2025-12-21 10:45 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/evppkey.c
+ added new PRG functions:
EVP_PKEY_CTX_get_RSA_PSS_saltlen( <pKeyCTX>, @<nSaltLen> )
-> <nRetCode>
EVP_PKEY_CTX_set_RSA_PSS_saltlen( <pKeyCTX>, <nSaltLen> )
-> <nRetCode>
EVP_PKEY_CTX_get_signature_md( <pKeyCTX>, @<nEvpHash> )
-> <nRetCode>
EVP_PKEY_CTX_set_signature_md( <pKeyCTX>, <nEvpHash> | <cEvpHash> )
-> <nRetCode>
EVP_PKEY_sign_init( <pKeyCTX> ) -> <nRetCode>
EVP_PKEY_sign( <pKeyCTX>, @<cSignature>, <cData> ) -> <nRetCode>
EVP_PKEY_verify_init( <pKeyCTX> ) -> <nRetCode>
EVP_PKEY_verify( <pKeyCTX>, <cSignature>, <cData> ) -> <nRetCode>
* contrib/hbssl/hbssl.hbx
* contrib/hbssl/x509.c
+ added new PRG function:
X509_get_serialNumber( <pX509> ) -> <nSerialNum>
* src/rtl/base64d.c
* indenting
; question: With small modification we can add support for base64url
encoding (with additional parameter passed to hb_base64encode())
and decoding (can be done automatically by hb_base64decode()).
Do you think it's worth to do or it's such simple thing that
we should keep the code clean and user can make necessary
conversions themselves.
This commit is contained in:
Przemysław Czerpak
@@ -7,6 +7,37 @@
|
||||
Entries may not always be in chronological/commit order.
|
||||
See license at the end of file. */
|
||||
|
||||
2025-12-21 10:45 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
|
||||
* contrib/hbssl/hbssl.hbx
|
||||
* contrib/hbssl/evppkey.c
|
||||
+ added new PRG functions:
|
||||
EVP_PKEY_CTX_get_RSA_PSS_saltlen( <pKeyCTX>, @<nSaltLen> )
|
||||
-> <nRetCode>
|
||||
EVP_PKEY_CTX_set_RSA_PSS_saltlen( <pKeyCTX>, <nSaltLen> )
|
||||
-> <nRetCode>
|
||||
EVP_PKEY_CTX_get_signature_md( <pKeyCTX>, @<nEvpHash> )
|
||||
-> <nRetCode>
|
||||
EVP_PKEY_CTX_set_signature_md( <pKeyCTX>, <nEvpHash> | <cEvpHash> )
|
||||
-> <nRetCode>
|
||||
EVP_PKEY_sign_init( <pKeyCTX> ) -> <nRetCode>
|
||||
EVP_PKEY_sign( <pKeyCTX>, @<cSignature>, <cData> ) -> <nRetCode>
|
||||
EVP_PKEY_verify_init( <pKeyCTX> ) -> <nRetCode>
|
||||
EVP_PKEY_verify( <pKeyCTX>, <cSignature>, <cData> ) -> <nRetCode>
|
||||
|
||||
* contrib/hbssl/hbssl.hbx
|
||||
* contrib/hbssl/x509.c
|
||||
+ added new PRG function:
|
||||
X509_get_serialNumber( <pX509> ) -> <nSerialNum>
|
||||
|
||||
* src/rtl/base64d.c
|
||||
* indenting
|
||||
; question: With small modification we can add support for base64url
|
||||
encoding (with additional parameter passed to hb_base64encode())
|
||||
and decoding (can be done automatically by hb_base64decode()).
|
||||
Do you think it's worth to do or it's such simple thing that
|
||||
we should keep the code clean and user can make necessary
|
||||
conversions themselves.
|
||||
|
||||
2025-12-15 11:10 UTC+0100 Aleksander Czajczynski (hb fki.pl)
|
||||
* src/vm/runner.c
|
||||
! fix indentation
|
||||
|
||||
@@ -360,6 +360,43 @@ HB_FUNC( EVP_PKEY_CTX_GET_RSA_PADDING )
|
||||
#endif
|
||||
}
|
||||
|
||||
HB_FUNC( EVP_PKEY_CTX_SET_RSA_PSS_SALTLEN )
|
||||
{
|
||||
#if ! defined( OPENSSL_NO_RSA ) && OPENSSL_VERSION_NUMBER >= 0x10000000L
|
||||
EVP_PKEY_CTX * ctx = hb_EVP_PKEY_CTX_par( 1 );
|
||||
|
||||
if( ctx && HB_ISNUM( 2 ) )
|
||||
{
|
||||
hb_retni( EVP_PKEY_CTX_set_rsa_pss_saltlen( ctx, hb_parni( 2 ) ) );
|
||||
}
|
||||
else
|
||||
hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
|
||||
#else
|
||||
hb_errRT_BASE( EG_NOFUNC, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
|
||||
#endif
|
||||
}
|
||||
|
||||
HB_FUNC( EVP_PKEY_CTX_GET_RSA_PSS_SALTLEN )
|
||||
{
|
||||
#if ! defined( OPENSSL_NO_RSA ) && OPENSSL_VERSION_NUMBER >= 0x10000000L
|
||||
EVP_PKEY_CTX * ctx = hb_EVP_PKEY_CTX_par( 1 );
|
||||
|
||||
if( ctx )
|
||||
{
|
||||
int saltlen = 0, ret;
|
||||
|
||||
ret = EVP_PKEY_CTX_get_rsa_pss_saltlen( ctx, &saltlen );
|
||||
if( ret <= 0 )
|
||||
saltlen = ret;
|
||||
hb_retni( saltlen );
|
||||
}
|
||||
else
|
||||
hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
|
||||
#else
|
||||
hb_errRT_BASE( EG_NOFUNC, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
|
||||
#endif
|
||||
}
|
||||
|
||||
HB_FUNC( EVP_PKEY_CTX_SET_RSA_OAEP_MD )
|
||||
{
|
||||
#if ! defined( OPENSSL_NO_RSA ) && OPENSSL_VERSION_NUMBER >= 0x10000000L
|
||||
@@ -660,6 +697,137 @@ HB_FUNC( EVP_PKEY_DECRYPT )
|
||||
#endif
|
||||
}
|
||||
|
||||
HB_FUNC( EVP_PKEY_CTX_SET_SIGNATURE_MD )
|
||||
{
|
||||
#if ! defined( OPENSSL_NO_RSA ) && OPENSSL_VERSION_NUMBER >= 0x10000000L
|
||||
EVP_PKEY_CTX * ctx = hb_EVP_PKEY_CTX_par( 1 );
|
||||
const EVP_MD * md = hb_EVP_MD_par( 2 );
|
||||
|
||||
if( ctx && md )
|
||||
{
|
||||
hb_retni( EVP_PKEY_CTX_set_signature_md( ctx, md ) );
|
||||
}
|
||||
else
|
||||
hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
|
||||
#else
|
||||
hb_errRT_BASE( EG_NOFUNC, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
|
||||
#endif
|
||||
}
|
||||
|
||||
HB_FUNC( EVP_PKEY_CTX_GET_SIGNATURE_MD )
|
||||
{
|
||||
#if ! defined( OPENSSL_NO_RSA ) && OPENSSL_VERSION_NUMBER >= 0x10000000L
|
||||
EVP_PKEY_CTX * ctx = hb_EVP_PKEY_CTX_par( 1 );
|
||||
|
||||
if( ctx )
|
||||
{
|
||||
const EVP_MD * md = NULL;
|
||||
int ret;
|
||||
|
||||
ret = EVP_PKEY_CTX_get_signature_md( ctx, &md );
|
||||
if( ret > 0 )
|
||||
ret = hb_EVP_MD_ptr_to_id( md );
|
||||
hb_retni( ret );
|
||||
}
|
||||
else
|
||||
hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
|
||||
#else
|
||||
hb_errRT_BASE( EG_NOFUNC, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
HB_FUNC( EVP_PKEY_SIGN_INIT )
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
|
||||
EVP_PKEY_CTX * ctx = hb_EVP_PKEY_CTX_par( 1 );
|
||||
|
||||
if( ctx )
|
||||
{
|
||||
hb_retni( EVP_PKEY_sign_init( ctx ) );
|
||||
}
|
||||
else
|
||||
hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
|
||||
#else
|
||||
hb_errRT_BASE( EG_NOFUNC, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
|
||||
#endif
|
||||
}
|
||||
|
||||
HB_FUNC( EVP_PKEY_SIGN )
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
|
||||
EVP_PKEY_CTX * ctx = hb_EVP_PKEY_CTX_par( 1 );
|
||||
|
||||
if( ctx )
|
||||
{
|
||||
const unsigned char * tbs = ( const unsigned char * ) hb_parcx( 3 );
|
||||
size_t tbslen = ( size_t ) hb_parclen( 3 ), siglen = 0;
|
||||
unsigned char * sig = NULL;
|
||||
int ret;
|
||||
|
||||
ret = EVP_PKEY_sign( ctx, NULL, &siglen, tbs, tbslen );
|
||||
if( ret > 0 )
|
||||
{
|
||||
sig = ( unsigned char * ) hb_xgrab( siglen + 1 );
|
||||
|
||||
ret = EVP_PKEY_sign( ctx, sig, &siglen, tbs, tbslen );
|
||||
if( ret > 0 )
|
||||
{
|
||||
if( ! hb_storclen_buffer( ( char * ) sig, siglen, 2 ) )
|
||||
ret = 0;
|
||||
}
|
||||
}
|
||||
if( ret <= 0 )
|
||||
{
|
||||
if( sig )
|
||||
hb_xfree( sig );
|
||||
hb_storc( NULL, 2 );
|
||||
}
|
||||
hb_retni( ret );
|
||||
}
|
||||
else
|
||||
hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
|
||||
#else
|
||||
hb_errRT_BASE( EG_NOFUNC, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
|
||||
#endif
|
||||
}
|
||||
|
||||
HB_FUNC( EVP_PKEY_VERIFY_INIT )
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
|
||||
EVP_PKEY_CTX * ctx = hb_EVP_PKEY_CTX_par( 1 );
|
||||
|
||||
if( ctx )
|
||||
{
|
||||
hb_retni( EVP_PKEY_verify_init( ctx ) );
|
||||
}
|
||||
else
|
||||
hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
|
||||
#else
|
||||
hb_errRT_BASE( EG_NOFUNC, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
|
||||
#endif
|
||||
}
|
||||
|
||||
HB_FUNC( EVP_PKEY_VERIFY )
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
|
||||
EVP_PKEY_CTX * ctx = hb_EVP_PKEY_CTX_par( 1 );
|
||||
|
||||
if( ctx )
|
||||
{
|
||||
const unsigned char * sig = ( const unsigned char * ) hb_parcx( 2 );
|
||||
size_t siglen = ( size_t ) hb_parclen( 2 );
|
||||
const unsigned char * tbs = ( const unsigned char * ) hb_parcx( 3 );
|
||||
size_t tbslen = ( size_t ) hb_parclen( 3 );
|
||||
|
||||
hb_retni( EVP_PKEY_verify( ctx, sig, siglen, tbs, tbslen ) );
|
||||
}
|
||||
else
|
||||
hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
|
||||
#else
|
||||
hb_errRT_BASE( EG_NOFUNC, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
|
||||
#endif
|
||||
}
|
||||
|
||||
#if 0
|
||||
|
||||
@@ -678,16 +846,6 @@ int EVP_PKEY_decrypt( unsigned char * dec_key, const unsigned char * enc_key, in
|
||||
int EVP_PKEY_encrypt( unsigned char * enc_key, const unsigned char * key, int key_len, EVP_PKEY * pub_key );
|
||||
|
||||
/* 1.0.0 */
|
||||
int EVP_PKEY_sign_init( EVP_PKEY_CTX * ctx );
|
||||
int EVP_PKEY_sign( EVP_PKEY_CTX * ctx,
|
||||
unsigned char * sig, size_t * siglen,
|
||||
const unsigned char * tbs, size_t tbslen );
|
||||
|
||||
int EVP_PKEY_verify_init( EVP_PKEY_CTX * ctx );
|
||||
int EVP_PKEY_verify( EVP_PKEY_CTX * ctx,
|
||||
const unsigned char * sig, size_t siglen,
|
||||
const unsigned char * tbs, size_t tbslen );
|
||||
|
||||
int EVP_PKEY_verify_recover_init( EVP_PKEY_CTX * ctx );
|
||||
int EVP_PKEY_verify_recover( EVP_PKEY_CTX * ctx,
|
||||
unsigned char * rout, size_t * routlen,
|
||||
|
||||
@@ -168,18 +168,26 @@ DYNAMIC EVP_PKEY_bits
|
||||
DYNAMIC EVP_PKEY_CTX_get_RSA_MGF1_md
|
||||
DYNAMIC EVP_PKEY_CTX_get_RSA_OAEP_md
|
||||
DYNAMIC EVP_PKEY_CTX_get_RSA_padding
|
||||
DYNAMIC EVP_PKEY_CTX_get_RSA_PSS_saltlen
|
||||
DYNAMIC EVP_PKEY_CTX_get_signature_md
|
||||
DYNAMIC EVP_PKEY_CTX_new
|
||||
DYNAMIC EVP_PKEY_CTX_set_RSA_MGF1_md
|
||||
DYNAMIC EVP_PKEY_CTX_set_RSA_OAEP_md
|
||||
DYNAMIC EVP_PKEY_CTX_set_RSA_padding
|
||||
DYNAMIC EVP_PKEY_CTX_set_RSA_PSS_saltlen
|
||||
DYNAMIC EVP_PKEY_CTX_set_signature_md
|
||||
DYNAMIC EVP_PKEY_decrypt
|
||||
DYNAMIC EVP_PKEY_decrypt_init
|
||||
DYNAMIC EVP_PKEY_encrypt
|
||||
DYNAMIC EVP_PKEY_encrypt_init
|
||||
DYNAMIC EVP_PKEY_free
|
||||
DYNAMIC EVP_PKEY_new
|
||||
DYNAMIC EVP_PKEY_sign
|
||||
DYNAMIC EVP_PKEY_sign_init
|
||||
DYNAMIC EVP_PKEY_size
|
||||
DYNAMIC EVP_PKEY_type
|
||||
DYNAMIC EVP_PKEY_verify
|
||||
DYNAMIC EVP_PKEY_verify_init
|
||||
DYNAMIC EVP_SealFinal
|
||||
DYNAMIC EVP_SealInit
|
||||
DYNAMIC EVP_SealUpdate
|
||||
@@ -398,6 +406,7 @@ DYNAMIC SSL_want_x509_lookup
|
||||
DYNAMIC SSL_write
|
||||
DYNAMIC X509_get_issuer_name
|
||||
DYNAMIC X509_get_PubKey
|
||||
DYNAMIC X509_get_serialNumber
|
||||
DYNAMIC X509_get_subject_name
|
||||
DYNAMIC X509_name_oneline
|
||||
|
||||
|
||||
@@ -153,6 +153,27 @@ HB_FUNC( X509_NAME_ONELINE )
|
||||
#endif
|
||||
}
|
||||
|
||||
HB_FUNC( X509_GET_SERIALNUMBER )
|
||||
{
|
||||
if( hb_X509_is( 1 ) )
|
||||
{
|
||||
X509 * x509 = hb_X509_par( 1 );
|
||||
|
||||
if( x509 )
|
||||
{
|
||||
ASN1_INTEGER * a = X509_get_serialNumber( x509 );
|
||||
int64_t r = 0;
|
||||
|
||||
if( ASN1_INTEGER_get_int64( &r, a ) > 0 )
|
||||
hb_retnint( r );
|
||||
else
|
||||
hb_retni( -1 );
|
||||
}
|
||||
}
|
||||
else
|
||||
hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
|
||||
}
|
||||
|
||||
HB_FUNC( X509_GET_PUBKEY )
|
||||
{
|
||||
if( hb_X509_is( 1 ) )
|
||||
|
||||
@@ -56,7 +56,7 @@ static signed char base64_decode_value( int value_in )
|
||||
static const signed char s_decoding[] =
|
||||
{
|
||||
62, -1, -1, -1, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -2, -1,
|
||||
-1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17,
|
||||
-1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17,
|
||||
18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, -1, 26, 27, 28, 29, 30, 31,
|
||||
32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user