1# This file is dual licensed under the terms of the Apache License, Version 2# 2.0, and the BSD License. See the LICENSE file in the root of this repository 3# for complete details. 4 5from __future__ import absolute_import, division, print_function 6 7INCLUDES = """ 8#include <openssl/ssl.h> 9 10/* 11 * This is part of a work-around for the difficulty cffi has in dealing with 12 * `STACK_OF(foo)` as the name of a type. We invent a new, simpler name that 13 * will be an alias for this type and use the alias throughout. This works 14 * together with another opaque typedef for the same name in the TYPES section. 15 * Note that the result is an opaque type. 16 */ 17typedef STACK_OF(X509) Cryptography_STACK_OF_X509; 18typedef STACK_OF(X509_CRL) Cryptography_STACK_OF_X509_CRL; 19typedef STACK_OF(X509_REVOKED) Cryptography_STACK_OF_X509_REVOKED; 20""" 21 22TYPES = """ 23typedef ... Cryptography_STACK_OF_X509; 24typedef ... Cryptography_STACK_OF_X509_CRL; 25typedef ... Cryptography_STACK_OF_X509_REVOKED; 26 27typedef struct { 28 ASN1_OBJECT *algorithm; 29 ...; 30} X509_ALGOR; 31 32typedef ... X509_ATTRIBUTE; 33typedef ... X509_CINF; 34typedef ... X509_EXTENSION; 35typedef ... X509_EXTENSIONS; 36typedef ... X509_REQ; 37typedef ... X509_REQ_INFO; 38typedef ... X509_REVOKED; 39typedef ... X509_CRL_INFO; 40typedef ... X509_CRL; 41typedef ... X509; 42 43typedef ... NETSCAPE_SPKI; 44 45typedef ... PKCS8_PRIV_KEY_INFO; 46 47static const int X509_FLAG_COMPAT; 48static const int X509_FLAG_NO_HEADER; 49static const int X509_FLAG_NO_VERSION; 50static const int X509_FLAG_NO_SERIAL; 51static const int X509_FLAG_NO_SIGNAME; 52static const int X509_FLAG_NO_ISSUER; 53static const int X509_FLAG_NO_VALIDITY; 54static const int X509_FLAG_NO_SUBJECT; 55static const int X509_FLAG_NO_PUBKEY; 56static const int X509_FLAG_NO_EXTENSIONS; 57static const int X509_FLAG_NO_SIGDUMP; 58static const int X509_FLAG_NO_AUX; 59static const int X509_FLAG_NO_ATTRIBUTES; 60 61static const int XN_FLAG_SEP_MASK; 62static const int XN_FLAG_COMPAT; 63static const int XN_FLAG_SEP_COMMA_PLUS; 64static const int XN_FLAG_SEP_CPLUS_SPC; 65static const int XN_FLAG_SEP_SPLUS_SPC; 66static const int XN_FLAG_SEP_MULTILINE; 67static const int XN_FLAG_DN_REV; 68static const int XN_FLAG_FN_MASK; 69static const int XN_FLAG_FN_SN; 70static const int XN_FLAG_FN_LN; 71static const int XN_FLAG_FN_OID; 72static const int XN_FLAG_FN_NONE; 73static const int XN_FLAG_SPC_EQ; 74static const int XN_FLAG_DUMP_UNKNOWN_FIELDS; 75static const int XN_FLAG_FN_ALIGN; 76static const int XN_FLAG_RFC2253; 77static const int XN_FLAG_ONELINE; 78static const int XN_FLAG_MULTILINE; 79 80typedef void (*sk_X509_EXTENSION_freefunc)(X509_EXTENSION *); 81""" 82 83FUNCTIONS = """ 84X509 *X509_new(void); 85void X509_free(X509 *); 86X509 *X509_dup(X509 *); 87int X509_cmp(const X509 *, const X509 *); 88int X509_up_ref(X509 *); 89 90int X509_print_ex(BIO *, X509 *, unsigned long, unsigned long); 91 92int X509_set_version(X509 *, long); 93 94EVP_PKEY *X509_get_pubkey(X509 *); 95int X509_set_pubkey(X509 *, EVP_PKEY *); 96 97unsigned char *X509_alias_get0(X509 *, int *); 98int X509_sign(X509 *, EVP_PKEY *, const EVP_MD *); 99 100int X509_digest(const X509 *, const EVP_MD *, unsigned char *, unsigned int *); 101 102ASN1_TIME *X509_gmtime_adj(ASN1_TIME *, long); 103 104unsigned long X509_subject_name_hash(X509 *); 105 106int X509_set_subject_name(X509 *, X509_NAME *); 107 108int X509_set_issuer_name(X509 *, X509_NAME *); 109 110int X509_add_ext(X509 *, X509_EXTENSION *, int); 111X509_EXTENSION *X509_delete_ext(X509 *, int); 112X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *); 113 114ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *); 115void X509_EXTENSION_free(X509_EXTENSION *); 116 117int i2d_X509(X509 *, unsigned char **); 118 119int X509_REQ_set_version(X509_REQ *, long); 120X509_REQ *X509_REQ_new(void); 121void X509_REQ_free(X509_REQ *); 122int X509_REQ_set_pubkey(X509_REQ *, EVP_PKEY *); 123int X509_REQ_set_subject_name(X509_REQ *, X509_NAME *); 124int X509_REQ_sign(X509_REQ *, EVP_PKEY *, const EVP_MD *); 125int X509_REQ_verify(X509_REQ *, EVP_PKEY *); 126int X509_REQ_digest(const X509_REQ *, const EVP_MD *, 127 unsigned char *, unsigned int *); 128EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *); 129int X509_REQ_print(BIO *, X509_REQ *); 130int X509_REQ_print_ex(BIO *, X509_REQ *, unsigned long, unsigned long); 131int X509_REQ_add_extensions(X509_REQ *, X509_EXTENSIONS *); 132X509_EXTENSIONS *X509_REQ_get_extensions(X509_REQ *); 133 134int X509V3_EXT_print(BIO *, X509_EXTENSION *, unsigned long, int); 135ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *); 136 137X509_REVOKED *X509_REVOKED_new(void); 138void X509_REVOKED_free(X509_REVOKED *); 139 140int X509_REVOKED_set_serialNumber(X509_REVOKED *, ASN1_INTEGER *); 141 142int X509_REVOKED_add_ext(X509_REVOKED *, X509_EXTENSION*, int); 143int X509_REVOKED_add1_ext_i2d(X509_REVOKED *, int, void *, int, unsigned long); 144X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *, int); 145 146int X509_REVOKED_set_revocationDate(X509_REVOKED *, ASN1_TIME *); 147 148X509_CRL *X509_CRL_new(void); 149X509_CRL *X509_CRL_dup(X509_CRL *); 150X509_CRL *d2i_X509_CRL_bio(BIO *, X509_CRL **); 151int X509_CRL_add0_revoked(X509_CRL *, X509_REVOKED *); 152int X509_CRL_add_ext(X509_CRL *, X509_EXTENSION *, int); 153int X509_CRL_cmp(const X509_CRL *, const X509_CRL *); 154int X509_CRL_print(BIO *, X509_CRL *); 155int X509_CRL_set_issuer_name(X509_CRL *, X509_NAME *); 156int X509_CRL_set_version(X509_CRL *, long); 157int X509_CRL_sign(X509_CRL *, EVP_PKEY *, const EVP_MD *); 158int X509_CRL_sort(X509_CRL *); 159int X509_CRL_verify(X509_CRL *, EVP_PKEY *); 160int i2d_X509_CRL_bio(BIO *, X509_CRL *); 161void X509_CRL_free(X509_CRL *); 162 163int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *, EVP_PKEY *); 164int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *, EVP_PKEY *, const EVP_MD *); 165char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *); 166NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *, int); 167EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *); 168int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *, EVP_PKEY *); 169NETSCAPE_SPKI *NETSCAPE_SPKI_new(void); 170void NETSCAPE_SPKI_free(NETSCAPE_SPKI *); 171 172/* ASN1 serialization */ 173int i2d_X509_bio(BIO *, X509 *); 174X509 *d2i_X509_bio(BIO *, X509 **); 175 176int i2d_X509_REQ_bio(BIO *, X509_REQ *); 177X509_REQ *d2i_X509_REQ_bio(BIO *, X509_REQ **); 178 179int i2d_PrivateKey_bio(BIO *, EVP_PKEY *); 180EVP_PKEY *d2i_PrivateKey_bio(BIO *, EVP_PKEY **); 181int i2d_PUBKEY_bio(BIO *, EVP_PKEY *); 182EVP_PKEY *d2i_PUBKEY_bio(BIO *, EVP_PKEY **); 183 184ASN1_INTEGER *X509_get_serialNumber(X509 *); 185int X509_set_serialNumber(X509 *, ASN1_INTEGER *); 186 187const char *X509_verify_cert_error_string(long); 188 189const char *X509_get_default_cert_area(void); 190const char *X509_get_default_cert_dir(void); 191const char *X509_get_default_cert_file(void); 192const char *X509_get_default_cert_dir_env(void); 193const char *X509_get_default_cert_file_env(void); 194const char *X509_get_default_private_dir(void); 195 196int i2d_RSA_PUBKEY(RSA *, unsigned char **); 197RSA *d2i_RSA_PUBKEY(RSA **, const unsigned char **, long); 198RSA *d2i_RSAPublicKey(RSA **, const unsigned char **, long); 199RSA *d2i_RSAPrivateKey(RSA **, const unsigned char **, long); 200int i2d_DSA_PUBKEY(DSA *, unsigned char **); 201DSA *d2i_DSA_PUBKEY(DSA **, const unsigned char **, long); 202DSA *d2i_DSAPublicKey(DSA **, const unsigned char **, long); 203DSA *d2i_DSAPrivateKey(DSA **, const unsigned char **, long); 204 205RSA *d2i_RSAPrivateKey_bio(BIO *, RSA **); 206int i2d_RSAPrivateKey_bio(BIO *, RSA *); 207RSA *d2i_RSAPublicKey_bio(BIO *, RSA **); 208int i2d_RSAPublicKey_bio(BIO *, RSA *); 209RSA *d2i_RSA_PUBKEY_bio(BIO *, RSA **); 210int i2d_RSA_PUBKEY_bio(BIO *, RSA *); 211DSA *d2i_DSA_PUBKEY_bio(BIO *, DSA **); 212int i2d_DSA_PUBKEY_bio(BIO *, DSA *); 213DSA *d2i_DSAPrivateKey_bio(BIO *, DSA **); 214int i2d_DSAPrivateKey_bio(BIO *, DSA *); 215 216PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *, 217 PKCS8_PRIV_KEY_INFO **); 218void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *); 219/* These became const X509 in 1.1.0 */ 220int X509_get_ext_count(X509 *); 221X509_EXTENSION *X509_get_ext(X509 *, int); 222int X509_get_ext_by_NID(X509 *, int, int); 223X509_NAME *X509_get_subject_name(X509 *); 224X509_NAME *X509_get_issuer_name(X509 *); 225 226/* This became const ASN1_OBJECT * in 1.1.0 */ 227X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **, 228 ASN1_OBJECT *, int, 229 ASN1_OCTET_STRING *); 230 231 232/* This became const X509_EXTENSION * in 1.1.0 */ 233int X509_EXTENSION_get_critical(X509_EXTENSION *); 234 235/* This became const X509_REVOKED * in 1.1.0 */ 236int X509_REVOKED_get_ext_count(X509_REVOKED *); 237X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *, int); 238 239/* This became const X509_CRL * in 1.1.0 */ 240X509_EXTENSION *X509_CRL_get_ext(X509_CRL *, int); 241int X509_CRL_get_ext_count(X509_CRL *); 242 243int X509_CRL_get0_by_serial(X509_CRL *, X509_REVOKED **, ASN1_INTEGER *); 244 245/* these CRYPTO_EX_DATA functions became macros in 1.1.0 */ 246int X509_get_ex_new_index(long, void *, CRYPTO_EX_new *, CRYPTO_EX_dup *, 247 CRYPTO_EX_free *); 248int X509_set_ex_data(X509 *, int, void *); 249void *X509_get_ex_data(X509 *, int); 250 251X509_REVOKED *Cryptography_X509_REVOKED_dup(X509_REVOKED *); 252 253int i2d_X509_CINF(X509_CINF *, unsigned char **); 254int i2d_X509_CRL_INFO(X509_CRL_INFO *, unsigned char **); 255int i2d_X509_REQ_INFO(X509_REQ_INFO *, unsigned char **); 256 257/* new in 1.0.2 */ 258int i2d_re_X509_tbs(X509 *, unsigned char **); 259int X509_get_signature_nid(const X509 *); 260 261const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *); 262 263void X509_get0_signature(const ASN1_BIT_STRING **, 264 const X509_ALGOR **, const X509 *); 265 266long X509_get_version(X509 *); 267 268ASN1_TIME *X509_get_notBefore(X509 *); 269ASN1_TIME *X509_get_notAfter(X509 *); 270 271long X509_REQ_get_version(X509_REQ *); 272X509_NAME *X509_REQ_get_subject_name(X509_REQ *); 273 274Cryptography_STACK_OF_X509 *sk_X509_new_null(void); 275void sk_X509_free(Cryptography_STACK_OF_X509 *); 276int sk_X509_num(Cryptography_STACK_OF_X509 *); 277int sk_X509_push(Cryptography_STACK_OF_X509 *, X509 *); 278X509 *sk_X509_value(Cryptography_STACK_OF_X509 *, int); 279 280X509_EXTENSIONS *sk_X509_EXTENSION_new_null(void); 281int sk_X509_EXTENSION_num(X509_EXTENSIONS *); 282X509_EXTENSION *sk_X509_EXTENSION_value(X509_EXTENSIONS *, int); 283int sk_X509_EXTENSION_push(X509_EXTENSIONS *, X509_EXTENSION *); 284int sk_X509_EXTENSION_insert(X509_EXTENSIONS *, X509_EXTENSION *, int); 285X509_EXTENSION *sk_X509_EXTENSION_delete(X509_EXTENSIONS *, int); 286void sk_X509_EXTENSION_free(X509_EXTENSIONS *); 287void sk_X509_EXTENSION_pop_free(X509_EXTENSIONS *, sk_X509_EXTENSION_freefunc); 288 289int sk_X509_REVOKED_num(Cryptography_STACK_OF_X509_REVOKED *); 290X509_REVOKED *sk_X509_REVOKED_value(Cryptography_STACK_OF_X509_REVOKED *, int); 291 292Cryptography_STACK_OF_X509_CRL *sk_X509_CRL_new_null(void); 293void sk_X509_CRL_free(Cryptography_STACK_OF_X509_CRL *); 294int sk_X509_CRL_num(Cryptography_STACK_OF_X509_CRL *); 295int sk_X509_CRL_push(Cryptography_STACK_OF_X509_CRL *, X509_CRL *); 296X509_CRL *sk_X509_CRL_value(Cryptography_STACK_OF_X509_CRL *, int); 297 298int i2d_RSAPublicKey(RSA *, unsigned char **); 299int i2d_RSAPrivateKey(RSA *, unsigned char **); 300int i2d_DSAPublicKey(DSA *, unsigned char **); 301int i2d_DSAPrivateKey(DSA *, unsigned char **); 302 303long X509_CRL_get_version(X509_CRL *); 304ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *); 305ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *); 306X509_NAME *X509_CRL_get_issuer(X509_CRL *); 307Cryptography_STACK_OF_X509_REVOKED *X509_CRL_get_REVOKED(X509_CRL *); 308 309/* These aren't macros these arguments are all const X on openssl > 1.0.x */ 310int X509_CRL_set_lastUpdate(X509_CRL *, ASN1_TIME *); 311int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *); 312int X509_set_notBefore(X509 *, ASN1_TIME *); 313int X509_set_notAfter(X509 *, ASN1_TIME *); 314 315int i2d_EC_PUBKEY(EC_KEY *, unsigned char **); 316EC_KEY *d2i_EC_PUBKEY(EC_KEY **, const unsigned char **, long); 317EC_KEY *d2i_EC_PUBKEY_bio(BIO *, EC_KEY **); 318int i2d_EC_PUBKEY_bio(BIO *, EC_KEY *); 319EC_KEY *d2i_ECPrivateKey(EC_KEY **, const unsigned char **, long); 320EC_KEY *d2i_ECPrivateKey_bio(BIO *, EC_KEY **); 321int i2d_ECPrivateKey(EC_KEY *, unsigned char **); 322int i2d_ECPrivateKey_bio(BIO *, EC_KEY *); 323 324EC_KEY *o2i_ECPublicKey(EC_KEY **, const unsigned char **, long); 325int i2o_ECPublicKey(EC_KEY *, unsigned char **); 326 327// declared in safestack 328int sk_ASN1_OBJECT_num(Cryptography_STACK_OF_ASN1_OBJECT *); 329ASN1_OBJECT *sk_ASN1_OBJECT_value(Cryptography_STACK_OF_ASN1_OBJECT *, int); 330void sk_ASN1_OBJECT_free(Cryptography_STACK_OF_ASN1_OBJECT *); 331Cryptography_STACK_OF_ASN1_OBJECT *sk_ASN1_OBJECT_new_null(void); 332int sk_ASN1_OBJECT_push(Cryptography_STACK_OF_ASN1_OBJECT *, ASN1_OBJECT *); 333 334/* these functions were added in 1.1.0 */ 335const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *); 336const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *); 337void X509_CRL_get0_signature(const X509_CRL *, const ASN1_BIT_STRING **, 338 const X509_ALGOR **); 339int i2d_re_X509_REQ_tbs(X509_REQ *, unsigned char **); 340int i2d_re_X509_CRL_tbs(X509_CRL *, unsigned char **); 341void X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, 342 const X509_ALGOR **); 343""" 344 345CUSTOMIZATIONS = """ 346/* Added in 1.0.2 beta but we need it in all versions now due to the great 347 opaquing. */ 348#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER 349/* from x509/x_x509.c version 1.0.2 */ 350void X509_get0_signature(const ASN1_BIT_STRING **psig, 351 const X509_ALGOR **palg, const X509 *x) 352{ 353 if (psig) 354 *psig = x->signature; 355 if (palg) 356 *palg = x->sig_alg; 357} 358 359int X509_get_signature_nid(const X509 *x) 360{ 361 return OBJ_obj2nid(x->sig_alg->algorithm); 362} 363 364#endif 365 366/* Added in 1.0.2 but we need it in all versions now due to the great 367 opaquing. */ 368#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 369/* from x509/x_x509.c */ 370int i2d_re_X509_tbs(X509 *x, unsigned char **pp) 371{ 372 /* in 1.0.2+ this function also sets x->cert_info->enc.modified = 1 373 but older OpenSSLs don't have the enc ASN1_ENCODING member in the 374 X509 struct. Setting modified to 1 marks the encoding 375 (x->cert_info->enc.enc) as invalid, but since the entire struct isn't 376 present we don't care. */ 377 return i2d_X509_CINF(x->cert_info, pp); 378} 379#endif 380 381/* X509_REVOKED_dup only exists on 1.0.2+. It is implemented using 382 IMPLEMENT_ASN1_DUP_FUNCTION. The below is the equivalent so we have 383 it available on all OpenSSLs. */ 384X509_REVOKED *Cryptography_X509_REVOKED_dup(X509_REVOKED *rev) { 385#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 386 return ASN1_item_dup(ASN1_ITEM_rptr(X509_REVOKED), rev); 387#else 388 return X509_REVOKED_dup(rev); 389#endif 390} 391 392/* Added in 1.1.0 but we need it in all versions now due to the great 393 opaquing. */ 394#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 395int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) 396{ 397 req->req_info->enc.modified = 1; 398 return i2d_X509_REQ_INFO(req->req_info, pp); 399} 400int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) { 401 crl->crl->enc.modified = 1; 402 return i2d_X509_CRL_INFO(crl->crl, pp); 403} 404 405#if !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER 406int X509_up_ref(X509 *x) { 407 return CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); 408} 409 410const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x) 411{ 412 return x->cert_info->signature; 413} 414 415/* from x509/x509_req.c */ 416void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, 417 const X509_ALGOR **palg) 418{ 419 if (psig != NULL) 420 *psig = req->signature; 421 if (palg != NULL) 422 *palg = req->sig_alg; 423} 424void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, 425 const X509_ALGOR **palg) 426{ 427 if (psig != NULL) 428 *psig = crl->signature; 429 if (palg != NULL) 430 *palg = crl->sig_alg; 431} 432const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x) 433{ 434 return x->revocationDate; 435} 436const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x) 437{ 438 return x->serialNumber; 439} 440#endif 441#endif 442""" 443