#include "pkinit_crypto_openssl.h"
+static void openssl_init(void);
+
+static krb5_error_code pkinit_init_pkinit_oids(pkinit_plg_crypto_context );
+static void pkinit_fini_pkinit_oids(pkinit_plg_crypto_context );
+
+static krb5_error_code pkinit_init_dh_params(pkinit_plg_crypto_context );
+static void pkinit_fini_dh_params(pkinit_plg_crypto_context );
+
+static krb5_error_code pkinit_init_certs(pkinit_identity_crypto_context ctx);
+static void pkinit_fini_certs(pkinit_identity_crypto_context ctx);
+
+static krb5_error_code pkinit_init_pkcs11(pkinit_identity_crypto_context ctx);
+static void pkinit_fini_pkcs11(pkinit_identity_crypto_context ctx);
+
+static krb5_error_code pkinit_encode_dh_params
+(BIGNUM *, BIGNUM *, BIGNUM *, unsigned char **, unsigned int *);
+static DH *pkinit_decode_dh_params
+(DH **, unsigned char **, unsigned int );
+static int pkinit_check_dh_params
+(BIGNUM * p1, BIGNUM * p2, BIGNUM * g1, BIGNUM * q1);
+
+static krb5_error_code pkinit_sign_data
+(krb5_context context, pkinit_identity_crypto_context cryptoctx,
+ unsigned char *data, unsigned int data_len,
+ unsigned char **sig, unsigned int *sig_len);
+
+static krb5_error_code create_signature
+(unsigned char **, unsigned int *, unsigned char *, unsigned int,
+ EVP_PKEY *pkey);
+
+static krb5_error_code pkinit_decode_data
+(krb5_context context, pkinit_identity_crypto_context cryptoctx,
+ unsigned char *data, unsigned int data_len,
+ unsigned char **decoded, unsigned int *decoded_len);
+
+static krb5_error_code decode_data
+(unsigned char **, unsigned int *, unsigned char *, unsigned int,
+ EVP_PKEY *pkey, X509 *cert);
+
+#ifdef DEBUG_DH
+static void print_dh(DH *, char *);
+static void print_pubkey(BIGNUM *, char *);
+#endif
+
+static int prepare_enc_data
+(unsigned char *indata, int indata_len, unsigned char **outdata,
+ int *outdata_len);
+
+static int openssl_callback (int, X509_STORE_CTX *);
+static int openssl_callback_ignore_crls (int, X509_STORE_CTX *);
+
+static int pkcs7_decrypt
+(krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
+ PKCS7 *p7, BIO *bio);
+
+static BIO * pkcs7_dataDecode
+(krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
+ PKCS7 *p7);
+
+static ASN1_OBJECT * pkinit_pkcs7type2oid
+(pkinit_plg_crypto_context plg_cryptoctx, int pkcs7_type);
+
+static krb5_error_code pkinit_create_sequence_of_principal_identifiers
+(krb5_context context, pkinit_plg_crypto_context plg_cryptoctx,
+ pkinit_req_crypto_context req_cryptoctx,
+ pkinit_identity_crypto_context id_cryptoctx,
+ int type, krb5_data **out_data);
+
+#ifndef WITHOUT_PKCS11
+static krb5_error_code pkinit_find_private_key
+(pkinit_identity_crypto_context, CK_ATTRIBUTE_TYPE usage,
+ CK_OBJECT_HANDLE *objp);
+static krb5_error_code pkinit_login
+(krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
+ CK_TOKEN_INFO *tip);
+static krb5_error_code pkinit_open_session
+(krb5_context context, pkinit_identity_crypto_context id_cryptoctx);
+static void * pkinit_C_LoadModule(const char *modname, CK_FUNCTION_LIST_PTR_PTR p11p);
+static CK_RV pkinit_C_UnloadModule(void *handle);
+#ifdef SILLYDECRYPT
+CK_RV pkinit_C_Decrypt
+(pkinit_identity_crypto_context id_cryptoctx,
+ CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen,
+ CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen);
+#endif
+
+static krb5_error_code pkinit_sign_data_pkcs11
+(krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
+ unsigned char *data, unsigned int data_len,
+ unsigned char **sig, unsigned int *sig_len);
+static krb5_error_code pkinit_decode_data_pkcs11
+(krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
+ unsigned char *data, unsigned int data_len,
+ unsigned char **decoded_data, unsigned int *decoded_data_len);
+#endif /* WITHOUT_PKCS11 */
+
+static krb5_error_code pkinit_sign_data_fs
+(krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
+ unsigned char *data, unsigned int data_len,
+ unsigned char **sig, unsigned int *sig_len);
+static krb5_error_code pkinit_decode_data_fs
+(krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
+ unsigned char *data, unsigned int data_len,
+ unsigned char **decoded_data, unsigned int *decoded_data_len);
+
+static krb5_error_code der_decode_data
+(unsigned char *, long, unsigned char **, long *);
+
+static krb5_error_code
+create_krb5_invalidCertificates(krb5_context context,
+ pkinit_plg_crypto_context plg_cryptoctx,
+ pkinit_req_crypto_context req_cryptoctx,
+ pkinit_identity_crypto_context id_cryptoctx,
+ krb5_external_principal_identifier *** ids);
+
+static krb5_error_code
+create_identifiers_from_stack(STACK_OF(X509) *sk,
+ krb5_external_principal_identifier *** ids);
+#ifdef LONGHORN_BETA_COMPAT
+static int
+wrap_signeddata(unsigned char *data, unsigned int data_len,
+ unsigned char **out, unsigned int *out_len,
+ int is_longhorn_server);
+#else
+static int
+wrap_signeddata(unsigned char *data, unsigned int data_len,
+ unsigned char **out, unsigned int *out_len);
+#endif
+
+static char *
+pkinit_pkcs11_code_to_text(int err);
+
+
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
/* Use CMS support present in OpenSSL 1.0 and later. */
#include <openssl/cms.h>
unsigned int index;
};
-static void openssl_init(void);
-
-static krb5_error_code pkinit_init_pkinit_oids(pkinit_plg_crypto_context );
-static void pkinit_fini_pkinit_oids(pkinit_plg_crypto_context );
-
-static krb5_error_code pkinit_init_dh_params(pkinit_plg_crypto_context );
-static void pkinit_fini_dh_params(pkinit_plg_crypto_context );
-
-static krb5_error_code pkinit_init_certs(pkinit_identity_crypto_context ctx);
-static void pkinit_fini_certs(pkinit_identity_crypto_context ctx);
-
-static krb5_error_code pkinit_init_pkcs11(pkinit_identity_crypto_context ctx);
-static void pkinit_fini_pkcs11(pkinit_identity_crypto_context ctx);
-
-static krb5_error_code pkinit_encode_dh_params
- (BIGNUM *, BIGNUM *, BIGNUM *, unsigned char **, unsigned int *);
-static DH *pkinit_decode_dh_params
- (DH **, unsigned char **, unsigned int );
-static int pkinit_check_dh_params
- (BIGNUM * p1, BIGNUM * p2, BIGNUM * g1, BIGNUM * q1);
-
-static krb5_error_code pkinit_sign_data
- (krb5_context context, pkinit_identity_crypto_context cryptoctx,
- unsigned char *data, unsigned int data_len,
- unsigned char **sig, unsigned int *sig_len);
-
-static krb5_error_code create_signature
- (unsigned char **, unsigned int *, unsigned char *, unsigned int,
- EVP_PKEY *pkey);
-
-static krb5_error_code pkinit_decode_data
- (krb5_context context, pkinit_identity_crypto_context cryptoctx,
- unsigned char *data, unsigned int data_len,
- unsigned char **decoded, unsigned int *decoded_len);
-
-static krb5_error_code decode_data
- (unsigned char **, unsigned int *, unsigned char *, unsigned int,
- EVP_PKEY *pkey, X509 *cert);
-
-#ifdef DEBUG_DH
-static void print_dh(DH *, char *);
-static void print_pubkey(BIGNUM *, char *);
-#endif
-
-static int prepare_enc_data
- (unsigned char *indata, int indata_len, unsigned char **outdata,
- int *outdata_len);
-
-static int openssl_callback (int, X509_STORE_CTX *);
-static int openssl_callback_ignore_crls (int, X509_STORE_CTX *);
-
-static int pkcs7_decrypt
- (krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
- PKCS7 *p7, BIO *bio);
-
-static BIO * pkcs7_dataDecode
- (krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
- PKCS7 *p7);
-
-static ASN1_OBJECT * pkinit_pkcs7type2oid
- (pkinit_plg_crypto_context plg_cryptoctx, int pkcs7_type);
-
-static krb5_error_code pkinit_create_sequence_of_principal_identifiers
- (krb5_context context, pkinit_plg_crypto_context plg_cryptoctx,
- pkinit_req_crypto_context req_cryptoctx,
- pkinit_identity_crypto_context id_cryptoctx,
- int type, krb5_data **out_data);
-
-#ifndef WITHOUT_PKCS11
-static krb5_error_code pkinit_find_private_key
- (pkinit_identity_crypto_context, CK_ATTRIBUTE_TYPE usage,
- CK_OBJECT_HANDLE *objp);
-static krb5_error_code pkinit_login
- (krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
- CK_TOKEN_INFO *tip);
-static krb5_error_code pkinit_open_session
- (krb5_context context, pkinit_identity_crypto_context id_cryptoctx);
-static void * pkinit_C_LoadModule(const char *modname, CK_FUNCTION_LIST_PTR_PTR p11p);
-static CK_RV pkinit_C_UnloadModule(void *handle);
-#ifdef SILLYDECRYPT
-CK_RV pkinit_C_Decrypt
- (pkinit_identity_crypto_context id_cryptoctx,
- CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen,
- CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen);
-#endif
-
-static krb5_error_code pkinit_sign_data_pkcs11
- (krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
- unsigned char *data, unsigned int data_len,
- unsigned char **sig, unsigned int *sig_len);
-static krb5_error_code pkinit_decode_data_pkcs11
- (krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
- unsigned char *data, unsigned int data_len,
- unsigned char **decoded_data, unsigned int *decoded_data_len);
-#endif /* WITHOUT_PKCS11 */
-
-static krb5_error_code pkinit_sign_data_fs
- (krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
- unsigned char *data, unsigned int data_len,
- unsigned char **sig, unsigned int *sig_len);
-static krb5_error_code pkinit_decode_data_fs
- (krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
- unsigned char *data, unsigned int data_len,
- unsigned char **decoded_data, unsigned int *decoded_data_len);
-
-static krb5_error_code der_decode_data
- (unsigned char *, long, unsigned char **, long *);
-
-static krb5_error_code
-create_krb5_invalidCertificates(krb5_context context,
- pkinit_plg_crypto_context plg_cryptoctx,
- pkinit_req_crypto_context req_cryptoctx,
- pkinit_identity_crypto_context id_cryptoctx,
- krb5_external_principal_identifier *** ids);
-
-static krb5_error_code
-create_identifiers_from_stack(STACK_OF(X509) *sk,
- krb5_external_principal_identifier *** ids);
-#ifdef LONGHORN_BETA_COMPAT
-static int
-wrap_signeddata(unsigned char *data, unsigned int data_len,
- unsigned char **out, unsigned int *out_len,
- int is_longhorn_server);
-#else
-static int
-wrap_signeddata(unsigned char *data, unsigned int data_len,
- unsigned char **out, unsigned int *out_len);
-#endif
-
/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
#define ku_reject(x, usage) \
(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
-static char *
-pkinit_pkcs11_code_to_text(int err);
-
#endif /* _PKINIT_CRYPTO_OPENSSL_H */