*/
int eqstr(const char *s1, const char *s2);
+/*
+ * Convert a string to a positive integer (size_t). Returned value is
+ * (size_t)-1 on error. On error, an explicit error message is printed.
+ */
+size_t parse_size(const char *s);
+
/*
* Structure for a known protocol version.
*/
*/
unsigned parse_hash_functions(const char *arg);
+/*
+ * Get a curve name (by ID). If the curve ID is not known, this returns
+ * NULL.
+ */
+const char *get_curve_name(int id);
+
+/*
+ * Get a curve name (by ID). The name is written in the provided buffer
+ * (zero-terminated). If the curve ID is not known, the name is
+ * "unknown (***)" where "***" is the decimal value of the identifier.
+ * If the name does not fit in the provided buffer, then dst[0] is set
+ * to 0 (unless len is 0, in which case nothing is written), and -1 is
+ * returned. Otherwise, the name is written in dst[] (with a terminating
+ * 0), and this function returns 0.
+ */
+int get_curve_name_ext(int id, char *dst, size_t len);
+
/*
* Type for a known cipher suite.
*/
#define REQ_SHA384 0x0008 /* suite needs SHA-384 */
#define REQ_AESCBC 0x0010 /* suite needs AES/CBC encryption */
#define REQ_AESGCM 0x0020 /* suite needs AES/GCM encryption */
-#define REQ_3DESCBC 0x0040 /* suite needs 3DES/CBC encryption */
-#define REQ_RSAKEYX 0x0080 /* suite uses RSA key exchange */
-#define REQ_ECDHE_RSA 0x0100 /* suite uses ECDHE_RSA key exchange */
-#define REQ_ECDHE_ECDSA 0x0200 /* suite uses ECDHE_ECDSA key exchange */
-#define REQ_ECDH 0x0400 /* suite uses static ECDH key exchange */
+#define REQ_CHAPOL 0x0040 /* suite needs ChaCha20+Poly1305 */
+#define REQ_3DESCBC 0x0080 /* suite needs 3DES/CBC encryption */
+#define REQ_RSAKEYX 0x0100 /* suite uses RSA key exchange */
+#define REQ_ECDHE_RSA 0x0200 /* suite uses ECDHE_RSA key exchange */
+#define REQ_ECDHE_ECDSA 0x0400 /* suite uses ECDHE_ECDSA key exchange */
+#define REQ_ECDH 0x0800 /* suite uses static ECDH key exchange */
/*
* Parse a list of cipher suite names. The names are comma-separated. If
*/
int get_suite_name_ext(unsigned suite, char *dst, size_t len);
+/*
+ * Tell whether a cipher suite uses ECDHE key exchange.
+ */
+int uses_ecdhe(unsigned suite);
+
/*
* Print out all known names (for protocol versions, cipher suites...).
*/
*/
const char *ec_curve_name(int curve);
+/*
+ * Get the symbolic name for a hash function name (by ID).
+ */
+const char *hash_function_name(int id);
+
/*
* Read a file completely. The returned block is allocated with xmalloc()
* and must be released by the caller.
*/
br_x509_certificate *read_certificates(const char *fname, size_t *num);
+/*
+ * Release certificates. This releases all certificate data arrays,
+ * and the whole array as well.
+ */
+void free_certificates(br_x509_certificate *certs, size_t num);
+
/*
* Interpret a certificate as a trust anchor. The trust anchor is
* newly allocated with xmalloc() and the caller must release it.
*/
size_t read_trust_anchors(anchor_list *dst, const char *fname);
+/*
+ * Get the "signer key type" for the certificate (key type of the
+ * issuing CA). On error, this prints a message on stderr, and returns 0.
+ */
+int get_cert_signer_algo(br_x509_certificate *xc);
+
/*
* Special "no anchor" X.509 validator that wraps around another X.509
* validator and turns "not trusted" error codes into success. This is
*/
void free_private_key(private_key *sk);
+/*
+ * Get the encoded OID for a given hash function (to use with PKCS#1
+ * signatures). If the hash function ID is 0 (for MD5+SHA-1), or if
+ * the ID is not one of the SHA-* functions (SHA-1, SHA-224, SHA-256,
+ * SHA-384, SHA-512), then this function returns NULL.
+ */
+const unsigned char *get_hash_oid(int id);
+
+/*
+ * Get a hash implementation by ID. This returns NULL if the hash
+ * implementation is not available.
+ */
+const br_hash_class *get_hash_impl(int id);
+
/*
* Find the symbolic name and the description for an error. If 'err' is
* recognised then the error symbolic name is returned; if 'comment' is
*/
const char *find_error_name(int err, const char **comment);
+/*
+ * Find the symbolic name for an algorithm implementation. Provided
+ * pointer should be a pointer to a vtable or to a function, where
+ * appropriate. If not recognised, then the string "UNKNOWN" is returned.
+ *
+ * If 'long_name' is non-zero, then the returned name recalls the
+ * algorithm type as well; otherwise, only the core implementation name
+ * is returned (e.g. the long name could be 'aes_big_cbcenc' while the
+ * short name is 'big').
+ */
+const char *get_algo_name(const void *algo, int long_name);
+
/*
* Run a SSL engine, with a socket connected to the peer, and using
- * stdin/stdout to exchange application data.
+ * stdin/stdout to exchange application data. The socket must be a
+ * non-blocking descriptor.
+ *
+ * To help with Win32 compatibility, the socket descriptor is provided
+ * as an "unsigned long" value.
*
* Returned value:
* 0 SSL connection closed successfully
* -1 early socket close
* -2 stdout was closed, or something failed badly
*/
-int run_ssl_engine(br_ssl_engine_context *eng, int fd, unsigned flags);
+int run_ssl_engine(br_ssl_engine_context *eng,
+ unsigned long fd, unsigned flags);
#define RUN_ENGINE_VERBOSE 0x0001 /* enable verbose messages */
#define RUN_ENGINE_TRACE 0x0002 /* hex dump of records */
*/
int do_chain(int argc, char *argv[]);
+/*
+ * Do the "twrch" command. Returned value is 0 on success, -1 on failure
+ * (processing or arguments), or a non-zero exit code. Command-line
+ * arguments start _after_ the command name.
+ */
+int do_twrch(int argc, char *argv[]);
+
#endif
projects / BearSSL / blobdiff