25776463823

Committed 13 May 2026 03:28AM UTC coverage: 91.231% (-2.6%) from 93.832%

Build # 25776463823

Build Type

Pull #408

travis-ci

Committed by

zhaozg

Commit Message

feat(pqc): Phase 2.4 - Provider Management for PQC

Add PQC provider management capabilities to the provider module:

- Add `provider.query_pqc_algorithms()` to probe and list available PQC
  algorithms by attempting key generation for known PQC algorithm names
- Add `provider.load_pqc_providers()` to auto-detect and load common
  PQC providers (oqsprovider, liboqs, oqs, oqs-provider)
- Auto-load common PQC providers on module initialization (best-effort)
- Support both old OQS names (DILITHIUM2, KYBER768, etc.) and
  standardized NIST names (ML-DSA-44, ML-KEM-768, SLH-DSA-SHA2-*, etc.)
- Add comprehensive LDoc documentation for all new functions
- Add test suite covering query, load, and combined scenarios

This completes Phase 2.4 of the PQC implementation roadmap.

Pull Request Pull Request #408: Feat/pqc

Coverage Stats

913 of 1124 new or added lines in 10 files covered. (81.23%)

45 existing lines in 10 files now uncovered.

9519 of 10434 relevant lines covered (91.23%)

1598.73 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

88.69

/src/compat.c

/***
compat module for OpenSSL version compatibility

This module provides compatibility functions for different versions
of OpenSSL, ensuring that lua-openssl works across multiple OpenSSL
versions by providing missing functions for older versions.

@module compat
@usage
  -- Internal compatibility module
*/
#include "openssl.h"
#include "private.h"

#include <lauxlib.h>
#include <lua.h>
#include <lualib.h>

#if OPENSSLV_LESS(0x10100000L)

int
BIO_up_ref(BIO *b)
{
  CRYPTO_add(&b->references, 1, CRYPTO_LOCK_BIO);
  return 1;
}
int
X509_up_ref(X509 *x)
{
  CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
  return 1;
}
int
X509_STORE_up_ref(X509_STORE *s)
{
  CRYPTO_add(&s->references, 1, CRYPTO_LOCK_X509_STORE);
  return 1;
}
int
EVP_PKEY_up_ref(EVP_PKEY *pkey)
{
  CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
  return 1;
}

int
SSL_up_ref(SSL *ssl)
{
  CRYPTO_add(&ssl->references, 1, CRYPTO_LOCK_SSL);
  return 1;
}

int
SSL_CTX_up_ref(SSL_CTX *ctx)
{
  CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
  return 1;
}

int
SSL_SESSION_up_ref(SSL_SESSION *sess)
{
  CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION);
  return 1;
}

void
ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
{
  *pr = sig->r;
  *ps = sig->s;
}
int
ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
{
  if (r == NULL || s == NULL) return 0;
  BN_free(sig->r);
  BN_free(sig->s);
  sig->r = r;
  sig->s = s;
  return 1;
}

#ifndef OPENSSL_NO_RSA
int
RSA_bits(const RSA *r)
{
  return (BN_num_bits(r->n));
}

void
RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
{
  if (n != NULL) *n = r->n;
  if (e != NULL) *e = r->e;
  if (d != NULL) *d = r->d;
}

void
RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
{
  if (p != NULL) *p = r->p;
  if (q != NULL) *q = r->q;
}

void
RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp)
{
  if (dmp1 != NULL) *dmp1 = r->dmp1;
  if (dmq1 != NULL) *dmq1 = r->dmq1;
  if (iqmp != NULL) *iqmp = r->iqmp;
}

#if LIBRESSLV_LESS(0x4020000FL) || !defined(LIBRESSL_VERSION_NUMBER)
RSA *
EVP_PKEY_get0_RSA(EVP_PKEY_GET0_CONST(EVP_PKEY) pkey)
{
  if (pkey->type != EVP_PKEY_RSA) {
    return NULL;
  }
  return pkey->pkey.rsa;
}
#endif

int
RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
{
  /* If the fields n and e in r are NULL, the corresponding input
   * parameters MUST be non-NULL for n and e.  d may be
   * left NULL (in case only the public key is used).
   */
  if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) return 0;

  if (n != NULL) {
    BN_free(r->n);
    r->n = n;
  }
  if (e != NULL) {
    BN_free(r->e);
    r->e = e;
  }
  if (d != NULL) {
    BN_free(r->d);
    r->d = d;
  }

  return 1;
}

int
RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
{
  /* If the fields p and q in r are NULL, the corresponding input
   * parameters MUST be non-NULL.
   */
  if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) return 0;

  if (p != NULL) {
    BN_free(r->p);
    r->p = p;
  }
  if (q != NULL) {
    BN_free(r->q);
    r->q = q;
  }

  return 1;
}

int
RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
{
  /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
   * parameters MUST be non-NULL.
   */
  if ((r->dmp1 == NULL && dmp1 == NULL) || (r->dmq1 == NULL && dmq1 == NULL)
      || (r->iqmp == NULL && iqmp == NULL))
    return 0;

  if (dmp1 != NULL) {
    BN_free(r->dmp1);
    r->dmp1 = dmp1;
  }
  if (dmq1 != NULL) {
    BN_free(r->dmq1);
    r->dmq1 = dmq1;
  }
  if (iqmp != NULL) {
    BN_free(r->iqmp);
    r->iqmp = iqmp;
  }

  return 1;
}
#endif

#ifndef OPENSSL_NO_HMAC
HMAC_CTX *
HMAC_CTX_new(void)
{
  HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX));

  if (ctx != NULL) {
    HMAC_CTX_init(ctx);
  }
  return ctx;
}

void
HMAC_CTX_free(HMAC_CTX *ctx)
{
  if (ctx != NULL) {
    HMAC_CTX_cleanup(ctx);
    OPENSSL_free(ctx);
  }
}
#endif

#ifndef OPENSSL_NO_DSA
int
DSA_bits(const DSA *dsa)
{
  return BN_num_bits(dsa->p);
}

#if LIBRESSLV_LESS(0x4020000FL) || !defined(LIBRESSL_VERSION_NUMBER)
DSA *
EVP_PKEY_get0_DSA(EVP_PKEY_GET0_CONST(EVP_PKEY) pkey)
{
  if (pkey->type != EVP_PKEY_DSA) {
    return NULL;
  }
  return pkey->pkey.dsa;
}
#endif

void
DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
{
  if (p != NULL) *p = d->p;
  if (q != NULL) *q = d->q;
  if (g != NULL) *g = d->g;
}

int
DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
{
  /* If the fields p, q and g in d are NULL, the corresponding input
   * parameters MUST be non-NULL.
   */
  if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) || (d->g == NULL && g == NULL))
    return 0;

  if (p != NULL) {
    BN_free(d->p);
    d->p = p;
  }
  if (q != NULL) {
    BN_free(d->q);
    d->q = q;
  }
  if (g != NULL) {
    BN_free(d->g);
    d->g = g;
  }

  return 1;
}

void
DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key)
{
  if (pub_key != NULL) *pub_key = d->pub_key;
  if (priv_key != NULL) *priv_key = d->priv_key;
}

int
DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
{
  /* If the field pub_key in d is NULL, the corresponding input
   * parameters MUST be non-NULL.  The priv_key field may
   * be left NULL.
   */
  if (d->pub_key == NULL && pub_key == NULL) return 0;

  if (pub_key != NULL) {
    BN_free(d->pub_key);
    d->pub_key = pub_key;
  }
  if (priv_key != NULL) {
    BN_free(d->priv_key);
    d->priv_key = priv_key;
  }

  return 1;
}
#endif

#if LIBRESSLV_LESS(0x4020000FL) || !defined(LIBRESSL_VERSION_NUMBER)
#ifndef OPENSSL_NO_EC
EC_KEY *
EVP_PKEY_get0_EC_KEY(EVP_PKEY_GET0_CONST(EVP_PKEY) pkey)
{
  if (pkey->type != EVP_PKEY_EC) {
    return NULL;
  }
  return pkey->pkey.ec;
}
#endif

#ifndef OPENSSL_NO_DH
DH *
EVP_PKEY_get0_DH(EVP_PKEY_GET0_CONST(EVP_PKEY) pkey)
{
  if (pkey->type != EVP_PKEY_DH) {
    return NULL;
  }
  return pkey->pkey.dh;
}
#endif

int
DH_bits(const DH *dh)
{
  return BN_num_bits(dh->p);
}

void
DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
{
  if (pub_key != NULL) *pub_key = dh->pub_key;
  if (priv_key != NULL) *priv_key = dh->priv_key;
}

int
DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
{
  /* If the field pub_key in dh is NULL, the corresponding input
   * parameters MUST be non-NULL.  The priv_key field may
   * be left NULL.
   */
  if (dh->pub_key == NULL && pub_key == NULL) return 0;

  if (pub_key != NULL) {
    BN_free(dh->pub_key);
    dh->pub_key = pub_key;
  }
  if (priv_key != NULL) {
    BN_free(dh->priv_key);
    dh->priv_key = priv_key;
  }

  return 1;
}
void
DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
{
  if (p != NULL) *p = dh->p;
  if (q != NULL) *q = dh->q;
  if (g != NULL) *g = dh->g;
}

int
DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
{
  /* If the fields p and g in d are NULL, the corresponding input
   * parameters MUST be non-NULL.  q may remain NULL.
   */
  if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL)) return 0;

  if (p != NULL) {
    BN_free(dh->p);
    dh->p = p;
  }
  if (q != NULL) {
    BN_free(dh->q);
    dh->q = q;
  }
  if (g != NULL) {
    BN_free(dh->g);
    dh->g = g;
  }

  if (q != NULL) {
    dh->length = BN_num_bits(q);
  }

  return 1;
}
#endif

int
EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
{
  int ret;

  ret = EVP_CIPHER_CTX_cleanup(ctx);
  if (!ret) EVP_CIPHER_CTX_init(ctx);
  return ret;
}

EVP_MD_CTX *
EVP_MD_CTX_new(void)
{
  EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX));
  if (ctx) memset(ctx, 0, sizeof(*ctx));
  return ctx;
}

int
EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
{
  return EVP_MD_CTX_cleanup(ctx);
}

void
EVP_MD_CTX_free(EVP_MD_CTX *ctx)
{
  EVP_MD_CTX_cleanup(ctx);
  OPENSSL_free(ctx);
}

void
X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg)
{
  if (psig != NULL) *psig = req->signature;
  if (palg != NULL) *palg = req->sig_alg;
}

void
X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg)
{
  if (psig != NULL) *psig = crl->signature;
  if (palg != NULL) *palg = crl->sig_alg;
}

const ASN1_TIME *
X509_CRL_get0_lastUpdate(const X509_CRL *crl)
{
  return crl->crl->lastUpdate;
}

const ASN1_TIME *
X509_CRL_get0_nextUpdate(const X509_CRL *crl)
{
  return crl->crl->nextUpdate;
}

#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L &&                                                  \
          !defined(LIBRESSL_VERSION_NUMBER) */

#if OPENSSLV_LESS(0x10100000L) || IS_LIBRESSL()

X509_PUBKEY *
X509_REQ_get_X509_PUBKEY(X509_REQ *req)
{
#if OPENSSLV_LESS(0x10100000L) || LIBRESSLV_LESS(0x3050000fL)
  return req->req_info->pubkey;
#else
  return NULL;
#endif
}

#if !IS_LIBRESSL() || LIBRESSLV_LESS(0x3050000fL)

int
i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
{
  req->req_info->enc.modified = 1;
  return i2d_X509_REQ_INFO(req->req_info, pp);
}

#if !IS_LIBRESSL() || LIBRESSLV_LESS(0x3040100fL)
int
BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
{
  int ret;
  int sz = BN_num_bytes(a);
  if (sz > tolen) return -1;

  memset(to, 0, tolen);
  ret = BN_bn2bin(a, to + tolen - sz);
  if (ret >= 0) return ret + (tolen - sz);
  return ret;
}
#endif

#if !IS_LIBRESSL() || LIBRESSLV_LESS(0x3030000fL)
const unsigned char *
ASN1_STRING_get0_data(const ASN1_STRING *x)
{
  return x->data;
}

const ASN1_INTEGER *
X509_get0_serialNumber(const X509 *a)
{
  return a->cert_info->serialNumber;
}

const STACK_OF(X509_EXTENSION) * X509_get0_extensions(const X509 *x)
{
  return x->cert_info->extensions;
}

const ASN1_TIME *
X509_REVOKED_get0_revocationDate(const X509_REVOKED *x)
{
  return x->revocationDate;
}

const ASN1_INTEGER *
X509_REVOKED_get0_serialNumber(const X509_REVOKED *x)
{
  return x->serialNumber;
}

const STACK_OF(X509_EXTENSION) * X509_REVOKED_get0_extensions(const X509_REVOKED *r)
{
  return r->extensions;
}

const STACK_OF(X509_EXTENSION) * X509_CRL_get0_extensions(const X509_CRL *crl)
{
  return crl->crl->extensions;
}
#endif /* !IS_LIBRESSL() || LIBRESSLV_LESS(0x3030000fL) */

#ifndef OPENSSL_NO_OCSP

#if !IS_LIBRESSL() || LIBRESSLV_LESS(0x3030000fL)
const OCSP_CERTID *
OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
{
  return single->certId;
}
#endif /* !IS_LIBRESSL() || LIBRESSLV_LESS(0x3030000fL) */

const ASN1_GENERALIZEDTIME *
OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs)
{
  return bs->tbsResponseData->producedAt;
}

const STACK_OF(X509) * OCSP_resp_get0_certs(const OCSP_BASICRESP *bs)
{
  return bs->certs;
}

int
OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING **pid, const X509_NAME **pname)
{
  const OCSP_RESPID *rid = bs->tbsResponseData->responderId;

  if (rid->type == V_OCSP_RESPID_NAME) {
    *pname = rid->value.byName;
    *pid = NULL;
  } else if (rid->type == V_OCSP_RESPID_KEY) {
    *pid = rid->value.byKey;
    *pname = NULL;
  } else {
    return 0;
  }
  return 1;
}

const ASN1_OCTET_STRING *
OCSP_resp_get0_signature(const OCSP_BASICRESP *bs)
{
  return bs->signature;
}

const X509_ALGOR *
OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs)
{
  return bs->signatureAlgorithm;
}
#endif /* OPENSSL_NO_OCSP */

#endif /* !IS_LIBRESSL() || LIBRESSLV_LESS(0x3030000fL) */

#ifndef OPENSSL_NO_TS

#if !IS_LIBRESSL() || LIBRESSLV_LESS(0x3060000fL)

const ASN1_INTEGER *
TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a)
{
  return a->status;
}
const STACK_OF(ASN1_UTF8STRING) * TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a)
{
  return a->text;
}

const ASN1_BIT_STRING *
TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a)
{
  return a->failure_info;
}

int
TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f)
{
  ctx->flags |= f;
  return ctx->flags;
}

int
TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f)
{
  ctx->flags = f;
  return ctx->flags;
}

BIO *
TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b)
{
  ctx->data = b;
  return ctx->data;
}

X509_STORE *
TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s)
{
  ctx->store = s;
  return ctx->store;
}

STACK_OF(X509) * TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) * certs)
{
  ctx->certs = certs;
  return ctx->certs;
}

unsigned char *
TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, unsigned char *hexstr, long len)
{
  OPENSSL_free(ctx->imprint);
  ctx->imprint = hexstr;
  ctx->imprint_len = len;
  return ctx->imprint;
}
#endif /* !IS_LIBRESSL() || LIBRESSLV_LESS(0x3060000fL) */
#endif /* OPENSSL_NO_TS */

#endif /* OPENSSLV_LESS(0x10100000L) || IS_LIBRESSL() */

#if IS_LIBRESSL() && LIBRESSLV_LESS(0x3050000fL)
#ifndef OPENSSL_NO_DSA
int
DSA_bits(const DSA *dsa)
{
  return BN_num_bits(dsa->p);
}
#endif

int
i2d_re_X509_tbs(X509 *x, unsigned char **pp)
{
  x->cert_info->enc.modified = 1;
  return i2d_X509_CINF(x->cert_info, pp);
}
#endif /* IS_LIBRESSL() && LIBRESSLV_LESS(0x3050000fL)*/

/* EVP_PKEY_dup fallback for OpenSSL < 3.0 and LibreSSL.
 * Uses BIO-based serialization round-trip to duplicate the key.
 * First tries PKCS#8 PrivateKeyInfo (for private keys),
 * then falls back to SubjectPublicKeyInfo (for public keys). */
#if OPENSSL_VERSION_NUMBER < 0x30000000L || defined(LIBRESSL_VERSION_NUMBER)
EVP_PKEY *
EVP_PKEY_dup(EVP_PKEY *pkey)
{
  EVP_PKEY *dup = NULL;
  BIO *bio = NULL;
  unsigned char *buf = NULL;
  long len;

  if (pkey == NULL)
    return NULL;

  /* Try PKCS#8 PrivateKeyInfo round-trip first (works for private keys) */
  bio = BIO_new(BIO_s_mem());
  if (bio == NULL)
    return NULL;

  if (i2d_PKCS8PrivateKey_bio(bio, pkey, NULL, NULL, 0, NULL, NULL)) {
    len = BIO_get_mem_data(bio, NULL);
    if (len > 0) {
      buf = OPENSSL_malloc((size_t)len);
      if (buf) {
        if (BIO_read(bio, buf, len) == len) {
          const unsigned char *pp = buf;
          dup = d2i_AutoPrivateKey(NULL, &pp, len);
        }
        OPENSSL_free(buf);
        buf = NULL;
      }
    }
  }

  if (dup == NULL) {
    /* Try SubjectPublicKeyInfo round-trip (works for public keys) */
    (void)BIO_reset(bio);
    if (i2d_PUBKEY_bio(bio, pkey)) {
      len = BIO_get_mem_data(bio, NULL);
      if (len > 0) {
        buf = OPENSSL_malloc((size_t)len);
        if (buf) {
          if (BIO_read(bio, buf, len) == len) {
            const unsigned char *pp = buf;
            dup = d2i_PUBKEY(NULL, &pp, len);
          }
          OPENSSL_free(buf);
        }
      }
    }
  }

  BIO_free(bio);
  return dup;
}
#endif


1	/***
2	compat module for OpenSSL version compatibility
3
4	This module provides compatibility functions for different versions
5	of OpenSSL, ensuring that lua-openssl works across multiple OpenSSL
6	versions by providing missing functions for older versions.
7
8	@module compat
9	@usage
10	-- Internal compatibility module
11	*/
12	#include "openssl.h"
13	#include "private.h"
14
15	#include <lauxlib.h>
16	#include <lua.h>
17	#include <lualib.h>
18
19	#if OPENSSLV_LESS(0x10100000L)
20
21	int
22	BIO_up_ref(BIO *b)	23✔
23	{
24	CRYPTO_add(&b->references, 1, CRYPTO_LOCK_BIO);	23✔
25	return 1;	23✔
26	}
27	int
28	X509_up_ref(X509 *x)	7✔
29	{
30	CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);	7✔
31	return 1;	7✔
32	}
33	int
34	X509_STORE_up_ref(X509_STORE *s)	40✔
35	{
36	CRYPTO_add(&s->references, 1, CRYPTO_LOCK_X509_STORE);	40✔
37	return 1;	40✔
38	}
39	int
40	EVP_PKEY_up_ref(EVP_PKEY *pkey)	2✔
41	{
42	CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);	2✔
43	return 1;	2✔
44	}
45
46	int
47	SSL_up_ref(SSL *ssl)	9✔
48	{
49	CRYPTO_add(&ssl->references, 1, CRYPTO_LOCK_SSL);	9✔
50	return 1;	9✔
51	}
52
53	int
54	SSL_CTX_up_ref(SSL_CTX *ctx)
55	{
56	CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
57	return 1;
58	}
59
60	int
61	SSL_SESSION_up_ref(SSL_SESSION *sess)
62	{
63	CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION);
64	return 1;
65	}
66
67	void
68	ECDSA_SIG_get0(const ECDSA_SIG sig, const BIGNUM pr, const BIGNUM *ps)	6✔
69	{
70	*pr = sig->r;	6✔
71	*ps = sig->s;	6✔
72	}	6✔
73	int
74	ECDSA_SIG_set0(ECDSA_SIG sig, BIGNUM r, BIGNUM *s)	6✔
75	{
76	if (r == NULL \|\| s == NULL) return 0;	6✔
77	BN_free(sig->r);	6✔
78	BN_free(sig->s);	6✔
79	sig->r = r;	6✔
80	sig->s = s;	6✔
81	return 1;	6✔
82	}
83
84	#ifndef OPENSSL_NO_RSA
85	int
86	RSA_bits(const RSA *r)	4✔
87	{
88	return (BN_num_bits(r->n));	4✔
89	}
90
91	void
92	RSA_get0_key(const RSA r, const BIGNUM n, const BIGNUM e, const BIGNUM *d)	99✔
93	{
94	if (n != NULL) *n = r->n;	99✔
95	if (e != NULL) *e = r->e;	99✔
96	if (d != NULL) *d = r->d;	99✔
97	}	99✔
98
99	void
100	RSA_get0_factors(const RSA r, const BIGNUM p, const BIGNUM *q)	4✔
101	{
102	if (p != NULL) *p = r->p;	4✔
103	if (q != NULL) *q = r->q;	4✔
104	}	4✔
105
106	void
107	RSA_get0_crt_params(const RSA r, const BIGNUM dmp1, const BIGNUM dmq1, const BIGNUM *iqmp)	4✔
108	{
109	if (dmp1 != NULL) *dmp1 = r->dmp1;	4✔
110	if (dmq1 != NULL) *dmq1 = r->dmq1;	4✔
111	if (iqmp != NULL) *iqmp = r->iqmp;	4✔
112	}	4✔
113
114	#if LIBRESSLV_LESS(0x4020000FL) \|\| !defined(LIBRESSL_VERSION_NUMBER)
115	RSA *
116	EVP_PKEY_get0_RSA(EVP_PKEY_GET0_CONST(EVP_PKEY) pkey)	104✔
117	{
118	if (pkey->type != EVP_PKEY_RSA) {	104✔
119	return NULL;
120	}
121	return pkey->pkey.rsa;	104✔
122	}
123	#endif
124
125	int
126	RSA_set0_key(RSA r, BIGNUM n, BIGNUM e, BIGNUM d)	1✔
127	{
128	/* If the fields n and e in r are NULL, the corresponding input
129	* parameters MUST be non-NULL for n and e. d may be
130	* left NULL (in case only the public key is used).
131	*/
132	if ((r->n == NULL && n == NULL) \|\| (r->e == NULL && e == NULL)) return 0;	1✔
133
134	if (n != NULL) {	1✔
135	BN_free(r->n);	1✔
136	r->n = n;	1✔
137	}
138	if (e != NULL) {	1✔
139	BN_free(r->e);	1✔
140	r->e = e;	1✔
141	}
142	if (d != NULL) {	1✔
143	BN_free(r->d);	1✔
144	r->d = d;	1✔
145	}
146
147	return 1;	1✔
148	}
149
150	int
151	RSA_set0_factors(RSA r, BIGNUM p, BIGNUM *q)	1✔
152	{
153	/* If the fields p and q in r are NULL, the corresponding input
154	* parameters MUST be non-NULL.
155	*/
156	if ((r->p == NULL && p == NULL) \|\| (r->q == NULL && q == NULL)) return 0;	1✔
157
158	if (p != NULL) {	1✔
159	BN_free(r->p);	1✔
160	r->p = p;	1✔
161	}
162	if (q != NULL) {	1✔
163	BN_free(r->q);	1✔
164	r->q = q;	1✔
165	}
166
167	return 1;	1✔
168	}
169
170	int
171	RSA_set0_crt_params(RSA r, BIGNUM dmp1, BIGNUM dmq1, BIGNUM iqmp)	1✔
172	{
173	/* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
174	* parameters MUST be non-NULL.
175	*/
176	if ((r->dmp1 == NULL && dmp1 == NULL) \|\| (r->dmq1 == NULL && dmq1 == NULL)	1✔
177	\|\| (r->iqmp == NULL && iqmp == NULL))	1✔
178	return 0;
179
180	if (dmp1 != NULL) {	1✔
181	BN_free(r->dmp1);	1✔
182	r->dmp1 = dmp1;	1✔
183	}
184	if (dmq1 != NULL) {	1✔
185	BN_free(r->dmq1);	1✔
186	r->dmq1 = dmq1;	1✔
187	}
188	if (iqmp != NULL) {	1✔
189	BN_free(r->iqmp);	1✔
190	r->iqmp = iqmp;	1✔
191	}
192
193	return 1;	1✔
194	}
195	#endif
196
197	#ifndef OPENSSL_NO_HMAC
198	HMAC_CTX *
199	HMAC_CTX_new(void)	4✔
200	{
201	HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX));	4✔
202
203	if (ctx != NULL) {	4✔
204	HMAC_CTX_init(ctx);	4✔
205	}
206	return ctx;	4✔
207	}
208
209	void
210	HMAC_CTX_free(HMAC_CTX *ctx)	4✔
211	{
212	if (ctx != NULL) {	4✔
213	HMAC_CTX_cleanup(ctx);	4✔
214	OPENSSL_free(ctx);	4✔
215	}
216	}	4✔
217	#endif
218
219	#ifndef OPENSSL_NO_DSA
220	int
221	DSA_bits(const DSA *dsa)	4✔
222	{
223	return BN_num_bits(dsa->p);	4✔
224	}
225
226	#if LIBRESSLV_LESS(0x4020000FL) \|\| !defined(LIBRESSL_VERSION_NUMBER)
227	DSA *
228	EVP_PKEY_get0_DSA(EVP_PKEY_GET0_CONST(EVP_PKEY) pkey)	78✔
229	{
230	if (pkey->type != EVP_PKEY_DSA) {	78✔
231	return NULL;
232	}
233	return pkey->pkey.dsa;	78✔
234	}
235	#endif
236
237	void
238	DSA_get0_pqg(const DSA d, const BIGNUM p, const BIGNUM q, const BIGNUM *g)	4✔
239	{
240	if (p != NULL) *p = d->p;	4✔
241	if (q != NULL) *q = d->q;	4✔
242	if (g != NULL) *g = d->g;	4✔
243	}	4✔
244
245	int
246	DSA_set0_pqg(DSA d, BIGNUM p, BIGNUM q, BIGNUM g)	1✔
247	{
248	/* If the fields p, q and g in d are NULL, the corresponding input
249	* parameters MUST be non-NULL.
250	*/
251	if ((d->p == NULL && p == NULL) \|\| (d->q == NULL && q == NULL) \|\| (d->g == NULL && g == NULL))	1✔
252	return 0;
253
254	if (p != NULL) {	1✔
255	BN_free(d->p);	1✔
256	d->p = p;	1✔
257	}
258	if (q != NULL) {	1✔
259	BN_free(d->q);	1✔
260	d->q = q;	1✔
261	}
262	if (g != NULL) {	1✔
263	BN_free(d->g);	1✔
264	d->g = g;	1✔
265	}
266
267	return 1;	1✔
268	}
269
270	void
271	DSA_get0_key(const DSA d, const BIGNUM pub_key, const BIGNUM *priv_key)	73✔
272	{
273	if (pub_key != NULL) *pub_key = d->pub_key;	73✔
274	if (priv_key != NULL) *priv_key = d->priv_key;	73✔
275	}	73✔
276
277	int
278	DSA_set0_key(DSA d, BIGNUM pub_key, BIGNUM *priv_key)	1✔
279	{
280	/* If the field pub_key in d is NULL, the corresponding input
281	* parameters MUST be non-NULL. The priv_key field may
282	* be left NULL.
283	*/
284	if (d->pub_key == NULL && pub_key == NULL) return 0;	1✔
285
286	if (pub_key != NULL) {	1✔
287	BN_free(d->pub_key);	1✔
288	d->pub_key = pub_key;	1✔
289	}
290	if (priv_key != NULL) {	1✔
291	BN_free(d->priv_key);	1✔
292	d->priv_key = priv_key;	1✔
293	}
294
295	return 1;	1✔
296	}
297	#endif
298
299	#if LIBRESSLV_LESS(0x4020000FL) \|\| !defined(LIBRESSL_VERSION_NUMBER)
300	#ifndef OPENSSL_NO_EC
301	EC_KEY *
302	EVP_PKEY_get0_EC_KEY(EVP_PKEY_GET0_CONST(EVP_PKEY) pkey)	90✔
303	{
304	if (pkey->type != EVP_PKEY_EC) {	90✔
305	return NULL;
306	}
307	return pkey->pkey.ec;	90✔
308	}
309	#endif
310
311	#ifndef OPENSSL_NO_DH
312	DH *
313	EVP_PKEY_get0_DH(EVP_PKEY_GET0_CONST(EVP_PKEY) pkey)	60✔
314	{
315	if (pkey->type != EVP_PKEY_DH) {	60✔
316	return NULL;
317	}
318	return pkey->pkey.dh;	60✔
319	}
320	#endif
321
322	int
323	DH_bits(const DH *dh)	2✔
324	{
325	return BN_num_bits(dh->p);	2✔
326	}
327
328	void
329	DH_get0_key(const DH dh, const BIGNUM pub_key, const BIGNUM *priv_key)	62✔
330	{
331	if (pub_key != NULL) *pub_key = dh->pub_key;	62✔
332	if (priv_key != NULL) *priv_key = dh->priv_key;	62✔
333	}	62✔
334
335	int
336	DH_set0_key(DH dh, BIGNUM pub_key, BIGNUM *priv_key)	1✔
337	{
338	/* If the field pub_key in dh is NULL, the corresponding input
339	* parameters MUST be non-NULL. The priv_key field may
340	* be left NULL.
341	*/
342	if (dh->pub_key == NULL && pub_key == NULL) return 0;	1✔
343
344	if (pub_key != NULL) {	1✔
345	BN_free(dh->pub_key);	1✔
346	dh->pub_key = pub_key;	1✔
347	}
348	if (priv_key != NULL) {	1✔
349	BN_free(dh->priv_key);	1✔
350	dh->priv_key = priv_key;	1✔
351	}
352
353	return 1;	1✔
354	}
355	void
356	DH_get0_pqg(const DH dh, const BIGNUM p, const BIGNUM q, const BIGNUM *g)	2✔
357	{
358	if (p != NULL) *p = dh->p;	2✔
359	if (q != NULL) *q = dh->q;	2✔
360	if (g != NULL) *g = dh->g;	2✔
361	}	2✔
362
363	int
364	DH_set0_pqg(DH dh, BIGNUM p, BIGNUM q, BIGNUM g)	1✔
365	{
366	/* If the fields p and g in d are NULL, the corresponding input
367	* parameters MUST be non-NULL. q may remain NULL.
368	*/
369	if ((dh->p == NULL && p == NULL) \|\| (dh->g == NULL && g == NULL)) return 0;	1✔
370
371	if (p != NULL) {	1✔
372	BN_free(dh->p);	1✔
373	dh->p = p;	1✔
374	}
375	if (q != NULL) {	1✔
376	BN_free(dh->q);
377	dh->q = q;
378	}
379	if (g != NULL) {	1✔
380	BN_free(dh->g);	1✔
381	dh->g = g;	1✔
382	}
383
384	if (q != NULL) {	1✔
385	dh->length = BN_num_bits(q);
386	}
387
388	return 1;	1✔
389	}
390	#endif
391
392	int
393	EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)	8✔
394	{
395	int ret;
396
397	ret = EVP_CIPHER_CTX_cleanup(ctx);	8✔
398	if (!ret) EVP_CIPHER_CTX_init(ctx);	8✔
399	return ret;	8✔
400	}
401
402	EVP_MD_CTX *
403	EVP_MD_CTX_new(void)	49✔
404	{
405	EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX));	49✔
406	if (ctx) memset(ctx, 0, sizeof(*ctx));	49✔
407	return ctx;	49✔
408	}
409
410	int
411	EVP_MD_CTX_reset(EVP_MD_CTX *ctx)	12✔
412	{
413	return EVP_MD_CTX_cleanup(ctx);	12✔
414	}
415
416	void
417	EVP_MD_CTX_free(EVP_MD_CTX *ctx)	49✔
418	{
419	EVP_MD_CTX_cleanup(ctx);	49✔
420	OPENSSL_free(ctx);	49✔
421	}	49✔
422
423	void
424	X509_REQ_get0_signature(const X509_REQ req, const ASN1_BIT_STRING psig, const X509_ALGOR *palg)	31✔
425	{
426	if (psig != NULL) *psig = req->signature;	31✔
427	if (palg != NULL) *palg = req->sig_alg;	31✔
428	}	31✔
429
430	void
431	X509_CRL_get0_signature(const X509_CRL crl, const ASN1_BIT_STRING psig, const X509_ALGOR *palg)	2✔
432	{
433	if (psig != NULL) *psig = crl->signature;	2✔
434	if (palg != NULL) *palg = crl->sig_alg;	2✔
435	}	2✔
436
437	const ASN1_TIME *
438	X509_CRL_get0_lastUpdate(const X509_CRL *crl)	5✔
439	{
440	return crl->crl->lastUpdate;	5✔
441	}
442
443	const ASN1_TIME *
444	X509_CRL_get0_nextUpdate(const X509_CRL *crl)	5✔
445	{
446	return crl->crl->nextUpdate;	5✔
447	}
448
449	#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L && \
450	!defined(LIBRESSL_VERSION_NUMBER) */
451
452	#if OPENSSLV_LESS(0x10100000L) \|\| IS_LIBRESSL()
453
454	X509_PUBKEY *
455	X509_REQ_get_X509_PUBKEY(X509_REQ *req)	29✔
456	{
457	#if OPENSSLV_LESS(0x10100000L) \|\| LIBRESSLV_LESS(0x3050000fL)
458	return req->req_info->pubkey;	29✔
459	#else
460	return NULL;
461	#endif
462	}
463
464	#if !IS_LIBRESSL() \|\| LIBRESSLV_LESS(0x3050000fL)
465
466	int
467	i2d_re_X509_REQ_tbs(X509_REQ req, unsigned char *pp)	2✔
468	{
469	req->req_info->enc.modified = 1;	2✔
470	return i2d_X509_REQ_INFO(req->req_info, pp);	2✔
471	}
472
473	#if !IS_LIBRESSL() \|\| LIBRESSLV_LESS(0x3040100fL)
474	int
475	BN_bn2binpad(const BIGNUM a, unsigned char to, int tolen)	7✔
476	{
477	int ret;
478	int sz = BN_num_bytes(a);	7✔
479	if (sz > tolen) return -1;	7✔
480
481	memset(to, 0, tolen);	7✔
482	ret = BN_bn2bin(a, to + tolen - sz);	7✔
483	if (ret >= 0) return ret + (tolen - sz);	7✔
484	return ret;
485	}
486	#endif
487
488	#if !IS_LIBRESSL() \|\| LIBRESSLV_LESS(0x3030000fL)
489	const unsigned char *
490	ASN1_STRING_get0_data(const ASN1_STRING *x)	102✔
491	{
492	return x->data;	102✔
493	}
494
495	const ASN1_INTEGER *
496	X509_get0_serialNumber(const X509 *a)	14✔
497	{
498	return a->cert_info->serialNumber;	14✔
499	}
500
501	const STACK_OF(X509_EXTENSION) * X509_get0_extensions(const X509 *x)	16✔
502	{
503	return x->cert_info->extensions;	16✔
504	}
505
506	const ASN1_TIME *
507	X509_REVOKED_get0_revocationDate(const X509_REVOKED *x)	10✔
508	{
509	return x->revocationDate;	10✔
510	}
511
512	const ASN1_INTEGER *
513	X509_REVOKED_get0_serialNumber(const X509_REVOKED *x)	10✔
514	{
515	return x->serialNumber;	10✔
516	}
517
518	const STACK_OF(X509_EXTENSION) * X509_REVOKED_get0_extensions(const X509_REVOKED *r)	10✔
519	{
520	return r->extensions;	10✔
521	}
522
523	const STACK_OF(X509_EXTENSION) * X509_CRL_get0_extensions(const X509_CRL *crl)	4✔
524	{
525	return crl->crl->extensions;	4✔
526	}
527	#endif /* !IS_LIBRESSL() \|\| LIBRESSLV_LESS(0x3030000fL) */
528
529	#ifndef OPENSSL_NO_OCSP
530
531	#if !IS_LIBRESSL() \|\| LIBRESSLV_LESS(0x3030000fL)
532	const OCSP_CERTID *
533	OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)	1✔
534	{
535	return single->certId;	1✔
536	}
537	#endif /* !IS_LIBRESSL() \|\| LIBRESSLV_LESS(0x3030000fL) */
538
539	const ASN1_GENERALIZEDTIME *
540	OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs)	1✔
541	{
542	return bs->tbsResponseData->producedAt;	1✔
543	}
544
545	const STACK_OF(X509) * OCSP_resp_get0_certs(const OCSP_BASICRESP *bs)	1✔
546	{
547	return bs->certs;	1✔
548	}
549
550	int
551	OCSP_resp_get0_id(const OCSP_BASICRESP bs, const ASN1_OCTET_STRING pid, const X509_NAME *pname)	1✔
552	{
553	const OCSP_RESPID *rid = bs->tbsResponseData->responderId;	1✔
554
555	if (rid->type == V_OCSP_RESPID_NAME) {	1✔
556	*pname = rid->value.byName;	1✔
557	*pid = NULL;	1✔
558	} else if (rid->type == V_OCSP_RESPID_KEY) {
559	*pid = rid->value.byKey;
560	*pname = NULL;
561	} else {
562	return 0;
563	}
564	return 1;	1✔
565	}
566
567	const ASN1_OCTET_STRING *
568	OCSP_resp_get0_signature(const OCSP_BASICRESP *bs)	1✔
569	{
570	return bs->signature;	1✔
571	}
572
573	const X509_ALGOR *
574	OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs)	1✔
575	{
576	return bs->signatureAlgorithm;	1✔
577	}
578	#endif /* OPENSSL_NO_OCSP */
579
580	#endif /* !IS_LIBRESSL() \|\| LIBRESSLV_LESS(0x3030000fL) */
581
582	#ifndef OPENSSL_NO_TS
583
584	#if !IS_LIBRESSL() \|\| LIBRESSLV_LESS(0x3060000fL)
585
586	const ASN1_INTEGER *
587	TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a)	8✔
588	{
589	return a->status;	8✔
590	}
591	const STACK_OF(ASN1_UTF8STRING) * TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a)	8✔
592	{
593	return a->text;	8✔
594	}
595
596	const ASN1_BIT_STRING *
597	TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a)	8✔
598	{
599	return a->failure_info;	8✔
600	}
601
602	int
603	TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f)	12✔
604	{
605	ctx->flags \|= f;	12✔
606	return ctx->flags;	12✔
607	}
608
609	int
610	TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f)	12✔
611	{
612	ctx->flags = f;	12✔
613	return ctx->flags;	12✔
614	}
615
616	BIO *
617	TS_VERIFY_CTX_set_data(TS_VERIFY_CTX ctx, BIO b)	24✔
618	{
619	ctx->data = b;	24✔
620	return ctx->data;	24✔
621	}
622
623	X509_STORE *
624	TS_VERIFY_CTX_set_store(TS_VERIFY_CTX ctx, X509_STORE s)	36✔
625	{
626	ctx->store = s;	36✔
627	return ctx->store;	36✔
628	}
629
630	STACK_OF(X509) * TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX ctx, STACK_OF(X509) certs)
631	{
632	ctx->certs = certs;
633	return ctx->certs;
634	}
635
636	unsigned char *
637	TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX ctx, unsigned char hexstr, long len)	24✔
638	{
639	OPENSSL_free(ctx->imprint);	24✔
640	ctx->imprint = hexstr;	24✔
641	ctx->imprint_len = len;	24✔
642	return ctx->imprint;	24✔
643	}
644	#endif /* !IS_LIBRESSL() \|\| LIBRESSLV_LESS(0x3060000fL) */
645	#endif /* OPENSSL_NO_TS */
646
647	#endif /* OPENSSLV_LESS(0x10100000L) \|\| IS_LIBRESSL() */
648
649	#if IS_LIBRESSL() && LIBRESSLV_LESS(0x3050000fL)
650	#ifndef OPENSSL_NO_DSA
651	int
652	DSA_bits(const DSA *dsa)
653	{
654	return BN_num_bits(dsa->p);
655	}
656	#endif
657
658	int
659	i2d_re_X509_tbs(X509 x, unsigned char *pp)
660	{
661	x->cert_info->enc.modified = 1;
662	return i2d_X509_CINF(x->cert_info, pp);
663	}
664	#endif /* IS_LIBRESSL() && LIBRESSLV_LESS(0x3050000fL)*/
665
666	/* EVP_PKEY_dup fallback for OpenSSL < 3.0 and LibreSSL.
667	* Uses BIO-based serialization round-trip to duplicate the key.
668	* First tries PKCS#8 PrivateKeyInfo (for private keys),
669	* then falls back to SubjectPublicKeyInfo (for public keys). */
670	#if OPENSSL_VERSION_NUMBER < 0x30000000L \|\| defined(LIBRESSL_VERSION_NUMBER)
671	EVP_PKEY *
NEW 672	EVP_PKEY_dup(EVP_PKEY *pkey)	×
673	{
NEW 674	EVP_PKEY *dup = NULL;	×
NEW 675	BIO *bio = NULL;	×
NEW 676	unsigned char *buf = NULL;	×
677	long len;
678
NEW 679	if (pkey == NULL)	×
NEW 680	return NULL;	×
681
682	/* Try PKCS#8 PrivateKeyInfo round-trip first (works for private keys) */
NEW 683	bio = BIO_new(BIO_s_mem());	×
NEW 684	if (bio == NULL)	×
NEW 685	return NULL;	×
686
NEW 687	if (i2d_PKCS8PrivateKey_bio(bio, pkey, NULL, NULL, 0, NULL, NULL)) {	×
NEW 688	len = BIO_get_mem_data(bio, NULL);	×
NEW 689	if (len > 0) {	×
NEW 690	buf = OPENSSL_malloc((size_t)len);	×
NEW 691	if (buf) {	×
NEW 692	if (BIO_read(bio, buf, len) == len) {	×
NEW 693	const unsigned char *pp = buf;	×
NEW 694	dup = d2i_AutoPrivateKey(NULL, &pp, len);	×
695	}
NEW 696	OPENSSL_free(buf);	×
NEW 697	buf = NULL;	×
698	}
699	}
700	}
701
NEW 702	if (dup == NULL) {	×
703	/* Try SubjectPublicKeyInfo round-trip (works for public keys) */
NEW 704	(void)BIO_reset(bio);	×
NEW 705	if (i2d_PUBKEY_bio(bio, pkey)) {	×
NEW 706	len = BIO_get_mem_data(bio, NULL);	×
NEW 707	if (len > 0) {	×
NEW 708	buf = OPENSSL_malloc((size_t)len);	×
NEW 709	if (buf) {	×
NEW 710	if (BIO_read(bio, buf, len) == len) {	×
NEW 711	const unsigned char *pp = buf;	×
NEW 712	dup = d2i_PUBKEY(NULL, &pp, len);	×
713	}
NEW 714	OPENSSL_free(buf);	×
715	}
716	}
717	}
718	}
719
NEW 720	BIO_free(bio);	×
NEW 721	return dup;	×
722	}
723	#endif
724

zhaozg / lua-openssl / 25776463823

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous