#ifndef SRC_CRYPTO_CRYPTO_UTIL_H_

#define SRC_CRYPTO_CRYPTO_UTIL_H_

#if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS

#include "async_wrap.h"

#include "env.h"

#include "node_errors.h"

#include "node_external_reference.h"

#include "node_internals.h"

#include "string_bytes.h"

#include "util.h"

#include "v8.h"

#include <openssl/err.h>

#include <openssl/evp.h>

#include <openssl/ec.h>

#include <openssl/kdf.h>

#include <openssl/rsa.h>

#include <openssl/dsa.h>

#include <openssl/ssl.h>

#ifndef OPENSSL_NO_ENGINE

#  include <openssl/engine.h>

#endif  // !OPENSSL_NO_ENGINE

// The FIPS-related functions are only available

// when the OpenSSL itself was compiled with FIPS support.

#if defined(OPENSSL_FIPS) && OPENSSL_VERSION_MAJOR < 3

#  include <openssl/fips.h>

#endif  // OPENSSL_FIPS

#include <algorithm>

#include <memory>

#include <string>

#include <vector>

#include <climits>

#include <cstdio>

namespace node {

namespace crypto {

// Currently known sizes of commonly used OpenSSL struct sizes.

// OpenSSL considers it's various structs to be opaque and the

// sizes may change from one version of OpenSSL to another, so

// these values should not be trusted to remain static. These

// are provided to allow for some close to reasonable memory

// tracking.

constexpr size_t kSizeOf_DH = 144;

constexpr size_t kSizeOf_EC_KEY = 80;

constexpr size_t kSizeOf_EVP_CIPHER_CTX = 168;

constexpr size_t kSizeOf_EVP_MD_CTX = 48;

constexpr size_t kSizeOf_EVP_PKEY = 72;

constexpr size_t kSizeOf_EVP_PKEY_CTX = 80;

constexpr size_t kSizeOf_HMAC_CTX = 32;

// Define smart pointers for the most commonly used OpenSSL types:

using X509Pointer = DeleteFnPtr<X509, X509_free>;

using BIOPointer = DeleteFnPtr<BIO, BIO_free_all>;

using SSLCtxPointer = DeleteFnPtr<SSL_CTX, SSL_CTX_free>;

using SSLSessionPointer = DeleteFnPtr<SSL_SESSION, SSL_SESSION_free>;

using SSLPointer = DeleteFnPtr<SSL, SSL_free>;

using PKCS8Pointer = DeleteFnPtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free>;

using EVPKeyPointer = DeleteFnPtr<EVP_PKEY, EVP_PKEY_free>;

using EVPKeyCtxPointer = DeleteFnPtr<EVP_PKEY_CTX, EVP_PKEY_CTX_free>;

using EVPMDPointer = DeleteFnPtr<EVP_MD_CTX, EVP_MD_CTX_free>;

using RSAPointer = DeleteFnPtr<RSA, RSA_free>;

using ECPointer = DeleteFnPtr<EC_KEY, EC_KEY_free>;

using BignumPointer = DeleteFnPtr<BIGNUM, BN_free>;

using BignumCtxPointer = DeleteFnPtr<BN_CTX, BN_CTX_free>;

using NetscapeSPKIPointer = DeleteFnPtr<NETSCAPE_SPKI, NETSCAPE_SPKI_free>;

using ECGroupPointer = DeleteFnPtr<EC_GROUP, EC_GROUP_free>;

using ECPointPointer = DeleteFnPtr<EC_POINT, EC_POINT_free>;

using ECKeyPointer = DeleteFnPtr<EC_KEY, EC_KEY_free>;

using DHPointer = DeleteFnPtr<DH, DH_free>;

using ECDSASigPointer = DeleteFnPtr<ECDSA_SIG, ECDSA_SIG_free>;

using HMACCtxPointer = DeleteFnPtr<HMAC_CTX, HMAC_CTX_free>;

using CipherCtxPointer = DeleteFnPtr<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free>;

using RsaPointer = DeleteFnPtr<RSA, RSA_free>;

using DsaPointer = DeleteFnPtr<DSA, DSA_free>;

using DsaSigPointer = DeleteFnPtr<DSA_SIG, DSA_SIG_free>;

// Our custom implementation of the certificate verify callback

// used when establishing a TLS handshake. Because we cannot perform

// I/O quickly enough with X509_STORE_CTX_ APIs in this callback,

// we ignore preverify_ok errors here and let the handshake continue.

// In other words, this VerifyCallback is a non-op. It is imperative

// that the user user Connection::VerifyError after the `secure`

// callback has been made.

extern int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx);

bool ProcessFipsOptions();

bool InitCryptoOnce(v8::Isolate* isolate);

void InitCryptoOnce();

void InitCrypto(v8::Local<v8::Object> target);

extern void UseExtraCaCerts(const std::string& file);

// Forcibly clear OpenSSL's error stack on return. This stops stale errors

// from popping up later in the lifecycle of crypto operations where they

// would cause spurious failures. It's a rather blunt method, though.

// ERR_clear_error() isn't necessarily cheap either.

struct ClearErrorOnReturn {

};

// Pop errors from OpenSSL's error stack that were added

// between when this was constructed and destructed.

struct MarkPopErrorOnReturn {

};

// Ensure that OpenSSL has enough entropy (at least 256 bits) for its PRNG.

// The entropy pool starts out empty and needs to fill up before the PRNG

// can be used securely.  Once the pool is filled, it never dries up again;

// its contents is stirred and reused when necessary.

//

// OpenSSL normally fills the pool automatically but not when someone starts

// generating random numbers before the pool is full: in that case OpenSSL

// keeps lowering the entropy estimate to thwart attackers trying to guess

// the initial state of the PRNG.

//

// When that happens, we will have to wait until enough entropy is available.

// That should normally never take longer than a few milliseconds.

//

// OpenSSL draws from /dev/random and /dev/urandom.  While /dev/random may

// block pending "true" randomness, /dev/urandom is a CSPRNG that doesn't

// block under normal circumstances.

//

// The only time when /dev/urandom may conceivably block is right after boot,

// when the whole system is still low on entropy.  That's not something we can

// do anything about.

void CheckEntropy();

// Generate length bytes of random data. If this returns false, the data

// may not be truly random but it's still generally good enough.

bool EntropySource(unsigned char* buffer, size_t length);

int PasswordCallback(char* buf, int size, int rwflag, void* u);

int NoPasswordCallback(char* buf, int size, int rwflag, void* u);

// Decode is used by the various stream-based crypto utilities to decode

// string input.

template <typename T>

            void (*callback)(T*, const v8::FunctionCallbackInfo<v8::Value>&,

                             const char*, size_t)) {

  T* ctx;

  } else {

  }

}

#define NODE_CRYPTO_ERROR_CODES_MAP(V)                                        \

    V(CIPHER_JOB_FAILED, "Cipher job failed")                                 \

    V(DERIVING_BITS_FAILED, "Deriving bits failed")                           \

    V(ENGINE_NOT_FOUND, "Engine \"%s\" was not found")                        \

    V(INVALID_KEY_TYPE, "Invalid key type")                                   \

    V(KEY_GENERATION_JOB_FAILED, "Key generation job failed")                 \

    V(OK, "Ok")                                                               \

enum class NodeCryptoError {

#define V(CODE, DESCRIPTION) CODE,

  NODE_CRYPTO_ERROR_CODES_MAP(V)

#undef V

};

// Utility struct used to harvest error information from openssl's error stack

struct CryptoErrorStore final : public MemoryRetainer {

 public:

  void Capture();

  bool Empty() const;

  template <typename... Args>

  void Insert(const NodeCryptoError error, Args&&... args);

  v8::MaybeLocal<v8::Value> ToException(

      Environment* env,

      v8::Local<v8::String> exception_string = v8::Local<v8::String>()) const;

 private:

  std::vector<std::string> errors_;

};

template <typename... Args>

#define V(CODE, DESCRIPTION) \

    case NodeCryptoError::CODE: error_string = DESCRIPTION; break;

#undef V

  }

                               std::forward<Args>(args)...));

template <typename T>

}

template <typename T>

}

// A helper class representing a read-only byte array. When deallocated, its

// contents are zeroed.

class ByteSource {

 public:

  ByteSource(ByteSource&& other) noexcept;

  ~ByteSource();

  ByteSource& operator=(ByteSource&& other) noexcept;

  const char* get() const;

  template <typename T>

  size_t size() const;

    return BignumPointer(BN_bin2bn(

  }

  // Creates a v8::BackingStore that takes over responsibility for

  // any allocated data. The ByteSource will be reset with size = 0

  // after being called.

  std::unique_ptr<v8::BackingStore> ReleaseToBackingStore();

  v8::Local<v8::ArrayBuffer> ToArrayBuffer(Environment* env);

  v8::MaybeLocal<v8::Uint8Array> ToBuffer(Environment* env);

  void reset();

  // Allows an Allocated ByteSource to be truncated.

  static ByteSource Allocated(char* data, size_t size);

  static ByteSource Foreign(const char* data, size_t size);

  static ByteSource FromEncodedString(Environment* env,

                                      v8::Local<v8::String> value,

                                      enum encoding enc = BASE64);

  static ByteSource FromStringOrBuffer(Environment* env,

                                       v8::Local<v8::Value> value);

  static ByteSource FromString(Environment* env,

                               v8::Local<v8::String> str,

                               bool ntc = false);

  static ByteSource FromBuffer(v8::Local<v8::Value> buffer,

                               bool ntc = false);

  static ByteSource FromBIO(const BIOPointer& bio);

  static ByteSource NullTerminatedCopy(Environment* env,

                                       v8::Local<v8::Value> value);

  static ByteSource FromSymmetricKeyObjectHandle(v8::Local<v8::Value> handle);

  ByteSource(const ByteSource&) = delete;

  ByteSource& operator=(const ByteSource&) = delete;

  static ByteSource FromSecretKeyBytes(

      Environment* env, v8::Local<v8::Value> value);

 private:

  const char* data_ = nullptr;

  char* allocated_data_ = nullptr;

  size_t size_ = 0;

  ByteSource(const char* data, char* allocated_data, size_t size);

};

enum CryptoJobMode {

  kCryptoJobAsync,

  kCryptoJobSync

};

CryptoJobMode GetCryptoJobMode(v8::Local<v8::Value> args);

template <typename CryptoJobTraits>

class CryptoJob : public AsyncWrap, public ThreadPoolWork {

 public:

  using AdditionalParams = typename CryptoJobTraits::AdditionalParameters;

      Environment* env,

      v8::Local<v8::Object> object,

      AsyncWrap::ProviderType type,

      CryptoJobMode mode,

      AdditionalParams&& params)

      : AsyncWrap(env, object, type),

        ThreadPoolWork(env),

        mode_(mode),

    // If the CryptoJob is async, then the instance will be

    // cleaned up when AfterThreadPoolWork is called.

    // CryptoJobs run a work in the libuv thread pool and may still

    // exist when the event loop empties and starts to exit.

  }

    // If the job was canceled do not execute the callback.

    // TODO(@jasnell): We should likely revisit skipping the

    // callback on cancel as that could leave the JS in a pending

    // state (e.g. unresolved promises...)

    // TODO(tniessen): Remove the exception handling logic here as soon as we

    // can verify that no code path in ToResult will ever throw an exception.

    v8::Local<v8::Value> exception;

    {

      }

    }

    } else {

    }

  }

  virtual v8::Maybe<bool> ToResult(

      v8::Local<v8::Value>* err,

      v8::Local<v8::Value>* result) = 0;

  }

  }

    CryptoJob<CryptoJobTraits>* job;

          v8::Array::New(env->isolate(), ret, arraysize(ret)));

    }

  }

      v8::FunctionCallback new_fn,

      Environment* env,

      v8::Local<v8::Object> target) {

        AsyncWrap::kInternalFieldCount);

                                         ExternalReferenceRegistry* registry) {

 private:

  const CryptoJobMode mode_;

  CryptoErrorStore errors_;

  AdditionalParams params_;

};

template <typename DeriveBitsTraits>

class DeriveBitsJob final : public CryptoJob<DeriveBitsTraits> {

 public:

  using AdditionalParams = typename DeriveBitsTraits::AdditionalParameters;

            .IsNothing()) {

      // The DeriveBitsTraits::AdditionalConfig is responsible for

      // calling an appropriate THROW_CRYPTO_* variant reporting

      // whatever error caused initialization to fail.

    }

  }

      Environment* env,

      v8::Local<v8::Object> target) {

      Environment* env,

      v8::Local<v8::Object> object,

      CryptoJobMode mode,

      AdditionalParams&& params)

      : CryptoJob<DeriveBitsTraits>(

            env,

            object,

            DeriveBitsTraits::Provider,

            mode,

            AsyncWrap::env(),

    }

  }

      v8::Local<v8::Value>* err,

      v8::Local<v8::Value>* result) override {

          env,

          &out_,

    }

  }

  }

 private:

  ByteSource out_;

  bool success_ = false;

};

void ThrowCryptoError(Environment* env,

                      unsigned long err,  // NOLINT(runtime/int)

                      const char* message = nullptr);

#ifndef OPENSSL_NO_ENGINE

struct EnginePointer {

  ENGINE* engine = nullptr;

  bool finish_on_exit = false;

  }

        // This also does the equivalent of ENGINE_free.

      } else {

      }

    }

  }

};

EnginePointer LoadEngineById(const char* id, CryptoErrorStore* errors);

bool SetEngine(

    const char* id,

    uint32_t flags,

    CryptoErrorStore* errors = nullptr);

void SetEngine(const v8::FunctionCallbackInfo<v8::Value>& args);

#endif  // !OPENSSL_NO_ENGINE

void GetFipsCrypto(const v8::FunctionCallbackInfo<v8::Value>& args);

void SetFipsCrypto(const v8::FunctionCallbackInfo<v8::Value>& args);

void TestFipsCrypto(const v8::FunctionCallbackInfo<v8::Value>& args);

class CipherPushContext {

 public:

  }

 private:

  std::vector<v8::Local<v8::Value>> list_;

  Environment* env_;

};

#if OPENSSL_VERSION_MAJOR >= 3

template <class TypeName,

          TypeName* fetch_type(OSSL_LIB_CTX*, const char*, const char*),

          void free_type(TypeName*),

          const TypeName* getbyname(const char*),

          const char* getname(const TypeName*)>

                     const char* from,

                     const char* to,

                     void* arg) {

  // EVP_*_fetch() does not support alias names, so we need to pass it the

  // real/original algorithm name.

  // We use EVP_*_fetch() as a filter here because it will only return an

  // instance if the algorithm is supported by the public OpenSSL APIs (some

  // algorithms are used internally by OpenSSL and are also passed to this

  // callback).

}

#else

template <class TypeName>

void array_push_back(const TypeName* evp_ref,

                     const char* from,

                     const char* to,

                     void* arg) {

  if (!from)

    return;

  static_cast<CipherPushContext*>(arg)->push_back(from);

}

#endif

}

template <typename T>

class ArrayBufferOrViewContents {

 public:

  ArrayBufferOrViewContents() = default;

    } else {

    }

    // Ideally, these would return nullptr if IsEmpty() or length_ is zero,

    // but some of the openssl API react badly if given a nullptr even when

    // length is zero, so we have to return something.

  }

    // Ideally, these would return nullptr if IsEmpty() or length_ is zero,

    // but some of the openssl API react badly if given a nullptr even when

    // length is zero, so we have to return something.

  }

  // In most cases, input buffer sizes passed in to openssl need to

  // be limited to <= INT_MAX. This utility method helps us check.

  }

  }

  }

  template <typename M>

    static_assert(sizeof(M) == 1, "sizeof(M) must equal 1");

 private:

  T buf = 0;

  size_t offset_ = 0;

  size_t length_ = 0;

  std::shared_ptr<v8::BackingStore> store_;

};

template <typename T>

std::vector<T> CopyBuffer(const ArrayBufferOrViewContents<T>& buf) {

  std::vector<T> vec;

  vec->resize(buf.size());

  if (vec->size() > 0 && buf.data() != nullptr)

    memcpy(vec->data(), buf.data(), vec->size());

  return vec;

}

template <typename T>

std::vector<T> CopyBuffer(v8::Local<v8::Value> buf) {

  return CopyBuffer(ArrayBufferOrViewContents<T>(buf));

}

v8::MaybeLocal<v8::Value> EncodeBignum(

    Environment* env,

    const BIGNUM* bn,

    int size,

    v8::Local<v8::Value>* error);

v8::Maybe<bool> SetEncodedValue(

    Environment* env,

    v8::Local<v8::Object> target,

    v8::Local<v8::String> name,

    const BIGNUM* bn,

    int size = 0);

namespace Util {

void Initialize(Environment* env, v8::Local<v8::Object> target);

void RegisterExternalReferences(ExternalReferenceRegistry* registry);

}  // namespace Util

}  // namespace crypto

}  // namespace node

#endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS

#endif  // SRC_CRYPTO_CRYPTO_UTIL_H_