X-Git-Url: https://bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=tools%2Fbrssl.h;h=cf1cea39a36f7bf5979b8cc2ced92a16b3ef5ea8;hp=99ce38dc2a525e471db1f58ffd49524b6139b22c;hb=ef318ef83a3a58b0a9e036676b84d11261ed7bb4;hpb=3210f38e0491b39aec1ef419cb4114e9483089fb diff --git a/tools/brssl.h b/tools/brssl.h index 99ce38d..cf1cea3 100644 --- a/tools/brssl.h +++ b/tools/brssl.h @@ -163,6 +163,12 @@ typedef VECTOR(unsigned char) bvector; */ int eqstr(const char *s1, const char *s2); +/* + * Convert a string to a positive integer (size_t). Returned value is + * (size_t)-1 on error. On error, an explicit error message is printed. + */ +size_t parse_size(const char *s); + /* * Structure for a known protocol version. */ @@ -229,11 +235,12 @@ extern const cipher_suite cipher_suites[]; #define REQ_SHA384 0x0008 /* suite needs SHA-384 */ #define REQ_AESCBC 0x0010 /* suite needs AES/CBC encryption */ #define REQ_AESGCM 0x0020 /* suite needs AES/GCM encryption */ -#define REQ_3DESCBC 0x0040 /* suite needs 3DES/CBC encryption */ -#define REQ_RSAKEYX 0x0080 /* suite uses RSA key exchange */ -#define REQ_ECDHE_RSA 0x0100 /* suite uses ECDHE_RSA key exchange */ -#define REQ_ECDHE_ECDSA 0x0200 /* suite uses ECDHE_ECDSA key exchange */ -#define REQ_ECDH 0x0400 /* suite uses static ECDH key exchange */ +#define REQ_CHAPOL 0x0040 /* suite needs ChaCha20+Poly1305 */ +#define REQ_3DESCBC 0x0080 /* suite needs 3DES/CBC encryption */ +#define REQ_RSAKEYX 0x0100 /* suite uses RSA key exchange */ +#define REQ_ECDHE_RSA 0x0200 /* suite uses ECDHE_RSA key exchange */ +#define REQ_ECDHE_ECDSA 0x0400 /* suite uses ECDHE_ECDSA key exchange */ +#define REQ_ECDH 0x0800 /* suite uses static ECDH key exchange */ /* * Parse a list of cipher suite names. The names are comma-separated. If @@ -273,6 +280,11 @@ void list_names(void); */ const char *ec_curve_name(int curve); +/* + * Get the symbolic name for a hash function name (by ID). + */ +const char *hash_function_name(int id); + /* * Read a file completely. The returned block is allocated with xmalloc() * and must be released by the caller. @@ -336,6 +348,12 @@ pem_object *decode_pem(const void *src, size_t len, size_t *num); */ br_x509_certificate *read_certificates(const char *fname, size_t *num); +/* + * Release certificates. This releases all certificate data arrays, + * and the whole array as well. + */ +void free_certificates(br_x509_certificate *certs, size_t num); + /* * Interpret a certificate as a trust anchor. The trust anchor is * newly allocated with xmalloc() and the caller must release it. @@ -363,6 +381,12 @@ void free_ta_contents(br_x509_trust_anchor *ta); */ size_t read_trust_anchors(anchor_list *dst, const char *fname); +/* + * Get the "signer key type" for the certificate (key type of the + * issuing CA). On error, this prints a message on stderr, and returns 0. + */ +int get_cert_signer_algo(br_x509_certificate *xc); + /* * Special "no anchor" X.509 validator that wraps around another X.509 * validator and turns "not trusted" error codes into success. This is @@ -402,6 +426,20 @@ private_key *read_private_key(const char *fname); */ void free_private_key(private_key *sk); +/* + * Get the encoded OID for a given hash function (to use with PKCS#1 + * signatures). If the hash function ID is 0 (for MD5+SHA-1), or if + * the ID is not one of the SHA-* functions (SHA-1, SHA-224, SHA-256, + * SHA-384, SHA-512), then this function returns NULL. + */ +const unsigned char *get_hash_oid(int id); + +/* + * Get a hash implementation by ID. This returns NULL if the hash + * implementation is not available. + */ +const br_hash_class *get_hash_impl(int id); + /* * Find the symbolic name and the description for an error. If 'err' is * recognised then the error symbolic name is returned; if 'comment' is