diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ca9c1c95..c11eb414 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,7 +7,7 @@ jobs: matrix: go-version: [1.23.x, 1.24.x] openssl-version: [1.1.0, 1.1.1, 3.0.1, 3.0.13, 3.1.5, 3.2.1, 3.3.0, 3.3.1] - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - name: Install build tools run: sudo apt-get install -y build-essential @@ -17,13 +17,16 @@ jobs: go-version: ${{ matrix.go-version }} - name: Checkout code uses: actions/checkout@v4 + - name: Verify go generate leaves no changes + run: | + go generate . + git diff --exit-code - name: Install OpenSSL run: sudo sh ./scripts/openssl.sh ${{ matrix.openssl-version }} - name: Check headers working-directory: ./cmd/checkheader run: | go run . --ossl-include /usr/local/src/openssl-${{ matrix.openssl-version }}/include -shim ../../shims.h - go run . --ossl-include /usr/local/src/openssl-${{ matrix.openssl-version }}/include -shim ../../const.go - name: Set OpenSSL config and prove FIPS run: | sudo cp ./scripts/openssl-3.cnf /usr/local/ssl/openssl.cnf diff --git a/.gitignore b/.gitignore index 79b5594d..b6c942fc 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ **/.DS_Store +.vscode/ diff --git a/aes.go b/aes.go index 18bb070a..3b3e247e 100644 --- a/aes.go +++ b/aes.go @@ -2,7 +2,6 @@ package openssl -// #include "goopenssl.h" import "C" import ( "crypto/cipher" diff --git a/cgo_go124.go b/cgo_go124.go index 1e72b90a..0e583cdb 100644 --- a/cgo_go124.go +++ b/cgo_go124.go @@ -14,29 +14,29 @@ package openssl // expected to meet the noescape/nocallback criteria. /* -#cgo noescape go_openssl_RAND_bytes -#cgo nocallback go_openssl_RAND_bytes -#cgo noescape go_openssl_EVP_EncryptUpdate -#cgo nocallback go_openssl_EVP_EncryptUpdate -#cgo noescape go_openssl_EVP_EncryptFinal_ex -#cgo nocallback go_openssl_EVP_EncryptFinal_ex -#cgo noescape go_openssl_EVP_DecryptFinal_ex -#cgo nocallback go_openssl_EVP_DecryptFinal_ex -#cgo noescape go_openssl_EVP_DecryptUpdate -#cgo nocallback go_openssl_EVP_DecryptUpdate -#cgo noescape go_openssl_EVP_CipherUpdate -#cgo nocallback go_openssl_EVP_CipherUpdate -#cgo noescape go_openssl_EVP_PKEY_derive -#cgo nocallback go_openssl_EVP_PKEY_derive -#cgo noescape go_openssl_EVP_PKEY_get_raw_public_key -#cgo nocallback go_openssl_EVP_PKEY_get_raw_public_key -#cgo noescape go_openssl_EVP_PKEY_get_raw_private_key -#cgo nocallback go_openssl_EVP_PKEY_get_raw_private_key -#cgo noescape go_openssl_EVP_DigestSign -#cgo nocallback go_openssl_EVP_DigestSign -#cgo noescape go_openssl_EVP_Digest -#cgo nocallback go_openssl_EVP_Digest -#cgo noescape go_openssl_EVP_DigestUpdate -#cgo nocallback go_openssl_EVP_DigestUpdate +#cgo noescape RAND_bytes +#cgo nocallback RAND_bytes +#cgo noescape EVP_EncryptUpdate +#cgo nocallback EVP_EncryptUpdate +#cgo noescape EVP_EncryptFinal_ex +#cgo nocallback EVP_EncryptFinal_ex +#cgo noescape EVP_DecryptFinal_ex +#cgo nocallback EVP_DecryptFinal_ex +#cgo noescape EVP_DecryptUpdate +#cgo nocallback EVP_DecryptUpdate +#cgo noescape EVP_CipherUpdate +#cgo nocallback EVP_CipherUpdate +#cgo noescape EVP_PKEY_derive +#cgo nocallback EVP_PKEY_derive +#cgo noescape EVP_PKEY_get_raw_public_key +#cgo nocallback EVP_PKEY_get_raw_public_key +#cgo noescape EVP_PKEY_get_raw_private_key +#cgo nocallback EVP_PKEY_get_raw_private_key +#cgo noescape EVP_DigestSign +#cgo nocallback EVP_DigestSign +#cgo noescape EVP_Digest +#cgo nocallback EVP_Digest +#cgo noescape EVP_DigestUpdate +#cgo nocallback EVP_DigestUpdate */ import "C" diff --git a/cipher.go b/cipher.go index d32428a4..4884090e 100644 --- a/cipher.go +++ b/cipher.go @@ -2,7 +2,6 @@ package openssl -// #include "goopenssl.h" import "C" import ( @@ -75,9 +74,9 @@ type cacheCipherKey struct { } // loadCipher returns a cipher object for the given k. -func loadCipher(k cipherKind, mode cipherMode) (cipher C.GO_EVP_CIPHER_PTR) { +func loadCipher(k cipherKind, mode cipherMode) (cipher _EVP_CIPHER_PTR) { if v, ok := cacheCipher.Load(cacheCipherKey{k, mode}); ok { - return v.(C.GO_EVP_CIPHER_PTR) + return v.(_EVP_CIPHER_PTR) } defer func() { if cipher != nil && vMajor == 3 { @@ -85,7 +84,7 @@ func loadCipher(k cipherKind, mode cipherMode) (cipher C.GO_EVP_CIPHER_PTR) { // not created by EVP_CIPHER has negative performance // implications, as cipher operations will have // to fetch it on every call. Better to just fetch it once here. - cipher = C.go_openssl_EVP_CIPHER_fetch(nil, C.go_openssl_EVP_CIPHER_get0_name(cipher), nil) + cipher = go_openssl_EVP_CIPHER_fetch(nil, go_openssl_EVP_CIPHER_get0_name(cipher), nil) } cacheCipher.Store(cacheCipherKey{k, mode}, cipher) }() @@ -93,52 +92,52 @@ func loadCipher(k cipherKind, mode cipherMode) (cipher C.GO_EVP_CIPHER_PTR) { case cipherAES128: switch mode { case cipherModeECB: - cipher = C.go_openssl_EVP_aes_128_ecb() + cipher = go_openssl_EVP_aes_128_ecb() case cipherModeCBC: - cipher = C.go_openssl_EVP_aes_128_cbc() + cipher = go_openssl_EVP_aes_128_cbc() case cipherModeCTR: - cipher = C.go_openssl_EVP_aes_128_ctr() + cipher = go_openssl_EVP_aes_128_ctr() case cipherModeGCM: - cipher = C.go_openssl_EVP_aes_128_gcm() + cipher = go_openssl_EVP_aes_128_gcm() } case cipherAES192: switch mode { case cipherModeECB: - cipher = C.go_openssl_EVP_aes_192_ecb() + cipher = go_openssl_EVP_aes_192_ecb() case cipherModeCBC: - cipher = C.go_openssl_EVP_aes_192_cbc() + cipher = go_openssl_EVP_aes_192_cbc() case cipherModeCTR: - cipher = C.go_openssl_EVP_aes_192_ctr() + cipher = go_openssl_EVP_aes_192_ctr() case cipherModeGCM: - cipher = C.go_openssl_EVP_aes_192_gcm() + cipher = go_openssl_EVP_aes_192_gcm() } case cipherAES256: switch mode { case cipherModeECB: - cipher = C.go_openssl_EVP_aes_256_ecb() + cipher = go_openssl_EVP_aes_256_ecb() case cipherModeCBC: - cipher = C.go_openssl_EVP_aes_256_cbc() + cipher = go_openssl_EVP_aes_256_cbc() case cipherModeCTR: - cipher = C.go_openssl_EVP_aes_256_ctr() + cipher = go_openssl_EVP_aes_256_ctr() case cipherModeGCM: - cipher = C.go_openssl_EVP_aes_256_gcm() + cipher = go_openssl_EVP_aes_256_gcm() } case cipherDES: switch mode { case cipherModeECB: - cipher = C.go_openssl_EVP_des_ecb() + cipher = go_openssl_EVP_des_ecb() case cipherModeCBC: - cipher = C.go_openssl_EVP_des_cbc() + cipher = go_openssl_EVP_des_cbc() } case cipherDES3: switch mode { case cipherModeECB: - cipher = C.go_openssl_EVP_des_ede3_ecb() + cipher = go_openssl_EVP_des_ede3_ecb() case cipherModeCBC: - cipher = C.go_openssl_EVP_des_ede3_cbc() + cipher = go_openssl_EVP_des_ede3_cbc() } case cipherRC4: - cipher = C.go_openssl_EVP_rc4() + cipher = go_openssl_EVP_rc4() } return cipher } @@ -156,7 +155,7 @@ func newEVPCipher(key []byte, kind cipherKind) (*evpCipher, error) { } c := &evpCipher{key: make([]byte, len(key)), kind: kind} copy(c.key, key) - c.blockSize = int(C.go_openssl_EVP_CIPHER_get_block_size(cipher)) + c.blockSize = int(go_openssl_EVP_CIPHER_get_block_size(cipher)) return c, nil } @@ -176,10 +175,10 @@ func (c *evpCipher) encrypt(dst, src []byte) error { if err != nil { return err } - defer C.go_openssl_EVP_CIPHER_CTX_free(enc_ctx) + defer go_openssl_EVP_CIPHER_CTX_free(enc_ctx) - var outl C.int - if C.go_openssl_EVP_EncryptUpdate(enc_ctx, base(dst), &outl, base(src), C.int(c.blockSize)) != 1 { + var outl int32 + if go_openssl_EVP_EncryptUpdate(enc_ctx, base(dst), &outl, base(src), int32(c.blockSize)) != 1 { return errors.New("EncryptUpdate failed") } runtime.KeepAlive(c) @@ -202,25 +201,25 @@ func (c *evpCipher) decrypt(dst, src []byte) error { if err != nil { return err } - defer C.go_openssl_EVP_CIPHER_CTX_free(dec_ctx) + defer go_openssl_EVP_CIPHER_CTX_free(dec_ctx) - if C.go_openssl_EVP_CIPHER_CTX_set_padding(dec_ctx, 0) != 1 { + if go_openssl_EVP_CIPHER_CTX_set_padding(dec_ctx, 0) != 1 { return errors.New("could not disable cipher padding") } - var outl C.int - C.go_openssl_EVP_DecryptUpdate(dec_ctx, base(dst), &outl, base(src), C.int(c.blockSize)) + var outl int32 + go_openssl_EVP_DecryptUpdate(dec_ctx, base(dst), &outl, base(src), int32(c.blockSize)) runtime.KeepAlive(c) return nil } type cipherCBC struct { - ctx C.GO_EVP_CIPHER_CTX_PTR + ctx _EVP_CIPHER_CTX_PTR blockSize int } func (c *cipherCBC) finalize() { - C.go_openssl_EVP_CIPHER_CTX_free(c.ctx) + go_openssl_EVP_CIPHER_CTX_free(c.ctx) } func (x *cipherCBC) BlockSize() int { return x.blockSize } @@ -236,8 +235,8 @@ func (x *cipherCBC) CryptBlocks(dst, src []byte) { panic("crypto/cipher: output smaller than input") } if len(src) > 0 { - var outl C.int - if C.go_openssl_EVP_CipherUpdate(x.ctx, base(dst), &outl, base(src), C.int(len(src))) != 1 { + var outl int32 + if go_openssl_EVP_CipherUpdate(x.ctx, base(dst), &outl, base(src), int32(len(src))) != 1 { panic("crypto/cipher: CipherUpdate failed") } runtime.KeepAlive(x) @@ -248,7 +247,7 @@ func (x *cipherCBC) SetIV(iv []byte) { if len(iv) != x.blockSize { panic("cipher: incorrect length IV") } - if C.go_openssl_EVP_CipherInit_ex(x.ctx, nil, nil, nil, base(iv), C.int(cipherOpNone)) != 1 { + if go_openssl_EVP_CipherInit_ex(x.ctx, nil, nil, nil, base(iv), int32(cipherOpNone)) != 1 { panic("cipher: unable to initialize EVP cipher ctx") } } @@ -260,14 +259,14 @@ func (c *evpCipher) newCBC(iv []byte, op cipherOp) cipher.BlockMode { } x := &cipherCBC{ctx: ctx, blockSize: c.blockSize} runtime.SetFinalizer(x, (*cipherCBC).finalize) - if C.go_openssl_EVP_CIPHER_CTX_set_padding(x.ctx, 0) != 1 { + if go_openssl_EVP_CIPHER_CTX_set_padding(x.ctx, 0) != 1 { panic("cipher: unable to set padding") } return x } type cipherCTR struct { - ctx C.GO_EVP_CIPHER_CTX_PTR + ctx _EVP_CIPHER_CTX_PTR } func (x *cipherCTR) XORKeyStream(dst, src []byte) { @@ -280,8 +279,8 @@ func (x *cipherCTR) XORKeyStream(dst, src []byte) { if len(src) == 0 { return } - var outl C.int - if C.go_openssl_EVP_EncryptUpdate(x.ctx, base(dst), &outl, base(src), C.int(len(src))) != 1 { + var outl int32 + if go_openssl_EVP_EncryptUpdate(x.ctx, base(dst), &outl, base(src), int32(len(src))) != 1 { panic("crypto/cipher: EncryptUpdate failed") } runtime.KeepAlive(x) @@ -298,7 +297,7 @@ func (c *evpCipher) newCTR(iv []byte) cipher.Stream { } func (c *cipherCTR) finalize() { - C.go_openssl_EVP_CIPHER_CTX_free(c.ctx) + go_openssl_EVP_CIPHER_CTX_free(c.ctx) } type cipherGCMTLS uint8 @@ -448,29 +447,29 @@ func (g *cipherGCM) Seal(dst, nonce, plaintext, aad []byte) []byte { if err != nil { panic(err) } - defer C.go_openssl_EVP_CIPHER_CTX_free(ctx) + defer go_openssl_EVP_CIPHER_CTX_free(ctx) // Encrypt additional data. // When sealing a TLS payload, OpenSSL app sets the additional data using - // 'EVP_CIPHER_CTX_ctrl(g.ctx, C.EVP_CTRL_AEAD_TLS1_AAD, C.EVP_AEAD_TLS1_AAD_LEN, base(additionalData))'. + // '_EVP_CIPHER_CTX_ctrl(g.ctx, _EVP_CTRL_AEAD_TLS1_AAD, _EVP_AEAD_TLS1_AAD_LEN, base(additionalData))'. // This makes the explicit nonce component to monotonically increase on every Seal operation without // relying in the explicit nonce being securely set externally, // and it also gives some interesting speed gains. // Unfortunately we can't use it because Go expects AEAD.Seal to honor the provided nonce. - if C.go_openssl_EVP_EncryptInit_ex(ctx, nil, nil, nil, base(nonce)) != 1 { + if go_openssl_EVP_EncryptInit_ex(ctx, nil, nil, nil, base(nonce)) != 1 { panic(newOpenSSLError("EVP_EncryptInit_ex")) } - var outl, discard C.int - if C.go_openssl_EVP_EncryptUpdate(ctx, nil, &discard, baseNeverEmpty(aad), C.int(len(aad))) != 1 || - C.go_openssl_EVP_EncryptUpdate(ctx, base(out), &outl, baseNeverEmpty(plaintext), C.int(len(plaintext))) != 1 { + var outl, discard int32 + if go_openssl_EVP_EncryptUpdate(ctx, nil, &discard, baseNeverEmpty(aad), int32(len(aad))) != 1 || + go_openssl_EVP_EncryptUpdate(ctx, base(out), &outl, baseNeverEmpty(plaintext), int32(len(plaintext))) != 1 { panic(newOpenSSLError("EVP_EncryptUpdate")) } if len(plaintext) != int(outl) { panic("cipher: incorrect length returned from GCM EncryptUpdate") } - if C.go_openssl_EVP_EncryptFinal_ex(ctx, base(out[outl:]), &discard) != 1 { + if go_openssl_EVP_EncryptFinal_ex(ctx, base(out[outl:]), &discard) != 1 { panic(newOpenSSLError("EVP_EncryptFinal_ex")) } - if C.go_openssl_EVP_CIPHER_CTX_ctrl(ctx, _EVP_CTRL_GCM_GET_TAG, 16, unsafe.Pointer(base(out[outl:]))) != 1 { + if go_openssl_EVP_CIPHER_CTX_ctrl(ctx, _EVP_CTRL_GCM_GET_TAG, 16, unsafe.Pointer(base(out[outl:]))) != 1 { panic(newOpenSSLError("EVP_CIPHER_CTX_ctrl")) } runtime.KeepAlive(g) @@ -506,7 +505,7 @@ func (g *cipherGCM) Open(dst, nonce, ciphertext, aad []byte) (_ []byte, err erro if err != nil { return nil, err } - defer C.go_openssl_EVP_CIPHER_CTX_free(ctx) + defer go_openssl_EVP_CIPHER_CTX_free(ctx) defer func() { if err != nil { @@ -516,21 +515,21 @@ func (g *cipherGCM) Open(dst, nonce, ciphertext, aad []byte) (_ []byte, err erro } } }() - if C.go_openssl_EVP_DecryptInit_ex(ctx, nil, nil, nil, base(nonce)) != 1 { + if go_openssl_EVP_DecryptInit_ex(ctx, nil, nil, nil, base(nonce)) != 1 { return nil, errOpen } - if C.go_openssl_EVP_CIPHER_CTX_ctrl(ctx, _EVP_CTRL_GCM_SET_TAG, 16, unsafe.Pointer(base(tag))) != 1 { + if go_openssl_EVP_CIPHER_CTX_ctrl(ctx, _EVP_CTRL_GCM_SET_TAG, 16, unsafe.Pointer(base(tag))) != 1 { return nil, errOpen } - var outl, discard C.int - if C.go_openssl_EVP_DecryptUpdate(ctx, nil, &discard, baseNeverEmpty(aad), C.int(len(aad))) != 1 || - C.go_openssl_EVP_DecryptUpdate(ctx, base(out), &outl, baseNeverEmpty(ciphertext), C.int(len(ciphertext))) != 1 { + var outl, discard int32 + if go_openssl_EVP_DecryptUpdate(ctx, nil, &discard, baseNeverEmpty(aad), int32(len(aad))) != 1 || + go_openssl_EVP_DecryptUpdate(ctx, base(out), &outl, baseNeverEmpty(ciphertext), int32(len(ciphertext))) != 1 { return nil, errOpen } if len(ciphertext) != int(outl) { return nil, errOpen } - if C.go_openssl_EVP_DecryptFinal_ex(ctx, base(out[outl:]), &discard) != 1 { + if go_openssl_EVP_DecryptFinal_ex(ctx, base(out[outl:]), &discard) != 1 { return nil, errOpen } runtime.KeepAlive(g) @@ -549,34 +548,34 @@ func sliceForAppend(in []byte, n int) (head, tail []byte) { return } -func newCipherCtx(kind cipherKind, mode cipherMode, encrypt cipherOp, key, iv []byte) (_ C.GO_EVP_CIPHER_CTX_PTR, err error) { +func newCipherCtx(kind cipherKind, mode cipherMode, encrypt cipherOp, key, iv []byte) (_ _EVP_CIPHER_CTX_PTR, err error) { cipher := loadCipher(kind, mode) if cipher == nil { panic("crypto/cipher: unsupported cipher: " + kind.String()) } - ctx := C.go_openssl_EVP_CIPHER_CTX_new() + ctx := go_openssl_EVP_CIPHER_CTX_new() if ctx == nil { return nil, fail("unable to create EVP cipher ctx") } defer func() { if err != nil { - C.go_openssl_EVP_CIPHER_CTX_free(ctx) + go_openssl_EVP_CIPHER_CTX_free(ctx) } }() if kind == cipherRC4 { // RC4 cipher supports a variable key length. // We need to set the key length before setting the key, // and to do so we need to have an initialized cipher ctx. - if C.go_openssl_EVP_CipherInit_ex(ctx, cipher, nil, nil, nil, C.int(encrypt)) != 1 { + if go_openssl_EVP_CipherInit_ex(ctx, cipher, nil, nil, nil, int32(encrypt)) != 1 { return nil, newOpenSSLError("EVP_CipherInit_ex") } - if C.go_openssl_EVP_CIPHER_CTX_set_key_length(ctx, C.int(len(key))) != 1 { + if go_openssl_EVP_CIPHER_CTX_set_key_length(ctx, int32(len(key))) != 1 { return nil, newOpenSSLError("EVP_CIPHER_CTX_set_key_length") } // Pass nil to the next call to EVP_CipherInit_ex to avoid resetting ctx's cipher. cipher = nil } - if C.go_openssl_EVP_CipherInit_ex(ctx, cipher, nil, base(key), base(iv), C.int(encrypt)) != 1 { + if go_openssl_EVP_CipherInit_ex(ctx, cipher, nil, base(key), base(iv), int32(encrypt)) != 1 { return nil, newOpenSSLError("unable to initialize EVP cipher ctx") } return ctx, nil diff --git a/cmd/checkheader/main.go b/cmd/checkheader/main.go index 25f6b1b2..d0b52609 100644 --- a/cmd/checkheader/main.go +++ b/cmd/checkheader/main.go @@ -1,14 +1,14 @@ package main import ( - "bufio" "flag" "fmt" - "io" "log" "os" "os/exec" "strings" + + "github.com/golang-fips/openssl/v2/internal/mkcgo" ) // checkheader is a static analyzer that detects incompatibilities between wrapper definitions and OpenSSL headers. @@ -20,12 +20,11 @@ import ( // - Lines are added in order of appearance. // - Blank lines are discarded. // - Comments are discarded unless they contain a C directive, i.e #include, #if or #endif. The directive in the comment is included in the output. -// - Typedefs following the pattern "typedef void* GO_%name%_PTR" are translated into "#define %name% GO_%name%_PTR". +// - Typedefs following the pattern "typedef void* _%name%_PTR" are translated into "#define %name% _%name%_PTR". // - Go constants are validated against their definition in the OpenSSL headers. Example: // "const { _EVP_CTRL_GCM_SET_TAG = 0x11 }" => "_Static_assert(EVP_CTRL_GCM_SET_TAG == 0x11);" // - Function macros are validated against their definition in the OpenSSL headers. Example: -// "DEFINEFUNC(int, RAND_bytes, (unsigned char *a0, int a1), (a0, a1))" => "int(*__check_0)(unsigned char *, int) = RAND_bytes;" -// - Function macros are excluded when checking old OpenSSL versions if they are prepended with '/*check:from=%version%*/', %version% being a version string such as '1.1.1' or '3.0.0'. +// "int RAND_bytes(unsigned char *a0, int a1)" => "int(*__check_0)(unsigned char *, int) = RAND_bytes;" const description = ` Example: A check operation: @@ -93,7 +92,7 @@ func gccRun(program string) error { "-Werror", // promote all warnings to errors "-DOPENSSL_NO_DEPRECATED", // hide deprecated functions "-isystem", *osslInclude, // OpenSSL include from --ossl-include must be preferred over system includes - "-o", "/dev/null", // discard output + "-o", os.DevNull, // discard output name) p.Stdout = os.Stdout p.Stderr = os.Stderr @@ -101,204 +100,91 @@ func gccRun(program string) error { } func generate(header string) (string, error) { - f, err := os.Open(header) + src, err := mkcgo.Parse(header) if err != nil { return "", err } - defer f.Close() - var b strings.Builder - sc := bufio.NewScanner(f) - var i int - var enum bool - for sc.Scan() { - l := strings.TrimSpace(sc.Text()) - if enum { - if !strings.HasPrefix(l, ")") { - tryConvertGoConst(&b, l) - } else { - enum = false - } - continue - } - if strings.HasPrefix(l, "const (") && !strings.HasSuffix(l, "//checkheader:ignore") { - enum = true - continue - } - if tryConvertDirective(&b, l) { - continue - } - if tryConvertTypedef(&b, l) { - continue - } - if tryConvertDefineFunc(&b, l, i) { - i++ - } - } - if err := sc.Err(); err != nil { - return "", err - } - return b.String(), nil -} + w := &strings.Builder{} -func tryConvertDirective(w io.Writer, l string) bool { - if strings.HasPrefix(l, "// #") { - fmt.Fprintln(w, l[len("// "):]) - return true + for _, c := range src.Comments { + if strings.HasPrefix(c, "#") { + fmt.Fprintln(w, c) + } } - return false -} -// tryConvertTypedef converts a typedef contained in the line l -// into a #define pointing to the corresponding OpenSSL type. -// Only void* typedefs starting with GO_ are converted. -// If l does not contain a typedef it does nothing and returns false. -func tryConvertTypedef(w io.Writer, l string) bool { - if !strings.HasPrefix(l, "typedef void* GO_") { - return false - } - // Replace custom opaque pointer typedef with the proper OpenSSL type - // so gcc does not complain about pointer mismatch. - i1 := strings.Index(l, "GO_") - i2 := strings.Index(l, "_PTR") - if i2 < 0 { - log.Println("unexpected line in typedef: " + l) - return false + for _, enum := range src.Enums { + if enum.Name == "_EVP_PKEY_OP_DERIVE" { + // This is defined differently in OpenSSL 3, + // but in our code it is only used in OpenSSL 1. + continue + } + name := strings.TrimPrefix(enum.Name, "_") + fmt.Fprintf(w, "#ifdef %s\n", name) + fmt.Fprintf(w, "_Static_assert(%s == %s, \"%s\");\n", enum.Value, name, enum.Name) + fmt.Fprintln(w, "#endif") } - name := l[i1+len("GO_") : i2] - fmt.Fprintf(w, "#define GO_%s_PTR %s*\n", name, name) - return true -} -// tryConvertGoConst adds a static check which verifies that -// the const contained in the line l -// matches the corresponding OpenSSL value. -// Only const names starting with _ are converted. -func tryConvertGoConst(w io.Writer, l string) { - if !strings.HasPrefix(l, "_") || strings.HasSuffix(l, "//checkheader:ignore") { - return + for _, def := range src.TypeDefs { + name := strings.TrimPrefix(def.Name, "_") + name = strings.Replace(name, "_PTR", "*", 1) + fmt.Fprintf(w, "#define %s %s\n", def.Name, name) } - split := strings.Split(l, " ") - if len(split) < 2 { - log.Printf("unexpected enum definition in function line: %s\n", l) - return - } - name := split[0][len("_"):] - fmt.Fprintf(w, "#ifdef %s\n", name) - fmt.Fprintf(w, "_Static_assert(%s == %s, \"%s\");\n", name, split[len(split)-1], name) - fmt.Fprintln(w, "#endif") -} - -// tryConvertDefineFunc adds a static check which verifies that -// the function definition macro contained in the line l -// matches the corresponding OpenSSL function signature. -// If l does not contain a function definition macro -// it does nothing and returns false. -// i is used to create a unique name: if tryConvertDefineFunc returns true, -// the same value of i must not be passed again in a future call. -// The value of i should be generated by a counter. -func tryConvertDefineFunc(w io.Writer, l string, i int) bool { - var versionCond string - if strings.HasPrefix(l, "/*check:from=") { - i1 := strings.Index(l, "=") - i2 := strings.Index(l, "*/") - if i1 < 0 || i2 < 0 { - log.Fatalln("unexpected 'check:from' condition: " + l) + var i int + writeDefineFunc := func(tagCond string, importName string, params []*mkcgo.Param, ret *mkcgo.Return) { + var specialCond string + switch importName { + // EVP_PKEY_size and EVP_PKEY_bits pkey parameter is const since OpenSSL 1.1.1. + case "EVP_PKEY_size", "EVP_PKEY_bits": + specialCond = "OPENSSL_VERSION_NUMBER >= 0x10101000L" } - from := l[i1+1 : i2] - switch from { - case "1.1.0": - versionCond = "OPENSSL_VERSION_NUMBER >= 0x10100000L" - case "1.1.1": - versionCond = "OPENSSL_VERSION_NUMBER >= 0x10101000L" - case "3.0.0": - versionCond = "OPENSSL_VERSION_NUMBER >= 0x30000000L" - default: - log.Println("unexpected 'check:from' version" + l) - return false + if specialCond != "" { + fmt.Fprintf(w, "#if %s\n", specialCond) } - if l[i2+2] != ' ' { - log.Fatalln("missing space between 'check:from' condition and function macro: " + l) + if tagCond != "" { + fmt.Fprintf(w, "#if %s\n", tagCond) } - l = l[i2+3:] - } - if !strings.HasPrefix(l, "DEFINEFUNC") { - return false - } - if strings.HasPrefix(l, "DEFINEFUNC_VARIADIC") { - // Variadic functions are not supported. There is not enough - // information in the macro to create use it in writeDefineFunc. - return false - } - i1 := strings.IndexByte(l, '(') - // The first ")," match is always the end of the argument list parameter. - // We are not interested in the last parameter and parsing them would complicate the algorithm. - // Matching against ')' is not enough as it also appears when the argument list parameter contains function pointers. - i2 := strings.Index(l, "),") - if i1 < 0 || i2 < 0 { - log.Println("unexpected argument list in function line: " + l) - return false - } - subs := l[i1+1 : i2+1] - writeCheck := func(ret, name, args string) { - fmt.Fprintf(w, "%s(*__check_%d)%s = %s;\n", ret, i, args, name) - } - writeDefineFunc := func(cond string) { - args := strings.SplitN(subs, ",", 3) - if len(args) < 3 { - log.Printf("wrong number of function macro arguments in line: %s\n", l) - return + sparams := make([]string, 0, len(params)) + for _, p := range params { + sparams = append(sparams, p.Type) } - fnret, fnname, fnargs := args[0], args[1], args[2] - if cond != "" { - fmt.Fprintf(w, "#if %s\n", cond) - } - if fnret == "" || fnname == "" || fnargs == "" { - log.Printf("empty function macro arguments in line: %s\n", l) - return + fmt.Fprintf(w, "%s (*__check_%d)(%s) = %s;\n", ret.Type, i, strings.Join(sparams, ", "), importName) + if tagCond != "" { + fmt.Fprintln(w, "#endif") } - writeCheck(fnret, fnname, fnargs) - if cond != "" { + if specialCond != "" { fmt.Fprintln(w, "#endif") } + i++ } - writeDefineFuncRename := func(cond string) { - args := strings.SplitN(subs, ",", 4) - if len(args) < 4 { - log.Printf("wrong number of function macro arguments in line: %s\n", l) - return + + for _, fn := range src.Funcs { + if fn.VariadicInst { + // Variadic instantiations are not real OpenSSL functions, + // skip them. + continue } - fnret, fnname, fnoldname, fnargs := args[0], args[1], args[2], args[3] - if fnret == "" || fnname == "" || fnoldname == "" || fnargs == "" { - log.Printf("empty function macro arguments in line: %s\n", l) - return + if len(fn.Tags) == 0 { + writeDefineFunc("", fn.ImportName, fn.Params, fn.Ret) + continue + } + for _, tag := range fn.Tags { + var tagCond string + switch tag.Tag { + case "legacy_1": + tagCond = "OPENSSL_VERSION_NUMBER < 0x30000000L" + case "111": + tagCond = "OPENSSL_VERSION_NUMBER >= 0x10101000L" + case "3": + tagCond = "OPENSSL_VERSION_NUMBER >= 0x30000000L" + default: + panic("unexpected tag: " + tag.Tag) + } + importName := fn.ImportName + if tag.Name != "" { + importName = tag.Name + } + writeDefineFunc(tagCond, importName, fn.Params, fn.Ret) } - fmt.Fprintf(w, "#if %s\n", cond) - writeCheck(fnret, fnoldname, fnargs) - fmt.Fprintln(w, "#else") - writeCheck(fnret, fnname, fnargs) - fmt.Fprintln(w, "#endif") - } - if versionCond != "" { - fmt.Fprintf(w, "#if %s\n", versionCond) - } - switch l[:i1] { - case "DEFINEFUNC": - writeDefineFunc("") - case "DEFINEFUNC_LEGACY_1_1": - writeDefineFunc("(OPENSSL_VERSION_NUMBER >= 0x10100000L) && (OPENSSL_VERSION_NUMBER < 0x30000000L)") - case "DEFINEFUNC_LEGACY_1": - writeDefineFunc("OPENSSL_VERSION_NUMBER < 0x30000000L") - case "DEFINEFUNC_1_1_1": - writeDefineFunc("OPENSSL_VERSION_NUMBER >= 0x10101000L") - case "DEFINEFUNC_3_0": - writeDefineFunc("OPENSSL_VERSION_NUMBER >= 0x30000000L") - case "DEFINEFUNC_RENAMED_3_0": - writeDefineFuncRename("OPENSSL_VERSION_NUMBER < 0x30000000L") - default: - log.Printf("unexpected function macro in line: %s\n", l) - } - if versionCond != "" { - fmt.Fprintln(w, "#endif") } - return true + return w.String(), nil } diff --git a/cmd/mkcgo/generate.go b/cmd/mkcgo/generate.go new file mode 100644 index 00000000..6b7a7e4f --- /dev/null +++ b/cmd/mkcgo/generate.go @@ -0,0 +1,377 @@ +package main + +import ( + "fmt" + "io" + "slices" + "strconv" + "strings" + + "github.com/golang-fips/openssl/v2/internal/mkcgo" +) + +// generateGo output Go source file from src. +func generateGo(src *mkcgo.Source, w io.Writer) { + // Output header notice and package declaration. + fmt.Fprintf(w, "// Code generated by mkcgo. DO NOT EDIT.\n\n") + fmt.Fprintf(w, "package %s\n\n", *packageName) + + // This block outputs C header includes and forward declarations for loader functions. + fmt.Fprintf(w, "/*\n") + fmt.Fprintf(w, "#cgo CFLAGS: -Wno-attributes\n") + if *includeHeader != "" { + fmt.Fprintf(w, "#include \"%s\"\n", *includeHeader) + } + for _, file := range src.Files { + fmt.Fprintf(w, "#include %q\n", file) + } + for _, tag := range src.Tags() { + fmt.Fprintf(w, "void __mkcgoLoad_%s(void* handle);\n", tag) + } + fmt.Fprintf(w, "*/\n") + fmt.Fprintf(w, "import \"C\"\n") + fmt.Fprintf(w, "import \"unsafe\"\n\n") + + // Generate Go enum values for C enums. + generateGoEnums(src.Enums, w) + + // Generate type aliases for all + generateGoAliases(src.Funcs, w) + + // Generate Go wrapper functions that load the C symbols. + for _, tag := range src.Tags() { + fmt.Fprintf(w, "func mkcgoLoad_%s(handle unsafe.Pointer) {\n", tag) + fmt.Fprintf(w, "\tC.__mkcgoLoad_%s(handle)\n", tag) + fmt.Fprintf(w, "}\n\n") + } + + // Generate function wrappers. + for _, fn := range src.Funcs { + if fn.Variadic() { + // cgo doesn't support variadic functions + continue + } + generateGoFn(fn, w) + } +} + +// generateGoEnums generates Go enum values for C enums. +func generateGoEnums(enums []*mkcgo.Enum, w io.Writer) { + if len(enums) == 0 { + return + } + fmt.Fprintf(w, "const (\n") + for _, enum := range enums { + fmt.Fprintf(w, "\t%s = %s\n", enum.Name, enum.Value) + } + fmt.Fprintf(w, ")\n\n") +} + +// generateGoAliases generates Go type aliases for C types. +func generateGoAliases(funcs []*mkcgo.Func, w io.Writer) { + // Traverse all functions and collect the unique C types. + ctypes := make(map[string]struct{}) + for _, fn := range funcs { + handleType := func(typ string) { + if typ == "" { + return + } + typ = strings.TrimPrefix(typ, "const ") + typ = strings.TrimRight(typ, "*") + if _, ok := ctypes[typ]; ok { + return + } + ctypes[typ] = struct{}{} + } + for _, p := range fn.Params { + if p.Variadic() { + continue + } + handleType(p.Type) + } + handleType(fn.Ret.Type) + } + types := make([]string, 0, len(ctypes)) + for typ := range ctypes { + types = append(types, typ) + } + slices.Sort(types) + for _, typ := range types { + if isStdType(typ) { + // Skip standard types. + continue + } + fmt.Fprintf(w, "type %s = C.%s\n", typ, typ) + } +} + +// generateC creates the C source file content. +func generateC(src *mkcgo.Source, w io.Writer) { + // Header and includes. + fmt.Fprintf(w, "// Code generated by mkcgo. DO NOT EDIT.\n\n") + if *includeHeader != "" { + fmt.Fprintf(w, "#include \"%s\"\n", *includeHeader) + } + for _, file := range src.Files { + fmt.Fprintf(w, "#include %q\n", file) + } + fmt.Fprintf(w, "#include \n") + fmt.Fprintf(w, "#include \n") + fmt.Fprintf(w, "#include \n") + fmt.Fprintf(w, "#include \n") + fmt.Fprintf(w, "\n") + + // Platform-specific includes. + fmt.Fprintf(w, "#ifdef _WIN32\n") + fmt.Fprintf(w, "#include \n") + fmt.Fprintf(w, "#define dlsym GetProcAddress\n") + fmt.Fprintf(w, "#else\n") + fmt.Fprintf(w, "#include \n") + fmt.Fprintf(w, "#endif\n\n") + + // Function pointer declarations. + fmt.Fprintf(w, "#define __mkcgo__funcptr(name) typeof(name) *_g_##name;\n\n") + for _, fn := range src.Funcs { + if fn.VariadicInst { + continue + } + fmt.Fprintf(w, "__mkcgo__funcptr(%s);\n", fn.ImportName) + } + fmt.Fprintf(w, "\n") + + fmt.Fprintf(w, "#define __mkcgo__dlsym(name) __mkcgo__dlsym2(name, name)\n\n") + + fmt.Fprintf(w, "#define __mkcgo__dlsym2(varname, funcname) \\\n") + fmt.Fprintf(w, "\t_g_##varname = (typeof(_g_##varname))dlsym(handle, #funcname); \\\n") + fmt.Fprintf(w, "\tif (_g_##varname == NULL) { \\\n") + fmt.Fprintf(w, "\t\tfprintf(stderr, \"Cannot get required symbol \" #funcname \"\\n\"); \\\n") + fmt.Fprintf(w, "\t\tabort(); \\\n") + fmt.Fprintf(w, "\t}\n\n") + + // Loader functions for each tag. + for _, tag := range src.Tags() { + fmt.Fprintf(w, "void __mkcgoLoad_%s(void* handle) {\n", tag) + for _, fn := range src.Funcs { + if fn.VariadicInst { + continue + } + if len(fn.Tags) == 0 && tag == "" { + // Default tag. + fmt.Fprintf(w, "\t__mkcgo__dlsym(%s)\n", fn.ImportName) + } else { + for _, tagAttr := range fn.Tags { + if tagAttr.Tag == tag { + if tagAttr.Name != "" { + fmt.Fprintf(w, "\t__mkcgo__dlsym2(%s, %s)\n", fn.ImportName, tagAttr.Name) + } else { + fmt.Fprintf(w, "\t__mkcgo__dlsym(%s)\n", fn.ImportName) + } + break + } + } + } + } + fmt.Fprintf(w, "}\n\n") + } + + // Generate C function wrappers. + for _, fn := range src.Funcs { + if fn.Variadic() { + // cgo doesn't support variadic functions + continue + } + generateCFn(fn, w) + } +} + +// generateGoFn generates Go function f. +func generateGoFn(fn *mkcgo.Func, w io.Writer) { + fmt.Fprintf(w, "func %s(%s)", fn.GoName, fnToGoParams(fn)) + if !retIsVoid(fn.Ret) { + fmt.Fprintf(w, " %s ", cTypeToGo(fn.Ret.Type, false)) + } + fmt.Fprintf(w, "{\n") + fmt.Fprintf(w, "\t") + var closePar int + if !retIsVoid(fn.Ret) { + fmt.Fprintf(w, "return ") + goType := cTypeToGo(fn.Ret.Type, false) + if goType != "" && goType != fn.Ret.Type { + closePar++ + if goType[0] == '*' { + goType = fmt.Sprintf("(%s)(unsafe.Pointer", goType) + closePar++ + } + fmt.Fprintf(w, "%s(", goType) + } + } + fmt.Fprintf(w, "C.%s(%s)", fn.CName, fnToGoArgs(fn)) + if closePar > 0 { + fmt.Fprint(w, strings.Repeat(")", closePar)) + } + fmt.Fprintf(w, "\n") + fmt.Fprintf(w, "}\n\n") +} + +func generateCFn(fn *mkcgo.Func, w io.Writer) { + fmt.Fprintf(w, "%s %s(%s) {\n\t", fn.Ret.Type, fn.CName, fnToCArgs(fn, true)) + if !retIsVoid(fn.Ret) { + fmt.Fprintf(w, "return ") + } + fmt.Fprintf(w, "_g_%s(%s);\n", fn.ImportName, fnToCArgs(fn, false)) + fmt.Fprintf(w, "}\n\n") +} + +// paramToGo converts C parameter p to Go parameter. +func paramToGo(p *mkcgo.Param) string { + goType := cTypeToGo(p.Type, true) + switch { + case goType == "unsafe.Pointer" || goType == "": + return p.Name + case goType[0] == '*': + return fmt.Sprintf("(%s)(unsafe.Pointer(%s))", goType, p.Name) + } + return fmt.Sprintf("%s(%s)", goType, p.Name) +} + +// isStdType reports whether t is a standard C type. +func isStdType(t string) bool { + _, found := cstdTypesToGo[t] + return found +} + +// cstdTypesToGo maps C standard types to Go types. +var cstdTypesToGo = map[string]string{ + "int8_t": "int8", + "uint8_t": "uint8", + "int16_t": "int16", + "uint16_t": "uint16", + "int32_t": "int32", + "uint32_t": "uint32", + "int64_t": "int64", + "uint64_t": "uint64", + "int": "int32", + "unsigned int": "uint32", + "long": "int32", + "unsigned long": "uint32", + "long long": "int64", + "unsigned long long": "uint64", + "size_t": "int", + "uintptr_t": "uintptr", + "char": "byte", + "unsigned char": "byte", + "signed char": "int8", + "void": "", +} + +// cstdTypesToCgo maps C standard types to special cgo types. +// Most C don't need any special handling, only the ones that have spaces. +var cstdTypesToCgo = map[string]string{ + "signed char": "schar", + "unsigned char": "uchar", + "unsigned short": "ushort", + "unsigned int": "uint", + "unsigned long": "ulong", + "long long": "longlong", + "unsigned long long": "ulonglong", +} + +// cTypeToGo converts C type t to a Go type. +func cTypeToGo(t string, cgo bool) string { + t, _ = strings.CutPrefix(t, "const ") + if t == "void" { + return "" + } + if strings.HasPrefix(t, "void*") { + return "unsafe.Pointer" + } + if strings.HasSuffix(t, "*") { + // Remove all trailing '*' characters. + var i, n int + for i = len(t) - 1; i >= 0; i-- { + if t[i] != '*' { + break + } + n++ + } + s := cTypeToGo(t[:i+1], cgo) + if s != "" { + s = strings.Repeat("*", n) + s + } + return s + } + if !isStdType(t) { + if cgo { + // Non-standard C types are aliased so C. so they don't need to be converted. + return "" + } + return t + } + if cgo { + if s, ok := cstdTypesToCgo[t]; ok { + t = s + } + return "C." + t + } + if t, ok := cstdTypesToGo[t]; ok { + return t + } + return t +} + +// paramToC returns C source code of parameter p. +func paramToC(i int, p *mkcgo.Param, addType bool) string { + var s string + if addType { + s += p.Type + } + if p.Type != "void" && p.Type != "..." { + if len(s) > 0 { + s += " " + } + s += "_arg" + strconv.Itoa(i) + } + return s +} + +func retIsVoid(r *mkcgo.Return) bool { + return r.Type == "void" +} + +// fnToGoParams returns source code for function f parameters. +func fnToGoParams(fn *mkcgo.Func) string { + return join(fn.Params, func(_ int, p *mkcgo.Param) string { + return p.Name + " " + cTypeToGo(p.Type, false) + }, ", ") +} + +// argList returns source code for C parameters for function f. +func fnToGoArgs(fn *mkcgo.Func) string { + return join(fn.Params, func(_ int, p *mkcgo.Param) string { + return paramToGo(p) + }, ", ") +} + +// fnToCArgs returns source code for C parameters for function f. +func fnToCArgs(fn *mkcgo.Func, addType bool) string { + return join(fn.Params, func(i int, p *mkcgo.Param) string { + return paramToC(i, p, addType) + }, ", ") +} + +// join concatenates parameters ps into a string with sep separator. +// Each parameter is converted into string by applying fn to it +// before conversion. +func join(ps []*mkcgo.Param, fn func(int, *mkcgo.Param) string, sep string) string { + if len(ps) == 0 { + return "" + } + params := make([]string, 0, len(ps)) + for i, p := range ps { + param := fn(i, p) + if param != "" { + params = append(params, param) + } + } + return strings.Join(params, sep) +} diff --git a/cmd/mkcgo/main.go b/cmd/mkcgo/main.go new file mode 100644 index 00000000..e70cc5d5 --- /dev/null +++ b/cmd/mkcgo/main.go @@ -0,0 +1,99 @@ +package main + +import ( + "bytes" + "flag" + "fmt" + "go/format" + "log" + "os" + "strings" + + "github.com/golang-fips/openssl/v2/internal/mkcgo" +) + +var ( + fileName = flag.String("out", "", "output file name (standard output if omitted)") + includeHeader = flag.String("include", "", "include header file") + packageName = flag.String("package", "", "package name") +) + +func usage() { + fmt.Fprintf(os.Stderr, "usage: mkcgo [flags] [path ...]\n") + flag.PrintDefaults() + fmt.Fprintf(os.Stderr, "\n") + os.Exit(1) +} + +func main() { + // Set up and parse flags. + flag.Usage = usage + flag.Parse() + if len(flag.Args()) == 0 { + fmt.Fprintln(os.Stderr, "no files to parse provided") + usage() + } + + // Parse source files. + src, err := mkcgo.Parse(flag.Args()...) + if err != nil { + log.Fatal(err) + } + + var buf, cbuf bytes.Buffer + generateGo(src, &buf) + generateC(src, &cbuf) + + // Format the generated Go source code. + data, err := format.Source(buf.Bytes()) + if err != nil { + log.Printf("failed to format source: %v", err) + f, err := writeTempSourceFile(buf.Bytes()) + if err != nil { + log.Fatalf("failed to write unformatted source to file: %v", err) + } + log.Fatalf("for diagnosis, wrote unformatted source to %v", f) + } + + // Write output. If no explicit output file is specified, + // // write both Go and C output to stdout. + if *fileName == "" { + for _, d := range []struct { + name string + data []byte + }{ + {"Go", data}, + {"C", cbuf.Bytes()}, + } { + os.Stdout.WriteString("// === " + d.name + " ===\n\n") + if _, err = os.Stdout.Write(d.data); err != nil { + log.Fatal(err) + } + } + } else { + err = os.WriteFile(*fileName, data, 0o644) + if err == nil { + cfileName := strings.TrimSuffix(*fileName, ".go") + ".c" + err = os.WriteFile(cfileName, cbuf.Bytes(), 0o644) + } + if err != nil { + log.Fatal(err) + } + } +} + +func writeTempSourceFile(data []byte) (string, error) { + f, err := os.CreateTemp("", "mkcgo-generated-*.go") + if err != nil { + return "", err + } + _, err = f.Write(data) + if closeErr := f.Close(); err == nil { + err = closeErr + } + if err != nil { + os.Remove(f.Name()) // best effort + return "", err + } + return f.Name(), nil +} diff --git a/const.go b/const.go index 15b4fa28..aa4a163a 100644 --- a/const.go +++ b/const.go @@ -20,14 +20,14 @@ func (s cString) str() string { // "const char*" parameters. Any attempt to modify it // will result in a runtime panic, as Go strings are // allocated in read-only memory. -func (s cString) ptr() *C.char { +func (s cString) ptr() *byte { if len(s) == 0 { return nil } if s[len(s)-1] != 0 { panic("must be null-terminated") } - return (*C.char)(unsafe.Pointer(unsafe.StringData(string(s)))) + return unsafe.StringData(string(s)) } const ( //checkheader:ignore @@ -85,75 +85,3 @@ const ( //checkheader:ignore // MAC parameters _OSSL_MAC_PARAM_DIGEST cString = "digest\x00" ) - -// #include -// #include -// #include -// #include -// #include -// #include -// #if OPENSSL_VERSION_NUMBER >= 0x30000000L -// #include -// #endif - -const ( - _POINT_CONVERSION_UNCOMPRESSED = 4 - - _OPENSSL_INIT_LOAD_CRYPTO_STRINGS = 0x00000002 - _OPENSSL_INIT_ADD_ALL_CIPHERS = 0x00000004 - _OPENSSL_INIT_ADD_ALL_DIGESTS = 0x00000008 - _OPENSSL_INIT_LOAD_CONFIG = 0x00000040 - - _EVP_CTRL_GCM_GET_TAG = 0x10 - _EVP_CTRL_GCM_SET_TAG = 0x11 - _EVP_PKEY_CTRL_MD = 1 - _EVP_PKEY_RSA = 6 - _EVP_PKEY_EC = 408 - _EVP_PKEY_TLS1_PRF = 1021 - _EVP_PKEY_HKDF = 1036 - _EVP_PKEY_ED25519 = 1087 - _EVP_PKEY_DSA = 116 - // This is defined differently in OpenSSL 3 (1 << 11), - // but in our code it is only used in OpenSSL 1. - _EVP_PKEY_OP_DERIVE = (1 << 10) //checkheader:ignore - _EVP_MAX_MD_SIZE = 64 - - _EVP_PKEY_PUBLIC_KEY = 0x86 - _EVP_PKEY_KEYPAIR = 0x87 - - _EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID = 0x1001 - - _EVP_KDF_HKDF_MODE_EXTRACT_ONLY = 1 - _EVP_KDF_HKDF_MODE_EXPAND_ONLY = 2 - - _EVP_PKEY_CTRL_TLS_MD = 0x1000 - _EVP_PKEY_CTRL_TLS_SECRET = 0x1001 - _EVP_PKEY_CTRL_TLS_SEED = 0x1002 - _EVP_PKEY_CTRL_HKDF_MD = 0x1003 - _EVP_PKEY_CTRL_HKDF_SALT = 0x1004 - _EVP_PKEY_CTRL_HKDF_KEY = 0x1005 - _EVP_PKEY_CTRL_HKDF_INFO = 0x1006 - _EVP_PKEY_CTRL_HKDF_MODE = 0x1007 - - _NID_X9_62_prime256v1 = 415 - _NID_secp224r1 = 713 - _NID_secp384r1 = 715 - _NID_secp521r1 = 716 - - _RSA_PKCS1_PADDING = 1 - _RSA_NO_PADDING = 3 - _RSA_PKCS1_OAEP_PADDING = 4 - _RSA_PKCS1_PSS_PADDING = 6 - _RSA_PSS_SALTLEN_DIGEST = -1 - _RSA_PSS_SALTLEN_AUTO = -2 - _RSA_PSS_SALTLEN_MAX_SIGN = -2 - _RSA_PSS_SALTLEN_MAX = -3 - _EVP_PKEY_CTRL_RSA_PADDING = 0x1001 - _EVP_PKEY_CTRL_RSA_PSS_SALTLEN = 0x1002 - _EVP_PKEY_CTRL_RSA_KEYGEN_BITS = 0x1003 - _EVP_PKEY_CTRL_RSA_MGF1_MD = 0x1005 - _EVP_PKEY_CTRL_RSA_OAEP_MD = 0x1009 - _EVP_PKEY_CTRL_RSA_OAEP_LABEL = 0x100A - _EVP_PKEY_CTRL_DSA_PARAMGEN_BITS = 0x1001 - _EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS = 0x1002 -) diff --git a/des.go b/des.go index cd006544..78ecb988 100644 --- a/des.go +++ b/des.go @@ -2,7 +2,6 @@ package openssl -// #include "goopenssl.h" import "C" import ( "crypto/cipher" diff --git a/dsa.go b/dsa.go index 6c2258bc..4a62e88d 100644 --- a/dsa.go +++ b/dsa.go @@ -2,7 +2,6 @@ package openssl -// #include "goopenssl.h" import "C" import ( "runtime" @@ -11,11 +10,11 @@ import ( // SupportsDSA returns true if the OpenSSL library supports DSA. func SupportsDSA() bool { - ctx := C.go_openssl_EVP_PKEY_CTX_new_id(_EVP_PKEY_DSA, nil) + ctx := go_openssl_EVP_PKEY_CTX_new_id(_EVP_PKEY_DSA, nil) if ctx == nil { return false } - C.go_openssl_EVP_PKEY_CTX_free(ctx) + go_openssl_EVP_PKEY_CTX_free(ctx) return true } @@ -30,14 +29,14 @@ type PrivateKeyDSA struct { X, Y BigInt // _pkey MUST NOT be accessed directly. Instead, use the withKey method. - _pkey C.GO_EVP_PKEY_PTR + _pkey _EVP_PKEY_PTR } func (k *PrivateKeyDSA) finalize() { - C.go_openssl_EVP_PKEY_free(k._pkey) + go_openssl_EVP_PKEY_free(k._pkey) } -func (k *PrivateKeyDSA) withKey(f func(C.GO_EVP_PKEY_PTR) C.int) C.int { +func (k *PrivateKeyDSA) withKey(f func(_EVP_PKEY_PTR) int32) int32 { defer runtime.KeepAlive(k) return f(k._pkey) } @@ -48,14 +47,14 @@ type PublicKeyDSA struct { Y BigInt // _pkey MUST NOT be accessed directly. Instead, use the withKey method. - _pkey C.GO_EVP_PKEY_PTR + _pkey _EVP_PKEY_PTR } func (k *PublicKeyDSA) finalize() { - C.go_openssl_EVP_PKEY_free(k._pkey) + go_openssl_EVP_PKEY_free(k._pkey) } -func (k *PublicKeyDSA) withKey(f func(C.GO_EVP_PKEY_PTR) C.int) C.int { +func (k *PublicKeyDSA) withKey(f func(_EVP_PKEY_PTR) int32) int32 { defer runtime.KeepAlive(k) return f(k._pkey) } @@ -66,41 +65,41 @@ func GenerateParametersDSA(l, n int) (DSAParameters, error) { // extracting the domain parameters from it. // Generate a new DSA key context and set the known parameters. - ctx := C.go_openssl_EVP_PKEY_CTX_new_id(_EVP_PKEY_DSA, nil) + ctx := go_openssl_EVP_PKEY_CTX_new_id(_EVP_PKEY_DSA, nil) if ctx == nil { return DSAParameters{}, newOpenSSLError("EVP_PKEY_CTX_new_id failed") } - defer C.go_openssl_EVP_PKEY_CTX_free(ctx) - if C.go_openssl_EVP_PKEY_paramgen_init(ctx) != 1 { + defer go_openssl_EVP_PKEY_CTX_free(ctx) + if go_openssl_EVP_PKEY_paramgen_init(ctx) != 1 { return DSAParameters{}, newOpenSSLError("EVP_PKEY_paramgen_init failed") } - if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, _EVP_PKEY_DSA, -1, _EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, C.int(l), nil) != 1 { + if go_openssl_EVP_PKEY_CTX_ctrl(ctx, _EVP_PKEY_DSA, -1, _EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, int32(l), nil) != 1 { return DSAParameters{}, newOpenSSLError("EVP_PKEY_CTX_ctrl failed") } - if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, _EVP_PKEY_DSA, -1, _EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, C.int(n), nil) != 1 { + if go_openssl_EVP_PKEY_CTX_ctrl(ctx, _EVP_PKEY_DSA, -1, _EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, int32(n), nil) != 1 { return DSAParameters{}, newOpenSSLError("EVP_PKEY_CTX_ctrl failed") } - var pkey C.GO_EVP_PKEY_PTR - if C.go_openssl_EVP_PKEY_paramgen(ctx, &pkey) != 1 { + var pkey _EVP_PKEY_PTR + if go_openssl_EVP_PKEY_paramgen(ctx, &pkey) != 1 { return DSAParameters{}, newOpenSSLError("EVP_PKEY_paramgen failed") } - defer C.go_openssl_EVP_PKEY_free(pkey) + defer go_openssl_EVP_PKEY_free(pkey) // Extract the domain parameters from the generated key. - var p, q, g C.GO_BIGNUM_PTR + var p, q, g _BIGNUM_PTR switch vMajor { case 1: dsa := getDSA(pkey) - C.go_openssl_DSA_get0_pqg(dsa, &p, &q, &g) + go_openssl_DSA_get0_pqg(dsa, &p, &q, &g) case 3: defer func() { - C.go_openssl_BN_free(p) - C.go_openssl_BN_free(q) - C.go_openssl_BN_free(g) + go_openssl_BN_free(p) + go_openssl_BN_free(q) + go_openssl_BN_free(g) }() - if C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_P.ptr(), &p) != 1 || - C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_Q.ptr(), &q) != 1 || - C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_G.ptr(), &g) != 1 { + if go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_P.ptr(), &p) != 1 || + go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_Q.ptr(), &q) != 1 || + go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_G.ptr(), &g) != 1 { return DSAParameters{}, newOpenSSLError("EVP_PKEY_get_bn_param") } default: @@ -148,19 +147,19 @@ func GenerateKeyDSA(params DSAParameters) (x, y BigInt, err error) { if err != nil { return nil, nil, err } - defer C.go_openssl_EVP_PKEY_free(pkey) - var bx, by C.GO_BIGNUM_PTR + defer go_openssl_EVP_PKEY_free(pkey) + var bx, by _BIGNUM_PTR switch vMajor { case 1: dsa := getDSA(pkey) - C.go_openssl_DSA_get0_key(dsa, &by, &bx) + go_openssl_DSA_get0_key(dsa, &by, &bx) case 3: defer func() { - C.go_openssl_BN_clear_free(bx) - C.go_openssl_BN_free(by) + go_openssl_BN_clear_free(bx) + go_openssl_BN_free(by) }() - if C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PUB_KEY.ptr(), &by) != 1 || - C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY.ptr(), &bx) != 1 { + if go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PUB_KEY.ptr(), &by) != 1 || + go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY.ptr(), &bx) != 1 { return nil, nil, newOpenSSLError("EVP_PKEY_get_bn_param") } default: @@ -179,7 +178,7 @@ func VerifyDSA(pub *PublicKeyDSA, hash []byte, sig []byte) bool { return evpVerify(pub.withKey, 0, 0, 0, sig, hash) == nil } -func newDSA(params DSAParameters, x, y BigInt) (C.GO_EVP_PKEY_PTR, error) { +func newDSA(params DSAParameters, x, y BigInt) (_EVP_PKEY_PTR, error) { switch vMajor { case 1: return newDSA1(params, x, y) @@ -190,52 +189,52 @@ func newDSA(params DSAParameters, x, y BigInt) (C.GO_EVP_PKEY_PTR, error) { } } -func newDSA1(params DSAParameters, x, y BigInt) (pkey C.GO_EVP_PKEY_PTR, err error) { +func newDSA1(params DSAParameters, x, y BigInt) (pkey _EVP_PKEY_PTR, err error) { checkMajorVersion(1) - dsa := C.go_openssl_DSA_new() + dsa := go_openssl_DSA_new() if dsa == nil { return nil, newOpenSSLError("DSA_new failed") } defer func() { if pkey == nil { - C.go_openssl_DSA_free(dsa) + go_openssl_DSA_free(dsa) } }() p, q, g := bigToBN(params.P), bigToBN(params.Q), bigToBN(params.G) - ret := C.go_openssl_DSA_set0_pqg(dsa, p, q, g) + ret := go_openssl_DSA_set0_pqg(dsa, p, q, g) if ret != 1 { - C.go_openssl_BN_free(p) - C.go_openssl_BN_free(q) - C.go_openssl_BN_free(g) + go_openssl_BN_free(p) + go_openssl_BN_free(q) + go_openssl_BN_free(g) return nil, newOpenSSLError("DSA_set0_pqg failed") } if y != nil { pub, priv := bigToBN(y), bigToBN(x) - ret = C.go_openssl_DSA_set0_key(dsa, pub, priv) + ret = go_openssl_DSA_set0_key(dsa, pub, priv) if ret != 1 { - C.go_openssl_BN_free(pub) - C.go_openssl_BN_clear_free(priv) + go_openssl_BN_free(pub) + go_openssl_BN_clear_free(priv) return nil, newOpenSSLError("DSA_set0_key failed") } } else { - if C.go_openssl_DSA_generate_key(dsa) != 1 { + if go_openssl_DSA_generate_key(dsa) != 1 { return nil, newOpenSSLError("DSA_generate_key failed") } } - pkey = C.go_openssl_EVP_PKEY_new() + pkey = go_openssl_EVP_PKEY_new() if pkey == nil { return nil, newOpenSSLError("EVP_PKEY_new failed") } - if C.go_openssl_EVP_PKEY_assign(pkey, _EVP_PKEY_DSA, unsafe.Pointer(dsa)) != 1 { - C.go_openssl_EVP_PKEY_free(pkey) + if go_openssl_EVP_PKEY_assign(pkey, _EVP_PKEY_DSA, unsafe.Pointer(dsa)) != 1 { + go_openssl_EVP_PKEY_free(pkey) return nil, newOpenSSLError("EVP_PKEY_assign failed") } return pkey, nil } -func newDSA3(params DSAParameters, x, y BigInt) (C.GO_EVP_PKEY_PTR, error) { +func newDSA3(params DSAParameters, x, y BigInt) (_EVP_PKEY_PTR, error) { checkMajorVersion(3) bld, err := newParamBuilder() @@ -247,7 +246,7 @@ func newDSA3(params DSAParameters, x, y BigInt) (C.GO_EVP_PKEY_PTR, error) { bld.addBigInt(_OSSL_PKEY_PARAM_FFC_P, params.P, false) bld.addBigInt(_OSSL_PKEY_PARAM_FFC_Q, params.Q, false) bld.addBigInt(_OSSL_PKEY_PARAM_FFC_G, params.G, false) - selection := C.int(_EVP_PKEY_KEYPAIR) + selection := int32(_EVP_PKEY_KEYPAIR) if y != nil { bld.addBigInt(_OSSL_PKEY_PARAM_PUB_KEY, y, false) if x == nil { @@ -261,7 +260,7 @@ func newDSA3(params DSAParameters, x, y BigInt) (C.GO_EVP_PKEY_PTR, error) { if err != nil { return nil, err } - defer C.go_openssl_OSSL_PARAM_free(bldparams) + defer go_openssl_OSSL_PARAM_free(bldparams) pkey, err := newEvpFromParams(_EVP_PKEY_DSA, selection, bldparams) if err != nil { return nil, err @@ -272,17 +271,17 @@ func newDSA3(params DSAParameters, x, y BigInt) (C.GO_EVP_PKEY_PTR, error) { // pkey doesn't contain the public component, but the crypto/dsa package // expects it to be always there. Generate a new key using pkey as domain // parameters placeholder. - defer C.go_openssl_EVP_PKEY_free(pkey) - ctx := C.go_openssl_EVP_PKEY_CTX_new_from_pkey(nil, pkey, nil) + defer go_openssl_EVP_PKEY_free(pkey) + ctx := go_openssl_EVP_PKEY_CTX_new_from_pkey(nil, pkey, nil) if ctx == nil { return nil, newOpenSSLError("EVP_PKEY_CTX_new_from_pkey") } - defer C.go_openssl_EVP_PKEY_CTX_free(ctx) - if C.go_openssl_EVP_PKEY_keygen_init(ctx) != 1 { + defer go_openssl_EVP_PKEY_CTX_free(ctx) + if go_openssl_EVP_PKEY_keygen_init(ctx) != 1 { return nil, newOpenSSLError("EVP_PKEY_keygen_init") } - var gkey C.GO_EVP_PKEY_PTR - if C.go_openssl_EVP_PKEY_keygen(ctx, &gkey) != 1 { + var gkey _EVP_PKEY_PTR + if go_openssl_EVP_PKEY_keygen(ctx, &gkey) != 1 { return nil, newOpenSSLError("EVP_PKEY_keygen") } return gkey, nil @@ -291,8 +290,8 @@ func newDSA3(params DSAParameters, x, y BigInt) (C.GO_EVP_PKEY_PTR, error) { // getDSA returns the DSA from pkey. // If pkey does not contain an DSA it panics. // The returned key should not be freed. -func getDSA(pkey C.GO_EVP_PKEY_PTR) C.GO_DSA_PTR { - key := C.go_openssl_EVP_PKEY_get0_DSA(pkey) +func getDSA(pkey _EVP_PKEY_PTR) _DSA_PTR { + key := go_openssl_EVP_PKEY_get0_DSA(pkey) if key == nil { panic("pkey does not contain an DSA") } diff --git a/ec.go b/ec.go index 14a729a6..e8315a99 100644 --- a/ec.go +++ b/ec.go @@ -2,10 +2,9 @@ package openssl -// #include "goopenssl.h" import "C" -func curveNID(curve string) C.int { +func curveNID(curve string) int32 { switch curve { case "P-224": return _NID_secp224r1 @@ -37,15 +36,15 @@ func curveSize(curve string) int { } // encodeEcPoint encodes pt. -func encodeEcPoint(group C.GO_EC_GROUP_PTR, pt C.GO_EC_POINT_PTR) ([]byte, error) { +func encodeEcPoint(group _EC_GROUP_PTR, pt _EC_POINT_PTR) ([]byte, error) { // Get encoded point size. - n := C.go_openssl_EC_POINT_point2oct(group, pt, _POINT_CONVERSION_UNCOMPRESSED, nil, 0, nil) + n := go_openssl_EC_POINT_point2oct(group, pt, _POINT_CONVERSION_UNCOMPRESSED, nil, 0, nil) if n == 0 { return nil, newOpenSSLError("EC_POINT_point2oct") } // Encode point into bytes. bytes := make([]byte, n) - n = C.go_openssl_EC_POINT_point2oct(group, pt, _POINT_CONVERSION_UNCOMPRESSED, base(bytes), n, nil) + n = go_openssl_EC_POINT_point2oct(group, pt, _POINT_CONVERSION_UNCOMPRESSED, base(bytes), n, nil) if n == 0 { return nil, newOpenSSLError("EC_POINT_point2oct") } @@ -53,16 +52,16 @@ func encodeEcPoint(group C.GO_EC_GROUP_PTR, pt C.GO_EC_POINT_PTR) ([]byte, error } // generateAndEncodeEcPublicKey calls newPubKeyPointFn to generate a public key point and then encodes it. -func generateAndEncodeEcPublicKey(nid C.int, newPubKeyPointFn func(group C.GO_EC_GROUP_PTR) (C.GO_EC_POINT_PTR, error)) ([]byte, error) { - group := C.go_openssl_EC_GROUP_new_by_curve_name(nid) +func generateAndEncodeEcPublicKey(nid int32, newPubKeyPointFn func(group _EC_GROUP_PTR) (_EC_POINT_PTR, error)) ([]byte, error) { + group := go_openssl_EC_GROUP_new_by_curve_name(nid) if group == nil { return nil, newOpenSSLError("EC_GROUP_new_by_curve_name") } - defer C.go_openssl_EC_GROUP_free(group) + defer go_openssl_EC_GROUP_free(group) pt, err := newPubKeyPointFn(group) if err != nil { return nil, err } - defer C.go_openssl_EC_POINT_free(pt) + defer go_openssl_EC_POINT_free(pt) return encodeEcPoint(group, pt) } diff --git a/ecdh.go b/ecdh.go index b5e7e264..aa5b0245 100644 --- a/ecdh.go +++ b/ecdh.go @@ -2,7 +2,6 @@ package openssl -// #include "goopenssl.h" import "C" import ( "errors" @@ -12,21 +11,21 @@ import ( ) type PublicKeyECDH struct { - _pkey C.GO_EVP_PKEY_PTR + _pkey _EVP_PKEY_PTR bytes []byte } func (k *PublicKeyECDH) finalize() { - C.go_openssl_EVP_PKEY_free(k._pkey) + go_openssl_EVP_PKEY_free(k._pkey) } type PrivateKeyECDH struct { - _pkey C.GO_EVP_PKEY_PTR + _pkey _EVP_PKEY_PTR curve string } func (k *PrivateKeyECDH) finalize() { - C.go_openssl_EVP_PKEY_free(k._pkey) + go_openssl_EVP_PKEY_free(k._pkey) } func NewPublicKeyECDH(curve string, bytes []byte) (*PublicKeyECDH, error) { @@ -59,27 +58,27 @@ func NewPrivateKeyECDH(curve string, bytes []byte) (*PrivateKeyECDH, error) { func (k *PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) { defer runtime.KeepAlive(k) - var pkey C.GO_EVP_PKEY_PTR + var pkey _EVP_PKEY_PTR defer func() { - C.go_openssl_EVP_PKEY_free(pkey) + go_openssl_EVP_PKEY_free(pkey) }() var bytes []byte switch vMajor { case 1: - pkey = C.go_openssl_EVP_PKEY_new() + pkey = go_openssl_EVP_PKEY_new() if pkey == nil { return nil, newOpenSSLError("EVP_PKEY_new") } key := getECKey(k._pkey) - if C.go_openssl_EVP_PKEY_set1_EC_KEY(pkey, key) != 1 { + if go_openssl_EVP_PKEY_set1_EC_KEY(pkey, key) != 1 { return nil, newOpenSSLError("EVP_PKEY_set1_EC_KEY") } - pt := C.go_openssl_EC_KEY_get0_public_key(key) + pt := go_openssl_EC_KEY_get0_public_key(key) if pt == nil { return nil, newOpenSSLError("EC_KEY_get0_public_key") } - group := C.go_openssl_EC_KEY_get0_group(key) + group := go_openssl_EC_KEY_get0_group(key) var err error bytes, err = encodeEcPoint(group, pt) if err != nil { @@ -87,12 +86,12 @@ func (k *PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) { } case 3: pkey = k._pkey - if C.go_openssl_EVP_PKEY_up_ref(pkey) != 1 { + if go_openssl_EVP_PKEY_up_ref(pkey) != 1 { return nil, newOpenSSLError("EVP_PKEY_up_ref") } - var cbytes *C.uchar - n := C.go_openssl_EVP_PKEY_get1_encoded_public_key(k._pkey, &cbytes) + var cbytes *byte + n := go_openssl_EVP_PKEY_get1_encoded_public_key(k._pkey, &cbytes) if n == 0 { return nil, newOpenSSLError("EVP_PKEY_get_octet_string_param") } @@ -107,7 +106,7 @@ func (k *PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) { return pub, nil } -func newECDHPkey(curve string, bytes []byte, isPrivate bool) (C.GO_EVP_PKEY_PTR, error) { +func newECDHPkey(curve string, bytes []byte, isPrivate bool) (_EVP_PKEY_PTR, error) { nid := curveNID(curve) switch vMajor { case 1: @@ -119,50 +118,50 @@ func newECDHPkey(curve string, bytes []byte, isPrivate bool) (C.GO_EVP_PKEY_PTR, } } -func newECDHPkey1(nid C.int, bytes []byte, isPrivate bool) (pkey C.GO_EVP_PKEY_PTR, err error) { +func newECDHPkey1(nid int32, bytes []byte, isPrivate bool) (pkey _EVP_PKEY_PTR, err error) { checkMajorVersion(1) - key := C.go_openssl_EC_KEY_new_by_curve_name(nid) + key := go_openssl_EC_KEY_new_by_curve_name(nid) if key == nil { return nil, newOpenSSLError("EC_KEY_new_by_curve_name") } defer func() { if pkey == nil { - C.go_openssl_EC_KEY_free(key) + go_openssl_EC_KEY_free(key) } }() - group := C.go_openssl_EC_KEY_get0_group(key) + group := go_openssl_EC_KEY_get0_group(key) if isPrivate { - priv := C.go_openssl_BN_bin2bn(base(bytes), C.int(len(bytes)), nil) + priv := go_openssl_BN_bin2bn(base(bytes), int32(len(bytes)), nil) if priv == nil { return nil, newOpenSSLError("BN_bin2bn") } - defer C.go_openssl_BN_clear_free(priv) - if C.go_openssl_EC_KEY_set_private_key(key, priv) != 1 { + defer go_openssl_BN_clear_free(priv) + if go_openssl_EC_KEY_set_private_key(key, priv) != 1 { return nil, newOpenSSLError("EC_KEY_set_private_key") } pub, err := pointMult(group, priv) if err != nil { return nil, err } - defer C.go_openssl_EC_POINT_free(pub) - if C.go_openssl_EC_KEY_set_public_key(key, pub) != 1 { + defer go_openssl_EC_POINT_free(pub) + if go_openssl_EC_KEY_set_public_key(key, pub) != 1 { return nil, newOpenSSLError("EC_KEY_set_public_key") } } else { - pub := C.go_openssl_EC_POINT_new(group) + pub := go_openssl_EC_POINT_new(group) if pub == nil { return nil, newOpenSSLError("EC_POINT_new") } - defer C.go_openssl_EC_POINT_free(pub) - if C.go_openssl_EC_POINT_oct2point(group, pub, base(bytes), C.size_t(len(bytes)), nil) != 1 { + defer go_openssl_EC_POINT_free(pub) + if go_openssl_EC_POINT_oct2point(group, pub, base(bytes), len(bytes), nil) != 1 { return nil, errors.New("point not on curve") } - if C.go_openssl_EC_KEY_set_public_key(key, pub) != 1 { + if go_openssl_EC_KEY_set_public_key(key, pub) != 1 { return nil, newOpenSSLError("EC_KEY_set_public_key") } } - if C.go_openssl_EC_KEY_check_key(key) != 1 { + if go_openssl_EC_KEY_check_key(key) != 1 { // Match upstream error message. if isPrivate { return nil, errors.New("crypto/ecdh: invalid private key") @@ -173,7 +172,7 @@ func newECDHPkey1(nid C.int, bytes []byte, isPrivate bool) (pkey C.GO_EVP_PKEY_P return newEVPPKEY(key) } -func newECDHPkey3(nid C.int, bytes []byte, isPrivate bool) (C.GO_EVP_PKEY_PTR, error) { +func newECDHPkey3(nid int32, bytes []byte, isPrivate bool) (_EVP_PKEY_PTR, error) { checkMajorVersion(3) bld, err := newParamBuilder() @@ -181,15 +180,15 @@ func newECDHPkey3(nid C.int, bytes []byte, isPrivate bool) (C.GO_EVP_PKEY_PTR, e return nil, err } defer bld.finalize() - bld.addUTF8String(_OSSL_PKEY_PARAM_GROUP_NAME, C.go_openssl_OBJ_nid2sn(nid), 0) - var selection C.int + bld.addUTF8String(_OSSL_PKEY_PARAM_GROUP_NAME, go_openssl_OBJ_nid2sn(nid), 0) + var selection int32 if isPrivate { - priv := C.go_openssl_BN_bin2bn(base(bytes), C.int(len(bytes)), nil) + priv := go_openssl_BN_bin2bn(base(bytes), int32(len(bytes)), nil) if priv == nil { return nil, newOpenSSLError("BN_bin2bn") } - defer C.go_openssl_BN_clear_free(priv) - pubBytes, err := generateAndEncodeEcPublicKey(nid, func(group C.GO_EC_GROUP_PTR) (C.GO_EC_POINT_PTR, error) { + defer go_openssl_BN_clear_free(priv) + pubBytes, err := generateAndEncodeEcPublicKey(nid, func(group _EC_GROUP_PTR) (_EC_POINT_PTR, error) { return pointMult(group, priv) }) if err != nil { @@ -207,29 +206,29 @@ func newECDHPkey3(nid C.int, bytes []byte, isPrivate bool) (C.GO_EVP_PKEY_PTR, e if err != nil { return nil, err } - defer C.go_openssl_OSSL_PARAM_free(params) + defer go_openssl_OSSL_PARAM_free(params) pkey, err := newEvpFromParams(_EVP_PKEY_EC, selection, params) if err != nil { return nil, err } if err := checkPkey(pkey, isPrivate); err != nil { - C.go_openssl_EVP_PKEY_free(pkey) + go_openssl_EVP_PKEY_free(pkey) return nil, errors.New("crypto/ecdh: " + err.Error()) } return pkey, nil } -func pointMult(group C.GO_EC_GROUP_PTR, priv C.GO_BIGNUM_PTR) (C.GO_EC_POINT_PTR, error) { +func pointMult(group _EC_GROUP_PTR, priv _BIGNUM_PTR) (_EC_POINT_PTR, error) { // OpenSSL does not expose any method to generate the public // key from the private key [1], so we have to calculate it here. // [1] https://github.com/openssl/openssl/issues/18437#issuecomment-1144717206 - pt := C.go_openssl_EC_POINT_new(group) + pt := go_openssl_EC_POINT_new(group) if pt == nil { return nil, newOpenSSLError("EC_POINT_new") } - if C.go_openssl_EC_POINT_mul(group, pt, priv, nil, nil, nil) == 0 { - C.go_openssl_EC_POINT_free(pt) + if go_openssl_EC_POINT_mul(group, pt, priv, nil, nil, nil) == 0 { + go_openssl_EC_POINT_free(pt) return nil, newOpenSSLError("EC_POINT_mul") } return pt, nil @@ -238,23 +237,23 @@ func pointMult(group C.GO_EC_GROUP_PTR, priv C.GO_BIGNUM_PTR) (C.GO_EC_POINT_PTR func ECDH(priv *PrivateKeyECDH, pub *PublicKeyECDH) ([]byte, error) { defer runtime.KeepAlive(priv) defer runtime.KeepAlive(pub) - ctx := C.go_openssl_EVP_PKEY_CTX_new(priv._pkey, nil) + ctx := go_openssl_EVP_PKEY_CTX_new(priv._pkey, nil) if ctx == nil { return nil, newOpenSSLError("EVP_PKEY_CTX_new") } - defer C.go_openssl_EVP_PKEY_CTX_free(ctx) - if C.go_openssl_EVP_PKEY_derive_init(ctx) != 1 { + defer go_openssl_EVP_PKEY_CTX_free(ctx) + if go_openssl_EVP_PKEY_derive_init(ctx) != 1 { return nil, newOpenSSLError("EVP_PKEY_derive_init") } - if C.go_openssl_EVP_PKEY_derive_set_peer(ctx, pub._pkey) != 1 { + if go_openssl_EVP_PKEY_derive_set_peer(ctx, pub._pkey) != 1 { return nil, newOpenSSLError("EVP_PKEY_derive_set_peer") } - var keylen C.size_t - if C.go_openssl_EVP_PKEY_derive(ctx, nil, &keylen) != 1 { + var keylen int + if go_openssl_EVP_PKEY_derive(ctx, nil, &keylen) != 1 { return nil, newOpenSSLError("EVP_PKEY_derive") } out := make([]byte, keylen) - if C.go_openssl_EVP_PKEY_derive(ctx, base(out), &keylen) != 1 { + if go_openssl_EVP_PKEY_derive(ctx, base(out), &keylen) != 1 { return nil, newOpenSSLError("EVP_PKEY_derive") } return out, nil @@ -268,22 +267,22 @@ func GenerateKeyECDH(curve string) (*PrivateKeyECDH, []byte, error) { var k *PrivateKeyECDH defer func() { if k == nil { - C.go_openssl_EVP_PKEY_free(pkey) + go_openssl_EVP_PKEY_free(pkey) } }() - var priv C.GO_BIGNUM_PTR + var priv _BIGNUM_PTR switch vMajor { case 1: key := getECKey(pkey) - priv = C.go_openssl_EC_KEY_get0_private_key(key) + priv = go_openssl_EC_KEY_get0_private_key(key) if priv == nil { return nil, nil, newOpenSSLError("EC_KEY_get0_private_key") } case 3: - if C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY.ptr(), &priv) != 1 { + if go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY.ptr(), &priv) != 1 { return nil, nil, newOpenSSLError("EVP_PKEY_get_bn_param") } - defer C.go_openssl_BN_clear_free(priv) + defer go_openssl_BN_clear_free(priv) default: panic(errUnsupportedVersion()) } @@ -292,7 +291,7 @@ func GenerateKeyECDH(curve string) (*PrivateKeyECDH, []byte, error) { // The fixed length is the order of the large prime subgroup of the curve, // returned by EVP_PKEY_get_bits, which is generally the upper bound for // generating a private ECDH key. - bits := C.go_openssl_EVP_PKEY_get_bits(pkey) + bits := go_openssl_EVP_PKEY_get_bits(pkey) bytes := make([]byte, (bits+7)/8) if err := bnToBinPad(priv, bytes); err != nil { return nil, nil, err diff --git a/ecdsa.go b/ecdsa.go index c035ee31..b5b5282a 100644 --- a/ecdsa.go +++ b/ecdsa.go @@ -2,7 +2,6 @@ package openssl -// #include "goopenssl.h" import "C" import ( "crypto" @@ -12,28 +11,28 @@ import ( type PrivateKeyECDSA struct { // _pkey MUST NOT be accessed directly. Instead, use the withKey method. - _pkey C.GO_EVP_PKEY_PTR + _pkey _EVP_PKEY_PTR } func (k *PrivateKeyECDSA) finalize() { - C.go_openssl_EVP_PKEY_free(k._pkey) + go_openssl_EVP_PKEY_free(k._pkey) } -func (k *PrivateKeyECDSA) withKey(f func(C.GO_EVP_PKEY_PTR) C.int) C.int { +func (k *PrivateKeyECDSA) withKey(f func(_EVP_PKEY_PTR) int32) int32 { defer runtime.KeepAlive(k) return f(k._pkey) } type PublicKeyECDSA struct { // _pkey MUST NOT be accessed directly. Instead, use the withKey method. - _pkey C.GO_EVP_PKEY_PTR + _pkey _EVP_PKEY_PTR } func (k *PublicKeyECDSA) finalize() { - C.go_openssl_EVP_PKEY_free(k._pkey) + go_openssl_EVP_PKEY_free(k._pkey) } -func (k *PublicKeyECDSA) withKey(f func(C.GO_EVP_PKEY_PTR) C.int) C.int { +func (k *PublicKeyECDSA) withKey(f func(_EVP_PKEY_PTR) int32) int32 { defer runtime.KeepAlive(k) return f(k._pkey) } @@ -66,37 +65,37 @@ func GenerateKeyECDSA(curve string) (x, y, d BigInt, err error) { if err != nil { return nil, nil, nil, err } - defer C.go_openssl_EVP_PKEY_free(pkey) + defer go_openssl_EVP_PKEY_free(pkey) - var bx, by, bd C.GO_BIGNUM_PTR + var bx, by, bd _BIGNUM_PTR defer func() { - C.go_openssl_BN_free(bx) - C.go_openssl_BN_free(by) + go_openssl_BN_free(bx) + go_openssl_BN_free(by) }() switch vMajor { case 1: // Retrieve the internal EC_KEY, which holds the X, Y, and D coordinates. key := getECKey(pkey) - group := C.go_openssl_EC_KEY_get0_group(key) - pt := C.go_openssl_EC_KEY_get0_public_key(key) + group := go_openssl_EC_KEY_get0_group(key) + pt := go_openssl_EC_KEY_get0_public_key(key) // Allocate two big numbers to store the X and Y coordinates. - bx, by = C.go_openssl_BN_new(), C.go_openssl_BN_new() + bx, by = go_openssl_BN_new(), go_openssl_BN_new() if bx == nil || by == nil { return nil, nil, nil, newOpenSSLError("BN_new failed") } // Get X and Y. - if C.go_openssl_EC_POINT_get_affine_coordinates_GFp(group, pt, bx, by, nil) == 0 { + if go_openssl_EC_POINT_get_affine_coordinates_GFp(group, pt, bx, by, nil) == 0 { return nil, nil, nil, newOpenSSLError("EC_POINT_get_affine_coordinates_GFp failed") } // Get Z. We don't need to free it, get0 does not increase the reference count. - bd = C.go_openssl_EC_KEY_get0_private_key(key) + bd = go_openssl_EC_KEY_get0_private_key(key) case 3: - if C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_EC_PUB_X.ptr(), &bx) != 1 || - C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_EC_PUB_Y.ptr(), &by) != 1 || - C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY.ptr(), &bd) != 1 { + if go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_EC_PUB_X.ptr(), &bx) != 1 || + go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_EC_PUB_Y.ptr(), &by) != 1 || + go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY.ptr(), &bd) != 1 { return nil, nil, nil, newOpenSSLError("EVP_PKEY_get_bn_param") } - defer C.go_openssl_BN_clear_free(bd) + defer go_openssl_BN_clear_free(bd) default: panic(errUnsupportedVersion()) } @@ -121,13 +120,13 @@ func HashVerifyECDSA(pub *PublicKeyECDSA, h crypto.Hash, msg, sig []byte) bool { return evpHashVerify(pub.withKey, h, msg, sig) == nil } -func newECDSAKey(curve string, x, y, d BigInt) (C.GO_EVP_PKEY_PTR, error) { +func newECDSAKey(curve string, x, y, d BigInt) (_EVP_PKEY_PTR, error) { nid := curveNID(curve) - var bx, by, bd C.GO_BIGNUM_PTR + var bx, by, bd _BIGNUM_PTR defer func() { - C.go_openssl_BN_free(bx) - C.go_openssl_BN_free(by) - C.go_openssl_BN_clear_free(bd) + go_openssl_BN_free(bx) + go_openssl_BN_free(by) + go_openssl_BN_clear_free(bd) }() bx = bigToBN(x) by = bigToBN(y) @@ -145,38 +144,38 @@ func newECDSAKey(curve string, x, y, d BigInt) (C.GO_EVP_PKEY_PTR, error) { } } -func newECDSAKey1(nid C.int, bx, by, bd C.GO_BIGNUM_PTR) (pkey C.GO_EVP_PKEY_PTR, err error) { +func newECDSAKey1(nid int32, bx, by, bd _BIGNUM_PTR) (pkey _EVP_PKEY_PTR, err error) { checkMajorVersion(1) - key := C.go_openssl_EC_KEY_new_by_curve_name(nid) + key := go_openssl_EC_KEY_new_by_curve_name(nid) if key == nil { return nil, newOpenSSLError("EC_KEY_new_by_curve_name failed") } defer func() { if pkey == nil { - defer C.go_openssl_EC_KEY_free(key) + defer go_openssl_EC_KEY_free(key) } }() - if C.go_openssl_EC_KEY_set_public_key_affine_coordinates(key, bx, by) != 1 { + if go_openssl_EC_KEY_set_public_key_affine_coordinates(key, bx, by) != 1 { return nil, newOpenSSLError("EC_KEY_set_public_key_affine_coordinates failed") } - if bd != nil && C.go_openssl_EC_KEY_set_private_key(key, bd) != 1 { + if bd != nil && go_openssl_EC_KEY_set_private_key(key, bd) != 1 { return nil, newOpenSSLError("EC_KEY_set_private_key failed") } return newEVPPKEY(key) } -func newECDSAKey3(nid C.int, bx, by, bd C.GO_BIGNUM_PTR) (C.GO_EVP_PKEY_PTR, error) { +func newECDSAKey3(nid int32, bx, by, bd _BIGNUM_PTR) (_EVP_PKEY_PTR, error) { checkMajorVersion(3) // Create the encoded public key public key from bx and by. - pubBytes, err := generateAndEncodeEcPublicKey(nid, func(group C.GO_EC_GROUP_PTR) (C.GO_EC_POINT_PTR, error) { - pt := C.go_openssl_EC_POINT_new(group) + pubBytes, err := generateAndEncodeEcPublicKey(nid, func(group _EC_GROUP_PTR) (_EC_POINT_PTR, error) { + pt := go_openssl_EC_POINT_new(group) if pt == nil { return nil, newOpenSSLError("EC_POINT_new") } - if C.go_openssl_EC_POINT_set_affine_coordinates(group, pt, bx, by, nil) != 1 { - C.go_openssl_EC_POINT_free(pt) + if go_openssl_EC_POINT_set_affine_coordinates(group, pt, bx, by, nil) != 1 { + go_openssl_EC_POINT_free(pt) return nil, newOpenSSLError("EC_POINT_set_affine_coordinates") } return pt, nil @@ -190,9 +189,9 @@ func newECDSAKey3(nid C.int, bx, by, bd C.GO_BIGNUM_PTR) (C.GO_EVP_PKEY_PTR, err return nil, err } defer bld.finalize() - bld.addUTF8String(_OSSL_PKEY_PARAM_GROUP_NAME, C.go_openssl_OBJ_nid2sn(nid), 0) + bld.addUTF8String(_OSSL_PKEY_PARAM_GROUP_NAME, go_openssl_OBJ_nid2sn(nid), 0) bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, pubBytes) - var selection C.int + var selection int32 if bd != nil { bld.addBN(_OSSL_PKEY_PARAM_PRIV_KEY, bd) selection = _EVP_PKEY_KEYPAIR @@ -203,6 +202,6 @@ func newECDSAKey3(nid C.int, bx, by, bd C.GO_BIGNUM_PTR) (C.GO_EVP_PKEY_PTR, err if err != nil { return nil, err } - defer C.go_openssl_OSSL_PARAM_free(params) + defer go_openssl_OSSL_PARAM_free(params) return newEvpFromParams(_EVP_PKEY_EC, selection, params) } diff --git a/ed25519.go b/ed25519.go index 2384568c..6c52df87 100644 --- a/ed25519.go +++ b/ed25519.go @@ -2,7 +2,6 @@ package openssl -// #include "goopenssl.h" import "C" import ( "errors" @@ -29,16 +28,16 @@ var supportsEd25519 = sync.OnceValue(func() bool { switch vMajor { case 1: if versionAtOrAbove(1, 1, 1) { - ctx := C.go_openssl_EVP_PKEY_CTX_new_id(_EVP_PKEY_ED25519, nil) + ctx := go_openssl_EVP_PKEY_CTX_new_id(_EVP_PKEY_ED25519, nil) if ctx != nil { - C.go_openssl_EVP_PKEY_CTX_free(ctx) + go_openssl_EVP_PKEY_CTX_free(ctx) return true } } case 3: - sig := C.go_openssl_EVP_SIGNATURE_fetch(nil, _KeyTypeED25519.ptr(), nil) + sig := go_openssl_EVP_SIGNATURE_fetch(nil, _KeyTypeED25519.ptr(), nil) if sig != nil { - C.go_openssl_EVP_SIGNATURE_free(sig) + go_openssl_EVP_SIGNATURE_free(sig) return true } } @@ -52,11 +51,11 @@ func SupportsEd25519() bool { } type PublicKeyEd25519 struct { - _pkey C.GO_EVP_PKEY_PTR + _pkey _EVP_PKEY_PTR } func (k *PublicKeyEd25519) finalize() { - C.go_openssl_EVP_PKEY_free(k._pkey) + go_openssl_EVP_PKEY_free(k._pkey) } func (k *PublicKeyEd25519) Bytes() ([]byte, error) { @@ -69,11 +68,11 @@ func (k *PublicKeyEd25519) Bytes() ([]byte, error) { } type PrivateKeyEd25519 struct { - _pkey C.GO_EVP_PKEY_PTR + _pkey _EVP_PKEY_PTR } func (k *PrivateKeyEd25519) finalize() { - C.go_openssl_EVP_PKEY_free(k._pkey) + go_openssl_EVP_PKEY_free(k._pkey) } func (k *PrivateKeyEd25519) Bytes() ([]byte, error) { @@ -129,7 +128,7 @@ func NewPublicKeyEd25519(pub []byte) (*PublicKeyEd25519, error) { if len(pub) != publicKeySizeEd25519 { panic("ed25519: bad public key length: " + strconv.Itoa(len(pub))) } - pkey := C.go_openssl_EVP_PKEY_new_raw_public_key(_EVP_PKEY_ED25519, nil, base(pub), C.size_t(len(pub))) + pkey := go_openssl_EVP_PKEY_new_raw_public_key(_EVP_PKEY_ED25519, nil, base(pub), len(pub)) if pkey == nil { return nil, newOpenSSLError("EVP_PKEY_new_raw_public_key") } @@ -145,7 +144,7 @@ func NewPrivateKeyEd25519FromSeed(seed []byte) (*PrivateKeyEd25519, error) { if len(seed) != seedSizeEd25519 { panic("ed25519: bad seed length: " + strconv.Itoa(len(seed))) } - pkey := C.go_openssl_EVP_PKEY_new_raw_private_key(_EVP_PKEY_ED25519, nil, base(seed), C.size_t(len(seed))) + pkey := go_openssl_EVP_PKEY_new_raw_private_key(_EVP_PKEY_ED25519, nil, base(seed), len(seed)) if pkey == nil { return nil, newOpenSSLError("EVP_PKEY_new_raw_private_key") } @@ -154,27 +153,27 @@ func NewPrivateKeyEd25519FromSeed(seed []byte) (*PrivateKeyEd25519, error) { return priv, nil } -func extractPKEYPubEd25519(pkey C.GO_EVP_PKEY_PTR, pub []byte) error { - keylen := C.size_t(publicKeySizeEd25519) - if C.go_openssl_EVP_PKEY_get_raw_public_key(pkey, base(pub), &keylen) != 1 { +func extractPKEYPubEd25519(pkey _EVP_PKEY_PTR, pub []byte) error { + keylen := publicKeySizeEd25519 + if go_openssl_EVP_PKEY_get_raw_public_key(pkey, base(pub), &keylen) != 1 { return newOpenSSLError("EVP_PKEY_get_raw_public_key") } - if int(keylen) != publicKeySizeEd25519 { - return errors.New("ed25519: bad public key length: " + strconv.Itoa(int(keylen))) + if keylen != publicKeySizeEd25519 { + return errors.New("ed25519: bad public key length: " + strconv.Itoa(keylen)) } return nil } -func extractPKEYPrivEd25519(pkey C.GO_EVP_PKEY_PTR, priv []byte) error { +func extractPKEYPrivEd25519(pkey _EVP_PKEY_PTR, priv []byte) error { if err := extractPKEYPubEd25519(pkey, priv[seedSizeEd25519:]); err != nil { return err } - keylen := C.size_t(seedSizeEd25519) - if C.go_openssl_EVP_PKEY_get_raw_private_key(pkey, base(priv), &keylen) != 1 { + keylen := seedSizeEd25519 + if go_openssl_EVP_PKEY_get_raw_private_key(pkey, base(priv), &keylen) != 1 { return newOpenSSLError("EVP_PKEY_get_raw_private_key") } - if int(keylen) != seedSizeEd25519 { - return errors.New("ed25519: bad private key length: " + strconv.Itoa(int(keylen))) + if keylen != seedSizeEd25519 { + return errors.New("ed25519: bad private key length: " + strconv.Itoa(keylen)) } return nil } @@ -192,20 +191,20 @@ func SignEd25519(priv *PrivateKeyEd25519, message []byte) (sig []byte, err error func signEd25519(priv *PrivateKeyEd25519, sig, message []byte) error { defer runtime.KeepAlive(priv) - ctx := C.go_openssl_EVP_MD_CTX_new() + ctx := go_openssl_EVP_MD_CTX_new() if ctx == nil { return newOpenSSLError("EVP_MD_CTX_new") } - defer C.go_openssl_EVP_MD_CTX_free(ctx) - if C.go_openssl_EVP_DigestSignInit(ctx, nil, nil, nil, priv._pkey) != 1 { + defer go_openssl_EVP_MD_CTX_free(ctx) + if go_openssl_EVP_DigestSignInit(ctx, nil, nil, nil, priv._pkey) != 1 { return newOpenSSLError("EVP_DigestSignInit") } - siglen := C.size_t(signatureSizeEd25519) - if C.go_openssl_EVP_DigestSign(ctx, base(sig), &siglen, base(message), C.size_t(len(message))) != 1 { + siglen := signatureSizeEd25519 + if go_openssl_EVP_DigestSign(ctx, base(sig), &siglen, base(message), len(message)) != 1 { return newOpenSSLError("EVP_DigestSign") } - if int(siglen) != signatureSizeEd25519 { - return errors.New("ed25519: bad signature length: " + strconv.Itoa(int(siglen))) + if siglen != signatureSizeEd25519 { + return errors.New("ed25519: bad signature length: " + strconv.Itoa(siglen)) } return nil } @@ -213,15 +212,15 @@ func signEd25519(priv *PrivateKeyEd25519, sig, message []byte) error { // VerifyEd25519 reports whether sig is a valid signature of message by pub. func VerifyEd25519(pub *PublicKeyEd25519, message, sig []byte) error { defer runtime.KeepAlive(pub) - ctx := C.go_openssl_EVP_MD_CTX_new() + ctx := go_openssl_EVP_MD_CTX_new() if ctx == nil { return newOpenSSLError("EVP_MD_CTX_new") } - defer C.go_openssl_EVP_MD_CTX_free(ctx) - if C.go_openssl_EVP_DigestVerifyInit(ctx, nil, nil, nil, pub._pkey) != 1 { + defer go_openssl_EVP_MD_CTX_free(ctx) + if go_openssl_EVP_DigestVerifyInit(ctx, nil, nil, nil, pub._pkey) != 1 { return newOpenSSLError("EVP_DigestVerifyInit") } - if C.go_openssl_EVP_DigestVerify(ctx, base(sig), C.size_t(len(sig)), base(message), C.size_t(len(message))) != 1 { + if go_openssl_EVP_DigestVerify(ctx, base(sig), len(sig), base(message), len(message)) != 1 { return errors.New("ed25519: invalid signature") } return nil diff --git a/evp.go b/evp.go index 814bcd9b..704a2140 100644 --- a/evp.go +++ b/evp.go @@ -2,7 +2,6 @@ package openssl -// #include "goopenssl.h" import "C" import ( "crypto" @@ -41,7 +40,7 @@ func hashFuncHash(fn func() hash.Hash) (h hash.Hash, err error) { } // hashToMD converts a hash.Hash implementation from this package to a GO_EVP_MD_PTR. -func hashToMD(h hash.Hash) C.GO_EVP_MD_PTR { +func hashToMD(h hash.Hash) _EVP_MD_PTR { if h, ok := h.(*evpHash); ok { return h.alg.md } @@ -50,7 +49,7 @@ func hashToMD(h hash.Hash) C.GO_EVP_MD_PTR { // hashFuncToMD converts a hash.Hash function to a GO_EVP_MD_PTR. // See [hashFuncHash] for details on error handling. -func hashFuncToMD(fn func() hash.Hash) (C.GO_EVP_MD_PTR, error) { +func hashFuncToMD(fn func() hash.Hash) (_EVP_MD_PTR, error) { h, err := hashFuncHash(fn) if err != nil { return nil, err @@ -63,7 +62,7 @@ func hashFuncToMD(fn func() hash.Hash) (C.GO_EVP_MD_PTR, error) { } type hashAlgorithm struct { - md C.GO_EVP_MD_PTR + md _EVP_MD_PTR ch crypto.Hash size int blockSize int @@ -81,62 +80,62 @@ func loadHash(ch crypto.Hash) *hashAlgorithm { var hash hashAlgorithm switch ch { case crypto.RIPEMD160: - hash.md = C.go_openssl_EVP_ripemd160() + hash.md = go_openssl_EVP_ripemd160() case crypto.MD4: - hash.md = C.go_openssl_EVP_md4() + hash.md = go_openssl_EVP_md4() case crypto.MD5: - hash.md = C.go_openssl_EVP_md5() + hash.md = go_openssl_EVP_md5() hash.magic = md5Magic hash.marshalledSize = md5MarshaledSize case crypto.MD5SHA1: - hash.md = C.go_openssl_EVP_md5_sha1() + hash.md = go_openssl_EVP_md5_sha1() case crypto.SHA1: - hash.md = C.go_openssl_EVP_sha1() + hash.md = go_openssl_EVP_sha1() hash.magic = sha1Magic hash.marshalledSize = sha1MarshaledSize case crypto.SHA224: - hash.md = C.go_openssl_EVP_sha224() + hash.md = go_openssl_EVP_sha224() hash.magic = magic224 hash.marshalledSize = marshaledSize256 case crypto.SHA256: - hash.md = C.go_openssl_EVP_sha256() + hash.md = go_openssl_EVP_sha256() hash.magic = magic256 hash.marshalledSize = marshaledSize256 case crypto.SHA384: - hash.md = C.go_openssl_EVP_sha384() + hash.md = go_openssl_EVP_sha384() hash.magic = magic384 hash.marshalledSize = marshaledSize512 case crypto.SHA512: - hash.md = C.go_openssl_EVP_sha512() + hash.md = go_openssl_EVP_sha512() hash.magic = magic512 hash.marshalledSize = marshaledSize512 case crypto.SHA512_224: if versionAtOrAbove(1, 1, 1) { - hash.md = C.go_openssl_EVP_sha512_224() + hash.md = go_openssl_EVP_sha512_224() hash.magic = magic512_224 hash.marshalledSize = marshaledSize512 } case crypto.SHA512_256: if versionAtOrAbove(1, 1, 1) { - hash.md = C.go_openssl_EVP_sha512_256() + hash.md = go_openssl_EVP_sha512_256() hash.magic = magic512_256 hash.marshalledSize = marshaledSize512 } case crypto.SHA3_224: if versionAtOrAbove(1, 1, 1) { - hash.md = C.go_openssl_EVP_sha3_224() + hash.md = go_openssl_EVP_sha3_224() } case crypto.SHA3_256: if versionAtOrAbove(1, 1, 1) { - hash.md = C.go_openssl_EVP_sha3_256() + hash.md = go_openssl_EVP_sha3_256() } case crypto.SHA3_384: if versionAtOrAbove(1, 1, 1) { - hash.md = C.go_openssl_EVP_sha3_384() + hash.md = go_openssl_EVP_sha3_384() } case crypto.SHA3_512: if versionAtOrAbove(1, 1, 1) { - hash.md = C.go_openssl_EVP_sha3_512() + hash.md = go_openssl_EVP_sha3_512() } } if hash.md == nil { @@ -144,14 +143,14 @@ func loadHash(ch crypto.Hash) *hashAlgorithm { return nil } hash.ch = ch - hash.size = int(C.go_openssl_EVP_MD_get_size(hash.md)) - hash.blockSize = int(C.go_openssl_EVP_MD_get_block_size(hash.md)) + hash.size = int(go_openssl_EVP_MD_get_size(hash.md)) + hash.blockSize = int(go_openssl_EVP_MD_get_block_size(hash.md)) if vMajor == 3 { // On OpenSSL 3, directly operating on a EVP_MD object // not created by EVP_MD_fetch has negative performance // implications, as digest operations will have // to fetch it on every call. Better to just fetch it once here. - md := C.go_openssl_EVP_MD_fetch(nil, C.go_openssl_EVP_MD_get0_name(hash.md), nil) + md := go_openssl_EVP_MD_fetch(nil, go_openssl_EVP_MD_get0_name(hash.md), nil) // Don't overwrite md in case it can't be fetched, as the md may still be used // outside of EVP_MD_CTX, for example to sign and verify RSA signatures. if md != nil { @@ -164,42 +163,42 @@ func loadHash(ch crypto.Hash) *hashAlgorithm { } // generateEVPPKey generates a new EVP_PKEY with the given id and properties. -func generateEVPPKey(id C.int, bits int, curve string) (C.GO_EVP_PKEY_PTR, error) { +func generateEVPPKey(id, bits int32, curve string) (_EVP_PKEY_PTR, error) { if bits != 0 && curve != "" { return nil, fail("incorrect generateEVPPKey parameters") } - var pkey C.GO_EVP_PKEY_PTR + var pkey _EVP_PKEY_PTR switch vMajor { case 1: - ctx := C.go_openssl_EVP_PKEY_CTX_new_id(id, nil) + ctx := go_openssl_EVP_PKEY_CTX_new_id(id, nil) if ctx == nil { return nil, newOpenSSLError("EVP_PKEY_CTX_new_id") } - defer C.go_openssl_EVP_PKEY_CTX_free(ctx) - if C.go_openssl_EVP_PKEY_keygen_init(ctx) != 1 { + defer go_openssl_EVP_PKEY_CTX_free(ctx) + if go_openssl_EVP_PKEY_keygen_init(ctx) != 1 { return nil, newOpenSSLError("EVP_PKEY_keygen_init") } if bits != 0 { - if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, id, -1, _EVP_PKEY_CTRL_RSA_KEYGEN_BITS, C.int(bits), nil) != 1 { + if go_openssl_EVP_PKEY_CTX_ctrl(ctx, id, -1, _EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, nil) != 1 { return nil, newOpenSSLError("EVP_PKEY_CTX_ctrl") } } if curve != "" { - if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, id, -1, _EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, curveNID(curve), nil) != 1 { + if go_openssl_EVP_PKEY_CTX_ctrl(ctx, id, -1, _EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, curveNID(curve), nil) != 1 { return nil, newOpenSSLError("EVP_PKEY_CTX_ctrl") } } - if C.go_openssl_EVP_PKEY_keygen(ctx, &pkey) != 1 { + if go_openssl_EVP_PKEY_keygen(ctx, &pkey) != 1 { return nil, newOpenSSLError("EVP_PKEY_keygen") } case 3: switch id { case _EVP_PKEY_RSA: - pkey = C.go_openssl_EVP_PKEY_Q_keygen_RSA(nil, nil, _KeyTypeRSA.ptr(), C.size_t(bits)) + pkey = go_openssl_EVP_PKEY_Q_keygen_RSA(nil, nil, _KeyTypeRSA.ptr(), int(bits)) case _EVP_PKEY_EC: - pkey = C.go_openssl_EVP_PKEY_Q_keygen_EC(nil, nil, _KeyTypeEC.ptr(), C.go_openssl_OBJ_nid2sn(curveNID(curve))) + pkey = go_openssl_EVP_PKEY_Q_keygen_EC(nil, nil, _KeyTypeEC.ptr(), go_openssl_OBJ_nid2sn(curveNID(curve))) case _EVP_PKEY_ED25519: - pkey = C.go_openssl_EVP_PKEY_Q_keygen(nil, nil, _KeyTypeED25519.ptr()) + pkey = go_openssl_EVP_PKEY_Q_keygen_ED25519(nil, nil, _KeyTypeED25519.ptr()) default: panic("unsupported key type '" + strconv.Itoa(int(id)) + "'") } @@ -213,17 +212,17 @@ func generateEVPPKey(id C.int, bits int, curve string) (C.GO_EVP_PKEY_PTR, error return pkey, nil } -type withKeyFunc func(func(C.GO_EVP_PKEY_PTR) C.int) C.int -type initFunc func(C.GO_EVP_PKEY_CTX_PTR) error -type cryptFunc func(C.GO_EVP_PKEY_CTX_PTR, *C.uchar, *C.size_t, *C.uchar, C.size_t) error -type verifyFunc func(C.GO_EVP_PKEY_CTX_PTR, *C.uchar, C.size_t, *C.uchar, C.size_t) error +type withKeyFunc func(func(_EVP_PKEY_PTR) int32) int32 +type initFunc func(_EVP_PKEY_CTX_PTR) error +type cryptFunc func(_EVP_PKEY_CTX_PTR, *byte, *int, *byte, int) error +type verifyFunc func(_EVP_PKEY_CTX_PTR, *byte, int, *byte, int) error -func setupEVP(withKey withKeyFunc, padding C.int, - h, mgfHash hash.Hash, label []byte, saltLen C.int, ch crypto.Hash, - init initFunc) (_ C.GO_EVP_PKEY_CTX_PTR, err error) { - var ctx C.GO_EVP_PKEY_CTX_PTR - withKey(func(pkey C.GO_EVP_PKEY_PTR) C.int { - ctx = C.go_openssl_EVP_PKEY_CTX_new(pkey, nil) +func setupEVP(withKey withKeyFunc, padding int32, + h, mgfHash hash.Hash, label []byte, saltLen int32, ch crypto.Hash, + init initFunc) (_ _EVP_PKEY_CTX_PTR, err error) { + var ctx _EVP_PKEY_CTX_PTR + withKey(func(pkey _EVP_PKEY_PTR) int32 { + ctx = go_openssl_EVP_PKEY_CTX_new(pkey, nil) return 1 }) if ctx == nil { @@ -232,7 +231,7 @@ func setupEVP(withKey withKeyFunc, padding C.int, defer func() { if err != nil { if ctx != nil { - C.go_openssl_EVP_PKEY_CTX_free(ctx) + go_openssl_EVP_PKEY_CTX_free(ctx) ctx = nil } } @@ -246,7 +245,7 @@ func setupEVP(withKey withKeyFunc, padding C.int, // Each padding type has its own requirements in terms of when to apply the padding, // so it can't be just set at this point. setPadding := func() error { - if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, _EVP_PKEY_RSA, -1, _EVP_PKEY_CTRL_RSA_PADDING, padding, nil) != 1 { + if go_openssl_EVP_PKEY_CTX_ctrl(ctx, _EVP_PKEY_RSA, -1, _EVP_PKEY_CTRL_RSA_PADDING, padding, nil) != 1 { return newOpenSSLError("EVP_PKEY_CTX_ctrl failed") } return nil @@ -257,7 +256,7 @@ func setupEVP(withKey withKeyFunc, padding C.int, if md == nil { return nil, errors.New("crypto/rsa: unsupported hash function") } - var mgfMD C.GO_EVP_MD_PTR + var mgfMD _EVP_MD_PTR if mgfHash != nil { // mgfHash is optional, but if it is set it must match a supported hash function. mgfMD = hashToMD(mgfHash) @@ -269,29 +268,29 @@ func setupEVP(withKey withKeyFunc, padding C.int, if err := setPadding(); err != nil { return nil, err } - if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, _EVP_PKEY_RSA, -1, _EVP_PKEY_CTRL_RSA_OAEP_MD, 0, unsafe.Pointer(md)) != 1 { + if go_openssl_EVP_PKEY_CTX_ctrl(ctx, _EVP_PKEY_RSA, -1, _EVP_PKEY_CTRL_RSA_OAEP_MD, 0, unsafe.Pointer(md)) != 1 { return nil, newOpenSSLError("EVP_PKEY_CTX_ctrl failed") } if mgfHash != nil { - if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, _EVP_PKEY_RSA, -1, _EVP_PKEY_CTRL_RSA_MGF1_MD, 0, unsafe.Pointer(mgfMD)) != 1 { + if go_openssl_EVP_PKEY_CTX_ctrl(ctx, _EVP_PKEY_RSA, -1, _EVP_PKEY_CTRL_RSA_MGF1_MD, 0, unsafe.Pointer(mgfMD)) != 1 { return nil, newOpenSSLError("EVP_PKEY_CTX_ctrl failed") } } // ctx takes ownership of label, so malloc a copy for OpenSSL to free. // OpenSSL does not take ownership of the label if the length is zero, // so better avoid the allocation. - var clabel *C.uchar + var clabel *byte if len(label) > 0 { - clabel = (*C.uchar)(cryptoMalloc(len(label))) + clabel = (*byte)(cryptoMalloc(len(label))) copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label) var err error if vMajor == 3 { - ret := C.go_openssl_EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, unsafe.Pointer(clabel), C.int(len(label))) + ret := go_openssl_EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, unsafe.Pointer(clabel), int32(len(label))) if ret != 1 { err = newOpenSSLError("EVP_PKEY_CTX_set0_rsa_oaep_label failed") } } else { - ret := C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, _EVP_PKEY_RSA, -1, _EVP_PKEY_CTRL_RSA_OAEP_LABEL, C.int(len(label)), unsafe.Pointer(clabel)) + ret := go_openssl_EVP_PKEY_CTX_ctrl(ctx, _EVP_PKEY_RSA, -1, _EVP_PKEY_CTRL_RSA_OAEP_LABEL, int32(len(label)), unsafe.Pointer(clabel)) if ret != 1 { err = newOpenSSLError("EVP_PKEY_CTX_ctrl failed") } @@ -306,7 +305,7 @@ func setupEVP(withKey withKeyFunc, padding C.int, if alg == nil { return nil, errors.New("crypto/rsa: unsupported hash function") } - if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, _EVP_PKEY_RSA, -1, _EVP_PKEY_CTRL_MD, 0, unsafe.Pointer(alg.md)) != 1 { + if go_openssl_EVP_PKEY_CTX_ctrl(ctx, _EVP_PKEY_RSA, -1, _EVP_PKEY_CTRL_MD, 0, unsafe.Pointer(alg.md)) != 1 { return nil, newOpenSSLError("EVP_PKEY_CTX_ctrl failed") } // setPadding must happen after setting EVP_PKEY_CTRL_MD. @@ -314,7 +313,7 @@ func setupEVP(withKey withKeyFunc, padding C.int, return nil, err } if saltLen != 0 { - if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, _EVP_PKEY_RSA, -1, _EVP_PKEY_CTRL_RSA_PSS_SALTLEN, saltLen, nil) != 1 { + if go_openssl_EVP_PKEY_CTX_ctrl(ctx, _EVP_PKEY_RSA, -1, _EVP_PKEY_CTRL_RSA_PSS_SALTLEN, saltLen, nil) != 1 { return nil, newOpenSSLError("EVP_PKEY_CTX_ctrl failed") } } @@ -326,7 +325,7 @@ func setupEVP(withKey withKeyFunc, padding C.int, if alg == nil { return nil, errors.New("crypto/rsa: unsupported hash function") } - if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, -1, _EVP_PKEY_CTRL_MD, 0, unsafe.Pointer(alg.md)) != 1 { + if go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, -1, _EVP_PKEY_CTRL_MD, 0, unsafe.Pointer(alg.md)) != 1 { return nil, newOpenSSLError("EVP_PKEY_CTX_ctrl failed") } if err := setPadding(); err != nil { @@ -341,21 +340,21 @@ func setupEVP(withKey withKeyFunc, padding C.int, return ctx, nil } -func cryptEVP(withKey withKeyFunc, padding C.int, - h, mgfHash hash.Hash, label []byte, saltLen C.int, ch crypto.Hash, +func cryptEVP(withKey withKeyFunc, padding int32, + h, mgfHash hash.Hash, label []byte, saltLen int32, ch crypto.Hash, init initFunc, crypt cryptFunc, in []byte) ([]byte, error) { ctx, err := setupEVP(withKey, padding, h, mgfHash, label, saltLen, ch, init) if err != nil { return nil, err } - defer C.go_openssl_EVP_PKEY_CTX_free(ctx) - pkeySize := withKey(func(pkey C.GO_EVP_PKEY_PTR) C.int { - return C.go_openssl_EVP_PKEY_get_size(pkey) + defer go_openssl_EVP_PKEY_CTX_free(ctx) + pkeySize := withKey(func(pkey _EVP_PKEY_PTR) int32 { + return go_openssl_EVP_PKEY_get_size(pkey) }) - outLen := C.size_t(pkeySize) + outLen := int(pkeySize) out := make([]byte, pkeySize) - if err := crypt(ctx, base(out), &outLen, base(in), C.size_t(len(in))); err != nil { + if err := crypt(ctx, base(out), &outLen, base(in), len(in)); err != nil { return nil, err } // The size returned by EVP_PKEY_get_size() is only preliminary and not exact, @@ -363,8 +362,8 @@ func cryptEVP(withKey withKeyFunc, padding C.int, return out[:outLen], nil } -func verifyEVP(withKey withKeyFunc, padding C.int, - h hash.Hash, label []byte, saltLen C.int, ch crypto.Hash, +func verifyEVP(withKey withKeyFunc, padding int32, + h hash.Hash, label []byte, saltLen int32, ch crypto.Hash, init initFunc, verify verifyFunc, sig, in []byte) error { @@ -372,19 +371,19 @@ func verifyEVP(withKey withKeyFunc, padding C.int, if err != nil { return err } - defer C.go_openssl_EVP_PKEY_CTX_free(ctx) - return verify(ctx, base(sig), C.size_t(len(sig)), base(in), C.size_t(len(in))) + defer go_openssl_EVP_PKEY_CTX_free(ctx) + return verify(ctx, base(sig), len(sig), base(in), len(in)) } -func evpEncrypt(withKey withKeyFunc, padding C.int, h, mgfHash hash.Hash, label, msg []byte) ([]byte, error) { - encryptInit := func(ctx C.GO_EVP_PKEY_CTX_PTR) error { - if ret := C.go_openssl_EVP_PKEY_encrypt_init(ctx); ret != 1 { +func evpEncrypt(withKey withKeyFunc, padding int32, h, mgfHash hash.Hash, label, msg []byte) ([]byte, error) { + encryptInit := func(ctx _EVP_PKEY_CTX_PTR) error { + if ret := go_openssl_EVP_PKEY_encrypt_init(ctx); ret != 1 { return newOpenSSLError("EVP_PKEY_encrypt_init failed") } return nil } - encrypt := func(ctx C.GO_EVP_PKEY_CTX_PTR, out *C.uchar, outLen *C.size_t, in *C.uchar, inLen C.size_t) error { - if ret := C.go_openssl_EVP_PKEY_encrypt(ctx, out, outLen, in, inLen); ret != 1 { + encrypt := func(ctx _EVP_PKEY_CTX_PTR, out *byte, outLen *int, in *byte, inLen int) error { + if ret := go_openssl_EVP_PKEY_encrypt(ctx, out, outLen, in, inLen); ret != 1 { return newOpenSSLError("EVP_PKEY_encrypt failed") } return nil @@ -392,15 +391,15 @@ func evpEncrypt(withKey withKeyFunc, padding C.int, h, mgfHash hash.Hash, label, return cryptEVP(withKey, padding, h, mgfHash, label, 0, 0, encryptInit, encrypt, msg) } -func evpDecrypt(withKey withKeyFunc, padding C.int, h, mgfHash hash.Hash, label, msg []byte) ([]byte, error) { - decryptInit := func(ctx C.GO_EVP_PKEY_CTX_PTR) error { - if ret := C.go_openssl_EVP_PKEY_decrypt_init(ctx); ret != 1 { +func evpDecrypt(withKey withKeyFunc, padding int32, h, mgfHash hash.Hash, label, msg []byte) ([]byte, error) { + decryptInit := func(ctx _EVP_PKEY_CTX_PTR) error { + if ret := go_openssl_EVP_PKEY_decrypt_init(ctx); ret != 1 { return newOpenSSLError("EVP_PKEY_decrypt_init failed") } return nil } - decrypt := func(ctx C.GO_EVP_PKEY_CTX_PTR, out *C.uchar, outLen *C.size_t, in *C.uchar, inLen C.size_t) error { - if ret := C.go_openssl_EVP_PKEY_decrypt(ctx, out, outLen, in, inLen); ret != 1 { + decrypt := func(ctx _EVP_PKEY_CTX_PTR, out *byte, outLen *int, in *byte, inLen int) error { + if ret := go_openssl_EVP_PKEY_decrypt(ctx, out, outLen, in, inLen); ret != 1 { return newOpenSSLError("EVP_PKEY_decrypt failed") } return nil @@ -408,15 +407,15 @@ func evpDecrypt(withKey withKeyFunc, padding C.int, h, mgfHash hash.Hash, label, return cryptEVP(withKey, padding, h, mgfHash, label, 0, 0, decryptInit, decrypt, msg) } -func evpSign(withKey withKeyFunc, padding C.int, saltLen C.int, h crypto.Hash, hashed []byte) ([]byte, error) { - signtInit := func(ctx C.GO_EVP_PKEY_CTX_PTR) error { - if ret := C.go_openssl_EVP_PKEY_sign_init(ctx); ret != 1 { +func evpSign(withKey withKeyFunc, padding int32, saltLen int32, h crypto.Hash, hashed []byte) ([]byte, error) { + signtInit := func(ctx _EVP_PKEY_CTX_PTR) error { + if ret := go_openssl_EVP_PKEY_sign_init(ctx); ret != 1 { return newOpenSSLError("EVP_PKEY_sign_init failed") } return nil } - sign := func(ctx C.GO_EVP_PKEY_CTX_PTR, out *C.uchar, outLen *C.size_t, in *C.uchar, inLen C.size_t) error { - if ret := C.go_openssl_EVP_PKEY_sign(ctx, out, outLen, in, inLen); ret != 1 { + sign := func(ctx _EVP_PKEY_CTX_PTR, out *byte, outLen *int, in *byte, inLen int) error { + if ret := go_openssl_EVP_PKEY_sign(ctx, out, outLen, in, inLen); ret != 1 { return newOpenSSLError("EVP_PKEY_sign failed") } return nil @@ -424,15 +423,15 @@ func evpSign(withKey withKeyFunc, padding C.int, saltLen C.int, h crypto.Hash, h return cryptEVP(withKey, padding, nil, nil, nil, saltLen, h, signtInit, sign, hashed) } -func evpVerify(withKey withKeyFunc, padding C.int, saltLen C.int, h crypto.Hash, sig, hashed []byte) error { - verifyInit := func(ctx C.GO_EVP_PKEY_CTX_PTR) error { - if ret := C.go_openssl_EVP_PKEY_verify_init(ctx); ret != 1 { +func evpVerify(withKey withKeyFunc, padding int32, saltLen int32, h crypto.Hash, sig, hashed []byte) error { + verifyInit := func(ctx _EVP_PKEY_CTX_PTR) error { + if ret := go_openssl_EVP_PKEY_verify_init(ctx); ret != 1 { return newOpenSSLError("EVP_PKEY_verify_init failed") } return nil } - verify := func(ctx C.GO_EVP_PKEY_CTX_PTR, out *C.uchar, outLen C.size_t, in *C.uchar, inLen C.size_t) error { - if ret := C.go_openssl_EVP_PKEY_verify(ctx, out, outLen, in, inLen); ret != 1 { + verify := func(ctx _EVP_PKEY_CTX_PTR, out *byte, outLen int, in *byte, inLen int) error { + if ret := go_openssl_EVP_PKEY_verify(ctx, out, outLen, in, inLen); ret != 1 { return newOpenSSLError("EVP_PKEY_verify failed") } return nil @@ -446,27 +445,27 @@ func evpHashSign(withKey withKeyFunc, h crypto.Hash, msg []byte) ([]byte, error) return nil, errors.New("unsupported hash function: " + strconv.Itoa(int(h))) } var out []byte - var outLen C.size_t - ctx := C.go_openssl_EVP_MD_CTX_new() + var outLen int + ctx := go_openssl_EVP_MD_CTX_new() if ctx == nil { return nil, newOpenSSLError("EVP_MD_CTX_new failed") } - defer C.go_openssl_EVP_MD_CTX_free(ctx) - if withKey(func(key C.GO_EVP_PKEY_PTR) C.int { - return C.go_openssl_EVP_DigestSignInit(ctx, nil, alg.md, nil, key) + defer go_openssl_EVP_MD_CTX_free(ctx) + if withKey(func(key _EVP_PKEY_PTR) int32 { + return go_openssl_EVP_DigestSignInit(ctx, nil, alg.md, nil, key) }) != 1 { return nil, newOpenSSLError("EVP_DigestSignInit failed") } - if C.go_openssl_EVP_DigestUpdate(ctx, unsafe.Pointer(base(msg)), C.size_t(len(msg))) != 1 { + if go_openssl_EVP_DigestUpdate(ctx, unsafe.Pointer(base(msg)), len(msg)) != 1 { return nil, newOpenSSLError("EVP_DigestUpdate failed") } // Obtain the signature length - if C.go_openssl_EVP_DigestSignFinal(ctx, nil, &outLen) != 1 { + if go_openssl_EVP_DigestSignFinal(ctx, nil, &outLen) != 1 { return nil, newOpenSSLError("EVP_DigestSignFinal failed") } out = make([]byte, outLen) // Obtain the signature - if C.go_openssl_EVP_DigestSignFinal(ctx, base(out), &outLen) != 1 { + if go_openssl_EVP_DigestSignFinal(ctx, base(out), &outLen) != 1 { return nil, newOpenSSLError("EVP_DigestSignFinal failed") } return out[:outLen], nil @@ -477,32 +476,32 @@ func evpHashVerify(withKey withKeyFunc, h crypto.Hash, msg, sig []byte) error { if alg == nil { return errors.New("unsupported hash function: " + strconv.Itoa(int(h))) } - ctx := C.go_openssl_EVP_MD_CTX_new() + ctx := go_openssl_EVP_MD_CTX_new() if ctx == nil { return newOpenSSLError("EVP_MD_CTX_new failed") } - defer C.go_openssl_EVP_MD_CTX_free(ctx) - if withKey(func(key C.GO_EVP_PKEY_PTR) C.int { - return C.go_openssl_EVP_DigestVerifyInit(ctx, nil, alg.md, nil, key) + defer go_openssl_EVP_MD_CTX_free(ctx) + if withKey(func(key _EVP_PKEY_PTR) int32 { + return go_openssl_EVP_DigestVerifyInit(ctx, nil, alg.md, nil, key) }) != 1 { return newOpenSSLError("EVP_DigestVerifyInit failed") } - if C.go_openssl_EVP_DigestUpdate(ctx, unsafe.Pointer(base(msg)), C.size_t(len(msg))) != 1 { + if go_openssl_EVP_DigestUpdate(ctx, unsafe.Pointer(base(msg)), len(msg)) != 1 { return newOpenSSLError("EVP_DigestUpdate failed") } - if C.go_openssl_EVP_DigestVerifyFinal(ctx, base(sig), C.size_t(len(sig))) != 1 { + if go_openssl_EVP_DigestVerifyFinal(ctx, base(sig), len(sig)) != 1 { return newOpenSSLError("EVP_DigestVerifyFinal failed") } return nil } -func newEVPPKEY(key C.GO_EC_KEY_PTR) (C.GO_EVP_PKEY_PTR, error) { - pkey := C.go_openssl_EVP_PKEY_new() +func newEVPPKEY(key _EC_KEY_PTR) (_EVP_PKEY_PTR, error) { + pkey := go_openssl_EVP_PKEY_new() if pkey == nil { return nil, newOpenSSLError("EVP_PKEY_new failed") } - if C.go_openssl_EVP_PKEY_assign(pkey, _EVP_PKEY_EC, unsafe.Pointer(key)) != 1 { - C.go_openssl_EVP_PKEY_free(pkey) + if go_openssl_EVP_PKEY_assign(pkey, _EVP_PKEY_EC, unsafe.Pointer(key)) != 1 { + go_openssl_EVP_PKEY_free(pkey) return nil, newOpenSSLError("EVP_PKEY_assign failed") } return pkey, nil @@ -511,50 +510,50 @@ func newEVPPKEY(key C.GO_EC_KEY_PTR) (C.GO_EVP_PKEY_PTR, error) { // getECKey returns the EC_KEY from pkey. // If pkey does not contain an EC_KEY it panics. // The returned key should not be freed. -func getECKey(pkey C.GO_EVP_PKEY_PTR) C.GO_EC_KEY_PTR { - key := C.go_openssl_EVP_PKEY_get0_EC_KEY(pkey) +func getECKey(pkey _EVP_PKEY_PTR) _EC_KEY_PTR { + key := go_openssl_EVP_PKEY_get0_EC_KEY(pkey) if key == nil { panic("pkey does not contain an EC_KEY") } return key } -func newEvpFromParams(id C.int, selection C.int, params C.GO_OSSL_PARAM_PTR) (C.GO_EVP_PKEY_PTR, error) { - ctx := C.go_openssl_EVP_PKEY_CTX_new_id(id, nil) +func newEvpFromParams(id int32, selection int32, params _OSSL_PARAM_PTR) (_EVP_PKEY_PTR, error) { + ctx := go_openssl_EVP_PKEY_CTX_new_id(id, nil) if ctx == nil { return nil, newOpenSSLError("EVP_PKEY_CTX_new_id") } - defer C.go_openssl_EVP_PKEY_CTX_free(ctx) - if C.go_openssl_EVP_PKEY_fromdata_init(ctx) != 1 { + defer go_openssl_EVP_PKEY_CTX_free(ctx) + if go_openssl_EVP_PKEY_fromdata_init(ctx) != 1 { return nil, newOpenSSLError("EVP_PKEY_fromdata_init") } - var pkey C.GO_EVP_PKEY_PTR - if C.go_openssl_EVP_PKEY_fromdata(ctx, &pkey, selection, params) != 1 { + var pkey _EVP_PKEY_PTR + if go_openssl_EVP_PKEY_fromdata(ctx, &pkey, selection, params) != 1 { if vMajor == 3 && vMinor <= 2 { // OpenSSL 3.0.1 and 3.0.2 have a bug where EVP_PKEY_fromdata // does not free the internally allocated EVP_PKEY on error. // See https://github.com/openssl/openssl/issues/17407. - C.go_openssl_EVP_PKEY_free(pkey) + go_openssl_EVP_PKEY_free(pkey) } return nil, newOpenSSLError("EVP_PKEY_fromdata") } return pkey, nil } -func checkPkey(pkey C.GO_EVP_PKEY_PTR, isPrivate bool) error { - ctx := C.go_openssl_EVP_PKEY_CTX_new(pkey, nil) +func checkPkey(pkey _EVP_PKEY_PTR, isPrivate bool) error { + ctx := go_openssl_EVP_PKEY_CTX_new(pkey, nil) if ctx == nil { return newOpenSSLError("EVP_PKEY_CTX_new") } - defer C.go_openssl_EVP_PKEY_CTX_free(ctx) + defer go_openssl_EVP_PKEY_CTX_free(ctx) if isPrivate { - if C.go_openssl_EVP_PKEY_private_check(ctx) != 1 { + if go_openssl_EVP_PKEY_private_check(ctx) != 1 { // Match upstream error message. return errors.New("invalid private key") } } else { // Upstream Go does a partial check here, so do we. - if C.go_openssl_EVP_PKEY_public_check_quick(ctx) != 1 { + if go_openssl_EVP_PKEY_public_check_quick(ctx) != 1 { // Match upstream error message. return errors.New("invalid public key") } diff --git a/goopenssl.c b/goopenssl.c index 5f872126..8653b927 100644 --- a/goopenssl.c +++ b/goopenssl.c @@ -1,6 +1,6 @@ //go:build unix || windows -#include "goopenssl.h" +#include "shims.h" #ifdef _WIN32 # include @@ -10,27 +10,6 @@ #endif #include // fprintf -// Approach taken from .Net System.Security.Cryptography.Native -// https://github.com/dotnet/runtime/blob/f64246ce08fb7a58221b2b7c8e68f69c02522b0d/src/libraries/Native/Unix/System.Security.Cryptography.Native/opensslshim.c - -#define DEFINEFUNC(ret, func, args, argscall) ret (*_g_##func)args; -#define DEFINEFUNC_LEGACY_1_1(ret, func, args, argscall) DEFINEFUNC(ret, func, args, argscall) -#define DEFINEFUNC_LEGACY_1(ret, func, args, argscall) DEFINEFUNC(ret, func, args, argscall) -#define DEFINEFUNC_1_1_1(ret, func, args, argscall) DEFINEFUNC(ret, func, args, argscall) -#define DEFINEFUNC_3_0(ret, func, args, argscall) DEFINEFUNC(ret, func, args, argscall) -#define DEFINEFUNC_RENAMED_3_0(ret, func, oldfunc, args, argscall) DEFINEFUNC(ret, func, args, argscall) -#define DEFINEFUNC_VARIADIC_3_0(ret, func, newname, args, argscall) DEFINEFUNC(ret, newname, args, argscall) - -FOR_ALL_OPENSSL_FUNCTIONS - -#undef DEFINEFUNC -#undef DEFINEFUNC_LEGACY_1_1 -#undef DEFINEFUNC_LEGACY_1 -#undef DEFINEFUNC_1_1_1 -#undef DEFINEFUNC_3_0 -#undef DEFINEFUNC_RENAMED_3_0 -#undef DEFINEFUNC_VARIADIC_3_0 - // go_openssl_fips_enabled returns 1 if FIPS mode is enabled, 0 otherwise. // As a special case, it returns -1 if it cannot determine if FIPS mode is enabled. // See openssl.FIPS for details about its implementation. @@ -55,8 +34,8 @@ go_openssl_fips_enabled(void* handle) // For OpenSSL 3.x. int (*EVP_default_properties_is_fips_enabled)(void*) = (int (*)(void*))dlsym(handle, "EVP_default_properties_is_fips_enabled"); - void *(*EVP_MD_fetch)(void*, const char*, const char*) = (void* (*)(void*, const char*, const char*))dlsym(handle, "EVP_MD_fetch"); - void (*EVP_MD_free)(void*) = (void (*)(void*))dlsym(handle, "EVP_MD_free"); + _EVP_MD_PTR (*EVP_MD_fetch)(void*, const char*, const char*) = (_EVP_MD_PTR (*)(void*, const char*, const char*))dlsym(handle, "EVP_MD_fetch"); + void (*EVP_MD_free)(_EVP_MD_PTR) = (void (*)(_EVP_MD_PTR))dlsym(handle, "EVP_MD_free"); if (EVP_default_properties_is_fips_enabled == NULL || EVP_MD_fetch == NULL || EVP_MD_free == NULL) { // Shouldn't happen, but if it does, we can't determine if FIPS mode is enabled. @@ -66,7 +45,7 @@ go_openssl_fips_enabled(void* handle) if (EVP_default_properties_is_fips_enabled(NULL) != 1) return 0; - void *md = EVP_MD_fetch(NULL, "SHA2-256", NULL); + _EVP_MD_PTR md = EVP_MD_fetch(NULL, "SHA2-256", NULL); if (md == NULL) return 0; @@ -74,66 +53,6 @@ go_openssl_fips_enabled(void* handle) return 1; } -// Load all the functions stored in FOR_ALL_OPENSSL_FUNCTIONS -// and assign them to their corresponding function pointer -// defined in goopenssl.h. -void -go_openssl_load_functions(void* handle, unsigned int major, unsigned int minor, unsigned int patch) -{ -#define DEFINEFUNC_INTERNAL(name, func) \ - _g_##name = dlsym(handle, func); \ - if (_g_##name == NULL) { \ - fprintf(stderr, "Cannot get required symbol " #func " from libcrypto version %u.%u\n", major, minor); \ - abort(); \ - } -#define DEFINEFUNC(ret, func, args, argscall) \ - DEFINEFUNC_INTERNAL(func, #func) -#define DEFINEFUNC_LEGACY_1_1(ret, func, args, argscall) \ - if (major == 1 && minor == 1) \ - { \ - DEFINEFUNC_INTERNAL(func, #func) \ - } -#define DEFINEFUNC_LEGACY_1(ret, func, args, argscall) \ - if (major == 1) \ - { \ - DEFINEFUNC_INTERNAL(func, #func) \ - } -#define DEFINEFUNC_1_1_1(ret, func, args, argscall) \ - if (major == 3 || (major == 1 && minor == 1 && patch == 1)) \ - { \ - DEFINEFUNC_INTERNAL(func, #func) \ - } -#define DEFINEFUNC_3_0(ret, func, args, argscall) \ - if (major == 3) \ - { \ - DEFINEFUNC_INTERNAL(func, #func) \ - } -#define DEFINEFUNC_RENAMED_3_0(ret, func, oldfunc, args, argscall) \ - if (major == 1) \ - { \ - DEFINEFUNC_INTERNAL(func, #oldfunc) \ - } \ - else \ - { \ - DEFINEFUNC_INTERNAL(func, #func) \ - } -#define DEFINEFUNC_VARIADIC_3_0(ret, func, newname, args, argscall) \ - if (major == 3) \ - { \ - DEFINEFUNC_INTERNAL(newname, #func) \ - } - -FOR_ALL_OPENSSL_FUNCTIONS - -#undef DEFINEFUNC -#undef DEFINEFUNC_LEGACY_1_1 -#undef DEFINEFUNC_LEGACY_1 -#undef DEFINEFUNC_1_1_1 -#undef DEFINEFUNC_3_0 -#undef DEFINEFUNC_RENAMED_3_0 -#undef DEFINEFUNC_VARIADIC_3_0 -} - static unsigned long version_num(void* handle) { diff --git a/goopenssl.h b/goopenssl.h deleted file mode 100644 index bc85164a..00000000 --- a/goopenssl.h +++ /dev/null @@ -1,73 +0,0 @@ -// This header file describes the OpenSSL ABI as built for use in Go. - -#include "shims.h" - -// Suppress warnings about unused parameters. -#define UNUSED(x) (void)(x) - -static inline void -go_openssl_do_leak_check(void) -{ -#ifndef __has_feature -#define __has_feature(x) 0 -#endif - -#if (defined(__SANITIZE_ADDRESS__) && __SANITIZE_ADDRESS__) || \ - __has_feature(address_sanitizer) - extern void __lsan_do_leak_check(void); - __lsan_do_leak_check(); -#endif -} - -int go_openssl_fips_enabled(void* handle); -int go_openssl_version_major(void* handle); -int go_openssl_version_minor(void* handle); -int go_openssl_version_patch(void* handle); -void go_openssl_load_functions(void* handle, unsigned int major, unsigned int minor, unsigned int patch); - -// Define pointers to all the used OpenSSL functions. -// Calling C function pointers from Go is currently not supported. -// It is possible to circumvent this by using a C function wrapper. -// https://pkg.go.dev/cmd/cgo -#define DEFINEFUNC(ret, func, args, argscall) \ - extern ret (*_g_##func)args; \ - static inline ret go_openssl_##func args \ - { \ - return _g_##func argscall; \ - } -#define DEFINEFUNC_LEGACY_1_1(ret, func, args, argscall) \ - DEFINEFUNC(ret, func, args, argscall) -#define DEFINEFUNC_LEGACY_1(ret, func, args, argscall) \ - DEFINEFUNC(ret, func, args, argscall) -#define DEFINEFUNC_1_1_1(ret, func, args, argscall) \ - DEFINEFUNC(ret, func, args, argscall) -#define DEFINEFUNC_3_0(ret, func, args, argscall) \ - DEFINEFUNC(ret, func, args, argscall) -#define DEFINEFUNC_RENAMED_3_0(ret, func, oldfunc, args, argscall) \ - DEFINEFUNC(ret, func, args, argscall) -#define DEFINEFUNC_VARIADIC_3_0(ret, func, newname, args, argscall) \ - DEFINEFUNC(ret, newname, args, argscall) - -FOR_ALL_OPENSSL_FUNCTIONS - -#undef DEFINEFUNC -#undef DEFINEFUNC_LEGACY_1_1 -#undef DEFINEFUNC_LEGACY_1 -#undef DEFINEFUNC_1_1_1 -#undef DEFINEFUNC_3_0 -#undef DEFINEFUNC_RENAMED_3_0 -#undef DEFINEFUNC_VARIADIC_3_0 - -// go_hash_sum copies ctx into ctx2 and calls EVP_DigestFinal_ex using ctx2. -// This is necessary because Go hash.Hash mandates that Sum has no effect -// on the underlying stream. In particular it is OK to Sum, then Write more, -// then Sum again, and the second Sum acts as if the first didn't happen. -// It is written in C because Sum() tend to be in the hot path, -// and doing one cgo call instead of two is a significant performance win. -static inline int -go_hash_sum(GO_EVP_MD_CTX_PTR ctx, GO_EVP_MD_CTX_PTR ctx2, unsigned char *out) -{ - if (go_openssl_EVP_MD_CTX_copy(ctx2, ctx) != 1) - return 0; - return go_openssl_EVP_DigestFinal_ex(ctx2, out, NULL); -} diff --git a/hash.go b/hash.go index a47dfe02..f9fe4db0 100644 --- a/hash.go +++ b/hash.go @@ -2,7 +2,22 @@ package openssl -// #include "goopenssl.h" +/* +#include "shims.h" +// go_hash_sum copies ctx into ctx2 and calls EVP_DigestFinal_ex using ctx2. +// This is necessary because Go hash.Hash mandates that Sum has no effect +// on the underlying stream. In particular it is OK to Sum, then Write more, +// then Sum again, and the second Sum acts as if the first didn't happen. +// It is written in C because Sum() tend to be in the hot path, +// and doing one cgo call instead of two is a significant performance win. +static inline int +go_hash_sum(const _EVP_MD_CTX_PTR ctx, _EVP_MD_CTX_PTR ctx2, unsigned char *out) +{ + if (EVP_MD_CTX_copy(ctx2, ctx) != 1) + return 0; + return EVP_DigestFinal_ex(ctx2, out, NULL); +} +*/ import "C" import ( "crypto" @@ -23,7 +38,7 @@ func hashOneShot(ch crypto.Hash, p []byte, sum []byte) bool { defer pinner.Unpin() pinner.Pin(&p[0]) } - return C.go_openssl_EVP_Digest(pbase(p), C.size_t(len(p)), base(sum), nil, loadHash(ch).md, nil) != 0 + return go_openssl_EVP_Digest(pbase(p), len(p), base(sum), nil, loadHash(ch).md, nil) != 0 } func MD4(p []byte) (sum [16]byte) { @@ -106,9 +121,9 @@ func SupportsHash(h crypto.Hash) bool { // in a EVP_MD_CTX, e.g. MD5 in FIPS mode. We need to prove // if they can be used by passing them to a EVP_MD_CTX. var supported bool - if ctx := C.go_openssl_EVP_MD_CTX_new(); ctx != nil { - supported = C.go_openssl_EVP_DigestInit_ex(ctx, alg.md, nil) == 1 - C.go_openssl_EVP_MD_CTX_free(ctx) + if ctx := go_openssl_EVP_MD_CTX_new(); ctx != nil { + supported = go_openssl_EVP_DigestInit_ex(ctx, alg.md, nil) == 1 + go_openssl_EVP_MD_CTX_free(ctx) } cacheHashSupported.Store(h, supported) return supported @@ -211,19 +226,19 @@ func NewSHA3_512() hash.Hash { // isHashMarshallable returns true if the memory layout of md // is known by this library and can therefore be marshalled. -func isHashMarshallable(md C.GO_EVP_MD_PTR) bool { +func isHashMarshallable(md _EVP_MD_PTR) bool { if vMajor == 1 { return true } - prov := C.go_openssl_EVP_MD_get0_provider(md) + prov := go_openssl_EVP_MD_get0_provider(md) if prov == nil { return false } - cname := C.go_openssl_OSSL_PROVIDER_get0_name(prov) + cname := go_openssl_OSSL_PROVIDER_get0_name(prov) if cname == nil { return false } - name := C.GoString(cname) + name := C.GoString((*C.char)(unsafe.Pointer(cname))) // We only know the memory layout of the built-in providers. // See evpHash.hashState for more details. marshallable := name == "default" || name == "fips" @@ -246,11 +261,11 @@ var _ cloneHash = (*evpHash)(nil) // evpHash implements generic hash methods. type evpHash struct { alg *hashAlgorithm - ctx C.GO_EVP_MD_CTX_PTR + ctx _EVP_MD_CTX_PTR // ctx2 is used in evpHash.sum to avoid changing // the state of ctx. Having it here allows reusing the // same allocated object multiple times. - ctx2 C.GO_EVP_MD_CTX_PTR + ctx2 _EVP_MD_CTX_PTR pinner runtime.Pinner } @@ -270,10 +285,10 @@ func newEvpHash(ch crypto.Hash) *evpHash { func (h *evpHash) finalize() { if h.ctx != nil { - C.go_openssl_EVP_MD_CTX_free(h.ctx) + go_openssl_EVP_MD_CTX_free(h.ctx) } if h.ctx2 != nil { - C.go_openssl_EVP_MD_CTX_free(h.ctx2) + go_openssl_EVP_MD_CTX_free(h.ctx2) } } @@ -281,12 +296,12 @@ func (h *evpHash) init() { if h.ctx != nil { return } - h.ctx = C.go_openssl_EVP_MD_CTX_new() - if C.go_openssl_EVP_DigestInit_ex(h.ctx, h.alg.md, nil) != 1 { - C.go_openssl_EVP_MD_CTX_free(h.ctx) + h.ctx = go_openssl_EVP_MD_CTX_new() + if go_openssl_EVP_DigestInit_ex(h.ctx, h.alg.md, nil) != 1 { + go_openssl_EVP_MD_CTX_free(h.ctx) panic(newOpenSSLError("EVP_DigestInit_ex")) } - h.ctx2 = C.go_openssl_EVP_MD_CTX_new() + h.ctx2 = go_openssl_EVP_MD_CTX_new() runtime.SetFinalizer(h, (*evpHash).finalize) } @@ -297,7 +312,7 @@ func (h *evpHash) Reset() { } // There is no need to reset h.ctx2 because it is always reset after // use in evpHash.sum. - if C.go_openssl_EVP_DigestInit_ex(h.ctx, nil, nil) != 1 { + if go_openssl_EVP_DigestInit_ex(h.ctx, nil, nil) != 1 { panic(newOpenSSLError("EVP_DigestInit_ex")) } runtime.KeepAlive(h) @@ -310,7 +325,7 @@ func (h *evpHash) Write(p []byte) (int, error) { defer h.pinner.Unpin() h.pinner.Pin(&p[0]) h.init() - if C.go_openssl_EVP_DigestUpdate(h.ctx, pbase(p), C.size_t(len(p))) != 1 { + if go_openssl_EVP_DigestUpdate(h.ctx, pbase(p), len(p)) != 1 { panic(newOpenSSLError("EVP_DigestUpdate")) } runtime.KeepAlive(h) @@ -322,7 +337,7 @@ func (h *evpHash) WriteString(s string) (int, error) { return 0, nil } h.init() - if C.go_openssl_EVP_DigestUpdate(h.ctx, unsafe.Pointer(unsafe.StringData(s)), C.size_t(len(s))) == 0 { + if go_openssl_EVP_DigestUpdate(h.ctx, unsafe.Pointer(unsafe.StringData(s)), len(s)) == 0 { panic("openssl: EVP_DigestUpdate failed") } runtime.KeepAlive(h) @@ -331,7 +346,7 @@ func (h *evpHash) WriteString(s string) (int, error) { func (h *evpHash) WriteByte(c byte) error { h.init() - if C.go_openssl_EVP_DigestUpdate(h.ctx, unsafe.Pointer(&c), 1) == 0 { + if go_openssl_EVP_DigestUpdate(h.ctx, unsafe.Pointer(&c), 1) == 0 { panic("openssl: EVP_DigestUpdate failed") } runtime.KeepAlive(h) @@ -349,7 +364,7 @@ func (h *evpHash) BlockSize() int { func (h *evpHash) Sum(in []byte) []byte { h.init() out := make([]byte, h.Size(), maxHashSize) // explicit cap to allow stack allocation - if C.go_hash_sum(h.ctx, h.ctx2, base(out)) != 1 { + if C.go_hash_sum(h.ctx, h.ctx2, (*C.uchar)(unsafe.SliceData(out))) != 1 { panic(newOpenSSLError("go_hash_sum")) } runtime.KeepAlive(h) @@ -362,17 +377,17 @@ func (h *evpHash) Sum(in []byte) []byte { func (h *evpHash) Clone() hash.Hash { h2 := &evpHash{alg: h.alg} if h.ctx != nil { - h2.ctx = C.go_openssl_EVP_MD_CTX_new() + h2.ctx = go_openssl_EVP_MD_CTX_new() if h2.ctx == nil { panic(newOpenSSLError("EVP_MD_CTX_new")) } - if C.go_openssl_EVP_MD_CTX_copy_ex(h2.ctx, h.ctx) != 1 { - C.go_openssl_EVP_MD_CTX_free(h2.ctx) + if go_openssl_EVP_MD_CTX_copy_ex(h2.ctx, h.ctx) != 1 { + go_openssl_EVP_MD_CTX_free(h2.ctx) panic(newOpenSSLError("EVP_MD_CTX_copy")) } - h2.ctx2 = C.go_openssl_EVP_MD_CTX_new() + h2.ctx2 = go_openssl_EVP_MD_CTX_new() if h2.ctx2 == nil { - C.go_openssl_EVP_MD_CTX_free(h2.ctx) + go_openssl_EVP_MD_CTX_free(h2.ctx) panic(newOpenSSLError("EVP_MD_CTX_new")) } runtime.SetFinalizer(h2, (*evpHash).finalize) @@ -385,7 +400,7 @@ func (h *evpHash) Clone() hash.Hash { // // The EVP_MD_CTX memory layout has changed in OpenSSL 3 // and the property holding the internal structure is no longer md_data but algctx. -func hashState(ctx C.GO_EVP_MD_CTX_PTR) unsafe.Pointer { +func hashState(ctx _EVP_MD_CTX_PTR) unsafe.Pointer { switch vMajor { case 1: // https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/crypto/evp/evp_local.h#L12. diff --git a/hkdf.go b/hkdf.go index 009c3e99..42e15a08 100644 --- a/hkdf.go +++ b/hkdf.go @@ -2,7 +2,6 @@ package openssl -// #include "goopenssl.h" import "C" import ( "errors" @@ -26,34 +25,34 @@ func SupportsHKDF() bool { } } -func newHKDFCtx1(md C.GO_EVP_MD_PTR, mode C.int, secret, salt, pseudorandomKey, info []byte) (ctx C.GO_EVP_PKEY_CTX_PTR, err error) { +func newHKDFCtx1(md _EVP_MD_PTR, mode int32, secret, salt, pseudorandomKey, info []byte) (ctx _EVP_PKEY_CTX_PTR, err error) { checkMajorVersion(1) - ctx = C.go_openssl_EVP_PKEY_CTX_new_id(_EVP_PKEY_HKDF, nil) + ctx = go_openssl_EVP_PKEY_CTX_new_id(_EVP_PKEY_HKDF, nil) if ctx == nil { return nil, newOpenSSLError("EVP_PKEY_CTX_new_id") } defer func() { if err != nil { - C.go_openssl_EVP_PKEY_CTX_free(ctx) + go_openssl_EVP_PKEY_CTX_free(ctx) } }() - if C.go_openssl_EVP_PKEY_derive_init(ctx) != 1 { + if go_openssl_EVP_PKEY_derive_init(ctx) != 1 { return ctx, newOpenSSLError("EVP_PKEY_derive_init") } - ctrlSlice := func(ctrl int, data []byte) C.int { + ctrlSlice := func(ctrl int32, data []byte) int32 { if len(data) == 0 { return 1 // No data to set. } - return C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, _EVP_PKEY_OP_DERIVE, C.int(ctrl), C.int(len(data)), unsafe.Pointer(base(data))) + return go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, _EVP_PKEY_OP_DERIVE, ctrl, int32(len(data)), unsafe.Pointer(base(data))) } - if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, _EVP_PKEY_OP_DERIVE, _EVP_PKEY_CTRL_HKDF_MODE, mode, nil) != 1 { + if go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, _EVP_PKEY_OP_DERIVE, _EVP_PKEY_CTRL_HKDF_MODE, mode, nil) != 1 { return ctx, newOpenSSLError("EVP_PKEY_CTX_set_hkdf_mode") } - if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, _EVP_PKEY_OP_DERIVE, _EVP_PKEY_CTRL_HKDF_MD, 0, unsafe.Pointer(md)) != 1 { + if go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, _EVP_PKEY_OP_DERIVE, _EVP_PKEY_CTRL_HKDF_MD, 0, unsafe.Pointer(md)) != 1 { return ctx, newOpenSSLError("EVP_PKEY_CTX_set_hkdf_md") } if ctrlSlice(_EVP_PKEY_CTRL_HKDF_KEY, secret) != 1 { @@ -72,7 +71,7 @@ func newHKDFCtx1(md C.GO_EVP_MD_PTR, mode C.int, secret, salt, pseudorandomKey, } type hkdf1 struct { - ctx C.GO_EVP_PKEY_CTX_PTR + ctx _EVP_PKEY_CTX_PTR hashLen int buf []byte @@ -80,7 +79,7 @@ type hkdf1 struct { func (c *hkdf1) finalize() { if c.ctx != nil { - C.go_openssl_EVP_PKEY_CTX_free(c.ctx) + go_openssl_EVP_PKEY_CTX_free(c.ctx) } } @@ -101,8 +100,8 @@ func (c *hkdf1) Read(p []byte) (int, error) { return 0, errors.New("hkdf: entropy limit reached") } c.buf = append(c.buf, make([]byte, needLen)...) - outLen := C.size_t(prevLen + needLen) - if C.go_openssl_EVP_PKEY_derive(c.ctx, base(c.buf), &outLen) != 1 { + outLen := prevLen + needLen + if go_openssl_EVP_PKEY_derive(c.ctx, base(c.buf), &outLen) != 1 { return 0, newOpenSSLError("EVP_PKEY_derive") } n := copy(p, c.buf[prevLen:outLen]) @@ -125,13 +124,13 @@ func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { if err != nil { return nil, err } - defer C.go_openssl_EVP_PKEY_CTX_free(ctx) - var keylen C.size_t - if C.go_openssl_EVP_PKEY_derive(ctx, nil, &keylen) != 1 { + defer go_openssl_EVP_PKEY_CTX_free(ctx) + var keylen int + if go_openssl_EVP_PKEY_derive(ctx, nil, &keylen) != 1 { return nil, newOpenSSLError("EVP_PKEY_derive_init") } out := make([]byte, keylen) - if C.go_openssl_EVP_PKEY_derive(ctx, base(out), &keylen) != 1 { + if go_openssl_EVP_PKEY_derive(ctx, base(out), &keylen) != 1 { return nil, newOpenSSLError("EVP_PKEY_derive") } return out[:keylen], nil @@ -140,9 +139,9 @@ func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { if err != nil { return nil, err } - defer C.go_openssl_EVP_KDF_CTX_free(ctx) - out := make([]byte, C.go_openssl_EVP_KDF_CTX_get_kdf_size(ctx)) - if C.go_openssl_EVP_KDF_derive(ctx, base(out), C.size_t(len(out)), nil) != 1 { + defer go_openssl_EVP_KDF_CTX_free(ctx) + out := make([]byte, go_openssl_EVP_KDF_CTX_get_kdf_size(ctx)) + if go_openssl_EVP_KDF_derive(ctx, base(out), len(out), nil) != 1 { return nil, newOpenSSLError("EVP_KDF_derive") } return out, nil @@ -169,9 +168,9 @@ func ExpandHKDFOneShot(h func() hash.Hash, pseudorandomKey, info []byte, keyLeng if err != nil { return nil, err } - defer C.go_openssl_EVP_PKEY_CTX_free(ctx) - keylen := C.size_t(keyLength) - if C.go_openssl_EVP_PKEY_derive(ctx, base(out), &keylen) != 1 { + defer go_openssl_EVP_PKEY_CTX_free(ctx) + keylen := keyLength + if go_openssl_EVP_PKEY_derive(ctx, base(out), &keylen) != 1 { return nil, newOpenSSLError("EVP_PKEY_derive") } case 3: @@ -179,8 +178,8 @@ func ExpandHKDFOneShot(h func() hash.Hash, pseudorandomKey, info []byte, keyLeng if err != nil { return nil, err } - defer C.go_openssl_EVP_KDF_CTX_free(ctx) - if C.go_openssl_EVP_KDF_derive(ctx, base(out), C.size_t(keyLength), nil) != 1 { + defer go_openssl_EVP_KDF_CTX_free(ctx) + if go_openssl_EVP_KDF_derive(ctx, base(out), keyLength, nil) != 1 { return nil, newOpenSSLError("EVP_KDF_derive") } default: @@ -199,13 +198,15 @@ func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, er return nil, err } + size := int(go_openssl_EVP_MD_get_size(md)) + switch vMajor { case 1: ctx, err := newHKDFCtx1(md, _EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) if err != nil { return nil, err } - c := &hkdf1{ctx: ctx, hashLen: int(C.go_openssl_EVP_MD_get_size(md))} + c := &hkdf1{ctx: ctx, hashLen: size} runtime.SetFinalizer(c, (*hkdf1).finalize) return c, nil case 3: @@ -213,7 +214,7 @@ func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, er if err != nil { return nil, err } - c := &hkdf3{ctx: ctx, hashLen: int(C.go_openssl_EVP_MD_get_size(md))} + c := &hkdf3{ctx: ctx, hashLen: size} runtime.SetFinalizer(c, (*hkdf3).finalize) return c, nil default: @@ -222,7 +223,7 @@ func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, er } type hkdf3 struct { - ctx C.GO_EVP_KDF_CTX_PTR + ctx _EVP_KDF_CTX_PTR hashLen int buf []byte @@ -230,17 +231,17 @@ type hkdf3 struct { func (c *hkdf3) finalize() { if c.ctx != nil { - C.go_openssl_EVP_KDF_CTX_free(c.ctx) + go_openssl_EVP_KDF_CTX_free(c.ctx) } } // fetchHKDF3 fetches the HKDF algorithm. // It is safe to call this function concurrently. // The returned EVP_KDF_PTR shouldn't be freed. -var fetchHKDF3 = sync.OnceValues(func() (C.GO_EVP_KDF_PTR, error) { +var fetchHKDF3 = sync.OnceValues(func() (_EVP_KDF_PTR, error) { checkMajorVersion(3) - kdf := C.go_openssl_EVP_KDF_fetch(nil, _OSSL_KDF_NAME_HKDF.ptr(), nil) + kdf := go_openssl_EVP_KDF_fetch(nil, _OSSL_KDF_NAME_HKDF.ptr(), nil) if kdf == nil { return nil, newOpenSSLError("EVP_KDF_fetch") } @@ -248,20 +249,20 @@ var fetchHKDF3 = sync.OnceValues(func() (C.GO_EVP_KDF_PTR, error) { }) // newHKDFCtx3 implements HKDF for OpenSSL 3 using the EVP_KDF API. -func newHKDFCtx3(md C.GO_EVP_MD_PTR, mode C.int, secret, salt, pseudorandomKey, info []byte) (_ C.GO_EVP_KDF_CTX_PTR, err error) { +func newHKDFCtx3(md _EVP_MD_PTR, mode int32, secret, salt, pseudorandomKey, info []byte) (_ _EVP_KDF_CTX_PTR, err error) { checkMajorVersion(3) kdf, err := fetchHKDF3() if err != nil { return nil, err } - ctx := C.go_openssl_EVP_KDF_CTX_new(kdf) + ctx := go_openssl_EVP_KDF_CTX_new(kdf) if ctx == nil { return nil, newOpenSSLError("EVP_KDF_CTX_new") } defer func() { if err != nil { - C.go_openssl_EVP_KDF_CTX_free(ctx) + go_openssl_EVP_KDF_CTX_free(ctx) } }() @@ -269,7 +270,7 @@ func newHKDFCtx3(md C.GO_EVP_MD_PTR, mode C.int, secret, salt, pseudorandomKey, if err != nil { return ctx, err } - bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, C.go_openssl_EVP_MD_get0_name(md), 0) + bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, go_openssl_EVP_MD_get0_name(md), 0) bld.addInt32(_OSSL_KDF_PARAM_MODE, int32(mode)) if len(secret) > 0 { bld.addOctetString(_OSSL_KDF_PARAM_KEY, secret) @@ -287,9 +288,9 @@ func newHKDFCtx3(md C.GO_EVP_MD_PTR, mode C.int, secret, salt, pseudorandomKey, if err != nil { return ctx, err } - defer C.go_openssl_OSSL_PARAM_free(params) + defer go_openssl_OSSL_PARAM_free(params) - if C.go_openssl_EVP_KDF_CTX_set_params(ctx, params) != 1 { + if go_openssl_EVP_KDF_CTX_set_params(ctx, params) != 1 { return ctx, newOpenSSLError("EVP_KDF_CTX_set_params") } return ctx, nil @@ -312,8 +313,8 @@ func (c *hkdf3) Read(p []byte) (int, error) { return 0, errors.New("hkdf: entropy limit reached") } c.buf = append(c.buf, make([]byte, needLen)...) - outLen := C.size_t(prevLen + needLen) - if C.go_openssl_EVP_KDF_derive(c.ctx, base(c.buf), outLen, nil) != 1 { + outLen := prevLen + needLen + if go_openssl_EVP_KDF_derive(c.ctx, base(c.buf), outLen, nil) != 1 { return 0, newOpenSSLError("EVP_KDF_derive") } n := copy(p, c.buf[prevLen:outLen]) diff --git a/hmac.go b/hmac.go index ec3ef462..4759c932 100644 --- a/hmac.go +++ b/hmac.go @@ -2,7 +2,6 @@ package openssl -// #include "goopenssl.h" import "C" import ( "hash" @@ -58,12 +57,12 @@ func NewHMAC(fh func() hash.Hash, key []byte) hash.Hash { // hmacCtx3 is used for OpenSSL 1. type hmacCtx1 struct { - ctx C.GO_HMAC_CTX_PTR + ctx _HMAC_CTX_PTR } // hmacCtx3 is used for OpenSSL 3. type hmacCtx3 struct { - ctx C.GO_EVP_MAC_CTX_PTR + ctx _EVP_MAC_CTX_PTR key []byte // only set for OpenSSL 3.0.0, 3.0.1, and 3.0.2. } @@ -75,59 +74,59 @@ type opensslHMAC struct { sum []byte } -func newHMAC1(key []byte, md C.GO_EVP_MD_PTR) hmacCtx1 { - ctx := C.go_openssl_HMAC_CTX_new() +func newHMAC1(key []byte, md _EVP_MD_PTR) hmacCtx1 { + ctx := go_openssl_HMAC_CTX_new() if ctx == nil { panic("openssl: EVP_MAC_CTX_new failed") } - if C.go_openssl_HMAC_Init_ex(ctx, unsafe.Pointer(&key[0]), C.int(len(key)), md, nil) == 0 { + if go_openssl_HMAC_Init_ex(ctx, unsafe.Pointer(&key[0]), int32(len(key)), md, nil) == 0 { panic(newOpenSSLError("HMAC_Init_ex failed")) } return hmacCtx1{ctx} } var hmacDigestsSupported sync.Map -var fetchHMAC3 = sync.OnceValue(func() C.GO_EVP_MAC_PTR { - mac := C.go_openssl_EVP_MAC_fetch(nil, _OSSL_MAC_NAME_HMAC.ptr(), nil) +var fetchHMAC3 = sync.OnceValue(func() _EVP_MAC_PTR { + mac := go_openssl_EVP_MAC_fetch(nil, _OSSL_MAC_NAME_HMAC.ptr(), nil) if mac == nil { panic("openssl: HMAC not supported") } return mac }) -func buildHMAC3Params(md C.GO_EVP_MD_PTR) (C.GO_OSSL_PARAM_PTR, error) { +func buildHMAC3Params(md _EVP_MD_PTR) (_OSSL_PARAM_PTR, error) { bld, err := newParamBuilder() if err != nil { return nil, err } defer bld.finalize() - bld.addUTF8String(_OSSL_MAC_PARAM_DIGEST, C.go_openssl_EVP_MD_get0_name(md), 0) + bld.addUTF8String(_OSSL_MAC_PARAM_DIGEST, go_openssl_EVP_MD_get0_name(md), 0) return bld.build() } -func isHMAC3DigestSupported(md C.GO_EVP_MD_PTR) bool { - nid := C.go_openssl_EVP_MD_get_type(md) +func isHMAC3DigestSupported(md _EVP_MD_PTR) bool { + nid := go_openssl_EVP_MD_get_type(md) if v, ok := hmacDigestsSupported.Load(nid); ok { return v.(bool) } - ctx := C.go_openssl_EVP_MAC_CTX_new(fetchHMAC3()) + ctx := go_openssl_EVP_MAC_CTX_new(fetchHMAC3()) if ctx == nil { panic(newOpenSSLError("EVP_MAC_CTX_new")) } - defer C.go_openssl_EVP_MAC_CTX_free(ctx) + defer go_openssl_EVP_MAC_CTX_free(ctx) params, err := buildHMAC3Params(md) if err != nil { panic(err) } - defer C.go_openssl_OSSL_PARAM_free(params) + defer go_openssl_OSSL_PARAM_free(params) - supported := C.go_openssl_EVP_MAC_CTX_set_params(ctx, params) != 0 + supported := go_openssl_EVP_MAC_CTX_set_params(ctx, params) != 0 hmacDigestsSupported.Store(nid, supported) return supported } -func newHMAC3(key []byte, md C.GO_EVP_MD_PTR) hmacCtx3 { +func newHMAC3(key []byte, md _EVP_MD_PTR) hmacCtx3 { if !isHMAC3DigestSupported(md) { // The digest is not supported by the HMAC provider. // Don't panic here so the Go standard library to @@ -139,15 +138,15 @@ func newHMAC3(key []byte, md C.GO_EVP_MD_PTR) hmacCtx3 { if err != nil { panic(err) } - defer C.go_openssl_OSSL_PARAM_free(params) + defer go_openssl_OSSL_PARAM_free(params) - ctx := C.go_openssl_EVP_MAC_CTX_new(fetchHMAC3()) + ctx := go_openssl_EVP_MAC_CTX_new(fetchHMAC3()) if ctx == nil { panic(newOpenSSLError("EVP_MAC_CTX_new")) } - if C.go_openssl_EVP_MAC_init(ctx, base(key), C.size_t(len(key)), params) == 0 { - C.go_openssl_EVP_MAC_CTX_free(ctx) + if go_openssl_EVP_MAC_init(ctx, base(key), len(key), params) == 0 { + go_openssl_EVP_MAC_CTX_free(ctx) panic(newOpenSSLError("EVP_MAC_init")) } var hkey []byte @@ -166,11 +165,11 @@ func newHMAC3(key []byte, md C.GO_EVP_MD_PTR) hmacCtx3 { func (h *opensslHMAC) Reset() { switch vMajor { case 1: - if C.go_openssl_HMAC_Init_ex(h.ctx1.ctx, nil, 0, nil, nil) == 0 { + if go_openssl_HMAC_Init_ex(h.ctx1.ctx, nil, 0, nil, nil) == 0 { panic(newOpenSSLError("HMAC_Init_ex failed")) } case 3: - if C.go_openssl_EVP_MAC_init(h.ctx3.ctx, base(h.ctx3.key), C.size_t(len(h.ctx3.key)), nil) == 0 { + if go_openssl_EVP_MAC_init(h.ctx3.ctx, base(h.ctx3.key), len(h.ctx3.key), nil) == 0 { panic(newOpenSSLError("EVP_MAC_init failed")) } default: @@ -184,9 +183,9 @@ func (h *opensslHMAC) Reset() { func (h *opensslHMAC) finalize() { switch vMajor { case 1: - C.go_openssl_HMAC_CTX_free(h.ctx1.ctx) + go_openssl_HMAC_CTX_free(h.ctx1.ctx) case 3: - C.go_openssl_EVP_MAC_CTX_free(h.ctx3.ctx) + go_openssl_EVP_MAC_CTX_free(h.ctx3.ctx) default: panic(errUnsupportedVersion()) } @@ -196,9 +195,9 @@ func (h *opensslHMAC) Write(p []byte) (int, error) { if len(p) > 0 { switch vMajor { case 1: - C.go_openssl_HMAC_Update(h.ctx1.ctx, base(p), C.size_t(len(p))) + go_openssl_HMAC_Update(h.ctx1.ctx, base(p), len(p)) case 3: - C.go_openssl_EVP_MAC_update(h.ctx3.ctx, base(p), C.size_t(len(p))) + go_openssl_EVP_MAC_update(h.ctx3.ctx, base(p), len(p)) default: panic(errUnsupportedVersion()) } @@ -226,22 +225,22 @@ func (h *opensslHMAC) Sum(in []byte) []byte { // and the second Sum acts as if the first didn't happen. switch vMajor { case 1: - ctx2 := C.go_openssl_HMAC_CTX_new() + ctx2 := go_openssl_HMAC_CTX_new() if ctx2 == nil { panic("openssl: HMAC_CTX_new failed") } - defer C.go_openssl_HMAC_CTX_free(ctx2) - if C.go_openssl_HMAC_CTX_copy(ctx2, h.ctx1.ctx) == 0 { + defer go_openssl_HMAC_CTX_free(ctx2) + if go_openssl_HMAC_CTX_copy(ctx2, h.ctx1.ctx) == 0 { panic("openssl: HMAC_CTX_copy failed") } - C.go_openssl_HMAC_Final(ctx2, base(h.sum), nil) + go_openssl_HMAC_Final(ctx2, base(h.sum), nil) case 3: - ctx2 := C.go_openssl_EVP_MAC_CTX_dup(h.ctx3.ctx) + ctx2 := go_openssl_EVP_MAC_CTX_dup(h.ctx3.ctx) if ctx2 == nil { panic("openssl: EVP_MAC_CTX_dup failed") } - defer C.go_openssl_EVP_MAC_CTX_free(ctx2) - C.go_openssl_EVP_MAC_final(ctx2, base(h.sum), nil, C.size_t(len(h.sum))) + defer go_openssl_EVP_MAC_CTX_free(ctx2) + go_openssl_EVP_MAC_final(ctx2, base(h.sum), nil, len(h.sum)) default: panic(errUnsupportedVersion()) } diff --git a/init.go b/init.go index 13d1c1f7..b7ceb2fb 100644 --- a/init.go +++ b/init.go @@ -2,7 +2,11 @@ package openssl -// #include "goopenssl.h" +/* +int go_openssl_version_major(void* handle); +int go_openssl_version_minor(void* handle); +int go_openssl_version_patch(void* handle); +*/ import "C" import ( "errors" @@ -44,11 +48,20 @@ func opensslInit(file string) (major, minor, patch uint, err error) { // Load the OpenSSL functions. // See shims.go for the complete list of supported functions. - C.go_openssl_load_functions(handle, C.uint(major), C.uint(minor), C.uint(patch)) + mkcgoLoad_(handle) + if major == 1 { + mkcgoLoad_legacy_1(handle) + if patch == 1 { + mkcgoLoad_111(handle) + } + } else { + mkcgoLoad_111(handle) + mkcgoLoad_3(handle) + } // Initialize OpenSSL. - C.go_openssl_OPENSSL_init() - if C.go_openssl_OPENSSL_init_crypto( + go_openssl_OPENSSL_init() + if go_openssl_OPENSSL_init_crypto( _OPENSSL_INIT_ADD_ALL_CIPHERS| _OPENSSL_INIT_ADD_ALL_DIGESTS| _OPENSSL_INIT_LOAD_CONFIG| diff --git a/internal/mkcgo/mkcgo.go b/internal/mkcgo/mkcgo.go new file mode 100644 index 00000000..940ed5fa --- /dev/null +++ b/internal/mkcgo/mkcgo.go @@ -0,0 +1,77 @@ +package mkcgo + +import ( + "slices" +) + +// Source is a collection of type definitions and functions. +type Source struct { + TypeDefs []*TypeDef + Enums []*Enum + Funcs []*Func + Files []string + Comments []string // All line comments. Directives in this slice start with "#" +} + +// TypeDef describes a type definition. +type TypeDef struct { + Name string + Type string +} + +// Enum describes an enum definition. +type Enum struct { + Name string + Value string +} + +// Func describes a function. +type Func struct { + GoName string + CName string + ImportName string + Tags []TagAttr // if TagAttr.Name is set, it's the import name for the tag + Params []*Param + Ret *Return + VariadicInst bool // true if the function is a variadic instantiation +} + +func (f *Func) Variadic() bool { + return len(f.Params) > 0 && f.Params[len(f.Params)-1].Variadic() +} + +// TagAttr is an attribute of a tag with an optional name. +type TagAttr struct { + Tag string + Name string +} + +// Param is a function parameter. +type Param struct { + Name string + Type string +} + +func (p *Param) Variadic() bool { + return p.Type == "..." +} + +// Return is a function return value. +type Return struct { + Name string + Type string +} + +func (src *Source) Tags() []string { + tags := make([]string, 0, len(src.Funcs)+1) + tags = append(tags, "") // default tag + for _, fn := range src.Funcs { + for _, tag := range fn.Tags { + if !slices.Contains(tags, tag.Tag) { + tags = append(tags, tag.Tag) + } + } + } + slices.Sort(tags) + return tags +} diff --git a/internal/mkcgo/parse.go b/internal/mkcgo/parse.go new file mode 100644 index 00000000..d45041f7 --- /dev/null +++ b/internal/mkcgo/parse.go @@ -0,0 +1,386 @@ +package mkcgo + +import ( + "bufio" + "cmp" + "errors" + "os" + "slices" + "strings" +) + +type fnAttributes struct { + tags []TagAttr + variadic bool + importName string +} + +type attribute struct { + name string + description string + handle func(*fnAttributes, ...string) +} + +var attributes = [...]attribute{ + { + name: "tag", + description: "The function will be loaded together with other functions with the same tag. It can contain an optional name, which is the import name for the tag.", + handle: func(opts *fnAttributes, s ...string) { + var name string + if len(s) > 1 { + name = s[1] + } + opts.tags = append(opts.tags, TagAttr{Tag: s[0], Name: name}) + }, + }, + { + name: "variadic", + description: "The function has variadic arguments, and its name is a custom wrapper for the actual C name, defined in this attribute.", + handle: func(opts *fnAttributes, s ...string) { + opts.variadic = true + opts.importName = s[0] + }, + }, +} + +// Parse parses files listed in fs and extracts all syscall +// functions listed in sys comments. It returns source files +// and functions collection *Source if successful. +func Parse(fs ...string) (*Source, error) { + src := &Source{ + Files: fs, + } + for _, file := range fs { + if err := src.parseFile(file); err != nil { + return nil, err + } + } + slices.SortFunc(src.Funcs, func(fi, fj *Func) int { + return cmp.Compare(fi.CName, fj.CName) + }) + return src, nil +} + +// parseFile parses file name and extracts all symbols. +func (src *Source) parseFile(name string) error { + file, err := os.Open(name) + if err != nil { + return err + } + defer file.Close() + + s := bufio.NewScanner(file) + var inBlockComment, inEnum bool + for s.Scan() { + line := trim(s.Text()) + // Process comments. + comment, line := processComments(line, &inBlockComment) + comment = trim(comment) + if comment != "" { + if inBlockComment { + // The comment is inside a block comment. + // Append it to the previous comment. + src.Comments[len(src.Comments)-1] += "\n" + comment + } else { + src.Comments = append(src.Comments, comment) + } + } + line = trim(line) + if line == "" || line[0] == '#' { + // Skip empty lines and preprocessor directives. + continue + } + + if inEnum { + if strings.HasPrefix(line, "};") { + inEnum = false + continue + } + enum, err := newEnum(line) + if err != nil { + return err + } + src.Enums = append(src.Enums, enum) + continue + } + if strings.HasPrefix(line, "enum {") { + inEnum = true + continue + } + + // Process typedefs. + if strings.Contains(line, "typedef ") { + td, err := newTypeDef(line) + if err != nil { + return err + } + src.TypeDefs = append(src.TypeDefs, td) + continue + } + + // Process attributes. + var fnOps fnAttributes + line, err = extractFunctionAttributes(line, &fnOps) + if err != nil { + return err + } + if line == "" { + continue + } + + // Process function. + f, err := newFn(line, fnOps) + if err != nil { + return err + } + src.Funcs = append(src.Funcs, f) + } + if err := s.Err(); err != nil { + return err + } + return nil +} + +// newEnum parses string s and returns created enum definition Enum. +func newEnum(line string) (*Enum, error) { + line = strings.TrimSuffix(line, ",") + split := strings.SplitN(line, "=", 2) + if len(split) != 2 { + return nil, errors.New("could not extract enum value from \"" + line + "\"") + } + return &Enum{ + Name: trim(split[0]), + Value: trim(split[1]), + }, nil +} + +// newTypeDef parses string s and returns created type definition TypeDef. +func newTypeDef(line string) (*TypeDef, error) { + after, found := strings.CutPrefix(line, "typedef ") + if !found { + return nil, errors.New("could not extract typedef from \"" + line + "\"") + } + after = strings.TrimSuffix(after, ";") + idx := strings.LastIndex(after, " ") + if idx < 0 { + return nil, errors.New("could not extract type name from \"" + after + "\"") + } + return &TypeDef{ + Name: trim(after[idx+1:]), + Type: trim(after[:idx]), + }, nil +} + +// newFn parses string s and return created function Fn. +func newFn(s string, opts fnAttributes) (*Func, error) { + // function name and args + prefix, body, _, found := extractSection(s, "(", ")") + if !found || prefix == "" { + return nil, errors.New("could not extract function name and parameters from \"" + s + "\"") + } + fn := &Func{ + Ret: &Return{}, + VariadicInst: opts.variadic, + Tags: opts.tags, + } + var err error + fn.Params, err = extractParams(body) + if err != nil { + return nil, err + } + nameIdx := strings.LastIndexByte(prefix, ' ') + if nameIdx < 0 || nameIdx+1 >= len(prefix) { + return nil, errors.New("could not extract function name from \"" + s + "\"") + } + name, typ := prefix[nameIdx+1:], prefix[:nameIdx] + name, typ = normalizeParam(name, typ) + fn.CName = trim(name) + if opts.importName != "" { + fn.ImportName = opts.importName + } else { + fn.ImportName = fn.CName + } + fn.GoName = "go_openssl_" + fn.CName + fn.Ret = &Return{ + Type: trim(typ), + Name: "_r0", + } + return fn, nil +} + +// normalizeParam normalizes parameter name and type. +func normalizeParam(name, typ string) (string, string) { + name, typ = trim(name), trim(typ) + // Remove leading asterisks from the name and add them to the type. + for strings.HasPrefix(name, "*") { + name = name[1:] + typ += "*" + } + switch name { + case "type", "func": + name = "__" + name + } + // Remove all spaces between the asterisks and the type. + typ = strings.ReplaceAll(typ, " *", "*") + return name, typ +} + +// trim returns s with leading and trailing spaces and tabs removed. +func trim(s string) string { + return strings.Trim(s, " \t") +} + +// extractSection extracts text out of string s starting after start +// and ending just before end. found return value will indicate success, +// and prefix, body and suffix will contain correspondent parts of string s. +func extractSection(s string, start, end string) (prefix, body, suffix string, found bool) { + s = trim(s) + if v, ok := strings.CutPrefix(s, start); ok { + // no prefix + body = v + } else { + a := strings.SplitN(s, start, 2) + if len(a) != 2 { + return "", "", s, false + } + prefix = a[0] + body = a[1] + } + idxStart := strings.Index(body, start) + idxEnd := strings.Index(body, end) + needBalancing := idxStart != -1 && idxEnd != -1 && idxStart < idxEnd + if !needBalancing { + a := strings.SplitN(body, end, 2) + if len(a) != 2 { + return "", "", "", false + } + return prefix, a[0], a[1], true + } + depth := 1 + for i := range len(body) { + if strings.HasPrefix(body[i:], start) { + depth++ + } else if strings.HasPrefix(body[i:], end) { + depth-- + if depth == 0 { + return prefix, body[:i], body[i+len(end):], true + } + } + } + return "", "", s, false +} + +// processComments removes comments from line and returns the result. +// inBlockComment is true if the line is inside a block comment. +func processComments(line string, inBlockComment *bool) (comment, remmaining string) { + if *inBlockComment { + // Remove the rest of the block comment. + var found bool + comment, line, found = strings.Cut(line, "*/") + if !found { + return comment, "" + } + *inBlockComment = false + } + // Remove line comments. + if before, comment, found := strings.Cut(line, "//"); found { + return comment, before + } + // Remove block comments. + if prefix, _, suffix, found := extractSection(line, "/*", "*/"); found { + line = prefix + suffix + } + // Remove block comments that span multiple lines. + if line, comment, *inBlockComment = strings.Cut(line, "/*"); *inBlockComment { + return comment, line + } + return "", line +} + +// extractFunctionAttributes extracts mkcgo attributes from string s. +// The attributes format follows the GCC __attribute__ syntax as +// described in https://gcc.gnu.org/onlinedocs/gcc/Attribute-Syntax.html. +func extractFunctionAttributes(s string, fnAttrs *fnAttributes) (string, error) { + // There can be spaces between __attribute__ and the opening parenthesis. + prefix, body, found := strings.Cut(s, "__attribute__") + if !found { + return s, nil + } + _, body, suffix, found := extractSection(body, "(", ")") + if !found { + return s, nil + } + if !strings.HasPrefix(body, "(") || !strings.HasSuffix(body, ")") { + // Attributes are enclosed in double parentheses. + return s, nil + } + body = trim(body[1 : len(body)-1]) + for { + if body == "" { + break + } + // Attributes are separated by commas. Get the next attribute. + // We can't just use strings.Split because the attribute argument + // can contain commas. + var name, args string + idxComma := strings.IndexByte(body, ',') + idxParen := strings.IndexByte(body, '(') + if idxComma != -1 && (idxParen == -1 || idxComma < idxParen) { + // The attribute has no arguments. + name = body[:idxComma] + body = body[idxComma+1:] + } else if idxParen != -1 && (idxComma == -1 || idxComma > idxParen) { + // The attribute has arguments, possibly with commas. + name = body[:idxParen] + _, args, body, found = extractSection(body[idxParen:], "(", ")") + if !found { + return "", errors.New("unbalanced parentheses in mkcgo attribute: " + s) + } + body = strings.TrimPrefix(body, ",") + } + name, args = trim(name), trim(args) + var handled bool + for _, attr := range attributes { + if name != attr.name { + continue + } + vargs := strings.Split(args, ",") + for i := range vargs { + vargs[i] = trim(strings.Trim(vargs[i], `"`)) + } + attr.handle(fnAttrs, vargs...) + handled = true + break + } + if !handled { + return "", errors.New("unknown mkcgo attribute: " + s) + } + } + return trim(prefix + suffix), nil +} + +// extractParams parses s to extract function parameters. +func extractParams(s string) ([]*Param, error) { + s = trim(s) + if s == "" { + return nil, nil + } + a := strings.Split(s, ",") + ps := make([]*Param, 0, len(a)) + for i := range a { + s2 := trim(a[i]) + b := strings.LastIndexByte(s2, ' ') + var name, typ string + if b != -1 { + name, typ = s2[b+1:], s2[:b] + } else { + typ = s2 + } + name, typ = normalizeParam(name, typ) + ps = append(ps, &Param{ + Name: name, + Type: typ, + }) + } + return ps, nil +} diff --git a/openssl.go b/openssl.go index 1f501380..89377b22 100644 --- a/openssl.go +++ b/openssl.go @@ -3,7 +3,27 @@ // Package openssl provides access to OpenSSL cryptographic functions. package openssl -// #include "goopenssl.h" +//go:generate go run ./cmd/mkcgo -out zossl.go -package openssl shims.h + +/* +#include // for free() + +static inline void +go_openssl_do_leak_check(void) +{ +#ifndef __has_feature +#define __has_feature(x) 0 +#endif + +#if (defined(__SANITIZE_ADDRESS__) && __SANITIZE_ADDRESS__) || \ + __has_feature(address_sanitizer) + extern void __lsan_do_leak_check(void); + __lsan_do_leak_check(); +#endif +} + +int go_openssl_fips_enabled(void* handle); +*/ import "C" import ( "errors" @@ -94,7 +114,7 @@ func (e fail) Error() string { return "openssl: " + string(e) + " failed" } // VersionText returns the version text of the OpenSSL currently loaded. func VersionText() string { - return C.GoString(C.go_openssl_OpenSSL_version(0)) + return C.GoString((*C.char)(unsafe.Pointer(go_openssl_OpenSSL_version(0)))) } // FIPS returns true if OpenSSL is running in FIPS mode and there is @@ -102,10 +122,10 @@ func VersionText() string { func FIPS() bool { switch vMajor { case 1: - return C.go_openssl_FIPS_mode() == 1 + return go_openssl_FIPS_mode() == 1 case 3: // Check if the default properties contain `fips=1`. - if C.go_openssl_EVP_default_properties_is_fips_enabled(nil) != 1 { + if go_openssl_EVP_default_properties_is_fips_enabled(nil) != 1 { // Note that it is still possible that the provider used by default is FIPS-compliant, // but that wouldn't be a system or user requirement. return false @@ -162,7 +182,7 @@ func isProviderAvailable(name string) bool { } providerName := C.CString(name) defer C.free(unsafe.Pointer(providerName)) - return C.go_openssl_OSSL_PROVIDER_available(nil, providerName) == 1 + return go_openssl_OSSL_PROVIDER_available(nil, (*byte)(unsafe.Pointer(providerName))) == 1 } // SetFIPS enables or disables FIPS mode. @@ -174,15 +194,15 @@ func SetFIPS(enable bool) error { // Already in the desired state. return nil } - var mode C.int + var mode int32 if enable { - mode = C.int(1) + mode = int32(1) } else { - mode = C.int(0) + mode = int32(0) } switch vMajor { case 1: - if C.go_openssl_FIPS_mode_set(mode) != 1 { + if go_openssl_FIPS_mode_set(mode) != 1 { return newOpenSSLError("FIPS_mode_set") } return nil @@ -198,13 +218,13 @@ func SetFIPS(enable bool) error { if !proveSHA256(shaProps) { // There is no provider available that supports the desired FIPS mode. // Try to load the built-in provider associated with the given mode. - if C.go_openssl_OSSL_PROVIDER_try_load(nil, provName.ptr(), 1) == nil { + if go_openssl_OSSL_PROVIDER_try_load(nil, provName.ptr(), 1) == nil { // The built-in provider was not loaded successfully, we can't enable FIPS mode. - C.go_openssl_ERR_clear_error() + go_openssl_ERR_clear_error() return errors.New("openssl: FIPS mode not supported by any provider") } } - if C.go_openssl_EVP_default_properties_enable_fips(nil, mode) != 1 { + if go_openssl_EVP_default_properties_enable_fips(nil, mode) != 1 { return newOpenSSLError("EVP_default_properties_enable_fips") } return nil @@ -215,14 +235,14 @@ func SetFIPS(enable bool) error { // sha256Provider returns the provider for the SHA-256 algorithm // using the given properties. -func sha256Provider(props cString) C.GO_OSSL_PROVIDER_PTR { - md := C.go_openssl_EVP_MD_fetch(nil, _DigestNameSHA2_256.ptr(), props.ptr()) +func sha256Provider(props cString) _OSSL_PROVIDER_PTR { + md := go_openssl_EVP_MD_fetch(nil, _DigestNameSHA2_256.ptr(), props.ptr()) if md == nil { - C.go_openssl_ERR_clear_error() + go_openssl_ERR_clear_error() return nil } - defer C.go_openssl_EVP_MD_free(md) - return C.go_openssl_EVP_MD_get0_provider(md) + defer go_openssl_EVP_MD_free(md) + return go_openssl_EVP_MD_get0_provider(md) } // proveSHA256 checks if the SHA-256 algorithm is available @@ -235,32 +255,26 @@ var zero byte // baseNeverEmpty returns the address of the underlying array in b. // If b has zero length, it returns a pointer to a zero byte. -func baseNeverEmpty(b []byte) *C.uchar { +func baseNeverEmpty(b []byte) *byte { if len(b) == 0 { - return (*C.uchar)(unsafe.Pointer(&zero)) + return &zero } - return (*C.uchar)(unsafe.Pointer(&b[0])) + return unsafe.SliceData(b) } // pbase returns the address of the underlying array in b, // being careful not to panic when b has zero length. func pbase(b []byte) unsafe.Pointer { - if len(b) == 0 { - return nil - } - return unsafe.Pointer(&b[0]) + return unsafe.Pointer(base(b)) } // base returns the address of the underlying array in b, // being careful not to panic when b has zero length. -func base(b []byte) *C.uchar { - return (*C.uchar)(pbase(b)) -} - -// sbase returns the address of the underlying array in b, -// being careful not to panic when b has zero length. -func sbase(b []byte) *C.char { - return (*C.char)(pbase(b)) +func base(b []byte) *byte { + if len(b) == 0 { + return nil + } + return unsafe.SliceData(b) } func newOpenSSLError(msg string) error { @@ -269,15 +283,15 @@ func newOpenSSLError(msg string) error { b.WriteString("\nopenssl error(s):") for { var ( - e C.ulong - file *C.char - line C.int + e uint32 + file *byte + line int32 ) switch vMajor { case 1: - e = C.go_openssl_ERR_get_error_line(&file, &line) + e = go_openssl_ERR_get_error_line(&file, &line) case 3: - e = C.go_openssl_ERR_get_error_all(&file, &line, nil, nil, nil) + e = go_openssl_ERR_get_error_all(&file, &line, nil, nil, nil) default: panic(errUnsupportedVersion()) } @@ -286,8 +300,8 @@ func newOpenSSLError(msg string) error { } b.WriteByte('\n') var buf [256]byte - C.go_openssl_ERR_error_string_n(e, (*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf))) - b.WriteString(string(buf[:]) + "\n\t" + C.GoString(file) + ":" + strconv.Itoa(int(line))) + go_openssl_ERR_error_string_n(e, base(buf[:]), len(buf)) + b.WriteString(string(buf[:]) + "\n\t" + C.GoString((*C.char)(unsafe.Pointer(file))) + ":" + strconv.Itoa(int(line))) } return errors.New(b.String()) } @@ -304,7 +318,7 @@ func newOpenSSLError(msg string) error { // freed by OPENSSL_free / CRYPTO_free) need to be allocated on the OpenSSL // heap. func cryptoMalloc(n int) unsafe.Pointer { - p := C.go_openssl_CRYPTO_malloc(C.size_t(n), nil, 0) + p := go_openssl_CRYPTO_malloc(n, nil, 0) if p == nil { // Un-recover()-ably crash the program in the same manner as the // C.malloc() wrapper function. @@ -317,7 +331,7 @@ func cryptoMalloc(n int) unsafe.Pointer { // different from the heap which C.malloc allocates on. cryptoFree is equivalent // to the OPENSSL_free macro. func cryptoFree(p unsafe.Pointer) { - C.go_openssl_CRYPTO_free(p, nil, 0) + go_openssl_CRYPTO_free(p, nil, 0) } const wordBytes = bits.UintSize / 8 @@ -334,14 +348,14 @@ func (z BigInt) byteSwap() { } } -func wbase(b BigInt) *C.uchar { +func wbase(b BigInt) *byte { if len(b) == 0 { return nil } - return (*C.uchar)(unsafe.Pointer(&b[0])) + return (*byte)(unsafe.Pointer(unsafe.SliceData(b))) } -func bigToBN(x BigInt) C.GO_BIGNUM_PTR { +func bigToBN(x BigInt) _BIGNUM_PTR { if len(x) == 0 { return nil } @@ -353,18 +367,18 @@ func bigToBN(x BigInt) C.GO_BIGNUM_PTR { } // Limbs are always ordered in LSB first, so we can safely apply // BN_lebin2bn regardless of host endianness. - return C.go_openssl_BN_lebin2bn(wbase(x), C.int(len(x)*wordBytes), nil) + return go_openssl_BN_lebin2bn(wbase(x), int32(len(x)*wordBytes), nil) } -func bnToBig(bn C.GO_BIGNUM_PTR) BigInt { +func bnToBig(bn _BIGNUM_PTR) BigInt { if bn == nil { return nil } // Limbs are always ordered in LSB first, so we can safely apply // BN_bn2lebinpad regardless of host endianness. - x := make(BigInt, C.go_openssl_BN_num_bits(bn)) - if C.go_openssl_BN_bn2lebinpad(bn, wbase(x), C.int(len(x)*wordBytes)) == 0 { + x := make(BigInt, go_openssl_BN_num_bits(bn)) + if go_openssl_BN_bn2lebinpad(bn, wbase(x), int32(len(x)*wordBytes)) == 0 { panic("openssl: bignum conversion failed") } if isBigEndian { @@ -376,8 +390,8 @@ func bnToBig(bn C.GO_BIGNUM_PTR) BigInt { // bnToBinPad converts the absolute value of bn into big-endian form and stores // it at to, padding with zeroes if necessary. If len(to) is not large enough to // hold the result, an error is returned. -func bnToBinPad(bn C.GO_BIGNUM_PTR, to []byte) error { - if C.go_openssl_BN_bn2binpad(bn, base(to), C.int(len(to))) < 0 { +func bnToBinPad(bn _BIGNUM_PTR, to []byte) error { + if go_openssl_BN_bn2binpad(bn, base(to), int32(len(to))) < 0 { return newOpenSSLError("BN_bn2binpad") } return nil diff --git a/params.go b/params.go index 5fec68a6..7221b5db 100644 --- a/params.go +++ b/params.go @@ -2,15 +2,13 @@ package openssl -// #include "goopenssl.h" import "C" import ( "runtime" - "unsafe" ) type bnParam struct { - value C.GO_BIGNUM_PTR + value _BIGNUM_PTR private bool } @@ -19,7 +17,7 @@ type bnParam struct { // subsequent calls to add parameters are ignored // and build() will return the error. type paramBuilder struct { - bld C.GO_OSSL_PARAM_BLD_PTR + bld _OSSL_PARAM_BLD_PTR pinner runtime.Pinner bnToFree []bnParam @@ -28,7 +26,7 @@ type paramBuilder struct { // newParamBuilder creates a new paramBuilder. func newParamBuilder() (*paramBuilder, error) { - bld := C.go_openssl_OSSL_PARAM_BLD_new() + bld := go_openssl_OSSL_PARAM_BLD_new() if bld == nil { return nil, newOpenSSLError("OSSL_PARAM_BLD_new") } @@ -46,12 +44,12 @@ func (b *paramBuilder) finalize() { b.pinner.Unpin() for _, bn := range b.bnToFree { if bn.private { - C.go_openssl_BN_clear_free(bn.value) + go_openssl_BN_clear_free(bn.value) } else { - C.go_openssl_BN_free(bn.value) + go_openssl_BN_free(bn.value) } } - C.go_openssl_OSSL_PARAM_BLD_free(b.bld) + go_openssl_OSSL_PARAM_BLD_free(b.bld) b.bld = nil } } @@ -75,12 +73,12 @@ func (b *paramBuilder) check() bool { // If an error occurred while adding parameters, the error is returned // and the OSSL_PARAM is nil. Once build() is called, the builder is finalized // and cannot be reused. -func (b *paramBuilder) build() (C.GO_OSSL_PARAM_PTR, error) { +func (b *paramBuilder) build() (_OSSL_PARAM_PTR, error) { defer b.finalize() if !b.check() { return nil, b.err } - param := C.go_openssl_OSSL_PARAM_BLD_to_param(b.bld) + param := go_openssl_OSSL_PARAM_BLD_to_param(b.bld) if param == nil { return nil, newOpenSSLError("OSSL_PARAM_BLD_build") } @@ -89,12 +87,12 @@ func (b *paramBuilder) build() (C.GO_OSSL_PARAM_PTR, error) { // addUTF8String adds a NUL-terminated UTF-8 string to the builder. // size should not include the terminating NUL byte. If size is zero, then it will be calculated. -func (b *paramBuilder) addUTF8String(name cString, value *C.char, size C.size_t) { +func (b *paramBuilder) addUTF8String(name cString, value *byte, size int) { if !b.check() { return } // OSSL_PARAM_BLD_push_utf8_string calculates the size if it is zero. - if C.go_openssl_OSSL_PARAM_BLD_push_utf8_string(b.bld, name.ptr(), value, size) != 1 { + if go_openssl_OSSL_PARAM_BLD_push_utf8_string(b.bld, name.ptr(), value, size) != 1 { b.err = newOpenSSLError("OSSL_PARAM_BLD_push_utf8_string(" + name.str() + ")") } } @@ -108,7 +106,7 @@ func (b *paramBuilder) addOctetString(name cString, value []byte) { if len(value) != 0 { b.pinner.Pin(&value[0]) } - if C.go_openssl_OSSL_PARAM_BLD_push_octet_string(b.bld, name.ptr(), unsafe.Pointer(sbase(value)), C.size_t(len(value))) != 1 { + if go_openssl_OSSL_PARAM_BLD_push_octet_string(b.bld, name.ptr(), pbase(value), len(value)) != 1 { b.err = newOpenSSLError("OSSL_PARAM_BLD_push_octet_string(" + name.str() + ")") } } @@ -118,17 +116,17 @@ func (b *paramBuilder) addInt32(name cString, value int32) { if !b.check() { return } - if C.go_openssl_OSSL_PARAM_BLD_push_int32(b.bld, name.ptr(), C.int32_t(value)) != 1 { + if go_openssl_OSSL_PARAM_BLD_push_int32(b.bld, name.ptr(), value) != 1 { b.err = newOpenSSLError("OSSL_PARAM_BLD_push_int32(" + name.str() + ")") } } // addBN adds a GO_BIGNUM_PTR to the builder. -func (b *paramBuilder) addBN(name cString, value C.GO_BIGNUM_PTR) { +func (b *paramBuilder) addBN(name cString, value _BIGNUM_PTR) { if !b.check() { return } - if C.go_openssl_OSSL_PARAM_BLD_push_BN(b.bld, name.ptr(), value) != 1 { + if go_openssl_OSSL_PARAM_BLD_push_BN(b.bld, name.ptr(), value) != 1 { b.err = newOpenSSLError("OSSL_PARAM_BLD_push_BN(" + name.str() + ")") } } @@ -145,7 +143,7 @@ func (b *paramBuilder) addBin(name cString, value []byte, private bool) { // Nothing to do. return } - bn := C.go_openssl_BN_bin2bn(base(value), C.int(len(value)), nil) + bn := go_openssl_BN_bin2bn(base(value), int32(len(value)), nil) if bn == nil { b.err = newOpenSSLError("BN_bin2bn") return diff --git a/pbkdf2.go b/pbkdf2.go index 8a54d84d..3397e0e6 100644 --- a/pbkdf2.go +++ b/pbkdf2.go @@ -2,7 +2,6 @@ package openssl -// #include "goopenssl.h" import "C" import ( "errors" @@ -26,10 +25,10 @@ func SupportsPBKDF2() bool { // fetchPBKDF2 fetches the PBKDF2 algorithm. // It is safe to call this function concurrently. // The returned EVP_KDF_PTR shouldn't be freed. -var fetchPBKDF2 = sync.OnceValues(func() (C.GO_EVP_KDF_PTR, error) { +var fetchPBKDF2 = sync.OnceValues(func() (_EVP_KDF_PTR, error) { checkMajorVersion(3) - kdf := C.go_openssl_EVP_KDF_fetch(nil, _OSSL_KDF_NAME_PBKDF2.ptr(), nil) + kdf := go_openssl_EVP_KDF_fetch(nil, _OSSL_KDF_NAME_PBKDF2.ptr(), nil) if kdf == nil { return nil, newOpenSSLError("EVP_KDF_fetch") } @@ -46,7 +45,7 @@ func PBKDF2(password, salt []byte, iter, keyLen int, fh func() hash.Hash) ([]byt return nil, errors.New("unsupported hash function") } out := make([]byte, keyLen) - ok := C.go_openssl_PKCS5_PBKDF2_HMAC(sbase(password), C.int(len(password)), base(salt), C.int(len(salt)), C.int(iter), md, C.int(keyLen), base(out)) + ok := go_openssl_PKCS5_PBKDF2_HMAC(base(password), int32(len(password)), base(salt), int32(len(salt)), int32(iter), md, int32(keyLen), base(out)) if ok != 1 { return nil, newOpenSSLError("PKCS5_PBKDF2_HMAC") } diff --git a/rand.go b/rand.go index 9fd70963..15ffb4b9 100644 --- a/rand.go +++ b/rand.go @@ -2,16 +2,14 @@ package openssl -// #include "goopenssl.h" import "C" -import "unsafe" type randReader int func (randReader) Read(b []byte) (int, error) { // Note: RAND_bytes should never fail; the return value exists only for historical reasons. // We check it even so. - if len(b) > 0 && C.go_openssl_RAND_bytes((*C.uchar)(unsafe.Pointer(&b[0])), C.int(len(b))) == 0 { + if len(b) > 0 && go_openssl_RAND_bytes(base(b), int32(len(b))) == 0 { return 0, newOpenSSLError("RAND_bytes") } return len(b), nil diff --git a/rc4.go b/rc4.go index f1cd3647..0b921678 100644 --- a/rc4.go +++ b/rc4.go @@ -2,7 +2,6 @@ package openssl -// #include "goopenssl.h" import "C" import "runtime" @@ -15,7 +14,7 @@ func SupportsRC4() bool { // A RC4Cipher is an instance of RC4 using a particular key. type RC4Cipher struct { - ctx C.GO_EVP_CIPHER_CTX_PTR + ctx _EVP_CIPHER_CTX_PTR } // NewRC4Cipher creates and returns a new Cipher. @@ -31,14 +30,14 @@ func NewRC4Cipher(key []byte) (*RC4Cipher, error) { func (c *RC4Cipher) finalize() { if c.ctx != nil { - C.go_openssl_EVP_CIPHER_CTX_free(c.ctx) + go_openssl_EVP_CIPHER_CTX_free(c.ctx) } } // Reset zeros the key data and makes the Cipher unusable. func (c *RC4Cipher) Reset() { if c.ctx != nil { - C.go_openssl_EVP_CIPHER_CTX_free(c.ctx) + go_openssl_EVP_CIPHER_CTX_free(c.ctx) c.ctx = nil } } @@ -55,8 +54,8 @@ func (c *RC4Cipher) XORKeyStream(dst, src []byte) { // panic if len(dst) < len(src) with a runtime out of bound error, // which is what crypto/rc4 does. _ = dst[len(src)-1] - var outLen C.int - if C.go_openssl_EVP_EncryptUpdate(c.ctx, base(dst), &outLen, base(src), C.int(len(src))) != 1 { + var outLen int32 + if go_openssl_EVP_EncryptUpdate(c.ctx, base(dst), &outLen, base(src), int32(len(src))) != 1 { panic("crypto/cipher: EncryptUpdate failed") } if int(outLen) != len(src) { diff --git a/rsa.go b/rsa.go index a3fd96bc..5bd7d83f 100644 --- a/rsa.go +++ b/rsa.go @@ -2,7 +2,6 @@ package openssl -// #include "goopenssl.h" import "C" import ( "crypto" @@ -17,44 +16,44 @@ func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) { bad := func(e error) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) { return nil, nil, nil, nil, nil, nil, nil, nil, e } - pkey, err := generateEVPPKey(_EVP_PKEY_RSA, bits, "") + pkey, err := generateEVPPKey(_EVP_PKEY_RSA, int32(bits), "") if err != nil { return bad(err) } - defer C.go_openssl_EVP_PKEY_free(pkey) + defer go_openssl_EVP_PKEY_free(pkey) switch vMajor { case 1: - key := C.go_openssl_EVP_PKEY_get1_RSA(pkey) + key := go_openssl_EVP_PKEY_get1_RSA(pkey) if key == nil { return bad(newOpenSSLError("EVP_PKEY_get1_RSA failed")) } - defer C.go_openssl_RSA_free(key) - var n, e, d, p, q, dmp1, dmq1, iqmp C.GO_BIGNUM_PTR - C.go_openssl_RSA_get0_key(key, &n, &e, &d) - C.go_openssl_RSA_get0_factors(key, &p, &q) - C.go_openssl_RSA_get0_crt_params(key, &dmp1, &dmq1, &iqmp) + defer go_openssl_RSA_free(key) + var n, e, d, p, q, dmp1, dmq1, iqmp _BIGNUM_PTR + go_openssl_RSA_get0_key(key, &n, &e, &d) + go_openssl_RSA_get0_factors(key, &p, &q) + go_openssl_RSA_get0_crt_params(key, &dmp1, &dmq1, &iqmp) N, E, D = bnToBig(n), bnToBig(e), bnToBig(d) P, Q = bnToBig(p), bnToBig(q) Dp, Dq, Qinv = bnToBig(dmp1), bnToBig(dmq1), bnToBig(iqmp) case 3: - tmp := C.go_openssl_BN_new() + tmp := go_openssl_BN_new() if tmp == nil { return bad(newOpenSSLError("BN_new failed")) } defer func() { - C.go_openssl_BN_clear_free(tmp) + go_openssl_BN_clear_free(tmp) }() var err error setBigInt := func(bi *BigInt, param cString) bool { if err != nil { return false } - if C.go_openssl_EVP_PKEY_get_bn_param(pkey, param.ptr(), &tmp) != 1 { + if go_openssl_EVP_PKEY_get_bn_param(pkey, param.ptr(), &tmp) != 1 { err = newOpenSSLError("EVP_PKEY_get_bn_param failed") return false } *bi = bnToBig(tmp) - C.go_openssl_BN_clear(tmp) + go_openssl_BN_clear(tmp) return true } if !(setBigInt(&N, _OSSL_PKEY_PARAM_RSA_N) && @@ -75,28 +74,28 @@ func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) { type PublicKeyRSA struct { // _pkey MUST NOT be accessed directly. Instead, use the withKey method. - _pkey C.GO_EVP_PKEY_PTR + _pkey _EVP_PKEY_PTR } func NewPublicKeyRSA(n, e BigInt) (*PublicKeyRSA, error) { - var pkey C.GO_EVP_PKEY_PTR + var pkey _EVP_PKEY_PTR switch vMajor { case 1: - key := C.go_openssl_RSA_new() + key := go_openssl_RSA_new() if key == nil { return nil, newOpenSSLError("RSA_new failed") } - if C.go_openssl_RSA_set0_key(key, bigToBN(n), bigToBN(e), nil) != 1 { + if go_openssl_RSA_set0_key(key, bigToBN(n), bigToBN(e), nil) != 1 { return nil, fail("RSA_set0_key") } - pkey = C.go_openssl_EVP_PKEY_new() + pkey = go_openssl_EVP_PKEY_new() if pkey == nil { - C.go_openssl_RSA_free(key) + go_openssl_RSA_free(key) return nil, newOpenSSLError("EVP_PKEY_new failed") } - if C.go_openssl_EVP_PKEY_assign(pkey, _EVP_PKEY_RSA, (unsafe.Pointer)(key)) != 1 { - C.go_openssl_RSA_free(key) - C.go_openssl_EVP_PKEY_free(pkey) + if go_openssl_EVP_PKEY_assign(pkey, _EVP_PKEY_RSA, (unsafe.Pointer)(key)) != 1 { + go_openssl_RSA_free(key) + go_openssl_EVP_PKEY_free(pkey) return nil, newOpenSSLError("EVP_PKEY_assign failed") } case 3: @@ -113,10 +112,10 @@ func NewPublicKeyRSA(n, e BigInt) (*PublicKeyRSA, error) { } func (k *PublicKeyRSA) finalize() { - C.go_openssl_EVP_PKEY_free(k._pkey) + go_openssl_EVP_PKEY_free(k._pkey) } -func (k *PublicKeyRSA) withKey(f func(C.GO_EVP_PKEY_PTR) C.int) C.int { +func (k *PublicKeyRSA) withKey(f func(_EVP_PKEY_PTR) int32) int32 { // Because of the finalizer, any time _pkey is passed to cgo, that call must // be followed by a call to runtime.KeepAlive, to make sure k is not // collected (and finalized) before the cgo call returns. @@ -126,38 +125,38 @@ func (k *PublicKeyRSA) withKey(f func(C.GO_EVP_PKEY_PTR) C.int) C.int { type PrivateKeyRSA struct { // _pkey MUST NOT be accessed directly. Instead, use the withKey method. - _pkey C.GO_EVP_PKEY_PTR + _pkey _EVP_PKEY_PTR } func NewPrivateKeyRSA(n, e, d, p, q, dp, dq, qinv BigInt) (*PrivateKeyRSA, error) { - var pkey C.GO_EVP_PKEY_PTR + var pkey _EVP_PKEY_PTR switch vMajor { case 1: - key := C.go_openssl_RSA_new() + key := go_openssl_RSA_new() if key == nil { return nil, newOpenSSLError("RSA_new failed") } - if C.go_openssl_RSA_set0_key(key, bigToBN(n), bigToBN(e), bigToBN(d)) != 1 { + if go_openssl_RSA_set0_key(key, bigToBN(n), bigToBN(e), bigToBN(d)) != 1 { return nil, fail("RSA_set0_key") } if p != nil && q != nil { - if C.go_openssl_RSA_set0_factors(key, bigToBN(p), bigToBN(q)) != 1 { + if go_openssl_RSA_set0_factors(key, bigToBN(p), bigToBN(q)) != 1 { return nil, fail("RSA_set0_factors") } } if dp != nil && dq != nil && qinv != nil { - if C.go_openssl_RSA_set0_crt_params(key, bigToBN(dp), bigToBN(dq), bigToBN(qinv)) != 1 { + if go_openssl_RSA_set0_crt_params(key, bigToBN(dp), bigToBN(dq), bigToBN(qinv)) != 1 { return nil, fail("RSA_set0_crt_params") } } - pkey = C.go_openssl_EVP_PKEY_new() + pkey = go_openssl_EVP_PKEY_new() if pkey == nil { - C.go_openssl_RSA_free(key) + go_openssl_RSA_free(key) return nil, newOpenSSLError("EVP_PKEY_new failed") } - if C.go_openssl_EVP_PKEY_assign(pkey, _EVP_PKEY_RSA, (unsafe.Pointer)(key)) != 1 { - C.go_openssl_RSA_free(key) - C.go_openssl_EVP_PKEY_free(pkey) + if go_openssl_EVP_PKEY_assign(pkey, _EVP_PKEY_RSA, (unsafe.Pointer)(key)) != 1 { + go_openssl_RSA_free(key) + go_openssl_EVP_PKEY_free(pkey) return nil, newOpenSSLError("EVP_PKEY_assign failed") } case 3: @@ -174,10 +173,10 @@ func NewPrivateKeyRSA(n, e, d, p, q, dp, dq, qinv BigInt) (*PrivateKeyRSA, error } func (k *PrivateKeyRSA) finalize() { - C.go_openssl_EVP_PKEY_free(k._pkey) + go_openssl_EVP_PKEY_free(k._pkey) } -func (k *PrivateKeyRSA) withKey(f func(C.GO_EVP_PKEY_PTR) C.int) C.int { +func (k *PrivateKeyRSA) withKey(f func(_EVP_PKEY_PTR) int32) int32 { // Because of the finalizer, any time _pkey is passed to cgo, that call must // be followed by a call to runtime.KeepAlive, to make sure k is not // collected (and finalized) before the cgo call returns. @@ -229,7 +228,7 @@ func EncryptRSANoPadding(pub *PublicKeyRSA, msg []byte) ([]byte, error) { return evpEncrypt(pub.withKey, _RSA_NO_PADDING, nil, nil, nil, msg) } -func saltLength(saltLen int, sign bool) (C.int, error) { +func saltLength(saltLen int, sign bool) (int32, error) { // A salt length of -2 is valid in OpenSSL, but not in crypto/rsa, so reject // it, and lengths < -2, before we convert to the OpenSSL sentinel values. if saltLen <= -2 { @@ -250,7 +249,7 @@ func saltLength(saltLen int, sign bool) (C.int, error) { // OpenSSL uses -2 to mean auto-detect size when verifying where Go crypto uses 0. return _RSA_PSS_SALTLEN_AUTO, nil } - return C.int(saltLen), nil + return int32(saltLen), nil } func SignRSAPSS(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { @@ -278,8 +277,8 @@ func HashSignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, msg []byte) ([]byte } func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { - if pub.withKey(func(pkey C.GO_EVP_PKEY_PTR) C.int { - size := C.go_openssl_EVP_PKEY_get_size(pkey) + if pub.withKey(func(pkey _EVP_PKEY_PTR) int32 { + size := go_openssl_EVP_PKEY_get_size(pkey) if len(sig) < int(size) { return 0 } @@ -294,7 +293,7 @@ func HashVerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, msg, sig []byte) er return evpHashVerify(pub.withKey, h, msg, sig) } -func newRSAKey3(isPriv bool, n, e, d, p, q, dp, dq, qinv BigInt) (C.GO_EVP_PKEY_PTR, error) { +func newRSAKey3(isPriv bool, n, e, d, p, q, dp, dq, qinv BigInt) (_EVP_PKEY_PTR, error) { bld, err := newParamBuilder() if err != nil { return nil, err @@ -328,10 +327,10 @@ func newRSAKey3(isPriv bool, n, e, d, p, q, dp, dq, qinv BigInt) (C.GO_EVP_PKEY_ if err != nil { return nil, err } - defer C.go_openssl_OSSL_PARAM_free(params) + defer go_openssl_OSSL_PARAM_free(params) selection := _EVP_PKEY_PUBLIC_KEY if isPriv { selection = _EVP_PKEY_KEYPAIR } - return newEvpFromParams(_EVP_PKEY_RSA, C.int(selection), params) + return newEvpFromParams(_EVP_PKEY_RSA, int32(selection), params) } diff --git a/shims.h b/shims.h index f747a2f8..4fb29502 100644 --- a/shims.h +++ b/shims.h @@ -1,314 +1,375 @@ +// This header file is used by the mkcgo tool to generate cgo and Go bindings for the +// OpenSSL C API. Run "go generate ." to regenerate the bindings. + #include // size_t #include // uint64_t -typedef int point_conversion_form_t; - -typedef void* GO_OPENSSL_INIT_SETTINGS_PTR; -typedef void* GO_OSSL_LIB_CTX_PTR; -typedef void* GO_OSSL_PROVIDER_PTR; -typedef void* GO_ENGINE_PTR; -typedef void* GO_EVP_PKEY_PTR; -typedef void* GO_EVP_PKEY_CTX_PTR; -typedef void* GO_EVP_MD_PTR; -typedef void* GO_EVP_MD_CTX_PTR; -typedef void* GO_HMAC_CTX_PTR; -typedef void* GO_EVP_CIPHER_PTR; -typedef void* GO_EVP_CIPHER_CTX_PTR; -typedef void* GO_EC_KEY_PTR; -typedef void* GO_EC_POINT_PTR; -typedef void* GO_EC_GROUP_PTR; -typedef void* GO_RSA_PTR; -typedef void* GO_BIGNUM_PTR; -typedef void* GO_BN_CTX_PTR; -typedef void* GO_EVP_MAC_PTR; -typedef void* GO_EVP_MAC_CTX_PTR; -typedef void* GO_OSSL_PARAM_BLD_PTR; -typedef void* GO_OSSL_PARAM_PTR; -typedef void* GO_CRYPTO_THREADID_PTR; -typedef void* GO_EVP_SIGNATURE_PTR; -typedef void* GO_DSA_PTR; -typedef void* GO_EVP_KDF_PTR; -typedef void* GO_EVP_KDF_CTX_PTR; - -// #include -typedef void* GO_MD5_CTX_PTR; - -// #include -typedef void* GO_SHA_CTX_PTR; - -// FOR_ALL_OPENSSL_FUNCTIONS is the list of all functions from libcrypto that are used in this package. -// Forgetting to add a function here results in build failure with message reporting the function -// that needs to be added. -// -// The purpose of FOR_ALL_OPENSSL_FUNCTIONS is to define all libcrypto functions -// without depending on the openssl headers so it is easier to use this package -// with an openssl version different that the one used at build time. -// -// The following macros may not be defined at this point, -// they are not resolved here but just accumulated in FOR_ALL_OPENSSL_FUNCTIONS. -// -// DEFINEFUNC defines and loads openssl functions that can be directly called from Go as their signatures match -// the OpenSSL API and do not require special logic. -// The process will be aborted if the function can't be loaded. -// -// DEFINEFUNC_LEGACY_1_1 acts like DEFINEFUNC but only aborts the process if the function can't be loaded -// when using 1.1.x. This indicates the function is required when using 1.1.x, but is unused when using later versions. -// It also might not exist in later versions. -// -// DEFINEFUNC_LEGACY_1 acts like DEFINEFUNC but only aborts the process if the function can't be loaded -// when using 1.x. This indicates the function is required when using 1.x, but is unused when using later versions. -// It also might not exist in later versions. -// -// DEFINEFUNC_1_1_1 acts like DEFINEFUNC but only aborts the process if function can't be loaded -// when using 1.1.1 or higher. -// -// DEFINEFUNC_3_0 acts like DEFINEFUNC but only aborts the process if function can't be loaded -// when using 3.0.0 or higher. -// -// DEFINEFUNC_RENAMED_3_0 acts like DEFINEFUNC but tries to load the function using the new name when using >= 3.x -// and the old name when using 1.x. In both cases the function will have the new name. -// -// DEFINEFUNC_VARIADIC_3_0 acts like DEFINEFUNC but creates an alias with a more specific signature. -// This is necessary to call variadic functions (functions that accept a variable number of arguments) -// because variadic functions are not directly compatible with cgo. By defining a cgo-compatible alias -// for each desired signature, the C compiler handles the variadic arguments rather than cgo. -// Variadic functions are the only known incompatibility of this kind. -// If you use this macro for a different reason, consider renaming it to something more general first. -// See https://github.com/golang/go/issues/975. -// The process is aborted if the function can't be loaded when using 3.0.0 or higher. -// +// The following includes are used by the checkheader tool. // #include -// #include +// #include +// #include +// #include +// #include // #include +// #include // #include -// #include // #include -// #include // #include -// #include // #if OPENSSL_VERSION_NUMBER >= 0x30000000L +// #include // #include // #include // #endif // #if OPENSSL_VERSION_NUMBER < 0x10100000L // #include // #endif -#define FOR_ALL_OPENSSL_FUNCTIONS \ -DEFINEFUNC(void, ERR_error_string_n, (unsigned long e, char *buf, size_t len), (e, buf, len)) \ -DEFINEFUNC(void, ERR_clear_error, (void), ()) \ -DEFINEFUNC_LEGACY_1(unsigned long, ERR_get_error_line, (const char **file, int *line), (file, line)) \ -DEFINEFUNC_3_0(unsigned long, ERR_get_error_all, (const char **file, int *line, const char **func, const char **data, int *flags), (file, line, func, data, flags)) \ -DEFINEFUNC(const char *, OpenSSL_version, (int type), (type)) \ -DEFINEFUNC(void, OPENSSL_init, (void), ()) \ -/* CRYPTO_malloc argument num changes from int to size_t in OpenSSL 1.1.0, */ \ -/* and CRYPTO_free has file and line arguments added. */ \ -/* Exclude them from headercheck tool when using previous OpenSSL versions. */ \ -DEFINEFUNC(void *, CRYPTO_malloc, (size_t num, const char *file, int line), (num, file, line)) \ -DEFINEFUNC(void, CRYPTO_free, (void *str, const char *file, int line), (str, file, line)) \ -DEFINEFUNC(int, OPENSSL_init_crypto, (uint64_t ops, const GO_OPENSSL_INIT_SETTINGS_PTR settings), (ops, settings)) \ -DEFINEFUNC_LEGACY_1(int, FIPS_mode, (void), ()) \ -DEFINEFUNC_LEGACY_1(int, FIPS_mode_set, (int r), (r)) \ -DEFINEFUNC_3_0(int, EVP_default_properties_is_fips_enabled, (GO_OSSL_LIB_CTX_PTR libctx), (libctx)) \ -DEFINEFUNC_3_0(int, EVP_default_properties_enable_fips, (GO_OSSL_LIB_CTX_PTR libctx, int enable), (libctx, enable)) \ -DEFINEFUNC_3_0(int, OSSL_PROVIDER_available, (GO_OSSL_LIB_CTX_PTR libctx, const char *name), (libctx, name)) \ -DEFINEFUNC_3_0(GO_OSSL_PROVIDER_PTR, OSSL_PROVIDER_try_load, (GO_OSSL_LIB_CTX_PTR libctx, const char *name, int retain_fallbacks), (libctx, name, retain_fallbacks)) \ -DEFINEFUNC_3_0(const char *, OSSL_PROVIDER_get0_name, (const GO_OSSL_PROVIDER_PTR prov), (prov)) \ -DEFINEFUNC_3_0(GO_EVP_MD_PTR, EVP_MD_fetch, (GO_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties), (ctx, algorithm, properties)) \ -DEFINEFUNC_3_0(void, EVP_MD_free, (GO_EVP_MD_PTR md), (md)) \ -DEFINEFUNC_3_0(const char *, EVP_MD_get0_name, (const GO_EVP_MD_PTR md), (md)) \ -DEFINEFUNC_3_0(int, EVP_MD_get_type, (const GO_EVP_MD_PTR md), (md)) \ -DEFINEFUNC_3_0(const GO_OSSL_PROVIDER_PTR, EVP_MD_get0_provider, (const GO_EVP_MD_PTR md), (md)) \ -DEFINEFUNC_RENAMED_3_0(int, EVP_MD_get_size, EVP_MD_size, (const GO_EVP_MD_PTR md), (md)) \ -DEFINEFUNC_RENAMED_3_0(int, EVP_MD_get_block_size, EVP_MD_block_size, (const GO_EVP_MD_PTR md), (md)) \ -DEFINEFUNC(int, RAND_bytes, (unsigned char *arg0, int arg1), (arg0, arg1)) \ -DEFINEFUNC(GO_EVP_MD_CTX_PTR, EVP_MD_CTX_new, (void), ()) \ -DEFINEFUNC(void, EVP_MD_CTX_free, (GO_EVP_MD_CTX_PTR ctx), (ctx)) \ -DEFINEFUNC(int, EVP_MD_CTX_copy, (GO_EVP_MD_CTX_PTR out, const GO_EVP_MD_CTX_PTR in), (out, in)) \ -DEFINEFUNC(int, EVP_MD_CTX_copy_ex, (GO_EVP_MD_CTX_PTR out, const GO_EVP_MD_CTX_PTR in), (out, in)) \ -DEFINEFUNC(int, EVP_Digest, (const void *data, size_t count, unsigned char *md, unsigned int *size, const GO_EVP_MD_PTR type, GO_ENGINE_PTR impl), (data, count, md, size, type, impl)) \ -DEFINEFUNC(int, EVP_DigestInit_ex, (GO_EVP_MD_CTX_PTR ctx, const GO_EVP_MD_PTR type, GO_ENGINE_PTR impl), (ctx, type, impl)) \ -DEFINEFUNC(int, EVP_DigestInit, (GO_EVP_MD_CTX_PTR ctx, const GO_EVP_MD_PTR type), (ctx, type)) \ -DEFINEFUNC(int, EVP_DigestUpdate, (GO_EVP_MD_CTX_PTR ctx, const void *d, size_t cnt), (ctx, d, cnt)) \ -DEFINEFUNC(int, EVP_DigestFinal_ex, (GO_EVP_MD_CTX_PTR ctx, unsigned char *md, unsigned int *s), (ctx, md, s)) \ -DEFINEFUNC_1_1_1(int, EVP_DigestSign, (GO_EVP_MD_CTX_PTR ctx, unsigned char *sigret, size_t *siglen, const unsigned char *tbs, size_t tbslen), (ctx, sigret, siglen, tbs, tbslen)) \ -DEFINEFUNC(int, EVP_DigestSignInit, (GO_EVP_MD_CTX_PTR ctx, GO_EVP_PKEY_CTX_PTR *pctx, const GO_EVP_MD_PTR type, GO_ENGINE_PTR e, GO_EVP_PKEY_PTR pkey), (ctx, pctx, type, e, pkey)) \ -DEFINEFUNC(int, EVP_DigestSignFinal, (GO_EVP_MD_CTX_PTR ctx, unsigned char *sig, size_t *siglen), (ctx, sig, siglen)) \ -DEFINEFUNC(int, EVP_DigestVerifyInit, (GO_EVP_MD_CTX_PTR ctx, GO_EVP_PKEY_CTX_PTR *pctx, const GO_EVP_MD_PTR type, GO_ENGINE_PTR e, GO_EVP_PKEY_PTR pkey), (ctx, pctx, type, e, pkey)) \ -DEFINEFUNC(int, EVP_DigestVerifyFinal, (GO_EVP_MD_CTX_PTR ctx, const unsigned char *sig, size_t siglen), (ctx, sig, siglen)) \ -DEFINEFUNC_1_1_1(int, EVP_DigestVerify, (GO_EVP_MD_CTX_PTR ctx, const unsigned char *sigret, size_t siglen, const unsigned char *tbs, size_t tbslen), (ctx, sigret, siglen, tbs, tbslen)) \ -DEFINEFUNC(const GO_EVP_MD_PTR, EVP_md5_sha1, (void), ()) \ -DEFINEFUNC(const GO_EVP_MD_PTR, EVP_ripemd160, (void), ()) \ -DEFINEFUNC(const GO_EVP_MD_PTR, EVP_md4, (void), ()) \ -DEFINEFUNC(const GO_EVP_MD_PTR, EVP_md5, (void), ()) \ -DEFINEFUNC(const GO_EVP_MD_PTR, EVP_sha1, (void), ()) \ -DEFINEFUNC(const GO_EVP_MD_PTR, EVP_sha224, (void), ()) \ -DEFINEFUNC(const GO_EVP_MD_PTR, EVP_sha256, (void), ()) \ -DEFINEFUNC(const GO_EVP_MD_PTR, EVP_sha384, (void), ()) \ -DEFINEFUNC(const GO_EVP_MD_PTR, EVP_sha512, (void), ()) \ -DEFINEFUNC_1_1_1(const GO_EVP_MD_PTR, EVP_sha512_224, (void), ()) \ -DEFINEFUNC_1_1_1(const GO_EVP_MD_PTR, EVP_sha512_256, (void), ()) \ -DEFINEFUNC_1_1_1(const GO_EVP_MD_PTR, EVP_sha3_224, (void), ()) \ -DEFINEFUNC_1_1_1(const GO_EVP_MD_PTR, EVP_sha3_256, (void), ()) \ -DEFINEFUNC_1_1_1(const GO_EVP_MD_PTR, EVP_sha3_384, (void), ()) \ -DEFINEFUNC_1_1_1(const GO_EVP_MD_PTR, EVP_sha3_512, (void), ()) \ -DEFINEFUNC_LEGACY_1(int, HMAC_Init_ex, (GO_HMAC_CTX_PTR arg0, const void *arg1, int arg2, const GO_EVP_MD_PTR arg3, GO_ENGINE_PTR arg4), (arg0, arg1, arg2, arg3, arg4)) \ -DEFINEFUNC_LEGACY_1(int, HMAC_Update, (GO_HMAC_CTX_PTR arg0, const unsigned char *arg1, size_t arg2), (arg0, arg1, arg2)) \ -DEFINEFUNC_LEGACY_1(int, HMAC_Final, (GO_HMAC_CTX_PTR arg0, unsigned char *arg1, unsigned int *arg2), (arg0, arg1, arg2)) \ -DEFINEFUNC_LEGACY_1(int, HMAC_CTX_copy, (GO_HMAC_CTX_PTR dest, GO_HMAC_CTX_PTR src), (dest, src)) \ -DEFINEFUNC_LEGACY_1_1(void, HMAC_CTX_free, (GO_HMAC_CTX_PTR arg0), (arg0)) \ -DEFINEFUNC_LEGACY_1_1(GO_HMAC_CTX_PTR, HMAC_CTX_new, (void), ()) \ -DEFINEFUNC(GO_EVP_CIPHER_CTX_PTR, EVP_CIPHER_CTX_new, (void), ()) \ -DEFINEFUNC(int, EVP_CIPHER_CTX_set_padding, (GO_EVP_CIPHER_CTX_PTR x, int padding), (x, padding)) \ -DEFINEFUNC(int, EVP_CipherInit_ex, (GO_EVP_CIPHER_CTX_PTR ctx, const GO_EVP_CIPHER_PTR type, GO_ENGINE_PTR impl, const unsigned char *key, const unsigned char *iv, int enc), (ctx, type, impl, key, iv, enc)) \ -DEFINEFUNC(int, EVP_CipherUpdate, (GO_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl, const unsigned char *in, int inl), (ctx, out, outl, in, inl)) \ -DEFINEFUNC(int, EVP_EncryptInit_ex, (GO_EVP_CIPHER_CTX_PTR ctx, const GO_EVP_CIPHER_PTR type, GO_ENGINE_PTR impl, const unsigned char *key, const unsigned char *iv), (ctx, type, impl, key, iv)) \ -DEFINEFUNC(int, EVP_EncryptUpdate, (GO_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl, const unsigned char *in, int inl), (ctx, out, outl, in, inl)) \ -DEFINEFUNC(int, EVP_EncryptFinal_ex, (GO_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl), (ctx, out, outl)) \ -DEFINEFUNC(int, EVP_DecryptInit_ex, (GO_EVP_CIPHER_CTX_PTR ctx, const GO_EVP_CIPHER_PTR type, GO_ENGINE_PTR impl, const unsigned char *key, const unsigned char *iv), (ctx, type, impl, key, iv)) \ -DEFINEFUNC(int, EVP_DecryptUpdate, (GO_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl, const unsigned char *in, int inl), (ctx, out, outl, in, inl)) \ -DEFINEFUNC(int, EVP_DecryptFinal_ex, (GO_EVP_CIPHER_CTX_PTR ctx, unsigned char *outm, int *outl), (ctx, outm, outl)) \ -DEFINEFUNC_3_0(GO_EVP_CIPHER_PTR, EVP_CIPHER_fetch, (GO_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties), (ctx, algorithm, properties)) \ -DEFINEFUNC_3_0(const char *, EVP_CIPHER_get0_name, (const GO_EVP_CIPHER_PTR cipher), (cipher)) \ -DEFINEFUNC(const GO_EVP_CIPHER_PTR, EVP_aes_128_gcm, (void), ()) \ -DEFINEFUNC(const GO_EVP_CIPHER_PTR, EVP_aes_128_cbc, (void), ()) \ -DEFINEFUNC(const GO_EVP_CIPHER_PTR, EVP_aes_128_ctr, (void), ()) \ -DEFINEFUNC(const GO_EVP_CIPHER_PTR, EVP_aes_128_ecb, (void), ()) \ -DEFINEFUNC(const GO_EVP_CIPHER_PTR, EVP_aes_192_gcm, (void), ()) \ -DEFINEFUNC(const GO_EVP_CIPHER_PTR, EVP_aes_192_cbc, (void), ()) \ -DEFINEFUNC(const GO_EVP_CIPHER_PTR, EVP_aes_192_ctr, (void), ()) \ -DEFINEFUNC(const GO_EVP_CIPHER_PTR, EVP_aes_192_ecb, (void), ()) \ -DEFINEFUNC(const GO_EVP_CIPHER_PTR, EVP_aes_256_cbc, (void), ()) \ -DEFINEFUNC(const GO_EVP_CIPHER_PTR, EVP_aes_256_ctr, (void), ()) \ -DEFINEFUNC(const GO_EVP_CIPHER_PTR, EVP_aes_256_ecb, (void), ()) \ -DEFINEFUNC(const GO_EVP_CIPHER_PTR, EVP_aes_256_gcm, (void), ()) \ -DEFINEFUNC(const GO_EVP_CIPHER_PTR, EVP_des_ecb, (void), ()) \ -DEFINEFUNC(const GO_EVP_CIPHER_PTR, EVP_des_cbc, (void), ()) \ -DEFINEFUNC(const GO_EVP_CIPHER_PTR, EVP_des_ede3_ecb, (void), ()) \ -DEFINEFUNC(const GO_EVP_CIPHER_PTR, EVP_des_ede3_cbc, (void), ()) \ -DEFINEFUNC(const GO_EVP_CIPHER_PTR, EVP_rc4, (void), ()) \ -DEFINEFUNC_RENAMED_3_0(int, EVP_CIPHER_get_block_size, EVP_CIPHER_block_size, (const GO_EVP_CIPHER_PTR cipher), (cipher)) \ -DEFINEFUNC(int, EVP_CIPHER_CTX_set_key_length, (GO_EVP_CIPHER_CTX_PTR x, int keylen), (x, keylen)) \ -DEFINEFUNC(void, EVP_CIPHER_CTX_free, (GO_EVP_CIPHER_CTX_PTR arg0), (arg0)) \ -DEFINEFUNC(int, EVP_CIPHER_CTX_ctrl, (GO_EVP_CIPHER_CTX_PTR ctx, int type, int arg, void *ptr), (ctx, type, arg, ptr)) \ -DEFINEFUNC(GO_EVP_PKEY_PTR, EVP_PKEY_new, (void), ()) \ -DEFINEFUNC_1_1_1(GO_EVP_PKEY_PTR, EVP_PKEY_new_raw_private_key, (int type, GO_ENGINE_PTR e, const unsigned char *key, size_t keylen), (type, e, key, keylen)) \ -DEFINEFUNC_1_1_1(GO_EVP_PKEY_PTR, EVP_PKEY_new_raw_public_key, (int type, GO_ENGINE_PTR e, const unsigned char *key, size_t keylen), (type, e, key, keylen)) \ -/* EVP_PKEY_size and EVP_PKEY_get_bits pkey parameter is const since OpenSSL 1.1.1. */ \ -/* Exclude it from headercheck tool when using previous OpenSSL versions. */ \ -/*check:from=1.1.1*/ DEFINEFUNC_RENAMED_3_0(int, EVP_PKEY_get_size, EVP_PKEY_size, (const GO_EVP_PKEY_PTR pkey), (pkey)) \ -/*check:from=1.1.1*/ DEFINEFUNC_RENAMED_3_0(int, EVP_PKEY_get_bits, EVP_PKEY_bits, (const GO_EVP_PKEY_PTR pkey), (pkey)) \ -DEFINEFUNC(void, EVP_PKEY_free, (GO_EVP_PKEY_PTR arg0), (arg0)) \ -DEFINEFUNC_LEGACY_1(GO_RSA_PTR, EVP_PKEY_get1_RSA, (GO_EVP_PKEY_PTR pkey), (pkey)) \ -DEFINEFUNC_LEGACY_1(int, EVP_PKEY_assign, (GO_EVP_PKEY_PTR pkey, int type, void *key), (pkey, type, key)) \ -DEFINEFUNC(int, EVP_PKEY_verify, (GO_EVP_PKEY_CTX_PTR ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen), (ctx, sig, siglen, tbs, tbslen)) \ -DEFINEFUNC(GO_EVP_PKEY_CTX_PTR, EVP_PKEY_CTX_new, (GO_EVP_PKEY_PTR arg0, GO_ENGINE_PTR arg1), (arg0, arg1)) \ -DEFINEFUNC(GO_EVP_PKEY_CTX_PTR, EVP_PKEY_CTX_new_id, (int id, GO_ENGINE_PTR e), (id, e)) \ -DEFINEFUNC_3_0(GO_EVP_PKEY_CTX_PTR, EVP_PKEY_CTX_new_from_pkey, (GO_OSSL_LIB_CTX_PTR libctx, GO_EVP_PKEY_PTR pkey, const char *propquery), (libctx, pkey, propquery)) \ -DEFINEFUNC(int, EVP_PKEY_paramgen_init, (GO_EVP_PKEY_CTX_PTR ctx), (ctx)) \ -DEFINEFUNC(int, EVP_PKEY_paramgen, (GO_EVP_PKEY_CTX_PTR ctx, GO_EVP_PKEY_PTR *ppkey), (ctx, ppkey)) \ -DEFINEFUNC(int, EVP_PKEY_keygen_init, (GO_EVP_PKEY_CTX_PTR ctx), (ctx)) \ -DEFINEFUNC(int, EVP_PKEY_keygen, (GO_EVP_PKEY_CTX_PTR ctx, GO_EVP_PKEY_PTR *ppkey), (ctx, ppkey)) \ -DEFINEFUNC_VARIADIC_3_0(GO_EVP_PKEY_PTR, EVP_PKEY_Q_keygen, EVP_PKEY_Q_keygen, (GO_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type), (ctx, propq, type)) \ -DEFINEFUNC_VARIADIC_3_0(GO_EVP_PKEY_PTR, EVP_PKEY_Q_keygen, EVP_PKEY_Q_keygen_RSA, (GO_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type, size_t arg1), (ctx, propq, type, arg1)) \ -DEFINEFUNC_VARIADIC_3_0(GO_EVP_PKEY_PTR, EVP_PKEY_Q_keygen, EVP_PKEY_Q_keygen_EC, (GO_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type, const char *arg1), (ctx, propq, type, arg1)) \ -DEFINEFUNC(void, EVP_PKEY_CTX_free, (GO_EVP_PKEY_CTX_PTR arg0), (arg0)) \ -DEFINEFUNC(int, EVP_PKEY_CTX_ctrl, (GO_EVP_PKEY_CTX_PTR ctx, int keytype, int optype, int cmd, int p1, void *p2), (ctx, keytype, optype, cmd, p1, p2)) \ -DEFINEFUNC(int, EVP_PKEY_decrypt, (GO_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4), (arg0, arg1, arg2, arg3, arg4)) \ -DEFINEFUNC(int, EVP_PKEY_encrypt, (GO_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4), (arg0, arg1, arg2, arg3, arg4)) \ -DEFINEFUNC(int, EVP_PKEY_decrypt_init, (GO_EVP_PKEY_CTX_PTR arg0), (arg0)) \ -DEFINEFUNC(int, EVP_PKEY_encrypt_init, (GO_EVP_PKEY_CTX_PTR arg0), (arg0)) \ -DEFINEFUNC(int, EVP_PKEY_sign_init, (GO_EVP_PKEY_CTX_PTR arg0), (arg0)) \ -DEFINEFUNC(int, EVP_PKEY_verify_init, (GO_EVP_PKEY_CTX_PTR arg0), (arg0)) \ -DEFINEFUNC(int, EVP_PKEY_sign, (GO_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4), (arg0, arg1, arg2, arg3, arg4)) \ -DEFINEFUNC(int, EVP_PKEY_derive_init, (GO_EVP_PKEY_CTX_PTR ctx), (ctx)) \ -DEFINEFUNC(int, EVP_PKEY_derive_set_peer, (GO_EVP_PKEY_CTX_PTR ctx, GO_EVP_PKEY_PTR peer), (ctx, peer)) \ -DEFINEFUNC(int, EVP_PKEY_derive, (GO_EVP_PKEY_CTX_PTR ctx, unsigned char *key, size_t *keylen), (ctx, key, keylen)) \ -DEFINEFUNC_3_0(int, EVP_PKEY_public_check_quick, (GO_EVP_PKEY_CTX_PTR ctx), (ctx)) \ -DEFINEFUNC_3_0(int, EVP_PKEY_private_check, (GO_EVP_PKEY_CTX_PTR ctx), (ctx)) \ -DEFINEFUNC_LEGACY_1_1(GO_EC_KEY_PTR, EVP_PKEY_get0_EC_KEY, (GO_EVP_PKEY_PTR pkey), (pkey)) \ -DEFINEFUNC_LEGACY_1_1(GO_DSA_PTR, EVP_PKEY_get0_DSA, (GO_EVP_PKEY_PTR pkey), (pkey)) \ -DEFINEFUNC_3_0(int, EVP_PKEY_fromdata_init, (GO_EVP_PKEY_CTX_PTR ctx), (ctx)) \ -DEFINEFUNC_3_0(int, EVP_PKEY_fromdata, (GO_EVP_PKEY_CTX_PTR ctx, GO_EVP_PKEY_PTR *pkey, int selection, GO_OSSL_PARAM_PTR params), (ctx, pkey, selection, params)) \ -DEFINEFUNC_3_0(int, EVP_PKEY_set1_encoded_public_key, (GO_EVP_PKEY_PTR pkey, const unsigned char *pub, size_t publen), (pkey, pub, publen)) \ -DEFINEFUNC_3_0(size_t, EVP_PKEY_get1_encoded_public_key, (GO_EVP_PKEY_PTR pkey, unsigned char **ppub), (pkey, ppub)) \ -DEFINEFUNC_3_0(int, EVP_PKEY_get_bn_param, (const GO_EVP_PKEY_PTR pkey, const char *key_name, GO_BIGNUM_PTR *bn), (pkey, key_name, bn)) \ -DEFINEFUNC_LEGACY_1(GO_RSA_PTR, RSA_new, (void), ()) \ -DEFINEFUNC_LEGACY_1(void, RSA_free, (GO_RSA_PTR arg0), (arg0)) \ -DEFINEFUNC_LEGACY_1_1(int, RSA_set0_factors, (GO_RSA_PTR rsa, GO_BIGNUM_PTR p, GO_BIGNUM_PTR q), (rsa, p, q)) \ -DEFINEFUNC_LEGACY_1_1(int, RSA_set0_crt_params, (GO_RSA_PTR rsa, GO_BIGNUM_PTR dmp1, GO_BIGNUM_PTR dmp2, GO_BIGNUM_PTR iqmp), (rsa, dmp1, dmp2, iqmp)) \ -DEFINEFUNC_LEGACY_1_1(void, RSA_get0_crt_params, (const GO_RSA_PTR r, const GO_BIGNUM_PTR *dmp1, const GO_BIGNUM_PTR *dmq1, const GO_BIGNUM_PTR *iqmp), (r, dmp1, dmq1, iqmp)) \ -DEFINEFUNC_LEGACY_1_1(int, RSA_set0_key, (GO_RSA_PTR r, GO_BIGNUM_PTR n, GO_BIGNUM_PTR e, GO_BIGNUM_PTR d), (r, n, e, d)) \ -DEFINEFUNC_LEGACY_1_1(void, RSA_get0_factors, (const GO_RSA_PTR rsa, const GO_BIGNUM_PTR *p, const GO_BIGNUM_PTR *q), (rsa, p, q)) \ -DEFINEFUNC_LEGACY_1_1(void, RSA_get0_key, (const GO_RSA_PTR rsa, const GO_BIGNUM_PTR *n, const GO_BIGNUM_PTR *e, const GO_BIGNUM_PTR *d), (rsa, n, e, d)) \ -DEFINEFUNC(GO_BIGNUM_PTR, BN_new, (void), ()) \ -DEFINEFUNC(void, BN_free, (GO_BIGNUM_PTR arg0), (arg0)) \ -DEFINEFUNC(void, BN_clear, (GO_BIGNUM_PTR arg0), (arg0)) \ -DEFINEFUNC(void, BN_clear_free, (GO_BIGNUM_PTR arg0), (arg0)) \ -DEFINEFUNC(int, BN_num_bits, (const GO_BIGNUM_PTR arg0), (arg0)) \ -DEFINEFUNC(GO_BIGNUM_PTR, BN_bin2bn, (const unsigned char *arg0, int arg1, GO_BIGNUM_PTR arg2), (arg0, arg1, arg2)) \ -DEFINEFUNC(GO_BIGNUM_PTR, BN_lebin2bn, (const unsigned char *s, int len, GO_BIGNUM_PTR ret), (s, len, ret)) \ -DEFINEFUNC(int, BN_bn2lebinpad, (const GO_BIGNUM_PTR a, unsigned char *to, int tolen), (a, to, tolen)) \ -DEFINEFUNC(int, BN_bn2binpad, (const GO_BIGNUM_PTR a, unsigned char *to, int tolen), (a, to, tolen)) \ -DEFINEFUNC_LEGACY_1(int, EC_KEY_set_public_key_affine_coordinates, (GO_EC_KEY_PTR key, GO_BIGNUM_PTR x, GO_BIGNUM_PTR y), (key, x, y)) \ -DEFINEFUNC_LEGACY_1(int, EC_KEY_set_public_key, (GO_EC_KEY_PTR key, const GO_EC_POINT_PTR pub), (key, pub)) \ -DEFINEFUNC_LEGACY_1(void, EC_KEY_free, (GO_EC_KEY_PTR arg0), (arg0)) \ -DEFINEFUNC_LEGACY_1(const GO_EC_GROUP_PTR, EC_KEY_get0_group, (const GO_EC_KEY_PTR arg0), (arg0)) \ -DEFINEFUNC_LEGACY_1(const GO_BIGNUM_PTR, EC_KEY_get0_private_key, (const GO_EC_KEY_PTR arg0), (arg0)) \ -DEFINEFUNC_LEGACY_1(const GO_EC_POINT_PTR, EC_KEY_get0_public_key, (const GO_EC_KEY_PTR arg0), (arg0)) \ -DEFINEFUNC_LEGACY_1(GO_EC_KEY_PTR, EC_KEY_new_by_curve_name, (int arg0), (arg0)) \ -DEFINEFUNC_LEGACY_1(int, EC_KEY_set_private_key, (GO_EC_KEY_PTR arg0, const GO_BIGNUM_PTR arg1), (arg0, arg1)) \ -DEFINEFUNC_LEGACY_1(int, EC_KEY_check_key, (const GO_EC_KEY_PTR key), (key)) \ -DEFINEFUNC(GO_EC_POINT_PTR, EC_POINT_new, (const GO_EC_GROUP_PTR arg0), (arg0)) \ -DEFINEFUNC(void, EC_POINT_free, (GO_EC_POINT_PTR arg0), (arg0)) \ -DEFINEFUNC(int, EC_POINT_mul, (const GO_EC_GROUP_PTR group, GO_EC_POINT_PTR r, const GO_BIGNUM_PTR n, const GO_EC_POINT_PTR q, const GO_BIGNUM_PTR m, GO_BN_CTX_PTR ctx), (group, r, n, q, m, ctx)) \ -DEFINEFUNC_LEGACY_1(int, EC_POINT_get_affine_coordinates_GFp, (const GO_EC_GROUP_PTR arg0, const GO_EC_POINT_PTR arg1, GO_BIGNUM_PTR arg2, GO_BIGNUM_PTR arg3, GO_BN_CTX_PTR arg4), (arg0, arg1, arg2, arg3, arg4)) \ -DEFINEFUNC_3_0(int, EC_POINT_set_affine_coordinates, (const GO_EC_GROUP_PTR arg0, GO_EC_POINT_PTR arg1, const GO_BIGNUM_PTR arg2, const GO_BIGNUM_PTR arg3, GO_BN_CTX_PTR arg4), (arg0, arg1, arg2, arg3, arg4)) \ -DEFINEFUNC(size_t, EC_POINT_point2oct, (const GO_EC_GROUP_PTR group, const GO_EC_POINT_PTR p, point_conversion_form_t form, unsigned char *buf, size_t len, GO_BN_CTX_PTR ctx), (group, p, form, buf, len, ctx)) \ -DEFINEFUNC(int, EC_POINT_oct2point, (const GO_EC_GROUP_PTR group, GO_EC_POINT_PTR p, const unsigned char *buf, size_t len, GO_BN_CTX_PTR ctx), (group, p, buf, len, ctx)) \ -DEFINEFUNC(const char *, OBJ_nid2sn, (int n), (n)) \ -DEFINEFUNC(GO_EC_GROUP_PTR, EC_GROUP_new_by_curve_name, (int nid), (nid)) \ -DEFINEFUNC(void, EC_GROUP_free, (GO_EC_GROUP_PTR group), (group)) \ -DEFINEFUNC_3_0(GO_EVP_MAC_PTR, EVP_MAC_fetch, (GO_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties), (ctx, algorithm, properties)) \ -DEFINEFUNC_3_0(GO_EVP_MAC_CTX_PTR, EVP_MAC_CTX_new, (GO_EVP_MAC_PTR arg0), (arg0)) \ -DEFINEFUNC_3_0(int, EVP_MAC_CTX_set_params, (GO_EVP_MAC_CTX_PTR ctx, const GO_OSSL_PARAM_PTR params), (ctx, params)) \ -DEFINEFUNC_3_0(void, EVP_MAC_CTX_free, (GO_EVP_MAC_CTX_PTR arg0), (arg0)) \ -DEFINEFUNC_3_0(GO_EVP_MAC_CTX_PTR, EVP_MAC_CTX_dup, (const GO_EVP_MAC_CTX_PTR arg0), (arg0)) \ -DEFINEFUNC_3_0(int, EVP_MAC_init, (GO_EVP_MAC_CTX_PTR ctx, const unsigned char *key, size_t keylen, const GO_OSSL_PARAM_PTR params), (ctx, key, keylen, params)) \ -DEFINEFUNC_3_0(int, EVP_MAC_update, (GO_EVP_MAC_CTX_PTR ctx, const unsigned char *data, size_t datalen), (ctx, data, datalen)) \ -DEFINEFUNC_3_0(int, EVP_MAC_final, (GO_EVP_MAC_CTX_PTR ctx, unsigned char *out, size_t *outl, size_t outsize), (ctx, out, outl, outsize)) \ -DEFINEFUNC_3_0(void, OSSL_PARAM_free, (GO_OSSL_PARAM_PTR p), (p)) \ -DEFINEFUNC_3_0(GO_OSSL_PARAM_BLD_PTR, OSSL_PARAM_BLD_new, (void), ()) \ -DEFINEFUNC_3_0(void, OSSL_PARAM_BLD_free, (GO_OSSL_PARAM_BLD_PTR bld), (bld)) \ -DEFINEFUNC_3_0(GO_OSSL_PARAM_PTR, OSSL_PARAM_BLD_to_param, (GO_OSSL_PARAM_BLD_PTR bld), (bld)) \ -DEFINEFUNC_3_0(int, OSSL_PARAM_BLD_push_utf8_string, (GO_OSSL_PARAM_BLD_PTR bld, const char *key, const char *buf, size_t bsize), (bld, key, buf, bsize)) \ -DEFINEFUNC_3_0(int, OSSL_PARAM_BLD_push_octet_string, (GO_OSSL_PARAM_BLD_PTR bld, const char *key, const void *buf, size_t bsize), (bld, key, buf, bsize)) \ -DEFINEFUNC_3_0(int, OSSL_PARAM_BLD_push_BN, (GO_OSSL_PARAM_BLD_PTR bld, const char *key, const GO_BIGNUM_PTR bn), (bld, key, bn)) \ -DEFINEFUNC_3_0(int, OSSL_PARAM_BLD_push_int32, (GO_OSSL_PARAM_BLD_PTR bld, const char *key, int32_t num), (bld, key, num)) \ -DEFINEFUNC_3_0(int, EVP_PKEY_CTX_set_hkdf_mode, (GO_EVP_PKEY_CTX_PTR arg0, int arg1), (arg0, arg1)) \ -DEFINEFUNC_3_0(int, EVP_PKEY_CTX_set_hkdf_md, (GO_EVP_PKEY_CTX_PTR arg0, const GO_EVP_MD_PTR arg1), (arg0, arg1)) \ -DEFINEFUNC_3_0(int, EVP_PKEY_CTX_set1_hkdf_salt, (GO_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2), (arg0, arg1, arg2)) \ -DEFINEFUNC_3_0(int, EVP_PKEY_CTX_set1_hkdf_key, (GO_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2), (arg0, arg1, arg2)) \ -DEFINEFUNC_3_0(int, EVP_PKEY_CTX_add1_hkdf_info, (GO_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2), (arg0, arg1, arg2)) \ -DEFINEFUNC_3_0(int, EVP_PKEY_up_ref, (GO_EVP_PKEY_PTR key), (key)) \ -DEFINEFUNC_LEGACY_1(int, EVP_PKEY_set1_EC_KEY, (GO_EVP_PKEY_PTR pkey, GO_EC_KEY_PTR key), (pkey, key)) \ -DEFINEFUNC_3_0(int, EVP_PKEY_CTX_set0_rsa_oaep_label, (GO_EVP_PKEY_CTX_PTR ctx, void *label, int len), (ctx, label, len)) \ -DEFINEFUNC(int, PKCS5_PBKDF2_HMAC, (const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, const GO_EVP_MD_PTR digest, int keylen, unsigned char *out), (pass, passlen, salt, saltlen, iter, digest, keylen, out)) \ -DEFINEFUNC_1_1_1(int, EVP_PKEY_get_raw_public_key, (const GO_EVP_PKEY_PTR pkey, unsigned char *pub, size_t *len), (pkey, pub, len)) \ -DEFINEFUNC_1_1_1(int, EVP_PKEY_get_raw_private_key, (const GO_EVP_PKEY_PTR pkey, unsigned char *priv, size_t *len), (pkey, priv, len)) \ -DEFINEFUNC_3_0(GO_EVP_SIGNATURE_PTR, EVP_SIGNATURE_fetch, (GO_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties), (ctx, algorithm, properties)) \ -DEFINEFUNC_3_0(void, EVP_SIGNATURE_free, (GO_EVP_SIGNATURE_PTR signature), (signature)) \ -DEFINEFUNC_LEGACY_1(GO_DSA_PTR, DSA_new, (void), ()) \ -DEFINEFUNC_LEGACY_1(void, DSA_free, (GO_DSA_PTR r), (r)) \ -DEFINEFUNC_LEGACY_1(int, DSA_generate_key, (GO_DSA_PTR a), (a)) \ -DEFINEFUNC_LEGACY_1_1(void, DSA_get0_pqg, (const GO_DSA_PTR d, const GO_BIGNUM_PTR *p, const GO_BIGNUM_PTR *q, const GO_BIGNUM_PTR *g), (d, p, q, g)) \ -DEFINEFUNC_LEGACY_1_1(int, DSA_set0_pqg, (GO_DSA_PTR d, GO_BIGNUM_PTR p, GO_BIGNUM_PTR q, GO_BIGNUM_PTR g), (d, p, q, g)) \ -DEFINEFUNC_LEGACY_1_1(void, DSA_get0_key, (const GO_DSA_PTR d, const GO_BIGNUM_PTR *pub_key, const GO_BIGNUM_PTR *priv_key), (d, pub_key, priv_key)) \ -DEFINEFUNC_LEGACY_1_1(int, DSA_set0_key, (GO_DSA_PTR d, GO_BIGNUM_PTR pub_key, GO_BIGNUM_PTR priv_key), (d, pub_key, priv_key)) \ -DEFINEFUNC_3_0(GO_EVP_KDF_PTR, EVP_KDF_fetch, (GO_OSSL_LIB_CTX_PTR libctx, const char *algorithm, const char *properties), (libctx, algorithm, properties)) \ -DEFINEFUNC_3_0(void, EVP_KDF_free, (GO_EVP_KDF_PTR kdf), (kdf)) \ -DEFINEFUNC_3_0(GO_EVP_KDF_CTX_PTR, EVP_KDF_CTX_new, (GO_EVP_KDF_PTR kdf), (kdf)) \ -DEFINEFUNC_3_0(int, EVP_KDF_CTX_set_params, (GO_EVP_KDF_CTX_PTR ctx, const GO_OSSL_PARAM_PTR params), (ctx, params)) \ -DEFINEFUNC_3_0(void, EVP_KDF_CTX_free, (GO_EVP_KDF_CTX_PTR ctx), (ctx)) \ -DEFINEFUNC_3_0(size_t, EVP_KDF_CTX_get_kdf_size, (GO_EVP_KDF_CTX_PTR ctx), (ctx)) \ -DEFINEFUNC_3_0(int, EVP_KDF_derive, (GO_EVP_KDF_CTX_PTR ctx, unsigned char *key, size_t keylen, const GO_OSSL_PARAM_PTR params), (ctx, key, keylen, params)) \ +enum { + _POINT_CONVERSION_UNCOMPRESSED = 4, + + _OPENSSL_INIT_LOAD_CRYPTO_STRINGS = 0x00000002, + _OPENSSL_INIT_ADD_ALL_CIPHERS = 0x00000004, + _OPENSSL_INIT_ADD_ALL_DIGESTS = 0x00000008, + _OPENSSL_INIT_LOAD_CONFIG = 0x00000040, + + _EVP_CTRL_GCM_GET_TAG = 0x10, + _EVP_CTRL_GCM_SET_TAG = 0x11, + _EVP_PKEY_CTRL_MD = 1, + _EVP_PKEY_RSA = 6, + _EVP_PKEY_EC = 408, + _EVP_PKEY_TLS1_PRF = 1021, + _EVP_PKEY_HKDF = 1036, + _EVP_PKEY_ED25519 = 1087, + _EVP_PKEY_DSA = 116, + _EVP_PKEY_OP_DERIVE = (1 << 10), // this value differs between OpenSSL 1 and 3, but we only use it in 1 + _EVP_MAX_MD_SIZE = 64, + + _EVP_PKEY_PUBLIC_KEY = 0x86, + _EVP_PKEY_KEYPAIR = 0x87, + + _EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID = 0x1001, + + _EVP_KDF_HKDF_MODE_EXTRACT_ONLY = 1, + _EVP_KDF_HKDF_MODE_EXPAND_ONLY = 2, + + _EVP_PKEY_CTRL_TLS_MD = 0x1000, + _EVP_PKEY_CTRL_TLS_SECRET = 0x1001, + _EVP_PKEY_CTRL_TLS_SEED = 0x1002, + _EVP_PKEY_CTRL_HKDF_MD = 0x1003, + _EVP_PKEY_CTRL_HKDF_SALT = 0x1004, + _EVP_PKEY_CTRL_HKDF_KEY = 0x1005, + _EVP_PKEY_CTRL_HKDF_INFO = 0x1006, + _EVP_PKEY_CTRL_HKDF_MODE = 0x1007, + + _NID_X9_62_prime256v1 = 415, + _NID_secp224r1 = 713, + _NID_secp384r1 = 715, + _NID_secp521r1 = 716, + + _RSA_PKCS1_PADDING = 1, + _RSA_NO_PADDING = 3, + _RSA_PKCS1_OAEP_PADDING = 4, + _RSA_PKCS1_PSS_PADDING = 6, + _RSA_PSS_SALTLEN_DIGEST = -1, + _RSA_PSS_SALTLEN_AUTO = -2, + _RSA_PSS_SALTLEN_MAX_SIGN = -2, + _RSA_PSS_SALTLEN_MAX = -3, + _EVP_PKEY_CTRL_RSA_PADDING = 0x1001, + _EVP_PKEY_CTRL_RSA_PSS_SALTLEN = 0x1002, + _EVP_PKEY_CTRL_RSA_KEYGEN_BITS = 0x1003, + _EVP_PKEY_CTRL_RSA_MGF1_MD = 0x1005, + _EVP_PKEY_CTRL_RSA_OAEP_MD = 0x1009, + _EVP_PKEY_CTRL_RSA_OAEP_LABEL = 0x100A, + _EVP_PKEY_CTRL_DSA_PARAMGEN_BITS = 0x1001, + _EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS = 0x1002, +}; + +typedef void* _OPENSSL_INIT_SETTINGS_PTR; +typedef void* _OSSL_LIB_CTX_PTR; +typedef void* _OSSL_PROVIDER_PTR; +typedef void* _ENGINE_PTR; +typedef void* _EVP_PKEY_PTR; +typedef void* _EVP_PKEY_CTX_PTR; +typedef void* _EVP_MD_PTR; +typedef void* _EVP_MD_CTX_PTR; +typedef void* _HMAC_CTX_PTR; +typedef void* _EVP_CIPHER_PTR; +typedef void* _EVP_CIPHER_CTX_PTR; +typedef void* _EC_KEY_PTR; +typedef void* _EC_POINT_PTR; +typedef void* _EC_GROUP_PTR; +typedef void* _RSA_PTR; +typedef void* _BIGNUM_PTR; +typedef void* _BN_CTX_PTR; +typedef void* _EVP_MAC_PTR; +typedef void* _EVP_MAC_CTX_PTR; +typedef void* _OSSL_PARAM_BLD_PTR; +typedef void* _OSSL_PARAM_PTR; +typedef void* _EVP_SIGNATURE_PTR; +typedef void* _DSA_PTR; +typedef void* _EVP_KDF_PTR; +typedef void* _EVP_KDF_CTX_PTR; +typedef int point_conversion_form_t; + +// Tags used by mkcgo to determine which OpenSSL version each function is available in: +// - no tag: OpenSSL 1.0 or later +// - legacy_1: Only OpenSSL 1 +// - 3: OpenSSL 3.0 or later +// - 111: OpenSSL 1.1.1 or later + +// ERR API +void ERR_error_string_n(unsigned long e, char *buf, size_t len); +void ERR_clear_error(void); +unsigned long ERR_get_error_line(const char **file, int *line) __attribute__((tag("legacy_1"))); +unsigned long ERR_get_error_all(const char **file, int *line, const char **func, const char **data, int *flags) __attribute__((tag("3"))); + +// OPENSSL API +const char *OpenSSL_version(int type); +void OPENSSL_init(void); +int OPENSSL_init_crypto(uint64_t ops, const _OPENSSL_INIT_SETTINGS_PTR settings); + +// CRYPTO API +void *CRYPTO_malloc(size_t num, const char *file, int line); +void CRYPTO_free(void *str, const char *file, int line); + +// FIPS API +int FIPS_mode(void) __attribute__((tag("legacy_1"))); +int FIPS_mode_set(int r) __attribute__((tag("legacy_1"))); + +// EVP Config API +int EVP_default_properties_is_fips_enabled(_OSSL_LIB_CTX_PTR libctx) __attribute__((tag("3"))); +int EVP_default_properties_enable_fips(_OSSL_LIB_CTX_PTR libctx, int enable) __attribute__((tag("3"))); + +// OSSL_PROVIDER API +int OSSL_PROVIDER_available(_OSSL_LIB_CTX_PTR libctx, const char *name) __attribute__((tag("3"))); +_OSSL_PROVIDER_PTR OSSL_PROVIDER_try_load(_OSSL_LIB_CTX_PTR libctx, const char *name, int retain_fallbacks) __attribute__((tag("3"))); +const char *OSSL_PROVIDER_get0_name(const _OSSL_PROVIDER_PTR prov) __attribute__((tag("3"))); + +// RAND API +int RAND_bytes(unsigned char *arg0, int arg1); + +// EVP_MD API +_EVP_MD_PTR EVP_MD_fetch(_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); +void EVP_MD_free(_EVP_MD_PTR md) __attribute__((tag("3"))); +const char *EVP_MD_get0_name(const _EVP_MD_PTR md) __attribute__((tag("3"))); +int EVP_MD_get_type(const _EVP_MD_PTR md) __attribute__((tag("3"))); +const _OSSL_PROVIDER_PTR EVP_MD_get0_provider(const _EVP_MD_PTR md) __attribute__((tag("3"))); +int EVP_MD_get_size(const _EVP_MD_PTR md) __attribute__((tag("3"),tag("legacy_1","EVP_MD_size"))); +int EVP_MD_get_block_size(const _EVP_MD_PTR md) __attribute__((tag("3"),tag("legacy_1","EVP_MD_block_size"))); +const _EVP_MD_PTR EVP_md5_sha1(void); +const _EVP_MD_PTR EVP_ripemd160(void); +const _EVP_MD_PTR EVP_md4(void); +const _EVP_MD_PTR EVP_md5(void); +const _EVP_MD_PTR EVP_sha1(void); +const _EVP_MD_PTR EVP_sha224(void); +const _EVP_MD_PTR EVP_sha256(void); +const _EVP_MD_PTR EVP_sha384(void); +const _EVP_MD_PTR EVP_sha512(void); +const _EVP_MD_PTR EVP_sha512_224(void) __attribute__((tag("111"))); +const _EVP_MD_PTR EVP_sha512_256(void) __attribute__((tag("111"))); +const _EVP_MD_PTR EVP_sha3_224(void) __attribute__((tag("111"))); +const _EVP_MD_PTR EVP_sha3_256(void) __attribute__((tag("111"))); +const _EVP_MD_PTR EVP_sha3_384(void) __attribute__((tag("111"))); +const _EVP_MD_PTR EVP_sha3_512(void) __attribute__((tag("111"))); + +_EVP_MD_CTX_PTR EVP_MD_CTX_new(void); +void EVP_MD_CTX_free(_EVP_MD_CTX_PTR ctx); +int EVP_MD_CTX_copy(_EVP_MD_CTX_PTR out, const _EVP_MD_CTX_PTR in); +int EVP_MD_CTX_copy_ex(_EVP_MD_CTX_PTR out, const _EVP_MD_CTX_PTR in); +int EVP_Digest(const void *data, size_t count, unsigned char *md, unsigned int *size, const _EVP_MD_PTR type, _ENGINE_PTR impl); +int EVP_DigestInit_ex(_EVP_MD_CTX_PTR ctx, const _EVP_MD_PTR type, _ENGINE_PTR impl); +int EVP_DigestInit(_EVP_MD_CTX_PTR ctx, const _EVP_MD_PTR type); +int EVP_DigestUpdate(_EVP_MD_CTX_PTR ctx, const void *d, size_t cnt); +int EVP_DigestFinal_ex(_EVP_MD_CTX_PTR ctx, unsigned char *md, unsigned int *s); +int EVP_DigestSign(_EVP_MD_CTX_PTR ctx, unsigned char *sigret, size_t *siglen, const unsigned char *tbs, size_t tbslen) __attribute__((tag("111"))); +int EVP_DigestSignInit(_EVP_MD_CTX_PTR ctx, _EVP_PKEY_CTX_PTR *pctx, const _EVP_MD_PTR type, _ENGINE_PTR e, _EVP_PKEY_PTR pkey); +int EVP_DigestSignFinal(_EVP_MD_CTX_PTR ctx, unsigned char *sig, size_t *siglen); +int EVP_DigestVerifyInit(_EVP_MD_CTX_PTR ctx, _EVP_PKEY_CTX_PTR *pctx, const _EVP_MD_PTR type, _ENGINE_PTR e, _EVP_PKEY_PTR pkey); +int EVP_DigestVerifyFinal(_EVP_MD_CTX_PTR ctx, const unsigned char *sig, size_t siglen); +int EVP_DigestVerify(_EVP_MD_CTX_PTR ctx, const unsigned char *sigret, size_t siglen, const unsigned char *tbs, size_t tbslen) __attribute__((tag("111"))); + +// HMAC API +int HMAC_Init_ex(_HMAC_CTX_PTR arg0, const void *arg1, int arg2, const _EVP_MD_PTR arg3, _ENGINE_PTR arg4) __attribute__((tag("legacy_1"))); +int HMAC_Update(_HMAC_CTX_PTR arg0, const unsigned char *arg1, size_t arg2) __attribute__((tag("legacy_1"))); +int HMAC_Final(_HMAC_CTX_PTR arg0, unsigned char *arg1, unsigned int *arg2) __attribute__((tag("legacy_1"))); + +_HMAC_CTX_PTR HMAC_CTX_new(void) __attribute__((tag("legacy_1"))); +int HMAC_CTX_copy(_HMAC_CTX_PTR dest, _HMAC_CTX_PTR src) __attribute__((tag("legacy_1"))); +void HMAC_CTX_free(_HMAC_CTX_PTR arg0) __attribute__((tag("legacy_1"))); + +// EVP_CIPHER API +_EVP_CIPHER_PTR EVP_CIPHER_fetch(_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); +const char *EVP_CIPHER_get0_name(const _EVP_CIPHER_PTR cipher) __attribute__((tag("3"))); +const _EVP_CIPHER_PTR EVP_aes_128_gcm(void); +const _EVP_CIPHER_PTR EVP_aes_128_cbc(void); +const _EVP_CIPHER_PTR EVP_aes_128_ctr(void); +const _EVP_CIPHER_PTR EVP_aes_128_ecb(void); +const _EVP_CIPHER_PTR EVP_aes_192_gcm(void); +const _EVP_CIPHER_PTR EVP_aes_192_cbc(void); +const _EVP_CIPHER_PTR EVP_aes_192_ctr(void); +const _EVP_CIPHER_PTR EVP_aes_192_ecb(void); +const _EVP_CIPHER_PTR EVP_aes_256_cbc(void); +const _EVP_CIPHER_PTR EVP_aes_256_ctr(void); +const _EVP_CIPHER_PTR EVP_aes_256_ecb(void); +const _EVP_CIPHER_PTR EVP_aes_256_gcm(void); +const _EVP_CIPHER_PTR EVP_des_ecb(void); +const _EVP_CIPHER_PTR EVP_des_cbc(void); +const _EVP_CIPHER_PTR EVP_des_ede3_ecb(void); +const _EVP_CIPHER_PTR EVP_des_ede3_cbc(void); +const _EVP_CIPHER_PTR EVP_rc4(void); +int EVP_CIPHER_get_block_size(const _EVP_CIPHER_PTR cipher) __attribute__((tag("3"),tag("legacy_1","EVP_CIPHER_block_size"))); + +_EVP_CIPHER_CTX_PTR EVP_CIPHER_CTX_new(void); +int EVP_CIPHER_CTX_set_padding(_EVP_CIPHER_CTX_PTR x, int padding); +int EVP_CIPHER_CTX_set_key_length(_EVP_CIPHER_CTX_PTR x, int keylen); +void EVP_CIPHER_CTX_free(_EVP_CIPHER_CTX_PTR arg0); +int EVP_CIPHER_CTX_ctrl(_EVP_CIPHER_CTX_PTR ctx, int type, int arg, void *ptr); +int EVP_CipherInit_ex(_EVP_CIPHER_CTX_PTR ctx, const _EVP_CIPHER_PTR type, _ENGINE_PTR impl, const unsigned char *key, const unsigned char *iv, int enc); +int EVP_CipherUpdate(_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); +int EVP_EncryptInit_ex(_EVP_CIPHER_CTX_PTR ctx, const _EVP_CIPHER_PTR type, _ENGINE_PTR impl, const unsigned char *key, const unsigned char *iv); +int EVP_EncryptUpdate(_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); +int EVP_EncryptFinal_ex(_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl); +int EVP_DecryptInit_ex(_EVP_CIPHER_CTX_PTR ctx, const _EVP_CIPHER_PTR type, _ENGINE_PTR impl, const unsigned char *key, const unsigned char *iv); +int EVP_DecryptUpdate(_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); +int EVP_DecryptFinal_ex(_EVP_CIPHER_CTX_PTR ctx, unsigned char *outm, int *outl); + +// EVP_PKEY API +_EVP_PKEY_PTR EVP_PKEY_new(void); +_EVP_PKEY_PTR EVP_PKEY_new_raw_private_key(int type, _ENGINE_PTR e, const unsigned char *key, size_t keylen) __attribute__((tag("111"))); +_EVP_PKEY_PTR EVP_PKEY_new_raw_public_key(int type, _ENGINE_PTR e, const unsigned char *key, size_t keylen) __attribute__((tag("111"))); +int EVP_PKEY_get_size(const _EVP_PKEY_PTR pkey) __attribute__((tag("3"),tag("legacy_1","EVP_PKEY_size"))); +int EVP_PKEY_get_bits(const _EVP_PKEY_PTR pkey) __attribute__((tag("3"),tag("legacy_1","EVP_PKEY_bits"))); +void EVP_PKEY_free(_EVP_PKEY_PTR arg0); +_RSA_PTR EVP_PKEY_get1_RSA(_EVP_PKEY_PTR pkey) __attribute__((tag("legacy_1"))); +int EVP_PKEY_assign(_EVP_PKEY_PTR pkey, int type, void *key) __attribute__((tag("legacy_1"))); +_EC_KEY_PTR EVP_PKEY_get0_EC_KEY(_EVP_PKEY_PTR pkey) __attribute__((tag("legacy_1"))); +_DSA_PTR EVP_PKEY_get0_DSA(_EVP_PKEY_PTR pkey) __attribute__((tag("legacy_1"))); +int EVP_PKEY_set1_encoded_public_key(_EVP_PKEY_PTR pkey, const unsigned char *pub, size_t publen) __attribute__((tag("3"))); +size_t EVP_PKEY_get1_encoded_public_key(_EVP_PKEY_PTR pkey, unsigned char **ppub) __attribute__((tag("3"))); +int EVP_PKEY_get_bn_param(const _EVP_PKEY_PTR pkey, const char *key_name, _BIGNUM_PTR *bn) __attribute__((tag("3"))); +int EVP_PKEY_up_ref(_EVP_PKEY_PTR key) __attribute__((tag("3"))); +int EVP_PKEY_set1_EC_KEY(_EVP_PKEY_PTR pkey, _EC_KEY_PTR key) __attribute__((tag("legacy_1"))); +int EVP_PKEY_CTX_set0_rsa_oaep_label(_EVP_PKEY_CTX_PTR ctx, void *label, int len) __attribute__((tag("3"))); +int EVP_PKEY_get_raw_public_key(const _EVP_PKEY_PTR pkey, unsigned char *pub, size_t *len) __attribute__((tag("111"))); +int EVP_PKEY_get_raw_private_key(const _EVP_PKEY_PTR pkey, unsigned char *priv, size_t *len) __attribute__((tag("111"))); +int EVP_PKEY_fromdata_init(_EVP_PKEY_CTX_PTR ctx) __attribute__((tag("3"))); +int EVP_PKEY_fromdata(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR *pkey, int selection, _OSSL_PARAM_PTR params) __attribute__((tag("3"))); +int EVP_PKEY_paramgen_init(_EVP_PKEY_CTX_PTR ctx); +int EVP_PKEY_paramgen(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR *ppkey); +int EVP_PKEY_keygen_init(_EVP_PKEY_CTX_PTR ctx); +int EVP_PKEY_keygen(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR *ppkey); +int EVP_PKEY_decrypt(_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4); +int EVP_PKEY_encrypt(_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4); +int EVP_PKEY_decrypt_init(_EVP_PKEY_CTX_PTR arg0); +int EVP_PKEY_encrypt_init(_EVP_PKEY_CTX_PTR arg0); +int EVP_PKEY_sign_init(_EVP_PKEY_CTX_PTR arg0); +int EVP_PKEY_verify_init(_EVP_PKEY_CTX_PTR arg0); +int EVP_PKEY_sign(_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4); +int EVP_PKEY_verify(_EVP_PKEY_CTX_PTR ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_derive_init(_EVP_PKEY_CTX_PTR ctx); +int EVP_PKEY_derive_set_peer(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR peer); +int EVP_PKEY_derive(_EVP_PKEY_CTX_PTR ctx, unsigned char *key, size_t *keylen); +int EVP_PKEY_public_check_quick(_EVP_PKEY_CTX_PTR ctx) __attribute__((tag("3"))); +int EVP_PKEY_private_check(_EVP_PKEY_CTX_PTR ctx) __attribute__((tag("3"))); +_EVP_PKEY_PTR EVP_PKEY_Q_keygen(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type, ...) __attribute__((tag("3"))); +_EVP_PKEY_PTR EVP_PKEY_Q_keygen_RSA(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type, size_t arg1) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"))); +_EVP_PKEY_PTR EVP_PKEY_Q_keygen_EC(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type, const char *arg1) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"))); +_EVP_PKEY_PTR EVP_PKEY_Q_keygen_ED25519(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"))); + +_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new(_EVP_PKEY_PTR arg0, _ENGINE_PTR arg1); +_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new_id(int id, _ENGINE_PTR e); +_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new_from_pkey(_OSSL_LIB_CTX_PTR libctx, _EVP_PKEY_PTR pkey, const char *propquery) __attribute__((tag("3"))); +void EVP_PKEY_CTX_free(_EVP_PKEY_CTX_PTR arg0); +int EVP_PKEY_CTX_ctrl(_EVP_PKEY_CTX_PTR ctx, int keytype, int optype, int cmd, int p1, void *p2); +int EVP_PKEY_CTX_set_hkdf_mode(_EVP_PKEY_CTX_PTR arg0, int arg1) __attribute__((tag("3"))); +int EVP_PKEY_CTX_set_hkdf_md(_EVP_PKEY_CTX_PTR arg0, const _EVP_MD_PTR arg1) __attribute__((tag("3"))); +int EVP_PKEY_CTX_set1_hkdf_salt(_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2) __attribute__((tag("3"))); +int EVP_PKEY_CTX_set1_hkdf_key(_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2) __attribute__((tag("3"))); +int EVP_PKEY_CTX_add1_hkdf_info(_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2) __attribute__((tag("3"))); + +// RSA API +_RSA_PTR RSA_new(void) __attribute__((tag("legacy_1"))); +void RSA_free(_RSA_PTR arg0) __attribute__((tag("legacy_1"))); +int RSA_set0_factors(_RSA_PTR rsa, _BIGNUM_PTR p, _BIGNUM_PTR q) __attribute__((tag("legacy_1"))); +int RSA_set0_crt_params(_RSA_PTR rsa, _BIGNUM_PTR dmp1, _BIGNUM_PTR dmp2, _BIGNUM_PTR iqmp) __attribute__((tag("legacy_1"))); +void RSA_get0_crt_params(const _RSA_PTR r, const _BIGNUM_PTR *dmp1, const _BIGNUM_PTR *dmq1, const _BIGNUM_PTR *iqmp) __attribute__((tag("legacy_1"))); +int RSA_set0_key(_RSA_PTR r, _BIGNUM_PTR n, _BIGNUM_PTR e, _BIGNUM_PTR d) __attribute__((tag("legacy_1"))); +void RSA_get0_factors(const _RSA_PTR rsa, const _BIGNUM_PTR *p, const _BIGNUM_PTR *q) __attribute__((tag("legacy_1"))); +void RSA_get0_key(const _RSA_PTR rsa, const _BIGNUM_PTR *n, const _BIGNUM_PTR *e, const _BIGNUM_PTR *d) __attribute__((tag("legacy_1"))); + +// BIGNUM API +_BIGNUM_PTR BN_new(void); +void BN_free(_BIGNUM_PTR arg0); +void BN_clear(_BIGNUM_PTR arg0); +void BN_clear_free(_BIGNUM_PTR arg0); +int BN_num_bits(const _BIGNUM_PTR arg0); +_BIGNUM_PTR BN_bin2bn(const unsigned char *arg0, int arg1, _BIGNUM_PTR arg2); +_BIGNUM_PTR BN_lebin2bn(const unsigned char *s, int len, _BIGNUM_PTR ret); +int BN_bn2lebinpad(const _BIGNUM_PTR a, unsigned char *to, int tolen); +int BN_bn2binpad(const _BIGNUM_PTR a, unsigned char *to, int tolen); + +// EC API +int EC_KEY_set_public_key_affine_coordinates(_EC_KEY_PTR key, _BIGNUM_PTR x, _BIGNUM_PTR y) __attribute__((tag("legacy_1"))); +int EC_KEY_set_public_key(_EC_KEY_PTR key, const _EC_POINT_PTR pub) __attribute__((tag("legacy_1"))); +void EC_KEY_free(_EC_KEY_PTR arg0) __attribute__((tag("legacy_1"))); +const _EC_GROUP_PTR EC_KEY_get0_group(const _EC_KEY_PTR arg0) __attribute__((tag("legacy_1"))); +const _BIGNUM_PTR EC_KEY_get0_private_key(const _EC_KEY_PTR arg0) __attribute__((tag("legacy_1"))); +const _EC_POINT_PTR EC_KEY_get0_public_key(const _EC_KEY_PTR arg0) __attribute__((tag("legacy_1"))); +_EC_KEY_PTR EC_KEY_new_by_curve_name(int arg0) __attribute__((tag("legacy_1"))); +int EC_KEY_set_private_key(_EC_KEY_PTR arg0, const _BIGNUM_PTR arg1) __attribute__((tag("legacy_1"))); +int EC_KEY_check_key(const _EC_KEY_PTR key) __attribute__((tag("legacy_1"))); +_EC_POINT_PTR EC_POINT_new(const _EC_GROUP_PTR arg0); +void EC_POINT_free(_EC_POINT_PTR arg0); +int EC_POINT_mul(const _EC_GROUP_PTR group, _EC_POINT_PTR r, const _BIGNUM_PTR n, const _EC_POINT_PTR q, const _BIGNUM_PTR m, _BN_CTX_PTR ctx); +int EC_POINT_get_affine_coordinates_GFp(const _EC_GROUP_PTR arg0, const _EC_POINT_PTR arg1, _BIGNUM_PTR arg2, _BIGNUM_PTR arg3, _BN_CTX_PTR arg4) __attribute__((tag("legacy_1"))); +int EC_POINT_set_affine_coordinates(const _EC_GROUP_PTR arg0, _EC_POINT_PTR arg1, const _BIGNUM_PTR arg2, const _BIGNUM_PTR arg3, _BN_CTX_PTR arg4) __attribute__((tag("3"))); +size_t EC_POINT_point2oct(const _EC_GROUP_PTR group, const _EC_POINT_PTR p, point_conversion_form_t form, unsigned char *buf, size_t len, _BN_CTX_PTR ctx); +int EC_POINT_oct2point(const _EC_GROUP_PTR group, _EC_POINT_PTR p, const unsigned char *buf, size_t len, _BN_CTX_PTR ctx); +_EC_GROUP_PTR EC_GROUP_new_by_curve_name(int nid); +void EC_GROUP_free(_EC_GROUP_PTR group); + +// EVP_MAC API +_EVP_MAC_PTR EVP_MAC_fetch(_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); +_EVP_MAC_CTX_PTR EVP_MAC_CTX_new(_EVP_MAC_PTR arg0) __attribute__((tag("3"))); +int EVP_MAC_CTX_set_params(_EVP_MAC_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); +void EVP_MAC_CTX_free(_EVP_MAC_CTX_PTR arg0) __attribute__((tag("3"))); +_EVP_MAC_CTX_PTR EVP_MAC_CTX_dup(const _EVP_MAC_CTX_PTR arg0) __attribute__((tag("3"))); +int EVP_MAC_init(_EVP_MAC_CTX_PTR ctx, const unsigned char *key, size_t keylen, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); +int EVP_MAC_update(_EVP_MAC_CTX_PTR ctx, const unsigned char *data, size_t datalen) __attribute__((tag("3"))); +int EVP_MAC_final(_EVP_MAC_CTX_PTR ctx, unsigned char *out, size_t *outl, size_t outsize) __attribute__((tag("3"))); + +// OSSL_PARAM API +void OSSL_PARAM_free(_OSSL_PARAM_PTR p) __attribute__((tag("3"))); +_OSSL_PARAM_BLD_PTR OSSL_PARAM_BLD_new(void) __attribute__((tag("3"))); +void OSSL_PARAM_BLD_free(_OSSL_PARAM_BLD_PTR bld) __attribute__((tag("3"))); +_OSSL_PARAM_PTR OSSL_PARAM_BLD_to_param(_OSSL_PARAM_BLD_PTR bld) __attribute__((tag("3"))); +int OSSL_PARAM_BLD_push_utf8_string(_OSSL_PARAM_BLD_PTR bld, const char *key, const char *buf, size_t bsize) __attribute__((tag("3"))); +int OSSL_PARAM_BLD_push_octet_string(_OSSL_PARAM_BLD_PTR bld, const char *key, const void *buf, size_t bsize) __attribute__((tag("3"))); +int OSSL_PARAM_BLD_push_BN(_OSSL_PARAM_BLD_PTR bld, const char *key, const _BIGNUM_PTR bn) __attribute__((tag("3"))); +int OSSL_PARAM_BLD_push_int32(_OSSL_PARAM_BLD_PTR bld, const char *key, int32_t num) __attribute__((tag("3"))); + +// EVP_SIGNATURE API +_EVP_SIGNATURE_PTR EVP_SIGNATURE_fetch(_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); +void EVP_SIGNATURE_free(_EVP_SIGNATURE_PTR signature) __attribute__((tag("3"))); + +// DSA API +_DSA_PTR DSA_new(void) __attribute__((tag("legacy_1"))); +void DSA_free(_DSA_PTR r) __attribute__((tag("legacy_1"))); +int DSA_generate_key(_DSA_PTR a) __attribute__((tag("legacy_1"))); +void DSA_get0_pqg(const _DSA_PTR d, const _BIGNUM_PTR *p, const _BIGNUM_PTR *q, const _BIGNUM_PTR *g) __attribute__((tag("legacy_1"))); +int DSA_set0_pqg(_DSA_PTR d, _BIGNUM_PTR p, _BIGNUM_PTR q, _BIGNUM_PTR g) __attribute__((tag("legacy_1"))); +void DSA_get0_key(const _DSA_PTR d, const _BIGNUM_PTR *pub_key, const _BIGNUM_PTR *priv_key) __attribute__((tag("legacy_1"))); +int DSA_set0_key(_DSA_PTR d, _BIGNUM_PTR pub_key, _BIGNUM_PTR priv_key) __attribute__((tag("legacy_1"))); + +// EVP_KDF API +_EVP_KDF_PTR EVP_KDF_fetch(_OSSL_LIB_CTX_PTR libctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); +void EVP_KDF_free(_EVP_KDF_PTR kdf) __attribute__((tag("3"))); +_EVP_KDF_CTX_PTR EVP_KDF_CTX_new(_EVP_KDF_PTR kdf) __attribute__((tag("3"))); +int EVP_KDF_CTX_set_params(_EVP_KDF_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); +void EVP_KDF_CTX_free(_EVP_KDF_CTX_PTR ctx) __attribute__((tag("3"))); +size_t EVP_KDF_CTX_get_kdf_size(_EVP_KDF_CTX_PTR ctx) __attribute__((tag("3"))); +int EVP_KDF_derive(_EVP_KDF_CTX_PTR ctx, unsigned char *key, size_t keylen, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); +int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, const _EVP_MD_PTR digest, int keylen, unsigned char *out); + +// OBJ API +const char *OBJ_nid2sn(int n); diff --git a/tls1prf.go b/tls1prf.go index fb324564..2b0c3112 100644 --- a/tls1prf.go +++ b/tls1prf.go @@ -2,7 +2,6 @@ package openssl -// #include "goopenssl.h" import "C" import ( "crypto" @@ -28,7 +27,7 @@ func SupportsTLS1PRF() bool { // else it implements the TLS 1.2 pseudo-random function. // The pseudo-random number will be written to result and will be of length len(result). func TLS1PRF(result, secret, label, seed []byte, fh func() hash.Hash) error { - var md C.GO_EVP_MD_PTR + var md _EVP_MD_PTR if fh == nil { // TLS 1.0/1.1 PRF doesn't allow to specify the hash function, // it always uses MD5SHA1. If h is nil, then assume @@ -58,53 +57,53 @@ func TLS1PRF(result, secret, label, seed []byte, fh func() hash.Hash) error { } // tls1PRF1 implements TLS1PRF for OpenSSL 1 using the EVP_PKEY API. -func tls1PRF1(result, secret, label, seed []byte, md C.GO_EVP_MD_PTR) error { +func tls1PRF1(result, secret, label, seed []byte, md _EVP_MD_PTR) error { checkMajorVersion(1) - ctx := C.go_openssl_EVP_PKEY_CTX_new_id(_EVP_PKEY_TLS1_PRF, nil) + ctx := go_openssl_EVP_PKEY_CTX_new_id(_EVP_PKEY_TLS1_PRF, nil) if ctx == nil { return newOpenSSLError("EVP_PKEY_CTX_new_id") } defer func() { - C.go_openssl_EVP_PKEY_CTX_free(ctx) + go_openssl_EVP_PKEY_CTX_free(ctx) }() - if C.go_openssl_EVP_PKEY_derive_init(ctx) != 1 { + if go_openssl_EVP_PKEY_derive_init(ctx) != 1 { return newOpenSSLError("EVP_PKEY_derive_init") } - if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, + if go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, _EVP_PKEY_OP_DERIVE, _EVP_PKEY_CTRL_TLS_MD, 0, unsafe.Pointer(md)) != 1 { return newOpenSSLError("EVP_PKEY_CTX_set_tls1_prf_md") } - if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, + if go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, _EVP_PKEY_OP_DERIVE, _EVP_PKEY_CTRL_TLS_SECRET, - C.int(len(secret)), unsafe.Pointer(base(secret))) != 1 { + int32(len(secret)), unsafe.Pointer(base(secret))) != 1 { return newOpenSSLError("EVP_PKEY_CTX_set1_tls1_prf_secret") } - if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, + if go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, _EVP_PKEY_OP_DERIVE, _EVP_PKEY_CTRL_TLS_SEED, - C.int(len(label)), unsafe.Pointer(base(label))) != 1 { + int32(len(label)), unsafe.Pointer(base(label))) != 1 { return newOpenSSLError("EVP_PKEY_CTX_add1_tls1_prf_seed") } - if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, + if go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, _EVP_PKEY_OP_DERIVE, _EVP_PKEY_CTRL_TLS_SEED, - C.int(len(seed)), unsafe.Pointer(base(seed))) != 1 { + int32(len(seed)), unsafe.Pointer(base(seed))) != 1 { return newOpenSSLError("EVP_PKEY_CTX_add1_tls1_prf_seed") } - outLen := C.size_t(len(result)) - if C.go_openssl_EVP_PKEY_derive(ctx, base(result), &outLen) != 1 { + outLen := len(result) + if go_openssl_EVP_PKEY_derive(ctx, base(result), &outLen) != 1 { return newOpenSSLError("EVP_PKEY_derive") } // The Go standard library expects TLS1PRF to return the requested number of bytes, // fail if it doesn't. While there is no known situation where this will happen, // EVP_PKEY_derive handles multiple algorithms and there could be a subtle mismatch // after more code changes in the future. - if outLen != C.size_t(len(result)) { + if outLen != len(result) { return errors.New("tls1-prf: derived less bytes than requested") } return nil @@ -113,10 +112,10 @@ func tls1PRF1(result, secret, label, seed []byte, md C.GO_EVP_MD_PTR) error { // fetchTLS1PRF3 fetches the TLS1-PRF KDF algorithm. // It is safe to call this function concurrently. // The returned EVP_KDF_PTR shouldn't be freed. -var fetchTLS1PRF3 = sync.OnceValues(func() (C.GO_EVP_KDF_PTR, error) { +var fetchTLS1PRF3 = sync.OnceValues(func() (_EVP_KDF_PTR, error) { checkMajorVersion(3) - kdf := C.go_openssl_EVP_KDF_fetch(nil, _OSSL_KDF_NAME_TLS1_PRF.ptr(), nil) + kdf := go_openssl_EVP_KDF_fetch(nil, _OSSL_KDF_NAME_TLS1_PRF.ptr(), nil) if kdf == nil { return nil, newOpenSSLError("EVP_KDF_fetch") } @@ -124,24 +123,24 @@ var fetchTLS1PRF3 = sync.OnceValues(func() (C.GO_EVP_KDF_PTR, error) { }) // tls1PRF3 implements TLS1PRF for OpenSSL 3 using the EVP_KDF API. -func tls1PRF3(result, secret, label, seed []byte, md C.GO_EVP_MD_PTR) error { +func tls1PRF3(result, secret, label, seed []byte, md _EVP_MD_PTR) error { checkMajorVersion(3) kdf, err := fetchTLS1PRF3() if err != nil { return err } - ctx := C.go_openssl_EVP_KDF_CTX_new(kdf) + ctx := go_openssl_EVP_KDF_CTX_new(kdf) if ctx == nil { return newOpenSSLError("EVP_KDF_CTX_new") } - defer C.go_openssl_EVP_KDF_CTX_free(ctx) + defer go_openssl_EVP_KDF_CTX_free(ctx) bld, err := newParamBuilder() if err != nil { return err } - bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, C.go_openssl_EVP_MD_get0_name(md), 0) + bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, go_openssl_EVP_MD_get0_name(md), 0) bld.addOctetString(_OSSL_KDF_PARAM_SECRET, secret) bld.addOctetString(_OSSL_KDF_PARAM_SEED, label) bld.addOctetString(_OSSL_KDF_PARAM_SEED, seed) @@ -149,9 +148,9 @@ func tls1PRF3(result, secret, label, seed []byte, md C.GO_EVP_MD_PTR) error { if err != nil { return err } - defer C.go_openssl_OSSL_PARAM_free(params) + defer go_openssl_OSSL_PARAM_free(params) - if C.go_openssl_EVP_KDF_derive(ctx, base(result), C.size_t(len(result)), params) != 1 { + if go_openssl_EVP_KDF_derive(ctx, base(result), len(result), params) != 1 { return newOpenSSLError("EVP_KDF_derive") } return nil diff --git a/zossl.c b/zossl.c new file mode 100644 index 00000000..51f99735 --- /dev/null +++ b/zossl.c @@ -0,0 +1,1312 @@ +// Code generated by mkcgo. DO NOT EDIT. + +#include "shims.h" +#include +#include +#include +#include + +#ifdef _WIN32 +#include +#define dlsym GetProcAddress +#else +#include +#endif + +#define __mkcgo__funcptr(name) typeof(name) *_g_##name; + +__mkcgo__funcptr(BN_bin2bn); +__mkcgo__funcptr(BN_bn2binpad); +__mkcgo__funcptr(BN_bn2lebinpad); +__mkcgo__funcptr(BN_clear); +__mkcgo__funcptr(BN_clear_free); +__mkcgo__funcptr(BN_free); +__mkcgo__funcptr(BN_lebin2bn); +__mkcgo__funcptr(BN_new); +__mkcgo__funcptr(BN_num_bits); +__mkcgo__funcptr(CRYPTO_free); +__mkcgo__funcptr(CRYPTO_malloc); +__mkcgo__funcptr(DSA_free); +__mkcgo__funcptr(DSA_generate_key); +__mkcgo__funcptr(DSA_get0_key); +__mkcgo__funcptr(DSA_get0_pqg); +__mkcgo__funcptr(DSA_new); +__mkcgo__funcptr(DSA_set0_key); +__mkcgo__funcptr(DSA_set0_pqg); +__mkcgo__funcptr(EC_GROUP_free); +__mkcgo__funcptr(EC_GROUP_new_by_curve_name); +__mkcgo__funcptr(EC_KEY_check_key); +__mkcgo__funcptr(EC_KEY_free); +__mkcgo__funcptr(EC_KEY_get0_group); +__mkcgo__funcptr(EC_KEY_get0_private_key); +__mkcgo__funcptr(EC_KEY_get0_public_key); +__mkcgo__funcptr(EC_KEY_new_by_curve_name); +__mkcgo__funcptr(EC_KEY_set_private_key); +__mkcgo__funcptr(EC_KEY_set_public_key); +__mkcgo__funcptr(EC_KEY_set_public_key_affine_coordinates); +__mkcgo__funcptr(EC_POINT_free); +__mkcgo__funcptr(EC_POINT_get_affine_coordinates_GFp); +__mkcgo__funcptr(EC_POINT_mul); +__mkcgo__funcptr(EC_POINT_new); +__mkcgo__funcptr(EC_POINT_oct2point); +__mkcgo__funcptr(EC_POINT_point2oct); +__mkcgo__funcptr(EC_POINT_set_affine_coordinates); +__mkcgo__funcptr(ERR_clear_error); +__mkcgo__funcptr(ERR_error_string_n); +__mkcgo__funcptr(ERR_get_error_all); +__mkcgo__funcptr(ERR_get_error_line); +__mkcgo__funcptr(EVP_CIPHER_CTX_ctrl); +__mkcgo__funcptr(EVP_CIPHER_CTX_free); +__mkcgo__funcptr(EVP_CIPHER_CTX_new); +__mkcgo__funcptr(EVP_CIPHER_CTX_set_key_length); +__mkcgo__funcptr(EVP_CIPHER_CTX_set_padding); +__mkcgo__funcptr(EVP_CIPHER_fetch); +__mkcgo__funcptr(EVP_CIPHER_get0_name); +__mkcgo__funcptr(EVP_CIPHER_get_block_size); +__mkcgo__funcptr(EVP_CipherInit_ex); +__mkcgo__funcptr(EVP_CipherUpdate); +__mkcgo__funcptr(EVP_DecryptFinal_ex); +__mkcgo__funcptr(EVP_DecryptInit_ex); +__mkcgo__funcptr(EVP_DecryptUpdate); +__mkcgo__funcptr(EVP_Digest); +__mkcgo__funcptr(EVP_DigestFinal_ex); +__mkcgo__funcptr(EVP_DigestInit); +__mkcgo__funcptr(EVP_DigestInit_ex); +__mkcgo__funcptr(EVP_DigestSign); +__mkcgo__funcptr(EVP_DigestSignFinal); +__mkcgo__funcptr(EVP_DigestSignInit); +__mkcgo__funcptr(EVP_DigestUpdate); +__mkcgo__funcptr(EVP_DigestVerify); +__mkcgo__funcptr(EVP_DigestVerifyFinal); +__mkcgo__funcptr(EVP_DigestVerifyInit); +__mkcgo__funcptr(EVP_EncryptFinal_ex); +__mkcgo__funcptr(EVP_EncryptInit_ex); +__mkcgo__funcptr(EVP_EncryptUpdate); +__mkcgo__funcptr(EVP_KDF_CTX_free); +__mkcgo__funcptr(EVP_KDF_CTX_get_kdf_size); +__mkcgo__funcptr(EVP_KDF_CTX_new); +__mkcgo__funcptr(EVP_KDF_CTX_set_params); +__mkcgo__funcptr(EVP_KDF_derive); +__mkcgo__funcptr(EVP_KDF_fetch); +__mkcgo__funcptr(EVP_KDF_free); +__mkcgo__funcptr(EVP_MAC_CTX_dup); +__mkcgo__funcptr(EVP_MAC_CTX_free); +__mkcgo__funcptr(EVP_MAC_CTX_new); +__mkcgo__funcptr(EVP_MAC_CTX_set_params); +__mkcgo__funcptr(EVP_MAC_fetch); +__mkcgo__funcptr(EVP_MAC_final); +__mkcgo__funcptr(EVP_MAC_init); +__mkcgo__funcptr(EVP_MAC_update); +__mkcgo__funcptr(EVP_MD_CTX_copy); +__mkcgo__funcptr(EVP_MD_CTX_copy_ex); +__mkcgo__funcptr(EVP_MD_CTX_free); +__mkcgo__funcptr(EVP_MD_CTX_new); +__mkcgo__funcptr(EVP_MD_fetch); +__mkcgo__funcptr(EVP_MD_free); +__mkcgo__funcptr(EVP_MD_get0_name); +__mkcgo__funcptr(EVP_MD_get0_provider); +__mkcgo__funcptr(EVP_MD_get_block_size); +__mkcgo__funcptr(EVP_MD_get_size); +__mkcgo__funcptr(EVP_MD_get_type); +__mkcgo__funcptr(EVP_PKEY_CTX_add1_hkdf_info); +__mkcgo__funcptr(EVP_PKEY_CTX_ctrl); +__mkcgo__funcptr(EVP_PKEY_CTX_free); +__mkcgo__funcptr(EVP_PKEY_CTX_new); +__mkcgo__funcptr(EVP_PKEY_CTX_new_from_pkey); +__mkcgo__funcptr(EVP_PKEY_CTX_new_id); +__mkcgo__funcptr(EVP_PKEY_CTX_set0_rsa_oaep_label); +__mkcgo__funcptr(EVP_PKEY_CTX_set1_hkdf_key); +__mkcgo__funcptr(EVP_PKEY_CTX_set1_hkdf_salt); +__mkcgo__funcptr(EVP_PKEY_CTX_set_hkdf_md); +__mkcgo__funcptr(EVP_PKEY_CTX_set_hkdf_mode); +__mkcgo__funcptr(EVP_PKEY_Q_keygen); +__mkcgo__funcptr(EVP_PKEY_assign); +__mkcgo__funcptr(EVP_PKEY_decrypt); +__mkcgo__funcptr(EVP_PKEY_decrypt_init); +__mkcgo__funcptr(EVP_PKEY_derive); +__mkcgo__funcptr(EVP_PKEY_derive_init); +__mkcgo__funcptr(EVP_PKEY_derive_set_peer); +__mkcgo__funcptr(EVP_PKEY_encrypt); +__mkcgo__funcptr(EVP_PKEY_encrypt_init); +__mkcgo__funcptr(EVP_PKEY_free); +__mkcgo__funcptr(EVP_PKEY_fromdata); +__mkcgo__funcptr(EVP_PKEY_fromdata_init); +__mkcgo__funcptr(EVP_PKEY_get0_DSA); +__mkcgo__funcptr(EVP_PKEY_get0_EC_KEY); +__mkcgo__funcptr(EVP_PKEY_get1_RSA); +__mkcgo__funcptr(EVP_PKEY_get1_encoded_public_key); +__mkcgo__funcptr(EVP_PKEY_get_bits); +__mkcgo__funcptr(EVP_PKEY_get_bn_param); +__mkcgo__funcptr(EVP_PKEY_get_raw_private_key); +__mkcgo__funcptr(EVP_PKEY_get_raw_public_key); +__mkcgo__funcptr(EVP_PKEY_get_size); +__mkcgo__funcptr(EVP_PKEY_keygen); +__mkcgo__funcptr(EVP_PKEY_keygen_init); +__mkcgo__funcptr(EVP_PKEY_new); +__mkcgo__funcptr(EVP_PKEY_new_raw_private_key); +__mkcgo__funcptr(EVP_PKEY_new_raw_public_key); +__mkcgo__funcptr(EVP_PKEY_paramgen); +__mkcgo__funcptr(EVP_PKEY_paramgen_init); +__mkcgo__funcptr(EVP_PKEY_private_check); +__mkcgo__funcptr(EVP_PKEY_public_check_quick); +__mkcgo__funcptr(EVP_PKEY_set1_EC_KEY); +__mkcgo__funcptr(EVP_PKEY_set1_encoded_public_key); +__mkcgo__funcptr(EVP_PKEY_sign); +__mkcgo__funcptr(EVP_PKEY_sign_init); +__mkcgo__funcptr(EVP_PKEY_up_ref); +__mkcgo__funcptr(EVP_PKEY_verify); +__mkcgo__funcptr(EVP_PKEY_verify_init); +__mkcgo__funcptr(EVP_SIGNATURE_fetch); +__mkcgo__funcptr(EVP_SIGNATURE_free); +__mkcgo__funcptr(EVP_aes_128_cbc); +__mkcgo__funcptr(EVP_aes_128_ctr); +__mkcgo__funcptr(EVP_aes_128_ecb); +__mkcgo__funcptr(EVP_aes_128_gcm); +__mkcgo__funcptr(EVP_aes_192_cbc); +__mkcgo__funcptr(EVP_aes_192_ctr); +__mkcgo__funcptr(EVP_aes_192_ecb); +__mkcgo__funcptr(EVP_aes_192_gcm); +__mkcgo__funcptr(EVP_aes_256_cbc); +__mkcgo__funcptr(EVP_aes_256_ctr); +__mkcgo__funcptr(EVP_aes_256_ecb); +__mkcgo__funcptr(EVP_aes_256_gcm); +__mkcgo__funcptr(EVP_default_properties_enable_fips); +__mkcgo__funcptr(EVP_default_properties_is_fips_enabled); +__mkcgo__funcptr(EVP_des_cbc); +__mkcgo__funcptr(EVP_des_ecb); +__mkcgo__funcptr(EVP_des_ede3_cbc); +__mkcgo__funcptr(EVP_des_ede3_ecb); +__mkcgo__funcptr(EVP_md4); +__mkcgo__funcptr(EVP_md5); +__mkcgo__funcptr(EVP_md5_sha1); +__mkcgo__funcptr(EVP_rc4); +__mkcgo__funcptr(EVP_ripemd160); +__mkcgo__funcptr(EVP_sha1); +__mkcgo__funcptr(EVP_sha224); +__mkcgo__funcptr(EVP_sha256); +__mkcgo__funcptr(EVP_sha384); +__mkcgo__funcptr(EVP_sha3_224); +__mkcgo__funcptr(EVP_sha3_256); +__mkcgo__funcptr(EVP_sha3_384); +__mkcgo__funcptr(EVP_sha3_512); +__mkcgo__funcptr(EVP_sha512); +__mkcgo__funcptr(EVP_sha512_224); +__mkcgo__funcptr(EVP_sha512_256); +__mkcgo__funcptr(FIPS_mode); +__mkcgo__funcptr(FIPS_mode_set); +__mkcgo__funcptr(HMAC_CTX_copy); +__mkcgo__funcptr(HMAC_CTX_free); +__mkcgo__funcptr(HMAC_CTX_new); +__mkcgo__funcptr(HMAC_Final); +__mkcgo__funcptr(HMAC_Init_ex); +__mkcgo__funcptr(HMAC_Update); +__mkcgo__funcptr(OBJ_nid2sn); +__mkcgo__funcptr(OPENSSL_init); +__mkcgo__funcptr(OPENSSL_init_crypto); +__mkcgo__funcptr(OSSL_PARAM_BLD_free); +__mkcgo__funcptr(OSSL_PARAM_BLD_new); +__mkcgo__funcptr(OSSL_PARAM_BLD_push_BN); +__mkcgo__funcptr(OSSL_PARAM_BLD_push_int32); +__mkcgo__funcptr(OSSL_PARAM_BLD_push_octet_string); +__mkcgo__funcptr(OSSL_PARAM_BLD_push_utf8_string); +__mkcgo__funcptr(OSSL_PARAM_BLD_to_param); +__mkcgo__funcptr(OSSL_PARAM_free); +__mkcgo__funcptr(OSSL_PROVIDER_available); +__mkcgo__funcptr(OSSL_PROVIDER_get0_name); +__mkcgo__funcptr(OSSL_PROVIDER_try_load); +__mkcgo__funcptr(OpenSSL_version); +__mkcgo__funcptr(PKCS5_PBKDF2_HMAC); +__mkcgo__funcptr(RAND_bytes); +__mkcgo__funcptr(RSA_free); +__mkcgo__funcptr(RSA_get0_crt_params); +__mkcgo__funcptr(RSA_get0_factors); +__mkcgo__funcptr(RSA_get0_key); +__mkcgo__funcptr(RSA_new); +__mkcgo__funcptr(RSA_set0_crt_params); +__mkcgo__funcptr(RSA_set0_factors); +__mkcgo__funcptr(RSA_set0_key); + +#define __mkcgo__dlsym(name) __mkcgo__dlsym2(name, name) + +#define __mkcgo__dlsym2(varname, funcname) \ + _g_##varname = (typeof(_g_##varname))dlsym(handle, #funcname); \ + if (_g_##varname == NULL) { \ + fprintf(stderr, "Cannot get required symbol " #funcname "\n"); \ + abort(); \ + } + +void __mkcgoLoad_(void* handle) { + __mkcgo__dlsym(BN_bin2bn) + __mkcgo__dlsym(BN_bn2binpad) + __mkcgo__dlsym(BN_bn2lebinpad) + __mkcgo__dlsym(BN_clear) + __mkcgo__dlsym(BN_clear_free) + __mkcgo__dlsym(BN_free) + __mkcgo__dlsym(BN_lebin2bn) + __mkcgo__dlsym(BN_new) + __mkcgo__dlsym(BN_num_bits) + __mkcgo__dlsym(CRYPTO_free) + __mkcgo__dlsym(CRYPTO_malloc) + __mkcgo__dlsym(EC_GROUP_free) + __mkcgo__dlsym(EC_GROUP_new_by_curve_name) + __mkcgo__dlsym(EC_POINT_free) + __mkcgo__dlsym(EC_POINT_mul) + __mkcgo__dlsym(EC_POINT_new) + __mkcgo__dlsym(EC_POINT_oct2point) + __mkcgo__dlsym(EC_POINT_point2oct) + __mkcgo__dlsym(ERR_clear_error) + __mkcgo__dlsym(ERR_error_string_n) + __mkcgo__dlsym(EVP_CIPHER_CTX_ctrl) + __mkcgo__dlsym(EVP_CIPHER_CTX_free) + __mkcgo__dlsym(EVP_CIPHER_CTX_new) + __mkcgo__dlsym(EVP_CIPHER_CTX_set_key_length) + __mkcgo__dlsym(EVP_CIPHER_CTX_set_padding) + __mkcgo__dlsym(EVP_CipherInit_ex) + __mkcgo__dlsym(EVP_CipherUpdate) + __mkcgo__dlsym(EVP_DecryptFinal_ex) + __mkcgo__dlsym(EVP_DecryptInit_ex) + __mkcgo__dlsym(EVP_DecryptUpdate) + __mkcgo__dlsym(EVP_Digest) + __mkcgo__dlsym(EVP_DigestFinal_ex) + __mkcgo__dlsym(EVP_DigestInit) + __mkcgo__dlsym(EVP_DigestInit_ex) + __mkcgo__dlsym(EVP_DigestSignFinal) + __mkcgo__dlsym(EVP_DigestSignInit) + __mkcgo__dlsym(EVP_DigestUpdate) + __mkcgo__dlsym(EVP_DigestVerifyFinal) + __mkcgo__dlsym(EVP_DigestVerifyInit) + __mkcgo__dlsym(EVP_EncryptFinal_ex) + __mkcgo__dlsym(EVP_EncryptInit_ex) + __mkcgo__dlsym(EVP_EncryptUpdate) + __mkcgo__dlsym(EVP_MD_CTX_copy) + __mkcgo__dlsym(EVP_MD_CTX_copy_ex) + __mkcgo__dlsym(EVP_MD_CTX_free) + __mkcgo__dlsym(EVP_MD_CTX_new) + __mkcgo__dlsym(EVP_PKEY_CTX_ctrl) + __mkcgo__dlsym(EVP_PKEY_CTX_free) + __mkcgo__dlsym(EVP_PKEY_CTX_new) + __mkcgo__dlsym(EVP_PKEY_CTX_new_id) + __mkcgo__dlsym(EVP_PKEY_decrypt) + __mkcgo__dlsym(EVP_PKEY_decrypt_init) + __mkcgo__dlsym(EVP_PKEY_derive) + __mkcgo__dlsym(EVP_PKEY_derive_init) + __mkcgo__dlsym(EVP_PKEY_derive_set_peer) + __mkcgo__dlsym(EVP_PKEY_encrypt) + __mkcgo__dlsym(EVP_PKEY_encrypt_init) + __mkcgo__dlsym(EVP_PKEY_free) + __mkcgo__dlsym(EVP_PKEY_keygen) + __mkcgo__dlsym(EVP_PKEY_keygen_init) + __mkcgo__dlsym(EVP_PKEY_new) + __mkcgo__dlsym(EVP_PKEY_paramgen) + __mkcgo__dlsym(EVP_PKEY_paramgen_init) + __mkcgo__dlsym(EVP_PKEY_sign) + __mkcgo__dlsym(EVP_PKEY_sign_init) + __mkcgo__dlsym(EVP_PKEY_verify) + __mkcgo__dlsym(EVP_PKEY_verify_init) + __mkcgo__dlsym(EVP_aes_128_cbc) + __mkcgo__dlsym(EVP_aes_128_ctr) + __mkcgo__dlsym(EVP_aes_128_ecb) + __mkcgo__dlsym(EVP_aes_128_gcm) + __mkcgo__dlsym(EVP_aes_192_cbc) + __mkcgo__dlsym(EVP_aes_192_ctr) + __mkcgo__dlsym(EVP_aes_192_ecb) + __mkcgo__dlsym(EVP_aes_192_gcm) + __mkcgo__dlsym(EVP_aes_256_cbc) + __mkcgo__dlsym(EVP_aes_256_ctr) + __mkcgo__dlsym(EVP_aes_256_ecb) + __mkcgo__dlsym(EVP_aes_256_gcm) + __mkcgo__dlsym(EVP_des_cbc) + __mkcgo__dlsym(EVP_des_ecb) + __mkcgo__dlsym(EVP_des_ede3_cbc) + __mkcgo__dlsym(EVP_des_ede3_ecb) + __mkcgo__dlsym(EVP_md4) + __mkcgo__dlsym(EVP_md5) + __mkcgo__dlsym(EVP_md5_sha1) + __mkcgo__dlsym(EVP_rc4) + __mkcgo__dlsym(EVP_ripemd160) + __mkcgo__dlsym(EVP_sha1) + __mkcgo__dlsym(EVP_sha224) + __mkcgo__dlsym(EVP_sha256) + __mkcgo__dlsym(EVP_sha384) + __mkcgo__dlsym(EVP_sha512) + __mkcgo__dlsym(OBJ_nid2sn) + __mkcgo__dlsym(OPENSSL_init) + __mkcgo__dlsym(OPENSSL_init_crypto) + __mkcgo__dlsym(OpenSSL_version) + __mkcgo__dlsym(PKCS5_PBKDF2_HMAC) + __mkcgo__dlsym(RAND_bytes) +} + +void __mkcgoLoad_111(void* handle) { + __mkcgo__dlsym(EVP_DigestSign) + __mkcgo__dlsym(EVP_DigestVerify) + __mkcgo__dlsym(EVP_PKEY_get_raw_private_key) + __mkcgo__dlsym(EVP_PKEY_get_raw_public_key) + __mkcgo__dlsym(EVP_PKEY_new_raw_private_key) + __mkcgo__dlsym(EVP_PKEY_new_raw_public_key) + __mkcgo__dlsym(EVP_sha3_224) + __mkcgo__dlsym(EVP_sha3_256) + __mkcgo__dlsym(EVP_sha3_384) + __mkcgo__dlsym(EVP_sha3_512) + __mkcgo__dlsym(EVP_sha512_224) + __mkcgo__dlsym(EVP_sha512_256) +} + +void __mkcgoLoad_3(void* handle) { + __mkcgo__dlsym(EC_POINT_set_affine_coordinates) + __mkcgo__dlsym(ERR_get_error_all) + __mkcgo__dlsym(EVP_CIPHER_fetch) + __mkcgo__dlsym(EVP_CIPHER_get0_name) + __mkcgo__dlsym(EVP_CIPHER_get_block_size) + __mkcgo__dlsym(EVP_KDF_CTX_free) + __mkcgo__dlsym(EVP_KDF_CTX_get_kdf_size) + __mkcgo__dlsym(EVP_KDF_CTX_new) + __mkcgo__dlsym(EVP_KDF_CTX_set_params) + __mkcgo__dlsym(EVP_KDF_derive) + __mkcgo__dlsym(EVP_KDF_fetch) + __mkcgo__dlsym(EVP_KDF_free) + __mkcgo__dlsym(EVP_MAC_CTX_dup) + __mkcgo__dlsym(EVP_MAC_CTX_free) + __mkcgo__dlsym(EVP_MAC_CTX_new) + __mkcgo__dlsym(EVP_MAC_CTX_set_params) + __mkcgo__dlsym(EVP_MAC_fetch) + __mkcgo__dlsym(EVP_MAC_final) + __mkcgo__dlsym(EVP_MAC_init) + __mkcgo__dlsym(EVP_MAC_update) + __mkcgo__dlsym(EVP_MD_fetch) + __mkcgo__dlsym(EVP_MD_free) + __mkcgo__dlsym(EVP_MD_get0_name) + __mkcgo__dlsym(EVP_MD_get0_provider) + __mkcgo__dlsym(EVP_MD_get_block_size) + __mkcgo__dlsym(EVP_MD_get_size) + __mkcgo__dlsym(EVP_MD_get_type) + __mkcgo__dlsym(EVP_PKEY_CTX_add1_hkdf_info) + __mkcgo__dlsym(EVP_PKEY_CTX_new_from_pkey) + __mkcgo__dlsym(EVP_PKEY_CTX_set0_rsa_oaep_label) + __mkcgo__dlsym(EVP_PKEY_CTX_set1_hkdf_key) + __mkcgo__dlsym(EVP_PKEY_CTX_set1_hkdf_salt) + __mkcgo__dlsym(EVP_PKEY_CTX_set_hkdf_md) + __mkcgo__dlsym(EVP_PKEY_CTX_set_hkdf_mode) + __mkcgo__dlsym(EVP_PKEY_Q_keygen) + __mkcgo__dlsym(EVP_PKEY_fromdata) + __mkcgo__dlsym(EVP_PKEY_fromdata_init) + __mkcgo__dlsym(EVP_PKEY_get1_encoded_public_key) + __mkcgo__dlsym(EVP_PKEY_get_bits) + __mkcgo__dlsym(EVP_PKEY_get_bn_param) + __mkcgo__dlsym(EVP_PKEY_get_size) + __mkcgo__dlsym(EVP_PKEY_private_check) + __mkcgo__dlsym(EVP_PKEY_public_check_quick) + __mkcgo__dlsym(EVP_PKEY_set1_encoded_public_key) + __mkcgo__dlsym(EVP_PKEY_up_ref) + __mkcgo__dlsym(EVP_SIGNATURE_fetch) + __mkcgo__dlsym(EVP_SIGNATURE_free) + __mkcgo__dlsym(EVP_default_properties_enable_fips) + __mkcgo__dlsym(EVP_default_properties_is_fips_enabled) + __mkcgo__dlsym(OSSL_PARAM_BLD_free) + __mkcgo__dlsym(OSSL_PARAM_BLD_new) + __mkcgo__dlsym(OSSL_PARAM_BLD_push_BN) + __mkcgo__dlsym(OSSL_PARAM_BLD_push_int32) + __mkcgo__dlsym(OSSL_PARAM_BLD_push_octet_string) + __mkcgo__dlsym(OSSL_PARAM_BLD_push_utf8_string) + __mkcgo__dlsym(OSSL_PARAM_BLD_to_param) + __mkcgo__dlsym(OSSL_PARAM_free) + __mkcgo__dlsym(OSSL_PROVIDER_available) + __mkcgo__dlsym(OSSL_PROVIDER_get0_name) + __mkcgo__dlsym(OSSL_PROVIDER_try_load) +} + +void __mkcgoLoad_legacy_1(void* handle) { + __mkcgo__dlsym(DSA_free) + __mkcgo__dlsym(DSA_generate_key) + __mkcgo__dlsym(DSA_get0_key) + __mkcgo__dlsym(DSA_get0_pqg) + __mkcgo__dlsym(DSA_new) + __mkcgo__dlsym(DSA_set0_key) + __mkcgo__dlsym(DSA_set0_pqg) + __mkcgo__dlsym(EC_KEY_check_key) + __mkcgo__dlsym(EC_KEY_free) + __mkcgo__dlsym(EC_KEY_get0_group) + __mkcgo__dlsym(EC_KEY_get0_private_key) + __mkcgo__dlsym(EC_KEY_get0_public_key) + __mkcgo__dlsym(EC_KEY_new_by_curve_name) + __mkcgo__dlsym(EC_KEY_set_private_key) + __mkcgo__dlsym(EC_KEY_set_public_key) + __mkcgo__dlsym(EC_KEY_set_public_key_affine_coordinates) + __mkcgo__dlsym(EC_POINT_get_affine_coordinates_GFp) + __mkcgo__dlsym(ERR_get_error_line) + __mkcgo__dlsym2(EVP_CIPHER_get_block_size, EVP_CIPHER_block_size) + __mkcgo__dlsym2(EVP_MD_get_block_size, EVP_MD_block_size) + __mkcgo__dlsym2(EVP_MD_get_size, EVP_MD_size) + __mkcgo__dlsym(EVP_PKEY_assign) + __mkcgo__dlsym(EVP_PKEY_get0_DSA) + __mkcgo__dlsym(EVP_PKEY_get0_EC_KEY) + __mkcgo__dlsym(EVP_PKEY_get1_RSA) + __mkcgo__dlsym2(EVP_PKEY_get_bits, EVP_PKEY_bits) + __mkcgo__dlsym2(EVP_PKEY_get_size, EVP_PKEY_size) + __mkcgo__dlsym(EVP_PKEY_set1_EC_KEY) + __mkcgo__dlsym(FIPS_mode) + __mkcgo__dlsym(FIPS_mode_set) + __mkcgo__dlsym(HMAC_CTX_copy) + __mkcgo__dlsym(HMAC_CTX_free) + __mkcgo__dlsym(HMAC_CTX_new) + __mkcgo__dlsym(HMAC_Final) + __mkcgo__dlsym(HMAC_Init_ex) + __mkcgo__dlsym(HMAC_Update) + __mkcgo__dlsym(RSA_free) + __mkcgo__dlsym(RSA_get0_crt_params) + __mkcgo__dlsym(RSA_get0_factors) + __mkcgo__dlsym(RSA_get0_key) + __mkcgo__dlsym(RSA_new) + __mkcgo__dlsym(RSA_set0_crt_params) + __mkcgo__dlsym(RSA_set0_factors) + __mkcgo__dlsym(RSA_set0_key) +} + +_BIGNUM_PTR BN_bin2bn(const unsigned char* _arg0, int _arg1, _BIGNUM_PTR _arg2) { + return _g_BN_bin2bn(_arg0, _arg1, _arg2); +} + +int BN_bn2binpad(const _BIGNUM_PTR _arg0, unsigned char* _arg1, int _arg2) { + return _g_BN_bn2binpad(_arg0, _arg1, _arg2); +} + +int BN_bn2lebinpad(const _BIGNUM_PTR _arg0, unsigned char* _arg1, int _arg2) { + return _g_BN_bn2lebinpad(_arg0, _arg1, _arg2); +} + +void BN_clear(_BIGNUM_PTR _arg0) { + _g_BN_clear(_arg0); +} + +void BN_clear_free(_BIGNUM_PTR _arg0) { + _g_BN_clear_free(_arg0); +} + +void BN_free(_BIGNUM_PTR _arg0) { + _g_BN_free(_arg0); +} + +_BIGNUM_PTR BN_lebin2bn(const unsigned char* _arg0, int _arg1, _BIGNUM_PTR _arg2) { + return _g_BN_lebin2bn(_arg0, _arg1, _arg2); +} + +_BIGNUM_PTR BN_new(void) { + return _g_BN_new(); +} + +int BN_num_bits(const _BIGNUM_PTR _arg0) { + return _g_BN_num_bits(_arg0); +} + +void CRYPTO_free(void* _arg0, const char* _arg1, int _arg2) { + _g_CRYPTO_free(_arg0, _arg1, _arg2); +} + +void* CRYPTO_malloc(size_t _arg0, const char* _arg1, int _arg2) { + return _g_CRYPTO_malloc(_arg0, _arg1, _arg2); +} + +void DSA_free(_DSA_PTR _arg0) { + _g_DSA_free(_arg0); +} + +int DSA_generate_key(_DSA_PTR _arg0) { + return _g_DSA_generate_key(_arg0); +} + +void DSA_get0_key(const _DSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2) { + _g_DSA_get0_key(_arg0, _arg1, _arg2); +} + +void DSA_get0_pqg(const _DSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2, const _BIGNUM_PTR* _arg3) { + _g_DSA_get0_pqg(_arg0, _arg1, _arg2, _arg3); +} + +_DSA_PTR DSA_new(void) { + return _g_DSA_new(); +} + +int DSA_set0_key(_DSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2) { + return _g_DSA_set0_key(_arg0, _arg1, _arg2); +} + +int DSA_set0_pqg(_DSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, _BIGNUM_PTR _arg3) { + return _g_DSA_set0_pqg(_arg0, _arg1, _arg2, _arg3); +} + +void EC_GROUP_free(_EC_GROUP_PTR _arg0) { + _g_EC_GROUP_free(_arg0); +} + +_EC_GROUP_PTR EC_GROUP_new_by_curve_name(int _arg0) { + return _g_EC_GROUP_new_by_curve_name(_arg0); +} + +int EC_KEY_check_key(const _EC_KEY_PTR _arg0) { + return _g_EC_KEY_check_key(_arg0); +} + +void EC_KEY_free(_EC_KEY_PTR _arg0) { + _g_EC_KEY_free(_arg0); +} + +const _EC_GROUP_PTR EC_KEY_get0_group(const _EC_KEY_PTR _arg0) { + return _g_EC_KEY_get0_group(_arg0); +} + +const _BIGNUM_PTR EC_KEY_get0_private_key(const _EC_KEY_PTR _arg0) { + return _g_EC_KEY_get0_private_key(_arg0); +} + +const _EC_POINT_PTR EC_KEY_get0_public_key(const _EC_KEY_PTR _arg0) { + return _g_EC_KEY_get0_public_key(_arg0); +} + +_EC_KEY_PTR EC_KEY_new_by_curve_name(int _arg0) { + return _g_EC_KEY_new_by_curve_name(_arg0); +} + +int EC_KEY_set_private_key(_EC_KEY_PTR _arg0, const _BIGNUM_PTR _arg1) { + return _g_EC_KEY_set_private_key(_arg0, _arg1); +} + +int EC_KEY_set_public_key(_EC_KEY_PTR _arg0, const _EC_POINT_PTR _arg1) { + return _g_EC_KEY_set_public_key(_arg0, _arg1); +} + +int EC_KEY_set_public_key_affine_coordinates(_EC_KEY_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2) { + return _g_EC_KEY_set_public_key_affine_coordinates(_arg0, _arg1, _arg2); +} + +void EC_POINT_free(_EC_POINT_PTR _arg0) { + _g_EC_POINT_free(_arg0); +} + +int EC_POINT_get_affine_coordinates_GFp(const _EC_GROUP_PTR _arg0, const _EC_POINT_PTR _arg1, _BIGNUM_PTR _arg2, _BIGNUM_PTR _arg3, _BN_CTX_PTR _arg4) { + return _g_EC_POINT_get_affine_coordinates_GFp(_arg0, _arg1, _arg2, _arg3, _arg4); +} + +int EC_POINT_mul(const _EC_GROUP_PTR _arg0, _EC_POINT_PTR _arg1, const _BIGNUM_PTR _arg2, const _EC_POINT_PTR _arg3, const _BIGNUM_PTR _arg4, _BN_CTX_PTR _arg5) { + return _g_EC_POINT_mul(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); +} + +_EC_POINT_PTR EC_POINT_new(const _EC_GROUP_PTR _arg0) { + return _g_EC_POINT_new(_arg0); +} + +int EC_POINT_oct2point(const _EC_GROUP_PTR _arg0, _EC_POINT_PTR _arg1, const unsigned char* _arg2, size_t _arg3, _BN_CTX_PTR _arg4) { + return _g_EC_POINT_oct2point(_arg0, _arg1, _arg2, _arg3, _arg4); +} + +size_t EC_POINT_point2oct(const _EC_GROUP_PTR _arg0, const _EC_POINT_PTR _arg1, point_conversion_form_t _arg2, unsigned char* _arg3, size_t _arg4, _BN_CTX_PTR _arg5) { + return _g_EC_POINT_point2oct(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); +} + +int EC_POINT_set_affine_coordinates(const _EC_GROUP_PTR _arg0, _EC_POINT_PTR _arg1, const _BIGNUM_PTR _arg2, const _BIGNUM_PTR _arg3, _BN_CTX_PTR _arg4) { + return _g_EC_POINT_set_affine_coordinates(_arg0, _arg1, _arg2, _arg3, _arg4); +} + +void ERR_clear_error(void) { + _g_ERR_clear_error(); +} + +void ERR_error_string_n(unsigned long _arg0, char* _arg1, size_t _arg2) { + _g_ERR_error_string_n(_arg0, _arg1, _arg2); +} + +unsigned long ERR_get_error_all(const char** _arg0, int* _arg1, const char** _arg2, const char** _arg3, int* _arg4) { + return _g_ERR_get_error_all(_arg0, _arg1, _arg2, _arg3, _arg4); +} + +unsigned long ERR_get_error_line(const char** _arg0, int* _arg1) { + return _g_ERR_get_error_line(_arg0, _arg1); +} + +int EVP_CIPHER_CTX_ctrl(_EVP_CIPHER_CTX_PTR _arg0, int _arg1, int _arg2, void* _arg3) { + return _g_EVP_CIPHER_CTX_ctrl(_arg0, _arg1, _arg2, _arg3); +} + +void EVP_CIPHER_CTX_free(_EVP_CIPHER_CTX_PTR _arg0) { + _g_EVP_CIPHER_CTX_free(_arg0); +} + +_EVP_CIPHER_CTX_PTR EVP_CIPHER_CTX_new(void) { + return _g_EVP_CIPHER_CTX_new(); +} + +int EVP_CIPHER_CTX_set_key_length(_EVP_CIPHER_CTX_PTR _arg0, int _arg1) { + return _g_EVP_CIPHER_CTX_set_key_length(_arg0, _arg1); +} + +int EVP_CIPHER_CTX_set_padding(_EVP_CIPHER_CTX_PTR _arg0, int _arg1) { + return _g_EVP_CIPHER_CTX_set_padding(_arg0, _arg1); +} + +_EVP_CIPHER_PTR EVP_CIPHER_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2) { + return _g_EVP_CIPHER_fetch(_arg0, _arg1, _arg2); +} + +const char* EVP_CIPHER_get0_name(const _EVP_CIPHER_PTR _arg0) { + return _g_EVP_CIPHER_get0_name(_arg0); +} + +int EVP_CIPHER_get_block_size(const _EVP_CIPHER_PTR _arg0) { + return _g_EVP_CIPHER_get_block_size(_arg0); +} + +int EVP_CipherInit_ex(_EVP_CIPHER_CTX_PTR _arg0, const _EVP_CIPHER_PTR _arg1, _ENGINE_PTR _arg2, const unsigned char* _arg3, const unsigned char* _arg4, int _arg5) { + return _g_EVP_CipherInit_ex(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); +} + +int EVP_CipherUpdate(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, const unsigned char* _arg3, int _arg4) { + return _g_EVP_CipherUpdate(_arg0, _arg1, _arg2, _arg3, _arg4); +} + +int EVP_DecryptFinal_ex(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2) { + return _g_EVP_DecryptFinal_ex(_arg0, _arg1, _arg2); +} + +int EVP_DecryptInit_ex(_EVP_CIPHER_CTX_PTR _arg0, const _EVP_CIPHER_PTR _arg1, _ENGINE_PTR _arg2, const unsigned char* _arg3, const unsigned char* _arg4) { + return _g_EVP_DecryptInit_ex(_arg0, _arg1, _arg2, _arg3, _arg4); +} + +int EVP_DecryptUpdate(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, const unsigned char* _arg3, int _arg4) { + return _g_EVP_DecryptUpdate(_arg0, _arg1, _arg2, _arg3, _arg4); +} + +int EVP_Digest(const void* _arg0, size_t _arg1, unsigned char* _arg2, unsigned int* _arg3, const _EVP_MD_PTR _arg4, _ENGINE_PTR _arg5) { + return _g_EVP_Digest(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); +} + +int EVP_DigestFinal_ex(_EVP_MD_CTX_PTR _arg0, unsigned char* _arg1, unsigned int* _arg2) { + return _g_EVP_DigestFinal_ex(_arg0, _arg1, _arg2); +} + +int EVP_DigestInit(_EVP_MD_CTX_PTR _arg0, const _EVP_MD_PTR _arg1) { + return _g_EVP_DigestInit(_arg0, _arg1); +} + +int EVP_DigestInit_ex(_EVP_MD_CTX_PTR _arg0, const _EVP_MD_PTR _arg1, _ENGINE_PTR _arg2) { + return _g_EVP_DigestInit_ex(_arg0, _arg1, _arg2); +} + +int EVP_DigestSign(_EVP_MD_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4) { + return _g_EVP_DigestSign(_arg0, _arg1, _arg2, _arg3, _arg4); +} + +int EVP_DigestSignFinal(_EVP_MD_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2) { + return _g_EVP_DigestSignFinal(_arg0, _arg1, _arg2); +} + +int EVP_DigestSignInit(_EVP_MD_CTX_PTR _arg0, _EVP_PKEY_CTX_PTR* _arg1, const _EVP_MD_PTR _arg2, _ENGINE_PTR _arg3, _EVP_PKEY_PTR _arg4) { + return _g_EVP_DigestSignInit(_arg0, _arg1, _arg2, _arg3, _arg4); +} + +int EVP_DigestUpdate(_EVP_MD_CTX_PTR _arg0, const void* _arg1, size_t _arg2) { + return _g_EVP_DigestUpdate(_arg0, _arg1, _arg2); +} + +int EVP_DigestVerify(_EVP_MD_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, const unsigned char* _arg3, size_t _arg4) { + return _g_EVP_DigestVerify(_arg0, _arg1, _arg2, _arg3, _arg4); +} + +int EVP_DigestVerifyFinal(_EVP_MD_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2) { + return _g_EVP_DigestVerifyFinal(_arg0, _arg1, _arg2); +} + +int EVP_DigestVerifyInit(_EVP_MD_CTX_PTR _arg0, _EVP_PKEY_CTX_PTR* _arg1, const _EVP_MD_PTR _arg2, _ENGINE_PTR _arg3, _EVP_PKEY_PTR _arg4) { + return _g_EVP_DigestVerifyInit(_arg0, _arg1, _arg2, _arg3, _arg4); +} + +int EVP_EncryptFinal_ex(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2) { + return _g_EVP_EncryptFinal_ex(_arg0, _arg1, _arg2); +} + +int EVP_EncryptInit_ex(_EVP_CIPHER_CTX_PTR _arg0, const _EVP_CIPHER_PTR _arg1, _ENGINE_PTR _arg2, const unsigned char* _arg3, const unsigned char* _arg4) { + return _g_EVP_EncryptInit_ex(_arg0, _arg1, _arg2, _arg3, _arg4); +} + +int EVP_EncryptUpdate(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, const unsigned char* _arg3, int _arg4) { + return _g_EVP_EncryptUpdate(_arg0, _arg1, _arg2, _arg3, _arg4); +} + +void EVP_KDF_CTX_free(_EVP_KDF_CTX_PTR _arg0) { + _g_EVP_KDF_CTX_free(_arg0); +} + +size_t EVP_KDF_CTX_get_kdf_size(_EVP_KDF_CTX_PTR _arg0) { + return _g_EVP_KDF_CTX_get_kdf_size(_arg0); +} + +_EVP_KDF_CTX_PTR EVP_KDF_CTX_new(_EVP_KDF_PTR _arg0) { + return _g_EVP_KDF_CTX_new(_arg0); +} + +int EVP_KDF_CTX_set_params(_EVP_KDF_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1) { + return _g_EVP_KDF_CTX_set_params(_arg0, _arg1); +} + +int EVP_KDF_derive(_EVP_KDF_CTX_PTR _arg0, unsigned char* _arg1, size_t _arg2, const _OSSL_PARAM_PTR _arg3) { + return _g_EVP_KDF_derive(_arg0, _arg1, _arg2, _arg3); +} + +_EVP_KDF_PTR EVP_KDF_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2) { + return _g_EVP_KDF_fetch(_arg0, _arg1, _arg2); +} + +void EVP_KDF_free(_EVP_KDF_PTR _arg0) { + _g_EVP_KDF_free(_arg0); +} + +_EVP_MAC_CTX_PTR EVP_MAC_CTX_dup(const _EVP_MAC_CTX_PTR _arg0) { + return _g_EVP_MAC_CTX_dup(_arg0); +} + +void EVP_MAC_CTX_free(_EVP_MAC_CTX_PTR _arg0) { + _g_EVP_MAC_CTX_free(_arg0); +} + +_EVP_MAC_CTX_PTR EVP_MAC_CTX_new(_EVP_MAC_PTR _arg0) { + return _g_EVP_MAC_CTX_new(_arg0); +} + +int EVP_MAC_CTX_set_params(_EVP_MAC_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1) { + return _g_EVP_MAC_CTX_set_params(_arg0, _arg1); +} + +_EVP_MAC_PTR EVP_MAC_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2) { + return _g_EVP_MAC_fetch(_arg0, _arg1, _arg2); +} + +int EVP_MAC_final(_EVP_MAC_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, size_t _arg3) { + return _g_EVP_MAC_final(_arg0, _arg1, _arg2, _arg3); +} + +int EVP_MAC_init(_EVP_MAC_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, const _OSSL_PARAM_PTR _arg3) { + return _g_EVP_MAC_init(_arg0, _arg1, _arg2, _arg3); +} + +int EVP_MAC_update(_EVP_MAC_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2) { + return _g_EVP_MAC_update(_arg0, _arg1, _arg2); +} + +int EVP_MD_CTX_copy(_EVP_MD_CTX_PTR _arg0, const _EVP_MD_CTX_PTR _arg1) { + return _g_EVP_MD_CTX_copy(_arg0, _arg1); +} + +int EVP_MD_CTX_copy_ex(_EVP_MD_CTX_PTR _arg0, const _EVP_MD_CTX_PTR _arg1) { + return _g_EVP_MD_CTX_copy_ex(_arg0, _arg1); +} + +void EVP_MD_CTX_free(_EVP_MD_CTX_PTR _arg0) { + _g_EVP_MD_CTX_free(_arg0); +} + +_EVP_MD_CTX_PTR EVP_MD_CTX_new(void) { + return _g_EVP_MD_CTX_new(); +} + +_EVP_MD_PTR EVP_MD_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2) { + return _g_EVP_MD_fetch(_arg0, _arg1, _arg2); +} + +void EVP_MD_free(_EVP_MD_PTR _arg0) { + _g_EVP_MD_free(_arg0); +} + +const char* EVP_MD_get0_name(const _EVP_MD_PTR _arg0) { + return _g_EVP_MD_get0_name(_arg0); +} + +const _OSSL_PROVIDER_PTR EVP_MD_get0_provider(const _EVP_MD_PTR _arg0) { + return _g_EVP_MD_get0_provider(_arg0); +} + +int EVP_MD_get_block_size(const _EVP_MD_PTR _arg0) { + return _g_EVP_MD_get_block_size(_arg0); +} + +int EVP_MD_get_size(const _EVP_MD_PTR _arg0) { + return _g_EVP_MD_get_size(_arg0); +} + +int EVP_MD_get_type(const _EVP_MD_PTR _arg0) { + return _g_EVP_MD_get_type(_arg0); +} + +int EVP_PKEY_CTX_add1_hkdf_info(_EVP_PKEY_CTX_PTR _arg0, const unsigned char* _arg1, int _arg2) { + return _g_EVP_PKEY_CTX_add1_hkdf_info(_arg0, _arg1, _arg2); +} + +int EVP_PKEY_CTX_ctrl(_EVP_PKEY_CTX_PTR _arg0, int _arg1, int _arg2, int _arg3, int _arg4, void* _arg5) { + return _g_EVP_PKEY_CTX_ctrl(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); +} + +void EVP_PKEY_CTX_free(_EVP_PKEY_CTX_PTR _arg0) { + _g_EVP_PKEY_CTX_free(_arg0); +} + +_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new(_EVP_PKEY_PTR _arg0, _ENGINE_PTR _arg1) { + return _g_EVP_PKEY_CTX_new(_arg0, _arg1); +} + +_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new_from_pkey(_OSSL_LIB_CTX_PTR _arg0, _EVP_PKEY_PTR _arg1, const char* _arg2) { + return _g_EVP_PKEY_CTX_new_from_pkey(_arg0, _arg1, _arg2); +} + +_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new_id(int _arg0, _ENGINE_PTR _arg1) { + return _g_EVP_PKEY_CTX_new_id(_arg0, _arg1); +} + +int EVP_PKEY_CTX_set0_rsa_oaep_label(_EVP_PKEY_CTX_PTR _arg0, void* _arg1, int _arg2) { + return _g_EVP_PKEY_CTX_set0_rsa_oaep_label(_arg0, _arg1, _arg2); +} + +int EVP_PKEY_CTX_set1_hkdf_key(_EVP_PKEY_CTX_PTR _arg0, const unsigned char* _arg1, int _arg2) { + return _g_EVP_PKEY_CTX_set1_hkdf_key(_arg0, _arg1, _arg2); +} + +int EVP_PKEY_CTX_set1_hkdf_salt(_EVP_PKEY_CTX_PTR _arg0, const unsigned char* _arg1, int _arg2) { + return _g_EVP_PKEY_CTX_set1_hkdf_salt(_arg0, _arg1, _arg2); +} + +int EVP_PKEY_CTX_set_hkdf_md(_EVP_PKEY_CTX_PTR _arg0, const _EVP_MD_PTR _arg1) { + return _g_EVP_PKEY_CTX_set_hkdf_md(_arg0, _arg1); +} + +int EVP_PKEY_CTX_set_hkdf_mode(_EVP_PKEY_CTX_PTR _arg0, int _arg1) { + return _g_EVP_PKEY_CTX_set_hkdf_mode(_arg0, _arg1); +} + +_EVP_PKEY_PTR EVP_PKEY_Q_keygen_EC(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, const char* _arg3) { + return _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2, _arg3); +} + +_EVP_PKEY_PTR EVP_PKEY_Q_keygen_ED25519(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2) { + return _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2); +} + +_EVP_PKEY_PTR EVP_PKEY_Q_keygen_RSA(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, size_t _arg3) { + return _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2, _arg3); +} + +int EVP_PKEY_assign(_EVP_PKEY_PTR _arg0, int _arg1, void* _arg2) { + return _g_EVP_PKEY_assign(_arg0, _arg1, _arg2); +} + +int EVP_PKEY_decrypt(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4) { + return _g_EVP_PKEY_decrypt(_arg0, _arg1, _arg2, _arg3, _arg4); +} + +int EVP_PKEY_decrypt_init(_EVP_PKEY_CTX_PTR _arg0) { + return _g_EVP_PKEY_decrypt_init(_arg0); +} + +int EVP_PKEY_derive(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2) { + return _g_EVP_PKEY_derive(_arg0, _arg1, _arg2); +} + +int EVP_PKEY_derive_init(_EVP_PKEY_CTX_PTR _arg0) { + return _g_EVP_PKEY_derive_init(_arg0); +} + +int EVP_PKEY_derive_set_peer(_EVP_PKEY_CTX_PTR _arg0, _EVP_PKEY_PTR _arg1) { + return _g_EVP_PKEY_derive_set_peer(_arg0, _arg1); +} + +int EVP_PKEY_encrypt(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4) { + return _g_EVP_PKEY_encrypt(_arg0, _arg1, _arg2, _arg3, _arg4); +} + +int EVP_PKEY_encrypt_init(_EVP_PKEY_CTX_PTR _arg0) { + return _g_EVP_PKEY_encrypt_init(_arg0); +} + +void EVP_PKEY_free(_EVP_PKEY_PTR _arg0) { + _g_EVP_PKEY_free(_arg0); +} + +int EVP_PKEY_fromdata(_EVP_PKEY_CTX_PTR _arg0, _EVP_PKEY_PTR* _arg1, int _arg2, _OSSL_PARAM_PTR _arg3) { + return _g_EVP_PKEY_fromdata(_arg0, _arg1, _arg2, _arg3); +} + +int EVP_PKEY_fromdata_init(_EVP_PKEY_CTX_PTR _arg0) { + return _g_EVP_PKEY_fromdata_init(_arg0); +} + +_DSA_PTR EVP_PKEY_get0_DSA(_EVP_PKEY_PTR _arg0) { + return _g_EVP_PKEY_get0_DSA(_arg0); +} + +_EC_KEY_PTR EVP_PKEY_get0_EC_KEY(_EVP_PKEY_PTR _arg0) { + return _g_EVP_PKEY_get0_EC_KEY(_arg0); +} + +_RSA_PTR EVP_PKEY_get1_RSA(_EVP_PKEY_PTR _arg0) { + return _g_EVP_PKEY_get1_RSA(_arg0); +} + +size_t EVP_PKEY_get1_encoded_public_key(_EVP_PKEY_PTR _arg0, unsigned char** _arg1) { + return _g_EVP_PKEY_get1_encoded_public_key(_arg0, _arg1); +} + +int EVP_PKEY_get_bits(const _EVP_PKEY_PTR _arg0) { + return _g_EVP_PKEY_get_bits(_arg0); +} + +int EVP_PKEY_get_bn_param(const _EVP_PKEY_PTR _arg0, const char* _arg1, _BIGNUM_PTR* _arg2) { + return _g_EVP_PKEY_get_bn_param(_arg0, _arg1, _arg2); +} + +int EVP_PKEY_get_raw_private_key(const _EVP_PKEY_PTR _arg0, unsigned char* _arg1, size_t* _arg2) { + return _g_EVP_PKEY_get_raw_private_key(_arg0, _arg1, _arg2); +} + +int EVP_PKEY_get_raw_public_key(const _EVP_PKEY_PTR _arg0, unsigned char* _arg1, size_t* _arg2) { + return _g_EVP_PKEY_get_raw_public_key(_arg0, _arg1, _arg2); +} + +int EVP_PKEY_get_size(const _EVP_PKEY_PTR _arg0) { + return _g_EVP_PKEY_get_size(_arg0); +} + +int EVP_PKEY_keygen(_EVP_PKEY_CTX_PTR _arg0, _EVP_PKEY_PTR* _arg1) { + return _g_EVP_PKEY_keygen(_arg0, _arg1); +} + +int EVP_PKEY_keygen_init(_EVP_PKEY_CTX_PTR _arg0) { + return _g_EVP_PKEY_keygen_init(_arg0); +} + +_EVP_PKEY_PTR EVP_PKEY_new(void) { + return _g_EVP_PKEY_new(); +} + +_EVP_PKEY_PTR EVP_PKEY_new_raw_private_key(int _arg0, _ENGINE_PTR _arg1, const unsigned char* _arg2, size_t _arg3) { + return _g_EVP_PKEY_new_raw_private_key(_arg0, _arg1, _arg2, _arg3); +} + +_EVP_PKEY_PTR EVP_PKEY_new_raw_public_key(int _arg0, _ENGINE_PTR _arg1, const unsigned char* _arg2, size_t _arg3) { + return _g_EVP_PKEY_new_raw_public_key(_arg0, _arg1, _arg2, _arg3); +} + +int EVP_PKEY_paramgen(_EVP_PKEY_CTX_PTR _arg0, _EVP_PKEY_PTR* _arg1) { + return _g_EVP_PKEY_paramgen(_arg0, _arg1); +} + +int EVP_PKEY_paramgen_init(_EVP_PKEY_CTX_PTR _arg0) { + return _g_EVP_PKEY_paramgen_init(_arg0); +} + +int EVP_PKEY_private_check(_EVP_PKEY_CTX_PTR _arg0) { + return _g_EVP_PKEY_private_check(_arg0); +} + +int EVP_PKEY_public_check_quick(_EVP_PKEY_CTX_PTR _arg0) { + return _g_EVP_PKEY_public_check_quick(_arg0); +} + +int EVP_PKEY_set1_EC_KEY(_EVP_PKEY_PTR _arg0, _EC_KEY_PTR _arg1) { + return _g_EVP_PKEY_set1_EC_KEY(_arg0, _arg1); +} + +int EVP_PKEY_set1_encoded_public_key(_EVP_PKEY_PTR _arg0, const unsigned char* _arg1, size_t _arg2) { + return _g_EVP_PKEY_set1_encoded_public_key(_arg0, _arg1, _arg2); +} + +int EVP_PKEY_sign(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4) { + return _g_EVP_PKEY_sign(_arg0, _arg1, _arg2, _arg3, _arg4); +} + +int EVP_PKEY_sign_init(_EVP_PKEY_CTX_PTR _arg0) { + return _g_EVP_PKEY_sign_init(_arg0); +} + +int EVP_PKEY_up_ref(_EVP_PKEY_PTR _arg0) { + return _g_EVP_PKEY_up_ref(_arg0); +} + +int EVP_PKEY_verify(_EVP_PKEY_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, const unsigned char* _arg3, size_t _arg4) { + return _g_EVP_PKEY_verify(_arg0, _arg1, _arg2, _arg3, _arg4); +} + +int EVP_PKEY_verify_init(_EVP_PKEY_CTX_PTR _arg0) { + return _g_EVP_PKEY_verify_init(_arg0); +} + +_EVP_SIGNATURE_PTR EVP_SIGNATURE_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2) { + return _g_EVP_SIGNATURE_fetch(_arg0, _arg1, _arg2); +} + +void EVP_SIGNATURE_free(_EVP_SIGNATURE_PTR _arg0) { + _g_EVP_SIGNATURE_free(_arg0); +} + +const _EVP_CIPHER_PTR EVP_aes_128_cbc(void) { + return _g_EVP_aes_128_cbc(); +} + +const _EVP_CIPHER_PTR EVP_aes_128_ctr(void) { + return _g_EVP_aes_128_ctr(); +} + +const _EVP_CIPHER_PTR EVP_aes_128_ecb(void) { + return _g_EVP_aes_128_ecb(); +} + +const _EVP_CIPHER_PTR EVP_aes_128_gcm(void) { + return _g_EVP_aes_128_gcm(); +} + +const _EVP_CIPHER_PTR EVP_aes_192_cbc(void) { + return _g_EVP_aes_192_cbc(); +} + +const _EVP_CIPHER_PTR EVP_aes_192_ctr(void) { + return _g_EVP_aes_192_ctr(); +} + +const _EVP_CIPHER_PTR EVP_aes_192_ecb(void) { + return _g_EVP_aes_192_ecb(); +} + +const _EVP_CIPHER_PTR EVP_aes_192_gcm(void) { + return _g_EVP_aes_192_gcm(); +} + +const _EVP_CIPHER_PTR EVP_aes_256_cbc(void) { + return _g_EVP_aes_256_cbc(); +} + +const _EVP_CIPHER_PTR EVP_aes_256_ctr(void) { + return _g_EVP_aes_256_ctr(); +} + +const _EVP_CIPHER_PTR EVP_aes_256_ecb(void) { + return _g_EVP_aes_256_ecb(); +} + +const _EVP_CIPHER_PTR EVP_aes_256_gcm(void) { + return _g_EVP_aes_256_gcm(); +} + +int EVP_default_properties_enable_fips(_OSSL_LIB_CTX_PTR _arg0, int _arg1) { + return _g_EVP_default_properties_enable_fips(_arg0, _arg1); +} + +int EVP_default_properties_is_fips_enabled(_OSSL_LIB_CTX_PTR _arg0) { + return _g_EVP_default_properties_is_fips_enabled(_arg0); +} + +const _EVP_CIPHER_PTR EVP_des_cbc(void) { + return _g_EVP_des_cbc(); +} + +const _EVP_CIPHER_PTR EVP_des_ecb(void) { + return _g_EVP_des_ecb(); +} + +const _EVP_CIPHER_PTR EVP_des_ede3_cbc(void) { + return _g_EVP_des_ede3_cbc(); +} + +const _EVP_CIPHER_PTR EVP_des_ede3_ecb(void) { + return _g_EVP_des_ede3_ecb(); +} + +const _EVP_MD_PTR EVP_md4(void) { + return _g_EVP_md4(); +} + +const _EVP_MD_PTR EVP_md5(void) { + return _g_EVP_md5(); +} + +const _EVP_MD_PTR EVP_md5_sha1(void) { + return _g_EVP_md5_sha1(); +} + +const _EVP_CIPHER_PTR EVP_rc4(void) { + return _g_EVP_rc4(); +} + +const _EVP_MD_PTR EVP_ripemd160(void) { + return _g_EVP_ripemd160(); +} + +const _EVP_MD_PTR EVP_sha1(void) { + return _g_EVP_sha1(); +} + +const _EVP_MD_PTR EVP_sha224(void) { + return _g_EVP_sha224(); +} + +const _EVP_MD_PTR EVP_sha256(void) { + return _g_EVP_sha256(); +} + +const _EVP_MD_PTR EVP_sha384(void) { + return _g_EVP_sha384(); +} + +const _EVP_MD_PTR EVP_sha3_224(void) { + return _g_EVP_sha3_224(); +} + +const _EVP_MD_PTR EVP_sha3_256(void) { + return _g_EVP_sha3_256(); +} + +const _EVP_MD_PTR EVP_sha3_384(void) { + return _g_EVP_sha3_384(); +} + +const _EVP_MD_PTR EVP_sha3_512(void) { + return _g_EVP_sha3_512(); +} + +const _EVP_MD_PTR EVP_sha512(void) { + return _g_EVP_sha512(); +} + +const _EVP_MD_PTR EVP_sha512_224(void) { + return _g_EVP_sha512_224(); +} + +const _EVP_MD_PTR EVP_sha512_256(void) { + return _g_EVP_sha512_256(); +} + +int FIPS_mode(void) { + return _g_FIPS_mode(); +} + +int FIPS_mode_set(int _arg0) { + return _g_FIPS_mode_set(_arg0); +} + +int HMAC_CTX_copy(_HMAC_CTX_PTR _arg0, _HMAC_CTX_PTR _arg1) { + return _g_HMAC_CTX_copy(_arg0, _arg1); +} + +void HMAC_CTX_free(_HMAC_CTX_PTR _arg0) { + _g_HMAC_CTX_free(_arg0); +} + +_HMAC_CTX_PTR HMAC_CTX_new(void) { + return _g_HMAC_CTX_new(); +} + +int HMAC_Final(_HMAC_CTX_PTR _arg0, unsigned char* _arg1, unsigned int* _arg2) { + return _g_HMAC_Final(_arg0, _arg1, _arg2); +} + +int HMAC_Init_ex(_HMAC_CTX_PTR _arg0, const void* _arg1, int _arg2, const _EVP_MD_PTR _arg3, _ENGINE_PTR _arg4) { + return _g_HMAC_Init_ex(_arg0, _arg1, _arg2, _arg3, _arg4); +} + +int HMAC_Update(_HMAC_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2) { + return _g_HMAC_Update(_arg0, _arg1, _arg2); +} + +const char* OBJ_nid2sn(int _arg0) { + return _g_OBJ_nid2sn(_arg0); +} + +void OPENSSL_init(void) { + _g_OPENSSL_init(); +} + +int OPENSSL_init_crypto(uint64_t _arg0, const _OPENSSL_INIT_SETTINGS_PTR _arg1) { + return _g_OPENSSL_init_crypto(_arg0, _arg1); +} + +void OSSL_PARAM_BLD_free(_OSSL_PARAM_BLD_PTR _arg0) { + _g_OSSL_PARAM_BLD_free(_arg0); +} + +_OSSL_PARAM_BLD_PTR OSSL_PARAM_BLD_new(void) { + return _g_OSSL_PARAM_BLD_new(); +} + +int OSSL_PARAM_BLD_push_BN(_OSSL_PARAM_BLD_PTR _arg0, const char* _arg1, const _BIGNUM_PTR _arg2) { + return _g_OSSL_PARAM_BLD_push_BN(_arg0, _arg1, _arg2); +} + +int OSSL_PARAM_BLD_push_int32(_OSSL_PARAM_BLD_PTR _arg0, const char* _arg1, int32_t _arg2) { + return _g_OSSL_PARAM_BLD_push_int32(_arg0, _arg1, _arg2); +} + +int OSSL_PARAM_BLD_push_octet_string(_OSSL_PARAM_BLD_PTR _arg0, const char* _arg1, const void* _arg2, size_t _arg3) { + return _g_OSSL_PARAM_BLD_push_octet_string(_arg0, _arg1, _arg2, _arg3); +} + +int OSSL_PARAM_BLD_push_utf8_string(_OSSL_PARAM_BLD_PTR _arg0, const char* _arg1, const char* _arg2, size_t _arg3) { + return _g_OSSL_PARAM_BLD_push_utf8_string(_arg0, _arg1, _arg2, _arg3); +} + +_OSSL_PARAM_PTR OSSL_PARAM_BLD_to_param(_OSSL_PARAM_BLD_PTR _arg0) { + return _g_OSSL_PARAM_BLD_to_param(_arg0); +} + +void OSSL_PARAM_free(_OSSL_PARAM_PTR _arg0) { + _g_OSSL_PARAM_free(_arg0); +} + +int OSSL_PROVIDER_available(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1) { + return _g_OSSL_PROVIDER_available(_arg0, _arg1); +} + +const char* OSSL_PROVIDER_get0_name(const _OSSL_PROVIDER_PTR _arg0) { + return _g_OSSL_PROVIDER_get0_name(_arg0); +} + +_OSSL_PROVIDER_PTR OSSL_PROVIDER_try_load(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, int _arg2) { + return _g_OSSL_PROVIDER_try_load(_arg0, _arg1, _arg2); +} + +const char* OpenSSL_version(int _arg0) { + return _g_OpenSSL_version(_arg0); +} + +int PKCS5_PBKDF2_HMAC(const char* _arg0, int _arg1, const unsigned char* _arg2, int _arg3, int _arg4, const _EVP_MD_PTR _arg5, int _arg6, unsigned char* _arg7) { + return _g_PKCS5_PBKDF2_HMAC(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7); +} + +int RAND_bytes(unsigned char* _arg0, int _arg1) { + return _g_RAND_bytes(_arg0, _arg1); +} + +void RSA_free(_RSA_PTR _arg0) { + _g_RSA_free(_arg0); +} + +void RSA_get0_crt_params(const _RSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2, const _BIGNUM_PTR* _arg3) { + _g_RSA_get0_crt_params(_arg0, _arg1, _arg2, _arg3); +} + +void RSA_get0_factors(const _RSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2) { + _g_RSA_get0_factors(_arg0, _arg1, _arg2); +} + +void RSA_get0_key(const _RSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2, const _BIGNUM_PTR* _arg3) { + _g_RSA_get0_key(_arg0, _arg1, _arg2, _arg3); +} + +_RSA_PTR RSA_new(void) { + return _g_RSA_new(); +} + +int RSA_set0_crt_params(_RSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, _BIGNUM_PTR _arg3) { + return _g_RSA_set0_crt_params(_arg0, _arg1, _arg2, _arg3); +} + +int RSA_set0_factors(_RSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2) { + return _g_RSA_set0_factors(_arg0, _arg1, _arg2); +} + +int RSA_set0_key(_RSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, _BIGNUM_PTR _arg3) { + return _g_RSA_set0_key(_arg0, _arg1, _arg2, _arg3); +} + diff --git a/zossl.go b/zossl.go new file mode 100644 index 00000000..9f22f919 --- /dev/null +++ b/zossl.go @@ -0,0 +1,957 @@ +// Code generated by mkcgo. DO NOT EDIT. + +package openssl + +/* +#cgo CFLAGS: -Wno-attributes +#include "shims.h" +void __mkcgoLoad_(void* handle); +void __mkcgoLoad_111(void* handle); +void __mkcgoLoad_3(void* handle); +void __mkcgoLoad_legacy_1(void* handle); +*/ +import "C" +import "unsafe" + +const ( + _POINT_CONVERSION_UNCOMPRESSED = 4 + _OPENSSL_INIT_LOAD_CRYPTO_STRINGS = 0x00000002 + _OPENSSL_INIT_ADD_ALL_CIPHERS = 0x00000004 + _OPENSSL_INIT_ADD_ALL_DIGESTS = 0x00000008 + _OPENSSL_INIT_LOAD_CONFIG = 0x00000040 + _EVP_CTRL_GCM_GET_TAG = 0x10 + _EVP_CTRL_GCM_SET_TAG = 0x11 + _EVP_PKEY_CTRL_MD = 1 + _EVP_PKEY_RSA = 6 + _EVP_PKEY_EC = 408 + _EVP_PKEY_TLS1_PRF = 1021 + _EVP_PKEY_HKDF = 1036 + _EVP_PKEY_ED25519 = 1087 + _EVP_PKEY_DSA = 116 + _EVP_PKEY_OP_DERIVE = (1 << 10) + _EVP_MAX_MD_SIZE = 64 + _EVP_PKEY_PUBLIC_KEY = 0x86 + _EVP_PKEY_KEYPAIR = 0x87 + _EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID = 0x1001 + _EVP_KDF_HKDF_MODE_EXTRACT_ONLY = 1 + _EVP_KDF_HKDF_MODE_EXPAND_ONLY = 2 + _EVP_PKEY_CTRL_TLS_MD = 0x1000 + _EVP_PKEY_CTRL_TLS_SECRET = 0x1001 + _EVP_PKEY_CTRL_TLS_SEED = 0x1002 + _EVP_PKEY_CTRL_HKDF_MD = 0x1003 + _EVP_PKEY_CTRL_HKDF_SALT = 0x1004 + _EVP_PKEY_CTRL_HKDF_KEY = 0x1005 + _EVP_PKEY_CTRL_HKDF_INFO = 0x1006 + _EVP_PKEY_CTRL_HKDF_MODE = 0x1007 + _NID_X9_62_prime256v1 = 415 + _NID_secp224r1 = 713 + _NID_secp384r1 = 715 + _NID_secp521r1 = 716 + _RSA_PKCS1_PADDING = 1 + _RSA_NO_PADDING = 3 + _RSA_PKCS1_OAEP_PADDING = 4 + _RSA_PKCS1_PSS_PADDING = 6 + _RSA_PSS_SALTLEN_DIGEST = -1 + _RSA_PSS_SALTLEN_AUTO = -2 + _RSA_PSS_SALTLEN_MAX_SIGN = -2 + _RSA_PSS_SALTLEN_MAX = -3 + _EVP_PKEY_CTRL_RSA_PADDING = 0x1001 + _EVP_PKEY_CTRL_RSA_PSS_SALTLEN = 0x1002 + _EVP_PKEY_CTRL_RSA_KEYGEN_BITS = 0x1003 + _EVP_PKEY_CTRL_RSA_MGF1_MD = 0x1005 + _EVP_PKEY_CTRL_RSA_OAEP_MD = 0x1009 + _EVP_PKEY_CTRL_RSA_OAEP_LABEL = 0x100A + _EVP_PKEY_CTRL_DSA_PARAMGEN_BITS = 0x1001 + _EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS = 0x1002 +) + +type _BIGNUM_PTR = C._BIGNUM_PTR +type _BN_CTX_PTR = C._BN_CTX_PTR +type _DSA_PTR = C._DSA_PTR +type _EC_GROUP_PTR = C._EC_GROUP_PTR +type _EC_KEY_PTR = C._EC_KEY_PTR +type _EC_POINT_PTR = C._EC_POINT_PTR +type _ENGINE_PTR = C._ENGINE_PTR +type _EVP_CIPHER_CTX_PTR = C._EVP_CIPHER_CTX_PTR +type _EVP_CIPHER_PTR = C._EVP_CIPHER_PTR +type _EVP_KDF_CTX_PTR = C._EVP_KDF_CTX_PTR +type _EVP_KDF_PTR = C._EVP_KDF_PTR +type _EVP_MAC_CTX_PTR = C._EVP_MAC_CTX_PTR +type _EVP_MAC_PTR = C._EVP_MAC_PTR +type _EVP_MD_CTX_PTR = C._EVP_MD_CTX_PTR +type _EVP_MD_PTR = C._EVP_MD_PTR +type _EVP_PKEY_CTX_PTR = C._EVP_PKEY_CTX_PTR +type _EVP_PKEY_PTR = C._EVP_PKEY_PTR +type _EVP_SIGNATURE_PTR = C._EVP_SIGNATURE_PTR +type _HMAC_CTX_PTR = C._HMAC_CTX_PTR +type _OPENSSL_INIT_SETTINGS_PTR = C._OPENSSL_INIT_SETTINGS_PTR +type _OSSL_LIB_CTX_PTR = C._OSSL_LIB_CTX_PTR +type _OSSL_PARAM_BLD_PTR = C._OSSL_PARAM_BLD_PTR +type _OSSL_PARAM_PTR = C._OSSL_PARAM_PTR +type _OSSL_PROVIDER_PTR = C._OSSL_PROVIDER_PTR +type _RSA_PTR = C._RSA_PTR +type point_conversion_form_t = C.point_conversion_form_t + +func mkcgoLoad_(handle unsafe.Pointer) { + C.__mkcgoLoad_(handle) +} + +func mkcgoLoad_111(handle unsafe.Pointer) { + C.__mkcgoLoad_111(handle) +} + +func mkcgoLoad_3(handle unsafe.Pointer) { + C.__mkcgoLoad_3(handle) +} + +func mkcgoLoad_legacy_1(handle unsafe.Pointer) { + C.__mkcgoLoad_legacy_1(handle) +} + +func go_openssl_BN_bin2bn(arg0 *byte, arg1 int32, arg2 _BIGNUM_PTR) _BIGNUM_PTR { + return C.BN_bin2bn((*C.uchar)(unsafe.Pointer(arg0)), C.int(arg1), arg2) +} + +func go_openssl_BN_bn2binpad(a _BIGNUM_PTR, to *byte, tolen int32) int32 { + return int32(C.BN_bn2binpad(a, (*C.uchar)(unsafe.Pointer(to)), C.int(tolen))) +} + +func go_openssl_BN_bn2lebinpad(a _BIGNUM_PTR, to *byte, tolen int32) int32 { + return int32(C.BN_bn2lebinpad(a, (*C.uchar)(unsafe.Pointer(to)), C.int(tolen))) +} + +func go_openssl_BN_clear(arg0 _BIGNUM_PTR) { + C.BN_clear(arg0) +} + +func go_openssl_BN_clear_free(arg0 _BIGNUM_PTR) { + C.BN_clear_free(arg0) +} + +func go_openssl_BN_free(arg0 _BIGNUM_PTR) { + C.BN_free(arg0) +} + +func go_openssl_BN_lebin2bn(s *byte, len int32, ret _BIGNUM_PTR) _BIGNUM_PTR { + return C.BN_lebin2bn((*C.uchar)(unsafe.Pointer(s)), C.int(len), ret) +} + +func go_openssl_BN_new() _BIGNUM_PTR { + return C.BN_new() +} + +func go_openssl_BN_num_bits(arg0 _BIGNUM_PTR) int32 { + return int32(C.BN_num_bits(arg0)) +} + +func go_openssl_CRYPTO_free(str unsafe.Pointer, file *byte, line int32) { + C.CRYPTO_free(str, (*C.char)(unsafe.Pointer(file)), C.int(line)) +} + +func go_openssl_CRYPTO_malloc(num int, file *byte, line int32) unsafe.Pointer { + return unsafe.Pointer(C.CRYPTO_malloc(C.size_t(num), (*C.char)(unsafe.Pointer(file)), C.int(line))) +} + +func go_openssl_DSA_free(r _DSA_PTR) { + C.DSA_free(r) +} + +func go_openssl_DSA_generate_key(a _DSA_PTR) int32 { + return int32(C.DSA_generate_key(a)) +} + +func go_openssl_DSA_get0_key(d _DSA_PTR, pub_key *_BIGNUM_PTR, priv_key *_BIGNUM_PTR) { + C.DSA_get0_key(d, pub_key, priv_key) +} + +func go_openssl_DSA_get0_pqg(d _DSA_PTR, p *_BIGNUM_PTR, q *_BIGNUM_PTR, g *_BIGNUM_PTR) { + C.DSA_get0_pqg(d, p, q, g) +} + +func go_openssl_DSA_new() _DSA_PTR { + return C.DSA_new() +} + +func go_openssl_DSA_set0_key(d _DSA_PTR, pub_key _BIGNUM_PTR, priv_key _BIGNUM_PTR) int32 { + return int32(C.DSA_set0_key(d, pub_key, priv_key)) +} + +func go_openssl_DSA_set0_pqg(d _DSA_PTR, p _BIGNUM_PTR, q _BIGNUM_PTR, g _BIGNUM_PTR) int32 { + return int32(C.DSA_set0_pqg(d, p, q, g)) +} + +func go_openssl_EC_GROUP_free(group _EC_GROUP_PTR) { + C.EC_GROUP_free(group) +} + +func go_openssl_EC_GROUP_new_by_curve_name(nid int32) _EC_GROUP_PTR { + return C.EC_GROUP_new_by_curve_name(C.int(nid)) +} + +func go_openssl_EC_KEY_check_key(key _EC_KEY_PTR) int32 { + return int32(C.EC_KEY_check_key(key)) +} + +func go_openssl_EC_KEY_free(arg0 _EC_KEY_PTR) { + C.EC_KEY_free(arg0) +} + +func go_openssl_EC_KEY_get0_group(arg0 _EC_KEY_PTR) _EC_GROUP_PTR { + return _EC_GROUP_PTR(C.EC_KEY_get0_group(arg0)) +} + +func go_openssl_EC_KEY_get0_private_key(arg0 _EC_KEY_PTR) _BIGNUM_PTR { + return _BIGNUM_PTR(C.EC_KEY_get0_private_key(arg0)) +} + +func go_openssl_EC_KEY_get0_public_key(arg0 _EC_KEY_PTR) _EC_POINT_PTR { + return _EC_POINT_PTR(C.EC_KEY_get0_public_key(arg0)) +} + +func go_openssl_EC_KEY_new_by_curve_name(arg0 int32) _EC_KEY_PTR { + return C.EC_KEY_new_by_curve_name(C.int(arg0)) +} + +func go_openssl_EC_KEY_set_private_key(arg0 _EC_KEY_PTR, arg1 _BIGNUM_PTR) int32 { + return int32(C.EC_KEY_set_private_key(arg0, arg1)) +} + +func go_openssl_EC_KEY_set_public_key(key _EC_KEY_PTR, pub _EC_POINT_PTR) int32 { + return int32(C.EC_KEY_set_public_key(key, pub)) +} + +func go_openssl_EC_KEY_set_public_key_affine_coordinates(key _EC_KEY_PTR, x _BIGNUM_PTR, y _BIGNUM_PTR) int32 { + return int32(C.EC_KEY_set_public_key_affine_coordinates(key, x, y)) +} + +func go_openssl_EC_POINT_free(arg0 _EC_POINT_PTR) { + C.EC_POINT_free(arg0) +} + +func go_openssl_EC_POINT_get_affine_coordinates_GFp(arg0 _EC_GROUP_PTR, arg1 _EC_POINT_PTR, arg2 _BIGNUM_PTR, arg3 _BIGNUM_PTR, arg4 _BN_CTX_PTR) int32 { + return int32(C.EC_POINT_get_affine_coordinates_GFp(arg0, arg1, arg2, arg3, arg4)) +} + +func go_openssl_EC_POINT_mul(group _EC_GROUP_PTR, r _EC_POINT_PTR, n _BIGNUM_PTR, q _EC_POINT_PTR, m _BIGNUM_PTR, ctx _BN_CTX_PTR) int32 { + return int32(C.EC_POINT_mul(group, r, n, q, m, ctx)) +} + +func go_openssl_EC_POINT_new(arg0 _EC_GROUP_PTR) _EC_POINT_PTR { + return C.EC_POINT_new(arg0) +} + +func go_openssl_EC_POINT_oct2point(group _EC_GROUP_PTR, p _EC_POINT_PTR, buf *byte, len int, ctx _BN_CTX_PTR) int32 { + return int32(C.EC_POINT_oct2point(group, p, (*C.uchar)(unsafe.Pointer(buf)), C.size_t(len), ctx)) +} + +func go_openssl_EC_POINT_point2oct(group _EC_GROUP_PTR, p _EC_POINT_PTR, form point_conversion_form_t, buf *byte, len int, ctx _BN_CTX_PTR) int { + return int(C.EC_POINT_point2oct(group, p, form, (*C.uchar)(unsafe.Pointer(buf)), C.size_t(len), ctx)) +} + +func go_openssl_EC_POINT_set_affine_coordinates(arg0 _EC_GROUP_PTR, arg1 _EC_POINT_PTR, arg2 _BIGNUM_PTR, arg3 _BIGNUM_PTR, arg4 _BN_CTX_PTR) int32 { + return int32(C.EC_POINT_set_affine_coordinates(arg0, arg1, arg2, arg3, arg4)) +} + +func go_openssl_ERR_clear_error() { + C.ERR_clear_error() +} + +func go_openssl_ERR_error_string_n(e uint32, buf *byte, len int) { + C.ERR_error_string_n(C.ulong(e), (*C.char)(unsafe.Pointer(buf)), C.size_t(len)) +} + +func go_openssl_ERR_get_error_all(file **byte, line *int32, __func **byte, data **byte, flags *int32) uint32 { + return uint32(C.ERR_get_error_all((**C.char)(unsafe.Pointer(file)), (*C.int)(unsafe.Pointer(line)), (**C.char)(unsafe.Pointer(__func)), (**C.char)(unsafe.Pointer(data)), (*C.int)(unsafe.Pointer(flags)))) +} + +func go_openssl_ERR_get_error_line(file **byte, line *int32) uint32 { + return uint32(C.ERR_get_error_line((**C.char)(unsafe.Pointer(file)), (*C.int)(unsafe.Pointer(line)))) +} + +func go_openssl_EVP_CIPHER_CTX_ctrl(ctx _EVP_CIPHER_CTX_PTR, __type int32, arg int32, ptr unsafe.Pointer) int32 { + return int32(C.EVP_CIPHER_CTX_ctrl(ctx, C.int(__type), C.int(arg), ptr)) +} + +func go_openssl_EVP_CIPHER_CTX_free(arg0 _EVP_CIPHER_CTX_PTR) { + C.EVP_CIPHER_CTX_free(arg0) +} + +func go_openssl_EVP_CIPHER_CTX_new() _EVP_CIPHER_CTX_PTR { + return C.EVP_CIPHER_CTX_new() +} + +func go_openssl_EVP_CIPHER_CTX_set_key_length(x _EVP_CIPHER_CTX_PTR, keylen int32) int32 { + return int32(C.EVP_CIPHER_CTX_set_key_length(x, C.int(keylen))) +} + +func go_openssl_EVP_CIPHER_CTX_set_padding(x _EVP_CIPHER_CTX_PTR, padding int32) int32 { + return int32(C.EVP_CIPHER_CTX_set_padding(x, C.int(padding))) +} + +func go_openssl_EVP_CIPHER_fetch(ctx _OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) _EVP_CIPHER_PTR { + return C.EVP_CIPHER_fetch(ctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties))) +} + +func go_openssl_EVP_CIPHER_get0_name(cipher _EVP_CIPHER_PTR) *byte { + return (*byte)(unsafe.Pointer(C.EVP_CIPHER_get0_name(cipher))) +} + +func go_openssl_EVP_CIPHER_get_block_size(cipher _EVP_CIPHER_PTR) int32 { + return int32(C.EVP_CIPHER_get_block_size(cipher)) +} + +func go_openssl_EVP_CipherInit_ex(ctx _EVP_CIPHER_CTX_PTR, __type _EVP_CIPHER_PTR, impl _ENGINE_PTR, key *byte, iv *byte, enc int32) int32 { + return int32(C.EVP_CipherInit_ex(ctx, __type, impl, (*C.uchar)(unsafe.Pointer(key)), (*C.uchar)(unsafe.Pointer(iv)), C.int(enc))) +} + +func go_openssl_EVP_CipherUpdate(ctx _EVP_CIPHER_CTX_PTR, out *byte, outl *int32, in *byte, inl int32) int32 { + return int32(C.EVP_CipherUpdate(ctx, (*C.uchar)(unsafe.Pointer(out)), (*C.int)(unsafe.Pointer(outl)), (*C.uchar)(unsafe.Pointer(in)), C.int(inl))) +} + +func go_openssl_EVP_DecryptFinal_ex(ctx _EVP_CIPHER_CTX_PTR, outm *byte, outl *int32) int32 { + return int32(C.EVP_DecryptFinal_ex(ctx, (*C.uchar)(unsafe.Pointer(outm)), (*C.int)(unsafe.Pointer(outl)))) +} + +func go_openssl_EVP_DecryptInit_ex(ctx _EVP_CIPHER_CTX_PTR, __type _EVP_CIPHER_PTR, impl _ENGINE_PTR, key *byte, iv *byte) int32 { + return int32(C.EVP_DecryptInit_ex(ctx, __type, impl, (*C.uchar)(unsafe.Pointer(key)), (*C.uchar)(unsafe.Pointer(iv)))) +} + +func go_openssl_EVP_DecryptUpdate(ctx _EVP_CIPHER_CTX_PTR, out *byte, outl *int32, in *byte, inl int32) int32 { + return int32(C.EVP_DecryptUpdate(ctx, (*C.uchar)(unsafe.Pointer(out)), (*C.int)(unsafe.Pointer(outl)), (*C.uchar)(unsafe.Pointer(in)), C.int(inl))) +} + +func go_openssl_EVP_Digest(data unsafe.Pointer, count int, md *byte, size *uint32, __type _EVP_MD_PTR, impl _ENGINE_PTR) int32 { + return int32(C.EVP_Digest(data, C.size_t(count), (*C.uchar)(unsafe.Pointer(md)), (*C.uint)(unsafe.Pointer(size)), __type, impl)) +} + +func go_openssl_EVP_DigestFinal_ex(ctx _EVP_MD_CTX_PTR, md *byte, s *uint32) int32 { + return int32(C.EVP_DigestFinal_ex(ctx, (*C.uchar)(unsafe.Pointer(md)), (*C.uint)(unsafe.Pointer(s)))) +} + +func go_openssl_EVP_DigestInit(ctx _EVP_MD_CTX_PTR, __type _EVP_MD_PTR) int32 { + return int32(C.EVP_DigestInit(ctx, __type)) +} + +func go_openssl_EVP_DigestInit_ex(ctx _EVP_MD_CTX_PTR, __type _EVP_MD_PTR, impl _ENGINE_PTR) int32 { + return int32(C.EVP_DigestInit_ex(ctx, __type, impl)) +} + +func go_openssl_EVP_DigestSign(ctx _EVP_MD_CTX_PTR, sigret *byte, siglen *int, tbs *byte, tbslen int) int32 { + return int32(C.EVP_DigestSign(ctx, (*C.uchar)(unsafe.Pointer(sigret)), (*C.size_t)(unsafe.Pointer(siglen)), (*C.uchar)(unsafe.Pointer(tbs)), C.size_t(tbslen))) +} + +func go_openssl_EVP_DigestSignFinal(ctx _EVP_MD_CTX_PTR, sig *byte, siglen *int) int32 { + return int32(C.EVP_DigestSignFinal(ctx, (*C.uchar)(unsafe.Pointer(sig)), (*C.size_t)(unsafe.Pointer(siglen)))) +} + +func go_openssl_EVP_DigestSignInit(ctx _EVP_MD_CTX_PTR, pctx *_EVP_PKEY_CTX_PTR, __type _EVP_MD_PTR, e _ENGINE_PTR, pkey _EVP_PKEY_PTR) int32 { + return int32(C.EVP_DigestSignInit(ctx, pctx, __type, e, pkey)) +} + +func go_openssl_EVP_DigestUpdate(ctx _EVP_MD_CTX_PTR, d unsafe.Pointer, cnt int) int32 { + return int32(C.EVP_DigestUpdate(ctx, d, C.size_t(cnt))) +} + +func go_openssl_EVP_DigestVerify(ctx _EVP_MD_CTX_PTR, sigret *byte, siglen int, tbs *byte, tbslen int) int32 { + return int32(C.EVP_DigestVerify(ctx, (*C.uchar)(unsafe.Pointer(sigret)), C.size_t(siglen), (*C.uchar)(unsafe.Pointer(tbs)), C.size_t(tbslen))) +} + +func go_openssl_EVP_DigestVerifyFinal(ctx _EVP_MD_CTX_PTR, sig *byte, siglen int) int32 { + return int32(C.EVP_DigestVerifyFinal(ctx, (*C.uchar)(unsafe.Pointer(sig)), C.size_t(siglen))) +} + +func go_openssl_EVP_DigestVerifyInit(ctx _EVP_MD_CTX_PTR, pctx *_EVP_PKEY_CTX_PTR, __type _EVP_MD_PTR, e _ENGINE_PTR, pkey _EVP_PKEY_PTR) int32 { + return int32(C.EVP_DigestVerifyInit(ctx, pctx, __type, e, pkey)) +} + +func go_openssl_EVP_EncryptFinal_ex(ctx _EVP_CIPHER_CTX_PTR, out *byte, outl *int32) int32 { + return int32(C.EVP_EncryptFinal_ex(ctx, (*C.uchar)(unsafe.Pointer(out)), (*C.int)(unsafe.Pointer(outl)))) +} + +func go_openssl_EVP_EncryptInit_ex(ctx _EVP_CIPHER_CTX_PTR, __type _EVP_CIPHER_PTR, impl _ENGINE_PTR, key *byte, iv *byte) int32 { + return int32(C.EVP_EncryptInit_ex(ctx, __type, impl, (*C.uchar)(unsafe.Pointer(key)), (*C.uchar)(unsafe.Pointer(iv)))) +} + +func go_openssl_EVP_EncryptUpdate(ctx _EVP_CIPHER_CTX_PTR, out *byte, outl *int32, in *byte, inl int32) int32 { + return int32(C.EVP_EncryptUpdate(ctx, (*C.uchar)(unsafe.Pointer(out)), (*C.int)(unsafe.Pointer(outl)), (*C.uchar)(unsafe.Pointer(in)), C.int(inl))) +} + +func go_openssl_EVP_KDF_CTX_free(ctx _EVP_KDF_CTX_PTR) { + C.EVP_KDF_CTX_free(ctx) +} + +func go_openssl_EVP_KDF_CTX_get_kdf_size(ctx _EVP_KDF_CTX_PTR) int { + return int(C.EVP_KDF_CTX_get_kdf_size(ctx)) +} + +func go_openssl_EVP_KDF_CTX_new(kdf _EVP_KDF_PTR) _EVP_KDF_CTX_PTR { + return C.EVP_KDF_CTX_new(kdf) +} + +func go_openssl_EVP_KDF_CTX_set_params(ctx _EVP_KDF_CTX_PTR, params _OSSL_PARAM_PTR) int32 { + return int32(C.EVP_KDF_CTX_set_params(ctx, params)) +} + +func go_openssl_EVP_KDF_derive(ctx _EVP_KDF_CTX_PTR, key *byte, keylen int, params _OSSL_PARAM_PTR) int32 { + return int32(C.EVP_KDF_derive(ctx, (*C.uchar)(unsafe.Pointer(key)), C.size_t(keylen), params)) +} + +func go_openssl_EVP_KDF_fetch(libctx _OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) _EVP_KDF_PTR { + return C.EVP_KDF_fetch(libctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties))) +} + +func go_openssl_EVP_KDF_free(kdf _EVP_KDF_PTR) { + C.EVP_KDF_free(kdf) +} + +func go_openssl_EVP_MAC_CTX_dup(arg0 _EVP_MAC_CTX_PTR) _EVP_MAC_CTX_PTR { + return C.EVP_MAC_CTX_dup(arg0) +} + +func go_openssl_EVP_MAC_CTX_free(arg0 _EVP_MAC_CTX_PTR) { + C.EVP_MAC_CTX_free(arg0) +} + +func go_openssl_EVP_MAC_CTX_new(arg0 _EVP_MAC_PTR) _EVP_MAC_CTX_PTR { + return C.EVP_MAC_CTX_new(arg0) +} + +func go_openssl_EVP_MAC_CTX_set_params(ctx _EVP_MAC_CTX_PTR, params _OSSL_PARAM_PTR) int32 { + return int32(C.EVP_MAC_CTX_set_params(ctx, params)) +} + +func go_openssl_EVP_MAC_fetch(ctx _OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) _EVP_MAC_PTR { + return C.EVP_MAC_fetch(ctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties))) +} + +func go_openssl_EVP_MAC_final(ctx _EVP_MAC_CTX_PTR, out *byte, outl *int, outsize int) int32 { + return int32(C.EVP_MAC_final(ctx, (*C.uchar)(unsafe.Pointer(out)), (*C.size_t)(unsafe.Pointer(outl)), C.size_t(outsize))) +} + +func go_openssl_EVP_MAC_init(ctx _EVP_MAC_CTX_PTR, key *byte, keylen int, params _OSSL_PARAM_PTR) int32 { + return int32(C.EVP_MAC_init(ctx, (*C.uchar)(unsafe.Pointer(key)), C.size_t(keylen), params)) +} + +func go_openssl_EVP_MAC_update(ctx _EVP_MAC_CTX_PTR, data *byte, datalen int) int32 { + return int32(C.EVP_MAC_update(ctx, (*C.uchar)(unsafe.Pointer(data)), C.size_t(datalen))) +} + +func go_openssl_EVP_MD_CTX_copy(out _EVP_MD_CTX_PTR, in _EVP_MD_CTX_PTR) int32 { + return int32(C.EVP_MD_CTX_copy(out, in)) +} + +func go_openssl_EVP_MD_CTX_copy_ex(out _EVP_MD_CTX_PTR, in _EVP_MD_CTX_PTR) int32 { + return int32(C.EVP_MD_CTX_copy_ex(out, in)) +} + +func go_openssl_EVP_MD_CTX_free(ctx _EVP_MD_CTX_PTR) { + C.EVP_MD_CTX_free(ctx) +} + +func go_openssl_EVP_MD_CTX_new() _EVP_MD_CTX_PTR { + return C.EVP_MD_CTX_new() +} + +func go_openssl_EVP_MD_fetch(ctx _OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) _EVP_MD_PTR { + return C.EVP_MD_fetch(ctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties))) +} + +func go_openssl_EVP_MD_free(md _EVP_MD_PTR) { + C.EVP_MD_free(md) +} + +func go_openssl_EVP_MD_get0_name(md _EVP_MD_PTR) *byte { + return (*byte)(unsafe.Pointer(C.EVP_MD_get0_name(md))) +} + +func go_openssl_EVP_MD_get0_provider(md _EVP_MD_PTR) _OSSL_PROVIDER_PTR { + return _OSSL_PROVIDER_PTR(C.EVP_MD_get0_provider(md)) +} + +func go_openssl_EVP_MD_get_block_size(md _EVP_MD_PTR) int32 { + return int32(C.EVP_MD_get_block_size(md)) +} + +func go_openssl_EVP_MD_get_size(md _EVP_MD_PTR) int32 { + return int32(C.EVP_MD_get_size(md)) +} + +func go_openssl_EVP_MD_get_type(md _EVP_MD_PTR) int32 { + return int32(C.EVP_MD_get_type(md)) +} + +func go_openssl_EVP_PKEY_CTX_add1_hkdf_info(arg0 _EVP_PKEY_CTX_PTR, arg1 *byte, arg2 int32) int32 { + return int32(C.EVP_PKEY_CTX_add1_hkdf_info(arg0, (*C.uchar)(unsafe.Pointer(arg1)), C.int(arg2))) +} + +func go_openssl_EVP_PKEY_CTX_ctrl(ctx _EVP_PKEY_CTX_PTR, keytype int32, optype int32, cmd int32, p1 int32, p2 unsafe.Pointer) int32 { + return int32(C.EVP_PKEY_CTX_ctrl(ctx, C.int(keytype), C.int(optype), C.int(cmd), C.int(p1), p2)) +} + +func go_openssl_EVP_PKEY_CTX_free(arg0 _EVP_PKEY_CTX_PTR) { + C.EVP_PKEY_CTX_free(arg0) +} + +func go_openssl_EVP_PKEY_CTX_new(arg0 _EVP_PKEY_PTR, arg1 _ENGINE_PTR) _EVP_PKEY_CTX_PTR { + return C.EVP_PKEY_CTX_new(arg0, arg1) +} + +func go_openssl_EVP_PKEY_CTX_new_from_pkey(libctx _OSSL_LIB_CTX_PTR, pkey _EVP_PKEY_PTR, propquery *byte) _EVP_PKEY_CTX_PTR { + return C.EVP_PKEY_CTX_new_from_pkey(libctx, pkey, (*C.char)(unsafe.Pointer(propquery))) +} + +func go_openssl_EVP_PKEY_CTX_new_id(id int32, e _ENGINE_PTR) _EVP_PKEY_CTX_PTR { + return C.EVP_PKEY_CTX_new_id(C.int(id), e) +} + +func go_openssl_EVP_PKEY_CTX_set0_rsa_oaep_label(ctx _EVP_PKEY_CTX_PTR, label unsafe.Pointer, len int32) int32 { + return int32(C.EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, label, C.int(len))) +} + +func go_openssl_EVP_PKEY_CTX_set1_hkdf_key(arg0 _EVP_PKEY_CTX_PTR, arg1 *byte, arg2 int32) int32 { + return int32(C.EVP_PKEY_CTX_set1_hkdf_key(arg0, (*C.uchar)(unsafe.Pointer(arg1)), C.int(arg2))) +} + +func go_openssl_EVP_PKEY_CTX_set1_hkdf_salt(arg0 _EVP_PKEY_CTX_PTR, arg1 *byte, arg2 int32) int32 { + return int32(C.EVP_PKEY_CTX_set1_hkdf_salt(arg0, (*C.uchar)(unsafe.Pointer(arg1)), C.int(arg2))) +} + +func go_openssl_EVP_PKEY_CTX_set_hkdf_md(arg0 _EVP_PKEY_CTX_PTR, arg1 _EVP_MD_PTR) int32 { + return int32(C.EVP_PKEY_CTX_set_hkdf_md(arg0, arg1)) +} + +func go_openssl_EVP_PKEY_CTX_set_hkdf_mode(arg0 _EVP_PKEY_CTX_PTR, arg1 int32) int32 { + return int32(C.EVP_PKEY_CTX_set_hkdf_mode(arg0, C.int(arg1))) +} + +func go_openssl_EVP_PKEY_Q_keygen_EC(ctx _OSSL_LIB_CTX_PTR, propq *byte, __type *byte, arg1 *byte) _EVP_PKEY_PTR { + return C.EVP_PKEY_Q_keygen_EC(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), (*C.char)(unsafe.Pointer(arg1))) +} + +func go_openssl_EVP_PKEY_Q_keygen_ED25519(ctx _OSSL_LIB_CTX_PTR, propq *byte, __type *byte) _EVP_PKEY_PTR { + return C.EVP_PKEY_Q_keygen_ED25519(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type))) +} + +func go_openssl_EVP_PKEY_Q_keygen_RSA(ctx _OSSL_LIB_CTX_PTR, propq *byte, __type *byte, arg1 int) _EVP_PKEY_PTR { + return C.EVP_PKEY_Q_keygen_RSA(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), C.size_t(arg1)) +} + +func go_openssl_EVP_PKEY_assign(pkey _EVP_PKEY_PTR, __type int32, key unsafe.Pointer) int32 { + return int32(C.EVP_PKEY_assign(pkey, C.int(__type), key)) +} + +func go_openssl_EVP_PKEY_decrypt(arg0 _EVP_PKEY_CTX_PTR, arg1 *byte, arg2 *int, arg3 *byte, arg4 int) int32 { + return int32(C.EVP_PKEY_decrypt(arg0, (*C.uchar)(unsafe.Pointer(arg1)), (*C.size_t)(unsafe.Pointer(arg2)), (*C.uchar)(unsafe.Pointer(arg3)), C.size_t(arg4))) +} + +func go_openssl_EVP_PKEY_decrypt_init(arg0 _EVP_PKEY_CTX_PTR) int32 { + return int32(C.EVP_PKEY_decrypt_init(arg0)) +} + +func go_openssl_EVP_PKEY_derive(ctx _EVP_PKEY_CTX_PTR, key *byte, keylen *int) int32 { + return int32(C.EVP_PKEY_derive(ctx, (*C.uchar)(unsafe.Pointer(key)), (*C.size_t)(unsafe.Pointer(keylen)))) +} + +func go_openssl_EVP_PKEY_derive_init(ctx _EVP_PKEY_CTX_PTR) int32 { + return int32(C.EVP_PKEY_derive_init(ctx)) +} + +func go_openssl_EVP_PKEY_derive_set_peer(ctx _EVP_PKEY_CTX_PTR, peer _EVP_PKEY_PTR) int32 { + return int32(C.EVP_PKEY_derive_set_peer(ctx, peer)) +} + +func go_openssl_EVP_PKEY_encrypt(arg0 _EVP_PKEY_CTX_PTR, arg1 *byte, arg2 *int, arg3 *byte, arg4 int) int32 { + return int32(C.EVP_PKEY_encrypt(arg0, (*C.uchar)(unsafe.Pointer(arg1)), (*C.size_t)(unsafe.Pointer(arg2)), (*C.uchar)(unsafe.Pointer(arg3)), C.size_t(arg4))) +} + +func go_openssl_EVP_PKEY_encrypt_init(arg0 _EVP_PKEY_CTX_PTR) int32 { + return int32(C.EVP_PKEY_encrypt_init(arg0)) +} + +func go_openssl_EVP_PKEY_free(arg0 _EVP_PKEY_PTR) { + C.EVP_PKEY_free(arg0) +} + +func go_openssl_EVP_PKEY_fromdata(ctx _EVP_PKEY_CTX_PTR, pkey *_EVP_PKEY_PTR, selection int32, params _OSSL_PARAM_PTR) int32 { + return int32(C.EVP_PKEY_fromdata(ctx, pkey, C.int(selection), params)) +} + +func go_openssl_EVP_PKEY_fromdata_init(ctx _EVP_PKEY_CTX_PTR) int32 { + return int32(C.EVP_PKEY_fromdata_init(ctx)) +} + +func go_openssl_EVP_PKEY_get0_DSA(pkey _EVP_PKEY_PTR) _DSA_PTR { + return C.EVP_PKEY_get0_DSA(pkey) +} + +func go_openssl_EVP_PKEY_get0_EC_KEY(pkey _EVP_PKEY_PTR) _EC_KEY_PTR { + return C.EVP_PKEY_get0_EC_KEY(pkey) +} + +func go_openssl_EVP_PKEY_get1_RSA(pkey _EVP_PKEY_PTR) _RSA_PTR { + return C.EVP_PKEY_get1_RSA(pkey) +} + +func go_openssl_EVP_PKEY_get1_encoded_public_key(pkey _EVP_PKEY_PTR, ppub **byte) int { + return int(C.EVP_PKEY_get1_encoded_public_key(pkey, (**C.uchar)(unsafe.Pointer(ppub)))) +} + +func go_openssl_EVP_PKEY_get_bits(pkey _EVP_PKEY_PTR) int32 { + return int32(C.EVP_PKEY_get_bits(pkey)) +} + +func go_openssl_EVP_PKEY_get_bn_param(pkey _EVP_PKEY_PTR, key_name *byte, bn *_BIGNUM_PTR) int32 { + return int32(C.EVP_PKEY_get_bn_param(pkey, (*C.char)(unsafe.Pointer(key_name)), bn)) +} + +func go_openssl_EVP_PKEY_get_raw_private_key(pkey _EVP_PKEY_PTR, priv *byte, len *int) int32 { + return int32(C.EVP_PKEY_get_raw_private_key(pkey, (*C.uchar)(unsafe.Pointer(priv)), (*C.size_t)(unsafe.Pointer(len)))) +} + +func go_openssl_EVP_PKEY_get_raw_public_key(pkey _EVP_PKEY_PTR, pub *byte, len *int) int32 { + return int32(C.EVP_PKEY_get_raw_public_key(pkey, (*C.uchar)(unsafe.Pointer(pub)), (*C.size_t)(unsafe.Pointer(len)))) +} + +func go_openssl_EVP_PKEY_get_size(pkey _EVP_PKEY_PTR) int32 { + return int32(C.EVP_PKEY_get_size(pkey)) +} + +func go_openssl_EVP_PKEY_keygen(ctx _EVP_PKEY_CTX_PTR, ppkey *_EVP_PKEY_PTR) int32 { + return int32(C.EVP_PKEY_keygen(ctx, ppkey)) +} + +func go_openssl_EVP_PKEY_keygen_init(ctx _EVP_PKEY_CTX_PTR) int32 { + return int32(C.EVP_PKEY_keygen_init(ctx)) +} + +func go_openssl_EVP_PKEY_new() _EVP_PKEY_PTR { + return C.EVP_PKEY_new() +} + +func go_openssl_EVP_PKEY_new_raw_private_key(__type int32, e _ENGINE_PTR, key *byte, keylen int) _EVP_PKEY_PTR { + return C.EVP_PKEY_new_raw_private_key(C.int(__type), e, (*C.uchar)(unsafe.Pointer(key)), C.size_t(keylen)) +} + +func go_openssl_EVP_PKEY_new_raw_public_key(__type int32, e _ENGINE_PTR, key *byte, keylen int) _EVP_PKEY_PTR { + return C.EVP_PKEY_new_raw_public_key(C.int(__type), e, (*C.uchar)(unsafe.Pointer(key)), C.size_t(keylen)) +} + +func go_openssl_EVP_PKEY_paramgen(ctx _EVP_PKEY_CTX_PTR, ppkey *_EVP_PKEY_PTR) int32 { + return int32(C.EVP_PKEY_paramgen(ctx, ppkey)) +} + +func go_openssl_EVP_PKEY_paramgen_init(ctx _EVP_PKEY_CTX_PTR) int32 { + return int32(C.EVP_PKEY_paramgen_init(ctx)) +} + +func go_openssl_EVP_PKEY_private_check(ctx _EVP_PKEY_CTX_PTR) int32 { + return int32(C.EVP_PKEY_private_check(ctx)) +} + +func go_openssl_EVP_PKEY_public_check_quick(ctx _EVP_PKEY_CTX_PTR) int32 { + return int32(C.EVP_PKEY_public_check_quick(ctx)) +} + +func go_openssl_EVP_PKEY_set1_EC_KEY(pkey _EVP_PKEY_PTR, key _EC_KEY_PTR) int32 { + return int32(C.EVP_PKEY_set1_EC_KEY(pkey, key)) +} + +func go_openssl_EVP_PKEY_set1_encoded_public_key(pkey _EVP_PKEY_PTR, pub *byte, publen int) int32 { + return int32(C.EVP_PKEY_set1_encoded_public_key(pkey, (*C.uchar)(unsafe.Pointer(pub)), C.size_t(publen))) +} + +func go_openssl_EVP_PKEY_sign(arg0 _EVP_PKEY_CTX_PTR, arg1 *byte, arg2 *int, arg3 *byte, arg4 int) int32 { + return int32(C.EVP_PKEY_sign(arg0, (*C.uchar)(unsafe.Pointer(arg1)), (*C.size_t)(unsafe.Pointer(arg2)), (*C.uchar)(unsafe.Pointer(arg3)), C.size_t(arg4))) +} + +func go_openssl_EVP_PKEY_sign_init(arg0 _EVP_PKEY_CTX_PTR) int32 { + return int32(C.EVP_PKEY_sign_init(arg0)) +} + +func go_openssl_EVP_PKEY_up_ref(key _EVP_PKEY_PTR) int32 { + return int32(C.EVP_PKEY_up_ref(key)) +} + +func go_openssl_EVP_PKEY_verify(ctx _EVP_PKEY_CTX_PTR, sig *byte, siglen int, tbs *byte, tbslen int) int32 { + return int32(C.EVP_PKEY_verify(ctx, (*C.uchar)(unsafe.Pointer(sig)), C.size_t(siglen), (*C.uchar)(unsafe.Pointer(tbs)), C.size_t(tbslen))) +} + +func go_openssl_EVP_PKEY_verify_init(arg0 _EVP_PKEY_CTX_PTR) int32 { + return int32(C.EVP_PKEY_verify_init(arg0)) +} + +func go_openssl_EVP_SIGNATURE_fetch(ctx _OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) _EVP_SIGNATURE_PTR { + return C.EVP_SIGNATURE_fetch(ctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties))) +} + +func go_openssl_EVP_SIGNATURE_free(signature _EVP_SIGNATURE_PTR) { + C.EVP_SIGNATURE_free(signature) +} + +func go_openssl_EVP_aes_128_cbc() _EVP_CIPHER_PTR { + return _EVP_CIPHER_PTR(C.EVP_aes_128_cbc()) +} + +func go_openssl_EVP_aes_128_ctr() _EVP_CIPHER_PTR { + return _EVP_CIPHER_PTR(C.EVP_aes_128_ctr()) +} + +func go_openssl_EVP_aes_128_ecb() _EVP_CIPHER_PTR { + return _EVP_CIPHER_PTR(C.EVP_aes_128_ecb()) +} + +func go_openssl_EVP_aes_128_gcm() _EVP_CIPHER_PTR { + return _EVP_CIPHER_PTR(C.EVP_aes_128_gcm()) +} + +func go_openssl_EVP_aes_192_cbc() _EVP_CIPHER_PTR { + return _EVP_CIPHER_PTR(C.EVP_aes_192_cbc()) +} + +func go_openssl_EVP_aes_192_ctr() _EVP_CIPHER_PTR { + return _EVP_CIPHER_PTR(C.EVP_aes_192_ctr()) +} + +func go_openssl_EVP_aes_192_ecb() _EVP_CIPHER_PTR { + return _EVP_CIPHER_PTR(C.EVP_aes_192_ecb()) +} + +func go_openssl_EVP_aes_192_gcm() _EVP_CIPHER_PTR { + return _EVP_CIPHER_PTR(C.EVP_aes_192_gcm()) +} + +func go_openssl_EVP_aes_256_cbc() _EVP_CIPHER_PTR { + return _EVP_CIPHER_PTR(C.EVP_aes_256_cbc()) +} + +func go_openssl_EVP_aes_256_ctr() _EVP_CIPHER_PTR { + return _EVP_CIPHER_PTR(C.EVP_aes_256_ctr()) +} + +func go_openssl_EVP_aes_256_ecb() _EVP_CIPHER_PTR { + return _EVP_CIPHER_PTR(C.EVP_aes_256_ecb()) +} + +func go_openssl_EVP_aes_256_gcm() _EVP_CIPHER_PTR { + return _EVP_CIPHER_PTR(C.EVP_aes_256_gcm()) +} + +func go_openssl_EVP_default_properties_enable_fips(libctx _OSSL_LIB_CTX_PTR, enable int32) int32 { + return int32(C.EVP_default_properties_enable_fips(libctx, C.int(enable))) +} + +func go_openssl_EVP_default_properties_is_fips_enabled(libctx _OSSL_LIB_CTX_PTR) int32 { + return int32(C.EVP_default_properties_is_fips_enabled(libctx)) +} + +func go_openssl_EVP_des_cbc() _EVP_CIPHER_PTR { + return _EVP_CIPHER_PTR(C.EVP_des_cbc()) +} + +func go_openssl_EVP_des_ecb() _EVP_CIPHER_PTR { + return _EVP_CIPHER_PTR(C.EVP_des_ecb()) +} + +func go_openssl_EVP_des_ede3_cbc() _EVP_CIPHER_PTR { + return _EVP_CIPHER_PTR(C.EVP_des_ede3_cbc()) +} + +func go_openssl_EVP_des_ede3_ecb() _EVP_CIPHER_PTR { + return _EVP_CIPHER_PTR(C.EVP_des_ede3_ecb()) +} + +func go_openssl_EVP_md4() _EVP_MD_PTR { + return _EVP_MD_PTR(C.EVP_md4()) +} + +func go_openssl_EVP_md5() _EVP_MD_PTR { + return _EVP_MD_PTR(C.EVP_md5()) +} + +func go_openssl_EVP_md5_sha1() _EVP_MD_PTR { + return _EVP_MD_PTR(C.EVP_md5_sha1()) +} + +func go_openssl_EVP_rc4() _EVP_CIPHER_PTR { + return _EVP_CIPHER_PTR(C.EVP_rc4()) +} + +func go_openssl_EVP_ripemd160() _EVP_MD_PTR { + return _EVP_MD_PTR(C.EVP_ripemd160()) +} + +func go_openssl_EVP_sha1() _EVP_MD_PTR { + return _EVP_MD_PTR(C.EVP_sha1()) +} + +func go_openssl_EVP_sha224() _EVP_MD_PTR { + return _EVP_MD_PTR(C.EVP_sha224()) +} + +func go_openssl_EVP_sha256() _EVP_MD_PTR { + return _EVP_MD_PTR(C.EVP_sha256()) +} + +func go_openssl_EVP_sha384() _EVP_MD_PTR { + return _EVP_MD_PTR(C.EVP_sha384()) +} + +func go_openssl_EVP_sha3_224() _EVP_MD_PTR { + return _EVP_MD_PTR(C.EVP_sha3_224()) +} + +func go_openssl_EVP_sha3_256() _EVP_MD_PTR { + return _EVP_MD_PTR(C.EVP_sha3_256()) +} + +func go_openssl_EVP_sha3_384() _EVP_MD_PTR { + return _EVP_MD_PTR(C.EVP_sha3_384()) +} + +func go_openssl_EVP_sha3_512() _EVP_MD_PTR { + return _EVP_MD_PTR(C.EVP_sha3_512()) +} + +func go_openssl_EVP_sha512() _EVP_MD_PTR { + return _EVP_MD_PTR(C.EVP_sha512()) +} + +func go_openssl_EVP_sha512_224() _EVP_MD_PTR { + return _EVP_MD_PTR(C.EVP_sha512_224()) +} + +func go_openssl_EVP_sha512_256() _EVP_MD_PTR { + return _EVP_MD_PTR(C.EVP_sha512_256()) +} + +func go_openssl_FIPS_mode() int32 { + return int32(C.FIPS_mode()) +} + +func go_openssl_FIPS_mode_set(r int32) int32 { + return int32(C.FIPS_mode_set(C.int(r))) +} + +func go_openssl_HMAC_CTX_copy(dest _HMAC_CTX_PTR, src _HMAC_CTX_PTR) int32 { + return int32(C.HMAC_CTX_copy(dest, src)) +} + +func go_openssl_HMAC_CTX_free(arg0 _HMAC_CTX_PTR) { + C.HMAC_CTX_free(arg0) +} + +func go_openssl_HMAC_CTX_new() _HMAC_CTX_PTR { + return C.HMAC_CTX_new() +} + +func go_openssl_HMAC_Final(arg0 _HMAC_CTX_PTR, arg1 *byte, arg2 *uint32) int32 { + return int32(C.HMAC_Final(arg0, (*C.uchar)(unsafe.Pointer(arg1)), (*C.uint)(unsafe.Pointer(arg2)))) +} + +func go_openssl_HMAC_Init_ex(arg0 _HMAC_CTX_PTR, arg1 unsafe.Pointer, arg2 int32, arg3 _EVP_MD_PTR, arg4 _ENGINE_PTR) int32 { + return int32(C.HMAC_Init_ex(arg0, arg1, C.int(arg2), arg3, arg4)) +} + +func go_openssl_HMAC_Update(arg0 _HMAC_CTX_PTR, arg1 *byte, arg2 int) int32 { + return int32(C.HMAC_Update(arg0, (*C.uchar)(unsafe.Pointer(arg1)), C.size_t(arg2))) +} + +func go_openssl_OBJ_nid2sn(n int32) *byte { + return (*byte)(unsafe.Pointer(C.OBJ_nid2sn(C.int(n)))) +} + +func go_openssl_OPENSSL_init() { + C.OPENSSL_init() +} + +func go_openssl_OPENSSL_init_crypto(ops uint64, settings _OPENSSL_INIT_SETTINGS_PTR) int32 { + return int32(C.OPENSSL_init_crypto(C.uint64_t(ops), settings)) +} + +func go_openssl_OSSL_PARAM_BLD_free(bld _OSSL_PARAM_BLD_PTR) { + C.OSSL_PARAM_BLD_free(bld) +} + +func go_openssl_OSSL_PARAM_BLD_new() _OSSL_PARAM_BLD_PTR { + return C.OSSL_PARAM_BLD_new() +} + +func go_openssl_OSSL_PARAM_BLD_push_BN(bld _OSSL_PARAM_BLD_PTR, key *byte, bn _BIGNUM_PTR) int32 { + return int32(C.OSSL_PARAM_BLD_push_BN(bld, (*C.char)(unsafe.Pointer(key)), bn)) +} + +func go_openssl_OSSL_PARAM_BLD_push_int32(bld _OSSL_PARAM_BLD_PTR, key *byte, num int32) int32 { + return int32(C.OSSL_PARAM_BLD_push_int32(bld, (*C.char)(unsafe.Pointer(key)), C.int32_t(num))) +} + +func go_openssl_OSSL_PARAM_BLD_push_octet_string(bld _OSSL_PARAM_BLD_PTR, key *byte, buf unsafe.Pointer, bsize int) int32 { + return int32(C.OSSL_PARAM_BLD_push_octet_string(bld, (*C.char)(unsafe.Pointer(key)), buf, C.size_t(bsize))) +} + +func go_openssl_OSSL_PARAM_BLD_push_utf8_string(bld _OSSL_PARAM_BLD_PTR, key *byte, buf *byte, bsize int) int32 { + return int32(C.OSSL_PARAM_BLD_push_utf8_string(bld, (*C.char)(unsafe.Pointer(key)), (*C.char)(unsafe.Pointer(buf)), C.size_t(bsize))) +} + +func go_openssl_OSSL_PARAM_BLD_to_param(bld _OSSL_PARAM_BLD_PTR) _OSSL_PARAM_PTR { + return C.OSSL_PARAM_BLD_to_param(bld) +} + +func go_openssl_OSSL_PARAM_free(p _OSSL_PARAM_PTR) { + C.OSSL_PARAM_free(p) +} + +func go_openssl_OSSL_PROVIDER_available(libctx _OSSL_LIB_CTX_PTR, name *byte) int32 { + return int32(C.OSSL_PROVIDER_available(libctx, (*C.char)(unsafe.Pointer(name)))) +} + +func go_openssl_OSSL_PROVIDER_get0_name(prov _OSSL_PROVIDER_PTR) *byte { + return (*byte)(unsafe.Pointer(C.OSSL_PROVIDER_get0_name(prov))) +} + +func go_openssl_OSSL_PROVIDER_try_load(libctx _OSSL_LIB_CTX_PTR, name *byte, retain_fallbacks int32) _OSSL_PROVIDER_PTR { + return C.OSSL_PROVIDER_try_load(libctx, (*C.char)(unsafe.Pointer(name)), C.int(retain_fallbacks)) +} + +func go_openssl_OpenSSL_version(__type int32) *byte { + return (*byte)(unsafe.Pointer(C.OpenSSL_version(C.int(__type)))) +} + +func go_openssl_PKCS5_PBKDF2_HMAC(pass *byte, passlen int32, salt *byte, saltlen int32, iter int32, digest _EVP_MD_PTR, keylen int32, out *byte) int32 { + return int32(C.PKCS5_PBKDF2_HMAC((*C.char)(unsafe.Pointer(pass)), C.int(passlen), (*C.uchar)(unsafe.Pointer(salt)), C.int(saltlen), C.int(iter), digest, C.int(keylen), (*C.uchar)(unsafe.Pointer(out)))) +} + +func go_openssl_RAND_bytes(arg0 *byte, arg1 int32) int32 { + return int32(C.RAND_bytes((*C.uchar)(unsafe.Pointer(arg0)), C.int(arg1))) +} + +func go_openssl_RSA_free(arg0 _RSA_PTR) { + C.RSA_free(arg0) +} + +func go_openssl_RSA_get0_crt_params(r _RSA_PTR, dmp1 *_BIGNUM_PTR, dmq1 *_BIGNUM_PTR, iqmp *_BIGNUM_PTR) { + C.RSA_get0_crt_params(r, dmp1, dmq1, iqmp) +} + +func go_openssl_RSA_get0_factors(rsa _RSA_PTR, p *_BIGNUM_PTR, q *_BIGNUM_PTR) { + C.RSA_get0_factors(rsa, p, q) +} + +func go_openssl_RSA_get0_key(rsa _RSA_PTR, n *_BIGNUM_PTR, e *_BIGNUM_PTR, d *_BIGNUM_PTR) { + C.RSA_get0_key(rsa, n, e, d) +} + +func go_openssl_RSA_new() _RSA_PTR { + return C.RSA_new() +} + +func go_openssl_RSA_set0_crt_params(rsa _RSA_PTR, dmp1 _BIGNUM_PTR, dmp2 _BIGNUM_PTR, iqmp _BIGNUM_PTR) int32 { + return int32(C.RSA_set0_crt_params(rsa, dmp1, dmp2, iqmp)) +} + +func go_openssl_RSA_set0_factors(rsa _RSA_PTR, p _BIGNUM_PTR, q _BIGNUM_PTR) int32 { + return int32(C.RSA_set0_factors(rsa, p, q)) +} + +func go_openssl_RSA_set0_key(r _RSA_PTR, n _BIGNUM_PTR, e _BIGNUM_PTR, d _BIGNUM_PTR) int32 { + return int32(C.RSA_set0_key(r, n, e, d)) +}