studio/cli
2
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 4 Wiki Activity

chore: checkpoint before Python removal

Browse Source
This commit is contained in:
Sienna Meridian Satterwhite
2026-03-26 22:33:59 +00:00
parent 683cec9307
commit e568ddf82a
29972 changed files with 11269302 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

491
vendor/aws-lc-sys/aws-lc/include/openssl/aead.h vendored Normal file
View File

@@ -0,0 +1,491 @@
// Copyright (c) 2014, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_AEAD_H
#define OPENSSL_HEADER_AEAD_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// Authenticated Encryption with Additional Data.
//
// AEAD couples confidentiality and integrity in a single primitive. AEAD
// algorithms take a key and then can seal and open individual messages. Each
// message has a unique, per-message nonce and, optionally, additional data
// which is authenticated but not included in the ciphertext.
//
// The |EVP_AEAD_CTX_init| function initialises an |EVP_AEAD_CTX| structure and
// performs any precomputation needed to use |aead| with |key|. The length of
// the key, |key_len|, is given in bytes.
//
// The |tag_len| argument contains the length of the tags, in bytes, and allows
// for the processing of truncated authenticators. A zero value indicates that
// the default tag length should be used and this is defined as
// |EVP_AEAD_DEFAULT_TAG_LENGTH| in order to make the code clear. Using
// truncated tags increases an attacker's chance of creating a valid forgery.
// Be aware that the attacker's chance may increase more than exponentially as
// would naively be expected.
//
// When no longer needed, the initialised |EVP_AEAD_CTX| structure must be
// passed to |EVP_AEAD_CTX_cleanup|, which will deallocate any memory used.
//
// With an |EVP_AEAD_CTX| in hand, one can seal and open messages. These
// operations are intended to meet the standard notions of privacy and
// authenticity for authenticated encryption. For formal definitions see
// Bellare and Namprempre, "Authenticated encryption: relations among notions
// and analysis of the generic composition paradigm," Lecture Notes in Computer
// Science B<1976> (2000), 531545,
// http://www-cse.ucsd.edu/~mihir/papers/oem.html.
//
// When sealing messages, a nonce must be given. The length of the nonce is
// fixed by the AEAD in use and is returned by |EVP_AEAD_nonce_length|. *The
// nonce must be unique for all messages with the same key*. This is critically
// important - nonce reuse may completely undermine the security of the AEAD.
// Nonces may be predictable and public, so long as they are unique. Uniqueness
// may be achieved with a simple counter or, if large enough, may be generated
// randomly. The nonce must be passed into the "open" operation by the receiver
// so must either be implicit (e.g. a counter), or must be transmitted along
// with the sealed message.
//
// The "seal" and "open" operations are atomic - an entire message must be
// encrypted or decrypted in a single call. Large messages may have to be split
// up in order to accommodate this. When doing so, be mindful of the need not to
// repeat nonces and the possibility that an attacker could duplicate, reorder
// or drop message chunks. For example, using a single key for a given (large)
// message and sealing chunks with nonces counting from zero would be secure as
// long as the number of chunks was securely transmitted. (Otherwise an
// attacker could truncate the message by dropping chunks from the end.)
//
// The number of chunks could be transmitted by prefixing it to the plaintext,
// for example. This also assumes that no other message would ever use the same
// key otherwise the rule that nonces must be unique for a given key would be
// violated.
//
// The "seal" and "open" operations also permit additional data to be
// authenticated via the |ad| parameter. This data is not included in the
// ciphertext and must be identical for both the "seal" and "open" call. This
// permits implicit context to be authenticated but may be empty if not needed.
//
// The "seal" and "open" operations may work in-place if the |out| and |in|
// arguments are equal. Otherwise, if |out| and |in| alias, input data may be
// overwritten before it is read. This situation will cause an error.
//
// The "seal" and "open" operations return one on success and zero on error.
// AEAD algorithms.
// EVP_aead_aes_128_gcm is AES-128 in Galois Counter Mode.
//
// Note: AES-GCM should only be used with 12-byte (96-bit) nonces. Although it
// is specified to take a variable-length nonce, nonces with other lengths are
// effectively randomized, which means one must consider collisions. Unless
// implementing an existing protocol which has already specified incorrect
// parameters, only use 12-byte nonces.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm(void);
// EVP_aead_aes_192_gcm is AES-192 in Galois Counter Mode.
//
// WARNING: AES-192 is superfluous and shouldn't exist. NIST should never have
// defined it. Use only when interop with another system requires it, never
// de novo.
//
// Note: AES-GCM should only be used with 12-byte (96-bit) nonces. Although it
// is specified to take a variable-length nonce, nonces with other lengths are
// effectively randomized, which means one must consider collisions. Unless
// implementing an existing protocol which has already specified incorrect
// parameters, only use 12-byte nonces.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_192_gcm(void);
// EVP_aead_aes_256_gcm is AES-256 in Galois Counter Mode.
//
// Note: AES-GCM should only be used with 12-byte (96-bit) nonces. Although it
// is specified to take a variable-length nonce, nonces with other lengths are
// effectively randomized, which means one must consider collisions. Unless
// implementing an existing protocol which has already specified incorrect
// parameters, only use 12-byte nonces.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm(void);
// EVP_aead_chacha20_poly1305 is the AEAD built from ChaCha20 and
// Poly1305 as described in RFC 8439.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_chacha20_poly1305(void);
// EVP_aead_xchacha20_poly1305 is ChaCha20-Poly1305 with an extended nonce that
// makes random generation of nonces safe.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_xchacha20_poly1305(void);
// EVP_aead_aes_128_ctr_hmac_sha256 is AES-128 in CTR mode with HMAC-SHA256 for
// authentication. The nonce is 12 bytes; the bottom 32-bits are used as the
// block counter, thus the maximum plaintext size is 64GB.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ctr_hmac_sha256(void);
// EVP_aead_aes_256_ctr_hmac_sha256 is AES-256 in CTR mode with HMAC-SHA256 for
// authentication. See |EVP_aead_aes_128_ctr_hmac_sha256| for details.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_ctr_hmac_sha256(void);
// EVP_aead_aes_128_gcm_siv is AES-128 in GCM-SIV mode. See RFC 8452.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm_siv(void);
// EVP_aead_aes_256_gcm_siv is AES-256 in GCM-SIV mode. See RFC 8452.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_siv(void);
// EVP_aead_aes_128_gcm_randnonce is AES-128 in Galois Counter Mode with
// internal nonce generation. The 12-byte nonce is appended to the tag
// and is generated internally. The "tag", for the purposes of the API, is thus
// 12 bytes larger. The nonce parameter when using this AEAD must be
// zero-length. Since the nonce is random, a single key should not be used for
// more than 2^32 seal operations.
//
// Warning: this is for use for FIPS compliance only. It is probably not
// suitable for other uses. Using standard AES-GCM AEADs allows one to achieve
// the same effect, but gives more control over nonce storage.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm_randnonce(void);
// EVP_aead_aes_256_gcm_randnonce is AES-256 in Galois Counter Mode with
// internal nonce generation. The 12-byte nonce is appended to the tag
// and is generated internally. The "tag", for the purposes of the API, is thus
// 12 bytes larger. The nonce parameter when using this AEAD must be
// zero-length. Since the nonce is random, a single key should not be used for
// more than 2^32 seal operations.
//
// Warning: this is for use for FIPS compliance only. It is probably not
// suitable for other uses. Using standard AES-GCM AEADs allows one to achieve
// the same effect, but gives more control over nonce storage.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_randnonce(void);
// EVP_aead_aes_128_ccm_bluetooth is AES-128-CCM with M=4 and L=2 (4-byte tags
// and 13-byte nonces), as described in the Bluetooth Core Specification v5.0,
// Volume 6, Part E, Section 1.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ccm_bluetooth(void);
// EVP_aead_aes_128_ccm_bluetooth_8 is AES-128-CCM with M=8 and L=2 (8-byte tags
// and 13-byte nonces), as used in the Bluetooth Mesh Networking Specification
// v1.0.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ccm_bluetooth_8(void);
// EVP_aead_aes_128_ccm_matter is AES-128-CCM with M=16 and L=2 (16-byte tags
// and 13-byte nonces), as used in the Matter specification.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ccm_matter(void);
// EVP_has_aes_hardware returns one if we enable hardware support for fast and
// constant-time AES-GCM.
OPENSSL_EXPORT int EVP_has_aes_hardware(void);
// Utility functions.
// EVP_AEAD_key_length returns the length, in bytes, of the keys used by
// |aead|.
OPENSSL_EXPORT size_t EVP_AEAD_key_length(const EVP_AEAD *aead);
// EVP_AEAD_nonce_length returns the length, in bytes, of the per-message nonce
// for |aead|. Some |aead|s might support a larger set of nonce-lengths (e.g.
// aes-gcm).
OPENSSL_EXPORT size_t EVP_AEAD_nonce_length(const EVP_AEAD *aead);
// EVP_AEAD_max_overhead returns the maximum number of additional bytes added
// by the act of sealing data with |aead|.
OPENSSL_EXPORT size_t EVP_AEAD_max_overhead(const EVP_AEAD *aead);
// EVP_AEAD_max_tag_len returns the maximum tag length when using |aead|. This
// is the largest value that can be passed as |tag_len| to
// |EVP_AEAD_CTX_init|.
OPENSSL_EXPORT size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead);
// AEAD operations.
union evp_aead_ctx_st_state {
uint8_t opaque[564];
uint64_t alignment;
void *ptr;
};
// An evp_aead_ctx_st (typedefed as |EVP_AEAD_CTX| in base.h) represents an AEAD
// algorithm configured with a specific key and message-independent IV.
struct evp_aead_ctx_st {
const EVP_AEAD *aead;
union evp_aead_ctx_st_state state;
uint8_t state_offset;
// tag_len may contain the actual length of the authentication tag if it is
// known at initialization time.
uint8_t tag_len;
};
// EVP_AEAD_MAX_KEY_LENGTH contains the maximum key length used by
// any AEAD defined in this header.
#define EVP_AEAD_MAX_KEY_LENGTH 80
// EVP_AEAD_MAX_NONCE_LENGTH contains the maximum nonce length used by
// any AEAD defined in this header.
#define EVP_AEAD_MAX_NONCE_LENGTH 24
// EVP_AEAD_MAX_OVERHEAD contains the maximum overhead used by any AEAD
// defined in this header.
#define EVP_AEAD_MAX_OVERHEAD 64
// EVP_AEAD_DEFAULT_TAG_LENGTH is a magic value that can be passed to
// EVP_AEAD_CTX_init to indicate that the default tag length for an AEAD should
// be used.
#define EVP_AEAD_DEFAULT_TAG_LENGTH 0
// EVP_AEAD_CTX_zero sets an uninitialized |ctx| to the zero state. It must be
// initialized with |EVP_AEAD_CTX_init| before use. It is safe, but not
// necessary, to call |EVP_AEAD_CTX_cleanup| in this state. This may be used for
// more uniform cleanup of |EVP_AEAD_CTX|.
OPENSSL_EXPORT void EVP_AEAD_CTX_zero(EVP_AEAD_CTX *ctx);
// EVP_AEAD_CTX_new allocates an |EVP_AEAD_CTX|, calls |EVP_AEAD_CTX_init| and
// returns the |EVP_AEAD_CTX|, or NULL on error.
OPENSSL_EXPORT EVP_AEAD_CTX *EVP_AEAD_CTX_new(const EVP_AEAD *aead,
const uint8_t *key,
size_t key_len, size_t tag_len);
// EVP_AEAD_CTX_free calls |EVP_AEAD_CTX_cleanup| and |OPENSSL_free| on
// |ctx|.
OPENSSL_EXPORT void EVP_AEAD_CTX_free(EVP_AEAD_CTX *ctx);
// EVP_AEAD_CTX_init initializes |ctx| for the given AEAD algorithm. The |impl|
// argument is ignored and should be NULL. Authentication tags may be truncated
// by passing a size as |tag_len|. A |tag_len| of zero indicates the default
// tag length and this is defined as EVP_AEAD_DEFAULT_TAG_LENGTH for
// readability.
//
// Returns 1 on success. Otherwise returns 0 and pushes to the error stack. In
// the error case, you do not need to call |EVP_AEAD_CTX_cleanup|, but it's
// harmless to do so.
OPENSSL_EXPORT int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
const uint8_t *key, size_t key_len,
size_t tag_len, ENGINE *impl);
// EVP_AEAD_CTX_cleanup frees any data allocated by |ctx|. It is a no-op to
// call |EVP_AEAD_CTX_cleanup| on a |EVP_AEAD_CTX| that has been |memset| to
// all zeros.
OPENSSL_EXPORT void EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx);
// EVP_AEAD_CTX_seal encrypts and authenticates |in_len| bytes from |in| and
// authenticates |ad_len| bytes from |ad| and writes the result to |out|. It
// returns one on success and zero otherwise.
//
// This function may be called concurrently with itself or any other seal/open
// function on the same |EVP_AEAD_CTX|.
//
// At most |max_out_len| bytes are written to |out| and, in order to ensure
// success, |max_out_len| should be |in_len| plus the result of
// |EVP_AEAD_max_overhead|. On successful return, |*out_len| is set to the
// actual number of bytes written.
//
// The length of |nonce|, |nonce_len|, must be equal to the result of
// |EVP_AEAD_nonce_length| for this AEAD.
//
// |EVP_AEAD_CTX_seal| never results in a partial output. If |max_out_len| is
// insufficient, zero will be returned. If any error occurs, |out| will be
// filled with zero bytes and |*out_len| set to zero.
//
// If |in| and |out| alias then |out| must be == |in|.
OPENSSL_EXPORT int EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
size_t *out_len, size_t max_out_len,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len);
// EVP_AEAD_CTX_open authenticates |in_len| bytes from |in| and |ad_len| bytes
// from |ad| and decrypts at most |in_len| bytes into |out|. It returns one on
// success and zero otherwise.
//
// This function may be called concurrently with itself or any other seal/open
// function on the same |EVP_AEAD_CTX|.
//
// At most |in_len| bytes are written to |out|. In order to ensure success,
// |max_out_len| should be at least |in_len|. On successful return, |*out_len|
// is set to the the actual number of bytes written.
//
// The length of |nonce|, |nonce_len|, must be equal to the result of
// |EVP_AEAD_nonce_length| for this AEAD.
//
// |EVP_AEAD_CTX_open| never results in a partial output. If |max_out_len| is
// insufficient, zero will be returned. If any error occurs, |out| will be
// filled with zero bytes and |*out_len| set to zero.
//
// If |in| and |out| alias then |out| must be == |in|.
OPENSSL_EXPORT int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
size_t *out_len, size_t max_out_len,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len);
// EVP_AEAD_CTX_seal_scatter encrypts and authenticates |in_len| bytes from |in|
// and authenticates |ad_len| bytes from |ad|. It writes |in_len| bytes of
// ciphertext to |out| and the authentication tag to |out_tag|. It returns one
// on success and zero otherwise.
//
// This function may be called concurrently with itself or any other seal/open
// function on the same |EVP_AEAD_CTX|.
//
// Exactly |in_len| bytes are written to |out|, and up to
// |EVP_AEAD_max_overhead+extra_in_len| bytes to |out_tag|. On successful
// return, |*out_tag_len| is set to the actual number of bytes written to
// |out_tag|.
//
// |extra_in| may point to an additional plaintext input buffer if the cipher
// supports it. If present, |extra_in_len| additional bytes of plaintext are
// encrypted and authenticated, and the ciphertext is written (before the tag)
// to |out_tag|. |max_out_tag_len| must be sized to allow for the additional
// |extra_in_len| bytes.
//
// The length of |nonce|, |nonce_len|, must be equal to the result of
// |EVP_AEAD_nonce_length| for this AEAD.
//
// |EVP_AEAD_CTX_seal_scatter| never results in a partial output. If
// |max_out_tag_len| is insufficient, zero will be returned. If any error
// occurs, |out| and |out_tag| will be filled with zero bytes and |*out_tag_len|
// set to zero.
//
// If |in| and |out| alias then |out| must be == |in|. |out_tag| may not alias
// any other argument.
OPENSSL_EXPORT int EVP_AEAD_CTX_seal_scatter(
const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag,
size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
size_t extra_in_len, const uint8_t *ad, size_t ad_len);
// EVP_AEAD_CTX_open_gather decrypts and authenticates |in_len| bytes from |in|
// and authenticates |ad_len| bytes from |ad| using |in_tag_len| bytes of
// authentication tag from |in_tag|. If successful, it writes |in_len| bytes of
// plaintext to |out|. It returns one on success and zero otherwise.
//
// This function may be called concurrently with itself or any other seal/open
// function on the same |EVP_AEAD_CTX|.
//
// The length of |nonce|, |nonce_len|, must be equal to the result of
// |EVP_AEAD_nonce_length| for this AEAD.
//
// |EVP_AEAD_CTX_open_gather| never results in a partial output. If any error
// occurs, |out| will be filled with zero bytes.
//
// If |in| and |out| alias then |out| must be == |in|.
OPENSSL_EXPORT int EVP_AEAD_CTX_open_gather(
const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *nonce,
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *in_tag,
size_t in_tag_len, const uint8_t *ad, size_t ad_len);
// EVP_AEAD_CTX_aead returns the underlying AEAD for |ctx|, or NULL if one has
// not been set.
OPENSSL_EXPORT const EVP_AEAD *EVP_AEAD_CTX_aead(const EVP_AEAD_CTX *ctx);
// TLS-specific AEAD algorithms.
//
// These AEAD primitives do not meet the definition of generic AEADs. They are
// all specific to TLS and should not be used outside of that context. They must
// be initialized with |EVP_AEAD_CTX_init_with_direction|, are stateful, and may
// not be used concurrently. Any nonces are used as IVs, so they must be
// unpredictable. They only accept an |ad| parameter of length 11 (the standard
// TLS one with length omitted).
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_tls(void);
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_tls_implicit_iv(void);
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_tls(void);
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_tls_implicit_iv(void);
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha256_tls(void);
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha256_tls_implicit_iv(
void);
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha384_tls(void);
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls(void);
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv(void);
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_null_sha1_tls(void);
// EVP_aead_aes_128_gcm_tls12 is AES-128 in Galois Counter Mode using the TLS
// 1.2 nonce construction.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm_tls12(void);
// EVP_aead_aes_256_gcm_tls12 is AES-256 in Galois Counter Mode using the TLS
// 1.2 nonce construction.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_tls12(void);
// EVP_aead_aes_128_gcm_tls13 is AES-128 in Galois Counter Mode using the TLS
// 1.3 nonce construction.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm_tls13(void);
// EVP_aead_aes_256_gcm_tls13 is AES-256 in Galois Counter Mode using the TLS
// 1.3 nonce construction.
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_tls13(void);
// Obscure functions.
// evp_aead_direction_t denotes the direction of an AEAD operation.
enum evp_aead_direction_t {
evp_aead_open,
evp_aead_seal
};
// EVP_AEAD_CTX_init_with_direction calls |EVP_AEAD_CTX_init| for normal
// AEADs. For TLS-specific and SSL3-specific AEADs, it initializes |ctx| for a
// given direction.
OPENSSL_EXPORT int EVP_AEAD_CTX_init_with_direction(
EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, const uint8_t *key, size_t key_len,
size_t tag_len, enum evp_aead_direction_t dir);
// EVP_AEAD_CTX_get_iv sets |*out_len| to the length of the IV for |ctx| and
// sets |*out_iv| to point to that many bytes of the current IV. This is only
// meaningful for AEADs with implicit IVs (i.e. CBC mode in TLS 1.0).
//
// It returns one on success or zero on error.
OPENSSL_EXPORT int EVP_AEAD_CTX_get_iv(const EVP_AEAD_CTX *ctx,
const uint8_t **out_iv, size_t *out_len);
// EVP_AEAD_CTX_tag_len computes the exact byte length of the tag written by
// |EVP_AEAD_CTX_seal_scatter| and writes it to |*out_tag_len|. It returns one
// on success or zero on error. |in_len| and |extra_in_len| must equal the
// arguments of the same names passed to |EVP_AEAD_CTX_seal_scatter|.
OPENSSL_EXPORT int EVP_AEAD_CTX_tag_len(const EVP_AEAD_CTX *ctx,
size_t *out_tag_len,
const size_t in_len,
const size_t extra_in_len);
#define FIPS_AES_GCM_NONCE_LENGTH 12
// EVP_AEAD_get_iv_from_ipv4_nanosecs computes a deterministic IV compliant with
// NIST SP 800-38D, built from an IPv4 address and the number of nanoseconds
// since boot, writing it to |out_iv| (in little endian).
// It returns one on success or zero for error.
//
// This is not a general-purpose API, you should not be using it unless you
// specifically know you need to use this.
OPENSSL_EXPORT int EVP_AEAD_get_iv_from_ipv4_nanosecs(
const uint32_t ipv4_address, const uint64_t nanosecs,
uint8_t out_iv[FIPS_AES_GCM_NONCE_LENGTH]);
#if defined(__cplusplus)
} // extern C
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
BSSL_NAMESPACE_BEGIN
using ScopedEVP_AEAD_CTX =
internal::StackAllocated<EVP_AEAD_CTX, void, EVP_AEAD_CTX_zero,
EVP_AEAD_CTX_cleanup>;
BORINGSSL_MAKE_DELETER(EVP_AEAD_CTX, EVP_AEAD_CTX_free)
BSSL_NAMESPACE_END
} // extern C++
#endif
#endif
#endif // OPENSSL_HEADER_AEAD_H

180
vendor/aws-lc-sys/aws-lc/include/openssl/aes.h vendored Normal file
View File

@@ -0,0 +1,180 @@
// Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_AES_H
#define OPENSSL_HEADER_AES_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// Raw AES functions.
#define AES_ENCRYPT 1
#define AES_DECRYPT 0
// AES_MAXNR is the maximum number of AES rounds.
#define AES_MAXNR 14
#define AES_BLOCK_SIZE 16
// aes_key_st should be an opaque type, but EVP requires that the size be
// known.
struct aes_key_st {
uint32_t rd_key[4 * (AES_MAXNR + 1)];
unsigned rounds;
};
typedef struct aes_key_st AES_KEY;
// AES_set_encrypt_key configures |aeskey| to encrypt with the |bits|-bit key,
// |key|. |key| must point to |bits|/8 bytes. It returns zero on success and a
// negative number if |bits| is an invalid AES key size.
//
// WARNING: this function breaks the usual return value convention.
OPENSSL_EXPORT int AES_set_encrypt_key(const uint8_t *key, unsigned bits,
AES_KEY *aeskey);
// AES_set_decrypt_key configures |aeskey| to decrypt with the |bits|-bit key,
// |key|. |key| must point to |bits|/8 bytes. It returns zero on success and a
// negative number if |bits| is an invalid AES key size.
//
// WARNING: this function breaks the usual return value convention.
OPENSSL_EXPORT int AES_set_decrypt_key(const uint8_t *key, unsigned bits,
AES_KEY *aeskey);
// AES_encrypt encrypts a single block from |in| to |out| with |key|. The |in|
// and |out| pointers may overlap.
OPENSSL_EXPORT void AES_encrypt(const uint8_t *in, uint8_t *out,
const AES_KEY *key);
// AES_decrypt decrypts a single block from |in| to |out| with |key|. The |in|
// and |out| pointers may overlap.
OPENSSL_EXPORT void AES_decrypt(const uint8_t *in, uint8_t *out,
const AES_KEY *key);
// Block cipher modes.
// AES_ctr128_encrypt encrypts (or decrypts, it's the same in CTR mode) |len|
// bytes from |in| to |out|. The |num| parameter must be set to zero on the
// first call and |ivec| will be incremented. This function may be called
// in-place with |in| equal to |out|, but otherwise the buffers may not
// partially overlap. A partial overlap may overwrite input data before it is
// read.
OPENSSL_EXPORT void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out,
size_t len, const AES_KEY *key,
uint8_t ivec[AES_BLOCK_SIZE],
uint8_t ecount_buf[AES_BLOCK_SIZE],
unsigned int *num);
// AES_ecb_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) a single,
// 16 byte block from |in| to |out|. This function may be called in-place with
// |in| equal to |out|, but otherwise the buffers may not partially overlap. A
// partial overlap may overwrite input data before it is read.
OPENSSL_EXPORT void AES_ecb_encrypt(const uint8_t *in, uint8_t *out,
const AES_KEY *key, const int enc);
// AES_cbc_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) |len|
// bytes from |in| to |out|. The length must be a multiple of the block size.
// This function may be called in-place with |in| equal to |out|, but otherwise
// the buffers may not partially overlap. A partial overlap may overwrite input
// data before it is read.
OPENSSL_EXPORT void AES_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
const AES_KEY *key, uint8_t *ivec,
const int enc);
// AES_ofb128_encrypt encrypts (or decrypts, it's the same in OFB mode) |len|
// bytes from |in| to |out|. The |num| parameter must be set to zero on the
// first call. This function may be called in-place with |in| equal to |out|,
// but otherwise the buffers may not partially overlap. A partial overlap may
// overwrite input data before it is read.
OPENSSL_EXPORT void AES_ofb128_encrypt(const uint8_t *in, uint8_t *out,
size_t len, const AES_KEY *key,
uint8_t *ivec, int *num);
// AES_cfb1_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) |len|
// bytes from |in| to |out|. The |num| parameter must be set to zero on the
// first call. This function may be called in-place with |in| equal to |out|,
// but otherwise the buffers may not partially overlap. A partial overlap may
// overwrite input data before it is read.
OPENSSL_EXPORT void AES_cfb1_encrypt(const uint8_t *in, uint8_t *out,
size_t bits, const AES_KEY *key,
uint8_t *ivec, int *num, int enc);
// AES_cfb8_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) |len|
// bytes from |in| to |out|. The |num| parameter must be set to zero on the
// first call. This function may be called in-place with |in| equal to |out|,
// but otherwise the buffers may not partially overlap. A partial overlap may
// overwrite input data before it is read.
OPENSSL_EXPORT void AES_cfb8_encrypt(const uint8_t *in, uint8_t *out,
size_t len, const AES_KEY *key,
uint8_t *ivec, int *num, int enc);
// AES_cfb128_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) |len|
// bytes from |in| to |out|. The |num| parameter must be set to zero on the
// first call. This function may be called in-place with |in| equal to |out|,
// but otherwise the buffers may not partially overlap. A partial overlap may
// overwrite input data before it is read.
OPENSSL_EXPORT void AES_cfb128_encrypt(const uint8_t *in, uint8_t *out,
size_t len, const AES_KEY *key,
uint8_t *ivec, int *num, int enc);
// AES key wrap.
//
// These functions implement AES Key Wrap mode, as defined in RFC 3394. They
// should never be used except to interoperate with existing systems that use
// this mode.
// AES_wrap_key performs AES key wrap on |in| which must be a multiple of 8
// bytes. |iv| must point to an 8 byte value or be NULL to use the default IV.
// |key| must have been configured for encryption. On success, it writes
// |in_len| + 8 bytes to |out| and returns |in_len| + 8. Otherwise, it returns
// -1.
OPENSSL_EXPORT int AES_wrap_key(const AES_KEY *key, const uint8_t *iv,
uint8_t *out, const uint8_t *in, size_t in_len);
// AES_unwrap_key performs AES key unwrap on |in| which must be a multiple of 8
// bytes. |iv| must point to an 8 byte value or be NULL to use the default IV.
// |key| must have been configured for decryption. On success, it writes
// |in_len| - 8 bytes to |out| and returns |in_len| - 8. Otherwise, it returns
// -1.
OPENSSL_EXPORT int AES_unwrap_key(const AES_KEY *key, const uint8_t *iv,
uint8_t *out, const uint8_t *in,
size_t in_len);
// AES key wrap with padding.
//
// These functions implement AES Key Wrap with Padding mode, as defined in RFC
// 5649. They should never be used except to interoperate with existing systems
// that use this mode.
// AES_wrap_key_padded performs a padded AES key wrap on |in| which must be
// between 1 and 2^32-1 bytes. |key| must have been configured for encryption.
// On success it writes at most |max_out| bytes of ciphertext to |out|, sets
// |*out_len| to the number of bytes written, and returns one. On failure it
// returns zero. To ensure success, set |max_out| to at least |in_len| + 15.
OPENSSL_EXPORT int AES_wrap_key_padded(const AES_KEY *key, uint8_t *out,
size_t *out_len, size_t max_out,
const uint8_t *in, size_t in_len);
// AES_unwrap_key_padded performs a padded AES key unwrap on |in| which must be
// a multiple of 8 bytes. |key| must have been configured for decryption. On
// success it writes at most |max_out| bytes to |out|, sets |*out_len| to the
// number of bytes written, and returns one. On failure it returns zero. Setting
// |max_out| to |in_len| is a sensible estimate.
OPENSSL_EXPORT int AES_unwrap_key_padded(const AES_KEY *key, uint8_t *out,
size_t *out_len, size_t max_out,
const uint8_t *in, size_t in_len);
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_AES_H

111
vendor/aws-lc-sys/aws-lc/include/openssl/arm_arch.h vendored Normal file
View File

@@ -0,0 +1,111 @@
// Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_ARM_ARCH_H
#define OPENSSL_HEADER_ARM_ARCH_H
#include <openssl/target.h>
// arm_arch.h contains symbols used by ARM assembly, and the C code that calls
// it. It is included as a public header to simplify the build, but is not
// intended for external use.
#if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
// ARMV7_NEON is true when a NEON unit is present in the current CPU.
#define ARMV7_NEON (1 << 0)
// ARMV8_AES indicates support for hardware AES instructions.
#define ARMV8_AES (1 << 2)
// ARMV8_SHA1 indicates support for hardware SHA-1 instructions.
#define ARMV8_SHA1 (1 << 3)
// ARMV8_SHA256 indicates support for hardware SHA-256 instructions.
#define ARMV8_SHA256 (1 << 4)
// ARMV8_PMULL indicates support for carryless multiplication.
#define ARMV8_PMULL (1 << 5)
// ARMV8_SHA512 indicates support for hardware SHA-512 instructions.
#define ARMV8_SHA512 (1 << 6)
// ARMV8_SHA3 indicates support for hardware SHA-3 instructions including EOR3.
#define ARMV8_SHA3 (1 << 11)
// Combination of all Armv8 Neon extension bits: 0x087c
// NOTE: If you add further Armv8 Neon extension bits, adjust
// "Test algorithm dispatch without CPU indicator or Neon extension capability bits"
// in util/all_tests.json
// The Neoverse N1, V1, V2, and Apple M1 micro-architectures are detected to
// allow selecting the fasted implementations for SHA3/SHAKE and AES-GCM.
// Combination of all CPU indicator bits: 0x7080
// NOTE: If you add further CPU indicator bits, adjust
// "Test algorithm dispatch without CPU indicator bits" in util/all_tests.json.
#define ARMV8_NEOVERSE_N1 (1 << 7)
#define ARMV8_NEOVERSE_V1 (1 << 12)
#define ARMV8_APPLE_M (1 << 13)
#define ARMV8_NEOVERSE_V2 (1 << 14)
// Combination of CPU indicator bits and Armv8 Neon extension bits: 0x78fc
// ARMV8_DIT indicates support for the Data-Independent Timing (DIT) flag.
#define ARMV8_DIT (1 << 15)
// ARMV8_DIT_ALLOWED is a run-time en/disabler for the Data-Independent
// Timing (DIT) flag capability. It makes the DIT capability allowed when it is
// first discovered in |OPENSSL_cpuid_setup|. But that bit position in
// |OPENSSL_armcap_P| can be toggled off and back on at run-time via
// |armv8_disable_dit| and |armv8_enable_dit|, respectively.
#define ARMV8_DIT_ALLOWED (1 << 16)
// ARMV8_RNG indicates supports for hardware RNG instruction RNDR.
#define ARMV8_RNG (1 << 17)
//
// MIDR_EL1 system register
//
// 63___ _ ___32_31___ _ ___24_23_____20_19_____16_15__ _ __4_3_______0
// | | | | | | |
// |RES0 | Implementer | Variant | Arch | PartNum |Revision|
// |____ _ _____|_____ _ _____|_________|_______ _|____ _ ___|________|
//
# define ARM_CPU_IMP_ARM 0x41
# define ARM_CPU_PART_CORTEX_A72 0xD08
# define ARM_CPU_PART_N1 0xD0C
# define ARM_CPU_PART_V1 0xD40
# define ARM_CPU_PART_V2 0xD4F
# define MIDR_PARTNUM_SHIFT 4
# define MIDR_PARTNUM_MASK (0xfffUL << MIDR_PARTNUM_SHIFT)
# define MIDR_PARTNUM(midr) \
(((midr) & MIDR_PARTNUM_MASK) >> MIDR_PARTNUM_SHIFT)
# define MIDR_IMPLEMENTER_SHIFT 24
# define MIDR_IMPLEMENTER_MASK (0xffUL << MIDR_IMPLEMENTER_SHIFT)
# define MIDR_IMPLEMENTER(midr) \
(((midr) & MIDR_IMPLEMENTER_MASK) >> MIDR_IMPLEMENTER_SHIFT)
# define MIDR_ARCHITECTURE_SHIFT 16
# define MIDR_ARCHITECTURE_MASK (0xfUL << MIDR_ARCHITECTURE_SHIFT)
# define MIDR_ARCHITECTURE(midr) \
(((midr) & MIDR_ARCHITECTURE_MASK) >> MIDR_ARCHITECTURE_SHIFT)
# define MIDR_CPU_MODEL_MASK \
(MIDR_IMPLEMENTER_MASK | \
MIDR_PARTNUM_MASK | \
MIDR_ARCHITECTURE_MASK)
# define MIDR_CPU_MODEL(imp, partnum) \
(((imp) << MIDR_IMPLEMENTER_SHIFT) | \
(0xfUL << MIDR_ARCHITECTURE_SHIFT) | \
((partnum) << MIDR_PARTNUM_SHIFT))
# define MIDR_IS_CPU_MODEL(midr, imp, partnum) \
(((midr) & MIDR_CPU_MODEL_MASK) == MIDR_CPU_MODEL(imp, partnum))
#endif // ARM || AARCH64
#endif // OPENSSL_HEADER_ARM_ARCH_H

206
vendor/aws-lc-sys/aws-lc/include/openssl/asm_base.h vendored Normal file
View File

@@ -0,0 +1,206 @@
// Copyright (c) 2023, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_ASM_BASE_H
#define OPENSSL_HEADER_ASM_BASE_H
#include <openssl/target.h>
// This header contains symbols and common sections used by assembly files. It
// is included as a public header to simplify the build, but is not intended for
// external use.
//
// Every assembly file must include this header. Some linker features require
// all object files to be tagged with some section metadata. This header file,
// when included in assembly, adds that metadata. It also makes defines like
// |OPENSSL_X86_64| available and includes the prefixing macros.
//
// Including this header in an assembly file imples:
//
// - The file does not require an executable stack.
//
// - The file, on aarch64, uses the macros defined below to be compatible with
// BTI and PAC.
//
// - The file, on x86_64, requires the program to be compatible with Intel IBT
// and SHSTK
#if defined(__ASSEMBLER__)
#include <openssl/boringssl_prefix_symbols_asm.h>
#if defined(__ELF__)
// Every ELF object file, even empty ones, should disable executable stacks. See
// https://www.airs.com/blog/archives/518.
.pushsection .note.GNU-stack, "", %progbits
.popsection
#endif
#if defined(__CET__) && defined(OPENSSL_X86_64)
// Clang and GCC define __CET__ and provide <cet.h> when they support Intel's
// Indirect Branch Tracking.
// https://lpc.events/event/7/contributions/729/attachments/496/903/CET-LPC-2020.pdf
//
// cet.h defines _CET_ENDBR which is used to mark function entry points for IBT.
// and adds the assembly marker. The value of _CET_ENDBR is made dependant on if
// '-fcf-protection' is passed to the compiler. _CET_ENDBR is only required when
// the function is the target of an indirect jump, but BoringSSL chooses to mark
// all assembly entry points because it is easier, and allows BoringSSL's ABI
// tester to call the assembly entry points via an indirect jump.
#include <cet.h>
#elif !defined(_CET_ENDBR)
// If cet.h does not exist, manually define _CET_ENDBR to be the ENDBR64
// instruction, with an explicit byte sequence for compilers/assemblers that
// don't know about it. Note that it is safe to use ENDBR64 on all platforms,
// since the encoding is by design interpreted as a NOP on all pre-CET x86_64
// processors.
#define _CET_ENDBR .byte 0xf3,0x0f,0x1e,0xfa
#endif
#if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
#if defined(__aarch64__) && !defined(__ARM_ARCH)
// Support for GCC v4.8+. GCC 4.8 was the first version to support aarch64
// but it doesn't define __ARM_ARCH for aarch64 targets.
#if defined(__GNUC__) && (__GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 8))
#error "GCC 4.8 or later is required for aarch64 support"
#endif
#define __ARM_ARCH 8
#endif
// We require the ARM assembler provide |__ARM_ARCH| from Arm C Language
// Extensions (ACLE). This is supported in GCC 4.8+ and Clang 3.2+. MSVC does
// not implement ACLE, but we require Clang's assembler on Windows.
#if !defined(__ARM_ARCH)
#error "ARM assembler must define __ARM_ARCH"
#endif
// Even when building for 32-bit ARM, support for aarch64 crypto instructions
// will be included.
//
// TODO(davidben): Remove this and the corresponding ifdefs? This is only
// defined because some OpenSSL assembly files would allow disabling the NEON
// code entirely. I think we'd prefer to do that by lifting the dispatch to C
// anyway.
#define __ARM_MAX_ARCH__ 8
// Support macros for
// - Armv8.3-A Pointer Authentication and
// - Armv8.5-A Branch Target Identification
// features which require emitting a .note.gnu.property section with the
// appropriate architecture-dependent feature bits set.
//
// |AARCH64_SIGN_LINK_REGISTER| and |AARCH64_VALIDATE_LINK_REGISTER| expand to
// PACIxSP and AUTIxSP, respectively. |AARCH64_SIGN_LINK_REGISTER| should be
// used immediately before saving the LR register (x30) to the stack.
// |AARCH64_VALIDATE_LINK_REGISTER| should be used immediately after restoring
// it. Note |AARCH64_SIGN_LINK_REGISTER|'s modifications to LR must be undone
// with |AARCH64_VALIDATE_LINK_REGISTER| before RET. The SP register must also
// have the same value at the two points. For example:
//
// .global f
// f:
// AARCH64_SIGN_LINK_REGISTER
// stp x29, x30, [sp, #-96]!
// mov x29, sp
// ...
// ldp x29, x30, [sp], #96
// AARCH64_VALIDATE_LINK_REGISTER
// ret
//
// |AARCH64_VALID_CALL_TARGET| expands to BTI 'c'. Either it, or
// |AARCH64_SIGN_LINK_REGISTER|, must be used at every point that may be an
// indirect call target. In particular, all symbols exported from a file must
// begin with one of these macros. For example, a leaf function that does not
// save LR can instead use |AARCH64_VALID_CALL_TARGET|:
//
// .globl return_zero
// return_zero:
// AARCH64_VALID_CALL_TARGET
// mov x0, #0
// ret
//
// A non-leaf function which does not immediately save LR may need both macros
// because |AARCH64_SIGN_LINK_REGISTER| appears late. For example, the function
// may jump to an alternate implementation before setting up the stack:
//
// .globl with_early_jump
// with_early_jump:
// AARCH64_VALID_CALL_TARGET
// cmp x0, #128
// b.lt .Lwith_early_jump_128
// AARCH64_SIGN_LINK_REGISTER
// stp x29, x30, [sp, #-96]!
// mov x29, sp
// ...
// ldp x29, x30, [sp], #96
// AARCH64_VALIDATE_LINK_REGISTER
// ret
//
// .Lwith_early_jump_128:
// ...
// ret
//
// These annotations are only required with indirect calls. Private symbols that
// are only the target of direct calls do not require annotations. Also note
// that |AARCH64_VALID_CALL_TARGET| is only valid for indirect calls (BLR), not
// indirect jumps (BR). Indirect jumps in assembly are currently not supported
// and would require a macro for BTI 'j'.
//
// Although not necessary, it is safe to use these macros in 32-bit ARM
// assembly. This may be used to simplify dual 32-bit and 64-bit files.
//
// References:
// - "ELF for the Arm® 64-bit Architecture"
// https://github.com/ARM-software/abi-aa/blob/master/aaelf64/aaelf64.rst
// - "Providing protection for complex software"
// https://developer.arm.com/architectures/learn-the-architecture/providing-protection-for-complex-software
#if defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1
#define GNU_PROPERTY_AARCH64_BTI (1 << 0) // Has Branch Target Identification
#define AARCH64_VALID_CALL_TARGET hint #34 // BTI 'c'
#else
#define GNU_PROPERTY_AARCH64_BTI 0 // No Branch Target Identification
#define AARCH64_VALID_CALL_TARGET
#endif
#if defined(__ARM_FEATURE_PAC_DEFAULT) && \
(__ARM_FEATURE_PAC_DEFAULT & 1) == 1 // Signed with A-key
#define GNU_PROPERTY_AARCH64_POINTER_AUTH \
(1 << 1) // Has Pointer Authentication
#define AARCH64_SIGN_LINK_REGISTER hint #25 // PACIASP
#define AARCH64_VALIDATE_LINK_REGISTER hint #29 // AUTIASP
#elif defined(__ARM_FEATURE_PAC_DEFAULT) && \
(__ARM_FEATURE_PAC_DEFAULT & 2) == 2 // Signed with B-key
#define GNU_PROPERTY_AARCH64_POINTER_AUTH \
(1 << 1) // Has Pointer Authentication
#define AARCH64_SIGN_LINK_REGISTER hint #27 // PACIBSP
#define AARCH64_VALIDATE_LINK_REGISTER hint #31 // AUTIBSP
#else
#define GNU_PROPERTY_AARCH64_POINTER_AUTH 0 // No Pointer Authentication
#if GNU_PROPERTY_AARCH64_BTI != 0
#define AARCH64_SIGN_LINK_REGISTER AARCH64_VALID_CALL_TARGET
#else
#define AARCH64_SIGN_LINK_REGISTER
#endif
#define AARCH64_VALIDATE_LINK_REGISTER
#endif
#if GNU_PROPERTY_AARCH64_POINTER_AUTH != 0 || GNU_PROPERTY_AARCH64_BTI != 0
.pushsection .note.gnu.property, "a";
.balign 8;
.long 4;
.long 0x10;
.long 0x5;
.asciz "GNU";
.long 0xc0000000; /* GNU_PROPERTY_AARCH64_FEATURE_1_AND */
.long 4;
.long (GNU_PROPERTY_AARCH64_POINTER_AUTH | GNU_PROPERTY_AARCH64_BTI);
.long 0;
.popsection;
#endif
#endif // ARM || AARCH64
#endif // __ASSEMBLER__
#endif // OPENSSL_HEADER_ASM_BASE_H

2149
vendor/aws-lc-sys/aws-lc/include/openssl/asn1.h vendored Normal file
View File

File diff suppressed because it is too large Load Diff

7
vendor/aws-lc-sys/aws-lc/include/openssl/asn1_mac.h vendored Normal file
View File

@@ -0,0 +1,7 @@
// Copyright (c) 2016, Google Inc.
// SPDX-License-Identifier: ISC
/* This header is provided in order to make compiling against code that expects
OpenSSL easier. */
#include "asn1.h"

657
vendor/aws-lc-sys/aws-lc/include/openssl/asn1t.h vendored Normal file
View File

@@ -0,0 +1,657 @@
// Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 2000.
// Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_ASN1T_H
#define OPENSSL_HEADER_ASN1T_H
#include <openssl/base.h>
#include <openssl/asn1.h>
#if defined(__cplusplus)
extern "C" {
#endif
/* Legacy ASN.1 library template definitions.
*
* This header is used to define new types in OpenSSL's ASN.1 implementation. It
* is deprecated and will be unexported from the library. Use the new |CBS| and
* |CBB| library in <openssl/bytestring.h> instead. */
typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
typedef struct ASN1_TLC_st ASN1_TLC;
/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
/* Macros for start and end of ASN1_ITEM definition */
#define ASN1_ITEM_start(itname) \
const ASN1_ITEM itname##_it = {
#define ASN1_ITEM_end(itname) \
};
/* Macros to aid ASN1 template writing */
#define ASN1_ITEM_TEMPLATE(tname) \
static const ASN1_TEMPLATE tname##_item_tt
#define ASN1_ITEM_TEMPLATE_END(tname) \
;\
ASN1_ITEM_start(tname) \
ASN1_ITYPE_PRIMITIVE,\
-1,\
&tname##_item_tt,\
0,\
NULL,\
0,\
#tname \
ASN1_ITEM_end(tname)
/* This is a ASN1 type which just embeds a template */
/* This pair helps declare a SEQUENCE. We can do:
*
* ASN1_SEQUENCE(stname) = {
* ... SEQUENCE components ...
* } ASN1_SEQUENCE_END(stname)
*
* This will produce an ASN1_ITEM called stname_it
* for a structure called stname.
*
* If you want the same structure but a different
* name then use:
*
* ASN1_SEQUENCE(itname) = {
* ... SEQUENCE components ...
* } ASN1_SEQUENCE_END_name(stname, itname)
*
* This will create an item called itname_it using
* a structure called stname.
*/
#define ASN1_SEQUENCE(tname) \
static const ASN1_TEMPLATE tname##_seq_tt[]
#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
#define ASN1_SEQUENCE_END_name(stname, tname) \
;\
ASN1_ITEM_start(tname) \
ASN1_ITYPE_SEQUENCE,\
V_ASN1_SEQUENCE,\
tname##_seq_tt,\
sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
NULL,\
sizeof(stname),\
#stname \
ASN1_ITEM_end(tname)
#define ASN1_SEQUENCE_cb(tname, cb) \
static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \
ASN1_SEQUENCE(tname)
#define ASN1_SEQUENCE_ref(tname, cb) \
static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), cb, 0}; \
ASN1_SEQUENCE(tname)
#define ASN1_SEQUENCE_enc(tname, enc, cb) \
static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, cb, offsetof(tname, enc)}; \
ASN1_SEQUENCE(tname)
#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
#define ASN1_SEQUENCE_END_ref(stname, tname) \
;\
ASN1_ITEM_start(tname) \
ASN1_ITYPE_SEQUENCE,\
V_ASN1_SEQUENCE,\
tname##_seq_tt,\
sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
&tname##_aux,\
sizeof(stname),\
#stname \
ASN1_ITEM_end(tname)
/* This pair helps declare a CHOICE type. We can do:
*
* ASN1_CHOICE(chname) = {
* ... CHOICE options ...
* ASN1_CHOICE_END(chname)
*
* This will produce an ASN1_ITEM called chname_it
* for a structure called chname. The structure
* definition must look like this:
* typedef struct {
* int type;
* union {
* ASN1_SOMETHING *opt1;
* ASN1_SOMEOTHER *opt2;
* } value;
* } chname;
*
* the name of the selector must be 'type'.
* to use an alternative selector name use the
* ASN1_CHOICE_END_selector() version.
*/
#define ASN1_CHOICE(tname) \
static const ASN1_TEMPLATE tname##_ch_tt[]
#define ASN1_CHOICE_cb(tname, cb) \
static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \
ASN1_CHOICE(tname)
#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
#define ASN1_CHOICE_END_selector(stname, tname, selname) \
;\
ASN1_ITEM_start(tname) \
ASN1_ITYPE_CHOICE,\
offsetof(stname,selname) ,\
tname##_ch_tt,\
sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
NULL,\
sizeof(stname),\
#stname \
ASN1_ITEM_end(tname)
#define ASN1_CHOICE_END_cb(stname, tname, selname) \
;\
ASN1_ITEM_start(tname) \
ASN1_ITYPE_CHOICE,\
offsetof(stname,selname) ,\
tname##_ch_tt,\
sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
&tname##_aux,\
sizeof(stname),\
#stname \
ASN1_ITEM_end(tname)
/* This helps with the template wrapper form of ASN1_ITEM */
#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
(flags), (tag), 0,\
#name, ASN1_ITEM_ref(type) }
/* These help with SEQUENCE or CHOICE components */
/* used to declare other types */
#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
(flags), (tag), offsetof(stname, field),\
#field, ASN1_ITEM_ref(type) }
/* used when the structure is combined with the parent */
#define ASN1_EX_COMBINE(flags, tag, type) { \
(flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }
/* implicit and explicit helper macros */
#define ASN1_IMP_EX(stname, field, type, tag, ex) \
ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
#define ASN1_EXP_EX(stname, field, type, tag, ex) \
ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
/* Any defined by macros: the field used is in the table itself */
#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
/* Plain simple type */
#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
/* OPTIONAL simple type */
#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
/* IMPLICIT tagged simple type */
#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
/* IMPLICIT tagged OPTIONAL simple type */
#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
/* Same as above but EXPLICIT */
#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
/* SEQUENCE OF type */
#define ASN1_SEQUENCE_OF(stname, field, type) \
ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
/* OPTIONAL SEQUENCE OF */
#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
/* Same as above but for SET OF */
#define ASN1_SET_OF(stname, field, type) \
ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
#define ASN1_SET_OF_OPT(stname, field, type) \
ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
#define ASN1_IMP_SET_OF(stname, field, type, tag) \
ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
#define ASN1_EXP_SET_OF(stname, field, type, tag) \
ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
/* Macros for the ASN1_ADB structure */
#define ASN1_ADB(name) \
static const ASN1_ADB_TABLE name##_adbtbl[]
#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
;\
static const ASN1_ADB name##_adb = {\
flags,\
offsetof(name, field),\
app_table,\
name##_adbtbl,\
sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
def,\
none\
}
#define ADB_ENTRY(val, template) {val, template}
#define ASN1_ADB_TEMPLATE(name) \
static const ASN1_TEMPLATE name##_tt
/* This is the ASN1 template structure that defines
* a wrapper round the actual type. It determines the
* actual position of the field in the value structure,
* various flags such as OPTIONAL and the field name.
*/
struct ASN1_TEMPLATE_st {
uint32_t flags; /* Various flags */
int tag; /* tag, not used if no tagging */
unsigned long offset; /* Offset of this field in structure */
const char *field_name; /* Field name */
ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */
};
/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
#define ASN1_TEMPLATE_item(t) (t->item_ptr)
#define ASN1_TEMPLATE_adb(t) (t->item_ptr)
typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
typedef struct ASN1_ADB_st ASN1_ADB;
typedef struct asn1_must_be_null_st ASN1_MUST_BE_NULL;
struct ASN1_ADB_st {
uint32_t flags; /* Various flags */
unsigned long offset; /* Offset of selector field */
ASN1_MUST_BE_NULL *unused;
const ASN1_ADB_TABLE *tbl; /* Table of possible types */
long tblcount; /* Number of entries in tbl */
const ASN1_TEMPLATE *default_tt; /* Type to use if no match */
const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */
};
struct ASN1_ADB_TABLE_st {
int value; /* NID for an object */
const ASN1_TEMPLATE tt; /* item for this value */
};
/* template flags */
/* Field is optional */
#define ASN1_TFLG_OPTIONAL (0x1)
/* Field is a SET OF */
#define ASN1_TFLG_SET_OF (0x1 << 1)
/* Field is a SEQUENCE OF */
#define ASN1_TFLG_SEQUENCE_OF (0x2 << 1)
/* Mask for SET OF or SEQUENCE OF */
#define ASN1_TFLG_SK_MASK (0x3 << 1)
/* These flags mean the tag should be taken from the
* tag field. If EXPLICIT then the underlying type
* is used for the inner tag.
*/
/* IMPLICIT tagging */
#define ASN1_TFLG_IMPTAG (0x1 << 3)
/* EXPLICIT tagging, inner tag from underlying type */
#define ASN1_TFLG_EXPTAG (0x2 << 3)
#define ASN1_TFLG_TAG_MASK (0x3 << 3)
/* context specific IMPLICIT */
#define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT
/* context specific EXPLICIT */
#define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
/* If tagging is in force these determine the
* type of tag to use. Otherwise the tag is
* determined by the underlying type. These
* values reflect the actual octet format.
*/
/* Universal tag */
#define ASN1_TFLG_UNIVERSAL (0x0<<6)
/* Application tag */
#define ASN1_TFLG_APPLICATION (0x1<<6)
/* Context specific tag */
#define ASN1_TFLG_CONTEXT (0x2<<6)
/* Private tag */
#define ASN1_TFLG_PRIVATE (0x3<<6)
#define ASN1_TFLG_TAG_CLASS (0x3<<6)
/* These are for ANY DEFINED BY type. In this case
* the 'item' field points to an ASN1_ADB structure
* which contains a table of values to decode the
* relevant type
*/
#define ASN1_TFLG_ADB_MASK (0x3<<8)
#define ASN1_TFLG_ADB_OID (0x1<<8)
/* This flag means a parent structure is passed
* instead of the field: this is useful is a
* SEQUENCE is being combined with a CHOICE for
* example. Since this means the structure and
* item name will differ we need to use the
* ASN1_CHOICE_END_name() macro for example.
*/
#define ASN1_TFLG_COMBINE (0x1<<10)
/* This is the actual ASN1 item itself */
struct ASN1_ITEM_st {
char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */
int utype; /* underlying type */
const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */
long tcount; /* Number of templates if SEQUENCE or CHOICE */
const void *funcs; /* functions that handle this type */
long size; /* Structure size (usually)*/
const char *sname; /* Structure name */
};
/* These are values for the itype field and
* determine how the type is interpreted.
*
* For PRIMITIVE types the underlying type
* determines the behaviour if items is NULL.
*
* Otherwise templates must contain a single
* template and the type is treated in the
* same way as the type specified in the template.
*
* For SEQUENCE types the templates field points
* to the members, the size field is the
* structure size.
*
* For CHOICE types the templates field points
* to each possible member (typically a union)
* and the 'size' field is the offset of the
* selector.
*
* The 'funcs' field is used for application
* specific functions.
*
* The EXTERN type uses a new style d2i/i2d.
* The new style should be used where possible
* because it avoids things like the d2i IMPLICIT
* hack.
*
* MSTRING is a multiple string type, it is used
* for a CHOICE of character strings where the
* actual strings all occupy an ASN1_STRING
* structure. In this case the 'utype' field
* has a special meaning, it is used as a mask
* of acceptable types using the B_ASN1 constants.
*
*/
#define ASN1_ITYPE_PRIMITIVE 0x0
#define ASN1_ITYPE_SEQUENCE 0x1
#define ASN1_ITYPE_CHOICE 0x2
#define ASN1_ITYPE_EXTERN 0x4
#define ASN1_ITYPE_MSTRING 0x5
/* Deprecated tag and length cache */
struct ASN1_TLC_st;
/* Typedefs for ASN1 function pointers */
typedef ASN1_VALUE * ASN1_new_func(void);
typedef void ASN1_free_func(ASN1_VALUE *a);
typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length);
typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in);
typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
int tag, int aclass, char opt, ASN1_TLC *ctx);
typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval,
int indent, const char *fname,
const ASN1_PCTX *pctx);
typedef struct ASN1_EXTERN_FUNCS_st {
void *app_data;
ASN1_ex_new_func *asn1_ex_new;
ASN1_ex_free_func *asn1_ex_free;
ASN1_ex_d2i *asn1_ex_d2i;
ASN1_ex_i2d *asn1_ex_i2d;
/* asn1_ex_print is unused. */
ASN1_ex_print_func *asn1_ex_print;
} ASN1_EXTERN_FUNCS;
/* This is the ASN1_AUX structure: it handles various
* miscellaneous requirements. For example the use of
* reference counts and an informational callback.
*
* The "informational callback" is called at various
* points during the ASN1 encoding and decoding. It can
* be used to provide minor customisation of the structures
* used. This is most useful where the supplied routines
* *almost* do the right thing but need some extra help
* at a few points. If the callback returns zero then
* it is assumed a fatal error has occurred and the
* main operation should be abandoned.
*
* If major changes in the default behaviour are required
* then an external type is more appropriate.
*/
typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it,
void *exarg);
typedef struct ASN1_AUX_st {
void *app_data;
uint32_t flags;
int ref_offset; /* Offset of reference value */
ASN1_aux_cb *asn1_cb;
int enc_offset; /* Offset of ASN1_ENCODING structure */
} ASN1_AUX;
/* Flags in ASN1_AUX */
/* Use a reference count */
#define ASN1_AFLG_REFCOUNT 1
/* Save the encoding of structure (useful for signatures) */
#define ASN1_AFLG_ENCODING 2
/* operation values for asn1_cb */
#define ASN1_OP_NEW_PRE 0
#define ASN1_OP_NEW_POST 1
#define ASN1_OP_FREE_PRE 2
#define ASN1_OP_FREE_POST 3
#define ASN1_OP_D2I_PRE 4
#define ASN1_OP_D2I_POST 5
/* ASN1_OP_I2D_PRE and ASN1_OP_I2D_POST are not supported. We leave the
* constants undefined so code relying on them does not accidentally compile. */
#define ASN1_OP_PRINT_PRE 8
#define ASN1_OP_PRINT_POST 9
#define ASN1_OP_STREAM_PRE 10
#define ASN1_OP_STREAM_POST 11
#define ASN1_OP_DETACHED_PRE 12
#define ASN1_OP_DETACHED_POST 13
/* Macro to implement a primitive type */
#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
ASN1_ITEM_start(itname) \
ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
ASN1_ITEM_end(itname)
/* Macro to implement a multi string type */
#define IMPLEMENT_ASN1_MSTRING(itname, mask) \
ASN1_ITEM_start(itname) \
ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
ASN1_ITEM_end(itname)
#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
ASN1_ITEM_start(sname) \
ASN1_ITYPE_EXTERN, \
tag, \
NULL, \
0, \
&fptrs, \
0, \
#sname \
ASN1_ITEM_end(sname)
/* Macro to implement standard functions in terms of ASN1_ITEM structures */
#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
#define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \
IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname)
#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \
pre stname *fname##_new(void) \
{ \
return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
} \
pre void fname##_free(stname *a) \
{ \
ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
}
#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
stname *fname##_new(void) \
{ \
return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
} \
void fname##_free(stname *a) \
{ \
ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
}
#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
{ \
return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
} \
int i2d_##fname(stname *a, unsigned char **out) \
{ \
return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
}
/* This includes evil casts to remove const: they will go away when full
* ASN1 constification is done.
*/
#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
{ \
return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
} \
int i2d_##fname(const stname *a, unsigned char **out) \
{ \
return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
}
#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
stname *stname##_dup(stname *x) { \
return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
}
#define IMPLEMENT_ASN1_DUP_FUNCTION_const(stname) \
stname *stname##_dup(const stname *x) { \
return ASN1_item_dup(ASN1_ITEM_rptr(stname), (void *)x); \
}
#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
/* external definitions for primitive types */
DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
DEFINE_STACK_OF(ASN1_VALUE)
#if defined(__cplusplus)
} // extern "C"
#endif
#endif // OPENSSL_HEADER_ASN1T_H

624
vendor/aws-lc-sys/aws-lc/include/openssl/base.h vendored Normal file
View File

@@ -0,0 +1,624 @@
// Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_BASE_H
#define OPENSSL_HEADER_BASE_H
/**
* @file
* @brief This file should be the first included by all AWS-LC headers.
*/
#include <stddef.h>
#include <stdint.h>
#include <stdlib.h>
#include <sys/types.h>
#if defined(__MINGW32__)
// stdio.h is needed on MinGW for __MINGW_PRINTF_FORMAT.
#include <stdio.h>
#endif
#if defined(__APPLE__)
#include <TargetConditionals.h>
#endif
// Include an AWS-LC-only header so consumers including this header without
// setting up include paths do not accidentally pick up the system
// opensslconf.h.
#include <openssl/is_awslc.h>
#include <openssl/opensslconf.h>
#include <openssl/target.h> // IWYU pragma: export
#include <openssl/boringssl_prefix_symbols.h>
#if defined(__cplusplus)
extern "C" {
#endif
#if defined(BORINGSSL_FIPS)
#define AWSLC_FIPS
#endif
#if defined(__APPLE__)
// Note |TARGET_OS_MAC| is set for all Apple OS variants. |TARGET_OS_OSX|
// targets macOS specifically.
#if defined(TARGET_OS_OSX) && TARGET_OS_OSX
#define OPENSSL_MACOS
#endif
#if defined(TARGET_OS_IPHONE) && TARGET_OS_IPHONE
#define OPENSSL_IOS
#endif
#endif
#define AWSLC_VERSION_NAME "AWS-LC"
#define OPENSSL_IS_AWSLC
// |OPENSSL_VERSION_NUMBER| should match the version number in opensslv.h.
#define OPENSSL_VERSION_NUMBER 0x1010107f
#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
// BORINGSSL_API_VERSION is replaced with AWSLC_API_VERSION to avoid users interpreting AWSLC as BoringSSL.
// Below are BoringSSL's comments on BORINGSSL_API_VERSION.
// BORINGSSL_API_VERSION is a positive integer that increments as BoringSSL
// changes over time. The value itself is not meaningful. It will be incremented
// whenever is convenient to coordinate an API change with consumers. This will
// not denote any special point in development.
//
// A consumer may use this symbol in the preprocessor to temporarily build
// against multiple revisions of BoringSSL at the same time. It is not
// recommended to do so for longer than is necessary.
#define AWSLC_API_VERSION 35
// This string tracks the most current production release version on Github
// https://github.com/aws/aws-lc/releases.
// When bumping the encoded version number, also update the test fixture:
// ServiceIndicatorTest.AWSLCVersionString
// Note: there are two versions of this test. Only one test is compiled
// depending on FIPS mode.
#define AWSLC_VERSION_NUMBER_STRING "1.71.0"
#if defined(BORINGSSL_SHARED_LIBRARY)
#if defined(OPENSSL_WINDOWS)
#if defined(BORINGSSL_IMPLEMENTATION)
#define OPENSSL_EXPORT __declspec(dllexport)
#else
#define OPENSSL_EXPORT __declspec(dllimport)
#endif
#else // defined(OPENSSL_WINDOWS)
#if defined(BORINGSSL_IMPLEMENTATION)
#define OPENSSL_EXPORT __attribute__((visibility("default")))
#else
#define OPENSSL_EXPORT
#endif
#endif // defined(OPENSSL_WINDOWS)
#else // defined(BORINGSSL_SHARED_LIBRARY)
#if defined(OPENSSL_WINDOWS)
#define OPENSSL_EXPORT
#else
#define OPENSSL_EXPORT __attribute__((visibility("default")))
#endif
#endif // defined(BORINGSSL_SHARED_LIBRARY)
#if !defined(OPENSSL_WARN_UNUSED_RESULT)
// This should only affect internal usage of functions
#if defined(BORINGSSL_IMPLEMENTATION) || defined(AWS_LC_TEST_ENV)
#if defined(__GNUC__) || defined(__clang__)
# define OPENSSL_WARN_UNUSED_RESULT __attribute__ ((warn_unused_result))
#elif defined(_MSC_VER)
# define OPENSSL_WARN_UNUSED_RESULT _Check_return_
#else
# define OPENSSL_WARN_UNUSED_RESULT
#endif
#else
// The macro is ignored by consumers
# define OPENSSL_WARN_UNUSED_RESULT
#endif
#endif
#if defined(_MSC_VER)
// OPENSSL_DEPRECATED is used to mark a function as deprecated. Use
// of any functions so marked in caller code will produce a warning.
// OPENSSL_BEGIN_ALLOW_DEPRECATED and OPENSSL_END_ALLOW_DEPRECATED
// can be used to suppress the warning in regions of caller code.
#define OPENSSL_DEPRECATED __declspec(deprecated)
#define OPENSSL_BEGIN_ALLOW_DEPRECATED \
__pragma(warning(push)) __pragma(warning(disable : 4996))
#define OPENSSL_END_ALLOW_DEPRECATED __pragma(warning(pop))
#elif (defined(__GNUC__) && ((__GNUC__ > 4) || (__GNUC_MINOR__ >= 6))) || defined(__clang__)
// `_Pragma("GCC diagnostic push")` was added in GCC 4.6
// http://gcc.gnu.org/gcc-4.6/changes.html
#define OPENSSL_DEPRECATED __attribute__((__deprecated__))
#define OPENSSL_BEGIN_ALLOW_DEPRECATED \
_Pragma("GCC diagnostic push") \
_Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"")
#define OPENSSL_END_ALLOW_DEPRECATED _Pragma("GCC diagnostic pop")
#else
#define OPENSSL_DEPRECATED
#define OPENSSL_BEGIN_ALLOW_DEPRECATED
#define OPENSSL_END_ALLOW_DEPRECATED
#endif
#if defined(__GNUC__) || defined(__clang__)
// MinGW has two different printf implementations. Ensure the format macro
// matches the selected implementation. See
// https://sourceforge.net/p/mingw-w64/wiki2/gnu%20printf/.
#if defined(__MINGW_PRINTF_FORMAT)
#define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) \
__attribute__( \
(__format__(__MINGW_PRINTF_FORMAT, string_index, first_to_check)))
#else
#define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) \
__attribute__((__format__(__printf__, string_index, first_to_check)))
#endif
#else
#define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check)
#endif
// OPENSSL_CLANG_PRAGMA emits a pragma on clang and nothing on other compilers.
#if defined(__clang__)
#define OPENSSL_CLANG_PRAGMA(arg) _Pragma(arg)
#else
#define OPENSSL_CLANG_PRAGMA(arg)
#endif
// OPENSSL_MSVC_PRAGMA emits a pragma on MSVC and nothing on other compilers.
#if defined(_MSC_VER)
#define OPENSSL_MSVC_PRAGMA(arg) __pragma(arg)
#else
#define OPENSSL_MSVC_PRAGMA(arg)
#endif
#if defined(__GNUC__) || defined(__clang__)
#define OPENSSL_UNUSED __attribute__((unused))
#else
#define OPENSSL_UNUSED
#endif
// C99-compatible static assertion using bit-field width trick.
// A negative bit-field width causes a compile-time error.
//
// Previously we defined |OPENSSL_STATIC_ASSERT| to use one of two keywords:
// |Static_assert| or |static_assert|. The latter was used if we were compiling
// a C++ translation unit or on Windows (excluding when using a Clang compiler).
// The former was used in other cases. However, these two keywords are not
// defined before C11. So, we can't rely on these when we want to be C99
// compliant. If we at some point decide that we want to only be compliant with
// C11 (and up), we can reintroduce these keywords. Instead, use a method that
// is guaranteed to be C99 compliant and still give us an equivalent static
// assert mechanism.
//
// The solution below defines a struct type containing a bit field.
// The name of that type is |static_assertion_msg|. |msg| is a concatenation of
// a user-chosen error (which should be chosen with respect to actual assertion)
// and the line the assertion is defined. This should ensure name uniqueness.
// The width of the bit field is set to 1 or -1, depending on the evaluation of
// the boolean expression |cond|. If the condition is false, the width requested
// is -1, which is illegal and would cause the compiler to throw an error.
//
// An example of an error thrown during compilation:
// ```
// error: negative width in bit-field
// 'static_assertion_at_line_913_error_is_AEAD_state_is_too_small'
// ```
#define AWSLC_CONCAT(left, right) left##right
#define AWSLC_STATIC_ASSERT_DEFINE(cond, msg) typedef struct { \
unsigned int AWSLC_CONCAT(static_assertion_, msg) : (cond) ? 1 : -1; \
} AWSLC_CONCAT(static_assertion_, msg) OPENSSL_UNUSED;
#define AWSLC_STATIC_ASSERT_ADD_LINE0(cond, suffix) AWSLC_STATIC_ASSERT_DEFINE(cond, AWSLC_CONCAT(at_line_, suffix))
#define AWSLC_STATIC_ASSERT_ADD_LINE1(cond, line, suffix) AWSLC_STATIC_ASSERT_ADD_LINE0(cond, AWSLC_CONCAT(line, suffix))
#define AWSLC_STATIC_ASSERT_ADD_LINE2(cond, suffix) AWSLC_STATIC_ASSERT_ADD_LINE1(cond, __LINE__, suffix)
#define AWSLC_STATIC_ASSERT_ADD_ERROR(cond, suffix) AWSLC_STATIC_ASSERT_ADD_LINE2(cond, AWSLC_CONCAT(_error_is_, suffix))
#define OPENSSL_STATIC_ASSERT(cond, error) AWSLC_STATIC_ASSERT_ADD_ERROR(cond, error)
// Sanity check of "target.h": OPENSSL_64_BIT/OPENSSL_32_BIT must match actual pointer size
#if defined(OPENSSL_64_BIT)
OPENSSL_STATIC_ASSERT(sizeof(void *) == 8, pointer_size_must_be_8_bytes_for_64_bit)
#elif defined(OPENSSL_32_BIT)
OPENSSL_STATIC_ASSERT(sizeof(void *) == 4, pointer_size_must_be_4_bytes_for_32_bit)
#endif
// Sanity checks of "target.h": OPENSSL_BIG_ENDIAN should be consistent with other endianness indicators.
// If architecture-specific big-endian macros are defined, OPENSSL_BIG_ENDIAN should be too.
#if (defined(__ARMEB__) || defined(__AARCH64EB__) || defined(__MIPSEB__) || \
defined(__BIG_ENDIAN__) || (defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__) && \
__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__)) && !defined(OPENSSL_BIG_ENDIAN)
#error "Big-endian architecture detected but OPENSSL_BIG_ENDIAN is not defined"
#endif
// If architecture-specific little-endian macros are defined, OPENSSL_BIG_ENDIAN should not be.
#if (defined(__ARMEL__) || defined(__AARCH64EL__) || defined(__MIPSEL__) || \
defined(__LITTLE_ENDIAN__) || (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)) && defined(OPENSSL_BIG_ENDIAN)
#error "Little-endian architecture detected but OPENSSL_BIG_ENDIAN is defined"
#endif
// C and C++ handle inline functions differently. In C++, an inline function is
// defined in just the header file, potentially emitted in multiple compilation
// units (in cases the compiler did not inline), but each copy must be identical
// to satsify ODR. In C, a non-static inline must be manually emitted in exactly
// one compilation unit with a separate extern inline declaration.
//
// In both languages, exported inline functions referencing file-local symbols
// are problematic. C forbids this altogether (though GCC and Clang seem not to
// enforce it). It works in C++, but ODR requires the definitions be identical,
// including all names in the definitions resolving to the "same entity". In
// practice, this is unlikely to be a problem, but an inline function that
// returns a pointer to a file-local symbol
// could compile oddly.
//
// Historically, we used static inline in headers. However, to satisfy ODR, use
// plain inline in C++, to allow inline consumer functions to call our header
// functions. Plain inline would also work better with C99 inline, but that is
// not used much in practice, extern inline is tedious, and there are conflicts
// with the old gnu89 model:
// https://stackoverflow.com/questions/216510/extern-inline
#if defined(__cplusplus)
#define OPENSSL_INLINE inline
#else
// Add OPENSSL_UNUSED so that, should an inline function be emitted via macro
// (e.g. a |STACK_OF(T)| implementation) in a source file without tripping
// clang's -Wunused-function.
#define OPENSSL_INLINE static inline OPENSSL_UNUSED
#endif
#if defined(OPENSSL_WINDOWS)
#define OPENSSL_NOINLINE __declspec(noinline)
#else
#define OPENSSL_NOINLINE __attribute__((noinline))
#endif
// ossl_ssize_t is a signed type which is large enough to fit the size of any
// valid memory allocation. We prefer using |size_t|, but sometimes we need a
// signed type for OpenSSL API compatibility. This type can be used in such
// cases to avoid overflow.
//
// Not all |size_t| values fit in |ossl_ssize_t|, but all |size_t| values that
// are sizes of or indices into C objects, can be converted without overflow.
typedef ptrdiff_t ossl_ssize_t;
// CBS_ASN1_TAG is the type used by |CBS| and |CBB| for ASN.1 tags. See that
// header for details. This type is defined in base.h as a forward declaration.
typedef uint32_t CBS_ASN1_TAG;
// CRYPTO_THREADID is a dummy value.
typedef int CRYPTO_THREADID;
// An |ASN1_NULL| is an opaque type. asn1.h represents the ASN.1 NULL value as
// an opaque, non-NULL |ASN1_NULL*| pointer.
typedef struct asn1_null_st ASN1_NULL;
typedef int ASN1_BOOLEAN;
typedef struct ASN1_ITEM_st ASN1_ITEM;
typedef struct asn1_object_st ASN1_OBJECT;
typedef struct asn1_pctx_st ASN1_PCTX;
typedef struct asn1_string_st ASN1_BIT_STRING;
typedef struct asn1_string_st ASN1_BMPSTRING;
typedef struct asn1_string_st ASN1_ENUMERATED;
typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
typedef struct asn1_string_st ASN1_GENERALSTRING;
typedef struct asn1_string_st ASN1_IA5STRING;
typedef struct asn1_string_st ASN1_INTEGER;
typedef struct asn1_string_st ASN1_OCTET_STRING;
typedef struct asn1_string_st ASN1_PRINTABLESTRING;
typedef struct asn1_string_st ASN1_STRING;
typedef struct asn1_string_st ASN1_T61STRING;
typedef struct asn1_string_st ASN1_TIME;
typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
typedef struct asn1_string_st ASN1_UTCTIME;
typedef struct asn1_string_st ASN1_UTF8STRING;
typedef struct asn1_string_st ASN1_VISIBLESTRING;
typedef struct asn1_type_st ASN1_TYPE;
typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID;
typedef struct BASIC_CONSTRAINTS_st BASIC_CONSTRAINTS;
typedef struct DIST_POINT_st DIST_POINT;
typedef struct DSA_SIG_st DSA_SIG;
typedef struct GENERAL_NAME_st GENERAL_NAME;
typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT;
typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS;
typedef struct Netscape_spkac_st NETSCAPE_SPKAC;
typedef struct Netscape_spki_st NETSCAPE_SPKI;
typedef struct RIPEMD160state_st RIPEMD160_CTX;
typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM;
typedef struct X509_algor_st X509_ALGOR;
typedef struct X509_crl_st X509_CRL;
typedef struct X509_extension_st X509_EXTENSION;
typedef struct X509_info_st X509_INFO;
typedef struct X509_name_entry_st X509_NAME_ENTRY;
typedef struct X509_name_st X509_NAME;
typedef struct X509_pubkey_st X509_PUBKEY;
typedef struct X509_req_st X509_REQ;
typedef struct x509_sig_info_st X509_SIG_INFO;
typedef struct X509_sig_st X509_SIG;
typedef struct bignum_ctx BN_CTX;
typedef struct bignum_st BIGNUM;
typedef struct bio_method_st BIO_METHOD;
typedef struct bio_st BIO;
typedef struct blake2b_state_st BLAKE2B_CTX;
typedef struct bn_gencb_st BN_GENCB;
typedef struct bn_mont_ctx_st BN_MONT_CTX;
typedef struct buf_mem_st BUF_MEM;
typedef struct cast_key_st CAST_KEY;
typedef struct cbb_st CBB;
typedef struct cbs_st CBS;
typedef struct cmac_ctx_st CMAC_CTX;
typedef struct conf_st CONF;
typedef struct conf_value_st CONF_VALUE;
typedef struct crypto_buffer_pool_st CRYPTO_BUFFER_POOL;
typedef struct crypto_buffer_st CRYPTO_BUFFER;
typedef struct ctr_drbg_state_st CTR_DRBG_STATE;
typedef struct dh_st DH;
typedef struct dsa_st DSA;
typedef struct ec_group_st EC_GROUP;
typedef struct ec_key_st EC_KEY;
typedef struct ec_point_st EC_POINT;
typedef struct ec_key_method_st EC_KEY_METHOD;
typedef struct ecdsa_sig_st ECDSA_SIG;
typedef struct engine_st ENGINE;
typedef struct env_md_ctx_st EVP_MD_CTX;
typedef struct env_md_st EVP_MD;
typedef struct evp_aead_st EVP_AEAD;
typedef struct evp_aead_ctx_st EVP_AEAD_CTX;
typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
typedef struct evp_cipher_st EVP_CIPHER;
/**
* @typedef EVP_ENCODE_CTX
* @copydoc evp_encode_ctx_st
* @see evp_encode_ctx_st
*/
typedef struct evp_encode_ctx_st EVP_ENCODE_CTX;
typedef struct evp_hpke_aead_st EVP_HPKE_AEAD;
typedef struct evp_hpke_ctx_st EVP_HPKE_CTX;
typedef struct evp_hpke_kdf_st EVP_HPKE_KDF;
typedef struct evp_hpke_kem_st EVP_HPKE_KEM;
typedef struct evp_hpke_key_st EVP_HPKE_KEY;
typedef struct evp_kem_st EVP_KEM;
typedef struct kem_key_st KEM_KEY;
typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
typedef struct evp_pkey_st EVP_PKEY;
typedef struct evp_pkey_ctx_signature_context_params_st EVP_PKEY_CTX_SIGNATURE_CONTEXT_PARAMS;
typedef struct hmac_ctx_st HMAC_CTX;
typedef struct md4_state_st MD4_CTX;
typedef struct md5_state_st MD5_CTX;
typedef struct pqdsa_key_st PQDSA_KEY;
typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS;
typedef struct pkcs7_digest_st PKCS7_DIGEST;
typedef struct pkcs7_enc_content_st PKCS7_ENC_CONTENT;
typedef struct pkcs7_encrypt_st PKCS7_ENCRYPT;
typedef struct pkcs7_envelope_st PKCS7_ENVELOPE;
typedef struct pkcs7_issuer_and_serial_st PKCS7_ISSUER_AND_SERIAL;
typedef struct pkcs7_recip_info_st PKCS7_RECIP_INFO;
typedef struct pkcs7_sign_envelope_st PKCS7_SIGN_ENVELOPE;
typedef struct pkcs7_signed_st PKCS7_SIGNED;
typedef struct pkcs7_signer_info_st PKCS7_SIGNER_INFO;
typedef struct pkcs7_st PKCS7;
typedef struct pkcs12_st PKCS12;
typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
typedef struct private_key_st X509_PKEY;
typedef struct rand_meth_st RAND_METHOD;
typedef struct rc4_key_st RC4_KEY;
typedef struct rsa_meth_st RSA_METHOD;
typedef struct rsassa_pss_params_st RSASSA_PSS_PARAMS;
typedef struct rsa_pss_params_st RSA_PSS_PARAMS;
typedef struct rsa_st RSA;
typedef struct sha256_state_st SHA256_CTX;
typedef struct sha512_state_st SHA512_CTX;
typedef struct sha_state_st SHA_CTX;
typedef struct spake2_ctx_st SPAKE2_CTX;
typedef struct srtp_protection_profile_st SRTP_PROTECTION_PROFILE;
typedef struct ssl_cipher_st SSL_CIPHER;
typedef struct ssl_ctx_st SSL_CTX;
typedef struct ssl_early_callback_ctx SSL_CLIENT_HELLO;
typedef struct ssl_ech_keys_st SSL_ECH_KEYS;
typedef struct ssl_method_st SSL_METHOD;
typedef struct ssl_private_key_method_st SSL_PRIVATE_KEY_METHOD;
typedef struct ssl_quic_method_st SSL_QUIC_METHOD;
typedef struct ssl_session_st SSL_SESSION;
typedef struct ssl_st SSL;
typedef struct ssl_ticket_aead_method_st SSL_TICKET_AEAD_METHOD;
typedef struct st_ERR_FNS ERR_FNS;
typedef struct trust_token_st TRUST_TOKEN;
typedef struct trust_token_client_st TRUST_TOKEN_CLIENT;
typedef struct trust_token_issuer_st TRUST_TOKEN_ISSUER;
typedef struct trust_token_method_st TRUST_TOKEN_METHOD;
typedef struct v3_ext_ctx X509V3_CTX;
typedef struct v3_ext_method X509V3_EXT_METHOD;
typedef struct x509_attributes_st X509_ATTRIBUTE;
typedef struct x509_lookup_st X509_LOOKUP;
typedef struct x509_lookup_method_st X509_LOOKUP_METHOD;
typedef struct x509_object_st X509_OBJECT;
typedef struct x509_revoked_st X509_REVOKED;
typedef struct x509_st X509;
typedef struct x509_store_ctx_st X509_STORE_CTX;
typedef struct x509_store_st X509_STORE;
typedef struct x509_trust_st X509_TRUST;
typedef void *OPENSSL_BLOCK;
// BSSL_CHECK aborts if |condition| is not true.
#define BSSL_CHECK(condition) \
do { \
if (!(condition)) { \
abort(); \
} \
} while (0);
#if defined(__cplusplus)
} // extern C
#elif !defined(BORINGSSL_NO_CXX)
#define BORINGSSL_NO_CXX
#endif
#if defined(BORINGSSL_PREFIX)
#define BSSL_NAMESPACE_BEGIN \
namespace bssl { \
inline namespace BORINGSSL_PREFIX {
#define BSSL_NAMESPACE_END \
} \
}
#else
#define BSSL_NAMESPACE_BEGIN namespace bssl {
#define BSSL_NAMESPACE_END }
#endif
// MSVC doesn't set __cplusplus to 201103 to indicate C++11 support (see
// https://connect.microsoft.com/VisualStudio/feedback/details/763051/a-value-of-predefined-macro-cplusplus-is-still-199711l)
// so MSVC is just assumed to support C++11.
#if !defined(BORINGSSL_NO_CXX) && __cplusplus < 201103L && !defined(_MSC_VER)
#define BORINGSSL_NO_CXX
#endif
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
#include <memory>
// STLPort, used by some Android consumers, not have std::unique_ptr.
#if defined(_STLPORT_VERSION)
#define BORINGSSL_NO_CXX
#endif
} // extern C++
#endif // !BORINGSSL_NO_CXX
#if defined(BORINGSSL_NO_CXX)
#define BORINGSSL_MAKE_DELETER(type, deleter)
#define BORINGSSL_MAKE_UP_REF(type, up_ref_func)
#else
extern "C++" {
BSSL_NAMESPACE_BEGIN
namespace internal {
// The Enable parameter is ignored and only exists so specializations can use
// SFINAE.
template <typename T, typename Enable = void>
struct DeleterImpl {};
struct Deleter {
template <typename T>
void operator()(T *ptr) {
// Rather than specialize Deleter for each type, we specialize
// DeleterImpl. This allows bssl::UniquePtr<T> to be used while only
// including base.h as long as the destructor is not emitted. This matches
// std::unique_ptr's behavior on forward-declared types.
//
// DeleterImpl itself is specialized in the corresponding module's header
// and must be included to release an object. If not included, the compiler
// will error that DeleterImpl<T> does not have a method Free.
DeleterImpl<T>::Free(ptr);
}
};
template <typename T, typename CleanupRet, void (*init)(T *),
CleanupRet (*cleanup)(T *)>
class StackAllocated {
public:
StackAllocated() { init(&ctx_); }
~StackAllocated() { cleanup(&ctx_); }
StackAllocated(const StackAllocated &) = delete;
StackAllocated& operator=(const StackAllocated &) = delete;
T *get() { return &ctx_; }
const T *get() const { return &ctx_; }
T *operator->() { return &ctx_; }
const T *operator->() const { return &ctx_; }
void Reset() {
cleanup(&ctx_);
init(&ctx_);
}
private:
T ctx_;
};
template <typename T, typename CleanupRet, void (*init)(T *),
CleanupRet (*cleanup)(T *), void (*move)(T *, T *)>
class StackAllocatedMovable {
public:
StackAllocatedMovable() { init(&ctx_); }
~StackAllocatedMovable() { cleanup(&ctx_); }
StackAllocatedMovable(StackAllocatedMovable &&other) {
init(&ctx_);
move(&ctx_, &other.ctx_);
}
StackAllocatedMovable &operator=(StackAllocatedMovable &&other) {
move(&ctx_, &other.ctx_);
return *this;
}
T *get() { return &ctx_; }
const T *get() const { return &ctx_; }
T *operator->() { return &ctx_; }
const T *operator->() const { return &ctx_; }
void Reset() {
cleanup(&ctx_);
init(&ctx_);
}
private:
T ctx_;
};
} // namespace internal
#define BORINGSSL_MAKE_DELETER(type, deleter) \
namespace internal { \
template <> \
struct DeleterImpl<type> { \
static void Free(type *ptr) { deleter(ptr); } \
}; \
}
// Holds ownership of heap-allocated BoringSSL structures. Sample usage:
// bssl::UniquePtr<RSA> rsa(RSA_new());
// bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
template <typename T>
using UniquePtr = std::unique_ptr<T, internal::Deleter>;
#define BORINGSSL_MAKE_UP_REF(type, up_ref_func) \
inline UniquePtr<type> UpRef(type *v) { \
if (v != nullptr) { \
up_ref_func(v); \
} \
return UniquePtr<type>(v); \
} \
\
inline UniquePtr<type> UpRef(const UniquePtr<type> &ptr) { \
return UpRef(ptr.get()); \
}
BSSL_NAMESPACE_END
} // extern C++
#endif // !BORINGSSL_NO_CXX
#endif // OPENSSL_HEADER_BASE_H

624
vendor/aws-lc-sys/aws-lc/include/openssl/base.h.in vendored Normal file
View File

@@ -0,0 +1,624 @@
// Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_BASE_H
#define OPENSSL_HEADER_BASE_H
/**
* @file
* @brief This file should be the first included by all AWS-LC headers.
*/
#include <stddef.h>
#include <stdint.h>
#include <stdlib.h>
#include <sys/types.h>
#if defined(__MINGW32__)
// stdio.h is needed on MinGW for __MINGW_PRINTF_FORMAT.
#include <stdio.h>
#endif
#if defined(__APPLE__)
#include <TargetConditionals.h>
#endif
// Include an AWS-LC-only header so consumers including this header without
// setting up include paths do not accidentally pick up the system
// opensslconf.h.
#include <openssl/is_awslc.h>
#include <openssl/opensslconf.h>
#include <openssl/target.h> // IWYU pragma: export
#include <openssl/boringssl_prefix_symbols.h>
#if defined(__cplusplus)
extern "C" {
#endif
#if defined(BORINGSSL_FIPS)
#define AWSLC_FIPS
#endif
#if defined(__APPLE__)
// Note |TARGET_OS_MAC| is set for all Apple OS variants. |TARGET_OS_OSX|
// targets macOS specifically.
#if defined(TARGET_OS_OSX) && TARGET_OS_OSX
#define OPENSSL_MACOS
#endif
#if defined(TARGET_OS_IPHONE) && TARGET_OS_IPHONE
#define OPENSSL_IOS
#endif
#endif
#define AWSLC_VERSION_NAME "AWS-LC"
#define OPENSSL_IS_AWSLC
// |OPENSSL_VERSION_NUMBER| should match the version number in opensslv.h.
#define OPENSSL_VERSION_NUMBER @OPENSSL_VERSION_NUMBER@
#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
// BORINGSSL_API_VERSION is replaced with AWSLC_API_VERSION to avoid users interpreting AWSLC as BoringSSL.
// Below are BoringSSL's comments on BORINGSSL_API_VERSION.
// BORINGSSL_API_VERSION is a positive integer that increments as BoringSSL
// changes over time. The value itself is not meaningful. It will be incremented
// whenever is convenient to coordinate an API change with consumers. This will
// not denote any special point in development.
//
// A consumer may use this symbol in the preprocessor to temporarily build
// against multiple revisions of BoringSSL at the same time. It is not
// recommended to do so for longer than is necessary.
#define AWSLC_API_VERSION 35
// This string tracks the most current production release version on Github
// https://github.com/aws/aws-lc/releases.
// When bumping the encoded version number, also update the test fixture:
// ServiceIndicatorTest.AWSLCVersionString
// Note: there are two versions of this test. Only one test is compiled
// depending on FIPS mode.
#define AWSLC_VERSION_NUMBER_STRING "@SOFTWARE_VERSION@"
#if defined(BORINGSSL_SHARED_LIBRARY)
#if defined(OPENSSL_WINDOWS)
#if defined(BORINGSSL_IMPLEMENTATION)
#define OPENSSL_EXPORT __declspec(dllexport)
#else
#define OPENSSL_EXPORT __declspec(dllimport)
#endif
#else // defined(OPENSSL_WINDOWS)
#if defined(BORINGSSL_IMPLEMENTATION)
#define OPENSSL_EXPORT __attribute__((visibility("default")))
#else
#define OPENSSL_EXPORT
#endif
#endif // defined(OPENSSL_WINDOWS)
#else // defined(BORINGSSL_SHARED_LIBRARY)
#if defined(OPENSSL_WINDOWS)
#define OPENSSL_EXPORT
#else
#define OPENSSL_EXPORT __attribute__((visibility("default")))
#endif
#endif // defined(BORINGSSL_SHARED_LIBRARY)
#if !defined(OPENSSL_WARN_UNUSED_RESULT)
// This should only affect internal usage of functions
#if defined(BORINGSSL_IMPLEMENTATION) || defined(AWS_LC_TEST_ENV)
#if defined(__GNUC__) || defined(__clang__)
# define OPENSSL_WARN_UNUSED_RESULT __attribute__ ((warn_unused_result))
#elif defined(_MSC_VER)
# define OPENSSL_WARN_UNUSED_RESULT _Check_return_
#else
# define OPENSSL_WARN_UNUSED_RESULT
#endif
#else
// The macro is ignored by consumers
# define OPENSSL_WARN_UNUSED_RESULT
#endif
#endif
#if defined(_MSC_VER)
// OPENSSL_DEPRECATED is used to mark a function as deprecated. Use
// of any functions so marked in caller code will produce a warning.
// OPENSSL_BEGIN_ALLOW_DEPRECATED and OPENSSL_END_ALLOW_DEPRECATED
// can be used to suppress the warning in regions of caller code.
#define OPENSSL_DEPRECATED __declspec(deprecated)
#define OPENSSL_BEGIN_ALLOW_DEPRECATED \
__pragma(warning(push)) __pragma(warning(disable : 4996))
#define OPENSSL_END_ALLOW_DEPRECATED __pragma(warning(pop))
#elif (defined(__GNUC__) && ((__GNUC__ > 4) || (__GNUC_MINOR__ >= 6))) || defined(__clang__)
// `_Pragma("GCC diagnostic push")` was added in GCC 4.6
// http://gcc.gnu.org/gcc-4.6/changes.html
#define OPENSSL_DEPRECATED __attribute__((__deprecated__))
#define OPENSSL_BEGIN_ALLOW_DEPRECATED \
_Pragma("GCC diagnostic push") \
_Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"")
#define OPENSSL_END_ALLOW_DEPRECATED _Pragma("GCC diagnostic pop")
#else
#define OPENSSL_DEPRECATED
#define OPENSSL_BEGIN_ALLOW_DEPRECATED
#define OPENSSL_END_ALLOW_DEPRECATED
#endif
#if defined(__GNUC__) || defined(__clang__)
// MinGW has two different printf implementations. Ensure the format macro
// matches the selected implementation. See
// https://sourceforge.net/p/mingw-w64/wiki2/gnu%20printf/.
#if defined(__MINGW_PRINTF_FORMAT)
#define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) \
__attribute__( \
(__format__(__MINGW_PRINTF_FORMAT, string_index, first_to_check)))
#else
#define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) \
__attribute__((__format__(__printf__, string_index, first_to_check)))
#endif
#else
#define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check)
#endif
// OPENSSL_CLANG_PRAGMA emits a pragma on clang and nothing on other compilers.
#if defined(__clang__)
#define OPENSSL_CLANG_PRAGMA(arg) _Pragma(arg)
#else
#define OPENSSL_CLANG_PRAGMA(arg)
#endif
// OPENSSL_MSVC_PRAGMA emits a pragma on MSVC and nothing on other compilers.
#if defined(_MSC_VER)
#define OPENSSL_MSVC_PRAGMA(arg) __pragma(arg)
#else
#define OPENSSL_MSVC_PRAGMA(arg)
#endif
#if defined(__GNUC__) || defined(__clang__)
#define OPENSSL_UNUSED __attribute__((unused))
#else
#define OPENSSL_UNUSED
#endif
// C99-compatible static assertion using bit-field width trick.
// A negative bit-field width causes a compile-time error.
//
// Previously we defined |OPENSSL_STATIC_ASSERT| to use one of two keywords:
// |Static_assert| or |static_assert|. The latter was used if we were compiling
// a C++ translation unit or on Windows (excluding when using a Clang compiler).
// The former was used in other cases. However, these two keywords are not
// defined before C11. So, we can't rely on these when we want to be C99
// compliant. If we at some point decide that we want to only be compliant with
// C11 (and up), we can reintroduce these keywords. Instead, use a method that
// is guaranteed to be C99 compliant and still give us an equivalent static
// assert mechanism.
//
// The solution below defines a struct type containing a bit field.
// The name of that type is |static_assertion_msg|. |msg| is a concatenation of
// a user-chosen error (which should be chosen with respect to actual assertion)
// and the line the assertion is defined. This should ensure name uniqueness.
// The width of the bit field is set to 1 or -1, depending on the evaluation of
// the boolean expression |cond|. If the condition is false, the width requested
// is -1, which is illegal and would cause the compiler to throw an error.
//
// An example of an error thrown during compilation:
// ```
// error: negative width in bit-field
// 'static_assertion_at_line_913_error_is_AEAD_state_is_too_small'
// ```
#define AWSLC_CONCAT(left, right) left##right
#define AWSLC_STATIC_ASSERT_DEFINE(cond, msg) typedef struct { \
unsigned int AWSLC_CONCAT(static_assertion_, msg) : (cond) ? 1 : -1; \
} AWSLC_CONCAT(static_assertion_, msg) OPENSSL_UNUSED;
#define AWSLC_STATIC_ASSERT_ADD_LINE0(cond, suffix) AWSLC_STATIC_ASSERT_DEFINE(cond, AWSLC_CONCAT(at_line_, suffix))
#define AWSLC_STATIC_ASSERT_ADD_LINE1(cond, line, suffix) AWSLC_STATIC_ASSERT_ADD_LINE0(cond, AWSLC_CONCAT(line, suffix))
#define AWSLC_STATIC_ASSERT_ADD_LINE2(cond, suffix) AWSLC_STATIC_ASSERT_ADD_LINE1(cond, __LINE__, suffix)
#define AWSLC_STATIC_ASSERT_ADD_ERROR(cond, suffix) AWSLC_STATIC_ASSERT_ADD_LINE2(cond, AWSLC_CONCAT(_error_is_, suffix))
#define OPENSSL_STATIC_ASSERT(cond, error) AWSLC_STATIC_ASSERT_ADD_ERROR(cond, error)
// Sanity check of "target.h": OPENSSL_64_BIT/OPENSSL_32_BIT must match actual pointer size
#if defined(OPENSSL_64_BIT)
OPENSSL_STATIC_ASSERT(sizeof(void *) == 8, pointer_size_must_be_8_bytes_for_64_bit)
#elif defined(OPENSSL_32_BIT)
OPENSSL_STATIC_ASSERT(sizeof(void *) == 4, pointer_size_must_be_4_bytes_for_32_bit)
#endif
// Sanity checks of "target.h": OPENSSL_BIG_ENDIAN should be consistent with other endianness indicators.
// If architecture-specific big-endian macros are defined, OPENSSL_BIG_ENDIAN should be too.
#if (defined(__ARMEB__) || defined(__AARCH64EB__) || defined(__MIPSEB__) || \
defined(__BIG_ENDIAN__) || (defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__) && \
__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__)) && !defined(OPENSSL_BIG_ENDIAN)
#error "Big-endian architecture detected but OPENSSL_BIG_ENDIAN is not defined"
#endif
// If architecture-specific little-endian macros are defined, OPENSSL_BIG_ENDIAN should not be.
#if (defined(__ARMEL__) || defined(__AARCH64EL__) || defined(__MIPSEL__) || \
defined(__LITTLE_ENDIAN__) || (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)) && defined(OPENSSL_BIG_ENDIAN)
#error "Little-endian architecture detected but OPENSSL_BIG_ENDIAN is defined"
#endif
// C and C++ handle inline functions differently. In C++, an inline function is
// defined in just the header file, potentially emitted in multiple compilation
// units (in cases the compiler did not inline), but each copy must be identical
// to satsify ODR. In C, a non-static inline must be manually emitted in exactly
// one compilation unit with a separate extern inline declaration.
//
// In both languages, exported inline functions referencing file-local symbols
// are problematic. C forbids this altogether (though GCC and Clang seem not to
// enforce it). It works in C++, but ODR requires the definitions be identical,
// including all names in the definitions resolving to the "same entity". In
// practice, this is unlikely to be a problem, but an inline function that
// returns a pointer to a file-local symbol
// could compile oddly.
//
// Historically, we used static inline in headers. However, to satisfy ODR, use
// plain inline in C++, to allow inline consumer functions to call our header
// functions. Plain inline would also work better with C99 inline, but that is
// not used much in practice, extern inline is tedious, and there are conflicts
// with the old gnu89 model:
// https://stackoverflow.com/questions/216510/extern-inline
#if defined(__cplusplus)
#define OPENSSL_INLINE inline
#else
// Add OPENSSL_UNUSED so that, should an inline function be emitted via macro
// (e.g. a |STACK_OF(T)| implementation) in a source file without tripping
// clang's -Wunused-function.
#define OPENSSL_INLINE static inline OPENSSL_UNUSED
#endif
#if defined(OPENSSL_WINDOWS)
#define OPENSSL_NOINLINE __declspec(noinline)
#else
#define OPENSSL_NOINLINE __attribute__((noinline))
#endif
// ossl_ssize_t is a signed type which is large enough to fit the size of any
// valid memory allocation. We prefer using |size_t|, but sometimes we need a
// signed type for OpenSSL API compatibility. This type can be used in such
// cases to avoid overflow.
//
// Not all |size_t| values fit in |ossl_ssize_t|, but all |size_t| values that
// are sizes of or indices into C objects, can be converted without overflow.
typedef ptrdiff_t ossl_ssize_t;
// CBS_ASN1_TAG is the type used by |CBS| and |CBB| for ASN.1 tags. See that
// header for details. This type is defined in base.h as a forward declaration.
typedef uint32_t CBS_ASN1_TAG;
// CRYPTO_THREADID is a dummy value.
typedef int CRYPTO_THREADID;
// An |ASN1_NULL| is an opaque type. asn1.h represents the ASN.1 NULL value as
// an opaque, non-NULL |ASN1_NULL*| pointer.
typedef struct asn1_null_st ASN1_NULL;
typedef int ASN1_BOOLEAN;
typedef struct ASN1_ITEM_st ASN1_ITEM;
typedef struct asn1_object_st ASN1_OBJECT;
typedef struct asn1_pctx_st ASN1_PCTX;
typedef struct asn1_string_st ASN1_BIT_STRING;
typedef struct asn1_string_st ASN1_BMPSTRING;
typedef struct asn1_string_st ASN1_ENUMERATED;
typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
typedef struct asn1_string_st ASN1_GENERALSTRING;
typedef struct asn1_string_st ASN1_IA5STRING;
typedef struct asn1_string_st ASN1_INTEGER;
typedef struct asn1_string_st ASN1_OCTET_STRING;
typedef struct asn1_string_st ASN1_PRINTABLESTRING;
typedef struct asn1_string_st ASN1_STRING;
typedef struct asn1_string_st ASN1_T61STRING;
typedef struct asn1_string_st ASN1_TIME;
typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
typedef struct asn1_string_st ASN1_UTCTIME;
typedef struct asn1_string_st ASN1_UTF8STRING;
typedef struct asn1_string_st ASN1_VISIBLESTRING;
typedef struct asn1_type_st ASN1_TYPE;
typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID;
typedef struct BASIC_CONSTRAINTS_st BASIC_CONSTRAINTS;
typedef struct DIST_POINT_st DIST_POINT;
typedef struct DSA_SIG_st DSA_SIG;
typedef struct GENERAL_NAME_st GENERAL_NAME;
typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT;
typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS;
typedef struct Netscape_spkac_st NETSCAPE_SPKAC;
typedef struct Netscape_spki_st NETSCAPE_SPKI;
typedef struct RIPEMD160state_st RIPEMD160_CTX;
typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM;
typedef struct X509_algor_st X509_ALGOR;
typedef struct X509_crl_st X509_CRL;
typedef struct X509_extension_st X509_EXTENSION;
typedef struct X509_info_st X509_INFO;
typedef struct X509_name_entry_st X509_NAME_ENTRY;
typedef struct X509_name_st X509_NAME;
typedef struct X509_pubkey_st X509_PUBKEY;
typedef struct X509_req_st X509_REQ;
typedef struct x509_sig_info_st X509_SIG_INFO;
typedef struct X509_sig_st X509_SIG;
typedef struct bignum_ctx BN_CTX;
typedef struct bignum_st BIGNUM;
typedef struct bio_method_st BIO_METHOD;
typedef struct bio_st BIO;
typedef struct blake2b_state_st BLAKE2B_CTX;
typedef struct bn_gencb_st BN_GENCB;
typedef struct bn_mont_ctx_st BN_MONT_CTX;
typedef struct buf_mem_st BUF_MEM;
typedef struct cast_key_st CAST_KEY;
typedef struct cbb_st CBB;
typedef struct cbs_st CBS;
typedef struct cmac_ctx_st CMAC_CTX;
typedef struct conf_st CONF;
typedef struct conf_value_st CONF_VALUE;
typedef struct crypto_buffer_pool_st CRYPTO_BUFFER_POOL;
typedef struct crypto_buffer_st CRYPTO_BUFFER;
typedef struct ctr_drbg_state_st CTR_DRBG_STATE;
typedef struct dh_st DH;
typedef struct dsa_st DSA;
typedef struct ec_group_st EC_GROUP;
typedef struct ec_key_st EC_KEY;
typedef struct ec_point_st EC_POINT;
typedef struct ec_key_method_st EC_KEY_METHOD;
typedef struct ecdsa_sig_st ECDSA_SIG;
typedef struct engine_st ENGINE;
typedef struct env_md_ctx_st EVP_MD_CTX;
typedef struct env_md_st EVP_MD;
typedef struct evp_aead_st EVP_AEAD;
typedef struct evp_aead_ctx_st EVP_AEAD_CTX;
typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
typedef struct evp_cipher_st EVP_CIPHER;
/**
* @typedef EVP_ENCODE_CTX
* @copydoc evp_encode_ctx_st
* @see evp_encode_ctx_st
*/
typedef struct evp_encode_ctx_st EVP_ENCODE_CTX;
typedef struct evp_hpke_aead_st EVP_HPKE_AEAD;
typedef struct evp_hpke_ctx_st EVP_HPKE_CTX;
typedef struct evp_hpke_kdf_st EVP_HPKE_KDF;
typedef struct evp_hpke_kem_st EVP_HPKE_KEM;
typedef struct evp_hpke_key_st EVP_HPKE_KEY;
typedef struct evp_kem_st EVP_KEM;
typedef struct kem_key_st KEM_KEY;
typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
typedef struct evp_pkey_st EVP_PKEY;
typedef struct evp_pkey_ctx_signature_context_params_st EVP_PKEY_CTX_SIGNATURE_CONTEXT_PARAMS;
typedef struct hmac_ctx_st HMAC_CTX;
typedef struct md4_state_st MD4_CTX;
typedef struct md5_state_st MD5_CTX;
typedef struct pqdsa_key_st PQDSA_KEY;
typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS;
typedef struct pkcs7_digest_st PKCS7_DIGEST;
typedef struct pkcs7_enc_content_st PKCS7_ENC_CONTENT;
typedef struct pkcs7_encrypt_st PKCS7_ENCRYPT;
typedef struct pkcs7_envelope_st PKCS7_ENVELOPE;
typedef struct pkcs7_issuer_and_serial_st PKCS7_ISSUER_AND_SERIAL;
typedef struct pkcs7_recip_info_st PKCS7_RECIP_INFO;
typedef struct pkcs7_sign_envelope_st PKCS7_SIGN_ENVELOPE;
typedef struct pkcs7_signed_st PKCS7_SIGNED;
typedef struct pkcs7_signer_info_st PKCS7_SIGNER_INFO;
typedef struct pkcs7_st PKCS7;
typedef struct pkcs12_st PKCS12;
typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
typedef struct private_key_st X509_PKEY;
typedef struct rand_meth_st RAND_METHOD;
typedef struct rc4_key_st RC4_KEY;
typedef struct rsa_meth_st RSA_METHOD;
typedef struct rsassa_pss_params_st RSASSA_PSS_PARAMS;
typedef struct rsa_pss_params_st RSA_PSS_PARAMS;
typedef struct rsa_st RSA;
typedef struct sha256_state_st SHA256_CTX;
typedef struct sha512_state_st SHA512_CTX;
typedef struct sha_state_st SHA_CTX;
typedef struct spake2_ctx_st SPAKE2_CTX;
typedef struct srtp_protection_profile_st SRTP_PROTECTION_PROFILE;
typedef struct ssl_cipher_st SSL_CIPHER;
typedef struct ssl_ctx_st SSL_CTX;
typedef struct ssl_early_callback_ctx SSL_CLIENT_HELLO;
typedef struct ssl_ech_keys_st SSL_ECH_KEYS;
typedef struct ssl_method_st SSL_METHOD;
typedef struct ssl_private_key_method_st SSL_PRIVATE_KEY_METHOD;
typedef struct ssl_quic_method_st SSL_QUIC_METHOD;
typedef struct ssl_session_st SSL_SESSION;
typedef struct ssl_st SSL;
typedef struct ssl_ticket_aead_method_st SSL_TICKET_AEAD_METHOD;
typedef struct st_ERR_FNS ERR_FNS;
typedef struct trust_token_st TRUST_TOKEN;
typedef struct trust_token_client_st TRUST_TOKEN_CLIENT;
typedef struct trust_token_issuer_st TRUST_TOKEN_ISSUER;
typedef struct trust_token_method_st TRUST_TOKEN_METHOD;
typedef struct v3_ext_ctx X509V3_CTX;
typedef struct v3_ext_method X509V3_EXT_METHOD;
typedef struct x509_attributes_st X509_ATTRIBUTE;
typedef struct x509_lookup_st X509_LOOKUP;
typedef struct x509_lookup_method_st X509_LOOKUP_METHOD;
typedef struct x509_object_st X509_OBJECT;
typedef struct x509_revoked_st X509_REVOKED;
typedef struct x509_st X509;
typedef struct x509_store_ctx_st X509_STORE_CTX;
typedef struct x509_store_st X509_STORE;
typedef struct x509_trust_st X509_TRUST;
typedef void *OPENSSL_BLOCK;
// BSSL_CHECK aborts if |condition| is not true.
#define BSSL_CHECK(condition) \
do { \
if (!(condition)) { \
abort(); \
} \
} while (0);
#if defined(__cplusplus)
} // extern C
#elif !defined(BORINGSSL_NO_CXX)
#define BORINGSSL_NO_CXX
#endif
#if defined(BORINGSSL_PREFIX)
#define BSSL_NAMESPACE_BEGIN \
namespace bssl { \
inline namespace BORINGSSL_PREFIX {
#define BSSL_NAMESPACE_END \
} \
}
#else
#define BSSL_NAMESPACE_BEGIN namespace bssl {
#define BSSL_NAMESPACE_END }
#endif
// MSVC doesn't set __cplusplus to 201103 to indicate C++11 support (see
// https://connect.microsoft.com/VisualStudio/feedback/details/763051/a-value-of-predefined-macro-cplusplus-is-still-199711l)
// so MSVC is just assumed to support C++11.
#if !defined(BORINGSSL_NO_CXX) && __cplusplus < 201103L && !defined(_MSC_VER)
#define BORINGSSL_NO_CXX
#endif
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
#include <memory>
// STLPort, used by some Android consumers, not have std::unique_ptr.
#if defined(_STLPORT_VERSION)
#define BORINGSSL_NO_CXX
#endif
} // extern C++
#endif // !BORINGSSL_NO_CXX
#if defined(BORINGSSL_NO_CXX)
#define BORINGSSL_MAKE_DELETER(type, deleter)
#define BORINGSSL_MAKE_UP_REF(type, up_ref_func)
#else
extern "C++" {
BSSL_NAMESPACE_BEGIN
namespace internal {
// The Enable parameter is ignored and only exists so specializations can use
// SFINAE.
template <typename T, typename Enable = void>
struct DeleterImpl {};
struct Deleter {
template <typename T>
void operator()(T *ptr) {
// Rather than specialize Deleter for each type, we specialize
// DeleterImpl. This allows bssl::UniquePtr<T> to be used while only
// including base.h as long as the destructor is not emitted. This matches
// std::unique_ptr's behavior on forward-declared types.
//
// DeleterImpl itself is specialized in the corresponding module's header
// and must be included to release an object. If not included, the compiler
// will error that DeleterImpl<T> does not have a method Free.
DeleterImpl<T>::Free(ptr);
}
};
template <typename T, typename CleanupRet, void (*init)(T *),
CleanupRet (*cleanup)(T *)>
class StackAllocated {
public:
StackAllocated() { init(&ctx_); }
~StackAllocated() { cleanup(&ctx_); }
StackAllocated(const StackAllocated &) = delete;
StackAllocated& operator=(const StackAllocated &) = delete;
T *get() { return &ctx_; }
const T *get() const { return &ctx_; }
T *operator->() { return &ctx_; }
const T *operator->() const { return &ctx_; }
void Reset() {
cleanup(&ctx_);
init(&ctx_);
}
private:
T ctx_;
};
template <typename T, typename CleanupRet, void (*init)(T *),
CleanupRet (*cleanup)(T *), void (*move)(T *, T *)>
class StackAllocatedMovable {
public:
StackAllocatedMovable() { init(&ctx_); }
~StackAllocatedMovable() { cleanup(&ctx_); }
StackAllocatedMovable(StackAllocatedMovable &&other) {
init(&ctx_);
move(&ctx_, &other.ctx_);
}
StackAllocatedMovable &operator=(StackAllocatedMovable &&other) {
move(&ctx_, &other.ctx_);
return *this;
}
T *get() { return &ctx_; }
const T *get() const { return &ctx_; }
T *operator->() { return &ctx_; }
const T *operator->() const { return &ctx_; }
void Reset() {
cleanup(&ctx_);
init(&ctx_);
}
private:
T ctx_;
};
} // namespace internal
#define BORINGSSL_MAKE_DELETER(type, deleter) \
namespace internal { \
template <> \
struct DeleterImpl<type> { \
static void Free(type *ptr) { deleter(ptr); } \
}; \
}
// Holds ownership of heap-allocated BoringSSL structures. Sample usage:
// bssl::UniquePtr<RSA> rsa(RSA_new());
// bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
template <typename T>
using UniquePtr = std::unique_ptr<T, internal::Deleter>;
#define BORINGSSL_MAKE_UP_REF(type, up_ref_func) \
inline UniquePtr<type> UpRef(type *v) { \
if (v != nullptr) { \
up_ref_func(v); \
} \
return UniquePtr<type>(v); \
} \
\
inline UniquePtr<type> UpRef(const UniquePtr<type> &ptr) { \
return UpRef(ptr.get()); \
}
BSSL_NAMESPACE_END
} // extern C++
#endif // !BORINGSSL_NO_CXX
#endif // OPENSSL_HEADER_BASE_H

298
vendor/aws-lc-sys/aws-lc/include/openssl/base64.h vendored Normal file
View File

@@ -0,0 +1,298 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_BASE64_H
#define OPENSSL_HEADER_BASE64_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
/**
* @file
* @brief base64 encoding and decoding functions.
*
* @details
* For historical reasons, these functions have the `EVP_` prefix but just do
* base64 encoding and decoding. Note that BoringSSL is a cryptography library,
* so these functions are implemented with side channel protections, at a
* performance cost. For other base64 uses, use a general-purpose base64
* implementation.
*/
/**
* @name Encoding Functions
*
* @{
*/
/**
* @brief Base64 encodes bytes from `src` into `dst`.
*
* @details
* Base64 encodes `src_len` bytes from `src` and writes the
* result to `dst` with a trailing `NULL`.
*
* @param [out] dst Base64 encoded value
* @param [in] src Bytes to encode
* @param [in] src_len Number of bytes to encode
*
* @return The number of bytes written, not including the trailing `NULL`
*/
OPENSSL_EXPORT size_t EVP_EncodeBlock(uint8_t *dst, const uint8_t *src,
size_t src_len);
/**
* @brief Calculates the number of bytes needed to encode an input using Base64.
*
* @details
* Sets `*out_len` to the number of bytes that will be needed to call
* #EVP_EncodeBlock on an input of length `len`. `*out_len` includes the final
* `NULL` that #EVP_EncodeBlock writes.
*
* @param [out] out_len Number of bytes needed to Base64 encode a source
* @param [in] len Source length
*
* @retval 1 Success
* @retval 0 Error
*/
OPENSSL_EXPORT int EVP_EncodedLength(size_t *out_len, size_t len);
/** @} Encoding Functions */
/**
* @name Decoding Functions
*
* @{
*/
/**
* @brief Sets the maximum number of bytes need to store a decoded Base64 input.
*
* @param [out] out_len Maximum number of bytes to store decoded input
* @param [in] len Base64 formatted input length
*
* @retval 1 Success
* @retval 0 `len` is not a valid length for a base64-encoded string
*/
OPENSSL_EXPORT int EVP_DecodedLength(size_t *out_len, size_t len);
/**
* @brief Decodes specified number of Base64 formatted bytes to output buffer.
*
* @details
* Decodes `in_len` bytes from base64 and writes `*out_len` bytes to `out`. If
* `*out_len` doesn't have enough bytes for the maximum output size, the
* operation fails.
*
* @param [out] out Decoded output
* @param [out] out_len Number of bytes written to `out`
* @param [in] max_out Length of `out`
* @param [in] in Base64 input buffer
* @param [in] in_len Number of bytes to decode from `in`
*
* @retval 1 Success
* @retval 0 Error
*/
OPENSSL_EXPORT int EVP_DecodeBase64(uint8_t *out, size_t *out_len,
size_t max_out, const uint8_t *in,
size_t in_len);
/** @} Decoding Functions */
/**
* @name Deprecated Functions
*
* OpenSSL provides a streaming base64 implementation, however its behavior is
* very specific to PEM. It is also very lenient of invalid input. Use of any of
* these functions is thus deprecated.
*
* @{
*/
/**
* @brief Returns a newly-allocated EVP_ENCODE_CTX.
*
* @details
* The caller must release the result with #EVP_ENCODE_CTX_free when
* done.
*
* @returns Pointer to newly allocated EVP_ENCODE_CTX or `NULL` on error
*
* @deprecated OpenSSL provides a streaming base64 implementation, however its behavior is very specific to PEM. It is also very lenient of invalid input. Use of any of these functions is thus deprecated.
*/
OPENSSL_EXPORT EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
/**
* @brief Releases memory associated with `ctx`.
*
* @param [in] ctx Pointer to deallocate
*
* @deprecated OpenSSL provides a streaming base64 implementation, however its behavior is very specific to PEM. It is also very lenient of invalid input. Use of any of these functions is thus deprecated.
*/
OPENSSL_EXPORT void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
/**
* @brief Initialises `*ctx`.
*
* @details
* This is typically stack allocated, for an encoding operation.
*
* @param [in,out] ctx Context to initialize
*
* @warning The encoding operation breaks its output with newlines every 64 characters of output (48 characters of input). Use #EVP_EncodeBlock to encode raw base64.
*
* @deprecated OpenSSL provides a streaming base64 implementation, however its behavior is very specific to PEM. It is also very lenient of invalid input. Use of any of these functions is thus deprecated.
*/
OPENSSL_EXPORT void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
/**
* @brief Encodes bytes from `in` to Base64 and writes the value to `out`.
*
* @details
* Some state may be contained in `ctx` so #EVP_EncodeFinal must be used to
* flush it before using the encoded data.
*
* @param [in,out] ctx Encoding context
* @param [out] out Base64 encoded value
* @param [out] out_len Number of bytes written
* @param [in] in Input buffer
* @param [in] in_len Number of bytes to encode
*
* @retval 1 Success
* @retval 0 Failure or `in_len` was 0
*
* @deprecated OpenSSL provides a streaming base64 implementation, however its behavior is very specific to PEM. It is also very lenient of invalid input. Use of any of these functions is thus deprecated.
*/
OPENSSL_EXPORT int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out,
int *out_len, const uint8_t *in,
size_t in_len);
/**
* @brief Flushes any remaining output bytes from `ctx` to `out`.
*
* @param [in,out] ctx Encoding context
* @param [out] out Output buffer
* @param [out] out_len Number of bytes written to buffer
*
* @deprecated OpenSSL provides a streaming base64 implementation, however its behavior is very specific to PEM. It is also very lenient of invalid input. Use of any of these functions is thus deprecated.
*/
OPENSSL_EXPORT void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, uint8_t *out,
int *out_len);
/**
* @brief Initialises `*ctx` for a decoding operation.
*
* @details
* This is typically stack allocated.
*
* @param [in,out] ctx Context to initialize
*
* @todo davidben: This isn't a straight-up base64 decode either. Document and/or fix exactly what's going on here; maximum line length and such.
*
* @deprecated OpenSSL provides a streaming base64 implementation, however its behavior is very specific to PEM. It is also very lenient of invalid input. Use of any of these functions is thus deprecated.
*/
OPENSSL_EXPORT void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
/**
* @brief Decodes bytes from `in` and writes the decoded data to `out`.
*
* @details
* Some state may be contained in `ctx` so #EVP_DecodeFinal must be used to
* flush it before using the decoded data.
*
* @param [in,out] ctx Decoding context
* @param [out] out Decoded bytes
* @param [out] out_len Number of bytes written
* @param [in] in Input buffer
* @param [in] in_len Number of bytes to decode
*
* @retval -1 Error
* @retval 0 The line was short (i.e., it was the last line)
* @retval 1 A full line of input was processed
*
* @deprecated OpenSSL provides a streaming base64 implementation, however its behavior is very specific to PEM. It is also very lenient of invalid input. Use of any of these functions is thus deprecated.
*/
OPENSSL_EXPORT int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out,
int *out_len, const uint8_t *in,
size_t in_len);
/**
* @brief Flushes any remaining output bytes from `ctx` to `out`.
*
* @param [in,out] ctx Decoding context
* @param [out] out Output buffer
* @param [out] out_len Number of bytes written to buffer
*
* @retval 1 Success
* @retval -1 Error
*
* @deprecated OpenSSL provides a streaming base64 implementation, however its behavior is very specific to PEM. It is also very lenient of invalid input. Use of any of these functions is thus deprecated.
*/
OPENSSL_EXPORT int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, uint8_t *out,
int *out_len);
/**
* @brief Decodes Base64 bytes from `src` and writes value to `dst`.
*
* @param [out] dst Decoded bytes
* @param [in] src Base64 encoded bytes
* @param [in] src_len Number of bytes to decode
*
* @returns Number of bytes written or -1 on error
*
* @warning `EVP_DecodeBlock`'s return value does not take padding into account. It also strips leading whitespace and trailing whitespace and minuses.
*
* @deprecated OpenSSL provides a streaming base64 implementation, however its behavior is very specific to PEM. It is also very lenient of invalid input. Use of any of these functions is thus deprecated.
*/
OPENSSL_EXPORT int EVP_DecodeBlock(uint8_t *dst, const uint8_t *src,
size_t src_len);
/** @} Deprecated Functions */
/**
* @struct evp_encode_ctx_st
* Encoding Context
*/
struct evp_encode_ctx_st {
/**
* @brief Number of valid bytes
*
* @details
* When encoding, `data` will be filled and encoded as a lump. When decoding,
* only the first four bytes of `data` will be used.
*/
unsigned data_used;
/**
* @brief Encoded or decoded data.
*/
uint8_t data[48];
/**
* @brief Indicates that the end of the base64 data has been seen.
*
* @details
* Only used when decoding. Only whitespace can follow.
*/
char eof_seen;
/**
* @brief indicates that invalid base64 data was found.
*
* @details
* This will gitcause all future calls to fail.
*/
char error_encountered;
};
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_BASE64_H

1226
vendor/aws-lc-sys/aws-lc/include/openssl/bio.h vendored Normal file
View File

File diff suppressed because it is too large Load Diff

48
vendor/aws-lc-sys/aws-lc/include/openssl/blake2.h vendored Normal file
View File

@@ -0,0 +1,48 @@
// Copyright (c) 2021, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_BLAKE2_H
#define OPENSSL_HEADER_BLAKE2_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
#define BLAKE2B256_DIGEST_LENGTH (256 / 8)
#define BLAKE2B_CBLOCK 128
struct blake2b_state_st {
uint64_t h[8];
uint64_t t_low, t_high;
uint8_t block[BLAKE2B_CBLOCK];
size_t block_used;
};
// BLAKE2B256_Init initialises |b2b| to perform a BLAKE2b-256 hash. There are no
// pointers inside |b2b| thus release of |b2b| is purely managed by the caller.
OPENSSL_EXPORT void BLAKE2B256_Init(BLAKE2B_CTX *b2b);
// BLAKE2B256_Update appends |len| bytes from |data| to the digest being
// calculated by |b2b|.
OPENSSL_EXPORT void BLAKE2B256_Update(BLAKE2B_CTX *b2b, const void *data,
size_t len);
// BLAKE2B256_Final completes the digest calculated by |b2b| and writes
// |BLAKE2B256_DIGEST_LENGTH| bytes to |out|.
OPENSSL_EXPORT void BLAKE2B256_Final(uint8_t out[BLAKE2B256_DIGEST_LENGTH],
BLAKE2B_CTX *b2b);
// BLAKE2B256 writes the BLAKE2b-256 digset of |len| bytes from |data| to
// |out|.
OPENSSL_EXPORT void BLAKE2B256(const uint8_t *data, size_t len,
uint8_t out[BLAKE2B256_DIGEST_LENGTH]);
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_BLAKE2_H

54
vendor/aws-lc-sys/aws-lc/include/openssl/blowfish.h vendored Normal file
View File

@@ -0,0 +1,54 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_BLOWFISH_H
#define OPENSSL_HEADER_BLOWFISH_H
#include <openssl/base.h>
#ifdef __cplusplus
extern "C" {
#endif
#define BF_ENCRYPT 1
#define BF_DECRYPT 0
#define BF_ROUNDS 16
#define BF_BLOCK 8
typedef struct bf_key_st {
uint32_t P[BF_ROUNDS + 2];
uint32_t S[4 * 256];
} BF_KEY;
OPENSSL_DEPRECATED OPENSSL_EXPORT void BF_set_key(BF_KEY *key, size_t len,
const uint8_t *data);
OPENSSL_DEPRECATED OPENSSL_EXPORT void BF_encrypt(uint32_t *data,
const BF_KEY *key);
OPENSSL_DEPRECATED OPENSSL_EXPORT void BF_decrypt(uint32_t *data,
const BF_KEY *key);
OPENSSL_DEPRECATED OPENSSL_EXPORT void BF_ecb_encrypt(const uint8_t *in,
uint8_t *out,
const BF_KEY *key,
int enc);
OPENSSL_DEPRECATED OPENSSL_EXPORT void BF_cbc_encrypt(const uint8_t *in,
uint8_t *out,
size_t length,
const BF_KEY *schedule,
uint8_t *ivec, int enc);
OPENSSL_DEPRECATED OPENSSL_EXPORT void BF_cfb64_encrypt(
const uint8_t *in, uint8_t *out, size_t length, const BF_KEY *schedule,
uint8_t *ivec, int *num, int encrypt);
OPENSSL_DEPRECATED OPENSSL_EXPORT void BF_ofb64_encrypt(
const uint8_t *in, uint8_t *out, size_t length, const BF_KEY *schedule,
uint8_t *ivec, int *num);
#ifdef __cplusplus
}
#endif
#endif // OPENSSL_HEADER_BLOWFISH_H

1038
vendor/aws-lc-sys/aws-lc/include/openssl/bn.h vendored Normal file
View File

File diff suppressed because it is too large Load Diff

5
vendor/aws-lc-sys/aws-lc/include/openssl/boringssl_prefix_symbols.h vendored Normal file
View File

@@ -0,0 +1,5 @@
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 OR ISC
// This file is intentionally empty, were AWS-LC installed with symbol prefixes, this file would contain
// macro definitions for the prefixed symbols.

5
vendor/aws-lc-sys/aws-lc/include/openssl/boringssl_prefix_symbols_asm.h vendored Normal file
View File

@@ -0,0 +1,5 @@
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 OR ISC
// This file is intentionally empty, were AWS-LC installed with symbol prefixes, this file would contain
// macro definitions for the prefixed symbols.

5
vendor/aws-lc-sys/aws-lc/include/openssl/boringssl_prefix_symbols_nasm.inc vendored Normal file
View File

@@ -0,0 +1,5 @@
; Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
; SPDX-License-Identifier: Apache-2.0 OR ISC
; This file is intentionally empty, were AWS-LC installed with symbol prefixes, this file would contain
; macro definitions for the prefixed symbols.

84
vendor/aws-lc-sys/aws-lc/include/openssl/buf.h vendored Normal file
View File

@@ -0,0 +1,84 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_BUFFER_H
#define OPENSSL_HEADER_BUFFER_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// Memory and string functions, see also mem.h.
// buf_mem_st (aka |BUF_MEM|) is a generic buffer object used by OpenSSL.
struct buf_mem_st {
size_t length; // current number of bytes
char *data;
size_t max; // size of buffer
};
// BUF_MEM_new creates a new BUF_MEM which has no allocated data buffer.
OPENSSL_EXPORT BUF_MEM *BUF_MEM_new(void);
// BUF_MEM_free frees |buf->data| if needed and then frees |buf| itself.
OPENSSL_EXPORT void BUF_MEM_free(BUF_MEM *buf);
// BUF_MEM_reserve ensures |buf| has capacity |cap| and allocates memory if
// needed. It returns one on success and zero on error.
OPENSSL_EXPORT int BUF_MEM_reserve(BUF_MEM *buf, size_t cap);
// BUF_MEM_grow ensures that |buf| has length |len| and allocates memory if
// needed. If the length of |buf| increased, the new bytes are filled with
// zeros. It returns the length of |buf|, or zero if there's an error.
OPENSSL_EXPORT size_t BUF_MEM_grow(BUF_MEM *buf, size_t len);
// BUF_MEM_grow_clean calls |BUF_MEM_grow|. BoringSSL always zeros memory
// allocated memory on free.
OPENSSL_EXPORT size_t BUF_MEM_grow_clean(BUF_MEM *buf, size_t len);
// BUF_MEM_append appends |in| to |buf|. It returns one on success and zero on
// error.
OPENSSL_EXPORT int BUF_MEM_append(BUF_MEM *buf, const void *in, size_t len);
// Deprecated functions.
// BUF_strdup calls |OPENSSL_strdup|.
OPENSSL_EXPORT char *BUF_strdup(const char *str);
// BUF_strnlen calls |OPENSSL_strnlen|.
OPENSSL_EXPORT size_t BUF_strnlen(const char *str, size_t max_len);
// BUF_strndup calls |OPENSSL_strndup|.
OPENSSL_EXPORT char *BUF_strndup(const char *str, size_t size);
// BUF_memdup calls |OPENSSL_memdup|.
OPENSSL_EXPORT void *BUF_memdup(const void *data, size_t size);
// BUF_strlcpy calls |OPENSSL_strlcpy|.
OPENSSL_EXPORT size_t BUF_strlcpy(char *dst, const char *src, size_t dst_size);
// BUF_strlcat calls |OPENSSL_strlcat|.
OPENSSL_EXPORT size_t BUF_strlcat(char *dst, const char *src, size_t dst_size);
#if defined(__cplusplus)
} // extern C
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(BUF_MEM, BUF_MEM_free)
BSSL_NAMESPACE_END
} // extern C++
#endif
#endif // OPENSSL_HEADER_BUFFER_H

7
vendor/aws-lc-sys/aws-lc/include/openssl/buffer.h vendored Normal file
View File

@@ -0,0 +1,7 @@
// Copyright (c) 2015, Google Inc.
// SPDX-License-Identifier: ISC
/* This header is provided in order to make compiling against code that expects
OpenSSL easier. */
#include "buf.h"

655
vendor/aws-lc-sys/aws-lc/include/openssl/bytestring.h vendored Normal file
View File

@@ -0,0 +1,655 @@
// Copyright (c) 2014, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_BYTESTRING_H
#define OPENSSL_HEADER_BYTESTRING_H
#include <openssl/base.h>
#include <openssl/span.h>
#include <time.h>
#if defined(__cplusplus)
extern "C" {
#endif
// Bytestrings are used for parsing and building TLS and ASN.1 messages.
//
// A "CBS" (CRYPTO ByteString) represents a string of bytes in memory and
// provides utility functions for safely parsing length-prefixed structures
// like TLS and ASN.1 from it.
//
// A "CBB" (CRYPTO ByteBuilder) is a memory buffer that grows as needed and
// provides utility functions for building length-prefixed messages.
// CRYPTO ByteString
struct cbs_st {
const uint8_t *data;
size_t len;
#if !defined(BORINGSSL_NO_CXX)
// Allow implicit conversions to and from bssl::Span<const uint8_t>.
cbs_st(bssl::Span<const uint8_t> span)
: data(span.data()), len(span.size()) {}
operator bssl::Span<const uint8_t>() const {
return bssl::MakeConstSpan(data, len);
}
// Defining any constructors requires we explicitly default the others.
cbs_st() = default;
cbs_st(const cbs_st &) = default;
cbs_st &operator=(const cbs_st &) = default;
#endif
};
// CBS_init sets |cbs| to point to |data|. It does not take ownership of
// |data|.
OPENSSL_EXPORT void CBS_init(CBS *cbs, const uint8_t *data, size_t len);
// CBS_skip advances |cbs| by |len| bytes. It returns one on success and zero
// otherwise.
OPENSSL_EXPORT int CBS_skip(CBS *cbs, size_t len);
// CBS_data returns a pointer to the contents of |cbs|.
OPENSSL_EXPORT const uint8_t *CBS_data(const CBS *cbs);
// CBS_len returns the number of bytes remaining in |cbs|.
OPENSSL_EXPORT size_t CBS_len(const CBS *cbs);
// CBS_stow copies the current contents of |cbs| into |*out_ptr| and
// |*out_len|. If |*out_ptr| is not NULL, the contents are freed with
// OPENSSL_free. It returns one on success and zero on allocation failure. On
// success, |*out_ptr| should be freed with OPENSSL_free. If |cbs| is empty,
// |*out_ptr| will be NULL.
OPENSSL_EXPORT int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len);
// CBS_strdup copies the current contents of |cbs| into |*out_ptr| as a
// NUL-terminated C string. If |*out_ptr| is not NULL, the contents are freed
// with OPENSSL_free. It returns one on success and zero on allocation
// failure. On success, |*out_ptr| should be freed with OPENSSL_free.
//
// NOTE: If |cbs| contains NUL bytes, the string will be truncated. Call
// |CBS_contains_zero_byte(cbs)| to check for NUL bytes.
OPENSSL_EXPORT int CBS_strdup(const CBS *cbs, char **out_ptr);
// CBS_contains_zero_byte returns one if the current contents of |cbs| contains
// a NUL byte and zero otherwise.
OPENSSL_EXPORT int CBS_contains_zero_byte(const CBS *cbs);
// CBS_mem_equal compares the current contents of |cbs| with the |len| bytes
// starting at |data|. If they're equal, it returns one, otherwise zero. If the
// lengths match, it uses a constant-time comparison.
OPENSSL_EXPORT int CBS_mem_equal(const CBS *cbs, const uint8_t *data,
size_t len);
// CBS_get_u8 sets |*out| to the next uint8_t from |cbs| and advances |cbs|. It
// returns one on success and zero on error.
OPENSSL_EXPORT int CBS_get_u8(CBS *cbs, uint8_t *out);
// CBS_get_u16 sets |*out| to the next, big-endian uint16_t from |cbs| and
// advances |cbs|. It returns one on success and zero on error.
OPENSSL_EXPORT int CBS_get_u16(CBS *cbs, uint16_t *out);
// CBS_get_u16le sets |*out| to the next, little-endian uint16_t from |cbs| and
// advances |cbs|. It returns one on success and zero on error.
OPENSSL_EXPORT int CBS_get_u16le(CBS *cbs, uint16_t *out);
// CBS_get_u24 sets |*out| to the next, big-endian 24-bit value from |cbs| and
// advances |cbs|. It returns one on success and zero on error.
OPENSSL_EXPORT int CBS_get_u24(CBS *cbs, uint32_t *out);
// CBS_get_u32 sets |*out| to the next, big-endian uint32_t value from |cbs|
// and advances |cbs|. It returns one on success and zero on error.
OPENSSL_EXPORT int CBS_get_u32(CBS *cbs, uint32_t *out);
// CBS_get_u32le sets |*out| to the next, little-endian uint32_t value from
// |cbs| and advances |cbs|. It returns one on success and zero on error.
OPENSSL_EXPORT int CBS_get_u32le(CBS *cbs, uint32_t *out);
// CBS_get_u64 sets |*out| to the next, big-endian uint64_t value from |cbs|
// and advances |cbs|. It returns one on success and zero on error.
OPENSSL_EXPORT int CBS_get_u64(CBS *cbs, uint64_t *out);
// CBS_get_u64le sets |*out| to the next, little-endian uint64_t value from
// |cbs| and advances |cbs|. It returns one on success and zero on error.
OPENSSL_EXPORT int CBS_get_u64le(CBS *cbs, uint64_t *out);
// CBS_get_last_u8 sets |*out| to the last uint8_t from |cbs| and shortens
// |cbs|. It returns one on success and zero on error.
OPENSSL_EXPORT int CBS_get_last_u8(CBS *cbs, uint8_t *out);
// CBS_get_bytes sets |*out| to the next |len| bytes from |cbs| and advances
// |cbs|. It returns one on success and zero on error.
OPENSSL_EXPORT int CBS_get_bytes(CBS *cbs, CBS *out, size_t len);
// CBS_copy_bytes copies the next |len| bytes from |cbs| to |out| and advances
// |cbs|. It returns one on success and zero on error.
OPENSSL_EXPORT int CBS_copy_bytes(CBS *cbs, uint8_t *out, size_t len);
// CBS_get_u8_length_prefixed sets |*out| to the contents of an 8-bit,
// length-prefixed value from |cbs| and advances |cbs| over it. It returns one
// on success and zero on error.
OPENSSL_EXPORT int CBS_get_u8_length_prefixed(CBS *cbs, CBS *out);
// CBS_get_u16_length_prefixed sets |*out| to the contents of a 16-bit,
// big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It
// returns one on success and zero on error.
OPENSSL_EXPORT int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out);
// CBS_get_u24_length_prefixed sets |*out| to the contents of a 24-bit,
// big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It
// returns one on success and zero on error.
OPENSSL_EXPORT int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out);
// CBS_get_until_first finds the first instance of |c| in |cbs|. If found, it
// sets |*out| to the text before the match, advances |cbs| over it, and returns
// one. Otherwise, it returns zero and leaves |cbs| unmodified.
OPENSSL_EXPORT int CBS_get_until_first(CBS *cbs, CBS *out, uint8_t c);
// CBS_get_u64_decimal reads a decimal integer from |cbs| and writes it to
// |*out|. It stops reading at the end of the string, or the first non-digit
// character. It returns one on success and zero on error. This function behaves
// analogously to |strtoul| except it does not accept empty inputs, leading
// zeros, or negative values.
OPENSSL_EXPORT int CBS_get_u64_decimal(CBS *cbs, uint64_t *out);
// Parsing ASN.1
//
// |CBS| may be used to parse DER structures. Rather than using a schema
// compiler, the following functions act on tag-length-value elements in the
// serialization itself. Thus the caller is responsible for looping over a
// SEQUENCE, branching on CHOICEs or OPTIONAL fields, checking for trailing
// data, and handling explict vs. implicit tagging.
//
// Tags are represented as |CBS_ASN1_TAG| values in memory. The upper few bits
// store the class and constructed bit, and the remaining bits store the tag
// number. Note this differs from the DER serialization, to support tag numbers
// beyond 31. Consumers must use the constants defined below to decompose or
// assemble tags.
//
// This library treats an element's constructed bit as part of its tag. In DER,
// the constructed bit is computable from the type. The constants for universal
// types have the bit set. Callers must set it correctly for tagged types.
// Explicitly-tagged types are always constructed, and implicitly-tagged types
// inherit the underlying type's bit.
// CBS_ASN1_TAG_SHIFT is how much the in-memory representation shifts the class
// and constructed bits from the DER serialization.
#define CBS_ASN1_TAG_SHIFT 24
// CBS_ASN1_CONSTRUCTED may be ORed into a tag to set the constructed bit.
#define CBS_ASN1_CONSTRUCTED (0x20u << CBS_ASN1_TAG_SHIFT)
// The following values specify the tag class and may be ORed into a tag number
// to produce the final tag. If none is used, the tag will be UNIVERSAL.
#define CBS_ASN1_UNIVERSAL (0u << CBS_ASN1_TAG_SHIFT)
#define CBS_ASN1_APPLICATION (0x40u << CBS_ASN1_TAG_SHIFT)
#define CBS_ASN1_CONTEXT_SPECIFIC (0x80u << CBS_ASN1_TAG_SHIFT)
#define CBS_ASN1_PRIVATE (0xc0u << CBS_ASN1_TAG_SHIFT)
// CBS_ASN1_CLASS_MASK may be ANDed with a tag to query its class. This will
// give one of the four values above.
#define CBS_ASN1_CLASS_MASK (0xc0u << CBS_ASN1_TAG_SHIFT)
// CBS_ASN1_TAG_NUMBER_MASK may be ANDed with a tag to query its number.
#define CBS_ASN1_TAG_NUMBER_MASK ((1u << (5 + CBS_ASN1_TAG_SHIFT)) - 1)
// The following values are constants for UNIVERSAL tags. Note these constants
// include the constructed bit.
#define CBS_ASN1_BOOLEAN 0x1u
#define CBS_ASN1_INTEGER 0x2u
#define CBS_ASN1_BITSTRING 0x3u
#define CBS_ASN1_OCTETSTRING 0x4u
#define CBS_ASN1_NULL 0x5u
#define CBS_ASN1_OBJECT 0x6u
#define CBS_ASN1_ENUMERATED 0xau
#define CBS_ASN1_UTF8STRING 0xcu
#define CBS_ASN1_SEQUENCE (0x10u | CBS_ASN1_CONSTRUCTED)
#define CBS_ASN1_SET (0x11u | CBS_ASN1_CONSTRUCTED)
#define CBS_ASN1_NUMERICSTRING 0x12u
#define CBS_ASN1_PRINTABLESTRING 0x13u
#define CBS_ASN1_T61STRING 0x14u
#define CBS_ASN1_VIDEOTEXSTRING 0x15u
#define CBS_ASN1_IA5STRING 0x16u
#define CBS_ASN1_UTCTIME 0x17u
#define CBS_ASN1_GENERALIZEDTIME 0x18u
#define CBS_ASN1_GRAPHICSTRING 0x19u
#define CBS_ASN1_VISIBLESTRING 0x1au
#define CBS_ASN1_GENERALSTRING 0x1bu
#define CBS_ASN1_UNIVERSALSTRING 0x1cu
#define CBS_ASN1_BMPSTRING 0x1eu
// CBS_get_asn1 sets |*out| to the contents of DER-encoded, ASN.1 element (not
// including tag and length bytes) and advances |cbs| over it. The ASN.1
// element must match |tag_value|.
//
// If |*out| is NULL, then the contents will be discarded.
//
// It returns one on success and zero on error.
OPENSSL_EXPORT int CBS_get_asn1(CBS *cbs, CBS *out, CBS_ASN1_TAG tag_value);
// CBS_get_asn1_element acts like |CBS_get_asn1| but |out| will include the
// ASN.1 header bytes too.
OPENSSL_EXPORT int CBS_get_asn1_element(CBS *cbs, CBS *out,
CBS_ASN1_TAG tag_value);
// CBS_peek_asn1_tag looks ahead at the next ASN.1 tag and returns one
// if the next ASN.1 element on |cbs| would have tag |tag_value|. If
// |cbs| is empty or the tag does not match, it returns zero. Note: if
// it returns one, CBS_get_asn1 may still fail if the rest of the
// element is malformed.
OPENSSL_EXPORT int CBS_peek_asn1_tag(const CBS *cbs, CBS_ASN1_TAG tag_value);
// CBS_get_any_asn1 sets |*out| to contain the next ASN.1 element from |*cbs|
// (not including tag and length bytes), sets |*out_tag| to the tag number, and
// advances |*cbs|. It returns one on success and zero on error. Either of |out|
// and |out_tag| may be NULL to ignore the value.
OPENSSL_EXPORT int CBS_get_any_asn1(CBS *cbs, CBS *out, CBS_ASN1_TAG *out_tag);
// CBS_get_any_asn1_element sets |*out| to contain the next ASN.1 element from
// |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to
// the tag number and |*out_header_len| to the length of the ASN.1 header. Each
// of |out|, |out_tag|, and |out_header_len| may be NULL to ignore the value.
OPENSSL_EXPORT int CBS_get_any_asn1_element(CBS *cbs, CBS *out,
CBS_ASN1_TAG *out_tag,
size_t *out_header_len);
// CBS_get_any_ber_asn1_element acts the same as |CBS_get_any_asn1_element| but
// also allows indefinite-length elements to be returned and does not enforce
// that lengths are minimal. It sets |*out_indefinite| to one if the length was
// indefinite and zero otherwise. If indefinite, |*out_header_len| and
// |CBS_len(out)| will be equal as only the header is returned (although this is
// also true for empty elements so |*out_indefinite| should be checked). If
// |out_ber_found| is not NULL then it is set to one if any case of invalid DER
// but valid BER is found, and to zero otherwise.
//
// This function will not successfully parse an end-of-contents (EOC) as an
// element. Callers parsing indefinite-length encoding must check for EOC
// separately.
OPENSSL_EXPORT int CBS_get_any_ber_asn1_element(CBS *cbs, CBS *out,
CBS_ASN1_TAG *out_tag,
size_t *out_header_len,
int *out_ber_found,
int *out_indefinite);
// CBS_get_asn1_uint64 gets an ASN.1 INTEGER from |cbs| using |CBS_get_asn1|
// and sets |*out| to its value. It returns one on success and zero on error,
// where error includes the integer being negative, or too large to represent
// in 64 bits.
OPENSSL_EXPORT int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out);
// CBS_get_asn1_int64 gets an ASN.1 INTEGER from |cbs| using |CBS_get_asn1|
// and sets |*out| to its value. It returns one on success and zero on error,
// where error includes the integer being too large to represent in 64 bits.
OPENSSL_EXPORT int CBS_get_asn1_int64(CBS *cbs, int64_t *out);
// CBS_get_asn1_bool gets an ASN.1 BOOLEAN from |cbs| and sets |*out| to zero
// or one based on its value. It returns one on success or zero on error.
OPENSSL_EXPORT int CBS_get_asn1_bool(CBS *cbs, int *out);
// CBS_get_optional_asn1 gets an optional explicitly-tagged element from |cbs|
// tagged with |tag| and sets |*out| to its contents, or ignores it if |out| is
// NULL. If present and if |out_present| is not NULL, it sets |*out_present| to
// one, otherwise zero. It returns one on success, whether or not the element
// was present, and zero on decode failure.
OPENSSL_EXPORT int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present,
CBS_ASN1_TAG tag);
// CBS_get_optional_asn1_octet_string gets an optional
// explicitly-tagged OCTET STRING from |cbs|. If present, it sets
// |*out| to the string and |*out_present| to one. Otherwise, it sets
// |*out| to empty and |*out_present| to zero. |out_present| may be
// NULL. It returns one on success, whether or not the element was
// present, and zero on decode failure.
OPENSSL_EXPORT int CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out,
int *out_present,
CBS_ASN1_TAG tag);
// CBS_get_optional_asn1_uint64 gets an optional explicitly-tagged
// INTEGER from |cbs|. If present, it sets |*out| to the
// value. Otherwise, it sets |*out| to |default_value|. It returns one
// on success, whether or not the element was present, and zero on
// decode failure.
OPENSSL_EXPORT int CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out,
CBS_ASN1_TAG tag,
uint64_t default_value);
// CBS_get_optional_asn1_bool gets an optional, explicitly-tagged BOOLEAN from
// |cbs|. If present, it sets |*out| to either zero or one, based on the
// boolean. Otherwise, it sets |*out| to |default_value|. It returns one on
// success, whether or not the element was present, and zero on decode
// failure.
OPENSSL_EXPORT int CBS_get_optional_asn1_bool(CBS *cbs, int *out,
CBS_ASN1_TAG tag,
int default_value);
// CBS_is_valid_asn1_bitstring returns one if |cbs| is a valid ASN.1 BIT STRING
// body and zero otherwise.
OPENSSL_EXPORT int CBS_is_valid_asn1_bitstring(const CBS *cbs);
// CBS_asn1_bitstring_has_bit returns one if |cbs| is a valid ASN.1 BIT STRING
// body and the specified bit is present and set. Otherwise, it returns zero.
// |bit| is indexed starting from zero.
OPENSSL_EXPORT int CBS_asn1_bitstring_has_bit(const CBS *cbs, unsigned bit);
// CBS_is_valid_asn1_integer returns one if |cbs| is a valid ASN.1 INTEGER,
// body and zero otherwise. On success, if |out_is_negative| is non-NULL,
// |*out_is_negative| will be set to one if |cbs| is negative and zero
// otherwise.
OPENSSL_EXPORT int CBS_is_valid_asn1_integer(const CBS *cbs,
int *out_is_negative);
// CBS_is_unsigned_asn1_integer returns one if |cbs| is a valid non-negative
// ASN.1 INTEGER body and zero otherwise.
OPENSSL_EXPORT int CBS_is_unsigned_asn1_integer(const CBS *cbs);
// CBS_is_valid_asn1_oid returns one if |cbs| is a valid DER-encoded ASN.1
// OBJECT IDENTIFIER contents (not including the element framing) and zero
// otherwise. This function tolerates arbitrarily large OID components.
OPENSSL_EXPORT int CBS_is_valid_asn1_oid(const CBS *cbs);
// CBS_asn1_oid_to_text interprets |cbs| as DER-encoded ASN.1 OBJECT IDENTIFIER
// contents (not including the element framing) and returns the ASCII
// representation (e.g., "1.2.840.113554.4.1.72585") in a newly-allocated
// string, or NULL on failure. The caller must release the result with
// |OPENSSL_free|.
//
// This function may fail if |cbs| is an invalid OBJECT IDENTIFIER, or if any
// OID components are too large.
OPENSSL_EXPORT char *CBS_asn1_oid_to_text(const CBS *cbs);
// CBS_parse_generalized_time returns one if |cbs| is a valid DER-encoded, ASN.1
// GeneralizedTime body within the limitations imposed by RFC 5280, or zero
// otherwise. If |allow_timezone_offset| is non-zero, four-digit timezone
// offsets, which would not be allowed by DER, are permitted. On success, if
// |out_tm| is non-NULL, |*out_tm| will be zeroed, and then set to the
// corresponding time in UTC. This function does not compute |out_tm->tm_wday|
// or |out_tm->tm_yday|.
OPENSSL_EXPORT int CBS_parse_generalized_time(const CBS *cbs, struct tm *out_tm,
int allow_timezone_offset);
// CBS_parse_utc_time returns one if |cbs| is a valid DER-encoded, ASN.1
// UTCTime body within the limitations imposed by RFC 5280, or zero otherwise.
// If |allow_timezone_offset| is non-zero, four-digit timezone offsets, which
// would not be allowed by DER, are permitted. On success, if |out_tm| is
// non-NULL, |*out_tm| will be zeroed, and then set to the corresponding time
// in UTC. This function does not compute |out_tm->tm_wday| or
// |out_tm->tm_yday|.
OPENSSL_EXPORT int CBS_parse_utc_time(const CBS *cbs, struct tm *out_tm,
int allow_timezone_offset);
// CBS_get_optional_asn1_int64 gets an optional, explicitly-tagged INTEGER from
// |cbs|. If present, it sets |*out| to the value. Otherwise, it sets |*out| to
// |default_value|. It returns one on success and zero on error, where error
// includes the integer being too large to represent in 64 bits.
OPENSSL_EXPORT int CBS_get_optional_asn1_int64(CBS *cbs, int64_t *out,
CBS_ASN1_TAG tag,
int64_t default_value);
// CRYPTO ByteBuilder.
//
// |CBB| objects allow one to build length-prefixed serialisations. A |CBB|
// object is associated with a buffer and new buffers are created with
// |CBB_init|. Several |CBB| objects can point at the same buffer when a
// length-prefix is pending, however only a single |CBB| can be 'current' at
// any one time. For example, if one calls |CBB_add_u8_length_prefixed| then
// the new |CBB| points at the same buffer as the original. But if the original
// |CBB| is used then the length prefix is written out and the new |CBB| must
// not be used again.
//
// If one needs to force a length prefix to be written out because a |CBB| is
// going out of scope, use |CBB_flush|. If an operation on a |CBB| fails, it is
// in an undefined state and must not be used except to call |CBB_cleanup|.
struct cbb_buffer_st {
uint8_t *buf;
// len is the number of valid bytes in |buf|.
size_t len;
// cap is the size of |buf|.
size_t cap;
// can_resize is one iff |buf| is owned by this object. If not then |buf|
// cannot be resized.
unsigned can_resize : 1;
// error is one if there was an error writing to this CBB. All future
// operations will fail.
unsigned error : 1;
};
struct cbb_child_st {
// base is a pointer to the buffer this |CBB| writes to.
struct cbb_buffer_st *base;
// offset is the number of bytes from the start of |base->buf| to this |CBB|'s
// pending length prefix.
size_t offset;
// pending_len_len contains the number of bytes in this |CBB|'s pending
// length-prefix, or zero if no length-prefix is pending.
uint8_t pending_len_len;
unsigned pending_is_asn1 : 1;
};
struct cbb_st {
// child points to a child CBB if a length-prefix is pending.
CBB *child;
// is_child is one if this is a child |CBB| and zero if it is a top-level
// |CBB|. This determines which arm of the union is valid.
char is_child;
union {
struct cbb_buffer_st base;
struct cbb_child_st child;
} u;
};
// CBB_zero sets an uninitialised |cbb| to the zero state. It must be
// initialised with |CBB_init| or |CBB_init_fixed| before use, but it is safe to
// call |CBB_cleanup| without a successful |CBB_init|. This may be used for more
// uniform cleanup of a |CBB|.
OPENSSL_EXPORT void CBB_zero(CBB *cbb);
// CBB_init initialises |cbb| with |initial_capacity|. Since a |CBB| grows as
// needed, the |initial_capacity| is just a hint. It returns one on success or
// zero on allocation failure.
OPENSSL_EXPORT int CBB_init(CBB *cbb, size_t initial_capacity);
// CBB_init_fixed initialises |cbb| to write to |len| bytes at |buf|. Since
// |buf| cannot grow, trying to write more than |len| bytes will cause CBB
// functions to fail. This function is infallible and always returns one. It is
// safe, but not necessary, to call |CBB_cleanup| on |cbb|.
OPENSSL_EXPORT int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len);
// CBB_cleanup frees all resources owned by |cbb| and other |CBB| objects
// writing to the same buffer. This should be used in an error case where a
// serialisation is abandoned.
//
// This function can only be called on a "top level" |CBB|, i.e. one initialised
// with |CBB_init| or |CBB_init_fixed|, or a |CBB| set to the zero state with
// |CBB_zero|.
OPENSSL_EXPORT void CBB_cleanup(CBB *cbb);
// CBB_finish completes any pending length prefix and sets |*out_data| to a
// malloced buffer and |*out_len| to the length of that buffer. The caller
// takes ownership of the buffer and, unless the buffer was fixed with
// |CBB_init_fixed|, must call |OPENSSL_free| when done.
//
// It can only be called on a "top level" |CBB|, i.e. one initialised with
// |CBB_init| or |CBB_init_fixed|. It returns one on success and zero on
// error.
OPENSSL_EXPORT int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len);
// CBB_flush causes any pending length prefixes to be written out and any child
// |CBB| objects of |cbb| to be invalidated. This allows |cbb| to continue to be
// used after the children go out of scope, e.g. when local |CBB| objects are
// added as children to a |CBB| that persists after a function returns. This
// function returns one on success or zero on error.
OPENSSL_EXPORT int CBB_flush(CBB *cbb);
// CBB_data returns a pointer to the bytes written to |cbb|. It does not flush
// |cbb|. The pointer is valid until the next operation to |cbb|.
//
// To avoid unfinalized length prefixes, it is a fatal error to call this on a
// CBB with any active children.
OPENSSL_EXPORT const uint8_t *CBB_data(const CBB *cbb);
// CBB_len returns the number of bytes written to |cbb|. It does not flush
// |cbb|.
//
// To avoid unfinalized length prefixes, it is a fatal error to call this on a
// CBB with any active children.
OPENSSL_EXPORT size_t CBB_len(const CBB *cbb);
// CBB_add_u8_length_prefixed sets |*out_contents| to a new child of |cbb|. The
// data written to |*out_contents| will be prefixed in |cbb| with an 8-bit
// length. It returns one on success or zero on error.
OPENSSL_EXPORT int CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents);
// CBB_add_u16_length_prefixed sets |*out_contents| to a new child of |cbb|.
// The data written to |*out_contents| will be prefixed in |cbb| with a 16-bit,
// big-endian length. It returns one on success or zero on error.
OPENSSL_EXPORT int CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents);
// CBB_add_u24_length_prefixed sets |*out_contents| to a new child of |cbb|.
// The data written to |*out_contents| will be prefixed in |cbb| with a 24-bit,
// big-endian length. It returns one on success or zero on error.
OPENSSL_EXPORT int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents);
// CBB_add_asn1 sets |*out_contents| to a |CBB| into which the contents of an
// ASN.1 object can be written. The |tag| argument will be used as the tag for
// the object. It returns one on success or zero on error.
OPENSSL_EXPORT int CBB_add_asn1(CBB *cbb, CBB *out_contents, CBS_ASN1_TAG tag);
// CBB_add_bytes appends |len| bytes from |data| to |cbb|. It returns one on
// success and zero otherwise.
OPENSSL_EXPORT int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len);
// CBB_add_zeros append |len| bytes with value zero to |cbb|. It returns one on
// success and zero otherwise.
OPENSSL_EXPORT int CBB_add_zeros(CBB *cbb, size_t len);
// CBB_add_space appends |len| bytes to |cbb| and sets |*out_data| to point to
// the beginning of that space. The caller must then write |len| bytes of
// actual contents to |*out_data|. It returns one on success and zero
// otherwise.
OPENSSL_EXPORT int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len);
// CBB_reserve ensures |cbb| has room for |len| additional bytes and sets
// |*out_data| to point to the beginning of that space. It returns one on
// success and zero otherwise. The caller may write up to |len| bytes to
// |*out_data| and call |CBB_did_write| to complete the write. |*out_data| is
// valid until the next operation on |cbb| or an ancestor |CBB|.
OPENSSL_EXPORT int CBB_reserve(CBB *cbb, uint8_t **out_data, size_t len);
// CBB_did_write advances |cbb| by |len| bytes, assuming the space has been
// written to by the caller. It returns one on success and zero on error.
OPENSSL_EXPORT int CBB_did_write(CBB *cbb, size_t len);
// CBB_add_u8 appends an 8-bit number from |value| to |cbb|. It returns one on
// success and zero otherwise.
OPENSSL_EXPORT int CBB_add_u8(CBB *cbb, uint8_t value);
// CBB_add_u16 appends a 16-bit, big-endian number from |value| to |cbb|. It
// returns one on success and zero otherwise.
OPENSSL_EXPORT int CBB_add_u16(CBB *cbb, uint16_t value);
// CBB_add_u16le appends a 16-bit, little-endian number from |value| to |cbb|.
// It returns one on success and zero otherwise.
OPENSSL_EXPORT int CBB_add_u16le(CBB *cbb, uint16_t value);
// CBB_add_u24 appends a 24-bit, big-endian number from |value| to |cbb|. It
// returns one on success and zero otherwise.
OPENSSL_EXPORT int CBB_add_u24(CBB *cbb, uint32_t value);
// CBB_add_u32 appends a 32-bit, big-endian number from |value| to |cbb|. It
// returns one on success and zero otherwise.
OPENSSL_EXPORT int CBB_add_u32(CBB *cbb, uint32_t value);
// CBB_add_u32le appends a 32-bit, little-endian number from |value| to |cbb|.
// It returns one on success and zero otherwise.
OPENSSL_EXPORT int CBB_add_u32le(CBB *cbb, uint32_t value);
// CBB_add_u64 appends a 64-bit, big-endian number from |value| to |cbb|. It
// returns one on success and zero otherwise.
OPENSSL_EXPORT int CBB_add_u64(CBB *cbb, uint64_t value);
// CBB_add_u64le appends a 64-bit, little-endian number from |value| to |cbb|.
// It returns one on success and zero otherwise.
OPENSSL_EXPORT int CBB_add_u64le(CBB *cbb, uint64_t value);
// CBB_discard_child discards the current unflushed child of |cbb|. Neither the
// child's contents nor the length prefix will be included in the output.
OPENSSL_EXPORT void CBB_discard_child(CBB *cbb);
// CBB_add_asn1_uint64 writes an ASN.1 INTEGER into |cbb| using |CBB_add_asn1|
// and writes |value| in its contents. It returns one on success and zero on
// error.
OPENSSL_EXPORT int CBB_add_asn1_uint64(CBB *cbb, uint64_t value);
// CBB_add_asn1_uint64_with_tag behaves like |CBB_add_asn1_uint64| but uses
// |tag| as the tag instead of INTEGER. This is useful if the INTEGER type uses
// implicit tagging.
OPENSSL_EXPORT int CBB_add_asn1_uint64_with_tag(CBB *cbb, uint64_t value,
CBS_ASN1_TAG tag);
// CBB_add_asn1_int64 writes an ASN.1 INTEGER into |cbb| using |CBB_add_asn1|
// and writes |value| in its contents. It returns one on success and zero on
// error.
OPENSSL_EXPORT int CBB_add_asn1_int64(CBB *cbb, int64_t value);
// CBB_add_asn1_int64_with_tag behaves like |CBB_add_asn1_int64| but uses |tag|
// as the tag instead of INTEGER. This is useful if the INTEGER type uses
// implicit tagging.
OPENSSL_EXPORT int CBB_add_asn1_int64_with_tag(CBB *cbb, int64_t value,
CBS_ASN1_TAG tag);
// CBB_add_asn1_octet_string writes an ASN.1 OCTET STRING into |cbb| with the
// given contents. It returns one on success and zero on error.
OPENSSL_EXPORT int CBB_add_asn1_octet_string(CBB *cbb, const uint8_t *data,
size_t data_len);
// CBB_add_asn1_bool writes an ASN.1 BOOLEAN into |cbb| which is true iff
// |value| is non-zero. It returns one on success and zero on error.
OPENSSL_EXPORT int CBB_add_asn1_bool(CBB *cbb, int value);
// CBB_add_asn1_oid_from_text decodes |len| bytes from |text| as an ASCII OID
// representation, e.g. "1.2.840.113554.4.1.72585", and writes the DER-encoded
// contents to |cbb|. It returns one on success and zero on malloc failure or if
// |text| was invalid. It does not include the OBJECT IDENTIFER framing, only
// the element's contents.
//
// This function considers OID strings with components which do not fit in a
// |uint64_t| to be invalid.
OPENSSL_EXPORT int CBB_add_asn1_oid_from_text(CBB *cbb, const char *text,
size_t len);
// CBB_flush_asn1_set_of calls |CBB_flush| on |cbb| and then reorders the
// contents for a DER-encoded ASN.1 SET OF type. It returns one on success and
// zero on failure. DER canonicalizes SET OF contents by sorting
// lexicographically by encoding. Call this function when encoding a SET OF
// type in an order that is not already known to be canonical.
//
// Note a SET type has a slightly different ordering than a SET OF.
OPENSSL_EXPORT int CBB_flush_asn1_set_of(CBB *cbb);
#if defined(__cplusplus)
} // extern C
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
BSSL_NAMESPACE_BEGIN
using ScopedCBB = internal::StackAllocated<CBB, void, CBB_zero, CBB_cleanup>;
BSSL_NAMESPACE_END
} // extern C++
#endif
#endif
#endif // OPENSSL_HEADER_BYTESTRING_H

37
vendor/aws-lc-sys/aws-lc/include/openssl/chacha.h vendored Normal file
View File

@@ -0,0 +1,37 @@
// Copyright (c) 2014, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_CHACHA_H
#define OPENSSL_HEADER_CHACHA_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// ChaCha20.
//
// ChaCha20 is a stream cipher. See https://tools.ietf.org/html/rfc8439.
// CRYPTO_chacha_20 encrypts |in_len| bytes from |in| with the given key and
// nonce and writes the result to |out|. If |in| and |out| alias, they must be
// equal. The initial block counter is specified by |counter|. |in| must be
// aligned on a block boundary.
//
// This function implements a 32-bit block counter as in RFC 8439. On overflow,
// the counter wraps. Reusing a key, nonce, and block counter combination is not
// secure, so wrapping is usually a bug in the caller. While it is possible to
// wrap without reuse with a large initial block counter, this is not
// recommended and may not be portable to other ChaCha20 implementations.
OPENSSL_EXPORT void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in,
size_t in_len, const uint8_t key[32],
const uint8_t nonce[12], uint32_t counter);
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_CHACHA_H

692
vendor/aws-lc-sys/aws-lc/include/openssl/cipher.h vendored Normal file
View File

@@ -0,0 +1,692 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_CIPHER_H
#define OPENSSL_HEADER_CIPHER_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// Ciphers.
// Cipher primitives.
//
// The following functions return |EVP_CIPHER| objects that implement the named
// cipher algorithm.
OPENSSL_EXPORT const EVP_CIPHER *EVP_rc4(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_des_cbc(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ecb(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede3(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede_cbc(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede3_cbc(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ecb(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cbc(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ctr(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ofb(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ecb(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cbc(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ctr(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ofb(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_xts(void);
// EVP_aes_256_wrap implements AES-256 in Key Wrap mode. OpenSSL 1.1.1 required
// |EVP_CIPHER_CTX_FLAG_WRAP_ALLOW| to be set with |EVP_CIPHER_CTX_set_flags|,
// in order for |EVP_aes_256_wrap| to work. This is not required in AWS-LC and
// they are no-op flags maintained for compatibility.
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_wrap(void);
// EVP_enc_null returns a 'cipher' that passes plaintext through as
// ciphertext.
OPENSSL_EXPORT const EVP_CIPHER *EVP_enc_null(void);
// EVP_rc2_cbc returns a cipher that implements 128-bit RC2 in CBC mode.
OPENSSL_EXPORT const EVP_CIPHER *EVP_rc2_cbc(void);
// EVP_rc2_40_cbc returns a cipher that implements 40-bit RC2 in CBC mode. This
// is obviously very, very weak and is included only in order to read PKCS#12
// files, which often encrypt the certificate chain using this cipher. It is
// deliberately not exported.
const EVP_CIPHER *EVP_rc2_40_cbc(void);
// EVP_chacha20_poly1305 returns a cipher that implements chacha20-poly1305 as
// described in RFC 8439. This cipher implementation is added for
// compatibility. Consumers should use |EVP_aead_chacha20_poly1305| instead.
// Callers are advised that the maximum amount of data that can be encrypted
// using chacha20-poly1305 is 256GB.
OPENSSL_EXPORT const EVP_CIPHER *EVP_chacha20_poly1305(void);
// EVP_get_cipherbynid returns the cipher corresponding to the given NID, or
// NULL if no such cipher is known. Note using this function links almost every
// cipher implemented by BoringSSL into the binary, whether the caller uses them
// or not. Size-conscious callers, such as client software, should not use this
// function.
OPENSSL_EXPORT const EVP_CIPHER *EVP_get_cipherbynid(int nid);
// Cipher context allocation.
//
// An |EVP_CIPHER_CTX| represents the state of an encryption or decryption in
// progress.
// EVP_CIPHER_CTX_init initialises an, already allocated, |EVP_CIPHER_CTX|.
OPENSSL_EXPORT void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx);
// EVP_CIPHER_CTX_new allocates a fresh |EVP_CIPHER_CTX|, calls
// |EVP_CIPHER_CTX_init| and returns it, or NULL on allocation failure.
OPENSSL_EXPORT EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
// EVP_CIPHER_CTX_cleanup frees any memory referenced by |ctx|. It returns
// one.
OPENSSL_EXPORT int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *ctx);
// EVP_CIPHER_CTX_free calls |EVP_CIPHER_CTX_cleanup| on |ctx| and then frees
// |ctx| itself.
OPENSSL_EXPORT void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
// EVP_CIPHER_CTX_copy sets |out| to be a duplicate of the current state of
// |in|. The |out| argument must have been previously initialised.
OPENSSL_EXPORT int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out,
const EVP_CIPHER_CTX *in);
// EVP_CIPHER_CTX_reset calls |EVP_CIPHER_CTX_cleanup| followed by
// |EVP_CIPHER_CTX_init| and returns one.
OPENSSL_EXPORT int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx);
// Cipher context configuration.
// EVP_CipherInit_ex configures |ctx| for a fresh encryption (or decryption, if
// |enc| is zero) operation using |cipher|. If |ctx| has been previously
// configured with a cipher then |cipher|, |key| and |iv| may be |NULL| and
// |enc| may be -1 to reuse the previous values. The operation will use |key|
// as the key and |iv| as the IV (if any). These should have the correct
// lengths given by |EVP_CIPHER_key_length| and |EVP_CIPHER_iv_length|. It
// returns one on success and zero on error.
OPENSSL_EXPORT int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
const EVP_CIPHER *cipher, ENGINE *engine,
const uint8_t *key, const uint8_t *iv,
int enc);
// EVP_EncryptInit_ex calls |EVP_CipherInit_ex| with |enc| equal to one.
OPENSSL_EXPORT int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
const EVP_CIPHER *cipher, ENGINE *impl,
const uint8_t *key, const uint8_t *iv);
// EVP_DecryptInit_ex calls |EVP_CipherInit_ex| with |enc| equal to zero.
OPENSSL_EXPORT int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
const EVP_CIPHER *cipher, ENGINE *impl,
const uint8_t *key, const uint8_t *iv);
// Cipher operations.
// EVP_EncryptUpdate encrypts |in_len| bytes from |in| to |out|. The number
// of output bytes may be up to |in_len| plus the block length minus one and
// |out| must have sufficient space. The number of bytes actually output is
// written to |*out_len|. It returns one on success and zero otherwise.
//
// If |ctx| is an AEAD cipher, e.g. |EVP_aes_128_gcm|, and |out| is NULL, this
// function instead adds |in_len| bytes from |in| to the AAD and sets |*out_len|
// to |in_len|. The AAD must be fully specified in this way before this function
// is used to encrypt plaintext.
OPENSSL_EXPORT int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out,
int *out_len, const uint8_t *in,
int in_len);
// EVP_EncryptFinal_ex writes at most a block of ciphertext to |out| and sets
// |*out_len| to the number of bytes written. If padding is enabled (the
// default) then standard padding is applied to create the final block. If
// padding is disabled (with |EVP_CIPHER_CTX_set_padding|) then any partial
// block remaining will cause an error. The function returns one on success and
// zero otherwise.
OPENSSL_EXPORT int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out,
int *out_len);
// EVP_DecryptUpdate decrypts |in_len| bytes from |in| to |out|. The number of
// output bytes may be up to |in_len| plus the block length minus one and |out|
// must have sufficient space. The number of bytes actually output is written
// to |*out_len|. It returns one on success and zero otherwise.
//
// If |ctx| is an AEAD cipher, e.g. |EVP_aes_128_gcm|, and |out| is NULL, this
// function instead adds |in_len| bytes from |in| to the AAD and sets |*out_len|
// to |in_len|. The AAD must be fully specified in this way before this function
// is used to decrypt ciphertext.
OPENSSL_EXPORT int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out,
int *out_len, const uint8_t *in,
int in_len);
// EVP_DecryptFinal_ex writes at most a block of ciphertext to |out| and sets
// |*out_len| to the number of bytes written. If padding is enabled (the
// default) then padding is removed from the final block.
//
// WARNING: it is unsafe to call this function with unauthenticated
// ciphertext if padding is enabled.
OPENSSL_EXPORT int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out,
int *out_len);
// EVP_CipherUpdate calls either |EVP_EncryptUpdate| or |EVP_DecryptUpdate|
// depending on how |ctx| has been setup.
OPENSSL_EXPORT int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out,
int *out_len, const uint8_t *in,
int in_len);
// EVP_CipherFinal_ex calls either |EVP_EncryptFinal_ex| or
// |EVP_DecryptFinal_ex| depending on how |ctx| has been setup.
OPENSSL_EXPORT int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out,
int *out_len);
// Cipher context accessors.
// EVP_CIPHER_CTX_cipher returns the |EVP_CIPHER| underlying |ctx|, or NULL if
// none has been set.
OPENSSL_EXPORT const EVP_CIPHER *EVP_CIPHER_CTX_cipher(
const EVP_CIPHER_CTX *ctx);
// EVP_CIPHER_CTX_nid returns a NID identifying the |EVP_CIPHER| underlying
// |ctx| (e.g. |NID_aes_128_gcm|). It will crash if no cipher has been
// configured.
OPENSSL_EXPORT int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
// EVP_CIPHER_CTX_encrypting returns one if |ctx| is configured for encryption
// and zero otherwise.
OPENSSL_EXPORT int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx);
// EVP_CIPHER_CTX_block_size returns the block size, in bytes, of the cipher
// underlying |ctx|, or one if the cipher is a stream cipher. It will crash if
// no cipher has been configured.
OPENSSL_EXPORT unsigned EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
// EVP_CIPHER_CTX_key_length returns the key size, in bytes, of the cipher
// underlying |ctx| or zero if no cipher has been configured.
OPENSSL_EXPORT unsigned EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
// EVP_CIPHER_CTX_iv_length returns the IV size, in bytes, of the cipher
// underlying |ctx|. It will crash if no cipher has been configured.
OPENSSL_EXPORT unsigned EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
// EVP_CIPHER_CTX_get_app_data returns the opaque, application data pointer for
// |ctx|, or NULL if none has been set.
OPENSSL_EXPORT void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
// EVP_CIPHER_CTX_set_app_data sets the opaque, application data pointer for
// |ctx| to |data|.
OPENSSL_EXPORT void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx,
void *data);
// EVP_CIPHER_CTX_flags returns a value which is the OR of zero or more
// |EVP_CIPH_*| flags. It will crash if no cipher has been configured.
OPENSSL_EXPORT uint32_t EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
// EVP_CIPHER_CTX_mode returns one of the |EVP_CIPH_*| cipher mode values
// enumerated below. It will crash if no cipher has been configured.
OPENSSL_EXPORT uint32_t EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx);
// EVP_CIPHER_CTX_ctrl is an |ioctl| like function. The |command| argument
// should be one of the |EVP_CTRL_*| values. The |arg| and |ptr| arguments are
// specific to the command in question.
OPENSSL_EXPORT int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int command,
int arg, void *ptr);
// EVP_CIPHER_CTX_set_padding sets whether padding is enabled for |ctx| and
// returns one. Pass a non-zero |pad| to enable padding (the default) or zero
// to disable.
OPENSSL_EXPORT int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad);
// EVP_CIPHER_CTX_set_key_length sets the key length for |ctx|. This is only
// valid for ciphers that can take a variable length key. It returns one on
// success and zero on error.
OPENSSL_EXPORT int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *ctx,
unsigned key_len);
// Cipher accessors.
// EVP_CIPHER_nid returns a NID identifying |cipher|. (For example,
// |NID_aes_128_gcm|.)
OPENSSL_EXPORT int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
// EVP_CIPHER_name returns the short name of |cipher|.
OPENSSL_EXPORT const char *EVP_CIPHER_name(const EVP_CIPHER *cipher);
// EVP_CIPHER_block_size returns the block size, in bytes, for |cipher|, or one
// if |cipher| is a stream cipher.
OPENSSL_EXPORT unsigned EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
// EVP_CIPHER_key_length returns the key size, in bytes, for |cipher|. If
// |cipher| can take a variable key length then this function returns the
// default key length and |EVP_CIPHER_flags| will return a value with
// |EVP_CIPH_VARIABLE_LENGTH| set.
OPENSSL_EXPORT unsigned EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
// EVP_CIPHER_iv_length returns the IV size, in bytes, of |cipher|, or zero if
// |cipher| doesn't take an IV.
OPENSSL_EXPORT unsigned EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
// EVP_CIPHER_flags returns a value which is the OR of zero or more
// |EVP_CIPH_*| flags.
OPENSSL_EXPORT uint32_t EVP_CIPHER_flags(const EVP_CIPHER *cipher);
// EVP_CIPHER_mode returns one of the cipher mode values enumerated below.
OPENSSL_EXPORT uint32_t EVP_CIPHER_mode(const EVP_CIPHER *cipher);
// Key derivation.
// EVP_BytesToKey generates a key and IV for the cipher |type| by iterating
// |md| |count| times using |data| and |salt|. On entry, the |key| and |iv|
// buffers must have enough space to hold a key and IV for |type|. It returns
// the length of the key on success or zero on error.
OPENSSL_EXPORT int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
const uint8_t *salt, const uint8_t *data,
size_t data_len, unsigned count, uint8_t *key,
uint8_t *iv);
// Cipher modes (for |EVP_CIPHER_mode|).
#define EVP_CIPH_STREAM_CIPHER 0x0
#define EVP_CIPH_ECB_MODE 0x1
#define EVP_CIPH_CBC_MODE 0x2
#define EVP_CIPH_CFB_MODE 0x3
#define EVP_CIPH_OFB_MODE 0x4
#define EVP_CIPH_CTR_MODE 0x5
#define EVP_CIPH_GCM_MODE 0x6
#define EVP_CIPH_XTS_MODE 0x7
#define EVP_CIPH_CCM_MODE 0x8
// EVP_CIPH_FLAG_LENGTH_BITS buffers length in bits not bytes: CFB1 mode only.
#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
// The following values are never returned from |EVP_CIPHER_mode| and are
// included only to make it easier to compile code with BoringSSL.
#define EVP_CIPH_OCB_MODE 0x9
#define EVP_CIPH_WRAP_MODE 0xa
// Cipher flags (for |EVP_CIPHER_flags|).
// EVP_CIPH_VARIABLE_LENGTH indicates that the cipher takes a variable length
// key.
#define EVP_CIPH_VARIABLE_LENGTH 0x40
// EVP_CIPH_ALWAYS_CALL_INIT indicates that the |init| function for the cipher
// should always be called when initialising a new operation, even if the key
// is NULL to indicate that the same key is being used.
#define EVP_CIPH_ALWAYS_CALL_INIT 0x80
// EVP_CIPH_CUSTOM_IV indicates that the cipher manages the IV itself rather
// than keeping it in the |iv| member of |EVP_CIPHER_CTX|.
#define EVP_CIPH_CUSTOM_IV 0x100
// EVP_CIPH_CTRL_INIT indicates that EVP_CTRL_INIT should be used when
// initialising an |EVP_CIPHER_CTX|.
#define EVP_CIPH_CTRL_INIT 0x200
// EVP_CIPH_FLAG_CUSTOM_CIPHER indicates that the cipher manages blocking
// itself. This causes EVP_(En|De)crypt_ex to be simple wrapper functions.
#define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x400
// EVP_CIPH_FLAG_AEAD_CIPHER specifies that the cipher is an AEAD. This is an
// older version of the proper AEAD interface. See aead.h for the current
// one.
#define EVP_CIPH_FLAG_AEAD_CIPHER 0x800
// EVP_CIPH_CUSTOM_COPY indicates that the |ctrl| callback should be called
// with |EVP_CTRL_COPY| at the end of normal |EVP_CIPHER_CTX_copy|
// processing.
#define EVP_CIPH_CUSTOM_COPY 0x1000
// EVP_CIPH_FLAG_NON_FIPS_ALLOW is meaningless. In OpenSSL it permits non-FIPS
// algorithms in FIPS mode. But BoringSSL FIPS mode doesn't prohibit algorithms
// (it's up the the caller to use the FIPS module in a fashion compliant with
// their needs). Thus this exists only to allow code to compile.
#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0
// Deprecated functions
// EVP_aes_128/256_cbc_hmac_sha1/256 return |EVP_CIPHER| objects that implement
// the named cipher algorithm. They are imported from OpenSSL to provide AES CBC
// HMAC SHA stitch implementation. These methods are TLS specific.
//
// WARNING: these APIs usage can get wrong easily. Below functions include
// details.
// |aesni_cbc_hmac_sha1_cipher| and |aesni_cbc_hmac_sha256_cipher|.
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void);
// EVP_CipherInit acts like EVP_CipherInit_ex except that |EVP_CIPHER_CTX_init|
// is called on |cipher| first, if |cipher| is not NULL.
OPENSSL_EXPORT int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
const uint8_t *key, const uint8_t *iv,
int enc);
// EVP_EncryptInit calls |EVP_CipherInit| with |enc| equal to one.
OPENSSL_EXPORT int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,
const EVP_CIPHER *cipher, const uint8_t *key,
const uint8_t *iv);
// EVP_DecryptInit calls |EVP_CipherInit| with |enc| equal to zero.
OPENSSL_EXPORT int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,
const EVP_CIPHER *cipher, const uint8_t *key,
const uint8_t *iv);
// EVP_CipherFinal calls |EVP_CipherFinal_ex|.
OPENSSL_EXPORT int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, uint8_t *out,
int *out_len);
// EVP_EncryptFinal calls |EVP_EncryptFinal_ex|.
OPENSSL_EXPORT int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, uint8_t *out,
int *out_len);
// EVP_DecryptFinal calls |EVP_DecryptFinal_ex|.
OPENSSL_EXPORT int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, uint8_t *out,
int *out_len);
// EVP_Cipher historically exposed an internal implementation detail of |ctx|
// and should not be used. Use |EVP_CipherUpdate| and |EVP_CipherFinal_ex|
// instead.
//
// If |ctx|'s cipher does not have the |EVP_CIPH_FLAG_CUSTOM_CIPHER| flag, it
// encrypts or decrypts |in_len| bytes from |in| and writes the resulting
// |in_len| bytes to |out|. It returns one on success and zero on error.
// |in_len| must be a multiple of the cipher's block size, or the behavior is
// undefined.
//
// TODO(davidben): Rather than being undefined (it'll often round the length up
// and likely read past the buffer), just fail the operation.
//
// If |ctx|'s cipher has the |EVP_CIPH_FLAG_CUSTOM_CIPHER| flag, it runs in one
// of two modes: If |in| is non-NULL, it behaves like |EVP_CipherUpdate|. If
// |in| is NULL, it behaves like |EVP_CipherFinal_ex|. In both cases, it returns
// |*out_len| on success and -1 on error.
//
// WARNING: The two possible calling conventions of this function signal errors
// incompatibly. In the first, zero indicates an error. In the second, zero
// indicates success with zero bytes of output.
OPENSSL_EXPORT int EVP_Cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
const uint8_t *in, size_t in_len);
// EVP_get_cipherbyname returns an |EVP_CIPHER| given a human readable name in
// |name|, or NULL if the name is unknown. Note using this function links almost
// every cipher implemented by BoringSSL into the binary, not just the ones the
// caller requests. Size-conscious callers, such as client software, should not
// use this function.
OPENSSL_EXPORT const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
// These AEADs are deprecated AES-GCM implementations that set
// |EVP_CIPH_FLAG_CUSTOM_CIPHER|. Use |EVP_aead_aes_128_gcm| and
// |EVP_aead_aes_256_gcm| instead.
//
// WARNING: Although these APIs allow streaming an individual AES-GCM operation,
// this is not secure. Until calling |EVP_DecryptFinal_ex|, the tag has not yet
// been checked and output released by |EVP_DecryptUpdate| is unauthenticated
// and easily manipulated by attackers. Callers must buffer the output and may
// not act on it until the entire operation is complete.
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_gcm(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_gcm(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ccm(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ccm(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ccm(void);
// These are deprecated, 192-bit version of AES.
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ecb(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_cbc(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ctr(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_gcm(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ofb(void);
// EVP_des_ede3_ecb is an alias for |EVP_des_ede3|. Use the former instead.
OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede3_ecb(void);
// EVP_aes_128_cfb128 is deprecated.
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cfb128(void);
// EVP_aes_128_cfb is an alias for |EVP_aes_128_cfb128| and is deprecated.
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cfb(void);
// EVP_aes_128_cfb1 is deprecated.
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cfb1(void);
// EVP_aes_128_cfb8 is deprecated.
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cfb8(void);
// EVP_aes_192_cfb128 is deprecated.
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_cfb128(void);
// EVP_aes_192_cfb is an alias for |EVP_aes_192_cfb128| and is deprecated.
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_cfb(void);
// EVP_aes_192_cfb1 is deprecated.
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_cfb1(void);
// EVP_aes_192_cfb8 is deprecated.
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_cfb8(void);
// EVP_aes_256_cfb128 is deprecated.
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cfb128(void);
// EVP_aes_256_cfb is an alias for |EVP_aes_256_cfb128| and is deprecated.
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cfb(void);
// EVP_aes_256_cfb1 is deprecated.
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cfb1(void);
// EVP_aes_256_cfb8 is deprecated.
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cfb8(void);
// EVP_bf_ecb is Blowfish in ECB mode and is deprecated.
OPENSSL_EXPORT const EVP_CIPHER *EVP_bf_ecb(void);
// EVP_bf_cbc is Blowfish in CBC mode and is deprecated.
OPENSSL_EXPORT const EVP_CIPHER *EVP_bf_cbc(void);
// EVP_bf_cfb is an alias for |EVP_bf_cfb64| and is deprecated.
OPENSSL_EXPORT const EVP_CIPHER *EVP_bf_cfb(void);
// EVP_bf_cfb64 is Blowfish in 64-bit CFB mode and is deprecated.
OPENSSL_EXPORT const EVP_CIPHER *EVP_bf_cfb64(void);
// EVP_bf_ofb is Blowfish in 64-bit OFB mode and is deprecated.
OPENSSL_EXPORT const EVP_CIPHER *EVP_bf_ofb(void);
// EVP_cast5_ecb is CAST5 in ECB mode and is deprecated.
OPENSSL_EXPORT OPENSSL_DEPRECATED const EVP_CIPHER *EVP_cast5_ecb(void);
// EVP_cast5_cbc is CAST5 in CBC mode and is deprecated.
OPENSSL_EXPORT OPENSSL_DEPRECATED const EVP_CIPHER *EVP_cast5_cbc(void);
// General No-op Functions [Deprecated].
// EVP_CIPHER_CTX_set_flags does nothing. We strongly discourage doing
// any additional configurations when consuming |EVP_CIPHER_CTX|.
OPENSSL_EXPORT OPENSSL_DEPRECATED void EVP_CIPHER_CTX_set_flags(
const EVP_CIPHER_CTX *ctx, uint32_t flags);
// The following flags are related to |EVP_CIPHER_CTX_set_flags|. They
// do nothing and are included only to make it easier to compile code
// with AWS-LC.
#define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0
// EVP_add_cipher_alias does nothing and returns one.
OPENSSL_EXPORT OPENSSL_DEPRECATED int EVP_add_cipher_alias(const char *a,
const char *b);
// Private functions.
// EVP_CIPH_NO_PADDING disables padding in block ciphers.
#define EVP_CIPH_NO_PADDING 0x800
// The following are |EVP_CIPHER_CTX_ctrl| commands.
#define EVP_CTRL_INIT 0x0
#define EVP_CTRL_SET_KEY_LENGTH 0x1
#define EVP_CTRL_GET_RC2_KEY_BITS 0x2
#define EVP_CTRL_SET_RC2_KEY_BITS 0x3
#define EVP_CTRL_GET_RC5_ROUNDS 0x4
#define EVP_CTRL_SET_RC5_ROUNDS 0x5
#define EVP_CTRL_RAND_KEY 0x6
#define EVP_CTRL_PBE_PRF_NID 0x7
#define EVP_CTRL_COPY 0x8
#define EVP_CTRL_AEAD_SET_IVLEN 0x9
#define EVP_CTRL_AEAD_GET_TAG 0x10
#define EVP_CTRL_AEAD_SET_TAG 0x11
#define EVP_CTRL_AEAD_SET_IV_FIXED 0x12
#define EVP_CTRL_GCM_IV_GEN 0x13
#define EVP_CTRL_CCM_SET_L 0x14
#define EVP_CTRL_AEAD_SET_MAC_KEY 0x17
// EVP_CTRL_GCM_SET_IV_INV sets the GCM invocation field, decrypt only
#define EVP_CTRL_GCM_SET_IV_INV 0x18
#define EVP_CTRL_GET_IVLEN 0x19
// The following constants are unused.
#define EVP_GCM_TLS_FIXED_IV_LEN 4
#define EVP_GCM_TLS_EXPLICIT_IV_LEN 8
#define EVP_GCM_TLS_TAG_LEN 16
// The following are legacy aliases for AEAD |EVP_CIPHER_CTX_ctrl| values.
#define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN
#define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG
#define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG
#define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED
#define EVP_MAX_KEY_LENGTH 64
#define EVP_MAX_IV_LENGTH 16
#define EVP_MAX_BLOCK_LENGTH 32
struct evp_cipher_ctx_st {
// cipher contains the underlying cipher for this context.
const EVP_CIPHER *cipher;
// app_data is a pointer to opaque, user data.
void *app_data; // application stuff
// cipher_data points to the |cipher| specific state.
void *cipher_data;
// key_len contains the length of the key, which may differ from
// |cipher->key_len| if the cipher can take a variable key length.
unsigned key_len;
// encrypt is one if encrypting and zero if decrypting.
int encrypt;
// flags contains the OR of zero or more |EVP_CIPH_*| flags, above.
uint32_t flags;
// oiv contains the original IV value.
uint8_t oiv[EVP_MAX_IV_LENGTH];
// iv contains the current IV value, which may have been updated.
uint8_t iv[EVP_MAX_IV_LENGTH];
// buf contains a partial block which is used by, for example, CTR mode to
// store unused keystream bytes.
uint8_t buf[EVP_MAX_BLOCK_LENGTH];
// buf_len contains the number of bytes of a partial block contained in
// |buf|.
int buf_len;
// num contains the number of bytes of |iv| which are valid for modes that
// manage partial blocks themselves.
unsigned num;
// final_used is non-zero if the |final| buffer contains plaintext.
int final_used;
uint8_t final[EVP_MAX_BLOCK_LENGTH]; // possible final block
// Has this structure been rendered unusable by a failure.
int poisoned;
} /* EVP_CIPHER_CTX */;
typedef struct evp_cipher_info_st {
const EVP_CIPHER *cipher;
unsigned char iv[EVP_MAX_IV_LENGTH];
} EVP_CIPHER_INFO;
// AES-CBC stitch ctrl method constants
// EVP_CTRL_AEAD_TLS1_AAD is a control command for |EVP_CIPHER_CTX_ctrl| to set
// the length of the TLS additional authenticated data
#define EVP_CTRL_AEAD_TLS1_AAD 0x16
// EVP_AEAD_TLS1_AAD_LEN is the length of the additional authenticated data from
// RFC 5246.
#define EVP_AEAD_TLS1_AAD_LEN 13
#if defined(__cplusplus)
} // extern C
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(EVP_CIPHER_CTX, EVP_CIPHER_CTX_free)
using ScopedEVP_CIPHER_CTX =
internal::StackAllocated<EVP_CIPHER_CTX, int, EVP_CIPHER_CTX_init,
EVP_CIPHER_CTX_cleanup>;
BSSL_NAMESPACE_END
} // extern C++
#endif
#endif
#define CIPHER_R_AES_KEY_SETUP_FAILED 100
#define CIPHER_R_BAD_DECRYPT 101
#define CIPHER_R_BAD_KEY_LENGTH 102
#define CIPHER_R_BUFFER_TOO_SMALL 103
#define CIPHER_R_CTRL_NOT_IMPLEMENTED 104
#define CIPHER_R_CTRL_OPERATION_NOT_IMPLEMENTED 105
#define CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 106
#define CIPHER_R_INITIALIZATION_ERROR 107
#define CIPHER_R_INPUT_NOT_INITIALIZED 108
#define CIPHER_R_INVALID_AD_SIZE 109
#define CIPHER_R_INVALID_KEY_LENGTH 110
#define CIPHER_R_INVALID_NONCE_SIZE 111
#define CIPHER_R_INVALID_OPERATION 112
#define CIPHER_R_IV_TOO_LARGE 113
#define CIPHER_R_NO_CIPHER_SET 114
#define CIPHER_R_OUTPUT_ALIASES_INPUT 115
#define CIPHER_R_TAG_TOO_LARGE 116
#define CIPHER_R_TOO_LARGE 117
#define CIPHER_R_UNSUPPORTED_AD_SIZE 118
#define CIPHER_R_UNSUPPORTED_INPUT_SIZE 119
#define CIPHER_R_UNSUPPORTED_KEY_SIZE 120
#define CIPHER_R_UNSUPPORTED_NONCE_SIZE 121
#define CIPHER_R_UNSUPPORTED_TAG_SIZE 122
#define CIPHER_R_WRONG_FINAL_BLOCK_LENGTH 123
#define CIPHER_R_NO_DIRECTION_SET 124
#define CIPHER_R_INVALID_NONCE 125
#define CIPHER_R_XTS_DUPLICATED_KEYS 138
#define CIPHER_R_XTS_DATA_UNIT_IS_TOO_LARGE 139
#define CIPHER_R_CTRL_OPERATION_NOT_PERFORMED 140
#define CIPHER_R_SERIALIZATION_INVALID_EVP_AEAD_CTX 141
#define CIPHER_R_ALIGNMENT_CHANGED 142
#define CIPHER_R_SERIALIZATION_INVALID_SERDE_VERSION 143
#define CIPHER_R_SERIALIZATION_INVALID_CIPHER_ID 144
#endif // OPENSSL_HEADER_CIPHER_H

86
vendor/aws-lc-sys/aws-lc/include/openssl/cmac.h vendored Normal file
View File

@@ -0,0 +1,86 @@
// Copyright (c) 2015, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_CMAC_H
#define OPENSSL_HEADER_CMAC_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// CMAC.
//
// CMAC is a MAC based on AES-CBC and defined in
// https://tools.ietf.org/html/rfc4493#section-2.3.
// One-shot functions.
// AES_CMAC calculates the 16-byte, CMAC authenticator of |in_len| bytes of
// |in| and writes it to |out|. The |key_len| may be 16 or 32 bytes to select
// between AES-128 and AES-256. It returns one on success or zero on error.
OPENSSL_EXPORT int AES_CMAC(uint8_t out[16], const uint8_t *key, size_t key_len,
const uint8_t *in, size_t in_len);
// Incremental interface.
// CMAC_CTX_new allocates a fresh |CMAC_CTX| and returns it, or NULL on
// error.
OPENSSL_EXPORT CMAC_CTX *CMAC_CTX_new(void);
// CMAC_CTX_free frees a |CMAC_CTX|.
OPENSSL_EXPORT void CMAC_CTX_free(CMAC_CTX *ctx);
// CMAC_CTX_copy sets |out| to be a duplicate of the current state |in|. It
// returns one on success and zero on error.
OPENSSL_EXPORT int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in);
// CMAC_Init configures |ctx| to use the given |key| and |cipher|. The CMAC RFC
// only specifies the use of AES-128 thus |key_len| should be 16 and |cipher|
// should be |EVP_aes_128_cbc()|. However, this implementation also supports
// AES-256 by setting |key_len| to 32 and |cipher| to |EVP_aes_256_cbc()|. The
// |engine| argument is ignored.
//
// It returns one on success or zero on error.
OPENSSL_EXPORT int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t key_len,
const EVP_CIPHER *cipher, ENGINE *engine);
// CMAC_Reset resets |ctx| so that a fresh message can be authenticated.
OPENSSL_EXPORT int CMAC_Reset(CMAC_CTX *ctx);
// CMAC_Update processes |in_len| bytes of message from |in|. It returns one on
// success or zero on error.
OPENSSL_EXPORT int CMAC_Update(CMAC_CTX *ctx, const uint8_t *in, size_t in_len);
// CMAC_Final sets |*out_len| to 16 and, if |out| is not NULL, writes 16 bytes
// of authenticator to it. It returns one on success or zero on error.
OPENSSL_EXPORT int CMAC_Final(CMAC_CTX *ctx, uint8_t *out, size_t *out_len);
// Deprecated functions.
// CMAC_CTX_get0_cipher_ctx returns a pointer to the |EVP_CIPHER_CTX| from |ctx|.
OPENSSL_EXPORT EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx);
#if defined(__cplusplus)
} // extern C
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(CMAC_CTX, CMAC_CTX_free)
BSSL_NAMESPACE_END
} // extern C++
#endif
#endif // OPENSSL_HEADER_CMAC_H

144
vendor/aws-lc-sys/aws-lc/include/openssl/conf.h vendored Normal file
View File

@@ -0,0 +1,144 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_CONF_H
#define OPENSSL_HEADER_CONF_H
#include <openssl/base.h>
#include <openssl/lhash.h>
#include <openssl/stack.h>
#if defined(__cplusplus)
extern "C" {
#endif
// Config files.
//
// This library handles OpenSSL's config files, which look like:
//
// # Comment
//
// # This key is in the default section.
// key=value
//
// [section_name]
// key2=value2
//
// Config files are represented by a |CONF|. Use of this module is strongly
// discouraged. It is a remnant of the OpenSSL command-line tool. Parsing an
// untrusted input as a config file risks string injection and denial of service
// vulnerabilities.
struct conf_value_st {
char *section;
char *name;
char *value;
};
DEFINE_STACK_OF(CONF_VALUE)
DECLARE_LHASH_OF(CONF_VALUE)
struct conf_st {
LHASH_OF(CONF_VALUE) *data;
};
// NCONF_new returns a fresh, empty |CONF|, or NULL on error. The |method|
// argument must be NULL.
OPENSSL_EXPORT CONF *NCONF_new(void *method);
// NCONF_free frees all the data owned by |conf| and then |conf| itself.
OPENSSL_EXPORT void NCONF_free(CONF *conf);
// NCONF_load parses the file named |filename| and adds the values found to
// |conf|. It returns one on success and zero on error. In the event of an
// error, if |out_error_line| is not NULL, |*out_error_line| is set to the
// number of the line that contained the error.
OPENSSL_EXPORT int NCONF_load(CONF *conf, const char *filename,
long *out_error_line);
// NCONF_load_bio acts like |NCONF_load| but reads from |bio| rather than from
// a named file.
OPENSSL_EXPORT int NCONF_load_bio(CONF *conf, BIO *bio, long *out_error_line);
// NCONF_get_section returns a stack of values for a given section in |conf|.
// If |section| is NULL, the default section is returned. It returns NULL on
// error.
OPENSSL_EXPORT const STACK_OF(CONF_VALUE) *NCONF_get_section(
const CONF *conf, const char *section);
// NCONF_get_string returns the value of the key |name|, in section |section|.
// The |section| argument may be NULL to indicate the default section. It
// returns the value or NULL on error.
OPENSSL_EXPORT const char *NCONF_get_string(const CONF *conf,
const char *section,
const char *name);
// General No-op Functions [Deprecated].
//
// AWS-LC has no support for loading config files to configure AWS-LC, so
// the following functions have been deprecated as no-ops.
// These defines do nothing but are provided to make old code easier to
// compile.
#define CONF_MFLAGS_DEFAULT_SECTION 0
#define CONF_MFLAGS_IGNORE_MISSING_FILE 0
// CONF_modules_load_file returns one. AWS-LC is defined to have no config
// file options, thus loading from |filename| always succeeds by doing nothing.
OPENSSL_EXPORT OPENSSL_DEPRECATED int CONF_modules_load_file(
const char *filename, const char *appname, unsigned long flags);
// CONF_get1_default_config_file returns a fixed dummy string. AWS-LC is defined
// to have no config file options.
OPENSSL_EXPORT OPENSSL_DEPRECATED char *CONF_get1_default_config_file(void);
// CONF_modules_free does nothing.
OPENSSL_EXPORT OPENSSL_DEPRECATED void CONF_modules_free(void);
// CONF_modules_unload does nothing.
OPENSSL_EXPORT OPENSSL_DEPRECATED void CONF_modules_unload(int all);
// CONF_modules_finish does nothing.
OPENSSL_EXPORT OPENSSL_DEPRECATED void CONF_modules_finish(void);
// OPENSSL_config does nothing. This has been deprecated since OpenSSL 1.1.0.
//
// TODO (CryptoAlg-2398): Add |OPENSSL_DEPRECATED|. nginx defines -Werror and
// depends on this.
OPENSSL_EXPORT void OPENSSL_config(const char *config_name);
// OPENSSL_no_config does nothing. This has been deprecated since OpenSSL
// 1.1.0.
OPENSSL_EXPORT OPENSSL_DEPRECATED void OPENSSL_no_config(void);
#if defined(__cplusplus)
} // extern C
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(CONF, NCONF_free)
BSSL_NAMESPACE_END
} // extern C++
#endif
#define CONF_R_LIST_CANNOT_BE_NULL 100
#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 101
#define CONF_R_MISSING_EQUAL_SIGN 102
#define CONF_R_NO_CLOSE_BRACE 103
#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 104
#define CONF_R_VARIABLE_HAS_NO_VALUE 105
#define CONF_R_VARIABLE_EXPANSION_TOO_LONG 106
#define CONF_R_VARIABLE_EXPANSION_NOT_SUPPORTED 107
#define CONF_R_NO_CLOSE_QUOTE 108
#endif // OPENSSL_HEADER_THREAD_H

7
vendor/aws-lc-sys/aws-lc/include/openssl/cpu.h vendored Normal file
View File

@@ -0,0 +1,7 @@
// Copyright (c) 2014, Google Inc.
// SPDX-License-Identifier: ISC
// This header is provided for compatibility with older revisions of BoringSSL.
// TODO(davidben): Remove this header.
#include "crypto.h"

210
vendor/aws-lc-sys/aws-lc/include/openssl/crypto.h vendored Normal file
View File

@@ -0,0 +1,210 @@
// Copyright (c) 2014, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_CRYPTO_H
#define OPENSSL_HEADER_CRYPTO_H
#include <openssl/base.h>
#include <openssl/err.h>
#include <openssl/sha.h>
// Upstream OpenSSL defines |OPENSSL_malloc|, etc., in crypto.h rather than
// mem.h.
#include <openssl/mem.h>
// Upstream OpenSSL defines |CRYPTO_LOCK|, etc., in crypto.h rather than
// thread.h.
#include <openssl/thread.h>
#if defined(__cplusplus)
extern "C" {
#endif
// crypto.h contains functions for initializing the crypto library.
// CRYPTO_library_init initializes the crypto library. It must be called if the
// library is built with BORINGSSL_NO_STATIC_INITIALIZER. Otherwise, it does
// nothing and a static initializer is used instead. It is safe to call this
// function multiple times and concurrently from multiple threads.
//
// On some ARM configurations, this function may require filesystem access and
// should be called before entering a sandbox.
OPENSSL_EXPORT void CRYPTO_library_init(void);
// CRYPTO_is_confidential_build returns one if the linked version of BoringSSL
// has been built with the BORINGSSL_CONFIDENTIAL define and zero otherwise.
//
// This is used by some consumers to identify whether they are using an
// internal version of BoringSSL.
OPENSSL_EXPORT int CRYPTO_is_confidential_build(void);
// CRYPTO_has_asm returns one unless BoringSSL was built with OPENSSL_NO_ASM,
// in which case it returns zero.
OPENSSL_EXPORT int CRYPTO_has_asm(void);
// BORINGSSL_self_test triggers the FIPS KAT-based self tests. It returns one on
// success and zero on error.
OPENSSL_EXPORT int BORINGSSL_self_test(void);
// BORINGSSL_integrity_test triggers the module's integrity test where the code
// and data of the module is matched against a hash injected at build time. It
// returns one on success or zero if there's a mismatch. This function only
// exists if the module was built in FIPS mode without ASAN.
OPENSSL_EXPORT int BORINGSSL_integrity_test(void);
// CRYPTO_pre_sandbox_init initializes the crypto library, pre-acquiring some
// unusual resources to aid running in sandboxed environments. It is safe to
// call this function multiple times and concurrently from multiple threads.
//
// For more details on using BoringSSL in a sandboxed environment, see
// SANDBOXING.md in the source tree.
OPENSSL_EXPORT void CRYPTO_pre_sandbox_init(void);
#if defined(OPENSSL_ARM) && defined(OPENSSL_LINUX) && \
!defined(OPENSSL_STATIC_ARMCAP)
// CRYPTO_has_broken_NEON returns zero.
OPENSSL_EXPORT int CRYPTO_has_broken_NEON(void);
// CRYPTO_needs_hwcap2_workaround returns one if the ARMv8 AArch32 AT_HWCAP2
// workaround was needed. See https://crbug.com/boringssl/46.
OPENSSL_EXPORT int CRYPTO_needs_hwcap2_workaround(void);
#endif // OPENSSL_ARM && OPENSSL_LINUX && !OPENSSL_STATIC_ARMCAP
// Data-Independent Timing (DIT) on AArch64
#if defined(OPENSSL_AARCH64) && (defined(OPENSSL_LINUX) || defined(OPENSSL_APPLE))
// (TODO): See if we can detect the DIT capability in Windows environment
#define AARCH64_DIT_SUPPORTED
#endif
#if defined(AARCH64_DIT_SUPPORTED)
// armv8_disable_dit is a runtime disabler of the DIT capability.
// It results in CRYPTO_is_ARMv8_DIT_capable() returning 0 even if the
// capability exists.
// Important: This runtime control is provided to users that would use
// the build flag ENABLE_DATA_INDEPENDENT_TIMING, but would
// then disable DIT capability at runtime. This is ideally done in
// an initialization routine of AWS-LC before any threads are spawn.
// Otherwise, there may be data races created because this function writes
// to |OPENSSL_armcap_P|.
OPENSSL_EXPORT void armv8_disable_dit(void);
// armv8_enable_dit is a runtime enabler of the DIT capability. If
// |armv8_disable_dit| was used to disable the DIT capability, this function
// makes it available again.
// Important: See note in |armv8_disable_dit|.
OPENSSL_EXPORT void armv8_enable_dit(void);
#endif // AARCH64_DIT_SUPPORTED
// FIPS monitoring
// FIPS_mode returns zero unless BoringSSL is built with BORINGSSL_FIPS, in
// which case it returns one.
OPENSSL_EXPORT int FIPS_mode(void);
// FIPS_is_entropy_cpu_jitter returns 1 if CPU jitter is used as the entropy source
// for AWS-LC. Otherwise, returns 0;
OPENSSL_EXPORT int FIPS_is_entropy_cpu_jitter(void);
// Deprecated functions.
// OPENSSL_VERSION_TEXT contains a string the identifies the version of
// “OpenSSL”. node.js requires a version number in this text.
#define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1 (compatible; AWS-LC " AWSLC_VERSION_NUMBER_STRING ")"
#define OPENSSL_VERSION 0
#define OPENSSL_CFLAGS 1
#define OPENSSL_BUILT_ON 2
#define OPENSSL_PLATFORM 3
#define OPENSSL_DIR 4
// OpenSSL_version is a compatibility function that returns the string
// "AWS-LC" with the AWS-LC version number appended if |which| is
// |OPENSSL_VERSION| and placeholder strings otherwise.
OPENSSL_EXPORT const char *OpenSSL_version(int which);
#define SSLEAY_VERSION OPENSSL_VERSION
#define SSLEAY_CFLAGS OPENSSL_CFLAGS
#define SSLEAY_BUILT_ON OPENSSL_BUILT_ON
#define SSLEAY_PLATFORM OPENSSL_PLATFORM
#define SSLEAY_DIR OPENSSL_DIR
// SSLeay_version calls |OpenSSL_version|.
OPENSSL_EXPORT const char *SSLeay_version(int which);
// SSLeay is a compatibility function that returns OPENSSL_VERSION_NUMBER from
// base.h.
OPENSSL_EXPORT unsigned long SSLeay(void);
// OpenSSL_version_num is a compatibility function that returns
// OPENSSL_VERSION_NUMBER from base.h.
OPENSSL_EXPORT unsigned long OpenSSL_version_num(void);
OPENSSL_EXPORT unsigned long awslc_api_version_num(void);
// CRYPTO_malloc_init returns one.
OPENSSL_EXPORT int CRYPTO_malloc_init(void);
// OPENSSL_malloc_init returns one.
OPENSSL_EXPORT int OPENSSL_malloc_init(void);
// ENGINE_load_builtin_engines does nothing.
OPENSSL_DEPRECATED OPENSSL_EXPORT void ENGINE_load_builtin_engines(void);
// ENGINE_register_all_ciphers does nothing.
OPENSSL_DEPRECATED OPENSSL_EXPORT void ENGINE_register_all_ciphers(void);
// ENGINE_register_all_digests does nothing.
OPENSSL_DEPRECATED OPENSSL_EXPORT void ENGINE_register_all_digests(void);
// ENGINE_register_all_complete returns one.
OPENSSL_DEPRECATED OPENSSL_EXPORT int ENGINE_register_all_complete(void);
// OPENSSL_load_builtin_modules does nothing.
OPENSSL_EXPORT void OPENSSL_load_builtin_modules(void);
// AWS-LC does not support custom flags when initializing the library, these
// values are included to simplify building other software that expects them.
#define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0
#define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0
#define OPENSSL_INIT_ADD_ALL_CIPHERS 0
#define OPENSSL_INIT_ADD_ALL_DIGESTS 0
#define OPENSSL_INIT_NO_ADD_ALL_CIPHERS 0
#define OPENSSL_INIT_NO_ADD_ALL_DIGESTS 0
#define OPENSSL_INIT_LOAD_CONFIG 0
#define OPENSSL_INIT_NO_LOAD_CONFIG 0
#define OPENSSL_INIT_ENGINE_ALL_BUILTIN 0
// OPENSSL_init_crypto calls |CRYPTO_library_init| and returns one.
OPENSSL_EXPORT int OPENSSL_init_crypto(uint64_t opts,
const OPENSSL_INIT_SETTINGS *settings);
// OPENSSL_init does nothing.
OPENSSL_EXPORT void OPENSSL_init(void);
// OPENSSL_cleanup does nothing.
OPENSSL_EXPORT void OPENSSL_cleanup(void);
// FIPS_mode_set returns one if |on| matches whether BoringSSL was built with
// |BORINGSSL_FIPS| and zero otherwise.
OPENSSL_EXPORT int FIPS_mode_set(int on);
// CRYPTO_mem_ctrl intentionally does nothing and returns 0.
// AWS-LC defines |OPENSSL_NO_CRYPTO_MDEBUG| by default.
// These are related to memory debugging functionalities provided by OpenSSL,
// but are not supported in AWS-LC.
OPENSSL_EXPORT OPENSSL_DEPRECATED int CRYPTO_mem_ctrl(int mode);
#define CRYPTO_MEM_CHECK_ON 0
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_CRYPTO_H

72
vendor/aws-lc-sys/aws-lc/include/openssl/ctrdrbg.h vendored Normal file
View File

@@ -0,0 +1,72 @@
// Copyright (c) 2022, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_CTRDRBG_H
#define OPENSSL_HEADER_CTRDRBG_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// FIPS pseudo-random number generator.
// CTR-DRBG state objects.
//
// CTR_DRBG_STATE contains the state of a FIPS AES-CTR-based pseudo-random
// number generator. If BoringSSL was built in FIPS mode then this is a FIPS
// Approved algorithm.
// CTR_DRBG_ENTROPY_LEN is the number of bytes of input entropy. See SP
// 800-90Ar1, table 3.
#define CTR_DRBG_ENTROPY_LEN 48
// CTR_DRBG_MAX_GENERATE_LENGTH is the maximum number of bytes that can be
// generated in a single call to |CTR_DRBG_generate|.
#define CTR_DRBG_MAX_GENERATE_LENGTH 65536
// CTR_DRBG_new returns an initialized |CTR_DRBG_STATE|, or NULL if either
// allocation failed or if |personalization_len| is invalid.
OPENSSL_EXPORT CTR_DRBG_STATE *CTR_DRBG_new(
const uint8_t entropy[CTR_DRBG_ENTROPY_LEN], const uint8_t *personalization,
size_t personalization_len);
// CTR_DRBG_free frees |state| if non-NULL, or else does nothing.
OPENSSL_EXPORT void CTR_DRBG_free(CTR_DRBG_STATE* state);
// CTR_DRBG_reseed reseeds |drbg| given |CTR_DRBG_ENTROPY_LEN| bytes of entropy
// in |entropy| and, optionally, up to |CTR_DRBG_ENTROPY_LEN| bytes of
// additional data. It returns one on success or zero on error. |entropy| and
// |additional_data| must not alias.
OPENSSL_EXPORT int CTR_DRBG_reseed(CTR_DRBG_STATE *drbg,
const uint8_t entropy[CTR_DRBG_ENTROPY_LEN],
const uint8_t *additional_data,
size_t additional_data_len);
// CTR_DRBG_generate processes to up |CTR_DRBG_ENTROPY_LEN| bytes of additional
// data (if any) and then writes |out_len| random bytes to |out|, where
// |out_len| <= |CTR_DRBG_MAX_GENERATE_LENGTH|. It returns one on success or
// zero on error.
OPENSSL_EXPORT int CTR_DRBG_generate(CTR_DRBG_STATE *drbg, uint8_t *out,
size_t out_len,
const uint8_t *additional_data,
size_t additional_data_len);
// CTR_DRBG_clear zeroises the state of |drbg|.
OPENSSL_EXPORT void CTR_DRBG_clear(CTR_DRBG_STATE *drbg);
#if defined(__cplusplus)
} // extern C
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(CTR_DRBG_STATE, CTR_DRBG_free)
BSSL_NAMESPACE_END
} // extern C++
#endif
#endif // OPENSSL_HEADER_CTRDRBG_H

253
vendor/aws-lc-sys/aws-lc/include/openssl/curve25519.h vendored Normal file
View File

@@ -0,0 +1,253 @@
// Copyright (c) 2015, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_CURVE25519_H
#define OPENSSL_HEADER_CURVE25519_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// Curve25519.
//
// Curve25519 is an elliptic curve. See https://tools.ietf.org/html/rfc7748.
// X25519.
//
// X25519 is the Diffie-Hellman primitive built from curve25519. It is
// sometimes referred to as “curve25519”, but “X25519” is a more precise name.
// See http://cr.yp.to/ecdh.html and https://tools.ietf.org/html/rfc7748.
#define X25519_PRIVATE_KEY_LEN 32
#define X25519_PUBLIC_VALUE_LEN 32
#define X25519_SHARED_KEY_LEN 32
// X25519_keypair sets |out_public_value| and |out_private_key| to a freshly
// generated, publicprivate key pair.
OPENSSL_EXPORT void X25519_keypair(
uint8_t out_public_value[X25519_PUBLIC_VALUE_LEN],
uint8_t out_private_key[X25519_PRIVATE_KEY_LEN]);
// X25519 writes a shared key to |out_shared_key| that is calculated from the
// given private key and the peer's public value. It returns one on success and
// zero on error.
//
// Don't use the shared key directly, rather use a KDF and also include the two
// public values as inputs.
OPENSSL_EXPORT int X25519(uint8_t out_shared_key[X25519_SHARED_KEY_LEN],
const uint8_t private_key[X25519_PRIVATE_KEY_LEN],
const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN]);
// X25519_public_from_private calculates a Diffie-Hellman public value from the
// given private key and writes it to |out_public_value|.
OPENSSL_EXPORT void X25519_public_from_private(
uint8_t out_public_value[X25519_PUBLIC_VALUE_LEN],
const uint8_t private_key[X25519_PRIVATE_KEY_LEN]);
// Ed25519.
//
// Ed25519 is a signature scheme using a twisted-Edwards curve that is
// birationally equivalent to curve25519.
//
// Note that, unlike RFC 8032's formulation, our private key representation
// includes a public key suffix to make multiple key signing operations with the
// same key more efficient. The RFC 8032 private key is referred to in this
// implementation as the "seed" and is the first 32 bytes of our private key.
#define ED25519_PRIVATE_KEY_LEN 64
#define ED25519_PRIVATE_KEY_SEED_LEN 32
#define ED25519_PUBLIC_KEY_LEN 32
#define ED25519_SIGNATURE_LEN 64
#define ED25519_SEED_LEN 32
// ED25519_keypair sets |out_public_key| and |out_private_key| to a freshly
// generated, publicprivate key pair.
OPENSSL_EXPORT void ED25519_keypair(uint8_t out_public_key[ED25519_PUBLIC_KEY_LEN],
uint8_t out_private_key[ED25519_PRIVATE_KEY_LEN]);
// ED25519_sign sets |out_sig| to be a signature of |message_len| bytes from
// |message| using |private_key|. It returns one on success or zero on
// allocation failure.
OPENSSL_EXPORT int ED25519_sign(uint8_t out_sig[ED25519_SIGNATURE_LEN],
const uint8_t *message, size_t message_len,
const uint8_t private_key[ED25519_PRIVATE_KEY_LEN]);
// ED25519_verify returns one iff |signature| is a valid signature, by
// |public_key| of |message_len| bytes from |message|. It returns zero
// otherwise.
OPENSSL_EXPORT int ED25519_verify(const uint8_t *message, size_t message_len,
const uint8_t signature[ED25519_SIGNATURE_LEN],
const uint8_t public_key[ED25519_PUBLIC_KEY_LEN]);
// ED25519ctx_sign sets |out_sig| to be a Ed25519ctx (RFC 8032) pure signature
// of |message_len| bytes from |message| using |private_key|, and the provided
// |context_len| bytes for |context|. |context_len| must be greater than zero,
// but no more than 255. It returns one on success or zero on failure.
OPENSSL_EXPORT int ED25519ctx_sign(
uint8_t out_sig[ED25519_SIGNATURE_LEN],
const uint8_t *message, size_t message_len,
const uint8_t private_key[ED25519_PRIVATE_KEY_LEN],
const uint8_t *context, size_t context_len);
// ED25519ctx_verify returns one iff |signature| is a valid Ed25519ctx pure
// signature, by |public_key| of |message_len| bytes from |message|, and
// |context_len| bytes from |context|. |context_len| must be greater than zero,
// but no more than 255. It returns zero otherwise.
OPENSSL_EXPORT int ED25519ctx_verify(const uint8_t *message, size_t message_len,
const uint8_t signature[ED25519_SIGNATURE_LEN],
const uint8_t public_key[ED25519_PUBLIC_KEY_LEN],
const uint8_t *context, size_t context_len);
// ED25519ph_sign sets |out_sig| to be a Ed25519ph (RFC 8032) / HashEdDSA
// signature of |message_len| bytes from |message| using |private_key|, and the
// provided |context_len| bytes for |context|. |context_len| may be zero, but no
// more than 255. It returns one on success or zero on failure.
OPENSSL_EXPORT int ED25519ph_sign(
uint8_t out_sig[ED25519_SIGNATURE_LEN],
const uint8_t *message, size_t message_len,
const uint8_t private_key[ED25519_PRIVATE_KEY_LEN],
const uint8_t *context, size_t context_len);
// ED25519ph_verify returns one iff |signature| is a valid Ed25519ph (RFC 8032)
// / HashEdDSA signature, by |public_key| of |message_len| bytes from |message|,
// and |context_len| bytes from |context|. |context_len| may be zero, but no
// more than 255. It returns zero otherwise.
OPENSSL_EXPORT int ED25519ph_verify(const uint8_t *message, size_t message_len,
const uint8_t signature[ED25519_SIGNATURE_LEN],
const uint8_t public_key[ED25519_PUBLIC_KEY_LEN],
const uint8_t *context, size_t context_len);
// ED25519ph_sign_digest sets |out_sig| to be a Ed25519ph (RFC 8032) / HashEdDSA
// signature of a pre-computed SHA-512 message digest |digest| using
// |private_key|, and the provided |context_len| bytes for |context|.
// |context_len| may be zero, but no more than 255.
// It returns one on success or zero on failure.
OPENSSL_EXPORT int ED25519ph_sign_digest(
uint8_t out_sig[ED25519_SIGNATURE_LEN],
const uint8_t digest[64],
const uint8_t private_key[ED25519_PRIVATE_KEY_LEN],
const uint8_t *context, size_t context_len);
// ED25519ph_verify_digest returns one iff |signature| is a valid Ed25519ph (RFC
// 8032) / HashEdDSA signature, by |public_key| of a pre-computed SHA-512
// message digest |digest|, and |context_len| bytes from |context|.
// |context_len| may be zero, but no more than 255.
// It returns zero otherwise.
OPENSSL_EXPORT int ED25519ph_verify_digest(const uint8_t digest[64],
const uint8_t signature[ED25519_SIGNATURE_LEN],
const uint8_t public_key[ED25519_PUBLIC_KEY_LEN],
const uint8_t *context, size_t context_len);
// ED25519_keypair_from_seed calculates a public and private key from an
// Ed25519 “seed”. Seed values are not exposed by this API (although they
// happen to be the first 32 bytes of a private key) so this function is for
// interoperating with systems that may store just a seed instead of a full
// private key.
OPENSSL_EXPORT void ED25519_keypair_from_seed(uint8_t out_public_key[ED25519_PUBLIC_KEY_LEN],
uint8_t out_private_key[ED25519_PRIVATE_KEY_LEN],
const uint8_t seed[ED25519_SEED_LEN]);
// SPAKE2.
//
// SPAKE2 is a password-authenticated key-exchange. It allows two parties,
// who share a low-entropy secret (i.e. password), to agree on a shared key.
// An attacker can only make one guess of the password per execution of the
// protocol.
//
// See https://tools.ietf.org/html/draft-irtf-cfrg-spake2-02.
// spake2_role_t enumerates the different “roles” in SPAKE2. The protocol
// requires that the symmetry of the two parties be broken so one participant
// must be “Alice” and the other be “Bob”.
enum spake2_role_t {
spake2_role_alice,
spake2_role_bob
};
// SPAKE2_CTX_new creates a new |SPAKE2_CTX| (which can only be used for a
// single execution of the protocol). SPAKE2 requires the symmetry of the two
// parties to be broken which is indicated via |my_role| each party must pass
// a different value for this argument.
//
// The |my_name| and |their_name| arguments allow optional, opaque names to be
// bound into the protocol. For example MAC addresses, hostnames, usernames
// etc. These values are not exposed and can avoid context-confusion attacks
// when a password is shared between several devices.
OPENSSL_EXPORT SPAKE2_CTX *SPAKE2_CTX_new(
enum spake2_role_t my_role,
const uint8_t *my_name, size_t my_name_len,
const uint8_t *their_name, size_t their_name_len);
// SPAKE2_CTX_free frees |ctx| and all the resources that it has allocated.
OPENSSL_EXPORT void SPAKE2_CTX_free(SPAKE2_CTX *ctx);
// SPAKE2_MAX_MSG_SIZE is the maximum size of a SPAKE2 message.
#define SPAKE2_MAX_MSG_SIZE 32
// SPAKE2_generate_msg generates a SPAKE2 message given |password|, writes
// it to |out| and sets |*out_len| to the number of bytes written.
//
// At most |max_out_len| bytes are written to |out| and, in order to ensure
// success, |max_out_len| should be at least |SPAKE2_MAX_MSG_SIZE| bytes.
//
// This function can only be called once for a given |SPAKE2_CTX|.
//
// It returns one on success and zero on error.
OPENSSL_EXPORT int SPAKE2_generate_msg(SPAKE2_CTX *ctx, uint8_t *out,
size_t *out_len, size_t max_out_len,
const uint8_t *password,
size_t password_len);
// SPAKE2_MAX_KEY_SIZE is the maximum amount of key material that SPAKE2 will
// produce.
#define SPAKE2_MAX_KEY_SIZE 64
// SPAKE2_process_msg completes the SPAKE2 exchange given the peer's message in
// |their_msg|, writes at most |max_out_key_len| bytes to |out_key| and sets
// |*out_key_len| to the number of bytes written.
//
// The resulting keying material is suitable for:
// - Using directly in a key-confirmation step: i.e. each side could
// transmit a hash of their role, a channel-binding value and the key
// material to prove to the other side that they know the shared key.
// - Using as input keying material to HKDF to generate a variety of subkeys
// for encryption etc.
//
// If |max_out_key_key| is smaller than the amount of key material generated
// then the key is silently truncated. If you want to ensure that no truncation
// occurs then |max_out_key| should be at least |SPAKE2_MAX_KEY_SIZE|.
//
// You must call |SPAKE2_generate_msg| on a given |SPAKE2_CTX| before calling
// this function. On successful return, |ctx| is complete and calling
// |SPAKE2_CTX_free| is the only acceptable operation on it.
//
// Returns one on success or zero on error.
OPENSSL_EXPORT int SPAKE2_process_msg(SPAKE2_CTX *ctx, uint8_t *out_key,
size_t *out_key_len,
size_t max_out_key_len,
const uint8_t *their_msg,
size_t their_msg_len);
#if defined(__cplusplus)
} // extern C
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(SPAKE2_CTX, SPAKE2_CTX_free)
BSSL_NAMESPACE_END
} // extern C++
#endif
#endif // OPENSSL_HEADER_CURVE25519_H

113
vendor/aws-lc-sys/aws-lc/include/openssl/des.h vendored Normal file
View File

@@ -0,0 +1,113 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_DES_H
#define OPENSSL_HEADER_DES_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// DES.
//
// This module is deprecated and retained for legacy reasons only. It is slow
// and may leak key material with timing or cache side channels. Moreover,
// single-keyed DES is broken and can be brute-forced in under a day.
//
// Use a modern cipher, such as AES-GCM or ChaCha20-Poly1305, instead.
typedef struct DES_cblock_st {
uint8_t bytes[8];
} DES_cblock;
typedef struct DES_cblock_st const_DES_cblock;
typedef struct DES_ks {
uint32_t subkeys[16][2];
} DES_key_schedule;
#define DES_KEY_SZ (sizeof(DES_cblock))
#define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))
#define DES_ENCRYPT 1
#define DES_DECRYPT 0
#define DES_CBC_MODE 0
#define DES_PCBC_MODE 1
// DES_is_weak_key checks if |key| is a weak or semi-weak key, see SP 800-67r2
// section 3.3.2
OPENSSL_EXPORT int DES_is_weak_key(const DES_cblock *key);
// DES_set_key checks that |key| is not weak and the parity before calling
// |DES_set_key_unchecked|. The key schedule is always initialized, the checks
// only affect the return value:
// 0: key is not weak and has odd parity
// -1: key is not odd
// -2: key is a weak key, the parity might also be even
OPENSSL_EXPORT int DES_set_key(const DES_cblock *key, DES_key_schedule *schedule);
// DES_set_key_unchecked performs a key schedule and initialises |schedule| with |key|.
OPENSSL_EXPORT void DES_set_key_unchecked(const DES_cblock *key, DES_key_schedule *schedule);
// DES_key_sched calls |DES_set_key|.
OPENSSL_EXPORT int DES_key_sched(const DES_cblock *key, DES_key_schedule *schedule);
// DES_set_odd_parity sets the parity bits (the least-significant bits in each
// byte) of |key| given the other bits in each byte.
OPENSSL_EXPORT void DES_set_odd_parity(DES_cblock *key);
// DES_ecb_encrypt encrypts (or decrypts, if |is_encrypt| is |DES_DECRYPT|) a
// single DES block (8 bytes) from in to out, using the key configured in
// |schedule|.
OPENSSL_EXPORT void DES_ecb_encrypt(const DES_cblock *in, DES_cblock *out,
const DES_key_schedule *schedule,
int is_encrypt);
// DES_ncbc_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) |len|
// bytes from |in| to |out| with DES in CBC mode.
OPENSSL_EXPORT void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out,
size_t len,
const DES_key_schedule *schedule,
DES_cblock *ivec, int enc);
// DES_ecb3_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) a single
// block (8 bytes) of data from |input| to |output| using 3DES.
OPENSSL_EXPORT void DES_ecb3_encrypt(const DES_cblock *input,
DES_cblock *output,
const DES_key_schedule *ks1,
const DES_key_schedule *ks2,
const DES_key_schedule *ks3,
int enc);
// DES_ede3_cbc_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) |len|
// bytes from |in| to |out| with 3DES in CBC mode. 3DES uses three keys, thus
// the function takes three different |DES_key_schedule|s.
OPENSSL_EXPORT void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out,
size_t len,
const DES_key_schedule *ks1,
const DES_key_schedule *ks2,
const DES_key_schedule *ks3,
DES_cblock *ivec, int enc);
// DES_ede2_cbc_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) |len|
// bytes from |in| to |out| with 3DES in CBC mode. With this keying option, the
// first and third 3DES keys are identical. Thus, this function takes only two
// different |DES_key_schedule|s.
OPENSSL_EXPORT void DES_ede2_cbc_encrypt(const uint8_t *in, uint8_t *out,
size_t len,
const DES_key_schedule *ks1,
const DES_key_schedule *ks2,
DES_cblock *ivec, int enc);
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_DES_H

364
vendor/aws-lc-sys/aws-lc/include/openssl/dh.h vendored Normal file
View File

@@ -0,0 +1,364 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_DH_H
#define OPENSSL_HEADER_DH_H
#include <openssl/base.h>
#include <openssl/thread.h>
#if defined(__cplusplus)
extern "C" {
#endif
// DH contains functions for performing Diffie-Hellman key agreement in
// multiplicative groups.
//
// This module is deprecated and retained for legacy reasons only. It is not
// considered a priority for performance or hardening work. Do not use it in
// new code. Use X25519 or ECDH with P-256 instead.
// Allocation and destruction.
//
// A |DH| object represents a Diffie-Hellman key or group parameters. A given
// object may be used concurrently on multiple threads by non-mutating
// functions, provided no other thread is concurrently calling a mutating
// function. Unless otherwise documented, functions which take a |const| pointer
// are non-mutating and functions which take a non-|const| pointer are mutating.
// DH_new returns a new, empty DH object or NULL on error.
OPENSSL_EXPORT DH *DH_new(void);
// DH_new_by_nid returns the DH specified by |nid|, only NID_ffdhe2048, and
// NID_ffdhe4096 are supported. All other values will return null.
OPENSSL_EXPORT DH *DH_new_by_nid(int nid);
// DH_free decrements the reference count of |dh| and frees it if the reference
// count drops to zero.
OPENSSL_EXPORT void DH_free(DH *dh);
// DH_up_ref increments the reference count of |dh| and returns one. It does not
// mutate |dh| for thread-safety purposes and may be used concurrently.
OPENSSL_EXPORT int DH_up_ref(DH *dh);
// Properties.
// DH_bits returns the size of |dh|'s group modulus, in bits.
OPENSSL_EXPORT unsigned DH_bits(const DH *dh);
// DH_get0_pub_key returns |dh|'s public key.
OPENSSL_EXPORT const BIGNUM *DH_get0_pub_key(const DH *dh);
// DH_get0_priv_key returns |dh|'s private key, or NULL if |dh| is a public key.
OPENSSL_EXPORT const BIGNUM *DH_get0_priv_key(const DH *dh);
// DH_get0_p returns |dh|'s group modulus.
OPENSSL_EXPORT const BIGNUM *DH_get0_p(const DH *dh);
// DH_get0_q returns the size of |dh|'s subgroup, or NULL if it is unset.
OPENSSL_EXPORT const BIGNUM *DH_get0_q(const DH *dh);
// DH_get0_g returns |dh|'s group generator.
OPENSSL_EXPORT const BIGNUM *DH_get0_g(const DH *dh);
// DH_get0_key sets |*out_pub_key| and |*out_priv_key|, if non-NULL, to |dh|'s
// public and private key, respectively. If |dh| is a public key, the private
// key will be set to NULL.
OPENSSL_EXPORT void DH_get0_key(const DH *dh, const BIGNUM **out_pub_key,
const BIGNUM **out_priv_key);
// DH_set0_key sets |dh|'s public and private key to the specified values. If
// NULL, the field is left unchanged. On success, it takes ownership of each
// argument and returns one. Otherwise, it returns zero.
OPENSSL_EXPORT int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
// DH_get0_pqg sets |*out_p|, |*out_q|, and |*out_g|, if non-NULL, to |dh|'s p,
// q, and g parameters, respectively.
OPENSSL_EXPORT void DH_get0_pqg(const DH *dh, const BIGNUM **out_p,
const BIGNUM **out_q, const BIGNUM **out_g);
// DH_set0_pqg sets |dh|'s p, q, and g parameters to the specified values. If
// NULL, the field is left unchanged. On success, it takes ownership of each
// argument and returns one. Otherwise, it returns zero. |q| may be NULL, but
// |p| and |g| must either be specified or already configured on |dh|.
OPENSSL_EXPORT int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
// DH_set_length sets the number of bits to use for the secret exponent when
// calling |DH_generate_key| on |dh| and returns one. If unset,
// |DH_generate_key| will use the bit length of p.
OPENSSL_EXPORT int DH_set_length(DH *dh, unsigned priv_length);
// Standard parameters.
// DH_get_rfc7919_2048 returns the group `ffdhe2048` from
// https://tools.ietf.org/html/rfc7919#appendix-A.1. It returns NULL if out
// of memory.
OPENSSL_EXPORT DH *DH_get_rfc7919_2048(void);
// DH_get_rfc7919_4096 returns the group `ffdhe4096` from
// https://tools.ietf.org/html/rfc7919#appendix-A.3. It returns NULL if out
// of memory.
OPENSSL_EXPORT DH *DH_get_rfc7919_4096(void);
// BN_get_rfc3526_prime_1536 sets |*ret| to the 1536-bit MODP group from RFC
// 3526 and returns |ret|. If |ret| is NULL then a fresh |BIGNUM| is allocated
// and returned. It returns NULL on allocation failure. The generator for this
// group is 2.
OPENSSL_EXPORT BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *ret);
// BN_get_rfc3526_prime_2048 sets |*ret| to the 2048-bit MODP group from RFC
// 3526 and returns |ret|. If |ret| is NULL then a fresh |BIGNUM| is allocated
// and returned. It returns NULL on allocation failure. The generator for this
// group is 2.
OPENSSL_EXPORT BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *ret);
// BN_get_rfc3526_prime_3072 sets |*ret| to the 3072-bit MODP group from RFC
// 3526 and returns |ret|. If |ret| is NULL then a fresh |BIGNUM| is allocated
// and returned. It returns NULL on allocation failure. The generator for this
// group is 2.
OPENSSL_EXPORT BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *ret);
// BN_get_rfc3526_prime_4096 sets |*ret| to the 4096-bit MODP group from RFC
// 3526 and returns |ret|. If |ret| is NULL then a fresh |BIGNUM| is allocated
// and returned. It returns NULL on allocation failure. The generator for this
// group is 2.
OPENSSL_EXPORT BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *ret);
// BN_get_rfc3526_prime_6144 sets |*ret| to the 6144-bit MODP group from RFC
// 3526 and returns |ret|. If |ret| is NULL then a fresh |BIGNUM| is allocated
// and returned. It returns NULL on allocation failure. The generator for this
// group is 2.
OPENSSL_EXPORT BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *ret);
// BN_get_rfc3526_prime_8192 sets |*ret| to the 8192-bit MODP group from RFC
// 3526 and returns |ret|. If |ret| is NULL then a fresh |BIGNUM| is allocated
// and returned. It returns NULL on allocation failure. The generator for this
// group is 2.
OPENSSL_EXPORT BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *ret);
// Parameter generation.
#define DH_GENERATOR_2 2
#define DH_GENERATOR_5 5
// DH_generate_parameters_ex generates a suitable Diffie-Hellman group with a
// prime that is |prime_bits| long and stores it in |dh|. The generator of the
// group will be |generator|, which should be |DH_GENERATOR_2| unless there's a
// good reason to use a different value. The |cb| argument contains a callback
// function that will be called during the generation. See the documentation in
// |bn.h| about this. In addition to the callback invocations from |BN|, |cb|
// will also be called with |event| equal to three when the generation is
// complete.
OPENSSL_EXPORT int DH_generate_parameters_ex(DH *dh, int prime_bits,
int generator, BN_GENCB *cb);
// Diffie-Hellman operations.
// DH_generate_key generates a new, random, private key and stores it in
// |dh|, if |dh| does not already have a private key. Otherwise, it updates
// |dh|'s public key to match the private key. It returns one on success and
// zero on error.
OPENSSL_EXPORT int DH_generate_key(DH *dh);
// DH_compute_key_padded calculates the shared key between |dh| and |peers_key|
// and writes it as a big-endian integer into |out|, padded up to |DH_size|
// bytes. It returns the number of bytes written, which is always |DH_size|, or
// a negative number on error. |out| must have |DH_size| bytes of space.
//
// WARNING: this differs from the usual BoringSSL return-value convention.
//
// Note this function differs from |DH_compute_key| in that it preserves leading
// zeros in the secret. This function is the preferred variant. It matches PKCS
// #3 and avoids some side channel attacks. However, the two functions are not
// drop-in replacements for each other. Using a different variant than the
// application expects will result in sporadic key mismatches.
//
// Callers that expect a fixed-width secret should use this function over
// |DH_compute_key|. Callers that use either function should migrate to a modern
// primitive such as X25519 or ECDH with P-256 instead.
//
// This function does not mutate |dh| for thread-safety purposes and may be used
// concurrently.
OPENSSL_EXPORT int DH_compute_key_padded(uint8_t *out, const BIGNUM *peers_key,
DH *dh);
// DH_compute_key_hashed calculates the shared key between |dh| and |peers_key|
// and hashes it with the given |digest|. If the hash output is less than
// |max_out_len| bytes then it writes the hash output to |out| and sets
// |*out_len| to the number of bytes written. Otherwise it signals an error. It
// returns one on success or zero on error.
//
// NOTE: this follows the usual BoringSSL return-value convention, but that's
// different from |DH_compute_key| and |DH_compute_key_padded|.
//
// This function does not mutate |dh| for thread-safety purposes and may be used
// concurrently.
OPENSSL_EXPORT int DH_compute_key_hashed(DH *dh, uint8_t *out, size_t *out_len,
size_t max_out_len,
const BIGNUM *peers_key,
const EVP_MD *digest);
// Utility functions.
// DH_size returns the number of bytes in the DH group's prime.
OPENSSL_EXPORT int DH_size(const DH *dh);
// DH_num_bits returns the minimum number of bits needed to represent the
// absolute value of the DH group's prime.
OPENSSL_EXPORT unsigned DH_num_bits(const DH *dh);
#define DH_CHECK_P_NOT_PRIME 0x01
#define DH_CHECK_P_NOT_SAFE_PRIME 0x02
#define DH_CHECK_UNABLE_TO_CHECK_GENERATOR 0x04
#define DH_CHECK_NOT_SUITABLE_GENERATOR 0x08
#define DH_CHECK_Q_NOT_PRIME 0x10
#define DH_CHECK_INVALID_Q_VALUE 0x20
// These are compatibility defines.
#define DH_NOT_SUITABLE_GENERATOR DH_CHECK_NOT_SUITABLE_GENERATOR
#define DH_UNABLE_TO_CHECK_GENERATOR DH_CHECK_UNABLE_TO_CHECK_GENERATOR
// DH_check checks the suitability of |dh| as a Diffie-Hellman group. and sets
// |DH_CHECK_*| flags in |*out_flags| if it finds any errors. It returns one if
// |*out_flags| was successfully set and zero on error.
//
// Note: these checks may be quite computationally expensive.
OPENSSL_EXPORT int DH_check(const DH *dh, int *out_flags);
#define DH_CHECK_PUBKEY_TOO_SMALL 0x1
#define DH_CHECK_PUBKEY_TOO_LARGE 0x2
#define DH_CHECK_PUBKEY_INVALID 0x4
// DH_check_pub_key checks the suitability of |pub_key| as a public key for the
// DH group in |dh| and sets |DH_CHECK_PUBKEY_*| flags in |*out_flags| if it
// finds any errors. It returns one if |*out_flags| was successfully set and
// zero on error.
OPENSSL_EXPORT int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key,
int *out_flags);
// DHparams_dup allocates a fresh |DH| and copies the parameters from |dh| into
// it. It returns the new |DH| or NULL on error.
OPENSSL_EXPORT DH *DHparams_dup(const DH *dh);
// ASN.1 functions.
// DH_parse_parameters decodes a DER-encoded DHParameter structure (PKCS #3)
// from |cbs| and advances |cbs|. It returns a newly-allocated |DH| or NULL on
// error.
OPENSSL_EXPORT DH *DH_parse_parameters(CBS *cbs);
// DH_marshal_parameters marshals |dh| as a DER-encoded DHParameter structure
// (PKCS #3) and appends the result to |cbb|. It returns one on success and zero
// on error.
OPENSSL_EXPORT int DH_marshal_parameters(CBB *cbb, const DH *dh);
// Deprecated functions.
// DH_generate_parameters behaves like |DH_generate_parameters_ex|, which is
// what you should use instead. It returns NULL on error, or a newly-allocated
// |DH| on success. This function is provided for compatibility only.
OPENSSL_EXPORT DH *DH_generate_parameters(int prime_len, int generator,
void (*callback)(int, int, void *),
void *cb_arg);
// d2i_DHparams parses a DER-encoded DHParameter structure (PKCS #3) from |len|
// bytes at |*inp|, as in |d2i_SAMPLE|.
//
// Use |DH_parse_parameters| instead.
OPENSSL_EXPORT DH *d2i_DHparams(DH **ret, const unsigned char **inp, long len);
// i2d_DHparams marshals |in| to a DER-encoded DHParameter structure (PKCS #3),
// as described in |i2d_SAMPLE|.
//
// Use |DH_marshal_parameters| instead.
OPENSSL_EXPORT int i2d_DHparams(const DH *in, unsigned char **outp);
// DH_compute_key behaves like |DH_compute_key_padded| but, contrary to PKCS #3,
// returns a variable-length shared key with leading zeros. It returns the
// number of bytes written, or a negative number on error. |out| must have
// |DH_size| bytes of space.
//
// WARNING: this differs from the usual BoringSSL return-value convention.
//
// Note this function's running time and memory access pattern leaks information
// about the shared secret. Particularly if |dh| is reused, this may result in
// side channel attacks such as https://raccoon-attack.com/.
//
// |DH_compute_key_padded| is the preferred variant and avoids the above
// attacks. However, the two functions are not drop-in replacements for each
// other. Using a different variant than the application expects will result in
// sporadic key mismatches.
//
// Callers that expect a fixed-width secret should use |DH_compute_key_padded|
// instead. Callers that use either function should migrate to a modern
// primitive such as X25519 or ECDH with P-256 instead.
//
// This function does not mutate |dh| for thread-safety purposes and may be used
// concurrently.
OPENSSL_EXPORT int DH_compute_key(uint8_t *out, const BIGNUM *peers_key,
DH *dh);
// DH_get_2048_256 returns the 2048-bit MODP Group with 256-bit Prime Order
// Subgroup from RFC 5114. This function returns a new DH object with standard
// parameters. It returns NULL on allocation failure.
//
// Warning: 2048-256 is no longer an optimal parameter for Diffie-Hellman. No
// one should use finite field Diffie-Hellman anymore.
// This function has been deprecated with no replacement.
OPENSSL_EXPORT DH *DH_get_2048_256(void);
// General No-op Functions [Deprecated].
// DH_clear_flags does nothing and is included to simplify compiling code that
// expects it.
OPENSSL_EXPORT OPENSSL_DEPRECATED void DH_clear_flags(DH *dh, int flags);
// DH_FLAG_CACHE_MONT_P is not supported by AWS-LC and is included to simplify
// compiling code that expects it. This flag controls if the DH APIs should
// cache the montgomery form of the prime to speed up multiplication at the cost
// of increasing memory storage. AWS-LC always does this and does not support
// turning this option off.
//
// NOTE: This is also on by default in OpenSSL.
#define DH_FLAG_CACHE_MONT_P 0
#if defined(__cplusplus)
} // extern C
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(DH, DH_free)
BORINGSSL_MAKE_UP_REF(DH, DH_up_ref)
BSSL_NAMESPACE_END
} // extern C++
#endif
#define DH_R_BAD_GENERATOR 100
#define DH_R_INVALID_PUBKEY 101
#define DH_R_MODULUS_TOO_LARGE 102
#define DH_R_NO_PRIVATE_VALUE 103
#define DH_R_DECODE_ERROR 104
#define DH_R_ENCODE_ERROR 105
#define DH_R_INVALID_NID 106
#define DH_R_INVALID_PARAMETERS 107
#define DH_F_DH_BUILTIN_GENPARAMS 0
#endif // OPENSSL_HEADER_DH_H

373
vendor/aws-lc-sys/aws-lc/include/openssl/digest.h vendored Normal file
View File

@@ -0,0 +1,373 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_DIGEST_H
#define OPENSSL_HEADER_DIGEST_H
#include <stdbool.h>
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// Digest functions.
//
// An EVP_MD abstracts the details of a specific hash function allowing code to
// deal with the concept of a "hash function" without needing to know exactly
// which hash function it is.
// Hash algorithms.
//
// The following functions return |EVP_MD| objects that implement the named hash
// function.
OPENSSL_EXPORT const EVP_MD *EVP_md4(void);
OPENSSL_EXPORT const EVP_MD *EVP_md5(void);
OPENSSL_EXPORT const EVP_MD *EVP_ripemd160(void);
OPENSSL_EXPORT const EVP_MD *EVP_sha1(void);
OPENSSL_EXPORT const EVP_MD *EVP_sha224(void);
OPENSSL_EXPORT const EVP_MD *EVP_sha256(void);
OPENSSL_EXPORT const EVP_MD *EVP_sha384(void);
OPENSSL_EXPORT const EVP_MD *EVP_sha512(void);
OPENSSL_EXPORT const EVP_MD *EVP_sha512_224(void);
OPENSSL_EXPORT const EVP_MD *EVP_sha512_256(void);
OPENSSL_EXPORT const EVP_MD *EVP_sha3_224(void);
OPENSSL_EXPORT const EVP_MD *EVP_sha3_256(void);
OPENSSL_EXPORT const EVP_MD *EVP_sha3_384(void);
OPENSSL_EXPORT const EVP_MD *EVP_sha3_512(void);
OPENSSL_EXPORT const EVP_MD *EVP_shake128(void);
OPENSSL_EXPORT const EVP_MD *EVP_shake256(void);
OPENSSL_EXPORT const EVP_MD *EVP_blake2b256(void);
// EVP_md5_sha1 is a TLS-specific |EVP_MD| which computes the concatenation of
// MD5 and SHA-1, as used in TLS 1.1 and below.
OPENSSL_EXPORT const EVP_MD *EVP_md5_sha1(void);
// EVP_get_digestbynid returns an |EVP_MD| for the given NID, or NULL if no
// such digest is known.
OPENSSL_EXPORT const EVP_MD *EVP_get_digestbynid(int nid);
// EVP_get_digestbyobj returns an |EVP_MD| for the given |ASN1_OBJECT|, or NULL
// if no such digest is known.
OPENSSL_EXPORT const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *obj);
// Digest contexts.
//
// An EVP_MD_CTX represents the state of a specific digest operation in
// progress.
// EVP_MD_CTX_init initialises an, already allocated, |EVP_MD_CTX|. This is the
// same as setting the structure to zero.
OPENSSL_EXPORT void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
// EVP_MD_CTX_new allocates and initialises a fresh |EVP_MD_CTX| and returns
// it, or NULL on allocation failure. The caller must use |EVP_MD_CTX_free| to
// release the resulting object.
OPENSSL_EXPORT EVP_MD_CTX *EVP_MD_CTX_new(void);
// EVP_MD_CTX_cleanup frees any resources owned by |ctx| and resets it to a
// freshly initialised state. It does not free |ctx| itself. It returns one.
OPENSSL_EXPORT int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
// EVP_MD_CTX_cleanse zeros the digest state in |ctx| and then performs the
// actions of |EVP_MD_CTX_cleanup|. Note that some |EVP_MD_CTX| objects contain
// more than just a digest (e.g. those resulting from |EVP_DigestSignInit|) but
// this function does not zero out more than just the digest state even in that
// case.
OPENSSL_EXPORT void EVP_MD_CTX_cleanse(EVP_MD_CTX *ctx);
// EVP_MD_CTX_free calls |EVP_MD_CTX_cleanup| and then frees |ctx| itself.
OPENSSL_EXPORT void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
// EVP_MD_CTX_copy_ex sets |out|, which must already be initialised, to be a
// copy of |in|. It returns one on success and zero on allocation failure.
OPENSSL_EXPORT int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
// EVP_MD_CTX_move sets |out|, which must already be initialised, to the hash
// state in |in|. |in| is mutated and left in an empty state.
OPENSSL_EXPORT void EVP_MD_CTX_move(EVP_MD_CTX *out, EVP_MD_CTX *in);
// EVP_MD_CTX_reset calls |EVP_MD_CTX_cleanup| followed by |EVP_MD_CTX_init|. It
// returns one.
OPENSSL_EXPORT int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
// Digest operations.
// EVP_DigestInit_ex configures |ctx|, which must already have been
// initialised, for a fresh hashing operation using |type|. It returns one on
// success and zero on allocation failure.
OPENSSL_EXPORT int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
ENGINE *engine);
// EVP_DigestInit acts like |EVP_DigestInit_ex| except that |ctx| is
// initialised before use.
OPENSSL_EXPORT int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
// EVP_DigestUpdate hashes |len| bytes from |data| into the hashing operation
// in |ctx|. It returns one.
OPENSSL_EXPORT int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
size_t len);
// EVP_MAX_MD_SIZE is the largest digest size supported, in bytes.
// Functions that output a digest generally require the buffer have
// at least this much space.
#define EVP_MAX_MD_SIZE 64 // SHA-512 is the longest so far.
// EVP_MAX_MD_CHAINING_LENGTH is the largest chaining length supported, in
// bytes. This constant is only for Merkle-Damgard-based hashed functions
// like SHA-1, SHA-2, and MD5. The chaining length is defined as the output
// length of the hash in bytes, before any truncation (e.g., 32 for SHA-224 and
// SHA-256, 64 for SHA-384 and SHA-512).
// This constant is only used internally by HMAC.
#define EVP_MAX_MD_CHAINING_LENGTH 64 // SHA-512 has the longest chaining length so far
// EVP_MAX_MD_BLOCK_SIZE is the largest digest block size supported, in
// bytes.
#define EVP_MAX_MD_BLOCK_SIZE 144 // SHA3-224 has the largest block size so far
// EVP_DigestFinal_ex finishes the digest in |ctx| and writes the output to
// |md_out|. |EVP_MD_CTX_size| bytes are written, which is at most
// |EVP_MAX_MD_SIZE|. If |out_size| is not NULL then |*out_size| is set to the
// number of bytes written. It returns one. After this call, the hash cannot be
// updated or finished again until |EVP_DigestInit_ex| is called to start
// another hashing operation.
OPENSSL_EXPORT int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, uint8_t *md_out,
unsigned int *out_size);
// EVP_DigestFinal acts like |EVP_DigestFinal_ex| except that
// |EVP_MD_CTX_cleanup| is called on |ctx| before returning.
OPENSSL_EXPORT int EVP_DigestFinal(EVP_MD_CTX *ctx, uint8_t *md_out,
unsigned int *out_size);
// EVP_Digest performs a complete hashing operation in one call. It hashes |len|
// bytes from |data| and writes the digest to |md_out|. |EVP_MD_CTX_size| bytes
// are written, which is at most |EVP_MAX_MD_SIZE|. If |out_size| is not NULL
// then |*out_size| is set to the number of bytes written. It returns one on
// success and zero otherwise. If |type| is an XOF, |out_size| must be set to
// the desired output length.
OPENSSL_EXPORT int EVP_Digest(const void *data, size_t len, uint8_t *md_out,
unsigned int *out_size, const EVP_MD *type,
ENGINE *impl);
// Digest function accessors.
//
// These functions allow code to learn details about an abstract hash
// function.
// EVP_MD_type returns a NID identifying |md|. (For example, |NID_sha256|.)
OPENSSL_EXPORT int EVP_MD_type(const EVP_MD *md);
// EVP_MD_flags returns the flags for |md|, which is a set of |EVP_MD_FLAG_*|
// values, ORed together.
OPENSSL_EXPORT uint32_t EVP_MD_flags(const EVP_MD *md);
// EVP_MD_size returns the digest size of |md|, in bytes.
OPENSSL_EXPORT size_t EVP_MD_size(const EVP_MD *md);
// EVP_MD_block_size returns the native block-size of |md|, in bytes.
OPENSSL_EXPORT size_t EVP_MD_block_size(const EVP_MD *md);
// EVP_MD_FLAG_DIGALGID_ABSENT indicates that the parameter type in an X.509
// DigestAlgorithmIdentifier representing this digest function should be
// undefined rather than NULL.
#define EVP_MD_FLAG_DIGALGID_ABSENT 2
// EVP_MD_FLAG_XOF indicates that the digest is an extensible-output function
// (XOF).
#define EVP_MD_FLAG_XOF 4
// Digest operation accessors.
// EVP_MD_CTX_md returns the underlying digest function, or NULL if one has not
// been set.
OPENSSL_EXPORT const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
// EVP_MD_CTX_size returns the digest size of |ctx|, in bytes. It
// will crash if a digest hasn't been set on |ctx|.
OPENSSL_EXPORT size_t EVP_MD_CTX_size(const EVP_MD_CTX *ctx);
// EVP_MD_CTX_block_size returns the block size of the digest function used by
// |ctx|, in bytes. It will crash if a digest hasn't been set on |ctx|.
OPENSSL_EXPORT size_t EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx);
// EVP_MD_CTX_type returns a NID describing the digest function used by |ctx|.
// (For example, |NID_sha256|.) It will crash if a digest hasn't been set on
// |ctx|.
OPENSSL_EXPORT int EVP_MD_CTX_type(const EVP_MD_CTX *ctx);
// ASN.1 functions.
//
// These functions allow code to parse and serialize AlgorithmIdentifiers for
// hash functions.
// EVP_parse_digest_algorithm parses an AlgorithmIdentifier structure containing
// a hash function OID (for example, 2.16.840.1.101.3.4.2.1 is SHA-256) and
// advances |cbs|. The parameters field may either be omitted or a NULL. It
// returns the digest function or NULL on error.
OPENSSL_EXPORT const EVP_MD *EVP_parse_digest_algorithm(CBS *cbs);
// EVP_marshal_digest_algorithm marshals |md| as an AlgorithmIdentifier
// structure and appends the result to |cbb|. It returns one on success and zero
// on error.
OPENSSL_EXPORT int EVP_marshal_digest_algorithm(CBB *cbb, const EVP_MD *md);
// Deprecated functions.
// EVP_MD_CTX_copy sets |out|, which must /not/ be initialised, to be a copy of
// |in|. It returns one on success and zero on error.
OPENSSL_EXPORT int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
// EVP_get_digestbyname returns an |EVP_MD| given a human readable name in
// |name|, or NULL if the name is unknown.
OPENSSL_EXPORT const EVP_MD *EVP_get_digestbyname(const char *);
// EVP_MD_CTX_create calls |EVP_MD_CTX_new|.
OPENSSL_EXPORT EVP_MD_CTX *EVP_MD_CTX_create(void);
// EVP_MD_CTX_destroy calls |EVP_MD_CTX_free|.
OPENSSL_EXPORT void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
// EVP_DigestFinalXOF behaves like |EVP_DigestFinal| for XOF digests, writing
// |len| bytes of extended output to |out|.
OPENSSL_EXPORT int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, uint8_t *out,
size_t len);
// EVP_DigestSqueeze provides byte-wise streaming XOF output generation for
// XOF digests, writing |len| bytes of extended output to |out|. It can be
// called multiple times with arbitrary length |len| output requests.
// It returns one on success and zero on error.
OPENSSL_EXPORT int EVP_DigestSqueeze(EVP_MD_CTX *ctx, uint8_t *out,
size_t len);
// EVP_MD_meth_get_flags calls |EVP_MD_flags|.
OPENSSL_EXPORT uint32_t EVP_MD_meth_get_flags(const EVP_MD *md);
// EVP_MD_nid calls |EVP_MD_type|.
OPENSSL_EXPORT int EVP_MD_nid(const EVP_MD *md);
// EVP_MD_CTX_set_pkey_ctx sets |ctx|'s |EVP_PKEY_CTX| reference to |pctx|.
// The |EVP_PKEY_CTX| object |pctx| needs to have been initialised before
// associating it with |ctx|. The hash functions associated to |ctx| and |pctx|
// must be equal. Once |EVP_MD_CTX_set_pkey_ctx| is called, the caller is
// responsible for freeing |pctx|. Calling |EVP_MD_CTX_cleanup| will not free
// |pctx|.
//
// A NULL |pctx| pointer is also allowed to set the |EVP_PKEY_CTX| reference
// inside |ctx| to NULL. However, even when doing so, the caller is still
// responsible for freeing the |pctx| pointer that had originally been
// associated.
//
// |EVP_MD_CTX_set_pkey_ctx| will overwrite any |EVP_PKEY_CTX| object associated
// to |ctx|. If it was not associated through a previous
// |EVP_MD_CTX_set_pkey_ctx| call, it will be freed first.
OPENSSL_EXPORT void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx,
EVP_PKEY_CTX *pctx);
// EVP_MD_CTX_get_pkey_ctx returns the pointer of |ctx|'s |EVP_PKEY_CTX|.
OPENSSL_EXPORT EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx);
// EVP_MD_CTX_pkey_ctx is a legacy alias of |EVP_MD_CTX_get_pkey_ctx|.
OPENSSL_EXPORT EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
struct evp_md_pctx_ops;
// env_md_ctx_st is typoed ("evp" -> "env"), but the typo comes from OpenSSL
// and some consumers forward-declare these structures so we're leaving it
// alone.
struct env_md_ctx_st {
// digest is the underlying digest function, or NULL if not set.
const EVP_MD *digest;
// md_data points to a block of memory that contains the hash-specific
// context.
void *md_data;
// update is usually copied from |digest->update|. This is only different
// when consumed through |EVP_PKEY_HMAC|.
// TODO: Look into untangling this, so that |EVP_PKEY_HMAC| can directly call
// |digest->update|. |digest->update| operates against |md_data| above, but
// |HMAC_CTX| maintains its own data state in |HMAC_CTX->md_ctx|.
// |HMAC_Update| also has an additional state transition to handle.
int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
// pctx is an opaque (at this layer) pointer to additional context that
// EVP_PKEY functions may store in this object.
EVP_PKEY_CTX *pctx;
// pctx_ops, if not NULL, points to a vtable that contains functions to
// manipulate |pctx|.
const struct evp_md_pctx_ops *pctx_ops;
// flags is only used for two cases.
// 1. Set flag |EVP_MD_CTX_FLAG_KEEP_PKEY_CTX|, so as to let |*pctx| refrain
// from being freed when |*pctx| was set externally with
// |EVP_MD_CTX_set_pkey_ctx|.
// 2. Set flag |EVP_MD_CTX_HMAC| for |EVP_PKEY_HMAC|.
unsigned long flags;
} /* EVP_MD_CTX */;
// General No-op Functions [Deprecated].
// EVP_MD_unstable_sha3_enable is a no-op as SHA3 is always enabled.
OPENSSL_EXPORT OPENSSL_DEPRECATED void EVP_MD_unstable_sha3_enable(bool enable);
// EVP_MD_unstable_sha3_is_enabled always returns true as SHA3 is always
// enabled.
OPENSSL_EXPORT OPENSSL_DEPRECATED bool EVP_MD_unstable_sha3_is_enabled(void);
// EVP_MD_CTX_set_flags does nothing. We strongly discourage doing any
// additional configurations when consuming |EVP_MD_CTX|.
OPENSSL_EXPORT OPENSSL_DEPRECATED void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx,
int flags);
// EVP_MD_CTX_FLAG_NON_FIPS_ALLOW is meaningless. In OpenSSL it permits non-FIPS
// algorithms in FIPS mode. But BoringSSL FIPS mode doesn't prohibit algorithms
// (it's up the the caller to use the FIPS module in a fashion compliant with
// their needs). Thus this exists only to allow code to compile.
#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0
// EVP_add_digest does nothing and returns one. It exists only for
// compatibility with OpenSSL, which requires manually loading supported digests
// when certain options are turned on.
OPENSSL_EXPORT OPENSSL_DEPRECATED int EVP_add_digest(const EVP_MD *digest);
// EVP_md_null is a "null" message digest that does nothing: i.e. the hash it
// returns is of zero length. Included for OpenSSL compatibility
OPENSSL_EXPORT OPENSSL_DEPRECATED const EVP_MD *EVP_md_null(void);
#if defined(__cplusplus)
} // extern C
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(EVP_MD_CTX, EVP_MD_CTX_free)
using ScopedEVP_MD_CTX =
internal::StackAllocatedMovable<EVP_MD_CTX, int, EVP_MD_CTX_init,
EVP_MD_CTX_cleanup, EVP_MD_CTX_move>;
BSSL_NAMESPACE_END
} // extern C++
#endif
#endif
#define DIGEST_R_INPUT_NOT_INITIALIZED 100
#define DIGEST_R_DECODE_ERROR 101
#define DIGEST_R_UNKNOWN_HASH 102
#endif // OPENSSL_HEADER_DIGEST_H

380
vendor/aws-lc-sys/aws-lc/include/openssl/dsa.h vendored Normal file
View File

@@ -0,0 +1,380 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// The DSS routines are based on patches supplied by Steven Schoch <schoch@sheba.arc.nasa.gov>.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_DSA_H
#define OPENSSL_HEADER_DSA_H
#include <openssl/base.h>
#include <openssl/crypto.h>
#include <openssl/ex_data.h>
#include <stdio.h>
#if defined(__cplusplus)
extern "C" {
#endif
#define OPENSSL_DSA_MAX_MODULUS_BITS 10000
// DSA contains functions for signing and verifying with the Digital Signature
// Algorithm.
//
// This module is deprecated and retained for legacy reasons only. It is not
// considered a priority for performance or hardening work. Do not use it in
// new code. Use Ed25519, ECDSA with P-256, or RSA instead.
// Allocation and destruction.
//
// A |DSA| object represents a DSA key or group parameters. A given object may
// be used concurrently on multiple threads by non-mutating functions, provided
// no other thread is concurrently calling a mutating function. Unless otherwise
// documented, functions which take a |const| pointer are non-mutating and
// functions which take a non-|const| pointer are mutating.
// DSA_new returns a new, empty DSA object or NULL on error.
OPENSSL_EXPORT DSA *DSA_new(void);
// DSA_free decrements the reference count of |dsa| and frees it if the
// reference count drops to zero.
OPENSSL_EXPORT void DSA_free(DSA *dsa);
// DSA_up_ref increments the reference count of |dsa| and returns one. It does
// not mutate |dsa| for thread-safety purposes and may be used concurrently.
OPENSSL_EXPORT int DSA_up_ref(DSA *dsa);
// DSA_print prints a textual representation of |dsa| to |bio|. It returns one
// on success or zero otherwise.
OPENSSL_EXPORT int DSA_print(BIO *bio, const DSA *dsa, int indent);
// DSA_print_fp prints a textual representation of |dsa| to |fp|. It returns one
// on success or zero otherwise.
OPENSSL_EXPORT int DSA_print_fp(FILE *fp, const DSA *dsa, int indent);
// Properties.
// DSA_bits returns the size of |dsa|'s group modulus, in bits.
OPENSSL_EXPORT unsigned DSA_bits(const DSA *dsa);
// DSA_get0_pub_key returns |dsa|'s public key.
OPENSSL_EXPORT const BIGNUM *DSA_get0_pub_key(const DSA *dsa);
// DSA_get0_priv_key returns |dsa|'s private key, or NULL if |dsa| is a public
// key.
OPENSSL_EXPORT const BIGNUM *DSA_get0_priv_key(const DSA *dsa);
// DSA_get0_p returns |dsa|'s group modulus.
OPENSSL_EXPORT const BIGNUM *DSA_get0_p(const DSA *dsa);
// DSA_get0_q returns the size of |dsa|'s subgroup.
OPENSSL_EXPORT const BIGNUM *DSA_get0_q(const DSA *dsa);
// DSA_get0_g returns |dsa|'s group generator.
OPENSSL_EXPORT const BIGNUM *DSA_get0_g(const DSA *dsa);
// DSA_get0_key sets |*out_pub_key| and |*out_priv_key|, if non-NULL, to |dsa|'s
// public and private key, respectively. If |dsa| is a public key, the private
// key will be set to NULL.
OPENSSL_EXPORT void DSA_get0_key(const DSA *dsa, const BIGNUM **out_pub_key,
const BIGNUM **out_priv_key);
// DSA_get0_pqg sets |*out_p|, |*out_q|, and |*out_g|, if non-NULL, to |dsa|'s
// p, q, and g parameters, respectively.
OPENSSL_EXPORT void DSA_get0_pqg(const DSA *dsa, const BIGNUM **out_p,
const BIGNUM **out_q, const BIGNUM **out_g);
// DSA_set0_key sets |dsa|'s public and private key to |pub_key| and |priv_key|,
// respectively, if non-NULL. On success, it takes ownership of each argument
// and returns one. Otherwise, it returns zero.
//
// |priv_key| may be NULL, but |pub_key| must either be non-NULL or already
// configured on |dsa|.
OPENSSL_EXPORT int DSA_set0_key(DSA *dsa, BIGNUM *pub_key, BIGNUM *priv_key);
// DSA_set0_pqg sets |dsa|'s parameters to |p|, |q|, and |g|, if non-NULL, and
// takes ownership of them. On success, it takes ownership of each argument and
// returns one. Otherwise, it returns zero.
//
// Each argument must either be non-NULL or already configured on |dsa|.
OPENSSL_EXPORT int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g);
// Parameter generation.
// DSA_generate_parameters_ex generates a set of DSA parameters by following
// the procedure given in FIPS 186-4, appendix A.
// (http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf)
//
// The larger prime will have a length of |bits| (e.g. 2048). The |seed| value
// allows others to generate and verify the same parameters and should be
// random input which is kept for reference. If |out_counter| or |out_h| are
// not NULL then the counter and h value used in the generation are written to
// them.
//
// The |cb| argument is passed to |BN_generate_prime_ex| and is thus called
// during the generation process in order to indicate progress. See the
// comments for that function for details. In addition to the calls made by
// |BN_generate_prime_ex|, |DSA_generate_parameters_ex| will call it with
// |event| equal to 2 and 3 at different stages of the process.
//
// It returns one on success and zero otherwise.
OPENSSL_EXPORT int DSA_generate_parameters_ex(DSA *dsa, unsigned bits,
const uint8_t *seed,
size_t seed_len, int *out_counter,
unsigned long *out_h,
BN_GENCB *cb);
// DSAparams_dup returns a freshly allocated |DSA| that contains a copy of the
// parameters from |dsa|. It returns NULL on error.
OPENSSL_EXPORT DSA *DSAparams_dup(const DSA *dsa);
// Key generation.
// DSA_generate_key generates a public/private key pair in |dsa|, which must
// already have parameters setup. Only supports generating up to |OPENSSL_DSA_MAX_MODULUS_BITS|
// bit keys. It returns one on success and zero on error.
OPENSSL_EXPORT int DSA_generate_key(DSA *dsa);
// Signatures.
// DSA_SIG_st (aka |DSA_SIG|) contains a DSA signature as a pair of integers.
struct DSA_SIG_st {
BIGNUM *r, *s;
};
// DSA_SIG_new returns a freshly allocated, DIG_SIG structure or NULL on error.
// Both |r| and |s| in the signature will be NULL.
OPENSSL_EXPORT DSA_SIG *DSA_SIG_new(void);
// DSA_SIG_free frees the contents of |sig| and then frees |sig| itself.
OPENSSL_EXPORT void DSA_SIG_free(DSA_SIG *sig);
// DSA_SIG_get0 sets |*out_r| and |*out_s|, if non-NULL, to the two components
// of |sig|.
OPENSSL_EXPORT void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **out_r,
const BIGNUM **out_s);
// DSA_SIG_set0 sets |sig|'s components to |r| and |s|, neither of which may be
// NULL. On success, it takes ownership of each argument and returns one.
// Otherwise, it returns zero.
OPENSSL_EXPORT int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
// DSA_do_sign returns a signature of the hash in |digest| by the key in |dsa|
// and returns an allocated, DSA_SIG structure, or NULL on error.
OPENSSL_EXPORT DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len,
const DSA *dsa);
// DSA_do_verify verifies that |sig| is a valid signature, by the public key in
// |dsa|, of the hash in |digest|. It returns one if so, zero if invalid and -1
// on error.
//
// WARNING: do not use. This function returns -1 for error, 0 for invalid and 1
// for valid. However, this is dangerously different to the usual OpenSSL
// convention and could be a disaster if a user did |if (DSA_do_verify(...))|.
// Because of this, |DSA_check_signature| is a safer version of this.
//
// TODO(fork): deprecate.
OPENSSL_EXPORT int DSA_do_verify(const uint8_t *digest, size_t digest_len,
const DSA_SIG *sig, const DSA *dsa);
// DSA_do_check_signature sets |*out_valid| to zero. Then it verifies that |sig|
// is a valid signature, by the public key in |dsa| of the hash in |digest|
// and, if so, it sets |*out_valid| to one.
//
// It returns one if it was able to verify the signature as valid or invalid,
// and zero on error.
OPENSSL_EXPORT int DSA_do_check_signature(int *out_valid, const uint8_t *digest,
size_t digest_len, const DSA_SIG *sig,
const DSA *dsa);
// ASN.1 signatures.
//
// These functions also perform DSA signature operations, but deal with ASN.1
// encoded signatures as opposed to raw |BIGNUM|s. If you don't know what
// encoding a DSA signature is in, it's probably ASN.1.
// DSA_sign signs |digest| with the key in |dsa| and writes the resulting
// signature, in ASN.1 form, to |out_sig| and the length of the signature to
// |*out_siglen|. There must be, at least, |DSA_size(dsa)| bytes of space in
// |out_sig|. It returns one on success and zero otherwise.
//
// (The |type| argument is ignored.)
OPENSSL_EXPORT int DSA_sign(int type, const uint8_t *digest, size_t digest_len,
uint8_t *out_sig, unsigned int *out_siglen,
const DSA *dsa);
// DSA_verify verifies that |sig| is a valid, ASN.1 signature, by the public
// key in |dsa|, of the hash in |digest|. It returns one if so, zero if invalid
// and -1 on error.
//
// (The |type| argument is ignored.)
//
// WARNING: do not use. This function returns -1 for error, 0 for invalid and 1
// for valid. However, this is dangerously different to the usual OpenSSL
// convention and could be a disaster if a user did |if (DSA_do_verify(...))|.
// Because of this, |DSA_check_signature| is a safer version of this.
//
// TODO(fork): deprecate.
OPENSSL_EXPORT int DSA_verify(int type, const uint8_t *digest,
size_t digest_len, const uint8_t *sig,
size_t sig_len, const DSA *dsa);
// DSA_check_signature sets |*out_valid| to zero. Then it verifies that |sig|
// is a valid, ASN.1 signature, by the public key in |dsa|, of the hash in
// |digest|. If so, it sets |*out_valid| to one.
//
// It returns one if it was able to verify the signature as valid or invalid,
// and zero on error.
OPENSSL_EXPORT int DSA_check_signature(int *out_valid, const uint8_t *digest,
size_t digest_len, const uint8_t *sig,
size_t sig_len, const DSA *dsa);
// DSA_size returns the size, in bytes, of an ASN.1 encoded, DSA signature
// generated by |dsa|. Parameters must already have been setup in |dsa|.
OPENSSL_EXPORT int DSA_size(const DSA *dsa);
// ASN.1 encoding.
// DSA_SIG_parse parses a DER-encoded DSA-Sig-Value structure from |cbs| and
// advances |cbs|. It returns a newly-allocated |DSA_SIG| or NULL on error.
OPENSSL_EXPORT DSA_SIG *DSA_SIG_parse(CBS *cbs);
// DSA_SIG_marshal marshals |sig| as a DER-encoded DSA-Sig-Value and appends the
// result to |cbb|. It returns one on success and zero on error.
OPENSSL_EXPORT int DSA_SIG_marshal(CBB *cbb, const DSA_SIG *sig);
// DSA_parse_public_key parses a DER-encoded DSA public key from |cbs| and
// advances |cbs|. It returns a newly-allocated |DSA| or NULL on error.
OPENSSL_EXPORT DSA *DSA_parse_public_key(CBS *cbs);
// DSA_marshal_public_key marshals |dsa| as a DER-encoded DSA public key and
// appends the result to |cbb|. It returns one on success and zero on
// failure.
OPENSSL_EXPORT int DSA_marshal_public_key(CBB *cbb, const DSA *dsa);
// DSA_parse_private_key parses a DER-encoded DSA private key from |cbs| and
// advances |cbs|. It returns a newly-allocated |DSA| or NULL on error.
OPENSSL_EXPORT DSA *DSA_parse_private_key(CBS *cbs);
// DSA_marshal_private_key marshals |dsa| as a DER-encoded DSA private key and
// appends the result to |cbb|. It returns one on success and zero on
// failure.
OPENSSL_EXPORT int DSA_marshal_private_key(CBB *cbb, const DSA *dsa);
// DSA_parse_parameters parses a DER-encoded Dss-Parms structure (RFC 3279)
// from |cbs| and advances |cbs|. It returns a newly-allocated |DSA| or NULL on
// error.
OPENSSL_EXPORT DSA *DSA_parse_parameters(CBS *cbs);
// DSA_marshal_parameters marshals |dsa| as a DER-encoded Dss-Parms structure
// (RFC 3279) and appends the result to |cbb|. It returns one on success and
// zero on failure.
OPENSSL_EXPORT int DSA_marshal_parameters(CBB *cbb, const DSA *dsa);
// Conversion.
// DSA_dup_DH returns a |DH| constructed from the parameters of |dsa|. This is
// sometimes needed when Diffie-Hellman parameters are stored in the form of
// DSA parameters. It returns an allocated |DH| on success or NULL on error.
OPENSSL_EXPORT DH *DSA_dup_DH(const DSA *dsa);
// ex_data functions.
//
// See |ex_data.h| for details.
OPENSSL_EXPORT int DSA_get_ex_new_index(long argl, void *argp,
CRYPTO_EX_unused *unused,
CRYPTO_EX_dup *dup_unused,
CRYPTO_EX_free *free_func);
OPENSSL_EXPORT int DSA_set_ex_data(DSA *dsa, int idx, void *arg);
OPENSSL_EXPORT void *DSA_get_ex_data(const DSA *dsa, int idx);
// Deprecated functions.
// d2i_DSA_SIG parses a DER-encoded DSA-Sig-Value structure from |len| bytes at
// |*inp|, as described in |d2i_SAMPLE|.
//
// Use |DSA_SIG_parse| instead.
OPENSSL_EXPORT DSA_SIG *d2i_DSA_SIG(DSA_SIG **out_sig, const uint8_t **inp,
long len);
// i2d_DSA_SIG marshals |in| to a DER-encoded DSA-Sig-Value structure, as
// described in |i2d_SAMPLE|.
//
// Use |DSA_SIG_marshal| instead.
OPENSSL_EXPORT int i2d_DSA_SIG(const DSA_SIG *in, uint8_t **outp);
// d2i_DSAPublicKey parses a DER-encoded DSA public key from |len| bytes at
// |*inp|, as described in |d2i_SAMPLE|.
//
// Use |DSA_parse_public_key| instead.
OPENSSL_EXPORT DSA *d2i_DSAPublicKey(DSA **out, const uint8_t **inp, long len);
// i2d_DSAPublicKey marshals |in| as a DER-encoded DSA public key, as described
// in |i2d_SAMPLE|.
//
// Use |DSA_marshal_public_key| instead.
OPENSSL_EXPORT int i2d_DSAPublicKey(const DSA *in, uint8_t **outp);
// d2i_DSAPrivateKey parses a DER-encoded DSA private key from |len| bytes at
// |*inp|, as described in |d2i_SAMPLE|.
//
// Use |DSA_parse_private_key| instead.
OPENSSL_EXPORT DSA *d2i_DSAPrivateKey(DSA **out, const uint8_t **inp, long len);
// i2d_DSAPrivateKey marshals |in| as a DER-encoded DSA private key, as
// described in |i2d_SAMPLE|.
//
// Use |DSA_marshal_private_key| instead.
OPENSSL_EXPORT int i2d_DSAPrivateKey(const DSA *in, uint8_t **outp);
// d2i_DSAparams parses a DER-encoded Dss-Parms structure (RFC 3279) from |len|
// bytes at |*inp|, as described in |d2i_SAMPLE|.
//
// Use |DSA_parse_parameters| instead.
OPENSSL_EXPORT DSA *d2i_DSAparams(DSA **out, const uint8_t **inp, long len);
// i2d_DSAparams marshals |in|'s parameters as a DER-encoded Dss-Parms structure
// (RFC 3279), as described in |i2d_SAMPLE|.
//
// Use |DSA_marshal_parameters| instead.
OPENSSL_EXPORT int i2d_DSAparams(const DSA *in, uint8_t **outp);
#if defined(__cplusplus)
} // extern C
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(DSA, DSA_free)
BORINGSSL_MAKE_UP_REF(DSA, DSA_up_ref)
BORINGSSL_MAKE_DELETER(DSA_SIG, DSA_SIG_free)
BSSL_NAMESPACE_END
} // extern C++
#endif
#define DSA_R_BAD_Q_VALUE 100
#define DSA_R_MISSING_PARAMETERS 101
#define DSA_R_MODULUS_TOO_LARGE 102
#define DSA_R_NEED_NEW_SETUP_VALUES 103
#define DSA_R_BAD_VERSION 104
#define DSA_R_DECODE_ERROR 105
#define DSA_R_ENCODE_ERROR 106
#define DSA_R_INVALID_PARAMETERS 107
#define DSA_R_TOO_MANY_ITERATIONS 108
#endif // OPENSSL_HEADER_DSA_H

5
vendor/aws-lc-sys/aws-lc/include/openssl/dtls1.h vendored Normal file
View File

@@ -0,0 +1,5 @@
// Copyright (c) 2015, Google Inc.
// SPDX-License-Identifier: ISC
/* This header is provided in order to make compiling against code that expects
OpenSSL easier. */

7
vendor/aws-lc-sys/aws-lc/include/openssl/e_os2.h vendored Normal file
View File

@@ -0,0 +1,7 @@
// Copyright (c) 2018, Google Inc.
// SPDX-License-Identifier: ISC
/* This header is provided in order to make compiling against code that expects
OpenSSL easier. */
#include <openssl/base.h>

573
vendor/aws-lc-sys/aws-lc/include/openssl/ec.h vendored Normal file
View File

@@ -0,0 +1,573 @@
// Originally written by Bodo Moeller for the OpenSSL project.
// Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
// Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
//
// The elliptic curve binary polynomial software is originally written by
// Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems
// Laboratories.
//
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_EC_H
#define OPENSSL_HEADER_EC_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// Low-level operations on elliptic curves.
// point_conversion_form_t enumerates forms, as defined in X9.62 (ECDSA), for
// the encoding of a elliptic curve point (x,y)
typedef enum {
// POINT_CONVERSION_COMPRESSED indicates that the point is encoded as z||x,
// where the octet z specifies which solution of the quadratic equation y
// is.
POINT_CONVERSION_COMPRESSED = 2,
// POINT_CONVERSION_UNCOMPRESSED indicates that the point is encoded as
// z||x||y, where z is the octet 0x04.
POINT_CONVERSION_UNCOMPRESSED = 4,
// POINT_CONVERSION_HYBRID indicates that the point is encoded as z||x||y,
// where z specifies which solution of the quadratic equation y is.
POINT_CONVERSION_HYBRID = 6
} point_conversion_form_t;
// Elliptic curve groups.
//
// Elliptic curve groups are represented by |EC_GROUP| objects. Unlike OpenSSL,
// if limited to the APIs in this section, callers may treat |EC_GROUP|s as
// static, immutable objects which do not need to be copied or released. In
// BoringSSL, only custom |EC_GROUP|s created by |EC_GROUP_new_curve_GFp|
// (deprecated) are dynamic.
//
// Callers may cast away |const| and use |EC_GROUP_dup| and |EC_GROUP_free| with
// static groups, for compatibility with OpenSSL or dynamic groups, but it is
// otherwise unnecessary.
// EC_group_p224 returns an |EC_GROUP| for P-224, also known as secp224r1.
OPENSSL_EXPORT const EC_GROUP *EC_group_p224(void);
// EC_group_p256 returns an |EC_GROUP| for P-256, also known as secp256r1 or
// prime256v1.
OPENSSL_EXPORT const EC_GROUP *EC_group_p256(void);
// EC_group_p384 returns an |EC_GROUP| for P-384, also known as secp384r1.
OPENSSL_EXPORT const EC_GROUP *EC_group_p384(void);
// EC_group_p521 returns an |EC_GROUP| for P-521, also known as secp521r1.
OPENSSL_EXPORT const EC_GROUP *EC_group_p521(void);
// EC_group_secp256k1 returns an |EC_GROUP| for secp256k1.
OPENSSL_EXPORT const EC_GROUP *EC_group_secp256k1(void);
// EC_GROUP_new_by_curve_name returns the |EC_GROUP| object for the elliptic
// curve specified by |nid|, or NULL on unsupported NID. For OpenSSL
// compatibility, this function returns a non-const pointer which may be passed
// to |EC_GROUP_free|. However, the resulting object is actually static and
// calling |EC_GROUP_free| is optional.
//
// The supported NIDs are (see crypto/fipsmodule/ec/ec.c):
// - |NID_secp224r1| (NIST P-224)
// - |NID_X9_62_prime256v1| (NIST P-256)
// - |NID_secp384r1| (NIST P-384)
// - |NID_secp521r1| (NIST P-521)
// - |NID_secp256k1| (SEC/ANSI P-256 K1)
//
// Calling this function causes all four curves to be linked into the binary.
// Prefer calling |EC_group_*| to allow the static linker to drop unused curves.
//
// If in doubt, use |NID_X9_62_prime256v1|, or see the curve25519.h header for
// more modern primitives.
OPENSSL_EXPORT EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
// EC_GROUP_new_by_curve_name_mutable is like |EC_GROUP_new_by_curve_name|, but
// dynamically allocates a mutable |EC_GROUP| pointer for more OpenSSL
// compatibility. Although |EC_GROUP_new_by_curve_name| returns a const pointer
// under the hood, resulting objects returned by this function MUST be freed
// by |EC_GROUP_free|.
//
// Note: Users should use |EC_GROUP_new_by_curve_name| when possible.
OPENSSL_EXPORT EC_GROUP *EC_GROUP_new_by_curve_name_mutable(int nid);
// EC_GROUP_cmp returns zero if |a| and |b| are the same group and non-zero
// otherwise.
OPENSSL_EXPORT int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b,
BN_CTX *ignored);
// EC_GROUP_get0_generator returns a pointer to the internal |EC_POINT| object
// in |group| that specifies the generator for the group.
OPENSSL_EXPORT const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
// EC_GROUP_get0_order returns a pointer to the internal |BIGNUM| object in
// |group| that specifies the order of the group.
OPENSSL_EXPORT const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);
// EC_GROUP_order_bits returns the number of bits of the order of |group|.
OPENSSL_EXPORT int EC_GROUP_order_bits(const EC_GROUP *group);
// EC_GROUP_get_cofactor sets |*cofactor| to the cofactor of |group| using
// |ctx|, if it's not NULL. It returns one on success and zero otherwise.
OPENSSL_EXPORT int EC_GROUP_get_cofactor(const EC_GROUP *group,
BIGNUM *cofactor, BN_CTX *ctx);
// EC_GROUP_get_curve_GFp gets various parameters about a group. It sets
// |*out_p| to the order of the coordinate field and |*out_a| and |*out_b| to
// the parameters of the curve when expressed as y² = x³ + ax + b. Any of the
// output parameters can be NULL. It returns one on success and zero on
// error.
OPENSSL_EXPORT int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *out_p,
BIGNUM *out_a, BIGNUM *out_b,
BN_CTX *ctx);
// EC_GROUP_get_curve_name returns a NID that identifies |group|.
OPENSSL_EXPORT int EC_GROUP_get_curve_name(const EC_GROUP *group);
// EC_GROUP_get_degree returns the number of bits needed to represent an
// element of the field underlying |group|.
OPENSSL_EXPORT unsigned EC_GROUP_get_degree(const EC_GROUP *group);
// EC_curve_nid2nist returns the NIST name of the elliptic curve specified by
// |nid|, or NULL if |nid| is not a NIST curve. For example, it returns "P-256"
// for |NID_X9_62_prime256v1|.
OPENSSL_EXPORT const char *EC_curve_nid2nist(int nid);
// EC_curve_nist2nid returns the NID of the elliptic curve specified by the NIST
// name |name|, or |NID_undef| if |name| is not a recognized name. For example,
// it returns |NID_X9_62_prime256v1| for "P-256".
OPENSSL_EXPORT int EC_curve_nist2nid(const char *name);
// Points on elliptic curves.
// EC_POINT_new returns a fresh |EC_POINT| object in the given group, or NULL
// on error.
OPENSSL_EXPORT EC_POINT *EC_POINT_new(const EC_GROUP *group);
// EC_POINT_free frees |point| and the data that it points to.
OPENSSL_EXPORT void EC_POINT_free(EC_POINT *point);
// EC_POINT_copy sets |*dest| equal to |*src|. It returns one on success and
// zero otherwise.
OPENSSL_EXPORT int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src);
// EC_POINT_dup returns a fresh |EC_POINT| that contains the same values as
// |src|, or NULL on error.
OPENSSL_EXPORT EC_POINT *EC_POINT_dup(const EC_POINT *src,
const EC_GROUP *group);
// EC_POINT_set_to_infinity sets |point| to be the "point at infinity" for the
// given group.
OPENSSL_EXPORT int EC_POINT_set_to_infinity(const EC_GROUP *group,
EC_POINT *point);
// EC_POINT_is_at_infinity returns one iff |point| is the point at infinity and
// zero otherwise.
OPENSSL_EXPORT int EC_POINT_is_at_infinity(const EC_GROUP *group,
const EC_POINT *point);
// EC_POINT_is_on_curve returns one if |point| is an element of |group| and
// and zero otherwise or when an error occurs. This is different from OpenSSL,
// which returns -1 on error. If |ctx| is non-NULL, it may be used.
OPENSSL_EXPORT int EC_POINT_is_on_curve(const EC_GROUP *group,
const EC_POINT *point, BN_CTX *ctx);
// EC_POINT_cmp returns zero if |a| is equal to |b|, greater than zero if
// not equal and -1 on error. If |ctx| is not NULL, it may be used.
OPENSSL_EXPORT int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a,
const EC_POINT *b, BN_CTX *ctx);
// Point conversion.
// EC_POINT_get_affine_coordinates_GFp sets |x| and |y| to the affine value of
// |point| using |ctx|, if it's not NULL. It returns one on success and zero
// otherwise.
//
// Either |x| or |y| may be NULL to skip computing that coordinate. This is
// slightly faster in the common case where only the x-coordinate is needed.
OPENSSL_EXPORT int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
const EC_POINT *point,
BIGNUM *x, BIGNUM *y,
BN_CTX *ctx);
// EC_POINT_get_affine_coordinates is an alias of
// |EC_POINT_get_affine_coordinates_GFp|.
OPENSSL_EXPORT int EC_POINT_get_affine_coordinates(const EC_GROUP *group,
const EC_POINT *point,
BIGNUM *x, BIGNUM *y,
BN_CTX *ctx);
// EC_POINT_set_affine_coordinates_GFp sets the value of |point| to be
// (|x|, |y|). The |ctx| argument may be used if not NULL. It returns one
// on success or zero on error. It's considered an error if the point is not on
// the curve.
//
// Note that the corresponding function in OpenSSL versions prior to 1.0.2s does
// not check if the point is on the curve. This is a security-critical check, so
// code additionally supporting OpenSSL should repeat the check with
// |EC_POINT_is_on_curve| or check for older OpenSSL versions with
// |OPENSSL_VERSION_NUMBER|.
OPENSSL_EXPORT int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
EC_POINT *point,
const BIGNUM *x,
const BIGNUM *y,
BN_CTX *ctx);
// EC_POINT_set_affine_coordinates is an alias of
// |EC_POINT_set_affine_coordinates_GFp|.
OPENSSL_EXPORT int EC_POINT_set_affine_coordinates(const EC_GROUP *group,
EC_POINT *point,
const BIGNUM *x,
const BIGNUM *y,
BN_CTX *ctx);
// EC_POINT_point2oct serialises |point| into the X9.62 form given by |form|
// into, at most, |len| bytes at |buf|. It returns the number of bytes written
// or zero on error if |buf| is non-NULL, else the number of bytes needed. The
// |ctx| argument may be used if not NULL.
OPENSSL_EXPORT size_t EC_POINT_point2oct(const EC_GROUP *group,
const EC_POINT *point,
point_conversion_form_t form,
uint8_t *buf, size_t len, BN_CTX *ctx);
// EC_POINT_point2cbb behaves like |EC_POINT_point2oct| but appends the
// serialised point to |cbb|. It returns one on success and zero on error.
OPENSSL_EXPORT int EC_POINT_point2cbb(CBB *out, const EC_GROUP *group,
const EC_POINT *point,
point_conversion_form_t form,
BN_CTX *ctx);
// EC_POINT_oct2point sets |point| from |len| bytes of X9.62 format
// serialisation in |buf|. It returns one on success and zero on error. The
// |ctx| argument may be used if not NULL. It's considered an error if |buf|
// does not represent a point on the curve.
OPENSSL_EXPORT int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
const uint8_t *buf, size_t len,
BN_CTX *ctx);
// EC_POINT_set_compressed_coordinates_GFp sets |point| to equal the point with
// the given |x| coordinate and the y coordinate specified by |y_bit| (see
// X9.62). It returns one on success and zero otherwise.
OPENSSL_EXPORT int EC_POINT_set_compressed_coordinates_GFp(
const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, int y_bit,
BN_CTX *ctx);
// Group operations.
// EC_POINT_add sets |r| equal to |a| plus |b|. It returns one on success and
// zero otherwise. If |ctx| is not NULL, it may be used.
OPENSSL_EXPORT int EC_POINT_add(const EC_GROUP *group, EC_POINT *r,
const EC_POINT *a, const EC_POINT *b,
BN_CTX *ctx);
// EC_POINT_dbl sets |r| equal to |a| plus |a|. It returns one on success and
// zero otherwise. If |ctx| is not NULL, it may be used.
OPENSSL_EXPORT int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r,
const EC_POINT *a, BN_CTX *ctx);
// EC_POINT_invert sets |a| equal to minus |a|. It returns one on success and
// zero otherwise. If |ctx| is not NULL, it may be used.
OPENSSL_EXPORT int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a,
BN_CTX *ctx);
// EC_POINT_mul sets r = generator*n + q*m. It returns one on success and zero
// otherwise. If |ctx| is not NULL, it may be used.
OPENSSL_EXPORT int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r,
const BIGNUM *n, const EC_POINT *q,
const BIGNUM *m, BN_CTX *ctx);
// Hash-to-curve.
//
// The following functions implement primitives from RFC 9380. The |dst|
// parameter in each function is the domain separation tag and must be unique
// for each protocol and between the |hash_to_curve| and |hash_to_scalar|
// variants. See section 3.1 of the spec for additional guidance on this
// parameter.
// EC_hash_to_curve_p256_xmd_sha256_sswu hashes |msg| to a point on |group| and
// writes the result to |out|, implementing the P256_XMD:SHA-256_SSWU_RO_ suite
// from RFC 9380. It returns one on success and zero on error.
OPENSSL_EXPORT int EC_hash_to_curve_p256_xmd_sha256_sswu(
const EC_GROUP *group, EC_POINT *out, const uint8_t *dst, size_t dst_len,
const uint8_t *msg, size_t msg_len);
// EC_hash_to_curve_p384_xmd_sha384_sswu hashes |msg| to a point on |group| and
// writes the result to |out|, implementing the P384_XMD:SHA-384_SSWU_RO_ suite
// from RFC 9380. It returns one on success and zero on error.
OPENSSL_EXPORT int EC_hash_to_curve_p384_xmd_sha384_sswu(
const EC_GROUP *group, EC_POINT *out, const uint8_t *dst, size_t dst_len,
const uint8_t *msg, size_t msg_len);
// EC_GROUP_free releases a reference to |group|, if |group| was created by
// |EC_GROUP_new_by_curve_name_mutable| or |EC_GROUP_new_curve_GFp|. If
// |group| is static, it does nothing.
//
// This function exists for OpenSSL compatibility, and to manage dynamic
// |EC_GROUP|s constructed by |EC_GROUP_new_by_curve_name_mutable| and
// |EC_GROUP_new_curve_GFp|. Callers that do not need either may ignore this
// function.
OPENSSL_EXPORT void EC_GROUP_free(EC_GROUP *group);
// EC_GROUP_dup increments |group|'s reference count and returns it, if |group|
// was created by |EC_GROUP_new_curve_GFp|. If |group| was created by
// |EC_GROUP_new_by_curve_name_mutable|, it does a deep copy of |group|. If
// |group| is static, it simply returns |group|.
//
// This function exists for OpenSSL compatibility, and to manage dynamic
// |EC_GROUP|s constructed by |EC_GROUP_new_by_curve_name_mutable| and
// |EC_GROUP_new_curve_GFp|. Callers that do not need either may ignore this
// function.
OPENSSL_EXPORT EC_GROUP *EC_GROUP_dup(const EC_GROUP *group);
// Deprecated functions.
// EC_GROUP_new_curve_GFp creates a new, arbitrary elliptic curve group based
// on the equation y² = x³ + a·x + b. It returns the new group or NULL on
// error. The lifetime of the resulting object must be managed with
// |EC_GROUP_dup| and |EC_GROUP_free|.
//
// This new group has no generator. It is an error to use a generator-less group
// with any functions except for |EC_GROUP_free|, |EC_POINT_new|,
// |EC_POINT_set_affine_coordinates_GFp|, and |EC_GROUP_set_generator|.
//
// |EC_GROUP|s returned by this function will always compare as unequal via
// |EC_GROUP_cmp| (even to themselves). |EC_GROUP_get_curve_name| will always
// return |NID_undef|.
//
// This function is provided for compatibility with some legacy applications
// only. Avoid using arbitrary curves and use |EC_GROUP_new_by_curve_name|
// instead. This ensures the result meets preconditions necessary for
// elliptic curve algorithms to function correctly and securely.
//
// Given invalid parameters, this function may fail or it may return an
// |EC_GROUP| which breaks these preconditions. Subsequent operations may then
// return arbitrary, incorrect values. Callers should not pass
// attacker-controlled values to this function.
OPENSSL_EXPORT EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p,
const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx);
// EC_GROUP_set_generator sets the generator for |group| to |generator|, which
// must have the given order and cofactor. It may only be used with |EC_GROUP|
// objects returned by |EC_GROUP_new_curve_GFp| and may only be used once on
// each group. |generator| must have been created using |group|.
OPENSSL_EXPORT int EC_GROUP_set_generator(EC_GROUP *group,
const EC_POINT *generator,
const BIGNUM *order,
const BIGNUM *cofactor);
// EC_POINT_point2bn calls |EC_POINT_point2oct| to serialize |point| into the
// X9.62 form given by |form| and returns the serialized output as a |BIGNUM|.
// The returned |BIGNUM| is a representation of serialized bytes. On success, it
// returns the |BIGNUM| pointer supplied or, if |ret| is NULL, allocates and
// returns a fresh |BIGNUM|. On error, it returns NULL. The |ctx| argument may
// be used if not NULL.
//
// Note: |EC_POINT|s are not individual |BIGNUM| integers, so these aren't
// particularly useful. Use |EC_POINT_point2oct| directly instead.
OPENSSL_EXPORT OPENSSL_DEPRECATED BIGNUM *EC_POINT_point2bn(
const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
BIGNUM *ret, BN_CTX *ctx);
// EC_POINT_bn2point is like |EC_POINT_point2bn|, but calls |EC_POINT_oct2point|
// to de-serialize the |BIGNUM| representation of bytes back to an |EC_POINT|.
// On success, it returns the |EC_POINT| pointer supplied or, if |ret| is NULL,
// allocates and returns a fresh |EC_POINT|. On error, it returns NULL. The
// |ctx| argument may be used if not NULL.
//
// Note: |EC_POINT|s are not individual |BIGNUM| integers, so these aren't
// particularly useful. Use |EC_POINT_oct2point| directly instead.
OPENSSL_EXPORT OPENSSL_DEPRECATED EC_POINT *EC_POINT_bn2point(
const EC_GROUP *group, const BIGNUM *bn, EC_POINT *point, BN_CTX *ctx);
// EC_GROUP_get_order sets |*order| to the order of |group|, if it's not
// NULL. It returns one on success and zero otherwise. |ctx| is ignored. Use
// |EC_GROUP_get0_order| instead.
OPENSSL_EXPORT int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order,
BN_CTX *ctx);
// EC_builtin_curve describes a supported elliptic curve.
typedef struct {
int nid;
const char *comment;
} EC_builtin_curve;
// EC_get_builtin_curves writes at most |max_num_curves| elements to
// |out_curves| and returns the total number that it would have written, had
// |max_num_curves| been large enough.
//
// The |EC_builtin_curve| items describe the supported elliptic curves.
OPENSSL_EXPORT size_t EC_get_builtin_curves(EC_builtin_curve *out_curves,
size_t max_num_curves);
// EC_POINT_clear_free calls |EC_POINT_free|.
OPENSSL_EXPORT void EC_POINT_clear_free(EC_POINT *point);
// General No-op Functions [Deprecated].
// EC_GROUP_set_seed does nothing and returns 0.
//
// Like OpenSSL's EC documentations indicates, the value of the seed is not used
// in any cryptographic methods. It is only used to indicate the original seed
// used to generate the curve's parameters and is preserved during ASN.1
// communications. Please refrain from creating your own custom curves.
OPENSSL_EXPORT OPENSSL_DEPRECATED size_t
EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len);
// EC_GROUP_get0_seed returns NULL.
OPENSSL_EXPORT OPENSSL_DEPRECATED unsigned char *EC_GROUP_get0_seed(
const EC_GROUP *group);
// EC_GROUP_get_seed_len returns 0.
OPENSSL_EXPORT OPENSSL_DEPRECATED size_t
EC_GROUP_get_seed_len(const EC_GROUP *group);
// ECPKParameters_print prints nothing and returns 1.
OPENSSL_EXPORT OPENSSL_DEPRECATED int ECPKParameters_print(
BIO *bio, const EC_GROUP *group, int offset);
// |EC_GROUP| No-op Functions [Deprecated].
//
// Unlike OpenSSL's |EC_GROUP| implementation, our |EC_GROUP|s for named
// curves are static and immutable. The following functions pertain to
// the mutable aspects of OpenSSL's |EC_GROUP| structure. Using these
// functions undermines the assumption that our curves are static. Consider
// using the listed alternatives.
// OPENSSL_EC_EXPLICIT_CURVE lets OpenSSL encode the curve as explicitly
// encoded curve parameters. AWS-LC does not support this.
//
// Note: Sadly, this was the default prior to OpenSSL 1.1.0.
#define OPENSSL_EC_EXPLICIT_CURVE 0
// OPENSSL_EC_NAMED_CURVE lets OpenSSL encode a named curve form with its
// corresponding NID. This is the only ASN1 encoding method for |EC_GROUP| that
// AWS-LC supports.
#define OPENSSL_EC_NAMED_CURVE 1
// EC_GROUP_set_asn1_flag does nothing. In OpenSSL, |flag| is used to determine
// whether the curve encoding uses explicit parameters or a named curve using an
// ASN1 OID. AWS-LC does not support serialization of explicit curve parameters.
// This behavior is only intended for custom curves. We encourage the use of
// named curves instead.
OPENSSL_EXPORT OPENSSL_DEPRECATED void EC_GROUP_set_asn1_flag(EC_GROUP *group,
int flag);
// EC_GROUP_get_asn1_flag returns |OPENSSL_EC_NAMED_CURVE|.
OPENSSL_EXPORT OPENSSL_DEPRECATED int EC_GROUP_get_asn1_flag(
const EC_GROUP *group);
// EC_GROUP_set_point_conversion_form aborts the process if |form| is not
// |POINT_CONVERSION_UNCOMPRESSED| or |POINT_CONVERSION_COMPRESSED|, and
// otherwise does nothing. This DOES NOT change the encoding format for
// |EC_GROUP| by default. |group| must be allocated by
// |EC_GROUP_new_by_curve_name_mutable| for the encoding format to change.
//
// Note: Use |EC_KEY_set_conv_form| / |EC_KEY_get_conv_form| to set and return
// the desired compression format.
OPENSSL_EXPORT OPENSSL_DEPRECATED void EC_GROUP_set_point_conversion_form(
EC_GROUP *group, point_conversion_form_t form);
// EC_GROUP_get_point_conversion_form returns |POINT_CONVERSION_UNCOMPRESSED|
// (the default compression format).
//
// Note: Use |EC_KEY_set_conv_form| / |EC_KEY_get_conv_form| to set and return
// the desired compression format.
OPENSSL_EXPORT OPENSSL_DEPRECATED point_conversion_form_t
EC_GROUP_get_point_conversion_form(const EC_GROUP *group);
// EC_KEY_decoded_from_explicit_params returns 1 if the |EC_KEY| was constructed
// from explicitly encoded parameters to determine the |EC_GROUP|, otherwise
// returns 0.
OPENSSL_EXPORT OPENSSL_DEPRECATED int EC_KEY_decoded_from_explicit_params(const EC_KEY *key);
// EC_METHOD No-ops [Deprecated].
//
// |EC_METHOD| is a low level implementation detail of the EC module, but
// its exposed in traditionally public API. This should be an internal only
// concept. Users should switch to a different suitable constructor like
// |EC_GROUP_new_curve_GFp|, |EC_GROUP_new_curve_GF2m|, or
// |EC_GROUP_new_by_curve_name|. The |EC_METHOD| APIs have also been
// deprecated in OpenSSL 3.0.
typedef struct ec_method_st EC_METHOD;
// EC_GROUP_method_of returns a dummy non-NULL pointer.
OPENSSL_EXPORT OPENSSL_DEPRECATED const EC_METHOD *EC_GROUP_method_of(
const EC_GROUP *group);
// EC_METHOD_get_field_type returns NID_X9_62_prime_field.
OPENSSL_EXPORT OPENSSL_DEPRECATED int EC_METHOD_get_field_type(
const EC_METHOD *meth);
#if defined(__cplusplus)
} // extern C
#endif
// Old code expects to get EC_KEY from ec.h.
#include <openssl/ec_key.h>
#if defined(__cplusplus)
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(EC_POINT, EC_POINT_free)
BORINGSSL_MAKE_DELETER(EC_GROUP, EC_GROUP_free)
BSSL_NAMESPACE_END
} // extern C++
#endif
#define EC_R_BUFFER_TOO_SMALL 100
#define EC_R_COORDINATES_OUT_OF_RANGE 101
#define EC_R_D2I_ECPKPARAMETERS_FAILURE 102
#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 103
#define EC_R_GROUP2PKPARAMETERS_FAILURE 104
#define EC_R_I2D_ECPKPARAMETERS_FAILURE 105
#define EC_R_INCOMPATIBLE_OBJECTS 106
#define EC_R_INVALID_COMPRESSED_POINT 107
#define EC_R_INVALID_COMPRESSION_BIT 108
#define EC_R_INVALID_ENCODING 109
#define EC_R_INVALID_FIELD 110
#define EC_R_INVALID_FORM 111
#define EC_R_INVALID_GROUP_ORDER 112
#define EC_R_INVALID_PRIVATE_KEY 113
#define EC_R_MISSING_PARAMETERS 114
#define EC_R_MISSING_PRIVATE_KEY 115
#define EC_R_NON_NAMED_CURVE 116
#define EC_R_NOT_INITIALIZED 117
#define EC_R_PKPARAMETERS2GROUP_FAILURE 118
#define EC_R_POINT_AT_INFINITY 119
#define EC_R_POINT_IS_NOT_ON_CURVE 120
#define EC_R_SLOT_FULL 121
#define EC_R_UNDEFINED_GENERATOR 122
#define EC_R_UNKNOWN_GROUP 123
#define EC_R_UNKNOWN_ORDER 124
#define EC_R_WRONG_ORDER 125
#define EC_R_BIGNUM_OUT_OF_RANGE 126
#define EC_R_WRONG_CURVE_PARAMETERS 127
#define EC_R_DECODE_ERROR 128
#define EC_R_ENCODE_ERROR 129
#define EC_R_GROUP_MISMATCH 130
#define EC_R_INVALID_COFACTOR 131
#define EC_R_PUBLIC_KEY_VALIDATION_FAILED 132
#define EC_R_INVALID_SCALAR 133
#endif // OPENSSL_HEADER_EC_H

407
vendor/aws-lc-sys/aws-lc/include/openssl/ec_key.h vendored Normal file
View File

@@ -0,0 +1,407 @@
// Originally written by Bodo Moeller for the OpenSSL project.
// Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
// Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
//
// The elliptic curve binary polynomial software is originally written by
// Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems
// Laboratories.
//
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_EC_KEY_H
#define OPENSSL_HEADER_EC_KEY_H
#include <openssl/base.h>
#include <openssl/ec.h>
#include <openssl/engine.h>
#include <openssl/ex_data.h>
#if defined(__cplusplus)
extern "C" {
#endif
// ec_key.h contains functions that handle elliptic-curve points that are
// public/private keys.
// EC key objects.
//
// An |EC_KEY| object represents a public or private EC key. A given object may
// be used concurrently on multiple threads by non-mutating functions, provided
// no other thread is concurrently calling a mutating function. Unless otherwise
// documented, functions which take a |const| pointer are non-mutating and
// functions which take a non-|const| pointer are mutating.
// EC_KEY_new returns a fresh |EC_KEY| object or NULL on error.
OPENSSL_EXPORT EC_KEY *EC_KEY_new(void);
// EC_KEY_new_method acts the same as |EC_KEY_new|, but takes an explicit
// |ENGINE|.
OPENSSL_EXPORT EC_KEY *EC_KEY_new_method(const ENGINE *engine);
// EC_KEY_new_by_curve_name returns a fresh EC_KEY for group specified by |nid|
// or NULL on error.
OPENSSL_EXPORT EC_KEY *EC_KEY_new_by_curve_name(int nid);
// EC_KEY_free frees all the data owned by |key| and |key| itself.
OPENSSL_EXPORT void EC_KEY_free(EC_KEY *key);
// EC_KEY_dup returns a fresh copy of |src| or NULL on error.
OPENSSL_EXPORT EC_KEY *EC_KEY_dup(const EC_KEY *src);
// EC_KEY_up_ref increases the reference count of |key| and returns one. It does
// not mutate |key| for thread-safety purposes and may be used concurrently.
OPENSSL_EXPORT int EC_KEY_up_ref(EC_KEY *key);
// EC_KEY_is_opaque returns one if |key| is opaque and doesn't expose its key
// material. Otherwise it return zero.
OPENSSL_EXPORT int EC_KEY_is_opaque(const EC_KEY *key);
// EC_KEY_get0_group returns a pointer to the |EC_GROUP| object inside |key|.
OPENSSL_EXPORT const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
// EC_KEY_set_group sets the |EC_GROUP| object that |key| will use to |group|.
// It returns one on success and zero if |key| is already configured with a
// different group.
OPENSSL_EXPORT int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
// EC_KEY_get0_private_key returns a pointer to the private key inside |key|.
OPENSSL_EXPORT const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
// EC_KEY_set_private_key sets the private key of |key| to |priv|. It returns
// one on success and zero otherwise. |key| must already have had a group
// configured (see |EC_KEY_set_group| and |EC_KEY_new_by_curve_name|).
OPENSSL_EXPORT int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv);
// EC_KEY_get0_public_key returns a pointer to the public key point inside
// |key|.
OPENSSL_EXPORT const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
// EC_KEY_set_public_key sets the public key of |key| to |pub|, by copying it.
// It returns one on success and zero otherwise. |key| must already have had a
// group configured (see |EC_KEY_set_group| and |EC_KEY_new_by_curve_name|), and
// |pub| must also belong to that group.
OPENSSL_EXPORT int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
#define EC_PKEY_NO_PARAMETERS 0x001
#define EC_PKEY_NO_PUBKEY 0x002
// EC_KEY_get_enc_flags returns the encoding flags for |key|, which is a
// bitwise-OR of |EC_PKEY_*| values.
OPENSSL_EXPORT unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
// EC_KEY_set_enc_flags sets the encoding flags for |key|, which is a
// bitwise-OR of |EC_PKEY_*| values.
OPENSSL_EXPORT void EC_KEY_set_enc_flags(EC_KEY *key, unsigned flags);
// EC_KEY_get_conv_form returns the conversation form that will be used by
// |key|.
OPENSSL_EXPORT point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
// EC_KEY_set_conv_form sets the conversion form to be used by |key|.
OPENSSL_EXPORT void EC_KEY_set_conv_form(EC_KEY *key,
point_conversion_form_t cform);
// EC_KEY_check_key performs several checks on |key| including, if the
// private is present, an expensive check that the public key
// corresponds to it. It returns one if all checks pass and zero
// otherwise. If it returns zero then detail about the problem can be
// found on the error stack.
OPENSSL_EXPORT int EC_KEY_check_key(const EC_KEY *key);
// EC_KEY_check_fips performs a signing pairwise consistency test (FIPS 140-2
// 4.9.2) and the consistency test from SP 800-56Ar3 section 5.6.2.1.4.
// If the public key contains an affine point, it also checks that its
// coordinates are in the range [0, p-1]. That is in addition to the checks
// performed by EC_KEY_check_key.
// It returns one if it passes and zero otherwise.
OPENSSL_EXPORT int EC_KEY_check_fips(const EC_KEY *key);
// EC_KEY_set_public_key_affine_coordinates sets the public key in |key| to
// (|x|, |y|). It returns one on success and zero on error. It's considered an
// error if |x| and |y| do not represent a point on |key|'s curve.
OPENSSL_EXPORT int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key,
const BIGNUM *x,
const BIGNUM *y);
// EC_KEY_key2buf encodes the public key in |key| to an allocated octet string
// and sets |*out_buf| to point to it. It returns the length of the encoded
// octet string or zero if an error occurred.
OPENSSL_EXPORT size_t EC_KEY_key2buf(const EC_KEY *key,
point_conversion_form_t form,
unsigned char **out_buf, BN_CTX *ctx);
// Key generation.
// EC_KEY_generate_key generates a random, private key, calculates the
// corresponding public key and stores both in |key|. It returns one on success
// or zero otherwise.
OPENSSL_EXPORT int EC_KEY_generate_key(EC_KEY *key);
// EC_KEY_generate_key_fips behaves like |EC_KEY_generate_key| but performs
// additional checks for FIPS compliance. This function is applicable when
// generating keys for either signing/verification or key agreement because
// both types of consistency check (PCT) are performed.
OPENSSL_EXPORT int EC_KEY_generate_key_fips(EC_KEY *key);
// EC_KEY_derive_from_secret deterministically derives a private key for |group|
// from an input secret using HKDF-SHA256. It returns a newly-allocated |EC_KEY|
// on success or NULL on error. |secret| must not be used in any other
// algorithm. If using a base secret for multiple operations, derive separate
// values with a KDF such as HKDF first.
//
// Note this function implements an arbitrary derivation scheme, rather than any
// particular standard one. New protocols are recommended to use X25519 and
// Ed25519, which have standard byte import functions. See
// |X25519_public_from_private| and |ED25519_keypair_from_seed|.
OPENSSL_EXPORT EC_KEY *EC_KEY_derive_from_secret(const EC_GROUP *group,
const uint8_t *secret,
size_t secret_len);
// Serialisation.
// EC_KEY_parse_private_key parses a DER-encoded ECPrivateKey structure (RFC
// 5915) from |cbs| and advances |cbs|. It returns a newly-allocated |EC_KEY| or
// NULL on error. If |group| is non-null, the parameters field of the
// ECPrivateKey may be omitted (but must match |group| if present). Otherwise,
// the parameters field is required.
OPENSSL_EXPORT EC_KEY *EC_KEY_parse_private_key(CBS *cbs,
const EC_GROUP *group);
// EC_KEY_marshal_private_key marshals |key| as a DER-encoded ECPrivateKey
// structure (RFC 5915) and appends the result to |cbb|. It returns one on
// success and zero on failure. |enc_flags| is a combination of |EC_PKEY_*|
// values and controls whether corresponding fields are omitted.
OPENSSL_EXPORT int EC_KEY_marshal_private_key(CBB *cbb, const EC_KEY *key,
unsigned enc_flags);
// EC_KEY_parse_curve_name parses a DER-encoded OBJECT IDENTIFIER as a curve
// name from |cbs| and advances |cbs|. It returns the decoded |EC_GROUP| or NULL
// on error.
//
// This function returns a non-const pointer which may be passed to
// |EC_GROUP_free|. However, the resulting object is actually static and calling
// |EC_GROUP_free| is optional.
//
// TODO(davidben): Make this return a const pointer, if it does not break too
// many callers.
OPENSSL_EXPORT EC_GROUP *EC_KEY_parse_curve_name(CBS *cbs);
// EC_KEY_marshal_curve_name marshals |group| as a DER-encoded OBJECT IDENTIFIER
// and appends the result to |cbb|. It returns one on success and zero on
// failure.
OPENSSL_EXPORT int EC_KEY_marshal_curve_name(CBB *cbb, const EC_GROUP *group);
// EC_KEY_parse_parameters parses a DER-encoded ECParameters structure (RFC
// 5480) from |cbs| and advances |cbs|. It returns the resulting |EC_GROUP| or
// NULL on error. It supports the namedCurve and specifiedCurve options, but use
// of specifiedCurve is deprecated. Use |EC_KEY_parse_curve_name| instead.
//
// This function returns a non-const pointer which may be passed to
// |EC_GROUP_free|. However, the resulting object is actually static and calling
// |EC_GROUP_free| is optional.
//
// TODO(davidben): Make this return a const pointer, if it does not break too
// many callers.
OPENSSL_EXPORT EC_GROUP *EC_KEY_parse_parameters(CBS *cbs);
// ex_data functions.
//
// These functions are wrappers. See |ex_data.h| for details.
OPENSSL_EXPORT int EC_KEY_get_ex_new_index(long argl, void *argp,
CRYPTO_EX_unused *unused,
CRYPTO_EX_dup *dup_unused,
CRYPTO_EX_free *free_func);
OPENSSL_EXPORT int EC_KEY_set_ex_data(EC_KEY *r, int idx, void *arg);
OPENSSL_EXPORT void *EC_KEY_get_ex_data(const EC_KEY *r, int idx);
// Deprecated functions.
// d2i_ECPrivateKey parses a DER-encoded ECPrivateKey structure (RFC 5915) from
// |len| bytes at |*inp|, as described in |d2i_SAMPLE|. On input, if |*out_key|
// is non-NULL and has a group configured, the parameters field may be omitted
// but must match that group if present.
//
// Use |EC_KEY_parse_private_key| instead.
OPENSSL_EXPORT EC_KEY *d2i_ECPrivateKey(EC_KEY **out_key, const uint8_t **inp,
long len);
// i2d_ECPrivateKey marshals |key| as a DER-encoded ECPrivateKey structure (RFC
// 5915), as described in |i2d_SAMPLE|.
//
// Use |EC_KEY_marshal_private_key| instead.
OPENSSL_EXPORT int i2d_ECPrivateKey(const EC_KEY *key, uint8_t **outp);
// d2i_ECParameters parses a DER-encoded ECParameters structure (RFC 5480) from
// |len| bytes at |*inp|, as described in |d2i_SAMPLE|.
//
// Use |EC_KEY_parse_parameters| or |EC_KEY_parse_curve_name| instead. Only
// deserialization of namedCurves or explicitly-encoded versions of named curves
// are supported.
OPENSSL_EXPORT EC_KEY *d2i_ECParameters(EC_KEY **out_key, const uint8_t **inp,
long len);
// i2d_ECParameters marshals |key|'s parameters as a DER-encoded OBJECT
// IDENTIFIER, as described in |i2d_SAMPLE|.
//
// Use |EC_KEY_marshal_curve_name| instead. Only serialization of namedCurves
// are supported.
OPENSSL_EXPORT int i2d_ECParameters(const EC_KEY *key, uint8_t **outp);
// d2i_ECPKParameters_bio deserializes the |ECPKParameters| specified in RFC
// 3279 from |bio| and returns the corresponding |EC_GROUP|. If |*out_group| is
// non-null, the original |*out_group| is freed and the returned |EC_GROUP| is
// also written to |*out_group|. The user continues to maintain the memory
// assigned to |*out_group| if non-null.
//
// Only deserialization of namedCurves or
// explicitly-encoded versions of namedCurves are supported.
OPENSSL_EXPORT EC_GROUP *d2i_ECPKParameters_bio(BIO *bio, EC_GROUP **out_group);
// i2d_ECPKParameters_bio serializes an |EC_GROUP| to |bio| according to the
// |ECPKParameters| specified in RFC 3279. It returns 1 on success and 0 on
// failure.
// Only serialization of namedCurves are supported.
OPENSSL_EXPORT int i2d_ECPKParameters_bio(BIO *bio, const EC_GROUP *group);
// o2i_ECPublicKey parses an EC point from |len| bytes at |*inp| into
// |*out_key|. Note that this differs from the d2i format in that |*out_key|
// must be non-NULL with a group set. On successful exit, |*inp| is advanced by
// |len| bytes. It returns |*out_key| or NULL on error.
//
// Use |EC_POINT_oct2point| instead.
OPENSSL_EXPORT EC_KEY *o2i_ECPublicKey(EC_KEY **out_key, const uint8_t **inp,
long len);
// i2o_ECPublicKey marshals an EC point from |key|, as described in
// |i2d_SAMPLE|, except it returns zero on error instead of a negative value.
//
// Use |EC_POINT_point2cbb| instead.
OPENSSL_EXPORT int i2o_ECPublicKey(const EC_KEY *key, unsigned char **outp);
// EC_KEY_METHOD
// This struct replaces the old |ECDSA_METHOD| struct.
// ECDSA_FLAG_OPAQUE specifies that this EC_KEY_METHOD does not expose its key
// material. This may be set if, for instance, it is wrapping some other crypto
// API, like a platform key store. Use |EC_KEY_METHOD_set_flag| to set
// this flag on an |EC_KEY_METHOD|. It is not set by default.
// This was supported in ECDSA_METHOD previously.
#define ECDSA_FLAG_OPAQUE 1
// EC_KEY_get_default_method returns a reference to the default
// |EC_KEY| implementation. All |EC_KEY| objects are initialized with the
// returned struct. This function currently calls |EC_KEY_OpenSSL| since AWS-LC
// does not support changing/setting the default method.
OPENSSL_EXPORT const EC_KEY_METHOD *EC_KEY_get_default_method(void);
// EC_KEY_OpenSSL returns a reference to the default |EC_KEY| implementation.
// The returned |EC_KEY_METHOD| object is statically allocated. The application
// should not free this struct.
//
// This struct is also zero-initialized. This is different from OpenSSL which
// returns function pointers to the default implementations within the
// |EC_KEY_METHOD| struct. We do not do this to make it easier for the
// compiler/linker to drop unused functions. The wrapper functions for a given
// operation (e.g. |ECDSA_sign| corresponds to the |sign| field in
// |EC_KEY_METHOD|) will select the appropriate default implementation.
OPENSSL_EXPORT const EC_KEY_METHOD *EC_KEY_OpenSSL(void);
// EC_KEY_METHOD_new returns a newly allocated |EC_KEY_METHOD| object. If the
// input parameter |eckey_meth| is non-NULL, the function pointers within the
// returned |EC_KEY_METHOD| object will be initialized to the values from
// |eckey_meth|. If |eckey_meth| is NULL, the returned object will be
// initialized using the value returned from |EC_KEY_get_default_method|.
OPENSSL_EXPORT EC_KEY_METHOD *EC_KEY_METHOD_new(
const EC_KEY_METHOD *eckey_meth);
// EC_KEY_METHOD_free frees the memory associated with |eckey_meth|
OPENSSL_EXPORT void EC_KEY_METHOD_free(EC_KEY_METHOD *eckey_meth);
// EC_KEY_set_method sets |meth| on |ec|. We do not support setting the
// |copy|, |set_group|, |set_private|, |set_public|, and |sign_setup|
// fields in |ec| and these pointers should be set to NULL. We do not support
// the |verify|, |verify_sig|, or |keygen| fields yet.
//
// Returns zero on failure and one on success.
OPENSSL_EXPORT int EC_KEY_set_method(EC_KEY *ec, const EC_KEY_METHOD *meth);
// EC_KEY_get_method returns the |EC_KEY_METHOD| object associated with |ec|.
OPENSSL_EXPORT const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *ec);
// EC_KEY_METHOD_set_sign_awslc sets the |sign| and |sign_sig| pointers on
// |meth|.
OPENSSL_EXPORT void EC_KEY_METHOD_set_sign_awslc(
EC_KEY_METHOD *meth,
int (*sign)(int type, const uint8_t *digest, int digest_len, uint8_t *sig,
unsigned int *siglen, const BIGNUM *k_inv, const BIGNUM *r,
EC_KEY *eckey),
ECDSA_SIG *(*sign_sig)(const uint8_t *digest, int digest_len,
const BIGNUM *in_kinv, const BIGNUM *in_r,
EC_KEY *eckey));
// EC_KEY_METHOD_set_sign sets function pointers on |meth|. AWS-LC currently
// supports setting |sign| and |sign_sig|. |sign_setup| must be set to NULL in
// order to compile with AWS-LC.
#define EC_KEY_METHOD_set_sign(meth, sign, sign_setup, sign_sig) \
OPENSSL_STATIC_ASSERT((sign_setup) == NULL, \
EC_KEY_METHOD_sign_setup_field_must_be_NULL); \
EC_KEY_METHOD_set_sign_awslc(meth, sign, sign_sig);
// EC_KEY_METHOD_set_init_awslc sets the |init| and |finish| pointers on |meth|.
OPENSSL_EXPORT void EC_KEY_METHOD_set_init_awslc(EC_KEY_METHOD *meth,
int (*init)(EC_KEY *key),
void (*finish)(EC_KEY *key));
// EC_KEY_METHOD_set_init sets function pointers on |meth|. AWS-LC
// currently only supports setting the |init| and |finish| fields. |copy|,
// |set_group|, |set_private|, and |set_public| cannot be set yet and must
// be NULL.
#define EC_KEY_METHOD_set_init(meth, init, finish, copy, set_group, \
set_private, set_public) \
OPENSSL_STATIC_ASSERT( \
(copy) == NULL && (set_group) == NULL && (set_private) == NULL && \
(set_public) == NULL, \
EC_KEY_METHOD_copy_set_group_set_private_and_set_public_fields_must_be_NULL); \
EC_KEY_METHOD_set_init_awslc(meth, init, finish);
// EC_KEY_METHOD_set_flags sets |flags| on |meth|. Currently, the only supported
// flag is |ECDSA_FLAG_OPAQUE|. Returns zero on failure and one on success.
OPENSSL_EXPORT int EC_KEY_METHOD_set_flags(EC_KEY_METHOD *meth, int flags);
// General No-op Functions [Deprecated].
// EC_KEY_set_asn1_flag does nothing. AWS-LC only supports
// |OPENSSL_EC_NAMED_CURVE|.
OPENSSL_EXPORT OPENSSL_DEPRECATED void EC_KEY_set_asn1_flag(EC_KEY *key,
int flag);
#if defined(__cplusplus)
} // extern C
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(EC_KEY, EC_KEY_free)
BORINGSSL_MAKE_UP_REF(EC_KEY, EC_KEY_up_ref)
BSSL_NAMESPACE_END
} // extern C++
#endif
#endif // OPENSSL_HEADER_EC_KEY_H

64
vendor/aws-lc-sys/aws-lc/include/openssl/ecdh.h vendored Normal file
View File

@@ -0,0 +1,64 @@
// Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
//
// The Elliptic Curve Public-Key Crypto Library (ECC Code) included
// herein is developed by SUN MICROSYSTEMS, INC., and is contributed
// to the OpenSSL project.
//
// The ECDH software is originally written by Douglas Stebila of
// Sun Microsystems Laboratories.
//
// Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_ECDH_H
#define OPENSSL_HEADER_ECDH_H
#include <openssl/base.h>
#include <openssl/ec_key.h>
#if defined(__cplusplus)
extern "C" {
#endif
// Elliptic curve Diffie-Hellman.
// ECDH_compute_key calculates the shared key between |pub_key| and |priv_key|.
// If |kdf| is not NULL, then it is called with the bytes of the shared key and
// the parameter |out|. When |kdf| returns, the value of |*outlen| becomes the
// return value. Otherwise, as many bytes of the shared key as will fit are
// copied directly to, at most, |outlen| bytes at |out|. It returns the number
// of bytes written to |out|, or -1 on error.
OPENSSL_EXPORT int ECDH_compute_key(
void *out, size_t outlen, const EC_POINT *pub_key, const EC_KEY *priv_key,
void *(*kdf)(const void *in, size_t inlen, void *out, size_t *outlen));
// ECDH_compute_key_fips calculates the shared key between |pub_key| and
// |priv_key| and hashes it with the appropriate SHA function for |out_len|. The
// only value values for |out_len| are thus 24 (SHA-224), 32 (SHA-256), 48
// (SHA-384), and 64 (SHA-512). It returns one on success and zero on error.
//
// Note that the return value is different to |ECDH_compute_key|: it returns an
// error flag (as is common for BoringSSL) rather than the number of bytes
// written.
//
// This function allows the FIPS module to compute an ECDH and KDF within the
// module boundary without taking an arbitrary function pointer for the KDF,
// which isn't very FIPSy.
OPENSSL_EXPORT int ECDH_compute_key_fips(uint8_t *out, size_t out_len,
const EC_POINT *pub_key,
const EC_KEY *priv_key);
#if defined(__cplusplus)
} // extern C
#endif
#define ECDH_R_KDF_FAILED 100
#define ECDH_R_NO_PRIVATE_VALUE 101
#define ECDH_R_POINT_ARITHMETIC_FAILURE 102
#define ECDH_R_UNKNOWN_DIGEST_LENGTH 103
#endif // OPENSSL_HEADER_ECDH_H

196
vendor/aws-lc-sys/aws-lc/include/openssl/ecdsa.h vendored Normal file
View File

@@ -0,0 +1,196 @@
// Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_ECDSA_H
#define OPENSSL_HEADER_ECDSA_H
#include <openssl/base.h>
#include <openssl/ec_key.h>
#if defined(__cplusplus)
extern "C" {
#endif
// ECDSA contains functions for signing and verifying with the Digital Signature
// Algorithm over elliptic curves.
// Signing and verifying.
// ECDSA_sign signs |digest_len| bytes from |digest| with |key| and writes the
// resulting signature to |sig|, which must have |ECDSA_size(key)| bytes of
// space. On successful exit, |*sig_len| is set to the actual number of bytes
// written. The |type| argument should be zero. It returns one on success and
// zero otherwise.
//
// WARNING: |digest| must be the output of some hash function on the data to be
// signed. Passing unhashed inputs will not result in a secure signature scheme.
OPENSSL_EXPORT int ECDSA_sign(int type, const uint8_t *digest,
size_t digest_len, uint8_t *sig,
unsigned int *sig_len, const EC_KEY *key);
// ECDSA_verify verifies that |sig_len| bytes from |sig| constitute a valid
// signature by |key| of |digest|. (The |type| argument should be zero.) It
// returns one on success or zero if the signature is invalid or an error
// occurred.
//
// WARNING: |digest| must be the output of some hash function on the data to be
// verified. Passing unhashed inputs will not result in a secure signature
// scheme.
OPENSSL_EXPORT int ECDSA_verify(int type, const uint8_t *digest,
size_t digest_len, const uint8_t *sig,
size_t sig_len, const EC_KEY *key);
// ECDSA_size returns the maximum size of an ECDSA signature using |key|. It
// returns zero if |key| is NULL or if it doesn't have a group set.
OPENSSL_EXPORT size_t ECDSA_size(const EC_KEY *key);
// Low-level signing and verification.
//
// Low-level functions handle signatures as |ECDSA_SIG| structures which allow
// the two values in an ECDSA signature to be handled separately.
struct ecdsa_sig_st {
BIGNUM *r;
BIGNUM *s;
};
// ECDSA_SIG_new returns a fresh |ECDSA_SIG| structure or NULL on error.
OPENSSL_EXPORT ECDSA_SIG *ECDSA_SIG_new(void);
// ECDSA_SIG_free frees |sig| its member |BIGNUM|s.
OPENSSL_EXPORT void ECDSA_SIG_free(ECDSA_SIG *sig);
// ECDSA_SIG_get0_r returns the r component of |sig|.
OPENSSL_EXPORT const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig);
// ECDSA_SIG_get0_s returns the s component of |sig|.
OPENSSL_EXPORT const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig);
// ECDSA_SIG_get0 sets |*out_r| and |*out_s|, if non-NULL, to the two
// components of |sig|.
OPENSSL_EXPORT void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **out_r,
const BIGNUM **out_s);
// ECDSA_SIG_set0 sets |sig|'s components to |r| and |s|, neither of which may
// be NULL. On success, it takes ownership of each argument and returns one.
// Otherwise, it returns zero.
OPENSSL_EXPORT int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
// ECDSA_do_sign signs |digest_len| bytes from |digest| with |key| and returns
// the resulting signature structure, or NULL on error.
//
// WARNING: |digest| must be the output of some hash function on the data to be
// signed. Passing unhashed inputs will not result in a secure signature scheme.
OPENSSL_EXPORT ECDSA_SIG *ECDSA_do_sign(const uint8_t *digest,
size_t digest_len, const EC_KEY *key);
// ECDSA_do_verify verifies that |sig| constitutes a valid signature by |key|
// of |digest|. It returns one on success or zero if the signature is invalid
// or on error.
//
// We distinguish between a "mismatched" signature error and "bad" signature
// error because of JCA expectations. Specifically:
// * Error |ECDSA_R_BAD_SIGNATURE| is set if step (1) of SEC 1 v2 4.1.4 returns
// "invalid".
// * Error |ECDSA_R_MISMATCHED_SIGNATURE| is set if steps (5) and (8) of SEC 1
// v2 4.1.4 returns "invalid".
//
// WARNING: |digest| must be the output of some hash function on the data to be
// verified. Passing unhashed inputs will not result in a secure signature
// scheme.
OPENSSL_EXPORT int ECDSA_do_verify(const uint8_t *digest, size_t digest_len,
const ECDSA_SIG *sig, const EC_KEY *key);
// ASN.1 functions.
// ECDSA_SIG_parse parses a DER-encoded ECDSA-Sig-Value structure from |cbs| and
// advances |cbs|. It returns a newly-allocated |ECDSA_SIG| or NULL on error.
OPENSSL_EXPORT ECDSA_SIG *ECDSA_SIG_parse(CBS *cbs);
// ECDSA_SIG_from_bytes parses |in| as a DER-encoded ECDSA-Sig-Value structure.
// It returns a newly-allocated |ECDSA_SIG| structure or NULL on error.
OPENSSL_EXPORT ECDSA_SIG *ECDSA_SIG_from_bytes(const uint8_t *in,
size_t in_len);
// ECDSA_SIG_marshal marshals |sig| as a DER-encoded ECDSA-Sig-Value and appends
// the result to |cbb|. It returns one on success and zero on error.
OPENSSL_EXPORT int ECDSA_SIG_marshal(CBB *cbb, const ECDSA_SIG *sig);
// ECDSA_SIG_to_bytes marshals |sig| as a DER-encoded ECDSA-Sig-Value and, on
// success, sets |*out_bytes| to a newly allocated buffer containing the result
// and returns one. Otherwise, it returns zero. The result should be freed with
// |OPENSSL_free|.
OPENSSL_EXPORT int ECDSA_SIG_to_bytes(uint8_t **out_bytes, size_t *out_len,
const ECDSA_SIG *sig);
// ECDSA_SIG_max_len returns the maximum length of a DER-encoded ECDSA-Sig-Value
// structure for a group whose order is represented in |order_len| bytes, or
// zero on overflow.
OPENSSL_EXPORT size_t ECDSA_SIG_max_len(size_t order_len);
// Testing-only functions.
// ECDSA_sign_with_nonce_and_leak_private_key_for_testing behaves like
// |ECDSA_do_sign| but uses |nonce| for the ECDSA nonce 'k', instead of a random
// value. |nonce| is interpreted as a big-endian integer. It must be reduced
// modulo the group order and padded with zeros up to |BN_num_bytes(order)|
// bytes.
//
// WARNING: This function is only exported for testing purposes, when using test
// vectors or fuzzing strategies. It must not be used outside tests and may leak
// any private keys it is used with.
OPENSSL_EXPORT ECDSA_SIG *
ECDSA_sign_with_nonce_and_leak_private_key_for_testing(const uint8_t *digest,
size_t digest_len,
const EC_KEY *eckey,
const uint8_t *nonce,
size_t nonce_len);
// Deprecated functions.
// d2i_ECDSA_SIG parses aa DER-encoded ECDSA-Sig-Value structure from |len|
// bytes at |*inp|, as described in |d2i_SAMPLE|.
//
// Use |ECDSA_SIG_parse| instead.
OPENSSL_EXPORT ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **out, const uint8_t **inp,
long len);
// i2d_ECDSA_SIG marshals |sig| as a DER-encoded ECDSA-Sig-Value, as described
// in |i2d_SAMPLE|.
//
// Use |ECDSA_SIG_marshal| instead.
OPENSSL_EXPORT int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp);
#if defined(__cplusplus)
} // extern C
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(ECDSA_SIG, ECDSA_SIG_free)
BSSL_NAMESPACE_END
} // extern C++
#endif
#define ECDSA_R_BAD_SIGNATURE 100
#define ECDSA_R_MISSING_PARAMETERS 101
#define ECDSA_R_NEED_NEW_SETUP_VALUES 102
#define ECDSA_R_NOT_IMPLEMENTED 103
#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104
#define ECDSA_R_ENCODE_ERROR 105
#define ECDSA_R_MISMATCHED_SIGNATURE 205
#define ECDSA_R_TOO_MANY_ITERATIONS 106
#endif // OPENSSL_HEADER_ECDSA_H

82
vendor/aws-lc-sys/aws-lc/include/openssl/engine.h vendored Normal file
View File

@@ -0,0 +1,82 @@
// Copyright (c) 2014, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_ENGINE_H
#define OPENSSL_HEADER_ENGINE_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// Engines are collections of methods. Methods are tables of function pointers,
// defined for certain algorithms, that allow operations on those algorithms to
// be overridden via a callback. This can be used, for example, to implement an
// RSA* that forwards operations to a hardware module.
//
// Default Methods are zero initialized. You should set the function pointers
// that you wish before setting it on an |ENGINE|. Any functions pointers that
// are NULL indicate that the default behaviour should be used.
// Allocation and destruction.
// ENGINE_new returns an empty ENGINE that uses the default method for all
// algorithms.
OPENSSL_EXPORT ENGINE *ENGINE_new(void);
// ENGINE_free decrements the reference counts for all methods linked from
// |engine| and frees |engine| itself. It returns one.
OPENSSL_EXPORT int ENGINE_free(ENGINE *engine);
// Method accessors.
//
// The setter functions do not take ownership of the |method| pointer. The
// consumer must free the |method| pointer after all objects referencing it are
// freed.
// ENGINE_set_RSA takes a |method| pointer and sets it on the |ENGINE| object.
// Returns one on success and zero for failure when |engine| is NULL.
OPENSSL_EXPORT int ENGINE_set_RSA(ENGINE *engine, const RSA_METHOD *method);
// ENGINE_get_RSA returns the meth field of |engine|. If |engine| is NULL,
// function returns NULL.
OPENSSL_EXPORT const RSA_METHOD *ENGINE_get_RSA(const ENGINE *engine);
// ENGINE_set_EC takes a |method| pointer and sets it on the |ENGINE| object.
// Returns one on success and zero for failure when |engine| is NULL.
OPENSSL_EXPORT int ENGINE_set_EC(ENGINE *engine, const EC_KEY_METHOD *method);
// ENGINE_get_EC returns the meth field of |engine|. If |engine| is NULL,
// function returns NULL.
OPENSSL_EXPORT const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *engine);
// Deprecated functions.
// ENGINE_cleanup does nothing. This has been deprecated since OpenSSL 1.1.0 and
// applications should not rely on it.
OPENSSL_EXPORT void ENGINE_cleanup(void);
#if defined(__cplusplus)
} // extern C
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(ENGINE, ENGINE_free)
BSSL_NAMESPACE_END
} // extern C++
#endif
#define ENGINE_R_OPERATION_NOT_SUPPORTED 100
#endif // OPENSSL_HEADER_ENGINE_H

403
vendor/aws-lc-sys/aws-lc/include/openssl/err.h vendored Normal file
View File

@@ -0,0 +1,403 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
// Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_ERR_H
#define OPENSSL_HEADER_ERR_H
#include <stdio.h>
#include <openssl/base.h>
#include <openssl/crypto.h>
#include <errno.h>
#if defined(__cplusplus)
extern "C" {
#endif
// Error queue handling functions.
//
// Errors in OpenSSL are generally signaled by the return value of a function.
// When a function fails it may add an entry to a per-thread error queue,
// which is managed by the functions in this header.
//
// Each error contains:
// 1) The library (i.e. ec, pem, rsa) which created it.
// 2) The file and line number of the call that added the error.
// 3) A pointer to some error specific data, which may be NULL.
//
// The library identifier and reason code are packed in a uint32_t and there
// exist various functions for unpacking it.
//
// The typical behaviour is that an error will occur deep in a call queue and
// that code will push an error onto the error queue. As the error queue
// unwinds, other functions will push their own errors. Thus, the "least
// recent" error is the most specific and the other errors will provide a
// backtrace of sorts.
// Startup and shutdown.
// ERR_load_BIO_strings does nothing.
//
// TODO(fork): remove. libjingle calls this.
OPENSSL_EXPORT void ERR_load_BIO_strings(void);
// ERR_load_ERR_strings does nothing.
OPENSSL_EXPORT void ERR_load_ERR_strings(void);
// ERR_load_CRYPTO_strings does nothing.
OPENSSL_EXPORT OPENSSL_DEPRECATED void ERR_load_CRYPTO_strings(void);
// ERR_load_crypto_strings does nothing.
OPENSSL_EXPORT void ERR_load_crypto_strings(void);
// ERR_load_RAND_strings does nothing.
OPENSSL_EXPORT void ERR_load_RAND_strings(void);
// ERR_free_strings does nothing.
OPENSSL_EXPORT void ERR_free_strings(void);
// Reading and formatting errors.
// ERR_GET_LIB returns the library code for the error. This is one of
// the |ERR_LIB_*| values.
OPENSSL_INLINE int ERR_GET_LIB(uint32_t packed_error) {
return (int)((packed_error >> 24) & 0xff);
}
// ERR_GET_REASON returns the reason code for the error. This is one of
// library-specific |LIB_R_*| values where |LIB| is the library (see
// |ERR_GET_LIB|). Note that reason codes are specific to the library.
OPENSSL_INLINE int ERR_GET_REASON(uint32_t packed_error) {
return (int)(packed_error & 0xfff);
}
// ERR_get_error gets the packed error code for the least recent error and
// removes that error from the queue. If there are no errors in the queue then
// it returns zero.
OPENSSL_EXPORT uint32_t ERR_get_error(void);
// ERR_get_error_line acts like |ERR_get_error|, except that the file and line
// number of the call that added the error are also returned.
OPENSSL_EXPORT uint32_t ERR_get_error_line(const char **file, int *line);
// ERR_FLAG_STRING means that the |data| member is a NUL-terminated string that
// can be printed. This is always set if |data| is non-NULL.
#define ERR_FLAG_STRING 1
// ERR_FLAG_MALLOCED is passed into |ERR_set_error_data| to indicate that |data|
// was allocated with |OPENSSL_malloc|.
//
// It is, separately, returned in |*flags| from |ERR_get_error_line_data| to
// indicate that |*data| has a non-static lifetime, but this lifetime is still
// managed by the library. The caller must not call |OPENSSL_free| or |free| on
// |data|.
#define ERR_FLAG_MALLOCED 2
// ERR_get_error_line_data acts like |ERR_get_error_line|, but also returns the
// error-specific data pointer and flags. The flags are a bitwise-OR of
// |ERR_FLAG_*| values. The error-specific data is owned by the error queue
// and the pointer becomes invalid after the next call that affects the same
// thread's error queue. If |*flags| contains |ERR_FLAG_STRING| then |*data| is
// human-readable.
OPENSSL_EXPORT uint32_t ERR_get_error_line_data(const char **file, int *line,
const char **data, int *flags);
// The "peek" functions act like the |ERR_get_error| functions, above, but they
// do not remove the error from the queue.
OPENSSL_EXPORT uint32_t ERR_peek_error(void);
OPENSSL_EXPORT uint32_t ERR_peek_error_line(const char **file, int *line);
OPENSSL_EXPORT uint32_t ERR_peek_error_line_data(const char **file, int *line,
const char **data, int *flags);
// The "peek last" functions act like the "peek" functions, above, except that
// they return the most recent error.
OPENSSL_EXPORT uint32_t ERR_peek_last_error(void);
OPENSSL_EXPORT uint32_t ERR_peek_last_error_line(const char **file, int *line);
OPENSSL_EXPORT uint32_t ERR_peek_last_error_line_data(const char **file,
int *line,
const char **data,
int *flags);
// ERR_error_string_n generates a human-readable string representing
// |packed_error|, places it at |buf|, and returns |buf|. It writes at most
// |len| bytes (including the terminating NUL) and truncates the string if
// necessary. If |len| is greater than zero then |buf| is always NUL terminated.
//
// The string will have the following format:
//
// error:[error code]:[library name]:OPENSSL_internal:[reason string]
//
// error code is an 8 digit hexadecimal number; library name and reason string
// are ASCII text.
OPENSSL_EXPORT char *ERR_error_string_n(uint32_t packed_error, char *buf,
size_t len);
// ERR_lib_error_string returns a string representation of the library that
// generated |packed_error|, or a placeholder string is the library is
// unrecognized.
OPENSSL_EXPORT const char *ERR_lib_error_string(uint32_t packed_error);
// ERR_reason_error_string returns a string representation of the reason for
// |packed_error|, or a placeholder string if the reason is unrecognized.
OPENSSL_EXPORT const char *ERR_reason_error_string(uint32_t packed_error);
// ERR_print_errors_callback_t is the type of a function used by
// |ERR_print_errors_cb|. It takes a pointer to a human readable string (and
// its length) that describes an entry in the error queue. The |ctx| argument
// is an opaque pointer given to |ERR_print_errors_cb|.
//
// It should return one on success or zero on error, which will stop the
// iteration over the error queue.
typedef int (*ERR_print_errors_callback_t)(const char *str, size_t len,
void *ctx);
// ERR_print_errors_cb clears the current thread's error queue, calling
// |callback| with a string representation of each error, from the least recent
// to the most recent error.
//
// The string will have the following format (which differs from
// |ERR_error_string|):
//
// [thread id]:error:[error code]:[library name]:OPENSSL_internal:[reason string]:[file]:[line number]:[optional string data]
//
// The callback can return one to continue the iteration or zero to stop it.
// The |ctx| argument is an opaque value that is passed through to the
// callback.
OPENSSL_EXPORT void ERR_print_errors_cb(ERR_print_errors_callback_t callback,
void *ctx);
// ERR_print_errors_fp clears the current thread's error queue, printing each
// error to |file|. See |ERR_print_errors_cb| for the format.
OPENSSL_EXPORT void ERR_print_errors_fp(FILE *file);
// Clearing errors.
// ERR_clear_error clears the error queue for the current thread.
OPENSSL_EXPORT void ERR_clear_error(void);
// ERR_set_mark "marks" the most recent error for use with |ERR_pop_to_mark|.
// It returns one if an error was marked and zero if there are no errors.
OPENSSL_EXPORT int ERR_set_mark(void);
// ERR_pop_to_mark removes errors from the most recent to the least recent
// until (and not including) a "marked" error. It returns zero if no marked
// error was found (and thus all errors were removed) and one otherwise. Errors
// are marked using |ERR_set_mark|.
OPENSSL_EXPORT int ERR_pop_to_mark(void);
// Custom errors.
// ERR_get_next_error_library returns a value suitable for passing as the
// |library| argument to |ERR_put_error|. This is intended for code that wishes
// to push its own, non-standard errors to the error queue.
OPENSSL_EXPORT int ERR_get_next_error_library(void);
// Built-in library and reason codes.
// The following values are built-in library codes.
#define ERR_LIB_NONE 1
#define ERR_LIB_SYS 2
#define ERR_LIB_BN 3
#define ERR_LIB_RSA 4
#define ERR_LIB_DH 5
#define ERR_LIB_EVP 6
#define ERR_LIB_BUF 7
#define ERR_LIB_OBJ 8
#define ERR_LIB_PEM 9
#define ERR_LIB_DSA 10
#define ERR_LIB_X509 11
#define ERR_LIB_ASN1 12
#define ERR_LIB_CONF 13
#define ERR_LIB_CRYPTO 14
#define ERR_LIB_EC 15
#define ERR_LIB_SSL 16
#define ERR_LIB_BIO 17
#define ERR_LIB_PKCS7 18
#define ERR_LIB_PKCS8 19
#define ERR_LIB_X509V3 20
#define ERR_LIB_RAND 21
#define ERR_LIB_ENGINE 22
#define ERR_LIB_OCSP 23
#define ERR_LIB_UI 24
#define ERR_LIB_COMP 25
#define ERR_LIB_ECDSA 26
#define ERR_LIB_ECDH 27
#define ERR_LIB_HMAC 28
#define ERR_LIB_DIGEST 29
#define ERR_LIB_CIPHER 30
#define ERR_LIB_HKDF 31
#define ERR_LIB_TRUST_TOKEN 32
#define ERR_LIB_USER 33
#define ERR_NUM_LIBS 34
#define ERR_LIB_PKCS12 35
#define ERR_LIB_DSO 36
#define ERR_LIB_OSSL_STORE 37
#define ERR_LIB_FIPS 38
#define ERR_LIB_CMS 39
#define ERR_LIB_TS 40
#define ERR_LIB_CT 41
#define ERR_LIB_ASYNC 42
#define ERR_LIB_KDF 43
#define ERR_LIB_SM2 44
// The following reason codes used to denote an error occuring in another
// library. They are sometimes used for a stack trace.
#define ERR_R_SYS_LIB ERR_LIB_SYS
#define ERR_R_BN_LIB ERR_LIB_BN
#define ERR_R_RSA_LIB ERR_LIB_RSA
#define ERR_R_DH_LIB ERR_LIB_DH
#define ERR_R_EVP_LIB ERR_LIB_EVP
#define ERR_R_BUF_LIB ERR_LIB_BUF
#define ERR_R_OBJ_LIB ERR_LIB_OBJ
#define ERR_R_PEM_LIB ERR_LIB_PEM
#define ERR_R_DSA_LIB ERR_LIB_DSA
#define ERR_R_X509_LIB ERR_LIB_X509
#define ERR_R_ASN1_LIB ERR_LIB_ASN1
#define ERR_R_CONF_LIB ERR_LIB_CONF
#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO
#define ERR_R_EC_LIB ERR_LIB_EC
#define ERR_R_SSL_LIB ERR_LIB_SSL
#define ERR_R_BIO_LIB ERR_LIB_BIO
#define ERR_R_PKCS7_LIB ERR_LIB_PKCS7
#define ERR_R_PKCS8_LIB ERR_LIB_PKCS8
#define ERR_R_X509V3_LIB ERR_LIB_X509V3
#define ERR_R_RAND_LIB ERR_LIB_RAND
#define ERR_R_DSO_LIB ERR_LIB_DSO
#define ERR_R_ENGINE_LIB ERR_LIB_ENGINE
#define ERR_R_OCSP_LIB ERR_LIB_OCSP
#define ERR_R_UI_LIB ERR_LIB_UI
#define ERR_R_COMP_LIB ERR_LIB_COMP
#define ERR_R_ECDSA_LIB ERR_LIB_ECDSA
#define ERR_R_ECDH_LIB ERR_LIB_ECDH
#define ERR_R_STORE_LIB ERR_LIB_STORE
#define ERR_R_FIPS_LIB ERR_LIB_FIPS
#define ERR_R_CMS_LIB ERR_LIB_CMS
#define ERR_R_TS_LIB ERR_LIB_TS
#define ERR_R_HMAC_LIB ERR_LIB_HMAC
#define ERR_R_JPAKE_LIB ERR_LIB_JPAKE
#define ERR_R_USER_LIB ERR_LIB_USER
#define ERR_R_DIGEST_LIB ERR_LIB_DIGEST
#define ERR_R_CIPHER_LIB ERR_LIB_CIPHER
#define ERR_R_HKDF_LIB ERR_LIB_HKDF
#define ERR_R_TRUST_TOKEN_LIB ERR_LIB_TRUST_TOKEN
// The following values are global reason codes. They may occur in any library.
#define ERR_R_FATAL 64
#define ERR_R_MALLOC_FAILURE (1 | ERR_R_FATAL)
#define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2 | ERR_R_FATAL)
#define ERR_R_PASSED_NULL_PARAMETER (3 | ERR_R_FATAL)
#define ERR_R_INTERNAL_ERROR (4 | ERR_R_FATAL)
#define ERR_R_OVERFLOW (5 | ERR_R_FATAL)
// Deprecated functions.
// ERR_remove_state calls |ERR_clear_error|.
OPENSSL_EXPORT void ERR_remove_state(unsigned long pid);
// ERR_remove_thread_state clears the error queue for the current thread if
// |tid| is NULL. Otherwise it calls |assert(0)|, because it's no longer
// possible to delete the error queue for other threads.
//
// Use |ERR_clear_error| instead. Note error queues are deleted automatically on
// thread exit. You do not need to call this function to release memory.
OPENSSL_EXPORT void ERR_remove_thread_state(const CRYPTO_THREADID *tid);
// ERR_func_error_string returns the string "OPENSSL_internal".
OPENSSL_EXPORT const char *ERR_func_error_string(uint32_t packed_error);
// ERR_error_string behaves like |ERR_error_string_n| but |len| is implicitly
// |ERR_ERROR_STRING_BUF_LEN|.
//
// Additionally, if |buf| is NULL, the error string is placed in a static buffer
// which is returned. This is not thread-safe and only exists for backwards
// compatibility with legacy callers. The static buffer will be overridden by
// calls in other threads.
//
// Use |ERR_error_string_n| instead.
//
// TODO(fork): remove this function.
OPENSSL_EXPORT char *ERR_error_string(uint32_t packed_error, char *buf);
#define ERR_ERROR_STRING_BUF_LEN 120
// ERR_GET_FUNC returns zero. BoringSSL errors do not report a function code.
OPENSSL_INLINE int ERR_GET_FUNC(uint32_t packed_error) {
(void)packed_error;
return 0;
}
// ERR_TXT_* are provided for compatibility with code that assumes that it's
// using OpenSSL.
#define ERR_TXT_STRING ERR_FLAG_STRING
#define ERR_TXT_MALLOCED ERR_FLAG_MALLOCED
// Private functions.
// ERR_clear_system_error clears the system's error value (i.e. errno).
OPENSSL_EXPORT void ERR_clear_system_error(void);
// OPENSSL_PUT_ERROR is used by OpenSSL code to add an error to the error
// queue.
#define OPENSSL_PUT_ERROR(library, reason) \
ERR_put_error(ERR_LIB_##library, 0, reason, __FILE__, __LINE__)
// OPENSSL_PUT_SYSTEM_ERROR is used by OpenSSL code to add an error from the
// operating system to the error queue.
// TODO(fork): include errno.
#define OPENSSL_PUT_SYSTEM_ERROR() \
ERR_put_error(ERR_LIB_SYS, 0, 0, __FILE__, __LINE__);
// ERR_put_error adds an error to the error queue, dropping the least recent
// error if necessary for space reasons.
OPENSSL_EXPORT void ERR_put_error(int library, int unused, int reason,
const char *file, unsigned line);
// ERR_add_error_data takes a variable number (|count|) of const char*
// pointers, concatenates them and sets the result as the data on the most
// recent error.
OPENSSL_EXPORT void ERR_add_error_data(unsigned count, ...);
// ERR_add_error_dataf takes a printf-style format and arguments, and sets the
// result as the data on the most recent error.
OPENSSL_EXPORT void ERR_add_error_dataf(const char *format, ...)
OPENSSL_PRINTF_FORMAT_FUNC(1, 2);
// ERR_set_error_data sets the data on the most recent error to |data|, which
// must be a NUL-terminated string. |flags| must contain |ERR_FLAG_STRING|. If
// |flags| contains |ERR_FLAG_MALLOCED|, this function takes ownership of
// |data|, which must have been allocated with |OPENSSL_malloc|. Otherwise, it
// saves a copy of |data|.
//
// Note this differs from OpenSSL which, when |ERR_FLAG_MALLOCED| is unset,
// saves the pointer as-is and requires it remain valid for the lifetime of the
// address space.
OPENSSL_EXPORT void ERR_set_error_data(char *data, int flags);
// ERR_NUM_ERRORS is one more than the limit of the number of errors in the
// queue.
#define ERR_NUM_ERRORS 16
#define ERR_PACK(lib, reason) \
(((((uint32_t)(lib)) & 0xff) << 24) | ((((uint32_t)(reason)) & 0xfff)))
// OPENSSL_DECLARE_ERROR_REASON is used by util/make_errors.h (which generates
// the error defines) to recognise that an additional reason value is needed.
// This is needed when the reason value is used outside of an
// |OPENSSL_PUT_ERROR| macro. The resulting define will be
// ${lib}_R_${reason}.
#define OPENSSL_DECLARE_ERROR_REASON(lib, reason)
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_ERR_H

1443
vendor/aws-lc-sys/aws-lc/include/openssl/evp.h vendored Normal file
View File

File diff suppressed because it is too large Load Diff

52
vendor/aws-lc-sys/aws-lc/include/openssl/evp_errors.h vendored Normal file
View File

@@ -0,0 +1,52 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_EVP_ERRORS_H
#define OPENSSL_HEADER_EVP_ERRORS_H
#define EVP_R_BUFFER_TOO_SMALL 100
#define EVP_R_COMMAND_NOT_SUPPORTED 101
#define EVP_R_DECODE_ERROR 102
#define EVP_R_DIFFERENT_KEY_TYPES 103
#define EVP_R_DIFFERENT_PARAMETERS 104
#define EVP_R_ENCODE_ERROR 105
#define EVP_R_EXPECTING_A_EC_KEY_KEY 106
#define EVP_R_EXPECTING_AN_RSA_KEY 107
#define EVP_R_EXPECTING_A_DSA_KEY 108
#define EVP_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 109
#define EVP_R_INVALID_DIGEST_LENGTH 110
#define EVP_R_INVALID_DIGEST_TYPE 111
#define EVP_R_INVALID_KEYBITS 112
#define EVP_R_INVALID_MGF1_MD 113
#define EVP_R_INVALID_OPERATION 114
#define EVP_R_INVALID_PADDING_MODE 115
#define EVP_R_INVALID_PSS_SALTLEN 116
#define EVP_R_KEYS_NOT_SET 117
#define EVP_R_MISSING_PARAMETERS 118
#define EVP_R_NO_DEFAULT_DIGEST 119
#define EVP_R_NO_KEY_SET 120
#define EVP_R_NO_MDC2_SUPPORT 121
#define EVP_R_NO_NID_FOR_CURVE 122
#define EVP_R_NO_OPERATION_SET 123
#define EVP_R_NO_PARAMETERS_SET 124
#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 125
#define EVP_R_OPERATON_NOT_INITIALIZED 126
#define EVP_R_UNKNOWN_PUBLIC_KEY_TYPE 127
#define EVP_R_UNSUPPORTED_ALGORITHM 128
#define EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE 129
#define EVP_R_NOT_A_PRIVATE_KEY 130
#define EVP_R_INVALID_SIGNATURE 131
#define EVP_R_MEMORY_LIMIT_EXCEEDED 132
#define EVP_R_INVALID_PARAMETERS 133
#define EVP_R_INVALID_PEER_KEY 134
#define EVP_R_NOT_XOF_OR_INVALID_LENGTH 135
#define EVP_R_EMPTY_PSK 136
#define EVP_R_INVALID_BUFFER_SIZE 137
#define EVP_R_BAD_DECRYPT 138
#define EVP_R_EXPECTING_A_DH_KEY 139
#define EVP_R_EXPECTING_A_PQDSA_KEY 140
#define EVP_R_INVALID_PSS_MD 500
#define EVP_R_INVALID_PSS_SALT_LEN 501
#define EVP_R_INVALID_PSS_TRAILER_FIELD 502
#endif // OPENSSL_HEADER_EVP_ERRORS_H

112
vendor/aws-lc-sys/aws-lc/include/openssl/ex_data.h vendored Normal file
View File

@@ -0,0 +1,112 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
// Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_EX_DATA_H
#define OPENSSL_HEADER_EX_DATA_H
#include <openssl/base.h>
#include <openssl/stack.h>
#if defined(__cplusplus)
extern "C" {
#endif
// ex_data is a mechanism for associating arbitrary extra data with objects.
// For each type of object that supports ex_data, different users can be
// assigned indexes in which to store their data. Each index has callback
// functions that are called when an object of that type is freed or
// duplicated.
typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
// Type-specific functions.
#if 0 // Sample
// Each type that supports ex_data provides three functions:
// TYPE_get_ex_new_index allocates a new index for |TYPE|. An optional
// |free_func| argument may be provided which is called when the owning object
// is destroyed. See |CRYPTO_EX_free| for details. The |argl| and |argp|
// arguments are opaque values that are passed to the callback. It returns the
// new index or a negative number on error.
OPENSSL_EXPORT int TYPE_get_ex_new_index(long argl, void *argp,
CRYPTO_EX_unused *unused,
CRYPTO_EX_dup *dup_unused,
CRYPTO_EX_free *free_func);
// TYPE_set_ex_data sets an extra data pointer on |t|. The |index| argument
// must have been returned from a previous call to |TYPE_get_ex_new_index|.
OPENSSL_EXPORT int TYPE_set_ex_data(TYPE *t, int index, void *arg);
// TYPE_get_ex_data returns an extra data pointer for |t|, or NULL if no such
// pointer exists. The |index| argument should have been returned from a
// previous call to |TYPE_get_ex_new_index|.
OPENSSL_EXPORT void *TYPE_get_ex_data(const TYPE *t, int index);
// Some types additionally preallocate index zero, with all callbacks set to
// NULL. Applications that do not need the general ex_data machinery may use
// this instead.
// TYPE_set_app_data sets |t|'s application data pointer to |arg|. It returns
// one on success and zero on error.
OPENSSL_EXPORT int TYPE_set_app_data(TYPE *t, void *arg);
// TYPE_get_app_data returns the application data pointer for |t|, or NULL if no
// such pointer exists.
OPENSSL_EXPORT void *TYPE_get_app_data(const TYPE *t);
#endif // Sample
// Callback types.
// CRYPTO_EX_free is a callback function that is called when an object of the
// class with extra data pointers is being destroyed. For example, if this
// callback has been passed to |SSL_get_ex_new_index| then it may be called each
// time an |SSL*| is destroyed.
//
// The callback is passed the to-be-destroyed object (i.e. the |SSL*|) in
// |parent|. As |parent| will shortly be destroyed, callers must not perform
// operations that would increment its reference count, pass ownership, or
// assume the object outlives the function call. The arguments |argl| and |argp|
// contain opaque values that were given to |CRYPTO_get_ex_new_index|.
//
// This callback may be called with a NULL value for |ptr| if |parent| has no
// value set for this index. However, the callbacks may also be skipped entirely
// if no extra data pointers are set on |parent| at all.
typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
int index, long argl, void *argp);
// General No-op Functions [Deprecated].
// CRYPTO_cleanup_all_ex_data does nothing.
OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_cleanup_all_ex_data(void);
// CRYPTO_EX_dup is a legacy callback function type which is ignored.
typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
void **from_d, int index, long argl, void *argp);
// Private structures.
// CRYPTO_EX_unused is a placeholder for an unused callback. It is aliased to
// int to ensure non-NULL callers fail to compile rather than fail silently.
typedef int CRYPTO_EX_unused;
struct crypto_ex_data_st {
STACK_OF(void) *sk;
};
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_EX_DATA_H

67
vendor/aws-lc-sys/aws-lc/include/openssl/experimental/kem_deterministic_api.h vendored Normal file
View File

@@ -0,0 +1,67 @@
// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 OR ISC
// These APIs are marked as experimental as the development and standardization
// of KEMs (e.g., for FIPS 203) are being finalized.
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// Deterministic Key Encapsulation Mechanism functions
// EVP_PKEY_keygen_deterministic is an operation defined for a KEM (Key
// Encapsulation Mechanism). For the KEM specified in |ctx|, the function
// performs deterministic keygen based on the value specified in |seed| of
// length |seed_len| bytes.
//
// If |out_pkey| and |seed| are set to NULL it is assumed that the caller is
// doing a size check and the function will write the size of the required seed
// in |seed_len| and return successfully.
//
// EVP_PKEY_keygen_deterministic performs a deterministic key generation
// operation using the values from |ctx|, and the given |seed|. If |*out_pkey|
// is non-NULL, it overwrites |*out_pkey| with the resulting key. Otherwise, it
// sets |*out_pkey| to a newly-allocated |EVP_PKEY| containing the result.
// It returns one on success or zero on error.
OPENSSL_EXPORT int EVP_PKEY_keygen_deterministic(EVP_PKEY_CTX *ctx /* IN */,
EVP_PKEY **out_pkey /* OUT */,
const uint8_t *seed /* IN */,
size_t *seed_len /* IN */);
// EVP_PKEY_encapsulate_deterministic is an operation defined for a KEM (Key
// Encapsulation Mechanism). The function performs the same encapsulation
// operations as EVP_PKEY_encapsulate, however, rather than generating a random
// for the |shared_secret|, the value is derived from the provided |seed| of
// |seed_len|.
//
// If |ciphertext|, |shared_secret|, and |seed| are NULL it is assumed that
// the caller is doing a size check: the function will write the size of
// the ciphertext, shared secret, and required seed in |ciphertext_len|,
// |shared_secret_len|, |seed_len| and return successfully.
//
// If |ciphertext|, |shared_secret|, and |seed| are not NULL it is assumed that
// the caller is performing the actual operation. The function will check
// additionally if the lengths of the output buffers, |ciphertext_len|,
// |shared_secret_len|, and |seed| are large enough for the KEM.
//
// Note that decapsulation is performed using the regular API, as a
// seed is not required.
//
// It returns one on success or zero on error.
OPENSSL_EXPORT int EVP_PKEY_encapsulate_deterministic(EVP_PKEY_CTX *ctx /* IN */,
uint8_t *ciphertext /* OUT */,
size_t *ciphertext_len /* OUT */,
uint8_t *shared_secret /* OUT */,
size_t *shared_secret_len /* OUT */,
const uint8_t *seed /* IN */,
size_t *seed_len /* IN */);
#if defined(__cplusplus)
} // extern C
#endif

59
vendor/aws-lc-sys/aws-lc/include/openssl/hkdf.h vendored Normal file
View File

@@ -0,0 +1,59 @@
// Copyright (c) 2014, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_HKDF_H
#define OPENSSL_HEADER_HKDF_H
#include <openssl/base.h>
#include <openssl/kdf.h>
#if defined(__cplusplus)
extern "C" {
#endif
// HKDF.
// HKDF computes HKDF (as specified by RFC 5869) of initial keying material
// |secret| with |salt| and |info| using |digest|, and outputs |out_len| bytes
// to |out_key|. It returns one on success and zero on error.
//
// HKDF is an Extract-and-Expand algorithm. It does not do any key stretching,
// and as such, is not suited to be used alone to generate a key from a
// password.
OPENSSL_EXPORT int HKDF(uint8_t *out_key, size_t out_len, const EVP_MD *digest,
const uint8_t *secret, size_t secret_len,
const uint8_t *salt, size_t salt_len,
const uint8_t *info, size_t info_len);
// HKDF_extract computes a HKDF PRK (as specified by RFC 5869) from initial
// keying material |secret| and salt |salt| using |digest|, and outputs
// |out_len| bytes to |out_key|. The maximum output size is |EVP_MAX_MD_SIZE|.
// It returns one on success and zero on error.
//
// WARNING: This function orders the inputs differently from RFC 5869
// specification. Double-check which parameter is the secret/IKM and which is
// the salt when using.
OPENSSL_EXPORT int HKDF_extract(uint8_t *out_key, size_t *out_len,
const EVP_MD *digest, const uint8_t *secret,
size_t secret_len, const uint8_t *salt,
size_t salt_len);
// HKDF_expand computes a HKDF OKM (as specified by RFC 5869) of length
// |out_len| from the PRK |prk| and info |info| using |digest|, and outputs
// the result to |out_key|. It returns one on success and zero on error.
OPENSSL_EXPORT int HKDF_expand(uint8_t *out_key, size_t out_len,
const EVP_MD *digest, const uint8_t *prk,
size_t prk_len, const uint8_t *info,
size_t info_len);
#if defined(__cplusplus)
} // extern C
#endif
#define HKDF_R_OUTPUT_TOO_LARGE 100
#define HKDF_R_UNSUPPORTED_DIGEST 101
#endif // OPENSSL_HEADER_HKDF_H

255
vendor/aws-lc-sys/aws-lc/include/openssl/hmac.h vendored Normal file
View File

@@ -0,0 +1,255 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_HMAC_H
#define OPENSSL_HEADER_HMAC_H
#include <openssl/base.h>
#include <openssl/digest.h>
#include <openssl/sha.h>
#include <openssl/md5.h>
#if defined(__cplusplus)
extern "C" {
#endif
// HMAC contains functions for constructing PRFs from MerkleDamgård hash
// functions using HMAC.
// One-shot operation.
// HMAC calculates the HMAC of |data_len| bytes of |data|, using the given key
// and hash function, and writes the result to |out|. On entry, |out| must
// contain at least |EVP_MD_size| bytes of space. The actual length of the
// result is written to |*out_len|. An output size of |EVP_MAX_MD_SIZE| will
// always be large enough. It returns |out| or NULL on error.
OPENSSL_EXPORT uint8_t *HMAC(const EVP_MD *evp_md, const void *key,
size_t key_len, const uint8_t *data,
size_t data_len, uint8_t *out,
unsigned int *out_len);
// Incremental operation.
// HMAC_CTX_init initialises |ctx| for use in an HMAC operation. It's assumed
// that HMAC_CTX objects will be allocated on the stack thus no allocation
// function is provided.
OPENSSL_EXPORT void HMAC_CTX_init(HMAC_CTX *ctx);
// HMAC_CTX_new allocates and initialises a new |HMAC_CTX| and returns it, or
// NULL on allocation failure. The caller must use |HMAC_CTX_free| to release
// the resulting object.
OPENSSL_EXPORT HMAC_CTX *HMAC_CTX_new(void);
// HMAC_CTX_cleanup zeroises |ctx| since it's allocated on the stack.
// This brings the context to its initial state.
OPENSSL_EXPORT void HMAC_CTX_cleanup(HMAC_CTX *ctx);
// HMAC_CTX_cleanse calls |HMAC_CTX_cleanup|.
OPENSSL_EXPORT void HMAC_CTX_cleanse(HMAC_CTX *ctx);
// HMAC_CTX_free calls |HMAC_CTX_cleanup| and then frees |ctx| itself.
OPENSSL_EXPORT void HMAC_CTX_free(HMAC_CTX *ctx);
// HMAC_Init_ex sets up an initialised |HMAC_CTX| to use |md| as the hash
// function and |key| as the key. This function resets |HMAC_CTX| to a
// fresh state, even if |HMAC_Update| or |HMAC_Final| have been called
// previously. For a non-initial call, |md| may be NULL, in which case the
// previous hash function will be used. If the hash function has not changed and
// |key| is NULL, |ctx| reuses the previous key and resets to a clean state
// ready for new data. It returns one on success or zero on allocation failure.
//
// WARNING: NULL and empty keys are ambiguous on non-initial calls. Passing NULL
// |key| but repeating the previous |md| reuses the previous key rather than the
// empty key.
OPENSSL_EXPORT int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t key_len,
const EVP_MD *md, ENGINE *impl);
// HMAC_Update hashes |data_len| bytes from |data| into the current HMAC
// operation in |ctx|. It returns one.
OPENSSL_EXPORT int HMAC_Update(HMAC_CTX *ctx, const uint8_t *data,
size_t data_len);
// HMAC_Final completes the HMAC operation in |ctx| and writes the result to
// |out| and then sets |*out_len| to the length of the result. On entry, |out|
// must contain at least |HMAC_size| bytes of space. An output size of
// |EVP_MAX_MD_SIZE| will always be large enough. It returns one on success or
// zero on allocation failure.
OPENSSL_EXPORT int HMAC_Final(HMAC_CTX *ctx, uint8_t *out,
unsigned int *out_len);
// Utility functions.
// HMAC_size returns the size, in bytes, of the HMAC that will be produced by
// |ctx|. On entry, |ctx| must have been setup with |HMAC_Init_ex|.
OPENSSL_EXPORT size_t HMAC_size(const HMAC_CTX *ctx);
// HMAC_CTX_get_md returns |ctx|'s hash function.
OPENSSL_EXPORT const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
// HMAC_CTX_copy_ex sets |dest| equal to |src|. On entry, |dest| must have been
// initialised by calling |HMAC_CTX_init|. It returns one on success and zero
// on error.
OPENSSL_EXPORT int HMAC_CTX_copy_ex(HMAC_CTX *dest, const HMAC_CTX *src);
// HMAC_CTX_reset calls |HMAC_CTX_cleanup| followed by |HMAC_CTX_init|.
OPENSSL_EXPORT void HMAC_CTX_reset(HMAC_CTX *ctx);
// Precomputed key functions
// HMAC_MD5_PRECOMPUTED_KEY_SIZE is the precomputed key size for MD5, in bytes
#define HMAC_MD5_PRECOMPUTED_KEY_SIZE 32
// HMAC_SHA1_PRECOMPUTED_KEY_SIZE is the precomputed key size for SHA1, in bytes
#define HMAC_SHA1_PRECOMPUTED_KEY_SIZE 40
// HMAC_SHA224_PRECOMPUTED_KEY_SIZE is the precomputed key size for SHA224, in bytes
#define HMAC_SHA224_PRECOMPUTED_KEY_SIZE 64
// HMAC_SHA256_PRECOMPUTED_KEY_SIZE is the precomputed key size for SHA256, in bytes
#define HMAC_SHA256_PRECOMPUTED_KEY_SIZE 64
// HMAC_SHA384_PRECOMPUTED_KEY_SIZE is the precomputed key size for SHA384, in bytes
#define HMAC_SHA384_PRECOMPUTED_KEY_SIZE 128
// HMAC_SHA512_PRECOMPUTED_KEY_SIZE is the precomputed key size for SHA512, in bytes
#define HMAC_SHA512_PRECOMPUTED_KEY_SIZE 128
// HMAC_SHA512_224_PRECOMPUTED_KEY_SIZE is the precomputed key size for SHA512_224, in bytes
#define HMAC_SHA512_224_PRECOMPUTED_KEY_SIZE 128
// HMAC_SHA512_256_PRECOMPUTED_KEY_SIZE is the precomputed key size for SHA512_256, in bytes
#define HMAC_SHA512_256_PRECOMPUTED_KEY_SIZE 128
// HMAC_MAX_PRECOMPUTED_KEY_SIZE is the largest precomputed key size, in bytes.
#define HMAC_MAX_PRECOMPUTED_KEY_SIZE (2 * (EVP_MAX_MD_CHAINING_LENGTH))
// HMAC_set_precomputed_key_export sets the context |ctx| to allow export of the
// precomputed key using HMAC_get_precomputed_key. On entry, HMAC_CTX must have
// been initialized via HMAC_Init_*, and neither HMAC_Update nor HMAC_Final
// must have been called after the last HMAC_Init_ex. It returns one on success
// and zero on error.
// After a successful call to HMAC_set_precomputed_key_export, HMAC_Update and
// HMAC_Final will fail.
//
// Note: The main reason for this function is to satisfy FIPS assertion AS09.16,
// since HMAC_get_precomputed_key returns key material (i.e., a CSP in NIST
// terminology).
OPENSSL_EXPORT int HMAC_set_precomputed_key_export(HMAC_CTX *ctx);
// HMAC_get_precomputed_key exports the precomputed key. If |out| is NULL,
// |out_len| is set to the size of the precomputed key. After such a call,
// |HMAC_get_precomputed_key| can directly be called again with a non-null
// |out|. But |HMAC_Update| and |HMAC_Final| will still fail.
//
// If |out| is not NULL, |*out_len| must contain the number of bytes of space
// available at |out|. If sufficient, the precomputed key will be written in
// |out| and |out_len| will be updated with the true length (which is
// |HMAC_xxx_PRECOMPUTED_KEY_SIZE| for hash function xxx). An output size of
// |HMAC_MAX_PRECOMPUTED_KEY_SIZE| will always be large enough. After a
// successful call to |HMAC_get_precomputed_key| with a non-NULL |out|, the
// context can be directly used for computing an HMAC using |HMAC_Update| and
// |HMAC_Final|.
//
// The function returns one on success and zero on error.
//
// The precomputed key is the concatenation:
// precomputed_key = key_ipad || key_opad
// where:
// key_ipad = Hash_Compression_Function(key' xor ipad)
// key_opad = Hash_Compression_Function(key' xor opad)
// key' = padding of key with 0 on the right to be of the block length
// if length of key is at most the block length
// or Hash(key)
// otherwise
//
// Knowledge of precomputed_key is sufficient to compute HMAC. Use of the
// precomputed key instead of the key reduces by 2 the number of hash
// compression function calls (or more if key is larger than the block length)
OPENSSL_EXPORT int HMAC_get_precomputed_key(HMAC_CTX *ctx, uint8_t *out,
size_t *out_len);
// HMAC_Init_from_precomputed_key sets up an initialised |HMAC_CTX| to use
// |md| as the hash function and |precomputed_key| as the precomputed key
// (see |HMAC_get_precomputed_key|).
// For a non-initial call, |md| may be NULL, in which case the previous hash
// function is used. If the hash function has not changed and |precomputed_key|
// is NULL, the previous key is used. This non-initial call is interchangeable
// with calling |HMAC_Init_ex| with the same parameters. It returns one on
// success or zero on failure.
//
// Note: Contrary to input keys to |HMAC_Init_ex|, which can be the empty key,
// an input precomputed key cannot be empty in an initial call to
// |HMAC_Init_from_precomputed_key|. Otherwise, the call fails and returns zero.
OPENSSL_EXPORT int HMAC_Init_from_precomputed_key(HMAC_CTX *ctx,
const uint8_t *precomputed_key,
size_t precompute_key_len,
const EVP_MD *md);
// Deprecated functions.
OPENSSL_EXPORT int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
const EVP_MD *md);
// HMAC_CTX_copy calls |HMAC_CTX_init| on |dest| and then sets it equal to
// |src|. On entry, |dest| must /not/ be initialised for an operation with
// |HMAC_Init_ex|. It returns one on success and zero on error.
OPENSSL_EXPORT int HMAC_CTX_copy(HMAC_CTX *dest, const HMAC_CTX *src);
// Private functions
typedef struct hmac_methods_st HmacMethods;
// We use a union to ensure that enough space is allocated and never actually
// bother with the named members. We do not externalize SHA3 ctx definition,
// so hard-code ctx size below and use a compile-time assertion where that ctx
// is defined to ensure it does not exceed size bounded by |md_ctx_union|. This
// is OK because union members are never referenced, they're only used for sizing.
union md_ctx_union {
MD5_CTX md5;
SHA_CTX sha1;
SHA256_CTX sha256;
SHA512_CTX sha512;
uint8_t sha3[400];
};
struct hmac_ctx_st {
const EVP_MD *md;
const HmacMethods *methods;
union md_ctx_union md_ctx;
union md_ctx_union i_ctx;
union md_ctx_union o_ctx;
int8_t state;
} /* HMAC_CTX */;
#if defined(__cplusplus)
} // extern C
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(HMAC_CTX, HMAC_CTX_free)
using ScopedHMAC_CTX =
internal::StackAllocated<HMAC_CTX, void, HMAC_CTX_init, HMAC_CTX_cleanup>;
BSSL_NAMESPACE_END
} // extern C++
#endif
#endif
// Errors
#define HMAC_R_MISSING_PARAMETERS 100
#define HMAC_R_BUFFER_TOO_SMALL 102
#define HMAC_R_SET_PRECOMPUTED_KEY_EXPORT_NOT_CALLED 103
#define HMAC_R_NOT_CALLED_JUST_AFTER_INIT 104
#define HMAC_R_PRECOMPUTED_KEY_NOT_SUPPORTED_FOR_DIGEST 105
#define HMAC_R_UNSUPPORTED_DIGEST 106
#endif // OPENSSL_HEADER_HMAC_H

396
vendor/aws-lc-sys/aws-lc/include/openssl/hpke.h vendored Normal file
View File

@@ -0,0 +1,396 @@
// Copyright (c) 2020, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H
#define OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H
#include <openssl/aead.h>
#include <openssl/base.h>
#include <openssl/curve25519.h>
#include <openssl/digest.h>
#if defined(__cplusplus)
extern "C" {
#endif
// Hybrid Public Key Encryption.
//
// Hybrid Public Key Encryption (HPKE) enables a sender to encrypt messages to a
// receiver with a public key.
//
// See RFC 9180.
// Parameters.
//
// An HPKE context is parameterized by KEM, KDF, and AEAD algorithms,
// represented by |EVP_HPKE_KEM|, |EVP_HPKE_KDF|, and |EVP_HPKE_AEAD| types,
// respectively.
// The following constants are KEM identifiers.
#define EVP_HPKE_DHKEM_X25519_HKDF_SHA256 0x0020
// The following functions are KEM algorithms which may be used with HPKE. Note
// that, while some HPKE KEMs use KDFs internally, this is separate from the
// |EVP_HPKE_KDF| selection.
OPENSSL_EXPORT const EVP_HPKE_KEM *EVP_hpke_x25519_hkdf_sha256(void);
// EVP_HPKE_KEM_id returns the HPKE KEM identifier for |kem|, which
// will be one of the |EVP_HPKE_KEM_*| constants.
OPENSSL_EXPORT uint16_t EVP_HPKE_KEM_id(const EVP_HPKE_KEM *kem);
// EVP_HPKE_MAX_PUBLIC_KEY_LENGTH is the maximum length of an encoded public key
// for all KEMs currently supported by this library.
#define EVP_HPKE_MAX_PUBLIC_KEY_LENGTH 32
// EVP_HPKE_KEM_public_key_len returns the length of a public key for |kem|.
// This value will be at most |EVP_HPKE_MAX_PUBLIC_KEY_LENGTH|.
OPENSSL_EXPORT size_t EVP_HPKE_KEM_public_key_len(const EVP_HPKE_KEM *kem);
// EVP_HPKE_MAX_PRIVATE_KEY_LENGTH is the maximum length of an encoded private
// key for all KEMs currently supported by this library.
#define EVP_HPKE_MAX_PRIVATE_KEY_LENGTH 32
// EVP_HPKE_KEM_private_key_len returns the length of a private key for |kem|.
// This value will be at most |EVP_HPKE_MAX_PRIVATE_KEY_LENGTH|.
OPENSSL_EXPORT size_t EVP_HPKE_KEM_private_key_len(const EVP_HPKE_KEM *kem);
// EVP_HPKE_MAX_ENC_LENGTH is the maximum length of "enc", the encapsulated
// shared secret, for all KEMs currently supported by this library.
#define EVP_HPKE_MAX_ENC_LENGTH 32
// EVP_HPKE_KEM_enc_len returns the length of the "enc", the encapsulated shared
// secret, for |kem|. This value will be at most |EVP_HPKE_MAX_ENC_LENGTH|.
OPENSSL_EXPORT size_t EVP_HPKE_KEM_enc_len(const EVP_HPKE_KEM *kem);
// The following constants are KDF identifiers.
#define EVP_HPKE_HKDF_SHA256 0x0001
// The following functions are KDF algorithms which may be used with HPKE.
OPENSSL_EXPORT const EVP_HPKE_KDF *EVP_hpke_hkdf_sha256(void);
// EVP_HPKE_KDF_id returns the HPKE KDF identifier for |kdf|.
OPENSSL_EXPORT uint16_t EVP_HPKE_KDF_id(const EVP_HPKE_KDF *kdf);
// EVP_HPKE_KDF_hkdf_md returns the HKDF hash function corresponding to |kdf|,
// or NULL if |kdf| is not an HKDF-based KDF. All currently supported KDFs are
// HKDF-based.
OPENSSL_EXPORT const EVP_MD *EVP_HPKE_KDF_hkdf_md(const EVP_HPKE_KDF *kdf);
// The following constants are AEAD identifiers.
#define EVP_HPKE_AES_128_GCM 0x0001
#define EVP_HPKE_AES_256_GCM 0x0002
#define EVP_HPKE_CHACHA20_POLY1305 0x0003
// The following functions are AEAD algorithms which may be used with HPKE.
OPENSSL_EXPORT const EVP_HPKE_AEAD *EVP_hpke_aes_128_gcm(void);
OPENSSL_EXPORT const EVP_HPKE_AEAD *EVP_hpke_aes_256_gcm(void);
OPENSSL_EXPORT const EVP_HPKE_AEAD *EVP_hpke_chacha20_poly1305(void);
// EVP_HPKE_AEAD_id returns the HPKE AEAD identifier for |aead|.
OPENSSL_EXPORT uint16_t EVP_HPKE_AEAD_id(const EVP_HPKE_AEAD *aead);
// EVP_HPKE_AEAD_aead returns the |EVP_AEAD| corresponding to |aead|.
OPENSSL_EXPORT const EVP_AEAD *EVP_HPKE_AEAD_aead(const EVP_HPKE_AEAD *aead);
// Recipient keys.
//
// An HPKE recipient maintains a long-term KEM key. This library represents keys
// with the |EVP_HPKE_KEY| type.
// EVP_HPKE_KEY_zero sets an uninitialized |EVP_HPKE_KEY| to the zero state. The
// caller should then use |EVP_HPKE_KEY_init|, |EVP_HPKE_KEY_copy|, or
// |EVP_HPKE_KEY_generate| to finish initializing |key|.
//
// It is safe, but not necessary to call |EVP_HPKE_KEY_cleanup| in this state.
// This may be used for more uniform cleanup of |EVP_HPKE_KEY|.
OPENSSL_EXPORT void EVP_HPKE_KEY_zero(EVP_HPKE_KEY *key);
// EVP_HPKE_KEY_cleanup releases memory referenced by |key|.
OPENSSL_EXPORT void EVP_HPKE_KEY_cleanup(EVP_HPKE_KEY *key);
// EVP_HPKE_KEY_new returns a newly-allocated |EVP_HPKE_KEY|, or NULL on error.
// The caller must call |EVP_HPKE_KEY_free| on the result to release it.
//
// This is a convenience function for callers that need a heap-allocated
// |EVP_HPKE_KEY|.
OPENSSL_EXPORT EVP_HPKE_KEY *EVP_HPKE_KEY_new(void);
// EVP_HPKE_KEY_free releases memory associated with |key|, which must have been
// created with |EVP_HPKE_KEY_new|.
OPENSSL_EXPORT void EVP_HPKE_KEY_free(EVP_HPKE_KEY *key);
// EVP_HPKE_KEY_copy sets |dst| to a copy of |src|. It returns one on success
// and zero on error. On success, the caller must call |EVP_HPKE_KEY_cleanup| to
// release |dst|. On failure, calling |EVP_HPKE_KEY_cleanup| is safe, but not
// necessary.
OPENSSL_EXPORT int EVP_HPKE_KEY_copy(EVP_HPKE_KEY *dst,
const EVP_HPKE_KEY *src);
// EVP_HPKE_KEY_move sets |out|, which must be initialized or in the zero state,
// to the key in |in|. |in| is mutated and left in the zero state.
OPENSSL_EXPORT void EVP_HPKE_KEY_move(EVP_HPKE_KEY *out, EVP_HPKE_KEY *in);
// EVP_HPKE_KEY_init decodes |priv_key| as a private key for |kem| and
// initializes |key| with the result. It returns one on success and zero if
// |priv_key| was invalid. On success, the caller must call
// |EVP_HPKE_KEY_cleanup| to release the key. On failure, calling
// |EVP_HPKE_KEY_cleanup| is safe, but not necessary.
OPENSSL_EXPORT int EVP_HPKE_KEY_init(EVP_HPKE_KEY *key, const EVP_HPKE_KEM *kem,
const uint8_t *priv_key,
size_t priv_key_len);
// EVP_HPKE_KEY_generate sets |key| to a newly-generated key using |kem|.
OPENSSL_EXPORT int EVP_HPKE_KEY_generate(EVP_HPKE_KEY *key,
const EVP_HPKE_KEM *kem);
// EVP_HPKE_KEY_kem returns the HPKE KEM used by |key|.
OPENSSL_EXPORT const EVP_HPKE_KEM *EVP_HPKE_KEY_kem(const EVP_HPKE_KEY *key);
// EVP_HPKE_KEY_public_key writes |key|'s public key to |out| and sets
// |*out_len| to the number of bytes written. On success, it returns one and
// writes at most |max_out| bytes. If |max_out| is too small, it returns zero.
// Setting |max_out| to |EVP_HPKE_MAX_PUBLIC_KEY_LENGTH| will ensure the public
// key fits. An exact size can also be determined by
// |EVP_HPKE_KEM_public_key_len|.
OPENSSL_EXPORT int EVP_HPKE_KEY_public_key(const EVP_HPKE_KEY *key,
uint8_t *out, size_t *out_len,
size_t max_out);
// EVP_HPKE_KEY_private_key writes |key|'s private key to |out| and sets
// |*out_len| to the number of bytes written. On success, it returns one and
// writes at most |max_out| bytes. If |max_out| is too small, it returns zero.
// Setting |max_out| to |EVP_HPKE_MAX_PRIVATE_KEY_LENGTH| will ensure the
// private key fits. An exact size can also be determined by
// |EVP_HPKE_KEM_private_key_len|.
OPENSSL_EXPORT int EVP_HPKE_KEY_private_key(const EVP_HPKE_KEY *key,
uint8_t *out, size_t *out_len,
size_t max_out);
// Encryption contexts.
//
// An HPKE encryption context is represented by the |EVP_HPKE_CTX| type.
// EVP_HPKE_CTX_zero sets an uninitialized |EVP_HPKE_CTX| to the zero state. The
// caller should then use one of the |EVP_HPKE_CTX_setup_*| functions to finish
// setting up |ctx|.
//
// It is safe, but not necessary to call |EVP_HPKE_CTX_cleanup| in this state.
// This may be used for more uniform cleanup of |EVP_HPKE_CTX|.
OPENSSL_EXPORT void EVP_HPKE_CTX_zero(EVP_HPKE_CTX *ctx);
// EVP_HPKE_CTX_cleanup releases memory referenced by |ctx|. |ctx| must have
// been initialized with |EVP_HPKE_CTX_zero| or one of the
// |EVP_HPKE_CTX_setup_*| functions.
OPENSSL_EXPORT void EVP_HPKE_CTX_cleanup(EVP_HPKE_CTX *ctx);
// EVP_HPKE_CTX_new returns a newly-allocated |EVP_HPKE_CTX|, or NULL on error.
// The caller must call |EVP_HPKE_CTX_free| on the result to release it.
//
// This is a convenience function for callers that need a heap-allocated
// |EVP_HPKE_CTX|.
OPENSSL_EXPORT EVP_HPKE_CTX *EVP_HPKE_CTX_new(void);
// EVP_HPKE_CTX_free releases memory associated with |ctx|, which must have been
// created with |EVP_HPKE_CTX_new|.
OPENSSL_EXPORT void EVP_HPKE_CTX_free(EVP_HPKE_CTX *ctx);
// EVP_HPKE_CTX_setup_sender implements the SetupBaseS HPKE operation. It
// encapsulates a shared secret for |peer_public_key| and sets up |ctx| as a
// sender context. It writes the encapsulated shared secret to |out_enc| and
// sets |*out_enc_len| to the number of bytes written. It writes at most
// |max_enc| bytes and fails if the buffer is too small. Setting |max_enc| to at
// least |EVP_HPKE_MAX_ENC_LENGTH| will ensure the buffer is large enough. An
// exact size may also be determined by |EVP_PKEY_KEM_enc_len|.
//
// This function returns one on success and zero on error. Note that
// |peer_public_key| may be invalid, in which case this function will return an
// error.
//
// On success, callers may call |EVP_HPKE_CTX_seal| to encrypt messages for the
// recipient. Callers must then call |EVP_HPKE_CTX_cleanup| when done. On
// failure, calling |EVP_HPKE_CTX_cleanup| is safe, but not required.
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_sender(
EVP_HPKE_CTX *ctx, uint8_t *out_enc, size_t *out_enc_len, size_t max_enc,
const EVP_HPKE_KEM *kem, const EVP_HPKE_KDF *kdf, const EVP_HPKE_AEAD *aead,
const uint8_t *peer_public_key, size_t peer_public_key_len,
const uint8_t *info, size_t info_len);
// EVP_HPKE_CTX_setup_sender_with_seed_for_testing behaves like
// |EVP_HPKE_CTX_setup_sender|, but takes a seed to behave deterministically.
// The seed's format depends on |kem|. For X25519, it is the sender's
// ephemeral private key.
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_sender_with_seed_for_testing(
EVP_HPKE_CTX *ctx, uint8_t *out_enc, size_t *out_enc_len, size_t max_enc,
const EVP_HPKE_KEM *kem, const EVP_HPKE_KDF *kdf, const EVP_HPKE_AEAD *aead,
const uint8_t *peer_public_key, size_t peer_public_key_len,
const uint8_t *info, size_t info_len, const uint8_t *seed, size_t seed_len);
// EVP_HPKE_CTX_setup_recipient implements the SetupBaseR HPKE operation. It
// decapsulates the shared secret in |enc| with |key| and sets up |ctx| as a
// recipient context. It returns one on success and zero on failure. Note that
// |enc| may be invalid, in which case this function will return an error.
//
// On success, callers may call |EVP_HPKE_CTX_open| to decrypt messages from the
// sender. Callers must then call |EVP_HPKE_CTX_cleanup| when done. On failure,
// calling |EVP_HPKE_CTX_cleanup| is safe, but not required.
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_recipient(
EVP_HPKE_CTX *ctx, const EVP_HPKE_KEY *key, const EVP_HPKE_KDF *kdf,
const EVP_HPKE_AEAD *aead, const uint8_t *enc, size_t enc_len,
const uint8_t *info, size_t info_len);
// EVP_HPKE_CTX_setup_auth_sender implements the SetupAuthS HPKE operation. It
// behaves like |EVP_HPKE_CTX_setup_sender| but authenticates the resulting
// context with |key|.
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_auth_sender(
EVP_HPKE_CTX *ctx, uint8_t *out_enc, size_t *out_enc_len, size_t max_enc,
const EVP_HPKE_KEY *key, const EVP_HPKE_KDF *kdf, const EVP_HPKE_AEAD *aead,
const uint8_t *peer_public_key, size_t peer_public_key_len,
const uint8_t *info, size_t info_len);
// EVP_HPKE_CTX_setup_auth_sender_with_seed_for_testing behaves like
// |EVP_HPKE_CTX_setup_auth_sender|, but takes a seed to behave
// deterministically. The seed's format depends on |kem|. For X25519, it is the
// sender's ephemeral private key.
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_auth_sender_with_seed_for_testing(
EVP_HPKE_CTX *ctx, uint8_t *out_enc, size_t *out_enc_len, size_t max_enc,
const EVP_HPKE_KEY *key, const EVP_HPKE_KDF *kdf, const EVP_HPKE_AEAD *aead,
const uint8_t *peer_public_key, size_t peer_public_key_len,
const uint8_t *info, size_t info_len, const uint8_t *seed, size_t seed_len);
// EVP_HPKE_CTX_setup_auth_recipient implements the SetupAuthR HPKE operation.
// It behaves like |EVP_HPKE_CTX_setup_recipient| but checks the resulting
// context was authenticated with |peer_public_key|.
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_auth_recipient(
EVP_HPKE_CTX *ctx, const EVP_HPKE_KEY *key, const EVP_HPKE_KDF *kdf,
const EVP_HPKE_AEAD *aead, const uint8_t *enc, size_t enc_len,
const uint8_t *info, size_t info_len, const uint8_t *peer_public_key,
size_t peer_public_key_len);
// Using an HPKE context.
//
// Once set up, callers may encrypt or decrypt with an |EVP_HPKE_CTX| using the
// following functions.
// EVP_HPKE_CTX_open uses the HPKE context |ctx| to authenticate |in_len| bytes
// from |in| and |ad_len| bytes from |ad| and to decrypt at most |in_len| bytes
// into |out|. It returns one on success, and zero otherwise.
//
// This operation will fail if the |ctx| context is not set up as a receiver.
//
// Note that HPKE encryption is stateful and ordered. The sender's first call to
// |EVP_HPKE_CTX_seal| must correspond to the recipient's first call to
// |EVP_HPKE_CTX_open|, etc.
//
// At most |in_len| bytes are written to |out|. In order to ensure success,
// |max_out_len| should be at least |in_len|. On successful return, |*out_len|
// is set to the actual number of bytes written.
OPENSSL_EXPORT int EVP_HPKE_CTX_open(EVP_HPKE_CTX *ctx, uint8_t *out,
size_t *out_len, size_t max_out_len,
const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len);
// EVP_HPKE_CTX_seal uses the HPKE context |ctx| to encrypt and authenticate
// |in_len| bytes of ciphertext |in| and authenticate |ad_len| bytes from |ad|,
// writing the result to |out|. It returns one on success and zero otherwise.
//
// This operation will fail if the |ctx| context is not set up as a sender.
//
// Note that HPKE encryption is stateful and ordered. The sender's first call to
// |EVP_HPKE_CTX_seal| must correspond to the recipient's first call to
// |EVP_HPKE_CTX_open|, etc.
//
// At most, |max_out_len| encrypted bytes are written to |out|. On successful
// return, |*out_len| is set to the actual number of bytes written.
//
// To ensure success, |max_out_len| should be |in_len| plus the result of
// |EVP_HPKE_CTX_max_overhead| or |EVP_HPKE_MAX_OVERHEAD|.
OPENSSL_EXPORT int EVP_HPKE_CTX_seal(EVP_HPKE_CTX *ctx, uint8_t *out,
size_t *out_len, size_t max_out_len,
const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len);
// EVP_HPKE_CTX_export uses the HPKE context |ctx| to export a secret of
// |secret_len| bytes into |out|. This function uses |context_len| bytes from
// |context| as a context string for the secret. This is necessary to separate
// different uses of exported secrets and bind relevant caller-specific context
// into the output. It returns one on success and zero otherwise.
OPENSSL_EXPORT int EVP_HPKE_CTX_export(const EVP_HPKE_CTX *ctx, uint8_t *out,
size_t secret_len,
const uint8_t *context,
size_t context_len);
// EVP_HPKE_MAX_OVERHEAD contains the largest value that
// |EVP_HPKE_CTX_max_overhead| would ever return for any context.
#define EVP_HPKE_MAX_OVERHEAD EVP_AEAD_MAX_OVERHEAD
// EVP_HPKE_CTX_max_overhead returns the maximum number of additional bytes
// added by sealing data with |EVP_HPKE_CTX_seal|. The |ctx| context must be set
// up as a sender.
OPENSSL_EXPORT size_t EVP_HPKE_CTX_max_overhead(const EVP_HPKE_CTX *ctx);
// EVP_HPKE_CTX_kem returns |ctx|'s configured KEM, or NULL if the context has
// not been set up.
OPENSSL_EXPORT const EVP_HPKE_KEM *EVP_HPKE_CTX_kem(const EVP_HPKE_CTX *ctx);
// EVP_HPKE_CTX_aead returns |ctx|'s configured AEAD, or NULL if the context has
// not been set up.
OPENSSL_EXPORT const EVP_HPKE_AEAD *EVP_HPKE_CTX_aead(const EVP_HPKE_CTX *ctx);
// EVP_HPKE_CTX_kdf returns |ctx|'s configured KDF, or NULL if the context has
// not been set up.
OPENSSL_EXPORT const EVP_HPKE_KDF *EVP_HPKE_CTX_kdf(const EVP_HPKE_CTX *ctx);
// Private structures.
//
// The following structures are exported so their types are stack-allocatable,
// but accessing or modifying their fields is forbidden.
struct evp_hpke_ctx_st {
const EVP_HPKE_KEM *kem;
const EVP_HPKE_AEAD *aead;
const EVP_HPKE_KDF *kdf;
EVP_AEAD_CTX aead_ctx;
uint8_t base_nonce[EVP_AEAD_MAX_NONCE_LENGTH];
uint8_t exporter_secret[EVP_MAX_MD_SIZE];
uint64_t seq;
int is_sender;
};
struct evp_hpke_key_st {
const EVP_HPKE_KEM *kem;
uint8_t private_key[X25519_PRIVATE_KEY_LEN];
uint8_t public_key[X25519_PUBLIC_VALUE_LEN];
};
#if defined(__cplusplus)
} // extern C
#endif
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
BSSL_NAMESPACE_BEGIN
using ScopedEVP_HPKE_CTX =
internal::StackAllocated<EVP_HPKE_CTX, void, EVP_HPKE_CTX_zero,
EVP_HPKE_CTX_cleanup>;
using ScopedEVP_HPKE_KEY =
internal::StackAllocatedMovable<EVP_HPKE_KEY, void, EVP_HPKE_KEY_zero,
EVP_HPKE_KEY_cleanup, EVP_HPKE_KEY_move>;
BORINGSSL_MAKE_DELETER(EVP_HPKE_CTX, EVP_HPKE_CTX_free)
BORINGSSL_MAKE_DELETER(EVP_HPKE_KEY, EVP_HPKE_KEY_free)
BSSL_NAMESPACE_END
} // extern C++
#endif
#endif // OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H

91
vendor/aws-lc-sys/aws-lc/include/openssl/hrss.h vendored Normal file
View File

@@ -0,0 +1,91 @@
// Copyright (c) 2018, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_HRSS_H
#define OPENSSL_HEADER_HRSS_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// HRSS
//
// HRSS is a structured-lattice-based post-quantum key encapsulation mechanism.
// The best exposition is https://eprint.iacr.org/2017/667.pdf although this
// implementation uses a different KEM construction based on
// https://eprint.iacr.org/2017/1005.pdf.
struct HRSS_private_key {
uint8_t opaque[1808];
};
struct HRSS_public_key {
uint8_t opaque[1424];
};
// HRSS_SAMPLE_BYTES is the number of bytes of entropy needed to generate a
// short vector. There are 701 coefficients, but the final one is always set to
// zero when sampling. Otherwise, we need one byte of input per coefficient.
#define HRSS_SAMPLE_BYTES (701 - 1)
// HRSS_GENERATE_KEY_BYTES is the number of bytes of entropy needed to generate
// an HRSS key pair.
#define HRSS_GENERATE_KEY_BYTES (HRSS_SAMPLE_BYTES + HRSS_SAMPLE_BYTES + 32)
// HRSS_ENCAP_BYTES is the number of bytes of entropy needed to encapsulate a
// session key.
#define HRSS_ENCAP_BYTES (HRSS_SAMPLE_BYTES + HRSS_SAMPLE_BYTES)
// HRSS_PUBLIC_KEY_BYTES is the number of bytes in a public key.
#define HRSS_PUBLIC_KEY_BYTES 1138
// HRSS_CIPHERTEXT_BYTES is the number of bytes in a ciphertext.
#define HRSS_CIPHERTEXT_BYTES 1138
// HRSS_KEY_BYTES is the number of bytes in a shared key.
#define HRSS_KEY_BYTES 32
// HRSS_POLY3_BYTES is the number of bytes needed to serialise a mod 3
// polynomial.
#define HRSS_POLY3_BYTES 140
#define HRSS_PRIVATE_KEY_BYTES \
(HRSS_POLY3_BYTES * 2 + HRSS_PUBLIC_KEY_BYTES + 2 + 32)
// HRSS_generate_key is a deterministic function that outputs a public and
// private key based on the given entropy. It returns one on success or zero
// on malloc failure.
OPENSSL_EXPORT int HRSS_generate_key(
struct HRSS_public_key *out_pub, struct HRSS_private_key *out_priv,
const uint8_t input[HRSS_GENERATE_KEY_BYTES]);
// HRSS_encap is a deterministic function the generates and encrypts a random
// session key from the given entropy, writing those values to |out_shared_key|
// and |out_ciphertext|, respectively. It returns one on success or zero on
// malloc failure.
OPENSSL_EXPORT int HRSS_encap(uint8_t out_ciphertext[HRSS_CIPHERTEXT_BYTES],
uint8_t out_shared_key[HRSS_KEY_BYTES],
const struct HRSS_public_key *in_pub,
const uint8_t in[HRSS_ENCAP_BYTES]);
// HRSS_decap decrypts a session key from |ciphertext_len| bytes of
// |ciphertext|. If the ciphertext is valid, the decrypted key is written to
// |out_shared_key|. Otherwise the HMAC of |ciphertext| under a secret key (kept
// in |in_priv|) is written. If the ciphertext is the wrong length then it will
// leak which was done via side-channels. Otherwise it should perform either
// action in constant-time. It returns one on success (whether the ciphertext
// was valid or not) and zero on malloc failure.
OPENSSL_EXPORT int HRSS_decap(uint8_t out_shared_key[HRSS_KEY_BYTES],
const struct HRSS_private_key *in_priv,
const uint8_t *ciphertext, size_t ciphertext_len);
// HRSS_marshal_public_key serialises |in_pub| to |out|.
OPENSSL_EXPORT void HRSS_marshal_public_key(
uint8_t out[HRSS_PUBLIC_KEY_BYTES], const struct HRSS_public_key *in_pub);
// HRSS_parse_public_key sets |*out| to the public-key encoded in |in|. It
// returns true on success and zero on error.
OPENSSL_EXPORT int HRSS_parse_public_key(
struct HRSS_public_key *out, const uint8_t in[HRSS_PUBLIC_KEY_BYTES]);
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_HRSS_H

5
vendor/aws-lc-sys/aws-lc/include/openssl/is_awslc.h vendored Normal file
View File

@@ -0,0 +1,5 @@
// Copyright (c) 2017, Google Inc.
// SPDX-License-Identifier: ISC
// This header is provided in order to catch include path errors in consuming
// AWS-LC.

166
vendor/aws-lc-sys/aws-lc/include/openssl/kdf.h vendored Normal file
View File

@@ -0,0 +1,166 @@
// Copyright (c) 2022, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_KDF_H
#define OPENSSL_HEADER_KDF_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// CRYPTO_tls1_prf calculates |out_len| bytes of the TLS PRF, using |digest|,
// and writes them to |out|. It returns one on success and zero on error.
// TLS 1.2: https://datatracker.ietf.org/doc/html/rfc5246#section-5
// TLS 1.{0,1}: https://datatracker.ietf.org/doc/html/rfc4346#section-5
OPENSSL_EXPORT int CRYPTO_tls1_prf(const EVP_MD *digest,
uint8_t *out, size_t out_len,
const uint8_t *secret, size_t secret_len,
const char *label, size_t label_len,
const uint8_t *seed1, size_t seed1_len,
const uint8_t *seed2, size_t seed2_len);
// SSKDF_digest computes the One-step key derivation using the
// provided digest algorithm as the backing PRF. This algorithm
// may be referred to as "Single-Step KDF" or "NIST Concatenation KDF" by other
// implementors. |info_len| may be zero length.
//
// Returns a 1 on success, otherwise returns 0.
//
// This implementation adheres to the algorithm specified in Section 4 of the
// NIST Special Publication 800-56C Revision 2 published on August 2020. The
// parameters relevant to the specification are as follows:
// * Auxillary Function H is Option 1
// * |out_len|, |secret_len|, and |info_len| are specified in bytes
// * |out_len|, |secret_len|, |info_len| each must be <= 2^30
// * |out_len| and |secret_len| > 0
// * |out_len|, |secret_len| are analogous to |L| and |Z| respectively in the
// specification.
// * |info| and |info_len| refer to |FixedInfo| in the specification.
//
// Specification is available at https://doi.org/10.6028/NIST.SP.800-56Cr2
OPENSSL_EXPORT int SSKDF_digest(uint8_t *out_key, size_t out_len,
const EVP_MD *digest,
const uint8_t *secret, size_t secret_len,
const uint8_t *info, size_t info_len);
// SSKDF_hmac computes the One-step key derivation using the
// provided digest algorithm with HMAC as the backing PRF. This algorithm
// may be referred to as "Single-Step KDF" or "NIST Concatenation KDF" by other
// implementors. |salt| is optional and may be |NULL| or zero-length. In
// addition |info_len| may be zero length.
//
// Returns a 1 on success, otherwise returns 0.
//
// This implementation adheres to the algorithm specified in Section 4 of the
// NIST Special Publication 800-56C Revision 2 published on August 2020. The
// parameters relevant to the specification are as follows:
// * Auxillary Function H is Option 2
// * |out_len|, |secret_len|, |info_len|, and |salt_len| are specified in bytes
// * |out_len|, |secret_len|, |info_len| each must be <= 2^30
// * |out_len| and |secret_len| > 0
// * |out_len|, |secret_len| are analogous to |L| and |Z| respectively in the
// specification.
// * |info| and |info_len| refer to |FixedInfo| in the specification.
// * |salt| and |salt_len| refer to |salt| in the specification.
// * |salt| or |salt_len| being |NULL| or |0| respectively will result in a
// default salt being used which will be an all-zero byte string whose length
// is equal to the length of the specified |digest| input block length in
// bytes.
OPENSSL_EXPORT int SSKDF_hmac(uint8_t *out_key, size_t out_len,
const EVP_MD *digest,
const uint8_t *secret, size_t secret_len,
const uint8_t *info, size_t info_len,
const uint8_t *salt, size_t salt_len);
// KBKDF_ctr_hmac derives keying material using the KDF counter mode algorithm,
// using the provided key derivation key |secret| and fixed info |info|.
// |info| or |info_len| may be zero-length. This algorithm
// may be referred to as a "Key-Based Key Derivation Function in Counter Mode".
//
// This implementation adheres to the algorithm specified in Section 4.1 of the
// NIST Special Publication 800-108 Revision 1 Update 1 published on August
// 2022. The parameters relevant to the specification are as follows:
// * |out_len|, |secret_len|, and |info_len| are specified in bytes
// * |out_len| is analogous to |L| in the specification.
// * |r| is the length of the binary representation of the counter |i|
// referred to by the specification. |r| is 32 bits in this implementation.
// * The 32-bit counter is big-endian in this implementation.
// * The 32-bit counter location is placed before |info|.
// * |K_IN| is analogous to |secret| and |secret_len|.
// * |PRF| refers to HMAC in this implementation.
//
// Specification is available at https://doi.org/10.6028/NIST.SP.800-108r1-upd1
OPENSSL_EXPORT int KBKDF_ctr_hmac(uint8_t *out_key, size_t out_len,
const EVP_MD *digest, const uint8_t *secret,
size_t secret_len, const uint8_t *info,
size_t info_len);
// KDF support for EVP.
// HKDF-specific functions.
//
// The following functions are provided for OpenSSL compatibility. Prefer the
// HKDF functions in <openssl/hkdf.h>. In each, |ctx| must be created with
// |EVP_PKEY_CTX_new_id| with |EVP_PKEY_HKDF| and then initialized with
// |EVP_PKEY_derive_init|.
// EVP_PKEY_HKDEF_MODE_* define "modes" for use with |EVP_PKEY_CTX_hkdf_mode|.
// The mispelling of "HKDF" as "HKDEF" is intentional for OpenSSL compatibility.
#define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0
#define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1
#define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2
// EVP_PKEY_CTX_hkdf_mode configures which HKDF operation to run. It returns one
// on success and zero on error. |mode| must be one of |EVP_PKEY_HKDEF_MODE_*|.
// By default, the mode is |EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND|.
//
// If |mode| is |EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND| or
// |EVP_PKEY_HKDEF_MODE_EXPAND_ONLY|, the output is variable-length.
// |EVP_PKEY_derive| uses the size of the output buffer as the output length for
// HKDF-Expand.
//
// WARNING: Although this API calls it a "mode", HKDF-Extract and HKDF-Expand
// are distinct operations with distinct inputs and distinct kinds of keys.
// Callers should not pass input secrets for one operation into the other.
OPENSSL_EXPORT int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *ctx, int mode);
// EVP_PKEY_CTX_set_hkdf_md sets |md| as the digest to use with HKDF. It returns
// one on success and zero on error.
OPENSSL_EXPORT int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *ctx,
const EVP_MD *md);
// EVP_PKEY_CTX_set1_hkdf_key configures HKDF to use |key_len| bytes from |key|
// as the "key", described below. It returns one on success and zero on error.
//
// Which input is the key depends on the "mode" (see |EVP_PKEY_CTX_hkdf_mode|).
// If |EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND| or
// |EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY|, this function specifies the input keying
// material (IKM) for HKDF-Extract. If |EVP_PKEY_HKDEF_MODE_EXPAND_ONLY|, it
// instead specifies the pseudorandom key (PRK) for HKDF-Expand.
OPENSSL_EXPORT int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx,
const uint8_t *key,
size_t key_len);
// EVP_PKEY_CTX_set1_hkdf_salt configures HKDF to use |salt_len| bytes from
// |salt| as the salt parameter to HKDF-Extract. It returns one on success and
// zero on error. If performing HKDF-Expand only, this parameter is ignored.
OPENSSL_EXPORT int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *ctx,
const uint8_t *salt,
size_t salt_len);
// EVP_PKEY_CTX_add1_hkdf_info appends |info_len| bytes from |info| to the info
// parameter used with HKDF-Expand. It returns one on success and zero on error.
// If performing HKDF-Extract only, this parameter is ignored.
OPENSSL_EXPORT int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx,
const uint8_t *info,
size_t info_len);
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_KDF_H

41
vendor/aws-lc-sys/aws-lc/include/openssl/lhash.h vendored Normal file
View File

@@ -0,0 +1,41 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_LHASH_H
#define OPENSSL_HEADER_LHASH_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
typedef struct lhash_st _LHASH;
// lhash is an internal library and not exported for use outside BoringSSL. This
// header is provided for compatibility with code that expects OpenSSL.
// These two macros are exported for compatibility with existing callers of
// |X509V3_EXT_conf_nid|. Do not use these symbols outside BoringSSL.
#define LHASH_OF(type) struct lhash_st_##type
#define DECLARE_LHASH_OF(type) LHASH_OF(type);
OPENSSL_EXPORT void lh_doall_arg(_LHASH *lh, void (*func)(void *, void *),
void *arg);
// These two macros are the bare minimum of |LHASH| macros downstream consumers
// use.
#define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
o_type *a = arg1; \
a_type *b = arg2; \
name##_doall_arg(a, b); }
#define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_LHASH_H

55
vendor/aws-lc-sys/aws-lc/include/openssl/md4.h vendored Normal file
View File

@@ -0,0 +1,55 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_MD4_H
#define OPENSSL_HEADER_MD4_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// MD4.
// MD4_CBLOCK is the block size of MD4.
#define MD4_CBLOCK 64
// MD4_DIGEST_LENGTH is the length of an MD4 digest.
#define MD4_DIGEST_LENGTH 16
// MD4_Init initialises |md4| and returns one.
OPENSSL_EXPORT int MD4_Init(MD4_CTX *md4);
// MD4_Update adds |len| bytes from |data| to |md4| and returns one.
OPENSSL_EXPORT int MD4_Update(MD4_CTX *md4, const void *data, size_t len);
// MD4_Final adds the final padding to |md4| and writes the resulting digest to
// |out|, which must have at least |MD4_DIGEST_LENGTH| bytes of space. It
// returns one.
OPENSSL_EXPORT int MD4_Final(uint8_t out[MD4_DIGEST_LENGTH], MD4_CTX *md4);
// MD4 writes the digest of |len| bytes from |data| to |out| and returns |out|.
// There must be at least |MD4_DIGEST_LENGTH| bytes of space in |out|.
OPENSSL_EXPORT uint8_t *MD4(const uint8_t *data, size_t len,
uint8_t out[MD4_DIGEST_LENGTH]);
// MD4_Transform is a low-level function that performs a single, MD4 block
// transformation using the state from |md4| and 64 bytes from |block|.
OPENSSL_EXPORT void MD4_Transform(MD4_CTX *md4,
const uint8_t block[MD4_CBLOCK]);
struct md4_state_st {
uint32_t h[4];
uint32_t Nl, Nh;
uint8_t data[MD4_CBLOCK];
unsigned num;
};
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_MD4_H

56
vendor/aws-lc-sys/aws-lc/include/openssl/md5.h vendored Normal file
View File

@@ -0,0 +1,56 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_MD5_H
#define OPENSSL_HEADER_MD5_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// MD5.
// MD5_CBLOCK is the block size of MD5.
#define MD5_CBLOCK 64
// MD5_DIGEST_LENGTH is the length of an MD5 digest.
#define MD5_DIGEST_LENGTH 16
// MD5_Init initialises |md5| and returns one.
OPENSSL_EXPORT int MD5_Init(MD5_CTX *md5);
// MD5_Update adds |len| bytes from |data| to |md5| and returns one.
OPENSSL_EXPORT int MD5_Update(MD5_CTX *md5, const void *data, size_t len);
// MD5_Final adds the final padding to |md5| and writes the resulting digest to
// |out|, which must have at least |MD5_DIGEST_LENGTH| bytes of space. It
// returns one.
OPENSSL_EXPORT int MD5_Final(uint8_t out[MD5_DIGEST_LENGTH], MD5_CTX *md5);
// MD5 writes the digest of |len| bytes from |data| to |out| and returns |out|.
// There must be at least |MD5_DIGEST_LENGTH| bytes of space in |out|.
OPENSSL_EXPORT uint8_t *MD5(const uint8_t *data, size_t len,
uint8_t out[MD5_DIGEST_LENGTH]);
// MD5_Transform is a low-level function that performs a single, MD5 block
// transformation using the state from |md5| and 64 bytes from |block|.
OPENSSL_EXPORT void MD5_Transform(MD5_CTX *md5,
const uint8_t block[MD5_CBLOCK]);
struct md5_state_st {
uint32_t h[4];
uint32_t Nl, Nh;
uint8_t data[MD5_CBLOCK];
unsigned num;
};
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_MD5_H

238
vendor/aws-lc-sys/aws-lc/include/openssl/mem.h vendored Normal file
View File

@@ -0,0 +1,238 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_MEM_H
#define OPENSSL_HEADER_MEM_H
#include <openssl/base.h>
#include <stdlib.h>
#include <stdarg.h>
#if defined(__cplusplus)
extern "C" {
#endif
// Memory and string functions, see also buf.h.
//
// BoringSSL has its own set of allocation functions, which keep track of
// allocation lengths and zero them out before freeing. All memory returned by
// BoringSSL API calls must therefore generally be freed using |OPENSSL_free|
// unless stated otherwise.
#ifndef _BORINGSSL_PROHIBIT_OPENSSL_MALLOC
// OPENSSL_malloc is similar to a regular |malloc|, but allocates additional
// private data. The resulting pointer must be freed with |OPENSSL_free|. In
// the case of a malloc failure, prior to returning NULL |OPENSSL_malloc| will
// push |ERR_R_MALLOC_FAILURE| onto the openssl error stack.
OPENSSL_EXPORT void *OPENSSL_malloc(size_t size) OPENSSL_WARN_UNUSED_RESULT;
// OPENSSL_zalloc behaves like |OPENSSL_malloc| except it also initializes the
// resulting memory to zero.
OPENSSL_EXPORT void *OPENSSL_zalloc(size_t size) OPENSSL_WARN_UNUSED_RESULT;
// OPENSSL_calloc is similar to a regular |calloc|, but allocates data with
// |OPENSSL_malloc|. On overflow, it will push |ERR_R_OVERFLOW| onto the error
// queue.
OPENSSL_EXPORT void *OPENSSL_calloc(size_t num, size_t size) OPENSSL_WARN_UNUSED_RESULT;
// OPENSSL_realloc returns a pointer to a buffer of |new_size| bytes that
// contains the contents of |ptr|. Unlike |realloc|, a new buffer is always
// allocated and the data at |ptr| is always wiped and freed. Memory is
// allocated with |OPENSSL_malloc| and must be freed with |OPENSSL_free|.
// If |ptr| is null |OPENSSL_malloc| is called instead.
OPENSSL_EXPORT void *OPENSSL_realloc(void *ptr, size_t new_size) OPENSSL_WARN_UNUSED_RESULT;
#endif // !_BORINGSSL_PROHIBIT_OPENSSL_MALLOC
// OPENSSL_free does nothing if |ptr| is NULL. Otherwise it zeros out the
// memory allocated at |ptr| and frees it along with the private data.
// It must only be used on on |ptr| values obtained from |OPENSSL_malloc|
OPENSSL_EXPORT void OPENSSL_free(void *ptr);
// OPENSSL_cleanse zeros out |len| bytes of memory at |ptr|. This is similar to
// |memset_s| from C11.
OPENSSL_EXPORT void OPENSSL_cleanse(void *ptr, size_t len);
// CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
// takes an amount of time dependent on |len|, but independent of the contents
// of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
// defined order as the return value when a != b is undefined, other than to be
// non-zero.
OPENSSL_EXPORT int CRYPTO_memcmp(const void *a, const void *b, size_t len) OPENSSL_WARN_UNUSED_RESULT;
// OPENSSL_hash32 implements the 32 bit, FNV-1a hash.
OPENSSL_EXPORT uint32_t OPENSSL_hash32(const void *ptr, size_t len);
// OPENSSL_strhash calls |OPENSSL_hash32| on the NUL-terminated string |s|.
OPENSSL_EXPORT uint32_t OPENSSL_strhash(const char *s);
// OPENSSL_strdup has the same behaviour as strdup(3).
OPENSSL_EXPORT char *OPENSSL_strdup(const char *s);
// OPENSSL_strnlen has the same behaviour as strnlen(3).
OPENSSL_EXPORT size_t OPENSSL_strnlen(const char *s, size_t len);
// OPENSSL_isalpha is a locale-independent, ASCII-only version of isalpha(3), It
// only recognizes 'a' through 'z' and 'A' through 'Z' as alphabetic.
OPENSSL_EXPORT int OPENSSL_isalpha(int c);
// OPENSSL_isdigit is a locale-independent, ASCII-only version of isdigit(3), It
// only recognizes '0' through '9' as digits.
OPENSSL_EXPORT int OPENSSL_isdigit(int c);
// OPENSSL_isxdigit is a locale-independent, ASCII-only version of isxdigit(3),
// It only recognizes '0' through '9', 'a' through 'f', and 'A through 'F' as
// digits.
OPENSSL_EXPORT int OPENSSL_isxdigit(int c);
// OPENSSL_fromxdigit returns one if |c| is a hexadecimal digit as recognized
// by OPENSSL_isxdigit, and sets |out| to the corresponding value. Otherwise
// zero is returned.
OPENSSL_EXPORT int OPENSSL_fromxdigit(uint8_t *out, int c);
// OPENSSL_hexstr2buf allocates and returns a buffer containing the bytes
// represented by the hexadecimal string |str|. |str| must be a NULL terminated
// string of hex characters. The length of the buffer is stored in |*len|.
// |len| must not be NULL. The caller must free the returned
// buffer with |OPENSSL_free|. If |str| is malformed, NULL is returned.
OPENSSL_EXPORT uint8_t *OPENSSL_hexstr2buf(const char *str, size_t *len);
// OPENSSL_isalnum is a locale-independent, ASCII-only version of isalnum(3), It
// only recognizes what |OPENSSL_isalpha| and |OPENSSL_isdigit| recognize.
OPENSSL_EXPORT int OPENSSL_isalnum(int c);
// OPENSSL_tolower is a locale-independent, ASCII-only version of tolower(3). It
// only lowercases ASCII values. Other values are returned as-is.
OPENSSL_EXPORT int OPENSSL_tolower(int c);
// OPENSSL_isspace is a locale-independent, ASCII-only version of isspace(3). It
// only recognizes '\t', '\n', '\v', '\f', '\r', and ' '.
OPENSSL_EXPORT int OPENSSL_isspace(int c);
// OPENSSL_strcasecmp is a locale-independent, ASCII-only version of
// strcasecmp(3).
OPENSSL_EXPORT int OPENSSL_strcasecmp(const char *a, const char *b);
// OPENSSL_strncasecmp is a locale-independent, ASCII-only version of
// strncasecmp(3).
OPENSSL_EXPORT int OPENSSL_strncasecmp(const char *a, const char *b, size_t n);
// DECIMAL_SIZE returns an upper bound for the length of the decimal
// representation of the given type.
#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
// BIO_snprintf has the same behavior as snprintf(3).
OPENSSL_EXPORT int BIO_snprintf(char *buf, size_t n, const char *format, ...)
OPENSSL_PRINTF_FORMAT_FUNC(3, 4);
// BIO_vsnprintf has the same behavior as vsnprintf(3).
OPENSSL_EXPORT int BIO_vsnprintf(char *buf, size_t n, const char *format,
va_list args) OPENSSL_PRINTF_FORMAT_FUNC(3, 0);
// OPENSSL_vasprintf has the same behavior as vasprintf(3), except that
// memory allocated in a returned string must be freed with |OPENSSL_free|.
OPENSSL_EXPORT int OPENSSL_vasprintf(char **str, const char *format,
va_list args)
OPENSSL_PRINTF_FORMAT_FUNC(2, 0);
// OPENSSL_asprintf has the same behavior as asprintf(3), except that
// memory allocated in a returned string must be freed with |OPENSSL_free|.
OPENSSL_EXPORT int OPENSSL_asprintf(char **str, const char *format, ...)
OPENSSL_PRINTF_FORMAT_FUNC(2, 3);
// OPENSSL_strndup returns an allocated, duplicate of |str|, which is, at most,
// |size| bytes. The result is always NUL terminated. The memory allocated
// must be freed with |OPENSSL_free|.
OPENSSL_EXPORT char *OPENSSL_strndup(const char *str, size_t size);
// OPENSSL_memdup returns an allocated, duplicate of |size| bytes from |data| or
// NULL on allocation failure. The memory allocated must be freed with
// |OPENSSL_free|.
OPENSSL_EXPORT void *OPENSSL_memdup(const void *data, size_t size);
// OPENSSL_strlcpy acts like strlcpy(3).
OPENSSL_EXPORT size_t OPENSSL_strlcpy(char *dst, const char *src,
size_t dst_size);
// OPENSSL_strlcat acts like strlcat(3).
OPENSSL_EXPORT size_t OPENSSL_strlcat(char *dst, const char *src,
size_t dst_size);
// Deprecated functions.
// CRYPTO_malloc calls |OPENSSL_malloc|. |file| and |line| are ignored.
OPENSSL_EXPORT void *CRYPTO_malloc(size_t size, const char *file, int line);
// CRYPTO_realloc calls |OPENSSL_realloc|. |file| and |line| are ignored.
OPENSSL_EXPORT void *CRYPTO_realloc(void *ptr, size_t new_size,
const char *file, int line);
// CRYPTO_free calls |OPENSSL_free|. |file| and |line| are ignored.
OPENSSL_EXPORT void CRYPTO_free(void *ptr, const char *file, int line);
// OPENSSL_clear_free calls |OPENSSL_free|. BoringSSL automatically clears all
// allocations on free, but we define |OPENSSL_clear_free| for compatibility.
OPENSSL_EXPORT void OPENSSL_clear_free(void *ptr, size_t len);
// CRYPTO_set_mem_functions is used to override the implementation of |OPENSSL_malloc/free/realloc|.
//
// |OPENSSL_malloc/free/realloc| can be customized by implementing |OPENSSL_memory_alloc/free/realloc| or calling
// CRYPTO_set_mem_functions. If |OPENSSL_memory_alloc/free/realloc| is defined CRYPTO_set_mem_functions will fail.
// All of the warnings for |OPENSSL_malloc/free/realloc| apply to CRYPTO_set_mem_functions:
// -- https://github.com/aws/aws-lc/blame/d164f5762b1ad5d4f2d1561fb85daa556fdff5ef/crypto/mem.c#L111-L127
// This function is only recommended for debug purpose(e.g. track mem usage).
// AWS-LC differs from OpenSSL's CRYPTO_set_mem_functions in that __FILE__ and __LINE__ are not supplied.
//
// It returns one on success and zero otherwise.
OPENSSL_EXPORT int CRYPTO_set_mem_functions(
void *(*m)(size_t, const char *, int),
void *(*r)(void *, size_t, const char *, int),
void (*f)(void *, const char *, int));
// OPENSSL supports the concept of secure heaps to help protect applications from pointer overruns or underruns that
// could return arbitrary data from the program's dynamic memory area where sensitive information may be stored.
// AWS-LC does not support secure heaps. The initialization functions intentionally return zero to indicate that secure
// heaps aren't supported. We return the regular malloc and zalloc versions when the secure_* counterparts are called,
// which is what OPENSSL does when secure heap is not enabled.
// If there is any interest in utilizing "secure heaps" with AWS-LC, cut us an issue at
// https://github.com/aws/aws-lc/issues/new/choose
// CRYPTO_secure_malloc_init returns zero.
OPENSSL_EXPORT int CRYPTO_secure_malloc_init(size_t size, size_t min_size);
// CRYPTO_secure_malloc_initialized returns zero.
OPENSSL_EXPORT int CRYPTO_secure_malloc_initialized(void);
// CRYPTO_secure_used returns zero.
OPENSSL_EXPORT size_t CRYPTO_secure_used(void);
// OPENSSL_secure_malloc calls |OPENSSL_malloc|.
OPENSSL_EXPORT void *OPENSSL_secure_malloc(size_t size);
// OPENSSL_secure_zalloc calls |OPENSSL_zalloc|.
OPENSSL_EXPORT void *OPENSSL_secure_zalloc(size_t size);
// OPENSSL_secure_clear_free calls |OPENSSL_clear_free|.
OPENSSL_EXPORT void OPENSSL_secure_clear_free(void *ptr, size_t len);
#if defined(__cplusplus)
} // extern C
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(char, OPENSSL_free)
BORINGSSL_MAKE_DELETER(uint8_t, OPENSSL_free)
BSSL_NAMESPACE_END
} // extern C++
#endif
#endif // OPENSSL_HEADER_MEM_H

4316
vendor/aws-lc-sys/aws-lc/include/openssl/nid.h vendored Normal file
View File

File diff suppressed because it is too large Load Diff

210
vendor/aws-lc-sys/aws-lc/include/openssl/obj.h vendored Normal file
View File

@@ -0,0 +1,210 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_OBJ_H
#define OPENSSL_HEADER_OBJ_H
#include <openssl/base.h>
#include <openssl/bytestring.h>
#include <openssl/nid.h> // IWYU pragma: export
#if defined(__cplusplus)
extern "C" {
#endif
// The objects library deals with the registration and indexing of ASN.1 object
// identifiers. These values are often written as a dotted sequence of numbers,
// e.g. 1.2.840.113549.1.9.16.3.9.
//
// Internally, OpenSSL likes to deal with these values by numbering them with
// numbers called "nids". OpenSSL has a large, built-in database of common
// object identifiers and also has both short and long names for them.
//
// This library provides functions for translating between object identifiers,
// nids, short names and long names.
//
// The nid values should not be used outside of a single process: they are not
// stable identifiers.
// Basic operations.
// OBJ_dup returns a duplicate copy of |obj| or NULL on allocation failure. The
// caller must call |ASN1_OBJECT_free| on the result to release it.
OPENSSL_EXPORT ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *obj);
// OBJ_cmp returns a value less than, equal to or greater than zero if |a| is
// less than, equal to or greater than |b|, respectively.
OPENSSL_EXPORT int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
// OBJ_get0_data returns a pointer to the DER representation of |obj|. This is
// the contents of the DER-encoded identifier, not including the tag and length.
// If |obj| does not have an associated object identifier (i.e. it is a nid-only
// value), this value is the empty string.
OPENSSL_EXPORT const uint8_t *OBJ_get0_data(const ASN1_OBJECT *obj);
// OBJ_length returns the length of the DER representation of |obj|. This is the
// contents of the DER-encoded identifier, not including the tag and length. If
// |obj| does not have an associated object identifier (i.e. it is a nid-only
// value), this value is the empty string.
OPENSSL_EXPORT size_t OBJ_length(const ASN1_OBJECT *obj);
// Looking up nids.
// OBJ_obj2nid returns the nid corresponding to |obj|, or |NID_undef| if no
// such object is known.
OPENSSL_EXPORT int OBJ_obj2nid(const ASN1_OBJECT *obj);
// OBJ_cbs2nid returns the nid corresponding to the DER data in |cbs|, or
// |NID_undef| if no such object is known.
OPENSSL_EXPORT int OBJ_cbs2nid(const CBS *cbs);
// OBJ_sn2nid returns the nid corresponding to |short_name|, or |NID_undef| if
// no such short name is known.
OPENSSL_EXPORT int OBJ_sn2nid(const char *short_name);
// OBJ_ln2nid returns the nid corresponding to |long_name|, or |NID_undef| if
// no such long name is known.
OPENSSL_EXPORT int OBJ_ln2nid(const char *long_name);
// OBJ_txt2nid returns the nid corresponding to |s|, which may be a short name,
// long name, or an ASCII string containing a dotted sequence of numbers. It
// returns the nid or NID_undef if unknown.
OPENSSL_EXPORT int OBJ_txt2nid(const char *s);
// Getting information about nids.
// OBJ_nid2obj returns the |ASN1_OBJECT| corresponding to |nid|, or NULL if
// |nid| is unknown.
//
// Although the output is not const, this function returns a static, immutable
// |ASN1_OBJECT|. It is not necessary to release the object with
// |ASN1_OBJECT_free|.
//
// However, functions like |X509_ALGOR_set0| expect to take ownership of a
// possibly dynamically-allocated |ASN1_OBJECT|. |ASN1_OBJECT_free| is a no-op
// for static |ASN1_OBJECT|s, so |OBJ_nid2obj| is compatible with such
// functions.
//
// Callers are encouraged to store the result of this function in a const
// pointer. However, if using functions like |X509_ALGOR_set0|, callers may use
// a non-const pointer and manage ownership.
OPENSSL_EXPORT ASN1_OBJECT *OBJ_nid2obj(int nid);
// OBJ_get_undef returns the object for |NID_undef|. Prefer this function over
// |OBJ_nid2obj| to avoid pulling in the full OID table.
OPENSSL_EXPORT const ASN1_OBJECT *OBJ_get_undef(void);
// OBJ_nid2sn returns the short name for |nid|, or NULL if |nid| is unknown.
OPENSSL_EXPORT const char *OBJ_nid2sn(int nid);
// OBJ_nid2ln returns the long name for |nid|, or NULL if |nid| is unknown.
OPENSSL_EXPORT const char *OBJ_nid2ln(int nid);
// OBJ_nid2cbb writes |nid| as an ASN.1 OBJECT IDENTIFIER to |out|. It returns
// one on success or zero otherwise.
OPENSSL_EXPORT int OBJ_nid2cbb(CBB *out, int nid);
// Dealing with textual representations of object identifiers.
// OBJ_txt2obj returns an ASN1_OBJECT for the textual representation in |s|.
// If |dont_search_names| is zero, then |s| will be matched against the long
// and short names of a known objects to find a match. Otherwise |s| must
// contain an ASCII string with a dotted sequence of numbers. The resulting
// object need not be previously known. It returns a freshly allocated
// |ASN1_OBJECT| or NULL on error.
OPENSSL_EXPORT ASN1_OBJECT *OBJ_txt2obj(const char *s, int dont_search_names);
// OBJ_obj2txt converts |obj| to a textual representation. If
// |always_return_oid| is zero then |obj| will be matched against known objects
// and the long (preferably) or short name will be used if found. Otherwise
// |obj| will be converted into a dotted sequence of integers. If |out| is not
// NULL, then at most |out_len| bytes of the textual form will be written
// there. If |out_len| is at least one, then string written to |out| will
// always be NUL terminated. It returns the number of characters that could
// have been written, not including the final NUL, or -1 on error.
OPENSSL_EXPORT int OBJ_obj2txt(char *out, int out_len, const ASN1_OBJECT *obj,
int always_return_oid);
// Adding objects at runtime.
// OBJ_create adds a known object and returns the NID of the new object, or
// NID_undef on error.
//
// WARNING: This function modifies global state. The table cannot contain
// duplicate OIDs, short names, or long names. If two callers in the same
// address space add conflicting values, only one registration will take effect.
// Avoid this function if possible. Instead, callers can process OIDs unknown to
// BoringSSL by acting on the byte representation directly. See
// |ASN1_OBJECT_create|, |OBJ_get0_data|, and |OBJ_length|.
OPENSSL_EXPORT int OBJ_create(const char *oid, const char *short_name,
const char *long_name);
// Handling signature algorithm identifiers.
//
// Some NIDs (e.g. sha256WithRSAEncryption) specify both a digest algorithm and
// a public key algorithm. The following functions map between pairs of digest
// and public-key algorithms and the NIDs that specify their combination.
//
// Sometimes the combination NID leaves the digest unspecified (e.g.
// rsassaPss). In these cases, the digest NID is |NID_undef|.
// OBJ_find_sigid_algs finds the digest and public-key NIDs that correspond to
// the signing algorithm |sign_nid|. If successful, it sets |*out_digest_nid|
// and |*out_pkey_nid| and returns one. Otherwise it returns zero. Any of
// |out_digest_nid| or |out_pkey_nid| can be NULL if the caller doesn't need
// that output value.
OPENSSL_EXPORT int OBJ_find_sigid_algs(int sign_nid, int *out_digest_nid,
int *out_pkey_nid);
// OBJ_find_sigid_by_algs finds the signature NID that corresponds to the
// combination of |digest_nid| and |pkey_nid|. If success, it sets
// |*out_sign_nid| and returns one. Otherwise it returns zero. The
// |out_sign_nid| argument can be NULL if the caller only wishes to learn
// whether the combination is valid.
OPENSSL_EXPORT int OBJ_find_sigid_by_algs(int *out_sign_nid, int digest_nid,
int pkey_nid);
// Deprecated functions.
typedef struct obj_name_st {
int type;
int alias;
const char *name;
const char *data;
} OBJ_NAME;
#define OBJ_NAME_TYPE_MD_METH 1
#define OBJ_NAME_TYPE_CIPHER_METH 2
// OBJ_NAME_do_all_sorted calls |callback| zero or more times, each time with
// the name of a different primitive. If |type| is |OBJ_NAME_TYPE_MD_METH| then
// the primitives will be hash functions, alternatively if |type| is
// |OBJ_NAME_TYPE_CIPHER_METH| then the primitives will be ciphers or cipher
// modes.
//
// This function is ill-specified and should never be used.
OPENSSL_EXPORT void OBJ_NAME_do_all_sorted(
int type, void (*callback)(const OBJ_NAME *, void *arg), void *arg);
// OBJ_cleanup does nothing.
OPENSSL_EXPORT void OBJ_cleanup(void);
#if defined(__cplusplus)
} // extern C
#endif
#define OBJ_R_UNKNOWN_NID 100
#define OBJ_R_INVALID_OID_STRING 101
#endif // OPENSSL_HEADER_OBJ_H

7
vendor/aws-lc-sys/aws-lc/include/openssl/obj_mac.h vendored Normal file
View File

@@ -0,0 +1,7 @@
// Copyright (c) 2016, Google Inc.
// SPDX-License-Identifier: ISC
/* This header is provided in order to make compiling against code that expects
OpenSSL easier. */
#include "nid.h"

8
vendor/aws-lc-sys/aws-lc/include/openssl/objects.h vendored Normal file
View File

@@ -0,0 +1,8 @@
// Copyright (c) 2014, Google Inc.
// SPDX-License-Identifier: ISC
/* This header is provided in order to make compiling against code that expects
OpenSSL easier. */
#include "obj.h"
#include "asn1.h"

636
vendor/aws-lc-sys/aws-lc/include/openssl/ocsp.h vendored Normal file
View File

@@ -0,0 +1,636 @@
// Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef AWSLC_OCSP_H
#define AWSLC_OCSP_H
#include <openssl/asn1t.h>
#include <openssl/safestack.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#if defined(__cplusplus)
extern "C" {
#endif
// Various OCSP flags and values
// The following constants are OCSP reason codes identify the reason for the
// certificate revocation.
//
// CRLReason ::= ENUMERATED {
// unspecified (0),
// keyCompromise (1),
// cACompromise (2),
// affiliationChanged (3),
// superseded (4),
// cessationOfOperation (5),
// -- value 7 is not used
// certificateHold (6),
// removeFromCRL (8),
// privilegeWithdrawn (9),
// aACompromise (10) }
//
// Reason Code RFC: https://www.rfc-editor.org/rfc/rfc5280#section-5.3.1
//
// Note: OCSP_REVOKED_STATUS_NOSTATUS is defined by OpenSSL and is not defined
// within the RFC.
#define OCSP_REVOKED_STATUS_NOSTATUS -1
#define OCSP_REVOKED_STATUS_UNSPECIFIED 0
#define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1
#define OCSP_REVOKED_STATUS_CACOMPROMISE 2
#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3
#define OCSP_REVOKED_STATUS_SUPERSEDED 4
#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5
#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6
#define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8
#define OCSP_REVOKED_STATUS_PRIVILEGEWITHDRAWN 9
#define OCSP_REVOKED_STATUS_AACOMPROMISE 10
// OCSP_NOCERTS is for |OCSP_request_sign| and |OCSP_basic_sign|. Setting
// this excludes certificates request/response and ignores the |certs|
// parameter. Certificates are optional.
#define OCSP_NOCERTS 0x1
// OCSP_NOINTERN is for |OCSP_basic_verify| and |OCSP_request_verify|.
// Certificates included within |bs| or |req| will be included in the
// search for the signing certificate by default, unless |OCSP_NOINTERN| is set.
#define OCSP_NOINTERN 0x2
// OCSP_NOCHAIN is for |OCSP_basic_verify| and |OCSP_request_verify|.
// For |OCSP_basic_verify|, certificates in both |certs| and in |bs| are
// considered as certificates for the construction of the validation path for
// the signer certificate by default, unless |OCSP_NOCHAIN| is set.
// For |OCSP_request_verify|, certificates in |req| are considered as
// certificates for the construction of the validation path for the signer
// certificate by default, unless |OCSP_NOCHAIN| is set.
#define OCSP_NOCHAIN 0x8
// OCSP_NOVERIFY is for |OCSP_basic_verify| and |OCSP_request_verify|. When
// setting this flag, the signature on the OCSP response/request will still be
// verified, but additionally verification of the signer certificate will be
// skipped.
#define OCSP_NOVERIFY 0x10
// OCSP_NOEXPLICIT is for |OCSP_basic_verify|. We will check for explicit trust
// for OCSP signing in the root CA certificate, unless the flags contain
// |OCSP_NOEXPLICIT|.
#define OCSP_NOEXPLICIT 0x20
// OCSP_TRUSTOTHER is for |OCSP_basic_verify| and |OCSP_request_verify|. When
// set, all certificates within |certs| are implicitly trusted.
#define OCSP_TRUSTOTHER 0x200
// OCSP_RESPID_KEY is for |OCSP_basic_sign|. By default, the OCSP responder is
// identified by name and included in the response. Setting this changes the
// default identifier to be the hash of the issuer's public key instead.
#define OCSP_RESPID_KEY 0x400
// OCSP_NOTIME is for |OCSP_basic_sign|. Setting this excludes the default
// behavior of setting the |producedAt| time field in |resp| against the current
// time and leaves it empty.
#define OCSP_NOTIME 0x800
typedef struct ocsp_cert_id_st OCSP_CERTID;
typedef struct ocsp_one_request_st OCSP_ONEREQ;
typedef struct ocsp_req_info_st OCSP_REQINFO;
typedef struct ocsp_signature_st OCSP_SIGNATURE;
typedef struct ocsp_request_st OCSP_REQUEST;
typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES;
typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO;
typedef struct ocsp_cert_status_st OCSP_CERTSTATUS;
typedef struct ocsp_single_response_st OCSP_SINGLERESP;
typedef struct ocsp_response_data_st OCSP_RESPDATA;
typedef struct ocsp_response_st OCSP_RESPONSE;
typedef struct ocsp_responder_id_st OCSP_RESPID;
typedef struct ocsp_basic_response_st OCSP_BASICRESP;
DEFINE_STACK_OF(OCSP_CERTID)
DEFINE_STACK_OF(OCSP_ONEREQ)
DEFINE_STACK_OF(OCSP_RESPID)
DEFINE_STACK_OF(OCSP_SINGLERESP)
DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)
DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)
DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)
DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)
DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)
// d2i_OCSP_REQUEST_bio parses a DER-encoded OCSP request from |bp|, converts it
// into an |OCSP_REQUEST|, and writes the result in |preq|.
OPENSSL_EXPORT OCSP_REQUEST *d2i_OCSP_REQUEST_bio(BIO *bp, OCSP_REQUEST **preq);
// d2i_OCSP_RESPONSE_bio parses a DER-encoded OCSP response from |bp|, converts
// it into an |OCSP_RESPONSE|, and writes the result in |presp|.
OPENSSL_EXPORT OCSP_RESPONSE *d2i_OCSP_RESPONSE_bio(BIO *bp,
OCSP_RESPONSE **presp);
// i2d_OCSP_RESPONSE_bio marshals |presp| as a DER-encoded OCSP response and
// writes the result to |bp|.
OPENSSL_EXPORT int i2d_OCSP_RESPONSE_bio(BIO *bp, OCSP_RESPONSE *presp);
// i2d_OCSP_REQUEST_bio marshals |preq| as a DER-encoded OCSP request and
// writes the result to |bp|.
OPENSSL_EXPORT int i2d_OCSP_REQUEST_bio(BIO *bp, OCSP_REQUEST *preq);
// OCSP_CERTID_dup allocates a new |OCSP_CERTID| and sets it equal to the state
// of |id|. It returns the new |OCSP_CERTID| or NULL on error.
OPENSSL_EXPORT OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
// OCSP_sendreq_bio is a blocking OCSP request handler which is a special case
// of non-blocking I/O.
// |OCSP_sendreq_bio| combines |OCSP_sendreq_new| with as many calls of
// |OCSP_sendreq_nbio| as needed and then |OCSP_REQ_CTX_free|, with a response
// header maximum line length of 4k. It waits indefinitely on a response, if
// |BIO_should_retry| is true and the |BIO| persists.
//
// WARNING: This is retained only for compatibility. This does not support
// setting a timeout or adding your own HTTP headers.
// Use |OCSP_sendreq_nbio| and handle the timeout accordingly to the |BIO| type.
// You can also use |OCSP_REQ_CTX_add1_header| to add your own HTTP headers.
OPENSSL_EXPORT OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path,
OCSP_REQUEST *req);
// OCSP_sendreq_new returns an |OCSP_REQ_CTX| structure using the responder io,
// the URL path, the |OCSP_REQUEST| req to be sent, and with a response header
// maximum line length of maxline. If maxline is zero or less, a default value
// of 4k is used. The |OCSP_REQUEST| req may be set to NULL and provided later
// if required.
OPENSSL_EXPORT OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
OCSP_REQUEST *req, int maxline);
// OCSP_sendreq_nbio attempts to send the request prepared in |rctx| and to
// gather the response via HTTP, using the |BIO| io and path that were given
// when calling |OCSP_sendreq_new|.
OPENSSL_EXPORT int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
// OCSP_REQ_CTX_new creates a new |OCSP_REQ_CTX|. |OCSP_REQ_CTX| is used to
// contain the information to send the OCSP request and gather the response
// over HTTP.
OPENSSL_EXPORT OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline);
// OCSP_REQ_CTX_free frees the memory allocated by |OCSP_REQ_CTX|.
OPENSSL_EXPORT void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
// OCSP_set_max_response_length sets the maximum response length for an OCSP
// request over HTTP to |len|. If a custom max response length is needed, this
// should be set before |OCSP_REQ_CTX| is sent out to retrieve the OCSP
// response.
OPENSSL_EXPORT void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx,
unsigned long len);
// OCSP_REQ_CTX_http adds the HTTP request line to the context.
OPENSSL_EXPORT int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op,
const char *path);
// OCSP_REQ_CTX_set1_req finalizes the HTTP request context. It is needed if
// an ASN.1-encoded request should be sent.
OPENSSL_EXPORT int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
// OCSP_REQ_CTX_add1_header adds header name with value |value| to the
// context |rctx|. It can be called more than once to add multiple header
// lines.
OPENSSL_EXPORT int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
const char *name,
const char *value);
// OCSP_REQ_CTX_i2d parses the ASN.1 contents of |rctx| into the der format.
int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, ASN1_VALUE *val);
// OCSP_request_add0_id adds |cid| to |req|. Returns the new |OCSP_ONEREQ|
// pointer allocated on the stack within |req|. This is useful if we want to
// add extensions.
// WARNING: This allocates a new |OCSP_ONEREQ| and assigns the pointer to |cid|
// to it. It then adds the newly allocated |OCSP_ONEREQ| to the stack within
// |req|. |req| now takes ownership of |cid|, and also maintains ownership of
// the pointer to |OCSP_ONEREQ|.
OPENSSL_EXPORT OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req,
OCSP_CERTID *cid);
// OCSP_onereq_get0_id returns the certificate identifier
// associated with an OCSP request
OPENSSL_EXPORT OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);
// OCSP_request_add1_nonce adds a nonce of value |val| and length |len| to
// |req|. If |val| is NULL, a random nonce is generated and used. If |len| is
// zero or negative, a default length of 16 bytes will be used.
// If |val| is non-NULL, |len| must equal the length of |val|. This is different
// from OpenSSL, which allows a default length for |len| to be used. Mis-usage
// of the default length could result in a read overflow, so we disallow it.
OPENSSL_EXPORT int OCSP_request_add1_nonce(OCSP_REQUEST *req,
unsigned char *val, int len);
// OCSP_basic_add1_nonce is identical to |OCSP_request_add1_nonce|, but adds the
// nonce to |resp| instead (the response).
OPENSSL_EXPORT int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp,
unsigned char *val, int len);
// OCSP_check_nonce checks nonce existence and equality in |req| and |bs|. If
// there is parsing issue with |req| or |bs|, it will be determined that a
// nonce does not exist within |req| or |bs|.
//
// Return value reflects result:
// OCSP_NONCE_EQUAL (1: nonces present and equal.)
// OCSP_NONCE_BOTH_ABSENT (2: nonces both absent.)
// OCSP_NONCE_RESPONSE_ONLY (3: nonce present in |bs| only.)
// OCSP_NONCE_NOT_EQUAL (0: parameters are NULL or nonces are both present
// but not equal.)
// OCSP_NONCE_REQUEST_ONLY (-1: nonce in |req| only.)
//
// For most responders, clients can check "return > 0".
// If an OCSP responder doesn't handle nonces, "return != 0" may be necessary.
// "return == 0" will always be an error. The error can mean that NULL
// parameter was passed into the function, or that the nonces are both present,
// but aren't equal.
OPENSSL_EXPORT int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
// OCSP_copy_nonce copies the nonce value (if any) from |req| to |resp|. Returns
// 1 on success and 0 on failure. If the optional nonce value does not exist in
// |req|, we return 2 instead.
//
// Note: |OCSP_copy_nonce| allows for multiple OCSP nonces to exist and appends
// the new nonce to the end of the extension list. This causes issues with
// |OCSP_check_nonce|, since it looks for the first one in the list. The old
// nonce extension should be deleted prior to calling |OCSP_copy_nonce|.
OPENSSL_EXPORT int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
// OCSP_request_set1_name sets |requestorName| from an |X509_NAME| structure.
OPENSSL_EXPORT int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
// OCSP_request_add1_cert adds a certificate to an |OCSP_REQUEST|.
OPENSSL_EXPORT int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
// OCSP_request_is_signed checks if the optional signature exists for |req|.
OPENSSL_EXPORT int OCSP_request_is_signed(OCSP_REQUEST *req);
// OCSP_request_onereq_count returns the number of |OCSP_ONEREQ|s in |req|.
OPENSSL_EXPORT int OCSP_request_onereq_count(OCSP_REQUEST *req);
// OCSP_request_onereq_get0 returns the |OCSP_ONEREQ| in |req| at index |i| or
// NULL if |i| is out of bounds.
OPENSSL_EXPORT OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
// OCSP_request_sign signs the OCSP request |req| using |key| and |dgst|. |key|
// MUST be the private key of |signer|. One or more optional certificates can be
// added to |resp| with |certs|. This function will fail if a signature in |req|
// already exists.
//
// Note: 1. The OCSP requester is identified by the subject name from |signer|
// and included in |req|.
// 2. All certificates in |certs| are added to |req| by default. Setting
// |OCSP_NOCERTS| excludes certificates from being added in |req| and
// ignores the |certs| parameter.
OPENSSL_EXPORT int OCSP_request_sign(OCSP_REQUEST *req, X509 *signer,
EVP_PKEY *key, const EVP_MD *dgst,
STACK_OF(X509) *certs,
unsigned long flags);
// OCSP_response_status returns response status from |OCSP_RESPONSE|.
OPENSSL_EXPORT int OCSP_response_status(OCSP_RESPONSE *resp);
// OCSP_response_get1_basic returns |OCSP_BASICRESP| from |OCSP_RESPONSE|.
OPENSSL_EXPORT OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
// OCSP_resp_count returns the number of |OCSP_SINGLERESP| responses present
// in |bs|.
OPENSSL_EXPORT int OCSP_resp_count(OCSP_BASICRESP *bs);
// OCSP_resp_get0 returns the |OCSP_SINGLERESP| at the |idx| within |bs|.
OPENSSL_EXPORT OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, size_t idx);
// OCSP_single_get0_status returns the status of |single|.
//
// Note: 1. |reason| value is allowed to be null.
// 2. Time values passed into function are allowed to be NULL if
// certificate fields are empty.
// 3. |revtime| and |reason| values only set if the certificate status is
// revoked.
OPENSSL_EXPORT int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
ASN1_GENERALIZEDTIME **revtime,
ASN1_GENERALIZEDTIME **thisupd,
ASN1_GENERALIZEDTIME **nextupd);
// OCSP_resp_find returns the index of the |OCSP_SINGLERESP| in |bs| which
// matches |id| if found, or -1 if not found.
OPENSSL_EXPORT int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id,
int last);
// OCSP_resp_find_status looks up a cert id and extract the update time and
// revocation status of certificate sent back from OCSP responder if found.
// Returns 1 on success.
//
// Note: 1. Revocation status code is passed into |*status| parameter. Status
// code will not be passed if |*status| is NULL.
OPENSSL_EXPORT int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id,
int *status, int *reason,
ASN1_GENERALIZEDTIME **revtime,
ASN1_GENERALIZEDTIME **thisupd,
ASN1_GENERALIZEDTIME **nextupd);
// OCSP_check_validity checks the validity of |thisUpdate| and |nextUpdate|
// fields from an |OCSP_SINGLERESP|.
//
// Note: 1. It is possible that the request will take a few seconds to process
// and/or the local system time isn't exactly the same as the OCSP
// responder's time. Therefore, to avoid rejecting otherwise valid time
// we allow the times to be within |drift_num_seconds| of the current
// time.
// 2. Also, to avoid accepting very old responses without a
// |nextUpdate| field, an optional |max_age_seconds| parameter
// specifies the maximum age the |thisUpdate| field can be.
// |max_age_seconds| should be the number of seconds relative to
// |thisUpdate|. You can also set |max_age_seconds| to "-1", if the
// maximum age should not be checked.
// 3. |thisUpdate| should be within the range of: (current time -
// max_age_seconds) < |thisUpdate| < (current time +
// drift_num_seconds).
// |nextUpdate| should be in the future: (current time +
// drift_num_seconds) < |nextUpdate|.
// 4. |thisUpdate| and |nextUpdate| are defined in the RFC:
// https://datatracker.ietf.org/doc/html/rfc6960#section-2.4
OPENSSL_EXPORT int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisUpdate,
ASN1_GENERALIZEDTIME *nextUpdate,
long drift_num_seconds,
long max_age_seconds);
// OCSP_basic_verify verifies a basic response message. It checks that |bs| is
// correctly signed and that the signer certificate can be validated.
// Returns 1 if the response is valid, 0 if the signature cannot be verified,
// or -1 on fatal errors such as malloc failure.
//
// Note: 1. Checks that OCSP response CAN be verified, but does not imply
// anything about the corresponding certificate's revocation status.
// 2. |OCSP_resp_find_status| should be used to check if the OCSP
// response's cert status is |V_OCSP_CERTSTATUS_GOOD|.
// |OCSP_check_validity| should also be used to validate that the OCSP
// response's timestamps are correct.
OPENSSL_EXPORT int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
X509_STORE *st, unsigned long flags);
// OCSP_request_verify verifies the OCSP request message, |req|, with |st|.
// OCSP request signatures are optional according to RFC6960, but one can check
// that |req| is correctly signed and that the signer certificate can be
// validated if a signature exists. This returns 1 if |req| is valid or returns
// 0 if |req|'s signature is non-existent or cannot be verified.
OPENSSL_EXPORT int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
X509_STORE *st, unsigned long flags);
// OCSP_cert_id_new creates and returns a new |OCSP_CERTID| using |dgst|,
// |issuerName|, |issuerKey|, and |serialNumber| as its contents.
OPENSSL_EXPORT OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
const X509_NAME *issuerName,
const ASN1_BIT_STRING *issuerKey,
const ASN1_INTEGER *serialNumber);
// OCSP_cert_to_id returns a |OCSP_CERTID| converted from a certificate and its
// issuer.
//
// Note: 1. If |subject| is NULL, we get the subject name from the issuer and
// set the serial number to NULL.
// 2. OpenSSL's legacy OCSP code decided to make SHA-1 as default hash
// algorithm when the |dgst| is set as NULL. We keep this to maintain
// backwards compatibility, but strongly advise to set a digest when
// using this function. Even though this is not used cryptographically,
// there is the possibility of a response being returned with a forced
// issuer name when using SHA-1 (assuming a preimage attack, which is
// beyond the scope of how SHA-1 is currently vulnerable).
OPENSSL_EXPORT OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst,
const X509 *subject,
const X509 *issuer);
// OCSP_parse_url parses an OCSP responder URL and returns its component parts.
// |url| argument must be a null-terminated string containing the URL to be
// parsed. The other arguments are pointers to variables that will be set to the
// parsed components of the URL. When |OCSP_parse_url| returns 1, these
// arguments will allocate new memory with a copy of value. It is the caller's
// responsibility to free these.
//
// |phost|: A pointer to a char pointer that will be set to the host component
// of the URL. If the URL does not contain a host component, this will
// be set to an empty string.
// |pport|: A pointer to an int that will be set to the port number specified
// in the URL, or to the default port (80 for HTTP, 443 for HTTPS)
// if no port number is specified.
// |ppath|: A pointer to a char pointer that will be set to the path component
// of the URL. If the URL does not contain a path component, this
// will be set to "/".
// |pssl|: A pointer to an int that will be set to 1 if the URL specifies the
// HTTPS protocol, or 0 if HTTP.
//
// Note: |OCSP_parse_url| does not perform any validation of the URL or its
// components beyond basic parsing. It is the responsibility of the
// caller to ensure that the URL is well-formed and valid.
OPENSSL_EXPORT int OCSP_parse_url(const char *url, char **phost, char **pport,
char **ppath, int *pssl);
// OCSP_id_issuer_cmp compares the issuers' name and key hash of |a| and |b|. It
// returns 0 on equal.
OPENSSL_EXPORT int OCSP_id_issuer_cmp(const OCSP_CERTID *a,
const OCSP_CERTID *b);
// OCSP_id_cmp calls |OCSP_id_issuer_cmp| and additionally compares the
// |serialNumber| of |a| and |b|. It returns 0 on equal.
OPENSSL_EXPORT int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b);
// OCSP_id_get0_info returns the issuer name hash, hash OID, issuer key hash,
// and the serial number contained in |cid|. If any of the values are not
// required, the corresponding parameter can be set to NULL.
OPENSSL_EXPORT int OCSP_id_get0_info(ASN1_OCTET_STRING **nameHash,
ASN1_OBJECT **algor,
ASN1_OCTET_STRING **keyHash,
ASN1_INTEGER **serial, OCSP_CERTID *cid);
// OCSP_basic_add1_cert adds |cert| to the |resp|.
OPENSSL_EXPORT int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
// OCSP_basic_add1_status creates and returns an |OCSP_SINGLERESP| with |cid|,
// |status|, |this_update| and |next_update|. The newly created
// |OCSP_SINGLERESP| is pushed onto the internal |OCSP_SINGLERESP| stack in
// |resp|. |status| should be a value defined by |V_OCSP_CERTSTATUS_*|.
//
// 1. If |status| has the value |V_OCSP_CERTSTATUS_REVOKED|, |revoked_reason|
// should be a valid |OCSP_REVOKED_STATUS_*| value and |revoked_time| cannot be
// empty.
// 2. If |status| has the value of either |V_OCSP_CERTSTATUS_GOOD| or
// |V_OCSP_CERTSTATUS_UNKNOWN|, |revoked_reason| and |revoked_time| are ignored.
OPENSSL_EXPORT OCSP_SINGLERESP *OCSP_basic_add1_status(
OCSP_BASICRESP *resp, OCSP_CERTID *cid, int status, int revoked_reason,
ASN1_TIME *revoked_time, ASN1_TIME *this_update, ASN1_TIME *next_update);
// OCSP_basic_sign signs the OCSP response |resp| using |key| and |dgst|. |key|
// MUST be the private key of |signer|. One or more optional certificates can be
// added to |resp| with |certs|.
//
// Note: 1. By default, the OCSP responder is identified by the subject name
// from |signer| and included in |resp|. Users can set
// |OCSP_RESPID_KEY| with |flags|, if they wish for the responder to
// be identified by the hash of |signer|'s public key instead.
// 2. All certificates in |certs| are added to |resp| by default. Setting
// |OCSP_NOCERTS| excludes certificates from being added in |resp| and
// ignores the |certs| parameter.
// 3. The |producedAt| time field is set to the current time by default.
// Setting |OCSP_NOTIME| excludes setting the |producedAt| time field
// in |resp| and leaves it empty.
OPENSSL_EXPORT int OCSP_basic_sign(OCSP_BASICRESP *resp, X509 *signer,
EVP_PKEY *key, const EVP_MD *dgst,
STACK_OF(X509) *certs, unsigned long flags);
// OCSP_response_create creates an |OCSP_RESPONSE| and encodes an optional |bs|
// within it.
OPENSSL_EXPORT OCSP_RESPONSE *OCSP_response_create(int status,
OCSP_BASICRESP *bs);
// OCSP_SINGLERESP_get0_id returns the |OCSP_CERTID| within |x|.
OPENSSL_EXPORT const OCSP_CERTID *OCSP_SINGLERESP_get0_id(
const OCSP_SINGLERESP *x);
// OCSP_response_status_str returns the OCSP response status of |status_code| as
// a string.
OPENSSL_EXPORT const char *OCSP_response_status_str(long status_code);
// OCSP_cert_status_str returns the OCSP cert status of |status_code| as
// a string.
OPENSSL_EXPORT const char *OCSP_cert_status_str(long status_code);
// OCSP_crl_reason_str returns the OCSP CRL reason of |status_code| as a string.
// |OCSP_resp_find_status| can be used to retrieve the reason status code
// if an OCSP response is revoked.
OPENSSL_EXPORT const char *OCSP_crl_reason_str(long status_code);
// OCSP_REQUEST_print prints the contents of an OCSP request to |bp|. |flags| is
// used to configure printing of the |req|'s extensions (See
// |X509V3_extensions_print| for more information).
// This is typically used for debugging or diagnostic purposes.
OPENSSL_EXPORT int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *req,
unsigned long flags);
// OCSP_RESPONSE_print prints the contents of an OCSP response to |bp|. |flags|
// is used to configure printing of the |resp|'s extensions (See
// |X509V3_extensions_print| for more information).
// This is typically used for debugging or diagnostic purposes.
OPENSSL_EXPORT int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *resp,
unsigned long flags);
// OCSP_BASICRESP_get_ext_by_NID returns the index of an extension |bs| by its
// NID. Returns -1 if not found.
OPENSSL_EXPORT int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *bs, int nid,
int lastpos);
// OCSP_BASICRESP_get_ext returns the |X509_EXTENSION| in |bs| at index |loc|,
// or NULL if |loc| is out of bounds.
OPENSSL_EXPORT X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *bs,
int loc);
// OCSP |X509_EXTENSION| Functions
// OCSP_BASICRESP_delete_ext removes the extension in |x| at index |loc| and
// returns the removed extension, or NULL if |loc| was out of bounds. If an
// extension was returned, the caller must release it with
// |X509_EXTENSION_free|.
OPENSSL_EXPORT X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x,
int loc);
// OCSP_SINGLERESP_add_ext adds a copy of |ex| to the extension list in
// |*sresp|. It returns 1 on success and 0 on error. The new extension is
// inserted at index |loc|, shifting extensions to the right. If |loc| is -1 or
// out of bounds, the new extension is appended to the list.
OPENSSL_EXPORT int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *sresp,
X509_EXTENSION *ex, int loc);
// OCSP_SINGLERESP_get_ext_count returns the number of |X509_EXTENSION|s in
// |sresp|.
OPENSSL_EXPORT int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *sresp);
// OCSP_SINGLERESP_get_ext returns the |X509_EXTENSION| in |sresp|
// at index |loc|, or NULL if |loc| is out of bounds.
OPENSSL_EXPORT X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *sresp,
int loc);
// OCSP no-op flags [Deprecated].
// OCSP_NOSIGS does nothing. In OpenSSL, this skips signature verification in
// |OCSP_basic_verify| and |OCSP_request_verify|.
#define OCSP_NOSIGS 0
// OCSP_NOCASIGN does nothing. It's a legacy OCSP flag deprecated since OpenSSL
// 1.0.1g.
#define OCSP_NOCASIGN 0
// OCSP_NODELEGATED does nothing. It's a legacy OCSP flag deprecated since
// OpenSSL 1.0.1g.
#define OCSP_NODELEGATED 0
// OCSP_NOCHECKS does nothing. In OpenSSL, this disables verifying that the
// signer certificate has met the OCSP issuer criteria or any potential
// delegation in |OCSP_basic_verify|.
#define OCSP_NOCHECKS 0
#if defined(__cplusplus)
} // extern C
#endif
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(OCSP_REQUEST, OCSP_REQUEST_free)
BORINGSSL_MAKE_DELETER(OCSP_REQ_CTX, OCSP_REQ_CTX_free)
BORINGSSL_MAKE_DELETER(OCSP_RESPONSE, OCSP_RESPONSE_free)
BORINGSSL_MAKE_DELETER(OCSP_BASICRESP, OCSP_BASICRESP_free)
BORINGSSL_MAKE_DELETER(OCSP_CERTID, OCSP_CERTID_free)
BORINGSSL_MAKE_DELETER(OCSP_SINGLERESP, OCSP_SINGLERESP_free)
BSSL_NAMESPACE_END
} // extern C++
#endif // !BORINGSSL_NO_CXX
#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0
#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1
#define OCSP_RESPONSE_STATUS_INTERNALERROR 2
#define OCSP_RESPONSE_STATUS_TRYLATER 3
#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5
#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6
#define V_OCSP_RESPID_NAME 0
#define V_OCSP_RESPID_KEY 1
#define V_OCSP_CERTSTATUS_GOOD 0
#define V_OCSP_CERTSTATUS_REVOKED 1
#define V_OCSP_CERTSTATUS_UNKNOWN 2
#define OCSP_NONCE_EQUAL 1
#define OCSP_NONCE_BOTH_ABSENT 2
#define OCSP_NONCE_RESPONSE_ONLY 3
#define OCSP_NONCE_NOT_EQUAL 0
#define OCSP_NONCE_REQUEST_ONLY -1
#define OCSP_R_CERTIFICATE_VERIFY_ERROR 101
#define OCSP_R_DIGEST_ERR 102
#define OCSP_R_MISSING_OCSPSIGNING_USAGE 103
#define OCSP_R_NOT_BASIC_RESPONSE 104
#define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105
#define OCSP_R_NO_RESPONSE_DATA 108
#define OCSP_R_NO_REVOKED_TIME 109
#define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110
#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111
#define OCSP_R_ROOT_CA_NOT_TRUSTED 112
#define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115
#define OCSP_R_SIGNATURE_FAILURE 117
#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118
#define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119
#define OCSP_R_UNKNOWN_NID 120
#define OCSP_R_ERROR_PARSING_URL 121
#define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122
#define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123
#define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124
#define OCSP_R_STATUS_EXPIRED 125
#define OCSP_R_STATUS_NOT_YET_VALID 126
#define OCSP_R_STATUS_TOO_OLD 127
#define OCSP_R_REQUEST_NOT_SIGNED 128
#define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129
#define OCSP_R_NO_SIGNER_KEY 130
#define OCSP_R_OCSP_REQUEST_DUPLICATE_SIGNATURE 131
#define OCSP_R_UNKNOWN_FIELD_VALUE 132
#endif // AWSLC_OCSP_H

75
vendor/aws-lc-sys/aws-lc/include/openssl/opensslconf.h vendored Normal file
View File

@@ -0,0 +1,75 @@
// Copyright (c) 2014, Google Inc.
// SPDX-License-Identifier: ISC
/* This header is provided in order to make compiling against code that expects
OpenSSL easier. */
#ifndef OPENSSL_HEADER_OPENSSLCONF_H
#define OPENSSL_HEADER_OPENSSLCONF_H
#if defined(__cplusplus)
extern "C" {
#endif
#define OPENSSL_NO_ASYNC
#define OPENSSL_NO_BLAKE2
#define OPENSSL_NO_BUF_FREELISTS
#define OPENSSL_NO_CAMELLIA
#define OPENSSL_NO_CAPIENG
#define OPENSSL_NO_CAST
#define OPENSSL_NO_CMS
#define OPENSSL_NO_COMP
#define OPENSSL_NO_CRYPTO_MDEBUG
#define OPENSSL_NO_CT
#define OPENSSL_NO_DANE
#define OPENSSL_NO_DEPRECATED
#define OPENSSL_NO_DGRAM
#define OPENSSL_NO_DYNAMIC_ENGINE
#define OPENSSL_NO_EC_NISTP_64_GCC_128
#define OPENSSL_NO_EC2M
#define OPENSSL_NO_EGD
#define OPENSSL_NO_ENGINE
#define OPENSSL_NO_GMP
#define OPENSSL_NO_GOST
#define OPENSSL_NO_HEARTBEATS
#define OPENSSL_NO_HW
#define OPENSSL_NO_IDEA
#define OPENSSL_NO_JPAKE
#define OPENSSL_NO_KRB5
#define OPENSSL_NO_MD2
#define OPENSSL_NO_MDC2
#define OPENSSL_NO_OCB
// OPENSSL_NO_EXTERNAL_PSK_TLS13 indicates lack of support for external
// PSK authentication in TLS >= 1.3. AWS-LC intentionally omits support
// for this due to security conerns outlined in RFC 9258.
#define OPENSSL_NO_EXTERNAL_PSK_TLS13
#define OPENSSL_NO_RC2
#define OPENSSL_NO_RC5
#define OPENSSL_NO_RFC3779
#define OPENSSL_NO_RIPEMD
#define OPENSSL_NO_RMD160
#define OPENSSL_NO_SCTP
#define OPENSSL_NO_SEED
#define OPENSSL_NO_SM2
#define OPENSSL_NO_SM3
#define OPENSSL_NO_SM4
#define OPENSSL_NO_SRP
#define OPENSSL_NO_SSL_TRACE
#define OPENSSL_NO_SSL2
#define OPENSSL_NO_SSL3
#define OPENSSL_NO_SSL3_METHOD
#define OPENSSL_NO_STATIC_ENGINE
#define OPENSSL_NO_STORE
#define OPENSSL_NO_TS
#define OPENSSL_NO_UI_CONSOLE
#define OPENSSL_NO_WHIRLPOOL
#if defined(__cplusplus)
}
#endif
#endif // OPENSSL_HEADER_OPENSSLCONF_H

16
vendor/aws-lc-sys/aws-lc/include/openssl/opensslv.h vendored Normal file
View File

@@ -0,0 +1,16 @@
// Copyright (c) 2014, Google Inc.
// SPDX-License-Identifier: ISC
/* This header is provided in order to make compiling against code that expects
OpenSSL easier. */
#include <openssl/crypto.h>
// MySQL does regex parsing on the opensslv.h file directly.
// https://github.com/mysql/mysql-server/blob/8.0/cmake/ssl.cmake#L208-L227
// |OPENSSL_VERSION_NUMBER| is defined here again to comply to this. MySQL
// only parses this to define version numbers in their CMake script.
// It does not require it to be active.
#if 0
#define OPENSSL_VERSION_NUMBER 0x1010107f
#endif

16
vendor/aws-lc-sys/aws-lc/include/openssl/opensslv.h.in vendored Normal file
View File

@@ -0,0 +1,16 @@
// Copyright (c) 2014, Google Inc.
// SPDX-License-Identifier: ISC
/* This header is provided in order to make compiling against code that expects
OpenSSL easier. */
#include <openssl/crypto.h>
// MySQL does regex parsing on the opensslv.h file directly.
// https://github.com/mysql/mysql-server/blob/8.0/cmake/ssl.cmake#L208-L227
// |OPENSSL_VERSION_NUMBER| is defined here again to comply to this. MySQL
// only parses this to define version numbers in their CMake script.
// It does not require it to be active.
#if 0
#define OPENSSL_VERSION_NUMBER @OPENSSL_VERSION_NUMBER@
#endif

7
vendor/aws-lc-sys/aws-lc/include/openssl/ossl_typ.h vendored Normal file
View File

@@ -0,0 +1,7 @@
// Copyright (c) 2014, Google Inc.
// SPDX-License-Identifier: ISC
/* This header is provided in order to make compiling against code that expects
OpenSSL easier. */
#include "base.h"

531
vendor/aws-lc-sys/aws-lc/include/openssl/pem.h vendored Normal file
View File

@@ -0,0 +1,531 @@
// Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_PEM_H
#define OPENSSL_HEADER_PEM_H
#include <openssl/base64.h>
#include <openssl/bio.h>
#include <openssl/cipher.h>
#include <openssl/digest.h>
#include <openssl/evp.h>
#include <openssl/pkcs7.h>
#include <openssl/stack.h>
#include <openssl/x509.h>
// For compatibility with open-iscsi, which assumes that it can get
// |OPENSSL_malloc| from pem.h or err.h
#include <openssl/crypto.h>
#ifdef __cplusplus
extern "C" {
#endif
#define PEM_BUFSIZE 1024
#define PEM_STRING_X509_OLD "X509 CERTIFICATE"
#define PEM_STRING_X509 "CERTIFICATE"
#define PEM_STRING_X509_PAIR "CERTIFICATE PAIR"
#define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
#define PEM_STRING_X509_REQ "CERTIFICATE REQUEST"
#define PEM_STRING_X509_CRL "X509 CRL"
#define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY"
#define PEM_STRING_PUBLIC "PUBLIC KEY"
#define PEM_STRING_RSA "RSA PRIVATE KEY"
#define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY"
#define PEM_STRING_DSA "DSA PRIVATE KEY"
#define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY"
#define PEM_STRING_EC "EC PRIVATE KEY"
#define PEM_STRING_PKCS7 "PKCS7"
#define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA"
#define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY"
#define PEM_STRING_PKCS8INF "PRIVATE KEY"
#define PEM_STRING_DHPARAMS "DH PARAMETERS"
#define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS"
#define PEM_STRING_DSAPARAMS "DSA PARAMETERS"
#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
#define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
#define PEM_STRING_PARAMETERS "PARAMETERS"
#define PEM_STRING_CMS "CMS"
// enc_type is one off
#define PEM_TYPE_ENCRYPTED 10
#define PEM_TYPE_MIC_ONLY 20
#define PEM_TYPE_MIC_CLEAR 30
#define PEM_TYPE_CLEAR 40
// For compatibility with OpenSSL. First argument ignored.
#define PEMerr(f, r) OPENSSL_PUT_ERROR(PEM, (r))
// These macros make the PEM_read/PEM_write functions easier to maintain and
// write. Now they are all implemented with either:
// IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
static void *pem_read_##name##_d2i(void **x, const unsigned char **inp, \
long len) { \
return d2i_##asn1((type **)x, inp, len); \
} \
OPENSSL_EXPORT type *PEM_read_##name(FILE *fp, type **x, \
pem_password_cb *cb, void *u) { \
return (type *)PEM_ASN1_read(pem_read_##name##_d2i, str, fp, (void **)x, \
cb, u); \
}
#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
static int pem_write_##name##_i2d(const void *x, unsigned char **outp) { \
return i2d_##asn1((type *)x, outp); \
} \
OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x) { \
return PEM_ASN1_write(pem_write_##name##_i2d, str, fp, x, NULL, NULL, 0, \
NULL, NULL); \
}
#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
static int pem_write_##name##_i2d(const void *x, unsigned char **outp) { \
return i2d_##asn1((const type *)x, outp); \
} \
OPENSSL_EXPORT int PEM_write_##name(FILE *fp, const type *x) { \
return PEM_ASN1_write(pem_write_##name##_i2d, str, fp, (void *)x, NULL, \
NULL, 0, NULL, NULL); \
}
#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
static int pem_write_##name##_i2d(const void *x, unsigned char **outp) { \
return i2d_##asn1((type *)x, outp); \
} \
OPENSSL_EXPORT int PEM_write_##name( \
FILE *fp, type *x, const EVP_CIPHER *enc, const unsigned char *pass, \
int pass_len, pem_password_cb *cb, void *u) { \
return PEM_ASN1_write(pem_write_##name##_i2d, str, fp, x, enc, pass, \
pass_len, cb, u); \
}
#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
static int pem_write_##name##_i2d(const void *x, unsigned char **outp) { \
return i2d_##asn1((const type *)x, outp); \
} \
OPENSSL_EXPORT int PEM_write_##name( \
FILE *fp, type *x, const EVP_CIPHER *enc, const unsigned char *pass, \
int pass_len, pem_password_cb *cb, void *u) { \
return PEM_ASN1_write(pem_write_##name##_i2d, str, fp, x, enc, pass, \
pass_len, cb, u); \
}
#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
static void *pem_read_bio_##name##_d2i(void **x, const unsigned char **inp, \
long len) { \
return d2i_##asn1((type **)x, inp, len); \
} \
OPENSSL_EXPORT type *PEM_read_bio_##name(BIO *bp, type **x, \
pem_password_cb *cb, void *u) { \
return (type *)PEM_ASN1_read_bio(pem_read_bio_##name##_d2i, str, bp, \
(void **)x, cb, u); \
}
#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
static int pem_write_bio_##name##_i2d(const void *x, unsigned char **outp) { \
return i2d_##asn1((type *)x, outp); \
} \
OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x) { \
return PEM_ASN1_write_bio(pem_write_bio_##name##_i2d, str, bp, x, NULL, \
NULL, 0, NULL, NULL); \
}
#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
static int pem_write_bio_##name##_i2d(const void *x, unsigned char **outp) { \
return i2d_##asn1((const type *)x, outp); \
} \
OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, const type *x) { \
return PEM_ASN1_write_bio(pem_write_bio_##name##_i2d, str, bp, (void *)x, \
NULL, NULL, 0, NULL, NULL); \
}
#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
static int pem_write_bio_##name##_i2d(const void *x, unsigned char **outp) { \
return i2d_##asn1((type *)x, outp); \
} \
OPENSSL_EXPORT int PEM_write_bio_##name( \
BIO *bp, type *x, const EVP_CIPHER *enc, const unsigned char *pass, \
int pass_len, pem_password_cb *cb, void *u) { \
return PEM_ASN1_write_bio(pem_write_bio_##name##_i2d, str, bp, x, enc, \
pass, pass_len, cb, u); \
}
#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
static int pem_write_bio_##name##_i2d(const void *x, unsigned char **outp) { \
return i2d_##asn1((const type *)x, outp); \
} \
OPENSSL_EXPORT int PEM_write_bio_##name( \
BIO *bp, type *x, const EVP_CIPHER *enc, const unsigned char *pass, \
int pass_len, pem_password_cb *cb, void *u) { \
return PEM_ASN1_write_bio(pem_write_bio_##name##_i2d, str, bp, (void *)x, \
enc, pass, pass_len, cb, u); \
}
#define IMPLEMENT_PEM_write(name, type, str, asn1) \
IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
IMPLEMENT_PEM_write_fp(name, type, str, asn1)
#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \
IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
IMPLEMENT_PEM_write_fp_const(name, type, str, asn1)
#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)
#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \
IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1)
#define IMPLEMENT_PEM_read(name, type, str, asn1) \
IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
IMPLEMENT_PEM_read_fp(name, type, str, asn1)
#define IMPLEMENT_PEM_rw(name, type, str, asn1) \
IMPLEMENT_PEM_read(name, type, str, asn1) \
IMPLEMENT_PEM_write(name, type, str, asn1)
#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \
IMPLEMENT_PEM_read(name, type, str, asn1) \
IMPLEMENT_PEM_write_const(name, type, str, asn1)
#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
IMPLEMENT_PEM_read(name, type, str, asn1) \
IMPLEMENT_PEM_write_cb(name, type, str, asn1)
// These are the same except they are for the declarations
#define DECLARE_PEM_read_fp(name, type) \
OPENSSL_EXPORT type *PEM_read_##name(FILE *fp, type **x, \
pem_password_cb *cb, void *u);
#define DECLARE_PEM_write_fp(name, type) \
OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x);
#define DECLARE_PEM_write_fp_const(name, type) \
OPENSSL_EXPORT int PEM_write_##name(FILE *fp, const type *x);
#define DECLARE_PEM_write_cb_fp(name, type) \
OPENSSL_EXPORT int PEM_write_##name( \
FILE *fp, type *x, const EVP_CIPHER *enc, const unsigned char *pass, \
int pass_len, pem_password_cb *cb, void *u);
#define DECLARE_PEM_read_bio(name, type) \
OPENSSL_EXPORT type *PEM_read_bio_##name(BIO *bp, type **x, \
pem_password_cb *cb, void *u);
#define DECLARE_PEM_write_bio(name, type) \
OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x);
#define DECLARE_PEM_write_bio_const(name, type) \
OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, const type *x);
#define DECLARE_PEM_write_cb_bio(name, type) \
OPENSSL_EXPORT int PEM_write_bio_##name( \
BIO *bp, type *x, const EVP_CIPHER *enc, const unsigned char *pass, \
int pass_len, pem_password_cb *cb, void *u);
#define DECLARE_PEM_write(name, type) \
DECLARE_PEM_write_bio(name, type) \
DECLARE_PEM_write_fp(name, type)
#define DECLARE_PEM_write_const(name, type) \
DECLARE_PEM_write_bio_const(name, type) \
DECLARE_PEM_write_fp_const(name, type)
#define DECLARE_PEM_write_cb(name, type) \
DECLARE_PEM_write_cb_bio(name, type) \
DECLARE_PEM_write_cb_fp(name, type)
#define DECLARE_PEM_read(name, type) \
DECLARE_PEM_read_bio(name, type) \
DECLARE_PEM_read_fp(name, type)
#define DECLARE_PEM_rw(name, type) \
DECLARE_PEM_read(name, type) \
DECLARE_PEM_write(name, type)
#define DECLARE_PEM_rw_const(name, type) \
DECLARE_PEM_read(name, type) \
DECLARE_PEM_write_const(name, type)
#define DECLARE_PEM_rw_cb(name, type) \
DECLARE_PEM_read(name, type) \
DECLARE_PEM_write_cb(name, type)
// "userdata": new with OpenSSL 0.9.4
typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
OPENSSL_EXPORT int PEM_get_EVP_CIPHER_INFO(char *header,
EVP_CIPHER_INFO *cipher);
// PEM_do_header decrypts PEM-encoded data using the cipher info in |cipher|.
// It processes |data| of length |len| using a password obtained via |callback|
// (or the default callback provided via |PEM_def_callback| if NULL) with callback
// data |u|. It then updates |len| with decrypted length.
// Returns 1 on success or if |cipher| is NULL, 0 on failure.
OPENSSL_EXPORT int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data,
long *len, pem_password_cb *callback, void *u);
// PEM_read_bio reads from |bp|, until the next PEM block. If one is found, it
// returns one and sets |*name|, |*header|, and |*data| to newly-allocated
// buffers containing the PEM type, the header block, and the decoded data,
// respectively. |*name| and |*header| are NUL-terminated C strings, while
// |*data| has |*len| bytes. The caller must release each of |*name|, |*header|,
// and |*data| with |OPENSSL_free| when done. If no PEM block is found, this
// function returns zero and pushes |PEM_R_NO_START_LINE| to the error queue. If
// one is found, but there is an error decoding it, it returns zero and pushes
// some other error to the error queue.
OPENSSL_EXPORT int PEM_read_bio(BIO *bp, char **name, char **header,
unsigned char **data, long *len);
// PEM_write_bio writes a PEM block to |bp|, containing |len| bytes from |data|
// as data. |name| and |hdr| are NUL-terminated C strings containing the PEM
// type and header block, respectively. This function returns zero on error and
// the number of bytes written on success.
OPENSSL_EXPORT int PEM_write_bio(BIO *bp, const char *name, const char *hdr,
const unsigned char *data, long len);
// PEM_bytes_read_bio reads PEM-formatted data from |bp| for the data type given
// in |name|. If a PEM block is found, it returns one and sets |*pnm| and
// |*pdata| to newly-allocated buffers containing the PEM type and the decoded
// data, respectively. |*pnm| is a NUL-terminated C string, while |*pdata| has
// |*plen| bytes. The caller must release each of |*pnm| and |*pdata| with
// |OPENSSL_free| when done. If no PEM block is found, this function returns
// zero and pushes |PEM_R_NO_START_LINE| to the error queue. If one is found,
// but there is an error decoding it, it returns zero and pushes some other
// error to the error queue. |cb| is the callback to use when querying for
// pass phrase used for encrypted PEM structures (normally only private keys)
// and |u| is interpreted as the null terminated string to use as the
// passphrase.
OPENSSL_EXPORT int PEM_bytes_read_bio(unsigned char **pdata, long *plen,
char **pnm, const char *name, BIO *bp,
pem_password_cb *cb, void *u);
OPENSSL_EXPORT void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name,
BIO *bp, void **x, pem_password_cb *cb,
void *u);
// PEM_ASN1_write_bio writes ASN.1 structure |x| encoded by |i2d| to BIO |bp| in PEM format
// with name |name|. If |enc| is non-NULL, encrypts data using cipher with password from
// |pass| and |pass_len|, or via |callback| with user data |u| (uses PEM_def_callback if
// callback is NULL). Returns 1 on success, 0 on failure.
OPENSSL_EXPORT int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name,
BIO *bp, void *x, const EVP_CIPHER *enc,
const unsigned char *pass, int pass_len,
pem_password_cb *cb, void *u);
// PEM_X509_INFO_read_bio reads PEM blocks from |bp| and decodes any
// certificates, CRLs, and private keys found. It returns a
// |STACK_OF(X509_INFO)| structure containing the results, or NULL on error.
//
// If |sk| is NULL, the result on success will be a newly-allocated
// |STACK_OF(X509_INFO)| structure which should be released with
// |sk_X509_INFO_pop_free| and |X509_INFO_free| when done.
//
// If |sk| is non-NULL, it appends the results to |sk| instead and returns |sk|
// on success. In this case, the caller retains ownership of |sk| in both
// success and failure.
//
// WARNING: If the input contains "TRUSTED CERTIFICATE" PEM blocks, this
// function parses auxiliary properties as in |d2i_X509_AUX|. Passing untrusted
// input to this function allows an attacker to influence those properties. See
// |d2i_X509_AUX| for details.
OPENSSL_EXPORT STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(
BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
// PEM_X509_INFO_write_bio writes the contents of the |X509_INFO| structure |xi|
// to the |BIO| object |bp| in PEM format. If the X509_INFO contains a
// certificate (x509), it will be written after the private key (if any). Other
// fields in X509_INFO (such as CRLs) are currently ignored.
//
// It returns 1 on success and 0 on failure.
OPENSSL_EXPORT int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi,
EVP_CIPHER *enc, unsigned char *kstr,
int klen, pem_password_cb *cd,
void *u);
// PEM_X509_INFO_read behaves like |PEM_X509_INFO_read_bio| but reads from a
// |FILE|.
OPENSSL_EXPORT STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp,
STACK_OF(X509_INFO) *sk,
pem_password_cb *cb,
void *u);
OPENSSL_EXPORT int PEM_read(FILE *fp, char **name, char **header,
unsigned char **data, long *len);
OPENSSL_EXPORT int PEM_write(FILE *fp, const char *name, const char *hdr,
const unsigned char *data, long len);
OPENSSL_EXPORT void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp,
void **x, pem_password_cb *cb, void *u);
OPENSSL_EXPORT int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
void *x, const EVP_CIPHER *enc,
const unsigned char *pass, int pass_len,
pem_password_cb *callback, void *u);
// PEM_def_callback provides a password for PEM encryption/decryption operations.
// This function is used as the default callback to provide a password for PEM
// functions such as |PEM_do_header| and |PEM_ASN1_write_bio|.
// If |userdata| is non-NULL, it treats |userdata| as a string and copies it
// into |buf|, assuming |size| is sufficient. If |userdata| is NULL, it prompts
// the user for a password using the prompt from EVP_get_pw_prompt() (or default
// "Enter PEM pass phrase:"). For encryption (|rwflag|=1), a minimum password
// length is enforced, while for decryption (|rwflag|=0) any password length is
// accepted. Returns the length of the password (excluding null
// terminator) on success, or 0 on error or if |buf| is null, if |buf| is too small,
// or |size| is negative, or |size| is smaller than user input length.
OPENSSL_EXPORT int PEM_def_callback(char *buf, int size, int rwflag,
void *userdata);
DECLARE_PEM_rw(X509, X509)
// TODO(crbug.com/boringssl/426): When documenting these, copy the warning
// about auxiliary properties from |PEM_X509_INFO_read_bio|.
DECLARE_PEM_rw(X509_AUX, X509)
DECLARE_PEM_rw(X509_REQ, X509_REQ)
DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
DECLARE_PEM_rw(X509_CRL, X509_CRL)
DECLARE_PEM_rw(PKCS7, PKCS7)
DECLARE_PEM_rw(PKCS8, X509_SIG)
DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
DECLARE_PEM_rw_const(RSAPublicKey, RSA)
DECLARE_PEM_rw(RSA_PUBKEY, RSA)
#ifndef OPENSSL_NO_DSA
DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
DECLARE_PEM_rw(DSA_PUBKEY, DSA)
DECLARE_PEM_rw_const(DSAparams, DSA)
#endif
DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
DECLARE_PEM_rw_const(DHparams, DH)
DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
OPENSSL_EXPORT int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, const EVP_PKEY *x,
int nid, const char *pass,
int pass_len,
pem_password_cb *cb,
void *u);
OPENSSL_EXPORT int PEM_write_bio_PKCS8PrivateKey(BIO *bp, const EVP_PKEY *x,
const EVP_CIPHER *enc,
const char *pass, int pass_len,
pem_password_cb *cb, void *u);
OPENSSL_EXPORT int i2d_PKCS8PrivateKey_bio(BIO *bp, const EVP_PKEY *x,
const EVP_CIPHER *enc,
const char *pass, int pass_len,
pem_password_cb *cb, void *u);
OPENSSL_EXPORT int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, const EVP_PKEY *x,
int nid, const char *pass,
int pass_len,
pem_password_cb *cb, void *u);
OPENSSL_EXPORT EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x,
pem_password_cb *cb, void *u);
OPENSSL_EXPORT int i2d_PKCS8PrivateKey_fp(FILE *fp, const EVP_PKEY *x,
const EVP_CIPHER *enc,
const char *pass, int pass_len,
pem_password_cb *cb, void *u);
OPENSSL_EXPORT int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, const EVP_PKEY *x,
int nid, const char *pass,
int pass_len, pem_password_cb *cb,
void *u);
OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey_nid(FILE *fp, const EVP_PKEY *x,
int nid, const char *pass,
int pass_len,
pem_password_cb *cb, void *u);
OPENSSL_EXPORT EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x,
pem_password_cb *cb, void *u);
OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey(FILE *fp, const EVP_PKEY *x,
const EVP_CIPHER *enc,
const char *pass, int pass_len,
pem_password_cb *cd, void *u);
// PEM_read_bio_Parameters is a generic PEM deserialization function that
// parses the public "parameters" in |bio| and returns a corresponding
// |EVP_PKEY|. If |*pkey| is non-null, the original |*pkey| is freed and the
// returned |EVP_PKEY| is also written to |*pkey|. |*pkey| must be either NULL
// or an allocated value, passing in an uninitialized pointer is undefined
// behavior. This is only supported with |EVP_PKEY_EC|, |EVP_PKEY_DH|, and
// |EVP_PKEY_DSA|.
OPENSSL_EXPORT EVP_PKEY *PEM_read_bio_Parameters(BIO *bio, EVP_PKEY **pkey);
// PEM_write_bio_Parameters is a generic PEM serialization function that parses
// the public "parameters" of |pkey| to |bio|. It returns 1 on success or 0 on
// failure. This is only supported with |EVP_PKEY_EC|, |EVP_PKEY_DH|, and
// |EVP_PKEY_DSA|.
OPENSSL_EXPORT int PEM_write_bio_Parameters(BIO *bio, EVP_PKEY *pkey);
// PEM_read_bio_ECPKParameters deserializes the PEM file written in |bio|
// according to |ECPKParameters| in RFC 3279. It returns the |EC_GROUP|
// corresponding to deserialized output and also writes it to |out_group|. Only
// deserialization of namedCurves or explicitly-encoded versions of namedCurves
// are supported.
OPENSSL_EXPORT EC_GROUP *PEM_read_bio_ECPKParameters(BIO *bio,
EC_GROUP **out_group,
pem_password_cb *cb,
void *u);
// PEM_write_bio_ECPKParameters serializes |group| as a PEM file to |out|
// according to |ECPKParameters| in RFC 3279. Only serialization of namedCurves
// are supported.
OPENSSL_EXPORT int PEM_write_bio_ECPKParameters(BIO *out,
const EC_GROUP *group);
// PEM_write_bio_PrivateKey_traditional calls |PEM_ASN1_write_bio| to write
// out |x|'s private key in the "traditional" ASN1 format. Use
// |PEM_write_bio_PrivateKey| instead.
OPENSSL_EXPORT int PEM_write_bio_PrivateKey_traditional(
BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen,
pem_password_cb *cb, void *u);
#ifdef __cplusplus
} // extern "C"
#endif
#define PEM_R_BAD_BASE64_DECODE 100
#define PEM_R_BAD_DECRYPT 101
#define PEM_R_BAD_END_LINE 102
#define PEM_R_BAD_IV_CHARS 103
#define PEM_R_BAD_PASSWORD_READ 104
#define PEM_R_CIPHER_IS_NULL 105
#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 106
#define PEM_R_NOT_DEK_INFO 107
#define PEM_R_NOT_ENCRYPTED 108
#define PEM_R_NOT_PROC_TYPE 109
#define PEM_R_NO_START_LINE 110
#define PEM_R_READ_KEY 111
#define PEM_R_SHORT_HEADER 112
#define PEM_R_UNSUPPORTED_CIPHER 113
#define PEM_R_UNSUPPORTED_ENCRYPTION 114
#define PEM_R_PROBLEMS_GETTING_PASSWORD 115
#endif // OPENSSL_HEADER_PEM_H

7
vendor/aws-lc-sys/aws-lc/include/openssl/pkcs12.h vendored Normal file
View File

@@ -0,0 +1,7 @@
// Copyright (c) 2014, Google Inc.
// SPDX-License-Identifier: ISC
/* This header is provided in order to make compiling against code that expects
OpenSSL easier. */
#include "pkcs8.h"

585
vendor/aws-lc-sys/aws-lc/include/openssl/pkcs7.h vendored Normal file
View File

@@ -0,0 +1,585 @@
// Copyright (c) 2014, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_PKCS7_H
#define OPENSSL_HEADER_PKCS7_H
#include <openssl/asn1.h>
#include <openssl/base.h>
#include <openssl/stack.h>
#if defined(__cplusplus)
extern "C" {
#endif
// PKCS#7.
//
// This library contains functions for extracting information from PKCS#7
// structures (RFC 2315).
DECLARE_STACK_OF(CRYPTO_BUFFER)
DECLARE_STACK_OF(X509)
DECLARE_STACK_OF(X509_CRL)
// PKCS7_get_raw_certificates parses a PKCS#7, SignedData structure from |cbs|
// and appends the included certificates to |out_certs|. It returns one on
// success and zero on error. |cbs| is advanced passed the structure.
//
// Note that a SignedData structure may contain no certificates, in which case
// this function succeeds but does not append any certificates. Additionally,
// certificates in SignedData structures are unordered. Callers should not
// assume a particular order in |*out_certs| and may need to search for matches
// or run path-building algorithms.
OPENSSL_EXPORT int PKCS7_get_raw_certificates(
STACK_OF(CRYPTO_BUFFER) *out_certs, CBS *cbs, CRYPTO_BUFFER_POOL *pool);
// PKCS7_get_certificates behaves like |PKCS7_get_raw_certificates| but parses
// them into |X509| objects.
OPENSSL_EXPORT int PKCS7_get_certificates(STACK_OF(X509) *out_certs, CBS *cbs);
// PKCS7_bundle_raw_certificates appends a PKCS#7, SignedData structure
// containing |certs| to |out|. It returns one on success and zero on error.
// Note that certificates in SignedData structures are unordered. The order in
// |certs| will not be preserved.
OPENSSL_EXPORT int PKCS7_bundle_raw_certificates(
CBB *out, const STACK_OF(CRYPTO_BUFFER) *certs);
// PKCS7_bundle_certificates behaves like |PKCS7_bundle_raw_certificates| but
// takes |X509| objects as input.
OPENSSL_EXPORT int PKCS7_bundle_certificates(CBB *out,
const STACK_OF(X509) *certs);
// PKCS7_get_CRLs parses a PKCS#7, SignedData structure from |cbs| and appends
// the included CRLs to |out_crls|. It returns one on success and zero on error.
// |cbs| is advanced passed the structure.
//
// Note that a SignedData structure may contain no CRLs, in which case this
// function succeeds but does not append any CRLs. Additionally, CRLs in
// SignedData structures are unordered. Callers should not assume an order in
// |*out_crls| and may need to search for matches.
OPENSSL_EXPORT int PKCS7_get_CRLs(STACK_OF(X509_CRL) *out_crls, CBS *cbs);
// PKCS7_bundle_CRLs appends a PKCS#7, SignedData structure containing
// |crls| to |out|. It returns one on success and zero on error. Note that CRLs
// in SignedData structures are unordered. The order in |crls| will not be
// preserved.
OPENSSL_EXPORT int PKCS7_bundle_CRLs(CBB *out, const STACK_OF(X509_CRL) *crls);
// PKCS7_get_PEM_certificates reads a PEM-encoded, PKCS#7, SignedData structure
// from |pem_bio| and appends the included certificates to |out_certs|. It
// returns one on success and zero on error.
//
// Note that a SignedData structure may contain no certificates, in which case
// this function succeeds but does not append any certificates. Additionally,
// certificates in SignedData structures are unordered. Callers should not
// assume a particular order in |*out_certs| and may need to search for matches
// or run path-building algorithms.
OPENSSL_EXPORT int PKCS7_get_PEM_certificates(STACK_OF(X509) *out_certs,
BIO *pem_bio);
// PKCS7_get_PEM_CRLs reads a PEM-encoded, PKCS#7, SignedData structure from
// |pem_bio| and appends the included CRLs to |out_crls|. It returns one on
// success and zero on error.
//
// Note that a SignedData structure may contain no CRLs, in which case this
// function succeeds but does not append any CRLs. Additionally, CRLs in
// SignedData structures are unordered. Callers should not assume an order in
// |*out_crls| and may need to search for matches.
OPENSSL_EXPORT int PKCS7_get_PEM_CRLs(STACK_OF(X509_CRL) *out_crls,
BIO *pem_bio);
// d2i_PKCS7_bio behaves like |d2i_PKCS7| but reads the input from |bio|. If
// the length of the object is indefinite the full contents of |bio| are read.
//
// If the function fails then some unknown amount of data may have been read
// from |bio|.
OPENSSL_EXPORT PKCS7 *d2i_PKCS7_bio(BIO *bio, PKCS7 **out);
// i2d_PKCS7_bio writes |p7| to |bio|. It returns one on success and zero on
// error.
OPENSSL_EXPORT int i2d_PKCS7_bio(BIO *bio, const PKCS7 *p7);
// PKCS7_type_is_data returns 1 if |p7| is of type data
OPENSSL_EXPORT int PKCS7_type_is_data(const PKCS7 *p7);
// PKCS7_type_is_digest returns 1 if |p7| is of type digest
OPENSSL_EXPORT int PKCS7_type_is_digest(const PKCS7 *p7);
// PKCS7_type_is_encrypted returns 1 if |p7| is of type encrypted
OPENSSL_EXPORT int PKCS7_type_is_encrypted(const PKCS7 *p7);
// PKCS7_type_is_enveloped returns 1 if |p7| is of type enveloped
OPENSSL_EXPORT int PKCS7_type_is_enveloped(const PKCS7 *p7);
// PKCS7_type_is_signed returns 1 if |p7| is of type signed
OPENSSL_EXPORT int PKCS7_type_is_signed(const PKCS7 *p7);
// PKCS7_type_is_signedAndEnveloped returns 1 if |p7| is of type
// signedAndEnveloped
OPENSSL_EXPORT int PKCS7_type_is_signedAndEnveloped(const PKCS7 *p7);
// Deprecated functions.
//
// These functions are a compatibility layer over a subset of OpenSSL's PKCS#7
// API. It intentionally does not implement the whole thing, only the minimum
// needed to build cryptography.io and CRuby.
// ASN.1 defined here https://datatracker.ietf.org/doc/html/rfc2315#section-7
//
// ContentInfo ::= SEQUENCE {
// contentType ContentType,
// content
// [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
//
// ContentType ::= OBJECT IDENTIFIER
struct pkcs7_st {
// Unlike OpenSSL, the following fields are immutable. They filled in when the
// object is parsed and ignored in serialization.
ASN1_OBJECT *type;
union {
char *ptr;
ASN1_OCTET_STRING *data;
PKCS7_SIGNED *sign;
PKCS7_ENVELOPE *enveloped;
PKCS7_SIGN_ENVELOPE *signed_and_enveloped;
PKCS7_DIGEST *digest;
PKCS7_ENCRYPT *encrypted;
// Other things provided by the user. Not specified in the RFC.
ASN1_TYPE *other;
} d;
};
// ASN.1 defined here https://datatracker.ietf.org/doc/html/rfc2315#section-9.1
//
// SignedData ::= SEQUENCE {
// version Version,
// digestAlgorithms DigestAlgorithmIdentifiers,
// contentInfo ContentInfo,
// certificates
// [0] IMPLICIT ExtendedCertificatesAndCertificates
// OPTIONAL,
// crls
// [1] IMPLICIT CertificateRevocationLists OPTIONAL,
// signerInfos SignerInfos }
//
// DigestAlgorithmIdentifiers ::=
//
// SET OF DigestAlgorithmIdentifier
//
// SignerInfos ::= SET OF SignerInfo
struct pkcs7_signed_st {
ASN1_INTEGER *version;
STACK_OF(X509_ALGOR) *md_algs;
PKCS7 *contents;
STACK_OF(X509) *cert;
STACK_OF(X509_CRL) *crl;
STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
};
// ASN.1 defined here https://datatracker.ietf.org/doc/html/rfc2315#section-9.2
//
// SignerInfo ::= SEQUENCE {
// version Version,
// issuerAndSerialNumber IssuerAndSerialNumber,
// digestAlgorithm DigestAlgorithmIdentifier,
// authenticatedAttributes
// [0] IMPLICIT Attributes OPTIONAL,
// digestEncryptionAlgorithm
// DigestEncryptionAlgorithmIdentifier,
// encryptedDigest EncryptedDigest,
// unauthenticatedAttributes
// [1] IMPLICIT Attributes OPTIONAL }
//
// EncryptedDigest ::= OCTET STRING
struct pkcs7_signer_info_st {
ASN1_INTEGER *version;
PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
X509_ALGOR *digest_alg;
STACK_OF(X509_ATTRIBUTE) *auth_attr;
X509_ALGOR *digest_enc_alg;
ASN1_OCTET_STRING *enc_digest;
STACK_OF(X509_ATTRIBUTE) *unauth_attr;
EVP_PKEY *pkey; // NOTE: |pkey| is not serialized.
};
// ASN.1 defined here https://datatracker.ietf.org/doc/html/rfc2315#section-11.1
//
// SignedAndEnvelopedData ::= SEQUENCE {
// version Version,
// recipientInfos RecipientInfos,
// digestAlgorithms DigestAlgorithmIdentifiers,
// encryptedContentInfo EncryptedContentInfo,
// certificates
// [0] IMPLICIT ExtendedCertificatesAndCertificates
// OPTIONAL,
// crls
// [1] IMPLICIT CertificateRevocationLists OPTIONAL,
// signerInfos SignerInfos }
struct pkcs7_sign_envelope_st {
ASN1_INTEGER *version;
STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
STACK_OF(X509_ALGOR) *md_algs;
PKCS7_ENC_CONTENT *enc_data;
STACK_OF(X509) *cert;
STACK_OF(X509_CRL) *crl;
STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
};
// ASN.1 defined here https://datatracker.ietf.org/doc/html/rfc2315#section-10.1
//
// EnvelopedData ::= SEQUENCE {
// version Version,
// recipientInfos RecipientInfos,
// encryptedContentInfo EncryptedContentInfo }
//
// RecipientInfos ::= SET OF RecipientInfo
struct pkcs7_envelope_st {
ASN1_INTEGER *version;
PKCS7_ENC_CONTENT *enc_data;
STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
};
// ASN.1 defined here https://datatracker.ietf.org/doc/html/rfc2315#section-10.2
//
// RecipientInfo ::= SEQUENCE {
// version Version,
// issuerAndSerialNumber IssuerAndSerialNumber,
// keyEncryptionAlgorithm
//
// KeyEncryptionAlgorithmIdentifier,
// encryptedKey EncryptedKey }
//
// EncryptedKey ::= OCTET STRING
struct pkcs7_recip_info_st {
ASN1_INTEGER *version;
PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
X509_ALGOR *key_enc_algor;
ASN1_OCTET_STRING *enc_key;
X509 *cert; // NOTE: |cert| is not serialized
};
// ASN.1 defined here https://datatracker.ietf.org/doc/html/rfc2315#section-6.7
//
// IssuerAndSerialNumber ::= SEQUENCE {
// issuer Name,
// serialNumber CertificateSerialNumber }
struct pkcs7_issuer_and_serial_st {
X509_NAME *issuer;
ASN1_INTEGER *serial;
};
// Only declare ASN1 functions or define stacks publibly if needed by supported
// projects that depend on them.
DECLARE_ASN1_FUNCTIONS(PKCS7)
DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
DEFINE_STACK_OF(PKCS7_RECIP_INFO)
DEFINE_STACK_OF(PKCS7_SIGNER_INFO)
// PKCS7_dup returns a newly allocated copy of |p7| without deep-copying
// internal references.
OPENSSL_EXPORT OPENSSL_DEPRECATED PKCS7 *PKCS7_dup(PKCS7 *p7);
// PKCS7_get_signed_attribute returns a pointer to the first signed attribute
// from |si| with NID |nid| if one is present, else NULL.
OPENSSL_EXPORT OPENSSL_DEPRECATED ASN1_TYPE *PKCS7_get_signed_attribute(
const PKCS7_SIGNER_INFO *si, int nid);
// PKCS7_get_signer_info returns |p7|'s attached PKCS7_SIGNER_INFO if present
// and |p7| is of a relevant type, else NULL. This function only pertains to
// signedData and signedAndEnvelopedData.
OPENSSL_EXPORT OPENSSL_DEPRECATED STACK_OF(PKCS7_SIGNER_INFO) *
PKCS7_get_signer_info(PKCS7 *p7);
// PKCS7_RECIP_INFO_set attaches |x509| to |p7i| and increments |x509|'s
// reference count. It returns 1 on success and 0 on failure or if |x509|'s
// public key not usable for encryption.
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_RECIP_INFO_set(
PKCS7_RECIP_INFO *p7i, X509 *x509);
// PKCS7_SIGNER_INFO_set attaches the other parameters to |p7i|, returning 1 on
// success and 0 on error or if specified parameters are inapplicable to
// signing. Only EC, DH, and RSA |pkey|s are supported. |pkey|'s reference
// count is incremented, but neither |x509|'s nor |dgst|'s is.
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_SIGNER_INFO_set(
PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst);
// PKCS7_add_certificate adds |x509| to |p7|'s certificate stack, incrementing
// |x509|'s reference count. It returns 1 on success and 0 on failure or if
// |p7| isn't of an applicable type: signedData and signedAndEnvelopedData.
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_add_certificate(PKCS7 *p7,
X509 *x509);
// PKCS7_add_crl adds |x509| to |p7|'s CRL stack, incrementing |x509|'s
// reference count. It returns 1 on success and 0 on failure or if |p7| isn't
// of an applicable type: signedData and signedAndEnvelopedData.
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
// PKCS7_add_recipient_info adds |ri| to |p7|, returning 1 on succes or 0 if
// |p7| is of an inapplicable type: envelopedData and signedAndEnvelopedData.
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_add_recipient_info(
PKCS7 *p7, PKCS7_RECIP_INFO *ri);
// PKCS7_add_signer adds |p7i| to |p7|, returning 1 on succes or 0 if
// |p7| is of an inapplicable type: signedData and signedAndEnvelopedData.
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_add_signer(PKCS7 *p7,
PKCS7_SIGNER_INFO *p7i);
// PKCS7_content_new allocates a new PKCS7 and adds it to |p7| as content. It
// returns 1 on success and 0 on failure.
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_content_new(PKCS7 *p7, int nid);
// PKCS7_set_content sets |p7_data| as content on |p7| for applicable types of
// |p7|. It frees any existing content on |p7|, returning 1 on success and 0 on
// failure.
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_set_content(PKCS7 *p7,
PKCS7 *p7_data);
// PKCS7_set_content sets |p7_data| as content on |p7| for applicable types of
// |p7|: signedData and digestData. |p7_data| may be NULL. It frees any
// existing content on |p7|, returning 1 on success and 0 on failure.
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_set_cipher(
PKCS7 *p7, const EVP_CIPHER *cipher);
// PKCS7_set_type instantiates |p7| as type |type|. It returns 1 on success and
// 0 on failure or if |type| is not a valid PKCS7 content type.
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_set_type(PKCS7 *p7, int type);
// PKCS7_RECIP_INFO_get0_alg sets |*penc| to |ri|'s key encryption algorithm,
// if present. Ownership of |*penc| is retained by |ri|.
OPENSSL_EXPORT OPENSSL_DEPRECATED void PKCS7_RECIP_INFO_get0_alg(
PKCS7_RECIP_INFO *ri, X509_ALGOR **penc);
// PKCS7_SIGNER_INFO_get0_algs sets all of, if present: |*pk| to |si|'s key,
// |*pdig| to |si|'s digest angorithm, and |*psig| to |si|'s signature
// algorithm. Ownership of |*pk|, |*pdig|, and |*psig) is retained by |si|.
OPENSSL_EXPORT OPENSSL_DEPRECATED void PKCS7_SIGNER_INFO_get0_algs(
PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, X509_ALGOR **pdig, X509_ALGOR **psig);
// Deprecated flags
//
// Not all defined flags are acted upon, and the behavior associated with some
// flags is performed unconditionally. See each |PKCS7_*| for details.
// PKCS7_DETACHED indicates that the PKCS#7 file specifies its data externally.
#define PKCS7_DETACHED 0x40
// PKCS7_BINARY disables the default translation to MIME canonical format (as
// required by the S/MIME specifications). It is assumed in |PKCS7_sign| unless
// the caller is just bundling certs.
#define PKCS7_BINARY 0x80
// PKCS7_NOINTERN disables verification against certificate public keys included
// in a PKCS7 ContentInfo. If this flag is specified, the caller must supply a
// stack of certificates to verify against.
#define PKCS7_NOINTERN 0x10
// PKCS7_NOATTR disables usage of authenticatedAttributes. It is assumed in
// |PKCS7_sign| unless the caller is just bundling certs.
#define PKCS7_NOATTR 0x100
// PKCS7_NOCERTS excludes the signer's certificate and the extra certs defined
// from the PKCS7 structure. Using this will fail |PKCS7_sign| unless used as
// described in |PKCS7_sign|'s documentation.
#define PKCS7_NOCERTS 0x2
// PKCS7_NOVERIFY will skip trust chain verification against the trust store.
// It will still verify signatures against signer infos included in the PKCS7.
#define PKCS7_NOVERIFY 0x20
// The following flags are used in OpenSSL, but are ignored by AWS-LC. They are
// defined here solely for build compatibility.
#define PKCS7_TEXT 0x1
#define PKCS7_NOSIGS 0x4
#define PKCS7_NOCHAIN 0x8
#define PKCS7_NOSMIMECAP 0x200
#define PKCS7_STREAM 0x1000
#define PKCS7_PARTIAL 0x4000
// PKCS7_sign can operate in three modes to provide some backwards
// compatibility:
//
// The first mode assembles |certs| into a PKCS#7 signed data ContentInfo with
// external data and no signatures. It returns a newly-allocated |PKCS7| on
// success or NULL on error. |sign_cert| and |pkey| must be NULL. |data| is
// ignored. |flags| must be equal to |PKCS7_DETACHED|. Additionally,
// certificates in SignedData structures are unordered. The order of |certs|
// will not be preserved.
//
// The second mode generates a detached RSA SHA-256 signature of |data| using
// |pkey| and produces a PKCS#7 SignedData structure containing it. |certs|
// must be NULL and |flags| must be exactly |PKCS7_NOATTR | PKCS7_BINARY |
// PKCS7_NOCERTS | PKCS7_DETACHED|.
//
// The third mode is used for more general signing and does not require the
// specification of any flags, but does require |sign_cert|, |pkey|, and |data|
// to be populated. This mode always behaves as if |PKCS7_NOATTR| and
// |PKCS7_BINARY| are set. It honors the specification (or elision) of
// |PKCS7_DETACHED|. It does not allow |PKCS7_NOCERTS|.
//
// Note this function only implements a subset of the corresponding OpenSSL
// function. It is provided for backwards compatibility only.
OPENSSL_EXPORT OPENSSL_DEPRECATED PKCS7 *PKCS7_sign(X509 *sign_cert,
EVP_PKEY *pkey,
STACK_OF(X509) *certs,
BIO *data, int flags);
// PKCS7_verify takes in a |p7| with signed ContentInfo and verifies its
// signature against |certs| or |store|. If |certs| is specified, this function
// will attempt to verify |p7|'s signature against those certificates' public
// keys. If |store| is specified, its contents will be treated as certificate
// authorities (CAs) for establishing trust of any certificates bundled in |p7|.
//
// If |p7| is detached, |indata| must contain the data over which |p7|'s
// signature was computed. If verification succeeds, the verified content is
// written to |out| and 1 is returned. On error or verification failure, 0 is
// returned.
//
// Flags: If |PKCS7_NOVERIFY| is specified, trust chain validation is skipped.
// This function also enforces the behavior of OpenSSL's |PKCS7_NO_DUAL_CONTENT|
// meaning that |indata| may not be specified if |p7|'s signed data is attached.
// If |PKCS7_NOINTERN| is set, this function will not verify against certificate
// public keys included |p7|, instead relying solely on |certs|, which must be
// specified.
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_verify(PKCS7 *p7,
STACK_OF(X509) *certs,
X509_STORE *store,
BIO *indata, BIO *outdata,
int flags);
// PKCS7_is_detached returns 0 if |p7| has attached content and 1 otherwise.
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_is_detached(PKCS7 *p7);
// PKCS7_set_detached frees the attached content of |p7| if |detach| is set to
// 1. It returns 0 if otherwise or if |p7| is not of type signed.
//
// Note: |detach| is intended to be a boolean and MUST be set with either 1 or
// 0.
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_set_detached(PKCS7 *p7, int detach);
// PKCS7_get_detached returns 0 if |p7| has attached content and 1 otherwise.
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_get_detached(PKCS7 *p7);
// PKCS7_dataInit creates or initializes a BIO chain for reading data from or
// writing data to |p7|. If |bio| is non-null, it is added to the chain.
// Otherwise, a new BIO is allocated and returned to anchor the chain.
OPENSSL_EXPORT OPENSSL_DEPRECATED BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
// PKCS7_dataFinal serializes data written to |bio|'s chain into |p7|. It should
// only be called on BIO chains created by |PKCS7_dataInit|.
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
// PKCS7_set_digest sets |p7|'s digest to |md|. It returns 1 on success and 0 if
// |p7| is of the wrong content type.
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_set_digest(PKCS7 *p7,
const EVP_MD *md);
// PKCS7_get_recipient_info returns a pointer to a stack containing |p7|'s
// |PKCS7_RECIP_INFO| or NULL if none are present.
OPENSSL_EXPORT OPENSSL_DEPRECATED STACK_OF(PKCS7_RECIP_INFO) *
PKCS7_get_recipient_info(PKCS7 *p7);
// PKCS7_add_recipient allocates a new |PCKS7_RECEPIENT_INFO|, adds |x509| to it
// and returns that |PCKS7_RECEPIENT_INFO|.
OPENSSL_EXPORT OPENSSL_DEPRECATED PKCS7_RECIP_INFO *PKCS7_add_recipient(
PKCS7 *p7, X509 *x509);
// PKCS7_get0_signers retrieves the signer's certificates from p7. It does not
// check their validity or whether any signatures are valid. The caller owns the
// returned X509 stack and is responsible for freeing it.
OPENSSL_EXPORT OPENSSL_DEPRECATED STACK_OF(X509) *PKCS7_get0_signers(
PKCS7 *p7, STACK_OF(X509) *certs, int flags);
// PKCS7_encrypt encrypts the contents of |in| with |cipher| and adds |certs| as
// recipient infos and returns an encrypted |PKCS7| or NULL on failed
// encryption. |flags| is ignored. We only perform key encryption using RSA, so
// |certs| must use RSA public keys.
OPENSSL_EXPORT OPENSSL_DEPRECATED PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs,
BIO *in,
const EVP_CIPHER *cipher,
int flags);
// PKCS7_decrypt decrypts |p7| with |pkey| and writes the plaintext to |data|.
// If |cert| is present, it's public key is checked against |pkey| and |p7|'s
// recipient infos. 1 is returned on success and 0 on failure. |flags| is
// ignored. |pkey| must be an |EVP_PKEY_RSA|.
//
// NOTE: If |p7| was encrypted with a stream cipher, this operation may return 1
// even on decryption failure. The reason for this is detailed in RFC 3218 and
// comments in the |PKCS7_decrypt| source.
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey,
X509 *cert, BIO *data,
int flags);
// No-ops
//
// These functions do nothing. They're provided solely for build compatibility
// SMIME_read_PKCS7 is a no-op and returns NULL
OPENSSL_EXPORT OPENSSL_DEPRECATED PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
// SMIME_write_PKCS7 is a no-op and returns 0
OPENSSL_EXPORT OPENSSL_DEPRECATED int SMIME_write_PKCS7(BIO *out, PKCS7 *p7,
BIO *data, int flags);
// PKCS7_print_ctx prints "PKCS7 printing is not supported" and returns 1.
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_print_ctx(BIO *bio, PKCS7 *pkcs7,
int indent,
const ASN1_PCTX *pctx);
#if defined(__cplusplus)
} // extern C
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(PKCS7, PKCS7_free)
BORINGSSL_MAKE_DELETER(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO_free)
BSSL_NAMESPACE_END
} // extern C++
#endif
#define PKCS7_R_BAD_PKCS7_VERSION 100
#define PKCS7_R_NOT_PKCS7_SIGNED_DATA 101
#define PKCS7_R_NO_CERTIFICATES_INCLUDED 102
#define PKCS7_R_NO_CRLS_INCLUDED 103
#define PKCS7_R_INVALID_NULL_POINTER 104
#define PKCS7_R_NO_CONTENT 105
#define PKCS7_R_CIPHER_NOT_INITIALIZED 106
#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 107
#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108
#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 109
#define PKCS7_R_WRONG_CONTENT_TYPE 110
#define PKCS7_R_CONTENT_AND_DATA_PRESENT 111
#define PKCS7_R_NO_SIGNATURES_ON_DATA 112
#define PKCS7_R_CERTIFICATE_VERIFY_ERROR 113
#define PKCS7_R_SMIME_TEXT_ERROR 114
#define PKCS7_R_SIGNATURE_FAILURE 115
#define PKCS7_R_NO_SIGNERS 116
#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 117
#define PKCS7_R_ERROR_SETTING_CIPHER 118
#define PKCS7_R_ERROR_ADDING_RECIPIENT 119
#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120
#define PKCS7_R_DECRYPT_ERROR 121
#define PKCS7_R_PKCS7_DATASIGN 122
#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 123
#define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 124
#define PKCS7_R_UNKNOWN_DIGEST_TYPE 125
#define PKCS7_R_INVALID_SIGNED_DATA_TYPE 126
#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 127
#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 128
#define PKCS7_R_DIGEST_FAILURE 129
#define PKCS7_R_WRONG_PKCS7_TYPE 130
#define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 131
#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 132
#define PKCS7_R_NO_DEFAULT_DIGEST 133
#define PKCS7_R_CERT_MUST_BE_RSA 134
#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 135
#endif // OPENSSL_HEADER_PKCS7_H

270
vendor/aws-lc-sys/aws-lc/include/openssl/pkcs8.h vendored Normal file
View File

@@ -0,0 +1,270 @@
// Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 1999.
// Copyright (c) 1999 The OpenSSL Project. All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_PKCS8_H
#define OPENSSL_HEADER_PKCS8_H
#include <openssl/base.h>
#include <openssl/x509.h>
#if defined(__cplusplus)
extern "C" {
#endif
// PKCS8_encrypt serializes and encrypts a PKCS8_PRIV_KEY_INFO with PBES1 or
// PBES2 as defined in PKCS #5. Only pbeWithSHAAnd128BitRC4,
// pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHA1And40BitRC2, defined in PKCS
// #12, and PBES2, are supported. PBES2 is selected by setting |cipher| and
// passing -1 for |pbe_nid|. Otherwise, PBES1 is used and |cipher| is ignored.
//
// |pass| is used as the password. If a PBES1 scheme from PKCS #12 is used, this
// will be converted to a raw byte string as specified in B.1 of PKCS #12. If
// |pass| is NULL, it is treated as an empty password and |pass_len| is ignored.
// This will be encoded as the empty byte string rather than two zero bytes, the
// PKCS #12 encoding of the empty string. If |pass| is non-NULL and |pass_len|
// is negative, |strlen(pass)| is used. If |pass| is non-NULL and |pass_len| is
// non-negative, |pass_len| bytes are used as the password.
//
// If |salt| is NULL, a random salt of |salt_len| bytes is generated. If
// |salt_len| is zero, a default salt length is used instead.
//
// The resulting structure is stored in an |X509_SIG| which must be freed by the
// caller.
OPENSSL_EXPORT X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
const char *pass, int pass_len,
const uint8_t *salt, size_t salt_len,
int iterations,
PKCS8_PRIV_KEY_INFO *p8inf);
// PKCS8_marshal_encrypted_private_key behaves like |PKCS8_encrypt| but encrypts
// an |EVP_PKEY| and writes the serialized EncryptedPrivateKeyInfo to |out|. It
// returns one on success and zero on error.
OPENSSL_EXPORT int PKCS8_marshal_encrypted_private_key(
CBB *out, int pbe_nid, const EVP_CIPHER *cipher, const char *pass,
size_t pass_len, const uint8_t *salt, size_t salt_len, int iterations,
const EVP_PKEY *pkey);
// PKCS8_decrypt decrypts and decodes a PKCS8_PRIV_KEY_INFO with PBES1 or PBES2
// as defined in PKCS #5. Only pbeWithSHAAnd128BitRC4,
// pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHA1And40BitRC2, and PBES2,
// defined in PKCS #12, are supported.
//
// |pass| is used as the password. If a PBES1 scheme from PKCS #12 is used, this
// will be converted to a raw byte string as specified in B.1 of PKCS #12. If
// |pass| is NULL, it will be encoded as the empty byte string rather than two
// zero bytes, the PKCS #12 encoding of the empty string. If |pass_len| is
// negative and |pass| is non-NULL, |strlen(pass)| is used.
//
// The resulting structure must be freed by the caller.
OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *pkcs8,
const char *pass,
int pass_len);
// PKCS8_parse_encrypted_private_key behaves like |PKCS8_decrypt| but it parses
// the EncryptedPrivateKeyInfo structure from |cbs| and advances |cbs|. It
// returns a newly-allocated |EVP_PKEY| on success and zero on error.
OPENSSL_EXPORT EVP_PKEY *PKCS8_parse_encrypted_private_key(CBS *cbs,
const char *pass,
size_t pass_len);
// PKCS12_get_key_and_certs parses a PKCS#12 structure from |in|, authenticates
// and decrypts it using |password|, sets |*out_key| to the included private
// key and appends the included certificates to |out_certs|. It returns one on
// success and zero on error. The caller takes ownership of the outputs.
// Any friendlyName attributes (RFC 2985) in the PKCS#12 structure will be
// returned on the |X509| objects as aliases. See also |X509_alias_get0|.
OPENSSL_EXPORT int PKCS12_get_key_and_certs(EVP_PKEY **out_key,
STACK_OF(X509) *out_certs, CBS *in,
const char *password);
// Deprecated functions.
// PKCS12_PBE_add does nothing. It exists for compatibility with OpenSSL.
OPENSSL_EXPORT void PKCS12_PBE_add(void);
// d2i_PKCS12 is a dummy function that copies |*ber_bytes| into a
// |PKCS12| structure. The |out_p12| argument should be NULL(✝). On exit,
// |*ber_bytes| will be advanced by |ber_len|. It returns a fresh |PKCS12|
// structure or NULL on error.
//
// Note: unlike other d2i functions, |d2i_PKCS12| will always consume |ber_len|
// bytes.
//
// (✝) If |out_p12| is not NULL and the function is successful, |*out_p12| will
// be freed if not NULL itself and the result will be written to |*out_p12|.
// New code should not depend on this.
OPENSSL_EXPORT PKCS12 *d2i_PKCS12(PKCS12 **out_p12, const uint8_t **ber_bytes,
size_t ber_len);
// d2i_PKCS12_bio acts like |d2i_PKCS12| but reads from a |BIO|.
OPENSSL_EXPORT PKCS12 *d2i_PKCS12_bio(BIO *bio, PKCS12 **out_p12);
// d2i_PKCS12_fp acts like |d2i_PKCS12| but reads from a |FILE|.
OPENSSL_EXPORT PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **out_p12);
// i2d_PKCS12 is a dummy function which copies the contents of |p12|. If |out|
// is not NULL then the result is written to |*out| and |*out| is advanced just
// past the output. It returns the number of bytes in the result, whether
// written or not, or a negative value on error.
OPENSSL_EXPORT int i2d_PKCS12(const PKCS12 *p12, uint8_t **out);
// i2d_PKCS12_bio writes the contents of |p12| to |bio|. It returns one on
// success and zero on error.
OPENSSL_EXPORT int i2d_PKCS12_bio(BIO *bio, const PKCS12 *p12);
// i2d_PKCS12_fp writes the contents of |p12| to |fp|. It returns one on
// success and zero on error.
OPENSSL_EXPORT int i2d_PKCS12_fp(FILE *fp, const PKCS12 *p12);
// PKCS12_parse calls |PKCS12_get_key_and_certs| on the ASN.1 data stored in
// |p12|. The |out_pkey| and |out_cert| arguments must not be NULL and, on
// successful exit, the private key and matching certificate will be stored in
// them. The |out_ca_certs| argument may be NULL but, if not, then any extra
// certificates will be appended to |*out_ca_certs|. If |*out_ca_certs| is NULL
// then it will be set to a freshly allocated stack containing the extra certs.
//
// Note if |p12| does not contain a private key, both |*out_pkey| and
// |*out_cert| will be set to NULL and all certificates will be returned via
// |*out_ca_certs|. Also note this function differs from OpenSSL in that extra
// certificates are returned in the order they appear in the file. OpenSSL 1.1.1
// returns them in reverse order, but this will be fixed in OpenSSL 3.0.
//
// It returns one on success and zero on error.
//
// Use |PKCS12_get_key_and_certs| instead.
OPENSSL_EXPORT int PKCS12_parse(const PKCS12 *p12, const char *password,
EVP_PKEY **out_pkey, X509 **out_cert,
STACK_OF(X509) **out_ca_certs);
// PKCS12_set_mac generates the MAC for |p12| with the designated |password|,
// |salt|, |mac_iterations|, and |md| specified. |password| MUST be the same
// password originally used to encrypt |p12|. Although OpenSSL will allow an
// invalid state with a different |password|, AWS-LC will throw an error and
// return 0.
//
// If |salt| is NULL, a random salt of |salt_len| bytes is generated. If
// |salt_len| is zero, a default salt length is used instead.
// If |md| is NULL, the default is use SHA1 to align with OpenSSL.
//
// TODO (CryptoAlg-2897): Update the default |md| to SHA-256 to align with
// OpenSSL 3.x.
OPENSSL_EXPORT int PKCS12_set_mac(PKCS12 *p12, const char *password,
int password_len, unsigned char *salt,
int salt_len, int mac_iterations,
const EVP_MD *md);
// PKCS12_verify_mac returns one if |password| is a valid password for |p12|
// and zero otherwise. Since |PKCS12_parse| doesn't take a length parameter,
// it's not actually possible to use a non-NUL-terminated password to actually
// get anything from a |PKCS12|. Thus |password| and |password_len| may be
// |NULL| and zero, respectively, or else |password_len| may be -1 to indicate
// that |password| is a NUL-terminated C string whose length is determined via
// |strlen|, or else |password_len| must be non-negative,
// |password[password_len]| must be zero, and no other NUL bytes may appear in
// |password|. If the |password_len| checks fail, zero is returned
// immediately.
OPENSSL_EXPORT int PKCS12_verify_mac(const PKCS12 *p12, const char *password,
int password_len);
// PKCS12_DEFAULT_ITER is the default number of KDF iterations used when
// creating a |PKCS12| object.
#define PKCS12_DEFAULT_ITER 2048
// PKCS12_create returns a newly-allocated |PKCS12| object containing |pkey|,
// |cert|, and |chain|, encrypted with the specified password. |name|, if not
// NULL, specifies a user-friendly name to encode with the key and
// certificate. The key and certificates are encrypted with |key_nid| and
// |cert_nid|, respectively, using |iterations| iterations in the
// KDF. |mac_iterations| is the number of iterations when deriving the MAC
// key. |key_type| must be zero. |pkey| and |cert| may be NULL to omit them.
//
// Each of |key_nid|, |cert_nid|, |iterations|, and |mac_iterations| may be zero
// to use defaults, which are |NID_pbe_WithSHA1And3_Key_TripleDES_CBC|,
// |NID_pbe_WithSHA1And40BitRC2_CBC|, |PKCS12_DEFAULT_ITER|, and one,
// respectively.
//
// |key_nid| or |cert_nid| may also be -1 to disable encryption of the key or
// certificate, respectively. This option is not recommended and is only
// implemented for compatibility with external packages. Note the output still
// requires a password for the MAC. Unencrypted keys in PKCS#12 are also not
// widely supported and may not open in other implementations.
//
// If |cert| or |chain| have associated aliases (see |X509_alias_set1|), they
// will be included in the output as friendlyName attributes (RFC 2985). It is
// an error to specify both an alias on |cert| and a non-NULL |name|
// parameter.
OPENSSL_EXPORT PKCS12 *PKCS12_create(const char *password, const char *name,
const EVP_PKEY *pkey, X509 *cert,
const STACK_OF(X509) *chain, int key_nid,
int cert_nid, int iterations,
int mac_iterations, int key_type);
// PKCS12_new returns a newly-allocated |PKCS12| object.
OPENSSL_EXPORT PKCS12 *PKCS12_new(void);
// PKCS12_free frees |p12| and its contents.
OPENSSL_EXPORT void PKCS12_free(PKCS12 *p12);
#if defined(__cplusplus)
} // extern C
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(PKCS12, PKCS12_free)
BORINGSSL_MAKE_DELETER(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free)
BSSL_NAMESPACE_END
} // extern C++
#endif
#define PKCS8_R_BAD_PKCS12_DATA 100
#define PKCS8_R_BAD_PKCS12_VERSION 101
#define PKCS8_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 102
#define PKCS8_R_CRYPT_ERROR 103
#define PKCS8_R_DECODE_ERROR 104
#define PKCS8_R_ENCODE_ERROR 105
#define PKCS8_R_ENCRYPT_ERROR 106
#define PKCS8_R_ERROR_SETTING_CIPHER_PARAMS 107
#define PKCS8_R_INCORRECT_PASSWORD 108
#define PKCS8_R_KEYGEN_FAILURE 109
#define PKCS8_R_KEY_GEN_ERROR 110
#define PKCS8_R_METHOD_NOT_SUPPORTED 111
#define PKCS8_R_MISSING_MAC 112
#define PKCS8_R_MULTIPLE_PRIVATE_KEYS_IN_PKCS12 113
#define PKCS8_R_PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED 114
#define PKCS8_R_PKCS12_TOO_DEEPLY_NESTED 115
#define PKCS8_R_PRIVATE_KEY_DECODE_ERROR 116
#define PKCS8_R_PRIVATE_KEY_ENCODE_ERROR 117
#define PKCS8_R_TOO_LONG 118
#define PKCS8_R_UNKNOWN_ALGORITHM 119
#define PKCS8_R_UNKNOWN_CIPHER 120
#define PKCS8_R_UNKNOWN_CIPHER_ALGORITHM 121
#define PKCS8_R_UNKNOWN_DIGEST 122
#define PKCS8_R_UNKNOWN_HASH 123
#define PKCS8_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 124
#define PKCS8_R_UNSUPPORTED_KEYLENGTH 125
#define PKCS8_R_UNSUPPORTED_SALT_TYPE 126
#define PKCS8_R_UNSUPPORTED_CIPHER 127
#define PKCS8_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 128
#define PKCS8_R_BAD_ITERATION_COUNT 129
#define PKCS8_R_UNSUPPORTED_PRF 130
#define PKCS8_R_INVALID_CHARACTERS 131
#define PKCS8_R_UNSUPPORTED_OPTIONS 132
#define PKCS8_R_AMBIGUOUS_FRIENDLY_NAME 133
// PKCS12_R_MAC_VERIFY_FAILURE is an error code defined for
// compatability. It points to our equivalent for this OpenSSL error,
// |PKCS8_R_INCORRECT_PASSWORD|
#define PKCS12_R_MAC_VERIFY_FAILURE PKCS8_R_INCORRECT_PASSWORD
#endif // OPENSSL_HEADER_PKCS8_H

38
vendor/aws-lc-sys/aws-lc/include/openssl/poly1305.h vendored Normal file
View File

@@ -0,0 +1,38 @@
// Copyright (c) 2014, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_POLY1305_H
#define OPENSSL_HEADER_POLY1305_H
#include <openssl/base.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef uint8_t poly1305_state[512];
// CRYPTO_poly1305_init sets up |state| so that it can be used to calculate an
// authentication tag with the one-time key |key|. Note that |key| is a
// one-time key and therefore there is no `reset' method because that would
// enable several messages to be authenticated with the same key.
OPENSSL_EXPORT void CRYPTO_poly1305_init(poly1305_state *state,
const uint8_t key[32]);
// CRYPTO_poly1305_update processes |in_len| bytes from |in|. It can be called
// zero or more times after poly1305_init.
OPENSSL_EXPORT void CRYPTO_poly1305_update(poly1305_state *state,
const uint8_t *in, size_t in_len);
// CRYPTO_poly1305_finish completes the poly1305 calculation and writes a 16
// byte authentication tag to |mac|.
OPENSSL_EXPORT void CRYPTO_poly1305_finish(poly1305_state *state,
uint8_t mac[16]);
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_POLY1305_H

97
vendor/aws-lc-sys/aws-lc/include/openssl/pool.h vendored Normal file
View File

@@ -0,0 +1,97 @@
// Copyright (c) 2016, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_POOL_H
#define OPENSSL_HEADER_POOL_H
#include <openssl/base.h>
#include <openssl/stack.h>
#if defined(__cplusplus)
extern "C" {
#endif
// Buffers and buffer pools.
//
// |CRYPTO_BUFFER|s are simply reference-counted blobs. A |CRYPTO_BUFFER_POOL|
// is an intern table for |CRYPTO_BUFFER|s. This allows for a single copy of a
// given blob to be kept in memory and referenced from multiple places.
DEFINE_STACK_OF(CRYPTO_BUFFER)
// CRYPTO_BUFFER_POOL_new returns a freshly allocated |CRYPTO_BUFFER_POOL| or
// NULL on error.
OPENSSL_EXPORT CRYPTO_BUFFER_POOL* CRYPTO_BUFFER_POOL_new(void);
// CRYPTO_BUFFER_POOL_free frees |pool|, which must be empty.
OPENSSL_EXPORT void CRYPTO_BUFFER_POOL_free(CRYPTO_BUFFER_POOL *pool);
// CRYPTO_BUFFER_new returns a |CRYPTO_BUFFER| containing a copy of |data|, or
// else NULL on error. If |pool| is not NULL then the returned value may be a
// reference to a previously existing |CRYPTO_BUFFER| that contained the same
// data. Otherwise, the returned, fresh |CRYPTO_BUFFER| will be added to the
// pool.
OPENSSL_EXPORT CRYPTO_BUFFER *CRYPTO_BUFFER_new(const uint8_t *data, size_t len,
CRYPTO_BUFFER_POOL *pool);
// CRYPTO_BUFFER_alloc creates an unpooled |CRYPTO_BUFFER| of the given size and
// writes the underlying data pointer to |*out_data|. It returns NULL on error.
//
// After calling this function, |len| bytes of contents must be written to
// |out_data| before passing the returned pointer to any other BoringSSL
// functions. Once initialized, the |CRYPTO_BUFFER| should be treated as
// immutable.
OPENSSL_EXPORT CRYPTO_BUFFER *CRYPTO_BUFFER_alloc(uint8_t **out_data,
size_t len);
// CRYPTO_BUFFER_new_from_CBS acts the same as |CRYPTO_BUFFER_new|.
OPENSSL_EXPORT CRYPTO_BUFFER *CRYPTO_BUFFER_new_from_CBS(
const CBS *cbs, CRYPTO_BUFFER_POOL *pool);
// CRYPTO_BUFFER_new_from_static_data_unsafe behaves like |CRYPTO_BUFFER_new|
// but does not copy |data|. |data| must be immutable and last for the lifetime
// of the address space.
OPENSSL_EXPORT CRYPTO_BUFFER *CRYPTO_BUFFER_new_from_static_data_unsafe(
const uint8_t *data, size_t len, CRYPTO_BUFFER_POOL *pool);
// CRYPTO_BUFFER_free decrements the reference count of |buf|. If there are no
// other references, or if the only remaining reference is from a pool, then
// |buf| will be freed.
OPENSSL_EXPORT void CRYPTO_BUFFER_free(CRYPTO_BUFFER *buf);
// CRYPTO_BUFFER_up_ref increments the reference count of |buf| and returns
// one.
OPENSSL_EXPORT int CRYPTO_BUFFER_up_ref(CRYPTO_BUFFER *buf);
// CRYPTO_BUFFER_data returns a pointer to the data contained in |buf|.
OPENSSL_EXPORT const uint8_t *CRYPTO_BUFFER_data(const CRYPTO_BUFFER *buf);
// CRYPTO_BUFFER_len returns the length, in bytes, of the data contained in
// |buf|.
OPENSSL_EXPORT size_t CRYPTO_BUFFER_len(const CRYPTO_BUFFER *buf);
// CRYPTO_BUFFER_init_CBS initialises |out| to point at the data from |buf|.
OPENSSL_EXPORT void CRYPTO_BUFFER_init_CBS(const CRYPTO_BUFFER *buf, CBS *out);
#if defined(__cplusplus)
} // extern C
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(CRYPTO_BUFFER_POOL, CRYPTO_BUFFER_POOL_free)
BORINGSSL_MAKE_DELETER(CRYPTO_BUFFER, CRYPTO_BUFFER_free)
BORINGSSL_MAKE_UP_REF(CRYPTO_BUFFER, CRYPTO_BUFFER_up_ref)
BSSL_NAMESPACE_END
} // extern C++
#endif
#endif // OPENSSL_HEADER_POOL_H

40
vendor/aws-lc-sys/aws-lc/include/openssl/posix_time.h vendored Normal file
View File

@@ -0,0 +1,40 @@
// Copyright (c) 2022, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_POSIX_TIME_H
#define OPENSSL_HEADER_POSIX_TIME_H
#include <openssl/base.h>
#include <time.h>
#if defined(__cplusplus)
extern "C" {
#endif
// Time functions.
// OPENSSL_posix_to_tm converts a int64_t POSIX time value in |time|, which must
// be in the range of year 0000 to 9999, to a broken out time value in |tm|. It
// returns one on success and zero on error.
OPENSSL_EXPORT int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm);
// OPENSSL_tm_to_posix converts a time value between the years 0 and 9999 in
// |tm| to a POSIX time value in |out|. One is returned on success, zero is
// returned on failure. It is a failure if |tm| contains out of range values.
OPENSSL_EXPORT int OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out);
// OPENSSL_timegm converts a time value between the years 0 and 9999 in |tm| to
// a time_t value in |out|. One is returned on success, zero is returned on
// failure. It is a failure if the converted time can not be represented in a
// time_t, or if the tm contains out of range values.
OPENSSL_EXPORT int OPENSSL_timegm(const struct tm *tm, time_t *out);
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_POSIX_TIME_H

132
vendor/aws-lc-sys/aws-lc/include/openssl/rand.h vendored Normal file
View File

@@ -0,0 +1,132 @@
// Copyright (c) 2014, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_RAND_H
#define OPENSSL_HEADER_RAND_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// Random number generation.
#define RAND_PRED_RESISTANCE_LEN (32)
// RAND_bytes writes |len| bytes of random data to |buf| and returns one. In the
// event that sufficient random data can not be obtained, |abort| is called.
OPENSSL_EXPORT int RAND_bytes(uint8_t *buf, size_t len);
// RAND_priv_bytes is a wrapper around |RAND_bytes| provided for compatibility.
// Consumers should call |RAND_bytes| directly.
OPENSSL_EXPORT int RAND_priv_bytes(uint8_t *buf, size_t len);
// RAND_public_bytes writes |len| bytes of random data to |buf| and returns one.
// In the event that sufficient random data can not be obtained, |abort| is
// called. |RAND_public_bytes| and |RAND_bytes| do not use the same state to
// generate output.
OPENSSL_EXPORT int RAND_public_bytes(uint8_t *out, size_t out_len);
// RAND_bytes_with_user_prediction_resistance is functionally equivalent to
// |RAND_bytes| but also provides a way for the caller to inject prediction
// resistance material using the argument |user_pred_resistance|.
// |user_pred_resistance| must not be NULL and |user_pred_resistance| must be
// filled with |RAND_PRED_RESISTANCE_LEN| bytes.
OPENSSL_EXPORT int RAND_bytes_with_user_prediction_resistance(uint8_t *out,
size_t out_len, const uint8_t user_pred_resistance[RAND_PRED_RESISTANCE_LEN]);
// Obscure functions.
#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
// RAND_reset_for_fuzzing resets the fuzzer-only deterministic RNG. This
// function is only defined in the fuzzer-only build configuration.
OPENSSL_EXPORT void RAND_reset_for_fuzzing(void);
#endif
// Deprecated functions
// RAND_pseudo_bytes is a wrapper around |RAND_bytes|.
OPENSSL_EXPORT int RAND_pseudo_bytes(uint8_t *buf, size_t len);
// RAND_seed reads a single byte of random data to ensure that any file
// descriptors etc are opened.
OPENSSL_EXPORT void RAND_seed(const void *buf, int num);
// General No-op Functions [Deprecated].
//
// OpenSSL historically allowed applications to do various operations to gather
// entropy and mix them into the entropy pool. AWS-LC sources entropy for the
// consuming application and the following functions have been deprecated as
// no-ops. Consumers should call |RAND_bytes| directly.
//
// TODO (CryptoAlg-2398): Add |OPENSSL_DEPRECATED| to the ones that are missing.
// curl and tpm2-tss defines -Wnerror and depend on them.
// RAND_load_file returns a nonnegative number.
OPENSSL_EXPORT OPENSSL_DEPRECATED int RAND_load_file(const char *path,
long num);
// RAND_write_file does nothing and returns negative 1.
OPENSSL_EXPORT OPENSSL_DEPRECATED int RAND_write_file(const char *file);
// RAND_file_name returns NULL.
OPENSSL_EXPORT OPENSSL_DEPRECATED const char *RAND_file_name(char *buf,
size_t num);
// RAND_add does nothing.
OPENSSL_EXPORT OPENSSL_DEPRECATED void RAND_add(const void *buf, int num,
double entropy);
// RAND_egd returns 255.
OPENSSL_EXPORT OPENSSL_DEPRECATED int RAND_egd(const char *);
// RAND_egd_bytes returns |bytes|.
OPENSSL_EXPORT OPENSSL_DEPRECATED int RAND_egd_bytes(const char *, int bytes);
// RAND_poll returns one.
OPENSSL_EXPORT OPENSSL_DEPRECATED int RAND_poll(void);
// RAND_status returns one.
OPENSSL_EXPORT int RAND_status(void);
// RAND_cleanup does nothing.
OPENSSL_EXPORT OPENSSL_DEPRECATED void RAND_cleanup(void);
// rand_meth_st is typedefed to |RAND_METHOD| in base.h. It isn't used; it
// exists only to be the return type of |RAND_SSLeay|. It's
// external so that variables of this type can be initialized.
struct rand_meth_st {
void (*seed)(const void *buf, int num);
int (*bytes)(uint8_t *buf, size_t num);
void (*cleanup)(void);
void (*add)(const void *buf, int num, double entropy);
int (*pseudorand)(uint8_t *buf, size_t num);
int (*status)(void);
};
// RAND_SSLeay returns a pointer to a dummy |RAND_METHOD|.
OPENSSL_EXPORT OPENSSL_DEPRECATED RAND_METHOD *RAND_SSLeay(void);
// RAND_OpenSSL returns a pointer to a dummy |RAND_METHOD|.
OPENSSL_EXPORT RAND_METHOD *RAND_OpenSSL(void);
// RAND_get_rand_method returns |RAND_SSLeay()|.
OPENSSL_EXPORT const RAND_METHOD *RAND_get_rand_method(void);
// RAND_set_rand_method returns one.
OPENSSL_EXPORT int RAND_set_rand_method(const RAND_METHOD *);
// RAND_keep_random_devices_open does nothing.
OPENSSL_EXPORT OPENSSL_DEPRECATED void RAND_keep_random_devices_open(int a);
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_RAND_H

43
vendor/aws-lc-sys/aws-lc/include/openssl/rc4.h vendored Normal file
View File

@@ -0,0 +1,43 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_RC4_H
#define OPENSSL_HEADER_RC4_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// RC4.
struct rc4_key_st {
uint32_t x, y;
uint32_t data[256];
} /* RC4_KEY */;
// RC4_set_key performs an RC4 key schedule and initialises |rc4key| with |len|
// bytes of key material from |key|.
OPENSSL_EXPORT void RC4_set_key(RC4_KEY *rc4key, unsigned len,
const uint8_t *key);
// RC4 encrypts (or decrypts, it's the same with RC4) |len| bytes from |in| to
// |out|.
OPENSSL_EXPORT void RC4(RC4_KEY *key, size_t len, const uint8_t *in,
uint8_t *out);
// Deprecated functions.
// RC4_options returns the string "rc4(ptr,int)".
OPENSSL_EXPORT OPENSSL_DEPRECATED const char *RC4_options(void);
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_RC4_H

48
vendor/aws-lc-sys/aws-lc/include/openssl/ripemd.h vendored Normal file
View File

@@ -0,0 +1,48 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_RIPEMD_H
#define OPENSSL_HEADER_RIPEMD_H
#include <openssl/base.h>
#ifdef __cplusplus
extern "C" {
#endif
# define RIPEMD160_CBLOCK 64
# define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4)
# define RIPEMD160_DIGEST_LENGTH 20
struct RIPEMD160state_st {
uint32_t h[5];
uint32_t Nl, Nh;
uint8_t data[RIPEMD160_CBLOCK];
unsigned num;
};
// RIPEMD160_Init initialises |ctx| and returns one.
OPENSSL_EXPORT int RIPEMD160_Init(RIPEMD160_CTX *ctx);
// RIPEMD160_Update adds |len| bytes from |data| to |ctx| and returns one.
OPENSSL_EXPORT int RIPEMD160_Update(RIPEMD160_CTX *ctx, const void *data,
size_t len);
// RIPEMD160_Final adds the final padding to |ctx| and writes the resulting
// digest to |out|, which must have at least |RIPEMD160_DIGEST_LENGTH| bytes of
// space. It returns one.
OPENSSL_EXPORT int RIPEMD160_Final(uint8_t out[RIPEMD160_DIGEST_LENGTH],
RIPEMD160_CTX *ctx);
// RIPEMD160 writes the digest of |len| bytes from |data| to |out| and returns
// |out|. There must be at least |RIPEMD160_DIGEST_LENGTH| bytes of space in
// |out|.
OPENSSL_EXPORT uint8_t *RIPEMD160(const uint8_t *data, size_t len,
uint8_t out[RIPEMD160_DIGEST_LENGTH]);
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_RIPEMD_H

966
vendor/aws-lc-sys/aws-lc/include/openssl/rsa.h vendored Normal file
View File

@@ -0,0 +1,966 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_RSA_H
#define OPENSSL_HEADER_RSA_H
#include <openssl/base.h>
#include <openssl/crypto.h>
// OpenSSL includes BN in this header: https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/include/openssl/rsa.h#L21
#include <openssl/bn.h>
#include <openssl/engine.h>
#include <openssl/ex_data.h>
#include <openssl/thread.h>
#include <stdio.h>
#if defined(__cplusplus)
extern "C" {
#endif
// rsa.h contains functions for handling encryption and signature using RSA.
// Allocation and destruction.
//
// An |RSA| object represents a public or private RSA key. A given object may be
// used concurrently on multiple threads by non-mutating functions, provided no
// other thread is concurrently calling a mutating function. Unless otherwise
// documented, functions which take a |const| pointer are non-mutating and
// functions which take a non-|const| pointer are mutating.
// RSA_new_public_key returns a new |RSA| object containing a public key with
// the specified parameters, or NULL on error or invalid input.
OPENSSL_EXPORT RSA *RSA_new_public_key(const BIGNUM *n, const BIGNUM *e);
// RSA_new_private_key returns a new |RSA| object containing a private key with
// the specified parameters, or NULL on error or invalid input. All parameters
// are mandatory and may not be NULL.
//
// This function creates standard RSA private keys with CRT parameters.
OPENSSL_EXPORT RSA *RSA_new_private_key(const BIGNUM *n, const BIGNUM *e,
const BIGNUM *d, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
const BIGNUM *dmq1, const BIGNUM *iqmp);
// RSA_new returns a new, empty |RSA| object or NULL on error. Prefer using
// |RSA_new_public_key| or |RSA_new_private_key| to import an RSA key.
OPENSSL_EXPORT RSA *RSA_new(void);
// RSA_new_method acts the same as |RSA_new| but takes an explicit |ENGINE|.
OPENSSL_EXPORT RSA *RSA_new_method(const ENGINE *engine);
// RSA_free decrements the reference count of |rsa| and frees it if the
// reference count drops to zero.
OPENSSL_EXPORT void RSA_free(RSA *rsa);
// RSA_up_ref increments the reference count of |rsa| and returns one. It does
// not mutate |rsa| for thread-safety purposes and may be used concurrently.
OPENSSL_EXPORT int RSA_up_ref(RSA *rsa);
// Properties.
// RSA_bits returns the size of |rsa|, in bits.
OPENSSL_EXPORT unsigned RSA_bits(const RSA *rsa);
// RSA_get0_n returns |rsa|'s public modulus.
OPENSSL_EXPORT const BIGNUM *RSA_get0_n(const RSA *rsa);
// RSA_get0_e returns |rsa|'s public exponent.
OPENSSL_EXPORT const BIGNUM *RSA_get0_e(const RSA *rsa);
// RSA_get0_d returns |rsa|'s private exponent. If |rsa| is a public key, this
// value will be NULL.
OPENSSL_EXPORT const BIGNUM *RSA_get0_d(const RSA *rsa);
// RSA_get0_p returns |rsa|'s first private prime factor. If |rsa| is a public
// key or lacks its prime factors, this value will be NULL.
OPENSSL_EXPORT const BIGNUM *RSA_get0_p(const RSA *rsa);
// RSA_get0_q returns |rsa|'s second private prime factor. If |rsa| is a public
// key or lacks its prime factors, this value will be NULL.
OPENSSL_EXPORT const BIGNUM *RSA_get0_q(const RSA *rsa);
// RSA_get0_dmp1 returns d (mod p-1) for |rsa|. If |rsa| is a public key or
// lacks CRT parameters, this value will be NULL.
OPENSSL_EXPORT const BIGNUM *RSA_get0_dmp1(const RSA *rsa);
// RSA_get0_dmq1 returns d (mod q-1) for |rsa|. If |rsa| is a public key or
// lacks CRT parameters, this value will be NULL.
OPENSSL_EXPORT const BIGNUM *RSA_get0_dmq1(const RSA *rsa);
// RSA_get0_iqmp returns q^-1 (mod p). If |rsa| is a public key or lacks CRT
// parameters, this value will be NULL.
OPENSSL_EXPORT const BIGNUM *RSA_get0_iqmp(const RSA *rsa);
// RSA_get0_key sets |*out_n|, |*out_e|, and |*out_d|, if non-NULL, to |rsa|'s
// modulus, public exponent, and private exponent, respectively. If |rsa| is a
// public key, the private exponent will be set to NULL.
OPENSSL_EXPORT void RSA_get0_key(const RSA *rsa, const BIGNUM **out_n,
const BIGNUM **out_e, const BIGNUM **out_d);
// RSA_get0_factors sets |*out_p| and |*out_q|, if non-NULL, to |rsa|'s prime
// factors. If |rsa| is a public key, they will be set to NULL.
OPENSSL_EXPORT void RSA_get0_factors(const RSA *rsa, const BIGNUM **out_p,
const BIGNUM **out_q);
// RSA_get0_crt_params sets |*out_dmp1|, |*out_dmq1|, and |*out_iqmp|, if
// non-NULL, to |rsa|'s CRT parameters. These are d (mod p-1), d (mod q-1) and
// q^-1 (mod p), respectively. If |rsa| is a public key, each parameter will be
// set to NULL.
OPENSSL_EXPORT void RSA_get0_crt_params(const RSA *rsa, const BIGNUM **out_dmp1,
const BIGNUM **out_dmq1,
const BIGNUM **out_iqmp);
// Setting individual properties.
//
// These functions allow setting individual properties of an |RSA| object. This
// is typically used with |RSA_new| to construct an RSA key field by field.
// Prefer instead to use |RSA_new_public_key| and |RSA_new_private_key|. These
// functions defer some initialization to the first use of an |RSA| object. This
// means invalid inputs may be caught late.
//
// TODO(crbug.com/boringssl/316): This deferred initialization also causes
// performance problems in multi-threaded applications. The preferred APIs
// currently have the same issues, but they will initialize eagerly in the
// future.
// RSA_set0_key sets |rsa|'s modulus, public exponent, and private exponent to
// |n|, |e|, and |d| respectively, if non-NULL. On success, it takes ownership
// of each argument and returns one. Otherwise, it returns zero.
//
// For a public key, |d| may be NULL, but |n| and |e| must either be non-NULL
// or already configured on |rsa|. For a private key, |e| may be NULL, but |n|
// and |d| must either be non-NULL or already configured on |rsa|. Private keys
// missing |e| are often used by the JCA.
//
// It is an error to call this function after |rsa| has been used for a
// cryptographic operation. Construct a new |RSA| object instead.
OPENSSL_EXPORT int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d);
// RSA_set0_factors sets |rsa|'s prime factors to |p| and |q|, if non-NULL, and
// takes ownership of them. On success, it takes ownership of each argument and
// returns one. Otherwise, it returns zero.
//
// Each argument must either be non-NULL or already configured on |rsa|.
//
// It is an error to call this function after |rsa| has been used for a
// cryptographic operation. Construct a new |RSA| object instead.
OPENSSL_EXPORT int RSA_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q);
// RSA_set0_crt_params sets |rsa|'s CRT parameters to |dmp1|, |dmq1|, and
// |iqmp|, if non-NULL, and takes ownership of them. On success, it takes
// ownership of its parameters and returns one. Otherwise, it returns zero.
//
// Each argument must either be non-NULL or already configured on |rsa|.
//
// It is an error to call this function after |rsa| has been used for a
// cryptographic operation. Construct a new |RSA| object instead.
OPENSSL_EXPORT int RSA_set0_crt_params(RSA *rsa, BIGNUM *dmp1, BIGNUM *dmq1,
BIGNUM *iqmp);
// RSA_METHOD functions
// RSA_get_default_method returns a zero initialized |RSA_METHOD| object. The
// wrapper functions will select the appropriate |rsa_default_*| implementation.
OPENSSL_EXPORT const RSA_METHOD *RSA_get_default_method(void);
// RSA_meth_new returns a zero-initialized |RSA_METHOD| object. It sets
// |flags| on the object. Currently, only |RSA_FLAG_OPAQUE| can be set on
// the method structure. The |name| parameter is currently ignored and
// is part of the function signature for OpenSSL compatibility.
OPENSSL_EXPORT RSA_METHOD *RSA_meth_new(const char *name, int flags);
// RSA_set_method sets |meth| on |rsa|. Returns one on success and zero
// on failure.
OPENSSL_EXPORT int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
// RSA_get_method returns the |RSA_METHOD| object associated with |rsa|.
OPENSSL_EXPORT const RSA_METHOD *RSA_get_method(const RSA *rsa);
// RSA_meth_free frees the memory associated with |meth|
OPENSSL_EXPORT void RSA_meth_free(RSA_METHOD *meth);
// RSA_METHOD setters
// The following functions set the corresponding fields on |meth|. They return
// one on success and zero on failure.
// RSA_meth_set_init sets |init| on |meth|. |init| should return one on
// success and zero on failure.
OPENSSL_EXPORT int RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa));
// RSA_meth_set_finish sets |finish| on |meth|. The |finish| function
// is called in |RSA_free| before freeing the key. |finish| should return
// one on success and zero on failure.
OPENSSL_EXPORT int RSA_meth_set_finish(RSA_METHOD *meth,
int (*finish) (RSA *rsa));
// RSA_meth_set_priv_dec sets |priv_dec| on |meth|. |priv_dec| should decrypt
// |max_out| bytes at |from| using the private key |rsa| and store the plaintext
// in |to|. |priv_dec| should return the size of the recovered plaintext or a
// negative number on error.
OPENSSL_EXPORT int RSA_meth_set_priv_dec(RSA_METHOD *meth,
int (*priv_dec) (int max_out, const uint8_t *from,
uint8_t *to, RSA *rsa,
int padding));
// RSA_meth_set_priv_enc sets |priv_enc| on |meth|. |priv_enc| should sign
// |max_out| bytes at |from| using the private key |rsa| and store the
// signature in |to|. |priv_enc| should return the size of the signature or a
// negative number for error.
OPENSSL_EXPORT int RSA_meth_set_priv_enc(RSA_METHOD *meth,
int (*priv_enc) (int max_out, const uint8_t *from,
uint8_t *to, RSA *rsa,
int padding));
// RSA_meth_set_pub_dec sets |pub_dec| on |meth|. |pub_dec| should recover the
// |max_out| bytes of the message digest at |from| using the signer's public
// key |rsa| and store it in |to|. |pub_dec| should return the size of the
// recovered message digest or a negative number on error.
OPENSSL_EXPORT int RSA_meth_set_pub_dec(RSA_METHOD *meth,
int (*pub_dec) (int max_out, const uint8_t *from,
uint8_t *to, RSA *rsa,
int padding));
// RSA_meth_set_pub_enc sets |pub_enc| on |meth|. |pub_enc| should encrypt
// |max_out| bytes at |from| using the public key |rsa| and stores the
// ciphertext in |to|. |pub_enc| should return the size of the encrypted data
// or a negative number on error.
OPENSSL_EXPORT int RSA_meth_set_pub_enc(RSA_METHOD *meth,
int (*pub_enc) (int max_out, const uint8_t *from,
uint8_t *to, RSA *rsa,
int padding));
// RSA_meth_set0_app_data sets |app_data| on |meth|. Although set0 functions
// generally take ownership in AWS-LC, to maintain OpenSSL compatibility,
// this function does not. It is the consumers responsibility to free
// |app_data|.
OPENSSL_EXPORT int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data);
// RSA_meth_set_sign sets |sign| on |meth|. The function |sign| should return
// one on success and zero on failure.
OPENSSL_EXPORT int RSA_meth_set_sign(RSA_METHOD *meth,
int (*sign) (int type,
const unsigned char *m,
unsigned int m_length,
unsigned char *sigret,
unsigned int *siglen, const RSA *rsa));
// Key generation.
// RSA_generate_key_ex generates a new RSA key where the modulus has size
// |bits| and the public exponent is |e|. If unsure, |RSA_F4| is a good value
// for |e|. If |cb| is not NULL then it is called during the key generation
// process. In addition to the calls documented for |BN_generate_prime_ex|, it
// is called with event=2 when the n'th prime is rejected as unsuitable and
// with event=3 when a suitable value for |p| is found.
//
// Note: |bits| is expected to be divisible by 128, and if not will be rounded
// down to the nearest valid value. For example, requesting 3071 bits will
// provide a key that is 2944 bits. |RSA_bits| can be used to verify the
// RSA modulus size of the returned key.
//
// It returns one on success or zero on error.
OPENSSL_EXPORT int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
BN_GENCB *cb);
// RSA_generate_key_fips behaves like |RSA_generate_key_ex| but performs
// additional checks for FIPS compliance. The public exponent is always 65537
// and |bits| must be either 2048 or 3072.
OPENSSL_EXPORT int RSA_generate_key_fips(RSA *rsa, int bits, BN_GENCB *cb);
// Encryption / Decryption
//
// These functions are considered non-mutating for thread-safety purposes and
// may be used concurrently.
// RSA_PKCS1_PADDING denotes PKCS#1 v1.5 padding. When used with encryption,
// this is RSAES-PKCS1-v1_5. When used with signing, this is RSASSA-PKCS1-v1_5.
//
// WARNING: The RSAES-PKCS1-v1_5 encryption scheme is vulnerable to a
// chosen-ciphertext attack. Decrypting attacker-supplied ciphertext with
// RSAES-PKCS1-v1_5 may give the attacker control over your private key. This
// does not impact the RSASSA-PKCS1-v1_5 signature scheme. See "Chosen
// Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard
// PKCS #1", Daniel Bleichenbacher, Advances in Cryptology (Crypto '98).
#define RSA_PKCS1_PADDING 1
// RSA_NO_PADDING denotes a raw RSA operation.
#define RSA_NO_PADDING 3
// RSA_PKCS1_OAEP_PADDING denotes the RSAES-OAEP encryption scheme.
#define RSA_PKCS1_OAEP_PADDING 4
// RSA_X931_PADDING is not supported. It's included so consumer compilations can succeed.
#define RSA_X931_PADDING 5
// RSA_PKCS1_PSS_PADDING denotes the RSASSA-PSS signature scheme. This value may
// not be passed into |RSA_sign_raw|, only |EVP_PKEY_CTX_set_rsa_padding|. See
// also |RSA_sign_pss_mgf1| and |RSA_verify_pss_mgf1|.
#define RSA_PKCS1_PSS_PADDING 6
// RSA_encrypt encrypts |in_len| bytes from |in| to the public key from |rsa|
// and writes, at most, |max_out| bytes of encrypted data to |out|. The
// |max_out| argument must be, at least, |RSA_size| in order to ensure success.
//
// It returns 1 on success or zero on error.
//
// The |padding| argument must be one of the |RSA_*_PADDING| values. If in
// doubt, use |RSA_PKCS1_OAEP_PADDING| for new protocols.
OPENSSL_EXPORT int RSA_encrypt(RSA *rsa, size_t *out_len, uint8_t *out,
size_t max_out, const uint8_t *in, size_t in_len,
int padding);
// RSA_decrypt decrypts |in_len| bytes from |in| with the private key from
// |rsa| and writes, at most, |max_out| bytes of plaintext to |out|. The
// |max_out| argument must be, at least, |RSA_size| in order to ensure success.
//
// It returns 1 on success or zero on error.
//
// The |padding| argument must be one of the |RSA_*_PADDING| values. If in
// doubt, use |RSA_PKCS1_OAEP_PADDING| for new protocols.
//
// WARNING: Passing |RSA_PKCS1_PADDING| into this function is deprecated and
// insecure. RSAES-PKCS1-v1_5 is vulnerable to a chosen-ciphertext attack.
// Decrypting attacker-supplied ciphertext with RSAES-PKCS1-v1_5 may give the
// attacker control over your private key. See "Chosen Ciphertext Attacks
// Against Protocols Based on the RSA Encryption Standard PKCS #1", Daniel
// Bleichenbacher, Advances in Cryptology (Crypto '98).
//
// In some limited cases, such as TLS RSA key exchange, it is possible to
// mitigate this flaw with custom, protocol-specific padding logic. This
// should be implemented with |RSA_NO_PADDING|, not |RSA_PKCS1_PADDING|.
OPENSSL_EXPORT int RSA_decrypt(RSA *rsa, size_t *out_len, uint8_t *out,
size_t max_out, const uint8_t *in, size_t in_len,
int padding);
// RSA_public_encrypt encrypts |flen| bytes from |from| to the public key in
// |rsa| and writes the encrypted data to |to|. The |to| buffer must have at
// least |RSA_size| bytes of space. It returns the number of bytes written, or
// -1 on error. The |padding| argument must be one of the |RSA_*_PADDING|
// values. If in doubt, use |RSA_PKCS1_OAEP_PADDING| for new protocols.
//
// WARNING: this function is dangerous because it breaks the usual return value
// convention. Use |RSA_encrypt| instead.
OPENSSL_EXPORT int RSA_public_encrypt(size_t flen, const uint8_t *from,
uint8_t *to, RSA *rsa, int padding);
// RSA_private_decrypt decrypts |flen| bytes from |from| with the public key in
// |rsa| and writes the plaintext to |to|. The |to| buffer must have at least
// |RSA_size| bytes of space. It returns the number of bytes written, or -1 on
// error. The |padding| argument must be one of the |RSA_*_PADDING| values. If
// in doubt, use |RSA_PKCS1_OAEP_PADDING| for new protocols. Passing
// |RSA_PKCS1_PADDING| into this function is deprecated and insecure. See
// |RSA_decrypt|.
//
// WARNING: this function is dangerous because it breaks the usual return value
// convention. Use |RSA_decrypt| instead.
OPENSSL_EXPORT int RSA_private_decrypt(size_t flen, const uint8_t *from,
uint8_t *to, RSA *rsa, int padding);
// RSA_PSS_SALTLEN_DIGEST denotes the salt length matches the digest length
#define RSA_PSS_SALTLEN_DIGEST -1
// Signing / Verification
//
// These functions are considered non-mutating for thread-safety purposes and
// may be used concurrently.
// RSA_sign signs |digest_len| bytes of digest from |digest| with |rsa| using
// RSASSA-PKCS1-v1_5. It writes, at most, |RSA_size(rsa)| bytes to |out|. On
// successful return, the actual number of bytes written is written to
// |*out_len|.
//
// The |hash_nid| argument identifies the hash function used to calculate
// |digest| and is embedded in the resulting signature. For example, it might be
// |NID_sha256|.
//
// It returns 1 on success and zero on error.
//
// WARNING: |digest| must be the result of hashing the data to be signed with
// |hash_nid|. Passing unhashed inputs will not result in a secure signature
// scheme.
OPENSSL_EXPORT int RSA_sign(int hash_nid, const uint8_t *digest,
size_t digest_len, uint8_t *out, unsigned *out_len,
RSA *rsa);
// RSA_sign_pss_mgf1 signs |digest_len| bytes from |digest| with the public key
// from |rsa| using RSASSA-PSS with MGF1 as the mask generation function. It
// writes, at most, |max_out| bytes of signature data to |out|. The |max_out|
// argument must be, at least, |RSA_size| in order to ensure success. It returns
// 1 on success or zero on error.
//
// The |md| and |mgf1_md| arguments identify the hash used to calculate |digest|
// and the MGF1 hash, respectively. If |mgf1_md| is NULL, |md| is
// used.
//
// |salt_len| specifies the expected salt length in bytes. If |salt_len| is -1,
// then the salt length is the same as the hash length. If -2, then the salt
// length is maximal given the size of |rsa|. If unsure, use -1.
//
// WARNING: |digest| must be the result of hashing the data to be signed with
// |md|. Passing unhashed inputs will not result in a secure signature scheme.
OPENSSL_EXPORT int RSA_sign_pss_mgf1(RSA *rsa, size_t *out_len, uint8_t *out,
size_t max_out, const uint8_t *digest,
size_t digest_len, const EVP_MD *md,
const EVP_MD *mgf1_md, int salt_len);
// RSA_sign_raw performs the private key portion of computing a signature with
// |rsa|. It writes, at most, |max_out| bytes of signature data to |out|. The
// |max_out| argument must be, at least, |RSA_size| in order to ensure the
// output fits. It returns 1 on success or zero on error.
//
// If |padding| is |RSA_PKCS1_PADDING|, this function wraps |in| with the
// padding portion of RSASSA-PKCS1-v1_5 and then performs the raw private key
// operation. The caller is responsible for hashing the input and wrapping it in
// a DigestInfo structure.
//
// If |padding| is |RSA_NO_PADDING|, this function only performs the raw private
// key operation, interpreting |in| as a integer modulo n. The caller is
// responsible for hashing the input and encoding it for the signature scheme
// being implemented.
//
// WARNING: This function is a building block for a signature scheme, not a
// complete one. |in| must be the result of hashing and encoding the data as
// needed for the scheme being implemented. Passing in arbitrary inputs will not
// result in a secure signature scheme.
OPENSSL_EXPORT int RSA_sign_raw(RSA *rsa, size_t *out_len, uint8_t *out,
size_t max_out, const uint8_t *in,
size_t in_len, int padding);
// RSA_verify verifies that |sig_len| bytes from |sig| are a valid,
// RSASSA-PKCS1-v1_5 signature of |digest_len| bytes at |digest| by |rsa|.
//
// The |hash_nid| argument identifies the hash function used to calculate
// |digest| and is embedded in the resulting signature in order to prevent hash
// confusion attacks. For example, it might be |NID_sha256|.
//
// It returns one if the signature is valid and zero otherwise.
//
// We distinguish between a "mismatched" signature error and "bad" signature
// error because of JCA expectations. Specifically:
// * Error |RSA_R_BAD_SIGNATURE| is set if extra information is included beyond
// the signature as forbidden by FIPS 186-4 section 5.5 item (f).
// * Error |RSA_R_MISMATCHED_SIGNATURE| is set if step (4) of RFC-8017
// section 8.2.2 detects a difference in the two encoded messages.
//
// WARNING: this differs from the original, OpenSSL function which additionally
// returned -1 on error.
//
// WARNING: |digest| must be the result of hashing the data to be verified with
// |hash_nid|. Passing unhashed input will not result in a secure signature
// scheme.
OPENSSL_EXPORT int RSA_verify(int hash_nid, const uint8_t *digest,
size_t digest_len, const uint8_t *sig,
size_t sig_len, RSA *rsa);
// RSA_verify_pss_mgf1 verifies that |sig_len| bytes from |sig| are a valid,
// RSASSA-PSS signature of |digest_len| bytes at |digest| by |rsa|. It returns
// one if the signature is valid and zero otherwise. MGF1 is used as the mask
// generation function.
//
// The |md| and |mgf1_md| arguments identify the hash used to calculate |digest|
// and the MGF1 hash, respectively. If |mgf1_md| is NULL, |md| is
// used. |salt_len| specifies the expected salt length in bytes.
//
// If |salt_len| is -1, then the salt length is the same as the hash length. If
// -2, then the salt length is recovered and all values accepted. If unsure, use
// -1.
//
// WARNING: |digest| must be the result of hashing the data to be verified with
// |md|. Passing unhashed input will not result in a secure signature scheme.
OPENSSL_EXPORT int RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *digest,
size_t digest_len, const EVP_MD *md,
const EVP_MD *mgf1_md, int salt_len,
const uint8_t *sig, size_t sig_len);
// RSA_verify_raw performs the public key portion of verifying |in_len| bytes of
// signature from |in| using the public key from |rsa|. On success, it returns
// one and writes, at most, |max_out| bytes of output to |out|. The |max_out|
// argument must be, at least, |RSA_size| in order to ensure the output fits. On
// failure or invalid input, it returns zero.
//
// If |padding| is |RSA_PKCS1_PADDING|, this function checks the padding portion
// of RSASSA-PKCS1-v1_5 and outputs the remainder of the encoded digest. The
// caller is responsible for checking the output is a DigestInfo-wrapped digest
// of the message.
//
// If |padding| is |RSA_NO_PADDING|, this function only performs the raw public
// key operation. The caller is responsible for checking the output is a valid
// result for the signature scheme being implemented.
//
// WARNING: This function is a building block for a signature scheme, not a
// complete one. Checking for arbitrary strings in |out| will not result in a
// secure signature scheme.
OPENSSL_EXPORT int RSA_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out,
size_t max_out, const uint8_t *in,
size_t in_len, int padding);
// RSA_private_encrypt performs the private key portion of computing a signature
// with |rsa|. It takes |flen| bytes from |from| as input and writes the result
// to |to|. The |to| buffer must have at least |RSA_size| bytes of space. It
// returns the number of bytes written, or -1 on error.
//
// For the interpretation of |padding| and the input, see |RSA_sign_raw|.
//
// WARNING: This function is a building block for a signature scheme, not a
// complete one. See |RSA_sign_raw| for details.
//
// WARNING: This function is dangerous because it breaks the usual return value
// convention. Use |RSA_sign_raw| instead.
OPENSSL_EXPORT int RSA_private_encrypt(size_t flen, const uint8_t *from,
uint8_t *to, RSA *rsa, int padding);
// RSA_public_decrypt performs the public key portion of verifying |flen| bytes
// of signature from |from| using the public key from |rsa|. It writes the
// result to |to|, which must have at least |RSA_size| bytes of space. It
// returns the number of bytes written, or -1 on error.
//
// For the interpretation of |padding| and the result, see |RSA_verify_raw|.
//
// WARNING: This function is a building block for a signature scheme, not a
// complete one. See |RSA_verify_raw| for details.
//
// WARNING: This function is dangerous because it breaks the usual return value
// convention. Use |RSA_verify_raw| instead.
OPENSSL_EXPORT int RSA_public_decrypt(size_t flen, const uint8_t *from,
uint8_t *to, RSA *rsa, int padding);
// Utility functions.
// RSA_size returns the number of bytes in the modulus, which is also the size
// of a signature or encrypted value using |rsa|.
OPENSSL_EXPORT unsigned RSA_size(const RSA *rsa);
// RSA_is_opaque returns one if |rsa| is opaque and doesn't expose its key
// material. Otherwise it returns zero.
OPENSSL_EXPORT int RSA_is_opaque(const RSA *rsa);
// RSAPublicKey_dup allocates a fresh |RSA| and copies the public key from
// |rsa| into it. It returns the fresh |RSA| object, or NULL on error.
OPENSSL_EXPORT RSA *RSAPublicKey_dup(const RSA *rsa);
// RSAPrivateKey_dup allocates a fresh |RSA| and copies the private key from
// |rsa| into it. It returns the fresh |RSA| object, or NULL on error.
OPENSSL_EXPORT RSA *RSAPrivateKey_dup(const RSA *rsa);
// RSA_check_key performs basic validity tests on |rsa|. It returns one if
// they pass and zero otherwise. If it returns zero then a more detailed error
// is available on the error queue.
OPENSSL_EXPORT int RSA_check_key(const RSA *rsa);
// RSA_check_fips performs two FIPS related checks in addition to basic
// validity tests from RSA_check_key:
// - partial public key validation (SP 800-89),
// - pair-wise consistency test.
// This function does not mutate |rsa| for thread-safety purposes and
// may be used concurrently.
OPENSSL_EXPORT int RSA_check_fips(RSA *key);
// RSA_verify_PKCS1_PSS_mgf1 verifies that |EM| is a correct PSS padding of
// |mHash|, where |mHash| is a digest produced by |Hash|. |EM| must point to
// exactly |RSA_size(rsa)| bytes of data. The |mgf1Hash| argument specifies the
// hash function for generating the mask. If NULL, |Hash| is used. The |sLen|
// argument specifies the expected salt length in bytes. If |sLen| is RSA_PSS_SALTLEN_DIGEST then
// the salt length is the same as the hash length. If -2, then the salt length
// is recovered and all values accepted.
//
// If unsure, use RSA_PSS_SALTLEN_DIGEST.
//
// It returns one on success or zero on error.
//
// This function implements only the low-level padding logic. Use
// |RSA_verify_pss_mgf1| instead.
OPENSSL_EXPORT int RSA_verify_PKCS1_PSS_mgf1(const RSA *rsa,
const uint8_t *mHash,
const EVP_MD *Hash,
const EVP_MD *mgf1Hash,
const uint8_t *EM, int sLen);
// RSA_padding_add_PKCS1_PSS_mgf1 writes a PSS padding of |mHash| to |EM|,
// where |mHash| is a digest produced by |Hash|. |RSA_size(rsa)| bytes of
// output will be written to |EM|. The |mgf1Hash| argument specifies the hash
// function for generating the mask. If NULL, |Hash| is used. The |sLen|
// argument specifies the expected salt length in bytes.
// If |sLen| is RSA_PSS_SALTLEN_DIGEST then the salt length is the same as
// the hash length. If -2, then the salt length is maximal given the space in |EM|.
//
// It returns one on success or zero on error.
//
// This function implements only the low-level padding logic. Use
// |RSA_sign_pss_mgf1| instead.
OPENSSL_EXPORT int RSA_padding_add_PKCS1_PSS_mgf1(const RSA *rsa, uint8_t *EM,
const uint8_t *mHash,
const EVP_MD *Hash,
const EVP_MD *mgf1Hash,
int sLen);
// RSA_padding_add_PKCS1_OAEP_mgf1 writes an OAEP padding of |from| to |to|
// with the given parameters and hash functions. If |md| is NULL then SHA-1 is
// used. If |mgf1md| is NULL then the value of |md| is used (which means SHA-1
// if that, in turn, is NULL).
//
// It returns one on success or zero on error.
OPENSSL_EXPORT int RSA_padding_add_PKCS1_OAEP_mgf1(
uint8_t *to, size_t to_len, const uint8_t *from, size_t from_len,
const uint8_t *param, size_t param_len, const EVP_MD *md,
const EVP_MD *mgf1md);
// PKCS1_MGF1 masks a seed using MGF1 as defined in RFC 8017 (B.2.1).
// It writes the masked output to |out|, using |len| bytes. |seed| and
// |seed_len| are the seed input. |md| is the message digest to use.
//
// It returns one on success and zero on error.
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS1_MGF1(uint8_t *out, size_t len,
const uint8_t *seed, size_t seed_len, const EVP_MD *md);
// RSA_add_pkcs1_prefix builds a version of |digest| prefixed with the
// DigestInfo header for the given hash function and sets |out_msg| to point to
// it. On successful return, if |*is_alloced| is one, the caller must release
// |*out_msg| with |OPENSSL_free|.
OPENSSL_EXPORT int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len,
int *is_alloced, int hash_nid,
const uint8_t *digest,
size_t digest_len);
// ASN.1 functions.
// RSA_parse_public_key parses a DER-encoded RSAPublicKey structure (RFC 8017)
// from |cbs| and advances |cbs|. It returns a newly-allocated |RSA| or NULL on
// error.
OPENSSL_EXPORT RSA *RSA_parse_public_key(CBS *cbs);
// RSA_public_key_from_bytes parses |in| as a DER-encoded RSAPublicKey structure
// (RFC 8017). It returns a newly-allocated |RSA| or NULL on error.
OPENSSL_EXPORT RSA *RSA_public_key_from_bytes(const uint8_t *in, size_t in_len);
// RSA_marshal_public_key marshals |rsa| as a DER-encoded RSAPublicKey structure
// (RFC 8017) and appends the result to |cbb|. It returns one on success and
// zero on failure.
OPENSSL_EXPORT int RSA_marshal_public_key(CBB *cbb, const RSA *rsa);
// RSA_public_key_to_bytes marshals |rsa| as a DER-encoded RSAPublicKey
// structure (RFC 8017) and, on success, sets |*out_bytes| to a newly allocated
// buffer containing the result and returns one. Otherwise, it returns zero. The
// result should be freed with |OPENSSL_free|.
OPENSSL_EXPORT int RSA_public_key_to_bytes(uint8_t **out_bytes, size_t *out_len,
const RSA *rsa);
// RSA_parse_private_key parses a DER-encoded RSAPrivateKey structure (RFC 8017)
// from |cbs| and advances |cbs|. It returns a newly-allocated |RSA| or NULL on
// error.
OPENSSL_EXPORT RSA *RSA_parse_private_key(CBS *cbs);
// RSA_private_key_from_bytes parses |in| as a DER-encoded RSAPrivateKey
// structure (RFC 8017). It returns a newly-allocated |RSA| or NULL on error.
OPENSSL_EXPORT RSA *RSA_private_key_from_bytes(const uint8_t *in,
size_t in_len);
// RSA_marshal_private_key marshals |rsa| as a DER-encoded RSAPrivateKey
// structure (RFC 8017) and appends the result to |cbb|. It returns one on
// success and zero on failure.
OPENSSL_EXPORT int RSA_marshal_private_key(CBB *cbb, const RSA *rsa);
// RSA_private_key_to_bytes marshals |rsa| as a DER-encoded RSAPrivateKey
// structure (RFC 8017) and, on success, sets |*out_bytes| to a newly allocated
// buffer containing the result and returns one. Otherwise, it returns zero. The
// result should be freed with |OPENSSL_free|.
OPENSSL_EXPORT int RSA_private_key_to_bytes(uint8_t **out_bytes,
size_t *out_len, const RSA *rsa);
// Obscure RSA variants.
//
// These functions allow creating RSA keys with obscure combinations of
// parameters.
// RSA_new_private_key_no_crt behaves like |RSA_new_private_key| but constructs
// an RSA key without CRT coefficients.
//
// Keys created by this function will be less performant and cannot be
// serialized.
OPENSSL_EXPORT RSA *RSA_new_private_key_no_crt(const BIGNUM *n, const BIGNUM *e,
const BIGNUM *d);
// RSA_new_private_key_no_e behaves like |RSA_new_private_key| but constructs an
// RSA key without CRT parameters or public exponent.
//
// Keys created by this function will be less performant, cannot be serialized,
// and lack hardening measures that protect against side channels and fault
// attacks.
OPENSSL_EXPORT RSA *RSA_new_private_key_no_e(const BIGNUM *n, const BIGNUM *d);
// RSA_new_public_key_large_e behaves like |RSA_new_public_key| but allows any
// |e| up to |n|.
//
// BoringSSL typically bounds public exponents as a denial-of-service
// mitigation. Keys created by this function may perform worse than those
// created by |RSA_new_public_key|.
OPENSSL_EXPORT RSA *RSA_new_public_key_large_e(const BIGNUM *n,
const BIGNUM *e);
// RSA_new_private_key_large_e behaves like |RSA_new_private_key| but allows any
// |e| up to |n|.
//
// BoringSSL typically bounds public exponents as a denial-of-service
// mitigation. Keys created by this function may perform worse than those
// created by |RSA_new_private_key|.
OPENSSL_EXPORT RSA *RSA_new_private_key_large_e(
const BIGNUM *n, const BIGNUM *e, const BIGNUM *d, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
const BIGNUM *iqmp);
// ex_data functions.
//
// See |ex_data.h| for details.
OPENSSL_EXPORT int RSA_get_ex_new_index(long argl, void *argp,
CRYPTO_EX_unused *unused,
CRYPTO_EX_dup *dup_unused,
CRYPTO_EX_free *free_func);
OPENSSL_EXPORT int RSA_set_ex_data(RSA *rsa, int idx, void *arg);
OPENSSL_EXPORT void *RSA_get_ex_data(const RSA *rsa, int idx);
// Flags.
// RSA_FLAG_OPAQUE specifies that this RSA_METHOD does not expose its key
// material. This may be set if, for instance, it is wrapping some other crypto
// API, like a platform key store.
#define RSA_FLAG_OPAQUE 1
// RSA_FLAG_NO_BLINDING disables blinding of private operations, which is a
// dangerous thing to do. It is deprecated and should not be used. It will
// be ignored whenever possible.
//
// This flag must be used if a key without the public exponent |e| is used for
// private key operations; avoid using such keys whenever possible.
#define RSA_FLAG_NO_BLINDING 8
// RSA_FLAG_EXT_PKEY is deprecated and ignored.
#define RSA_FLAG_EXT_PKEY 0x20
// RSA_FLAG_NO_PUBLIC_EXPONENT indicates that private keys without a public
// exponent are allowed. This is an internal constant. Use
// |RSA_new_private_key_no_e| to construct such keys.
#define RSA_FLAG_NO_PUBLIC_EXPONENT 0x40
// RSA_FLAG_LARGE_PUBLIC_EXPONENT indicates that keys with a large public
// exponent are allowed. This is an internal constant. Use
// |RSA_new_public_key_large_e| and |RSA_new_private_key_large_e| to construct
// such keys.
#define RSA_FLAG_LARGE_PUBLIC_EXPONENT 0x80
// RSA public exponent values.
#define RSA_3 0x3
#define RSA_F4 0x10001
// Deprecated functions.
#define RSA_METHOD_FLAG_NO_CHECK RSA_FLAG_OPAQUE
// RSAerr allows consumers to add an error for a given function |f| and reason
// |r|. This macro is added in for OpenSSL compatibility. To avoid exposing
// internals, we ignore the |f| parameter. The |r| parameter is passed into
// |OPENSSL_PUT_ERROR|.
#define RSAerr(f,r) OPENSSL_PUT_ERROR(RSA, r);
// RSA_flags returns the flags for |rsa|. These are a bitwise OR of |RSA_FLAG_*|
// constants.
OPENSSL_EXPORT int RSA_flags(const RSA *rsa);
// RSA_set_flags sets the flags in the |flags| parameter on the |RSA|
// object. Multiple flags can be passed in one go (bitwise ORed together).
// Any flags that are already set are left set.
OPENSSL_EXPORT void RSA_set_flags(RSA *rsa, int flags);
// RSA_test_flags returns the subset of flags in |flags| which are set in |rsa|.
OPENSSL_EXPORT int RSA_test_flags(const RSA *rsa, int flags);
// RSA_blinding_on returns one in case blinding is on, otherwise 0.
OPENSSL_EXPORT int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
// RSA_blinding_off_temp_for_accp_compatibility sets |rsa|'s RSA_FLAG_NO_BLINDING.
//
// Private keys missing |e| are often used by the JCA. In order to use such keys
// for signing/decryption, one can use RSA_blinding_off_temp_for_accp_compatibility
// to disable blinding. In general, we strongly advise against disabling blinding.
// This method is temporarily provided to support ACCP. It will be replaced
// by a method that would allow creating an RSA private key from a modulus and
// a private exponent having blinding disabled.
OPENSSL_EXPORT OPENSSL_DEPRECATED void RSA_blinding_off_temp_for_accp_compatibility(RSA *rsa);
// RSA_pkey_ctx_ctrl is a vestigial OpenSSL function that has been obsoleted by
// the EVP interface. External callers should not use this. Internal callers
// should use |EVP_PKEY_CTX_ctrl| instead.
//
// This function directly calls |EVP_PKEY_CTX_ctrl| with some guards around the
// key's type. The key type must either be RSA or RSA-PSS, otherwise -1 is
// returned.
OPENSSL_EXPORT OPENSSL_DEPRECATED int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd,
int p1, void *p2);
// RSA_generate_key behaves like |RSA_generate_key_ex|, which is what you
// should use instead. It returns NULL on error, or a newly-allocated |RSA| on
// success. This function is provided for compatibility only. The |callback|
// and |cb_arg| parameters must be NULL.
OPENSSL_EXPORT RSA *RSA_generate_key(int bits, uint64_t e, void *callback,
void *cb_arg);
// d2i_RSAPublicKey parses a DER-encoded RSAPublicKey structure (RFC 8017) from
// |len| bytes at |*inp|, as described in |d2i_SAMPLE|.
//
// Use |RSA_parse_public_key| instead.
OPENSSL_EXPORT RSA *d2i_RSAPublicKey(RSA **out, const uint8_t **inp, long len);
// i2d_RSAPublicKey marshals |in| to a DER-encoded RSAPublicKey structure (RFC
// 8017), as described in |i2d_SAMPLE|.
//
// Use |RSA_marshal_public_key| instead.
OPENSSL_EXPORT int i2d_RSAPublicKey(const RSA *in, uint8_t **outp);
// d2i_RSAPrivateKey parses a DER-encoded RSAPrivateKey structure (RFC 8017)
// from |len| bytes at |*inp|, as described in |d2i_SAMPLE|.
//
// Use |RSA_parse_private_key| instead.
OPENSSL_EXPORT RSA *d2i_RSAPrivateKey(RSA **out, const uint8_t **inp, long len);
// i2d_RSAPrivateKey marshals |in| to a DER-encoded RSAPrivateKey structure (RFC
// 8017), as described in |i2d_SAMPLE|.
//
// Use |RSA_marshal_private_key| instead.
OPENSSL_EXPORT int i2d_RSAPrivateKey(const RSA *in, uint8_t **outp);
// RSA_padding_add_PKCS1_PSS acts like |RSA_padding_add_PKCS1_PSS_mgf1| but the
// |mgf1Hash| parameter of the latter is implicitly set to |Hash|.
//
// This function implements only the low-level padding logic. Use
// |RSA_sign_pss_mgf1| instead.
OPENSSL_EXPORT int RSA_padding_add_PKCS1_PSS(const RSA *rsa, uint8_t *EM,
const uint8_t *mHash,
const EVP_MD *Hash, int sLen);
// RSA_verify_PKCS1_PSS acts like |RSA_verify_PKCS1_PSS_mgf1| but the
// |mgf1Hash| parameter of the latter is implicitly set to |Hash|.
//
// This function implements only the low-level padding logic. Use
// |RSA_verify_pss_mgf1| instead.
OPENSSL_EXPORT int RSA_verify_PKCS1_PSS(const RSA *rsa, const uint8_t *mHash,
const EVP_MD *Hash, const uint8_t *EM,
int sLen);
// RSA_padding_add_PKCS1_OAEP acts like |RSA_padding_add_PKCS1_OAEP_mgf1| but
// the |md| and |mgf1md| parameters of the latter are implicitly set to NULL,
// which means SHA-1.
OPENSSL_EXPORT int RSA_padding_add_PKCS1_OAEP(uint8_t *to, size_t to_len,
const uint8_t *from,
size_t from_len,
const uint8_t *param,
size_t param_len);
// RSA_print prints a textual representation of |rsa| to |bio|. It returns one
// on success or zero otherwise.
OPENSSL_EXPORT int RSA_print(BIO *bio, const RSA *rsa, int indent);
// RSA_print_fp prints a textual representation of |rsa| to |fp|. It returns one
// on success or zero otherwise.
OPENSSL_EXPORT int RSA_print_fp(FILE *fp, const RSA *rsa, int indent);
// RSA_get0_pss_params returns NULL. In OpenSSL, this function retries RSA-PSS
// parameters associated with |RSA| objects, but BoringSSL does not support
// the id-RSASSA-PSS key encoding.
OPENSSL_EXPORT const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *rsa);
// RSA_new_method_no_e returns a newly-allocated |RSA| object backed by
// |engine|, with a public modulus of |n| and no known public exponent.
//
// Do not use this function. It exists only to support Conscrypt, whose use
// should be replaced with a more sound mechanism. See
// https://crbug.com/boringssl/602.
OPENSSL_EXPORT RSA *RSA_new_method_no_e(const ENGINE *engine, const BIGNUM *n);
#if defined(__cplusplus)
} // extern C
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(RSA, RSA_free)
BORINGSSL_MAKE_UP_REF(RSA, RSA_up_ref)
BSSL_NAMESPACE_END
} // extern C++
#endif
#define RSA_R_BAD_ENCODING 100
#define RSA_R_BAD_E_VALUE 101
#define RSA_R_BAD_FIXED_HEADER_DECRYPT 102
#define RSA_R_BAD_PAD_BYTE_COUNT 103
#define RSA_R_BAD_RSA_PARAMETERS 104
#define RSA_R_BAD_SIGNATURE 105
#define RSA_R_BAD_VERSION 106
#define RSA_R_BLOCK_TYPE_IS_NOT_01 107
#define RSA_R_BN_NOT_INITIALIZED 108
#define RSA_R_CANNOT_RECOVER_MULTI_PRIME_KEY 109
#define RSA_R_CRT_PARAMS_ALREADY_GIVEN 110
#define RSA_R_CRT_VALUES_INCORRECT 111
#define RSA_R_DATA_LEN_NOT_EQUAL_TO_MOD_LEN 112
#define RSA_R_DATA_TOO_LARGE 113
#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 114
#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 115
#define RSA_R_DATA_TOO_SMALL 116
#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 117
#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 118
#define RSA_R_D_E_NOT_CONGRUENT_TO_1 119
#define RSA_R_EMPTY_PUBLIC_KEY 120
#define RSA_R_ENCODE_ERROR 121
#define RSA_R_FIRST_OCTET_INVALID 122
#define RSA_R_INCONSISTENT_SET_OF_CRT_VALUES 123
#define RSA_R_INTERNAL_ERROR 124
#define RSA_R_INVALID_MESSAGE_LENGTH 125
#define RSA_R_KEY_SIZE_TOO_SMALL 126
#define RSA_R_LAST_OCTET_INVALID 127
#define RSA_R_MODULUS_TOO_LARGE 128
#define RSA_R_MUST_HAVE_AT_LEAST_TWO_PRIMES 129
#define RSA_R_NO_PUBLIC_EXPONENT 130
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 131
#define RSA_R_N_NOT_EQUAL_P_Q 132
#define RSA_R_OAEP_DECODING_ERROR 133
#define RSA_R_ONLY_ONE_OF_P_Q_GIVEN 134
#define RSA_R_OUTPUT_BUFFER_TOO_SMALL 135
#define RSA_R_PADDING_CHECK_FAILED 136
#define RSA_R_PKCS_DECODING_ERROR 137
#define RSA_R_SLEN_CHECK_FAILED 138
#define RSA_R_SLEN_RECOVERY_FAILED 139
#define RSA_R_TOO_LONG 140
#define RSA_R_TOO_MANY_ITERATIONS 141
#define RSA_R_UNKNOWN_ALGORITHM_TYPE 142
#define RSA_R_UNKNOWN_PADDING_TYPE 143
#define RSA_R_VALUE_MISSING 144
#define RSA_R_WRONG_SIGNATURE_LENGTH 145
#define RSA_R_PUBLIC_KEY_VALIDATION_FAILED 146
#define RSA_R_D_OUT_OF_RANGE 147
#define RSA_R_BLOCK_TYPE_IS_NOT_02 148
#define RSA_R_MISMATCHED_SIGNATURE 248
// RSA_F_RSA_OSSL_PRIVATE_ENCRYPT is a function code defined
// for compatibility. AWS-LC does not support function codes
#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 0
#endif // OPENSSL_HEADER_RSA_H

5
vendor/aws-lc-sys/aws-lc/include/openssl/safestack.h vendored Normal file
View File

@@ -0,0 +1,5 @@
// Copyright (c) 2014, Google Inc.
// SPDX-License-Identifier: ISC
/* This header is provided in order to make compiling against code that expects
OpenSSL easier. */

88
vendor/aws-lc-sys/aws-lc/include/openssl/service_indicator.h vendored Normal file
View File

@@ -0,0 +1,88 @@
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 OR ISC
#ifndef AWSLC_HEADER_SERVICE_INDICATOR_H
#define AWSLC_HEADER_SERVICE_INDICATOR_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// FIPS 140-3 Approved Security Service Indicator
// |FIPS_service_indicator_before_call| and |FIPS_service_indicator_after_call|
// both currently return the same local thread counter which is slowly
// incremented whenever approved services are called.
//
// |FIPS_service_indicator_before_call| is intended to be called right before
// an approved service, while |FIPS_service_indicator_after_call| should be
// called immediately after. If the values returned from these two functions are
// not equal, this means that the service called in between is deemed to be
// approved. If the values are still the same, this means the counter has not
// been incremented, and the service called is otherwise not approved for FIPS.
OPENSSL_EXPORT uint64_t FIPS_service_indicator_before_call(void);
OPENSSL_EXPORT uint64_t FIPS_service_indicator_after_call(void);
OPENSSL_EXPORT const char* awslc_version_string(void);
enum FIPSStatus {
AWSLC_NOT_APPROVED = 0,
AWSLC_APPROVED = 1
};
#if defined(AWSLC_FIPS)
#define AWSLC_MODE_STRING "AWS-LC FIPS "
// CALL_SERVICE_AND_CHECK_APPROVED performs an approval check and runs the service.
// The |approved| value passed in will change to |AWSLC_APPROVED| and
// |AWSLC_NOT_APPROVED| accordingly to the approved state of the service ran.
// It is highly recommended that users of the service indicator use this macro
// when interacting with the service indicator.
//
// This macro tests before != after to handle potential uint64_t rollover in
// long-running applications that use the release build of AWS-LC. Debug builds
// use an assert before + 1 == after to ensure in testing the service indicator
// is operating as expected.
#define CALL_SERVICE_AND_CHECK_APPROVED(approved, func) \
do { \
(approved) = AWSLC_NOT_APPROVED; \
int before = FIPS_service_indicator_before_call(); \
func; \
int after = FIPS_service_indicator_after_call(); \
if (before != after) { \
assert(before + 1 == after); \
(approved) = AWSLC_APPROVED; \
} \
} \
while(0)
#else
#define AWSLC_MODE_STRING "AWS-LC "
// CALL_SERVICE_AND_CHECK_APPROVED always returns |AWSLC_APPROVED| when AWS-LC
// is not built in FIPS mode for easier consumer compatibility that have both
// FIPS and non-FIPS libraries.
#define CALL_SERVICE_AND_CHECK_APPROVED(approved, func) \
do { \
(approved) = AWSLC_APPROVED; \
func; \
} \
while(0) \
#endif // AWSLC_FIPS
#define AWSLC_VERSION_STRING AWSLC_MODE_STRING AWSLC_VERSION_NUMBER_STRING
#if defined(__cplusplus)
} // extern C
#endif
#endif // AWSLC_SERVICE_INDICATOR_H

247
vendor/aws-lc-sys/aws-lc/include/openssl/sha.h vendored Normal file
View File

@@ -0,0 +1,247 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_SHA_H
#define OPENSSL_HEADER_SHA_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// The SHA family of hash functions (SHA-1 and SHA-2).
// SHA_CBLOCK is the block size of SHA-1.
#define SHA_CBLOCK 64
// SHA_DIGEST_LENGTH is the length of a SHA-1 digest.
#define SHA_DIGEST_LENGTH 20
// SHA1_Init initialises |sha| and returns one.
OPENSSL_EXPORT int SHA1_Init(SHA_CTX *sha);
// SHA1_Update adds |len| bytes from |data| to |sha| and returns one.
OPENSSL_EXPORT int SHA1_Update(SHA_CTX *sha, const void *data, size_t len);
// SHA1_Final adds the final padding to |sha| and writes the resulting digest to
// |out|, which must have at least |SHA_DIGEST_LENGTH| bytes of space. It
// returns one.
OPENSSL_EXPORT int SHA1_Final(uint8_t out[SHA_DIGEST_LENGTH], SHA_CTX *sha);
// SHA1 writes the digest of |len| bytes from |data| to |out| and returns
// |out|. There must be at least |SHA_DIGEST_LENGTH| bytes of space in
// |out|.
OPENSSL_EXPORT uint8_t *SHA1(const uint8_t *data, size_t len,
uint8_t out[SHA_DIGEST_LENGTH]);
// SHA1_Transform is a low-level function that performs a single, SHA-1 block
// transformation using the state from |sha| and |SHA_CBLOCK| bytes from
// |block|.
OPENSSL_EXPORT void SHA1_Transform(SHA_CTX *sha,
const uint8_t block[SHA_CBLOCK]);
struct sha_state_st {
uint32_t h[5];
uint32_t Nl, Nh;
uint8_t data[SHA_CBLOCK];
unsigned num;
};
// SHA-224.
// SHA224_CBLOCK is the block size of SHA-224.
#define SHA224_CBLOCK 64
// SHA224_DIGEST_LENGTH is the length of a SHA-224 digest.
#define SHA224_DIGEST_LENGTH 28
// SHA224_Init initialises |sha| and returns 1.
OPENSSL_EXPORT int SHA224_Init(SHA256_CTX *sha);
// SHA224_Update adds |len| bytes from |data| to |sha| and returns 1.
OPENSSL_EXPORT int SHA224_Update(SHA256_CTX *sha, const void *data, size_t len);
// SHA224_Final adds the final padding to |sha| and writes the resulting digest
// to |out|, which must have at least |SHA224_DIGEST_LENGTH| bytes of space. It
// returns one on success and zero on programmer error.
OPENSSL_EXPORT int SHA224_Final(uint8_t out[SHA224_DIGEST_LENGTH],
SHA256_CTX *sha);
// SHA224 writes the digest of |len| bytes from |data| to |out| and returns
// |out|. There must be at least |SHA224_DIGEST_LENGTH| bytes of space in
// |out|.
OPENSSL_EXPORT uint8_t *SHA224(const uint8_t *data, size_t len,
uint8_t out[SHA224_DIGEST_LENGTH]);
// SHA-256.
// SHA256_CBLOCK is the block size of SHA-256.
#define SHA256_CBLOCK 64
// SHA256_DIGEST_LENGTH is the length of a SHA-256 digest.
#define SHA256_DIGEST_LENGTH 32
// SHA256_Init initialises |sha| and returns 1.
OPENSSL_EXPORT int SHA256_Init(SHA256_CTX *sha);
// SHA256_Update adds |len| bytes from |data| to |sha| and returns 1.
OPENSSL_EXPORT int SHA256_Update(SHA256_CTX *sha, const void *data, size_t len);
// SHA256_Final adds the final padding to |sha| and writes the resulting digest
// to |out|, which must have at least |SHA256_DIGEST_LENGTH| bytes of space. It
// returns one on success and zero on programmer error.
OPENSSL_EXPORT int SHA256_Final(uint8_t out[SHA256_DIGEST_LENGTH],
SHA256_CTX *sha);
// SHA256 writes the digest of |len| bytes from |data| to |out| and returns
// |out|. There must be at least |SHA256_DIGEST_LENGTH| bytes of space in
// |out|.
OPENSSL_EXPORT uint8_t *SHA256(const uint8_t *data, size_t len,
uint8_t out[SHA256_DIGEST_LENGTH]);
// SHA256_Transform is a low-level function that performs a single, SHA-256
// block transformation using the state from |sha| and |SHA256_CBLOCK| bytes
// from |block|.
OPENSSL_EXPORT void SHA256_Transform(SHA256_CTX *sha,
const uint8_t block[SHA256_CBLOCK]);
// SHA256_TransformBlocks is a low-level function that takes |num_blocks| *
// |SHA256_CBLOCK| bytes of data and performs SHA-256 transforms on it to update
// |state|. You should not use this function unless you are implementing a
// derivative of SHA-256.
OPENSSL_EXPORT void SHA256_TransformBlocks(uint32_t state[8],
const uint8_t *data,
size_t num_blocks);
struct sha256_state_st {
uint32_t h[8];
uint32_t Nl, Nh;
uint8_t data[SHA256_CBLOCK];
unsigned num, md_len;
};
// SHA-384.
// SHA384_CBLOCK is the block size of SHA-384.
#define SHA384_CBLOCK 128
// SHA384_DIGEST_LENGTH is the length of a SHA-384 digest.
#define SHA384_DIGEST_LENGTH 48
// SHA384_Init initialises |sha| and returns 1.
OPENSSL_EXPORT int SHA384_Init(SHA512_CTX *sha);
// SHA384_Update adds |len| bytes from |data| to |sha| and returns 1.
OPENSSL_EXPORT int SHA384_Update(SHA512_CTX *sha, const void *data, size_t len);
// SHA384_Final adds the final padding to |sha| and writes the resulting digest
// to |out|, which must have at least |SHA384_DIGEST_LENGTH| bytes of space. It
// returns one on success and zero on programmer error.
OPENSSL_EXPORT int SHA384_Final(uint8_t out[SHA384_DIGEST_LENGTH],
SHA512_CTX *sha);
// SHA384 writes the digest of |len| bytes from |data| to |out| and returns
// |out|. There must be at least |SHA384_DIGEST_LENGTH| bytes of space in
// |out|.
OPENSSL_EXPORT uint8_t *SHA384(const uint8_t *data, size_t len,
uint8_t out[SHA384_DIGEST_LENGTH]);
// SHA-512.
// SHA512_CBLOCK is the block size of SHA-512.
#define SHA512_CBLOCK 128
// SHA512_DIGEST_LENGTH is the length of a SHA-512 digest.
#define SHA512_DIGEST_LENGTH 64
// SHA512_Init initialises |sha| and returns 1.
OPENSSL_EXPORT int SHA512_Init(SHA512_CTX *sha);
// SHA512_Update adds |len| bytes from |data| to |sha| and returns 1.
OPENSSL_EXPORT int SHA512_Update(SHA512_CTX *sha, const void *data, size_t len);
// SHA512_Final adds the final padding to |sha| and writes the resulting digest
// to |out|, which must have at least |SHA512_DIGEST_LENGTH| bytes of space. It
// returns one on success and zero on programmer error.
OPENSSL_EXPORT int SHA512_Final(uint8_t out[SHA512_DIGEST_LENGTH],
SHA512_CTX *sha);
// SHA512 writes the digest of |len| bytes from |data| to |out| and returns
// |out|. There must be at least |SHA512_DIGEST_LENGTH| bytes of space in
// |out|.
OPENSSL_EXPORT uint8_t *SHA512(const uint8_t *data, size_t len,
uint8_t out[SHA512_DIGEST_LENGTH]);
// SHA512_Transform is a low-level function that performs a single, SHA-512
// block transformation using the state from |sha| and |SHA512_CBLOCK| bytes
// from |block|.
OPENSSL_EXPORT void SHA512_Transform(SHA512_CTX *sha,
const uint8_t block[SHA512_CBLOCK]);
struct sha512_state_st {
uint64_t h[8];
uint64_t Nl, Nh;
uint8_t p[128];
unsigned num, md_len;
};
// SHA-512-224 and SHA-512-256
//
// See https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf section 5.3.6
#define SHA512_224_DIGEST_LENGTH 28
// SHA512_224_Init initialises |sha| and returns 1.
OPENSSL_EXPORT int SHA512_224_Init(SHA512_CTX *sha);
// SHA512_224_Update adds |len| bytes from |data| to |sha| and returns 1.
OPENSSL_EXPORT int SHA512_224_Update(SHA512_CTX *sha, const void *data,
size_t len);
// SHA512_224_Final adds the final padding to |sha| and writes the resulting
// digest to |out|, which must have at least |SHA512_224_DIGEST_LENGTH| bytes of
// space. It returns one on success and zero on programmer error.
OPENSSL_EXPORT int SHA512_224_Final(uint8_t out[SHA512_224_DIGEST_LENGTH],
SHA512_CTX *sha);
// SHA512_224 writes the digest of |len| bytes from |data| to |out| and returns
// |out|. There must be at least |SHA512_224_DIGEST_LENGTH| bytes of space in
// |out|.
OPENSSL_EXPORT uint8_t *SHA512_224(const uint8_t *data, size_t len,
uint8_t out[SHA512_224_DIGEST_LENGTH]);
#define SHA512_256_DIGEST_LENGTH 32
// SHA512_256_Init initialises |sha| and returns 1.
OPENSSL_EXPORT int SHA512_256_Init(SHA512_CTX *sha);
// SHA512_256_Update adds |len| bytes from |data| to |sha| and returns 1.
OPENSSL_EXPORT int SHA512_256_Update(SHA512_CTX *sha, const void *data,
size_t len);
// SHA512_256_Final adds the final padding to |sha| and writes the resulting
// digest to |out|, which must have at least |SHA512_256_DIGEST_LENGTH| bytes of
// space. It returns one on success and zero on programmer error.
OPENSSL_EXPORT int SHA512_256_Final(uint8_t out[SHA512_256_DIGEST_LENGTH],
SHA512_CTX *sha);
// SHA512_256 writes the digest of |len| bytes from |data| to |out| and returns
// |out|. There must be at least |SHA512_256_DIGEST_LENGTH| bytes of space in
// |out|.
OPENSSL_EXPORT uint8_t *SHA512_256(const uint8_t *data, size_t len,
uint8_t out[SHA512_256_DIGEST_LENGTH]);
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_SHA_H

26
vendor/aws-lc-sys/aws-lc/include/openssl/siphash.h vendored Normal file
View File

@@ -0,0 +1,26 @@
// Copyright (c) 2019, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_SIPHASH_H
#define OPENSSL_HEADER_SIPHASH_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// SipHash is a fast, secure PRF that is often used for hash tables.
// SIPHASH_24 implements SipHash-2-4. See https://131002.net/siphash/siphash.pdf
OPENSSL_EXPORT uint64_t SIPHASH_24(const uint64_t key[2], const uint8_t *input,
size_t input_len);
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_SIPHASH_H

216
vendor/aws-lc-sys/aws-lc/include/openssl/span.h vendored Normal file
View File

@@ -0,0 +1,216 @@
// Copyright (c) 2017, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_SSL_SPAN_H
#define OPENSSL_HEADER_SSL_SPAN_H
#include <openssl/base.h>
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
#include <stdlib.h>
#include <algorithm>
#include <type_traits>
BSSL_NAMESPACE_BEGIN
template <typename T>
class Span;
namespace internal {
template <typename T>
class SpanBase {
// Put comparison operator implementations into a base class with const T, so
// they can be used with any type that implicitly converts into a Span.
static_assert(std::is_const<T>::value,
"Span<T> must be derived from SpanBase<const T>");
friend bool operator==(Span<T> lhs, Span<T> rhs) {
// MSVC issues warning C4996 because std::equal is unsafe. The pragma to
// suppress the warning mysteriously has no effect, hence this
// implementation. See
// https://msdn.microsoft.com/en-us/library/aa985974.aspx.
if (lhs.size() != rhs.size()) {
return false;
}
for (T *l = lhs.begin(), *r = rhs.begin(); l != lhs.end() && r != rhs.end();
++l, ++r) {
if (*l != *r) {
return false;
}
}
return true;
}
friend bool operator!=(Span<T> lhs, Span<T> rhs) { return !(lhs == rhs); }
};
} // namespace internal
// A Span<T> is a non-owning reference to a contiguous array of objects of type
// |T|. Conceptually, a Span is a simple a pointer to |T| and a count of
// elements accessible via that pointer. The elements referenced by the Span can
// be mutated if |T| is mutable.
//
// A Span can be constructed from container types implementing |data()| and
// |size()| methods. If |T| is constant, construction from a container type is
// implicit. This allows writing methods that accept data from some unspecified
// container type:
//
// // Foo views data referenced by v.
// void Foo(bssl::Span<const uint8_t> v) { ... }
//
// std::vector<uint8_t> vec;
// Foo(vec);
//
// For mutable Spans, conversion is explicit:
//
// // FooMutate mutates data referenced by v.
// void FooMutate(bssl::Span<uint8_t> v) { ... }
//
// FooMutate(bssl::Span<uint8_t>(vec));
//
// You can also use the |MakeSpan| and |MakeConstSpan| factory methods to
// construct Spans in order to deduce the type of the Span automatically.
//
// FooMutate(bssl::MakeSpan(vec));
//
// Note that Spans have value type sematics. They are cheap to construct and
// copy, and should be passed by value whenever a method would otherwise accept
// a reference or pointer to a container or array.
template <typename T>
class Span : private internal::SpanBase<const T> {
private:
static const size_t npos = static_cast<size_t>(-1);
public:
constexpr Span() : Span(nullptr, 0) {}
constexpr Span(T *ptr, size_t len) : data_(ptr), size_(len) {}
template <size_t N>
constexpr Span(T (&array)[N]) : Span(array, N) {}
template <
typename C,
// TODO(davidben): Switch everything to std::enable_if_t when we remove
// support for MSVC 2015. Although we could write our own enable_if_t and
// MSVC 2015 has std::enable_if_t anyway, MSVC 2015's SFINAE
// implementation is problematic and does not work below unless we write
// the ::type at use.
//
// TODO(davidben): Move this and the identical copy below into an
// EnableIfContainer alias when we drop MSVC 2015 support. MSVC 2015's
// SFINAE support cannot handle type aliases.
typename = typename std::enable_if<
std::is_convertible<decltype(std::declval<C>().data()), T *>::value &&
std::is_integral<decltype(std::declval<C>().size())>::value>::type,
typename = typename std::enable_if<std::is_const<T>::value, C>::type>
Span(const C &container) : data_(container.data()), size_(container.size()) {}
template <
typename C,
typename = typename std::enable_if<
std::is_convertible<decltype(std::declval<C>().data()), T *>::value &&
std::is_integral<decltype(std::declval<C>().size())>::value>::type,
typename = typename std::enable_if<!std::is_const<T>::value, C>::type>
explicit Span(C &container)
: data_(container.data()), size_(container.size()) {}
T *data() const { return data_; }
size_t size() const { return size_; }
bool empty() const { return size_ == 0; }
T *begin() const { return data_; }
const T *cbegin() const { return data_; }
T *end() const { return data_ + size_; }
const T *cend() const { return end(); }
T &front() const {
if (size_ == 0) {
abort();
}
return data_[0];
}
T &back() const {
if (size_ == 0) {
abort();
}
return data_[size_ - 1];
}
T &operator[](size_t i) const {
if (i >= size_) {
abort();
}
return data_[i];
}
T &at(size_t i) const { return (*this)[i]; }
Span subspan(size_t pos = 0, size_t len = npos) const {
if (pos > size_) {
// absl::Span throws an exception here. Note std::span and Chromium
// base::span additionally forbid pos + len being out of range, with a
// special case at npos/dynamic_extent, while absl::Span::subspan clips
// the span. For now, we align with absl::Span in case we switch to it in
// the future.
abort();
}
return Span(data_ + pos, std::min(size_ - pos, len));
}
Span first(size_t len) {
if (len > size_) {
abort();
}
return Span(data_, len);
}
Span last(size_t len) {
if (len > size_) {
abort();
}
return Span(data_ + size_ - len, len);
}
private:
T *data_;
size_t size_;
};
template <typename T>
const size_t Span<T>::npos;
template <typename T>
Span<T> MakeSpan(T *ptr, size_t size) {
return Span<T>(ptr, size);
}
template <typename C>
auto MakeSpan(C &c) -> decltype(MakeSpan(c.data(), c.size())) {
return MakeSpan(c.data(), c.size());
}
template <typename T>
Span<const T> MakeConstSpan(T *ptr, size_t size) {
return Span<const T>(ptr, size);
}
template <typename C>
auto MakeConstSpan(const C &c) -> decltype(MakeConstSpan(c.data(), c.size())) {
return MakeConstSpan(c.data(), c.size());
}
template <typename T, size_t size>
Span<const T> MakeConstSpan(T (&array)[size]) {
return Span<const T>(array, size);
}
BSSL_NAMESPACE_END
} // extern C++
#endif // !defined(BORINGSSL_NO_CXX)
#endif // OPENSSL_HEADER_SSL_SPAN_H

51
vendor/aws-lc-sys/aws-lc/include/openssl/sshkdf.h vendored Normal file
View File

@@ -0,0 +1,51 @@
// Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_SSHKDF_H
#define OPENSSL_HEADER_SSHKDF_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// SSH-specific KDF
//
// This KDF should only be called from SSH client/server code; it's not a
// general-purpose KDF and is only Approved for FIPS 140-3 use specifically
// in SSH.
// The following defines are the valid |type| values for SSHKDF().
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66
#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67
#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI 68
#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV 69
#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI 70
// SSHKDF is a key derivation function used in the SSH Transport Layer Protocol
// defined in Section 7.2 of RFC 4253. It calculates a derived key |out| of
// length |out_len| bytes using |evp_md| hash algorithm from the supplied
// shared secret |key|, hash value |xcghash| and session identifier
// |session_id|. It returns one on success and zero on error.
//
// |xcghash| is produced during the SSH Diffie-Hellman exchange.
//
// SSHKDF is only FIPS 140-3 Approved for use in SSH.
OPENSSL_EXPORT int SSHKDF(const EVP_MD *evp_md,
const uint8_t *key, size_t key_len,
const uint8_t *xcghash, size_t xcghash_len,
const uint8_t *session_id, size_t session_id_len,
char type,
uint8_t *out, size_t out_len);
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_SSHKDF_H

6580
vendor/aws-lc-sys/aws-lc/include/openssl/ssl.h vendored Normal file
View File

File diff suppressed because it is too large Load Diff

227
vendor/aws-lc-sys/aws-lc/include/openssl/ssl3.h vendored Normal file
View File

@@ -0,0 +1,227 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
// Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
// Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
//
// ECC cipher suite support in OpenSSL originally developed by
// SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
//
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_SSL3_H
#define OPENSSL_HEADER_SSL3_H
#include <openssl/aead.h>
#include <openssl/type_check.h>
#ifdef __cplusplus
extern "C" {
#endif
// These are kept to support clients that negotiates higher protocol versions
// using SSLv2 client hello records.
#define SSL2_MT_CLIENT_HELLO 1
#define SSL2_VERSION 0x0002
// Signalling cipher suite value from RFC 5746.
#define SSL3_CK_SCSV 0x030000FF
// Fallback signalling cipher suite value from RFC 7507.
#define SSL3_CK_FALLBACK_SCSV 0x03005600
#define SSL3_CK_RSA_NULL_MD5 0x03000001
#define SSL3_CK_RSA_NULL_SHA 0x03000002
#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
#define SSL3_CK_RSA_RC4_128_MD5 0x03000004
#define SSL3_CK_RSA_RC4_128_SHA 0x03000005
#define SSL3_CK_RSA_RC2_40_MD5 0x03000006
#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
#define SSL3_CK_ADH_RC4_40_MD5 0x03000017
#define SSL3_CK_ADH_RC4_128_MD5 0x03000018
#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
#define SSL3_SSL_SESSION_ID_LENGTH 32
#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
#define SSL3_MASTER_SECRET_SIZE 48
#define SSL3_RANDOM_SIZE 32
#define SSL3_SESSION_ID_SIZE 32
#define SSL3_RT_HEADER_LENGTH 5
#define SSL3_HM_HEADER_LENGTH 4
#ifndef SSL3_ALIGN_PAYLOAD
// Some will argue that this increases memory footprint, but it's not actually
// true. Point is that malloc has to return at least 64-bit aligned pointers,
// meaning that allocating 5 bytes wastes 3 bytes in either case. Suggested
// pre-gaping simply moves these wasted bytes from the end of allocated region
// to its front, but makes data payload aligned, which improves performance.
#define SSL3_ALIGN_PAYLOAD 8
#else
#if (SSL3_ALIGN_PAYLOAD & (SSL3_ALIGN_PAYLOAD - 1)) != 0
#error "insane SSL3_ALIGN_PAYLOAD"
#undef SSL3_ALIGN_PAYLOAD
#endif
#endif
// This is the maximum MAC (digest) size used by the SSL library. Currently
// maximum of 20 is used by SHA1, but we reserve for future extension for
// 512-bit hashes.
#define SSL3_RT_MAX_MD_SIZE 64
// Maximum block size used in all ciphersuites. Currently 16 for AES.
#define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16
// Maximum plaintext length: defined by SSL/TLS standards
#define SSL3_RT_MAX_PLAIN_LENGTH 16384
// Maximum compression overhead: defined by SSL/TLS standards
#define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024
// The standards give a maximum encryption overhead of 1024 bytes. In practice
// the value is lower than this. The overhead is the maximum number of padding
// bytes (256) plus the mac size.
//
// TODO(davidben): This derivation doesn't take AEADs into account, or TLS 1.1
// explicit nonces. It happens to work because |SSL3_RT_MAX_MD_SIZE| is larger
// than necessary and no true AEAD has variable overhead in TLS 1.2.
#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)
// SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD is the maximum overhead in encrypting a
// record. This does not include the record header. Some ciphers use explicit
// nonces, so it includes both the AEAD overhead as well as the nonce.
#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
(EVP_AEAD_MAX_OVERHEAD + EVP_AEAD_MAX_NONCE_LENGTH)
OPENSSL_STATIC_ASSERT(SSL3_RT_MAX_ENCRYPTED_OVERHEAD >=
SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD,
max_overheads_are_inconsistent)
// SSL3_RT_MAX_COMPRESSED_LENGTH is an alias for
// |SSL3_RT_MAX_PLAIN_LENGTH|. Compression is gone, so don't include the
// compression overhead.
#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
#define SSL3_RT_MAX_ENCRYPTED_LENGTH \
(SSL3_RT_MAX_ENCRYPTED_OVERHEAD + SSL3_RT_MAX_COMPRESSED_LENGTH)
#define SSL3_RT_MAX_PACKET_SIZE \
(SSL3_RT_MAX_ENCRYPTED_LENGTH + SSL3_RT_HEADER_LENGTH)
#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
#define SSL3_RT_CHANGE_CIPHER_SPEC 20
#define SSL3_RT_ALERT 21
#define SSL3_RT_HANDSHAKE 22
#define SSL3_RT_APPLICATION_DATA 23
// Pseudo content type for SSL/TLS header info
#define SSL3_RT_HEADER 0x100
#define SSL3_RT_CLIENT_HELLO_INNER 0x101
#define SSL3_AL_WARNING 1
#define SSL3_AL_FATAL 2
#define SSL3_AD_CLOSE_NOTIFY 0
#define SSL3_AD_UNEXPECTED_MESSAGE 10 // fatal
#define SSL3_AD_BAD_RECORD_MAC 20 // fatal
#define SSL3_AD_DECOMPRESSION_FAILURE 30 // fatal
#define SSL3_AD_HANDSHAKE_FAILURE 40 // fatal
#define SSL3_AD_NO_CERTIFICATE 41
#define SSL3_AD_BAD_CERTIFICATE 42
#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
#define SSL3_AD_CERTIFICATE_REVOKED 44
#define SSL3_AD_CERTIFICATE_EXPIRED 45
#define SSL3_AD_CERTIFICATE_UNKNOWN 46
#define SSL3_AD_ILLEGAL_PARAMETER 47 // fatal
#define SSL3_AD_INAPPROPRIATE_FALLBACK 86 // fatal
#define SSL3_CT_RSA_SIGN 1
#define SSL3_MT_HELLO_REQUEST 0
#define SSL3_MT_CLIENT_HELLO 1
#define SSL3_MT_SERVER_HELLO 2
#define SSL3_MT_NEW_SESSION_TICKET 4
#define SSL3_MT_END_OF_EARLY_DATA 5
#define SSL3_MT_ENCRYPTED_EXTENSIONS 8
#define SSL3_MT_CERTIFICATE 11
#define SSL3_MT_SERVER_KEY_EXCHANGE 12
#define SSL3_MT_CERTIFICATE_REQUEST 13
#define SSL3_MT_SERVER_HELLO_DONE 14
#define SSL3_MT_CERTIFICATE_VERIFY 15
#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
#define SSL3_MT_FINISHED 20
#define SSL3_MT_CERTIFICATE_STATUS 22
#define SSL3_MT_SUPPLEMENTAL_DATA 23
#define SSL3_MT_KEY_UPDATE 24
#define SSL3_MT_COMPRESSED_CERTIFICATE 25
#define SSL3_MT_NEXT_PROTO 67
#define SSL3_MT_CHANNEL_ID 203
#define SSL3_MT_MESSAGE_HASH 254
#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
// The following are legacy aliases for consumers which use
// |SSL_CTX_set_msg_callback|.
#define SSL3_MT_SERVER_DONE SSL3_MT_SERVER_HELLO_DONE
#define SSL3_MT_NEWSESSION_TICKET SSL3_MT_NEW_SESSION_TICKET
#define SSL3_MT_CCS 1
#ifdef __cplusplus
} // extern C
#endif
#endif // OPENSSL_HEADER_SSL3_H

646
vendor/aws-lc-sys/aws-lc/include/openssl/stack.h vendored Normal file
View File

@@ -0,0 +1,646 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_STACK_H
#define OPENSSL_HEADER_STACK_H
#include <limits.h>
#include <openssl/base.h>
#include <openssl/type_check.h>
#if defined(__cplusplus)
extern "C" {
#endif
// A stack, in OpenSSL, is an array of pointers. They are the most commonly
// used collection object.
//
// This file defines macros for type-safe use of the stack functions. A stack
// type is named like |STACK_OF(FOO)| and is accessed with functions named
// like |sk_FOO_*|. Note the stack will typically contain /pointers/ to |FOO|.
//
// The |DECLARE_STACK_OF| macro makes |STACK_OF(FOO)| available, and
// |DEFINE_STACK_OF| makes the corresponding functions available.
// Defining stacks.
// STACK_OF expands to the stack type for |type|.
#define STACK_OF(type) struct stack_st_##type
// DECLARE_STACK_OF declares the |STACK_OF(type)| type. It does not make the
// corresponding |sk_type_*| functions available. This macro should be used in
// files which only need the type.
#define DECLARE_STACK_OF(type) STACK_OF(type);
// DEFINE_NAMED_STACK_OF defines |STACK_OF(name)| to be a stack whose elements
// are |type| *. This macro makes the |sk_name_*| functions available.
//
// It is not necessary to use |DECLARE_STACK_OF| in files which use this macro.
#define DEFINE_NAMED_STACK_OF(name, type) \
BORINGSSL_DEFINE_STACK_OF_IMPL(name, type *, const type *) \
BORINGSSL_DEFINE_STACK_TRAITS(name, type, false)
// DEFINE_STACK_OF defines |STACK_OF(type)| to be a stack whose elements are
// |type| *. This macro makes the |sk_type_*| functions available.
//
// It is not necessary to use |DECLARE_STACK_OF| in files which use this macro.
#define DEFINE_STACK_OF(type) DEFINE_NAMED_STACK_OF(type, type)
// DEFINE_CONST_STACK_OF defines |STACK_OF(type)| to be a stack whose elements
// are const |type| *. This macro makes the |sk_type_*| functions available.
//
// It is not necessary to use |DECLARE_STACK_OF| in files which use this macro.
#define DEFINE_CONST_STACK_OF(type) \
BORINGSSL_DEFINE_STACK_OF_IMPL(type, const type *, const type *) \
BORINGSSL_DEFINE_STACK_TRAITS(type, const type, true)
// Using stacks.
//
// After the |DEFINE_STACK_OF| macro is used, the following functions are
// available.
#if 0 // Sample
// sk_SAMPLE_free_func is a callback to free an element in a stack.
typedef void (*sk_SAMPLE_free_func)(SAMPLE *);
// sk_SAMPLE_copy_func is a callback to copy an element in a stack. It should
// return the copy or NULL on error.
typedef SAMPLE *(*sk_SAMPLE_copy_func)(const SAMPLE *);
// sk_SAMPLE_cmp_func is a callback to compare |*a| to |*b|. It should return a
// value < 0, 0, or > 0 if |*a| is less than, equal to, or greater than |*b|,
// respectively. Note the extra indirection - the function is given a pointer
// to a pointer to the element. This is the |qsort|/|bsearch| comparison
// function applied to an array of |SAMPLE*|.
typedef int (*sk_SAMPLE_cmp_func)(const SAMPLE *const *a,
const SAMPLE *const *b);
// sk_SAMPLE_new creates a new, empty stack with the given comparison function,
// which may be NULL. It returns the new stack or NULL on allocation failure.
STACK_OF(SAMPLE) *sk_SAMPLE_new(sk_SAMPLE_cmp_func comp);
// sk_SAMPLE_new_null creates a new, empty stack. It returns the new stack or
// NULL on allocation failure.
STACK_OF(SAMPLE) *sk_SAMPLE_new_null(void);
// sk_SAMPLE_num returns the number of elements in |sk|. It is safe to cast this
// value to |int|. |sk| is guaranteed to have at most |INT_MAX| elements. If
// |sk| is NULL, it is treated as the empty list and this function returns zero.
size_t sk_SAMPLE_num(const STACK_OF(SAMPLE) *sk);
// sk_SAMPLE_zero resets |sk| to the empty state but does nothing to free the
// individual elements themselves.
void sk_SAMPLE_zero(STACK_OF(SAMPLE) *sk);
// sk_SAMPLE_value returns the |i|th pointer in |sk|, or NULL if |i| is out of
// range. If |sk| is NULL, it is treated as an empty list and the function
// returns NULL.
SAMPLE *sk_SAMPLE_value(const STACK_OF(SAMPLE) *sk, size_t i);
// sk_SAMPLE_set sets the |i|th pointer in |sk| to |p| and returns |p|. If |i|
// is out of range, it returns NULL.
SAMPLE *sk_SAMPLE_set(STACK_OF(SAMPLE) *sk, size_t i, SAMPLE *p);
// sk_SAMPLE_free frees |sk|, but does nothing to free the individual elements.
// Use |sk_SAMPLE_pop_free| to also free the elements.
void sk_SAMPLE_free(STACK_OF(SAMPLE) *sk);
// sk_SAMPLE_pop_free calls |free_func| on each element in |sk| and then
// frees the stack itself.
void sk_SAMPLE_pop_free(STACK_OF(SAMPLE) *sk, sk_SAMPLE_free_func free_func);
// sk_SAMPLE_insert inserts |p| into the stack at index |where|, moving existing
// elements if needed. It returns the length of the new stack, or zero on
// error. Ownership of |p| is taken by |sk|.
size_t sk_SAMPLE_insert(STACK_OF(SAMPLE) *sk, SAMPLE *p, size_t where);
// sk_SAMPLE_delete removes the pointer at index |where|, moving other elements
// down if needed. It returns the removed pointer, or NULL if |where| is out of
// range.
SAMPLE *sk_SAMPLE_delete(STACK_OF(SAMPLE) *sk, size_t where);
// sk_SAMPLE_delete_ptr removes, at most, one instance of |p| from |sk| based on
// pointer equality. If an instance of |p| is found then |p| is returned,
// otherwise it returns NULL.
SAMPLE *sk_SAMPLE_delete_ptr(STACK_OF(SAMPLE) *sk, const SAMPLE *p);
// sk_SAMPLE_delete_if_func is the callback function for |sk_SAMPLE_delete_if|.
// It should return one to remove |p| and zero to keep it.
typedef int (*sk_SAMPLE_delete_if_func)(SAMPLE *p, void *data);
// sk_SAMPLE_delete_if calls |func| with each element of |sk| and removes the
// entries where |func| returned one. This function does not free or return
// removed pointers so, if |sk| owns its contents, |func| should release the
// pointers prior to returning one.
void sk_SAMPLE_delete_if(STACK_OF(SAMPLE) *sk, sk_SAMPLE_delete_if_func func,
void *data);
// sk_SAMPLE_find find the first value in |sk| equal to |p|. |sk|'s comparison
// function determines equality, or pointer equality if |sk| has no comparison
// function.
//
// If the stack is sorted (see |sk_SAMPLE_sort|), this function uses a binary
// search. Otherwise it performs a linear search. If it finds a matching
// element, it returns the index of that element. Otherwise, it returns -1.
// If |sk| is NULL, it is treated as the empty list and the function returns
// zero.
//
// Note this differs from OpenSSL in that OpenSSL's version will implicitly
// sort |sk| if it has a comparison function defined.
int sk_SAMPLE_find(const STACK_OF(SAMPLE) *sk, const SAMPLE *p);
// sk_SAMPLE_find_awslc is like |sk_SAMPLE_find|, but if it finds a matching
// element, it writes the index to |*out_index| (if |out_index| is not NULL)
// and returns one. Otherwise, it returns zero.
int sk_SAMPLE_find_awslc(const STACK_OF(SAMPLE) *sk, size_t *out_index,
const SAMPLE *p);
// sk_SAMPLE_unshift inserts |p| as the first element of |sk| and takes
// ownership of |p|. It is equivalent to "sk_SAMPLE_insert(sk, p, 0)".
SAMPLE *sk_SAMPLE_unshift(STACK_OF(SAMPLE) *sk, SAMPLE *p);
// sk_SAMPLE_shift removes and returns the first element in |sk|, or NULL if
// |sk| is empty.
SAMPLE *sk_SAMPLE_shift(STACK_OF(SAMPLE) *sk);
// sk_SAMPLE_push appends |p| to |sk| and returns the length of the new stack,
// or 0 on allocation failure.
size_t sk_SAMPLE_push(STACK_OF(SAMPLE) *sk, SAMPLE *p);
// sk_SAMPLE_pop removes and returns the last element of |sk|, or NULL if |sk|
// is empty.
SAMPLE *sk_SAMPLE_pop(STACK_OF(SAMPLE) *sk);
// sk_SAMPLE_dup performs a shallow copy of a stack and returns the new stack,
// or NULL on error. Use |sk_SAMPLE_deep_copy| to also copy the elements.
STACK_OF(SAMPLE) *sk_SAMPLE_dup(const STACK_OF(SAMPLE) *sk);
// sk_SAMPLE_sort sorts the elements of |sk| into ascending order based on the
// comparison function. The stack maintains a "sorted" flag and sorting an
// already sorted stack is a no-op.
void sk_SAMPLE_sort(STACK_OF(SAMPLE) *sk);
// sk_SAMPLE_is_sorted returns one if |sk| is known to be sorted and zero
// otherwise.
int sk_SAMPLE_is_sorted(const STACK_OF(SAMPLE) *sk);
// sk_SAMPLE_set_cmp_func sets the comparison function to be used by |sk| and
// returns the previous one.
sk_SAMPLE_cmp_func sk_SAMPLE_set_cmp_func(STACK_OF(SAMPLE) *sk,
sk_SAMPLE_cmp_func comp);
// sk_SAMPLE_deep_copy performs a copy of |sk| and of each of the non-NULL
// elements in |sk| by using |copy_func|. If an error occurs, it calls
// |free_func| to free any copies already made and returns NULL.
STACK_OF(SAMPLE) *sk_SAMPLE_deep_copy(const STACK_OF(SAMPLE) *sk,
sk_SAMPLE_copy_func copy_func,
sk_SAMPLE_free_func free_func);
#endif // Sample
// Private functions.
//
// The |sk_*| functions generated above are implemented internally using the
// type-erased functions below. Callers should use the typed wrappers instead.
// When using the type-erased functions, callers are responsible for ensuring
// the underlying types are correct. Casting pointers to the wrong types will
// result in memory errors.
// OPENSSL_sk_free_func is a function that frees an element in a stack. Note its
// actual type is void (*)(T *) for some T. Low-level |sk_*| functions will be
// passed a type-specific wrapper to call it correctly.
typedef void (*OPENSSL_sk_free_func)(void *ptr);
// OPENSSL_sk_copy_func is a function that copies an element in a stack. Note
// its actual type is T *(*)(const T *) for some T. Low-level |sk_*| functions
// will be passed a type-specific wrapper to call it correctly.
typedef void *(*OPENSSL_sk_copy_func)(const void *ptr);
// OPENSSL_sk_cmp_func is a comparison function that returns a value < 0, 0 or >
// 0 if |*a| is less than, equal to or greater than |*b|, respectively. Note
// the extra indirection - the function is given a pointer to a pointer to the
// element. This differs from the usual qsort/bsearch comparison function.
//
// Note its actual type is |int (*)(const T *const *a, const T *const *b)|.
// Low-level |sk_*| functions will be passed a type-specific wrapper to call it
// correctly.
typedef int (*OPENSSL_sk_cmp_func)(const void *const *a, const void *const *b);
// OPENSSL_sk_delete_if_func is the generic version of
// |sk_SAMPLE_delete_if_func|.
typedef int (*OPENSSL_sk_delete_if_func)(void *obj, void *data);
// The following function types call the above type-erased signatures with the
// true types.
typedef void (*OPENSSL_sk_call_free_func)(OPENSSL_sk_free_func, void *);
typedef void *(*OPENSSL_sk_call_copy_func)(OPENSSL_sk_copy_func, const void *);
typedef int (*OPENSSL_sk_call_cmp_func)(OPENSSL_sk_cmp_func, const void *,
const void *);
typedef int (*OPENSSL_sk_call_delete_if_func)(OPENSSL_sk_delete_if_func, void *,
void *);
// An OPENSSL_STACK contains an array of pointers. It is not designed to be used
// directly, rather the wrapper macros should be used.
typedef struct stack_st OPENSSL_STACK;
// The following are raw stack functions. They implement the corresponding typed
// |sk_SAMPLE_*| functions generated by |DEFINE_STACK_OF|. Callers shouldn't be
// using them. Rather, callers should use the typed functions.
OPENSSL_EXPORT OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_cmp_func comp);
OPENSSL_EXPORT OPENSSL_STACK *OPENSSL_sk_new_null(void);
OPENSSL_EXPORT size_t OPENSSL_sk_num(const OPENSSL_STACK *sk);
OPENSSL_EXPORT void OPENSSL_sk_zero(OPENSSL_STACK *sk);
OPENSSL_EXPORT void *OPENSSL_sk_value(const OPENSSL_STACK *sk, size_t i);
OPENSSL_EXPORT void *OPENSSL_sk_set(OPENSSL_STACK *sk, size_t i, void *p);
OPENSSL_EXPORT void OPENSSL_sk_free(OPENSSL_STACK *sk);
OPENSSL_EXPORT void OPENSSL_sk_pop_free_ex(
OPENSSL_STACK *sk, OPENSSL_sk_call_free_func call_free_func,
OPENSSL_sk_free_func free_func);
OPENSSL_EXPORT size_t OPENSSL_sk_insert(OPENSSL_STACK *sk, void *p,
size_t where);
OPENSSL_EXPORT void *OPENSSL_sk_delete(OPENSSL_STACK *sk, size_t where);
OPENSSL_EXPORT void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *sk, const void *p);
OPENSSL_EXPORT void OPENSSL_sk_delete_if(
OPENSSL_STACK *sk, OPENSSL_sk_call_delete_if_func call_func,
OPENSSL_sk_delete_if_func func, void *data);
OPENSSL_EXPORT int OPENSSL_sk_find(const OPENSSL_STACK *sk, size_t *out_index,
const void *p,
OPENSSL_sk_call_cmp_func call_cmp_func);
OPENSSL_EXPORT int OPENSSL_sk_unshift(OPENSSL_STACK *sk, void *data);
OPENSSL_EXPORT void *OPENSSL_sk_shift(OPENSSL_STACK *sk);
OPENSSL_EXPORT size_t OPENSSL_sk_push(OPENSSL_STACK *sk, void *p);
OPENSSL_EXPORT void *OPENSSL_sk_pop(OPENSSL_STACK *sk);
OPENSSL_EXPORT OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk);
OPENSSL_EXPORT void OPENSSL_sk_sort(OPENSSL_STACK *sk,
OPENSSL_sk_call_cmp_func call_cmp_func);
OPENSSL_EXPORT int OPENSSL_sk_is_sorted(const OPENSSL_STACK *sk);
OPENSSL_EXPORT OPENSSL_sk_cmp_func
OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, OPENSSL_sk_cmp_func comp);
OPENSSL_EXPORT OPENSSL_STACK *OPENSSL_sk_deep_copy(
const OPENSSL_STACK *sk, OPENSSL_sk_call_copy_func call_copy_func,
OPENSSL_sk_copy_func copy_func, OPENSSL_sk_call_free_func call_free_func,
OPENSSL_sk_free_func free_func);
// Deprecated private functions (hidden).
//
// TODO(crbug.com/boringssl/499): Migrate callers to the typed wrappers, or at
// least the new names and remove the old ones.
typedef OPENSSL_STACK _STACK;
OPENSSL_INLINE OPENSSL_STACK *sk_new_null(void) {
return OPENSSL_sk_new_null();
}
OPENSSL_INLINE size_t sk_num(const OPENSSL_STACK *sk) {
return OPENSSL_sk_num(sk);
}
OPENSSL_INLINE void *sk_value(const OPENSSL_STACK *sk, size_t i) {
return OPENSSL_sk_value(sk, i);
}
OPENSSL_INLINE void sk_free(OPENSSL_STACK *sk) { OPENSSL_sk_free(sk); }
OPENSSL_INLINE size_t sk_push(OPENSSL_STACK *sk, void *p) {
return OPENSSL_sk_push(sk, p);
}
OPENSSL_INLINE void *sk_pop(OPENSSL_STACK *sk) { return OPENSSL_sk_pop(sk); }
// sk_pop_free behaves like |sk_pop_free_ex| but performs an invalid function
// pointer cast. It exists because some existing callers called |sk_pop_free|
// directly.
//
// TODO(davidben): Migrate callers to bssl::UniquePtr and remove this.
OPENSSL_EXPORT void sk_pop_free(OPENSSL_STACK *sk,
OPENSSL_sk_free_func free_func);
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
BSSL_NAMESPACE_BEGIN
namespace internal {
template <typename T>
struct StackTraits {};
}
BSSL_NAMESPACE_END
}
#define BORINGSSL_DEFINE_STACK_TRAITS(name, type, is_const) \
extern "C++" { \
BSSL_NAMESPACE_BEGIN \
namespace internal { \
template <> \
struct StackTraits<STACK_OF(name)> { \
static constexpr bool kIsStack = true; \
using Type = type; \
static constexpr bool kIsConst = is_const; \
}; \
} \
BSSL_NAMESPACE_END \
}
#else
#define BORINGSSL_DEFINE_STACK_TRAITS(name, type, is_const)
#endif
#define BORINGSSL_DEFINE_STACK_OF_IMPL(name, ptrtype, constptrtype) \
/* We disable MSVC C4191 in this macro, which warns when pointers are cast \
* to the wrong type. While the cast itself is valid, it is often a bug \
* because calling it through the cast is UB. However, we never actually \
* call functions as |OPENSSL_sk_cmp_func|. The type is just a type-erased \
* function pointer. (C does not guarantee function pointers fit in \
* |void*|, and GCC will warn on this.) Thus we just disable the false \
* positive warning. */ \
OPENSSL_MSVC_PRAGMA(warning(push)) \
OPENSSL_MSVC_PRAGMA(warning(disable : 4191)) \
OPENSSL_CLANG_PRAGMA("clang diagnostic push") \
OPENSSL_CLANG_PRAGMA("clang diagnostic ignored \"-Wunknown-warning-option\"") \
OPENSSL_CLANG_PRAGMA("clang diagnostic ignored \"-Wcast-function-type-strict\"") \
\
DECLARE_STACK_OF(name) \
\
typedef void (*sk_##name##_free_func)(ptrtype); \
typedef ptrtype (*sk_##name##_copy_func)(constptrtype); \
typedef int (*sk_##name##_cmp_func)(constptrtype const *, \
constptrtype const *); \
typedef int (*sk_##name##_delete_if_func)(ptrtype, void *); \
\
OPENSSL_INLINE void sk_##name##_call_free_func( \
OPENSSL_sk_free_func free_func, void *ptr) { \
((sk_##name##_free_func)free_func)((ptrtype)ptr); \
} \
\
OPENSSL_INLINE void *sk_##name##_call_copy_func( \
OPENSSL_sk_copy_func copy_func, const void *ptr) { \
return (void *)((sk_##name##_copy_func)copy_func)((constptrtype)ptr); \
} \
\
OPENSSL_INLINE int sk_##name##_call_cmp_func(OPENSSL_sk_cmp_func cmp_func, \
const void *a, const void *b) { \
constptrtype a_ptr = (constptrtype)a; \
constptrtype b_ptr = (constptrtype)b; \
/* |cmp_func| expects an extra layer of pointers to match qsort. */ \
return ((sk_##name##_cmp_func)cmp_func)(&a_ptr, &b_ptr); \
} \
\
OPENSSL_INLINE int sk_##name##_call_delete_if_func( \
OPENSSL_sk_delete_if_func func, void *obj, void *data) { \
return ((sk_##name##_delete_if_func)func)((ptrtype)obj, data); \
} \
\
OPENSSL_INLINE STACK_OF(name) *sk_##name##_new(sk_##name##_cmp_func comp) { \
return (STACK_OF(name) *)OPENSSL_sk_new((OPENSSL_sk_cmp_func)comp); \
} \
\
OPENSSL_INLINE STACK_OF(name) *sk_##name##_new_null(void) { \
return (STACK_OF(name) *)OPENSSL_sk_new_null(); \
} \
\
OPENSSL_INLINE size_t sk_##name##_num(const STACK_OF(name) *sk) { \
return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \
} \
\
OPENSSL_INLINE void sk_##name##_zero(STACK_OF(name) *sk) { \
OPENSSL_sk_zero((OPENSSL_STACK *)sk); \
} \
\
OPENSSL_INLINE ptrtype sk_##name##_value(const STACK_OF(name) *sk, \
size_t i) { \
return (ptrtype)OPENSSL_sk_value((const OPENSSL_STACK *)sk, i); \
} \
\
OPENSSL_INLINE ptrtype sk_##name##_set(STACK_OF(name) *sk, size_t i, \
ptrtype p) { \
return (ptrtype)OPENSSL_sk_set((OPENSSL_STACK *)sk, i, (void *)p); \
} \
\
OPENSSL_INLINE void sk_##name##_free(STACK_OF(name) *sk) { \
OPENSSL_sk_free((OPENSSL_STACK *)sk); \
} \
\
OPENSSL_INLINE void sk_##name##_pop_free(STACK_OF(name) *sk, \
sk_##name##_free_func free_func) { \
OPENSSL_sk_pop_free_ex((OPENSSL_STACK *)sk, sk_##name##_call_free_func, \
(OPENSSL_sk_free_func)free_func); \
} \
\
OPENSSL_INLINE size_t sk_##name##_insert(STACK_OF(name) *sk, ptrtype p, \
size_t where) { \
return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (void *)p, where); \
} \
\
OPENSSL_INLINE ptrtype sk_##name##_delete(STACK_OF(name) *sk, \
size_t where) { \
return (ptrtype)OPENSSL_sk_delete((OPENSSL_STACK *)sk, where); \
} \
\
OPENSSL_INLINE ptrtype sk_##name##_delete_ptr(STACK_OF(name) *sk, \
constptrtype p) { \
return (ptrtype)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \
(const void *)p); \
} \
\
OPENSSL_INLINE void sk_##name##_delete_if( \
STACK_OF(name) *sk, sk_##name##_delete_if_func func, void *data) { \
OPENSSL_sk_delete_if((OPENSSL_STACK *)sk, sk_##name##_call_delete_if_func, \
(OPENSSL_sk_delete_if_func)func, data); \
} \
\
/* use 3-arg sk_*_find_awslc when size_t-sized |out_index| needed */ \
OPENSSL_INLINE int sk_##name##_find_awslc(const STACK_OF(name) *sk, \
size_t *out_index, constptrtype p) { \
return OPENSSL_sk_find((const OPENSSL_STACK *)sk, out_index, \
(const void *)p, sk_##name##_call_cmp_func); \
} \
\
/* use 2-arg sk_*_find for OpenSSL compatibility */ \
OPENSSL_INLINE int sk_##name##_find(const STACK_OF(name) *sk, \
constptrtype p) { \
size_t out_index = 0; \
int ok = OPENSSL_sk_find((const OPENSSL_STACK *)sk, &out_index, \
(const void *)p, sk_##name##_call_cmp_func); \
/* return -1 if elt not found or elt index is invalid */ \
if (ok == 0 || out_index > INT_MAX) { \
return -1; \
} \
return (int) out_index; \
} \
\
OPENSSL_INLINE int sk_##name##_unshift(STACK_OF(name) *sk, ptrtype p) { \
return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (void *)p); \
} \
\
OPENSSL_INLINE ptrtype sk_##name##_shift(STACK_OF(name) *sk) { \
return (ptrtype)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \
} \
\
OPENSSL_INLINE size_t sk_##name##_push(STACK_OF(name) *sk, ptrtype p) { \
return OPENSSL_sk_push((OPENSSL_STACK *)sk, (void *)p); \
} \
\
OPENSSL_INLINE ptrtype sk_##name##_pop(STACK_OF(name) *sk) { \
return (ptrtype)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \
} \
\
OPENSSL_INLINE STACK_OF(name) *sk_##name##_dup(const STACK_OF(name) *sk) { \
return (STACK_OF(name) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \
} \
\
OPENSSL_INLINE void sk_##name##_sort(STACK_OF(name) *sk) { \
OPENSSL_sk_sort((OPENSSL_STACK *)sk, sk_##name##_call_cmp_func); \
} \
\
OPENSSL_INLINE int sk_##name##_is_sorted(const STACK_OF(name) *sk) { \
return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \
} \
\
OPENSSL_INLINE sk_##name##_cmp_func sk_##name##_set_cmp_func( \
STACK_OF(name) *sk, sk_##name##_cmp_func comp) { \
return (sk_##name##_cmp_func)OPENSSL_sk_set_cmp_func( \
(OPENSSL_STACK *)sk, (OPENSSL_sk_cmp_func)comp); \
} \
\
OPENSSL_INLINE STACK_OF(name) *sk_##name##_deep_copy( \
const STACK_OF(name) *sk, sk_##name##_copy_func copy_func, \
sk_##name##_free_func free_func) { \
return (STACK_OF(name) *)OPENSSL_sk_deep_copy( \
(const OPENSSL_STACK *)sk, sk_##name##_call_copy_func, \
(OPENSSL_sk_copy_func)copy_func, sk_##name##_call_free_func, \
(OPENSSL_sk_free_func)free_func); \
} \
\
OPENSSL_CLANG_PRAGMA("clang diagnostic pop") \
OPENSSL_MSVC_PRAGMA(warning(pop))
// Built-in stacks.
typedef char *OPENSSL_STRING;
DEFINE_STACK_OF(void)
DEFINE_NAMED_STACK_OF(OPENSSL_STRING, char)
#if defined(__cplusplus)
} // extern C
#endif
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
#include <type_traits>
BSSL_NAMESPACE_BEGIN
namespace internal {
// Stacks defined with |DEFINE_CONST_STACK_OF| are freed with |sk_free|.
template <typename Stack>
struct DeleterImpl<
Stack, typename std::enable_if<StackTraits<Stack>::kIsConst>::type> {
static void Free(Stack *sk) { OPENSSL_sk_free(reinterpret_cast<OPENSSL_STACK *>(sk)); }
};
// Stacks defined with |DEFINE_STACK_OF| are freed with |sk_pop_free| and the
// corresponding type's deleter.
template <typename Stack>
struct DeleterImpl<
Stack, typename std::enable_if<!StackTraits<Stack>::kIsConst>::type> {
static void Free(Stack *sk) {
// sk_FOO_pop_free is defined by macros and bound by name, so we cannot
// access it from C++ here.
using Type = typename StackTraits<Stack>::Type;
OPENSSL_sk_pop_free_ex(
reinterpret_cast<OPENSSL_STACK *>(sk),
[](OPENSSL_sk_free_func /* unused */, void *ptr) {
DeleterImpl<Type>::Free(reinterpret_cast<Type *>(ptr));
},
nullptr);
}
};
template <typename Stack>
class StackIteratorImpl {
public:
using Type = typename StackTraits<Stack>::Type;
// Iterators must be default-constructable.
StackIteratorImpl() : sk_(nullptr), idx_(0) {}
StackIteratorImpl(const Stack *sk, size_t idx) : sk_(sk), idx_(idx) {}
bool operator==(StackIteratorImpl other) const {
return sk_ == other.sk_ && idx_ == other.idx_;
}
bool operator!=(StackIteratorImpl other) const {
return !(*this == other);
}
Type *operator*() const {
return reinterpret_cast<Type *>(
OPENSSL_sk_value(reinterpret_cast<const OPENSSL_STACK *>(sk_), idx_));
}
StackIteratorImpl &operator++(/* prefix */) {
idx_++;
return *this;
}
StackIteratorImpl operator++(int /* postfix */) {
StackIteratorImpl copy(*this);
++(*this);
return copy;
}
private:
const Stack *sk_;
size_t idx_;
};
template <typename Stack>
using StackIterator = typename std::enable_if<StackTraits<Stack>::kIsStack,
StackIteratorImpl<Stack>>::type;
} // namespace internal
// PushToStack pushes |elem| to |sk|. It returns true on success and false on
// allocation failure.
template <typename Stack>
inline
typename std::enable_if<!internal::StackTraits<Stack>::kIsConst, bool>::type
PushToStack(Stack *sk,
UniquePtr<typename internal::StackTraits<Stack>::Type> elem) {
if (!OPENSSL_sk_push(reinterpret_cast<OPENSSL_STACK *>(sk), elem.get())) {
return false;
}
// OPENSSL_sk_push takes ownership on success.
elem.release();
return true;
}
BSSL_NAMESPACE_END
// Define begin() and end() for stack types so C++ range for loops work.
template <typename Stack>
inline bssl::internal::StackIterator<Stack> begin(const Stack *sk) {
return bssl::internal::StackIterator<Stack>(sk, 0);
}
template <typename Stack>
inline bssl::internal::StackIterator<Stack> end(const Stack *sk) {
return bssl::internal::StackIterator<Stack>(
sk, OPENSSL_sk_num(reinterpret_cast<const OPENSSL_STACK *>(sk)));
}
} // extern C++
#endif
#endif // OPENSSL_HEADER_STACK_H

236
vendor/aws-lc-sys/aws-lc/include/openssl/target.h vendored Normal file
View File

@@ -0,0 +1,236 @@
// Copyright (c) 2023, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_TARGET_H
#define OPENSSL_HEADER_TARGET_H
// Preprocessor symbols that define the target platform.
//
// This file may be included in C, C++, and assembler and must be compatible
// with each environment. It is separated out only to share code between
// <openssl/base.h> and <openssl/asm_base.h>. Prefer to include those headers
// instead.
#if defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__)
# if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
# define OPENSSL_BIG_ENDIAN
# endif
#elif !defined(_MSC_VER) && defined(__has_include)
# if __has_include(<endian.h>)
# include <endian.h>
# elif __has_include(<sys/param.h>)
# include <sys/param.h>
# endif
# if (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && __BYTE_ORDER == __BIG_ENDIAN) || \
(defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && _BYTE_ORDER == _BIG_ENDIAN) || \
(defined(BYTE_ORDER) && defined(BIG_ENDIAN) && BYTE_ORDER == BIG_ENDIAN)
# define OPENSSL_BIG_ENDIAN
# endif
#elif defined(_M_PPC)
# define OPENSSL_BIG_ENDIAN
#endif
#if (defined(__SIZEOF_POINTER__) && __SIZEOF_POINTER__ == 8) || defined(__LP64__) || defined(_WIN64)
#define OPENSSL_64_BIT
#else
#define OPENSSL_32_BIT
#endif
#if defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64)
#define OPENSSL_X86_64
#elif defined(__x86) || defined(__i386) || defined(__i386__) || defined(_M_IX86)
#define OPENSSL_X86
#elif defined(__AARCH64EL__) || defined(_M_ARM64)
#define OPENSSL_AARCH64
#elif defined(__ARMEL__) || defined(_M_ARM)
#define OPENSSL_ARM
#elif defined(OPENSSL_64_BIT) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC) || \
defined(__PPC__) || defined(__ppc64__) || defined(__PPC64__) || defined(_ARCH_PPC64) || \
defined(__ppc64le__) || defined(__powerpc64__) || defined(_M_PPC))
# if defined(OPENSSL_BIG_ENDIAN)
# define OPENSSL_PPC64BE
# else
# define OPENSSL_PPC64LE
# endif
#elif defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC) || defined(__PPC__) || defined(_M_PPC)
# if defined(OPENSSL_BIG_ENDIAN)
# define OPENSSL_PPC32BE
# else
# define OPENSSL_PPC32LE
# endif
#elif defined(__s390x__)
#define OPENSSL_S390X
#elif defined(__sparc__)
#define OPENSSL_SPARCV9
#elif defined(__MIPSEL__) || defined(__MIPSEB__)
# if defined(OPENSSL_64_BIT)
# define OPENSSL_MIPS64
# else
# define OPENSSL_MIPS
# endif
#elif defined(__riscv)
# if defined(OPENSSL_64_BIT)
# define OPENSSL_RISCV64
# endif
#elif defined(__loongarch_lp64)
#define OPENSSL_LOONGARCH64
#elif defined(__pnacl__)
#define OPENSSL_PNACL
#elif defined(__wasm__)
#define OPENSSL_WASM
#elif defined(__asmjs__) // Allowed but no macro defined
#elif defined(__myriad2__) // Allowed but no macro defined
#else
// Run the crypto_test binary, notably crypto/compiler_test.cc, before adding
// a new architecture.
#error "Unknown target CPU"
#endif
#if defined(__APPLE__)
#define OPENSSL_APPLE
// Note |TARGET_OS_MAC| is set for all Apple OS variants. |TARGET_OS_OSX|
// targets macOS specifically.
#if defined(TARGET_OS_OSX) && TARGET_OS_OSX
#define OPENSSL_MACOS
#endif
#if defined(TARGET_OS_IPHONE) && TARGET_OS_IPHONE
#define OPENSSL_IOS
#endif
#endif
#if defined(_WIN32)
#define OPENSSL_WINDOWS
#endif
// Android baremetal aren't Linux but currently define __linux__.
// As a workaround, we exclude them here.
// We also exclude nanolibc/CrOS EC/Zephyr. nanolibc/CrOS EC/Zephyr
// sometimes build for a non-Linux target (which should not define __linux__),
// but also sometimes build for Linux. Although technically running in Linux
// userspace, this lacks all the libc APIs we'd normally expect on Linux, so we
// treat it as a non-Linux target.
//
// TODO(b/291101350): Remove this workaround once Android baremetal no longer
// defines it.
#if defined(__linux__) && \
!defined(ANDROID_BAREMETAL) && !defined(OPENSSL_NANOLIBC) && \
!defined(CROS_EC) && !defined(CROS_ZEPHYR)
#define OPENSSL_LINUX
#endif
// nanolibc is a particular minimal libc implementation. Defining this on any
// other platform is not supported. Other embedded platforms must introduce
// their own defines.
#if defined(OPENSSL_NANOLIBC)
#define OPENSSL_NO_FILESYSTEM
#define OPENSSL_NO_POSIX_IO
#define OPENSSL_NO_SOCK
#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED
#endif
// Android baremetal is an embedded target that uses a subset of bionic.
// Defining this on any other platform is not supported. Other embedded
// platforms must introduce their own defines.
#if defined(ANDROID_BAREMETAL)
#define OPENSSL_NO_FILESYSTEM
#define OPENSSL_NO_POSIX_IO
#define OPENSSL_NO_SOCK
#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED
#endif
// CROS_EC is an embedded target for ChromeOS Embedded Controller. Defining
// this on any other platform is not supported. Other embedded platforms must
// introduce their own defines.
//
// https://chromium.googlesource.com/chromiumos/platform/ec/+/HEAD/README.md
#if defined(CROS_EC)
#define OPENSSL_NO_FILESYSTEM
#define OPENSSL_NO_POSIX_IO
#define OPENSSL_NO_SOCK
#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED
#endif
// CROS_ZEPHYR is an embedded target for ChromeOS Zephyr Embedded Controller.
// Defining this on any other platform is not supported. Other embedded
// platforms must introduce their own defines.
//
// https://chromium.googlesource.com/chromiumos/platform/ec/+/HEAD/docs/zephyr/README.md
#if defined(CROS_ZEPHYR)
#define OPENSSL_NO_FILESYSTEM
#define OPENSSL_NO_POSIX_IO
#define OPENSSL_NO_SOCK
#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED
#endif
#if defined(__ANDROID_API__)
#define OPENSSL_ANDROID
#endif
#if defined(__FreeBSD__)
#define OPENSSL_FREEBSD
#endif
#if defined(__OpenBSD__)
#define OPENSSL_OPENBSD
#endif
#if defined(__NetBSD__)
#define OPENSSL_NETBSD
#endif
#if defined(__illumos__) || (defined(__sun) && defined(__SVR4))
#define OPENSSL_SOLARIS
#endif
// BoringSSL requires platform's locking APIs to make internal global state
// thread-safe, including the PRNG. On some single-threaded embedded platforms,
// locking APIs may not exist, so this dependency may be disabled with the
// following build flag.
//
// IMPORTANT: Doing so means the consumer promises the library will never be
// used in any multi-threaded context. It causes BoringSSL to be globally
// thread-unsafe. Setting it inappropriately will subtly and unpredictably
// corrupt memory and leak secret keys.
//
// Do not set this flag on any platform where threads are possible. BoringSSL
// maintainers will not provide support for any consumers that do so. Changes
// which break such unsupported configurations will not be reverted.
#if !defined(OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED)
#define OPENSSL_THREADS
#endif
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) && \
!defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
#define BORINGSSL_UNSAFE_DETERMINISTIC_MODE
#endif
#if defined(__has_feature)
#if __has_feature(address_sanitizer)
#define OPENSSL_ASAN
#endif
#if __has_feature(thread_sanitizer)
#define OPENSSL_TSAN
#endif
#if __has_feature(memory_sanitizer)
#define OPENSSL_MSAN
#define OPENSSL_ASM_INCOMPATIBLE
#endif
#if __has_feature(hwaddress_sanitizer)
#define OPENSSL_HWASAN
#endif
#endif
// Disable 32-bit Arm assembly on Apple platforms. The last iOS version that
// supported 32-bit Arm was iOS 10.
#if defined(OPENSSL_APPLE) && defined(OPENSSL_ARM)
#define OPENSSL_ASM_INCOMPATIBLE
#endif
#if defined(OPENSSL_ASM_INCOMPATIBLE)
#undef OPENSSL_ASM_INCOMPATIBLE
#if !defined(OPENSSL_NO_ASM)
#define OPENSSL_NO_ASM
#endif
#endif // OPENSSL_ASM_INCOMPATIBLE
#endif // OPENSSL_HEADER_TARGET_H

158
vendor/aws-lc-sys/aws-lc/include/openssl/thread.h vendored Normal file
View File

@@ -0,0 +1,158 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_THREAD_H
#define OPENSSL_HEADER_THREAD_H
#include <sys/types.h>
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
#if !defined(OPENSSL_THREADS)
typedef struct crypto_mutex_st {
char padding; // Empty structs have different sizes in C and C++.
} CRYPTO_MUTEX;
#elif defined(OPENSSL_WINDOWS)
// CRYPTO_MUTEX can appear in public header files so we really don't want to
// pull in windows.h. It's statically asserted that this structure is large
// enough to contain a Windows SRWLOCK by thread_win.c.
typedef union crypto_mutex_st {
void *handle;
} CRYPTO_MUTEX;
#elif !defined(__GLIBC__)
#if defined(OPENSSL_OPENBSD)
#include <pthread.h>
#endif
typedef pthread_rwlock_t CRYPTO_MUTEX;
#else
// On glibc, |pthread_rwlock_t| is hidden under feature flags, and we can't
// ensure that we'll be able to get it from a public header. It's statically
// asserted that this structure is large enough to contain a |pthread_rwlock_t|
// by thread_pthread.c.
typedef union crypto_mutex_st {
double alignment;
uint8_t padding[3 * sizeof(int) + 5 * sizeof(unsigned) + 16 + 8];
} CRYPTO_MUTEX;
#endif
// CRYPTO_refcount_t is the type of a reference count.
//
// Since some platforms use C11 atomics to access this, it should have the
// _Atomic qualifier. However, this header is included by C++ programs as well
// as C code that might not set -std=c11. So, in practice, it's not possible to
// do that. Instead we statically assert that the size and native alignment of
// a plain uint32_t and an _Atomic uint32_t are equal in refcount_c11.c.
typedef uint32_t CRYPTO_refcount_t;
// AWSLC_thread_local_clear destructs AWS-LC-related thread-local data.
// If no other AWS-LC function is subsequently called on this thread prior to
// its termination, our internal thread-local destructor function will not be
// invoked. If performed on all active threads, this may allow a shared
// AWS-LC library to be unloaded safely via |dlclose|.
OPENSSL_EXPORT int AWSLC_thread_local_clear(void);
// AWSLC_thread_local_shutdown deletes the key used to track thread-local data.
// This function is not thread-safe. It is needed to avoid leaking resources in
// consumers that use |dlopen|/|dlclose| to access the AWS-LC shared library.
// It should be called prior to |dlclose| after all other threads have completed
// calls to |AWSLC_thread_local_clear|.
OPENSSL_EXPORT int AWSLC_thread_local_shutdown(void);
// General No-op Functions [Deprecated].
//
// Historically, OpenSSL required callers to provide locking callbacks.
// BoringSSL is thread-safe by default, but some old code calls these functions
// and so no-op implementations are provided.
// These defines do nothing but are provided to make old code easier to
// compile.
#define CRYPTO_LOCK 1
#define CRYPTO_UNLOCK 2
#define CRYPTO_READ 4
#define CRYPTO_WRITE 8
// CRYPTO_num_locks returns one. (This is non-zero that callers who allocate
// sizeof(lock) times this value don't get zero and then fail because malloc(0)
// returned NULL.)
OPENSSL_EXPORT OPENSSL_DEPRECATED int CRYPTO_num_locks(void);
// CRYPTO_set_locking_callback does nothing.
OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_set_locking_callback(
void (*func)(int mode, int lock_num, const char *file, int line));
// CRYPTO_set_add_lock_callback does nothing.
OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_set_add_lock_callback(int (*func)(
int *num, int amount, int lock_num, const char *file, int line));
// CRYPTO_get_locking_callback returns NULL.
OPENSSL_EXPORT OPENSSL_DEPRECATED void (*CRYPTO_get_locking_callback(void))(
int mode, int lock_num, const char *file, int line);
// CRYPTO_get_lock_name returns a fixed, dummy string.
OPENSSL_EXPORT OPENSSL_DEPRECATED const char *CRYPTO_get_lock_name(
int lock_num);
// CRYPTO_THREADID_set_callback returns one.
OPENSSL_EXPORT OPENSSL_DEPRECATED int CRYPTO_THREADID_set_callback(
void (*threadid_func)(CRYPTO_THREADID *threadid));
// CRYPTO_THREADID_set_numeric does nothing.
OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_THREADID_set_numeric(
CRYPTO_THREADID *id, unsigned long val);
// CRYPTO_THREADID_set_pointer does nothing.
OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_THREADID_set_pointer(
CRYPTO_THREADID *id, void *ptr);
// CRYPTO_THREADID_current does nothing.
OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_THREADID_current(
CRYPTO_THREADID *id);
// CRYPTO_set_id_callback does nothing.
OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_set_id_callback(
unsigned long (*func)(void));
typedef struct {
int references;
struct CRYPTO_dynlock_value *data;
} CRYPTO_dynlock;
// CRYPTO_set_dynlock_create_callback does nothing.
OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_set_dynlock_create_callback(
struct CRYPTO_dynlock_value *(*dyn_create_function)(const char *file,
int line));
// CRYPTO_set_dynlock_lock_callback does nothing.
OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_set_dynlock_lock_callback(
void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value *l,
const char *file, int line));
// CRYPTO_set_dynlock_destroy_callback does nothing.
OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_set_dynlock_destroy_callback(
void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l,
const char *file, int line));
// CRYPTO_get_dynlock_create_callback returns NULL.
OPENSSL_EXPORT OPENSSL_DEPRECATED struct CRYPTO_dynlock_value *(
*CRYPTO_get_dynlock_create_callback(void))(const char *file, int line);
// CRYPTO_get_dynlock_lock_callback returns NULL.
OPENSSL_EXPORT OPENSSL_DEPRECATED void (*CRYPTO_get_dynlock_lock_callback(
void))(int mode, struct CRYPTO_dynlock_value *l, const char *file,
int line);
// CRYPTO_get_dynlock_destroy_callback returns NULL.
OPENSSL_EXPORT OPENSSL_DEPRECATED void (*CRYPTO_get_dynlock_destroy_callback(
void))(struct CRYPTO_dynlock_value *l, const char *file, int line);
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_THREAD_H

11
vendor/aws-lc-sys/aws-lc/include/openssl/time.h vendored Normal file
View File

@@ -0,0 +1,11 @@
// Copyright (c) 2024, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_TIME_H
#define OPENSSL_HEADER_TIME_H
// Compatibility header, to be deprecated. use <openssl/posix_time.h> instead.
#include <openssl/posix_time.h>
#endif // OPENSSL_HEADER_TIME_H

524
vendor/aws-lc-sys/aws-lc/include/openssl/tls1.h vendored Normal file
View File

@@ -0,0 +1,524 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
// Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
// Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
// Copyright 2005 Nokia. All rights reserved.
//
// ECC cipher suite support in OpenSSL originally written by
// Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories
//
// The Contribution, originally written by Mika Kousa and Pasi Eronen of
// Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
// support (see RFC 4279) to OpenSSL.
//
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_TLS1_H
#define OPENSSL_HEADER_TLS1_H
#include <openssl/base.h>
#ifdef __cplusplus
extern "C" {
#endif
#define TLS1_AD_END_OF_EARLY_DATA 1
#define TLS1_AD_DECRYPTION_FAILED 21
#define TLS1_AD_RECORD_OVERFLOW 22
#define TLS1_AD_UNKNOWN_CA 48
#define TLS1_AD_ACCESS_DENIED 49
#define TLS1_AD_DECODE_ERROR 50
#define TLS1_AD_DECRYPT_ERROR 51
#define TLS1_AD_EXPORT_RESTRICTION 60
#define TLS1_AD_PROTOCOL_VERSION 70
#define TLS1_AD_INSUFFICIENT_SECURITY 71
#define TLS1_AD_INTERNAL_ERROR 80
#define TLS1_AD_USER_CANCELLED 90
#define TLS1_AD_NO_RENEGOTIATION 100
#define TLS1_AD_MISSING_EXTENSION 109
#define TLS1_AD_UNSUPPORTED_EXTENSION 110
#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
#define TLS1_AD_UNRECOGNIZED_NAME 112
#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115
#define TLS1_AD_CERTIFICATE_REQUIRED 116
#define TLS1_AD_NO_APPLICATION_PROTOCOL 120
#define TLS1_AD_ECH_REQUIRED 121 // draft-ietf-tls-esni-13
// ExtensionType values from RFC 6066
#define TLSEXT_TYPE_server_name 0
#define TLSEXT_TYPE_status_request 5
// ExtensionType values from RFC 4492
#define TLSEXT_TYPE_ec_point_formats 11
// ExtensionType values from RFC 5246
#define TLSEXT_TYPE_signature_algorithms 13
// ExtensionType value from RFC 5764
#define TLSEXT_TYPE_srtp 14
// ExtensionType value from RFC 7301
#define TLSEXT_TYPE_application_layer_protocol_negotiation 16
// ExtensionType value from RFC 7685
#define TLSEXT_TYPE_padding 21
// ExtensionType value from RFC 7627
#define TLSEXT_TYPE_extended_master_secret 23
// ExtensionType value from draft-ietf-quic-tls. Drafts 00 through 32 use
// 0xffa5 which is part of the Private Use section of the registry, and it
// collides with TLS-LTS and, based on scans, something else too (though this
// hasn't been a problem in practice since it's QUIC-only). Drafts 33 onward
// use the value 57 which was officially registered with IANA.
#define TLSEXT_TYPE_quic_transport_parameters_legacy 0xffa5
// ExtensionType value from RFC 9000
#define TLSEXT_TYPE_quic_transport_parameters 57
// TLSEXT_TYPE_quic_transport_parameters_standard is an alias for
// |TLSEXT_TYPE_quic_transport_parameters|. Use
// |TLSEXT_TYPE_quic_transport_parameters| instead.
#define TLSEXT_TYPE_quic_transport_parameters_standard \
TLSEXT_TYPE_quic_transport_parameters
// ExtensionType value from RFC 8879
#define TLSEXT_TYPE_cert_compression 27
// ExtensionType value from RFC 4507
#define TLSEXT_TYPE_session_ticket 35
// ExtensionType values from RFC 8446
#define TLSEXT_TYPE_supported_groups 10
#define TLSEXT_TYPE_pre_shared_key 41
#define TLSEXT_TYPE_early_data 42
#define TLSEXT_TYPE_supported_versions 43
#define TLSEXT_TYPE_cookie 44
#define TLSEXT_TYPE_psk_key_exchange_modes 45
#define TLSEXT_TYPE_certificate_authorities 47
#define TLSEXT_TYPE_signature_algorithms_cert 50
#define TLSEXT_TYPE_key_share 51
// ExtensionType value from RFC 5746
#define TLSEXT_TYPE_renegotiate 0xff01
// ExtensionType value from RFC 9345
#define TLSEXT_TYPE_delegated_credential 34
// ExtensionType value from draft-vvv-tls-alps. This is not an IANA defined
// extension number.
#define TLSEXT_TYPE_application_settings_old 17513
#define TLSEXT_TYPE_application_settings 17613
// ExtensionType values from draft-ietf-tls-esni-13. This is not an IANA defined
// extension number.
#define TLSEXT_TYPE_encrypted_client_hello 0xfe0d
#define TLSEXT_TYPE_ech_outer_extensions 0xfd00
// ExtensionType value from RFC 6962
#define TLSEXT_TYPE_certificate_timestamp 18
// This is not an IANA defined extension number
#define TLSEXT_TYPE_next_proto_neg 13172
// This is not an IANA defined extension number
#define TLSEXT_TYPE_channel_id 30032
// status request value from RFC 3546
#define TLSEXT_STATUSTYPE_nothing (-1)
#define TLSEXT_STATUSTYPE_ocsp 1
// ECPointFormat values from RFC 4492
#define TLSEXT_ECPOINTFORMAT_uncompressed 0
#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1
// Signature and hash algorithms from RFC 5246
#define TLSEXT_signature_anonymous 0
#define TLSEXT_signature_rsa 1
#define TLSEXT_signature_dsa 2
#define TLSEXT_signature_ecdsa 3
#define TLSEXT_hash_none 0
#define TLSEXT_hash_md5 1
#define TLSEXT_hash_sha1 2
#define TLSEXT_hash_sha224 3
#define TLSEXT_hash_sha256 4
#define TLSEXT_hash_sha384 5
#define TLSEXT_hash_sha512 6
// From https://www.rfc-editor.org/rfc/rfc8879.html#section-3
#define TLSEXT_cert_compression_zlib 1
#define TLSEXT_cert_compression_brotli 2
#define TLSEXT_MAXLEN_host_name 255
// PSK ciphersuites from 4279
#define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A
#define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B
#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C
#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D
// PSK ciphersuites from RFC 5489
#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035
#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036
// Additional TLS ciphersuites from expired Internet Draft
// draft-ietf-tls-56-bit-ciphersuites-01.txt
// (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
// s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably
// shouldn't. Note that the first two are actually not in the IDs.
#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 // not in ID
#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 // not in ID
#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062
#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063
#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064
#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
// AES ciphersuites from RFC 3268
#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030
#define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031
#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032
#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033
#define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034
#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035
#define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036
#define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037
#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038
#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
// TLS v1.2 ciphersuites
#define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B
#define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C
#define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D
#define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E
#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F
#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040
// Camellia ciphersuites from RFC 4132
#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043
#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044
#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045
#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046
// TLS v1.2 ciphersuites
#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067
#define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068
#define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069
#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A
#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B
#define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C
#define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D
// Camellia ciphersuites from RFC 4132
#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087
#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088
#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089
// SEED ciphersuites from RFC 4162
#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096
#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097
#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098
#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099
#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
// TLS v1.2 GCM ciphersuites from RFC 5288
#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C
#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D
#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E
#define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F
#define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0
#define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1
#define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2
#define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3
#define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4
#define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5
#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6
#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7
// ECC ciphersuites from RFC 4492
#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003
#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004
#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005
#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006
#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007
#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A
#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B
#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C
#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D
#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E
#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F
#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010
#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011
#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012
#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013
#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014
#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015
#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016
#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017
#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
// SRP ciphersuites from RFC 5054
#define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A
#define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B
#define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C
#define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D
#define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E
#define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F
#define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020
#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021
#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022
// ECDH HMAC based ciphersuites from RFC 5289
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024
#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025
#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026
#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027
#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028
#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029
#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A
// ECDH GCM based ciphersuites from RFC 5289
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C
#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D
#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E
#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F
#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030
#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031
#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032
// ChaCha20-Poly1305 cipher suites from RFC 7905.
#define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0x0300CCA8
#define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0x0300CCA9
#define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0x0300CCAC
// TLS 1.3 ciphersuites from RFC 8446.
#define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301
#define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302
#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303
// The following constants are legacy aliases of |TLS1_3_CK_*|.
// TODO(davidben): Migrate callers to the new name and remove these.
#define TLS1_CK_AES_128_GCM_SHA256 TLS1_3_CK_AES_128_GCM_SHA256
#define TLS1_CK_AES_256_GCM_SHA384 TLS1_3_CK_AES_256_GCM_SHA384
#define TLS1_CK_CHACHA20_POLY1305_SHA256 TLS1_3_CK_CHACHA20_POLY1305_SHA256
// XXX
// Inconsistency alert:
// The OpenSSL names of ciphers with ephemeral DH here include the string
// "DHE", while elsewhere it has always been "EDH".
// (The alias for the list of all such ciphers also is "EDH".)
// The specifications speak of "EDH"; maybe we should allow both forms
// for everything.
#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"
#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA \
"EXP1024-DHE-DSS-DES-CBC-SHA"
#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA"
#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"
// AES ciphersuites from RFC 3268
#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA"
#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA"
#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA"
#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA"
#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA"
#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA"
#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA"
#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA"
#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA"
#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA"
#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
// ECC ciphersuites from RFC 4492
#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA"
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA"
#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA"
#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA"
#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA"
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA"
#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA"
#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA"
#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA"
#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA"
#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA"
#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA"
#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA"
#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA"
#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA"
#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA"
#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
// PSK ciphersuites from RFC 4279
#define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA"
#define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA"
#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"
#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"
// PSK ciphersuites from RFC 5489
#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA"
#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA"
// SRP ciphersuite from RFC 5054
#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA"
#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA"
#define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA"
#define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA"
#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA"
#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA"
#define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA"
#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA"
#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA"
// Camellia ciphersuites from RFC 4132
#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA"
#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA"
#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA"
#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA"
#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA"
#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA"
#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA"
#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA"
#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA"
#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA"
// SEED ciphersuites from RFC 4162
#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA"
#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA"
#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA"
#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA"
#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"
#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"
// TLS v1.2 ciphersuites
#define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256"
#define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256"
#define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256"
#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256"
#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256"
#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256"
#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256"
#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256"
#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256"
#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256"
#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256"
#define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256"
#define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256"
// TLS v1.2 GCM ciphersuites from RFC 5288
#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256"
#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384"
#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256"
#define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384"
#define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256"
#define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384"
#define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256"
#define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384"
#define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256"
#define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384"
#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256"
#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384"
// ECDH HMAC based ciphersuites from RFC 5289
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256"
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384"
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256"
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384"
#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256"
#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384"
#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256"
#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384"
// ECDH GCM based ciphersuites from RFC 5289
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 \
"ECDHE-ECDSA-AES128-GCM-SHA256"
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 \
"ECDHE-ECDSA-AES256-GCM-SHA384"
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 \
"ECDH-ECDSA-AES128-GCM-SHA256"
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 \
"ECDH-ECDSA-AES256-GCM-SHA384"
#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256"
#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384"
#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256"
#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"
#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
"ECDHE-RSA-CHACHA20-POLY1305"
#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 \
"ECDHE-ECDSA-CHACHA20-POLY1305"
#define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \
"ECDHE-PSK-CHACHA20-POLY1305"
// TLS 1.3 ciphersuites from RFC 8446.
#define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256"
#define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384"
#define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256"
// The following constants are legacy aliases of |TLS1_3_CK_*|.
// TODO(bbe): Migrate callers to the new name and remove these.
#define TLS1_TXT_AES_128_GCM_SHA256 TLS1_3_RFC_AES_128_GCM_SHA256
#define TLS1_TXT_AES_256_GCM_SHA384 TLS1_3_RFC_AES_256_GCM_SHA384
#define TLS1_TXT_CHACHA20_POLY1305_SHA256 TLS1_3_RFC_CHACHA20_POLY1305_SHA256
#define TLS_CT_RSA_SIGN 1
#define TLS_CT_DSS_SIGN 2
#define TLS_CT_RSA_FIXED_DH 3
#define TLS_CT_DSS_FIXED_DH 4
#define TLS_CT_ECDSA_SIGN 64
#define TLS_CT_RSA_FIXED_ECDH 65
#define TLS_CT_ECDSA_FIXED_ECDH 66
#define TLS_MD_MAX_CONST_SIZE 20
#ifdef __cplusplus
} // extern C
#endif
#endif // OPENSSL_HEADER_TLS1_H

333
vendor/aws-lc-sys/aws-lc/include/openssl/trust_token.h vendored Normal file
View File

@@ -0,0 +1,333 @@
// Copyright (c) 2020, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_TRUST_TOKEN_H
#define OPENSSL_HEADER_TRUST_TOKEN_H
#include <openssl/base.h>
#include <openssl/stack.h>
#if defined(__cplusplus)
extern "C" {
#endif
// Trust Token implementation.
//
// Trust Token is an implementation of an experimental mechanism similar to
// Privacy Pass which allows issuance and redemption of anonymized tokens with
// limited private metadata.
//
// References:
// https://eprint.iacr.org/2020/072.pdf
// https://github.com/alxdavids/privacy-pass-ietf/tree/master/drafts
// https://github.com/WICG/trust-token-api/blob/master/README.md
//
// WARNING: This API is unstable and subject to change.
// TRUST_TOKEN_experiment_v1 is an experimental Trust Tokens protocol using
// PMBTokens and P-384.
OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v1(void);
// TRUST_TOKEN_experiment_v2_voprf is an experimental Trust Tokens protocol
// using VOPRFs and P-384 with up to 6 keys, without RR verification.
OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_voprf(void);
// TRUST_TOKEN_experiment_v2_pmb is an experimental Trust Tokens protocol using
// PMBTokens and P-384 with up to 3 keys, without RR verification.
OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_pmb(void);
// TRUST_TOKEN_pst_v1_voprf is an experimental Trust Tokens protocol
// using VOPRFs and P-384 with up to 6 keys, without RR verification.
OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_pst_v1_voprf(void);
// TRUST_TOKEN_pst_v1_pmb is an experimental Trust Tokens protocol using
// PMBTokens and P-384 with up to 3 keys, without RR verification.
OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_pst_v1_pmb(void);
// trust_token_st represents a single-use token for the Trust Token protocol.
// For the client, this is the token and its corresponding signature. For the
// issuer, this is the token itself.
struct trust_token_st {
uint8_t *data;
size_t len;
};
DEFINE_STACK_OF(TRUST_TOKEN)
// TRUST_TOKEN_new creates a newly-allocated |TRUST_TOKEN| with value |data| or
// NULL on allocation failure.
OPENSSL_EXPORT TRUST_TOKEN *TRUST_TOKEN_new(const uint8_t *data, size_t len);
// TRUST_TOKEN_free releases memory associated with |token|.
OPENSSL_EXPORT void TRUST_TOKEN_free(TRUST_TOKEN *token);
#define TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE 512
#define TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE 512
// TRUST_TOKEN_generate_key creates a new Trust Token keypair labeled with |id|
// and serializes the private and public keys, writing the private key to
// |out_priv_key| and setting |*out_priv_key_len| to the number of bytes
// written, and writing the public key to |out_pub_key| and setting
// |*out_pub_key_len| to the number of bytes written.
//
// At most |max_priv_key_len| and |max_pub_key_len| bytes are written. In order
// to ensure success, these should be at least
// |TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE| and |TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE|.
//
// This function returns one on success or zero on error.
OPENSSL_EXPORT int TRUST_TOKEN_generate_key(
const TRUST_TOKEN_METHOD *method, uint8_t *out_priv_key,
size_t *out_priv_key_len, size_t max_priv_key_len, uint8_t *out_pub_key,
size_t *out_pub_key_len, size_t max_pub_key_len, uint32_t id);
// TRUST_TOKEN_derive_key_from_secret deterministically derives a new Trust
// Token keypair labeled with |id| from an input |secret| and serializes the
// private and public keys, writing the private key to |out_priv_key| and
// setting |*out_priv_key_len| to the number of bytes written, and writing the
// public key to |out_pub_key| and setting |*out_pub_key_len| to the number of
// bytes written.
//
// At most |max_priv_key_len| and |max_pub_key_len| bytes are written. In order
// to ensure success, these should be at least
// |TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE| and |TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE|.
//
// This function returns one on success or zero on error.
OPENSSL_EXPORT int TRUST_TOKEN_derive_key_from_secret(
const TRUST_TOKEN_METHOD *method, uint8_t *out_priv_key,
size_t *out_priv_key_len, size_t max_priv_key_len, uint8_t *out_pub_key,
size_t *out_pub_key_len, size_t max_pub_key_len, uint32_t id,
const uint8_t *secret, size_t secret_len);
// Trust Token client implementation.
//
// These functions implements the client half of the Trust Token protocol. A
// single |TRUST_TOKEN_CLIENT| can perform a single protocol operation.
// TRUST_TOKEN_CLIENT_new returns a newly-allocated |TRUST_TOKEN_CLIENT|
// configured to use a max batchsize of |max_batchsize| or NULL on error.
// Issuance requests must be made in batches smaller than |max_batchsize|. This
// function will return an error if |max_batchsize| is too large for Trust
// Tokens.
OPENSSL_EXPORT TRUST_TOKEN_CLIENT *TRUST_TOKEN_CLIENT_new(
const TRUST_TOKEN_METHOD *method, size_t max_batchsize);
// TRUST_TOKEN_CLIENT_free releases memory associated with |ctx|.
OPENSSL_EXPORT void TRUST_TOKEN_CLIENT_free(TRUST_TOKEN_CLIENT *ctx);
// TRUST_TOKEN_CLIENT_add_key configures the |ctx| to support the public key
// |key|. It sets |*out_key_index| to the index this key has been configured to.
// It returns one on success or zero on error if the |key| can't be parsed or
// too many keys have been configured.
OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_add_key(TRUST_TOKEN_CLIENT *ctx,
size_t *out_key_index,
const uint8_t *key,
size_t key_len);
// TRUST_TOKEN_CLIENT_set_srr_key sets the public key used to verify the SRR. It
// returns one on success and zero on error.
OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_set_srr_key(TRUST_TOKEN_CLIENT *ctx,
EVP_PKEY *key);
// TRUST_TOKEN_CLIENT_begin_issuance produces a request for |count| trust tokens
// and serializes the request into a newly-allocated buffer, setting |*out| to
// that buffer and |*out_len| to its length. The caller takes ownership of the
// buffer and must call |OPENSSL_free| when done. It returns one on success and
// zero on error.
OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_begin_issuance(TRUST_TOKEN_CLIENT *ctx,
uint8_t **out,
size_t *out_len,
size_t count);
// TRUST_TOKEN_CLIENT_begin_issuance_over_message produces a request for a trust
// token derived from |msg| and serializes the request into a newly-allocated
// buffer, setting |*out| to that buffer and |*out_len| to its length. The
// caller takes ownership of the buffer and must call |OPENSSL_free| when done.
// It returns one on success and zero on error.
OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_begin_issuance_over_message(
TRUST_TOKEN_CLIENT *ctx, uint8_t **out, size_t *out_len, size_t count,
const uint8_t *msg, size_t msg_len);
// TRUST_TOKEN_CLIENT_finish_issuance consumes |response| from the issuer and
// extracts the tokens, returning a list of tokens and the index of the key used
// to sign the tokens in |*out_key_index|. The caller can use this to determine
// what key was used in an issuance and to drop tokens if a new key commitment
// arrives without the specified key present. The caller takes ownership of the
// list and must call |sk_TRUST_TOKEN_pop_free| when done. The list is empty if
// issuance fails.
OPENSSL_EXPORT STACK_OF(TRUST_TOKEN) *
TRUST_TOKEN_CLIENT_finish_issuance(TRUST_TOKEN_CLIENT *ctx,
size_t *out_key_index,
const uint8_t *response,
size_t response_len);
// TRUST_TOKEN_CLIENT_begin_redemption produces a request to redeem a token
// |token| and receive a signature over |data| and serializes the request into
// a newly-allocated buffer, setting |*out| to that buffer and |*out_len| to
// its length. |time| is the number of seconds since the UNIX epoch and used to
// verify the validity of the issuer's response in TrustTokenV1 and ignored in
// other versions. The caller takes ownership of the buffer and must call
// |OPENSSL_free| when done. It returns one on success or zero on error.
OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_begin_redemption(
TRUST_TOKEN_CLIENT *ctx, uint8_t **out, size_t *out_len,
const TRUST_TOKEN *token, const uint8_t *data, size_t data_len,
uint64_t time);
// TRUST_TOKEN_CLIENT_finish_redemption consumes |response| from the issuer. In
// |TRUST_TOKEN_experiment_v1|, it then verifies the SRR and if valid sets
// |*out_rr| and |*out_rr_len| (respectively, |*out_sig| and |*out_sig_len|)
// to a newly-allocated buffer containing the SRR (respectively, the SRR
// signature). In other versions, it sets |*out_rr| and |*out_rr_len|
// to a newly-allocated buffer containing |response| and leaves all validation
// to the caller. It returns one on success or zero on failure.
OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_finish_redemption(
TRUST_TOKEN_CLIENT *ctx, uint8_t **out_rr, size_t *out_rr_len,
uint8_t **out_sig, size_t *out_sig_len, const uint8_t *response,
size_t response_len);
// Trust Token issuer implementation.
//
// These functions implement the issuer half of the Trust Token protocol. A
// |TRUST_TOKEN_ISSUER| can be reused across multiple protocol operations. It
// may be used concurrently on multiple threads by non-mutating functions,
// provided no other thread is concurrently calling a mutating function.
// Functions which take a |const| pointer are non-mutating and functions which
// take a non-|const| pointer are mutating.
// TRUST_TOKEN_ISSUER_new returns a newly-allocated |TRUST_TOKEN_ISSUER|
// configured to use a max batchsize of |max_batchsize| or NULL on error.
// Issuance requests must be made in batches smaller than |max_batchsize|. This
// function will return an error if |max_batchsize| is too large for Trust
// Tokens.
OPENSSL_EXPORT TRUST_TOKEN_ISSUER *TRUST_TOKEN_ISSUER_new(
const TRUST_TOKEN_METHOD *method, size_t max_batchsize);
// TRUST_TOKEN_ISSUER_free releases memory associated with |ctx|.
OPENSSL_EXPORT void TRUST_TOKEN_ISSUER_free(TRUST_TOKEN_ISSUER *ctx);
// TRUST_TOKEN_ISSUER_add_key configures the |ctx| to support the private key
// |key|. It must be a private key returned by |TRUST_TOKEN_generate_key|. It
// returns one on success or zero on error. This function may fail if the |key|
// can't be parsed or too many keys have been configured.
OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_add_key(TRUST_TOKEN_ISSUER *ctx,
const uint8_t *key,
size_t key_len);
// TRUST_TOKEN_ISSUER_set_srr_key sets the private key used to sign the SRR. It
// returns one on success and zero on error.
OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_set_srr_key(TRUST_TOKEN_ISSUER *ctx,
EVP_PKEY *key);
// TRUST_TOKEN_ISSUER_set_metadata_key sets the key used to encrypt the private
// metadata. The key is a randomly generated bytestring of at least 32 bytes
// used to encode the private metadata bit in the SRR. It returns one on success
// and zero on error.
OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_set_metadata_key(TRUST_TOKEN_ISSUER *ctx,
const uint8_t *key,
size_t len);
// TRUST_TOKEN_ISSUER_issue ingests |request| for token issuance
// and generates up to |max_issuance| valid tokens, producing a list of blinded
// tokens and storing the response into a newly-allocated buffer and setting
// |*out| to that buffer, |*out_len| to its length, and |*out_tokens_issued| to
// the number of tokens issued. The tokens are issued with public metadata of
// |public_metadata| and a private metadata value of |private_metadata|.
// |public_metadata| must be one of the previously configured key IDs.
// |private_metadata| must be 0 or 1. The caller takes ownership of the buffer
// and must call |OPENSSL_free| when done. It returns one on success or zero on
// error.
OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_issue(
const TRUST_TOKEN_ISSUER *ctx, uint8_t **out, size_t *out_len,
size_t *out_tokens_issued, const uint8_t *request, size_t request_len,
uint32_t public_metadata, uint8_t private_metadata, size_t max_issuance);
// TRUST_TOKEN_ISSUER_redeem ingests a |request| for token redemption and
// verifies the token. The public metadata is stored in |*out_public|. The
// private metadata (if any) is stored in |*out_private|. The extracted
// |TRUST_TOKEN| is stored into a newly-allocated buffer and stored in
// |*out_token|. The extracted client data is stored into a newly-allocated
// buffer and stored in |*out_client_data|. The caller takes ownership of each
// output buffer and must call |OPENSSL_free| when done. It returns one on
// success or zero on error.
//
// The caller must keep track of all values of |*out_token| seen globally before
// returning a response to the client. If the value has been reused, the caller
// must report an error to the client. Returning a response with replayed values
// allows an attacker to double-spend tokens.
OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_redeem(
const TRUST_TOKEN_ISSUER *ctx, uint32_t *out_public, uint8_t *out_private,
TRUST_TOKEN **out_token, uint8_t **out_client_data,
size_t *out_client_data_len, const uint8_t *request, size_t request_len);
// TRUST_TOKEN_ISSUER_redeem_raw is a legacy alias for
// |TRUST_TOKEN_ISSUER_redeem|.
#define TRUST_TOKEN_ISSUER_redeem_raw TRUST_TOKEN_ISSUER_redeem
// TRUST_TOKEN_ISSUER_redeem_over_message ingests a |request| for token
// redemption and a message and verifies the token and that it is derived from
// the provided |msg|. The public metadata is stored in
// |*out_public|. The private metadata (if any) is stored in |*out_private|. The
// extracted |TRUST_TOKEN| is stored into a newly-allocated buffer and stored in
// |*out_token|. The extracted client data is stored into a newly-allocated
// buffer and stored in |*out_client_data|. The caller takes ownership of each
// output buffer and must call |OPENSSL_free| when done. It returns one on
// success or zero on error.
//
// The caller must keep track of all values of |*out_token| seen globally before
// returning a response to the client. If the value has been reused, the caller
// must report an error to the client. Returning a response with replayed values
// allows an attacker to double-spend tokens.
OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_redeem_over_message(
const TRUST_TOKEN_ISSUER *ctx, uint32_t *out_public, uint8_t *out_private,
TRUST_TOKEN **out_token, uint8_t **out_client_data,
size_t *out_client_data_len, const uint8_t *request, size_t request_len,
const uint8_t *msg, size_t msg_len);
// TRUST_TOKEN_decode_private_metadata decodes |encrypted_bit| using the
// private metadata key specified by a |key| buffer of length |key_len| and the
// nonce by a |nonce| buffer of length |nonce_len|. The nonce in
// |TRUST_TOKEN_experiment_v1| is the token-hash field of the SRR. |*out_value|
// is set to the decrypted value, either zero or one. It returns one on success
// and zero on error.
OPENSSL_EXPORT int TRUST_TOKEN_decode_private_metadata(
const TRUST_TOKEN_METHOD *method, uint8_t *out_value, const uint8_t *key,
size_t key_len, const uint8_t *nonce, size_t nonce_len,
uint8_t encrypted_bit);
#if defined(__cplusplus)
} // extern C
extern "C++" {
BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(TRUST_TOKEN, TRUST_TOKEN_free)
BORINGSSL_MAKE_DELETER(TRUST_TOKEN_CLIENT, TRUST_TOKEN_CLIENT_free)
BORINGSSL_MAKE_DELETER(TRUST_TOKEN_ISSUER, TRUST_TOKEN_ISSUER_free)
BSSL_NAMESPACE_END
} // extern C++
#endif
#define TRUST_TOKEN_R_KEYGEN_FAILURE 100
#define TRUST_TOKEN_R_BUFFER_TOO_SMALL 101
#define TRUST_TOKEN_R_OVER_BATCHSIZE 102
#define TRUST_TOKEN_R_DECODE_ERROR 103
#define TRUST_TOKEN_R_SRR_SIGNATURE_ERROR 104
#define TRUST_TOKEN_R_DECODE_FAILURE 105
#define TRUST_TOKEN_R_INVALID_METADATA 106
#define TRUST_TOKEN_R_TOO_MANY_KEYS 107
#define TRUST_TOKEN_R_NO_KEYS_CONFIGURED 108
#define TRUST_TOKEN_R_INVALID_KEY_ID 109
#define TRUST_TOKEN_R_INVALID_TOKEN 110
#define TRUST_TOKEN_R_BAD_VALIDITY_CHECK 111
#define TRUST_TOKEN_R_NO_SRR_KEY_CONFIGURED 112
#define TRUST_TOKEN_R_INVALID_METADATA_KEY 113
#define TRUST_TOKEN_R_INVALID_PROOF 114
#endif // OPENSSL_HEADER_TRUST_TOKEN_H

28
vendor/aws-lc-sys/aws-lc/include/openssl/type_check.h vendored Normal file
View File

@@ -0,0 +1,28 @@
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_TYPE_CHECK_H
#define OPENSSL_HEADER_TYPE_CHECK_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// CHECKED_CAST casts |p| from type |from| to type |to|.
//
// TODO(davidben): Although this macro is not public API and is unused in
// BoringSSL, wpa_supplicant uses it to define its own stacks. Remove this once
// wpa_supplicant has been fixed.
#define CHECKED_CAST(to, from, p) ((to) (1 ? (p) : (from)0))
// CHECKED_PTR_OF casts a given pointer to void* and statically checks that it
// was a pointer to |type|.
#define CHECKED_PTR_OF(type, p) CHECKED_CAST(void*, type*, (p))
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_TYPE_CHECK_H

39
vendor/aws-lc-sys/aws-lc/include/openssl/ui.h vendored Normal file
View File

@@ -0,0 +1,39 @@
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 OR ISC
#ifndef UI_H
#define UI_H
#include "openssl/base.h"
struct ui_st {
char _unused;
};
struct ui_method_st {
char _unused;
};
typedef struct ui_st UI;
typedef struct ui_method_st UI_METHOD;
/// UI_new does nothing, always returns NULL.
OPENSSL_EXPORT OPENSSL_DEPRECATED UI *UI_new(void);
/// UI_free invokes OPENSSL_free on its parameter.
OPENSSL_EXPORT OPENSSL_DEPRECATED void UI_free(UI *ui);
/// UI_add_input_string does nothing, always returns -1 for failure.
OPENSSL_EXPORT OPENSSL_DEPRECATED int UI_add_input_string(UI *ui, const char *prompt, int flags,
char *result_buf, int minsize, int maxsize);
/// UI_add_verify_string does nothing, always returns -1 for failure.
OPENSSL_EXPORT OPENSSL_DEPRECATED int UI_add_verify_string(UI *ui, const char *prompt, int flags,
char *result_buf, int minsize, int maxsize, const char *test_buf);
/// UI_add_info_string does nothing, always returns -1 for failure.
OPENSSL_EXPORT OPENSSL_DEPRECATED int UI_add_info_string(UI *ui, const char *text);
/// UI_process does nothing, always returns -1 for failure.
OPENSSL_EXPORT OPENSSL_DEPRECATED int UI_process(UI *ui);
#endif //UI_H

5679
vendor/aws-lc-sys/aws-lc/include/openssl/x509.h vendored Normal file
View File

File diff suppressed because it is too large Load Diff

7
vendor/aws-lc-sys/aws-lc/include/openssl/x509_vfy.h vendored Normal file
View File

@@ -0,0 +1,7 @@
// Copyright (c) 2021, Google Inc.
// SPDX-License-Identifier: ISC
/* This header is provided in order to make compiling against code that expects
OpenSSL easier. */
#include "x509.h"

52
vendor/aws-lc-sys/aws-lc/include/openssl/x509v3.h vendored Normal file
View File

@@ -0,0 +1,52 @@
// Copyright (c) 2023, Google Inc.
// SPDX-License-Identifier: ISC
#ifndef OPENSSL_HEADER_X509V3_H
#define OPENSSL_HEADER_X509V3_H
// This header primarily exists in order to make compiling against code that
// expects OpenSSL easier. We have merged this header into <openssl/x509.h>.
// However, due to conflicts, some deprecated symbols are defined here.
#include <openssl/x509.h>
// CRL reason constants.
// TODO(davidben): These constants live here because strongswan defines
// conflicting symbols and has been relying on them only being defined in
// <openssl/x509v3.h>. Defining the constants in <openssl/x509.h> would break
// strongswan, but we would also like for new code to only need
// <openssl/x509.h>. Introduce properly namespaced versions of these constants
// and, separately, see if we can fix strongswan to similarly avoid the
// conflict. Between OpenSSL, strongswan, and wincrypt.h all defining these
// constants, it seems best for everyone to just avoid them going forward.
#define CRL_REASON_NONE (-1)
#define CRL_REASON_UNSPECIFIED 0
#define CRL_REASON_KEY_COMPROMISE 1
#define CRL_REASON_CA_COMPROMISE 2
#define CRL_REASON_AFFILIATION_CHANGED 3
#define CRL_REASON_SUPERSEDED 4
#define CRL_REASON_CESSATION_OF_OPERATION 5
#define CRL_REASON_CERTIFICATE_HOLD 6
#define CRL_REASON_REMOVE_FROM_CRL 8
#define CRL_REASON_PRIVILEGE_WITHDRAWN 9
#define CRL_REASON_AA_COMPROMISE 10
// Deprecated constants.
// The following constants are legacy aliases for |X509v3_KU_*|. They are
// defined here instead of in <openssl/x509.h> because NSS's public headers use
// the same symbols. Some callers have inadvertently relied on the conflicts
// only being defined in this header.
#define KU_DIGITAL_SIGNATURE X509v3_KU_DIGITAL_SIGNATURE
#define KU_NON_REPUDIATION X509v3_KU_NON_REPUDIATION
#define KU_KEY_ENCIPHERMENT X509v3_KU_KEY_ENCIPHERMENT
#define KU_DATA_ENCIPHERMENT X509v3_KU_DATA_ENCIPHERMENT
#define KU_KEY_AGREEMENT X509v3_KU_KEY_AGREEMENT
#define KU_KEY_CERT_SIGN X509v3_KU_KEY_CERT_SIGN
#define KU_CRL_SIGN X509v3_KU_CRL_SIGN
#define KU_ENCIPHER_ONLY X509v3_KU_ENCIPHER_ONLY
#define KU_DECIPHER_ONLY X509v3_KU_DECIPHER_ONLY
#endif // OPENSSL_HEADER_X509V3_H

74
vendor/aws-lc-sys/aws-lc/include/openssl/x509v3_errors.h vendored Normal file
View File

@@ -0,0 +1,74 @@
// Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 1999
// Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
// SPDX-License-Identifier: Apache-2.0
#ifndef OPENSSL_HEADER_X509V3_ERRORS_H
#define OPENSSL_HEADER_X509V3_ERRORS_H
#define X509V3_R_BAD_IP_ADDRESS 100
#define X509V3_R_BAD_OBJECT 101
#define X509V3_R_BN_DEC2BN_ERROR 102
#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 103
#define X509V3_R_CANNOT_FIND_FREE_FUNCTION 104
#define X509V3_R_DIRNAME_ERROR 105
#define X509V3_R_DISTPOINT_ALREADY_SET 106
#define X509V3_R_DUPLICATE_ZONE_ID 107
#define X509V3_R_ERROR_CONVERTING_ZONE 108
#define X509V3_R_ERROR_CREATING_EXTENSION 109
#define X509V3_R_ERROR_IN_EXTENSION 110
#define X509V3_R_EXPECTED_A_SECTION_NAME 111
#define X509V3_R_EXTENSION_EXISTS 112
#define X509V3_R_EXTENSION_NAME_ERROR 113
#define X509V3_R_EXTENSION_NOT_FOUND 114
#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 115
#define X509V3_R_EXTENSION_VALUE_ERROR 116
#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 117
#define X509V3_R_ILLEGAL_HEX_DIGIT 118
#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 119
#define X509V3_R_INVALID_BOOLEAN_STRING 120
#define X509V3_R_INVALID_EXTENSION_STRING 121
#define X509V3_R_INVALID_MULTIPLE_RDNS 122
#define X509V3_R_INVALID_NAME 123
#define X509V3_R_INVALID_NULL_ARGUMENT 124
#define X509V3_R_INVALID_NULL_NAME 125
#define X509V3_R_INVALID_NULL_VALUE 126
#define X509V3_R_INVALID_NUMBER 127
#define X509V3_R_INVALID_NUMBERS 128
#define X509V3_R_INVALID_OBJECT_IDENTIFIER 129
#define X509V3_R_INVALID_OPTION 130
#define X509V3_R_INVALID_POLICY_IDENTIFIER 131
#define X509V3_R_INVALID_PROXY_POLICY_SETTING 132
#define X509V3_R_INVALID_PURPOSE 133
#define X509V3_R_INVALID_SECTION 134
#define X509V3_R_INVALID_SYNTAX 135
#define X509V3_R_ISSUER_DECODE_ERROR 136
#define X509V3_R_MISSING_VALUE 137
#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 138
#define X509V3_R_NO_CONFIG_DATABASE 139
#define X509V3_R_NO_ISSUER_CERTIFICATE 140
#define X509V3_R_NO_ISSUER_DETAILS 141
#define X509V3_R_NO_POLICY_IDENTIFIER 142
#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 143
#define X509V3_R_NO_PUBLIC_KEY 144
#define X509V3_R_NO_SUBJECT_DETAILS 145
#define X509V3_R_ODD_NUMBER_OF_DIGITS 146
#define X509V3_R_OPERATION_NOT_DEFINED 147
#define X509V3_R_OTHERNAME_ERROR 148
#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 149
#define X509V3_R_POLICY_PATH_LENGTH 150
#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 151
#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 152
#define X509V3_R_SECTION_NOT_FOUND 153
#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 154
#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 155
#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 156
#define X509V3_R_UNKNOWN_EXTENSION 157
#define X509V3_R_UNKNOWN_EXTENSION_NAME 158
#define X509V3_R_UNKNOWN_OPTION 159
#define X509V3_R_UNSUPPORTED_OPTION 160
#define X509V3_R_UNSUPPORTED_TYPE 161
#define X509V3_R_USER_TOO_LONG 162
#define X509V3_R_INVALID_VALUE 163
#define X509V3_R_TRAILING_DATA_IN_EXTENSION 164
#endif // OPENSSL_HEADER_X509V3_ERRORS_H