hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Crypto: Add EVP key gen and signature operation (work in progress). Add initial signature tests (no expected files yet). Add new openssl .h stubs. Clean up of OperationBase and associated uses. Update test case stubs to be closer to the actual stubs. Fix unncessary instanceof check in signatures.

Browse Source
This commit is contained in:
REDMOND\brodes
2025-06-05 16:38:37 -04:00
parent f952f901e4
commit 98aae6a7bf
26 changed files with 3206 additions and 679 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/SignatureAlgorithmInstance.qll
View File

@@ -42,7 +42,7 @@ class KnownOpenSSLSignatureConstantAlgorithmInstance extends OpenSSLAlgorithmIns
// 1) The source is a literal and flows to a getter, then we know we have an instance
// 2) The source is a KnownOpenSSLAlgorithm call, and we know we have an instance immediately from that
// Possibility 1:
this instanceof KnownOpenSSLPaddingAlgorithmExpr and
this instanceof OpenSSLAlgorithmLiteral and
exists(DataFlow::Node src, DataFlow::Node sink |
// Sink is an argument to a signature getter call
sink = getterCall.getInputNode() and

22
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPCipherOperation.qll
View File

@@ -94,24 +94,6 @@ class EVP_CipherInit_SKEY_Call extends EVP_EX2_Initializer {
override Expr getOperationSubtypeArg() { result = this.(Call).getArgument(5) }
}
class EVPCipherInitializerAlgorithmArgument extends Expr {
EVPCipherInitializerAlgorithmArgument() {
exists(EVP_Cipher_Initializer initCall | this = initCall.getAlgorithmArg())
}
}
class EVPCipherInitializerKeyArgument extends Expr {
EVPCipherInitializerKeyArgument() {
exists(EVP_Cipher_Initializer initCall | this = initCall.getKeyArg())
}
}
class EVPCipherInitializerIVArgument extends Expr {
EVPCipherInitializerIVArgument() {
exists(EVP_Cipher_Initializer initCall | this = initCall.getIVArg())
}
}
class EVP_Cipher_Update_Call extends EVPUpdate {
EVP_Cipher_Update_Call() {
this.(Call).getTarget().getName() in [
@@ -164,6 +146,8 @@ class EVP_Cipher_Call extends EVPOperation, EVP_Cipher_Operation {
EVP_Cipher_Call() { this.(Call).getTarget().getName() = "EVP_Cipher" }
override Expr getInputArg() { result = this.(Call).getArgument(2) }
override Expr getAlgorithmArg() { result = this.getInitCall().getAlgorithmArg() }
}
class EVP_Cipher_Final_Call extends EVPFinal, EVP_Cipher_Operation {
@@ -182,4 +166,6 @@ class EVP_Cipher_Final_Call extends EVPFinal, EVP_Cipher_Operation {
or
result = EVP_Cipher_Operation.super.getOutputArg()
}
override Expr getAlgorithmArg() { result = this.getInitCall().getAlgorithmArg() }
}

2
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPHashOperation.qll
View File

@@ -93,4 +93,6 @@ class EVP_Digest_Final_Call extends EVPFinal, Crypto::HashOperationInstance {
override Crypto::ConsumerInputDataFlowNode getInputConsumer() {
result = EVPFinal.super.getInputConsumer()
}
override Expr getAlgorithmArg() { result = this.getInitCall().getAlgorithmArg() }
}

86
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPKeyGenOperation.qll Normal file
View File

@@ -0,0 +1,86 @@
private import experimental.quantum.Language
private import experimental.quantum.OpenSSL.CtxFlow
private import OpenSSLOperationBase
private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
private import semmle.code.cpp.dataflow.new.DataFlow
class EVPKeyGenInitialize extends EVPInitialize {
EVPKeyGenInitialize() {
this.(Call).getTarget().getName() in [
"EVP_PKEY_keygen_init",
"EVP_PKEY_paramgen_init"
]
}
override Expr getAlgorithmArg() {
// The context argument encodes the algorithm
result = this.getContextArg()
}
}
// /**
// * All calls that can be tracked via ctx.
// * For example calls used to set parameters like a key size.
// */
// class EVPKeyGenUpdate extends Call {
// EVPKeyGenUpdate() {
// this.(Call).getTarget().getName() in [
// "EVP_PKEY_CTX_set_rsa_keygen_bits",
// // TODO: "EVP_PKEY_CTX_set_params"
// ]
// }
// /**
// * No input in our meaning.
// */
// override Expr getInputArg() { none() }
// /**
// * No output in our meaning.
// */
// override Expr getOutputArg() { none() }
// Expr getKeySizeArg() {
// this.(Call).getTarget().getName() = "EVP_PKEY_CTX_set_rsa_keygen_bits" and
// result = this.(Call).getArgument(1)
// }
// }
class EVPKeyGenOperation extends EVPOperation, Crypto::KeyGenerationOperationInstance {
DataFlow::Node keyResultNode;
EVPKeyGenOperation() {
this.(Call).getTarget().getName() in ["EVP_RSA_gen", "EVP_PKEY_Q_keygen"] and
keyResultNode.asExpr() = this
or
this.(Call).getTarget().getName() in [
"EVP_PKEY_generate", "EVP_PKEY_keygen", "EVP_PKEY_paramgen"
] and
keyResultNode.asDefiningArgument() = this.(Call).getArgument(1)
}
override Expr getAlgorithmArg() {
this.(Call).getTarget().getName() = "EVP_PKEY_Q_keygen" and
result = this.(Call).getArgument(0)
or
result = this.getInitCall().getAlgorithmArg()
}
override Crypto::KeyArtifactType getOutputKeyType() { result = Crypto::TAsymmetricKeyType() }
override Expr getInputArg() { none() }
override Expr getOutputArg() { result = this.(Call).getArgument(1) }
override Crypto::ArtifactOutputDataFlowNode getOutputKeyArtifact() { result = keyResultNode }
override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() {
none()
// if this.(Call).getTarget().getName() = "EVP_PKEY_Q_keygen"
// then result = DataFlow::exprNode(this.(Call).getArgument(3)) // TODO: may be wrong for EC keys
// else
// if this.(Call).getTarget().getName() = "EVP_RSA_gen"
// then result = DataFlow::exprNode(this.(Call).getArgument(0))
// else result = DataFlow::exprNode(this.getUpdateCalls().(EVPKeyGenUpdate).getKeySizeArg())
}
override int getKeySizeFixed() {
none() // TODO
}
}

227
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPSignatureOperation.qll Normal file
View File

@@ -0,0 +1,227 @@
/**
* Provides classes for modeling OpenSSL's EVP signature operations
*/
private import experimental.quantum.Language
private import OpenSSLOperationBase
private import experimental.quantum.OpenSSL.CtxFlow
private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
private import experimental.quantum.OpenSSL.Operations.OpenSSLOperations
module OpenSSLKeyGenToArgConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
exists(Crypto::KeyGenerationOperationInstance keygen | keygen.getOutputKeyArtifact() = source)
}
predicate isSink(DataFlow::Node sink) { exists(Call c | c.getAnArgument() = sink.asExpr()) }
}
module OpenSSLKeyGenToArgFlow = TaintTracking::Global<OpenSSLKeyGenToArgConfig>;
// TODO: verification functions
class EVP_Signature_Initializer extends EVPInitialize {
EVP_Signature_Initializer() {
this.(Call).getTarget().getName() in [
"EVP_DigestSignInit", "EVP_DigestSignInit_ex", "EVP_SignInit", "EVP_SignInit_ex",
"EVP_PKEY_sign_init", "EVP_PKEY_sign_init_ex", "EVP_PKEY_sign_init_ex2",
"EVP_PKEY_sign_message_init"
]
}
/**
* Gets the algorithm associated with this initialization by following
* where the algorithm is set through the context argument.
*/
Expr getAlgorithmArgFromCtx() {
// exists(EVPPKeyAlgorithmConsumer source, DataFlow::Node sink |
// result = source.getInputNode().asExpr() and
// sink.asExpr() = this.getContextArg() and
// OpenSSLCtxSourceToArgumentFlow::flow(source.getResultNode(), sink)
// )
// or
result = this.getAlgorithmArgFromKey(this.getKeyArgFromCtx())
}
Expr getAlgorithmArgFromKey(Expr keyArg) {
exists(Crypto::KeyGenerationOperationInstance keygen |
OpenSSLKeyGenToArgFlow::flow(keygen.getOutputKeyArtifact(), DataFlow::exprNode(keyArg)) and
result = keygen.(OpenSSLOperation).getAlgorithmArg()
)
}
/**
* Gets the argument ingesting a key
* by tracing the context arg back to a context creation
*/
Expr getKeyArgFromCtx() {
exists(Call contextCreationCall |
ctxArgOrRetFlowsToCtxArg(contextCreationCall, this.getContextArg()) and
(
contextCreationCall.getTarget().getName() = "EVP_PKEY_CTX_new" and
result = contextCreationCall.getArgument(0)
or
contextCreationCall.getTarget().getName() = "EVP_PKEY_CTX_new_from_pkey" and
result = contextCreationCall.getArgument(1)
)
)
}
override Expr getAlgorithmArg() {
// explicit algorithm as argument
this.(Call).getTarget().getName() in ["EVP_PKEY_sign_init_ex2", "EVP_PKEY_sign_message_init"] and
result = this.(Call).getArgument(1)
// or
// // algorithm (and key) specified in the context
// this.(Call).getTarget().getName() in ["EVP_PKEY_sign_init", "EVP_PKEY_sign_init_ex"] and
// result = getAlgorithmArgFromCtx()
// or
// // algorithm specified by the key
// this.(Call).getTarget().getName() in ["EVP_DigestSignInit", "EVP_DigestSignInit_ex"] and
// result = getAlgorithmArgFromKey()
// // NOTE: for EVP_SignInit and EVP_SignInit_ex the algorithm is not specified
// // rather the algorithm is specified by the key used for signing later in a final call.
}
/**
* Returns the key argument if there is one.
* If the key was provided via the context, we track it to the context.
*/
override Expr getKeyArg() {
this.(Call).getTarget().getName() = "EVP_DigestSignInit" and
result = this.(Call).getArgument(4)
or
this.(Call).getTarget().getName() = "EVP_DigestSignInit_ex" and
result = this.(Call).getArgument(5)
or
this.(Call).getTarget().getName().matches("EVP_PKEY_%") and
result = this.getKeyArgFromCtx()
}
/**
* Signing, verification or unknown.
*/
override Crypto::KeyOperationSubtype getKeyOperationSubtype() {
if this.(Call).getTarget().getName().toLowerCase().matches("%sign%")
then result instanceof Crypto::TSignMode
else
if this.(Call).getTarget().getName().toLowerCase().matches("%verify%")
then result instanceof Crypto::TVerifyMode
else result instanceof Crypto::TUnknownKeyOperationMode
}
}
class EVP_Signature_Update_Call extends EVPUpdate {
EVP_Signature_Update_Call() {
this.(Call).getTarget().getName() in [
"EVP_DigestSignUpdate", "EVP_SignUpdate", "EVP_PKEY_sign_message_update"
]
}
/**
* Input is the message to sign.
*/
override Expr getInputArg() { result = this.(Call).getArgument(1) }
}
/**
* We model output explicit output arguments as predicate to use it in constructors.
* The predicate must cover all EVP_Signature_Operation subclasses.
*/
private Expr signatureOperationOutputArg(Call call) {
if call.getTarget().getName() = "EVP_SignFinal_ex"
then result = call.getArgument(2)
else result = call.getArgument(1)
}
/**
* Base configuration for all EVP signature operations.
*/
abstract class EVP_Signature_Operation extends EVPOperation, Crypto::SignatureOperationInstance {
EVP_Signature_Operation() {
this.(Call).getTarget().getName().matches("EVP_%") and
// NULL output argument means the call is to get the size of the signature and such call is not an operation
(
not exists(signatureOperationOutputArg(this).getValue())
or
signatureOperationOutputArg(this).getValue() != "0"
)
}
/**
* Signing, verification or unknown.
*/
override Crypto::KeyOperationSubtype getKeyOperationSubtype() {
// TODO: if this KeyOperationSubtype does not match initialization call's KeyOperationSubtype then we found a bug
if this.(Call).getTarget().getName().toLowerCase().matches("%sign%")
then result instanceof Crypto::TSignMode
else
if this.(Call).getTarget().getName().toLowerCase().matches("%verify%")
then result instanceof Crypto::TVerifyMode
else result instanceof Crypto::TUnknownKeyOperationMode
}
override Crypto::ConsumerInputDataFlowNode getNonceConsumer() {
// TODO: some signing operations may have explicit nonce generators
none()
}
/**
* Keys provided in the initialization call or in a context are found by this method.
* Keys in explicit arguments are found by overriden methods in extending classes.
*/
override Crypto::ConsumerInputDataFlowNode getKeyConsumer() {
result = DataFlow::exprNode(this.getInitCall().getKeyArg())
}
override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() {
result = EVPOperation.super.getOutputArtifact()
}
override Crypto::ConsumerInputDataFlowNode getInputConsumer() {
result = EVPOperation.super.getInputConsumer()
}
/**
* TODO: only signing operations for now, change when verificaiton is added
*/
override Crypto::ConsumerInputDataFlowNode getSignatureConsumer() { none() }
}
// class EVP_Signature_Call extends EVPOperation, EVP_Signature_Operation {
// EVP_Signature_Call() { this.(Call).getTarget().getName() in ["EVP_DigestSign", "EVP_PKEY_sign"] }
// /**
// * Output is the signature.
// */
// override Expr getOutputArg() { result = signatureOperationOutputArg(this) }
// /**
// * Input is the message to sign.
// */
// override Expr getInputArg() { result = this.(Call).getArgument(3) }
// }
// class EVP_Signature_Final_Call extends EVPFinal, EVP_Signature_Operation {
// EVP_Signature_Final_Call() {
// this.(Call).getTarget().getName() in [
// "EVP_DigestSignFinal", "EVP_SignFinal_ex", "EVP_SignFinal", "EVP_PKEY_sign_message_final"
// ]
// }
// override Expr getAlgorithmArg() {
// none()
// // // algorithm specified by the key and the key is provided in this operation
// // if this.(Call).getTarget().getName() in ["EVP_SignFinal", "EVP_SignFinal_ex"]
// // then result = getAlgorithmFromKey(this.getKeyConsumer().asExpr())
// // else
// // // or find algorithm in the initialization call
// // result = EVP_Signature_Operation.super.getAlgorithmArg()
// }
// override Crypto::ConsumerInputDataFlowNode getKeyConsumer() {
// // key provided as an argument
// if this.(Call).getTarget().getName() in ["EVP_SignFinal", "EVP_SignFinal_ex"]
// then result = DataFlow::exprNode(this.(Call).getArgument(3))
// else
// // or find key in the initialization call
// result = EVP_Signature_Operation.super.getKeyConsumer()
// }
// /**
// * Output is the signature.
// */
// override Expr getOutputArg() { result = signatureOperationOutputArg(this) }
// }

26
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll
View File

@@ -7,8 +7,11 @@ private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgor
*/
abstract class OpenSSLOperation extends Crypto::OperationInstance instanceof Call {
/**
* Expression that specifies the algorithm for the operation.
* Will be an argument of the operation in the simplest case.
* Gets the argument that specifies the algorithm for the operation.
* This argument might not be immediately present at the specified operation.
* For example, it might be set in an initialization call.
* Modelers of the operation are resonsible for linking the operation to any
* initialization calls, and providing that argument as a returned value here.
*/
abstract Expr getAlgorithmArg();
@@ -16,7 +19,7 @@ abstract class OpenSSLOperation extends Crypto::OperationInstance instanceof Cal
* Algorithm is specified in initialization call or is implicitly established by the key.
*/
override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() {
AlgGetterToAlgConsumerFlow::flow(result.(OpenSSLAlgorithmValueConsumer).getResultNode(),
AlgGetterToArgFlow::flow(result.(OpenSSLAlgorithmValueConsumer).getResultNode(),
DataFlow::exprNode(this.getAlgorithmArg()))
}
}
@@ -79,17 +82,19 @@ abstract class EVPUpdate extends Call {
/**
* Flows from algorithm values to operations, specific to OpenSSL
*/
private module AlgGetterToAlgConsumerConfig implements DataFlow::ConfigSig {
module AlgGetterToArgConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
exists(OpenSSLAlgorithmValueConsumer c | c.getResultNode() = source)
}
predicate isSink(DataFlow::Node sink) {
exists(EVPOperation c | c.getAlgorithmArg() = sink.asExpr())
}
/**
* Trace to any call accepting the algorithm.
* NOTE: users must restrict this set to the operations they are interested in.
*/
predicate isSink(DataFlow::Node sink) { exists(Call c | c.getAnArgument() = sink.asExpr()) }
}
private module AlgGetterToAlgConsumerFlow = DataFlow::Global<AlgGetterToAlgConsumerConfig>;
module AlgGetterToArgFlow = DataFlow::Global<AlgGetterToArgConfig>;
/**
* The base class for all operations of the EVP API.
@@ -113,11 +118,6 @@ abstract class EVPOperation extends OpenSSLOperation {
*/
abstract Expr getOutputArg();
/**
* Overwrite with an explicitly specified algorithm or leave base implementation to find it in the initialization call.
*/
override Expr getAlgorithmArg() { result = this.getInitCall().getAlgorithmArg() }
/**
* Finds the initialization call, may be none.
*/

2
cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperations.qll
View File

@@ -2,3 +2,5 @@ import OpenSSLOperationBase
import EVPCipherOperation
import EVPHashOperation
import ECKeyGenOperation
import EVPSignatureOperation
import EVPKeyGenOperation

3
cpp/ql/test/experimental/library-tests/quantum/openssl/hash_input_sources.expected
View File

@@ -1,2 +1,5 @@
| openssl_basic.c:124:13:124:30 | HashOperation | openssl_basic.c:120:37:120:43 | Message | openssl_basic.c:181:49:181:87 | Constant |
| openssl_basic.c:144:13:144:22 | HashOperation | openssl_basic.c:144:24:144:30 | Message | openssl_basic.c:181:49:181:87 | Constant |
| openssl_signature.c:23:9:23:26 | HashOperation | openssl_signature.c:22:34:22:40 | Message | openssl_signature.c:602:37:602:77 | Constant |
| openssl_signature.c:23:9:23:26 | HashOperation | openssl_signature.c:22:34:22:40 | Message | openssl_signature.c:685:37:685:77 | Constant |
| openssl_signature.c:23:9:23:26 | HashOperation | openssl_signature.c:22:34:22:40 | Message | openssl_signature.c:741:37:741:77 | Constant |

2
cpp/ql/test/experimental/library-tests/quantum/openssl/hash_operations.expected
View File

@@ -1,2 +1,4 @@
| openssl_basic.c:124:13:124:30 | HashOperation | openssl_basic.c:124:39:124:44 | Digest | openssl_basic.c:116:38:116:47 | HashAlgorithm | openssl_basic.c:120:37:120:43 | Message |
| openssl_basic.c:144:13:144:22 | HashOperation | openssl_basic.c:144:46:144:51 | Digest | openssl_basic.c:144:67:144:73 | HashAlgorithm | openssl_basic.c:144:24:144:30 | Message |
| openssl_signature.c:23:9:23:26 | HashOperation | openssl_signature.c:23:36:23:41 | Digest | openssl_signature.c:684:24:684:33 | HashAlgorithm | openssl_signature.c:22:34:22:40 | Message |
| openssl_signature.c:23:9:23:26 | HashOperation | openssl_signature.c:23:36:23:41 | Digest | openssl_signature.c:740:24:740:33 | HashAlgorithm | openssl_signature.c:22:34:22:40 | Message |

7
cpp/ql/test/experimental/library-tests/quantum/openssl/keygen_key_sources.ql Normal file
View File

@@ -0,0 +1,7 @@
import cpp
import experimental.quantum.Language
import experimental.quantum.OpenSSL.Operations.EVPKeyGenOperation
from EVPKeyGenOperation keyGen, Crypto::KeyArtifactNode key
where keyGen = key.asElement().(Crypto::KeyArtifactOutputInstance).getCreator()
select keyGen, key, key.getAKnownAlgorithm()

6
cpp/ql/test/experimental/library-tests/quantum/openssl/keygen_operations.ql Normal file
View File

@@ -0,0 +1,6 @@
import cpp
import experimental.quantum.Language
import experimental.quantum.OpenSSL.Operations.EVPKeyGenOperation
from Crypto::KeyGenerationOperationInstance n //KeyGenerationOperationNode n
select n, n.getOutputKeyArtifact(), n.getKeyArtifactOutputInstance() // , n.getAnAlgorithmOrGenericSource()

6
cpp/ql/test/experimental/library-tests/quantum/openssl/openssl_basic.c
View File

@@ -1,6 +1,6 @@
#include "openssl/evp_stubs.h"
#include "openssl/alg_macro_stubs.h"
#include "openssl/rand_stubs.h"
#include "openssl/evp.h"
#include "openssl/obj_mac.h"
#include "openssl/rand.h"
size_t strlen(const char* str);

70
cpp/ql/test/experimental/library-tests/quantum/openssl/openssl_pkey.c Normal file
View File

@@ -0,0 +1,70 @@
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <openssl/obj_mac.h>
#include <openssl/evp.h>
// #include <openssl/evp.h>
// #include <openssl/rsa.h>
// #include <openssl/pem.h>
// #include <openssl/err.h>
// #include <stdio.h>
// #include <string.h>
int generate_rsa_pkey() {
int key_length = 2048;
RSA *rsa = RSA_new();
BIGNUM *bne = BN_new();
BN_set_word(bne, RSA_F4);
if (!RSA_generate_key_ex(rsa, key_length, bne, NULL)) {
return -1;
}
// Save private key
FILE *priv_file = fopen("private_key.pem", "wb");
PEM_write_RSAPrivateKey(priv_file, rsa, NULL, NULL, 0, NULL, NULL);
fclose(priv_file);
// Save public key
FILE *pub_file = fopen("public_key.pem", "wb");
PEM_write_RSA_PUBKEY(pub_file, rsa);
fclose(pub_file);
RSA_free(rsa);
BN_free(bne);
return 0;
}
int generate_evp_pkey() {
EVP_PKEY_CTX *ctx;
EVP_PKEY *pkey = NULL;
unsigned char *plaintext = (unsigned char *)"Hello, OpenSSL!";
unsigned char encrypted[256];
size_t encrypted_len;
// Generate RSA key
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
if (!ctx) return -1;
if (EVP_PKEY_keygen_init(ctx) <= 0) return -1;
if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) return -1;
if (EVP_PKEY_keygen(ctx, &pkey) <= 0) return -1;
EVP_PKEY_CTX_free(ctx);
// Encrypt using the generated key
ctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!ctx) handleErrors();
if (EVP_PKEY_encrypt_init(ctx) <= 0) return -1;
if (EVP_PKEY_encrypt(ctx, encrypted, &encrypted_len, plaintext, strlen((char *)plaintext)) <= 0) return -1;
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
return 0;
}

819
cpp/ql/test/experimental/library-tests/quantum/openssl/openssl_signature.c Normal file
View File

@@ -0,0 +1,819 @@
// #ifdef USE_REAL_HEADERS
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/obj_mac.h>
/* =============================================================================
* UTILITY FUNCTIONS - Common operations shared across signature APIs
* =============================================================================
*/
/**
* Create message digest from raw message data
*/
static int create_digest(const unsigned char *message, size_t message_len,
const EVP_MD *md, unsigned char *digest, unsigned int *digest_len) {
EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
int ret = 0;
if (!md_ctx ||
EVP_DigestInit_ex(md_ctx, md, NULL) != 1 ||
EVP_DigestUpdate(md_ctx, message, message_len) != 1 ||
EVP_DigestFinal_ex(md_ctx, digest, digest_len) != 1) {
goto cleanup;
}
ret = 1;
cleanup:
EVP_MD_CTX_free(md_ctx);
return ret;
}
/**
* Allocate signature buffer with appropriate size
*/
static unsigned char* allocate_signature_buffer(size_t *sig_len, const EVP_PKEY *pkey) {
*sig_len = EVP_PKEY_size(pkey);
return OPENSSL_malloc(*sig_len);
}
/**
* Helper to extract key from EVP_PKEY
*/
static RSA* get_rsa_from_pkey(EVP_PKEY *pkey) {
return EVP_PKEY_get1_RSA(pkey);
}
static DSA* get_dsa_from_pkey(EVP_PKEY *pkey) {
return EVP_PKEY_get1_DSA(pkey);
}
/* =============================================================================
* EVP_SIGN/VERIFY API - Legacy high-level API (older, simpler)
* =============================================================================
*/
/**
* Sign message using EVP_Sign API (legacy)
* Simple API with built-in hashing and signing
*/
int sign_using_evp_sign(const unsigned char *message, size_t message_len,
unsigned char **signature, size_t *signature_len,
EVP_PKEY *pkey, const EVP_MD *md) {
EVP_MD_CTX *md_ctx = NULL;
unsigned int sig_len = 0;
int ret = 0;
if (!(md_ctx = EVP_MD_CTX_new()) ||
EVP_SignInit(md_ctx, md) != 1 ||
EVP_SignUpdate(md_ctx, message, message_len) != 1) {
goto cleanup;
}
// more updates
EVP_SignUpdate(md_ctx, message+1, message_len-1);
*signature = allocate_signature_buffer(signature_len, pkey);
if (!*signature) goto cleanup;
if (EVP_SignFinal(md_ctx, *signature, &sig_len, pkey) == 1) {
*signature_len = sig_len;
ret = 1;
} else {
OPENSSL_free(*signature);
*signature = NULL;
}
cleanup:
EVP_MD_CTX_free(md_ctx);
return ret;
}
/**
* Verify signature using EVP_Verify API (legacy)
* Simple API with built-in hashing and verification
*/
int verify_using_evp_verify(const unsigned char *message, size_t message_len,
const unsigned char *signature, size_t signature_len,
EVP_PKEY *pkey, const EVP_MD *md) {
EVP_MD_CTX *md_ctx = NULL;
int ret = 0;
if (!(md_ctx = EVP_MD_CTX_new()) ||
EVP_VerifyInit(md_ctx, md) != 1 ||
EVP_VerifyUpdate(md_ctx, message, message_len) != 1 ||
EVP_VerifyUpdate(md_ctx, message+1, message_len-1) != 1 ||
EVP_VerifyFinal(md_ctx, signature, (unsigned int)signature_len, pkey) != 1) {
goto cleanup;
}
ret = 1;
cleanup:
EVP_MD_CTX_free(md_ctx);
return ret;
}
/* =============================================================================
* EVP_DIGESTSIGN/DIGESTVERIFY API - Modern recommended API
* =============================================================================
*/
/**
* Sign message using EVP_DigestSign API (recommended)
* Modern flexible API with better algorithm support
*/
int sign_using_evp_digestsign(const unsigned char *message, size_t message_len,
unsigned char **signature, size_t *signature_len,
EVP_PKEY *pkey, const EVP_MD *md) {
EVP_MD_CTX *md_ctx = NULL;
int ret = 0;
if (!(md_ctx = EVP_MD_CTX_new()) ||
EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey) != 1 ||
EVP_DigestSignUpdate(md_ctx, message, message_len) != 1 ||
EVP_DigestSignFinal(md_ctx, NULL, signature_len) != 1) {
goto cleanup;
}
*signature = OPENSSL_malloc(*signature_len);
if (!*signature) goto cleanup;
if (EVP_DigestSignFinal(md_ctx, *signature, signature_len) == 1) {
ret = 1;
} else {
OPENSSL_free(*signature);
*signature = NULL;
}
cleanup:
EVP_MD_CTX_free(md_ctx);
return ret;
}
/**
* Verify signature using EVP_DigestVerify API (recommended)
* Modern flexible API with better algorithm support
*/
int verify_using_evp_digestverify(const unsigned char *message, size_t message_len,
const unsigned char *signature, size_t signature_len,
EVP_PKEY *pkey, const EVP_MD *md) {
EVP_MD_CTX *md_ctx = NULL;
int ret = 0;
if (!(md_ctx = EVP_MD_CTX_new()) ||
EVP_DigestVerifyInit(md_ctx, NULL, md, NULL, pkey) != 1 ||
EVP_DigestVerifyUpdate(md_ctx, message, message_len) != 1 ||
EVP_DigestVerifyFinal(md_ctx, signature, signature_len) != 1) {
goto cleanup;
}
ret = 1;
cleanup:
EVP_MD_CTX_free(md_ctx);
return ret;
}
/**
* Sign with explicit PKEY_CTX for fine-grained parameter control
* Allows custom parameter settings (e.g., padding, salt length)
*/
int sign_using_digestsign_with_ctx(const unsigned char *message, size_t message_len,
unsigned char **signature, size_t *signature_len,
EVP_PKEY *pkey, const EVP_MD *md,
int (*param_setter)(EVP_PKEY_CTX *ctx)) {
EVP_MD_CTX *md_ctx = NULL;
EVP_PKEY_CTX *pkey_ctx = NULL;
int ret = 0;
if (!(md_ctx = EVP_MD_CTX_new()) ||
EVP_DigestSignInit(md_ctx, &pkey_ctx, md, NULL, pkey) != 1) {
goto cleanup;
}
if (param_setter && param_setter(pkey_ctx) != 1) goto cleanup;
if (EVP_DigestSignUpdate(md_ctx, message, message_len) != 1 ||
EVP_DigestSignFinal(md_ctx, NULL, signature_len) != 1) {
goto cleanup;
}
*signature = OPENSSL_malloc(*signature_len);
if (!*signature) goto cleanup;
if (EVP_DigestSignFinal(md_ctx, *signature, signature_len) == 1) {
ret = 1;
} else {
OPENSSL_free(*signature);
*signature = NULL;
}
cleanup:
EVP_MD_CTX_free(md_ctx);
return ret;
}
/**
* Verify with explicit PKEY_CTX for fine-grained parameter control
*/
int verify_using_digestverify_with_ctx(const unsigned char *message, size_t message_len,
const unsigned char *signature, size_t signature_len,
EVP_PKEY *pkey, const EVP_MD *md,
int (*param_setter)(EVP_PKEY_CTX *ctx)) {
EVP_MD_CTX *md_ctx = NULL;
EVP_PKEY_CTX *pkey_ctx = NULL;
int ret = 0;
if (!(md_ctx = EVP_MD_CTX_new()) ||
EVP_DigestVerifyInit(md_ctx, &pkey_ctx, md, NULL, pkey) != 1) {
goto cleanup;
}
if (param_setter && param_setter(pkey_ctx) != 1) goto cleanup;
if (EVP_DigestVerifyUpdate(md_ctx, message, message_len) != 1 ||
EVP_DigestVerifyFinal(md_ctx, signature, signature_len) != 1) {
goto cleanup;
}
ret = 1;
cleanup:
EVP_MD_CTX_free(md_ctx);
return ret;
}
/* =============================================================================
* EVP_PKEY_SIGN/VERIFY API - Lower level API with pre-hashed input
* =============================================================================
*/
/**
* Sign pre-hashed digest using EVP_PKEY_sign API
* Lower-level API requiring pre-computed digest
*/
int sign_using_evp_pkey_sign(const unsigned char *digest, size_t digest_len,
unsigned char **signature, size_t *signature_len,
EVP_PKEY *pkey, const EVP_MD *md) {
EVP_PKEY_CTX *pkey_ctx = NULL;
int ret = 0;
if (!(pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) ||
EVP_PKEY_sign_init(pkey_ctx) != 1 ||
EVP_PKEY_CTX_set_signature_md(pkey_ctx, md) != 1 ||
EVP_PKEY_sign(pkey_ctx, NULL, signature_len, digest, digest_len) != 1) {
goto cleanup;
}
*signature = OPENSSL_malloc(*signature_len);
if (!*signature) goto cleanup;
if (EVP_PKEY_sign(pkey_ctx, *signature, signature_len, digest, digest_len) == 1) {
ret = 1;
} else {
OPENSSL_free(*signature);
*signature = NULL;
}
cleanup:
EVP_PKEY_CTX_free(pkey_ctx);
return ret;
}
/**
* Verify pre-hashed digest using EVP_PKEY_verify API
* Lower-level API requiring pre-computed digest
*/
int verify_using_evp_pkey_verify(const unsigned char *digest, size_t digest_len,
const unsigned char *signature, size_t signature_len,
EVP_PKEY *pkey, const EVP_MD *md) {
EVP_PKEY_CTX *pkey_ctx = NULL;
int ret = 0;
if (!(pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) ||
EVP_PKEY_verify_init(pkey_ctx) != 1 ||
EVP_PKEY_CTX_set_signature_md(pkey_ctx, md) != 1 ||
EVP_PKEY_verify(pkey_ctx, signature, signature_len, digest, digest_len) != 1) {
goto cleanup;
}
ret = 1;
cleanup:
EVP_PKEY_CTX_free(pkey_ctx);
return ret;
}
/* =============================================================================
* EVP_PKEY_SIGN_MESSAGE API - Streamlined message signing
* =============================================================================
*/
/**
* Sign message using EVP_PKEY_sign_message API
* Streamlined interface for direct message signing
*/
int sign_using_evp_pkey_sign_message(const unsigned char *message, size_t message_len,
unsigned char **signature, size_t *signature_len,
EVP_PKEY *pkey, const EVP_MD *md, const char *alg_name) {
EVP_PKEY_CTX *pkey_ctx = NULL;
EVP_SIGNATURE *alg = NULL;
int ret = 0;
if (!(pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL))) goto cleanup;
alg = EVP_SIGNATURE_fetch(NULL, alg_name, NULL);
if (EVP_PKEY_sign_message_init(pkey_ctx, alg, NULL) != 1 ||
EVP_PKEY_sign_message_update(pkey_ctx, message, message_len) != 1 ||
EVP_PKEY_sign_message_final(pkey_ctx, NULL, signature_len) != 1) {
goto cleanup;
}
*signature = OPENSSL_malloc(*signature_len);
if (!*signature) goto cleanup;
if (EVP_PKEY_sign_message_final(pkey_ctx, *signature, signature_len) == 1) {
ret = 1;
} else {
OPENSSL_free(*signature);
*signature = NULL;
}
cleanup:
EVP_PKEY_CTX_free(pkey_ctx);
return ret;
}
/**
* Verify message using EVP_PKEY_verify_message API
* Streamlined interface for direct message verification
*/
int verify_using_evp_pkey_verify_message(const unsigned char *message, size_t message_len,
const unsigned char *signature, size_t signature_len,
EVP_PKEY *pkey, const EVP_MD *md, const char *alg_name) {
EVP_PKEY_CTX *pkey_ctx = NULL;
EVP_SIGNATURE *alg = NULL;
int ret = 0;
if (!(pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL))) goto cleanup;
alg = EVP_SIGNATURE_fetch(NULL, alg_name, NULL);
if (EVP_PKEY_verify_message_init(pkey_ctx, alg, NULL) != 1) goto cleanup;
EVP_PKEY_CTX_set_signature(pkey_ctx, signature, signature_len);
if (EVP_PKEY_verify_message_update(pkey_ctx, message, message_len) != 1 ||
EVP_PKEY_verify_message_final(pkey_ctx) != 1) {
goto cleanup;
}
ret = 1;
cleanup:
EVP_PKEY_CTX_free(pkey_ctx);
return ret;
}
/* =============================================================================
* LOW-LEVEL RSA API - Algorithm-specific functions (deprecated)
* =============================================================================
*/
/**
* Sign using low-level RSA_sign API (deprecated, RSA-only)
* Direct RSA signing with manual digest computation
*/
int sign_using_rsa_sign(const unsigned char *message, size_t message_len,
unsigned char **signature, size_t *signature_len,
RSA *rsa_key, int hash_nid, const EVP_MD *md) {
unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int digest_len;
int ret = 0;
if (!create_digest(message, message_len, md, digest, &digest_len)) return 0;
*signature_len = RSA_size(rsa_key);
*signature = OPENSSL_malloc(*signature_len);
if (!*signature) return 0;
if (RSA_sign(hash_nid, digest, digest_len, *signature,
(unsigned int*)signature_len, rsa_key) == 1) {
ret = 1;
} else {
OPENSSL_free(*signature);
*signature = NULL;
}
return ret;
}
/**
* Verify using low-level RSA_verify API (deprecated, RSA-only)
* Direct RSA verification with manual digest computation
*/
int verify_using_rsa_verify(const unsigned char *message, size_t message_len,
const unsigned char *signature, size_t signature_len,
RSA *rsa_key, int hash_nid, const EVP_MD *md) {
unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int digest_len;
if (!create_digest(message, message_len, md, digest, &digest_len)) return 0;
return RSA_verify(hash_nid, digest, digest_len, signature,
(unsigned int)signature_len, rsa_key);
}
/* =============================================================================
* LOW-LEVEL DSA API - Algorithm-specific functions (deprecated)
* =============================================================================
*/
/**
* Sign using low-level DSA_do_sign API (deprecated, DSA-only)
* Direct DSA signing with manual digest and signature encoding
*/
int sign_using_dsa_sign(const unsigned char *message, size_t message_len,
unsigned char **signature, size_t *signature_len,
DSA *dsa_key, const EVP_MD *md) {
unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int digest_len;
DSA_SIG *sig = NULL;
const BIGNUM *r = NULL, *s = NULL;
unsigned int bn_len;
int ret = 0;
if (!create_digest(message, message_len, md, digest, &digest_len)) return 0;
sig = DSA_do_sign(digest, digest_len, dsa_key);
if (!sig) return 0;
DSA_SIG_get0(sig, &r, &s);
if (!r || !s) goto cleanup;
bn_len = DSA_size(dsa_key) / 2;
*signature_len = DSA_size(dsa_key);
*signature = OPENSSL_malloc(*signature_len);
if (!*signature) goto cleanup;
memset(*signature, 0, *signature_len);
if (BN_bn2bin(r, *signature + (bn_len - BN_num_bytes(r))) > 0 &&
BN_bn2bin(s, *signature + bn_len + (bn_len - BN_num_bytes(s))) > 0) {
ret = 1;
} else {
OPENSSL_free(*signature);
*signature = NULL;
}
cleanup:
DSA_SIG_free(sig);
return ret;
}
/**
* Verify using low-level DSA_do_verify API (deprecated, DSA-only)
* Direct DSA verification with manual digest and signature decoding
*/
int verify_using_dsa_verify(const unsigned char *message, size_t message_len,
const unsigned char *signature, size_t signature_len,
DSA *dsa_key, const EVP_MD *md) {
unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int digest_len;
DSA_SIG *sig = NULL;
BIGNUM *r = NULL, *s = NULL;
unsigned int bn_len;
int ret = 0;
if (!create_digest(message, message_len, md, digest, &digest_len)) return 0;
sig = DSA_SIG_new();
if (!sig) return 0;
r = BN_new();
s = BN_new();
if (!r || !s) goto cleanup;
bn_len = DSA_size(dsa_key) / 2;
if (BN_bin2bn(signature, bn_len, r) &&
BN_bin2bn(signature + bn_len, bn_len, s) &&
DSA_SIG_set0(sig, r, s) == 1) {
/* r and s are now owned by sig */
r = s = NULL;
ret = DSA_do_verify(digest, digest_len, sig, dsa_key);
}
cleanup:
DSA_SIG_free(sig);
BN_free(r);
BN_free(s);
return (ret == 1);
}
/* =============================================================================
* PARAMETER SETTERS - Helper functions for algorithm configuration
* =============================================================================
*/
/**
* Set RSA PSS padding mode
*/
int set_rsa_pss_padding(EVP_PKEY_CTX *ctx) {
return EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING);
}
/**
* No-op parameter setter for default behavior
*/
int no_parameter_setter(EVP_PKEY_CTX *ctx) {
return 1;
}
/* =============================================================================
* KEY GENERATION HELPERS
* =============================================================================
*/
/**
* Generate RSA key pair for testing
*/
static EVP_PKEY* generate_rsa_key(void) {
EVP_PKEY_CTX *key_ctx = NULL;
EVP_PKEY *key = NULL;
key_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
if (!key_ctx) return NULL;
if (EVP_PKEY_keygen_init(key_ctx) <= 0 ||
EVP_PKEY_CTX_set_rsa_keygen_bits(key_ctx, 2048) <= 0 ||
EVP_PKEY_keygen(key_ctx, &key) <= 0) {
EVP_PKEY_free(key);
key = NULL;
}
EVP_PKEY_CTX_free(key_ctx);
return key;
}
/**
* Generate DSA key pair for testing
*/
static EVP_PKEY* generate_dsa_key(void) {
EVP_PKEY_CTX *param_ctx = NULL, *key_ctx = NULL;
EVP_PKEY *params = NULL, *key = NULL;
/* Generate parameters first */
param_ctx = EVP_PKEY_CTX_new_from_name(NULL, "dsa", NULL);
if (!param_ctx) return NULL;
if (EVP_PKEY_paramgen_init(param_ctx) <= 0 ||
EVP_PKEY_CTX_set_dsa_paramgen_bits(param_ctx, 2048) <= 0 ||
EVP_PKEY_paramgen(param_ctx, &params) <= 0) {
goto cleanup;
}
/* Generate key using parameters */
key_ctx = EVP_PKEY_CTX_new(params, NULL);
if (!key_ctx ||
EVP_PKEY_keygen_init(key_ctx) <= 0 ||
EVP_PKEY_keygen(key_ctx, &key) <= 0) {
EVP_PKEY_free(key);
key = NULL;
}
cleanup:
EVP_PKEY_CTX_free(param_ctx);
EVP_PKEY_CTX_free(key_ctx);
EVP_PKEY_free(params);
return key;
}
/* =============================================================================
* TEST FUNCTIONS - Comprehensive API testing
* =============================================================================
*/
/**
* Test all signature APIs with a given key and algorithm
* Demonstrates the 6 different signature API approaches
*/
int test_signature_apis(EVP_PKEY *key, const EVP_MD *md,
int (*param_setter)(EVP_PKEY_CTX *ctx),
const char *algo_name) {
const unsigned char message[] = "Test message for OpenSSL signature APIs";
const size_t message_len = strlen((char *)message);
unsigned char *sig1 = NULL, *sig2 = NULL, *sig3 = NULL,
*sig4 = NULL, *sig6 = NULL;
size_t sig_len1 = 0, sig_len2 = 0, sig_len3 = 0, sig_len4 = 0, sig_len6 = 0;
unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int digest_len;
int success = 1;
printf("\nTesting signature APIs with %s:\n", algo_name);
/* Test 1: EVP_Sign API */
printf("1. EVP_Sign API: ");
if (sign_using_evp_sign(message, message_len, &sig1, &sig_len1, key, md) &&
verify_using_evp_verify(message, message_len, sig1, sig_len1, key, md)) {
printf("PASS\n");
} else {
printf("FAIL\n");
success = 0;
}
/* Test 2: EVP_DigestSign API */
printf("2. EVP_DigestSign API: ");
if (sign_using_evp_digestsign(message, message_len, &sig2, &sig_len2, key, md) &&
verify_using_evp_digestverify(message, message_len, sig2, sig_len2, key, md)) {
printf("PASS\n");
} else {
printf("FAIL\n");
success = 0;
}
/* Test 3: EVP_PKEY_sign API (requires pre-hashed input) */
printf("3. EVP_PKEY_sign API: ");
if (create_digest(message, message_len, md, digest, &digest_len) &&
sign_using_evp_pkey_sign(digest, digest_len, &sig3, &sig_len3, key, md) &&
verify_using_evp_pkey_verify(digest, digest_len, sig3, sig_len3, key, md)) {
printf("PASS\n");
} else {
printf("FAIL\n");
success = 0;
}
/* Test 4: EVP_DigestSign with explicit PKEY_CTX */
printf("4. EVP_DigestSign with explicit PKEY_CTX: ");
if (sign_using_digestsign_with_ctx(message, message_len, &sig4, &sig_len4,
key, md, param_setter) &&
verify_using_digestverify_with_ctx(message, message_len, sig4, sig_len4,
key, md, param_setter)) {
printf("PASS\n");
} else {
printf("FAIL\n");
success = 0;
}
/* Test 6: EVP_PKEY_sign_message API */
printf("6. EVP_PKEY_sign_message API: ");
if (sign_using_evp_pkey_sign_message(message, message_len, &sig6, &sig_len6, key, md, algo_name) &&
verify_using_evp_pkey_verify_message(message, message_len, sig6, sig_len6, key, md, algo_name)) {
printf("PASS\n");
} else {
printf("FAIL\n");
success = 0;
}
/* Cleanup */
OPENSSL_free(sig1);
OPENSSL_free(sig2);
OPENSSL_free(sig3);
OPENSSL_free(sig4);
OPENSSL_free(sig6);
return success;
}
/**
* Test RSA-specific signature APIs including low-level RSA functions
*/
int test_signature_apis_rsa(void) {
EVP_PKEY *key = NULL;
RSA *rsa_key = NULL;
const EVP_MD *md = EVP_sha256();
const unsigned char message[] = "Test message for OpenSSL signature APIs";
const size_t message_len = strlen((char *)message);
unsigned char *sig5 = NULL;
size_t sig_len5 = 0;
int success = 1;
printf("\nGenerating RSA key pair...\n");
key = generate_rsa_key();
if (!key) return 0;
rsa_key = get_rsa_from_pkey(key);
if (!rsa_key) {
EVP_PKEY_free(key);
return 0;
}
/* Test generic APIs */
if (!test_signature_apis(key, md, set_rsa_pss_padding, "RSA-SHA256")) {
success = 0;
}
/* Test 5: Low-level RSA API */
printf("5. Low-level RSA API: ");
if (sign_using_rsa_sign(message, message_len, &sig5, &sig_len5,
rsa_key, NID_sha256, md) &&
verify_using_rsa_verify(message, message_len, sig5, sig_len5,
rsa_key, NID_sha256, md)) {
printf("PASS\n");
} else {
printf("FAIL\n");
success = 0;
}
printf("\nRSA API Summary:\n");
printf("1. EVP_Sign API: Legacy, simple\n");
printf("2. EVP_DigestSign API: Modern, recommended\n");
printf("3. EVP_PKEY_sign API: Lower-level, pre-hashed input\n");
printf("4. EVP_DigestSign with PKEY_CTX: Fine-grained control\n");
printf("5. Low-level RSA API: Deprecated, algorithm-specific\n");
printf("6. EVP_PKEY_sign_message API: Streamlined message signing\n");
/* Cleanup */
OPENSSL_free(sig5);
RSA_free(rsa_key);
EVP_PKEY_free(key);
return success;
}
/**
* Test DSA-specific signature APIs including low-level DSA functions
*/
int test_signature_apis_dsa(void) {
EVP_PKEY *key = NULL;
DSA *dsa_key = NULL;
const EVP_MD *md = EVP_sha256();
const unsigned char message[] = "Test message for OpenSSL signature APIs";
const size_t message_len = strlen((char *)message);
unsigned char *sig5 = NULL;
size_t sig_len5 = 0;
int success = 1;
printf("\nGenerating DSA key pair...\n");
key = generate_dsa_key();
if (!key) return 0;
dsa_key = get_dsa_from_pkey(key);
if (!dsa_key) {
EVP_PKEY_free(key);
return 0;
}
/* Test generic APIs */
if (!test_signature_apis(key, md, no_parameter_setter, "dsa")) {
success = 0;
}
/* Test 5: Low-level DSA API */
printf("5. Low-level DSA API: ");
if (sign_using_dsa_sign(message, message_len, &sig5, &sig_len5, dsa_key, md) &&
verify_using_dsa_verify(message, message_len, sig5, sig_len5, dsa_key, md)) {
printf("PASS\n");
} else {
printf("FAIL\n");
success = 0;
}
printf("\nDSA API Summary:\n");
printf("1. EVP_Sign API: Legacy, simple\n");
printf("2. EVP_DigestSign API: Modern, recommended\n");
printf("3. EVP_PKEY_sign API: Lower-level, pre-hashed input\n");
printf("4. EVP_DigestSign with PKEY_CTX: Fine-grained control\n");
printf("5. Low-level DSA API: Deprecated, algorithm-specific\n");
printf("6. EVP_PKEY_sign_message API: Streamlined message signing\n");
/* Cleanup */
OPENSSL_free(sig5);
EVP_PKEY_free(key);
return success;
}
/* =============================================================================
* MAIN FUNCTION - Entry point for testing all signature APIs
* =============================================================================
*/
// /**
// * Main function demonstrating all OpenSSL signature APIs
// * Tests both RSA and DSA algorithms with all 6 API approaches
// */
// int main(void) {
// /* Initialize OpenSSL */
// OpenSSL_add_all_algorithms();
// ERR_load_crypto_strings();
// printf("=================================================================\n");
// printf("OpenSSL Signature API Demonstration\n");
// printf("=================================================================\n");
// printf("\n-------- TESTING RSA SIGNATURES --------\n");
// int rsa_result = test_signature_apis_rsa();
// printf("\n-------- TESTING DSA SIGNATURES --------\n");
// int dsa_result = test_signature_apis_dsa();
// printf("\n=================================================================\n");
// if (rsa_result && dsa_result) {
// printf("All tests completed successfully.\n");
// return 0;
// } else {
// printf("Some tests failed.\n");
// return 1;
// }
// }

6
cpp/ql/test/experimental/library-tests/quantum/openssl/signature_algorithms.ql Normal file
View File

@@ -0,0 +1,6 @@
import cpp
import experimental.quantum.Language
import experimental.quantum.OpenSSL.AlgorithmInstances.SignatureAlgorithmInstance
from KnownOpenSSLSignatureConstantAlgorithmInstance algoInstance
select algoInstance, algoInstance.getAlgorithmType(), algoInstance.getAVC()

6
cpp/ql/test/experimental/library-tests/quantum/openssl/signature_key_sources.ql Normal file
View File

@@ -0,0 +1,6 @@
import cpp
import experimental.quantum.Language
from Crypto::SignatureOperationNode op, Crypto::KeyArtifactNode key
where op.getAKey() = key
select op, key

6
cpp/ql/test/experimental/library-tests/quantum/openssl/signature_message_sources.ql Normal file
View File

@@ -0,0 +1,6 @@
import cpp
import experimental.quantum.Language
from Crypto::SignatureOperationNode n, Crypto::MessageArtifactNode m
where n.getAnInputArtifact() = m
select n, m, m.getSourceNode()

6
cpp/ql/test/experimental/library-tests/quantum/openssl/signature_operations.ql Normal file
View File

@@ -0,0 +1,6 @@
import cpp
import experimental.quantum.Language
from Crypto::SignatureOperationNode n
select n, n.getAnInputArtifact(), n.getAnOutputArtifact(), n.getAKey(),
n.getAnAlgorithmOrGenericSource(), n.getKeyOperationSubtype()

78
cpp/ql/test/experimental/stubs/openssl/dsa.h Normal file
View File

@@ -0,0 +1,78 @@
/*
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
# pragma once
# include "type_stubs.h"
/*
* DSA Paramgen types
* Note, adding to this list requires adjustments to various checks
* in dsa_gen range validation checks
*/
#define DSA_PARAMGEN_TYPE_FIPS_186_4 0 /* Use FIPS186-4 standard */
#define DSA_PARAMGEN_TYPE_FIPS_186_2 1 /* Use legacy FIPS186-2 standard */
#define DSA_PARAMGEN_TYPE_FIPS_DEFAULT 2
DSA *ossl_dsa_new(OSSL_LIB_CTX *libctx);
void ossl_dsa_set0_libctx(DSA *d, OSSL_LIB_CTX *libctx);
int ossl_dsa_generate_ffc_parameters(DSA *dsa, int type, int pbits, int qbits,
BN_GENCB *cb);
int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen,
unsigned char *sig, unsigned int *siglen, DSA *dsa,
unsigned int nonce_type, const char *digestname,
OSSL_LIB_CTX *libctx, const char *propq);
FFC_PARAMS *ossl_dsa_get0_params(DSA *dsa);
int ossl_dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[]);
int ossl_dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[],
int include_private);
DSA *ossl_dsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
OSSL_LIB_CTX *libctx, const char *propq);
int ossl_dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa,
const BIGNUM *priv_key, BIGNUM *pub_key);
int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret);
int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret);
int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key,
int *ret);
int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret);
int ossl_dsa_check_pairwise(const DSA *dsa);
int ossl_dsa_is_foreign(const DSA *dsa);
DSA *ossl_dsa_dup(const DSA *dsa, int selection);
int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits);
int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx,
const char *md_name,
const char *md_properties);
int EVP_PKEY_CTX_set_dsa_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex);
int EVP_PKEY_CTX_set_dsa_paramgen_type(EVP_PKEY_CTX *ctx, const char *name);
int EVP_PKEY_CTX_set_dsa_paramgen_seed(EVP_PKEY_CTX *ctx,
const unsigned char *seed,
size_t seedlen);
int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1)
# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2)
# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3)
# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
typedef int DSA_SIG;
DSA_SIG *DSA_SIG_new(void);
void DSA_SIG_free(DSA_SIG *a);
void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);

656
cpp/ql/test/experimental/stubs/openssl/evp_stubs.h → cpp/ql/test/experimental/stubs/openssl/evp.h
View File

@@ -1,9 +1,22 @@
#include "type_stubs.h"
#ifndef OSSL_EVP_H
#define OSSL_EVP_H
// Common defines and integer types.
#define NULL 0
# define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */
# define EVP_MAX_KEY_LENGTH 64
# define EVP_MAX_IV_LENGTH 16
# define EVP_MAX_BLOCK_LENGTH 32
# define EVP_MAX_AEAD_TAG_LENGTH 16
/* Maximum pipes in cipher pipelining */
# define EVP_MAX_PIPES 32
# define PKCS5_SALT_LEN 8
/* Default PKCS#5 iteration count */
# define PKCS5_DEFAULT_ITER 2048
// Common defines and integer types.
# define EVP_CTRL_INIT 0x0
# define EVP_CTRL_SET_KEY_LENGTH 0x1
# define EVP_CTRL_GET_RC2_KEY_BITS 0x2
@@ -29,645 +42,6 @@
# define EVP_CTRL_CCM_SET_L 0x14
# define EVP_CTRL_CCM_SET_MSGLEN 0x15
typedef unsigned long size_t;
typedef unsigned char uint8_t;
typedef unsigned int uint32_t;
typedef unsigned long long uint64_t;
// Type aliases.
typedef int OSSL_PROVIDER;
typedef int OSSL_FUNC_keymgmt_import_fn;
typedef int OSSL_FUNC_digest_get_ctx_params_fn;
typedef int OSSL_FUNC_cipher_settable_ctx_params_fn;
typedef int ASN1_STRING;
typedef int OSSL_FUNC_mac_set_ctx_params_fn;
typedef int OSSL_FUNC_signature_digest_verify_update_fn;
typedef int OSSL_FUNC_provider_get_reason_strings_fn;
typedef int OSSL_FUNC_core_get_params_fn;
typedef int OSSL_FUNC_rand_get_seed_fn;
typedef int OSSL_FUNC_rand_instantiate_fn;
typedef int OSSL_FUNC_keymgmt_gen_get_params_fn;
typedef int EVP_PKEY_gen_cb;
typedef int OSSL_FUNC_provider_unquery_operation_fn;
typedef int OSSL_FUNC_cleanup_user_entropy_fn;
typedef int OSSL_FUNC_asym_cipher_decrypt_fn;
typedef int OSSL_FUNC_cipher_pipeline_decrypt_init_fn;
typedef int X509_PUBKEY;
typedef int OSSL_FUNC_BIO_puts_fn;
typedef int OSSL_FUNC_signature_verify_fn;
typedef int OSSL_FUNC_encoder_gettable_params_fn;
typedef int OSSL_FUNC_keymgmt_validate_fn;
typedef int EVP_PBE_KEYGEN_EX;
typedef int OSSL_FUNC_keyexch_dupctx_fn;
typedef int OSSL_FUNC_kdf_newctx_fn;
typedef int OSSL_FUNC_signature_digest_verify_final_fn;
typedef int OSSL_FUNC_signature_set_ctx_params_fn;
typedef int OSSL_FUNC_rand_reseed_fn;
typedef int OSSL_FUNC_SSL_QUIC_TLS_crypto_release_rcd_fn;
typedef int OSSL_FUNC_store_open_fn;
typedef int OSSL_FUNC_encoder_newctx_fn;
typedef int EVP_KEYMGMT;
typedef int OSSL_FUNC_core_vset_error_fn;
typedef int EVP_KEYEXCH;
typedef int OSSL_FUNC_signature_gettable_ctx_md_params_fn;
typedef int OSSL_FUNC_CRYPTO_secure_free_fn;
typedef int OSSL_FUNC_keymgmt_import_types_fn;
typedef int OSSL_FUNC_signature_sign_message_update_fn;
typedef int OSSL_FUNC_keymgmt_gen_gettable_params_fn;
typedef int OSSL_FUNC_cipher_update_fn;
typedef int OSSL_FUNC_mac_newctx_fn;
typedef int OSSL_FUNC_keymgmt_set_params_fn;
typedef int X509_ALGOR;
typedef int OSSL_FUNC_signature_get_ctx_params_fn;
typedef int ASN1_ITEM;
typedef int EVP_SIGNATURE;
typedef int OSSL_FUNC_CRYPTO_realloc_fn;
typedef int OSSL_FUNC_BIO_new_file_fn;
typedef int OSSL_FUNC_signature_sign_message_final_fn;
typedef int OSSL_FUNC_cipher_newctx_fn;
typedef int OSSL_FUNC_rand_nonce_fn;
typedef int EVP_MD;
typedef int OSSL_FUNC_kdf_reset_fn;
typedef int OSSL_FUNC_keyexch_settable_ctx_params_fn;
typedef int OSSL_FUNC_store_export_object_fn;
typedef int OSSL_FUNC_CRYPTO_secure_allocated_fn;
typedef int OSSL_FUNC_cipher_pipeline_update_fn;
typedef int OSSL_FUNC_keyexch_freectx_fn;
typedef int OSSL_FUNC_kdf_gettable_params_fn;
typedef int OSSL_FUNC_rand_set_ctx_params_fn;
typedef int OSSL_FUNC_signature_verify_message_init_fn;
typedef int OSSL_FUNC_keymgmt_free_fn;
typedef int OSSL_FUNC_rand_gettable_ctx_params_fn;
typedef int OSSL_FUNC_signature_digest_sign_update_fn;
typedef int OSSL_FUNC_keymgmt_has_fn;
typedef int OSSL_FUNC_kdf_get_ctx_params_fn;
typedef int OSSL_FUNC_provider_get0_dispatch_fn;
typedef int OSSL_FUNC_signature_verify_message_update_fn;
typedef int OSSL_FUNC_rand_lock_fn;
typedef int EVP_KEM;
typedef int OSSL_FUNC_BIO_read_ex_fn;
typedef int X509_SIG_INFO;
typedef int OSSL_FUNC_keymgmt_import_types_ex_fn;
typedef int OSSL_FUNC_encoder_free_object_fn;
typedef int OSSL_FUNC_asym_cipher_decrypt_init_fn;
typedef int OSSL_FUNC_SSL_QUIC_TLS_alert_fn;
typedef int OSSL_FUNC_cipher_get_params_fn;
typedef int OSSL_FUNC_get_nonce_fn;
typedef int ASN1_OBJECT;
typedef int OSSL_LIB_CTX;
typedef int OSSL_FUNC_keymgmt_gen_set_params_fn;
typedef int OSSL_FUNC_provider_deregister_child_cb_fn;
typedef int OSSL_PARAM;
typedef int OSSL_FUNC_decoder_gettable_params_fn;
typedef int OSSL_FUNC_cipher_pipeline_final_fn;
typedef int OSSL_FUNC_signature_freectx_fn;
typedef int EVP_PKEY_METHOD;
typedef int OSSL_FUNC_CRYPTO_zalloc_fn;
typedef int OSSL_FUNC_keymgmt_query_operation_name_fn;
typedef int OSSL_FUNC_core_set_error_mark_fn;
typedef int OSSL_FUNC_asym_cipher_gettable_ctx_params_fn;
typedef int OSSL_FUNC_CRYPTO_free_fn;
typedef int OSSL_FUNC_indicator_cb_fn;
typedef int OSSL_FUNC_kdf_freectx_fn;
typedef int ENGINE;
typedef int EVP_PKEY;
typedef int PKCS8_PRIV_KEY_INFO;
typedef int OSSL_FUNC_signature_digest_verify_fn;
typedef int OSSL_FUNC_mac_final_fn;
typedef int OSSL_FUNC_core_pop_error_to_mark_fn;
typedef int OSSL_FUNC_signature_verify_recover_fn;
typedef int OSSL_FUNC_keymgmt_gen_settable_params_fn;
typedef int OSSL_FUNC_provider_self_test_fn;
typedef int OSSL_FUNC_digest_gettable_params_fn;
typedef int OSSL_FUNC_CRYPTO_secure_malloc_fn;
typedef int OSSL_FUNC_keymgmt_get_params_fn;
typedef int OSSL_FUNC_mac_freectx_fn;
typedef int OSSL_FUNC_cleanup_user_nonce_fn;
typedef int EVP_SKEYMGMT;
typedef int OSSL_FUNC_core_set_error_debug_fn;
typedef int OSSL_FUNC_cipher_decrypt_skey_init_fn;
typedef int OSSL_FUNC_BIO_new_membuf_fn;
typedef int OSSL_FUNC_provider_query_operation_fn;
typedef int OSSL_FUNC_signature_set_ctx_md_params_fn;
typedef int OSSL_FUNC_encoder_does_selection_fn;
typedef int OSSL_FUNC_kem_get_ctx_params_fn;
typedef int OSSL_FUNC_cipher_gettable_params_fn;
typedef int OSSL_FUNC_digest_final_fn;
typedef int OSSL_FUNC_rand_generate_fn;
typedef int EVP_PKEY_CTX;
typedef int OSSL_FUNC_kem_decapsulate_fn;
typedef int OSSL_FUNC_skeymgmt_generate_fn;
typedef int OSSL_FUNC_asym_cipher_encrypt_init_fn;
typedef int OSSL_FUNC_kdf_get_params_fn;
typedef int OSSL_FUNC_cipher_encrypt_skey_init_fn;
typedef int OSSL_FUNC_encoder_get_params_fn;
typedef int OSSL_FUNC_asym_cipher_freectx_fn;
typedef int OSSL_FUNC_CRYPTO_secure_clear_free_fn;
typedef int OSSL_FUNC_store_load_fn;
typedef int OSSL_FUNC_digest_update_fn;
typedef int OSSL_FUNC_provider_up_ref_fn;
typedef int OSSL_FUNC_SSL_QUIC_TLS_crypto_recv_rcd_fn;
typedef int OSSL_FUNC_signature_digest_sign_init_fn;
typedef int OSSL_FUNC_keymgmt_load_fn;
typedef int OSSL_FUNC_keyexch_gettable_ctx_params_fn;
typedef int OSSL_FUNC_rand_get_params_fn;
typedef int OSSL_FUNC_rand_verify_zeroization_fn;
typedef int OSSL_FUNC_skeymgmt_export_fn;
typedef int OSSL_FUNC_BIO_free_fn;
typedef int OSSL_FUNC_rand_settable_ctx_params_fn;
typedef int OSSL_FUNC_cleanup_entropy_fn;
typedef int OSSL_FUNC_encoder_settable_ctx_params_fn;
typedef int OSSL_DISPATCH;
typedef int OSSL_FUNC_OPENSSL_cleanse_fn;
typedef int OSSL_FUNC_digest_dupctx_fn;
typedef int OSSL_FUNC_kem_decapsulate_init_fn;
typedef int EVP_MAC_CTX;
typedef int OSSL_FUNC_digest_squeeze_fn;
typedef int OSSL_FUNC_keyexch_set_ctx_params_fn;
typedef int EVP_ENCODE_CTX;
typedef int OSSL_FUNC_BIO_vsnprintf_fn;
typedef int OSSL_FUNC_mac_dupctx_fn;
typedef int OSSL_FUNC_kdf_derive_fn;
typedef int OSSL_FUNC_encoder_set_ctx_params_fn;
typedef int OSSL_FUNC_rand_freectx_fn;
typedef int OSSL_FUNC_BIO_ctrl_fn;
typedef int EVP_CIPHER;
typedef int OSSL_FUNC_cipher_set_ctx_params_fn;
typedef int OSSL_FUNC_rand_enable_locking_fn;
typedef int OSSL_FUNC_keyexch_newctx_fn;
typedef int OSSL_FUNC_signature_settable_ctx_params_fn;
typedef int OSSL_FUNC_provider_gettable_params_fn;
typedef int OSSL_FUNC_keymgmt_gen_set_template_fn;
typedef int OSSL_FUNC_keymgmt_settable_params_fn;
typedef int OSSL_FUNC_keymgmt_gen_cleanup_fn;
typedef int OSSL_FUNC_kdf_set_ctx_params_fn;
typedef int OSSL_FUNC_rand_unlock_fn;
typedef int OSSL_FUNC_SSL_QUIC_TLS_yield_secret_fn;
typedef int OSSL_FUNC_signature_digest_sign_fn;
typedef int OSSL_FUNC_keymgmt_gettable_params_fn;
typedef int OSSL_FUNC_kem_auth_encapsulate_init_fn;
typedef int OSSL_FUNC_kem_encapsulate_fn;
typedef int OSSL_FUNC_CRYPTO_secure_zalloc_fn;
typedef int OSSL_FUNC_rand_get_ctx_params_fn;
typedef int OSSL_FUNC_store_delete_fn;
typedef int OSSL_FUNC_cipher_pipeline_encrypt_init_fn;
typedef int OSSL_FUNC_cipher_dupctx_fn;
typedef int OSSL_FUNC_store_settable_ctx_params_fn;
typedef int FILE;
typedef int OSSL_FUNC_provider_teardown_fn;
typedef int OSSL_FUNC_kdf_dupctx_fn;
typedef int OSSL_FUNC_decoder_newctx_fn;
typedef int ASN1_BIT_STRING;
typedef int OSSL_FUNC_core_clear_last_error_mark_fn;
typedef int OSSL_FUNC_core_obj_create_fn;
typedef int OSSL_FUNC_keyexch_init_fn;
typedef int OSSL_FUNC_kem_gettable_ctx_params_fn;
typedef int EVP_MD_CTX;
typedef int OSSL_FUNC_decoder_decode_fn;
typedef int OSSL_FUNC_mac_gettable_params_fn;
typedef int OSSL_FUNC_kem_set_ctx_params_fn;
typedef int OSSL_FUNC_encoder_encode_fn;
typedef int OSSL_FUNC_core_gettable_params_fn;
typedef int OSSL_FUNC_mac_gettable_ctx_params_fn;
typedef int OSSL_FUNC_get_user_entropy_fn;
typedef int OSSL_FUNC_kdf_gettable_ctx_params_fn;
typedef int OSSL_FUNC_keymgmt_gen_fn;
typedef int OSSL_FUNC_keyexch_set_peer_fn;
typedef int OSSL_FUNC_core_obj_add_sigid_fn;
typedef int OSSL_FUNC_keymgmt_export_types_ex_fn;
typedef int OSSL_FUNC_kem_newctx_fn;
typedef int OSSL_FUNC_signature_sign_init_fn;
typedef int OSSL_FUNC_asym_cipher_get_ctx_params_fn;
typedef int OSSL_FUNC_CRYPTO_clear_free_fn;
typedef int OSSL_FUNC_encoder_freectx_fn;
typedef int OSSL_FUNC_kem_freectx_fn;
typedef int OSSL_FUNC_provider_get0_provider_ctx_fn;
typedef int OSSL_FUNC_digest_copyctx_fn;
typedef int OSSL_FUNC_provider_name_fn;
typedef int OSSL_FUNC_cipher_decrypt_init_fn;
typedef int EVP_PKEY_ASN1_METHOD;
typedef int OSSL_FUNC_keyexch_get_ctx_params_fn;
typedef int OSSL_FUNC_store_set_ctx_params_fn;
typedef int ASN1_TYPE;
typedef int OSSL_FUNC_skeymgmt_imp_settable_params_fn;
typedef int OSSL_FUNC_cipher_get_ctx_params_fn;
typedef int EVP_MAC;
typedef int OSSL_FUNC_store_attach_fn;
typedef int OSSL_FUNC_signature_get_ctx_md_params_fn;
typedef int OSSL_FUNC_encoder_import_object_fn;
typedef int OSSL_FUNC_cleanup_nonce_fn;
typedef int OSSL_FUNC_kem_auth_decapsulate_init_fn;
typedef int OSSL_CALLBACK;
typedef int OSSL_FUNC_skeymgmt_import_fn;
typedef int OSSL_FUNC_cipher_freectx_fn;
typedef int OSSL_FUNC_asym_cipher_dupctx_fn;
typedef int OSSL_FUNC_SSL_QUIC_TLS_crypto_send_fn;
typedef int OSSL_FUNC_CRYPTO_clear_realloc_fn;
typedef int OSSL_FUNC_signature_verify_recover_init_fn;
typedef int OSSL_FUNC_provider_free_fn;
typedef int EVP_RAND;
typedef int OSSL_FUNC_digest_newctx_fn;
typedef int OSSL_FUNC_cipher_final_fn;
typedef int OSSL_FUNC_keymgmt_new_fn;
typedef int EVP_CIPHER_CTX;
typedef int OSSL_FUNC_decoder_does_selection_fn;
typedef int OSSL_FUNC_signature_digest_verify_init_fn;
typedef int OSSL_FUNC_digest_set_ctx_params_fn;
typedef int OSSL_FUNC_rand_newctx_fn;
typedef int OSSL_FUNC_BIO_vprintf_fn;
typedef int OSSL_FUNC_keymgmt_gen_init_fn;
typedef int EVP_RAND_CTX;
typedef int OSSL_FUNC_store_close_fn;
typedef int OSSL_FUNC_asym_cipher_encrypt_fn;
typedef int OSSL_FUNC_mac_get_params_fn;
typedef int OSSL_FUNC_get_entropy_fn;
typedef int OSSL_FUNC_digest_gettable_ctx_params_fn;
typedef int OSSL_FUNC_SSL_QUIC_TLS_got_transport_params_fn;
typedef int OSSL_FUNC_skeymgmt_free_fn;
typedef int OSSL_FUNC_mac_settable_ctx_params_fn;
typedef int OSSL_FUNC_decoder_export_object_fn;
typedef int OSSL_FUNC_rand_clear_seed_fn;
typedef int OSSL_FUNC_mac_get_ctx_params_fn;
typedef int OSSL_FUNC_digest_digest_fn;
typedef int EVP_SKEY;
typedef int OSSL_FUNC_cipher_gettable_ctx_params_fn;
typedef int OSSL_FUNC_CRYPTO_malloc_fn;
typedef int OSSL_FUNC_asym_cipher_settable_ctx_params_fn;
typedef int OSSL_FUNC_signature_dupctx_fn;
typedef int OSSL_FUNC_BIO_write_ex_fn;
typedef int OSSL_FUNC_rand_set_callbacks_fn;
typedef int OSSL_FUNC_keymgmt_match_fn;
typedef int OSSL_FUNC_signature_digest_sign_final_fn;
typedef int OSSL_FUNC_provider_get_params_fn;
typedef int OSSL_FUNC_BIO_gets_fn;
typedef int OSSL_FUNC_cipher_encrypt_init_fn;
typedef int OSSL_FUNC_signature_verify_message_final_fn;
typedef int BIGNUM;
typedef int OSSL_FUNC_digest_freectx_fn;
typedef int OSSL_FUNC_asym_cipher_set_ctx_params_fn;
typedef int OSSL_FUNC_signature_gettable_ctx_params_fn;
typedef int BIO;
typedef int OSSL_FUNC_digest_get_params_fn;
typedef int OSSL_FUNC_skeymgmt_get_key_id_fn;
typedef int OSSL_FUNC_rand_uninstantiate_fn;
typedef int OSSL_FUNC_decoder_get_params_fn;
typedef int OSSL_FUNC_signature_newctx_fn;
typedef int OSSL_FUNC_signature_sign_fn;
typedef int OSSL_FUNC_decoder_set_ctx_params_fn;
typedef int OSSL_FUNC_kem_dupctx_fn;
typedef int OSSL_FUNC_get_user_nonce_fn;
typedef int OSSL_FUNC_mac_init_skey_fn;
typedef int ASN1_PCTX;
typedef int OSSL_FUNC_provider_get_capabilities_fn;
typedef int OSSL_FUNC_provider_register_child_cb_fn;
typedef int OSSL_FUNC_kem_settable_ctx_params_fn;
typedef int OSSL_FUNC_signature_query_key_types_fn;
typedef int OSSL_FUNC_signature_settable_ctx_md_params_fn;
typedef int OSSL_FUNC_asym_cipher_newctx_fn;
typedef int OSSL_FUNC_store_open_ex_fn;
typedef int OSSL_FUNC_keyexch_derive_fn;
typedef int OSSL_FUNC_kdf_settable_ctx_params_fn;
typedef int OSSL_FUNC_skeymgmt_gen_settable_params_fn;
typedef int OSSL_FUNC_digest_settable_ctx_params_fn;
typedef int OSSL_FUNC_kem_encapsulate_init_fn;
typedef int OSSL_FUNC_core_new_error_fn;
typedef int OSSL_FUNC_BIO_up_ref_fn;
typedef int OSSL_FUNC_self_test_cb_fn;
typedef int OSSL_FUNC_keymgmt_export_types_fn;
typedef int OSSL_FUNC_core_get_libctx_fn;
typedef int OSSL_FUNC_digest_init_fn;
typedef int EVP_ASYM_CIPHER;
typedef int OSSL_FUNC_decoder_settable_ctx_params_fn;
typedef int OSSL_FUNC_signature_sign_message_init_fn;
typedef int OSSL_FUNC_rand_gettable_params_fn;
typedef int OSSL_FUNC_mac_update_fn;
typedef int OSSL_FUNC_keymgmt_export_fn;
typedef int OSSL_FUNC_provider_random_bytes_fn;
typedef int OSSL_FUNC_decoder_freectx_fn;
typedef int OSSL_FUNC_mac_init_fn;
typedef int OSSL_FUNC_store_eof_fn;
typedef int OSSL_FUNC_signature_verify_init_fn;
typedef int EVP_PBE_KEYGEN;
typedef int OSSL_FUNC_core_thread_start_fn;
typedef int OSSL_FUNC_cipher_cipher_fn;
typedef int OSSL_FUNC_keymgmt_dup_fn;
// Function stubs.
OSSL_FUNC_core_gettable_params_fn * OSSL_FUNC_core_gettable_params(const OSSL_DISPATCH * opf) {
return NULL;

10
cpp/ql/test/experimental/stubs/openssl/alg_macro_stubs.h → cpp/ql/test/experimental/stubs/openssl/obj_mac.h
View File

@@ -1,3 +1,13 @@
/*
* Generated by crypto/objects/objects.pl
*
* Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
# define EVP_PKEY_NONE NID_undef
# define EVP_PKEY_RSA NID_rsaEncryption
# define EVP_PKEY_RSA2 NID_rsa

527
cpp/ql/test/experimental/stubs/openssl/pem.h Normal file
View File

@@ -0,0 +1,527 @@
/*
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "type_stubs.h"
#ifndef OPENSSL_PEM_H
# define OPENSSL_PEM_H
#ifdef __cplusplus
extern "C" {
#endif
# define PEM_BUFSIZE 1024
# define PEM_STRING_X509_OLD "X509 CERTIFICATE"
# define PEM_STRING_X509 "CERTIFICATE"
# define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
# define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
# define PEM_STRING_X509_REQ "CERTIFICATE REQUEST"
# define PEM_STRING_X509_CRL "X509 CRL"
# define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY"
# define PEM_STRING_PUBLIC "PUBLIC KEY"
# define PEM_STRING_RSA "RSA PRIVATE KEY"
# define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY"
# define PEM_STRING_DSA "DSA PRIVATE KEY"
# define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY"
# define PEM_STRING_PKCS7 "PKCS7"
# define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA"
# define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY"
# define PEM_STRING_PKCS8INF "PRIVATE KEY"
# define PEM_STRING_DHPARAMS "DH PARAMETERS"
# define PEM_STRING_DHXPARAMS "X9.42 DH PARAMETERS"
# define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS"
# define PEM_STRING_DSAPARAMS "DSA PARAMETERS"
# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
# define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
# define PEM_STRING_PARAMETERS "PARAMETERS"
# define PEM_STRING_CMS "CMS"
# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
# define PEM_STRING_ACERT "ATTRIBUTE CERTIFICATE"
# define PEM_TYPE_ENCRYPTED 10
# define PEM_TYPE_MIC_ONLY 20
# define PEM_TYPE_MIC_CLEAR 30
# define PEM_TYPE_CLEAR 40
/*
* These macros make the PEM_read/PEM_write functions easier to maintain and
* write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or
* IMPLEMENT_PEM_rw_cb(...)
*/
# define PEM_read_cb_fnsig(name, type, INTYPE, readname) \
type *PEM_##readname##_##name(INTYPE *out, type **x, \
pem_password_cb *cb, void *u)
# define PEM_read_cb_ex_fnsig(name, type, INTYPE, readname) \
type *PEM_##readname##_##name##_ex(INTYPE *out, type **x, \
pem_password_cb *cb, void *u, \
OSSL_LIB_CTX *libctx, \
const char *propq)
# define PEM_write_fnsig(name, type, OUTTYPE, writename) \
int PEM_##writename##_##name(OUTTYPE *out, const type *x)
# define PEM_write_cb_fnsig(name, type, OUTTYPE, writename) \
int PEM_##writename##_##name(OUTTYPE *out, const type *x, \
const EVP_CIPHER *enc, \
const unsigned char *kstr, int klen, \
pem_password_cb *cb, void *u)
# define PEM_write_ex_fnsig(name, type, OUTTYPE, writename) \
int PEM_##writename##_##name##_ex(OUTTYPE *out, const type *x, \
OSSL_LIB_CTX *libctx, \
const char *propq)
# define PEM_write_cb_ex_fnsig(name, type, OUTTYPE, writename) \
int PEM_##writename##_##name##_ex(OUTTYPE *out, const type *x, \
const EVP_CIPHER *enc, \
const unsigned char *kstr, int klen, \
pem_password_cb *cb, void *u, \
OSSL_LIB_CTX *libctx, \
const char *propq)
# ifdef OPENSSL_NO_STDIO
# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/
# endif
# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/
# endif
# else
# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u) \
{ \
return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str, fp, \
(void **)x, cb, u); \
}
# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
PEM_write_fnsig(name, type, FILE, write) \
{ \
return PEM_ASN1_write((i2d_of_void *)i2d_##asn1, str, out, \
x, NULL, NULL, 0, NULL, NULL); \
}
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
IMPLEMENT_PEM_write_fp(name, type, str, asn1)
# endif
# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
PEM_write_cb_fnsig(name, type, FILE, write) \
{ \
return PEM_ASN1_write((i2d_of_void *)i2d_##asn1, str, out, \
x, enc, kstr, klen, cb, u); \
}
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)
# endif
# endif
# define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
type *PEM_read_bio_##name(BIO *bp, type **x, \
pem_password_cb *cb, void *u) \
{ \
return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str, bp, \
(void **)x, cb, u); \
}
# define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
PEM_write_fnsig(name, type, BIO, write_bio) \
{ \
return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1, str, out, \
x, NULL,NULL,0,NULL,NULL); \
}
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
IMPLEMENT_PEM_write_bio(name, type, str, asn1)
# endif
# define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
PEM_write_cb_fnsig(name, type, BIO, write_bio) \
{ \
return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1, str, out, \
x, enc, kstr, klen, cb, u); \
}
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1)
# endif
# define IMPLEMENT_PEM_write(name, type, str, asn1) \
IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
IMPLEMENT_PEM_write_fp(name, type, str, asn1)
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define IMPLEMENT_PEM_write_const(name, type, str, asn1) \
IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
IMPLEMENT_PEM_write_fp_const(name, type, str, asn1)
# endif
# define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \
IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1)
# endif
# define IMPLEMENT_PEM_read(name, type, str, asn1) \
IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
IMPLEMENT_PEM_read_fp(name, type, str, asn1)
# define IMPLEMENT_PEM_rw(name, type, str, asn1) \
IMPLEMENT_PEM_read(name, type, str, asn1) \
IMPLEMENT_PEM_write(name, type, str, asn1)
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \
IMPLEMENT_PEM_read(name, type, str, asn1) \
IMPLEMENT_PEM_write_const(name, type, str, asn1)
# endif
# define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
IMPLEMENT_PEM_read(name, type, str, asn1) \
IMPLEMENT_PEM_write_cb(name, type, str, asn1)
/* These are the same except they are for the declarations */
/*
* The mysterious 'extern' that's passed to some macros is innocuous,
* and is there to quiet pre-C99 compilers that may complain about empty
* arguments in macro calls.
*/
# if defined(OPENSSL_NO_STDIO)
# define DECLARE_PEM_read_fp_attr(attr, name, type) /**/
# define DECLARE_PEM_read_fp_ex_attr(attr, name, type) /**/
# define DECLARE_PEM_write_fp_attr(attr, name, type) /**/
# define DECLARE_PEM_write_fp_ex_attr(attr, name, type) /**/
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define DECLARE_PEM_write_fp_const_attr(attr, name, type) /**/
# endif
# define DECLARE_PEM_write_cb_fp_attr(attr, name, type) /**/
# define DECLARE_PEM_write_cb_fp_ex_attr(attr, name, type) /**/
# else
# define DECLARE_PEM_read_fp_attr(attr, name, type) \
attr PEM_read_cb_fnsig(name, type, FILE, read);
# define DECLARE_PEM_read_fp_ex_attr(attr, name, type) \
attr PEM_read_cb_fnsig(name, type, FILE, read); \
attr PEM_read_cb_ex_fnsig(name, type, FILE, read);
# define DECLARE_PEM_write_fp_attr(attr, name, type) \
attr PEM_write_fnsig(name, type, FILE, write);
# define DECLARE_PEM_write_fp_ex_attr(attr, name, type) \
attr PEM_write_fnsig(name, type, FILE, write); \
attr PEM_write_ex_fnsig(name, type, FILE, write);
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define DECLARE_PEM_write_fp_const_attr(attr, name, type) \
attr PEM_write_fnsig(name, type, FILE, write);
# endif
# define DECLARE_PEM_write_cb_fp_attr(attr, name, type) \
attr PEM_write_cb_fnsig(name, type, FILE, write);
# define DECLARE_PEM_write_cb_fp_ex_attr(attr, name, type) \
attr PEM_write_cb_fnsig(name, type, FILE, write); \
attr PEM_write_cb_ex_fnsig(name, type, FILE, write);
# endif
# define DECLARE_PEM_read_fp(name, type) \
DECLARE_PEM_read_fp_attr(extern, name, type)
# define DECLARE_PEM_write_fp(name, type) \
DECLARE_PEM_write_fp_attr(extern, name, type)
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define DECLARE_PEM_write_fp_const(name, type) \
DECLARE_PEM_write_fp_const_attr(extern, name, type)
# endif
# define DECLARE_PEM_write_cb_fp(name, type) \
DECLARE_PEM_write_cb_fp_attr(extern, name, type)
# define DECLARE_PEM_read_bio_attr(attr, name, type) \
attr PEM_read_cb_fnsig(name, type, BIO, read_bio);
# define DECLARE_PEM_read_bio_ex_attr(attr, name, type) \
attr PEM_read_cb_fnsig(name, type, BIO, read_bio); \
attr PEM_read_cb_ex_fnsig(name, type, BIO, read_bio);
# define DECLARE_PEM_read_bio(name, type) \
DECLARE_PEM_read_bio_attr(extern, name, type)
# define DECLARE_PEM_read_bio_ex(name, type) \
DECLARE_PEM_read_bio_ex_attr(extern, name, type)
# define DECLARE_PEM_write_bio_attr(attr, name, type) \
attr PEM_write_fnsig(name, type, BIO, write_bio);
# define DECLARE_PEM_write_bio_ex_attr(attr, name, type) \
attr PEM_write_fnsig(name, type, BIO, write_bio); \
attr PEM_write_ex_fnsig(name, type, BIO, write_bio);
# define DECLARE_PEM_write_bio(name, type) \
DECLARE_PEM_write_bio_attr(extern, name, type)
# define DECLARE_PEM_write_bio_ex(name, type) \
DECLARE_PEM_write_bio_ex_attr(extern, name, type)
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define DECLARE_PEM_write_bio_const_attr(attr, name, type) \
attr PEM_write_fnsig(name, type, BIO, write_bio);
# define DECLARE_PEM_write_bio_const(name, type) \
DECLARE_PEM_write_bio_const_attr(extern, name, type)
# endif
# define DECLARE_PEM_write_cb_bio_attr(attr, name, type) \
attr PEM_write_cb_fnsig(name, type, BIO, write_bio);
# define DECLARE_PEM_write_cb_bio_ex_attr(attr, name, type) \
attr PEM_write_cb_fnsig(name, type, BIO, write_bio); \
attr PEM_write_cb_ex_fnsig(name, type, BIO, write_bio);
# define DECLARE_PEM_write_cb_bio(name, type) \
DECLARE_PEM_write_cb_bio_attr(extern, name, type)
# define DECLARE_PEM_write_cb_ex_bio(name, type) \
DECLARE_PEM_write_cb_bio_ex_attr(extern, name, type)
# define DECLARE_PEM_write_attr(attr, name, type) \
DECLARE_PEM_write_bio_attr(attr, name, type) \
DECLARE_PEM_write_fp_attr(attr, name, type)
# define DECLARE_PEM_write_ex_attr(attr, name, type) \
DECLARE_PEM_write_bio_ex_attr(attr, name, type) \
DECLARE_PEM_write_fp_ex_attr(attr, name, type)
# define DECLARE_PEM_write(name, type) \
DECLARE_PEM_write_attr(extern, name, type)
# define DECLARE_PEM_write_ex(name, type) \
DECLARE_PEM_write_ex_attr(extern, name, type)
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define DECLARE_PEM_write_const_attr(attr, name, type) \
DECLARE_PEM_write_bio_const_attr(attr, name, type) \
DECLARE_PEM_write_fp_const_attr(attr, name, type)
# define DECLARE_PEM_write_const(name, type) \
DECLARE_PEM_write_const_attr(extern, name, type)
# endif
# define DECLARE_PEM_write_cb_attr(attr, name, type) \
DECLARE_PEM_write_cb_bio_attr(attr, name, type) \
DECLARE_PEM_write_cb_fp_attr(attr, name, type)
# define DECLARE_PEM_write_cb_ex_attr(attr, name, type) \
DECLARE_PEM_write_cb_bio_ex_attr(attr, name, type) \
DECLARE_PEM_write_cb_fp_ex_attr(attr, name, type)
# define DECLARE_PEM_write_cb(name, type) \
DECLARE_PEM_write_cb_attr(extern, name, type)
# define DECLARE_PEM_write_cb_ex(name, type) \
DECLARE_PEM_write_cb_ex_attr(extern, name, type)
# define DECLARE_PEM_read_attr(attr, name, type) \
DECLARE_PEM_read_bio_attr(attr, name, type) \
DECLARE_PEM_read_fp_attr(attr, name, type)
# define DECLARE_PEM_read_ex_attr(attr, name, type) \
DECLARE_PEM_read_bio_ex_attr(attr, name, type) \
DECLARE_PEM_read_fp_ex_attr(attr, name, type)
# define DECLARE_PEM_read(name, type) \
DECLARE_PEM_read_attr(extern, name, type)
# define DECLARE_PEM_read_ex(name, type) \
DECLARE_PEM_read_ex_attr(extern, name, type)
# define DECLARE_PEM_rw_attr(attr, name, type) \
DECLARE_PEM_read_attr(attr, name, type) \
DECLARE_PEM_write_attr(attr, name, type)
# define DECLARE_PEM_rw_ex_attr(attr, name, type) \
DECLARE_PEM_read_ex_attr(attr, name, type) \
DECLARE_PEM_write_ex_attr(attr, name, type)
# define DECLARE_PEM_rw(name, type) \
DECLARE_PEM_rw_attr(extern, name, type)
# define DECLARE_PEM_rw_ex(name, type) \
DECLARE_PEM_rw_ex_attr(extern, name, type)
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define DECLARE_PEM_rw_const_attr(attr, name, type) \
DECLARE_PEM_read_attr(attr, name, type) \
DECLARE_PEM_write_const_attr(attr, name, type)
# define DECLARE_PEM_rw_const(name, type) \
DECLARE_PEM_rw_const_attr(extern, name, type)
# endif
# define DECLARE_PEM_rw_cb_attr(attr, name, type) \
DECLARE_PEM_read_attr(attr, name, type) \
DECLARE_PEM_write_cb_attr(attr, name, type)
# define DECLARE_PEM_rw_cb_ex_attr(attr, name, type) \
DECLARE_PEM_read_ex_attr(attr, name, type) \
DECLARE_PEM_write_cb_ex_attr(attr, name, type)
# define DECLARE_PEM_rw_cb(name, type) \
DECLARE_PEM_rw_cb_attr(extern, name, type)
# define DECLARE_PEM_rw_cb_ex(name, type) \
DECLARE_PEM_rw_cb_ex_attr(extern, name, type)
int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len,
pem_password_cb *callback, void *u);
int PEM_read_bio(BIO *bp, char **name, char **header,
unsigned char **data, long *len);
# define PEM_FLAG_SECURE 0x1
# define PEM_FLAG_EAY_COMPATIBLE 0x2
# define PEM_FLAG_ONLY_B64 0x4
int PEM_read_bio_ex(BIO *bp, char **name, char **header,
unsigned char **data, long *len, unsigned int flags);
int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm,
const char *name, BIO *bp, pem_password_cb *cb,
void *u);
int PEM_write_bio(BIO *bp, const char *name, const char *hdr,
const unsigned char *data, long len);
int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
const char *name, BIO *bp, pem_password_cb *cb,
void *u);
void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
pem_password_cb *cb, void *u);
int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
const void *x, const EVP_CIPHER *enc,
const unsigned char *kstr, int klen,
pem_password_cb *cb, void *u);
int PEM_ASN1_write_bio_ctx(OSSL_i2d_of_void_ctx *i2d, void *vctx,
const char *name, BIO *bp, const void *x,
const EVP_CIPHER *enc, const unsigned char *kstr,
int klen, pem_password_cb *cb, void *u);
X509_INFO *PEM_X509_INFO_read_bio(BIO *bp, X509_INFO *sk,
pem_password_cb *cb, void *u);
X509_INFO
*PEM_X509_INFO_read_bio_ex(BIO *bp, X509_INFO *sk,
pem_password_cb *cb, void *u, OSSL_LIB_CTX *libctx,
const char *propq);
int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc,
const unsigned char *kstr, int klen,
pem_password_cb *cd, void *u);
int PEM_read(FILE *fp, char **name, char **header,
unsigned char **data, long *len);
int PEM_write(FILE *fp, const char *name, const char *hdr,
const unsigned char *data, long len);
void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
pem_password_cb *cb, void *u);
int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
const void *x, const EVP_CIPHER *enc,
const unsigned char *kstr, int klen,
pem_password_cb *callback, void *u);
X509_INFO *PEM_X509_INFO_read(FILE *fp, X509_INFO *sk,
pem_password_cb *cb, void *u);
X509_INFO
*PEM_X509_INFO_read_ex(FILE *fp, X509_INFO *sk, pem_password_cb *cb,
void *u, OSSL_LIB_CTX *libctx, const char *propq);
int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
int PEM_SignUpdate(EVP_MD_CTX *ctx, const unsigned char *d, unsigned int cnt);
int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
unsigned int *siglen, EVP_PKEY *pkey);
/* The default pem_password_cb that's used internally */
int PEM_def_callback(char *buf, int num, int rwflag, void *userdata);
void PEM_proc_type(char *buf, int type);
void PEM_dek_info(char *buf, const char *type, int len, const char *str);
// DECLARE_PEM_rw(X509, X509)
// DECLARE_PEM_rw(X509_AUX, X509)
// DECLARE_PEM_rw(X509_REQ, X509_REQ)
// DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
// DECLARE_PEM_rw(X509_CRL, X509_CRL)
// DECLARE_PEM_rw(X509_PUBKEY, X509_PUBKEY)
// DECLARE_PEM_rw(PKCS7, PKCS7)
// DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
// DECLARE_PEM_rw(PKCS8, X509_SIG)
DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
// # ifndef OPENSSL_NO_DEPRECATED_3_0
// DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, RSAPrivateKey, RSA)
// DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSAPublicKey, RSA)
// DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSA_PUBKEY, RSA)
// # endif
// # ifndef OPENSSL_NO_DEPRECATED_3_0
// # ifndef OPENSSL_NO_DSA
// DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, DSAPrivateKey, DSA)
// DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DSA_PUBKEY, DSA)
// DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DSAparams, DSA)
// # endif
// # endif
// # ifndef OPENSSL_NO_DEPRECATED_3_0
// # ifndef OPENSSL_NO_EC
// DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, ECPKParameters, EC_GROUP)
// DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, ECPrivateKey, EC_KEY)
// DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, EC_PUBKEY, EC_KEY)
// # endif
// # endif
// # ifndef OPENSSL_NO_DH
// # ifndef OPENSSL_NO_DEPRECATED_3_0
// DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH)
// DECLARE_PEM_write_attr(OSSL_DEPRECATEDIN_3_0, DHxparams, DH)
// # endif
// # endif
DECLARE_PEM_rw_cb_ex(PrivateKey, EVP_PKEY)
DECLARE_PEM_rw_ex(PUBKEY, EVP_PKEY)
int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x,
const EVP_CIPHER *enc,
const unsigned char *kstr, int klen,
pem_password_cb *cb, void *u);
/* Why do these take a signed char *kstr? */
int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, const EVP_PKEY *x, int nid,
const char *kstr, int klen,
pem_password_cb *cb, void *u);
int PEM_write_bio_PKCS8PrivateKey(BIO *, const EVP_PKEY *, const EVP_CIPHER *,
const char *kstr, int klen,
pem_password_cb *cb, void *u);
int i2d_PKCS8PrivateKey_bio(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc,
const char *kstr, int klen,
pem_password_cb *cb, void *u);
int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, const EVP_PKEY *x, int nid,
const char *kstr, int klen,
pem_password_cb *cb, void *u);
EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
void *u);
int i2d_PKCS8PrivateKey_fp(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc,
const char *kstr, int klen,
pem_password_cb *cb, void *u);
int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, const EVP_PKEY *x, int nid,
const char *kstr, int klen,
pem_password_cb *cb, void *u);
int PEM_write_PKCS8PrivateKey_nid(FILE *fp, const EVP_PKEY *x, int nid,
const char *kstr, int klen,
pem_password_cb *cb, void *u);
EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
void *u);
int PEM_write_PKCS8PrivateKey(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc,
const char *kstr, int klen,
pem_password_cb *cd, void *u);
EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x,
OSSL_LIB_CTX *libctx, const char *propq);
EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x);
EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
EVP_PKEY *b2i_PublicKey_bio(BIO *in);
int i2b_PrivateKey_bio(BIO *out, const EVP_PKEY *pk);
int i2b_PublicKey_bio(BIO *out, const EVP_PKEY *pk);
EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
EVP_PKEY *b2i_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u,
OSSL_LIB_CTX *libctx, const char *propq);
int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel,
pem_password_cb *cb, void *u);
int i2b_PVK_bio_ex(BIO *out, const EVP_PKEY *pk, int enclevel,
pem_password_cb *cb, void *u,
OSSL_LIB_CTX *libctx, const char *propq);
# ifdef __cplusplus
}
# endif
#endif

20
cpp/ql/test/experimental/stubs/openssl/rand.h Normal file
View File

@@ -0,0 +1,20 @@
/*
* Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* Licensed under the Apache License 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* https://www.openssl.org/source/license.html
* or in the file LICENSE in the source distribution.
*/
int RAND_bytes(unsigned char *buf, int num);
int RAND_pseudo_bytes(unsigned char *buf, int num);

3
cpp/ql/test/experimental/stubs/openssl/rand_stubs.h
View File

@@ -1,3 +0,0 @@
int RAND_bytes(unsigned char *buf, int num);
int RAND_pseudo_bytes(unsigned char *buf, int num);

585
cpp/ql/test/experimental/stubs/openssl/rsa.h Normal file
View File

@@ -0,0 +1,585 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
# include "type_stubs.h"
#ifndef OPENSSL_RSA_H
# define OPENSSL_RSA_H
# pragma once
# ifdef __cplusplus
extern "C" {
# endif
# ifndef OPENSSL_RSA_MAX_MODULUS_BITS
# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
# endif
# define RSA_3 0x3L
# define RSA_F4 0x10001L
# ifndef OPENSSL_NO_DEPRECATED_3_0
/* The types RSA and RSA_METHOD are defined in ossl_typ.h */
# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 2048
# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
# endif
/* exponent limit enforced for "large" modulus only */
# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
# define OPENSSL_RSA_MAX_PUBEXP_BITS 64
# endif
/* based on RFC 8017 appendix A.1.2 */
# define RSA_ASN1_VERSION_DEFAULT 0
# define RSA_ASN1_VERSION_MULTI 1
# define RSA_DEFAULT_PRIME_NUM 2
# define RSA_METHOD_FLAG_NO_CHECK 0x0001
# define RSA_FLAG_CACHE_PUBLIC 0x0002
# define RSA_FLAG_CACHE_PRIVATE 0x0004
# define RSA_FLAG_BLINDING 0x0008
# define RSA_FLAG_THREAD_SAFE 0x0010
/*
* This flag means the private key operations will be handled by rsa_mod_exp
* and that they do not depend on the private key components being present:
* for example a key stored in external hardware. Without this flag
* bn_mod_exp gets called when private key components are absent.
*/
# define RSA_FLAG_EXT_PKEY 0x0020
/*
* new with 0.9.6j and 0.9.7b; the built-in
* RSA implementation now uses blinding by
* default (ignoring RSA_FLAG_BLINDING),
* but other engines might not need it
*/
# define RSA_FLAG_NO_BLINDING 0x0080
# endif /* OPENSSL_NO_DEPRECATED_3_0 */
/*
* Does nothing. Previously this switched off constant time behaviour.
*/
# ifndef OPENSSL_NO_DEPRECATED_1_1_0
# define RSA_FLAG_NO_CONSTTIME 0x0000
# endif
/* deprecated name for the flag*/
/*
* new with 0.9.7h; the built-in RSA
* implementation now uses constant time
* modular exponentiation for secret exponents
* by default. This flag causes the
* faster variable sliding window method to
* be used for all exponents.
*/
# ifndef OPENSSL_NO_DEPRECATED_0_9_8
# define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME
# endif
/*-
* New with 3.0: use part of the flags to denote exact type of RSA key,
* some of which are limited to specific signature and encryption schemes.
* These different types share the same RSA structure, but indicate the
* use of certain fields in that structure.
* Currently known are:
* RSA - this is the "normal" unlimited RSA structure (typenum 0)
* RSASSA-PSS - indicates that the PSS parameters are used.
* RSAES-OAEP - no specific field used for the moment, but OAEP padding
* is expected. (currently unused)
*
* 4 bits allow for 16 types
*/
# define RSA_FLAG_TYPE_MASK 0xF000
# define RSA_FLAG_TYPE_RSA 0x0000
# define RSA_FLAG_TYPE_RSASSAPSS 0x1000
# define RSA_FLAG_TYPE_RSAESOAEP 0x2000
int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode);
int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad_mode);
int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen);
int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *saltlen);
int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int bits);
int EVP_PKEY_CTX_set1_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes);
int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *ctx, int saltlen);
int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
/* Salt length matches digest */
# define RSA_PSS_SALTLEN_DIGEST -1
/* Verify only: auto detect salt length */
# define RSA_PSS_SALTLEN_AUTO -2
/* Set salt length to maximum possible */
# define RSA_PSS_SALTLEN_MAX -3
/* Auto-detect on verify, set salt length to min(maximum possible, digest
* length) on sign */
# define RSA_PSS_SALTLEN_AUTO_DIGEST_MAX -4
/* Old compatible max salt length for sign only */
# define RSA_PSS_SALTLEN_MAX_SIGN -2
int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname,
const char *mdprops);
int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
int EVP_PKEY_CTX_get_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, char *name,
size_t namelen);
int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name(EVP_PKEY_CTX *ctx,
const char *mdname);
int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
int EVP_PKEY_CTX_set_rsa_pss_keygen_md_name(EVP_PKEY_CTX *ctx,
const char *mdname,
const char *mdprops);
int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname,
const char *mdprops);
int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name,
size_t namelen);
int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen);
int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1)
# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2)
# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3)
# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4)
# define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5)
# define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6)
# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7)
# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8)
# define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9)
# define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10)
# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11)
# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12)
# define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13)
# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14)
# define RSA_PKCS1_PADDING 1
# define RSA_NO_PADDING 3
# define RSA_PKCS1_OAEP_PADDING 4
# define RSA_X931_PADDING 5
/* EVP_PKEY_ only */
# define RSA_PKCS1_PSS_PADDING 6
# define RSA_PKCS1_WITH_TLS_PADDING 7
/* internal RSA_ only */
# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
# define RSA_PKCS1_PADDING_SIZE 11
# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg)
# define RSA_get_app_data(s) RSA_get_ex_data(s,0)
RSA *RSA_new(void);
RSA *RSA_new_method(ENGINE *engine);
int RSA_bits(const RSA *rsa);
int RSA_size(const RSA *rsa);
int RSA_security_bits(const RSA *rsa);
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
int RSA_set0_crt_params(RSA *r,
BIGNUM *dmp1, BIGNUM *dmq1,
BIGNUM *iqmp);
int RSA_set0_multi_prime_params(RSA *r,
BIGNUM *primes[],
BIGNUM *exps[],
BIGNUM *coeffs[],
int pnum);
void RSA_get0_key(const RSA *r,
const BIGNUM **n, const BIGNUM **e,
const BIGNUM **d);
void RSA_get0_factors(const RSA *r,
const BIGNUM **p, const BIGNUM **q);
int RSA_get_multi_prime_extra_count(const RSA *r);
int RSA_get0_multi_prime_factors(const RSA *r,
const BIGNUM *primes[]);
void RSA_get0_crt_params(const RSA *r,
const BIGNUM **dmp1,
const BIGNUM **dmq1,
const BIGNUM **iqmp);
int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[],
const BIGNUM *coeffs[]);
const BIGNUM *RSA_get0_n(const RSA *d);
const BIGNUM *RSA_get0_e(const RSA *d);
const BIGNUM *RSA_get0_d(const RSA *d);
const BIGNUM *RSA_get0_p(const RSA *d);
const BIGNUM *RSA_get0_q(const RSA *d);
const BIGNUM *RSA_get0_dmp1(const RSA *r);
const BIGNUM *RSA_get0_dmq1(const RSA *r);
const BIGNUM *RSA_get0_iqmp(const RSA *r);
const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r);
void RSA_clear_flags(RSA *r, int flags);
int RSA_test_flags(const RSA *r, int flags);
void RSA_set_flags(RSA *r, int flags);
int RSA_get_version(RSA *r);
ENGINE *RSA_get0_engine(const RSA *r);
# define EVP_RSA_gen(bits) \
EVP_PKEY_Q_keygen(NULL, NULL, "RSA", (size_t)(0 + (bits)))
/* Deprecated version */
RSA *RSA_generate_key(int bits, unsigned long e, void
(*callback) (int, int, void *),
void *cb_arg);
/* New version */
int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
BN_GENCB *cb);
/* Multi-prime version */
int RSA_generate_multi_prime_key(RSA *rsa, int bits,
int primes, BIGNUM *e,
BN_GENCB *cb);
int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2,
BIGNUM *q1, BIGNUM *q2,
const BIGNUM *Xp1, const BIGNUM *Xp2,
const BIGNUM *Xp, const BIGNUM *Xq1,
const BIGNUM *Xq2, const BIGNUM *Xq,
const BIGNUM *e, BN_GENCB *cb);
int RSA_X931_generate_key_ex(RSA *rsa, int bits,
const BIGNUM *e,
BN_GENCB *cb);
int RSA_check_key(const RSA *);
int RSA_check_key_ex(const RSA *, BN_GENCB *cb);
/* next 4 return -1 on error */
int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding);
int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding);
int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding);
int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding);
void RSA_free(RSA *r);
/* "up" the RSA object's reference count */
int RSA_up_ref(RSA *r);
int RSA_flags(const RSA *r);
void RSA_set_default_method(const RSA_METHOD *meth);
const RSA_METHOD *RSA_get_default_method(void);
const RSA_METHOD *RSA_null_method(void);
const RSA_METHOD *RSA_get_method(const RSA *rsa);
int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
/* these are the actual RSA functions */
const RSA_METHOD *RSA_PKCS1_OpenSSL(void);
int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2);
struct rsa_pss_params_st {
X509_ALGOR *hashAlgorithm;
X509_ALGOR *maskGenAlgorithm;
ASN1_INTEGER *saltLength;
ASN1_INTEGER *trailerField;
/* Decoded hash algorithm from maskGenAlgorithm */
X509_ALGOR *maskHash;
};
// DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
// DECLARE_ASN1_DUP_FUNCTION(RSA_PSS_PARAMS)
typedef struct rsa_oaep_params_st {
X509_ALGOR *hashFunc;
X509_ALGOR *maskGenFunc;
X509_ALGOR *pSourceFunc;
/* Decoded hash algorithm from maskGenFunc */
X509_ALGOR *maskHash;
} RSA_OAEP_PARAMS;
// DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_STDIO
int RSA_print_fp(FILE *fp, const RSA *r, int offset);
# endif
int RSA_print(BIO *bp, const RSA *r, int offset);
/*
* The following 2 functions sign and verify a X509_SIG ASN1 object inside
* PKCS#1 padded RSA encryption
*/
int RSA_sign(int type, const unsigned char *m,
unsigned int m_length, unsigned char *sigret,
unsigned int *siglen, RSA *rsa);
int RSA_verify(int type, const unsigned char *m,
unsigned int m_length,
const unsigned char *sigbuf,
unsigned int siglen, RSA *rsa);
/*
* The following 2 function sign and verify a ASN1_OCTET_STRING object inside
* PKCS#1 padded RSA encryption
*/
int RSA_sign_ASN1_OCTET_STRING(int type,
const unsigned char *m, unsigned int m_length,
unsigned char *sigret, unsigned int *siglen,
RSA *rsa);
int RSA_verify_ASN1_OCTET_STRING(int type,
const unsigned char *m, unsigned int m_length,
unsigned char *sigbuf, unsigned int siglen,
RSA *rsa);
int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
void RSA_blinding_off(RSA *rsa);
BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
const unsigned char *f, int fl);
int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
const unsigned char *f, int fl,
int rsa_len);
int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
const unsigned char *f, int fl);
int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
const unsigned char *f, int fl,
int rsa_len);
int PKCS1_MGF1(unsigned char *mask, long len,
const unsigned char *seed, long seedlen,
const EVP_MD *dgst);
int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *f, int fl,
const unsigned char *p, int pl);
int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *f, int fl, int rsa_len,
const unsigned char *p, int pl);
int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
const unsigned char *from, int flen,
const unsigned char *param, int plen,
const EVP_MD *md, const EVP_MD *mgf1md);
int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
const unsigned char *from, int flen,
int num,
const unsigned char *param, int plen,
const EVP_MD *md, const EVP_MD *mgf1md);
int RSA_padding_add_none(unsigned char *to, int tlen,
const unsigned char *f, int fl);
int RSA_padding_check_none(unsigned char *to, int tlen,
const unsigned char *f, int fl,
int rsa_len);
int RSA_padding_add_X931(unsigned char *to, int tlen,
const unsigned char *f, int fl);
int RSA_padding_check_X931(unsigned char *to, int tlen,
const unsigned char *f, int fl,
int rsa_len);
int RSA_X931_hash_id(int nid);
int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
const EVP_MD *Hash, const unsigned char *EM,
int sLen);
int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
const unsigned char *mHash, const EVP_MD *Hash,
int sLen);
int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
const EVP_MD *Hash, const EVP_MD *mgf1Hash,
const unsigned char *EM, int sLen);
int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
const unsigned char *mHash,
const EVP_MD *Hash, const EVP_MD *mgf1Hash,
int sLen);
# define RSA_get_ex_new_index(l, p, newf, dupf, freef) \
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef)
int RSA_set_ex_data(RSA *r, int idx, void *arg);
void *RSA_get_ex_data(const RSA *r, int idx);
// DECLARE_ASN1_DUP_FUNCTION_name_attr(, RSA, RSAPublicKey)
// DECLARE_ASN1_DUP_FUNCTION_name_attr(, RSA, RSAPrivateKey)
/*
* If this flag is set the RSA method is FIPS compliant and can be used in
* FIPS mode. This is set in the validated module method. If an application
* sets this flag in its own methods it is its responsibility to ensure the
* result is compliant.
*/
# define RSA_FLAG_FIPS_METHOD 0x0400
/*
* If this flag is set the operations normally disabled in FIPS mode are
* permitted it is then the applications responsibility to ensure that the
* usage is compliant.
*/
# define RSA_FLAG_NON_FIPS_ALLOW 0x0400
/*
* Application has decided PRNG is good enough to generate a key: don't
* check.
*/
# define RSA_FLAG_CHECKED 0x0800
RSA_METHOD *RSA_meth_new(const char *name, int flags);
void RSA_meth_free(RSA_METHOD *meth);
RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
const char *RSA_meth_get0_name(const RSA_METHOD *meth);
int RSA_meth_set1_name(RSA_METHOD *meth,
const char *name);
int RSA_meth_get_flags(const RSA_METHOD *meth);
int RSA_meth_set_flags(RSA_METHOD *meth, int flags);
void *RSA_meth_get0_app_data(const RSA_METHOD *meth);
int RSA_meth_set0_app_data(RSA_METHOD *meth,
void *app_data);
int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) (int flen,
const unsigned char *from,
unsigned char *to,
RSA *rsa, int padding);
int RSA_meth_set_pub_enc(RSA_METHOD *rsa,
int (*pub_enc) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding));
int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) (int flen,
const unsigned char *from,
unsigned char *to,
RSA *rsa, int padding);
int RSA_meth_set_pub_dec(RSA_METHOD *rsa,
int (*pub_dec) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding));
int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) (int flen,
const unsigned char *from,
unsigned char *to,
RSA *rsa, int padding);
int RSA_meth_set_priv_enc(RSA_METHOD *rsa,
int (*priv_enc) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding));
int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) (int flen,
const unsigned char *from,
unsigned char *to,
RSA *rsa, int padding);
int RSA_meth_set_priv_dec(RSA_METHOD *rsa,
int (*priv_dec) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding));
int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) (BIGNUM *r0,
const BIGNUM *i,
RSA *rsa, BN_CTX *ctx);
int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa,
BN_CTX *ctx));
int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) (BIGNUM *r,
const BIGNUM *a,
const BIGNUM *p,
const BIGNUM *m,
BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa,
int (*bn_mod_exp) (BIGNUM *r,
const BIGNUM *a,
const BIGNUM *p,
const BIGNUM *m,
BN_CTX *ctx,
BN_MONT_CTX *m_ctx));
int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa);
int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa));
int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa);
int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa));
int (*RSA_meth_get_sign(const RSA_METHOD *meth)) (int type,
const unsigned char *m,
unsigned int m_length,
unsigned char *sigret,
unsigned int *siglen,
const RSA *rsa);
int RSA_meth_set_sign(RSA_METHOD *rsa,
int (*sign) (int type, const unsigned char *m,
unsigned int m_length,
unsigned char *sigret, unsigned int *siglen,
const RSA *rsa));
int (*RSA_meth_get_verify(const RSA_METHOD *meth)) (int dtype,
const unsigned char *m,
unsigned int m_length,
const unsigned char *sigbuf,
unsigned int siglen,
const RSA *rsa);
int RSA_meth_set_verify(RSA_METHOD *rsa,
int (*verify) (int dtype, const unsigned char *m,
unsigned int m_length,
const unsigned char *sigbuf,
unsigned int siglen, const RSA *rsa));
int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) (RSA *rsa, int bits,
BIGNUM *e, BN_GENCB *cb);
int RSA_meth_set_keygen(RSA_METHOD *rsa,
int (*keygen) (RSA *rsa, int bits, BIGNUM *e,
BN_GENCB *cb));
int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth)) (RSA *rsa,
int bits,
int primes,
BIGNUM *e,
BN_GENCB *cb);
int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth,
int (*keygen) (RSA *rsa, int bits,
int primes, BIGNUM *e,
BN_GENCB *cb));
#endif /* !OPENSSL_NO_DEPRECATED_3_0 */
# ifdef __cplusplus
}
# endif
#endif

702
cpp/ql/test/experimental/stubs/openssl/type_stubs.h Normal file
View File

@@ -0,0 +1,702 @@
#pragma once
#define NULL 0
typedef unsigned long size_t;
typedef unsigned char uint8_t;
typedef unsigned int uint32_t;
typedef unsigned long long uint64_t;
typedef int OSSL_PROVIDER;
typedef int OSSL_FUNC_keymgmt_import_fn;
typedef int OSSL_FUNC_digest_get_ctx_params_fn;
typedef int OSSL_FUNC_cipher_settable_ctx_params_fn;
typedef int OSSL_FUNC_mac_set_ctx_params_fn;
typedef int OSSL_FUNC_signature_digest_verify_update_fn;
typedef int OSSL_FUNC_provider_get_reason_strings_fn;
typedef int OSSL_FUNC_core_get_params_fn;
typedef int OSSL_FUNC_rand_get_seed_fn;
typedef int OSSL_FUNC_rand_instantiate_fn;
typedef int OSSL_FUNC_keymgmt_gen_get_params_fn;
typedef int EVP_PKEY_gen_cb;
typedef int OSSL_FUNC_provider_unquery_operation_fn;
typedef int OSSL_FUNC_cleanup_user_entropy_fn;
typedef int OSSL_FUNC_asym_cipher_decrypt_fn;
typedef int OSSL_FUNC_cipher_pipeline_decrypt_init_fn;
typedef int X509_PUBKEY;
typedef int OSSL_FUNC_BIO_puts_fn;
typedef int OSSL_FUNC_signature_verify_fn;
typedef int OSSL_FUNC_encoder_gettable_params_fn;
typedef int OSSL_FUNC_keymgmt_validate_fn;
typedef int EVP_PBE_KEYGEN_EX;
typedef int OSSL_FUNC_keyexch_dupctx_fn;
typedef int OSSL_FUNC_kdf_newctx_fn;
typedef int OSSL_FUNC_signature_digest_verify_final_fn;
typedef int OSSL_FUNC_signature_set_ctx_params_fn;
typedef int OSSL_FUNC_rand_reseed_fn;
typedef int OSSL_FUNC_SSL_QUIC_TLS_crypto_release_rcd_fn;
typedef int OSSL_FUNC_store_open_fn;
typedef int OSSL_FUNC_encoder_newctx_fn;
typedef int EVP_KEYMGMT;
typedef int OSSL_FUNC_core_vset_error_fn;
typedef int EVP_KEYEXCH;
typedef int OSSL_FUNC_signature_gettable_ctx_md_params_fn;
typedef int OSSL_FUNC_CRYPTO_secure_free_fn;
typedef int OSSL_FUNC_keymgmt_import_types_fn;
typedef int OSSL_FUNC_signature_sign_message_update_fn;
typedef int OSSL_FUNC_keymgmt_gen_gettable_params_fn;
typedef int OSSL_FUNC_cipher_update_fn;
typedef int OSSL_FUNC_mac_newctx_fn;
typedef int OSSL_FUNC_keymgmt_set_params_fn;
typedef int X509_ALGOR;
typedef int OSSL_FUNC_signature_get_ctx_params_fn;
typedef int ASN1_ITEM;
typedef int EVP_SIGNATURE;
typedef int OSSL_FUNC_CRYPTO_realloc_fn;
typedef int OSSL_FUNC_BIO_new_file_fn;
typedef int OSSL_FUNC_signature_sign_message_final_fn;
typedef int OSSL_FUNC_cipher_newctx_fn;
typedef int OSSL_FUNC_rand_nonce_fn;
typedef int EVP_MD;
typedef int OSSL_FUNC_kdf_reset_fn;
typedef int OSSL_FUNC_keyexch_settable_ctx_params_fn;
typedef int OSSL_FUNC_store_export_object_fn;
typedef int OSSL_FUNC_CRYPTO_secure_allocated_fn;
typedef int OSSL_FUNC_cipher_pipeline_update_fn;
typedef int OSSL_FUNC_keyexch_freectx_fn;
typedef int OSSL_FUNC_kdf_gettable_params_fn;
typedef int OSSL_FUNC_rand_set_ctx_params_fn;
typedef int OSSL_FUNC_signature_verify_message_init_fn;
typedef int OSSL_FUNC_keymgmt_free_fn;
typedef int OSSL_FUNC_rand_gettable_ctx_params_fn;
typedef int OSSL_FUNC_signature_digest_sign_update_fn;
typedef int OSSL_FUNC_keymgmt_has_fn;
typedef int OSSL_FUNC_kdf_get_ctx_params_fn;
typedef int OSSL_FUNC_provider_get0_dispatch_fn;
typedef int OSSL_FUNC_signature_verify_message_update_fn;
typedef int OSSL_FUNC_rand_lock_fn;
typedef int EVP_KEM;
typedef int OSSL_FUNC_BIO_read_ex_fn;
typedef int X509_SIG_INFO;
typedef int OSSL_FUNC_keymgmt_import_types_ex_fn;
typedef int OSSL_FUNC_encoder_free_object_fn;
typedef int OSSL_FUNC_asym_cipher_decrypt_init_fn;
typedef int OSSL_FUNC_SSL_QUIC_TLS_alert_fn;
typedef int OSSL_FUNC_cipher_get_params_fn;
typedef int OSSL_FUNC_get_nonce_fn;
typedef int ASN1_OBJECT;
typedef int OSSL_LIB_CTX;
typedef int OSSL_FUNC_keymgmt_gen_set_params_fn;
typedef int OSSL_FUNC_provider_deregister_child_cb_fn;
typedef int OSSL_PARAM;
typedef int OSSL_FUNC_decoder_gettable_params_fn;
typedef int OSSL_FUNC_cipher_pipeline_final_fn;
typedef int OSSL_FUNC_signature_freectx_fn;
typedef int EVP_PKEY_METHOD;
typedef int OSSL_FUNC_CRYPTO_zalloc_fn;
typedef int OSSL_FUNC_keymgmt_query_operation_name_fn;
typedef int OSSL_FUNC_core_set_error_mark_fn;
typedef int OSSL_FUNC_asym_cipher_gettable_ctx_params_fn;
typedef int OSSL_FUNC_CRYPTO_free_fn;
typedef int OSSL_FUNC_indicator_cb_fn;
typedef int OSSL_FUNC_kdf_freectx_fn;
typedef int ENGINE;
typedef int EVP_PKEY;
typedef int PKCS8_PRIV_KEY_INFO;
typedef int OSSL_FUNC_signature_digest_verify_fn;
typedef int OSSL_FUNC_mac_final_fn;
typedef int OSSL_FUNC_core_pop_error_to_mark_fn;
typedef int OSSL_FUNC_signature_verify_recover_fn;
typedef int OSSL_FUNC_keymgmt_gen_settable_params_fn;
typedef int OSSL_FUNC_provider_self_test_fn;
typedef int OSSL_FUNC_digest_gettable_params_fn;
typedef int OSSL_FUNC_CRYPTO_secure_malloc_fn;
typedef int OSSL_FUNC_keymgmt_get_params_fn;
typedef int OSSL_FUNC_mac_freectx_fn;
typedef int OSSL_FUNC_cleanup_user_nonce_fn;
typedef int EVP_SKEYMGMT;
typedef int OSSL_FUNC_core_set_error_debug_fn;
typedef int OSSL_FUNC_cipher_decrypt_skey_init_fn;
typedef int OSSL_FUNC_BIO_new_membuf_fn;
typedef int OSSL_FUNC_provider_query_operation_fn;
typedef int OSSL_FUNC_signature_set_ctx_md_params_fn;
typedef int OSSL_FUNC_encoder_does_selection_fn;
typedef int OSSL_FUNC_kem_get_ctx_params_fn;
typedef int OSSL_FUNC_cipher_gettable_params_fn;
typedef int OSSL_FUNC_digest_final_fn;
typedef int OSSL_FUNC_rand_generate_fn;
typedef int EVP_PKEY_CTX;
typedef int OSSL_FUNC_kem_decapsulate_fn;
typedef int OSSL_FUNC_skeymgmt_generate_fn;
typedef int OSSL_FUNC_asym_cipher_encrypt_init_fn;
typedef int OSSL_FUNC_kdf_get_params_fn;
typedef int OSSL_FUNC_cipher_encrypt_skey_init_fn;
typedef int OSSL_FUNC_encoder_get_params_fn;
typedef int OSSL_FUNC_asym_cipher_freectx_fn;
typedef int OSSL_FUNC_CRYPTO_secure_clear_free_fn;
typedef int OSSL_FUNC_store_load_fn;
typedef int OSSL_FUNC_digest_update_fn;
typedef int OSSL_FUNC_provider_up_ref_fn;
typedef int OSSL_FUNC_SSL_QUIC_TLS_crypto_recv_rcd_fn;
typedef int OSSL_FUNC_signature_digest_sign_init_fn;
typedef int OSSL_FUNC_keymgmt_load_fn;
typedef int OSSL_FUNC_keyexch_gettable_ctx_params_fn;
typedef int OSSL_FUNC_rand_get_params_fn;
typedef int OSSL_FUNC_rand_verify_zeroization_fn;
typedef int OSSL_FUNC_skeymgmt_export_fn;
typedef int OSSL_FUNC_BIO_free_fn;
typedef int OSSL_FUNC_rand_settable_ctx_params_fn;
typedef int OSSL_FUNC_cleanup_entropy_fn;
typedef int OSSL_FUNC_encoder_settable_ctx_params_fn;
typedef int OSSL_DISPATCH;
typedef int OSSL_FUNC_OPENSSL_cleanse_fn;
typedef int OSSL_FUNC_digest_dupctx_fn;
typedef int OSSL_FUNC_kem_decapsulate_init_fn;
typedef int EVP_MAC_CTX;
typedef int OSSL_FUNC_digest_squeeze_fn;
typedef int OSSL_FUNC_keyexch_set_ctx_params_fn;
typedef int EVP_ENCODE_CTX;
typedef int OSSL_FUNC_BIO_vsnprintf_fn;
typedef int OSSL_FUNC_mac_dupctx_fn;
typedef int OSSL_FUNC_kdf_derive_fn;
typedef int OSSL_FUNC_encoder_set_ctx_params_fn;
typedef int OSSL_FUNC_rand_freectx_fn;
typedef int OSSL_FUNC_BIO_ctrl_fn;
typedef int EVP_CIPHER;
typedef int OSSL_FUNC_cipher_set_ctx_params_fn;
typedef int OSSL_FUNC_rand_enable_locking_fn;
typedef int OSSL_FUNC_keyexch_newctx_fn;
typedef int OSSL_FUNC_signature_settable_ctx_params_fn;
typedef int OSSL_FUNC_provider_gettable_params_fn;
typedef int OSSL_FUNC_keymgmt_gen_set_template_fn;
typedef int OSSL_FUNC_keymgmt_settable_params_fn;
typedef int OSSL_FUNC_keymgmt_gen_cleanup_fn;
typedef int OSSL_FUNC_kdf_set_ctx_params_fn;
typedef int OSSL_FUNC_rand_unlock_fn;
typedef int OSSL_FUNC_SSL_QUIC_TLS_yield_secret_fn;
typedef int OSSL_FUNC_signature_digest_sign_fn;
typedef int OSSL_FUNC_keymgmt_gettable_params_fn;
typedef int OSSL_FUNC_kem_auth_encapsulate_init_fn;
typedef int OSSL_FUNC_kem_encapsulate_fn;
typedef int OSSL_FUNC_CRYPTO_secure_zalloc_fn;
typedef int OSSL_FUNC_rand_get_ctx_params_fn;
typedef int OSSL_FUNC_store_delete_fn;
typedef int OSSL_FUNC_cipher_pipeline_encrypt_init_fn;
typedef int OSSL_FUNC_cipher_dupctx_fn;
typedef int OSSL_FUNC_store_settable_ctx_params_fn;
typedef int FILE;
typedef int OSSL_FUNC_provider_teardown_fn;
typedef int OSSL_FUNC_kdf_dupctx_fn;
typedef int OSSL_FUNC_decoder_newctx_fn;
typedef int OSSL_FUNC_core_clear_last_error_mark_fn;
typedef int OSSL_FUNC_core_obj_create_fn;
typedef int OSSL_FUNC_keyexch_init_fn;
typedef int OSSL_FUNC_kem_gettable_ctx_params_fn;
typedef int EVP_MD_CTX;
typedef int OSSL_FUNC_decoder_decode_fn;
typedef int OSSL_FUNC_mac_gettable_params_fn;
typedef int OSSL_FUNC_kem_set_ctx_params_fn;
typedef int OSSL_FUNC_encoder_encode_fn;
typedef int OSSL_FUNC_core_gettable_params_fn;
typedef int OSSL_FUNC_mac_gettable_ctx_params_fn;
typedef int OSSL_FUNC_get_user_entropy_fn;
typedef int OSSL_FUNC_kdf_gettable_ctx_params_fn;
typedef int OSSL_FUNC_keymgmt_gen_fn;
typedef int OSSL_FUNC_keyexch_set_peer_fn;
typedef int OSSL_FUNC_core_obj_add_sigid_fn;
typedef int OSSL_FUNC_keymgmt_export_types_ex_fn;
typedef int OSSL_FUNC_kem_newctx_fn;
typedef int OSSL_FUNC_signature_sign_init_fn;
typedef int OSSL_FUNC_asym_cipher_get_ctx_params_fn;
typedef int OSSL_FUNC_CRYPTO_clear_free_fn;
typedef int OSSL_FUNC_encoder_freectx_fn;
typedef int OSSL_FUNC_kem_freectx_fn;
typedef int OSSL_FUNC_provider_get0_provider_ctx_fn;
typedef int OSSL_FUNC_digest_copyctx_fn;
typedef int OSSL_FUNC_provider_name_fn;
typedef int OSSL_FUNC_cipher_decrypt_init_fn;
typedef int EVP_PKEY_ASN1_METHOD;
typedef int OSSL_FUNC_keyexch_get_ctx_params_fn;
typedef int OSSL_FUNC_store_set_ctx_params_fn;
typedef int ASN1_TYPE;
typedef int OSSL_FUNC_skeymgmt_imp_settable_params_fn;
typedef int OSSL_FUNC_cipher_get_ctx_params_fn;
typedef int EVP_MAC;
typedef int OSSL_FUNC_store_attach_fn;
typedef int OSSL_FUNC_signature_get_ctx_md_params_fn;
typedef int OSSL_FUNC_encoder_import_object_fn;
typedef int OSSL_FUNC_cleanup_nonce_fn;
typedef int OSSL_FUNC_kem_auth_decapsulate_init_fn;
typedef int OSSL_CALLBACK;
typedef int OSSL_FUNC_skeymgmt_import_fn;
typedef int OSSL_FUNC_cipher_freectx_fn;
typedef int OSSL_FUNC_asym_cipher_dupctx_fn;
typedef int OSSL_FUNC_SSL_QUIC_TLS_crypto_send_fn;
typedef int OSSL_FUNC_CRYPTO_clear_realloc_fn;
typedef int OSSL_FUNC_signature_verify_recover_init_fn;
typedef int OSSL_FUNC_provider_free_fn;
typedef int EVP_RAND;
typedef int OSSL_FUNC_digest_newctx_fn;
typedef int OSSL_FUNC_cipher_final_fn;
typedef int OSSL_FUNC_keymgmt_new_fn;
typedef int EVP_CIPHER_CTX;
typedef int OSSL_FUNC_decoder_does_selection_fn;
typedef int OSSL_FUNC_signature_digest_verify_init_fn;
typedef int OSSL_FUNC_digest_set_ctx_params_fn;
typedef int OSSL_FUNC_rand_newctx_fn;
typedef int OSSL_FUNC_BIO_vprintf_fn;
typedef int OSSL_FUNC_keymgmt_gen_init_fn;
typedef int EVP_RAND_CTX;
typedef int OSSL_FUNC_store_close_fn;
typedef int OSSL_FUNC_asym_cipher_encrypt_fn;
typedef int OSSL_FUNC_mac_get_params_fn;
typedef int OSSL_FUNC_get_entropy_fn;
typedef int OSSL_FUNC_digest_gettable_ctx_params_fn;
typedef int OSSL_FUNC_SSL_QUIC_TLS_got_transport_params_fn;
typedef int OSSL_FUNC_skeymgmt_free_fn;
typedef int OSSL_FUNC_mac_settable_ctx_params_fn;
typedef int OSSL_FUNC_decoder_export_object_fn;
typedef int OSSL_FUNC_rand_clear_seed_fn;
typedef int OSSL_FUNC_mac_get_ctx_params_fn;
typedef int OSSL_FUNC_digest_digest_fn;
typedef int EVP_SKEY;
typedef int OSSL_FUNC_cipher_gettable_ctx_params_fn;
typedef int OSSL_FUNC_CRYPTO_malloc_fn;
typedef int OSSL_FUNC_asym_cipher_settable_ctx_params_fn;
typedef int OSSL_FUNC_signature_dupctx_fn;
typedef int OSSL_FUNC_BIO_write_ex_fn;
typedef int OSSL_FUNC_rand_set_callbacks_fn;
typedef int OSSL_FUNC_keymgmt_match_fn;
typedef int OSSL_FUNC_signature_digest_sign_final_fn;
typedef int OSSL_FUNC_provider_get_params_fn;
typedef int OSSL_FUNC_BIO_gets_fn;
typedef int OSSL_FUNC_cipher_encrypt_init_fn;
typedef int OSSL_FUNC_signature_verify_message_final_fn;
typedef int BIGNUM;
typedef int OSSL_FUNC_digest_freectx_fn;
typedef int OSSL_FUNC_asym_cipher_set_ctx_params_fn;
typedef int OSSL_FUNC_signature_gettable_ctx_params_fn;
typedef int BIO;
typedef int OSSL_FUNC_digest_get_params_fn;
typedef int OSSL_FUNC_skeymgmt_get_key_id_fn;
typedef int OSSL_FUNC_rand_uninstantiate_fn;
typedef int OSSL_FUNC_decoder_get_params_fn;
typedef int OSSL_FUNC_signature_newctx_fn;
typedef int OSSL_FUNC_signature_sign_fn;
typedef int OSSL_FUNC_decoder_set_ctx_params_fn;
typedef int OSSL_FUNC_kem_dupctx_fn;
typedef int OSSL_FUNC_get_user_nonce_fn;
typedef int OSSL_FUNC_mac_init_skey_fn;
typedef int ASN1_PCTX;
typedef int OSSL_FUNC_provider_get_capabilities_fn;
typedef int OSSL_FUNC_provider_register_child_cb_fn;
typedef int OSSL_FUNC_kem_settable_ctx_params_fn;
typedef int OSSL_FUNC_signature_query_key_types_fn;
typedef int OSSL_FUNC_signature_settable_ctx_md_params_fn;
typedef int OSSL_FUNC_asym_cipher_newctx_fn;
typedef int OSSL_FUNC_store_open_ex_fn;
typedef int OSSL_FUNC_keyexch_derive_fn;
typedef int OSSL_FUNC_kdf_settable_ctx_params_fn;
typedef int OSSL_FUNC_skeymgmt_gen_settable_params_fn;
typedef int OSSL_FUNC_digest_settable_ctx_params_fn;
typedef int OSSL_FUNC_kem_encapsulate_init_fn;
typedef int OSSL_FUNC_core_new_error_fn;
typedef int OSSL_FUNC_BIO_up_ref_fn;
typedef int OSSL_FUNC_self_test_cb_fn;
typedef int OSSL_FUNC_keymgmt_export_types_fn;
typedef int OSSL_FUNC_core_get_libctx_fn;
typedef int OSSL_FUNC_digest_init_fn;
typedef int EVP_ASYM_CIPHER;
typedef int OSSL_FUNC_decoder_settable_ctx_params_fn;
typedef int OSSL_FUNC_signature_sign_message_init_fn;
typedef int OSSL_FUNC_rand_gettable_params_fn;
typedef int OSSL_FUNC_mac_update_fn;
typedef int OSSL_FUNC_keymgmt_export_fn;
typedef int OSSL_FUNC_provider_random_bytes_fn;
typedef int OSSL_FUNC_decoder_freectx_fn;
typedef int OSSL_FUNC_mac_init_fn;
typedef int OSSL_FUNC_store_eof_fn;
typedef int OSSL_FUNC_signature_verify_init_fn;
typedef int EVP_PBE_KEYGEN;
typedef int OSSL_FUNC_core_thread_start_fn;
typedef int OSSL_FUNC_cipher_cipher_fn;
typedef int OSSL_FUNC_keymgmt_dup_fn;
typedef int RSA;
typedef int BIGNUM;
typedef int ENGINE;
typedef int RSA_METHOD;
struct asn1_string_st {
int length;
int type;
unsigned char *data;
/*
* The value of the following field depends on the type being held. It
* is mostly being used for BIT_STRING so if the input data has a
* non-zero 'unused bits' value, it will be handled correctly
*/
long flags;
};
typedef struct asn1_string_st ASN1_INTEGER;
typedef struct asn1_string_st ASN1_ENUMERATED;
typedef struct asn1_string_st ASN1_BIT_STRING;
typedef struct asn1_string_st ASN1_OCTET_STRING;
typedef struct asn1_string_st ASN1_PRINTABLESTRING;
typedef struct asn1_string_st ASN1_T61STRING;
typedef struct asn1_string_st ASN1_IA5STRING;
typedef struct asn1_string_st ASN1_GENERALSTRING;
typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
typedef struct asn1_string_st ASN1_BMPSTRING;
typedef struct asn1_string_st ASN1_UTCTIME;
typedef struct asn1_string_st ASN1_TIME;
typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
typedef struct asn1_string_st ASN1_VISIBLESTRING;
typedef struct asn1_string_st ASN1_UTF8STRING;
typedef struct asn1_string_st ASN1_STRING;
typedef int ASN1_BOOLEAN;
typedef int ASN1_NULL;
typedef int EVP_CIPHER_INFO;
typedef int pem_password_cb;
typedef int X509_INFO;
typedef int RSA_PSS_PARAMS;
typedef int BN_GENCB;
typedef int BN_CTX;
typedef int BN_BLINDING;
typedef int BN_MONT_CTX;
typedef int d2i_of_void;
typedef int i2d_of_void;
typedef int OSSL_i2d_of_void_ctx;
typedef int DSA;
typedef int FFC_PARAMS;