openssl.nim 31 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762
  1. #
  2. #
  3. # Nim's Runtime Library
  4. # (c) Copyright 2015 Andreas Rumpf
  5. #
  6. # See the file "copying.txt", included in this
  7. # distribution, for details about the copyright.
  8. #
  9. ## OpenSSL support
  10. ##
  11. ## When OpenSSL is dynamically linked, the wrapper provides partial forward and backward
  12. ## compatibility for OpenSSL versions above and below 1.1.0
  13. ##
  14. ## OpenSSL can also be statically linked using ``--dynlibOverride:ssl`` for OpenSSL >= 1.1.0.
  15. ## If you want to statically link against OpenSSL 1.0.x, you now have to
  16. ## define the ``openssl10`` symbol via ``-d:openssl10``.
  17. ##
  18. ## Build and test examples:
  19. ##
  20. ## .. code-block::
  21. ## ./bin/nim c -d:ssl -p:. -r tests/untestable/tssl.nim
  22. ## ./bin/nim c -d:ssl -p:. --dynlibOverride:ssl --passl:-lcrypto --passl:-lssl -r tests/untestable/tssl.nim
  23. {.deadCodeElim: on.} # dce option deprecated
  24. when defined(nimHasStyleChecks):
  25. {.push styleChecks: off.}
  26. const useWinVersion = defined(Windows) or defined(nimdoc)
  27. # To force openSSL version use -d:sslVersion=1.0.0
  28. # See: #10281, #10230
  29. # General issue:
  30. # Other dynamic libraries (like libpg) load different openSSL version then what nim loads.
  31. # Having two different openSSL loaded version causes a crash.
  32. # Use this compile time define to force the openSSL version that your other dynamic libraries want.
  33. const sslVersion {.strdefine.}: string = ""
  34. when sslVersion != "":
  35. when defined(macosx):
  36. const
  37. DLLSSLName* = "libssl." & sslVersion & ".dylib"
  38. DLLUtilName* = "libcrypto." & sslVersion & ".dylib"
  39. from posix import SocketHandle
  40. elif defined(windows):
  41. const
  42. DLLSSLName* = "libssl-" & sslVersion & ".dll"
  43. DLLUtilName* = "libcrypto-" & sslVersion & ".dll"
  44. from winlean import SocketHandle
  45. else:
  46. const
  47. DLLSSLName* = "libssl.so." & sslVersion
  48. DLLUtilName* = "libcrypto.so." & sslVersion
  49. from posix import SocketHandle
  50. elif useWinVersion:
  51. when not defined(nimOldDlls) and defined(cpu64):
  52. const
  53. DLLSSLName* = "(libssl-1_1-x64|ssleay64|libssl64).dll"
  54. DLLUtilName* = "(libcrypto-1_1-x64|libeay64).dll"
  55. else:
  56. const
  57. DLLSSLName* = "(libssl-1_1|ssleay32|libssl32).dll"
  58. DLLUtilName* = "(libcrypto-1_1|libeay32).dll"
  59. from winlean import SocketHandle
  60. else:
  61. when defined(osx):
  62. const versions = "(.1.1|.38|.39|.41|.43|.44|.45|.46|.47|.10|.1.0.2|.1.0.1|.1.0.0|.0.9.9|.0.9.8|)"
  63. else:
  64. const versions = "(.1.1|.1.0.2|.1.0.1|.1.0.0|.0.9.9|.0.9.8|.47|.46|.45|.44|.43|.41|.39|.38|.10|)"
  65. when defined(macosx):
  66. const
  67. DLLSSLName* = "libssl" & versions & ".dylib"
  68. DLLUtilName* = "libcrypto" & versions & ".dylib"
  69. elif defined(genode):
  70. const
  71. DLLSSLName* = "libssl.lib.so"
  72. DLLUtilName* = "libcrypto.lib.so"
  73. else:
  74. const
  75. DLLSSLName* = "libssl.so" & versions
  76. DLLUtilName* = "libcrypto.so" & versions
  77. from posix import SocketHandle
  78. import dynlib
  79. type
  80. SslStruct {.final, pure.} = object
  81. SslPtr* = ptr SslStruct
  82. PSslPtr* = ptr SslPtr
  83. SslCtx* = SslPtr
  84. PSSL_METHOD* = SslPtr
  85. PX509* = SslPtr
  86. PX509_NAME* = SslPtr
  87. PEVP_MD* = SslPtr
  88. PBIO_METHOD* = SslPtr
  89. BIO* = SslPtr
  90. EVP_PKEY* = SslPtr
  91. PRSA* = SslPtr
  92. PASN1_UTCTIME* = SslPtr
  93. PASN1_cInt* = SslPtr
  94. PPasswdCb* = SslPtr
  95. PFunction* = proc () {.cdecl.}
  96. DES_cblock* = array[0..7, int8]
  97. PDES_cblock* = ptr DES_cblock
  98. des_ks_struct*{.final.} = object
  99. ks*: DES_cblock
  100. weak_key*: cint
  101. des_key_schedule* = array[1..16, des_ks_struct]
  102. pem_password_cb* = proc(buf: cstring, size, rwflag: cint, userdata: pointer): cint {.cdecl.}
  103. const
  104. SSL_SENT_SHUTDOWN* = 1
  105. SSL_RECEIVED_SHUTDOWN* = 2
  106. EVP_MAX_MD_SIZE* = 16 + 20
  107. SSL_ERROR_NONE* = 0
  108. SSL_ERROR_SSL* = 1
  109. SSL_ERROR_WANT_READ* = 2
  110. SSL_ERROR_WANT_WRITE* = 3
  111. SSL_ERROR_WANT_X509_LOOKUP* = 4
  112. SSL_ERROR_SYSCALL* = 5 #look at error stack/return value/errno
  113. SSL_ERROR_ZERO_RETURN* = 6
  114. SSL_ERROR_WANT_CONNECT* = 7
  115. SSL_ERROR_WANT_ACCEPT* = 8
  116. SSL_CTRL_NEED_TMP_RSA* = 1
  117. SSL_CTRL_SET_TMP_RSA* = 2
  118. SSL_CTRL_SET_TMP_DH* = 3
  119. SSL_CTRL_SET_TMP_ECDH* = 4
  120. SSL_CTRL_SET_TMP_RSA_CB* = 5
  121. SSL_CTRL_SET_TMP_DH_CB* = 6
  122. SSL_CTRL_SET_TMP_ECDH_CB* = 7
  123. SSL_CTRL_GET_SESSION_REUSED* = 8
  124. SSL_CTRL_GET_CLIENT_CERT_REQUEST* = 9
  125. SSL_CTRL_GET_NUM_RENEGOTIATIONS* = 10
  126. SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS* = 11
  127. SSL_CTRL_GET_TOTAL_RENEGOTIATIONS* = 12
  128. SSL_CTRL_GET_FLAGS* = 13
  129. SSL_CTRL_EXTRA_CHAIN_CERT* = 14
  130. SSL_CTRL_SET_MSG_CALLBACK* = 15
  131. SSL_CTRL_SET_MSG_CALLBACK_ARG* = 16 # only applies to datagram connections
  132. SSL_CTRL_SET_MTU* = 17 # Stats
  133. SSL_CTRL_SESS_NUMBER* = 20
  134. SSL_CTRL_SESS_CONNECT* = 21
  135. SSL_CTRL_SESS_CONNECT_GOOD* = 22
  136. SSL_CTRL_SESS_CONNECT_RENEGOTIATE* = 23
  137. SSL_CTRL_SESS_ACCEPT* = 24
  138. SSL_CTRL_SESS_ACCEPT_GOOD* = 25
  139. SSL_CTRL_SESS_ACCEPT_RENEGOTIATE* = 26
  140. SSL_CTRL_SESS_HIT* = 27
  141. SSL_CTRL_SESS_CB_HIT* = 28
  142. SSL_CTRL_SESS_MISSES* = 29
  143. SSL_CTRL_SESS_TIMEOUTS* = 30
  144. SSL_CTRL_SESS_CACHE_FULL* = 31
  145. SSL_CTRL_OPTIONS* = 32
  146. SSL_CTRL_MODE* = 33
  147. SSL_CTRL_GET_READ_AHEAD* = 40
  148. SSL_CTRL_SET_READ_AHEAD* = 41
  149. SSL_CTRL_SET_SESS_CACHE_SIZE* = 42
  150. SSL_CTRL_GET_SESS_CACHE_SIZE* = 43
  151. SSL_CTRL_SET_SESS_CACHE_MODE* = 44
  152. SSL_CTRL_GET_SESS_CACHE_MODE* = 45
  153. SSL_CTRL_GET_MAX_CERT_LIST* = 50
  154. SSL_CTRL_SET_MAX_CERT_LIST* = 51 #* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
  155. # * when just a single record has been written): *
  156. SSL_CTRL_SET_TLSEXT_SERVERNAME_CB = 53
  157. SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG = 54
  158. SSL_CTRL_SET_TLSEXT_HOSTNAME = 55
  159. TLSEXT_NAMETYPE_host_name* = 0
  160. SSL_TLSEXT_ERR_OK* = 0
  161. SSL_TLSEXT_ERR_ALERT_WARNING* = 1
  162. SSL_TLSEXT_ERR_ALERT_FATAL* = 2
  163. SSL_TLSEXT_ERR_NOACK* = 3
  164. SSL_MODE_ENABLE_PARTIAL_WRITE* = 1 #* Make it possible to retry SSL_write() with changed buffer location
  165. # * (buffer contents must stay the same!); this is not the default to avoid
  166. # * the misconception that non-blocking SSL_write() behaves like
  167. # * non-blocking write(): *
  168. SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER* = 2 #* Never bother the application with retries if the transport
  169. # * is blocking: *
  170. SSL_MODE_AUTO_RETRY* = 4 #* Don't attempt to automatically build certificate chain *
  171. SSL_MODE_NO_AUTO_CHAIN* = 8
  172. SSL_OP_NO_SSLv2* = 0x01000000
  173. SSL_OP_NO_SSLv3* = 0x02000000
  174. SSL_OP_NO_TLSv1* = 0x04000000
  175. SSL_OP_NO_TLSv1_1* = 0x08000000
  176. SSL_OP_ALL* = 0x000FFFFF
  177. SSL_VERIFY_NONE* = 0x00000000
  178. SSL_VERIFY_PEER* = 0x00000001
  179. OPENSSL_DES_DECRYPT* = 0
  180. OPENSSL_DES_ENCRYPT* = 1
  181. X509_V_OK* = 0
  182. X509_V_ILLEGAL* = 1
  183. X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT* = 2
  184. X509_V_ERR_UNABLE_TO_GET_CRL* = 3
  185. X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE* = 4
  186. X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE* = 5
  187. X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY* = 6
  188. X509_V_ERR_CERT_SIGNATURE_FAILURE* = 7
  189. X509_V_ERR_CRL_SIGNATURE_FAILURE* = 8
  190. X509_V_ERR_CERT_NOT_YET_VALID* = 9
  191. X509_V_ERR_CERT_HAS_EXPIRED* = 10
  192. X509_V_ERR_CRL_NOT_YET_VALID* = 11
  193. X509_V_ERR_CRL_HAS_EXPIRED* = 12
  194. X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD* = 13
  195. X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD* = 14
  196. X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD* = 15
  197. X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD* = 16
  198. X509_V_ERR_OUT_OF_MEM* = 17
  199. X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT* = 18
  200. X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN* = 19
  201. X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY* = 20
  202. X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE* = 21
  203. X509_V_ERR_CERT_CHAIN_TOO_LONG* = 22
  204. X509_V_ERR_CERT_REVOKED* = 23
  205. X509_V_ERR_INVALID_CA* = 24
  206. X509_V_ERR_PATH_LENGTH_EXCEEDED* = 25
  207. X509_V_ERR_INVALID_PURPOSE* = 26
  208. X509_V_ERR_CERT_UNTRUSTED* = 27
  209. X509_V_ERR_CERT_REJECTED* = 28 #These are 'informational' when looking for issuer cert
  210. X509_V_ERR_SUBJECT_ISSUER_MISMATCH* = 29
  211. X509_V_ERR_AKID_SKID_MISMATCH* = 30
  212. X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH* = 31
  213. X509_V_ERR_KEYUSAGE_NO_CERTSIGN* = 32
  214. X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER* = 33
  215. X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION* = 34 #The application is not happy
  216. X509_V_ERR_APPLICATION_VERIFICATION* = 50
  217. SSL_FILETYPE_ASN1* = 2
  218. SSL_FILETYPE_PEM* = 1
  219. EVP_PKEY_RSA* = 6 # libssl.dll
  220. BIO_C_SET_CONNECT = 100
  221. BIO_C_DO_STATE_MACHINE = 101
  222. BIO_C_GET_SSL = 110
  223. proc TLSv1_method*(): PSSL_METHOD{.cdecl, dynlib: DLLSSLName, importc.}
  224. # TLS_method(), TLS_server_method(), TLS_client_method() are introduced in 1.1.0
  225. # and support SSLv3, TLSv1, TLSv1.1 and TLSv1.2
  226. # SSLv23_method(), SSLv23_server_method(), SSLv23_client_method() are removed in 1.1.0
  227. when compileOption("dynlibOverride", "ssl") or defined(noOpenSSLHacks):
  228. # Static linking
  229. when defined(openssl10):
  230. proc SSL_library_init*(): cint {.cdecl, dynlib: DLLSSLName, importc, discardable.}
  231. proc SSL_load_error_strings*() {.cdecl, dynlib: DLLSSLName, importc.}
  232. proc SSLv23_method*(): PSSL_METHOD {.cdecl, dynlib: DLLSSLName, importc.}
  233. else:
  234. proc OPENSSL_init_ssl*(opts: uint64, settings: uint8): cint {.cdecl, dynlib: DLLSSLName, importc, discardable.}
  235. proc SSL_library_init*(): cint {.discardable.} =
  236. ## Initialize SSL using OPENSSL_init_ssl for OpenSSL >= 1.1.0
  237. return OPENSSL_init_ssl(0.uint64, 0.uint8)
  238. proc TLS_method*(): PSSL_METHOD {.cdecl, dynlib: DLLSSLName, importc.}
  239. proc SSLv23_method*(): PSSL_METHOD =
  240. TLS_method()
  241. proc OpenSSL_version_num(): culong {.cdecl, dynlib: DLLSSLName, importc.}
  242. proc getOpenSSLVersion*(): culong =
  243. ## Return OpenSSL version as unsigned long
  244. OpenSSL_version_num()
  245. proc SSL_load_error_strings*() =
  246. ## Removed from OpenSSL 1.1.0
  247. # This proc prevents breaking existing code calling SslLoadErrorStrings
  248. # Static linking against OpenSSL < 1.1.0 is not supported
  249. discard
  250. template OpenSSL_add_all_algorithms*() = discard
  251. proc SSLv23_client_method*(): PSSL_METHOD {.cdecl, dynlib: DLLSSLName, importc.}
  252. proc SSLv2_method*(): PSSL_METHOD {.cdecl, dynlib: DLLSSLName, importc.}
  253. proc SSLv3_method*(): PSSL_METHOD {.cdecl, dynlib: DLLSSLName, importc.}
  254. else:
  255. # Here we're trying to stay compatible with openssl 1.0.* and 1.1.*. Some
  256. # symbols are loaded dynamically and we don't use them if not found.
  257. proc thisModule(): LibHandle {.inline.} =
  258. var thisMod {.global.}: LibHandle
  259. if thisMod.isNil: thisMod = loadLib()
  260. result = thisMod
  261. proc sslModule(): LibHandle {.inline.} =
  262. var sslMod {.global.}: LibHandle
  263. if sslMod.isNil: sslMod = loadLibPattern(DLLSSLName)
  264. result = sslMod
  265. proc sslSymNullable(name: string, alternativeName = ""): pointer =
  266. # Load from DLL.
  267. var sslDynlib = sslModule()
  268. if not sslDynlib.isNil:
  269. result = symAddr(sslDynlib, name)
  270. if result.isNil and alternativeName.len > 0:
  271. result = symAddr(sslDynlib, alternativeName)
  272. # Attempt to load from current exe.
  273. if result.isNil:
  274. let thisDynlib = thisModule()
  275. if thisDynlib.isNil: return nil
  276. result = symAddr(thisDynlib, name)
  277. if result.isNil and alternativeName.len > 0:
  278. result = symAddr(sslDynlib, alternativeName)
  279. proc sslSymThrows(name: string, alternativeName = ""): pointer =
  280. result = sslSymNullable(name, alternativeName)
  281. if result.isNil: raiseInvalidLibrary(name)
  282. proc loadPSSLMethod(method1, method2: string): PSSL_METHOD =
  283. ## Load <method1> from OpenSSL if available, otherwise <method2>
  284. ##
  285. let methodSym = sslSymNullable(method1, method2)
  286. if methodSym.isNil:
  287. raise newException(LibraryError, "Could not load " & method1 & " nor " & method2)
  288. let method2Proc = cast[proc(): PSSL_METHOD {.cdecl, gcsafe.}](methodSym)
  289. return method2Proc()
  290. proc SSL_library_init*(): cint {.discardable.} =
  291. ## Initialize SSL using OPENSSL_init_ssl for OpenSSL >= 1.1.0 otherwise
  292. ## SSL_library_init
  293. let newInitSym = sslSymNullable("OPENSSL_init_ssl")
  294. if not newInitSym.isNil:
  295. let newInitProc =
  296. cast[proc(opts: uint64, settings: uint8): cint {.cdecl.}](newInitSym)
  297. return newInitProc(0, 0)
  298. let olderProc = cast[proc(): cint {.cdecl.}](sslSymThrows("SSL_library_init"))
  299. if not olderProc.isNil: result = olderProc()
  300. proc SSL_load_error_strings*() =
  301. # TODO: Are we ignoring this on purpose? SSL GitHub CI fails otherwise.
  302. let theProc = cast[proc() {.cdecl.}](sslSymNullable("SSL_load_error_strings"))
  303. if not theProc.isNil: theProc()
  304. proc SSLv23_client_method*(): PSSL_METHOD =
  305. loadPSSLMethod("SSLv23_client_method", "TLS_client_method")
  306. proc SSLv23_method*(): PSSL_METHOD =
  307. loadPSSLMethod("SSLv23_method", "TLS_method")
  308. proc SSLv2_method*(): PSSL_METHOD =
  309. loadPSSLMethod("SSLv2_method", "TLS_method")
  310. proc SSLv3_method*(): PSSL_METHOD =
  311. loadPSSLMethod("SSLv3_method", "TLS_method")
  312. proc TLS_method*(): PSSL_METHOD =
  313. loadPSSLMethod("TLS_method", "SSLv23_method")
  314. proc TLS_client_method*(): PSSL_METHOD =
  315. loadPSSLMethod("TLS_client_method", "SSLv23_client_method")
  316. proc TLS_server_method*(): PSSL_METHOD =
  317. loadPSSLMethod("TLS_server_method", "SSLv23_server_method")
  318. proc OpenSSL_add_all_algorithms*() =
  319. # TODO: Are we ignoring this on purpose? SSL GitHub CI fails otherwise.
  320. let theProc = cast[proc() {.cdecl.}](sslSymNullable("OPENSSL_add_all_algorithms_conf"))
  321. if not theProc.isNil: theProc()
  322. proc getOpenSSLVersion*(): culong =
  323. ## Return OpenSSL version as unsigned long or 0 if not available
  324. let theProc = cast[proc(): culong {.cdecl.}](sslSymNullable("OpenSSL_version_num"))
  325. result =
  326. if theProc.isNil: 0.culong
  327. else: theProc()
  328. proc ERR_load_BIO_strings*(){.cdecl, dynlib: DLLUtilName, importc.}
  329. proc SSL_new*(context: SslCtx): SslPtr{.cdecl, dynlib: DLLSSLName, importc.}
  330. proc SSL_free*(ssl: SslPtr){.cdecl, dynlib: DLLSSLName, importc.}
  331. proc SSL_get_SSL_CTX*(ssl: SslPtr): SslCtx {.cdecl, dynlib: DLLSSLName, importc.}
  332. proc SSL_set_SSL_CTX*(ssl: SslPtr, ctx: SslCtx): SslCtx {.cdecl, dynlib: DLLSSLName, importc.}
  333. proc SSL_CTX_new*(meth: PSSL_METHOD): SslCtx{.cdecl,
  334. dynlib: DLLSSLName, importc.}
  335. proc SSL_CTX_load_verify_locations*(ctx: SslCtx, CAfile: cstring,
  336. CApath: cstring): cint{.cdecl, dynlib: DLLSSLName, importc.}
  337. proc SSL_CTX_free*(arg0: SslCtx){.cdecl, dynlib: DLLSSLName, importc.}
  338. proc SSL_CTX_set_verify*(s: SslCtx, mode: int, cb: proc (a: int, b: pointer): int {.cdecl.}){.cdecl, dynlib: DLLSSLName, importc.}
  339. proc SSL_get_verify_result*(ssl: SslPtr): int{.cdecl,
  340. dynlib: DLLSSLName, importc.}
  341. proc SSL_CTX_set_cipher_list*(s: SslCtx, ciphers: cstring): cint{.cdecl, dynlib: DLLSSLName, importc.}
  342. proc SSL_CTX_use_certificate_file*(ctx: SslCtx, filename: cstring, typ: cint): cint{.
  343. stdcall, dynlib: DLLSSLName, importc.}
  344. proc SSL_CTX_use_certificate_chain_file*(ctx: SslCtx, filename: cstring): cint{.
  345. stdcall, dynlib: DLLSSLName, importc.}
  346. proc SSL_CTX_use_PrivateKey_file*(ctx: SslCtx,
  347. filename: cstring, typ: cint): cint{.cdecl, dynlib: DLLSSLName, importc.}
  348. proc SSL_CTX_check_private_key*(ctx: SslCtx): cint{.cdecl, dynlib: DLLSSLName,
  349. importc.}
  350. proc SSL_CTX_get_ex_new_index*(argl: clong, argp: pointer, new_func: pointer, dup_func: pointer, free_func: pointer): cint {.cdecl, dynlib: DLLSSLName, importc.}
  351. proc SSL_CTX_set_ex_data*(ssl: SslCtx, idx: cint, arg: pointer): cint {.cdecl, dynlib: DLLSSLName, importc.}
  352. proc SSL_CTX_get_ex_data*(ssl: SslCtx, idx: cint): pointer {.cdecl, dynlib: DLLSSLName, importc.}
  353. proc SSL_set_fd*(ssl: SslPtr, fd: SocketHandle): cint{.cdecl, dynlib: DLLSSLName, importc.}
  354. proc SSL_shutdown*(ssl: SslPtr): cint{.cdecl, dynlib: DLLSSLName, importc.}
  355. proc SSL_set_shutdown*(ssl: SslPtr, mode: cint) {.cdecl, dynlib: DLLSSLName, importc: "SSL_set_shutdown".}
  356. proc SSL_get_shutdown*(ssl: SslPtr): cint {.cdecl, dynlib: DLLSSLName, importc: "SSL_get_shutdown".}
  357. proc SSL_connect*(ssl: SslPtr): cint{.cdecl, dynlib: DLLSSLName, importc.}
  358. proc SSL_read*(ssl: SslPtr, buf: pointer, num: int): cint{.cdecl, dynlib: DLLSSLName, importc.}
  359. proc SSL_write*(ssl: SslPtr, buf: cstring, num: int): cint{.cdecl, dynlib: DLLSSLName, importc.}
  360. proc SSL_get_error*(s: SslPtr, ret_code: cint): cint{.cdecl, dynlib: DLLSSLName, importc.}
  361. proc SSL_accept*(ssl: SslPtr): cint{.cdecl, dynlib: DLLSSLName, importc.}
  362. proc SSL_pending*(ssl: SslPtr): cint{.cdecl, dynlib: DLLSSLName, importc.}
  363. proc BIO_new_mem_buf*(data: pointer, len: cint): BIO{.cdecl,
  364. dynlib: DLLSSLName, importc.}
  365. proc BIO_new_ssl_connect*(ctx: SslCtx): BIO{.cdecl,
  366. dynlib: DLLSSLName, importc.}
  367. proc BIO_ctrl*(bio: BIO, cmd: cint, larg: int, arg: cstring): int{.cdecl,
  368. dynlib: DLLSSLName, importc.}
  369. proc BIO_get_ssl*(bio: BIO, ssl: ptr SslPtr): int =
  370. return BIO_ctrl(bio, BIO_C_GET_SSL, 0, cast[cstring](ssl))
  371. proc BIO_set_conn_hostname*(bio: BIO, name: cstring): int =
  372. return BIO_ctrl(bio, BIO_C_SET_CONNECT, 0, name)
  373. proc BIO_do_handshake*(bio: BIO): int =
  374. return BIO_ctrl(bio, BIO_C_DO_STATE_MACHINE, 0, nil)
  375. proc BIO_do_connect*(bio: BIO): int =
  376. return BIO_do_handshake(bio)
  377. when not defined(nimfix):
  378. proc BIO_read*(b: BIO, data: cstring, length: cint): cint{.cdecl,
  379. dynlib: DLLUtilName, importc.}
  380. proc BIO_write*(b: BIO, data: cstring, length: cint): cint{.cdecl,
  381. dynlib: DLLUtilName, importc.}
  382. proc BIO_free*(b: BIO): cint{.cdecl, dynlib: DLLUtilName, importc.}
  383. proc ERR_print_errors_fp*(fp: File){.cdecl, dynlib: DLLSSLName, importc.}
  384. proc ERR_error_string*(e: cint, buf: cstring): cstring{.cdecl,
  385. dynlib: DLLUtilName, importc.}
  386. proc ERR_get_error*(): cint{.cdecl, dynlib: DLLUtilName, importc.}
  387. proc ERR_peek_last_error*(): cint{.cdecl, dynlib: DLLUtilName, importc.}
  388. proc OPENSSL_config*(configName: cstring){.cdecl, dynlib: DLLSSLName, importc.}
  389. when not useWinVersion and not defined(macosx) and not defined(android) and not defined(nimNoAllocForSSL):
  390. proc CRYPTO_set_mem_functions(a,b,c: pointer){.cdecl,
  391. dynlib: DLLUtilName, importc.}
  392. proc allocWrapper(size: int): pointer {.cdecl.} = allocShared(size)
  393. proc reallocWrapper(p: pointer; newSize: int): pointer {.cdecl.} =
  394. if p == nil:
  395. if newSize > 0: result = allocShared(newSize)
  396. elif newSize == 0: deallocShared(p)
  397. else: result = reallocShared(p, newSize)
  398. proc deallocWrapper(p: pointer) {.cdecl.} =
  399. if p != nil: deallocShared(p)
  400. proc CRYPTO_malloc_init*() =
  401. when not useWinVersion and not defined(macosx) and not defined(android) and not defined(nimNoAllocForSSL):
  402. CRYPTO_set_mem_functions(allocWrapper, reallocWrapper, deallocWrapper)
  403. proc SSL_CTX_ctrl*(ctx: SslCtx, cmd: cint, larg: int, parg: pointer): int{.
  404. cdecl, dynlib: DLLSSLName, importc.}
  405. proc SSL_CTX_callback_ctrl(ctx: SslCtx, typ: cint, fp: PFunction): int{.
  406. cdecl, dynlib: DLLSSLName, importc.}
  407. proc SSLCTXSetMode*(ctx: SslCtx, mode: int): int =
  408. result = SSL_CTX_ctrl(ctx, SSL_CTRL_MODE, mode, nil)
  409. proc SSL_ctrl*(ssl: SslPtr, cmd: cint, larg: int, parg: pointer): int{.
  410. cdecl, dynlib: DLLSSLName, importc.}
  411. proc SSL_set_tlsext_host_name*(ssl: SslPtr, name: cstring): int =
  412. result = SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, name)
  413. ## Set the SNI server name extension to be used in a client hello.
  414. ## Returns 1 if SNI was set, 0 if current SSL configuration doesn't support SNI.
  415. proc SSL_get_servername*(ssl: SslPtr, typ: cint = TLSEXT_NAMETYPE_host_name): cstring {.cdecl, dynlib: DLLSSLName, importc.}
  416. ## Retrieve the server name requested in the client hello. This can be used
  417. ## in the callback set in `SSL_CTX_set_tlsext_servername_callback` to
  418. ## implement virtual hosting. May return `nil`.
  419. proc SSL_CTX_set_tlsext_servername_callback*(ctx: SslCtx, cb: proc(ssl: SslPtr, cb_id: int, arg: pointer): int {.cdecl.}): int =
  420. ## Set the callback to be used on listening SSL connections when the client hello is received.
  421. ##
  422. ## The callback should return one of:
  423. ## * SSL_TLSEXT_ERR_OK
  424. ## * SSL_TLSEXT_ERR_ALERT_WARNING
  425. ## * SSL_TLSEXT_ERR_ALERT_FATAL
  426. ## * SSL_TLSEXT_ERR_NOACK
  427. result = SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_CB, cast[PFunction](cb))
  428. proc SSL_CTX_set_tlsext_servername_arg*(ctx: SslCtx, arg: pointer): int =
  429. ## Set the pointer to be used in the callback registered to ``SSL_CTX_set_tlsext_servername_callback``.
  430. result = SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG, 0, arg)
  431. type
  432. PskClientCallback* = proc (ssl: SslPtr;
  433. hint: cstring; identity: cstring; max_identity_len: cuint; psk: ptr cuchar;
  434. max_psk_len: cuint): cuint {.cdecl.}
  435. PskServerCallback* = proc (ssl: SslPtr;
  436. identity: cstring; psk: ptr cuchar; max_psk_len: cint): cuint {.cdecl.}
  437. proc SSL_CTX_set_psk_client_callback*(ctx: SslCtx; callback: PskClientCallback) {.cdecl, dynlib: DLLSSLName, importc.}
  438. ## Set callback called when OpenSSL needs PSK (for client).
  439. proc SSL_CTX_set_psk_server_callback*(ctx: SslCtx; callback: PskServerCallback) {.cdecl, dynlib: DLLSSLName, importc.}
  440. ## Set callback called when OpenSSL needs PSK (for server).
  441. proc SSL_CTX_use_psk_identity_hint*(ctx: SslCtx; hint: cstring): cint {.cdecl, dynlib: DLLSSLName, importc.}
  442. ## Set PSK identity hint to use.
  443. proc SSL_get_psk_identity*(ssl: SslPtr): cstring {.cdecl, dynlib: DLLSSLName, importc.}
  444. ## Get PSK identity.
  445. proc bioNew*(b: PBIO_METHOD): BIO{.cdecl, dynlib: DLLUtilName, importc: "BIO_new".}
  446. proc bioFreeAll*(b: BIO){.cdecl, dynlib: DLLUtilName, importc: "BIO_free_all".}
  447. proc bioSMem*(): PBIO_METHOD{.cdecl, dynlib: DLLUtilName, importc: "BIO_s_mem".}
  448. proc bioCtrlPending*(b: BIO): cint{.cdecl, dynlib: DLLUtilName, importc: "BIO_ctrl_pending".}
  449. proc bioRead*(b: BIO, Buf: cstring, length: cint): cint{.cdecl,
  450. dynlib: DLLUtilName, importc: "BIO_read".}
  451. proc bioWrite*(b: BIO, Buf: cstring, length: cint): cint{.cdecl,
  452. dynlib: DLLUtilName, importc: "BIO_write".}
  453. proc sslSetConnectState*(s: SslPtr) {.cdecl,
  454. dynlib: DLLSSLName, importc: "SSL_set_connect_state".}
  455. proc sslSetAcceptState*(s: SslPtr) {.cdecl,
  456. dynlib: DLLSSLName, importc: "SSL_set_accept_state".}
  457. proc sslRead*(ssl: SslPtr, buf: cstring, num: cint): cint{.cdecl,
  458. dynlib: DLLSSLName, importc: "SSL_read".}
  459. proc sslPeek*(ssl: SslPtr, buf: cstring, num: cint): cint{.cdecl,
  460. dynlib: DLLSSLName, importc: "SSL_peek".}
  461. proc sslWrite*(ssl: SslPtr, buf: cstring, num: cint): cint{.cdecl,
  462. dynlib: DLLSSLName, importc: "SSL_write".}
  463. proc sslSetBio*(ssl: SslPtr, rbio, wbio: BIO) {.cdecl,
  464. dynlib: DLLSSLName, importc: "SSL_set_bio".}
  465. proc sslDoHandshake*(ssl: SslPtr): cint {.cdecl,
  466. dynlib: DLLSSLName, importc: "SSL_do_handshake".}
  467. proc ErrClearError*(){.cdecl, dynlib: DLLUtilName, importc: "ERR_clear_error".}
  468. proc ErrFreeStrings*(){.cdecl, dynlib: DLLUtilName, importc: "ERR_free_strings".}
  469. proc ErrRemoveState*(pid: cint){.cdecl, dynlib: DLLUtilName, importc: "ERR_remove_state".}
  470. proc PEM_read_bio_RSA_PUBKEY*(bp: BIO, x: ptr PRSA, pw: pem_password_cb, u: pointer): PRSA {.cdecl,
  471. dynlib: DLLSSLName, importc.}
  472. proc RSA_verify*(kind: cint, origMsg: pointer, origMsgLen: cuint, signature: pointer,
  473. signatureLen: cuint, rsa: PRSA): cint {.cdecl, dynlib: DLLSSLName, importc.}
  474. when true:
  475. discard
  476. else:
  477. proc SslCtxSetCipherList*(arg0: PSSL_CTX, str: cstring): cint{.cdecl,
  478. dynlib: DLLSSLName, importc.}
  479. proc SslCtxNew*(meth: PSSL_METHOD): PSSL_CTX{.cdecl,
  480. dynlib: DLLSSLName, importc.}
  481. proc SslSetFd*(s: PSSL, fd: cint): cint{.cdecl, dynlib: DLLSSLName, importc.}
  482. proc SslCTXCtrl*(ctx: PSSL_CTX, cmd: cint, larg: int, parg: Pointer): int{.
  483. cdecl, dynlib: DLLSSLName, importc.}
  484. proc SSLSetMode*(s: PSSL, mode: int): int
  485. proc SSLCTXGetMode*(ctx: PSSL_CTX): int
  486. proc SSLGetMode*(s: PSSL): int
  487. proc SslMethodV2*(): PSSL_METHOD{.cdecl, dynlib: DLLSSLName, importc.}
  488. proc SslMethodV3*(): PSSL_METHOD{.cdecl, dynlib: DLLSSLName, importc.}
  489. proc SslMethodTLSV1*(): PSSL_METHOD{.cdecl, dynlib: DLLSSLName, importc.}
  490. proc SslMethodV23*(): PSSL_METHOD{.cdecl, dynlib: DLLSSLName, importc.}
  491. proc SslCtxUsePrivateKey*(ctx: PSSL_CTX, pkey: SslPtr): cint{.cdecl,
  492. dynlib: DLLSSLName, importc.}
  493. proc SslCtxUsePrivateKeyASN1*(pk: cint, ctx: PSSL_CTX,
  494. d: cstring, length: int): cint{.cdecl, dynlib: DLLSSLName, importc.}
  495. proc SslCtxUseCertificate*(ctx: PSSL_CTX, x: SslPtr): cint{.cdecl,
  496. dynlib: DLLSSLName, importc.}
  497. proc SslCtxUseCertificateASN1*(ctx: PSSL_CTX, length: int, d: cstring): cint{.
  498. cdecl, dynlib: DLLSSLName, importc.}
  499. # function SslCtxUseCertificateChainFile(ctx: PSSL_CTX; const filename: PChar):cint;
  500. proc SslCtxUseCertificateChainFile*(ctx: PSSL_CTX, filename: cstring): cint{.
  501. cdecl, dynlib: DLLSSLName, importc.}
  502. proc SslCtxSetDefaultPasswdCb*(ctx: PSSL_CTX, cb: PPasswdCb){.cdecl,
  503. dynlib: DLLSSLName, importc.}
  504. proc SslCtxSetDefaultPasswdCbUserdata*(ctx: PSSL_CTX, u: SslPtr){.cdecl,
  505. dynlib: DLLSSLName, importc.}
  506. # function SslCtxLoadVerifyLocations(ctx: PSSL_CTX; const CAfile: PChar; const CApath: PChar):cint;
  507. proc SslCtxLoadVerifyLocations*(ctx: PSSL_CTX, CAfile: cstring, CApath: cstring): cint{.
  508. cdecl, dynlib: DLLSSLName, importc.}
  509. proc SslNew*(ctx: PSSL_CTX): PSSL{.cdecl, dynlib: DLLSSLName, importc.}
  510. proc SslConnect*(ssl: PSSL): cint{.cdecl, dynlib: DLLSSLName, importc.}
  511. proc SslGetVersion*(ssl: PSSL): cstring{.cdecl, dynlib: DLLSSLName, importc.}
  512. proc SslGetPeerCertificate*(ssl: PSSL): PX509{.cdecl, dynlib: DLLSSLName,
  513. importc.}
  514. proc SslCtxSetVerify*(ctx: PSSL_CTX, mode: cint, arg2: PFunction){.cdecl,
  515. dynlib: DLLSSLName, importc.}
  516. proc SSLGetCurrentCipher*(s: PSSL): SslPtr{.cdecl, dynlib: DLLSSLName, importc.}
  517. proc SSLCipherGetName*(c: SslPtr): cstring{.cdecl, dynlib: DLLSSLName, importc.}
  518. proc SSLCipherGetBits*(c: SslPtr, alg_bits: var cint): cint{.cdecl,
  519. dynlib: DLLSSLName, importc.}
  520. proc SSLGetVerifyResult*(ssl: PSSL): int{.cdecl, dynlib: DLLSSLName, importc.}
  521. # libeay.dll
  522. proc X509New*(): PX509{.cdecl, dynlib: DLLUtilName, importc.}
  523. proc X509Free*(x: PX509){.cdecl, dynlib: DLLUtilName, importc.}
  524. proc X509NameOneline*(a: PX509_NAME, buf: cstring, size: cint): cstring{.
  525. cdecl, dynlib: DLLUtilName, importc.}
  526. proc X509GetSubjectName*(a: PX509): PX509_NAME{.cdecl, dynlib: DLLUtilName,
  527. importc.}
  528. proc X509GetIssuerName*(a: PX509): PX509_NAME{.cdecl, dynlib: DLLUtilName,
  529. importc.}
  530. proc X509NameHash*(x: PX509_NAME): int{.cdecl, dynlib: DLLUtilName, importc.}
  531. # function SslX509Digest(data: PX509; typ: PEVP_MD; md: PChar; len: PcInt):cint;
  532. proc X509Digest*(data: PX509, typ: PEVP_MD, md: cstring, length: var cint): cint{.
  533. cdecl, dynlib: DLLUtilName, importc.}
  534. proc X509print*(b: PBIO, a: PX509): cint{.cdecl, dynlib: DLLUtilName, importc.}
  535. proc X509SetVersion*(x: PX509, version: cint): cint{.cdecl, dynlib: DLLUtilName,
  536. importc.}
  537. proc X509SetPubkey*(x: PX509, pkey: EVP_PKEY): cint{.cdecl, dynlib: DLLUtilName,
  538. importc.}
  539. proc X509SetIssuerName*(x: PX509, name: PX509_NAME): cint{.cdecl,
  540. dynlib: DLLUtilName, importc.}
  541. proc X509NameAddEntryByTxt*(name: PX509_NAME, field: cstring, typ: cint,
  542. bytes: cstring, length, loc, theSet: cint): cint{.
  543. cdecl, dynlib: DLLUtilName, importc.}
  544. proc X509Sign*(x: PX509, pkey: EVP_PKEY, md: PEVP_MD): cint{.cdecl,
  545. dynlib: DLLUtilName, importc.}
  546. proc X509GmtimeAdj*(s: PASN1_UTCTIME, adj: cint): PASN1_UTCTIME{.cdecl,
  547. dynlib: DLLUtilName, importc.}
  548. proc X509SetNotBefore*(x: PX509, tm: PASN1_UTCTIME): cint{.cdecl,
  549. dynlib: DLLUtilName, importc.}
  550. proc X509SetNotAfter*(x: PX509, tm: PASN1_UTCTIME): cint{.cdecl,
  551. dynlib: DLLUtilName, importc.}
  552. proc X509GetSerialNumber*(x: PX509): PASN1_cInt{.cdecl, dynlib: DLLUtilName,
  553. importc.}
  554. proc EvpPkeyNew*(): EVP_PKEY{.cdecl, dynlib: DLLUtilName, importc.}
  555. proc EvpPkeyFree*(pk: EVP_PKEY){.cdecl, dynlib: DLLUtilName, importc.}
  556. proc EvpPkeyAssign*(pkey: EVP_PKEY, typ: cint, key: Prsa): cint{.cdecl,
  557. dynlib: DLLUtilName, importc.}
  558. proc EvpGetDigestByName*(Name: cstring): PEVP_MD{.cdecl, dynlib: DLLUtilName,
  559. importc.}
  560. proc EVPcleanup*(){.cdecl, dynlib: DLLUtilName, importc.}
  561. # function ErrErrorString(e: cint; buf: PChar): PChar;
  562. proc SSLeayversion*(t: cint): cstring{.cdecl, dynlib: DLLUtilName, importc.}
  563. proc OPENSSLaddallalgorithms*(){.cdecl, dynlib: DLLUtilName, importc.}
  564. proc CRYPTOcleanupAllExData*(){.cdecl, dynlib: DLLUtilName, importc.}
  565. proc RandScreen*(){.cdecl, dynlib: DLLUtilName, importc.}
  566. proc d2iPKCS12bio*(b: PBIO, Pkcs12: SslPtr): SslPtr{.cdecl, dynlib: DLLUtilName,
  567. importc.}
  568. proc PKCS12parse*(p12: SslPtr, pass: cstring, pkey, cert, ca: var SslPtr): cint{.
  569. dynlib: DLLUtilName, importc, cdecl.}
  570. proc PKCS12free*(p12: SslPtr){.cdecl, dynlib: DLLUtilName, importc.}
  571. proc RsaGenerateKey*(bits, e: cint, callback: PFunction, cb_arg: SslPtr): PRSA{.
  572. cdecl, dynlib: DLLUtilName, importc.}
  573. proc Asn1UtctimeNew*(): PASN1_UTCTIME{.cdecl, dynlib: DLLUtilName, importc.}
  574. proc Asn1UtctimeFree*(a: PASN1_UTCTIME){.cdecl, dynlib: DLLUtilName, importc.}
  575. proc Asn1cIntSet*(a: PASN1_cInt, v: cint): cint{.cdecl, dynlib: DLLUtilName,
  576. importc.}
  577. proc i2dX509bio*(b: PBIO, x: PX509): cint{.cdecl, dynlib: DLLUtilName, importc.}
  578. proc i2dPrivateKeyBio*(b: PBIO, pkey: EVP_PKEY): cint{.cdecl,
  579. dynlib: DLLUtilName, importc.}
  580. # 3DES functions
  581. proc DESsetoddparity*(Key: des_cblock){.cdecl, dynlib: DLLUtilName, importc.}
  582. proc DESsetkeychecked*(key: des_cblock, schedule: des_key_schedule): cint{.
  583. cdecl, dynlib: DLLUtilName, importc.}
  584. proc DESecbencrypt*(Input: des_cblock, output: des_cblock, ks: des_key_schedule,
  585. enc: cint){.cdecl, dynlib: DLLUtilName, importc.}
  586. # implementation
  587. proc SSLSetMode(s: PSSL, mode: int): int =
  588. result = SSLctrl(s, SSL_CTRL_MODE, mode, nil)
  589. proc SSLCTXGetMode(ctx: PSSL_CTX): int =
  590. result = SSLCTXctrl(ctx, SSL_CTRL_MODE, 0, nil)
  591. proc SSLGetMode(s: PSSL): int =
  592. result = SSLctrl(s, SSL_CTRL_MODE, 0, nil)
  593. # <openssl/md5.h>
  594. type
  595. MD5_LONG* = cuint
  596. const
  597. MD5_CBLOCK* = 64
  598. MD5_LBLOCK* = int(MD5_CBLOCK div 4)
  599. MD5_DIGEST_LENGTH* = 16
  600. type
  601. MD5_CTX* = object
  602. A,B,C,D,Nl,Nh: MD5_LONG
  603. data: array[MD5_LBLOCK, MD5_LONG]
  604. num: cuint
  605. {.push callconv:cdecl, dynlib:DLLUtilName.}
  606. proc md5_Init*(c: var MD5_CTX): cint{.importc: "MD5_Init".}
  607. proc md5_Update*(c: var MD5_CTX; data: pointer; len: csize): cint{.importc: "MD5_Update".}
  608. proc md5_Final*(md: cstring; c: var MD5_CTX): cint{.importc: "MD5_Final".}
  609. proc md5*(d: ptr cuchar; n: csize; md: ptr cuchar): ptr cuchar{.importc: "MD5".}
  610. proc md5_Transform*(c: var MD5_CTX; b: ptr cuchar){.importc: "MD5_Transform".}
  611. {.pop.}
  612. from strutils import toHex, toLowerAscii
  613. proc hexStr(buf: cstring): string =
  614. # turn md5s output into a nice hex str
  615. result = newStringOfCap(32)
  616. for i in 0 ..< 16:
  617. result.add toHex(buf[i].ord, 2).toLowerAscii
  618. proc md5_File*(file: string): string {.raises: [IOError,Exception].} =
  619. ## Generate MD5 hash for a file. Result is a 32 character
  620. # hex string with lowercase characters (like the output
  621. # of `md5sum`
  622. const
  623. sz = 512
  624. let f = open(file,fmRead)
  625. var
  626. buf: array[sz,char]
  627. ctx: MD5_CTX
  628. discard md5_Init(ctx)
  629. while(let bytes = f.readChars(buf, 0, sz); bytes > 0):
  630. discard md5_Update(ctx, buf[0].addr, bytes)
  631. discard md5_Final(buf[0].addr, ctx)
  632. f.close
  633. result = hexStr(addr buf)
  634. proc md5_Str*(str: string): string =
  635. ## Generate MD5 hash for a string. Result is a 32 character
  636. ## hex string with lowercase characters
  637. var
  638. ctx: MD5_CTX
  639. res: array[MD5_DIGEST_LENGTH,char]
  640. input = str.cstring
  641. discard md5_Init(ctx)
  642. var i = 0
  643. while i < str.len:
  644. let L = min(str.len - i, 512)
  645. discard md5_Update(ctx, input[i].addr, L)
  646. i += L
  647. discard md5_Final(addr res, ctx)
  648. result = hexStr(addr res)
  649. when defined(nimHasStyleChecks):
  650. {.pop.}