aboutsummaryrefslogtreecommitdiffstats
path: root/server/resty/openssl/include/evp
diff options
context:
space:
mode:
Diffstat (limited to 'server/resty/openssl/include/evp')
-rw-r--r--server/resty/openssl/include/evp/cipher.lua123
-rw-r--r--server/resty/openssl/include/evp/kdf.lua148
-rw-r--r--server/resty/openssl/include/evp/mac.lua38
-rw-r--r--server/resty/openssl/include/evp/md.lua86
-rw-r--r--server/resty/openssl/include/evp/pkey.lua234
5 files changed, 629 insertions, 0 deletions
diff --git a/server/resty/openssl/include/evp/cipher.lua b/server/resty/openssl/include/evp/cipher.lua
new file mode 100644
index 0000000..c803766
--- /dev/null
+++ b/server/resty/openssl/include/evp/cipher.lua
@@ -0,0 +1,123 @@
+local ffi = require "ffi"
+
+require "resty.openssl.include.ossl_typ"
+local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10
+local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER
+local OPENSSL_3X = require("resty.openssl.version").OPENSSL_3X
+local BORINGSSL = require("resty.openssl.version").BORINGSSL
+
+ffi.cdef [[
+ // openssl < 3.0
+ int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
+
+ const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
+ const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int *outl, const unsigned char *in, int inl);
+ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int *outl, const unsigned char *in, int inl);
+
+
+ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+ const EVP_CIPHER *cipher, ENGINE *impl,
+ const unsigned char *key,
+ const unsigned char *iv, int enc);
+ int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ int *outl, const unsigned char *in, int inl);
+ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+ int *outl);
+
+ // list functions
+ typedef void* fake_openssl_cipher_list_fn(const EVP_CIPHER *ciph, const char *from,
+ const char *to, void *x);
+ //void EVP_CIPHER_do_all_sorted(fake_openssl_cipher_list_fn*, void *arg);
+ void EVP_CIPHER_do_all_sorted(void (*fn)
+ (const EVP_CIPHER *ciph, const char *from,
+ const char *to, void *x), void *arg);
+ int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
+]]
+
+if BORINGSSL then
+ ffi.cdef [[
+ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+ const uint8_t *salt, const uint8_t *data,
+ size_t data_len, unsigned count, uint8_t *key,
+ uint8_t *iv);
+ ]]
+else
+ ffi.cdef [[
+ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+ const unsigned char *salt,
+ const unsigned char *data, int datal, int count,
+ unsigned char *key, unsigned char *iv);
+ ]]
+end
+
+if OPENSSL_3X then
+ require "resty.openssl.include.provider"
+
+ ffi.cdef [[
+ int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx);
+
+ int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher);
+
+ const OSSL_PROVIDER *EVP_CIPHER_get0_provider(const EVP_CIPHER *cipher);
+ EVP_CIPHER *EVP_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
+ const char *properties);
+
+ typedef void* fake_openssl_cipher_provided_list_fn(EVP_CIPHER *cipher, void *arg);
+ void EVP_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx,
+ fake_openssl_cipher_provided_list_fn*,
+ void *arg);
+ int EVP_CIPHER_up_ref(EVP_CIPHER *cipher);
+ void EVP_CIPHER_free(EVP_CIPHER *cipher);
+
+ const char *EVP_CIPHER_get0_name(const EVP_CIPHER *cipher);
+
+ int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *ctx);
+ ]]
+end
+
+if OPENSSL_11_OR_LATER then
+ ffi.cdef [[
+ EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
+ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c);
+ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c);
+ ]]
+elseif OPENSSL_10 then
+ ffi.cdef [[
+ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
+ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
+
+ // # define EVP_MAX_IV_LENGTH 16
+ // # define EVP_MAX_BLOCK_LENGTH 32
+
+ struct evp_cipher_ctx_st {
+ const EVP_CIPHER *cipher;
+ ENGINE *engine; /* functional reference if 'cipher' is
+ * ENGINE-provided */
+ int encrypt; /* encrypt or decrypt */
+ int buf_len; /* number we have left */
+ unsigned char oiv[16]; /* original iv EVP_MAX_IV_LENGTH */
+ unsigned char iv[16]; /* working iv EVP_MAX_IV_LENGTH */
+ unsigned char buf[32]; /* saved partial block EVP_MAX_BLOCK_LENGTH */
+ int num; /* used by cfb/ofb/ctr mode */
+ void *app_data; /* application stuff */
+ int key_len; /* May change for variable length cipher */
+ unsigned long flags; /* Various flags */
+ void *cipher_data; /* per EVP data */
+ int final_used;
+ int block_mask;
+ unsigned char final[32]; /* possible final block EVP_MAX_BLOCK_LENGTH */
+ } /* EVP_CIPHER_CTX */ ;
+ ]]
+end \ No newline at end of file
diff --git a/server/resty/openssl/include/evp/kdf.lua b/server/resty/openssl/include/evp/kdf.lua
new file mode 100644
index 0000000..1fd408f
--- /dev/null
+++ b/server/resty/openssl/include/evp/kdf.lua
@@ -0,0 +1,148 @@
+local ffi = require "ffi"
+local ffi_cast = ffi.cast
+local C = ffi.C
+
+require "resty.openssl.include.ossl_typ"
+require "resty.openssl.include.evp.md"
+local evp = require("resty.openssl.include.evp")
+local ctypes = require "resty.openssl.auxiliary.ctypes"
+local OPENSSL_3X = require("resty.openssl.version").OPENSSL_3X
+local BORINGSSL = require("resty.openssl.version").BORINGSSL
+
+local void_ptr = ctypes.void_ptr
+
+local _M = {
+ EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND = 0,
+ EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY = 1,
+ EVP_PKEY_HKDEF_MODE_EXPAND_ONLY = 2,
+}
+
+if OPENSSL_3X then
+ require "resty.openssl.include.provider"
+
+ ffi.cdef [[
+ const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf);
+
+ typedef void* fake_openssl_kdf_provided_list_fn(EVP_KDF *kdf, void *arg);
+ void EVP_KDF_do_all_provided(OSSL_LIB_CTX *libctx,
+ fake_openssl_kdf_provided_list_fn*,
+ void *arg);
+ int EVP_KDF_up_ref(EVP_KDF *kdf);
+ void EVP_KDF_free(EVP_KDF *kdf);
+
+ const char *EVP_KDF_get0_name(const EVP_KDF *kdf);
+
+ EVP_KDF *EVP_KDF_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
+ const char *properties);
+ EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf);
+ void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx);
+ void EVP_KDF_CTX_reset(EVP_KDF_CTX *ctx);
+
+ size_t EVP_KDF_CTX_get_kdf_size(EVP_KDF_CTX *ctx);
+ int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen,
+ const OSSL_PARAM params[]);
+
+ int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]);
+ int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_KDF_CTX_gettable_params(const EVP_KDF_CTX *ctx);
+ const OSSL_PARAM *EVP_KDF_CTX_settable_params(const EVP_KDF_CTX *ctx);
+ ]]
+end
+
+if OPENSSL_3X or BORINGSSL then
+ ffi.cdef [[
+ int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx,
+ const unsigned char *sec, int seclen);
+ int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx,
+ const unsigned char *seed, int seedlen);
+
+ int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *ctx,
+ const unsigned char *salt, int saltlen);
+ int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx,
+ const unsigned char *key, int keylen);
+ int EVP_PKEY_CTX_set_hkdf_mode(EVP_PKEY_CTX *ctx, int mode);
+ int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx,
+ const unsigned char *info, int infolen);
+ ]]
+
+ _M.EVP_PKEY_CTX_set_tls1_prf_md = function(pctx, md)
+ return C.EVP_PKEY_CTX_set_tls1_prf_md(pctx, md)
+ end
+ _M.EVP_PKEY_CTX_set1_tls1_prf_secret = function(pctx, sec)
+ return C.EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, #sec)
+ end
+ _M.EVP_PKEY_CTX_add1_tls1_prf_seed = function(pctx, seed)
+ return C.EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, #seed)
+ end
+
+ _M.EVP_PKEY_CTX_set_hkdf_md = function(pctx, md)
+ return C.EVP_PKEY_CTX_set_hkdf_md(pctx, md)
+ end
+ _M.EVP_PKEY_CTX_set1_hkdf_salt = function(pctx, salt)
+ return C.EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, #salt)
+ end
+ _M.EVP_PKEY_CTX_set1_hkdf_key = function(pctx, key)
+ return C.EVP_PKEY_CTX_set1_hkdf_key(pctx, key, #key)
+ end
+ _M.EVP_PKEY_CTX_set_hkdf_mode = function(pctx, mode)
+ return C.EVP_PKEY_CTX_set_hkdf_mode(pctx, mode)
+ end
+ _M.EVP_PKEY_CTX_add1_hkdf_info = function(pctx, info)
+ return C.EVP_PKEY_CTX_add1_hkdf_info(pctx, info, #info)
+ end
+
+else
+ _M.EVP_PKEY_CTX_set_tls1_prf_md = function(pctx, md)
+ return C.EVP_PKEY_CTX_ctrl(pctx, -1,
+ evp.EVP_PKEY_OP_DERIVE,
+ evp.EVP_PKEY_CTRL_TLS_MD,
+ 0, ffi_cast(void_ptr, md))
+ end
+ _M.EVP_PKEY_CTX_set1_tls1_prf_secret = function(pctx, sec)
+ return C.EVP_PKEY_CTX_ctrl(pctx, -1,
+ evp.EVP_PKEY_OP_DERIVE,
+ evp.EVP_PKEY_CTRL_TLS_SECRET,
+ #sec, ffi_cast(void_ptr, sec))
+ end
+ _M.EVP_PKEY_CTX_add1_tls1_prf_seed = function(pctx, seed)
+ return C.EVP_PKEY_CTX_ctrl(pctx, -1,
+ evp.EVP_PKEY_OP_DERIVE,
+ evp.EVP_PKEY_CTRL_TLS_SEED,
+ #seed, ffi_cast(void_ptr, seed))
+ end
+
+ _M.EVP_PKEY_CTX_set_hkdf_md = function(pctx, md)
+ return C.EVP_PKEY_CTX_ctrl(pctx, -1,
+ evp.EVP_PKEY_OP_DERIVE,
+ evp.EVP_PKEY_CTRL_HKDF_MD,
+ 0, ffi_cast(void_ptr, md))
+ end
+ _M.EVP_PKEY_CTX_set1_hkdf_salt = function(pctx, salt)
+ return C.EVP_PKEY_CTX_ctrl(pctx, -1,
+ evp.EVP_PKEY_OP_DERIVE,
+ evp.EVP_PKEY_CTRL_HKDF_SALT,
+ #salt, ffi_cast(void_ptr, salt))
+ end
+ _M.EVP_PKEY_CTX_set1_hkdf_key = function(pctx, key)
+ return C.EVP_PKEY_CTX_ctrl(pctx, -1,
+ evp.EVP_PKEY_OP_DERIVE,
+ evp.EVP_PKEY_CTRL_HKDF_KEY,
+ #key, ffi_cast(void_ptr, key))
+ end
+ _M.EVP_PKEY_CTX_set_hkdf_mode = function(pctx, mode)
+ return C.EVP_PKEY_CTX_ctrl(pctx, -1,
+ evp.EVP_PKEY_OP_DERIVE,
+ evp.EVP_PKEY_CTRL_HKDF_MODE,
+ mode, nil)
+ end
+ _M.EVP_PKEY_CTX_add1_hkdf_info = function(pctx, info)
+ return C.EVP_PKEY_CTX_ctrl(pctx, -1,
+ evp.EVP_PKEY_OP_DERIVE,
+ evp.EVP_PKEY_CTRL_HKDF_INFO,
+ #info, ffi_cast(void_ptr, info))
+ end
+end
+
+return _M \ No newline at end of file
diff --git a/server/resty/openssl/include/evp/mac.lua b/server/resty/openssl/include/evp/mac.lua
new file mode 100644
index 0000000..a831076
--- /dev/null
+++ b/server/resty/openssl/include/evp/mac.lua
@@ -0,0 +1,38 @@
+local ffi = require "ffi"
+
+require "resty.openssl.include.ossl_typ"
+require "resty.openssl.include.provider"
+
+ffi.cdef [[
+ typedef struct evp_mac_st EVP_MAC;
+ typedef struct evp_mac_ctx_st EVP_MAC_CTX;
+
+ EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac);
+ void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx);
+
+ const OSSL_PROVIDER *EVP_MAC_get0_provider(const EVP_MAC *mac);
+ EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
+ const char *properties);
+
+ int EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, size_t keylen,
+ const OSSL_PARAM params[]);
+ int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen);
+ int EVP_MAC_final(EVP_MAC_CTX *ctx,
+ unsigned char *out, size_t *outl, size_t outsize);
+
+ size_t EVP_MAC_CTX_get_mac_size(EVP_MAC_CTX *ctx);
+
+ typedef void* fake_openssl_mac_provided_list_fn(EVP_MAC *mac, void *arg);
+ void EVP_MAC_do_all_provided(OSSL_LIB_CTX *libctx,
+ fake_openssl_mac_provided_list_fn*,
+ void *arg);
+ int EVP_MAC_up_ref(EVP_MAC *mac);
+ void EVP_MAC_free(EVP_MAC *mac);
+
+ const char *EVP_MAC_get0_name(const EVP_MAC *mac);
+
+ int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_MAC_CTX_settable_params(EVP_MAC_CTX *ctx);
+ int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_MAC_CTX_gettable_params(EVP_MAC_CTX *ctx);
+]] \ No newline at end of file
diff --git a/server/resty/openssl/include/evp/md.lua b/server/resty/openssl/include/evp/md.lua
new file mode 100644
index 0000000..1794ce1
--- /dev/null
+++ b/server/resty/openssl/include/evp/md.lua
@@ -0,0 +1,86 @@
+local ffi = require "ffi"
+
+require "resty.openssl.include.ossl_typ"
+local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10
+local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER
+local OPENSSL_3X = require("resty.openssl.version").OPENSSL_3X
+
+ffi.cdef [[
+ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
+ ENGINE *impl);
+ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d,
+ size_t cnt);
+ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
+ unsigned int *s);
+ const EVP_MD *EVP_get_digestbyname(const char *name);
+ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d,
+ size_t cnt);
+ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
+ unsigned int *s);
+
+ const EVP_MD *EVP_md_null(void);
+ // openssl < 3.0
+ int EVP_MD_size(const EVP_MD *md);
+ int EVP_MD_type(const EVP_MD *md);
+
+ typedef void* fake_openssl_md_list_fn(const EVP_MD *ciph, const char *from,
+ const char *to, void *x);
+ void EVP_MD_do_all_sorted(fake_openssl_md_list_fn*, void *arg);
+
+ const EVP_MD *EVP_get_digestbyname(const char *name);
+]]
+
+if OPENSSL_3X then
+ require "resty.openssl.include.provider"
+
+ ffi.cdef [[
+ int EVP_MD_get_size(const EVP_MD *md);
+ int EVP_MD_get_type(const EVP_MD *md);
+ const OSSL_PROVIDER *EVP_MD_get0_provider(const EVP_MD *md);
+
+ EVP_MD *EVP_MD_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
+ const char *properties);
+
+ typedef void* fake_openssl_md_provided_list_fn(EVP_MD *md, void *arg);
+ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
+ fake_openssl_md_provided_list_fn*,
+ void *arg);
+ int EVP_MD_up_ref(EVP_MD *md);
+ void EVP_MD_free(EVP_MD *md);
+
+ const char *EVP_MD_get0_name(const EVP_MD *md);
+
+ int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx);
+ int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx);
+ ]]
+end
+
+if OPENSSL_11_OR_LATER then
+ ffi.cdef [[
+ EVP_MD_CTX *EVP_MD_CTX_new(void);
+ void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
+ ]]
+elseif OPENSSL_10 then
+ ffi.cdef [[
+ EVP_MD_CTX *EVP_MD_CTX_create(void);
+ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
+
+ // crypto/evp/evp.h
+ // only needed for openssl 1.0.x where initializer for HMAC_CTX is not avaiable
+ // HACK: renamed from env_md_ctx_st to evp_md_ctx_st to match typedef (lazily)
+ // it's an internal struct thus name is not exported so we will be fine
+ struct evp_md_ctx_st {
+ const EVP_MD *digest;
+ ENGINE *engine; /* functional reference if 'digest' is
+ * ENGINE-provided */
+ unsigned long flags;
+ void *md_data;
+ /* Public key context for sign/verify */
+ EVP_PKEY_CTX *pctx;
+ /* Update function: usually copied from EVP_MD */
+ int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
+ } /* EVP_MD_CTX */ ;
+ ]]
+end \ No newline at end of file
diff --git a/server/resty/openssl/include/evp/pkey.lua b/server/resty/openssl/include/evp/pkey.lua
new file mode 100644
index 0000000..ee1a213
--- /dev/null
+++ b/server/resty/openssl/include/evp/pkey.lua
@@ -0,0 +1,234 @@
+local ffi = require "ffi"
+local C = ffi.C
+
+require "resty.openssl.include.ossl_typ"
+require "resty.openssl.include.evp.md"
+local evp = require("resty.openssl.include.evp")
+local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10
+local OPENSSL_3X = require("resty.openssl.version").OPENSSL_3X
+local BORINGSSL = require("resty.openssl.version").BORINGSSL
+
+ffi.cdef [[
+ EVP_PKEY *EVP_PKEY_new(void);
+ void EVP_PKEY_free(EVP_PKEY *pkey);
+
+ RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
+ EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey);
+ DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
+
+ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
+ // openssl < 3.0
+ int EVP_PKEY_base_id(const EVP_PKEY *pkey);
+ int EVP_PKEY_size(const EVP_PKEY *pkey);
+
+ EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
+ EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
+ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
+ int cmd, int p1, void *p2);
+ // TODO replace EVP_PKEY_CTX_ctrl with EVP_PKEY_CTX_ctrl_str to reduce
+ // some hardcoded macros
+ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+ const char *value);
+ int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+ unsigned char *out, size_t *outlen,
+ const unsigned char *in, size_t inlen);
+ int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+ unsigned char *out, size_t *outlen,
+ const unsigned char *in, size_t inlen);
+
+ int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+ unsigned char *sig, size_t *siglen,
+ const unsigned char *tbs, size_t tbslen);
+ int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
+ unsigned char *rout, size_t *routlen,
+ const unsigned char *sig, size_t siglen);
+
+ EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
+ const unsigned char *key, size_t keylen);
+ EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e,
+ const unsigned char *key, size_t keylen);
+
+ int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv,
+ size_t *len);
+ int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
+ size_t *len);
+
+ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
+ EVP_PKEY *pkey);
+ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
+ unsigned int siglen, EVP_PKEY *pkey);
+
+ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+ const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret,
+ size_t *siglen, const unsigned char *tbs,
+ size_t tbslen);
+ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+ const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
+ size_t siglen, const unsigned char *tbs, size_t tbslen);
+
+ int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
+
+ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
+ int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+
+ int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+ int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+]]
+
+if OPENSSL_3X then
+ require "resty.openssl.include.provider"
+
+ ffi.cdef [[
+ int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode);
+
+ int EVP_PKEY_get_base_id(const EVP_PKEY *pkey);
+ int EVP_PKEY_get_size(const EVP_PKEY *pkey);
+
+ const OSSL_PROVIDER *EVP_PKEY_get0_provider(const EVP_PKEY *key);
+ const OSSL_PROVIDER *EVP_PKEY_CTX_get0_provider(const EVP_PKEY_CTX *ctx);
+
+ const OSSL_PARAM *EVP_PKEY_settable_params(const EVP_PKEY *pkey);
+ int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[]);
+ int EVP_PKEY_get_params(EVP_PKEY *ctx, OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_PKEY_gettable_params(EVP_PKEY *ctx);
+ ]]
+end
+
+if OPENSSL_10 then
+ ffi.cdef [[
+ // crypto/evp/evp.h
+ // only needed for openssl 1.0.x where getters are not available
+ // needed to get key to extract parameters
+ // Note: this struct is trimmed
+ struct evp_pkey_st {
+ int type;
+ int save_type;
+ const EVP_PKEY_ASN1_METHOD *ameth;
+ ENGINE *engine;
+ ENGINE *pmeth_engine;
+ union {
+ void *ptr;
+ struct rsa_st *rsa;
+ struct dsa_st *dsa;
+ struct dh_st *dh;
+ struct ec_key_st *ec;
+ } pkey;
+ // trimmed
+
+ // CRYPTO_REF_COUNT references;
+ // CRYPTO_RWLOCK *lock;
+ // STACK_OF(X509_ATTRIBUTE) *attributes;
+ // int save_parameters;
+
+ // struct {
+ // EVP_KEYMGMT *keymgmt;
+ // void *provkey;
+ // } pkeys[10];
+ // size_t dirty_cnt_copy;
+ };
+ ]]
+end
+
+local _M = {}
+
+if OPENSSL_3X or BORINGSSL then
+ ffi.cdef [[
+ int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
+ int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc);
+
+ int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits);
+ int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
+
+ int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad);
+ int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len);
+
+ int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int pbits);
+ ]]
+ _M.EVP_PKEY_CTX_set_ec_paramgen_curve_nid = function(pctx, nid)
+ return C.EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid)
+ end
+ _M.EVP_PKEY_CTX_set_ec_param_enc = function(pctx, param_enc)
+ return C.EVP_PKEY_CTX_set_ec_param_enc(pctx, param_enc)
+ end
+
+ _M.EVP_PKEY_CTX_set_rsa_keygen_bits = function(pctx, mbits)
+ return C.EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, mbits)
+ end
+ _M.EVP_PKEY_CTX_set_rsa_keygen_pubexp = function(pctx, pubexp)
+ return C.EVP_PKEY_CTX_set_rsa_keygen_pubexp(pctx, pubexp)
+ end
+
+ _M.EVP_PKEY_CTX_set_rsa_padding = function(pctx, pad)
+ return C.EVP_PKEY_CTX_set_rsa_padding(pctx, pad)
+ end
+ _M.EVP_PKEY_CTX_set_rsa_pss_saltlen = function(pctx, len)
+ return C.EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, len)
+ end
+ _M.EVP_PKEY_CTX_set_dh_paramgen_prime_len = function(pctx, pbits)
+ return C.EVP_PKEY_CTX_set_dh_paramgen_prime_len(pctx, pbits)
+ end
+
+else
+ _M.EVP_PKEY_CTX_set_ec_paramgen_curve_nid = function(pctx, nid)
+ return C.EVP_PKEY_CTX_ctrl(pctx,
+ evp.EVP_PKEY_EC,
+ evp.EVP_PKEY_OP_PARAMGEN + evp.EVP_PKEY_OP_KEYGEN,
+ evp.EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID,
+ nid, nil)
+ end
+ _M.EVP_PKEY_CTX_set_ec_param_enc = function(pctx, param_enc)
+ return C.EVP_PKEY_CTX_ctrl(pctx,
+ evp.EVP_PKEY_EC,
+ evp.EVP_PKEY_OP_PARAMGEN + evp.EVP_PKEY_OP_KEYGEN,
+ evp.EVP_PKEY_CTRL_EC_PARAM_ENC,
+ param_enc, nil)
+ end
+
+ _M.EVP_PKEY_CTX_set_rsa_keygen_bits = function(pctx, mbits)
+ return C.EVP_PKEY_CTX_ctrl(pctx,
+ evp.EVP_PKEY_RSA,
+ evp.EVP_PKEY_OP_KEYGEN,
+ evp.EVP_PKEY_CTRL_RSA_KEYGEN_BITS,
+ mbits, nil)
+ end
+ _M.EVP_PKEY_CTX_set_rsa_keygen_pubexp = function(pctx, pubexp)
+ return C.EVP_PKEY_CTX_ctrl(pctx,
+ evp.EVP_PKEY_RSA, evp.EVP_PKEY_OP_KEYGEN,
+ evp.EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP,
+ 0, pubexp)
+ end
+
+ _M.EVP_PKEY_CTX_set_rsa_padding = function(pctx, pad)
+ return C.EVP_PKEY_CTX_ctrl(pctx,
+ evp.EVP_PKEY_RSA,
+ -1,
+ evp.EVP_PKEY_CTRL_RSA_PADDING,
+ pad, nil)
+ end
+ _M.EVP_PKEY_CTX_set_rsa_pss_saltlen = function(pctx, len)
+ return C.EVP_PKEY_CTX_ctrl(pctx,
+ evp.EVP_PKEY_RSA,
+ evp.EVP_PKEY_OP_SIGN + evp.EVP_PKEY_OP_VERIFY,
+ evp.EVP_PKEY_CTRL_RSA_PSS_SALTLEN,
+ len, nil)
+ end
+
+ _M.EVP_PKEY_CTX_set_dh_paramgen_prime_len = function(pctx, pbits)
+ return C.EVP_PKEY_CTX_ctrl(pctx,
+ evp.EVP_PKEY_DH, evp.EVP_PKEY_OP_PARAMGEN,
+ evp.EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN,
+ pbits, nil)
+ end
+end
+
+return _M \ No newline at end of file