diff --git a/Makefile.in b/Makefile.in index 5de9f8e0..c443f808 100644 --- a/Makefile.in +++ b/Makefile.in @@ -106,14 +106,9 @@ DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(SHELL) $(top_srcdir)/build/mkinstalldirs -CONFIG_HEADER = $(top_builddir)/src/libpki/config.h \ - $(top_builddir)/src/libpki/libpki_enables.h -CONFIG_CLEAN_FILES = src/scripts/libpki-config src/libpki/pki_config.h \ - src/libpki/libpkiv.h contrib/libpki.pc contrib/libpki-inst.xml \ - examples/prqp/Makefile examples/profiles/Makefile \ - examples/token/Makefile examples/url/Makefile \ - examples/crl/Makefile examples/pkcs11/Makefile \ - examples/pkcs12/Makefile examples/fips-mode/Makefile \ +CONFIG_HEADER = $(top_builddir)/src/libpki/libconf/defines.h \ + $(top_builddir)/src/libpki/libconf/features.h +CONFIG_CLEAN_FILES = scripts/libpki-config contrib/libpki-inst.xml \ etc/profile.d/test.xml etc/profile.d/user.xml \ etc/profile.d/server.xml etc/store.d/empty.xml CONFIG_CLEAN_VPATH_FILES = @@ -176,24 +171,13 @@ am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/build/compile \ $(top_srcdir)/build/ltmain.sh $(top_srcdir)/build/missing \ $(top_srcdir)/build/mkinstalldirs \ $(top_srcdir)/contrib/libpki-inst.xml.in \ - $(top_srcdir)/contrib/libpki.pc.in \ $(top_srcdir)/etc/profile.d/server.xml.in \ $(top_srcdir)/etc/profile.d/test.xml.in \ $(top_srcdir)/etc/profile.d/user.xml.in \ $(top_srcdir)/etc/store.d/empty.xml.in \ - $(top_srcdir)/examples/crl/Makefile.in \ - $(top_srcdir)/examples/fips-mode/Makefile.in \ - $(top_srcdir)/examples/pkcs11/Makefile.in \ - $(top_srcdir)/examples/pkcs12/Makefile.in \ - $(top_srcdir)/examples/profiles/Makefile.in \ - $(top_srcdir)/examples/prqp/Makefile.in \ - $(top_srcdir)/examples/token/Makefile.in \ - $(top_srcdir)/examples/url/Makefile.in \ - $(top_srcdir)/src/libpki/config.h.in \ - $(top_srcdir)/src/libpki/libpki_enables.h.in \ - $(top_srcdir)/src/libpki/libpkiv.h.in \ - $(top_srcdir)/src/libpki/pki_config.h.in \ - $(top_srcdir)/src/scripts/libpki-config.in AUTHORS COPYING \ + $(top_srcdir)/scripts/libpki-config.in \ + $(top_srcdir)/src/libpki/libconf/defines.h.in \ + $(top_srcdir)/src/libpki/libconf/features.h.in AUTHORS COPYING \ ChangeLog INSTALL NEWS README.md TODO build/compile \ build/config.guess build/config.sub build/depcomp \ build/install-sh build/ltmain.sh build/missing \ @@ -405,10 +389,6 @@ include_prefix = @include_prefix@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ -kmf_cflags = @kmf_cflags@ -kmf_ldadd = @kmf_ldadd@ -kmf_libflags = @kmf_libflags@ -kmf_prefix = @kmf_prefix@ ldap_cflags = @ldap_cflags@ ldap_ldadd = @ldap_ldadd@ ldap_ldflags = @ldap_ldflags@ @@ -599,54 +579,32 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) $(am__aclocal_m4_deps): -src/libpki/config.h: src/libpki/stamp-h1 - @test -f $@ || rm -f src/libpki/stamp-h1 - @test -f $@ || $(MAKE) $(AM_MAKEFLAGS) src/libpki/stamp-h1 +src/libpki/libconf/defines.h: src/libpki/libconf/stamp-h1 + @test -f $@ || rm -f src/libpki/libconf/stamp-h1 + @test -f $@ || $(MAKE) $(AM_MAKEFLAGS) src/libpki/libconf/stamp-h1 -src/libpki/stamp-h1: $(top_srcdir)/src/libpki/config.h.in $(top_builddir)/config.status - @rm -f src/libpki/stamp-h1 - cd $(top_builddir) && $(SHELL) ./config.status src/libpki/config.h -$(top_srcdir)/src/libpki/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) +src/libpki/libconf/stamp-h1: $(top_srcdir)/src/libpki/libconf/defines.h.in $(top_builddir)/config.status + @rm -f src/libpki/libconf/stamp-h1 + cd $(top_builddir) && $(SHELL) ./config.status src/libpki/libconf/defines.h +$(top_srcdir)/src/libpki/libconf/defines.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) - rm -f src/libpki/stamp-h1 + rm -f src/libpki/libconf/stamp-h1 touch $@ -src/libpki/libpki_enables.h: src/libpki/stamp-h2 - @test -f $@ || rm -f src/libpki/stamp-h2 - @test -f $@ || $(MAKE) $(AM_MAKEFLAGS) src/libpki/stamp-h2 +src/libpki/libconf/features.h: src/libpki/libconf/stamp-h2 + @test -f $@ || rm -f src/libpki/libconf/stamp-h2 + @test -f $@ || $(MAKE) $(AM_MAKEFLAGS) src/libpki/libconf/stamp-h2 -src/libpki/stamp-h2: $(top_srcdir)/src/libpki/libpki_enables.h.in $(top_builddir)/config.status - @rm -f src/libpki/stamp-h2 - cd $(top_builddir) && $(SHELL) ./config.status src/libpki/libpki_enables.h +src/libpki/libconf/stamp-h2: $(top_srcdir)/src/libpki/libconf/features.h.in $(top_builddir)/config.status + @rm -f src/libpki/libconf/stamp-h2 + cd $(top_builddir) && $(SHELL) ./config.status src/libpki/libconf/features.h distclean-hdr: - -rm -f src/libpki/config.h src/libpki/stamp-h1 src/libpki/libpki_enables.h src/libpki/stamp-h2 -src/scripts/libpki-config: $(top_builddir)/config.status $(top_srcdir)/src/scripts/libpki-config.in - cd $(top_builddir) && $(SHELL) ./config.status $@ -src/libpki/pki_config.h: $(top_builddir)/config.status $(top_srcdir)/src/libpki/pki_config.h.in - cd $(top_builddir) && $(SHELL) ./config.status $@ -src/libpki/libpkiv.h: $(top_builddir)/config.status $(top_srcdir)/src/libpki/libpkiv.h.in - cd $(top_builddir) && $(SHELL) ./config.status $@ -contrib/libpki.pc: $(top_builddir)/config.status $(top_srcdir)/contrib/libpki.pc.in + -rm -f src/libpki/libconf/defines.h src/libpki/libconf/stamp-h1 src/libpki/libconf/features.h src/libpki/libconf/stamp-h2 +scripts/libpki-config: $(top_builddir)/config.status $(top_srcdir)/scripts/libpki-config.in cd $(top_builddir) && $(SHELL) ./config.status $@ contrib/libpki-inst.xml: $(top_builddir)/config.status $(top_srcdir)/contrib/libpki-inst.xml.in cd $(top_builddir) && $(SHELL) ./config.status $@ -examples/prqp/Makefile: $(top_builddir)/config.status $(top_srcdir)/examples/prqp/Makefile.in - cd $(top_builddir) && $(SHELL) ./config.status $@ -examples/profiles/Makefile: $(top_builddir)/config.status $(top_srcdir)/examples/profiles/Makefile.in - cd $(top_builddir) && $(SHELL) ./config.status $@ -examples/token/Makefile: $(top_builddir)/config.status $(top_srcdir)/examples/token/Makefile.in - cd $(top_builddir) && $(SHELL) ./config.status $@ -examples/url/Makefile: $(top_builddir)/config.status $(top_srcdir)/examples/url/Makefile.in - cd $(top_builddir) && $(SHELL) ./config.status $@ -examples/crl/Makefile: $(top_builddir)/config.status $(top_srcdir)/examples/crl/Makefile.in - cd $(top_builddir) && $(SHELL) ./config.status $@ -examples/pkcs11/Makefile: $(top_builddir)/config.status $(top_srcdir)/examples/pkcs11/Makefile.in - cd $(top_builddir) && $(SHELL) ./config.status $@ -examples/pkcs12/Makefile: $(top_builddir)/config.status $(top_srcdir)/examples/pkcs12/Makefile.in - cd $(top_builddir) && $(SHELL) ./config.status $@ -examples/fips-mode/Makefile: $(top_builddir)/config.status $(top_srcdir)/examples/fips-mode/Makefile.in - cd $(top_builddir) && $(SHELL) ./config.status $@ etc/profile.d/test.xml: $(top_builddir)/config.status $(top_srcdir)/etc/profile.d/test.xml.in cd $(top_builddir) && $(SHELL) ./config.status $@ etc/profile.d/user.xml: $(top_builddir)/config.status $(top_srcdir)/etc/profile.d/user.xml.in diff --git a/README.md b/README.md index b95dd3f5..42d955a9 100644 --- a/README.md +++ b/README.md @@ -112,7 +112,7 @@ projects related to PKIs. The software will continuosly be updated and used for several other projects including, but not limited to, OpenCA OCSP responder, OpenCA PKI Next Generation, and OpenCA PRQP Server. -- **CableLabs Television Laboratories (Jan 2019 - Now).** +- **CableLabs Television Laboratories (Jan 2019 - Dec 2023).** The CableLabs organization has been supporting the LibPKI project and its evolution (especially the integration of innovative features such as the support for Composite Cryptography and Quantum-Safe algorithms). diff --git a/configure b/configure index 35ce40a5..b0ff316a 100755 --- a/configure +++ b/configure @@ -696,8 +696,8 @@ oqs_ldflags oqs_cflags ENABLE_OQS_FALSE ENABLE_OQS_TRUE -ENABLE_OPENSSL_ENGINE_FALSE -ENABLE_OPENSSL_ENGINE_TRUE +ENABLE_PKCS11_FALSE +ENABLE_PKCS11_TRUE openssl_include openssl_static_libs openssl_ldadd @@ -708,17 +708,15 @@ OPENSSL_CFLAGS PKG_CONFIG_LIBDIR PKG_CONFIG_PATH PKG_CONFIG -openssl_prefix OPENSSL_PREFIX_FALSE OPENSSL_PREFIX_TRUE ENABLE_OPENSSL_FALSE ENABLE_OPENSSL_TRUE -kmf_ldadd -kmf_libflags -kmf_cflags -kmf_prefix -ENABLE_KMF_FALSE -ENABLE_KMF_TRUE +openssl_prefix +WOLFSSL_PREFIX_FALSE +WOLFSSL_PREFIX_TRUE +ENABLE_WOLFSSL_FALSE +ENABLE_WOLFSSL_TRUE resolv_ldadd pg_ldadd pg_ldflags @@ -983,11 +981,11 @@ with_mysql_prefix enable_pg with_pg_prefix enable_dns -enable_kmf -enable_openssl +enable_wolfssl with_openssl_prefix +enable_openssl enable_ecdsa -enable_openssl_engine +enable_pkcs11 enable_oqs enable_oqsprov enable_composite @@ -1661,12 +1659,12 @@ Optional Features: --enable-mysql enable mysql support ( default is yes) --enable-pg enable postgresql support ( default is yes) --enable-dns enable dns support ( default is yes) - --enable-kmf enable kmf crypto for token operations (default is + --enable-wolfssl enable kmf crypto for token operations (default is no) --enable-openssl enable openssl crypto for token operations (default is yes) --enable-ecdsa enable Elliptic Curves DSA support - --enable-openssl-engine enable openssl engine support (yes) + --enable-pkcs11 enable pkcs11 experimental support (no) --enable-oqs enable oqs support (no) --enable-oqsprov enable support for the OQS provider (no) --enable-composite enable openssl composite crypto support (no) @@ -13808,21 +13806,6 @@ fi -# symbolic_build= -# symbolic_start= -# symbolic_end= - -# AC_ARG_ENABLE(symbolic, -# AC_HELP_STRING( [--enable-symbolic], -# [enable the use of -Bsymbolic and -Bsymbolic-functions (default is no)]), -# symbolic_build=$enableval, symbolic_build=no ) - -# if [[ "x$symbolic_build" = "xyes"]] ; then -# symbolic_start="-Bsymbolic -Bsymbolic-functions" -# symbolic_end="-Bno-symbolic" -# fi - - if [ "x$iphone_build" = "xno" ] ; then # Autoupdate added the next two lines to ensure that your configure @@ -17416,15 +17399,53 @@ printf "%s\n" "***** WARNING: DNS URLs are disabled by config option ******" >&6 fi -# Check whether --enable-kmf was given. -if test ${enable_kmf+y} + +# Check whether --enable-wolfssl was given. +if test ${enable_wolfssl+y} then : - enableval=$enable_kmf; enable_kmf=$enableval + enableval=$enable_wolfssl; enable_wolfssl=$enableval else $as_nop - enable_kmf=no + enable_wolfssl=no fi +wolfssl_setup=no + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: enable_wolfssl: ${enable_wolfssl}" >&5 +printf "%s\n" "enable_wolfssl: ${enable_wolfssl}" >&6; } + + if test "${enablewolfssl}" = "yes"; then + ENABLE_WOLFSSL_TRUE= + ENABLE_WOLFSSL_FALSE='#' +else + ENABLE_WOLFSSL_TRUE='#' + ENABLE_WOLFSSL_FALSE= +fi + + if test ! x$wolfssl_prefix = x ; then + WOLFSSL_PREFIX_TRUE= + WOLFSSL_PREFIX_FALSE='#' +else + WOLFSSL_PREFIX_TRUE='#' + WOLFSSL_PREFIX_FALSE= +fi + + + +# Check whether --with-openssl-prefix was given. +if test ${with_openssl_prefix+y} +then : + withval=$with_openssl_prefix; openssl_prefix=$withval +else $as_nop + openssl_prefix= +fi + + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: with openssl-prefix : $openssl_prefix " >&5 +printf "%s\n" "with openssl-prefix : $openssl_prefix " >&6; } + + # Check whether --enable-openssl was given. if test ${enable_openssl+y} then : @@ -17434,20 +17455,8 @@ else $as_nop fi -# if [[ "$myarch" = "solaris" ]] ; then -# if [[ "${enable_kmf}" = "" ]] ; then -# enable_kmf=no -# fi -# else -# # Not on solaris, we disable kmf -# enable_kmf=no -# fi - openssl_setup=no -kmf_setup=no -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: enable_kmf: ${enable_kmf}" >&5 -printf "%s\n" "enable_kmf: ${enable_kmf}" >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: enable_openssl: ${enableopenssl}" >&5 printf "%s\n" "enable_openssl: ${enableopenssl}" >&6; } @@ -17456,94 +17465,10 @@ openssl_ldflags= openssl_ldadd= openssl_include= openssl_setup=no -openssl_engine= openssl_static_libs= openssl_min_ver=0x090909f openssl_pkg_min_ver=0.9.8 - -kmf_prefix= -kmf_cflags= -kmf_ldflags= -kmf_ldadd= -kmf_include= -kmf_setup= - -if ! [ $enable_kmf = "no" ] ; then -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for KMF_Initialize in -lkmf" >&5 -printf %s "checking for KMF_Initialize in -lkmf... " >&6; } -if test ${ac_cv_lib_kmf_KMF_Initialize+y} -then : - printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS -LIBS="-lkmf $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char KMF_Initialize (); -int -main (void) -{ -return KMF_Initialize (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO" -then : - ac_cv_lib_kmf_KMF_Initialize=yes -else $as_nop - ac_cv_lib_kmf_KMF_Initialize=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_kmf_KMF_Initialize" >&5 -printf "%s\n" "$ac_cv_lib_kmf_KMF_Initialize" >&6; } -if test "x$ac_cv_lib_kmf_KMF_Initialize" = xyes -then : - kmf_ldadd=-lkmf -else $as_nop - - enable_kmf=no; - enableopenssl=yes; - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ***WARNING***: Can not setup kmf library correctly, Falling back to OpenSSL!" >&5 -printf "%s\n" "***WARNING***: Can not setup kmf library correctly, Falling back to OpenSSL!" >&6; } - -fi - -fi - - if test "${enable_kmf}" = "yes"; then - ENABLE_KMF_TRUE= - ENABLE_KMF_FALSE='#' -else - ENABLE_KMF_TRUE='#' - ENABLE_KMF_FALSE= -fi - - -if [ "${enable_kmf}" = "yes" ] ; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: crypto package for token operations... KMF" >&5 -printf "%s\n" "crypto package for token operations... KMF" >&6; } - - -printf "%s\n" "#define ENABLE_KMF 1" >>confdefs.h - - kmf_prefix=/usr - kmf_include=/usr/include - kmf_setup=yes - - - - -fi - if test "${enableopenssl}" = "yes"; then ENABLE_OPENSSL_TRUE= ENABLE_OPENSSL_FALSE='#' @@ -18420,34 +18345,34 @@ printf "%s\n" " OPENSSL ldadd: ................... ${openssl_ldadd}" >&6; } ## End of OpenSSL build settings section ## - # Check whether --enable-openssl-engine was given. -if test ${enable_openssl_engine+y} + # Check whether --enable-pkcs11 was given. +if test ${enable_pkcs11+y} then : - enableval=$enable_openssl_engine; case "${enableval}" in - yes) engine=yes ;; - no) engine=no ;; - *) as_fn_error $? "bad value ${engine} for --enable-openssl-engine" "$LINENO" 5 ;; + enableval=$enable_pkcs11; case "${enableval}" in + yes) enable_pkcs11=yes ;; + no) enable_pkcs11=no ;; + *) as_fn_error $? "bad value ${engine} for --enable-pkcs11" "$LINENO" 5 ;; esac else $as_nop - engine=yes + enable_pkcs11=no fi - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: enable engine support : $engine" >&5 -printf "%s\n" "enable engine support : $engine" >&6; } - + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: enable pkcs11 experimental support : $enable_pkcs11" >&5 +printf "%s\n" "enable pkcs11 experimental support : $enable_pkcs11" >&6; } - if [ "$engine" = "yes" ] ; then + if [ "$enable_pkcs11" = "yes" ] ; then -printf "%s\n" "#define HAVE_ENGINE 1" >>confdefs.h +printf "%s\n" "#define HAVE_PKCS11 1" >>confdefs.h fi - if test "${engine}" = "yes"; then - ENABLE_OPENSSL_ENGINE_TRUE= - ENABLE_OPENSSL_ENGINE_FALSE='#' + + if test "${enable_pkcs11}" = "yes"; then + ENABLE_PKCS11_TRUE= + ENABLE_PKCS11_FALSE='#' else - ENABLE_OPENSSL_ENGINE_TRUE='#' - ENABLE_OPENSSL_ENGINE_FALSE= + ENABLE_PKCS11_TRUE='#' + ENABLE_PKCS11_FALSE= fi fi @@ -18718,8 +18643,6 @@ else STATIC_COMPILE_FALSE= fi -ac_config_headers="$ac_config_headers src/libpki/config.h src/libpki/libpki_enables.h" - # Check whether --enable-strict was given. if test ${enable_strict+y} @@ -18731,6 +18654,9 @@ fi +ac_config_headers="$ac_config_headers src/libpki/libconf/defines.h src/libpki/libconf/features.h" + + sys_ldadd= sys_cflags= @@ -18917,7 +18843,7 @@ etc_dir=${prefix}/etc -ac_config_files="$ac_config_files Makefile src/global-vars src/Makefile src/drivers/Makefile src/drivers/openssl/Makefile src/drivers/engine/Makefile src/drivers/pkcs11/Makefile src/drivers/kmf/Makefile src/openssl/composite/Makefile src/openssl/pqc/Makefile src/openssl/Makefile src/io/Makefile src/net/Makefile src/est/Makefile src/scep/Makefile src/cmc/Makefile src/prqp/Makefile src/tools/Makefile src/scripts/libpki-config src/tests/Makefile src/libpki/pki_config.h src/libpki/libpkiv.h contrib/libpki.pc contrib/libpki-inst.xml examples/prqp/Makefile examples/profiles/Makefile examples/token/Makefile examples/url/Makefile examples/crl/Makefile examples/pkcs11/Makefile examples/pkcs12/Makefile examples/fips-mode/Makefile docs/Makefile docs/pkginfo etc/Makefile etc/profile.d/test.xml etc/profile.d/user.xml etc/profile.d/server.xml etc/store.d/empty.xml" +ac_config_files="$ac_config_files Makefile src/global-vars src/Makefile src/crypto/Makefile src/crypto/hsm/Makefile src/crypto/hsm/openssl/Makefile scripts/libpki-config contrib/libpki-inst.xml docs/Makefile docs/pkginfo etc/Makefile etc/profile.d/test.xml etc/profile.d/user.xml etc/profile.d/server.xml etc/store.d/empty.xml" cat >confcache <<\_ACEOF @@ -19093,8 +19019,12 @@ if test -z "${xml2_prefix_TRUE}" && test -z "${xml2_prefix_FALSE}"; then as_fn_error $? "conditional \"xml2_prefix\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${ENABLE_KMF_TRUE}" && test -z "${ENABLE_KMF_FALSE}"; then - as_fn_error $? "conditional \"ENABLE_KMF\" was never defined. +if test -z "${ENABLE_WOLFSSL_TRUE}" && test -z "${ENABLE_WOLFSSL_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_WOLFSSL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WOLFSSL_PREFIX_TRUE}" && test -z "${WOLFSSL_PREFIX_FALSE}"; then + as_fn_error $? "conditional \"WOLFSSL_PREFIX\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${ENABLE_OPENSSL_TRUE}" && test -z "${ENABLE_OPENSSL_FALSE}"; then @@ -19105,8 +19035,8 @@ if test -z "${OPENSSL_PREFIX_TRUE}" && test -z "${OPENSSL_PREFIX_FALSE}"; then as_fn_error $? "conditional \"OPENSSL_PREFIX\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${ENABLE_OPENSSL_ENGINE_TRUE}" && test -z "${ENABLE_OPENSSL_ENGINE_FALSE}"; then - as_fn_error $? "conditional \"ENABLE_OPENSSL_ENGINE\" was never defined. +if test -z "${ENABLE_PKCS11_TRUE}" && test -z "${ENABLE_PKCS11_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_PKCS11\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${ENABLE_OQS_TRUE}" && test -z "${ENABLE_OQS_FALSE}"; then @@ -19997,40 +19927,16 @@ do case $ac_config_target in "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; - "src/libpki/config.h") CONFIG_HEADERS="$CONFIG_HEADERS src/libpki/config.h" ;; - "src/libpki/libpki_enables.h") CONFIG_HEADERS="$CONFIG_HEADERS src/libpki/libpki_enables.h" ;; + "src/libpki/libconf/defines.h") CONFIG_HEADERS="$CONFIG_HEADERS src/libpki/libconf/defines.h" ;; + "src/libpki/libconf/features.h") CONFIG_HEADERS="$CONFIG_HEADERS src/libpki/libconf/features.h" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "src/global-vars") CONFIG_FILES="$CONFIG_FILES src/global-vars" ;; "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; - "src/drivers/Makefile") CONFIG_FILES="$CONFIG_FILES src/drivers/Makefile" ;; - "src/drivers/openssl/Makefile") CONFIG_FILES="$CONFIG_FILES src/drivers/openssl/Makefile" ;; - "src/drivers/engine/Makefile") CONFIG_FILES="$CONFIG_FILES src/drivers/engine/Makefile" ;; - "src/drivers/pkcs11/Makefile") CONFIG_FILES="$CONFIG_FILES src/drivers/pkcs11/Makefile" ;; - "src/drivers/kmf/Makefile") CONFIG_FILES="$CONFIG_FILES src/drivers/kmf/Makefile" ;; - "src/openssl/composite/Makefile") CONFIG_FILES="$CONFIG_FILES src/openssl/composite/Makefile" ;; - "src/openssl/pqc/Makefile") CONFIG_FILES="$CONFIG_FILES src/openssl/pqc/Makefile" ;; - "src/openssl/Makefile") CONFIG_FILES="$CONFIG_FILES src/openssl/Makefile" ;; - "src/io/Makefile") CONFIG_FILES="$CONFIG_FILES src/io/Makefile" ;; - "src/net/Makefile") CONFIG_FILES="$CONFIG_FILES src/net/Makefile" ;; - "src/est/Makefile") CONFIG_FILES="$CONFIG_FILES src/est/Makefile" ;; - "src/scep/Makefile") CONFIG_FILES="$CONFIG_FILES src/scep/Makefile" ;; - "src/cmc/Makefile") CONFIG_FILES="$CONFIG_FILES src/cmc/Makefile" ;; - "src/prqp/Makefile") CONFIG_FILES="$CONFIG_FILES src/prqp/Makefile" ;; - "src/tools/Makefile") CONFIG_FILES="$CONFIG_FILES src/tools/Makefile" ;; - "src/scripts/libpki-config") CONFIG_FILES="$CONFIG_FILES src/scripts/libpki-config" ;; - "src/tests/Makefile") CONFIG_FILES="$CONFIG_FILES src/tests/Makefile" ;; - "src/libpki/pki_config.h") CONFIG_FILES="$CONFIG_FILES src/libpki/pki_config.h" ;; - "src/libpki/libpkiv.h") CONFIG_FILES="$CONFIG_FILES src/libpki/libpkiv.h" ;; - "contrib/libpki.pc") CONFIG_FILES="$CONFIG_FILES contrib/libpki.pc" ;; + "src/crypto/Makefile") CONFIG_FILES="$CONFIG_FILES src/crypto/Makefile" ;; + "src/crypto/hsm/Makefile") CONFIG_FILES="$CONFIG_FILES src/crypto/hsm/Makefile" ;; + "src/crypto/hsm/openssl/Makefile") CONFIG_FILES="$CONFIG_FILES src/crypto/hsm/openssl/Makefile" ;; + "scripts/libpki-config") CONFIG_FILES="$CONFIG_FILES scripts/libpki-config" ;; "contrib/libpki-inst.xml") CONFIG_FILES="$CONFIG_FILES contrib/libpki-inst.xml" ;; - "examples/prqp/Makefile") CONFIG_FILES="$CONFIG_FILES examples/prqp/Makefile" ;; - "examples/profiles/Makefile") CONFIG_FILES="$CONFIG_FILES examples/profiles/Makefile" ;; - "examples/token/Makefile") CONFIG_FILES="$CONFIG_FILES examples/token/Makefile" ;; - "examples/url/Makefile") CONFIG_FILES="$CONFIG_FILES examples/url/Makefile" ;; - "examples/crl/Makefile") CONFIG_FILES="$CONFIG_FILES examples/crl/Makefile" ;; - "examples/pkcs11/Makefile") CONFIG_FILES="$CONFIG_FILES examples/pkcs11/Makefile" ;; - "examples/pkcs12/Makefile") CONFIG_FILES="$CONFIG_FILES examples/pkcs12/Makefile" ;; - "examples/fips-mode/Makefile") CONFIG_FILES="$CONFIG_FILES examples/fips-mode/Makefile" ;; "docs/Makefile") CONFIG_FILES="$CONFIG_FILES docs/Makefile" ;; "docs/pkginfo") CONFIG_FILES="$CONFIG_FILES docs/pkginfo" ;; "etc/Makefile") CONFIG_FILES="$CONFIG_FILES etc/Makefile" ;; diff --git a/configure.ac b/configure.ac index dba2ab0b..543798ef 100644 --- a/configure.ac +++ b/configure.ac @@ -416,22 +416,6 @@ AC_CHECK_LIB(c, calloc, [ AC_MSG_RESULT([no calloc was found]) ] ) -dnl ===== Symbolic and Symbolic Functions ===== - -# symbolic_build= -# symbolic_start= -# symbolic_end= - -# AC_ARG_ENABLE(symbolic, -# AC_HELP_STRING( [--enable-symbolic], -# [enable the use of -Bsymbolic and -Bsymbolic-functions (default is no)]), -# symbolic_build=$enableval, symbolic_build=no ) - -# if [[ "x$symbolic_build" = "xyes"]] ; then -# symbolic_start="-Bsymbolic -Bsymbolic-functions" -# symbolic_end="-Bno-symbolic" -# fi - dnl ===== iPhone build ===== if [[ "x$iphone_build" = "xno" ]] ; then @@ -1176,29 +1160,36 @@ fi dnl ######################### CRYPTO SUPPORT ############################# -AC_ARG_ENABLE( kmf, - AC_HELP_STRING( [--enable-kmf], +dnl ----- WolfSSL ----- + +AC_ARG_ENABLE(wolfssl, + AC_HELP_STRING( [--enable-wolfssl], [enable kmf crypto for token operations (default is no)]), - enable_kmf=$enableval, enable_kmf=no ) + enable_wolfssl=$enableval, enable_wolfssl=no ) + +wolfssl_setup=no + +AC_MSG_RESULT([enable_wolfssl: ${enable_wolfssl}]) + +AM_CONDITIONAL(ENABLE_WOLFSSL, test "${enablewolfssl}" = "yes") +AM_CONDITIONAL(WOLFSSL_PREFIX, test ! x$wolfssl_prefix = x ) + +AC_ARG_WITH( openssl-prefix, + AC_HELP_STRING( [--with-openssl-prefix=DIR], [openssl prefix]), + openssl_prefix=$withval, openssl_prefix= ) +AC_SUBST(openssl_prefix) + +AC_MSG_RESULT([with openssl-prefix : $openssl_prefix ]) + +dnl ----- OpenSSL ----- AC_ARG_ENABLE( openssl, AC_HELP_STRING( [--enable-openssl], [enable openssl crypto for token operations (default is yes)]), enableopenssl=$enableval, enableopenssl=yes ) -# if [[ "$myarch" = "solaris" ]] ; then -# if [[ "${enable_kmf}" = "" ]] ; then -# enable_kmf=no -# fi -# else -# # Not on solaris, we disable kmf -# enable_kmf=no -# fi - openssl_setup=no -kmf_setup=no -AC_MSG_RESULT([enable_kmf: ${enable_kmf}]) AC_MSG_RESULT([enable_openssl: ${enableopenssl}]) dnl Defaults @@ -1207,48 +1198,13 @@ openssl_ldflags= openssl_ldadd= openssl_include= openssl_setup=no -openssl_engine= openssl_static_libs= openssl_min_ver=0x090909f openssl_pkg_min_ver=0.9.8 -dnl activate_ecdsa= - -kmf_prefix= -kmf_cflags= -kmf_ldflags= -kmf_ldadd= -kmf_include= -kmf_setup= - -if ! [[ $enable_kmf = "no" ]] ; then -AC_CHECK_LIB(kmf, KMF_Initialize, - kmf_ldadd=-lkmf, [ - enable_kmf=no; - enableopenssl=yes; - AC_MSG_RESULT([***WARNING***: Can not setup kmf library correctly, Falling back to OpenSSL!])] - ) -fi - -AM_CONDITIONAL(ENABLE_KMF, test "${enable_kmf}" = "yes") - -if [[ "${enable_kmf}" = "yes" ]] ; then - AC_MSG_RESULT([crypto package for token operations... KMF]) - - AC_DEFINE(ENABLE_KMF, 1, [SUN CMS]) - kmf_prefix=/usr - kmf_include=/usr/include - kmf_setup=yes - AC_SUBST(kmf_prefix) - AC_SUBST(kmf_cflags) - AC_SUBST(kmf_libflags) - AC_SUBST(kmf_ldadd) -fi - AM_CONDITIONAL(ENABLE_OPENSSL, test "${enableopenssl}" = "yes") AM_CONDITIONAL(OPENSSL_PREFIX, test ! x$openssl_prefix = x ) -dnl ECDSA support cecks old_cflags=$CFLAGS old_ldflags=$LDFLAGS @@ -1475,22 +1431,21 @@ dnl if ! [[ "x$openssl_setup" = "xyes" ]] ; then ## End of OpenSSL build settings section ## dnl OpenSSL Engine Support - AC_ARG_ENABLE( openssl-engine, - [ --enable-openssl-engine enable openssl engine support (yes)], + AC_ARG_ENABLE(pkcs11, + [ --enable-pkcs11 enable pkcs11 experimental support (no)], [case "${enableval}" in - yes) engine=yes ;; - no) engine=no ;; - *) AC_MSG_ERROR([bad value ${engine} for --enable-openssl-engine]) ;; - esac], [engine=yes]) - - AC_MSG_RESULT([enable engine support : $engine]) + yes) enable_pkcs11=yes ;; + no) enable_pkcs11=no ;; + *) AC_MSG_ERROR([bad value ${engine} for --enable-pkcs11]) ;; + esac], [enable_pkcs11=no]) - dnl AM_CONDITIONAL(HAVE_ENGINE, test x$engine = yes) + AC_MSG_RESULT([enable pkcs11 experimental support : $enable_pkcs11]) - if [[ "$engine" = "yes" ]] ; then - AC_DEFINE(HAVE_ENGINE, 1, [ENGINE]) + if [[ "$enable_pkcs11" = "yes" ]] ; then + AC_DEFINE(HAVE_PKCS11, 1, [PKCS11]) fi - AM_CONDITIONAL(ENABLE_OPENSSL_ENGINE, test "${engine}" = "yes") + + AM_CONDITIONAL(ENABLE_PKCS11, test "${enable_pkcs11}" = "yes") fi dnl ================= Open Quantum Safe - PQ and Composite Crypto LIBRARIES =================== @@ -1661,7 +1616,6 @@ AM_CONDITIONAL(ENABLE_COMPOSITE, test "${composite}" = "yes") dnl ================= OpenSSL Static LIBS (?) ========================= AM_CONDITIONAL(STATIC_COMPILE, test "x$openssl_static_libs" != "x") -AC_CONFIG_HEADER([src/libpki/config.h src/libpki/libpki_enables.h]) AC_ARG_ENABLE(strict, AC_HELP_STRING( [--enable-strict], @@ -1670,6 +1624,8 @@ AC_ARG_ENABLE(strict, dnl ========================== GENERAL COMPILE OPTIONS =============== +AC_CONFIG_HEADER([src/libpki/libconf/defines.h src/libpki/libconf/features.h]) + sys_ldadd= sys_cflags= @@ -1843,35 +1799,36 @@ AC_CONFIG_FILES( Makefile src/global-vars src/Makefile - src/drivers/Makefile - src/drivers/openssl/Makefile - src/drivers/engine/Makefile - src/drivers/pkcs11/Makefile - src/drivers/kmf/Makefile - src/openssl/composite/Makefile - src/openssl/pqc/Makefile - src/openssl/Makefile - src/io/Makefile - src/net/Makefile - src/est/Makefile - src/scep/Makefile - src/cmc/Makefile - src/prqp/Makefile - src/tools/Makefile - src/scripts/libpki-config - src/tests/Makefile - src/libpki/pki_config.h - src/libpki/libpkiv.h - contrib/libpki.pc + src/crypto/Makefile + src/crypto/hsm/Makefile + src/crypto/hsm/openssl/Makefile +dnl src/crypto/hsm/pkcs11/Makefile +dnl src/crypto/composite/Makefile +dnl src/openssl/pqc/Makefile +dnl src/openssl/Makefile +dnl src/utils/io/Makefile +dnl src/utils/net/Makefile +dnl src/pkix/Makefile +dnl src/pkix/est/Makefile +dnl src/pkix/scep/Makefile +dnl src/pkix/cmc/Makefile +dnl src/pkix/prqp/Makefile +dnl src/pkix/prqp/Makefile +dnl src/tools/Makefile + scripts/libpki-config +dnl src/tests/Makefile +dnl include/libpki/libconf/defines.h +dnl include/libpki/libconf/version.h +dnl contrib/libpki.pc contrib/libpki-inst.xml - examples/prqp/Makefile - examples/profiles/Makefile - examples/token/Makefile - examples/url/Makefile - examples/crl/Makefile - examples/pkcs11/Makefile - examples/pkcs12/Makefile - examples/fips-mode/Makefile +dnl examples/prqp/Makefile +dnl examples/profiles/Makefile +dnl examples/token/Makefile +dnl examples/url/Makefile +dnl examples/crl/Makefile +dnl examples/pkcs11/Makefile +dnl examples/pkcs12/Makefile +dnl examples/fips-mode/Makefile docs/Makefile docs/pkginfo etc/Makefile diff --git a/docs/Makefile.in b/docs/Makefile.in index 609a6704..a5bc1383 100644 --- a/docs/Makefile.in +++ b/docs/Makefile.in @@ -99,8 +99,8 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(SHELL) $(top_srcdir)/build/mkinstalldirs -CONFIG_HEADER = $(top_builddir)/src/libpki/config.h \ - $(top_builddir)/src/libpki/libpki_enables.h +CONFIG_HEADER = $(top_builddir)/src/libpki/libconf/defines.h \ + $(top_builddir)/src/libpki/libconf/features.h CONFIG_CLEAN_FILES = pkginfo CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) @@ -284,10 +284,6 @@ include_prefix = @include_prefix@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ -kmf_cflags = @kmf_cflags@ -kmf_ldadd = @kmf_ldadd@ -kmf_libflags = @kmf_libflags@ -kmf_prefix = @kmf_prefix@ ldap_cflags = @ldap_cflags@ ldap_ldadd = @ldap_ldadd@ ldap_ldflags = @ldap_ldflags@ diff --git a/etc/Makefile.in b/etc/Makefile.in index 565881d2..904834b4 100644 --- a/etc/Makefile.in +++ b/etc/Makefile.in @@ -99,8 +99,8 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(SHELL) $(top_srcdir)/build/mkinstalldirs -CONFIG_HEADER = $(top_builddir)/src/libpki/config.h \ - $(top_builddir)/src/libpki/libpki_enables.h +CONFIG_HEADER = $(top_builddir)/src/libpki/libconf/defines.h \ + $(top_builddir)/src/libpki/libconf/features.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) @@ -284,10 +284,6 @@ include_prefix = @include_prefix@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ -kmf_cflags = @kmf_cflags@ -kmf_ldadd = @kmf_ldadd@ -kmf_libflags = @kmf_libflags@ -kmf_prefix = @kmf_prefix@ ldap_cflags = @ldap_cflags@ ldap_ldadd = @ldap_ldadd@ ldap_ldflags = @ldap_ldflags@ diff --git a/src/scripts/libpki-config.in b/scripts/libpki-config.in similarity index 100% rename from src/scripts/libpki-config.in rename to scripts/libpki-config.in diff --git a/src/Makefile.am b/src/Makefile.am index 89113908..b0440936 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -5,13 +5,11 @@ TOP = . include $(TOP)/global-vars -CRYPTO_SRC_PREFIX = openssl - EXTRA_DIST = \ tests # HSMS = $(HSM_SOFTWARE) $(HSM_KMF) $(HSM_OPENSSL_ENGINE) -DRIVERS = drivers +CRYPTO = crypto if LIBPKI_ENABLE_IPHONE TOOLS_AND_TESTS = @@ -19,52 +17,55 @@ else TOOLS_AND_TESTS = tools tests endif -SUBDIRS = $(DRIVERS) $(CRYPTO_SRC_PREFIX) io net est scep cmc prqp . $(TOOLS_AND_TESTS) +# SUBDIRS = crypto x509 utils pkix token . $(TOOLS_AND_TESTS) +SUBDIRS = crypto # x509 utils pkix token . $(TOOLS_AND_TESTS) AM_CPPFLAGS = \ -I$(top_srcdir)/src \ $(COND_INCLUDES) nobase_include_HEADERS = \ - libpki/*.h \ - libpki/net/*.h \ - libpki/io/*.h \ - libpki/est/*.h \ - libpki/scep/*.h \ - libpki/prqp/*.h \ - libpki/cmc/*.h \ - libpki/openssl/*.h \ - libpki/openssl/composite/*.h \ - libpki/openssl/pqc/*.h \ - libpki/drivers/*.h \ - libpki/drivers/openssl/*.h \ - libpki/drivers/engine/*.h \ - libpki/drivers/pkcs11/*.h \ - libpki/drivers/pkcs11/rsa/*.h \ - libpki/drivers/kmf/*.h - -SRCS = \ - banners.c\ - pki_init.c \ - stack.c \ - pki_mem.c \ - pki_cred.c \ - pki_err.c \ - pki_log.c \ - pki_threads_vars.c \ - pki_threads.c \ - token.c \ - token_id.c \ - token_data.c \ - support.c \ - profile.c \ - pki_config.c \ - extensions.c \ - pki_x509.c \ - pki_x509_mem.c \ - pki_x509_mime.c \ - pki_msg_req.c \ - pki_msg_resp.c + libpki/* + +# libpki/net/*.h \ +# libpki/io/*.h \ +# libpki/est/*.h \ +# libpki/scep/*.h \ +# libpki/prqp/*.h \ +# libpki/cmc/*.h \ +# libpki/openssl/*.h \ +# libpki/openssl/composite/*.h \ +# libpki/openssl/pqc/*.h \ +# libpki/drivers/*.h \ +# libpki/drivers/openssl/*.h \ +# libpki/drivers/engine/*.h \ +# libpki/drivers/pkcs11/*.h \ +# libpki/drivers/pkcs11/rsa/*.h \ +# libpki/drivers/kmf/*.h + +SRCS = + +# banners.c\ +# pki_init.c \ +# stack.c \ +# pki_mem.c \ +# pki_cred.c \ +# pki_err.c \ +# pki_log.c \ +# pki_threads_vars.c \ +# pki_threads.c \ +# token.c \ +# token_id.c \ +# token_data.c \ +# support.c \ +# profile.c \ +# pki_config.c \ +# extensions.c \ +# pki_x509.c \ +# pki_x509_mem.c \ +# pki_x509_mime.c \ +# pki_msg_req.c \ +# pki_msg_resp.c lib_LTLIBRARIES = libpki.la @@ -78,15 +79,11 @@ libpki_la_LDFLAGS = \ libpki_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) $(SYSTEM_CFLAGS) libpki_la_LIBADD = \ - $(CRYPTO_SRC_PREFIX)/libpki-openssl.la \ - drivers/libpki-token.la \ - io/libpki-io.la \ - net/libpki-net.la \ - cmc/libpki-cmc.la \ - est/libpki-est.la \ - scep/libpki-scep.la \ - prqp/libpki-prqp.la \ + crypto/libpki-crypto.la \ $(BUILD_LIBPKI_LDADD) -bin_SCRIPTS = scripts/libpki-config +# token/libpki-token.la +# pkix/libpki-pkix.la +# utils/libpki-utils.la +bin_SCRIPTS = scripts/libpki-config \ No newline at end of file diff --git a/src/Makefile.in b/src/Makefile.in index 5f55cd17..9a9bba84 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -103,8 +103,8 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ DIST_COMMON = $(srcdir)/Makefile.am $(nobase_include_HEADERS) \ $(am__DIST_COMMON) mkinstalldirs = $(SHELL) $(top_srcdir)/build/mkinstalldirs -CONFIG_HEADER = $(top_builddir)/src/libpki/config.h \ - $(top_builddir)/src/libpki/libpki_enables.h +CONFIG_HEADER = $(top_builddir)/src/libpki/libconf/defines.h \ + $(top_builddir)/src/libpki/libconf/features.h CONFIG_CLEAN_FILES = global-vars CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; @@ -137,20 +137,8 @@ am__uninstall_files_from_dir = { \ am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \ "$(DESTDIR)$(includedir)" LTLIBRARIES = $(lib_LTLIBRARIES) -libpki_la_DEPENDENCIES = $(CRYPTO_SRC_PREFIX)/libpki-openssl.la \ - drivers/libpki-token.la io/libpki-io.la net/libpki-net.la \ - cmc/libpki-cmc.la est/libpki-est.la scep/libpki-scep.la \ - prqp/libpki-prqp.la -am__objects_1 = libpki_la-banners.lo libpki_la-pki_init.lo \ - libpki_la-stack.lo libpki_la-pki_mem.lo libpki_la-pki_cred.lo \ - libpki_la-pki_err.lo libpki_la-pki_log.lo \ - libpki_la-pki_threads_vars.lo libpki_la-pki_threads.lo \ - libpki_la-token.lo libpki_la-token_id.lo \ - libpki_la-token_data.lo libpki_la-support.lo \ - libpki_la-profile.lo libpki_la-pki_config.lo \ - libpki_la-extensions.lo libpki_la-pki_x509.lo \ - libpki_la-pki_x509_mem.lo libpki_la-pki_x509_mime.lo \ - libpki_la-pki_msg_req.lo libpki_la-pki_msg_resp.lo +libpki_la_DEPENDENCIES = crypto/libpki-crypto.la +am__objects_1 = am_libpki_la_OBJECTS = $(am__objects_1) libpki_la_OBJECTS = $(am_libpki_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) @@ -173,31 +161,7 @@ AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/libpki -depcomp = $(SHELL) $(top_srcdir)/build/depcomp -am__maybe_remake_depfiles = depfiles -am__depfiles_remade = ./$(DEPDIR)/libpki_la-banners.Plo \ - ./$(DEPDIR)/libpki_la-extensions.Plo \ - ./$(DEPDIR)/libpki_la-pki_config.Plo \ - ./$(DEPDIR)/libpki_la-pki_cred.Plo \ - ./$(DEPDIR)/libpki_la-pki_err.Plo \ - ./$(DEPDIR)/libpki_la-pki_init.Plo \ - ./$(DEPDIR)/libpki_la-pki_log.Plo \ - ./$(DEPDIR)/libpki_la-pki_mem.Plo \ - ./$(DEPDIR)/libpki_la-pki_msg_req.Plo \ - ./$(DEPDIR)/libpki_la-pki_msg_resp.Plo \ - ./$(DEPDIR)/libpki_la-pki_threads.Plo \ - ./$(DEPDIR)/libpki_la-pki_threads_vars.Plo \ - ./$(DEPDIR)/libpki_la-pki_x509.Plo \ - ./$(DEPDIR)/libpki_la-pki_x509_mem.Plo \ - ./$(DEPDIR)/libpki_la-pki_x509_mime.Plo \ - ./$(DEPDIR)/libpki_la-profile.Plo \ - ./$(DEPDIR)/libpki_la-stack.Plo \ - ./$(DEPDIR)/libpki_la-support.Plo \ - ./$(DEPDIR)/libpki_la-token.Plo \ - ./$(DEPDIR)/libpki_la-token_data.Plo \ - ./$(DEPDIR)/libpki_la-token_id.Plo -am__mv = mv -f +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/libpki/libconf COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ @@ -257,9 +221,9 @@ am__define_uniq_tagged_files = \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` -DIST_SUBDIRS = drivers openssl io net est scep cmc prqp . tools tests +DIST_SUBDIRS = $(SUBDIRS) am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/global-vars.in \ - $(top_srcdir)/build/depcomp $(top_srcdir)/build/mkinstalldirs + $(top_srcdir)/build/mkinstalldirs DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -444,10 +408,6 @@ include_prefix = @include_prefix@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ -kmf_cflags = @kmf_cflags@ -kmf_ldadd = @kmf_ldadd@ -kmf_libflags = @kmf_libflags@ -kmf_prefix = @kmf_prefix@ ldap_cflags = @ldap_cflags@ ldap_ldadd = @ldap_ldadd@ ldap_ldflags = @ldap_ldflags@ @@ -537,61 +497,63 @@ xml2_ldflags = @xml2_ldflags@ xml2_prefix = @xml2_prefix@ yr = @yr@ TOP = . -CRYPTO_SRC_PREFIX = openssl EXTRA_DIST = \ tests # HSMS = $(HSM_SOFTWARE) $(HSM_KMF) $(HSM_OPENSSL_ENGINE) -DRIVERS = drivers +CRYPTO = crypto @LIBPKI_ENABLE_IPHONE_FALSE@TOOLS_AND_TESTS = tools tests @LIBPKI_ENABLE_IPHONE_TRUE@TOOLS_AND_TESTS = -SUBDIRS = $(DRIVERS) $(CRYPTO_SRC_PREFIX) io net est scep cmc prqp . $(TOOLS_AND_TESTS) + +# SUBDIRS = crypto x509 utils pkix token . $(TOOLS_AND_TESTS) +SUBDIRS = crypto # x509 utils pkix token . $(TOOLS_AND_TESTS) AM_CPPFLAGS = \ -I$(top_srcdir)/src \ $(COND_INCLUDES) nobase_include_HEADERS = \ - libpki/*.h \ - libpki/net/*.h \ - libpki/io/*.h \ - libpki/est/*.h \ - libpki/scep/*.h \ - libpki/prqp/*.h \ - libpki/cmc/*.h \ - libpki/openssl/*.h \ - libpki/openssl/composite/*.h \ - libpki/openssl/pqc/*.h \ - libpki/drivers/*.h \ - libpki/drivers/openssl/*.h \ - libpki/drivers/engine/*.h \ - libpki/drivers/pkcs11/*.h \ - libpki/drivers/pkcs11/rsa/*.h \ - libpki/drivers/kmf/*.h - -SRCS = \ - banners.c\ - pki_init.c \ - stack.c \ - pki_mem.c \ - pki_cred.c \ - pki_err.c \ - pki_log.c \ - pki_threads_vars.c \ - pki_threads.c \ - token.c \ - token_id.c \ - token_data.c \ - support.c \ - profile.c \ - pki_config.c \ - extensions.c \ - pki_x509.c \ - pki_x509_mem.c \ - pki_x509_mime.c \ - pki_msg_req.c \ - pki_msg_resp.c - + libpki/* + + +# libpki/net/*.h \ +# libpki/io/*.h \ +# libpki/est/*.h \ +# libpki/scep/*.h \ +# libpki/prqp/*.h \ +# libpki/cmc/*.h \ +# libpki/openssl/*.h \ +# libpki/openssl/composite/*.h \ +# libpki/openssl/pqc/*.h \ +# libpki/drivers/*.h \ +# libpki/drivers/openssl/*.h \ +# libpki/drivers/engine/*.h \ +# libpki/drivers/pkcs11/*.h \ +# libpki/drivers/pkcs11/rsa/*.h \ +# libpki/drivers/kmf/*.h +SRCS = + +# banners.c\ +# pki_init.c \ +# stack.c \ +# pki_mem.c \ +# pki_cred.c \ +# pki_err.c \ +# pki_log.c \ +# pki_threads_vars.c \ +# pki_threads.c \ +# token.c \ +# token_id.c \ +# token_data.c \ +# support.c \ +# profile.c \ +# pki_config.c \ +# extensions.c \ +# pki_x509.c \ +# pki_x509_mem.c \ +# pki_x509_mime.c \ +# pki_msg_req.c \ +# pki_msg_resp.c lib_LTLIBRARIES = libpki.la libpki_la_SOURCES = $(SRCS) libpki_la_LDFLAGS = \ @@ -601,21 +563,17 @@ libpki_la_LDFLAGS = \ libpki_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) $(SYSTEM_CFLAGS) libpki_la_LIBADD = \ - $(CRYPTO_SRC_PREFIX)/libpki-openssl.la \ - drivers/libpki-token.la \ - io/libpki-io.la \ - net/libpki-net.la \ - cmc/libpki-cmc.la \ - est/libpki-est.la \ - scep/libpki-scep.la \ - prqp/libpki-prqp.la \ + crypto/libpki-crypto.la \ $(BUILD_LIBPKI_LDADD) + +# token/libpki-token.la +# pkix/libpki-pkix.la +# utils/libpki-utils.la bin_SCRIPTS = scripts/libpki-config all: all-recursive .SUFFIXES: -.SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ @@ -727,205 +685,6 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-banners.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-extensions.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-pki_config.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-pki_cred.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-pki_err.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-pki_init.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-pki_log.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-pki_mem.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-pki_msg_req.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-pki_msg_resp.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-pki_threads.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-pki_threads_vars.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-pki_x509.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-pki_x509_mem.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-pki_x509_mime.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-profile.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-stack.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-support.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-token.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-token_data.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_la-token_id.Plo@am__quote@ # am--include-marker - -$(am__depfiles_remade): - @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ - -am--depfiles: $(am__depfiles_remade) - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - -libpki_la-banners.lo: banners.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-banners.lo -MD -MP -MF $(DEPDIR)/libpki_la-banners.Tpo -c -o libpki_la-banners.lo `test -f 'banners.c' || echo '$(srcdir)/'`banners.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-banners.Tpo $(DEPDIR)/libpki_la-banners.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='banners.c' object='libpki_la-banners.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-banners.lo `test -f 'banners.c' || echo '$(srcdir)/'`banners.c - -libpki_la-pki_init.lo: pki_init.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-pki_init.lo -MD -MP -MF $(DEPDIR)/libpki_la-pki_init.Tpo -c -o libpki_la-pki_init.lo `test -f 'pki_init.c' || echo '$(srcdir)/'`pki_init.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-pki_init.Tpo $(DEPDIR)/libpki_la-pki_init.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_init.c' object='libpki_la-pki_init.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-pki_init.lo `test -f 'pki_init.c' || echo '$(srcdir)/'`pki_init.c - -libpki_la-stack.lo: stack.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-stack.lo -MD -MP -MF $(DEPDIR)/libpki_la-stack.Tpo -c -o libpki_la-stack.lo `test -f 'stack.c' || echo '$(srcdir)/'`stack.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-stack.Tpo $(DEPDIR)/libpki_la-stack.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='stack.c' object='libpki_la-stack.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-stack.lo `test -f 'stack.c' || echo '$(srcdir)/'`stack.c - -libpki_la-pki_mem.lo: pki_mem.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-pki_mem.lo -MD -MP -MF $(DEPDIR)/libpki_la-pki_mem.Tpo -c -o libpki_la-pki_mem.lo `test -f 'pki_mem.c' || echo '$(srcdir)/'`pki_mem.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-pki_mem.Tpo $(DEPDIR)/libpki_la-pki_mem.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_mem.c' object='libpki_la-pki_mem.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-pki_mem.lo `test -f 'pki_mem.c' || echo '$(srcdir)/'`pki_mem.c - -libpki_la-pki_cred.lo: pki_cred.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-pki_cred.lo -MD -MP -MF $(DEPDIR)/libpki_la-pki_cred.Tpo -c -o libpki_la-pki_cred.lo `test -f 'pki_cred.c' || echo '$(srcdir)/'`pki_cred.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-pki_cred.Tpo $(DEPDIR)/libpki_la-pki_cred.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_cred.c' object='libpki_la-pki_cred.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-pki_cred.lo `test -f 'pki_cred.c' || echo '$(srcdir)/'`pki_cred.c - -libpki_la-pki_err.lo: pki_err.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-pki_err.lo -MD -MP -MF $(DEPDIR)/libpki_la-pki_err.Tpo -c -o libpki_la-pki_err.lo `test -f 'pki_err.c' || echo '$(srcdir)/'`pki_err.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-pki_err.Tpo $(DEPDIR)/libpki_la-pki_err.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_err.c' object='libpki_la-pki_err.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-pki_err.lo `test -f 'pki_err.c' || echo '$(srcdir)/'`pki_err.c - -libpki_la-pki_log.lo: pki_log.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-pki_log.lo -MD -MP -MF $(DEPDIR)/libpki_la-pki_log.Tpo -c -o libpki_la-pki_log.lo `test -f 'pki_log.c' || echo '$(srcdir)/'`pki_log.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-pki_log.Tpo $(DEPDIR)/libpki_la-pki_log.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_log.c' object='libpki_la-pki_log.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-pki_log.lo `test -f 'pki_log.c' || echo '$(srcdir)/'`pki_log.c - -libpki_la-pki_threads_vars.lo: pki_threads_vars.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-pki_threads_vars.lo -MD -MP -MF $(DEPDIR)/libpki_la-pki_threads_vars.Tpo -c -o libpki_la-pki_threads_vars.lo `test -f 'pki_threads_vars.c' || echo '$(srcdir)/'`pki_threads_vars.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-pki_threads_vars.Tpo $(DEPDIR)/libpki_la-pki_threads_vars.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_threads_vars.c' object='libpki_la-pki_threads_vars.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-pki_threads_vars.lo `test -f 'pki_threads_vars.c' || echo '$(srcdir)/'`pki_threads_vars.c - -libpki_la-pki_threads.lo: pki_threads.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-pki_threads.lo -MD -MP -MF $(DEPDIR)/libpki_la-pki_threads.Tpo -c -o libpki_la-pki_threads.lo `test -f 'pki_threads.c' || echo '$(srcdir)/'`pki_threads.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-pki_threads.Tpo $(DEPDIR)/libpki_la-pki_threads.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_threads.c' object='libpki_la-pki_threads.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-pki_threads.lo `test -f 'pki_threads.c' || echo '$(srcdir)/'`pki_threads.c - -libpki_la-token.lo: token.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-token.lo -MD -MP -MF $(DEPDIR)/libpki_la-token.Tpo -c -o libpki_la-token.lo `test -f 'token.c' || echo '$(srcdir)/'`token.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-token.Tpo $(DEPDIR)/libpki_la-token.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='token.c' object='libpki_la-token.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-token.lo `test -f 'token.c' || echo '$(srcdir)/'`token.c - -libpki_la-token_id.lo: token_id.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-token_id.lo -MD -MP -MF $(DEPDIR)/libpki_la-token_id.Tpo -c -o libpki_la-token_id.lo `test -f 'token_id.c' || echo '$(srcdir)/'`token_id.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-token_id.Tpo $(DEPDIR)/libpki_la-token_id.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='token_id.c' object='libpki_la-token_id.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-token_id.lo `test -f 'token_id.c' || echo '$(srcdir)/'`token_id.c - -libpki_la-token_data.lo: token_data.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-token_data.lo -MD -MP -MF $(DEPDIR)/libpki_la-token_data.Tpo -c -o libpki_la-token_data.lo `test -f 'token_data.c' || echo '$(srcdir)/'`token_data.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-token_data.Tpo $(DEPDIR)/libpki_la-token_data.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='token_data.c' object='libpki_la-token_data.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-token_data.lo `test -f 'token_data.c' || echo '$(srcdir)/'`token_data.c - -libpki_la-support.lo: support.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-support.lo -MD -MP -MF $(DEPDIR)/libpki_la-support.Tpo -c -o libpki_la-support.lo `test -f 'support.c' || echo '$(srcdir)/'`support.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-support.Tpo $(DEPDIR)/libpki_la-support.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='support.c' object='libpki_la-support.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-support.lo `test -f 'support.c' || echo '$(srcdir)/'`support.c - -libpki_la-profile.lo: profile.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-profile.lo -MD -MP -MF $(DEPDIR)/libpki_la-profile.Tpo -c -o libpki_la-profile.lo `test -f 'profile.c' || echo '$(srcdir)/'`profile.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-profile.Tpo $(DEPDIR)/libpki_la-profile.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='profile.c' object='libpki_la-profile.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-profile.lo `test -f 'profile.c' || echo '$(srcdir)/'`profile.c - -libpki_la-pki_config.lo: pki_config.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-pki_config.lo -MD -MP -MF $(DEPDIR)/libpki_la-pki_config.Tpo -c -o libpki_la-pki_config.lo `test -f 'pki_config.c' || echo '$(srcdir)/'`pki_config.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-pki_config.Tpo $(DEPDIR)/libpki_la-pki_config.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_config.c' object='libpki_la-pki_config.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-pki_config.lo `test -f 'pki_config.c' || echo '$(srcdir)/'`pki_config.c - -libpki_la-extensions.lo: extensions.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-extensions.lo -MD -MP -MF $(DEPDIR)/libpki_la-extensions.Tpo -c -o libpki_la-extensions.lo `test -f 'extensions.c' || echo '$(srcdir)/'`extensions.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-extensions.Tpo $(DEPDIR)/libpki_la-extensions.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='extensions.c' object='libpki_la-extensions.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-extensions.lo `test -f 'extensions.c' || echo '$(srcdir)/'`extensions.c - -libpki_la-pki_x509.lo: pki_x509.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-pki_x509.lo -MD -MP -MF $(DEPDIR)/libpki_la-pki_x509.Tpo -c -o libpki_la-pki_x509.lo `test -f 'pki_x509.c' || echo '$(srcdir)/'`pki_x509.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-pki_x509.Tpo $(DEPDIR)/libpki_la-pki_x509.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_x509.c' object='libpki_la-pki_x509.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-pki_x509.lo `test -f 'pki_x509.c' || echo '$(srcdir)/'`pki_x509.c - -libpki_la-pki_x509_mem.lo: pki_x509_mem.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-pki_x509_mem.lo -MD -MP -MF $(DEPDIR)/libpki_la-pki_x509_mem.Tpo -c -o libpki_la-pki_x509_mem.lo `test -f 'pki_x509_mem.c' || echo '$(srcdir)/'`pki_x509_mem.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-pki_x509_mem.Tpo $(DEPDIR)/libpki_la-pki_x509_mem.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_x509_mem.c' object='libpki_la-pki_x509_mem.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-pki_x509_mem.lo `test -f 'pki_x509_mem.c' || echo '$(srcdir)/'`pki_x509_mem.c - -libpki_la-pki_x509_mime.lo: pki_x509_mime.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-pki_x509_mime.lo -MD -MP -MF $(DEPDIR)/libpki_la-pki_x509_mime.Tpo -c -o libpki_la-pki_x509_mime.lo `test -f 'pki_x509_mime.c' || echo '$(srcdir)/'`pki_x509_mime.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-pki_x509_mime.Tpo $(DEPDIR)/libpki_la-pki_x509_mime.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_x509_mime.c' object='libpki_la-pki_x509_mime.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-pki_x509_mime.lo `test -f 'pki_x509_mime.c' || echo '$(srcdir)/'`pki_x509_mime.c - -libpki_la-pki_msg_req.lo: pki_msg_req.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-pki_msg_req.lo -MD -MP -MF $(DEPDIR)/libpki_la-pki_msg_req.Tpo -c -o libpki_la-pki_msg_req.lo `test -f 'pki_msg_req.c' || echo '$(srcdir)/'`pki_msg_req.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-pki_msg_req.Tpo $(DEPDIR)/libpki_la-pki_msg_req.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_msg_req.c' object='libpki_la-pki_msg_req.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-pki_msg_req.lo `test -f 'pki_msg_req.c' || echo '$(srcdir)/'`pki_msg_req.c - -libpki_la-pki_msg_resp.lo: pki_msg_resp.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -MT libpki_la-pki_msg_resp.lo -MD -MP -MF $(DEPDIR)/libpki_la-pki_msg_resp.Tpo -c -o libpki_la-pki_msg_resp.lo `test -f 'pki_msg_resp.c' || echo '$(srcdir)/'`pki_msg_resp.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_la-pki_msg_resp.Tpo $(DEPDIR)/libpki_la-pki_msg_resp.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_msg_resp.c' object='libpki_la-pki_msg_resp.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_la_CFLAGS) $(CFLAGS) -c -o libpki_la-pki_msg_resp.lo `test -f 'pki_msg_resp.c' || echo '$(srcdir)/'`pki_msg_resp.c - mostlyclean-libtool: -rm -f *.lo @@ -1156,27 +915,6 @@ clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-recursive - -rm -f ./$(DEPDIR)/libpki_la-banners.Plo - -rm -f ./$(DEPDIR)/libpki_la-extensions.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_config.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_cred.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_err.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_init.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_log.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_mem.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_msg_req.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_msg_resp.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_threads.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_threads_vars.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_x509.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_x509_mem.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_x509_mime.Plo - -rm -f ./$(DEPDIR)/libpki_la-profile.Plo - -rm -f ./$(DEPDIR)/libpki_la-stack.Plo - -rm -f ./$(DEPDIR)/libpki_la-support.Plo - -rm -f ./$(DEPDIR)/libpki_la-token.Plo - -rm -f ./$(DEPDIR)/libpki_la-token_data.Plo - -rm -f ./$(DEPDIR)/libpki_la-token_id.Plo -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -1222,27 +960,6 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive - -rm -f ./$(DEPDIR)/libpki_la-banners.Plo - -rm -f ./$(DEPDIR)/libpki_la-extensions.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_config.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_cred.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_err.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_init.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_log.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_mem.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_msg_req.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_msg_resp.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_threads.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_threads_vars.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_x509.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_x509_mem.Plo - -rm -f ./$(DEPDIR)/libpki_la-pki_x509_mime.Plo - -rm -f ./$(DEPDIR)/libpki_la-profile.Plo - -rm -f ./$(DEPDIR)/libpki_la-stack.Plo - -rm -f ./$(DEPDIR)/libpki_la-support.Plo - -rm -f ./$(DEPDIR)/libpki_la-token.Plo - -rm -f ./$(DEPDIR)/libpki_la-token_data.Plo - -rm -f ./$(DEPDIR)/libpki_la-token_id.Plo -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -1264,23 +981,22 @@ uninstall-am: uninstall-binSCRIPTS uninstall-libLTLIBRARIES \ .MAKE: $(am__recursive_targets) install-am install-strip -.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ - am--depfiles check check-am clean clean-generic \ - clean-libLTLIBRARIES clean-libtool cscopelist-am ctags \ - ctags-am distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-binSCRIPTS \ - install-data install-data-am install-dvi install-dvi-am \ - install-exec install-exec-am install-html install-html-am \ - install-info install-info-am install-libLTLIBRARIES \ - install-man install-nobase_includeHEADERS install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs installdirs-am \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ - uninstall-binSCRIPTS uninstall-libLTLIBRARIES \ - uninstall-nobase_includeHEADERS +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ + check-am clean clean-generic clean-libLTLIBRARIES \ + clean-libtool cscopelist-am ctags ctags-am distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-binSCRIPTS install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-libLTLIBRARIES install-man \ + install-nobase_includeHEADERS install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags tags-am uninstall uninstall-am uninstall-binSCRIPTS \ + uninstall-libLTLIBRARIES uninstall-nobase_includeHEADERS .PRECIOUS: Makefile diff --git a/src/crypto/Makefile.am b/src/crypto/Makefile.am new file mode 100644 index 00000000..6dced3a7 --- /dev/null +++ b/src/crypto/Makefile.am @@ -0,0 +1,32 @@ +## OpenCA Makefile - by Massimiliano Pala +## (c) 1999-2007 by Massimiliano Pala and OpenCA Project +## All Rights Reserved + +TOP = .. +include $(TOP)/global-vars + +BASE_DEFS = + +SUBDIRS = artifacts composite hsm . + +AM_CPPFLAGS = -I$(TOP) + +SRCS = \ + c_algorithm.c \ + c_digest.c \ + c_hmac.c \ + c_rand.c \ + c_kdf.c \ + c_id.c \ + c_keypair.c \ + c_keyparams.c \ + c_oid.c \ + c_oid_defs.c + + +noinst_LTLIBRARIES = libpki-crypto.la + +libpki_crypto_la_SOURCES = $(SRCS) +libpki_crypto_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) +libpki_crypto_la_LIBADD = $(OBJECTS) + diff --git a/src/drivers/engine/Makefile.in b/src/crypto/Makefile.in similarity index 51% rename from src/drivers/engine/Makefile.in rename to src/crypto/Makefile.in index eeb77295..eca91095 100644 --- a/src/drivers/engine/Makefile.in +++ b/src/crypto/Makefile.in @@ -89,7 +89,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ -subdir = src/drivers/engine +subdir = src/crypto ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ @@ -100,25 +100,28 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(SHELL) $(top_srcdir)/build/mkinstalldirs -CONFIG_HEADER = $(top_builddir)/src/libpki/config.h \ - $(top_builddir)/src/libpki/libpki_enables.h +CONFIG_HEADER = $(top_builddir)/src/libpki/libconf/defines.h \ + $(top_builddir)/src/libpki/libconf/features.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = LTLIBRARIES = $(noinst_LTLIBRARIES) -libpki_token_engine_la_LIBADD = -am__objects_1 = libpki_token_engine_la-engine_hsm.lo \ - libpki_token_engine_la-engine_hsm_pkey.lo \ - libpki_token_engine_la-engine_hsm_obj.lo -am_libpki_token_engine_la_OBJECTS = $(am__objects_1) -libpki_token_engine_la_OBJECTS = $(am_libpki_token_engine_la_OBJECTS) +libpki_crypto_la_DEPENDENCIES = +am__objects_1 = libpki_crypto_la-c_algorithm.lo \ + libpki_crypto_la-c_digest.lo libpki_crypto_la-c_hmac.lo \ + libpki_crypto_la-c_rand.lo libpki_crypto_la-c_kdf.lo \ + libpki_crypto_la-c_id.lo libpki_crypto_la-c_keypair.lo \ + libpki_crypto_la-c_keyparams.lo libpki_crypto_la-c_oid.lo \ + libpki_crypto_la-c_oid_defs.lo +am_libpki_crypto_la_OBJECTS = $(am__objects_1) +libpki_crypto_la_OBJECTS = $(am_libpki_crypto_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = -libpki_token_engine_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ +libpki_crypto_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ - $(libpki_token_engine_la_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ + $(libpki_crypto_la_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \ + -o $@ AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -131,13 +134,19 @@ AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/libpki +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/libpki/libconf depcomp = $(SHELL) $(top_srcdir)/build/depcomp am__maybe_remake_depfiles = depfiles -am__depfiles_remade = \ - ./$(DEPDIR)/libpki_token_engine_la-engine_hsm.Plo \ - ./$(DEPDIR)/libpki_token_engine_la-engine_hsm_obj.Plo \ - ./$(DEPDIR)/libpki_token_engine_la-engine_hsm_pkey.Plo +am__depfiles_remade = ./$(DEPDIR)/libpki_crypto_la-c_algorithm.Plo \ + ./$(DEPDIR)/libpki_crypto_la-c_digest.Plo \ + ./$(DEPDIR)/libpki_crypto_la-c_hmac.Plo \ + ./$(DEPDIR)/libpki_crypto_la-c_id.Plo \ + ./$(DEPDIR)/libpki_crypto_la-c_kdf.Plo \ + ./$(DEPDIR)/libpki_crypto_la-c_keypair.Plo \ + ./$(DEPDIR)/libpki_crypto_la-c_keyparams.Plo \ + ./$(DEPDIR)/libpki_crypto_la-c_oid.Plo \ + ./$(DEPDIR)/libpki_crypto_la-c_oid_defs.Plo \ + ./$(DEPDIR)/libpki_crypto_la-c_rand.Plo am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -157,13 +166,29 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = $(libpki_token_engine_la_SOURCES) -DIST_SOURCES = $(libpki_token_engine_la_SOURCES) +SOURCES = $(libpki_crypto_la_SOURCES) +DIST_SOURCES = $(libpki_crypto_la_SOURCES) +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ + distdir distdir-am am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is @@ -181,9 +206,35 @@ am__define_uniq_tagged_files = \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` +DIST_SUBDIRS = $(SUBDIRS) am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/build/depcomp \ $(top_srcdir)/build/mkinstalldirs DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ @@ -209,7 +260,7 @@ CTAGS = @CTAGS@ CXX = @CXX@ CYGPATH_W = @CYGPATH_W@ DATE = @DATE@ -DEFS = $(OPENCA_DEFS) +DEFS = @DEFS@ DEPDIR = @DEPDIR@ DESTDIR = @DESTDIR@ DIST_NAME = @DIST_NAME@ @@ -342,10 +393,6 @@ include_prefix = @include_prefix@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ -kmf_cflags = @kmf_cflags@ -kmf_ldadd = @kmf_ldadd@ -kmf_libflags = @kmf_libflags@ -kmf_prefix = @kmf_prefix@ ldap_cflags = @ldap_cflags@ ldap_ldadd = @ldap_ldadd@ ldap_ldflags = @ldap_ldflags@ @@ -434,24 +481,27 @@ xml2_ldadd = @xml2_ldadd@ xml2_ldflags = @xml2_ldflags@ xml2_prefix = @xml2_prefix@ yr = @yr@ -TOP = ../.. +TOP = .. BASE_DEFS = -AM_CPPFLAGS = -I$(TOP) \ - $(openssl_cflags) \ - $(libxml2_cflags) \ - $(COND_INCLUDES) - +SUBDIRS = artifacts composite hsm . +AM_CPPFLAGS = -I$(TOP) SRCS = \ - engine_hsm.c \ - engine_hsm_pkey.c \ - engine_hsm_obj.c - - -# noinst_LTLIBRARIES = libpki-token.la -noinst_LTLIBRARIES = libpki-token-engine.la -libpki_token_engine_la_SOURCES = $(SRCS) -libpki_token_engine_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) -all: all-am + c_algorithm.c \ + c_digest.c \ + c_hmac.c \ + c_rand.c \ + c_kdf.c \ + c_id.c \ + c_keypair.c \ + c_keyparams.c \ + c_oid.c \ + c_oid_defs.c + +noinst_LTLIBRARIES = libpki-crypto.la +libpki_crypto_la_SOURCES = $(SRCS) +libpki_crypto_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) +libpki_crypto_la_LIBADD = $(OBJECTS) +all: all-recursive .SUFFIXES: .SUFFIXES: .c .lo .o .obj @@ -464,9 +514,9 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/drivers/engine/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/crypto/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/drivers/engine/Makefile + $(AUTOMAKE) --gnu src/crypto/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -496,8 +546,8 @@ clean-noinstLTLIBRARIES: rm -f $${locs}; \ } -libpki-token-engine.la: $(libpki_token_engine_la_OBJECTS) $(libpki_token_engine_la_DEPENDENCIES) $(EXTRA_libpki_token_engine_la_DEPENDENCIES) - $(AM_V_CCLD)$(libpki_token_engine_la_LINK) $(libpki_token_engine_la_OBJECTS) $(libpki_token_engine_la_LIBADD) $(LIBS) +libpki-crypto.la: $(libpki_crypto_la_OBJECTS) $(libpki_crypto_la_DEPENDENCIES) $(EXTRA_libpki_crypto_la_DEPENDENCIES) + $(AM_V_CCLD)$(libpki_crypto_la_LINK) $(libpki_crypto_la_OBJECTS) $(libpki_crypto_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -505,9 +555,16 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_token_engine_la-engine_hsm.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_token_engine_la-engine_hsm_obj.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_token_engine_la-engine_hsm_pkey.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_crypto_la-c_algorithm.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_crypto_la-c_digest.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_crypto_la-c_hmac.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_crypto_la-c_id.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_crypto_la-c_kdf.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_crypto_la-c_keypair.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_crypto_la-c_keyparams.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_crypto_la-c_oid.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_crypto_la-c_oid_defs.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_crypto_la-c_rand.Plo@am__quote@ # am--include-marker $(am__depfiles_remade): @$(MKDIR_P) $(@D) @@ -539,26 +596,75 @@ am--depfiles: $(am__depfiles_remade) @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< -libpki_token_engine_la-engine_hsm.lo: engine_hsm.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_token_engine_la_CFLAGS) $(CFLAGS) -MT libpki_token_engine_la-engine_hsm.lo -MD -MP -MF $(DEPDIR)/libpki_token_engine_la-engine_hsm.Tpo -c -o libpki_token_engine_la-engine_hsm.lo `test -f 'engine_hsm.c' || echo '$(srcdir)/'`engine_hsm.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_token_engine_la-engine_hsm.Tpo $(DEPDIR)/libpki_token_engine_la-engine_hsm.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='engine_hsm.c' object='libpki_token_engine_la-engine_hsm.lo' libtool=yes @AMDEPBACKSLASH@ +libpki_crypto_la-c_algorithm.lo: c_algorithm.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_crypto_la_CFLAGS) $(CFLAGS) -MT libpki_crypto_la-c_algorithm.lo -MD -MP -MF $(DEPDIR)/libpki_crypto_la-c_algorithm.Tpo -c -o libpki_crypto_la-c_algorithm.lo `test -f 'c_algorithm.c' || echo '$(srcdir)/'`c_algorithm.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_crypto_la-c_algorithm.Tpo $(DEPDIR)/libpki_crypto_la-c_algorithm.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='c_algorithm.c' object='libpki_crypto_la-c_algorithm.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_token_engine_la_CFLAGS) $(CFLAGS) -c -o libpki_token_engine_la-engine_hsm.lo `test -f 'engine_hsm.c' || echo '$(srcdir)/'`engine_hsm.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_crypto_la_CFLAGS) $(CFLAGS) -c -o libpki_crypto_la-c_algorithm.lo `test -f 'c_algorithm.c' || echo '$(srcdir)/'`c_algorithm.c -libpki_token_engine_la-engine_hsm_pkey.lo: engine_hsm_pkey.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_token_engine_la_CFLAGS) $(CFLAGS) -MT libpki_token_engine_la-engine_hsm_pkey.lo -MD -MP -MF $(DEPDIR)/libpki_token_engine_la-engine_hsm_pkey.Tpo -c -o libpki_token_engine_la-engine_hsm_pkey.lo `test -f 'engine_hsm_pkey.c' || echo '$(srcdir)/'`engine_hsm_pkey.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_token_engine_la-engine_hsm_pkey.Tpo $(DEPDIR)/libpki_token_engine_la-engine_hsm_pkey.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='engine_hsm_pkey.c' object='libpki_token_engine_la-engine_hsm_pkey.lo' libtool=yes @AMDEPBACKSLASH@ +libpki_crypto_la-c_digest.lo: c_digest.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_crypto_la_CFLAGS) $(CFLAGS) -MT libpki_crypto_la-c_digest.lo -MD -MP -MF $(DEPDIR)/libpki_crypto_la-c_digest.Tpo -c -o libpki_crypto_la-c_digest.lo `test -f 'c_digest.c' || echo '$(srcdir)/'`c_digest.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_crypto_la-c_digest.Tpo $(DEPDIR)/libpki_crypto_la-c_digest.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='c_digest.c' object='libpki_crypto_la-c_digest.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_token_engine_la_CFLAGS) $(CFLAGS) -c -o libpki_token_engine_la-engine_hsm_pkey.lo `test -f 'engine_hsm_pkey.c' || echo '$(srcdir)/'`engine_hsm_pkey.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_crypto_la_CFLAGS) $(CFLAGS) -c -o libpki_crypto_la-c_digest.lo `test -f 'c_digest.c' || echo '$(srcdir)/'`c_digest.c -libpki_token_engine_la-engine_hsm_obj.lo: engine_hsm_obj.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_token_engine_la_CFLAGS) $(CFLAGS) -MT libpki_token_engine_la-engine_hsm_obj.lo -MD -MP -MF $(DEPDIR)/libpki_token_engine_la-engine_hsm_obj.Tpo -c -o libpki_token_engine_la-engine_hsm_obj.lo `test -f 'engine_hsm_obj.c' || echo '$(srcdir)/'`engine_hsm_obj.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_token_engine_la-engine_hsm_obj.Tpo $(DEPDIR)/libpki_token_engine_la-engine_hsm_obj.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='engine_hsm_obj.c' object='libpki_token_engine_la-engine_hsm_obj.lo' libtool=yes @AMDEPBACKSLASH@ +libpki_crypto_la-c_hmac.lo: c_hmac.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_crypto_la_CFLAGS) $(CFLAGS) -MT libpki_crypto_la-c_hmac.lo -MD -MP -MF $(DEPDIR)/libpki_crypto_la-c_hmac.Tpo -c -o libpki_crypto_la-c_hmac.lo `test -f 'c_hmac.c' || echo '$(srcdir)/'`c_hmac.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_crypto_la-c_hmac.Tpo $(DEPDIR)/libpki_crypto_la-c_hmac.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='c_hmac.c' object='libpki_crypto_la-c_hmac.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_token_engine_la_CFLAGS) $(CFLAGS) -c -o libpki_token_engine_la-engine_hsm_obj.lo `test -f 'engine_hsm_obj.c' || echo '$(srcdir)/'`engine_hsm_obj.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_crypto_la_CFLAGS) $(CFLAGS) -c -o libpki_crypto_la-c_hmac.lo `test -f 'c_hmac.c' || echo '$(srcdir)/'`c_hmac.c + +libpki_crypto_la-c_rand.lo: c_rand.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_crypto_la_CFLAGS) $(CFLAGS) -MT libpki_crypto_la-c_rand.lo -MD -MP -MF $(DEPDIR)/libpki_crypto_la-c_rand.Tpo -c -o libpki_crypto_la-c_rand.lo `test -f 'c_rand.c' || echo '$(srcdir)/'`c_rand.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_crypto_la-c_rand.Tpo $(DEPDIR)/libpki_crypto_la-c_rand.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='c_rand.c' object='libpki_crypto_la-c_rand.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_crypto_la_CFLAGS) $(CFLAGS) -c -o libpki_crypto_la-c_rand.lo `test -f 'c_rand.c' || echo '$(srcdir)/'`c_rand.c + +libpki_crypto_la-c_kdf.lo: c_kdf.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_crypto_la_CFLAGS) $(CFLAGS) -MT libpki_crypto_la-c_kdf.lo -MD -MP -MF $(DEPDIR)/libpki_crypto_la-c_kdf.Tpo -c -o libpki_crypto_la-c_kdf.lo `test -f 'c_kdf.c' || echo '$(srcdir)/'`c_kdf.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_crypto_la-c_kdf.Tpo $(DEPDIR)/libpki_crypto_la-c_kdf.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='c_kdf.c' object='libpki_crypto_la-c_kdf.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_crypto_la_CFLAGS) $(CFLAGS) -c -o libpki_crypto_la-c_kdf.lo `test -f 'c_kdf.c' || echo '$(srcdir)/'`c_kdf.c + +libpki_crypto_la-c_id.lo: c_id.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_crypto_la_CFLAGS) $(CFLAGS) -MT libpki_crypto_la-c_id.lo -MD -MP -MF $(DEPDIR)/libpki_crypto_la-c_id.Tpo -c -o libpki_crypto_la-c_id.lo `test -f 'c_id.c' || echo '$(srcdir)/'`c_id.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_crypto_la-c_id.Tpo $(DEPDIR)/libpki_crypto_la-c_id.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='c_id.c' object='libpki_crypto_la-c_id.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_crypto_la_CFLAGS) $(CFLAGS) -c -o libpki_crypto_la-c_id.lo `test -f 'c_id.c' || echo '$(srcdir)/'`c_id.c + +libpki_crypto_la-c_keypair.lo: c_keypair.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_crypto_la_CFLAGS) $(CFLAGS) -MT libpki_crypto_la-c_keypair.lo -MD -MP -MF $(DEPDIR)/libpki_crypto_la-c_keypair.Tpo -c -o libpki_crypto_la-c_keypair.lo `test -f 'c_keypair.c' || echo '$(srcdir)/'`c_keypair.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_crypto_la-c_keypair.Tpo $(DEPDIR)/libpki_crypto_la-c_keypair.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='c_keypair.c' object='libpki_crypto_la-c_keypair.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_crypto_la_CFLAGS) $(CFLAGS) -c -o libpki_crypto_la-c_keypair.lo `test -f 'c_keypair.c' || echo '$(srcdir)/'`c_keypair.c + +libpki_crypto_la-c_keyparams.lo: c_keyparams.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_crypto_la_CFLAGS) $(CFLAGS) -MT libpki_crypto_la-c_keyparams.lo -MD -MP -MF $(DEPDIR)/libpki_crypto_la-c_keyparams.Tpo -c -o libpki_crypto_la-c_keyparams.lo `test -f 'c_keyparams.c' || echo '$(srcdir)/'`c_keyparams.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_crypto_la-c_keyparams.Tpo $(DEPDIR)/libpki_crypto_la-c_keyparams.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='c_keyparams.c' object='libpki_crypto_la-c_keyparams.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_crypto_la_CFLAGS) $(CFLAGS) -c -o libpki_crypto_la-c_keyparams.lo `test -f 'c_keyparams.c' || echo '$(srcdir)/'`c_keyparams.c + +libpki_crypto_la-c_oid.lo: c_oid.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_crypto_la_CFLAGS) $(CFLAGS) -MT libpki_crypto_la-c_oid.lo -MD -MP -MF $(DEPDIR)/libpki_crypto_la-c_oid.Tpo -c -o libpki_crypto_la-c_oid.lo `test -f 'c_oid.c' || echo '$(srcdir)/'`c_oid.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_crypto_la-c_oid.Tpo $(DEPDIR)/libpki_crypto_la-c_oid.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='c_oid.c' object='libpki_crypto_la-c_oid.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_crypto_la_CFLAGS) $(CFLAGS) -c -o libpki_crypto_la-c_oid.lo `test -f 'c_oid.c' || echo '$(srcdir)/'`c_oid.c + +libpki_crypto_la-c_oid_defs.lo: c_oid_defs.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_crypto_la_CFLAGS) $(CFLAGS) -MT libpki_crypto_la-c_oid_defs.lo -MD -MP -MF $(DEPDIR)/libpki_crypto_la-c_oid_defs.Tpo -c -o libpki_crypto_la-c_oid_defs.lo `test -f 'c_oid_defs.c' || echo '$(srcdir)/'`c_oid_defs.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_crypto_la-c_oid_defs.Tpo $(DEPDIR)/libpki_crypto_la-c_oid_defs.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='c_oid_defs.c' object='libpki_crypto_la-c_oid_defs.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_crypto_la_CFLAGS) $(CFLAGS) -c -o libpki_crypto_la-c_oid_defs.lo `test -f 'c_oid_defs.c' || echo '$(srcdir)/'`c_oid_defs.c mostlyclean-libtool: -rm -f *.lo @@ -566,14 +672,61 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs +# This directory's subdirectories are mostly independent; you can cd +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am +tags: tags-recursive TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ @@ -586,7 +739,7 @@ tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $$unique; \ fi; \ fi -ctags: ctags-am +ctags: ctags-recursive CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) @@ -599,7 +752,7 @@ GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am +cscopelist: cscopelist-recursive cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ @@ -650,19 +803,45 @@ distdir-am: $(DISTFILES) || exit 1; \ fi; \ done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done check-am: all-am -check: check-am +check: check-recursive all-am: Makefile $(LTLIBRARIES) -installdirs: -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am +installdirs: installdirs-recursive +installdirs-am: +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am -installcheck: installcheck-am +installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ @@ -684,113 +863,116 @@ distclean-generic: maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -clean: clean-am +clean: clean-recursive clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ mostlyclean-am -distclean: distclean-am - -rm -f ./$(DEPDIR)/libpki_token_engine_la-engine_hsm.Plo - -rm -f ./$(DEPDIR)/libpki_token_engine_la-engine_hsm_obj.Plo - -rm -f ./$(DEPDIR)/libpki_token_engine_la-engine_hsm_pkey.Plo +distclean: distclean-recursive + -rm -f ./$(DEPDIR)/libpki_crypto_la-c_algorithm.Plo + -rm -f ./$(DEPDIR)/libpki_crypto_la-c_digest.Plo + -rm -f ./$(DEPDIR)/libpki_crypto_la-c_hmac.Plo + -rm -f ./$(DEPDIR)/libpki_crypto_la-c_id.Plo + -rm -f ./$(DEPDIR)/libpki_crypto_la-c_kdf.Plo + -rm -f ./$(DEPDIR)/libpki_crypto_la-c_keypair.Plo + -rm -f ./$(DEPDIR)/libpki_crypto_la-c_keyparams.Plo + -rm -f ./$(DEPDIR)/libpki_crypto_la-c_oid.Plo + -rm -f ./$(DEPDIR)/libpki_crypto_la-c_oid_defs.Plo + -rm -f ./$(DEPDIR)/libpki_crypto_la-c_rand.Plo -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags -dvi: dvi-am +dvi: dvi-recursive dvi-am: -html: html-am +html: html-recursive html-am: -info: info-am +info: info-recursive info-am: install-data-am: -install-dvi: install-dvi-am +install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: -install-html: install-html-am +install-html: install-html-recursive install-html-am: -install-info: install-info-am +install-info: install-info-recursive install-info-am: install-man: -install-pdf: install-pdf-am +install-pdf: install-pdf-recursive install-pdf-am: -install-ps: install-ps-am +install-ps: install-ps-recursive install-ps-am: installcheck-am: -maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/libpki_token_engine_la-engine_hsm.Plo - -rm -f ./$(DEPDIR)/libpki_token_engine_la-engine_hsm_obj.Plo - -rm -f ./$(DEPDIR)/libpki_token_engine_la-engine_hsm_pkey.Plo +maintainer-clean: maintainer-clean-recursive + -rm -f ./$(DEPDIR)/libpki_crypto_la-c_algorithm.Plo + -rm -f ./$(DEPDIR)/libpki_crypto_la-c_digest.Plo + -rm -f ./$(DEPDIR)/libpki_crypto_la-c_hmac.Plo + -rm -f ./$(DEPDIR)/libpki_crypto_la-c_id.Plo + -rm -f ./$(DEPDIR)/libpki_crypto_la-c_kdf.Plo + -rm -f ./$(DEPDIR)/libpki_crypto_la-c_keypair.Plo + -rm -f ./$(DEPDIR)/libpki_crypto_la-c_keyparams.Plo + -rm -f ./$(DEPDIR)/libpki_crypto_la-c_oid.Plo + -rm -f ./$(DEPDIR)/libpki_crypto_la-c_oid_defs.Plo + -rm -f ./$(DEPDIR)/libpki_crypto_la-c_rand.Plo -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic -mostlyclean: mostlyclean-am +mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool -pdf: pdf-am +pdf: pdf-recursive pdf-am: -ps: ps-am +ps: ps-recursive ps-am: uninstall-am: -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \ - clean-generic clean-libtool clean-noinstLTLIBRARIES \ - cscopelist-am ctags ctags-am distclean distclean-compile \ - distclean-generic distclean-libtool distclean-tags distdir dvi \ - dvi-am html html-am info info-am install install-am \ - install-data install-data-am install-dvi install-dvi-am \ - install-exec install-exec-am install-html install-html-am \ - install-info install-info-am install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am +.MAKE: $(am__recursive_targets) install-am install-strip + +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ + am--depfiles check check-am clean clean-generic clean-libtool \ + clean-noinstLTLIBRARIES cscopelist-am ctags ctags-am distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + installdirs-am maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am .PRECIOUS: Makefile include $(TOP)/global-vars -# libpki_token_engine_la_LIBADD = $(BUILD_LIBPKI_LDFLAGS) - -# libpki_token_a_LDFLAGS = -version-info 1:0:0 - -# $(OPENCA_INCLUDE_LIBS) \ -# $(openssl_cflags) $(openssl_libs) - -#pki_token_a_LIBADD = \ -# $(openssl_cflags) $(openssl_libs) \ -# $(libxml2_cflags) $(libxml2_libs) \ -# $(OPENCA_INCLUDE_LIBS) - # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/testing/3gpp/README.md b/src/crypto/artifacts/3gpp/README.md similarity index 100% rename from src/testing/3gpp/README.md rename to src/crypto/artifacts/3gpp/README.md diff --git a/src/testing/Makefile.am b/src/crypto/artifacts/Makefile.am similarity index 81% rename from src/testing/Makefile.am rename to src/crypto/artifacts/Makefile.am index 03e98fb7..c465f332 100644 --- a/src/testing/Makefile.am +++ b/src/crypto/artifacts/Makefile.am @@ -1,5 +1,5 @@ ## OpenCA Makefile - by Massimiliano Pala -## (c) 1999-2014 by Massimiliano Pala and OpenCA Project +## (c) 1999-2024 by Massimiliano Pala and OpenCA Project ## All Rights Reserved TOP = .. @@ -18,6 +18,8 @@ SRCS = \ pki_testing.c \ docsis/test_keys.c \ docsis/test_certs.c + x9f/test_keys.c \ + x9f/test_certs.c noinst_LTLIBRARIES = libpki-testing.la libpki_testing_la_SOURCES = $(SRCS) diff --git a/src/testing/docsis/README.md b/src/crypto/artifacts/docsis/README.md similarity index 100% rename from src/testing/docsis/README.md rename to src/crypto/artifacts/docsis/README.md diff --git a/src/testing/docsis/docsis_test_certs.c b/src/crypto/artifacts/docsis/docsis_test_certs.c similarity index 100% rename from src/testing/docsis/docsis_test_certs.c rename to src/crypto/artifacts/docsis/docsis_test_certs.c diff --git a/src/testing/docsis/docsis_test_keys.c b/src/crypto/artifacts/docsis/docsis_test_keys.c similarity index 100% rename from src/testing/docsis/docsis_test_keys.c rename to src/crypto/artifacts/docsis/docsis_test_keys.c diff --git a/src/testing/matter/README.md b/src/crypto/artifacts/matter/README.md similarity index 100% rename from src/testing/matter/README.md rename to src/crypto/artifacts/matter/README.md diff --git a/src/testing/ocf/README.md b/src/crypto/artifacts/ocf/README.md similarity index 100% rename from src/testing/ocf/README.md rename to src/crypto/artifacts/ocf/README.md diff --git a/src/testing/pki_testing.c b/src/crypto/artifacts/pki_testing.c similarity index 100% rename from src/testing/pki_testing.c rename to src/crypto/artifacts/pki_testing.c diff --git a/src/testing/wba/README.md b/src/crypto/artifacts/wba/README.md similarity index 100% rename from src/testing/wba/README.md rename to src/crypto/artifacts/wba/README.md diff --git a/src/testing/webpki/README.md b/src/crypto/artifacts/webpki/README.md similarity index 100% rename from src/testing/webpki/README.md rename to src/crypto/artifacts/webpki/README.md diff --git a/src/testing/wfa/README.md b/src/crypto/artifacts/wfa/README.md similarity index 100% rename from src/testing/wfa/README.md rename to src/crypto/artifacts/wfa/README.md diff --git a/src/testing/winnforum/README.md b/src/crypto/artifacts/winnforum/README.md similarity index 100% rename from src/testing/winnforum/README.md rename to src/crypto/artifacts/winnforum/README.md diff --git a/src/crypto/artifacts/x9f/README.md b/src/crypto/artifacts/x9f/README.md new file mode 100644 index 00000000..ffb73bae --- /dev/null +++ b/src/crypto/artifacts/x9f/README.md @@ -0,0 +1,4 @@ +# Crypto Test Material for X9F DEV PKI + +Please add the official testing material from the X9F DEV PKI environmet. + diff --git a/src/crypto/artifacts/x9f/x9f_dev_certs.c b/src/crypto/artifacts/x9f/x9f_dev_certs.c new file mode 100644 index 00000000..66debbbd --- /dev/null +++ b/src/crypto/artifacts/x9f/x9f_dev_certs.c @@ -0,0 +1,2 @@ +/* X9F DEV Certificates */ + diff --git a/src/crypto/artifacts/x9f/x9f_dev_keys.c b/src/crypto/artifacts/x9f/x9f_dev_keys.c new file mode 100644 index 00000000..be5b41a7 --- /dev/null +++ b/src/crypto/artifacts/x9f/x9f_dev_keys.c @@ -0,0 +1,2 @@ +/* X9F DEV Test Keys */ + diff --git a/src/openssl/pki_algor.c b/src/crypto/c_algorithm.c similarity index 100% rename from src/openssl/pki_algor.c rename to src/crypto/c_algorithm.c diff --git a/src/openssl/pki_digest.c b/src/crypto/c_digest.c similarity index 85% rename from src/openssl/pki_digest.c rename to src/crypto/c_digest.c index b35ed9f9..073684d1 100644 --- a/src/openssl/pki_digest.c +++ b/src/crypto/c_digest.c @@ -2,10 +2,10 @@ #include -/*! \brief Free the memory associated with a PKI_DIGEST data structure +/*! \brief Free the memory associated with a CRYPTO_DIGEST data structure */ -void PKI_DIGEST_free ( PKI_DIGEST *data ) +void PKI_DIGEST_free ( CRYPTO_DIGEST *data ) { if( !data ) return; @@ -112,18 +112,18 @@ int PKI_DIGEST_new_value(unsigned char ** dst_buf, /*! \brief Calculate digest over data provided in a buffer */ -PKI_DIGEST *PKI_DIGEST_new(const PKI_DIGEST_ALG *alg, +CRYPTO_DIGEST *PKI_DIGEST_new(const PKI_DIGEST_ALG *alg, const unsigned char *data, size_t size ) { // Return Object - PKI_DIGEST *ret = NULL; + CRYPTO_DIGEST *ret = NULL; // Input Checks if (!data || !alg) return NULL; - // Allocates the memory for the return PKI_DIGEST - if ((ret = PKI_Malloc(sizeof(PKI_DIGEST))) != NULL) { + // Allocates the memory for the return CRYPTO_DIGEST + if ((ret = PKI_Malloc(sizeof(CRYPTO_DIGEST))) != NULL) { int dgst_size = 0; @@ -150,7 +150,7 @@ PKI_DIGEST *PKI_DIGEST_new(const PKI_DIGEST_ALG *alg, /*! \brief Calculates a digest over data buffer */ -PKI_DIGEST *PKI_DIGEST_new_by_name(const char *alg_name, +CRYPTO_DIGEST *PKI_DIGEST_new_by_name(const char *alg_name, const unsigned char *data, size_t size ) { @@ -167,11 +167,11 @@ PKI_DIGEST *PKI_DIGEST_new_by_name(const char *alg_name, /*! \brief Calculates a digest over data contained in a PKI_MEM */ -PKI_DIGEST *PKI_DIGEST_MEM_new(const PKI_DIGEST_ALG *alg, const PKI_MEM *data) { +CRYPTO_DIGEST *PKI_DIGEST_MEM_new(const PKI_DIGEST_ALG *alg, const PKI_MEM *data) { return (PKI_DIGEST_new(alg, data->data, data->size )); } -PKI_DIGEST *PKI_DIGEST_MEM_new_by_name(const char *alg_name, +CRYPTO_DIGEST *PKI_DIGEST_MEM_new_by_name(const char *alg_name, const PKI_MEM *data ) { const PKI_DIGEST_ALG *alg; @@ -187,11 +187,11 @@ PKI_DIGEST *PKI_DIGEST_MEM_new_by_name(const char *alg_name, /*! \brief Calculate the digest of data retrieved via a URL */ -PKI_DIGEST *PKI_DIGEST_URL_new(const PKI_DIGEST_ALG *alg, const URL *url ) { +CRYPTO_DIGEST *PKI_DIGEST_URL_new(const PKI_DIGEST_ALG *alg, const URL *url ) { PKI_MEM_STACK * stack = NULL; PKI_MEM *data = NULL; - PKI_DIGEST *ret = NULL; + CRYPTO_DIGEST *ret = NULL; if(( stack = URL_get_data_url( url, 0, 0, NULL )) == NULL ) { /* Error, Can not grab the data */ @@ -217,7 +217,7 @@ PKI_DIGEST *PKI_DIGEST_URL_new(const PKI_DIGEST_ALG *alg, const URL *url ) { return ( ret ); } -PKI_DIGEST *PKI_DIGEST_URL_new_by_name(const char *alg_name, const URL *url) { +CRYPTO_DIGEST *PKI_DIGEST_URL_new_by_name(const char *alg_name, const URL *url) { const PKI_DIGEST_ALG *alg; @@ -261,7 +261,7 @@ int PKI_DIGEST_get_size_by_name(const char *alg_name) { }; /*! \brief Returns the pointer to the calculated digest */ -const unsigned char * PKI_DIGEST_get_value(const PKI_DIGEST *digest) { +const unsigned char * PKI_DIGEST_get_value(const CRYPTO_DIGEST *digest) { // Input Checks if (!digest || !digest->digest || digest->size == 0) @@ -275,7 +275,7 @@ const unsigned char * PKI_DIGEST_get_value(const PKI_DIGEST *digest) { /*! \brief Returns the size of a calculated digest */ -size_t PKI_DIGEST_get_value_size(const PKI_DIGEST *dgst) +size_t PKI_DIGEST_get_value_size(const CRYPTO_DIGEST *dgst) { if (!dgst || !dgst->digest || !dgst->size) return 0; @@ -284,7 +284,7 @@ size_t PKI_DIGEST_get_value_size(const PKI_DIGEST *dgst) /*! \brief Returns the parsed (string) version of the digest content */ -char * PKI_DIGEST_get_parsed(const PKI_DIGEST *digest ) { +char * PKI_DIGEST_get_parsed(const CRYPTO_DIGEST *digest ) { char *ret = NULL; int i = 0; diff --git a/src/openssl/pki_hmac.c b/src/crypto/c_hmac.c similarity index 83% rename from src/openssl/pki_hmac.c rename to src/crypto/c_hmac.c index 3b5340b1..fbb80407 100644 --- a/src/openssl/pki_hmac.c +++ b/src/crypto/c_hmac.c @@ -14,12 +14,12 @@ static inline void HMAC_CTX_free(HMAC_CTX * ctx) { #endif /* - * \brief Allocates and return a new (empty) PKI_HMAC + * \brief Allocates and return a new (empty) CRYPTO_HMAC */ -PKI_HMAC *PKI_HMAC_new_null(void) +CRYPTO_HMAC *PKI_HMAC_new_null(void) { - PKI_HMAC *ret = NULL; - ret = PKI_Malloc(sizeof(PKI_HMAC)); + CRYPTO_HMAC *ret = NULL; + ret = PKI_Malloc(sizeof(CRYPTO_HMAC)); if (ret != NULL) { @@ -39,11 +39,11 @@ PKI_HMAC *PKI_HMAC_new_null(void) } /* - * \brief Allocates and initializes a new PKI_HMAC + * \brief Allocates and initializes a new CRYPTO_HMAC */ -PKI_HMAC *PKI_HMAC_new(unsigned char *key, size_t key_size, PKI_DIGEST_ALG *digest, HSM *hsm) +CRYPTO_HMAC *PKI_HMAC_new(unsigned char *key, size_t key_size, PKI_DIGEST_ALG *digest, HSM *hsm) { - PKI_HMAC *ret = PKI_HMAC_new_null(); + CRYPTO_HMAC *ret = PKI_HMAC_new_null(); if (!ret) return ret; if (PKI_HMAC_init(ret, key, key_size, digest, hsm) != PKI_OK) @@ -56,11 +56,11 @@ PKI_HMAC *PKI_HMAC_new(unsigned char *key, size_t key_size, PKI_DIGEST_ALG *dige } /* - * \brief Allocates and initializes a new PKI_HMAC by using a PKI_MEM to hold the secret key + * \brief Allocates and initializes a new CRYPTO_HMAC by using a PKI_MEM to hold the secret key */ -PKI_HMAC *PKI_HMAC_new_mem(PKI_MEM *key, PKI_DIGEST_ALG *digest, HSM *hsm) +CRYPTO_HMAC *PKI_HMAC_new_mem(PKI_MEM *key, PKI_DIGEST_ALG *digest, HSM *hsm) { - PKI_HMAC *ret = NULL; + CRYPTO_HMAC *ret = NULL; if (!key || !key->data || key->size <= 0) { @@ -85,9 +85,9 @@ PKI_HMAC *PKI_HMAC_new_mem(PKI_MEM *key, PKI_DIGEST_ALG *digest, HSM *hsm) } /* - * \brief Frees the memory associated with a PKI_HMAC + * \brief Frees the memory associated with a CRYPTO_HMAC */ -void PKI_HMAC_free(PKI_HMAC *hmac) +void PKI_HMAC_free(CRYPTO_HMAC *hmac) { if (!hmac) return; @@ -103,7 +103,7 @@ void PKI_HMAC_free(PKI_HMAC *hmac) /* * \brief Initializes the passed hmac to use the passed key and digest algorithm */ -int PKI_HMAC_init(PKI_HMAC *hmac, unsigned char *key, size_t key_size, PKI_DIGEST_ALG *digest, HSM *hsm) +int PKI_HMAC_init(CRYPTO_HMAC *hmac, unsigned char *key, size_t key_size, PKI_DIGEST_ALG *digest, HSM *hsm) { if (!hmac) return PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); @@ -142,7 +142,7 @@ int PKI_HMAC_init(PKI_HMAC *hmac, unsigned char *key, size_t key_size, PKI_DIGES return PKI_OK; } -int PKI_HMAC_update(PKI_HMAC *hmac, unsigned char *data, size_t data_size) +int PKI_HMAC_update(CRYPTO_HMAC *hmac, unsigned char *data, size_t data_size) { #if OPENSSL_VERSION_NUMBER > 0x0090900fL int rv = 0; @@ -150,7 +150,7 @@ int PKI_HMAC_update(PKI_HMAC *hmac, unsigned char *data, size_t data_size) if (!hmac || !hmac->initialized) { - return PKI_ERROR(PKI_ERR_GENERAL, "PKI_HMAC is not initialized"); + return PKI_ERROR(PKI_ERR_GENERAL, "CRYPTO_HMAC is not initialized"); } #if OPENSSL_VERSION_NUMBER > 0x0090900fL @@ -166,7 +166,7 @@ int PKI_HMAC_update(PKI_HMAC *hmac, unsigned char *data, size_t data_size) return PKI_OK; } -int PKI_HMAC_update_mem(PKI_HMAC *hmac, PKI_MEM *data) +int PKI_HMAC_update_mem(CRYPTO_HMAC *hmac, PKI_MEM *data) { if (!hmac || !data || !data->data || data->size <= 0) return PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); @@ -174,7 +174,7 @@ int PKI_HMAC_update_mem(PKI_HMAC *hmac, PKI_MEM *data) return PKI_HMAC_update(hmac, data->data, data->size); } -int PKI_HMAC_finalize(PKI_HMAC *hmac) +int PKI_HMAC_finalize(CRYPTO_HMAC *hmac) { int size = 0; unsigned int verify_size = 0; @@ -223,7 +223,7 @@ int PKI_HMAC_finalize(PKI_HMAC *hmac) /* * \brief Returns a PKI_MEM with the hmac raw value */ -PKI_MEM * PKI_HMAC_get_value(PKI_HMAC *hmac) +PKI_MEM * PKI_HMAC_get_value(CRYPTO_HMAC *hmac) { if (!hmac) return NULL; @@ -234,7 +234,7 @@ PKI_MEM * PKI_HMAC_get_value(PKI_HMAC *hmac) /* * \brief Returns a B64 encoded PKI_MEM for the hmac value */ -PKI_MEM *PKI_HMAC_get_value_b64(PKI_HMAC *hmac) +PKI_MEM *PKI_HMAC_get_value_b64(CRYPTO_HMAC *hmac) { PKI_MEM *ret = NULL; diff --git a/src/openssl/pki_id.c b/src/crypto/c_id.c similarity index 100% rename from src/openssl/pki_id.c rename to src/crypto/c_id.c diff --git a/src/openssl/pki_kdf.c b/src/crypto/c_kdf.c similarity index 100% rename from src/openssl/pki_kdf.c rename to src/crypto/c_kdf.c diff --git a/src/openssl/pki_keypair.c b/src/crypto/c_keypair.c similarity index 99% rename from src/openssl/pki_keypair.c rename to src/crypto/c_keypair.c index 154b9c5d..e6f4b500 100644 --- a/src/openssl/pki_keypair.c +++ b/src/crypto/c_keypair.c @@ -813,11 +813,11 @@ int PKI_X509_KEYPAIR_VALUE_get_size (const PKI_X509_KEYPAIR_VALUE *pKey ) { /*! \brief Returns the (unsigned char *) digest of a pubkey value */ -PKI_DIGEST *PKI_X509_KEYPAIR_VALUE_pub_digest (const PKI_X509_KEYPAIR_VALUE * pkey, +CRYPTO_DIGEST *PKI_X509_KEYPAIR_VALUE_pub_digest (const PKI_X509_KEYPAIR_VALUE * pkey, const PKI_DIGEST_ALG * md) { X509_PUBKEY *xpk = NULL; - PKI_DIGEST * ret = NULL; + CRYPTO_DIGEST * ret = NULL; unsigned char * buf = NULL; int buf_size = 0; @@ -876,7 +876,7 @@ PKI_DIGEST *PKI_X509_KEYPAIR_VALUE_pub_digest (const PKI_X509_KEYPAIR_VALUE * pk /*! \brief Returns the (unsigned char *) digest of the pubkey */ -PKI_DIGEST *PKI_X509_KEYPAIR_pub_digest (const PKI_X509_KEYPAIR *k, +CRYPTO_DIGEST *PKI_X509_KEYPAIR_pub_digest (const PKI_X509_KEYPAIR *k, const PKI_DIGEST_ALG *md) { if( !k || !k->value ) return ( NULL ); diff --git a/src/openssl/pki_keyparams.c b/src/crypto/c_keyparams.c similarity index 100% rename from src/openssl/pki_keyparams.c rename to src/crypto/c_keyparams.c diff --git a/src/openssl/pki_oid.c b/src/crypto/c_oid.c similarity index 100% rename from src/openssl/pki_oid.c rename to src/crypto/c_oid.c diff --git a/src/openssl/pki_oid_defs.c b/src/crypto/c_oid_defs.c similarity index 100% rename from src/openssl/pki_oid_defs.c rename to src/crypto/c_oid_defs.c diff --git a/src/openssl/pki_rand.c b/src/crypto/c_rand.c similarity index 100% rename from src/openssl/pki_rand.c rename to src/crypto/c_rand.c diff --git a/src/openssl/composite/Makefile.am b/src/crypto/composite/Makefile.am similarity index 100% rename from src/openssl/composite/Makefile.am rename to src/crypto/composite/Makefile.am diff --git a/src/openssl/composite/Makefile.in b/src/crypto/composite/Makefile.in similarity index 100% rename from src/openssl/composite/Makefile.in rename to src/crypto/composite/Makefile.in diff --git a/src/openssl/composite/composite_ameth.c b/src/crypto/composite/composite_ameth.c similarity index 100% rename from src/openssl/composite/composite_ameth.c rename to src/crypto/composite/composite_ameth.c diff --git a/src/openssl/composite/composite_ameth_lcl.h b/src/crypto/composite/composite_ameth_lcl.h similarity index 100% rename from src/openssl/composite/composite_ameth_lcl.h rename to src/crypto/composite/composite_ameth_lcl.h diff --git a/src/openssl/composite/composite_ctx.c b/src/crypto/composite/composite_ctx.c similarity index 100% rename from src/openssl/composite/composite_ctx.c rename to src/crypto/composite/composite_ctx.c diff --git a/src/openssl/composite/composite_err.c b/src/crypto/composite/composite_err.c similarity index 100% rename from src/openssl/composite/composite_err.c rename to src/crypto/composite/composite_err.c diff --git a/src/openssl/composite/composite_init.c b/src/crypto/composite/composite_init.c similarity index 100% rename from src/openssl/composite/composite_init.c rename to src/crypto/composite/composite_init.c diff --git a/src/openssl/composite/composite_key.c b/src/crypto/composite/composite_key.c similarity index 100% rename from src/openssl/composite/composite_key.c rename to src/crypto/composite/composite_key.c diff --git a/src/openssl/composite/composite_ossl_lcl.h b/src/crypto/composite/composite_ossl_lcl.h similarity index 100% rename from src/openssl/composite/composite_ossl_lcl.h rename to src/crypto/composite/composite_ossl_lcl.h diff --git a/src/openssl/composite/composite_pmeth.c b/src/crypto/composite/composite_pmeth.c similarity index 100% rename from src/openssl/composite/composite_pmeth.c rename to src/crypto/composite/composite_pmeth.c diff --git a/src/openssl/composite/composite_utils.c b/src/crypto/composite/composite_utils.c similarity index 100% rename from src/openssl/composite/composite_utils.c rename to src/crypto/composite/composite_utils.c diff --git a/src/crypto/hsm/Makefile.am b/src/crypto/hsm/Makefile.am new file mode 100644 index 00000000..b6dc52d0 --- /dev/null +++ b/src/crypto/hsm/Makefile.am @@ -0,0 +1,54 @@ +## OpenCA Makefile - by Massimiliano Pala +## (c) 1999-2007 by Massimiliano Pala and OpenCA Project +## All Rights Reserved + +TOP = .. +include $(TOP)/global-vars + +BASE_DEFS = + +if ENABLE_OPENSSL +OSSL_SUBDIRS = openssl +OSSL_SOFTWARE_OBJ = openssl/libpki-hsm-openssl.la +else +OSSL_SUBDIRS = +OSSL_SOFTWARE_OBJ = +endif + +if ENABLE_WOLFSSL +# HSM_SOFTWARE = wolfssl +# HSM_SOFTWARE_OBJ = $(top_builddir)/src/drivers/wolfssl/libpki-token-wolfssl.la +WOLFSSL_SUBDIRS = wolfssl +WOLFSSL_SOFTWARE_OBJ = wolfssl/libpki-hsm-wolfssl.la +else +WOLFSSL_SUBDIRS = +WOLFSSL_SOFTWARE_OBJ = +endif + +if ENABLE_PKCS11 +PKCS11_SUBDIRS = pkcs11 +PKCS11_SOFTWARE_OBJ = pkcs11/libpki-hsm-pkcs11.la +else +PKCS11_SUBDIRS = +PKCS11_SOFTWARE_OBJ = +endif + +HSMS = $(OSSL_SOFTWARE_OBJ) $(WOLFSSL_SOFTWARE_OBJ) $(PKCS11_SOFTWARE_OBJ) +OBJECTS = $(HSM_SOFTWARE_OBJ) $(HSM_PKCS11_OBJ) + +SUBDIRS = $(OSSL_SUBDIRS) $(WOLFSSL_SUBDIRS) $(PKCS11_SUBDIRS) . + +AM_CPPFLAGS = -I$(TOP) + +SRCS = \ + hsm_main.c \ + hsm_slot.c \ + hsm_keypair.c + + +noinst_LTLIBRARIES = libpki-hsm.la + +libpki_hsm_la_SOURCES = $(SRCS) +libpki_hsm_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) +libpki_hsm_la_LIBADD = $(OBJECTS) + diff --git a/src/drivers/Makefile.in b/src/crypto/hsm/Makefile.in similarity index 85% rename from src/drivers/Makefile.in rename to src/crypto/hsm/Makefile.in index 9fef7e56..9334f365 100644 --- a/src/drivers/Makefile.in +++ b/src/crypto/hsm/Makefile.in @@ -89,7 +89,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ -subdir = src/drivers +subdir = src/crypto/hsm ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ @@ -100,24 +100,24 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(SHELL) $(top_srcdir)/build/mkinstalldirs -CONFIG_HEADER = $(top_builddir)/src/libpki/config.h \ - $(top_builddir)/src/libpki/libpki_enables.h +CONFIG_HEADER = $(top_builddir)/src/libpki/libconf/defines.h \ + $(top_builddir)/src/libpki/libconf/features.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = LTLIBRARIES = $(noinst_LTLIBRARIES) -libpki_token_la_DEPENDENCIES = $(OBJECTS) -am__objects_1 = libpki_token_la-hsm_main.lo \ - libpki_token_la-hsm_slot.lo libpki_token_la-hsm_keypair.lo -am_libpki_token_la_OBJECTS = $(am__objects_1) -libpki_token_la_OBJECTS = $(am_libpki_token_la_OBJECTS) +am__DEPENDENCIES_1 = +libpki_hsm_la_DEPENDENCIES = $(am__DEPENDENCIES_1) +am__objects_1 = libpki_hsm_la-hsm_main.lo libpki_hsm_la-hsm_slot.lo \ + libpki_hsm_la-hsm_keypair.lo +am_libpki_hsm_la_OBJECTS = $(am__objects_1) +libpki_hsm_la_OBJECTS = $(am_libpki_hsm_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = -libpki_token_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ - $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ - $(libpki_token_la_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \ - -o $@ +libpki_hsm_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libpki_hsm_la_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -130,12 +130,12 @@ AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/libpki +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/libpki/libconf depcomp = $(SHELL) $(top_srcdir)/build/depcomp am__maybe_remake_depfiles = depfiles -am__depfiles_remade = ./$(DEPDIR)/libpki_token_la-hsm_keypair.Plo \ - ./$(DEPDIR)/libpki_token_la-hsm_main.Plo \ - ./$(DEPDIR)/libpki_token_la-hsm_slot.Plo +am__depfiles_remade = ./$(DEPDIR)/libpki_hsm_la-hsm_keypair.Plo \ + ./$(DEPDIR)/libpki_hsm_la-hsm_main.Plo \ + ./$(DEPDIR)/libpki_hsm_la-hsm_slot.Plo am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -155,8 +155,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = $(libpki_token_la_SOURCES) -DIST_SOURCES = $(libpki_token_la_SOURCES) +SOURCES = $(libpki_hsm_la_SOURCES) +DIST_SOURCES = $(libpki_hsm_la_SOURCES) RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ @@ -195,7 +195,7 @@ am__define_uniq_tagged_files = \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` -DIST_SUBDIRS = openssl kmf engine pkcs11 . +DIST_SUBDIRS = openssl wolfssl pkcs11 . am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/build/depcomp \ $(top_srcdir)/build/mkinstalldirs DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -382,10 +382,6 @@ include_prefix = @include_prefix@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ -kmf_cflags = @kmf_cflags@ -kmf_ldadd = @kmf_ldadd@ -kmf_libflags = @kmf_libflags@ -kmf_prefix = @kmf_prefix@ ldap_cflags = @ldap_cflags@ ldap_ldadd = @ldap_ldadd@ ldap_ldflags = @ldap_ldflags@ @@ -476,32 +472,34 @@ xml2_prefix = @xml2_prefix@ yr = @yr@ TOP = .. BASE_DEFS = -@ENABLE_KMF_FALSE@HSM_KMF = -@ENABLE_KMF_TRUE@HSM_KMF = kmf -@ENABLE_KMF_TRUE@HSM_KMF_OBJ = $(top_builddir)/src/drivers/kmf/libpki-token-kmf.a -@ENABLE_OPENSSL_FALSE@HSM_SOFTWARE = -@ENABLE_OPENSSL_TRUE@HSM_SOFTWARE = openssl -@ENABLE_OPENSSL_TRUE@HSM_SOFTWARE_OBJ = $(top_builddir)/src/drivers/openssl/libpki-token-openssl.la -@ENABLE_OPENSSL_ENGINE_FALSE@HSM_ENGINE = -@ENABLE_OPENSSL_ENGINE_TRUE@HSM_ENGINE = engine -@ENABLE_OPENSSL_ENGINE_TRUE@HSM_ENGINE_OBJ = $(top_builddir)/src/drivers/engine/libpki-token-engine.la -HSM_PKCS11 = pkcs11 -HSM_PKCS11_OBJ = $(top_builddir)/src/drivers/pkcs11/libpki-token-pkcs11.la -HSMS = $(HSM_SOFTWARE) $(HSM_KMF) $(HSM_ENGINE) $(HSM_PKCS11) -OBJECTS = $(HSM_KMF_OBJ) $(HSM_SOFTWARE_OBJ) $(HSM_ENGINE_OBJ) $(HSM_PKCS11_OBJ) -SUBDIRS = $(HSMS) . +@ENABLE_OPENSSL_FALSE@OSSL_SUBDIRS = +@ENABLE_OPENSSL_TRUE@OSSL_SUBDIRS = openssl +@ENABLE_OPENSSL_FALSE@OSSL_SOFTWARE_OBJ = +@ENABLE_OPENSSL_TRUE@OSSL_SOFTWARE_OBJ = openssl/libpki-hsm-openssl.la +@ENABLE_WOLFSSL_FALSE@WOLFSSL_SUBDIRS = + +# HSM_SOFTWARE = wolfssl +# HSM_SOFTWARE_OBJ = $(top_builddir)/src/drivers/wolfssl/libpki-token-wolfssl.la +@ENABLE_WOLFSSL_TRUE@WOLFSSL_SUBDIRS = wolfssl +@ENABLE_WOLFSSL_FALSE@WOLFSSL_SOFTWARE_OBJ = +@ENABLE_WOLFSSL_TRUE@WOLFSSL_SOFTWARE_OBJ = wolfssl/libpki-hsm-wolfssl.la +@ENABLE_PKCS11_FALSE@PKCS11_SUBDIRS = +@ENABLE_PKCS11_TRUE@PKCS11_SUBDIRS = pkcs11 +@ENABLE_PKCS11_FALSE@PKCS11_SOFTWARE_OBJ = +@ENABLE_PKCS11_TRUE@PKCS11_SOFTWARE_OBJ = pkcs11/libpki-hsm-pkcs11.la +HSMS = $(OSSL_SOFTWARE_OBJ) $(WOLFSSL_SOFTWARE_OBJ) $(PKCS11_SOFTWARE_OBJ) +OBJECTS = $(HSM_SOFTWARE_OBJ) $(HSM_PKCS11_OBJ) +SUBDIRS = $(OSSL_SUBDIRS) $(WOLFSSL_SUBDIRS) $(PKCS11_SUBDIRS) . AM_CPPFLAGS = -I$(TOP) SRCS = \ hsm_main.c \ hsm_slot.c \ hsm_keypair.c -noinst_LTLIBRARIES = libpki-token.la -# noinst_LIBRARIES = libpki-token.a -libpki_token_la_SOURCES = $(SRCS) -libpki_token_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) -# libpki_token_la_LIBADD = $(BUILD_LIBPKI_LDFLAGS) $(OBJECTS) -libpki_token_la_LIBADD = $(OBJECTS) +noinst_LTLIBRARIES = libpki-hsm.la +libpki_hsm_la_SOURCES = $(SRCS) +libpki_hsm_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) +libpki_hsm_la_LIBADD = $(OBJECTS) all: all-recursive .SUFFIXES: @@ -515,9 +513,9 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/drivers/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/crypto/hsm/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/drivers/Makefile + $(AUTOMAKE) --gnu src/crypto/hsm/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -547,8 +545,8 @@ clean-noinstLTLIBRARIES: rm -f $${locs}; \ } -libpki-token.la: $(libpki_token_la_OBJECTS) $(libpki_token_la_DEPENDENCIES) $(EXTRA_libpki_token_la_DEPENDENCIES) - $(AM_V_CCLD)$(libpki_token_la_LINK) $(libpki_token_la_OBJECTS) $(libpki_token_la_LIBADD) $(LIBS) +libpki-hsm.la: $(libpki_hsm_la_OBJECTS) $(libpki_hsm_la_DEPENDENCIES) $(EXTRA_libpki_hsm_la_DEPENDENCIES) + $(AM_V_CCLD)$(libpki_hsm_la_LINK) $(libpki_hsm_la_OBJECTS) $(libpki_hsm_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -556,9 +554,9 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_token_la-hsm_keypair.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_token_la-hsm_main.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_token_la-hsm_slot.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_hsm_la-hsm_keypair.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_hsm_la-hsm_main.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_hsm_la-hsm_slot.Plo@am__quote@ # am--include-marker $(am__depfiles_remade): @$(MKDIR_P) $(@D) @@ -590,26 +588,26 @@ am--depfiles: $(am__depfiles_remade) @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< -libpki_token_la-hsm_main.lo: hsm_main.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_token_la_CFLAGS) $(CFLAGS) -MT libpki_token_la-hsm_main.lo -MD -MP -MF $(DEPDIR)/libpki_token_la-hsm_main.Tpo -c -o libpki_token_la-hsm_main.lo `test -f 'hsm_main.c' || echo '$(srcdir)/'`hsm_main.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_token_la-hsm_main.Tpo $(DEPDIR)/libpki_token_la-hsm_main.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hsm_main.c' object='libpki_token_la-hsm_main.lo' libtool=yes @AMDEPBACKSLASH@ +libpki_hsm_la-hsm_main.lo: hsm_main.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_hsm_la_CFLAGS) $(CFLAGS) -MT libpki_hsm_la-hsm_main.lo -MD -MP -MF $(DEPDIR)/libpki_hsm_la-hsm_main.Tpo -c -o libpki_hsm_la-hsm_main.lo `test -f 'hsm_main.c' || echo '$(srcdir)/'`hsm_main.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_hsm_la-hsm_main.Tpo $(DEPDIR)/libpki_hsm_la-hsm_main.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hsm_main.c' object='libpki_hsm_la-hsm_main.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_token_la_CFLAGS) $(CFLAGS) -c -o libpki_token_la-hsm_main.lo `test -f 'hsm_main.c' || echo '$(srcdir)/'`hsm_main.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_hsm_la_CFLAGS) $(CFLAGS) -c -o libpki_hsm_la-hsm_main.lo `test -f 'hsm_main.c' || echo '$(srcdir)/'`hsm_main.c -libpki_token_la-hsm_slot.lo: hsm_slot.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_token_la_CFLAGS) $(CFLAGS) -MT libpki_token_la-hsm_slot.lo -MD -MP -MF $(DEPDIR)/libpki_token_la-hsm_slot.Tpo -c -o libpki_token_la-hsm_slot.lo `test -f 'hsm_slot.c' || echo '$(srcdir)/'`hsm_slot.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_token_la-hsm_slot.Tpo $(DEPDIR)/libpki_token_la-hsm_slot.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hsm_slot.c' object='libpki_token_la-hsm_slot.lo' libtool=yes @AMDEPBACKSLASH@ +libpki_hsm_la-hsm_slot.lo: hsm_slot.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_hsm_la_CFLAGS) $(CFLAGS) -MT libpki_hsm_la-hsm_slot.lo -MD -MP -MF $(DEPDIR)/libpki_hsm_la-hsm_slot.Tpo -c -o libpki_hsm_la-hsm_slot.lo `test -f 'hsm_slot.c' || echo '$(srcdir)/'`hsm_slot.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_hsm_la-hsm_slot.Tpo $(DEPDIR)/libpki_hsm_la-hsm_slot.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hsm_slot.c' object='libpki_hsm_la-hsm_slot.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_token_la_CFLAGS) $(CFLAGS) -c -o libpki_token_la-hsm_slot.lo `test -f 'hsm_slot.c' || echo '$(srcdir)/'`hsm_slot.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_hsm_la_CFLAGS) $(CFLAGS) -c -o libpki_hsm_la-hsm_slot.lo `test -f 'hsm_slot.c' || echo '$(srcdir)/'`hsm_slot.c -libpki_token_la-hsm_keypair.lo: hsm_keypair.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_token_la_CFLAGS) $(CFLAGS) -MT libpki_token_la-hsm_keypair.lo -MD -MP -MF $(DEPDIR)/libpki_token_la-hsm_keypair.Tpo -c -o libpki_token_la-hsm_keypair.lo `test -f 'hsm_keypair.c' || echo '$(srcdir)/'`hsm_keypair.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_token_la-hsm_keypair.Tpo $(DEPDIR)/libpki_token_la-hsm_keypair.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hsm_keypair.c' object='libpki_token_la-hsm_keypair.lo' libtool=yes @AMDEPBACKSLASH@ +libpki_hsm_la-hsm_keypair.lo: hsm_keypair.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_hsm_la_CFLAGS) $(CFLAGS) -MT libpki_hsm_la-hsm_keypair.lo -MD -MP -MF $(DEPDIR)/libpki_hsm_la-hsm_keypair.Tpo -c -o libpki_hsm_la-hsm_keypair.lo `test -f 'hsm_keypair.c' || echo '$(srcdir)/'`hsm_keypair.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_hsm_la-hsm_keypair.Tpo $(DEPDIR)/libpki_hsm_la-hsm_keypair.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hsm_keypair.c' object='libpki_hsm_la-hsm_keypair.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_token_la_CFLAGS) $(CFLAGS) -c -o libpki_token_la-hsm_keypair.lo `test -f 'hsm_keypair.c' || echo '$(srcdir)/'`hsm_keypair.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_hsm_la_CFLAGS) $(CFLAGS) -c -o libpki_hsm_la-hsm_keypair.lo `test -f 'hsm_keypair.c' || echo '$(srcdir)/'`hsm_keypair.c mostlyclean-libtool: -rm -f *.lo @@ -814,9 +812,9 @@ clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ mostlyclean-am distclean: distclean-recursive - -rm -f ./$(DEPDIR)/libpki_token_la-hsm_keypair.Plo - -rm -f ./$(DEPDIR)/libpki_token_la-hsm_main.Plo - -rm -f ./$(DEPDIR)/libpki_token_la-hsm_slot.Plo + -rm -f ./$(DEPDIR)/libpki_hsm_la-hsm_keypair.Plo + -rm -f ./$(DEPDIR)/libpki_hsm_la-hsm_main.Plo + -rm -f ./$(DEPDIR)/libpki_hsm_la-hsm_slot.Plo -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -862,9 +860,9 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive - -rm -f ./$(DEPDIR)/libpki_token_la-hsm_keypair.Plo - -rm -f ./$(DEPDIR)/libpki_token_la-hsm_main.Plo - -rm -f ./$(DEPDIR)/libpki_token_la-hsm_slot.Plo + -rm -f ./$(DEPDIR)/libpki_hsm_la-hsm_keypair.Plo + -rm -f ./$(DEPDIR)/libpki_hsm_la-hsm_main.Plo + -rm -f ./$(DEPDIR)/libpki_hsm_la-hsm_slot.Plo -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic diff --git a/src/crypto/hsm/hsm_admin.c b/src/crypto/hsm/hsm_admin.c new file mode 100644 index 00000000..b244b737 --- /dev/null +++ b/src/crypto/hsm/hsm_admin.c @@ -0,0 +1,148 @@ +/* HSM Object Management Functions */ + +#include + +/*! + * \brief Initializes the HSM + */ +int CRYPTO_HSM_driver_new(HSM * hsm) { + + if (!hsm) return PKI_ERR; + + /* Call the init function provided by the hsm itself */ + if (hsm->admin_callbacks->new) { + return hsm->admin_callbacks->new(&hsm->driver, hsm->config); + } + + return PKI_OK; +} + +/*! + * \brief Initializes the HSM + */ +int CRYPTO_HSM_init( HSM *hsm ) { + + if( !hsm || !hsm->admin_callbacks ) return (PKI_ERR); + + /* Call the init function provided by the hsm itself */ + if( hsm->admin_callbacks->init ) + { + return (hsm->admin_callbacks->init(hsm, hsm->config )); + } + else + { + /* No init function is provided (not needed ??!?!) */ + PKI_log_debug("hsm (%s) does not provide an init " + "function!\n", hsm->description ); + } + + return(PKI_OK); +} + +/*! + * \brief Initializes the HSM + */ +int CRYPTO_HSM_driver_free(HSM * hsm) { + + if (!hsm) return PKI_ERR; + + /* Call the init function provided by the hsm itself */ + if (hsm->driver && hsm->admin_callbacks->free) { + int ret = hsm->admin_callbacks->free(hsm->driver); + hsm->driver = NULL; + return ret; + } + + return PKI_OK; +} + + +/* -------------------------- Access control to HSM ----------------------- */ + +int CRYPTO_HSM_login ( HSM *hsm, PKI_CRED *cred ) { + + if (!hsm) return (PKI_ERR); + + if ( hsm->admin_callbacks->login ) { + return ( hsm->admin_callbacks->login(hsm, cred )); + } else { + /* No login required by the HSM */ + PKI_log_debug("No login function for selected HSM"); + } + + return ( PKI_OK ); +} + +int CRYPTO_HSM_logout ( HSM *hsm ) { + + if (!hsm || !hsm->admin_callbacks ) return (PKI_ERR); + + if ( hsm->admin_callbacks && hsm->admin_callbacks->logout ) { + return ( hsm->admin_callbacks->logout( hsm )); + } else { + /* No login required by the HSM */ + PKI_log_debug("No login function for selected HSM"); + } + + return ( PKI_OK ); +} + + +/* -------------------------- FIPS mode for HSM ----------------------- */ + +int CRYPTO_HSM_set_fips_mode(const HSM *hsm, int enabled) +{ + if (!hsm) hsm = HSM_get_default(); + if (!hsm) return PKI_ERR; + + if (hsm->admin_callbacks && hsm->admin_callbacks->set_fips_mode) + { + return hsm->admin_callbacks->set_fips_mode(hsm, (enabled > 0 ? 1 : 0)); + } + else + { + // If no FIPS mode is available, let's return 0 (false) + return PKI_ERR; + } +} + +int CRYPTO_HSM_is_fips_mode(const HSM *hsm) +{ + if (!hsm) hsm = HSM_get_default(); + if (!hsm) return PKI_ERR; + + if (hsm->admin_callbacks && hsm->admin_callbacks->is_fips_mode) + { + return hsm->admin_callbacks->is_fips_mode(hsm); + } + else + { + return PKI_ERR; + } +} + +/* -------------------------- General Crypto HSM ----------------------- */ + +int CRYPTO_HSM_set_sign_algor(PKI_TYPE alg, HSM *hsm) { + + int ret = PKI_OK; + + // Input Checks + if (!alg) { + PKI_DEBUG("No algorithm passed!"); + return PKI_ERR; + } + + // Sets the algorithm if it is an hardware token + if (hsm && hsm->admin_callbacks && hsm->admin_callbacks->sign_algor) { + + // Using the HSM callback + PKI_log_debug("Setting the signature algorithm for selected HSM"); + ret = hsm->admin_callbacks->sign_algor(hsm, alg); + } + + // All Done + return (ret); +} + + diff --git a/src/crypto/hsm/hsm_crypto.c b/src/crypto/hsm/hsm_crypto.c new file mode 100644 index 00000000..b40a39fa --- /dev/null +++ b/src/crypto/hsm/hsm_crypto.c @@ -0,0 +1,878 @@ +/* HSM Object Management Functions */ + +#include + +/* ------------------- Keypair Gen/Free -------------------------------- */ + +PKI_X509_KEYPAIR *HSM_X509_KEYPAIR_new( PKI_KEYPARAMS *params, + char *label, PKI_CRED *cred, HSM *hsm ) { + + PKI_X509_KEYPAIR *ret = NULL; + URL *url = NULL; + + if( hsm && !url && (hsm->type == HSM_TYPE_PKCS11) ) { + PKI_DEBUG("Label is required when using HSM"); + return NULL; + } + + if ( label ) { + if(( url = URL_new(label)) == NULL ) { + PKI_ERROR(PKI_ERR_URI_PARSE, label); + return ( NULL ); + } + }; + + ret = HSM_X509_KEYPAIR_new_url ( params, url, cred, hsm ); + + if( url ) URL_free( url ); + + return ( ret ); +} + +PKI_X509_KEYPAIR *HSM_X509_KEYPAIR_new_url( PKI_KEYPARAMS *params, + URL *url, PKI_CRED *cred, HSM *driver ) { + + PKI_X509_KEYPAIR *ret = NULL; + HSM *hsm = NULL; + + if ( !params ) { + PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); + return NULL; + }; + + if( driver ) { + hsm = driver; + } else { + hsm = (HSM *) HSM_get_default(); + } + + if( hsm && hsm->callbacks && hsm->callbacks->keypair_new_url ) { + ret = hsm->callbacks->keypair_new_url(params,url,cred,hsm); + } else { + PKI_log_err("HSM does not provide key generation"); + // ret = HSM_OPENSSL_KEYPAIR_new( type, bits, url, cred, NULL ); + } + + return ( ret ); +} + + +PKI_MEM *HSM_X509_KEYPAIR_wrap ( PKI_X509_KEYPAIR *key, PKI_CRED *cred) { + + const HSM *hsm = NULL; + + if ( !key || !key->value ) return NULL; + + if ( key->hsm ) { + hsm = key->hsm; + } else { + hsm = HSM_get_default(); + } + + if ( hsm && hsm->callbacks && hsm->callbacks->key_wrap ) { + return hsm->callbacks->key_wrap ( key, cred ); + } + + return NULL; + +/* + int i = 0; + + PKI_X509 *obj = NULL; + PKI_MEM_STACK *ret_sk = NULL; + PKI_MEM *mem = NULL; + + if ( !sk ) return NULL; + + if ((ret_sk = PKI_STACK_MEM_new()) == NULL ) { + return NULL; + } + + for ( i = 0; i < PKI_STACK_X509_KEYPAIR_elements ( sk ); i++ ) { + obj = PKI_STACK_X509_KEYPAIR_get_num ( sk, i ); + + if (!obj || !obj->value ) continue; + + if ( obj->hsm ) { + if( obj->hsm && obj->hsm->callbacks && + obj->hsm->callbacks->key_wrap ) { + mem = obj->hsm->callbacks->key_wrap ( obj, + cred); + if ( mem == NULL ) break; + + PKI_STACK_MEM_push ( ret_sk, mem ); + } + } + } + + return ret_sk; +*/ +} + +PKI_X509_KEYPAIR *HSM_X509_KEYPAIR_unwrap ( PKI_MEM *mem, + URL *url, PKI_CRED *cred, HSM *hsm ) { + + PKI_X509_KEYPAIR *ret = NULL; + + if ( !hsm ) hsm = (HSM *) HSM_get_default(); + + /* Now Put the stack of objects in the HSM */ + if( hsm && hsm->callbacks && hsm->callbacks->key_unwrap ) { + ret = hsm->callbacks->key_unwrap ( mem, url, cred, hsm ); + }; + + /* Return value */ + return ret; +} + +// /* ------------------------ General PKI Signing ---------------------------- */ + +// /* !\brief Signs the data from a PKI_MEM structure by using the +// * passed key and digest algorithm. +// * +// * This function signs the data passed in the PKI_MEM structure. +// * Use PKI_DIGEST_ALG_NULL for using no hash algorithm when calculating +// * the signature. +// * Use NULL for the digest (PKI_DIGEST_ALG) pointer to use the data signing +// * functions directly (i.e., signing the PKI_MEM data directly instead of +// * first performing the digest calculation and then generating the signture +// * over the digest) +// * +// * @param der The pointer to a PKI_MEM structure with the data to sign +// * @param digest The pointer to a PKI_DIGEST_ALG method +// * @param key The pointer to the PKI_X509_KEYPAIR used for signing +// * @return A PKI_MEM structure with the signature value. +// */ + +// int PKI_X509_sign(PKI_X509 * x, +// const PKI_DIGEST_ALG * digest, +// const PKI_X509_KEYPAIR * key) { + +// // PKI_MEM *der = NULL; +// // PKI_MEM *sig = NULL; +// // // Data structure for the signature + +// PKI_STRING * sigPtr = NULL; +// // Pointer for the Signature in the PKIX data + +// int pkey_type = NID_undef; +// // Key Type + +// PKI_SCHEME_ID pkey_scheme = PKI_SCHEME_UNKNOWN; +// // Signature Scheme + +// PKI_X509_KEYPAIR_VALUE * pkey = NULL; +// // Internal Value + +// int sig_nid = -1; +// // Signature Algorithm identifier + +// // Input Checks +// if (!x || !x->value || !key || !key->value ) +// return PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); + +// // Extracts the internal value +// pkey = PKI_X509_get_value(key); +// if (!pkey) { +// PKI_ERROR(PKI_ERR_PARAM_NULL, "Missing Key's Internal Value"); +// return PKI_ERR; +// } + +// // // Gets the PKEY type +// // pkey_id = PKI_X509_KEYPAIR_VALUE_get_id(pkey); +// // pkey_type = EVP_PKEY_type(pkey_id); +// // if (pkey_type == NID_undef) { +// // #if OPENSSL_VERSION_NUMBER > 0x30000000L +// // pkey_type = pkey_id; +// // #else +// // PKI_ERROR(PKI_ERR_PARAM_NULL, "Missing Key's Internal Value"); +// // return PKI_ERR; +// // #endif +// // } + +// pkey_type = PKI_X509_KEYPAIR_VALUE_get_id(pkey); +// if (!pkey_type) { +// PKI_DEBUG("Cannot get the key's type (nid: %d)", PKI_X509_KEYPAIR_VALUE_get_id(pkey)); +// return PKI_ERR; +// } + +// // Gets the Signature Scheme +// pkey_scheme = PKI_X509_KEYPAIR_VALUE_get_scheme(pkey); +// if (pkey_scheme == PKI_SCHEME_UNKNOWN) { +// PKI_ERROR(PKI_ERR_PARAM_NULL, "Scheme not recognized for key (scheme: %d, type: %d)", +// PKI_SCHEME_ID_get_parsed(pkey_scheme), pkey_type); +// return PKI_ERR; +// } + +// // Sets the default Algorithm if none is provided +// if (!digest) { +// PKI_DEBUG("No digest was used, getting the default for the key."); +// if (PKI_SCHEME_ID_is_explicit_composite(pkey_scheme)) { +// PKI_DEBUG("Explicit Composite Scheme, no digest allowed (overriding choice)"); +// digest = PKI_DIGEST_ALG_NULL; +// } else { +// digest = PKI_DIGEST_ALG_get_default(key); +// } +// } + +// // PKI_DEBUG("Digest Algorithm set to %s", PKI_DIGEST_ALG_get_parsed(digest)); + +// // Let's make sure we do not use a digest with explicit composite +// if (PKI_ID_is_explicit_composite(pkey_type, NULL)) { +// // No digest is allowed +// digest = PKI_DIGEST_ALG_NULL; +// } + +// // Handles the weirdness of OpenSSL - we want to check if the signing algorithm +// // is actually allowed with the selected public key +// if (digest != NULL && digest != PKI_DIGEST_ALG_NULL) { + +// // Finds the associated signing algorithm identifier, if any +// if (OBJ_find_sigid_by_algs(&sig_nid, EVP_MD_nid(digest), pkey_type) != 1) { +// PKI_DEBUG("Cannot Get The Signing Algorithm for %s with %s", +// PKI_ID_get_txt(pkey_type), digest ? PKI_DIGEST_ALG_get_parsed(digest) : "NULL"); +// // Fatal Error +// return PKI_ERR; +// } + +// } else { + +// if (PKI_ID_requires_digest(pkey_type) == PKI_OK) { +// PKI_DEBUG("%s scheme does not support arbitrary signing, hashing is required", +// PKI_SCHEME_ID_get_parsed(pkey_scheme)); +// // Error condition +// return PKI_ERR; +// } + +// // Checks if we can use the NULL digest +// if (PKI_ID_is_composite(pkey_type, NULL) || +// PKI_ID_is_explicit_composite(pkey_type, NULL)) { + +// // Finds the associated signing algorithm identifier, if any +// if (OBJ_find_sigid_by_algs(&sig_nid, NID_undef, pkey_type) != 1) { +// PKI_DEBUG("Cannot Get The Signing Algorithm for %s with %s", +// PKI_ID_get_txt(pkey_type), digest ? PKI_DIGEST_ALG_get_parsed(digest) : "NULL"); +// // Fatal Error +// return PKI_ERR; +// } +// // Use the appropriate digest to avoid the OpenSSL weirdness +// digest = EVP_md_null(); + +// } else if (PKI_ID_is_pqc(pkey_type, NULL)) { + +// // Use the Same ID for Key and Signature +// sig_nid = pkey_type; +// } + +// // if (PKI_ID_requires_digest(EVP_PKEY_id(pkey) == PKI_OK)) { +// // // If the key requires a digest, we need to find the default +// // // digest algorithm for the key type +// // if (PKI_ID_get_digest(EVP_PKEY_id(pkey), &scheme_id) != PKI_OK) { +// // PKI_DEBUG("Cannot Get The Digest Algorithm for %s", +// // PKI_ID_get_txt(PKI_X509_KEYPAIR_VALUE_get_id(pkey))); +// // // Fatal Error +// // return PKI_ERR; +// // } +// // } +// // if (PKI_ID_is_explicit_composite(EVP_PKEY_id(pkey), &scheme_id) != PKI_OK) { + +// // PKI_DEBUG("Got The Scheme ID => %d", scheme_id); + +// // switch (scheme_id) { + +// // // Algorithms that do not require hashing +// // /* case PKI_SCHEME_ED448: */ +// // /* case PKI_SCHEME_X25519: */ +// // case PKI_SCHEME_DILITHIUM: +// // case PKI_SCHEME_FALCON: +// // case PKI_SCHEME_COMPOSITE: +// // case PKI_SCHEME_COMBINED: +// // case PKI_SCHEME_KYBER: +// // case PKI_SCHEME_CLASSIC_MCELIECE: { +// // // No-hashing is supported by the algorithm +// // // If the find routine returns 1 it was successful, however +// // // for PQC it seems to return NID_undef for the sig_nid, this fixes it +// // if (sig_nid == NID_undef) sig_nid = EVP_PKEY_id(pkey); +// // } break; + + +// // // Hashing required +// // default: +// // PKI_DEBUG("%s does not support arbitrary signing, hashing is required", +// // PKI_SCHEME_ID_get_parsed(scheme_id)); +// // // Error condition +// // return PKI_ERR; +// // } +// // } +// } + +// // // Debugging Information +// // PKI_DEBUG("Signing Algorithm Is: %s", PKI_ID_get_txt(sig_nid)); +// // PKI_DEBUG("Digest Signing Algorithm: %p (%s)", digest, PKI_DIGEST_ALG_get_parsed(digest)); + +// // Since we are using the DER representation for signing, we need to first +// // update the data structure(s) with the right OIDs - we use the default +// // ASN1_item_sign() with a NULL buffer parameter to do that. + +// // ASN1_item_sign behaviour: +// // - signature: we must provide an ASN1_BIT_STRING pointer, the pnt->data +// // will be freed and replaced with the signature data +// // - pkey: we must provide an EVP_PKEY pointer +// // - data: is the pointer to an internal value (e.g., a PKI_X509_VALUE +// // or a PKI_X509_REQ_VALUE)) +// // - type: is the pointer to the const EVP_MD structure for the hash-n-sign +// // digest + +// ASN1_BIT_STRING sig_asn1 = { 0x0 }; +// // Pointer to the ASN1_BIT_STRING structure for the signature + +// // Note that only COMPOSITE can properly handle passing the EVP_md_null() +// // for indicating that we do not need a digest algorithm, however that is +// // not well supported by OQS. Let's just pass NULL if the algorithm is not +// // composite and the requested ditest is EVP_md_null(). +// if (digest == PKI_DIGEST_ALG_NULL) { +// if (!PKI_SCHEME_ID_is_composite(pkey_scheme) && +// !PKI_SCHEME_ID_is_explicit_composite(pkey_scheme)) { +// // The algorithm is not composite, but the digest is EVP_md_null() +// PKI_DEBUG("Digest is EVP_md_null(), but the algorithm is not composite, replacing the digest with NULL"); +// digest = NULL; +// } +// } + +// // Special case for non-basic types to be signed. The main example is +// // the OCSP response where we have three different internal fields +// // suche as status, resp, and bs. We need to sign the bs field in +// // this case. +// void * item_data = NULL; +// switch (x->type) { +// case PKI_DATATYPE_X509_OCSP_RESP: { +// PKI_X509_OCSP_RESP_VALUE * ocsp_resp = NULL; + +// // For OCSP Responses we need to sign the TBSResponseData +// ocsp_resp = (PKI_X509_OCSP_RESP_VALUE *) x->value; +// item_data = ocsp_resp->bs; +// } break; + +// default: { +// // Default use-case +// item_data = x->value; +// } break; +// } + +// // Sets the right OID for the signature +// int success = ASN1_item_sign(x->it, +// PKI_X509_get_data(x, PKI_X509_DATA_SIGNATURE_ALG1), +// PKI_X509_get_data(x, PKI_X509_DATA_SIGNATURE_ALG2), +// &sig_asn1, +// item_data, +// pkey, +// digest); + +// if (!success || !sig_asn1.data || !sig_asn1.length) { +// PKI_DEBUG("Error while creating the signature: %s (success: %d, sig_asn1.data: %p, sig_asn1.length: %d)", +// ERR_error_string(ERR_get_error(), NULL), success, sig_asn1.data, sig_asn1.length); +// PKI_ERROR(PKI_ERR_SIGNATURE_CREATE, NULL); +// return PKI_ERR; +// } + +// // EVP_MD_CTX * md_ctx_tmp = EVP_MD_CTX_new(); +// // if (!md_ctx_tmp) { +// // PKI_ERROR(PKI_ERR_MEMORY_ALLOC, "Can not allocate memory for the EVP_MD_CTX"); +// // return PKI_ERR; +// // } + +// // EVP_PKEY_CTX * pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL); +// // if (!pkey_ctx) { +// // PKI_ERROR(PKI_ERR_MEMORY_ALLOC, "Can not allocate memory for the EVP_PKEY_CTX"); +// // return PKI_ERR; +// // } + +// // X509_ALGORS * signature_algors = sk_X509_ALGOR_new_null(); +// // if (!signature_algors) { +// // PKI_ERROR(PKI_ERR_MEMORY_ALLOC, "Can not allocate memory for the X509_ALGORS"); +// // return PKI_ERR; +// // } + +// // X509_ALGOR * signature_algor = X509_ALGOR_new(); + +// // EVP_MD_CTX_set_pkey_ctx(md_ctx_tmp, pkey_ctx); + +// // EVP_MD_CTX_ctrl(md_ctx_tmp, EVP_MD_CTRL_SET_SIGNAME, sig_nid, NULL); + +// // int success = ASN1_item_sign_ctx(x->it, +// // PKI_X509_get_data(x, PKI_X509_DATA_SIGNATURE_ALG1), +// // PKI_X509_get_data(x, PKI_X509_DATA_SIGNATURE_ALG2), +// // &sig_asn1, +// // x->value, +// // md_ctx_tmp); + +// // if (!success || !sig_asn1.data || !sig_asn1.length) { +// // PKI_ERROR(PKI_ERR_SIGNATURE_CREATE, "Can not sign the data"); +// // return PKI_ERR; +// // } + +// // // Retrieves the DER representation of the data to be signed +// // if ((der = PKI_X509_get_tbs_asn1(x)) == NULL) { +// // // Logs the issue +// // PKI_DEBUG("Can not get the DER representation of the PKIX data via tbs func"); +// // // Builds the DER representation in a PKI_MEM structure +// // if ((der = PKI_X509_put_mem(x, +// // PKI_DATA_FORMAT_ASN1, +// // NULL, +// // NULL )) == NULL) { +// // // Logs the issue +// // PKI_DEBUG("Can not get the DER representation directly, aborting."); +// // // Can not encode into DER +// // return PKI_ERROR(PKI_ERR_DATA_ASN1_ENCODING, NULL); +// // } +// // } + +// // // Generates the Signature +// // if ((sig = PKI_sign(der, digest, key)) == NULL) { +// // // Error while creating the signature, aborting +// // if (der) PKI_MEM_free(der); +// // // Report the issue +// // return PKI_ERROR(PKI_ERR_SIGNATURE_CREATE, NULL); +// // } + +// // // Debugging +// // FILE * fp = fopen("signature_create.der", "w"); +// // if (fp) { +// // fwrite(sig->data, sig->size, 1, fp); +// // fclose(fp); +// // } +// // fp = fopen("signed_data_create.der", "w"); +// // if (fp) { +// // fwrite(der->data, der->size, 1, fp); +// // fclose(fp); +// // } + +// // // der work is finished, let's free the memory +// // if (der) PKI_MEM_free(der); +// // der = NULL; + +// // // Gets the reference to the X509 signature field +// // if ((sigPtr = PKI_X509_get_data(x, +// // PKI_X509_DATA_SIGNATURE)) == NULL) { +// // // Error: Can not retrieve the generated signature, aborting +// // PKI_MEM_free (sig); +// // // Return the error +// // return PKI_ERROR(PKI_ERR_POINTER_NULL, "Can not get signature data"); +// // } + +// // Gets the reference to the X509 signature field +// if ((sigPtr = PKI_X509_get_data(x, +// PKI_X509_DATA_SIGNATURE)) == NULL) { +// // Error: Can not retrieve the generated signature, aborting +// if (sig_asn1.data) PKI_Free(sig_asn1.data); +// // Return the error +// PKI_ERROR(PKI_ERR_POINTER_NULL, "Can not get signature data"); +// return PKI_ERR; +// } + +// // // Transfer the ownership of the generated signature data (sig) +// // // to the signature field in the X509 structure (signature) +// // sigPtr->data = sig->data; +// // sigPtr->length = (int) sig->size; + +// // Transfer the ownership of the generated signature data (sig) +// // // to the signature field in the X509 structure (signature) +// sigPtr->data = sig_asn1.data; +// sigPtr->length = sig_asn1.length; + +// // Sets the flags into the signature field +// sigPtr->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); +// sigPtr->flags |= ASN1_STRING_FLAG_BITS_LEFT; + +// // // We can not free the data in the sig PKI_MEM because that is +// // // actually owned by the signature now, so let's change the +// // // data pointer and then free the PKI_MEM data structure +// // sig->data = NULL; +// // sig->size = 0; + +// // // Now we can free the signature mem +// // PKI_MEM_free(sig); + +// // Success +// return PKI_OK; +// } + +// /*! \brief General signature function on data */ + +// PKI_MEM *PKI_sign(const PKI_MEM * der, +// const PKI_DIGEST_ALG * alg, +// const PKI_X509_KEYPAIR * key ) { + +// PKI_MEM *sig = NULL; +// const HSM *hsm = NULL; + +// // Input check +// if (!der || !der->data || !key || !key->value) { +// PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); +// return NULL; +// } + +// // If no HSM is provided, let's get the default one +// hsm = (key->hsm != NULL ? key->hsm : HSM_get_default()); + +// // Debugging Info +// PKI_DEBUG("Calling Callback with Digest = %p (Null =? %s)\n", +// alg, alg == EVP_md_null() ? "Yes" : "No"); + +// // Requires the use of the HSM's sign callback +// if (hsm && hsm->callbacks && hsm->callbacks->sign) { + +// // Generates the signature by using the HSM callback +// if ((sig = hsm->callbacks->sign( +// (PKI_MEM *)der, +// (PKI_DIGEST_ALG *)alg, +// (PKI_X509_KEYPAIR *)key)) == NULL) { + +// // Error: Signature was not generated +// PKI_DEBUG("Can not generate signature (returned from sign cb)"); +// } + +// } else { + +// // There is no callback for signing the X509 structure +// PKI_ERROR(PKI_ERR_SIGNATURE_CREATE_CALLBACK, +// "No sign callback for key's HSM"); + +// // Free Memory +// PKI_MEM_free(sig); + +// // All Done +// return NULL; +// } + +// // Let's return the output of the signing function +// return sig; +// } + +// /*! +// * \brief Verifies a PKI_X509 by using a key from a certificate +// */ + +// int PKI_X509_verify_cert(const PKI_X509 *x, const PKI_X509_CERT *cert) { + +// const PKI_X509_KEYPAIR *kval = NULL; + +// PKI_X509_KEYPAIR *kp = NULL; + +// int ret = -1; + +// // Input Check +// if (!x || !x->value || !cert || !cert->value) +// return PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); + +// // Gets the internal value of the public key from the certificate +// kval = PKI_X509_CERT_get_data(cert, PKI_X509_DATA_KEYPAIR_VALUE); +// if (!kval) return PKI_ERR; + +// // Use the internal value to generate a new PKI_X509_KEYPAIR +// kp = PKI_X509_new_value(PKI_DATATYPE_X509_KEYPAIR, +// (PKI_X509_KEYPAIR_VALUE *)kval, +// NULL); + +// // Checks if the operation was successful +// if ( !kp ) return PKI_ERR; + +// // Verifies the certificate by using the extracted public key +// ret = PKI_X509_verify(x, kp); + +// // Take back the ownership of the internal value (avoid freeing +// // the memory when freeing the memory associated with the +// // PKI_X509_KEYPAIR data structure) +// kp->value = NULL; + +// // Free the Memory +// PKI_X509_KEYPAIR_free(kp); + +// return ret; +// } + +// /*! +// * \brief Verifies a signature on a PKI_X509 object (not for PKCS7 ones) +// */ + +// int PKI_X509_verify(const PKI_X509 *x, const PKI_X509_KEYPAIR *key ) { + +// int ret = PKI_ERR; +// const HSM *hsm = NULL; + +// // PKI_MEM *data = NULL; +// // PKI_MEM *sig = NULL; + +// // PKI_STRING *sig_value = NULL; +// // PKI_X509_ALGOR_VALUE *alg = NULL; + +// // Make sure the library is initialized +// PKI_init_all(); + +// // Input Checks +// if (!x || !x->value || !key || !key->value) { + +// // Checks the X509 structure to verify +// if (!x || !x->value) +// return PKI_ERROR(PKI_ERR_PARAM_NULL, "Missing data to verify"); + +// // Checks the key value +// if (!key || !key->value) +// return PKI_ERROR(PKI_ERR_PARAM_NULL, "Missing keypair to verify with"); +// } + +// // Gets the reference to the HSM to use +// hsm = key->hsm != NULL ? key->hsm : HSM_get_default(); + +// // Uses the callback to verify the signature that was copied +// // in the sig (PKI_MEM) structure +// if (hsm && hsm->callbacks && hsm->callbacks->asn1_verify) { + +// // Debugging Info +// PKI_log_debug( "HSM verify() callback called " ); + +// // // Calls the callback function +// // ret = hsm->callbacks->verify(data, +// // sig, +// // alg, +// // (PKI_X509_KEYPAIR *)key ); +// // Calls the callback function +// ret = hsm->callbacks->asn1_verify(x, key); + +// } else { + +// // Experimental: use ASN1_item_verify() +// // ret = ASN1_item_verify(x->it, +// // PKI_X509_get_data(x, PKI_X509_DATA_SIGNATURE_ALG1), +// // PKI_X509_get_data(x, PKI_X509_DATA_SIGNATURE), +// // x->value, +// // key->value +// // ); + +// ret = PKI_X509_ITEM_verify(x->it, +// PKI_X509_get_data(x, PKI_X509_DATA_SIGNATURE_ALG1), +// PKI_X509_get_data(x, PKI_X509_DATA_SIGNATURE), +// x->value, +// key->value +// ); +// } + +// // if (success == 1) { +// // PKI_DEBUG("PKI_X509_verify()::Signature Verified!"); +// // } else { +// // PKI_DEBUG("PKI_X509_verify()::Signature Verification Failed!"); +// // } + +// // // Gets the algorithm from the X509 data +// // if (( alg = PKI_X509_get_data(x, PKI_X509_DATA_ALGORITHM)) == NULL) { + +// // // Reports the error +// // return PKI_ERROR(PKI_ERR_ALGOR_UNKNOWN, +// // "Can not get algorithm from object!"); +// // } + +// // // Gets the DER representation of the data to be signed + +// // // if ((data = PKI_X509_get_der_tbs(x)) == NULL) { +// // // if ((data = PKI_X509_get_data(x, PKI_X509_DATA_TBS_MEM_ASN1)) == NULL) { +// // if ((data = PKI_X509_get_tbs_asn1(x)) == NULL) { +// // return PKI_ERROR(PKI_ERR_DATA_ASN1_ENCODING, +// // "Can not get To Be signed object!"); +// // } + +// // // Gets a reference to the Signature field in the X509 structure +// // if ((sig_value = PKI_X509_get_data(x, +// // PKI_X509_DATA_SIGNATURE)) == NULL) { + +// // // Free the memory +// // PKI_MEM_free(data); + +// // // We could not get the reference to the signature field +// // return PKI_ERROR(PKI_ERR_POINTER_NULL, +// // "Can not get Signature field from the X509 object!"); +// // } + +// // // Copies the signature data structure from the sig_value (PKI_STRING) +// // // of the X509 structure to the sig one (PKI_MEM) +// // if ((sig = PKI_MEM_new_data((size_t)sig_value->length, +// // (unsigned char *)sig_value->data)) == NULL) { + +// // // Free memory +// // PKI_MEM_free(data); + +// // // Reports the memory error +// // return PKI_ERR; +// // } + +// // // Uses the callback to verify the signature that was copied +// // // in the sig (PKI_MEM) structure +// // if (hsm && hsm->callbacks && hsm->callbacks->verify) { + +// // // Debugging Info +// // PKI_log_debug( "HSM verify() callback called " ); + +// // // Calls the callback function +// // ret = hsm->callbacks->verify(data, +// // sig, +// // alg, +// // (PKI_X509_KEYPAIR *)key ); + +// // } else { + +// // // // Debugging +// // // FILE * fp = fopen("signature_verify.der", "w"); +// // // if (fp) { +// // // fwrite(sig->data, sig->size, 1, fp); +// // // fclose(fp); +// // // } +// // // fp = fopen("signed_data_verify.der", "w"); +// // // if (fp) { +// // // fwrite(data->data, data->size, 1, fp); +// // // fclose(fp); +// // // } + +// // // If there is no verify callback, let's call the internal one +// // ret = PKI_verify_signature(data, sig, alg, x->it, key); + +// // } + +// // // Free the allocated memory +// // if ( data ) PKI_MEM_free ( data ); +// // if ( sig ) PKI_MEM_free ( sig ); + +// // Provides some additional information in debug mode +// if (ret != PKI_OK) { +// PKI_DEBUG("Crypto Layer Error: %s (%d)", +// HSM_get_errdesc(HSM_get_errno(hsm), hsm), +// HSM_get_errno(hsm)); +// } else { +// PKI_DEBUG("Validation Completed Successfully!"); +// } + +// return ret; +// } + +// /*! \brief Verifies a signature */ + +// int PKI_verify_signature(const PKI_MEM * data, +// const PKI_MEM * sig, +// const PKI_X509_ALGOR_VALUE * alg, +// const ASN1_ITEM * it, +// const PKI_X509_KEYPAIR * key ) { +// int v_code = 0; +// // OpenSSL return code + +// EVP_MD_CTX *ctx = NULL; +// // PKey Context + +// PKI_X509_KEYPAIR_VALUE * k_val = PKI_X509_get_value(key); +// // Internal representation of the key + +// const PKI_DIGEST_ALG *dgst = NULL; +// // Digest Algorithm + +// // Input Checks +// if (!data || !data->data || !sig || !sig->data || +// !alg || !key || !k_val ) { +// // Reports the Input Error +// return PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); +// } + +// // Gets the Digest Algorithm to verify with +// if ((dgst = PKI_X509_ALGOR_VALUE_get_digest(alg)) == PKI_ID_UNKNOWN) { +// // Reports the error +// return PKI_ERROR(PKI_ERR_ALGOR_UNKNOWN, NULL); +// } + +// // PKI_DEBUG("Executing ASN1_item_verify()"); + +// // ASN1_BIT_STRING signature; +// // signature.data = sig->data; +// // signature.length = (int)sig->size; + +// // ASN1_item_verify(it, (X509_ALGOR *)alg, &signature, NULL, k_val); +// // PKI_DEBUG("Done with ASN1_item_verify()"); + +// // Only use digest when we have not digest id +// // that was returned for the algorithm +// if (dgst != NULL && dgst != EVP_md_null()) { + +// EVP_PKEY_CTX * pctx = NULL; + +// // Creates and Initializes a new crypto context (CTX) +// if ((ctx = EVP_MD_CTX_new()) == NULL) { +// // Can not alloc memory, let's report the error +// PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); +// } + +// // Initializes the new CTX +// EVP_MD_CTX_init(ctx); + +// // Initializes the verify function +// if (!EVP_DigestVerifyInit(ctx, &pctx, dgst, NULL, k_val)) { +// // Error in initializing the signature verification function +// PKI_DEBUG("Signature Verify Initialization (Crypto Layer Error): %s (%d)", +// HSM_get_errdesc(HSM_get_errno(NULL), NULL), HSM_get_errno(NULL)); +// // Done working +// goto err; +// } + +// // Finalizes the validation +// if ((v_code = EVP_DigestVerify(ctx, sig->data, sig->size, data->data, data->size)) <= 0) { +// // Reports the error +// PKI_DEBUG("Signature Verify Final Failed (Crypto Layer Error): %s (%d - %d)", +// HSM_get_errdesc(HSM_get_errno(NULL), NULL), v_code, HSM_get_errno(NULL)); +// // Done working +// goto err; +// } + +// } else { + +// EVP_PKEY_CTX * pctx = EVP_PKEY_CTX_new(key->value, NULL); +// // Context for the verify operation + +// // If we are in composite, we should attach the X509_ALGOR pointer +// // to the application data for the PMETH verify() to pick that up +// if (alg) { +// PKI_DEBUG("Setting App Data (We Should use the CTRL interface?): %p", alg); +// EVP_PKEY_CTX_set_app_data(pctx, (void *)alg); +// } + +// // Initialize the Verify operation +// if ((v_code = EVP_PKEY_verify_init(pctx)) <= 0) { +// PKI_ERROR(PKI_ERR_SIGNATURE_VERIFY, "cannot initialize direct (no-hash) sig verification"); +// goto err; +// } + +// // Verifies the signature +// if ((v_code = EVP_PKEY_verify(pctx, sig->data, sig->size, data->data, data->size)) <= 0) { +// PKI_ERROR(PKI_ERR_SIGNATURE_VERIFY, NULL); +// goto err; +// } +// } + +// // Free the memory +// #if OPENSSL_VERSION_NUMBER < 0x1010000fL +// EVP_MD_CTX_cleanup(ctx); +// #else +// EVP_MD_CTX_reset(ctx); +// #endif +// EVP_MD_CTX_free(ctx); + +// // All Done +// return PKI_OK; + +// err: +// // Free Memory +// if (ctx) { +// #if OPENSSL_VERSION_NUMBER < 0x1010000fL +// EVP_MD_CTX_cleanup(ctx); +// #else +// EVP_MD_CTX_reset(ctx); +// #endif +// EVP_MD_CTX_free(ctx); +// } + +// // Returns the error +// return PKI_ERR; +// } \ No newline at end of file diff --git a/src/drivers/hsm_slot.c b/src/crypto/hsm/hsm_store.c similarity index 61% rename from src/drivers/hsm_slot.c rename to src/crypto/hsm/hsm_store.c index acb37cd9..3aaaeec1 100644 --- a/src/drivers/hsm_slot.c +++ b/src/crypto/hsm/hsm_store.c @@ -1,96 +1,23 @@ -/* HSM Object Management Functions */ +/* hsm_store.c */ -#include +#include -/* HSM_SLOT_INFO Data Structure */ -HSM_SLOT_INFO default_slot_info = { - - /* Device Manufacturer ID */ - "Unknown", - - /* Device Description */ - "Unknown", - - /* Hardware Version */ - 1, - 0, - - /* Firmware Version */ - 1, - 0, - - /* Initialized */ - 1, - - /* Present */ - 1, - - /* Removable */ - 0, - - /* Hardware */ - 0, - - /* Token Info */ - { - /* Token Label */ - "Unknown Label", - /* ManufacturerID */ - "Unknown", - /* Model */ - "Unknown Model", - /* Serial Number */ - "0", - /* Max Sessions */ - 65535, - /* Current Sessions */ - 0, - /* Max Pin Len */ - 0, - /* Min Pin Len */ - 0, - /* Memory Pub Total */ - 0, - /* Memory Pub Free */ - 0, - /* Memory Priv Total */ - 0, - /* Memory Priv Free */ - 0, - /* HW Version Major */ - 1, - /* HW Version Minor */ - 0, - /* FW Version Major */ - 1, - /* FW Version Minor */ - 0, - /* HAS Random Number Generator (RNG) */ - 1, - /* HAS clock */ - 0, - /* Login is Required */ - 0, - /* utcTime */ - "" - } - -}; - -/* ------------- Slot Management functions --------------- */ + // ========================= + // Slot Management functions + // ========================= -unsigned long HSM_SLOT_num ( HSM *hsm ) { +unsigned long HSM_STORE_num ( HSM *hsm ) { - if( !hsm || !hsm->callbacks ) return ( 1 ); + if (!hsm || !hsm->store_callbacks) return ( 1 ); - if( hsm->callbacks && hsm->callbacks->slot_num ) { - return hsm->callbacks->slot_num( hsm ); + if (hsm->store_callbacks && hsm->store_callbacks->store_num) { + return hsm->store_callbacks->store_num( hsm ); } return ( 1 ); }; -int HSM_SLOT_select ( unsigned long num, PKI_CRED *cred, HSM *hsm ) { +int HSM_STORE_select ( unsigned long num, PKI_CRED *cred, HSM *hsm ) { int ret = PKI_OK; @@ -98,8 +25,8 @@ int HSM_SLOT_select ( unsigned long num, PKI_CRED *cred, HSM *hsm ) { return ( ret ); } - if( hsm && hsm->callbacks && hsm->callbacks->select_slot ) { - ret = hsm->callbacks->select_slot ( num, cred, hsm ); + if( hsm && hsm->store_callbacks && hsm->store_callbacks->select_slot ) { + ret = hsm->store_callbacks->select_slot ( num, cred, hsm ); } else { PKI_log_debug("No slot select function for current HSM"); ret = PKI_OK; @@ -108,7 +35,7 @@ int HSM_SLOT_select ( unsigned long num, PKI_CRED *cred, HSM *hsm ) { return ( ret ); } -int HSM_SLOT_clear ( unsigned long num, PKI_CRED *cred, HSM *hsm ) { +int HSM_STORE_clear ( unsigned long num, PKI_CRED *cred, HSM *hsm ) { int ret = PKI_OK; @@ -116,8 +43,8 @@ int HSM_SLOT_clear ( unsigned long num, PKI_CRED *cred, HSM *hsm ) { return ( ret ); } - if( hsm && hsm->callbacks && hsm->callbacks->clear_slot ) { - ret = hsm->callbacks->clear_slot ( num, cred, hsm ); + if( hsm && hsm->store_callbacks && hsm->store_callbacks->clear_slot ) { + ret = hsm->store_callbacks->clear_slot ( num, cred, hsm ); } else { PKI_log_debug ("No Slot Clear function for current HSM"); ret = PKI_OK; @@ -126,44 +53,44 @@ int HSM_SLOT_clear ( unsigned long num, PKI_CRED *cred, HSM *hsm ) { return ( ret ); } -HSM_SLOT_INFO * HSM_SLOT_INFO_get ( unsigned long num, HSM *hsm ) { +HSM_STORE_INFO * HSM_STORE_INFO_get ( unsigned long num, HSM *hsm ) { - HSM_SLOT_INFO *ret = NULL; + HSM_STORE_INFO *ret = NULL; if( !hsm ) { - ret = (HSM_SLOT_INFO *) PKI_Malloc ( sizeof (HSM_SLOT_INFO)); - memcpy( ret, &default_slot_info, sizeof( HSM_SLOT_INFO )); + ret = (HSM_STORE_INFO *) PKI_Malloc ( sizeof (HSM_STORE_INFO)); + memcpy( ret, &default_slot_info, sizeof( HSM_STORE_INFO )); - snprintf(ret->manufacturerID, MANUFACTURER_ID_SIZE, + snprintf(ret->manufacturerID, HSM_MANUFACTURER_ID_SIZE, "%s", "OpenCA Labs"); - snprintf(ret->description, DESCRIPTION_SIZE, + snprintf(ret->description, HSM_DESCRIPTION_SIZE, "%s", "LibPKI Software HSM"); - snprintf(ret->token_info.label, LABEL_SIZE, + snprintf(ret->token_info.label, HSM_LABEL_SIZE, "%s", "LibPKI Software Token"); - snprintf(ret->token_info.manufacturerID, MANUFACTURER_ID_SIZE, + snprintf(ret->token_info.manufacturerID, HSM_MANUFACTURER_ID_SIZE, "%s", "OpenCA Labs"); - snprintf(ret->token_info.model, MODEL_SIZE, + snprintf(ret->token_info.model, HSM_MODEL_SIZE, "%s", "OpenSSL Library"); - snprintf(ret->token_info.serialNumber, SERIAL_NUMBER_SIZE, + snprintf(ret->token_info.serialNumber, HSM_SERIAL_NUMBER_SIZE, "%s", "0000:0000"); - } else if ( hsm->callbacks && hsm->callbacks->slot_info_get ) { - ret = hsm->callbacks->slot_info_get ( num, hsm ); + } else if ( hsm->store_callbacks && hsm->store_callbacks->store_info_get) { + ret = hsm->store_callbacks->store_info_get ( num, hsm ); } else { - ret = (HSM_SLOT_INFO *) PKI_Malloc ( sizeof (HSM_SLOT_INFO)); - memcpy( ret, &default_slot_info, sizeof( HSM_SLOT_INFO )); + ret = (HSM_STORE_INFO *) PKI_Malloc ( sizeof (HSM_STORE_INFO)); + memcpy( ret, &default_slot_info, sizeof( HSM_STORE_INFO )); }; return ( ret ); -}; +} -int HSM_SLOT_INFO_print( unsigned long num, PKI_CRED * cred, HSM *hsm ) { +int HSM_STORE_INFO_print( unsigned long num, PKI_CRED * cred, HSM *hsm ) { - HSM_SLOT_INFO *sl_info = NULL; + HSM_STORE_INFO *sl_info = NULL; HSM_TOKEN_INFO *tk_info = NULL; - if((sl_info = HSM_SLOT_INFO_get ( num, hsm )) == NULL ) { + if((sl_info = HSM_STORE_INFO_get ( num, hsm )) == NULL ) { PKI_log_debug("Can not get the HSM info"); return PKI_ERR; } @@ -231,14 +158,14 @@ int HSM_SLOT_INFO_print( unsigned long num, PKI_CRED * cred, HSM *hsm ) { return ( PKI_OK ); } -void HSM_SLOT_INFO_free ( HSM_SLOT_INFO *sl_info, HSM *hsm ) { +void HSM_STORE_INFO_free ( HSM_STORE_INFO *sl_info, HSM *hsm ) { if( !sl_info || !hsm ) { return; } - if ( hsm && hsm->callbacks && hsm->callbacks->slot_info_free ) { - hsm->callbacks->slot_info_free ( sl_info, hsm ); + if (hsm && hsm->store_callbacks && hsm->store_callbacks->store_info_free) { + hsm->store_callbacks->store_info_free ( sl_info, hsm ); } else { PKI_Free ( sl_info ); }; @@ -246,3 +173,81 @@ void HSM_SLOT_INFO_free ( HSM_SLOT_INFO *sl_info, HSM *hsm ) { return; } + + // =========================== + // HSM_STORE_INFO Default Data + // =========================== + +static HSM_STORE_INFO default_slot_info = { + + /* Device Manufacturer ID */ + "Unknown", + + /* Device Description */ + "Unknown", + + /* Hardware Version */ + 1, + 0, + + /* Firmware Version */ + 1, + 0, + + /* Initialized */ + 1, + + /* Present */ + 1, + + /* Removable */ + 0, + + /* Hardware */ + 0, + + /* Token Info */ + { + /* Token Label */ + "Unknown Label", + /* ManufacturerID */ + "Unknown", + /* Model */ + "Unknown Model", + /* Serial Number */ + "0", + /* Max Sessions */ + 65535, + /* Current Sessions */ + 0, + /* Max Pin Len */ + 0, + /* Min Pin Len */ + 0, + /* Memory Pub Total */ + 0, + /* Memory Pub Free */ + 0, + /* Memory Priv Total */ + 0, + /* Memory Priv Free */ + 0, + /* HW Version Major */ + 1, + /* HW Version Minor */ + 0, + /* FW Version Major */ + 1, + /* FW Version Minor */ + 0, + /* HAS Random Number Generator (RNG) */ + 1, + /* HAS clock */ + 0, + /* Login is Required */ + 0, + /* utcTime */ + "" + } + +}; diff --git a/src/crypto/hsm/hsm_utils.c b/src/crypto/hsm/hsm_utils.c new file mode 100644 index 00000000..19918455 --- /dev/null +++ b/src/crypto/hsm/hsm_utils.c @@ -0,0 +1,275 @@ +/* HSM Object Management Functions */ + +#include + +/*! \brief Allocates a new HSM structure + * + * Allocates a new HSM structure and initialize the callbacks functions. + * The driver is the crypto driver to be used (e.g., openssl or kmf), + * while the name is the name of the HSM (e.g., LunaCA3) + */ + +const HSM * HSM_new(const char * const dir, + const char * const name ) { + + HSM * hsm = NULL; + char * url_s = NULL; + char * buff = NULL; + + PKI_CONFIG *conf = NULL; + char *type = NULL; + + if( !name ) { + /* If no name is passed, we generate a new software token */ + return CRYPTO_HSM_get_default(); + } + + if((url_s = PKI_CONFIG_find_all( dir, name, PKI_DEFAULT_HSM_DIR )) + == NULL ) { + PKI_log_debug( "Can not find config file (%s/%s)\n", dir, name); + return (NULL); + } + + if((conf = PKI_CONFIG_load( url_s )) == NULL ) { + PKI_log_debug( "Can not load config from %s", url_s ); + goto err; + } + + if((buff = PKI_Malloc ( BUFF_MAX_SIZE )) == NULL ) { + goto err; + } + + /* Let's generate the right searching string with the namespace + prefix */ + if((type = PKI_CONFIG_get_value ( conf, "/hsm/type")) == NULL ) { + /* No type in the config! */ + PKI_log_debug("ERROR, No HSM type in the config!"); + type = strdup("software"); + } + + if( strcmp_nocase(type,"software") == 0 ) { + if((hsm = HSM_OPENSSL_new( conf )) == NULL ) { + PKI_log_debug("ERROR, Can not generate software HSM object!"); + } else { + hsm->type = HSM_TYPE_SOFTWARE; + } +#ifdef HAVE_ENGINE + } else if( strcmp_nocase(type,"engine") == 0 ) { + if((hsm = HSM_ENGINE_new( conf )) == NULL ) { + PKI_log_debug("ERROR, Can not generate engine HSM object!"); + } else { + hsm->type = HSM_TYPE_ENGINE; + } +#endif + } else if( strcmp_nocase(type,"pkcs11") == 0 ) { + if((hsm = HSM_PKCS11_new( conf )) == NULL ) { + PKI_log_debug("ERROR, Can not generate engine HSM object!"); + } else { + hsm->type = HSM_TYPE_PKCS11; + } +#ifdef ENABLE_KMF + } else if( strcmp_nocase(type,"kmf") == 0 ) { + if((hsm = HSM_KMF_new( conf )) == NULL ) { + PKI_log_debug("ERROR, Can not generate kmf HSM object!\n"); + } else { + hsm->type = HSM_TYPE_KMF; + } +#endif + } else { + PKI_log_debug( "Unknown HSM type (%s)", type ); + goto err; + } + + if ( ( hsm != NULL ) && (HSM_init ( hsm ) != PKI_OK) ) { + goto err; + } + + // Let' see if we can enforce the FIPS mode (optional, therefore + // errors are not fatal if PKI_is_fips_mode return PKI_ERR) + if (PKI_is_fips_mode() == PKI_OK) + { + if (HSM_set_fips_mode(hsm, 1) == PKI_OK) + { + PKI_log_debug("HSM created in FIPS mode"); + } + else + { + PKI_log_err("Can not create HSM in FIPS mode"); + goto err; + } + } + else + { + PKI_log_debug("HSM created in non-FIPS mode"); + } + + // Free memory + if (type) PKI_Free(type); + if (conf) PKI_CONFIG_free(conf); + if (url_s) PKI_Free(url_s); + + // Returns the value + return (hsm); + +err: + + // Free used memory + if (conf) PKI_CONFIG_free(conf); + if (url_s) PKI_Free(url_s); + if (hsm) HSM_free(hsm); + if (type) PKI_Free(type); + + // Returns a NULL pointer + return NULL; +} + +void HSM_free ( HSM *hsm ) { + + if( !hsm ) return (PKI_ERR); + + if (hsm->driver && hsm->admin_callbacks && hsm->admin_callbacks->free) { + hsm->admin_callbacks->free(hsm->driver); + } + + PKI_Free(hsm); + + return; +} + +/*! \brief Returns the default HSM structure (software) + * + * The returned HSM * points to a static structure that does not need + * to be freed. + */ + +const HSM *HSM_get_default( void ) { + return HSM_OPENSSL_get_default(); +} + + +// /* -------------------------- HSM Initialization ----------------------- */ + + +// /*! +// * \brief Initializes the HSM +// */ +// int HSM_init( HSM *hsm ) { + +// if( !hsm || !hsm->callbacks ) return (PKI_ERR); + +// /* Call the init function provided by the hsm itself */ +// if( hsm->callbacks->init ) +// { +// return (hsm->callbacks->init(hsm, hsm->config )); +// } +// else +// { +// /* No init function is provided (not needed ??!?!) */ +// PKI_log_debug("hsm (%s) does not provide an init " +// "function!\n", hsm->description ); +// } + +// return(PKI_OK); +// } + +// /*! +// * \brief Initializes the HSM in FIPS mode, returns an error if FIPS +// * mode is not available for the HSM +// */ +// int HSM_init_fips (HSM *hsm) +// { +// // Let's do the normal initialization +// if (HSM_init(hsm) == PKI_ERR) return PKI_ERR; + +// // Now let's set the fips mode +// if (!HSM_set_fips_mode(hsm, 1)) return PKI_ERR; + +// return (PKI_OK); +// } + +// /* -------------------------- Access control to HSM ----------------------- */ + +// int HSM_login ( HSM *hsm, PKI_CRED *cred ) { + +// if (!hsm) return (PKI_ERR); + +// if ( hsm->callbacks->login ) { +// return ( hsm->callbacks->login(hsm, cred )); +// } else { +// /* No login required by the HSM */ +// PKI_log_debug("No login function for selected HSM"); +// } + +// return ( PKI_OK ); +// } + +// int HSM_logout ( HSM *hsm ) { + +// if (!hsm || !hsm->callbacks ) return (PKI_ERR); + +// if ( hsm->callbacks && hsm->callbacks->logout ) { +// return ( hsm->callbacks->logout( hsm )); +// } else { +// /* No login required by the HSM */ +// PKI_log_debug("No login function for selected HSM"); +// } + +// return ( PKI_OK ); +// } + + +// /* -------------------------- FIPS mode for HSM ----------------------- */ + +// int HSM_set_fips_mode(const HSM *hsm, int k) +// { +// if (!hsm) hsm = HSM_get_default(); +// if (!hsm) return PKI_ERR; + +// if (hsm->callbacks && hsm->callbacks->set_fips_mode) +// { +// return hsm->callbacks->set_fips_mode(hsm, k); +// } +// else +// { +// // If no FIPS mode is available, let's return 0 (false) +// return PKI_ERR; +// } +// } + +// int HSM_is_fips_mode(const HSM *hsm) +// { +// if (!hsm) hsm = HSM_get_default(); +// if (!hsm) return PKI_ERR; + +// if (hsm->callbacks && hsm->callbacks->is_fips_mode) +// { +// return hsm->callbacks->is_fips_mode(hsm); +// } +// else +// { +// return PKI_ERR; +// } +// } + +// /* -------------------------- General Crypto HSM ----------------------- */ + +// int HSM_set_sign_algor ( PKI_X509_ALGOR_VALUE *alg, HSM *hsm ) { + +// int ret = PKI_OK; + +// // Input Checks +// if (!alg) return PKI_ERROR(PKI_ERR_PARAM_NULL, "No algorithm passed!"); + +// // Sets the algorithm if it is an hardware token +// if (hsm && hsm->callbacks && hsm->callbacks->sign_algor) { + +// // Using the HSM callback +// PKI_log_debug("Setting the signature algorithm for selected HSM"); +// ret = hsm->callbacks->sign_algor(hsm, alg); +// } + +// // All Done +// return (ret); +// } + + diff --git a/src/crypto/hsm/openssl/Makefile.am b/src/crypto/hsm/openssl/Makefile.am new file mode 100644 index 00000000..b92d1241 --- /dev/null +++ b/src/crypto/hsm/openssl/Makefile.am @@ -0,0 +1,27 @@ +## OpenCA Makefile - by Massimiliano Pala +## (c) 1999-2009 by Massimiliano Pala and OpenCA Project +## All Rights Reserved + +TOP = ../.. +include $(TOP)/global-vars + +BASE_DEFS = + +DEFS = $(OPENCA_DEFS) + +AM_CPPFLAGS = -I$(TOP) \ + $(openssl_cflags) \ + $(libxml2_cflags) \ + $(COND_INCLUDES) + +SRCS = \ + openssl_hsm.c \ + openssl_hsm_pkey.c \ + openssl_hsm_obj.c \ + openssl_hsm_cb.c + +noinst_LTLIBRARIES = libpki-hsm-openssl.la + +libpki_hsm_openssl_la_SOURCES = $(SRCS) +libpki_hsm_openssl_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) + diff --git a/src/drivers/kmf/Makefile.in b/src/crypto/hsm/openssl/Makefile.in similarity index 80% rename from src/drivers/kmf/Makefile.in rename to src/crypto/hsm/openssl/Makefile.in index 16576eba..d5915ada 100644 --- a/src/drivers/kmf/Makefile.in +++ b/src/crypto/hsm/openssl/Makefile.in @@ -89,7 +89,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ -subdir = src/drivers/kmf +subdir = src/crypto/hsm/openssl ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ @@ -100,25 +100,25 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(SHELL) $(top_srcdir)/build/mkinstalldirs -CONFIG_HEADER = $(top_builddir)/src/libpki/config.h \ - $(top_builddir)/src/libpki/libpki_enables.h +CONFIG_HEADER = $(top_builddir)/src/libpki/libconf/defines.h \ + $(top_builddir)/src/libpki/libconf/features.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = LTLIBRARIES = $(noinst_LTLIBRARIES) -libpki_token_kmf_la_LIBADD = -am__objects_1 = libpki_token_kmf_la-kmf_hsm.lo \ - libpki_token_kmf_la-kmf_hsm_pkey.lo \ - libpki_token_kmf_la-kmf_hsm_sign.lo \ - libpki_token_kmf_la-kmf_hsm_engine.lo -am_libpki_token_kmf_la_OBJECTS = $(am__objects_1) -libpki_token_kmf_la_OBJECTS = $(am_libpki_token_kmf_la_OBJECTS) +libpki_hsm_openssl_la_LIBADD = +am__objects_1 = libpki_hsm_openssl_la-openssl_hsm.lo \ + libpki_hsm_openssl_la-openssl_hsm_pkey.lo \ + libpki_hsm_openssl_la-openssl_hsm_obj.lo \ + libpki_hsm_openssl_la-openssl_hsm_cb.lo +am_libpki_hsm_openssl_la_OBJECTS = $(am__objects_1) +libpki_hsm_openssl_la_OBJECTS = $(am_libpki_hsm_openssl_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = -libpki_token_kmf_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ +libpki_hsm_openssl_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ - $(libpki_token_kmf_la_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(libpki_hsm_openssl_la_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) @@ -132,13 +132,14 @@ AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/libpki +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/libpki/libconf depcomp = $(SHELL) $(top_srcdir)/build/depcomp am__maybe_remake_depfiles = depfiles -am__depfiles_remade = ./$(DEPDIR)/libpki_token_kmf_la-kmf_hsm.Plo \ - ./$(DEPDIR)/libpki_token_kmf_la-kmf_hsm_engine.Plo \ - ./$(DEPDIR)/libpki_token_kmf_la-kmf_hsm_pkey.Plo \ - ./$(DEPDIR)/libpki_token_kmf_la-kmf_hsm_sign.Plo +am__depfiles_remade = \ + ./$(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm.Plo \ + ./$(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_cb.Plo \ + ./$(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_obj.Plo \ + ./$(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_pkey.Plo am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -158,8 +159,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = $(libpki_token_kmf_la_SOURCES) -DIST_SOURCES = $(libpki_token_kmf_la_SOURCES) +SOURCES = $(libpki_hsm_openssl_la_SOURCES) +DIST_SOURCES = $(libpki_hsm_openssl_la_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -343,10 +344,6 @@ include_prefix = @include_prefix@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ -kmf_cflags = @kmf_cflags@ -kmf_ldadd = @kmf_ldadd@ -kmf_libflags = @kmf_libflags@ -kmf_prefix = @kmf_prefix@ ldap_cflags = @ldap_cflags@ ldap_ldadd = @ldap_ldadd@ ldap_ldflags = @ldap_ldflags@ @@ -443,16 +440,14 @@ AM_CPPFLAGS = -I$(TOP) \ $(COND_INCLUDES) SRCS = \ - kmf_hsm.c \ - kmf_hsm_pkey.c \ - kmf_hsm_sign.c \ - kmf_hsm_engine.c - - -# noinst_LTLIBRARIES = libpki-token.la -noinst_LTLIBRARIES = libpki-token-kmf.la -libpki_token_kmf_la_SOURCES = $(SRCS) -libpki_token_kmf_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) + openssl_hsm.c \ + openssl_hsm_pkey.c \ + openssl_hsm_obj.c \ + openssl_hsm_cb.c + +noinst_LTLIBRARIES = libpki-hsm-openssl.la +libpki_hsm_openssl_la_SOURCES = $(SRCS) +libpki_hsm_openssl_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) all: all-am .SUFFIXES: @@ -466,9 +461,9 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/drivers/kmf/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/crypto/hsm/openssl/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/drivers/kmf/Makefile + $(AUTOMAKE) --gnu src/crypto/hsm/openssl/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -498,8 +493,8 @@ clean-noinstLTLIBRARIES: rm -f $${locs}; \ } -libpki-token-kmf.la: $(libpki_token_kmf_la_OBJECTS) $(libpki_token_kmf_la_DEPENDENCIES) $(EXTRA_libpki_token_kmf_la_DEPENDENCIES) - $(AM_V_CCLD)$(libpki_token_kmf_la_LINK) $(libpki_token_kmf_la_OBJECTS) $(libpki_token_kmf_la_LIBADD) $(LIBS) +libpki-hsm-openssl.la: $(libpki_hsm_openssl_la_OBJECTS) $(libpki_hsm_openssl_la_DEPENDENCIES) $(EXTRA_libpki_hsm_openssl_la_DEPENDENCIES) + $(AM_V_CCLD)$(libpki_hsm_openssl_la_LINK) $(libpki_hsm_openssl_la_OBJECTS) $(libpki_hsm_openssl_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -507,10 +502,10 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_token_kmf_la-kmf_hsm.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_token_kmf_la-kmf_hsm_engine.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_token_kmf_la-kmf_hsm_pkey.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_token_kmf_la-kmf_hsm_sign.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_cb.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_obj.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_pkey.Plo@am__quote@ # am--include-marker $(am__depfiles_remade): @$(MKDIR_P) $(@D) @@ -542,33 +537,33 @@ am--depfiles: $(am__depfiles_remade) @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< -libpki_token_kmf_la-kmf_hsm.lo: kmf_hsm.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_token_kmf_la_CFLAGS) $(CFLAGS) -MT libpki_token_kmf_la-kmf_hsm.lo -MD -MP -MF $(DEPDIR)/libpki_token_kmf_la-kmf_hsm.Tpo -c -o libpki_token_kmf_la-kmf_hsm.lo `test -f 'kmf_hsm.c' || echo '$(srcdir)/'`kmf_hsm.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_token_kmf_la-kmf_hsm.Tpo $(DEPDIR)/libpki_token_kmf_la-kmf_hsm.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kmf_hsm.c' object='libpki_token_kmf_la-kmf_hsm.lo' libtool=yes @AMDEPBACKSLASH@ +libpki_hsm_openssl_la-openssl_hsm.lo: openssl_hsm.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_hsm_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_hsm_openssl_la-openssl_hsm.lo -MD -MP -MF $(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm.Tpo -c -o libpki_hsm_openssl_la-openssl_hsm.lo `test -f 'openssl_hsm.c' || echo '$(srcdir)/'`openssl_hsm.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm.Tpo $(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='openssl_hsm.c' object='libpki_hsm_openssl_la-openssl_hsm.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_token_kmf_la_CFLAGS) $(CFLAGS) -c -o libpki_token_kmf_la-kmf_hsm.lo `test -f 'kmf_hsm.c' || echo '$(srcdir)/'`kmf_hsm.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_hsm_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_hsm_openssl_la-openssl_hsm.lo `test -f 'openssl_hsm.c' || echo '$(srcdir)/'`openssl_hsm.c -libpki_token_kmf_la-kmf_hsm_pkey.lo: kmf_hsm_pkey.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_token_kmf_la_CFLAGS) $(CFLAGS) -MT libpki_token_kmf_la-kmf_hsm_pkey.lo -MD -MP -MF $(DEPDIR)/libpki_token_kmf_la-kmf_hsm_pkey.Tpo -c -o libpki_token_kmf_la-kmf_hsm_pkey.lo `test -f 'kmf_hsm_pkey.c' || echo '$(srcdir)/'`kmf_hsm_pkey.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_token_kmf_la-kmf_hsm_pkey.Tpo $(DEPDIR)/libpki_token_kmf_la-kmf_hsm_pkey.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kmf_hsm_pkey.c' object='libpki_token_kmf_la-kmf_hsm_pkey.lo' libtool=yes @AMDEPBACKSLASH@ +libpki_hsm_openssl_la-openssl_hsm_pkey.lo: openssl_hsm_pkey.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_hsm_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_hsm_openssl_la-openssl_hsm_pkey.lo -MD -MP -MF $(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_pkey.Tpo -c -o libpki_hsm_openssl_la-openssl_hsm_pkey.lo `test -f 'openssl_hsm_pkey.c' || echo '$(srcdir)/'`openssl_hsm_pkey.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_pkey.Tpo $(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_pkey.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='openssl_hsm_pkey.c' object='libpki_hsm_openssl_la-openssl_hsm_pkey.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_token_kmf_la_CFLAGS) $(CFLAGS) -c -o libpki_token_kmf_la-kmf_hsm_pkey.lo `test -f 'kmf_hsm_pkey.c' || echo '$(srcdir)/'`kmf_hsm_pkey.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_hsm_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_hsm_openssl_la-openssl_hsm_pkey.lo `test -f 'openssl_hsm_pkey.c' || echo '$(srcdir)/'`openssl_hsm_pkey.c -libpki_token_kmf_la-kmf_hsm_sign.lo: kmf_hsm_sign.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_token_kmf_la_CFLAGS) $(CFLAGS) -MT libpki_token_kmf_la-kmf_hsm_sign.lo -MD -MP -MF $(DEPDIR)/libpki_token_kmf_la-kmf_hsm_sign.Tpo -c -o libpki_token_kmf_la-kmf_hsm_sign.lo `test -f 'kmf_hsm_sign.c' || echo '$(srcdir)/'`kmf_hsm_sign.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_token_kmf_la-kmf_hsm_sign.Tpo $(DEPDIR)/libpki_token_kmf_la-kmf_hsm_sign.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kmf_hsm_sign.c' object='libpki_token_kmf_la-kmf_hsm_sign.lo' libtool=yes @AMDEPBACKSLASH@ +libpki_hsm_openssl_la-openssl_hsm_obj.lo: openssl_hsm_obj.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_hsm_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_hsm_openssl_la-openssl_hsm_obj.lo -MD -MP -MF $(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_obj.Tpo -c -o libpki_hsm_openssl_la-openssl_hsm_obj.lo `test -f 'openssl_hsm_obj.c' || echo '$(srcdir)/'`openssl_hsm_obj.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_obj.Tpo $(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_obj.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='openssl_hsm_obj.c' object='libpki_hsm_openssl_la-openssl_hsm_obj.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_token_kmf_la_CFLAGS) $(CFLAGS) -c -o libpki_token_kmf_la-kmf_hsm_sign.lo `test -f 'kmf_hsm_sign.c' || echo '$(srcdir)/'`kmf_hsm_sign.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_hsm_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_hsm_openssl_la-openssl_hsm_obj.lo `test -f 'openssl_hsm_obj.c' || echo '$(srcdir)/'`openssl_hsm_obj.c -libpki_token_kmf_la-kmf_hsm_engine.lo: kmf_hsm_engine.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_token_kmf_la_CFLAGS) $(CFLAGS) -MT libpki_token_kmf_la-kmf_hsm_engine.lo -MD -MP -MF $(DEPDIR)/libpki_token_kmf_la-kmf_hsm_engine.Tpo -c -o libpki_token_kmf_la-kmf_hsm_engine.lo `test -f 'kmf_hsm_engine.c' || echo '$(srcdir)/'`kmf_hsm_engine.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_token_kmf_la-kmf_hsm_engine.Tpo $(DEPDIR)/libpki_token_kmf_la-kmf_hsm_engine.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kmf_hsm_engine.c' object='libpki_token_kmf_la-kmf_hsm_engine.lo' libtool=yes @AMDEPBACKSLASH@ +libpki_hsm_openssl_la-openssl_hsm_cb.lo: openssl_hsm_cb.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_hsm_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_hsm_openssl_la-openssl_hsm_cb.lo -MD -MP -MF $(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_cb.Tpo -c -o libpki_hsm_openssl_la-openssl_hsm_cb.lo `test -f 'openssl_hsm_cb.c' || echo '$(srcdir)/'`openssl_hsm_cb.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_cb.Tpo $(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_cb.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='openssl_hsm_cb.c' object='libpki_hsm_openssl_la-openssl_hsm_cb.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_token_kmf_la_CFLAGS) $(CFLAGS) -c -o libpki_token_kmf_la-kmf_hsm_engine.lo `test -f 'kmf_hsm_engine.c' || echo '$(srcdir)/'`kmf_hsm_engine.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_hsm_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_hsm_openssl_la-openssl_hsm_cb.lo `test -f 'openssl_hsm_cb.c' || echo '$(srcdir)/'`openssl_hsm_cb.c mostlyclean-libtool: -rm -f *.lo @@ -700,10 +695,10 @@ clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/libpki_token_kmf_la-kmf_hsm.Plo - -rm -f ./$(DEPDIR)/libpki_token_kmf_la-kmf_hsm_engine.Plo - -rm -f ./$(DEPDIR)/libpki_token_kmf_la-kmf_hsm_pkey.Plo - -rm -f ./$(DEPDIR)/libpki_token_kmf_la-kmf_hsm_sign.Plo + -rm -f ./$(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm.Plo + -rm -f ./$(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_cb.Plo + -rm -f ./$(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_obj.Plo + -rm -f ./$(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_pkey.Plo -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -749,10 +744,10 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/libpki_token_kmf_la-kmf_hsm.Plo - -rm -f ./$(DEPDIR)/libpki_token_kmf_la-kmf_hsm_engine.Plo - -rm -f ./$(DEPDIR)/libpki_token_kmf_la-kmf_hsm_pkey.Plo - -rm -f ./$(DEPDIR)/libpki_token_kmf_la-kmf_hsm_sign.Plo + -rm -f ./$(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm.Plo + -rm -f ./$(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_cb.Plo + -rm -f ./$(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_obj.Plo + -rm -f ./$(DEPDIR)/libpki_hsm_openssl_la-openssl_hsm_pkey.Plo -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -791,18 +786,6 @@ uninstall-am: include $(TOP)/global-vars -# libpki_token_kmf_la_LIBADD = $(BUILD_LIBPKI_LDFLAGS) - -# libpki_token_a_LDFLAGS = -version-info 1:0:0 - -# $(OPENCA_INCLUDE_LIBS) \ -# $(openssl_cflags) $(openssl_libs) - -#pki_token_a_LIBADD = \ -# $(openssl_cflags) $(openssl_libs) \ -# $(libxml2_cflags) $(libxml2_libs) \ -# $(OPENCA_INCLUDE_LIBS) - # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/crypto/hsm/openssl/openssl_hsm_admin.c b/src/crypto/hsm/openssl/openssl_hsm_admin.c new file mode 100644 index 00000000..24387c53 --- /dev/null +++ b/src/crypto/hsm/openssl/openssl_hsm_admin.c @@ -0,0 +1,311 @@ +/* openssl_hsm_admin.c */ + +// Single Include +#include + +/* Structure for the OpenSSL's Software Token definition */ +HSM openssl_hsm = { + + /* Version of the token */ + 1, + + /* Description of the HSM */ + "OpenSSL Software HSM", + + /* Manufacturer */ + "OpenSSL Project", + + /* Pointer to the HSM config file and parsed structure*/ + NULL, + + /* One of PKI_HSM_TYPE value */ + HSM_TYPE_SOFTWARE, + + /* URL for the ID of the driver, this is filled at load time */ + NULL, + + /* Pointer to the driver structure */ + NULL, + + /* Pointer to internal session handler */ + NULL, + + /* Credential for the HSM - usually used for the SO */ + NULL, + + /* is Logged In ? */ + 0, + + /* is Cred Set ? */ + 0, + + /* is Login Required ? */ + 0, + + /* Callbacks Structures */ + NULL, + NULL, + NULL +}; + + // ============================== + // Admin Callbacks Implementation + // ============================== +int HSM_OPENSSL_new_driver(void **driver) { + + if (!driver) { + return (PKI_ERR); + } + + // We should get the OpenSSL's Library CTX and set it + // for the HSM driver + OSSL_LIB_CTX *libctx = NULL; + if ((libctx = OSSL_LIB_CTX_new()) == NULL) { + return PKI_ERR; + } + + *driver = (void *)libctx; + + return PKI_OK; +} + +int HSM_OPENSSL_free_driver(void *driver) { + + if (!driver) { + return (PKI_ERR); + } + + OSSL_LIB_CTX_free((OSSL_LIB_CTX *)driver); + + return PKI_OK; +} + +int HSM_OPENSSL_init(void * driver, const PKI_CONFIG *conf) { + + if (!driver) { + return (PKI_ERR); + } + +#if OPENSSL_VERSION_NUMBER >= 0x3000000fL + // Initializes the OQS Provider layer + PKI_init_providers(); +#endif + + // OpenSSL init + X509V3_add_standard_extensions(); + OpenSSL_add_all_algorithms(); + OpenSSL_add_all_digests(); + OpenSSL_add_all_ciphers(); + + // Pthread Initialization + OpenSSL_pthread_init(); + + // Initializes the SSL layer + SSL_library_init(); + + /* No need for initialization of the software driver */ + return PKI_OK; +} + +/*! + * \brief Sets the fips operation mode when the parameter is != 0, + * otherwise it sets the HSM in non-fips mode + */ +int HSM_OPENSSL_set_fips_mode(const void * driver, int k) { + +#ifdef OPENSSL_FIPS + return (FIPS_mode_set(k) == 1 ? PKI_OK : PKI_ERR); +#else + return PKI_ERR; +#endif + +} + +/*! + * \brief Returns 0 if HSM is operating in non-FIPS mode, true (!0) if FIPS + * mode is enabled. + */ +int HSM_OPENSSL_is_fips_mode(const void * driver) +{ +#ifdef OPENSSL_FIPS + return (FIPS_mode() == 0 ? PKI_ERR : PKI_OK); +#else + return PKI_ERR; +#endif + +} + + // ================================= + // OpenSSL HSM Admin Callbacks Table + // ================================= + +const HSM_ADMIN_CALLBACKS openssl_hsm_admin_cb = { + HSM_OPENSSL_new_driver, // new + HSM_OPENSSL_init, // init + HSM_OPENSSL_free_driver, // free + NULL, // login + NULL, // logout + NULL, // signature_algor + HSM_OPENSSL_set_fips_mode, // set_fips_mode + HSM_OPENSSL_is_fips_mode, // is_fips_mode +}; + + +const HSM * HSM_OPENSSL_get_default( void ) +{ + return ((const HSM *)&openssl_hsm); +} + +/* ----------------------- General Signing function -------------------- */ + +// PKI_MEM * HSM_OPENSSL_sign(PKI_MEM * der, PKI_DIGEST_ALG * digest, PKI_X509_KEYPAIR *key) { + +// EVP_MD_CTX *ctx = NULL; +// // Digest's context + +// size_t out_size = 0; +// // size_t ossl_ret = 0; + +// PKI_MEM *out_mem = NULL; +// // Output buffer + +// EVP_PKEY *pkey = NULL; +// // Signing Key Value + +// int digestResult = -1; +// int def_nid = NID_undef; +// // OpenSSL return value + +// if (!der || !der->data || !key || !key->value) +// { +// PKI_ERROR( PKI_ERR_PARAM_NULL, NULL); +// return NULL; +// } + +// // Private Key +// pkey = PKI_X509_get_value(key); +// if (!pkey) { +// PKI_ERROR(PKI_ERR_PARAM_NULL, "Cannot retrieve the internal value of the key (PKEY)."); +// return NULL; +// } + +// // Get the Maximum size of a signature +// out_size = (size_t) EVP_PKEY_size(pkey); + +// // Gets the default digest for the key +// digestResult = EVP_PKEY_get_default_digest_nid(pkey, &def_nid); + +// // PKI_DEBUG("Requested Digest for Signing is %s", digest ? PKI_ID_get_txt(EVP_MD_nid(digest)) : "NULL"); +// // PKI_DEBUG("Checking Default Digest for PKEY %d (%s) is %d (%s) (result = %d)", +// // EVP_PKEY_id(pkey), PKI_ID_get_txt(EVP_PKEY_id(pkey)), def_nid, PKI_ID_get_txt(def_nid), digestResult); + +// // Checks for error +// if (digest == NULL && digestResult <= 0) { +// PKI_DEBUG("Cannot get the default digest for signing key (type: %d)", EVP_PKEY_id(pkey)); +// return NULL; +// } + +// // If the returned value is == 2, then the returned +// // digest is mandatory and cannot be replaced +// if (digestResult == 2 && def_nid != EVP_MD_nid(digest)) { +// // // Checks if we are in a no-hash mandatory +// // if (def_nid == NID_undef && (digest != EVP_md_null() && digest != NULL)) { +// // PKI_DEBUG("PKEY requires no hash but got one (%d)", EVP_MD_nid(digest)); +// // return NULL; +// // } +// // // Checks if we are using the mandated digest +// // if ((digest != NULL && def_nid != NID_undef) || (def_nid != EVP_MD_nid(digest))) { +// // PKI_DEBUG("PKEY requires digest (%d) but got (%d)", def_nid, EVP_MD_nid(digest)); +// // return NULL; +// // } +// PKI_DEBUG("PKEY requires %s digest (mandatory) and cannot be used with %s digest (requested).", +// def_nid == NID_undef ? "NO" : PKI_ID_get_txt(def_nid), +// digest == NULL ? "NO" : PKI_ID_get_txt(EVP_MD_nid(digest))); +// return NULL; +// } + +// // Initialize the return structure +// if ((out_mem = PKI_MEM_new ((size_t)out_size)) == NULL) { +// PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); +// return NULL; +// } + +// // Creates the context +// if ((ctx = EVP_MD_CTX_create()) == NULL) { +// PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); +// goto err; +// } + +// // Initializes the Context +// EVP_MD_CTX_init(ctx); + +// // PKI_DEBUG("MD (digest) = %p (EVP_md_null = %p) (EVP_md_null() ==> %d)", +// // digest, EVP_md_null, EVP_md_null() == digest); + +// // DEBUG +// // PKI_DEBUG("MD (digest) in DigestSignInit: %d (%s)", +// // digest ? EVP_MD_nid(digest) : NID_undef, digest ? PKI_DIGEST_ALG_get_parsed(digest) : ""); + +// // Initializes the Digest and does special processing for when the +// // EVP_md_null() is used to indicate that the NO HASH was requested +// if (!EVP_DigestSignInit(ctx, NULL /* &pctx */, EVP_md_null() == digest ? NULL : digest, NULL, pkey)) { +// PKI_ERROR(PKI_ERR_SIGNATURE_CREATE, "Cannot Initialize EVP_DigestSignInit()"); +// goto err; +// } + +// if (EVP_DigestSign(ctx, out_mem->data, &out_size, der->data, der->size) <= 0) { +// PKI_ERROR(PKI_ERR_SIGNATURE_CREATE, "Cannot generate signature via EVP_DigestSign()"); +// goto err; +// } + +// // Update the size of the signature +// out_mem->size = (size_t) out_size; + +// // // Updates the Digest calculation with the TBS data +// // if (EVP_DigestSignUpdate(ctx, +// // der->data, +// // der->size) <= 0) { +// // PKI_ERROR(PKI_ERR_SIGNATURE_CREATE, "Cannot Update EVP_DigestSignUpdate()"); +// // goto err; +// // } + +// // // Finalize the MD +// // // EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE); + +// // // Finalizes the Signature calculation and saves it in the output buffer +// // if (EVP_DigestSignFinal(ctx, +// // out_mem->data, +// // &out_size) <= 0) { +// // PKI_ERROR(PKI_ERR_SIGNATURE_CREATE, "Cannot Finalize EVP_DigestSignFinal()"); +// // goto err; +// // } +// // else out_mem->size = (size_t) out_size; + +// // All Done +// goto end; + +// err: + +// // Error Condition, free the output's memory +// if (out_mem) PKI_MEM_free(out_mem); +// out_mem = NULL; + +// end: +// // Cleanup the context +// #if OPENSSL_VERSION_NUMBER <= 0x1010000f +// if (ctx) EVP_MD_CTX_cleanup(ctx); +// #else +// if (ctx) EVP_MD_CTX_reset(ctx); +// #endif + +// // Frees the CTX structure +// if (ctx) EVP_MD_CTX_destroy(ctx); + +// // Returns the result or NULL +// return out_mem; +// } + + + +/* -------------------- OPENSSL Callbacks Management Functions ------------- */ + diff --git a/src/crypto/hsm/openssl/openssl_hsm_crypto.c b/src/crypto/hsm/openssl/openssl_hsm_crypto.c new file mode 100644 index 00000000..6bbccf22 --- /dev/null +++ b/src/crypto/hsm/openssl/openssl_hsm_crypto.c @@ -0,0 +1,1261 @@ +/* openssl_hsm_crypto.c */ + +#include + +const HSM_CRYPTO_CALLBACKS c_openssl_hsm_crypto_cb = { + // ---- Error Handling Functions ---- // + HSM_OPENSSL_get_errno, // get_errno + HSM_OPENSSL_get_errdesc, // get_errdesc + // ---- Key Management Functions ---- // + NULL, // keypair_gen + NULL, // keypair_free + NULL, // keypair_get + // ---- General Crypto Functions ---- // + NULL, // sign + NULL, // verify + NULL, // encrypt + NULL, // decrypt + NULL // derive +}; + + +// PKI_RSA_KEY * _pki_rsakey_new( PKI_KEYPARAMS *kp ); +// PKI_DSA_KEY * _pki_dsakey_new( PKI_KEYPARAMS *kp ); +// #ifdef ENABLE_ECDSA +// PKI_EC_KEY * _pki_ecdsakey_new( PKI_KEYPARAMS *kp); +// #else +// void * _pki_ecdsakey_new( PKI_KEYPARAMS *kp ); +// #endif + +// int _evp_ctx_key_generation(int pkey_type, PKI_X509_KEYPAIR_VALUE ** pkey) { + +// EVP_PKEY_CTX * pctx = NULL; +// // Key generation context + +// // Input Checks +// if (!pkey) { +// PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); +// return PKI_ERR; +// } + +// if (pkey_type <= 0) { +// PKI_ERROR(PKI_ERR_PARAM_RANGE, NULL); +// return PKI_ERR; +// } + +// pctx = EVP_PKEY_CTX_new_id(pkey_type, NULL); +// if (!pctx) { +// PKI_DEBUG("Can not create context for key generation (%d)", pkey_type); +// return PKI_ERR; +// } + +// if (EVP_PKEY_keygen_init(pctx) <= 0) { +// PKI_DEBUG("Can not init ED448 context"); +// EVP_PKEY_CTX_free(pctx); +// return PKI_ERR; +// } + +// if (EVP_PKEY_keygen(pctx, pkey) <= 0) { +// PKI_DEBUG("Can not generate ED448 key"); +// EVP_PKEY_CTX_free(pctx); +// return PKI_ERR; +// } + +// EVP_PKEY_CTX_free(pctx); +// if (!*pkey) { +// PKI_DEBUG("Can not generate ED448 key"); +// return PKI_ERR; +// } + +// return PKI_OK; +// } + +// int _evp_ctx_key_generation_rsa(PKI_KEYPARAMS * const params, PKI_X509_KEYPAIR_VALUE ** pkey) { + +// EVP_PKEY_CTX * pctx = NULL; +// // Key generation context + +// // Input Checks +// if (!pkey || !params) { +// PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); +// return PKI_ERR; +// } + +// if (params->pkey_type <= 0) { +// PKI_ERROR(PKI_ERR_PARAM_RANGE, NULL); +// return PKI_ERR; +// } + +// pctx = EVP_PKEY_CTX_new_id(params->pkey_type, NULL); +// if (!pctx) { +// PKI_DEBUG("Can not create context for key generation (%d)", params->pkey_type); +// return PKI_ERR; +// } + +// // ==================== +// // Set the RSA key size +// // ==================== + +// int bits = params->rsa.bits; +// if (bits <= 0) { +// if (bits <= 0) { +// if (bits <= 0) bits = PKI_RSA_KEY_DEFAULT_SIZE; +// } +// bits = PKI_SCHEME_ID_get_bitsize(params->scheme, params->sec_bits); +// } + +// if (EVP_PKEY_keygen_init(pctx) <= 0) { +// PKI_DEBUG("Can not init ED448 context"); +// EVP_PKEY_CTX_free(pctx); +// return PKI_ERR; +// } + +// if (EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, bits) <= 0) { +// PKI_DEBUG("Can not set RSA key size (%d)", bits); +// EVP_PKEY_CTX_free(pctx); +// return PKI_ERR; +// } +// params->bits = bits; +// params->rsa.bits = bits; + +// if (EVP_PKEY_keygen(pctx, pkey) <= 0) { +// PKI_DEBUG("Can not generate ED448 key"); +// EVP_PKEY_CTX_free(pctx); +// return PKI_ERR; +// } + +// EVP_PKEY_CTX_free(pctx); +// if (!*pkey) { +// PKI_DEBUG("Can not generate ED448 key"); +// return PKI_ERR; +// } + +// return PKI_OK; +// } + +// int _pki_rand_init( void ); + +// int _pki_rand_seed( void ) { +// unsigned char seed[20]; + +// if (!RAND_bytes(seed, 20)) return 0; + +// RAND_seed(seed, sizeof seed); + +// return(1); +// } + +// PKI_RSA_KEY * _pki_rsakey_new( PKI_KEYPARAMS *kp ) { + +// PKI_RSA_KEY *rsa = NULL; + +// int bits = PKI_RSA_KEY_DEFAULT_SIZE; + +// if ( kp && kp->bits > 0 ) bits = kp->bits; + +// if ( bits < PKI_RSA_KEY_MIN_SIZE ) { +// PKI_DEBUG("WARNING: RSA Key size smaller than minimum safe size (%d vs. %d)", +// bits, PKI_RSA_KEY_DEFAULT_SIZE); +// return NULL; +// } else if ( bits < PKI_RSA_KEY_DEFAULT_SIZE ) { +// PKI_DEBUG("WARNING: RSA Key size smaller than default safe size (%d vs. %d)", +// bits, PKI_RSA_KEY_DEFAULT_SIZE); +// } + +// #if OPENSSL_VERSION_NUMBER > 0x30000000L +// EVP_PKEY_CTX * pkey_ctx = NULL; +// EVP_PKEY * pkey = NULL; + +// OSSL_LIB_CTX * ossl_libctx = PKI_init_get_ossl_library_ctx(); + +// // Tries to create the context by using the key id +// if ((pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL) { +// // Tries to create the context by using the name +// pkey_ctx = EVP_PKEY_CTX_new_from_name(ossl_libctx, "RSA", NULL); +// } +// if (!pkey_ctx) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Cannot create EVP_PKEY_CTX"); +// return NULL; +// } + +// // Initializes the key generation operation +// if (EVP_PKEY_keygen_init(pkey_ctx) < 0) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Cannot init EVP_PKEY_CTX"); +// EVP_PKEY_CTX_free(pkey_ctx); +// return NULL; +// } + +// // Sets the RSA key size (parameter) +// if (EVP_PKEY_CTX_set_rsa_keygen_bits(pkey_ctx, bits) < 0) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Cannot set RSA key size"); +// EVP_PKEY_CTX_free(pkey_ctx); +// return NULL; +// } + +// // Generates the new key +// if (!EVP_PKEY_generate(pkey_ctx, &pkey)) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Cannot generate EVP_PKEY"); +// EVP_PKEY_CTX_free(pkey_ctx); +// return NULL; +// } + +// // Extracts the RSA key +// rsa = EVP_PKEY_get1_RSA(pkey); + +// // Free allocated heap memory +// if (pkey) EVP_PKEY_free(pkey); +// if (pkey_ctx) EVP_PKEY_CTX_free(pkey_ctx); + +// if (!rsa) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Cannot extract RSA key from EVP_PKEY"); +// return NULL; +// } +// #else +// unsigned long e = RSA_F4; +// // Default exponent (65537) + +// BIGNUM *bne = NULL; +// int ossl_rc = 0; + +// if ((bne = BN_new()) != NULL) { +// if (1 != BN_set_word(bne, e)) { +// PKI_ERROR(PKI_ERR_GENERAL, NULL); +// return NULL; +// } +// } else { +// PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); +// return NULL; +// } + +// if ((rsa = RSA_new()) == NULL) { +// BN_free(bne); +// PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); +// return NULL; +// } + +// if ((ossl_rc = RSA_generate_key_ex(rsa, bits, bne, NULL)) != 1 ) { +// /* Error */ +// BN_free(bne); +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, NULL); +// return NULL; +// } + +// BN_free(bne); +// #endif + +// /* Let's return the RSA_KEY infrastructure */ +// return (rsa); +// }; + +// PKI_DSA_KEY * _pki_dsakey_new( PKI_KEYPARAMS *kp ) { + +// PKI_DSA_KEY *k = NULL; +// unsigned char seed[20]; + +// int bits = PKI_DSA_KEY_DEFAULT_SIZE; + +// if ( kp && kp->bits > 0 ) bits = kp->bits; + +// if ( bits < PKI_DSA_KEY_MIN_SIZE ) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_SIZE_SHORT, NULL); +// return NULL; +// }; + +// if (!RAND_bytes(seed, 20)) { +// /* Not enought rand ? */ +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Too low Entropy"); +// return NULL; +// } + +// if ((k = DSA_new()) == NULL) { +// // Memory Allocation Error +// PKI_ERROR(PKI_ERR_MEMORY_ALLOC, "Too low Entropy"); +// return NULL; +// } + +// if (1 != DSA_generate_parameters_ex(k, bits, seed, 20, NULL, NULL, NULL)) { +// if( k ) DSA_free( k ); +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not generated DSA params"); +// return NULL; +// } + +// return( k ); +// } + +// #ifdef ENABLE_ECDSA +// PKI_EC_KEY * _pki_ecdsakey_new( PKI_KEYPARAMS *kp ) { +// /* ECDSA is a little more complicated than the other +// schemes as it involves a group of functions. As the +// purpose of this library is to provide a very hi-level +// easy to use library, we will provide some hardwired +// parameters. +// */ +// PKI_EC_KEY *k = NULL; +// EC_builtin_curve *curves = NULL; +// EC_GROUP *group = NULL; +// size_t num_curves = 0; +// int degree = 0; + +// int bits = PKI_EC_KEY_DEFAULT_SIZE; +// int curve = PKI_EC_KEY_CURVE_DEFAULT; +// int flags = PKI_EC_KEY_ASN1_DEFAULT; + +// PKI_EC_KEY_FORM form = PKI_EC_KEY_FORM_DEFAULT; + +// /* Get the number of available ECDSA curves in OpenSSL */ +// if ((num_curves = EC_get_builtin_curves(NULL, 0)) < 1 ) { +// /* No curves available! */ +// PKI_ERROR(PKI_ERR_OBJECT_CREATE, "Builtin EC curves"); +// return NULL; +// } + +// /* Alloc the needed memory */ +// #if OPENSSL_VERSION_NUMBER < 0x1010000fL +// curves = OPENSSL_malloc((int)(sizeof(EC_builtin_curve) * num_curves)); +// #else +// curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * num_curves); +// #endif + +// /* Check for memory allocation */ +// if (curves == NULL) return NULL; + +// /* Get the builtin curves */ +// if (!EC_get_builtin_curves(curves, (size_t) num_curves)) +// { +// PKI_ERROR(PKI_ERR_OBJECT_CREATE, "Can not get builtin EC curves (%d)", num_curves); +// goto err; +// return NULL; +// } + +// /* We completely change behavior - we adopt one of the two +// * curves suggested by NIST. In particular: +// * - NID_secp384r1 +// * - NID_secp521r1 +// * For today (2008) usage, the first curve + SHA256 seems to be +// * the best approach +// */ + +// if( kp && kp->bits > 0 ) { +// bits = kp->bits; +// }; + +// if(bits < PKI_EC_KEY_MIN_SIZE ){ +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_SIZE_SHORT, "%d", bits); +// return NULL; +// }; + +// if( kp && kp->ec.curve > 0 ) { +// curve = kp->ec.curve; +// } else { +// if( bits <= 112 ) { +// bits = 112; +// curve = NID_secp112r1; +// } else if( bits <= 128 ) { +// bits = 128; +// curve = NID_secp128r1; +// } else if( bits <= 160 ) { +// bits = 160; +// curve = NID_secp160r1; +// } else if( bits <= 192 ) { +// bits = 192; +// curve = NID_X9_62_prime192v1; +// } else if( bits <= 224 ) { +// bits = 224; +// curve = NID_secp224r1; +// } else if( bits <= 256 ) { +// bits = 256; +// curve = NID_X9_62_prime256v1; +// } else if( bits <= 384 ) { +// bits = 384; +// curve = NID_secp384r1; +// } else { +// bits = 512; +// curve = NID_secp521r1; +// }; +// }; + +// /* Initialize the key */ +// if ((k = EC_KEY_new()) == NULL) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, NULL); +// goto err; +// return NULL; +// } + +// if((group = EC_GROUP_new_by_curve_name(curve)) == NULL ) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Invalid Curve - %d", curve); +// goto err; +// return NULL; +// }; + +// EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); +// EC_GROUP_set_point_conversion_form(group, form); + +// /* Assign the group to the key */ +// if (EC_KEY_set_group(k, group) == 0) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Invalid Group"); +// goto err; +// return NULL; +// } + +// /* Sets the point compression */ +// if ( kp && kp->ec.form != PKI_EC_KEY_FORM_UNKNOWN ) { +// form = kp->ec.form; +// }; +// EC_KEY_set_conv_form(k, (point_conversion_form_t)form); + +// /* Sets the type of parameters, flags > 0 ==> by OID, +// * flags == 0 ==> specifiedCurve +// */ +// if ( kp->ec.asn1flags > -1 ) { +// flags = kp->ec.asn1flags; +// }; +// EC_KEY_set_asn1_flag(k, flags); + +// /* We do not need it now, let's free the group */ +// if ( group ) EC_GROUP_free( group ); +// group = NULL; + +// if((group = (EC_GROUP *) EC_KEY_get0_group(k)) != NULL ) { +// EC_GROUP_set_asn1_flag( group, OPENSSL_EC_NAMED_CURVE ); +// }; + +// degree = EC_GROUP_get_degree(EC_KEY_get0_group(k)); + +// if( degree < bits ) { +// /* Fix the problem, let's get the right bits */ +// bits = degree; +// } + +// // // Let's cycle through all the available curves +// // // until we find one that matches (if any) +// // i = (i + 1 ) % num_curves; +// // +// // } while ( (degree < bits ) && (i != n_start) ); + +// /* Now generate the key */ +// if (!EC_KEY_generate_key(k)) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, NULL ); +// goto err; +// return NULL; +// } + +// /* Verify the Key to be ok */ +// if (!EC_KEY_check_key(k)) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Verify failed for ECDSA key" ); +// goto err; +// return NULL; +// } + +// // EC_KEY_set_enc_flags(k, EC_PKEY_NO_PARAMETERS); +// // ecKeyPnt = (struct __ec_key_st2 *) k; +// // ecKeyPnt->version = 1; + +// goto end; + +// err: +// if( curves ) free ( curves ); +// if ( group ) EC_GROUP_free( group ); + +// if( k ) { +// EC_KEY_free ( k ); +// k = NULL; +// }; + +// end: +// return ( k ); +// } + +// #else /* EVP_PKEY_EC */ + +// void * _pki_ecdsakey_new( PKI_KEYPARAMS *kp ) { +// PKI_ERROR(PKI_ERR_NOT_IMPLEMENTED, NULL); +// return ( NULL ); +// } + +// #endif + +// #if defined(ENABLE_OQS) || defined(ENABLE_OQSPROV) + +// EVP_PKEY_CTX * _pki_get_evp_pkey_ctx(PKI_KEYPARAMS *kp) { + +// EVP_PKEY_CTX *ctx = NULL; +// // Key generation context to be returned + +// // Input Checks +// if (!kp) { +// PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); +// return NULL; +// } + +// // Checks we have an algorithm Identifier +// if (!kp->oqs.algId) { +// PKI_DEBUG("Missing algorithm ID for OQS key generation"); +// return NULL; +// } + +// #ifdef ENABLE_OQS + +// const EVP_PKEY_ASN1_METHOD *ameth; +// // ASN1 Method + +// ENGINE *tmpeng = NULL; +// // Temporary Engine + +// int pkey_id = -1; +// // PKEY ID + +// // TODO: +// // ===== +// // +// // This mechanism does not seem to be working for Kyber +// // we need to update the mechanism to include Kyber and other +// // algorithms. + +// if ((ameth = EVP_PKEY_asn1_find(&tmpeng, kp->oqs.algId)) != NULL) { +// ERR_clear_error(); +// EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); + +// PKI_DEBUG("Ameth = %d, AlgId = %d", pkey_id, kp->oqs.algId); + +// } else { + +// PKI_log_debug("Missing ASN1 Method for algorithm '%s', using the KeyId (%d).", +// PKI_ALGOR_ID_txt(kp->oqs.algId), kp->oqs.algId); +// pkey_id = kp->oqs.algId; + +// } + +// // Generates the new context +// if ((ctx = EVP_PKEY_CTX_new_id(pkey_id, NULL)) == NULL) goto err; + +// #else +// OSSL_LIB_CTX * libctx = PKI_init_get_ossl_library_ctx(); +// // OpenSSL Library Context + +// // Gets the name of the algorithm +// const char * sigalg_name = PKI_ID_get_txt(kp->oqs.algId); +// if (!sigalg_name) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Cannot get algorithm name"); +// goto err; +// } + +// // Generates the new context +// ctx = EVP_PKEY_CTX_new_from_name(libctx, sigalg_name, NULL); +// if (!ctx) { +// PKI_DEBUG("Cannot create the pkey context for algorithm '%s'", sigalg_name); +// goto err; +// } + +// #endif + +// // Let's set the operation (check EVP_PKEY_CTX_ctrl function -pmeth_lib.c:432) +// // Use the EVP interface to initialize the operation (crypto/evp/pmeth_gn.c:69) +// if (EVP_PKEY_keygen_init(ctx) <= 0) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Cannot Initialize Key Generation"); +// goto err; +// } + +// #ifdef ENABLE_COMPOSITE + +// // CTX operations for Composite Crypto +// // +// // EVP_PKEY_CTRL_COMPOSITE_PUSH +// // EVP_PKEY_CTRL_COMPOSITE_POP +// // EVP_PKEY_CTRL_COMPOSITE_ADD +// // EVP_PKEY_CTRL_COMPOSITE_DEL +// // EVP_PKEY_CTRL_COMPOSITE_CLEAR + +// #ifdef ENABLE_COMBINED +// if ((kp->scheme == PKI_SCHEME_COMPOSITE || +// kp->scheme == PKI_SCHEME_COMBINED) +// && kp->comp.k_stack != NULL) { +// #else +// if (kp->scheme == PKI_SCHEME_COMPOSITE +// && kp->comp.k_stack != NULL) { +// #endif +// for (int i = 0; i < PKI_STACK_X509_KEYPAIR_elements(kp->comp.k_stack); i++) { + +// PKI_X509_KEYPAIR * tmp_key = NULL; + +// // Let's get the i-th PKI_X509_KEYPAIR +// tmp_key = PKI_STACK_X509_KEYPAIR_get_num(kp->comp.k_stack, i); +// // Now we can use the CRTL interface to pass the new keys +// if (EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_KEYGEN, +// EVP_PKEY_CTRL_COMPOSITE_PUSH, 0, tmp_key->value) <= 0) { +// PKI_log_debug("Cannot add key via the CTRL interface"); +// goto err; +// } +// } +// } +// #endif + +// return ctx; + +// err: + +// PKI_log_debug("Error initializing context for [scheme: %d, algId: %d]\n", +// kp->scheme, kp->oqs.algId); + +// if (ctx) EVP_PKEY_CTX_free(ctx); +// return NULL; +// } + +// #endif + +// #ifdef ENABLE_COMPOSITE +// PKI_COMPOSITE_KEY * _pki_composite_new( PKI_KEYPARAMS *kp ) { + +// PKI_COMPOSITE_KEY *k = NULL; +// const char * scheme_name = PKI_SCHEME_ID_get_parsed(kp->scheme); +// if (!scheme_name) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Unknown Scheme"); +// return NULL; +// } + +// if ((k = COMPOSITE_KEY_new()) == NULL) { +// // Memory Allocation Error +// PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); +// return NULL; +// } + +// int pkey_type = kp->pkey_type; // PKI_ID_get_by_name(PKI_SCHEME_ID_get_parsed(kp->scheme)); +// if (pkey_type <= 0) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Unknown Algorithm"); +// COMPOSITE_KEY_free(k); +// return NULL; +// } + +// // Let's set the algorithm +// k->algorithm = pkey_type; + +// PKI_DEBUG("Creating a Composite Key"); +// PKI_DEBUG("Scheme: %d (%s)", kp->scheme, PKI_SCHEME_ID_get_parsed(kp->scheme)); +// PKI_DEBUG("Pkey Type: %d (%s)", pkey_type, OBJ_nid2sn(pkey_type)); + +// // if (PKI_SCHEME_ID_is_explicit_composite(kp->scheme)) { +// // PKI_DEBUG("Explicit Composite Key"); +// // k->algorithm = pkey_type; +// // } else if (PKI_SCHEME_ID_is_composite(kp->scheme)) { +// // PKI_DEBUG("Gemeric Composite Key"); +// // k->algorithm = pkey_type; +// // } else if (PKI_SCHEME_ID_is_post_quantum(kp->scheme)) { +// // PKI_DEBUG("Unknown Composite Key"); +// // k->algorithm = kp->oqs.algId; +// // } + +// if (kp->comp.k_stack != NULL) { + +// // // Clears current components (if any) +// // if (k->components) COMPOSITE_KEY_clear(k); + +// // // Transfers the ownership of the stack to the composite key +// // k->components = kp->comp.k_stack; + +// // // Let's replace the stack in the keyparams with a new one +// // if ((kp->comp.k_stack = PKI_STACK_X509_KEYPAIR_new()) == NULL) { +// // PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); +// // } + +// for (int i = 0; i < PKI_STACK_X509_KEYPAIR_elements(kp->comp.k_stack); i++) { + +// PKI_X509_KEYPAIR * tmp_key = NULL; +// PKI_X509_KEYPAIR_VALUE * tmp_val = NULL; + +// // Let's get the i-th PKI_X509_KEYPAIR +// tmp_key = PKI_STACK_X509_KEYPAIR_get_num(kp->comp.k_stack, i); +// if (!tmp_key) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Cannot get key from stack"); +// COMPOSITE_KEY_free(k); +// return NULL; +// } + +// // Let's get the internal value +// PKI_X509_detach(tmp_key, (void **)&tmp_val, NULL, NULL); +// if (!tmp_val) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Cannot get key value"); +// COMPOSITE_KEY_free(k); +// return NULL; +// } +// tmp_key->value = NULL; + +// // // Free the memory associated with the PKI_X509_KEYPAIR +// // PKI_X509_KEYPAIR_free(tmp_key); +// tmp_key = NULL; + +// // Pushes the Key onto the stack +// // COMPOSITE_KEY_push(k, tmp_key->value); +// if (PKI_ERR == COMPOSITE_KEY_push(k, tmp_val)) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Cannot push key onto stack"); +// COMPOSITE_KEY_free(k); +// return NULL; +// } + +// // // Now we can use the CRTL interface to pass the new keys +// // if (EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_KEYGEN, +// // EVP_PKEY_CTRL_COMPOSITE_PUSH, 0, tmp_key->value) <= 0) { +// // PKI_log_debug("Cannot add key via the CTRL interface"); +// // goto err; +// // } +// } +// } + +// // kp->comp.k_stack = NULL; + +// // Adds the Parameter (k-of-n) to the key +// if (kp->comp.k_of_n != NULL) { +// if (k->params) ASN1_INTEGER_free(k->params); +// k->params = ASN1_INTEGER_dup(kp->comp.k_of_n); +// } + +// // All Done. +// return k; +// } +// #endif + +// int HSM_OPENSSL_keygen(void ** hsm_key, +// const CRYPTO_KEYPARAMS * params, +// const char * label, +// void * hsm_driver) { + +// return PKI_ERR_NOT_IMPLEMENTED +// } + +// int HSM_OPENSSL_keyfree(void * hsm_key, void * hsm_driver) { + +// return PKI_ERR_NOT_IMPLEMENTED; +// } + +// PKI_X509_KEYPAIR *HSM_OPENSSL_X509_KEYPAIR_new(PKI_KEYPARAMS * kp, +// URL * url, +// PKI_CRED * cred, +// HSM * driver ) { + +// PKI_X509_KEYPAIR *ret = NULL; +// PKI_X509_KEYPAIR_VALUE * value = NULL; +// // PKI_RSA_KEY *rsa = NULL; +// PKI_DSA_KEY *dsa = NULL; + +// #ifdef ENABLE_ECDSA +// PKI_EC_KEY *ec = NULL; +// #endif + +// #if defined(ENABLE_OQS) || defined(ENABLE_OQSPROV) +// EVP_PKEY_CTX * ctx = NULL; +// #endif + +// #ifdef ENABLE_COMPOSITE +// COMPOSITE_KEY * composite = NULL; +// #endif + +// #ifdef ENABLE_COMBINED +// EVP_PKEY_COMBINED * combined = NULL; +// #endif + +// PKI_SCHEME_ID type = PKI_SCHEME_DEFAULT; + +// if (!kp) { +// PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); +// return NULL; +// } + +// if ( kp && kp->scheme != PKI_SCHEME_UNKNOWN ) type = kp->scheme; + +// // if ((ret = PKI_X509_new(PKI_DATATYPE_X509_KEYPAIR, driver)) == NULL) { +// // PKI_ERROR(PKI_ERR_OBJECT_CREATE, "KeyPair"); +// // return NULL; +// // } + +// // if((ret->value = (PKI_X509_KEYPAIR_VALUE *) EVP_PKEY_new()) == NULL ) { +// // PKI_ERROR(PKI_ERR_OBJECT_CREATE, "KeyPair Value"); +// // return NULL; +// // } + +// if( _pki_rand_seed() == 0 ) { +// /* Probably low level of randomization available */ +// PKI_log_debug("WARNING, low rand available!"); +// } + +// switch (type) { + +// #ifdef ENABLE_ED448 +// case PKI_SCHEME_ED448: { +// int success = _evp_ctx_key_generation(PKI_ALGOR_ID_ED448, &value); +// if (!success) { +// PKI_DEBUG("Cannot generate the ED448 key"); +// goto err; +// } +// } break; +// #endif + +// #ifdef ENABLE_X448 +// case PKI_SCHEME_X448: { +// int success = _evp_ctx_key_generation(PKI_ALGOR_ID_X448, &value); +// if (!success) { +// PKI_DEBUG("Cannot generate the X448 key"); +// goto err; +// } +// } break; +// #endif + +// #ifdef ENABLE_ED25519 +// case PKI_SCHEME_ED25519: { +// int success = _evp_ctx_key_generation(PKI_ALGOR_ID_ED25519, &value); +// if (!success) { +// PKI_DEBUG("Cannot generate the ED448 key"); +// goto err; +// } +// } break; +// #endif + +// #ifdef ENABLE_X25519 +// case PKI_SCHEME_X25519: { +// int success = _evp_ctx_key_generation(PKI_ALGOR_ID_X25519, &value); +// if (!success) { +// PKI_DEBUG("Cannot generate the ED448 key"); +// goto err; +// } +// } break; +// #endif + +// case PKI_SCHEME_RSAPSS: +// case PKI_SCHEME_RSA: { +// // if ((rsa = _pki_rsakey_new( kp )) == NULL ) { +// // PKI_DEBUG("Cannot generate the RSA key"); +// // goto err; +// // } +// // if (!EVP_PKEY_assign_RSA((EVP_PKEY *) value, rsa)) { +// // PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not assign RSA key"); +// // if( rsa ) RSA_free( rsa ); +// // goto err; +// // } +// int success = _evp_ctx_key_generation_rsa(kp, &value); +// if (!success) { +// PKI_DEBUG("Cannot generate the RSA key"); +// goto err; +// } +// } break; + +// case PKI_SCHEME_DSA: { +// if ((dsa = _pki_dsakey_new( kp )) == NULL ) { +// PKI_DEBUG("Cannot generate the DSA key"); +// goto err; +// } +// if (!DSA_generate_key( dsa )) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, NULL); +// goto err; +// } +// if ((value = (PKI_X509_KEYPAIR_VALUE *) EVP_PKEY_new()) == NULL ) { +// PKI_ERROR(PKI_ERR_OBJECT_CREATE, "KeyPair Value"); +// return NULL; +// } +// if (!EVP_PKEY_assign_DSA(value, dsa)) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not assign DSA key"); +// if( dsa ) DSA_free ( dsa ); +// goto err; +// } +// dsa=NULL; +// } break; + +// #ifdef ENABLE_ECDSA + +// case PKI_SCHEME_ECDSA: { +// if ((ec = _pki_ecdsakey_new( kp )) == NULL ) { +// PKI_DEBUG("Cannot generate the ECDSA key"); +// goto err; +// } +// if ((value = (PKI_X509_KEYPAIR_VALUE *) EVP_PKEY_new()) == NULL ) { +// PKI_ERROR(PKI_ERR_OBJECT_CREATE, "KeyPair Value"); +// return NULL; +// } +// if (!EVP_PKEY_assign_EC_KEY(value, ec)){ +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not assign ECDSA key"); +// if( ec ) EC_KEY_free ( ec ); +// goto err; +// } +// } break; + +// #ifdef ENABLE_COMPOSITE + +// // Generic Composite +// case PKI_SCHEME_COMPOSITE: +// // Explicit Composite +// case PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM3_RSA: +// case PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM3_P256: +// case PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM3_BRAINPOOL256: +// case PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM3_ED25519: +// case PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM5_P384: +// case PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM5_BRAINPOOL384: +// case PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM5_ED448: +// case PKI_SCHEME_COMPOSITE_EXPLICIT_FALCON512_P256: +// case PKI_SCHEME_COMPOSITE_EXPLICIT_FALCON512_BRAINPOOL256: +// case PKI_SCHEME_COMPOSITE_EXPLICIT_FALCON512_ED25519: +// case PKI_SCHEME_COMPOSITE_EXPLICIT_FALCON512_RSA: +// case PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM5_FALCON1024_P521: +// case PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM5_FALCON1024_RSA: { + +// if ((composite = _pki_composite_new(kp)) == NULL) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not initiate keypair generation"); +// goto err; +// } +// if ((value = (PKI_X509_KEYPAIR_VALUE *) EVP_PKEY_new()) == NULL ) { +// PKI_ERROR(PKI_ERR_OBJECT_CREATE, "KeyPair Value"); +// return NULL; +// } +// if (!EVP_PKEY_assign_COMPOSITE(value, composite)) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not assign COMPOSITE key"); +// if (composite) COMPOSITE_KEY_free(composite); +// goto err; +// } +// } break; +// #endif + +// #ifdef ENABLE_COMBINED +// case PKI_SCHEME_COMBINED: +// if ((combined = _pki_combined_new(kp)) == NULL) { +// if (ret) HSM_OPENSSL_X509_KEYPAIR_free(ret); +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not initiate keypair generation"); +// return NULL; +// }; +// if ((value = (PKI_X509_KEYPAIR_VALUE *) EVP_PKEY_new()) == NULL ) { +// PKI_ERROR(PKI_ERR_OBJECT_CREATE, "KeyPair Value"); +// return NULL; +// } +// if (!EVP_PKEY_assign_COMBINED(value, combined)) { +// if (ret) HSM_OPENSSL_X509_KEYPAIR_free(ret); +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not assign COMBINED key"); +// if (combined) COMBINED_KEY_free(combined); +// return NULL; +// } +// combined=NULL; +// break; +// #endif + +// #endif // ENABLE_ECDSA + +// default: + +// #if defined(ENABLE_OQS) || defined(ENABLE_OQSPROV) +// if ((ctx = _pki_get_evp_pkey_ctx(kp)) == NULL) { +// PKI_DEBUG("Cannot generate the PQC key"); +// goto err; +// } +// if (EVP_PKEY_keygen(ctx, &value) <= 0) { +// if (ctx) EVP_PKEY_CTX_free(ctx); +// goto err; +// } +// EVP_PKEY_CTX_free(ctx); +// ctx = NULL; + +// #else +// /* No recognized scheme */ +// PKI_ERROR(PKI_ERR_HSM_SCHEME_UNSUPPORTED, "%d", type ); +// goto err; + +// #endif // ENABLE_OQS || ENABLE_OQSPROV + +// } + +// // Checks that a Key was generated +// if (!value) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not generate keypair"); +// goto err; +// } + +// // Allocates the PKI_X509_KEYPAIR structure +// if ((ret = PKI_X509_new(PKI_DATATYPE_X509_KEYPAIR, driver)) == NULL) { +// PKI_ERROR(PKI_ERR_OBJECT_CREATE, "KeyPair"); +// return NULL; +// } + +// /* Sets the value in the PKI_X509_KEYPAIR structure */ +// if (PKI_ERR == PKI_X509_attach(ret, PKI_DATATYPE_X509_KEYPAIR, value, driver)) { +// PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not attach keypair"); +// goto err; +// } + +// // Sets the requirement for the digest in the key +// if (PKI_SCHEME_ID_requires_digest(type)) { +// ret->signature_digest_required = 1; +// } + +// /* Let's return the PKEY infrastructure */ +// return ret; + +// err: + +// // Memory Cleanup +// if (value) EVP_PKEY_free(value); +// if (ret) PKI_X509_KEYPAIR_free(ret); + +// #if defined(ENABLE_OQS) || defined(ENABLE_OQSPROV) +// if (ctx) EVP_PKEY_CTX_free(ctx); +// #endif // ENABLE_OQS || ENABLE_OQSPROV + +// // Error +// return NULL; +// } + +// /* Key Free function */ +// void HSM_OPENSSL_X509_KEYPAIR_free ( PKI_X509_KEYPAIR *pkey ) { + +// if( !pkey) return; + +// PKI_X509_free ( pkey ); + +// return; +// } + +// // OpenSSL Fix +// // When writing PEM formatted Keys the wrong version "0" is +// // used by the default EVP_PKEY_ write functions for EC keys, +// // we have to provide our own function until OpenSSL solve +// // this issue + +// int OPENSSL_HSM_write_bio_PrivateKey (BIO * bp, +// EVP_PKEY * x, +// const EVP_CIPHER * enc, +// unsigned char * out_buffer, +// int klen, +// pem_password_cb * cb, +// void * u) { + +// int ret = PKI_ERR; +// // Return value + +// // Input Check +// if (!x || !bp) return PKI_ERR; + +// #if OPENSSL_VERSION_NUMBER >= 0x30000000L +// // Let's get the scheme of the key +// PKI_SCHEME_ID pkey_scheme = PKI_X509_KEYPAIR_VALUE_get_scheme(x); +// if (!pkey_scheme) { +// PKI_DEBUG("ERROR, can not get the scheme of key (key id: %d)", +// PKI_X509_KEYPAIR_VALUE_get_id(x)); +// return PKI_ERR; +// } +// // Let's get the type of the key +// int pkey_type = PKI_ID_UNKNOWN; +// switch (pkey_scheme) { + +// #ifdef ENABLE_ECDSA + +// // EC +// case PKI_SCHEME_ED25519: { +// pkey_type = EVP_PKEY_ED25519; +// } break; + +// case PKI_SCHEME_X25519: { +// pkey_type = EVP_PKEY_X25519; +// } break; + +// case PKI_SCHEME_ED448: { +// pkey_type = EVP_PKEY_ED448; +// } break; + +// case PKI_SCHEME_X448: { +// pkey_type = EVP_PKEY_X448; +// } break; + +// case PKI_SCHEME_ECDSA: { +// pkey_type = EVP_PKEY_EC; +// } break; + +// #endif // End of ENABLE_ECDSA + +// default: { +// // Nothing to do here +// pkey_type = PKI_X509_KEYPAIR_VALUE_get_id(x); +// } break; +// } +// #else // OpenSSL 1.1.1 +// // Let's get the type of key +// int pkey_type = EVP_PKEY_type(PKI_X509_KEYPAIR_VALUE_get_id(x)); +// #endif // End of OPENSSL_VERSION_NUMBER >= 0x30000000L + + +// // Different functions depending on the Key type +// switch(pkey_type) +// { + +// #ifdef ENABLE_ECDSA +// case EVP_PKEY_EC: { +// # if OPENSSL_VERSION_NUMBER >= 0x30000000L +// ret = PEM_write_bio_ECPrivateKey(bp, +// EVP_PKEY_get0_EC_KEY(x), enc, (unsigned char *) out_buffer, klen, cb, u); +// # elif OPENSSL_VERSION_NUMBER < 0x1010000fL +// ret = PEM_write_bio_ECPrivateKey(bp, +// x->pkey.ec, enc, (unsigned char *) out_buffer, klen, cb, u); +// # else +// ret = PEM_write_bio_ECPrivateKey(bp, +// EVP_PKEY_get0_EC_KEY(x), enc, (unsigned char *) out_buffer, klen, cb, u); +// # endif +// if (!ret) { +// PKI_DEBUG("Internal Error while encoding EC Key (PEM)."); +// return PKI_ERR; +// } +// } break; +// #endif + +// default: { +// if ((ret = PEM_write_bio_PKCS8PrivateKey(bp, x, enc, +// (char *) out_buffer, klen, cb, u)) != 1) { +// // Debug Info +// PKI_DEBUG("Key Type NOT supported (%d)", pkey_type); +// // Error Condition +// return PKI_ERR; +// } +// } +// } + +// // All Done +// return ret; +// } + +// // OpenSSL Fix +// // +// // Strangely enough OpenSSL does not provide an EVP_PKEY_dup() +// // function, we supply it + +// EVP_PKEY *OPENSSL_HSM_KEYPAIR_dup(EVP_PKEY *kVal) +// { +// EVP_PKEY *ret = NULL; + +// #if OPENSSL_VERSION_NUMBER >= 0x30000000L + +// ret = EVP_PKEY_dup(kVal); + +// #else + +// int pkey_type = PKI_X509_KEYPAIR_VALUE_get_id(kVal); +// if(!kVal) return NULL; + +// if ((ret = EVP_PKEY_new()) == NULL) return NULL; + +// if (!EVP_PKEY_copy_parameters(ret, kVal)) return NULL; + +// switch (pkey_type) +// { + +// case EVP_PKEY_RSA: { +// RSA *rsa = NULL; +// // #if OPENSSL_VERSION_NUMBER >= 0x30000000L +// // if (((rsa = EVP_PKEY_get1_RSA(kVal)) == NULL) || +// #if OPENSSL_VERSION_NUMBER >= 0x1010000fL +// if (((rsa = EVP_PKEY_get0_RSA(kVal)) == NULL) || +// #else +// if (((rsa = (RSA *)EVP_PKEY_get0(kVal)) == NULL) || +// #endif +// (!EVP_PKEY_set1_RSA(ret, rsa))) { +// PKI_DEBUG("ERROR, can not duplicate the RSA key"); +// return NULL; +// } +// } break; + +// case EVP_PKEY_DH: { +// DH *dh = NULL; +// // #if OPENSSL_VERSION_NUMBER >= 0x30000000L +// // if ( ((dh = EVP_PKEY_get1_DH(kVal)) == NULL) || +// #if OPENSSL_VERSION_NUMBER >= 0x1010000fL +// if ( ((dh = EVP_PKEY_get0_DH(kVal)) == NULL) || +// #else +// if ( ((dh = (DH *)EVP_PKEY_get0(kVal)) == NULL) || +// #endif +// (!EVP_PKEY_set1_DH(ret, dh))) { +// PKI_DEBUG("ERROR, can not duplicate the DH key"); +// return NULL; +// } +// } break; + +// #ifdef ENABLE_ECDSA +// case EVP_PKEY_EC: { +// EC_KEY * ec = NULL; +// // #if OPENSSL_VERSION_NUMBER >= 0x30000000L +// // if (((ec = EVP_PKEY_get1_EC_KEY(kVal)) == NULL) || +// #if OPENSSL_VERSION_NUMBER >= 0x1010000fL +// if (((ec = EVP_PKEY_get0_EC_KEY(kVal)) == NULL) || +// #else +// if (((ec = (EC_KEY *)EVP_PKEY_get0(kVal)) == NULL) || +// #endif +// (!EVP_PKEY_set1_EC_KEY(ret, ec))) { +// PKI_DEBUG("ERROR, can not duplicate the ECDSA key"); +// return NULL; +// } +// } break; +// #endif + +// #ifdef ENABLE_DSA +// case EVP_PKEY_DSA: { +// DSA *dsa = NULL; +// // #if OPENSSL_VERSION_NUMBER >= 0x30000000L +// // if ( ((dsa = EVP_PKEY_get1_DSA(kVal)) == NULL) || +// #if OPENSSL_VERSION_NUMBER >= 0x1010000fL +// if ( ((dsa = EVP_PKEY_get0_DSA(kVal)) == NULL) || +// #else +// if ( ((dsa = (DSA *)EVP_PKEY_get0(kVal)) == NULL) || +// #endif +// (!EVP_PKEY_set1_DSA(ret, dsa))) { +// PKI_DEBUG("ERROR, can not duplicate the DSA key"); +// return NULL; +// } +// } break; +// #endif + +// default: { +// PKI_MEM * mem = PKI_X509_KEYPAIR_VALUE_get_p8(kVal); +// if (!mem) { +// PKI_DEBUG("ERROR, can not serialize the key to PKCS8 format."); +// return NULL; +// } + +// // Free the memory associated with the PKI_X509_KEYPAIR +// if (ret) EVP_PKEY_free(ret); + +// // Let's create a new PKI_X509_KEYPAIR from the PKCS8 data +// ret = PKI_X509_KEYPAIR_VALUE_new_p8(mem); +// if (!ret) { +// PKI_DEBUG("ERROR, can not deserialize the key from PKCS8 format."); +// return NULL; +// } + +// // Returns the newly allocated key +// return ret; + +// } break; +// } + +// // Update the reference for the PKEY +// if (!EVP_PKEY_up_ref(kVal)) { +// PKI_ERROR(PKI_ERR_MEMORY_ALLOC, "Cannot update PKEY references"); +// return NULL; +// } +// #endif + + +// // All Done +// return ret; +// }; + +unsigned long HSM_OPENSSL_get_errno ( void ) +{ + unsigned long ret = 0; + + ret = ERR_get_error(); + + return ret; +} + +char * HSM_OPENSSL_get_errdesc ( unsigned long err, char *str, size_t size ) +{ + char * ret = NULL; + + if (err == 0) err = ERR_get_error(); + + if (str && size > 0) + { + ERR_error_string_n ( err, str, size ); + ret = str; + } + else ret = ERR_error_string(err, NULL); + + return ret; +} \ No newline at end of file diff --git a/src/crypto/hsm/openssl/openssl_hsm_store.c b/src/crypto/hsm/openssl/openssl_hsm_store.c new file mode 100644 index 00000000..5708c2bb --- /dev/null +++ b/src/crypto/hsm/openssl/openssl_hsm_store.c @@ -0,0 +1,141 @@ +/* openssl/pki_pkey.c */ + +#include + +const HSM_STORE_CALLBACKS c_openssl_hsm_store_cb = { + NULL, // store_num + HSM_OPENSSL_STORE_INFO_get, // store_info_get + free, // store_info_free + NULL, // select_slot + NULL, // clear_slot + NULL, // get_objects + NULL, // add_objects + NULL, // del_objects + NULL, // key_wrap + NULL // key_unwrap +}; + +HSM_STORE_INFO openssl_slot_info = { + + /* Device Manufacturer ID */ + "OpenSSL", + + /* Device Description */ + "Software interface", + + /* Hardware Version */ + 1, + 0, + + /* Firmware Version */ + 1, + 0, + + /* Initialized */ + 1, + + /* Present */ + 1, + + /* Removable */ + 0, + + /* Hardware */ + 0, + + /* Token Info */ + { + /* Token Label */ + "Unknown Label\x0 ", + /* ManufacturerID */ + "Unknown\x0 ", + /* Model */ + "Unknown\x0 ", + /* Serial Number */ + "0\x0 ", + /* Max Sessions */ + 65535, + /* Current Sessions */ + 0, + /* Max Pin Len */ + 0, + /* Min Pin Len */ + 0, + /* Memory Pub Total */ + 0, + /* Memory Pub Free */ + 0, + /* Memory Priv Total */ + 0, + /* Memory Priv Free */ + 0, + /* HW Version Major */ + 1, + /* HW Version Minor */ + 0, + /* FW Version Major */ + 1, + /* FW Version Minor */ + 0, + /* HAS Random Number Generator (RNG) */ + 1, + /* HAS clock */ + 0, + /* Login is Required */ + 0, + /* utcTime */ + "" + } +}; + +/* ---------------------- OPENSSL Slot Management Functions ---------------- */ + +HSM_STORE_INFO * HSM_OPENSSL_STORE_INFO_get (unsigned long num, HSM *hsm) { + + HSM_STORE_INFO *ret = NULL; + + ret = (HSM_STORE_INFO *) PKI_Malloc ( sizeof (HSM_STORE_INFO)); + memcpy( ret, &openssl_slot_info, sizeof( HSM_STORE_INFO )); + + return (ret); +} + +// typedef struct hsm_store_cb_st { + +// /* ----------------- Store Management functions ----------------- */ + +// /* Get the number of available Slots */ +// unsigned long (*store_num)(struct hsm_st *); + +// /* Get Slot info */ +// HSM_STORE_INFO * (*store_info_get)(unsigned long, struct hsm_st *); + +// /* Free memory associated with an HSM_STORE_INFO structure */ +// void (*store_info_free) (HSM_STORE_INFO *, struct hsm_st *); + +// /* Set the current slot */ +// int (*select_slot)(unsigned long, PKI_CRED *cred, struct hsm_st *); + +// /* Clear the current slot from any object present */ +// int (*clear_slot)(unsigned long, PKI_CRED *cred, struct hsm_st *); + +// /* -------------- Object Management functions -------------------- */ + +// int (*get_objects)(PKI_STACK ** sk, PKI_TYPE type, byte * label, PKI_TYPE format, +// void *driver); + +// int (*add_objects)(const PKI_STACK * sk, PKI_TYPE type, byte * label, PKI_TYPE format, +// void *driver); + +// int (*del_objects)(PKI_TYPE type, byte * label, void *driver); + +// /* Key Wrapping function */ +// int (*key_wrap)(byte ** out, size_t *out_len, const char * label, size_t label_sz, char * wrappingkey_label, size_t wrappingkey_label_sz, void * driver); + +// /* Key Unwrapping function */ +// int (*key_unwrap)(CRYPTO_KEYPAIR ** key, const byte * data, size_t data_sz, const byte * label, size_t label_size, +// const char * wrappingkey_label, size_t wrappingkey_label_sz, void * driver); + +// } HSM_STORE_CALLBACKS; + + diff --git a/src/drivers/pkcs11/Makefile.am b/src/crypto/hsm/pkcs11/Makefile.am similarity index 100% rename from src/drivers/pkcs11/Makefile.am rename to src/crypto/hsm/pkcs11/Makefile.am diff --git a/src/drivers/pkcs11/Makefile.in b/src/crypto/hsm/pkcs11/Makefile.in similarity index 100% rename from src/drivers/pkcs11/Makefile.in rename to src/crypto/hsm/pkcs11/Makefile.in diff --git a/src/drivers/pkcs11/pkcs11_hsm.c b/src/crypto/hsm/pkcs11/pkcs11_hsm.c similarity index 100% rename from src/drivers/pkcs11/pkcs11_hsm.c rename to src/crypto/hsm/pkcs11/pkcs11_hsm.c diff --git a/src/drivers/pkcs11/pkcs11_hsm_obj.c b/src/crypto/hsm/pkcs11/pkcs11_hsm_obj.c similarity index 100% rename from src/drivers/pkcs11/pkcs11_hsm_obj.c rename to src/crypto/hsm/pkcs11/pkcs11_hsm_obj.c diff --git a/src/drivers/pkcs11/pkcs11_hsm_pkey.c b/src/crypto/hsm/pkcs11/pkcs11_hsm_pkey.c similarity index 100% rename from src/drivers/pkcs11/pkcs11_hsm_pkey.c rename to src/crypto/hsm/pkcs11/pkcs11_hsm_pkey.c diff --git a/src/drivers/pkcs11/utils/pkcs11_init.c b/src/crypto/hsm/pkcs11/utils/pkcs11_init.c similarity index 100% rename from src/drivers/pkcs11/utils/pkcs11_init.c rename to src/crypto/hsm/pkcs11/utils/pkcs11_init.c diff --git a/src/crypto/hsm/wolfssl/Makefile.am b/src/crypto/hsm/wolfssl/Makefile.am new file mode 100644 index 00000000..20a70c19 --- /dev/null +++ b/src/crypto/hsm/wolfssl/Makefile.am @@ -0,0 +1,27 @@ +## OpenCA Makefile - by Massimiliano Pala +## (c) 1999-2009 by Massimiliano Pala and OpenCA Project +## All Rights Reserved + +TOP = ../.. +include $(TOP)/global-vars + +BASE_DEFS = + +DEFS = $(OPENCA_DEFS) + +AM_CPPFLAGS = -I$(TOP) \ + $(wolfssl_cflags) \ + $(libxml2_cflags) \ + $(COND_INCLUDES) + +SRCS = \ + wolfssl_hsm.c \ + wolfssl_hsm_pkey.c \ + wolfssl_hsm_obj.c \ + wolfssl_hsm_cb.c + +noinst_LTLIBRARIES = libpki-token-openssl.la + +libpki_token_wolfssl_la_SOURCES = $(SRCS) +libpki_token_wolfssl_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) + diff --git a/src/drivers/openssl/openssl_hsm.c b/src/crypto/hsm/wolfssl/wolfssl_hsm.c similarity index 100% rename from src/drivers/openssl/openssl_hsm.c rename to src/crypto/hsm/wolfssl/wolfssl_hsm.c diff --git a/src/drivers/openssl/openssl_hsm_cb.c b/src/crypto/hsm/wolfssl/wolfssl_hsm_cb.c similarity index 100% rename from src/drivers/openssl/openssl_hsm_cb.c rename to src/crypto/hsm/wolfssl/wolfssl_hsm_cb.c diff --git a/src/drivers/openssl/openssl_hsm_obj.c b/src/crypto/hsm/wolfssl/wolfssl_hsm_obj.c similarity index 100% rename from src/drivers/openssl/openssl_hsm_obj.c rename to src/crypto/hsm/wolfssl/wolfssl_hsm_obj.c diff --git a/src/drivers/openssl/openssl_hsm_pkey.c b/src/crypto/hsm/wolfssl/wolfssl_hsm_pkey.c similarity index 100% rename from src/drivers/openssl/openssl_hsm_pkey.c rename to src/crypto/hsm/wolfssl/wolfssl_hsm_pkey.c diff --git a/src/drivers/Makefile.am b/src/drivers/Makefile.am deleted file mode 100644 index e337ea11..00000000 --- a/src/drivers/Makefile.am +++ /dev/null @@ -1,54 +0,0 @@ -## OpenCA Makefile - by Massimiliano Pala -## (c) 1999-2007 by Massimiliano Pala and OpenCA Project -## All Rights Reserved - -TOP = .. -include $(TOP)/global-vars - -BASE_DEFS = - -if ENABLE_KMF -HSM_KMF = kmf -HSM_KMF_OBJ = $(top_builddir)/src/drivers/kmf/libpki-token-kmf.a -else -HSM_KMF = -endif - -if ENABLE_OPENSSL -HSM_SOFTWARE = openssl -HSM_SOFTWARE_OBJ = $(top_builddir)/src/drivers/openssl/libpki-token-openssl.la -else -HSM_SOFTWARE = -endif - -if ENABLE_OPENSSL_ENGINE -HSM_ENGINE = engine -HSM_ENGINE_OBJ = $(top_builddir)/src/drivers/engine/libpki-token-engine.la -else -HSM_ENGINE = -endif - -HSM_PKCS11 = pkcs11 -HSM_PKCS11_OBJ = $(top_builddir)/src/drivers/pkcs11/libpki-token-pkcs11.la - -HSMS = $(HSM_SOFTWARE) $(HSM_KMF) $(HSM_ENGINE) $(HSM_PKCS11) -OBJECTS = $(HSM_KMF_OBJ) $(HSM_SOFTWARE_OBJ) $(HSM_ENGINE_OBJ) $(HSM_PKCS11_OBJ) - -SUBDIRS = $(HSMS) . - -AM_CPPFLAGS = -I$(TOP) - -SRCS = \ - hsm_main.c \ - hsm_slot.c \ - hsm_keypair.c - - -noinst_LTLIBRARIES = libpki-token.la -# noinst_LIBRARIES = libpki-token.a - -libpki_token_la_SOURCES = $(SRCS) -libpki_token_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) -# libpki_token_la_LIBADD = $(BUILD_LIBPKI_LDFLAGS) $(OBJECTS) -libpki_token_la_LIBADD = $(OBJECTS) - diff --git a/src/drivers/engine/Makefile.am b/src/drivers/engine/Makefile.am deleted file mode 100644 index 3f0b1f83..00000000 --- a/src/drivers/engine/Makefile.am +++ /dev/null @@ -1,44 +0,0 @@ -## OpenCA Makefile - by Massimiliano Pala -## (c) 1999-2007 by Massimiliano Pala and OpenCA Project -## All Rights Reserved - -TOP = ../.. -include $(TOP)/global-vars - -BASE_DEFS = - -DEFS = $(OPENCA_DEFS) - -AM_CPPFLAGS = -I$(TOP) \ - $(openssl_cflags) \ - $(libxml2_cflags) \ - $(COND_INCLUDES) - -SRCS = \ - engine_hsm.c \ - engine_hsm_pkey.c \ - engine_hsm_obj.c - -## openssl_hsm_engine.c - -## openssl_hsm_sign.c \ - -# noinst_LTLIBRARIES = libpki-token.la -noinst_LTLIBRARIES = libpki-token-engine.la - -libpki_token_engine_la_SOURCES = $(SRCS) - -libpki_token_engine_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) - -# libpki_token_engine_la_LIBADD = $(BUILD_LIBPKI_LDFLAGS) - -# libpki_token_a_LDFLAGS = -version-info 1:0:0 - -# $(OPENCA_INCLUDE_LIBS) \ -# $(openssl_cflags) $(openssl_libs) - -#pki_token_a_LIBADD = \ -# $(openssl_cflags) $(openssl_libs) \ -# $(libxml2_cflags) $(libxml2_libs) \ -# $(OPENCA_INCLUDE_LIBS) - diff --git a/src/drivers/engine/engine_hsm.c b/src/drivers/engine/engine_hsm.c deleted file mode 100644 index 09cab154..00000000 --- a/src/drivers/engine/engine_hsm.c +++ /dev/null @@ -1,473 +0,0 @@ -/* ENGINE HSM Support -* ================== -* -* Small Note: This code has been written by Massimiliano Pala sitting -* on a Bench in Princeton's campus... if there is someone to blame... -* blame Princeton!!!! -8 -*/ - -#include -#include -#include - -/* Callbacks for Software OpenSSL HSM */ -HSM_CALLBACKS engine_hsm_callbacks = { - /* Get Error Number */ - HSM_ENGINE_get_errno, - /* Get Error Description */ - HSM_ENGINE_get_errdesc, - /* Init */ - HSM_ENGINE_init, - /* Free */ - HSM_ENGINE_free, - /* Login */ - NULL, - /* Logout */ - NULL, - /* Set Algorithm */ - NULL, /* HSM_ENGINE_algor_set, */ - /* Set fips mode */ - NULL, // HSM_OPENSSL_set_fips_mode, - /* Fips operation mode */ - NULL, // HSM_OPENSSL_is_fips_mode, - /* General Sign */ - NULL, // HSM_ENGINE_sign, - /* ASN1 General Sign */ - NULL, // HSM_ENGINE_asn1_sign, - /* General Verify */ - NULL, // HSM_ENGINE_verify, - /* ASN1 General Verify */ - NULL, // HSM_ENGINE_asn1_verify, - /* Key Generation */ - HSM_ENGINE_X509_KEYPAIR_new, - /* Key Free Function - Let's fall back to default - OpenSSL HSM one */ - HSM_ENGINE_X509_KEYPAIR_free, - /* Key Wrap */ - NULL, - /* Key Unwrap */ - NULL, - /* Object stack Get Function */ - NULL, // HSM_ENGINE_OBJSK_get_url, - /* Object stack Add Function */ - NULL, /* HSM_ENGINE_KEYPAIR_put_url, */ - /* Object stack Del Function */ - NULL, /* HSM_ENGINE_OBJSK_del_url, */ - /* Get the number of available Slots */ - NULL, /* HSM_ENGINE_SLOT_num */ - /* Get Slot info */ - HSM_ENGINE_SLOT_INFO_get, /* HSM_ENGINE_SLOT_INFO_get */ - /* Free Slot info */ - NULL, /* HSM_ENGINE_SLOT_INFO_free */ - /* Set the current slot */ - NULL, /* HSM_ENGINE_SLOT_select */ - /* Cleans up the current slot */ - NULL, /* HSM_ENGINE_SLOT_clean */ - /* Returns the Callbacks */ - NULL /* HSM_OPENSSL_X509_get_cb */ -}; - -/* Structure for PKI_TOKEN definition */ -HSM engine_hsm = { - - /* Version of the token */ - 1, - - /* Description of the HSM */ - "OpenSSL ENGINE", - - /* Manufacturer */ - "OpenSSL", - - /* Pointer to the HSM config file and parsed structure*/ - NULL, - - /* One of PKI_HSM_TYPE value */ - HSM_TYPE_ENGINE, - - /* URL for the ID of the driver, this is filled at load time */ - NULL, - - /* Pointer to the driver structure */ - NULL, - - /* Pointer to the session */ - NULL, - - /* Pointer to the credentials */ - NULL, - - /* is Logged In ? */ - 0, - - /* is Cred Set ? */ - 0, - - /* is Login Required ? */ - 0, - - /* Callbacks Structures */ - &engine_hsm_callbacks -}; - -HSM_SLOT_INFO engine_slot_info = { - - /* Device Manufacturer ID */ - "OpenSSL", - - /* Device Description */ - "ENGINE interface", - - /* Hardware Version */ - 1, - 0, - - /* Firmware Version */ - 1, - 0, - - /* Initialized */ - 1, - - /* Present */ - 1, - - /* Removable */ - 0, - - /* Hardware */ - 0, - - /* Token Info */ - { - /* Token Label */ - "Unknown Label\x0 ", - /* ManufacturerID */ - "Unknown\x0 ", - /* Model */ - "Unknown\x0 ", - /* Serial Number */ - "0\x0 ", - /* Max Sessions */ - 65535, - /* Current Sessions */ - 0, - /* Max Pin Len */ - 0, - /* Min Pin Len */ - 0, - /* Memory Pub Total */ - 0, - /* Memory Pub Free */ - 0, - /* Memory Priv Total */ - 0, - /* Memory Priv Free */ - 0, - /* HW Version Major */ - 1, - /* HW Version Minor */ - 0, - /* FW Version Major */ - 1, - /* FW Version Minor */ - 0, - /* HAS Random Number Generator (RNG) */ - 1, - /* HAS clock */ - 0, - /* Login is Required */ - 0, - /* utcTime */ - "" - } - -}; - -unsigned long HSM_ENGINE_get_errno ( void ) { - unsigned long ret = 0; - - ret = ERR_get_error(); - - return ret; -} - -char * HSM_ENGINE_get_errdesc ( unsigned long err, char *str, size_t size ) { - - char * ret = NULL; - - if ( err == 0 ) { - err = ERR_get_error(); - } - - if ( str && size > 0 ) { - ERR_error_string_n ( err, str, size ); - ret = str; - } else { - ret = ERR_error_string ( err, NULL ); - } - - return ret; -} - -HSM *HSM_ENGINE_new (PKI_CONFIG *conf ) -{ - HSM *hsm = NULL; - char *engine_id = NULL; - - ENGINE_load_builtin_engines(); -#if OPENSSL_VERSION_NUMBER < 0x30000000 - ERR_load_ENGINE_strings(); -#endif - - hsm = (HSM *) PKI_Malloc ( sizeof( HSM )); - memcpy( hsm, &engine_hsm, sizeof( HSM )); - - /* Let's copy the right callbacks to call when needed! */ - hsm->callbacks = &engine_hsm_callbacks; - - /* Let's get the ID for the HSM */ - if((engine_id = PKI_CONFIG_get_value( conf, "/hsm/id" )) == NULL ) { - PKI_log_debug("ERROR, Can not get ENGINE id from conf!\n"); - PKI_Free ( hsm ); - return( NULL ); - } - - if((hsm->id = URL_new ( engine_id )) == NULL ) { - PKI_log_debug("ERROR, Can not convert id into URI (%s)", - engine_id); - PKI_Free ( engine_id ); - PKI_Free ( hsm ); - return (NULL); - } - - if((hsm->driver = ENGINE_by_id(hsm->id->addr)) == NULL) { - PKI_log_debug("ERROR, invalid engine \"%s\"", hsm->id->addr); - // ERR_print_errors_fp( stderr ); - PKI_Free ( hsm ); - return (NULL); - } - - /* The ENGINE interface need to be initialized */ - if(( HSM_ENGINE_init ( hsm->driver, conf )) == PKI_ERR ) { - PKI_log_debug("ERROR, Can not initialize ENGINE HSM!"); - PKI_Free( hsm ); - return( NULL ); - }; - - return( hsm ); -} - -int HSM_ENGINE_free ( HSM *driver, PKI_CONFIG *conf ) { - - if( driver == NULL ) return (PKI_OK); - - return (PKI_ERR); -} - -int HSM_ENGINE_init( HSM *driver, PKI_CONFIG *conf ) { - - /* We need to initialize the driver by using the config - options. For the ENGINE, we do not need the driver - pointer really. - */ - - ENGINE *e = NULL; - int i = 0; - - PKI_STACK *pre_cmds = NULL; - PKI_STACK *post_cmds = NULL; - - if( !driver ) return ( PKI_ERR ); - - PKI_log_debug("INFO, Initialising HSM [%s]", - PKI_CONFIG_get_value(conf, "/hsm/name")); - - e = (ENGINE *) driver; - - if( !conf ) { - PKI_log_debug("WARNING, no PRECMDS provided (?!?!?)"); - } else { - - char *val = NULL; - char *buf = NULL; - - pre_cmds = PKI_CONFIG_get_stack_value ( conf, - "/hsm/pre/cmd" ); - for( i=0; i < PKI_STACK_elements( pre_cmds ); i++ ) { - buf = PKI_STACK_get_num( pre_cmds, i ); - - if((val = strchr( buf, ':')) != NULL ) { - /* This changes the value in the stack element, - so don't rely on the modified value */ - *val = '\x0'; - val++; - } - - PKI_log_debug("ENGINE, PRE COMMAND (%d) => %s:%s", - i, buf, val); - - if(!ENGINE_ctrl_cmd_string(e, buf, val, 0)) { - PKI_log_debug("ENGINE COMMAND Failed (%s:%s)!", - buf, val); - ERR_print_errors_fp( stderr ); - } else { - PKI_log_debug("ENGINE, COMMAND SUCCESS!"); - } - } - - PKI_STACK_free_all( pre_cmds ); - } - - if(!ENGINE_init(e)) { - PKI_log_debug("ERROR, Can not init the ENGINE!"); - return (PKI_ERR); - } else { - PKI_log_debug("INFO, ENGINE init Success!"); - } - - if( !conf ) { - PKI_log_debug("WARNING, POSTCMDS not provided (?!?!?)"); - } else { - char *val = NULL; - char *buf = NULL; - - post_cmds = PKI_CONFIG_get_stack_value(conf, "/hsm/post/cmd"); - - for( i=0; i < PKI_STACK_elements( post_cmds ); i++ ) { - buf = PKI_STACK_get_num( post_cmds, i ); - - if((val = strchr( buf, ':')) != NULL ) { - /* This changes the value in the stack element, - so don't rely on the modified value */ - *val = '\x0'; - val++; - } - - // PKI_log_debug("ENGINE, PRE CMD (%d) => %s:%s", - // i, buf, val); - - if(!ENGINE_ctrl_cmd_string(e, buf, val, 0)) { - PKI_log_debug("ENGINE, COMMAND Failed (%s:%s)", - buf, val ); - } else { - PKI_log_debug("ENGINE, COMMAND Success (%s:%s)", - buf, val ); - } - } - - PKI_STACK_free_all( post_cmds ); - } - - if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { - PKI_log_debug("ERROR, Can't use HSM ENGINE!"); - // ERR_print_errors_fp(stderr); - ENGINE_free(e); - return ( PKI_ERR ); - } - - PKI_log_debug("INFO, ENGINE HSM init Successful!"); - - return (PKI_OK); -} - - -/* General Signing function */ -/* -int HSM_ENGINE_sign (PKI_OBJTYPE type, - void *x, - void *it_pp, - PKI_ALGOR *alg, - PKI_STRING *bit, - PKI_X509_KEYPAIR *key, - PKI_DIGEST_ALG *digest, - void *driver ) { - - - int ret = PKI_OK; - ASN1_ITEM *it = NULL; - - if( !x || !key ) { - PKI_log_debug("ENGINE, missing required param for signature " - "generation"); - return (PKI_ERR); - } - - if( !digest ) digest = PKI_DIGEST_ALG_SHA1; - - if( !driver ) { - PKI_log_debug("WARNING, ENGINE signature called, but no " - "driver pointer has been provided!"); - } - - ERR_clear_error(); - - switch ( type ) { - case PKI_OBJTYPE_X509_REQ: - ret = X509_REQ_sign( (X509_REQ *) x, - (EVP_PKEY *) key, (EVP_MD *) digest ); - break; - case PKI_OBJTYPE_X509_CERT: - ret = X509_sign( (X509 *) x, (EVP_PKEY *) key, - (EVP_MD *) digest ); - break; - case PKI_OBJTYPE_X509_CRL: - ret = X509_CRL_sign( (X509_CRL *) x, (EVP_PKEY *) key, - (EVP_MD *) digest ); - break; - case PKI_OBJTYPE_PKCS7: - case PKI_OBJTYPE_PKCS12: - case PKI_OBJTYPE_PKI_MSG: - case PKI_OBJTYPE_SCEP_MSG: - case PKI_OBJTYPE_CMS_MSG: - PKI_log_debug("ERROR, DRIVER::ENGINE::OBJ sign not " - "supported, yet!"); - ret = 0; - break; - default: - if( !it_pp || !bit || !alg ) { - PKI_log_debug("Missing required params to " - "complete the generic signature"); - return ( PKI_ERR ); - } - - it = (ASN1_ITEM *) it_pp; - ret = ASN1_item_sign(it, alg, NULL, - bit, x, (EVP_PKEY *) key, (EVP_MD *) digest ); - break; - } - - if( ret == 0 ) { - PKI_log_debug("ERROR, Generating Signature (ENGINE HSM)!"); - ret = PKI_ERR; - } else { - ret = PKI_OK; - } - - PKI_log_debug("ENGINE, Signature successful"); - - return (ret); -} -*/ - -/* ---------------------- ENGINE Slot Management Functions ---------------- */ - -HSM_SLOT_INFO * HSM_ENGINE_SLOT_INFO_get ( unsigned long num, HSM *hsm ) { - - HSM_SLOT_INFO *ret = NULL; - ENGINE *e = NULL; - - if( !hsm || !hsm->driver ) return ( NULL ); - - e = hsm->driver; - - ret = (HSM_SLOT_INFO *) PKI_Malloc ( sizeof (HSM_SLOT_INFO)); - memcpy( ret, &engine_slot_info, sizeof( HSM_SLOT_INFO )); - - snprintf(ret->token_info.label, LABEL_SIZE, "%s", ENGINE_get_name( e )); - snprintf(ret->token_info.model, MODEL_SIZE, "%s", ENGINE_get_id ( e )); - - return (ret); -} - diff --git a/src/drivers/engine/engine_hsm_obj.c b/src/drivers/engine/engine_hsm_obj.c deleted file mode 100644 index 7361a12e..00000000 --- a/src/drivers/engine/engine_hsm_obj.c +++ /dev/null @@ -1,80 +0,0 @@ -/* openssl/pki_pkey.c */ - -#include - -/* ---------------- OpenSSL HSM Keypair get/put --------------------------- */ - -/* -PKI_STACK * HSM_ENGINE_OBJSK_get_url ( PKI_DATATYPE type, URL *url, - PKI_CRED *cred, struct hsm_st *hsm ) { - - void * ret = NULL; - - if( !url ) return ( NULL ); - - switch ( type ) { - case PKI_DATATYPE_X509_KEYPAIR: - ret = HSM_ENGINE_KEYPAIR_get_url ( url, cred, hsm ); - break; - default: - HSM_OPENSSL_OBJSK_get_url ( type, url, cred, hsm ); - ret = NULL; - } - - return ( ret ); -} - -*/ -/* ------------------------ Internal Retrieve Functions ------------------- */ - -/* -PKI_X509_KEYPAIR_STACK * HSM_ENGINE_KEYPAIR_get_url ( URL *url, PKI_CRED *cred, - HSM *driver ) { - HSM *hsm = NULL; - PKI_X509_KEYPAIR_STACK *ret = NULL; - PKI_X509_KEYPAIR *keypair = NULL; - PW_CB_DATA cb_data; - ENGINE *e = NULL; - - if((hsm = (HSM *) driver) == NULL ) { - PKI_log_debug("ERROR, Memory Allocation", __FILE__, __LINE__); - return(NULL); - } - - if( hsm->driver == NULL ) { - PKI_log_debug("ERROR, No HSM pointer provided (keypair get" - " in ENGINE HSM)"); - return(NULL); - } - - e = (ENGINE *) hsm->driver; - - if( cred ) { - cb_data.password = cred->password; - } else if ( hsm->cred ) { - cb_data.password = hsm->cred->password; - } - - if( url ) { - cb_data.prompt_info = url->addr; - } - - if((ret = PKI_STACK_X509_KEYPAIR_new()) == NULL ) { - PKI_log_debug("ERROR, can not allocate new memory!"); - return ( NULL ); - } - - if((keypair = (PKI_X509_KEYPAIR *) ENGINE_load_private_key(e, - url->addr, NULL, &cb_data)) == NULL ) { - PKI_log_debug("ERROR, Error loading key (%s) [ENGINE HSM]", - url->addr ); - if ( ret ) PKI_STACK_X509_KEYPAIR_free ( ret ); - return ( NULL ); - } - - PKI_STACK_X509_KEYPAIR_push ( ret, keypair ); - - return ( ret ); -} - -*/ diff --git a/src/drivers/engine/engine_hsm_pkey.c b/src/drivers/engine/engine_hsm_pkey.c deleted file mode 100644 index 285e47ce..00000000 --- a/src/drivers/engine/engine_hsm_pkey.c +++ /dev/null @@ -1,250 +0,0 @@ -/* engine/engine_hsm_pkey.c */ - -#include - -/* Internal usage only - we want to keep the lib abstract */ -#ifndef _LIBPKI_HSM_ENGINE_PKEY_H -#define _LIBPKI_HSM_ENGINE_PKEY_H - -#define PKI_RSA_KEY RSA -#define PKI_DSA_KEY DSA - -#ifdef ENABLE_ECDSA -#define PKI_EC_KEY EC_KEY -#endif - -#define PKI_RSA_KEY_MIN_SIZE 512 -#define PKI_DSA_KEY_MIN_SIZE 512 -#define PKI_EC_KEY_MIN_SIZE 56 -PKI_DSA_KEY * _engine_pki_dsakey_new( PKI_KEYPARAMS *kp, ENGINE *e ); -#ifdef ENABLE_ECDSA -PKI_EC_KEY * _engine_pki_ecdsakey_new( PKI_KEYPARAMS *kp, ENGINE *e); -#else -void * _engine_pki_ecdsakey_new( PKI_KEYPARAMS *kp, ENGINE *e ); -#endif /* ENDIF::ENABLE_ECDSA */ - -int _engine_pki_rand_init( void ); - -#endif /* ENDIF::_LIBPKI_HSM_ENGINE_PKEY */ - -int _engine_pki_rand_seed( void ) { - unsigned char seed[20]; - - if (!RAND_bytes(seed, 20)) return 0; - RAND_seed(seed, sizeof seed); - - return(1); -} - -PKI_RSA_KEY * _engine_pki_rsakey_new( PKI_KEYPARAMS *kp, ENGINE *e ) { - - BIGNUM *bne = NULL; - PKI_RSA_KEY *rsa = NULL; - int ossl_rc = 0; - - int bits = PKI_RSA_KEY_DEFAULT_SIZE; - - unsigned long exp = RSA_F4; - // Default exponent (65537) - - if ( kp && kp->bits > 0 ) bits = kp->bits; - - if ( bits < PKI_RSA_KEY_MIN_SIZE ) { - PKI_ERROR(PKI_ERR_X509_KEYPAIR_SIZE_SHORT, NULL); - return NULL; - } - - if ((bne = BN_new()) != NULL) { - if (1 != BN_set_word(bne, exp)) { - PKI_ERROR(PKI_ERR_GENERAL, NULL); - return NULL; - } - } else { - PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); - return NULL; - } - - if ((rsa = RSA_new()) == NULL) { - BN_free(bne); - PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); - return NULL; - } - - if ((ossl_rc = RSA_generate_key_ex(rsa, bits, bne, NULL)) == 1 ) { - /* Error */ - BN_free(bne); - PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, NULL); - return NULL; - } - - BN_free(bne); - - /* Let's return the RSA_KEY infrastructure */ - return (rsa); -} - -PKI_DSA_KEY * _engine_pki_dsakey_new( PKI_KEYPARAMS *kp, ENGINE *e ) { - PKI_DSA_KEY *k = NULL; - unsigned char seed[20]; - - int bits = PKI_DSA_KEY_DEFAULT_SIZE; - - if ( kp && kp->bits > 0 ) bits = kp->bits; - - if ( bits < PKI_DSA_KEY_MIN_SIZE ) { - PKI_ERROR(PKI_ERR_X509_KEYPAIR_SIZE_SHORT, NULL); - return NULL; - }; - - if (!RAND_bytes(seed, 20)) { - /* Not enought rand ? */ - PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Too low Entropy"); - return NULL; - } - - if ((k = DSA_new()) == NULL) { - // Memory Allocation Error - PKI_ERROR(PKI_ERR_MEMORY_ALLOC, "Too low Entropy"); - return NULL; - } - - if (1 != DSA_generate_parameters_ex(k, bits, seed, 20, NULL, NULL, NULL)) { - if( k ) DSA_free( k ); - PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not generated DSA params"); - return NULL; - } - - return( k ); -} - -#ifdef ENABLE_ECDSA -PKI_EC_KEY * _engine_pki_ecdsakey_new( PKI_KEYPARAMS *kp, ENGINE *e ) { - /* ECDSA is a little more complicated than the other - schemes as it involves a group of functions. As the - purpose of this library is to provide a very hi-level - easy to use library, we will provide some hardwired - parameters. - */ - - PKI_EC_KEY *k = NULL; - - PKI_ERROR(PKI_ERR_NOT_IMPLEMENTED, "Engine EC keygen"); - - return ( k ); -} - -#else /* EVP_PKEY_EC */ - -void * _engine_pki_ecdsakey_new( PKI_KEYPARAMS *kp, ENGINE *e ) { - PKI_ERROR(PKI_ERR_NOT_IMPLEMENTED, "Engine EC keygen"); - return ( NULL ); -} - -#endif - - -PKI_X509_KEYPAIR *HSM_ENGINE_X509_KEYPAIR_new( PKI_KEYPARAMS *kp, - URL *url, PKI_CRED *cred, HSM *driver ) { - - PKI_X509_KEYPAIR *ret = NULL; - PKI_X509_KEYPAIR_VALUE *val = NULL; - PKI_RSA_KEY *rsa = NULL; - PKI_DSA_KEY *dsa = NULL; -#ifdef ENABLE_ECDSA - PKI_EC_KEY *ec = NULL; -#endif - ENGINE *e = NULL; - - PKI_SCHEME_ID type = PKI_SCHEME_DEFAULT; - - if ( kp && kp->scheme != PKI_SCHEME_UNKNOWN ) type = kp->scheme; - - if((val = EVP_PKEY_new()) == NULL ) { - PKI_ERROR(PKI_ERR_OBJECT_CREATE, "KeyPair value"); - return NULL; - } - - e = (ENGINE *) driver; - if( _engine_pki_rand_seed() == 0 ) { - /* Probably low level of randomization available */ - PKI_log_debug("WARNING, low rand available (ENGINE HSM)"); - } - - switch (type) { - - case PKI_SCHEME_RSA: - if((rsa = _engine_pki_rsakey_new( kp, e )) == NULL ) { - if( val ) EVP_PKEY_free( val ); - return NULL; - }; - if(!EVP_PKEY_assign_RSA( (EVP_PKEY *) val, rsa)) { - PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not assign RSA key"); - if( rsa ) RSA_free( rsa ); - if( val ) EVP_PKEY_free( val ); - return NULL; - }; - break; - - case PKI_SCHEME_DSA: - if((dsa = _engine_pki_dsakey_new( kp, e )) == NULL ) { - if( val ) EVP_PKEY_free( val ); - return(NULL); - }; - if (!DSA_generate_key( dsa )) { - PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, NULL); - if( val ) EVP_PKEY_free( val ); - return NULL; - } - if (!EVP_PKEY_assign_DSA( (EVP_PKEY *) val, dsa)) { - PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not assign DSA key"); - if( dsa ) DSA_free ( dsa ); - if( val ) EVP_PKEY_free( val ); - return NULL; - } - dsa=NULL; - break; - -#ifdef ENABLE_ECDSA - case PKI_SCHEME_ECDSA: - if((ec = _engine_pki_ecdsakey_new( kp, e)) == NULL ) { - if( val ) EVP_PKEY_free( val ); - return(NULL); - }; - if (!EVP_PKEY_assign_EC_KEY( (EVP_PKEY *) val, ec)) { - PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not assign ECDSA key"); - if( ec ) EC_KEY_free ( ec ); - if( val ) EVP_PKEY_free( val ); - return NULL; - } - ec=NULL; - break; -#endif - default: - /* No recognized scheme */ - PKI_ERROR(PKI_ERR_HSM_SCHEME_UNSUPPORTED, "%d", type ); - if( val ) EVP_PKEY_free( val ); - return NULL; - } - - if((ret = PKI_X509_new( PKI_DATATYPE_X509_KEYPAIR, driver)) == NULL ) { - if( val ) EVP_PKEY_free ( val ); - return NULL; - } - - ret->value = val; - - /* Let's return the PKEY infrastructure */ - return ( ret ); -} - -/* Key Free function */ -void HSM_ENGINE_X509_KEYPAIR_free ( PKI_X509_KEYPAIR *pkey ) { - - if( !pkey) return; - - PKI_X509_KEYPAIR_free( pkey); - - return; - -} - diff --git a/src/drivers/hsm_keypair.c b/src/drivers/hsm_keypair.c deleted file mode 100644 index 7a342e63..00000000 --- a/src/drivers/hsm_keypair.c +++ /dev/null @@ -1,129 +0,0 @@ -/* HSM Object Management Functions */ - -#include - -extern HSM_CALLBACKS openssl_hsm_callbacks; -extern HSM openssl_hsm; - -/* ------------------- Keypair Gen/Free -------------------------------- */ - -PKI_X509_KEYPAIR *HSM_X509_KEYPAIR_new( PKI_KEYPARAMS *params, - char *label, PKI_CRED *cred, HSM *hsm ) { - - PKI_X509_KEYPAIR *ret = NULL; - URL *url = NULL; - - if( hsm && !url && (hsm->type == HSM_TYPE_PKCS11) ) { - PKI_DEBUG("Label is required when using HSM"); - return NULL; - } - - if ( label ) { - if(( url = URL_new(label)) == NULL ) { - PKI_ERROR(PKI_ERR_URI_PARSE, label); - return ( NULL ); - } - }; - - ret = HSM_X509_KEYPAIR_new_url ( params, url, cred, hsm ); - - if( url ) URL_free( url ); - - return ( ret ); -} - -PKI_X509_KEYPAIR *HSM_X509_KEYPAIR_new_url( PKI_KEYPARAMS *params, - URL *url, PKI_CRED *cred, HSM *driver ) { - - PKI_X509_KEYPAIR *ret = NULL; - HSM *hsm = NULL; - - if ( !params ) { - PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); - return NULL; - }; - - if( driver ) { - hsm = driver; - } else { - hsm = (HSM *) HSM_get_default(); - } - - if( hsm && hsm->callbacks && hsm->callbacks->keypair_new_url ) { - ret = hsm->callbacks->keypair_new_url(params,url,cred,hsm); - } else { - PKI_log_err("HSM does not provide key generation"); - // ret = HSM_OPENSSL_KEYPAIR_new( type, bits, url, cred, NULL ); - } - - return ( ret ); -} - - -PKI_MEM *HSM_X509_KEYPAIR_wrap ( PKI_X509_KEYPAIR *key, PKI_CRED *cred) { - - const HSM *hsm = NULL; - - if ( !key || !key->value ) return NULL; - - if ( key->hsm ) { - hsm = key->hsm; - } else { - hsm = HSM_get_default(); - } - - if ( hsm && hsm->callbacks && hsm->callbacks->key_wrap ) { - return hsm->callbacks->key_wrap ( key, cred ); - } - - return NULL; - -/* - int i = 0; - - PKI_X509 *obj = NULL; - PKI_MEM_STACK *ret_sk = NULL; - PKI_MEM *mem = NULL; - - if ( !sk ) return NULL; - - if ((ret_sk = PKI_STACK_MEM_new()) == NULL ) { - return NULL; - } - - for ( i = 0; i < PKI_STACK_X509_KEYPAIR_elements ( sk ); i++ ) { - obj = PKI_STACK_X509_KEYPAIR_get_num ( sk, i ); - - if (!obj || !obj->value ) continue; - - if ( obj->hsm ) { - if( obj->hsm && obj->hsm->callbacks && - obj->hsm->callbacks->key_wrap ) { - mem = obj->hsm->callbacks->key_wrap ( obj, - cred); - if ( mem == NULL ) break; - - PKI_STACK_MEM_push ( ret_sk, mem ); - } - } - } - - return ret_sk; -*/ -} - -PKI_X509_KEYPAIR *HSM_X509_KEYPAIR_unwrap ( PKI_MEM *mem, - URL *url, PKI_CRED *cred, HSM *hsm ) { - - PKI_X509_KEYPAIR *ret = NULL; - - if ( !hsm ) hsm = (HSM *) HSM_get_default(); - - /* Now Put the stack of objects in the HSM */ - if( hsm && hsm->callbacks && hsm->callbacks->key_unwrap ) { - ret = hsm->callbacks->key_unwrap ( mem, url, cred, hsm ); - }; - - /* Return value */ - return ret; -} diff --git a/src/drivers/hsm_main.c b/src/drivers/hsm_main.c deleted file mode 100644 index 64ada628..00000000 --- a/src/drivers/hsm_main.c +++ /dev/null @@ -1,1373 +0,0 @@ -/* HSM Object Management Functions */ - -#include - -// Small Hack - taps into OpenSSL internals.. needed for setting the right -// algorithm for signing - -#ifdef EVP_MD_FLAG_PKEY_METHOD_SIGNATURE -# define ENABLE_AMETH 1 -#endif - -#ifdef ENABLE_AMETH -typedef struct my_meth_st { - int pkey_id; - int pkey_base_id; - unsigned long pkey_flags; - char *pem_str; - char *info; -} LIBPKI_METH; -#endif - -/* --------------------------- Static function(s) ------------------------- */ - -/* -static int __set_algIdentifier (PKI_X509_ALGOR_VALUE * alg, - const PKI_DIGEST_ALG * digest, - const PKI_X509_KEYPAIR * key) { - - PKI_X509_KEYPAIR_VALUE *pkey = NULL; - // KeyPair Pointer - - int def_nid; - - int pkey_type = 0; - int param_type = V_ASN1_UNDEF; - // Parameter Type for Signature - - PKI_DIGEST_ALG * md = NULL; - // Digest to use - - EVP_MD_CTX *ctx = NULL; - EVP_PKEY_CTX *pkctx = NULL; - // EVP_PKEY_CTX for signing - - // Input Checks - if (!key || !key->value || !digest || !alg ) - return PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); - - // Gets the KeyPair Pointer from the X509 structure - pkey = key->value; - - if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) == 2 - && def_nid == NID_undef) { - // The signing algorithm requires there to be no digest - md = NULL; - } - - if ((ctx = EVP_MD_CTX_new()) == NULL) { - PKI_log_err("Cannot Allocate Digest Context"); - return 0; - } - - if (!EVP_MD_CTX_init(ctx) || !EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey)) { - PKI_log_err("Cannot Initialize DigestSignInit"); - return 0; - } - - pkey_type = EVP_MD_CTX_type(ctx); - PKI_log_err("DEBUG: pkey_type (new) = %d (%s)", - pkey_type, PKI_ALGOR_ID_txt(pkey_type)); - - - // if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) == 2 - // && def_nid == NID_undef) { - // - // // The signing algorithm requires there to be no digest - // digest = NULL; - // - // PKI_log_err("DIGEST ALGORITHM => %p", digest); - // } else { - // PKI_log_err("DIGEST ALGORITHM => %s", - // PKI_DIGEST_ALG_get_parsed(digest)); - // } - - // Gets the Signature Algorithm - pkey_type = EVP_MD_pkey_type(digest); - PKI_log_err("DEBUG: pkey_type (old) = %d", pkey_type); - -#ifdef ENABLE_AMETH - - struct my_meth_st *ameth = NULL; - // Pointer to the aMeth structure - - // Gets the Reference to the Key's Method - if ((ameth = (struct my_meth_st *) pkey->ameth) == NULL) - return PKI_ERROR(PKI_ERR_POINTER_NULL, "Missing aMeth pointer."); - - // Gets the right parameter - if (ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) param_type = V_ASN1_NULL; - else param_type = V_ASN1_UNDEF; - -#else // Else for aMeth - - // Special Case for RFC 2459 (Omit Parameters) - if (pkey_type == PKI_ALGOR_DSA_SHA1) param_type = V_ASN1_NULL; - else param_type = V_ASN1_UNDEF; - - if (alg->parameter) ASN1_TYPE_free(alg->parameter); - alg->parameter = NULL; - -#endif // End of aMeth - - PKI_log_err("Set Algorithm: pkey_type = %d (%s)", - pkey_type, PKI_ALGOR_ID_txt(pkey_type)); - - // Sets the Algorithms details - if (!X509_ALGOR_set0(alg, OBJ_nid2obj(pkey_type), param_type, NULL)) - return PKI_ERROR(PKI_ERR_ALGOR_SET, "Cannot set the algorithm"); - - // All Done - return PKI_OK; - -} -*/ - - -/*! \brief Returns the errno from the crypto layer */ - -unsigned long HSM_get_errno (const HSM *hsm ) -{ - const HSM *my_hsm = NULL; - - if (!hsm) my_hsm = (HSM *) HSM_OPENSSL_get_default(); - else my_hsm = hsm; - - if ( my_hsm && my_hsm->callbacks && my_hsm->callbacks->get_errno) - { - return my_hsm->callbacks->get_errno(); - } - - return 0; -} - -/*! \brief Returns the description of the passed error number from the - * crypto layer */ - -char *HSM_get_errdesc ( unsigned long err, const HSM *hsm ) -{ - const HSM *my_hsm = NULL; - - // If no hsm was provided, let's get the default one - if (!hsm) my_hsm = (HSM *) HSM_OPENSSL_get_default(); - else my_hsm = hsm; - - // If no error number was provided, let's get the latest - if (err == 0) err = HSM_get_errno(my_hsm); - - if (my_hsm && my_hsm->callbacks && my_hsm->callbacks->get_errdesc) - { - return my_hsm->callbacks->get_errdesc(err, NULL, 0); - } - - return NULL; -} - -/*! \brief Returns the default HSM structure (software) - * - * The returned HSM * points to a static structure that does not need - * to be freed. - */ - -const HSM *HSM_get_default( void ) { - return HSM_OPENSSL_get_default(); -} - -/*! \brief Allocates a new HSM structure - * - * Allocates a new HSM structure and initialize the callbacks functions. - * The driver is the crypto driver to be used (e.g., openssl or kmf), - * while the name is the name of the HSM (e.g., LunaCA3) - */ - -HSM *HSM_new( const char * const dir, - const char * const name ) { - - HSM * hsm = NULL; - char * url_s = NULL; - char * buff = NULL; - - PKI_CONFIG *conf = NULL; - char *type = NULL; - - PKI_init_all(); - - if( !name ) { - /* If no name is passed, we generate a new software token */ - return HSM_OPENSSL_new( NULL ); - } - - if((url_s = PKI_CONFIG_find_all( dir, name, PKI_DEFAULT_HSM_DIR )) - == NULL ) { - PKI_log_debug( "Can not find config file (%s/%s)\n", dir, name); - return (NULL); - } - - if((conf = PKI_CONFIG_load( url_s )) == NULL ) { - PKI_log_debug( "Can not load config from %s", url_s ); - goto err; - } - - if((buff = PKI_Malloc ( BUFF_MAX_SIZE )) == NULL ) { - goto err; - } - - /* Let's generate the right searching string with the namespace - prefix */ - if((type = PKI_CONFIG_get_value ( conf, "/hsm/type")) == NULL ) { - /* No type in the config! */ - PKI_log_debug("ERROR, No HSM type in the config!"); - type = strdup("software"); - } - - if( strcmp_nocase(type,"software") == 0 ) { - if((hsm = HSM_OPENSSL_new( conf )) == NULL ) { - PKI_log_debug("ERROR, Can not generate software HSM object!"); - } else { - hsm->type = HSM_TYPE_SOFTWARE; - } -#ifdef HAVE_ENGINE - } else if( strcmp_nocase(type,"engine") == 0 ) { - if((hsm = HSM_ENGINE_new( conf )) == NULL ) { - PKI_log_debug("ERROR, Can not generate engine HSM object!"); - } else { - hsm->type = HSM_TYPE_ENGINE; - } -#endif - } else if( strcmp_nocase(type,"pkcs11") == 0 ) { - if((hsm = HSM_PKCS11_new( conf )) == NULL ) { - PKI_log_debug("ERROR, Can not generate engine HSM object!"); - } else { - hsm->type = HSM_TYPE_PKCS11; - } -#ifdef ENABLE_KMF - } else if( strcmp_nocase(type,"kmf") == 0 ) { - if((hsm = HSM_KMF_new( conf )) == NULL ) { - PKI_log_debug("ERROR, Can not generate kmf HSM object!\n"); - } else { - hsm->type = HSM_TYPE_KMF; - } -#endif - } else { - PKI_log_debug( "Unknown HSM type (%s)", type ); - goto err; - } - - if ( ( hsm != NULL ) && (HSM_init ( hsm ) != PKI_OK) ) { - goto err; - } - - // Let' see if we can enforce the FIPS mode (optional, therefore - // errors are not fatal if PKI_is_fips_mode return PKI_ERR) - if (PKI_is_fips_mode() == PKI_OK) - { - if (HSM_set_fips_mode(hsm, 1) == PKI_OK) - { - PKI_log_debug("HSM created in FIPS mode"); - } - else - { - PKI_log_err("Can not create HSM in FIPS mode"); - goto err; - } - } - else - { - PKI_log_debug("HSM created in non-FIPS mode"); - } - - // Free memory - if (type) PKI_Free(type); - if (conf) PKI_CONFIG_free(conf); - if (url_s) PKI_Free(url_s); - - // Returns the value - return (hsm); - -err: - - // Free used memory - if (conf) PKI_CONFIG_free(conf); - if (url_s) PKI_Free(url_s); - if (hsm) HSM_free(hsm); - if (type) PKI_Free(type); - - // Returns a NULL pointer - return NULL; -} - -/*! \brief Allocates a new HSM structure and initializes it in FIPS mode - * - * Allocates a new HSM structure and initialize the callbacks functions - * in FIPS mode. The driver is the crypto driver to be used (e.g., openssl - * or kmf), while the name is the name of the HSM (e.g., LunaCA3) - * - * If the HSM does not support FIPS mode or other errors occur, this function - * returns NULL - */ - -HSM *HSM_new_fips(const char * const dir, - const char * const name) { - HSM *ret = NULL; - - // Let's invoke the normal initialization - ret = HSM_new(dir, name); - if (!ret) return NULL; - - // Checks if the HSM is operating in FIPS mode - if (PKI_is_fips_mode() == PKI_OK && HSM_is_fips_mode(ret) == PKI_ERR) - { - // Since this init requires FIPS mode, let's return an error - PKI_log_err("Can not create HSM in FIPS mode"); - HSM_free(ret); - return NULL; - } - - // Return the HSM - return ret; -} - -int HSM_free ( HSM *hsm ) { - - if( !hsm ) return (PKI_ERR); - - if( hsm && hsm->callbacks && hsm->callbacks->free ) - { - hsm->callbacks->free ( (void *) hsm, hsm->config ); - } - else - { - /* Error! The driver should provide a free callback! */ - PKI_log_err("hsm (%s) does not provide a free function!", hsm->description ); - if ( hsm ) PKI_Free ( hsm ); - - return (PKI_ERR); - } - - return (PKI_OK); -} - -/* -------------------------- HSM Initialization ----------------------- */ - - -/*! - * \brief Initializes the HSM - */ -int HSM_init( HSM *hsm ) { - - if( !hsm || !hsm->callbacks ) return (PKI_ERR); - - /* Call the init function provided by the hsm itself */ - if( hsm->callbacks->init ) - { - return (hsm->callbacks->init(hsm, hsm->config )); - } - else - { - /* No init function is provided (not needed ??!?!) */ - PKI_log_debug("hsm (%s) does not provide an init " - "function!\n", hsm->description ); - } - - return(PKI_OK); -} - -/*! - * \brief Initializes the HSM in FIPS mode, returns an error if FIPS - * mode is not available for the HSM - */ -int HSM_init_fips (HSM *hsm) -{ - // Let's do the normal initialization - if (HSM_init(hsm) == PKI_ERR) return PKI_ERR; - - // Now let's set the fips mode - if (!HSM_set_fips_mode(hsm, 1)) return PKI_ERR; - - return (PKI_OK); -} - -/* -------------------------- Access control to HSM ----------------------- */ - -int HSM_login ( HSM *hsm, PKI_CRED *cred ) { - - if (!hsm) return (PKI_ERR); - - if ( hsm->callbacks->login ) { - return ( hsm->callbacks->login(hsm, cred )); - } else { - /* No login required by the HSM */ - PKI_log_debug("No login function for selected HSM"); - } - - return ( PKI_OK ); -} - -int HSM_logout ( HSM *hsm ) { - - if (!hsm || !hsm->callbacks ) return (PKI_ERR); - - if ( hsm->callbacks && hsm->callbacks->logout ) { - return ( hsm->callbacks->logout( hsm )); - } else { - /* No login required by the HSM */ - PKI_log_debug("No login function for selected HSM"); - } - - return ( PKI_OK ); -} - - -/* -------------------------- FIPS mode for HSM ----------------------- */ - -int HSM_set_fips_mode(const HSM *hsm, int k) -{ - if (!hsm) hsm = HSM_get_default(); - if (!hsm) return PKI_ERR; - - if (hsm->callbacks && hsm->callbacks->set_fips_mode) - { - return hsm->callbacks->set_fips_mode(hsm, k); - } - else - { - // If no FIPS mode is available, let's return 0 (false) - return PKI_ERR; - } -} - -int HSM_is_fips_mode(const HSM *hsm) -{ - if (!hsm) hsm = HSM_get_default(); - if (!hsm) return PKI_ERR; - - if (hsm->callbacks && hsm->callbacks->is_fips_mode) - { - return hsm->callbacks->is_fips_mode(hsm); - } - else - { - return PKI_ERR; - } -} - -/* -------------------------- General Crypto HSM ----------------------- */ - -int HSM_set_sign_algor ( PKI_X509_ALGOR_VALUE *alg, HSM *hsm ) { - - int ret = PKI_OK; - - // Input Checks - if (!alg) return PKI_ERROR(PKI_ERR_PARAM_NULL, "No algorithm passed!"); - - // Sets the algorithm if it is an hardware token - if (hsm && hsm->callbacks && hsm->callbacks->sign_algor) { - - // Using the HSM callback - PKI_log_debug("Setting the signature algorithm for selected HSM"); - ret = hsm->callbacks->sign_algor(hsm, alg); - } - - // All Done - return (ret); -} - -/* ------------------------ General PKI Signing ---------------------------- */ - -/* !\brief Signs the data from a PKI_MEM structure by using the - * passed key and digest algorithm. - * - * This function signs the data passed in the PKI_MEM structure. - * Use PKI_DIGEST_ALG_NULL for using no hash algorithm when calculating - * the signature. - * Use NULL for the digest (PKI_DIGEST_ALG) pointer to use the data signing - * functions directly (i.e., signing the PKI_MEM data directly instead of - * first performing the digest calculation and then generating the signture - * over the digest) - * - * @param der The pointer to a PKI_MEM structure with the data to sign - * @param digest The pointer to a PKI_DIGEST_ALG method - * @param key The pointer to the PKI_X509_KEYPAIR used for signing - * @return A PKI_MEM structure with the signature value. - */ - -int PKI_X509_sign(PKI_X509 * x, - const PKI_DIGEST_ALG * digest, - const PKI_X509_KEYPAIR * key) { - - // PKI_MEM *der = NULL; - // PKI_MEM *sig = NULL; - // // Data structure for the signature - - PKI_STRING * sigPtr = NULL; - // Pointer for the Signature in the PKIX data - - int pkey_type = NID_undef; - // Key Type - - PKI_SCHEME_ID pkey_scheme = PKI_SCHEME_UNKNOWN; - // Signature Scheme - - PKI_X509_KEYPAIR_VALUE * pkey = NULL; - // Internal Value - - int sig_nid = -1; - // Signature Algorithm identifier - - // Input Checks - if (!x || !x->value || !key || !key->value ) - return PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); - - // Extracts the internal value - pkey = PKI_X509_get_value(key); - if (!pkey) { - PKI_ERROR(PKI_ERR_PARAM_NULL, "Missing Key's Internal Value"); - return PKI_ERR; - } - -// // Gets the PKEY type -// pkey_id = PKI_X509_KEYPAIR_VALUE_get_id(pkey); -// pkey_type = EVP_PKEY_type(pkey_id); -// if (pkey_type == NID_undef) { -// #if OPENSSL_VERSION_NUMBER > 0x30000000L -// pkey_type = pkey_id; -// #else -// PKI_ERROR(PKI_ERR_PARAM_NULL, "Missing Key's Internal Value"); -// return PKI_ERR; -// #endif -// } - - pkey_type = PKI_X509_KEYPAIR_VALUE_get_id(pkey); - if (!pkey_type) { - PKI_DEBUG("Cannot get the key's type (nid: %d)", PKI_X509_KEYPAIR_VALUE_get_id(pkey)); - return PKI_ERR; - } - - // Gets the Signature Scheme - pkey_scheme = PKI_X509_KEYPAIR_VALUE_get_scheme(pkey); - if (pkey_scheme == PKI_SCHEME_UNKNOWN) { - PKI_ERROR(PKI_ERR_PARAM_NULL, "Scheme not recognized for key (scheme: %d, type: %d)", - PKI_SCHEME_ID_get_parsed(pkey_scheme), pkey_type); - return PKI_ERR; - } - - // Sets the default Algorithm if none is provided - if (!digest) { - PKI_DEBUG("No digest was used, getting the default for the key."); - if (PKI_SCHEME_ID_is_explicit_composite(pkey_scheme)) { - PKI_DEBUG("Explicit Composite Scheme, no digest allowed (overriding choice)"); - digest = PKI_DIGEST_ALG_NULL; - } else { - digest = PKI_DIGEST_ALG_get_default(key); - } - } - - // PKI_DEBUG("Digest Algorithm set to %s", PKI_DIGEST_ALG_get_parsed(digest)); - - // Let's make sure we do not use a digest with explicit composite - if (PKI_ID_is_explicit_composite(pkey_type, NULL)) { - // No digest is allowed - digest = PKI_DIGEST_ALG_NULL; - } - - // Handles the weirdness of OpenSSL - we want to check if the signing algorithm - // is actually allowed with the selected public key - if (digest != NULL && digest != PKI_DIGEST_ALG_NULL) { - - // Finds the associated signing algorithm identifier, if any - if (OBJ_find_sigid_by_algs(&sig_nid, EVP_MD_nid(digest), pkey_type) != 1) { - PKI_DEBUG("Cannot Get The Signing Algorithm for %s with %s", - PKI_ID_get_txt(pkey_type), digest ? PKI_DIGEST_ALG_get_parsed(digest) : "NULL"); - // Fatal Error - return PKI_ERR; - } - - } else { - - if (PKI_ID_requires_digest(pkey_type) == PKI_OK) { - PKI_DEBUG("%s scheme does not support arbitrary signing, hashing is required", - PKI_SCHEME_ID_get_parsed(pkey_scheme)); - // Error condition - return PKI_ERR; - } - - // Checks if we can use the NULL digest - if (PKI_ID_is_composite(pkey_type, NULL) || - PKI_ID_is_explicit_composite(pkey_type, NULL)) { - - // Finds the associated signing algorithm identifier, if any - if (OBJ_find_sigid_by_algs(&sig_nid, NID_undef, pkey_type) != 1) { - PKI_DEBUG("Cannot Get The Signing Algorithm for %s with %s", - PKI_ID_get_txt(pkey_type), digest ? PKI_DIGEST_ALG_get_parsed(digest) : "NULL"); - // Fatal Error - return PKI_ERR; - } - // Use the appropriate digest to avoid the OpenSSL weirdness - digest = EVP_md_null(); - - } else if (PKI_ID_is_pqc(pkey_type, NULL)) { - - // Use the Same ID for Key and Signature - sig_nid = pkey_type; - } - - // if (PKI_ID_requires_digest(EVP_PKEY_id(pkey) == PKI_OK)) { - // // If the key requires a digest, we need to find the default - // // digest algorithm for the key type - // if (PKI_ID_get_digest(EVP_PKEY_id(pkey), &scheme_id) != PKI_OK) { - // PKI_DEBUG("Cannot Get The Digest Algorithm for %s", - // PKI_ID_get_txt(PKI_X509_KEYPAIR_VALUE_get_id(pkey))); - // // Fatal Error - // return PKI_ERR; - // } - // } - // if (PKI_ID_is_explicit_composite(EVP_PKEY_id(pkey), &scheme_id) != PKI_OK) { - - // PKI_DEBUG("Got The Scheme ID => %d", scheme_id); - - // switch (scheme_id) { - - // // Algorithms that do not require hashing - // /* case PKI_SCHEME_ED448: */ - // /* case PKI_SCHEME_X25519: */ - // case PKI_SCHEME_DILITHIUM: - // case PKI_SCHEME_FALCON: - // case PKI_SCHEME_COMPOSITE: - // case PKI_SCHEME_COMBINED: - // case PKI_SCHEME_KYBER: - // case PKI_SCHEME_CLASSIC_MCELIECE: { - // // No-hashing is supported by the algorithm - // // If the find routine returns 1 it was successful, however - // // for PQC it seems to return NID_undef for the sig_nid, this fixes it - // if (sig_nid == NID_undef) sig_nid = EVP_PKEY_id(pkey); - // } break; - - - // // Hashing required - // default: - // PKI_DEBUG("%s does not support arbitrary signing, hashing is required", - // PKI_SCHEME_ID_get_parsed(scheme_id)); - // // Error condition - // return PKI_ERR; - // } - // } - } - - // // Debugging Information - // PKI_DEBUG("Signing Algorithm Is: %s", PKI_ID_get_txt(sig_nid)); - // PKI_DEBUG("Digest Signing Algorithm: %p (%s)", digest, PKI_DIGEST_ALG_get_parsed(digest)); - - // Since we are using the DER representation for signing, we need to first - // update the data structure(s) with the right OIDs - we use the default - // ASN1_item_sign() with a NULL buffer parameter to do that. - - // ASN1_item_sign behaviour: - // - signature: we must provide an ASN1_BIT_STRING pointer, the pnt->data - // will be freed and replaced with the signature data - // - pkey: we must provide an EVP_PKEY pointer - // - data: is the pointer to an internal value (e.g., a PKI_X509_VALUE - // or a PKI_X509_REQ_VALUE)) - // - type: is the pointer to the const EVP_MD structure for the hash-n-sign - // digest - - ASN1_BIT_STRING sig_asn1 = { 0x0 }; - // Pointer to the ASN1_BIT_STRING structure for the signature - - // Note that only COMPOSITE can properly handle passing the EVP_md_null() - // for indicating that we do not need a digest algorithm, however that is - // not well supported by OQS. Let's just pass NULL if the algorithm is not - // composite and the requested ditest is EVP_md_null(). - if (digest == PKI_DIGEST_ALG_NULL) { - if (!PKI_SCHEME_ID_is_composite(pkey_scheme) && - !PKI_SCHEME_ID_is_explicit_composite(pkey_scheme)) { - // The algorithm is not composite, but the digest is EVP_md_null() - PKI_DEBUG("Digest is EVP_md_null(), but the algorithm is not composite, replacing the digest with NULL"); - digest = NULL; - } - } - - // Special case for non-basic types to be signed. The main example is - // the OCSP response where we have three different internal fields - // suche as status, resp, and bs. We need to sign the bs field in - // this case. - void * item_data = NULL; - switch (x->type) { - case PKI_DATATYPE_X509_OCSP_RESP: { - PKI_X509_OCSP_RESP_VALUE * ocsp_resp = NULL; - - // For OCSP Responses we need to sign the TBSResponseData - ocsp_resp = (PKI_X509_OCSP_RESP_VALUE *) x->value; - item_data = ocsp_resp->bs; - } break; - - default: { - // Default use-case - item_data = x->value; - } break; - } - - // Sets the right OID for the signature - int success = ASN1_item_sign(x->it, - PKI_X509_get_data(x, PKI_X509_DATA_SIGNATURE_ALG1), - PKI_X509_get_data(x, PKI_X509_DATA_SIGNATURE_ALG2), - &sig_asn1, - item_data, - pkey, - digest); - - if (!success || !sig_asn1.data || !sig_asn1.length) { - PKI_DEBUG("Error while creating the signature: %s (success: %d, sig_asn1.data: %p, sig_asn1.length: %d)", - ERR_error_string(ERR_get_error(), NULL), success, sig_asn1.data, sig_asn1.length); - PKI_ERROR(PKI_ERR_SIGNATURE_CREATE, NULL); - return PKI_ERR; - } - - // EVP_MD_CTX * md_ctx_tmp = EVP_MD_CTX_new(); - // if (!md_ctx_tmp) { - // PKI_ERROR(PKI_ERR_MEMORY_ALLOC, "Can not allocate memory for the EVP_MD_CTX"); - // return PKI_ERR; - // } - - // EVP_PKEY_CTX * pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL); - // if (!pkey_ctx) { - // PKI_ERROR(PKI_ERR_MEMORY_ALLOC, "Can not allocate memory for the EVP_PKEY_CTX"); - // return PKI_ERR; - // } - - // X509_ALGORS * signature_algors = sk_X509_ALGOR_new_null(); - // if (!signature_algors) { - // PKI_ERROR(PKI_ERR_MEMORY_ALLOC, "Can not allocate memory for the X509_ALGORS"); - // return PKI_ERR; - // } - - // X509_ALGOR * signature_algor = X509_ALGOR_new(); - - // EVP_MD_CTX_set_pkey_ctx(md_ctx_tmp, pkey_ctx); - - // EVP_MD_CTX_ctrl(md_ctx_tmp, EVP_MD_CTRL_SET_SIGNAME, sig_nid, NULL); - - // int success = ASN1_item_sign_ctx(x->it, - // PKI_X509_get_data(x, PKI_X509_DATA_SIGNATURE_ALG1), - // PKI_X509_get_data(x, PKI_X509_DATA_SIGNATURE_ALG2), - // &sig_asn1, - // x->value, - // md_ctx_tmp); - - // if (!success || !sig_asn1.data || !sig_asn1.length) { - // PKI_ERROR(PKI_ERR_SIGNATURE_CREATE, "Can not sign the data"); - // return PKI_ERR; - // } - - // // Retrieves the DER representation of the data to be signed - // if ((der = PKI_X509_get_tbs_asn1(x)) == NULL) { - // // Logs the issue - // PKI_DEBUG("Can not get the DER representation of the PKIX data via tbs func"); - // // Builds the DER representation in a PKI_MEM structure - // if ((der = PKI_X509_put_mem(x, - // PKI_DATA_FORMAT_ASN1, - // NULL, - // NULL )) == NULL) { - // // Logs the issue - // PKI_DEBUG("Can not get the DER representation directly, aborting."); - // // Can not encode into DER - // return PKI_ERROR(PKI_ERR_DATA_ASN1_ENCODING, NULL); - // } - // } - - // // Generates the Signature - // if ((sig = PKI_sign(der, digest, key)) == NULL) { - // // Error while creating the signature, aborting - // if (der) PKI_MEM_free(der); - // // Report the issue - // return PKI_ERROR(PKI_ERR_SIGNATURE_CREATE, NULL); - // } - - // // Debugging - // FILE * fp = fopen("signature_create.der", "w"); - // if (fp) { - // fwrite(sig->data, sig->size, 1, fp); - // fclose(fp); - // } - // fp = fopen("signed_data_create.der", "w"); - // if (fp) { - // fwrite(der->data, der->size, 1, fp); - // fclose(fp); - // } - - // // der work is finished, let's free the memory - // if (der) PKI_MEM_free(der); - // der = NULL; - - // // Gets the reference to the X509 signature field - // if ((sigPtr = PKI_X509_get_data(x, - // PKI_X509_DATA_SIGNATURE)) == NULL) { - // // Error: Can not retrieve the generated signature, aborting - // PKI_MEM_free (sig); - // // Return the error - // return PKI_ERROR(PKI_ERR_POINTER_NULL, "Can not get signature data"); - // } - - // Gets the reference to the X509 signature field - if ((sigPtr = PKI_X509_get_data(x, - PKI_X509_DATA_SIGNATURE)) == NULL) { - // Error: Can not retrieve the generated signature, aborting - if (sig_asn1.data) PKI_Free(sig_asn1.data); - // Return the error - PKI_ERROR(PKI_ERR_POINTER_NULL, "Can not get signature data"); - return PKI_ERR; - } - - // // Transfer the ownership of the generated signature data (sig) - // // to the signature field in the X509 structure (signature) - // sigPtr->data = sig->data; - // sigPtr->length = (int) sig->size; - - // Transfer the ownership of the generated signature data (sig) - // // to the signature field in the X509 structure (signature) - sigPtr->data = sig_asn1.data; - sigPtr->length = sig_asn1.length; - - // Sets the flags into the signature field - sigPtr->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); - sigPtr->flags |= ASN1_STRING_FLAG_BITS_LEFT; - - // // We can not free the data in the sig PKI_MEM because that is - // // actually owned by the signature now, so let's change the - // // data pointer and then free the PKI_MEM data structure - // sig->data = NULL; - // sig->size = 0; - - // // Now we can free the signature mem - // PKI_MEM_free(sig); - - // Success - return PKI_OK; -} - -/*! \brief General signature function on data */ - -PKI_MEM *PKI_sign(const PKI_MEM * der, - const PKI_DIGEST_ALG * alg, - const PKI_X509_KEYPAIR * key ) { - - PKI_MEM *sig = NULL; - const HSM *hsm = NULL; - - // Input check - if (!der || !der->data || !key || !key->value) { - PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); - return NULL; - } - - // If no HSM is provided, let's get the default one - hsm = (key->hsm != NULL ? key->hsm : HSM_get_default()); - - // Debugging Info - PKI_DEBUG("Calling Callback with Digest = %p (Null =? %s)\n", - alg, alg == EVP_md_null() ? "Yes" : "No"); - - // Requires the use of the HSM's sign callback - if (hsm && hsm->callbacks && hsm->callbacks->sign) { - - // Generates the signature by using the HSM callback - if ((sig = hsm->callbacks->sign( - (PKI_MEM *)der, - (PKI_DIGEST_ALG *)alg, - (PKI_X509_KEYPAIR *)key)) == NULL) { - - // Error: Signature was not generated - PKI_DEBUG("Can not generate signature (returned from sign cb)"); - } - - } else { - - // There is no callback for signing the X509 structure - PKI_ERROR(PKI_ERR_SIGNATURE_CREATE_CALLBACK, - "No sign callback for key's HSM"); - - // Free Memory - PKI_MEM_free(sig); - - // All Done - return NULL; - } - - // Let's return the output of the signing function - return sig; -} - -/*! - * \brief Verifies a PKI_X509 by using a key from a certificate - */ - -int PKI_X509_verify_cert(const PKI_X509 *x, const PKI_X509_CERT *cert) { - - const PKI_X509_KEYPAIR *kval = NULL; - - PKI_X509_KEYPAIR *kp = NULL; - - int ret = -1; - - // Input Check - if (!x || !x->value || !cert || !cert->value) - return PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); - - // Gets the internal value of the public key from the certificate - kval = PKI_X509_CERT_get_data(cert, PKI_X509_DATA_KEYPAIR_VALUE); - if (!kval) return PKI_ERR; - - // Use the internal value to generate a new PKI_X509_KEYPAIR - kp = PKI_X509_new_value(PKI_DATATYPE_X509_KEYPAIR, - (PKI_X509_KEYPAIR_VALUE *)kval, - NULL); - - // Checks if the operation was successful - if ( !kp ) return PKI_ERR; - - // Verifies the certificate by using the extracted public key - ret = PKI_X509_verify(x, kp); - - // Take back the ownership of the internal value (avoid freeing - // the memory when freeing the memory associated with the - // PKI_X509_KEYPAIR data structure) - kp->value = NULL; - - // Free the Memory - PKI_X509_KEYPAIR_free(kp); - - return ret; -} - -/*! - * \brief Verifies a signature on a PKI_X509 object (not for PKCS7 ones) - */ - -int PKI_X509_verify(const PKI_X509 *x, const PKI_X509_KEYPAIR *key ) { - - int ret = PKI_ERR; - const HSM *hsm = NULL; - - // PKI_MEM *data = NULL; - // PKI_MEM *sig = NULL; - - // PKI_STRING *sig_value = NULL; - // PKI_X509_ALGOR_VALUE *alg = NULL; - - // Make sure the library is initialized - PKI_init_all(); - - // Input Checks - if (!x || !x->value || !key || !key->value) { - - // Checks the X509 structure to verify - if (!x || !x->value) - return PKI_ERROR(PKI_ERR_PARAM_NULL, "Missing data to verify"); - - // Checks the key value - if (!key || !key->value) - return PKI_ERROR(PKI_ERR_PARAM_NULL, "Missing keypair to verify with"); - } - - // Gets the reference to the HSM to use - hsm = key->hsm != NULL ? key->hsm : HSM_get_default(); - - // Uses the callback to verify the signature that was copied - // in the sig (PKI_MEM) structure - if (hsm && hsm->callbacks && hsm->callbacks->asn1_verify) { - - // Debugging Info - PKI_log_debug( "HSM verify() callback called " ); - - // // Calls the callback function - // ret = hsm->callbacks->verify(data, - // sig, - // alg, - // (PKI_X509_KEYPAIR *)key ); - // Calls the callback function - ret = hsm->callbacks->asn1_verify(x, key); - - } else { - - // Experimental: use ASN1_item_verify() - // ret = ASN1_item_verify(x->it, - // PKI_X509_get_data(x, PKI_X509_DATA_SIGNATURE_ALG1), - // PKI_X509_get_data(x, PKI_X509_DATA_SIGNATURE), - // x->value, - // key->value - // ); - - ret = PKI_X509_ITEM_verify(x->it, - PKI_X509_get_data(x, PKI_X509_DATA_SIGNATURE_ALG1), - PKI_X509_get_data(x, PKI_X509_DATA_SIGNATURE), - x->value, - key->value - ); - } - - // if (success == 1) { - // PKI_DEBUG("PKI_X509_verify()::Signature Verified!"); - // } else { - // PKI_DEBUG("PKI_X509_verify()::Signature Verification Failed!"); - // } - - // // Gets the algorithm from the X509 data - // if (( alg = PKI_X509_get_data(x, PKI_X509_DATA_ALGORITHM)) == NULL) { - - // // Reports the error - // return PKI_ERROR(PKI_ERR_ALGOR_UNKNOWN, - // "Can not get algorithm from object!"); - // } - - // // Gets the DER representation of the data to be signed - - // // if ((data = PKI_X509_get_der_tbs(x)) == NULL) { - // // if ((data = PKI_X509_get_data(x, PKI_X509_DATA_TBS_MEM_ASN1)) == NULL) { - // if ((data = PKI_X509_get_tbs_asn1(x)) == NULL) { - // return PKI_ERROR(PKI_ERR_DATA_ASN1_ENCODING, - // "Can not get To Be signed object!"); - // } - - // // Gets a reference to the Signature field in the X509 structure - // if ((sig_value = PKI_X509_get_data(x, - // PKI_X509_DATA_SIGNATURE)) == NULL) { - - // // Free the memory - // PKI_MEM_free(data); - - // // We could not get the reference to the signature field - // return PKI_ERROR(PKI_ERR_POINTER_NULL, - // "Can not get Signature field from the X509 object!"); - // } - - // // Copies the signature data structure from the sig_value (PKI_STRING) - // // of the X509 structure to the sig one (PKI_MEM) - // if ((sig = PKI_MEM_new_data((size_t)sig_value->length, - // (unsigned char *)sig_value->data)) == NULL) { - - // // Free memory - // PKI_MEM_free(data); - - // // Reports the memory error - // return PKI_ERR; - // } - - // // Uses the callback to verify the signature that was copied - // // in the sig (PKI_MEM) structure - // if (hsm && hsm->callbacks && hsm->callbacks->verify) { - - // // Debugging Info - // PKI_log_debug( "HSM verify() callback called " ); - - // // Calls the callback function - // ret = hsm->callbacks->verify(data, - // sig, - // alg, - // (PKI_X509_KEYPAIR *)key ); - - // } else { - - // // // Debugging - // // FILE * fp = fopen("signature_verify.der", "w"); - // // if (fp) { - // // fwrite(sig->data, sig->size, 1, fp); - // // fclose(fp); - // // } - // // fp = fopen("signed_data_verify.der", "w"); - // // if (fp) { - // // fwrite(data->data, data->size, 1, fp); - // // fclose(fp); - // // } - - // // If there is no verify callback, let's call the internal one - // ret = PKI_verify_signature(data, sig, alg, x->it, key); - - // } - - // // Free the allocated memory - // if ( data ) PKI_MEM_free ( data ); - // if ( sig ) PKI_MEM_free ( sig ); - - // Provides some additional information in debug mode - if (ret != PKI_OK) { - PKI_DEBUG("Crypto Layer Error: %s (%d)", - HSM_get_errdesc(HSM_get_errno(hsm), hsm), - HSM_get_errno(hsm)); - } else { - PKI_DEBUG("Validation Completed Successfully!"); - } - - return ret; -} - -/*! \brief Verifies a signature */ - -int PKI_verify_signature(const PKI_MEM * data, - const PKI_MEM * sig, - const PKI_X509_ALGOR_VALUE * alg, - const ASN1_ITEM * it, - const PKI_X509_KEYPAIR * key ) { - int v_code = 0; - // OpenSSL return code - - EVP_MD_CTX *ctx = NULL; - // PKey Context - - PKI_X509_KEYPAIR_VALUE * k_val = PKI_X509_get_value(key); - // Internal representation of the key - - const PKI_DIGEST_ALG *dgst = NULL; - // Digest Algorithm - - // Input Checks - if (!data || !data->data || !sig || !sig->data || - !alg || !key || !k_val ) { - // Reports the Input Error - return PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); - } - - // Gets the Digest Algorithm to verify with - if ((dgst = PKI_X509_ALGOR_VALUE_get_digest(alg)) == PKI_ID_UNKNOWN) { - // Reports the error - return PKI_ERROR(PKI_ERR_ALGOR_UNKNOWN, NULL); - } - - // PKI_DEBUG("Executing ASN1_item_verify()"); - - // ASN1_BIT_STRING signature; - // signature.data = sig->data; - // signature.length = (int)sig->size; - - // ASN1_item_verify(it, (X509_ALGOR *)alg, &signature, NULL, k_val); - // PKI_DEBUG("Done with ASN1_item_verify()"); - - // Only use digest when we have not digest id - // that was returned for the algorithm - if (dgst != NULL && dgst != EVP_md_null()) { - - EVP_PKEY_CTX * pctx = NULL; - - // Creates and Initializes a new crypto context (CTX) - if ((ctx = EVP_MD_CTX_new()) == NULL) { - // Can not alloc memory, let's report the error - PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); - } - - // Initializes the new CTX - EVP_MD_CTX_init(ctx); - - // Initializes the verify function - if (!EVP_DigestVerifyInit(ctx, &pctx, dgst, NULL, k_val)) { - // Error in initializing the signature verification function - PKI_DEBUG("Signature Verify Initialization (Crypto Layer Error): %s (%d)", - HSM_get_errdesc(HSM_get_errno(NULL), NULL), HSM_get_errno(NULL)); - // Done working - goto err; - } - - // Finalizes the validation - if ((v_code = EVP_DigestVerify(ctx, sig->data, sig->size, data->data, data->size)) <= 0) { - // Reports the error - PKI_DEBUG("Signature Verify Final Failed (Crypto Layer Error): %s (%d - %d)", - HSM_get_errdesc(HSM_get_errno(NULL), NULL), v_code, HSM_get_errno(NULL)); - // Done working - goto err; - } - - } else { - - EVP_PKEY_CTX * pctx = EVP_PKEY_CTX_new(key->value, NULL); - // Context for the verify operation - - // If we are in composite, we should attach the X509_ALGOR pointer - // to the application data for the PMETH verify() to pick that up - if (alg) { - PKI_DEBUG("Setting App Data (We Should use the CTRL interface?): %p", alg); - EVP_PKEY_CTX_set_app_data(pctx, (void *)alg); - } - - // Initialize the Verify operation - if ((v_code = EVP_PKEY_verify_init(pctx)) <= 0) { - PKI_ERROR(PKI_ERR_SIGNATURE_VERIFY, "cannot initialize direct (no-hash) sig verification"); - goto err; - } - - // Verifies the signature - if ((v_code = EVP_PKEY_verify(pctx, sig->data, sig->size, data->data, data->size)) <= 0) { - PKI_ERROR(PKI_ERR_SIGNATURE_VERIFY, NULL); - goto err; - } - } - - // Free the memory -#if OPENSSL_VERSION_NUMBER < 0x1010000fL - EVP_MD_CTX_cleanup(ctx); -#else - EVP_MD_CTX_reset(ctx); -#endif - EVP_MD_CTX_free(ctx); - - // All Done - return PKI_OK; - -err: - // Free Memory - if (ctx) { -#if OPENSSL_VERSION_NUMBER < 0x1010000fL - EVP_MD_CTX_cleanup(ctx); -#else - EVP_MD_CTX_reset(ctx); -#endif - EVP_MD_CTX_free(ctx); - } - - // Returns the error - return PKI_ERR; -} - -/* ----------------------- General Obj Management ------------------------ */ - -/*! \brief Gets a stack of X509 objects from the URL in the HSM */ - -PKI_X509_STACK *HSM_X509_STACK_get_url ( PKI_DATATYPE type, URL *url, - PKI_DATA_FORMAT format, PKI_CRED *cred, HSM *hsm ) { - - PKI_STACK *ret = NULL; - - if( !url ) return ( NULL ); - - if( url->proto != URI_PROTO_ID ) return NULL; - - if( !hsm ) hsm = (HSM * ) HSM_get_default(); - - if( hsm && hsm->callbacks && hsm->callbacks->x509_sk_get_url ) { - ret = hsm->callbacks->x509_sk_get_url( type, url, format, cred, hsm ); - }; - - return ( ret ); -} - -/*! \brief Stores a stack of PKI_X509 objects in the specified URL/HSM */ - -int HSM_X509_STACK_put_url ( PKI_X509_STACK *sk, URL *url, - PKI_CRED *cred, HSM *hsm ) { - - int ret = PKI_OK; - - if( !url || !sk ) return PKI_ERR; - - if ( url->proto != URI_PROTO_ID ) return PKI_ERR; - - if( !hsm ) hsm = (HSM *) HSM_get_default(); - - if( hsm && hsm->callbacks && hsm->callbacks->x509_sk_add_url ) { - ret = hsm->callbacks->x509_sk_add_url( sk, url, cred, hsm ); - }; - - return ( ret ); -} - -/*! \brief Stores the contents of a stack of MEM to the specified URL/HSM */ - -int HSM_MEM_STACK_put_url ( PKI_MEM_STACK *sk, URL *url, PKI_DATATYPE type, - PKI_CRED *cred, HSM *hsm ) { - int i = 0; - int ret = PKI_OK; - - PKI_MEM *mem = NULL; - PKI_X509 *x_obj = NULL; - PKI_X509_STACK *obj_sk = NULL; - - if(( obj_sk = PKI_STACK_new_type( type )) == NULL ) { - return PKI_ERR; - } - - for ( i = 0; i < PKI_STACK_MEM_elements ( sk ); i++ ) { - PKI_X509_STACK *mem_obj_sk = NULL; - - /* Gets the PKI_MEM container from the stack */ - if((mem = PKI_STACK_MEM_get_num ( sk, i )) == NULL ) { - continue; - } - - /* Gets the objects (multiple, possibly) from each PKI_MEM */ - if((mem_obj_sk = PKI_X509_STACK_get_mem ( mem, type, - PKI_DATA_FORMAT_UNKNOWN, cred, hsm )) == NULL ) { - continue; - } - - /* Builds the stack of PKI_X509 objects */ - while ((x_obj = PKI_STACK_X509_pop ( mem_obj_sk )) != NULL ) { - /* Push the Object on the Stack */ - PKI_STACK_X509_push ( obj_sk, x_obj ); - } - } - - /* Now Put the stack of objects in the HSM */ - ret = HSM_X509_STACK_put_url ( sk, url, cred, hsm ); - - /* Clean the stack of Objects we created */ - while ( (x_obj = PKI_STACK_X509_pop ( sk )) != NULL ) { - PKI_X509_free ( x_obj ); - } - PKI_STACK_X509_free ( sk ); - - /* Return value */ - return ret; -} - -/*! \brief Deletes a Stack of Objects that are stored in a HSM */ - -int HSM_X509_STACK_del ( PKI_X509_STACK *sk ) { - - int ret = PKI_ERR; - int i = 0; - - // HSM *hsm = NULL; - // HSM *def_hsm = NULL; - - PKI_X509 *obj = NULL; - - if ( !sk ) return ( PKI_ERR ); - - for ( i = 0; i < PKI_STACK_X509_elements ( sk ); i++ ) { - obj = PKI_STACK_X509_get_num ( sk, i ); - - if (!obj || !obj->value ) continue; - - if ( obj->ref ) { - ret = HSM_X509_del_url ( obj->type, obj->ref, - obj->cred, obj->hsm ); - - if ( ret == PKI_ERR ) return PKI_ERR; - } - } - - return PKI_OK; -} - -/*! \brief Deletes the contents of the specified URL in the HSM */ - -int HSM_X509_del_url ( PKI_DATATYPE type, URL *url, PKI_CRED *cred, HSM *hsm ) { - - int ret = PKI_OK; - - if( !url ) return ( PKI_ERR ); - - if( !hsm ) hsm = (HSM *) HSM_get_default(); - - if( hsm && hsm->callbacks && hsm->callbacks->x509_del_url ) { - ret = hsm->callbacks->x509_del_url( type, url, cred, hsm ); - }; - - return ( ret ); -} - -/*! \brief Returns the callbacks for the specific HSM */ - -const PKI_X509_CALLBACKS * HSM_X509_get_cb ( PKI_DATATYPE type, HSM *hsm ) { - - if ( !hsm || !hsm->callbacks ) return HSM_OPENSSL_X509_get_cb (type); - - return hsm->callbacks->x509_get_cb ( type ); -} - diff --git a/src/drivers/kmf/Makefile.am b/src/drivers/kmf/Makefile.am deleted file mode 100644 index 05e94479..00000000 --- a/src/drivers/kmf/Makefile.am +++ /dev/null @@ -1,41 +0,0 @@ -## OpenCA Makefile - by Massimiliano Pala -## (c) 1999-2007 by Massimiliano Pala and OpenCA Project -## All Rights Reserved - -TOP = ../.. -include $(TOP)/global-vars - -BASE_DEFS = - -DEFS = $(OPENCA_DEFS) - -AM_CPPFLAGS = -I$(TOP) \ - $(openssl_cflags) \ - $(libxml2_cflags) \ - $(COND_INCLUDES) - -SRCS = \ - kmf_hsm.c \ - kmf_hsm_pkey.c \ - kmf_hsm_sign.c \ - kmf_hsm_engine.c - -# noinst_LTLIBRARIES = libpki-token.la -noinst_LTLIBRARIES = libpki-token-kmf.la - -libpki_token_kmf_la_SOURCES = $(SRCS) - -libpki_token_kmf_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) - -# libpki_token_kmf_la_LIBADD = $(BUILD_LIBPKI_LDFLAGS) - -# libpki_token_a_LDFLAGS = -version-info 1:0:0 - -# $(OPENCA_INCLUDE_LIBS) \ -# $(openssl_cflags) $(openssl_libs) - -#pki_token_a_LIBADD = \ -# $(openssl_cflags) $(openssl_libs) \ -# $(libxml2_cflags) $(libxml2_libs) \ -# $(OPENCA_INCLUDE_LIBS) - diff --git a/src/drivers/kmf/kmf_hsm.c b/src/drivers/kmf/kmf_hsm.c deleted file mode 100644 index 2165a3b1..00000000 --- a/src/drivers/kmf/kmf_hsm.c +++ /dev/null @@ -1,139 +0,0 @@ -/* KMF HSM implementation for LibPKI */ - -#include -#include - -HSM kmf_hsm = { - /* HSM Version */ - 1, - /* Description of the HSM */ - "OpenSSL ENGINE", - /* Manufacturer */ - "OpenSSL", - /* Pointer to the HSM config file and parsed structure*/ - NULL, - /* HSM type */ - HSM_TYPE_KMF, - /* Engine Pointer */ - NULL, - /* PKI Store */ - NULL, - /* Pre Commands */ - NULL, - /* Post Commands */ - NULL, - /* is Logged In ? */ - 0, - /* is Cred Set ? */ - 0, - /* is Login Required ? */ - 0, - /* Callbacks */ - { - /* New */ - HSM_KMF_new, - /* Init */ - HSM_KMF_init, - /* Free */ - HSM_KMF_free, - /* Certificate Sign */ - NULL, // HSM_KMF_CERT_sign, - /* Certificate Verify */ - NULL, - /* Request Sign */ - NULL, // HSM_KMF_REQ_sign, - /* General Sign */ - NULL, - /* Key Generation */ - NULL, // HSM_KMF_KEYPAIR_new, - /* Key Free */ - NULL, // HSM_KMF_KEYPAIR_free, - /* Key Remove Function */ - NULL - } -}; - -HSM * HSM_KMF_new() { - - return NULL; - - // HSM *hsm_pnt = NULL; - - // if(( hsm_pnt = (HSM *) malloc (sizeof( HSM ))) == NULL ) { - // return NULL; - // } - - // /* Zeroize the structure */ - // memset( hsm_pnt, 0, sizeof( openssl_hsm )); - // memcpy( hsm_pnt, &openssl_hsm, sizeof( openssl_hsm )); - - // hsm_pnt->id = "KMF"; - - // return hsm_pnt; -} - -int HSM_KMF_free ( HSM *hsm, PKI_CONFIG *conf ) { - if( !hsm ) return 1; - - free( hsm ); - - return 1; -} - -int HSM_KMF_init( HSM *hsm, PKI_STACK *pre_cmds, PKI_STACK *post_cmds ) { - if( !hsm ) return (PKI_ERR); - - return (PKI_ERR); - -} - -HSM *HSM_KMF_new_init( char *e_id, PKI_STACK *pre_cmds, PKI_STACK *post_cmds ) { - - return NULL; - - // HSM *hsm = NULL; - // KMF_HANDLE_T *e = NULL; - - // KMF_RETURN rv; - - /* - if((hsm = HSM_new( NULL )) == NULL ) { - return NULL; - } - */ - - /* If engine is passed, then use it, otherwise instantiate - a new one using the e_id */ - /* - rv = KMF_Initialize( &lib_h, NULL, NULL ); - if( rv != KMF_OK ) return (NULL); - - memset(&cfg_par, 0, sizeof(KMF_CONFIG_PARAMS)); - // cfg_par.kstype = KMF_KEYSTORE_PK11TOKEN; - // cfg_par.pkcs11config.label = "Sun Metaslot"; - // cfg_par.pkcs11config.readonly = B_FALSE; - cfg_par.kstype = KMF_KEYSTORE_OPENSSL; - - rv = KMF_ConfigureKeystore( lib_h, &cfg_par ); - if( rv != KMF_OK ) return (NULL); - - return( lib_h ); - if(( e = (PKI_ENGINE *) PKI_ENGINE_new( e_id )) == NULL ) { - if( hsm ) HSM_free( hsm ); - return NULL; - } - hsm->engine = (PKI_ENGINE *) e; - - if ( e_id != NULL ) - hsm->id = strdup( e_id ); - - if( PKI_ENGINE_init( (ENGINE *) hsm->engine, pre_cmds, - post_cmds ) == 0 ) { - if( hsm ) HSM_free ( hsm ); - return NULL; - } - */ - - // return hsm; -} - diff --git a/src/drivers/kmf/kmf_hsm_engine.c b/src/drivers/kmf/kmf_hsm_engine.c deleted file mode 100644 index 51d9c159..00000000 --- a/src/drivers/kmf/kmf_hsm_engine.c +++ /dev/null @@ -1,121 +0,0 @@ -/* HSM Object Management Functions */ - -#include - -int _exec_engine_cmds ( PKI_ENGINE *e, PKI_STACK *cmds ) { - int ret = 1; - int i, val, num; - - if( !cmds ) return (ret); - - /* Check if there are some commands to be executed */ - val = PKI_STACK_elements(cmds); - if(val < 1) { - /* HSM hs no commands to execute in stack */ - return (ret); - } - - /* Check if the loaded ENGINE has CTRL FUNCTION */ - /* - if(!ENGINE_ctrl(ee, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) || - ((num = ENGINE_ctrl(ee, ENGINE_CTRL_GET_FIRST_CMD_TYPE, - 0, NULL, NULL)) <= 0)) { - return (ret); - } - */ - - /* Now executes the STACK of commands */ - for(i = 0; i < val; i++) { - char buf[256]; - const char *cmd = NULL; - const char *arg = NULL; - - if( (cmd = (char *) PKI_STACK_get_num(cmds, i)) == NULL ) { - continue; - } - - /* Check if this command has no ":arg" */ - if((arg = strstr(cmd, ":")) == NULL) { - /* - if(!ENGINE_ctrl_cmd_string(ee, cmd, NULL, 0)) { - // Error in command - ret = 0; - } - */ - } else { - if((int)(arg - cmd) > 254) { - /* Command Name too long */ - return (ret); - } - memcpy(buf, cmd, (int)(arg - cmd)); - buf[arg-cmd] = '\0'; - arg++; - - /* Call the command with the argument */ - /* - if(!ENGINE_ctrl_cmd_string(ee, buf, arg, 0)) { - // Error in command - ret = 0; - } - */ - } - - /* Check the return code */ - if(ret != 1) { - /* Error in Command */ - } - } - return ( ret ); -} - -PKI_ENGINE *PKI_KMF_ENGINE_new ( char *e_id ) { - - PKI_ENGINE *e = NULL; - - if( !e_id ) return NULL; - - /* - if((e = (ENGINE * ) ENGINE_by_id(e_id)) == NULL) { - fprintf(stderr,"invalid engine \"%s\"", e_id); - return NULL; - } - */ - - return ( e ); -} - -int PKI_KMF_ENGINE_free ( PKI_ENGINE *e ) { - - // if( ee ) ENGINE_free( ee ); - - return (PKI_ERR); -} - -int PKI_KMF_ENGINE_init ( PKI_ENGINE *e, PKI_STACK *pre, PKI_STACK *post ) { - - int ret = PKI_ERR; - - /* Execute Pre Commands */ - // if( _exec_engine_cmds( e, pre ) == 0 ) return 0; - - /* Perform Initialization */ - // if(!ENGINE_init((ENGINE *) e)) return 0; - - /* Free the ENGINE instance */ - // ENGINE_free( (ENGINE *) e ); - - /* Perform POST commands */ - // if( _exec_engine_cmds( e, post ) == 0 ) return 0; - - /* Set Default to the ENGINE for Crypto operations */ - /* - if(!ENGINE_set_default((ENGINE *) e, ENGINE_METHOD_ALL)) { - return 0; - } - */ - - /* ok */ - // return (PKI_OK); - - return (PKI_ERR); -} diff --git a/src/drivers/kmf/kmf_hsm_pkey.c b/src/drivers/kmf/kmf_hsm_pkey.c deleted file mode 100644 index 00728213..00000000 --- a/src/drivers/kmf/kmf_hsm_pkey.c +++ /dev/null @@ -1,71 +0,0 @@ -/* openssl/pki_pkey.c */ - -#include - -/* Internal usage only - we want to keep the lib abstract */ -#ifndef _LIBPKI_INTERNAL_PKEY_H -#define _LIBPKI_INTERNAL_PKEY_H - -#define PKI_RSA_KEY RSA -#define PKI_DSA_KEY DSA - -#ifdef ENABLE_ECDSA -/* No ECDSA support in KMF so far! */ -#define PKI_EC_KEY 0 -#endif - -#define PKI_RSA_KEY_MIN_SIZE 512 -#define PKI_DSA_KEY_MIN_SIZE 512 -#define PKI_EC_KEY_MIN_SIZE 56 - -/* End of _LIBPKI_INTERNAL_PKEY_H */ -#endif - -int HSM_KMF_KEYPAIR_free ( PKI_KEYPAIR *pkey ) { - - if( !pkey ) return(PKI_ERR); - - return (PKI_ERR); -} - -PKI_KEYPAIR *HSM_KMF_KEYPAIR_new( int type, int bits, HSM *hsm, - PKI_CRED *cred ) { - PKI_KEYPAIR *ret = NULL; - PKI_RSA_KEY *rsa = NULL; - PKI_DSA_KEY *dsa = NULL; - - /* Let's return the PKEY infrastructure */ - return ( ret ); -} - -int PKI_KMF_KEYPAIR_write_file( PKI_KEYPAIR *key, int format, char *file, - HSM *hsm ) { - int ret = PKI_OK; - - if( !key ) return (PKI_ERR); - - switch( format ) { - case PKI_FORMAT_PEM: - case PKI_FORMAT_ASN1: - break; - default: - /* Format not recognized ! */ - fprintf(stderr, "%s:%d format not recognized (%d)\n", - format, __FILE__, __LINE__ ); - return(PKI_ERR); - } - - /* Open the file... etc... */ - switch( format ) { - case PKI_FORMAT_PEM: - break; - case PKI_FORMAT_ASN1: - break; - default: - /* Format not recognized ! */ - fprintf(stderr, "%s:%d error\n", __FILE__, __LINE__ ); - } - - return(ret); -} - diff --git a/src/drivers/kmf/kmf_hsm_sign.c b/src/drivers/kmf/kmf_hsm_sign.c deleted file mode 100644 index 8a041df8..00000000 --- a/src/drivers/kmf/kmf_hsm_sign.c +++ /dev/null @@ -1,47 +0,0 @@ -/* drivers/kmf/kmf_hsm_sign.c */ - -#include - -int HSM_KMF_CERT_sign ( PKI_X509_CERT *x, PKI_KEYPAIR *key, - PKI_DIGEST_ALG *digest, HSM *hsm ) { - - int ret = PKI_ERR; - - if( (!x) || (!key) || (!digest )) return (PKI_ERR); - - /* - ERR_clear_error(); - ret = X509_sign( (X509 *) x, (EVP_PKEY *) key, (EVP_MD *) digest ); - if( ret == 0 ) { - fprintf(stdout, "DEBUG::error signing cert!"); - ERR_print_errors_fp(stdout); - } - */ - - return ret; -} - -int HSM_KMF_REQ_sign ( PKI_X509_REQ *x, PKI_KEYPAIR *key, - PKI_DIGEST_ALG *digest, HSM *hsm ) { - - int ret = PKI_ERR; - - if( (!x) || (!key) || (!digest )) return (PKI_ERR); - - /* - ERR_clear_error(); - ret = X509_REQ_sign( (X509_REQ *) x, (EVP_PKEY *) key, (EVP_MD *) digest ); - if( ret == 0 ) { - fprintf(stdout, "DEBUG::error signing request!"); - ERR_print_errors_fp(stdout); - } - */ - - return ret; -} - -int HSM_KMF_sign ( void *x, PKI_KEYPAIR *key, PKI_DIGEST_ALG *digest, - HSM *hsm ) { - return (PKI_ERR); -} - diff --git a/src/libpki/crypto.h b/src/libpki/crypto.h deleted file mode 100644 index 85bb51fb..00000000 --- a/src/libpki/crypto.h +++ /dev/null @@ -1,31 +0,0 @@ -/* OpenCA libpki package -* (c) 2000-2006 by Massimiliano Pala and OpenCA Group -* All Rights Reserved -* -* =================================================================== -* Released under OpenCA LICENSE -*/ - -#ifndef HEADER_LIBPKI_CRYPTO_H -#define HEADER_LIBPKI_CRYPTO_H - -#include - -#ifdef ENABLE_KMF -/* BEGIN of ENABLE KMF */ -#include -#include - -#include -#include - -/* END of ENABLE KMF */ -#endif - -/* Include this here because it needs the kmf definitions in case - KMF is used */ - -#include - -/* End of HEADER_LIBPKICRYPTO_H */ -#endif diff --git a/src/libpki/crypto/crypto_keypair.h b/src/libpki/crypto/crypto_keypair.h new file mode 100644 index 00000000..fb9cdeff --- /dev/null +++ b/src/libpki/crypto/crypto_keypair.h @@ -0,0 +1,268 @@ +/* crypto_keypair.h */ + +#ifndef _LIBPKI_SYSTEM_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_TYPES_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_KEYPAIR_H +#define _LIBPKI_CRYPTO_KEYPAIR_H + +int CRYPTO_KEYPAIR_new(CRYPTO_KEYPAIR ** out, + HSM * hsm); + +void CRYPTO_KEYPAIR_free(CRYPTO_KEYPAIR *key); + +int CRYPTO_KEYPAIR_generate(CRYPTO_KEYPAIR *key, const CRYPTO_KEYPARAMS * params, char * label); + +int CRYPTO_KEYPAIR_clear(CRYPTO_KEYPAIR *key); + +int CRYPTO_KEYPAIR_get(unsigned char ** privkey, /* p8 */ + size_t * privkey_size, + unsigned char ** pubkey, /* pub bitstring */ + size_t * pubkey_size, + PKI_CRED * cred, + const CRYPTO_KEYPAIR * key); + +int CRYPTO_KEYPAIR_set(CRYPTO_KEYPAIR ** key, + const unsigned char * in, /* p8 */ + size_t size, + PKI_CRED * cred); + +CRYPTO_HASH CRYPTO_KEYPAIR_info(int * size, int * requires_hash, int * default_hash, + int * key_type, int * curve, int * bits, char * label, int * id, const CRYPTO_KEYPAIR * key); + + +// // CRYPTO_KEYPAIR *CRYPTO_KEYPAIR_new_kp(PKI_KEYPARAMS * kp, +// // PKI_CRED * cred, +// // char * label, +// // HSM * hsm); + +// // CRYPTO_KEYPAIR *CRYPTO_KEYPAIR_new_url(CRYPTO_TYPE type, +// // int bits, +// // URL * url, +// // PKI_CRED * cred, +// // HSM * hsm); + +// // CRYPTO_KEYPAIR *CRYPTO_KEYPAIR_new_url_kp(PKI_KEYPARAMS * kp, +// // URL * url, +// // PKI_CRED * cred, +// // HSM * hsm); + +// // /* ------------------------ General Functions ----------------------- */ + +// // char *CRYPTO_KEYPAIR_get_parsed(const CRYPTO_KEYPAIR *pkey ); + +// // CRYPTO_TYPE CRYPTO_KEYPAIR_get_scheme(const CRYPTO_KEYPAIR *k); + +// // void * CRYPTO_KEYPAIR_get_algor(const CRYPTO_KEYPAIR * k, +// // const PKI_DIGEST_ALG * digest); + +// // int CRYPTO_KEYPAIR_get_id(const CRYPTO_KEYPAIR * key); + +// // int CRYPTO_KEYPAIR_VALUE_get_id(const CRYPTO_KEYPAIR_VALUE * pkey); + +// // // /*! +// // // * \brief Returns the OSSL key type of the keypair +// // // * +// // // * This function returns the OSSL key type of the keypair. The +// // // * returned value can be used to compare with PKEY_METHOD backed +// // // * keys. +// // // * +// // // * @param pkey A pointer to the CRYPTO_KEYPAIR_VALUE data structure +// // // * @return The OSSL key type of the keypair (int) +// // // */ +// // // int CRYPTO_KEYPAIR_get_ossl_type(const CRYPTO_KEYPAIR * pkey); + +// // // /*! +// // // * @brief Returns the OSSL key type of the keypair value +// // // * +// // // * This function returns the OSSL key type of the keypair value. The +// // // * returned value can be used to compare with PKEY_METHOD backed +// // // * keys (e.g., type == EVP_PKEY_RSA) +// // // * +// // // * @param pkey A pointer to the CRYPTO_KEYPAIR_VALUE data structure +// // // * @return The OSSL key type of the keypair value (int) +// // // */ +// // // int CRYPTO_KEYPAIR_VALUE_get_ossl_type(const CRYPTO_KEYPAIR_VALUE * pkey); + +// /// @brief Returns the ID of the default digest algorithm for a CRYPTO_KEYPAIR +// /// @param key A CRYPTO_KEYPAIR data structure +// /// @return The PKI_ID of the identified algorithm or PKI_ID_UNKNOWN +// int CRYPTO_KEYPAIR_get_default_digest(const CRYPTO_KEYPAIR * key); + +// /// @brief Returns the ID of the default digest algorithm for a CRYPTO_KEYPAIR_VALUE +// /// @param pkey A CRYPTO_KEYPAIR_VALUE data structure +// /// @return The PKI_ID of the identified algorithm or PKI_ID_UKNOWN +// int CRYPTO_KEYPAIR_VALUE_get_default_digest(const CRYPTO_KEYPAIR_VALUE * pkey); + +// /*! +// * @brief Checks if a kepair requires a digest algorithm for signing +// * @param k The CRYPTO_KEYPAIR data structure +// * @return PKI_OK if a digest is required, PKI_ERR otherwise +// */ +// int CRYPTO_KEYPAIR_requires_digest(const CRYPTO_KEYPAIR * k); + +// /*! +// * @brief Checks if a kepair requires a digest algorithm for signing +// * @param k The CRYPTO_KEYPAIR_VALUE data structure +// * @return PKI_OK if a digest is required, PKI_ERR otherwise +// */ +// int CRYPTO_KEYPAIR_VALUE_requires_digest(const CRYPTO_KEYPAIR_VALUE * pkey); + +// /// @brief Returns PKI_OK if the digest algorithm is supported by the Public Key +// /// @param k A pointer to the CRYPTO_KEYPAIR data structure +// /// @param digest A pointer to te PKI_DIGEST_ALG +// /// @return The PKI_OK value if the digest is supported, PKI_ERR otherwise +// int CRYPTO_KEYPAIR_is_digest_supported(const CRYPTO_KEYPAIR * k, const PKI_DIGEST_ALG * digest); + +// /// @brief Returns if the passed digest is supported by the Public Key +// /// @param k A pointer to the CRYPTO_KEYPAIR_VALUE data structure +// /// @param digest A pointer to te PKI_DIGEST_ALG +// /// @return The PKI_OK value if the digest is supported, PKI_ERR otherwise +// int CRYPTO_KEYPAIR_VALUE_is_digest_supported(const CRYPTO_KEYPAIR_VALUE * pkey, const PKI_DIGEST_ALG * digest); + +// int CRYPTO_KEYPAIR_get_size(const CRYPTO_KEYPAIR *k); + +// PKI_MEM *CRYPTO_KEYPAIR_get_pubkey(const CRYPTO_KEYPAIR *kp); + +// PKI_MEM *CRYPTO_KEYPAIR_get_privkey(const CRYPTO_KEYPAIR *kp); + +// CRYPTO_DIGEST *CRYPTO_KEYPAIR_VALUE_pub_digest(const CRYPTO_KEYPAIR_VALUE * pkey, +// const PKI_DIGEST_ALG * md ); + +// CRYPTO_TYPE CRYPTO_KEYPAIR_VALUE_get_scheme(const CRYPTO_KEYPAIR_VALUE *pVal); + +// PKI_X509_ALGOR_VALUE * CRYPTO_KEYPAIR_VALUE_get_algor (const CRYPTO_KEYPAIR_VALUE * pVal, +// const PKI_ID digest_id); + +// int CRYPTO_KEYPAIR_VALUE_get_size (const CRYPTO_KEYPAIR_VALUE *pKey ); + +// CRYPTO_DIGEST *CRYPTO_KEYPAIR_pub_digest (const CRYPTO_KEYPAIR * pkey, +// const PKI_DIGEST_ALG * md); + +// /* ------------------------ EC Specific ------------------------------ */ + +// /*! +// * \brief Returns the PKI_ID of the EC curve of the Key (EC keys only) +// */ +// int CRYPTO_KEYPAIR_get_curve(const CRYPTO_KEYPAIR *kp); + +// /* ----------------------- PKCS#8 Format ----------------------------- */ + +// PKI_MEM *CRYPTO_KEYPAIR_VALUE_get_p8 (const CRYPTO_KEYPAIR_VALUE * pkey ); + +// PKI_MEM *CRYPTO_KEYPAIR_get_p8(const CRYPTO_KEYPAIR *key ); + +// CRYPTO_KEYPAIR_VALUE *CRYPTO_KEYPAIR_VALUE_new_p8(const PKI_MEM *buf ); + +// CRYPTO_KEYPAIR *CRYPTO_KEYPAIR_new_p8(const PKI_MEM *buf ); + +// /* --------------------- PKEY Encrypt/Decrypt --------------------------- */ + +// /*! @brief This function encrypts the input data under a keypair and a padding scheme. +// * +// * @param pVal is the CRYPTO_KEYPAIR_VALUE that will be used for encryption +// * @param data is the pointer to the input data +// * @param data_len is the size of the input data +// * @param pad is the padding scheme to use (def. OAEP) +// * @return A pointer to a PKI_MEM structure that contains the encrypted data. +// */ +// PKI_MEM * CRYPTO_KEYPAIR_VALUE_encrypt(const CRYPTO_KEYPAIR_VALUE * pVal, +// const unsigned char * const data, +// size_t const data_len, +// int const flags); + +// /*! @brief This function encrypts the input data under a keypair and a padding scheme. +// * +// * @param pVal is the CRYPTO_KEYPAIR that will be used for encryption +// * @param data is the pointer to the input data +// * @param data_len is the size of the input data +// * @param pad is the padding scheme to use (def. OAEP) +// * @return A pointer to a PKI_MEM structure that contains the encrypted data. +// */ +// PKI_MEM * CRYPTO_KEYPAIR_encrypt(const CRYPTO_KEYPAIR * keypair, +// const unsigned char * const data, +// size_t const data_len, +// int const flags); + +// /*! @brief This function decrypts the input data via a keypair and a padding scheme. +// * +// * @param pVal is the CRYPTO_KEYPAIR_VALUE that was used to encrypt the data +// * @param data is the pointer to the encrypted data +// * @param data_len is the length of the encrypted data (bytes) +// * @param padding is the selected padding mode (def. OAEP) +// * @return a pointer to a PKI_MEM that contains the decrypted data. +// */ +// PKI_MEM * CRYPTO_KEYPAIR_VALUE_decrypt(const CRYPTO_KEYPAIR_VALUE * pVal, +// const unsigned char * const data, +// size_t const data_len, +// int const flags); + +// /*! @brief This function decrypts the input data via a keypair and a padding scheme. +// * +// * @param pVal is the CRYPTO_KEYPAIR that was used to encrypt the data +// * @param data is the pointer to the encrypted data +// * @param data_len is the length of the encrypted data (bytes) +// * @param padding is the selected padding mode (def. OAEP) +// * @return a pointer to a PKI_MEM that contains the decrypted data. +// */ +// PKI_MEM * CRYPTO_KEYPAIR_decrypt(const CRYPTO_KEYPAIR * keypair, +// const unsigned char * const data, +// size_t const data_len, +// int const flags); + +// /*! \brief Exports a raw public key value into a PKI_MEM +// * +// * This function returns the internal structure of a public key in +// * its DER representation from a CRYPTO_KEYPAIR data structure. +// * For example, for RSA keys this function exports the following +// * data: +// * +// * rsaKey := SEQUENCE { +// * modulus INTEGER, +// * publicExponent INTEGER } +// * +// * in DER format in the output buffer. If the @pki_mem parameter +// * or the deferred pointer (@*pki_mem) are NULL, a new PKI_MEM +// * structure will be allocated and returned. In case the *pki_mem +// * is not NULL, the passed PKI_MEM structure will be used (if +// * any data is present it will be first freed with PKI_Free). +// * The function returns NULL in case of errors. +// * +// * @param k_val The pointer to the CRYPTO_KEYPAIR to use +// * @param pki_mem The output structure where to store the data +// * @retval A pointer to the PKI_MEM with the retrieved data. +// */ +// PKI_MEM *CRYPTO_KEYPAIR_get_public_bitstring(const CRYPTO_KEYPAIR * const k_val, +// PKI_MEM ** pki_mem); + +// /*! \brief Exports a raw public key value into a PKI_MEM +// * +// * This function returns the internal structure of a public key in +// * its DER representation from a CRYPTO_KEYPAIR_VALUE pointer. +// * For example, for RSA keys this function exports the following +// * data: +// * +// * rsaKey := SEQUENCE { +// * modulus INTEGER, +// * publicExponent INTEGER } +// * +// * in DER format in the output buffer. If the @pki_mem parameter +// * or the deferred pointer (@*pki_mem) are NULL, a new PKI_MEM +// * structure will be allocated and returned. In case the *pki_mem +// * is not NULL, the passed PKI_MEM structure will be used (if +// * any data is present it will be first freed with PKI_Free). +// * The function returns NULL in case of errors. +// * +// * @param k_val The pointer to the CRYPTO_KEYPAIR_VALUE to use +// * @param pki_mem The output structure where to store the data +// * @retval A pointer to the PKI_MEM with the retrieved data. +// */ +// PKI_MEM *CRYPTO_KEYPAIR_VALUE_get_public_bitstring(const CRYPTO_KEYPAIR_VALUE * const k_val, +// PKI_MEM ** pki_mem); + +#endif diff --git a/src/libpki/crypto/crypto_keyparams.h b/src/libpki/crypto/crypto_keyparams.h new file mode 100644 index 00000000..068343d5 --- /dev/null +++ b/src/libpki/crypto/crypto_keyparams.h @@ -0,0 +1,118 @@ +/* openssl/CRYPTO_KEYPARAMS.c */ + +#ifndef _LIBPKI_CRYPTO_TYPES_H +#include +#endif + +#ifndef _LIBPKI_UTILS_TYPES_H +#include +#endif + + +#ifndef _LIBPKI_CRYPTO_KEYPARAMS_H +#define _LIBPKI_CRYPTO_KEYPARAMS_H + + +/*! \brief Allocates a new CRYPTO_KEYPARAMS structure + * + * This function allocates a new CRYPTO_KEYPARAMS structure and returns a pointer + * to it. The scheme parameter is used to specify the scheme of the CRYPTO_KEYPARAMS + * object to be created. If the scheme is not supported, the function will return + * NULL. + * + * @param scheme The scheme of the CRYPTO_KEYPARAMS object to be created + * @param conf The PKI_CONFIG object to be used with the CRYPTO_KEYPARAMS object + * @return A pointer to the newly created CRYPTO_KEYPARAMS object + */ +CRYPTO_KEYPARAMS *CRYPTO_KEYPARAMS_new(CRYPTO_TYPE algor, const PKI_CONFIG *conf); + +/*! \breif Frees the CRYPTO_KEYPARAMS structure + * + * This function frees the CRYPTO_KEYPARAMS structure and all of its associated + * memory. + * + * @param kp A pointer to the CRYPTO_KEYPARAMS structure to be freed + */ +void CRYPTO_KEYPARAMS_free(CRYPTO_KEYPARAMS *params); + +/*! \brief Returns the type of the CRYPTO_KEYPARAMS structure + * + * This function returns the type of the CRYPTO_KEYPARAMS structure. + * + * @param kp The CRYPTO_KEYPARAMS structure + * @return The type of the CRYPTO_KEYPARAMS structure + */ +CRYPTO_TYPE CRYPTO_KEYPARAMS_type(const CRYPTO_KEYPARAMS * params); + + +/*! + * @brief Sets the scheme and security bits in the CRYPTO_KEYPARAMS structure + * + * This function sets the scheme and security bits in the CRYPTO_KEYPARAMS + * structure. If the scheme is not supported, the function will return + * PKI_ERR. + * + * @param kp The CRYPTO_KEYPARAMS structure to set + * @param scheme_id The requested scheme to set in the structure + * @param sec_bits The requested security bits + * @retval PKI_OK on success, PKI_ERR on failure + */ +int CRYPTO_KEYPARAMS_set_type(CRYPTO_KEYPARAMS * params, CRYPTO_TYPE algor); + +/*! + * @brief Sets the size (in bits) for the RSA key type + * + * This function sets the size (in bits) for the RSA key type in the + * CRYPTO_KEYPARAMS structure. + * + * @param kp The CRYPTO_KEYPARAMS structure to set + * @param bits The size (in bits) to set + * @retval PKI_OK on success, PKI_ERR on failure + * @see CRYPTO_KEYPARAMS + */ +int CRYPTO_KEYPARAMS_RSA_set(CRYPTO_KEYPARAMS * kp, int bits); + +/*! \brief Sets the parameters for the EC key type + * + * This function sets the parameters for the EC key type in the CRYPTO_KEYPARAMS + * structure. The curveName parameter is used to specify the curve to be used. + * The curveForm parameter is used to specify the form of the curve. The ans1flags + * parameter is used to specify the flags to be used. + * + * @param kp The CRYPTO_KEYPARAMS structure to set + * @param curveName The name of the curve to set + * @param curveForm The form of the curve to set + * @param ans1flags The flags to set + * @retval PKI_OK on success, PKI_ERR on failure + * @see CRYPTO_KEYPARAMS + */ +int CRYPTO_KEYPARAMS_ECDSA_set(CRYPTO_KEYPARAMS * kp, + const char * curveName, + CRYPTO_EC_FORM curveForm, + int ans1flags); + +// ======================== +// Composite Crypto Support +// ======================== + +#ifdef ENABLE_COMPOSITE + +/*! \brief Adds a key to the list of keys for Composite keys */ +int CRYPTO_KEYPARAMS_add_key(CRYPTO_KEYPARAMS * kp, PKI_X509_KEYPAIR * key); + +/*! \brief Sets the k_of_n parameter for Composite keys */ +int CRYPTO_KEYPARAMS_set_kofn(CRYPTO_KEYPARAMS * kp, int kofn); + +#endif // End of ENABLE_COMPOSITE + +// ========================= +// Open Quantum Safe Support +// ========================= + +#if defined(ENABLE_OQS) || defined(ENABLE_OQSPROV) + +int CRYPTO_KEYPARAMS_MLDSA_set(CRYPTO_KEYPARAMS * params, PKI_ALGOR_OQS_PARAM algParam); + +#endif // End of ENABLE_OQS + +#endif // _LIBPKI_CRYPTO_KEYPARAMS_H diff --git a/src/libpki/crypto/crypto_operations.h b/src/libpki/crypto/crypto_operations.h new file mode 100644 index 00000000..e88ad0bd --- /dev/null +++ b/src/libpki/crypto/crypto_operations.h @@ -0,0 +1,71 @@ +/* pki_keypair.h */ + +#ifndef _LIBPKI_SYSTEM_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_TYPES_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_OPERATIONS_H +#define _LIBPKI_CRYPTO_OPERATIONS_H + +/*! \brief This function signs the input data using a keypair and a digest algorithm. + * + * @param sig is the pointer to the signature + * @param sig_len is the size of the signature + * @param data is the pointer to the input data + * @param data_len is the size of the input data + * @param digest is the digest algorithm to use + * @param key is the keypair to use for signing + * @return PKI_OK if the signature is successful, PKI_ERR otherwise +*/ +int CRYPTO_sign(const byte ** sig, + size_t * sig_len, + const byte * data, + size_t data_len, + const CRYPTO_HASH * digest, + const CRYPTO_KEYPAIR * key); + +int CRYPTO_verify(const byte * sig, + size_t sig_len, + const byte * data, + size_t data_len, + const CRYPTO_HASH * digest, + const CRYPTO_KEYPAIR * key); + +/*! @brief This function encrypts the input data under a keypair and a padding scheme. + * + * @param pVal is the CRYPTO_KEYPAIR_VALUE that will be used for encryption + * @param data is the pointer to the input data + * @param data_len is the size of the input data + * @param pad is the padding scheme to use (def. OAEP) + * @return A pointer to a PKI_MEM structure that contains the encrypted data. + */ +int CRYPTO_encrypt(const byte ** enc_data, + size_t const enc_data_size, + const byte * const data, + size_t const data_len, + int const flags, + const CRYPTO_KEYPAIR * keypair); + +/*! @brief This function decrypts the input data via a keypair and a padding scheme. + * + * This function decrypts the input data via a keypair and a padding scheme. + * The decrypted data is returned in a + * + * @param pVal is the CRYPTO_KEYPAIR_VALUE that was used to encrypt the data + * @param data is the pointer to the encrypted data + * @param data_len is the length of the encrypted data (bytes) + * @param padding is the selected padding mode (def. OAEP) + * @return a pointer to a PKI_MEM that contains the decrypted data. + */ +int CRYPTO_decrypt(const byte ** dec_data, + size_t const dec_data_size, + const byte * const data, + size_t const data_len, + int const flags, + const CRYPTO_KEYPAIR * keypair); + +#endif /* _LIBPKI_CRYPTO_OPERATIONS_H */ diff --git a/src/libpki/crypto/crypto_utils.h b/src/libpki/crypto/crypto_utils.h new file mode 100644 index 00000000..4ff92d4c --- /dev/null +++ b/src/libpki/crypto/crypto_utils.h @@ -0,0 +1,118 @@ +/* libpki/pki_algor.h */ + +#ifndef _LIBPKI_OS_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_TYPES_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_UTILS_H +#define _LIBPKI_CRYPTO_UTILS_H + +/*! + * @brief Returns an array of random bytes + * @param buf The buffer to store the random bytes + * @param num The size of the buffer + * @return PKI_OK if the operation was successful, PKI_ERR otherwise + */ +int CRYPTO_RAND(unsigned char **buf, size_t size, const HSM * hsm); + +/*! \brief Digests the data using the specified algorithm + * + * This function digests the data using the specified algorithm and returns the + * digest in the out parameter. The out_size parameter is used to store the size + * of the digest. The algorithm parameter is used to specify the algorithm to be + * used. The data parameter is used to specify the data to be digested. The size + * parameter is used to specify the size of the data. The salt parameter is used + * to specify the salt to be used with the data. The salt_size parameter is used + * to specify the size of the salt. The pepper parameter is used to specify the + * pepper to be used with the data. The pepper_size parameter is used to specify + * the size of the pepper. + * + * @param out The digest + * @param out_size The size of the digest + * @param algorithm The algorithm to be used + * @param data The data to be digested + * @param size The size of the data + * @param salt The salt to be used or NULL + * @param salt_size The size of the salt + * @param pepper The pepper to be used or NULL + * @param pepper_size The size of the pepper + * @param hsm The HSM to be used or NULL + * @return PKI_OK if successful, PKI_ERR otherwise + * @see CRYPTO_HASH + */ +int CRYPTO_DIGEST(unsigned char **out, size_t *out_size, + CRYPTO_TYPE algorithm, const unsigned char *data, size_t size, + const unsigned char * salt, size_t salt_size, + const unsigned char * pepper, size_t pepper_size, const HSM * hsm); + +/*! \brief Signs the data using the specified HMAC algorithm and key + * + * This function signs the data using the specified HMAC algorithm and key and + * returns the signature in the out parameter. The out_size parameter is used to + * store the size of the signature. The hmac_algo parameter is used to specify + * the HMAC algorithm to be used. The key parameter is used to specify the key to + * be used with the HMAC algorithm. The key_size parameter is used to specify the + * size of the key. The data parameter is used to specify the data to be signed. + * The size parameter is used to specify the size of the data. The hash_algo + * parameter is used to specify the hash algorithm to be used with the HMAC + * algorithm. The hsm parameter is used to specify the HSM to be used. + * + * @param out The signature + * @param out_size The size of the signature + * @param hmac_algo The HMAC algorithm to be used + * @param key The key to be used + * @param key_size The size of the key + * @param data The data to be signed + * @param size The size of the data + * @param hash_algo The hash algorithm to be used + * @param hsm The HSM to be used + * @return PKI_OK if successful, PKI_ERR otherwise + * @see CRYPTO_HASH + * @see CRYPTO_DIGEST + */ +int CRYPTO_HMAC(unsigned char **out, size_t *out_size, + CRYPTO_TYPE hmac_algo, unsigned char *key, size_t key_size, + const unsigned char *data, size_t size, + CRYPTO_HASH hash_algo, const HSM *hsm); + +/*! \brief Derives a symmetric key by using the specified algorithm + * + * This function derives a symmetric key by using the specified algorithm and + * returns the key in the out parameter. The out_size parameter is used to store + * the size of the key. The algorithm parameter is used to specify the algorithm + * to be used. The label parameter is used to specify the label to be used with + * the key. The label_size parameter is used to specify the size of the label. + * The key parameter is used to specify the key to be used with the label. The + * key_size parameter is used to specify the size of the key. The data parameter + * is used to specify the data to be used with the key. The data_size parameter + * is used to specify the size of the data. + * + * @param out The key + * @param out_size The size of the key + * @param algorithm The algorithm to be used + * @param label The label to be used + * @param label_size The size of the label + * @param key The key to be used + * @param key_size The size of the key + * @param data The data to be used + * @param data_size The size of the data + * @return PKI_OK if successful, PKI_ERR otherwise + * @see CRYPTO_HASH + */ +int CRYPTO_KDF(unsigned char ** out, + size_t * outlen, + unsigned char * label, + size_t labelen, + unsigned char * key, + size_t keylen, + unsigned char * data, + size_t datalen, + const CRYPTO_HASH hash_alg, + const HSM * hsm); + +#endif /* _LIBPKI_CRYPTO_UTILS_H */ + diff --git a/src/libpki/crypto/hsm/hsm_admin.h b/src/libpki/crypto/hsm/hsm_admin.h new file mode 100644 index 00000000..d32278c7 --- /dev/null +++ b/src/libpki/crypto/hsm/hsm_admin.h @@ -0,0 +1,46 @@ +/* HSM API */ + +#ifndef _LIBPKI_HSM_TYPES_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_TYPES_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_HSM_STORE_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_HSM_CRYPTO_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_HSM_ADMIN_H +#define _LIBPKI_CRYPTO_HSM_ADMIN_H + +BEGIN_C_DECLS + + // =================== + // HSM Admin Functions + // =================== + +int CRYPTO_HSM_new (void ** driver, const PKI_CONFIG * config); + +int CRYPTO_HSM_init( HSM *hsm ); + +int CRYPTO_HSM_free(void * driver); + +int CRYPTO_HSM_login ( HSM *hsm, PKI_CRED *cred ); + +int CRYPTO_HSM_logout ( HSM *hsm ); + +int CRYPTO_HSM_sign_algor ( HSM *hsm, unsigned char * oid ); + +int CRYPTO_HSM_set_fips_mode(const HSM *hsm, int k); + +int CRYPTO_HSM_is_fips_mode(const HSM *hsm); + +END_C_DECLS + +#endif /* _LIBPKI_CRYPTO_HSM_ADMIN_H */ diff --git a/src/libpki/crypto/hsm/hsm_crypto.h b/src/libpki/crypto/hsm/hsm_crypto.h new file mode 100644 index 00000000..5e55cef1 --- /dev/null +++ b/src/libpki/crypto/hsm/hsm_crypto.h @@ -0,0 +1,57 @@ +/* HSM API */ + +#ifndef _LIBPKI_HSM_TYPES_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_TYPES_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_HSM_CRYPTO_H +#define _LIBPKI_CRYPTO_HSM_CRYPTO_H + +BEGIN_C_DECLS + +unsigned long HSM_get_errno ( const HSM *hsm ); + +char *HSM_get_errdesc ( unsigned long err, const HSM *hsm ); + +int HSM_sign(const unsigned char * data, + size_t data_sz, + unsigned char ** sig, + size_t * sig_sz, + void * driver_key, + HSM * hsm); + +int HSM_verify(const unsigned char * data, + size_t data_sz, + const unsigned char * sig, + size_t sig_sz, + void * driver_key, + HSM * hsm); + +int HSM_derive(const unsigned char * out, + size_t out_sz, + const unsigned char * sig, + size_t sig_sz, + void * driver_key, + HSM * hsm); + +int HSM_encrypt(const unsigned char * data, + size_t data_sz, + const unsigned char * sig, + size_t sig_sz, + void * driver_key, + HSM * hsm); + +int HSM_decrypt(const unsigned char * data, + size_t data_len, + const unsigned char * sig, + size_t sig_len, + void * driver_key, + HSM * hsm); + +END_C_DECLS + +#endif /* _LIBPKI_CRYPTO_HSM_H */ diff --git a/src/libpki/crypto/hsm/hsm_store.h b/src/libpki/crypto/hsm/hsm_store.h new file mode 100644 index 00000000..ac97bf0e --- /dev/null +++ b/src/libpki/crypto/hsm/hsm_store.h @@ -0,0 +1,50 @@ +/* HSM API */ + +#ifndef _LIBPKI_HSM_TYPES_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_TYPES_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_HSM_STORE_H +#define _LIBPKI_CRYPTO_HSM_STORE_H + +BEGIN_C_DECLS + +// const HSM_STORE_CALLBACKS c_openssl_hsm_crypto_cb = { +// NULL, // store_num +// NULL, // store_info_get +// NULL, // store_info_free +// NULL, // select_slot +// NULL, // clear_slot +// NULL, // get_objects +// NULL, // add_objects +// NULL, // del_objects +// NULL, // key_wrap +// NULL // key_unwrap +// }; + +unsigned long HSM_STORE_num(HSM *hsm); +HSM_STORE_INFO * HSM_STORE_INFO_get ( unsigned long num, HSM *hsm ); +void HSM_STORE_INFO_free ( HSM_STORE_INFO *sl_info, HSM *hsm ); + +int HSM_STORE_select(HSM *hsm, unsigned long num, PKI_CRED *cred); +int HSM_STORE_clear(HSM *hsm, unsigned long num); + +int HSM_STORE_login(HSM *hsm, unsigned long num, PKI_CRED *cred); + +int HSM_STORE_INFO_print( unsigned long num, HSM *hsm ); + +int HSM_STORE_wrap(byte ** out, size_t * out_size, PKI_CRED *cred, void * driver_raw_key, HSM *hsm); +int HSM_STORE_unwrap(void * driver_raw_key, byte * in, size_t * in_size, PKI_CRED *cred, HSM *hsm); + +int HSM_STORE_del(byte * label, PKI_CRED *cred, HSM *hsm); +int HSM_STORE_add(void * obj, byte * label, PKI_CRED *cred, HSM *hsm); +int HSM_STORE_get(PKI_STACK ** sk, PKI_TYPE type, byte * label, PKI_TYPE format, HSM *hsm); + +END_C_DECLS + +#endif /* _LIBPKI_CRYPTO_HSM_STORE_H */ + diff --git a/src/libpki/crypto/hsm/hsm_utils.h b/src/libpki/crypto/hsm/hsm_utils.h new file mode 100644 index 00000000..4a8ba588 --- /dev/null +++ b/src/libpki/crypto/hsm/hsm_utils.h @@ -0,0 +1,41 @@ +/* HSM API */ + +#ifndef _LIBPKI_HSM_TYPES_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_TYPES_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_HSM_STORE_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_HSM_CRYPTO_H +#include +#endif + +#ifndef _LIBPKI_UTILS_TYPES_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_HSM_CORE_H +#define _LIBPKI_CRYPTO_HSM_CORE_H + +BEGIN_C_DECLS + + // ============== + // Core Interface + // ============== + +const HSM * HSM_new(const char * const dir, + const char * const name ); + +void HSM_free (HSM *hsm); + +const HSM * HSM_get_default(void); + +END_C_DECLS + +#endif /* _LIBPKI_CRYPTO_HSM_CORE_H */ diff --git a/src/drivers/openssl/Makefile.am b/src/libpki/crypto/hsm/openssl/Makefile.am similarity index 100% rename from src/drivers/openssl/Makefile.am rename to src/libpki/crypto/hsm/openssl/Makefile.am diff --git a/src/drivers/openssl/Makefile.in b/src/libpki/crypto/hsm/openssl/Makefile.in similarity index 100% rename from src/drivers/openssl/Makefile.in rename to src/libpki/crypto/hsm/openssl/Makefile.in diff --git a/src/libpki/openssl/data_st.h b/src/libpki/crypto/hsm/openssl/data_st.h similarity index 99% rename from src/libpki/openssl/data_st.h rename to src/libpki/crypto/hsm/openssl/data_st.h index 8316cc6f..88fd112f 100644 --- a/src/libpki/openssl/data_st.h +++ b/src/libpki/crypto/hsm/openssl/data_st.h @@ -1320,7 +1320,7 @@ typedef struct pki_digest_data { const PKI_DIGEST_ALG *algor; unsigned char *digest; size_t size; -} PKI_DIGEST; +} CRYPTO_DIGEST; typedef struct pki_store_st { void *store_ptr; diff --git a/src/libpki/crypto/hsm/openssl/openssl_hsm_admin.h b/src/libpki/crypto/hsm/openssl/openssl_hsm_admin.h new file mode 100644 index 00000000..a995876d --- /dev/null +++ b/src/libpki/crypto/hsm/openssl/openssl_hsm_admin.h @@ -0,0 +1,42 @@ +/* openssl_hsm_admin.h */ + +#ifndef _LIBPKI_CRYPTO_HSM_OPENSSL_TYPES_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_HSM_TYPES_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_HSM_OPENSSL_ADMIN_H +#define _LIBPKI_CRYPTO_HSM_OPENSSL_ADMIN_H + +BEGIN_C_DECLS + +int HSM_OPENSSL_new_driver(void **hsm_driver); + +int HSM_OPENSSL_free_driver(void *hsm_driver); + +int HSM_OPENSSL_init(void * hsm_driver, const PKI_CONFIG * conf); + +int HSM_OPENSSL_set_fips_mode(const void * hsm_driver, int mode); + +int HSM_OPENSSL_is_fips_mode(const void * hsm_driver); + + +// /* ------------------- Keypair Functions --------------------- */ + +// PKI_X509_KEYPAIR *HSM_OPENSSL_X509_KEYPAIR_new( PKI_KEYPARAMS *pk, +// URL *url, PKI_CRED *cred, HSM *driver ); +// void HSM_OPENSSL_X509_KEYPAIR_free ( PKI_X509_KEYPAIR *pkey ); + +// int OPENSSL_HSM_write_bio_PrivateKey (BIO *bp, EVP_PKEY *x, +// const EVP_CIPHER *enc, unsigned char *kstr, int klen, +// pem_password_cb *cb, void *u); + +// EVP_PKEY *OPENSSL_HSM_KEYPAIR_dup(EVP_PKEY *kVal); + +END_C_DECLS + +#endif /* _LIBPKI_CRYPTO_HSM_OPENSSL_ADMIN_H */ + diff --git a/src/libpki/crypto/hsm/openssl/openssl_hsm_core.h b/src/libpki/crypto/hsm/openssl/openssl_hsm_core.h new file mode 100644 index 00000000..fee5f763 --- /dev/null +++ b/src/libpki/crypto/hsm/openssl/openssl_hsm_core.h @@ -0,0 +1,30 @@ +/* openssl_hsm_core.h */ + +#ifndef _LIBPKI_CRYPTO_HSM_OPENSSL_TYPES_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_HSM_TYPES_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_HSM_OPENSSL_CORE_H +#define _LIBPKI_CRYPTO_HSM_OPENSSL_CORE_H + +int HSM_OPENSSL_is_fips_mode(const HSM *hsm); + +int HSM_OPENSSL_login ( HSM *hsm, PKI_CRED *cred ); + +int HSM_OPENSSL_logout ( HSM *hsm ); + +HSM *HSM_OPENSSL_new(const char * const dir, const char * const name ); + +void HSM_OPENSSL_free ( HSM *hsm ); + +int HSM_OPENSSL_init( HSM *hsm ); + +int HSM_OPENSSL_set_fips_mode(const HSM *hsm, int k); + +#endif /* _LIBPKI_CRYPTO_HSM_OPENSSL_CORE_H */ + + diff --git a/src/libpki/crypto/hsm/openssl/openssl_hsm_crypto.h b/src/libpki/crypto/hsm/openssl/openssl_hsm_crypto.h new file mode 100644 index 00000000..617c636a --- /dev/null +++ b/src/libpki/crypto/hsm/openssl/openssl_hsm_crypto.h @@ -0,0 +1,130 @@ +/* libpki/crypto/hsm/openssl/openssl_hsm.h */ + +#ifndef _LIBPKI_CRYPTO_HSM_TYPES_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_HSM_OPENSSL_H +#define _LIBPKI_CRYPTO_HSM_OPENSSL_H + +BEGIN_C_DECLS + +const HSM_CRYPTO_CALLBACKS c_openssl_hsm_crypto_cb = { + // ---- Error Handling Functions ---- // + HSM_OPENSSL_get_errno, // get_errno + HSM_OPENSSL_get_errdesc, // get_errdesc + // ---- Key Management Functions ---- // + NULL, // keypair_gen + NULL, // keypair_free + NULL, // keypair_get + // ---- General Crypto Functions ---- // + NULL, // sign + NULL, // verify + NULL, // encrypt + NULL, // decrypt + NULL // derive +}; + +// typedef struct hsm_crypto_cb_st { + +// /* ------------- HSM Management functions --------------- */ + +// /* Get Error number */ +// unsigned long (*get_errno)(const void * driver); + +// /* Get Error Description */ +// char * (*get_errdesc)(unsigned long err, char *str, size_t size, const void * driver); + +// /* ------------- Key Management functions --------------- */ + +// /* Create (new) Keypair */ +// int (*keypair_gen)(void ** out, const CRYPTO_KEYPARAMS * params, const char * label, void * driver); + +// /* Free memory associated with a keypair */ +// void (*keypair_free)(void * key, void * driver); + +// /* Retrieve the keypair data */ +// int (*keypair_get)(byte ** pub, size_t * pub_size, byte ** priv, size_t * priv_size, +// void * key, void * driver); + +// /* ------------- Crypto functions --------------- */ + +// /* \brief General Sign Function */ + +// int (*sign)(byte ** sig, size_t * sig_sz, const byte * data, size_t data_sz, +// const void * hsm_key, const void * hsm_driver); + +// /* \brief General Verify Function */ +// int (*verify)(const byte * sig, size_t sig_sz, const byte * data, size_t data_sz, +// const void * hsm_key, const void * hsm_driver); + +// /* \brief General Encrypt Function */ +// int (*encrypt)(byte ** out, size_t * out_sz, const byte * data, size_t data_sz, +// const void * hsm_key, const void * hsm_driver); + +// /* \brief General Decrypt Function */ +// int (*decrypt)(byte ** out, size_t out_sz, const byte * data, size_t data_sz, +// const void * hsm_key, const void * hsm_driver); + +// /* \brief General Derive Function */ +// int (*derive)(void ** hsm_key, const void * key_share_a, const void * key_share_b, +// const char *digest_alg, const void * driver); + +// } HSM_CRYPTO_CALLBACKS; + + // ==================== + // Functions Prototypes + // ==================== + +unsigned long HSM_OPENSSL_get_errno(const void * driver); + +char * HSM_OPENSSL_get_errdesc(unsigned long err, + char * str, + size_t str_sz, + const void * driver); + +int HSM_OPENSSL_keygen(void ** hsm_key, + const CRYPTO_KEYPARAMS * params, + const char * label, + void * hsm_driver); + +int HSM_OPENSSL_keyfree(void * hsm_key, void * hsm_driver); + +int HSM_OPENSSL_sign(byte ** sig, + size_t * sig_sz, + const byte * data, + size_t data_sz, + const void * hsm_key, + const void * hsm_driver); + +int HSM_OPENSSL_verify(const byte * sig, + size_t sig_sz, + const byte * data, + size_t data_sz, + const void * hsm_key, + const void * hsm_driver); + +int HSM_OPENSSL_encrypt(byte ** out, + size_t * out_sz, + const byte * data, + size_t data_sz, + const void * hsm_key, + const void * hsm_driver); + +int HSM_OPENSSL_decrypt(byte ** out, + size_t out_sz, + const byte * data, + size_t data_sz, + const void * hsm_key, + const void * hsm_driver); + +// int HSM_OPENSSL_derive(const unsigned char * out, +// size_t out_sz, +// const unsigned char * sig, +// size_t sig_sz, +// const void * driver_key, +// const void * hsm); + +END_C_DECLS + +#endif diff --git a/src/libpki/crypto/hsm/openssl/openssl_hsm_store.h b/src/libpki/crypto/hsm/openssl/openssl_hsm_store.h new file mode 100644 index 00000000..5e400e52 --- /dev/null +++ b/src/libpki/crypto/hsm/openssl/openssl_hsm_store.h @@ -0,0 +1,48 @@ +/* ENGINE Object Management Functions */ + +#ifndef _LIBPKI_CRYPTO_HSM_TYPES_H +#include +#endif + +#ifndef _LIBPKI_UTILS_STACK_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_HSM_OPENSSL_STORE_H +#define _LIBPKI_CRYPTO_HSM_OPENSSL_STORE_H + +BEGIN_C_DECLS + +const HSM_STORE_CALLBACKS c_openssl_hsm_store_cb = { + NULL, /* store_num */ + NULL, /* store_info_get */ + NULL, /* store_info_free */ + NULL, /* select_slot */ + NULL, /* clear_slot */ + NULL, /* get_objects */ + NULL, /* add_objects */ + NULL, /* del_objects */ + NULL, /* key_wrap */ + NULL, /* key_unwrap */ +}; + +END_C_DECLS +// /* ------------------- Retrieves a stack of objects ------------------- */ +// PKI_STACK * HSM_OPENSSL_OBJSK_get_url ( PKI_DATATYPE type, URL *url, +// PKI_CRED *cred, void *hsm ); + +// int HSM_OPENSSL_OBJSK_add_url ( PKI_STACK *sk, PKI_DATATYPE type, URL *url, +// PKI_CRED *cred, void *hsm ); + +// int HSM_OPENSSL_OBJSK_del_url ( PKI_STACK *sk, PKI_DATATYPE type, URL *url, +// PKI_CRED *cred, void *hsm); + +// PKI_MEM_STACK * HSM_OPENSSL_OBJSK_wrap_url ( PKI_STACK *, PKI_DATATYPE type, +// URL *url, PKI_CRED *cred, void *hsm); + +// /* --------------------- Internal Functions --------------------------- */ +// PKI_X509_KEYPAIR_STACK * HSM_OPENSSL_KEYPAIR_get_url (URL *url, PKI_CRED *cred, +// HSM *hsm); + +#endif + diff --git a/src/libpki/openssl/pki_oid_defs.h b/src/libpki/crypto/hsm/openssl/pki_oid_defs.h similarity index 100% rename from src/libpki/openssl/pki_oid_defs.h rename to src/libpki/crypto/hsm/openssl/pki_oid_defs.h diff --git a/src/libpki/crypto/hsm/openssl/types.h b/src/libpki/crypto/hsm/openssl/types.h new file mode 100644 index 00000000..458fe79c --- /dev/null +++ b/src/libpki/crypto/hsm/openssl/types.h @@ -0,0 +1,105 @@ +/* crypto_types.h */ + +#ifndef _LIBPKI_SYSTEM_H +# include +#endif + +#ifdef _LIBPKI_UTILS_TYPES_H +# include +#endif + +#ifdef ENABLE_OQS +# include +#endif + +#ifndef _LIBPKI_CRYPTO_HSM_OPENSSL_TYPES_H +#define _LIBPKI_CRYPTO_HSM_OPENSSL_TYPES_H + +# ifndef CRYPTO_NO_OPENSSL + +# include +# include +# include +# include +# include +# include +# include +# include +# include +# include +# include + +# include + +# include +# include + +# include + +# ifdef ENABLE_ECDSA +# include +# endif + +# ifdef ENABLE_OQS +# include +# endif + +BEGIN_C_DECLS + +/* Crypto Library Asymmetric Key */ +typedef struct evp_pkey_st CRYPTO_PKEY; // Replace 'EVP_PKEY' with 'evp_pkey_st' + +/* Crypto Library Hash Type */ +typedef struct evp_md_st CRYPTO_HASH; + +/* Crypto Library General Cipher Type */ +typedef struct evp_cipher_st CRYPTO_CIPHER; + +/* Some useful Key definitions */ +# ifndef CRYPTO_NO_RSA +# define CRYPTO_RSA RSA +# ifndef CRYPTO_NO_RSAPSS +# define CRYPTO_RSAPSS RSA +# endif +# endif + +# ifdef ENABLE_ECDSA +# define CRYPTO_EC EC_KEY +# endif + +// Typedef for EC Form +typedef point_conversion_form_t CRYPTO_EC_FORM; + +// Defines for supported EC Form +#define CRYPTO_EC_FORM_UNKNOWN 0 +#define CRYPTO_EC_FORM_COMPRESSED POINT_CONVERSION_COMPRESSED +#define CRYPTO_EC_FORM_UNCOMPRESSED POINT_CONVERSION_UNCOMPRESSED +#define CRYPTO_EC_FORM_HYBRID POINT_CONVERSION_HYBRID + +// Default Value +#define CRYPTO_EC_FORM_DEFAULT CRYPTO_EC_FORM_UNCOMPRESSED + +// ASN1 flags for EC keys +typedef enum { + CRYPTO_EC_ASN1_EXPLICIT_CURVE = OPENSSL_EC_EXPLICIT_CURVE, + CRYPTO_EC_ASN1_NAMED_CURVE = OPENSSL_EC_NAMED_CURVE, + CRYPTO_EC_ASN1_IMPLICIT_CURVE = -1 +} CRYPTO_EC_KEY_ASN1; + +// Default for ASN1 flag +#define CRYPTO_EC_KEY_ASN1_DEFAULT CRYPTO_EC_KEY_ASN1_NAMED_CURVE + +# if defined(ENABLE_OQS) || defined(ENABLE_OQSPROV) + +typedef enum { + PKI_ALGOR_OQS_PARAM_UNKNOWN = 0, + PKI_ALGOR_OQS_PARAM_DILITHIUM_AES, + PKI_ALGOR_OQS_PARAM_SPHINCS_SHAKE +} PKI_ALGOR_OQS_PARAM; + +# endif /* ENABLE_OQS */ + +END_C_DECLS + +# endif /* CRYPTO_NO_OPENSSL */ +# endif /* _LIBPKI_OPENSSL_TYPES_H */ diff --git a/src/libpki/drivers/pkcs11/pkcs11_hsm.h b/src/libpki/crypto/hsm/pkcs11/pkcs11_hsm.h similarity index 100% rename from src/libpki/drivers/pkcs11/pkcs11_hsm.h rename to src/libpki/crypto/hsm/pkcs11/pkcs11_hsm.h diff --git a/src/libpki/drivers/pkcs11/pkcs11_hsm_obj.h b/src/libpki/crypto/hsm/pkcs11/pkcs11_hsm_obj.h similarity index 100% rename from src/libpki/drivers/pkcs11/pkcs11_hsm_obj.h rename to src/libpki/crypto/hsm/pkcs11/pkcs11_hsm_obj.h diff --git a/src/libpki/drivers/pkcs11/pkcs11_hsm_pkey.h b/src/libpki/crypto/hsm/pkcs11/pkcs11_hsm_pkey.h similarity index 100% rename from src/libpki/drivers/pkcs11/pkcs11_hsm_pkey.h rename to src/libpki/crypto/hsm/pkcs11/pkcs11_hsm_pkey.h diff --git a/src/libpki/drivers/pkcs11/pkcs11_utils.h b/src/libpki/crypto/hsm/pkcs11/pkcs11_utils.h similarity index 100% rename from src/libpki/drivers/pkcs11/pkcs11_utils.h rename to src/libpki/crypto/hsm/pkcs11/pkcs11_utils.h diff --git a/src/libpki/drivers/pkcs11/rsa/cryptoki.h b/src/libpki/crypto/hsm/pkcs11/rsa/cryptoki.h similarity index 100% rename from src/libpki/drivers/pkcs11/rsa/cryptoki.h rename to src/libpki/crypto/hsm/pkcs11/rsa/cryptoki.h diff --git a/src/libpki/drivers/pkcs11/rsa/pkcs11.h b/src/libpki/crypto/hsm/pkcs11/rsa/pkcs11.h similarity index 100% rename from src/libpki/drivers/pkcs11/rsa/pkcs11.h rename to src/libpki/crypto/hsm/pkcs11/rsa/pkcs11.h diff --git a/src/libpki/drivers/pkcs11/rsa/pkcs11_func.h b/src/libpki/crypto/hsm/pkcs11/rsa/pkcs11_func.h similarity index 100% rename from src/libpki/drivers/pkcs11/rsa/pkcs11_func.h rename to src/libpki/crypto/hsm/pkcs11/rsa/pkcs11_func.h diff --git a/src/libpki/drivers/pkcs11/rsa/pkcs11f.h b/src/libpki/crypto/hsm/pkcs11/rsa/pkcs11f.h similarity index 100% rename from src/libpki/drivers/pkcs11/rsa/pkcs11f.h rename to src/libpki/crypto/hsm/pkcs11/rsa/pkcs11f.h diff --git a/src/libpki/drivers/pkcs11/rsa/pkcs11t.h b/src/libpki/crypto/hsm/pkcs11/rsa/pkcs11t.h similarity index 100% rename from src/libpki/drivers/pkcs11/rsa/pkcs11t.h rename to src/libpki/crypto/hsm/pkcs11/rsa/pkcs11t.h diff --git a/src/libpki/crypto/hsm/types.h b/src/libpki/crypto/hsm/types.h new file mode 100644 index 00000000..ee7d5722 --- /dev/null +++ b/src/libpki/crypto/hsm/types.h @@ -0,0 +1,359 @@ +/* hsm/types.h */ + +/* Configuration options: + * + */ + + +#ifndef _LIBPKI_SYSTEM_H +#include +#endif + +#ifndef _LIBPKI_UTILS_TYPES_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_HSM_TYPES_H +#define _LIBPKI_CRYPTO_HSM_TYPES_H + +BEGIN_C_DECLS + +#ifndef typedef byte +typedef unsigned char byte; +#endif + +// Forward declaration for the HSM structure +typedef struct pki_config_st PKI_CONFIG; +typedef struct pki_cred_st PKI_CRED; +typedef struct pki_mem_st PKI_MEM; + +typedef struct crypto_keyparams_st CRYPTO_KEYPARAMS; +typedef struct crypto_keypair_st CRYPTO_KEYPAIR; + +/* \brief HSM Manufacturer ID Size */ +#define HSM_MANUFACTURER_ID_SIZE 32 + +/* \brief HSM Description Size */ +#define HSM_DESCRIPTION_SIZE 32 + +/* \brief HSM Slot Description Size */ +#define HSM_STORE_DESCRIPTION_SIZE 64 + +/* \brief HSM Label Size */ +#define HSM_LABEL_SIZE 32 + +/* \brief HSM Model Size */ +#define HSM_MODEL_SIZE 16 + +/* \brief HSM Serial Number Size */ +#define HSM_SERIAL_NUMBER_SIZE 16 + +/* \brief HSM UTC Time Size */ +#define HSM_UTC_TIME_SIZE 16 + +/* \brief HSM Types */ +typedef enum { + HSM_TYPE_OTHER = 0, + HSM_TYPE_SOFTWARE, + HSM_TYPE_PKCS11 +} HSM_TYPE; + +/* \brief HSM Key Pair Handlers' Indexes */ +typedef enum hsm_keypair_handler_idx { + KEYPAIR_DRIVER_HANDLER_IDX = 0, + KEYPAIR_PRIVKEY_HANDLER_IDX, + KEYPAIR_PUBKEY_HANDLER_IDX +} HSM_KEYPAIR_HANDLER; + +/* \brief HSM Info Data Structure */ +typedef struct hsm_info_st { + + /* \brief HSM Version Major Number */ + unsigned short version_major; + + /* \brief HSM Version Minor Number */ + unsigned short version_minor; + + /* \brief HSM Manufacturer ID */ + char manufacturerID[HSM_MANUFACTURER_ID_SIZE]; + + /* \brief HSM Description */ + char description[HSM_DESCRIPTION_SIZE]; + + /* \brief HSM Library Version Major Number */ + unsigned short lib_version_major; + + /* \brief HSM Library Version Minor Number */ + unsigned short lib_version_minor; + + /* \brief HSM Fips Mode of Operation */ + int fips_mode; + +} HSM_INFO; + +/* \brief HSM Token Info Data Structure */ +typedef struct hsm_token_info_st { + + /* \brief Token Label */ + char label[HSM_LABEL_SIZE]; + + /* \brief Token Manufacturer ID */ + char manufacturerID[HSM_DESCRIPTION_SIZE]; + + /* \brief Token Model */ + char model[HSM_MODEL_SIZE]; + + /* \brief Serial Number */ + char serialNumber[HSM_SERIAL_NUMBER_SIZE]; + + /* \brief Max Supported Sessions */ + unsigned long max_sessions; + + /* \brief Current Number of Sessions */ + unsigned long curr_sessions; + + /* \brief Maximum Pin Length */ + unsigned long max_pin_len; + + /* \brief Minimum Supported Pin Length */ + unsigned long min_pin_len; + + /* \brief Public Memory Total Size */ + unsigned long memory_pub_tot; + + /* \brief Available Public Memory Size */ + unsigned long memory_pub_free; + + /* \brief Private Memory Total Size */ + unsigned long memory_priv_tot; + + /* \brief Available Private Memory Size */ + unsigned long memory_priv_free; + + /* \brief Hardware Version Major Number */ + unsigned short hw_version_major; + + /* \brief Hardware Version Minor Number */ + unsigned short hw_version_minor; + + /* \brief Firmware Version Major Number */ + unsigned short fw_version_major; + + /* \brief Firmware Version Minor Number */ + unsigned short fw_version_minor; + + /* \brief Requires Login */ + unsigned short login_required; + + /* \brief Provides Random Number Generation */ + unsigned short has_rng; + + /* \brief Provides Clock Time */ + unsigned short has_clock; + + /* \brief Token UTC Time */ + char utcTime[HSM_UTC_TIME_SIZE]; + +} HSM_TOKEN_INFO; + +/* \brief HSM Slot Info Data Structure */ +typedef struct HSM_STORE_info_st { + + /* \brief Device Manufacturer ID */ + char manufacturerID[HSM_MANUFACTURER_ID_SIZE]; + + /* \brief Device Description */ + char description[HSM_STORE_DESCRIPTION_SIZE]; + + /* \brief Hardware Version */ + unsigned short hw_version_major; + unsigned short hw_version_minor; + + /* \brief Firmware Version */ + unsigned short fw_version_major; + unsigned short fw_version_minor; + + /* \brief Is the Slot Initialized? */ + unsigned short initialized; + + /* \brief Does the Slot have a valid token? */ + unsigned short present; + + /* \brief Is the Slot removable? */ + unsigned short removable; + + /* \brief Is the Slot a hardware Slot? */ + unsigned short hardware; + + /* \brief Info for the current inserted token */ + HSM_TOKEN_INFO token_info; + +} HSM_STORE_INFO; + +typedef struct hsm_admin_cb_st { + + /* ------------- HSM Management functions --------------- */ + + /* HSM driver new function */ + int (*new) (void ** driver); + + /* HSM initialization function */ + int (*init) (void * driver, const PKI_CONFIG * config); + + /* HSM driver free function */ + int (*free) (void * driver); + + /* HSM login */ + int (*login)(void * driver, PKI_CRED *cred); + + /* HSM logout */ + int (*logout)(void * driver); + + /* HSM set algor function */ + int (*sign_algor) (void * driver, unsigned char * oid); + + /* HSM set fips mode */ + int (*set_fips_mode) (const void * driver, int enabled); + + /* HSM gets fips operation mode */ + int (*is_fips_mode) (const void * driver); + +} HSM_ADMIN_CALLBACKS; + +typedef struct hsm_store_cb_st { + + /* ----------------- Store Management functions ----------------- */ + + /* Get the number of available Slots */ + unsigned long (*store_num)(struct hsm_st *); + + /* Get Slot info */ + HSM_STORE_INFO * (*store_info_get)(unsigned long, struct hsm_st *); + + /* Free memory associated with an HSM_STORE_INFO structure */ + void (*store_info_free) (HSM_STORE_INFO *, struct hsm_st *); + + /* Set the current slot */ + int (*select_slot)(unsigned long, PKI_CRED *cred, struct hsm_st *); + + /* Clear the current slot from any object present */ + int (*clear_slot)(unsigned long, PKI_CRED *cred, struct hsm_st *); + + /* -------------- Object Management functions -------------------- */ + + int (*get_objects)(PKI_STACK ** sk, PKI_TYPE type, byte * label, PKI_TYPE format, + void *driver); + + int (*add_objects)(const PKI_STACK * sk, PKI_TYPE type, byte * label, PKI_TYPE format, + void *driver); + + int (*del_objects)(PKI_TYPE type, byte * label, void *driver); + + /* Key Wrapping function */ + int (*key_wrap)(byte ** out, size_t *out_len, const char * label, size_t label_sz, char * wrappingkey_label, size_t wrappingkey_label_sz, void * driver); + + /* Key Unwrapping function */ + int (*key_unwrap)(CRYPTO_KEYPAIR ** key, const byte * data, size_t data_sz, const byte * label, size_t label_size, + const char * wrappingkey_label, size_t wrappingkey_label_sz, void * driver); + +} HSM_STORE_CALLBACKS; + +typedef struct hsm_crypto_cb_st { + + /* ------------- HSM Management functions --------------- */ + + /* Get Error number */ + unsigned long (*get_errno)(const void * driver); + + /* Get Error Description */ + char * (*get_errdesc)(unsigned long err, char *str, size_t size, const void * driver); + + /* ------------- Key Management functions --------------- */ + + /* Create (new) Keypair */ + int (*keypair_gen)(void ** out, const CRYPTO_KEYPARAMS * params, const char * label, void * driver); + + /* Free memory associated with a keypair */ + void (*keypair_free)(void * key, void * driver); + + /* Retrieve the keypair data */ + int (*keypair_get)(byte ** pub, size_t * pub_size, byte ** priv, size_t * priv_size, + void * key, void * driver); + + /* ------------- Crypto functions --------------- */ + + /* \brief General Sign Function */ + + int (*sign)(byte ** sig, size_t * sig_sz, const byte * data, size_t data_sz, + const void * hsm_key, const void * hsm_driver); + + /* \brief General Verify Function */ + int (*verify)(const byte * sig, size_t sig_sz, const byte * data, size_t data_sz, + const void * hsm_key, const void * hsm_driver); + + /* \brief General Encrypt Function */ + int (*encrypt)(byte ** out, size_t * out_sz, const byte * data, size_t data_sz, + const void * hsm_key, const void * hsm_driver); + + /* \brief General Decrypt Function */ + int (*decrypt)(byte ** out, size_t out_sz, const byte * data, size_t data_sz, + const void * hsm_key, const void * hsm_driver); + + /* \brief General Derive Function */ + int (*derive)(void ** hsm_key, const void * key_share_a, const void * key_share_b, + const char *digest_alg, const void * driver); + +} HSM_CRYPTO_CALLBACKS; + +/* Structure for HSM definition */ +typedef struct hsm_st { + + /* Version of the token */ + int version; + + /* ID of the driver - this is used to identify the driver + to be used, e.g., 'id://LunaCA' for loading the ENGINE + LunaCA extension */ + char * id_label; + + /* Description of the HSM */ + char *description; + + /* Manufacturer */ + char *manufacturer; + + /* Pointer to the HSM config file and parsed structure*/ + PKI_CONFIG *config; + + /* One of PKI_HSM_TYPE value */ + HSM_TYPE type; + + /* Pointer to the internal structure for drivers */ + void *driver; + + /* Pointer to internal session handler */ + void *session; + + /* Credential for the HSM - usually used for the SO */ + PKI_CRED *cred; + + /* Is Logged In */ + uint8_t isLoggedIn; + + /* Is Cred Set */ + uint8_t isCredSet; + + /* Login Requirements */ + const uint8_t isLoginRequired; + + /* HSM Callbacks */ + const HSM_ADMIN_CALLBACKS *admin_callbacks; + const HSM_STORE_CALLBACKS *store_callbacks; + const HSM_CRYPTO_CALLBACKS *crypto_callbacks; + +} HSM; + +END_C_DECLS + +#endif + diff --git a/src/libpki/drivers/openssl/data_st.h b/src/libpki/crypto/hsm/wolfssl/data_st.h similarity index 100% rename from src/libpki/drivers/openssl/data_st.h rename to src/libpki/crypto/hsm/wolfssl/data_st.h diff --git a/src/libpki/drivers/openssl/openssl_hsm.h b/src/libpki/crypto/hsm/wolfssl/wolfssl_hsm.h similarity index 100% rename from src/libpki/drivers/openssl/openssl_hsm.h rename to src/libpki/crypto/hsm/wolfssl/wolfssl_hsm.h diff --git a/src/libpki/drivers/openssl/openssl_hsm_cb.h b/src/libpki/crypto/hsm/wolfssl/wolfssl_hsm_cb.h similarity index 100% rename from src/libpki/drivers/openssl/openssl_hsm_cb.h rename to src/libpki/crypto/hsm/wolfssl/wolfssl_hsm_cb.h diff --git a/src/libpki/drivers/openssl/openssl_hsm_obj.h b/src/libpki/crypto/hsm/wolfssl/wolfssl_hsm_obj.h similarity index 100% rename from src/libpki/drivers/openssl/openssl_hsm_obj.h rename to src/libpki/crypto/hsm/wolfssl/wolfssl_hsm_obj.h diff --git a/src/libpki/drivers/openssl/openssl_hsm_pkey.h b/src/libpki/crypto/hsm/wolfssl/wolfssl_hsm_pkey.h similarity index 100% rename from src/libpki/drivers/openssl/openssl_hsm_pkey.h rename to src/libpki/crypto/hsm/wolfssl/wolfssl_hsm_pkey.h diff --git a/src/libpki/crypto/types.h b/src/libpki/crypto/types.h new file mode 100644 index 00000000..5524635f --- /dev/null +++ b/src/libpki/crypto/types.h @@ -0,0 +1,239 @@ +/* crypto_types.h */ + +#ifndef _LIBPKI_SYSTEM_H +# include +#endif + +#ifdef ENABLE_OQS +# include +#endif + +#ifdef _LIBPKI_UTILS_TYPES_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_HSM_TYPES_H +#include +#endif + +#ifndef CRYTO_NO_OPENSSL +#ifndef _LIBPKI_CRYPTO_HSM_OPENSSL_TYPES_H +#include +#endif +#endif + +#ifndef _LIBPKI_CRYPTO_TYPES_H +#define _LIBPKI_CRYPTO_TYPES_H + +BEGIN_C_DECLS + +#define CRYPTO_BUFFER_TINY_SZ 128 +#define CRYPTO_BUFFER_SMALL_SZ 1024 +#define CRYPTO_BUFFER_MEDIUM_SZ 2048 +#define CRYPTO_BUFFER_LARGE_SZ 8192 +#define CRYPTO_BUFFER_DEF_SZ CRYPTO_BUFFER_MEDIUM_SZ +#define CRYPTO_BUFFER_MAX_SZ CRYPTO_BUFFER_LARGE_SZ + +typedef enum c_key_min_enum { + CRYPTO_RSA_KEY_MIN_SIZE = 1024, + CRYPTO_DSA_KEY_MIN_SIZE = 2048, + CRYPTO_EC_KEY_MIN_SIZE = 256, +} CRYPTO_MIN_SZ; + +typedef enum c_key_default_enum { + CRYPTO_RSA_DEFAULT_SZ = 2048, + CRYPTO_DSA_DEFAULT_SZ = 2048, + CRYPTO_EC_DEFAULT_SZ = 256 +} CRYPTO_DEFAULT_SZ; + +typedef enum crypto_type_enum { + /* Signature - Traditional */ + CRYPTO_TYPE_RSA = 1, + CRYPTO_TYPE_RSAPSS, + CRYPTO_TYPE_ECDSA, + CRYPTO_TYPE_ED25519, + CRYPTO_TYPE_ED448, + /* Signature - quantum-safe */ + CRYPTO_TYPE_MLDSA44, + CRYPTO_TYPE_MLDSA65, + CRYPTO_TYPE_MLDSA87, + /* Signature - Composite */ + CRYPTO_TYPE_MLDSA44_P256, + CRYPTO_TYPE_MLDSA44_ED25519, + /* Key Exchange - quantum-safe */ + CRYPTO_TYPE_MLKEM512, + CRYPTO_TYPE_MLKEM768, + CRYPTO_TYPE_MLKEM1024, + /* Key Exchange - Composite */ + CRYPTO_TYPE_MLKEM768_P256, + CRYPTO_TYPE_MLKEM768_CURVE25519, + CRYPTO_TYPE_MLKEM1024_CURVE448, + /* Hash Types */ + CRYPTO_TYPE_SHA1, + CRYPTO_TYPE_SHA224, + CRYPTO_TYPE_SHA256, + CRYPTO_TYPE_SHA384, + CRYPTO_TYPE_SHA512, + CRYPTO_TYPE_SHA512_224, + CRYPTO_TYPE_SHA512_256, + CRYPTO_TYPE_SHA3_224, + CRYPTO_TYPE_SHA3_256, + CRYPTO_TYPE_SHA3_384, + CRYPTO_TYPE_SHA3_512, + CRYPTO_TYPE_SHAKE128, + CRYPTO_TYPE_SHAKE256, + /* HMAC */ + CRYPTO_TYPE_HMAC_SHA1, + CRYPTO_TYPE_HMAC_SHA224, + CRYPTO_TYPE_HMAC_SHA256, + CRYPTO_TYPE_HMAC_SHA384, + CRYPTO_TYPE_HMAC_SHA512, + CRYPTO_TYPE_HMAC_SHA512_224, + CRYPTO_TYPE_HMAC_SHA512_256, + CRYPTO_TYPE_HMAC_SHA3_224, + CRYPTO_TYPE_HMAC_SHA3_256, + CRYPTO_TYPE_HMAC_SHA3_384, + CRYPTO_TYPE_HMAC_SHA3_512, + CRYPTO_TYPE_HMAC_SHAKE128, + CRYPTO_TYPE_HMAC_SHAKE256, + + /* Password Based Encryption */ + CRYPTO_TYPE_PBKDF2, + CRYPTO_TYPE_PKCS5_PBES2, + CRYPTO_TYPE_PKCS5_PBKDF2, + + /* Symmetric Encryption */ + CRYPTO_TYPE_AES128, + CRYPTO_TYPE_AES192, + CRYPTO_TYPE_AES256, + CRYPTO_TYPE_AES128_GCM, + CRYPTO_TYPE_AES192_GCM, + CRYPTO_TYPE_AES256_GCM, + CRYPTO_TYPE_AES128_CCM, + CRYPTO_TYPE_AES192_CCM, + CRYPTO_TYPE_AES256_CCM, + CRYPTO_TYPE_AES128_CFB, + CRYPTO_TYPE_AES192_CFB, + CRYPTO_TYPE_AES256_CFB, + CRYPTO_TYPE_AES128_OFB, + CRYPTO_TYPE_AES192_OFB, + CRYPTO_TYPE_AES256_OFB, + CRYPTO_TYPE_AES128_CTR, + CRYPTO_TYPE_AES192_CTR, + CRYPTO_TYPE_AES256_CTR, + CRYPTO_TYPE_AES128_CBC, + CRYPTO_TYPE_AES192_CBC, + CRYPTO_TYPE_AES256_CBC, + CRYPTO_TYPE_AES128_XTS, + CRYPTO_TYPE_AES256_XTS, + + /* Symmetric Encryption - Quantum Safe */ + CRYPTO_TYPE_KYBER512, + CRYPTO_TYPE_KYBER768, + CRYPTO_TYPE_KYBER1024, + + /* Symmetric Encryption - Composite */ + +} CRYPTO_TYPE; + +typedef struct c_keyparams_st { + + int pkey_type; + int is_postquantum; + int is_deprecated; + +#ifndef CRYPTO_NO_RSA + struct { + int exponent; + int bits; + } rsa; + + struct { + int exponent; + int bits; + int mfg1; + } rsapss; +#endif + +#ifndef CRYPTO_NO_EDDSA + struct { + const char * curve; + } eddsa; +#endif + +#ifndef CRYTPO_NO_DSA + // DSA scheme parameters + struct { + int bits; + } dsa; +#endif + +#ifndef CRYPTO_NO_ECDSA + struct { + const char * curve; + CRYPTO_EC_FORM form; + int asn1flags; + } ec; +#endif + +#if defined(ENABLE_OQS) || defined(ENABLE_OQSPROV) + struct { + const char * alg; + } oqs; +#endif // ENABLE_OQS + +#ifdef ENABLE_COMPOSITE + struct { + const char * alg; + int k_of_n; + } comp; +#endif + +} CRYPTO_KEYPARAMS; + +typedef struct c_keypair_st { + CRYPTO_TYPE type; + CRYPTO_KEYPARAMS params; + void * crypto_lib_value; +} CRYPTO_KEYPAIR; + +typedef struct c_pw_cb_st { + const void *password; + const char *prompt_info; +} CRYPRO_PW_CB_DATA; + +typedef struct c_buffer_tiny_st { + size_t size; + byte data[CRYPTO_BUFFER_TINY_SZ]; +} CRYPTO_BUFFER_TINY; + +typedef struct c_buffer_small_st { + size_t size; + byte data[CRYPTO_BUFFER_SMALL_SZ]; +} CRYPTO_BUFFER_SMALL; + +typedef struct c_buffer_medium_st { + size_t size; + byte data[CRYPTO_BUFFER_MEDIUM_SZ]; +} CRYPTO_BUFFER_MEDIUM; + +typedef struct c_buffer_large_st { + size_t size; + byte data[CRYPTO_BUFFER_LARGE_SZ]; +} CRYPTO_BUFFER_LARGE; + +typedef struct c_digest_st { + CRYPTO_TYPE type; + CRYPTO_BUFFER_TINY digest; +} CRYPTO_DIGEST; + +typedef struct crypto_hmac_st { + // Digest Algoritm to use. Default is SHA-1 + CRYPTO_TYPE type; + CRYPTO_BUFFER_TINY key; +} CRYPTO_HMAC; + +END_C_DECLS + +/* End of _LIBPKI_HEADER_DATA_ST_H */ +#endif diff --git a/src/libpki/datatypes.h b/src/libpki/datatypes.h deleted file mode 100644 index b185dcd5..00000000 --- a/src/libpki/datatypes.h +++ /dev/null @@ -1,269 +0,0 @@ -/* OpenCA libpki package -* (c) 2000-2007 by Massimiliano Pala and OpenCA Group -* All Rights Reserved -* -* =================================================================== -* Released under OpenCA LICENSE -*/ - -#ifndef _LIBPKI_PKI_DATATYPES_H -#define _LIBPKI_PKI_DATATYPES_H - -// Library configuration -#ifdef __LIB_BUILD__ -#include -#else -#include -#endif - -#ifndef _LIBPKI_COMPAT_H -# include -#endif - -#ifdef ENABLE_OQS -# include -#endif - -BEGIN_C_DECLS - -/* PKI Datatypes */ -typedef enum { - /* Driver(s) Datatype */ - PKI_DATATYPE_UNKNOWN = 0, - PKI_DATATYPE_ANY, - PKI_DATATYPE_APPLICATION, - PKI_DATATYPE_PUBKEY, - PKI_DATATYPE_PRIVKEY, - PKI_DATATYPE_SECRET_KEY, - PKI_DATATYPE_CRED, - /* X509 types */ - PKI_DATATYPE_X509_EXTENSION, - PKI_DATATYPE_X509_KEYPAIR, - PKI_DATATYPE_X509_CERT, - PKI_DATATYPE_X509_CRL, - PKI_DATATYPE_X509_REQ, - PKI_DATATYPE_X509_PKCS7, - PKI_DATATYPE_X509_CMS, - PKI_DATATYPE_X509_PKCS12, - PKI_DATATYPE_X509_OCSP_REQ, - PKI_DATATYPE_X509_OCSP_RESP, - PKI_DATATYPE_X509_PRQP_REQ, - PKI_DATATYPE_X509_PRQP_RESP, - PKI_DATATYPE_X509_XPAIR, - PKI_DATATYPE_X509_CMS_MSG, - /* Non-X509 types */ - PKI_DATATYPE_EST_MSG, - PKI_DATATYPE_SCEP_MSG, - /* Custom Type */ - PKI_DATATYPE_CUSTOM, - /* Used in PKCS11 driver */ - PKI_DATATYPE_X509_CA, - PKI_DATATYPE_X509_TRUSTED, - PKI_DATATYPE_X509_OTHER -} PKI_DATATYPE; - -#define PKI_DATATYPE_SIZE 26 - -/* Token Datatypes */ -typedef enum { - PKI_TOKEN_DATATYPE_UNKNOWN = 0, - PKI_TOKEN_DATATYPE_KEYPAIR, - PKI_TOKEN_DATATYPE_PRIVKEY, - PKI_TOKEN_DATATYPE_PUBKEY, - PKI_TOKEN_DATATYPE_CERT, - PKI_TOKEN_DATATYPE_CACERT, - PKI_TOKEN_DATATYPE_TRUSTEDCERT, - PKI_TOKEN_DATATYPE_OTHERCERT, - PKI_TOKEN_DATATYPE_CRL, - PKI_TOKEN_DATATYPE_CRED, - PKI_TOKEN_DATATYPE_NICKNAME, - PKI_TOKEN_DATATYPE_IDENTITY -} PKI_TOKEN_DATATYPE; - -#define PKI_TOKEN_DATATYPE_SIZE 12 - -typedef enum { - /* Usual Ok */ - PKI_TOKEN_STATUS_OK = 0, - // General Setup Errors - PKI_TOKEN_STATUS_INIT_ERR = 1, - PKI_TOKEN_STATUS_LOGIN_ERR = 2, - // Key Crypto Errors - PKI_TOKEN_STATUS_KEYPAIR_LOAD = 4, - PKI_TOKEN_STATUS_KEYPAIR_CHECK_ERR = 8, - PKI_TOKEN_STATUS_KEYPAIR_MISSING_ERR = 16, - // Missing Data Errors - PKI_TOKEN_STATUS_CERT_MISSING_ERR = 32, - PKI_TOKEN_STATUS_CACERT_MISSING_ERR = 64, - PKI_TOKEN_STATUS_OTHERCERTS_MISSING_ERR = 128, - PKI_TOKEN_STATUS_TRUSTEDCERTS_MISSING_ERR = 1024, - // Generic Errors - PKI_TOKEN_STATUS_MEMORY_ERR = 2048, - PKI_TOKEN_STATUS_UNKNOWN = 4096, - // More Specific Errors - PKI_TOKEN_STATUS_HSM_ERR = 8192, -} PKI_TOKEN_STATUS; - -#define PKI_TOKEN_STATUS_SIZE 10 - -/* Data Export Format */ -typedef enum { - PKI_DATA_FORMAT_UNKNOWN = 0, - PKI_DATA_FORMAT_PEM, - PKI_DATA_FORMAT_ASN1, - PKI_DATA_FORMAT_B64, - PKI_DATA_FORMAT_TXT, - PKI_DATA_FORMAT_XML, - PKI_DATA_FORMAT_URL -} PKI_DATA_FORMAT; - -#define PKI_DATA_FORMAT_SIZE 7 -#define PKI_DATA_FORMAT_START PKI_DATA_FORMAT_PEM -#define PKI_DATA_FORMAT_END PKI_DATA_FORMAT_URL - -typedef enum { - PKI_DATA_FORMAT_FLAG_NONE = 0, - PKI_DATA_FORMAT_FLAG_B64_SKIPNEWLINES = 1 -} PKI_DATA_FORMAT_FLAG; - -#define PKI_DATA_FORMAT_FLAG_SIZE 2 - -typedef enum { - PKI_FORMAT_UNDEF = 0, - PKI_FORMAT_CMS, - PKI_FORMAT_SCEP, - PKI_FORMAT_NETSCAPE, - PKI_FORMAT_PKCS11, - PKI_FORMAT_SMIME, - PKI_FORMAT_ENGINE -} PKI_FORMAT; - -#define PKI_FORMAT_SIZE 7 - -/* Supported Datatype for retrieving data from an X509 data object */ -typedef enum { - PKI_X509_DATA_SERIAL = 0, - PKI_X509_DATA_VERSION, - PKI_X509_DATA_SUBJECT, - PKI_X509_DATA_ISSUER, - PKI_X509_DATA_NOTBEFORE, - PKI_X509_DATA_NOTAFTER, - PKI_X509_DATA_THISUPDATE, - PKI_X509_DATA_LASTUPDATE, - PKI_X509_DATA_NEXTUPDATE, - PKI_X509_DATA_PRODUCEDAT, - PKI_X509_DATA_ALGORITHM, - PKI_X509_DATA_KEYSIZE, - PKI_X509_DATA_KEYPAIR_VALUE, - PKI_X509_DATA_X509_PUBKEY, - PKI_X509_DATA_PUBKEY_BITSTRING, - PKI_X509_DATA_PRIVKEY, - PKI_X509_DATA_SIGNATURE, - PKI_X509_DATA_SIGNATURE_ALG1, - PKI_X509_DATA_SIGNATURE_ALG2, - PKI_X509_DATA_TBS_MEM_ASN1, - PKI_X509_DATA_SIGNER_CERT, - PKI_X509_DATA_SIGNATURE_CERTS, - PKI_X509_DATA_PRQP_SERVICES, - PKI_X509_DATA_PRQP_STATUS_STRING, - PKI_X509_DATA_PRQP_STATUS_VALUE, - PKI_X509_DATA_PRQP_REFERRALS, - PKI_X509_DATA_PRQP_CAID, - PKI_X509_DATA_NONCE, - PKI_X509_DATA_CERT_TYPE, - PKI_X509_DATA_EXTENSIONS -} PKI_X509_DATA; - -#define PKI_X509_DATA_SIZE 30 - -typedef enum { - PKI_X509_CERT_TYPE_UNKNOWN = 0, - PKI_X509_CERT_TYPE_CA = (1<<0), - PKI_X509_CERT_TYPE_USER = (1<<1), - PKI_X509_CERT_TYPE_SERVER = (1<<2), - PKI_X509_CERT_TYPE_PROXY = (1<<3), - PKI_X509_CERT_TYPE_ROOT = (1<<4) -} PKI_X509_CERT_TYPE; - -#define PKI_X509_CERT_TYPE_SIZE 6 - -typedef enum { - PKI_RSA_KEY_MIN_SIZE = 1024, - PKI_DSA_KEY_MIN_SIZE = 2048, - PKI_EC_KEY_MIN_SIZE = 128 -} PKI_KEY_MIN_SIZE; - -typedef enum { - PKI_RSA_KEY_DEFAULT_SIZE = 2048, - PKI_DSA_KEY_DEFAULT_SIZE = 2048, - PKI_EC_KEY_DEFAULT_SIZE = 256 -} PKI_KEY_DEFAULT_SIZE; - -/* Supported Signing schemes identifiers */ -typedef enum { - // Classic/Modern Cryptography - PKI_SCHEME_UNKNOWN = 0, - PKI_SCHEME_RSA, - PKI_SCHEME_RSAPSS, - PKI_SCHEME_DSA, -#ifdef ENABLE_ECDSA - // ECDSA signature scheme - PKI_SCHEME_ECDSA, -#endif - // ED signature schemes - PKI_SCHEME_ED448, - PKI_SCHEME_ED25519, - - // Key-Exchange based on Diffie-Hellman - PKI_SCHEME_DH, - - // Key-Exchange based on ED - PKI_SCHEME_X448, - PKI_SCHEME_X25519, - -#if defined(ENABLE_OQS) || defined (ENABLE_OQSPROV) - // Post Quantum Cryptography - KEMS - PKI_SCHEME_BIKE, - PKI_SCHEME_FRODOKEM, - PKI_SCHEME_CLASSIC_MCELIECE, - PKI_SCHEME_KYBER, - // Post Quantum Cryptography - Digital Signatures - PKI_SCHEME_FALCON, - PKI_SCHEME_SPHINCS, - PKI_SCHEME_DILITHIUM, - // Experimental Only - To Be Removed (DilithiumX) - PKI_SCHEME_DILITHIUMX3, -#endif // End of ENABLE_OQS || ENABLE_OQSPROV - -#ifdef ENABLE_COMPOSITE - // Composite Crypto Schemes - PKI_SCHEME_COMPOSITE, -#if defined(ENABLE_OQS) || defined (ENABLE_OQSPROV) - // Explicit Composite Crypto Schemes - PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM3_RSA, - PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM3_P256, - PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM3_BRAINPOOL256, - PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM3_ED25519, - PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM5_P384, - PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM5_BRAINPOOL384, - PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM5_ED448, - PKI_SCHEME_COMPOSITE_EXPLICIT_FALCON512_P256, - PKI_SCHEME_COMPOSITE_EXPLICIT_FALCON512_BRAINPOOL256, - PKI_SCHEME_COMPOSITE_EXPLICIT_FALCON512_ED25519, - PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM3_RSAPSS, - PKI_SCHEME_COMPOSITE_EXPLICIT_FALCON512_RSA, - PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM5_FALCON1024_P521, - PKI_SCHEME_COMPOSITE_EXPLICIT_DILITHIUM5_FALCON1024_RSA, -#endif // End of ENABLE_OQS || ENABLE_OQSPROV -#endif // End of ENABLE_COMPOSITE - -#ifdef ENABLE_COMBINED - // Combined Crypto Schemes - PKI_SCHEME_COMBINED, -#endif - -} PKI_SCHEME_ID; - -END_C_DECLS - -#endif diff --git a/src/libpki/drivers/engine/data_st.h b/src/libpki/drivers/engine/data_st.h deleted file mode 100644 index ef8caafe..00000000 --- a/src/libpki/drivers/engine/data_st.h +++ /dev/null @@ -1,64 +0,0 @@ -/* OpenCA libpki package -* (c) 2000-2006 by Massimiliano Pala and OpenCA Group -* All Rights Reserved -* -* =================================================================== -* Released under OpenCA LICENSE -*/ - -#ifndef _LIBPKI_HEADER_OPENSSL_DATA_ST_H -#define _LIBPKI_HEADER_OPENSSL_DATA_ST_H - -#include - -/* -typedef struct ENGINE PKI_OPENSSL_ENGINE; -typedef struct EVP_PKEY PKI_OPENSSL_KEYPAIR; - -#define PKI_OPENSSL_DIGEST_ALG EVP_MD -#define PKI_OPENSSL_ALGOR X509_ALGOR - -// typedef struct X509_NAME PKI_X509_NAME; -#define PKI_OPENSSL_X509_NAME X509_NAME - -#define PKI_OPENSSL_DIGEST_ALG_NULL NULL -#define PKI_OPENSSL_DIGEST_ALG_SHA1 EVP_sha1() -#define PKI_OPENSSL_DIGEST_ALG_MD5 EVP_md5() -#define PKI_OPENSSL_DIGEST_ALG_MD2 EVP_md2() -#ifdef ENABLE_ECDSA -#define PKI_OPENSSL_DIGEST_ALG_DSS1 EVP_dss1() -#else -#define PKI_OPENSSL_DIGEST_ALG_DSS1 NULL -#endif - -#define PKI_OPENSSL_ALGOR_UNKNOWN NID_undef -#define PKI_OPENSSL_ALGOR_RSA_MD5 NID_md5WithRSAEncryption -#define PKI_OPENSSL_ALGOR_RSA_MD2 NID_md2WithRSAEncryption -#define PKI_OPENSSL_ALGOR_RSA_SHA1 NID_sha1WithRSAEncryption -#define PKI_OPENSSL_ALGOR_DSA_SHA1 NID_dsaWithSHA1_2 -#ifdef ENABLE_ECDSA -#define PKI_OPENSSL_ALGOR_ECDSA_SHA1 NID_ecdsa_with_SHA1 -#else -#define PKI_OPENSSL_ALGOR_ECDSA_SHA1 NID_undef -#endif - -#define PKI_OPENSSL_OID ASN1_OBJECT -#define PKI_OPENSSL_X509_EXTENSION X509_EXTENSION - -typedef int PKI_OPENSSL_ALGOR_ID; -typedef struct X509 PKI_OPENSSL_X509_CERT; -typedef struct X509_REQ PKI_OPENSSL_X509_REQ; -typedef struct X509_CRL PKI_OPENSSL_X509_CRL; -*/ - -typedef struct pki_openssl_store_st { - void *store_ptr; -} PKI_OPENSSL_STORE; - -/* -#include -#include -*/ - -/* End of _LIBPKI_HEADER_DATA_ST_H */ -#endif diff --git a/src/libpki/drivers/engine/engine_hsm.h b/src/libpki/drivers/engine/engine_hsm.h deleted file mode 100644 index 798c720c..00000000 --- a/src/libpki/drivers/engine/engine_hsm.h +++ /dev/null @@ -1,38 +0,0 @@ -/* ENGINE HSM Support - * ================== - * - * Small Note: This code has been written by Massimiliano Pala sitting - * on a Bench in Princeton's campus... if there is someone to blame... - * blame Princeton!!!! - * - */ - -#ifndef _LIBPKI_ENGINE_H -#define _LIBPKI_ENGINE_H - -unsigned long HSM_ENGINE_get_errno ( void ); -char * HSM_ENGINE_get_errdesc ( unsigned long err, char *str, size_t size ); - -HSM *HSM_ENGINE_new ( PKI_CONFIG *conf ); -int HSM_ENGINE_free ( HSM *driver, PKI_CONFIG *conf ); -int HSM_ENGINE_init( HSM *driver, PKI_CONFIG *conf ); - -/* ---------------------- Sign/Verify functions ----------------------- */ - -/* General Signing function */ -/* -int HSM_ENGINE_sign (PKI_OBJTYPE type, - void *x, - void *it_pp, - PKI_ALGOR *alg, - PKI_STRING *bit, - PKI_X509_KEYPAIR *key, - PKI_DIGEST_ALG *digest, - void *driver ); -*/ - -/* ---------------------- ENGINE Slot Management Functions ---------------- */ -HSM_SLOT_INFO * HSM_ENGINE_SLOT_INFO_get ( unsigned long num, HSM *hsm ); - -#endif - diff --git a/src/libpki/drivers/engine/engine_hsm_obj.h b/src/libpki/drivers/engine/engine_hsm_obj.h deleted file mode 100644 index 67b61e89..00000000 --- a/src/libpki/drivers/engine/engine_hsm_obj.h +++ /dev/null @@ -1,25 +0,0 @@ -/* ENGINE Object Management Functions */ - -#ifndef _LIBPKI_HEADERS_ENGINE_OBJSK_H -#define _LIBPKI_HEADERS_ENGINE_OBJSK_H - -/* ------------------- Retrieves a stack of objects ------------------- */ -PKI_STACK * HSM_ENGINE_OBJSK_get_url ( PKI_DATATYPE type, URL *url, - PKI_CRED *cred, struct hsm_st *hsm ); - -/* -int HSM_ENGINE_OBJSK_add_url ( PKI_STACK *sk, PKI_DATATYPE type, URL *url, - PKI_CRED *cred, void *hsm ); - -int HSM_ENGINE_OBJSK_del_url ( PKI_STACK *sk, PKI_DATATYPE type, URL *url, - PKI_CRED *cred, void *hsm); - -PKI_MEM_STACK * HSM_ENGINE_OBJSK_wrap_url ( PKI_STACK *, PKI_DATATYPE type, - URL *url, PKI_CRED *cred, void *hsm); -*/ - -/* --------------------- Internal Functions --------------------------- */ -PKI_X509_KEYPAIR_STACK * HSM_ENGINE_KEYPAIR_get_url (URL *url, PKI_CRED *cred, - HSM *hsm); -#endif - diff --git a/src/libpki/drivers/engine/engine_hsm_pkey.h b/src/libpki/drivers/engine/engine_hsm_pkey.h deleted file mode 100644 index 9bdff6a0..00000000 --- a/src/libpki/drivers/engine/engine_hsm_pkey.h +++ /dev/null @@ -1,15 +0,0 @@ -/* engine/engine_hsm_pkey.c */ - -#ifndef _LIBPKI_ENGINE_PKEY_H -#define _LIBPKI_ENGINE_PKEY_H - -/* -------------------- Key Management Functions ----------------------- */ - -/* New keypair */ -PKI_X509_KEYPAIR *HSM_ENGINE_X509_KEYPAIR_new( PKI_KEYPARAMS *pk, - URL *url, PKI_CRED *cred, HSM *driver ); - -/* Key Free function */ -void HSM_ENGINE_X509_KEYPAIR_free ( PKI_X509_KEYPAIR *pkey ); - -#endif diff --git a/src/libpki/drivers/engine/engine_st.h b/src/libpki/drivers/engine/engine_st.h deleted file mode 100644 index 69abccc8..00000000 --- a/src/libpki/drivers/engine/engine_st.h +++ /dev/null @@ -1,37 +0,0 @@ -/* OpenCA libpki package -* (c) 2000-2006 by Massimiliano Pala and OpenCA Group -* All Rights Reserved -* -* =================================================================== -* Released under OpenCA LICENSE -*/ - -#ifndef _LIBPKI_HEADER_PKI_ENGINE_ST_H -#define _LIBPKI_HEADER_PKI_ENGINE_ST_H - -#include -#include -#include -#include -#include - -#ifdef ENABLE_ECDSA -#include -#endif - -#ifdef ENABLE_KMF -#include -#endif - -typedef struct pki_engine_st_2 { - int type; - union { - void * openssl_engine; -#ifdef ENABLE_KMF - KMF_LIB_HANDLE_T kmf_engine; -#endif - } engine; -} PKI_ENGINE_2; - -/* End of _LIBPKI_HEADER_ENGINE_ST_H */ -#endif diff --git a/src/libpki/drivers/hsm_keypair.h b/src/libpki/drivers/hsm_keypair.h deleted file mode 100644 index f19733a5..00000000 --- a/src/libpki/drivers/hsm_keypair.h +++ /dev/null @@ -1,31 +0,0 @@ -/* HSM Object Management Functions */ - -#ifndef _LIBPKI_HSM_MAIN_KEYPAIR_H -#define _LIBPKI_HSM_MAIN_KEYPAIR_H - -#ifndef _LIBPKI_X509_KEYPAIR_HEADER_H -#include -#endif - -/* -------------------- Key Management Functions --------------------- */ - -/* Generate a new Keypair */ -PKI_X509_KEYPAIR *HSM_X509_KEYPAIR_new( PKI_KEYPARAMS *params, char *label, - PKI_CRED *cred, HSM *hsm ); - -PKI_X509_KEYPAIR *HSM_X509_KEYPAIR_new_url( PKI_KEYPARAMS *params, URL *url, - PKI_CRED *cred, HSM *driver ); - -/* Free the memory associated to a keypair */ -/* -int PKI_X509_KEYPAIR_free( PKI_X509_KEYPAIR *key, HSM *hsm ); -void PKI_X509_KEYPAIR_free_void ( void *key ); -*/ - -/* --------------------------- Wrap/Unwrap ---------------------------- */ - -PKI_MEM *HSM_X509_KEYPAIR_wrap ( PKI_X509_KEYPAIR *key, PKI_CRED *cred ); - -PKI_X509_KEYPAIR *HSM_X509_KEYPAIR_unwrap ( PKI_MEM *mem, - URL *url, PKI_CRED *cred, HSM *hsm ); -#endif diff --git a/src/libpki/drivers/hsm_main.h b/src/libpki/drivers/hsm_main.h deleted file mode 100644 index 64633553..00000000 --- a/src/libpki/drivers/hsm_main.h +++ /dev/null @@ -1,92 +0,0 @@ -/* HSM Object Management Functions */ - -#ifndef _LIBPKI_HSM_MAIN_H -#define _LIBPKI_HSM_MAIN_H - -#ifndef _LIBPKI_HSM_ST_H -#include -#endif - -/* Added MACRO to ease usage of the general signature function PKI_sign() */ -/* -#define PKI_OBJ_sign( t,x,k,d ) PKI_sign (t,x,NULL,NULL,NULL,k,d) - -#define PKI_ITEM_sign(t,x,i,a,b,k,d,h) \ - PKI_sign(t,x,(void *) ASN1_ITEM_rptr(i),a,b,k,d) -#define PKI_verify(it,alg,sig,data,key) \ - PKI_verify_signature((void*)ASN1_ITEM_rptr(it),alg,sig,data,key) -*/ - -/* ----------------------- HSM Management ---------------------------- */ - -unsigned long HSM_get_errno ( const HSM *hsm ); -char *HSM_get_errdesc ( unsigned long err, const HSM *hsm ); - -const HSM *HSM_get_default( void ); - -HSM *HSM_new(const char * const dir, const char * const name ); -HSM *HSM_new_fips(const char * const dir, const char * const name); -int HSM_free ( HSM *hsm ); - -int HSM_init( HSM *hsm ); -int HSM_init_fips (HSM *hsm); - -int HSM_set_fips_mode(const HSM *hsm, int k); -int HSM_is_fips_mode(const HSM *hsm); - -/* - * HSM *HSM_new_init ( char *driver, char *name, PKI_STACK *pre_cmds, - PKI_STACK *post_cmds ); -*/ - - -/* -------------------- Login/Logout functions ----------------------- */ - -int HSM_login ( HSM *hsm, PKI_CRED *cred ); -int HSM_logout ( HSM *hsm ); -int HSM_set_sign_algor (PKI_X509_ALGOR_VALUE *alg, HSM *hsm ); - -/* ------------------ Signing Functions Prototypes ------------------- */ - -int PKI_X509_sign (PKI_X509 *x, - const PKI_DIGEST_ALG *alg, - const PKI_X509_KEYPAIR *key ); - -PKI_MEM *PKI_sign (const PKI_MEM *der, - const PKI_DIGEST_ALG *alg, - const PKI_X509_KEYPAIR *key ); - -int PKI_X509_verify(const PKI_X509 *x, - const PKI_X509_KEYPAIR *key ); - -int PKI_X509_verify_cert(const PKI_X509 *x, - const PKI_X509_CERT *cert ); - -int PKI_verify_signature(const PKI_MEM * data, - const PKI_MEM * sig, - const PKI_X509_ALGOR_VALUE * alg, - const ASN1_ITEM * it, - const PKI_X509_KEYPAIR * key ); - -/* ------------------- PKI Object Retrieval ( Get ) ----------------------- */ - -PKI_X509_STACK *HSM_X509_STACK_get_url ( PKI_DATATYPE type, URL *url, - PKI_DATA_FORMAT format, PKI_CRED *cred, HSM *hsm ); - -/* --------------------- PKI Object Import ( Put ) ------------------------ */ - -int HSM_X509_STACK_put_url ( PKI_X509_STACK *sk, URL *url, - PKI_CRED *cred, HSM *hsm ); - -int HSM_MEM_STACK_put_url ( PKI_MEM_STACK *sk, URL *url, PKI_DATATYPE type, - PKI_CRED *cred, HSM *hsm ); - -/* --------------------- PKI Object Delete ( Del ) ------------------------ */ - -int HSM_X509_STACK_del ( PKI_X509_STACK *sk ); - -int HSM_X509_del_url ( PKI_DATATYPE type, URL *url, PKI_CRED *cred, HSM *hsm ); - -const PKI_X509_CALLBACKS * HSM_X509_get_cb ( PKI_DATATYPE type, HSM *hsm ); - -#endif diff --git a/src/libpki/drivers/hsm_slot.h b/src/libpki/drivers/hsm_slot.h deleted file mode 100644 index 5d8f207c..00000000 --- a/src/libpki/drivers/hsm_slot.h +++ /dev/null @@ -1,16 +0,0 @@ -/* HSM Object Management Functions */ - -#ifndef _LIBPKI_HSM_MAIN_SLOT_H -#define _LIBPKI_HSM_MAIN_SLOT_H - -/* ---------------------- Slot Management Functions ----------------------- */ - -unsigned long HSM_SLOT_num ( HSM *hsm ); -int HSM_SLOT_select ( unsigned long num, PKI_CRED *cred, HSM *hsm ); -int HSM_SLOT_clear ( unsigned long num, PKI_CRED *cred, HSM *hsm ); - -HSM_SLOT_INFO * HSM_SLOT_INFO_get ( unsigned long num, HSM *hsm ); -int HSM_SLOT_INFO_print( unsigned long num, PKI_CRED *cred, HSM *hsm ); -void HSM_SLOT_INFO_free ( HSM_SLOT_INFO *sl_info, HSM *hsm ); - -#endif diff --git a/src/libpki/drivers/kmf/data_st.h b/src/libpki/drivers/kmf/data_st.h deleted file mode 100644 index 0f9ef1e6..00000000 --- a/src/libpki/drivers/kmf/data_st.h +++ /dev/null @@ -1,81 +0,0 @@ -/* OpenCA libpki package -* (c) 2000-2006 by Massimiliano Pala and OpenCA Group -* All Rights Reserved -* -* =================================================================== -* Released under OpenCA LICENSE -*/ - -#ifndef _LIBPKI_KMF_HEADER_DATA_ST_H -#define _LIBPKI_KMF_HEADER_DATA_ST_H - -#include - -typedef struct kmf_pkey_st { - KMF_KEY_HANDLE *priv_key; - KMF_KEY_HANDLE *pub_key; - char *tmp_name; -} PKI_KMF_KEYPAIR; - -typedef struct kmf_engine_st { - KMF_STORECERT_PARAMS scert_params; - KMF_FINDCERT_PARAMS fcert_params; - KMF_DELETECERT_PARAMS dcert_params; - KMF_IMPORTCERT_PARAMS icert_params; - - KMF_STOREKEY_PARAMS skey_params; - KMF_FINDKEY_PARAMS fkey_params; - KMF_DELETEKEY_PARAMS dkey_params; - -} PKI_KMF_ENGINE; - -typedef struct KMF_ALGORITHM_INDEX PKI_DIGEST_ALGOR; -typedef struct KMF_ALGORITHM_INDEX PKI_ALGOR; -typedef struct KMF_X509_NAME PKI_X509_NAME; - -#define PKI_KMF_DIGEST_ALG_NULL KMF_ALGID_NONE -#define PKI_KMF_DIGEST_ALG_SHA1 KMF_ALGID_SHA1 -#define PKI_KMF_DIGEST_ALG_MD5 KMF_ALGID_MD5 - -#define PKI_KMF_ALGOR_NULL KMF_ALGID_NONE -#define PKI_KMF_ALGOR_UNKNOWN KMF_ALGID_CUSTOM -#define PKI_KMF_ALGOR_RSA_MD5 KMF_ALGID_MD5WithRSA -#define PKI_KMF_ALGOR_RSA_MD2 KMF_ALGID_MD2WithRSA -#define PKI_KMF_ALGOR_RSA_SHA1 KMF_ALGID_SHA1WithRSA -#define PKI_KMF_ALGOR_DSA_SHA1 KMF_ALGID_SHA1WithDSA - -#define PKI_KMF_ALGOR_ECDSA_SHA1 KMF_ALGOID_UNKNOWN - -#define PKI_KMF_OID KMF_OID -#define PKI_KMF_X509_EXTENSION KMF_X509_EXTENSION - -typedef struct _libpki_kmf_cert_st { - int is_signed; - - KMF_X509_CERTIFICATE *tbs; - KMF_DATA *data; -} PKI_KMF_X509_CERT; - -// typedef struct KMF_X509_CERTIFICATE PKI_X509; - -typedef struct _libpki_kmf_csr_st { - int is_signed; - - KMF_CSR_DATA *tbs; - KMF_DATA *data; -} PKI_KMF_X509_REQ; - -// typedef struct X509_CRL PKI_X509_CRL; - -typedef struct pki_kmf_store_st { - // KMF_HANDLE_T store_ptr; - void * store_ptr; -} PKI_KMF_STORE; - -/* -#include -#include -*/ - -/* End of _LIBPKI_HEADER_DATA_ST_H */ -#endif diff --git a/src/libpki/drivers/kmf/kmf_hsm.h b/src/libpki/drivers/kmf/kmf_hsm.h deleted file mode 100644 index 722945cd..00000000 --- a/src/libpki/drivers/kmf/kmf_hsm.h +++ /dev/null @@ -1,17 +0,0 @@ -/* libpki/drivers/openssl/openssl_hsm.h */ - -#ifndef _LIBPKI_HSM_KMF_H -#define _LIBPKI_HSM_KMF_H - -HSM * HSM_KMF_new( void ); -int HSM_KMF_free ( HSM *hsm, PKI_CONFIG *conf ); -int HSM_KMF_init ( HSM *hsm, PKI_STACK *pre_cmds, - PKI_STACK *post_cmds ); - -int HSM_KMF_CERT_sign ( PKI_X509_CERT *x, PKI_KEYPAIR *key, - PKI_DIGEST_ALG *digest, HSM *hsm ); - -int HSM_KMF_REQ_sign ( PKI_X509_REQ *x, PKI_KEYPAIR *key, - PKI_DIGEST_ALG *digest, HSM *hsm ); - -#endif diff --git a/src/libpki/drivers/kmf/kmf_hsm_engine.h b/src/libpki/drivers/kmf/kmf_hsm_engine.h deleted file mode 100644 index fd80c113..00000000 --- a/src/libpki/drivers/kmf/kmf_hsm_engine.h +++ /dev/null @@ -1,10 +0,0 @@ -/* ENGINE Object Management Functions */ - -#ifndef _LIBPKI_HEADERS_ENGINE_H -#define _LIBPKI_HEADERS_ENGINE_H - -PKI_ENGINE *PKI_KMF_ENGINE_new ( char *e_id ); -int PKI_KMF_ENGINE_free ( PKI_ENGINE *e ); -int PKI_KMF_ENGINE_init ( PKI_ENGINE *e, PKI_STACK *pre, PKI_STACK *post ); - -#endif diff --git a/src/libpki/drivers/kmf/kmf_hsm_pkey.h b/src/libpki/drivers/kmf/kmf_hsm_pkey.h deleted file mode 100644 index f8476399..00000000 --- a/src/libpki/drivers/kmf/kmf_hsm_pkey.h +++ /dev/null @@ -1,13 +0,0 @@ -/* ENGINE Object Management Functions */ - -#ifndef _LIBPKI_HEADERS_KMF_PKEY_H -#define _LIBPKI_HEADERS_KMF_PKEY_H - -PKI_KEYPAIR *HSM_KMF_KEYPAIR_new( int type, int bits, HSM *hsm, - PKI_CRED *cred ); -int HSM_KMF_KEYPAIR_free ( PKI_KEYPAIR *pkey ); -int PKI_KMF_KEYPAIR_write_file( PKI_KEYPAIR *key, int format, - char *file, HSM *hsm ); - -#endif - diff --git a/src/libpki/drivers/kmf/kmf_hsm_sign.h b/src/libpki/drivers/kmf/kmf_hsm_sign.h deleted file mode 100644 index d8de4feb..00000000 --- a/src/libpki/drivers/kmf/kmf_hsm_sign.h +++ /dev/null @@ -1,13 +0,0 @@ -/* libpki/drivers/kmf/kmf_hsm_sign.h */ - -#ifndef _LIBPKI_KMF_HSM_SIGN_H -#define _LIBPKI_KMF_HSM_SIGN_H - -int HSM_KMF_CERT_sign( PKI_X509_CERT *x, PKI_KEYPAIR *key, - PKI_DIGEST_ALG *digest, HSM *hsm ); -int HSM_KMF_REQ_sign ( PKI_X509_REQ *x, PKI_KEYPAIR *key, - PKI_DIGEST_ALG *digest, HSM *hsm ); -int HSM_KMF_sing ( void *x, PKI_KEYPAIR *key, PKI_DIGEST_ALG *digest, - HSM *hsm); - -#endif diff --git a/src/libpki/drivers/kmf/pki_kmflib.h b/src/libpki/drivers/kmf/pki_kmflib.h deleted file mode 100644 index f576d64f..00000000 --- a/src/libpki/drivers/kmf/pki_kmflib.h +++ /dev/null @@ -1,8 +0,0 @@ -/* kmf/pki_kmflib.c */ - -#include -#include - -KMF_HANDLE_T _init_kmf_store_null ( void ); -int _finalize_kmf_store ( KMF_HANDLE_T lib_h ); - diff --git a/src/libpki/hsm_st.h b/src/libpki/hsm_st.h deleted file mode 100644 index 00454d8d..00000000 --- a/src/libpki/hsm_st.h +++ /dev/null @@ -1,349 +0,0 @@ - -#ifndef _LIBPKI_URL_H -# include -#endif - -#ifndef _LIBPKI_PKI_CONFIG_H -# include -#endif - -#ifndef _LIBPKI_PKI_X509_DATATYPES_ST_H -# include -#endif - -#ifndef _LIBPKI_HSM_ST_H -#define _LIBPKI_HSM_ST_H - -#define MANUFACTURER_ID_SIZE 32 -#define DESCRIPTION_SIZE 32 -#define SLOT_DESCRIPTION_SIZE 64 -#define LABEL_SIZE 32 -#define MODEL_SIZE 16 -#define SERIAL_NUMBER_SIZE 16 -#define UTC_TIME_SIZE 16 - -typedef enum { - HSM_TYPE_OTHER = 0, - HSM_TYPE_SOFTWARE, - HSM_TYPE_ENGINE, - HSM_TYPE_KMF, - HSM_TYPE_PKCS11 -} PKI_HSM_TYPE; - -typedef enum { - PKI_OBJTYPE_UNKNOWN = 0, - PKI_OBJTYPE_X509_KEYPAIR, - PKI_OBJTYPE_X509_CERT, - PKI_OBJTYPE_X509_REQ, - PKI_OBJTYPE_X509_CRL, - PKI_OBJTYPE_PKCS7, - PKI_OBJTYPE_PKCS12, - PKI_OBJTYPE_PKI_MSG, - PKI_OBJTYPE_SCEP_MSG, - PKI_OBJTYPE_CMS_MSG, - PKI_OBJTYPE_PKI_PRQP_REQ, - PKI_OBJTYPE_PKI_PRQP_RESP -} PKI_OBJTYPE; - -typedef enum { - KEYPAIR_DRIVER_HANDLER_IDX = 0, - KEYPAIR_PRIVKEY_HANDLER_IDX, - KEYPAIR_PUBKEY_HANDLER_IDX -} KEYPAIR_HSM_HANDLER; - -/* HSM_INFO Data Structure */ -typedef struct hsm_info_st { - - /* HSM Version */ - unsigned short version_major; - unsigned short version_minor; - - /* HSM Manufacturer ID */ - char manufacturerID[MANUFACTURER_ID_SIZE]; - - /* HSM Description */ - char description[DESCRIPTION_SIZE]; - - /* HSM Library Version */ - unsigned short lib_version_major; - unsigned short lib_version_minor; - - /* HSM Supported Modes */ - int fips_mode; - -} HSM_INFO; - -typedef struct hsm_token_info_st { - - /* Token Label */ - char label[LABEL_SIZE]; - - /* Token Manifacturer ID */ - char manufacturerID[DESCRIPTION_SIZE]; - - /* Token Model */ - char model[MODEL_SIZE]; - - /* Serial Number */ - char serialNumber[SERIAL_NUMBER_SIZE]; - - /* Max Supported Sessions */ - unsigned long max_sessions; - - /* Current Number of Sessions */ - unsigned long curr_sessions; - - /* Maximum Pin Length */ - unsigned long max_pin_len; - - /* Minimum Supported Pin Length */ - unsigned long min_pin_len; - - /* Public Memory Total Size */ - unsigned long memory_pub_tot; - - /* Available Public Memory Size */ - unsigned long memory_pub_free; - - /* Private Memory Total Size */ - unsigned long memory_priv_tot; - - /* Available Private Memory Size */ - unsigned long memory_priv_free; - - /* Hardware Version Major Number */ - unsigned short hw_version_major; - - /* Hardware Version Minor Number */ - unsigned short hw_version_minor; - - /* Firmware Version Major Number */ - unsigned short fw_version_major; - - /* Firmware Version Minor Number */ - unsigned short fw_version_minor; - - /* Requires Login */ - unsigned short login_required; - - /* Provides Random Number Generation */ - unsigned short has_rng; - - /* Provides Clock Time */ - unsigned short has_clock; - - /* Token UTC Time */ - char utcTime[UTC_TIME_SIZE]; - -} HSM_TOKEN_INFO; - -/* HSM_SLOT_INFO Data Structure */ -typedef struct hsm_slot_info_st { - - /* Device Manufacturer ID */ - char manufacturerID[MANUFACTURER_ID_SIZE]; - - /* Device Description */ - char description[SLOT_DESCRIPTION_SIZE]; - - /* Hardware Version */ - unsigned short hw_version_major; - unsigned short hw_version_minor; - - /* Firmware Version */ - unsigned short fw_version_major; - unsigned short fw_version_minor; - - /* Is the Slot Initialized ? */ - unsigned short initialized; - - /* Does the Slot have a valid token ? */ - unsigned short present; - - /* Is the Slot removable ? */ - unsigned short removable; - - /* Is the Slot an hardware Slot ? */ - unsigned short hardware; - - /* Info for the current inserted token */ - HSM_TOKEN_INFO token_info; - -} HSM_SLOT_INFO; - -/* Forward Declarations */ -struct hsm_st; -// typedef struct hsm_st HSM; - -struct pki_mem_st; -// typedef struct pki_mem_st PKI_MEM; - -#ifndef _LIBPKI_PKI_X509_DATA_ST_H - - /* Forward Declaration for PKI_X509 structure */ - struct pki_x509_st; -// typedef struct pki_x509_st PKI_X509; - - /* Forward Definition for PKI_X509_CERT */ - #define PKI_X509_CERT PKI_X509 - - /* Forward Declaration of URL structure */ - struct url_data_st; -// typedef struct url_data_st URL; - - /* Forward Declaration of PKI_STACK and PKI_X509_STACK */ - struct pki_stack_st; -// typedef struct pki_stack_st PKI_STACK; -// typedef PKI_STACK PKI_X509_STACK; - - /* Forward Declaration of PKI_X509_CALLBACKS structure */ - struct pki_x509_callbacks_st; -// typedef struct pki_x509_callbacks_st PKI_X509_CALLBACKS; - - /* Forward Declaration of PKI_X509_PROFILE structure */ - struct _xmlDoc; -// typedef struct xmlDoc PKI_X509_PROFILE; - -#endif - -typedef struct callbacks_st { - /* ------------- HSM Management functions --------------- */ - /* Get Error number */ - unsigned long (*get_errno)( void ); - - /* Get Error Description */ - char * (*get_errdesc)( unsigned long err, char *str, size_t size ); - - /* HSM initialization function */ - int (*init) (struct hsm_st *driver, PKI_CONFIG *); - - /* HSM free function */ - int (*free) (struct hsm_st *driver, PKI_CONFIG *); - - /* HSM login */ - int (*login)(struct hsm_st *driver, PKI_CRED *cred); - - /* HSM logout */ - int (*logout)(struct hsm_st *driver); - - /* HSM set algor function */ - int (*sign_algor) (struct hsm_st *driver, PKI_X509_ALGOR_VALUE *algor); - - /* HSM set fips mode */ - int (*set_fips_mode) (const struct hsm_st *driver, int k); - - /* HSM gets fips operation mode */ - int (*is_fips_mode) (const struct hsm_st *driver); - - /* ------------- Signing functions --------------- */ - - /* General Signing function */ - PKI_MEM * (*sign) (PKI_MEM *, PKI_DIGEST_ALG *, PKI_X509_KEYPAIR *); - - /* ASN1 Signing function */ - int (*asn1_sign) (PKI_X509 *, PKI_DIGEST_ALG *, PKI_X509_KEYPAIR *); - - /* General Verify Function */ - int (*verify)(PKI_MEM *, PKI_MEM *, PKI_X509_ALGOR_VALUE *, - PKI_X509_KEYPAIR * ); - - /* ASN1 Verify Function */ - int (*asn1_verify)(const PKI_X509 *, const PKI_X509_KEYPAIR * ); - - /* ------------- Key Management functions --------------- */ - - /* Create (new) Keypair */ - PKI_X509_KEYPAIR * (*keypair_new_url)( PKI_KEYPARAMS *, URL *, PKI_CRED *, - struct hsm_st *); - - /* Free memory associated with a keypair */ - void (*keypair_free)(PKI_X509_KEYPAIR *); - - /* Key Wrapping function */ - PKI_MEM * (*key_wrap)(PKI_X509_KEYPAIR *, PKI_CRED *); - - /* Key Unwrapping function */ - PKI_X509_KEYPAIR *(*key_unwrap)( PKI_MEM *, URL *url, - PKI_CRED *, struct hsm_st *); - - /* -------------- Object Management functions -------------------- */ - - /* Retrieve (get) stack of objects */ - PKI_X509_STACK * (*x509_sk_get_url)( PKI_DATATYPE, URL *, - PKI_DATA_FORMAT, PKI_CRED *, struct hsm_st *); - /* Import (add) stack of objects */ - int (*x509_sk_add_url)(PKI_X509_STACK *, URL *, - PKI_CRED *, struct hsm_st *); - /* Erase (del) stack of objects */ - int (*x509_del_url)( PKI_DATATYPE, URL *, PKI_CRED *, struct hsm_st *); - - /* ----------------- Slot Management functions ----------------- */ - - /* Get the number of available Slots */ - unsigned long (*slot_num)(struct hsm_st *); - - /* Get Slot info */ - HSM_SLOT_INFO * (*slot_info_get)(unsigned long, struct hsm_st *); - - /* Free memory associated with an HSM_SLOT_INFO structure */ - void (*slot_info_free) (HSM_SLOT_INFO *, struct hsm_st *); - - /* Set the current slot */ - int (*select_slot)(unsigned long, PKI_CRED *cred, struct hsm_st *); - - /* Clear the current slot from any object present */ - int (*clear_slot)(unsigned long, PKI_CRED *cred, struct hsm_st *); - - /* Get X509 callbacks */ - const PKI_X509_CALLBACKS * (*x509_get_cb)(PKI_DATATYPE type ); - -} HSM_CALLBACKS; - -/* Structure for HSM definition */ -typedef struct hsm_st { - - /* Version of the token */ - int version; - - /* Description of the HSM */ - char *description; - - /* Manufacturer */ - char *manufacturer; - - /* Pointer to the HSM config file and parsed structure*/ - PKI_CONFIG *config; - - /* One of PKI_HSM_TYPE value */ - PKI_HSM_TYPE type; - - /* ID of the driver - this is used to identify the driver - to be used, e.g., 'id://LunaCA' for loading the ENGINE - LunaCA extension */ - URL *id; - - /* Pointer to the internal structure for drivers */ - void *driver; - - /* Pointer to internal session handler */ - void *session; - - /* Credential for the HSM - usually used for the SO */ - PKI_CRED *cred; - - /* Is Logged In */ - uint8_t isLoggedIn; - - /* Is Cred Set */ - uint8_t isCredSet; - - /* Login Requirements */ - const uint8_t isLoginRequired; - - /* HSM Callbacks */ - const HSM_CALLBACKS *callbacks; - -} HSM; - -/* End of _LIBPKI_HSM_ST_H */ -#endif diff --git a/src/libpki/compat.h b/src/libpki/libconf/compat.h similarity index 100% rename from src/libpki/compat.h rename to src/libpki/libconf/compat.h diff --git a/src/libpki/libconf/defines.h b/src/libpki/libconf/defines.h new file mode 100644 index 00000000..cceedffe --- /dev/null +++ b/src/libpki/libconf/defines.h @@ -0,0 +1,212 @@ +/* src/libpki/libconf/defines.h. Generated from defines.h.in by configure. */ +/* src/libpki/libconf/defines.h.in. Generated from configure.ac by autoheader. */ + +/* Forces 32bits builds */ +/* #undef ENABLE_ARCH_32 */ + +/* Forces 64bits builds */ +#define ENABLE_ARCH_64 1 + +/* Composite Crypto Native OpenSSL Support */ +/* #undef ENABLE_COMPOSITE */ + +/* ECC Support for OpenSSL */ +#define ENABLE_ECDSA 1 + +/* OPENSSL */ +#define ENABLE_OPENSSL 1 + +/* Open Quantum Safe Library */ +/* #undef ENABLE_OQS */ + +/* Open Quantum Safe Library */ +/* #undef ENABLE_OQSPROV */ + +/* Define to 1 if you have the `bzero' function. */ +#define HAVE_BZERO 1 + +/* Calloc in C library */ +#define HAVE_CALLOC 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_DLFCN_H 1 + +/* Define to 1 if you have the `fork' function. */ +#define HAVE_FORK 1 + +/* GCC pragma ignored */ +#define HAVE_GCC_PRAGMA_IGNORED 1 + +/* GCC pragma pop */ +#define HAVE_GCC_PRAGMA_POP 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_INTTYPES_H 1 + +/* HAVE LDAP */ +#define HAVE_LDAP 1 + +/* PTHREAD Library */ +#define HAVE_LIBPTHREAD 1 + +/* DNS Library */ +#define HAVE_LIBRESOLV 1 + +/* Define to 1 if your system has a GNU libc compatible `malloc' function, and + to 0 otherwise. */ +#define HAVE_MALLOC 1 + +/* Define to 1 if you have the `memset' function. */ +#define HAVE_MEMSET 1 + +/* test "${enablemysql}" = "yes" */ +/* #undef HAVE_MYSQL */ + +/* test "${enablepg}" = "yes" */ +/* #undef HAVE_PG */ + +/* PKCS11 */ +/* #undef HAVE_PKCS11 */ + +/* HAVE_PTHREAD_RWLOCK */ +#define HAVE_PTHREAD_RWLOCK 1 + +/* Define to 1 if you have the `setenv' function. */ +#define HAVE_SETENV 1 + +/* Define to 1 if you have the `socket' function. */ +#define HAVE_SOCKET 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDINT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDIO_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDLIB_H 1 + +/* Define to 1 if you have the `strcasecmp' function. */ +#define HAVE_STRCASECMP 1 + +/* Define to 1 if you have the `strchr' function. */ +#define HAVE_STRCHR 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STRINGS_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STRING_H 1 + +/* Define to 1 if you have the `strrchr' function. */ +#define HAVE_STRRCHR 1 + +/* Define to 1 if you have the `strstr' function. */ +#define HAVE_STRSTR 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYSLOG_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_SELECT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_SOCKET_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_STAT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_TYPES_H 1 + +/* Define to 1 if you have that is POSIX.1 compatible. */ +#define HAVE_SYS_WAIT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_UNISTD_H 1 + +/* Define to 1 if you have the `vfork' function. */ +#define HAVE_VFORK 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_VFORK_H */ + +/* Define to 1 if `fork' works. */ +#define HAVE_WORKING_FORK 1 + +/* Define to 1 if `vfork' works. */ +#define HAVE_WORKING_VFORK 1 + +/* LIBXML2 */ +#define HAVE_XML2 1 + +/* HAVE OPENLDAP */ +#define LDAP_VENDOR_OPENLDAP 1 + +/* HAVE SUN LDAP */ +/* #undef LDAP_VENDOR_SUN */ + +/* BSD */ +/* #undef LIBPKI_TARGET_BSD */ + +/* HP-UX */ +/* #undef LIBPKI_TARGET_HPUX */ + +/* IPHONE */ +/* #undef LIBPKI_TARGET_IPHONE */ + +/* Linux */ +#define LIBPKI_TARGET_LINUX 1 + +/* OSX */ +/* #undef LIBPKI_TARGET_OSX */ + +/* Solaris */ +/* #undef LIBPKI_TARGET_SOLARIS */ + +/* Define to the sub-directory where libtool stores uninstalled libraries. */ +#define LT_OBJDIR ".libs/" + +/* Name of package */ +#define PACKAGE "libpki" + +/* Define to the address where bug reports for this package should be sent. */ +#define PACKAGE_BUGREPORT "libpki-users@lists.sourceforge.net" + +/* Define to the full name of this package. */ +#define PACKAGE_NAME "libpki" + +/* Define to the full name and version of this package. */ +#define PACKAGE_STRING "libpki 0.9.9" + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "libpki" + +/* Define to the home page for this package. */ +#define PACKAGE_URL "" + +/* Define to the version of this package. */ +#define PACKAGE_VERSION "0.9.9" + +/* Define to 1 if all of the C90 standard headers exist (not just the ones + required in a freestanding environment). This macro is provided for + backward compatibility; new code need not use it. */ +#define STDC_HEADERS 1 + +/* Define to 1 if your declares `struct tm'. */ +/* #undef TM_IN_SYS_TIME */ + +/* Version number of package */ +#define VERSION "0.9.9" + +/* Define to empty if `const' does not conform to ANSI C. */ +/* #undef const */ + +/* Define to rpl_malloc if the replacement function should be used. */ +/* #undef malloc */ + +/* Define as a signed integer type capable of holding a process identifier. */ +/* #undef pid_t */ + +/* Define as `fork' if `vfork' does not work. */ +/* #undef vfork */ diff --git a/src/libpki/libconf/defines.h.in b/src/libpki/libconf/defines.h.in new file mode 100644 index 00000000..a43ac8b3 --- /dev/null +++ b/src/libpki/libconf/defines.h.in @@ -0,0 +1,211 @@ +/* src/libpki/libconf/defines.h.in. Generated from configure.ac by autoheader. */ + +/* Forces 32bits builds */ +#undef ENABLE_ARCH_32 + +/* Forces 64bits builds */ +#undef ENABLE_ARCH_64 + +/* Composite Crypto Native OpenSSL Support */ +#undef ENABLE_COMPOSITE + +/* ECC Support for OpenSSL */ +#undef ENABLE_ECDSA + +/* OPENSSL */ +#undef ENABLE_OPENSSL + +/* Open Quantum Safe Library */ +#undef ENABLE_OQS + +/* Open Quantum Safe Library */ +#undef ENABLE_OQSPROV + +/* Define to 1 if you have the `bzero' function. */ +#undef HAVE_BZERO + +/* Calloc in C library */ +#undef HAVE_CALLOC + +/* Define to 1 if you have the header file. */ +#undef HAVE_DLFCN_H + +/* Define to 1 if you have the `fork' function. */ +#undef HAVE_FORK + +/* GCC pragma ignored */ +#undef HAVE_GCC_PRAGMA_IGNORED + +/* GCC pragma pop */ +#undef HAVE_GCC_PRAGMA_POP + +/* Define to 1 if you have the header file. */ +#undef HAVE_INTTYPES_H + +/* HAVE LDAP */ +#undef HAVE_LDAP + +/* PTHREAD Library */ +#undef HAVE_LIBPTHREAD + +/* DNS Library */ +#undef HAVE_LIBRESOLV + +/* Define to 1 if your system has a GNU libc compatible `malloc' function, and + to 0 otherwise. */ +#undef HAVE_MALLOC + +/* Define to 1 if you have the `memset' function. */ +#undef HAVE_MEMSET + +/* test "${enablemysql}" = "yes" */ +#undef HAVE_MYSQL + +/* test "${enablepg}" = "yes" */ +#undef HAVE_PG + +/* PKCS11 */ +#undef HAVE_PKCS11 + +/* HAVE_PTHREAD_RWLOCK */ +#undef HAVE_PTHREAD_RWLOCK + +/* Define to 1 if you have the `setenv' function. */ +#undef HAVE_SETENV + +/* Define to 1 if you have the `socket' function. */ +#undef HAVE_SOCKET + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDIO_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDLIB_H + +/* Define to 1 if you have the `strcasecmp' function. */ +#undef HAVE_STRCASECMP + +/* Define to 1 if you have the `strchr' function. */ +#undef HAVE_STRCHR + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRINGS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRING_H + +/* Define to 1 if you have the `strrchr' function. */ +#undef HAVE_STRRCHR + +/* Define to 1 if you have the `strstr' function. */ +#undef HAVE_STRSTR + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYSLOG_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SELECT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SOCKET_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have that is POSIX.1 compatible. */ +#undef HAVE_SYS_WAIT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_UNISTD_H + +/* Define to 1 if you have the `vfork' function. */ +#undef HAVE_VFORK + +/* Define to 1 if you have the header file. */ +#undef HAVE_VFORK_H + +/* Define to 1 if `fork' works. */ +#undef HAVE_WORKING_FORK + +/* Define to 1 if `vfork' works. */ +#undef HAVE_WORKING_VFORK + +/* LIBXML2 */ +#undef HAVE_XML2 + +/* HAVE OPENLDAP */ +#undef LDAP_VENDOR_OPENLDAP + +/* HAVE SUN LDAP */ +#undef LDAP_VENDOR_SUN + +/* BSD */ +#undef LIBPKI_TARGET_BSD + +/* HP-UX */ +#undef LIBPKI_TARGET_HPUX + +/* IPHONE */ +#undef LIBPKI_TARGET_IPHONE + +/* Linux */ +#undef LIBPKI_TARGET_LINUX + +/* OSX */ +#undef LIBPKI_TARGET_OSX + +/* Solaris */ +#undef LIBPKI_TARGET_SOLARIS + +/* Define to the sub-directory where libtool stores uninstalled libraries. */ +#undef LT_OBJDIR + +/* Name of package */ +#undef PACKAGE + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the home page for this package. */ +#undef PACKAGE_URL + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* Define to 1 if all of the C90 standard headers exist (not just the ones + required in a freestanding environment). This macro is provided for + backward compatibility; new code need not use it. */ +#undef STDC_HEADERS + +/* Define to 1 if your declares `struct tm'. */ +#undef TM_IN_SYS_TIME + +/* Version number of package */ +#undef VERSION + +/* Define to empty if `const' does not conform to ANSI C. */ +#undef const + +/* Define to rpl_malloc if the replacement function should be used. */ +#undef malloc + +/* Define as a signed integer type capable of holding a process identifier. */ +#undef pid_t + +/* Define as `fork' if `vfork' does not work. */ +#undef vfork diff --git a/src/libpki/config.h.in b/src/libpki/libconf/defines.h.in~ similarity index 100% rename from src/libpki/config.h.in rename to src/libpki/libconf/defines.h.in~ diff --git a/src/libpki/libconf/features.h b/src/libpki/libconf/features.h new file mode 100644 index 00000000..1e519ce0 --- /dev/null +++ b/src/libpki/libconf/features.h @@ -0,0 +1,22 @@ +/* src/libpki/libconf/features.h. Generated from features.h.in by configure. */ +/* features.h.in - enabled features definitions */ + +#ifndef _LIBPKI_FEATURES_H +#define _LIBPKI_FEATURES_H + +/* ECC Support for OpenSSL */ +#define ENABLE_ECDSA 1 + +/* Open Quantum Safe Library */ +/* #undef ENABLE_OQS */ + +/* Open Quantum Safe Library */ +/* #undef ENABLE_OQSPROV */ + +/* Composite Crypto Native OpenSSL Support */ +/* #undef ENABLE_COMPOSITE */ + +/* Combined/Alt Crypto Native OpenSSL Support */ +/* #undef ENABLE_COMBINED */ + +#endif // End of _LIBPKI_FEATURES_H diff --git a/src/libpki/libpki_enables.h.in b/src/libpki/libconf/features.h.in similarity index 88% rename from src/libpki/libpki_enables.h.in rename to src/libpki/libconf/features.h.in index f12e6e08..0b5854bd 100644 --- a/src/libpki/libpki_enables.h.in +++ b/src/libpki/libconf/features.h.in @@ -1,3 +1,4 @@ +/* features.h.in - enabled features definitions */ #ifndef _LIBPKI_FEATURES_H #define _LIBPKI_FEATURES_H diff --git a/src/libpki/libconf/stamp-h1 b/src/libpki/libconf/stamp-h1 new file mode 100644 index 00000000..bc18a334 --- /dev/null +++ b/src/libpki/libconf/stamp-h1 @@ -0,0 +1 @@ +timestamp for src/libpki/libconf/defines.h diff --git a/src/libpki/libconf/stamp-h2 b/src/libpki/libconf/stamp-h2 new file mode 100644 index 00000000..65ce6b22 --- /dev/null +++ b/src/libpki/libconf/stamp-h2 @@ -0,0 +1 @@ +timestamp for src/libpki/libconf/features.h diff --git a/src/libpki/os.h b/src/libpki/libconf/system.h similarity index 94% rename from src/libpki/os.h rename to src/libpki/libconf/system.h index 0c4fd885..9b4a81f2 100644 --- a/src/libpki/os.h +++ b/src/libpki/libconf/system.h @@ -1,16 +1,26 @@ -/* OpenCA libpki package -* (c) 2000-2010 by Massimiliano Pala and OpenCA Group -* All Rights Reserved -* -* =================================================================== -* Released under OpenCA LICENSE -*/ +/* libconf/system.h - LibPKI operating system layer */ -#ifndef _LIBPKI_OS_H -#define _LIBPKI_OS_H +#ifndef _LIBPKI_SYSTEM_H +#define _LIBPKI_SYSTEM_H + +#ifdef __LIB_BUILD__ +#include +#endif #ifndef _LIBPKI_COMPAT_H -#include +#include +#endif + +#ifndef _LIBPKI_FEATURES_H +#include +#endif + +#ifndef _LIBPKI_VERSION_H +#include +#endif + +#ifndef _LIBPKI_CORE_TYPES_H +#include #endif # include @@ -345,24 +355,8 @@ typedef uint64_t pki_uint64_t; #define PKI_THREAD_PROCESS_SHARED PTHREAD_PROCESS_SHARED #define PKI_THREAD_PROCESS_PRIVATE PTHREAD_PROCESS_PRIVATE -#endif - -#ifndef _LIBPKI_ERR_H -#include -#endif - -#ifndef _LIBPKI_PKI_MEMORY_H -#include -#endif +#endif /* LIBPKI_OS_WIN */ -#ifndef _LIBPKI_LOG_H -#include -#endif - -#ifndef _LIBPKI_STACK_H -#include -#endif - -# endif // LIBPKI_OS_CLASS +# endif /* LIBPKI_OS_WIN */ -#endif /* _LIBPKI_OS_H */ +#endif /* _LIBPKI_SYSTEM_H */ diff --git a/src/libpki/libconf/types.h b/src/libpki/libconf/types.h new file mode 100644 index 00000000..4b17baea --- /dev/null +++ b/src/libpki/libconf/types.h @@ -0,0 +1,137 @@ +/* libconf/types.h */ + +#ifndef _LIBPKI_CORE_TYPES_H +#define _LIBPKI_CORE_TYPES_H + +/* PKI Datatypes */ +typedef enum { + + /* Crypto Datatype */ + PKI_TYPE_ANY = 0, + PKI_TYPE_PUBKEY, + PKI_TYPE_PRIVKEY, + PKI_TYPE_SECRET_KEY, + PKI_TYPE_CRED, + + /* X509 object types */ + PKI_TYPE_X509_PRIVKEY, + PKI_TYPE_X509_PUBKEY, + PKI_TYPE_X509_CERT, + PKI_TYPE_X509_CRL, + PKI_TYPE_X509_REQ, + PKI_TYPE_X509_PKCS7, + PKI_TYPE_X509_CMS, + PKI_TYPE_X509_PKCS12, + PKI_TYPE_X509_OCSP_REQ, + PKI_TYPE_X509_OCSP_RESP, + PKI_TYPE_X509_PRQP_REQ, + PKI_TYPE_X509_PRQP_RESP, + PKI_TYPE_X509_CMS_MSG, + PKI_TYPE_X509_XPAIR, + + /* Non-X509 Object types */ + PKI_TYPE_EST_MSG, + PKI_TYPE_SCEP_MSG, + + /* X509 Certificate Types */ + PKI_TYPE_X509_, + PKI_TYPE_X509_CERT_CA, + PKI_TYPE_X509_CERT_EE, + PKI_TYPE_X509_CERT_ROOT, + + /* Special Extensions */ + PKI_TYPE_X509_EXTENSIONS, + PKI_TYPE_X509_EXT_BASIC_CONSTRAINTS, + PKI_TYPE_X509_EXT_KEY_USAGE, + PKI_TYPE_X509_EXT_EXT_KEY_USAGE, + PKI_TYPE_X509_EXT_SUBJECT_KEY_ID, + PKI_TYPE_X509_EXT_AUTH_KEY_ID, + PKI_TYPE_X509_EXT_CRL_DIST_POINTS, + PKI_TYPE_X509_EXT_AUTH_INFO_ACCESS, + PKI_TYPE_X509_EXT_SUBJECT_ALT_NAME, + PKI_TYPE_X509_EXT_ISSUER_ALT_NAME, + PKI_TYPE_X509_EXT_NAME_CONSTRAINTS, + PKI_TYPE_X509_EXT_POLICY_CONSTRAINTS, + PKI_TYPE_X509_EXT_POLICY_MAPPINGS, + + /* Revocation */ + PKI_TYPE_X509_EXT_CRL_NUMBER, + PKI_TYPE_X509_EXT_REASON_CODE, + PKI_TYPE_X509_EXT_INVALIDITY_DATE, + PKI_TYPE_X509_EXT_DELTA_CRL_INDICATOR, + PKI_TYPE_X509_EXT_ISSUING_DIST_POINT, + PKI_TYPE_X509_EXT_FRESHEST_CRL, + + /* Policy */ + PKI_TYPE_X509_EXT_POLICY, + PKI_TYPE_X509_EXT_POLICY_CONSTRAINTS, + PKI_TYPE_X509_EXT_POLICY_MAPPINGS, + PKI_TYPE_X509_EXT_INHIBIT_ANY_POLICY, + + /* X509 data types */ + PKI_TYPE_X509_ALGOR, + PKI_TYPE_X509_SERIAL, + PKI_TYPE_X509_VERSION, + PKI_TYPE_X509_SUBJECT, + PKI_TYPE_X509_ISSUER, + PKI_TYPE_X509_VALIDITY, + PKI_TYPE_X509_SIGNATURE, + PKI_TYPE_X509_PUBKEY, + PKI_TYPE_X509_EXTENSION, + PKI_TYPE_X509_OBJECT, + PKI_TYPE_X509_NOTBEFORE, + PKI_TYPE_X509_NOTAFTER, + PKI_TYPE_X509_THISUPDATE, + PKI_TYPE_X509_LASTUPDATE, + PKI_TYPE_X509_NEXTUPDATE, + PKI_TYPE_X509_PRODUCEDAT, + PKI_TYPE_X509_ALGORITHM, + PKI_TYPE_X509_KEYSIZE, + PKI_TYPE_X509_KEYPAIR_VALUE, + PKI_TYPE_X509_X509_PUBKEY, + PKI_TYPE_X509_PUBKEY_BITSTRING, + PKI_TYPE_X509_PRIVKEY, + PKI_TYPE_X509_SIGNATURE, + PKI_TYPE_X509_SIGNATURE_ALG1, + PKI_TYPE_X509_SIGNATURE_ALG2, + PKI_TYPE_X509_NONCE, + + /* X500 Names */ + PKI_TYPE_X500_CN, + PKI_TYPE_X500_C, + PKI_TYPE_X500_L, + PKI_TYPE_X500_ST, + PKI_TYPE_X500_O, + PKI_TYPE_X500_OU, + PKI_TYPE_X500_EMAIL, + PKI_TYPE_X500_UID, + PKI_TYPE_X500_DC, + PKI_TYPE_X500_SN, + + /* Certificate Types */ + PKI_TYPE_X509_CA, + PKI_TYPE_X509_ROOT, + PKI_TYPE_X509_END_ENTITY, + + /* Trust Settings (PKCS#11 driver)*/ + PKI_TYPE_TRUST_ROOT, + PKI_TYPE_TRUST_OTHER, + PKI_TYPE_TRUST_DEPRECATED, + + /* Data Format */ + PKI_TYPE_FORMAT_RAW, + PKI_TYPE_FORMAT_B64, + PKI_TYPE_FORMAT_ASN1, + PKI_TYPE_FORMAT_PEM, + PKI_TYPE_FORMAT_TXT, + PKI_TYPE_FORMAT_XML, + PKI_TYPE_FORMAT_URL, + + /* Custom Type */ + PKI_TYPE_CUSTOM, +} PKI_TYPE; + +/* \brief Maximum value for PKI_TYPE */ +#define PKI_TYPE_MAX PKI_TYPE_CUSTOM + +#endif /* _LIBPKI_CORE_TYPES_H */ diff --git a/src/libpki/libpkiv.h.in b/src/libpki/libconf/version.h similarity index 93% rename from src/libpki/libpkiv.h.in rename to src/libpki/libconf/version.h index e24d2d63..01501be2 100644 --- a/src/libpki/libpkiv.h.in +++ b/src/libpki/libconf/version.h @@ -1,10 +1,13 @@ +/* libpkiv.h.in - LibPKI Version Header */ + +#ifndef _LIBPKI_COMPAT_H +#include +#endif #ifndef LIBPKI_VERSION_H # define LIBPKI_VERSION_H -#ifdef __cplusplus -extern "C" { -#endif +BEGIN_C_DECLS // Shared Lib Major Version # define LIBPKI_SHLIB_VERSION_HISTORY "@shlib_history@" @@ -47,8 +50,6 @@ extern "C" { # define LIBPKI_BUILD_DATE_MIN_TEXT "@min@" # define LIBPKI_BUILD_DATE_SEC_TEXT "@sec@" -#ifdef __cplusplus -} -#endif +END_C_DECLS #endif // End of LIBPKI_VERSION_H diff --git a/src/libpki/libconf/version.h.in b/src/libpki/libconf/version.h.in new file mode 100644 index 00000000..01501be2 --- /dev/null +++ b/src/libpki/libconf/version.h.in @@ -0,0 +1,55 @@ +/* libpkiv.h.in - LibPKI Version Header */ + +#ifndef _LIBPKI_COMPAT_H +#include +#endif + +#ifndef LIBPKI_VERSION_H +# define LIBPKI_VERSION_H + +BEGIN_C_DECLS + +// Shared Lib Major Version +# define LIBPKI_SHLIB_VERSION_HISTORY "@shlib_history@" +# define LIBPKI_SHLIB_VERSION_NUMBER "@shlib_version@" + +// Breakdown of version numbers +# define LIBPKI_VERSION_MAJOR 0x@lib_major@ +# define LIBPKI_VERSION_MINOR 0x@lib_minor@ +# define LIBPKI_VERSION_MICRO 0x@lib_micro@ +# define LIBPKI_VERSION_REVISION 0x@lib_revision@ + +// Generic value to use in pre-processing +# define LIBPKI_VERSION_NUMBER 0x@lib_major@@lib_minor@@lib_micro@@lib_revision@L + +// Useful for debugging/info purposes +# define LIBPKI_VERSION_TEXT "LibPKI v@PACKAGE_VERSION@@txt_revision@" + +// Build date +# define LIBPKI_BUILD_DATE_TEXT "@BUILD_DATE@" +# define LIBPKI_BUILD_DATE_TEXT_PRETTY "@BUILD_DATE_PRETTY@" +# define LIBPKI_BUILD_DATE_TEXT_FULL "@BUILD_DATE_FULL@" +# define LIBPKI_BUILD_DATE_NUMBER 0x@yr@@mon@@day@@hr@@min@@sec@ + +// Build Support Libraries Versions +# define LIBPKI_BUILD_OPENSSL_VERSION_TEXT OPENSSL_VERSION_TEXT +# define LIBPKI_BUILD_OPENSSL_VERSION_NUMBER OPENSSL_VERSION_NUMBER + +// Useful Build Dates +# define LIBPKI_BUILD_DATE_YEAR @yr@ +# define LIBPKI_BUILD_DATE_MONTH @mon@ +# define LIBPKI_BUILD_DATE_DAY @day@ +# define LIBPKI_BUILD_DATE_HOUR @hr@ +# define LIBPKI_BUILD_DATE_MIN @min@ +# define LIBPKI_BUILD_DATE_SEC @sec@ + +# define LIBPKI_BUILD_DATE_YEAR_TEXT "@yr@" +# define LIBPKI_BUILD_DATE_MONTH_TEXT "@mon@" +# define LIBPKI_BUILD_DATE_DAY_TEXT "@day@" +# define LIBPKI_BUILD_DATE_HOUR_TEXT "@hr@" +# define LIBPKI_BUILD_DATE_MIN_TEXT "@min@" +# define LIBPKI_BUILD_DATE_SEC_TEXT "@sec@" + +END_C_DECLS + +#endif // End of LIBPKI_VERSION_H diff --git a/src/libpki/openssl/pqc/pqc_defs.h b/src/libpki/openssl/pqc/pqc_defs.h deleted file mode 100644 index a0abe39c..00000000 --- a/src/libpki/openssl/pqc/pqc_defs.h +++ /dev/null @@ -1,117 +0,0 @@ -/* OpenCA libpki package -* (c) 2000-2006 by Massimiliano Pala and OpenCA Group -* All Rights Reserved -* -* =================================================================== -* Released under OpenCA LICENSE -*/ - -#ifndef _LIBPKI_PQC_DEFS_H -#define _LIBPKI_PQC_DEFS_H - -// Include the library configuration -#ifdef __LIB_BUILD__ -#include -#else -#include -#endif - -#ifdef ENABLE_OQS -# ifndef OQS_H -# include -# endif -#endif - -// =============== -// OQS definitions -// =============== - -#define SIZE_OF_UINT32 4 -#define ENCODE_UINT32(pbuf, i) (pbuf)[0] = (unsigned char)((i>>24) & 0xff); \ - (pbuf)[1] = (unsigned char)((i>>16) & 0xff); \ - (pbuf)[2] = (unsigned char)((i>> 8) & 0xff); \ - (pbuf)[3] = (unsigned char)((i ) & 0xff) -#define DECODE_UINT32(i, pbuf) i = ((uint32_t) (pbuf)[0]) << 24; \ - i |= ((uint32_t) (pbuf)[1]) << 16; \ - i |= ((uint32_t) (pbuf)[2]) << 8; \ - i |= ((uint32_t) (pbuf)[3]) - - -// ======================= -// PKEY ASN.1 Method Macro -// ======================= - -/* -// #define DECLARE_OQS_EVP_PKEY_ASN1_METHOD(ALG) -// extern EVP_PKEY_ASN1_METHOD ALG##_ASN1_METH -*/ - -#define DEFINE_OQS_EVP_PKEY_ASN1_METHOD(ALG, NID_ALG, SHORT_NAME, LONG_NAME) \ -EVP_PKEY_ASN1_METHOD ALG##_ASN1_METH = { \ - NID_ALG, \ - NID_ALG, \ - 0, \ - SHORT_NAME, \ - LONG_NAME, \ - oqs_pub_decode, \ - oqs_pub_encode, \ - oqs_pub_cmp, \ - oqs_pub_print, \ - oqs_priv_decode, \ - oqs_priv_encode, \ - oqs_priv_print, \ - oqs_size, \ - oqs_bits, \ - oqs_security_bits, \ - 0, 0, 0, 0, \ - oqs_cmp_parameters, \ - 0, 0, \ - oqs_free, \ - oqs_ameth_pkey_ctrl, \ - 0, 0, \ - oqs_item_verify, \ - oqs_item_sign_##ALG, \ - oqs_sig_info_set_##ALG, \ - 0, 0, 0, 0, 0, \ -}; - -// ================= -// PKEY Method Macro -// ================= - -/* -// #define DECLARE_OQS_EVP_PKEY_METHOD(ALG) -// extern const EVP_PKEY_METHOD ALG##_PKEY_METH -*/ - -#define DEFINE_OQS_EVP_PKEY_METHOD(ALG, NID_ALG) \ -const EVP_PKEY_METHOD ALG##_PKEY_METH = { \ - NID_ALG, EVP_PKEY_FLAG_SIGCTX_CUSTOM, \ - 0, pkey_oqs_copy, 0, 0, 0, 0, \ - pkey_oqs_keygen, \ - pkey_oqs_sign_init, pkey_oqs_sign, \ - pkey_oqs_verify_init, pkey_oqs_verify, \ - 0, 0, \ - pkey_oqs_signctx_init, pkey_oqs_signctx, \ - pkey_oqs_verifyctx_init, pkey_oqs_verifyctx, \ - 0, 0, 0, 0, 0, 0, \ - pkey_oqs_ctrl, \ - 0, \ - pkey_oqs_digestsign, \ - pkey_oqs_digestverify, \ - 0, 0, 0, \ - pkey_oqs_digestcustom \ -}; - -// ==================== -// OQS EVP Method Macro -// ==================== - -#define DEFINE_OQS_EVP_METHODS(ALG, NID_ALG, SHORT_NAME, LONG_NAME) \ -DEFINE_OQS_ITEM_SIGN(ALG, NID_ALG) \ -DEFINE_OQS_SIGN_INFO_SET(ALG, NID_ALG) \ -DEFINE_OQS_EVP_PKEY_METHOD(ALG, NID_ALG) \ -DEFINE_OQS_EVP_PKEY_ASN1_METHOD(ALG, NID_ALG, SHORT_NAME, LONG_NAME) - - -#endif // End of _LIBPKI_PQC_DEFS_H \ No newline at end of file diff --git a/src/libpki/openssl/pqc/pqc_init.h b/src/libpki/openssl/pqc/pqc_init.h deleted file mode 100644 index 808b02df..00000000 --- a/src/libpki/openssl/pqc/pqc_init.h +++ /dev/null @@ -1,36 +0,0 @@ -/* OpenCA libpki package -* (c) 2000-2006 by Massimiliano Pala and OpenCA Group -* All Rights Reserved -* -* =================================================================== -* Released under OpenCA LICENSE -*/ - -#ifndef _LIBPKI_PQC_INIT_H -#define _LIBPKI_PQC_INIT_H - -#ifndef _LIBPKI_OS_H -#include -#endif - -#ifndef _LIBPKI_COMPAT_H -#include -#endif - -#ifndef _LIBPKI_OID_DEFS_H -#include -#endif - -#ifndef _LIBPKI_PQC_DEFS_H -#include -#endif - -BEGIN_C_DECLS - -int PKI_PQC_init(); - -int PKI_PQC_PKEY_new(char * name, int flags); - -END_C_DECLS - -#endif // End of _LIBPKI_PQC_INIT_H \ No newline at end of file diff --git a/src/libpki/pki_digest.h b/src/libpki/pki_digest.h deleted file mode 100644 index 368ad258..00000000 --- a/src/libpki/pki_digest.h +++ /dev/null @@ -1,47 +0,0 @@ -/* libpki/pki_digest.h */ - -#ifndef _LIBPKI_DIGEST_H -#define _LIBPKI_DIGEST_H - - -void PKI_DIGEST_free(PKI_DIGEST *data); - -PKI_DIGEST *PKI_DIGEST_new(const PKI_DIGEST_ALG * alg, - const unsigned char * data, - size_t size); - -int PKI_DIGEST_new_value(unsigned char ** dst_buf, - const PKI_DIGEST_ALG * alg, - const unsigned char * data, - size_t size); - -PKI_DIGEST *PKI_DIGEST_new_by_name(const char * alg_name, - const unsigned char * data, - size_t size); - -PKI_DIGEST *PKI_DIGEST_MEM_new(const PKI_DIGEST_ALG * alg, - const PKI_MEM * data); - -PKI_DIGEST *PKI_DIGEST_MEM_new_by_name(const char * alg_name, - const PKI_MEM * data); - -PKI_DIGEST *PKI_DIGEST_URL_new(const PKI_DIGEST_ALG * alg, - const URL * url); - -PKI_DIGEST *PKI_DIGEST_URL_new_by_name(const char * alg_name, - const URL * url); - -ssize_t PKI_DIGEST_get_size(const PKI_DIGEST_ALG *alg); - -int PKI_DIGEST_get_size_by_name(const char *alg_name); - -const unsigned char * PKI_DIGEST_get_value(const PKI_DIGEST *digest); - -size_t PKI_DIGEST_get_value_size(const PKI_DIGEST *dgst); - -char * PKI_DIGEST_get_parsed(const PKI_DIGEST *digest); - -/* Default Algorithm */ -#define PKI_DIGEST_DEFAULT_ALG PKI_DIGEST_ALG_SHA256 - -#endif diff --git a/src/libpki/pki_hmac.h b/src/libpki/pki_hmac.h deleted file mode 100644 index 8d641bd4..00000000 --- a/src/libpki/pki_hmac.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * LIBPKI - OpenSource PKI library - * by Massimiliano Pala (madwolf@openca.org) and OpenCA project - * - * Copyright (c) 2001-2013 The OpenCA Project. All rights reserved. - * - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* Functions prototypes*/ - -#ifndef _LIBPKI_PKI_HMAC_H -#define _LIBPKI_PKI_HMAC_H - -typedef struct pki_hmac_st { - - // Digest Algoritm to use. Default is SHA-1 - PKI_DIGEST_ALG *digestAlg; - - // Keeps track of the initialization status (0 = false, 1 = true) - int initialized; - - // The PKI_MEM that retains the current value (available after finalize) - PKI_MEM *value; - - // The PKI_MEM that holds the key to be used - PKI_MEM *key; - - // Internal Use - HMAC_CTX *ctx; - -} PKI_HMAC; - -PKI_HMAC *PKI_HMAC_new_null(void); -PKI_HMAC *PKI_HMAC_new(unsigned char *key, size_t key_size, PKI_DIGEST_ALG *digest, HSM *hsm); -PKI_HMAC *PKI_HMAC_new_mem(PKI_MEM *key, PKI_DIGEST_ALG *digest, HSM *hsm); - -int PKI_HMAC_init(PKI_HMAC *hmac, unsigned char *key, size_t key_size, PKI_DIGEST_ALG *digest, HSM *hsm); - -int PKI_HMAC_update(PKI_HMAC *hmac, unsigned char *data, size_t data_size); -int PKI_HMAC_update_mem(PKI_HMAC *hmac, PKI_MEM *data); - -int PKI_HMAC_finalize(PKI_HMAC *hmac); - -PKI_MEM *PKI_HMAC_get_value(PKI_HMAC *hmac); -PKI_MEM *PKI_HMAC_get_value_b64(PKI_HMAC *hmac); - -void PKI_HMAC_free(PKI_HMAC *hmac); - -#endif diff --git a/src/libpki/pki_kdf.h b/src/libpki/pki_kdf.h deleted file mode 100644 index 00cab782..00000000 --- a/src/libpki/pki_kdf.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * LIBPKI - OpenSource PKI library - * by Massimiliano Pala (madwolf@openca.org) and OpenCA project - * - * Copyright (c) 2001-2013 The OpenCA Project. All rights reserved. - * - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* Functions prototypes*/ - -#ifndef _LIBPKI_PKI_KDF_H -#define _LIBPKI_PKI_KDF_H - -#ifndef OPENSSL_EVP_H -#include -#endif - -#ifndef OPENSSL_KDF_H -#include -#endif - -int PKI_KDF_derive(const EVP_MD * md, - unsigned char * label, - size_t labelen, - unsigned char * key, - size_t keylen, - unsigned char * data, - size_t datalen, - unsigned char ** out, - size_t * outlen); - -#endif diff --git a/src/libpki/pki_keypair.h b/src/libpki/pki_keypair.h deleted file mode 100644 index c90730f4..00000000 --- a/src/libpki/pki_keypair.h +++ /dev/null @@ -1,273 +0,0 @@ -/* pki_keypair.h */ - -#ifndef _LIBPKI_X509_KEYPAIR_HEADER_H -#define _LIBPKI_X509_KEYPAIR_HEADER_H - -#ifdef _LIBPKI_HEADER_DATA_ST_H -#include -#endif - -#ifndef _LIBPKI_PKI_DATATYPES_H -#include -#endif - -typedef struct pw_cb_data { - const void *password; - const char *prompt_info; -} PW_CB_DATA; - -#define PKI_X509_KEYPAIR_new_RSA(a,l,c,h) \ - PKI_X509_KEYPAIR_new( PKI_SCHEME_RSA,a,l,c,h ); - -#define PKI_X509_KEYPAIR_new_DSA(a,l,c,h) \ - PKI_X509_KEYPAIR_new( PKI_SCHEME_DSA,a,l,c,h ); - -#ifdef ENABLE_ECDSA -#define PKI_X509_KEYPAIR_new_ECDSA(a,l,c,h) \ - PKI_X509_KEYPAIR_new(PKI_SCHEME_ECDSA,a,l,c,h); -#endif - -/* ------------------------ Memory Management ----------------------- */ - -PKI_X509_KEYPAIR *PKI_X509_KEYPAIR_new_null (); - -void PKI_X509_KEYPAIR_free( PKI_X509_KEYPAIR *key ); - -void PKI_X509_KEYPAIR_free_void ( void *key ); - -PKI_X509_KEYPAIR *PKI_X509_KEYPAIR_new(PKI_SCHEME_ID type, - int bits, - char * label, - PKI_CRED * cred, - HSM * hsm); - -PKI_X509_KEYPAIR *PKI_X509_KEYPAIR_new_kp(PKI_KEYPARAMS * kp, - char * label, - PKI_CRED * cred, - HSM * hsm); - -PKI_X509_KEYPAIR *PKI_X509_KEYPAIR_new_url(PKI_SCHEME_ID type, - int bits, - URL * url, - PKI_CRED * cred, - HSM * hsm); - -PKI_X509_KEYPAIR *PKI_X509_KEYPAIR_new_url_kp(PKI_KEYPARAMS * kp, - URL * url, - PKI_CRED * cred, - HSM * hsm); - -/* ------------------------ General Functions ----------------------- */ - -char *PKI_X509_KEYPAIR_get_parsed(const PKI_X509_KEYPAIR *pkey ); - -PKI_SCHEME_ID PKI_X509_KEYPAIR_get_scheme(const PKI_X509_KEYPAIR *k); - -PKI_X509_ALGOR_VALUE * PKI_X509_KEYPAIR_get_algor(const PKI_X509_KEYPAIR * k, - const PKI_DIGEST_ALG * digest); - -int PKI_X509_KEYPAIR_get_id(const PKI_X509_KEYPAIR * key); - -int PKI_X509_KEYPAIR_VALUE_get_id(const PKI_X509_KEYPAIR_VALUE * pkey); - -// /*! -// * \brief Returns the OSSL key type of the keypair -// * -// * This function returns the OSSL key type of the keypair. The -// * returned value can be used to compare with PKEY_METHOD backed -// * keys. -// * -// * @param pkey A pointer to the PKI_X509_KEYPAIR_VALUE data structure -// * @return The OSSL key type of the keypair (int) -// */ -// int PKI_X509_KEYPAIR_get_ossl_type(const PKI_X509_KEYPAIR * pkey); - -// /*! -// * @brief Returns the OSSL key type of the keypair value -// * -// * This function returns the OSSL key type of the keypair value. The -// * returned value can be used to compare with PKEY_METHOD backed -// * keys (e.g., type == EVP_PKEY_RSA) -// * -// * @param pkey A pointer to the PKI_X509_KEYPAIR_VALUE data structure -// * @return The OSSL key type of the keypair value (int) -// */ -// int PKI_X509_KEYPAIR_VALUE_get_ossl_type(const PKI_X509_KEYPAIR_VALUE * pkey); - -/// @brief Returns the ID of the default digest algorithm for a PKI_X509_KEYPAIR -/// @param key A PKI_X509_KEYPAIR data structure -/// @return The PKI_ID of the identified algorithm or PKI_ID_UNKNOWN -int PKI_X509_KEYPAIR_get_default_digest(const PKI_X509_KEYPAIR * key); - -/// @brief Returns the ID of the default digest algorithm for a PKI_X509_KEYPAIR_VALUE -/// @param pkey A PKI_X509_KEYPAIR_VALUE data structure -/// @return The PKI_ID of the identified algorithm or PKI_ID_UKNOWN -int PKI_X509_KEYPAIR_VALUE_get_default_digest(const PKI_X509_KEYPAIR_VALUE * pkey); - -/*! - * @brief Checks if a kepair requires a digest algorithm for signing - * @param k The PKI_X509_KEYPAIR data structure - * @return PKI_OK if a digest is required, PKI_ERR otherwise - */ -int PKI_X509_KEYPAIR_requires_digest(const PKI_X509_KEYPAIR * k); - -/*! - * @brief Checks if a kepair requires a digest algorithm for signing - * @param k The PKI_X509_KEYPAIR_VALUE data structure - * @return PKI_OK if a digest is required, PKI_ERR otherwise - */ -int PKI_X509_KEYPAIR_VALUE_requires_digest(const PKI_X509_KEYPAIR_VALUE * pkey); - -/// @brief Returns PKI_OK if the digest algorithm is supported by the Public Key -/// @param k A pointer to the PKI_X509_KEYPAIR data structure -/// @param digest A pointer to te PKI_DIGEST_ALG -/// @return The PKI_OK value if the digest is supported, PKI_ERR otherwise -int PKI_X509_KEYPAIR_is_digest_supported(const PKI_X509_KEYPAIR * k, const PKI_DIGEST_ALG * digest); - -/// @brief Returns if the passed digest is supported by the Public Key -/// @param k A pointer to the PKI_X509_KEYPAIR_VALUE data structure -/// @param digest A pointer to te PKI_DIGEST_ALG -/// @return The PKI_OK value if the digest is supported, PKI_ERR otherwise -int PKI_X509_KEYPAIR_VALUE_is_digest_supported(const PKI_X509_KEYPAIR_VALUE * pkey, const PKI_DIGEST_ALG * digest); - -int PKI_X509_KEYPAIR_get_size(const PKI_X509_KEYPAIR *k); - -PKI_MEM *PKI_X509_KEYPAIR_get_pubkey(const PKI_X509_KEYPAIR *kp); - -PKI_MEM *PKI_X509_KEYPAIR_get_privkey(const PKI_X509_KEYPAIR *kp); - -PKI_DIGEST *PKI_X509_KEYPAIR_VALUE_pub_digest(const PKI_X509_KEYPAIR_VALUE * pkey, - const PKI_DIGEST_ALG * md ); - -PKI_SCHEME_ID PKI_X509_KEYPAIR_VALUE_get_scheme(const PKI_X509_KEYPAIR_VALUE *pVal); - -PKI_X509_ALGOR_VALUE * PKI_X509_KEYPAIR_VALUE_get_algor (const PKI_X509_KEYPAIR_VALUE * pVal, - const PKI_ID digest_id); - -int PKI_X509_KEYPAIR_VALUE_get_size (const PKI_X509_KEYPAIR_VALUE *pKey ); - -PKI_DIGEST *PKI_X509_KEYPAIR_pub_digest (const PKI_X509_KEYPAIR * pkey, - const PKI_DIGEST_ALG * md); - -/* ------------------------ EC Specific ------------------------------ */ - -/*! - * \brief Returns the PKI_ID of the EC curve of the Key (EC keys only) - */ -int PKI_X509_KEYPAIR_get_curve(const PKI_X509_KEYPAIR *kp); - -/* ----------------------- PKCS#8 Format ----------------------------- */ - -PKI_MEM *PKI_X509_KEYPAIR_VALUE_get_p8 (const PKI_X509_KEYPAIR_VALUE * pkey ); - -PKI_MEM *PKI_X509_KEYPAIR_get_p8(const PKI_X509_KEYPAIR *key ); - -PKI_X509_KEYPAIR_VALUE *PKI_X509_KEYPAIR_VALUE_new_p8(const PKI_MEM *buf ); - -PKI_X509_KEYPAIR *PKI_X509_KEYPAIR_new_p8(const PKI_MEM *buf ); - -/* --------------------- PKEY Encrypt/Decrypt --------------------------- */ - -/*! @brief This function encrypts the input data under a keypair and a padding scheme. - * - * @param pVal is the PKI_X509_KEYPAIR_VALUE that will be used for encryption - * @param data is the pointer to the input data - * @param data_len is the size of the input data - * @param pad is the padding scheme to use (def. OAEP) - * @return A pointer to a PKI_MEM structure that contains the encrypted data. - */ -PKI_MEM * PKI_X509_KEYPAIR_VALUE_encrypt(const PKI_X509_KEYPAIR_VALUE * pVal, - const unsigned char * const data, - size_t const data_len, - int const flags); - -/*! @brief This function encrypts the input data under a keypair and a padding scheme. - * - * @param pVal is the PKI_X509_KEYPAIR that will be used for encryption - * @param data is the pointer to the input data - * @param data_len is the size of the input data - * @param pad is the padding scheme to use (def. OAEP) - * @return A pointer to a PKI_MEM structure that contains the encrypted data. - */ -PKI_MEM * PKI_X509_KEYPAIR_encrypt(const PKI_X509_KEYPAIR * keypair, - const unsigned char * const data, - size_t const data_len, - int const flags); - -/*! @brief This function decrypts the input data via a keypair and a padding scheme. - * - * @param pVal is the PKI_X509_KEYPAIR_VALUE that was used to encrypt the data - * @param data is the pointer to the encrypted data - * @param data_len is the length of the encrypted data (bytes) - * @param padding is the selected padding mode (def. OAEP) - * @return a pointer to a PKI_MEM that contains the decrypted data. - */ -PKI_MEM * PKI_X509_KEYPAIR_VALUE_decrypt(const PKI_X509_KEYPAIR_VALUE * pVal, - const unsigned char * const data, - size_t const data_len, - int const flags); - -/*! @brief This function decrypts the input data via a keypair and a padding scheme. - * - * @param pVal is the PKI_X509_KEYPAIR that was used to encrypt the data - * @param data is the pointer to the encrypted data - * @param data_len is the length of the encrypted data (bytes) - * @param padding is the selected padding mode (def. OAEP) - * @return a pointer to a PKI_MEM that contains the decrypted data. - */ -PKI_MEM * PKI_X509_KEYPAIR_decrypt(const PKI_X509_KEYPAIR * keypair, - const unsigned char * const data, - size_t const data_len, - int const flags); - -/*! \brief Exports a raw public key value into a PKI_MEM - * - * This function returns the internal structure of a public key in - * its DER representation from a PKI_X509_KEYPAIR data structure. - * For example, for RSA keys this function exports the following - * data: - * - * rsaKey := SEQUENCE { - * modulus INTEGER, - * publicExponent INTEGER } - * - * in DER format in the output buffer. If the @pki_mem parameter - * or the deferred pointer (@*pki_mem) are NULL, a new PKI_MEM - * structure will be allocated and returned. In case the *pki_mem - * is not NULL, the passed PKI_MEM structure will be used (if - * any data is present it will be first freed with PKI_Free). - * The function returns NULL in case of errors. - * - * @param k_val The pointer to the PKI_X509_KEYPAIR to use - * @param pki_mem The output structure where to store the data - * @retval A pointer to the PKI_MEM with the retrieved data. -*/ -PKI_MEM *PKI_X509_KEYPAIR_get_public_bitstring(const PKI_X509_KEYPAIR * const k_val, - PKI_MEM ** pki_mem); - -/*! \brief Exports a raw public key value into a PKI_MEM - * - * This function returns the internal structure of a public key in - * its DER representation from a PKI_X509_KEYPAIR_VALUE pointer. - * For example, for RSA keys this function exports the following - * data: - * - * rsaKey := SEQUENCE { - * modulus INTEGER, - * publicExponent INTEGER } - * - * in DER format in the output buffer. If the @pki_mem parameter - * or the deferred pointer (@*pki_mem) are NULL, a new PKI_MEM - * structure will be allocated and returned. In case the *pki_mem - * is not NULL, the passed PKI_MEM structure will be used (if - * any data is present it will be first freed with PKI_Free). - * The function returns NULL in case of errors. - * - * @param k_val The pointer to the PKI_X509_KEYPAIR_VALUE to use - * @param pki_mem The output structure where to store the data - * @retval A pointer to the PKI_MEM with the retrieved data. -*/ -PKI_MEM *PKI_X509_KEYPAIR_VALUE_get_public_bitstring(const PKI_X509_KEYPAIR_VALUE * const k_val, - PKI_MEM ** pki_mem); - -#endif diff --git a/src/libpki/pki_keyparams.h b/src/libpki/pki_keyparams.h deleted file mode 100644 index a6258320..00000000 --- a/src/libpki/pki_keyparams.h +++ /dev/null @@ -1,73 +0,0 @@ -/* openssl/pki_keyparams.c */ - -#ifndef _LIBPKI_PKI_KEYPARAMS_H -#define _LIBPKI_PKI_KEYPARAMS_H - -/* Memory Management */ -PKI_KEYPARAMS *PKI_KEYPARAMS_new(PKI_SCHEME_ID scheme, - const PKI_X509_PROFILE *prof); - -void PKI_KEYPARAMS_free(PKI_KEYPARAMS *kp); - -/* Functions */ -PKI_SCHEME_ID PKI_KEYPARAMS_get_type(const PKI_KEYPARAMS *kp ); - - -/*! - * @brief Sets the scheme and security bits in the PKI_KEYPARAMS structure - * - * This function sets the scheme and security bits in the PKI_KEYPARAMS - * structure. If the scheme is not supported, the function will return - * PKI_ERR. - * - * @param kp The PKI_KEYPARAMS structure to set - * @param scheme_id The requested scheme to set in the structure - * @param sec_bits The requested security bits - * @retval PKI_OK on success, PKI_ERR on failure - */ -int PKI_KEYPARAMS_set_scheme(PKI_KEYPARAMS * kp, PKI_SCHEME_ID schemeId, int sec_bits); - -int PKI_KEYPARAMS_set_security_bits(PKI_KEYPARAMS * kp, int sec_bits); - -/*! - * \brief Sets the bits size for key generation - * - * This function sets the bits size for key generation. If the bits - * size is not supported, the function will return PKI_ERR. - * - * @param kp The PKI_KEYPARAMS structure to set - * @param bits The requested bits size - * @retval PKI_OK on success, PKI_ERR on failure - */ -int PKI_KEYPARAMS_set_key_size(PKI_KEYPARAMS * kp, int bits); - -int PKI_KEYPARAMS_set_curve(PKI_KEYPARAMS * kp, - const char * curveName, - PKI_EC_KEY_FORM curveForm, - PKI_EC_KEY_ASN1 ans1flags); - -// ======================== -// Composite Crypto Support -// ======================== - -#ifdef ENABLE_COMPOSITE - -/*! \brief Adds a key to the list of keys for Composite keys */ -int PKI_KEYPARAMS_add_key(PKI_KEYPARAMS * kp, PKI_X509_KEYPAIR * key); - -/*! \brief Sets the k_of_n parameter for Composite keys */ -int PKI_KEYPARAMS_set_kofn(PKI_KEYPARAMS * kp, int kofn); - -#endif // End of ENABLE_COMPOSITE - -// ========================= -// Open Quantum Safe Support -// ========================= - -#if defined(ENABLE_OQS) || defined(ENABLE_OQSPROV) - -int PKI_KEYPARAMS_set_oqs_key_params(PKI_KEYPARAMS * kp, PKI_ALGOR_OQS_PARAM algParam); - -#endif // End of ENABLE_OQS - -#endif // _LIBPKI_PKI_KEYPARAMS_H diff --git a/src/libpki/pki_rand.h b/src/libpki/pki_rand.h deleted file mode 100644 index d0ceade0..00000000 --- a/src/libpki/pki_rand.h +++ /dev/null @@ -1,19 +0,0 @@ -/* libpki/pki_algor.h */ - -#ifndef _LIBPKI_PKI_RAND_H -#define _LIBPKI_PKI_RAND_H - -#ifndef _LIBPKI_OS_H -#include -#endif - -/*! - * @brief Returns an array of random bytes - * @param buf The buffer to store the random bytes - * @param num The size of the buffer - * @return PKI_OK if the operation was successful, PKI_ERR otherwise - */ -int PKI_RAND_get( unsigned char **buf, size_t size); - -#endif - diff --git a/src/libpki/pki_x509.h b/src/libpki/pki_x509.h deleted file mode 100644 index 649f5ef8..00000000 --- a/src/libpki/pki_x509.h +++ /dev/null @@ -1,79 +0,0 @@ -/* PKI_X509 object management */ - -#ifndef _LIBPKI_PKI_X509_H -#define _LIBPKI_PKI_X509_H - -#ifndef _LIBPKI_HSM_MAIN_H -#include -#endif - -// =================== -// Function Prototypes -// =================== - -const PKI_X509_CALLBACKS *PKI_X509_CALLBACKS_get ( PKI_DATATYPE type, struct hsm_st *hsm ); - -PKI_X509 *PKI_X509_new ( PKI_DATATYPE type, struct hsm_st *hsm ); -PKI_X509 *PKI_X509_new_value(PKI_DATATYPE type, void *data, struct hsm_st *hsm); -PKI_X509 *PKI_X509_new_dup_value(PKI_DATATYPE type, const void *data, struct hsm_st *hsm); - -void PKI_X509_free_void ( void *x ); -void PKI_X509_free ( PKI_X509 *x ); - -int PKI_X509_set_modified ( PKI_X509 *x ); - -int PKI_X509_set_hsm ( PKI_X509 *x, struct hsm_st *hsm ); -struct hsm_st *PKI_X509_get_hsm (const PKI_X509 *x ); -int PKI_X509_set_reference ( PKI_X509 *x, URL *url ); -URL *PKI_X509_get_reference (const PKI_X509 *x ); - -PKI_X509 * PKI_X509_dup (const PKI_X509 *x ); -void * PKI_X509_dup_value (const PKI_X509 *x ); - -void * PKI_X509_get_value (const PKI_X509 *x ); -int PKI_X509_set_value ( PKI_X509 *x, void *data ); -PKI_DATATYPE PKI_X509_get_type (const PKI_X509 *x ); -const char * PKI_X509_get_type_parsed (const PKI_X509 *obj ); - -int PKI_X509_is_signed(const PKI_X509 *obj ); - -PKI_MEM * PKI_X509_VALUE_get_tbs_asn1(const void * v, - const PKI_DATATYPE type); - -/*! \brief Returns the DER encoded version of the toBeSigned portion of the PKI_X509_VALUE structure */ -PKI_MEM * PKI_X509_get_tbs_asn1(const PKI_X509 *x); - -void * PKI_X509_get_data (const PKI_X509 *x, PKI_X509_DATA type ); - -/*! \brief Returns the parsed (char *, int *, etc.) version of the data in a PKI_X509 object */ -void * PKI_X509_get_parsed (const PKI_X509 *x, PKI_X509_DATA type ); - -/*! \brief Prints the parsed data from a PKI_X509 object to a file descriptor */ -int PKI_X509_print_parsed (const PKI_X509 *x, PKI_X509_DATA type, int fd ); - -/*! \brief Deletes the hard copy (eg., file, hsm file, etc.) of a PKI_X509 object. */ -int PKI_X509_delete ( PKI_X509 *x ); - -/*! \brief Attaches (transfers ownership) the value to the PKI_X509 object. */ -int PKI_X509_attach(PKI_X509 * x, PKI_DATATYPE type, void * data, HSM * hsm); - -/*! \brief Detaches (sets to NULL) and returns the internal value. */ -int PKI_X509_detach(PKI_X509 * x, void ** data, PKI_DATATYPE * type, HSM **hsm); - -/*! \brief Sets the Aux Data into an PKI_X509 structure */ -int PKI_X509_aux_data_set (PKI_X509 * x, - void * data, - void (*data_free_func)(void *), - void * (*data_dup_func )(void *)); - -void * PKI_X509_aux_data_get(PKI_X509 * x); - -void * PKI_X509_aux_data_dup(PKI_X509 * x); - -int PKI_X509_aux_data_del(PKI_X509 * x); - -int PKI_X509_set_status(PKI_X509 *x, int status); - -int PKI_X509_get_status(PKI_X509 *x); - -#endif diff --git a/src/libpki/pki_x509_data_st.h b/src/libpki/pki_x509_data_st.h deleted file mode 100644 index 86f0f4b0..00000000 --- a/src/libpki/pki_x509_data_st.h +++ /dev/null @@ -1,121 +0,0 @@ -/* OpenCA libpki package -* (c) 2000-2006 by Massimiliano Pala and OpenCA Group -* All Rights Reserved -* -* =================================================================== -* Released under OpenCA LICENSE -*/ - -#ifndef _LIBPKI_PKI_DATATYPES_H -#include -#endif - -#ifndef _LIBPKI_HEADER_DATA_ST_H -#include -#endif - -#ifndef _LIBPKI_PKI_CRED_H -#include -#endif - -#ifndef _LIBPKI_PKI_X509_DATATYPES_ST_H -#define _LIBPKI_PKI_X509_DATATYPES_ST_H - -#define PKI_IO BIO -#define PKI_IO_new BIO_new -#define PKI_IO_write BIO_write -#define PKI_IO_read BIO_read -#define PKI_IO_free BIO_free_all - -typedef struct pki_x509_callbacks_st { - - /* ---------------- Memory Management -------------------- */ - void * (*create) (void ); - void (*free) (void *x ); - void * (*dup) (void *x ); - - /* ----------------- Data Management ---------------------- */ - char * (* get_parsed ) ( void *x, PKI_X509_DATA type ); - void * (* get_data ) ( void *x, PKI_X509_DATA type ); - int (* print_parsed) ( void *x, PKI_X509_DATA type, int fd); - - /* ----------------- Write Conversion --------------------- */ - int (* to_pem ) ( PKI_IO *out, void *data ); - int (* to_pem_ex) (PKI_IO *out, void *data, void *enc, - unsigned char *key, int key_len, void *pwd_callback, void *u ); - int (* to_der ) ( PKI_IO *out, void *data ); - int (* to_txt ) ( PKI_IO *out, void *data ); - int (* to_b64 ) ( PKI_IO *out, void *data ); - int (* to_xml ) ( PKI_IO *out, void *data ); - - /* ----------------- Read Conversions --------------------- */ - void * (* read_pem ) ( PKI_IO *in, void *, void *, void *); - void * (* read_der ) ( PKI_IO *in, void * ); - void * (* read_txt ) ( PKI_IO *in, void * ); - void * (* read_b64 ) ( PKI_IO *in, void * ); - void * (* read_xml ) ( PKI_IO *in, void * ); - -} PKI_X509_CALLBACKS; - -/* This structure helps us in maintaining all the drivers aligned */ - -typedef struct pki_x509_all_callbacks_st { - const PKI_X509_CALLBACKS * x509_keypair_cb_set; - const PKI_X509_CALLBACKS * x509_cert_cb_set; - const PKI_X509_CALLBACKS * x509_req_cb_set; - const PKI_X509_CALLBACKS * x509_crl_cb_set; - const PKI_X509_CALLBACKS * x509_pkcs7_cb_set; - const PKI_X509_CALLBACKS * x509_cms_cb_set; - const PKI_X509_CALLBACKS * x509_pkcs12_cb_set; - const PKI_X509_CALLBACKS * x509_ocsp_req_cb_set; - const PKI_X509_CALLBACKS * x509_ocsp_resp_cb_set; - const PKI_X509_CALLBACKS * x509_xpair_cb_set; - const PKI_X509_CALLBACKS * x509_cmc_cb_set; - const PKI_X509_CALLBACKS * x509_scep_cb_set; - const PKI_X509_CALLBACKS * x509_prqp_req_cb_set; - const PKI_X509_CALLBACKS * x509_prqp_resp_cb_set; -} PKI_X509_CALLBACKS_FULL; - -/* PKI_X509 general object */ -typedef struct pki_x509_st { - - /* Type of Object - taken from PKI_DATATYPE */ - PKI_DATATYPE type; - - /* Internal Value - usually the supported crypto lib internal format */ - void *value; - - /* Credentials used to import/export/encrypt/decrypt data */ - PKI_CRED *cred; - - /* HSM to use for operations */ - struct hsm_st *hsm; - - /* Reference URL */ - URL *ref; - - /* Callbacks */ - const PKI_X509_CALLBACKS *cb; - - /* Template Reference */ - const ASN1_ITEM * it; - - /* Internal Status */ - int status; - - /* Auxillary Data */ - void * aux_data; - - /* Callback to free auxillary data */ - void (*free_aux_data)(void *); - - /* Callback to duplicate auxillary data */ - void * (*dup_aux_data)(void *); - - /* For KeyPairs, indicates the need for digest when signing */ - int signature_digest_required; - -} PKI_X509; - -/* End of _LIBPKI_PKI_X509_DATA_ST_H */ -#endif diff --git a/src/libpki/cmc.h b/src/libpki/pkix/cmc/cmc.h similarity index 100% rename from src/libpki/cmc.h rename to src/libpki/pkix/cmc/cmc.h diff --git a/src/libpki/cmc/cmc_cert_req.h b/src/libpki/pkix/cmc/cmc_cert_req.h similarity index 100% rename from src/libpki/cmc/cmc_cert_req.h rename to src/libpki/pkix/cmc/cmc_cert_req.h diff --git a/src/libpki/openssl/composite/composite_ctx.h b/src/libpki/pkix/composite/composite_ctx.h similarity index 100% rename from src/libpki/openssl/composite/composite_ctx.h rename to src/libpki/pkix/composite/composite_ctx.h diff --git a/src/libpki/openssl/composite/composite_init.h b/src/libpki/pkix/composite/composite_init.h similarity index 100% rename from src/libpki/openssl/composite/composite_init.h rename to src/libpki/pkix/composite/composite_init.h diff --git a/src/libpki/openssl/composite/composite_key.h b/src/libpki/pkix/composite/composite_key.h similarity index 100% rename from src/libpki/openssl/composite/composite_key.h rename to src/libpki/pkix/composite/composite_key.h diff --git a/src/libpki/openssl/composite/composite_pmeth.h b/src/libpki/pkix/composite/composite_pmeth.h similarity index 100% rename from src/libpki/openssl/composite/composite_pmeth.h rename to src/libpki/pkix/composite/composite_pmeth.h diff --git a/src/libpki/openssl/composite/composite_types.h b/src/libpki/pkix/composite/composite_types.h similarity index 86% rename from src/libpki/openssl/composite/composite_types.h rename to src/libpki/pkix/composite/composite_types.h index d156b3da..067c444b 100644 --- a/src/libpki/openssl/composite/composite_types.h +++ b/src/libpki/pkix/composite/composite_types.h @@ -3,28 +3,31 @@ // Composite Crypto authentication methods. // (c) 2021 by Massimiliano Pala -#ifndef _LIBPKI_COMPOSITE_TYPES_H -#define _LIBPKI_COMPOSITE_TYPES_H - -#include -#include -#include -#include - -#ifndef _LIBPKI_COMPAT_H -#include +#ifndef _LIBPKI_CRYPTO_TYPES_H +#include #endif -#ifndef _LIBPKI_OS_H -#include +#ifndef _LIBPKI_SYSTEM_H +#include #endif -#ifndef _LIBPKI_STACK_H -#include -#endif +#ifndef _LIBPKI_COMPOSITE_TYPES_H +#define _LIBPKI_COMPOSITE_TYPES_H + BEGIN_C_DECLS +#ifdef ENABLE_COMPOSITE +# ifndef CRYPTO_NO_MLDSA_COMPOSITE +# ifndef CRYPTO_NO_MLDSA44_ECDSA +# define CRYPTO_MLDSA44_ECDSA_PKEY COMPOSITE_CRYPTO_KEY +# endif +# ifndef CRYPTO_NO_MLDSA44_ECDSA +# define CRYPTO_MLDSA44_ED25519_PKEY COMPOSITE_CRYPTO_KEY +# endif +# endif +#endif + // ======================== // Composite Crypto Support // ======================== diff --git a/src/libpki/openssl/composite/composite_utils.h b/src/libpki/pkix/composite/composite_utils.h similarity index 100% rename from src/libpki/openssl/composite/composite_utils.h rename to src/libpki/pkix/composite/composite_utils.h diff --git a/src/libpki/est/est.h b/src/libpki/pkix/est/est.h similarity index 100% rename from src/libpki/est/est.h rename to src/libpki/pkix/est/est.h diff --git a/src/libpki/est/pki_x509_est_asn1.h b/src/libpki/pkix/est/pki_x509_est_asn1.h similarity index 100% rename from src/libpki/est/pki_x509_est_asn1.h rename to src/libpki/pkix/est/pki_x509_est_asn1.h diff --git a/src/libpki/est/pki_x509_est_attrs.h b/src/libpki/pkix/est/pki_x509_est_attrs.h similarity index 100% rename from src/libpki/est/pki_x509_est_attrs.h rename to src/libpki/pkix/est/pki_x509_est_attrs.h diff --git a/src/libpki/est/pki_x509_est_data.h b/src/libpki/pkix/est/pki_x509_est_data.h similarity index 100% rename from src/libpki/est/pki_x509_est_data.h rename to src/libpki/pkix/est/pki_x509_est_data.h diff --git a/src/libpki/est/pki_x509_est_msg.h b/src/libpki/pkix/est/pki_x509_est_msg.h similarity index 100% rename from src/libpki/est/pki_x509_est_msg.h rename to src/libpki/pkix/est/pki_x509_est_msg.h diff --git a/src/libpki/pki_ocsp_req.h b/src/libpki/pkix/ocsp/pki_ocsp_req.h similarity index 100% rename from src/libpki/pki_ocsp_req.h rename to src/libpki/pkix/ocsp/pki_ocsp_req.h diff --git a/src/libpki/pki_ocsp_resp.h b/src/libpki/pkix/ocsp/pki_ocsp_resp.h similarity index 100% rename from src/libpki/pki_ocsp_resp.h rename to src/libpki/pkix/ocsp/pki_ocsp_resp.h diff --git a/src/libpki/pki_msg.h b/src/libpki/pkix/pki_msg.h similarity index 100% rename from src/libpki/pki_msg.h rename to src/libpki/pkix/pki_msg.h diff --git a/src/libpki/pki_msg_req.h b/src/libpki/pkix/pki_msg_req.h similarity index 100% rename from src/libpki/pki_msg_req.h rename to src/libpki/pkix/pki_msg_req.h diff --git a/src/libpki/pki_msg_resp.h b/src/libpki/pkix/pki_msg_resp.h similarity index 100% rename from src/libpki/pki_msg_resp.h rename to src/libpki/pkix/pki_msg_resp.h diff --git a/src/libpki/prqp/http_client.h b/src/libpki/pkix/prqp/http_client.h similarity index 100% rename from src/libpki/prqp/http_client.h rename to src/libpki/pkix/prqp/http_client.h diff --git a/src/libpki/prqp/prqp.h b/src/libpki/pkix/prqp/prqp.h similarity index 100% rename from src/libpki/prqp/prqp.h rename to src/libpki/pkix/prqp/prqp.h diff --git a/src/libpki/prqp/prqp_asn1.h b/src/libpki/pkix/prqp/prqp_asn1.h similarity index 100% rename from src/libpki/prqp/prqp_asn1.h rename to src/libpki/pkix/prqp/prqp_asn1.h diff --git a/src/libpki/prqp/prqp_bio.h b/src/libpki/pkix/prqp/prqp_bio.h similarity index 100% rename from src/libpki/prqp/prqp_bio.h rename to src/libpki/pkix/prqp/prqp_bio.h diff --git a/src/libpki/prqp/prqp_lib.h b/src/libpki/pkix/prqp/prqp_lib.h similarity index 100% rename from src/libpki/prqp/prqp_lib.h rename to src/libpki/pkix/prqp/prqp_lib.h diff --git a/src/libpki/prqp/prqp_req_io.h b/src/libpki/pkix/prqp/prqp_req_io.h similarity index 100% rename from src/libpki/prqp/prqp_req_io.h rename to src/libpki/pkix/prqp/prqp_req_io.h diff --git a/src/libpki/prqp/prqp_resp_io.h b/src/libpki/pkix/prqp/prqp_resp_io.h similarity index 100% rename from src/libpki/prqp/prqp_resp_io.h rename to src/libpki/pkix/prqp/prqp_resp_io.h diff --git a/src/libpki/prqp/prqp_srv.h b/src/libpki/pkix/prqp/prqp_srv.h similarity index 100% rename from src/libpki/prqp/prqp_srv.h rename to src/libpki/pkix/prqp/prqp_srv.h diff --git a/src/libpki/prqp/prqp_stack.h b/src/libpki/pkix/prqp/prqp_stack.h similarity index 100% rename from src/libpki/prqp/prqp_stack.h rename to src/libpki/pkix/prqp/prqp_stack.h diff --git a/src/libpki/scep/pki_x509_scep_asn1.h b/src/libpki/pkix/scep/pki_x509_scep_asn1.h similarity index 100% rename from src/libpki/scep/pki_x509_scep_asn1.h rename to src/libpki/pkix/scep/pki_x509_scep_asn1.h diff --git a/src/libpki/scep/pki_x509_scep_attrs.h b/src/libpki/pkix/scep/pki_x509_scep_attrs.h similarity index 100% rename from src/libpki/scep/pki_x509_scep_attrs.h rename to src/libpki/pkix/scep/pki_x509_scep_attrs.h diff --git a/src/libpki/scep/pki_x509_scep_data.h b/src/libpki/pkix/scep/pki_x509_scep_data.h similarity index 100% rename from src/libpki/scep/pki_x509_scep_data.h rename to src/libpki/pkix/scep/pki_x509_scep_data.h diff --git a/src/libpki/scep/pki_x509_scep_msg.h b/src/libpki/pkix/scep/pki_x509_scep_msg.h similarity index 100% rename from src/libpki/scep/pki_x509_scep_msg.h rename to src/libpki/pkix/scep/pki_x509_scep_msg.h diff --git a/src/libpki/scep/scep.h b/src/libpki/pkix/scep/scep.h similarity index 100% rename from src/libpki/scep/scep.h rename to src/libpki/pkix/scep/scep.h diff --git a/src/libpki/pkix/types.h b/src/libpki/pkix/types.h new file mode 100644 index 00000000..3a945fa7 --- /dev/null +++ b/src/libpki/pkix/types.h @@ -0,0 +1,35 @@ +/* OpenCA libpki package +* (c) 2000-2007 by Massimiliano Pala and OpenCA Group +* All Rights Reserved +* +* =================================================================== +* Released under OpenCA LICENSE +*/ + +// Library configuration +#ifndef _LIBPKI_SYSTEM_H +#include +#endif + +#ifdef ENABLE_OQS +# include +#endif + +#ifndef _LIBPKI_PKIX_TYPES_H +#define _LIBPKI_PKIX_TYPES_H + +BEGIN_C_DECLS + +#define PKI_DATA_FORMAT_MIN PKI_DATA_FORMAT_RAW +#define PKI_DATA_FORMAT_MAX PKI_DATA_FORMAT_URL + +typedef enum pki_data_format_flag { + PKI_DATA_FORMAT_FLAG_NONE = 0, + PKI_DATA_FORMAT_FLAG_B64_SKIPNEWLINES = 1, +} PKI_DATA_FORMAT_FLAG; + +#define PKI_DATA_FORMAT_FLAG_SIZE 2 + +END_C_DECLS + +#endif diff --git a/src/libpki/token.h b/src/libpki/token/token.h similarity index 100% rename from src/libpki/token.h rename to src/libpki/token/token.h diff --git a/src/libpki/token_data.h b/src/libpki/token/token_data.h similarity index 100% rename from src/libpki/token_data.h rename to src/libpki/token/token_data.h diff --git a/src/libpki/token_id.h b/src/libpki/token/token_id.h similarity index 100% rename from src/libpki/token_id.h rename to src/libpki/token/token_id.h diff --git a/src/libpki/token_st.h b/src/libpki/token/types.h similarity index 73% rename from src/libpki/token_st.h rename to src/libpki/token/types.h index 47dfca18..9685b4a5 100644 --- a/src/libpki/token_st.h +++ b/src/libpki/token/types.h @@ -1,10 +1,31 @@ -#ifndef _LIBPKI_TOKEN_H -#define _LIBPKI_TOKEN_H +#ifndef _LIBPKI_SYSTEM_H +# include +#endif + +#ifndef _LIBPKI_CRYPTO_TYPES_H +#include +#endif + +#ifndef _LIBPKI_X509_TYPES_H +#include +#endif + +#ifndef _LIBPKI_TOKEN_TYPES_H +#define _LIBPKI_TOKEN_TYPES_H + +typedef enum pki_token_status_flags { + PKI_READY = 0x0, + PKI_INIT_ERR = 0x1, + PKI_LOGIN_ERR = 0x2, + PKI_KEYPAIR_ERR = 0x3, + PKI_EE_CERT_ERR = 0x4, + PKI_CA_CERT_ERR = 0x5, + PKI_OTHER_CERTS_ERR = 0x6, + PKI_TRUSTED_CERTS_ERR = 0x7, +} PKI_STATUS_FLAG; -#include -#include -#include +#define PKI_TOKEN_STATUS_SZ 8 /* Structure for PKI_TOKEN definition */ typedef struct pki_token_st { @@ -19,10 +40,10 @@ typedef struct pki_token_st { int type; /*! Signature Algorithm used by the PKI_TOKEN */ - PKI_X509_ALGOR_VALUE * algor; + void * algor; /*! Digest Algorithm used by the PKI_TOKEN */ - PKI_DIGEST_ALG * digest; + CRYPTO_HASH hash_algorithm; /*! Pointer to the CA certificate */ PKI_X509_CERT * cacert; @@ -34,7 +55,7 @@ typedef struct pki_token_st { PKI_X509_REQ * req; /*! Pointer to the key */ - PKI_X509_KEYPAIR * keypair; + CRYPTO_KEYPAIR * keypair; /*! Pointer to CRED structure to be used when the PKI_KEYPAIR is to be loaded */ diff --git a/src/libpki/utils/asn1.h b/src/libpki/utils/asn1.h new file mode 100644 index 00000000..44b0ae5b --- /dev/null +++ b/src/libpki/utils/asn1.h @@ -0,0 +1,33 @@ + + +#ifndef _LIBPKI_SYSTEM_H +#include +#endif + +#ifndef _LIBPKI_UTILS_TYPES_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_TYPES_H +#include +#endif + +#ifndef _LIBPKI_ASN1_UTILS_H +#define _LIBPKI_ASN1_UTILS_H + +BEGIN_C_DECLS + +int i2d(unsigned char **out, size_t *size, void *in, int type); +int d2i(void *out, unsigned char **in, size_t size, int type); + +int i2d_PKI_X509(unsigned char **out, size_t *size, PKI_X509 *in); +int d2i_PKI_X509(PKI_X509 *out, unsigned char **in, size_t size); + +int i2d_PKI_X509_sk(unsigned char **out, size_t *size, PKI_X509_STACK *in); + +int i2d_PKI_STACK(unsigned char **out, size_t *size, PKI_STACK *sk, int sk_type); +int d2i_PKI_STACK(PKI_STACK **sk, unsigned char *in, size_t size, int sk_type); + +END_C_DECLS + +#endif /* _LIBPKI_ASN1_UTILS_H */ diff --git a/src/libpki/banners.h b/src/libpki/utils/banners.h similarity index 100% rename from src/libpki/banners.h rename to src/libpki/utils/banners.h diff --git a/src/libpki/utils/encoder.h b/src/libpki/utils/encoder.h new file mode 100644 index 00000000..6de9f288 --- /dev/null +++ b/src/libpki/utils/encoder.h @@ -0,0 +1,16 @@ +/* PKI Data Encoder */ + + +#ifndef _LIBPKI_PKI_DATA_ENCODER_H +#define _LIBPKI_PKI_DATA_ENCODER_H + +#include + +/* \brief Data Formats + * + * Encodes the data from one format to another + */ +int PKI_DATA_encode ( const void *data, const size_t size, + const PKI_TYPE data_format, void **out, size_t *out_size, int out_format ); + +#endif /* _LIBPKI_PKI_DATA_ENCODER_H */ diff --git a/src/libpki/net/dns.h b/src/libpki/utils/net/dns.h similarity index 100% rename from src/libpki/net/dns.h rename to src/libpki/utils/net/dns.h diff --git a/src/libpki/net/http_s.h b/src/libpki/utils/net/http_s.h similarity index 100% rename from src/libpki/net/http_s.h rename to src/libpki/utils/net/http_s.h diff --git a/src/libpki/net/ldap.h b/src/libpki/utils/net/ldap.h similarity index 100% rename from src/libpki/net/ldap.h rename to src/libpki/utils/net/ldap.h diff --git a/src/libpki/net/pkcs11.h b/src/libpki/utils/net/pkcs11.h similarity index 100% rename from src/libpki/net/pkcs11.h rename to src/libpki/utils/net/pkcs11.h diff --git a/src/libpki/net/pki_mysql.h b/src/libpki/utils/net/pki_mysql.h similarity index 100% rename from src/libpki/net/pki_mysql.h rename to src/libpki/utils/net/pki_mysql.h diff --git a/src/libpki/net/pki_pg.h b/src/libpki/utils/net/pki_pg.h similarity index 100% rename from src/libpki/net/pki_pg.h rename to src/libpki/utils/net/pki_pg.h diff --git a/src/libpki/net/pki_socket.h b/src/libpki/utils/net/pki_socket.h similarity index 100% rename from src/libpki/net/pki_socket.h rename to src/libpki/utils/net/pki_socket.h diff --git a/src/libpki/net/sock.h b/src/libpki/utils/net/sock.h similarity index 100% rename from src/libpki/net/sock.h rename to src/libpki/utils/net/sock.h diff --git a/src/libpki/net/ssl.h b/src/libpki/utils/net/ssl.h similarity index 100% rename from src/libpki/net/ssl.h rename to src/libpki/utils/net/ssl.h diff --git a/src/libpki/utils/net/types.h b/src/libpki/utils/net/types.h new file mode 100644 index 00000000..0d44f3fc --- /dev/null +++ b/src/libpki/utils/net/types.h @@ -0,0 +1,125 @@ +/* net/types.h */ + + +#ifndef _LIBPKI_OS_H +#include +#endif + +#ifndef _LIBPKI_NET_TYPES_H +#define _LIBPKI_NET_TYPES_H + +BEGIN_C_DECLS + +/* Forward Declarations */ +typedef struct pki_stack_st PKI_STACK; +typedef struct pki_mem_st PKI_MEM; + +typedef enum pki_http_method_enum { + PKI_HTTP_METHOD_UNKNOWN = 0, + PKI_HTTP_METHOD_GET, + PKI_HTTP_METHOD_POST, + PKI_HTTP_METHOD_HTTP +} PKI_HTTP_METHOD; + +#define PKI_HTTP_METHOD_POST_TXT "POST" +#define PKI_HTTP_METHOD_GET_TXT "GET" +#define PKI_HTTP_METHOD_HTTP_TXT "HTTP" + +typedef enum { + URI_PROTO_FILE = 0, + URI_PROTO_LDAP = 1, + URI_PROTO_HTTP = 2, + URI_PROTO_HTTPS = 3, + URI_PROTO_FTP = 4, + URI_PROTO_ID = 5, + URI_PROTO_FD = 6, + URI_PROTO_MYSQL = 10, + URI_PROTO_PG = 20, + URI_PROTO_PKCS11 = 30, + URI_PROTO_SOCK = 40, + URI_PROTO_DNS = 50, +} URI_PROTO; + +#define DEFAULT_LDAP_PORT 389 +#define DEFAULT_HTTP_PORT 80 +#define DEFAULT_HTTPS_PORT 443 +#define DEFAULT_FTP_PORT 21 +#define DEFAULT_MYSQL_PORT 3306 +#define DEFAULT_PG_PORT 3456 +#define DEFAULT_PKCS11_PORT -1 +#define DEFAULT_DNS_PORT -1 + +#define LIBPKI_URL_BUF_SIZE 8192 + +typedef struct url_data_st { + + /* Original URL string */ + char * url_s; + + /* Protocol, currently supported LDAP and FILE */ + URI_PROTO proto; + + /* URL requires SSL/TLS :: 0 = NO, 1 = YES */ + int ssl; + + /* Address or filename */ + char *addr; + + /* Communication Port (where supported by the protocol) */ + int port; + + /* Authentication (where supported by the protocol) */ + char *usr; + char *pwd; + + /* Search facility - for LDAP the DN is in the path, while + the attributes for filtering the responses are here in + the attrs stack. The same for mysql:// or postgres:// + urls */ + char *attrs; + + /* Path - Used by HTTP/LDAP/ID/etc... */ + char *path; + + /* Object Number - Used to identify a specific object + when multiple objects are matched */ + int object_num; +} URL; + +typedef struct http_headers { + + /* Method */ + PKI_HTTP_METHOD method; + + /* HTTP version as float number */ + float version; + + /* Returned Code */ + int code; + + /* Returned Location - in case a 30X is found */ + char *location; + + /* Content Type */ + char *type; + + /* URL for GET methods */ + // URL *url; + + /* Path */ + char *path; + + /* Protocol */ + int proto; + + /* Headers Data */ + PKI_MEM *head; + + /* HTTP body data */ + PKI_MEM *body; + +} PKI_HTTP; + +END_C_DECLS + +#endif diff --git a/src/libpki/net/url.h b/src/libpki/utils/net/url.h similarity index 57% rename from src/libpki/net/url.h rename to src/libpki/utils/net/url.h index 37c59e59..d7ffa2bc 100644 --- a/src/libpki/net/url.h +++ b/src/libpki/utils/net/url.h @@ -13,124 +13,13 @@ * */ -#ifndef _LIBPKI_PKI_MEM_H -# include +#ifndef _LIBPKI_NET_TYPES_H +#include #endif #ifndef _LIBPKI_URL_H #define _LIBPKI_URL_H -typedef enum pki_http_method_enum { - PKI_HTTP_METHOD_UNKNOWN = 0, - PKI_HTTP_METHOD_GET, - PKI_HTTP_METHOD_POST, - PKI_HTTP_METHOD_HTTP -} PKI_HTTP_METHOD; - -#define PKI_HTTP_METHOD_POST_TXT "POST" -#define PKI_HTTP_METHOD_GET_TXT "GET" -#define PKI_HTTP_METHOD_HTTP_TXT "HTTP" - -typedef enum { - URI_PROTO_FILE = 0, - URI_PROTO_LDAP = 1, - URI_PROTO_HTTP = 2, - URI_PROTO_HTTPS = 3, - URI_PROTO_FTP = 4, - URI_PROTO_ID = 5, - URI_PROTO_FD = 6, - URI_PROTO_MYSQL = 10, - URI_PROTO_PG = 20, - URI_PROTO_PKCS11 = 30, - URI_PROTO_SOCK = 40, - URI_PROTO_DNS = 50, -} URI_PROTO; - -#define DEFAULT_LDAP_PORT 389 -#define DEFAULT_HTTP_PORT 80 -#define DEFAULT_HTTPS_PORT 443 -#define DEFAULT_FTP_PORT 21 -#define DEFAULT_MYSQL_PORT 3306 -#define DEFAULT_PG_PORT 3456 -#define DEFAULT_PKCS11_PORT -1 -#define DEFAULT_DNS_PORT -1 - -#include - -typedef struct url_data_st { - - /* Original URL string */ - char * url_s; - - /* Protocol, currently supported LDAP and FILE */ - URI_PROTO proto; - - /* URL requires SSL/TLS :: 0 = NO, 1 = YES */ - int ssl; - - /* Address or filename */ - char *addr; - - /* Communication Port (where supported by the protocol) */ - int port; - - /* Authentication (where supported by the protocol) */ - char *usr; - char *pwd; - - /* Search facility - for LDAP the DN is in the path, while - the attributes for filtering the responses are here in - the attrs stack. The same for mysql:// or postgres:// - urls */ - char *attrs; - - /* Path - Used by HTTP/LDAP/ID/etc... */ - char *path; - - /* Object Number - Used to identify a specific object - when multiple objects are matched */ - int object_num; -} URL; - -typedef struct http_headers { - - /* Method */ - PKI_HTTP_METHOD method; - - /* HTTP version as float number */ - float version; - - /* Returned Code */ - int code; - - /* Returned Location - in case a 30X is found */ - char *location; - - /* Content Type */ - char *type; - - /* URL for GET methods */ - // URL *url; - - /* Path */ - char *path; - - /* Protocol */ - int proto; - - /* Headers Data */ - PKI_MEM *head; - - /* HTTP body data */ - PKI_MEM *body; - -} PKI_HTTP; - -#define LIBPKI_URL_BUF_SIZE 8192 - -#include -#include - /* ----------------------- URL Function prototypes --------------------- */ void URL_free(URL *url); diff --git a/src/libpki/pki_config.h.in b/src/libpki/utils/pki_config.h.in similarity index 94% rename from src/libpki/pki_config.h.in rename to src/libpki/utils/pki_config.h.in index a2db4ad2..ed9bcbd3 100644 --- a/src/libpki/pki_config.h.in +++ b/src/libpki/utils/pki_config.h.in @@ -6,23 +6,22 @@ * Released under OpenCA LICENSE */ +#ifndef _LIBPKI_UTILS_TYPES_H +#include +#endif + +#ifndef _LIBPKI_UTILS_CONF_H +#define _LIBPKI_UTILS_CONF_H + #ifndef _LIBPKI_XMLINCLUDES_H +#define _LIBPKI_XMLINCLUDES_H # include # include # include # include #endif -#ifndef _LIBPKI_STACK_H -# include -#endif - -#ifndef _LIBPKI_PKI_IO_H -# include -#endif - -#ifndef _LIBPKI_CONF_H -#define _LIBPKI_CONF_H +BEGIN_C_DECLS #define PKI_CONFIG xmlDoc #define PKI_CONFIG_ELEMENT xmlNode @@ -114,4 +113,6 @@ PKI_CONFIG_ELEMENT *PKI_CONFIG_ELEMENT_add_child_el ( PKI_CONFIG * doc, PKI_CONFIG_ELEMENT *node, PKI_CONFIG_ELEMENT *el); +END_C_DECLS + #endif diff --git a/src/libpki/pki_cred.h b/src/libpki/utils/pki_cred.h similarity index 100% rename from src/libpki/pki_cred.h rename to src/libpki/utils/pki_cred.h diff --git a/src/libpki/pki_err.h b/src/libpki/utils/pki_err.h similarity index 100% rename from src/libpki/pki_err.h rename to src/libpki/utils/pki_err.h diff --git a/src/libpki/pki_id.h b/src/libpki/utils/pki_id.h similarity index 100% rename from src/libpki/pki_id.h rename to src/libpki/utils/pki_id.h diff --git a/src/libpki/pki_id_info.h b/src/libpki/utils/pki_id_info.h similarity index 100% rename from src/libpki/pki_id_info.h rename to src/libpki/utils/pki_id_info.h diff --git a/src/libpki/pki_init.h b/src/libpki/utils/pki_init.h similarity index 100% rename from src/libpki/pki_init.h rename to src/libpki/utils/pki_init.h diff --git a/src/libpki/pki_log.h b/src/libpki/utils/pki_log.h similarity index 50% rename from src/libpki/pki_log.h rename to src/libpki/utils/pki_log.h index e7d416e6..77cf36a5 100644 --- a/src/libpki/pki_log.h +++ b/src/libpki/utils/pki_log.h @@ -1,76 +1,16 @@ -#ifndef _LIBPKI_LOG_H -#define _LIBPKI_LOG_H - -#ifndef _LIBPKI_COMPAT_H -#include +#ifndef _LIBPKI_UTILS_TYPES_H +#include #endif -BEGIN_C_DECLS - -#ifndef _LIBPKI_TOKEN_HEADERS_H -# include +#ifndef _LIBPKI_TOKEN_TYPES_H +#include #endif -typedef enum { - PKI_LOG_TYPE_STDOUT = 0, - PKI_LOG_TYPE_STDERR, - PKI_LOG_TYPE_SYSLOG, - PKI_LOG_TYPE_FILE, - PKI_LOG_TYPE_FILE_XML, - PKI_LOG_TYPE_DB -} PKI_LOG_TYPE; - -typedef enum { - PKI_LOG_NONE = -1, - PKI_LOG_MSG = 0, - PKI_LOG_ERR = 1, - PKI_LOG_WARNING = 2, - PKI_LOG_NOTICE = 3, - PKI_LOG_INFO = 4, - PKI_LOG_DEBUG = 5, - PKI_LOG_ALWAYS = 99 -} PKI_LOG_LEVEL; - -typedef enum { - PKI_LOG_FLAGS_NONE = 0, - PKI_LOG_FLAGS_ENABLE_DEBUG = 0x01, - PKI_LOG_FLAGS_ENABLE_SIGNATURE = 0x02, -} PKI_LOG_FLAGS; - - -typedef struct PKIlog_st { - /* Keep track if the LOG subsystem has undergone initialization */ - int initialized; - - /* Type of PKI_LOG - PKI_LOG_TYPE */ - PKI_LOG_TYPE type; - - /* Identifier of the resource */ - char *resource; - - /* Log Level - one of PKI_LOG_LEVEL */ - PKI_LOG_LEVEL level; - - /* Flags for log activities - DEBUG, SIGNATURE, etc... */ - PKI_LOG_FLAGS flags; - - /* Enable Signed Log */ - PKI_TOKEN *tk; - - /* Callbacks function - init */ - int (*init)(struct PKIlog_st *); - - /* Callbacks function - add */ - void (*add)(int, const char *, va_list); - - /* Callbacks function - finalize */ - int (*finalize)(struct PKIlog_st *); - - /* Callback function - sign */ - int (*entry_sign)(struct PKIlog_st *, char * ); +#ifndef _LIBPKI_LOG_H +#define _LIBPKI_LOG_H -} PKI_LOG; +BEGIN_C_DECLS // --------------------- Function Prototypes ------------------------- // diff --git a/src/libpki/pki_mem.h b/src/libpki/utils/pki_mem.h similarity index 100% rename from src/libpki/pki_mem.h rename to src/libpki/utils/pki_mem.h diff --git a/src/libpki/pki_threads.h b/src/libpki/utils/pki_threads.h similarity index 100% rename from src/libpki/pki_threads.h rename to src/libpki/utils/pki_threads.h diff --git a/src/libpki/pki_threads_vars.h b/src/libpki/utils/pki_threads_vars.h similarity index 100% rename from src/libpki/pki_threads_vars.h rename to src/libpki/utils/pki_threads_vars.h diff --git a/src/libpki/profile.h b/src/libpki/utils/profile.h similarity index 89% rename from src/libpki/profile.h rename to src/libpki/utils/profile.h index fa9a9d94..1ae1398a 100644 --- a/src/libpki/profile.h +++ b/src/libpki/utils/profile.h @@ -1,19 +1,16 @@ /* PKI PROFILE Management Functions */ +#ifndef _LIBPKI_UTILS_TYPES_H +#include +#endif + #ifndef _LIBPKI_PROFILE_HEADERS_H #define _LIBPKI_PROFILE_HEADERS_H #include #include #include -#include - -typedef enum { - PKI_X509_PROFILE_USER = 0, - PKI_X509_PROFILE_PROXY, - PKI_X509_PROFILE_WEB_SERVER, - PKI_X509_PROFILE_MAIL_SERVER -} PKI_X509_PROFILE_TYPE; +#include #define PKI_PROFILE_DEFAULT_PROXY_NAME "__DEFAULT_PROXY_PROFILE__" #define PKI_PROFILE_DEFAULT_USER_NAME "__DEFAULT_USER_PROFILE__" diff --git a/src/libpki/openssl/pthread_init.h b/src/libpki/utils/pthread_init.h similarity index 100% rename from src/libpki/openssl/pthread_init.h rename to src/libpki/utils/pthread_init.h diff --git a/src/libpki/stack.h b/src/libpki/utils/stack.h similarity index 85% rename from src/libpki/stack.h rename to src/libpki/utils/stack.h index 7ab4cdc4..a59a1196 100644 --- a/src/libpki/stack.h +++ b/src/libpki/utils/stack.h @@ -14,51 +14,19 @@ * */ -#ifndef _LIBPKI_STACK_H -#define _LIBPKI_STACK_H - -#ifndef HEADER_SAFESTACK_H -#include +#ifndef _LIBPKI_CRYPTO_TYPES_H +#include #endif -#ifndef _LIBPKI_PKI_DATATYPES_H -# include +#ifndef _LIBPKI_UTILS_TYPES_H +#include #endif -/*! - * \brief Data structure for PKI_STACK nodes (INTERNAL ONLY) - */ -typedef struct pki_stack_node_st { - struct pki_stack_node_st *next; - struct pki_stack_node_st *prev; - - void *data; -} PKI_STACK_NODE; - -/*! - * \brief Data structure for PKI_STACK - * - * The PKI_STACK is the basic structure for storing a stack of generic - * elements. Fields SHOULD NOT be accessed directly, instead specific - * PKI_STACK_new(), PKI_STACK_free(), etc... functions exist that take - * care about details and initialization of the structure. - */ -typedef struct pki_stack_st { - /*! \brief Number of elements in the PKI_STACK */ - int elements; - - /*! \brief Pointer to the first node of the PKI_STACK */ - PKI_STACK_NODE *head; - /*! \brief Pointer to the last node of the PKI_STACK */ - PKI_STACK_NODE *tail; - - /*! \brief Pointer to the function called to free the data object */ - void (*free)( void *); -} PKI_STACK; - +#ifndef _LIBPKI_STACK_H +#define _LIBPKI_STACK_H PKI_STACK * PKI_STACK_new( void (*)(void *) ); -PKI_STACK * PKI_STACK_new_type ( PKI_DATATYPE type ); +PKI_STACK * PKI_STACK_new_type ( PKI_TYPE type ); PKI_STACK * PKI_STACK_new_null( void ); int PKI_STACK_free ( PKI_STACK * st ); @@ -75,50 +43,6 @@ void * PKI_STACK_get_num ( PKI_STACK *st, int num ); void * PKI_STACK_del_num ( PKI_STACK *st, int num ); int PKI_STACK_ins_num ( PKI_STACK *st, int num, void *obj ); -#define PKI_STACK_ERR PKI_ERR -#define PKI_STACK_OK PKI_OK - -#define PKI_MEM_STACK PKI_STACK -#define PKI_X509_STACK PKI_STACK -#define PKI_X509_KEYPAIR_STACK PKI_STACK -#define PKI_X509_CERT_STACK PKI_STACK -#define PKI_X509_REQ_STACK PKI_STACK -#define PKI_X509_CRL_STACK PKI_STACK -#define PKI_X509_XPAIR_STACK PKI_STACK -#define PKI_X509_PROFILE_STACK PKI_STACK -#define PKI_X509_EXTENSION_STACK PKI_STACK -#define PKI_X509_CRL_ENTRY_STACK PKI_STACK -#define PKI_X509_CRL_STACK PKI_STACK -#define PKI_CONFIG_STACK PKI_STACK -#define PKI_CONFIG_ELEMENT_STACK PKI_STACK -#define PKI_OID_STACK PKI_STACK -#define PKI_ID_INFO_STACK PKI_STACK -#define PKI_TOKEN_STACK PKI_STACK -#define PKI_X509_OCSP_REQ_STACK PKI_STACK -#define PKI_X509_OCSP_RESP_STACK PKI_STACK - -#define PKI_RESOURCE_IDENTIFIER_STACK PKI_STACK -#define PKI_RESOURCE_RESPONSE_TOKEN_STACK PKI_STACK - -/* Void freeing functions, used for freeing the stacks */ -/* -void PKI_MEM_free_void ( void * ); -void PKI_X509_CERT_free_void ( void * ); -void PKI_X509_REQ_free_void ( void * ); -void PKI_X509_XPAIR_free_void ( void * ); -void PKI_X509_PROFILE_free_void ( void * ); -void PKI_X509_EXTENSION_free_void ( void * ); -void PKI_X509_CRL_ENTRY_free_void ( void * ); -void PKI_X509_CRL_free_void ( void * ); -void PKI_CONFIG_free_void ( void * ); -void PKI_OID_free_void ( void * ); -void PKI_ID_INFO_free_void ( void * ); -void PKI_TOKEN_free_void ( void * ); - -void PKI_RESOURCE_IDENTIFIER_free_void( void * ); -void PKI_RESOURCE_RESPONSE_TOKEN_free_void ( void * ); -*/ - /* define for PKI_MEM stacks - implement object type casting */ #define PKI_STACK_MEM_new() (PKI_MEM_STACK *) PKI_STACK_new((void (*)(void *))PKI_MEM_free) #define PKI_STACK_MEM_free( p ) PKI_STACK_free ( (PKI_STACK *) p) diff --git a/src/libpki/support.h b/src/libpki/utils/support.h similarity index 100% rename from src/libpki/support.h rename to src/libpki/utils/support.h diff --git a/src/libpki/utils/types.h b/src/libpki/utils/types.h new file mode 100644 index 00000000..4f1699e8 --- /dev/null +++ b/src/libpki/utils/types.h @@ -0,0 +1,149 @@ +/* net/types.h */ + + +#ifndef _LIBPKI_SYSTEM_H +#include +#endif + +#ifndef _LIBPKI_NET_TYPES_H +#include +#endif + +#ifndef _STDARG_H +#include +#endif + +#ifndef HEADER_SAFESTACK_H +#include +#endif + +#ifndef _LIBPKI_UTILS_TYPES_H +#define _LIBPKI_UTILS_TYPES_H + +BEGIN_C_DECLS + +typedef enum { + PKI_X509_PROFILE_USER = 0, + PKI_X509_PROFILE_PROXY, + PKI_X509_PROFILE_WEB_SERVER, + PKI_X509_PROFILE_MAIL_SERVER +} PKI_X509_PROFILE_TYPE; + +#define PKI_PROFILE_DEFAULT_PROXY_NAME "__DEFAULT_PROXY_PROFILE__" +#define PKI_PROFILE_DEFAULT_USER_NAME "__DEFAULT_USER_PROFILE__" + +/*! + * \brief Data structure for PKI_STACK nodes (INTERNAL ONLY) + */ +typedef struct pki_stack_node_st { + struct pki_stack_node_st *next; + struct pki_stack_node_st *prev; + + void *data; +} PKI_STACK_NODE; + +/*! + * \brief Data structure for PKI_STACK + * + * The PKI_STACK is the basic structure for storing a stack of generic + * elements. Fields SHOULD NOT be accessed directly, instead specific + * PKI_STACK_new(), PKI_STACK_free(), etc... functions exist that take + * care about details and initialization of the structure. + */ +struct pki_stack_st { + /*! \brief Number of elements in the PKI_STACK */ + int elements; + + /*! \brief Pointer to the first node of the PKI_STACK */ + PKI_STACK_NODE *head; + + /*! \brief Pointer to the last node of the PKI_STACK */ + PKI_STACK_NODE *tail; + + /*! \brief Pointer to the function called to free the data object */ + void (*free)( void *); +}; + +/*! \brief Auxillary Types */ +typedef struct pki_stack_st PKI_X509_STACK; +typedef struct pki_stack_st PKI_X509_CERT_STACK; +typedef struct pki_stack_st PKI_X509_REQ_STACK; +typedef struct pki_stack_st PKI_X509_CRL_STACK; +typedef struct pki_stack_st PKI_X509_XPAIR_STACK; +typedef struct pki_stack_st PKI_X509_PROFILE_STACK; +typedef struct pki_stack_st PKI_X509_EXTENSION_STACK; +typedef struct pki_stack_st PKI_X509_CRL_ENTRY_STACK; +typedef struct pki_stack_st PKI_X509_CRL_STACK; +typedef struct pki_stack_st PKI_CONFIG_STACK; +typedef struct pki_stack_st PKI_CONFIG_ELEMENT_STACK; +typedef struct pki_stack_st PKI_OID_STACK; +typedef struct pki_stack_st PKI_ID_INFO_STACK; +typedef struct pki_stack_st PKI_TOKEN_STACK; +typedef struct pki_stack_st PKI_X509_OCSP_REQ_STACK; +typedef struct pki_stack_st PKI_X509_OCSP_RESP_STACK; +typedef struct pki_stack_st PKI_RESOURCE_IDENTIFIER_STACK; +typedef struct pki_stack_st PKI_RESOURCE_RESPONSE_TOKEN_STACK; + +typedef enum { + PKI_LOG_TYPE_STDOUT = 0, + PKI_LOG_TYPE_STDERR, + PKI_LOG_TYPE_SYSLOG, + PKI_LOG_TYPE_FILE, + PKI_LOG_TYPE_FILE_XML, + PKI_LOG_TYPE_DB +} PKI_LOG_TYPE; + +typedef enum { + PKI_LOG_NONE = -1, + PKI_LOG_MSG = 0, + PKI_LOG_ERR = 1, + PKI_LOG_WARNING = 2, + PKI_LOG_NOTICE = 3, + PKI_LOG_INFO = 4, + PKI_LOG_DEBUG = 5, + PKI_LOG_ALWAYS = 99 +} PKI_LOG_LEVEL; + +typedef enum { + PKI_LOG_FLAGS_NONE = 0, + PKI_LOG_FLAGS_ENABLE_DEBUG = 0x01, + PKI_LOG_FLAGS_ENABLE_SIGNATURE = 0x02, +} PKI_LOG_FLAGS; + + +typedef struct PKIlog_st { + /* Keep track if the LOG subsystem has undergone initialization */ + int initialized; + + /* Type of PKI_LOG - PKI_LOG_TYPE */ + PKI_LOG_TYPE type; + + /* Identifier of the resource */ + char *resource; + + /* Log Level - one of PKI_LOG_LEVEL */ + PKI_LOG_LEVEL level; + + /* Flags for log activities - DEBUG, SIGNATURE, etc... */ + PKI_LOG_FLAGS flags; + + /* Enable Signed Log */ + CRYPTO_KEYPAIR *tk; + + /* Callbacks function - init */ + int (*init)(struct PKIlog_st *); + + /* Callbacks function - add */ + void (*add)(int, const char *, va_list); + + /* Callbacks function - finalize */ + int (*finalize)(struct PKIlog_st *); + + /* Callback function - sign */ + int (*entry_sign)(struct PKIlog_st *, char * ); + +} PKI_LOG; + +END_C_DECLS + +#endif diff --git a/src/libpki/extensions.h b/src/libpki/x509/extensions.h similarity index 100% rename from src/libpki/extensions.h rename to src/libpki/x509/extensions.h diff --git a/src/libpki/io/pki_keypair_io.h b/src/libpki/x509/io/pki_keypair_io.h similarity index 100% rename from src/libpki/io/pki_keypair_io.h rename to src/libpki/x509/io/pki_keypair_io.h diff --git a/src/libpki/io/pki_msg_req_io.h b/src/libpki/x509/io/pki_msg_req_io.h similarity index 100% rename from src/libpki/io/pki_msg_req_io.h rename to src/libpki/x509/io/pki_msg_req_io.h diff --git a/src/libpki/io/pki_msg_resp_io.h b/src/libpki/x509/io/pki_msg_resp_io.h similarity index 100% rename from src/libpki/io/pki_msg_resp_io.h rename to src/libpki/x509/io/pki_msg_resp_io.h diff --git a/src/libpki/io/pki_ocsp_req_io.h b/src/libpki/x509/io/pki_ocsp_req_io.h similarity index 100% rename from src/libpki/io/pki_ocsp_req_io.h rename to src/libpki/x509/io/pki_ocsp_req_io.h diff --git a/src/libpki/io/pki_ocsp_resp_io.h b/src/libpki/x509/io/pki_ocsp_resp_io.h similarity index 100% rename from src/libpki/io/pki_ocsp_resp_io.h rename to src/libpki/x509/io/pki_ocsp_resp_io.h diff --git a/src/libpki/io/pki_x509_cert_io.h b/src/libpki/x509/io/pki_x509_cert_io.h similarity index 100% rename from src/libpki/io/pki_x509_cert_io.h rename to src/libpki/x509/io/pki_x509_cert_io.h diff --git a/src/libpki/io/pki_x509_cms_io.h b/src/libpki/x509/io/pki_x509_cms_io.h similarity index 100% rename from src/libpki/io/pki_x509_cms_io.h rename to src/libpki/x509/io/pki_x509_cms_io.h diff --git a/src/libpki/io/pki_x509_crl_io.h b/src/libpki/x509/io/pki_x509_crl_io.h similarity index 100% rename from src/libpki/io/pki_x509_crl_io.h rename to src/libpki/x509/io/pki_x509_crl_io.h diff --git a/src/libpki/io/pki_x509_io.h b/src/libpki/x509/io/pki_x509_io.h similarity index 100% rename from src/libpki/io/pki_x509_io.h rename to src/libpki/x509/io/pki_x509_io.h diff --git a/src/libpki/io/pki_x509_p12_io.h b/src/libpki/x509/io/pki_x509_p12_io.h similarity index 100% rename from src/libpki/io/pki_x509_p12_io.h rename to src/libpki/x509/io/pki_x509_p12_io.h diff --git a/src/libpki/io/pki_x509_pkcs7_io.h b/src/libpki/x509/io/pki_x509_pkcs7_io.h similarity index 100% rename from src/libpki/io/pki_x509_pkcs7_io.h rename to src/libpki/x509/io/pki_x509_pkcs7_io.h diff --git a/src/libpki/io/pki_x509_req_io.h b/src/libpki/x509/io/pki_x509_req_io.h similarity index 100% rename from src/libpki/io/pki_x509_req_io.h rename to src/libpki/x509/io/pki_x509_req_io.h diff --git a/src/libpki/io/pki_x509_xpair_io.h b/src/libpki/x509/io/pki_x509_xpair_io.h similarity index 100% rename from src/libpki/io/pki_x509_xpair_io.h rename to src/libpki/x509/io/pki_x509_xpair_io.h diff --git a/src/libpki/pki_algor.h b/src/libpki/x509/pki_algor.h similarity index 100% rename from src/libpki/pki_algor.h rename to src/libpki/x509/pki_algor.h diff --git a/src/libpki/pki_integer.h b/src/libpki/x509/pki_integer.h similarity index 100% rename from src/libpki/pki_integer.h rename to src/libpki/x509/pki_integer.h diff --git a/src/libpki/pki_oid.h b/src/libpki/x509/pki_oid.h similarity index 100% rename from src/libpki/pki_oid.h rename to src/libpki/x509/pki_oid.h diff --git a/src/libpki/pki_string.h b/src/libpki/x509/pki_string.h similarity index 97% rename from src/libpki/pki_string.h rename to src/libpki/x509/pki_string.h index 6dc5c7b1..fe68f374 100644 --- a/src/libpki/pki_string.h +++ b/src/libpki/x509/pki_string.h @@ -53,7 +53,7 @@ int PKI_STRING_get_type( const PKI_STRING *s ); int PKI_STRING_set_type( PKI_STRING *s, int type); char * PKI_STRING_get_parsed( const PKI_STRING *s ); char * PKI_STRING_get_utf8( const PKI_STRING *s ); -PKI_DIGEST * PKI_STRING_get_digest( const PKI_STRING *s, +CRYPTO_DIGEST * PKI_STRING_get_digest( const PKI_STRING *s, const PKI_DIGEST_ALG *digest); /* Printing to fd or stdout */ diff --git a/src/libpki/pki_time.h b/src/libpki/x509/pki_time.h similarity index 100% rename from src/libpki/pki_time.h rename to src/libpki/x509/pki_time.h diff --git a/src/libpki/x509/pki_x509.h b/src/libpki/x509/pki_x509.h new file mode 100644 index 00000000..03a054b8 --- /dev/null +++ b/src/libpki/x509/pki_x509.h @@ -0,0 +1,322 @@ +/* PKI_X509 object management */ + +#ifndef _LIBPKI_HSM_MAIN_H +#include +#endif + +#ifndef _LIBPKI_CRYPTO_TYPES_H +#include +#endif + +#ifndef _LIBPKI_PKI_X509_H +#define _LIBPKI_PKI_X509_H + + +// =================== +// Function Prototypes +// =================== + +/*! \brief Allocates A New X509 structure + * + * This function allocates a new PKI_X509 structure and returns a pointer to it. + * The type parameter is used to specify the type of the PKI_X509 object to be + * created. The hsm parameter is used to specify the HSM to be used with the + * PKI_X509 object. If the hsm parameter is NULL, the default HSM will be used. + * + * @param type The type of the PKI_X509 object to be created + * @param hsm The HSM to be used with the PKI_X509 object + * @return A pointer to the newly created PKI_X509 object + */ +PKI_X509 *PKI_X509_new(PKI_TYPE type, PKI_X509 *hsm); + +/*! \brief Allocates A New PKI_X509 structure by using the passed value + * + * This function allocates a new PKI_X509 structure and returns a pointer to it. + * The type parameter is used to specify the type of the PKI_X509 object to be + * created. The data parameter is used to specify the value to be used with the + * PKI_X509 object. The hsm parameter is used to specify the HSM to be used with + * the PKI_X509 object. If the hsm parameter is NULL, the default HSM will be used. + * + * @param type The type of the PKI_X509 object to be created + * @param data The value to be used with the PKI_X509 object + * @param hsm The HSM to be used with the PKI_X509 object + * @return A pointer to the newly created PKI_X509 object + */ +PKI_X509 *PKI_X509_new_value(PKI_TYPE type, void *data, HSM *hsm); + +/*! \brief Allocates A New PKI_X509 structure by duplicating the passed value + * + * This function allocates a new PKI_X509 structure and returns a pointer to it. + * The type parameter is used to specify the type of the PKI_X509 object to be + * created. The data parameter is used to specify the value to be used with the + * PKI_X509 object. The hsm parameter is used to specify the HSM to be used with + * the PKI_X509 object. If the hsm parameter is NULL, the default HSM will be used. + * + * @param type The type of the PKI_X509 object to be created + * @param data The value to be used with the PKI_X509 object + * @param hsm The HSM to be used with the PKI_X509 object + * @return A pointer to the newly created PKI_X509 object + * @see PKI_X509_new_value + */ +PKI_X509 *PKI_X509_new_dup_value(PKI_TYPE type, const void *data, HSM *hsm); + +/*! \brief Frees the PKI_X509 object + * + * This function frees the PKI_X509 object and all of its associated memory. + * + * @param x A pointer to the PKI_X509 object to be freed + */ +void PKI_X509_free_void(void *x); + +/*! \brief Frees the PKI_X509 object + * + * This function frees the PKI_X509 object and all of its associated memory. + * + * @param x A pointer to the PKI_X509 object to be freed + */ +void PKI_X509_free(PKI_X509 *x); + +/*! \brief Sets the HSM for the PKI_X509 object + * + * This function sets the HSM for the PKI_X509 object. + * + * @param x A pointer to the PKI_X509 object + * @param hsm A pointer to the HSM object + * @return PKI_OK if successful, PKI_ERR otherwise + */ +int PKI_X509_set_hsm ( PKI_X509 *x, struct hsm_st *hsm ); + +/*! \brief Returns the HSM for the PKI_X509 object + * + * This function returns the HSM for the PKI_X509 object. + * + * @param x A pointer to the PKI_X509 object + * @return A pointer to the HSM object + */ +struct hsm_st *PKI_X509_get_hsm (const PKI_X509 *x ); + +/*! \brief Sets the reference URL for the PKI_X509 object + * + * This function sets the reference URL for the PKI_X509 object. + * + * @param x A pointer to the PKI_X509 object + * @param url A pointer to the URL object + * @return PKI_OK if successful, PKI_ERR otherwise + */ +int PKI_X509_set_reference ( PKI_X509 *x, URL *url ); + +/*! \brief Returns the reference URL for the PKI_X509 object + * + * This function returns the reference URL for the PKI_X509 object. + * + * @param x A pointer to the PKI_X509 object + * @return A pointer to the URL object + */ +URL *PKI_X509_get_reference (const PKI_X509 *x ); + +/*! \brief Duplicates the PKI_X509 object + * + * This function duplicates the PKI_X509 object and returns a pointer to the new object. + * + * @param x A pointer to the PKI_X509 object to be duplicated + * @return A pointer to the duplicated PKI_X509 object + */ +PKI_X509 * PKI_X509_dup (const PKI_X509 *x ); + +/*! \brief Duplicates the value of the PKI_X509 object + * + * This function duplicates the value of the PKI_X509 object and returns a pointer to the new object. + * + * @param x A pointer to the PKI_X509 object + * @return A pointer to the duplicated value + */ +void * PKI_X509_dup_value (const PKI_X509 *x ); + +/*! \brief Sets the value of the PKI_X509 object + * + * This function sets the value of the PKI_X509 object. + * + * @param x A pointer to the PKI_X509 object + * @param data A pointer to the value to be set + * @return PKI_OK if successful, PKI_ERR otherwise + */ +void * PKI_X509_get_value (const PKI_X509 *x ); + +/*! \brief Sets the value of the PKI_X509 object + * + * This function sets the value of the PKI_X509 object. + * + * @param x A pointer to the PKI_X509 object + * @param data A pointer to the value to be set + * @return PKI_OK if successful, PKI_ERR otherwise + */ +int PKI_X509_set_value ( PKI_X509 *x, void *data ); + +/*! \brief Returns the type of the PKI_X509 object + * + * This function returns the type of the PKI_X509 object. + * + * @param x A pointer to the PKI_X509 object + * @return The type of the PKI_X509 object + */ +PKI_TYPE PKI_X509_get_type (const PKI_X509 *x ); + +/*! \brief Returns the type of the PKI_X509 object as a string + * + * This function returns the type of the PKI_X509 object as a string. + * + * @param x A pointer to the PKI_X509 object + * @return The type of the PKI_X509 object as a string + */ +const char * PKI_X509_get_type_parsed (const PKI_X509 *x ); + +/*! \brief Returns the pointer to the requested data in the PKI_X509 object + * + * This function returns the pointer to the requested data in the PKI_X509 object. + * + * @param x A pointer to the PKI_X509 object + * @return The type of the PKI_X509 data to be returned + * @return The pointer to the requested data in the PKI_X509 object + * @see PKI_X509_DATA + */ +void * PKI_X509_get0 (const PKI_X509 *x, PKI_X509_DATA type ); + +/*! \brief Returns a copy of the specified data in the PKI_X509 object + * + * This function returns a copy of the specified data in the PKI_X509 object. + * The caller will be responsible for freeing the returned data. + * + * @param x A pointer to the PKI_X509 object + * @return A copy of the specified data in the PKI_X509 object + * @see PKI_X509_DATA + */ +void * PKI_X509_get (const PKI_X509 *x, PKI_X509_DATA type ); + +/*! \brief Returns the parsed data from a PKI_X509 object + * + * This function returns the parsed data from a PKI_X509 object. + * The caller will be responsible for freeing the returned data. + * + * @param x A pointer to the PKI_X509 object + * @param type The type of the PKI_X509 data to be returned + * @return The parsed data from the PKI_X509 object + * @see PKI_X509_DATA + */ +void * PKI_X509_get_parsed (const PKI_X509 *x, PKI_X509_DATA type ); + +/*! \brief Prints the parsed data from a PKI_X509 object + * + * This function prints the parsed data from a PKI_X509 object. + * + * @param x A pointer to the PKI_X509 object + * @param type The type of the PKI_X509 data to be printed + * @param fd The file descriptor to which the data will be printed + * @return PKI_OK if successful, PKI_ERR otherwise + * @see PKI_X509_DATA + */ +int PKI_X509_print_parsed (const PKI_X509 *x, PKI_X509_DATA type, int fd ); + +/*! \brief Deletes the PKI_X509 object pointed by the reference field + * + * This function deletes the PKI_X509 object by calling the corresponding + * calback function in the associated HSM. If the HSM is not set, the default + * callback function will be used. + * + * @param x A pointer to the PKI_X509 object to be deleted + * @return PKI_OK if successful, PKI_ERR otherwise + */ +int PKI_X509_delete(PKI_X509 *x); + +/*! \brief Take ownership of the passed data and set it into the PKI_X509 object + * + * This function takes ownership of the passed data and sets it into the PKI_X509 object. + * + * @param x A pointer to the PKI_X509 object + * @param type The type of the PKI_X509 data to be set + * @param data A pointer to the data to be set + * @param hsm A pointer to the HSM object + * @return PKI_OK if successful, PKI_ERR otherwise + * @see PKI_X509_DATA + */ +int PKI_X509_attach(PKI_X509 * x, PKI_TYPE type, void * data, HSM * hsm); + +/*! \brief Detach the data from the PKI_X509 object and return it + * + * This function detaches the data from the PKI_X509 object and returns it. + * The caller will be responsible for freeing the returned data. + * + * @param x A pointer to the PKI_X509 object + * @param data A pointer to the data to be returned + * @param type The type of the PKI_X509 data to be returned + * @param hsm A pointer to the HSM object + * @return PKI_OK if successful, PKI_ERR otherwise + * @see PKI_X509_DATA + */ +int PKI_X509_detach(PKI_X509 * x, void ** data, PKI_TYPE * type, HSM **hsm); + +/*! \brief Set the AUX data into the PKI_X509 object + * + * This function sets auxillary data into the PKI_X509 object + * that is preserved across the PKI_X509 object's lifecycle. + * + * @param x A pointer to the PKI_X509 object + * @param data A pointer to the data to be set + * @param data_free_func A pointer to the function that will free the data + * @param data_dup_func A pointer to the function that will duplicate the data + * @return PKI_OK if successful, PKI_ERR otherwise + */ +int PKI_X509_aux_data_set (PKI_X509 * x, + void * data, + void (*data_free_func)(void *), + void * (*data_dup_func )(void *)); + +/*! \brief Get the AUX data from the PKI_X509 object + * + * This function gets auxillary data from the PKI_X509 object + * that is preserved across the PKI_X509 object's lifecycle. + * + * @param x A pointer to the PKI_X509 object + * @return A pointer to the auxillary data + */ +void * PKI_X509_aux_data_get(PKI_X509 * x); + +/*! \brief Duplicate the AUX data from the PKI_X509 object + * + * This function duplicates the auxillary data from the PKI_X509 object + * that is preserved across the PKI_X509 object's lifecycle. + * + * @param x A pointer to the PKI_X509 object + * @return A pointer to the duplicated auxillary data + */ +void * PKI_X509_aux_data_dup(PKI_X509 * x); + +/*! \brief Delete the AUX data from the PKI_X509 object + * + * This function deletes the auxillary data from the PKI_X509 object + * that is preserved across the PKI_X509 object's lifecycle. + * + * @param x A pointer to the PKI_X509 object + * @return PKI_OK if successful, PKI_ERR otherwise + */ +int PKI_X509_aux_data_del(PKI_X509 * x); + +// /*! \brief Set the status of the PKI_X509 object +// * +// * This function sets the status of the PKI_X509 object. +// * +// * @param x A pointer to the PKI_X509 object +// * @param status The status to be set +// * @return PKI_OK if successful, PKI_ERR otherwise +// */ +// int PKI_X509_set_status(PKI_X509 *x, int status); + +// /*! \brief Get the status of the PKI_X509 object +// * +// * This function gets the status of the PKI_X509 object. +// * +// * @param x A pointer to the PKI_X509 object +// * @return The status of the PKI_X509 object +// */ +// int PKI_X509_get_status(PKI_X509 *x); + +#endif diff --git a/src/libpki/pki_x509_attribute.h b/src/libpki/x509/pki_x509_attribute.h similarity index 100% rename from src/libpki/pki_x509_attribute.h rename to src/libpki/x509/pki_x509_attribute.h diff --git a/src/libpki/pki_x509_cert.h b/src/libpki/x509/pki_x509_cert.h similarity index 91% rename from src/libpki/pki_x509_cert.h rename to src/libpki/x509/pki_x509_cert.h index 9b8c1c3e..cba39cf6 100644 --- a/src/libpki/pki_x509_cert.h +++ b/src/libpki/x509/pki_x509_cert.h @@ -58,15 +58,15 @@ int PKI_X509_CERT_add_extension_stack (PKI_X509_CERT *x, const PKI_X509_EXTENSION_STACK *ext); /* Fingerprint functions */ -PKI_DIGEST *PKI_X509_CERT_fingerprint(const PKI_X509_CERT *x, +CRYPTO_DIGEST *PKI_X509_CERT_fingerprint(const PKI_X509_CERT *x, const PKI_DIGEST_ALG *alg ); -PKI_DIGEST *PKI_X509_CERT_fingerprint_by_name(const PKI_X509_CERT *x, +CRYPTO_DIGEST *PKI_X509_CERT_fingerprint_by_name(const PKI_X509_CERT *x, const char *alg ); /* Key Hash functions */ -PKI_DIGEST *PKI_X509_CERT_key_hash(const PKI_X509_CERT *x, +CRYPTO_DIGEST *PKI_X509_CERT_key_hash(const PKI_X509_CERT *x, const PKI_DIGEST_ALG *alg ); -PKI_DIGEST *PKI_X509_CERT_key_hash_by_name(const PKI_X509_CERT *x, +CRYPTO_DIGEST *PKI_X509_CERT_key_hash_by_name(const PKI_X509_CERT *x, const char *alg ); /* Get Certificate type - look for PKI_X509_CERT_TYPE */ diff --git a/src/libpki/pki_x509_cert_mem.h b/src/libpki/x509/pki_x509_cert_mem.h similarity index 100% rename from src/libpki/pki_x509_cert_mem.h rename to src/libpki/x509/pki_x509_cert_mem.h diff --git a/src/libpki/pki_x509_cms.h b/src/libpki/x509/pki_x509_cms.h similarity index 100% rename from src/libpki/pki_x509_cms.h rename to src/libpki/x509/pki_x509_cms.h diff --git a/src/libpki/pki_x509_crl.h b/src/libpki/x509/pki_x509_crl.h similarity index 100% rename from src/libpki/pki_x509_crl.h rename to src/libpki/x509/pki_x509_crl.h diff --git a/src/libpki/x509/pki_x509_data_st.h b/src/libpki/x509/pki_x509_data_st.h new file mode 100644 index 00000000..7d8a0bfd --- /dev/null +++ b/src/libpki/x509/pki_x509_data_st.h @@ -0,0 +1,81 @@ +/* OpenCA libpki package +* (c) 2000-2006 by Massimiliano Pala and OpenCA Group +* All Rights Reserved +* +* =================================================================== +* Released under OpenCA LICENSE +*/ + +#ifndef _LIBPKI_PKI_DATATYPES_H +#include +#endif + +#ifndef _LIBPKI_PKI_CRED_H +#include +#endif + +#ifndef _LIBPKI_PKI_X509_DATATYPES_ST_H +#define _LIBPKI_PKI_X509_DATATYPES_ST_H + +typedef struct pki_x509_callbacks_st { + + // /* ---------------- Memory Management -------------------- */ + + // void * (*new) (void ); + // void (*del) (void *x ); + + /* ------------ DER Encoding and Decoding ---------------------- */ + + void * (*encode)(PKI_X509 *x, unsigned char **out, size_t *size + unsigned char *secret, size_t secret_len); + void * (*decode)(PKI_X509 *x, unsigned char *in, size_t size); + + /* Set and Retrieve Data */ + +} PKI_ASN1_CALLBACKS; + +/* This structure helps us in maintaining all the drivers aligned */ + +typedef struct pki_x509_callback + +typedef struct pki_x509_all_callbacks_st { + const struct pki_x509_callbacks_st * test_only; +} PKI_X509_CALLBACKS_ALL; + +/* PKI_X509 general object */ +typedef struct pki_x509_st { + + /* Type of Object - taken from PKI_DATATYPE */ + PKI_DATATYPE type; + + /* Internal Value - usually the supported crypto lib internal format */ + void *value; + + /* HSM to use for operations */ + struct hsm_st *hsm; + + /* Reference URL */ + URL *ref; + + /* Callbacks */ + const PKI_X509_ENCODING_CB *cb; + + /* Template Reference */ + const ASN1_ITEM * asn1_it; + + /* Internal Status */ + int status; + + /* Auxillary Data */ + void * aux_data; + + /* Callback to free auxillary data */ + void (*free_aux_data)(void *); + + /* Callback to duplicate auxillary data */ + void * (*dup_aux_data)(void *); + +} PKI_X509; + +/* End of _LIBPKI_PKI_X509_DATA_ST_H */ +#endif diff --git a/src/libpki/pki_x509_extension.h b/src/libpki/x509/pki_x509_extension.h similarity index 100% rename from src/libpki/pki_x509_extension.h rename to src/libpki/x509/pki_x509_extension.h diff --git a/src/libpki/pki_x509_item.h b/src/libpki/x509/pki_x509_item.h similarity index 100% rename from src/libpki/pki_x509_item.h rename to src/libpki/x509/pki_x509_item.h diff --git a/src/libpki/pki_x509_mem.h b/src/libpki/x509/pki_x509_mem.h similarity index 100% rename from src/libpki/pki_x509_mem.h rename to src/libpki/x509/pki_x509_mem.h diff --git a/src/libpki/pki_x509_mime.h b/src/libpki/x509/pki_x509_mime.h similarity index 100% rename from src/libpki/pki_x509_mime.h rename to src/libpki/x509/pki_x509_mime.h diff --git a/src/libpki/pki_x509_name.h b/src/libpki/x509/pki_x509_name.h similarity index 100% rename from src/libpki/pki_x509_name.h rename to src/libpki/x509/pki_x509_name.h diff --git a/src/libpki/pki_x509_p12.h b/src/libpki/x509/pki_x509_p12.h similarity index 100% rename from src/libpki/pki_x509_p12.h rename to src/libpki/x509/pki_x509_p12.h diff --git a/src/libpki/pki_x509_pkcs7.h b/src/libpki/x509/pki_x509_pkcs7.h similarity index 100% rename from src/libpki/pki_x509_pkcs7.h rename to src/libpki/x509/pki_x509_pkcs7.h diff --git a/src/libpki/pki_x509_profile.h b/src/libpki/x509/pki_x509_profile.h similarity index 100% rename from src/libpki/pki_x509_profile.h rename to src/libpki/x509/pki_x509_profile.h diff --git a/src/libpki/pki_x509_req.h b/src/libpki/x509/pki_x509_req.h similarity index 100% rename from src/libpki/pki_x509_req.h rename to src/libpki/x509/pki_x509_req.h diff --git a/src/libpki/pki_x509_signature.h b/src/libpki/x509/pki_x509_signature.h similarity index 100% rename from src/libpki/pki_x509_signature.h rename to src/libpki/x509/pki_x509_signature.h diff --git a/src/libpki/pki_x509_xpair.h b/src/libpki/x509/pki_x509_xpair.h similarity index 100% rename from src/libpki/pki_x509_xpair.h rename to src/libpki/x509/pki_x509_xpair.h diff --git a/src/libpki/pki_x509_xpair_asn1.h b/src/libpki/x509/pki_x509_xpair_asn1.h similarity index 100% rename from src/libpki/pki_x509_xpair_asn1.h rename to src/libpki/x509/pki_x509_xpair_asn1.h diff --git a/src/libpki/x509/types.h b/src/libpki/x509/types.h new file mode 100644 index 00000000..ae4afb82 --- /dev/null +++ b/src/libpki/x509/types.h @@ -0,0 +1,95 @@ +/* OpenCA libpki package +* (c) 2000-2007 by Massimiliano Pala and OpenCA Group +* All Rights Reserved +* +* =================================================================== +* Released under OpenCA LICENSE +*/ + +// Library configuration +#ifndef _LIBPKI_SYSTEM_H +#include +#endif + +#ifndef _LIBPKI_PKI_DATATYPES_H +#define _LIBPKI_PKI_DATATYPES_H + +BEGIN_C_DECLS + +/* Supported Datatype for retrieving data from an X509 data object */ +typedef enum { + PKI_X509_DATA_SERIAL = 0, + PKI_X509_DATA_VERSION, + PKI_X509_DATA_SUBJECT, + PKI_X509_DATA_ISSUER, + PKI_X509_DATA_NOTBEFORE, + PKI_X509_DATA_NOTAFTER, + PKI_X509_DATA_THISUPDATE, + PKI_X509_DATA_LASTUPDATE, + PKI_X509_DATA_NEXTUPDATE, + PKI_X509_DATA_PRODUCEDAT, + PKI_X509_DATA_ALGORITHM, + PKI_X509_DATA_KEYSIZE, + PKI_X509_DATA_KEYPAIR_VALUE, + PKI_X509_DATA_X509_PUBKEY, + PKI_X509_DATA_PUBKEY_BITSTRING, + PKI_X509_DATA_PRIVKEY, + PKI_X509_DATA_SIGNATURE, + PKI_X509_DATA_SIGNATURE_ALG1, + PKI_X509_DATA_SIGNATURE_ALG2, + PKI_X509_DATA_TBS_MEM_ASN1, + PKI_X509_DATA_SIGNER_CERT, + PKI_X509_DATA_SIGNATURE_CERTS, + PKI_X509_DATA_PRQP_SERVICES, + PKI_X509_DATA_PRQP_STATUS_STRING, + PKI_X509_DATA_PRQP_STATUS_VALUE, + PKI_X509_DATA_PRQP_REFERRALS, + PKI_X509_DATA_PRQP_CAID, + PKI_X509_DATA_NONCE, + PKI_X509_DATA_CERT_TYPE, + PKI_X509_DATA_EXTENSIONS +} PKI_X509_DATA; + +#define PKI_X509_DATA_SIZE 30 + +typedef enum { + PKI_X509_CERT_TYPE_UNKNOWN = 0, + PKI_X509_CERT_TYPE_CA = (1<<0), + PKI_X509_CERT_TYPE_USER = (1<<1), + PKI_X509_CERT_TYPE_SERVER = (1<<2), + PKI_X509_CERT_TYPE_PROXY = (1<<3), + PKI_X509_CERT_TYPE_ROOT = (1<<4) +} PKI_X509_CERT_TYPE; + +#define PKI_X509_CERT_TYPE_SIZE 6 + +/* PKI_X509 general object */ +typedef struct pki_x509_st { + + /* Type of Object - taken from PKI_DATATYPE */ + int type; + + /* Internal Value - usually the supported crypto lib internal format */ + void *value; + + /* HSM to use for operations */ + struct hsm_st *hsm; + + /* Reference URL */ + char * ref; + + /* Auxillary Data */ + void * aux_data; + + /* Callback to free auxillary data */ + void (*free_aux_data)(void *); + + /* Callback to duplicate auxillary data */ + void * (*dup_aux_data)(void *); + +} PKI_X509; + + +END_C_DECLS + +#endif diff --git a/src/openssl/Makefile.in b/src/openssl/Makefile.in deleted file mode 100644 index 016a5104..00000000 --- a/src/openssl/Makefile.in +++ /dev/null @@ -1,1243 +0,0 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2021 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -VPATH = @srcdir@ -am__is_gnu_make = { \ - if test -z '$(MAKELEVEL)'; then \ - false; \ - elif test -n '$(MAKE_HOST)'; then \ - true; \ - elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ - true; \ - else \ - false; \ - fi; \ -} -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -target_triplet = @target@ -subdir = src/openssl -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/acinclude.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) -mkinstalldirs = $(SHELL) $(top_srcdir)/build/mkinstalldirs -CONFIG_HEADER = $(top_builddir)/src/libpki/config.h \ - $(top_builddir)/src/libpki/libpki_enables.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -LTLIBRARIES = $(noinst_LTLIBRARIES) -am__DEPENDENCIES_1 = -libpki_openssl_la_DEPENDENCIES = $(am__DEPENDENCIES_1) -am__objects_1 = -am__objects_2 = $(am__objects_1) libpki_openssl_la-pthread_init.lo \ - libpki_openssl_la-pki_id.lo libpki_openssl_la-pki_oid.lo \ - libpki_openssl_la-pki_rand.lo \ - libpki_openssl_la-pki_oid_defs.lo \ - libpki_openssl_la-pki_algor.lo libpki_openssl_la-pki_digest.lo \ - libpki_openssl_la-pki_hmac.lo libpki_openssl_la-pki_string.lo \ - libpki_openssl_la-pki_time.lo libpki_openssl_la-pki_integer.lo \ - libpki_openssl_la-pki_keypair.lo \ - libpki_openssl_la-pki_keyparams.lo \ - libpki_openssl_la-pki_x509_item.lo \ - libpki_openssl_la-pki_x509_name.lo \ - libpki_openssl_la-pki_x509_cert.lo \ - libpki_openssl_la-pki_x509_crl.lo \ - libpki_openssl_la-pki_x509_req.lo \ - libpki_openssl_la-pki_x509_pkcs7.lo \ - libpki_openssl_la-pki_x509_cms.lo \ - libpki_openssl_la-pki_x509_p12.lo \ - libpki_openssl_la-pki_x509_extension.lo \ - libpki_openssl_la-pki_x509_signature.lo \ - libpki_openssl_la-pki_x509_xpair.lo \ - libpki_openssl_la-pki_x509_xpair_asn1.lo \ - libpki_openssl_la-pki_ocsp_req.lo \ - libpki_openssl_la-pki_ocsp_resp.lo \ - libpki_openssl_la-pki_x509_attribute.lo -am_libpki_openssl_la_OBJECTS = $(am__objects_2) -libpki_openssl_la_OBJECTS = $(am_libpki_openssl_la_OBJECTS) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -libpki_openssl_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ - $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ - $(libpki_openssl_la_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \ - -o $@ -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/libpki -depcomp = $(SHELL) $(top_srcdir)/build/depcomp -am__maybe_remake_depfiles = depfiles -am__depfiles_remade = ./$(DEPDIR)/libpki_openssl_la-pki_algor.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_digest.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_hmac.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_id.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_integer.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_keypair.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_keyparams.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_ocsp_req.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_ocsp_resp.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_oid.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_oid_defs.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_rand.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_string.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_time.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_x509_attribute.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_x509_cert.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_x509_cms.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_x509_crl.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_x509_extension.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_x509_item.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_x509_name.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_x509_p12.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_x509_pkcs7.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_x509_req.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_x509_signature.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_x509_xpair.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pki_x509_xpair_asn1.Plo \ - ./$(DEPDIR)/libpki_openssl_la-pthread_init.Plo -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = -CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = -SOURCES = $(libpki_openssl_la_SOURCES) -DIST_SOURCES = $(libpki_openssl_la_SOURCES) -RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ - ctags-recursive dvi-recursive html-recursive info-recursive \ - install-data-recursive install-dvi-recursive \ - install-exec-recursive install-html-recursive \ - install-info-recursive install-pdf-recursive \ - install-ps-recursive install-recursive installcheck-recursive \ - installdirs-recursive pdf-recursive ps-recursive \ - tags-recursive uninstall-recursive -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ - distclean-recursive maintainer-clean-recursive -am__recursive_targets = \ - $(RECURSIVE_TARGETS) \ - $(RECURSIVE_CLEAN_TARGETS) \ - $(am__extra_recursive_targets) -AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ - distdir distdir-am -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -DIST_SUBDIRS = $(SUBDIRS) -am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/build/depcomp \ - $(top_srcdir)/build/mkinstalldirs -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -am__relativize = \ - dir0=`pwd`; \ - sed_first='s,^\([^/]*\)/.*$$,\1,'; \ - sed_rest='s,^[^/]*/*,,'; \ - sed_last='s,^.*/\([^/]*\)$$,\1,'; \ - sed_butlast='s,/*[^/]*$$,,'; \ - while test -n "$$dir1"; do \ - first=`echo "$$dir1" | sed -e "$$sed_first"`; \ - if test "$$first" != "."; then \ - if test "$$first" = ".."; then \ - dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ - dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ - else \ - first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ - if test "$$first2" = "$$first"; then \ - dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ - else \ - dir2="../$$dir2"; \ - fi; \ - dir0="$$dir0"/"$$first"; \ - fi; \ - fi; \ - dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ - done; \ - reldir="$$dir2" -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -BUILD_DATE = @BUILD_DATE@ -BUILD_DATE_FULL = @BUILD_DATE_FULL@ -BUILD_DATE_PRETTY = @BUILD_DATE_PRETTY@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CHMOD = @CHMOD@ -CHOWN = @CHOWN@ -CP = @CP@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CPU = @CPU@ -CSCOPE = @CSCOPE@ -CTAGS = @CTAGS@ -CXX = @CXX@ -CYGPATH_W = @CYGPATH_W@ -DATE = @DATE@ -DEFS = $(OPENCA_DEFS) -DEPDIR = @DEPDIR@ -DESTDIR = @DESTDIR@ -DIST_NAME = @DIST_NAME@ -DIST_VERSION = @DIST_VERSION@ -DLLTOOL = @DLLTOOL@ -DOXYGEN = @DOXYGEN@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO = @ECHO@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -ETAGS = @ETAGS@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GREP = @GREP@ -GZIP = @GZIP@ -HAS_PKGCONF = @HAS_PKGCONF@ -INSTALL = @INSTALL@ -INSTALL_BUILDER = @INSTALL_BUILDER@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIBTOOL_DEPS = @LIBTOOL_DEPS@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ -MAINT = @MAINT@ -MAKE = @MAKE@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MKDIR = @MKDIR@ -MKDIR_P = @MKDIR_P@ -MYSQL_CONFIG = @MYSQL_CONFIG@ -MYSQL_CPPFLAGS = @MYSQL_CPPFLAGS@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ -OPENSSL_LIBS = @OPENSSL_LIBS@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PDFLATEX = @PDFLATEX@ -PERL = @PERL@ -PG_CONFIG = @PG_CONFIG@ -PG_CPPFLAGS = @PG_CPPFLAGS@ -PKGMK = @PKGMK@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -POD2MAN = @POD2MAN@ -PWD = @PWD@ -RANLIB = @RANLIB@ -RC = @RC@ -RPM = @RPM@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -TAR = @TAR@ -TODAY = @TODAY@ -VERSION = @VERSION@ -ZIP = @ZIP@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_aux_dir = @ac_aux_dir@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -arch_target = @arch_target@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -composite_cflags = @composite_cflags@ -composite_ldadd = @composite_ldadd@ -composite_ldflags = @composite_ldflags@ -conf_dir = @conf_dir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -day = @day@ -dist_group = @dist_group@ -dist_user = @dist_user@ -docdir = @docdir@ -dvidir = @dvidir@ -enable_debug = @enable_debug@ -etc_dir = @etc_dir@ -exec_prefix = @exec_prefix@ -extra_checks = @extra_checks@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -hr = @hr@ -htmldir = @htmldir@ -iface_age = @iface_age@ -iface_current = @iface_current@ -iface_revision = @iface_revision@ -iface_version = @iface_version@ -include_dir = @include_dir@ -include_prefix = @include_prefix@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -kmf_cflags = @kmf_cflags@ -kmf_ldadd = @kmf_ldadd@ -kmf_libflags = @kmf_libflags@ -kmf_prefix = @kmf_prefix@ -ldap_cflags = @ldap_cflags@ -ldap_ldadd = @ldap_ldadd@ -ldap_ldflags = @ldap_ldflags@ -ldap_prefix = @ldap_prefix@ -ldap_vendor = @ldap_vendor@ -lib_major = @lib_major@ -lib_micro = @lib_micro@ -lib_minor = @lib_minor@ -lib_prefix = @lib_prefix@ -lib_revision = @lib_revision@ -libdir = @libdir@ -libexecdir = @libexecdir@ -libpki_cflags = @libpki_cflags@ -libpki_ldadd = @libpki_ldadd@ -libpki_ldflags = @libpki_ldflags@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -min = @min@ -mkdir_p = @mkdir_p@ -mon = @mon@ -my_cflags = @my_cflags@ -my_ldadd = @my_ldadd@ -my_ldflags = @my_ldflags@ -myarch = @myarch@ -mybits = @mybits@ -mybits_install = @mybits_install@ -mysql_cflags = @mysql_cflags@ -mysql_config = @mysql_config@ -mysql_ldadd = @mysql_ldadd@ -mysql_ldflags = @mysql_ldflags@ -mysql_prefix = @mysql_prefix@ -oldincludedir = @oldincludedir@ -openssl_cflags = @openssl_cflags@ -openssl_include = @openssl_include@ -openssl_ldadd = @openssl_ldadd@ -openssl_ldflags = @openssl_ldflags@ -openssl_prefix = @openssl_prefix@ -openssl_static_libs = @openssl_static_libs@ -oqs_cflags = @oqs_cflags@ -oqs_ldadd = @oqs_ldadd@ -oqs_ldflags = @oqs_ldflags@ -oqsprov_cflags = @oqsprov_cflags@ -oqsprov_ldadd = @oqsprov_ldadd@ -oqsprov_ldflags = @oqsprov_ldflags@ -package_build = @package_build@ -package_prefix = @package_prefix@ -pdfdir = @pdfdir@ -pg_cflags = @pg_cflags@ -pg_config = @pg_config@ -pg_ldadd = @pg_ldadd@ -pg_ldflags = @pg_ldflags@ -pg_prefix = @pg_prefix@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -pthread_opts = @pthread_opts@ -resolv_ldadd = @resolv_ldadd@ -rpath = @rpath@ -runstatedir = @runstatedir@ -sbindir = @sbindir@ -sdkver = @sdkver@ -sec = @sec@ -sharedstatedir = @sharedstatedir@ -shlext = @shlext@ -shlib_history = @shlib_history@ -shlib_version = @shlib_version@ -srcdir = @srcdir@ -sys_cflags = @sys_cflags@ -sys_ldadd = @sys_ldadd@ -sysconfdir = @sysconfdir@ -target = @target@ -target_alias = @target_alias@ -target_cpu = @target_cpu@ -target_os = @target_os@ -target_vendor = @target_vendor@ -test_libs = @test_libs@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -txt_revision = @txt_revision@ -xml2_cflags = @xml2_cflags@ -xml2_config = @xml2_config@ -xml2_include = @xml2_include@ -xml2_ldadd = @xml2_ldadd@ -xml2_ldflags = @xml2_ldflags@ -xml2_prefix = @xml2_prefix@ -yr = @yr@ -TOP = .. -BASE_DEFS = -AM_CPPFLAGS = -I$(TOP) \ - $(openssl_cflags) \ - $(libxml2_cflags) \ - $(COND_INCLUDES) - -OBJECTS = $(COMPOSITE_OBJ) $(PQC_OBJ) -SUBDIRS = $(COMPOSITE_SUBDIR) $(PQC_SUBDIR) -NOINST_SRCS = \ - internal/ossl_1_0_x/*.h \ - internal/ossl_1_1_0/*.h \ - internal/ossl_1_1_1/*.h \ - internal/x509_data_st.h \ - internal/ossl_lcl.h - -OPENSSL_SRCS = \ - ${NOINST_SRCS} \ - pthread_init.c \ - pki_id.c \ - pki_oid.c \ - pki_rand.c \ - pki_oid_defs.c \ - pki_algor.c \ - pki_digest.c \ - pki_hmac.c \ - pki_string.c \ - pki_time.c \ - pki_integer.c \ - pki_keypair.c \ - pki_keyparams.c \ - pki_x509_item.c \ - pki_x509_name.c \ - pki_x509_cert.c \ - pki_x509_crl.c \ - pki_x509_req.c \ - pki_x509_pkcs7.c \ - pki_x509_cms.c \ - pki_x509_p12.c \ - pki_x509_extension.c \ - pki_x509_signature.c \ - pki_x509_xpair.c \ - pki_x509_xpair_asn1.c \ - pki_ocsp_req.c \ - pki_ocsp_resp.c \ - pki_x509_attribute.c - -noinst_LTLIBRARIES = libpki-openssl.la -libpki_openssl_la_SOURCES = $(OPENSSL_SRCS) -libpki_openssl_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) -libpki_openssl_la_LIBADD = $(OBJECTS) -all: all-recursive - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/openssl/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/openssl/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) - @list='$(noinst_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } - -libpki-openssl.la: $(libpki_openssl_la_OBJECTS) $(libpki_openssl_la_DEPENDENCIES) $(EXTRA_libpki_openssl_la_DEPENDENCIES) - $(AM_V_CCLD)$(libpki_openssl_la_LINK) $(libpki_openssl_la_OBJECTS) $(libpki_openssl_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_algor.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_digest.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_hmac.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_id.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_integer.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_keypair.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_keyparams.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_ocsp_req.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_ocsp_resp.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_oid.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_oid_defs.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_rand.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_string.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_time.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_x509_attribute.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_x509_cert.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_x509_cms.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_x509_crl.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_x509_extension.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_x509_item.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_x509_name.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_x509_p12.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_x509_pkcs7.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_x509_req.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_x509_signature.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_x509_xpair.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pki_x509_xpair_asn1.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_openssl_la-pthread_init.Plo@am__quote@ # am--include-marker - -$(am__depfiles_remade): - @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ - -am--depfiles: $(am__depfiles_remade) - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ -@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - -libpki_openssl_la-pthread_init.lo: pthread_init.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pthread_init.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pthread_init.Tpo -c -o libpki_openssl_la-pthread_init.lo `test -f 'pthread_init.c' || echo '$(srcdir)/'`pthread_init.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pthread_init.Tpo $(DEPDIR)/libpki_openssl_la-pthread_init.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pthread_init.c' object='libpki_openssl_la-pthread_init.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pthread_init.lo `test -f 'pthread_init.c' || echo '$(srcdir)/'`pthread_init.c - -libpki_openssl_la-pki_id.lo: pki_id.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_id.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_id.Tpo -c -o libpki_openssl_la-pki_id.lo `test -f 'pki_id.c' || echo '$(srcdir)/'`pki_id.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_id.Tpo $(DEPDIR)/libpki_openssl_la-pki_id.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_id.c' object='libpki_openssl_la-pki_id.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_id.lo `test -f 'pki_id.c' || echo '$(srcdir)/'`pki_id.c - -libpki_openssl_la-pki_oid.lo: pki_oid.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_oid.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_oid.Tpo -c -o libpki_openssl_la-pki_oid.lo `test -f 'pki_oid.c' || echo '$(srcdir)/'`pki_oid.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_oid.Tpo $(DEPDIR)/libpki_openssl_la-pki_oid.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_oid.c' object='libpki_openssl_la-pki_oid.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_oid.lo `test -f 'pki_oid.c' || echo '$(srcdir)/'`pki_oid.c - -libpki_openssl_la-pki_rand.lo: pki_rand.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_rand.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_rand.Tpo -c -o libpki_openssl_la-pki_rand.lo `test -f 'pki_rand.c' || echo '$(srcdir)/'`pki_rand.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_rand.Tpo $(DEPDIR)/libpki_openssl_la-pki_rand.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_rand.c' object='libpki_openssl_la-pki_rand.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_rand.lo `test -f 'pki_rand.c' || echo '$(srcdir)/'`pki_rand.c - -libpki_openssl_la-pki_oid_defs.lo: pki_oid_defs.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_oid_defs.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_oid_defs.Tpo -c -o libpki_openssl_la-pki_oid_defs.lo `test -f 'pki_oid_defs.c' || echo '$(srcdir)/'`pki_oid_defs.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_oid_defs.Tpo $(DEPDIR)/libpki_openssl_la-pki_oid_defs.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_oid_defs.c' object='libpki_openssl_la-pki_oid_defs.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_oid_defs.lo `test -f 'pki_oid_defs.c' || echo '$(srcdir)/'`pki_oid_defs.c - -libpki_openssl_la-pki_algor.lo: pki_algor.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_algor.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_algor.Tpo -c -o libpki_openssl_la-pki_algor.lo `test -f 'pki_algor.c' || echo '$(srcdir)/'`pki_algor.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_algor.Tpo $(DEPDIR)/libpki_openssl_la-pki_algor.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_algor.c' object='libpki_openssl_la-pki_algor.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_algor.lo `test -f 'pki_algor.c' || echo '$(srcdir)/'`pki_algor.c - -libpki_openssl_la-pki_digest.lo: pki_digest.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_digest.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_digest.Tpo -c -o libpki_openssl_la-pki_digest.lo `test -f 'pki_digest.c' || echo '$(srcdir)/'`pki_digest.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_digest.Tpo $(DEPDIR)/libpki_openssl_la-pki_digest.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_digest.c' object='libpki_openssl_la-pki_digest.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_digest.lo `test -f 'pki_digest.c' || echo '$(srcdir)/'`pki_digest.c - -libpki_openssl_la-pki_hmac.lo: pki_hmac.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_hmac.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_hmac.Tpo -c -o libpki_openssl_la-pki_hmac.lo `test -f 'pki_hmac.c' || echo '$(srcdir)/'`pki_hmac.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_hmac.Tpo $(DEPDIR)/libpki_openssl_la-pki_hmac.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_hmac.c' object='libpki_openssl_la-pki_hmac.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_hmac.lo `test -f 'pki_hmac.c' || echo '$(srcdir)/'`pki_hmac.c - -libpki_openssl_la-pki_string.lo: pki_string.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_string.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_string.Tpo -c -o libpki_openssl_la-pki_string.lo `test -f 'pki_string.c' || echo '$(srcdir)/'`pki_string.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_string.Tpo $(DEPDIR)/libpki_openssl_la-pki_string.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_string.c' object='libpki_openssl_la-pki_string.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_string.lo `test -f 'pki_string.c' || echo '$(srcdir)/'`pki_string.c - -libpki_openssl_la-pki_time.lo: pki_time.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_time.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_time.Tpo -c -o libpki_openssl_la-pki_time.lo `test -f 'pki_time.c' || echo '$(srcdir)/'`pki_time.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_time.Tpo $(DEPDIR)/libpki_openssl_la-pki_time.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_time.c' object='libpki_openssl_la-pki_time.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_time.lo `test -f 'pki_time.c' || echo '$(srcdir)/'`pki_time.c - -libpki_openssl_la-pki_integer.lo: pki_integer.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_integer.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_integer.Tpo -c -o libpki_openssl_la-pki_integer.lo `test -f 'pki_integer.c' || echo '$(srcdir)/'`pki_integer.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_integer.Tpo $(DEPDIR)/libpki_openssl_la-pki_integer.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_integer.c' object='libpki_openssl_la-pki_integer.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_integer.lo `test -f 'pki_integer.c' || echo '$(srcdir)/'`pki_integer.c - -libpki_openssl_la-pki_keypair.lo: pki_keypair.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_keypair.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_keypair.Tpo -c -o libpki_openssl_la-pki_keypair.lo `test -f 'pki_keypair.c' || echo '$(srcdir)/'`pki_keypair.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_keypair.Tpo $(DEPDIR)/libpki_openssl_la-pki_keypair.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_keypair.c' object='libpki_openssl_la-pki_keypair.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_keypair.lo `test -f 'pki_keypair.c' || echo '$(srcdir)/'`pki_keypair.c - -libpki_openssl_la-pki_keyparams.lo: pki_keyparams.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_keyparams.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_keyparams.Tpo -c -o libpki_openssl_la-pki_keyparams.lo `test -f 'pki_keyparams.c' || echo '$(srcdir)/'`pki_keyparams.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_keyparams.Tpo $(DEPDIR)/libpki_openssl_la-pki_keyparams.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_keyparams.c' object='libpki_openssl_la-pki_keyparams.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_keyparams.lo `test -f 'pki_keyparams.c' || echo '$(srcdir)/'`pki_keyparams.c - -libpki_openssl_la-pki_x509_item.lo: pki_x509_item.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_x509_item.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_x509_item.Tpo -c -o libpki_openssl_la-pki_x509_item.lo `test -f 'pki_x509_item.c' || echo '$(srcdir)/'`pki_x509_item.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_x509_item.Tpo $(DEPDIR)/libpki_openssl_la-pki_x509_item.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_x509_item.c' object='libpki_openssl_la-pki_x509_item.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_x509_item.lo `test -f 'pki_x509_item.c' || echo '$(srcdir)/'`pki_x509_item.c - -libpki_openssl_la-pki_x509_name.lo: pki_x509_name.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_x509_name.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_x509_name.Tpo -c -o libpki_openssl_la-pki_x509_name.lo `test -f 'pki_x509_name.c' || echo '$(srcdir)/'`pki_x509_name.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_x509_name.Tpo $(DEPDIR)/libpki_openssl_la-pki_x509_name.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_x509_name.c' object='libpki_openssl_la-pki_x509_name.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_x509_name.lo `test -f 'pki_x509_name.c' || echo '$(srcdir)/'`pki_x509_name.c - -libpki_openssl_la-pki_x509_cert.lo: pki_x509_cert.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_x509_cert.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_x509_cert.Tpo -c -o libpki_openssl_la-pki_x509_cert.lo `test -f 'pki_x509_cert.c' || echo '$(srcdir)/'`pki_x509_cert.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_x509_cert.Tpo $(DEPDIR)/libpki_openssl_la-pki_x509_cert.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_x509_cert.c' object='libpki_openssl_la-pki_x509_cert.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_x509_cert.lo `test -f 'pki_x509_cert.c' || echo '$(srcdir)/'`pki_x509_cert.c - -libpki_openssl_la-pki_x509_crl.lo: pki_x509_crl.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_x509_crl.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_x509_crl.Tpo -c -o libpki_openssl_la-pki_x509_crl.lo `test -f 'pki_x509_crl.c' || echo '$(srcdir)/'`pki_x509_crl.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_x509_crl.Tpo $(DEPDIR)/libpki_openssl_la-pki_x509_crl.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_x509_crl.c' object='libpki_openssl_la-pki_x509_crl.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_x509_crl.lo `test -f 'pki_x509_crl.c' || echo '$(srcdir)/'`pki_x509_crl.c - -libpki_openssl_la-pki_x509_req.lo: pki_x509_req.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_x509_req.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_x509_req.Tpo -c -o libpki_openssl_la-pki_x509_req.lo `test -f 'pki_x509_req.c' || echo '$(srcdir)/'`pki_x509_req.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_x509_req.Tpo $(DEPDIR)/libpki_openssl_la-pki_x509_req.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_x509_req.c' object='libpki_openssl_la-pki_x509_req.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_x509_req.lo `test -f 'pki_x509_req.c' || echo '$(srcdir)/'`pki_x509_req.c - -libpki_openssl_la-pki_x509_pkcs7.lo: pki_x509_pkcs7.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_x509_pkcs7.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_x509_pkcs7.Tpo -c -o libpki_openssl_la-pki_x509_pkcs7.lo `test -f 'pki_x509_pkcs7.c' || echo '$(srcdir)/'`pki_x509_pkcs7.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_x509_pkcs7.Tpo $(DEPDIR)/libpki_openssl_la-pki_x509_pkcs7.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_x509_pkcs7.c' object='libpki_openssl_la-pki_x509_pkcs7.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_x509_pkcs7.lo `test -f 'pki_x509_pkcs7.c' || echo '$(srcdir)/'`pki_x509_pkcs7.c - -libpki_openssl_la-pki_x509_cms.lo: pki_x509_cms.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_x509_cms.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_x509_cms.Tpo -c -o libpki_openssl_la-pki_x509_cms.lo `test -f 'pki_x509_cms.c' || echo '$(srcdir)/'`pki_x509_cms.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_x509_cms.Tpo $(DEPDIR)/libpki_openssl_la-pki_x509_cms.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_x509_cms.c' object='libpki_openssl_la-pki_x509_cms.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_x509_cms.lo `test -f 'pki_x509_cms.c' || echo '$(srcdir)/'`pki_x509_cms.c - -libpki_openssl_la-pki_x509_p12.lo: pki_x509_p12.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_x509_p12.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_x509_p12.Tpo -c -o libpki_openssl_la-pki_x509_p12.lo `test -f 'pki_x509_p12.c' || echo '$(srcdir)/'`pki_x509_p12.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_x509_p12.Tpo $(DEPDIR)/libpki_openssl_la-pki_x509_p12.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_x509_p12.c' object='libpki_openssl_la-pki_x509_p12.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_x509_p12.lo `test -f 'pki_x509_p12.c' || echo '$(srcdir)/'`pki_x509_p12.c - -libpki_openssl_la-pki_x509_extension.lo: pki_x509_extension.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_x509_extension.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_x509_extension.Tpo -c -o libpki_openssl_la-pki_x509_extension.lo `test -f 'pki_x509_extension.c' || echo '$(srcdir)/'`pki_x509_extension.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_x509_extension.Tpo $(DEPDIR)/libpki_openssl_la-pki_x509_extension.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_x509_extension.c' object='libpki_openssl_la-pki_x509_extension.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_x509_extension.lo `test -f 'pki_x509_extension.c' || echo '$(srcdir)/'`pki_x509_extension.c - -libpki_openssl_la-pki_x509_signature.lo: pki_x509_signature.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_x509_signature.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_x509_signature.Tpo -c -o libpki_openssl_la-pki_x509_signature.lo `test -f 'pki_x509_signature.c' || echo '$(srcdir)/'`pki_x509_signature.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_x509_signature.Tpo $(DEPDIR)/libpki_openssl_la-pki_x509_signature.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_x509_signature.c' object='libpki_openssl_la-pki_x509_signature.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_x509_signature.lo `test -f 'pki_x509_signature.c' || echo '$(srcdir)/'`pki_x509_signature.c - -libpki_openssl_la-pki_x509_xpair.lo: pki_x509_xpair.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_x509_xpair.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_x509_xpair.Tpo -c -o libpki_openssl_la-pki_x509_xpair.lo `test -f 'pki_x509_xpair.c' || echo '$(srcdir)/'`pki_x509_xpair.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_x509_xpair.Tpo $(DEPDIR)/libpki_openssl_la-pki_x509_xpair.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_x509_xpair.c' object='libpki_openssl_la-pki_x509_xpair.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_x509_xpair.lo `test -f 'pki_x509_xpair.c' || echo '$(srcdir)/'`pki_x509_xpair.c - -libpki_openssl_la-pki_x509_xpair_asn1.lo: pki_x509_xpair_asn1.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_x509_xpair_asn1.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_x509_xpair_asn1.Tpo -c -o libpki_openssl_la-pki_x509_xpair_asn1.lo `test -f 'pki_x509_xpair_asn1.c' || echo '$(srcdir)/'`pki_x509_xpair_asn1.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_x509_xpair_asn1.Tpo $(DEPDIR)/libpki_openssl_la-pki_x509_xpair_asn1.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_x509_xpair_asn1.c' object='libpki_openssl_la-pki_x509_xpair_asn1.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_x509_xpair_asn1.lo `test -f 'pki_x509_xpair_asn1.c' || echo '$(srcdir)/'`pki_x509_xpair_asn1.c - -libpki_openssl_la-pki_ocsp_req.lo: pki_ocsp_req.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_ocsp_req.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_ocsp_req.Tpo -c -o libpki_openssl_la-pki_ocsp_req.lo `test -f 'pki_ocsp_req.c' || echo '$(srcdir)/'`pki_ocsp_req.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_ocsp_req.Tpo $(DEPDIR)/libpki_openssl_la-pki_ocsp_req.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_ocsp_req.c' object='libpki_openssl_la-pki_ocsp_req.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_ocsp_req.lo `test -f 'pki_ocsp_req.c' || echo '$(srcdir)/'`pki_ocsp_req.c - -libpki_openssl_la-pki_ocsp_resp.lo: pki_ocsp_resp.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_ocsp_resp.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_ocsp_resp.Tpo -c -o libpki_openssl_la-pki_ocsp_resp.lo `test -f 'pki_ocsp_resp.c' || echo '$(srcdir)/'`pki_ocsp_resp.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_ocsp_resp.Tpo $(DEPDIR)/libpki_openssl_la-pki_ocsp_resp.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_ocsp_resp.c' object='libpki_openssl_la-pki_ocsp_resp.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_ocsp_resp.lo `test -f 'pki_ocsp_resp.c' || echo '$(srcdir)/'`pki_ocsp_resp.c - -libpki_openssl_la-pki_x509_attribute.lo: pki_x509_attribute.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -MT libpki_openssl_la-pki_x509_attribute.lo -MD -MP -MF $(DEPDIR)/libpki_openssl_la-pki_x509_attribute.Tpo -c -o libpki_openssl_la-pki_x509_attribute.lo `test -f 'pki_x509_attribute.c' || echo '$(srcdir)/'`pki_x509_attribute.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_openssl_la-pki_x509_attribute.Tpo $(DEPDIR)/libpki_openssl_la-pki_x509_attribute.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pki_x509_attribute.c' object='libpki_openssl_la-pki_x509_attribute.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_openssl_la_CFLAGS) $(CFLAGS) -c -o libpki_openssl_la-pki_x509_attribute.lo `test -f 'pki_x509_attribute.c' || echo '$(srcdir)/'`pki_x509_attribute.c - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -# This directory's subdirectories are mostly independent; you can cd -# into them and run 'make' without going through this Makefile. -# To change the values of 'make' variables: instead of editing Makefiles, -# (1) if the variable is set in 'config.status', edit 'config.status' -# (which will cause the Makefiles to be regenerated when you run 'make'); -# (2) otherwise, pass the desired values on the 'make' command line. -$(am__recursive_targets): - @fail=; \ - if $(am__make_keepgoing); then \ - failcom='fail=yes'; \ - else \ - failcom='exit 1'; \ - fi; \ - dot_seen=no; \ - target=`echo $@ | sed s/-recursive//`; \ - case "$@" in \ - distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ - *) list='$(SUBDIRS)' ;; \ - esac; \ - for subdir in $$list; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - dot_seen=yes; \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done; \ - if test "$$dot_seen" = "no"; then \ - $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ - fi; test -z "$$fail" - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-recursive -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ - include_option=--etags-include; \ - empty_fix=.; \ - else \ - include_option=--include; \ - empty_fix=; \ - fi; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test ! -f $$subdir/TAGS || \ - set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ - fi; \ - done; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-recursive - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-recursive - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -distdir: $(BUILT_SOURCES) - $(MAKE) $(AM_MAKEFLAGS) distdir-am - -distdir-am: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - $(am__make_dryrun) \ - || test -d "$(distdir)/$$subdir" \ - || $(MKDIR_P) "$(distdir)/$$subdir" \ - || exit 1; \ - dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ - $(am__relativize); \ - new_distdir=$$reldir; \ - dir1=$$subdir; dir2="$(top_distdir)"; \ - $(am__relativize); \ - new_top_distdir=$$reldir; \ - echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ - echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ - ($(am__cd) $$subdir && \ - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$new_top_distdir" \ - distdir="$$new_distdir" \ - am__remove_distdir=: \ - am__skip_length_check=: \ - am__skip_mode_fix=: \ - distdir) \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-recursive -all-am: Makefile $(LTLIBRARIES) -installdirs: installdirs-recursive -installdirs-am: -install: install-recursive -install-exec: install-exec-recursive -install-data: install-data-recursive -uninstall: uninstall-recursive - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-recursive -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-recursive - -clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ - mostlyclean-am - -distclean: distclean-recursive - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_algor.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_digest.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_hmac.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_id.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_integer.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_keypair.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_keyparams.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_ocsp_req.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_ocsp_resp.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_oid.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_oid_defs.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_rand.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_string.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_time.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_attribute.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_cert.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_cms.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_crl.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_extension.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_item.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_name.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_p12.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_pkcs7.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_req.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_signature.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_xpair.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_xpair_asn1.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pthread_init.Plo - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-recursive - -dvi-am: - -html: html-recursive - -html-am: - -info: info-recursive - -info-am: - -install-data-am: - -install-dvi: install-dvi-recursive - -install-dvi-am: - -install-exec-am: - -install-html: install-html-recursive - -install-html-am: - -install-info: install-info-recursive - -install-info-am: - -install-man: - -install-pdf: install-pdf-recursive - -install-pdf-am: - -install-ps: install-ps-recursive - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-recursive - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_algor.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_digest.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_hmac.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_id.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_integer.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_keypair.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_keyparams.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_ocsp_req.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_ocsp_resp.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_oid.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_oid_defs.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_rand.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_string.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_time.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_attribute.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_cert.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_cms.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_crl.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_extension.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_item.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_name.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_p12.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_pkcs7.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_req.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_signature.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_xpair.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pki_x509_xpair_asn1.Plo - -rm -f ./$(DEPDIR)/libpki_openssl_la-pthread_init.Plo - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-recursive - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-recursive - -pdf-am: - -ps: ps-recursive - -ps-am: - -uninstall-am: - -.MAKE: $(am__recursive_targets) install-am install-strip - -.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ - am--depfiles check check-am clean clean-generic clean-libtool \ - clean-noinstLTLIBRARIES cscopelist-am ctags ctags-am distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - installdirs-am maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ - uninstall-am - -.PRECIOUS: Makefile - -include $(TOP)/global-vars - -# Composite Support -@ENABLE_COMPOSITE_TRUE@ COMPOSITE_SUBDIR = composite -@ENABLE_COMPOSITE_TRUE@ COMPOSITE_OBJ = composite/libpki-composite.la -@ENABLE_COMPOSITE_FALSE@ COMPOSITE_SUBDIR = -@ENABLE_COMPOSITE_FALSE@ COMPOSITE_OBJ = - -# OQS Support -@ENABLE_OQS_TRUE@ PQC_SUBDIR = pqc -@ENABLE_OQS_TRUE@ PQC_OBJ = pqc/libpki-pqc.la -@ENABLE_OQS_FALSE@ PQC_SUBDIR = -@ENABLE_OQS_FALSE@ PQC_OBJ = - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/src/openssl/internal/ossl_1_0_x/cms_lcl.h b/src/openssl/internal/ossl_1_0_x/cms_lcl.h deleted file mode 100644 index c872ed21..00000000 --- a/src/openssl/internal/ossl_1_0_x/cms_lcl.h +++ /dev/null @@ -1,498 +0,0 @@ -/* crypto/cms/cms_lcl.h */ -/* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#ifndef HEADER_CMS_LCL_H -# define HEADER_CMS_LCL_H - -#ifdef __cplusplus -extern "C" { -#endif - -# include - -/* - * Cryptographic message syntax (CMS) structures: taken from RFC3852 - */ - -/* Forward references */ - -typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber; -typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo; -typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier; -typedef struct CMS_SignedData_st CMS_SignedData; -typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat; -typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo; -typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo; -typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; -typedef struct CMS_DigestedData_st CMS_DigestedData; -typedef struct CMS_EncryptedData_st CMS_EncryptedData; -typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData; -typedef struct CMS_CompressedData_st CMS_CompressedData; -typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat; -typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo; -typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey; -typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey; -typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo; -typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier; -typedef struct CMS_KeyAgreeRecipientIdentifier_st - CMS_KeyAgreeRecipientIdentifier; -typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier; -typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo; -typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo; -typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo; -typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom; - -/* LibPKI Forward references */ -typedef struct CMS_IssuerAndSerialNumber_st LIBPKI_CMS_ISSUER_AND_SERIAL_NUMBER; -typedef struct CMS_EncapsulatedContentInfo_st LIBPKI_CMS_CI_ENCAPSULATED; -typedef struct CMS_SignerIdentifier_st LIBPKI_CMS_SIGNER_IDENTIFIER; -typedef struct CMS_SignedData_st LIBPKI_CMS_SIGNED_DATA; -typedef struct CMS_OtherRevocationInfoFormat_st LIBPKI_CMS_OTHER_REVOCATION_INFO_FORMAT; -typedef struct CMS_OriginatorInfo_st LIBPKI_CMS_ORIGINATOR_INFO; -typedef struct CMS_EncryptedContentInfo_st LIBPKI_CMS_CI_ENCRYPTED; -typedef struct CMS_EnvelopedData_st LIBPKI_CMS_DATA_ENVELOPED; -typedef struct CMS_DigestedData_st LIBPKI_CMS_DATA_DIGESTED; -typedef struct CMS_EncryptedData_st LIBPKI_CMS_DATA_ENCRYPTED; -typedef struct CMS_AuthenticatedData_st LIBPKI_CMS_DATA_AUTH; -typedef struct CMS_CompressedData_st LIBPKI_CMS_DATA_COMPRESSED; -typedef struct CMS_OtherCertificateFormat_st LIBPKI_CMS_OTHER_CERTIFICATE_FORMAT; -typedef struct CMS_KeyTransRecipientInfo_st LIBPKI_CMS_RECIPIENT_INFO_KTRANS; -typedef struct CMS_OriginatorPublicKey_st LIBPKI_CMS_ORIGINATOR_PUBLIC_KEY; -typedef struct CMS_OriginatorIdentifierOrKey_st LIBPKI_CMS_ORIGINATOR_IDENTIFIER_OR_KEY; -typedef struct CMS_KeyAgreeRecipientInfo_st LIBPKI_CMS_RECIPIENT_INFO_KAGREE; -typedef struct CMS_RecipientKeyIdentifier_st LIBPKI_CMS_RECIPIENT_KEY_IDENTIFIER; -typedef struct CMS_KeyAgreeRecipientIdentifier_st - LIBPKI_CMS_KAGREE_RECIPIENT_IDENTIFIER; -typedef struct CMS_KEKIdentifier_st LIBPKI_CMS_KEK_IDENTIFIER; -typedef struct CMS_KEKRecipientInfo_st LIBPKI_CMS_RECIPIENT_INFO_KEK; -typedef struct CMS_PasswordRecipientInfo_st LIBPKI_CMS_RECIPIENT_INFO_PASSWORD; -typedef struct CMS_OtherRecipientInfo_st LIBPKI_CMS_RECIPIENT_INFO_OTHER; -typedef struct CMS_ReceiptsFrom_st LIBPKI_CMS_RECEIPTS_FROM; - -struct CMS_ContentInfo_st { - ASN1_OBJECT *contentType; - union { - ASN1_OCTET_STRING *data; - CMS_SignedData *signedData; - CMS_EnvelopedData *envelopedData; - CMS_DigestedData *digestedData; - CMS_EncryptedData *encryptedData; - CMS_AuthenticatedData *authenticatedData; - CMS_CompressedData *compressedData; - ASN1_TYPE *other; - /* Other types ... */ - void *otherData; - } d; -}; - -struct CMS_SignedData_st { - long version; - STACK_OF(X509_ALGOR) *digestAlgorithms; - CMS_EncapsulatedContentInfo *encapContentInfo; - STACK_OF(CMS_CertificateChoices) *certificates; - STACK_OF(CMS_RevocationInfoChoice) *crls; - STACK_OF(CMS_SignerInfo) *signerInfos; -}; - -struct CMS_EncapsulatedContentInfo_st { - ASN1_OBJECT *eContentType; - ASN1_OCTET_STRING *eContent; - /* Set to 1 if incomplete structure only part set up */ - int partial; -}; - -struct CMS_SignerInfo_st { - long version; - CMS_SignerIdentifier *sid; - X509_ALGOR *digestAlgorithm; - STACK_OF(X509_ATTRIBUTE) *signedAttrs; - X509_ALGOR *signatureAlgorithm; - ASN1_OCTET_STRING *signature; - STACK_OF(X509_ATTRIBUTE) *unsignedAttrs; - /* Signing certificate and key */ - X509 *signer; - EVP_PKEY *pkey; - /* Digest and public key context for alternative parameters */ - EVP_MD_CTX mctx; - EVP_PKEY_CTX *pctx; -}; - -struct CMS_SignerIdentifier_st { - int type; - union { - CMS_IssuerAndSerialNumber *issuerAndSerialNumber; - ASN1_OCTET_STRING *subjectKeyIdentifier; - } d; -}; - -struct CMS_EnvelopedData_st { - long version; - CMS_OriginatorInfo *originatorInfo; - STACK_OF(CMS_RecipientInfo) *recipientInfos; - CMS_EncryptedContentInfo *encryptedContentInfo; - STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; -}; - -struct CMS_OriginatorInfo_st { - STACK_OF(CMS_CertificateChoices) *certificates; - STACK_OF(CMS_RevocationInfoChoice) *crls; -}; - -struct CMS_EncryptedContentInfo_st { - ASN1_OBJECT *contentType; - X509_ALGOR *contentEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedContent; - /* Content encryption algorithm and key */ - const EVP_CIPHER *cipher; - unsigned char *key; - size_t keylen; - /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ - int debug; -}; - -struct CMS_RecipientInfo_st { - int type; - union { - CMS_KeyTransRecipientInfo *ktri; - CMS_KeyAgreeRecipientInfo *kari; - CMS_KEKRecipientInfo *kekri; - CMS_PasswordRecipientInfo *pwri; - CMS_OtherRecipientInfo *ori; - } d; -}; - -typedef CMS_SignerIdentifier CMS_RecipientIdentifier; - -struct CMS_KeyTransRecipientInfo_st { - long version; - CMS_RecipientIdentifier *rid; - X509_ALGOR *keyEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedKey; - /* Recipient Key and cert */ - X509 *recip; - EVP_PKEY *pkey; - /* Public key context for this operation */ - EVP_PKEY_CTX *pctx; -}; - -struct CMS_KeyAgreeRecipientInfo_st { - long version; - CMS_OriginatorIdentifierOrKey *originator; - ASN1_OCTET_STRING *ukm; - X509_ALGOR *keyEncryptionAlgorithm; - STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys; - /* Public key context associated with current operation */ - EVP_PKEY_CTX *pctx; - /* Cipher context for CEK wrapping */ - EVP_CIPHER_CTX ctx; -}; - -struct CMS_OriginatorIdentifierOrKey_st { - int type; - union { - CMS_IssuerAndSerialNumber *issuerAndSerialNumber; - ASN1_OCTET_STRING *subjectKeyIdentifier; - CMS_OriginatorPublicKey *originatorKey; - } d; -}; - -struct CMS_OriginatorPublicKey_st { - X509_ALGOR *algorithm; - ASN1_BIT_STRING *publicKey; -}; - -struct CMS_RecipientEncryptedKey_st { - CMS_KeyAgreeRecipientIdentifier *rid; - ASN1_OCTET_STRING *encryptedKey; - /* Public key associated with this recipient */ - EVP_PKEY *pkey; -}; - -struct CMS_KeyAgreeRecipientIdentifier_st { - int type; - union { - CMS_IssuerAndSerialNumber *issuerAndSerialNumber; - CMS_RecipientKeyIdentifier *rKeyId; - } d; -}; - -struct CMS_RecipientKeyIdentifier_st { - ASN1_OCTET_STRING *subjectKeyIdentifier; - ASN1_GENERALIZEDTIME *date; - CMS_OtherKeyAttribute *other; -}; - -struct CMS_KEKRecipientInfo_st { - long version; - CMS_KEKIdentifier *kekid; - X509_ALGOR *keyEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedKey; - /* Extra info: symmetric key to use */ - unsigned char *key; - size_t keylen; -}; - -struct CMS_KEKIdentifier_st { - ASN1_OCTET_STRING *keyIdentifier; - ASN1_GENERALIZEDTIME *date; - CMS_OtherKeyAttribute *other; -}; - -struct CMS_PasswordRecipientInfo_st { - long version; - X509_ALGOR *keyDerivationAlgorithm; - X509_ALGOR *keyEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedKey; - /* Extra info: password to use */ - unsigned char *pass; - size_t passlen; -}; - -struct CMS_OtherRecipientInfo_st { - ASN1_OBJECT *oriType; - ASN1_TYPE *oriValue; -}; - -struct CMS_DigestedData_st { - long version; - X509_ALGOR *digestAlgorithm; - CMS_EncapsulatedContentInfo *encapContentInfo; - ASN1_OCTET_STRING *digest; -}; - -struct CMS_EncryptedData_st { - long version; - CMS_EncryptedContentInfo *encryptedContentInfo; - STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; -}; - -struct CMS_AuthenticatedData_st { - long version; - CMS_OriginatorInfo *originatorInfo; - STACK_OF(CMS_RecipientInfo) *recipientInfos; - X509_ALGOR *macAlgorithm; - X509_ALGOR *digestAlgorithm; - CMS_EncapsulatedContentInfo *encapContentInfo; - STACK_OF(X509_ATTRIBUTE) *authAttrs; - ASN1_OCTET_STRING *mac; - STACK_OF(X509_ATTRIBUTE) *unauthAttrs; -}; - -struct CMS_CompressedData_st { - long version; - X509_ALGOR *compressionAlgorithm; - STACK_OF(CMS_RecipientInfo) *recipientInfos; - CMS_EncapsulatedContentInfo *encapContentInfo; -}; - -struct CMS_RevocationInfoChoice_st { - int type; - union { - X509_CRL *crl; - CMS_OtherRevocationInfoFormat *other; - } d; -}; - -# define CMS_REVCHOICE_CRL 0 -# define CMS_REVCHOICE_OTHER 1 - -struct CMS_OtherRevocationInfoFormat_st { - ASN1_OBJECT *otherRevInfoFormat; - ASN1_TYPE *otherRevInfo; -}; - -struct CMS_CertificateChoices { - int type; - union { - X509 *certificate; - ASN1_STRING *extendedCertificate; /* Obsolete */ - ASN1_STRING *v1AttrCert; /* Left encoded for now */ - ASN1_STRING *v2AttrCert; /* Left encoded for now */ - CMS_OtherCertificateFormat *other; - } d; -}; - -# define CMS_CERTCHOICE_CERT 0 -# define CMS_CERTCHOICE_EXCERT 1 -# define CMS_CERTCHOICE_V1ACERT 2 -# define CMS_CERTCHOICE_V2ACERT 3 -# define CMS_CERTCHOICE_OTHER 4 - -struct CMS_OtherCertificateFormat_st { - ASN1_OBJECT *otherCertFormat; - ASN1_TYPE *otherCert; -}; - -/* - * This is also defined in pkcs7.h but we duplicate it to allow the CMS code - * to be independent of PKCS#7 - */ - -struct CMS_IssuerAndSerialNumber_st { - X509_NAME *issuer; - ASN1_INTEGER *serialNumber; -}; - -struct CMS_OtherKeyAttribute_st { - ASN1_OBJECT *keyAttrId; - ASN1_TYPE *keyAttr; -}; - -/* ESS structures */ - -# ifdef HEADER_X509V3_H - -struct CMS_ReceiptRequest_st { - ASN1_OCTET_STRING *signedContentIdentifier; - CMS_ReceiptsFrom *receiptsFrom; - STACK_OF(GENERAL_NAMES) *receiptsTo; -}; - -struct CMS_ReceiptsFrom_st { - int type; - union { - long allOrFirstTier; - STACK_OF(GENERAL_NAMES) *receiptList; - } d; -}; -# endif - -struct CMS_Receipt_st { - long version; - ASN1_OBJECT *contentType; - ASN1_OCTET_STRING *signedContentIdentifier; - ASN1_OCTET_STRING *originatorSignatureValue; -}; - -DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) -DECLARE_ASN1_ITEM(CMS_SignerInfo) -DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) -DECLARE_ASN1_ITEM(CMS_Attributes_Sign) -DECLARE_ASN1_ITEM(CMS_Attributes_Verify) -DECLARE_ASN1_ITEM(CMS_RecipientInfo) -DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo) -DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber) - -# define CMS_SIGNERINFO_ISSUER_SERIAL 0 -# define CMS_SIGNERINFO_KEYIDENTIFIER 1 - -# define CMS_RECIPINFO_ISSUER_SERIAL 0 -# define CMS_RECIPINFO_KEYIDENTIFIER 1 - -# define CMS_REK_ISSUER_SERIAL 0 -# define CMS_REK_KEYIDENTIFIER 1 - -# define CMS_OIK_ISSUER_SERIAL 0 -# define CMS_OIK_KEYIDENTIFIER 1 -# define CMS_OIK_PUBKEY 2 - -BIO *cms_content_bio(CMS_ContentInfo *cms); - -CMS_ContentInfo *cms_Data_create(void); - -CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md); -BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms); -int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify); - -BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms); -int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); -int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, - int type); -int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno); -int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); - -CMS_ContentInfo *cms_CompressedData_create(int comp_nid); -BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms); - -void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md); -BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm); -int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, - X509_ALGOR *mdalg); - -int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert); -int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert); -int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert); -int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert); - -BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec); -BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms); -int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, - const EVP_CIPHER *cipher, - const unsigned char *key, size_t keylen); - -int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms); -int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src); -ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si); - -BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms); -CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms); -int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd); -int cms_pkey_get_ri_type(EVP_PKEY *pk); -/* KARI routines */ -int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, - EVP_PKEY *pk, unsigned int flags); -int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms, - CMS_RecipientInfo *ri); - -/* PWRI routines */ -int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, - int en_de); - -#ifdef __cplusplus -} -#endif -#endif diff --git a/src/openssl/internal/ossl_1_1_0/cms_lcl.h b/src/openssl/internal/ossl_1_1_0/cms_lcl.h deleted file mode 100644 index 88a1ebe4..00000000 --- a/src/openssl/internal/ossl_1_1_0/cms_lcl.h +++ /dev/null @@ -1,445 +0,0 @@ -/* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_CMS_LCL_H -# define HEADER_CMS_LCL_H - -#ifdef __cplusplus -extern "C" { -#endif - -# include -# include - -/* - * Cryptographic message syntax (CMS) structures: taken from RFC3852 - */ - -/* Forward references */ - -typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber; -typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo; -typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier; -typedef struct CMS_SignedData_st CMS_SignedData; -typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat; -typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo; -typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo; -typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; -typedef struct CMS_DigestedData_st CMS_DigestedData; -typedef struct CMS_EncryptedData_st CMS_EncryptedData; -typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData; -typedef struct CMS_CompressedData_st CMS_CompressedData; -typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat; -typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo; -typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey; -typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey; -typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo; -typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier; -typedef struct CMS_KeyAgreeRecipientIdentifier_st - CMS_KeyAgreeRecipientIdentifier; -typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier; -typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo; -typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo; -typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo; -typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom; - -struct CMS_ContentInfo_st { - ASN1_OBJECT *contentType; - union { - ASN1_OCTET_STRING *data; - CMS_SignedData *signedData; - CMS_EnvelopedData *envelopedData; - CMS_DigestedData *digestedData; - CMS_EncryptedData *encryptedData; - CMS_AuthenticatedData *authenticatedData; - CMS_CompressedData *compressedData; - ASN1_TYPE *other; - /* Other types ... */ - void *otherData; - } d; -}; - -struct CMS_OtherRevocationInfoFormat_st { - ASN1_OBJECT *otherRevInfoFormat; - ASN1_TYPE *otherRevInfo; -}; - -struct CMS_CertificateChoices { - int type; - union { - X509 *certificate; - ASN1_STRING *extendedCertificate; /* Obsolete */ - ASN1_STRING *v1AttrCert; /* Left encoded for now */ - ASN1_STRING *v2AttrCert; /* Left encoded for now */ - CMS_OtherCertificateFormat *other; - } d; -}; - -DEFINE_STACK_OF(CMS_CertificateChoices) - -struct CMS_SignedData_st { - long version; - STACK_OF(X509_ALGOR) *digestAlgorithms; - CMS_EncapsulatedContentInfo *encapContentInfo; - STACK_OF(CMS_CertificateChoices) *certificates; - STACK_OF(CMS_RevocationInfoChoice) *crls; - STACK_OF(CMS_SignerInfo) *signerInfos; -}; - -struct CMS_EncapsulatedContentInfo_st { - ASN1_OBJECT *eContentType; - ASN1_OCTET_STRING *eContent; - /* Set to 1 if incomplete structure only part set up */ - int partial; -}; - -struct CMS_SignerInfo_st { - long version; - CMS_SignerIdentifier *sid; - X509_ALGOR *digestAlgorithm; - STACK_OF(X509_ATTRIBUTE) *signedAttrs; - X509_ALGOR *signatureAlgorithm; - ASN1_OCTET_STRING *signature; - STACK_OF(X509_ATTRIBUTE) *unsignedAttrs; - /* Signing certificate and key */ - X509 *signer; - EVP_PKEY *pkey; - /* Digest and public key context for alternative parameters */ - EVP_MD_CTX *mctx; - EVP_PKEY_CTX *pctx; -}; - -struct CMS_SignerIdentifier_st { - int type; - union { - CMS_IssuerAndSerialNumber *issuerAndSerialNumber; - ASN1_OCTET_STRING *subjectKeyIdentifier; - } d; -}; - -struct CMS_EnvelopedData_st { - long version; - CMS_OriginatorInfo *originatorInfo; - STACK_OF(CMS_RecipientInfo) *recipientInfos; - CMS_EncryptedContentInfo *encryptedContentInfo; - STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; -}; - -struct CMS_OriginatorInfo_st { - STACK_OF(CMS_CertificateChoices) *certificates; - STACK_OF(CMS_RevocationInfoChoice) *crls; -}; - -struct CMS_EncryptedContentInfo_st { - ASN1_OBJECT *contentType; - X509_ALGOR *contentEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedContent; - /* Content encryption algorithm and key */ - const EVP_CIPHER *cipher; - unsigned char *key; - size_t keylen; - /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ - int debug; -}; - -struct CMS_RecipientInfo_st { - int type; - union { - CMS_KeyTransRecipientInfo *ktri; - CMS_KeyAgreeRecipientInfo *kari; - CMS_KEKRecipientInfo *kekri; - CMS_PasswordRecipientInfo *pwri; - CMS_OtherRecipientInfo *ori; - } d; -}; - -typedef CMS_SignerIdentifier CMS_RecipientIdentifier; - -struct CMS_KeyTransRecipientInfo_st { - long version; - CMS_RecipientIdentifier *rid; - X509_ALGOR *keyEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedKey; - /* Recipient Key and cert */ - X509 *recip; - EVP_PKEY *pkey; - /* Public key context for this operation */ - EVP_PKEY_CTX *pctx; -}; - -struct CMS_KeyAgreeRecipientInfo_st { - long version; - CMS_OriginatorIdentifierOrKey *originator; - ASN1_OCTET_STRING *ukm; - X509_ALGOR *keyEncryptionAlgorithm; - STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys; - /* Public key context associated with current operation */ - EVP_PKEY_CTX *pctx; - /* Cipher context for CEK wrapping */ - EVP_CIPHER_CTX *ctx; -}; - -struct CMS_OriginatorIdentifierOrKey_st { - int type; - union { - CMS_IssuerAndSerialNumber *issuerAndSerialNumber; - ASN1_OCTET_STRING *subjectKeyIdentifier; - CMS_OriginatorPublicKey *originatorKey; - } d; -}; - -struct CMS_OriginatorPublicKey_st { - X509_ALGOR *algorithm; - ASN1_BIT_STRING *publicKey; -}; - -struct CMS_RecipientEncryptedKey_st { - CMS_KeyAgreeRecipientIdentifier *rid; - ASN1_OCTET_STRING *encryptedKey; - /* Public key associated with this recipient */ - EVP_PKEY *pkey; -}; - -struct CMS_KeyAgreeRecipientIdentifier_st { - int type; - union { - CMS_IssuerAndSerialNumber *issuerAndSerialNumber; - CMS_RecipientKeyIdentifier *rKeyId; - } d; -}; - -struct CMS_OtherCertificateFormat_st { - ASN1_OBJECT *otherCertFormat; - ASN1_TYPE *otherCert; -}; - -/* - * This is also defined in pkcs7.h but we duplicate it to allow the CMS code - * to be independent of PKCS#7 - */ - -struct CMS_IssuerAndSerialNumber_st { - X509_NAME *issuer; - ASN1_INTEGER *serialNumber; -}; - -struct CMS_OtherKeyAttribute_st { - ASN1_OBJECT *keyAttrId; - ASN1_TYPE *keyAttr; -}; - -struct CMS_RecipientKeyIdentifier_st { - ASN1_OCTET_STRING *subjectKeyIdentifier; - ASN1_GENERALIZEDTIME *date; - CMS_OtherKeyAttribute *other; -}; - -struct CMS_KEKRecipientInfo_st { - long version; - CMS_KEKIdentifier *kekid; - X509_ALGOR *keyEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedKey; - /* Extra info: symmetric key to use */ - unsigned char *key; - size_t keylen; -}; - -struct CMS_KEKIdentifier_st { - ASN1_OCTET_STRING *keyIdentifier; - ASN1_GENERALIZEDTIME *date; - CMS_OtherKeyAttribute *other; -}; - -struct CMS_PasswordRecipientInfo_st { - long version; - X509_ALGOR *keyDerivationAlgorithm; - X509_ALGOR *keyEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedKey; - /* Extra info: password to use */ - unsigned char *pass; - size_t passlen; -}; - -struct CMS_OtherRecipientInfo_st { - ASN1_OBJECT *oriType; - ASN1_TYPE *oriValue; -}; - -struct CMS_DigestedData_st { - long version; - X509_ALGOR *digestAlgorithm; - CMS_EncapsulatedContentInfo *encapContentInfo; - ASN1_OCTET_STRING *digest; -}; - -struct CMS_EncryptedData_st { - long version; - CMS_EncryptedContentInfo *encryptedContentInfo; - STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; -}; - -struct CMS_AuthenticatedData_st { - long version; - CMS_OriginatorInfo *originatorInfo; - STACK_OF(CMS_RecipientInfo) *recipientInfos; - X509_ALGOR *macAlgorithm; - X509_ALGOR *digestAlgorithm; - CMS_EncapsulatedContentInfo *encapContentInfo; - STACK_OF(X509_ATTRIBUTE) *authAttrs; - ASN1_OCTET_STRING *mac; - STACK_OF(X509_ATTRIBUTE) *unauthAttrs; -}; - -struct CMS_CompressedData_st { - long version; - X509_ALGOR *compressionAlgorithm; - STACK_OF(CMS_RecipientInfo) *recipientInfos; - CMS_EncapsulatedContentInfo *encapContentInfo; -}; - -struct CMS_RevocationInfoChoice_st { - int type; - union { - X509_CRL *crl; - CMS_OtherRevocationInfoFormat *other; - } d; -}; - -# define CMS_REVCHOICE_CRL 0 -# define CMS_REVCHOICE_OTHER 1 - -# define CMS_CERTCHOICE_CERT 0 -# define CMS_CERTCHOICE_EXCERT 1 -# define CMS_CERTCHOICE_V1ACERT 2 -# define CMS_CERTCHOICE_V2ACERT 3 -# define CMS_CERTCHOICE_OTHER 4 - -/* ESS structures */ - -# ifdef HEADER_X509V3_H - -struct CMS_ReceiptRequest_st { - ASN1_OCTET_STRING *signedContentIdentifier; - CMS_ReceiptsFrom *receiptsFrom; - STACK_OF(GENERAL_NAMES) *receiptsTo; -}; - -struct CMS_ReceiptsFrom_st { - int type; - union { - long allOrFirstTier; - STACK_OF(GENERAL_NAMES) *receiptList; - } d; -}; -# endif - -struct CMS_Receipt_st { - long version; - ASN1_OBJECT *contentType; - ASN1_OCTET_STRING *signedContentIdentifier; - ASN1_OCTET_STRING *originatorSignatureValue; -}; - -DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) -DECLARE_ASN1_ITEM(CMS_SignerInfo) -DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) -DECLARE_ASN1_ITEM(CMS_Attributes_Sign) -DECLARE_ASN1_ITEM(CMS_Attributes_Verify) -DECLARE_ASN1_ITEM(CMS_RecipientInfo) -DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo) -DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber) - -# define CMS_SIGNERINFO_ISSUER_SERIAL 0 -# define CMS_SIGNERINFO_KEYIDENTIFIER 1 - -# define CMS_RECIPINFO_ISSUER_SERIAL 0 -# define CMS_RECIPINFO_KEYIDENTIFIER 1 - -# define CMS_REK_ISSUER_SERIAL 0 -# define CMS_REK_KEYIDENTIFIER 1 - -# define CMS_OIK_ISSUER_SERIAL 0 -# define CMS_OIK_KEYIDENTIFIER 1 -# define CMS_OIK_PUBKEY 2 - -BIO *cms_content_bio(CMS_ContentInfo *cms); - -CMS_ContentInfo *cms_Data_create(void); - -CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md); -BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms); -int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify); - -BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms); -int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); -int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, - int type); -int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno); -int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); - -CMS_ContentInfo *cms_CompressedData_create(int comp_nid); -BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms); - -BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm); -int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, - X509_ALGOR *mdalg); - -int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert); -int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert); -int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert); -int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert); - -BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec); -BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms); -int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, - const EVP_CIPHER *cipher, - const unsigned char *key, size_t keylen); - -int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms); -int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src); -ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si); - -BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms); -CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms); -int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd); -int cms_pkey_get_ri_type(EVP_PKEY *pk); -/* KARI routines */ -int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, - EVP_PKEY *pk, unsigned int flags); -int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms, - CMS_RecipientInfo *ri); - -/* PWRI routines */ -int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, - int en_de); - -DECLARE_ASN1_ITEM(CMS_CertificateChoices) -DECLARE_ASN1_ITEM(CMS_DigestedData) -DECLARE_ASN1_ITEM(CMS_EncryptedData) -DECLARE_ASN1_ITEM(CMS_EnvelopedData) -DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo) -DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo) -DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo) -DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey) -DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute) -DECLARE_ASN1_ITEM(CMS_Receipt) -DECLARE_ASN1_ITEM(CMS_ReceiptRequest) -DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey) -DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier) -DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice) -DECLARE_ASN1_ITEM(CMS_SignedData) -DECLARE_ASN1_ITEM(CMS_CompressedData) - -#ifdef __cplusplus -} -#endif -#endif diff --git a/src/openssl/internal/ossl_1_1_0/ocsp_lcl.h b/src/openssl/internal/ossl_1_1_0/ocsp_lcl.h deleted file mode 100644 index efd9495f..00000000 --- a/src/openssl/internal/ossl_1_1_0/ocsp_lcl.h +++ /dev/null @@ -1,213 +0,0 @@ -#ifndef _LIBPKI_OSSL_1_1_0_OCSP_LCL_H -#define _LIBPKI_OSSL_1_1_0_OCSP_LCL_H - -/*- CertID ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier, - * issuerNameHash OCTET STRING, -- Hash of Issuer's DN - * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) - * serialNumber CertificateSerialNumber } - */ -struct ocsp_cert_id_st { - X509_ALGOR hashAlgorithm; - ASN1_OCTET_STRING issuerNameHash; - ASN1_OCTET_STRING issuerKeyHash; - ASN1_INTEGER serialNumber; -}; - -/*- Request ::= SEQUENCE { - * reqCert CertID, - * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } - */ -struct ocsp_one_request_st { - OCSP_CERTID *reqCert; - STACK_OF(X509_EXTENSION) *singleRequestExtensions; -}; - -/*- TBSRequest ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * requestorName [1] EXPLICIT GeneralName OPTIONAL, - * requestList SEQUENCE OF Request, - * requestExtensions [2] EXPLICIT Extensions OPTIONAL } - */ -struct ocsp_req_info_st { - ASN1_INTEGER *version; - GENERAL_NAME *requestorName; - STACK_OF(OCSP_ONEREQ) *requestList; - STACK_OF(X509_EXTENSION) *requestExtensions; -}; - -/*- Signature ::= SEQUENCE { - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - */ -struct ocsp_signature_st { - X509_ALGOR signatureAlgorithm; - ASN1_BIT_STRING *signature; - STACK_OF(X509) *certs; -}; - -/*- OCSPRequest ::= SEQUENCE { - * tbsRequest TBSRequest, - * optionalSignature [0] EXPLICIT Signature OPTIONAL } - */ -struct ocsp_request_st { - OCSP_REQINFO tbsRequest; - OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ -}; - -/*- OCSPResponseStatus ::= ENUMERATED { - * successful (0), --Response has valid confirmations - * malformedRequest (1), --Illegal confirmation request - * internalError (2), --Internal error in issuer - * tryLater (3), --Try again later - * --(4) is not used - * sigRequired (5), --Must sign the request - * unauthorized (6) --Request unauthorized - * } - */ - -/*- ResponseBytes ::= SEQUENCE { - * responseType OBJECT IDENTIFIER, - * response OCTET STRING } - */ -struct ocsp_resp_bytes_st { - ASN1_OBJECT *responseType; - ASN1_OCTET_STRING *response; -}; - -/*- OCSPResponse ::= SEQUENCE { - * responseStatus OCSPResponseStatus, - * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } - */ -struct ocsp_response_st { - ASN1_ENUMERATED *responseStatus; - OCSP_RESPBYTES *responseBytes; -}; - -/*- ResponderID ::= CHOICE { - * byName [1] Name, - * byKey [2] KeyHash } - */ -struct ocsp_responder_id_st { - int type; - union { - X509_NAME *byName; - ASN1_OCTET_STRING *byKey; - } value; -}; - -/*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key - * --(excluding the tag and length fields) - */ - -/*- RevokedInfo ::= SEQUENCE { - * revocationTime GeneralizedTime, - * revocationReason [0] EXPLICIT CRLReason OPTIONAL } - */ -struct ocsp_revoked_info_st { - ASN1_GENERALIZEDTIME *revocationTime; - ASN1_ENUMERATED *revocationReason; -}; - -/*- CertStatus ::= CHOICE { - * good [0] IMPLICIT NULL, - * revoked [1] IMPLICIT RevokedInfo, - * unknown [2] IMPLICIT UnknownInfo } - */ -struct ocsp_cert_status_st { - int type; - union { - ASN1_NULL *good; - OCSP_REVOKEDINFO *revoked; - ASN1_NULL *unknown; - } value; -}; - -/*- SingleResponse ::= SEQUENCE { - * certID CertID, - * certStatus CertStatus, - * thisUpdate GeneralizedTime, - * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, - * singleExtensions [1] EXPLICIT Extensions OPTIONAL } - */ -struct ocsp_single_response_st { - OCSP_CERTID *certId; - OCSP_CERTSTATUS *certStatus; - ASN1_GENERALIZEDTIME *thisUpdate; - ASN1_GENERALIZEDTIME *nextUpdate; - STACK_OF(X509_EXTENSION) *singleExtensions; -}; - -/*- ResponseData ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * responderID ResponderID, - * producedAt GeneralizedTime, - * responses SEQUENCE OF SingleResponse, - * responseExtensions [1] EXPLICIT Extensions OPTIONAL } - */ -struct ocsp_response_data_st { - ASN1_INTEGER *version; - OCSP_RESPID responderId; - ASN1_GENERALIZEDTIME *producedAt; - STACK_OF(OCSP_SINGLERESP) *responses; - STACK_OF(X509_EXTENSION) *responseExtensions; -}; - -/*- BasicOCSPResponse ::= SEQUENCE { - * tbsResponseData ResponseData, - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - */ - /* - * Note 1: The value for "signature" is specified in the OCSP rfc2560 as - * follows: "The value for the signature SHALL be computed on the hash of - * the DER encoding ResponseData." This means that you must hash the - * DER-encoded tbsResponseData, and then run it through a crypto-signing - * function, which will (at least w/RSA) do a hash-'n'-private-encrypt - * operation. This seems a bit odd, but that's the spec. Also note that - * the data structures do not leave anywhere to independently specify the - * algorithm used for the initial hash. So, we look at the - * signature-specification algorithm, and try to do something intelligent. - * -- Kathy Weinhold, CertCo - */ - /* - * Note 2: It seems that the mentioned passage from RFC 2560 (section - * 4.2.1) is open for interpretation. I've done tests against another - * responder, and found that it doesn't do the double hashing that the RFC - * seems to say one should. Therefore, all relevant functions take a flag - * saying which variant should be used. -- Richard Levitte, OpenSSL team - * and CeloCom - */ -struct ocsp_basic_response_st { - OCSP_RESPDATA tbsResponseData; - X509_ALGOR signatureAlgorithm; - ASN1_BIT_STRING *signature; - STACK_OF(X509) *certs; -}; - -/*- - * CrlID ::= SEQUENCE { - * crlUrl [0] EXPLICIT IA5String OPTIONAL, - * crlNum [1] EXPLICIT INTEGER OPTIONAL, - * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } - */ -struct ocsp_crl_id_st { - ASN1_IA5STRING *crlUrl; - ASN1_INTEGER *crlNum; - ASN1_GENERALIZEDTIME *crlTime; -}; - -/*- - * ServiceLocator ::= SEQUENCE { - * issuer Name, - * locator AuthorityInfoAccessSyntax OPTIONAL } - */ -struct ocsp_service_locator_st { - X509_NAME *issuer; - STACK_OF(ACCESS_DESCRIPTION) *locator; -}; - -#endif - diff --git a/src/openssl/internal/ossl_1_1_0/x509_int.h b/src/openssl/internal/ossl_1_1_0/x509_int.h deleted file mode 100644 index a2ea85a7..00000000 --- a/src/openssl/internal/ossl_1_1_0/x509_int.h +++ /dev/null @@ -1,261 +0,0 @@ -#ifndef _LIBPKI_OSSL_1_1_1_X509_INT_H -#define _LIBPKI_OSSL_1_1_1_X509_INT_H - -/* Internal X509 structures and functions: not for application use */ - -/* Note: unless otherwise stated a field pointer is mandatory and should - * never be set to NULL: the ASN.1 code and accessors rely on mandatory - * fields never being NULL. - */ - -/* - * name entry structure, equivalent to AttributeTypeAndValue defined - * in RFC5280 et al. - */ -struct X509_name_entry_st { - ASN1_OBJECT *object; /* AttributeType */ - ASN1_STRING *value; /* AttributeValue */ - int set; /* index of RDNSequence for this entry */ - int size; /* temp variable */ -}; - -/* Name from RFC 5280. */ -struct X509_name_st { - STACK_OF(X509_NAME_ENTRY) *entries; /* DN components */ - int modified; /* true if 'bytes' needs to be built */ - BUF_MEM *bytes; /* cached encoding: cannot be NULL */ - /* canonical encoding used for rapid Name comparison */ - unsigned char *canon_enc; - int canon_enclen; -} /* X509_NAME */ ; - -/* PKCS#10 certificate request */ - -struct X509_req_info_st { - ASN1_ENCODING enc; /* cached encoding of signed part */ - ASN1_INTEGER *version; /* version, defaults to v1(0) so can be NULL */ - X509_NAME *subject; /* certificate request DN */ - X509_PUBKEY *pubkey; /* public key of request */ - /* - * Zero or more attributes. - * NB: although attributes is a mandatory field some broken - * encodings omit it so this may be NULL in that case. - */ - STACK_OF(X509_ATTRIBUTE) *attributes; -}; - -struct X509_req_st { - X509_REQ_INFO req_info; /* signed certificate request data */ - X509_ALGOR sig_alg; /* signature algorithm */ - ASN1_BIT_STRING *signature; /* signature */ - int references; - CRYPTO_RWLOCK *lock; -}; - -struct X509_crl_info_st { - ASN1_INTEGER *version; /* version: defaults to v1(0) so may be NULL */ - X509_ALGOR sig_alg; /* signature algorithm */ - X509_NAME *issuer; /* CRL issuer name */ - ASN1_TIME *lastUpdate; /* lastUpdate field */ - ASN1_TIME *nextUpdate; /* nextUpdate field: optional */ - STACK_OF(X509_REVOKED) *revoked; /* revoked entries: optional */ - STACK_OF(X509_EXTENSION) *extensions; /* extensions: optional */ - ASN1_ENCODING enc; /* encoding of signed portion of CRL */ -}; - -struct X509_crl_st { - X509_CRL_INFO crl; /* signed CRL data */ - X509_ALGOR sig_alg; /* CRL signature algorithm */ - ASN1_BIT_STRING signature; /* CRL signature */ - int references; - int flags; - /* - * Cached copies of decoded extension values, since extensions - * are optional any of these can be NULL. - */ - AUTHORITY_KEYID *akid; - ISSUING_DIST_POINT *idp; - /* Convenient breakdown of IDP */ - int idp_flags; - int idp_reasons; - /* CRL and base CRL numbers for delta processing */ - ASN1_INTEGER *crl_number; - ASN1_INTEGER *base_crl_number; - STACK_OF(GENERAL_NAMES) *issuers; - /* hash of CRL */ - unsigned char sha1_hash[SHA_DIGEST_LENGTH]; - /* alternative method to handle this CRL */ - const X509_CRL_METHOD *meth; - void *meth_data; - CRYPTO_RWLOCK *lock; -}; - -struct x509_revoked_st { - ASN1_INTEGER serialNumber; /* revoked entry serial number */ - ASN1_TIME *revocationDate; /* revocation date */ - STACK_OF(X509_EXTENSION) *extensions; /* CRL entry extensions: optional */ - /* decoded value of CRLissuer extension: set if indirect CRL */ - STACK_OF(GENERAL_NAME) *issuer; - /* revocation reason: set to CRL_REASON_NONE if reason extension absent */ - int reason; - /* - * CRL entries are reordered for faster lookup of serial numbers. This - * field contains the original load sequence for this entry. - */ - int sequence; -}; - -/* - * This stuff is certificate "auxiliary info": it contains details which are - * useful in certificate stores and databases. When used this is tagged onto - * the end of the certificate itself. OpenSSL specific structure not defined - * in any RFC. - */ - -struct x509_cert_aux_st { - STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ - STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ - ASN1_UTF8STRING *alias; /* "friendly name" */ - ASN1_OCTET_STRING *keyid; /* key id of private key */ - STACK_OF(X509_ALGOR) *other; /* other unspecified info */ -}; - -struct x509_cinf_st { - ASN1_INTEGER *version; /* [ 0 ] default of v1 */ - ASN1_INTEGER serialNumber; - X509_ALGOR signature; - X509_NAME *issuer; - X509_VAL validity; - X509_NAME *subject; - X509_PUBKEY *key; - ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ - ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ - STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ - ASN1_ENCODING enc; -}; - -struct x509_st { - X509_CINF cert_info; - X509_ALGOR sig_alg; - ASN1_BIT_STRING signature; - int references; - CRYPTO_EX_DATA ex_data; - /* These contain copies of various extension values */ - long ex_pathlen; - long ex_pcpathlen; - uint32_t ex_flags; - uint32_t ex_kusage; - uint32_t ex_xkusage; - uint32_t ex_nscert; - ASN1_OCTET_STRING *skid; - AUTHORITY_KEYID *akid; - X509_POLICY_CACHE *policy_cache; - STACK_OF(DIST_POINT) *crldp; - STACK_OF(GENERAL_NAME) *altname; - NAME_CONSTRAINTS *nc; -#ifndef OPENSSL_NO_RFC3779 - STACK_OF(IPAddressFamily) *rfc3779_addr; - struct ASIdentifiers_st *rfc3779_asid; -# endif - unsigned char sha1_hash[SHA_DIGEST_LENGTH]; - X509_CERT_AUX *aux; - CRYPTO_RWLOCK *lock; - volatile int ex_cached; -} /* X509 */ ; - -/* - * This is a used when verifying cert chains. Since the gathering of the - * cert chain can take some time (and have to be 'retried', this needs to be - * kept and passed around. - */ -struct x509_store_ctx_st { /* X509_STORE_CTX */ - X509_STORE *ctx; - /* The following are set by the caller */ - /* The cert to check */ - X509 *cert; - /* chain of X509s - untrusted - passed in */ - STACK_OF(X509) *untrusted; - /* set of CRLs passed in */ - STACK_OF(X509_CRL) *crls; - X509_VERIFY_PARAM *param; - /* Other info for use with get_issuer() */ - void *other_ctx; - /* Callbacks for various operations */ - /* called to verify a certificate */ - int (*verify) (X509_STORE_CTX *ctx); - /* error callback */ - int (*verify_cb) (int ok, X509_STORE_CTX *ctx); - /* get issuers cert from ctx */ - int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); - /* check issued */ - int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); - /* Check revocation status of chain */ - int (*check_revocation) (X509_STORE_CTX *ctx); - /* retrieve CRL */ - int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); - /* Check CRL validity */ - int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); - /* Check certificate against CRL */ - int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); - /* Check policy status of the chain */ - int (*check_policy) (X509_STORE_CTX *ctx); - STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); - STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); - int (*cleanup) (X509_STORE_CTX *ctx); - /* The following is built up */ - /* if 0, rebuild chain */ - int valid; - /* number of untrusted certs */ - int num_untrusted; - /* chain of X509s - built up and trusted */ - STACK_OF(X509) *chain; - /* Valid policy tree */ - X509_POLICY_TREE *tree; - /* Require explicit policy value */ - int explicit_policy; - /* When something goes wrong, this is why */ - int error_depth; - int error; - X509 *current_cert; - /* cert currently being tested as valid issuer */ - X509 *current_issuer; - /* current CRL */ - X509_CRL *current_crl; - /* score of current CRL */ - int current_crl_score; - /* Reason mask */ - unsigned int current_reasons; - /* For CRL path validation: parent context */ - X509_STORE_CTX *parent; - CRYPTO_EX_DATA ex_data; - SSL_DANE *dane; - /* signed via bare TA public key, rather than CA certificate */ - int bare_ta_signed; -}; - -/* PKCS#8 private key info structure */ - -struct pkcs8_priv_key_info_st { - ASN1_INTEGER *version; - X509_ALGOR *pkeyalg; - ASN1_OCTET_STRING *pkey; - STACK_OF(X509_ATTRIBUTE) *attributes; -}; - -struct X509_sig_st { - X509_ALGOR *algor; - ASN1_OCTET_STRING *digest; -}; - -struct x509_object_st { - /* one of the above types */ - X509_LOOKUP_TYPE type; - union { - char *ptr; - X509 *x509; - X509_CRL *crl; - EVP_PKEY *pkey; - } data; -}; - -#endif diff --git a/src/openssl/internal/ossl_1_1_0/x509_lcl.h b/src/openssl/internal/ossl_1_1_0/x509_lcl.h deleted file mode 100644 index 86afca17..00000000 --- a/src/openssl/internal/ossl_1_1_0/x509_lcl.h +++ /dev/null @@ -1,133 +0,0 @@ - -#ifndef _LIBPKI_OSSL_1_1_0_X509_LCL_H -#define _LIBPKI_OSSL_1_1_0_X509_LCL_H - -/* - * This structure holds all parameters associated with a verify operation by - * including an X509_VERIFY_PARAM structure in related structures the - * parameters used can be customized - */ - -struct X509_VERIFY_PARAM_st { - char *name; - time_t check_time; // Time to use - uint32_t inh_flags; // Inheritance flags - unsigned long flags; // Various verify flags - int purpose; // purpose to check untrusted certificates - int trust; // trust setting to check - int depth; // Verify depth - int auth_level; // Security level for chain verification - STACK_OF(ASN1_OBJECT) *policies; // Permissible policies - // Peer identity details - STACK_OF(OPENSSL_STRING) *hosts; // Set of acceptable names - unsigned int hostflags; // Flags to control matching features - char *peername; // Matching hostname in peer certificate - char *email; // If not NULL email address to match - size_t emaillen; - unsigned char *ip; // If not NULL IP address to match - size_t iplen; // Length of IP address -}; - -/* No error callback if depth < 0 */ -int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth); - -/* a sequence of these are used */ -struct x509_attributes_st { - ASN1_OBJECT *object; - STACK_OF(ASN1_TYPE) *set; -}; - -struct X509_extension_st { - ASN1_OBJECT *object; - ASN1_BOOLEAN critical; - ASN1_OCTET_STRING value; -}; - -/* - * Method to handle CRL access. In general a CRL could be very large (several - * Mb) and can consume large amounts of resources if stored in memory by - * multiple processes. This method allows general CRL operations to be - * redirected to more efficient callbacks: for example a CRL entry database. - */ - -#define X509_CRL_METHOD_DYNAMIC 1 - -struct x509_crl_method_st { - int flags; - int (*crl_init) (X509_CRL *crl); - int (*crl_free) (X509_CRL *crl); - int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret, - ASN1_INTEGER *ser, X509_NAME *issuer); - int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk); -}; - -struct x509_lookup_method_st { - char *name; - int (*new_item) (X509_LOOKUP *ctx); - void (*free) (X509_LOOKUP *ctx); - int (*init) (X509_LOOKUP *ctx); - int (*shutdown) (X509_LOOKUP *ctx); - int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - char **ret); - int (*get_by_subject) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret); - int (*get_by_issuer_serial) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, ASN1_INTEGER *serial, - X509_OBJECT *ret); - int (*get_by_fingerprint) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const unsigned char *bytes, int len, - X509_OBJECT *ret); - int (*get_by_alias) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const char *str, int len, X509_OBJECT *ret); -}; - -/* This is the functions plus an instance of the local variables. */ -struct x509_lookup_st { - int init; /* have we been started */ - int skip; /* don't use us. */ - X509_LOOKUP_METHOD *method; /* the functions */ - void *method_data; /* method data */ - X509_STORE *store_ctx; /* who owns us */ -}; - -/* - * This is used to hold everything. It is used for all certificate - * validation. Once we have a certificate chain, the 'verify' function is - * then called to actually check the cert chain. - */ -struct x509_store_st { - /* The following is a cache of trusted certs */ - int cache; /* if true, stash any hits */ - STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ - /* These are external lookup methods */ - STACK_OF(X509_LOOKUP) *get_cert_methods; - X509_VERIFY_PARAM *param; - /* Callbacks for various operations */ - /* called to verify a certificate */ - int (*verify) (X509_STORE_CTX *ctx); - /* error callback */ - int (*verify_cb) (int ok, X509_STORE_CTX *ctx); - /* get issuers cert from ctx */ - int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); - /* check issued */ - int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); - /* Check revocation status of chain */ - int (*check_revocation) (X509_STORE_CTX *ctx); - /* retrieve CRL */ - int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); - /* Check CRL validity */ - int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); - /* Check certificate against CRL */ - int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); - /* Check policy status of the chain */ - int (*check_policy) (X509_STORE_CTX *ctx); - STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); - STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); - int (*cleanup) (X509_STORE_CTX *ctx); - CRYPTO_EX_DATA ex_data; - int references; - CRYPTO_RWLOCK *lock; -}; - -#endif - diff --git a/src/openssl/internal/ossl_1_1_1/cms_lcl.h b/src/openssl/internal/ossl_1_1_1/cms_lcl.h deleted file mode 100644 index b590dd44..00000000 --- a/src/openssl/internal/ossl_1_1_1/cms_lcl.h +++ /dev/null @@ -1,438 +0,0 @@ -/* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_CMS_LCL_H -# define HEADER_CMS_LCL_H - -# include -# include - -/* - * Cryptographic message syntax (CMS) structures: taken from RFC3852 - */ - -/* Forward references */ -typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber; -typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo; -typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier; -typedef struct CMS_SignedData_st CMS_SignedData; -typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat; -typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo; -typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo; -typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; -typedef struct CMS_DigestedData_st CMS_DigestedData; -typedef struct CMS_EncryptedData_st CMS_EncryptedData; -typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData; -typedef struct CMS_CompressedData_st CMS_CompressedData; -typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat; -typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo; -typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey; -typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey; -typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo; -typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier; -typedef struct CMS_KeyAgreeRecipientIdentifier_st - CMS_KeyAgreeRecipientIdentifier; -typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier; -typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo; -typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo; -typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo; -typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom; - -struct CMS_ContentInfo_st { - ASN1_OBJECT *contentType; - union { - ASN1_OCTET_STRING *data; - CMS_SignedData *signedData; - CMS_EnvelopedData *envelopedData; - CMS_DigestedData *digestedData; - CMS_EncryptedData *encryptedData; - CMS_AuthenticatedData *authenticatedData; - CMS_CompressedData *compressedData; - ASN1_TYPE *other; - /* Other types ... */ - void *otherData; - } d; -}; - -// DEFINE_STACK_OF(CMS_CertificateChoices) - -struct CMS_SignedData_st { - int32_t version; - STACK_OF(X509_ALGOR) *digestAlgorithms; - CMS_EncapsulatedContentInfo *encapContentInfo; - STACK_OF(CMS_CertificateChoices) *certificates; - STACK_OF(CMS_RevocationInfoChoice) *crls; - STACK_OF(CMS_SignerInfo) *signerInfos; -}; - -struct CMS_EncapsulatedContentInfo_st { - ASN1_OBJECT *eContentType; - ASN1_OCTET_STRING *eContent; - /* Set to 1 if incomplete structure only part set up */ - int partial; -}; - -struct CMS_SignerInfo_st { - int32_t version; - CMS_SignerIdentifier *sid; - X509_ALGOR *digestAlgorithm; - STACK_OF(X509_ATTRIBUTE) *signedAttrs; - X509_ALGOR *signatureAlgorithm; - ASN1_OCTET_STRING *signature; - STACK_OF(X509_ATTRIBUTE) *unsignedAttrs; - /* Signing certificate and key */ - X509 *signer; - EVP_PKEY *pkey; - /* Digest and public key context for alternative parameters */ - EVP_MD_CTX *mctx; - EVP_PKEY_CTX *pctx; -}; - -struct CMS_SignerIdentifier_st { - int type; - union { - CMS_IssuerAndSerialNumber *issuerAndSerialNumber; - ASN1_OCTET_STRING *subjectKeyIdentifier; - } d; -}; - -struct CMS_EnvelopedData_st { - int32_t version; - CMS_OriginatorInfo *originatorInfo; - STACK_OF(CMS_RecipientInfo) *recipientInfos; - CMS_EncryptedContentInfo *encryptedContentInfo; - STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; -}; - -struct CMS_OriginatorInfo_st { - STACK_OF(CMS_CertificateChoices) *certificates; - STACK_OF(CMS_RevocationInfoChoice) *crls; -}; - -struct CMS_EncryptedContentInfo_st { - ASN1_OBJECT *contentType; - X509_ALGOR *contentEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedContent; - /* Content encryption algorithm and key */ - const EVP_CIPHER *cipher; - unsigned char *key; - size_t keylen; - /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ - int debug; -}; - -struct CMS_RecipientInfo_st { - int type; - union { - CMS_KeyTransRecipientInfo *ktri; - CMS_KeyAgreeRecipientInfo *kari; - CMS_KEKRecipientInfo *kekri; - CMS_PasswordRecipientInfo *pwri; - CMS_OtherRecipientInfo *ori; - } d; -}; - -typedef CMS_SignerIdentifier CMS_RecipientIdentifier; - -struct CMS_KeyTransRecipientInfo_st { - int32_t version; - CMS_RecipientIdentifier *rid; - X509_ALGOR *keyEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedKey; - /* Recipient Key and cert */ - X509 *recip; - EVP_PKEY *pkey; - /* Public key context for this operation */ - EVP_PKEY_CTX *pctx; -}; - -struct CMS_KeyAgreeRecipientInfo_st { - int32_t version; - CMS_OriginatorIdentifierOrKey *originator; - ASN1_OCTET_STRING *ukm; - X509_ALGOR *keyEncryptionAlgorithm; - STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys; - /* Public key context associated with current operation */ - EVP_PKEY_CTX *pctx; - /* Cipher context for CEK wrapping */ - EVP_CIPHER_CTX *ctx; -}; - -struct CMS_OriginatorIdentifierOrKey_st { - int type; - union { - CMS_IssuerAndSerialNumber *issuerAndSerialNumber; - ASN1_OCTET_STRING *subjectKeyIdentifier; - CMS_OriginatorPublicKey *originatorKey; - } d; -}; - -struct CMS_OriginatorPublicKey_st { - X509_ALGOR *algorithm; - ASN1_BIT_STRING *publicKey; -}; - -struct CMS_RecipientEncryptedKey_st { - CMS_KeyAgreeRecipientIdentifier *rid; - ASN1_OCTET_STRING *encryptedKey; - /* Public key associated with this recipient */ - EVP_PKEY *pkey; -}; - -struct CMS_KeyAgreeRecipientIdentifier_st { - int type; - union { - CMS_IssuerAndSerialNumber *issuerAndSerialNumber; - CMS_RecipientKeyIdentifier *rKeyId; - } d; -}; - -struct CMS_OtherCertificateFormat_st { - ASN1_OBJECT *otherCertFormat; - ASN1_TYPE *otherCert; -}; - -/* - * This is also defined in pkcs7.h but we duplicate it to allow the CMS code - * to be independent of PKCS#7 - */ - -struct CMS_IssuerAndSerialNumber_st { - X509_NAME *issuer; - ASN1_INTEGER *serialNumber; -}; - -struct CMS_OtherKeyAttribute_st { - ASN1_OBJECT *keyAttrId; - ASN1_TYPE *keyAttr; -}; - -struct CMS_RecipientKeyIdentifier_st { - ASN1_OCTET_STRING *subjectKeyIdentifier; - ASN1_GENERALIZEDTIME *date; - struct CMS_OtherKeyAttribute *other; -}; - -struct CMS_KEKRecipientInfo_st { - int32_t version; - CMS_KEKIdentifier *kekid; - X509_ALGOR *keyEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedKey; - /* Extra info: symmetric key to use */ - unsigned char *key; - size_t keylen; -}; - -struct CMS_KEKIdentifier_st { - ASN1_OCTET_STRING *keyIdentifier; - ASN1_GENERALIZEDTIME *date; - struct CMS_OtherKeyAttribute *other; -}; - -struct CMS_PasswordRecipientInfo_st { - int32_t version; - X509_ALGOR *keyDerivationAlgorithm; - X509_ALGOR *keyEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedKey; - /* Extra info: password to use */ - unsigned char *pass; - size_t passlen; -}; - -struct CMS_OtherRecipientInfo_st { - ASN1_OBJECT *oriType; - ASN1_TYPE *oriValue; -}; - -struct CMS_DigestedData_st { - int32_t version; - X509_ALGOR *digestAlgorithm; - CMS_EncapsulatedContentInfo *encapContentInfo; - ASN1_OCTET_STRING *digest; -}; - -struct CMS_EncryptedData_st { - int32_t version; - CMS_EncryptedContentInfo *encryptedContentInfo; - STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; -}; - -struct CMS_AuthenticatedData_st { - int32_t version; - CMS_OriginatorInfo *originatorInfo; - STACK_OF(CMS_RecipientInfo) *recipientInfos; - X509_ALGOR *macAlgorithm; - X509_ALGOR *digestAlgorithm; - CMS_EncapsulatedContentInfo *encapContentInfo; - STACK_OF(X509_ATTRIBUTE) *authAttrs; - ASN1_OCTET_STRING *mac; - STACK_OF(X509_ATTRIBUTE) *unauthAttrs; -}; - -struct CMS_CompressedData_st { - int32_t version; - X509_ALGOR *compressionAlgorithm; - STACK_OF(CMS_RecipientInfo) *recipientInfos; - CMS_EncapsulatedContentInfo *encapContentInfo; -}; - -struct CMS_RevocationInfoChoice_st { - int type; - union { - X509_CRL *crl; - CMS_OtherRevocationInfoFormat *other; - } d; -}; - -# define CMS_REVCHOICE_CRL 0 -# define CMS_REVCHOICE_OTHER 1 - -struct CMS_OtherRevocationInfoFormat_st { - ASN1_OBJECT *otherRevInfoFormat; - ASN1_TYPE *otherRevInfo; -}; - -struct CMS_CertificateChoices { - int type; - union { - X509 *certificate; - ASN1_STRING *extendedCertificate; /* Obsolete */ - ASN1_STRING *v1AttrCert; /* Left encoded for now */ - ASN1_STRING *v2AttrCert; /* Left encoded for now */ - CMS_OtherCertificateFormat *other; - } d; -}; - -# define CMS_CERTCHOICE_CERT 0 -# define CMS_CERTCHOICE_EXCERT 1 -# define CMS_CERTCHOICE_V1ACERT 2 -# define CMS_CERTCHOICE_V2ACERT 3 -# define CMS_CERTCHOICE_OTHER 4 - -/* ESS structures */ - -# ifndef HEADER_X509V3_H - -struct CMS_ReceiptRequest_st { - ASN1_OCTET_STRING *signedContentIdentifier; - CMS_ReceiptsFrom *receiptsFrom; - STACK_OF(GENERAL_NAMES) *receiptsTo; -}; - -struct CMS_ReceiptsFrom_st { - int type; - union { - int32_t allOrFirstTier; - STACK_OF(GENERAL_NAMES) *receiptList; - } d; -}; -# endif - -struct CMS_Receipt_st { - int32_t version; - ASN1_OBJECT *contentType; - ASN1_OCTET_STRING *signedContentIdentifier; - ASN1_OCTET_STRING *originatorSignatureValue; -}; - -// DECLARE_ASN1_FUNCTIONS(struct CMS_ContentInfo) - -DECLARE_ASN1_ITEM(CMS_SignerInfo) -DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) -DECLARE_ASN1_ITEM(CMS_Attributes_Sign) -DECLARE_ASN1_ITEM(CMS_Attributes_Verify) -DECLARE_ASN1_ITEM(CMS_RecipientInfo) -DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo) -DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber) - -# define CMS_SIGNERINFO_ISSUER_SERIAL 0 -# define CMS_SIGNERINFO_KEYIDENTIFIER 1 - -# define CMS_RECIPINFO_ISSUER_SERIAL 0 -# define CMS_RECIPINFO_KEYIDENTIFIER 1 - -# define CMS_REK_ISSUER_SERIAL 0 -# define CMS_REK_KEYIDENTIFIER 1 - -# define CMS_OIK_ISSUER_SERIAL 0 -# define CMS_OIK_KEYIDENTIFIER 1 -# define CMS_OIK_PUBKEY 2 - -BIO *cms_content_bio(CMS_ContentInfo *cms); - -CMS_ContentInfo *cms_Data_create(void); - -CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md); -BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms); -int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify); - -BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms); -int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); -int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, - int type); -int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno); -int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); - -CMS_ContentInfo *cms_CompressedData_create(int comp_nid); -BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms); - -BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm); -int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, - X509_ALGOR *mdalg); - -int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert); -int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert); -int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert); -int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert); - -BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec); -BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms); -int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, - const EVP_CIPHER *cipher, - const unsigned char *key, size_t keylen); - -int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms); -int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src); -ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si); - -BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms); -CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms); -int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd); -int cms_pkey_get_ri_type(EVP_PKEY *pk); -/* KARI routines */ -int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, - EVP_PKEY *pk, unsigned int flags); -int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms, - CMS_RecipientInfo *ri); - -/* PWRI routines */ -int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, - int en_de); - -DECLARE_ASN1_ITEM(CMS_CertificateChoices) -DECLARE_ASN1_ITEM(CMS_DigestedData) -DECLARE_ASN1_ITEM(CMS_EncryptedData) -DECLARE_ASN1_ITEM(CMS_EnvelopedData) -DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo) -DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo) -DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo) -DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey) -DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute) -DECLARE_ASN1_ITEM(CMS_Receipt) -DECLARE_ASN1_ITEM(CMS_ReceiptRequest) -DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey) -DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier) -DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice) -DECLARE_ASN1_ITEM(CMS_SignedData) -DECLARE_ASN1_ITEM(CMS_CompressedData) - -#endif diff --git a/src/openssl/internal/ossl_1_1_1/ocsp_lcl.h b/src/openssl/internal/ossl_1_1_1/ocsp_lcl.h deleted file mode 100644 index e7f61459..00000000 --- a/src/openssl/internal/ossl_1_1_1/ocsp_lcl.h +++ /dev/null @@ -1,217 +0,0 @@ - -#ifndef HEADER_OCSP_H -#include -#endif - -#ifndef _LIBPKI_OSSL_1_1_1_OCSP_LCL_H -#define _LIBPKI_OSSL_1_1_1_OCSP_LCL_H - -/*- CertID ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier, - * issuerNameHash OCTET STRING, -- Hash of Issuer's DN - * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) - * serialNumber CertificateSerialNumber } - */ -struct ocsp_cert_id_st { - X509_ALGOR hashAlgorithm; - ASN1_OCTET_STRING issuerNameHash; - ASN1_OCTET_STRING issuerKeyHash; - ASN1_INTEGER serialNumber; -}; - -/*- Request ::= SEQUENCE { - * reqCert CertID, - * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } - */ -struct ocsp_one_request_st { - OCSP_CERTID *reqCert; - STACK_OF(X509_EXTENSION) *singleRequestExtensions; -}; - -/*- TBSRequest ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * requestorName [1] EXPLICIT GeneralName OPTIONAL, - * requestList SEQUENCE OF Request, - * requestExtensions [2] EXPLICIT Extensions OPTIONAL } - */ -struct ocsp_req_info_st { - ASN1_INTEGER *version; - GENERAL_NAME *requestorName; - STACK_OF(OCSP_ONEREQ) *requestList; - STACK_OF(X509_EXTENSION) *requestExtensions; -}; - -/*- Signature ::= SEQUENCE { - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - */ -struct ocsp_signature_st { - X509_ALGOR signatureAlgorithm; - ASN1_BIT_STRING *signature; - STACK_OF(X509) *certs; -}; - -/*- OCSPRequest ::= SEQUENCE { - * tbsRequest TBSRequest, - * optionalSignature [0] EXPLICIT Signature OPTIONAL } - */ -struct ocsp_request_st { - OCSP_REQINFO tbsRequest; - OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ -}; - -/*- OCSPResponseStatus ::= ENUMERATED { - * successful (0), --Response has valid confirmations - * malformedRequest (1), --Illegal confirmation request - * internalError (2), --Internal error in issuer - * tryLater (3), --Try again later - * --(4) is not used - * sigRequired (5), --Must sign the request - * unauthorized (6) --Request unauthorized - * } - */ - -/*- ResponseBytes ::= SEQUENCE { - * responseType OBJECT IDENTIFIER, - * response OCTET STRING } - */ -struct ocsp_resp_bytes_st { - ASN1_OBJECT *responseType; - ASN1_OCTET_STRING *response; -}; - -/*- OCSPResponse ::= SEQUENCE { - * responseStatus OCSPResponseStatus, - * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } - */ -struct ocsp_response_st { - ASN1_ENUMERATED *responseStatus; - OCSP_RESPBYTES *responseBytes; -}; - -/*- ResponderID ::= CHOICE { - * byName [1] Name, - * byKey [2] KeyHash } - */ -struct ocsp_responder_id_st { - int type; - union { - X509_NAME *byName; - ASN1_OCTET_STRING *byKey; - } value; -}; - -/*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key - * --(excluding the tag and length fields) - */ - -/*- RevokedInfo ::= SEQUENCE { - * revocationTime GeneralizedTime, - * revocationReason [0] EXPLICIT CRLReason OPTIONAL } - */ -struct ocsp_revoked_info_st { - ASN1_GENERALIZEDTIME *revocationTime; - ASN1_ENUMERATED *revocationReason; -}; - -/*- CertStatus ::= CHOICE { - * good [0] IMPLICIT NULL, - * revoked [1] IMPLICIT RevokedInfo, - * unknown [2] IMPLICIT UnknownInfo } - */ -struct ocsp_cert_status_st { - int type; - union { - ASN1_NULL *good; - OCSP_REVOKEDINFO *revoked; - ASN1_NULL *unknown; - } value; -}; - -/*- SingleResponse ::= SEQUENCE { - * certID CertID, - * certStatus CertStatus, - * thisUpdate GeneralizedTime, - * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, - * singleExtensions [1] EXPLICIT Extensions OPTIONAL } - */ -struct ocsp_single_response_st { - OCSP_CERTID *certId; - OCSP_CERTSTATUS *certStatus; - ASN1_GENERALIZEDTIME *thisUpdate; - ASN1_GENERALIZEDTIME *nextUpdate; - STACK_OF(X509_EXTENSION) *singleExtensions; -}; - -/*- ResponseData ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * responderID ResponderID, - * producedAt GeneralizedTime, - * responses SEQUENCE OF SingleResponse, - * responseExtensions [1] EXPLICIT Extensions OPTIONAL } - */ -struct ocsp_response_data_st { - ASN1_INTEGER *version; - OCSP_RESPID responderId; - ASN1_GENERALIZEDTIME *producedAt; - STACK_OF(OCSP_SINGLERESP) *responses; - STACK_OF(X509_EXTENSION) *responseExtensions; -}; - -/*- BasicOCSPResponse ::= SEQUENCE { - * tbsResponseData ResponseData, - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - */ - /* - * Note 1: The value for "signature" is specified in the OCSP rfc2560 as - * follows: "The value for the signature SHALL be computed on the hash of - * the DER encoding ResponseData." This means that you must hash the - * DER-encoded tbsResponseData, and then run it through a crypto-signing - * function, which will (at least w/RSA) do a hash-'n'-private-encrypt - * operation. This seems a bit odd, but that's the spec. Also note that - * the data structures do not leave anywhere to independently specify the - * algorithm used for the initial hash. So, we look at the - * signature-specification algorithm, and try to do something intelligent. - * -- Kathy Weinhold, CertCo - */ - /* - * Note 2: It seems that the mentioned passage from RFC 2560 (section - * 4.2.1) is open for interpretation. I've done tests against another - * responder, and found that it doesn't do the double hashing that the RFC - * seems to say one should. Therefore, all relevant functions take a flag - * saying which variant should be used. -- Richard Levitte, OpenSSL team - * and CeloCom - */ -struct ocsp_basic_response_st { - OCSP_RESPDATA tbsResponseData; - X509_ALGOR signatureAlgorithm; - ASN1_BIT_STRING *signature; - STACK_OF(X509) *certs; -}; - -/*- - * CrlID ::= SEQUENCE { - * crlUrl [0] EXPLICIT IA5String OPTIONAL, - * crlNum [1] EXPLICIT INTEGER OPTIONAL, - * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } - */ -struct ocsp_crl_id_st { - ASN1_IA5STRING *crlUrl; - ASN1_INTEGER *crlNum; - ASN1_GENERALIZEDTIME *crlTime; -}; - -/*- - * ServiceLocator ::= SEQUENCE { - * issuer Name, - * locator AuthorityInfoAccessSyntax OPTIONAL } - */ -struct ocsp_service_locator_st { - X509_NAME *issuer; - STACK_OF(ACCESS_DESCRIPTION) *locator; -}; - -#endif diff --git a/src/openssl/internal/ossl_1_1_1/refcount.h b/src/openssl/internal/ossl_1_1_1/refcount.h deleted file mode 100644 index 75d70a64..00000000 --- a/src/openssl/internal/ossl_1_1_1/refcount.h +++ /dev/null @@ -1,140 +0,0 @@ -/* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ -#ifndef HEADER_INTERNAL_REFCOUNT_H -# define HEADER_INTERNAL_REFCOUNT_H - -/* Used to checking reference counts, most while doing perl5 stuff :-) */ -# if defined(OPENSSL_NO_STDIO) -# if defined(REF_PRINT) -# error "REF_PRINT requires stdio" -# endif -# endif - -# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \ - && !defined(__STDC_NO_ATOMICS__) -# include -# define HAVE_C11_ATOMICS -# endif - -# if defined(HAVE_C11_ATOMICS) && defined(ATOMIC_INT_LOCK_FREE) \ - && ATOMIC_INT_LOCK_FREE > 0 - -# define HAVE_ATOMICS 1 - -typedef _Atomic int CRYPTO_REF_COUNT; - -static inline int CRYPTO_UP_REF(_Atomic int *val, int *ret, void *lock) -{ - *ret = atomic_fetch_add_explicit(val, 1, memory_order_relaxed) + 1; - return 1; -} - -/* - * Changes to shared structure other than reference counter have to be - * serialized. And any kind of serialization implies a release fence. This - * means that by the time reference counter is decremented all other - * changes are visible on all processors. Hence decrement itself can be - * relaxed. In case it hits zero, object will be destructed. Since it's - * last use of the object, destructor programmer might reason that access - * to mutable members doesn't have to be serialized anymore, which would - * otherwise imply an acquire fence. Hence conditional acquire fence... - */ -static inline int CRYPTO_DOWN_REF(_Atomic int *val, int *ret, void *lock) -{ - *ret = atomic_fetch_sub_explicit(val, 1, memory_order_relaxed) - 1; - if (*ret == 0) - atomic_thread_fence(memory_order_acquire); - return 1; -} - -# elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) && __GCC_ATOMIC_INT_LOCK_FREE > 0 - -# define HAVE_ATOMICS 1 - -typedef int CRYPTO_REF_COUNT; - -static __inline__ int CRYPTO_UP_REF(int *val, int *ret, void *lock) -{ - *ret = __atomic_fetch_add(val, 1, __ATOMIC_RELAXED) + 1; - return 1; -} - -static __inline__ int CRYPTO_DOWN_REF(int *val, int *ret, void *lock) -{ - *ret = __atomic_fetch_sub(val, 1, __ATOMIC_RELAXED) - 1; - if (*ret == 0) - __atomic_thread_fence(__ATOMIC_ACQUIRE); - return 1; -} - -# elif defined(_MSC_VER) && _MSC_VER>=1200 - -# define HAVE_ATOMICS 1 - -typedef volatile int CRYPTO_REF_COUNT; - -# if (defined(_M_ARM) && _M_ARM>=7) || defined(_M_ARM64) -# include -# if defined(_M_ARM64) && !defined(_ARM_BARRIER_ISH) -# define _ARM_BARRIER_ISH _ARM64_BARRIER_ISH -# endif - -static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock) -{ - *ret = _InterlockedExchangeAdd_nf(val, 1) + 1; - return 1; -} - -static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock) -{ - *ret = _InterlockedExchangeAdd_nf(val, -1) - 1; - if (*ret == 0) - __dmb(_ARM_BARRIER_ISH); - return 1; -} -# else -# pragma intrinsic(_InterlockedExchangeAdd) - -static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock) -{ - *ret = _InterlockedExchangeAdd(val, 1) + 1; - return 1; -} - -static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock) -{ - *ret = _InterlockedExchangeAdd(val, -1) - 1; - return 1; -} -# endif - -# else - -typedef int CRYPTO_REF_COUNT; - -# define CRYPTO_UP_REF(val, ret, lock) CRYPTO_atomic_add(val, 1, ret, lock) -# define CRYPTO_DOWN_REF(val, ret, lock) CRYPTO_atomic_add(val, -1, ret, lock) - -# endif - -# if !defined(NDEBUG) && !defined(OPENSSL_NO_STDIO) -# define REF_ASSERT_ISNT(test) \ - (void)((test) ? (OPENSSL_die("refcount error", __FILE__, __LINE__), 1) : 0) -# else -# define REF_ASSERT_ISNT(i) -# endif - -# ifdef REF_PRINT -# define REF_PRINT_COUNT(a, b) \ - fprintf(stderr, "%p:%4d:%s\n", b, b->references, a) -# else -# define REF_PRINT_COUNT(a, b) -# endif - -#endif diff --git a/src/openssl/internal/ossl_1_1_1/x509_int.h b/src/openssl/internal/ossl_1_1_1/x509_int.h deleted file mode 100644 index fd59b8a5..00000000 --- a/src/openssl/internal/ossl_1_1_1/x509_int.h +++ /dev/null @@ -1,276 +0,0 @@ -#ifndef _LIBPKI_OSSL_1_1_1_X509_INT_H -#define _LIBPKI_OSSL_1_1_1_X509_INT_H - -/* Internal X509 structures and functions: not for application use */ - -/* Note: unless otherwise stated a field pointer is mandatory and should - * never be set to NULL: the ASN.1 code and accessors rely on mandatory - * fields never being NULL. - */ - -/* - * name entry structure, equivalent to AttributeTypeAndValue defined - * in RFC5280 et al. - */ -struct X509_name_entry_st { - ASN1_OBJECT *object; /* AttributeType */ - ASN1_STRING *value; /* AttributeValue */ - int set; /* index of RDNSequence for this entry */ - int size; /* temp variable */ -}; - -/* Name from RFC 5280. */ -struct X509_name_st { - STACK_OF(X509_NAME_ENTRY) *entries; /* DN components */ - int modified; /* true if 'bytes' needs to be built */ - BUF_MEM *bytes; /* cached encoding: cannot be NULL */ - /* canonical encoding used for rapid Name comparison */ - unsigned char *canon_enc; - int canon_enclen; -} /* X509_NAME */ ; - -/* Signature info structure */ - -struct x509_sig_info_st { - /* NID of message digest */ - int mdnid; - /* NID of public key algorithm */ - int pknid; - /* Security bits */ - int secbits; - /* Various flags */ - uint32_t flags; -}; - -/* PKCS#10 certificate request */ - -struct X509_req_info_st { - ASN1_ENCODING enc; /* cached encoding of signed part */ - ASN1_INTEGER *version; /* version, defaults to v1(0) so can be NULL */ - X509_NAME *subject; /* certificate request DN */ - X509_PUBKEY *pubkey; /* public key of request */ - /* - * Zero or more attributes. - * NB: although attributes is a mandatory field some broken - * encodings omit it so this may be NULL in that case. - */ - STACK_OF(X509_ATTRIBUTE) *attributes; -}; - -struct X509_req_st { - X509_REQ_INFO req_info; /* signed certificate request data */ - X509_ALGOR sig_alg; /* signature algorithm */ - ASN1_BIT_STRING *signature; /* signature */ - CRYPTO_REF_COUNT references; - CRYPTO_RWLOCK *lock; -}; - -struct X509_crl_info_st { - ASN1_INTEGER *version; /* version: defaults to v1(0) so may be NULL */ - X509_ALGOR sig_alg; /* signature algorithm */ - X509_NAME *issuer; /* CRL issuer name */ - ASN1_TIME *lastUpdate; /* lastUpdate field */ - ASN1_TIME *nextUpdate; /* nextUpdate field: optional */ - STACK_OF(X509_REVOKED) *revoked; /* revoked entries: optional */ - STACK_OF(X509_EXTENSION) *extensions; /* extensions: optional */ - ASN1_ENCODING enc; /* encoding of signed portion of CRL */ -}; - -struct X509_crl_st { - X509_CRL_INFO crl; /* signed CRL data */ - X509_ALGOR sig_alg; /* CRL signature algorithm */ - ASN1_BIT_STRING signature; /* CRL signature */ - CRYPTO_REF_COUNT references; - int flags; - /* - * Cached copies of decoded extension values, since extensions - * are optional any of these can be NULL. - */ - AUTHORITY_KEYID *akid; - ISSUING_DIST_POINT *idp; - /* Convenient breakdown of IDP */ - int idp_flags; - int idp_reasons; - /* CRL and base CRL numbers for delta processing */ - ASN1_INTEGER *crl_number; - ASN1_INTEGER *base_crl_number; - STACK_OF(GENERAL_NAMES) *issuers; - /* hash of CRL */ - unsigned char sha1_hash[SHA_DIGEST_LENGTH]; - /* alternative method to handle this CRL */ - const X509_CRL_METHOD *meth; - void *meth_data; - CRYPTO_RWLOCK *lock; -}; - -struct x509_revoked_st { - ASN1_INTEGER serialNumber; /* revoked entry serial number */ - ASN1_TIME *revocationDate; /* revocation date */ - STACK_OF(X509_EXTENSION) *extensions; /* CRL entry extensions: optional */ - /* decoded value of CRLissuer extension: set if indirect CRL */ - STACK_OF(GENERAL_NAME) *issuer; - /* revocation reason: set to CRL_REASON_NONE if reason extension absent */ - int reason; - /* - * CRL entries are reordered for faster lookup of serial numbers. This - * field contains the original load sequence for this entry. - */ - int sequence; -}; - -/* - * This stuff is certificate "auxiliary info": it contains details which are - * useful in certificate stores and databases. When used this is tagged onto - * the end of the certificate itself. OpenSSL specific structure not defined - * in any RFC. - */ - -struct x509_cert_aux_st { - STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ - STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ - ASN1_UTF8STRING *alias; /* "friendly name" */ - ASN1_OCTET_STRING *keyid; /* key id of private key */ - STACK_OF(X509_ALGOR) *other; /* other unspecified info */ -}; - -struct x509_cinf_st { - ASN1_INTEGER *version; /* [ 0 ] default of v1 */ - ASN1_INTEGER serialNumber; - X509_ALGOR signature; - X509_NAME *issuer; - X509_VAL validity; - X509_NAME *subject; - X509_PUBKEY *key; - ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ - ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ - STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ - ASN1_ENCODING enc; -}; - -struct x509_st { - X509_CINF cert_info; - X509_ALGOR sig_alg; - ASN1_BIT_STRING signature; - X509_SIG_INFO siginf; - CRYPTO_REF_COUNT references; - CRYPTO_EX_DATA ex_data; - /* These contain copies of various extension values */ - long ex_pathlen; - long ex_pcpathlen; - uint32_t ex_flags; - uint32_t ex_kusage; - uint32_t ex_xkusage; - uint32_t ex_nscert; - ASN1_OCTET_STRING *skid; - AUTHORITY_KEYID *akid; - X509_POLICY_CACHE *policy_cache; - STACK_OF(DIST_POINT) *crldp; - STACK_OF(GENERAL_NAME) *altname; - NAME_CONSTRAINTS *nc; -#ifndef OPENSSL_NO_RFC3779 - STACK_OF(IPAddressFamily) *rfc3779_addr; - struct ASIdentifiers_st *rfc3779_asid; -# endif - unsigned char sha1_hash[SHA_DIGEST_LENGTH]; - X509_CERT_AUX *aux; - CRYPTO_RWLOCK *lock; - volatile int ex_cached; -} /* X509 */ ; - -/* - * This is a used when verifying cert chains. Since the gathering of the - * cert chain can take some time (and have to be 'retried', this needs to be - * kept and passed around. - */ -struct x509_store_ctx_st { /* X509_STORE_CTX */ - X509_STORE *ctx; - /* The following are set by the caller */ - /* The cert to check */ - X509 *cert; - /* chain of X509s - untrusted - passed in */ - STACK_OF(X509) *untrusted; - /* set of CRLs passed in */ - STACK_OF(X509_CRL) *crls; - X509_VERIFY_PARAM *param; - /* Other info for use with get_issuer() */ - void *other_ctx; - /* Callbacks for various operations */ - /* called to verify a certificate */ - int (*verify) (X509_STORE_CTX *ctx); - /* error callback */ - int (*verify_cb) (int ok, X509_STORE_CTX *ctx); - /* get issuers cert from ctx */ - int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); - /* check issued */ - int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); - /* Check revocation status of chain */ - int (*check_revocation) (X509_STORE_CTX *ctx); - /* retrieve CRL */ - int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); - /* Check CRL validity */ - int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); - /* Check certificate against CRL */ - int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); - /* Check policy status of the chain */ - int (*check_policy) (X509_STORE_CTX *ctx); - STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); - STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); - int (*cleanup) (X509_STORE_CTX *ctx); - /* The following is built up */ - /* if 0, rebuild chain */ - int valid; - /* number of untrusted certs */ - int num_untrusted; - /* chain of X509s - built up and trusted */ - STACK_OF(X509) *chain; - /* Valid policy tree */ - X509_POLICY_TREE *tree; - /* Require explicit policy value */ - int explicit_policy; - /* When something goes wrong, this is why */ - int error_depth; - int error; - X509 *current_cert; - /* cert currently being tested as valid issuer */ - X509 *current_issuer; - /* current CRL */ - X509_CRL *current_crl; - /* score of current CRL */ - int current_crl_score; - /* Reason mask */ - unsigned int current_reasons; - /* For CRL path validation: parent context */ - X509_STORE_CTX *parent; - CRYPTO_EX_DATA ex_data; - SSL_DANE *dane; - /* signed via bare TA public key, rather than CA certificate */ - int bare_ta_signed; -}; - -/* PKCS#8 private key info structure */ - -struct pkcs8_priv_key_info_st { - ASN1_INTEGER *version; - X509_ALGOR *pkeyalg; - ASN1_OCTET_STRING *pkey; - STACK_OF(X509_ATTRIBUTE) *attributes; -}; - -struct X509_sig_st { - X509_ALGOR *algor; - ASN1_OCTET_STRING *digest; -}; - -struct x509_object_st { - /* one of the above types */ - X509_LOOKUP_TYPE type; - union { - char *ptr; - X509 *x509; - X509_CRL *crl; - EVP_PKEY *pkey; - } data; -}; - -#endif - diff --git a/src/openssl/internal/ossl_1_1_1/x509_lcl.h b/src/openssl/internal/ossl_1_1_1/x509_lcl.h deleted file mode 100644 index 483367e9..00000000 --- a/src/openssl/internal/ossl_1_1_1/x509_lcl.h +++ /dev/null @@ -1,135 +0,0 @@ - -#ifndef HEADER_INTERNAL_REFCOUNT_H -#include "refcount.h" -#endif - -#ifndef _LIBPKI_OSSL_1_1_1_X509_LCL_H -#define _LIBPKI_OSSL_1_1_1_X509_LCL_H - -/* - * This structure holds all parameters associated with a verify operation by - * including an X509_VERIFY_PARAM structure in related structures the - * parameters used can be customized - */ -struct X509_VERIFY_PARAM_st { - char *name; - time_t check_time; /* Time to use */ - uint32_t inh_flags; /* Inheritance flags */ - unsigned long flags; /* Various verify flags */ - int purpose; /* purpose to check untrusted certificates */ - int trust; /* trust setting to check */ - int depth; /* Verify depth */ - int auth_level; /* Security level for chain verification */ - STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ - /* Peer identity details */ - STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */ - unsigned int hostflags; /* Flags to control matching features */ - char *peername; /* Matching hostname in peer certificate */ - char *email; /* If not NULL email address to match */ - size_t emaillen; - unsigned char *ip; /* If not NULL IP address to match */ - size_t iplen; /* Length of IP address */ -}; - -/* No error callback if depth < 0 */ -int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth); - -/* a sequence of these are used */ -struct x509_attributes_st { - ASN1_OBJECT *object; - STACK_OF(ASN1_TYPE) *set; -}; - -struct X509_extension_st { - ASN1_OBJECT *object; - ASN1_BOOLEAN critical; - ASN1_OCTET_STRING value; -}; - -/* - * Method to handle CRL access. In general a CRL could be very large (several - * Mb) and can consume large amounts of resources if stored in memory by - * multiple processes. This method allows general CRL operations to be - * redirected to more efficient callbacks: for example a CRL entry database. - */ - -#define X509_CRL_METHOD_DYNAMIC 1 - -struct x509_crl_method_st { - int flags; - int (*crl_init) (X509_CRL *crl); - int (*crl_free) (X509_CRL *crl); - int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret, - ASN1_INTEGER *ser, X509_NAME *issuer); - int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk); -}; - -struct x509_lookup_method_st { - char *name; - int (*new_item) (X509_LOOKUP *ctx); - void (*free) (X509_LOOKUP *ctx); - int (*init) (X509_LOOKUP *ctx); - int (*shutdown) (X509_LOOKUP *ctx); - int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - char **ret); - int (*get_by_subject) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret); - int (*get_by_issuer_serial) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, ASN1_INTEGER *serial, - X509_OBJECT *ret); - int (*get_by_fingerprint) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const unsigned char *bytes, int len, - X509_OBJECT *ret); - int (*get_by_alias) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const char *str, int len, X509_OBJECT *ret); -}; - -/* This is the functions plus an instance of the local variables. */ -struct x509_lookup_st { - int init; /* have we been started */ - int skip; /* don't use us. */ - X509_LOOKUP_METHOD *method; /* the functions */ - void *method_data; /* method data */ - X509_STORE *store_ctx; /* who owns us */ -}; - -/* - * This is used to hold everything. It is used for all certificate - * validation. Once we have a certificate chain, the 'verify' function is - * then called to actually check the cert chain. - */ -struct x509_store_st { - /* The following is a cache of trusted certs */ - int cache; /* if true, stash any hits */ - STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ - /* These are external lookup methods */ - STACK_OF(X509_LOOKUP) *get_cert_methods; - X509_VERIFY_PARAM *param; - /* Callbacks for various operations */ - /* called to verify a certificate */ - int (*verify) (X509_STORE_CTX *ctx); - /* error callback */ - int (*verify_cb) (int ok, X509_STORE_CTX *ctx); - /* get issuers cert from ctx */ - int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); - /* check issued */ - int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); - /* Check revocation status of chain */ - int (*check_revocation) (X509_STORE_CTX *ctx); - /* retrieve CRL */ - int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); - /* Check CRL validity */ - int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); - /* Check certificate against CRL */ - int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); - /* Check policy status of the chain */ - int (*check_policy) (X509_STORE_CTX *ctx); - STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); - STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); - int (*cleanup) (X509_STORE_CTX *ctx); - CRYPTO_EX_DATA ex_data; - CRYPTO_REF_COUNT references; - CRYPTO_RWLOCK *lock; -}; - -#endif diff --git a/src/openssl/internal/ossl_lcl.h b/src/openssl/internal/ossl_lcl.h deleted file mode 100644 index f537bf04..00000000 --- a/src/openssl/internal/ossl_lcl.h +++ /dev/null @@ -1,242 +0,0 @@ -/* BEGIN: composite_local.h */ - -// Composite Crypto authentication methods. -// (c) 2021 by Massimiliano Pala - -#include -#include - -#ifndef OPENSSL_OSSL_INTERNALS_H -#define OPENSSL_OSSL_INTERNALS_H - -#if OPENSSL_VERSION_NUMBER >= 0x1010100fL -# include "ossl_1_1_1/refcount.h" -# include "ossl_1_1_1/x509_int.h" -#else -# if OPENSSL_VERSION_NUMBER >= 0x1010000fL -# include "ossl_1_1_0/refcount.h" -# include "ossl_1_1_0/509_int.h" -# endif -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -// ============================== -// Declarations & Data Structures -// ============================== - -// Definition for EVP_PKEY and ECX_KEY -// taken from openssl/include/crypto/evp.h -# ifndef OPENSSL_NO_EC - -#define X25519_KEYLEN 32 -#define X448_KEYLEN 56 -#define ED448_KEYLEN 57 - -#define MAX_KEYLEN ED448_KEYLEN - -// Definition from -typedef struct { - unsigned char pubkey[MAX_KEYLEN]; - unsigned char *privkey; -} ECX_KEY; - -#endif - -// Definition from pem_pkey.c -struct X509_pubkey_st { - X509_ALGOR *algor; - ASN1_BIT_STRING *public_key; - EVP_PKEY *pkey; -}; - -// EVP_MD_CTX related stuff -// ======================== - -struct evp_md_ctx_st { - const EVP_MD *digest; - ENGINE *engine; /* functional reference if 'digest' is - * ENGINE-provided */ - unsigned long flags; - void *md_data; - /* Public key context for sign/verify */ - EVP_PKEY_CTX *pctx; - /* Update function: usually copied from EVP_MD */ - int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); -} /* EVP_MD_CTX */ ; - - -// EVP_PKEY related stuff -// ====================== - -/* - * Type needs to be a bit field Sub-type needs to be for variations on the - * method, as in, can it do arbitrary encryption.... - */ -struct evp_pkey_st { - int type; - int save_type; - CRYPTO_REF_COUNT references; - const EVP_PKEY_ASN1_METHOD *ameth; - ENGINE *engine; - ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */ - union { - void *ptr; -# ifndef OPENSSL_NO_RSA - struct rsa_st *rsa; /* RSA */ -# endif -# ifndef OPENSSL_NO_DSA - struct dsa_st *dsa; /* DSA */ -# endif -# ifndef OPENSSL_NO_DH - struct dh_st *dh; /* DH */ -# endif -# ifndef OPENSSL_NO_EC - struct ec_key_st *ec; /* ECC */ - ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */ -# endif - } pkey; - int save_parameters; - STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ - CRYPTO_RWLOCK *lock; -} /* EVP_PKEY */ ; - -struct evp_pkey_ctx_st { - /* Method associated with this operation */ - const EVP_PKEY_METHOD *pmeth; - /* Engine that implements this method or NULL if builtin */ - ENGINE *engine; - /* Key: may be NULL */ - EVP_PKEY *pkey; - /* Peer key for key agreement, may be NULL */ - EVP_PKEY *peerkey; - /* Actual operation */ - int operation; - /* Algorithm specific data */ - void *data; - /* Application specific data */ - void *app_data; - /* Keygen callback */ - EVP_PKEY_gen_cb *pkey_gencb; - /* implementation specific keygen data */ - int *keygen_info; - int keygen_info_count; -} /* EVP_PKEY_CTX */ ; - -// EVP_PKEY_ASN1_METHOD related stuff -// ================================== - -struct evp_pkey_asn1_method_st { - int pkey_id; - int pkey_base_id; - unsigned long pkey_flags; - char *pem_str; - char *info; - int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub); - int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); - int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); - int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx); - int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); - int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); - int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx); - int (*pkey_size) (const EVP_PKEY *pk); - int (*pkey_bits) (const EVP_PKEY *pk); - int (*pkey_security_bits) (const EVP_PKEY *pk); - int (*param_decode) (EVP_PKEY *pkey, - const unsigned char **pder, int derlen); - int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder); - int (*param_missing) (const EVP_PKEY *pk); - int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from); - int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); - int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx); - int (*sig_print) (BIO *out, - const X509_ALGOR *sigalg, const ASN1_STRING *sig, - int indent, ASN1_PCTX *pctx); - void (*pkey_free) (EVP_PKEY *pkey); - int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2); - /* Legacy functions for old PEM */ - int (*old_priv_decode) (EVP_PKEY *pkey, - const unsigned char **pder, int derlen); - int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); - /* Custom ASN1 signature verification */ - int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, - X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); - int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, - X509_ALGOR *alg1, X509_ALGOR *alg2, - ASN1_BIT_STRING *sig); - int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg, - const ASN1_STRING *sig); - /* Check */ - int (*pkey_check) (const EVP_PKEY *pk); - int (*pkey_public_check) (const EVP_PKEY *pk); - int (*pkey_param_check) (const EVP_PKEY *pk); - /* Get/set raw private/public key data */ - int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len); - int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len); - int (*get_priv_key) (const EVP_PKEY *pk, unsigned char *priv, size_t *len); - int (*get_pub_key) (const EVP_PKEY *pk, unsigned char *pub, size_t *len); -} /* EVP_PKEY_ASN1_METHOD */ ; - -// EVP_PKEY_METHOD related stuff -// ============================= - -struct evp_pkey_method_st { - int pkey_id; - int flags; - int (*init) (EVP_PKEY_CTX *ctx); - int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); - void (*cleanup) (EVP_PKEY_CTX *ctx); - int (*paramgen_init) (EVP_PKEY_CTX *ctx); - int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); - int (*keygen_init) (EVP_PKEY_CTX *ctx); - int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); - int (*sign_init) (EVP_PKEY_CTX *ctx); - int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen); - int (*verify_init) (EVP_PKEY_CTX *ctx); - int (*verify) (EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen); - int (*verify_recover_init) (EVP_PKEY_CTX *ctx); - int (*verify_recover) (EVP_PKEY_CTX *ctx, - unsigned char *rout, size_t *routlen, - const unsigned char *sig, size_t siglen); - int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); - int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - EVP_MD_CTX *mctx); - int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); - int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, - EVP_MD_CTX *mctx); - int (*encrypt_init) (EVP_PKEY_CTX *ctx); - int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); - int (*decrypt_init) (EVP_PKEY_CTX *ctx); - int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); - int (*derive_init) (EVP_PKEY_CTX *ctx); - int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); - int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); - int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); - int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen); - int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen); - int (*check) (EVP_PKEY *pkey); - int (*public_check) (EVP_PKEY *pkey); - int (*param_check) (EVP_PKEY *pkey); - - int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); -} /* EVP_PKEY_METHOD */ ; - -#ifdef __cplusplus -} -#endif -#endif - -/* END: composite_ossl_internals.h */ diff --git a/src/openssl/internal/x509_data_st.h b/src/openssl/internal/x509_data_st.h deleted file mode 100644 index 769ad81a..00000000 --- a/src/openssl/internal/x509_data_st.h +++ /dev/null @@ -1,86 +0,0 @@ -/* X509_data_st.h */ - -#include -#include - -#ifndef LIBPKI_X509_DATA_ST_H -#define LIBPKI_X509_DATA_ST_H - -# if OPENSSL_VERSION_NUMBER > 0x1000000fL - -// PKIX Generic Structures Forward References -typedef struct x509_cinf_st LIBPKI_X509_CINF; -typedef struct x509_st LIBPKI_X509_CERT; -typedef struct X509_req_info_st LIBPKI_X509_REQ_INFO; -typedef struct X509_req_st LIBPKI_X509_REQ; -typedef struct X509_crl_info_st LIBPKI_X509_CRL_INFO; -typedef struct X509_crl_st LIBPKI_X509_CRL; -typedef struct X509_algor_st LIBPKI_X509_ALGOR; -typedef struct X509_extension_st LIBPKI_X509_EXTENSION; -typedef struct x509_attributes_st LIBPKI_X509_ATTRIBUTE_FULL; - -// OCSP Structures Forward references -typedef struct ocsp_cert_id_st LIBPKI_X509_OCSP_CERTID; -typedef struct ocsp_req_info_st LIBPKI_X509_OCSP_REQ_INFO; -typedef struct ocsp_signature_st LIBPKI_X509_OCSP_SIGNATURE; -typedef struct ocsp_request_st LIBPKI_X509_OCSP_REQ; -typedef struct ocsp_responder_id_st LIBPKI_X509_OCSP_RESPID; -typedef struct ocsp_response_data_st LIBPKI_X509_OCSP_RESPDATA; -typedef struct ocsp_basic_response_st LIBPKI_X509_OCSP_BASICRESP; -typedef struct ocsp_resp_bytes_st LIBPKI_X509_OCSP_RESPBYTES; -typedef struct ocsp_response_st LIBPKI_X509_OCSP_RESPONSE; - -// CMS Structures Forward references -typedef struct CMS_IssuerAndSerialNumber_st LIBPKI_CMS_ISSUER_AND_SERIAL_NUMBER; -typedef struct CMS_EncapsulatedContentInfo_st LIBPKI_CMS_CI_ENCAPSULATED; -typedef struct CMS_SignerIdentifier_st LIBPKI_CMS_SIGNER_IDENTIFIER; -typedef struct CMS_SignedData_st LIBPKI_CMS_SIGNED_DATA; -typedef struct CMS_OtherRevocationInfoFormat_st LIBPKI_CMS_OTHER_REVOCATION_INFO_FORMAT; -typedef struct CMS_OriginatorInfo_st LIBPKI_CMS_ORIGINATOR_INFO; -typedef struct CMS_EncryptedContentInfo_st LIBPKI_CMS_CI_ENCRYPTED; -typedef struct CMS_EnvelopedData_st LIBPKI_CMS_DATA_ENVELOPED; -typedef struct CMS_DigestedData_st LIBPKI_CMS_DATA_DIGESTED; -typedef struct CMS_EncryptedData_st LIBPKI_CMS_DATA_ENCRYPTED; -typedef struct CMS_AuthenticatedData_st LIBPKI_CMS_DATA_AUTH; -typedef struct CMS_CompressedData_st LIBPKI_CMS_DATA_COMPRESSED; -typedef struct CMS_OtherCertificateFormat_st LIBPKI_CMS_OTHER_CERTIFICATE_FORMAT; -typedef struct CMS_KeyTransRecipientInfo_st LIBPKI_CMS_RECIPIENT_INFO_KTRANS; -typedef struct CMS_OriginatorPublicKey_st LIBPKI_CMS_ORIGINATOR_PUBLIC_KEY; -typedef struct CMS_OriginatorIdentifierOrKey_st LIBPKI_CMS_ORIGINATOR_IDENTIFIER_OR_KEY; -typedef struct CMS_KeyAgreeRecipientInfo_st LIBPKI_CMS_RECIPIENT_INFO_KAGREE; -typedef struct CMS_RecipientKeyIdentifier_st LIBPKI_CMS_RECIPIENT_KEY_IDENTIFIER; -typedef struct CMS_KeyAgreeRecipientIdentifier_st - LIBPKI_CMS_KAGREE_RECIPIENT_IDENTIFIER; -typedef struct CMS_KEKIdentifier_st LIBPKI_CMS_KEK_IDENTIFIER; -typedef struct CMS_KEKRecipientInfo_st LIBPKI_CMS_RECIPIENT_INFO_KEK; -typedef struct CMS_PasswordRecipientInfo_st LIBPKI_CMS_RECIPIENT_INFO_PASSWORD; -typedef struct CMS_OtherRecipientInfo_st LIBPKI_CMS_RECIPIENT_INFO_OTHER; -typedef struct CMS_ReceiptsFrom_st LIBPKI_CMS_RECEIPTS_FROM; - -// ----- Includes specific for OpenSSL v1.0.x ----- // -# if OPENSSL_VERSION_NUMBER <= 0x1000ffffL -# include "ossl_1_0_x/cms_lcl.h" -# else -// ----- Includes specific for OpenSSL v1.1.0+ ----- // -# if OPENSSL_VERSION_NUMBER <= 0x10100fffL -# include "ossl_1_1_0/x509_lcl.h" -# include "ossl_1_1_0/x509_int.h" -# include "ossl_1_1_0/ocsp_lcl.h" -# include "ossl_1_1_0/cms_lcl.h" -# else -// ----- Includes specific for OpenSSL v1.1.1+ ----- // -# if OPENSSL_VERSION_NUMBER >= 0x1010100fL -# include "ossl_1_1_1/x509_lcl.h" -# include "ossl_1_1_1/x509_int.h" -# include "ossl_1_1_1/ocsp_lcl.h" -# include "ossl_1_1_1/cms_lcl.h" -# endif -# endif -# endif -# endif - -#ifndef OPENSSL_OSSL_INTERNALS_H -# include "ossl_lcl.h" -#endif - -#endif // End of LIBPKI_X509_DATA_ST_H \ No newline at end of file diff --git a/src/openssl/pqc/Makefile.am b/src/openssl/pqc/Makefile.am deleted file mode 100644 index 07893a45..00000000 --- a/src/openssl/pqc/Makefile.am +++ /dev/null @@ -1,40 +0,0 @@ -## OpenCA Makefile - by Massimiliano Pala -## (c) 1999-2007 by Massimiliano Pala and OpenCA Project -## All Rights Reserved - -TOP = ../.. -include $(TOP)/global-vars - -BASE_DEFS = - -DEFS = $(OPENCA_DEFS) - -AM_CPPFLAGS = \ - -I$(TOP) \ - $(openssl_cflags) \ - $(libxml2_cflags) \ - $(COND_INCLUDES) - -OPENSSL_INTERNAL_SRCS = - -LIBPKI_INTERNAL_SRCS = \ - pqc_tools.h \ - pqc_pkey_meth.h \ - pqc_asn1_meth.h \ - pqc_data_st.h - -nobase_include_HEADERS = - -PQC_SRCS = \ - $(OPENSSL_INTERNAL_SRCS) \ - $(LIBPKI_INTERNAL_SRCS) \ - pqc_tools.c \ - pqc_asn1_meth.c \ - pqc_pkey_meth.c \ - pqc_init.c - -noinst_LTLIBRARIES = libpki-pqc.la - -libpki_pqc_la_SOURCES = $(PQC_SRCS) -libpki_pqc_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) - diff --git a/src/openssl/pqc/pqc_asn1_meth.c b/src/openssl/pqc/pqc_asn1_meth.c deleted file mode 100644 index 7990c0d0..00000000 --- a/src/openssl/pqc/pqc_asn1_meth.c +++ /dev/null @@ -1,522 +0,0 @@ - -#include "pqc_asn1_meth.h" - -#ifdef ENABLE_OQS - -// =========== -// AMETH Tools -// =========== - -int oqs_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) -{ - const OQS_KEY *oqs_key = (OQS_KEY*) pkey->pkey.ptr; - unsigned char *penc; - size_t pubkey_len = 0, index = 0; - // size_t max_classical_pubkey_len = 0, classical_pubkey_len = 0; - if (!oqs_key || !oqs_key->s || !oqs_key->pubkey ) { - ECerr(EC_F_OQS_PUB_ENCODE, EC_R_KEY_NOT_SET); - return 0; - } - // int is_hybrid = (oqs_key->classical_pkey != NULL); - - /* determine the length of the key */ - pubkey_len = oqs_key->s->length_public_key; - // if (is_hybrid) { - // max_classical_pubkey_len = (size_t) get_classical_key_len(KEY_TYPE_PUBLIC, get_classical_nid(oqs_key->nid)); - // pubkey_len += (SIZE_OF_UINT32 + max_classical_pubkey_len); - // } - penc = OPENSSL_malloc(pubkey_len); - if (penc == NULL) { - ECerr(EC_F_OQS_PUB_ENCODE, ERR_R_MALLOC_FAILURE); - return 0; - } - - // /* if hybrid, encode classical public key */ - // if (is_hybrid) { - // unsigned char *classical_pubkey = penc + SIZE_OF_UINT32; /* i2d moves target pointer, so we copy into a temp var (leaving space for key len) */ - // int actual_classical_pubkey_len = i2d_PublicKey(oqs_key->classical_pkey, &classical_pubkey); - // if (actual_classical_pubkey_len < 0 || actual_classical_pubkey_len > max_classical_pubkey_len) { - // /* something went wrong, or we didn't allocate enough space */ - // OPENSSL_free(penc); - // ECerr(EC_F_OQS_PUB_ENCODE, ERR_R_FATAL); - // return 0; - // } - // ENCODE_UINT32(penc, actual_classical_pubkey_len); - // classical_pubkey_len = SIZE_OF_UINT32 + (size_t) actual_classical_pubkey_len; - // index += classical_pubkey_len; - // } - - /* encode the pqc public key */ - memcpy(penc + index, oqs_key->pubkey, oqs_key->s->length_public_key); - - /* recalculate pub key len using actual classical key len */ - pubkey_len = /* classical_pubkey_len + */ oqs_key->s->length_public_key; - - if (!X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), - V_ASN1_UNDEF, NULL, penc, (int) pubkey_len)) { - OPENSSL_free(penc); - ECerr(EC_F_OQS_PUB_ENCODE, ERR_R_MALLOC_FAILURE); - return 0; - } - return 1; -} - -int oqs_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) -{ - const unsigned char *p; - int pklen, max_pubkey_len; - X509_ALGOR *palg; - OQS_KEY *oqs_key = NULL; - int id = pkey->ameth->pkey_id; - // int is_hybrid = is_oqs_hybrid_alg(id); - size_t index = 0; - - if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) { - return 0; - } - if (p == NULL) { - /* pklen is checked below, after we instantiate the oqs_key to learn the max len */ - ECerr(EC_F_OQS_PUB_DECODE, ERR_R_FATAL); - return 0; - } - - if (palg != NULL) { - int ptype; - - /* Algorithm parameters must be absent */ - X509_ALGOR_get0(NULL, &ptype, NULL, palg); - if (ptype != V_ASN1_UNDEF) { - ECerr(EC_F_OQS_PUB_DECODE, EC_R_PARAMETERS_MUST_BE_ABSENT); - return 0; - } - } - - if (!oqs_key_init(&oqs_key, id, 0)) { - ECerr(EC_F_OQS_PUB_DECODE, EC_R_KEY_INIT_FAILED); - return 0; - } - - max_pubkey_len = (int) oqs_key->s->length_public_key; - // if (is_hybrid) { - // max_pubkey_len += (SIZE_OF_UINT32 + get_classical_key_len(KEY_TYPE_PUBLIC, get_classical_nid(id))); - // } - - if (pklen > max_pubkey_len) { - ECerr(EC_F_OQS_PUB_DECODE, EC_R_WRONG_LENGTH); - goto err; - } - - // /* if hybrid, decode classical public key */ - // if (is_hybrid) { - // int classical_id = get_classical_nid(id); - // uint32_t actual_classical_pubkey_len; - // DECODE_UINT32(actual_classical_pubkey_len, p); - // if (is_EC_nid(classical_id)) { - // if (!decode_EC_key(KEY_TYPE_PUBLIC, classical_id, p + SIZE_OF_UINT32, (int) actual_classical_pubkey_len, oqs_key)) { - // ECerr(EC_F_OQS_PUB_DECODE, ERR_R_FATAL); - // goto err; - // } - // } else { - // const unsigned char* pubkey_temp = p + SIZE_OF_UINT32; - // oqs_key->classical_pkey = d2i_PublicKey(classical_id, &oqs_key->classical_pkey, &pubkey_temp, actual_classical_pubkey_len); - // if (oqs_key->classical_pkey == NULL) { - // ECerr(EC_F_OQS_PUB_DECODE, ERR_R_FATAL); - // goto err; - // } - // } - - // index += (SIZE_OF_UINT32 + actual_classical_pubkey_len); - // } - /* decode PQC public key */ - memcpy(oqs_key->pubkey, (char *) (p + index), oqs_key->s->length_public_key); - - EVP_PKEY_assign(pkey, id, oqs_key); - return 1; - - err: - oqs_pkey_ctx_free(oqs_key); - return 0; -} - -int oqs_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) -{ - const OQS_KEY *akey = (OQS_KEY*) a->pkey.ptr; - const OQS_KEY *bkey = (OQS_KEY*) b->pkey.ptr; - if (akey == NULL || bkey == NULL) - return -2; - - // /* compare hybrid classical key if present */ - // if (akey->classical_pkey != NULL) { - // if (bkey->classical_pkey == NULL) { - // return 0; /* both should be hybrid or not */ - // } - // if (!EVP_PKEY_cmp(akey->classical_pkey, bkey->classical_pkey)) { - // return 0; - // } - // } - - /* compare PQC key */ - return CRYPTO_memcmp(akey->pubkey, bkey->pubkey, akey->s->length_public_key) == 0; -} - -int oqs_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) -{ - const unsigned char *p; - int plen, max_privkey_len; - ASN1_OCTET_STRING *oct = NULL; - const X509_ALGOR *palg; - OQS_KEY *oqs_key = NULL; - int id = pkey->ameth->pkey_id; - // int is_hybrid = is_oqs_hybrid_alg(id); - int index = 0; - - if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8)) - return 0; - - oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen); - if (oct == NULL) { - p = NULL; - plen = 0; - } else { - p = ASN1_STRING_get0_data(oct); - plen = ASN1_STRING_length(oct); - } - - /* oct contains first the private key, then the public key */ - if (palg != NULL) { - int ptype; - - /* Algorithm parameters must be absent */ - X509_ALGOR_get0(NULL, &ptype, NULL, palg); - if (ptype != V_ASN1_UNDEF) { - ECerr(EC_F_OQS_PRIV_DECODE, ERR_R_FATAL); - return 0; - } - } - - if (!oqs_key_init(&oqs_key, id, 1)) { - ECerr(EC_F_OQS_PRIV_DECODE, EC_R_KEY_INIT_FAILED); - return 0; - } - - max_privkey_len = (int) (oqs_key->s->length_secret_key + oqs_key->s->length_public_key); - // if (is_hybrid) { - // max_privkey_len += (SIZE_OF_UINT32 + get_classical_key_len(KEY_TYPE_PRIVATE, get_classical_nid(oqs_key->nid))); - // } - - if (plen > max_privkey_len) { - ECerr(EC_F_OQS_PRIV_DECODE, EC_R_KEY_LENGTH_WRONG); - goto err; - } - - // /* if hybrid, decode classical private key */ - // if (is_hybrid) { - // int classical_id = get_classical_nid(id); - // size_t actual_classical_privkey_len; - // DECODE_UINT32(actual_classical_privkey_len, p); - // if (is_EC_nid(classical_id)) { - // if (!decode_EC_key(KEY_TYPE_PRIVATE, classical_id, p + SIZE_OF_UINT32, (int)actual_classical_privkey_len, oqs_key)) { - // ECerr(EC_F_OQS_PRIV_DECODE, ERR_R_FATAL); - // goto err; - // } - // } else { - // const unsigned char* privkey_temp = p + SIZE_OF_UINT32; - // oqs_key->classical_pkey = d2i_PrivateKey(classical_id, &oqs_key->classical_pkey, &privkey_temp, (long) actual_classical_privkey_len); - // if (oqs_key->classical_pkey == NULL) { - // ECerr(EC_F_OQS_PRIV_DECODE, ERR_R_FATAL); - // goto err; - // } - // } - // index += (int)(SIZE_OF_UINT32 + actual_classical_privkey_len); - // } - - /* decode private key */ - memcpy(oqs_key->privkey, (char *)(p + index), oqs_key->s->length_secret_key); - index += (int)oqs_key->s->length_secret_key; - - /* decode public key */ - memcpy(oqs_key->pubkey, p + index, oqs_key->s->length_public_key); - - EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, oqs_key); - - ASN1_OCTET_STRING_free(oct); - return 1; - - err: - oqs_pkey_ctx_free(oqs_key); - return 0; -} - -int oqs_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) -{ - const OQS_KEY *oqs_key = (OQS_KEY*) pkey->pkey.ptr; - ASN1_OCTET_STRING oct; - unsigned char *buf = NULL, *penc = NULL; - uint32_t buflen; - int penclen, index = 0; - int rv = 0; - - // uint32_t max_classical_privkey_len = 0, classical_privkey_len = 0; - - if (!oqs_key || !oqs_key->s || !oqs_key->privkey ) { - ECerr(EC_F_OQS_PRIV_ENCODE, ERR_R_FATAL); - return rv; - } - // int is_hybrid = (oqs_key->classical_pkey != NULL); - - /* determine the length of key */ - buflen = (uint32_t) (oqs_key->s->length_secret_key + oqs_key->s->length_public_key); - // if (is_hybrid) { - // max_classical_privkey_len = (uint32_t) get_classical_key_len(KEY_TYPE_PRIVATE, get_classical_nid(oqs_key->nid)); - // buflen += (SIZE_OF_UINT32 + max_classical_privkey_len); - // } - buf = OPENSSL_secure_malloc((size_t)buflen); - if (buf == NULL) { - ECerr(EC_F_OQS_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); - return rv; - } - - // /* if hybrid, encode classical private key */ - // if (is_hybrid) { - // unsigned char *classical_privkey = buf + SIZE_OF_UINT32; /* i2d moves the target pointer, so we copy into a temp var (leaving space for key len) */ - // int actual_classical_privkey_len = i2d_PrivateKey(oqs_key->classical_pkey, &classical_privkey); - // if (actual_classical_privkey_len < 0 || (uint32_t) actual_classical_privkey_len > max_classical_privkey_len) { - // /* something went wrong, or we didn't allocate enough space */ - // OPENSSL_free(buf); - // ECerr(EC_F_OQS_PRIV_ENCODE, ERR_R_FATAL); - // goto end; - // } - // ENCODE_UINT32(buf, actual_classical_privkey_len); - // classical_privkey_len = SIZE_OF_UINT32 + (uint32_t) actual_classical_privkey_len; - // index += (int) classical_privkey_len; - // } - - /* encode the pqc private key */ - memcpy(buf + index, oqs_key->privkey, oqs_key->s->length_secret_key); - index += (int)oqs_key->s->length_secret_key; - - /* encode the pqc public key */ - memcpy(buf + index, oqs_key->pubkey, oqs_key->s->length_public_key); - - /* recalculate pub key len using actual classical len */ - buflen = /* classical_privkey_len + */ (uint32_t) (oqs_key->s->length_secret_key + oqs_key->s->length_public_key); - - oct.data = buf; - oct.length = (int) buflen; - oct.flags = 0; - - penclen = i2d_ASN1_OCTET_STRING(&oct, &penc); - if (penclen < 0) { - ECerr(EC_F_OQS_PRIV_ENCODE, ERR_R_FATAL); - goto end; - } - - if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0, - V_ASN1_UNDEF, NULL, penc, penclen)) { - OPENSSL_secure_clear_free(buf, (size_t) buflen); - OPENSSL_clear_free(penc, (size_t)penclen); - ECerr(EC_F_OQS_PRIV_ENCODE, EC_R_SETTING_PARAMETERS_FAILED); - goto end; - } - rv = 1; /* success */ - - end: - OPENSSL_secure_clear_free(buf, (size_t) buflen); - return rv; -} - -int oqs_size_lcl(const EVP_PKEY *pkey) -{ - const OQS_KEY *oqs_key = (OQS_KEY*) pkey->pkey.ptr; - if (oqs_key == NULL || oqs_key->s == NULL) { - ECerr(EC_F_OQS_SIZE, EC_R_NOT_INITIALIZED); - return 0; - } - size_t sig_len = oqs_key->s->length_signature; - // if (is_oqs_hybrid_alg(oqs_key->nid)) { - // int classical_nid = get_classical_nid(oqs_key->nid); - // sig_len += (SIZE_OF_UINT32 + (size_t)get_classical_sig_len(classical_nid)); - // } - return (int)sig_len; -} - -int oqs_bits(const EVP_PKEY *pkey) -{ - OQS_KEY* oqs_key = (OQS_KEY*) pkey->pkey.ptr; - size_t pubkey_len = oqs_key->s->length_public_key; - // if (is_oqs_hybrid_alg(oqs_key->nid)) { - // pubkey_len += (SIZE_OF_UINT32 + (size_t) get_classical_key_len(KEY_TYPE_PUBLIC, get_classical_nid(oqs_key->nid))); - // } - /* return size in bits */ - return (int) (CHAR_BIT * pubkey_len); -} - -int oqs_security_bits(const EVP_PKEY *pkey) -{ - return ((OQS_KEY*) pkey->pkey.ptr)->security_bits; /* already accounts for hybrid */ -} - -void oqs_free(EVP_PKEY *pkey) -{ - oqs_pkey_ctx_free((OQS_KEY*) pkey->pkey.ptr); -} - -/* "parameters" are always equal */ -int oqs_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) -{ - return 1; -} - -int oqs_key_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx, oqs_key_type_t keytype) -{ - const OQS_KEY *oqs_key = (OQS_KEY*) pkey->pkey.ptr; - // int is_hybrid = is_oqs_hybrid_alg(oqs_key->nid); - /* alg name to print, just keep the oqs part for hybrid */ - // const char *nm = OBJ_nid2ln(is_hybrid ? get_oqs_nid(oqs_key->nid) : pkey->ameth->pkey_id); - const char *nm = OBJ_nid2ln(pkey->ameth->pkey_id); - - if (keytype == KEY_TYPE_PRIVATE) { - if (oqs_key == NULL || oqs_key->privkey == NULL) { - if (BIO_printf(bp, "%*s\n", indent, "") <= 0) - return 0; - return 1; - } - if (BIO_printf(bp, "%*s%s Private-Key:\n", indent, "", nm) <= 0) - return 0; - if (BIO_printf(bp, "%*spriv:\n", indent, "") <= 0) - return 0; - if (ASN1_buf_print(bp, oqs_key->privkey, oqs_key->s->length_secret_key, - indent + 4) == 0) - return 0; - } else { - if (oqs_key == NULL) { - if (BIO_printf(bp, "%*s\n", indent, "") <= 0) - return 0; - return 1; - } - - if (BIO_printf(bp, "%*s%s Public-Key:\n", indent, "", nm) <= 0) - return 0; - } - if (BIO_printf(bp, "%*spub:\n", indent, "") <= 0) - return 0; - - if (ASN1_buf_print(bp, oqs_key->pubkey, oqs_key->s->length_public_key, - indent + 4) == 0) - return 0; - return 1; -} - -int oqs_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) -{ - return oqs_key_print(bp, pkey, indent, ctx, KEY_TYPE_PRIVATE); -} - -int oqs_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) -{ - return oqs_key_print(bp, pkey, indent, ctx, KEY_TYPE_PUBLIC); -} - -int oqs_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, - X509_ALGOR *sigalg, ASN1_BIT_STRING *str, - EVP_PKEY *pkey) -{ - const ASN1_OBJECT *obj; - int ptype; - int nid; - - /* Sanity check: make sure it is an OQS scheme with absent parameters */ - X509_ALGOR_get0(&obj, &ptype, NULL, sigalg); - nid = OBJ_obj2nid(obj); - if ( - ( -///// OQS_TEMPLATE_FRAGMENT_CHECK_IF_KNOWN_NID_START - nid != NID_dilithium2 && - nid != NID_p256_dilithium2 && - nid != NID_rsa3072_dilithium2 && - nid != NID_dilithium3 && - nid != NID_p384_dilithium3 && - nid != NID_dilithium5 && - nid != NID_p521_dilithium5 && - nid != NID_falcon512 && - nid != NID_p256_falcon512 && - nid != NID_rsa3072_falcon512 && - nid != NID_falcon1024 && - nid != NID_p521_falcon1024 && - nid != NID_sphincssha2128fsimple && - nid != NID_p256_sphincssha2128fsimple && - nid != NID_rsa3072_sphincssha2128fsimple && - nid != NID_sphincssha2128ssimple && - nid != NID_p256_sphincssha2128ssimple && - nid != NID_rsa3072_sphincssha2128ssimple && - nid != NID_sphincssha2192fsimple && - nid != NID_p384_sphincssha2192fsimple && - nid != NID_sphincsshake128fsimple && - nid != NID_p256_sphincsshake128fsimple && - nid != NID_rsa3072_sphincsshake128fsimple && - 1 /* This is just to faciliate templating. */ -///// OQS_TEMPLATE_FRAGMENT_CHECK_IF_KNOWN_NID_END - && nid != OBJ_sn2nid("DilithiumX") - ) || ptype != V_ASN1_UNDEF) { - ECerr(EC_F_OQS_ITEM_VERIFY, EC_R_UNKNOWN_NID); - return 0; - } - - if (!EVP_DigestVerifyInit(ctx, NULL, NULL, NULL, pkey)) - return 0; - - return 2; -} - -int oqs_ameth_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) { - - switch (op) { - - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_sha512; - return 1; - break; - -#ifndef OPENSSL_NO_CMS - case ASN1_PKEY_CTRL_CMS_SIGN: - if (arg1 == 0) { - int snid, hnid; - X509_ALGOR *alg1, *alg2; - CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2); - if (alg1 == NULL || alg1->algorithm == NULL) { - return -1; - } - hnid = OBJ_obj2nid(alg1->algorithm); - if (hnid == NID_undef) { - return -1; - } - // int pkey_id = EVP_PKEY_id(pkey); - // PKI_DEBUG("****** OSSL3 UPGRADE: GOT PKEY ID %d vs. EVP_PKEY_id() -> %d", pkey_id, EVP_PKEY_id(pkey)); - int pkey_type = PKI_X509_KEYPAIR_VALUE_get_id(pkey); - if (!OBJ_find_sigid_by_algs(&snid, hnid, pkey_type)) { - PKI_DEBUG("Cannot find the signature algorithm for %s (%d) and %s (%d)", - PKI_ID_get_txt(hnid), hnid, PKI_ID_get_txt(pkey_type), pkey_type); - return -1; - } - X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); - } - return 1; - break; -#endif - - } - ECerr(EC_F_PKEY_OQS_CTRL, ERR_R_FATAL); - return 0; -} - -// ==================================== PKEY ====================================== - -// DEFINE_OQS_EVP_METHODS(sphincsharaka128frobust, NID_sphincsharaka128frobust, "sphincsharaka128frobust", "OpenSSL SPHINCS+-Haraka-128f-robust algorithm") -// DEFINE_OQS_EVP_METHODS(sphincssha256128frobust, NID_sphincssha256128frobust, "sphincssha256128frobust", "OpenSSL SPHINCS+-SHA256-128f-robust algorithm") -// DEFINE_OQS_EVP_METHODS(sphincsshake256128frobust, NID_sphincsshake256128frobust, "sphincsshake256128frobust", "OpenSSL SPHINCS+-SHAKE256-128f-robust algorithm") -// ///// OQS_TEMPLATE_FRAGMENT_DEFINE_OQS_EVP_METHS_END - -#endif // End of ENABLE_OQS \ No newline at end of file diff --git a/src/openssl/pqc/pqc_asn1_meth.h b/src/openssl/pqc/pqc_asn1_meth.h deleted file mode 100644 index 7e70def1..00000000 --- a/src/openssl/pqc/pqc_asn1_meth.h +++ /dev/null @@ -1,153 +0,0 @@ - -#ifndef _LIBPKI_PQC_AMETH_LOCAL_H -#define _LIBPKI_PQC_AMETH_LOCAL_H - -// Library configuration -#ifdef __LIB_BUILD__ -#include -#else -#include -#endif - -#ifdef ENABLE_OQS - -#ifndef _LIBPKI_OS_H -#include -#endif - -#ifndef _LIBPKI_COMPAT_H -#include -#endif - -#ifndef _LIBPKI_PKI_ID_H -# include -#endif - -#ifndef _LIBPKI_X509_KEYPAIR_HEADER_H -#include -#endif - -#ifndef _LIBPKI_PQC_DEFS_H -#include -#endif - -#ifndef LIBPKI_X509_DATA_ST_H -#include "../internal/x509_data_st.h" -#endif - -#ifndef _LIBPKI_PQC_TOOLS_H -#include "pqc_tools.h" -#endif - -#ifndef HEADER_OPENSSL_TYPES_H -#include -#endif - -#ifndef HEADER_ERR_H -#include -#endif - -BEGIN_C_DECLS - -// ================== -// ASN1 Method Macros -// ================== - -// Item Sign Macro -// --------------- - -#define DEFINE_OQS_ITEM_SIGN(ALG, NID_ALG) \ -static int oqs_item_sign_##ALG(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,\ - X509_ALGOR *alg1, X509_ALGOR *alg2, \ - ASN1_BIT_STRING *str) \ -{ \ - /* Set algorithm identifier */ \ - X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ALG), V_ASN1_UNDEF, NULL); \ - if (alg2 != NULL) \ - X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ALG), V_ASN1_UNDEF, NULL); \ - /* Algorithm identifier set: carry on as normal */ \ - return 3; \ -} - - -// Signature Info Set Macro -// ------------------------ - -#define DEFINE_OQS_SIGN_INFO_SET(ALG, NID_ALG) \ -static int oqs_sig_info_set_##ALG(X509_SIG_INFO *siginf, const X509_ALGOR *alg, \ - const ASN1_STRING *sig) \ -{ \ - X509_SIG_INFO_set(siginf, NID_sha512, NID_ALG, get_oqs_security_bits(NID_ALG),\ - X509_SIG_INFO_TLS); \ - return 1; \ -} - -// Generic ASN1 Method NID-dependent define macro -#define DEFINE_ITEM_SIGN_AND_INFO_SET(ALG) \ -static int oqs_item_sign_##ALG(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,\ - X509_ALGOR *alg1, X509_ALGOR *alg2, \ - ASN1_BIT_STRING *str) \ -{ \ - /* Set algorithm identifier */ \ - X509_ALGOR_set0(alg1, OBJ_txt2obj(#ALG,0), V_ASN1_UNDEF, NULL); \ - if (alg2 != NULL) \ - X509_ALGOR_set0(alg2, OBJ_txt2obj(#ALG,0), V_ASN1_UNDEF, NULL); \ - /* Algorithm identifier set: carry on as normal */ \ - return 3; \ -} \ -static int oqs_sig_info_set_##ALG(X509_SIG_INFO *siginf, const X509_ALGOR *alg, \ - const ASN1_STRING *sig) \ -{ \ - X509_SIG_INFO_set(siginf, NID_sha512, OBJ_sn2nid(#ALG), get_oqs_security_bits(OBJ_txt2nid(#ALG)), \ - X509_SIG_INFO_TLS); \ - return 1; \ -} - -// ================= -// ASN1 Method Tools -// ================= - -int oqs_key_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx, oqs_key_type_t keytype); - -// ===================== -// ASN1 Method Interface -// ===================== - -int oqs_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey); - -int oqs_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey); - -int oqs_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b); - -int oqs_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8); - -int oqs_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey); - -int oqs_size_lcl(const EVP_PKEY *pkey); - -int oqs_bits(const EVP_PKEY *pkey); - -int oqs_security_bits(const EVP_PKEY *pkey); - -void oqs_free(EVP_PKEY *pkey); - -int oqs_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); - -int oqs_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx); - -int oqs_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx); - -int oqs_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, - X509_ALGOR *sigalg, ASN1_BIT_STRING *str, - EVP_PKEY *pkey); - -int oqs_ameth_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2); - -END_C_DECLS - -# endif // End of ENABLE_OQS - -#endif // End of _LIBPKI_PQC_AMETH_LOCAL_H diff --git a/src/openssl/pqc/pqc_data_st.h b/src/openssl/pqc/pqc_data_st.h deleted file mode 100644 index f876bd20..00000000 --- a/src/openssl/pqc/pqc_data_st.h +++ /dev/null @@ -1,59 +0,0 @@ -#ifndef _LIBPKI_PQC_LOCAL_H -#define _LIBPKI_PQC_LOCAL_H - -// Library configuration -#ifdef __LIB_BUILD__ -#include -#else -#include -#endif - -# ifdef ENABLE_OQS - -# include -# include - -# ifndef OQS_H -# include -# endif - -# ifndef LIBPKI_X509_DATA_ST_H -# include "../internal/x509_data_st.h" -# endif - -BEGIN_C_DECLS - -/* - * OQS context - */ -typedef struct -{ - /* OpenSSL NID */ - int nid; - /* OQS signature context */ - OQS_SIG *s; - /* OQS public key */ - uint8_t *pubkey; - /* OQS private key */ - uint8_t *privkey; - /* Security bits for the scheme */ - int security_bits; - /* digest, if any was desired or EVP_md_null() */ - EVP_MD_CTX * digest; - /* Classical key pair for hybrid schemes; either a private or public key depending on context */ - // EVP_PKEY *classical_pkey; -} OQS_KEY; - -/* - * OQS key type - */ -typedef enum { - KEY_TYPE_PUBLIC, - KEY_TYPE_PRIVATE, -} oqs_key_type_t; - -END_C_DECLS - -# endif // End of ENABLE_OQS - -#endif // End of _LIBPKI_PQC_LOCAL_H \ No newline at end of file diff --git a/src/openssl/pqc/pqc_init.c b/src/openssl/pqc/pqc_init.c deleted file mode 100644 index d1e4b343..00000000 --- a/src/openssl/pqc/pqc_init.c +++ /dev/null @@ -1,337 +0,0 @@ - -// Include the library configuration -#ifdef __LIB_BUILD__ -#include -#else -#include -#endif - -#ifdef ENABLE_OQS - -#ifndef _LIBPKI_LOG_H -#include -#endif - -#ifndef _LIBPKI_ERR_H -#include -#endif - -#ifndef _LIBPKI_PQC_DEFS_H -#include -#endif - -#ifndef LIBPKI_X509_DATA_ST_H -#include "../internal/x509_data_st.h" -#endif - -#ifndef _LIBPKI_PQC_INIT_H -#include -#endif - -#ifndef _LIBPKI_PQC_PKEY_METH_LOCAL_H -#include "pqc_pkey_meth.h" -#endif - -#ifndef _LIBPKI_PQC_AMETH_LOCAL_H -#include "pqc_asn1_meth.h" -#endif - - -#define PKI_REGISTER_PKEY_METH(ALG, OID) \ - PKI_PQC_asn1_meth_set_id(&ALG##_ASN1_METH, OBJ_txt2nid(OID)); \ - if (EVP_PKEY_meth_add0(&ALG##_PKEY_METH)) { \ - EVP_PKEY_asn1_add0(&ALG##_ASN1_METH); \ - } else { \ - PKI_ERROR(PKI_ERR_MEMORY_ALLOC, "Cannot add PKEY method"); \ - } - -// ==== -// Data -// ==== - -#ifdef ENABLE_OQS - -// Dilithium -DEFINE_ITEM_SIGN_AND_INFO_SET(dilithium2) -// DEFINE_OQS_ITEM_SIGN(dilithium3, OBJ_sn2nid("dilithium2")) -// DEFINE_OQS_SIGN_INFO_SET(dilithium3, OBJ_sn2nid("dilithium2")) - -DEFINE_ITEM_SIGN_AND_INFO_SET(dilithium3) -DEFINE_ITEM_SIGN_AND_INFO_SET(dilithium5) - -// Falcon -DEFINE_ITEM_SIGN_AND_INFO_SET(falcon512) -DEFINE_ITEM_SIGN_AND_INFO_SET(falcon1024) - -// Experimental -DEFINE_ITEM_SIGN_AND_INFO_SET(dilithiumX) - -#endif - -// // Composite Crypto -// // #ifdef ENABLE_COMPOSITE -// // DEFINE_OQS_ITEM_SIGN(composite, OBJ_sn2nid("COMPOSITE")) -// // #endif - -// // Multikey Crypto -// #ifdef ENABLE_COMBINED -// DEFINE_OQS_ITEM_SIGN(combined, OBJ_sn2nid("MULTIKEY")) -// #endif - -// ========= -// Functions -// ========= - -int PKI_PQC_asn1_meth_set_id(EVP_PKEY_ASN1_METHOD * pkey_ameth, int pkey_id) { - - // Input Check - if (!pkey_ameth || pkey_id <= 0) return 0; - - // Assigns the generated IDs - pkey_ameth->pkey_id = pkey_id; - pkey_ameth->pkey_base_id = pkey_id; - pkey_ameth->pkey_id = pkey_id; - - // All Done - return 1; -}; - -EVP_PKEY_METHOD * PKI_PQC_PKEY_METH_new(int nid, int flags) { - - // Input check - if (nid <= 0) { - PKI_ERROR(PKI_ERR_PARAM_RANGE, "Out-of-Range NID for PKEY method"); - return NULL; - } - - // Initializes the PKEY method first - EVP_PKEY_METHOD * pkey_meth = EVP_PKEY_meth_new(nid, flags); - if (!pkey_meth) { - PKI_ERROR(PKI_ERR_ALGOR_SET, "Cannot create a new PKEY method"); - return NULL; - } - - // ------------------------------ - // PKEY Let's add all the methods - // ------------------------------ - - // Copy - EVP_PKEY_meth_set_copy(pkey_meth, pkey_oqs_copy); - - // Key Generation - EVP_PKEY_meth_set_keygen(pkey_meth, NULL, pkey_oqs_keygen); - - // Sign & Sign Init - EVP_PKEY_meth_set_sign(pkey_meth, pkey_oqs_sign_init, pkey_oqs_sign); - - // // Verify & Verify Init - EVP_PKEY_meth_set_verify(pkey_meth, pkey_oqs_verify_init, pkey_oqs_verify); - - // // SignCTX and SignCTX Init - EVP_PKEY_meth_set_signctx(pkey_meth, pkey_oqs_signctx_init, pkey_oqs_signctx); - - // // VerifyCTX and VerifyCTX Init - EVP_PKEY_meth_set_verifyctx(pkey_meth, pkey_oqs_verifyctx_init, pkey_oqs_verifyctx); - - // // CTRL & CTRL str - EVP_PKEY_meth_set_ctrl(pkey_meth, pkey_oqs_ctrl, NULL); - - // // Digest Sign - EVP_PKEY_meth_set_digestsign(pkey_meth, pkey_oqs_digestsign); - - // // Digest Verify - EVP_PKEY_meth_set_digestverify(pkey_meth, pkey_oqs_digestverify); - - // // Digest Custom - EVP_PKEY_meth_set_digest_custom(pkey_meth, pkey_oqs_digestcustom); - - // All Done - return pkey_meth; -} - -EVP_PKEY_ASN1_METHOD * PKI_PQC_PKEY_ASN1_METH_new(int nid, - int flags, - const char * const pem_str, - const char * const info) { - - if (nid <= 0) { - PKI_ERROR(PKI_ERR_PARAM_RANGE, "Out-of-Range NID for ASN1 PKEY creation"); - return NULL; - } - - // Generates a new ASN1 PKEY method - EVP_PKEY_ASN1_METHOD * a_meth = EVP_PKEY_asn1_new(nid, - flags, - pem_str ? pem_str : OBJ_nid2sn(nid), - info); - - // We need to add all the different methods - - // Sets the Public Key methods - EVP_PKEY_asn1_set_public(a_meth, - oqs_pub_decode, - oqs_pub_encode, - oqs_pub_cmp, - oqs_pub_print, - oqs_size_lcl, - oqs_bits - ); - - // Sets the Private Key methods - EVP_PKEY_asn1_set_private(a_meth, - oqs_priv_decode, - oqs_priv_encode, - oqs_priv_print - ); - - // Sets the Param - EVP_PKEY_asn1_set_param(a_meth, - NULL, // oqs_param_decode, - NULL, // oqs_param_encode, - NULL, // oqs_param_missing, - NULL, // oqs_param_copy, - NULL, // oqs_param_cmp, - NULL // oqs_param_print) - ); - - EVP_PKEY_asn1_set_free(a_meth, oqs_free); - - EVP_PKEY_asn1_set_ctrl(a_meth, oqs_ameth_pkey_ctrl); - - // Need to check this one - EVP_PKEY_asn1_set_security_bits(a_meth, oqs_security_bits); - - // item_sign and set_siginfo are algorithm-dependent - // therefore we select the right functions based on - // the nid value - int (*fnc_item_sign)(EVP_MD_CTX *ctx, - const ASN1_ITEM *it, - void *asn, - X509_ALGOR *alg1, - X509_ALGOR *alg2, - ASN1_BIT_STRING *sig) = NULL; - - int (*fnc_set_siginfo)(X509_SIG_INFO *siginf, - const X509_ALGOR *alg, - const ASN1_STRING *sig) = NULL; - - if (OBJ_sn2nid("dilithium2") == nid) { - fnc_item_sign = oqs_item_sign_dilithium2; - fnc_set_siginfo = oqs_sig_info_set_dilithium2; - } else if (OBJ_sn2nid("dilithium3") == nid) { - fnc_item_sign = oqs_item_sign_dilithium3; - fnc_set_siginfo = oqs_sig_info_set_dilithium3; - } else if (OBJ_sn2nid("dilithium5") == nid) { - fnc_item_sign = oqs_item_sign_dilithium5; - fnc_set_siginfo = oqs_sig_info_set_dilithium5; - } else if (OBJ_sn2nid("falcon512") == nid) { - fnc_item_sign = oqs_item_sign_falcon512; - fnc_set_siginfo = oqs_sig_info_set_falcon512; - } else if (OBJ_sn2nid("falcon1024") == nid) { - fnc_item_sign = oqs_item_sign_falcon1024; - fnc_set_siginfo = oqs_sig_info_set_falcon1024; - } else if (OBJ_sn2nid("DilithiumX3") == nid || - OBJ_sn2nid("dilithiumX3") == nid) { - fnc_item_sign = oqs_item_sign_dilithiumX; - fnc_set_siginfo = oqs_sig_info_set_dilithiumX; - } else { - fprintf(stderr, "Unsupported NID: %d\n", nid); - fflush(stderr); - // PKI_ERROR(PKI_ERR_ALGOR_UNKNOWN, "Unsupported NID %d (%s)", nid, OBJ_nid2sn(nid)); - return NULL; - } - - // Sets the algorithm-dependent functions - EVP_PKEY_asn1_set_item(a_meth, oqs_item_verify, fnc_item_sign); - EVP_PKEY_asn1_set_siginf(a_meth, fnc_set_siginfo); - - // Unused methods - EVP_PKEY_asn1_set_check(a_meth, NULL); - EVP_PKEY_asn1_set_public_check(a_meth, NULL); - EVP_PKEY_asn1_set_param_check(a_meth, NULL); - - EVP_PKEY_asn1_set_set_priv_key(a_meth, NULL); - EVP_PKEY_asn1_set_set_pub_key(a_meth, NULL); - EVP_PKEY_asn1_set_get_priv_key(a_meth, NULL); - EVP_PKEY_asn1_set_get_pub_key(a_meth, NULL); - - // All Done - return a_meth; -} - -int PKI_PQC_ALG_new(const char * name, int flags) { - - // Input Check - if (!name || strlen(name) <= 0) return PKI_ERR; - - // Retrieves the NID associated with the algorithm - int nid = OBJ_sn2nid(name); - if (nid == NID_undef) { - PKI_DEBUG("Cannot find the ID for %s algorithm", name); - return PKI_ERR; - } - - // Checks the input flags - if (flags < 0) flags = EVP_PKEY_FLAG_SIGCTX_CUSTOM; - - // ---------------------------------- - // Generates and Adds the PKEY method - // ---------------------------------- - - EVP_PKEY_METHOD * p_meth = PKI_PQC_PKEY_METH_new(nid, flags); - if (!p_meth) { - PKI_ERROR(PKI_ERR_ALGOR_PKEY_METHOD_NEW, "Cannot generate the PKEY method for %d (%s)\n", nid, name); - return PKI_ERR; - } - - // Adds the Method - if (!EVP_PKEY_meth_add0(p_meth)) { - PKI_ERROR(PKI_ERR_ALGOR_PKEY_METHOD_ADD, "Cannot Add the PKEY Method for %d (%s)", nid, name); - if (p_meth) EVP_PKEY_meth_free(p_meth); - return PKI_ERR; - } - - // Checks that the new method is added correctly - const EVP_PKEY_METHOD * tmp_p_meth = EVP_PKEY_meth_find(nid); - if (!tmp_p_meth) { - PKI_ERROR(PKI_ERR_ALGOR_PKEY_ASN1_METHOD_NEW, "Cannot find the PKEY method just added (%d)!\n", nid); - return PKI_ERR; - } - - // ---------------------------------- - // Now we need to add the ASN1 method - // ---------------------------------- - - EVP_PKEY_ASN1_METHOD * a_meth = PKI_PQC_PKEY_ASN1_METH_new(nid, 0, name, name); - if (!a_meth) { - PKI_ERROR(PKI_ERR_ALGOR_SET, "Cannot generate the PKEY ASN1 method for %d (%s)\n", nid, name); - fflush(stderr); - return PKI_ERR; - } - - // Adds the ASN1 method to the list of available ones - if (1 != EVP_PKEY_asn1_add0(a_meth)) { - PKI_ERROR(PKI_ERR_ALGOR_SET, "Cannot Set the ASN1 PKEY method for %d (%s)", nid, name); - if (a_meth) EVP_PKEY_asn1_free(a_meth); - return PKI_ERR; - } - - // All Done - return PKI_OK; -} - -int PKI_PQC_init() { - - // Let's initialize our own implementation of Dilithium5 - // that we call "DilithiumX3" (Test for initialization of - // Post-Quantum cryptography from our own pool) - if (PKI_PQC_ALG_new("DilithiumX3", -1) == PKI_ERR) { - // Reports the Error - PKI_DEBUG("Cannot add PQC Dynamic Algorithm: DilithiumX3 (dilithium3 native implementation)"); - } - - // All Done - return PKI_OK; -} - -#endif // End of ENABLE_OQS diff --git a/src/openssl/pqc/pqc_pkey_meth.c b/src/openssl/pqc/pqc_pkey_meth.c deleted file mode 100644 index d832cc65..00000000 --- a/src/openssl/pqc/pqc_pkey_meth.c +++ /dev/null @@ -1,455 +0,0 @@ - - -#include "pqc_pkey_meth.h" - -#ifdef ENABLE_OQS - -#ifndef _LIBPKI_LOG_H -#include -#endif - -#include - -// ======================= -// EVP PKEY Meth Functions -// ======================= - -int pkey_oqs_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) -{ - // nothing specific needed, but EVP depends on its presence - return 1; -} - -int pkey_oqs_keygen_init(EVP_PKEY_CTX *ctx) { - return 1; -} - -int pkey_oqs_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - OQS_KEY *oqs_key = NULL; - int id = ctx->pmeth->pkey_id; - int rv = 0; - - if (!oqs_key_init(&oqs_key, id, 1)) { - ECerr(EC_F_PKEY_OQS_KEYGEN, ERR_R_FATAL); - goto end; - } - - /* generate PQC key pair */ - if (OQS_SIG_keypair(oqs_key->s, oqs_key->pubkey, oqs_key->privkey) != OQS_SUCCESS) { - ECerr(EC_F_PKEY_OQS_KEYGEN, EC_R_KEYGEN_FAILED); - goto end; - } - - EVP_PKEY_assign(pkey, id, oqs_key); - rv = 1; /* success */ - - end: - if (oqs_key && rv == 0) oqs_pkey_ctx_free(oqs_key); - return rv; -} - -int pkey_oqs_sign_init(EVP_PKEY_CTX *ctx) { - return 1; -} - -int pkey_oqs_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen) -{ - - const OQS_KEY *oqs_key = (OQS_KEY*) ctx->pkey->pkey.ptr; - // Pointer to the OQS private key structure - - // Input Checks - if (!oqs_key || !oqs_key->s || !oqs_key->privkey ) { - PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); - return 0; - } - - // Returns the maximum signature size - if (sig == NULL) { - // Sets the maximum signature size - *siglen = oqs_key->s->length_signature; - // If no output buffer is provided, nothing else to do - return 1; - } - - // If a buffer was provided for the signature, - // we shall check it is large enough - if (*siglen < oqs_key->s->length_signature) { - PKI_DEBUG("Signature buffer too small (required %d bytes)", oqs_key->s->length_signature); - return 0; - } - - // Performing the signature with the OQS library - if (OQS_SIG_sign(oqs_key->s, sig, siglen, tbs, tbslen, oqs_key->privkey) != OQS_SUCCESS) { - PKI_DEBUG("OQS Sign failed"); - return 0; - } - - // Success - return 1; -} - -int pkey_oqs_verify_init(EVP_PKEY_CTX *ctx) { - return 1; -} - -int pkey_oqs_verify(EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen) { - - const OQS_KEY *oqs_key = (OQS_KEY*) ctx->pkey->pkey.ptr; - - if (!oqs_key || !oqs_key->s || !oqs_key->pubkey || sig == NULL || tbs == NULL) { - PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); - return 0; - } - - if (OQS_SIG_verify(oqs_key->s, tbs, tbslen, sig, siglen, oqs_key->pubkey) != OQS_SUCCESS) { - PKI_DEBUG("LibOQS Verify Error"); - return 0; - } - - return 1; - -} - - -int pkey_oqs_signctx_init (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) { - - EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); - EVP_MD_CTX_set_update_fn(mctx, oqs_int_update); - - return 1; -} - -int pkey_oqs_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, EVP_MD_CTX *mctx) { - OQS_KEY *oqs_key = (OQS_KEY*) EVP_MD_CTX_pkey_ctx(mctx)->pkey->pkey.ptr; - unsigned char* tbs = NULL; - unsigned int tbslen = 0; - - if (sig != NULL && oqs_key->digest) { - // support any digest requested: - tbslen = (unsigned int) EVP_MD_CTX_size(oqs_key->digest); - - if (oqs_key->digest == NULL) { // error; ctrl not called? - return 0; - } - - if((tbs = (unsigned char *)OPENSSL_malloc((size_t) tbslen)) == NULL) { - PKI_DEBUG("Memory Allocation Error"); - return 0; - } - - if(EVP_DigestFinal(oqs_key->digest, tbs, &tbslen) <= 0) { - PKI_DEBUG("Cannot Finalize the Digest"); - return 0; - } - } - - int ret = pkey_oqs_digestsign(mctx, sig, siglen, tbs, tbslen); - if (sig != NULL) { // cleanup only if it's not the empty setup call - OPENSSL_free(tbs); - EVP_MD_CTX_destroy(oqs_key->digest); - oqs_key->digest = NULL; - } - if (ret <= 0) { - PKI_DEBUG("ERROR: Cannot generate a digest signature"); - } - else { - EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_FINALISE); // don't go around again... - } - - return ret; -} - - -int pkey_oqs_verifyctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) { - - EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); - EVP_MD_CTX_set_update_fn(mctx, oqs_int_update); - EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_FINALISE); // don't go around again... - return 1; -} - -int pkey_oqs_verifyctx(EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, - EVP_MD_CTX *mctx) { - OQS_KEY *oqs_key = (OQS_KEY*) EVP_MD_CTX_pkey_ctx(mctx)->pkey->pkey.ptr; - unsigned char* tbs = NULL; - unsigned int tbslen = 0; - - if (sig != NULL - && oqs_key->digest != NULL - && EVP_MD_CTX_md(oqs_key->digest) != EVP_md_null()) { - - // support any digest requested: - tbslen = (unsigned int) EVP_MD_CTX_size(oqs_key->digest); - - if (oqs_key->digest == NULL) { // error; ctrl not called? - return 0; - } - - if((tbs = (unsigned char *)OPENSSL_malloc(tbslen)) == NULL) { - return 0; - } - - if(EVP_DigestFinal(oqs_key->digest, tbs, &tbslen) <= 0) { - return 0; - } - - } - - int ret = pkey_oqs_digestverify(mctx, sig, (size_t) siglen, tbs, tbslen); - if (sig != NULL) { // cleanup only if it's not the empty setup call - OPENSSL_free(tbs); - EVP_MD_CTX_destroy(oqs_key->digest); - oqs_key->digest = NULL; - } - if (ret <= 0) { - } - else { - EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_FINALISE); // don't go around again... - } - - return ret; -} - - -int pkey_oqs_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) -{ - OQS_KEY *oqs_key = (OQS_KEY*) EVP_PKEY_CTX_get0_pkey(ctx)->pkey.ptr; - - switch (type) { - case EVP_PKEY_CTRL_MD: { - /* NULL allowed as digest */ - if (p2 == NULL || (EVP_MD *)p2 == EVP_md_null()) { - return 1; - }; - - if (oqs_key->digest == NULL) { // allocate fitting digest engine - if ((oqs_key->digest = EVP_MD_CTX_create()) == NULL) { - return 0; - } - - if (EVP_DigestInit_ex(oqs_key->digest, EVP_get_digestbynid(*(int*)p2), NULL) <= 0) { - return 0; - } - } - return 1; // accept any digest - } break; - - - case EVP_PKEY_CTRL_DIGESTINIT: - return 1; - - case EVP_PKEY_CTRL_CMS_SIGN: - return 1; - } - ECerr(EC_F_PKEY_OQS_CTRL, ERR_R_FATAL); - return -2; -} - -int pkey_oqs_digestsign(EVP_MD_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen) -{ - const OQS_KEY *oqs_key = (OQS_KEY*) EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ptr; - - size_t max_sig_len = oqs_key->s->length_signature; - size_t oqs_sig_len = 0; - size_t index = 0; - int rv = 0; - - // EVP_PKEY_CTX *classical_ctx_sign = NULL; - // size_t classical_sig_len = 0; - // size_t actual_classical_sig_len = 0; - // int is_hybrid = is_oqs_hybrid_alg(oqs_key->nid); - // int classical_id = 0; - - if (!oqs_key || !oqs_key->s || !oqs_key->privkey /* || (is_hybrid && !oqs_key->classical_pkey) */ ) { - ECerr(EC_F_PKEY_OQS_DIGESTSIGN, EC_R_NO_PRIVATE_KEY); - return rv; - } - - // if (is_hybrid) { - // classical_id = get_classical_nid(oqs_key->nid); - // actual_classical_sig_len = (size_t) get_classical_sig_len(classical_id); - // max_sig_len += (SIZE_OF_UINT32 + actual_classical_sig_len); - // } - - if (sig == NULL) { - /* we only return the sig len */ - *siglen = max_sig_len; - return 1; - } - if (*siglen < max_sig_len) { - ECerr(EC_F_PKEY_OQS_DIGESTSIGN, EC_R_BUFFER_LENGTH_WRONG); - return rv; - } - - // if (is_hybrid) { - // const EVP_MD *classical_md; - // int digest_len; - // unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ - - // if ((classical_ctx_sign = EVP_PKEY_CTX_new(oqs_key->classical_pkey, NULL)) == NULL || - // EVP_PKEY_sign_init(classical_ctx_sign) <= 0) { - // ECerr(EC_F_PKEY_OQS_DIGESTSIGN, ERR_R_FATAL); - // goto end; - // } - // if (classical_id == EVP_PKEY_RSA) { - // if (EVP_PKEY_CTX_set_rsa_padding(classical_ctx_sign, RSA_PKCS1_PADDING) <= 0) { - // ECerr(EC_F_PKEY_OQS_DIGESTSIGN, ERR_R_FATAL); - // goto end; - // } - // } - - // /* classical schemes can't sign arbitrarily large data; we hash it first */ - // switch (oqs_key->s->claimed_nist_level) { - // case 1: - // classical_md = EVP_sha256(); - // digest_len = SHA256_DIGEST_LENGTH; - // SHA256(tbs, tbslen, (unsigned char*) &digest); - // break; - // case 2: - // case 3: - // classical_md = EVP_sha384(); - // digest_len = SHA384_DIGEST_LENGTH; - // SHA384(tbs, tbslen, (unsigned char*) &digest); - // break; - // case 4: - // case 5: - // default: - // classical_md = EVP_sha512(); - // digest_len = SHA512_DIGEST_LENGTH; - // SHA512(tbs, tbslen, (unsigned char*) &digest); - // break; - // } - // if (EVP_PKEY_CTX_set_signature_md(classical_ctx_sign, classical_md) <= 0) { - // ECerr(EC_F_PKEY_OQS_DIGESTSIGN, ERR_R_FATAL); - // goto end; - // } - // if (EVP_PKEY_sign(classical_ctx_sign, sig + SIZE_OF_UINT32, &actual_classical_sig_len, digest, (size_t)digest_len) <= 0) { - // ECerr(EC_F_PKEY_OQS_DIGESTSIGN, EC_R_SIGNING_FAILED); - // goto end; - // } - // if (actual_classical_sig_len > (size_t) get_classical_sig_len(classical_id)) { - // /* sig is bigger than expected! */ - // ECerr(EC_F_PKEY_OQS_DIGESTSIGN, EC_R_BUFFER_LENGTH_WRONG); - // goto end; - // } - // ENCODE_UINT32(sig, actual_classical_sig_len); - // classical_sig_len = SIZE_OF_UINT32 + actual_classical_sig_len; - // index += classical_sig_len; - // } - - PKI_DEBUG("Signing %d bytes of data", tbslen); - - if (OQS_SIG_sign(oqs_key->s, sig + index, &oqs_sig_len, tbs, tbslen, oqs_key->privkey) != OQS_SUCCESS) { - ECerr(EC_F_PKEY_OQS_DIGESTSIGN, EC_R_SIGNING_FAILED); - return 0; - } - *siglen = /* classical_sig_len */ + oqs_sig_len; - - rv = 1; /* success */ - -// end: - // if (classical_ctx_sign) { - // EVP_PKEY_CTX_free(classical_ctx_sign); - // } - return rv; -} - -int pkey_oqs_digestverify(EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen) -{ - const OQS_KEY *oqs_key = (OQS_KEY*) EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ptr; - size_t index = 0; - - // int is_hybrid = is_oqs_hybrid_alg(oqs_key->nid); - // int classical_id = 0; - // size_t classical_sig_len = 0; - - if (!oqs_key || !oqs_key->s || !oqs_key->pubkey /* || (is_hybrid && !oqs_key->classical_pkey) */ - || sig == NULL || tbs == NULL) { - ECerr(EC_F_PKEY_OQS_DIGESTVERIFY, EC_R_WRONG_PARAMETERS); - return 0; - } - - // if (is_hybrid) { - // classical_id = get_classical_nid(oqs_key->nid); - // } - - // if (is_hybrid) { - // EVP_PKEY_CTX *ctx_verify = NULL; - // const EVP_MD *classical_md; - // size_t actual_classical_sig_len = 0; - // int digest_len; - // unsigned char digest[SHA512_DIGEST_LENGTH]; /* init with max length */ - - // if ((ctx_verify = EVP_PKEY_CTX_new(oqs_key->classical_pkey, NULL)) == NULL || - // EVP_PKEY_verify_init(ctx_verify) <= 0) { - // ECerr(EC_F_PKEY_OQS_DIGESTVERIFY, ERR_R_FATAL); - // EVP_PKEY_CTX_free(ctx_verify); - // return 0; - // } - // if (classical_id == EVP_PKEY_RSA) { - // if (EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PADDING) <= 0) { - // ECerr(EC_F_PKEY_OQS_DIGESTVERIFY, ERR_R_FATAL); - // EVP_PKEY_CTX_free(ctx_verify); - // return 0; - // } - // } - // DECODE_UINT32(actual_classical_sig_len, sig); - // /* classical schemes can't sign arbitrarily large data; we hash it first */ - // switch (oqs_key->s->claimed_nist_level) { - // case 1: - // classical_md = EVP_sha256(); - // digest_len = SHA256_DIGEST_LENGTH; - // SHA256(tbs, tbslen, (unsigned char*) &digest); - // break; - // case 2: - // case 3: - // classical_md = EVP_sha384(); - // digest_len = SHA384_DIGEST_LENGTH; - // SHA384(tbs, tbslen, (unsigned char*) &digest); - // break; - // case 4: - // case 5: - // default: - // classical_md = EVP_sha512(); - // digest_len = SHA512_DIGEST_LENGTH; - // SHA512(tbs, tbslen, (unsigned char*) &digest); - // break; - // } - // if (EVP_PKEY_CTX_set_signature_md(ctx_verify, classical_md) <= 0) { - // ECerr(EC_F_PKEY_OQS_DIGESTVERIFY, ERR_R_FATAL); - // return 0; - // } - // if (EVP_PKEY_verify(ctx_verify, sig + SIZE_OF_UINT32, actual_classical_sig_len, digest, (size_t)digest_len) <= 0) { - // ECerr(EC_F_PKEY_OQS_DIGESTVERIFY, EC_R_VERIFICATION_FAILED); - // return 0; - // } - // classical_sig_len = SIZE_OF_UINT32 + actual_classical_sig_len; - // index += classical_sig_len; - // EVP_PKEY_CTX_free(ctx_verify); - // } - - PKI_DEBUG("Verifying %d bytes of data", tbslen); - - if (OQS_SIG_verify(oqs_key->s, tbs, tbslen, sig + index, siglen /* - classical_sig_len */, oqs_key->pubkey) != OQS_SUCCESS) { - ECerr(EC_F_PKEY_OQS_DIGESTVERIFY, EC_R_VERIFICATION_FAILED); - return 0; - } - - return 1; -} - -int pkey_oqs_digestcustom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) { - return 1; -} - -#endif // End of ENABLE_OQS diff --git a/src/openssl/pqc/pqc_pkey_meth.h b/src/openssl/pqc/pqc_pkey_meth.h deleted file mode 100644 index df97ed1e..00000000 --- a/src/openssl/pqc/pqc_pkey_meth.h +++ /dev/null @@ -1,88 +0,0 @@ - -#ifndef _LIBPKI_PQC_PKEY_METH_LOCAL_H -#define _LIBPKI_PQC_PKEY_METH_LOCAL_H - -// Include the library configuration -#ifdef __LIB_BUILD__ -#include -#else -#include -#endif - -#ifdef ENABLE_OQS - -#ifndef _LIBPKI_OS_H -#include -#endif - -#ifndef _LIBPKI_COMPAT_H -#include -#endif - -#ifndef _LIBPKI_PQC_DEFS_H -#include -#endif - -#ifndef LIBPKI_X509_DATA_ST_H -#include "../internal/x509_data_st.h" -#endif - -#ifndef _LIBPKI_PQC_TOOLS_H -#include "pqc_tools.h" -#endif - -#ifndef HEADER_ERR_H -#include -#endif - -BEGIN_C_DECLS - -// ======================= -// EVP PKEY Meth Functions -// ======================= - -int pkey_oqs_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); - -int pkey_oqs_keygen_init(EVP_PKEY_CTX *ctx); - -int pkey_oqs_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); - -int pkey_oqs_sign_init(EVP_PKEY_CTX *ctx); - -int pkey_oqs_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen); - -int pkey_oqs_verify_init(EVP_PKEY_CTX *ctx); - -int pkey_oqs_verify(EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen); - -int pkey_oqs_signctx_init (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); - -int pkey_oqs_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, EVP_MD_CTX *mctx); - -int pkey_oqs_verifyctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); - -int pkey_oqs_verifyctx(EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, - EVP_MD_CTX *mctx); - -int pkey_oqs_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); - -int pkey_oqs_digestsign(EVP_MD_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen); - -int pkey_oqs_digestverify(EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen); - -int pkey_oqs_digestcustom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); - - -END_C_DECLS - -#endif // End of ENABLE_OQS - -#endif // End of _LIBPKI_PQC_PKEY_METH_LOCAL_H diff --git a/src/openssl/pqc/pqc_tools.c b/src/openssl/pqc/pqc_tools.c deleted file mode 100644 index 4ad1a886..00000000 --- a/src/openssl/pqc/pqc_tools.c +++ /dev/null @@ -1,459 +0,0 @@ -// Local Include -#include "pqc_tools.h" - -// ========= -// Functions -// ========= - -#ifdef ENABLE_OQS - -int oqssl_sig_nids_list[] = { -///// OQS_TEMPLATE_FRAGMENT_LIST_KNOWN_NIDS_START - NID_dilithium2, - NID_p256_dilithium2, - NID_rsa3072_dilithium2, - NID_dilithium3, - NID_p384_dilithium3, - NID_dilithium5, - NID_p521_dilithium5, - NID_falcon512, - NID_p256_falcon512, - NID_rsa3072_falcon512, - NID_falcon1024, - NID_p521_falcon1024, - NID_sphincssha2128fsimple, - NID_p256_sphincssha2128fsimple, - NID_rsa3072_sphincssha2128fsimple, - NID_sphincssha2128ssimple, - NID_p256_sphincssha2128ssimple, - NID_rsa3072_sphincssha2128ssimple, - NID_sphincssha2192fsimple, - NID_p384_sphincssha2192fsimple, - NID_sphincsshake128fsimple, - NID_p256_sphincsshake128fsimple, - NID_rsa3072_sphincsshake128fsimple, - NID_sphincssha2128ssimple, - NID_sphincssha2192fsimple, -/////// OQS_TEMPLATE_FRAGMENT_LIST_KNOWN_NIDS_END -}; -#ifdef OQS_OPENSSL_SIG_algs_length -#undef OQS_OPENSSL_SIG_algs_length -#endif - -#define OQS_OPENSSL_SIG_algs_length 25 - -int oqssl_kem_nids_list[] = { -///// OQS_TEMPLATE_FRAGMENT_LIST_KNOWN_KEM_NIDS_START - NID_frodo640aes, - NID_frodo640shake, - NID_frodo976aes, - NID_frodo976shake, - NID_frodo1344aes, - NID_frodo1344shake, - NID_kyber512, - NID_kyber768, - NID_kyber1024, - NID_bikel1, - NID_bikel3, - NID_bikel5, - NID_hqc128, - NID_hqc192, - NID_hqc256, -/////// OQS_TEMPLATE_FRAGMENT_LIST_KNOWN_KEM_NIDS_END -}; - -// Size of the oqssl_kem_nids_list -#ifdef OQS_OPENSSL_KEM_algs_length -#undef OQS_OPENSSL_KEM_algs_length -#endif - -#define OQS_OPENSSL_KEM_algs_length 15 - -int* sig_nid_list = NULL; -int* kem_nid_list = NULL; - -int* _get_oqssl_sig_nids() { - if (!sig_nid_list) { - sig_nid_list = OPENSSL_malloc(sizeof(oqssl_sig_nids_list)); - memcpy(sig_nid_list, oqssl_sig_nids_list, sizeof(oqssl_sig_nids_list)); - } - return sig_nid_list; -} - -int* _get_oqssl_kem_nids() { - if (!kem_nid_list) { - kem_nid_list = OPENSSL_malloc(sizeof(oqssl_kem_nids_list)); - memcpy(kem_nid_list, oqssl_kem_nids_list, sizeof(oqssl_kem_nids_list)); - } - return kem_nid_list; -} - -/* - * Maps OpenSSL NIDs to OQS IDs - */ -char* _get_oqs_alg_name(int openssl_nid) -{ - switch (openssl_nid) - { -///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_ALG_START - case NID_dilithium2: - case NID_p256_dilithium2: - case NID_rsa3072_dilithium2: - return OQS_SIG_alg_dilithium_2; - case NID_dilithium3: - case NID_p384_dilithium3: - return OQS_SIG_alg_dilithium_3; - case NID_dilithium5: - case NID_p521_dilithium5: - return OQS_SIG_alg_dilithium_5; - case NID_falcon512: - case NID_p256_falcon512: - case NID_rsa3072_falcon512: - return OQS_SIG_alg_falcon_512; - case NID_falcon1024: - case NID_p521_falcon1024: - return OQS_SIG_alg_falcon_1024; - case NID_sphincssha2128fsimple: - case NID_p256_sphincssha2128fsimple: - case NID_rsa3072_sphincssha2128fsimple: - return OQS_SIG_alg_sphincs_sha2_128f_simple; - case NID_sphincssha2128ssimple: - case NID_p256_sphincssha2128ssimple: - case NID_rsa3072_sphincssha2128ssimple: - return OQS_SIG_alg_sphincs_sha2_128s_simple; - case NID_sphincssha2192fsimple: - case NID_p384_sphincssha2192fsimple: - return OQS_SIG_alg_sphincs_sha2_192f_simple; - case NID_sphincsshake128fsimple: - case NID_p256_sphincsshake128fsimple: - case NID_rsa3072_sphincsshake128fsimple: - return OQS_SIG_alg_sphincs_shake_128f_simple; - case NID_frodo640aes: - case NID_p256_frodo640aes: - return OQS_KEM_alg_frodokem_640_aes; - case NID_frodo640shake: - case NID_p256_frodo640shake: - return OQS_KEM_alg_frodokem_640_shake; - case NID_frodo976aes: - case NID_p384_frodo976aes: - return OQS_KEM_alg_frodokem_976_aes; - case NID_frodo976shake: - case NID_p384_frodo976shake: - return OQS_KEM_alg_frodokem_976_shake; - case NID_frodo1344aes: - case NID_p521_frodo1344aes: - return OQS_KEM_alg_frodokem_1344_aes; - case NID_frodo1344shake: - case NID_p521_frodo1344shake: - return OQS_KEM_alg_frodokem_1344_shake; - case NID_kyber512: - case NID_p256_kyber512: - return OQS_KEM_alg_kyber_512; - case NID_kyber768: - case NID_p384_kyber768: - return OQS_KEM_alg_kyber_768; - case NID_kyber1024: - case NID_p521_kyber1024: - return OQS_KEM_alg_kyber_1024; - case NID_bikel1: - case NID_p256_bikel1: - return OQS_KEM_alg_bike_l1; - case NID_bikel3: - case NID_p384_bikel3: - return OQS_KEM_alg_bike_l3; - case NID_bikel5: - case NID_p521_bikel5: - return OQS_KEM_alg_bike_l5; - case NID_hqc128: - case NID_p256_hqc128: - return OQS_KEM_alg_hqc_128; - case NID_hqc192: - case NID_p384_hqc192: - return OQS_KEM_alg_hqc_192; - case NID_hqc256: - case NID_p521_hqc256: - return OQS_KEM_alg_hqc_256; -///// OQS_TEMPLATE_FRAGMENT_ASSIGN_SIG_ALG_END - - // Experimental - default: { - int custom_nids[1] = { 0 }; - custom_nids[0] = OBJ_txt2nid(OPENCA_ALG_PKEY_EXP_DILITHIUMX_NAME); - - // Checks the custom nids - if (openssl_nid == custom_nids[0]) { - return OQS_SIG_alg_dilithium_2; - } - - // Not Found - Error - return NULL; - } - } - -} - - -/* - * Initializes a OQS_KEY, given an OpenSSL NID. This function only initializes - * the post-quantum key, not the classical one (for hybrid schemes) - */ -int oqs_key_init(OQS_KEY **p_oqs_key, int nid, oqs_key_type_t keytype) { - OQS_KEY *oqs_key = NULL; - const char* oqs_alg_name = _get_oqs_alg_name(nid); - - oqs_key = OPENSSL_zalloc(sizeof(*oqs_key)); - if (oqs_key == NULL) { - ECerr(0, ERR_R_MALLOC_FAILURE); - goto err; - } - oqs_key->nid = nid; - if (!OQS_SIG_alg_is_enabled(oqs_alg_name)) - fprintf(stderr, "Warning: OQS algorithm '%s' not enabled.\n", oqs_alg_name); - oqs_key->s = OQS_SIG_new(oqs_alg_name); - if (oqs_key->s == NULL) { - /* TODO: Perhaps even check if the alg is available earlier in the stack. */ - ECerr(EC_F_OQS_KEY_INIT, EC_R_NO_SUCH_OQS_ALGORITHM); - goto err; - } - oqs_key->pubkey = OPENSSL_malloc(oqs_key->s->length_public_key); - if (oqs_key->pubkey == NULL) { - ECerr(0, ERR_R_MALLOC_FAILURE); - goto err; - } - /* Optionally allocate the private key */ - if (keytype == KEY_TYPE_PRIVATE) { - oqs_key->privkey = OPENSSL_secure_malloc(oqs_key->s->length_secret_key); - if (oqs_key->privkey == NULL) { - ECerr(EC_F_OQS_KEY_INIT, ERR_R_MALLOC_FAILURE); - goto err; - } - } - oqs_key->security_bits = get_oqs_security_bits(nid); - *p_oqs_key = oqs_key; - return 1; - - err: - oqs_pkey_ctx_free(oqs_key); - return 0; -} - -/* - * Returns the security level in bits for an OQS alg. - */ -int get_oqs_security_bits(int openssl_nid) -{ - switch (openssl_nid) - { -///// OQS_TEMPLATE_FRAGMENT_GET_SIG_SECURITY_BITS_START - case NID_dilithium2: - case NID_p256_dilithium2: - case NID_rsa3072_dilithium2: - return 128; - case NID_dilithium3: - case NID_p384_dilithium3: - return 192; - case NID_dilithium5: - case NID_p521_dilithium5: - return 256; - case NID_falcon512: - case NID_p256_falcon512: - case NID_rsa3072_falcon512: - return 128; - case NID_falcon1024: - case NID_p521_falcon1024: - return 256; - case NID_sphincssha2128fsimple: - case NID_p256_sphincssha2128fsimple: - case NID_rsa3072_sphincssha2128fsimple: - return 128; - case NID_sphincssha2128ssimple: - case NID_p256_sphincssha2128ssimple: - case NID_rsa3072_sphincssha2128ssimple: - return 128; - case NID_sphincssha2192fsimple: - case NID_p384_sphincssha2192fsimple: - return 192; - case NID_sphincsshake128fsimple: - case NID_p256_sphincsshake128fsimple: - case NID_rsa3072_sphincsshake128fsimple: - return 128; -///// OQS_TEMPLATE_FRAGMENT_GET_SIG_SECURITY_BITS_END - default: - // Hack for dynamic methods - if (openssl_nid == OBJ_sn2nid("DilithiumX")) { - return 256; - } - return 0; - } -} - -/* - * Frees the OQS_KEY, including its keys. - */ -void oqs_pkey_ctx_free(OQS_KEY* key) { - size_t privkey_len = 0; - if (key == NULL) { - return; - } - if (key->s) { - privkey_len = key->s->length_secret_key; - OQS_SIG_free(key->s); - } - if (key->privkey) { - OPENSSL_secure_clear_free(key->privkey, privkey_len); - } - if (key->pubkey) { - OPENSSL_free(key->pubkey); - } - // if (key->classical_pkey) { - // EVP_PKEY_free(key->classical_pkey); - // } - OPENSSL_free(key); -} - -/* - * Returns options when running OQS KEM, e.g., in openssl speed - */ -const char *OQSKEM_options(void) -{ - size_t offset; -// TODO: Revisit which OQS_COMPILE_FLAGS to show -#ifdef OQS_COMPILE_CFLAGS - const char* OQSKEMALGS = "OQS KEM build : "; - char* result = OPENSSL_zalloc(strlen(OQS_COMPILE_CFLAGS)+OQS_OPENSSL_KEM_algs_length*40); // OK, a bit pessimistic but this will be removed very soon... - memcpy(result, OQSKEMALGS, offset = strlen(OQSKEMALGS)); - memcpy(result+offset, OQS_COMPILE_CFLAGS, strlen(OQS_COMPILE_CFLAGS)); - offset += strlen(OQS_COMPILE_CFLAGS); -#else - const char* OQSKEMALGS = ""; - char* result = OPENSSL_zalloc(OQS_OPENSSL_KEM_algs_length*40); // OK, a bit pessimistic but this will be removed very soon... - memcpy(result, OQSKEMALGS, offset = strlen(OQSKEMALGS)); -#endif - - result[offset++]='-'; - int i; - for (i=0; iclassical_pkey = EVP_PKEY_new()) == NULL || -// !EVP_PKEY_set_type(oqs_key->classical_pkey, NID_X9_62_id_ecPublicKey) || -// !EVP_PKEY_assign_EC_KEY(oqs_key->classical_pkey, ec_key)) { -// ECerr(0, ERR_R_FATAL); -// goto end; -// } - -// rv = 1; /* success */ - -// end: -// if (rv == 0 && ecgroup) EC_GROUP_free(ecgroup); -// if (rv == 0 && ec_key) EC_KEY_free(ec_key); -// return rv; -// } - -int oqs_int_update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - OQS_KEY *oqs_key = (OQS_KEY*) EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ptr; - - /* chose SHA512 as default digest if none other explicitly set */ - if (oqs_key->digest == NULL) { - if ((oqs_key->digest = EVP_MD_CTX_create()) == NULL) { - return 0; - } - - if (EVP_DigestInit_ex(oqs_key->digest, EVP_sha512(), NULL) <= 0) { - return 0; - } - } - - if(EVP_DigestUpdate(oqs_key->digest, data, count)<=0) { - return 0; - } - return 1; -} - -#endif // End of ENABLE_OQS \ No newline at end of file diff --git a/src/openssl/pqc/pqc_tools.h b/src/openssl/pqc/pqc_tools.h deleted file mode 100644 index 7faff6e7..00000000 --- a/src/openssl/pqc/pqc_tools.h +++ /dev/null @@ -1,84 +0,0 @@ - -#ifndef _LIBPKI_PQC_TOOLS_H -#define _LIBPKI_PQC_TOOLS_H - -// Library configuration -#ifdef __LIB_BUILD__ -#include -#else -#include -#endif - -#ifdef ENABLE_OQS - -#ifndef _LIBPKI_OS_H -#include -#endif - -#ifndef _LIBPKI_COMPAT_H -#include -#endif - -#ifndef _LIBPKI_PQC_DEFS_H -#include -#endif - -#ifndef LIBPKI_X509_DATA_ST_H -#include "../internal/x509_data_st.h" -#endif - -#ifndef HEADER_ERR_H -#include -#endif - -#ifndef _LIBPKI_PQC_LOCAL_H -#include "pqc_data_st.h" -#endif - -#ifndef _LIBPKI_LOG_H -#include -#endif - -#ifndef _LIBPKI_OID_DEFS_H -#include -#endif - -BEGIN_C_DECLS - -int* _get_oqssl_sig_nids(void); - -int* _get_oqssl_kem_nids(void); - -char* _get_oqs_alg_name(int openssl_nid); - -const char *_OQSKEM_options(void); - -const char *_OQSSIG_options(void); - -// int is_oqs_hybrid_alg(int openssl_nid); - -// int get_classical_nid(int hybrid_id); - -int get_oqs_nid(int hybrid_id); - -// int get_classical_key_len(oqs_key_type_t keytype, int classical_id); - -// int get_classical_sig_len(int classical_id); - -int oqs_key_init(OQS_KEY **p_oqs_key, int nid, oqs_key_type_t keytype); - -int get_oqs_security_bits(int openssl_nid); - -void oqs_pkey_ctx_free(OQS_KEY* key); - -// int is_EC_nid(int nid); - -// int decode_EC_key(oqs_key_type_t keytype, int nid, const unsigned char* encoded_key, int key_len, OQS_KEY* oqs_key); - -int oqs_int_update(EVP_MD_CTX *ctx, const void *data, size_t count); - -END_C_DECLS - -#endif // End of ENABLE_OQS - -#endif // End of _LIBPKI_PQC_TOOLS_H diff --git a/src/openssl/Makefile.am b/src/pkix/Makefile.am similarity index 100% rename from src/openssl/Makefile.am rename to src/pkix/Makefile.am diff --git a/src/cmc/Makefile.am b/src/pkix/cmc/Makefile.am similarity index 100% rename from src/cmc/Makefile.am rename to src/pkix/cmc/Makefile.am diff --git a/src/cmc/Makefile.in b/src/pkix/cmc/Makefile.in similarity index 100% rename from src/cmc/Makefile.in rename to src/pkix/cmc/Makefile.in diff --git a/src/cmc/asn1.c b/src/pkix/cmc/asn1.c similarity index 100% rename from src/cmc/asn1.c rename to src/pkix/cmc/asn1.c diff --git a/src/cmc/cmc_cert_req.c b/src/pkix/cmc/cmc_cert_req.c similarity index 100% rename from src/cmc/cmc_cert_req.c rename to src/pkix/cmc/cmc_cert_req.c diff --git a/src/cmc/cmc_simple.c b/src/pkix/cmc/cmc_simple.c similarity index 100% rename from src/cmc/cmc_simple.c rename to src/pkix/cmc/cmc_simple.c diff --git a/src/est/Makefile.am b/src/pkix/est/Makefile.am similarity index 100% rename from src/est/Makefile.am rename to src/pkix/est/Makefile.am diff --git a/src/est/Makefile.in b/src/pkix/est/Makefile.in similarity index 100% rename from src/est/Makefile.in rename to src/pkix/est/Makefile.in diff --git a/src/est/pki_x509_est_asn1.c b/src/pkix/est/pki_x509_est_asn1.c similarity index 100% rename from src/est/pki_x509_est_asn1.c rename to src/pkix/est/pki_x509_est_asn1.c diff --git a/src/est/pki_x509_est_attr.c b/src/pkix/est/pki_x509_est_attr.c similarity index 99% rename from src/est/pki_x509_est_attr.c rename to src/pkix/est/pki_x509_est_attr.c index b89c0779..4c6c13fe 100644 --- a/src/est/pki_x509_est_attr.c +++ b/src/pkix/est/pki_x509_est_attr.c @@ -291,7 +291,7 @@ int PKI_X509_EST_MSG_get_attr_value_int(const PKI_X509_EST_MSG * const msg, PKI_MEM *PKI_X509_EST_MSG_new_trans_id(const PKI_X509_KEYPAIR * key) { - PKI_DIGEST *dgst = NULL; + CRYPTO_DIGEST *dgst = NULL; PKI_MEM *mem = NULL; if (!key || !key->value ) return NULL; diff --git a/src/est/pki_x509_est_data.c b/src/pkix/est/pki_x509_est_data.c similarity index 100% rename from src/est/pki_x509_est_data.c rename to src/pkix/est/pki_x509_est_data.c diff --git a/src/est/pki_x509_est_msg.c b/src/pkix/est/pki_x509_est_msg.c similarity index 100% rename from src/est/pki_x509_est_msg.c rename to src/pkix/est/pki_x509_est_msg.c diff --git a/src/prqp/Makefile.am b/src/pkix/ocsp/Makefile.am similarity index 100% rename from src/prqp/Makefile.am rename to src/pkix/ocsp/Makefile.am diff --git a/src/prqp/Makefile.in b/src/pkix/ocsp/Makefile.in similarity index 100% rename from src/prqp/Makefile.in rename to src/pkix/ocsp/Makefile.in diff --git a/src/openssl/pki_ocsp_req.c b/src/pkix/ocsp/pki_ocsp_req.c similarity index 100% rename from src/openssl/pki_ocsp_req.c rename to src/pkix/ocsp/pki_ocsp_req.c diff --git a/src/openssl/pki_ocsp_resp.c b/src/pkix/ocsp/pki_ocsp_resp.c similarity index 100% rename from src/openssl/pki_ocsp_resp.c rename to src/pkix/ocsp/pki_ocsp_resp.c diff --git a/src/pki_msg_req.c b/src/pkix/pki_msg_req.c similarity index 100% rename from src/pki_msg_req.c rename to src/pkix/pki_msg_req.c diff --git a/src/pki_msg_resp.c b/src/pkix/pki_msg_resp.c similarity index 100% rename from src/pki_msg_resp.c rename to src/pkix/pki_msg_resp.c diff --git a/src/pki_x509.c b/src/pkix/pki_x509.c similarity index 100% rename from src/pki_x509.c rename to src/pkix/pki_x509.c diff --git a/src/pkix/pki_x509_p12.c b/src/pkix/pki_x509_p12.c new file mode 100644 index 00000000..ca119a5a --- /dev/null +++ b/src/pkix/pki_x509_p12.c @@ -0,0 +1,1020 @@ +/* PKI_TOKEN write/load object management */ + +#include + +/* ----------------------- Internal PKCS12 functions ----------------------- */ + +enum bag_datatype_st { + BAG_DATATYPE_ALL = 0, + BAG_DATATYPE_KEYPAIR, + BAG_DATATYPE_CERT, + BAG_DATATYPE_CACERT, + BAG_DATATYPE_OTHERCERTS, + BAG_DATATYPE_UNKNOWN +}; + +/* Prototypes */ + +static STACK_OF(PKCS12_SAFEBAG) * _get_bags( + const PKI_X509_PKCS12 * const p12, + const char * const pwd); + +static void * _get_bags_data( + const STACK_OF(PKCS12_SAFEBAG) * bags, + int dataType, + const char * const pwd ); + +static void * _get_bag_value(PKCS12_SAFEBAG * bag, + int dataType, + const char * const pwd ); + +static PKI_X509_CERT * _get_cacert( + const PKI_X509_PKCS12 * const p12, + const PKI_X509_CERT * const x, + const char *pwd); + +static PKI_X509_CERT_STACK * _get_othercerts_stack( + const PKI_X509_PKCS12 * const p12, + const PKI_X509_CERT * const x, + const char * const pwd); + +static PKI_X509_KEYPAIR_STACK * _get_keypair_stack( + const PKI_X509_PKCS12 * const p12, + const char * const pwd); + +/* Internal Functions */ + +static STACK_OF(PKCS12_SAFEBAG) * _get_bags( + const PKI_X509_PKCS12 * const p12, + const char * const pwd) { + + STACK_OF(PKCS7) *asafes = NULL; + STACK_OF(PKCS12_SAFEBAG) *bags = NULL; + STACK_OF(PKCS12_SAFEBAG) *ret = NULL; + + int i, bagnid; + PKCS7 *p7 = NULL; + + if ( !p12 || !p12->value ) return NULL; + + if (!( asafes = PKCS12_unpack_authsafes(p12->value))) + return (NULL); + + if((ret = sk_PKCS12_SAFEBAG_new_null()) == NULL ) { + PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); + return NULL; + } + + for (i = 0; i < sk_PKCS7_num (asafes); i++) { + PKCS12_SAFEBAG *oneBag = NULL; + + p7 = sk_PKCS7_value (asafes, i); + bagnid = OBJ_obj2nid (p7->type); + if (bagnid == NID_pkcs7_data) { + bags = PKCS12_unpack_p7data(p7); + } else if (bagnid == NID_pkcs7_encrypted) { + if( pwd) { + bags=PKCS12_unpack_p7encdata(p7,pwd,(int)strlen(pwd)); + } else { + bags = PKCS12_unpack_p7encdata(p7, NULL, 0); + } + } else { + continue; + } + + if (!bags) { + PKI_DEBUG("No Bags got from PKCS7 # %d", i); + continue; + } + + while ((oneBag = sk_PKCS12_SAFEBAG_pop ( bags )) != NULL ){ + sk_PKCS12_SAFEBAG_push( ret, oneBag ); + } + + sk_PKCS12_SAFEBAG_free ( bags ); + bags = NULL; + } + + if( sk_PKCS12_SAFEBAG_num( ret ) < 1 ) { + PKI_log_debug("%s:%d::No SAFEBAGS found in P12!", + __FILE__, __LINE__ ); + sk_PKCS12_SAFEBAG_free ( ret ); + return ( NULL ); + } + + return ( ret ); +} + +static void * _get_bags_data ( + const STACK_OF(PKCS12_SAFEBAG) * bags, + int dataType, + const char * const pwd ) { + + int i; + + void *ret = NULL; + PKCS12_SAFEBAG *bag = NULL; + + if( !bags ) { + PKI_log_debug("_get_bags_data()::ERROR, no bags passed!"); + return ( NULL ); + } + + switch ( dataType ) { + case BAG_DATATYPE_KEYPAIR: + ret = PKI_STACK_X509_KEYPAIR_new(); + break; + case BAG_DATATYPE_CERT: + case BAG_DATATYPE_CACERT: + case BAG_DATATYPE_OTHERCERTS: + ret = PKI_STACK_X509_CERT_new(); + break; + default: + return ( NULL ); + } + + if( !ret ) { + PKI_log_debug("%s:%d::Memory Error", __FILE__, __LINE__ ); + return ( NULL ); + } + + for ( i=0 ; i < sk_PKCS12_SAFEBAG_num ( bags ); i++ ) { + PKI_STACK *bag_sk = NULL; + void *el = NULL; + + if((bag = sk_PKCS12_SAFEBAG_value ( bags, i )) == NULL ) { + PKI_log_debug("_get_bags_data()::No BaG got from " + "bags # %d", i ); + continue; + }; + + if((bag_sk = _get_bag_value ( bag, dataType, pwd )) == NULL ) { + // PKI_log_debug("_get_bags_data()::No BaG_SK got from " + // "bags # %d", i ); + continue; + } + + // PKI_log_debug("_get_bags_data()::Got %d data items (i=%d)", + // PKI_STACK_elements( bag_sk ), i); + + while ((el = PKI_STACK_pop ( bag_sk )) != NULL) { + PKI_STACK_push( ret, el ); + } + + if (bag_sk) PKI_STACK_free(bag_sk); + bag_sk = NULL; + } + + return ( ret ); +} + + +static void * _get_bag_value( + PKCS12_SAFEBAG *bag, + int dataType, + const char * const pwd ) { + + int type; + + PKI_X509_KEYPAIR_VALUE *pkey = NULL; + PKI_X509_KEYPAIR *k = NULL; + PKI_X509_CERT *cert = NULL; + PKI_X509_CERT_VALUE *cert_val = NULL; + + const PKCS8_PRIV_KEY_INFO *p8 = NULL; + + void *ret = NULL; + PKI_STACK *sk = NULL; + + type = M_PKCS12_bag_type ( bag ); + + switch ( type ) { + + case NID_keyBag: { + if( dataType != BAG_DATATYPE_KEYPAIR ) { + return ( NULL ); + }; +#if OPENSSL_VERSION_NUMBER > 0x1010000fL + p8 = PKCS12_SAFEBAG_get0_p8inf(bag); + if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) return NULL; +#else + p8 = bag->value.keybag; + if ((pkey = EVP_PKCS82PKEY((PKCS8_PRIV_KEY_INFO *)p8)) == NULL) return (NULL); +#endif + + // print_attribs (out, p8->attributes, "Key Attributes"); + // PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass); + // ret = EVP_PKEY_new(); + // EVP_PKEY_copy_parameters(ret, pkey); + if (( k = PKI_X509_KEYPAIR_new_null()) == NULL ) { + return NULL; + } + k->value = pkey; + ret = k; + } break; + + case NID_pkcs8ShroudedKeyBag: { + if( dataType != BAG_DATATYPE_KEYPAIR ) { + return ( NULL ); + }; + if (!(p8 = PKCS12_decrypt_skey(bag, pwd, (int) strlen(pwd)))) { + return ( NULL ); + } + +#if OPENSSL_VERSION_NUMBER > 0x1010000fL + if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) return (NULL); +#else + if ((pkey = EVP_PKCS82PKEY((PKCS8_PRIV_KEY_INFO *)p8)) == NULL) return (NULL); +#endif + + if (( k = PKI_X509_KEYPAIR_new_null()) == NULL ) { + return NULL; + } + k->value = pkey; + ret = k; + } break; + + case NID_certBag: { + if( (dataType != BAG_DATATYPE_CERT ) && + ( dataType != BAG_DATATYPE_CACERT ) && + (dataType != BAG_DATATYPE_OTHERCERTS)) { + return ( NULL ); + } + + // Checks it is not a key bag +#if OPENSSL_VERSION_NUMBER > 0x1010000fL + if (PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)) { + if (dataType != BAG_DATATYPE_CERT) return NULL; + } +#else + if (PKCS12_get_attr(bag, NID_localKeyID)) { + if (dataType != BAG_DATATYPE_CERT) return NULL; + } +#endif + + // print_attribs (out, bag->attrib, "Bag Attributes"); + if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) { + return ( NULL ); + } + if (!(cert_val = PKCS12_certbag2x509(bag))) { + return ( NULL ); + } + if(( cert = PKI_X509_CERT_new_null ()) == NULL ) { + X509_free ( cert_val ); + return NULL; + } + + cert->value = cert_val; + ret = cert; + } break; + + case NID_safeContentsBag: { + // PKI_log_debug("Found Bag => TYPE is NID_safeContentsBag"); + const STACK_OF(PKCS12_SAFEBAG) * safes = NULL; + + // Get the SafeBags +#if OPENSSL_VERSION_NUMBER > 0x1010000fL + safes = PKCS12_SAFEBAG_get0_safes(bag); +#else + safes = bag->value.safes; +#endif + + // If no safe bags, let's return NULL + if (!safes) return NULL; + + // Returns the SafeBags Data + return _get_bags_data(safes, dataType, pwd); + + } break; + + default: { + PKI_log_debug("ERROR::P12 BAG type not supported (%d)", + type ); + return (NULL); + } + } + + switch ( dataType ) { + case BAG_DATATYPE_KEYPAIR: + sk = PKI_STACK_X509_KEYPAIR_new(); + PKI_STACK_X509_KEYPAIR_push ( + (PKI_X509_KEYPAIR_STACK *) sk, + (PKI_X509_KEYPAIR *) ret ); + break; + case BAG_DATATYPE_CERT: + case BAG_DATATYPE_CACERT: + case BAG_DATATYPE_OTHERCERTS: + sk = PKI_STACK_X509_CERT_new(); + PKI_STACK_X509_CERT_push ( (PKI_X509_CERT_STACK *) sk, + (PKI_X509_CERT *) ret ); + break; + } + + return ( sk ); +} + +static PKI_X509_CERT_STACK * _get_cert_stack( + const PKI_X509_PKCS12 * const p12, + const char * const pwd) { + + STACK_OF(PKCS12_SAFEBAG) *sk_bags = NULL; + PKI_X509_CERT_STACK *ret = NULL; + + // PKI_log_debug("_get_cert_stack()::Start()!"); + + if((sk_bags = _get_bags ( p12, pwd )) == NULL ) { + PKI_log_debug("_get_cert_stack()::No Bags found!"); + return ( NULL ); + } + + // PKI_log_debug("_get_cert_stack()::Got %d Bags found!", + // sk_PKCS12_SAFEBAG_num( sk_bags) ); + ret = _get_bags_data ( sk_bags, BAG_DATATYPE_CERT, pwd ); + // PKI_log_debug("_get_cert_stack()::Got %d Certs back", + // PKI_STACK_X509_CERT_elements( ret )); + + // PKI_log_debug("_get_cert_stack()::END()!"); + return ( ret ); +} + + +static PKI_X509_CERT * _get_cacert ( + const PKI_X509_PKCS12 * const p12, + const PKI_X509_CERT * const client, + const char * const pwd) { + + STACK_OF(PKCS12_SAFEBAG) *sk_bags = NULL; + PKI_X509_CERT_STACK *ca_sk = NULL; + + PKI_X509_CERT *cacert = NULL; + PKI_X509_CERT *ret = NULL; + + const PKI_X509_CERT *x = NULL; + + PKI_CRED cred; + PKI_CRED *cred_pnt = NULL; + + int i = 0; + + if (!p12 || !p12->value) return NULL; + + if ((sk_bags = _get_bags(p12, pwd)) == NULL) return NULL; + + x = client; + + if( pwd ) { + cred.password = pwd; + cred_pnt = &cred; + } + + if (x == NULL) { + if ((x = PKI_X509_PKCS12_get_cert( p12, cred_pnt )) == NULL ) { + PKI_DEBUG("Can not find user cert in P12"); + return NULL; + } + } + + if ((ca_sk = _get_bags_data(sk_bags, BAG_DATATYPE_CACERT, pwd)) == NULL) { + // No Bags DATA found + return NULL; + } + + for (i = 0; i < PKI_STACK_X509_CERT_elements(ca_sk); i++ ) { + + if ((cacert = PKI_STACK_X509_CERT_get_num(ca_sk, i)) == NULL) continue; + + if ((X509_check_issued(cacert->value, x->value)) == X509_V_OK) { + // Found CA Cert - Exit Cycle + break; + } + + // Resets the pointer + cacert = NULL; + } + + // Duplicate the CA certificate + if (cacert) ret = PKI_X509_CERT_dup(cacert); + + // Free allocated memory + if (!client && x) PKI_X509_CERT_free((PKI_X509_CERT *)x); + if (ca_sk) PKI_STACK_X509_CERT_free(ca_sk); + + return ret; +} + +static PKI_X509_CERT_STACK * _get_othercerts_stack( + const PKI_X509_PKCS12 * const p12, + const PKI_X509_CERT * const cacert, + const char * const pwd){ + + STACK_OF(PKCS12_SAFEBAG) *sk_bags = NULL; + PKI_X509_CERT_STACK *x_sk = NULL; + const PKI_X509_CERT *ca_cert = NULL; + PKI_X509_CERT *user_cert = NULL; + PKI_X509_CERT_VALUE *ca_cert_val = NULL; + PKI_X509_CERT_VALUE *user_cert_val = NULL; + PKI_CRED cred; + + int i=0; + + memset ( &cred, 0L, sizeof( cred )); + + if (!p12 || !p12->value) return NULL; + + if ((sk_bags = _get_bags(p12, pwd)) == NULL) return NULL; + + if ((x_sk = _get_bags_data(sk_bags, BAG_DATATYPE_OTHERCERTS, pwd)) == NULL) { + return ( x_sk ); + } + + if (pwd) cred.password = pwd; + + if (!cacert) ca_cert = _get_cacert( p12, NULL, pwd); + else ca_cert = cacert; + + if (ca_cert) ca_cert_val = ca_cert->value; + + user_cert = PKI_X509_PKCS12_get_cert(p12, &cred); + if (user_cert) user_cert_val = user_cert->value; + + if (!ca_cert_val && !user_cert_val) return x_sk; + + for (i = 0; i < PKI_STACK_X509_CERT_elements(x_sk); i++) { + + PKI_X509_CERT *x = NULL; + + x = PKI_STACK_X509_CERT_get_num ( x_sk, i ); + if( (ca_cert) && (X509_cmp( x->value, ca_cert_val) == 0) ) { + x = PKI_STACK_X509_CERT_del_num ( x_sk, i ); + PKI_X509_CERT_free ( x ); + continue; + } + + if (user_cert_val && X509_cmp (x->value, user_cert_val ) == 0) { + x = PKI_STACK_X509_CERT_del_num ( x_sk, i ); + PKI_X509_CERT_free ( x ); + continue; + } + } + + if (!cacert && ca_cert) PKI_X509_CERT_free((PKI_X509_CERT *)ca_cert); + if (user_cert) PKI_X509_CERT_free (user_cert); + + return ( x_sk ); +} + +static PKI_X509_KEYPAIR_STACK * _get_keypair_stack( + const PKI_X509_PKCS12 * const p12, + const char * const pwd) { + + STACK_OF(PKCS12_SAFEBAG) *sk_bags = NULL; + PKI_X509_KEYPAIR_STACK *ret = NULL; + + if ((sk_bags = _get_bags ( p12, pwd )) == NULL) { + PKI_DEBUG("No Keypair found"); + return NULL; + } + + ret = _get_bags_data(sk_bags, BAG_DATATYPE_KEYPAIR, pwd); + return ( ret ); +} + +static int _pki_p12_copy_bag_attr(PKCS12_SAFEBAG * bag, + const PKI_X509_KEYPAIR * const k, + int nid) { + + int idx; + X509_ATTRIBUTE *attr; + STACK_OF(X509_ATTRIBUTE) * attr_sk = NULL; + + if( !k || !k->value || !bag ) return PKI_ERR; + + idx = EVP_PKEY_get_attr_by_NID(k->value, nid, -1); + + if (idx < 0) return (PKI_OK); + + attr = EVP_PKEY_get_attr(k->value, idx); +#if OPENSSL_VERSION_NUMBER > 0x1010000fL + attr_sk = (STACK_OF(X509_ATTRIBUTE) *)PKCS12_SAFEBAG_get0_attrs(bag); +#else + attr_sk = bag->attrib; +#endif + + if (!X509at_add1_attr(&attr_sk, attr)) return PKI_ERR; + + return (PKI_OK); +} +/* ----------------------- Exported PKCS12 functions ----------------------- */ + +/*! \brief Allocates memory for a new PKI_X509_PKCS12 object */ + +PKI_X509_PKCS12 *PKI_X509_PKCS12_new_null ( void ) { + + PKI_X509_PKCS12 *p12 = NULL; + + if((p12 = PKI_X509_new( PKI_DATATYPE_X509_PKCS12, NULL )) == NULL ) { + return NULL; + } + + /* Returns the result */ + return ( p12 ); +} + +/*! \brief Releases the memory associated with a PKI_X509_PKCS12 object */ + +void PKI_X509_PKCS12_free ( PKI_X509_PKCS12 *p12 ) { + + if ( p12 ) PKI_X509_free ( p12 ); + + return; +} + +void PKI_X509_PKCS12_free_void ( void *p12 ) { + + if( p12 ) PKI_X509_free ( (PKI_X509_PKCS12 *) p12 ); + + return; +} + +/*! \brief Verifies the MAC against the passed credentials */ + +int PKI_X509_PKCS12_verify_cred(const PKI_X509_PKCS12 * const p12, + const PKI_CRED * const cred ) { + + int macVerified = PKI_ERR; + + if( !cred || !cred->password ) { + if( PKCS12_verify_mac( p12->value, NULL, 0) ) { + macVerified = PKI_OK; + } + } else if (PKCS12_verify_mac ( p12->value, cred->password, -1)) { + macVerified = PKI_OK; + } + + return macVerified; +} + +/*! \brief Returns the keypair present in a PKI_X509_PKCS12 object */ + +PKI_X509_KEYPAIR *PKI_X509_PKCS12_get_keypair( + const PKI_X509_PKCS12 * const p12, + const PKI_CRED * const cred ) { + + PKI_X509_KEYPAIR_STACK *sk = NULL; + PKI_X509_KEYPAIR *ret = NULL; + char *pwd = NULL; + + if( cred ) pwd = (char *) cred->password; + + if((sk = _get_keypair_stack( p12, pwd)) == NULL ) { + PKI_log_debug("PKI_X509_PKCS12_get_keypair()::Returned stack is " + "empty!"); + return ( NULL ); + } + + ret = PKI_STACK_X509_KEYPAIR_pop( sk ); + + PKI_STACK_X509_KEYPAIR_free ( sk ); + + return ( ret ); +} + +/*! \brief Returns a copy of the client (user) cert present + * in a PKI_X509_PKCS12 object */ + +PKI_X509_CERT *PKI_X509_PKCS12_get_cert( + const PKI_X509_PKCS12 * const p12, + const PKI_CRED * const cred ) { + + PKI_X509_CERT_STACK *sk = NULL; + PKI_X509_CERT *ret = NULL; + PKI_X509_CERT *x = NULL; + PKI_X509_KEYPAIR *key = NULL; + + int i = 0; + + char *pwd = NULL; + + if( !p12 || !p12->value ) return NULL; + + if( cred ) pwd = (char *) cred->password; + + if((key = PKI_X509_PKCS12_get_keypair ( p12, cred )) == NULL ) { + PKI_log_debug("ERROR::PKCS#12 without private key!"); + } + + if((sk = _get_cert_stack( p12, pwd)) == NULL ) { + return ( NULL ); + } + + for( i=0; i < PKI_STACK_X509_CERT_elements( sk ); i++ ) { + if((x = PKI_STACK_X509_CERT_get_num( sk, i )) == NULL ) { + continue; + } + if(key && X509_check_private_key(x->value, key->value)) { + // char *subj; + + // subj = PKI_X509_CERT_get_parsed(x, + // PKI_X509_DATA_SUBJECT ); + /* Cert and Key match, we found our cert! */ + ret = PKI_X509_dup( x ); + // PKI_log_debug("Cert Matching private Key: %s", subj ); + } else { + // char *subj; + + // subj = PKI_X509_CERT_get_parsed(x, + // PKI_X509_DATA_SUBJECT ); + // PKI_log_debug("Cert not matching key: %s", subj ); + // PKI_Free ( subj ); + } + } + + PKI_STACK_X509_CERT_free_all ( sk ); + + return ( ret ); +} + +/*! \brief Returns the CA cert present (if) in a PKI_X509_PKCS12 object */ + +PKI_X509_CERT *PKI_X509_PKCS12_get_cacert( + const PKI_X509_PKCS12 * const p12, + const PKI_CRED * const cred ) { + + PKI_X509_CERT *ret = NULL; + char *pwd = NULL; + + if (!p12 || !p12->value) return NULL; + + if (cred) pwd = (char *) cred->password; + + if ((ret = _get_cacert( p12, NULL, pwd)) == NULL) return NULL; + + return ( ret ); +} + +/*! \brief Returns all the certs besides the CA and the user cert present (if) + * in a PKI_X509_PKCS12 object */ + +PKI_X509_CERT_STACK *PKI_X509_PKCS12_get_otherCerts( + const PKI_X509_PKCS12 * const p12, + const PKI_CRED * const cred) { + + PKI_X509_CERT_STACK *sk = NULL; + PKI_X509_CERT *cacert = NULL; + char *pwd = NULL; + + if (!p12 || !p12->value) return NULL; + + if (cred) pwd = (char *) cred->password; + + if ((cacert = _get_cacert(p12, NULL, pwd)) != NULL) + sk = _get_othercerts_stack( p12, cacert, pwd); + + return sk; +} + +int PKI_X509_PKCS12_TOKEN_export( + const PKI_TOKEN * const tk, + const URL * const url, + int format, + HSM *hsm ) { + + if (!tk || !url) return PKI_ERR; + + /* + p12 = PKCS12_create(cpass, name, key, ucert, certs, + key_pbe, cert_pbe, iter, -1, keytype); + + if (!p12) + { + ERR_print_errors (bio_err); + goto export_end; + } + + if (maciter != -1) + PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, NULL); + + i2d_PKCS12_bio(out, p12); + */ + + return (PKI_ERR); +} + +/*! \brief Generates a new PKI_X509_PKCS12 object from a PKI_X509_PKCS12_DATA obj */ + +PKI_X509_PKCS12 * PKI_X509_PKCS12_new( + const PKI_X509_PKCS12_DATA * const p12_data, + const PKI_CRED * const cred) { + + PKI_X509_PKCS12 *ret = NULL; + char *pass = NULL; + int mac_iter = -1; + + if( !p12_data ) return ( NULL ); + + if(( ret = PKI_X509_PKCS12_new_null()) == NULL ) { + return NULL; + } + + /* let's add the safes */ + if((ret->value = PKCS12_add_safes((PKI_X509_PKCS12_DATA *)p12_data, + 0)) == NULL ) { + PKI_X509_PKCS12_free ( ret ); + return NULL; + } + + ret->cred = PKI_CRED_dup ( cred ); + + if( cred && cred->password ) { + pass = (char *) cred->password; + mac_iter = 1; + } + + if ((mac_iter != -1) && + !PKCS12_set_mac(ret->value, pass, -1, NULL, 0, mac_iter, NULL)){ + PKI_log_debug("ERROR, can not set mac iter!"); + PKI_X509_PKCS12_free (ret); + return ( NULL ); + } + + return ( ret ); +} + +/*! \brief Generates an empty PKI_X509_PKCS12_DATA object to be populated before + * using it to create a PKCS12 */ + +PKI_X509_PKCS12_DATA *PKI_X509_PKCS12_DATA_new ( void ) { + PKI_X509_PKCS12_DATA *ret = NULL; + + if((ret = sk_PKCS7_new_null()) == NULL ) { + PKI_log_debug("Memory Error!"); + return ( NULL ); + } + + return ( ret ); +} + +void PKI_X509_PKCS12_DATA_free ( PKI_X509_PKCS12_DATA *p12_data ) { + + if( !p12_data ) return; + + sk_PKCS7_pop_free(p12_data, PKCS7_free); + + return; +} + +/*! \brief Adds a Keypair (LocalKey) to the PKCS12 */ + +int PKI_X509_PKCS12_DATA_add_keypair( + PKI_X509_PKCS12_DATA *data, + const PKI_X509_KEYPAIR * const keypair, + const PKI_CRED * const cred ) { + + STACK_OF(PKCS12_SAFEBAG) *bags = NULL; + PKCS12_SAFEBAG *bag = NULL; + char *pass = NULL; + + CRYPTO_DIGEST *keyid; + int keytype = 0; + + /* Check Parameters */ + if( !data || !keypair ) return (PKI_ERR); + + if( cred && cred->password ) { + pass = (char *) cred->password; + } + + /* Get the Digest of the Public key */ + keyid = PKI_X509_KEYPAIR_pub_digest ( keypair, PKI_DIGEST_ALG_SHA1 ); + + /* Builds the bag for the PKCS12 */ + bag = PKCS12_add_key(&bags, keypair->value, keytype, + PKCS12_DEFAULT_ITER, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, + pass); + + if (!bag) { + PKI_log_debug("ERROR::Can not add bag to P12 (%s)", + ERR_error_string(ERR_get_error(), NULL )); + goto err; + } + + if ((_pki_p12_copy_bag_attr(bag, keypair, NID_ms_csp_name)) == PKI_ERR ) { + PKI_log_debug("ERROR::Can not copy bag attributes(%s)!", + ERR_error_string(ERR_get_error(),NULL)); + goto err; + } + if ((_pki_p12_copy_bag_attr(bag, keypair, + NID_localKeyID)) == PKI_ERR ) { + PKI_log_debug("ERROR::Can not copy bag attributes (%s)!", + ERR_error_string(ERR_get_error(), NULL)); + goto err; + } + + if( keyid ) { + if(!PKCS12_add_localkeyid( bag, keyid->digest, + (int) keyid->size )) { + PKI_log_debug("ERROR::Can not add p12 localkeyid (%s)!", + ERR_error_string(ERR_get_error(), NULL)); + goto err; + } + } + + if (bags && !PKCS12_add_safe(&data, bags, -1, 0, NULL)) { + PKI_log_debug("ERROR::Can not add bags to p12 (%s)!", + ERR_error_string(ERR_get_error(), NULL)); + goto err; + } + + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + PKI_DIGEST_free ( keyid ); + + return (PKI_OK); + +err: + + if (keyid) PKI_DIGEST_free ( keyid ); + if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + + return ( PKI_ERR ); +} + +/*! \brief Adds user certificate, cacertificate and trusted certs to P12 */ + +int PKI_X509_PKCS12_DATA_add_certs ( + PKI_X509_PKCS12_DATA *data, + const PKI_X509_CERT * const cert, + const PKI_X509_CERT * const cacert, + const PKI_X509_CERT_STACK * const trusted, + const PKI_CRED * const cred ) { + + STACK_OF(PKCS12_SAFEBAG) *bags = NULL; + PKCS12_SAFEBAG *bag = NULL; + PKI_X509_KEYPAIR *keypair = NULL; + CRYPTO_DIGEST *keyid = NULL; + + const PKI_X509_KEYPAIR_VALUE *pubKey = NULL; + + char *name = NULL; + char *pass = NULL; + + int nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + int iter = PKCS12_DEFAULT_ITER; + + if (!cert || !cert->value) return PKI_ERR; + + if (cred && cred->password) pass = (char *) cred->password; + + /* Get the Digest of the Public key */ + if ((pubKey = PKI_X509_CERT_get_data(cert, + PKI_X509_DATA_KEYPAIR_VALUE)) == NULL) { + PKI_ERROR(PKI_ERR_GENERAL, "Can not retrieve pubKey from the certificate"); + return ( PKI_ERR ); + } + + if ((keypair = PKI_X509_new(PKI_DATATYPE_X509_KEYPAIR, NULL)) == NULL) { + PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, NULL); + return PKI_ERR; + } + + keypair->value = (PKI_X509_KEYPAIR *)pubKey; + + if ((keyid = PKI_X509_KEYPAIR_pub_digest(keypair, + PKI_DIGEST_ALG_SHA1)) == NULL) { + PKI_ERROR(PKI_ERR_GENERAL, "Can not get keypair digest"); + return ( PKI_ERR ); + } + + keypair->value = NULL; + PKI_X509_KEYPAIR_free ( keypair ); + + if ((bag = PKCS12_add_cert(&bags, cert->value )) == NULL) + { + PKI_ERROR(PKI_ERR_GENERAL, "Can not add cert bag to the list of bags"); + return ( PKI_ERR ); + } + + name = PKI_X509_CERT_get_parsed( cert, PKI_X509_DATA_SUBJECT); + if (name && !PKCS12_add_friendlyname(bag, name, -1)) + { + PKI_ERROR(PKI_ERR_GENERAL, "can not add friendly name"); + PKI_DIGEST_free ( keyid ); + return ( PKI_ERR ); + } + PKI_Free(name); + name = NULL; // Safety + + if (keyid->size && !PKCS12_add_localkeyid(bag, keyid->digest, (int) keyid->size)) + { + PKI_ERROR(PKI_ERR_GENERAL, "can not add localkeyid"); + PKI_DIGEST_free ( keyid ); + return ( PKI_ERR ); + }; + + /* Let's free some memory */ + PKI_DIGEST_free ( keyid ); + + /* Adds the CA certificate */ + if (cacert && cacert->value) + { + if (!PKCS12_add_cert(&bags, cacert->value )) + { + PKI_ERROR(PKI_ERR_GENERAL, "can not add CA cert to P12"); + return PKI_ERR; + } + } + + /* Adds all the other certs */ + if (trusted) + { + int i = 0; + + for (i = 0; i < PKI_STACK_X509_CERT_elements (trusted); i++) + { + PKI_X509_CERT *x = NULL; + + x = PKI_STACK_X509_CERT_get_num(trusted, i); + if (x->value) + { + if (!PKCS12_add_cert(&bags, x->value)) + PKI_ERROR(PKI_ERR_GENERAL, "can not add certificate in bag"); + } + } + } + + if (bags && !PKCS12_add_safe(&data, bags, nid_cert, iter, pass)) + { + PKI_ERROR(PKI_ERR_GENERAL, "can not add data to PKCS12_DATA object"); + return PKI_ERR; + } + + /* Free more memory */ + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + + return PKI_OK; +} + +/*! \brief Adds a 'generic' list of certs to P12 */ + +int PKI_X509_PKCS12_DATA_add_other_certs( + PKI_X509_PKCS12_DATA *data, + const PKI_X509_CERT_STACK * const sk, + const PKI_CRED * const cred ) { + + STACK_OF(PKCS12_SAFEBAG) *bags = NULL; + char *pass = NULL; + + int nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + int iter = PKCS12_DEFAULT_ITER; + int i = 0; + + if( !data || !sk ) return ( PKI_ERR ); + + if( cred && cred->password ) { + pass = (char *) cred->password; + } + + for(i = 0; i < PKI_STACK_X509_CERT_elements (sk); i++) { + PKI_X509_CERT *x = NULL; + + x = PKI_STACK_X509_CERT_get_num ( sk, i); + if( x->value ) { + if (!PKCS12_add_cert(&bags, x->value)) { + PKI_log_debug("ERROR, can not add cert in bag"); + } + } + } + + if (bags && !PKCS12_add_safe(&data, bags, nid_cert, iter, pass)) { + PKI_log_err("ERROR, can not add data to PKCS12_DATA obj!"); + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + return ( PKI_ERR ); + } + + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + + return ( PKI_OK ); + +} + +/* ------------------------ PEM <-> INTERNAL Macros ------------------- */ + +PKI_X509_PKCS12_VALUE *PEM_read_bio_PKCS12( PKI_IO *bp ) { +#if OPENSSL_VERSION_NUMBER < 0x0090800fL + return (PKI_X509_PKCS12_VALUE *) + PEM_ASN1_read_bio( (char *(*)()) d2i_PKCS12, + PKI_X509_PKCS12_PEM_ARMOUR, bp, NULL, NULL, NULL); +#else + return (PKI_X509_PKCS12_VALUE *) + PEM_ASN1_read_bio( (void *(*)()) d2i_PKCS12, + PKI_X509_PKCS12_PEM_ARMOUR, bp, NULL, NULL, NULL); +#endif +} + +int PEM_write_bio_PKCS12( PKI_IO *bp, + const PKI_X509_PKCS12_VALUE * o ) { + + return PEM_ASN1_write_bio ( (int (*)())i2d_PKCS12, + PKI_X509_PKCS12_PEM_ARMOUR, bp, (char *) o, NULL, + NULL, 0, NULL, NULL ); +} + diff --git a/src/pkix/pki_x509_pkcs7.c b/src/pkix/pki_x509_pkcs7.c new file mode 100644 index 00000000..d4cb6870 --- /dev/null +++ b/src/pkix/pki_x509_pkcs7.c @@ -0,0 +1,1489 @@ +/* openssl/pki_x509_pkcs7.c */ + +#include + +#include "internal/x509_data_st.h" + +/* ------------------------------ internal (static ) ------------------------- */ + +static STACK_OF(X509) * __get_chain (const PKI_X509_PKCS7 * const p7) { + + STACK_OF(X509) *x_sk = NULL; + PKI_X509_PKCS7_TYPE type = 0; + + PKI_X509_PKCS7_VALUE *value = NULL; + + if( !p7 || !p7->value ) return ( PKI_ERR ); + + type = PKI_X509_PKCS7_get_type ( p7 ); + + value = p7->value; + + switch ( type ) { + case PKI_X509_PKCS7_TYPE_SIGNED: + x_sk = value->d.sign->cert; + break; + case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED: + x_sk = value->d.signed_and_enveloped->cert; + break; + default: + return NULL; + } + + return x_sk; +} + +static const STACK_OF(X509_CRL) *__get_crl (const PKI_X509_PKCS7 * const p7 ) { + + STACK_OF(X509_CRL) *x_sk = NULL; + PKI_X509_PKCS7_TYPE type = 0; + + PKI_X509_PKCS7_VALUE *value = NULL; + + if( !p7 || !p7->value ) return ( PKI_ERR ); + + type = PKI_X509_PKCS7_get_type ( p7 ); + + value = p7->value; + + switch ( type ) { + case PKI_X509_PKCS7_TYPE_SIGNED: + x_sk = value->d.sign->crl; + break; + case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED: + x_sk = value->d.signed_and_enveloped->crl; + break; + default: + return NULL; + } + + return x_sk; +} + + + +/*! \brief Returns the number of recipients */ + +int PKI_X509_PKCS7_get_recipients_num(const PKI_X509_PKCS7 * const p7 ) { + + STACK_OF(PKCS7_RECIP_INFO) *r_sk = NULL; + PKI_X509_PKCS7_VALUE *p7val = NULL; + + PKI_X509_PKCS7_TYPE type = 0; + int ret = 0; + + if ( !p7 || !p7->value ) return -1; + + if ( PKI_X509_PKCS7_has_recipients ( p7 ) == PKI_ERR ) { + return 0; + } + + p7val = p7->value; + + type = PKI_X509_PKCS7_get_type ( p7 ); + switch ( type ) { + case PKI_X509_PKCS7_TYPE_ENCRYPTED: + r_sk = p7val->d.enveloped->recipientinfo; + break; + case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED: + r_sk = p7val->d.signed_and_enveloped->recipientinfo; + break; + default: + r_sk = NULL; + } + + if ( r_sk ) { + ret = sk_PKCS7_RECIP_INFO_num ( r_sk ); + } + + return ret; +} + +/*! \brief Returns the number of signers */ + +int PKI_X509_PKCS7_get_signers_num(const PKI_X509_PKCS7 * const p7) { + + int ret = -1; + PKI_X509_PKCS7_TYPE type = PKI_X509_PKCS7_TYPE_UNKNOWN; + + PKI_X509_PKCS7_VALUE *p7val = NULL; + STACK_OF(PKCS7_SIGNER_INFO) *s_sk = NULL; + + if ( PKI_X509_PKCS7_has_signers ( p7 ) == PKI_ERR ) { + return 0; + } + + p7val = p7->value; + + type = PKI_X509_PKCS7_get_type ( p7 ); + + switch ( type ) { + case PKI_X509_PKCS7_TYPE_SIGNED: + s_sk = p7val->d.sign->signer_info; + break; + case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED: + s_sk = p7val->d.signed_and_enveloped->signer_info; + break; + default: + s_sk = NULL; + } + + if ( s_sk ) { + ret = sk_PKCS7_SIGNER_INFO_num ( s_sk ); + } + + return ret; +} + +const PKCS7_RECIP_INFO * PKI_X509_PKCS7_get_recipient_info( + const PKI_X509_PKCS7 * const p7, + int idx ) { + + PKI_X509_PKCS7_TYPE type = 0; + int recipients_num = 0; + PKCS7_RECIP_INFO *ret = NULL; + STACK_OF(PKCS7_RECIP_INFO) *r_sk = NULL; + PKI_X509_PKCS7_VALUE *p7val = NULL; + + if ( !p7 || !p7->value ) return NULL; + + p7val = p7->value; + + if((recipients_num = PKI_X509_PKCS7_get_recipients_num ( p7 )) <= 0 ) { + return NULL; + } + + if ( recipients_num < idx ) return NULL; + + type = PKI_X509_PKCS7_get_type ( p7 ); + switch ( type ) { + case PKI_X509_PKCS7_TYPE_ENCRYPTED: + r_sk = p7val->d.enveloped->recipientinfo; + break; + case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED: + r_sk = p7val->d.signed_and_enveloped->recipientinfo; + break; + default: + r_sk = NULL; + } + + if ( r_sk ) { + ret = sk_PKCS7_RECIP_INFO_value ( r_sk, idx ); + } + + return ret; + +} + +/*! \brief Returns a copy of the n-th recipient certificate */ + +const PKI_X509_CERT * PKI_X509_PKCS7_get_recipient_cert( + const PKI_X509_PKCS7 * const p7, + int idx ) { + + const PKCS7_RECIP_INFO *r_info = NULL; + + if ((r_info = PKI_X509_PKCS7_get_recipient_info ( p7, idx )) == NULL) + return NULL; + + return (const PKI_X509_CERT *)r_info->cert; +} + +/*! \brief Returns the encryption algorithm */ + +const PKI_X509_ALGOR_VALUE * PKI_X509_PKCS7_get_encode_alg( + const PKI_X509_PKCS7 * const p7) { + + PKI_X509_ALGOR_VALUE *ret = NULL; + PKI_X509_PKCS7_VALUE *val = NULL; + + if( !p7 || !p7->value ) return NULL; + + val = p7->value; + + switch ( PKI_X509_PKCS7_get_type ( p7 ) ) { + case PKI_X509_PKCS7_TYPE_ENCRYPTED: + ret = val->d.enveloped->enc_data->algorithm; + break; + case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED: + ret = val->d.signed_and_enveloped->enc_data->algorithm; + break; + default: + ret = NULL; + } + + return ret; +} + +const PKCS7_SIGNER_INFO * PKI_X509_PKCS7_get_signer_info( + const PKI_X509_PKCS7 * const p7, + int idx ) { + + PKI_X509_PKCS7_TYPE type = 0; + int cnt = 0; + const STACK_OF(PKCS7_SIGNER_INFO) *sk = NULL; + const PKCS7_SIGNER_INFO *ret = NULL; + + PKI_X509_PKCS7_VALUE *value = NULL; + + if ( !p7 || !p7->value ) return ( NULL ); + + type = PKI_X509_PKCS7_get_type ( p7 ); + + value = p7->value; + + switch (type) { + + case PKI_X509_PKCS7_TYPE_SIGNED: { + if (value && value->d.sign) { + sk = value->d.sign->signer_info; + } + } break; + + case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED: { + if (value && value->d.signed_and_enveloped) { + sk = value->d.signed_and_enveloped->signer_info; + } + } break; + + default: { + PKI_ERROR(PKI_ERR_X509_PKCS7_TYPE_UNKNOWN, NULL); + return NULL; + } + } + + // Retrieves the Signer Info structure + if((cnt = sk_PKCS7_SIGNER_INFO_num ( sk )) <= 0 ) { + PKI_ERROR(PKI_ERR_X509_PKCS7_SIGNER_INFO_NULL, NULL); + return ( NULL ); + } + + // If the requested is out of scope, nothing to return + if (idx > cnt ) return NULL; + + // Retrieves the value + if( idx >= 0 ) { + ret = sk_PKCS7_SIGNER_INFO_value( sk, idx ); + } else { + ret = sk_PKCS7_SIGNER_INFO_value( sk, cnt-1 ); + } + + // All Done + return ret; +} + +/* ----------------------- Exported Functions -------------------------*/ + +void PKI_X509_PKCS7_free_void ( void *p7 ) { + + PKI_X509_free ( (PKI_X509_PKCS7 *) p7 ); + return; +} + +void PKI_X509_PKCS7_free ( PKI_X509_PKCS7 *p7 ) { + + if( p7 == NULL ) return; + + PKI_X509_free( p7 ); + + return; +} + +PKI_X509_PKCS7 *PKI_X509_PKCS7_new(PKI_X509_PKCS7_TYPE type) { + + PKI_X509_PKCS7 * p7 = NULL; + PKI_X509_PKCS7_VALUE * value = NULL; + + if((value = p7->cb->create()) == NULL ) { + PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); + return NULL; + } + + if(!PKCS7_set_type(value, (int)type)) { + PKCS7_free(value); + PKI_ERROR(PKI_ERR_X509_PKCS7_TYPE_UNKNOWN, NULL); + return ( NULL ); + } + + switch(type) { + + // If encrypted, we need to set the cipher + case PKI_X509_PKCS7_TYPE_ENCRYPTED: + case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED: { + if (!PKI_X509_PKCS7_set_cipher(p7, + (EVP_CIPHER *) PKI_CIPHER_AES(256,cbc))) { + // Reports the error + PKI_ERROR(PKI_ERR_X509_PKCS7_CIPHER, NULL); + + // Free the allocated memory + PKCS7_free(value); + + // Nothing else to do + return NULL; + } + } break; + + // If signed, just prepare the content + case PKI_X509_PKCS7_TYPE_SIGNED: { + // Sets the content in the PKCS7 structure + PKCS7_content_new(value, NID_pkcs7_data); + } break; + + default: { + PKI_ERROR(PKI_ERR_X509_PKCS7_TYPE_UNKNOWN, NULL); + PKCS7_free(value); + + return NULL; + } break; + } + + // Allocates the new structure with the generated value + if ((p7 = PKI_X509_new_value(PKI_DATATYPE_X509_PKCS7, value, NULL)) == NULL) { + + // Reports the error + PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); + PKCS7_free(value); + + // Nothing to return + return NULL; + } + + return p7; +} + +/*! + * \brief Returns the type of the PKI_X509_PKCS7 data (see PKI_X509_PKCS7_TYPE) + */ + +PKI_X509_PKCS7_TYPE PKI_X509_PKCS7_get_type(const PKI_X509_PKCS7 * const p7 ) { + + PKI_ID type = PKI_ID_UNKNOWN; + PKI_X509_PKCS7_VALUE *value = NULL; + + if(!p7 || !p7->value ) { + PKI_log_debug ( "PKI_X509_PKCS7_get_type()::No Message!"); + return PKI_X509_PKCS7_TYPE_UNKNOWN; + } + + value = p7->value; + + if(!value->type ) { + PKI_log_debug ( "PKI_X509_PKCS7_get_type()::No Message Type!"); + return PKI_X509_PKCS7_TYPE_UNKNOWN; + } + + type = PKI_OID_get_id( value->type ); + + switch ( type ) { + case NID_pkcs7_enveloped: + return PKI_X509_PKCS7_TYPE_ENCRYPTED; + break; + case NID_pkcs7_signed: + return PKI_X509_PKCS7_TYPE_SIGNED; + break; + case NID_pkcs7_signedAndEnveloped: + return PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED; + break; + case NID_pkcs7_data: + return PKI_X509_PKCS7_TYPE_DATA; + break; + default: + return PKI_X509_PKCS7_TYPE_UNKNOWN; + } +} + + +int PKI_X509_PKCS7_add_crl(PKI_X509_PKCS7 * p7, + const PKI_X509_CRL * const crl ) { + + // Input Check + if (!p7 || !p7->value || !crl || !crl->value) + return PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); + + // Adds the CRL to the PKCS7 value structure + PKCS7_add_crl(p7->value, crl->value); + + // All Done + return PKI_OK; +} + +int PKI_X509_PKCS7_add_crl_stack(PKI_X509_PKCS7 * p7, + const PKI_X509_CRL_STACK * const crl_sk ) { + int i; + + if( !p7 || !p7->value || !crl_sk ) { + return PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); + } + + for( i=0; i < PKI_STACK_X509_CRL_elements( crl_sk ); i++ ) { + PKI_X509_CRL *crl = NULL; + + if ((crl = PKI_STACK_X509_CRL_get_num(crl_sk, i)) == NULL) + continue; + + PKCS7_add_crl( p7->value, crl->value); + } + + return PKI_OK; +} + + +/*! \brief Returns the number of CRLs present in the signature */ + +int PKI_X509_PKCS7_get_crls_num(const PKI_X509_PKCS7 * const p7 ) { + + const STACK_OF(X509_CRL) *x_sk = NULL; + + if ((x_sk = __get_crl(p7)) == NULL) return -1; + + return sk_X509_CRL_num((STACK_OF(X509_CRL) *) x_sk); +} + + +/*! \brief Returns a copy of the n-th CRL from the signature */ + +PKI_X509_CRL *PKI_X509_PKCS7_get_crl(const PKI_X509_PKCS7 * const p7, + int idx) { + + PKI_X509_CRL_VALUE *x = NULL; + const STACK_OF(X509_CRL) *x_sk = NULL; + + if (!p7 || !p7->value) return ( NULL ); + + if ((x_sk = __get_crl(p7)) == NULL) return NULL; + + if ( idx < 0 ) idx = 0; + + if ((x = sk_X509_CRL_value(x_sk, idx)) == NULL) return NULL; + + return PKI_X509_new_dup_value(PKI_DATATYPE_X509_CRL, x, NULL); + +} + +/*! \brief Adds a certificate to the signature's certificate chain */ + +int PKI_X509_PKCS7_add_cert(const PKI_X509_PKCS7 * p7, + const PKI_X509_CERT * const x) { + + if (!p7 || !p7->value || !x || !x->value) { + PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); + return PKI_ERR; + } + + PKCS7_add_certificate( p7->value, x->value ); + + return( PKI_OK ); +} + +/*! \brief Adds a stack of certificates to the signature's certificate chain */ + +int PKI_X509_PKCS7_add_cert_stack(const PKI_X509_PKCS7 * p7, + const PKI_X509_CERT_STACK * const x_sk) { + int i; + + if( !p7 || !p7->value || !x_sk ) { + PKI_log_err( "PKI_X509_PKCS7_add_crl_stack()::Missing param!"); + return PKI_ERR; + } + + for( i=0; i < PKI_STACK_X509_CERT_elements( x_sk ); i++ ) { + PKI_X509_CERT *x = NULL; + + if(( x = PKI_STACK_X509_CERT_get_num( x_sk, i )) == NULL) { + continue; + } + + PKCS7_add_certificate( p7->value, x->value ); + } + + return ( PKI_OK ); +} + +/*! \brief Returns the number of certificates present in the signature chain */ + +int PKI_X509_PKCS7_get_certs_num(const PKI_X509_PKCS7 * const p7 ) { + + const STACK_OF(X509) *x_sk = NULL; + + if ((x_sk = __get_chain(p7)) == NULL) return -1; + + return sk_X509_num((STACK_OF(X509) *)x_sk); +} + + +/*! \brief Returns a copy of the n-th cert from a singed/signed&enc PKCS7 */ + +PKI_X509_CERT *PKI_X509_PKCS7_get_cert(const PKI_X509_PKCS7 * const p7, + int idx) { + + PKI_X509_CERT_VALUE *x = NULL; + const STACK_OF(X509) *x_sk = NULL; + + if (!p7 || !p7->value) return NULL; + + if ((x_sk = __get_chain(p7)) == NULL) return NULL; + + if ( idx < 0 ) idx = 0; + + if ((x = sk_X509_value(x_sk, idx)) == NULL) return NULL; + + return PKI_X509_new_dup_value ( PKI_DATATYPE_X509_CERT, x, NULL ); + +} + + +/*! \brief Clears the chain of certificate for the signer */ + +int PKI_X509_PKCS7_clear_certs(const PKI_X509_PKCS7 * p7) { + + STACK_OF(X509) *x_sk = NULL; + // Pointer to the stack of certificates + + // Gets the pointer to the stack structure + if ((x_sk = __get_chain(p7)) == NULL) + return PKI_ERR; + + // Frees the certificates stack + sk_X509_free(x_sk); + + // All Done + return PKI_OK; +} + +/*! + * \brief Returns a signed version of the PKI_X509_PKCS7 by using the passed token + */ + +int PKI_X509_PKCS7_add_signer_tk(PKI_X509_PKCS7 * p7, + const PKI_TOKEN * const tk, + const PKI_DIGEST_ALG * md){ + + if (!p7 || !p7->value) return PKI_ERR; + + return PKI_X509_PKCS7_add_signer(p7, + tk->cert, + tk->keypair, + md); +} + +/*! + * \brief Signs a PKI_X509_PKCS7 (must be of SIGNED type) + */ + +int PKI_X509_PKCS7_add_signer(const PKI_X509_PKCS7 * p7, + const PKI_X509_CERT * const signer, + const PKI_X509_KEYPAIR * const k, + const PKI_DIGEST_ALG * md ) { + + PKCS7_SIGNER_INFO *signerInfo = NULL; + + if ( !p7 || !signer || !k ) { + if ( !p7 ) PKI_log_debug ( "!p7"); + if ( !signer ) PKI_log_debug ( "!signer"); + if ( !k ) PKI_log_debug ( "!key"); + return PKI_ERR; + } + + if ( !p7->value || !signer->value || !k->value ) { + if ( !p7->value ) PKI_log_debug ( "!p7->value"); + if ( !signer->value ) PKI_log_debug ( "!signer->value"); + if ( !k->value ) PKI_log_debug ( "!key->value"); + return PKI_ERR; + } + + if( !md ) md = PKI_DIGEST_ALG_DEFAULT; + + if((signerInfo = PKCS7_add_signature( p7->value, + signer->value, k->value, md)) == NULL) { + return ( PKI_ERR ); + } + PKCS7_add_certificate ( p7->value, signer->value ); + + return ( PKI_OK ); + +} + +/*! \brief Returns PKI_OK if the p7 has signers already set, PKI_ERR + * otherwise + */ + +int PKI_X509_PKCS7_has_signers(const PKI_X509_PKCS7 * const p7 ) { + + PKI_X509_PKCS7_TYPE type = 0; + + if ( !p7 || !p7->value ) return ( PKI_ERR ); + + type = PKI_X509_PKCS7_get_type ( p7 ); + + switch ( type ) { + case PKI_X509_PKCS7_TYPE_SIGNED: + case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED: + if(PKI_X509_PKCS7_get_signer_info(p7, -1)) + return (PKI_OK); + break; + default: + return PKI_ERR; + } + + return PKI_ERR; + +} + +/*! \brief Returns PKI_OK if the p7 has recipients already set, PKI_ERR + * otherwise + */ + +int PKI_X509_PKCS7_has_recipients(const PKI_X509_PKCS7 * const p7) { + + PKI_X509_PKCS7_TYPE type = 0; + PKI_X509_PKCS7_VALUE *value = NULL; + + if( !p7 || !p7->value ) return ( PKI_ERR ); + + type = PKI_X509_PKCS7_get_type ( p7 ); + + value = p7->value; + + switch ( type ) { + case PKI_X509_PKCS7_TYPE_ENCRYPTED: + if( value->d.enveloped && + value->d.enveloped->recipientinfo) + return PKI_OK; + break; + case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED: + if( value->d.signed_and_enveloped && + value->d.signed_and_enveloped->recipientinfo) + return PKI_OK; + break; + default: + return PKI_ERR; + } + + return PKI_ERR; +} + +/*! + * \brief Encode a PKI_X509_PKCS7 by performing sign/encrypt operation + */ + +int PKI_X509_PKCS7_encode(const PKI_X509_PKCS7 * const p7, + unsigned char *data, + size_t size ) { + + PKI_X509_PKCS7_TYPE type = PKI_X509_PKCS7_TYPE_SIGNED; + const PKCS7_SIGNER_INFO * signerInfo = NULL; + BIO *bio = NULL; + + if( !p7 || !p7->value ) return ( PKI_ERR ); + + type = PKI_X509_PKCS7_get_type ( p7 ); + + if (( type == PKI_X509_PKCS7_TYPE_ENCRYPTED ) + || (type == PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED)) { + + if ( PKI_X509_PKCS7_has_recipients ( p7 ) == PKI_ERR ) { + PKI_log_debug ( "PKI_X509_PKCS7_encode()::Missing " + "Recipients!"); + return PKI_ERR; + } + } + + if ( (type == PKI_X509_PKCS7_TYPE_SIGNED) || + (type == PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED )) { + + if(( signerInfo = PKI_X509_PKCS7_get_signer_info( p7, + -1 )) == NULL ) { + return ( PKI_ERR ); + } + + PKCS7_add_signed_attribute((PKCS7_SIGNER_INFO *)signerInfo, + NID_pkcs9_contentType, + V_ASN1_OBJECT, + OBJ_nid2obj(NID_pkcs7_data)); + } + + if((bio = PKCS7_dataInit(p7->value, NULL)) == NULL ) { + PKI_log_err("PKI_X509_PKCS7_sign()::Error dataInit [%s]", + ERR_error_string(ERR_get_error(),NULL)); + return ( PKI_ERR ); + } + + if( BIO_write( bio, data, (int) size ) <= 0 ) { + PKI_log_err("PKI_X509_PKCS7_sign()::Error dataSign [%s]", + ERR_error_string(ERR_get_error(),NULL)); + return ( PKI_ERR ); + } + + (void)BIO_flush(bio); + + if(!PKCS7_dataFinal( p7->value, bio )) { + PKI_log_err("PKI_X509_PKCS7_sign()::Error End dataSign [%s]", + ERR_error_string(ERR_get_error(),NULL)); + return ( PKI_ERR ); + }; + + if( bio ) BIO_free_all ( bio ); + + return ( PKI_OK ); + +} + +/*! + * \brief Returns the raw data contained in a PKI_X509_PKCS7 (any type) + */ + +PKI_MEM *PKI_X509_PKCS7_get_raw_data(const PKI_X509_PKCS7 * const p7 ) { + + unsigned char *data = NULL; + ssize_t len = -1; + PKI_X509_PKCS7_TYPE type = PKI_X509_PKCS7_TYPE_UNKNOWN; + + PKI_X509_PKCS7_VALUE *p7val = NULL; + PKI_MEM *ret = NULL; + + if( !p7 || !p7->value ) return ( NULL ); + + p7val = p7->value; + type = PKI_X509_PKCS7_get_type ( p7 ); + + switch (type) + { + case PKI_X509_PKCS7_TYPE_DATA: + data = p7val->d.data->data; + len = p7val->d.data->length; + break; + + case PKI_X509_PKCS7_TYPE_SIGNED: + if (p7val->d.sign && p7val->d.sign->contents && + p7val->d.sign->contents->d.data) + { + data = p7val->d.sign->contents->d.data->data; + len = p7val->d.sign->contents->d.data->length; + } + break; + + case PKI_X509_PKCS7_TYPE_ENCRYPTED: + if (p7val->d.enveloped && p7val->d.enveloped->enc_data && + p7val->d.enveloped->enc_data->enc_data) + { + data = p7val->d.enveloped->enc_data->enc_data->data; + len = p7val->d.enveloped->enc_data->enc_data->length; + } + break; + + case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED: + if (p7val->d.signed_and_enveloped && + p7val->d.signed_and_enveloped->enc_data && + p7val->d.signed_and_enveloped->enc_data->enc_data ) + { + data = p7val->d.signed_and_enveloped->enc_data->enc_data->data; + len = p7val->d.signed_and_enveloped->enc_data->enc_data->length; + } + break; + + default: + PKI_log_debug ("Unknown PKCS7 type"); + return NULL; + } + + if ((ret = PKI_MEM_new_null()) == NULL) + { + PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); + return NULL; + } + + if (PKI_MEM_add(ret, data, (size_t) len) == PKI_ERR) + { + PKI_ERROR(PKI_ERR_MEMORY_ALLOC, "Memory Failure (ret=%p, data=%p, len=%d)", + ret, data, len ); + PKI_MEM_free ( ret ); + return NULL; + } + + /* + if((p7bio = PKCS7_dataInit(p7->value ,NULL)) != NULL ) { + (void)BIO_flush(p7bio); + ret = PKI_MEM_new_bio( p7bio, NULL ); + BIO_free_all ( p7bio ); + } else { + PKI_log_debug("PKCS7::get_raw_data()::Can not get data [%s]", + ERR_error_string(ERR_get_error(), NULL )); + } + */ + + return ( ret ); + +} + +/*! + * \brief Decrypts (if needed) and returns the idata from a PKI_X509_PKCS7 by using + * keypair and, if present, cert of the PKI_TOKEN argument. + */ + +PKI_MEM *PKI_X509_PKCS7_get_data_tk(const PKI_X509_PKCS7 * const p7, + const PKI_TOKEN * const tk ) { + + if (!p7 || !tk ) return NULL; + + return PKI_X509_PKCS7_get_data(p7, tk->keypair, tk->cert); +} + +/*! + * \brief Decrypts (if needed) and returns the data from a PKI_X509_PKCS7 + */ + +PKI_MEM *PKI_X509_PKCS7_get_data(const PKI_X509_PKCS7 * const p7, + const PKI_X509_KEYPAIR * const k, + const PKI_X509_CERT * const x ) { + + PKI_X509_PKCS7_TYPE type = PKI_X509_PKCS7_TYPE_UNKNOWN; + + if( !p7 || !p7->value ) return ( NULL ); + + type = PKI_X509_PKCS7_get_type ( p7 ); + + switch ( type ) { + case PKI_X509_PKCS7_TYPE_ENCRYPTED: + case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED: + PKI_log_debug("PKI_X509_PKCS7_get_data()::P7 is encrypted!"); + return PKI_X509_PKCS7_decode ( p7, k, x ); + break; + default: + PKI_log_debug("PKI_X509_PKCS7_get_data()::P7 not encrypted"); + return PKI_X509_PKCS7_get_raw_data ( p7 ); + } +} + +/*! + * \brief Decrypts the data from a (must) encrypted PKI_X509_PKCS7 + */ + + +PKI_MEM *PKI_X509_PKCS7_decode(const PKI_X509_PKCS7 * const p7, + const PKI_X509_KEYPAIR * const k, + const PKI_X509_CERT * const x ) { + + BIO *bio = NULL; + PKI_MEM *mem = NULL; + PKI_X509_PKCS7_TYPE type = PKI_X509_PKCS7_TYPE_UNKNOWN; + PKI_X509_CERT_VALUE *x_val = NULL; + PKI_X509_KEYPAIR_VALUE *pkey = NULL; + + if ( !p7 || !p7->value || !k || !k->value ) { + PKI_log_debug("PKI_X509_PKCS7_decode()::Missing p7 or pkey!"); + return ( NULL ); + }; + + pkey = k->value; + + type = PKI_X509_PKCS7_get_type ( p7 ); + + switch ( type ) { + case PKI_X509_PKCS7_TYPE_ENCRYPTED: + case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED: + break; + default: + PKI_log_debug("PKI_X509_PKCS7_decode()::Wrong MSG type!"); + return PKI_ERR; + } + + if ( x ) x_val = x->value; + + if((bio = PKCS7_dataDecode(p7->value, pkey, NULL, x_val)) == NULL) { + PKI_log_debug ( "PKI_X509_PKCS7_decode()::Decrypt error [%s]", + ERR_error_string(ERR_get_error(), NULL )); + return ( NULL ); + } + + if((mem = PKI_MEM_new_bio( (PKI_IO *) bio, NULL )) == NULL ) { + PKI_log_debug("PKI_X509_PKCS7_decode()::Memory Error!"); + if( bio ) BIO_free_all ( bio ); + return ( NULL ); + } + + if (bio ) BIO_free_all ( bio ); + + return ( mem ); +} + +/*! \brief Set the cipher in a encrypted (or signed and encrypted) PKCS7 */ + +int PKI_X509_PKCS7_set_cipher(const PKI_X509_PKCS7 * p7, + const PKI_CIPHER * const cipher) { + + PKI_X509_PKCS7_TYPE type; + + if( !p7 || !p7->value || !cipher ) return ( PKI_ERR ); + + type = PKI_X509_PKCS7_get_type ( p7 ); + switch ( type ) { + case PKI_X509_PKCS7_TYPE_ENCRYPTED: + case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED: + break; + default: + return PKI_ERR; + } + + if(!PKCS7_set_cipher(p7->value, cipher)) { + PKI_log_debug("PKI_X509_PKCS7_set_cipher()::Error setting Cipher " + "[%s]", ERR_error_string(ERR_get_error(), NULL)); + return ( PKI_ERR ); + } + + return PKI_OK; +} + + +/*! \brief Sets the recipients for a PKI_X509_PKCS7 */ + +int PKI_X509_PKCS7_set_recipients(const PKI_X509_PKCS7 *p7, + const PKI_X509_CERT_STACK * const x_sk ) { + + int i = 0; + PKI_X509_PKCS7_TYPE type; + + if( !p7 || !p7->value || !x_sk ) return ( PKI_ERR ); + + type = PKI_X509_PKCS7_get_type ( p7 ); + switch ( type ) { + case PKI_X509_PKCS7_TYPE_ENCRYPTED: + case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED: + break; + default: + return PKI_ERR; + } + + for( i = 0; i < PKI_STACK_X509_CERT_elements ( x_sk ); i++ ) { + PKI_X509_CERT *x = NULL; + x = PKI_STACK_X509_CERT_get_num( x_sk, i ); + PKCS7_add_recipient( p7->value, x->value ); + PKI_X509_PKCS7_add_cert ( p7, x ); + } + + return ( PKI_OK ); +} + +/*! \brief Adds a new recipient for the PKI_X509_PKCS7 */ +int PKI_X509_PKCS7_add_recipient(const PKI_X509_PKCS7 * p7, + const PKI_X509_CERT * x ) { + + if (!p7 || !p7->value || !x || !x->value) return PKI_ERR; + + PKCS7_add_recipient( p7->value, x->value ); + PKI_X509_PKCS7_add_cert(p7, x); + + return PKI_OK; +} + +/* -------------------------------- Add Attributes ---------------------- */ + +int PKI_X509_PKCS7_add_signed_attribute(const PKI_X509_PKCS7 * p7, + PKI_X509_ATTRIBUTE * a) { + + PKCS7_SIGNER_INFO *signerInfo = NULL; + + if (!p7 || !p7->value || !a) return PKI_ERR; + + if ((signerInfo = (PKCS7_SIGNER_INFO *) + PKI_X509_PKCS7_get_signer_info (p7, -1)) == NULL ) { + PKI_ERROR(PKI_ERR_GENERAL, "signerInfo not present in PKCS7"); + return PKI_ERR; + } + + if (signerInfo->auth_attr == NULL) { + signerInfo->auth_attr = PKI_STACK_X509_ATTRIBUTE_new_null(); + } + + return PKI_STACK_X509_ATTRIBUTE_add(signerInfo->auth_attr, a); + +} + +int PKI_X509_PKCS7_add_attribute(const PKI_X509_PKCS7 * p7, + PKI_X509_ATTRIBUTE * a) { + + PKCS7_SIGNER_INFO *signerInfo = NULL; + + if( !p7 || !p7->value || !a ) return ( PKI_ERR ); + + if ((signerInfo = (PKCS7_SIGNER_INFO *) + PKI_X509_PKCS7_get_signer_info ( p7, -1 )) == NULL ) { + PKI_DEBUG("signerInfo not present in PKCS#7"); + return PKI_ERR; + } + + if (signerInfo->unauth_attr == NULL) { + signerInfo->unauth_attr = PKI_STACK_X509_ATTRIBUTE_new_null(); + } + + return PKI_STACK_X509_ATTRIBUTE_add( signerInfo->unauth_attr, a); + +} + +/* -------------------------------- Get Attributes ---------------------- */ + +const PKI_X509_ATTRIBUTE *PKI_X509_PKCS7_get_signed_attribute( + const PKI_X509_PKCS7 * const p7, + PKI_ID id) { + + const PKCS7_SIGNER_INFO *signerInfo = NULL; + + if (!p7 || !p7->value) { + PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); + return NULL; + } + + if ((signerInfo = PKI_X509_PKCS7_get_signer_info(p7, -1)) == NULL) + return NULL; + + if (signerInfo->auth_attr == NULL) return NULL; + + return PKI_STACK_X509_ATTRIBUTE_get(signerInfo->auth_attr, id); +} + +const PKI_X509_ATTRIBUTE *PKI_X509_PKCS7_get_attribute( + const PKI_X509_PKCS7 * const p7, + PKI_ID id ) { + + const PKCS7_SIGNER_INFO *signerInfo = NULL; + + if (!p7 || !p7->value) return NULL; + + if ((signerInfo = PKI_X509_PKCS7_get_signer_info(p7, -1)) == NULL) { + PKI_DEBUG("signerInfo missing in PKCS7"); + return NULL; + } + + if (signerInfo->unauth_attr == NULL) return NULL; + + return PKI_STACK_X509_ATTRIBUTE_get(signerInfo->auth_attr, id); +} + +const PKI_X509_ATTRIBUTE *PKI_X509_PKCS7_get_signed_attribute_by_name( + const PKI_X509_PKCS7 * const p7, + const char *name ) { + + const PKCS7_SIGNER_INFO *signerInfo = NULL; + + if (!p7 || !p7->value) return NULL; + + if ((signerInfo = PKI_X509_PKCS7_get_signer_info(p7, -1)) == NULL) { + PKI_DEBUG("signerInfo not present in PKCS7"); + return NULL; + } + + if (signerInfo->auth_attr == NULL) return NULL; + + return PKI_STACK_X509_ATTRIBUTE_get_by_name(signerInfo->auth_attr, + name); +} + +const PKI_X509_ATTRIBUTE *PKI_X509_PKCS7_get_attribute_by_name( + const PKI_X509_PKCS7 * const p7, + const char *name) { + + const PKCS7_SIGNER_INFO *signerInfo = NULL; + + if (!p7 || !p7->value) return NULL; + + if ((signerInfo = PKI_X509_PKCS7_get_signer_info(p7, -1)) == NULL) { + PKI_DEBUG("signerInfo not present in PKCS7"); + return NULL; + } + + if (signerInfo->unauth_attr == NULL) return ( NULL ); + + return PKI_STACK_X509_ATTRIBUTE_get_by_name(signerInfo->auth_attr, + name); +} + +/* ------------------------------- Delete Attributes ---------------------- */ + +/*! \brief Deletes a signed attribute (id) from a PKI_X509_PKCS7 */ + +int PKI_X509_PKCS7_delete_signed_attribute(const PKI_X509_PKCS7 *p7, + PKI_ID id) { + + const PKCS7_SIGNER_INFO *signerInfo = NULL; + + if (!p7 || !p7->value) return PKI_ERR; + + if ((signerInfo = PKI_X509_PKCS7_get_signer_info(p7, -1)) == NULL) { + PKI_DEBUG("signerInfo not present in PKCS7"); + return PKI_ERR; + } + + if (signerInfo->auth_attr == NULL) return PKI_OK; + + return PKI_STACK_X509_ATTRIBUTE_delete(signerInfo->auth_attr, id); + +} + +/*! \brief Deletes an attribute (id) from a PKI_X509_PKCS7 */ + +int PKI_X509_PKCS7_delete_attribute(const PKI_X509_PKCS7 *p7, PKI_ID id ) { + + const PKCS7_SIGNER_INFO *signerInfo = NULL; + + if (!p7 || !p7->value) return PKI_ERR; + + if ((signerInfo = PKI_X509_PKCS7_get_signer_info(p7, -1)) == NULL ) { + PKI_DEBUG("signerInfo not present in PKCS7"); + return ( PKI_ERR ); + } + + if (signerInfo->unauth_attr == NULL) return PKI_OK; + + return PKI_STACK_X509_ATTRIBUTE_delete(signerInfo->unauth_attr, id); + +} + +/* ---------------------------- TEXT Format ---------------------------- */ + +int PKI_X509_PKCS7_VALUE_print_bio ( PKI_IO *bio, + const PKI_X509_PKCS7_VALUE *p7val ) { + + PKI_X509_PKCS7_TYPE type; + int i,j; + + int cert_num = -1; + int crl_num = -1; + int signers_num = -1; + char *tmp_str = NULL; + + PKI_X509_PKCS7 *msg = NULL; + PKI_X509_CERT *cert = NULL; + CRYPTO_DIGEST *digest = NULL; + PKI_MEM *mem = NULL; + + const PKCS7_SIGNER_INFO *si = NULL; + + if (!bio || !p7val ) return PKI_ERR; + + if (( msg = PKI_X509_new_dup_value ( PKI_DATATYPE_X509_PKCS7, + p7val, NULL )) == NULL ) { + return PKI_ERR; + } + + type = PKI_X509_PKCS7_get_type ( msg ); + + BIO_printf( bio, "PKCS#7 Message:\r\n" ); + BIO_printf( bio, " Message Type:\r\n " ); + + switch ( type ) { + case PKI_X509_PKCS7_TYPE_ENCRYPTED: + BIO_printf( bio, "Encrypted\r\n" ); + break; + case PKI_X509_PKCS7_TYPE_SIGNED: + BIO_printf( bio, "Signed\r\n" ); + break; + case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED: + BIO_printf( bio, "Signed and Encrypted\r\n" ); + break; + default: + BIO_printf( bio, "Unknown (%d)\r\n", type ); + break; + } + + BIO_printf( bio, " Message Data:\r\n"); + if (( mem = PKI_X509_PKCS7_get_raw_data ( msg )) == NULL ) { + BIO_printf( bio, " None.\r\n"); + } else { + PKI_X509_PKCS7_TYPE msg_type = 0; + + BIO_printf( bio, " Size=%u bytes\r\n", + (unsigned int) mem->size ); + + msg_type = PKI_X509_PKCS7_get_type ( msg ); + if ( msg_type == PKI_X509_PKCS7_TYPE_ENCRYPTED || + msg_type == + PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED){ + BIO_printf( bio, " Encrypted=yes\r\n"); + BIO_printf( bio, " Algorithm=%s\r\n", + PKI_X509_ALGOR_VALUE_get_parsed ( + PKI_X509_PKCS7_get_encode_alg ( msg ))); + } else { + BIO_printf( bio, " Encrypted=no\r\n"); + } + PKI_MEM_free ( mem ); + } + + i = 0; + if (( si = PKI_X509_PKCS7_get_signer_info ( msg, i )) == NULL ) { + BIO_printf(bio, " Signature Info:\r\n" ); + BIO_printf(bio, " No Signature found.\r\n" ); + } + + // Print the Signer Info + BIO_printf( bio, " Signer Info:\r\n"); + signers_num = PKI_X509_PKCS7_get_signers_num ( msg ); + for ( i = 0; i < signers_num; i++ ) { + PKCS7_ISSUER_AND_SERIAL *ias = NULL; + + BIO_printf ( bio, " [%d of %d] Signer Details:\r\n", + i+1, signers_num ); + + if (( si = PKI_X509_PKCS7_get_signer_info ( msg, i )) == NULL ) + break; + + if((ias = si->issuer_and_serial) == NULL ) { + BIO_printf ( bio, " " + "ERROR::Missing Info!\r\n"); + } else { + tmp_str = PKI_INTEGER_get_parsed ( ias->serial ); + BIO_printf ( bio, " Serial=%s\r\n", tmp_str ); + PKI_Free ( tmp_str ); + + tmp_str = PKI_X509_NAME_get_parsed ( ias->issuer ); + BIO_printf ( bio, " Issuer=%s\r\n", tmp_str ); + PKI_Free ( tmp_str ); + } + + if ( si->digest_enc_alg ) { + BIO_printf( bio, " " + "Encryption Algoritm=%s\r\n", + PKI_X509_ALGOR_VALUE_get_parsed ( si->digest_enc_alg )); + } + + if ( si->digest_alg ) { + BIO_printf( bio, " Digest Algorithm=%s\r\n", + PKI_X509_ALGOR_VALUE_get_parsed ( si->digest_alg )); + } + + BIO_printf( bio, " Signed Attributes:\r\n"); + if ( si->auth_attr ) { +#if OPENSSL_VERSION_NUMBER > 0x1010000fL + LIBPKI_X509_ATTRIBUTE_FULL *a = NULL; +#else + X509_ATTRIBUTE *a = NULL; +#endif + int attr_num = 0; + char * tmp_str = NULL; + + for ( attr_num = 0; attr_num < + PKI_STACK_X509_ATTRIBUTE_elements ( + si->auth_attr ); attr_num++ ) { + + a = PKI_STACK_X509_ATTRIBUTE_get_num ( + si->auth_attr, attr_num ); + + if ( PKI_OID_get_id ( a->object ) == + NID_pkcs9_messageDigest ) { + tmp_str = PKI_X509_ATTRIBUTE_get_parsed + ( a ); + + BIO_printf( bio, " " + "Message Digest:"); + for ( j=0; j < strlen(tmp_str); j++ ) { + if ( ( j % 60 ) == 0 ) { + BIO_printf (bio, + "\r\n "); + } + BIO_printf(bio,"%c",tmp_str[j]); + } BIO_printf( bio, "\r\n"); + // PKI_Free ( tmp_str ); + + } else { + BIO_printf( bio, " %s=", + PKI_X509_ATTRIBUTE_get_descr ( + a ) ); + tmp_str= + PKI_X509_ATTRIBUTE_get_parsed(a); + BIO_printf( bio, "%s\r\n", tmp_str ); + PKI_Free ( tmp_str ); + } + + } + } else { + BIO_printf( bio, " None.\r\n"); + } + + BIO_printf( bio," Non Signed Attributes:\r\n"); + if ( si->unauth_attr ) { + PKI_X509_ATTRIBUTE *a = NULL; + int attr_num = 0; + char * tmp_str = NULL; + + for ( attr_num = 0; attr_num < + PKI_STACK_X509_ATTRIBUTE_elements ( + si->auth_attr ); attr_num++ ) { + + a = PKI_STACK_X509_ATTRIBUTE_get_num ( + si->auth_attr, attr_num ); + + BIO_printf( bio, " %s=", + PKI_X509_ATTRIBUTE_get_descr ( a ) ); + + tmp_str = PKI_X509_ATTRIBUTE_get_parsed ( a ); + BIO_printf( bio, "%s\r\n", tmp_str ); + PKI_Free ( tmp_str ); + } + BIO_printf( bio, "\r\n"); + } else { + BIO_printf( bio, " None.\r\n"); + } + } + + BIO_printf( bio, "\r\n Recipients Info:\r\n"); + if( PKI_X509_PKCS7_has_recipients ( msg ) == PKI_ERR ) { + BIO_printf( bio, " No Recipients\r\n"); + } else { + int rec_num = 0; + const PKI_X509_CERT *rec = NULL; + + rec_num = PKI_X509_PKCS7_get_recipients_num ( msg ); + for ( i=0; i < rec_num; i++ ) { + rec = PKI_X509_PKCS7_get_recipient_cert ( msg, i ); + if ( !rec ) { + const PKCS7_RECIP_INFO *ri = NULL; + PKCS7_ISSUER_AND_SERIAL *ias = NULL; + + BIO_printf( bio, " " + "[%d of %d] Recipient Details:\r\n", + i+1, rec_num ); + + ri = PKI_X509_PKCS7_get_recipient_info(msg,i); + if (!ri) { + BIO_printf(bio," "); + continue; + } + + if((ias = ri->issuer_and_serial) != NULL ) { + + tmp_str = PKI_INTEGER_get_parsed ( + ias->serial ); + BIO_printf( bio, " " + "Serial=%s\r\n", tmp_str ); + PKI_Free ( tmp_str ); + + tmp_str = PKI_X509_NAME_get_parsed ( + ias->issuer ); + BIO_printf( bio, " " + "Issuer=%s\r\n", tmp_str ); + PKI_Free ( tmp_str ); + + BIO_printf( bio, " " + "Key Encoding Algorithm=%s\r\n", + PKI_X509_ALGOR_VALUE_get_parsed ( + ri->key_enc_algor )); + } + + } else { + + BIO_printf( bio, " " + "[%d] Recipient Certificate:\r\n", i ); + + tmp_str = PKI_X509_CERT_get_parsed( cert, + PKI_X509_DATA_SUBJECT ); + + BIO_printf( bio, " " + "Subject=%s\r\n", tmp_str); + PKI_Free ( tmp_str ); + } + } + } + + /* Now Let's Check the CRLs */ + + BIO_printf(bio, "\r\n Certificates:\r\n"); + if ((cert_num = PKI_X509_PKCS7_get_certs_num ( msg )) > 0 ) { + PKI_X509_CERT * cert = NULL; + for (i = 0; i < cert_num; i++ ) { + BIO_printf( bio, " [%d of %d] Certificate:\r\n", + i+1, cert_num); + if((cert = PKI_X509_PKCS7_get_cert ( msg, i )) == NULL ) { + BIO_printf( bio, " Error.\r\n"); + continue; + }; + tmp_str = PKI_X509_CERT_get_parsed( cert, + PKI_X509_DATA_SERIAL ); + BIO_printf( bio, " Serial=%s\r\n", + tmp_str ); + PKI_Free ( tmp_str ); + + tmp_str = PKI_X509_CERT_get_parsed( cert, + PKI_X509_DATA_ISSUER ); + BIO_printf( bio, " Issuer=%s\r\n", tmp_str ); + PKI_Free ( tmp_str ); + + tmp_str = PKI_X509_CERT_get_parsed( cert, + PKI_X509_DATA_SUBJECT ); + + BIO_printf( bio, " Subject=%s\r\n", tmp_str); + PKI_Free ( tmp_str ); + + digest = PKI_X509_CERT_fingerprint( cert, + PKI_DIGEST_ALG_DEFAULT ); + tmp_str = PKI_DIGEST_get_parsed ( digest ); + + BIO_printf( bio, " Fingerprint [%s]:", + PKI_DIGEST_ALG_get_parsed ( + PKI_DIGEST_ALG_DEFAULT )); + + for ( j=0; j < strlen(tmp_str); j++ ) { + if ( ( j % 60 ) == 0 ) { + BIO_printf (bio,"\r\n "); + } + BIO_printf( bio, "%c", tmp_str[j] ); + } BIO_printf( bio, "\r\n"); + + PKI_DIGEST_free ( digest ); + PKI_Free ( tmp_str ); + + PKI_X509_CERT_free ( cert ); + + // X509_signature_print(bp, + // br->signatureAlgorithm, br->signature); + + } + } else { + BIO_printf( bio, " None.\r\n"); + } + + BIO_printf(bio, "\r\n Certificate Revocation Lists:\r\n"); + if((crl_num = PKI_X509_PKCS7_get_crls_num ( msg )) > 0 ) { + PKI_X509_CRL * crl = NULL; + for ( i = 0; i < crl_num; i++ ) { + BIO_printf( bio, " [%d of %d] CRL Details:\r\n", + i+1, crl_num ); + + if(( crl = PKI_X509_PKCS7_get_crl ( msg, i )) == NULL ) { + BIO_printf(bio," ERROR::Missing Data\r\n"); + continue; + } + + tmp_str = PKI_X509_CRL_get_parsed(crl,PKI_X509_DATA_VERSION); + BIO_printf( bio, " Version=%s\r\n", tmp_str ); + PKI_Free ( tmp_str ); + + // tmp_str = PKI_X509_CRL_get_parsed(crl,PKI_X509_DATA_SERIAL); + // BIO_printf( bio, " Serial=%s\r\n", tmp_str ); + // PKI_Free ( tmp_str ); + + tmp_str = PKI_X509_CRL_get_parsed(crl,PKI_X509_DATA_ISSUER); + BIO_printf( bio, " Issuer=%s\r\n", tmp_str ); + PKI_Free ( tmp_str ); + + tmp_str = PKI_X509_CRL_get_parsed(crl, + PKI_X509_DATA_ALGORITHM); + BIO_printf( bio, " Algorithm=%s\r\n", tmp_str ); + PKI_Free ( tmp_str ); + + tmp_str = PKI_X509_CRL_get_parsed(crl, + PKI_X509_DATA_NOTBEFORE); + BIO_printf( bio, " Not Before=%s\r\n", tmp_str ); + PKI_Free ( tmp_str ); + + tmp_str = PKI_X509_CRL_get_parsed(crl, + PKI_X509_DATA_NOTAFTER); + BIO_printf( bio, " Not After=%s\r\n", tmp_str ); + PKI_Free ( tmp_str ); + + PKI_X509_CRL_free ( crl ); + } + } else { + BIO_printf( bio, " None.\r\n"); + } + BIO_printf(bio, "\r\n"); + + return PKI_OK; +} diff --git a/src/pkix/prqp/Makefile.am b/src/pkix/prqp/Makefile.am new file mode 100644 index 00000000..64fca652 --- /dev/null +++ b/src/pkix/prqp/Makefile.am @@ -0,0 +1,32 @@ +## OpenCA Makefile - by Massimiliano Pala +## (c) 1999-2007 by Massimiliano Pala and OpenCA Project +## All Rights Reserved + +TOP = .. +include $(TOP)/global-vars + +BASE_DEFS = + +DEFS = $(OPENCA_DEFS) +PRQP_VERSION = 0.1.0 + +AM_CPPFLAGS = -I$(TOP) \ + $(openssl_cflags) \ + $(libxml2_cflags) \ + $(COND_INCLUDES) + +PRQP_SRCS = \ + asn1_req.c \ + asn1_res.c \ + http_client.c \ + prqp_lib.c \ + prqp_bio.c \ + prqp_req_io.c \ + prqp_resp_io.c \ + prqp_srv.c + +noinst_LTLIBRARIES = libpki-prqp.la +libpki_prqp_la_SOURCES = $(PRQP_SRCS) +libpki_prqp_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) +# libpki_prqp_la_LIBADD = $(OPENSSL_LIBS) + diff --git a/src/openssl/pqc/Makefile.in b/src/pkix/prqp/Makefile.in similarity index 67% rename from src/openssl/pqc/Makefile.in rename to src/pkix/prqp/Makefile.in index d4cba383..a8df501a 100644 --- a/src/openssl/pqc/Makefile.in +++ b/src/pkix/prqp/Makefile.in @@ -14,7 +14,6 @@ @SET_MAKE@ - VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ @@ -90,7 +89,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ -subdir = src/openssl/pqc +subdir = src/prqp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ @@ -99,28 +98,28 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(nobase_include_HEADERS) \ - $(am__DIST_COMMON) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(SHELL) $(top_srcdir)/build/mkinstalldirs CONFIG_HEADER = $(top_builddir)/src/libpki/config.h \ $(top_builddir)/src/libpki/libpki_enables.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = LTLIBRARIES = $(noinst_LTLIBRARIES) -libpki_pqc_la_LIBADD = -am__objects_1 = -am__objects_2 = $(am__objects_1) $(am__objects_1) \ - libpki_pqc_la-pqc_tools.lo libpki_pqc_la-pqc_asn1_meth.lo \ - libpki_pqc_la-pqc_pkey_meth.lo libpki_pqc_la-pqc_init.lo -am_libpki_pqc_la_OBJECTS = $(am__objects_2) -libpki_pqc_la_OBJECTS = $(am_libpki_pqc_la_OBJECTS) +libpki_prqp_la_LIBADD = +am__objects_1 = libpki_prqp_la-asn1_req.lo libpki_prqp_la-asn1_res.lo \ + libpki_prqp_la-http_client.lo libpki_prqp_la-prqp_lib.lo \ + libpki_prqp_la-prqp_bio.lo libpki_prqp_la-prqp_req_io.lo \ + libpki_prqp_la-prqp_resp_io.lo libpki_prqp_la-prqp_srv.lo +am_libpki_prqp_la_OBJECTS = $(am__objects_1) +libpki_prqp_la_OBJECTS = $(am_libpki_prqp_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = -libpki_pqc_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libpki_pqc_la_CFLAGS) \ - $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +libpki_prqp_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(libpki_prqp_la_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o \ + $@ AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -136,10 +135,14 @@ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src/libpki depcomp = $(SHELL) $(top_srcdir)/build/depcomp am__maybe_remake_depfiles = depfiles -am__depfiles_remade = ./$(DEPDIR)/libpki_pqc_la-pqc_asn1_meth.Plo \ - ./$(DEPDIR)/libpki_pqc_la-pqc_init.Plo \ - ./$(DEPDIR)/libpki_pqc_la-pqc_pkey_meth.Plo \ - ./$(DEPDIR)/libpki_pqc_la-pqc_tools.Plo +am__depfiles_remade = ./$(DEPDIR)/libpki_prqp_la-asn1_req.Plo \ + ./$(DEPDIR)/libpki_prqp_la-asn1_res.Plo \ + ./$(DEPDIR)/libpki_prqp_la-http_client.Plo \ + ./$(DEPDIR)/libpki_prqp_la-prqp_bio.Plo \ + ./$(DEPDIR)/libpki_prqp_la-prqp_lib.Plo \ + ./$(DEPDIR)/libpki_prqp_la-prqp_req_io.Plo \ + ./$(DEPDIR)/libpki_prqp_la-prqp_resp_io.Plo \ + ./$(DEPDIR)/libpki_prqp_la-prqp_srv.Plo am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -159,42 +162,13 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = $(libpki_pqc_la_SOURCES) -DIST_SOURCES = $(libpki_pqc_la_SOURCES) +SOURCES = $(libpki_prqp_la_SOURCES) +DIST_SOURCES = $(libpki_prqp_la_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ - } -am__installdirs = "$(DESTDIR)$(includedir)" -HEADERS = $(nobase_include_HEADERS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is @@ -465,33 +439,27 @@ xml2_ldadd = @xml2_ldadd@ xml2_ldflags = @xml2_ldflags@ xml2_prefix = @xml2_prefix@ yr = @yr@ -TOP = ../.. +TOP = .. BASE_DEFS = -AM_CPPFLAGS = \ - -I$(TOP) \ +PRQP_VERSION = 0.1.0 +AM_CPPFLAGS = -I$(TOP) \ $(openssl_cflags) \ $(libxml2_cflags) \ $(COND_INCLUDES) -OPENSSL_INTERNAL_SRCS = -LIBPKI_INTERNAL_SRCS = \ - pqc_tools.h \ - pqc_pkey_meth.h \ - pqc_asn1_meth.h \ - pqc_data_st.h - -nobase_include_HEADERS = -PQC_SRCS = \ - $(OPENSSL_INTERNAL_SRCS) \ - $(LIBPKI_INTERNAL_SRCS) \ - pqc_tools.c \ - pqc_asn1_meth.c \ - pqc_pkey_meth.c \ - pqc_init.c - -noinst_LTLIBRARIES = libpki-pqc.la -libpki_pqc_la_SOURCES = $(PQC_SRCS) -libpki_pqc_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) +PRQP_SRCS = \ + asn1_req.c \ + asn1_res.c \ + http_client.c \ + prqp_lib.c \ + prqp_bio.c \ + prqp_req_io.c \ + prqp_resp_io.c \ + prqp_srv.c + +noinst_LTLIBRARIES = libpki-prqp.la +libpki_prqp_la_SOURCES = $(PRQP_SRCS) +libpki_prqp_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) all: all-am .SUFFIXES: @@ -505,9 +473,9 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/openssl/pqc/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/prqp/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/openssl/pqc/Makefile + $(AUTOMAKE) --gnu src/prqp/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -537,8 +505,8 @@ clean-noinstLTLIBRARIES: rm -f $${locs}; \ } -libpki-pqc.la: $(libpki_pqc_la_OBJECTS) $(libpki_pqc_la_DEPENDENCIES) $(EXTRA_libpki_pqc_la_DEPENDENCIES) - $(AM_V_CCLD)$(libpki_pqc_la_LINK) $(libpki_pqc_la_OBJECTS) $(libpki_pqc_la_LIBADD) $(LIBS) +libpki-prqp.la: $(libpki_prqp_la_OBJECTS) $(libpki_prqp_la_DEPENDENCIES) $(EXTRA_libpki_prqp_la_DEPENDENCIES) + $(AM_V_CCLD)$(libpki_prqp_la_LINK) $(libpki_prqp_la_OBJECTS) $(libpki_prqp_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -546,10 +514,14 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_pqc_la-pqc_asn1_meth.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_pqc_la-pqc_init.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_pqc_la-pqc_pkey_meth.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_pqc_la-pqc_tools.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_prqp_la-asn1_req.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_prqp_la-asn1_res.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_prqp_la-http_client.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_prqp_la-prqp_bio.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_prqp_la-prqp_lib.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_prqp_la-prqp_req_io.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_prqp_la-prqp_resp_io.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpki_prqp_la-prqp_srv.Plo@am__quote@ # am--include-marker $(am__depfiles_remade): @$(MKDIR_P) $(@D) @@ -581,63 +553,67 @@ am--depfiles: $(am__depfiles_remade) @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< -libpki_pqc_la-pqc_tools.lo: pqc_tools.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_pqc_la_CFLAGS) $(CFLAGS) -MT libpki_pqc_la-pqc_tools.lo -MD -MP -MF $(DEPDIR)/libpki_pqc_la-pqc_tools.Tpo -c -o libpki_pqc_la-pqc_tools.lo `test -f 'pqc_tools.c' || echo '$(srcdir)/'`pqc_tools.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_pqc_la-pqc_tools.Tpo $(DEPDIR)/libpki_pqc_la-pqc_tools.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pqc_tools.c' object='libpki_pqc_la-pqc_tools.lo' libtool=yes @AMDEPBACKSLASH@ +libpki_prqp_la-asn1_req.lo: asn1_req.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_prqp_la_CFLAGS) $(CFLAGS) -MT libpki_prqp_la-asn1_req.lo -MD -MP -MF $(DEPDIR)/libpki_prqp_la-asn1_req.Tpo -c -o libpki_prqp_la-asn1_req.lo `test -f 'asn1_req.c' || echo '$(srcdir)/'`asn1_req.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_prqp_la-asn1_req.Tpo $(DEPDIR)/libpki_prqp_la-asn1_req.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1_req.c' object='libpki_prqp_la-asn1_req.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_prqp_la_CFLAGS) $(CFLAGS) -c -o libpki_prqp_la-asn1_req.lo `test -f 'asn1_req.c' || echo '$(srcdir)/'`asn1_req.c + +libpki_prqp_la-asn1_res.lo: asn1_res.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_prqp_la_CFLAGS) $(CFLAGS) -MT libpki_prqp_la-asn1_res.lo -MD -MP -MF $(DEPDIR)/libpki_prqp_la-asn1_res.Tpo -c -o libpki_prqp_la-asn1_res.lo `test -f 'asn1_res.c' || echo '$(srcdir)/'`asn1_res.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_prqp_la-asn1_res.Tpo $(DEPDIR)/libpki_prqp_la-asn1_res.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1_res.c' object='libpki_prqp_la-asn1_res.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_prqp_la_CFLAGS) $(CFLAGS) -c -o libpki_prqp_la-asn1_res.lo `test -f 'asn1_res.c' || echo '$(srcdir)/'`asn1_res.c + +libpki_prqp_la-http_client.lo: http_client.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_prqp_la_CFLAGS) $(CFLAGS) -MT libpki_prqp_la-http_client.lo -MD -MP -MF $(DEPDIR)/libpki_prqp_la-http_client.Tpo -c -o libpki_prqp_la-http_client.lo `test -f 'http_client.c' || echo '$(srcdir)/'`http_client.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_prqp_la-http_client.Tpo $(DEPDIR)/libpki_prqp_la-http_client.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='http_client.c' object='libpki_prqp_la-http_client.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_prqp_la_CFLAGS) $(CFLAGS) -c -o libpki_prqp_la-http_client.lo `test -f 'http_client.c' || echo '$(srcdir)/'`http_client.c + +libpki_prqp_la-prqp_lib.lo: prqp_lib.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_prqp_la_CFLAGS) $(CFLAGS) -MT libpki_prqp_la-prqp_lib.lo -MD -MP -MF $(DEPDIR)/libpki_prqp_la-prqp_lib.Tpo -c -o libpki_prqp_la-prqp_lib.lo `test -f 'prqp_lib.c' || echo '$(srcdir)/'`prqp_lib.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_prqp_la-prqp_lib.Tpo $(DEPDIR)/libpki_prqp_la-prqp_lib.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='prqp_lib.c' object='libpki_prqp_la-prqp_lib.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_prqp_la_CFLAGS) $(CFLAGS) -c -o libpki_prqp_la-prqp_lib.lo `test -f 'prqp_lib.c' || echo '$(srcdir)/'`prqp_lib.c + +libpki_prqp_la-prqp_bio.lo: prqp_bio.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_prqp_la_CFLAGS) $(CFLAGS) -MT libpki_prqp_la-prqp_bio.lo -MD -MP -MF $(DEPDIR)/libpki_prqp_la-prqp_bio.Tpo -c -o libpki_prqp_la-prqp_bio.lo `test -f 'prqp_bio.c' || echo '$(srcdir)/'`prqp_bio.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_prqp_la-prqp_bio.Tpo $(DEPDIR)/libpki_prqp_la-prqp_bio.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='prqp_bio.c' object='libpki_prqp_la-prqp_bio.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_pqc_la_CFLAGS) $(CFLAGS) -c -o libpki_pqc_la-pqc_tools.lo `test -f 'pqc_tools.c' || echo '$(srcdir)/'`pqc_tools.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_prqp_la_CFLAGS) $(CFLAGS) -c -o libpki_prqp_la-prqp_bio.lo `test -f 'prqp_bio.c' || echo '$(srcdir)/'`prqp_bio.c -libpki_pqc_la-pqc_asn1_meth.lo: pqc_asn1_meth.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_pqc_la_CFLAGS) $(CFLAGS) -MT libpki_pqc_la-pqc_asn1_meth.lo -MD -MP -MF $(DEPDIR)/libpki_pqc_la-pqc_asn1_meth.Tpo -c -o libpki_pqc_la-pqc_asn1_meth.lo `test -f 'pqc_asn1_meth.c' || echo '$(srcdir)/'`pqc_asn1_meth.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_pqc_la-pqc_asn1_meth.Tpo $(DEPDIR)/libpki_pqc_la-pqc_asn1_meth.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pqc_asn1_meth.c' object='libpki_pqc_la-pqc_asn1_meth.lo' libtool=yes @AMDEPBACKSLASH@ +libpki_prqp_la-prqp_req_io.lo: prqp_req_io.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_prqp_la_CFLAGS) $(CFLAGS) -MT libpki_prqp_la-prqp_req_io.lo -MD -MP -MF $(DEPDIR)/libpki_prqp_la-prqp_req_io.Tpo -c -o libpki_prqp_la-prqp_req_io.lo `test -f 'prqp_req_io.c' || echo '$(srcdir)/'`prqp_req_io.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_prqp_la-prqp_req_io.Tpo $(DEPDIR)/libpki_prqp_la-prqp_req_io.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='prqp_req_io.c' object='libpki_prqp_la-prqp_req_io.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_pqc_la_CFLAGS) $(CFLAGS) -c -o libpki_pqc_la-pqc_asn1_meth.lo `test -f 'pqc_asn1_meth.c' || echo '$(srcdir)/'`pqc_asn1_meth.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_prqp_la_CFLAGS) $(CFLAGS) -c -o libpki_prqp_la-prqp_req_io.lo `test -f 'prqp_req_io.c' || echo '$(srcdir)/'`prqp_req_io.c -libpki_pqc_la-pqc_pkey_meth.lo: pqc_pkey_meth.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_pqc_la_CFLAGS) $(CFLAGS) -MT libpki_pqc_la-pqc_pkey_meth.lo -MD -MP -MF $(DEPDIR)/libpki_pqc_la-pqc_pkey_meth.Tpo -c -o libpki_pqc_la-pqc_pkey_meth.lo `test -f 'pqc_pkey_meth.c' || echo '$(srcdir)/'`pqc_pkey_meth.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_pqc_la-pqc_pkey_meth.Tpo $(DEPDIR)/libpki_pqc_la-pqc_pkey_meth.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pqc_pkey_meth.c' object='libpki_pqc_la-pqc_pkey_meth.lo' libtool=yes @AMDEPBACKSLASH@ +libpki_prqp_la-prqp_resp_io.lo: prqp_resp_io.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_prqp_la_CFLAGS) $(CFLAGS) -MT libpki_prqp_la-prqp_resp_io.lo -MD -MP -MF $(DEPDIR)/libpki_prqp_la-prqp_resp_io.Tpo -c -o libpki_prqp_la-prqp_resp_io.lo `test -f 'prqp_resp_io.c' || echo '$(srcdir)/'`prqp_resp_io.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_prqp_la-prqp_resp_io.Tpo $(DEPDIR)/libpki_prqp_la-prqp_resp_io.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='prqp_resp_io.c' object='libpki_prqp_la-prqp_resp_io.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_pqc_la_CFLAGS) $(CFLAGS) -c -o libpki_pqc_la-pqc_pkey_meth.lo `test -f 'pqc_pkey_meth.c' || echo '$(srcdir)/'`pqc_pkey_meth.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_prqp_la_CFLAGS) $(CFLAGS) -c -o libpki_prqp_la-prqp_resp_io.lo `test -f 'prqp_resp_io.c' || echo '$(srcdir)/'`prqp_resp_io.c -libpki_pqc_la-pqc_init.lo: pqc_init.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_pqc_la_CFLAGS) $(CFLAGS) -MT libpki_pqc_la-pqc_init.lo -MD -MP -MF $(DEPDIR)/libpki_pqc_la-pqc_init.Tpo -c -o libpki_pqc_la-pqc_init.lo `test -f 'pqc_init.c' || echo '$(srcdir)/'`pqc_init.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_pqc_la-pqc_init.Tpo $(DEPDIR)/libpki_pqc_la-pqc_init.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pqc_init.c' object='libpki_pqc_la-pqc_init.lo' libtool=yes @AMDEPBACKSLASH@ +libpki_prqp_la-prqp_srv.lo: prqp_srv.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_prqp_la_CFLAGS) $(CFLAGS) -MT libpki_prqp_la-prqp_srv.lo -MD -MP -MF $(DEPDIR)/libpki_prqp_la-prqp_srv.Tpo -c -o libpki_prqp_la-prqp_srv.lo `test -f 'prqp_srv.c' || echo '$(srcdir)/'`prqp_srv.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpki_prqp_la-prqp_srv.Tpo $(DEPDIR)/libpki_prqp_la-prqp_srv.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='prqp_srv.c' object='libpki_prqp_la-prqp_srv.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_pqc_la_CFLAGS) $(CFLAGS) -c -o libpki_pqc_la-pqc_init.lo `test -f 'pqc_init.c' || echo '$(srcdir)/'`pqc_init.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpki_prqp_la_CFLAGS) $(CFLAGS) -c -o libpki_prqp_la-prqp_srv.lo `test -f 'prqp_srv.c' || echo '$(srcdir)/'`prqp_srv.c mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-nobase_includeHEADERS: $(nobase_include_HEADERS) - @$(NORMAL_INSTALL) - @list='$(nobase_include_HEADERS)'; test -n "$(includedir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(includedir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(includedir)" || exit 1; \ - fi; \ - $(am__nobase_list) | while read dir files; do \ - xfiles=; for file in $$files; do \ - if test -f "$$file"; then xfiles="$$xfiles $$file"; \ - else xfiles="$$xfiles $(srcdir)/$$file"; fi; done; \ - test -z "$$xfiles" || { \ - test "x$$dir" = x. || { \ - echo " $(MKDIR_P) '$(DESTDIR)$(includedir)/$$dir'"; \ - $(MKDIR_P) "$(DESTDIR)$(includedir)/$$dir"; }; \ - echo " $(INSTALL_HEADER) $$xfiles '$(DESTDIR)$(includedir)/$$dir'"; \ - $(INSTALL_HEADER) $$xfiles "$(DESTDIR)$(includedir)/$$dir" || exit $$?; }; \ - done - -uninstall-nobase_includeHEADERS: - @$(NORMAL_UNINSTALL) - @list='$(nobase_include_HEADERS)'; test -n "$(includedir)" || list=; \ - $(am__nobase_strip_setup); files=`$(am__nobase_strip)`; \ - dir='$(DESTDIR)$(includedir)'; $(am__uninstall_files_from_dir) ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique @@ -725,11 +701,8 @@ distdir-am: $(DISTFILES) done check-am: all-am check: check-am -all-am: Makefile $(LTLIBRARIES) $(HEADERS) +all-am: Makefile $(LTLIBRARIES) installdirs: - for dir in "$(DESTDIR)$(includedir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done install: install-am install-exec: install-exec-am install-data: install-data-am @@ -766,10 +739,14 @@ clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/libpki_pqc_la-pqc_asn1_meth.Plo - -rm -f ./$(DEPDIR)/libpki_pqc_la-pqc_init.Plo - -rm -f ./$(DEPDIR)/libpki_pqc_la-pqc_pkey_meth.Plo - -rm -f ./$(DEPDIR)/libpki_pqc_la-pqc_tools.Plo + -rm -f ./$(DEPDIR)/libpki_prqp_la-asn1_req.Plo + -rm -f ./$(DEPDIR)/libpki_prqp_la-asn1_res.Plo + -rm -f ./$(DEPDIR)/libpki_prqp_la-http_client.Plo + -rm -f ./$(DEPDIR)/libpki_prqp_la-prqp_bio.Plo + -rm -f ./$(DEPDIR)/libpki_prqp_la-prqp_lib.Plo + -rm -f ./$(DEPDIR)/libpki_prqp_la-prqp_req_io.Plo + -rm -f ./$(DEPDIR)/libpki_prqp_la-prqp_resp_io.Plo + -rm -f ./$(DEPDIR)/libpki_prqp_la-prqp_srv.Plo -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -786,7 +763,7 @@ info: info-am info-am: -install-data-am: install-nobase_includeHEADERS +install-data-am: install-dvi: install-dvi-am @@ -815,10 +792,14 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/libpki_pqc_la-pqc_asn1_meth.Plo - -rm -f ./$(DEPDIR)/libpki_pqc_la-pqc_init.Plo - -rm -f ./$(DEPDIR)/libpki_pqc_la-pqc_pkey_meth.Plo - -rm -f ./$(DEPDIR)/libpki_pqc_la-pqc_tools.Plo + -rm -f ./$(DEPDIR)/libpki_prqp_la-asn1_req.Plo + -rm -f ./$(DEPDIR)/libpki_prqp_la-asn1_res.Plo + -rm -f ./$(DEPDIR)/libpki_prqp_la-http_client.Plo + -rm -f ./$(DEPDIR)/libpki_prqp_la-prqp_bio.Plo + -rm -f ./$(DEPDIR)/libpki_prqp_la-prqp_lib.Plo + -rm -f ./$(DEPDIR)/libpki_prqp_la-prqp_req_io.Plo + -rm -f ./$(DEPDIR)/libpki_prqp_la-prqp_resp_io.Plo + -rm -f ./$(DEPDIR)/libpki_prqp_la-prqp_srv.Plo -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -835,7 +816,7 @@ ps: ps-am ps-am: -uninstall-am: uninstall-nobase_includeHEADERS +uninstall-am: .MAKE: install-am install-strip @@ -846,18 +827,17 @@ uninstall-am: uninstall-nobase_includeHEADERS dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ - install-info install-info-am install-man \ - install-nobase_includeHEADERS install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am \ - uninstall-nobase_includeHEADERS + tags tags-am uninstall uninstall-am .PRECIOUS: Makefile include $(TOP)/global-vars +# libpki_prqp_la_LIBADD = $(OPENSSL_LIBS) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/prqp/asn1_req.c b/src/pkix/prqp/asn1_req.c similarity index 100% rename from src/prqp/asn1_req.c rename to src/pkix/prqp/asn1_req.c diff --git a/src/prqp/asn1_res.c b/src/pkix/prqp/asn1_res.c similarity index 100% rename from src/prqp/asn1_res.c rename to src/pkix/prqp/asn1_res.c diff --git a/src/prqp/http_client.c b/src/pkix/prqp/http_client.c similarity index 100% rename from src/prqp/http_client.c rename to src/pkix/prqp/http_client.c diff --git a/src/prqp/prqp_bio.c b/src/pkix/prqp/prqp_bio.c similarity index 100% rename from src/prqp/prqp_bio.c rename to src/pkix/prqp/prqp_bio.c diff --git a/src/prqp/prqp_lib.c b/src/pkix/prqp/prqp_lib.c similarity index 99% rename from src/prqp/prqp_lib.c rename to src/pkix/prqp/prqp_lib.c index 0fd29e4c..936e5ea9 100644 --- a/src/prqp/prqp_lib.c +++ b/src/pkix/prqp/prqp_lib.c @@ -253,7 +253,7 @@ CERT_IDENTIFIER * PKI_PRQP_CERTID_new_cert(PKI_X509_CERT * caCert, #else PKI_X509_CERT_VALUE *xx = NULL; #endif - PKI_DIGEST *myDigest = NULL; + CRYPTO_DIGEST *myDigest = NULL; xx = (X509 *) caCert->value; @@ -413,7 +413,7 @@ CERT_IDENTIFIER * PKI_PRQP_CERTID_new_cert(PKI_X509_CERT * caCert, if (issuerCert && issuerCert->value) { - PKI_DIGEST *myDigest = NULL; + CRYPTO_DIGEST *myDigest = NULL; if ((myDigest = PKI_X509_CERT_key_hash(issuerCert, dgst)) == NULL) { @@ -542,7 +542,7 @@ CERT_IDENTIFIER *PKI_PRQP_CERTID_new( return( NULL ); } - PKI_DIGEST *digest = NULL; + CRYPTO_DIGEST *digest = NULL; PKI_STRING *str = NULL; digest = PKI_X509_NAME_get_digest(caIssuerName, dgst); diff --git a/src/prqp/prqp_req_io.c b/src/pkix/prqp/prqp_req_io.c similarity index 100% rename from src/prqp/prqp_req_io.c rename to src/pkix/prqp/prqp_req_io.c diff --git a/src/prqp/prqp_resp_io.c b/src/pkix/prqp/prqp_resp_io.c similarity index 100% rename from src/prqp/prqp_resp_io.c rename to src/pkix/prqp/prqp_resp_io.c diff --git a/src/prqp/prqp_srv.c b/src/pkix/prqp/prqp_srv.c similarity index 100% rename from src/prqp/prqp_srv.c rename to src/pkix/prqp/prqp_srv.c diff --git a/src/scep/Makefile.am b/src/pkix/scep/Makefile.am similarity index 100% rename from src/scep/Makefile.am rename to src/pkix/scep/Makefile.am diff --git a/src/scep/Makefile.in b/src/pkix/scep/Makefile.in similarity index 100% rename from src/scep/Makefile.in rename to src/pkix/scep/Makefile.in diff --git a/src/scep/pki_x509_scep_asn1.c b/src/pkix/scep/pki_x509_scep_asn1.c similarity index 100% rename from src/scep/pki_x509_scep_asn1.c rename to src/pkix/scep/pki_x509_scep_asn1.c diff --git a/src/scep/pki_x509_scep_attr.c b/src/pkix/scep/pki_x509_scep_attr.c similarity index 99% rename from src/scep/pki_x509_scep_attr.c rename to src/pkix/scep/pki_x509_scep_attr.c index 919f449b..d9815473 100644 --- a/src/scep/pki_x509_scep_attr.c +++ b/src/pkix/scep/pki_x509_scep_attr.c @@ -291,7 +291,7 @@ int PKI_X509_SCEP_MSG_get_attr_value_int(const PKI_X509_SCEP_MSG * const msg, PKI_MEM *PKI_X509_SCEP_MSG_new_trans_id(const PKI_X509_KEYPAIR * key) { - PKI_DIGEST *dgst = NULL; + CRYPTO_DIGEST *dgst = NULL; PKI_MEM *mem = NULL; if (!key || !key->value ) return NULL; diff --git a/src/scep/pki_x509_scep_data.c b/src/pkix/scep/pki_x509_scep_data.c similarity index 100% rename from src/scep/pki_x509_scep_data.c rename to src/pkix/scep/pki_x509_scep_data.c diff --git a/src/scep/pki_x509_scep_msg.c b/src/pkix/scep/pki_x509_scep_msg.c similarity index 100% rename from src/scep/pki_x509_scep_msg.c rename to src/pkix/scep/pki_x509_scep_msg.c diff --git a/results/.gitkeep b/src/tests/results/.gitkeep similarity index 100% rename from results/.gitkeep rename to src/tests/results/.gitkeep diff --git a/src/tests/results/ocsp-req.pem b/src/tests/results/ocsp-req.pem new file mode 100644 index 00000000..f9f5c26e --- /dev/null +++ b/src/tests/results/ocsp-req.pem @@ -0,0 +1,6 @@ +-----BEGIN OCSP REQUEST----- +MIGYMIGVMG4wbDBqMA0GCWCGSAFlAwQCAQUABCDBkL6eLzlAmxS24/1dn5qljLah +F/TyLsHvxjHuOiiXpgQgOzQShMH60bO3eD+7XwfHC/QyKOgFhNy6nuDJU7ebCvwC +FQCEWbhYZOJjj4lXWH/RIftMy0r6/aIjMCEwHwYJKwYBBQUHMAECBBIEEJxlJS2Z +g0NhskM+o5snK7Y= +-----END OCSP REQUEST----- diff --git a/src/tests/results/ocsp-resp.der b/src/tests/results/ocsp-resp.der new file mode 100644 index 00000000..7a4a316e Binary files /dev/null and b/src/tests/results/ocsp-resp.der differ diff --git a/src/token.c b/src/token/token.c similarity index 100% rename from src/token.c rename to src/token/token.c diff --git a/src/token_data.c b/src/token/token_data.c similarity index 100% rename from src/token_data.c rename to src/token/token_data.c diff --git a/src/token_id.c b/src/token/token_id.c similarity index 100% rename from src/token_id.c rename to src/token/token_id.c diff --git a/src/utils/Makefile.am b/src/utils/Makefile.am new file mode 100644 index 00000000..22fb9d1a --- /dev/null +++ b/src/utils/Makefile.am @@ -0,0 +1,82 @@ +## OpenCA Makefile - by Massimiliano Pala +## (c) 1999-2007 by Massimiliano Pala and OpenCA Project +## All Rights Reserved + +TOP = .. +include $(TOP)/global-vars + +BASE_DEFS = + +DEFS = $(OPENCA_DEFS) + +AM_CPPFLAGS = -I$(TOP) \ + $(openssl_cflags) \ + $(libxml2_cflags) \ + $(COND_INCLUDES) + +# Composite Support +if ENABLE_COMPOSITE + COMPOSITE_SUBDIR = composite + COMPOSITE_OBJ = composite/libpki-composite.la +else + COMPOSITE_SUBDIR = + COMPOSITE_OBJ = +endif + +# OQS Support +if ENABLE_OQS + PQC_SUBDIR = pqc + PQC_OBJ = pqc/libpki-pqc.la +else + PQC_SUBDIR = + PQC_OBJ = +endif + +OBJECTS = $(COMPOSITE_OBJ) $(PQC_OBJ) + +SUBDIRS = $(COMPOSITE_SUBDIR) $(PQC_SUBDIR) + +NOINST_SRCS = \ + internal/ossl_1_0_x/*.h \ + internal/ossl_1_1_0/*.h \ + internal/ossl_1_1_1/*.h \ + internal/x509_data_st.h \ + internal/ossl_lcl.h + +OPENSSL_SRCS = \ + ${NOINST_SRCS} \ + pthread_init.c \ + pki_id.c \ + pki_oid.c \ + pki_rand.c \ + pki_oid_defs.c \ + pki_algor.c \ + pki_digest.c \ + pki_hmac.c \ + pki_string.c \ + pki_time.c \ + pki_integer.c \ + pki_keypair.c \ + pki_keyparams.c \ + pki_x509_item.c \ + pki_x509_name.c \ + pki_x509_cert.c \ + pki_x509_crl.c \ + pki_x509_req.c \ + pki_x509_pkcs7.c \ + pki_x509_cms.c \ + pki_x509_p12.c \ + pki_x509_extension.c \ + pki_x509_signature.c \ + pki_x509_xpair.c \ + pki_x509_xpair_asn1.c \ + pki_ocsp_req.c \ + pki_ocsp_resp.c \ + pki_x509_attribute.c + +noinst_LTLIBRARIES = libpki-openssl.la + +libpki_openssl_la_SOURCES = $(OPENSSL_SRCS) +libpki_openssl_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) +libpki_openssl_la_LIBADD = $(OBJECTS) + diff --git a/src/banners.c b/src/utils/banners.c similarity index 100% rename from src/banners.c rename to src/utils/banners.c diff --git a/src/io/Makefile.am b/src/utils/io/Makefile.am similarity index 100% rename from src/io/Makefile.am rename to src/utils/io/Makefile.am diff --git a/src/io/Makefile.in b/src/utils/io/Makefile.in similarity index 100% rename from src/io/Makefile.in rename to src/utils/io/Makefile.in diff --git a/src/io/pki_keypair_io.c b/src/utils/io/pki_keypair_io.c similarity index 100% rename from src/io/pki_keypair_io.c rename to src/utils/io/pki_keypair_io.c diff --git a/src/io/pki_msg_req_io.c b/src/utils/io/pki_msg_req_io.c similarity index 100% rename from src/io/pki_msg_req_io.c rename to src/utils/io/pki_msg_req_io.c diff --git a/src/io/pki_msg_resp_io.c b/src/utils/io/pki_msg_resp_io.c similarity index 100% rename from src/io/pki_msg_resp_io.c rename to src/utils/io/pki_msg_resp_io.c diff --git a/src/io/pki_ocsp_req_io.c b/src/utils/io/pki_ocsp_req_io.c similarity index 100% rename from src/io/pki_ocsp_req_io.c rename to src/utils/io/pki_ocsp_req_io.c diff --git a/src/io/pki_ocsp_resp_io.c b/src/utils/io/pki_ocsp_resp_io.c similarity index 100% rename from src/io/pki_ocsp_resp_io.c rename to src/utils/io/pki_ocsp_resp_io.c diff --git a/src/io/pki_x509_cert_io.c b/src/utils/io/pki_x509_cert_io.c similarity index 100% rename from src/io/pki_x509_cert_io.c rename to src/utils/io/pki_x509_cert_io.c diff --git a/src/io/pki_x509_cms_io.c b/src/utils/io/pki_x509_cms_io.c similarity index 100% rename from src/io/pki_x509_cms_io.c rename to src/utils/io/pki_x509_cms_io.c diff --git a/src/io/pki_x509_crl_io.c b/src/utils/io/pki_x509_crl_io.c similarity index 100% rename from src/io/pki_x509_crl_io.c rename to src/utils/io/pki_x509_crl_io.c diff --git a/src/io/pki_x509_io.c b/src/utils/io/pki_x509_io.c similarity index 100% rename from src/io/pki_x509_io.c rename to src/utils/io/pki_x509_io.c diff --git a/src/io/pki_x509_p12_io.c b/src/utils/io/pki_x509_p12_io.c similarity index 100% rename from src/io/pki_x509_p12_io.c rename to src/utils/io/pki_x509_p12_io.c diff --git a/src/io/pki_x509_pkcs7_io.c b/src/utils/io/pki_x509_pkcs7_io.c similarity index 100% rename from src/io/pki_x509_pkcs7_io.c rename to src/utils/io/pki_x509_pkcs7_io.c diff --git a/src/io/pki_x509_req_io.c b/src/utils/io/pki_x509_req_io.c similarity index 100% rename from src/io/pki_x509_req_io.c rename to src/utils/io/pki_x509_req_io.c diff --git a/src/io/pki_x509_xpair_io.c b/src/utils/io/pki_x509_xpair_io.c similarity index 100% rename from src/io/pki_x509_xpair_io.c rename to src/utils/io/pki_x509_xpair_io.c diff --git a/src/net/Makefile.am b/src/utils/net/Makefile.am similarity index 100% rename from src/net/Makefile.am rename to src/utils/net/Makefile.am diff --git a/src/net/Makefile.in b/src/utils/net/Makefile.in similarity index 100% rename from src/net/Makefile.in rename to src/utils/net/Makefile.in diff --git a/src/net/dns.c b/src/utils/net/dns.c similarity index 100% rename from src/net/dns.c rename to src/utils/net/dns.c diff --git a/src/net/http_s.c b/src/utils/net/http_s.c similarity index 100% rename from src/net/http_s.c rename to src/utils/net/http_s.c diff --git a/src/net/ldap.c b/src/utils/net/ldap.c similarity index 100% rename from src/net/ldap.c rename to src/utils/net/ldap.c diff --git a/src/net/mysql.c b/src/utils/net/mysql.c similarity index 100% rename from src/net/mysql.c rename to src/utils/net/mysql.c diff --git a/src/net/pg.c b/src/utils/net/pg.c similarity index 100% rename from src/net/pg.c rename to src/utils/net/pg.c diff --git a/src/net/pkcs11.c b/src/utils/net/pkcs11.c similarity index 100% rename from src/net/pkcs11.c rename to src/utils/net/pkcs11.c diff --git a/src/net/pki_socket.c b/src/utils/net/pki_socket.c similarity index 100% rename from src/net/pki_socket.c rename to src/utils/net/pki_socket.c diff --git a/src/net/sock.c b/src/utils/net/sock.c similarity index 100% rename from src/net/sock.c rename to src/utils/net/sock.c diff --git a/src/net/ssl.c b/src/utils/net/ssl.c similarity index 100% rename from src/net/ssl.c rename to src/utils/net/ssl.c diff --git a/src/net/url.c b/src/utils/net/url.c similarity index 100% rename from src/net/url.c rename to src/utils/net/url.c diff --git a/src/pki_config.c b/src/utils/pki_config.c similarity index 100% rename from src/pki_config.c rename to src/utils/pki_config.c diff --git a/src/pki_cred.c b/src/utils/pki_cred.c similarity index 100% rename from src/pki_cred.c rename to src/utils/pki_cred.c diff --git a/src/pki_err.c b/src/utils/pki_err.c similarity index 100% rename from src/pki_err.c rename to src/utils/pki_err.c diff --git a/src/pki_init.c b/src/utils/pki_init.c similarity index 96% rename from src/pki_init.c rename to src/utils/pki_init.c index 70c12e4c..671b1ff4 100644 --- a/src/pki_init.c +++ b/src/utils/pki_init.c @@ -123,6 +123,13 @@ int PKI_init_all( void ) { PKI_LOG_FLAGS_ENABLE_DEBUG, NULL ); +#ifdef ENABLE_OPENSSL + +#if OPENSSL_VERSION_NUMBER >= 0x3000000fL + // Initializes the OQS Provider layer + PKI_init_providers(); +#endif + // OpenSSL init X509V3_add_standard_extensions(); OpenSSL_add_all_algorithms(); @@ -140,6 +147,8 @@ int PKI_init_all( void ) { ERR_load_crypto_strings(); #endif +#endif /* ENABLE_OPENSSL */ + // Parser for Config files xmlInitParser(); @@ -152,25 +161,20 @@ int PKI_init_all( void ) { // SCEP Init PKI_X509_SCEP_init(); -#if OPENSSL_VERSION_NUMBER >= 0x3000000fL - // Initializes the OQS Provider layer - PKI_init_providers(); -#endif - -#ifdef ENABLE_OQS - // Post-Quantum Crypto Implementation - PKI_PQC_init(); -#endif -#ifdef ENABLE_COMPOSITE - // Generic Composite Crypto (both AND and OR) - PKI_COMPOSITE_init(); - // // Explicit Composite Crypto - PKI_EXPLICIT_COMPOSITE_init(); -#endif -#ifdef ENABLE_COMBINED - // Multikey Crypto (multi-keys OR) - _init_combined(); -#endif +// #ifdef ENABLE_OQS +// // Post-Quantum Crypto Implementation +// PKI_PQC_init(); +// #endif +// #ifdef ENABLE_COMPOSITE +// // Generic Composite Crypto (both AND and OR) +// PKI_COMPOSITE_init(); +// // // Explicit Composite Crypto +// PKI_EXPLICIT_COMPOSITE_init(); +// #endif +// #ifdef ENABLE_COMBINED +// // Multikey Crypto (multi-keys OR) +// _init_combined(); +// #endif } /* Enable Proxy Certificates Support */ diff --git a/src/pki_log.c b/src/utils/pki_log.c similarity index 100% rename from src/pki_log.c rename to src/utils/pki_log.c diff --git a/src/pki_mem.c b/src/utils/pki_mem.c similarity index 100% rename from src/pki_mem.c rename to src/utils/pki_mem.c diff --git a/src/pki_threads.c b/src/utils/pki_threads.c similarity index 100% rename from src/pki_threads.c rename to src/utils/pki_threads.c diff --git a/src/pki_threads_vars.c b/src/utils/pki_threads_vars.c similarity index 100% rename from src/pki_threads_vars.c rename to src/utils/pki_threads_vars.c diff --git a/src/pki_x509_mem.c b/src/utils/pki_x509_mem.c similarity index 100% rename from src/pki_x509_mem.c rename to src/utils/pki_x509_mem.c diff --git a/src/pki_x509_mime.c b/src/utils/pki_x509_mime.c similarity index 100% rename from src/pki_x509_mime.c rename to src/utils/pki_x509_mime.c diff --git a/src/openssl/pthread_init.c b/src/utils/pthread_init.c similarity index 100% rename from src/openssl/pthread_init.c rename to src/utils/pthread_init.c diff --git a/src/stack.c b/src/utils/stack.c similarity index 100% rename from src/stack.c rename to src/utils/stack.c diff --git a/src/support.c b/src/utils/support.c similarity index 100% rename from src/support.c rename to src/utils/support.c diff --git a/src/x509/Makefile.am b/src/x509/Makefile.am new file mode 100644 index 00000000..22fb9d1a --- /dev/null +++ b/src/x509/Makefile.am @@ -0,0 +1,82 @@ +## OpenCA Makefile - by Massimiliano Pala +## (c) 1999-2007 by Massimiliano Pala and OpenCA Project +## All Rights Reserved + +TOP = .. +include $(TOP)/global-vars + +BASE_DEFS = + +DEFS = $(OPENCA_DEFS) + +AM_CPPFLAGS = -I$(TOP) \ + $(openssl_cflags) \ + $(libxml2_cflags) \ + $(COND_INCLUDES) + +# Composite Support +if ENABLE_COMPOSITE + COMPOSITE_SUBDIR = composite + COMPOSITE_OBJ = composite/libpki-composite.la +else + COMPOSITE_SUBDIR = + COMPOSITE_OBJ = +endif + +# OQS Support +if ENABLE_OQS + PQC_SUBDIR = pqc + PQC_OBJ = pqc/libpki-pqc.la +else + PQC_SUBDIR = + PQC_OBJ = +endif + +OBJECTS = $(COMPOSITE_OBJ) $(PQC_OBJ) + +SUBDIRS = $(COMPOSITE_SUBDIR) $(PQC_SUBDIR) + +NOINST_SRCS = \ + internal/ossl_1_0_x/*.h \ + internal/ossl_1_1_0/*.h \ + internal/ossl_1_1_1/*.h \ + internal/x509_data_st.h \ + internal/ossl_lcl.h + +OPENSSL_SRCS = \ + ${NOINST_SRCS} \ + pthread_init.c \ + pki_id.c \ + pki_oid.c \ + pki_rand.c \ + pki_oid_defs.c \ + pki_algor.c \ + pki_digest.c \ + pki_hmac.c \ + pki_string.c \ + pki_time.c \ + pki_integer.c \ + pki_keypair.c \ + pki_keyparams.c \ + pki_x509_item.c \ + pki_x509_name.c \ + pki_x509_cert.c \ + pki_x509_crl.c \ + pki_x509_req.c \ + pki_x509_pkcs7.c \ + pki_x509_cms.c \ + pki_x509_p12.c \ + pki_x509_extension.c \ + pki_x509_signature.c \ + pki_x509_xpair.c \ + pki_x509_xpair_asn1.c \ + pki_ocsp_req.c \ + pki_ocsp_resp.c \ + pki_x509_attribute.c + +noinst_LTLIBRARIES = libpki-openssl.la + +libpki_openssl_la_SOURCES = $(OPENSSL_SRCS) +libpki_openssl_la_CFLAGS = $(BUILD_LIBPKI_CFLAGS) +libpki_openssl_la_LIBADD = $(OBJECTS) + diff --git a/src/extensions.c b/src/x509/extensions.c similarity index 100% rename from src/extensions.c rename to src/x509/extensions.c diff --git a/src/openssl/pki_integer.c b/src/x509/pki_integer.c similarity index 100% rename from src/openssl/pki_integer.c rename to src/x509/pki_integer.c diff --git a/src/openssl/pki_string.c b/src/x509/pki_string.c similarity index 100% rename from src/openssl/pki_string.c rename to src/x509/pki_string.c diff --git a/src/openssl/pki_time.c b/src/x509/pki_time.c similarity index 100% rename from src/openssl/pki_time.c rename to src/x509/pki_time.c diff --git a/src/openssl/pki_x509_attribute.c b/src/x509/pki_x509_attribute.c similarity index 100% rename from src/openssl/pki_x509_attribute.c rename to src/x509/pki_x509_attribute.c diff --git a/src/openssl/pki_x509_cert.c b/src/x509/pki_x509_cert.c similarity index 100% rename from src/openssl/pki_x509_cert.c rename to src/x509/pki_x509_cert.c diff --git a/src/openssl/pki_x509_cms.c b/src/x509/pki_x509_cms.c similarity index 100% rename from src/openssl/pki_x509_cms.c rename to src/x509/pki_x509_cms.c diff --git a/src/openssl/pki_x509_crl.c b/src/x509/pki_x509_crl.c similarity index 100% rename from src/openssl/pki_x509_crl.c rename to src/x509/pki_x509_crl.c diff --git a/src/openssl/pki_x509_extension.c b/src/x509/pki_x509_extension.c similarity index 100% rename from src/openssl/pki_x509_extension.c rename to src/x509/pki_x509_extension.c diff --git a/src/openssl/pki_x509_item.c b/src/x509/pki_x509_item.c similarity index 100% rename from src/openssl/pki_x509_item.c rename to src/x509/pki_x509_item.c diff --git a/src/openssl/pki_x509_name.c b/src/x509/pki_x509_name.c similarity index 100% rename from src/openssl/pki_x509_name.c rename to src/x509/pki_x509_name.c diff --git a/src/openssl/pki_x509_p12.c b/src/x509/pki_x509_p12.c similarity index 100% rename from src/openssl/pki_x509_p12.c rename to src/x509/pki_x509_p12.c diff --git a/src/openssl/pki_x509_pkcs7.c b/src/x509/pki_x509_pkcs7.c similarity index 100% rename from src/openssl/pki_x509_pkcs7.c rename to src/x509/pki_x509_pkcs7.c diff --git a/src/openssl/pki_x509_req.c b/src/x509/pki_x509_req.c similarity index 100% rename from src/openssl/pki_x509_req.c rename to src/x509/pki_x509_req.c diff --git a/src/openssl/pki_x509_signature.c b/src/x509/pki_x509_signature.c similarity index 100% rename from src/openssl/pki_x509_signature.c rename to src/x509/pki_x509_signature.c diff --git a/src/openssl/pki_x509_xpair.c b/src/x509/pki_x509_xpair.c similarity index 100% rename from src/openssl/pki_x509_xpair.c rename to src/x509/pki_x509_xpair.c diff --git a/src/openssl/pki_x509_xpair_asn1.c b/src/x509/pki_x509_xpair_asn1.c similarity index 100% rename from src/openssl/pki_x509_xpair_asn1.c rename to src/x509/pki_x509_xpair_asn1.c diff --git a/src/profile.c b/src/x509/profile.c similarity index 100% rename from src/profile.c rename to src/x509/profile.c