aboutsummaryrefslogtreecommitdiffstats
path: root/server/resty/openssl/include/evp
diff options
context:
space:
mode:
authorFiete Ostkamp <Fiete.Ostkamp@telekom.de>2024-03-01 13:03:12 +0100
committerFiete Ostkamp <Fiete.Ostkamp@telekom.de>2024-03-01 13:03:12 +0100
commit97d7de9af2cb6cc3bbbcae18ada738ace7771903 (patch)
treea7c6221348272e82406bba446b6b00b1d1b8e608 /server/resty/openssl/include/evp
parentbf25efd6d3ed28266ed916c0ebe9dd3a45a4affb (diff)
portal-ng pods run under root user
- switch base image from openresty to nginx-unprivileged - remove custom lua plugin code - dynamically determine dns resolver ip during container startup Issue-ID: PORTALNG-67 Change-Id: I23fb5e684dbb98a326afb00911a1f5ae78e2536d Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
Diffstat (limited to 'server/resty/openssl/include/evp')
-rw-r--r--server/resty/openssl/include/evp/cipher.lua123
-rw-r--r--server/resty/openssl/include/evp/kdf.lua148
-rw-r--r--server/resty/openssl/include/evp/mac.lua38
-rw-r--r--server/resty/openssl/include/evp/md.lua86
-rw-r--r--server/resty/openssl/include/evp/pkey.lua234
5 files changed, 0 insertions, 629 deletions
diff --git a/server/resty/openssl/include/evp/cipher.lua b/server/resty/openssl/include/evp/cipher.lua
deleted file mode 100644
index c803766..0000000
--- a/server/resty/openssl/include/evp/cipher.lua
+++ /dev/null
@@ -1,123 +0,0 @@
-local ffi = require "ffi"
-
-require "resty.openssl.include.ossl_typ"
-local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10
-local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER
-local OPENSSL_3X = require("resty.openssl.version").OPENSSL_3X
-local BORINGSSL = require("resty.openssl.version").BORINGSSL
-
-ffi.cdef [[
- // openssl < 3.0
- int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
- int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
- int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
- int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
-
- const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
- const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
- int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
- int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, const unsigned char *in, int inl);
- int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, const unsigned char *in, int inl);
-
-
- int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
- const EVP_CIPHER *cipher, ENGINE *impl,
- const unsigned char *key,
- const unsigned char *iv, int enc);
- int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, const unsigned char *in, int inl);
- int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
- int *outl);
-
- // list functions
- typedef void* fake_openssl_cipher_list_fn(const EVP_CIPHER *ciph, const char *from,
- const char *to, void *x);
- //void EVP_CIPHER_do_all_sorted(fake_openssl_cipher_list_fn*, void *arg);
- void EVP_CIPHER_do_all_sorted(void (*fn)
- (const EVP_CIPHER *ciph, const char *from,
- const char *to, void *x), void *arg);
- int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
-]]
-
-if BORINGSSL then
- ffi.cdef [[
- int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
- const uint8_t *salt, const uint8_t *data,
- size_t data_len, unsigned count, uint8_t *key,
- uint8_t *iv);
- ]]
-else
- ffi.cdef [[
- int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
- const unsigned char *salt,
- const unsigned char *data, int datal, int count,
- unsigned char *key, unsigned char *iv);
- ]]
-end
-
-if OPENSSL_3X then
- require "resty.openssl.include.provider"
-
- ffi.cdef [[
- int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx);
- int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx);
- int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx);
-
- int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher);
-
- const OSSL_PROVIDER *EVP_CIPHER_get0_provider(const EVP_CIPHER *cipher);
- EVP_CIPHER *EVP_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
- const char *properties);
-
- typedef void* fake_openssl_cipher_provided_list_fn(EVP_CIPHER *cipher, void *arg);
- void EVP_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx,
- fake_openssl_cipher_provided_list_fn*,
- void *arg);
- int EVP_CIPHER_up_ref(EVP_CIPHER *cipher);
- void EVP_CIPHER_free(EVP_CIPHER *cipher);
-
- const char *EVP_CIPHER_get0_name(const EVP_CIPHER *cipher);
-
- int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]);
- const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *ctx);
- int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]);
- const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *ctx);
- ]]
-end
-
-if OPENSSL_11_OR_LATER then
- ffi.cdef [[
- EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
- int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c);
- void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c);
- ]]
-elseif OPENSSL_10 then
- ffi.cdef [[
- void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
- int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
-
- // # define EVP_MAX_IV_LENGTH 16
- // # define EVP_MAX_BLOCK_LENGTH 32
-
- struct evp_cipher_ctx_st {
- const EVP_CIPHER *cipher;
- ENGINE *engine; /* functional reference if 'cipher' is
- * ENGINE-provided */
- int encrypt; /* encrypt or decrypt */
- int buf_len; /* number we have left */
- unsigned char oiv[16]; /* original iv EVP_MAX_IV_LENGTH */
- unsigned char iv[16]; /* working iv EVP_MAX_IV_LENGTH */
- unsigned char buf[32]; /* saved partial block EVP_MAX_BLOCK_LENGTH */
- int num; /* used by cfb/ofb/ctr mode */
- void *app_data; /* application stuff */
- int key_len; /* May change for variable length cipher */
- unsigned long flags; /* Various flags */
- void *cipher_data; /* per EVP data */
- int final_used;
- int block_mask;
- unsigned char final[32]; /* possible final block EVP_MAX_BLOCK_LENGTH */
- } /* EVP_CIPHER_CTX */ ;
- ]]
-end \ No newline at end of file
diff --git a/server/resty/openssl/include/evp/kdf.lua b/server/resty/openssl/include/evp/kdf.lua
deleted file mode 100644
index 1fd408f..0000000
--- a/server/resty/openssl/include/evp/kdf.lua
+++ /dev/null
@@ -1,148 +0,0 @@
-local ffi = require "ffi"
-local ffi_cast = ffi.cast
-local C = ffi.C
-
-require "resty.openssl.include.ossl_typ"
-require "resty.openssl.include.evp.md"
-local evp = require("resty.openssl.include.evp")
-local ctypes = require "resty.openssl.auxiliary.ctypes"
-local OPENSSL_3X = require("resty.openssl.version").OPENSSL_3X
-local BORINGSSL = require("resty.openssl.version").BORINGSSL
-
-local void_ptr = ctypes.void_ptr
-
-local _M = {
- EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND = 0,
- EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY = 1,
- EVP_PKEY_HKDEF_MODE_EXPAND_ONLY = 2,
-}
-
-if OPENSSL_3X then
- require "resty.openssl.include.provider"
-
- ffi.cdef [[
- const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf);
-
- typedef void* fake_openssl_kdf_provided_list_fn(EVP_KDF *kdf, void *arg);
- void EVP_KDF_do_all_provided(OSSL_LIB_CTX *libctx,
- fake_openssl_kdf_provided_list_fn*,
- void *arg);
- int EVP_KDF_up_ref(EVP_KDF *kdf);
- void EVP_KDF_free(EVP_KDF *kdf);
-
- const char *EVP_KDF_get0_name(const EVP_KDF *kdf);
-
- EVP_KDF *EVP_KDF_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
- const char *properties);
- EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf);
- void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx);
- void EVP_KDF_CTX_reset(EVP_KDF_CTX *ctx);
-
- size_t EVP_KDF_CTX_get_kdf_size(EVP_KDF_CTX *ctx);
- int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen,
- const OSSL_PARAM params[]);
-
- int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]);
- int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]);
- const OSSL_PARAM *EVP_KDF_CTX_gettable_params(const EVP_KDF_CTX *ctx);
- const OSSL_PARAM *EVP_KDF_CTX_settable_params(const EVP_KDF_CTX *ctx);
- ]]
-end
-
-if OPENSSL_3X or BORINGSSL then
- ffi.cdef [[
- int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
- int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx,
- const unsigned char *sec, int seclen);
- int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx,
- const unsigned char *seed, int seedlen);
-
- int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
- int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *ctx,
- const unsigned char *salt, int saltlen);
- int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx,
- const unsigned char *key, int keylen);
- int EVP_PKEY_CTX_set_hkdf_mode(EVP_PKEY_CTX *ctx, int mode);
- int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx,
- const unsigned char *info, int infolen);
- ]]
-
- _M.EVP_PKEY_CTX_set_tls1_prf_md = function(pctx, md)
- return C.EVP_PKEY_CTX_set_tls1_prf_md(pctx, md)
- end
- _M.EVP_PKEY_CTX_set1_tls1_prf_secret = function(pctx, sec)
- return C.EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, #sec)
- end
- _M.EVP_PKEY_CTX_add1_tls1_prf_seed = function(pctx, seed)
- return C.EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, #seed)
- end
-
- _M.EVP_PKEY_CTX_set_hkdf_md = function(pctx, md)
- return C.EVP_PKEY_CTX_set_hkdf_md(pctx, md)
- end
- _M.EVP_PKEY_CTX_set1_hkdf_salt = function(pctx, salt)
- return C.EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, #salt)
- end
- _M.EVP_PKEY_CTX_set1_hkdf_key = function(pctx, key)
- return C.EVP_PKEY_CTX_set1_hkdf_key(pctx, key, #key)
- end
- _M.EVP_PKEY_CTX_set_hkdf_mode = function(pctx, mode)
- return C.EVP_PKEY_CTX_set_hkdf_mode(pctx, mode)
- end
- _M.EVP_PKEY_CTX_add1_hkdf_info = function(pctx, info)
- return C.EVP_PKEY_CTX_add1_hkdf_info(pctx, info, #info)
- end
-
-else
- _M.EVP_PKEY_CTX_set_tls1_prf_md = function(pctx, md)
- return C.EVP_PKEY_CTX_ctrl(pctx, -1,
- evp.EVP_PKEY_OP_DERIVE,
- evp.EVP_PKEY_CTRL_TLS_MD,
- 0, ffi_cast(void_ptr, md))
- end
- _M.EVP_PKEY_CTX_set1_tls1_prf_secret = function(pctx, sec)
- return C.EVP_PKEY_CTX_ctrl(pctx, -1,
- evp.EVP_PKEY_OP_DERIVE,
- evp.EVP_PKEY_CTRL_TLS_SECRET,
- #sec, ffi_cast(void_ptr, sec))
- end
- _M.EVP_PKEY_CTX_add1_tls1_prf_seed = function(pctx, seed)
- return C.EVP_PKEY_CTX_ctrl(pctx, -1,
- evp.EVP_PKEY_OP_DERIVE,
- evp.EVP_PKEY_CTRL_TLS_SEED,
- #seed, ffi_cast(void_ptr, seed))
- end
-
- _M.EVP_PKEY_CTX_set_hkdf_md = function(pctx, md)
- return C.EVP_PKEY_CTX_ctrl(pctx, -1,
- evp.EVP_PKEY_OP_DERIVE,
- evp.EVP_PKEY_CTRL_HKDF_MD,
- 0, ffi_cast(void_ptr, md))
- end
- _M.EVP_PKEY_CTX_set1_hkdf_salt = function(pctx, salt)
- return C.EVP_PKEY_CTX_ctrl(pctx, -1,
- evp.EVP_PKEY_OP_DERIVE,
- evp.EVP_PKEY_CTRL_HKDF_SALT,
- #salt, ffi_cast(void_ptr, salt))
- end
- _M.EVP_PKEY_CTX_set1_hkdf_key = function(pctx, key)
- return C.EVP_PKEY_CTX_ctrl(pctx, -1,
- evp.EVP_PKEY_OP_DERIVE,
- evp.EVP_PKEY_CTRL_HKDF_KEY,
- #key, ffi_cast(void_ptr, key))
- end
- _M.EVP_PKEY_CTX_set_hkdf_mode = function(pctx, mode)
- return C.EVP_PKEY_CTX_ctrl(pctx, -1,
- evp.EVP_PKEY_OP_DERIVE,
- evp.EVP_PKEY_CTRL_HKDF_MODE,
- mode, nil)
- end
- _M.EVP_PKEY_CTX_add1_hkdf_info = function(pctx, info)
- return C.EVP_PKEY_CTX_ctrl(pctx, -1,
- evp.EVP_PKEY_OP_DERIVE,
- evp.EVP_PKEY_CTRL_HKDF_INFO,
- #info, ffi_cast(void_ptr, info))
- end
-end
-
-return _M \ No newline at end of file
diff --git a/server/resty/openssl/include/evp/mac.lua b/server/resty/openssl/include/evp/mac.lua
deleted file mode 100644
index a831076..0000000
--- a/server/resty/openssl/include/evp/mac.lua
+++ /dev/null
@@ -1,38 +0,0 @@
-local ffi = require "ffi"
-
-require "resty.openssl.include.ossl_typ"
-require "resty.openssl.include.provider"
-
-ffi.cdef [[
- typedef struct evp_mac_st EVP_MAC;
- typedef struct evp_mac_ctx_st EVP_MAC_CTX;
-
- EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac);
- void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx);
-
- const OSSL_PROVIDER *EVP_MAC_get0_provider(const EVP_MAC *mac);
- EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
- const char *properties);
-
- int EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, size_t keylen,
- const OSSL_PARAM params[]);
- int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen);
- int EVP_MAC_final(EVP_MAC_CTX *ctx,
- unsigned char *out, size_t *outl, size_t outsize);
-
- size_t EVP_MAC_CTX_get_mac_size(EVP_MAC_CTX *ctx);
-
- typedef void* fake_openssl_mac_provided_list_fn(EVP_MAC *mac, void *arg);
- void EVP_MAC_do_all_provided(OSSL_LIB_CTX *libctx,
- fake_openssl_mac_provided_list_fn*,
- void *arg);
- int EVP_MAC_up_ref(EVP_MAC *mac);
- void EVP_MAC_free(EVP_MAC *mac);
-
- const char *EVP_MAC_get0_name(const EVP_MAC *mac);
-
- int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]);
- const OSSL_PARAM *EVP_MAC_CTX_settable_params(EVP_MAC_CTX *ctx);
- int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]);
- const OSSL_PARAM *EVP_MAC_CTX_gettable_params(EVP_MAC_CTX *ctx);
-]] \ No newline at end of file
diff --git a/server/resty/openssl/include/evp/md.lua b/server/resty/openssl/include/evp/md.lua
deleted file mode 100644
index 1794ce1..0000000
--- a/server/resty/openssl/include/evp/md.lua
+++ /dev/null
@@ -1,86 +0,0 @@
-local ffi = require "ffi"
-
-require "resty.openssl.include.ossl_typ"
-local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10
-local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER
-local OPENSSL_3X = require("resty.openssl.version").OPENSSL_3X
-
-ffi.cdef [[
- int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
- ENGINE *impl);
- int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d,
- size_t cnt);
- int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
- unsigned int *s);
- const EVP_MD *EVP_get_digestbyname(const char *name);
- int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d,
- size_t cnt);
- int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
- unsigned int *s);
-
- const EVP_MD *EVP_md_null(void);
- // openssl < 3.0
- int EVP_MD_size(const EVP_MD *md);
- int EVP_MD_type(const EVP_MD *md);
-
- typedef void* fake_openssl_md_list_fn(const EVP_MD *ciph, const char *from,
- const char *to, void *x);
- void EVP_MD_do_all_sorted(fake_openssl_md_list_fn*, void *arg);
-
- const EVP_MD *EVP_get_digestbyname(const char *name);
-]]
-
-if OPENSSL_3X then
- require "resty.openssl.include.provider"
-
- ffi.cdef [[
- int EVP_MD_get_size(const EVP_MD *md);
- int EVP_MD_get_type(const EVP_MD *md);
- const OSSL_PROVIDER *EVP_MD_get0_provider(const EVP_MD *md);
-
- EVP_MD *EVP_MD_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
- const char *properties);
-
- typedef void* fake_openssl_md_provided_list_fn(EVP_MD *md, void *arg);
- void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
- fake_openssl_md_provided_list_fn*,
- void *arg);
- int EVP_MD_up_ref(EVP_MD *md);
- void EVP_MD_free(EVP_MD *md);
-
- const char *EVP_MD_get0_name(const EVP_MD *md);
-
- int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]);
- const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx);
- int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]);
- const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx);
- ]]
-end
-
-if OPENSSL_11_OR_LATER then
- ffi.cdef [[
- EVP_MD_CTX *EVP_MD_CTX_new(void);
- void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
- ]]
-elseif OPENSSL_10 then
- ffi.cdef [[
- EVP_MD_CTX *EVP_MD_CTX_create(void);
- void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
-
- // crypto/evp/evp.h
- // only needed for openssl 1.0.x where initializer for HMAC_CTX is not avaiable
- // HACK: renamed from env_md_ctx_st to evp_md_ctx_st to match typedef (lazily)
- // it's an internal struct thus name is not exported so we will be fine
- struct evp_md_ctx_st {
- const EVP_MD *digest;
- ENGINE *engine; /* functional reference if 'digest' is
- * ENGINE-provided */
- unsigned long flags;
- void *md_data;
- /* Public key context for sign/verify */
- EVP_PKEY_CTX *pctx;
- /* Update function: usually copied from EVP_MD */
- int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
- } /* EVP_MD_CTX */ ;
- ]]
-end \ No newline at end of file
diff --git a/server/resty/openssl/include/evp/pkey.lua b/server/resty/openssl/include/evp/pkey.lua
deleted file mode 100644
index ee1a213..0000000
--- a/server/resty/openssl/include/evp/pkey.lua
+++ /dev/null
@@ -1,234 +0,0 @@
-local ffi = require "ffi"
-local C = ffi.C
-
-require "resty.openssl.include.ossl_typ"
-require "resty.openssl.include.evp.md"
-local evp = require("resty.openssl.include.evp")
-local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10
-local OPENSSL_3X = require("resty.openssl.version").OPENSSL_3X
-local BORINGSSL = require("resty.openssl.version").BORINGSSL
-
-ffi.cdef [[
- EVP_PKEY *EVP_PKEY_new(void);
- void EVP_PKEY_free(EVP_PKEY *pkey);
-
- RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
- EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey);
- DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
-
- int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
- // openssl < 3.0
- int EVP_PKEY_base_id(const EVP_PKEY *pkey);
- int EVP_PKEY_size(const EVP_PKEY *pkey);
-
- EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
- EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
- void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
- int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
- int cmd, int p1, void *p2);
- // TODO replace EVP_PKEY_CTX_ctrl with EVP_PKEY_CTX_ctrl_str to reduce
- // some hardcoded macros
- int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
- const char *value);
- int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
- int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
- unsigned char *out, size_t *outlen,
- const unsigned char *in, size_t inlen);
- int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
- int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
- unsigned char *out, size_t *outlen,
- const unsigned char *in, size_t inlen);
-
- int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
- int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
- unsigned char *sig, size_t *siglen,
- const unsigned char *tbs, size_t tbslen);
- int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
- int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
- unsigned char *rout, size_t *routlen,
- const unsigned char *sig, size_t siglen);
-
- EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
- const unsigned char *key, size_t keylen);
- EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e,
- const unsigned char *key, size_t keylen);
-
- int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv,
- size_t *len);
- int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
- size_t *len);
-
- int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
- EVP_PKEY *pkey);
- int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
- unsigned int siglen, EVP_PKEY *pkey);
-
- int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
- const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
- int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret,
- size_t *siglen, const unsigned char *tbs,
- size_t tbslen);
- int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
- const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
- int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
- size_t siglen, const unsigned char *tbs, size_t tbslen);
-
- int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
-
- int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
- int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
- int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
-
- int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
- int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
- int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
- int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
-]]
-
-if OPENSSL_3X then
- require "resty.openssl.include.provider"
-
- ffi.cdef [[
- int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode);
-
- int EVP_PKEY_get_base_id(const EVP_PKEY *pkey);
- int EVP_PKEY_get_size(const EVP_PKEY *pkey);
-
- const OSSL_PROVIDER *EVP_PKEY_get0_provider(const EVP_PKEY *key);
- const OSSL_PROVIDER *EVP_PKEY_CTX_get0_provider(const EVP_PKEY_CTX *ctx);
-
- const OSSL_PARAM *EVP_PKEY_settable_params(const EVP_PKEY *pkey);
- int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[]);
- int EVP_PKEY_get_params(EVP_PKEY *ctx, OSSL_PARAM params[]);
- const OSSL_PARAM *EVP_PKEY_gettable_params(EVP_PKEY *ctx);
- ]]
-end
-
-if OPENSSL_10 then
- ffi.cdef [[
- // crypto/evp/evp.h
- // only needed for openssl 1.0.x where getters are not available
- // needed to get key to extract parameters
- // Note: this struct is trimmed
- struct evp_pkey_st {
- int type;
- int save_type;
- const EVP_PKEY_ASN1_METHOD *ameth;
- ENGINE *engine;
- ENGINE *pmeth_engine;
- union {
- void *ptr;
- struct rsa_st *rsa;
- struct dsa_st *dsa;
- struct dh_st *dh;
- struct ec_key_st *ec;
- } pkey;
- // trimmed
-
- // CRYPTO_REF_COUNT references;
- // CRYPTO_RWLOCK *lock;
- // STACK_OF(X509_ATTRIBUTE) *attributes;
- // int save_parameters;
-
- // struct {
- // EVP_KEYMGMT *keymgmt;
- // void *provkey;
- // } pkeys[10];
- // size_t dirty_cnt_copy;
- };
- ]]
-end
-
-local _M = {}
-
-if OPENSSL_3X or BORINGSSL then
- ffi.cdef [[
- int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
- int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc);
-
- int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits);
- int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
-
- int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad);
- int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len);
-
- int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int pbits);
- ]]
- _M.EVP_PKEY_CTX_set_ec_paramgen_curve_nid = function(pctx, nid)
- return C.EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid)
- end
- _M.EVP_PKEY_CTX_set_ec_param_enc = function(pctx, param_enc)
- return C.EVP_PKEY_CTX_set_ec_param_enc(pctx, param_enc)
- end
-
- _M.EVP_PKEY_CTX_set_rsa_keygen_bits = function(pctx, mbits)
- return C.EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, mbits)
- end
- _M.EVP_PKEY_CTX_set_rsa_keygen_pubexp = function(pctx, pubexp)
- return C.EVP_PKEY_CTX_set_rsa_keygen_pubexp(pctx, pubexp)
- end
-
- _M.EVP_PKEY_CTX_set_rsa_padding = function(pctx, pad)
- return C.EVP_PKEY_CTX_set_rsa_padding(pctx, pad)
- end
- _M.EVP_PKEY_CTX_set_rsa_pss_saltlen = function(pctx, len)
- return C.EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, len)
- end
- _M.EVP_PKEY_CTX_set_dh_paramgen_prime_len = function(pctx, pbits)
- return C.EVP_PKEY_CTX_set_dh_paramgen_prime_len(pctx, pbits)
- end
-
-else
- _M.EVP_PKEY_CTX_set_ec_paramgen_curve_nid = function(pctx, nid)
- return C.EVP_PKEY_CTX_ctrl(pctx,
- evp.EVP_PKEY_EC,
- evp.EVP_PKEY_OP_PARAMGEN + evp.EVP_PKEY_OP_KEYGEN,
- evp.EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID,
- nid, nil)
- end
- _M.EVP_PKEY_CTX_set_ec_param_enc = function(pctx, param_enc)
- return C.EVP_PKEY_CTX_ctrl(pctx,
- evp.EVP_PKEY_EC,
- evp.EVP_PKEY_OP_PARAMGEN + evp.EVP_PKEY_OP_KEYGEN,
- evp.EVP_PKEY_CTRL_EC_PARAM_ENC,
- param_enc, nil)
- end
-
- _M.EVP_PKEY_CTX_set_rsa_keygen_bits = function(pctx, mbits)
- return C.EVP_PKEY_CTX_ctrl(pctx,
- evp.EVP_PKEY_RSA,
- evp.EVP_PKEY_OP_KEYGEN,
- evp.EVP_PKEY_CTRL_RSA_KEYGEN_BITS,
- mbits, nil)
- end
- _M.EVP_PKEY_CTX_set_rsa_keygen_pubexp = function(pctx, pubexp)
- return C.EVP_PKEY_CTX_ctrl(pctx,
- evp.EVP_PKEY_RSA, evp.EVP_PKEY_OP_KEYGEN,
- evp.EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP,
- 0, pubexp)
- end
-
- _M.EVP_PKEY_CTX_set_rsa_padding = function(pctx, pad)
- return C.EVP_PKEY_CTX_ctrl(pctx,
- evp.EVP_PKEY_RSA,
- -1,
- evp.EVP_PKEY_CTRL_RSA_PADDING,
- pad, nil)
- end
- _M.EVP_PKEY_CTX_set_rsa_pss_saltlen = function(pctx, len)
- return C.EVP_PKEY_CTX_ctrl(pctx,
- evp.EVP_PKEY_RSA,
- evp.EVP_PKEY_OP_SIGN + evp.EVP_PKEY_OP_VERIFY,
- evp.EVP_PKEY_CTRL_RSA_PSS_SALTLEN,
- len, nil)
- end
-
- _M.EVP_PKEY_CTX_set_dh_paramgen_prime_len = function(pctx, pbits)
- return C.EVP_PKEY_CTX_ctrl(pctx,
- evp.EVP_PKEY_DH, evp.EVP_PKEY_OP_PARAMGEN,
- evp.EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN,
- pbits, nil)
- end
-end
-
-return _M \ No newline at end of file