. */ + OSSL_TIME time; + + /* + * If the packet being described by this structure contains an ACK frame, + * this must be set to the largest PN ACK'd by that frame. + * + * Otherwise, it should be set to QUIC_PN_INVALID. + * + * This is necessary to bound the number of PNs we have to keep track of on + * the RX side (RFC 9000 s. 13.2.4). It allows older PN tracking information + * on the RX side to be discarded. + */ + QUIC_PN largest_acked; + + /* + * One of the QUIC_PN_SPACE_* values. This qualifies the pkt_num field + * into a packet number space. + */ + unsigned int pkt_space :2; + + /* + * 1 if the packet is in flight. A packet is considered 'in flight' if it is + * counted for purposes of congestion control and 'bytes in flight' counts. + * Most packets are considered in flight. The only circumstance where a + * numbered packet is not considered in flight is if it contains only ACK + * frames (not even PADDING frames), as these frames can bypass CC. + */ + unsigned int is_inflight :1; + + /* + * 1 if the packet has one or more ACK-eliciting frames. + * Note that if this is set, is_inflight must be set. + */ + unsigned int is_ack_eliciting :1; + + /* 1 if the packet is a PTO probe. */ + unsigned int is_pto_probe :1; + + /* 1 if the packet is an MTU probe. */ + unsigned int is_mtu_probe :1; + + /* Callback called if frames in this packet are lost. arg is cb_arg. */ + void (*on_lost)(void *arg); + /* Callback called if frames in this packet are acked. arg is cb_arg. */ + void (*on_acked)(void *arg); + /* + * Callback called if frames in this packet are neither acked nor lost. arg + * is cb_arg. + */ + void (*on_discarded)(void *arg); + void *cb_arg; + + /* + * (Internal use fields; must be zero-initialized.) + * + * Keep a TX history list, anext is used to manifest + * a singly-linked list of newly-acknowledged packets, and lnext is used to + * manifest a singly-linked list of newly lost packets. + */ + OSSL_LIST_MEMBER(tx_history, OSSL_ACKM_TX_PKT); + + struct ossl_ackm_tx_pkt_st *anext; + struct ossl_ackm_tx_pkt_st *lnext; +}; + +int ossl_ackm_on_tx_packet(OSSL_ACKM *ackm, OSSL_ACKM_TX_PKT *pkt); +int ossl_ackm_on_rx_datagram(OSSL_ACKM *ackm, size_t num_bytes); + +# define OSSL_ACKM_ECN_NONE 0 +# define OSSL_ACKM_ECN_ECT1 1 +# define OSSL_ACKM_ECN_ECT0 2 +# define OSSL_ACKM_ECN_ECNCE 3 + +typedef struct ossl_ackm_rx_pkt_st { + /* The packet number of the received packet. */ + QUIC_PN pkt_num; + + /* The time at which the packet was received. */ + OSSL_TIME time; + + /* + * One of the QUIC_PN_SPACE_* values. This qualifies the pkt_num field + * into a packet number space. + */ + unsigned int pkt_space :2; + + /* 1 if the packet has one or more ACK-eliciting frames. */ + unsigned int is_ack_eliciting :1; + + /* + * One of the OSSL_ACKM_ECN_* values. This is the ECN labelling applied to + * the received packet. If unknown, use OSSL_ACKM_ECN_NONE. + */ + unsigned int ecn :2; +} OSSL_ACKM_RX_PKT; + +int ossl_ackm_on_rx_packet(OSSL_ACKM *ackm, const OSSL_ACKM_RX_PKT *pkt); + +int ossl_ackm_on_rx_ack_frame(OSSL_ACKM *ackm, const OSSL_QUIC_FRAME_ACK *ack, + int pkt_space, OSSL_TIME rx_time); + +/* + * Discards a PN space. This must be called for a PN space before freeing the + * ACKM if you want in-flight packets to have their discarded callbacks called. + * This should never be called in ordinary QUIC usage for the Application Data + * PN space, but it may be called for the Application Data PN space prior to + * freeing the ACKM to simplify teardown implementations. + */ +int ossl_ackm_on_pkt_space_discarded(OSSL_ACKM *ackm, int pkt_space); + +int ossl_ackm_on_handshake_confirmed(OSSL_ACKM *ackm); +int ossl_ackm_on_timeout(OSSL_ACKM *ackm); + +OSSL_TIME ossl_ackm_get_loss_detection_deadline(OSSL_ACKM *ackm); + +/* + * Generates an ACK frame, regardless of whether the ACK manager thinks + * one should currently be sent. + * + * This clears the flag returned by ossl_ackm_is_ack_desired and the deadline + * returned by ossl_ackm_get_ack_deadline. + */ +const OSSL_QUIC_FRAME_ACK *ossl_ackm_get_ack_frame(OSSL_ACKM *ackm, + int pkt_space); + +/* + * Returns the deadline after which an ACK frame should be generated by calling + * ossl_ackm_get_ack_frame, or OSSL_TIME_INFINITY if no deadline is currently + * applicable. If the deadline has already passed, this function may return that + * deadline, or may return OSSL_TIME_ZERO. + */ +OSSL_TIME ossl_ackm_get_ack_deadline(OSSL_ACKM *ackm, int pkt_space); + +/* + * Returns 1 if the ACK manager thinks an ACK frame ought to be generated and + * sent at this time. ossl_ackm_get_ack_frame will always provide an ACK frame + * whether or not this returns 1, so it is suggested that you call this function + * first to determine whether you need to generate an ACK frame. + * + * The return value of this function can change based on calls to + * ossl_ackm_on_rx_packet and based on the passage of time (see + * ossl_ackm_get_ack_deadline). + */ +int ossl_ackm_is_ack_desired(OSSL_ACKM *ackm, int pkt_space); + +/* + * Returns 1 if the given RX PN is 'processable'. A processable PN is one that + * is not either + * + * - duplicate, meaning that we have already been passed such a PN in a call + * to ossl_ackm_on_rx_packet; or + * + * - written off, meaning that the PN is so old we have stopped tracking state + * for it (meaning that we cannot tell whether it is a duplicate and cannot + * process it safely). + * + * This should be called for a packet before attempting to process its contents. + * Failure to do so may result in processing a duplicated packet in violation of + * the RFC. + * + * The return value of this function transitions from 1 to 0 for a given PN once + * that PN is passed to ossl_ackm_on_rx_packet, thus this function must be used + * before calling ossl_ackm_on_rx_packet. + */ +int ossl_ackm_is_rx_pn_processable(OSSL_ACKM *ackm, QUIC_PN pn, int pkt_space); + +typedef struct ossl_ackm_probe_info_st { + /* + * The following two probe request types are used only for anti-deadlock + * purposes in relation to the anti-amplification logic, by generating + * packets to buy ourselves more anti-amplification credit with the server + * until a client address is verified. Note that like all Initial packets, + * any Initial probes are padded. + * + * Note: The ACKM will only ever increase these by one at a time, + * as only one probe packet should be generated for these cases. + */ + uint32_t anti_deadlock_initial, anti_deadlock_handshake; + + /* + * Send an ACK-eliciting packet for each count here. + * + * Note: The ACKM may increase this by either one or two for each probe + * request, depending on how many probe packets it thinks should be + * generated. + */ + uint32_t pto[QUIC_PN_SPACE_NUM]; +} OSSL_ACKM_PROBE_INFO; + +/* + * Returns a pointer to a structure counting any pending probe requests which + * have been generated by the ACKM. The fields in the structure are incremented + * by one every time the ACKM wants another probe of the given type to be sent. + * If the ACKM thinks two packets should be generated for a probe, it will + * increment the field twice. + * + * It is permissible for the caller to decrement or zero these fields to keep + * track of when it has generated a probe as asked. The returned structure + * has the same lifetime as the ACKM. + * + * This function should be called after calling e.g. ossl_ackm_on_timeout + * to determine if any probe requests have been generated. + */ +OSSL_ACKM_PROBE_INFO *ossl_ackm_get0_probe_request(OSSL_ACKM *ackm); + +int ossl_ackm_get_largest_unacked(OSSL_ACKM *ackm, int pkt_space, QUIC_PN *pn); + +/* + * Forces the ACKM to consider a packet with the given PN in the given PN space + * as having been pseudo-lost. The main reason to use this is during a Retry, to + * force any resources sent in the first Initial packet to be resent. + * + * The lost callback is called for the packet, but the packet is NOT considered + * lost for congestion control purposes. Thus this is not exactly the same as a + * true loss situation. + */ +int ossl_ackm_mark_packet_pseudo_lost(OSSL_ACKM *ackm, + int pkt_space, QUIC_PN pn); + +/* + * Returns the PTO duration as currently calculated. This is a quantity of time. + * This duration is used in various parts of QUIC besides the ACKM. + */ +OSSL_TIME ossl_ackm_get_pto_duration(OSSL_ACKM *ackm); + +/* Returns the largest acked PN in the given PN space. */ +QUIC_PN ossl_ackm_get_largest_acked(OSSL_ACKM *ackm, int pkt_space); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_cc.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_cc.h new file mode 100644 index 000000000000..dbd439dd0cf5 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_cc.h @@ -0,0 +1,218 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef OSSL_QUIC_CC_H +# define OSSL_QUIC_CC_H + +#include "openssl/params.h" +#include "internal/time.h" +#include "internal/quic_predef.h" + +# ifndef OPENSSL_NO_QUIC + +typedef struct ossl_cc_ack_info_st { + /* The time the packet being acknowledged was originally sent. */ + OSSL_TIME tx_time; + + /* The size in bytes of the packet being acknowledged. */ + size_t tx_size; +} OSSL_CC_ACK_INFO; + +typedef struct ossl_cc_loss_info_st { + /* The time the packet being lost was originally sent. */ + OSSL_TIME tx_time; + + /* The size in bytes of the packet which has been determined lost. */ + size_t tx_size; +} OSSL_CC_LOSS_INFO; + +typedef struct ossl_cc_ecn_info_st { + /* + * The time at which the largest acked PN (in the incoming ACK frame) was + * sent. + */ + OSSL_TIME largest_acked_time; +} OSSL_CC_ECN_INFO; + +/* Parameter (read-write): Maximum datagram payload length in bytes. */ +#define OSSL_CC_OPTION_MAX_DGRAM_PAYLOAD_LEN "max_dgram_payload_len" + +/* Diagnostic (read-only): current congestion window size in bytes. */ +#define OSSL_CC_OPTION_CUR_CWND_SIZE "cur_cwnd_size" + +/* Diagnostic (read-only): minimum congestion window size in bytes. */ +#define OSSL_CC_OPTION_MIN_CWND_SIZE "min_cwnd_size" + +/* Diagnostic (read-only): current net bytes in flight. */ +#define OSSL_CC_OPTION_CUR_BYTES_IN_FLIGHT "bytes_in_flight" + +/* Diagnostic (read-only): method-specific state value. */ +#define OSSL_CC_OPTION_CUR_STATE "cur_state" + +/* + * Congestion control abstract interface. + * + * This interface is broadly based on the design described in RFC 9002. However, + * the demarcation between the ACKM and the congestion controller does not + * exactly match that delineated in the RFC 9002 pseudocode. Where aspects of + * the demarcation involve the congestion controller accessing internal state of + * the ACKM, the interface has been revised where possible to provide the + * information needed by the congestion controller and avoid needing to give the + * congestion controller access to the ACKM's internal data structures. + * + * Particular changes include: + * + * - In our implementation, it is the responsibility of the ACKM to determine + * if a loss event constitutes persistent congestion. + * + * - In our implementation, it is the responsibility of the ACKM to determine + * if the ECN-CE counter has increased. The congestion controller is simply + * informed when an ECN-CE event occurs. + * + * All of these changes are intended to avoid having a congestion controller + * have to access ACKM internal state. + */ +#define OSSL_CC_LOST_FLAG_PERSISTENT_CONGESTION (1U << 0) + +struct ossl_cc_method_st { + /* + * Instantiation. + */ + OSSL_CC_DATA *(*new)(OSSL_TIME (*now_cb)(void *arg), + void *now_cb_arg); + + void (*free)(OSSL_CC_DATA *ccdata); + + /* + * Reset of state. + */ + void (*reset)(OSSL_CC_DATA *ccdata); + + /* + * Escape hatch for option configuration. + * + * params is an array of OSSL_PARAM structures. + * + * Returns 1 on success and 0 on failure. + */ + int (*set_input_params)(OSSL_CC_DATA *ccdata, + const OSSL_PARAM *params); + + /* + * (Re)bind output (diagnostic) information. + * + * params is an array of OSSL_PARAM structures used to output values. The + * storage locations associated with each parameter are stored internally + * and updated whenever the state of the congestion controller is updated; + * thus, the storage locations associated with the OSSL_PARAMs passed in the + * call to this function must remain valid until the congestion controller + * is freed or those parameters are unbound. A given parameter name may be + * bound to only one location at a time. The params structures themselves + * do not need to remain allocated after this call returns. + * + * Returns 1 on success and 0 on failure. + */ + int (*bind_diagnostics)(OSSL_CC_DATA *ccdata, + OSSL_PARAM *params); + + /* + * Unbind diagnostic information. The parameters with the given names are + * unbound, cancelling the effects of a previous call to bind_diagnostic(). + * params is an array of OSSL_PARAMs. The values of the parameters are + * ignored. If a parameter is already unbound, there is no effect for that + * parameter but other parameters are still unbound. + * + * Returns 1 on success or 0 on failure. + */ + int (*unbind_diagnostics)(OSSL_CC_DATA *ccdata, + OSSL_PARAM *params); + + /* + * Returns the amount of additional data (above and beyond the data + * currently in flight) which can be sent in bytes. Returns 0 if no more + * data can be sent at this time. The return value of this method + * can vary as time passes. + */ + uint64_t (*get_tx_allowance)(OSSL_CC_DATA *ccdata); + + /* + * Returns the time at which the return value of get_tx_allowance might be + * higher than its current value. This is not a guarantee and spurious + * wakeups are allowed. Returns ossl_time_infinite() if there is no current + * wakeup deadline. + */ + OSSL_TIME (*get_wakeup_deadline)(OSSL_CC_DATA *ccdata); + + /* + * The On Data Sent event. num_bytes should be the size of the packet in + * bytes (or the aggregate size of multiple packets which have just been + * sent). + */ + int (*on_data_sent)(OSSL_CC_DATA *ccdata, + uint64_t num_bytes); + + /* + * The On Data Acked event. See OSSL_CC_ACK_INFO structure for details + * of the information to be passed. + */ + int (*on_data_acked)(OSSL_CC_DATA *ccdata, + const OSSL_CC_ACK_INFO *info); + + /* + * The On Data Lost event. See OSSL_CC_LOSS_INFO structure for details + * of the information to be passed. + * + * Note: When the ACKM determines that a set of multiple packets has been + * lost, it is useful for a congestion control algorithm to be able to + * process this as a single loss event rather than multiple loss events. + * Thus, calling this function may cause the congestion controller to defer + * state updates under the assumption that subsequent calls to + * on_data_lost() representing further lost packets in the same loss event + * may be forthcoming. Always call on_data_lost_finished() after one or more + * calls to on_data_lost(). + */ + int (*on_data_lost)(OSSL_CC_DATA *ccdata, + const OSSL_CC_LOSS_INFO *info); + + /* + * To be called after a sequence of one or more on_data_lost() calls + * representing multiple packets in a single loss detection incident. + * + * Flags may be 0 or OSSL_CC_LOST_FLAG_PERSISTENT_CONGESTION. + */ + int (*on_data_lost_finished)(OSSL_CC_DATA *ccdata, uint32_t flags); + + /* + * For use when a PN space is invalidated or a packet must otherwise be + * 'undone' for congestion control purposes without acting as a loss signal. + * Only the size of the packet is needed. + */ + int (*on_data_invalidated)(OSSL_CC_DATA *ccdata, + uint64_t num_bytes); + + /* + * Called from the ACKM when detecting an increased ECN-CE value in an ACK + * frame. This indicates congestion. + * + * Note that this differs from the RFC's conceptual segregation of the loss + * detection and congestion controller functions, as in our implementation + * the ACKM is responsible for detecting increases to ECN-CE and simply + * tells the congestion controller when ECN-triggered congestion has + * occurred. This allows a slightly more efficient implementation and + * narrower interface between the ACKM and CC. + */ + int (*on_ecn)(OSSL_CC_DATA *ccdata, + const OSSL_CC_ECN_INFO *info); +}; + +extern const OSSL_CC_METHOD ossl_cc_dummy_method; +extern const OSSL_CC_METHOD ossl_cc_newreno_method; + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_cfq.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_cfq.h new file mode 100644 index 000000000000..56ebcb930ed6 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_cfq.h @@ -0,0 +1,154 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_CFQ_H +# define OSSL_QUIC_CFQ_H + +# include +# include "internal/quic_types.h" +# include "internal/quic_predef.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Control Frame Queue Item + * ============================= + * + * The CFQ item structure has a public and a private part. This structure + * documents the public part. + */ +typedef struct quic_cfq_item_st QUIC_CFQ_ITEM; + +struct quic_cfq_item_st { + /* + * These fields are not used by the CFQ, but are a convenience to assist the + * TXPIM in keeping a list of GCR control frames which were sent in a + * packet. They may be used for any purpose. + */ + QUIC_CFQ_ITEM *pkt_prev, *pkt_next; + + /* All other fields are private; use ossl_quic_cfq_item_* accessors. */ +}; + +# define QUIC_CFQ_STATE_NEW 0 +# define QUIC_CFQ_STATE_TX 1 + +/* If set, do not retransmit on loss */ +#define QUIC_CFQ_ITEM_FLAG_UNRELIABLE (1U << 0) + +/* Returns the frame type of a CFQ item. */ +uint64_t ossl_quic_cfq_item_get_frame_type(const QUIC_CFQ_ITEM *item); + +/* Returns a pointer to the encoded buffer of a CFQ item. */ +const unsigned char *ossl_quic_cfq_item_get_encoded(const QUIC_CFQ_ITEM *item); + +/* Returns the length of the encoded buffer in bytes. */ +size_t ossl_quic_cfq_item_get_encoded_len(const QUIC_CFQ_ITEM *item); + +/* Returns the CFQ item state, a QUIC_CFQ_STATE_* value. */ +int ossl_quic_cfq_item_get_state(const QUIC_CFQ_ITEM *item); + +/* Returns the PN space for the CFQ item. */ +uint32_t ossl_quic_cfq_item_get_pn_space(const QUIC_CFQ_ITEM *item); + +/* Returns 1 if this is an unreliable frame. */ +int ossl_quic_cfq_item_is_unreliable(const QUIC_CFQ_ITEM *item); + +/* + * QUIC Control Frame Queue + * ======================== + */ + +QUIC_CFQ *ossl_quic_cfq_new(void); +void ossl_quic_cfq_free(QUIC_CFQ *cfq); + +/* + * Input Side + * ---------- + */ + +/* + * Enqueue a frame to the CFQ. + * + * encoded points to the opaque encoded frame. + * + * free_cb is called by the CFQ when the buffer is no longer needed; + * free_cb_arg is an opaque value passed to free_cb. + * + * priority determines the relative ordering of control frames in a packet. + * Lower numerical values for priority mean that a frame should come earlier in + * a packet. pn_space is a QUIC_PN_SPACE_* value. + * + * On success, returns a QUIC_CFQ_ITEM pointer which acts as a handle to + * the queued frame. On failure, returns NULL. + * + * The frame is initially in the TX state, so there is no need to call + * ossl_quic_cfq_mark_tx() immediately after calling this function. + * + * The frame type is duplicated as the frame_type argument here, even though it + * is also encoded into the buffer. This allows the caller to determine the + * frame type if desired without having to decode the frame. + * + * flags is zero or more QUIC_CFQ_ITEM_FLAG values. + */ +typedef void (cfq_free_cb)(unsigned char *buf, size_t buf_len, void *arg); + +QUIC_CFQ_ITEM *ossl_quic_cfq_add_frame(QUIC_CFQ *cfq, + uint32_t priority, + uint32_t pn_space, + uint64_t frame_type, + uint32_t flags, + const unsigned char *encoded, + size_t encoded_len, + cfq_free_cb *free_cb, + void *free_cb_arg); + +/* + * Effects an immediate transition of the given CFQ item to the TX state. + */ +void ossl_quic_cfq_mark_tx(QUIC_CFQ *cfq, QUIC_CFQ_ITEM *item); + +/* + * Effects an immediate transition of the given CFQ item to the NEW state, + * allowing the frame to be retransmitted. If priority is not UINT32_MAX, + * the priority is changed to the given value. + */ +void ossl_quic_cfq_mark_lost(QUIC_CFQ *cfq, QUIC_CFQ_ITEM *item, + uint32_t priority); + +/* + * Releases a CFQ item. The item may be in either state (NEW or TX) prior to the + * call. The QUIC_CFQ_ITEM pointer must not be used following this call. + */ +void ossl_quic_cfq_release(QUIC_CFQ *cfq, QUIC_CFQ_ITEM *item); + +/* + * Output Side + * ----------- + */ + +/* + * Gets the highest priority CFQ item in the given PN space awaiting + * transmission. If there are none, returns NULL. + */ +QUIC_CFQ_ITEM *ossl_quic_cfq_get_priority_head(const QUIC_CFQ *cfq, + uint32_t pn_space); + +/* + * Given a CFQ item, gets the next CFQ item awaiting transmission in priority + * order in the given PN space. In other words, given the return value of + * ossl_quic_cfq_get_priority_head(), returns the next-lower priority item. + * Returns NULL if the given item is the last item in priority order. + */ +QUIC_CFQ_ITEM *ossl_quic_cfq_item_get_priority_next(const QUIC_CFQ_ITEM *item, + uint32_t pn_space); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_channel.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_channel.h new file mode 100644 index 000000000000..3b373ab68081 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_channel.h @@ -0,0 +1,450 @@ +/* + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_CHANNEL_H +# define OSSL_QUIC_CHANNEL_H + +# include +# include "internal/quic_types.h" +# include "internal/quic_record_tx.h" +# include "internal/quic_wire.h" +# include "internal/quic_predef.h" +# include "internal/qlog.h" +# include "internal/time.h" +# include "internal/thread.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Channel + * ============ + * + * A QUIC channel (QUIC_CHANNEL) is an object which binds together all of the + * various pieces of QUIC into a single top-level object, and handles connection + * state which is not specific to the client or server roles. In particular, it + * is strictly separated from the libssl front end I/O API personality layer, + * and is not an SSL object. + * + * The name QUIC_CHANNEL is chosen because QUIC_CONNECTION is already in use, + * but functionally these relate to the same thing (a QUIC connection). The use + * of two separate objects ensures clean separation between the API personality + * layer and common code for handling connections, and between the functionality + * which is specific to clients and which is specific to servers, and the + * functionality which is common to both. + * + * The API personality layer provides SSL objects (e.g. a QUIC_CONNECTION) which + * consume a QUIC channel and implement a specific public API. Things which are + * handled by the API personality layer include emulation of blocking semantics, + * handling of SSL object mode flags like non-partial write mode, etc. + * + * Where the QUIC_CHANNEL is used in a server role, there is one QUIC_CHANNEL + * per connection. In the future a QUIC Channel Manager will probably be defined + * to handle ownership of resources which are shared between connections (e.g. + * demuxers). Since we only use server-side functionality for dummy test servers + * for now, which only need to handle one connection at a time, this is not + * currently modelled. + * + * Synchronisation + * --------------- + * + * To support thread assisted mode, QUIC_CHANNEL can be used by multiple + * threads. **It is the caller's responsibility to ensure that the QUIC_CHANNEL + * is only accessed (whether via its methods or via direct access to its state) + * while the channel mutex is held**, except for methods explicitly marked as + * not requiring prior locking. This is an unchecked precondition. + * + * The instantiator of the channel is responsible for providing a suitable + * mutex which then serves as the channel mutex; see QUIC_CHANNEL_ARGS. + */ + +/* + * The function does not acquire the channel mutex and assumes it is already + * held by the calling thread. + * + * Any function tagged with this has the following precondition: + * + * Precondition: must hold channel mutex (unchecked) + */ +# define QUIC_NEEDS_LOCK + +/* + * The function acquires the channel mutex and releases it before returning in + * all circumstances. + * + * Any function tagged with this has the following precondition and + * postcondition: + * + * Precondition: must not hold channel mutex (unchecked) + * Postcondition: channel mutex is not held (by calling thread) + */ +# define QUIC_TAKES_LOCK + +/* + * The function acquires the channel mutex and leaves it acquired + * when returning success. + * + * Any function tagged with this has the following precondition and + * postcondition: + * + * Precondition: must not hold channel mutex (unchecked) + * Postcondition: channel mutex is held by calling thread + * or function returned failure + */ +# define QUIC_ACQUIRES_LOCK + +# define QUIC_TODO_LOCK + +# define QUIC_CHANNEL_STATE_IDLE 0 +# define QUIC_CHANNEL_STATE_ACTIVE 1 +# define QUIC_CHANNEL_STATE_TERMINATING_CLOSING 2 +# define QUIC_CHANNEL_STATE_TERMINATING_DRAINING 3 +# define QUIC_CHANNEL_STATE_TERMINATED 4 + +typedef struct quic_channel_args_st { + /* + * The QUIC_PORT which the channel is to belong to. The lifetime of the + * QUIC_PORT must exceed that of the created channel. + */ + QUIC_PORT *port; + /* LCIDM to register LCIDs with. */ + QUIC_LCIDM *lcidm; + /* SRTM to register SRTs with. */ + QUIC_SRTM *srtm; + + int is_server; + SSL *tls; + + /* Whether to use qlog. */ + int use_qlog; + + /* Title to use for the qlog session, or NULL. */ + const char *qlog_title; +} QUIC_CHANNEL_ARGS; + +/* Represents the cause for a connection's termination. */ +typedef struct quic_terminate_cause_st { + /* + * If we are in a TERMINATING or TERMINATED state, this is the error code + * associated with the error. This field is valid iff we are in the + * TERMINATING or TERMINATED states. + */ + uint64_t error_code; + + /* + * If terminate_app is set and this is nonzero, this is the frame type which + * caused the connection to be terminated. + */ + uint64_t frame_type; + + /* + * Optional reason string. When calling ossl_quic_channel_local_close, if a + * reason string pointer is passed, it is copied and stored inside + * QUIC_CHANNEL for the remainder of the lifetime of the channel object. + * Thus the string pointed to by this value, if non-NULL, is valid for the + * lifetime of the QUIC_CHANNEL object. + */ + const char *reason; + + /* + * Length of reason in bytes. The reason is supposed to contain a UTF-8 + * string but may be arbitrary data if the reason came from the network. + */ + size_t reason_len; + + /* Is this error code in the transport (0) or application (1) space? */ + unsigned int app : 1; + + /* + * If set, the cause of the termination is a received CONNECTION_CLOSE + * frame. Otherwise, we decided to terminate ourselves and sent a + * CONNECTION_CLOSE frame (regardless of whether the peer later also sends + * one). + */ + unsigned int remote : 1; +} QUIC_TERMINATE_CAUSE; + +/* + * Create a new QUIC channel using the given arguments. The argument structure + * does not need to remain allocated. Returns NULL on failure. + * + * Only QUIC_PORT should use this function. + */ +QUIC_CHANNEL *ossl_quic_channel_new(const QUIC_CHANNEL_ARGS *args); + +/* No-op if ch is NULL. */ +void ossl_quic_channel_free(QUIC_CHANNEL *ch); + +/* Set mutator callbacks for test framework support */ +int ossl_quic_channel_set_mutator(QUIC_CHANNEL *ch, + ossl_mutate_packet_cb mutatecb, + ossl_finish_mutate_cb finishmutatecb, + void *mutatearg); + +/* + * Connection Lifecycle Events + * =========================== + * + * Various events that can be raised on the channel by other parts of the QUIC + * implementation. Some of these are suitable for general use by any part of the + * code (e.g. ossl_quic_channel_raise_protocol_error), others are for very + * specific use by particular components only (e.g. + * ossl_quic_channel_on_handshake_confirmed). + */ + +/* + * To be used by a QUIC connection. Starts the channel. For a client-mode + * channel, this starts sending the first handshake layer message, etc. Can only + * be called in the idle state; successive calls are ignored. + */ +int ossl_quic_channel_start(QUIC_CHANNEL *ch); + +/* Start a locally initiated connection shutdown. */ +void ossl_quic_channel_local_close(QUIC_CHANNEL *ch, uint64_t app_error_code, + const char *app_reason); + +/* + * Called when the handshake is confirmed. + */ +int ossl_quic_channel_on_handshake_confirmed(QUIC_CHANNEL *ch); + +/* + * Raises a protocol error. This is intended to be the universal call suitable + * for handling of all peer-triggered protocol violations or errors detected by + * us. We specify a QUIC transport-scope error code and optional frame type + * which was responsible. If a frame type is not applicable, specify zero. The + * reason string is not currently handled, but should be a string of static + * storage duration. If the connection has already terminated due to a previous + * protocol error, this is a no-op; first error wins. + * + * Usually the ossl_quic_channel_raise_protocol_error() function should be used. + * The ossl_quic_channel_raise_protocol_error_loc() function can be used + * directly for passing through existing call site information from an existing + * error. + */ +void ossl_quic_channel_raise_protocol_error_loc(QUIC_CHANNEL *ch, + uint64_t error_code, + uint64_t frame_type, + const char *reason, + ERR_STATE *err_state, + const char *src_file, + int src_line, + const char *src_func); + +#define ossl_quic_channel_raise_protocol_error(ch, error_code, frame_type, reason) \ + ossl_quic_channel_raise_protocol_error_loc((ch), (error_code), \ + (frame_type), \ + (reason), \ + NULL, \ + OPENSSL_FILE, \ + OPENSSL_LINE, \ + OPENSSL_FUNC) + +#define ossl_quic_channel_raise_protocol_error_state(ch, error_code, frame_type, reason, state) \ + ossl_quic_channel_raise_protocol_error_loc((ch), (error_code), \ + (frame_type), \ + (reason), \ + (state), \ + OPENSSL_FILE, \ + OPENSSL_LINE, \ + OPENSSL_FUNC) + + +/* + * Returns 1 if permanent net error was detected on the QUIC_CHANNEL, + * 0 otherwise. + */ +int ossl_quic_channel_net_error(QUIC_CHANNEL *ch); + +/* Restore saved error state (best effort) */ +void ossl_quic_channel_restore_err_state(QUIC_CHANNEL *ch); + +/* For RXDP use. */ +void ossl_quic_channel_on_remote_conn_close(QUIC_CHANNEL *ch, + OSSL_QUIC_FRAME_CONN_CLOSE *f); +void ossl_quic_channel_on_new_conn_id(QUIC_CHANNEL *ch, + OSSL_QUIC_FRAME_NEW_CONN_ID *f); + +/* Temporarily exposed during QUIC_PORT transition. */ +int ossl_quic_channel_on_new_conn(QUIC_CHANNEL *ch, const BIO_ADDR *peer, + const QUIC_CONN_ID *peer_scid, + const QUIC_CONN_ID *peer_dcid); + +/* For use by QUIC_PORT. You should not need to call this directly. */ +void ossl_quic_channel_subtick(QUIC_CHANNEL *ch, QUIC_TICK_RESULT *r, + uint32_t flags); + +/* For use by QUIC_PORT only. */ +void ossl_quic_channel_raise_net_error(QUIC_CHANNEL *ch); + +/* For use by QUIC_PORT only. */ +void ossl_quic_channel_on_stateless_reset(QUIC_CHANNEL *ch); + +void ossl_quic_channel_inject(QUIC_CHANNEL *ch, QUIC_URXE *e); + +/* + * Queries and Accessors + * ===================== + */ + +/* Gets the reactor which can be used to tick/poll on the channel. */ +QUIC_REACTOR *ossl_quic_channel_get_reactor(QUIC_CHANNEL *ch); + +/* Gets the QSM used with the channel. */ +QUIC_STREAM_MAP *ossl_quic_channel_get_qsm(QUIC_CHANNEL *ch); + +/* Gets the statistics manager used with the channel. */ +OSSL_STATM *ossl_quic_channel_get_statm(QUIC_CHANNEL *ch); + +/* + * Gets/sets the current peer address. Generally this should be used before + * starting a channel in client mode. + */ +int ossl_quic_channel_get_peer_addr(QUIC_CHANNEL *ch, BIO_ADDR *peer_addr); +int ossl_quic_channel_set_peer_addr(QUIC_CHANNEL *ch, const BIO_ADDR *peer_addr); + +/* + * Returns an existing stream by stream ID. Returns NULL if the stream does not + * exist. + */ +QUIC_STREAM *ossl_quic_channel_get_stream_by_id(QUIC_CHANNEL *ch, + uint64_t stream_id); + +/* Returns 1 if channel is terminating or terminated. */ +int ossl_quic_channel_is_term_any(const QUIC_CHANNEL *ch); +const QUIC_TERMINATE_CAUSE * +ossl_quic_channel_get_terminate_cause(const QUIC_CHANNEL *ch); +int ossl_quic_channel_is_closing(const QUIC_CHANNEL *ch); +int ossl_quic_channel_is_terminated(const QUIC_CHANNEL *ch); +int ossl_quic_channel_is_active(const QUIC_CHANNEL *ch); +int ossl_quic_channel_is_handshake_complete(const QUIC_CHANNEL *ch); +int ossl_quic_channel_is_handshake_confirmed(const QUIC_CHANNEL *ch); + +QUIC_PORT *ossl_quic_channel_get0_port(QUIC_CHANNEL *ch); +QUIC_ENGINE *ossl_quic_channel_get0_engine(QUIC_CHANNEL *ch); +QUIC_DEMUX *ossl_quic_channel_get0_demux(QUIC_CHANNEL *ch); + +SSL *ossl_quic_channel_get0_ssl(QUIC_CHANNEL *ch); + +/* + * Retrieves a pointer to the channel mutex which was provided at the time the + * channel was instantiated. In order to allow locks to be acquired and released + * with the correct granularity, it is the caller's responsibility to ensure + * this lock is held for write while calling any QUIC_CHANNEL method, except for + * methods explicitly designed otherwise. + * + * This method is thread safe and does not require prior locking. It can also be + * called while the lock is already held. Note that this is simply a convenience + * function to access the mutex which was passed to the channel at instantiation + * time; it does not belong to the channel but rather is presumed to belong to + * the owner of the channel. + */ +CRYPTO_MUTEX *ossl_quic_channel_get_mutex(QUIC_CHANNEL *ch); + +/* + * Creates a new locally-initiated stream in the stream mapper, choosing an + * appropriate stream ID. If is_uni is 1, creates a unidirectional stream, else + * creates a bidirectional stream. Returns NULL on failure. + */ +QUIC_STREAM *ossl_quic_channel_new_stream_local(QUIC_CHANNEL *ch, int is_uni); + +/* + * Creates a new remotely-initiated stream in the stream mapper. The stream ID + * is used to confirm the initiator and determine the stream type. The stream is + * automatically added to the QSM's accept queue. A pointer to the stream is + * also returned. Returns NULL on failure. + */ +QUIC_STREAM *ossl_quic_channel_new_stream_remote(QUIC_CHANNEL *ch, + uint64_t stream_id); + +/* + * Configures incoming stream auto-reject. If enabled, incoming streams have + * both their sending and receiving parts automatically rejected using + * STOP_SENDING and STREAM_RESET frames. aec is the application error + * code to be used for those frames. + */ +void ossl_quic_channel_set_incoming_stream_auto_reject(QUIC_CHANNEL *ch, + int enable, + uint64_t aec); + +/* + * Causes the channel to reject the sending and receiving parts of a stream, + * as though autorejected. Can be used if a stream has already been + * accepted. + */ +void ossl_quic_channel_reject_stream(QUIC_CHANNEL *ch, QUIC_STREAM *qs); + +/* Replace local connection ID in TXP and DEMUX for testing purposes. */ +int ossl_quic_channel_replace_local_cid(QUIC_CHANNEL *ch, + const QUIC_CONN_ID *conn_id); + +/* Setters for the msg_callback and msg_callback_arg */ +void ossl_quic_channel_set_msg_callback(QUIC_CHANNEL *ch, + ossl_msg_cb msg_callback, + SSL *msg_callback_ssl); +void ossl_quic_channel_set_msg_callback_arg(QUIC_CHANNEL *ch, + void *msg_callback_arg); + +/* Testing use only - sets a TXKU threshold packet count override value. */ +void ossl_quic_channel_set_txku_threshold_override(QUIC_CHANNEL *ch, + uint64_t tx_pkt_threshold); + +/* Testing use only - gets current 1-RTT key epochs for QTX and QRX. */ +uint64_t ossl_quic_channel_get_tx_key_epoch(QUIC_CHANNEL *ch); +uint64_t ossl_quic_channel_get_rx_key_epoch(QUIC_CHANNEL *ch); + +/* Artificially trigger a spontaneous TXKU if possible. */ +int ossl_quic_channel_trigger_txku(QUIC_CHANNEL *ch); +int ossl_quic_channel_has_pending(const QUIC_CHANNEL *ch); + +/* Force transmission of an ACK-eliciting packet. */ +int ossl_quic_channel_ping(QUIC_CHANNEL *ch); + +/* + * These queries exist for diagnostic purposes only. They may roll over. + * Do not rely on them for non-testing purposes. + */ +uint16_t ossl_quic_channel_get_diag_num_rx_ack(QUIC_CHANNEL *ch); + +/* + * Diagnostic use only. Gets the current local CID. + */ +void ossl_quic_channel_get_diag_local_cid(QUIC_CHANNEL *ch, QUIC_CONN_ID *cid); + +/* + * Returns 1 if stream count flow control allows us to create a new + * locally-initiated stream. + */ +int ossl_quic_channel_is_new_local_stream_admissible(QUIC_CHANNEL *ch, int is_uni); + +/* + * Returns the number of additional streams that can currently be created based + * on flow control. + */ +uint64_t ossl_quic_channel_get_local_stream_count_avail(const QUIC_CHANNEL *ch, + int is_uni); +uint64_t ossl_quic_channel_get_remote_stream_count_avail(const QUIC_CHANNEL *ch, + int is_uni); + +/* + * Returns 1 if we have generated our local transport parameters yet. + */ +int ossl_quic_channel_have_generated_transport_params(const QUIC_CHANNEL *ch); + +/* Configures the idle timeout to request from peer (milliseconds, 0=no timeout). */ +void ossl_quic_channel_set_max_idle_timeout_request(QUIC_CHANNEL *ch, uint64_t ms); +/* Get the configured idle timeout to request from peer. */ +uint64_t ossl_quic_channel_get_max_idle_timeout_request(const QUIC_CHANNEL *ch); +/* Get the idle timeout requested by the peer. */ +uint64_t ossl_quic_channel_get_max_idle_timeout_peer_request(const QUIC_CHANNEL *ch); +/* Get the idle timeout actually negotiated. */ +uint64_t ossl_quic_channel_get_max_idle_timeout_actual(const QUIC_CHANNEL *ch); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_demux.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_demux.h new file mode 100644 index 000000000000..d0781e61cf0f --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_demux.h @@ -0,0 +1,304 @@ +/* + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_DEMUX_H +# define OSSL_QUIC_DEMUX_H + +# include +# include "internal/quic_types.h" +# include "internal/quic_predef.h" +# include "internal/bio_addr.h" +# include "internal/time.h" +# include "internal/list.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Demuxer + * ============ + * + * The QUIC connection demuxer is the entity responsible for receiving datagrams + * from the network via a datagram BIO. It parses the headers of the first + * packet in the datagram to determine that packet's DCID and hands off + * processing of the entire datagram to a single callback function which can + * decide how to handle and route the datagram, for example by looking up + * a QRX instance and injecting the URXE into that QRX. + * + * A QRX will typically be instantiated per QUIC connection and contains the + * cryptographic resources needed to decrypt QUIC packets for that connection. + * However, it is up to the callback function to handle routing, for example by + * consulting a LCIDM instance. Thus the demuxer has no specific knowledge of + * any QRX and is not coupled to it. All CID knowledge is also externalised into + * a LCIDM or other CID state tracking object, without the DEMUX being coupled + * to any particular DCID resolution mechanism. + * + * URX Queue + * --------- + * + * Since the demuxer must handle the initial reception of datagrams from the OS, + * RX queue management for new, unprocessed datagrams is also handled by the + * demuxer. + * + * The demuxer maintains a queue of Unprocessed RX Entries (URXEs), which store + * unprocessed (i.e., encrypted, unvalidated) data received from the network. + * The URXE queue is designed to allow multiple datagrams to be received in a + * single call to BIO_recvmmsg, where supported. + * + * One URXE is used per received datagram. Each datagram may contain multiple + * packets, however, this is not the demuxer's concern. QUIC prohibits different + * packets in the same datagram from containing different DCIDs; the demuxer + * only considers the DCID of the first packet in a datagram when deciding how + * to route a received datagram, and it is the responsibility of the QRX to + * enforce this rule. Packets other than the first packet in a datagram are not + * examined by the demuxer, and the demuxer does not perform validation of + * packet headers other than to the minimum extent necessary to extract the + * DCID; further parsing and validation of packet headers is the responsibility + * of the QRX. + * + * Rather than defining an opaque interface, the URXE structure internals + * are exposed. Since the demuxer is only exposed to other parts of the QUIC + * implementation internals, this poses no problem, and has a number of + * advantages: + * + * - Fields in the URXE can be allocated to support requirements in other + * components, like the QRX, which would otherwise have to allocate extra + * memory corresponding to each URXE. + * + * - Other components, like the QRX, can keep the URXE in queues of its own + * when it is not being managed by the demuxer. + * + * URX Queue Structure + * ------------------- + * + * The URXE queue is maintained as a simple doubly-linked list. URXE entries are + * moved between different lists in their lifecycle (for example, from a free + * list to a pending list and vice versa). The buffer into which datagrams are + * received immediately follows this URXE header structure and is part of the + * same allocation. + */ + +/* Maximum number of packets we allow to exist in one datagram. */ +#define QUIC_MAX_PKT_PER_URXE (sizeof(uint64_t) * 8) + +struct quic_urxe_st { + OSSL_LIST_MEMBER(urxe, QUIC_URXE); + + /* + * The URXE data starts after this structure so we don't need a pointer. + * data_len stores the current length (i.e., the length of the received + * datagram) and alloc_len stores the allocation length. The URXE will be + * reallocated if we need a larger allocation than is available, though this + * should not be common as we will have a good idea of worst-case MTUs up + * front. + */ + size_t data_len, alloc_len; + + /* + * Bitfields per packet. processed indicates the packet has been processed + * and must not be processed again, hpr_removed indicates header protection + * has already been removed. Used by QRX only; not used by the demuxer. + */ + uint64_t processed, hpr_removed; + + /* + * This monotonically increases with each datagram received. It is used for + * diagnostic purposes only. + */ + uint64_t datagram_id; + + /* + * Address of peer we received the datagram from, and the local interface + * address we received it on. If local address support is not enabled, local + * is zeroed. + */ + BIO_ADDR peer, local; + + /* + * Time at which datagram was received (or ossl_time_zero()) if a now + * function was not provided). + */ + OSSL_TIME time; + + /* + * Used by the QRX to mark whether a datagram has been deferred. Used by the + * QRX only; not used by the demuxer. + */ + char deferred; + + /* + * Used by the DEMUX to track if a URXE has been handed out. Used primarily + * for debugging purposes. + */ + char demux_state; +}; + +/* Accessors for URXE buffer. */ +static ossl_unused ossl_inline unsigned char * +ossl_quic_urxe_data(const QUIC_URXE *e) +{ + return (unsigned char *)&e[1]; +} + +static ossl_unused ossl_inline unsigned char * +ossl_quic_urxe_data_end(const QUIC_URXE *e) +{ + return ossl_quic_urxe_data(e) + e->data_len; +} + +/* List structure tracking a queue of URXEs. */ +DEFINE_LIST_OF(urxe, QUIC_URXE); +typedef OSSL_LIST(urxe) QUIC_URXE_LIST; + +/* + * List management helpers. These are used by the demuxer but can also be used + * by users of the demuxer to manage URXEs. + */ +void ossl_quic_urxe_remove(QUIC_URXE_LIST *l, QUIC_URXE *e); +void ossl_quic_urxe_insert_head(QUIC_URXE_LIST *l, QUIC_URXE *e); +void ossl_quic_urxe_insert_tail(QUIC_URXE_LIST *l, QUIC_URXE *e); + +/* + * Called when a datagram is received for a given connection ID. + * + * e is a URXE containing the datagram payload. It is permissible for the callee + * to mutate this buffer; once the demuxer calls this callback, it will never + * read the buffer again. + * + * If a DCID was identified for the datagram, dcid is non-NULL; otherwise + * it is NULL. + * + * The callee must arrange for ossl_quic_demux_release_urxe or + * ossl_quic_demux_reinject_urxe to be called on the URXE at some point in the + * future (this need not be before the callback returns). + * + * At the time the callback is made, the URXE will not be in any queue, + * therefore the callee can use the prev and next fields as it wishes. + */ +typedef void (ossl_quic_demux_cb_fn)(QUIC_URXE *e, void *arg, + const QUIC_CONN_ID *dcid); + +/* + * Creates a new demuxer. The given BIO is used to receive datagrams from the + * network using BIO_recvmmsg. short_conn_id_len is the length of destination + * connection IDs used in RX'd packets; it must have the same value for all + * connections used on a socket. default_urxe_alloc_len is the buffer size to + * receive datagrams into; it should be a value large enough to contain any + * received datagram according to local MTUs, etc. + * + * now is an optional function used to determine the time a datagram was + * received. now_arg is an opaque argument passed to the function. If now is + * NULL, ossl_time_zero() is used as the datagram reception time. + */ +QUIC_DEMUX *ossl_quic_demux_new(BIO *net_bio, + size_t short_conn_id_len, + OSSL_TIME (*now)(void *arg), + void *now_arg); + +/* + * Destroy a demuxer. All URXEs must have been released back to the demuxer + * before calling this. No-op if demux is NULL. + */ +void ossl_quic_demux_free(QUIC_DEMUX *demux); + +/* + * Changes the BIO which the demuxer reads from. This also sets the MTU if the + * BIO supports querying the MTU. + */ +void ossl_quic_demux_set_bio(QUIC_DEMUX *demux, BIO *net_bio); + +/* + * Changes the MTU in bytes we use to receive datagrams. + */ +int ossl_quic_demux_set_mtu(QUIC_DEMUX *demux, unsigned int mtu); + +/* + * Set the default packet handler. This is used for incoming packets which don't + * match a registered DCID. This is only needed for servers. If a default packet + * handler is not set, a packet which doesn't match a registered DCID is + * silently dropped. A default packet handler may be unset by passing NULL. + * + * The handler is responsible for ensuring that ossl_quic_demux_reinject_urxe or + * ossl_quic_demux_release_urxe is called on the passed packet at some point in + * the future, which may or may not be before the handler returns. + */ +void ossl_quic_demux_set_default_handler(QUIC_DEMUX *demux, + ossl_quic_demux_cb_fn *cb, + void *cb_arg); + +/* + * Releases a URXE back to the demuxer. No reference must be made to the URXE or + * its buffer after calling this function. The URXE must not be in any queue; + * that is, its prev and next pointers must be NULL. + */ +void ossl_quic_demux_release_urxe(QUIC_DEMUX *demux, + QUIC_URXE *e); + +/* + * Reinjects a URXE which was issued to a registered DCID callback or the + * default packet handler callback back into the pending queue. This is useful + * when a packet has been handled by the default packet handler callback such + * that a DCID has now been registered and can be dispatched normally by DCID. + * Once this has been called, the caller must not touch the URXE anymore and + * must not also call ossl_quic_demux_release_urxe(). + * + * The URXE is reinjected at the head of the queue, so it will be reprocessed + * immediately. + */ +void ossl_quic_demux_reinject_urxe(QUIC_DEMUX *demux, + QUIC_URXE *e); + +/* + * Process any unprocessed RX'd datagrams, by calling registered callbacks by + * connection ID, reading more datagrams from the BIO if necessary. + * + * Returns one of the following values: + * + * QUIC_DEMUX_PUMP_RES_OK + * At least one incoming datagram was processed. + * + * QUIC_DEMUX_PUMP_RES_TRANSIENT_FAIL + * No more incoming datagrams are currently available. + * Call again later. + * + * QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL + * Either the network read BIO has failed in a non-transient fashion, or + * the QUIC implementation has encountered an internal state, assertion + * or allocation error. The caller should tear down the connection + * similarly to in the case of a protocol violation. + * + */ +#define QUIC_DEMUX_PUMP_RES_OK 1 +#define QUIC_DEMUX_PUMP_RES_TRANSIENT_FAIL (-1) +#define QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL (-2) + +int ossl_quic_demux_pump(QUIC_DEMUX *demux); + +/* + * Artificially inject a packet into the demuxer for testing purposes. The + * buffer must not exceed the URXE size being used by the demuxer. + * + * If peer or local are NULL, their respective fields are zeroed in the injected + * URXE. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_demux_inject(QUIC_DEMUX *demux, + const unsigned char *buf, + size_t buf_len, + const BIO_ADDR *peer, + const BIO_ADDR *local); + +/* + * Returns 1 if there are any pending URXEs. + */ +int ossl_quic_demux_has_pending(const QUIC_DEMUX *demux); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_engine.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_engine.h new file mode 100644 index 000000000000..5d06d076b934 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_engine.h @@ -0,0 +1,84 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef OSSL_QUIC_ENGINE_H +# define OSSL_QUIC_ENGINE_H + +# include + +# include "internal/quic_predef.h" +# include "internal/quic_port.h" +# include "internal/thread_arch.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Engine + * =========== + * + * A QUIC Engine (QUIC_ENGINE) represents an event processing domain for the + * purposes of QUIC and contains zero or more subsidiary QUIC_PORT instances + * (each of which currently represents a UDP socket), each of which in turn + * contains zero or more subsidiary QUIC_CHANNEL instances, each of which + * represents a single QUIC connection. All QUIC_PORT instances must belong + * to a QUIC_ENGINE. + * + * TODO(QUIC SERVER): Currently a QUIC_PORT belongs to a single QUIC_CHANNEL. + * This will cease to be the case once connection migration and/or multipath is + * implemented, so in future a channel might be associated with multiple ports. + * + * A QUIC engine is the root object in a QUIC event domain, and is responsible + * for managing event processing for all QUIC ports and channels (e.g. timeouts, + * clock management, the QUIC_REACTOR instance, etc.). + */ +typedef struct quic_engine_args_st { + OSSL_LIB_CTX *libctx; + const char *propq; + + /* + * This must be a mutex the lifetime of which will exceed that of the engine + * and all ports and channels. The instantiator of the engine is responsible + * for providing a mutex as this makes it easier to handle instantiation and + * teardown of channels in situations potentially requiring locking. + * + * Note that this is a MUTEX not a RWLOCK as it needs to be an OS mutex for + * compatibility with an OS's condition variable wait API, whereas RWLOCK + * may, depending on the build configuration, be implemented using an OS's + * mutex primitive or using its RW mutex primitive. + */ + CRYPTO_MUTEX *mutex; + + OSSL_TIME (*now_cb)(void *arg); + void *now_cb_arg; +} QUIC_ENGINE_ARGS; + +QUIC_ENGINE *ossl_quic_engine_new(const QUIC_ENGINE_ARGS *args); + +void ossl_quic_engine_free(QUIC_ENGINE *qeng); + +/* + * Create a port which is a child of the engine. args->engine shall be NULL. + */ +QUIC_PORT *ossl_quic_engine_create_port(QUIC_ENGINE *qeng, + const QUIC_PORT_ARGS *args); + +/* Gets the mutex used by the engine. */ +CRYPTO_MUTEX *ossl_quic_engine_get0_mutex(QUIC_ENGINE *qeng); + +/* Gets the current time. */ +OSSL_TIME ossl_quic_engine_get_time(QUIC_ENGINE *qeng); + +/* For testing use. While enabled, ticking is not performed. */ +void ossl_quic_engine_set_inhibit_tick(QUIC_ENGINE *qeng, int inhibit); + +/* Gets the reactor which can be used to tick/poll on the port. */ +QUIC_REACTOR *ossl_quic_engine_get0_reactor(QUIC_ENGINE *qeng); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_error.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_error.h new file mode 100644 index 000000000000..86d1c692b4f0 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_error.h @@ -0,0 +1,31 @@ +/* + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_ERROR_H +# define OSSL_QUIC_ERROR_H + +# include +# include + +# ifndef OPENSSL_NO_QUIC + +# define OSSL_QUIC_ERR_CRYPTO_UNEXPECTED_MESSAGE \ + OSSL_QUIC_ERR_CRYPTO_ERR(SSL3_AD_UNEXPECTED_MESSAGE) + +# define OSSL_QUIC_ERR_CRYPTO_MISSING_EXT \ + OSSL_QUIC_ERR_CRYPTO_ERR(TLS13_AD_MISSING_EXTENSION) + +# define OSSL_QUIC_ERR_CRYPTO_NO_APP_PROTO \ + OSSL_QUIC_ERR_CRYPTO_ERR(TLS1_AD_NO_APPLICATION_PROTOCOL) + +const char *ossl_quic_err_to_string(uint64_t error_code); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_fc.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_fc.h new file mode 100644 index 000000000000..923bd43bc328 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_fc.h @@ -0,0 +1,283 @@ +/* + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_FC_H +# define OSSL_QUIC_FC_H + +# include +# include "internal/time.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * TX Flow Controller (TXFC) + * ========================= + * + * For discussion, see doc/designs/quic-design/quic-fc.md. + */ +typedef struct quic_txfc_st QUIC_TXFC; + +struct quic_txfc_st { + QUIC_TXFC *parent; /* stream-level iff non-NULL */ + uint64_t swm, cwm; + char has_become_blocked; +}; + +/* + * Initialises a TX flow controller. conn_txfc should be non-NULL and point to + * the connection-level flow controller if the TXFC is for stream-level flow + * control, and NULL otherwise. + */ +int ossl_quic_txfc_init(QUIC_TXFC *txfc, QUIC_TXFC *conn_txfc); + +/* + * Gets the parent (i.e., connection-level) TX flow controller. Returns NULL if + * called on a connection-level TX flow controller. + */ +QUIC_TXFC *ossl_quic_txfc_get_parent(QUIC_TXFC *txfc); + +/* + * Bump the credit watermark (CWM) value. This is the 'On TX Window Updated' + * operation. This function is a no-op if it has already been called with an + * equal or higher CWM value. + * + * It returns 1 iff the call resulted in the CWM being bumped and 0 if it was + * not increased because it has already been called with an equal or higher CWM + * value. This is not an error per se but may indicate a local programming error + * or a protocol error in a remote peer. + */ +int ossl_quic_txfc_bump_cwm(QUIC_TXFC *txfc, uint64_t cwm); + +/* + * Get the number of bytes by which we are in credit. This is the number of + * controlled bytes we are allowed to send. (Thus if this function returns 0, we + * are currently blocked.) + * + * If called on a stream-level TXFC, ossl_quic_txfc_get_credit is called on + * the connection-level TXFC as well, and the lesser of the two values is + * returned. The consumed value is the amount already consumed on the connection + * level TXFC. + */ +uint64_t ossl_quic_txfc_get_credit(QUIC_TXFC *txfc, uint64_t consumed); + +/* + * Like ossl_quic_txfc_get_credit(), but when called on a stream-level TXFC, + * retrieves only the stream-level credit value and does not clamp it based on + * connection-level flow control. Any credit value is reduced by the consumed + * amount. + */ +uint64_t ossl_quic_txfc_get_credit_local(QUIC_TXFC *txfc, uint64_t consumed); + +/* + * Consume num_bytes of credit. This is the 'On TX' operation. This should be + * called when we transmit any controlled bytes. Calling this with an argument + * of 0 is a no-op. + * + * We must never transmit more controlled bytes than we are in credit for (see + * the return value of ossl_quic_txfc_get_credit()). If you call this function + * with num_bytes greater than our current credit, this function consumes the + * remainder of the credit and returns 0. This indicates a serious programming + * error on the caller's part. Otherwise, the function returns 1. + * + * If called on a stream-level TXFC, ossl_quic_txfc_consume_credit() is called + * on the connection-level TXFC also. If the call to that function on the + * connection-level TXFC returns zero, this function will also return zero. + */ +int ossl_quic_txfc_consume_credit(QUIC_TXFC *txfc, uint64_t num_bytes); + +/* + * Like ossl_quic_txfc_consume_credit(), but when called on a stream-level TXFC, + * consumes only from the stream-level credit and does not inform the + * connection-level TXFC. + */ +int ossl_quic_txfc_consume_credit_local(QUIC_TXFC *txfc, uint64_t num_bytes); + +/* + * This flag is provided for convenience. A caller is not required to use it. It + * is a boolean flag set whenever our credit drops to zero. If clear is 1, the + * flag is cleared. The old value of the flag is returned. Callers may use this + * to determine if they need to send a DATA_BLOCKED or STREAM_DATA_BLOCKED + * frame, which should contain the value returned by ossl_quic_txfc_get_cwm(). + */ +int ossl_quic_txfc_has_become_blocked(QUIC_TXFC *txfc, int clear); + +/* + * Get the current CWM value. This is mainly only needed when generating a + * DATA_BLOCKED or STREAM_DATA_BLOCKED frame, or for diagnostic purposes. + */ +uint64_t ossl_quic_txfc_get_cwm(QUIC_TXFC *txfc); + +/* + * Get the current spent watermark (SWM) value. This is purely for diagnostic + * use and should not be needed in normal circumstances. + */ +uint64_t ossl_quic_txfc_get_swm(QUIC_TXFC *txfc); + +/* + * RX Flow Controller (RXFC) + * ========================= + */ +typedef struct quic_rxfc_st QUIC_RXFC; + +struct quic_rxfc_st { + /* + * swm is the sent/received watermark, which tracks how much we have + * received from the peer. rwm is the retired watermark, which tracks how + * much has been passed to the application. esrwm is the rwm value at which + * the current auto-tuning epoch started. hwm is the highest stream length + * (STREAM frame offset + payload length) we have seen from a STREAM frame + * yet. + */ + uint64_t cwm, swm, rwm, esrwm, hwm, cur_window_size, max_window_size; + OSSL_TIME epoch_start; + OSSL_TIME (*now)(void *arg); + void *now_arg; + QUIC_RXFC *parent; + unsigned char error_code, has_cwm_changed, is_fin, standalone; +}; + +/* + * Initialises an RX flow controller. conn_rxfc should be non-NULL and point to + * a connection-level RXFC if the RXFC is for stream-level flow control, and + * NULL otherwise. initial_window_size and max_window_size specify the initial + * and absolute maximum window sizes, respectively. Window size values are + * expressed in bytes and determine how much credit the RXFC extends to the peer + * to transmit more data at a time. + */ +int ossl_quic_rxfc_init(QUIC_RXFC *rxfc, QUIC_RXFC *conn_rxfc, + uint64_t initial_window_size, + uint64_t max_window_size, + OSSL_TIME (*now)(void *arg), + void *now_arg); + +/* + * Initialises an RX flow controller which is used by itself and not under a + * connection-level RX flow controller. This can be used for stream count + * enforcement as well as CRYPTO buffer enforcement. + */ +int ossl_quic_rxfc_init_standalone(QUIC_RXFC *rxfc, + uint64_t initial_window_size, + OSSL_TIME (*now)(void *arg), + void *now_arg); + +/* + * Gets the parent (i.e., connection-level) RXFC. Returns NULL if called on a + * connection-level RXFC. + */ +QUIC_RXFC *ossl_quic_rxfc_get_parent(QUIC_RXFC *rxfc); + +/* + * Changes the current maximum window size value. + */ +void ossl_quic_rxfc_set_max_window_size(QUIC_RXFC *rxfc, + size_t max_window_size); + +/* + * To be called whenever a STREAM frame is received. + * + * end is the value (offset + len), where offset is the offset field of the + * STREAM frame and len is the length of the STREAM frame's payload in bytes. + * + * is_fin should be 1 if the STREAM frame had the FIN flag set and 0 otherwise. + * + * This function may be used on a stream-level RXFC only. The connection-level + * RXFC will have its state updated by the stream-level RXFC. + * + * You should check ossl_quic_rxfc_has_error() on both connection-level and + * stream-level RXFCs after calling this function, as an incoming STREAM frame + * may cause flow control limits to be exceeded by an errant peer. This + * function still returns 1 in this case, as this is not a caller error. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_rxfc_on_rx_stream_frame(QUIC_RXFC *rxfc, + uint64_t end, int is_fin); + +/* + * To be called whenever controlled bytes are retired, i.e. when bytes are + * dequeued from a QUIC stream and passed to the application. num_bytes + * is the number of bytes which were passed to the application. + * + * You should call this only on a stream-level RXFC. This function will update + * the connection-level RXFC automatically. + * + * rtt should be the current best understanding of the RTT to the peer, as + * offered by the Statistics Manager. + * + * You should check ossl_quic_rxfc_has_cwm_changed() after calling this + * function, as it may have caused the RXFC to decide to grant more flow control + * credit to the peer. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_rxfc_on_retire(QUIC_RXFC *rxfc, + uint64_t num_bytes, + OSSL_TIME rtt); + +/* + * Returns the current CWM which the RXFC thinks the peer should have. + * + * Note that the RXFC will increase this value in response to events, at which + * time a MAX_DATA or MAX_STREAM_DATA frame must be generated. Use + * ossl_quic_rxfc_has_cwm_changed() to detect this condition. + * + * This value increases monotonically. + */ +uint64_t ossl_quic_rxfc_get_cwm(const QUIC_RXFC *rxfc); + +/* + * Returns the current SWM. This is the total number of bytes the peer has + * transmitted to us. This is intended for diagnostic use only; you should + * not need it. + */ +uint64_t ossl_quic_rxfc_get_swm(const QUIC_RXFC *rxfc); + +/* + * Returns the current RWM. This is the total number of bytes that has been + * retired. This is intended for diagnostic use only; you should not need it. + */ +uint64_t ossl_quic_rxfc_get_rwm(const QUIC_RXFC *rxfc); + +/* + * Returns the current credit. This is the CWM minus the SWM. This is intended + * for diagnostic use only; you should not need it. + */ +uint64_t ossl_quic_rxfc_get_credit(const QUIC_RXFC *rxfc); + +/* + * Returns the CWM changed flag. If clear is 1, the flag is cleared and the old + * value is returned. + */ +int ossl_quic_rxfc_has_cwm_changed(QUIC_RXFC *rxfc, int clear); + +/* + * Returns a QUIC_ERR_* error code if a flow control error has been detected. + * Otherwise, returns QUIC_ERR_NO_ERROR. If clear is 1, the error is cleared + * and the old value is returned. + * + * May return one of the following values: + * + * QUIC_ERR_FLOW_CONTROL_ERROR: + * This indicates a flow control protocol violation by the remote peer; the + * connection should be terminated in this event. + * QUIC_ERR_FINAL_SIZE: + * The peer attempted to change the stream length after ending the stream. + */ +int ossl_quic_rxfc_get_error(QUIC_RXFC *rxfc, int clear); + +/* + * Returns 1 if the RXFC is a stream-level RXFC and the RXFC knows the final + * size for the stream in bytes. If this is the case and final_size is non-NULL, + * writes the final size to *final_size. Otherwise, returns 0. + */ +int ossl_quic_rxfc_get_final_size(const QUIC_RXFC *rxfc, uint64_t *final_size); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_fifd.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_fifd.h new file mode 100644 index 000000000000..c1644e4d8ef2 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_fifd.h @@ -0,0 +1,88 @@ +/* + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_FIFD_H +# define OSSL_QUIC_FIFD_H + +# include +# include "internal/quic_types.h" +# include "internal/quic_cfq.h" +# include "internal/quic_ackm.h" +# include "internal/quic_txpim.h" +# include "internal/quic_stream.h" +# include "internal/qlog.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Frame-in-Flight Dispatcher (FIFD) + * ====================================== + */ +struct quic_fifd_st { + /* Internal data; use the ossl_quic_fifd functions. */ + QUIC_CFQ *cfq; + OSSL_ACKM *ackm; + QUIC_TXPIM *txpim; + QUIC_SSTREAM *(*get_sstream_by_id)(uint64_t stream_id, + uint32_t pn_space, + void *arg); + void *get_sstream_by_id_arg; + void (*regen_frame)(uint64_t frame_type, + uint64_t stream_id, + QUIC_TXPIM_PKT *pkt, + void *arg); + void *regen_frame_arg; + void (*confirm_frame)(uint64_t frame_type, + uint64_t stream_id, + QUIC_TXPIM_PKT *pkt, + void *arg); + void *confirm_frame_arg; + void (*sstream_updated)(uint64_t stream_id, + void *arg); + void *sstream_updated_arg; + QLOG *(*get_qlog_cb)(void *arg); + void *get_qlog_cb_arg; +}; + +int ossl_quic_fifd_init(QUIC_FIFD *fifd, + QUIC_CFQ *cfq, + OSSL_ACKM *ackm, + QUIC_TXPIM *txpim, + /* stream_id is UINT64_MAX for the crypto stream */ + QUIC_SSTREAM *(*get_sstream_by_id)(uint64_t stream_id, + uint32_t pn_space, + void *arg), + void *get_sstream_by_id_arg, + /* stream_id is UINT64_MAX if not applicable */ + void (*regen_frame)(uint64_t frame_type, + uint64_t stream_id, + QUIC_TXPIM_PKT *pkt, + void *arg), + void *regen_frame_arg, + void (*confirm_frame)(uint64_t frame_type, + uint64_t stream_id, + QUIC_TXPIM_PKT *pkt, + void *arg), + void *confirm_frame_arg, + void (*sstream_updated)(uint64_t stream_id, + void *arg), + void *sstream_updated_arg, + QLOG *(*get_qlog_cb)(void *arg), + void *get_qlog_cb_arg); + +void ossl_quic_fifd_cleanup(QUIC_FIFD *fifd); /* (no-op) */ + +int ossl_quic_fifd_pkt_commit(QUIC_FIFD *fifd, QUIC_TXPIM_PKT *pkt); + +void ossl_quic_fifd_set_qlog_cb(QUIC_FIFD *fifd, QLOG *(*get_qlog_cb)(void *arg), + void *arg); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_lcidm.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_lcidm.h new file mode 100644 index 000000000000..4911e042302b --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_lcidm.h @@ -0,0 +1,257 @@ +/* +* Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +* +* Licensed under the Apache License 2.0 (the "License"). You may not use +* this file except in compliance with the License. You can obtain a copy +* in the file LICENSE in the source distribution or at +* https://www.openssl.org/source/license.html +*/ + +#ifndef OSSL_INTERNAL_QUIC_LCIDM_H +# define OSSL_INTERNAL_QUIC_LCIDM_H +# pragma once + +# include "internal/e_os.h" +# include "internal/time.h" +# include "internal/quic_types.h" +# include "internal/quic_wire.h" +# include "internal/quic_predef.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Local Connection ID Manager + * ================================ + * + * This manages connection IDs for the RX side, which is to say that it issues + * local CIDs (LCIDs) to a peer which that peer can then use to address us via a + * packet DCID. This is as opposed to CID management for the TX side, which + * determines which CIDs we use to transmit based on remote CIDs (RCIDs) the + * peer sent to us. + * + * An opaque pointer can be associated with each LCID. Pointer identity + * (equality) is used to distinguish distinct connections. + * + * LCIDs fall into three categories: + * + * 1. A client's Initial ODCID (1) + * 2. Our local Initial SCID (1) + * 3. A CID issued via a NEW_CONNECTION_ID frame (n) + * 4. A server's Retry SCID (0..1) + * + * (1) is enrolled using ossl_quic_lcidm_enrol_odcid() and retired by the time + * of handshake completion at the latest. It is needed in case the first + * response packet from a server is lost and the client keeps using its Initial + * ODCID. There is never more than one of these, and no sequence number is + * associated with this temporary LCID. + * + * (2) is created by a client when it begins connecting, or by a server when it + * responds to a new connection request. In the latter case, it is generated by + * the server as the preferred DCID for traffic directed towards it. A client + * should switch to using this as a RCID as soon as it receives a valid packet + * from the server. This LCID has a sequence number of 0. + * + * (3) is created when we issue a NEW_CONNECTION_ID frame. Arbitrarily many of + * these can exist. + * + * (4) is a special case. When a server issues a retry it generates a new SCID + * much as it does for (2). However since retries are supposed to be stateless, + * we don't actually register it as an LCID. When the client subsequently + * replies with an Initial packet with token in response to the Retry, the + * server will handle this as a new connection attempt due to not recognising + * the DCID, which is what we want anyway. (The Retry SCID is subsequently + * validated as matching the new Initial ODCID via attestation in the encrypted + * contents of the opaque retry token.) Thus, the LCIDM is not actually involved + * at all here. + * + * Retirement is as follows: + * + * (1) is retired automatically when we know it won't be needed anymore. This is + * when the handshake is completed at the latest, and could potentially be + * earlier. + * + * Both (2) and (3) are retired normally via RETIRE_CONNECTION_ID frames, as it + * has a sequence number of 0. + * + * + * ODCID Peculiarities + * ------------------- + * + * Almost all LCIDs are issued by the receiver responsible for routing them, + * which means that almost all LCIDs will have the same length (specified in + * lcid_len below). The only exception to this is (1); the ODCID is the only + * case where we recognise an LCID we didn't ourselves generate. Since an ODCID + * is chosen by the peer, it can be any length and doesn't necessarily match the + * length we use for LCIDs we generate ourselves. + * + * Since DCID decoding for short-header packets requires an implicitly known + * DCID length, it logically follows that an ODCID can never be used in a 1-RTT + * packet. This is fine as by the time the 1-RTT EL is reached the peer should + * already have switched away from the ODCID to a CID we generated ourselves, + * and if this has not happened we can consider that a protocol violation. + * + * In any case, this means that the LCIDM must necessarily support LCIDs of + * different lengths, even if it always generates LCIDs of a given length. + * + * An ODCID has no sequence number associated with it. It is the only CID to + * lack one. + */ + +/* + * Creates a new LCIDM. lcid_len is the length to use for LCIDs in bytes, which + * may be zero. + * + * Returns NULL on failure. + */ +QUIC_LCIDM *ossl_quic_lcidm_new(OSSL_LIB_CTX *libctx, size_t lcid_len); + +/* Frees a LCIDM. */ +void ossl_quic_lcidm_free(QUIC_LCIDM *lcidm); + +/* Gets the local CID length this LCIDM was configured to use. */ +size_t ossl_quic_lcidm_get_lcid_len(const QUIC_LCIDM *lcidm); + +/* + * Determines the number of active LCIDs (i.e,. LCIDs which can be used for + * reception) currently associated with the given opaque pointer. + */ +size_t ossl_quic_lcidm_get_num_active_lcid(const QUIC_LCIDM *lcidm, + void *opaque); + +/* + * Enrol an Initial ODCID sent by the peer. This is the DCID in the first + * Initial packet sent by a client. When we receive a client's first Initial + * packet, we immediately respond with our own SCID (generated using + * ossl_quic_lcidm_generate_initial) to tell the client to switch to using that, + * so ideally the ODCID will only be used for a single packet. However since + * that response might be lost, we also need to accept additional packets using + * the ODCID and need to make sure they get routed to the same connection and + * not interpreted as another new connection attempt. Thus before the CID + * switchover is confirmed, we also have to handle incoming packets addressed to + * the ODCID. This function is used to temporarily enroll the ODCID for a + * connection. Such a LCID is considered to have a sequence number of + * LCIDM_ODCID_SEQ_NUM internally for our purposes. + * + * Note that this is the *only* circumstance where we recognise an LCID we did + * not generate ourselves, or allow an LCID with a different length to lcid_len. + * + * An ODCID MUST be at least 8 bytes in length (RFC 9000 s. 7.2). + * + * This function may only be called once for a given connection. + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_lcidm_enrol_odcid(QUIC_LCIDM *lcidm, void *opaque, + const QUIC_CONN_ID *initial_odcid); + +/* + * Retire a previously enrolled ODCID for a connection. This is generally done + * when we know the peer won't be using it any more (when the handshake is + * completed at the absolute latest, possibly earlier). + * + * Returns 1 if there was an enrolled ODCID which was retired and 0 if there was + * not or on other failure. + */ +int ossl_quic_lcidm_retire_odcid(QUIC_LCIDM *lcidm, void *opaque); + +/* + * Create the first LCID for a given opaque pointer. The generated LCID is + * written to *initial_lcid and associated with the given opaque pointer. + * + * After this function returns successfully, the caller can for example + * register the new LCID with a DEMUX. + * + * May not be called more than once for a given opaque pointer value. + */ +int ossl_quic_lcidm_generate_initial(QUIC_LCIDM *lcidm, + void *opaque, + QUIC_CONN_ID *initial_lcid); + +/* + * Create a subsequent LCID for a given opaque pointer. The information needed + * for a NEW_CONN_ID frame informing the peer of the new LCID, including the + * LCID itself, is written to *ncid_frame. + * + * ncid_frame->stateless_reset is not initialised and the caller is responsible + * for setting it. + * + * After this function returns successfully, the caller can for example + * register the new LCID with a DEMUX and queue the NEW_CONN_ID frame. + */ +int ossl_quic_lcidm_generate(QUIC_LCIDM *lcidm, + void *opaque, + OSSL_QUIC_FRAME_NEW_CONN_ID *ncid_frame); + +/* + * Retire up to one LCID for a given opaque pointer value. Called repeatedly to + * handle a RETIRE_CONN_ID frame. + * + * If containing_pkt_dcid is non-NULL, this function enforces the requirement + * that a CID not be retired by a packet using that CID as the DCID. If + * containing_pkt_dcid is NULL, this check is skipped. + * + * If a LCID is retired as a result of a call to this function, the LCID which + * was retired is written to *retired_lcid, the sequence number of the LCID is + * written to *retired_seq_num and *did_retire is set to 1. Otherwise, + * *did_retire is set to 0. This enables a caller to e.g. unregister the LCID + * from a DEMUX. A caller should call this function repeatedly until the + * function returns with *did_retire set to 0. + * + * This call is likely to cause the value returned by + * ossl_quic_lcidm_get_num_active_lcid() to go down. A caller may wish to call + * ossl_quic_lcidm_generate() repeatedly to bring the number of active LCIDs + * back up to some threshold in response after calling this function. + * + * Returns 1 on success and 0 on failure. If arguments are valid but zero LCIDs + * are retired, this is considered a success condition. + */ +int ossl_quic_lcidm_retire(QUIC_LCIDM *lcidm, + void *opaque, + uint64_t retire_prior_to, + const QUIC_CONN_ID *containing_pkt_dcid, + QUIC_CONN_ID *retired_lcid, + uint64_t *retired_seq_num, + int *did_retire); + +/* + * Cull all LCIDM state relating to a given opaque pointer value. This is useful + * if connection state is spontaneously freed. The caller is responsible for + * e.g. DEMUX state updates. + */ +int ossl_quic_lcidm_cull(QUIC_LCIDM *lcidm, void *opaque); + +/* + * Lookup a LCID. If the LCID is found, writes the associated opaque pointer to + * *opaque and the associated sequence number to *seq_num. Returns 1 on success + * and 0 if an entry is not found. An output argument may be set to NULL if its + * value is not required. + * + * If the LCID is for an Initial ODCID, *seq_num is set to + * LCIDM_ODCID_SEQ_NUM. + */ +#define LCIDM_ODCID_SEQ_NUM UINT64_MAX + +int ossl_quic_lcidm_lookup(QUIC_LCIDM *lcidm, + const QUIC_CONN_ID *lcid, + uint64_t *seq_num, + void **opaque); + +/* + * Debug call to manually remove a specific LCID. Should not be needed in normal + * usage. Returns 1 if the LCID was successfully found and removed and 0 + * otherwise. + */ +int ossl_quic_lcidm_debug_remove(QUIC_LCIDM *lcidm, + const QUIC_CONN_ID *lcid); + +/* + * Debug call to manually add a numbered LCID with a specific CID value and + * sequence number. Should not be needed in normal usage. Returns 1 on success + * and 0 on failure. + */ +int ossl_quic_lcidm_debug_add(QUIC_LCIDM *lcidm, void *opaque, + const QUIC_CONN_ID *lcid, + uint64_t seq_num); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_port.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_port.h new file mode 100644 index 000000000000..bcb578c3f8d2 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_port.h @@ -0,0 +1,142 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef OSSL_QUIC_PORT_H +# define OSSL_QUIC_PORT_H + +# include +# include "internal/quic_types.h" +# include "internal/quic_reactor.h" +# include "internal/quic_demux.h" +# include "internal/quic_predef.h" +# include "internal/thread_arch.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Port + * ========= + * + * A QUIC Port (QUIC_PORT) represents a single UDP network socket and contains + * zero or more subsidiary QUIC_CHANNEL instances, each of which represents a + * single QUIC connection. All QUIC_CHANNEL instances must belong to a + * QUIC_PORT. + * + * A QUIC port is responsible for managing a set of channels which all use the + * same UDP socket, and (in future) for automatically creating new channels when + * incoming connections are received. + * + * In order to retain compatibility with QUIC_TSERVER, it also supports a point + * of legacy compatibility where a caller can create an incoming (server role) + * channel and that channel will be automatically be bound to the next incoming + * connection. In the future this will go away once QUIC_TSERVER is removed. + * + * All QUIC_PORT instances are created by a QUIC_ENGINE. + */ +typedef struct quic_port_args_st { + /* The engine which the QUIC port is to be a child of. */ + QUIC_ENGINE *engine; + + /* + * This SSL_CTX will be used when constructing the handshake layer object + * inside newly created channels. + */ + SSL_CTX *channel_ctx; + + /* + * If 1, this port is to be used for multiple connections, so + * non-zero-length CIDs should be used. If 0, this port will only be used + * for a single connection, so a zero-length local CID can be used. + */ + int is_multi_conn; +} QUIC_PORT_ARGS; + +/* Only QUIC_ENGINE should use this function. */ +QUIC_PORT *ossl_quic_port_new(const QUIC_PORT_ARGS *args); + +void ossl_quic_port_free(QUIC_PORT *port); + +/* + * Operations + * ========== + */ + +/* Create an outgoing channel using this port. */ +QUIC_CHANNEL *ossl_quic_port_create_outgoing(QUIC_PORT *port, SSL *tls); + +/* + * Create an incoming channel using this port. + * + * TODO(QUIC SERVER): temporary TSERVER use only - will be removed. + */ +QUIC_CHANNEL *ossl_quic_port_create_incoming(QUIC_PORT *port, SSL *tls); + +/* + * Queries and Accessors + * ===================== + */ + +/* Gets/sets the underlying network read and write BIO. */ +BIO *ossl_quic_port_get_net_rbio(QUIC_PORT *port); +BIO *ossl_quic_port_get_net_wbio(QUIC_PORT *port); +int ossl_quic_port_set_net_rbio(QUIC_PORT *port, BIO *net_rbio); +int ossl_quic_port_set_net_wbio(QUIC_PORT *port, BIO *net_wbio); + +/* + * Re-poll the network BIOs already set to determine if their support + * for polling has changed. + */ +int ossl_quic_port_update_poll_descriptors(QUIC_PORT *port); + +/* Gets the engine which this port is a child of. */ +QUIC_ENGINE *ossl_quic_port_get0_engine(QUIC_PORT *port); + +/* Gets the reactor which can be used to tick/poll on the port. */ +QUIC_REACTOR *ossl_quic_port_get0_reactor(QUIC_PORT *port); + +/* Gets the demuxer belonging to the port. */ +QUIC_DEMUX *ossl_quic_port_get0_demux(QUIC_PORT *port); + +/* Gets the mutex used by the port. */ +CRYPTO_MUTEX *ossl_quic_port_get0_mutex(QUIC_PORT *port); + +/* Gets the current time. */ +OSSL_TIME ossl_quic_port_get_time(QUIC_PORT *port); + +int ossl_quic_port_get_rx_short_dcid_len(const QUIC_PORT *port); +int ossl_quic_port_get_tx_init_dcid_len(const QUIC_PORT *port); + +/* Returns 1 if the port is running/healthy, 0 if it has failed. */ +int ossl_quic_port_is_running(const QUIC_PORT *port); + +/* + * Restores port-level error to the error stack. To be called only if + * the port is no longer running. + */ +void ossl_quic_port_restore_err_state(const QUIC_PORT *port); + +/* For use by QUIC_ENGINE. You should not need to call this directly. */ +void ossl_quic_port_subtick(QUIC_PORT *port, QUIC_TICK_RESULT *r, + uint32_t flags); + +/* + * Events + * ====== + */ + +/* + * Called if a permanent network error occurs. Terminates all channels + * immediately. triggering_ch is an optional argument designating + * a channel which encountered the network error. + */ +void ossl_quic_port_raise_net_error(QUIC_PORT *port, + QUIC_CHANNEL *triggering_ch); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_predef.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_predef.h new file mode 100644 index 000000000000..7c7567b9c52e --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_predef.h @@ -0,0 +1,43 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_PREDEF_H +# define OSSL_QUIC_PREDEF_H + +# ifndef OPENSSL_NO_QUIC + +typedef struct quic_port_st QUIC_PORT; +typedef struct quic_channel_st QUIC_CHANNEL; +typedef struct quic_tls_st QUIC_TLS; +typedef struct quic_txpim_st QUIC_TXPIM; +typedef struct quic_fifd_st QUIC_FIFD; +typedef struct quic_cfq_st QUIC_CFQ; +typedef struct ossl_quic_tx_packetiser_st OSSL_QUIC_TX_PACKETISER; +typedef struct ossl_ackm_st OSSL_ACKM; +typedef struct quic_srt_elem_st QUIC_SRT_ELEM; +typedef struct ossl_cc_data_st OSSL_CC_DATA; +typedef struct ossl_cc_method_st OSSL_CC_METHOD; +typedef struct quic_stream_map_st QUIC_STREAM_MAP; +typedef struct quic_stream_st QUIC_STREAM; +typedef struct quic_sstream_st QUIC_SSTREAM; +typedef struct quic_rstream_st QUIC_RSTREAM; +typedef struct quic_reactor_st QUIC_REACTOR; +typedef struct ossl_statm_st OSSL_STATM; +typedef struct quic_demux_st QUIC_DEMUX; +typedef struct ossl_qrx_pkt_st OSSL_QRX_PKT; +typedef struct ossl_qtx_pkt_st OSSL_QTX_PKT; +typedef struct quic_tick_result_st QUIC_TICK_RESULT; +typedef struct quic_srtm_st QUIC_SRTM; +typedef struct quic_lcidm_st QUIC_LCIDM; +typedef struct quic_urxe_st QUIC_URXE; +typedef struct quic_engine_st QUIC_ENGINE; + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_rcidm.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_rcidm.h new file mode 100644 index 000000000000..fd102241b294 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_rcidm.h @@ -0,0 +1,185 @@ +/* +* Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. +* +* Licensed under the Apache License 2.0 (the "License"). You may not use +* this file except in compliance with the License. You can obtain a copy +* in the file LICENSE in the source distribution or at +* https://www.openssl.org/source/license.html +*/ + +#ifndef OSSL_INTERNAL_QUIC_RCIDM_H +# define OSSL_INTERNAL_QUIC_RCIDM_H +# pragma once + +# include "internal/e_os.h" +# include "internal/time.h" +# include "internal/quic_types.h" +# include "internal/quic_wire.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Remote Connection ID Manager + * ================================= + * + * This manages connection IDs for the TX side. The RCIDM tracks remote CIDs + * (RCIDs) which a peer has issued to us and which we can use as the DCID of + * packets we transmit. It is entirely separate from the LCIDM, which handles + * routing received packets by their DCIDs. + * + * RCIDs fall into four categories: + * + * 1. A client's Initial ODCID (0..1) + * 2. A peer's Initial SCID (1) + * 3. A server's Retry SCID (0..1) + * 4. A CID issued via a NEW_CONNECTION_ID frame (n) + * + * Unlike a LCIDM, which is per port, a RCIDM is per connection, as there is no + * need for routing of outgoing packets. + */ +typedef struct quic_rcidm_st QUIC_RCIDM; + +/* + * Creates a new RCIDM. Returns NULL on failure. + * + * For a client, initial_odcid is the client's Initial ODCID. + * For a server, initial_odcid is NULL. + */ +QUIC_RCIDM *ossl_quic_rcidm_new(const QUIC_CONN_ID *initial_odcid); + +/* Frees a RCIDM. */ +void ossl_quic_rcidm_free(QUIC_RCIDM *rcidm); + +/* + * CID Events + * ========== + */ + +/* + * To be called by a client when a server responds to the first Initial packet + * sent with its own Initial packet with its own SCID; or to be called by a + * server when we first get an Initial packet from a client with the client's + * supplied SCID. The added RCID implicitly has a sequence number of 0. + * + * We immediately switch to using this SCID as our preferred RCID. This SCID + * must be enrolled using this function. May only be called once. + */ +int ossl_quic_rcidm_add_from_initial(QUIC_RCIDM *rcidm, + const QUIC_CONN_ID *rcid); + +/* + * To be called by a client when a server responds to the first Initial packet + * sent with a Retry packet with its own SCID (the "Retry ODCID"). We + * immediately switch to using this SCID as our preferred RCID when conducting + * the retry. This SCID must be enrolled using this function. May only be called + * once. The added RCID has no sequence number associated with it as it is + * essentially a new ODCID (hereafter a Retry ODCID). + * + * Not for server use. + */ +int ossl_quic_rcidm_add_from_server_retry(QUIC_RCIDM *rcidm, + const QUIC_CONN_ID *retry_odcid); + +/* + * Processes an incoming NEW_CONN_ID frame, recording the new CID as a potential + * RCID. The RCIDM retirement mechanism is ratcheted according to the + * ncid->retire_prior_to field. The stateless_reset field is ignored; the caller + * is responsible for handling it separately. + */ +int ossl_quic_rcidm_add_from_ncid(QUIC_RCIDM *rcidm, + const OSSL_QUIC_FRAME_NEW_CONN_ID *ncid); + +/* + * Other Events + * ============ + */ + +/* + * Notifies the RCIDM that the handshake for a connection is complete. + * Should only be called once; further calls are ignored. + * + * This may influence the RCIDM's RCID change policy. + */ +void ossl_quic_rcidm_on_handshake_complete(QUIC_RCIDM *rcidm); + +/* + * Notifies the RCIDM that one or more packets have been sent. + * + * This may influence the RCIDM's RCID change policy. + */ +void ossl_quic_rcidm_on_packet_sent(QUIC_RCIDM *rcidm, uint64_t num_packets); + +/* + * Manually request switching to a new RCID as soon as possible. + */ +void ossl_quic_rcidm_request_roll(QUIC_RCIDM *rcidm); + +/* + * Queries + * ======= + */ + +/* + * The RCIDM decides when it will never use a given RCID again. When it does + * this, it outputs the sequence number of that RCID using this function, which + * pops from a logical queue of retired RCIDs. The caller is responsible + * for polling this function and generating Retire CID frames from the result. + * + * If nothing needs doing and the queue is empty, this function returns 0. If + * there is an RCID which needs retiring, the sequence number of that RCID is + * written to *seq_num (if seq_num is non-NULL) and this function returns 1. The + * queue entry is popped (and the caller is thus assumed to have taken + * responsibility for transmitting the necessary Retire CID frame). + * + * Note that the caller should not transmit a Retire CID frame immediately as + * packets using the RCID may still be in flight. The caller must determine an + * appropriate delay using knowledge of network conditions (RTT, etc.) which is + * outside the scope of the RCIDM. The caller is responsible for implementing + * this delay based on the last time a packet was transmitted using the RCID + * being retired. + */ +int ossl_quic_rcidm_pop_retire_seq_num(QUIC_RCIDM *rcid, uint64_t *seq_num); + +/* + * Like ossl_quic_rcidm_pop_retire_seq_num, but does not pop the item from the + * queue. If this call succeeds, the next call to + * ossl_quic_rcidm_pop_retire_seq_num is guaranteed to output the same sequence + * number. + */ +int ossl_quic_rcidm_peek_retire_seq_num(QUIC_RCIDM *rcid, uint64_t *seq_num); + +/* + * Writes the DCID preferred for a newly transmitted packet at this time to + * *tx_dcid. This function should be called to determine what DCID to use when + * transmitting a packet to the peer. The RCIDM may implement arbitrary policy + * to decide when to change the preferred RCID. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_rcidm_get_preferred_tx_dcid(QUIC_RCIDM *rcidm, + QUIC_CONN_ID *tx_dcid); + +/* + * Returns 1 if the value output by ossl_quic_rcidm_get_preferred_tx_dcid() has + * changed since the last call to this function with clear set. If clear is set, + * clears the changed flag. Returns the old value of the changed flag. + */ +int ossl_quic_rcidm_get_preferred_tx_dcid_changed(QUIC_RCIDM *rcidm, + int clear); + +/* + * Returns the number of active numbered RCIDs we have. Note that this includes + * RCIDs on the retir*ing* queue accessed via + * ossl_quic_rcidm_pop_retire_seq_num() as these are still active until actually + * retired. + */ +size_t ossl_quic_rcidm_get_num_active(const QUIC_RCIDM *rcidm); + +/* + * Returns the number of retir*ing* numbered RCIDs we have. + */ +size_t ossl_quic_rcidm_get_num_retiring(const QUIC_RCIDM *rcidm); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_reactor.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_reactor.h new file mode 100644 index 000000000000..a6fdb7d123a1 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_reactor.h @@ -0,0 +1,199 @@ +/* + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef OSSL_QUIC_REACTOR_H +# define OSSL_QUIC_REACTOR_H + +# include "internal/time.h" +# include "internal/sockets.h" +# include "internal/quic_predef.h" +# include "internal/thread_arch.h" +# include + +# ifndef OPENSSL_NO_QUIC + +/* + * Core I/O Reactor Framework + * ========================== + * + * Manages use of async network I/O which the QUIC stack is built on. The core + * mechanic looks like this: + * + * - There is a pollable FD for both the read and write side respectively. + * Readability and writeability of these FDs respectively determines when + * network I/O is available. + * + * - The reactor can export these FDs to the user, as well as flags indicating + * whether the user should listen for readability, writeability, or neither. + * + * - The reactor can export a timeout indication to the user, indicating when + * the reactor should be called (via libssl APIs) regardless of whether + * the network socket has become ready. + * + * The reactor is based around a tick callback which is essentially the mutator + * function. The mutator attempts to do whatever it can, attempting to perform + * network I/O to the extent currently feasible. When done, the mutator returns + * information to the reactor indicating when it should be woken up again: + * + * - Should it be woken up when network RX is possible? + * - Should it be woken up when network TX is possible? + * - Should it be woken up no later than some deadline X? + * + * The intention is that ALL I/O-related SSL_* functions with side effects (e.g. + * SSL_read/SSL_write) consist of three phases: + * + * - Optionally mutate the QUIC machine's state. + * - Optionally tick the QUIC reactor. + * - Optionally mutate the QUIC machine's state. + * + * For example, SSL_write is a mutation (appending to a stream buffer) followed + * by an optional tick (generally expected as we may want to send the data + * immediately, though not strictly needed if transmission is being deferred due + * to Nagle's algorithm, etc.). + * + * SSL_read is also a mutation and in principle does not need to tick the + * reactor, but it generally will anyway to ensure that the reactor is regularly + * ticked by an application which is only reading and not writing. + * + * If the SSL object is being used in blocking mode, SSL_read may need to block + * if no data is available yet, and SSL_write may need to block if buffers + * are full. + * + * The internals of the QUIC I/O engine always use asynchronous I/O. If the + * application desires blocking semantics, we handle this by adding a blocking + * adaptation layer on top of our internal asynchronous I/O API as exposed by + * the reactor interface. + */ +struct quic_tick_result_st { + char net_read_desired; + char net_write_desired; + OSSL_TIME tick_deadline; +}; + +static ossl_inline ossl_unused void +ossl_quic_tick_result_merge_into(QUIC_TICK_RESULT *r, + const QUIC_TICK_RESULT *src) +{ + r->net_read_desired = r->net_read_desired || src->net_read_desired; + r->net_write_desired = r->net_write_desired || src->net_write_desired; + r->tick_deadline = ossl_time_min(r->tick_deadline, src->tick_deadline); +} + +struct quic_reactor_st { + /* + * BIO poll descriptors which can be polled. poll_r is a poll descriptor + * which becomes readable when the QUIC state machine can potentially do + * work, and poll_w is a poll descriptor which becomes writable when the + * QUIC state machine can potentially do work. Generally, either of these + * conditions means that SSL_tick() should be called, or another SSL + * function which implicitly calls SSL_tick() (e.g. SSL_read/SSL_write()). + */ + BIO_POLL_DESCRIPTOR poll_r, poll_w; + OSSL_TIME tick_deadline; /* ossl_time_infinite() if none currently applicable */ + + void (*tick_cb)(QUIC_TICK_RESULT *res, void *arg, uint32_t flags); + void *tick_cb_arg; + + /* + * These are true if we would like to know when we can read or write from + * the network respectively. + */ + unsigned int net_read_desired : 1; + unsigned int net_write_desired : 1; + + /* + * Are the read and write poll descriptors we are currently configured with + * things we can actually poll? + */ + unsigned int can_poll_r : 1; + unsigned int can_poll_w : 1; +}; + +void ossl_quic_reactor_init(QUIC_REACTOR *rtor, + void (*tick_cb)(QUIC_TICK_RESULT *res, void *arg, + uint32_t flags), + void *tick_cb_arg, + OSSL_TIME initial_tick_deadline); + +void ossl_quic_reactor_set_poll_r(QUIC_REACTOR *rtor, + const BIO_POLL_DESCRIPTOR *r); + +void ossl_quic_reactor_set_poll_w(QUIC_REACTOR *rtor, + const BIO_POLL_DESCRIPTOR *w); + +const BIO_POLL_DESCRIPTOR *ossl_quic_reactor_get_poll_r(const QUIC_REACTOR *rtor); +const BIO_POLL_DESCRIPTOR *ossl_quic_reactor_get_poll_w(const QUIC_REACTOR *rtor); + +int ossl_quic_reactor_can_poll_r(const QUIC_REACTOR *rtor); +int ossl_quic_reactor_can_poll_w(const QUIC_REACTOR *rtor); + +int ossl_quic_reactor_can_support_poll_descriptor(const QUIC_REACTOR *rtor, + const BIO_POLL_DESCRIPTOR *d); + +int ossl_quic_reactor_net_read_desired(QUIC_REACTOR *rtor); +int ossl_quic_reactor_net_write_desired(QUIC_REACTOR *rtor); + +OSSL_TIME ossl_quic_reactor_get_tick_deadline(QUIC_REACTOR *rtor); + +/* + * Do whatever work can be done, and as much work as can be done. This involves + * e.g. seeing if we can read anything from the network (if we want to), seeing + * if we can write anything to the network (if we want to), etc. + * + * If the CHANNEL_ONLY flag is set, this indicates that we should only + * touch state which is synchronised by the channel mutex. + */ +#define QUIC_REACTOR_TICK_FLAG_CHANNEL_ONLY (1U << 0) + +int ossl_quic_reactor_tick(QUIC_REACTOR *rtor, uint32_t flags); + +/* + * Blocking I/O Adaptation Layer + * ============================= + * + * The blocking I/O adaptation layer implements blocking I/O on top of our + * asynchronous core. + * + * The core mechanism is block_until_pred(), which does not return until pred() + * returns a value other than 0. The blocker uses OS I/O synchronisation + * primitives (e.g. poll(2)) and ticks the reactor until the predicate is + * satisfied. The blocker is not required to call pred() more than once between + * tick calls. + * + * When pred returns a non-zero value, that value is returned by this function. + * This can be used to allow pred() to indicate error conditions and short + * circuit the blocking process. + * + * A return value of -1 is reserved for network polling errors. Therefore this + * return value should not be used by pred() if ambiguity is not desired. Note + * that the predicate function can always arrange its own output mechanism, for + * example by passing a structure of its own as the argument. + * + * If the SKIP_FIRST_TICK flag is set, the first call to reactor_tick() before + * the first call to pred() is skipped. This is useful if it is known that + * ticking the reactor again will not be useful (e.g. because it has already + * been done). + * + * This function assumes a write lock is held for the entire QUIC_CHANNEL. If + * mutex is non-NULL, it must be a lock currently held for write; it will be + * unlocked during any sleep, and then relocked for write afterwards. + * + * Precondition: mutex is NULL or is held for write (unchecked) + * Postcondition: mutex is NULL or is held for write (unless + * CRYPTO_THREAD_write_lock fails) + */ +#define SKIP_FIRST_TICK (1U << 0) + +int ossl_quic_reactor_block_until_pred(QUIC_REACTOR *rtor, + int (*pred)(void *arg), void *pred_arg, + uint32_t flags, + CRYPTO_MUTEX *mutex); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_record_rx.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_record_rx.h new file mode 100644 index 000000000000..001509bd583c --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_record_rx.h @@ -0,0 +1,548 @@ +/* + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_RECORD_RX_H +# define OSSL_QUIC_RECORD_RX_H + +# include +# include "internal/quic_wire_pkt.h" +# include "internal/quic_types.h" +# include "internal/quic_predef.h" +# include "internal/quic_record_util.h" +# include "internal/quic_demux.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Record Layer - RX + * ====================== + */ +typedef struct ossl_qrx_st OSSL_QRX; + +typedef struct ossl_qrx_args_st { + OSSL_LIB_CTX *libctx; + const char *propq; + + /* Demux which owns the URXEs passed to us. */ + QUIC_DEMUX *demux; + + /* Length of connection IDs used in short-header packets in bytes. */ + size_t short_conn_id_len; + + /* + * Maximum number of deferred datagrams buffered at any one time. + * Suggested value: 32. + */ + size_t max_deferred; + + /* Initial reference PN used for RX. */ + QUIC_PN init_largest_pn[QUIC_PN_SPACE_NUM]; + + /* Initial key phase. For debugging use only; always 0 in real use. */ + unsigned char init_key_phase_bit; +} OSSL_QRX_ARGS; + +/* Instantiates a new QRX. */ +OSSL_QRX *ossl_qrx_new(const OSSL_QRX_ARGS *args); + +/* + * Frees the QRX. All packets obtained using ossl_qrx_read_pkt must already + * have been released by calling ossl_qrx_release_pkt. + * + * You do not need to call ossl_qrx_remove_dst_conn_id first; this function will + * unregister the QRX from the demuxer for all registered destination connection + * IDs (DCIDs) automatically. + */ +void ossl_qrx_free(OSSL_QRX *qrx); + +/* Setters for the msg_callback and msg_callback_arg */ +void ossl_qrx_set_msg_callback(OSSL_QRX *qrx, ossl_msg_cb msg_callback, + SSL *msg_callback_ssl); +void ossl_qrx_set_msg_callback_arg(OSSL_QRX *qrx, + void *msg_callback_arg); + +/* + * Secret Management + * ================= + * + * A QRX has several encryption levels (Initial, Handshake, 0-RTT, 1-RTT) and + * two directions (RX, TX). At any given time, key material is managed for each + * (EL, RX/TX) combination. + * + * Broadly, for a given (EL, RX/TX), the following state machine is applicable: + * + * WAITING_FOR_KEYS --[Provide]--> HAVE_KEYS --[Discard]--> | DISCARDED | + * \-------------------------------------[Discard]--> | | + * + * To transition the RX side of an EL from WAITING_FOR_KEYS to HAVE_KEYS, call + * ossl_qrx_provide_secret (for the INITIAL EL, use of + * ossl_quic_provide_initial_secret is recommended). + * + * Once keys have been provisioned for an EL, you call + * ossl_qrx_discard_enc_level to transition the EL to the DISCARDED state. You + * can also call this function to transition directly to the DISCARDED state + * even before any keys have been provisioned for that EL. + * + * The DISCARDED state is terminal for a given EL; you cannot provide a secret + * again for that EL after reaching it. + * + * Incoming packets cannot be processed and decrypted if they target an EL + * not in the HAVE_KEYS state. However, there is a distinction between + * the WAITING_FOR_KEYS and DISCARDED states: + * + * - In the WAITING_FOR_KEYS state, the QRX assumes keys for the given + * EL will eventually arrive. Therefore, if it receives any packet + * for an EL in this state, it buffers it and tries to process it + * again once the EL reaches HAVE_KEYS. + * + * - In the DISCARDED state, the QRX assumes no keys for the given + * EL will ever arrive again. If it receives any packet for an EL + * in this state, it is simply discarded. + * + * If the user wishes to instantiate a new QRX to replace an old one for + * whatever reason, for example to take over for an already established QUIC + * connection, it is important that all ELs no longer being used (i.e., INITIAL, + * 0-RTT, 1-RTT) are transitioned to the DISCARDED state. Otherwise, the QRX + * will assume that keys for these ELs will arrive in future, and will buffer + * any received packets for those ELs perpetually. This can be done by calling + * ossl_qrx_discard_enc_level for all non-1-RTT ELs immediately after + * instantiating the QRX. + * + * The INITIAL EL is not setup automatically when the QRX is instantiated. This + * allows the caller to instead discard it immediately after instantiation of + * the QRX if it is not needed, for example if the QRX is being instantiated to + * take over handling of an existing connection which has already passed the + * INITIAL phase. This avoids the unnecessary derivation of INITIAL keys where + * they are not needed. In the ordinary case, ossl_quic_provide_initial_secret + * should be called immediately after instantiation. + */ + +/* + * Provides a secret to the QRX, which arises due to an encryption level change. + * enc_level is a QUIC_ENC_LEVEL_* value. To initialise the INITIAL encryption + * level, it is recommended to use ossl_quic_provide_initial_secret instead. + * + * You should seek to call this function for a given EL before packets of that + * EL arrive and are processed by the QRX. However, if packets have already + * arrived for a given EL, the QRX will defer processing of them and perform + * processing of them when this function is eventually called for the EL in + * question. + * + * suite_id is a QRL_SUITE_* value which determines the AEAD function used for + * the QRX. + * + * The secret passed is used directly to derive the "quic key", "quic iv" and + * "quic hp" values. + * + * secret_len is the length of the secret buffer in bytes. The buffer must be + * sized correctly to the chosen suite, else the function fails. + * + * This function can only be called once for a given EL, except for the INITIAL + * EL, which can need rekeying when a connection retry occurs. Subsequent calls + * for non-INITIAL ELs fail, as do calls made after a corresponding call to + * ossl_qrx_discard_enc_level for that EL. The secret for a non-INITIAL EL + * cannot be changed after it is set because QUIC has no facility for + * introducing additional key material after an EL is setup. QUIC key updates + * are managed semi-automatically by the QRX but do require some caller handling + * (see below). + * + * md is for internal use and should be NULL. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_qrx_provide_secret(OSSL_QRX *qrx, + uint32_t enc_level, + uint32_t suite_id, + EVP_MD *md, + const unsigned char *secret, + size_t secret_len); + +/* + * Informs the QRX that it can now discard key material for a given EL. The QRX + * will no longer be able to process incoming packets received at that + * encryption level. This function is idempotent and succeeds if the EL has + * already been discarded. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_qrx_discard_enc_level(OSSL_QRX *qrx, uint32_t enc_level); + +/* + * Packet Reception + * ================ + */ + +/* Information about a received packet. */ +struct ossl_qrx_pkt_st { + /* + * Points to a logical representation of the decoded QUIC packet header. The + * data and len fields point to the decrypted QUIC payload (i.e., to a + * sequence of zero or more (potentially malformed) frames to be decoded). + */ + QUIC_PKT_HDR *hdr; + + /* + * Address the packet was received from. If this is not available for this + * packet, this field is NULL (but this can only occur for manually injected + * packets). + */ + const BIO_ADDR *peer; + + /* + * Local address the packet was sent to. If this is not available for this + * packet, this field is NULL. + */ + const BIO_ADDR *local; + + /* + * This is the length of the datagram which contained this packet. Note that + * the datagram may have contained other packets than this. The intended use + * for this is so that the user can enforce minimum datagram sizes (e.g. for + * datagrams containing INITIAL packets), as required by RFC 9000. + */ + size_t datagram_len; + + /* The PN which was decoded for the packet, if the packet has a PN field. */ + QUIC_PN pn; + + /* + * Time the packet was received, or ossl_time_zero() if the demuxer is not + * using a now() function. + */ + OSSL_TIME time; + + /* The QRX which was used to receive the packet. */ + OSSL_QRX *qrx; + + /* + * The key epoch the packet was received with. Always 0 for non-1-RTT + * packets. + */ + uint64_t key_epoch; + + /* + * This monotonically increases with each datagram received. + * It is for diagnostic use only. + */ + uint64_t datagram_id; +}; + +/* + * Tries to read a new decrypted packet from the QRX. + * + * On success, *pkt points to a OSSL_QRX_PKT structure. The structure should be + * freed when no longer needed by calling ossl_qrx_pkt_release(). The structure + * is refcounted; to gain extra references, call ossl_qrx_pkt_up_ref(). This + * will cause a corresponding number of calls to ossl_qrx_pkt_release() to be + * ignored. + * + * The resources referenced by (*pkt)->hdr, (*pkt)->hdr->data and (*pkt)->peer + * have the same lifetime as *pkt. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_qrx_read_pkt(OSSL_QRX *qrx, OSSL_QRX_PKT **pkt); + +/* + * Decrement the reference count for the given packet and frees it if the + * reference count drops to zero. No-op if pkt is NULL. + */ +void ossl_qrx_pkt_release(OSSL_QRX_PKT *pkt); + +/* Increments the reference count for the given packet. */ +void ossl_qrx_pkt_up_ref(OSSL_QRX_PKT *pkt); + +/* + * Returns 1 if there are any already processed (i.e. decrypted) packets waiting + * to be read from the QRX. + */ +int ossl_qrx_processed_read_pending(OSSL_QRX *qrx); + +/* + * Returns 1 if there are any unprocessed (i.e. not yet decrypted) packets + * waiting to be processed by the QRX. These may or may not result in + * successfully decrypted packets once processed. This indicates whether + * unprocessed data is buffered by the QRX, not whether any data is available in + * a kernel socket buffer. + */ +int ossl_qrx_unprocessed_read_pending(OSSL_QRX *qrx); + +/* + * Returns the number of UDP payload bytes received from the network so far + * since the last time this counter was cleared. If clear is 1, clears the + * counter and returns the old value. + * + * The intended use of this is to allow callers to determine how much credit to + * add to their anti-amplification budgets. This is reported separately instead + * of in the OSSL_QRX_PKT structure so that a caller can apply + * anti-amplification credit as soon as a datagram is received, before it has + * necessarily read all processed packets contained within that datagram from + * the QRX. + */ +uint64_t ossl_qrx_get_bytes_received(OSSL_QRX *qrx, int clear); + +/* + * Sets a callback which is called when a packet is received and being validated + * before being queued in the read queue. This is called after packet body + * decryption and authentication to prevent exposing side channels. pn_space is + * a QUIC_PN_SPACE_* value denoting which PN space the PN belongs to. + * + * If this callback returns 1, processing continues normally. + * If this callback returns 0, the packet is discarded. + * + * Other packets in the same datagram will still be processed where possible. + * + * The callback is optional and can be unset by passing NULL for cb. + * cb_arg is an opaque value passed to cb. + */ +typedef int (ossl_qrx_late_validation_cb)(QUIC_PN pn, int pn_space, + void *arg); + +int ossl_qrx_set_late_validation_cb(OSSL_QRX *qrx, + ossl_qrx_late_validation_cb *cb, + void *cb_arg); + +/* + * Forcibly injects a URXE which has been issued by the DEMUX into the QRX for + * processing. This can be used to pass a received datagram to the QRX if it + * would not be correctly routed to the QRX via standard DCID-based routing; for + * example, when handling an incoming Initial packet which is attempting to + * establish a new connection. + */ +void ossl_qrx_inject_urxe(OSSL_QRX *qrx, QUIC_URXE *e); + +/* + * Decryption of 1-RTT packets must be explicitly enabled by calling this + * function. This is to comply with the requirement that we not process 1-RTT + * packets until the handshake is complete, even if we already have 1-RTT + * secrets. Even if a 1-RTT secret is provisioned for the QRX, incoming 1-RTT + * packets will be handled as though no key is available until this function is + * called. Calling this function will then requeue any such deferred packets for + * processing. + */ +void ossl_qrx_allow_1rtt_processing(OSSL_QRX *qrx); + +/* + * Key Update (RX) + * =============== + * + * Key update on the RX side is a largely but not entirely automatic process. + * + * Key update is initially triggered by receiving a 1-RTT packet with a + * different Key Phase value. This could be caused by an attacker in the network + * flipping random bits, therefore such a key update is tentative until the + * packet payload is successfully decrypted and authenticated by the AEAD with + * the 'next' keys. These 'next' keys then become the 'current' keys and the + * 'current' keys then become the 'previous' keys. The 'previous' keys must be + * kept around temporarily as some packets may still be in flight in the network + * encrypted with the old keys. If the old Key Phase value is X and the new Key + * Phase Value is Y (where obviously X != Y), this creates an ambiguity as any + * new packet received with a KP of X could either be an attempt to initiate yet + * another key update right after the last one, or an old packet encrypted + * before the key update. + * + * RFC 9001 provides some guidance on handling this issue: + * + * Strategy 1: + * Three keys, disambiguation using packet numbers + * + * "A recovered PN that is lower than any PN from the current KP uses the + * previous packet protection keys; a recovered PN that is higher than any + * PN from the current KP requires use of the next packet protection + * keys." + * + * Strategy 2: + * Two keys and a timer + * + * "Alternatively, endpoints can retain only two sets of packet protection + * keys, swapping previous keys for next after enough time has passed to + * allow for reordering in the network. In this case, the KP bit alone can + * be used to select keys." + * + * Strategy 2 is more efficient (we can keep fewer cipher contexts around) and + * should cover all actually possible network conditions. It also allows a delay + * after we make the 'next' keys our 'current' keys before we generate new + * 'next' keys, which allows us to mitigate against malicious peers who try to + * initiate an excessive number of key updates. + * + * We therefore model the following state machine: + * + * + * PROVISIONED + * _______________________________ + * | | + * UNPROVISIONED --|----> NORMAL <----------\ |------> DISCARDED + * | | | | + * | | | | + * | v | | + * | UPDATING | | + * | | | | + * | | | | + * | v | | + * | COOLDOWN | | + * | | | | + * | | | | + * | \---------------| | + * |_______________________________| + * + * + * The RX starts (once a secret has been provisioned) in the NORMAL state. In + * the NORMAL state, the current expected value of the Key Phase bit is + * recorded. When a flipped Key Phase bit is detected, the RX attempts to + * decrypt and authenticate the received packet with the 'next' keys rather than + * the 'current' keys. If (and only if) this authentication is successful, we + * move to the UPDATING state. (An attacker in the network could flip + * the Key Phase bit randomly, so it is essential we do nothing until AEAD + * authentication is complete.) + * + * In the UPDATING state, we know a key update is occurring and record + * the new Key Phase bit value as the newly current value, but we still keep the + * old keys around so that we can still process any packets which were still in + * flight when the key update was initiated. In the UPDATING state, a + * Key Phase bit value different to the current expected value is treated not as + * the initiation of another key update, but a reference to our old keys. + * + * Eventually we will be reasonably sure we are not going to receive any more + * packets with the old keys. At this point, we can transition to the COOLDOWN + * state. This transition occurs automatically after a certain amount of time; + * RFC 9001 recommends it be the PTO interval, which relates to our RTT to the + * peer. The duration also SHOULD NOT exceed three times the PTO to assist with + * maintaining PFS. + * + * In the COOLDOWN phase, the old keys have been securely erased and only one + * set of keys can be used: the current keys. If a packet is received with a Key + * Phase bit value different to the current Key Phase Bit value, this is treated + * as a request for a Key Update, but this request is ignored and the packet is + * treated as malformed. We do this to allow mitigation against malicious peers + * trying to initiate an excessive number of Key Updates. The timeout for the + * transition from UPDATING to COOLDOWN is recommended as adequate for + * this purpose in itself by the RFC, so the normal additional timeout value for + * the transition from COOLDOWN to normal is zero (immediate transition). + * + * A summary of each state: + * + * Epoch Exp KP Uses Keys KS0 KS1 If Non-Expected KP Bit + * ----- ------ --------- ------ ----- ---------------------- + * NORMAL 0 0 Keyset 0 Gen 0 Gen 1 → UPDATING + * UPDATING 1 1 Keyset 1 Gen 0 Gen 1 Use Keyset 0 + * COOLDOWN 1 1 Keyset 1 Erased Gen 1 Ignore Packet (*) + * + * NORMAL 1 1 Keyset 1 Gen 2 Gen 1 → UPDATING + * UPDATING 2 0 Keyset 0 Gen 2 Gen 1 Use Keyset 1 + * COOLDOWN 2 0 Keyset 0 Gen 2 Erased Ignore Packet (*) + * + * (*) Actually implemented by attempting to decrypt the packet with the + * wrong keys (which ultimately has the same outcome), as recommended + * by RFC 9001 to avoid creating timing channels. + * + * Note that the key material for the next key generation ("key epoch") is + * always kept in the NORMAL state (necessary to avoid side-channel attacks). + * This material is derived during the transition from COOLDOWN to NORMAL. + * + * Note that when a peer initiates a Key Update, we MUST also initiate a Key + * Update as per the RFC. The caller is responsible for detecting this condition + * and making the necessary calls to the TX side by detecting changes to the + * return value of ossl_qrx_get_key_epoch(). + * + * The above states (NORMAL, UPDATING, COOLDOWN) can themselves be + * considered substates of the PROVISIONED state. Providing a secret to the QRX + * for an EL transitions from UNPROVISIONED, the initial state, to PROVISIONED + * (NORMAL). Dropping key material for an EL transitions from whatever the + * current substate of the PROVISIONED state is to the DISCARDED state, which is + * the terminal state. + * + * Note that non-1RTT ELs cannot undergo key update, therefore a non-1RTT EL is + * always in the NORMAL substate if it is in the PROVISIONED state. + */ + +/* + * Return the current RX key epoch for the 1-RTT encryption level. This is + * initially zero and is incremented by one for every Key Update successfully + * signalled by the peer. If the 1-RTT EL has not yet been provisioned or has + * been discarded, returns UINT64_MAX. + * + * A necessary implication of this API is that the least significant bit of the + * returned value corresponds to the currently expected Key Phase bit, though + * callers are not anticipated to have any need of this information. + * + * It is not possible for the returned value to overflow, as a QUIC connection + * cannot support more than 2**62 packet numbers, and a connection must be + * terminated if this limit is reached. + * + * The caller should use this function to detect when the key epoch has changed + * and use it to initiate a key update on the TX side. + * + * The value returned by this function increments specifically at the transition + * from the NORMAL to the UPDATING state discussed above. + */ +uint64_t ossl_qrx_get_key_epoch(OSSL_QRX *qrx); + +/* + * Sets an optional callback which will be called when the key epoch changes. + * + * The callback is optional and can be unset by passing NULL for cb. + * cb_arg is an opaque value passed to cb. pn is the PN of the packet. + * Since key update is only supported for 1-RTT packets, the PN is always + * in the Application Data PN space. +*/ +typedef void (ossl_qrx_key_update_cb)(QUIC_PN pn, void *arg); + +int ossl_qrx_set_key_update_cb(OSSL_QRX *qrx, + ossl_qrx_key_update_cb *cb, void *cb_arg); + +/* + * Relates to the 1-RTT encryption level. The caller should call this after the + * UPDATING state is reached, after a timeout to be determined by the caller. + * + * This transitions from the UPDATING state to the COOLDOWN state (if + * still in the UPDATING state). If normal is 1, then transitions from + * the COOLDOWN state to the NORMAL state. Both transitions can be performed at + * once if desired. + * + * If in the normal state, or if in the COOLDOWN state and normal is 0, this is + * a no-op and returns 1. Returns 0 if the 1-RTT EL has not been provisioned or + * has been dropped. + * + * It is essential that the caller call this within a few PTO intervals of a key + * update occurring (as detected by the caller in a call to + * ossl_qrx_key_get_key_epoch()), as otherwise the peer will not be able to + * perform a Key Update ever again. + */ +int ossl_qrx_key_update_timeout(OSSL_QRX *qrx, int normal); + + +/* + * Key Expiration + * ============== + */ + +/* + * Returns the number of seemingly forged packets which have been received by + * the QRX. If this value reaches the value returned by + * ossl_qrx_get_max_epoch_forged_pkt_count() for a given EL, all further + * received encrypted packets for that EL will be discarded without processing. + * + * Note that the forged packet limit is for the connection lifetime, thus it is + * not reset by a key update. It is suggested that the caller terminate the + * connection a reasonable margin before the limit is reached. However, the + * exact limit imposed does vary by EL due to the possibility that different ELs + * use different AEADs. + */ +uint64_t ossl_qrx_get_cur_forged_pkt_count(OSSL_QRX *qrx); + +/* + * Returns the maximum number of forged packets which the record layer will + * permit to be verified using this QRX instance. + */ +uint64_t ossl_qrx_get_max_forged_pkt_count(OSSL_QRX *qrx, + uint32_t enc_level); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_record_tx.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_record_tx.h new file mode 100644 index 000000000000..e84523f895ca --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_record_tx.h @@ -0,0 +1,393 @@ +/* + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_RECORD_TX_H +# define OSSL_QUIC_RECORD_TX_H + +# include +# include "internal/quic_wire_pkt.h" +# include "internal/quic_types.h" +# include "internal/quic_predef.h" +# include "internal/quic_record_util.h" +# include "internal/qlog.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Record Layer - TX + * ====================== + */ +typedef struct ossl_qtx_iovec_st { + const unsigned char *buf; + size_t buf_len; +} OSSL_QTX_IOVEC; + +typedef struct ossl_qtx_st OSSL_QTX; + +typedef int (*ossl_mutate_packet_cb)(const QUIC_PKT_HDR *hdrin, + const OSSL_QTX_IOVEC *iovecin, size_t numin, + QUIC_PKT_HDR **hdrout, + const OSSL_QTX_IOVEC **iovecout, + size_t *numout, + void *arg); + +typedef void (*ossl_finish_mutate_cb)(void *arg); + +typedef struct ossl_qtx_args_st { + OSSL_LIB_CTX *libctx; + const char *propq; + + /* BIO to transmit to. */ + BIO *bio; + + /* Maximum datagram payload length (MDPL) for TX purposes. */ + size_t mdpl; + + /* Callback returning QLOG instance to use, or NULL. */ + QLOG *(*get_qlog_cb)(void *arg); + void *get_qlog_cb_arg; +} OSSL_QTX_ARGS; + +/* Instantiates a new QTX. */ +OSSL_QTX *ossl_qtx_new(const OSSL_QTX_ARGS *args); + +/* Frees the QTX. */ +void ossl_qtx_free(OSSL_QTX *qtx); + +/* Set mutator callbacks for test framework support */ +void ossl_qtx_set_mutator(OSSL_QTX *qtx, ossl_mutate_packet_cb mutatecb, + ossl_finish_mutate_cb finishmutatecb, void *mutatearg); + +/* Setters for the msg_callback and the msg_callback_arg */ +void ossl_qtx_set_msg_callback(OSSL_QTX *qtx, ossl_msg_cb msg_callback, + SSL *msg_callback_ssl); +void ossl_qtx_set_msg_callback_arg(OSSL_QTX *qtx, void *msg_callback_arg); + +/* Change QLOG instance retrieval callback in use after instantiation. */ +void ossl_qtx_set_qlog_cb(OSSL_QTX *qtx, QLOG *(*get_qlog_cb)(void *arg), + void *get_qlog_cb_arg); + +/* + * Secret Management + * ----------------- + */ + +/* + * Provides a secret to the QTX, which arises due to an encryption level change. + * enc_level is a QUIC_ENC_LEVEL_* value. + * + * This function can be used to initialise the INITIAL encryption level, but you + * should not do so directly; see the utility function + * ossl_qrl_provide_initial_secret() instead, which can initialise the INITIAL + * encryption level of a QRX and QTX simultaneously without duplicating certain + * key derivation steps. + * + * You must call this function for a given EL before transmitting packets at + * that EL using this QTX, otherwise ossl_qtx_write_pkt will fail. + * + * suite_id is a QRL_SUITE_* value which determines the AEAD function used for + * the QTX. + * + * The secret passed is used directly to derive the "quic key", "quic iv" and + * "quic hp" values. + * + * secret_len is the length of the secret buffer in bytes. The buffer must be + * sized correctly to the chosen suite, else the function fails. + * + * This function can only be called once for a given EL, except for the INITIAL + * EL, as the INITIAL EL can need to be rekeyed if connection retry occurs. + * Subsequent calls for non-INITIAL ELs fail. Calls made after a corresponding + * call to ossl_qtx_discard_enc_level for a given EL also fail, including for + * the INITIAL EL. The secret for a non-INITIAL EL cannot be changed after it is + * set because QUIC has no facility for introducing additional key material + * after an EL is setup. (QUIC key updates generate new keys from existing key + * material and do not introduce new entropy into a connection's key material.) + * + * Returns 1 on success or 0 on failure. + */ +int ossl_qtx_provide_secret(OSSL_QTX *qtx, + uint32_t enc_level, + uint32_t suite_id, + EVP_MD *md, + const unsigned char *secret, + size_t secret_len); + +/* + * Informs the QTX that it can now discard key material for a given EL. The QTX + * will no longer be able to generate packets at that EL. This function is + * idempotent and succeeds if the EL has already been discarded. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_qtx_discard_enc_level(OSSL_QTX *qtx, uint32_t enc_level); + +/* Returns 1 if the given encryption level is provisioned. */ +int ossl_qtx_is_enc_level_provisioned(OSSL_QTX *qtx, uint32_t enc_level); + +/* + * Given the value ciphertext_len representing an encrypted packet payload + * length in bytes, determines how many plaintext bytes it will decrypt to. + * Returns 0 if the specified EL is not provisioned or ciphertext_len is too + * small. The result is written to *plaintext_len. + */ +int ossl_qtx_calculate_plaintext_payload_len(OSSL_QTX *qtx, uint32_t enc_level, + size_t ciphertext_len, + size_t *plaintext_len); + +/* + * Given the value plaintext_len represented a plaintext packet payload length + * in bytes, determines how many ciphertext bytes it will encrypt to. The value + * output does not include packet headers. Returns 0 if the specified EL is not + * provisioned. The result is written to *ciphertext_len. + */ +int ossl_qtx_calculate_ciphertext_payload_len(OSSL_QTX *qtx, uint32_t enc_level, + size_t plaintext_len, + size_t *ciphertext_len); + +uint32_t ossl_qrl_get_suite_cipher_tag_len(uint32_t suite_id); + + +/* + * Packet Transmission + * ------------------- + */ + +struct ossl_qtx_pkt_st { + /* Logical packet header to be serialized. */ + QUIC_PKT_HDR *hdr; + + /* + * iovecs expressing the logical packet payload buffer. Zero-length entries + * are permitted. + */ + const OSSL_QTX_IOVEC *iovec; + size_t num_iovec; + + /* Destination address. Will be passed through to the BIO if non-NULL. */ + const BIO_ADDR *peer; + + /* + * Local address (optional). Specify as non-NULL only if TX BIO + * has local address support enabled. + */ + const BIO_ADDR *local; + + /* + * Logical PN. Used for encryption. This will automatically be encoded to + * hdr->pn, which need not be initialized. + */ + QUIC_PN pn; + + /* Packet flags. Zero or more OSSL_QTX_PKT_FLAG_* values. */ + uint32_t flags; +}; + +/* + * More packets will be written which should be coalesced into a single + * datagram; do not send this packet yet. To use this, set this flag for all + * packets but the final packet in a datagram, then send the final packet + * without this flag set. + * + * This flag is not a guarantee and the QTX may transmit immediately anyway if + * it is not possible to fit any more packets in the current datagram. + * + * If the caller change its mind and needs to cause a packet queued with + * COALESCE after having passed it to this function but without writing another + * packet, it should call ossl_qtx_flush_pkt(). + */ +#define OSSL_QTX_PKT_FLAG_COALESCE (1U << 0) + +/* + * Writes a packet. + * + * *pkt need be valid only for the duration of the call to this function. + * + * pkt->hdr->data and pkt->hdr->len are unused. The payload buffer is specified + * via an array of OSSL_QTX_IOVEC structures. The API is designed to support + * single-copy transmission; data is copied from the iovecs as it is encrypted + * into an internal staging buffer for transmission. + * + * The function may modify and clobber pkt->hdr->data, pkt->hdr->len, + * pkt->hdr->key_phase and pkt->hdr->pn for its own internal use. No other + * fields of pkt or pkt->hdr will be modified. + * + * It is the callers responsibility to determine how long the PN field in the + * encoded packet should be by setting pkt->hdr->pn_len. This function takes + * care of the PN encoding. Set pkt->pn to the desired PN. + * + * Note that 1-RTT packets do not have a DCID Length field, therefore the DCID + * length must be understood contextually. This function assumes the caller + * knows what it is doing and will serialize a DCID of whatever length is given. + * It is the caller's responsibility to ensure it uses a consistent DCID length + * for communication with any given set of remote peers. + * + * The packet is queued regardless of whether it is able to be sent immediately. + * This enables packets to be batched and sent at once on systems which support + * system calls to send multiple datagrams in a single system call (see + * BIO_sendmmsg). To flush queued datagrams to the network, see + * ossl_qtx_flush_net(). + * + * Returns 1 on success or 0 on failure. + */ +int ossl_qtx_write_pkt(OSSL_QTX *qtx, const OSSL_QTX_PKT *pkt); + +/* + * Finish any incomplete datagrams for transmission which were flagged for + * coalescing. If there is no current coalescing datagram, this is a no-op. + */ +void ossl_qtx_finish_dgram(OSSL_QTX *qtx); + +/* + * (Attempt to) flush any datagrams which are queued for transmission. Note that + * this does not cancel coalescing; call ossl_qtx_finish_dgram() first if that + * is desired. The queue is drained into the OS's sockets as much as possible. + * To determine if there is still data to be sent after calling this function, + * use ossl_qtx_get_queue_len_bytes(). + * + * Returns one of the following values: + * + * QTX_FLUSH_NET_RES_OK + * Either no packets are currently queued for transmission, + * or at least one packet was successfully submitted. + * + * QTX_FLUSH_NET_RES_TRANSIENT_FAIL + * The underlying network write BIO indicated a transient error + * (e.g. buffers full). + * + * QTX_FLUSH_NET_RES_PERMANENT_FAIL + * Internal error (e.g. assertion or allocation error) + * or the underlying network write BIO indicated a non-transient + * error. + */ +#define QTX_FLUSH_NET_RES_OK 1 +#define QTX_FLUSH_NET_RES_TRANSIENT_FAIL (-1) +#define QTX_FLUSH_NET_RES_PERMANENT_FAIL (-2) + +int ossl_qtx_flush_net(OSSL_QTX *qtx); + +/* + * Diagnostic function. If there is any datagram pending transmission, pops it + * and writes the details of the datagram as they would have been passed to + * *msg. Returns 1, or 0 if there are no datagrams pending. For test use only. + */ +int ossl_qtx_pop_net(OSSL_QTX *qtx, BIO_MSG *msg); + +/* Returns number of datagrams which are fully-formed but not yet sent. */ +size_t ossl_qtx_get_queue_len_datagrams(OSSL_QTX *qtx); + +/* + * Returns number of payload bytes across all datagrams which are fully-formed + * but not yet sent. Does not count any incomplete coalescing datagram. + */ +size_t ossl_qtx_get_queue_len_bytes(OSSL_QTX *qtx); + +/* + * Returns number of bytes in the current coalescing datagram, or 0 if there is + * no current coalescing datagram. Returns 0 after a call to + * ossl_qtx_finish_dgram(). + */ +size_t ossl_qtx_get_cur_dgram_len_bytes(OSSL_QTX *qtx); + +/* + * Returns number of queued coalesced packets which have not been put into a + * datagram yet. If this is non-zero, ossl_qtx_flush_pkt() needs to be called. + */ +size_t ossl_qtx_get_unflushed_pkt_count(OSSL_QTX *qtx); + +/* + * Change the BIO being used by the QTX. May be NULL if actual transmission is + * not currently required. Does not up-ref the BIO; the caller is responsible + * for ensuring the lifetime of the BIO exceeds the lifetime of the QTX. + */ +void ossl_qtx_set_bio(OSSL_QTX *qtx, BIO *bio); + +/* Changes the MDPL. */ +int ossl_qtx_set_mdpl(OSSL_QTX *qtx, size_t mdpl); + +/* Retrieves the current MDPL. */ +size_t ossl_qtx_get_mdpl(OSSL_QTX *qtx); + + +/* + * Key Update + * ---------- + * + * For additional discussion of key update considerations, see QRX header file. + */ + +/* + * Triggers a key update. The key update will be started by inverting the Key + * Phase bit of the next packet transmitted; no key update occurs until the next + * packet is transmitted. Thus, this function should generally be called + * immediately before queueing the next packet. + * + * There are substantial requirements imposed by RFC 9001 on under what + * circumstances a key update can be initiated. The caller is responsible for + * meeting most of these requirements. For example, this function cannot be + * called too soon after a previous key update has occurred. Key updates also + * cannot be initiated until the 1-RTT encryption level is reached. + * + * As a sanity check, this function will fail and return 0 if the non-1RTT + * encryption levels have not yet been dropped. + * + * The caller may decide itself to initiate a key update, but it also MUST + * initiate a key update where it detects that the peer has initiated a key + * update. The caller is responsible for initiating a TX key update by calling + * this function in this circumstance; thus, the caller is responsible for + * coupling the RX and TX QUIC record layers in this way. + */ +int ossl_qtx_trigger_key_update(OSSL_QTX *qtx); + + +/* + * Key Expiration + * -------------- + */ + +/* + * Returns the number of packets which have been encrypted for transmission with + * the current set of TX keys (the current "TX key epoch"). Reset to zero after + * a key update and incremented for each packet queued. If enc_level is not + * valid or relates to an EL which is not currently available, returns + * UINT64_MAX. + */ +uint64_t ossl_qtx_get_cur_epoch_pkt_count(OSSL_QTX *qtx, uint32_t enc_level); + +/* + * Returns the maximum number of packets which the record layer will permit to + * be encrypted using the current set of TX keys. If this limit is reached (that + * is, if the counter returned by ossl_qrx_tx_get_cur_epoch_pkt_count() reaches + * this value), as a safety measure, the QTX will not permit any further packets + * to be queued. All calls to ossl_qrx_write_pkt that try to send packets of a + * kind which need to be encrypted will fail. It is not possible to recover from + * this condition and the QTX must then be destroyed; therefore, callers should + * ensure they always trigger a key update well in advance of reaching this + * limit. + * + * The value returned by this function is based on the ciphersuite configured + * for the given encryption level. If keys have not been provisioned for the + * specified enc_level or the enc_level argument is invalid, this function + * returns UINT64_MAX, which is not a valid value. Note that it is not possible + * to perform a key update at any encryption level other than 1-RTT, therefore + * if this limit is reached at earlier encryption levels (which should not be + * possible) the connection must be terminated. Since this condition precludes + * the transmission of further packets, the only possible signalling of such an + * error condition to a peer is a Stateless Reset packet. + */ +uint64_t ossl_qtx_get_max_epoch_pkt_count(OSSL_QTX *qtx, uint32_t enc_level); + +/* + * Get the 1-RTT EL key epoch number for the QTX. This is intended for + * diagnostic purposes. Returns 0 if 1-RTT EL is not provisioned yet. + */ +uint64_t ossl_qtx_get_key_epoch(OSSL_QTX *qtx); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_record_util.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_record_util.h new file mode 100644 index 000000000000..97e630d924e0 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_record_util.h @@ -0,0 +1,116 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_RECORD_UTIL_H +# define OSSL_QUIC_RECORD_UTIL_H + +# include +# include "internal/quic_types.h" + +# ifndef OPENSSL_NO_QUIC + +struct ossl_qrx_st; +struct ossl_qtx_st; + +/* + * QUIC Key Derivation Utilities + * ============================= + */ + +/* HKDF-Extract(salt, IKM) (RFC 5869) */ +int ossl_quic_hkdf_extract(OSSL_LIB_CTX *libctx, + const char *propq, + const EVP_MD *md, + const unsigned char *salt, size_t salt_len, + const unsigned char *ikm, size_t ikm_len, + unsigned char *out, size_t out_len); + +/* + * A QUIC client sends its first INITIAL packet with a random DCID, which + * is used to compute the secrets used for INITIAL packet encryption in both + * directions (both client-to-server and server-to-client). + * + * This function performs the necessary DCID-based key derivation, and then + * provides the derived key material for the INITIAL encryption level to a QRX + * instance, a QTX instance, or both. + * + * This function derives the necessary key material and then: + * - if qrx is non-NULL, provides the appropriate secret to it; + * - if qtx is non-NULL, provides the appropriate secret to it. + * + * If both qrx and qtx are NULL, this is a no-op. This function is equivalent to + * making the appropriate calls to ossl_qrx_provide_secret() and + * ossl_qtx_provide_secret(). + * + * It is possible to use a QRX or QTX without ever calling this, for example if + * there is no desire to handle INITIAL packets (e.g. if a QRX/QTX is + * instantiated to succeed a previous QRX/QTX and handle a connection which is + * already established). However in this case you should make sure you call + * ossl_qrx_discard_enc_level(); see the header for that function for more + * details. Calling ossl_qtx_discard_enc_level() is not essential but could + * protect against programming errors. + * + * Returns 1 on success or 0 on error. + */ +int ossl_quic_provide_initial_secret(OSSL_LIB_CTX *libctx, + const char *propq, + const QUIC_CONN_ID *dst_conn_id, + int is_server, + struct ossl_qrx_st *qrx, + struct ossl_qtx_st *qtx); + +/* + * QUIC Record Layer Ciphersuite Info + * ================================== + */ + +/* Available QUIC Record Layer (QRL) ciphersuites. */ +# define QRL_SUITE_AES128GCM 1 /* SHA256 */ +# define QRL_SUITE_AES256GCM 2 /* SHA384 */ +# define QRL_SUITE_CHACHA20POLY1305 3 /* SHA256 */ + +/* Returns cipher name in bytes or NULL if suite ID is invalid. */ +const char *ossl_qrl_get_suite_cipher_name(uint32_t suite_id); + +/* Returns hash function name in bytes or NULL if suite ID is invalid. */ +const char *ossl_qrl_get_suite_md_name(uint32_t suite_id); + +/* Returns secret length in bytes or 0 if suite ID is invalid. */ +uint32_t ossl_qrl_get_suite_secret_len(uint32_t suite_id); + +/* Returns key length in bytes or 0 if suite ID is invalid. */ +uint32_t ossl_qrl_get_suite_cipher_key_len(uint32_t suite_id); + +/* Returns IV length in bytes or 0 if suite ID is invalid. */ +uint32_t ossl_qrl_get_suite_cipher_iv_len(uint32_t suite_id); + +/* Returns AEAD auth tag length in bytes or 0 if suite ID is invalid. */ +uint32_t ossl_qrl_get_suite_cipher_tag_len(uint32_t suite_id); + +/* Returns a QUIC_HDR_PROT_CIPHER_* value or 0 if suite ID is invalid. */ +uint32_t ossl_qrl_get_suite_hdr_prot_cipher_id(uint32_t suite_id); + +/* Returns header protection key length in bytes or 0 if suite ID is invalid. */ +uint32_t ossl_qrl_get_suite_hdr_prot_key_len(uint32_t suite_id); + +/* + * Returns maximum number of packets which may be safely encrypted with a suite + * or 0 if suite ID is invalid. + */ +uint64_t ossl_qrl_get_suite_max_pkt(uint32_t suite_id); + +/* + * Returns maximum number of RX'd packets which may safely fail AEAD decryption + * for a given suite or 0 if suite ID is invalid. + */ +uint64_t ossl_qrl_get_suite_max_forged_pkt(uint32_t suite_id); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_rx_depack.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_rx_depack.h new file mode 100644 index 000000000000..c90964a7c16c --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_rx_depack.h @@ -0,0 +1,21 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_RX_DEPACK_H +# define OSSL_QUIC_RX_DEPACK_H + +# include "internal/quic_channel.h" + +# ifndef OPENSSL_NO_QUIC + +int ossl_quic_handle_frames(QUIC_CHANNEL *qc, OSSL_QRX_PKT *qpacket); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_sf_list.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_sf_list.h new file mode 100644 index 000000000000..8ed1dcb137e3 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_sf_list.h @@ -0,0 +1,151 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_SF_LIST_H +# define OSSL_QUIC_SF_LIST_H + +#include "internal/common.h" +#include "internal/uint_set.h" +#include "internal/quic_record_rx.h" + +/* + * Stream frame list + * ================= + * + * This data structure supports similar operations as uint64 set but + * it has slightly different invariants and also carries data associated with + * the ranges in the list. + * + * Operations: + * Insert frame (optimized insertion at the beginning and at the end). + * Iterated peek into the frame(s) from the beginning. + * Dropping frames from the beginning up to an offset (exclusive). + * + * Invariant: The frames in the list are sorted by the start and end bounds. + * Invariant: There are no fully overlapping frames or frames that would + * be fully encompassed by another frame in the list. + * Invariant: No frame has start > end. + * Invariant: The range start is inclusive the end is exclusive to be + * able to mark an empty frame. + * Invariant: The offset never points further than into the first frame. + */ +# ifndef OPENSSL_NO_QUIC + +typedef struct stream_frame_st STREAM_FRAME; + +typedef struct sframe_list_st { + STREAM_FRAME *head, *tail; + /* Is the tail frame final. */ + unsigned int fin; + /* Number of stream frames in the list. */ + size_t num_frames; + /* Offset of data not yet dropped */ + uint64_t offset; + /* Is head locked ? */ + int head_locked; + /* Cleanse data on release? */ + int cleanse; +} SFRAME_LIST; + +/* + * Initializes the stream frame list fl. + */ +void ossl_sframe_list_init(SFRAME_LIST *fl); + +/* + * Destroys the stream frame list fl releasing any data + * still present inside it. + */ +void ossl_sframe_list_destroy(SFRAME_LIST *fl); + +/* + * Insert a stream frame data into the list. + * The data covers an offset range (range.start is inclusive, + * range.end is exclusive). + * fin should be set if this is the final frame of the stream. + * Returns an error if a frame cannot be inserted - due to + * STREAM_FRAME allocation error, or in case of erroneous + * fin flag (this is an ossl_assert() check so a caller must + * check it on its own too). + */ +int ossl_sframe_list_insert(SFRAME_LIST *fl, UINT_RANGE *range, + OSSL_QRX_PKT *pkt, + const unsigned char *data, int fin); + +/* + * Iterator to peek at the contiguous frames at the beginning + * of the frame list fl. + * The *data covers an offset range (range.start is inclusive, + * range.end is exclusive). + * *fin is set if this is the final frame of the stream. + * Opaque iterator *iter can be used to peek at the subsequent + * frame if there is any without any gap before it. + * Returns 1 on success. + * Returns 0 if there is no further contiguous frame. In that + * case *fin is set, if the end of the stream is reached. + */ +int ossl_sframe_list_peek(const SFRAME_LIST *fl, void **iter, + UINT_RANGE *range, const unsigned char **data, + int *fin); + +/* + * Drop all frames up to the offset limit. + * Also unlocks the head frame if locked. + * Returns 1 on success. + * Returns 0 when trying to drop frames at offsets that were not + * received yet. (ossl_assert() is used to check, so this is an invalid call.) + */ +int ossl_sframe_list_drop_frames(SFRAME_LIST *fl, uint64_t limit); + +/* + * Locks and returns the head frame of fl if it is readable - read offset is + * at the beginning or middle of the frame. + * range is set to encompass the not yet read part of the head frame, + * data pointer is set to appropriate offset within the frame if the read + * offset points in the middle of the frame, + * fin is set to 1 if the head frame is also the tail frame. + * Returns 1 on success, 0 if there is no readable data or the head + * frame is already locked. + */ +int ossl_sframe_list_lock_head(SFRAME_LIST *fl, UINT_RANGE *range, + const unsigned char **data, + int *fin); + +/* + * Just returns whether the head frame is locked by previous + * ossl_sframe_list_lock_head() call. + */ +int ossl_sframe_list_is_head_locked(SFRAME_LIST *fl); + +/* + * Callback function type to write stream frame data to some + * side storage before the packet containing the frame data + * is released. + * It should return 1 on success or 0 if there is not enough + * space available in the side storage. + */ +typedef int (sframe_list_write_at_cb)(uint64_t logical_offset, + const unsigned char *buf, + size_t buf_len, + void *cb_arg); + +/* + * Move the frame data in all the stream frames in the list fl + * from the packets to the side storage using the write_at_cb + * callback. + * Returns 1 if all the calls to the callback return 1. + * If the callback returns 0, the function stops processing further + * frames and returns 0. + */ +int ossl_sframe_list_move_data(SFRAME_LIST *fl, + sframe_list_write_at_cb *write_at_cb, + void *cb_arg); +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_srt_gen.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_srt_gen.h new file mode 100644 index 000000000000..a25e71aa81ed --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_srt_gen.h @@ -0,0 +1,57 @@ +/* +* Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +* +* Licensed under the Apache License 2.0 (the "License"). You may not use +* this file except in compliance with the License. You can obtain a copy +* in the file LICENSE in the source distribution or at +* https://www.openssl.org/source/license.html +*/ + +#ifndef OSSL_INTERNAL_QUIC_SRT_GEN_H +# define OSSL_INTERNAL_QUIC_SRT_GEN_H +# pragma once + +# include "internal/e_os.h" +# include "internal/time.h" +# include "internal/quic_types.h" +# include "internal/quic_wire.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Stateless Reset Token Generator + * ==================================== + * + * This generates 16-byte QUIC Stateless Reset Tokens given a secret symmetric + * key and a DCID. Because the output is deterministic with regards to these + * inputs, assuming the same key is used between invocations of a process, we + * are able to generate the same stateless reset token in a subsequent process, + * thereby allowing us to achieve stateless reset of a peer which still thinks + * it is connected to a past process at the same UDP address. + */ +typedef struct quic_srt_gen_st QUIC_SRT_GEN; + +/* + * Create a new stateless reset token generator using the given key as input. + * The key may be of arbitrary length. + * + * The caller is responsible for performing domain separation with regards to + * the key; i.e., the caller is responsible for ensuring the key is never used + * in any other context. + */ +QUIC_SRT_GEN *ossl_quic_srt_gen_new(OSSL_LIB_CTX *libctx, const char *propq, + const unsigned char *key, size_t key_len); + +/* Free the stateless reset token generator. No-op if srt_gen is NULL. */ +void ossl_quic_srt_gen_free(QUIC_SRT_GEN *srt_gen); + +/* + * Calculates a token using the given DCID and writes it to *token. Returns 0 on + * failure. + */ +int ossl_quic_srt_gen_calculate_token(QUIC_SRT_GEN *srt_gen, + const QUIC_CONN_ID *dcid, + QUIC_STATELESS_RESET_TOKEN *token); + +# endif +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_srtm.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_srtm.h new file mode 100644 index 000000000000..d60c285e2295 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_srtm.h @@ -0,0 +1,109 @@ +/* +* Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +* +* Licensed under the Apache License 2.0 (the "License"). You may not use +* this file except in compliance with the License. You can obtain a copy +* in the file LICENSE in the source distribution or at +* https://www.openssl.org/source/license.html +*/ + +#ifndef OSSL_INTERNAL_QUIC_SRTM_H +# define OSSL_INTERNAL_QUIC_SRTM_H +# pragma once + +# include "internal/e_os.h" +# include "internal/time.h" +# include "internal/quic_types.h" +# include "internal/quic_wire.h" +# include "internal/quic_predef.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Stateless Reset Token Manager + * ================================== + * + * The stateless reset token manager is responsible for mapping stateless reset + * tokens to connections. It is used to identify stateless reset tokens in + * incoming packets. In this regard it can be considered an alternate "routing" + * mechanism for incoming packets, and is somewhat analogous with the LCIDM, + * except that it uses SRTs to route rather than DCIDs. + * + * The SRTM specifically stores a bidirectional mapping of the form + * + * (opaque pointer, sequence number) [1] <-> [0..n] SRT + * + * The (opaque pointer, sequence number) tuple is used to refer to an entry (for + * example for the purposes of removing it later when it is no longer needed). + * Likewise, an entry can be looked up using SRT to get the opaque pointer and + * sequence number. + * + * It is important to note that the same SRT may exist multiple times and map to + * multiple (opaque pointer, sequence number) tuples, for example, if we + * initiate multiple connections to the same peer using the same local QUIC_PORT + * and the peer decides to behave bizarrely and issue the same SRT for both + * connections. It should not do this, but we have to be resilient against + * byzantine peer behaviour. Thus we are capable of storing multiple identical + * SRTs for different (opaque pointer, sequence number) keys. + * + * The SRTM supports arbitrary insertion, arbitrary deletion of specific keys + * identified by a (opaque pointer, sequence number) key, and mass deletion of + * all entries under a specific opaque pointer. It supports lookup by SRT to + * identify zero or more corresponding (opaque pointer, sequence number) tuples. + * + * The opaque pointer may be used for any purpose but is intended to represent a + * connection identity and must therefore be consistent (usefully comparable). + */ + +/* Creates a new empty SRTM instance. */ +QUIC_SRTM *ossl_quic_srtm_new(OSSL_LIB_CTX *libctx, const char *propq); + +/* Frees a SRTM instance. No-op if srtm is NULL. */ +void ossl_quic_srtm_free(QUIC_SRTM *srtm); + +/* + * Add a (opaque, seq_num) -> SRT entry to the SRTM. This operation fails if a + * SRT entry already exists with the same (opaque, seq_num) tuple. The token is + * copied. Returns 1 on success or 0 on failure. + */ +int ossl_quic_srtm_add(QUIC_SRTM *srtm, void *opaque, uint64_t seq_num, + const QUIC_STATELESS_RESET_TOKEN *token); + +/* + * Removes an entry by identifying it via its (opaque, seq_num) tuple. + * Returns 1 if the entry was found and removed, and 0 if it was not found. + */ +int ossl_quic_srtm_remove(QUIC_SRTM *srtm, void *opaque, uint64_t seq_num); + +/* + * Removes all entries (opaque, *) with the given opaque pointer. + * + * Returns 1 on success and 0 on failure. If no entries with the given opaque + * pointer were found, this is considered a success condition. + */ +int ossl_quic_srtm_cull(QUIC_SRTM *strm, void *opaque); + +/* + * Looks up a SRT to find the corresponding opaque pointer and sequence number. + * An output field pointer can be set to NULL if it is not required. + * + * This function is designed to avoid exposing timing channels on token values + * or the contents of the SRT mapping. + * + * If there are several identical SRTs, idx can be used to get the nth entry. + * Call this function with idx set to 0 first, and keep calling it after + * incrementing idx until it returns 0. + * + * Returns 1 if an entry was found and 0 otherwise. + */ +int ossl_quic_srtm_lookup(QUIC_SRTM *srtm, + const QUIC_STATELESS_RESET_TOKEN *token, + size_t idx, + void **opaque, uint64_t *seq_num); + +/* Verify internal invariants and assert if they are not met. */ +void ossl_quic_srtm_check(const QUIC_SRTM *srtm); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_ssl.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_ssl.h new file mode 100644 index 000000000000..4fc7a21a5217 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_ssl.h @@ -0,0 +1,151 @@ +/* + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_SSL_H +# define OSSL_QUIC_SSL_H + +# include +# include +# include "internal/quic_record_rx.h" /* OSSL_QRX */ +# include "internal/quic_ackm.h" /* OSSL_ACKM */ +# include "internal/quic_channel.h" /* QUIC_CHANNEL */ + +# ifndef OPENSSL_NO_QUIC + +__owur SSL *ossl_quic_new(SSL_CTX *ctx); +__owur int ossl_quic_init(SSL *s); +void ossl_quic_deinit(SSL *s); +void ossl_quic_free(SSL *s); +int ossl_quic_reset(SSL *s); +int ossl_quic_clear(SSL *s); +__owur int ossl_quic_accept(SSL *s); +__owur int ossl_quic_connect(SSL *s); +__owur int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *readbytes); +__owur int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *readbytes); +__owur int ossl_quic_write_flags(SSL *s, const void *buf, size_t len, + uint64_t flags, size_t *written); +__owur int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written); +__owur long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg); +__owur long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); +__owur long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void)); +__owur long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)); +__owur size_t ossl_quic_pending(const SSL *s); +__owur int ossl_quic_key_update(SSL *s, int update_type); +__owur int ossl_quic_get_key_update_type(const SSL *s); +__owur const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p); +__owur int ossl_quic_num_ciphers(void); +__owur const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u); +int ossl_quic_renegotiate_check(SSL *ssl, int initok); + +typedef struct quic_conn_st QUIC_CONNECTION; +typedef struct quic_xso_st QUIC_XSO; + +int ossl_quic_do_handshake(SSL *s); +void ossl_quic_set_connect_state(SSL *s); +void ossl_quic_set_accept_state(SSL *s); + +__owur int ossl_quic_has_pending(const SSL *s); +__owur int ossl_quic_handle_events(SSL *s); +__owur int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, + int *is_infinite); +OSSL_TIME ossl_quic_get_event_deadline(SSL *s); +__owur int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *d); +__owur int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *d); +__owur int ossl_quic_get_net_read_desired(SSL *s); +__owur int ossl_quic_get_net_write_desired(SSL *s); +__owur int ossl_quic_get_error(const SSL *s, int i); +__owur int ossl_quic_want(const SSL *s); +__owur int ossl_quic_conn_get_blocking_mode(const SSL *s); +__owur int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking); +__owur int ossl_quic_conn_shutdown(SSL *s, uint64_t flags, + const SSL_SHUTDOWN_EX_ARGS *args, + size_t args_len); +__owur int ossl_quic_conn_stream_conclude(SSL *s); +void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_wbio); +void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio); +BIO *ossl_quic_conn_get_net_rbio(const SSL *s); +BIO *ossl_quic_conn_get_net_wbio(const SSL *s); +__owur int ossl_quic_conn_set_initial_peer_addr(SSL *s, + const BIO_ADDR *peer_addr); +__owur SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags); +__owur SSL *ossl_quic_get0_connection(SSL *s); +__owur int ossl_quic_get_stream_type(SSL *s); +__owur uint64_t ossl_quic_get_stream_id(SSL *s); +__owur int ossl_quic_is_stream_local(SSL *s); +__owur int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode); +__owur SSL *ossl_quic_detach_stream(SSL *s); +__owur int ossl_quic_attach_stream(SSL *conn, SSL *stream); +__owur int ossl_quic_set_incoming_stream_policy(SSL *s, int policy, + uint64_t aec); +__owur SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags); +__owur size_t ossl_quic_get_accept_stream_queue_len(SSL *s); +__owur int ossl_quic_get_value_uint(SSL *s, uint32_t class_, uint32_t id, + uint64_t *value); +__owur int ossl_quic_set_value_uint(SSL *s, uint32_t class_, uint32_t id, + uint64_t value); + +__owur int ossl_quic_stream_reset(SSL *ssl, + const SSL_STREAM_RESET_ARGS *args, + size_t args_len); + +__owur int ossl_quic_get_stream_read_state(SSL *ssl); +__owur int ossl_quic_get_stream_write_state(SSL *ssl); +__owur int ossl_quic_get_stream_read_error_code(SSL *ssl, + uint64_t *app_error_code); +__owur int ossl_quic_get_stream_write_error_code(SSL *ssl, + uint64_t *app_error_code); +__owur int ossl_quic_get_conn_close_info(SSL *ssl, + SSL_CONN_CLOSE_INFO *info, + size_t info_len); + +uint64_t ossl_quic_set_options(SSL *s, uint64_t opts); +uint64_t ossl_quic_clear_options(SSL *s, uint64_t opts); +uint64_t ossl_quic_get_options(const SSL *s); + +/* Modifies write buffer size for a stream. */ +__owur int ossl_quic_set_write_buffer_size(SSL *s, size_t size); + +/* + * Used to override ossl_time_now() for debug purposes. While this may be + * overridden at any time, expect strange results if you change it after + * connecting. + */ +int ossl_quic_conn_set_override_now_cb(SSL *s, + OSSL_TIME (*now_cb)(void *arg), + void *now_cb_arg); + +/* + * Condvar waiting in the assist thread doesn't support time faking as it relies + * on the OS's notion of time, thus this is used in test code to force a + * spurious wakeup instead. + */ +void ossl_quic_conn_force_assist_thread_wake(SSL *s); + +/* For use by tests only. */ +QUIC_CHANNEL *ossl_quic_conn_get_channel(SSL *s); + +int ossl_quic_has_pending(const SSL *s); +int ossl_quic_get_shutdown(const SSL *s); + +/* + * Set qlog diagnostic title. String is copied internally on success and need + * not remain allocated. Only has any effect if logging has not already begun. + * For use by tests only. Setting this on a context affects any QCSO created + * after this is called but does not affect QCSOs already created from a + * context. + */ +int ossl_quic_set_diag_title(SSL_CTX *ctx, const char *title); + +/* APIs used by the polling infrastructure */ +int ossl_quic_conn_poll_events(SSL *ssl, uint64_t events, int do_tick, + uint64_t *revents); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_statm.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_statm.h new file mode 100644 index 000000000000..2fca69b0d181 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_statm.h @@ -0,0 +1,41 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_STATS_H +# define OSSL_QUIC_STATS_H + +# include +# include "internal/time.h" +# include "internal/quic_predef.h" + +# ifndef OPENSSL_NO_QUIC + +struct ossl_statm_st { + OSSL_TIME smoothed_rtt, latest_rtt, min_rtt, rtt_variance; + char have_first_sample; +}; + +typedef struct ossl_rtt_info_st { + /* As defined in RFC 9002. */ + OSSL_TIME smoothed_rtt, latest_rtt, rtt_variance, min_rtt; +} OSSL_RTT_INFO; + +int ossl_statm_init(OSSL_STATM *statm); + +void ossl_statm_destroy(OSSL_STATM *statm); + +void ossl_statm_get_rtt_info(OSSL_STATM *statm, OSSL_RTT_INFO *rtt_info); + +void ossl_statm_update_rtt(OSSL_STATM *statm, + OSSL_TIME ack_delay, + OSSL_TIME override_latest_rtt); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_stream.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_stream.h new file mode 100644 index 000000000000..d446dadc5047 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_stream.h @@ -0,0 +1,428 @@ +/* +* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +* +* Licensed under the Apache License 2.0 (the "License"). You may not use +* this file except in compliance with the License. You can obtain a copy +* in the file LICENSE in the source distribution or at +* https://www.openssl.org/source/license.html +*/ + +#ifndef OSSL_INTERNAL_QUIC_STREAM_H +# define OSSL_INTERNAL_QUIC_STREAM_H +# pragma once + +#include "internal/e_os.h" +#include "internal/time.h" +#include "internal/quic_types.h" +#include "internal/quic_predef.h" +#include "internal/quic_wire.h" +#include "internal/quic_record_tx.h" +#include "internal/quic_record_rx.h" +#include "internal/quic_fc.h" +#include "internal/quic_statm.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Send Stream + * ================ + * + * The QUIC Send Stream Manager (QUIC_SSTREAM) is responsible for: + * + * - accepting octet strings of stream data; + * + * - generating corresponding STREAM frames; + * + * - receiving notifications of lost frames, in order to generate new STREAM + * frames for the lost data; + * + * - receiving notifications of acknowledged frames, in order to internally + * reuse memory used to store acknowledged stream data; + * + * - informing the caller of how much more stream data it can accept into + * its internal buffers, so as to ensure that the amount of unacknowledged + * data which can be written to a stream is not infinite and to allow the + * caller to manifest backpressure conditions to the user. + * + * The QUIC_SSTREAM is instantiated once for every stream with a send component + * (i.e., for a unidirectional send stream or for the send component of a + * bidirectional stream). + * + * Note: The terms 'TX' and 'RX' are used when referring to frames, packets and + * datagrams. The terms 'send' and 'receive' are used when referring to the + * stream abstraction. Applications send; we transmit. + */ + +/* + * Instantiates a new QUIC_SSTREAM. init_buf_size specifies the initial size of + * the stream data buffer in bytes, which must be positive. + */ +QUIC_SSTREAM *ossl_quic_sstream_new(size_t init_buf_size); + +/* + * Frees a QUIC_SSTREAM and associated stream data storage. + * + * Any iovecs returned by ossl_quic_sstream_get_stream_frame cease to be valid after + * calling this function. + */ +void ossl_quic_sstream_free(QUIC_SSTREAM *qss); + +/* + * (For TX packetizer use.) Retrieves information about application stream data + * which is ready for transmission. + * + * *hdr is filled with the logical offset, maximum possible length of stream + * data which can be transmitted, and a pointer to the stream data to be + * transmitted. is_fin is set to 1 if hdr->offset + hdr->len is the final size + * of the stream and 0 otherwise. hdr->stream_id is not set; the caller must set + * it. + * + * The caller is not obligated to send all of the data. If the caller does not + * send all of the data, the caller must reduce hdr->len before serializing the + * header structure and must ensure that hdr->is_fin is cleared. + * + * hdr->has_explicit_len is always set. It is the caller's responsibility to + * clear this if it wants to use the optimization of omitting the length field, + * as only the caller can know when this optimization can be performed. + * + * *num_iov must be set to the size of the iov array at call time. When this + * function returns successfully, it is updated to the number of iov entries + * which have been written. + * + * The stream data may be split across up to two IOVs due to internal ring + * buffer organisation. The sum of the lengths of the IOVs and the value written + * to hdr->len will always match. If the caller decides to send less than + * hdr->len of stream data, it must adjust the IOVs accordingly. This may be + * done by updating hdr->len and then calling the utility function + * ossl_quic_sstream_adjust_iov(). + * + * After committing one or more bytes returned by ossl_quic_sstream_get_stream_frame to a + * packet, call ossl_quic_sstream_mark_transmitted with the inclusive range of logical + * byte numbers of the transmitted bytes (i.e., hdr->offset, hdr->offset + + * hdr->len - 1). If you do not call ossl_quic_sstream_mark_transmitted, the next call to + * ossl_quic_sstream_get_stream_frame will return the same data (or potentially the same + * and more, if more data has been appended by the application). + * + * It is the caller's responsibility to clamp the length of data which this + * function indicates is available according to other concerns, such as + * stream-level flow control, connection-level flow control, or the applicable + * maximum datagram payload length (MDPL) for a packet under construction. + * + * The skip argument can usually be given as zero. If it is non-zero, this + * function outputs a range which would be output if it were called again after + * calling ossl_quic_sstream_mark_transmitted() with the returned range, repeated 'skip' + * times, and so on. This may be useful for callers which wish to enumerate + * available stream frames and batch their calls to ossl_quic_sstream_mark_transmitted at + * a later time. + * + * On success, this function will never write *num_iov with a value other than + * 0, 1 or 2. A *num_iov value of 0 can only occurs when hdr->is_fin is set (for + * example, when a stream is closed after all existing data has been sent, and + * without sending any more data); otherwise the function returns 0 as there is + * nothing useful to report. + * + * Returns 1 on success and 0 if there is no stream data available for + * transmission, or on other error (such as if the caller provides fewer + * than two IOVs.) + */ +int ossl_quic_sstream_get_stream_frame(QUIC_SSTREAM *qss, + size_t skip, + OSSL_QUIC_FRAME_STREAM *hdr, + OSSL_QTX_IOVEC *iov, + size_t *num_iov); + +/* + * Returns 1 if there is data pending transmission. Equivalent to calling + * ossl_quic_sstream_get_stream_frame and seeing if it succeeds. + */ +int ossl_quic_sstream_has_pending(QUIC_SSTREAM *qss); + +/* + * Returns the current size of the stream; i.e., the number of bytes which have + * been appended to the stream so far. + */ +uint64_t ossl_quic_sstream_get_cur_size(QUIC_SSTREAM *qss); + +/* + * (For TX packetizer use.) Marks a logical range of the send stream as having + * been transmitted. + * + * 0 denotes the first byte ever sent on the stream. The start and end values + * are both inclusive, therefore all calls to this function always mark at least + * one byte as being transmitted; if no bytes have been transmitted, do not call + * this function. + * + * If the STREAM frame sent had the FIN bit set, you must also call + * ossl_quic_sstream_mark_transmitted_fin() after calling this function. + * + * If you sent a zero-length STREAM frame with the FIN bit set, you need only + * call ossl_quic_sstream_mark_transmitted_fin() and must not call this function. + * + * Returns 1 on success and 0 on error (e.g. if end < start). + */ +int ossl_quic_sstream_mark_transmitted(QUIC_SSTREAM *qss, + uint64_t start, + uint64_t end); + +/* + * (For TX packetizer use.) Marks a STREAM frame with the FIN bit set as having + * been transmitted. final_size is the final size of the stream (i.e., the value + * offset + len of the transmitted STREAM frame). + * + * This function fails returning 0 if ossl_quic_sstream_fin() has not been called or if + * final_size is not correct. The final_size argument is not strictly needed by + * the QUIC_SSTREAM but is required as a sanity check. + */ +int ossl_quic_sstream_mark_transmitted_fin(QUIC_SSTREAM *qss, + uint64_t final_size); + +/* + * (RX/ACKM use.) Marks a logical range of the send stream as having been lost. + * The send stream will return the lost data for retransmission on a future call + * to ossl_quic_sstream_get_stream_frame. The start and end values denote logical byte + * numbers and are inclusive. + * + * If the lost frame had the FIN bit set, you must also call + * ossl_quic_sstream_mark_lost_fin() after calling this function. + * + * Returns 1 on success and 0 on error (e.g. if end < start). + */ +int ossl_quic_sstream_mark_lost(QUIC_SSTREAM *qss, + uint64_t start, + uint64_t end); + +/* + * (RX/ACKM use.) Informs the QUIC_SSTREAM that a STREAM frame with the FIN bit + * set was lost. + * + * Returns 1 on success and 0 on error. + */ +int ossl_quic_sstream_mark_lost_fin(QUIC_SSTREAM *qss); + +/* + * (RX/ACKM use.) Marks a logical range of the send stream as having been + * acknowledged, meaning that the storage for the data in that range of the + * stream can be now recycled and neither that logical range of the stream nor + * any subset of it can be retransmitted again. The start and end values are + * inclusive. + * + * If the acknowledged frame had the FIN bit set, you must also call + * ossl_quic_sstream_mark_acked_fin() after calling this function. + * + * Returns 1 on success and 0 on error (e.g. if end < start). + */ +int ossl_quic_sstream_mark_acked(QUIC_SSTREAM *qss, + uint64_t start, + uint64_t end); + +/* + * (RX/ACKM use.) Informs the QUIC_SSTREAM that a STREAM frame with the FIN bit + * set was acknowledged. + * + * Returns 1 on success and 0 on error. + */ +int ossl_quic_sstream_mark_acked_fin(QUIC_SSTREAM *qss); + +/* + * (Front end use.) Appends user data to the stream. The data is copied into the + * stream. The amount of data consumed from buf is written to *consumed on + * success (short writes are possible). The amount of data which can be written + * can be determined in advance by calling the ossl_quic_sstream_get_buffer_avail() + * function; data is copied into an internal ring buffer of finite size. + * + * If the buffer is full, this should be materialised as a backpressure + * condition by the front end. This is not considered a failure condition; + * *consumed is written as 0 and the function returns 1. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_sstream_append(QUIC_SSTREAM *qss, + const unsigned char *buf, + size_t buf_len, + size_t *consumed); + +/* + * Marks a stream as finished. ossl_quic_sstream_append() may not be called anymore + * after calling this. + */ +void ossl_quic_sstream_fin(QUIC_SSTREAM *qss); + +/* + * If the stream has had ossl_quic_sstream_fin() called, returns 1 and writes + * the final size to *final_size. Otherwise, returns 0. + */ +int ossl_quic_sstream_get_final_size(QUIC_SSTREAM *qss, uint64_t *final_size); + +/* + * Returns 1 iff all bytes (and any FIN, if any) which have been appended to the + * QUIC_SSTREAM so far, and any FIN (if any), have been both sent and acked. + */ +int ossl_quic_sstream_is_totally_acked(QUIC_SSTREAM *qss); + +/* + * Resizes the internal ring buffer. All stream data is preserved safely. + * + * This can be used to expand or contract the ring buffer, but not to contract + * the ring buffer below the amount of stream data currently stored in it. + * Returns 1 on success and 0 on failure. + * + * IMPORTANT: Any buffers referenced by iovecs output by + * ossl_quic_sstream_get_stream_frame() cease to be valid after calling this function. + */ +int ossl_quic_sstream_set_buffer_size(QUIC_SSTREAM *qss, size_t num_bytes); + +/* + * Gets the internal ring buffer size in bytes. + */ +size_t ossl_quic_sstream_get_buffer_size(QUIC_SSTREAM *qss); + +/* + * Gets the number of bytes used in the internal ring buffer. + */ +size_t ossl_quic_sstream_get_buffer_used(QUIC_SSTREAM *qss); + +/* + * Gets the number of bytes free in the internal ring buffer. + */ +size_t ossl_quic_sstream_get_buffer_avail(QUIC_SSTREAM *qss); + +/* + * Utility function to ensure the length of an array of iovecs matches the + * length given as len. Trailing iovecs have their length values reduced or set + * to 0 as necessary. + */ +void ossl_quic_sstream_adjust_iov(size_t len, + OSSL_QTX_IOVEC *iov, + size_t num_iov); + +/* + * Sets flag to cleanse the buffered data when it is acked. + */ +void ossl_quic_sstream_set_cleanse(QUIC_SSTREAM *qss, int cleanse); + +/* + * QUIC Receive Stream Manager + * =========================== + * + * The QUIC Receive Stream Manager (QUIC_RSTREAM) is responsible for + * storing the received stream data frames until the application + * is able to read the data. + * + * The QUIC_RSTREAM is instantiated once for every stream that can receive data. + * (i.e., for a unidirectional receiving stream or for the receiving component + * of a bidirectional stream). + */ + +/* + * Create a new instance of QUIC_RSTREAM with pointers to the flow + * controller and statistics module. They can be NULL for unit testing. + * If they are non-NULL, the `rxfc` is called when receive stream data + * is read by application. `statm` is queried for current rtt. + * `rbuf_size` is the initial size of the ring buffer to be used + * when ossl_quic_rstream_move_to_rbuf() is called. + */ +QUIC_RSTREAM *ossl_quic_rstream_new(QUIC_RXFC *rxfc, + OSSL_STATM *statm, size_t rbuf_size); + +/* + * Frees a QUIC_RSTREAM and any associated storage. + */ +void ossl_quic_rstream_free(QUIC_RSTREAM *qrs); + +/* + * Adds received stream frame data to `qrs`. The `pkt_wrap` refcount is + * incremented if the `data` is queued directly without copying. + * It can be NULL for unit-testing purposes, i.e. if `data` is static or + * never released before calling ossl_quic_rstream_free(). + * The `offset` is the absolute offset of the data in the stream. + * `data_len` can be 0 - can be useful for indicating `fin` for empty stream. + * Or to indicate `fin` without any further data added to the stream. + */ + +int ossl_quic_rstream_queue_data(QUIC_RSTREAM *qrs, OSSL_QRX_PKT *pkt, + uint64_t offset, + const unsigned char *data, uint64_t data_len, + int fin); + +/* + * Copies the data from the stream storage to buffer `buf` of size `size`. + * `readbytes` is set to the number of bytes actually copied. + * `fin` is set to 1 if all the data from the stream were read so the + * stream is finished. It is set to 0 otherwise. + */ +int ossl_quic_rstream_read(QUIC_RSTREAM *qrs, unsigned char *buf, size_t size, + size_t *readbytes, int *fin); + +/* + * Peeks at the data in the stream storage. It copies them to buffer `buf` + * of size `size` and sets `readbytes` to the number of bytes actually copied. + * `fin` is set to 1 if the copied data reach end of the stream. + * It is set to 0 otherwise. + */ +int ossl_quic_rstream_peek(QUIC_RSTREAM *qrs, unsigned char *buf, size_t size, + size_t *readbytes, int *fin); + +/* + * Returns the size of the data available for reading. `fin` is set to 1 if + * after reading all the available data the stream will be finished, + * set to 0 otherwise. + */ +int ossl_quic_rstream_available(QUIC_RSTREAM *qrs, size_t *avail, int *fin); + +/* + * Sets *record to the beginning of the first readable stream data chunk and + * *reclen to the size of the chunk. *fin is set to 1 if the end of the + * chunk is the last of the stream data chunks. + * If there is no record available *record is set to NULL and *rec_len to 0; + * ossl_quic_rstream_release_record() should not be called in that case. + * Returns 1 on success (including calls if no record is available, or + * after end of the stream - in that case *fin will be set to 1 and + * *rec_len to 0), 0 on error. + * It is an error to call ossl_quic_rstream_get_record() multiple times + * without calling ossl_quic_rstream_release_record() in between. + */ +int ossl_quic_rstream_get_record(QUIC_RSTREAM *qrs, + const unsigned char **record, size_t *rec_len, + int *fin); + +/* + * Releases (possibly partially) the record returned by + * previous ossl_quic_rstream_get_record() call. + * read_len between previously returned *rec_len and SIZE_MAX indicates + * release of the whole record. Otherwise only part of the record is + * released. The remaining part of the record is unlocked, another + * call to ossl_quic_rstream_get_record() is needed to obtain further + * stream data. + * Returns 1 on success, 0 on error. + * It is an error to call ossl_quic_rstream_release_record() multiple + * times without calling ossl_quic_rstream_get_record() in between. + */ +int ossl_quic_rstream_release_record(QUIC_RSTREAM *qrs, size_t read_len); + +/* + * Moves received frame data from decrypted packets to ring buffer. + * This should be called when there are too many decrypted packets allocated. + * Returns 1 on success, 0 when it was not possible to release all + * referenced packets due to an insufficient size of the ring buffer. + * Exception is the packet from the record returned previously by + * ossl_quic_rstream_get_record() - that one will be always skipped. + */ +int ossl_quic_rstream_move_to_rbuf(QUIC_RSTREAM *qrs); + +/* + * Resizes the internal ring buffer to a new `rbuf_size` size. + * Returns 1 on success, 0 on error. + * Possible error conditions are an allocation failure, trying to resize + * the ring buffer when ossl_quic_rstream_get_record() was called and + * not yet released, or trying to resize the ring buffer to a smaller size + * than currently occupied. + */ +int ossl_quic_rstream_resize_rbuf(QUIC_RSTREAM *qrs, size_t rbuf_size); + +/* + * Sets flag to cleanse the buffered data when user reads it. + */ +void ossl_quic_rstream_set_cleanse(QUIC_RSTREAM *qrs, int cleanse); +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_stream_map.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_stream_map.h new file mode 100644 index 000000000000..745d9c03d493 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_stream_map.h @@ -0,0 +1,916 @@ +/* +* Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. +* +* Licensed under the Apache License 2.0 (the "License"). You may not use +* this file except in compliance with the License. You can obtain a copy +* in the file LICENSE in the source distribution or at +* https://www.openssl.org/source/license.html +*/ + +#ifndef OSSL_INTERNAL_QUIC_STREAM_MAP_H +# define OSSL_INTERNAL_QUIC_STREAM_MAP_H +# pragma once + +# include "internal/e_os.h" +# include "internal/time.h" +# include "internal/common.h" +# include "internal/quic_types.h" +# include "internal/quic_predef.h" +# include "internal/quic_stream.h" +# include "internal/quic_fc.h" +# include + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Stream + * =========== + * + * Logical QUIC stream composing all relevant send and receive components. + */ + +typedef struct quic_stream_list_node_st QUIC_STREAM_LIST_NODE; + +struct quic_stream_list_node_st { + QUIC_STREAM_LIST_NODE *prev, *next; +}; + +/* + * QUIC Send Stream States + * ----------------------- + * + * These correspond to the states defined in RFC 9000 s. 3.1, with the + * exception of the NONE state which represents the absence of a send stream + * part. + * + * Invariants in each state are noted in comments below. In particular, once all + * data has been acknowledged received, or we have reset the stream, we don't + * need to keep the QUIC_SSTREAM and data buffers around. Of course, we also + * don't have a QUIC_SSTREAM on a receive-only stream. + */ +#define QUIC_SSTREAM_STATE_NONE 0 /* --- sstream == NULL */ +#define QUIC_SSTREAM_STATE_READY 1 /* \ */ +#define QUIC_SSTREAM_STATE_SEND 2 /* |-- sstream != NULL */ +#define QUIC_SSTREAM_STATE_DATA_SENT 3 /* / */ +#define QUIC_SSTREAM_STATE_DATA_RECVD 4 /* \ */ +#define QUIC_SSTREAM_STATE_RESET_SENT 5 /* |-- sstream == NULL */ +#define QUIC_SSTREAM_STATE_RESET_RECVD 6 /* / */ + +/* + * QUIC Receive Stream States + * -------------------------- + * + * These correspond to the states defined in RFC 9000 s. 3.2, with the exception + * of the NONE state which represents the absence of a receive stream part. + * + * Invariants in each state are noted in comments below. In particular, once all + * data has been read by the application, we don't need to keep the QUIC_RSTREAM + * and data buffers around. If the receive part is instead reset before it is + * finished, we also don't need to keep the QUIC_RSTREAM around. Finally, we + * don't need a QUIC_RSTREAM on a send-only stream. + */ +#define QUIC_RSTREAM_STATE_NONE 0 /* --- rstream == NULL */ +#define QUIC_RSTREAM_STATE_RECV 1 /* \ */ +#define QUIC_RSTREAM_STATE_SIZE_KNOWN 2 /* |-- rstream != NULL */ +#define QUIC_RSTREAM_STATE_DATA_RECVD 3 /* / */ +#define QUIC_RSTREAM_STATE_DATA_READ 4 /* \ */ +#define QUIC_RSTREAM_STATE_RESET_RECVD 5 /* |-- rstream == NULL */ +#define QUIC_RSTREAM_STATE_RESET_READ 6 /* / */ + +struct quic_stream_st { + QUIC_STREAM_LIST_NODE active_node; /* for use by QUIC_STREAM_MAP */ + QUIC_STREAM_LIST_NODE accept_node; /* accept queue of remotely-created streams */ + QUIC_STREAM_LIST_NODE ready_for_gc_node; /* queue of streams now ready for GC */ + + /* Temporary link used by TXP. */ + QUIC_STREAM *txp_next; + + /* + * QUIC Stream ID. Do not assume that this encodes a type as this is a + * version-specific property and may change between QUIC versions; instead, + * use the type field. + */ + uint64_t id; + + /* + * Application Error Code (AEC) used for STOP_SENDING frame. + * This is only valid if stop_sending is 1. + */ + uint64_t stop_sending_aec; + + /* + * Application Error Code (AEC) used for RESET_STREAM frame. + * This is only valid if reset_stream is 1. + */ + uint64_t reset_stream_aec; + + /* + * Application Error Code (AEC) for incoming STOP_SENDING frame. + * This is only valid if peer_stop_sending is 1. + */ + uint64_t peer_stop_sending_aec; + + /* + * Application Error Code (AEC) for incoming RESET_STREAM frame. + * This is only valid if peer_reset_stream is 1. + */ + uint64_t peer_reset_stream_aec; + + /* Temporary value used by TXP. */ + uint64_t txp_txfc_new_credit_consumed; + + /* + * The final size of the send stream. Although this information can be + * discerned from a QUIC_SSTREAM, it is stored separately as we need to keep + * track of this even if we have thrown away the QUIC_SSTREAM. Use + * ossl_quic_stream_send_get_final_size to determine if this contain a + * valid value or if there is no final size yet for a sending part. + * + * For the receive part, the final size is tracked by the stream-level RXFC; + * use ossl_quic_stream_recv_get_final_size or + * ossl_quic_rxfc_get_final_size. + */ + uint64_t send_final_size; + + /* + * Send stream part and receive stream part buffer management objects. + * + * DO NOT test these pointers (sstream, rstream) for NULL. Determine the + * state of the send or receive stream part first using the appropriate + * function; then the invariant of that state guarantees that sstream or + * rstream either is or is not NULL respectively, therefore there is no + * valid use case for testing these pointers for NULL. In particular, a + * stream with a send part can still have sstream as NULL, and a stream with + * a receive part can still have rstream as NULL. QUIC_SSTREAM and + * QUIC_RSTREAM are stream buffer resource management objects which exist + * only when they need to for buffer management purposes. The existence or + * non-existence of a QUIC_SSTREAM or QUIC_RSTREAM object does not + * correspond with whether a stream's respective send or receive part + * logically exists or not. + */ + QUIC_SSTREAM *sstream; /* NULL if RX-only */ + QUIC_RSTREAM *rstream; /* NULL if TX only */ + + /* Stream-level flow control managers. */ + QUIC_TXFC txfc; /* NULL if RX-only */ + QUIC_RXFC rxfc; /* NULL if TX-only */ + + unsigned int type : 8; /* QUIC_STREAM_INITIATOR_*, QUIC_STREAM_DIR_* */ + + unsigned int send_state : 8; /* QUIC_SSTREAM_STATE_* */ + unsigned int recv_state : 8; /* QUIC_RSTREAM_STATE_* */ + + /* 1 iff this QUIC_STREAM is on the active queue (invariant). */ + unsigned int active : 1; + + /* + * This is a copy of the QUIC connection as_server value, indicating + * whether we are locally operating as a server or not. Having this + * significantly simplifies stream type determination relative to our + * perspective. It never changes after a QUIC_STREAM is created and is the + * same for all QUIC_STREAMS under a QUIC_STREAM_MAP. + */ + unsigned int as_server : 1; + + /* + * Has STOP_SENDING been requested (by us)? Note that this is not the same + * as want_stop_sending below, as a STOP_SENDING frame may already have been + * sent and fully acknowledged. + */ + unsigned int stop_sending : 1; + + /* + * Has RESET_STREAM been requested (by us)? Works identically to + * STOP_SENDING for transmission purposes. + */ + /* Has our peer sent a STOP_SENDING frame? */ + unsigned int peer_stop_sending : 1; + + /* Temporary flags used by TXP. */ + unsigned int txp_sent_fc : 1; + unsigned int txp_sent_stop_sending : 1; + unsigned int txp_sent_reset_stream : 1; + unsigned int txp_drained : 1; + unsigned int txp_blocked : 1; + + /* Frame regeneration flags. */ + unsigned int want_max_stream_data : 1; /* used for regen only */ + unsigned int want_stop_sending : 1; /* used for gen or regen */ + unsigned int want_reset_stream : 1; /* used for gen or regen */ + + /* Flags set when frames *we* sent were acknowledged. */ + unsigned int acked_stop_sending : 1; + + /* + * The stream's XSO has been deleted. Pending GC. + * + * Here is how stream deletion works: + * + * - A QUIC_STREAM cannot be deleted until it is neither in the accept + * queue nor has an associated XSO. This condition occurs when and only + * when deleted is true. + * + * - Once this is the case (i.e., no user-facing API object exposing the + * stream), we can delete the stream once we determine that all of our + * protocol obligations requiring us to keep the QUIC_STREAM around have + * been met. + * + * The following frames relate to the streams layer for a specific + * stream: + * + * STREAM + * + * RX Obligations: + * Ignore for a deleted stream. + * + * (This is different from our obligation for a + * locally-initiated stream ID we have not created yet, + * which we must treat as a protocol error. This can be + * distinguished via a simple monotonic counter.) + * + * TX Obligations: + * None, once we've decided to (someday) delete the stream. + * + * STOP_SENDING + * + * We cannot delete the stream until we have finished informing + * the peer that we are not going to be listening to it + * anymore. + * + * RX Obligations: + * When we delete a stream we must have already had a FIN + * or RESET_STREAM we transmitted acknowledged by the peer. + * Thus we can ignore STOP_SENDING frames for deleted + * streams (if they occur, they are probably just + * retransmissions). + * + * TX Obligations: + * _Acknowledged_ receipt of a STOP_SENDING frame by the + * peer (unless the peer's send part has already FIN'd). + * + * RESET_STREAM + * + * We cannot delete the stream until we have finished informing + * the peer that we are not going to be transmitting on it + * anymore. + * + * RX Obligations: + * This indicates the peer is not going to send any more + * data on the stream. We don't need to care about this + * since once a stream is marked for deletion we don't care + * about any data it does send. We can ignore this for + * deleted streams. The important criterion is that the + * peer has been successfully delivered our STOP_SENDING + * frame. + * + * TX Obligations: + * _Acknowledged_ receipt of a RESET_STREAM frame or FIN by + * the peer. + * + * MAX_STREAM_DATA + * + * RX Obligations: + * Ignore. Since we are not going to be sending any more + * data on a stream once it has been marked for deletion, + * we don't need to care about flow control information. + * + * TX Obligations: + * None. + * + * In other words, our protocol obligation is simply: + * + * - either: + * - the peer has acknowledged receipt of a STOP_SENDING frame sent + * by us; -or- + * - we have received a FIN and all preceding segments from the peer + * + * [NOTE: The actual criterion required here is simply 'we have + * received a FIN from the peer'. However, due to reordering and + * retransmissions we might subsequently receive non-FIN segments + * out of order. The FIN means we know the peer will stop + * transmitting on the stream at *some* point, but by sending + * STOP_SENDING we can avoid these needless retransmissions we + * will just ignore anyway. In actuality we could just handle all + * cases by sending a STOP_SENDING. The strategy we choose is to + * only avoid sending a STOP_SENDING and rely on a received FIN + * when we have received all preceding data, as this makes it + * reasonably certain no benefit would be gained by sending + * STOP_SENDING.] + * + * TODO(QUIC FUTURE): Implement the latter case (currently we + just always do STOP_SENDING). + * + * and; + * + * - we have drained our send stream (for a finished send stream) + * and got acknowledgement all parts of it including the FIN, or + * sent a RESET_STREAM frame and got acknowledgement of that frame. + * + * Once these conditions are met, we can GC the QUIC_STREAM. + * + */ + unsigned int deleted : 1; + /* Set to 1 once the above conditions are actually met. */ + unsigned int ready_for_gc : 1; + /* Set to 1 if this is currently counted in the shutdown flush stream count. */ + unsigned int shutdown_flush : 1; +}; + +#define QUIC_STREAM_INITIATOR_CLIENT 0 +#define QUIC_STREAM_INITIATOR_SERVER 1 +#define QUIC_STREAM_INITIATOR_MASK 1 + +#define QUIC_STREAM_DIR_BIDI 0 +#define QUIC_STREAM_DIR_UNI 2 +#define QUIC_STREAM_DIR_MASK 2 + +void ossl_quic_stream_check(const QUIC_STREAM *s); + +/* + * Returns 1 if the QUIC_STREAM was initiated by the endpoint with the server + * role. + */ +static ossl_inline ossl_unused int ossl_quic_stream_is_server_init(const QUIC_STREAM *s) +{ + return (s->type & QUIC_STREAM_INITIATOR_MASK) == QUIC_STREAM_INITIATOR_SERVER; +} + +/* + * Returns 1 if the QUIC_STREAM is bidirectional and 0 if it is unidirectional. + */ +static ossl_inline ossl_unused int ossl_quic_stream_is_bidi(const QUIC_STREAM *s) +{ + return (s->type & QUIC_STREAM_DIR_MASK) == QUIC_STREAM_DIR_BIDI; +} + +/* Returns 1 if the QUIC_STREAM was locally initiated. */ +static ossl_inline ossl_unused int ossl_quic_stream_is_local_init(const QUIC_STREAM *s) +{ + return ossl_quic_stream_is_server_init(s) == s->as_server; +} + +/* + * Returns 1 if the QUIC_STREAM has a sending part, based on its stream type. + * + * Do NOT use (s->sstream != NULL) to test this; use this function. Note that + * even if this function returns 1, s->sstream might be NULL if the QUIC_SSTREAM + * has been deemed no longer needed, for example due to a RESET_STREAM. + */ +static ossl_inline ossl_unused int ossl_quic_stream_has_send(const QUIC_STREAM *s) +{ + return s->send_state != QUIC_SSTREAM_STATE_NONE; +} + +/* + * Returns 1 if the QUIC_STREAM has a receiving part, based on its stream type. + * + * Do NOT use (s->rstream != NULL) to test this; use this function. Note that + * even if this function returns 1, s->rstream might be NULL if the QUIC_RSTREAM + * has been deemed no longer needed, for example if the receive stream is + * completely finished with. + */ +static ossl_inline ossl_unused int ossl_quic_stream_has_recv(const QUIC_STREAM *s) +{ + return s->recv_state != QUIC_RSTREAM_STATE_NONE; +} + +/* + * Returns 1 if the QUIC_STREAM has a QUIC_SSTREAM send buffer associated with + * it. If this returns 1, s->sstream is guaranteed to be non-NULL. The converse + * is not necessarily true; erasure of a send stream buffer which is no longer + * required is an optimisation which the QSM may, but is not obliged, to + * perform. + * + * This call should be used where it is desired to do something with the send + * stream buffer but there is no more specific send state restriction which is + * applicable. + * + * Note: This does NOT indicate whether it is suitable to allow an application + * to append to the buffer. DATA_SENT indicates all data (including FIN) has + * been *sent*; the absence of DATA_SENT does not mean a FIN has not been queued + * (meaning no more application data can be appended). This is enforced by + * QUIC_SSTREAM. + */ +static ossl_inline ossl_unused int ossl_quic_stream_has_send_buffer(const QUIC_STREAM *s) +{ + switch (s->send_state) { + case QUIC_SSTREAM_STATE_READY: + case QUIC_SSTREAM_STATE_SEND: + case QUIC_SSTREAM_STATE_DATA_SENT: + return 1; + default: + return 0; + } +} + +/* + * Returns 1 if the QUIC_STREAM has a sending part which is in one of the reset + * states. + */ +static ossl_inline ossl_unused int ossl_quic_stream_send_is_reset(const QUIC_STREAM *s) +{ + return s->send_state == QUIC_SSTREAM_STATE_RESET_SENT + || s->send_state == QUIC_SSTREAM_STATE_RESET_RECVD; +} + +/* + * Returns 1 if the QUIC_STREAM has a QUIC_RSTREAM receive buffer associated + * with it. If this returns 1, s->rstream is guaranteed to be non-NULL. The + * converse is not necessarily true; erasure of a receive stream buffer which is + * no longer required is an optimisation which the QSM may, but is not obliged, + * to perform. + * + * This call should be used where it is desired to do something with the receive + * stream buffer but there is no more specific receive state restriction which is + * applicable. + */ +static ossl_inline ossl_unused int ossl_quic_stream_has_recv_buffer(const QUIC_STREAM *s) +{ + switch (s->recv_state) { + case QUIC_RSTREAM_STATE_RECV: + case QUIC_RSTREAM_STATE_SIZE_KNOWN: + case QUIC_RSTREAM_STATE_DATA_RECVD: + return 1; + default: + return 0; + } +} + +/* + * Returns 1 if the QUIC_STREAM has a receiving part which is in one of the + * reset states. + */ +static ossl_inline ossl_unused int ossl_quic_stream_recv_is_reset(const QUIC_STREAM *s) +{ + return s->recv_state == QUIC_RSTREAM_STATE_RESET_RECVD + || s->recv_state == QUIC_RSTREAM_STATE_RESET_READ; +} + +/* + * Returns 1 if the stream has a send part and that part has a final size. + * + * If final_size is non-NULL, *final_size is the final size (on success) or an + * undefined value otherwise. + */ +static ossl_inline ossl_unused int ossl_quic_stream_send_get_final_size(const QUIC_STREAM *s, + uint64_t *final_size) +{ + switch (s->send_state) { + default: + case QUIC_SSTREAM_STATE_NONE: + return 0; + case QUIC_SSTREAM_STATE_SEND: + /* + * SEND may or may not have had a FIN - even if we have a FIN we do not + * move to DATA_SENT until we have actually sent all the data. So + * ask the QUIC_SSTREAM. + */ + return ossl_quic_sstream_get_final_size(s->sstream, final_size); + case QUIC_SSTREAM_STATE_DATA_SENT: + case QUIC_SSTREAM_STATE_DATA_RECVD: + case QUIC_SSTREAM_STATE_RESET_SENT: + case QUIC_SSTREAM_STATE_RESET_RECVD: + if (final_size != NULL) + *final_size = s->send_final_size; + return 1; + } +} + +/* + * Returns 1 if the stream has a receive part and that part has a final size. + * + * If final_size is non-NULL, *final_size is the final size (on success) or an + * undefined value otherwise. + */ +static ossl_inline ossl_unused int ossl_quic_stream_recv_get_final_size(const QUIC_STREAM *s, + uint64_t *final_size) +{ + switch (s->recv_state) { + default: + case QUIC_RSTREAM_STATE_NONE: + case QUIC_RSTREAM_STATE_RECV: + return 0; + + case QUIC_RSTREAM_STATE_SIZE_KNOWN: + case QUIC_RSTREAM_STATE_DATA_RECVD: + case QUIC_RSTREAM_STATE_DATA_READ: + case QUIC_RSTREAM_STATE_RESET_RECVD: + case QUIC_RSTREAM_STATE_RESET_READ: + if (!ossl_assert(ossl_quic_rxfc_get_final_size(&s->rxfc, final_size))) + return 0; + + return 1; + } +} + +/* + * Determines the number of bytes available still to be read, and (if + * include_fin is 1) whether a FIN or reset has yet to be read. + */ +static ossl_inline ossl_unused int ossl_quic_stream_recv_pending(const QUIC_STREAM *s, + int include_fin) +{ + size_t avail; + int fin = 0; + + switch (s->recv_state) { + default: + case QUIC_RSTREAM_STATE_NONE: + return 0; + + case QUIC_RSTREAM_STATE_RECV: + case QUIC_RSTREAM_STATE_SIZE_KNOWN: + case QUIC_RSTREAM_STATE_DATA_RECVD: + if (!ossl_quic_rstream_available(s->rstream, &avail, &fin)) + avail = 0; + + if (avail == 0 && include_fin && fin) + avail = 1; + + return avail; + + case QUIC_RSTREAM_STATE_RESET_RECVD: + return include_fin; + + case QUIC_RSTREAM_STATE_DATA_READ: + case QUIC_RSTREAM_STATE_RESET_READ: + return 0; + } +} + +/* + * QUIC Stream Map + * =============== + * + * The QUIC stream map: + * + * - maps stream IDs to QUIC_STREAM objects; + * - tracks which streams are 'active' (currently have data for transmission); + * - allows iteration over the active streams only. + * + */ +struct quic_stream_map_st { + LHASH_OF(QUIC_STREAM) *map; + QUIC_STREAM_LIST_NODE active_list; + QUIC_STREAM_LIST_NODE accept_list; + QUIC_STREAM_LIST_NODE ready_for_gc_list; + size_t rr_stepping, rr_counter; + size_t num_accept_bidi, num_accept_uni, num_shutdown_flush; + QUIC_STREAM *rr_cur; + uint64_t (*get_stream_limit_cb)(int uni, void *arg); + void *get_stream_limit_cb_arg; + QUIC_RXFC *max_streams_bidi_rxfc; + QUIC_RXFC *max_streams_uni_rxfc; + int is_server; +}; + +/* + * get_stream_limit is a callback which is called to retrieve the current stream + * limit for streams created by us. This mechanism is not used for + * peer-initiated streams. If a stream's stream ID is x, a stream is allowed if + * (x >> 2) < returned limit value; i.e., the returned value is exclusive. + * + * If uni is 1, get the limit for locally-initiated unidirectional streams, else + * get the limit for locally-initiated bidirectional streams. + * + * If the callback is NULL, stream limiting is not applied. + * Stream limiting is used to determine if frames can currently be produced for + * a stream. + */ +int ossl_quic_stream_map_init(QUIC_STREAM_MAP *qsm, + uint64_t (*get_stream_limit_cb)(int uni, void *arg), + void *get_stream_limit_cb_arg, + QUIC_RXFC *max_streams_bidi_rxfc, + QUIC_RXFC *max_streams_uni_rxfc, + int is_server); + +/* + * Any streams still in the map will be released as though + * ossl_quic_stream_map_release was called on them. + */ +void ossl_quic_stream_map_cleanup(QUIC_STREAM_MAP *qsm); + +/* + * Allocate a new stream. type is a combination of one QUIC_STREAM_INITIATOR_* + * value and one QUIC_STREAM_DIR_* value. Note that clients can e.g. allocate + * server-initiated streams as they will need to allocate a QUIC_STREAM + * structure to track any stream created by the server, etc. + * + * stream_id must be a valid value. Returns NULL if a stream already exists + * with the given ID. + */ +QUIC_STREAM *ossl_quic_stream_map_alloc(QUIC_STREAM_MAP *qsm, + uint64_t stream_id, + int type); + +/* + * Releases a stream object. Note that this must only be done once the teardown + * process is entirely complete and the object will never be referenced again. + */ +void ossl_quic_stream_map_release(QUIC_STREAM_MAP *qsm, QUIC_STREAM *stream); + +/* + * Calls visit_cb() for each stream in the map. visit_cb_arg is an opaque + * argument which is passed through. + */ +void ossl_quic_stream_map_visit(QUIC_STREAM_MAP *qsm, + void (*visit_cb)(QUIC_STREAM *stream, void *arg), + void *visit_cb_arg); + +/* + * Retrieves a stream by stream ID. Returns NULL if it does not exist. + */ +QUIC_STREAM *ossl_quic_stream_map_get_by_id(QUIC_STREAM_MAP *qsm, + uint64_t stream_id); + +/* + * Marks the given stream as active or inactive based on its state. Idempotent. + * + * When a stream is marked active, it becomes available in the iteration list, + * and when a stream is marked inactive, it no longer appears in the iteration + * list. + * + * Calling this function invalidates any iterator currently pointing at the + * given stream object, but iterators not currently pointing at the given stream + * object are not invalidated. + */ +void ossl_quic_stream_map_update_state(QUIC_STREAM_MAP *qsm, QUIC_STREAM *s); + +/* + * Sets the RR stepping value, n. The RR rotation will be advanced every n + * packets. The default value is 1. + */ +void ossl_quic_stream_map_set_rr_stepping(QUIC_STREAM_MAP *qsm, size_t stepping); + +/* + * Returns 1 if the stream ordinal given is allowed by the current stream count + * flow control limit, assuming a locally initiated stream of a type described + * by is_uni. + * + * Note that stream_ordinal is a stream ordinal, not a stream ID. + */ +int ossl_quic_stream_map_is_local_allowed_by_stream_limit(QUIC_STREAM_MAP *qsm, + uint64_t stream_ordinal, + int is_uni); + +/* + * Stream Send Part + * ================ + */ + +/* + * Ensures that the sending part has transitioned out of the READY state (i.e., + * to SEND, or a subsequent state). This function is named as it is because, + * while on paper the distinction between READY and SEND is whether we have + * started transmitting application data, in practice the meaningful distinction + * between the two states is whether we have allocated a stream ID to the stream + * or not. QUIC permits us to defer stream ID allocation until first STREAM (or + * STREAM_DATA_BLOCKED) frame transmission for locally-initiated streams. + * + * Our implementation does not currently do this and we allocate stream IDs up + * front, however we may revisit this in the future. Calling this represents a + * demand for a stream ID by the caller and ensures one has been allocated to + * the stream, and causes us to transition to SEND if we are still in the READY + * state. + * + * Returns 0 if there is no send part (caller error) and 1 otherwise. + */ +int ossl_quic_stream_map_ensure_send_part_id(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + +/* + * Transitions from SEND to the DATA_SENT state. Note that this is NOT the same + * as the point in time at which the final size of the stream becomes known + * (i.e., the time at which ossl_quic_sstream_fin()) is called as it occurs when + * we have SENT all data on a given stream send part, not merely buffered it. + * Note that this transition is NOT reversed in the event of some of that data + * being lost. + * + * Returns 1 if the state transition was successfully taken. Returns 0 if there + * is no send part (caller error) or if the state transition cannot be taken + * because the send part is not in the SEND state. + */ +int ossl_quic_stream_map_notify_all_data_sent(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + +/* + * Transitions from the DATA_SENT to DATA_RECVD state; should be called + * when all transmitted stream data is ACKed by the peer. + * + * Returns 1 if the state transition was successfully taken. Returns 0 if there + * is no send part (caller error) or the state transition cannot be taken + * because the send part is not in the DATA_SENT state. Because + * ossl_quic_stream_map_notify_all_data_sent() should always be called prior to + * this function, the send state must already be in DATA_SENT in order for this + * function to succeed. + */ +int ossl_quic_stream_map_notify_totally_acked(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + +/* + * Resets the sending part of a stream. This is a transition from the READY, + * SEND or DATA_SENT send stream states to the RESET_SENT state. + * + * This function returns 1 if the transition is taken (i.e., if the send stream + * part was in one of the states above), or if it is already in the RESET_SENT + * state (idempotent operation), or if it has reached the RESET_RECVD state. + * + * It returns 0 if in the DATA_RECVD state, as a send stream cannot be reset + * in this state. It also returns 0 if there is no send part (caller error). + */ +int ossl_quic_stream_map_reset_stream_send_part(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs, + uint64_t aec); + +/* + * Transitions from the RESET_SENT to the RESET_RECVD state. This should be + * called when a sent RESET_STREAM frame has been acknowledged by the peer. + * + * This function returns 1 if the transition is taken (i.e., if the send stream + * part was in one of the states above) or if it is already in the RESET_RECVD + * state (idempotent operation). + * + * It returns 0 if not in the RESET_SENT or RESET_RECVD states, as this function + * should only be called after we have already sent a RESET_STREAM frame and + * entered the RESET_SENT state. It also returns 0 if there is no send part + * (caller error). + */ +int ossl_quic_stream_map_notify_reset_stream_acked(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + + +/* + * Stream Receive Part + * =================== + */ + +/* + * Transitions from the RECV receive stream state to the SIZE_KNOWN state. This + * should be called once a STREAM frame is received for the stream with the FIN + * bit set. final_size should be the final size of the stream in bytes. + * + * Returns 1 if the transition was taken. + */ +int ossl_quic_stream_map_notify_size_known_recv_part(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs, + uint64_t final_size); + +/* + * Transitions from the SIZE_KNOWN receive stream state to the DATA_RECVD state. + * This should be called once all data for a receive stream is received. + * + * Returns 1 if the transition was taken. + */ +int ossl_quic_stream_map_notify_totally_received(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + +/* + * Transitions from the DATA_RECVD receive stream state to the DATA_READ state. + * This should be called once all data for a receive stream is read by the + * application. + * + * Returns 1 if the transition was taken. + */ +int ossl_quic_stream_map_notify_totally_read(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + +/* + * Transitions from the RECV, SIZE_KNOWN or DATA_RECVD receive stream state to + * the RESET_RECVD state. This should be called on RESET_STREAM. + * + * Returns 1 if the transition was taken. + */ +int ossl_quic_stream_map_notify_reset_recv_part(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs, + uint64_t app_error_code, + uint64_t final_size); + +/* + * Transitions from the RESET_RECVD receive stream state to the RESET_READ + * receive stream state. This should be called when the application is notified + * of a stream reset. + */ +int ossl_quic_stream_map_notify_app_read_reset_recv_part(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + +/* + * Marks the receiving part of a stream for STOP_SENDING. This is orthogonal to + * receive stream state as it does not affect it directly. + * + * Returns 1 if the receiving part of a stream was not already marked for + * STOP_SENDING. + * Returns 0 otherwise, which need not be considered an error. + */ +int ossl_quic_stream_map_stop_sending_recv_part(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs, + uint64_t aec); + +/* + * Marks the stream as wanting a STOP_SENDING frame transmitted. It is not valid + * to call this if ossl_quic_stream_map_stop_sending_recv_part() has not been + * called. For TXP use. + */ +int ossl_quic_stream_map_schedule_stop_sending(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + + +/* + * Accept Queue Management + * ======================= + */ + +/* + * Adds a stream to the accept queue. + */ +void ossl_quic_stream_map_push_accept_queue(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *s); + +/* + * Returns the next item to be popped from the accept queue, or NULL if it is + * empty. + */ +QUIC_STREAM *ossl_quic_stream_map_peek_accept_queue(QUIC_STREAM_MAP *qsm); + +/* + * Removes a stream from the accept queue. rtt is the estimated connection RTT. + * The stream is retired for the purposes of MAX_STREAMS RXFC. + * + * Precondition: s is in the accept queue. + */ +void ossl_quic_stream_map_remove_from_accept_queue(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *s, + OSSL_TIME rtt); + +/* Returns the length of the accept queue for the given stream type. */ +size_t ossl_quic_stream_map_get_accept_queue_len(QUIC_STREAM_MAP *qsm, int is_uni); + +/* Returns the total length of the accept queues for all stream types. */ +size_t ossl_quic_stream_map_get_total_accept_queue_len(QUIC_STREAM_MAP *qsm); + +/* + * Shutdown Flush and GC + * ===================== + */ + +/* + * Delete streams ready for GC. Pointers to those QUIC_STREAM objects become + * invalid. + */ +void ossl_quic_stream_map_gc(QUIC_STREAM_MAP *qsm); + +/* + * Begins shutdown stream flush triage. Analyses all streams, including deleted + * but not yet GC'd streams, to determine if we should wait for that stream to + * be fully flushed before shutdown. After calling this, call + * ossl_quic_stream_map_is_shutdown_flush_finished() to determine if all + * shutdown flush eligible streams have been flushed. + */ +void ossl_quic_stream_map_begin_shutdown_flush(QUIC_STREAM_MAP *qsm); + +/* + * Returns 1 if all shutdown flush eligible streams have finished flushing, + * or if ossl_quic_stream_map_begin_shutdown_flush() has not been called. + */ +int ossl_quic_stream_map_is_shutdown_flush_finished(QUIC_STREAM_MAP *qsm); + +/* + * QUIC Stream Iterator + * ==================== + * + * Allows the current set of active streams to be walked using a RR-based + * algorithm. Each time ossl_quic_stream_iter_init is called, the RR algorithm + * is stepped. The RR algorithm rotates the iteration order such that the next + * active stream is returned first after n calls to ossl_quic_stream_iter_init, + * where n is the stepping value configured via + * ossl_quic_stream_map_set_rr_stepping. + * + * Suppose there are three active streams and the configured stepping is n: + * + * Iteration 0n: [Stream 1] [Stream 2] [Stream 3] + * Iteration 1n: [Stream 2] [Stream 3] [Stream 1] + * Iteration 2n: [Stream 3] [Stream 1] [Stream 2] + * + */ +typedef struct quic_stream_iter_st { + QUIC_STREAM_MAP *qsm; + QUIC_STREAM *first_stream, *stream; +} QUIC_STREAM_ITER; + +/* + * Initialise an iterator, advancing the RR algorithm as necessary (if + * advance_rr is 1). After calling this, it->stream will be the first stream in + * the iteration sequence, or NULL if there are no active streams. + */ +void ossl_quic_stream_iter_init(QUIC_STREAM_ITER *it, QUIC_STREAM_MAP *qsm, + int advance_rr); + +/* + * Advances to next stream in iteration sequence. You do not need to call this + * immediately after calling ossl_quic_stream_iter_init(). If the end of the + * list is reached, it->stream will be NULL after calling this. + */ +void ossl_quic_stream_iter_next(QUIC_STREAM_ITER *it); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_thread_assist.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_thread_assist.h new file mode 100644 index 000000000000..592c2ffabffe --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_thread_assist.h @@ -0,0 +1,102 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_THREAD_ASSIST_H +# define OSSL_QUIC_THREAD_ASSIST_H + +# include +# include "internal/thread.h" +# include "internal/time.h" + +# if defined(OPENSSL_NO_QUIC) || defined(OPENSSL_NO_THREAD_POOL) +# define OPENSSL_NO_QUIC_THREAD_ASSIST +# endif + +# ifndef OPENSSL_NO_QUIC_THREAD_ASSIST + +/* + * QUIC Thread Assisted Functionality + * ================================== + * + * Where OS threading support is available, QUIC can optionally support a thread + * assisted mode of operation. The purpose of this mode of operation is to + * ensure that assorted timeout events which QUIC expects to be handled in a + * timely manner can be handled without the application needing to ensure that + * SSL_tick() is called on time. This is not needed if the application always + * has a call blocking to SSL_read() or SSL_write() (or another I/O function) on + * a QUIC SSL object, but if the application goes for long periods of time + * without making any such call to a QUIC SSL object, libssl cannot ordinarily + * guarantee that QUIC timeout events will be serviced in a timely fashion. + * Thread assisted mode is therefore of use to applications which do not always + * have an ongoing call to an I/O function on a QUIC SSL object but also do not + * want to have to arrange periodic ticking. + * + * A consequence of this is that the intrusiveness of thread assisted mode upon + * the general architecture of our QUIC engine is actually fairly limited and + * amounts to an automatic ticking of the QUIC engine when timeouts expire, + * synchronised correctly with an application's own threads using locking. + */ +typedef struct quic_thread_assist_st { + QUIC_CHANNEL *ch; + CRYPTO_CONDVAR *cv; + CRYPTO_THREAD *t; + int teardown, joined; + OSSL_TIME (*now_cb)(void *arg); + void *now_cb_arg; +} QUIC_THREAD_ASSIST; + +/* + * Initialise the thread assist object. The channel must have a valid mutex + * configured on it which will be retrieved automatically. It is assumed that + * the mutex is currently held when this function is called. This function does + * not affect the state of the mutex. + */ +int ossl_quic_thread_assist_init_start(QUIC_THREAD_ASSIST *qta, + QUIC_CHANNEL *ch, + OSSL_TIME (*now_cb)(void *arg), + void *now_cb_arg); + +/* + * Request the thread assist helper to begin stopping the assist thread. This + * returns before the teardown is complete. Idempotent; multiple calls to this + * function are inconsequential. + * + * Precondition: channel mutex must be held (unchecked) + */ +int ossl_quic_thread_assist_stop_async(QUIC_THREAD_ASSIST *qta); + +/* + * Wait until the thread assist helper is torn down. This automatically implies + * the effects of ossl_quic_thread_assist_stop_async(). Returns immediately + * if the teardown has already completed. + * + * Precondition: channel mutex must be held (unchecked) + */ +int ossl_quic_thread_assist_wait_stopped(QUIC_THREAD_ASSIST *qta); + +/* + * Deallocates state associated with the thread assist helper. + * ossl_quic_thread_assist_wait_stopped() must have returned successfully before + * calling this. It does not matter whether the channel mutex is held or not. + * + * Precondition: ossl_quic_thread_assist_wait_stopped() has returned 1 + * (asserted) + */ +int ossl_quic_thread_assist_cleanup(QUIC_THREAD_ASSIST *qta); + +/* + * Must be called to notify the assist thread if the channel deadline changes. + * + * Precondition: channel mutex must be held (unchecked) + */ +int ossl_quic_thread_assist_notify_deadline_changed(QUIC_THREAD_ASSIST *qta); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_tls.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_tls.h new file mode 100644 index 000000000000..f9f007a76cc4 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_tls.h @@ -0,0 +1,108 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_TLS_H +# define OSSL_QUIC_TLS_H + +# include +# include "internal/quic_stream.h" +# include "internal/quic_predef.h" + +# ifndef OPENSSL_NO_QUIC + +typedef struct quic_tls_args_st { + /* + * The "inner" SSL object for the QUIC Connection. Contains an + * SSL_CONNECTION + */ + SSL *s; + + /* + * Called to send data on the crypto stream. We use a callback rather than + * passing the crypto stream QUIC_SSTREAM directly because this lets the CSM + * dynamically select the correct outgoing crypto stream based on the + * current EL. + */ + int (*crypto_send_cb)(const unsigned char *buf, size_t buf_len, + size_t *consumed, void *arg); + void *crypto_send_cb_arg; + + /* + * Call to receive crypto stream data. A pointer to the underlying buffer + * is provided, and subsequently released to avoid unnecessary copying of + * data. + */ + int (*crypto_recv_rcd_cb)(const unsigned char **buf, size_t *bytes_read, + void *arg); + void *crypto_recv_rcd_cb_arg; + int (*crypto_release_rcd_cb)(size_t bytes_read, void *arg); + void *crypto_release_rcd_cb_arg; + + + /* Called when a traffic secret is available for a given encryption level. */ + int (*yield_secret_cb)(uint32_t enc_level, int direction /* 0=RX, 1=TX */, + uint32_t suite_id, EVP_MD *md, + const unsigned char *secret, size_t secret_len, + void *arg); + void *yield_secret_cb_arg; + + /* + * Called when we receive transport parameters from the peer. + * + * Note: These parameters are not authenticated until the handshake is + * marked as completed. + */ + int (*got_transport_params_cb)(const unsigned char *params, + size_t params_len, + void *arg); + void *got_transport_params_cb_arg; + + /* + * Called when the handshake has been completed as far as the handshake + * protocol is concerned, meaning that the connection has been + * authenticated. + */ + int (*handshake_complete_cb)(void *arg); + void *handshake_complete_cb_arg; + + /* + * Called when something has gone wrong with the connection as far as the + * handshake layer is concerned, meaning that it should be immediately torn + * down. Note that this may happen at any time, including after a connection + * has been fully established. + */ + int (*alert_cb)(void *arg, unsigned char alert_code); + void *alert_cb_arg; + + /* Set to 1 if we are running in the server role. */ + int is_server; +} QUIC_TLS_ARGS; + +QUIC_TLS *ossl_quic_tls_new(const QUIC_TLS_ARGS *args); + +void ossl_quic_tls_free(QUIC_TLS *qtls); + +/* Advance the state machine */ +int ossl_quic_tls_tick(QUIC_TLS *qtls); + +int ossl_quic_tls_set_transport_params(QUIC_TLS *qtls, + const unsigned char *transport_params, + size_t transport_params_len); + +int ossl_quic_tls_get_error(QUIC_TLS *qtls, + uint64_t *error_code, + const char **error_msg, + ERR_STATE **error_state); + +int ossl_quic_tls_is_cert_request(QUIC_TLS *qtls); +int ossl_quic_tls_has_bad_max_early_data(QUIC_TLS *qtls); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_tserver.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_tserver.h new file mode 100644 index 000000000000..4f358dd4e87c --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_tserver.h @@ -0,0 +1,220 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_TSERVER_H +# define OSSL_QUIC_TSERVER_H + +# include +# include +# include "internal/quic_stream.h" +# include "internal/quic_channel.h" +# include "internal/statem.h" +# include "internal/time.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Test Server Module + * ======================= + * + * This implements a QUIC test server. Since full QUIC server support is not yet + * implemented this server is limited in features and scope. It exists to + * provide a target for our QUIC client to talk to for testing purposes. + * + * A given QUIC test server instance supports only one client at a time. + * + * Note that this test server is not suitable for production use because it does + * not implement address verification, anti-amplification or retry logic. + */ +typedef struct quic_tserver_st QUIC_TSERVER; + +typedef struct quic_tserver_args_st { + OSSL_LIB_CTX *libctx; + const char *propq; + SSL_CTX *ctx; + BIO *net_rbio, *net_wbio; + OSSL_TIME (*now_cb)(void *arg); + void *now_cb_arg; + const unsigned char *alpn; + size_t alpnlen; +} QUIC_TSERVER_ARGS; + +QUIC_TSERVER *ossl_quic_tserver_new(const QUIC_TSERVER_ARGS *args, + const char *certfile, const char *keyfile); + +void ossl_quic_tserver_free(QUIC_TSERVER *srv); + +/* Set mutator callbacks for test framework support */ +int ossl_quic_tserver_set_plain_packet_mutator(QUIC_TSERVER *srv, + ossl_mutate_packet_cb mutatecb, + ossl_finish_mutate_cb finishmutatecb, + void *mutatearg); + +int ossl_quic_tserver_set_handshake_mutator(QUIC_TSERVER *srv, + ossl_statem_mutate_handshake_cb mutate_handshake_cb, + ossl_statem_finish_mutate_handshake_cb finish_mutate_handshake_cb, + void *mutatearg); + +/* Advances the state machine. */ +int ossl_quic_tserver_tick(QUIC_TSERVER *srv); + +/* Returns 1 if we have a (non-terminated) client. */ +int ossl_quic_tserver_is_connected(QUIC_TSERVER *srv); + +/* + * Returns 1 if we have finished the TLS handshake + */ +int ossl_quic_tserver_is_handshake_confirmed(const QUIC_TSERVER *srv); + +/* Returns 1 if the server is in any terminating or terminated state */ +int ossl_quic_tserver_is_term_any(const QUIC_TSERVER *srv); + +const QUIC_TERMINATE_CAUSE * +ossl_quic_tserver_get_terminate_cause(const QUIC_TSERVER *srv); + +/* Returns 1 if the server is in a terminated state */ +int ossl_quic_tserver_is_terminated(const QUIC_TSERVER *srv); + +/* + * Attempts to read from stream 0. Writes the number of bytes read to + * *bytes_read and returns 1 on success. If no bytes are available, 0 is written + * to *bytes_read and 1 is returned (this is considered a success case). + * + * Returns 0 if connection is not currently active. If the receive part of + * the stream has reached the end of stream condition, returns 0; call + * ossl_quic_tserver_has_read_ended() to identify this condition. + */ +int ossl_quic_tserver_read(QUIC_TSERVER *srv, + uint64_t stream_id, + unsigned char *buf, + size_t buf_len, + size_t *bytes_read); + +/* + * Returns 1 if the read part of the stream has ended normally. + */ +int ossl_quic_tserver_has_read_ended(QUIC_TSERVER *srv, uint64_t stream_id); + +/* + * Attempts to write to the given stream. Writes the number of bytes consumed to + * *bytes_written and returns 1 on success. If there is no space currently + * available to write any bytes, 0 is written to *consumed and 1 is returned + * (this is considered a success case). + * + * Note that unlike libssl public APIs, this API always works in a 'partial + * write' mode. + * + * Returns 0 if connection is not currently active. + */ +int ossl_quic_tserver_write(QUIC_TSERVER *srv, + uint64_t stream_id, + const unsigned char *buf, + size_t buf_len, + size_t *bytes_written); + +/* + * Signals normal end of the stream. + */ +int ossl_quic_tserver_conclude(QUIC_TSERVER *srv, uint64_t stream_id); + +/* + * Create a server-initiated stream. The stream ID of the newly + * created stream is written to *stream_id. + */ +int ossl_quic_tserver_stream_new(QUIC_TSERVER *srv, + int is_uni, + uint64_t *stream_id); + +BIO *ossl_quic_tserver_get0_rbio(QUIC_TSERVER *srv); + +SSL_CTX *ossl_quic_tserver_get0_ssl_ctx(QUIC_TSERVER *srv); + +/* + * Returns 1 if the peer has sent a STOP_SENDING frame for a stream. + * app_error_code is written if this returns 1. + */ +int ossl_quic_tserver_stream_has_peer_stop_sending(QUIC_TSERVER *srv, + uint64_t stream_id, + uint64_t *app_error_code); + +/* + * Returns 1 if the peer has sent a RESET_STREAM frame for a stream. + * app_error_code is written if this returns 1. + */ +int ossl_quic_tserver_stream_has_peer_reset_stream(QUIC_TSERVER *srv, + uint64_t stream_id, + uint64_t *app_error_code); + +/* + * Replaces existing local connection ID in the underlying QUIC_CHANNEL. + */ +int ossl_quic_tserver_set_new_local_cid(QUIC_TSERVER *srv, + const QUIC_CONN_ID *conn_id); + +/* + * Returns the stream ID of the next incoming stream, or UINT64_MAX if there + * currently is none. + */ +uint64_t ossl_quic_tserver_pop_incoming_stream(QUIC_TSERVER *srv); + +/* + * Returns 1 if all data sent on the given stream_id has been acked by the peer. + */ +int ossl_quic_tserver_is_stream_totally_acked(QUIC_TSERVER *srv, + uint64_t stream_id); + +/* Returns 1 if we are currently interested in reading data from the network */ +int ossl_quic_tserver_get_net_read_desired(QUIC_TSERVER *srv); + +/* Returns 1 if we are currently interested in writing data to the network */ +int ossl_quic_tserver_get_net_write_desired(QUIC_TSERVER *srv); + +/* Returns the next event deadline */ +OSSL_TIME ossl_quic_tserver_get_deadline(QUIC_TSERVER *srv); + +/* + * Shutdown the QUIC connection. Returns 1 if the connection is terminated and + * 0 otherwise. + */ +int ossl_quic_tserver_shutdown(QUIC_TSERVER *srv, uint64_t app_error_code); + +/* Force generation of an ACK-eliciting packet. */ +int ossl_quic_tserver_ping(QUIC_TSERVER *srv); + +/* Set tracing callback on channel. */ +void ossl_quic_tserver_set_msg_callback(QUIC_TSERVER *srv, + void (*f)(int write_p, int version, + int content_type, + const void *buf, size_t len, + SSL *ssl, void *arg), + void *arg); + +/* + * This is similar to ossl_quic_conn_get_channel; it should be used for test + * instrumentation only and not to bypass QUIC_TSERVER for 'normal' operations. + */ +QUIC_CHANNEL *ossl_quic_tserver_get_channel(QUIC_TSERVER *srv); + +/* Send a TLS new session ticket */ +int ossl_quic_tserver_new_ticket(QUIC_TSERVER *srv); + +/* + * Set the max_early_data value to be sent in NewSessionTickets. Only the + * values 0 and 0xffffffff are valid for use in QUIC. + */ +int ossl_quic_tserver_set_max_early_data(QUIC_TSERVER *srv, + uint32_t max_early_data); + +/* Set the find session callback for getting a server PSK */ +void ossl_quic_tserver_set_psk_find_session_cb(QUIC_TSERVER *srv, + SSL_psk_find_session_cb_func cb); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_txp.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_txp.h new file mode 100644 index 000000000000..607cefc0109c --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_txp.h @@ -0,0 +1,218 @@ +/* + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_TXP_H +# define OSSL_QUIC_TXP_H + +# include +# include "internal/quic_types.h" +# include "internal/quic_predef.h" +# include "internal/quic_record_tx.h" +# include "internal/quic_cfq.h" +# include "internal/quic_txpim.h" +# include "internal/quic_stream.h" +# include "internal/quic_stream_map.h" +# include "internal/quic_fc.h" +# include "internal/bio_addr.h" +# include "internal/time.h" +# include "internal/qlog.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC TX Packetiser + * ================== + */ +typedef struct ossl_quic_tx_packetiser_args_st { + /* Configuration Settings */ + QUIC_CONN_ID cur_scid; /* Current Source Connection ID we use. */ + QUIC_CONN_ID cur_dcid; /* Current Destination Connection ID we use. */ + BIO_ADDR peer; /* Current destination L4 address we use. */ + uint32_t ack_delay_exponent; /* ACK delay exponent used when encoding. */ + + /* Injected Dependencies */ + OSSL_QTX *qtx; /* QUIC Record Layer TX we are using */ + QUIC_TXPIM *txpim; /* QUIC TX'd Packet Information Manager */ + QUIC_CFQ *cfq; /* QUIC Control Frame Queue */ + OSSL_ACKM *ackm; /* QUIC Acknowledgement Manager */ + QUIC_STREAM_MAP *qsm; /* QUIC Streams Map */ + QUIC_TXFC *conn_txfc; /* QUIC Connection-Level TX Flow Controller */ + QUIC_RXFC *conn_rxfc; /* QUIC Connection-Level RX Flow Controller */ + QUIC_RXFC *max_streams_bidi_rxfc; /* QUIC RXFC for MAX_STREAMS generation */ + QUIC_RXFC *max_streams_uni_rxfc; + const OSSL_CC_METHOD *cc_method; /* QUIC Congestion Controller */ + OSSL_CC_DATA *cc_data; /* QUIC Congestion Controller Instance */ + OSSL_TIME (*now)(void *arg); /* Callback to get current time. */ + void *now_arg; + QLOG *(*get_qlog_cb)(void *arg); /* Optional QLOG retrieval func */ + void *get_qlog_cb_arg; + + /* + * Injected dependencies - crypto streams. + * + * Note: There is no crypto stream for the 0-RTT EL. + * crypto[QUIC_PN_SPACE_APP] is the 1-RTT crypto stream. + */ + QUIC_SSTREAM *crypto[QUIC_PN_SPACE_NUM]; + + } OSSL_QUIC_TX_PACKETISER_ARGS; + +OSSL_QUIC_TX_PACKETISER *ossl_quic_tx_packetiser_new(const OSSL_QUIC_TX_PACKETISER_ARGS *args); + +typedef void (ossl_quic_initial_token_free_fn)(const unsigned char *buf, + size_t buf_len, void *arg); + +void ossl_quic_tx_packetiser_free(OSSL_QUIC_TX_PACKETISER *txp); + +/* + * When in the closing state we need to maintain a count of received bytes + * so that we can limit the number of close connection frames we send. + * Refer RFC 9000 s. 10.2.1 Closing Connection State. + */ +void ossl_quic_tx_packetiser_record_received_closing_bytes( + OSSL_QUIC_TX_PACKETISER *txp, size_t n); + +/* + * Generates a datagram by polling the various ELs to determine if they want to + * generate any frames, and generating a datagram which coalesces packets for + * any ELs which do. + * + * Returns 0 on failure (e.g. allocation error or other errors), 1 otherwise. + * + * *status is filled with status information about the generated packet. + * It is always filled even in case of failure. In particular, packets can be + * sent even if failure is later returned. + * See QUIC_TXP_STATUS for details. + */ +typedef struct quic_txp_status_st { + int sent_ack_eliciting; /* Was an ACK-eliciting packet sent? */ + int sent_handshake; /* Was a Handshake packet sent? */ + size_t sent_pkt; /* Number of packets sent (0 if nothing was sent) */ +} QUIC_TXP_STATUS; + +int ossl_quic_tx_packetiser_generate(OSSL_QUIC_TX_PACKETISER *txp, + QUIC_TXP_STATUS *status); + +/* + * Returns a deadline after which a call to ossl_quic_tx_packetiser_generate() + * might succeed even if it did not previously. This may return + * ossl_time_infinite() if there is no such deadline currently applicable. It + * returns ossl_time_zero() if there is (potentially) more data to be generated + * immediately. The value returned is liable to change after any call to + * ossl_quic_tx_packetiser_generate() (or after ACKM or CC state changes). Note + * that ossl_quic_tx_packetiser_generate() can also start to succeed for other + * non-chronological reasons, such as changes to send stream buffers, etc. + */ +OSSL_TIME ossl_quic_tx_packetiser_get_deadline(OSSL_QUIC_TX_PACKETISER *txp); + +/* + * Set the token used in Initial packets. The callback is called when the buffer + * is no longer needed; for example, when the TXP is freed or when this function + * is called again with a new buffer. Fails returning 0 if the token is too big + * to ever be reasonably encapsulated in an outgoing packet based on our current + * understanding of our PMTU. + */ +int ossl_quic_tx_packetiser_set_initial_token(OSSL_QUIC_TX_PACKETISER *txp, + const unsigned char *token, + size_t token_len, + ossl_quic_initial_token_free_fn *free_cb, + void *free_cb_arg); + +/* Change the DCID the TXP uses to send outgoing packets. */ +int ossl_quic_tx_packetiser_set_cur_dcid(OSSL_QUIC_TX_PACKETISER *txp, + const QUIC_CONN_ID *dcid); + +/* Change the SCID the TXP uses to send outgoing (long) packets. */ +int ossl_quic_tx_packetiser_set_cur_scid(OSSL_QUIC_TX_PACKETISER *txp, + const QUIC_CONN_ID *scid); + +/* + * Change the destination L4 address the TXP uses to send datagrams. Specify + * NULL (or AF_UNSPEC) to disable use of addressed mode. + */ +int ossl_quic_tx_packetiser_set_peer(OSSL_QUIC_TX_PACKETISER *txp, + const BIO_ADDR *peer); + +/* + * Change the QLOG instance retrieval function in use after instantiation. + */ +void ossl_quic_tx_packetiser_set_qlog_cb(OSSL_QUIC_TX_PACKETISER *txp, + QLOG *(*get_qlog_cb)(void *arg), + void *get_qlog_cb_arg); + +/* + * Inform the TX packetiser that an EL has been discarded. Idempotent. + * + * This does not inform the QTX as well; the caller must also inform the QTX. + * + * The TXP will no longer reference the crypto[enc_level] QUIC_SSTREAM which was + * provided in the TXP arguments. However, it is the callers responsibility to + * free that QUIC_SSTREAM if desired. + */ +int ossl_quic_tx_packetiser_discard_enc_level(OSSL_QUIC_TX_PACKETISER *txp, + uint32_t enc_level); + +/* + * Informs the TX packetiser that the handshake is complete. The TX packetiser + * will not send 1-RTT application data until the handshake is complete, + * as the authenticity of the peer is not confirmed until the handshake + * complete event occurs. + */ +void ossl_quic_tx_packetiser_notify_handshake_complete(OSSL_QUIC_TX_PACKETISER *txp); + +/* Asks the TXP to generate a HANDSHAKE_DONE frame in the next 1-RTT packet. */ +void ossl_quic_tx_packetiser_schedule_handshake_done(OSSL_QUIC_TX_PACKETISER *txp); + +/* Asks the TXP to ensure the next packet in the given PN space is ACK-eliciting. */ +void ossl_quic_tx_packetiser_schedule_ack_eliciting(OSSL_QUIC_TX_PACKETISER *txp, + uint32_t pn_space); + +/* + * Asks the TXP to ensure an ACK is put in the next packet in the given PN + * space. + */ +void ossl_quic_tx_packetiser_schedule_ack(OSSL_QUIC_TX_PACKETISER *txp, + uint32_t pn_space); + +/* + * Schedules a connection close. *f and f->reason are copied. This operation is + * irreversible and causes all further packets generated by the TXP to contain a + * CONNECTION_CLOSE frame. This function fails if it has already been called + * successfully; the information in *f cannot be changed after the first + * successful call to this function. + */ +int ossl_quic_tx_packetiser_schedule_conn_close(OSSL_QUIC_TX_PACKETISER *txp, + const OSSL_QUIC_FRAME_CONN_CLOSE *f); + +/* Setters for the msg_callback and msg_callback_arg */ +void ossl_quic_tx_packetiser_set_msg_callback(OSSL_QUIC_TX_PACKETISER *txp, + ossl_msg_cb msg_callback, + SSL *msg_callback_ssl); +void ossl_quic_tx_packetiser_set_msg_callback_arg(OSSL_QUIC_TX_PACKETISER *txp, + void *msg_callback_arg); + +/* + * Determines the next PN which will be used for a given PN space. + */ +QUIC_PN ossl_quic_tx_packetiser_get_next_pn(OSSL_QUIC_TX_PACKETISER *txp, + uint32_t pn_space); + +/* + * Sets a callback which is called whenever TXP sends an ACK frame. The callee + * must not modify the ACK frame data. Can be used to snoop on PNs being ACKed. + */ +void ossl_quic_tx_packetiser_set_ack_tx_cb(OSSL_QUIC_TX_PACKETISER *txp, + void (*cb)(const OSSL_QUIC_FRAME_ACK *ack, + uint32_t pn_space, + void *arg), + void *cb_arg); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_txpim.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_txpim.h new file mode 100644 index 000000000000..5df6ad46cb30 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_txpim.h @@ -0,0 +1,135 @@ +/* + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_TXPIM_H +# define OSSL_QUIC_TXPIM_H + +# include +# include "internal/quic_types.h" +# include "internal/quic_predef.h" +# include "internal/quic_cfq.h" +# include "internal/quic_ackm.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Transmitted Packet Information Manager + * =========================================== + */ + +typedef struct quic_txpim_pkt_st { + /* ACKM-specific data. Caller should fill this. */ + OSSL_ACKM_TX_PKT ackm_pkt; + + /* Linked list of CFQ items in this packet. */ + QUIC_CFQ_ITEM *retx_head; + + /* Reserved for FIFD use. */ + QUIC_FIFD *fifd; + + /* QUIC_PKT_TYPE value. For diagnostic use only. */ + unsigned char pkt_type; + + /* Regenerate-strategy frames. */ + unsigned int had_handshake_done_frame : 1; + unsigned int had_max_data_frame : 1; + unsigned int had_max_streams_bidi_frame : 1; + unsigned int had_max_streams_uni_frame : 1; + unsigned int had_ack_frame : 1; + unsigned int had_conn_close : 1; + + /* Private data follows. */ +} QUIC_TXPIM_PKT; + +/* Represents a range of bytes in an application or CRYPTO stream. */ +typedef struct quic_txpim_chunk_st { + /* The stream ID, or UINT64_MAX for the CRYPTO stream. */ + uint64_t stream_id; + /* + * The inclusive range of bytes in the stream. Exceptionally, if end < + * start, designates a frame of zero length (used for FIN-only frames). In + * this case end is the number of the final byte (i.e., one less than the + * final size of the stream). + */ + uint64_t start, end; + /* + * Whether a FIN was sent for this stream in the packet. Not valid for + * CRYPTO stream. + */ + unsigned int has_fin : 1; + /* + * If set, a STOP_SENDING frame was sent for this stream ID. (If no data was + * sent for the stream, set end < start.) + */ + unsigned int has_stop_sending : 1; + /* + * If set, a RESET_STREAM frame was sent for this stream ID. (If no data was + * sent for the stream, set end < start.) + */ + unsigned int has_reset_stream : 1; +} QUIC_TXPIM_CHUNK; + +QUIC_TXPIM *ossl_quic_txpim_new(void); + +/* + * Frees the TXPIM. All QUIC_TXPIM_PKTs which have been handed out by the TXPIM + * must be released via a call to ossl_quic_txpim_pkt_release() before calling + * this function. + */ +void ossl_quic_txpim_free(QUIC_TXPIM *txpim); + +/* + * Allocates a new QUIC_TXPIM_PKT structure from the pool. Returns NULL on + * failure. The returned structure is cleared of all data and is in a fresh + * initial state. + */ +QUIC_TXPIM_PKT *ossl_quic_txpim_pkt_alloc(QUIC_TXPIM *txpim); + +/* + * Releases the TXPIM packet, returning it to the pool. + */ +void ossl_quic_txpim_pkt_release(QUIC_TXPIM *txpim, QUIC_TXPIM_PKT *fpkt); + +/* Clears the chunk list of the packet, removing all entries. */ +void ossl_quic_txpim_pkt_clear_chunks(QUIC_TXPIM_PKT *fpkt); + +/* Appends a chunk to the packet. The structure is copied. */ +int ossl_quic_txpim_pkt_append_chunk(QUIC_TXPIM_PKT *fpkt, + const QUIC_TXPIM_CHUNK *chunk); + +/* Adds a CFQ item to the packet by prepending it to the retx_head list. */ +void ossl_quic_txpim_pkt_add_cfq_item(QUIC_TXPIM_PKT *fpkt, + QUIC_CFQ_ITEM *item); + +/* + * Returns a pointer to an array of stream chunk information structures for the + * given packet. The caller must call ossl_quic_txpim_pkt_get_num_chunks() to + * determine the length of this array. The returned pointer is invalidated + * if the chunk list is mutated, for example via a call to + * ossl_quic_txpim_pkt_append_chunk() or ossl_quic_txpim_pkt_clear_chunks(). + * + * The chunks are sorted by (stream_id, start) in ascending order. + */ +const QUIC_TXPIM_CHUNK *ossl_quic_txpim_pkt_get_chunks(const QUIC_TXPIM_PKT *fpkt); + +/* + * Returns the number of entries in the array returned by + * ossl_quic_txpim_pkt_get_chunks(). + */ +size_t ossl_quic_txpim_pkt_get_num_chunks(const QUIC_TXPIM_PKT *fpkt); + +/* + * Returns the number of QUIC_TXPIM_PKTs allocated by the given TXPIM that have + * yet to be returned to the TXPIM. + */ +size_t ossl_quic_txpim_get_in_use(const QUIC_TXPIM *txpim); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_types.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_types.h new file mode 100644 index 000000000000..fa1ac81ca1e6 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_types.h @@ -0,0 +1,124 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_TYPES_H +# define OSSL_QUIC_TYPES_H + +# include +# include +# include +# include + +# ifndef OPENSSL_NO_QUIC + +/* QUIC encryption levels. */ +enum { + QUIC_ENC_LEVEL_INITIAL = 0, + QUIC_ENC_LEVEL_HANDSHAKE, + QUIC_ENC_LEVEL_0RTT, + QUIC_ENC_LEVEL_1RTT, + QUIC_ENC_LEVEL_NUM /* Must be the ultimate entry */ +}; + +/* QUIC packet number spaces. */ +enum { + QUIC_PN_SPACE_INITIAL = 0, + QUIC_PN_SPACE_HANDSHAKE, + /* New entries must go here, so that QUIC_PN_SPACE_APP is the penultimate */ + QUIC_PN_SPACE_APP, + QUIC_PN_SPACE_NUM /* Must be the ultimate entry */ +}; + +static ossl_unused ossl_inline uint32_t +ossl_quic_enc_level_to_pn_space(uint32_t enc_level) +{ + switch (enc_level) { + case QUIC_ENC_LEVEL_INITIAL: + return QUIC_PN_SPACE_INITIAL; + case QUIC_ENC_LEVEL_HANDSHAKE: + return QUIC_PN_SPACE_HANDSHAKE; + case QUIC_ENC_LEVEL_0RTT: + case QUIC_ENC_LEVEL_1RTT: + return QUIC_PN_SPACE_APP; + default: + assert(0); + return QUIC_PN_SPACE_APP; + } +} + +/* QUIC packet number representation. */ +typedef uint64_t QUIC_PN; +# define QUIC_PN_INVALID UINT64_MAX + +static ossl_unused ossl_inline QUIC_PN ossl_quic_pn_max(QUIC_PN a, QUIC_PN b) +{ + return a > b ? a : b; +} + +static ossl_unused ossl_inline QUIC_PN ossl_quic_pn_min(QUIC_PN a, QUIC_PN b) +{ + return a < b ? a : b; +} + +static ossl_unused ossl_inline int ossl_quic_pn_valid(QUIC_PN pn) +{ + return pn < (((QUIC_PN)1) << 62); +} + +/* QUIC connection ID representation. */ +# define QUIC_MAX_CONN_ID_LEN 20 +# define QUIC_MIN_ODCID_LEN 8 /* RFC 9000 s. 7.2 */ + +typedef struct quic_conn_id_st { + unsigned char id_len, id[QUIC_MAX_CONN_ID_LEN]; +} QUIC_CONN_ID; + +static ossl_unused ossl_inline int ossl_quic_conn_id_eq(const QUIC_CONN_ID *a, + const QUIC_CONN_ID *b) +{ + if (a->id_len != b->id_len || a->id_len > QUIC_MAX_CONN_ID_LEN) + return 0; + return memcmp(a->id, b->id, a->id_len) == 0; +} + +/* + * Generates a random CID of the given length. libctx may be NULL. + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_gen_rand_conn_id(OSSL_LIB_CTX *libctx, size_t len, + QUIC_CONN_ID *cid); + +# define QUIC_MIN_INITIAL_DGRAM_LEN 1200 + +# define QUIC_DEFAULT_ACK_DELAY_EXP 3 +# define QUIC_MAX_ACK_DELAY_EXP 20 + +# define QUIC_DEFAULT_MAX_ACK_DELAY 25 + +# define QUIC_MIN_ACTIVE_CONN_ID_LIMIT 2 + +/* Arbitrary choice of default idle timeout (not an RFC value). */ +# define QUIC_DEFAULT_IDLE_TIMEOUT 30000 + +# define QUIC_STATELESS_RESET_TOKEN_LEN 16 + +typedef struct { + unsigned char token[QUIC_STATELESS_RESET_TOKEN_LEN]; +} QUIC_STATELESS_RESET_TOKEN; + +/* + * An encoded preferred_addr transport parameter cannot be shorter or longer + * than these lengths in bytes. + */ +# define QUIC_MIN_ENCODED_PREFERRED_ADDR_LEN 41 +# define QUIC_MAX_ENCODED_PREFERRED_ADDR_LEN 61 + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_vlint.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_vlint.h new file mode 100644 index 000000000000..d4b70b229c32 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_vlint.h @@ -0,0 +1,127 @@ +/* +* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +* +* Licensed under the Apache License 2.0 (the "License"). You may not use +* this file except in compliance with the License. You can obtain a copy +* in the file LICENSE in the source distribution or at +* https://www.openssl.org/source/license.html +*/ + +#ifndef OSSL_INTERNAL_QUIC_VLINT_H +# define OSSL_INTERNAL_QUIC_VLINT_H +# pragma once + +# include "internal/e_os.h" + +# ifndef OPENSSL_NO_QUIC + +/* The smallest value requiring a 1, 2, 4, or 8-byte representation. */ +#define OSSL_QUIC_VLINT_1B_MIN 0 +#define OSSL_QUIC_VLINT_2B_MIN 64 +#define OSSL_QUIC_VLINT_4B_MIN 16384 +#define OSSL_QUIC_VLINT_8B_MIN 1073741824 + +/* The largest value representable in a given number of bytes. */ +#define OSSL_QUIC_VLINT_1B_MAX (OSSL_QUIC_VLINT_2B_MIN - 1) +#define OSSL_QUIC_VLINT_2B_MAX (OSSL_QUIC_VLINT_4B_MIN - 1) +#define OSSL_QUIC_VLINT_4B_MAX (OSSL_QUIC_VLINT_8B_MIN - 1) +#define OSSL_QUIC_VLINT_8B_MAX (((uint64_t)1 << 62) - 1) + +/* The largest value representable as a variable-length integer. */ +#define OSSL_QUIC_VLINT_MAX OSSL_QUIC_VLINT_8B_MAX + +/* + * Returns the number of bytes needed to encode v in the QUIC variable-length + * integer encoding. + * + * Returns 0 if v exceeds OSSL_QUIC_VLINT_MAX. + */ +static ossl_unused ossl_inline size_t ossl_quic_vlint_encode_len(uint64_t v) +{ + if (v < OSSL_QUIC_VLINT_2B_MIN) + return 1; + + if (v < OSSL_QUIC_VLINT_4B_MIN) + return 2; + + if (v < OSSL_QUIC_VLINT_8B_MIN) + return 4; + + if (v <= OSSL_QUIC_VLINT_MAX) + return 8; + + return 0; +} + +/* + * This function writes a QUIC varable-length encoded integer to buf. + * The smallest usable representation is used. + * + * It is the caller's responsibility to ensure that the buffer is big enough by + * calling ossl_quic_vlint_encode_len(v) before calling this function. + * + * Precondition: buf is at least ossl_quic_vlint_enc_len(v) bytes in size + * (unchecked) + * Precondition: v does not exceed OSSL_QUIC_VLINT_MAX + * (unchecked) + */ +void ossl_quic_vlint_encode(unsigned char *buf, uint64_t v); + +/* + * This function writes a QUIC variable-length encoded integer to buf. The + * specified number of bytes n are used for the encoding, which means that the + * encoded value may take up more space than necessary. + * + * It is the caller's responsibility to ensure that the buffer is of at least n + * bytes, and that v is representable by a n-byte QUIC variable-length integer. + * The representable ranges are: + * + * 1-byte encoding: [0, 2** 6-1] + * 2-byte encoding: [0, 2**14-1] + * 4-byte encoding: [0, 2**30-1] + * 8-byte encoding: [0, 2**62-1] + * + * Precondition: buf is at least n bytes in size (unchecked) + * Precondition: v does not exceed the representable range + * (ossl_quic_vlint_encode_len(v) <= n) (unchecked) + * Precondition: v does not exceed OSSL_QUIC_VLINT_MAX + * (unchecked) + */ +void ossl_quic_vlint_encode_n(unsigned char *buf, uint64_t v, int n); + +/* + * Given the first byte of an encoded QUIC variable-length integer, returns + * the number of bytes comprising the encoded integer, including the first + * byte. + */ +static ossl_unused ossl_inline size_t ossl_quic_vlint_decode_len(uint8_t first_byte) +{ + return 1U << ((first_byte & 0xC0) >> 6); +} + +/* + * Given a buffer containing an encoded QUIC variable-length integer, returns + * the decoded value. The buffer must be of at least + * ossl_quic_vlint_decode_len(buf[0]) bytes in size, and the caller is responsible + * for checking this. + * + * Precondition: buf is at least ossl_quic_vlint_decode_len(buf[0]) bytes in size + * (unchecked) + */ +uint64_t ossl_quic_vlint_decode_unchecked(const unsigned char *buf); + +/* + * Given a buffer buf of buf_len bytes in length, attempts to decode an encoded + * QUIC variable-length integer at the start of the buffer and writes the result + * to *v. If buf_len is inadequate, suggesting a truncated encoded integer, the + * function fails and 0 is returned. Otherwise, returns the number of bytes + * consumed. + * + * Precondition: buf is at least buf_len bytes in size + * Precondition: v (unchecked) + */ +int ossl_quic_vlint_decode(const unsigned char *buf, size_t buf_len, uint64_t *v); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_wire.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_wire.h new file mode 100644 index 000000000000..cd01feb03628 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_wire.h @@ -0,0 +1,784 @@ +/* +* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +* +* Licensed under the Apache License 2.0 (the "License"). You may not use +* this file except in compliance with the License. You can obtain a copy +* in the file LICENSE in the source distribution or at +* https://www.openssl.org/source/license.html +*/ + +#ifndef OSSL_INTERNAL_QUIC_WIRE_H +# define OSSL_INTERNAL_QUIC_WIRE_H +# pragma once + +# include "internal/e_os.h" +# include "internal/time.h" +# include "internal/quic_types.h" +# include "internal/packet_quic.h" + +# ifndef OPENSSL_NO_QUIC + +# define OSSL_QUIC_FRAME_TYPE_PADDING 0x00 +# define OSSL_QUIC_FRAME_TYPE_PING 0x01 +# define OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN 0x02 +# define OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN 0x03 +# define OSSL_QUIC_FRAME_TYPE_RESET_STREAM 0x04 +# define OSSL_QUIC_FRAME_TYPE_STOP_SENDING 0x05 +# define OSSL_QUIC_FRAME_TYPE_CRYPTO 0x06 +# define OSSL_QUIC_FRAME_TYPE_NEW_TOKEN 0x07 +# define OSSL_QUIC_FRAME_TYPE_MAX_DATA 0x10 +# define OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA 0x11 +# define OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI 0x12 +# define OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI 0x13 +# define OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED 0x14 +# define OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED 0x15 +# define OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI 0x16 +# define OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI 0x17 +# define OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID 0x18 +# define OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID 0x19 +# define OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE 0x1A +# define OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE 0x1B +# define OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_TRANSPORT 0x1C +# define OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP 0x1D +# define OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE 0x1E + +# define OSSL_QUIC_FRAME_FLAG_STREAM_FIN 0x01 +# define OSSL_QUIC_FRAME_FLAG_STREAM_LEN 0x02 +# define OSSL_QUIC_FRAME_FLAG_STREAM_OFF 0x04 +# define OSSL_QUIC_FRAME_FLAG_STREAM_MASK ((uint64_t)0x07) + +/* Low 3 bits of the type contain flags */ +# define OSSL_QUIC_FRAME_TYPE_STREAM 0x08 /* base ID */ +# define OSSL_QUIC_FRAME_TYPE_STREAM_FIN \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_FIN) +# define OSSL_QUIC_FRAME_TYPE_STREAM_LEN \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_LEN) +# define OSSL_QUIC_FRAME_TYPE_STREAM_LEN_FIN \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_LEN | \ + OSSL_QUIC_FRAME_FLAG_STREAM_FIN) +# define OSSL_QUIC_FRAME_TYPE_STREAM_OFF \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_OFF) +# define OSSL_QUIC_FRAME_TYPE_STREAM_OFF_FIN \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_OFF | \ + OSSL_QUIC_FRAME_FLAG_STREAM_FIN) +# define OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_OFF | \ + OSSL_QUIC_FRAME_FLAG_STREAM_LEN) +# define OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN_FIN \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_OFF | \ + OSSL_QUIC_FRAME_FLAG_STREAM_LEN | \ + OSSL_QUIC_FRAME_FLAG_STREAM_FIN) + +# define OSSL_QUIC_FRAME_TYPE_IS_STREAM(x) \ + (((x) & ~OSSL_QUIC_FRAME_FLAG_STREAM_MASK) == OSSL_QUIC_FRAME_TYPE_STREAM) +# define OSSL_QUIC_FRAME_TYPE_IS_ACK(x) \ + (((x) & ~(uint64_t)1) == OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN) +# define OSSL_QUIC_FRAME_TYPE_IS_MAX_STREAMS(x) \ + (((x) & ~(uint64_t)1) == OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI) +# define OSSL_QUIC_FRAME_TYPE_IS_STREAMS_BLOCKED(x) \ + (((x) & ~(uint64_t)1) == OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI) +# define OSSL_QUIC_FRAME_TYPE_IS_CONN_CLOSE(x) \ + (((x) & ~(uint64_t)1) == OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_TRANSPORT) + +const char *ossl_quic_frame_type_to_string(uint64_t frame_type); + +static ossl_unused ossl_inline int +ossl_quic_frame_type_is_ack_eliciting(uint64_t frame_type) +{ + switch (frame_type) { + case OSSL_QUIC_FRAME_TYPE_PADDING: + case OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN: + case OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN: + case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_TRANSPORT: + case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP: + return 0; + default: + return 1; + } +} + +/* QUIC Transport Parameter Types */ +# define QUIC_TPARAM_ORIG_DCID 0x00 +# define QUIC_TPARAM_MAX_IDLE_TIMEOUT 0x01 +# define QUIC_TPARAM_STATELESS_RESET_TOKEN 0x02 +# define QUIC_TPARAM_MAX_UDP_PAYLOAD_SIZE 0x03 +# define QUIC_TPARAM_INITIAL_MAX_DATA 0x04 +# define QUIC_TPARAM_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL 0x05 +# define QUIC_TPARAM_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE 0x06 +# define QUIC_TPARAM_INITIAL_MAX_STREAM_DATA_UNI 0x07 +# define QUIC_TPARAM_INITIAL_MAX_STREAMS_BIDI 0x08 +# define QUIC_TPARAM_INITIAL_MAX_STREAMS_UNI 0x09 +# define QUIC_TPARAM_ACK_DELAY_EXP 0x0A +# define QUIC_TPARAM_MAX_ACK_DELAY 0x0B +# define QUIC_TPARAM_DISABLE_ACTIVE_MIGRATION 0x0C +# define QUIC_TPARAM_PREFERRED_ADDR 0x0D +# define QUIC_TPARAM_ACTIVE_CONN_ID_LIMIT 0x0E +# define QUIC_TPARAM_INITIAL_SCID 0x0F +# define QUIC_TPARAM_RETRY_SCID 0x10 + +/* + * QUIC Frame Logical Representations + * ================================== + */ + +/* QUIC Frame: ACK */ +typedef struct ossl_quic_ack_range_st { + /* + * Represents an inclusive range of packet numbers [start, end]. + * start must be <= end. + */ + QUIC_PN start, end; +} OSSL_QUIC_ACK_RANGE; + +typedef struct ossl_quic_frame_ack_st { + /* + * A sequence of packet number ranges [[start, end]...]. + * + * The ranges must be sorted in descending order, for example: + * [ 95, 100] + * [ 90, 92] + * etc. + * + * As such, ack_ranges[0].end is always the highest packet number + * being acknowledged and ack_ranges[num_ack_ranges-1].start is + * always the lowest packet number being acknowledged. + * + * num_ack_ranges must be greater than zero, as an ACK frame must + * acknowledge at least one packet number. + */ + OSSL_QUIC_ACK_RANGE *ack_ranges; + size_t num_ack_ranges; + + OSSL_TIME delay_time; + uint64_t ect0, ect1, ecnce; + unsigned int ecn_present : 1; +} OSSL_QUIC_FRAME_ACK; + +/* Returns 1 if the given frame contains the given PN. */ +int ossl_quic_frame_ack_contains_pn(const OSSL_QUIC_FRAME_ACK *ack, QUIC_PN pn); + +/* QUIC Frame: STREAM */ +typedef struct ossl_quic_frame_stream_st { + uint64_t stream_id; /* Stream ID */ + uint64_t offset; /* Logical offset in stream */ + uint64_t len; /* Length of data in bytes */ + const unsigned char *data; + + /* + * On encode, this determines whether the len field should be encoded or + * not. If zero, the len field is not encoded and it is assumed the frame + * runs to the end of the packet. + * + * On decode, this determines whether the frame had an explicitly encoded + * length. If not set, the frame runs to the end of the packet and len has + * been set accordingly. + */ + unsigned int has_explicit_len : 1; + + /* 1 if this is the end of the stream */ + unsigned int is_fin : 1; +} OSSL_QUIC_FRAME_STREAM; + +/* QUIC Frame: CRYPTO */ +typedef struct ossl_quic_frame_crypto_st { + uint64_t offset; /* Logical offset in stream */ + uint64_t len; /* Length of the data in bytes */ + const unsigned char *data; +} OSSL_QUIC_FRAME_CRYPTO; + +/* QUIC Frame: RESET_STREAM */ +typedef struct ossl_quic_frame_reset_stream_st { + uint64_t stream_id; + uint64_t app_error_code; + uint64_t final_size; +} OSSL_QUIC_FRAME_RESET_STREAM; + +/* QUIC Frame: STOP_SENDING */ +typedef struct ossl_quic_frame_stop_sending_st { + uint64_t stream_id; + uint64_t app_error_code; +} OSSL_QUIC_FRAME_STOP_SENDING; + +/* QUIC Frame: NEW_CONNECTION_ID */ +typedef struct ossl_quic_frame_new_conn_id_st { + uint64_t seq_num; + uint64_t retire_prior_to; + QUIC_CONN_ID conn_id; + QUIC_STATELESS_RESET_TOKEN stateless_reset; +} OSSL_QUIC_FRAME_NEW_CONN_ID; + +/* QUIC Frame: CONNECTION_CLOSE */ +typedef struct ossl_quic_frame_conn_close_st { + unsigned int is_app : 1; /* 0: transport error, 1: app error */ + uint64_t error_code; /* 62-bit transport or app error code */ + uint64_t frame_type; /* transport errors only */ + char *reason; /* UTF-8 string, not necessarily zero-terminated */ + size_t reason_len; /* Length of reason in bytes */ +} OSSL_QUIC_FRAME_CONN_CLOSE; + +/* + * QUIC Wire Format Encoding + * ========================= + * + * These functions return 1 on success and 0 on failure. + */ + +/* + * Encodes zero or more QUIC PADDING frames to the packet writer. Each PADDING + * frame consumes one byte; num_bytes specifies the number of bytes of padding + * to write. + */ +int ossl_quic_wire_encode_padding(WPACKET *pkt, size_t num_bytes); + +/* + * Encodes a QUIC PING frame to the packet writer. This frame type takes + * no arguments. +*/ +int ossl_quic_wire_encode_frame_ping(WPACKET *pkt); + +/* + * Encodes a QUIC ACK frame to the packet writer, given a logical representation + * of the ACK frame. + * + * The ACK ranges passed must be sorted in descending order. + * + * The logical representation stores a list of packet number ranges. The wire + * encoding is slightly different and stores the first range in the list + * in a different manner. + * + * The ack_delay_exponent argument specifies the index of a power of two by + * which the ack->ack_delay field is be divided. This exponent value must match + * the value used when decoding. + */ +int ossl_quic_wire_encode_frame_ack(WPACKET *pkt, + uint32_t ack_delay_exponent, + const OSSL_QUIC_FRAME_ACK *ack); + +/* + * Encodes a QUIC RESET_STREAM frame to the packet writer, given a logical + * representation of the RESET_STREAM frame. + */ +int ossl_quic_wire_encode_frame_reset_stream(WPACKET *pkt, + const OSSL_QUIC_FRAME_RESET_STREAM *f); + +/* + * Encodes a QUIC STOP_SENDING frame to the packet writer, given a logical + * representation of the STOP_SENDING frame. + */ +int ossl_quic_wire_encode_frame_stop_sending(WPACKET *pkt, + const OSSL_QUIC_FRAME_STOP_SENDING *f); + +/* + * Encodes a QUIC CRYPTO frame header to the packet writer. + * + * To create a well-formed frame, the data written using this function must be + * immediately followed by f->len bytes of data. + */ +int ossl_quic_wire_encode_frame_crypto_hdr(WPACKET *hdr, + const OSSL_QUIC_FRAME_CRYPTO *f); + +/* + * Returns the number of bytes which will be required to encode the given + * CRYPTO frame header. Does not include the payload bytes in the count. + * Returns 0 if input is invalid. + */ +size_t ossl_quic_wire_get_encoded_frame_len_crypto_hdr(const OSSL_QUIC_FRAME_CRYPTO *f); + +/* + * Encodes a QUIC CRYPTO frame to the packet writer. + * + * This function returns a pointer to a buffer of f->len bytes which the caller + * should fill however it wishes. If f->data is non-NULL, it is automatically + * copied to the target buffer, otherwise the caller must fill the returned + * buffer. Returns NULL on failure. + */ +void *ossl_quic_wire_encode_frame_crypto(WPACKET *pkt, + const OSSL_QUIC_FRAME_CRYPTO *f); + +/* + * Encodes a QUIC NEW_TOKEN frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_new_token(WPACKET *pkt, + const unsigned char *token, + size_t token_len); + +/* + * Encodes a QUIC STREAM frame's header to the packet writer. The f->stream_id, + * f->offset and f->len fields are the values for the respective Stream ID, + * Offset and Length fields. + * + * If f->is_fin is non-zero, the frame is marked as the final frame in the + * stream. + * + * If f->has_explicit_len is zerro, the frame is assumed to be the final frame + * in the packet, which the caller is responsible for ensuring; the Length + * field is then omitted. + * + * To create a well-formed frame, the data written using this function must be + * immediately followed by f->len bytes of stream data. + */ +int ossl_quic_wire_encode_frame_stream_hdr(WPACKET *pkt, + const OSSL_QUIC_FRAME_STREAM *f); + +/* + * Returns the number of bytes which will be required to encode the given + * STREAM frame header. Does not include the payload bytes in the count. + * Returns 0 if input is invalid. + */ +size_t ossl_quic_wire_get_encoded_frame_len_stream_hdr(const OSSL_QUIC_FRAME_STREAM *f); + +/* + * Functions similarly to ossl_quic_wire_encode_frame_stream_hdr, but it also + * allocates space for f->len bytes of data after the header, creating a + * well-formed QUIC STREAM frame in one call. + * + * A pointer to the bytes allocated for the framme payload is returned, + * which the caller can fill however it wishes. If f->data is non-NULL, + * it is automatically copied to the target buffer, otherwise the caller + * must fill the returned buffer. Returns NULL on failure. + */ +void *ossl_quic_wire_encode_frame_stream(WPACKET *pkt, + const OSSL_QUIC_FRAME_STREAM *f); + +/* + * Encodes a QUIC MAX_DATA frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_max_data(WPACKET *pkt, + uint64_t max_data); + +/* + * Encodes a QUIC MAX_STREAM_DATA frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_max_stream_data(WPACKET *pkt, + uint64_t stream_id, + uint64_t max_data); + +/* + * Encodes a QUIC MAX_STREAMS frame to the packet writer. + * + * If is_uni is 0, the count specifies the maximum number of + * bidirectional streams; else it specifies the maximum number of unidirectional + * streams. + */ +int ossl_quic_wire_encode_frame_max_streams(WPACKET *pkt, + char is_uni, + uint64_t max_streams); + +/* + * Encodes a QUIC DATA_BLOCKED frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_data_blocked(WPACKET *pkt, + uint64_t max_data); + +/* + * Encodes a QUIC STREAM_DATA_BLOCKED frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_stream_data_blocked(WPACKET *pkt, + uint64_t stream_id, + uint64_t max_stream_data); +/* + * Encodes a QUIC STREAMS_BLOCKED frame to the packet writer. + * + * If is_uni is 0, the count specifies the maximum number of + * bidirectional streams; else it specifies the maximum number of unidirectional + * streams. + */ +int ossl_quic_wire_encode_frame_streams_blocked(WPACKET *pkt, + char is_uni, + uint64_t max_streams); + +/* + * Encodes a QUIC NEW_CONNECTION_ID frame to the packet writer, given a logical + * representation of the NEW_CONNECTION_ID frame. + * + * The buffer pointed to by the conn_id field must be valid for the duration of + * the call. + */ +int ossl_quic_wire_encode_frame_new_conn_id(WPACKET *pkt, + const OSSL_QUIC_FRAME_NEW_CONN_ID *f); + +/* + * Encodes a QUIC RETIRE_CONNECTION_ID frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_retire_conn_id(WPACKET *pkt, + uint64_t seq_num); + +/* + * Encodes a QUIC PATH_CHALLENGE frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_path_challenge(WPACKET *pkt, + uint64_t data); + +/* + * Encodes a QUIC PATH_RESPONSE frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_path_response(WPACKET *pkt, + uint64_t data); + +/* + * Encodes a QUIC CONNECTION_CLOSE frame to the packet writer, given a logical + * representation of the CONNECTION_CLOSE frame. + * + * The reason field may be NULL, in which case no reason is encoded. If the + * reason field is non-NULL, it must point to a valid UTF-8 string and + * reason_len must be set to the length of the reason string in bytes. The + * reason string need not be zero terminated. + */ +int ossl_quic_wire_encode_frame_conn_close(WPACKET *pkt, + const OSSL_QUIC_FRAME_CONN_CLOSE *f); + +/* + * Encodes a QUIC HANDSHAKE_DONE frame to the packet writer. This frame type + * takes no arguiments. + */ +int ossl_quic_wire_encode_frame_handshake_done(WPACKET *pkt); + +/* + * Encodes a QUIC transport parameter TLV with the given ID into the WPACKET. + * The payload is an arbitrary buffer. + * + * If value is non-NULL, the value is copied into the packet. + * If it is NULL, value_len bytes are allocated for the payload and the caller + * should fill the buffer using the returned pointer. + * + * Returns a pointer to the start of the payload on success, or NULL on failure. + */ +unsigned char *ossl_quic_wire_encode_transport_param_bytes(WPACKET *pkt, + uint64_t id, + const unsigned char *value, + size_t value_len); + +/* + * Encodes a QUIC transport parameter TLV with the given ID into the WPACKET. + * The payload is a QUIC variable-length integer with the given value. + */ +int ossl_quic_wire_encode_transport_param_int(WPACKET *pkt, + uint64_t id, + uint64_t value); + +/* + * Encodes a QUIC transport parameter TLV with a given ID into the WPACKET. + * The payload is a QUIC connection ID. + */ +int ossl_quic_wire_encode_transport_param_cid(WPACKET *wpkt, + uint64_t id, + const QUIC_CONN_ID *cid); + +/* + * QUIC Wire Format Decoding + * ========================= + * + * These functions return 1 on success or 0 for failure. Typical reasons + * why these functions may fail include: + * + * - A frame decode function is called but the frame in the PACKET's buffer + * is not of the correct type. + * + * - A variable-length field in the encoded frame appears to exceed the bounds + * of the PACKET's buffer. + * + * These functions should be called with the PACKET pointing to the start of the + * frame (including the initial type field), and consume an entire frame + * including its type field. The expectation is that the caller will have + * already discerned the frame type using ossl_quic_wire_peek_frame_header(). + */ + +/* + * Decodes the type field header of a QUIC frame (without advancing the current + * position). This can be used to determine the frame type and determine which + * frame decoding function to call. + */ +int ossl_quic_wire_peek_frame_header(PACKET *pkt, uint64_t *type, + int *was_minimal); + +/* + * Like ossl_quic_wire_peek_frame_header, but advances the current position + * so that the type field is consumed. For advanced use only. + */ +int ossl_quic_wire_skip_frame_header(PACKET *pkt, uint64_t *type); + +/* + * Determines how many ranges are needed to decode a QUIC ACK frame. + * + * The number of ranges which must be allocated before the call to + * ossl_quic_wire_decode_frame_ack is written to *total_ranges. + * + * The PACKET is not advanced. + */ +int ossl_quic_wire_peek_frame_ack_num_ranges(const PACKET *pkt, + uint64_t *total_ranges); + +/* + * Decodes a QUIC ACK frame. The ack_ranges field of the passed structure should + * point to a preallocated array of ACK ranges and the num_ack_ranges field + * should specify the length of allocation. + * + * *total_ranges is written with the number of ranges in the decoded frame, + * which may be greater than the number of ranges which were decoded (i.e. if + * num_ack_ranges was too small to decode all ranges). + * + * On success, this function modifies the num_ack_ranges field to indicate the + * number of ranges in the decoded frame. This is the number of entries in the + * ACK ranges array written by this function; any additional entries are not + * modified. + * + * If the number of ACK ranges in the decoded frame exceeds that in + * num_ack_ranges, as many ACK ranges as possible are decoded into the range + * array. The caller can use the value written to *total_ranges to detect this + * condition, as *total_ranges will exceed num_ack_ranges. + * + * If ack is NULL, the frame is still decoded, but only *total_ranges is + * written. This can be used to determine the number of ranges which must be + * allocated. + * + * The ack_delay_exponent argument specifies the index of a power of two used to + * decode the ack_delay field. This must match the ack_delay_exponent value used + * to encode the frame. + */ +int ossl_quic_wire_decode_frame_ack(PACKET *pkt, + uint32_t ack_delay_exponent, + OSSL_QUIC_FRAME_ACK *ack, + uint64_t *total_ranges); + +/* + * Decodes a QUIC RESET_STREAM frame. + */ +int ossl_quic_wire_decode_frame_reset_stream(PACKET *pkt, + OSSL_QUIC_FRAME_RESET_STREAM *f); + +/* + * Decodes a QUIC STOP_SENDING frame. + */ +int ossl_quic_wire_decode_frame_stop_sending(PACKET *pkt, + OSSL_QUIC_FRAME_STOP_SENDING *f); + +/* + * Decodes a QUIC CRYPTO frame. + * + * f->data is set to point inside the packet buffer inside the PACKET, therefore + * it is safe to access for as long as the packet buffer exists. If nodata is + * set to 1 then reading the PACKET stops after the frame header and f->data is + * set to NULL. + */ +int ossl_quic_wire_decode_frame_crypto(PACKET *pkt, int nodata, + OSSL_QUIC_FRAME_CRYPTO *f); + +/* + * Decodes a QUIC NEW_TOKEN frame. *token is written with a pointer to the token + * bytes and *token_len is written with the length of the token in bytes. + */ +int ossl_quic_wire_decode_frame_new_token(PACKET *pkt, + const unsigned char **token, + size_t *token_len); + +/* + * Decodes a QUIC STREAM frame. + * + * If nodata is set to 1 then reading the PACKET stops after the frame header + * and f->data is set to NULL. In this case f->len will also be 0 in the event + * that "has_explicit_len" is 0. + * + * If the frame did not contain an offset field, f->offset is set to 0, as the + * absence of an offset field is equivalent to an offset of 0. + * + * If the frame contained a length field, f->has_explicit_len is set to 1 and + * the length of the data is placed in f->len. This function ensures that the + * length does not exceed the packet buffer, thus it is safe to access f->data. + * + * If the frame did not contain a length field, this means that the frame runs + * until the end of the packet. This function sets f->has_explicit_len to zero, + * and f->len to the amount of data remaining in the input buffer. Therefore, + * this function should be used with a PACKET representing a single packet (and + * not e.g. multiple packets). + * + * Note also that this means f->len is always valid after this function returns + * successfully, regardless of the value of f->has_explicit_len. + * + * f->data points inside the packet buffer inside the PACKET, therefore it is + * safe to access for as long as the packet buffer exists. + * + * f->is_fin is set according to whether the frame was marked as ending the + * stream. + */ +int ossl_quic_wire_decode_frame_stream(PACKET *pkt, int nodata, + OSSL_QUIC_FRAME_STREAM *f); + +/* + * Decodes a QUIC MAX_DATA frame. The Maximum Data field is written to + * *max_data. + */ +int ossl_quic_wire_decode_frame_max_data(PACKET *pkt, + uint64_t *max_data); + +/* + * Decodes a QUIC MAX_STREAM_DATA frame. The Stream ID is written to *stream_id + * and Maximum Stream Data field is written to *max_stream_data. + */ +int ossl_quic_wire_decode_frame_max_stream_data(PACKET *pkt, + uint64_t *stream_id, + uint64_t *max_stream_data); +/* + * Decodes a QUIC MAX_STREAMS frame. The Maximum Streams field is written to + * *max_streams. + * + * Whether the limit concerns bidirectional streams or unidirectional streams is + * denoted by the frame type; the caller should examine the frame type to + * determine this. + */ +int ossl_quic_wire_decode_frame_max_streams(PACKET *pkt, + uint64_t *max_streams); + +/* + * Decodes a QUIC DATA_BLOCKED frame. The Maximum Data field is written to + * *max_data. + */ +int ossl_quic_wire_decode_frame_data_blocked(PACKET *pkt, + uint64_t *max_data); + +/* + * Decodes a QUIC STREAM_DATA_BLOCKED frame. The Stream ID and Maximum Stream + * Data fields are written to *stream_id and *max_stream_data respectively. + */ +int ossl_quic_wire_decode_frame_stream_data_blocked(PACKET *pkt, + uint64_t *stream_id, + uint64_t *max_stream_data); + +/* + * Decodes a QUIC STREAMS_BLOCKED frame. The Maximum Streams field is written to + * *max_streams. + * + * Whether the limit concerns bidirectional streams or unidirectional streams is + * denoted by the frame type; the caller should examine the frame type to + * determine this. + */ +int ossl_quic_wire_decode_frame_streams_blocked(PACKET *pkt, + uint64_t *max_streams); + + +/* + * Decodes a QUIC NEW_CONNECTION_ID frame. The logical representation of the + * frame is written to *f. + * + * The conn_id field is set to point to the connection ID string inside the + * packet buffer; it is therefore valid for as long as the PACKET's buffer is + * valid. The conn_id_len field is set to the length of the connection ID string + * in bytes. + */ +int ossl_quic_wire_decode_frame_new_conn_id(PACKET *pkt, + OSSL_QUIC_FRAME_NEW_CONN_ID *f); + +/* + * Decodes a QUIC RETIRE_CONNECTION_ID frame. The Sequence Number field + * is written to *seq_num. + */ +int ossl_quic_wire_decode_frame_retire_conn_id(PACKET *pkt, + uint64_t *seq_num); + +/* + * Decodes a QUIC PATH_CHALLENGE frame. The Data field is written to *data. + */ +int ossl_quic_wire_decode_frame_path_challenge(PACKET *pkt, + uint64_t *data); + +/* + * Decodes a QUIC PATH_CHALLENGE frame. The Data field is written to *data. + */ +int ossl_quic_wire_decode_frame_path_response(PACKET *pkt, + uint64_t *data); + +/* + * Decodes a QUIC CONNECTION_CLOSE frame. The logical representation + * of the frame is written to *f. + * + * The reason field is set to point to the UTF-8 reason string inside + * the packet buffer; it is therefore valid for as long as the PACKET's + * buffer is valid. The reason_len field is set to the length of the + * reason string in bytes. + * + * IMPORTANT: The reason string is not zero-terminated. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_wire_decode_frame_conn_close(PACKET *pkt, + OSSL_QUIC_FRAME_CONN_CLOSE *f); + +/* + * Decodes one or more PADDING frames. PADDING frames have no arguments. + * + * Returns the number of PADDING frames decoded or 0 on error. + */ +size_t ossl_quic_wire_decode_padding(PACKET *pkt); + +/* + * Decodes a PING frame. The frame has no arguments. + */ +int ossl_quic_wire_decode_frame_ping(PACKET *pkt); + +/* + * Decodes a HANDSHAKE_DONE frame. The frame has no arguments. + */ +int ossl_quic_wire_decode_frame_handshake_done(PACKET *pkt); + +/* + * Peeks at the ID of the next QUIC transport parameter TLV in the stream. + * The ID is written to *id. + */ +int ossl_quic_wire_peek_transport_param(PACKET *pkt, uint64_t *id); + +/* + * Decodes a QUIC transport parameter TLV. A pointer to the value buffer is + * returned on success. This points inside the PACKET's buffer and is therefore + * valid as long as the PACKET's buffer is valid. + * + * The transport parameter ID is written to *id (if non-NULL) and the length of + * the payload in bytes is written to *len. + * + * Returns NULL on failure. + */ +const unsigned char *ossl_quic_wire_decode_transport_param_bytes(PACKET *pkt, + uint64_t *id, + size_t *len); + +/* + * Decodes a QUIC transport parameter TLV containing a variable-length integer. + * + * The transport parameter ID is written to *id (if non-NULL) and the value is + * written to *value. + */ +int ossl_quic_wire_decode_transport_param_int(PACKET *pkt, + uint64_t *id, + uint64_t *value); + +/* + * Decodes a QUIC transport parameter TLV containing a connection ID. + * + * The transport parameter ID is written to *id (if non-NULL) and the value is + * written to *value. + */ +int ossl_quic_wire_decode_transport_param_cid(PACKET *pkt, + uint64_t *id, + QUIC_CONN_ID *cid); + +/* + * Decodes a QUIC transport parameter TLV containing a preferred_address. + */ +typedef struct quic_preferred_addr_st { + uint16_t ipv4_port, ipv6_port; + unsigned char ipv4[4], ipv6[16]; + QUIC_STATELESS_RESET_TOKEN stateless_reset; + QUIC_CONN_ID cid; +} QUIC_PREFERRED_ADDR; + +int ossl_quic_wire_decode_transport_param_preferred_addr(PACKET *pkt, + QUIC_PREFERRED_ADDR *p); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_wire_pkt.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_wire_pkt.h new file mode 100644 index 000000000000..18a483fc2cc6 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/quic_wire_pkt.h @@ -0,0 +1,629 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_WIRE_PKT_H +# define OSSL_QUIC_WIRE_PKT_H + +# include +# include "internal/packet_quic.h" +# include "internal/quic_types.h" + +# ifndef OPENSSL_NO_QUIC + +# define QUIC_VERSION_NONE ((uint32_t)0) /* Used for version negotiation */ +# define QUIC_VERSION_1 ((uint32_t)1) /* QUIC v1 */ + +/* QUIC logical packet type. These do not match wire values. */ +# define QUIC_PKT_TYPE_INITIAL 1 +# define QUIC_PKT_TYPE_0RTT 2 +# define QUIC_PKT_TYPE_HANDSHAKE 3 +# define QUIC_PKT_TYPE_RETRY 4 +# define QUIC_PKT_TYPE_1RTT 5 +# define QUIC_PKT_TYPE_VERSION_NEG 6 + +/* + * Determine encryption level from packet type. Returns QUIC_ENC_LEVEL_NUM if + * the packet is not of a type which is encrypted. + */ +static ossl_inline ossl_unused uint32_t +ossl_quic_pkt_type_to_enc_level(uint32_t pkt_type) +{ + switch (pkt_type) { + case QUIC_PKT_TYPE_INITIAL: + return QUIC_ENC_LEVEL_INITIAL; + case QUIC_PKT_TYPE_HANDSHAKE: + return QUIC_ENC_LEVEL_HANDSHAKE; + case QUIC_PKT_TYPE_0RTT: + return QUIC_ENC_LEVEL_0RTT; + case QUIC_PKT_TYPE_1RTT: + return QUIC_ENC_LEVEL_1RTT; + default: + return QUIC_ENC_LEVEL_NUM; + } +} + +static ossl_inline ossl_unused uint32_t +ossl_quic_enc_level_to_pkt_type(uint32_t enc_level) +{ + switch (enc_level) { + case QUIC_ENC_LEVEL_INITIAL: + return QUIC_PKT_TYPE_INITIAL; + case QUIC_ENC_LEVEL_HANDSHAKE: + return QUIC_PKT_TYPE_HANDSHAKE; + case QUIC_ENC_LEVEL_0RTT: + return QUIC_PKT_TYPE_0RTT; + case QUIC_ENC_LEVEL_1RTT: + return QUIC_PKT_TYPE_1RTT; + default: + return UINT32_MAX; + } +} + +/* Determine if a packet type contains an encrypted payload. */ +static ossl_inline ossl_unused int +ossl_quic_pkt_type_is_encrypted(uint32_t pkt_type) +{ + switch (pkt_type) { + case QUIC_PKT_TYPE_RETRY: + case QUIC_PKT_TYPE_VERSION_NEG: + return 0; + default: + return 1; + } +} + +/* Determine if a packet type contains a PN field. */ +static ossl_inline ossl_unused int +ossl_quic_pkt_type_has_pn(uint32_t pkt_type) +{ + /* + * Currently a packet has a PN iff it is encrypted. This could change + * someday. + */ + return ossl_quic_pkt_type_is_encrypted(pkt_type); +} + +/* + * Determine if a packet type can appear with other packets in a datagram. Some + * packet types must be the sole packet in a datagram. + */ +static ossl_inline ossl_unused int +ossl_quic_pkt_type_can_share_dgram(uint32_t pkt_type) +{ + /* + * Currently only the encrypted packet types can share a datagram. This + * could change someday. + */ + return ossl_quic_pkt_type_is_encrypted(pkt_type); +} + +/* + * Determine if the packet type must come at the end of the datagram (due to the + * lack of a length field). + */ +static ossl_inline ossl_unused int +ossl_quic_pkt_type_must_be_last(uint32_t pkt_type) +{ + /* + * Any packet type which cannot share a datagram obviously must come last. + * 1-RTT also must come last as it lacks a length field. + */ + return !ossl_quic_pkt_type_can_share_dgram(pkt_type) + || pkt_type == QUIC_PKT_TYPE_1RTT; +} + +/* + * Determine if the packet type has a version field. + */ +static ossl_inline ossl_unused int +ossl_quic_pkt_type_has_version(uint32_t pkt_type) +{ + return pkt_type != QUIC_PKT_TYPE_1RTT && pkt_type != QUIC_PKT_TYPE_VERSION_NEG; +} + +/* + * Determine if the packet type has a SCID field. + */ +static ossl_inline ossl_unused int +ossl_quic_pkt_type_has_scid(uint32_t pkt_type) +{ + return pkt_type != QUIC_PKT_TYPE_1RTT; +} + +/* + * Smallest possible QUIC packet size as per RFC (aside from version negotiation + * packets). + */ +# define QUIC_MIN_VALID_PKT_LEN_CRYPTO 21 +# define QUIC_MIN_VALID_PKT_LEN_VERSION_NEG 7 +# define QUIC_MIN_VALID_PKT_LEN QUIC_MIN_VALID_PKT_LEN_VERSION_NEG + +typedef struct quic_pkt_hdr_ptrs_st QUIC_PKT_HDR_PTRS; + +/* + * QUIC Packet Header Protection + * ============================= + * + * Functions to apply and remove QUIC packet header protection. A header + * protector is initialised using ossl_quic_hdr_protector_init and must be + * destroyed using ossl_quic_hdr_protector_cleanup when no longer needed. + */ +typedef struct quic_hdr_protector_st { + OSSL_LIB_CTX *libctx; + const char *propq; + EVP_CIPHER_CTX *cipher_ctx; + EVP_CIPHER *cipher; + uint32_t cipher_id; +} QUIC_HDR_PROTECTOR; + +# define QUIC_HDR_PROT_CIPHER_AES_128 1 +# define QUIC_HDR_PROT_CIPHER_AES_256 2 +# define QUIC_HDR_PROT_CIPHER_CHACHA 3 + +/* + * Initialises a header protector. + * + * cipher_id: + * The header protection cipher method to use. One of + * QUIC_HDR_PROT_CIPHER_*. Must be chosen based on negotiated TLS cipher + * suite. + * + * quic_hp_key: + * This must be the "quic hp" key derived from a traffic secret. + * + * The length of the quic_hp_key must correspond to that expected for the + * given cipher ID. + * + * The header protector performs amortisable initialisation in this function, + * therefore a header protector should be used for as long as possible. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_hdr_protector_init(QUIC_HDR_PROTECTOR *hpr, + OSSL_LIB_CTX *libctx, + const char *propq, + uint32_t cipher_id, + const unsigned char *quic_hp_key, + size_t quic_hp_key_len); + +/* + * Destroys a header protector. This is also safe to call on a zero-initialized + * OSSL_QUIC_HDR_PROTECTOR structure which has not been initialized, or which + * has already been destroyed. + */ +void ossl_quic_hdr_protector_cleanup(QUIC_HDR_PROTECTOR *hpr); + +/* + * Removes header protection from a packet. The packet payload must currently be + * encrypted (i.e., you must remove header protection before decrypting packets + * received). The function examines the header buffer to determine which bytes + * of the header need to be decrypted. + * + * If this function fails, no data is modified. + * + * This is implemented as a call to ossl_quic_hdr_protector_decrypt_fields(). + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_hdr_protector_decrypt(QUIC_HDR_PROTECTOR *hpr, + QUIC_PKT_HDR_PTRS *ptrs); + +/* + * Applies header protection to a packet. The packet payload must already have + * been encrypted (i.e., you must apply header protection after encrypting + * a packet). The function examines the header buffer to determine which bytes + * of the header need to be encrypted. + * + * This is implemented as a call to ossl_quic_hdr_protector_encrypt_fields(). + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_hdr_protector_encrypt(QUIC_HDR_PROTECTOR *hpr, + QUIC_PKT_HDR_PTRS *ptrs); + +/* + * Removes header protection from a packet. The packet payload must currently + * be encrypted. This is a low-level function which assumes you have already + * determined which parts of the packet header need to be decrypted. + * + * sample: + * The range of bytes in the packet to be used to generate the header + * protection mask. It is permissible to set sample_len to the size of the + * remainder of the packet; this function will only use as many bytes as + * needed. If not enough sample bytes are provided, this function fails. + * + * first_byte: + * The first byte of the QUIC packet header to be decrypted. + * + * pn: + * Pointer to the start of the PN field. The caller is responsible + * for ensuring at least four bytes follow this pointer. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_hdr_protector_decrypt_fields(QUIC_HDR_PROTECTOR *hpr, + const unsigned char *sample, + size_t sample_len, + unsigned char *first_byte, + unsigned char *pn_bytes); + +/* + * Works analogously to ossl_hdr_protector_decrypt_fields, but applies header + * protection instead of removing it. + */ +int ossl_quic_hdr_protector_encrypt_fields(QUIC_HDR_PROTECTOR *hpr, + const unsigned char *sample, + size_t sample_len, + unsigned char *first_byte, + unsigned char *pn_bytes); + +/* + * QUIC Packet Header + * ================== + * + * This structure provides a logical representation of a QUIC packet header. + * + * QUIC packet formats fall into the following categories: + * + * Long Packets, which is subdivided into five possible packet types: + * Version Negotiation (a special case); + * Initial; + * 0-RTT; + * Handshake; and + * Retry + * + * Short Packets, which comprises only a single packet type (1-RTT). + * + * The packet formats vary and common fields are found in some packets but + * not others. The below table indicates which fields are present in which + * kinds of packet. * indicates header protection is applied. + * + * SLLLLL Legend: 1=1-RTT, i=Initial, 0=0-RTT, h=Handshake + * 1i0hrv r=Retry, v=Version Negotiation + * ------ + * 1i0hrv Header Form (0=Short, 1=Long) + * 1i0hr Fixed Bit (always 1) + * 1 Spin Bit + * 1 * Reserved Bits + * 1 * Key Phase + * 1i0h * Packet Number Length + * i0hr? Long Packet Type + * i0h Type-Specific Bits + * i0hr Version (note: always 0 for Version Negotiation packets) + * 1i0hrv Destination Connection ID + * i0hrv Source Connection ID + * 1i0h * Packet Number + * i Token + * i0h Length + * r Retry Token + * r Retry Integrity Tag + * + * For each field below, the conditions under which the field is valid are + * specified. If a field is not currently valid, it is initialized to a zero or + * NULL value. + */ +typedef struct quic_pkt_hdr_st { + /* [ALL] A QUIC_PKT_TYPE_* value. Always valid. */ + unsigned int type :8; + + /* [S] Value of the spin bit. Valid if (type == 1RTT). */ + unsigned int spin_bit :1; + + /* + * [S] Value of the Key Phase bit in the short packet. + * Valid if (type == 1RTT && !partial). + */ + unsigned int key_phase :1; + + /* + * [1i0h] Length of packet number in bytes. This is the decoded value. + * Valid if ((type == 1RTT || (version && type != RETRY)) && !partial). + */ + unsigned int pn_len :4; + + /* + * [ALL] Set to 1 if this is a partial decode because the packet header + * has not yet been deprotected. pn_len, pn and key_phase are not valid if + * this is set. + */ + unsigned int partial :1; + + /* + * [ALL] Whether the fixed bit was set. Note that only Version Negotiation + * packets are allowed to have this unset, so this will always be 1 for all + * other packet types (decode will fail if it is not set). Ignored when + * encoding unless encoding a Version Negotiation packet. + */ + unsigned int fixed :1; + + /* + * The unused bits in the low 4 bits of a Retry packet header's first byte. + * This is used to ensure that Retry packets have the same bit-for-bit + * representation in their header when decoding and encoding them again. + * This is necessary to validate Retry packet headers. + */ + unsigned int unused :4; + + /* + * The 'Reserved' bits in an Initial, Handshake, 0-RTT or 1-RTT packet + * header's first byte. These are provided so that the caller can validate + * that they are zero, as this must be done after packet protection is + * successfully removed to avoid creating a timing channel. + */ + unsigned int reserved :2; + + /* [L] Version field. Valid if (type != 1RTT). */ + uint32_t version; + + /* [ALL] The destination connection ID. Always valid. */ + QUIC_CONN_ID dst_conn_id; + + /* + * [L] The source connection ID. + * Valid if (type != 1RTT). + */ + QUIC_CONN_ID src_conn_id; + + /* + * [1i0h] Relatively-encoded packet number in raw, encoded form. The correct + * decoding of this value is context-dependent. The number of bytes valid in + * this buffer is determined by pn_len above. If the decode was partial, + * this field is not valid. + * + * Valid if ((type == 1RTT || (version && type != RETRY)) && !partial). + */ + unsigned char pn[4]; + + /* + * [i] Token field in Initial packet. Points to memory inside the decoded + * PACKET, and therefore is valid for as long as the PACKET's buffer is + * valid. token_len is the length of the token in bytes. + * + * Valid if (type == INITIAL). + */ + const unsigned char *token; + size_t token_len; + + /* + * [ALL] Payload length in bytes. + * + * Though 1-RTT, Retry and Version Negotiation packets do not contain an + * explicit length field, this field is always valid and is used by the + * packet header encoding and decoding routines to describe the payload + * length, regardless of whether the packet type encoded or decoded uses an + * explicit length indication. + */ + size_t len; + + /* + * Pointer to start of payload data in the packet. Points to memory inside + * the decoded PACKET, and therefore is valid for as long as the PACKET'S + * buffer is valid. The length of the buffer in bytes is in len above. + * + * For Version Negotiation packets, points to the array of supported + * versions. + * + * For Retry packets, points to the Retry packet payload, which comprises + * the Retry Token followed by a 16-byte Retry Integrity Tag. + * + * Regardless of whether a packet is a Version Negotiation packet (where the + * payload contains a list of supported versions), a Retry packet (where the + * payload contains a Retry Token and Retry Integrity Tag), or any other + * packet type (where the payload contains frames), the payload is not + * validated and the user must parse the payload bearing this in mind. + * + * If the decode was partial (partial is set), this points to the start of + * the packet number field, rather than the protected payload, as the length + * of the packet number field is unknown. The len field reflects this in + * this case (i.e., the len field is the number of payload bytes plus the + * number of bytes comprising the PN). + */ + const unsigned char *data; +} QUIC_PKT_HDR; + +/* + * Extra information which can be output by the packet header decode functions + * for the assistance of the header protector. This avoids the header protector + * needing to partially re-decode the packet header. + */ +struct quic_pkt_hdr_ptrs_st { + unsigned char *raw_start; /* start of packet */ + unsigned char *raw_sample; /* start of sampling range */ + size_t raw_sample_len; /* maximum length of sampling range */ + + /* + * Start of PN field. Guaranteed to be NULL unless at least four bytes are + * available via this pointer. + */ + unsigned char *raw_pn; +}; + +/* + * If partial is 1, reads the unprotected parts of a protected packet header + * from a PACKET, performing a partial decode. + * + * If partial is 0, the input is assumed to have already had header protection + * removed, and all header fields are decoded. + * + * If nodata is 1, the input is assumed to have no payload data in it. Otherwise + * payload data must be present. + * + * On success, the logical decode of the packet header is written to *hdr. + * hdr->partial is set or cleared according to whether a partial decode was + * performed. *ptrs is filled with pointers to various parts of the packet + * buffer. + * + * In order to decode short packets, the connection ID length being used must be + * known contextually, and should be passed as short_conn_id_len. If + * short_conn_id_len is set to an invalid value (a value greater than + * QUIC_MAX_CONN_ID_LEN), this function fails when trying to decode a short + * packet, but succeeds for long packets. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_wire_decode_pkt_hdr(PACKET *pkt, + size_t short_conn_id_len, + int partial, + int nodata, + QUIC_PKT_HDR *hdr, + QUIC_PKT_HDR_PTRS *ptrs); + +/* + * Encodes a packet header. The packet is written to pkt. + * + * The length of the (encrypted) packet payload should be written to hdr->len + * and will be placed in the serialized packet header. The payload data itself + * is not copied; the caller should write hdr->len bytes of encrypted payload to + * the WPACKET immediately after the call to this function. However, + * WPACKET_reserve_bytes is called for the payload size. + * + * This function does not apply header protection. You must apply header + * protection yourself after calling this function. *ptrs is filled with + * pointers which can be passed to a header protector, but this must be + * performed after the encrypted payload is written. + * + * The pointers in *ptrs are direct pointers into the WPACKET buffer. If more + * data is written to the WPACKET buffer, WPACKET buffer reallocations may + * occur, causing these pointers to become invalid. Therefore, you must not call + * any write WPACKET function between this call and the call to + * ossl_quic_hdr_protector_encrypt. This function calls WPACKET_reserve_bytes + * for the payload length, so you may assume hdr->len bytes are already free to + * write at the WPACKET cursor location once this function returns successfully. + * It is recommended that you call this function, write the encrypted payload, + * call ossl_quic_hdr_protector_encrypt, and then call + * WPACKET_allocate_bytes(hdr->len). + * + * Version Negotiation and Retry packets do not use header protection; for these + * header types, the fields in *ptrs are all written as zero. Version + * Negotiation, Retry and 1-RTT packets do not contain a Length field, but + * hdr->len bytes of data are still reserved in the WPACKET. + * + * If serializing a short packet and short_conn_id_len does not match the DCID + * specified in hdr, the function fails. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_wire_encode_pkt_hdr(WPACKET *pkt, + size_t short_conn_id_len, + const QUIC_PKT_HDR *hdr, + QUIC_PKT_HDR_PTRS *ptrs); + +/* + * Retrieves only the DCID from a packet header. This is intended for demuxer + * use. It avoids the need to parse the rest of the packet header twice. + * + * Information on packet length is not decoded, as this only needs to be used on + * the first packet in a datagram, therefore this takes a buffer and not a + * PACKET. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_wire_get_pkt_hdr_dst_conn_id(const unsigned char *buf, + size_t buf_len, + size_t short_conn_id_len, + QUIC_CONN_ID *dst_conn_id); + +/* + * Precisely predicts the encoded length of a packet header structure. + * + * May return 0 if the packet header is not valid, but the fact that this + * function returns non-zero does not guarantee that + * ossl_quic_wire_encode_pkt_hdr() will succeed. + */ +int ossl_quic_wire_get_encoded_pkt_hdr_len(size_t short_conn_id_len, + const QUIC_PKT_HDR *hdr); + +/* + * Packet Number Encoding + * ====================== + */ + +/* + * Decode an encoded packet header QUIC PN. + * + * enc_pn is the raw encoded PN to decode. enc_pn_len is its length in bytes as + * indicated by packet headers. largest_pn is the largest PN successfully + * processed in the relevant PN space. + * + * The resulting PN is written to *res_pn. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_wire_decode_pkt_hdr_pn(const unsigned char *enc_pn, + size_t enc_pn_len, + QUIC_PN largest_pn, + QUIC_PN *res_pn); + +/* + * Determine how many bytes should be used to encode a PN. Returns the number of + * bytes (which will be in range [1, 4]). + */ +int ossl_quic_wire_determine_pn_len(QUIC_PN pn, QUIC_PN largest_acked); + +/* + * Encode a PN for a packet header using the specified number of bytes, which + * should have been determined by calling ossl_quic_wire_determine_pn_len. The + * PN encoding process is done in two parts to allow the caller to override PN + * encoding length if it wishes. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_wire_encode_pkt_hdr_pn(QUIC_PN pn, + unsigned char *enc_pn, + size_t enc_pn_len); + +/* + * Retry Integrity Tags + * ==================== + */ + +# define QUIC_RETRY_INTEGRITY_TAG_LEN 16 + +/* + * Validate a retry integrity tag. Returns 1 if the tag is valid. + * + * Must be called on a hdr with a type of QUIC_PKT_TYPE_RETRY with a valid data + * pointer. + * + * client_initial_dcid must be the original DCID used by the client in its first + * Initial packet, as this is used to calculate the Retry Integrity Tag. + * + * Returns 0 if the tag is invalid, if called on any other type of packet or if + * the body is too short. + */ +int ossl_quic_validate_retry_integrity_tag(OSSL_LIB_CTX *libctx, + const char *propq, + const QUIC_PKT_HDR *hdr, + const QUIC_CONN_ID *client_initial_dcid); + +/* + * Calculates a retry integrity tag. Returns 0 on error, for example if hdr does + * not have a type of QUIC_PKT_TYPE_RETRY. + * + * client_initial_dcid must be the original DCID used by the client in its first + * Initial packet, as this is used to calculate the Retry Integrity Tag. + * + * tag must point to a buffer of QUIC_RETRY_INTEGRITY_TAG_LEN bytes in size. + * + * Note that hdr->data must point to the Retry packet body, and hdr->len must + * include the space for the Retry Integrity Tag. (This means that you can + * easily fill in a tag in a Retry packet you are generating by calling this + * function and passing (hdr->data + hdr->len - QUIC_RETRY_INTEGRITY_TAG_LEN) as + * the tag argument.) This function fails if hdr->len is too short to contain a + * Retry Integrity Tag. + */ +int ossl_quic_calculate_retry_integrity_tag(OSSL_LIB_CTX *libctx, + const char *propq, + const QUIC_PKT_HDR *hdr, + const QUIC_CONN_ID *client_initial_dcid, + unsigned char *tag); + +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/rcu.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/rcu.h new file mode 100644 index 000000000000..90160e8da71d --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/rcu.h @@ -0,0 +1,33 @@ +/* + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RCU_H +# define OPENSSL_RCU_H +# pragma once + +#include "crypto/context.h" + +typedef void (*rcu_cb_fn)(void *data); + +typedef struct rcu_lock_st CRYPTO_RCU_LOCK; + +CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx); +void ossl_rcu_lock_free(CRYPTO_RCU_LOCK *lock); +void ossl_rcu_read_lock(CRYPTO_RCU_LOCK *lock); +void ossl_rcu_write_lock(CRYPTO_RCU_LOCK *lock); +void ossl_rcu_write_unlock(CRYPTO_RCU_LOCK *lock); +void ossl_rcu_read_unlock(CRYPTO_RCU_LOCK *lock); +void ossl_synchronize_rcu(CRYPTO_RCU_LOCK *lock); +int ossl_rcu_call(CRYPTO_RCU_LOCK *lock, rcu_cb_fn cb, void *data); +void *ossl_rcu_uptr_deref(void **p); +void ossl_rcu_assign_uptr(void **p, void **v); +#define ossl_rcu_deref(p) ossl_rcu_uptr_deref((void **)p) +#define ossl_rcu_assign_ptr(p,v) ossl_rcu_assign_uptr((void **)p, (void **)v) + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/recordmethod.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/recordmethod.h new file mode 100644 index 000000000000..53bd4ca6d2b1 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/recordmethod.h @@ -0,0 +1,339 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_RECORDMETHOD_H +# define OSSL_INTERNAL_RECORDMETHOD_H +# pragma once + +# include + +/* + * We use the term "record" here to refer to a packet of data. Records are + * typically protected via a cipher and MAC, or an AEAD cipher (although not + * always). This usage of the term record is consistent with the TLS concept. + * In QUIC the term "record" is not used but it is analogous to the QUIC term + * "packet". The interface in this file applies to all protocols that protect + * records/packets of data, i.e. (D)TLS and QUIC. The term record is used to + * refer to both contexts. + */ + +/* + * An OSSL_RECORD_METHOD is a protocol specific method which provides the + * functions for reading and writing records for that protocol. Which + * OSSL_RECORD_METHOD to use for a given protocol is defined by the SSL_METHOD. + */ +typedef struct ossl_record_method_st OSSL_RECORD_METHOD; + +/* + * An OSSL_RECORD_LAYER is just an externally defined opaque pointer created by + * the method + */ +typedef struct ossl_record_layer_st OSSL_RECORD_LAYER; + + +# define OSSL_RECORD_ROLE_CLIENT 0 +# define OSSL_RECORD_ROLE_SERVER 1 + +# define OSSL_RECORD_DIRECTION_READ 0 +# define OSSL_RECORD_DIRECTION_WRITE 1 + +/* + * Protection level. For <= TLSv1.2 only "NONE" and "APPLICATION" are used. + */ +# define OSSL_RECORD_PROTECTION_LEVEL_NONE 0 +# define OSSL_RECORD_PROTECTION_LEVEL_EARLY 1 +# define OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE 2 +# define OSSL_RECORD_PROTECTION_LEVEL_APPLICATION 3 + +# define OSSL_RECORD_RETURN_SUCCESS 1 +# define OSSL_RECORD_RETURN_RETRY 0 +# define OSSL_RECORD_RETURN_NON_FATAL_ERR -1 +# define OSSL_RECORD_RETURN_FATAL -2 +# define OSSL_RECORD_RETURN_EOF -3 + +/* + * Template for creating a record. A record consists of the |type| of data it + * will contain (e.g. alert, handshake, application data, etc) along with a + * buffer of payload data in |buf| of length |buflen|. + */ +struct ossl_record_template_st { + unsigned char type; + unsigned int version; + const unsigned char *buf; + size_t buflen; +}; + +typedef struct ossl_record_template_st OSSL_RECORD_TEMPLATE; + +/* + * Rather than a "method" approach, we could make this fetchable - Should we? + * There could be some complexity in finding suitable record layer implementations + * e.g. we need to find one that matches the negotiated protocol, cipher, + * extensions, etc. The selection_cb approach given above doesn't work so well + * if unknown third party providers with OSSL_RECORD_METHOD implementations are + * loaded. + */ + +/* + * If this becomes public API then we will need functions to create and + * free an OSSL_RECORD_METHOD, as well as functions to get/set the various + * function pointers....unless we make it fetchable. + */ +struct ossl_record_method_st { + /* + * Create a new OSSL_RECORD_LAYER object for handling the protocol version + * set by |vers|. |role| is 0 for client and 1 for server. |direction| + * indicates either read or write. |level| is the protection level as + * described above. |settings| are mandatory settings that will cause the + * new() call to fail if they are not understood (for example to require + * Encrypt-Then-Mac support). |options| are optional settings that will not + * cause the new() call to fail if they are not understood (for example + * whether to use "read ahead" or not). + * + * The BIO in |transport| is the BIO for the underlying transport layer. + * Where the direction is "read", then this BIO will only ever be used for + * reading data. Where the direction is "write", then this BIO will only + * every be used for writing data. + * + * An SSL object will always have at least 2 OSSL_RECORD_LAYER objects in + * force at any one time (one for reading and one for writing). In some + * protocols more than 2 might be used (e.g. in DTLS for retransmitting + * messages from an earlier epoch). + * + * The created OSSL_RECORD_LAYER object is stored in *ret on success (or + * NULL otherwise). The return value will be one of + * OSSL_RECORD_RETURN_SUCCESS, OSSL_RECORD_RETURN_FATAL or + * OSSL_RECORD_RETURN_NON_FATAL. A non-fatal return means that creation of + * the record layer has failed because it is unsuitable, but an alternative + * record layer can be tried instead. + */ + + /* + * If we eventually make this fetchable then we will need to use something + * other than EVP_CIPHER. Also mactype would not be a NID, but a string. For + * now though, this works. + */ + int (*new_record_layer)(OSSL_LIB_CTX *libctx, + const char *propq, int vers, + int role, int direction, + int level, + uint16_t epoch, + unsigned char *secret, + size_t secretlen, + unsigned char *key, + size_t keylen, + unsigned char *iv, + size_t ivlen, + unsigned char *mackey, + size_t mackeylen, + const EVP_CIPHER *ciph, + size_t taglen, + int mactype, + const EVP_MD *md, + COMP_METHOD *comp, + const EVP_MD *kdfdigest, + BIO *prev, + BIO *transport, + BIO *next, + BIO_ADDR *local, + BIO_ADDR *peer, + const OSSL_PARAM *settings, + const OSSL_PARAM *options, + const OSSL_DISPATCH *fns, + void *cbarg, + void *rlarg, + OSSL_RECORD_LAYER **ret); + int (*free)(OSSL_RECORD_LAYER *rl); + + /* Returns 1 if we have unprocessed data buffered or 0 otherwise */ + int (*unprocessed_read_pending)(OSSL_RECORD_LAYER *rl); + + /* + * Returns 1 if we have processed data buffered that can be read or 0 otherwise + * - not necessarily app data + */ + int (*processed_read_pending)(OSSL_RECORD_LAYER *rl); + + /* + * The amount of processed app data that is internally buffered and + * available to read + */ + size_t (*app_data_pending)(OSSL_RECORD_LAYER *rl); + + /* + * Find out the maximum number of records that the record layer is prepared + * to process in a single call to write_records. It is the caller's + * responsibility to ensure that no call to write_records exceeds this + * number of records. |type| is the type of the records that the caller + * wants to write, and |len| is the total amount of data that it wants + * to send. |maxfrag| is the maximum allowed fragment size based on user + * configuration, or TLS parameter negotiation. |*preffrag| contains on + * entry the default fragment size that will actually be used based on user + * configuration. This will always be less than or equal to |maxfrag|. On + * exit the record layer may update this to an alternative fragment size to + * be used. This must always be less than or equal to |maxfrag|. + */ + size_t (*get_max_records)(OSSL_RECORD_LAYER *rl, uint8_t type, size_t len, + size_t maxfrag, size_t *preffrag); + + /* + * Write |numtempl| records from the array of record templates pointed to + * by |templates|. Each record should be no longer than the value returned + * by get_max_record_len(), and there should be no more records than the + * value returned by get_max_records(). + * Where possible the caller will attempt to ensure that all records are the + * same length, except the last record. This may not always be possible so + * the record method implementation should not rely on this being the case. + * In the event of a retry the caller should call retry_write_records() + * to try again. No more calls to write_records() should be attempted until + * retry_write_records() returns success. + * Buffers allocated for the record templates can be freed immediately after + * write_records() returns - even in the case a retry. + * The record templates represent the plaintext payload. The encrypted + * output is written to the |transport| BIO. + * Returns: + * 1 on success + * 0 on retry + * -1 on failure + */ + int (*write_records)(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates, + size_t numtempl); + + /* + * Retry a previous call to write_records. The caller should continue to + * call this until the function returns with success or failure. After + * each retry more of the data may have been incrementally sent. + * Returns: + * 1 on success + * 0 on retry + * -1 on failure + */ + int (*retry_write_records)(OSSL_RECORD_LAYER *rl); + + /* + * Read a record and return the record layer version and record type in + * the |rversion| and |type| parameters. |*data| is set to point to a + * record layer buffer containing the record payload data and |*datalen| + * is filled in with the length of that data. The |epoch| and |seq_num| + * values are only used if DTLS has been negotiated. In that case they are + * filled in with the epoch and sequence number from the record. + * An opaque record layer handle for the record is returned in |*rechandle| + * which is used in a subsequent call to |release_record|. The buffer must + * remain available until all the bytes from record are released via one or + * more release_record calls. + * + * Internally the OSSL_RECORD_METHOD implementation may read/process + * multiple records in one go and buffer them. + */ + int (*read_record)(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion, + uint8_t *type, const unsigned char **data, size_t *datalen, + uint16_t *epoch, unsigned char *seq_num); + /* + * Release length bytes from a buffer associated with a record previously + * read with read_record. Once all the bytes from a record are released, the + * whole record and its associated buffer is released. Records are + * guaranteed to be released in the order that they are read. + */ + int (*release_record)(OSSL_RECORD_LAYER *rl, void *rechandle, size_t length); + + /* + * In the event that a fatal error is returned from the functions above then + * get_alert_code() can be called to obtain a more details identifier for + * the error. In (D)TLS this is the alert description code. + */ + int (*get_alert_code)(OSSL_RECORD_LAYER *rl); + + /* + * Update the transport BIO from the one originally set in the + * new_record_layer call + */ + int (*set1_bio)(OSSL_RECORD_LAYER *rl, BIO *bio); + + /* Called when protocol negotiation selects a protocol version to use */ + int (*set_protocol_version)(OSSL_RECORD_LAYER *rl, int version); + + /* + * Whether we are allowed to receive unencrypted alerts, even if we might + * otherwise expect encrypted records. Ignored by protocol versions where + * this isn't relevant + */ + void (*set_plain_alerts)(OSSL_RECORD_LAYER *rl, int allow); + + /* + * Called immediately after creation of the record layer if we are in a + * first handshake. Also called at the end of the first handshake + */ + void (*set_first_handshake)(OSSL_RECORD_LAYER *rl, int first); + + /* + * Set the maximum number of pipelines that the record layer should process. + * The default is 1. + */ + void (*set_max_pipelines)(OSSL_RECORD_LAYER *rl, size_t max_pipelines); + + /* + * Called to tell the record layer whether we are currently "in init" or + * not. Default at creation of the record layer is "yes". + */ + void (*set_in_init)(OSSL_RECORD_LAYER *rl, int in_init); + + /* + * Get a short or long human readable description of the record layer state + */ + void (*get_state)(OSSL_RECORD_LAYER *rl, const char **shortstr, + const char **longstr); + + /* + * Set new options or modify ones that were originally specified in the + * new_record_layer call. + */ + int (*set_options)(OSSL_RECORD_LAYER *rl, const OSSL_PARAM *options); + + const COMP_METHOD *(*get_compression)(OSSL_RECORD_LAYER *rl); + + /* + * Set the maximum fragment length to be used for the record layer. This + * will override any previous value supplied for the "max_frag_len" + * setting during construction of the record layer. + */ + void (*set_max_frag_len)(OSSL_RECORD_LAYER *rl, size_t max_frag_len); + + /* + * The maximum expansion in bytes that the record layer might add while + * writing a record + */ + size_t (*get_max_record_overhead)(OSSL_RECORD_LAYER *rl); + + /* + * Increment the record sequence number + */ + int (*increment_sequence_ctr)(OSSL_RECORD_LAYER *rl); + + /* + * Allocate read or write buffers. Does nothing if already allocated. + * Assumes default buffer length and 1 pipeline. + */ + int (*alloc_buffers)(OSSL_RECORD_LAYER *rl); + + /* + * Free read or write buffers. Fails if there is pending read or write + * data. Buffers are automatically reallocated on next read/write. + */ + int (*free_buffers)(OSSL_RECORD_LAYER *rl); +}; + + +/* Standard built-in record methods */ +extern const OSSL_RECORD_METHOD ossl_tls_record_method; +# ifndef OPENSSL_NO_KTLS +extern const OSSL_RECORD_METHOD ossl_ktls_record_method; +# endif +extern const OSSL_RECORD_METHOD ossl_dtls_record_method; + +#endif /* !defined(OSSL_INTERNAL_RECORDMETHOD_H) */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/refcount.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/refcount.h new file mode 100644 index 000000000000..0bab06122846 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/refcount.h @@ -0,0 +1,291 @@ +/* + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef OSSL_INTERNAL_REFCOUNT_H +# define OSSL_INTERNAL_REFCOUNT_H +# pragma once + +# include +# include +# include + +# if defined(OPENSSL_THREADS) && !defined(OPENSSL_DEV_NO_ATOMICS) +# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \ + && !defined(__STDC_NO_ATOMICS__) +# include +# define HAVE_C11_ATOMICS +# endif + +# if defined(HAVE_C11_ATOMICS) && defined(ATOMIC_INT_LOCK_FREE) \ + && ATOMIC_INT_LOCK_FREE > 0 + +# define HAVE_ATOMICS 1 + +typedef struct { + _Atomic int val; +} CRYPTO_REF_COUNT; + +static inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = atomic_fetch_add_explicit(&refcnt->val, 1, memory_order_relaxed) + 1; + return 1; +} + +/* + * Changes to shared structure other than reference counter have to be + * serialized. And any kind of serialization implies a release fence. This + * means that by the time reference counter is decremented all other + * changes are visible on all processors. Hence decrement itself can be + * relaxed. In case it hits zero, object will be destructed. Since it's + * last use of the object, destructor programmer might reason that access + * to mutable members doesn't have to be serialized anymore, which would + * otherwise imply an acquire fence. Hence conditional acquire fence... + */ +static inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = atomic_fetch_sub_explicit(&refcnt->val, 1, memory_order_relaxed) - 1; + if (*ret == 0) + atomic_thread_fence(memory_order_acquire); + return 1; +} + +static inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = atomic_load_explicit(&refcnt->val, memory_order_relaxed); + return 1; +} + +# elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) && __GCC_ATOMIC_INT_LOCK_FREE > 0 + +# define HAVE_ATOMICS 1 + +typedef struct { + int val; +} CRYPTO_REF_COUNT; + +static __inline__ int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = __atomic_fetch_add(&refcnt->val, 1, __ATOMIC_RELAXED) + 1; + return 1; +} + +static __inline__ int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = __atomic_fetch_sub(&refcnt->val, 1, __ATOMIC_RELAXED) - 1; + if (*ret == 0) + __atomic_thread_fence(__ATOMIC_ACQUIRE); + return 1; +} + +static __inline__ int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = __atomic_load_n(&refcnt->val, __ATOMIC_RELAXED); + return 1; +} + +# elif defined(__ICL) && defined(_WIN32) +# define HAVE_ATOMICS 1 + +typedef struct { + volatile int val; +} CRYPTO_REF_COUNT; + +static __inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = _InterlockedExchangeAdd((void *)&refcnt->val, 1) + 1; + return 1; +} + +static __inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = _InterlockedExchangeAdd((void *)&refcnt->val, -1) - 1; + return 1; +} + +static __inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = _InterlockedOr((void *)&refcnt->val, 0); + return 1; +} + +# elif defined(_MSC_VER) && _MSC_VER>=1200 + +# define HAVE_ATOMICS 1 + +typedef struct { + volatile int val; +} CRYPTO_REF_COUNT; + +# if (defined(_M_ARM) && _M_ARM>=7 && !defined(_WIN32_WCE)) || defined(_M_ARM64) +# include +# if defined(_M_ARM64) && !defined(_ARM_BARRIER_ISH) +# define _ARM_BARRIER_ISH _ARM64_BARRIER_ISH +# endif + +static __inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = _InterlockedExchangeAdd_nf(&refcnt->val, 1) + 1; + return 1; +} + +static __inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = _InterlockedExchangeAdd_nf(&refcnt->val, -1) - 1; + if (*ret == 0) + __dmb(_ARM_BARRIER_ISH); + return 1; +} + +static __inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = _InterlockedOr_nf((void *)&refcnt->val, 0); + return 1; +} + +# else +# if !defined(_WIN32_WCE) +# pragma intrinsic(_InterlockedExchangeAdd) +# else +# if _WIN32_WCE >= 0x600 + extern long __cdecl _InterlockedExchangeAdd(long volatile*, long); +# else + /* under Windows CE we still have old-style Interlocked* functions */ + extern long __cdecl InterlockedExchangeAdd(long volatile*, long); +# define _InterlockedExchangeAdd InterlockedExchangeAdd +# endif +# endif + +static __inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = _InterlockedExchangeAdd(&refcnt->val, 1) + 1; + return 1; +} + +static __inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = _InterlockedExchangeAdd(&refcnt->val, -1) - 1; + return 1; +} + +static __inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = _InterlockedExchangeAdd(&refcnt->val, 0); + return 1; +} + +# endif + +# endif +# endif /* !OPENSSL_DEV_NO_ATOMICS */ + +/* + * All the refcounting implementations above define HAVE_ATOMICS, so if it's + * still undefined here (such as when OPENSSL_DEV_NO_ATOMICS is defined), it + * means we need to implement a fallback. This fallback uses locks. + */ +# ifndef HAVE_ATOMICS + +typedef struct { + int val; +# ifdef OPENSSL_THREADS + CRYPTO_RWLOCK *lock; +# endif +} CRYPTO_REF_COUNT; + +# ifdef OPENSSL_THREADS + +static ossl_unused ossl_inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, + int *ret) +{ + return CRYPTO_atomic_add(&refcnt->val, 1, ret, refcnt->lock); +} + +static ossl_unused ossl_inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, + int *ret) +{ + return CRYPTO_atomic_add(&refcnt->val, -1, ret, refcnt->lock); +} + +static ossl_unused ossl_inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, + int *ret) +{ + return CRYPTO_atomic_load_int(&refcnt->val, ret, refcnt->lock); +} + +# define CRYPTO_NEW_FREE_DEFINED 1 +static ossl_unused ossl_inline int CRYPTO_NEW_REF(CRYPTO_REF_COUNT *refcnt, int n) +{ + refcnt->val = n; + refcnt->lock = CRYPTO_THREAD_lock_new(); + if (refcnt->lock == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_CRYPTO_LIB); + return 0; + } + return 1; +} + +static ossl_unused ossl_inline void CRYPTO_FREE_REF(CRYPTO_REF_COUNT *refcnt) \ +{ + if (refcnt != NULL) + CRYPTO_THREAD_lock_free(refcnt->lock); +} + +# else /* OPENSSL_THREADS */ + +static ossl_unused ossl_inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, + int *ret) +{ + refcnt->val++; + *ret = refcnt->val; + return 1; +} + +static ossl_unused ossl_inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, + int *ret) +{ + refcnt->val--; + *ret = refcnt->val; + return 1; +} + +static ossl_unused ossl_inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, + int *ret) +{ + *ret = refcnt->val; + return 1; +} + +# endif /* OPENSSL_THREADS */ +# endif + +# ifndef CRYPTO_NEW_FREE_DEFINED +static ossl_unused ossl_inline int CRYPTO_NEW_REF(CRYPTO_REF_COUNT *refcnt, int n) +{ + refcnt->val = n; + return 1; +} + +static ossl_unused ossl_inline void CRYPTO_FREE_REF(CRYPTO_REF_COUNT *refcnt) \ +{ +} +# endif /* CRYPTO_NEW_FREE_DEFINED */ +#undef CRYPTO_NEW_FREE_DEFINED + +# if !defined(NDEBUG) && !defined(OPENSSL_NO_STDIO) +# define REF_ASSERT_ISNT(test) \ + (void)((test) ? (OPENSSL_die("refcount error", __FILE__, __LINE__), 1) : 0) +# else +# define REF_ASSERT_ISNT(i) +# endif + +# define REF_PRINT_EX(text, count, object) \ + OSSL_TRACE3(REF_COUNT, "%p:%4d:%s\n", (object), (count), (text)); +# define REF_PRINT_COUNT(text, object) \ + REF_PRINT_EX(text, object->references.val, (void *)object) + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/ring_buf.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/ring_buf.h new file mode 100644 index 000000000000..436f1ca14628 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/ring_buf.h @@ -0,0 +1,277 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_RING_BUF_H +# define OSSL_INTERNAL_RING_BUF_H +# pragma once + +# include /* For 'ossl_inline' */ +# include "internal/safe_math.h" + +/* + * ================================================================== + * Byte-wise ring buffer which supports pushing and popping blocks of multiple + * bytes at a time. The logical offset of each byte for the purposes of a QUIC + * stream is tracked. Bytes can be popped from the ring buffer in two stages; + * first they are popped, and then they are culled. Bytes which have been popped + * but not yet culled will not be overwritten, and can be restored. + */ +struct ring_buf { + void *start; + size_t alloc; /* size of buffer allocation in bytes */ + + /* + * Logical offset of the head (where we append to). This is the current size + * of the QUIC stream. This increases monotonically. + */ + uint64_t head_offset; + + /* + * Logical offset of the cull tail. Data is no longer needed and is + * deallocated as the cull tail advances, which occurs as data is + * acknowledged. This increases monotonically. + */ + uint64_t ctail_offset; +}; + +OSSL_SAFE_MATH_UNSIGNED(u64, uint64_t) + +#define MAX_OFFSET (((uint64_t)1) << 62) /* QUIC-imposed limit */ + +static ossl_inline int ring_buf_init(struct ring_buf *r) +{ + r->start = NULL; + r->alloc = 0; + r->head_offset = r->ctail_offset = 0; + return 1; +} + +static ossl_inline void ring_buf_destroy(struct ring_buf *r, int cleanse) +{ + if (cleanse) + OPENSSL_clear_free(r->start, r->alloc); + else + OPENSSL_free(r->start); + r->start = NULL; + r->alloc = 0; +} + +static ossl_inline size_t ring_buf_used(struct ring_buf *r) +{ + return (size_t)(r->head_offset - r->ctail_offset); +} + +static ossl_inline size_t ring_buf_avail(struct ring_buf *r) +{ + return r->alloc - ring_buf_used(r); +} + +static ossl_inline int ring_buf_write_at(struct ring_buf *r, + uint64_t logical_offset, + const unsigned char *buf, + size_t buf_len) +{ + size_t avail, idx, l; + unsigned char *start = r->start; + int i, err = 0; + + avail = ring_buf_avail(r); + if (logical_offset < r->ctail_offset + || safe_add_u64(logical_offset, buf_len, &err) + > safe_add_u64(r->head_offset, avail, &err) + || safe_add_u64(r->head_offset, buf_len, &err) + > MAX_OFFSET + || err) + return 0; + + for (i = 0; buf_len > 0 && i < 2; ++i) { + idx = logical_offset % r->alloc; + l = r->alloc - idx; + if (buf_len < l) + l = buf_len; + + memcpy(start + idx, buf, l); + if (r->head_offset < logical_offset + l) + r->head_offset = logical_offset + l; + + logical_offset += l; + buf += l; + buf_len -= l; + } + + assert(buf_len == 0); + + return 1; +} + +static ossl_inline size_t ring_buf_push(struct ring_buf *r, + const unsigned char *buf, + size_t buf_len) +{ + size_t pushed = 0, avail, idx, l; + unsigned char *start = r->start; + + for (;;) { + avail = ring_buf_avail(r); + if (buf_len > avail) + buf_len = avail; + + if (buf_len > MAX_OFFSET - r->head_offset) + buf_len = (size_t)(MAX_OFFSET - r->head_offset); + + if (buf_len == 0) + break; + + idx = r->head_offset % r->alloc; + l = r->alloc - idx; + if (buf_len < l) + l = buf_len; + + memcpy(start + idx, buf, l); + r->head_offset += l; + buf += l; + buf_len -= l; + pushed += l; + } + + return pushed; +} + +static ossl_inline const unsigned char *ring_buf_get_ptr(const struct ring_buf *r, + uint64_t logical_offset, + size_t *max_len) +{ + unsigned char *start = r->start; + size_t idx; + + if (logical_offset >= r->head_offset || logical_offset < r->ctail_offset) + return NULL; + idx = logical_offset % r->alloc; + *max_len = r->alloc - idx; + return start + idx; +} + +/* + * Retrieves data out of the read side of the ring buffer starting at the given + * logical offset. *buf is set to point to a contiguous span of bytes and + * *buf_len is set to the number of contiguous bytes. After this function + * returns, there may or may not be more bytes available at the logical offset + * of (logical_offset + *buf_len) by calling this function again. If the logical + * offset is out of the range retained by the ring buffer, returns 0, else + * returns 1. A logical offset at the end of the range retained by the ring + * buffer is not considered an error and is returned with a *buf_len of 0. + * + * The ring buffer state is not changed. + */ +static ossl_inline int ring_buf_get_buf_at(const struct ring_buf *r, + uint64_t logical_offset, + const unsigned char **buf, + size_t *buf_len) +{ + const unsigned char *start = r->start; + size_t idx, l; + + if (logical_offset > r->head_offset || logical_offset < r->ctail_offset) + return 0; + + if (r->alloc == 0) { + *buf = NULL; + *buf_len = 0; + return 1; + } + + idx = logical_offset % r->alloc; + l = (size_t)(r->head_offset - logical_offset); + if (l > r->alloc - idx) + l = r->alloc - idx; + + *buf = start + idx; + *buf_len = l; + return 1; +} + +static ossl_inline void ring_buf_cpop_range(struct ring_buf *r, + uint64_t start, uint64_t end, + int cleanse) +{ + assert(end >= start); + + if (start > r->ctail_offset || end >= MAX_OFFSET) + return; + + if (cleanse && r->alloc > 0 && end > r->ctail_offset) { + size_t idx = r->ctail_offset % r->alloc; + uint64_t cleanse_end = end + 1; + size_t l; + + if (cleanse_end > r->head_offset) + cleanse_end = r->head_offset; + l = (size_t)(cleanse_end - r->ctail_offset); + if (l > r->alloc - idx) { + OPENSSL_cleanse((unsigned char *)r->start + idx, r->alloc - idx); + l -= r->alloc - idx; + idx = 0; + } + if (l > 0) + OPENSSL_cleanse((unsigned char *)r->start + idx, l); + } + + r->ctail_offset = end + 1; + /* Allow culling unpushed data */ + if (r->head_offset < r->ctail_offset) + r->head_offset = r->ctail_offset; +} + +static ossl_inline int ring_buf_resize(struct ring_buf *r, size_t num_bytes, + int cleanse) +{ + struct ring_buf rnew = {0}; + const unsigned char *src = NULL; + size_t src_len = 0, copied = 0; + + if (num_bytes == r->alloc) + return 1; + + if (num_bytes < ring_buf_used(r)) + return 0; + + rnew.start = OPENSSL_malloc(num_bytes); + if (rnew.start == NULL) + return 0; + + rnew.alloc = num_bytes; + rnew.head_offset = r->head_offset - ring_buf_used(r); + rnew.ctail_offset = rnew.head_offset; + + for (;;) { + if (!ring_buf_get_buf_at(r, r->ctail_offset + copied, &src, &src_len)) { + OPENSSL_free(rnew.start); + return 0; + } + + if (src_len == 0) + break; + + if (ring_buf_push(&rnew, src, src_len) != src_len) { + OPENSSL_free(rnew.start); + return 0; + } + + copied += src_len; + } + + assert(rnew.head_offset == r->head_offset); + rnew.ctail_offset = r->ctail_offset; + + ring_buf_destroy(r, cleanse); + memcpy(r, &rnew, sizeof(*r)); + return 1; +} + +#endif /* OSSL_INTERNAL_RING_BUF_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/safe_math.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/safe_math.h new file mode 100644 index 000000000000..be37e6ab882e --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/safe_math.h @@ -0,0 +1,443 @@ +/* + * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_SAFE_MATH_H +# define OSSL_INTERNAL_SAFE_MATH_H +# pragma once + +# include /* For 'ossl_inline' */ + +# ifndef OPENSSL_NO_BUILTIN_OVERFLOW_CHECKING +# ifdef __has_builtin +# define has(func) __has_builtin(func) +# elif __GNUC__ > 5 +# define has(func) 1 +# endif +# endif /* OPENSSL_NO_BUILTIN_OVERFLOW_CHECKING */ + +# ifndef has +# define has(func) 0 +# endif + +/* + * Safe addition helpers + */ +# if has(__builtin_add_overflow) +# define OSSL_SAFE_MATH_ADDS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_add_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + type r; \ + \ + if (!__builtin_add_overflow(a, b, &r)) \ + return r; \ + *err |= 1; \ + return a < 0 ? min : max; \ + } + +# define OSSL_SAFE_MATH_ADDU(type_name, type, max) \ + static ossl_inline ossl_unused type safe_add_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + type r; \ + \ + if (!__builtin_add_overflow(a, b, &r)) \ + return r; \ + *err |= 1; \ + return a + b; \ + } + +# else /* has(__builtin_add_overflow) */ +# define OSSL_SAFE_MATH_ADDS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_add_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if ((a < 0) ^ (b < 0) \ + || (a > 0 && b <= max - a) \ + || (a < 0 && b >= min - a) \ + || a == 0) \ + return a + b; \ + *err |= 1; \ + return a < 0 ? min : max; \ + } + +# define OSSL_SAFE_MATH_ADDU(type_name, type, max) \ + static ossl_inline ossl_unused type safe_add_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b > max - a) \ + *err |= 1; \ + return a + b; \ + } +# endif /* has(__builtin_add_overflow) */ + +/* + * Safe subtraction helpers + */ +# if has(__builtin_sub_overflow) +# define OSSL_SAFE_MATH_SUBS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_sub_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + type r; \ + \ + if (!__builtin_sub_overflow(a, b, &r)) \ + return r; \ + *err |= 1; \ + return a < 0 ? min : max; \ + } + +# else /* has(__builtin_sub_overflow) */ +# define OSSL_SAFE_MATH_SUBS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_sub_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (!((a < 0) ^ (b < 0)) \ + || (b > 0 && a >= min + b) \ + || (b < 0 && a <= max + b) \ + || b == 0) \ + return a - b; \ + *err |= 1; \ + return a < 0 ? min : max; \ + } + +# endif /* has(__builtin_sub_overflow) */ + +# define OSSL_SAFE_MATH_SUBU(type_name, type) \ + static ossl_inline ossl_unused type safe_sub_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b > a) \ + *err |= 1; \ + return a - b; \ + } + +/* + * Safe multiplication helpers + */ +# if has(__builtin_mul_overflow) +# define OSSL_SAFE_MATH_MULS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_mul_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + type r; \ + \ + if (!__builtin_mul_overflow(a, b, &r)) \ + return r; \ + *err |= 1; \ + return (a < 0) ^ (b < 0) ? min : max; \ + } + +# define OSSL_SAFE_MATH_MULU(type_name, type, max) \ + static ossl_inline ossl_unused type safe_mul_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + type r; \ + \ + if (!__builtin_mul_overflow(a, b, &r)) \ + return r; \ + *err |= 1; \ + return a * b; \ + } + +# else /* has(__builtin_mul_overflow) */ +# define OSSL_SAFE_MATH_MULS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_mul_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (a == 0 || b == 0) \ + return 0; \ + if (a == 1) \ + return b; \ + if (b == 1) \ + return a; \ + if (a != min && b != min) { \ + const type x = a < 0 ? -a : a; \ + const type y = b < 0 ? -b : b; \ + \ + if (x <= max / y) \ + return a * b; \ + } \ + *err |= 1; \ + return (a < 0) ^ (b < 0) ? min : max; \ + } + +# define OSSL_SAFE_MATH_MULU(type_name, type, max) \ + static ossl_inline ossl_unused type safe_mul_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b != 0 && a > max / b) \ + *err |= 1; \ + return a * b; \ + } +# endif /* has(__builtin_mul_overflow) */ + +/* + * Safe division helpers + */ +# define OSSL_SAFE_MATH_DIVS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_div_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b == 0) { \ + *err |= 1; \ + return a < 0 ? min : max; \ + } \ + if (b == -1 && a == min) { \ + *err |= 1; \ + return max; \ + } \ + return a / b; \ + } + +# define OSSL_SAFE_MATH_DIVU(type_name, type, max) \ + static ossl_inline ossl_unused type safe_div_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b != 0) \ + return a / b; \ + *err |= 1; \ + return max; \ + } + +/* + * Safe modulus helpers + */ +# define OSSL_SAFE_MATH_MODS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_mod_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b == 0) { \ + *err |= 1; \ + return 0; \ + } \ + if (b == -1 && a == min) { \ + *err |= 1; \ + return max; \ + } \ + return a % b; \ + } + +# define OSSL_SAFE_MATH_MODU(type_name, type) \ + static ossl_inline ossl_unused type safe_mod_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b != 0) \ + return a % b; \ + *err |= 1; \ + return 0; \ + } + +/* + * Safe negation helpers + */ +# define OSSL_SAFE_MATH_NEGS(type_name, type, min) \ + static ossl_inline ossl_unused type safe_neg_ ## type_name(type a, \ + int *err) \ + { \ + if (a != min) \ + return -a; \ + *err |= 1; \ + return min; \ + } + +# define OSSL_SAFE_MATH_NEGU(type_name, type) \ + static ossl_inline ossl_unused type safe_neg_ ## type_name(type a, \ + int *err) \ + { \ + if (a == 0) \ + return a; \ + *err |= 1; \ + return 1 + ~a; \ + } + +/* + * Safe absolute value helpers + */ +# define OSSL_SAFE_MATH_ABSS(type_name, type, min) \ + static ossl_inline ossl_unused type safe_abs_ ## type_name(type a, \ + int *err) \ + { \ + if (a != min) \ + return a < 0 ? -a : a; \ + *err |= 1; \ + return min; \ + } + +# define OSSL_SAFE_MATH_ABSU(type_name, type) \ + static ossl_inline ossl_unused type safe_abs_ ## type_name(type a, \ + int *err) \ + { \ + return a; \ + } + +/* + * Safe fused multiply divide helpers + * + * These are a bit obscure: + * . They begin by checking the denominator for zero and getting rid of this + * corner case. + * + * . Second is an attempt to do the multiplication directly, if it doesn't + * overflow, the quotient is returned (for signed values there is a + * potential problem here which isn't present for unsigned). + * + * . Finally, the multiplication/division is transformed so that the larger + * of the numerators is divided first. This requires a remainder + * correction: + * + * a b / c = (a / c) b + (a mod c) b / c, where a > b + * + * The individual operations need to be overflow checked (again signed + * being more problematic). + * + * The algorithm used is not perfect but it should be "good enough". + */ +# define OSSL_SAFE_MATH_MULDIVS(type_name, type, max) \ + static ossl_inline ossl_unused type safe_muldiv_ ## type_name(type a, \ + type b, \ + type c, \ + int *err) \ + { \ + int e2 = 0; \ + type q, r, x, y; \ + \ + if (c == 0) { \ + *err |= 1; \ + return a == 0 || b == 0 ? 0 : max; \ + } \ + x = safe_mul_ ## type_name(a, b, &e2); \ + if (!e2) \ + return safe_div_ ## type_name(x, c, err); \ + if (b > a) { \ + x = b; \ + b = a; \ + a = x; \ + } \ + q = safe_div_ ## type_name(a, c, err); \ + r = safe_mod_ ## type_name(a, c, err); \ + x = safe_mul_ ## type_name(r, b, err); \ + y = safe_mul_ ## type_name(q, b, err); \ + q = safe_div_ ## type_name(x, c, err); \ + return safe_add_ ## type_name(y, q, err); \ + } + +# define OSSL_SAFE_MATH_MULDIVU(type_name, type, max) \ + static ossl_inline ossl_unused type safe_muldiv_ ## type_name(type a, \ + type b, \ + type c, \ + int *err) \ + { \ + int e2 = 0; \ + type x, y; \ + \ + if (c == 0) { \ + *err |= 1; \ + return a == 0 || b == 0 ? 0 : max; \ + } \ + x = safe_mul_ ## type_name(a, b, &e2); \ + if (!e2) \ + return x / c; \ + if (b > a) { \ + x = b; \ + b = a; \ + a = x; \ + } \ + x = safe_mul_ ## type_name(a % c, b, err); \ + y = safe_mul_ ## type_name(a / c, b, err); \ + return safe_add_ ## type_name(y, x / c, err); \ + } + +/* + * Calculate a / b rounding up: + * i.e. a / b + (a % b != 0) + * Which is usually (less safely) converted to (a + b - 1) / b + * If you *know* that b != 0, then it's safe to ignore err. + */ +#define OSSL_SAFE_MATH_DIV_ROUND_UP(type_name, type, max) \ + static ossl_inline ossl_unused type safe_div_round_up_ ## type_name \ + (type a, type b, int *errp) \ + { \ + type x; \ + int *err, err_local = 0; \ + \ + /* Allow errors to be ignored by callers */ \ + err = errp != NULL ? errp : &err_local; \ + /* Fast path, both positive */ \ + if (b > 0 && a > 0) { \ + /* Faster path: no overflow concerns */ \ + if (a < max - b) \ + return (a + b - 1) / b; \ + return a / b + (a % b != 0); \ + } \ + if (b == 0) { \ + *err |= 1; \ + return a == 0 ? 0 : max; \ + } \ + if (a == 0) \ + return 0; \ + /* Rather slow path because there are negatives involved */ \ + x = safe_mod_ ## type_name(a, b, err); \ + return safe_add_ ## type_name(safe_div_ ## type_name(a, b, err), \ + x != 0, err); \ + } + +/* Calculate ranges of types */ +# define OSSL_SAFE_MATH_MINS(type) ((type)1 << (sizeof(type) * 8 - 1)) +# define OSSL_SAFE_MATH_MAXS(type) (~OSSL_SAFE_MATH_MINS(type)) +# define OSSL_SAFE_MATH_MAXU(type) (~(type)0) + +/* + * Wrapper macros to create all the functions of a given type + */ +# define OSSL_SAFE_MATH_SIGNED(type_name, type) \ + OSSL_SAFE_MATH_ADDS(type_name, type, OSSL_SAFE_MATH_MINS(type), \ + OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_SUBS(type_name, type, OSSL_SAFE_MATH_MINS(type), \ + OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_MULS(type_name, type, OSSL_SAFE_MATH_MINS(type), \ + OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_DIVS(type_name, type, OSSL_SAFE_MATH_MINS(type), \ + OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_MODS(type_name, type, OSSL_SAFE_MATH_MINS(type), \ + OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_DIV_ROUND_UP(type_name, type, \ + OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_MULDIVS(type_name, type, OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_NEGS(type_name, type, OSSL_SAFE_MATH_MINS(type)) \ + OSSL_SAFE_MATH_ABSS(type_name, type, OSSL_SAFE_MATH_MINS(type)) + +# define OSSL_SAFE_MATH_UNSIGNED(type_name, type) \ + OSSL_SAFE_MATH_ADDU(type_name, type, OSSL_SAFE_MATH_MAXU(type)) \ + OSSL_SAFE_MATH_SUBU(type_name, type) \ + OSSL_SAFE_MATH_MULU(type_name, type, OSSL_SAFE_MATH_MAXU(type)) \ + OSSL_SAFE_MATH_DIVU(type_name, type, OSSL_SAFE_MATH_MAXU(type)) \ + OSSL_SAFE_MATH_MODU(type_name, type) \ + OSSL_SAFE_MATH_DIV_ROUND_UP(type_name, type, \ + OSSL_SAFE_MATH_MAXU(type)) \ + OSSL_SAFE_MATH_MULDIVU(type_name, type, OSSL_SAFE_MATH_MAXU(type)) \ + OSSL_SAFE_MATH_NEGU(type_name, type) \ + OSSL_SAFE_MATH_ABSU(type_name, type) + +#endif /* OSSL_INTERNAL_SAFE_MATH_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/sha3.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/sha3.h new file mode 100644 index 000000000000..332916aa5473 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/sha3.h @@ -0,0 +1,63 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* This header can move into provider when legacy support is removed */ +#ifndef OSSL_INTERNAL_SHA3_H +# define OSSL_INTERNAL_SHA3_H +# pragma once + +# include +# include + +# define KECCAK1600_WIDTH 1600 +# define SHA3_MDSIZE(bitlen) (bitlen / 8) +# define KMAC_MDSIZE(bitlen) 2 * (bitlen / 8) +# define SHA3_BLOCKSIZE(bitlen) (KECCAK1600_WIDTH - bitlen * 2) / 8 + +typedef struct keccak_st KECCAK1600_CTX; + +typedef size_t (sha3_absorb_fn)(void *vctx, const void *in, size_t inlen); +typedef int (sha3_final_fn)(void *vctx, unsigned char *out, size_t outlen); +typedef int (sha3_squeeze_fn)(void *vctx, unsigned char *out, size_t outlen); + +typedef struct prov_sha3_meth_st +{ + sha3_absorb_fn *absorb; + sha3_final_fn *final; + sha3_squeeze_fn *squeeze; +} PROV_SHA3_METHOD; + +#define XOF_STATE_INIT 0 +#define XOF_STATE_ABSORB 1 +#define XOF_STATE_FINAL 2 +#define XOF_STATE_SQUEEZE 3 + +struct keccak_st { + uint64_t A[5][5]; + unsigned char buf[KECCAK1600_WIDTH / 8 - 32]; + size_t block_size; /* cached ctx->digest->block_size */ + size_t md_size; /* output length, variable in XOF */ + size_t bufsz; /* used bytes in below buffer */ + unsigned char pad; + PROV_SHA3_METHOD meth; + int xof_state; +}; + +void ossl_sha3_reset(KECCAK1600_CTX *ctx); +int ossl_sha3_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen); +int ossl_keccak_kmac_init(KECCAK1600_CTX *ctx, unsigned char pad, + size_t bitlen); +int ossl_sha3_update(KECCAK1600_CTX *ctx, const void *_inp, size_t len); +int ossl_sha3_final(KECCAK1600_CTX *ctx, unsigned char *out, size_t outlen); +int ossl_sha3_squeeze(KECCAK1600_CTX *ctx, unsigned char *out, size_t outlen); + +size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, + size_t r); + +#endif /* OSSL_INTERNAL_SHA3_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/sizes.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/sizes.h new file mode 100644 index 000000000000..f6496c818265 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/sizes.h @@ -0,0 +1,22 @@ +/* + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_SIZES_H +# define OSSL_INTERNAL_SIZES_H +# pragma once + +/* + * Max sizes used to allocate buffers with a fixed sizes, for example for + * stack allocations, structure fields, ... + */ +# define OSSL_MAX_NAME_SIZE 50 /* Algorithm name */ +# define OSSL_MAX_PROPQUERY_SIZE 256 /* Property query strings */ +# define OSSL_MAX_ALGORITHM_ID_SIZE 256 /* AlgorithmIdentifier DER */ + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/sm3.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/sm3.h new file mode 100644 index 000000000000..db1d61f0523c --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/sm3.h @@ -0,0 +1,39 @@ +/* + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 Ribose Inc. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* This header can move into provider when legacy support is removed */ +#ifndef OSSL_INTERNAL_SM3_H +# define OSSL_INTERNAL_SM3_H +# pragma once + +# include + +# ifdef OPENSSL_NO_SM3 +# error SM3 is disabled. +# endif + +# define SM3_DIGEST_LENGTH 32 +# define SM3_WORD unsigned int + +# define SM3_CBLOCK 64 +# define SM3_LBLOCK (SM3_CBLOCK/4) + +typedef struct SM3state_st { + SM3_WORD A, B, C, D, E, F, G, H; + SM3_WORD Nl, Nh; + SM3_WORD data[SM3_LBLOCK]; + unsigned int num; +} SM3_CTX; + +int ossl_sm3_init(SM3_CTX *c); +int ossl_sm3_update(SM3_CTX *c, const void *data, size_t len); +int ossl_sm3_final(unsigned char *md, SM3_CTX *c); + +#endif /* OSSL_INTERNAL_SM3_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/sockets.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/sockets.h new file mode 100644 index 000000000000..f51c1b075a44 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/sockets.h @@ -0,0 +1,211 @@ +/* + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_SOCKETS_H +# define OSSL_INTERNAL_SOCKETS_H +# pragma once + +# include + +# if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) +# define NO_SYS_PARAM_H +# endif +# ifdef WIN32 +# define NO_SYS_UN_H +# endif +# ifdef OPENSSL_SYS_VMS +# define NO_SYS_PARAM_H +# define NO_SYS_UN_H +# endif + +# ifdef OPENSSL_NO_SOCK + +# elif defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +# if defined(__DJGPP__) +# define WATT32 +# define WATT32_NO_OLDIES +# include +# include +# include +# include +# include +# include +# elif defined(_WIN32_WCE) && _WIN32_WCE<410 +# define getservbyname _masked_declaration_getservbyname +# endif +# if !defined(IPPROTO_IP) + /* winsock[2].h was included already? */ +# include +# endif +# ifdef getservbyname + /* this is used to be wcecompat/include/winsock_extras.h */ +# undef getservbyname +struct servent *PASCAL getservbyname(const char *, const char *); +# endif + +# ifdef _WIN64 +/* + * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because + * the value constitutes an index in per-process table of limited size + * and not a real pointer. And we also depend on fact that all processors + * Windows run on happen to be two's-complement, which allows to + * interchange INVALID_SOCKET and -1. + */ +# define socket(d,t,p) ((int)socket(d,t,p)) +# define accept(s,f,l) ((int)accept(s,f,l)) +# endif + +/* Windows have other names for shutdown() reasons */ +# ifndef SHUT_RD +# define SHUT_RD SD_RECEIVE +# endif +# ifndef SHUT_WR +# define SHUT_WR SD_SEND +# endif +# ifndef SHUT_RDWR +# define SHUT_RDWR SD_BOTH +# endif + +# else +# if defined(__APPLE__) + /* + * This must be defined before including to get + * IPV6_RECVPKTINFO + */ +# define __APPLE_USE_RFC_3542 +# endif + +# ifndef NO_SYS_PARAM_H +# include +# endif +# ifdef OPENSSL_SYS_VXWORKS +# include +# endif + +# include +# if defined(OPENSSL_SYS_VMS) +typedef size_t socklen_t; /* Currently appears to be missing on VMS */ +# endif +# if defined(OPENSSL_SYS_VMS_NODECC) +# include +# include +# include +# else +# include +# if !defined(NO_SYS_UN_H) && defined(AF_UNIX) && !defined(OPENSSL_NO_UNIX_SOCK) +# include +# ifndef UNIX_PATH_MAX +# define UNIX_PATH_MAX sizeof(((struct sockaddr_un *)NULL)->sun_path) +# endif +# endif +# ifdef FILIO_H +# include /* FIONBIO in some SVR4, e.g. unixware, solaris */ +# endif +# include +# include +# include +# endif + +# ifdef OPENSSL_SYS_AIX +# include +# endif + +# ifdef OPENSSL_SYS_UNIX +# ifndef OPENSSL_SYS_TANDEM +# include +# endif +# include +# endif + +# ifndef VMS +# include +# else +# if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000) + /* ioctl is only in VMS > 7.0 and when socketshr is not used */ +# include +# endif +# include +# if defined(TCPIP_TYPE_SOCKETSHR) +# include +# endif +# endif + +# ifndef INVALID_SOCKET +# define INVALID_SOCKET (-1) +# endif +# endif + +/* + * Some IPv6 implementations are broken, you can disable them in known + * bad versions. + */ +# if !defined(OPENSSL_USE_IPV6) +# if defined(AF_INET6) +# define OPENSSL_USE_IPV6 1 +# else +# define OPENSSL_USE_IPV6 0 +# endif +# endif + +/* + * Some platforms define AF_UNIX, but don't support it + */ +# if !defined(OPENSSL_NO_UNIX_SOCK) +# if !defined(AF_UNIX) || defined(NO_SYS_UN_H) +# define OPENSSL_NO_UNIX_SOCK +# endif +# endif + +# define get_last_socket_error() errno +# define clear_socket_error() errno=0 +# define get_last_socket_error_is_eintr() (get_last_socket_error() == EINTR) + +# if defined(OPENSSL_SYS_WINDOWS) +# undef get_last_socket_error +# undef clear_socket_error +# undef get_last_socket_error_is_eintr +# define get_last_socket_error() WSAGetLastError() +# define clear_socket_error() WSASetLastError(0) +# define get_last_socket_error_is_eintr() (get_last_socket_error() == WSAEINTR) +# define readsocket(s,b,n) recv((s),(b),(n),0) +# define writesocket(s,b,n) send((s),(b),(n),0) +# elif defined(__DJGPP__) +# define closesocket(s) close_s(s) +# define readsocket(s,b,n) read_s(s,b,n) +# define writesocket(s,b,n) send(s,b,n,0) +# elif defined(OPENSSL_SYS_VMS) +# define ioctlsocket(a,b,c) ioctl(a,b,c) +# define closesocket(s) close(s) +# define readsocket(s,b,n) recv((s),(b),(n),0) +# define writesocket(s,b,n) send((s),(b),(n),0) +# elif defined(OPENSSL_SYS_VXWORKS) +# define ioctlsocket(a,b,c) ioctl((a),(b),(int)(c)) +# define closesocket(s) close(s) +# define readsocket(s,b,n) read((s),(b),(n)) +# define writesocket(s,b,n) write((s),(char *)(b),(n)) +# elif defined(OPENSSL_SYS_TANDEM) +# define readsocket(s,b,n) read((s),(b),(n)) +# define writesocket(s,b,n) write((s),(b),(n)) +# define ioctlsocket(a,b,c) ioctl(a,b,c) +# define closesocket(s) close(s) +# else +# define ioctlsocket(a,b,c) ioctl(a,b,c) +# define closesocket(s) close(s) +# define readsocket(s,b,n) read((s),(b),(n)) +# define writesocket(s,b,n) write((s),(b),(n)) +# endif + +/* also in apps/include/apps.h */ +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE) +# define openssl_fdset(a, b) FD_SET((unsigned int)(a), b) +# else +# define openssl_fdset(a, b) FD_SET(a, b) +# endif + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/ssl.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/ssl.h new file mode 100644 index 000000000000..8a0c79749672 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/ssl.h @@ -0,0 +1,24 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#ifndef OSSL_INTERNAL_SSL_H +# define OSSL_INTERNAL_SSL_H +# pragma once + +typedef void (*ossl_msg_cb)(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); + +int ossl_ssl_get_error(const SSL *s, int i, int check_err); + +/* Set if this is the QUIC handshake layer */ +# define TLS1_FLAGS_QUIC 0x2000 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/ssl3_cbc.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/ssl3_cbc.h new file mode 100644 index 000000000000..4fb5da1906e2 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/ssl3_cbc.h @@ -0,0 +1,40 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +/* tls_pad.c */ +int ssl3_cbc_remove_padding_and_mac(size_t *reclen, + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + OSSL_LIB_CTX *libctx); + +int tls1_cbc_remove_padding_and_mac(size_t *reclen, + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + int aead, + OSSL_LIB_CTX *libctx); + +/* ssl3_cbc.c */ +__owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); +__owur int ssl3_cbc_digest_record(const EVP_MD *md, + unsigned char *md_out, + size_t *md_out_size, + const unsigned char *header, + const unsigned char *data, + size_t data_size, + size_t data_plus_mac_plus_padding_size, + const unsigned char *mac_secret, + size_t mac_secret_length, char is_sslv3); diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/sslconf.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/sslconf.h new file mode 100644 index 000000000000..fd7f7e333183 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/sslconf.h @@ -0,0 +1,21 @@ +/* + * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_SSLCONF_H +# define OSSL_INTERNAL_SSLCONF_H +# pragma once + +typedef struct ssl_conf_cmd_st SSL_CONF_CMD; + +const SSL_CONF_CMD *conf_ssl_get(size_t idx, const char **name, size_t *cnt); +int conf_ssl_name_find(const char *name, size_t *idx); +void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr, + char **arg); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/statem.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/statem.h new file mode 100644 index 000000000000..136e6523660a --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/statem.h @@ -0,0 +1,171 @@ +/* + * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef OSSL_INTERNAL_STATEM_H +# define OSSL_INTERNAL_STATEM_H + +/***************************************************************************** + * * + * These enums should be considered PRIVATE to the state machine. No * + * non-state machine code should need to use these * + * * + *****************************************************************************/ +/* + * Valid return codes used for functions performing work prior to or after + * sending or receiving a message + */ +typedef enum { + /* Something went wrong */ + WORK_ERROR, + /* We're done working and there shouldn't be anything else to do after */ + WORK_FINISHED_STOP, + /* We're done working move onto the next thing */ + WORK_FINISHED_CONTINUE, + /* We're working on phase A */ + WORK_MORE_A, + /* We're working on phase B */ + WORK_MORE_B, + /* We're working on phase C */ + WORK_MORE_C +} WORK_STATE; + +/* Write transition return codes */ +typedef enum { + /* Something went wrong */ + WRITE_TRAN_ERROR, + /* A transition was successfully completed and we should continue */ + WRITE_TRAN_CONTINUE, + /* There is no more write work to be done */ + WRITE_TRAN_FINISHED +} WRITE_TRAN; + +/* Message flow states */ +typedef enum { + /* No handshake in progress */ + MSG_FLOW_UNINITED, + /* A permanent error with this connection */ + MSG_FLOW_ERROR, + /* We are reading messages */ + MSG_FLOW_READING, + /* We are writing messages */ + MSG_FLOW_WRITING, + /* Handshake has finished */ + MSG_FLOW_FINISHED +} MSG_FLOW_STATE; + +/* Read states */ +typedef enum { + READ_STATE_HEADER, + READ_STATE_BODY, + READ_STATE_POST_PROCESS +} READ_STATE; + +/* Write states */ +typedef enum { + WRITE_STATE_TRANSITION, + WRITE_STATE_PRE_WORK, + WRITE_STATE_SEND, + WRITE_STATE_POST_WORK +} WRITE_STATE; + +typedef enum { + CON_FUNC_ERROR = 0, + CON_FUNC_SUCCESS, + CON_FUNC_DONT_SEND +} CON_FUNC_RETURN; + +typedef int (*ossl_statem_mutate_handshake_cb)(const unsigned char *msgin, + size_t inlen, + unsigned char **msgout, + size_t *outlen, + void *arg); + +typedef void (*ossl_statem_finish_mutate_handshake_cb)(void *arg); + +/***************************************************************************** + * * + * This structure should be considered "opaque" to anything outside of the * + * state machine. No non-state machine code should be accessing the members * + * of this structure. * + * * + *****************************************************************************/ + +struct ossl_statem_st { + MSG_FLOW_STATE state; + WRITE_STATE write_state; + WORK_STATE write_state_work; + READ_STATE read_state; + WORK_STATE read_state_work; + OSSL_HANDSHAKE_STATE hand_state; + /* The handshake state requested by an API call (e.g. HelloRequest) */ + OSSL_HANDSHAKE_STATE request_state; + int in_init; + int read_state_first_init; + /* true when we are actually in SSL_accept() or SSL_connect() */ + int in_handshake; + /* + * True when are processing a "real" handshake that needs cleaning up (not + * just a HelloRequest or similar). + */ + int cleanuphand; + /* Should we skip the CertificateVerify message? */ + unsigned int no_cert_verify; + int use_timer; + + /* Test harness message mutator callbacks */ + ossl_statem_mutate_handshake_cb mutate_handshake_cb; + ossl_statem_finish_mutate_handshake_cb finish_mutate_handshake_cb; + void *mutatearg; + unsigned int write_in_progress : 1; +}; +typedef struct ossl_statem_st OSSL_STATEM; + +/***************************************************************************** + * * + * The following macros/functions represent the libssl internal API to the * + * state machine. Any libssl code may call these functions/macros * + * * + *****************************************************************************/ + +typedef struct ssl_connection_st SSL_CONNECTION; + +__owur int ossl_statem_accept(SSL *s); +__owur int ossl_statem_connect(SSL *s); +OSSL_HANDSHAKE_STATE ossl_statem_get_state(SSL_CONNECTION *s); +void ossl_statem_clear(SSL_CONNECTION *s); +void ossl_statem_set_renegotiate(SSL_CONNECTION *s); +void ossl_statem_send_fatal(SSL_CONNECTION *s, int al); +void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason, + const char *fmt, ...); +# define SSLfatal_alert(s, al) ossl_statem_send_fatal((s), (al)) +# define SSLfatal(s, al, r) SSLfatal_data((s), (al), (r), NULL) +# define SSLfatal_data \ + (ERR_new(), \ + ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \ + ossl_statem_fatal) + +int ossl_statem_in_error(const SSL_CONNECTION *s); +void ossl_statem_set_in_init(SSL_CONNECTION *s, int init); +int ossl_statem_get_in_handshake(SSL_CONNECTION *s); +void ossl_statem_set_in_handshake(SSL_CONNECTION *s, int inhand); +__owur int ossl_statem_skip_early_data(SSL_CONNECTION *s); +void ossl_statem_check_finish_init(SSL_CONNECTION *s, int send); +void ossl_statem_set_hello_verify_done(SSL_CONNECTION *s); +__owur int ossl_statem_app_data_allowed(SSL_CONNECTION *s); +__owur int ossl_statem_export_allowed(SSL_CONNECTION *s); +__owur int ossl_statem_export_early_allowed(SSL_CONNECTION *s); + +/* Flush the write BIO */ +int statem_flush(SSL_CONNECTION *s); + +int ossl_statem_set_mutator(SSL *s, + ossl_statem_mutate_handshake_cb mutate_handshake_cb, + ossl_statem_finish_mutate_handshake_cb finish_mutate_handshake_cb, + void *mutatearg); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/symhacks.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/symhacks.h new file mode 100644 index 000000000000..33bae51e49cc --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/symhacks.h @@ -0,0 +1,27 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_SYMHACKS_H +# define OSSL_INTERNAL_SYMHACKS_H +# pragma once + +# include + +# if defined(OPENSSL_SYS_VMS) + +/* ossl_provider_gettable_params vs OSSL_PROVIDER_gettable_params */ +# undef ossl_provider_gettable_params +# define ossl_provider_gettable_params ossl_int_prov_gettable_params +/* ossl_provider_get_params vs OSSL_PROVIDER_get_params */ +# undef ossl_provider_get_params +# define ossl_provider_get_params ossl_int_prov_get_params + +# endif + +#endif /* ! defined HEADER_VMS_IDHACKS_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/thread.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/thread.h new file mode 100644 index 000000000000..8c5bad77635e --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/thread.h @@ -0,0 +1,39 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_INTERNAL_THREAD_H +# define OPENSSL_INTERNAL_THREAD_H +# include +# include +# include +# include +# include +# include "crypto/context.h" + +void *ossl_crypto_thread_start(OSSL_LIB_CTX *ctx, CRYPTO_THREAD_ROUTINE start, + void *data); +int ossl_crypto_thread_join(void *task, CRYPTO_THREAD_RETVAL *retval); +int ossl_crypto_thread_clean(void *vhandle); +uint64_t ossl_get_avail_threads(OSSL_LIB_CTX *ctx); + +# if defined(OPENSSL_THREADS) + +# define OSSL_LIB_CTX_GET_THREADS(CTX) \ + ossl_lib_ctx_get_data(CTX, OSSL_LIB_CTX_THREAD_INDEX); + +typedef struct openssl_threads_st { + uint64_t max_threads; + uint64_t active_threads; + CRYPTO_MUTEX *lock; + CRYPTO_CONDVAR *cond_finished; +} OSSL_LIB_CTX_THREADS; + +# endif /* defined(OPENSSL_THREADS) */ + +#endif /* OPENSSL_INTERNAL_THREAD_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/thread_arch.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/thread_arch.h new file mode 100644 index 000000000000..aba9362e8d6f --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/thread_arch.h @@ -0,0 +1,127 @@ +/* + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_THREAD_ARCH_H +# define OSSL_INTERNAL_THREAD_ARCH_H +# include +# include +# include "internal/time.h" + +# if defined(_WIN32) +# include +# endif + +# if defined(OPENSSL_THREADS) && defined(OPENSSL_SYS_UNIX) +# define OPENSSL_THREADS_POSIX +# elif defined(OPENSSL_THREADS) && defined(OPENSSL_SYS_VMS) +# define OPENSSL_THREADS_POSIX +# elif defined(OPENSSL_THREADS) && defined(OPENSSL_SYS_WINDOWS) && \ + defined(_WIN32_WINNT) +# if _WIN32_WINNT >= 0x0600 +# define OPENSSL_THREADS_WINNT +# elif _WIN32_WINNT >= 0x0501 +# define OPENSSL_THREADS_WINNT +# define OPENSSL_THREADS_WINNT_LEGACY +# else +# define OPENSSL_THREADS_NONE +# endif +# else +# define OPENSSL_THREADS_NONE +# endif + +# include + +typedef struct crypto_mutex_st CRYPTO_MUTEX; +typedef struct crypto_condvar_st CRYPTO_CONDVAR; + +CRYPTO_MUTEX *ossl_crypto_mutex_new(void); +void ossl_crypto_mutex_lock(CRYPTO_MUTEX *mutex); +int ossl_crypto_mutex_try_lock(CRYPTO_MUTEX *mutex); +void ossl_crypto_mutex_unlock(CRYPTO_MUTEX *mutex); +void ossl_crypto_mutex_free(CRYPTO_MUTEX **mutex); + +CRYPTO_CONDVAR *ossl_crypto_condvar_new(void); +void ossl_crypto_condvar_wait(CRYPTO_CONDVAR *cv, CRYPTO_MUTEX *mutex); +void ossl_crypto_condvar_wait_timeout(CRYPTO_CONDVAR *cv, CRYPTO_MUTEX *mutex, + OSSL_TIME deadline); +void ossl_crypto_condvar_broadcast(CRYPTO_CONDVAR *cv); +void ossl_crypto_condvar_signal(CRYPTO_CONDVAR *cv); +void ossl_crypto_condvar_free(CRYPTO_CONDVAR **cv); + +typedef uint32_t CRYPTO_THREAD_RETVAL; +typedef CRYPTO_THREAD_RETVAL (*CRYPTO_THREAD_ROUTINE)(void *); +typedef CRYPTO_THREAD_RETVAL (*CRYPTO_THREAD_ROUTINE_CB)(void *, + void (**)(void *), + void **); + +# define CRYPTO_THREAD_NO_STATE 0UL +# define CRYPTO_THREAD_FINISHED (1UL << 0) +# define CRYPTO_THREAD_JOIN_AWAIT (1UL << 1) +# define CRYPTO_THREAD_JOINED (1UL << 2) + +# define CRYPTO_THREAD_GET_STATE(THREAD, FLAG) ((THREAD)->state & (FLAG)) +# define CRYPTO_THREAD_GET_ERROR(THREAD, FLAG) (((THREAD)->state >> 16) & (FLAG)) + +typedef struct crypto_thread_st { + uint32_t state; + void *data; + CRYPTO_THREAD_ROUTINE routine; + CRYPTO_THREAD_RETVAL retval; + void *handle; + CRYPTO_MUTEX *lock; + CRYPTO_MUTEX *statelock; + CRYPTO_CONDVAR *condvar; + unsigned long thread_id; + int joinable; + OSSL_LIB_CTX *ctx; +} CRYPTO_THREAD; + +# if defined(OPENSSL_THREADS) + +# define CRYPTO_THREAD_UNSET_STATE(THREAD, FLAG) \ + do { \ + (THREAD)->state &= ~(FLAG); \ + } while ((void)0, 0) + +# define CRYPTO_THREAD_SET_STATE(THREAD, FLAG) \ + do { \ + (THREAD)->state |= (FLAG); \ + } while ((void)0, 0) + +# define CRYPTO_THREAD_SET_ERROR(THREAD, FLAG) \ + do { \ + (THREAD)->state |= ((FLAG) << 16); \ + } while ((void)0, 0) + +# define CRYPTO_THREAD_UNSET_ERROR(THREAD, FLAG) \ + do { \ + (THREAD)->state &= ~((FLAG) << 16); \ + } while ((void)0, 0) + +# else + +# define CRYPTO_THREAD_UNSET_STATE(THREAD, FLAG) +# define CRYPTO_THREAD_SET_STATE(THREAD, FLAG) +# define CRYPTO_THREAD_SET_ERROR(THREAD, FLAG) +# define CRYPTO_THREAD_UNSET_ERROR(THREAD, FLAG) + +# endif /* defined(OPENSSL_THREADS) */ + +CRYPTO_THREAD * ossl_crypto_thread_native_start(CRYPTO_THREAD_ROUTINE routine, + void *data, int joinable); +int ossl_crypto_thread_native_spawn(CRYPTO_THREAD *thread); +int ossl_crypto_thread_native_join(CRYPTO_THREAD *thread, + CRYPTO_THREAD_RETVAL *retval); +int ossl_crypto_thread_native_perform_join(CRYPTO_THREAD *thread, + CRYPTO_THREAD_RETVAL *retval); +int ossl_crypto_thread_native_exit(void); +int ossl_crypto_thread_native_is_self(CRYPTO_THREAD *thread); +int ossl_crypto_thread_native_clean(CRYPTO_THREAD *thread); + +#endif /* OSSL_INTERNAL_THREAD_ARCH_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/thread_once.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/thread_once.h new file mode 100644 index 000000000000..d6cb2eeec3bc --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/thread_once.h @@ -0,0 +1,151 @@ +/* + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_THREAD_ONCE_H +# define OSSL_INTERNAL_THREAD_ONCE_H +# pragma once + +# include + +/* + * Initialisation of global data should never happen via "RUN_ONCE" inside the + * FIPS module. Global data should instead always be associated with a specific + * OSSL_LIB_CTX object. In this way data will get cleaned up correctly when the + * module gets unloaded. + */ +# if !defined(FIPS_MODULE) || defined(ALLOW_RUN_ONCE_IN_FIPS) +/* + * DEFINE_RUN_ONCE: Define an initialiser function that should be run exactly + * once. It takes no arguments and returns an int result (1 for success or + * 0 for failure). Typical usage might be: + * + * DEFINE_RUN_ONCE(myinitfunc) + * { + * do_some_initialisation(); + * if (init_is_successful()) + * return 1; + * + * return 0; + * } + */ +# define DEFINE_RUN_ONCE(init) \ + static int init(void); \ + int init##_ossl_ret_ = 0; \ + void init##_ossl_(void) \ + { \ + init##_ossl_ret_ = init(); \ + } \ + static int init(void) + +/* + * DECLARE_RUN_ONCE: Declare an initialiser function that should be run exactly + * once that has been defined in another file via DEFINE_RUN_ONCE(). + */ +# define DECLARE_RUN_ONCE(init) \ + extern int init##_ossl_ret_; \ + void init##_ossl_(void); + +/* + * DEFINE_RUN_ONCE_STATIC: Define an initialiser function that should be run + * exactly once. This function will be declared as static within the file. It + * takes no arguments and returns an int result (1 for success or 0 for + * failure). Typical usage might be: + * + * DEFINE_RUN_ONCE_STATIC(myinitfunc) + * { + * do_some_initialisation(); + * if (init_is_successful()) + * return 1; + * + * return 0; + * } + */ +# define DEFINE_RUN_ONCE_STATIC(init) \ + static int init(void); \ + static int init##_ossl_ret_ = 0; \ + static void init##_ossl_(void) \ + { \ + init##_ossl_ret_ = init(); \ + } \ + static int init(void) + +/* + * DEFINE_RUN_ONCE_STATIC_ALT: Define an alternative initialiser function. This + * function will be declared as static within the file. It takes no arguments + * and returns an int result (1 for success or 0 for failure). An alternative + * initialiser function is expected to be associated with a primary initialiser + * function defined via DEFINE_ONCE_STATIC where both functions use the same + * CRYPTO_ONCE object to synchronise. Where an alternative initialiser function + * is used only one of the primary or the alternative initialiser function will + * ever be called - and that function will be called exactly once. Definition + * of an alternative initialiser function MUST occur AFTER the definition of the + * primary initialiser function. + * + * Typical usage might be: + * + * DEFINE_RUN_ONCE_STATIC(myinitfunc) + * { + * do_some_initialisation(); + * if (init_is_successful()) + * return 1; + * + * return 0; + * } + * + * DEFINE_RUN_ONCE_STATIC_ALT(myaltinitfunc, myinitfunc) + * { + * do_some_alternative_initialisation(); + * if (init_is_successful()) + * return 1; + * + * return 0; + * } + */ +# define DEFINE_RUN_ONCE_STATIC_ALT(initalt, init) \ + static int initalt(void); \ + static void initalt##_ossl_(void) \ + { \ + init##_ossl_ret_ = initalt(); \ + } \ + static int initalt(void) + +/* + * RUN_ONCE - use CRYPTO_THREAD_run_once, and check if the init succeeded + * @once: pointer to static object of type CRYPTO_ONCE + * @init: function name that was previously given to DEFINE_RUN_ONCE, + * DEFINE_RUN_ONCE_STATIC or DECLARE_RUN_ONCE. This function + * must return 1 for success or 0 for failure. + * + * The return value is 1 on success (*) or 0 in case of error. + * + * (*) by convention, since the init function must return 1 on success. + */ +# define RUN_ONCE(once, init) \ + (CRYPTO_THREAD_run_once(once, init##_ossl_) ? init##_ossl_ret_ : 0) + +/* + * RUN_ONCE_ALT - use CRYPTO_THREAD_run_once, to run an alternative initialiser + * function and check if that initialisation succeeded + * @once: pointer to static object of type CRYPTO_ONCE + * @initalt: alternative initialiser function name that was previously given to + * DEFINE_RUN_ONCE_STATIC_ALT. This function must return 1 for + * success or 0 for failure. + * @init: primary initialiser function name that was previously given to + * DEFINE_RUN_ONCE_STATIC. This function must return 1 for success or + * 0 for failure. + * + * The return value is 1 on success (*) or 0 in case of error. + * + * (*) by convention, since the init function must return 1 on success. + */ +# define RUN_ONCE_ALT(once, initalt, init) \ + (CRYPTO_THREAD_run_once(once, initalt##_ossl_) ? init##_ossl_ret_ : 0) + +# endif /* FIPS_MODULE */ +#endif /* OSSL_INTERNAL_THREAD_ONCE_H */ diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/time.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/time.h new file mode 100644 index 000000000000..14d724abf5aa --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/time.h @@ -0,0 +1,242 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_TIME_H +# define OSSL_INTERNAL_TIME_H +# pragma once + +# include /* uint64_t */ +# include "internal/e_os.h" /* for struct timeval */ +# include "internal/safe_math.h" + +/* + * Internal type defining a time. + * This should be treated as an opaque structure. + * + * The time datum is Unix's 1970 and at nanosecond precision, this gives + * a range of 584 years roughly. + */ +typedef struct { + uint64_t t; /* Ticks since the epoch */ +} OSSL_TIME; + +/* The precision of times allows this many values per second */ +# define OSSL_TIME_SECOND ((uint64_t)1000000000) + +/* One millisecond. */ +# define OSSL_TIME_MS (OSSL_TIME_SECOND / 1000) + +/* One microsecond. */ +# define OSSL_TIME_US (OSSL_TIME_MS / 1000) + +/* One nanosecond. */ +# define OSSL_TIME_NS (OSSL_TIME_US / 1000) + +#define ossl_seconds2time(s) ossl_ticks2time((s) * OSSL_TIME_SECOND) +#define ossl_time2seconds(t) (ossl_time2ticks(t) / OSSL_TIME_SECOND) +#define ossl_ms2time(ms) ossl_ticks2time((ms) * OSSL_TIME_MS) +#define ossl_time2ms(t) (ossl_time2ticks(t) / OSSL_TIME_MS) +#define ossl_us2time(us) ossl_ticks2time((us) * OSSL_TIME_US) +#define ossl_time2us(t) (ossl_time2ticks(t) / OSSL_TIME_US) + +/* + * Arithmetic operations on times. + * These operations are saturating, in that an overflow or underflow returns + * the largest or smallest value respectively. + */ +OSSL_SAFE_MATH_UNSIGNED(time, uint64_t) + +/* Convert a tick count into a time */ +static ossl_unused ossl_inline +OSSL_TIME ossl_ticks2time(uint64_t ticks) +{ + OSSL_TIME r; + + r.t = ticks; + return r; +} + +/* Convert a time to a tick count */ +static ossl_unused ossl_inline +uint64_t ossl_time2ticks(OSSL_TIME t) +{ + return t.t; +} + +/* Get current time */ +OSSL_TIME ossl_time_now(void); + +/* The beginning and end of the time range */ +static ossl_unused ossl_inline +OSSL_TIME ossl_time_zero(void) +{ + return ossl_ticks2time(0); +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_time_infinite(void) +{ + return ossl_ticks2time(~(uint64_t)0); +} + + +/* Convert time to timeval */ +static ossl_unused ossl_inline +struct timeval ossl_time_to_timeval(OSSL_TIME t) +{ + struct timeval tv; + int err = 0; + + /* + * Round up any nano secs which struct timeval doesn't support. Ensures that + * we never return a zero time if the input time is non zero + */ + t.t = safe_add_time(t.t, OSSL_TIME_US - 1, &err); + if (err) + t = ossl_time_infinite(); + +#ifdef _WIN32 + tv.tv_sec = (long int)(t.t / OSSL_TIME_SECOND); +#else + tv.tv_sec = (time_t)(t.t / OSSL_TIME_SECOND); +#endif + tv.tv_usec = (t.t % OSSL_TIME_SECOND) / OSSL_TIME_US; + return tv; +} + +/* Convert timeval to time */ +static ossl_unused ossl_inline +OSSL_TIME ossl_time_from_timeval(struct timeval tv) +{ + OSSL_TIME t; + +#ifndef __DJGPP__ /* tv_sec is unsigned on djgpp. */ + if (tv.tv_sec < 0) + return ossl_time_zero(); +#endif + t.t = tv.tv_sec * OSSL_TIME_SECOND + tv.tv_usec * OSSL_TIME_US; + return t; +} + +/* Convert OSSL_TIME to time_t */ +static ossl_unused ossl_inline +time_t ossl_time_to_time_t(OSSL_TIME t) +{ + return (time_t)(t.t / OSSL_TIME_SECOND); +} + +/* Convert time_t to OSSL_TIME */ +static ossl_unused ossl_inline +OSSL_TIME ossl_time_from_time_t(time_t t) +{ + OSSL_TIME ot; + + ot.t = t; + ot.t *= OSSL_TIME_SECOND; + return ot; +} + +/* Compare two time values, return -1 if less, 1 if greater and 0 if equal */ +static ossl_unused ossl_inline +int ossl_time_compare(OSSL_TIME a, OSSL_TIME b) +{ + if (a.t > b.t) + return 1; + if (a.t < b.t) + return -1; + return 0; +} + +/* Returns true if an OSSL_TIME is ossl_time_zero(). */ +static ossl_unused ossl_inline +int ossl_time_is_zero(OSSL_TIME t) +{ + return ossl_time_compare(t, ossl_time_zero()) == 0; +} + +/* Returns true if an OSSL_TIME is ossl_time_infinite(). */ +static ossl_unused ossl_inline +int ossl_time_is_infinite(OSSL_TIME t) +{ + return ossl_time_compare(t, ossl_time_infinite()) == 0; +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_time_add(OSSL_TIME a, OSSL_TIME b) +{ + OSSL_TIME r; + int err = 0; + + r.t = safe_add_time(a.t, b.t, &err); + return err ? ossl_time_infinite() : r; +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_time_subtract(OSSL_TIME a, OSSL_TIME b) +{ + OSSL_TIME r; + int err = 0; + + r.t = safe_sub_time(a.t, b.t, &err); + return err ? ossl_time_zero() : r; +} + +/* Returns |a - b|. */ +static ossl_unused ossl_inline +OSSL_TIME ossl_time_abs_difference(OSSL_TIME a, OSSL_TIME b) +{ + return a.t > b.t ? ossl_time_subtract(a, b) + : ossl_time_subtract(b, a); +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_time_multiply(OSSL_TIME a, uint64_t b) +{ + OSSL_TIME r; + int err = 0; + + r.t = safe_mul_time(a.t, b, &err); + return err ? ossl_time_infinite() : r; +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_time_divide(OSSL_TIME a, uint64_t b) +{ + OSSL_TIME r; + int err = 0; + + r.t = safe_div_time(a.t, b, &err); + return err ? ossl_time_zero() : r; +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_time_muldiv(OSSL_TIME a, uint64_t b, uint64_t c) +{ + OSSL_TIME r; + int err = 0; + + r.t = safe_muldiv_time(a.t, b, c, &err); + return err ? ossl_time_zero() : r; +} + +/* Return higher of the two given time values. */ +static ossl_unused ossl_inline +OSSL_TIME ossl_time_max(OSSL_TIME a, OSSL_TIME b) +{ + return a.t > b.t ? a : b; +} + +/* Return the lower of the two given time values. */ +static ossl_unused ossl_inline +OSSL_TIME ossl_time_min(OSSL_TIME a, OSSL_TIME b) +{ + return a.t < b.t ? a : b; +} + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/tlsgroups.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/tlsgroups.h new file mode 100644 index 000000000000..73fb53bc5ff8 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/tlsgroups.h @@ -0,0 +1,60 @@ +/* + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_TLSGROUPS_H +# define OSSL_INTERNAL_TLSGROUPS_H +# pragma once + +# define OSSL_TLS_GROUP_ID_sect163k1 0x0001 +# define OSSL_TLS_GROUP_ID_sect163r1 0x0002 +# define OSSL_TLS_GROUP_ID_sect163r2 0x0003 +# define OSSL_TLS_GROUP_ID_sect193r1 0x0004 +# define OSSL_TLS_GROUP_ID_sect193r2 0x0005 +# define OSSL_TLS_GROUP_ID_sect233k1 0x0006 +# define OSSL_TLS_GROUP_ID_sect233r1 0x0007 +# define OSSL_TLS_GROUP_ID_sect239k1 0x0008 +# define OSSL_TLS_GROUP_ID_sect283k1 0x0009 +# define OSSL_TLS_GROUP_ID_sect283r1 0x000A +# define OSSL_TLS_GROUP_ID_sect409k1 0x000B +# define OSSL_TLS_GROUP_ID_sect409r1 0x000C +# define OSSL_TLS_GROUP_ID_sect571k1 0x000D +# define OSSL_TLS_GROUP_ID_sect571r1 0x000E +# define OSSL_TLS_GROUP_ID_secp160k1 0x000F +# define OSSL_TLS_GROUP_ID_secp160r1 0x0010 +# define OSSL_TLS_GROUP_ID_secp160r2 0x0011 +# define OSSL_TLS_GROUP_ID_secp192k1 0x0012 +# define OSSL_TLS_GROUP_ID_secp192r1 0x0013 +# define OSSL_TLS_GROUP_ID_secp224k1 0x0014 +# define OSSL_TLS_GROUP_ID_secp224r1 0x0015 +# define OSSL_TLS_GROUP_ID_secp256k1 0x0016 +# define OSSL_TLS_GROUP_ID_secp256r1 0x0017 +# define OSSL_TLS_GROUP_ID_secp384r1 0x0018 +# define OSSL_TLS_GROUP_ID_secp521r1 0x0019 +# define OSSL_TLS_GROUP_ID_brainpoolP256r1 0x001A +# define OSSL_TLS_GROUP_ID_brainpoolP384r1 0x001B +# define OSSL_TLS_GROUP_ID_brainpoolP512r1 0x001C +# define OSSL_TLS_GROUP_ID_x25519 0x001D +# define OSSL_TLS_GROUP_ID_x448 0x001E +# define OSSL_TLS_GROUP_ID_brainpoolP256r1_tls13 0x001F +# define OSSL_TLS_GROUP_ID_brainpoolP384r1_tls13 0x0020 +# define OSSL_TLS_GROUP_ID_brainpoolP512r1_tls13 0x0021 +# define OSSL_TLS_GROUP_ID_gc256A 0x0022 +# define OSSL_TLS_GROUP_ID_gc256B 0x0023 +# define OSSL_TLS_GROUP_ID_gc256C 0x0024 +# define OSSL_TLS_GROUP_ID_gc256D 0x0025 +# define OSSL_TLS_GROUP_ID_gc512A 0x0026 +# define OSSL_TLS_GROUP_ID_gc512B 0x0027 +# define OSSL_TLS_GROUP_ID_gc512C 0x0028 +# define OSSL_TLS_GROUP_ID_ffdhe2048 0x0100 +# define OSSL_TLS_GROUP_ID_ffdhe3072 0x0101 +# define OSSL_TLS_GROUP_ID_ffdhe4096 0x0102 +# define OSSL_TLS_GROUP_ID_ffdhe6144 0x0103 +# define OSSL_TLS_GROUP_ID_ffdhe8192 0x0104 + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/tsan_assist.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/tsan_assist.h new file mode 100644 index 000000000000..a840df0b24ce --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/tsan_assist.h @@ -0,0 +1,153 @@ +/* + * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Contemporary compilers implement lock-free atomic memory access + * primitives that facilitate writing "thread-opportunistic" or even real + * multi-threading low-overhead code. "Thread-opportunistic" is when + * exact result is not required, e.g. some statistics, or execution flow + * doesn't have to be unambiguous. Simplest example is lazy "constant" + * initialization when one can synchronize on variable itself, e.g. + * + * if (var == NOT_YET_INITIALIZED) + * var = function_returning_same_value(); + * + * This does work provided that loads and stores are single-instruction + * operations (and integer ones are on *all* supported platforms), but + * it upsets Thread Sanitizer. Suggested solution is + * + * if (tsan_load(&var) == NOT_YET_INITIALIZED) + * tsan_store(&var, function_returning_same_value()); + * + * Production machine code would be the same, so one can wonder why + * bother. Having Thread Sanitizer accept "thread-opportunistic" code + * allows to move on trouble-shooting real bugs. + * + * Resolving Thread Sanitizer nits was the initial purpose for this module, + * but it was later extended with more nuanced primitives that are useful + * even in "non-opportunistic" scenarios. Most notably verifying if a shared + * structure is fully initialized and bypassing the initialization lock. + * It's suggested to view macros defined in this module as "annotations" for + * thread-safe lock-free code, "Thread-Safe ANnotations"... + * + * It's assumed that ATOMIC_{LONG|INT}_LOCK_FREE are assigned same value as + * ATOMIC_POINTER_LOCK_FREE. And check for >= 2 ensures that corresponding + * code is inlined. It should be noted that statistics counters become + * accurate in such case. + * + * Special note about TSAN_QUALIFIER. It might be undesired to use it in + * a shared header. Because whether operation on specific variable or member + * is atomic or not might be irrelevant in other modules. In such case one + * can use TSAN_QUALIFIER in cast specifically when it has to count. + */ + +#ifndef OSSL_INTERNAL_TSAN_ASSIST_H +# define OSSL_INTERNAL_TSAN_ASSIST_H +# pragma once + +# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \ + && !defined(__STDC_NO_ATOMICS__) +# include + +# if defined(ATOMIC_POINTER_LOCK_FREE) \ + && ATOMIC_POINTER_LOCK_FREE >= 2 +# define TSAN_QUALIFIER _Atomic +# define tsan_load(ptr) atomic_load_explicit((ptr), memory_order_relaxed) +# define tsan_store(ptr, val) atomic_store_explicit((ptr), (val), memory_order_relaxed) +# define tsan_add(ptr, n) atomic_fetch_add_explicit((ptr), (n), memory_order_relaxed) +# define tsan_ld_acq(ptr) atomic_load_explicit((ptr), memory_order_acquire) +# define tsan_st_rel(ptr, val) atomic_store_explicit((ptr), (val), memory_order_release) +# endif + +# elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) + +# if defined(__GCC_ATOMIC_POINTER_LOCK_FREE) \ + && __GCC_ATOMIC_POINTER_LOCK_FREE >= 2 +# define TSAN_QUALIFIER volatile +# define tsan_load(ptr) __atomic_load_n((ptr), __ATOMIC_RELAXED) +# define tsan_store(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELAXED) +# define tsan_add(ptr, n) __atomic_fetch_add((ptr), (n), __ATOMIC_RELAXED) +# define tsan_ld_acq(ptr) __atomic_load_n((ptr), __ATOMIC_ACQUIRE) +# define tsan_st_rel(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELEASE) +# endif + +# elif defined(_MSC_VER) && _MSC_VER>=1200 \ + && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(_M_ARM64) || (defined(_M_ARM) && _M_ARM >= 7 && !defined(_WIN32_WCE))) +/* + * There is subtle dependency on /volatile: command-line option. + * "ms" implies same semantic as memory_order_acquire for loads and + * memory_order_release for stores, while "iso" - memory_order_relaxed for + * either. Real complication is that defaults are different on x86 and ARM. + * There is explanation for that, "ms" is backward compatible with earlier + * compiler versions, while multi-processor ARM can be viewed as brand new + * platform to MSC and its users, and with non-relaxed semantic taking toll + * with additional instructions and penalties, it kind of makes sense to + * default to "iso"... + */ +# define TSAN_QUALIFIER volatile +# if defined(_M_ARM) || defined(_M_ARM64) +# define _InterlockedExchangeAdd _InterlockedExchangeAdd_nf +# pragma intrinsic(_InterlockedExchangeAdd_nf) +# pragma intrinsic(__iso_volatile_load32, __iso_volatile_store32) +# ifdef _WIN64 +# define _InterlockedExchangeAdd64 _InterlockedExchangeAdd64_nf +# pragma intrinsic(_InterlockedExchangeAdd64_nf) +# pragma intrinsic(__iso_volatile_load64, __iso_volatile_store64) +# define tsan_load(ptr) (sizeof(*(ptr)) == 8 ? __iso_volatile_load64(ptr) \ + : __iso_volatile_load32(ptr)) +# define tsan_store(ptr, val) (sizeof(*(ptr)) == 8 ? __iso_volatile_store64((ptr), (val)) \ + : __iso_volatile_store32((ptr), (val))) +# else +# define tsan_load(ptr) __iso_volatile_load32(ptr) +# define tsan_store(ptr, val) __iso_volatile_store32((ptr), (val)) +# endif +# else +# define tsan_load(ptr) (*(ptr)) +# define tsan_store(ptr, val) (*(ptr) = (val)) +# endif +# pragma intrinsic(_InterlockedExchangeAdd) +# ifdef _WIN64 +# pragma intrinsic(_InterlockedExchangeAdd64) +# define tsan_add(ptr, n) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), (n)) \ + : _InterlockedExchangeAdd((ptr), (n))) +# else +# define tsan_add(ptr, n) _InterlockedExchangeAdd((ptr), (n)) +# endif +# if !defined(_ISO_VOLATILE) +# define tsan_ld_acq(ptr) (*(ptr)) +# define tsan_st_rel(ptr, val) (*(ptr) = (val)) +# endif + +# endif + +# ifndef TSAN_QUALIFIER + +# ifdef OPENSSL_THREADS +# define TSAN_QUALIFIER volatile +# define TSAN_REQUIRES_LOCKING +# else /* OPENSSL_THREADS */ +# define TSAN_QUALIFIER +# endif /* OPENSSL_THREADS */ + +# define tsan_load(ptr) (*(ptr)) +# define tsan_store(ptr, val) (*(ptr) = (val)) +# define tsan_add(ptr, n) (*(ptr) += (n)) +/* + * Lack of tsan_ld_acq and tsan_ld_rel means that compiler support is not + * sophisticated enough to support them. Code that relies on them should be + * protected with #ifdef tsan_ld_acq with locked fallback. + */ + +# endif + +# define tsan_counter(ptr) tsan_add((ptr), 1) +# define tsan_decr(ptr) tsan_add((ptr), -1) + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/uint_set.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/uint_set.h new file mode 100644 index 000000000000..dcb29b33f3cc --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/uint_set.h @@ -0,0 +1,63 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef OSSL_UINT_SET_H +# define OSSL_UINT_SET_H + +#include "openssl/params.h" +#include "internal/list.h" + +/* + * uint64_t Integer Sets + * ===================== + * + * Utilities for managing a logical set of unsigned 64-bit integers. The + * structure tracks each contiguous range of integers using one allocation and + * is thus optimised for cases where integers tend to appear consecutively. + * Queries are optimised under the assumption that they will generally be made + * on integers near the end of the set. + * + * Discussion of implementation details can be found in uint_set.c. + */ +typedef struct uint_range_st { + uint64_t start, end; +} UINT_RANGE; + +typedef struct uint_set_item_st UINT_SET_ITEM; +struct uint_set_item_st { + OSSL_LIST_MEMBER(uint_set, UINT_SET_ITEM); + UINT_RANGE range; +}; + +DEFINE_LIST_OF(uint_set, UINT_SET_ITEM); + +typedef OSSL_LIST(uint_set) UINT_SET; + +void ossl_uint_set_init(UINT_SET *s); +void ossl_uint_set_destroy(UINT_SET *s); + +/* + * Insert a range into a integer set. Returns 0 on allocation failure, in which + * case the integer set is in a valid but undefined state. Otherwise, returns 1. + * Ranges can overlap existing ranges without limitation. If a range is a subset + * of an existing range in the set, this is a no-op and returns 1. + */ +int ossl_uint_set_insert(UINT_SET *s, const UINT_RANGE *range); + +/* + * Remove a range from the set. Returns 0 on allocation failure, in which case + * the integer set is unchanged. Otherwise, returns 1. Ranges which are not + * already in the set can be removed without issue. If a passed range is not in + * the integer set at all, this is a no-op and returns 1. + */ +int ossl_uint_set_remove(UINT_SET *s, const UINT_RANGE *range); + +/* Returns 1 iff the given integer is in the integer set. */ +int ossl_uint_set_query(const UINT_SET *s, uint64_t v); + +#endif diff --git a/contrib/openssl-cmake/linux_x86_64/include_private/internal/unicode.h b/contrib/openssl-cmake/linux_x86_64/include_private/internal/unicode.h new file mode 100644 index 000000000000..a6de8352d680 --- /dev/null +++ b/contrib/openssl-cmake/linux_x86_64/include_private/internal/unicode.h @@ -0,0 +1,31 @@ +/* + * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_UNICODE_H +# define OSSL_INTERNAL_UNICODE_H +# pragma once + +typedef enum { + SURROGATE_MIN = 0xd800UL, + SURROGATE_MAX = 0xdfffUL, + UNICODE_MAX = 0x10ffffUL, + UNICODE_LIMIT +} UNICODE_CONSTANTS; + +static ossl_unused ossl_inline int is_unicode_surrogate(unsigned long value) +{ + return value >= SURROGATE_MIN && value <= SURROGATE_MAX; +} + +static ossl_unused ossl_inline int is_unicode_valid(unsigned long value) +{ + return value <= UNICODE_MAX && !is_unicode_surrogate(value); +} + +#endif diff --git a/src/Functions/FunctionsAES.cpp b/src/Functions/FunctionsAES.cpp index d1fcd192e6f6..38ca47f798ea 100644 --- a/src/Functions/FunctionsAES.cpp +++ b/src/Functions/FunctionsAES.cpp @@ -39,10 +39,9 @@ StringRef foldEncryptionKeyInMySQLCompatitableMode(size_t cipher_key_size, Strin const EVP_CIPHER * getCipherByName(StringRef cipher_name) { - // NOTE: cipher obtained not via EVP_CIPHER_fetch() would cause extra work on each context reset - // with EVP_CIPHER_CTX_reset() or EVP_EncryptInit_ex(), but using EVP_CIPHER_fetch() - // causes data race, so we stick to the slower but safer alternative here. - return EVP_get_cipherbyname(cipher_name.data); + // OPTIMIZATION: Use cached EVP_CIPHER_fetch() for better performance in OpenSSL 3.x + return OpenSSLOptimized::CipherCache::instance().getCipher( + std::string_view(cipher_name.data, cipher_name.size)); } } diff --git a/src/Functions/FunctionsAES.h b/src/Functions/FunctionsAES.h index 7af6265eba92..a5cbda9985bd 100644 --- a/src/Functions/FunctionsAES.h +++ b/src/Functions/FunctionsAES.h @@ -14,6 +14,7 @@ #include #include #include +#include #include @@ -261,8 +262,9 @@ class FunctionEncrypt : public IFunction { using namespace OpenSSLDetails; - auto evp_ctx_ptr = std::unique_ptr(EVP_CIPHER_CTX_new(), &EVP_CIPHER_CTX_free); - auto * evp_ctx = evp_ctx_ptr.get(); + // OPTIMIZATION: Reuse thread-local context instead of allocating per batch + auto & context_wrapper = OpenSSLOptimized::EVPContextPool::getContext(); + auto * evp_ctx = context_wrapper.ctx; const auto block_size = static_cast(EVP_CIPHER_block_size(evp_cipher)); const auto key_size = static_cast(EVP_CIPHER_key_length(evp_cipher)); @@ -295,6 +297,9 @@ class FunctionEncrypt : public IFunction for (size_t row_idx = 0; row_idx < input_rows_count; ++row_idx) { + // OPTIMIZATION: Reset context for reuse + EVP_CIPHER_CTX_reset(evp_ctx); + const auto key_value = key_holder.setKey(key_size, key_column->getDataAt(row_idx)); auto iv_value = StringRef{}; if (iv_column) @@ -536,8 +541,9 @@ class FunctionDecrypt : public IFunction { using namespace OpenSSLDetails; - auto evp_ctx_ptr = std::unique_ptr(EVP_CIPHER_CTX_new(), &EVP_CIPHER_CTX_free); - auto * evp_ctx = evp_ctx_ptr.get(); + // OPTIMIZATION: Reuse thread-local context instead of allocating per batch + auto & context_wrapper = OpenSSLOptimized::EVPContextPool::getContext(); + auto * evp_ctx = context_wrapper.ctx; [[maybe_unused]] const auto block_size = static_cast(EVP_CIPHER_block_size(evp_cipher)); [[maybe_unused]] const auto iv_size = static_cast(EVP_CIPHER_iv_length(evp_cipher)); @@ -577,6 +583,9 @@ class FunctionDecrypt : public IFunction KeyHolder key_holder; for (size_t row_idx = 0; row_idx < input_rows_count; ++row_idx) { + // OPTIMIZATION: Reset context for reuse + EVP_CIPHER_CTX_reset(evp_ctx); + // 0: prepare key if required auto key_value = key_holder.setKey(key_size, key_column->getDataAt(row_idx)); auto iv_value = StringRef{}; diff --git a/src/Functions/FunctionsAES_Optimized.h b/src/Functions/FunctionsAES_Optimized.h new file mode 100644 index 000000000000..bade9313ed4d --- /dev/null +++ b/src/Functions/FunctionsAES_Optimized.h @@ -0,0 +1,141 @@ +#pragma once + +#include "config.h" + +#if USE_SSL + +#include +#include +#include +#include +#include + +namespace DB +{ + +namespace ErrorCodes +{ + extern const int OPENSSL_ERROR; +} + +namespace OpenSSLOptimized +{ + +/// Thread-local context pool to avoid repeated allocation/deallocation +class EVPContextPool +{ +public: + struct ContextWrapper + { + EVP_CIPHER_CTX * ctx = nullptr; + const EVP_CIPHER * cached_cipher = nullptr; + + ContextWrapper() + { + ctx = EVP_CIPHER_CTX_new(); + if (!ctx) + throw Exception(ErrorCodes::OPENSSL_ERROR, "Failed to allocate EVP_CIPHER_CTX"); + } + + ~ContextWrapper() + { + if (ctx) + EVP_CIPHER_CTX_free(ctx); + } + + // Non-copyable + ContextWrapper(const ContextWrapper&) = delete; + ContextWrapper& operator=(const ContextWrapper&) = delete; + + void reset() + { + if (ctx) + EVP_CIPHER_CTX_reset(ctx); + } + }; + + static ContextWrapper& getContext() + { + thread_local ContextWrapper context; + return context; + } +}; + +/// Cache for EVP_CIPHER lookups using EVP_CIPHER_fetch for better performance +class CipherCache +{ +private: + struct CacheEntry + { + EVP_CIPHER * cipher = nullptr; + std::string name; + + ~CacheEntry() + { + if (cipher) + EVP_CIPHER_free(cipher); + } + }; + + std::unordered_map> cache; + std::mutex mutex; + +public: + ~CipherCache() = default; + + const EVP_CIPHER * getCipher(std::string_view cipher_name) + { + std::string name_str(cipher_name); + + { + std::lock_guard lock(mutex); + auto it = cache.find(name_str); + if (it != cache.end()) + return it->second->cipher; + } + + // Fetch cipher outside of lock to minimize lock hold time + // EVP_CIPHER_fetch is thread-safe and works better with OpenSSL 3.x providers + EVP_CIPHER * cipher = EVP_CIPHER_fetch(nullptr, name_str.c_str(), nullptr); + + if (!cipher) + return nullptr; + + { + std::lock_guard lock(mutex); + // Double-check in case another thread added it + auto it = cache.find(name_str); + if (it != cache.end()) + { + EVP_CIPHER_free(cipher); // Free the one we just fetched + return it->second->cipher; + } + + auto entry = std::make_unique(); + entry->cipher = cipher; + entry->name = name_str; + + const EVP_CIPHER * result = cipher; + cache[name_str] = std::move(entry); + return result; + } + } + + static CipherCache& instance() + { + static CipherCache cache; + return cache; + } +}; + +/// Fast cipher lookup with caching +inline const EVP_CIPHER * getCipherByNameFast(std::string_view cipher_name) +{ + return CipherCache::instance().getCipher(cipher_name); +} + +} // namespace OpenSSLOptimized + +} // namespace DB + +#endif // USE_SSL