Apache2
md_crypt.h File Reference
#include <apr_file_io.h>
Include dependency graph for md_crypt.h:

Go to the source code of this file.

Data Structures

struct  md_pkey_rsa_params_t
 
struct  md_pkey_ec_params_t
 
struct  md_pkey_spec_t
 
struct  md_pkeys_spec_t
 
struct  md_sct
 

Typedefs

typedef struct md_pkey_t md_pkey_t
 
typedef struct md_pkey_rsa_params_t md_pkey_rsa_params_t
 
typedef struct md_pkey_ec_params_t md_pkey_ec_params_t
 
typedef struct md_pkey_spec_t md_pkey_spec_t
 
typedef struct md_pkeys_spec_t md_pkeys_spec_t
 
typedef struct md_cert_t md_cert_t
 
typedef struct md_sct md_sct
 

Enumerations

enum  md_pkey_type_t { MD_PKEY_TYPE_DEFAULT, MD_PKEY_TYPE_RSA, MD_PKEY_TYPE_EC }
 
enum  md_cert_state_t { MD_CERT_UNKNOWN, MD_CERT_VALID, MD_CERT_EXPIRED }
 

Functions

apr_status_t md_rand_bytes (unsigned char *buf, apr_size_t len, apr_pool_t *p)
 
apr_time_t md_asn1_generalized_time_get (void *ASN1_GENERALIZEDTIME)
 
apr_status_t md_crypt_sha256_digest64 (const char **pdigest64, apr_pool_t *p, const struct md_data_t *data)
 
apr_status_t md_crypt_sha256_digest_hex (const char **pdigesthex, apr_pool_t *p, const struct md_data_t *data)
 
apr_status_t md_crypt_init (apr_pool_t *pool)
 
const char * md_pkey_spec_name (const md_pkey_spec_t *spec)
 
md_pkeys_spec_tmd_pkeys_spec_make (apr_pool_t *p)
 
void md_pkeys_spec_add_default (md_pkeys_spec_t *pks)
 
int md_pkeys_spec_contains_rsa (md_pkeys_spec_t *pks)
 
void md_pkeys_spec_add_rsa (md_pkeys_spec_t *pks, unsigned int bits)
 
int md_pkeys_spec_contains_ec (md_pkeys_spec_t *pks, const char *curve)
 
void md_pkeys_spec_add_ec (md_pkeys_spec_t *pks, const char *curve)
 
int md_pkeys_spec_eq (md_pkeys_spec_t *pks1, md_pkeys_spec_t *pks2)
 
md_pkeys_spec_tmd_pkeys_spec_clone (apr_pool_t *p, const md_pkeys_spec_t *pks)
 
int md_pkeys_spec_is_empty (const md_pkeys_spec_t *pks)
 
md_pkey_spec_tmd_pkeys_spec_get (const md_pkeys_spec_t *pks, int index)
 
int md_pkeys_spec_count (const md_pkeys_spec_t *pks)
 
void md_pkeys_spec_add (md_pkeys_spec_t *pks, md_pkey_spec_t *spec)
 
struct md_json_tmd_pkey_spec_to_json (const md_pkey_spec_t *spec, apr_pool_t *p)
 
md_pkey_spec_tmd_pkey_spec_from_json (struct md_json_t *json, apr_pool_t *p)
 
struct md_json_tmd_pkeys_spec_to_json (const md_pkeys_spec_t *pks, apr_pool_t *p)
 
md_pkeys_spec_tmd_pkeys_spec_from_json (struct md_json_t *json, apr_pool_t *p)
 
apr_status_t md_pkey_gen (md_pkey_t **ppkey, apr_pool_t *p, md_pkey_spec_t *key_props)
 
void md_pkey_free (md_pkey_t *pkey)
 
const char * md_pkey_get_rsa_e64 (md_pkey_t *pkey, apr_pool_t *p)
 
const char * md_pkey_get_rsa_n64 (md_pkey_t *pkey, apr_pool_t *p)
 
apr_status_t md_pkey_fload (md_pkey_t **ppkey, apr_pool_t *p, const char *pass_phrase, apr_size_t pass_len, const char *fname)
 
apr_status_t md_pkey_fsave (md_pkey_t *pkey, apr_pool_t *p, const char *pass_phrase, apr_size_t pass_len, const char *fname, apr_fileperms_t perms)
 
apr_status_t md_crypt_sign64 (const char **psign64, md_pkey_t *pkey, apr_pool_t *p, const char *d, size_t dlen)
 
void * md_pkey_get_EVP_PKEY (struct md_pkey_t *pkey)
 
apr_status_t md_crypt_hmac64 (const char **pmac64, const struct md_data_t *hmac_key, apr_pool_t *p, const char *d, size_t dlen)
 
apr_status_t md_pkey_read_http (md_pkey_t **ppkey, apr_pool_t *pool, const struct md_http_response_t *res)
 
md_cert_tmd_cert_make (apr_pool_t *p, void *x509)
 
md_cert_tmd_cert_wrap (apr_pool_t *p, void *x509)
 
void * md_cert_get_X509 (const md_cert_t *cert)
 
apr_status_t md_cert_fload (md_cert_t **pcert, apr_pool_t *p, const char *fname)
 
apr_status_t md_cert_fsave (md_cert_t *cert, apr_pool_t *p, const char *fname, apr_fileperms_t perms)
 
apr_status_t md_cert_read_http (md_cert_t **pcert, apr_pool_t *pool, const struct md_http_response_t *res)
 
apr_status_t md_cert_read_chain (apr_array_header_t *chain, apr_pool_t *p, const char *pem, apr_size_t pem_len)
 
apr_status_t md_cert_chain_read_http (struct apr_array_header_t *chain, apr_pool_t *pool, const struct md_http_response_t *res)
 
md_cert_state_t md_cert_state_get (const md_cert_t *cert)
 
int md_cert_is_valid_now (const md_cert_t *cert)
 
int md_cert_has_expired (const md_cert_t *cert)
 
int md_cert_covers_domain (md_cert_t *cert, const char *domain_name)
 
int md_cert_covers_md (md_cert_t *cert, const struct md_t *md)
 
int md_cert_must_staple (const md_cert_t *cert)
 
apr_time_t md_cert_get_not_after (const md_cert_t *cert)
 
apr_time_t md_cert_get_not_before (const md_cert_t *cert)
 
struct md_timeperiod_t md_cert_get_valid (const md_cert_t *cert)
 
int md_certs_are_equal (const md_cert_t *a, const md_cert_t *b)
 
apr_status_t md_cert_get_issuers_uri (const char **puri, const md_cert_t *cert, apr_pool_t *p)
 
apr_status_t md_cert_get_alt_names (apr_array_header_t **pnames, const md_cert_t *cert, apr_pool_t *p)
 
apr_status_t md_cert_to_base64url (const char **ps64, const md_cert_t *cert, apr_pool_t *p)
 
apr_status_t md_cert_from_base64url (md_cert_t **pcert, const char *s64, apr_pool_t *p)
 
apr_status_t md_cert_to_sha256_digest (struct md_data_t **pdigest, const md_cert_t *cert, apr_pool_t *p)
 
apr_status_t md_cert_to_sha256_fingerprint (const char **pfinger, const md_cert_t *cert, apr_pool_t *p)
 
const char * md_cert_get_serial_number (const md_cert_t *cert, apr_pool_t *p)
 
apr_status_t md_chain_fload (struct apr_array_header_t **pcerts, apr_pool_t *p, const char *fname)
 
apr_status_t md_chain_fsave (struct apr_array_header_t *certs, apr_pool_t *p, const char *fname, apr_fileperms_t perms)
 
apr_status_t md_chain_fappend (struct apr_array_header_t *certs, apr_pool_t *p, const char *fname)
 
apr_status_t md_cert_req_create (const char **pcsr_der_64, const char *name, apr_array_header_t *domains, int must_staple, md_pkey_t *pkey, apr_pool_t *p)
 
apr_status_t md_cert_self_sign (md_cert_t **pcert, const char *cn, struct apr_array_header_t *domains, md_pkey_t *pkey, apr_interval_time_t valid_for, apr_pool_t *p)
 
apr_status_t md_cert_make_tls_alpn_01 (md_cert_t **pcert, const char *domain, const char *acme_id, md_pkey_t *pkey, apr_interval_time_t valid_for, apr_pool_t *p)
 
apr_status_t md_cert_get_ct_scts (apr_array_header_t *scts, apr_pool_t *p, const md_cert_t *cert)
 
apr_status_t md_cert_get_ocsp_responder_url (const char **purl, apr_pool_t *p, const md_cert_t *cert)
 
apr_status_t md_check_cert_and_pkey (struct apr_array_header_t *certs, md_pkey_t *pkey)
 
const char * md_nid_get_sname (int nid)
 
const char * md_nid_get_lname (int nid)
 

Typedef Documentation

◆ md_cert_t

typedef struct md_cert_t md_cert_t

◆ md_pkey_ec_params_t

◆ md_pkey_rsa_params_t

◆ md_pkey_spec_t

◆ md_pkey_t

typedef struct md_pkey_t md_pkey_t

◆ md_pkeys_spec_t

◆ md_sct

typedef struct md_sct md_sct

Enumeration Type Documentation

◆ md_cert_state_t

Enumerator
MD_CERT_UNKNOWN 
MD_CERT_VALID 
MD_CERT_EXPIRED 

◆ md_pkey_type_t

Enumerator
MD_PKEY_TYPE_DEFAULT 
MD_PKEY_TYPE_RSA 
MD_PKEY_TYPE_EC 

Function Documentation

◆ md_asn1_generalized_time_get()

apr_time_t md_asn1_generalized_time_get ( void *  ASN1_GENERALIZEDTIME)

◆ md_cert_chain_read_http()

apr_status_t md_cert_chain_read_http ( struct apr_array_header_t chain,
apr_pool_t pool,
const struct md_http_response_t res 
)

Read one or even a chain of certificates from a http response. Will return APR_ENOENT if content-type is not recognized (currently supports only "application/pem-certificate-chain" and "application/pkix-cert").

Parameters
chainmust be non-NULL, retrieved certificates will be added.

◆ md_cert_covers_domain()

int md_cert_covers_domain ( md_cert_t cert,
const char *  domain_name 
)

◆ md_cert_covers_md()

int md_cert_covers_md ( md_cert_t cert,
const struct md_t md 
)

◆ md_cert_fload()

apr_status_t md_cert_fload ( md_cert_t **  pcert,
apr_pool_t p,
const char *  fname 
)

◆ md_cert_from_base64url()

apr_status_t md_cert_from_base64url ( md_cert_t **  pcert,
const char *  s64,
apr_pool_t p 
)

◆ md_cert_fsave()

apr_status_t md_cert_fsave ( md_cert_t cert,
apr_pool_t p,
const char *  fname,
apr_fileperms_t  perms 
)

◆ md_cert_get_alt_names()

apr_status_t md_cert_get_alt_names ( apr_array_header_t **  pnames,
const md_cert_t cert,
apr_pool_t p 
)

◆ md_cert_get_ct_scts()

apr_status_t md_cert_get_ct_scts ( apr_array_header_t scts,
apr_pool_t p,
const md_cert_t cert 
)

◆ md_cert_get_issuers_uri()

apr_status_t md_cert_get_issuers_uri ( const char **  puri,
const md_cert_t cert,
apr_pool_t p 
)

◆ md_cert_get_not_after()

apr_time_t md_cert_get_not_after ( const md_cert_t cert)

◆ md_cert_get_not_before()

apr_time_t md_cert_get_not_before ( const md_cert_t cert)

◆ md_cert_get_ocsp_responder_url()

apr_status_t md_cert_get_ocsp_responder_url ( const char **  purl,
apr_pool_t p,
const md_cert_t cert 
)

◆ md_cert_get_serial_number()

const char* md_cert_get_serial_number ( const md_cert_t cert,
apr_pool_t p 
)

◆ md_cert_get_valid()

struct md_timeperiod_t md_cert_get_valid ( const md_cert_t cert)

◆ md_cert_get_X509()

void* md_cert_get_X509 ( const md_cert_t cert)

◆ md_cert_has_expired()

int md_cert_has_expired ( const md_cert_t cert)

◆ md_cert_is_valid_now()

int md_cert_is_valid_now ( const md_cert_t cert)

◆ md_cert_make()

md_cert_t* md_cert_make ( apr_pool_t p,
void *  x509 
)

Create a holder of the certificate that will free its memory when the pool is destroyed.

◆ md_cert_make_tls_alpn_01()

apr_status_t md_cert_make_tls_alpn_01 ( md_cert_t **  pcert,
const char *  domain,
const char *  acme_id,
md_pkey_t pkey,
apr_interval_time_t  valid_for,
apr_pool_t p 
)

Create a certificate for answering "tls-alpn-01" ACME challenges (see https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01).

◆ md_cert_must_staple()

int md_cert_must_staple ( const md_cert_t cert)

◆ md_cert_read_chain()

apr_status_t md_cert_read_chain ( apr_array_header_t chain,
apr_pool_t p,
const char *  pem,
apr_size_t  pem_len 
)

Read at least one certificate from the given PEM data.

◆ md_cert_read_http()

apr_status_t md_cert_read_http ( md_cert_t **  pcert,
apr_pool_t pool,
const struct md_http_response_t res 
)

Read a x509 certificate from a http response. Will return APR_ENOENT if content-type is not recognized (currently only "application/pkix-cert" is supported).

◆ md_cert_req_create()

apr_status_t md_cert_req_create ( const char **  pcsr_der_64,
const char *  name,
apr_array_header_t domains,
int  must_staple,
md_pkey_t pkey,
apr_pool_t p 
)

◆ md_cert_self_sign()

apr_status_t md_cert_self_sign ( md_cert_t **  pcert,
const char *  cn,
struct apr_array_header_t domains,
md_pkey_t pkey,
apr_interval_time_t  valid_for,
apr_pool_t p 
)

Create a self-signed cerftificate with the given cn, key and list of alternate domain names.

◆ md_cert_state_get()

md_cert_state_t md_cert_state_get ( const md_cert_t cert)

◆ md_cert_to_base64url()

apr_status_t md_cert_to_base64url ( const char **  ps64,
const md_cert_t cert,
apr_pool_t p 
)

◆ md_cert_to_sha256_digest()

apr_status_t md_cert_to_sha256_digest ( struct md_data_t **  pdigest,
const md_cert_t cert,
apr_pool_t p 
)

◆ md_cert_to_sha256_fingerprint()

apr_status_t md_cert_to_sha256_fingerprint ( const char **  pfinger,
const md_cert_t cert,
apr_pool_t p 
)

◆ md_cert_wrap()

md_cert_t* md_cert_wrap ( apr_pool_t p,
void *  x509 
)

Wrap a x509 certificate into our own structure, without taking ownership of its memory. The caller remains responsible.

◆ md_certs_are_equal()

int md_certs_are_equal ( const md_cert_t a,
const md_cert_t b 
)

Return != 0 iff the hash values of the certificates are equal.

◆ md_chain_fappend()

apr_status_t md_chain_fappend ( struct apr_array_header_t certs,
apr_pool_t p,
const char *  fname 
)

◆ md_chain_fload()

apr_status_t md_chain_fload ( struct apr_array_header_t **  pcerts,
apr_pool_t p,
const char *  fname 
)

◆ md_chain_fsave()

apr_status_t md_chain_fsave ( struct apr_array_header_t certs,
apr_pool_t p,
const char *  fname,
apr_fileperms_t  perms 
)

◆ md_check_cert_and_pkey()

apr_status_t md_check_cert_and_pkey ( struct apr_array_header_t certs,
md_pkey_t pkey 
)

◆ md_crypt_hmac64()

apr_status_t md_crypt_hmac64 ( const char **  pmac64,
const struct md_data_t hmac_key,
apr_pool_t p,
const char *  d,
size_t  dlen 
)

◆ md_crypt_init()

apr_status_t md_crypt_init ( apr_pool_t pool)

◆ md_crypt_sha256_digest64()

apr_status_t md_crypt_sha256_digest64 ( const char **  pdigest64,
apr_pool_t p,
const struct md_data_t data 
)

◆ md_crypt_sha256_digest_hex()

apr_status_t md_crypt_sha256_digest_hex ( const char **  pdigesthex,
apr_pool_t p,
const struct md_data_t data 
)

◆ md_crypt_sign64()

apr_status_t md_crypt_sign64 ( const char **  psign64,
md_pkey_t pkey,
apr_pool_t p,
const char *  d,
size_t  dlen 
)

◆ md_nid_get_lname()

const char* md_nid_get_lname ( int  nid)

◆ md_nid_get_sname()

const char* md_nid_get_sname ( int  nid)

◆ md_pkey_fload()

apr_status_t md_pkey_fload ( md_pkey_t **  ppkey,
apr_pool_t p,
const char *  pass_phrase,
apr_size_t  pass_len,
const char *  fname 
)

◆ md_pkey_free()

void md_pkey_free ( md_pkey_t pkey)

◆ md_pkey_fsave()

apr_status_t md_pkey_fsave ( md_pkey_t pkey,
apr_pool_t p,
const char *  pass_phrase,
apr_size_t  pass_len,
const char *  fname,
apr_fileperms_t  perms 
)

◆ md_pkey_gen()

apr_status_t md_pkey_gen ( md_pkey_t **  ppkey,
apr_pool_t p,
md_pkey_spec_t key_props 
)

◆ md_pkey_get_EVP_PKEY()

void* md_pkey_get_EVP_PKEY ( struct md_pkey_t pkey)

◆ md_pkey_get_rsa_e64()

const char* md_pkey_get_rsa_e64 ( md_pkey_t pkey,
apr_pool_t p 
)

◆ md_pkey_get_rsa_n64()

const char* md_pkey_get_rsa_n64 ( md_pkey_t pkey,
apr_pool_t p 
)

◆ md_pkey_read_http()

apr_status_t md_pkey_read_http ( md_pkey_t **  ppkey,
apr_pool_t pool,
const struct md_http_response_t res 
)

Read a private key from a http response.

◆ md_pkey_spec_from_json()

md_pkey_spec_t* md_pkey_spec_from_json ( struct md_json_t json,
apr_pool_t p 
)

◆ md_pkey_spec_name()

const char* md_pkey_spec_name ( const md_pkey_spec_t spec)

◆ md_pkey_spec_to_json()

struct md_json_t* md_pkey_spec_to_json ( const md_pkey_spec_t spec,
apr_pool_t p 
)

◆ md_pkeys_spec_add()

void md_pkeys_spec_add ( md_pkeys_spec_t pks,
md_pkey_spec_t spec 
)

◆ md_pkeys_spec_add_default()

void md_pkeys_spec_add_default ( md_pkeys_spec_t pks)

◆ md_pkeys_spec_add_ec()

void md_pkeys_spec_add_ec ( md_pkeys_spec_t pks,
const char *  curve 
)

◆ md_pkeys_spec_add_rsa()

void md_pkeys_spec_add_rsa ( md_pkeys_spec_t pks,
unsigned int  bits 
)

◆ md_pkeys_spec_clone()

md_pkeys_spec_t* md_pkeys_spec_clone ( apr_pool_t p,
const md_pkeys_spec_t pks 
)

◆ md_pkeys_spec_contains_ec()

int md_pkeys_spec_contains_ec ( md_pkeys_spec_t pks,
const char *  curve 
)

◆ md_pkeys_spec_contains_rsa()

int md_pkeys_spec_contains_rsa ( md_pkeys_spec_t pks)

◆ md_pkeys_spec_count()

int md_pkeys_spec_count ( const md_pkeys_spec_t pks)

◆ md_pkeys_spec_eq()

int md_pkeys_spec_eq ( md_pkeys_spec_t pks1,
md_pkeys_spec_t pks2 
)

◆ md_pkeys_spec_from_json()

md_pkeys_spec_t* md_pkeys_spec_from_json ( struct md_json_t json,
apr_pool_t p 
)

◆ md_pkeys_spec_get()

md_pkey_spec_t* md_pkeys_spec_get ( const md_pkeys_spec_t pks,
int  index 
)

◆ md_pkeys_spec_is_empty()

int md_pkeys_spec_is_empty ( const md_pkeys_spec_t pks)

◆ md_pkeys_spec_make()

md_pkeys_spec_t* md_pkeys_spec_make ( apr_pool_t p)

◆ md_pkeys_spec_to_json()

struct md_json_t* md_pkeys_spec_to_json ( const md_pkeys_spec_t pks,
apr_pool_t p 
)

◆ md_rand_bytes()

apr_status_t md_rand_bytes ( unsigned char *  buf,
apr_size_t  len,
apr_pool_t p 
)