├── .editorconfig ├── .gitattributes ├── .github ├── release.yml └── workflows │ ├── main.yml │ ├── pull_request.yml │ └── pull_request_label.yml ├── .gitignore ├── .licenseignore ├── .spi.yml ├── .swift-format ├── .unacceptablelanguageignore ├── Benchmarks ├── Benchmarks │ └── NIOSSLBenchmarks │ │ ├── Benchmarks.swift │ │ ├── ManyWrites.swift │ │ ├── Shared.swift │ │ └── SimpleHandshake.swift ├── Package.swift └── Thresholds │ ├── 5.10 │ ├── NIOSSHBenchmarks.ManyWrites.p90.json │ └── NIOSSHBenchmarks.SimpleHandshake.p90.json │ ├── 6.0 │ ├── NIOSSHBenchmarks.ManyWrites.p90.json │ └── NIOSSHBenchmarks.SimpleHandshake.p90.json │ ├── 6.1 │ ├── NIOSSHBenchmarks.ManyWrites.p90.json │ └── NIOSSHBenchmarks.SimpleHandshake.p90.json │ ├── nightly-main │ ├── NIOSSHBenchmarks.ManyWrites.p90.json │ └── NIOSSHBenchmarks.SimpleHandshake.p90.json │ └── nightly-next │ ├── NIOSSHBenchmarks.ManyWrites.p90.json │ └── NIOSSHBenchmarks.SimpleHandshake.p90.json ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── CONTRIBUTORS.txt ├── IntegrationTests ├── plugin_echo.sh ├── plugin_junit_xml.sh ├── run-single-test.sh ├── run-tests.sh ├── test_functions.sh └── tests_01_general │ ├── defines.sh │ ├── test_01_renegotiation.sh │ └── test_02_execstack.sh ├── LICENSE.txt ├── NOTICE.txt ├── Package.swift ├── README.md ├── SECURITY.md ├── Sources ├── CNIOBoringSSL │ ├── crypto │ │ ├── asn1 │ │ │ ├── a_bitstr.cc │ │ │ ├── a_bool.cc │ │ │ ├── a_d2i_fp.cc │ │ │ ├── a_dup.cc │ │ │ ├── a_gentm.cc │ │ │ ├── a_i2d_fp.cc │ │ │ ├── a_int.cc │ │ │ ├── a_mbstr.cc │ │ │ ├── a_object.cc │ │ │ ├── a_octet.cc │ │ │ ├── a_strex.cc │ │ │ ├── a_strnid.cc │ │ │ ├── a_time.cc │ │ │ ├── a_type.cc │ │ │ ├── a_utctm.cc │ │ │ ├── asn1_lib.cc │ │ │ ├── asn1_par.cc │ │ │ ├── asn_pack.cc │ │ │ ├── f_int.cc │ │ │ ├── f_string.cc │ │ │ ├── internal.h │ │ │ ├── posix_time.cc │ │ │ ├── tasn_dec.cc │ │ │ ├── tasn_enc.cc │ │ │ ├── tasn_fre.cc │ │ │ ├── tasn_new.cc │ │ │ ├── tasn_typ.cc │ │ │ └── tasn_utl.cc │ │ ├── base64 │ │ │ └── base64.cc │ │ ├── bcm_support.h │ │ ├── bio │ │ │ ├── bio.cc │ │ │ ├── bio_mem.cc │ │ │ ├── connect.cc │ │ │ ├── errno.cc │ │ │ ├── fd.cc │ │ │ ├── file.cc │ │ │ ├── hexdump.cc │ │ │ ├── internal.h │ │ │ ├── pair.cc │ │ │ ├── printf.cc │ │ │ ├── socket.cc │ │ │ └── socket_helper.cc │ │ ├── blake2 │ │ │ └── blake2.cc │ │ ├── bn │ │ │ ├── bn_asn1.cc │ │ │ └── convert.cc │ │ ├── buf │ │ │ └── buf.cc │ │ ├── bytestring │ │ │ ├── asn1_compat.cc │ │ │ ├── ber.cc │ │ │ ├── cbb.cc │ │ │ ├── cbs.cc │ │ │ ├── internal.h │ │ │ └── unicode.cc │ │ ├── chacha │ │ │ ├── chacha.cc │ │ │ └── internal.h │ │ ├── cipher │ │ │ ├── derive_key.cc │ │ │ ├── e_aesctrhmac.cc │ │ │ ├── e_aesgcmsiv.cc │ │ │ ├── e_chacha20poly1305.cc │ │ │ ├── e_des.cc │ │ │ ├── e_null.cc │ │ │ ├── e_rc2.cc │ │ │ ├── e_rc4.cc │ │ │ ├── e_tls.cc │ │ │ ├── get_cipher.cc │ │ │ ├── internal.h │ │ │ └── tls_cbc.cc │ │ ├── conf │ │ │ ├── conf.cc │ │ │ └── internal.h │ │ ├── cpu_aarch64_apple.cc │ │ ├── cpu_aarch64_fuchsia.cc │ │ ├── cpu_aarch64_linux.cc │ │ ├── cpu_aarch64_openbsd.cc │ │ ├── cpu_aarch64_sysreg.cc │ │ ├── cpu_aarch64_win.cc │ │ ├── cpu_arm_freebsd.cc │ │ ├── cpu_arm_linux.cc │ │ ├── cpu_arm_linux.h │ │ ├── cpu_intel.cc │ │ ├── crypto.cc │ │ ├── curve25519 │ │ │ ├── asm │ │ │ │ └── x25519-asm-arm.S │ │ │ ├── curve25519.cc │ │ │ ├── curve25519_64_adx.cc │ │ │ ├── curve25519_tables.h │ │ │ ├── internal.h │ │ │ └── spake25519.cc │ │ ├── des │ │ │ ├── des.cc │ │ │ └── internal.h │ │ ├── dh │ │ │ ├── dh_asn1.cc │ │ │ └── params.cc │ │ ├── digest │ │ │ └── digest_extra.cc │ │ ├── dsa │ │ │ ├── dsa.cc │ │ │ ├── dsa_asn1.cc │ │ │ └── internal.h │ │ ├── ec │ │ │ ├── ec_asn1.cc │ │ │ ├── ec_derive.cc │ │ │ ├── hash_to_curve.cc │ │ │ └── internal.h │ │ ├── ecdh │ │ │ └── ecdh.cc │ │ ├── ecdsa │ │ │ └── ecdsa_asn1.cc │ │ ├── engine │ │ │ └── engine.cc │ │ ├── err │ │ │ ├── err.cc │ │ │ └── internal.h │ │ ├── evp │ │ │ ├── evp.cc │ │ │ ├── evp_asn1.cc │ │ │ ├── evp_ctx.cc │ │ │ ├── internal.h │ │ │ ├── p_dh.cc │ │ │ ├── p_dh_asn1.cc │ │ │ ├── p_dsa_asn1.cc │ │ │ ├── p_ec.cc │ │ │ ├── p_ec_asn1.cc │ │ │ ├── p_ed25519.cc │ │ │ ├── p_ed25519_asn1.cc │ │ │ ├── p_hkdf.cc │ │ │ ├── p_rsa.cc │ │ │ ├── p_rsa_asn1.cc │ │ │ ├── p_x25519.cc │ │ │ ├── p_x25519_asn1.cc │ │ │ ├── pbkdf.cc │ │ │ ├── print.cc │ │ │ ├── scrypt.cc │ │ │ └── sign.cc │ │ ├── ex_data.cc │ │ ├── fipsmodule │ │ │ ├── aes │ │ │ │ ├── aes.cc.inc │ │ │ │ ├── aes_nohw.cc.inc │ │ │ │ ├── cbc.cc.inc │ │ │ │ ├── cfb.cc.inc │ │ │ │ ├── ctr.cc.inc │ │ │ │ ├── gcm.cc.inc │ │ │ │ ├── gcm_nohw.cc.inc │ │ │ │ ├── internal.h │ │ │ │ ├── key_wrap.cc.inc │ │ │ │ ├── mode_wrappers.cc.inc │ │ │ │ ├── ofb.cc.inc │ │ │ │ └── polyval.cc.inc │ │ │ ├── bcm.cc │ │ │ ├── bcm_interface.h │ │ │ ├── bn │ │ │ │ ├── add.cc.inc │ │ │ │ ├── asm │ │ │ │ │ └── x86_64-gcc.cc.inc │ │ │ │ ├── bn.cc.inc │ │ │ │ ├── bytes.cc.inc │ │ │ │ ├── cmp.cc.inc │ │ │ │ ├── ctx.cc.inc │ │ │ │ ├── div.cc.inc │ │ │ │ ├── div_extra.cc.inc │ │ │ │ ├── exponentiation.cc.inc │ │ │ │ ├── gcd.cc.inc │ │ │ │ ├── gcd_extra.cc.inc │ │ │ │ ├── generic.cc.inc │ │ │ │ ├── internal.h │ │ │ │ ├── jacobi.cc.inc │ │ │ │ ├── montgomery.cc.inc │ │ │ │ ├── montgomery_inv.cc.inc │ │ │ │ ├── mul.cc.inc │ │ │ │ ├── prime.cc.inc │ │ │ │ ├── random.cc.inc │ │ │ │ ├── rsaz_exp.cc.inc │ │ │ │ ├── rsaz_exp.h │ │ │ │ ├── shift.cc.inc │ │ │ │ └── sqrt.cc.inc │ │ │ ├── cipher │ │ │ │ ├── aead.cc.inc │ │ │ │ ├── cipher.cc.inc │ │ │ │ ├── e_aes.cc.inc │ │ │ │ ├── e_aesccm.cc.inc │ │ │ │ └── internal.h │ │ │ ├── cmac │ │ │ │ └── cmac.cc.inc │ │ │ ├── delocate.h │ │ │ ├── dh │ │ │ │ ├── check.cc.inc │ │ │ │ ├── dh.cc.inc │ │ │ │ └── internal.h │ │ │ ├── digest │ │ │ │ ├── digest.cc.inc │ │ │ │ ├── digests.cc.inc │ │ │ │ ├── internal.h │ │ │ │ └── md32_common.h │ │ │ ├── digestsign │ │ │ │ └── digestsign.cc.inc │ │ │ ├── ec │ │ │ │ ├── builtin_curves.h │ │ │ │ ├── ec.cc.inc │ │ │ │ ├── ec_key.cc.inc │ │ │ │ ├── ec_montgomery.cc.inc │ │ │ │ ├── felem.cc.inc │ │ │ │ ├── internal.h │ │ │ │ ├── oct.cc.inc │ │ │ │ ├── p224-64.cc.inc │ │ │ │ ├── p256-nistz-table.h │ │ │ │ ├── p256-nistz.cc.inc │ │ │ │ ├── p256-nistz.h │ │ │ │ ├── p256.cc.inc │ │ │ │ ├── p256_table.h │ │ │ │ ├── scalar.cc.inc │ │ │ │ ├── simple.cc.inc │ │ │ │ ├── simple_mul.cc.inc │ │ │ │ ├── util.cc.inc │ │ │ │ └── wnaf.cc.inc │ │ │ ├── ecdh │ │ │ │ └── ecdh.cc.inc │ │ │ ├── ecdsa │ │ │ │ ├── ecdsa.cc.inc │ │ │ │ └── internal.h │ │ │ ├── fips_shared_support.cc │ │ │ ├── hkdf │ │ │ │ └── hkdf.cc.inc │ │ │ ├── hmac │ │ │ │ └── hmac.cc.inc │ │ │ ├── keccak │ │ │ │ ├── internal.h │ │ │ │ └── keccak.cc.inc │ │ │ ├── mldsa │ │ │ │ └── mldsa.cc.inc │ │ │ ├── mlkem │ │ │ │ └── mlkem.cc.inc │ │ │ ├── rand │ │ │ │ ├── ctrdrbg.cc.inc │ │ │ │ ├── internal.h │ │ │ │ └── rand.cc.inc │ │ │ ├── rsa │ │ │ │ ├── blinding.cc.inc │ │ │ │ ├── internal.h │ │ │ │ ├── padding.cc.inc │ │ │ │ ├── rsa.cc.inc │ │ │ │ └── rsa_impl.cc.inc │ │ │ ├── self_check │ │ │ │ ├── fips.cc.inc │ │ │ │ └── self_check.cc.inc │ │ │ ├── service_indicator │ │ │ │ ├── internal.h │ │ │ │ └── service_indicator.cc.inc │ │ │ ├── sha │ │ │ │ ├── internal.h │ │ │ │ ├── sha1.cc.inc │ │ │ │ ├── sha256.cc.inc │ │ │ │ └── sha512.cc.inc │ │ │ ├── slhdsa │ │ │ │ ├── address.h │ │ │ │ ├── fors.cc.inc │ │ │ │ ├── fors.h │ │ │ │ ├── merkle.cc.inc │ │ │ │ ├── merkle.h │ │ │ │ ├── params.h │ │ │ │ ├── slhdsa.cc.inc │ │ │ │ ├── thash.cc.inc │ │ │ │ ├── thash.h │ │ │ │ ├── wots.cc.inc │ │ │ │ └── wots.h │ │ │ └── tls │ │ │ │ ├── internal.h │ │ │ │ └── kdf.cc.inc │ │ ├── hpke │ │ │ └── hpke.cc │ │ ├── hrss │ │ │ ├── asm │ │ │ │ └── poly_rq_mul.S │ │ │ ├── hrss.cc │ │ │ └── internal.h │ │ ├── internal.h │ │ ├── kyber │ │ │ ├── internal.h │ │ │ └── kyber.cc │ │ ├── lhash │ │ │ ├── internal.h │ │ │ └── lhash.cc │ │ ├── md4 │ │ │ └── md4.cc │ │ ├── md5 │ │ │ ├── internal.h │ │ │ └── md5.cc │ │ ├── mem.cc │ │ ├── mldsa │ │ │ └── mldsa.cc │ │ ├── mlkem │ │ │ └── mlkem.cc │ │ ├── obj │ │ │ ├── obj.cc │ │ │ ├── obj_dat.h │ │ │ └── obj_xref.cc │ │ ├── pem │ │ │ ├── internal.h │ │ │ ├── pem_all.cc │ │ │ ├── pem_info.cc │ │ │ ├── pem_lib.cc │ │ │ ├── pem_oth.cc │ │ │ ├── pem_pk8.cc │ │ │ ├── pem_pkey.cc │ │ │ ├── pem_x509.cc │ │ │ └── pem_xaux.cc │ │ ├── pkcs7 │ │ │ ├── internal.h │ │ │ ├── pkcs7.cc │ │ │ └── pkcs7_x509.cc │ │ ├── pkcs8 │ │ │ ├── internal.h │ │ │ ├── p5_pbev2.cc │ │ │ ├── pkcs8.cc │ │ │ └── pkcs8_x509.cc │ │ ├── poly1305 │ │ │ ├── internal.h │ │ │ ├── poly1305.cc │ │ │ ├── poly1305_arm.cc │ │ │ ├── poly1305_arm_asm.S │ │ │ └── poly1305_vec.cc │ │ ├── pool │ │ │ ├── internal.h │ │ │ └── pool.cc │ │ ├── rand │ │ │ ├── deterministic.cc │ │ │ ├── fork_detect.cc │ │ │ ├── forkunsafe.cc │ │ │ ├── getentropy.cc │ │ │ ├── getrandom_fillin.h │ │ │ ├── ios.cc │ │ │ ├── passive.cc │ │ │ ├── rand.cc │ │ │ ├── sysrand_internal.h │ │ │ ├── trusty.cc │ │ │ ├── urandom.cc │ │ │ └── windows.cc │ │ ├── rc4 │ │ │ └── rc4.cc │ │ ├── refcount.cc │ │ ├── rsa │ │ │ ├── internal.h │ │ │ ├── rsa_asn1.cc │ │ │ ├── rsa_crypt.cc │ │ │ ├── rsa_extra.cc │ │ │ └── rsa_print.cc │ │ ├── sha │ │ │ ├── sha1.cc │ │ │ ├── sha256.cc │ │ │ └── sha512.cc │ │ ├── siphash │ │ │ └── siphash.cc │ │ ├── slhdsa │ │ │ └── slhdsa.cc │ │ ├── spake2plus │ │ │ ├── internal.h │ │ │ └── spake2plus.cc │ │ ├── stack │ │ │ └── stack.cc │ │ ├── thread.cc │ │ ├── thread_none.cc │ │ ├── thread_pthread.cc │ │ ├── thread_win.cc │ │ ├── trust_token │ │ │ ├── internal.h │ │ │ ├── pmbtoken.cc │ │ │ ├── trust_token.cc │ │ │ └── voprf.cc │ │ └── x509 │ │ │ ├── a_digest.cc │ │ │ ├── a_sign.cc │ │ │ ├── a_verify.cc │ │ │ ├── algorithm.cc │ │ │ ├── asn1_gen.cc │ │ │ ├── by_dir.cc │ │ │ ├── by_file.cc │ │ │ ├── ext_dat.h │ │ │ ├── i2d_pr.cc │ │ │ ├── internal.h │ │ │ ├── name_print.cc │ │ │ ├── policy.cc │ │ │ ├── rsa_pss.cc │ │ │ ├── t_crl.cc │ │ │ ├── t_req.cc │ │ │ ├── t_x509.cc │ │ │ ├── t_x509a.cc │ │ │ ├── v3_akey.cc │ │ │ ├── v3_akeya.cc │ │ │ ├── v3_alt.cc │ │ │ ├── v3_bcons.cc │ │ │ ├── v3_bitst.cc │ │ │ ├── v3_conf.cc │ │ │ ├── v3_cpols.cc │ │ │ ├── v3_crld.cc │ │ │ ├── v3_enum.cc │ │ │ ├── v3_extku.cc │ │ │ ├── v3_genn.cc │ │ │ ├── v3_ia5.cc │ │ │ ├── v3_info.cc │ │ │ ├── v3_int.cc │ │ │ ├── v3_lib.cc │ │ │ ├── v3_ncons.cc │ │ │ ├── v3_ocsp.cc │ │ │ ├── v3_pcons.cc │ │ │ ├── v3_pmaps.cc │ │ │ ├── v3_prn.cc │ │ │ ├── v3_purp.cc │ │ │ ├── v3_skey.cc │ │ │ ├── v3_utl.cc │ │ │ ├── x509.cc │ │ │ ├── x509_att.cc │ │ │ ├── x509_cmp.cc │ │ │ ├── x509_d2.cc │ │ │ ├── x509_def.cc │ │ │ ├── x509_ext.cc │ │ │ ├── x509_lu.cc │ │ │ ├── x509_obj.cc │ │ │ ├── x509_req.cc │ │ │ ├── x509_set.cc │ │ │ ├── x509_trs.cc │ │ │ ├── x509_txt.cc │ │ │ ├── x509_v3.cc │ │ │ ├── x509_vfy.cc │ │ │ ├── x509_vpm.cc │ │ │ ├── x509cset.cc │ │ │ ├── x509name.cc │ │ │ ├── x509rset.cc │ │ │ ├── x509spki.cc │ │ │ ├── x_algor.cc │ │ │ ├── x_all.cc │ │ │ ├── x_attrib.cc │ │ │ ├── x_crl.cc │ │ │ ├── x_exten.cc │ │ │ ├── x_name.cc │ │ │ ├── x_pubkey.cc │ │ │ ├── x_req.cc │ │ │ ├── x_sig.cc │ │ │ ├── x_spki.cc │ │ │ ├── x_val.cc │ │ │ ├── x_x509.cc │ │ │ └── x_x509a.cc │ ├── gen │ │ ├── bcm │ │ │ ├── aes-gcm-avx10-x86_64-apple.S │ │ │ ├── aes-gcm-avx10-x86_64-linux.S │ │ │ ├── aes-gcm-avx2-x86_64-apple.S │ │ │ ├── aes-gcm-avx2-x86_64-linux.S │ │ │ ├── aesni-gcm-x86_64-apple.S │ │ │ ├── aesni-gcm-x86_64-linux.S │ │ │ ├── aesni-x86-apple.S │ │ │ ├── aesni-x86-linux.S │ │ │ ├── aesni-x86_64-apple.S │ │ │ ├── aesni-x86_64-linux.S │ │ │ ├── aesv8-armv7-linux.S │ │ │ ├── aesv8-armv8-apple.S │ │ │ ├── aesv8-armv8-linux.S │ │ │ ├── aesv8-armv8-win.S │ │ │ ├── aesv8-gcm-armv8-apple.S │ │ │ ├── aesv8-gcm-armv8-linux.S │ │ │ ├── aesv8-gcm-armv8-win.S │ │ │ ├── armv4-mont-linux.S │ │ │ ├── armv8-mont-apple.S │ │ │ ├── armv8-mont-linux.S │ │ │ ├── armv8-mont-win.S │ │ │ ├── bn-586-apple.S │ │ │ ├── bn-586-linux.S │ │ │ ├── bn-armv8-apple.S │ │ │ ├── bn-armv8-linux.S │ │ │ ├── bn-armv8-win.S │ │ │ ├── bsaes-armv7-linux.S │ │ │ ├── co-586-apple.S │ │ │ ├── co-586-linux.S │ │ │ ├── ghash-armv4-linux.S │ │ │ ├── ghash-neon-armv8-apple.S │ │ │ ├── ghash-neon-armv8-linux.S │ │ │ ├── ghash-neon-armv8-win.S │ │ │ ├── ghash-ssse3-x86-apple.S │ │ │ ├── ghash-ssse3-x86-linux.S │ │ │ ├── ghash-ssse3-x86_64-apple.S │ │ │ ├── ghash-ssse3-x86_64-linux.S │ │ │ ├── ghash-x86-apple.S │ │ │ ├── ghash-x86-linux.S │ │ │ ├── ghash-x86_64-apple.S │ │ │ ├── ghash-x86_64-linux.S │ │ │ ├── ghashv8-armv7-linux.S │ │ │ ├── ghashv8-armv8-apple.S │ │ │ ├── ghashv8-armv8-linux.S │ │ │ ├── ghashv8-armv8-win.S │ │ │ ├── p256-armv8-asm-apple.S │ │ │ ├── p256-armv8-asm-linux.S │ │ │ ├── p256-armv8-asm-win.S │ │ │ ├── p256-x86_64-asm-apple.S │ │ │ ├── p256-x86_64-asm-linux.S │ │ │ ├── p256_beeu-armv8-asm-apple.S │ │ │ ├── p256_beeu-armv8-asm-linux.S │ │ │ ├── p256_beeu-armv8-asm-win.S │ │ │ ├── p256_beeu-x86_64-asm-apple.S │ │ │ ├── p256_beeu-x86_64-asm-linux.S │ │ │ ├── rdrand-x86_64-apple.S │ │ │ ├── rdrand-x86_64-linux.S │ │ │ ├── rsaz-avx2-apple.S │ │ │ ├── rsaz-avx2-linux.S │ │ │ ├── sha1-586-apple.S │ │ │ ├── sha1-586-linux.S │ │ │ ├── sha1-armv4-large-linux.S │ │ │ ├── sha1-armv8-apple.S │ │ │ ├── sha1-armv8-linux.S │ │ │ ├── sha1-armv8-win.S │ │ │ ├── sha1-x86_64-apple.S │ │ │ ├── sha1-x86_64-linux.S │ │ │ ├── sha256-586-apple.S │ │ │ ├── sha256-586-linux.S │ │ │ ├── sha256-armv4-linux.S │ │ │ ├── sha256-armv8-apple.S │ │ │ ├── sha256-armv8-linux.S │ │ │ ├── sha256-armv8-win.S │ │ │ ├── sha256-x86_64-apple.S │ │ │ ├── sha256-x86_64-linux.S │ │ │ ├── sha512-586-apple.S │ │ │ ├── sha512-586-linux.S │ │ │ ├── sha512-armv4-linux.S │ │ │ ├── sha512-armv8-apple.S │ │ │ ├── sha512-armv8-linux.S │ │ │ ├── sha512-armv8-win.S │ │ │ ├── sha512-x86_64-apple.S │ │ │ ├── sha512-x86_64-linux.S │ │ │ ├── vpaes-armv7-linux.S │ │ │ ├── vpaes-armv8-apple.S │ │ │ ├── vpaes-armv8-linux.S │ │ │ ├── vpaes-armv8-win.S │ │ │ ├── vpaes-x86-apple.S │ │ │ ├── vpaes-x86-linux.S │ │ │ ├── vpaes-x86_64-apple.S │ │ │ ├── vpaes-x86_64-linux.S │ │ │ ├── x86-mont-apple.S │ │ │ ├── x86-mont-linux.S │ │ │ ├── x86_64-mont-apple.S │ │ │ ├── x86_64-mont-linux.S │ │ │ ├── x86_64-mont5-apple.S │ │ │ └── x86_64-mont5-linux.S │ │ └── crypto │ │ │ ├── aes128gcmsiv-x86_64-apple.S │ │ │ ├── aes128gcmsiv-x86_64-linux.S │ │ │ ├── chacha-armv4-linux.S │ │ │ ├── chacha-armv8-apple.S │ │ │ ├── chacha-armv8-linux.S │ │ │ ├── chacha-armv8-win.S │ │ │ ├── chacha-x86-apple.S │ │ │ ├── chacha-x86-linux.S │ │ │ ├── chacha-x86_64-apple.S │ │ │ ├── chacha-x86_64-linux.S │ │ │ ├── chacha20_poly1305_armv8-apple.S │ │ │ ├── chacha20_poly1305_armv8-linux.S │ │ │ ├── chacha20_poly1305_armv8-win.S │ │ │ ├── chacha20_poly1305_x86_64-apple.S │ │ │ ├── chacha20_poly1305_x86_64-linux.S │ │ │ ├── err_data.cc │ │ │ ├── md5-586-apple.S │ │ │ ├── md5-586-linux.S │ │ │ ├── md5-x86_64-apple.S │ │ │ └── md5-x86_64-linux.S │ ├── hash.txt │ ├── include │ │ ├── CNIOBoringSSL.h │ │ ├── CNIOBoringSSL_aead.h │ │ ├── CNIOBoringSSL_aes.h │ │ ├── CNIOBoringSSL_arm_arch.h │ │ ├── CNIOBoringSSL_asm_base.h │ │ ├── CNIOBoringSSL_asn1.h │ │ ├── CNIOBoringSSL_asn1_mac.h │ │ ├── CNIOBoringSSL_asn1t.h │ │ ├── CNIOBoringSSL_base.h │ │ ├── CNIOBoringSSL_base64.h │ │ ├── CNIOBoringSSL_bcm_public.h │ │ ├── CNIOBoringSSL_bio.h │ │ ├── CNIOBoringSSL_blake2.h │ │ ├── CNIOBoringSSL_blowfish.h │ │ ├── CNIOBoringSSL_bn.h │ │ ├── CNIOBoringSSL_boringssl_prefix_symbols.h │ │ ├── CNIOBoringSSL_boringssl_prefix_symbols_asm.h │ │ ├── CNIOBoringSSL_buf.h │ │ ├── CNIOBoringSSL_buffer.h │ │ ├── CNIOBoringSSL_bytestring.h │ │ ├── CNIOBoringSSL_cast.h │ │ ├── CNIOBoringSSL_chacha.h │ │ ├── CNIOBoringSSL_cipher.h │ │ ├── CNIOBoringSSL_cmac.h │ │ ├── CNIOBoringSSL_conf.h │ │ ├── CNIOBoringSSL_cpu.h │ │ ├── CNIOBoringSSL_crypto.h │ │ ├── CNIOBoringSSL_ctrdrbg.h │ │ ├── CNIOBoringSSL_curve25519.h │ │ ├── CNIOBoringSSL_des.h │ │ ├── CNIOBoringSSL_dh.h │ │ ├── CNIOBoringSSL_digest.h │ │ ├── CNIOBoringSSL_dsa.h │ │ ├── CNIOBoringSSL_dtls1.h │ │ ├── CNIOBoringSSL_e_os2.h │ │ ├── CNIOBoringSSL_ec.h │ │ ├── CNIOBoringSSL_ec_key.h │ │ ├── CNIOBoringSSL_ecdh.h │ │ ├── CNIOBoringSSL_ecdsa.h │ │ ├── CNIOBoringSSL_engine.h │ │ ├── CNIOBoringSSL_err.h │ │ ├── CNIOBoringSSL_evp.h │ │ ├── CNIOBoringSSL_evp_errors.h │ │ ├── CNIOBoringSSL_ex_data.h │ │ ├── CNIOBoringSSL_hkdf.h │ │ ├── CNIOBoringSSL_hmac.h │ │ ├── CNIOBoringSSL_hpke.h │ │ ├── CNIOBoringSSL_hrss.h │ │ ├── CNIOBoringSSL_is_boringssl.h │ │ ├── CNIOBoringSSL_kdf.h │ │ ├── CNIOBoringSSL_lhash.h │ │ ├── CNIOBoringSSL_md4.h │ │ ├── CNIOBoringSSL_md5.h │ │ ├── CNIOBoringSSL_mem.h │ │ ├── CNIOBoringSSL_mldsa.h │ │ ├── CNIOBoringSSL_mlkem.h │ │ ├── CNIOBoringSSL_nid.h │ │ ├── CNIOBoringSSL_obj.h │ │ ├── CNIOBoringSSL_obj_mac.h │ │ ├── CNIOBoringSSL_objects.h │ │ ├── CNIOBoringSSL_opensslconf.h │ │ ├── CNIOBoringSSL_opensslv.h │ │ ├── CNIOBoringSSL_ossl_typ.h │ │ ├── CNIOBoringSSL_pem.h │ │ ├── CNIOBoringSSL_pkcs12.h │ │ ├── CNIOBoringSSL_pkcs7.h │ │ ├── CNIOBoringSSL_pkcs8.h │ │ ├── CNIOBoringSSL_poly1305.h │ │ ├── CNIOBoringSSL_pool.h │ │ ├── CNIOBoringSSL_posix_time.h │ │ ├── CNIOBoringSSL_rand.h │ │ ├── CNIOBoringSSL_rc4.h │ │ ├── CNIOBoringSSL_ripemd.h │ │ ├── CNIOBoringSSL_rsa.h │ │ ├── CNIOBoringSSL_safestack.h │ │ ├── CNIOBoringSSL_service_indicator.h │ │ ├── CNIOBoringSSL_sha.h │ │ ├── CNIOBoringSSL_siphash.h │ │ ├── CNIOBoringSSL_slhdsa.h │ │ ├── CNIOBoringSSL_span.h │ │ ├── CNIOBoringSSL_srtp.h │ │ ├── CNIOBoringSSL_ssl.h │ │ ├── CNIOBoringSSL_ssl3.h │ │ ├── CNIOBoringSSL_stack.h │ │ ├── CNIOBoringSSL_target.h │ │ ├── CNIOBoringSSL_thread.h │ │ ├── CNIOBoringSSL_time.h │ │ ├── CNIOBoringSSL_tls1.h │ │ ├── CNIOBoringSSL_trust_token.h │ │ ├── CNIOBoringSSL_type_check.h │ │ ├── CNIOBoringSSL_x509.h │ │ ├── CNIOBoringSSL_x509_vfy.h │ │ ├── CNIOBoringSSL_x509v3.h │ │ ├── CNIOBoringSSL_x509v3_errors.h │ │ ├── boringssl_prefix_symbols_nasm.inc │ │ ├── experimental │ │ │ └── CNIOBoringSSL_kyber.h │ │ └── module.modulemap │ ├── ssl │ │ ├── bio_ssl.cc │ │ ├── d1_both.cc │ │ ├── d1_lib.cc │ │ ├── d1_pkt.cc │ │ ├── d1_srtp.cc │ │ ├── dtls_method.cc │ │ ├── dtls_record.cc │ │ ├── encrypted_client_hello.cc │ │ ├── extensions.cc │ │ ├── handoff.cc │ │ ├── handshake.cc │ │ ├── handshake_client.cc │ │ ├── handshake_server.cc │ │ ├── internal.h │ │ ├── s3_both.cc │ │ ├── s3_lib.cc │ │ ├── s3_pkt.cc │ │ ├── ssl_aead_ctx.cc │ │ ├── ssl_asn1.cc │ │ ├── ssl_buffer.cc │ │ ├── ssl_cert.cc │ │ ├── ssl_cipher.cc │ │ ├── ssl_credential.cc │ │ ├── ssl_file.cc │ │ ├── ssl_key_share.cc │ │ ├── ssl_lib.cc │ │ ├── ssl_privkey.cc │ │ ├── ssl_session.cc │ │ ├── ssl_stat.cc │ │ ├── ssl_transcript.cc │ │ ├── ssl_versions.cc │ │ ├── ssl_x509.cc │ │ ├── t1_enc.cc │ │ ├── tls13_both.cc │ │ ├── tls13_client.cc │ │ ├── tls13_enc.cc │ │ ├── tls13_server.cc │ │ ├── tls_method.cc │ │ └── tls_record.cc │ └── third_party │ │ └── fiat │ │ ├── asm │ │ ├── fiat_curve25519_adx_mul.S │ │ ├── fiat_curve25519_adx_square.S │ │ ├── fiat_p256_adx_mul.S │ │ └── fiat_p256_adx_sqr.S │ │ ├── curve25519_32.h │ │ ├── curve25519_64.h │ │ ├── curve25519_64_adx.h │ │ ├── curve25519_64_msvc.h │ │ ├── p256_32.h │ │ ├── p256_64.h │ │ └── p256_64_msvc.h ├── CNIOBoringSSLShims │ ├── include │ │ └── CNIOBoringSSLShims.h │ └── shims.c ├── NIOSSL │ ├── AndroidCABundle.swift │ ├── ByteBufferBIO.swift │ ├── CustomPrivateKey.swift │ ├── Docs.docc │ │ ├── TLSConfiguration.md │ │ ├── index.md │ │ └── quantum-secure-tls.md │ ├── IdentityVerification.swift │ ├── LinuxCABundle.swift │ ├── NIOSSLClientHandler.swift │ ├── NIOSSLHandler+Configuration.swift │ ├── NIOSSLHandler.swift │ ├── NIOSSLServerHandler.swift │ ├── ObjectIdentifier.swift │ ├── PosixPort.swift │ ├── PrivacyInfo.xcprivacy │ ├── SSLCallbacks.swift │ ├── SSLCertificate.swift │ ├── SSLCertificateExtensions.swift │ ├── SSLCertificateName.swift │ ├── SSLConnection.swift │ ├── SSLContext.swift │ ├── SSLErrors.swift │ ├── SSLInit.swift │ ├── SSLPKCS12Bundle.swift │ ├── SSLPrivateKey.swift │ ├── SSLPublicKey.swift │ ├── SecurityFrameworkCertificateVerification.swift │ ├── String+unsafeUninitializedCapacity.swift │ ├── SubjectAlternativeName.swift │ ├── SwiftCrypto │ │ ├── NIOSSLSecureBytes.swift │ │ ├── RNG.swift │ │ ├── SafeCompare.swift │ │ └── Zeroization.swift │ ├── TLSConfiguration.swift │ ├── UniversalBootstrapSupport.swift │ └── UnsafeKeyAndChainTarget.swift ├── NIOSSLHTTP1Client │ ├── README.md │ └── main.swift ├── NIOSSLPerformanceTester │ ├── BenchManyWrites.swift │ ├── BenchRepeatedHandshakes.swift │ ├── Benchmark.swift │ ├── main.swift │ └── shared.swift └── NIOTLSServer │ ├── README.md │ └── main.swift ├── Tests └── NIOSSLTests │ ├── ByteBufferBIOTest.swift │ ├── CertificateVerificationTests.swift │ ├── ClientSNITests.swift │ ├── CustomPrivateKeyTests.swift │ ├── IdentityVerificationTest.swift │ ├── NIOSSLALPNTest.swift │ ├── NIOSSLIntegrationTest.swift │ ├── NIOSSLSecureBytesTests.swift │ ├── NIOSSLTestHelpers.swift │ ├── ObjectIdentifierTests.swift │ ├── SSLCertificateExtensionsTests.swift │ ├── SSLCertificateTest.swift │ ├── SSLContextTests.swift │ ├── SSLPKCS12BundleTest.swift │ ├── SSLPrivateKeyTests.swift │ ├── SecurityFrameworkVerificationTests.swift │ ├── TLS13RecordObserver.swift │ ├── TLSConfigurationTest.swift │ ├── UnsafeTransfer.swift │ └── UnwrappingTests.swift ├── dev └── git.commit.template ├── docker ├── Dockerfile ├── docker-compose.2204.510.yaml ├── docker-compose.2204.58.yaml ├── docker-compose.2204.59.yaml ├── docker-compose.2204.main.yaml └── docker-compose.yaml └── scripts ├── analyze_performance_results.rb ├── build-asm.py ├── integration_tests.sh ├── patch-1-inttypes.patch ├── patch-2-inttypes.patch ├── patch-3-more-inttypes.patch └── vendor-boringssl.sh /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [*] 4 | indent_style = space 5 | indent_size = 4 6 | end_of_line = lf 7 | insert_final_newline = true 8 | trim_trailing_whitespace = true -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | Sources/CNIOBoringSSL/* linguist-vendored 2 | -------------------------------------------------------------------------------- /.github/release.yml: -------------------------------------------------------------------------------- 1 | changelog: 2 | categories: 3 | - title: SemVer Major 4 | labels: 5 | - ⚠️ semver/major 6 | - title: SemVer Minor 7 | labels: 8 | - 🆕 semver/minor 9 | - title: SemVer Patch 10 | labels: 11 | - 🔨 semver/patch 12 | - title: Other Changes 13 | labels: 14 | - semver/none 15 | -------------------------------------------------------------------------------- /.github/workflows/pull_request_label.yml: -------------------------------------------------------------------------------- 1 | name: PR label 2 | 3 | on: 4 | pull_request: 5 | types: [labeled, unlabeled, opened, reopened, synchronize] 6 | 7 | jobs: 8 | semver-label-check: 9 | name: Semantic version label check 10 | runs-on: ubuntu-latest 11 | timeout-minutes: 1 12 | steps: 13 | - name: Checkout repository 14 | uses: actions/checkout@v4 15 | with: 16 | persist-credentials: false 17 | - name: Check for Semantic Version label 18 | uses: apple/swift-nio/.github/actions/pull_request_semver_label_checker@main 19 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | /.build 3 | /Packages 4 | /*.xcodeproj 5 | Package.pins 6 | Package.resolved 7 | *.pem 8 | /docs 9 | DerivedData 10 | /.idea 11 | .swiftpm 12 | -------------------------------------------------------------------------------- /.licenseignore: -------------------------------------------------------------------------------- 1 | .gitignore 2 | **/.gitignore 3 | .licenseignore 4 | .gitattributes 5 | .git-blame-ignore-revs 6 | .mailfilter 7 | .mailmap 8 | .spi.yml 9 | .swift-format 10 | .editorconfig 11 | .github/* 12 | *.md 13 | *.txt 14 | *.yml 15 | *.yaml 16 | *.json 17 | Package.swift 18 | **/Package.swift 19 | Package@-*.swift 20 | **/Package@-*.swift 21 | Package.resolved 22 | **/Package.resolved 23 | Makefile 24 | *.modulemap 25 | **/*.modulemap 26 | **/*.docc/* 27 | *.xcprivacy 28 | **/*.xcprivacy 29 | *.symlink 30 | **/*.symlink 31 | Dockerfile 32 | **/Dockerfile 33 | Snippets/* 34 | Sources/CNIOBoringSSL/* 35 | dev/alloc-limits-from-test-output 36 | dev/boxed-existentials.d 37 | dev/git.commit.template 38 | dev/lldb-smoker 39 | dev/make-single-file-spm 40 | dev/malloc-aggregation.d 41 | dev/update-alloc-limits-to-last-completed-ci-build 42 | scripts/patch-1-inttypes.patch 43 | scripts/patch-2-inttypes.patch 44 | scripts/patch-3-more-inttypes.patch 45 | .unacceptablelanguageignore 46 | -------------------------------------------------------------------------------- /.spi.yml: -------------------------------------------------------------------------------- 1 | version: 1 2 | builder: 3 | configs: 4 | - documentation_targets: [NIOSSL] 5 | -------------------------------------------------------------------------------- /.unacceptablelanguageignore: -------------------------------------------------------------------------------- 1 | Sources/CNIOBoringSSL/* 2 | NOTICE.txt 3 | -------------------------------------------------------------------------------- /Benchmarks/Benchmarks/NIOSSLBenchmarks/Benchmarks.swift: -------------------------------------------------------------------------------- 1 | //===----------------------------------------------------------------------===// 2 | // 3 | // This source file is part of the SwiftNIO open source project 4 | // 5 | // Copyright (c) 2024 Apple Inc. and the SwiftNIO project authors 6 | // Licensed under Apache License v2.0 7 | // 8 | // See LICENSE.txt for license information 9 | // See CONTRIBUTORS.txt for the list of SwiftNIO project authors 10 | // 11 | // SPDX-License-Identifier: Apache-2.0 12 | // 13 | //===----------------------------------------------------------------------===// 14 | 15 | import Benchmark 16 | import NIOCore 17 | import NIOEmbedded 18 | import NIOSSL 19 | 20 | let benchmarks = { 21 | let defaultMetrics: [BenchmarkMetric] = [ 22 | .mallocCountTotal 23 | ] 24 | 25 | Benchmark( 26 | "SimpleHandshake", 27 | configuration: .init( 28 | metrics: defaultMetrics, 29 | scalingFactor: .kilo, 30 | maxDuration: .seconds(10_000_000), 31 | maxIterations: 10, 32 | thresholds: [.mallocCountTotal: .init(absolute: [.p90: 2000])] 33 | ) 34 | ) { benchmark in 35 | try runSimpleHandshake( 36 | handshakeCount: benchmark.scaledIterations.upperBound 37 | ) 38 | } 39 | 40 | Benchmark( 41 | "ManyWrites", 42 | configuration: .init( 43 | metrics: defaultMetrics, 44 | scalingFactor: .kilo, 45 | maxDuration: .seconds(10_000_000), 46 | maxIterations: 10, 47 | thresholds: [.mallocCountTotal: .init(absolute: [.p90: 2000])] 48 | ) 49 | ) { benchmark in 50 | try runManyWrites( 51 | writeCount: benchmark.scaledIterations.upperBound 52 | ) 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /Benchmarks/Benchmarks/NIOSSLBenchmarks/SimpleHandshake.swift: -------------------------------------------------------------------------------- 1 | //===----------------------------------------------------------------------===// 2 | // 3 | // This source file is part of the SwiftNIO open source project 4 | // 5 | // Copyright (c) 2019-2021 Apple Inc. and the SwiftNIO project authors 6 | // Licensed under Apache License v2.0 7 | // 8 | // See LICENSE.txt for license information 9 | // See CONTRIBUTORS.txt for the list of SwiftNIO project authors 10 | // 11 | // SPDX-License-Identifier: Apache-2.0 12 | // 13 | //===----------------------------------------------------------------------===// 14 | 15 | import NIOCore 16 | import NIOEmbedded 17 | import NIOSSL 18 | 19 | func runSimpleHandshake(handshakeCount: Int) throws { 20 | let serverContext = try NIOSSLContext( 21 | configuration: .makeServerConfiguration( 22 | certificateChain: [.certificate(.forTesting())], 23 | privateKey: .privateKey(.forTesting()) 24 | ) 25 | ) 26 | 27 | var clientConfig = TLSConfiguration.makeClientConfiguration() 28 | clientConfig.trustRoots = try .certificates([.forTesting()]) 29 | let clientContext = try NIOSSLContext(configuration: clientConfig) 30 | 31 | let dummyAddress = try SocketAddress(ipAddress: "1.2.3.4", port: 5678) 32 | 33 | for _ in 0.. 6 | -------------------------------------------------------------------------------- /CONTRIBUTORS.txt: -------------------------------------------------------------------------------- 1 | For the purpose of tracking copyright, this is the list of individuals and 2 | organizations who have contributed source code to SwiftNIO. 3 | 4 | For employees of an organization/company where the copyright of work done 5 | by employees of that company is held by the company itself, only the company 6 | needs to be listed here. 7 | 8 | ## COPYRIGHT HOLDERS 9 | 10 | - Apple Inc. (all contributors with '@apple.com') 11 | 12 | ### Contributors 13 | 14 | - Cory Benfield 15 | - Johannes Weiß 16 | - Norman Maurer 17 | - Tom Doron 18 | -------------------------------------------------------------------------------- /IntegrationTests/plugin_echo.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ##===----------------------------------------------------------------------===## 3 | ## 4 | ## This source file is part of the SwiftNIO open source project 5 | ## 6 | ## Copyright (c) 2017-2018 Apple Inc. and the SwiftNIO project authors 7 | ## Licensed under Apache License v2.0 8 | ## 9 | ## See LICENSE.txt for license information 10 | ## See CONTRIBUTORS.txt for the list of SwiftNIO project authors 11 | ## 12 | ## SPDX-License-Identifier: Apache-2.0 13 | ## 14 | ##===----------------------------------------------------------------------===## 15 | 16 | function plugin_echo_test_suite_begin() { 17 | echo "Running test suite '$1'" 18 | } 19 | 20 | function plugin_echo_test_suite_end() { 21 | true 22 | } 23 | 24 | # test_name 25 | function plugin_echo_test_begin() { 26 | echo -n "Running test '$1'... " 27 | } 28 | 29 | function plugin_echo_test_skip() { 30 | echo "Skipping test '$1'" 31 | } 32 | 33 | function plugin_echo_test_ok() { 34 | echo "OK (${1}s)" 35 | } 36 | 37 | function plugin_echo_test_fail() { 38 | echo "FAILURE ($1)" 39 | echo "--- OUTPUT BEGIN ---" 40 | cat "$2" 41 | echo "--- OUTPUT END ---" 42 | } 43 | 44 | function plugin_echo_test_end() { 45 | true 46 | } 47 | 48 | function plugin_echo_summary_ok() { 49 | echo "OK (ran $1 tests successfully)" 50 | } 51 | 52 | function plugin_echo_summary_fail() { 53 | echo "FAILURE (oks: $1, failures: $2)" 54 | } 55 | 56 | function plugin_echo_init() { 57 | true 58 | } 59 | -------------------------------------------------------------------------------- /IntegrationTests/run-single-test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ##===----------------------------------------------------------------------===## 3 | ## 4 | ## This source file is part of the SwiftNIO open source project 5 | ## 6 | ## Copyright (c) 2017-2018 Apple Inc. and the SwiftNIO project authors 7 | ## Licensed under Apache License v2.0 8 | ## 9 | ## See LICENSE.txt for license information 10 | ## See CONTRIBUTORS.txt for the list of SwiftNIO project authors 11 | ## 12 | ## SPDX-License-Identifier: Apache-2.0 13 | ## 14 | ##===----------------------------------------------------------------------===## 15 | 16 | ( 17 | # this sub-shell is where the actual test is run 18 | set -eu 19 | set -x 20 | set -o pipefail 21 | 22 | test="$1" 23 | # shellcheck disable=SC2034 # Used by whatever we source transpile in 24 | tmp="$2" 25 | # shellcheck disable=SC2034 # Used by whatever we source transpile in 26 | root="$3" 27 | # shellcheck disable=SC2034 # Used by whatever we source transpile in 28 | g_show_info="$4" 29 | here="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" 30 | 31 | # shellcheck source=IntegrationTests/test_functions.sh 32 | source "$here/test_functions.sh" 33 | # shellcheck source=/dev/null 34 | source "$test" 35 | wait 36 | ) 37 | exit_code=$? 38 | exit $exit_code 39 | -------------------------------------------------------------------------------- /IntegrationTests/test_functions.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ##===----------------------------------------------------------------------===## 3 | ## 4 | ## This source file is part of the SwiftNIO open source project 5 | ## 6 | ## Copyright (c) 2017-2018 Apple Inc. and the SwiftNIO project authors 7 | ## Licensed under Apache License v2.0 8 | ## 9 | ## See LICENSE.txt for license information 10 | ## See CONTRIBUTORS.txt for the list of SwiftNIO project authors 11 | ## 12 | ## SPDX-License-Identifier: Apache-2.0 13 | ## 14 | ##===----------------------------------------------------------------------===## 15 | function fail() { 16 | echo >&2 "FAILURE: $*" 17 | false 18 | } 19 | 20 | function assert_equal() { 21 | if [[ "$1" != "$2" ]]; then 22 | fail "expected '$1', got '$2' ${3-}" 23 | fi 24 | } 25 | 26 | function assert_equal_files() { 27 | if ! cmp -s "$1" "$2"; then 28 | diff -u "$1" "$2" || true 29 | echo 30 | echo "--- SNIP ($1, size=$(wc "$1"), SHA=$(shasum "$1")) ---" 31 | cat "$1" 32 | echo "--- SNAP ($1)---" 33 | echo "--- SNIP ($2, size=$(wc "$2"), SHA=$(shasum "$2")) ---" 34 | cat "$2" 35 | echo "--- SNAP ($2) ---" 36 | fail "file '$1' not equal to '$2'" 37 | fi 38 | } 39 | 40 | function assert_less_than() { 41 | if [[ ! "$1" -lt "$2" ]]; then 42 | fail "assertion '$1' < '$2' failed" 43 | fi 44 | } 45 | 46 | function assert_less_than_or_equal() { 47 | if [[ ! "$1" -le "$2" ]]; then 48 | fail "assertion '$1' <= '$2' failed" 49 | fi 50 | } 51 | 52 | function assert_greater_than() { 53 | if [[ ! "$1" -gt "$2" ]]; then 54 | fail "assertion '$1' > '$2' failed" 55 | fi 56 | } 57 | 58 | function assert_greater_than_or_equal() { 59 | if [[ ! "$1" -ge "$2" ]]; then 60 | fail "assertion '$1' >= '$2' failed" 61 | fi 62 | } 63 | 64 | g_has_previously_infoed=false 65 | 66 | function info() { 67 | # shellcheck disable=SC2154 # Defined by an include our by being source transpiled in 68 | if $g_show_info; then 69 | if ! $g_has_previously_infoed; then 70 | echo >&3 || true # echo an extra newline so it looks better 71 | g_has_previously_infoed=true 72 | fi 73 | echo >&3 "info: $*" || true 74 | fi 75 | } 76 | 77 | function warn() { 78 | echo >&4 "warning: $*" 79 | } 80 | -------------------------------------------------------------------------------- /IntegrationTests/tests_01_general/defines.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ##===----------------------------------------------------------------------===## 3 | ## 4 | ## This source file is part of the SwiftNIO open source project 5 | ## 6 | ## Copyright (c) 2017-2019 Apple Inc. and the SwiftNIO project authors 7 | ## Licensed under Apache License v2.0 8 | ## 9 | ## See LICENSE.txt for license information 10 | ## See CONTRIBUTORS.txt for the list of SwiftNIO project authors 11 | ## 12 | ## SPDX-License-Identifier: Apache-2.0 13 | ## 14 | ##===----------------------------------------------------------------------===## 15 | 16 | function client_path() { 17 | echo "$(swift build --show-bin-path)/NIOSSLHTTP1Client" 18 | } 19 | 20 | -------------------------------------------------------------------------------- /IntegrationTests/tests_01_general/test_02_execstack.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ##===----------------------------------------------------------------------===## 3 | ## 4 | ## This source file is part of the SwiftNIO open source project 5 | ## 6 | ## Copyright (c) 2019 Apple Inc. and the SwiftNIO project authors 7 | ## Licensed under Apache License v2.0 8 | ## 9 | ## See LICENSE.txt for license information 10 | ## See CONTRIBUTORS.txt for the list of SwiftNIO project authors 11 | ## 12 | ## SPDX-License-Identifier: Apache-2.0 13 | ## 14 | ##===----------------------------------------------------------------------===## 15 | 16 | # shellcheck source=IntegrationTests/tests_01_general/defines.sh 17 | source defines.sh 18 | 19 | if [[ "$(uname -s)" == "Darwin" ]]; then 20 | echo "No need to run execstack on Darwin" 21 | exit 0 22 | fi 23 | 24 | swift build -c debug 25 | swift build -c release 26 | 27 | DEBUG_SERVER_PATH="$(swift build --show-bin-path)/NIOTLSServer" 28 | RELEASE_SERVER_PATH="$(swift build --show-bin-path -c release)/NIOTLSServer" 29 | 30 | results=$(execstack "$DEBUG_SERVER_PATH" "$RELEASE_SERVER_PATH") 31 | count=$(echo "$results" | grep -c '^X' || true) 32 | if [ "$count" -ne 0 ]; then 33 | exit 1 34 | else 35 | exit 0 36 | fi 37 | -------------------------------------------------------------------------------- /NOTICE.txt: -------------------------------------------------------------------------------- 1 | 2 | The SwiftNIO Project 3 | ==================== 4 | 5 | Please visit the SwiftNIO web site for more information: 6 | 7 | * https://github.com/apple/swift-nio 8 | 9 | Copyright 2017, 2018 The SwiftNIO Project 10 | 11 | The SwiftNIO Project licenses this file to you under the Apache License, 12 | version 2.0 (the "License"); you may not use this file except in compliance 13 | with the License. You may obtain a copy of the License at: 14 | 15 | https://www.apache.org/licenses/LICENSE-2.0 16 | 17 | Unless required by applicable law or agreed to in writing, software 18 | distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 19 | WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 20 | License for the specific language governing permissions and limitations 21 | under the License. 22 | 23 | Also, please refer to each LICENSE..txt file, which is located in 24 | the 'license' directory of the distribution file, for the license terms of the 25 | components that this product depends on. 26 | 27 | ------------------------------------------------------------------------------- 28 | 29 | This product is heavily influenced by Netty. 30 | 31 | * LICENSE (Apache License 2.0): 32 | * https://github.com/netty/netty/blob/4.1/LICENSE.txt 33 | * HOMEPAGE: 34 | * https://netty.io 35 | 36 | --- 37 | 38 | This product contains a derivation of the Tony Stone's 'process_test_files.rb'. 39 | 40 | * LICENSE (Apache License 2.0): 41 | * https://www.apache.org/licenses/LICENSE-2.0 42 | * HOMEPAGE: 43 | * https://codegists.com/snippet/ruby/generate_xctest_linux_runnerrb_tonystone_ruby 44 | 45 | --- 46 | 47 | This product contains code derived from grpc-swift. 48 | 49 | * LICENSE (Apache License 2.0): 50 | * https://github.com/grpc/grpc-swift/blob/0.7.0/LICENSE 51 | * HOMEPAGE: 52 | * https://github.com/grpc/grpc-swift 53 | 54 | --- 55 | 56 | This product contains code from boringssl. 57 | 58 | * LICENSE (Combination ISC and OpenSSL license) 59 | * https://boringssl.googlesource.com/boringssl/+/refs/heads/master/LICENSE 60 | * HOMEPAGE: 61 | * https://boringssl.googlesource.com/boringssl/ 62 | 63 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security 2 | 3 | Please refer to the security guidelines set out in the 4 | [apple/swift-nio](https://github.com/apple/swift-nio) repository: 5 | 6 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/asn1/a_bool.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | #include 14 | 15 | #include "../bytestring/internal.h" 16 | 17 | 18 | int i2d_ASN1_BOOLEAN(ASN1_BOOLEAN a, unsigned char **outp) { 19 | CBB cbb; 20 | if (!CBB_init(&cbb, 3) || // 21 | !CBB_add_asn1_bool(&cbb, a != ASN1_BOOLEAN_FALSE)) { 22 | CBB_cleanup(&cbb); 23 | return -1; 24 | } 25 | return CBB_finish_i2d(&cbb, outp); 26 | } 27 | 28 | ASN1_BOOLEAN d2i_ASN1_BOOLEAN(ASN1_BOOLEAN *out, const unsigned char **inp, 29 | long len) { 30 | if (len < 0) { 31 | return ASN1_BOOLEAN_NONE; 32 | } 33 | 34 | CBS cbs; 35 | CBS_init(&cbs, *inp, (size_t)len); 36 | int val; 37 | if (!CBS_get_asn1_bool(&cbs, &val)) { 38 | OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR); 39 | return ASN1_BOOLEAN_NONE; 40 | } 41 | 42 | ASN1_BOOLEAN ret = val ? ASN1_BOOLEAN_TRUE : ASN1_BOOLEAN_FALSE; 43 | if (out != NULL) { 44 | *out = ret; 45 | } 46 | *inp = CBS_data(&cbs); 47 | return ret; 48 | } 49 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/asn1/a_d2i_fp.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | 14 | #include 15 | #include 16 | #include 17 | 18 | 19 | void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) { 20 | uint8_t *data; 21 | size_t len; 22 | // Historically, this function did not impose a limit in OpenSSL and is used 23 | // to read CRLs, so we leave this without an external bound. 24 | if (!BIO_read_asn1(in, &data, &len, INT_MAX)) { 25 | return NULL; 26 | } 27 | const uint8_t *ptr = data; 28 | void *ret = ASN1_item_d2i(reinterpret_cast(x), &ptr, len, it); 29 | OPENSSL_free(data); 30 | return ret; 31 | } 32 | 33 | void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) { 34 | BIO *b = BIO_new_fp(in, BIO_NOCLOSE); 35 | if (b == NULL) { 36 | OPENSSL_PUT_ERROR(ASN1, ERR_R_BUF_LIB); 37 | return NULL; 38 | } 39 | void *ret = ASN1_item_d2i_bio(it, b, x); 40 | BIO_free(b); 41 | return ret; 42 | } 43 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/asn1/a_dup.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | #include 14 | 15 | // ASN1_ITEM version of dup: this follows the model above except we don't 16 | // need to allocate the buffer. At some point this could be rewritten to 17 | // directly dup the underlying structure instead of doing and encode and 18 | // decode. 19 | void *ASN1_item_dup(const ASN1_ITEM *it, void *x) { 20 | unsigned char *b = NULL; 21 | const unsigned char *p; 22 | long i; 23 | void *ret; 24 | 25 | if (x == NULL) { 26 | return NULL; 27 | } 28 | 29 | i = ASN1_item_i2d(reinterpret_cast(x), &b, it); 30 | if (b == NULL) { 31 | return NULL; 32 | } 33 | p = b; 34 | ret = ASN1_item_d2i(NULL, &p, i, it); 35 | OPENSSL_free(b); 36 | return ret; 37 | } 38 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/asn1/a_i2d_fp.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | #include 14 | #include 15 | 16 | 17 | int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x) { 18 | BIO *b = BIO_new_fp(out, BIO_NOCLOSE); 19 | if (b == NULL) { 20 | OPENSSL_PUT_ERROR(ASN1, ERR_R_BUF_LIB); 21 | return 0; 22 | } 23 | int ret = ASN1_item_i2d_bio(it, b, x); 24 | BIO_free(b); 25 | return ret; 26 | } 27 | 28 | int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) { 29 | unsigned char *b = NULL; 30 | int n = ASN1_item_i2d(reinterpret_cast(x), &b, it); 31 | if (b == NULL) { 32 | return 0; 33 | } 34 | 35 | int ret = BIO_write_all(out, b, n); 36 | OPENSSL_free(b); 37 | return ret; 38 | } 39 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/asn1/a_octet.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | #include 14 | 15 | ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x) { 16 | return ASN1_STRING_dup(x); 17 | } 18 | 19 | int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, 20 | const ASN1_OCTET_STRING *b) { 21 | return ASN1_STRING_cmp(a, b); 22 | } 23 | 24 | int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, 25 | int len) { 26 | return ASN1_STRING_set(x, d, len); 27 | } 28 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/asn1/asn1_par.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | 13 | const char *ASN1_tag2str(int tag) { 14 | static const char *const tag2str[] = { 15 | "EOC", 16 | "BOOLEAN", 17 | "INTEGER", 18 | "BIT STRING", 19 | "OCTET STRING", 20 | "NULL", 21 | "OBJECT", 22 | "OBJECT DESCRIPTOR", 23 | "EXTERNAL", 24 | "REAL", 25 | "ENUMERATED", 26 | "", 27 | "UTF8STRING", 28 | "", 29 | "", 30 | "", 31 | "SEQUENCE", 32 | "SET", 33 | "NUMERICSTRING", 34 | "PRINTABLESTRING", 35 | "T61STRING", 36 | "VIDEOTEXSTRING", 37 | "IA5STRING", 38 | "UTCTIME", 39 | "GENERALIZEDTIME", 40 | "GRAPHICSTRING", 41 | "VISIBLESTRING", 42 | "GENERALSTRING", 43 | "UNIVERSALSTRING", 44 | "", 45 | "BMPSTRING", 46 | }; 47 | 48 | if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) { 49 | tag &= ~V_ASN1_NEG; 50 | } 51 | 52 | if (tag < 0 || tag > 30) { 53 | return "(unknown)"; 54 | } 55 | return tag2str[tag]; 56 | } 57 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/asn1/asn_pack.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | #include 14 | 15 | 16 | ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **out) { 17 | uint8_t *new_data = NULL; 18 | int len = ASN1_item_i2d(reinterpret_cast(obj), &new_data, it); 19 | if (len <= 0) { 20 | OPENSSL_PUT_ERROR(ASN1, ASN1_R_ENCODE_ERROR); 21 | return NULL; 22 | } 23 | 24 | ASN1_STRING *ret = NULL; 25 | if (out == NULL || *out == NULL) { 26 | ret = ASN1_STRING_new(); 27 | if (ret == NULL) { 28 | OPENSSL_free(new_data); 29 | return NULL; 30 | } 31 | } else { 32 | ret = *out; 33 | } 34 | 35 | ASN1_STRING_set0(ret, new_data, len); 36 | if (out != NULL) { 37 | *out = ret; 38 | } 39 | return ret; 40 | } 41 | 42 | void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it) { 43 | const unsigned char *p = oct->data; 44 | void *ret = ASN1_item_d2i(NULL, &p, oct->length, it); 45 | if (ret == NULL || p != oct->data + oct->length) { 46 | OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR); 47 | ASN1_item_free(reinterpret_cast(ret), it); 48 | return NULL; 49 | } 50 | return ret; 51 | } 52 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/asn1/f_int.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | 14 | int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a) { 15 | int i, n = 0; 16 | static const char *h = "0123456789ABCDEF"; 17 | char buf[2]; 18 | 19 | if (a == NULL) { 20 | return 0; 21 | } 22 | 23 | if (a->type & V_ASN1_NEG) { 24 | if (BIO_write(bp, "-", 1) != 1) { 25 | goto err; 26 | } 27 | n = 1; 28 | } 29 | 30 | if (a->length == 0) { 31 | if (BIO_write(bp, "00", 2) != 2) { 32 | goto err; 33 | } 34 | n += 2; 35 | } else { 36 | for (i = 0; i < a->length; i++) { 37 | if ((i != 0) && (i % 35 == 0)) { 38 | if (BIO_write(bp, "\\\n", 2) != 2) { 39 | goto err; 40 | } 41 | n += 2; 42 | } 43 | buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; 44 | buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; 45 | if (BIO_write(bp, buf, 2) != 2) { 46 | goto err; 47 | } 48 | n += 2; 49 | } 50 | } 51 | return n; 52 | err: 53 | return -1; 54 | } 55 | 56 | int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a) { 57 | return i2a_ASN1_INTEGER(bp, a); 58 | } 59 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/asn1/f_string.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | 14 | int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type) { 15 | int i, n = 0; 16 | static const char *h = "0123456789ABCDEF"; 17 | char buf[2]; 18 | 19 | if (a == NULL) { 20 | return 0; 21 | } 22 | 23 | if (a->length == 0) { 24 | if (BIO_write(bp, "0", 1) != 1) { 25 | goto err; 26 | } 27 | n = 1; 28 | } else { 29 | for (i = 0; i < a->length; i++) { 30 | if ((i != 0) && (i % 35 == 0)) { 31 | if (BIO_write(bp, "\\\n", 2) != 2) { 32 | goto err; 33 | } 34 | n += 2; 35 | } 36 | buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; 37 | buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; 38 | if (BIO_write(bp, buf, 2) != 2) { 39 | goto err; 40 | } 41 | n += 2; 42 | } 43 | } 44 | return n; 45 | err: 46 | return -1; 47 | } 48 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/bio/errno.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | 14 | #include "internal.h" 15 | 16 | 17 | int bio_errno_should_retry(int return_value) { 18 | if (return_value != -1) { 19 | return 0; 20 | } 21 | 22 | return 23 | #ifdef EWOULDBLOCK 24 | errno == EWOULDBLOCK || 25 | #endif 26 | #ifdef ENOTCONN 27 | errno == ENOTCONN || 28 | #endif 29 | #ifdef EINTR 30 | errno == EINTR || 31 | #endif 32 | #ifdef EAGAIN 33 | errno == EAGAIN || 34 | #endif 35 | #ifdef EPROTO 36 | errno == EPROTO || 37 | #endif 38 | #ifdef EINPROGRESS 39 | errno == EINPROGRESS || 40 | #endif 41 | #ifdef EALREADY 42 | errno == EALREADY || 43 | #endif 44 | 0; 45 | } 46 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/bio/printf.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | #include 14 | #include 15 | 16 | #include 17 | #include 18 | 19 | int BIO_printf(BIO *bio, const char *format, ...) { 20 | va_list args; 21 | char buf[256], *out, out_malloced = 0; 22 | int out_len, ret; 23 | 24 | va_start(args, format); 25 | out_len = vsnprintf(buf, sizeof(buf), format, args); 26 | va_end(args); 27 | if (out_len < 0) { 28 | return -1; 29 | } 30 | 31 | if ((size_t)out_len >= sizeof(buf)) { 32 | const size_t requested_len = (size_t)out_len; 33 | // The output was truncated. Note that vsnprintf's return value does not 34 | // include a trailing NUL, but the buffer must be sized for it. 35 | out = reinterpret_cast(OPENSSL_malloc(requested_len + 1)); 36 | out_malloced = 1; 37 | if (out == NULL) { 38 | return -1; 39 | } 40 | va_start(args, format); 41 | out_len = vsnprintf(out, requested_len + 1, format, args); 42 | va_end(args); 43 | assert(out_len == (int)requested_len); 44 | } else { 45 | out = buf; 46 | } 47 | 48 | ret = BIO_write(bio, out, out_len); 49 | if (out_malloced) { 50 | OPENSSL_free(out); 51 | } 52 | 53 | return ret; 54 | } 55 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/bn/bn_asn1.cc: -------------------------------------------------------------------------------- 1 | /* Copyright 2015 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #include 16 | 17 | #include 18 | #include 19 | 20 | 21 | int BN_parse_asn1_unsigned(CBS *cbs, BIGNUM *ret) { 22 | CBS child; 23 | int is_negative; 24 | if (!CBS_get_asn1(cbs, &child, CBS_ASN1_INTEGER) || 25 | !CBS_is_valid_asn1_integer(&child, &is_negative)) { 26 | OPENSSL_PUT_ERROR(BN, BN_R_BAD_ENCODING); 27 | return 0; 28 | } 29 | 30 | if (is_negative) { 31 | OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER); 32 | return 0; 33 | } 34 | 35 | return BN_bin2bn(CBS_data(&child), CBS_len(&child), ret) != NULL; 36 | } 37 | 38 | int BN_marshal_asn1(CBB *cbb, const BIGNUM *bn) { 39 | // Negative numbers are unsupported. 40 | if (BN_is_negative(bn)) { 41 | OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER); 42 | return 0; 43 | } 44 | 45 | CBB child; 46 | if (!CBB_add_asn1(cbb, &child, CBS_ASN1_INTEGER) || 47 | // The number must be padded with a leading zero if the high bit would 48 | // otherwise be set or if |bn| is zero. 49 | (BN_num_bits(bn) % 8 == 0 && !CBB_add_u8(&child, 0x00)) || 50 | !BN_bn2cbb_padded(&child, BN_num_bytes(bn), bn) || 51 | !CBB_flush(cbb)) { 52 | OPENSSL_PUT_ERROR(BN, BN_R_ENCODE_ERROR); 53 | return 0; 54 | } 55 | 56 | return 1; 57 | } 58 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/bytestring/asn1_compat.cc: -------------------------------------------------------------------------------- 1 | /* Copyright 2016 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | 16 | #include 17 | 18 | #include 19 | #include 20 | #include 21 | 22 | #include 23 | 24 | #include "internal.h" 25 | #include "../internal.h" 26 | 27 | 28 | int CBB_finish_i2d(CBB *cbb, uint8_t **outp) { 29 | assert(!cbb->is_child); 30 | assert(cbb->u.base.can_resize); 31 | 32 | uint8_t *der; 33 | size_t der_len; 34 | if (!CBB_finish(cbb, &der, &der_len)) { 35 | CBB_cleanup(cbb); 36 | return -1; 37 | } 38 | if (der_len > INT_MAX) { 39 | OPENSSL_free(der); 40 | return -1; 41 | } 42 | if (outp != NULL) { 43 | if (*outp == NULL) { 44 | *outp = der; 45 | der = NULL; 46 | } else { 47 | OPENSSL_memcpy(*outp, der, der_len); 48 | *outp += der_len; 49 | } 50 | } 51 | OPENSSL_free(der); 52 | return (int)der_len; 53 | } 54 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/cipher/e_null.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | 14 | #include 15 | 16 | #include "../fipsmodule/cipher/internal.h" 17 | #include "../internal.h" 18 | 19 | 20 | static int null_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, 21 | const uint8_t *iv, int enc) { 22 | return 1; 23 | } 24 | 25 | static int null_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, 26 | size_t in_len) { 27 | if (in != out) { 28 | OPENSSL_memcpy(out, in, in_len); 29 | } 30 | return 1; 31 | } 32 | 33 | static const EVP_CIPHER n_cipher = { 34 | /*nid=*/NID_undef, 35 | /*block_size=*/1, 36 | /*key_len=*/0, 37 | /*iv_len=*/0, 38 | /*ctx_size=*/0, 39 | /*flags=*/0, 40 | /*init=*/null_init_key, 41 | /*cipher=*/null_cipher, 42 | /*cleanup=*/nullptr, 43 | /*ctrl=*/nullptr, 44 | }; 45 | 46 | const EVP_CIPHER *EVP_enc_null(void) { return &n_cipher; } 47 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/cipher/e_rc4.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | #include 12 | 13 | #include 14 | #include 15 | #include 16 | 17 | #include "../fipsmodule/cipher/internal.h" 18 | 19 | 20 | static int rc4_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, 21 | const uint8_t *iv, int enc) { 22 | RC4_KEY *rc4key = (RC4_KEY *)ctx->cipher_data; 23 | 24 | RC4_set_key(rc4key, EVP_CIPHER_CTX_key_length(ctx), key); 25 | return 1; 26 | } 27 | 28 | static int rc4_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, 29 | size_t in_len) { 30 | RC4_KEY *rc4key = (RC4_KEY *)ctx->cipher_data; 31 | 32 | RC4(rc4key, in_len, in, out); 33 | return 1; 34 | } 35 | 36 | static const EVP_CIPHER rc4 = { 37 | /*nid=*/NID_rc4, 38 | /*block_size=*/1, 39 | /*key_len=*/16, 40 | /*iv_len=*/0, 41 | /*ctx_size=*/sizeof(RC4_KEY), 42 | /*flags=*/EVP_CIPH_VARIABLE_LENGTH, 43 | /*init=*/rc4_init_key, 44 | /*cipher=*/rc4_cipher, 45 | /*cleanup=*/nullptr, 46 | /*ctrl=*/nullptr, 47 | }; 48 | 49 | const EVP_CIPHER *EVP_rc4(void) { return &rc4; } 50 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/conf/internal.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2015 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #ifndef OPENSSL_HEADER_CRYPTO_CONF_INTERNAL_H 16 | #define OPENSSL_HEADER_CRYPTO_CONF_INTERNAL_H 17 | 18 | #include 19 | 20 | #include "../lhash/internal.h" 21 | 22 | #if defined(__cplusplus) 23 | extern "C" { 24 | #endif 25 | 26 | 27 | typedef struct conf_section_st CONF_SECTION; 28 | 29 | DEFINE_LHASH_OF(CONF_SECTION) 30 | DEFINE_LHASH_OF(CONF_VALUE) 31 | 32 | struct conf_st { 33 | LHASH_OF(CONF_VALUE) *values; 34 | LHASH_OF(CONF_SECTION) *sections; 35 | }; 36 | 37 | // CONF_VALUE_new returns a freshly allocated and zeroed |CONF_VALUE|. 38 | CONF_VALUE *CONF_VALUE_new(void); 39 | 40 | // CONF_parse_list takes a list separated by 'sep' and calls |list_cb| giving 41 | // the start and length of each member, optionally stripping leading and 42 | // trailing whitespace. This can be used to parse comma separated lists for 43 | // example. If |list_cb| returns <= 0, then the iteration is halted and that 44 | // value is returned immediately. Otherwise it returns one. Note that |list_cb| 45 | // may be called on an empty member. 46 | OPENSSL_EXPORT int CONF_parse_list( 47 | const char *list, char sep, int remove_whitespace, 48 | int (*list_cb)(const char *elem, size_t len, void *usr), void *arg); 49 | 50 | 51 | #if defined(__cplusplus) 52 | } // extern C 53 | #endif 54 | 55 | #endif // OPENSSL_HEADER_CRYPTO_CONF_INTERNAL_H 56 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/cpu_aarch64_fuchsia.cc: -------------------------------------------------------------------------------- 1 | /* Copyright 2018 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #include "internal.h" 16 | 17 | #if defined(OPENSSL_AARCH64) && defined(OPENSSL_FUCHSIA) && \ 18 | !defined(OPENSSL_STATIC_ARMCAP) && !defined(OPENSSL_NO_ASM) 19 | 20 | #include 21 | #include 22 | #include 23 | 24 | #include 25 | 26 | 27 | void OPENSSL_cpuid_setup(void) { 28 | uint32_t hwcap; 29 | zx_status_t rc = zx_system_get_features(ZX_FEATURE_KIND_CPU, &hwcap); 30 | if (rc != ZX_OK || (hwcap & ZX_ARM64_FEATURE_ISA_ASIMD) == 0) { 31 | // If NEON/ASIMD is missing, don't report other features either. This 32 | // matches OpenSSL, and the other features depend on SIMD registers. 33 | return; 34 | } 35 | 36 | OPENSSL_armcap_P |= ARMV7_NEON; 37 | 38 | if (hwcap & ZX_ARM64_FEATURE_ISA_AES) { 39 | OPENSSL_armcap_P |= ARMV8_AES; 40 | } 41 | if (hwcap & ZX_ARM64_FEATURE_ISA_PMULL) { 42 | OPENSSL_armcap_P |= ARMV8_PMULL; 43 | } 44 | if (hwcap & ZX_ARM64_FEATURE_ISA_SHA1) { 45 | OPENSSL_armcap_P |= ARMV8_SHA1; 46 | } 47 | if (hwcap & ZX_ARM64_FEATURE_ISA_SHA256) { 48 | OPENSSL_armcap_P |= ARMV8_SHA256; 49 | } 50 | if (hwcap & ZX_ARM64_FEATURE_ISA_SHA512) { 51 | OPENSSL_armcap_P |= ARMV8_SHA512; 52 | } 53 | } 54 | 55 | #endif // OPENSSL_AARCH64 && OPENSSL_FUCHSIA && !OPENSSL_STATIC_ARMCAP 56 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/cpu_aarch64_linux.cc: -------------------------------------------------------------------------------- 1 | /* Copyright 2016 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #include "internal.h" 16 | 17 | #if defined(OPENSSL_AARCH64) && defined(OPENSSL_LINUX) && \ 18 | !defined(OPENSSL_STATIC_ARMCAP) && !defined(OPENSSL_NO_ASM) 19 | 20 | #include 21 | 22 | #include 23 | 24 | 25 | void OPENSSL_cpuid_setup(void) { 26 | unsigned long hwcap = getauxval(AT_HWCAP); 27 | 28 | // See /usr/include/asm/hwcap.h on an aarch64 installation for the source of 29 | // these values. 30 | static const unsigned long kNEON = 1 << 1; 31 | static const unsigned long kAES = 1 << 3; 32 | static const unsigned long kPMULL = 1 << 4; 33 | static const unsigned long kSHA1 = 1 << 5; 34 | static const unsigned long kSHA256 = 1 << 6; 35 | static const unsigned long kSHA512 = 1 << 21; 36 | 37 | if ((hwcap & kNEON) == 0) { 38 | // Matching OpenSSL, if NEON is missing, don't report other features 39 | // either. 40 | return; 41 | } 42 | 43 | OPENSSL_armcap_P |= ARMV7_NEON; 44 | 45 | if (hwcap & kAES) { 46 | OPENSSL_armcap_P |= ARMV8_AES; 47 | } 48 | if (hwcap & kPMULL) { 49 | OPENSSL_armcap_P |= ARMV8_PMULL; 50 | } 51 | if (hwcap & kSHA1) { 52 | OPENSSL_armcap_P |= ARMV8_SHA1; 53 | } 54 | if (hwcap & kSHA256) { 55 | OPENSSL_armcap_P |= ARMV8_SHA256; 56 | } 57 | if (hwcap & kSHA512) { 58 | OPENSSL_armcap_P |= ARMV8_SHA512; 59 | } 60 | } 61 | 62 | #endif // OPENSSL_AARCH64 && OPENSSL_LINUX && !OPENSSL_STATIC_ARMCAP 63 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/cpu_aarch64_openbsd.cc: -------------------------------------------------------------------------------- 1 | /* Copyright (c) 2022, Robert Nagy 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #include 16 | 17 | #if defined(OPENSSL_AARCH64) && defined(OPENSSL_OPENBSD) && \ 18 | !defined(OPENSSL_STATIC_ARMCAP) && !defined(OPENSSL_NO_ASM) 19 | 20 | #include 21 | #include 22 | #include 23 | 24 | #include 25 | 26 | #include "internal.h" 27 | 28 | 29 | void OPENSSL_cpuid_setup(void) { 30 | int isar0_mib[] = {CTL_MACHDEP, CPU_ID_AA64ISAR0}; 31 | uint64_t cpu_id = 0; 32 | size_t len = sizeof(cpu_id); 33 | 34 | if (sysctl(isar0_mib, 2, &cpu_id, &len, NULL, 0) < 0) { 35 | return; 36 | } 37 | 38 | OPENSSL_armcap_P |= ARMV7_NEON; 39 | 40 | if (ID_AA64ISAR0_AES(cpu_id) >= ID_AA64ISAR0_AES_BASE) { 41 | OPENSSL_armcap_P |= ARMV8_AES; 42 | } 43 | 44 | if (ID_AA64ISAR0_AES(cpu_id) >= ID_AA64ISAR0_AES_PMULL) { 45 | OPENSSL_armcap_P |= ARMV8_PMULL; 46 | } 47 | 48 | if (ID_AA64ISAR0_SHA1(cpu_id) >= ID_AA64ISAR0_SHA1_BASE) { 49 | OPENSSL_armcap_P |= ARMV8_SHA1; 50 | } 51 | 52 | if (ID_AA64ISAR0_SHA2(cpu_id) >= ID_AA64ISAR0_SHA2_BASE) { 53 | OPENSSL_armcap_P |= ARMV8_SHA256; 54 | } 55 | 56 | if (ID_AA64ISAR0_SHA2(cpu_id) >= ID_AA64ISAR0_SHA2_512) { 57 | OPENSSL_armcap_P |= ARMV8_SHA512; 58 | } 59 | } 60 | 61 | #endif // OPENSSL_AARCH64 && OPENSSL_OPENBSD && !OPENSSL_STATIC_ARMCAP 62 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/cpu_aarch64_win.cc: -------------------------------------------------------------------------------- 1 | /* Copyright 2018 The BoringSSL Authors 2 | * Copyright (c) 2020, Arm Ltd. 3 | * 4 | * Permission to use, copy, modify, and/or distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 11 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 13 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 14 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 15 | 16 | #include "internal.h" 17 | 18 | #if defined(OPENSSL_AARCH64) && defined(OPENSSL_WINDOWS) && \ 19 | !defined(OPENSSL_STATIC_ARMCAP) && !defined(OPENSSL_NO_ASM) 20 | 21 | #include 22 | 23 | #include 24 | 25 | 26 | void OPENSSL_cpuid_setup(void) { 27 | // We do not need to check for the presence of NEON, as Armv8-A always has it 28 | OPENSSL_armcap_P |= ARMV7_NEON; 29 | 30 | if (IsProcessorFeaturePresent(PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE)) { 31 | // These are all covered by one call in Windows 32 | OPENSSL_armcap_P |= ARMV8_AES; 33 | OPENSSL_armcap_P |= ARMV8_PMULL; 34 | OPENSSL_armcap_P |= ARMV8_SHA1; 35 | OPENSSL_armcap_P |= ARMV8_SHA256; 36 | } 37 | // As of writing, Windows does not have a |PF_*| value for ARMv8.2 SHA-512 38 | // extensions. When it does, add it here. 39 | } 40 | 41 | #endif // OPENSSL_AARCH64 && OPENSSL_WINDOWS && !OPENSSL_STATIC_ARMCAP 42 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/cpu_arm_freebsd.cc: -------------------------------------------------------------------------------- 1 | /* Copyright 2022 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #include "internal.h" 16 | 17 | #if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM) && \ 18 | defined(OPENSSL_FREEBSD) && !defined(OPENSSL_STATIC_ARMCAP) 19 | #include 20 | #include 21 | 22 | #include 23 | #include 24 | 25 | 26 | void OPENSSL_cpuid_setup(void) { 27 | unsigned long hwcap = 0, hwcap2 = 0; 28 | 29 | // |elf_aux_info| may fail, in which case |hwcap| and |hwcap2| will be 30 | // left at zero. The rest of this function will then gracefully report 31 | // the features are absent. 32 | elf_aux_info(AT_HWCAP, &hwcap, sizeof(hwcap)); 33 | elf_aux_info(AT_HWCAP2, &hwcap2, sizeof(hwcap2)); 34 | 35 | // Matching OpenSSL, only report other features if NEON is present. 36 | if (hwcap & HWCAP_NEON) { 37 | OPENSSL_armcap_P |= ARMV7_NEON; 38 | 39 | if (hwcap2 & HWCAP2_AES) { 40 | OPENSSL_armcap_P |= ARMV8_AES; 41 | } 42 | if (hwcap2 & HWCAP2_PMULL) { 43 | OPENSSL_armcap_P |= ARMV8_PMULL; 44 | } 45 | if (hwcap2 & HWCAP2_SHA1) { 46 | OPENSSL_armcap_P |= ARMV8_SHA1; 47 | } 48 | if (hwcap2 & HWCAP2_SHA2) { 49 | OPENSSL_armcap_P |= ARMV8_SHA256; 50 | } 51 | } 52 | } 53 | 54 | #endif // OPENSSL_ARM && OPENSSL_OPENBSD && !OPENSSL_STATIC_ARMCAP 55 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/curve25519/curve25519_64_adx.cc: -------------------------------------------------------------------------------- 1 | /* Copyright 2023 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #include "internal.h" 16 | #if defined(BORINGSSL_FE25519_ADX) 17 | #include "../../third_party/fiat/curve25519_64_adx.h" 18 | #endif 19 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/dsa/internal.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2020 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #ifndef OPENSSL_HEADER_DSA_INTERNAL_H 16 | #define OPENSSL_HEADER_DSA_INTERNAL_H 17 | 18 | #include 19 | 20 | #include 21 | 22 | #include "../internal.h" 23 | 24 | #if defined(__cplusplus) 25 | extern "C" { 26 | #endif 27 | 28 | 29 | struct dsa_st { 30 | BIGNUM *p; 31 | BIGNUM *q; 32 | BIGNUM *g; 33 | 34 | BIGNUM *pub_key; 35 | BIGNUM *priv_key; 36 | 37 | // Normally used to cache montgomery values 38 | CRYPTO_MUTEX method_mont_lock; 39 | BN_MONT_CTX *method_mont_p; 40 | BN_MONT_CTX *method_mont_q; 41 | CRYPTO_refcount_t references; 42 | CRYPTO_EX_DATA ex_data; 43 | }; 44 | 45 | // dsa_check_key performs cheap self-checks on |dsa|, and ensures it is within 46 | // DoS bounds. It returns one on success and zero on error. 47 | int dsa_check_key(const DSA *dsa); 48 | 49 | 50 | #if defined(__cplusplus) 51 | } // extern C 52 | #endif 53 | 54 | #endif // OPENSSL_HEADER_DSA_INTERNAL_H 55 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/ecdh/ecdh.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved. 4 | * 5 | * Licensed under the OpenSSL license (the "License"). You may not use 6 | * this file except in compliance with the License. You can obtain a copy 7 | * in the file LICENSE in the source distribution or at 8 | * https://www.openssl.org/source/license.html 9 | */ 10 | 11 | #include 12 | 13 | #include 14 | #include 15 | 16 | #include 17 | #include 18 | #include 19 | 20 | #include "../fipsmodule/ec/internal.h" 21 | #include "../internal.h" 22 | 23 | 24 | int ECDH_compute_key(void *out, size_t out_len, const EC_POINT *pub_key, 25 | const EC_KEY *priv_key, 26 | void *(*kdf)(const void *in, size_t inlen, void *out, 27 | size_t *out_len)) { 28 | if (priv_key->priv_key == NULL) { 29 | OPENSSL_PUT_ERROR(ECDH, ECDH_R_NO_PRIVATE_VALUE); 30 | return -1; 31 | } 32 | const EC_SCALAR *const priv = &priv_key->priv_key->scalar; 33 | const EC_GROUP *const group = EC_KEY_get0_group(priv_key); 34 | if (EC_GROUP_cmp(group, pub_key->group, NULL) != 0) { 35 | OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); 36 | return -1; 37 | } 38 | 39 | EC_JACOBIAN shared_point; 40 | uint8_t buf[EC_MAX_BYTES]; 41 | size_t buf_len; 42 | if (!ec_point_mul_scalar(group, &shared_point, &pub_key->raw, priv) || 43 | !ec_get_x_coordinate_as_bytes(group, buf, &buf_len, sizeof(buf), 44 | &shared_point)) { 45 | OPENSSL_PUT_ERROR(ECDH, ECDH_R_POINT_ARITHMETIC_FAILURE); 46 | return -1; 47 | } 48 | 49 | if (kdf != NULL) { 50 | if (kdf(buf, buf_len, out, &out_len) == NULL) { 51 | OPENSSL_PUT_ERROR(ECDH, ECDH_R_KDF_FAILED); 52 | return -1; 53 | } 54 | } else { 55 | // no KDF, just copy as much as we can 56 | if (buf_len < out_len) { 57 | out_len = buf_len; 58 | } 59 | OPENSSL_memcpy(out, buf, out_len); 60 | } 61 | 62 | if (out_len > INT_MAX) { 63 | OPENSSL_PUT_ERROR(ECDH, ERR_R_OVERFLOW); 64 | return -1; 65 | } 66 | 67 | return (int)out_len; 68 | } 69 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/err/internal.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #ifndef OPENSSL_HEADER_CRYPTO_ERR_INTERNAL_H 16 | #define OPENSSL_HEADER_CRYPTO_ERR_INTERNAL_H 17 | 18 | #include 19 | 20 | #if defined(__cplusplus) 21 | extern "C" { 22 | #endif 23 | 24 | 25 | // Private error queue functions. 26 | 27 | // ERR_SAVE_STATE contains a saved representation of the error queue. It is 28 | // slightly more compact than |ERR_STATE| as the error queue will typically not 29 | // contain |ERR_NUM_ERRORS| entries. 30 | typedef struct err_save_state_st ERR_SAVE_STATE; 31 | 32 | // ERR_SAVE_STATE_free releases all memory associated with |state|. 33 | OPENSSL_EXPORT void ERR_SAVE_STATE_free(ERR_SAVE_STATE *state); 34 | 35 | // ERR_save_state returns a newly-allocated |ERR_SAVE_STATE| structure 36 | // containing the current state of the error queue or NULL on allocation 37 | // error. It should be released with |ERR_SAVE_STATE_free|. 38 | OPENSSL_EXPORT ERR_SAVE_STATE *ERR_save_state(void); 39 | 40 | // ERR_restore_state clears the error queue and replaces it with |state|. 41 | OPENSSL_EXPORT void ERR_restore_state(const ERR_SAVE_STATE *state); 42 | 43 | 44 | #if defined(__cplusplus) 45 | } // extern C 46 | 47 | extern "C++" { 48 | 49 | BSSL_NAMESPACE_BEGIN 50 | 51 | BORINGSSL_MAKE_DELETER(ERR_SAVE_STATE, ERR_SAVE_STATE_free) 52 | 53 | BSSL_NAMESPACE_END 54 | 55 | } // extern C++ 56 | #endif 57 | 58 | #endif // OPENSSL_HEADER_CRYPTO_ERR_INTERNAL_H 59 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/fipsmodule/aes/ofb.cc.inc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | #include 12 | 13 | #include "internal.h" 14 | 15 | 16 | static_assert(16 % sizeof(size_t) == 0, "block cannot be divided into size_t"); 17 | 18 | void CRYPTO_ofb128_encrypt(const uint8_t *in, uint8_t *out, size_t len, 19 | const AES_KEY *key, uint8_t ivec[16], unsigned *num, 20 | block128_f block) { 21 | assert(key != NULL && ivec != NULL && num != NULL); 22 | assert(len == 0 || (in != NULL && out != NULL)); 23 | 24 | unsigned n = *num; 25 | 26 | while (n && len) { 27 | *(out++) = *(in++) ^ ivec[n]; 28 | --len; 29 | n = (n + 1) % 16; 30 | } 31 | 32 | while (len >= 16) { 33 | (*block)(ivec, ivec, key); 34 | CRYPTO_xor16(out, in, ivec); 35 | len -= 16; 36 | out += 16; 37 | in += 16; 38 | n = 0; 39 | } 40 | if (len) { 41 | (*block)(ivec, ivec, key); 42 | while (len--) { 43 | out[n] = in[n] ^ ivec[n]; 44 | ++n; 45 | } 46 | } 47 | *num = n; 48 | } 49 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/fipsmodule/dh/internal.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2022 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #ifndef OPENSSL_HEADER_CRYPTO_FIPSMODULE_DH_INTERNAL_H 16 | #define OPENSSL_HEADER_CRYPTO_FIPSMODULE_DH_INTERNAL_H 17 | 18 | #include 19 | 20 | #include 21 | 22 | #include "../../internal.h" 23 | 24 | #if defined(__cplusplus) 25 | extern "C" { 26 | #endif 27 | 28 | 29 | struct dh_st { 30 | BIGNUM *p; 31 | BIGNUM *g; 32 | BIGNUM *q; 33 | BIGNUM *pub_key; // g^x mod p 34 | BIGNUM *priv_key; // x 35 | 36 | // priv_length contains the length, in bits, of the private value. If zero, 37 | // the private value will be the same length as |p|. 38 | unsigned priv_length; 39 | 40 | CRYPTO_MUTEX method_mont_p_lock; 41 | BN_MONT_CTX *method_mont_p; 42 | 43 | int flags; 44 | CRYPTO_refcount_t references; 45 | }; 46 | 47 | // dh_check_params_fast checks basic invariants on |dh|'s domain parameters. It 48 | // does not check that |dh| forms a valid group, only that the sizes are within 49 | // DoS bounds. 50 | int dh_check_params_fast(const DH *dh); 51 | 52 | // dh_compute_key_padded_no_self_test does the same as |DH_compute_key_padded|, 53 | // but doesn't try to run the self-test first. This is for use in the self tests 54 | // themselves, to prevent an infinite loop. 55 | int dh_compute_key_padded_no_self_test(unsigned char *out, 56 | const BIGNUM *peers_key, DH *dh); 57 | 58 | 59 | #if defined(__cplusplus) 60 | } 61 | #endif 62 | 63 | #endif // OPENSSL_HEADER_CRYPTO_FIPSMODULE_DH_INTERNAL_H 64 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/fipsmodule/digest/internal.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #ifndef OPENSSL_HEADER_DIGEST_INTERNAL_H 11 | #define OPENSSL_HEADER_DIGEST_INTERNAL_H 12 | 13 | #include 14 | 15 | #if defined(__cplusplus) 16 | extern "C" { 17 | #endif 18 | 19 | 20 | struct env_md_st { 21 | // type contains a NID identifing the digest function. (For example, 22 | // NID_md5.) 23 | int type; 24 | 25 | // md_size contains the size, in bytes, of the resulting digest. 26 | unsigned md_size; 27 | 28 | // flags contains the OR of |EVP_MD_FLAG_*| values. 29 | uint32_t flags; 30 | 31 | // init initialises the state in |ctx->md_data|. 32 | void (*init)(EVP_MD_CTX *ctx); 33 | 34 | // update hashes |len| bytes of |data| into the state in |ctx->md_data|. 35 | void (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); 36 | 37 | // final completes the hash and writes |md_size| bytes of digest to |out|. 38 | void (*final)(EVP_MD_CTX *ctx, uint8_t *out); 39 | 40 | // block_size contains the hash's native block size. 41 | unsigned block_size; 42 | 43 | // ctx_size contains the size, in bytes, of the state of the hash function. 44 | unsigned ctx_size; 45 | }; 46 | 47 | // evp_md_pctx_ops contains function pointers to allow the |pctx| member of 48 | // |EVP_MD_CTX| to be manipulated without breaking layering by calling EVP 49 | // functions. 50 | struct evp_md_pctx_ops { 51 | // free is called when an |EVP_MD_CTX| is being freed and the |pctx| also 52 | // needs to be freed. 53 | void (*free) (EVP_PKEY_CTX *pctx); 54 | 55 | // dup is called when an |EVP_MD_CTX| is copied and so the |pctx| also needs 56 | // to be copied. 57 | EVP_PKEY_CTX* (*dup) (EVP_PKEY_CTX *pctx); 58 | }; 59 | 60 | 61 | #if defined(__cplusplus) 62 | } // extern C 63 | #endif 64 | 65 | #endif // OPENSSL_HEADER_DIGEST_INTERNAL 66 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/fipsmodule/fips_shared_support.cc: -------------------------------------------------------------------------------- 1 | /* Copyright 2019 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #include 16 | 17 | 18 | #if defined(BORINGSSL_FIPS) && defined(BORINGSSL_SHARED_LIBRARY) 19 | // BORINGSSL_bcm_text_hash is is default hash value for the FIPS integrity check 20 | // that must be replaced with the real value during the build process. This 21 | // value need only be distinct, i.e. so that we can safely search-and-replace it 22 | // in an object file. 23 | extern const uint8_t BORINGSSL_bcm_text_hash[32] = { 24 | 0xae, 0x2c, 0xea, 0x2a, 0xbd, 0xa6, 0xf3, 0xec, 0x97, 0x7f, 0x9b, 25 | 0xf6, 0x94, 0x9a, 0xfc, 0x83, 0x68, 0x27, 0xcb, 0xa0, 0xa0, 0x9f, 26 | 0x6b, 0x6f, 0xde, 0x52, 0xcd, 0xe2, 0xcd, 0xff, 0x31, 0x80, 27 | }; 28 | #endif // FIPS && SHARED_LIBRARY 29 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/fipsmodule/slhdsa/wots.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2024 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #ifndef OPENSSL_HEADER_CRYPTO_FIPSMODULE_SLHDSA_WOTS_H 16 | #define OPENSSL_HEADER_CRYPTO_FIPSMODULE_SLHDSA_WOTS_H 17 | 18 | #include "./params.h" 19 | 20 | #if defined(__cplusplus) 21 | extern "C" { 22 | #endif 23 | 24 | 25 | // Implements Algorithm 6: wots_pkGen function, page 18 26 | void slhdsa_wots_pk_gen(uint8_t pk[BCM_SLHDSA_SHA2_128S_N], 27 | const uint8_t sk_seed[BCM_SLHDSA_SHA2_128S_N], 28 | const uint8_t pub_seed[BCM_SLHDSA_SHA2_128S_N], 29 | uint8_t addr[32]); 30 | 31 | // Implements Algorithm 7: wots_sign function, page 20 32 | void slhdsa_wots_sign(uint8_t sig[SLHDSA_SHA2_128S_WOTS_BYTES], 33 | const uint8_t msg[BCM_SLHDSA_SHA2_128S_N], 34 | const uint8_t sk_seed[BCM_SLHDSA_SHA2_128S_N], 35 | const uint8_t pub_seed[BCM_SLHDSA_SHA2_128S_N], 36 | uint8_t addr[32]); 37 | 38 | // Implements Algorithm 8: wots_pkFromSig function, page 21 39 | void slhdsa_wots_pk_from_sig(uint8_t pk[BCM_SLHDSA_SHA2_128S_N], 40 | const uint8_t sig[SLHDSA_SHA2_128S_WOTS_BYTES], 41 | const uint8_t msg[BCM_SLHDSA_SHA2_128S_N], 42 | const uint8_t pub_seed[BCM_SLHDSA_SHA2_128S_N], 43 | uint8_t addr[32]); 44 | 45 | 46 | #if defined(__cplusplus) 47 | } // extern C 48 | #endif 49 | 50 | #endif // OPENSSL_HEADER_CRYPTO_FIPSMODULE_SLHDSA_WOTS_H 51 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/fipsmodule/tls/internal.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2018 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #ifndef OPENSSL_HEADER_CRYPTO_FIPSMODULE_TLS_INTERNAL_H 16 | #define OPENSSL_HEADER_CRYPTO_FIPSMODULE_TLS_INTERNAL_H 17 | 18 | #include 19 | 20 | #if defined(__cplusplus) 21 | extern "C" { 22 | #endif 23 | 24 | 25 | // tls1_prf calculates |out_len| bytes of the TLS PDF, using |digest|, and 26 | // writes them to |out|. It returns one on success and zero on error. 27 | OPENSSL_EXPORT int CRYPTO_tls1_prf(const EVP_MD *digest, 28 | uint8_t *out, size_t out_len, 29 | const uint8_t *secret, size_t secret_len, 30 | const char *label, size_t label_len, 31 | const uint8_t *seed1, size_t seed1_len, 32 | const uint8_t *seed2, size_t seed2_len); 33 | 34 | // CRYPTO_tls13_hkdf_expand_label computes the TLS 1.3 KDF function of the same 35 | // name. See https://www.rfc-editor.org/rfc/rfc8446#section-7.1. 36 | OPENSSL_EXPORT int CRYPTO_tls13_hkdf_expand_label( 37 | uint8_t *out, size_t out_len, const EVP_MD *digest, // 38 | const uint8_t *secret, size_t secret_len, // 39 | const uint8_t *label, size_t label_len, // 40 | const uint8_t *hash, size_t hash_len); 41 | 42 | 43 | #if defined(__cplusplus) 44 | } 45 | #endif 46 | 47 | #endif // OPENSSL_HEADER_CRYPTO_FIPSMODULE_TLS_INTERNAL_H 48 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/md5/internal.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2018 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #ifndef OPENSSL_HEADER_MD5_INTERNAL_H 16 | #define OPENSSL_HEADER_MD5_INTERNAL_H 17 | 18 | #include 19 | 20 | #if defined(__cplusplus) 21 | extern "C" { 22 | #endif 23 | 24 | 25 | #if !defined(OPENSSL_NO_ASM) && \ 26 | (defined(OPENSSL_X86_64) || defined(OPENSSL_X86)) 27 | #define MD5_ASM 28 | extern void md5_block_asm_data_order(uint32_t *state, const uint8_t *data, 29 | size_t num); 30 | #endif 31 | 32 | 33 | #if defined(__cplusplus) 34 | } // extern "C" 35 | #endif 36 | 37 | #endif // OPENSSL_HEADER_MD5_INTERNAL_H 38 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/pem/internal.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #ifndef OPENSSL_HEADER_PEM_INTERNAL_H 11 | #define OPENSSL_HEADER_PEM_INTERNAL_H 12 | 13 | #include 14 | 15 | #ifdef __cplusplus 16 | extern "C" { 17 | #endif 18 | 19 | 20 | // PEM_get_EVP_CIPHER_INFO decodes |header| as a PEM header block and writes the 21 | // specified cipher and IV to |cipher|. It returns one on success and zero on 22 | // error. |header| must be a NUL-terminated string. If |header| does not 23 | // specify encryption, this function will return success and set 24 | // |cipher->cipher| to NULL. 25 | int PEM_get_EVP_CIPHER_INFO(const char *header, EVP_CIPHER_INFO *cipher); 26 | 27 | // PEM_do_header decrypts |*len| bytes from |data| in-place according to the 28 | // information in |cipher|. On success, it returns one and sets |*len| to the 29 | // length of the plaintext. Otherwise, it returns zero. If |cipher| specifies 30 | // encryption, the key is derived from a password returned from |callback|. 31 | int PEM_do_header(const EVP_CIPHER_INFO *cipher, uint8_t *data, long *len, 32 | pem_password_cb *callback, void *u); 33 | 34 | 35 | #ifdef __cplusplus 36 | } // extern "C" 37 | #endif 38 | 39 | #endif // OPENSSL_HEADER_PEM_INTERNAL_H 40 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/pem/pem_oth.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | 21 | // Handle 'other' PEMs: not private keys 22 | 23 | void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, 24 | pem_password_cb *cb, void *u) { 25 | const unsigned char *p = NULL; 26 | unsigned char *data = NULL; 27 | long len; 28 | char *ret = NULL; 29 | 30 | if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u)) { 31 | return NULL; 32 | } 33 | p = data; 34 | ret = reinterpret_cast(d2i(x, &p, len)); 35 | if (ret == NULL) { 36 | OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB); 37 | } 38 | OPENSSL_free(data); 39 | return ret; 40 | } 41 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/pem/pem_x509.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | #include 14 | #include 15 | #include 16 | 17 | IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509) 18 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/pem/pem_xaux.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | #include 14 | #include 15 | #include 16 | 17 | IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX) 18 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/poly1305/internal.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2016 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #ifndef OPENSSL_HEADER_POLY1305_INTERNAL_H 16 | #define OPENSSL_HEADER_POLY1305_INTERNAL_H 17 | 18 | #include 19 | #include 20 | 21 | #if defined(__cplusplus) 22 | extern "C" { 23 | #endif 24 | 25 | #if defined(OPENSSL_ARM) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_APPLE) 26 | #define OPENSSL_POLY1305_NEON 27 | 28 | void CRYPTO_poly1305_init_neon(poly1305_state *state, const uint8_t key[32]); 29 | 30 | void CRYPTO_poly1305_update_neon(poly1305_state *state, const uint8_t *in, 31 | size_t in_len); 32 | 33 | void CRYPTO_poly1305_finish_neon(poly1305_state *state, uint8_t mac[16]); 34 | #endif 35 | 36 | 37 | #if defined(__cplusplus) 38 | } // extern C 39 | #endif 40 | 41 | #endif // OPENSSL_HEADER_POLY1305_INTERNAL_H 42 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/pool/internal.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2016 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #ifndef OPENSSL_HEADER_POOL_INTERNAL_H 16 | #define OPENSSL_HEADER_POOL_INTERNAL_H 17 | 18 | #include 19 | #include 20 | 21 | #include "../internal.h" 22 | #include "../lhash/internal.h" 23 | 24 | 25 | #if defined(__cplusplus) 26 | extern "C" { 27 | #endif 28 | 29 | 30 | DEFINE_LHASH_OF(CRYPTO_BUFFER) 31 | 32 | struct crypto_buffer_st { 33 | CRYPTO_BUFFER_POOL *pool; 34 | uint8_t *data; 35 | size_t len; 36 | CRYPTO_refcount_t references; 37 | int data_is_static; 38 | }; 39 | 40 | struct crypto_buffer_pool_st { 41 | LHASH_OF(CRYPTO_BUFFER) *bufs; 42 | CRYPTO_MUTEX lock; 43 | const uint64_t hash_key[2]; 44 | }; 45 | 46 | 47 | #if defined(__cplusplus) 48 | } // extern C 49 | #endif 50 | 51 | #endif // OPENSSL_HEADER_POOL_INTERNAL_H 52 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/rand/deterministic.cc: -------------------------------------------------------------------------------- 1 | /* Copyright 2016 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #include 16 | 17 | #include "../bcm_support.h" 18 | #include "sysrand_internal.h" 19 | 20 | #if defined(OPENSSL_RAND_DETERMINISTIC) 21 | 22 | #include 23 | 24 | #include 25 | 26 | #include "../internal.h" 27 | 28 | 29 | // g_num_calls is the number of calls to |CRYPTO_sysrand| that have occurred. 30 | // 31 | // This is intentionally not thread-safe. If the fuzzer mode is ever used in a 32 | // multi-threaded program, replace this with a thread-local. (A mutex would not 33 | // be deterministic.) 34 | static uint64_t g_num_calls = 0; 35 | static CRYPTO_MUTEX g_num_calls_lock = CRYPTO_MUTEX_INIT; 36 | 37 | void RAND_reset_for_fuzzing(void) { g_num_calls = 0; } 38 | 39 | void CRYPTO_init_sysrand(void) {} 40 | 41 | void CRYPTO_sysrand(uint8_t *out, size_t requested) { 42 | static const uint8_t kZeroKey[32] = {0}; 43 | 44 | CRYPTO_MUTEX_lock_write(&g_num_calls_lock); 45 | uint64_t num_calls = g_num_calls++; 46 | CRYPTO_MUTEX_unlock_write(&g_num_calls_lock); 47 | 48 | uint8_t nonce[12]; 49 | OPENSSL_memset(nonce, 0, sizeof(nonce)); 50 | OPENSSL_memcpy(nonce, &num_calls, sizeof(num_calls)); 51 | 52 | OPENSSL_memset(out, 0, requested); 53 | CRYPTO_chacha_20(out, out, requested, kZeroKey, nonce, 0); 54 | } 55 | 56 | int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) { 57 | CRYPTO_sysrand(buf, len); 58 | return 1; 59 | } 60 | 61 | void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) { 62 | CRYPTO_sysrand(out, requested); 63 | } 64 | 65 | #endif // OPENSSL_RAND_DETERMINISTIC 66 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/rand/forkunsafe.cc: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #include 16 | 17 | #include 18 | 19 | #include "../fipsmodule/rand/internal.h" 20 | #include "../internal.h" 21 | 22 | 23 | // g_buffering_enabled is one if fork-unsafe buffering has been enabled and zero 24 | // otherwise. 25 | static CRYPTO_atomic_u32 g_buffering_enabled; 26 | 27 | #if !defined(OPENSSL_WINDOWS) 28 | void RAND_enable_fork_unsafe_buffering(int fd) { 29 | // We no longer support setting the file-descriptor with this function. 30 | if (fd != -1) { 31 | abort(); 32 | } 33 | 34 | CRYPTO_atomic_store_u32(&g_buffering_enabled, 1); 35 | } 36 | 37 | void RAND_disable_fork_unsafe_buffering(void) { 38 | CRYPTO_atomic_store_u32(&g_buffering_enabled, 0); 39 | } 40 | #endif 41 | 42 | int rand_fork_unsafe_buffering_enabled(void) { 43 | return CRYPTO_atomic_load_u32(&g_buffering_enabled) != 0; 44 | } 45 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/rand/getentropy.cc: -------------------------------------------------------------------------------- 1 | /* Copyright 2023 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #if !defined(_DEFAULT_SOURCE) 16 | #define _DEFAULT_SOURCE // Needed for getentropy on musl and glibc 17 | #endif 18 | 19 | #include 20 | 21 | #include "../bcm_support.h" 22 | #include "sysrand_internal.h" 23 | 24 | #if defined(OPENSSL_RAND_GETENTROPY) 25 | 26 | #include 27 | #include 28 | #include 29 | 30 | #if defined(OPENSSL_MACOS) || defined(OPENSSL_FUCHSIA) 31 | #include 32 | #endif 33 | 34 | void CRYPTO_init_sysrand(void) {} 35 | 36 | // CRYPTO_sysrand puts |requested| random bytes into |out|. 37 | void CRYPTO_sysrand(uint8_t *out, size_t requested) { 38 | while (requested > 0) { 39 | // |getentropy| can only request 256 bytes at a time. 40 | size_t todo = requested <= 256 ? requested : 256; 41 | if (getentropy(out, todo) != 0) { 42 | perror("getentropy() failed"); 43 | abort(); 44 | } 45 | 46 | out += todo; 47 | requested -= todo; 48 | } 49 | } 50 | 51 | int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) { 52 | CRYPTO_sysrand(buf, len); 53 | return 1; 54 | } 55 | 56 | void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) { 57 | CRYPTO_sysrand(out, requested); 58 | } 59 | 60 | #endif // OPENSSL_RAND_GETENTROPY 61 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/rand/getrandom_fillin.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2020 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #ifndef OPENSSL_HEADER_CRYPTO_RAND_GETRANDOM_FILLIN_H 16 | #define OPENSSL_HEADER_CRYPTO_RAND_GETRANDOM_FILLIN_H 17 | 18 | #include 19 | 20 | 21 | #if defined(OPENSSL_LINUX) 22 | 23 | #include 24 | 25 | #if defined(OPENSSL_X86_64) 26 | #define EXPECTED_NR_getrandom 318 27 | #elif defined(OPENSSL_X86) 28 | #define EXPECTED_NR_getrandom 355 29 | #elif defined(OPENSSL_AARCH64) 30 | #define EXPECTED_NR_getrandom 278 31 | #elif defined(OPENSSL_ARM) 32 | #define EXPECTED_NR_getrandom 384 33 | #elif defined(OPENSSL_RISCV64) 34 | #define EXPECTED_NR_getrandom 278 35 | #endif 36 | 37 | #if defined(EXPECTED_NR_getrandom) 38 | #define USE_NR_getrandom 39 | 40 | #if defined(__NR_getrandom) 41 | 42 | #if __NR_getrandom != EXPECTED_NR_getrandom 43 | #error "system call number for getrandom is not the expected value" 44 | #endif 45 | 46 | #else // __NR_getrandom 47 | 48 | #define __NR_getrandom EXPECTED_NR_getrandom 49 | 50 | #endif // __NR_getrandom 51 | 52 | #endif // EXPECTED_NR_getrandom 53 | 54 | #if !defined(GRND_NONBLOCK) 55 | #define GRND_NONBLOCK 1 56 | #endif 57 | #if !defined(GRND_RANDOM) 58 | #define GRND_RANDOM 2 59 | #endif 60 | 61 | #endif // OPENSSL_LINUX 62 | 63 | 64 | #endif // OPENSSL_HEADER_CRYPTO_RAND_GETRANDOM_FILLIN_H 65 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/rand/ios.cc: -------------------------------------------------------------------------------- 1 | /* Copyright 2023 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #include 16 | 17 | #include "../bcm_support.h" 18 | #include "sysrand_internal.h" 19 | 20 | #if defined(OPENSSL_RAND_IOS) 21 | #include 22 | 23 | #include 24 | 25 | void CRYPTO_init_sysrand(void) {} 26 | 27 | void CRYPTO_sysrand(uint8_t *out, size_t requested) { 28 | if (CCRandomGenerateBytes(out, requested) != kCCSuccess) { 29 | abort(); 30 | } 31 | } 32 | 33 | int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) { 34 | CRYPTO_sysrand(buf, len); 35 | return 1; 36 | } 37 | 38 | void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) { 39 | CRYPTO_sysrand(out, requested); 40 | } 41 | 42 | #endif // OPENSSL_RAND_IOS 43 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/rand/sysrand_internal.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2024 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #ifndef OPENSSL_HEADER_CRYPTO_SYSRAND_INTERNAL_H 16 | #define OPENSSL_HEADER_CRYPTO_SYSRAND_INTERNAL_H 17 | 18 | #include 19 | 20 | #if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE) 21 | #define OPENSSL_RAND_DETERMINISTIC 22 | #elif defined(OPENSSL_TRUSTY) 23 | #define OPENSSL_RAND_TRUSTY 24 | #elif defined(OPENSSL_WINDOWS) 25 | #define OPENSSL_RAND_WINDOWS 26 | #elif defined(OPENSSL_LINUX) 27 | #define OPENSSL_RAND_URANDOM 28 | #elif defined(OPENSSL_APPLE) && !defined(OPENSSL_MACOS) 29 | // Unlike macOS, iOS and similar hide away getentropy(). 30 | #define OPENSSL_RAND_IOS 31 | #else 32 | // By default if you are integrating BoringSSL we expect you to 33 | // provide getentropy from the header file. 34 | #define OPENSSL_RAND_GETENTROPY 35 | #endif 36 | 37 | #endif // OPENSSL_HEADER_CRYPTO__SYSRAND_INTERNAL_H 38 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/rand/trusty.cc: -------------------------------------------------------------------------------- 1 | /* Copyright 2023 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #include 16 | 17 | #include "../bcm_support.h" 18 | #include "sysrand_internal.h" 19 | 20 | #if defined(OPENSSL_RAND_TRUSTY) 21 | #include 22 | #include 23 | 24 | #include 25 | #include 26 | 27 | #include 28 | 29 | void CRYPTO_init_sysrand(void) {} 30 | 31 | void CRYPTO_sysrand(uint8_t *out, size_t requested) { 32 | if (trusty_rng_hw_rand(out, requested) != NO_ERROR) { 33 | abort(); 34 | } 35 | } 36 | 37 | int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) { 38 | CRYPTO_sysrand(buf, len); 39 | return 1; 40 | } 41 | 42 | void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) { 43 | CRYPTO_sysrand(out, requested); 44 | } 45 | 46 | #endif // OPENSSL_RAND_TRUSTY 47 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/rc4/rc4.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | 13 | void RC4(RC4_KEY *key, size_t len, const uint8_t *in, uint8_t *out) { 14 | uint32_t x = key->x; 15 | uint32_t y = key->y; 16 | uint32_t *d = key->data; 17 | 18 | for (size_t i = 0; i < len; i++) { 19 | x = (x + 1) & 0xff; 20 | uint32_t tx = d[x]; 21 | y = (tx + y) & 0xff; 22 | uint32_t ty = d[y]; 23 | d[x] = ty; 24 | d[y] = tx; 25 | out[i] = d[(tx + ty) & 0xff] ^ in[i]; 26 | } 27 | 28 | key->x = x; 29 | key->y = y; 30 | } 31 | 32 | void RC4_set_key(RC4_KEY *rc4key, unsigned len, const uint8_t *key) { 33 | uint32_t *d = &rc4key->data[0]; 34 | rc4key->x = 0; 35 | rc4key->y = 0; 36 | 37 | for (unsigned i = 0; i < 256; i++) { 38 | d[i] = i; 39 | } 40 | 41 | unsigned id1 = 0, id2 = 0; 42 | for (unsigned i = 0; i < 256; i++) { 43 | uint32_t tmp = d[i]; 44 | id2 = (key[id1] + tmp + id2) & 0xff; 45 | if (++id1 == len) { 46 | id1 = 0; 47 | } 48 | d[i] = d[id2]; 49 | d[id2] = tmp; 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/refcount.cc: -------------------------------------------------------------------------------- 1 | /* Copyright 2015 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #include "internal.h" 16 | 17 | #include 18 | #include 19 | 20 | 21 | // See comment above the typedef of CRYPTO_refcount_t about these tests. 22 | static_assert(alignof(CRYPTO_refcount_t) == alignof(CRYPTO_atomic_u32), 23 | "CRYPTO_refcount_t does not match CRYPTO_atomic_u32 alignment"); 24 | static_assert(sizeof(CRYPTO_refcount_t) == sizeof(CRYPTO_atomic_u32), 25 | "CRYPTO_refcount_t does not match CRYPTO_atomic_u32 size"); 26 | 27 | static_assert((CRYPTO_refcount_t)-1 == CRYPTO_REFCOUNT_MAX, 28 | "CRYPTO_REFCOUNT_MAX is incorrect"); 29 | 30 | void CRYPTO_refcount_inc(CRYPTO_refcount_t *in_count) { 31 | CRYPTO_atomic_u32 *count = (CRYPTO_atomic_u32 *)in_count; 32 | uint32_t expected = CRYPTO_atomic_load_u32(count); 33 | 34 | while (expected != CRYPTO_REFCOUNT_MAX) { 35 | uint32_t new_value = expected + 1; 36 | if (CRYPTO_atomic_compare_exchange_weak_u32(count, &expected, new_value)) { 37 | break; 38 | } 39 | } 40 | } 41 | 42 | int CRYPTO_refcount_dec_and_test_zero(CRYPTO_refcount_t *in_count) { 43 | CRYPTO_atomic_u32 *count = (CRYPTO_atomic_u32 *)in_count; 44 | uint32_t expected = CRYPTO_atomic_load_u32(count); 45 | 46 | for (;;) { 47 | if (expected == 0) { 48 | abort(); 49 | } else if (expected == CRYPTO_REFCOUNT_MAX) { 50 | return 0; 51 | } else { 52 | const uint32_t new_value = expected - 1; 53 | if (CRYPTO_atomic_compare_exchange_weak_u32(count, &expected, 54 | new_value)) { 55 | return new_value == 0; 56 | } 57 | } 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/rsa/internal.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #ifndef OPENSSL_HEADER_RSA_EXTRA_INTERNAL_H 11 | #define OPENSSL_HEADER_RSA_EXTRA_INTERNAL_H 12 | 13 | #include 14 | 15 | #if defined(__cplusplus) 16 | extern "C" { 17 | #endif 18 | 19 | 20 | int RSA_padding_check_PKCS1_OAEP_mgf1(uint8_t *out, size_t *out_len, 21 | size_t max_out, const uint8_t *from, 22 | size_t from_len, const uint8_t *param, 23 | size_t param_len, const EVP_MD *md, 24 | const EVP_MD *mgf1md); 25 | 26 | 27 | #if defined(__cplusplus) 28 | } // extern C 29 | #endif 30 | 31 | #endif // OPENSSL_HEADER_RSA_EXTRA_INTERNAL_H 32 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/rsa/rsa_extra.cc: -------------------------------------------------------------------------------- 1 | /* Copyright 2024 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #include 16 | 17 | int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) { return 1; } 18 | 19 | void RSA_blinding_off(RSA *rsa) {} 20 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/rsa/rsa_print.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | 14 | 15 | int RSA_print(BIO *bio, const RSA *rsa, int indent) { 16 | EVP_PKEY *pkey = EVP_PKEY_new(); 17 | int ret = pkey != NULL && 18 | EVP_PKEY_set1_RSA(pkey, (RSA *)rsa) && 19 | EVP_PKEY_print_private(bio, pkey, indent, NULL); 20 | EVP_PKEY_free(pkey); 21 | return ret; 22 | } 23 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/sha/sha1.cc: -------------------------------------------------------------------------------- 1 | /* Copyright 2024 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #include 16 | 17 | #include 18 | 19 | #include "../fipsmodule/bcm_interface.h" 20 | 21 | int SHA1_Init(SHA_CTX *sha) { 22 | BCM_sha1_init(sha); 23 | return 1; 24 | } 25 | 26 | int SHA1_Update(SHA_CTX *sha, const void *data, size_t len) { 27 | BCM_sha1_update(sha, data, len); 28 | return 1; 29 | } 30 | 31 | int SHA1_Final(uint8_t out[SHA_DIGEST_LENGTH], SHA_CTX *sha) { 32 | BCM_sha1_final(out, sha); 33 | return 1; 34 | } 35 | 36 | uint8_t *SHA1(const uint8_t *data, size_t len, uint8_t out[SHA_DIGEST_LENGTH]) { 37 | SHA_CTX ctx; 38 | BCM_sha1_init(&ctx); 39 | BCM_sha1_update(&ctx, data, len); 40 | BCM_sha1_final(out, &ctx); 41 | OPENSSL_cleanse(&ctx, sizeof(ctx)); 42 | return out; 43 | } 44 | 45 | void SHA1_Transform(SHA_CTX *sha, const uint8_t block[SHA_CBLOCK]) { 46 | BCM_sha1_transform(sha, block); 47 | } 48 | 49 | void CRYPTO_fips_186_2_prf(uint8_t *out, size_t out_len, 50 | const uint8_t xkey[SHA_DIGEST_LENGTH]) { 51 | BCM_fips_186_2_prf(out, out_len, xkey); 52 | } 53 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/thread_none.cc: -------------------------------------------------------------------------------- 1 | /* Copyright 2015 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #include "internal.h" 16 | 17 | #if !defined(OPENSSL_THREADS) 18 | 19 | void CRYPTO_MUTEX_init(CRYPTO_MUTEX *lock) {} 20 | 21 | void CRYPTO_MUTEX_lock_read(CRYPTO_MUTEX *lock) {} 22 | 23 | void CRYPTO_MUTEX_lock_write(CRYPTO_MUTEX *lock) {} 24 | 25 | void CRYPTO_MUTEX_unlock_read(CRYPTO_MUTEX *lock) {} 26 | 27 | void CRYPTO_MUTEX_unlock_write(CRYPTO_MUTEX *lock) {} 28 | 29 | void CRYPTO_MUTEX_cleanup(CRYPTO_MUTEX *lock) {} 30 | 31 | void CRYPTO_once(CRYPTO_once_t *once, void (*init)(void)) { 32 | if (*once) { 33 | return; 34 | } 35 | *once = 1; 36 | init(); 37 | } 38 | 39 | static void *g_thread_locals[NUM_OPENSSL_THREAD_LOCALS]; 40 | 41 | void *CRYPTO_get_thread_local(thread_local_data_t index) { 42 | return g_thread_locals[index]; 43 | } 44 | 45 | int CRYPTO_set_thread_local(thread_local_data_t index, void *value, 46 | thread_local_destructor_t destructor) { 47 | g_thread_locals[index] = value; 48 | return 1; 49 | } 50 | 51 | #endif // !OPENSSL_THREADS 52 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/x509/a_digest.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | #include 14 | #include 15 | #include 16 | 17 | int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, 18 | unsigned char *md, unsigned int *len) { 19 | int i, ret; 20 | unsigned char *str, *p; 21 | 22 | i = i2d(data, NULL); 23 | if ((str = (unsigned char *)OPENSSL_malloc(i)) == NULL) { 24 | return 0; 25 | } 26 | p = str; 27 | i2d(data, &p); 28 | 29 | ret = EVP_Digest(str, i, md, len, type, NULL); 30 | OPENSSL_free(str); 31 | return ret; 32 | } 33 | 34 | int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, 35 | unsigned char *md, unsigned int *len) { 36 | int i, ret; 37 | unsigned char *str = NULL; 38 | 39 | i = ASN1_item_i2d(reinterpret_cast(asn), &str, it); 40 | if (!str) { 41 | return 0; 42 | } 43 | 44 | ret = EVP_Digest(str, i, md, len, type, NULL); 45 | OPENSSL_free(str); 46 | return ret; 47 | } 48 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/x509/a_verify.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | #include 14 | 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | 22 | #include "internal.h" 23 | 24 | int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *a, 25 | const ASN1_BIT_STRING *signature, void *asn, 26 | EVP_PKEY *pkey) { 27 | if (!pkey) { 28 | OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER); 29 | return 0; 30 | } 31 | 32 | size_t sig_len; 33 | if (signature->type == V_ASN1_BIT_STRING) { 34 | if (!ASN1_BIT_STRING_num_bytes(signature, &sig_len)) { 35 | OPENSSL_PUT_ERROR(X509, X509_R_INVALID_BIT_STRING_BITS_LEFT); 36 | return 0; 37 | } 38 | } else { 39 | sig_len = (size_t)ASN1_STRING_length(signature); 40 | } 41 | 42 | EVP_MD_CTX ctx; 43 | uint8_t *buf_in = NULL; 44 | int ret = 0, inl = 0; 45 | EVP_MD_CTX_init(&ctx); 46 | 47 | if (!x509_digest_verify_init(&ctx, a, pkey)) { 48 | goto err; 49 | } 50 | 51 | inl = ASN1_item_i2d(reinterpret_cast(asn), &buf_in, it); 52 | 53 | if (buf_in == NULL) { 54 | goto err; 55 | } 56 | 57 | if (!EVP_DigestVerify(&ctx, ASN1_STRING_get0_data(signature), sig_len, buf_in, 58 | inl)) { 59 | OPENSSL_PUT_ERROR(X509, ERR_R_EVP_LIB); 60 | goto err; 61 | } 62 | 63 | ret = 1; 64 | 65 | err: 66 | OPENSSL_free(buf_in); 67 | EVP_MD_CTX_cleanup(&ctx); 68 | return ret; 69 | } 70 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/x509/i2d_pr.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | 17 | 18 | int i2d_PrivateKey(const EVP_PKEY *a, uint8_t **pp) { 19 | switch (EVP_PKEY_id(a)) { 20 | case EVP_PKEY_RSA: 21 | return i2d_RSAPrivateKey(EVP_PKEY_get0_RSA(a), pp); 22 | case EVP_PKEY_EC: 23 | return i2d_ECPrivateKey(EVP_PKEY_get0_EC_KEY(a), pp); 24 | case EVP_PKEY_DSA: 25 | return i2d_DSAPrivateKey(EVP_PKEY_get0_DSA(a), pp); 26 | default: 27 | // Although this file is in crypto/x509 for layering reasons, it emits 28 | // an error code from ASN1 for OpenSSL compatibility. 29 | OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); 30 | return -1; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/x509/t_x509a.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | 16 | #include "internal.h" 17 | 18 | 19 | // X509_CERT_AUX and string set routines 20 | 21 | int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) { 22 | char oidstr[80], first; 23 | size_t i; 24 | int j; 25 | if (!aux) { 26 | return 1; 27 | } 28 | if (aux->trust) { 29 | first = 1; 30 | BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, ""); 31 | for (i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) { 32 | if (!first) { 33 | BIO_puts(out, ", "); 34 | } else { 35 | first = 0; 36 | } 37 | OBJ_obj2txt(oidstr, sizeof oidstr, sk_ASN1_OBJECT_value(aux->trust, i), 38 | 0); 39 | BIO_puts(out, oidstr); 40 | } 41 | BIO_puts(out, "\n"); 42 | } else { 43 | BIO_printf(out, "%*sNo Trusted Uses.\n", indent, ""); 44 | } 45 | if (aux->reject) { 46 | first = 1; 47 | BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, ""); 48 | for (i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) { 49 | if (!first) { 50 | BIO_puts(out, ", "); 51 | } else { 52 | first = 0; 53 | } 54 | OBJ_obj2txt(oidstr, sizeof oidstr, sk_ASN1_OBJECT_value(aux->reject, i), 55 | 0); 56 | BIO_puts(out, oidstr); 57 | } 58 | BIO_puts(out, "\n"); 59 | } else { 60 | BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); 61 | } 62 | if (aux->alias) { 63 | BIO_printf(out, "%*sAlias: %.*s\n", indent, "", aux->alias->length, 64 | aux->alias->data); 65 | } 66 | if (aux->keyid) { 67 | BIO_printf(out, "%*sKey Id: ", indent, ""); 68 | for (j = 0; j < aux->keyid->length; j++) { 69 | BIO_printf(out, "%s%02X", j ? ":" : "", aux->keyid->data[j]); 70 | } 71 | BIO_write(out, "\n", 1); 72 | } 73 | return 1; 74 | } 75 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/x509/v3_akeya.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | #include 14 | #include 15 | #include 16 | 17 | #include "internal.h" 18 | 19 | 20 | ASN1_SEQUENCE(AUTHORITY_KEYID) = { 21 | ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0), 22 | ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1), 23 | ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2), 24 | } ASN1_SEQUENCE_END(AUTHORITY_KEYID) 25 | 26 | IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID) 27 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/x509/v3_enum.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | #include 14 | #include 15 | #include 16 | 17 | #include "ext_dat.h" 18 | #include "internal.h" 19 | 20 | 21 | typedef BIT_STRING_BITNAME ENUMERATED_NAMES; 22 | 23 | static const ENUMERATED_NAMES crl_reasons[] = { 24 | {CRL_REASON_UNSPECIFIED, "Unspecified", "unspecified"}, 25 | {CRL_REASON_KEY_COMPROMISE, "Key Compromise", "keyCompromise"}, 26 | {CRL_REASON_CA_COMPROMISE, "CA Compromise", "CACompromise"}, 27 | {CRL_REASON_AFFILIATION_CHANGED, "Affiliation Changed", 28 | "affiliationChanged"}, 29 | {CRL_REASON_SUPERSEDED, "Superseded", "superseded"}, 30 | {CRL_REASON_CESSATION_OF_OPERATION, "Cessation Of Operation", 31 | "cessationOfOperation"}, 32 | {CRL_REASON_CERTIFICATE_HOLD, "Certificate Hold", "certificateHold"}, 33 | {CRL_REASON_REMOVE_FROM_CRL, "Remove From CRL", "removeFromCRL"}, 34 | {CRL_REASON_PRIVILEGE_WITHDRAWN, "Privilege Withdrawn", 35 | "privilegeWithdrawn"}, 36 | {CRL_REASON_AA_COMPROMISE, "AA Compromise", "AACompromise"}, 37 | {-1, NULL, NULL}}; 38 | 39 | static char *i2s_ASN1_ENUMERATED_TABLE(const X509V3_EXT_METHOD *method, 40 | void *ext) { 41 | const ASN1_ENUMERATED *e = reinterpret_cast(ext); 42 | long strval = ASN1_ENUMERATED_get(e); 43 | for (const ENUMERATED_NAMES *enam = 44 | reinterpret_cast(method->usr_data); 45 | enam->lname; enam++) { 46 | if (strval == enam->bitnum) { 47 | return OPENSSL_strdup(enam->lname); 48 | } 49 | } 50 | return i2s_ASN1_ENUMERATED(method, e); 51 | } 52 | 53 | const X509V3_EXT_METHOD v3_crl_reason = { 54 | NID_crl_reason, 55 | 0, 56 | ASN1_ITEM_ref(ASN1_ENUMERATED), 57 | 0, 58 | 0, 59 | 0, 60 | 0, 61 | i2s_ASN1_ENUMERATED_TABLE, 62 | 0, 63 | 0, 64 | 0, 65 | 0, 66 | 0, 67 | (void *)crl_reasons, 68 | }; 69 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/x509/v3_int.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | #include 14 | 15 | #include "ext_dat.h" 16 | 17 | 18 | static char *i2s_ASN1_INTEGER_cb(const X509V3_EXT_METHOD *method, void *ext) { 19 | return i2s_ASN1_INTEGER(method, reinterpret_cast(ext)); 20 | } 21 | 22 | static void *s2i_asn1_int(const X509V3_EXT_METHOD *meth, const X509V3_CTX *ctx, 23 | const char *value) { 24 | return s2i_ASN1_INTEGER(meth, value); 25 | } 26 | 27 | const X509V3_EXT_METHOD v3_crl_num = { 28 | NID_crl_number, 29 | 0, 30 | ASN1_ITEM_ref(ASN1_INTEGER), 31 | 0, 32 | 0, 33 | 0, 34 | 0, 35 | i2s_ASN1_INTEGER_cb, 36 | 0, 37 | 0, 38 | 0, 39 | 0, 40 | 0, 41 | NULL, 42 | }; 43 | 44 | const X509V3_EXT_METHOD v3_delta_crl = { 45 | NID_delta_crl, 46 | 0, 47 | ASN1_ITEM_ref(ASN1_INTEGER), 48 | 0, 49 | 0, 50 | 0, 51 | 0, 52 | i2s_ASN1_INTEGER_cb, 53 | 0, 54 | 0, 55 | 0, 56 | 0, 57 | 0, 58 | NULL, 59 | }; 60 | 61 | const X509V3_EXT_METHOD v3_inhibit_anyp = { 62 | NID_inhibit_any_policy, 63 | 0, 64 | ASN1_ITEM_ref(ASN1_INTEGER), 65 | 0, 66 | 0, 67 | 0, 68 | 0, 69 | i2s_ASN1_INTEGER_cb, 70 | s2i_asn1_int, 71 | 0, 72 | 0, 73 | 0, 74 | 0, 75 | NULL, 76 | }; 77 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/x509/v3_ocsp.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | #include 14 | #include 15 | 16 | #include "ext_dat.h" 17 | 18 | // OCSP extensions and a couple of CRL entry extensions 19 | 20 | static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, 21 | BIO *out, int indent); 22 | 23 | static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, 24 | BIO *out, int indent); 25 | static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, 26 | const X509V3_CTX *ctx, const char *str); 27 | 28 | const X509V3_EXT_METHOD v3_crl_invdate = { 29 | NID_invalidity_date, 30 | 0, 31 | ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), 32 | 0, 33 | 0, 34 | 0, 35 | 0, 36 | 0, 37 | 0, 38 | 0, 39 | 0, 40 | i2r_ocsp_acutoff, 41 | 0, 42 | NULL, 43 | }; 44 | 45 | const X509V3_EXT_METHOD v3_ocsp_nocheck = { 46 | NID_id_pkix_OCSP_noCheck, 47 | 0, 48 | ASN1_ITEM_ref(ASN1_NULL), 49 | 0, 50 | 0, 51 | 0, 52 | 0, 53 | 0, 54 | s2i_ocsp_nocheck, 55 | 0, 56 | 0, 57 | i2r_ocsp_nocheck, 58 | 0, 59 | NULL, 60 | }; 61 | 62 | static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, 63 | BIO *bp, int ind) { 64 | if (BIO_printf(bp, "%*s", ind, "") <= 0) { 65 | return 0; 66 | } 67 | if (!ASN1_GENERALIZEDTIME_print( 68 | bp, reinterpret_cast(cutoff))) { 69 | return 0; 70 | } 71 | return 1; 72 | } 73 | 74 | // Nocheck is just a single NULL. Don't print anything and always set it 75 | 76 | static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, 77 | BIO *out, int indent) { 78 | return 1; 79 | } 80 | 81 | static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, 82 | const X509V3_CTX *ctx, const char *str) { 83 | return ASN1_NULL_new(); 84 | } 85 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/x509/x509.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | #include 14 | #include 15 | 16 | 17 | // |X509_R_UNSUPPORTED_ALGORITHM| is no longer emitted, but continue to define 18 | // it to avoid downstream churn. 19 | OPENSSL_DECLARE_ERROR_REASON(X509, UNSUPPORTED_ALGORITHM) 20 | 21 | int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent) { 22 | const uint8_t *s; 23 | int i, n; 24 | 25 | n = sig->length; 26 | s = sig->data; 27 | for (i = 0; i < n; i++) { 28 | if ((i % 18) == 0) { 29 | if (BIO_write(bp, "\n", 1) <= 0 || BIO_indent(bp, indent, indent) <= 0) { 30 | return 0; 31 | } 32 | } 33 | if (BIO_printf(bp, "%02x%s", s[i], ((i + 1) == n) ? "" : ":") <= 0) { 34 | return 0; 35 | } 36 | } 37 | if (BIO_write(bp, "\n", 1) != 1) { 38 | return 0; 39 | } 40 | 41 | return 1; 42 | } 43 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/x509/x509_d2.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | #include 12 | 13 | 14 | int X509_STORE_set_default_paths(X509_STORE *ctx) { 15 | X509_LOOKUP *lookup; 16 | 17 | lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file()); 18 | if (lookup == NULL) { 19 | return 0; 20 | } 21 | X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); 22 | 23 | lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir()); 24 | if (lookup == NULL) { 25 | return 0; 26 | } 27 | X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); 28 | 29 | // clear any errors 30 | ERR_clear_error(); 31 | 32 | return 1; 33 | } 34 | 35 | int X509_STORE_load_locations(X509_STORE *ctx, const char *file, 36 | const char *path) { 37 | X509_LOOKUP *lookup; 38 | 39 | if (file != NULL) { 40 | lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file()); 41 | if (lookup == NULL) { 42 | return 0; 43 | } 44 | if (X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM) != 1) { 45 | return 0; 46 | } 47 | } 48 | if (path != NULL) { 49 | lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir()); 50 | if (lookup == NULL) { 51 | return 0; 52 | } 53 | if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1) { 54 | return 0; 55 | } 56 | } 57 | if ((path == NULL) && (file == NULL)) { 58 | return 0; 59 | } 60 | return 1; 61 | } 62 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/x509/x509_def.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | // TODO(fork): cleanup 13 | 14 | #if defined(OPENSSL_FUCHSIA) 15 | #define OPENSSLDIR "/config/ssl" 16 | #else 17 | #define OPENSSLDIR "/etc/ssl" 18 | #endif 19 | 20 | #define X509_CERT_AREA OPENSSLDIR 21 | #define X509_CERT_DIR OPENSSLDIR "/certs" 22 | #define X509_CERT_FILE OPENSSLDIR "/cert.pem" 23 | #define X509_PRIVATE_DIR OPENSSLDIR "/private" 24 | #define X509_CERT_DIR_EVP "SSL_CERT_DIR" 25 | #define X509_CERT_FILE_EVP "SSL_CERT_FILE" 26 | 27 | const char *X509_get_default_private_dir(void) { return X509_PRIVATE_DIR; } 28 | 29 | const char *X509_get_default_cert_area(void) { return X509_CERT_AREA; } 30 | 31 | const char *X509_get_default_cert_dir(void) { return X509_CERT_DIR; } 32 | 33 | const char *X509_get_default_cert_file(void) { return X509_CERT_FILE; } 34 | 35 | const char *X509_get_default_cert_dir_env(void) { return X509_CERT_DIR_EVP; } 36 | 37 | const char *X509_get_default_cert_file_env(void) { 38 | return X509_CERT_FILE_EVP; 39 | } 40 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/x509/x509rset.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | #include 12 | #include 13 | #include 14 | 15 | #include "internal.h" 16 | 17 | 18 | int X509_REQ_set_version(X509_REQ *x, long version) { 19 | if (x == NULL) { 20 | return 0; 21 | } 22 | if (version != X509_REQ_VERSION_1) { 23 | OPENSSL_PUT_ERROR(X509, X509_R_INVALID_VERSION); 24 | return 0; 25 | } 26 | return ASN1_INTEGER_set_int64(x->req_info->version, version); 27 | } 28 | 29 | int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name) { 30 | if ((x == NULL) || (x->req_info == NULL)) { 31 | return 0; 32 | } 33 | return (X509_NAME_set(&x->req_info->subject, name)); 34 | } 35 | 36 | int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey) { 37 | if ((x == NULL) || (x->req_info == NULL)) { 38 | return 0; 39 | } 40 | return (X509_PUBKEY_set(&x->req_info->pubkey, pkey)); 41 | } 42 | 43 | int X509_REQ_set1_signature_algo(X509_REQ *req, const X509_ALGOR *algo) { 44 | X509_ALGOR *copy = X509_ALGOR_dup(algo); 45 | if (copy == NULL) { 46 | return 0; 47 | } 48 | 49 | X509_ALGOR_free(req->sig_alg); 50 | req->sig_alg = copy; 51 | return 1; 52 | } 53 | 54 | int X509_REQ_set1_signature_value(X509_REQ *req, const uint8_t *sig, 55 | size_t sig_len) { 56 | if (!ASN1_STRING_set(req->signature, sig, sig_len)) { 57 | return 0; 58 | } 59 | req->signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); 60 | req->signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; 61 | return 1; 62 | } 63 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/x509/x_attrib.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | #include 12 | #include 13 | #include 14 | 15 | #include "internal.h" 16 | 17 | 18 | ASN1_SEQUENCE(X509_ATTRIBUTE) = { 19 | ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT), 20 | ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY), 21 | } ASN1_SEQUENCE_END(X509_ATTRIBUTE) 22 | 23 | IMPLEMENT_ASN1_FUNCTIONS_const(X509_ATTRIBUTE) 24 | IMPLEMENT_ASN1_DUP_FUNCTION_const(X509_ATTRIBUTE) 25 | 26 | X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int attrtype, void *value) { 27 | ASN1_OBJECT *obj = OBJ_nid2obj(nid); 28 | if (obj == NULL) { 29 | return NULL; 30 | } 31 | 32 | X509_ATTRIBUTE *ret = X509_ATTRIBUTE_new(); 33 | ASN1_TYPE *val = ASN1_TYPE_new(); 34 | if (ret == NULL || val == NULL) { 35 | goto err; 36 | } 37 | 38 | ret->object = obj; 39 | if (!sk_ASN1_TYPE_push(ret->set, val)) { 40 | goto err; 41 | } 42 | 43 | ASN1_TYPE_set(val, attrtype, value); 44 | return ret; 45 | 46 | err: 47 | X509_ATTRIBUTE_free(ret); 48 | ASN1_TYPE_free(val); 49 | return NULL; 50 | } 51 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/x509/x_exten.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | #include 12 | #include 13 | #include 14 | 15 | #include "internal.h" 16 | 17 | 18 | ASN1_SEQUENCE(X509_EXTENSION) = { 19 | ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT), 20 | ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN), 21 | ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING), 22 | } ASN1_SEQUENCE_END(X509_EXTENSION) 23 | 24 | ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = 25 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION) 26 | ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS) 27 | 28 | IMPLEMENT_ASN1_FUNCTIONS_const(X509_EXTENSION) 29 | IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(X509_EXTENSIONS, X509_EXTENSIONS, 30 | X509_EXTENSIONS) 31 | IMPLEMENT_ASN1_DUP_FUNCTION_const(X509_EXTENSION) 32 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/x509/x_sig.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | #include 14 | 15 | 16 | struct X509_sig_st { 17 | X509_ALGOR *algor; 18 | ASN1_OCTET_STRING *digest; 19 | } /* X509_SIG */; 20 | 21 | ASN1_SEQUENCE(X509_SIG) = { 22 | ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR), 23 | ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING), 24 | } ASN1_SEQUENCE_END(X509_SIG) 25 | 26 | IMPLEMENT_ASN1_FUNCTIONS_const(X509_SIG) 27 | 28 | void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **out_alg, 29 | const ASN1_OCTET_STRING **out_digest) { 30 | if (out_alg != NULL) { 31 | *out_alg = sig->algor; 32 | } 33 | if (out_digest != NULL) { 34 | *out_digest = sig->digest; 35 | } 36 | } 37 | 38 | void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **out_alg, 39 | ASN1_OCTET_STRING **out_digest) { 40 | if (out_alg != NULL) { 41 | *out_alg = sig->algor; 42 | } 43 | if (out_digest != NULL) { 44 | *out_digest = sig->digest; 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/x509/x_spki.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | #include 12 | 13 | #include "internal.h" 14 | 15 | 16 | ASN1_SEQUENCE(NETSCAPE_SPKAC) = { 17 | ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY), 18 | ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING), 19 | } ASN1_SEQUENCE_END(NETSCAPE_SPKAC) 20 | 21 | IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_SPKAC) 22 | 23 | ASN1_SEQUENCE(NETSCAPE_SPKI) = { 24 | ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC), 25 | ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR), 26 | ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING), 27 | } ASN1_SEQUENCE_END(NETSCAPE_SPKI) 28 | 29 | IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_SPKI) 30 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/crypto/x509/x_val.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #include 11 | 12 | #include 13 | #include 14 | 15 | #include "internal.h" 16 | 17 | 18 | ASN1_SEQUENCE(X509_VAL) = { 19 | ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME), 20 | ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME), 21 | } ASN1_SEQUENCE_END(X509_VAL) 22 | 23 | IMPLEMENT_ASN1_FUNCTIONS_const(X509_VAL) 24 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/gen/bcm/rdrand-x86_64-apple.S: -------------------------------------------------------------------------------- 1 | #define BORINGSSL_PREFIX CNIOBoringSSL 2 | // This file is generated from a similarly-named Perl script in the BoringSSL 3 | // source tree. Do not edit by hand. 4 | 5 | #include 6 | 7 | #if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__APPLE__) 8 | .text 9 | 10 | 11 | 12 | 13 | .globl _CRYPTO_rdrand 14 | .private_extern _CRYPTO_rdrand 15 | 16 | .p2align 4 17 | _CRYPTO_rdrand: 18 | 19 | _CET_ENDBR 20 | xorq %rax,%rax 21 | .byte 72,15,199,242 22 | 23 | adcq %rax,%rax 24 | movq %rdx,0(%rdi) 25 | ret 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | .globl _CRYPTO_rdrand_multiple8_buf 34 | .private_extern _CRYPTO_rdrand_multiple8_buf 35 | 36 | .p2align 4 37 | _CRYPTO_rdrand_multiple8_buf: 38 | 39 | _CET_ENDBR 40 | testq %rsi,%rsi 41 | jz L$out 42 | movq $8,%rdx 43 | L$loop: 44 | .byte 72,15,199,241 45 | jnc L$err 46 | movq %rcx,0(%rdi) 47 | addq %rdx,%rdi 48 | subq %rdx,%rsi 49 | jnz L$loop 50 | L$out: 51 | movq $1,%rax 52 | ret 53 | L$err: 54 | xorq %rax,%rax 55 | ret 56 | 57 | 58 | #endif 59 | #if defined(__linux__) && defined(__ELF__) 60 | .section .note.GNU-stack,"",%progbits 61 | #endif 62 | 63 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/gen/bcm/rdrand-x86_64-linux.S: -------------------------------------------------------------------------------- 1 | #define BORINGSSL_PREFIX CNIOBoringSSL 2 | // This file is generated from a similarly-named Perl script in the BoringSSL 3 | // source tree. Do not edit by hand. 4 | 5 | #include 6 | 7 | #if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__ELF__) 8 | .text 9 | 10 | 11 | 12 | 13 | .globl CRYPTO_rdrand 14 | .hidden CRYPTO_rdrand 15 | .type CRYPTO_rdrand,@function 16 | .align 16 17 | CRYPTO_rdrand: 18 | .cfi_startproc 19 | _CET_ENDBR 20 | xorq %rax,%rax 21 | .byte 72,15,199,242 22 | 23 | adcq %rax,%rax 24 | movq %rdx,0(%rdi) 25 | ret 26 | .cfi_endproc 27 | .size CRYPTO_rdrand,.-CRYPTO_rdrand 28 | 29 | 30 | 31 | 32 | 33 | .globl CRYPTO_rdrand_multiple8_buf 34 | .hidden CRYPTO_rdrand_multiple8_buf 35 | .type CRYPTO_rdrand_multiple8_buf,@function 36 | .align 16 37 | CRYPTO_rdrand_multiple8_buf: 38 | .cfi_startproc 39 | _CET_ENDBR 40 | testq %rsi,%rsi 41 | jz .Lout 42 | movq $8,%rdx 43 | .Lloop: 44 | .byte 72,15,199,241 45 | jnc .Lerr 46 | movq %rcx,0(%rdi) 47 | addq %rdx,%rdi 48 | subq %rdx,%rsi 49 | jnz .Lloop 50 | .Lout: 51 | movq $1,%rax 52 | ret 53 | .Lerr: 54 | xorq %rax,%rax 55 | ret 56 | .cfi_endproc 57 | .size CRYPTO_rdrand_multiple8_buf,.-CRYPTO_rdrand_multiple8_buf 58 | #endif 59 | #if defined(__linux__) && defined(__ELF__) 60 | .section .note.GNU-stack,"",%progbits 61 | #endif 62 | 63 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/hash.txt: -------------------------------------------------------------------------------- 1 | This directory is derived from BoringSSL cloned from https://boringssl.googlesource.com/boringssl at revision 817ab07ebb53da35afea409ab9328f578492832d 2 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_arm_arch.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #ifndef OPENSSL_HEADER_ARM_ARCH_H 11 | #define OPENSSL_HEADER_ARM_ARCH_H 12 | 13 | #include "CNIOBoringSSL_target.h" 14 | 15 | // arm_arch.h contains symbols used by ARM assembly, and the C code that calls 16 | // it. It is included as a public header to simplify the build, but is not 17 | // intended for external use. 18 | 19 | #if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) 20 | 21 | // ARMV7_NEON is true when a NEON unit is present in the current CPU. 22 | #define ARMV7_NEON (1 << 0) 23 | 24 | // ARMV8_AES indicates support for hardware AES instructions. 25 | #define ARMV8_AES (1 << 2) 26 | 27 | // ARMV8_SHA1 indicates support for hardware SHA-1 instructions. 28 | #define ARMV8_SHA1 (1 << 3) 29 | 30 | // ARMV8_SHA256 indicates support for hardware SHA-256 instructions. 31 | #define ARMV8_SHA256 (1 << 4) 32 | 33 | // ARMV8_PMULL indicates support for carryless multiplication. 34 | #define ARMV8_PMULL (1 << 5) 35 | 36 | // ARMV8_SHA512 indicates support for hardware SHA-512 instructions. 37 | #define ARMV8_SHA512 (1 << 6) 38 | 39 | #endif // ARM || AARCH64 40 | 41 | #endif // OPENSSL_HEADER_ARM_ARCH_H 42 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_asn1_mac.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2016 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | /* This header is provided in order to make compiling against code that expects 16 | OpenSSL easier. */ 17 | 18 | #include "CNIOBoringSSL_asn1.h" 19 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_blake2.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2021 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #ifndef OPENSSL_HEADER_BLAKE2_H 16 | #define OPENSSL_HEADER_BLAKE2_H 17 | 18 | #include "CNIOBoringSSL_base.h" 19 | 20 | #if defined(__cplusplus) 21 | extern "C" { 22 | #endif 23 | 24 | 25 | #define BLAKE2B256_DIGEST_LENGTH (256 / 8) 26 | #define BLAKE2B_CBLOCK 128 27 | 28 | struct blake2b_state_st { 29 | uint64_t h[8]; 30 | uint64_t t_low, t_high; 31 | uint8_t block[BLAKE2B_CBLOCK]; 32 | size_t block_used; 33 | }; 34 | 35 | // BLAKE2B256_Init initialises |b2b| to perform a BLAKE2b-256 hash. There are no 36 | // pointers inside |b2b| thus release of |b2b| is purely managed by the caller. 37 | OPENSSL_EXPORT void BLAKE2B256_Init(BLAKE2B_CTX *b2b); 38 | 39 | // BLAKE2B256_Update appends |len| bytes from |data| to the digest being 40 | // calculated by |b2b|. 41 | OPENSSL_EXPORT void BLAKE2B256_Update(BLAKE2B_CTX *b2b, const void *data, 42 | size_t len); 43 | 44 | // BLAKE2B256_Final completes the digest calculated by |b2b| and writes 45 | // |BLAKE2B256_DIGEST_LENGTH| bytes to |out|. 46 | OPENSSL_EXPORT void BLAKE2B256_Final(uint8_t out[BLAKE2B256_DIGEST_LENGTH], 47 | BLAKE2B_CTX *b2b); 48 | 49 | // BLAKE2B256 writes the BLAKE2b-256 digset of |len| bytes from |data| to 50 | // |out|. 51 | OPENSSL_EXPORT void BLAKE2B256(const uint8_t *data, size_t len, 52 | uint8_t out[BLAKE2B256_DIGEST_LENGTH]); 53 | 54 | 55 | #if defined(__cplusplus) 56 | } // extern C 57 | #endif 58 | 59 | #endif // OPENSSL_HEADER_BLAKE2_H 60 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_blowfish.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #ifndef OPENSSL_HEADER_BLOWFISH_H 11 | #define OPENSSL_HEADER_BLOWFISH_H 12 | 13 | #include "CNIOBoringSSL_base.h" 14 | 15 | #ifdef __cplusplus 16 | extern "C" { 17 | #endif 18 | 19 | 20 | #define BF_ENCRYPT 1 21 | #define BF_DECRYPT 0 22 | 23 | #define BF_ROUNDS 16 24 | #define BF_BLOCK 8 25 | 26 | typedef struct bf_key_st { 27 | uint32_t P[BF_ROUNDS + 2]; 28 | uint32_t S[4 * 256]; 29 | } BF_KEY; 30 | 31 | OPENSSL_EXPORT void BF_set_key(BF_KEY *key, size_t len, const uint8_t *data); 32 | OPENSSL_EXPORT void BF_encrypt(uint32_t *data, const BF_KEY *key); 33 | OPENSSL_EXPORT void BF_decrypt(uint32_t *data, const BF_KEY *key); 34 | 35 | OPENSSL_EXPORT void BF_ecb_encrypt(const uint8_t *in, uint8_t *out, 36 | const BF_KEY *key, int enc); 37 | OPENSSL_EXPORT void BF_cbc_encrypt(const uint8_t *in, uint8_t *out, 38 | size_t length, const BF_KEY *schedule, 39 | uint8_t *ivec, int enc); 40 | 41 | 42 | #ifdef __cplusplus 43 | } 44 | #endif 45 | 46 | #endif // OPENSSL_HEADER_BLOWFISH_H 47 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_buffer.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2015 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | /* This header is provided in order to make compiling against code that expects 16 | OpenSSL easier. */ 17 | 18 | #include "CNIOBoringSSL_buf.h" 19 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_cast.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #ifndef OPENSSL_HEADER_CAST_H 11 | #define OPENSSL_HEADER_CAST_H 12 | 13 | #include "CNIOBoringSSL_base.h" 14 | 15 | #ifdef __cplusplus 16 | extern "C" { 17 | #endif 18 | 19 | 20 | #define CAST_ENCRYPT 1 21 | #define CAST_DECRYPT 0 22 | 23 | #define CAST_BLOCK 8 24 | #define CAST_KEY_LENGTH 16 25 | 26 | typedef struct cast_key_st { 27 | uint32_t data[32]; 28 | int short_key; // Use reduced rounds for short key 29 | } CAST_KEY; 30 | 31 | OPENSSL_EXPORT void CAST_set_key(CAST_KEY *key, size_t len, 32 | const uint8_t *data); 33 | OPENSSL_EXPORT void CAST_ecb_encrypt(const uint8_t *in, uint8_t *out, 34 | const CAST_KEY *key, int enc); 35 | OPENSSL_EXPORT void CAST_encrypt(uint32_t *data, const CAST_KEY *key); 36 | OPENSSL_EXPORT void CAST_decrypt(uint32_t *data, const CAST_KEY *key); 37 | OPENSSL_EXPORT void CAST_cbc_encrypt(const uint8_t *in, uint8_t *out, 38 | size_t length, const CAST_KEY *ks, 39 | uint8_t *iv, int enc); 40 | 41 | OPENSSL_EXPORT void CAST_cfb64_encrypt(const uint8_t *in, uint8_t *out, 42 | size_t length, const CAST_KEY *schedule, 43 | uint8_t *ivec, int *num, int enc); 44 | 45 | #ifdef __cplusplus 46 | } 47 | #endif 48 | 49 | #endif // OPENSSL_HEADER_CAST_H 50 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_chacha.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2014 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #ifndef OPENSSL_HEADER_CHACHA_H 16 | #define OPENSSL_HEADER_CHACHA_H 17 | 18 | #include "CNIOBoringSSL_base.h" 19 | 20 | #if defined(__cplusplus) 21 | extern "C" { 22 | #endif 23 | 24 | // ChaCha20. 25 | // 26 | // ChaCha20 is a stream cipher. See https://tools.ietf.org/html/rfc8439. 27 | 28 | 29 | // CRYPTO_chacha_20 encrypts |in_len| bytes from |in| with the given key and 30 | // nonce and writes the result to |out|. If |in| and |out| alias, they must be 31 | // equal. The initial block counter is specified by |counter|. 32 | // 33 | // This function implements a 32-bit block counter as in RFC 8439. On overflow, 34 | // the counter wraps. Reusing a key, nonce, and block counter combination is not 35 | // secure, so wrapping is usually a bug in the caller. While it is possible to 36 | // wrap without reuse with a large initial block counter, this is not 37 | // recommended and may not be portable to other ChaCha20 implementations. 38 | OPENSSL_EXPORT void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in, 39 | size_t in_len, const uint8_t key[32], 40 | const uint8_t nonce[12], uint32_t counter); 41 | 42 | 43 | #if defined(__cplusplus) 44 | } // extern C 45 | #endif 46 | 47 | #endif // OPENSSL_HEADER_CHACHA_H 48 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_cpu.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2014 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | // This header is provided for compatibility with older revisions of BoringSSL. 16 | // TODO(davidben): Remove this header. 17 | 18 | #include "CNIOBoringSSL_crypto.h" 19 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_dtls1.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2015 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | /* This header is provided in order to make compiling against code that expects 16 | OpenSSL easier. */ 17 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_e_os2.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2018 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | /* This header is provided in order to make compiling against code that expects 16 | OpenSSL easier. */ 17 | 18 | #include "CNIOBoringSSL_base.h" 19 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_evp_errors.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #ifndef OPENSSL_HEADER_EVP_ERRORS_H 11 | #define OPENSSL_HEADER_EVP_ERRORS_H 12 | 13 | #define EVP_R_BUFFER_TOO_SMALL 100 14 | #define EVP_R_COMMAND_NOT_SUPPORTED 101 15 | #define EVP_R_DECODE_ERROR 102 16 | #define EVP_R_DIFFERENT_KEY_TYPES 103 17 | #define EVP_R_DIFFERENT_PARAMETERS 104 18 | #define EVP_R_ENCODE_ERROR 105 19 | #define EVP_R_EXPECTING_AN_EC_KEY_KEY 106 20 | #define EVP_R_EXPECTING_AN_RSA_KEY 107 21 | #define EVP_R_EXPECTING_A_DSA_KEY 108 22 | #define EVP_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 109 23 | #define EVP_R_INVALID_DIGEST_LENGTH 110 24 | #define EVP_R_INVALID_DIGEST_TYPE 111 25 | #define EVP_R_INVALID_KEYBITS 112 26 | #define EVP_R_INVALID_MGF1_MD 113 27 | #define EVP_R_INVALID_OPERATION 114 28 | #define EVP_R_INVALID_PADDING_MODE 115 29 | #define EVP_R_INVALID_PSS_SALTLEN 116 30 | #define EVP_R_KEYS_NOT_SET 117 31 | #define EVP_R_MISSING_PARAMETERS 118 32 | #define EVP_R_NO_DEFAULT_DIGEST 119 33 | #define EVP_R_NO_KEY_SET 120 34 | #define EVP_R_NO_MDC2_SUPPORT 121 35 | #define EVP_R_NO_NID_FOR_CURVE 122 36 | #define EVP_R_NO_OPERATION_SET 123 37 | #define EVP_R_NO_PARAMETERS_SET 124 38 | #define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 125 39 | #define EVP_R_OPERATON_NOT_INITIALIZED 126 40 | #define EVP_R_UNKNOWN_PUBLIC_KEY_TYPE 127 41 | #define EVP_R_UNSUPPORTED_ALGORITHM 128 42 | #define EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE 129 43 | #define EVP_R_NOT_A_PRIVATE_KEY 130 44 | #define EVP_R_INVALID_SIGNATURE 131 45 | #define EVP_R_MEMORY_LIMIT_EXCEEDED 132 46 | #define EVP_R_INVALID_PARAMETERS 133 47 | #define EVP_R_INVALID_PEER_KEY 134 48 | #define EVP_R_NOT_XOF_OR_INVALID_LENGTH 135 49 | #define EVP_R_EMPTY_PSK 136 50 | #define EVP_R_INVALID_BUFFER_SIZE 137 51 | #define EVP_R_EXPECTING_A_DH_KEY 138 52 | 53 | #endif // OPENSSL_HEADER_EVP_ERRORS_H 54 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_is_boringssl.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | // This header is provided in order to catch include path errors in consuming 16 | // BoringSSL. 17 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_lhash.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #ifndef OPENSSL_HEADER_LHASH_H 11 | #define OPENSSL_HEADER_LHASH_H 12 | 13 | #include "CNIOBoringSSL_base.h" 14 | 15 | #if defined(__cplusplus) 16 | extern "C" { 17 | #endif 18 | 19 | 20 | // lhash is an internal library and not exported for use outside BoringSSL. This 21 | // header is provided for compatibility with code that expects OpenSSL. 22 | 23 | 24 | // These two macros are exported for compatibility with existing callers of 25 | // |X509V3_EXT_conf_nid|. Do not use these symbols outside BoringSSL. 26 | #define LHASH_OF(type) struct lhash_st_##type 27 | #define DECLARE_LHASH_OF(type) LHASH_OF(type); 28 | 29 | 30 | #if defined(__cplusplus) 31 | } // extern C 32 | #endif 33 | 34 | #endif // OPENSSL_HEADER_LHASH_H 35 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_md4.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #ifndef OPENSSL_HEADER_MD4_H 11 | #define OPENSSL_HEADER_MD4_H 12 | 13 | #include "CNIOBoringSSL_base.h" 14 | 15 | #if defined(__cplusplus) 16 | extern "C" { 17 | #endif 18 | 19 | 20 | // MD4. 21 | 22 | // MD4_CBLOCK is the block size of MD4. 23 | #define MD4_CBLOCK 64 24 | 25 | // MD4_DIGEST_LENGTH is the length of an MD4 digest. 26 | #define MD4_DIGEST_LENGTH 16 27 | 28 | // MD4_Init initialises |md4| and returns one. 29 | OPENSSL_EXPORT int MD4_Init(MD4_CTX *md4); 30 | 31 | // MD4_Update adds |len| bytes from |data| to |md4| and returns one. 32 | OPENSSL_EXPORT int MD4_Update(MD4_CTX *md4, const void *data, size_t len); 33 | 34 | // MD4_Final adds the final padding to |md4| and writes the resulting digest to 35 | // |out|, which must have at least |MD4_DIGEST_LENGTH| bytes of space. It 36 | // returns one. 37 | OPENSSL_EXPORT int MD4_Final(uint8_t out[MD4_DIGEST_LENGTH], MD4_CTX *md4); 38 | 39 | // MD4 writes the digest of |len| bytes from |data| to |out| and returns |out|. 40 | // There must be at least |MD4_DIGEST_LENGTH| bytes of space in |out|. 41 | OPENSSL_EXPORT uint8_t *MD4(const uint8_t *data, size_t len, 42 | uint8_t out[MD4_DIGEST_LENGTH]); 43 | 44 | // MD4_Transform is a low-level function that performs a single, MD4 block 45 | // transformation using the state from |md4| and 64 bytes from |block|. 46 | OPENSSL_EXPORT void MD4_Transform(MD4_CTX *md4, 47 | const uint8_t block[MD4_CBLOCK]); 48 | 49 | struct md4_state_st { 50 | uint32_t h[4]; 51 | uint32_t Nl, Nh; 52 | uint8_t data[MD4_CBLOCK]; 53 | unsigned num; 54 | }; 55 | 56 | 57 | #if defined(__cplusplus) 58 | } // extern C 59 | #endif 60 | 61 | #endif // OPENSSL_HEADER_MD4_H 62 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_md5.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #ifndef OPENSSL_HEADER_MD5_H 11 | #define OPENSSL_HEADER_MD5_H 12 | 13 | #include "CNIOBoringSSL_base.h" 14 | 15 | #if defined(__cplusplus) 16 | extern "C" { 17 | #endif 18 | 19 | 20 | // MD5. 21 | 22 | 23 | // MD5_CBLOCK is the block size of MD5. 24 | #define MD5_CBLOCK 64 25 | 26 | // MD5_DIGEST_LENGTH is the length of an MD5 digest. 27 | #define MD5_DIGEST_LENGTH 16 28 | 29 | // MD5_Init initialises |md5| and returns one. 30 | OPENSSL_EXPORT int MD5_Init(MD5_CTX *md5); 31 | 32 | // MD5_Update adds |len| bytes from |data| to |md5| and returns one. 33 | OPENSSL_EXPORT int MD5_Update(MD5_CTX *md5, const void *data, size_t len); 34 | 35 | // MD5_Final adds the final padding to |md5| and writes the resulting digest to 36 | // |out|, which must have at least |MD5_DIGEST_LENGTH| bytes of space. It 37 | // returns one. 38 | OPENSSL_EXPORT int MD5_Final(uint8_t out[MD5_DIGEST_LENGTH], MD5_CTX *md5); 39 | 40 | // MD5 writes the digest of |len| bytes from |data| to |out| and returns |out|. 41 | // There must be at least |MD5_DIGEST_LENGTH| bytes of space in |out|. 42 | OPENSSL_EXPORT uint8_t *MD5(const uint8_t *data, size_t len, 43 | uint8_t out[MD5_DIGEST_LENGTH]); 44 | 45 | // MD5_Transform is a low-level function that performs a single, MD5 block 46 | // transformation using the state from |md5| and 64 bytes from |block|. 47 | OPENSSL_EXPORT void MD5_Transform(MD5_CTX *md5, 48 | const uint8_t block[MD5_CBLOCK]); 49 | 50 | struct md5_state_st { 51 | uint32_t h[4]; 52 | uint32_t Nl, Nh; 53 | uint8_t data[MD5_CBLOCK]; 54 | unsigned num; 55 | }; 56 | 57 | 58 | #if defined(__cplusplus) 59 | } // extern C 60 | #endif 61 | 62 | #endif // OPENSSL_HEADER_MD5_H 63 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_obj_mac.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2016 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | /* This header is provided in order to make compiling against code that expects 16 | OpenSSL easier. */ 17 | 18 | #include "CNIOBoringSSL_nid.h" 19 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_objects.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2014 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | /* This header is provided in order to make compiling against code that expects 16 | OpenSSL easier. */ 17 | 18 | #include "CNIOBoringSSL_obj.h" 19 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_opensslv.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2014 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | /* This header is provided in order to make compiling against code that expects 16 | OpenSSL easier. */ 17 | 18 | #include "CNIOBoringSSL_crypto.h" 19 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_ossl_typ.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2014 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | /* This header is provided in order to make compiling against code that expects 16 | OpenSSL easier. */ 17 | 18 | #include "CNIOBoringSSL_base.h" 19 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_pkcs12.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2014 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | /* This header is provided in order to make compiling against code that expects 16 | OpenSSL easier. */ 17 | 18 | #include "CNIOBoringSSL_pkcs8.h" 19 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_poly1305.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2014 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #ifndef OPENSSL_HEADER_POLY1305_H 16 | #define OPENSSL_HEADER_POLY1305_H 17 | 18 | #include "CNIOBoringSSL_base.h" 19 | 20 | #ifdef __cplusplus 21 | extern "C" { 22 | #endif 23 | 24 | 25 | typedef uint8_t poly1305_state[512]; 26 | 27 | // CRYPTO_poly1305_init sets up |state| so that it can be used to calculate an 28 | // authentication tag with the one-time key |key|. Note that |key| is a 29 | // one-time key and therefore there is no `reset' method because that would 30 | // enable several messages to be authenticated with the same key. 31 | OPENSSL_EXPORT void CRYPTO_poly1305_init(poly1305_state *state, 32 | const uint8_t key[32]); 33 | 34 | // CRYPTO_poly1305_update processes |in_len| bytes from |in|. It can be called 35 | // zero or more times after poly1305_init. 36 | OPENSSL_EXPORT void CRYPTO_poly1305_update(poly1305_state *state, 37 | const uint8_t *in, size_t in_len); 38 | 39 | // CRYPTO_poly1305_finish completes the poly1305 calculation and writes a 16 40 | // byte authentication tag to |mac|. 41 | OPENSSL_EXPORT void CRYPTO_poly1305_finish(poly1305_state *state, 42 | uint8_t mac[16]); 43 | 44 | 45 | #if defined(__cplusplus) 46 | } // extern C 47 | #endif 48 | 49 | #endif // OPENSSL_HEADER_POLY1305_H 50 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_posix_time.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2022 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #ifndef OPENSSL_HEADER_POSIX_TIME_H 16 | #define OPENSSL_HEADER_POSIX_TIME_H 17 | 18 | #include "CNIOBoringSSL_base.h" 19 | 20 | #include 21 | 22 | #if defined(__cplusplus) 23 | extern "C" { 24 | #endif 25 | 26 | 27 | // Time functions. 28 | 29 | 30 | // OPENSSL_posix_to_tm converts a int64_t POSIX time value in |time|, which must 31 | // be in the range of year 0000 to 9999, to a broken out time value in |tm|. It 32 | // returns one on success and zero on error. 33 | OPENSSL_EXPORT int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm); 34 | 35 | // OPENSSL_tm_to_posix converts a time value between the years 0 and 9999 in 36 | // |tm| to a POSIX time value in |out|. One is returned on success, zero is 37 | // returned on failure. It is a failure if |tm| contains out of range values. 38 | OPENSSL_EXPORT int OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out); 39 | 40 | // OPENSSL_timegm converts a time value between the years 0 and 9999 in |tm| to 41 | // a time_t value in |out|. One is returned on success, zero is returned on 42 | // failure. It is a failure if the converted time can not be represented in a 43 | // time_t, or if the tm contains out of range values. 44 | OPENSSL_EXPORT int OPENSSL_timegm(const struct tm *tm, time_t *out); 45 | 46 | 47 | #if defined(__cplusplus) 48 | } // extern C 49 | #endif 50 | 51 | #endif // OPENSSL_HEADER_POSIX_TIME_H 52 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_rc4.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #ifndef OPENSSL_HEADER_RC4_H 11 | #define OPENSSL_HEADER_RC4_H 12 | 13 | #include "CNIOBoringSSL_base.h" 14 | 15 | #if defined(__cplusplus) 16 | extern "C" { 17 | #endif 18 | 19 | 20 | // RC4. 21 | 22 | 23 | struct rc4_key_st { 24 | uint32_t x, y; 25 | uint32_t data[256]; 26 | } /* RC4_KEY */; 27 | 28 | // RC4_set_key performs an RC4 key schedule and initialises |rc4key| with |len| 29 | // bytes of key material from |key|. 30 | OPENSSL_EXPORT void RC4_set_key(RC4_KEY *rc4key, unsigned len, 31 | const uint8_t *key); 32 | 33 | // RC4 encrypts (or decrypts, it's the same with RC4) |len| bytes from |in| to 34 | // |out|. 35 | OPENSSL_EXPORT void RC4(RC4_KEY *key, size_t len, const uint8_t *in, 36 | uint8_t *out); 37 | 38 | 39 | // Deprecated functions. 40 | 41 | // RC4_options returns the string "rc4(ptr,int)". 42 | OPENSSL_EXPORT const char *RC4_options(void); 43 | 44 | 45 | #if defined(__cplusplus) 46 | } // extern C 47 | #endif 48 | 49 | #endif // OPENSSL_HEADER_RC4_H 50 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_ripemd.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #ifndef OPENSSL_HEADER_RIPEMD_H 11 | #define OPENSSL_HEADER_RIPEMD_H 12 | 13 | #include "CNIOBoringSSL_base.h" 14 | 15 | #ifdef __cplusplus 16 | extern "C" { 17 | #endif 18 | 19 | 20 | # define RIPEMD160_CBLOCK 64 21 | # define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) 22 | # define RIPEMD160_DIGEST_LENGTH 20 23 | 24 | struct RIPEMD160state_st { 25 | uint32_t h[5]; 26 | uint32_t Nl, Nh; 27 | uint8_t data[RIPEMD160_CBLOCK]; 28 | unsigned num; 29 | }; 30 | 31 | // RIPEMD160_Init initialises |ctx| and returns one. 32 | OPENSSL_EXPORT int RIPEMD160_Init(RIPEMD160_CTX *ctx); 33 | 34 | // RIPEMD160_Update adds |len| bytes from |data| to |ctx| and returns one. 35 | OPENSSL_EXPORT int RIPEMD160_Update(RIPEMD160_CTX *ctx, const void *data, 36 | size_t len); 37 | 38 | // RIPEMD160_Final adds the final padding to |ctx| and writes the resulting 39 | // digest to |out|, which must have at least |RIPEMD160_DIGEST_LENGTH| bytes of 40 | // space. It returns one. 41 | OPENSSL_EXPORT int RIPEMD160_Final(uint8_t out[RIPEMD160_DIGEST_LENGTH], 42 | RIPEMD160_CTX *ctx); 43 | 44 | // RIPEMD160 writes the digest of |len| bytes from |data| to |out| and returns 45 | // |out|. There must be at least |RIPEMD160_DIGEST_LENGTH| bytes of space in 46 | // |out|. 47 | OPENSSL_EXPORT uint8_t *RIPEMD160(const uint8_t *data, size_t len, 48 | uint8_t out[RIPEMD160_DIGEST_LENGTH]); 49 | 50 | // RIPEMD160_Transform is a low-level function that performs a single, 51 | // RIPEMD160 block transformation using the state from |ctx| and 64 bytes from 52 | // |block|. 53 | OPENSSL_EXPORT void RIPEMD160_Transform(RIPEMD160_CTX *ctx, 54 | const uint8_t block[RIPEMD160_CBLOCK]); 55 | 56 | 57 | #if defined(__cplusplus) 58 | } // extern C 59 | #endif 60 | 61 | #endif // OPENSSL_HEADER_RIPEMD_H 62 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_safestack.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2014 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | /* This header is provided in order to make compiling against code that expects 16 | OpenSSL easier. */ 17 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_siphash.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2019 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #ifndef OPENSSL_HEADER_SIPHASH_H 16 | #define OPENSSL_HEADER_SIPHASH_H 17 | 18 | #include "CNIOBoringSSL_base.h" 19 | 20 | #if defined(__cplusplus) 21 | extern "C" { 22 | #endif 23 | 24 | 25 | // SipHash is a fast, secure PRF that is often used for hash tables. 26 | 27 | 28 | // SIPHASH_24 implements SipHash-2-4. See https://131002.net/siphash/siphash.pdf 29 | OPENSSL_EXPORT uint64_t SIPHASH_24(const uint64_t key[2], const uint8_t *input, 30 | size_t input_len); 31 | 32 | 33 | #if defined(__cplusplus) 34 | } // extern C 35 | #endif 36 | 37 | #endif // OPENSSL_HEADER_SIPHASH_H 38 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_srtp.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2015 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | /* This header is provided in order to make compiling against code that expects 16 | OpenSSL easier. */ 17 | 18 | #include "CNIOBoringSSL_ssl.h" 19 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_time.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2024 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | #ifndef OPENSSL_HEADER_TIME_H 16 | #define OPENSSL_HEADER_TIME_H 17 | 18 | // Compatibility header, to be deprecated. use instead. 19 | 20 | #include "CNIOBoringSSL_posix_time.h" 21 | 22 | #endif // OPENSSL_HEADER_TIME_H 23 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_type_check.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * 4 | * Licensed under the OpenSSL license (the "License"). You may not use 5 | * this file except in compliance with the License. You can obtain a copy 6 | * in the file LICENSE in the source distribution or at 7 | * https://www.openssl.org/source/license.html 8 | */ 9 | 10 | #ifndef OPENSSL_HEADER_TYPE_CHECK_H 11 | #define OPENSSL_HEADER_TYPE_CHECK_H 12 | 13 | #include "CNIOBoringSSL_base.h" 14 | 15 | #if defined(__cplusplus) 16 | extern "C" { 17 | #endif 18 | 19 | 20 | // CHECKED_CAST casts |p| from type |from| to type |to|. 21 | // 22 | // TODO(davidben): Although this macro is not public API and is unused in 23 | // BoringSSL, wpa_supplicant uses it to define its own stacks. Remove this once 24 | // wpa_supplicant has been fixed. 25 | #define CHECKED_CAST(to, from, p) ((to) (1 ? (p) : (from)0)) 26 | 27 | 28 | #if defined(__cplusplus) 29 | } // extern C 30 | #endif 31 | 32 | #endif // OPENSSL_HEADER_TYPE_CHECK_H 33 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/CNIOBoringSSL_x509_vfy.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2021 The BoringSSL Authors 2 | * 3 | * Permission to use, copy, modify, and/or distribute this software for any 4 | * purpose with or without fee is hereby granted, provided that the above 5 | * copyright notice and this permission notice appear in all copies. 6 | * 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 | 15 | /* This header is provided in order to make compiling against code that expects 16 | OpenSSL easier. */ 17 | 18 | #include "CNIOBoringSSL_x509.h" 19 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/include/module.modulemap: -------------------------------------------------------------------------------- 1 | module CNIOBoringSSL { 2 | umbrella header "CNIOBoringSSL.h" 3 | export * 4 | } 5 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSL/ssl/s3_lib.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 | * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved. 4 | * Copyright 2005 Nokia. All rights reserved. 5 | * 6 | * Licensed under the OpenSSL license (the "License"). You may not use 7 | * this file except in compliance with the License. You can obtain a copy 8 | * in the file LICENSE in the source distribution or at 9 | * https://www.openssl.org/source/license.html 10 | */ 11 | 12 | #include 13 | 14 | #include 15 | #include 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | #include "../crypto/internal.h" 24 | #include "internal.h" 25 | 26 | 27 | BSSL_NAMESPACE_BEGIN 28 | 29 | SSL3_STATE::SSL3_STATE() 30 | : skip_early_data(false), 31 | v2_hello_done(false), 32 | is_v2_hello(false), 33 | has_message(false), 34 | initial_handshake_complete(false), 35 | session_reused(false), 36 | send_connection_binding(false), 37 | channel_id_valid(false), 38 | key_update_pending(false), 39 | early_data_accepted(false), 40 | alert_dispatch(false), 41 | renegotiate_pending(false), 42 | used_hello_retry_request(false), 43 | was_key_usage_invalid(false) {} 44 | 45 | SSL3_STATE::~SSL3_STATE() {} 46 | 47 | bool tls_new(SSL *ssl) { 48 | UniquePtr s3 = MakeUnique(); 49 | if (!s3) { 50 | return false; 51 | } 52 | 53 | // TODO(crbug.com/368805255): Fields that aren't used in DTLS should not be 54 | // allocated at all. 55 | // TODO(crbug.com/371998381): Don't create these in QUIC either, once the 56 | // placeholder QUIC ones for subsequent epochs are removed. 57 | if (!SSL_is_dtls(ssl)) { 58 | s3->aead_read_ctx = SSLAEADContext::CreateNullCipher(); 59 | s3->aead_write_ctx = SSLAEADContext::CreateNullCipher(); 60 | if (!s3->aead_read_ctx || !s3->aead_write_ctx) { 61 | return false; 62 | } 63 | } 64 | 65 | s3->hs = ssl_handshake_new(ssl); 66 | if (!s3->hs) { 67 | return false; 68 | } 69 | 70 | ssl->s3 = s3.release(); 71 | return true; 72 | } 73 | 74 | void tls_free(SSL *ssl) { 75 | if (ssl->s3 == NULL) { 76 | return; 77 | } 78 | 79 | Delete(ssl->s3); 80 | ssl->s3 = NULL; 81 | } 82 | 83 | BSSL_NAMESPACE_END 84 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSLShims/include/CNIOBoringSSLShims.h: -------------------------------------------------------------------------------- 1 | //===----------------------------------------------------------------------===// 2 | // 3 | // This source file is part of the SwiftNIO open source project 4 | // 5 | // Copyright (c) 2017-2018 Apple Inc. and the SwiftNIO project authors 6 | // Licensed under Apache License v2.0 7 | // 8 | // See LICENSE.txt for license information 9 | // See CONTRIBUTORS.txt for the list of SwiftNIO project authors 10 | // 11 | // SPDX-License-Identifier: Apache-2.0 12 | // 13 | //===----------------------------------------------------------------------===// 14 | #ifndef C_NIO_BORINGSSL_SHIMS_H 15 | #define C_NIO_BORINGSSL_SHIMS_H 16 | 17 | // This is for instances when `swift package generate-xcodeproj` is used as CNIOBoringSSL 18 | // is treated as a framework and requires the framework's name as a prefix. 19 | #if __has_include() 20 | #include 21 | #else 22 | #include "CNIOBoringSSL.h" 23 | #endif 24 | 25 | #if defined(__cplusplus) 26 | extern "C" { 27 | #endif 28 | 29 | X509_EXTENSION *CNIOBoringSSLShims_sk_X509_EXTENSION_value(const STACK_OF(X509_EXTENSION) *sk, size_t i); 30 | size_t CNIOBoringSSLShims_sk_X509_EXTENSION_num(const STACK_OF(X509_EXTENSION) *sk); 31 | 32 | GENERAL_NAME *CNIOBoringSSLShims_sk_GENERAL_NAME_value(const STACK_OF(GENERAL_NAME) *sk, size_t i); 33 | size_t CNIOBoringSSLShims_sk_GENERAL_NAME_num(const STACK_OF(GENERAL_NAME) *sk); 34 | 35 | void *CNIOBoringSSLShims_SSL_CTX_get_app_data(const SSL_CTX *ctx); 36 | int CNIOBoringSSLShims_SSL_CTX_set_app_data(SSL_CTX *ctx, void *data); 37 | 38 | int CNIOBoringSSLShims_ERR_GET_LIB(uint32_t err); 39 | int CNIOBoringSSLShims_ERR_GET_REASON(uint32_t err); 40 | 41 | #if defined(__cplusplus) 42 | } // extern "C" 43 | #endif 44 | 45 | #endif // C_NIO_BORINGSSL_SHIMS_H 46 | -------------------------------------------------------------------------------- /Sources/CNIOBoringSSLShims/shims.c: -------------------------------------------------------------------------------- 1 | //===----------------------------------------------------------------------===// 2 | // 3 | // This source file is part of the SwiftNIO open source project 4 | // 5 | // Copyright (c) 2017-2018 Apple Inc. and the SwiftNIO project authors 6 | // Licensed under Apache License v2.0 7 | // 8 | // See LICENSE.txt for license information 9 | // See CONTRIBUTORS.txt for the list of SwiftNIO project authors 10 | // 11 | // SPDX-License-Identifier: Apache-2.0 12 | // 13 | //===----------------------------------------------------------------------===// 14 | // Unfortunately, even in our brave BoringSSL world, we have "functions" that are 15 | // macros too complex for the clang importer. This file handles them. 16 | #include "CNIOBoringSSLShims.h" 17 | 18 | X509_EXTENSION *CNIOBoringSSLShims_sk_X509_EXTENSION_value(const STACK_OF(X509_EXTENSION) *sk, size_t i) { 19 | return sk_X509_EXTENSION_value(sk, i); 20 | } 21 | 22 | size_t CNIOBoringSSLShims_sk_X509_EXTENSION_num(const STACK_OF(X509_EXTENSION) *sk) { 23 | return sk_X509_EXTENSION_num(sk); 24 | } 25 | 26 | GENERAL_NAME *CNIOBoringSSLShims_sk_GENERAL_NAME_value(const STACK_OF(GENERAL_NAME) *sk, size_t i) { 27 | return sk_GENERAL_NAME_value(sk, i); 28 | } 29 | 30 | size_t CNIOBoringSSLShims_sk_GENERAL_NAME_num(const STACK_OF(GENERAL_NAME) *sk) { 31 | return sk_GENERAL_NAME_num(sk); 32 | } 33 | 34 | void *CNIOBoringSSLShims_SSL_CTX_get_app_data(const SSL_CTX *ctx) { 35 | return SSL_CTX_get_app_data(ctx); 36 | } 37 | 38 | int CNIOBoringSSLShims_SSL_CTX_set_app_data(SSL_CTX *ctx, void *data) { 39 | return SSL_CTX_set_app_data(ctx, data); 40 | } 41 | 42 | int CNIOBoringSSLShims_ERR_GET_LIB(uint32_t err) { 43 | return ERR_GET_LIB(err); 44 | } 45 | 46 | int CNIOBoringSSLShims_ERR_GET_REASON(uint32_t err) { 47 | return ERR_GET_REASON(err); 48 | } 49 | -------------------------------------------------------------------------------- /Sources/NIOSSL/AndroidCABundle.swift: -------------------------------------------------------------------------------- 1 | //===----------------------------------------------------------------------===// 2 | // 3 | // This source file is part of the SwiftNIO open source project 4 | // 5 | // Copyright (c) 2019-2021 Apple Inc. and the SwiftNIO project authors 6 | // Licensed under Apache License v2.0 7 | // 8 | // See LICENSE.txt for license information 9 | // See CONTRIBUTORS.txt for the list of SwiftNIO project authors 10 | // 11 | // SPDX-License-Identifier: Apache-2.0 12 | // 13 | //===----------------------------------------------------------------------===// 14 | 15 | #if os(Android) 16 | /// The path to the root CA bundle directory. 17 | /// 18 | /// May be nil if we could not find the root CA bundle directory. 19 | internal let rootCADirectoryPath: String? = locateRootCADirectory() 20 | 21 | /// This is a list of root CA directory search paths. 22 | /// 23 | /// This list contains paths as validated against several distributions. If you are aware of a CA bundle on a specific distribution 24 | /// that is not present here, please open a pull request that adds the appropriate search path. 25 | /// Some distributions do not ship CA directories: as such, it is not a problem if a distribution that is present in rootCAFileSearchPaths 26 | /// is not present in this list. 27 | //see https://android.googlesource.com/platform/frameworks/base/+/8b192b19f264a8829eac2cfaf0b73f6fc188d933%5E%21/#F0 28 | private let rootCADirectorySearchPaths = [ 29 | "/apex/com.android.conscrypt/cacerts", // >= Android14 30 | "/system/etc/security/cacerts", // < Android14 31 | ] 32 | 33 | private func locateRootCADirectory() -> String? { 34 | rootCADirectorySearchPaths.first(where: { FileSystemObject.pathType(path: $0) == .directory }) 35 | } 36 | #endif 37 | -------------------------------------------------------------------------------- /Sources/NIOSSL/Docs.docc/TLSConfiguration.md: -------------------------------------------------------------------------------- 1 | # ``TLSConfiguration`` 2 | 3 | ## Topics 4 | 5 | ### Creating a TLS configuration 6 | 7 | - ``clientDefault`` 8 | - ``makeClientConfiguration()`` 9 | - ``makeServerConfiguration(certificateChain:privateKey:)`` 10 | - ``makePreSharedKeyConfiguration()`` 11 | 12 | ### Inspecting a configuration 13 | 14 | - ``minimumTLSVersion`` 15 | - ``maximumTLSVersion`` 16 | - ``certificateVerification`` 17 | - ``trustRoots`` 18 | - ``certificateChain`` 19 | - ``privateKey`` 20 | - ``applicationProtocols`` 21 | - ``shutdownTimeout`` 22 | - ``keyLogCallback`` 23 | - ``renegotiationSupport`` 24 | - ``sslContextCallback`` 25 | 26 | ### Inspecting configuration ciphers 27 | 28 | - ``cipherSuites`` 29 | - ``verifySignatureAlgorithms`` 30 | - ``signingSignatureAlgorithms`` 31 | - ``cipherSuiteValues`` 32 | - ``curves`` 33 | - ``additionalTrustRoots`` 34 | - ``sendCANameList`` 35 | 36 | ### Inspecting pre-shared key configurations 37 | 38 | - ``pskClientProvider`` 39 | - ``pskHint`` 40 | - ``pskServerProvider`` 41 | - ``pskClientCallback`` 42 | - ``pskServerCallback`` 43 | 44 | ### Comparing and Hashing TLS configurations 45 | 46 | - ``bestEffortEquals(_:)`` 47 | - ``bestEffortHash(into:)`` 48 | 49 | ### Deprecated initializers 50 | 51 | - ``forClient(cipherSuites:minimumTLSVersion:maximumTLSVersion:certificateVerification:trustRoots:certificateChain:privateKey:applicationProtocols:shutdownTimeout:keyLogCallback:)`` 52 | - ``forClient(cipherSuites:minimumTLSVersion:maximumTLSVersion:certificateVerification:trustRoots:certificateChain:privateKey:applicationProtocols:shutdownTimeout:keyLogCallback:renegotiationSupport:)`` 53 | - ``forClient(cipherSuites:verifySignatureAlgorithms:signingSignatureAlgorithms:minimumTLSVersion:maximumTLSVersion:certificateVerification:trustRoots:certificateChain:privateKey:applicationProtocols:shutdownTimeout:keyLogCallback:renegotiationSupport:)`` 54 | 55 | - ``forServer(certificateChain:privateKey:cipherSuites:minimumTLSVersion:maximumTLSVersion:certificateVerification:trustRoots:applicationProtocols:shutdownTimeout:keyLogCallback:)`` 56 | - ``forServer(certificateChain:privateKey:cipherSuites:verifySignatureAlgorithms:signingSignatureAlgorithms:minimumTLSVersion:maximumTLSVersion:certificateVerification:trustRoots:applicationProtocols:shutdownTimeout:keyLogCallback:)`` 57 | -------------------------------------------------------------------------------- /Sources/NIOSSL/Docs.docc/quantum-secure-tls.md: -------------------------------------------------------------------------------- 1 | # Quantum-secure TLS 2 | 3 | To enable quantum-secure algorithms in swift-nio-ssl requires minimal configuration changes. While the algorithms are being standardised they are off by default, but once the code points are final we will be enabling them by default. 4 | 5 | In the meantime, if you wish to add support, you can enable ``NIOTLSCurve/x25519_MLKEM768`` with the following change: 6 | 7 | ```swift 8 | tlsConfiguration.curves = [.x25519_MLKEM768, .x25519, .secp384r1] 9 | ``` 10 | 11 | This configuration offers both a post-quantum hybrid key-establishment mechanism, as well as classical options. This is an appropriate choice for general-purpose use as it can support older clients, but it may not be appropriate for your use-case. If you are aiming to support _only_ post-quantum key exchange, you can do so by setting only PQ or hybrid KEMs: 12 | 13 | ```swift 14 | tlsConfiguration.curves = [.x25519_MLKEM768] 15 | ``` -------------------------------------------------------------------------------- /Sources/NIOSSL/NIOSSLHandler+Configuration.swift: -------------------------------------------------------------------------------- 1 | //===----------------------------------------------------------------------===// 2 | // 3 | // This source file is part of the SwiftNIO open source project 4 | // 5 | // Copyright (c) 2023 Apple Inc. and the SwiftNIO project authors 6 | // Licensed under Apache License v2.0 7 | // 8 | // See LICENSE.txt for license information 9 | // See CONTRIBUTORS.txt for the list of SwiftNIO project authors 10 | // 11 | // SPDX-License-Identifier: Apache-2.0 12 | // 13 | //===----------------------------------------------------------------------===// 14 | extension NIOSSLHandler { 15 | /// Configuration for a specific instance of ``NIOSSLHandler``, either client or server. 16 | /// 17 | /// This type is distinct from ``TLSConfiguration`` because it does not contain settings that 18 | /// apply to TLS itself. Instead, this configuration manages how the ``NIOSSLHandler`` itself 19 | /// operates. 20 | public struct Configuration: Hashable, Sendable { 21 | /// The maximum number of bytes we'll preserve in the outbound buffer that ``NIOSSLHandler`` 22 | /// holds. 23 | /// 24 | /// This buffer is not typically deallocated, as it is re-used throughout the lifetime of 25 | /// the program. In cases where there are extremely large peak writes that are outliers in 26 | /// the code, the buffer may remain excessively large. 27 | /// 28 | /// Set this value to a lower value to avoid preserving too much memory. This will cause 29 | /// ``NIOSSLHandler`` to reallocate memory more often, which can inhibit performance, so 30 | /// avoid lowering this value unless you're running into trouble with memory pressure and 31 | /// are confident that ``NIOSSLHandler`` is at fault. 32 | public var maximumPreservedOutboundBufferCapacity: Int 33 | 34 | public init() { 35 | self.maximumPreservedOutboundBufferCapacity = .max 36 | } 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /Sources/NIOSSL/PrivacyInfo.xcprivacy: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | NSPrivacyTracking 6 | 7 | NSPrivacyAccessedAPITypes 8 | 9 | NSPrivacyCollectedDataTypes 10 | 11 | NSPrivacyTrackingDomains 12 | 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /Sources/NIOSSL/SSLInit.swift: -------------------------------------------------------------------------------- 1 | //===----------------------------------------------------------------------===// 2 | // 3 | // This source file is part of the SwiftNIO open source project 4 | // 5 | // Copyright (c) 2017-2018 Apple Inc. and the SwiftNIO project authors 6 | // Licensed under Apache License v2.0 7 | // 8 | // See LICENSE.txt for license information 9 | // See CONTRIBUTORS.txt for the list of SwiftNIO project authors 10 | // 11 | // SPDX-License-Identifier: Apache-2.0 12 | // 13 | //===----------------------------------------------------------------------===// 14 | 15 | #if compiler(>=6.1) 16 | internal import CNIOBoringSSL 17 | #else 18 | @_implementationOnly import CNIOBoringSSL 19 | #endif 20 | 21 | /// Initialize BoringSSL. Note that this function IS NOT THREAD SAFE, and so must be called inside 22 | /// either an explicit or implicit dispatch_once. 23 | func initializeBoringSSL() -> Bool { 24 | CNIOBoringSSL_CRYPTO_library_init() 25 | return true 26 | } 27 | -------------------------------------------------------------------------------- /Sources/NIOSSL/String+unsafeUninitializedCapacity.swift: -------------------------------------------------------------------------------- 1 | //===----------------------------------------------------------------------===// 2 | // 3 | // This source file is part of the SwiftNIO open source project 4 | // 5 | // Copyright (c) 2017-2022 Apple Inc. and the SwiftNIO project authors 6 | // Licensed under Apache License v2.0 7 | // 8 | // See LICENSE.txt for license information 9 | // See CONTRIBUTORS.txt for the list of SwiftNIO project authors 10 | // 11 | // SPDX-License-Identifier: Apache-2.0 12 | // 13 | //===----------------------------------------------------------------------===// 14 | 15 | extension String { 16 | /// This is a backport of `String.init(unsafeUninitializedCapacity:initializingUTF8With:)` 17 | /// that allows writing directly into an uninitialized String's backing memory. 18 | /// 19 | /// As this API does not exist on older Apple platforms, we fake it out with a pointer and accept the extra copy. 20 | init( 21 | customUnsafeUninitializedCapacity capacity: Int, 22 | initializingUTF8With initializer: (_ buffer: UnsafeMutableBufferPointer) throws -> Int 23 | ) rethrows { 24 | if #available(macOS 11.0, iOS 14.0, tvOS 14.0, watchOS 7.0, *) { 25 | try self.init(unsafeUninitializedCapacity: capacity, initializingUTF8With: initializer) 26 | } else { 27 | try self.init(backportUnsafeUninitializedCapacity: capacity, initializingUTF8With: initializer) 28 | } 29 | } 30 | 31 | private init( 32 | backportUnsafeUninitializedCapacity capacity: Int, 33 | initializingUTF8With initializer: (_ buffer: UnsafeMutableBufferPointer) throws -> Int 34 | ) rethrows { 35 | let buffer = UnsafeMutableBufferPointer.allocate(capacity: capacity) 36 | defer { 37 | buffer.deallocate() 38 | } 39 | 40 | let initializedCount = try initializer(buffer) 41 | precondition(initializedCount <= capacity, "Overran buffer in initializer!") 42 | 43 | self = String( 44 | decoding: UnsafeMutableBufferPointer(start: buffer.baseAddress!, count: initializedCount), 45 | as: UTF8.self 46 | ) 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /Sources/NIOSSL/SwiftCrypto/RNG.swift: -------------------------------------------------------------------------------- 1 | //===----------------------------------------------------------------------===// 2 | // 3 | // This source file is part of the SwiftNIO open source project 4 | // 5 | // Copyright (c) 2017-2022 Apple Inc. and the SwiftNIO project authors 6 | // Licensed under Apache License v2.0 7 | // 8 | // See LICENSE.txt for license information 9 | // See CONTRIBUTORS.txt for the list of SwiftNIO project authors 10 | // 11 | // SPDX-License-Identifier: Apache-2.0 12 | // 13 | //===----------------------------------------------------------------------===// 14 | 15 | extension UnsafeMutableRawBufferPointer { 16 | func initializeWithRandomBytes(count: Int) { 17 | guard count > 0 else { 18 | return 19 | } 20 | 21 | precondition(count <= self.count) 22 | var rng = SystemRandomNumberGenerator() 23 | 24 | // We store bytes 64-bits at a time until we can't anymore. 25 | var targetPtr = self 26 | while targetPtr.count > 8 { 27 | targetPtr.storeBytes(of: rng.next(), as: UInt64.self) 28 | targetPtr = UnsafeMutableRawBufferPointer(rebasing: targetPtr[8...]) 29 | } 30 | 31 | // Now we're down to having to store things an integer at a time. We do this by shifting and 32 | // masking. 33 | var remainingWord: UInt64 = rng.next() 34 | while targetPtr.count > 0 { 35 | targetPtr.storeBytes(of: UInt8(remainingWord & 0xFF), as: UInt8.self) 36 | remainingWord >>= 8 37 | targetPtr = UnsafeMutableRawBufferPointer(rebasing: targetPtr[1...]) 38 | } 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /Sources/NIOSSL/SwiftCrypto/SafeCompare.swift: -------------------------------------------------------------------------------- 1 | //===----------------------------------------------------------------------===// 2 | // 3 | // This source file is part of the SwiftNIO open source project 4 | // 5 | // Copyright (c) 2017-2022 Apple Inc. and the SwiftNIO project authors 6 | // Licensed under Apache License v2.0 7 | // 8 | // See LICENSE.txt for license information 9 | // See CONTRIBUTORS.txt for the list of SwiftNIO project authors 10 | // 11 | // SPDX-License-Identifier: Apache-2.0 12 | // 13 | //===----------------------------------------------------------------------===// 14 | 15 | /// A straightforward constant-time comparison function for any two collections of bytes. 16 | @inlinable 17 | internal func constantTimeCompare(_ lhs: LHS, _ rhs: RHS) -> Bool 18 | where LHS.Element == UInt8, RHS.Element == UInt8 { 19 | guard lhs.count == rhs.count else { 20 | return false 21 | } 22 | 23 | return zip(lhs, rhs).reduce(into: 0) { $0 |= $1.0 ^ $1.1 } == 0 24 | } 25 | -------------------------------------------------------------------------------- /Sources/NIOSSL/SwiftCrypto/Zeroization.swift: -------------------------------------------------------------------------------- 1 | //===----------------------------------------------------------------------===// 2 | // 3 | // This source file is part of the SwiftNIO open source project 4 | // 5 | // Copyright (c) 2017-2022 Apple Inc. and the SwiftNIO project authors 6 | // Licensed under Apache License v2.0 7 | // 8 | // See LICENSE.txt for license information 9 | // See CONTRIBUTORS.txt for the list of SwiftNIO project authors 10 | // 11 | // SPDX-License-Identifier: Apache-2.0 12 | // 13 | //===----------------------------------------------------------------------===// 14 | #if compiler(>=6.1) 15 | internal import CNIOBoringSSL 16 | #else 17 | @_implementationOnly import CNIOBoringSSL 18 | #endif 19 | 20 | typealias errno_t = CInt 21 | 22 | // This is a Swift wrapper for the libc function that does not exist on Linux. We shim it via a call to OPENSSL_cleanse. 23 | // We have the same syntax, but mostly ignore it. 24 | @discardableResult 25 | func memset_s(_ s: UnsafeMutableRawPointer!, _ smax: Int, _ byte: CInt, _ n: Int) -> errno_t { 26 | assert(smax == n, "memset_s invariant not met") 27 | assert(byte == 0, "memset_s used to not zero anything") 28 | CNIOBoringSSL_OPENSSL_cleanse(s, smax) 29 | return 0 30 | } 31 | -------------------------------------------------------------------------------- /Sources/NIOSSLHTTP1Client/README.md: -------------------------------------------------------------------------------- 1 | NIOSSLHTTP1Client 2 | --- 3 | 4 | This sample application provides a https client. Invoke it using one of the following syntaxes. 5 | 6 | ```bash 7 | swift run NIOSSLHTTP1Client # Gets a content on a server on ::1, port 4433, using SSL/TLS 8 | swift run NIOSSLHTTP1Client "https://example.com" # Gets a content on a server on example.com, port 443, using SSL/TLS 9 | swift run NIOSSLHTTP1Client "https://example.com:4433" # Gets a content on a server on example.com, port 4433, using SSL/TLS 10 | ``` 11 | -------------------------------------------------------------------------------- /Sources/NIOSSLPerformanceTester/Benchmark.swift: -------------------------------------------------------------------------------- 1 | //===----------------------------------------------------------------------===// 2 | // 3 | // This source file is part of the SwiftNIO open source project 4 | // 5 | // Copyright (c) 2019 Apple Inc. and the SwiftNIO project authors 6 | // Licensed under Apache License v2.0 7 | // 8 | // See LICENSE.txt for license information 9 | // See CONTRIBUTORS.txt for the list of SwiftNIO project authors 10 | // 11 | // SPDX-License-Identifier: Apache-2.0 12 | // 13 | //===----------------------------------------------------------------------===// 14 | 15 | protocol Benchmark: AnyObject { 16 | func setUp() throws 17 | func tearDown() 18 | func run() throws -> Int 19 | } 20 | 21 | func measureAndPrint(desc: String, benchmark bench: B) throws { 22 | try bench.setUp() 23 | defer { 24 | bench.tearDown() 25 | } 26 | try measureAndPrint(desc: desc) { 27 | try bench.run() 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /Sources/NIOSSLPerformanceTester/main.swift: -------------------------------------------------------------------------------- 1 | //===----------------------------------------------------------------------===// 2 | // 3 | // This source file is part of the SwiftNIO open source project 4 | // 5 | // Copyright (c) 2019-2021 Apple Inc. and the SwiftNIO project authors 6 | // Licensed under Apache License v2.0 7 | // 8 | // See LICENSE.txt for license information 9 | // See CONTRIBUTORS.txt for the list of SwiftNIO project authors 10 | // 11 | // SPDX-License-Identifier: Apache-2.0 12 | // 13 | //===----------------------------------------------------------------------===// 14 | 15 | import Dispatch 16 | import Foundation 17 | 18 | // MARK: Test Harness 19 | 20 | nonisolated(unsafe) var warning: String = "" 21 | 22 | assert( 23 | { 24 | print("======================================================") 25 | print("= YOU ARE RUNNING NIOPerformanceTester IN DEBUG MODE =") 26 | print("======================================================") 27 | warning = " <<< DEBUG MODE >>>" 28 | return true 29 | }() 30 | ) 31 | 32 | public func measure(_ fn: () throws -> Int) rethrows -> [TimeInterval] { 33 | func measureOne(_ fn: () throws -> Int) rethrows -> TimeInterval { 34 | let start = Date() 35 | _ = try fn() 36 | let end = Date() 37 | return end.timeIntervalSince(start) 38 | } 39 | 40 | _ = try measureOne(fn) // pre-heat and throw away 41 | var measurements = Array(repeating: 0.0, count: 10) 42 | for i in 0..<10 { 43 | measurements[i] = try measureOne(fn) 44 | } 45 | 46 | return measurements 47 | } 48 | 49 | let limitSet = CommandLine.arguments.dropFirst() 50 | 51 | public func measureAndPrint(desc: String, fn: () throws -> Int) rethrows { 52 | if limitSet.count == 0 || limitSet.contains(desc) { 53 | print("measuring\(warning): \(desc): ", terminator: "") 54 | let measurements = try measure(fn) 55 | print(measurements.reduce("") { $0 + "\($1), " }) 56 | } else { 57 | print("skipping '\(desc)', limit set = \(limitSet)") 58 | } 59 | } 60 | 61 | // MARK: Utilities 62 | 63 | try measureAndPrint(desc: "repeated_handshakes", benchmark: try BenchRepeatedHandshakes(loopCount: 1000)) 64 | try measureAndPrint(desc: "many_writes_512b", benchmark: try BenchManyWrites(loopCount: 2000, writeSizeInBytes: 512)) 65 | -------------------------------------------------------------------------------- /Sources/NIOTLSServer/README.md: -------------------------------------------------------------------------------- 1 | # NIOTLSServer 2 | --- 3 | 4 | This sample application provides a TLS server. Invoke it with the following syntax. 5 | 6 | ```bash 7 | swift run NIOTLSServer # Gets a content on a server on ::1, port 4433, using TLS 8 | 9 | ``` 10 | -------------------------------------------------------------------------------- /Tests/NIOSSLTests/CertificateVerificationTests.swift: -------------------------------------------------------------------------------- 1 | //===----------------------------------------------------------------------===// 2 | // 3 | // This source file is part of the SwiftNIO open source project 4 | // 5 | // Copyright (c) 2019-2021 Apple Inc. and the SwiftNIO project authors 6 | // Licensed under Apache License v2.0 7 | // 8 | // See LICENSE.txt for license information 9 | // See CONTRIBUTORS.txt for the list of SwiftNIO project authors 10 | // 11 | // SPDX-License-Identifier: Apache-2.0 12 | // 13 | //===----------------------------------------------------------------------===// 14 | 15 | import XCTest 16 | 17 | @testable import NIOSSL 18 | 19 | final class CertificateVerificationTests: XCTestCase { 20 | func testCanFindCAFileOnLinux() { 21 | // This test only runs on Linux 22 | #if os(Linux) 23 | // A valid Linux system means we can find a CA file. 24 | XCTAssertNotNil(rootCAFilePath) 25 | #endif 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /Tests/NIOSSLTests/UnsafeTransfer.swift: -------------------------------------------------------------------------------- 1 | //===----------------------------------------------------------------------===// 2 | // 3 | // This source file is part of the SwiftNIO open source project 4 | // 5 | // Copyright (c) 2022 Apple Inc. and the SwiftNIO project authors 6 | // Licensed under Apache License v2.0 7 | // 8 | // See LICENSE.txt for license information 9 | // See CONTRIBUTORS.txt for the list of SwiftNIO project authors 10 | // 11 | // SPDX-License-Identifier: Apache-2.0 12 | // 13 | //===----------------------------------------------------------------------===// 14 | 15 | /// ``UnsafeMutableTransferBox`` can be used to make non-`Sendable` values `Sendable` and mutable. 16 | /// It can be used to capture local mutable values in a `@Sendable` closure and mutate them from within the closure. 17 | /// As the name implies, the usage of this is unsafe because it disables the sendable checking of the compiler and does not add any synchronisation. 18 | @usableFromInline 19 | final class UnsafeMutableTransferBox { 20 | @usableFromInline 21 | var wrappedValue: Wrapped 22 | 23 | @inlinable 24 | init(_ wrappedValue: Wrapped) { 25 | self.wrappedValue = wrappedValue 26 | } 27 | } 28 | 29 | extension UnsafeMutableTransferBox: @unchecked Sendable {} 30 | -------------------------------------------------------------------------------- /dev/git.commit.template: -------------------------------------------------------------------------------- 1 | One line description of your change 2 | 3 | Motivation: 4 | 5 | Explain here the context, and why you're making that change. 6 | What is the problem you're trying to solve. 7 | 8 | Modifications: 9 | 10 | Describe the modifications you've done. 11 | 12 | Result: 13 | 14 | After your change, what will change. 15 | -------------------------------------------------------------------------------- /docker/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG swift_version=5.7 2 | ARG ubuntu_version=focal 3 | ARG base_image=swift:$swift_version-$ubuntu_version 4 | FROM $base_image 5 | # needed to do again after FROM due to docker limitation 6 | ARG swift_version 7 | ARG ubuntu_version 8 | 9 | # set as UTF-8 10 | RUN apt-get update && apt-get install -y locales locales-all 11 | ENV LC_ALL en_US.UTF-8 12 | ENV LANG en_US.UTF-8 13 | ENV LANGUAGE en_US.UTF-8 14 | 15 | # dependencies 16 | RUN apt-get update && apt-get install -y wget 17 | RUN apt-get update && apt-get install -y lsof dnsutils netcat-openbsd net-tools expect curl jq # used by integration tests 18 | RUN apt-get update && apt-get install -y libssl-dev 19 | RUN apt-get update && apt-get install -y execstack 20 | 21 | # tools 22 | RUN mkdir -p $HOME/.tools 23 | RUN echo 'export PATH="$HOME/.tools:$PATH"' >> $HOME/.profile 24 | 25 | # script to allow mapping framepointers on linux (until part of the toolchain) 26 | RUN wget -q https://raw.githubusercontent.com/apple/swift/main/utils/symbolicate-linux-fatal -O $HOME/.tools/symbolicate-linux-fatal 27 | RUN chmod 755 $HOME/.tools/symbolicate-linux-fatal 28 | -------------------------------------------------------------------------------- /docker/docker-compose.2204.510.yaml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | 5 | runtime-setup: 6 | image: swift-nio-ssl:22.04-5.10 7 | build: 8 | args: 9 | ubuntu_version: "jammy" 10 | swift_version: "5.10" 11 | 12 | performance-test: 13 | image: swift-nio-ssl:22.04-5.10 14 | 15 | shell: 16 | image: swift-nio-ssl:22.04-5.10 17 | -------------------------------------------------------------------------------- /docker/docker-compose.2204.58.yaml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | 5 | runtime-setup: 6 | image: swift-nio-ssl:22.04-5.8 7 | build: 8 | args: 9 | ubuntu_version: "jammy" 10 | swift_version: "5.8" 11 | 12 | performance-test: 13 | image: swift-nio-ssl:22.04-5.8 14 | 15 | shell: 16 | image: swift-nio-ssl:22.04-5.8 17 | -------------------------------------------------------------------------------- /docker/docker-compose.2204.59.yaml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | 5 | runtime-setup: 6 | image: swift-nio-ssl:22.04-5.9 7 | build: 8 | args: 9 | ubuntu_version: "jammy" 10 | swift_version: "5.9" 11 | 12 | performance-test: 13 | image: swift-nio-ssl:22.04-5.9 14 | 15 | shell: 16 | image: swift-nio-ssl:22.04-5.9 17 | -------------------------------------------------------------------------------- /docker/docker-compose.2204.main.yaml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | 5 | runtime-setup: 6 | image: swift-nio-ssl:22.04-main 7 | build: 8 | args: 9 | base_image: "swiftlang/swift:nightly-main-jammy" 10 | 11 | performance-test: 12 | image: swift-nio-ssl:22.04-main 13 | 14 | shell: 15 | image: swift-nio-ssl:22.04-main 16 | -------------------------------------------------------------------------------- /docker/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | # this file is not designed to be run directly 2 | # instead, use the docker-compose.. files 3 | # eg docker-compose -f docker/docker-compose.yaml -f docker/docker-compose.1804.50.yaml run test 4 | version: "3" 5 | 6 | services: 7 | 8 | runtime-setup: 9 | image: swift-nio-ssl:default 10 | build: 11 | context: . 12 | dockerfile: Dockerfile 13 | 14 | common: &common 15 | image: swift-nio-ssl:default 16 | depends_on: [runtime-setup] 17 | volumes: 18 | - ~/.ssh:/root/.ssh 19 | - ..:/swift-nio-ssl:z 20 | working_dir: /swift-nio-ssl 21 | cap_drop: 22 | - CAP_NET_RAW 23 | - CAP_NET_BIND_SERVICE 24 | 25 | test: 26 | <<: *common 27 | command: /bin/bash -xcl "./scripts/integration_tests.sh" 28 | 29 | performance-test: 30 | <<: *common 31 | command: /bin/bash -xcl "swift build -c release && ./.build/release/NIOSSLPerformanceTester" 32 | 33 | # util 34 | 35 | shell: 36 | <<: *common 37 | entrypoint: /bin/bash 38 | -------------------------------------------------------------------------------- /scripts/integration_tests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ##===----------------------------------------------------------------------===## 3 | ## 4 | ## This source file is part of the SwiftNIO open source project 5 | ## 6 | ## Copyright (c) 2017-2018 Apple Inc. and the SwiftNIO project authors 7 | ## Licensed under Apache License v2.0 8 | ## 9 | ## See LICENSE.txt for license information 10 | ## See CONTRIBUTORS.txt for the list of SwiftNIO project authors 11 | ## 12 | ## SPDX-License-Identifier: Apache-2.0 13 | ## 14 | ##===----------------------------------------------------------------------===## 15 | 16 | set +ex 17 | 18 | mkdir -p .build # for the junit.xml file 19 | ./IntegrationTests/run-tests.sh --junit-xml .build/junit-sh-tests.xml -i "$@" 20 | -------------------------------------------------------------------------------- /scripts/patch-1-inttypes.patch: -------------------------------------------------------------------------------- 1 | diff --git a/Sources/CNIOBoringSSL/crypto/hrss/hrss.cc b/Sources/CNIOBoringSSL/crypto/hrss/hrss.cc 2 | index 93a214e..eee4e58 100644 3 | --- a/Sources/CNIOBoringSSL/crypto/hrss/hrss.cc 4 | +++ b/Sources/CNIOBoringSSL/crypto/hrss/hrss.cc 5 | @@ -13,6 +13,7 @@ 6 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 7 | 8 | #include 9 | +#include 10 | 11 | #include 12 | #include 13 | diff --git a/Sources/CNIOBoringSSL/include/CNIOBoringSSL_bn.h b/Sources/CNIOBoringSSL/include/CNIOBoringSSL_bn.h 14 | index c86c1ef..7013140 100644 15 | --- a/Sources/CNIOBoringSSL/include/CNIOBoringSSL_bn.h 16 | +++ b/Sources/CNIOBoringSSL/include/CNIOBoringSSL_bn.h 17 | @@ -126,7 +126,8 @@ 18 | #include "CNIOBoringSSL_base.h" 19 | #include "CNIOBoringSSL_thread.h" 20 | 21 | #include // for PRIu64 and friends 22 | +#include 23 | #include // for FILE* 24 | 25 | #if defined(__cplusplus) 26 | -------------------------------------------------------------------------------- /scripts/patch-2-inttypes.patch: -------------------------------------------------------------------------------- 1 | diff --git a/Sources/CNIOBoringSSL/crypto/x509/t_x509.cc b/Sources/CNIOBoringSSL/crypto/x509/t_x509.cc 2 | index 7a3acc8..c0bc1c5 100644 3 | --- a/Sources/CNIOBoringSSL/crypto/x509/t_x509.cc 4 | +++ b/Sources/CNIOBoringSSL/crypto/x509/t_x509.cc 5 | @@ -8,6 +8,7 @@ 6 | */ 7 | 8 | #include 9 | +#include // for PRIu64 and friends 10 | 11 | #include 12 | #include 13 | diff --git a/Sources/CNIOBoringSSL/include/CNIOBoringSSL_bn.h b/Sources/CNIOBoringSSL/include/CNIOBoringSSL_bn.h 14 | index 557fb1d..825b4ea 100644 15 | --- a/Sources/CNIOBoringSSL/include/CNIOBoringSSL_bn.h 16 | +++ b/Sources/CNIOBoringSSL/include/CNIOBoringSSL_bn.h 17 | @@ -126,7 +126,6 @@ 18 | #include "CNIOBoringSSL_base.h" 19 | #include "CNIOBoringSSL_thread.h" 20 | 21 | -#include // for PRIu64 and friends 22 | #include 23 | #include // for FILE* 24 | 25 | -------------------------------------------------------------------------------- /scripts/patch-3-more-inttypes.patch: -------------------------------------------------------------------------------- 1 | diff --git a/Sources/CNIOBoringSSL/crypto/evp/print.cc b/Sources/CNIOBoringSSL/crypto/evp/print.cc 2 | index 89ceb32..5e6fb2f 100644 3 | --- a/Sources/CNIOBoringSSL/crypto/evp/print.cc 4 | +++ b/Sources/CNIOBoringSSL/crypto/evp/print.cc 5 | @@ -7,6 +7,8 @@ 6 | * https://www.openssl.org/source/license.html 7 | */ 8 | 9 | +#include 10 | + 11 | #include 12 | 13 | #include 14 | --------------------------------------------------------------------------------