more corresponds

use std::ptr;

use crate::symm::Mode;

use openssl_macros::corresponds;

/// Provides Error handling for parsing keys.

#[derive(Debug)]

    /// # Failure

    ///

    /// Returns an error if the key is not 128, 192, or 256 bits.

    #[corresponds(AES_set_encrypt_key)]

    pub fn new_encrypt(key: &[u8]) -> Result<AesKey, KeyError> {

        unsafe {

            assert!(key.len() <= c_int::max_value() as usize / 8);

    /// # Failure

    ///

    /// Returns an error if the key is not 128, 192, or 256 bits.

    #[corresponds(AES_set_decrypt_key)]

    pub fn new_decrypt(key: &[u8]) -> Result<AesKey, KeyError> {

        unsafe {

            assert!(key.len() <= c_int::max_value() as usize / 8);

///

/// Panics if `in_` is not the same length as `out`, if that length is not a multiple of 16, or if

/// `iv` is not at least 32 bytes.

#[corresponds(AES_ige_encrypt)]

pub fn aes_ige(in_: &[u8], out: &mut [u8], key: &AesKey, iv: &mut [u8], mode: Mode) {

    unsafe {

        assert!(in_.len() == out.len());

///

/// Panics if either `out` or `in_` do not have sizes that are a multiple of 8, or if

/// `out` is not 8 bytes longer than `in_`

#[corresponds(AES_wrap_key)]

pub fn wrap_key(

    key: &AesKey,

    iv: Option<[u8; 8]>,

///

/// Panics if either `out` or `in_` do not have sizes that are a multiple of 8, or

/// if `in_` is not 8 bytes longer than `out`

#[corresponds(AES_unwrap_key)]

pub fn unwrap_key(

    key: &AesKey,

    iv: Option<[u8; 8]>,

use crate::nid::Nid;

use crate::string::OpensslString;

use crate::{cvt, cvt_p};

use openssl_macros::corresponds;

foreign_type_and_impl_send_sync! {

    type CType = ffi::ASN1_GENERALIZEDTIME;

impl Asn1TimeRef {

    /// Find difference between two times

    ///

    /// This corresponds to [`ASN1_TIME_diff`].

    ///

    /// [`ASN1_TIME_diff`]: https://www.openssl.org/docs/man1.1.0/crypto/ASN1_TIME_diff.html

    #[corresponds(ASN1_TIME_diff)]

    #[cfg(ossl102)]

    pub fn diff(&self, compare: &Self) -> Result<TimeDiff, ErrorStack> {

        let mut days = 0;

    }

    /// Compare two times

    ///

    /// This corresponds to [`ASN1_TIME_compare`] but is implemented using [`diff`] so that it is

    /// also supported on older versions of OpenSSL.

    ///

    /// [`ASN1_TIME_compare`]: https://www.openssl.org/docs/man1.1.1/man3/ASN1_TIME_compare.html

    /// [`diff`]: struct.Asn1TimeRef.html#method.diff

    #[corresponds(ASN1_TIME_compare)]

    #[cfg(ossl102)]

    pub fn compare(&self, other: &Self) -> Result<Ordering, ErrorStack> {

        let d = self.diff(other)?;

}

impl Asn1Time {

    #[corresponds(ASN1_TIME_new)]

    fn new() -> Result<Asn1Time, ErrorStack> {

        ffi::init();

        }

    }

    #[corresponds(X509_gmtime_adj)]

    fn from_period(period: c_long) -> Result<Asn1Time, ErrorStack> {

        ffi::init();

    }

    /// Creates a new time from the specified `time_t` value

    #[corresponds(ASN1_TIME_set)]

    pub fn from_unix(time: time_t) -> Result<Asn1Time, ErrorStack> {

        ffi::init();

    }

    /// Creates a new time corresponding to the specified ASN1 time string.

    ///

    /// This corresponds to [`ASN1_TIME_set_string`].

    ///

    /// [`ASN1_TIME_set_string`]: https://www.openssl.org/docs/manmaster/man3/ASN1_TIME_set_string.html

    #[corresponds(ASN1_TIME_set_string)]

    #[allow(clippy::should_implement_trait)]

    pub fn from_str(s: &str) -> Result<Asn1Time, ErrorStack> {

        unsafe {

    /// Creates a new time corresponding to the specified X509 time string.

    ///

    /// This corresponds to [`ASN1_TIME_set_string_X509`].

    ///

    /// Requires OpenSSL 1.1.1 or newer.

    ///

    /// [`ASN1_TIME_set_string_X509`]: https://www.openssl.org/docs/manmaster/man3/ASN1_TIME_set_string.html

    #[corresponds(ASN1_TIME_set_string_X509)]

    #[cfg(ossl111)]

    pub fn from_str_x509(s: &str) -> Result<Asn1Time, ErrorStack> {

        unsafe {

    ///

    /// [ASN1_STRING-to_UTF8]: https://www.openssl.org/docs/man1.1.0/crypto/ASN1_STRING_to_UTF8.html

    pub struct Asn1String;

    /// Reference to [`Asn1String`]

    ///

    /// [`Asn1String`]: struct.Asn1String.html

    /// A reference to an [`Asn1String`].

    pub struct Asn1StringRef;

}

    /// ASN.1 strings may utilize UTF-16, ASCII, BMP, or UTF8.  This is important to

    /// consume the string in a meaningful way without knowing the underlying

    /// format.

    #[corresponds(ASN1_STRING_to_UTF8)]

    pub fn as_utf8(&self) -> Result<OpensslString, ErrorStack> {

        unsafe {

            let mut ptr = ptr::null_mut();

    /// strings in rust, it is preferable to use [`as_utf8`]

    ///

    /// [`as_utf8`]: struct.Asn1String.html#method.as_utf8

    #[corresponds(ASN1_STRING_get0_data)]

    pub fn as_slice(&self) -> &[u8] {

        unsafe { slice::from_raw_parts(ASN1_STRING_get0_data(self.as_ptr()), self.len()) }

    }

    /// Returns the number of bytes in the string.

    #[corresponds(ASN1_STRING_length)]

    pub fn len(&self) -> usize {

        unsafe { ffi::ASN1_STRING_length(self.as_ptr()) as usize }

    }

    /// [`bn`]: ../bn/index.html

    /// [`ASN1_INTEGER_set`]: https://www.openssl.org/docs/man1.1.0/crypto/ASN1_INTEGER_set.html

    pub struct Asn1Integer;

    /// Reference to [`Asn1Integer`]

    ///

    /// [`Asn1Integer`]: struct.Asn1Integer.html

    /// A reference to an [`Asn1Integer`].

    pub struct Asn1IntegerRef;

}

    }

    /// Converts the integer to a `BigNum`.

    ///

    /// This corresponds to [`ASN1_INTEGER_to_BN`].

    ///

    /// [`ASN1_INTEGER_to_BN`]: https://www.openssl.org/docs/man1.1.0/crypto/ASN1_INTEGER_get.html

    #[corresponds(ASN1_INTEGER_to_BN)]

    pub fn to_bn(&self) -> Result<BigNum, ErrorStack> {

        unsafe {

            cvt_p(ffi::ASN1_INTEGER_to_BN(self.as_ptr(), ptr::null_mut()))

    /// Sets the ASN.1 value to the value of a signed 32-bit integer, for larger numbers

    /// see [`bn`].

    ///

    /// OpenSSL documentation at [`ASN1_INTEGER_set`]

    ///

    /// [`bn`]: ../bn/struct.BigNumRef.html#method.to_asn1_integer

    /// [`ASN1_INTEGER_set`]: https://www.openssl.org/docs/man1.1.0/crypto/ASN1_INTEGER_set.html

    #[corresponds(ASN1_INTEGER_set)]

    pub fn set(&mut self, value: i32) -> Result<(), ErrorStack> {

        unsafe { cvt(ffi::ASN1_INTEGER_set(self.as_ptr(), value as c_long)).map(|_| ()) }

    }

    ///

    /// [`x509`]: ../x509/struct.X509.html#method.signature

    pub struct Asn1BitString;

    /// Reference to [`Asn1BitString`]

    ///

    /// [`Asn1BitString`]: struct.Asn1BitString.html

    /// A reference to an [`Asn1BitString`].

    pub struct Asn1BitStringRef;

}

impl Asn1BitStringRef {

    /// Returns the Asn1BitString as a slice.

    #[corresponds(ASN1_STRING_get0_data)]

    pub fn as_slice(&self) -> &[u8] {

        unsafe { slice::from_raw_parts(ASN1_STRING_get0_data(self.as_ptr() as *mut _), self.len()) }

    }

    /// Returns the number of bytes in the string.

    #[corresponds(ASN1_STRING_length)]

    pub fn len(&self) -> usize {

        unsafe { ffi::ASN1_STRING_length(self.as_ptr() as *const _) as usize }

    }

    /// [`nid::COMMONNAME`]: ../nid/constant.COMMONNAME.html

    /// [`OBJ_nid2obj`]: https://www.openssl.org/docs/man1.1.0/crypto/OBJ_obj2nid.html

    pub struct Asn1Object;

    /// Reference to [`Asn1Object`]

    ///

    /// [`Asn1Object`]: struct.Asn1Object.html

    /// A reference to an [`Asn1Object`].

    pub struct Asn1ObjectRef;

}

impl Asn1Object {

    /// Constructs an ASN.1 Object Identifier from a string representation of

    /// the OID.

    ///

    /// This corresponds to [`OBJ_txt2obj`].

    ///

    /// [`OBJ_txt2obj`]: https://www.openssl.org/docs/man1.1.0/man3/OBJ_txt2obj.html

    /// Constructs an ASN.1 Object Identifier from a string representation of the OID.

    #[corresponds(OBJ_txt2obj)]

    #[allow(clippy::should_implement_trait)]

    pub fn from_str(txt: &str) -> Result<Asn1Object, ErrorStack> {

        unsafe {

    /// Return the OID as an DER encoded array of bytes. This is the ASN.1

    /// value, not including tag or length.

    ///

    /// This corresponds to [`OBJ_get0_data`].

    ///

    /// Requires OpenSSL 1.1.1 or newer.

    ///

    /// [`OBJ_get0_data`]: https://www.openssl.org/docs/man1.1.0/man3/OBJ_get0_data.html

    #[corresponds(OBJ_get0_data)]

    #[cfg(ossl111)]

    pub fn as_slice(&self) -> &[u8] {

        unsafe {

use crate::cvt_n;

use crate::error::ErrorStack;

use libc::c_int;

use openssl_macros::corresponds;

/// Encodes a slice of bytes to a base64 string.

///

/// This corresponds to [`EVP_EncodeBlock`].

///

/// # Panics

///

/// Panics if the input length or computed output length overflow a signed C integer.

///

/// [`EVP_EncodeBlock`]: https://www.openssl.org/docs/man1.1.1/man3/EVP_DecodeBlock.html

#[corresponds(EVP_EncodeBlock)]

pub fn encode_block(src: &[u8]) -> String {

    assert!(src.len() <= c_int::max_value() as usize);

    let src_len = src.len() as c_int;

/// Decodes a base64-encoded string to bytes.

///

/// This corresponds to [`EVP_DecodeBlock`].

///

/// # Panics

///

/// Panics if the input length or computed output length overflow a signed C integer.

///

/// [`EVP_DecodeBlock`]: https://www.openssl.org/docs/man1.1.1/man3/EVP_DecodeBlock.html

#[corresponds(EVP_DecodeBlock)]

pub fn decode_block(src: &str) -> Result<Vec<u8>, ErrorStack> {

    let src = src.trim();

use cfg_if::cfg_if;

use foreign_types::{ForeignType, ForeignTypeRef};

use libc::{c_int, c_uchar};

use openssl_macros::corresponds;

use std::convert::TryFrom;

use std::ptr;

impl CipherCtx {

    /// Creates a new context.

    ///

    /// This corresponds to [`EVP_CIPHER_CTX_new`].

    ///

    /// [`EVP_CIPHER_CTX_new`]: https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_new.html

    #[corresponds(EVP_CIPHER_CTX_new)]

    pub fn new() -> Result<Self, ErrorStack> {

        ffi::init();

    ///

    /// Panics if the key buffer is smaller than the key size of the cipher, the IV buffer is smaller than the IV size

    /// of the cipher, or if a key or IV is provided before a cipher.

    ///

    /// This corresponds to [`EVP_EncryptInit_ex`].

    ///

    /// [`EVP_EncryptInit_ex`]: https://www.openssl.org/docs/manmaster/man3/EVP_EncryptInit_ex.html

    #[corresponds(EVP_EncryptInit_ex)]

    pub fn encrypt_init(

        &mut self,

        type_: Option<&CipherRef>,

    ///

    /// Panics if the key buffer is smaller than the key size of the cipher, the IV buffer is smaller than the IV size

    /// of the cipher, or if a key or IV is provided before a cipher.

    ///

    /// This corresponds to [`EVP_EncryptInit_ex`].

    ///

    /// [`EVP_EncryptInit_ex`]: https://www.openssl.org/docs/manmaster/man3/EVP_EncryptInit_ex.html

    #[corresponds(EVP_DecryptInit_ex)]

    pub fn decrypt_init(

        &mut self,

        type_: Option<&CipherRef>,

    ///

    /// Panics if `pub_keys` is not the same size as `encrypted_keys`, the IV buffer is smaller than the cipher's IV

    /// size, or if an IV is provided before the cipher.

    ///

    /// This corresponds to [`EVP_SealInit`].

    ///

    /// [`EVP_SealInit`]: https://www.openssl.org/docs/manmaster/man3/EVP_SealInit.html.

    #[corresponds(EVP_SealInit)]

    pub fn seal_init<T>(

        &mut self,

        type_: Option<&CipherRef>,

    ///

    /// Panics if the IV buffer is smaller than the cipher's required IV size or if the IV is provided before the

    /// cipher.

    ///

    /// This corresponds to [`EVP_OpenInit`].

    ///

    /// [`EVP_OpenInit`]: https://www.openssl.org/docs/manmaster/man3/EVP_OpenInit.html

    #[corresponds(EVP_OpenInit)]

    pub fn open_init<T>(

        &mut self,

        type_: Option<&CipherRef>,

    /// # Panics

    ///

    /// Panics if the context has not been initialized with a cipher.

    ///

    /// This corresponds to [`EVP_CIPHER_CTX_block_size`].

    ///

    /// [`EVP_CIPHER_CTX_block_size`]: https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_block_size.html

    #[corresponds(EVP_CIPHER_CTX_block_size)]

    pub fn block_size(&self) -> usize {

        self.assert_cipher();

    /// # Panics

    ///

    /// Panics if the context has not been initialized with a cipher.

    ///

    /// This corresponds to [`EVP_CIPHER_CTX_key_length`].

    ///

    /// [`EVP_CIPHER_CTX_key_length`]: https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_key_length.html

    #[corresponds(EVP_CIPHER_CTX_key_length)]

    pub fn key_length(&self) -> usize {

        self.assert_cipher();

    /// This corresponds to [`EVP_CIPHER_CTX_rand_key`].

    ///

    /// [`EVP_CIPHER_CTX_rand_key`]: https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_rand_key.html

    #[corresponds(EVP_CIPHER_CTX_rand_key)]

    pub fn rand_key(&self, buf: &mut [u8]) -> Result<(), ErrorStack> {

        assert!(buf.len() >= self.key_length());

    /// # Panics

    ///

    /// Panics if the context has not been initialized with a cipher.

    ///

    /// This corresponds to [`EVP_CIPHER_CTX_set_key_length`].

    ///

    /// [`EVP_CIPHER_CTX_set_key_length`]: https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_set_key_length.html

    #[corresponds(EVP_CIPHER_CTX_set_key_length)]

    pub fn set_key_length(&mut self, len: usize) -> Result<(), ErrorStack> {

        self.assert_cipher();

    /// # Panics

    ///

    /// Panics if the context has not been initialized with a cipher.

    ///

    /// This corresponds to [`EVP_CIPHER_CTX_iv_length`].

    ///

    /// [`EVP_CIPHER_CTX_iv_length`]: https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_iv_length.html

    #[corresponds(EVP_CIPHER_CTX_iv_length)]

    pub fn iv_length(&self) -> usize {

        self.assert_cipher();

    /// # Panics

    ///

    /// Panics if the context has not been initialized with a cipher.

    ///

    /// This corresponds to [`EVP_CIPHER_CTX_ctrl`] with `EVP_CTRL_AEAD_SET_IVLEN`.

    ///

    /// [`EVP_CIPHER_CTX_ctrl`]: https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_ctrl.html

    #[corresponds(EVP_CIHPER_CTX_ctrl)]

    pub fn set_iv_length(&mut self, len: usize) -> Result<(), ErrorStack> {

        self.assert_cipher();

    ///

    /// Panics if the context has not been initialized with a cipher.

    ///

    /// This corresponds to [`EVP_CIPHER_CTX_tag_length`].

    ///

    /// Requires OpenSSL 3.0.0 or newer.

    ///

    /// [`EVP_CIPHER_CTX_tag_length`]: https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_tag_length.html

    #[corresponds(EVP_CIPHER_CTX_get_tag_length)]

    #[cfg(ossl300)]

    pub fn tag_length(&self) -> usize {

        self.assert_cipher();

    ///

    /// The size of the buffer indicates the size of the tag. While some ciphers support a range of tag sizes, it is

    /// recommended to pick the maximum size.

    ///

    /// This corresponds to [`EVP_CIPHER_CTX_ctrl`] with `EVP_CTRL_AEAD_GET_TAG`.

    ///

    /// [`EVP_CIPHER_CTX_ctrl`]: https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_ctrl.html

    #[corresponds(EVP_CIPHER_CTX_ctrl)]

    pub fn tag(&self, tag: &mut [u8]) -> Result<(), ErrorStack> {

        let len = c_int::try_from(tag.len()).unwrap();

    /// Sets the length of the generated authentication tag.

    ///

    /// This must be called when encrypting with a cipher in CCM mode to use a tag size other than the default.

    ///

    /// This corresponds to [`EVP_CIPHER_CTX_ctrl`] with `EVP_CTRL_AEAD_SET_TAG`.

    ///

    /// [`EVP_CIPHER_CTX_ctrl`]: https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_ctrl.html

    #[corresponds(EVP_CIPHER_CTX_ctrl)]

    pub fn set_tag_length(&mut self, len: usize) -> Result<(), ErrorStack> {

        let len = c_int::try_from(len).unwrap();

    }

    /// Sets the authentication tag for verification during decryption.

    ///

    /// This corresponds to [`EVP_CIPHER_CTX_ctrl`] with `EVP_CTRL_AEAD_SET_TAG`.

    ///

    /// [`EVP_CIPHER_CTX_ctrl`]: https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_ctrl.html

    #[corresponds(EVP_CIPHER_CTX_ctrl)]

    pub fn set_tag(&mut self, tag: &[u8]) -> Result<(), ErrorStack> {

        let len = c_int::try_from(tag.len()).unwrap();

    /// Enables or disables padding.

    ///

    /// If padding is disabled, the plaintext must be an exact multiple of the cipher's block size.

    ///

    /// This corresponds to [`EVP_CIPHER_CTX_set_padding`].

    ///

    /// [`EVP_CIPHER_CTX_set_padding`]: https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_set_padding.html

    #[corresponds(EVP_CIPHER_CTX_set_padding)]

    pub fn set_padding(&mut self, padding: bool) {

        unsafe {

            ffi::EVP_CIPHER_CTX_set_padding(self.as_ptr(), padding as c_int);

    /// Sets the total length of plaintext data.

    ///

    /// This is required for ciphers operating in CCM mode.

    ///

    /// This corresponds to [`EVP_CipherUpdate`].

    ///

    /// [`EVP_CipherUpdate`]: https://www.openssl.org/docs/manmaster/man3/EVP_CipherUpdate.html

    #[corresponds(EVP_CipherUpdate)]

    pub fn set_data_len(&mut self, len: usize) -> Result<(), ErrorStack> {

        let len = c_int::try_from(len).unwrap();

    /// # Panics

    ///

    /// Panics if `output.len()` is less than `input.len()` plus the cipher's block size.

    ///

    /// This corresponds to [`EVP_CipherUpdate`].

    ///

    /// [`EVP_CipherUpdate`]: https://www.openssl.org/docs/manmaster/man3/EVP_CipherUpdate.html

    #[corresponds(EVP_CipherUpdate)]

    pub fn cipher_update(

        &mut self,

        input: &[u8],

    /// # Panics

    ///

    /// Panics if `output` is smaller than the cipher's block size.

    ///

    /// This corresponds to [`EVP_CipherFinal`].

    ///

    /// [`EVP_CipherFinal`]: https://www.openssl.org/docs/manmaster/man3/EVP_CipherFinal.html

    #[corresponds(EVP_CipherFinal)]

    pub fn cipher_final(&mut self, output: &mut [u8]) -> Result<usize, ErrorStack> {

        let block_size = self.block_size();

        if block_size > 1 {