hdkv/yuzu
1
Fork 0
Code Issues Pull Requests Releases 1 Activity

early-access version 2698

Browse Source
This commit is contained in:
pineappleEA
2022-04-24 22:29:35 +02:00
parent c96f949832
commit caa0c2911b
486 changed files with 37806 additions and 14362 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
externals/libressl/include/openssl/asn1.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: asn1.h,v 1.53 2018/11/30 04:51:19 jeremy Exp $ */
/* $OpenBSD: asn1.h,v 1.62 2022/01/14 08:53:53 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -162,52 +162,6 @@ DECLARE_STACK_OF(X509_ALGOR)
#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */
#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */
/* We MUST make sure that, except for constness, asn1_ctx_st and
asn1_const_ctx are exactly the same. Fortunately, as soon as
the old ASN1 parsing macros are gone, we can throw this away
as well... */
typedef struct asn1_ctx_st {
unsigned char *p;/* work char pointer */
int eos; /* end of sequence read for indefinite encoding */
int error; /* error code to use when returning an error */
int inf; /* constructed if 0x20, indefinite is 0x21 */
int tag; /* tag from last 'get object' */
int xclass; /* class from last 'get object' */
long slen; /* length of last 'get object' */
unsigned char *max; /* largest value of p allowed */
unsigned char *q;/* temporary variable */
unsigned char **pp;/* variable */
int line; /* used in error processing */
} ASN1_CTX;
typedef struct asn1_const_ctx_st {
const unsigned char *p;/* work char pointer */
int eos; /* end of sequence read for indefinite encoding */
int error; /* error code to use when returning an error */
int inf; /* constructed if 0x20, indefinite is 0x21 */
int tag; /* tag from last 'get object' */
int xclass; /* class from last 'get object' */
long slen; /* length of last 'get object' */
const unsigned char *max; /* largest value of p allowed */
const unsigned char *q;/* temporary variable */
const unsigned char **pp;/* variable */
int line; /* used in error processing */
} ASN1_const_CTX;
/* These are used internally in the ASN1_OBJECT to keep track of
* whether the names and data need to be free()ed */
#define ASN1_OBJECT_FLAG_DYNAMIC 0x01 /* internal use */
#define ASN1_OBJECT_FLAG_CRITICAL 0x02 /* critical x509v3 object id */
#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04 /* internal use */
#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08 /* internal use */
typedef struct asn1_object_st {
const char *sn, *ln;
int nid;
int length;
const unsigned char *data; /* data remains const after init */
int flags; /* Should we free this one */
} ASN1_OBJECT;
#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
/* This indicates that the ASN1_STRING is not a real value but just a place
* holder for the location where indefinite length constructed data should
@@ -530,11 +484,6 @@ ASN1_SEQUENCE_ANY *d2i_ASN1_SET_ANY(ASN1_SEQUENCE_ANY **a, const unsigned char *
int i2d_ASN1_SET_ANY(const ASN1_SEQUENCE_ANY *a, unsigned char **out);
extern const ASN1_ITEM ASN1_SET_ANY_it;
typedef struct NETSCAPE_X509_st {
ASN1_OCTET_STRING *header;
X509 *cert;
} NETSCAPE_X509;
/* This is used to contain a list of bit names */
typedef struct BIT_STRING_BITNAME_st {
int bitnum;
@@ -645,9 +594,6 @@ int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl);
int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
BIT_STRING_BITNAME *tbl);
int i2d_ASN1_BOOLEAN(int a, unsigned char **pp);
int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length);
ASN1_INTEGER *ASN1_INTEGER_new(void);
void ASN1_INTEGER_free(ASN1_INTEGER *a);
ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **in, long len);
@@ -773,6 +719,9 @@ ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, const unsigned char **in, long len);
int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **out);
extern const ASN1_ITEM ASN1_TIME_it;
int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from,
const ASN1_TIME *to);
extern const ASN1_ITEM ASN1_OCTET_STRING_NDEF_it;
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
@@ -816,8 +765,6 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int max);
/* SPECIALS */
int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
int *pclass, long omax);
int ASN1_check_infinite_end(unsigned char **p, long len);
int ASN1_const_check_infinite_end(const unsigned char **p, long len);
void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
int xclass);
int ASN1_put_eoc(unsigned char **pp);
@@ -895,14 +842,6 @@ int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int
unsigned long ASN1_tag2bit(int tag);
const char *ASN1_tag2str(int tag);
/* Used to load and write netscape format cert */
NETSCAPE_X509 *NETSCAPE_X509_new(void);
void NETSCAPE_X509_free(NETSCAPE_X509 *a);
NETSCAPE_X509 *d2i_NETSCAPE_X509(NETSCAPE_X509 **a, const unsigned char **in, long len);
int i2d_NETSCAPE_X509(NETSCAPE_X509 *a, unsigned char **out);
extern const ASN1_ITEM NETSCAPE_X509_it;
int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, const unsigned char *data, int len);
@@ -1137,6 +1076,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_BAD_OBJECT_HEADER 102
#define ASN1_R_BAD_PASSWORD_READ 103
#define ASN1_R_BAD_TAG 104
#define ASN1_R_BAD_TEMPLATE 230
#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214
#define ASN1_R_BN_LIB 105
#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106

140
externals/libressl/include/openssl/asn1t.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: asn1t.h,v 1.15 2019/08/20 13:10:09 inoguchi Exp $ */
/* $OpenBSD: asn1t.h,v 1.19 2022/01/14 08:43:06 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
@@ -10,7 +10,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -92,7 +92,7 @@ extern "C" {
/* Macros to aid ASN1 template writing */
#define ASN1_ITEM_TEMPLATE(tname) \
static const ASN1_TEMPLATE tname##_item_tt
static const ASN1_TEMPLATE tname##_item_tt
#define ASN1_ITEM_TEMPLATE_END(tname) \
;\
@@ -120,29 +120,30 @@ extern "C" {
/* This is a ASN1 type which just embeds a template */
/* This pair helps declare a SEQUENCE. We can do:
/*
* This pair helps declare a SEQUENCE. We can do:
*
* ASN1_SEQUENCE(stname) = {
* ... SEQUENCE components ...
* } ASN1_SEQUENCE_END(stname)
* ASN1_SEQUENCE(stname) = {
* ... SEQUENCE components ...
* } ASN1_SEQUENCE_END(stname)
*
* This will produce an ASN1_ITEM called stname_it
* This will produce an ASN1_ITEM called stname_it
* for a structure called stname.
*
* If you want the same structure but a different
* If you want the same structure but a different
* name then use:
*
* ASN1_SEQUENCE(itname) = {
* ... SEQUENCE components ...
* } ASN1_SEQUENCE_END_name(stname, itname)
* ASN1_SEQUENCE(itname) = {
* ... SEQUENCE components ...
* } ASN1_SEQUENCE_END_name(stname, itname)
*
* This will create an item called itname_it using
* a structure called stname.
*/
#define ASN1_SEQUENCE(tname) \
static const ASN1_TEMPLATE tname##_seq_tt[]
static const ASN1_TEMPLATE tname##_seq_tt[]
#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
@@ -263,13 +264,14 @@ extern "C" {
ASN1_ITEM_end(tname)
/* This pair helps declare a CHOICE type. We can do:
/*
* This pair helps declare a CHOICE type. We can do:
*
* ASN1_CHOICE(chname) = {
* ... CHOICE options ...
* ASN1_CHOICE_END(chname)
* ASN1_CHOICE(chname) = {
* ... CHOICE options ...
* ASN1_CHOICE_END(chname)
*
* This will produce an ASN1_ITEM called chname_it
* This will produce an ASN1_ITEM called chname_it
* for a structure called chname. The structure
* definition must look like this:
* typedef struct {
@@ -279,14 +281,14 @@ extern "C" {
* ASN1_SOMEOTHER *opt2;
* } value;
* } chname;
*
*
* the name of the selector must be 'type'.
* to use an alternative selector name use the
* to use an alternative selector name use the
* ASN1_CHOICE_END_selector() version.
*/
#define ASN1_CHOICE(tname) \
static const ASN1_TEMPLATE tname##_ch_tt[]
static const ASN1_TEMPLATE tname##_ch_tt[]
#define ASN1_CHOICE_cb(tname, cb) \
static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
@@ -437,7 +439,7 @@ extern "C" {
/* Macros for the ASN1_ADB structure */
#define ASN1_ADB(name) \
static const ASN1_ADB_TABLE name##_adbtbl[]
static const ASN1_ADB_TABLE name##_adbtbl[]
#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
@@ -456,7 +458,7 @@ extern "C" {
#define ADB_ENTRY(val, template) {val, template}
#define ASN1_ADB_TEMPLATE(name) \
static const ASN1_TEMPLATE name##_tt
static const ASN1_TEMPLATE name##_tt
#endif /* !LIBRESSL_INTERNAL */
@@ -467,13 +469,11 @@ extern "C" {
*/
struct ASN1_TEMPLATE_st {
unsigned long flags; /* Various flags */
long tag; /* tag, not used if no tagging */
unsigned long offset; /* Offset of this field in structure */
#ifndef NO_ASN1_FIELD_NAMES
const char *field_name; /* Field name */
#endif
ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */
unsigned long flags; /* Various flags */
long tag; /* tag, not used if no tagging */
unsigned long offset; /* Offset of this field in structure */
const char *field_name; /* Field name */
ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */
};
/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
@@ -487,7 +487,6 @@ typedef struct ASN1_ADB_st ASN1_ADB;
struct ASN1_ADB_st {
unsigned long flags; /* Various flags */
unsigned long offset; /* Offset of selector field */
STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */
const ASN1_ADB_TABLE *tbl; /* Table of possible types */
long tblcount; /* Number of entries in tbl */
const ASN1_TEMPLATE *default_tt; /* Type to use if no match */
@@ -540,24 +539,25 @@ struct ASN1_ADB_TABLE_st {
/* context specific EXPLICIT */
#define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
/* If tagging is in force these determine the
* type of tag to use. Otherwise the tag is
* determined by the underlying type. These
* values reflect the actual octet format.
/*
* If tagging is in force these determine the type of tag to use. Otherwiser
* the tag is determined by the underlying type. These values reflect the
* actual octet format.
*/
/* Universal tag */
/* Universal tag */
#define ASN1_TFLG_UNIVERSAL (0x0<<6)
/* Application tag */
/* Application tag */
#define ASN1_TFLG_APPLICATION (0x1<<6)
/* Context specific tag */
/* Context specific tag */
#define ASN1_TFLG_CONTEXT (0x2<<6)
/* Private tag */
/* Private tag */
#define ASN1_TFLG_PRIVATE (0x3<<6)
#define ASN1_TFLG_TAG_CLASS (0x3<<6)
/* These are for ANY DEFINED BY type. In this case
/*
* These are for ANY DEFINED BY type. In this case
* the 'item' field points to an ASN1_ADB structure
* which contains a table of values to decode the
* relevant type
@@ -569,7 +569,8 @@ struct ASN1_ADB_TABLE_st {
#define ASN1_TFLG_ADB_INT (0x1<<9)
/* This flag means a parent structure is passed
/*
* This flag means a parent structure is passed
* instead of the field: this is useful is a
* SEQUENCE is being combined with a CHOICE for
* example. Since this means the structure and
@@ -579,7 +580,8 @@ struct ASN1_ADB_TABLE_st {
#define ASN1_TFLG_COMBINE (0x1<<10)
/* This flag when present in a SEQUENCE OF, SET OF
/*
* This flag when present in a SEQUENCE OF, SET OF
* or EXPLICIT causes indefinite length constructed
* encoding to be used if required.
*/
@@ -589,15 +591,13 @@ struct ASN1_ADB_TABLE_st {
/* This is the actual ASN1 item itself */
struct ASN1_ITEM_st {
char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */
long utype; /* underlying type */
const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */
long tcount; /* Number of templates if SEQUENCE or CHOICE */
const void *funcs; /* functions that handle this type */
long size; /* Structure size (usually)*/
#ifndef NO_ASN1_FIELD_NAMES
const char *sname; /* Structure name */
#endif
char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */
long utype; /* underlying type */
const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */
long tcount; /* Number of templates if SEQUENCE or CHOICE */
const void *funcs; /* functions that handle this type */
long size; /* Structure size (usually)*/
const char *sname; /* Structure name */
};
/* These are values for the itype field and
@@ -606,7 +606,7 @@ const char *sname; /* Structure name */
* For PRIMITIVE types the underlying type
* determines the behaviour if items is NULL.
*
* Otherwise templates must contain a single
* Otherwise templates must contain a single
* template and the type is treated in the
* same way as the type specified in the template.
*
@@ -620,7 +620,7 @@ const char *sname; /* Structure name */
* selector.
*
* The 'funcs' field is used for application
* specific functions.
* specific functions.
*
* The EXTERN type uses a new style d2i/i2d.
* The new style should be used where possible
@@ -657,7 +657,7 @@ const char *sname; /* Structure name */
* like CHOICE
*/
struct ASN1_TLC_st{
struct ASN1_TLC_st {
char valid; /* Values below are valid */
int ret; /* return value */
long plen; /* length */
@@ -680,8 +680,8 @@ typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM
typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval,
int indent, const char *fname,
typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval,
int indent, const char *fname,
const ASN1_PCTX *pctx);
typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
@@ -719,7 +719,7 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st {
* used. This is most useful where the supplied routines
* *almost* do the right thing but need some extra help
* at a few points. If the callback returns zero then
* it is assumed a fatal error has occurred and the
* it is assumed a fatal error has occurred and the
* main operation should be abandoned.
*
* If major changes in the default behaviour are required
@@ -853,13 +853,13 @@ typedef struct ASN1_STREAM_ARG_st {
int i2d_##fname(stname *a, unsigned char **out) \
{ \
return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
}
}
#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \
int i2d_##stname##_NDEF(stname *a, unsigned char **out) \
{ \
return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
}
}
/* This includes evil casts to remove const: they will go away when full
* ASN1 constification is done.
@@ -872,7 +872,7 @@ typedef struct ASN1_STREAM_ARG_st {
int i2d_##fname(const stname *a, unsigned char **out) \
{ \
return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
}
}
#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
stname * stname##_dup(stname *x) \
@@ -889,7 +889,7 @@ typedef struct ASN1_STREAM_ARG_st {
{ \
return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \
ASN1_ITEM_rptr(itname), pctx); \
}
}
#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
@@ -929,22 +929,6 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it
int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt);
void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);
ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr);
int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);
int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it);
#ifdef __cplusplus
}
#endif

98
externals/libressl/include/openssl/bio.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: bio.h,v 1.45 2018/06/02 04:41:12 tb Exp $ */
/* $OpenBSD: bio.h,v 1.54 2022/01/14 08:40:57 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -205,8 +205,6 @@ extern "C" {
*/
#define BIO_FLAGS_MEM_RDONLY 0x200
typedef struct bio_st BIO;
void BIO_set_flags(BIO *b, int flags);
int BIO_test_flags(const BIO *b, int flags);
void BIO_clear_flags(BIO *b, int flags);
@@ -252,85 +250,39 @@ void BIO_clear_flags(BIO *b, int flags);
#define BIO_CB_GETS 0x05
#define BIO_CB_CTRL 0x06
/* The callback is called before and after the underling operation,
* The BIO_CB_RETURN flag indicates if it is after the call */
/*
* The callback is called before and after the underling operation,
* the BIO_CB_RETURN flag indicates if it is after the call.
*/
#define BIO_CB_RETURN 0x80
#define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
#define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN))
#define BIO_cb_post(a) ((a)&BIO_CB_RETURN)
long (*BIO_get_callback(const BIO *b))(struct bio_st *, int, const char *,
int, long, long);
void BIO_set_callback(BIO *b,
long (*callback)(struct bio_st *, int, const char *, int, long, long));
typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi,
long argl, long ret);
typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp,
size_t len, int argi, long argl, int ret, size_t *processed);
BIO_callback_fn BIO_get_callback(const BIO *b);
void BIO_set_callback(BIO *b, BIO_callback_fn callback);
BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b);
void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback);
char *BIO_get_callback_arg(const BIO *b);
void BIO_set_callback_arg(BIO *b, char *arg);
const char * BIO_method_name(const BIO *b);
const char *BIO_method_name(const BIO *b);
int BIO_method_type(const BIO *b);
typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long);
typedef int BIO_info_cb(BIO *, int, int);
typedef struct bio_method_st {
int type;
const char *name;
int (*bwrite)(BIO *, const char *, int);
int (*bread)(BIO *, char *, int);
int (*bputs)(BIO *, const char *);
int (*bgets)(BIO *, char *, int);
long (*ctrl)(BIO *, int, long, void *);
int (*create)(BIO *);
int (*destroy)(BIO *);
long (*callback_ctrl)(BIO *, int, bio_info_cb *);
} BIO_METHOD;
struct bio_st {
const BIO_METHOD *method;
/* bio, mode, argp, argi, argl, ret */
long (*callback)(struct bio_st *, int, const char *, int, long, long);
char *cb_arg; /* first argument for the callback */
int init;
int shutdown;
int flags; /* extra storage */
int retry_reason;
int num;
void *ptr;
struct bio_st *next_bio; /* used by filter BIOs */
struct bio_st *prev_bio; /* used by filter BIOs */
int references;
unsigned long num_read;
unsigned long num_write;
CRYPTO_EX_DATA ex_data;
};
typedef struct bio_method_st BIO_METHOD;
DECLARE_STACK_OF(BIO)
typedef struct bio_f_buffer_ctx_struct {
/* Buffers are setup like this:
*
* <---------------------- size ----------------------->
* +---------------------------------------------------+
* | consumed | remaining | free space |
* +---------------------------------------------------+
* <-- off --><------- len ------->
*/
/* BIO *bio; */ /* this is now in the BIO struct */
int ibuf_size; /* how big is the input buffer */
int obuf_size; /* how big is the output buffer */
char *ibuf; /* the char array */
int ibuf_len; /* how many bytes are in it */
int ibuf_off; /* write/read offset */
char *obuf; /* the char array */
int obuf_len; /* how many bytes are in it */
int obuf_off; /* write/read offset */
} BIO_F_BUFFER_CTX;
/* Prefix and suffix callback in ASN1 BIO */
typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, void *parg);
@@ -600,14 +552,14 @@ int BIO_get_new_index(void);
const BIO_METHOD *BIO_s_file(void);
BIO *BIO_new_file(const char *filename, const char *mode);
BIO *BIO_new_fp(FILE *stream, int close_flag);
# define BIO_s_file_internal BIO_s_file
BIO *BIO_new(const BIO_METHOD *type);
int BIO_set(BIO *a, const BIO_METHOD *type);
int BIO_free(BIO *a);
int BIO_up_ref(BIO *bio);
void *BIO_get_data(BIO *a);
void BIO_set_data(BIO *a, void *ptr);
void BIO_set_init(BIO *a, int init);
void *BIO_get_data(BIO *a);
void BIO_set_data(BIO *a, void *ptr);
int BIO_get_init(BIO *a);
void BIO_set_init(BIO *a, int init);
int BIO_get_shutdown(BIO *a);
void BIO_set_shutdown(BIO *a, int shut);
void BIO_vfree(BIO *a);
@@ -620,8 +572,7 @@ int BIO_write(BIO *b, const void *data, int len)
int BIO_puts(BIO *bp, const char *buf);
int BIO_indent(BIO *b, int indent, int max);
long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
long BIO_callback_ctrl(BIO *b, int cmd,
void (*fp)(struct bio_st *, int, const char *, int, long, long));
long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp);
char * BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
BIO * BIO_push(BIO *b, BIO *append);
@@ -629,8 +580,10 @@ BIO * BIO_pop(BIO *b);
void BIO_free_all(BIO *a);
BIO * BIO_find_type(BIO *b, int bio_type);
BIO * BIO_next(BIO *b);
void BIO_set_next(BIO *b, BIO *next);
BIO * BIO_get_retry_BIO(BIO *bio, int *reason);
int BIO_get_retry_reason(BIO *bio);
void BIO_set_retry_reason(BIO *bio, int reason);
BIO * BIO_dup_chain(BIO *in);
int BIO_nread0(BIO *bio, char **buf);
@@ -805,6 +758,7 @@ void ERR_load_BIO_strings(void);
#define BIO_R_INVALID_PORT_NUMBER 129
#define BIO_R_IN_USE 123
#define BIO_R_KEEPALIVE 109
#define BIO_R_LENGTH_TOO_LONG 130
#define BIO_R_NBIO_CONNECT_ERROR 110
#define BIO_R_NO_ACCEPT_PORT_SPECIFIED 111
#define BIO_R_NO_HOSTNAME_SPECIFIED 112

7
externals/libressl/include/openssl/blowfish.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: blowfish.h,v 1.14 2014/07/10 09:01:04 miod Exp $ */
/* $OpenBSD: blowfish.h,v 1.15 2021/11/30 18:31:36 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -84,11 +84,10 @@ extern "C" {
#define BF_ROUNDS 16
#define BF_BLOCK 8
typedef struct bf_key_st
{
typedef struct bf_key_st {
BF_LONG P[BF_ROUNDS+2];
BF_LONG S[4*256];
} BF_KEY;
} BF_KEY;
void BF_set_key(BF_KEY *key, int len, const unsigned char *data);

130
externals/libressl/include/openssl/bn.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: bn.h,v 1.39 2019/08/25 19:23:59 schwarze Exp $ */
/* $OpenBSD: bn.h,v 1.52 2022/01/14 08:01:47 tb Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -226,84 +226,36 @@ extern "C" {
#endif
#ifndef OPENSSL_NO_DEPRECATED
#define BN_FLG_FREE 0x8000 /* used for debuging */
#define BN_FLG_FREE 0x8000 /* used for debugging */
#endif
#define BN_set_flags(b,n) ((b)->flags|=(n))
#define BN_get_flags(b,n) ((b)->flags&(n))
void BN_set_flags(BIGNUM *b, int n);
int BN_get_flags(const BIGNUM *b, int n);
void BN_with_flags(BIGNUM *dest, const BIGNUM *src, int flags);
/* get a clone of a BIGNUM with changed flags, for *temporary* use only
* (the two BIGNUMs cannot not be used in parallel!) */
#define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \
(dest)->top=(b)->top, \
(dest)->dmax=(b)->dmax, \
(dest)->neg=(b)->neg, \
(dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \
| ((b)->flags & ~BN_FLG_MALLOCED) \
| BN_FLG_STATIC_DATA \
| (n)))
/* Values for |top| in BN_rand() */
#define BN_RAND_TOP_ANY -1
#define BN_RAND_TOP_ONE 0
#define BN_RAND_TOP_TWO 1
struct bignum_st {
BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
int top; /* Index of last used d +1. */
/* The next are internal book keeping for bn_expand. */
int dmax; /* Size of the d array. */
int neg; /* one if the number is negative */
int flags;
};
/* Used for montgomery multiplication */
struct bn_mont_ctx_st {
int ri; /* number of bits in R */
BIGNUM RR; /* used to convert to montgomery form */
BIGNUM N; /* The modulus */
BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1
* (Ni is only stored for bignum algorithm) */
BN_ULONG n0[2];/* least significant word(s) of Ni;
(type changed with 0.9.9, was "BN_ULONG n0;" before) */
int flags;
};
/* Used for reciprocal division/mod functions
* It cannot be shared between threads
*/
struct bn_recp_ctx_st {
BIGNUM N; /* the divisor */
BIGNUM Nr; /* the reciprocal */
int num_bits;
int shift;
int flags;
};
/* Used for slow "generation" functions. */
struct bn_gencb_st {
unsigned int ver; /* To handle binary (in)compatibility */
void *arg; /* callback-specific data */
union {
/* if(ver==1) - handles old style callbacks */
void (*cb_1)(int, int, void *);
/* if(ver==2) - new callback style */
int (*cb_2)(int, int, BN_GENCB *);
} cb;
};
/* Values for |bottom| in BN_rand() */
#define BN_RAND_BOTTOM_ANY 0
#define BN_RAND_BOTTOM_ODD 1
BN_GENCB *BN_GENCB_new(void);
void BN_GENCB_free(BN_GENCB *cb);
void *BN_GENCB_get_arg(BN_GENCB *cb);
/* Wrapper function to make using BN_GENCB easier, */
int BN_GENCB_call(BN_GENCB *cb, int a, int b);
/* Macro to populate a BN_GENCB structure with an "old"-style callback */
#define BN_GENCB_set_old(gencb, callback, cb_arg) { \
BN_GENCB *tmp_gencb = (gencb); \
tmp_gencb->ver = 1; \
tmp_gencb->arg = (cb_arg); \
tmp_gencb->cb.cb_1 = (callback); }
/* Macro to populate a BN_GENCB structure with a "new"-style callback */
#define BN_GENCB_set(gencb, callback, cb_arg) { \
BN_GENCB *tmp_gencb = (gencb); \
tmp_gencb->ver = 2; \
tmp_gencb->arg = (cb_arg); \
tmp_gencb->cb.cb_2 = (callback); }
/* Populate a BN_GENCB structure with an "old"-style callback */
void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback)(int, int, void *),
void *cb_arg);
/* Populate a BN_GENCB structure with a "new"-style callback */
void BN_GENCB_set(BN_GENCB *gencb, int (*callback)(int, int, BN_GENCB *),
void *cb_arg);
void *BN_GENCB_get_arg(BN_GENCB *cb);
#define BN_prime_checks 0 /* default: select number of iterations
based on the size of the number */
@@ -380,24 +332,18 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b);
(b) >= 308 ? 8 : \
(b) >= 55 ? 27 : \
/* b >= 6 */ 34)
#define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */
#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \
(((w) == 0) && ((a)->top == 0)))
#define BN_is_zero(a) ((a)->top == 0)
#define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg)
#define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg))
#define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1))
int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w);
int BN_is_zero(const BIGNUM *a);
int BN_is_one(const BIGNUM *a);
int BN_is_word(const BIGNUM *a, const BN_ULONG w);
int BN_is_odd(const BIGNUM *a);
#define BN_one(a) (BN_set_word((a),1))
#define BN_zero_ex(a) \
do { \
BIGNUM *_tmp_bn = (a); \
_tmp_bn->top = 0; \
_tmp_bn->neg = 0; \
} while(0)
#define BN_one(a) BN_set_word((a), 1)
void BN_zero_ex(BIGNUM *a);
#ifdef OPENSSL_NO_DEPRECATED
#define BN_zero(a) BN_zero_ex(a)
@@ -428,6 +374,9 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
void BN_swap(BIGNUM *a, BIGNUM *b);
BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
int BN_bn2bin(const BIGNUM *a, unsigned char *to);
int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
@@ -441,11 +390,8 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
* \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise
*/
void BN_set_negative(BIGNUM *b, int n);
/** BN_is_negative returns 1 if the BIGNUM is negative
* \param a pointer to the BIGNUM object
* \return 1 if a < 0 and 0 otherwise
*/
#define BN_is_negative(a) ((a)->neg != 0)
int BN_is_negative(const BIGNUM *b);
#ifndef LIBRESSL_INTERNAL
int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
@@ -560,8 +506,8 @@ BN_MONT_CTX *BN_MONT_CTX_new(void );
void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
BN_MONT_CTX *mont, BN_CTX *ctx);
#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\
(r),(a),&((mont)->RR),(mont),(ctx))
int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
BN_CTX *ctx);
int BN_from_montgomery(BIGNUM *r, const BIGNUM *a,
BN_MONT_CTX *mont, BN_CTX *ctx);
void BN_MONT_CTX_free(BN_MONT_CTX *mont);

29
externals/libressl/include/openssl/comp.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: comp.h,v 1.8 2014/11/03 16:58:28 tedu Exp $ */
/* $OpenBSD: comp.h,v 1.9 2022/01/14 08:21:12 tb Exp $ */
#ifndef HEADER_COMP_H
#define HEADER_COMP_H
@@ -9,33 +9,6 @@
extern "C" {
#endif
typedef struct comp_ctx_st COMP_CTX;
typedef struct comp_method_st {
int type; /* NID for compression library */
const char *name; /* A text string to identify the library */
int (*init)(COMP_CTX *ctx);
void (*finish)(COMP_CTX *ctx);
int (*compress)(COMP_CTX *ctx, unsigned char *out, unsigned int olen,
unsigned char *in, unsigned int ilen);
int (*expand)(COMP_CTX *ctx, unsigned char *out, unsigned int olen,
unsigned char *in, unsigned int ilen);
/* The following two do NOTHING, but are kept for backward compatibility */
long (*ctrl)(void);
long (*callback_ctrl)(void);
} COMP_METHOD;
struct comp_ctx_st {
COMP_METHOD *meth;
unsigned long compress_in;
unsigned long compress_out;
unsigned long expand_in;
unsigned long expand_out;
CRYPTO_EX_DATA ex_data;
};
COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
void COMP_CTX_free(COMP_CTX *ctx);
int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,

38
externals/libressl/include/openssl/crypto.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: crypto.h,v 1.50 2019/01/19 01:07:00 tb Exp $ */
/* $OpenBSD: crypto.h,v 1.54 2022/01/14 08:23:25 tb Exp $ */
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
@@ -143,15 +143,6 @@ extern "C" {
#define SSLEAY_PLATFORM 4
#define SSLEAY_DIR 5
/* A generic structure to pass assorted data in a expandable way */
typedef struct openssl_item_st {
int code;
void *value; /* Not used for flag attributes */
size_t value_size; /* Max size of value for output, length for input */
size_t *value_length; /* Returned length of value for output */
} OPENSSL_ITEM;
/* When changing the CRYPTO_LOCK_* list, be sure to maintain the text lock
* names in cryptlib.c
*/
@@ -205,15 +196,15 @@ typedef struct openssl_item_st {
#ifndef CRYPTO_w_lock
#define CRYPTO_w_lock(type) \
CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
#define CRYPTO_w_unlock(type) \
CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
#define CRYPTO_r_lock(type) \
CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
#define CRYPTO_r_unlock(type) \
CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
#define CRYPTO_add(addr,amount,type) \
CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
CRYPTO_add_lock(addr,amount,type,NULL,0)
#endif
/* Some applications as well as some parts of OpenSSL need to allocate
@@ -309,19 +300,19 @@ int CRYPTO_is_mem_check_on(void);
#define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON)
#define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF)
#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0)
#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0)
#define OPENSSL_realloc(addr,num) \
CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
CRYPTO_realloc((char *)addr,(int)num,NULL,0)
#define OPENSSL_realloc_clean(addr,old_num,num) \
CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
#define OPENSSL_remalloc(addr,num) \
CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
#define OPENSSL_freeFunc CRYPTO_free
#define OPENSSL_free(addr) CRYPTO_free(addr)
#define OPENSSL_malloc_locked(num) \
CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
CRYPTO_malloc_locked((int)num,NULL,0)
#define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
#endif
@@ -457,7 +448,7 @@ void CRYPTO_set_mem_debug_options(long bits);
long CRYPTO_get_mem_debug_options(void);
#define CRYPTO_push_info(info) \
CRYPTO_push_info_(info, __FILE__, __LINE__);
CRYPTO_push_info_(info, NULL, 0);
int CRYPTO_push_info_(const char *info, const char *file, int line);
int CRYPTO_pop_info(void);
int CRYPTO_remove_all_info(void);
@@ -505,6 +496,9 @@ uint64_t OPENSSL_cpu_caps(void);
int OPENSSL_isservice(void);
#ifndef LIBRESSL_INTERNAL
int FIPS_mode(void);
int FIPS_mode_set(int r);
void OPENSSL_init(void);
/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It

514
externals/libressl/include/openssl/ct.h vendored Executable file
View File

@@ -0,0 +1,514 @@
/* $OpenBSD: ct.h,v 1.6 2021/12/18 16:50:40 tb Exp $ */
/*
* Public API for Certificate Transparency (CT).
* Written by Rob Percival (robpercival@google.com) for the OpenSSL project.
*/
/* ====================================================================
* Copyright (c) 2016 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#ifndef HEADER_CT_H
#define HEADER_CT_H
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_CT
#include <openssl/ossl_typ.h>
#include <openssl/safestack.h>
#include <openssl/x509.h>
#include <openssl/cterr.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Minimum RSA key size, from RFC6962 */
#define SCT_MIN_RSA_BITS 2048
/* All hashes are SHA256 in v1 of Certificate Transparency */
#define CT_V1_HASHLEN SHA256_DIGEST_LENGTH
typedef enum {
CT_LOG_ENTRY_TYPE_NOT_SET = -1,
CT_LOG_ENTRY_TYPE_X509 = 0,
CT_LOG_ENTRY_TYPE_PRECERT = 1
} ct_log_entry_type_t;
typedef enum {
SCT_VERSION_NOT_SET = -1,
SCT_VERSION_V1 = 0
} sct_version_t;
typedef enum {
SCT_SOURCE_UNKNOWN,
SCT_SOURCE_TLS_EXTENSION,
SCT_SOURCE_X509V3_EXTENSION,
SCT_SOURCE_OCSP_STAPLED_RESPONSE
} sct_source_t;
typedef enum {
SCT_VALIDATION_STATUS_NOT_SET,
SCT_VALIDATION_STATUS_UNKNOWN_LOG,
SCT_VALIDATION_STATUS_VALID,
SCT_VALIDATION_STATUS_INVALID,
SCT_VALIDATION_STATUS_UNVERIFIED,
SCT_VALIDATION_STATUS_UNKNOWN_VERSION
} sct_validation_status_t;
DECLARE_STACK_OF(SCT)
DECLARE_STACK_OF(CTLOG)
/******************************************
* CT policy evaluation context functions *
******************************************/
/*
* Creates a new, empty policy evaluation context.
* The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished
* with the CT_POLICY_EVAL_CTX.
*/
CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void);
/* Deletes a policy evaluation context and anything it owns. */
void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx);
/* Gets the peer certificate that the SCTs are for */
X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx);
/*
* Sets the certificate associated with the received SCTs.
* Increments the reference count of cert.
* Returns 1 on success, 0 otherwise.
*/
int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);
/* Gets the issuer of the aforementioned certificate */
X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx);
/*
* Sets the issuer of the certificate associated with the received SCTs.
* Increments the reference count of issuer.
* Returns 1 on success, 0 otherwise.
*/
int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);
/* Gets the CT logs that are trusted sources of SCTs */
const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx);
/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */
void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
CTLOG_STORE *log_store);
/*
* Gets the time, in milliseconds since the Unix epoch, that will be used as the
* current time when checking whether an SCT was issued in the future.
* Such SCTs will fail validation, as required by RFC6962.
*/
uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx);
/*
* Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch.
* If an SCT's timestamp is after this time, it will be interpreted as having
* been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs
* whose timestamp is in the future", so an SCT will not validate in this case.
*/
void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms);
/*****************
* SCT functions *
*****************/
/*
* Creates a new, blank SCT.
* The caller is responsible for calling SCT_free when finished with the SCT.
*/
SCT *SCT_new(void);
/*
* Creates a new SCT from some base64-encoded strings.
* The caller is responsible for calling SCT_free when finished with the SCT.
*/
SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
ct_log_entry_type_t entry_type, uint64_t timestamp,
const char *extensions_base64, const char *signature_base64);
/*
* Frees the SCT and the underlying data structures.
*/
void SCT_free(SCT *sct);
/*
* Free a stack of SCTs, and the underlying SCTs themselves.
* Intended to be compatible with X509V3_EXT_FREE.
*/
void SCT_LIST_free(STACK_OF(SCT) *a);
/*
* Returns the version of the SCT.
*/
sct_version_t SCT_get_version(const SCT *sct);
/*
* Set the version of an SCT.
* Returns 1 on success, 0 if the version is unrecognized.
*/
int SCT_set_version(SCT *sct, sct_version_t version);
/*
* Returns the log entry type of the SCT.
*/
ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct);
/*
* Set the log entry type of an SCT.
* Returns 1 on success, 0 otherwise.
*/
int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type);
/*
* Gets the ID of the log that an SCT came from.
* Ownership of the log ID remains with the SCT.
* Returns the length of the log ID.
*/
size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id);
/*
* Set the log ID of an SCT to point directly to the *log_id specified.
* The SCT takes ownership of the specified pointer.
* Returns 1 on success, 0 otherwise.
*/
int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len);
/*
* Set the log ID of an SCT.
* This makes a copy of the log_id.
* Returns 1 on success, 0 otherwise.
*/
int SCT_set1_log_id(SCT *sct, const unsigned char *log_id,
size_t log_id_len);
/*
* Returns the timestamp for the SCT (epoch time in milliseconds).
*/
uint64_t SCT_get_timestamp(const SCT *sct);
/*
* Set the timestamp of an SCT (epoch time in milliseconds).
*/
void SCT_set_timestamp(SCT *sct, uint64_t timestamp);
/*
* Return the NID for the signature used by the SCT.
* For CT v1, this will be either NID_sha256WithRSAEncryption or
* NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset).
*/
int SCT_get_signature_nid(const SCT *sct);
/*
* Set the signature type of an SCT
* For CT v1, this should be either NID_sha256WithRSAEncryption or
* NID_ecdsa_with_SHA256.
* Returns 1 on success, 0 otherwise.
*/
int SCT_set_signature_nid(SCT *sct, int nid);
/*
* Set *ext to point to the extension data for the SCT. ext must not be NULL.
* The SCT retains ownership of this pointer.
* Returns length of the data pointed to.
*/
size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext);
/*
* Set the extensions of an SCT to point directly to the *ext specified.
* The SCT takes ownership of the specified pointer.
*/
void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len);
/*
* Set the extensions of an SCT.
* This takes a copy of the ext.
* Returns 1 on success, 0 otherwise.
*/
int SCT_set1_extensions(SCT *sct, const unsigned char *ext,
size_t ext_len);
/*
* Set *sig to point to the signature for the SCT. sig must not be NULL.
* The SCT retains ownership of this pointer.
* Returns length of the data pointed to.
*/
size_t SCT_get0_signature(const SCT *sct, unsigned char **sig);
/*
* Set the signature of an SCT to point directly to the *sig specified.
* The SCT takes ownership of the specified pointer.
*/
void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len);
/*
* Set the signature of an SCT to be a copy of the *sig specified.
* Returns 1 on success, 0 otherwise.
*/
int SCT_set1_signature(SCT *sct, const unsigned char *sig,
size_t sig_len);
/*
* The origin of this SCT, e.g. TLS extension, OCSP response, etc.
*/
sct_source_t SCT_get_source(const SCT *sct);
/*
* Set the origin of this SCT, e.g. TLS extension, OCSP response, etc.
* Returns 1 on success, 0 otherwise.
*/
int SCT_set_source(SCT *sct, sct_source_t source);
/*
* Returns a text string describing the validation status of |sct|.
*/
const char *SCT_validation_status_string(const SCT *sct);
/*
* Pretty-prints an |sct| to |out|.
* It will be indented by the number of spaces specified by |indent|.
* If |logs| is not NULL, it will be used to lookup the CT log that the SCT came
* from, so that the log name can be printed.
*/
void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs);
/*
* Pretty-prints an |sct_list| to |out|.
* It will be indented by the number of spaces specified by |indent|.
* SCTs will be delimited by |separator|.
* If |logs| is not NULL, it will be used to lookup the CT log that each SCT
* came from, so that the log names can be printed.
*/
void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,
const char *separator, const CTLOG_STORE *logs);
/*
* Gets the last result of validating this SCT.
* If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET.
*/
sct_validation_status_t SCT_get_validation_status(const SCT *sct);
/*
* Validates the given SCT with the provided context.
* Sets the "validation_status" field of the SCT.
* Returns 1 if the SCT is valid and the signature verifies.
* Returns 0 if the SCT is invalid or could not be verified.
* Returns -1 if an error occurs.
*/
int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx);
/*
* Validates the given list of SCTs with the provided context.
* Sets the "validation_status" field of each SCT.
* Returns 1 if there are no invalid SCTs and all signatures verify.
* Returns 0 if at least one SCT is invalid or could not be verified.
* Returns a negative integer if an error occurs.
*/
int SCT_LIST_validate(const STACK_OF(SCT) *scts,
CT_POLICY_EVAL_CTX *ctx);
/*********************************
* SCT parsing and serialisation *
*********************************/
/*
* Serialize (to TLS format) a stack of SCTs and return the length.
* "a" must not be NULL.
* If "pp" is NULL, just return the length of what would have been serialized.
* If "pp" is not NULL and "*pp" is null, function will allocate a new pointer
* for data that caller is responsible for freeing (only if function returns
* successfully).
* If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring
* that "*pp" is large enough to accept all of the serialized data.
* Returns < 0 on error, >= 0 indicating bytes written (or would have been)
* on success.
*/
int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
/*
* Convert TLS format SCT list to a stack of SCTs.
* If "a" or "*a" is NULL, a new stack will be created that the caller is
* responsible for freeing (by calling SCT_LIST_free).
* "**pp" and "*pp" must not be NULL.
* Upon success, "*pp" will point to after the last bytes read, and a stack
* will be returned.
* Upon failure, a NULL pointer will be returned, and the position of "*pp" is
* not defined.
*/
STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
size_t len);
/*
* Serialize (to DER format) a stack of SCTs and return the length.
* "a" must not be NULL.
* If "pp" is NULL, just returns the length of what would have been serialized.
* If "pp" is not NULL and "*pp" is null, function will allocate a new pointer
* for data that caller is responsible for freeing (only if function returns
* successfully).
* If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring
* that "*pp" is large enough to accept all of the serialized data.
* Returns < 0 on error, >= 0 indicating bytes written (or would have been)
* on success.
*/
int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
/*
* Parses an SCT list in DER format and returns it.
* If "a" or "*a" is NULL, a new stack will be created that the caller is
* responsible for freeing (by calling SCT_LIST_free).
* "**pp" and "*pp" must not be NULL.
* Upon success, "*pp" will point to after the last bytes read, and a stack
* will be returned.
* Upon failure, a NULL pointer will be returned, and the position of "*pp" is
* not defined.
*/
STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
long len);
/*
* Serialize (to TLS format) an |sct| and write it to |out|.
* If |out| is null, no SCT will be output but the length will still be returned.
* If |out| points to a null pointer, a string will be allocated to hold the
* TLS-format SCT. It is the responsibility of the caller to free it.
* If |out| points to an allocated string, the TLS-format SCT will be written
* to it.
* The length of the SCT in TLS format will be returned.
*/
int i2o_SCT(const SCT *sct, unsigned char **out);
/*
* Parses an SCT in TLS format and returns it.
* If |psct| is not null, it will end up pointing to the parsed SCT. If it
* already points to a non-null pointer, the pointer will be free'd.
* |in| should be a pointer to a string containing the TLS-format SCT.
* |in| will be advanced to the end of the SCT if parsing succeeds.
* |len| should be the length of the SCT in |in|.
* Returns NULL if an error occurs.
* If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len'
* fields will be populated (with |in| and |len| respectively).
*/
SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len);
/********************
* CT log functions *
********************/
/*
* Creates a new CT log instance with the given |public_key| and |name|.
* Takes ownership of |public_key| but copies |name|.
* Returns NULL if malloc fails or if |public_key| cannot be converted to DER.
* Should be deleted by the caller using CTLOG_free when no longer needed.
*/
CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name);
/*
* Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER
* in |pkey_base64|. The |name| is a string to help users identify this log.
* Returns 1 on success, 0 on failure.
* Should be deleted by the caller using CTLOG_free when no longer needed.
*/
int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64,
const char *name);
/*
* Deletes a CT log instance and its fields.
*/
void CTLOG_free(CTLOG *log);
/* Gets the name of the CT log */
const char *CTLOG_get0_name(const CTLOG *log);
/* Gets the ID of the CT log */
void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id,
size_t *log_id_len);
/* Gets the public key of the CT log */
EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log);
/**************************
* CT log store functions *
**************************/
/*
* Creates a new CT log store.
* Should be deleted by the caller using CTLOG_STORE_free when no longer needed.
*/
CTLOG_STORE *CTLOG_STORE_new(void);
/*
* Deletes a CT log store and all of the CT log instances held within.
*/
void CTLOG_STORE_free(CTLOG_STORE *store);
/*
* Finds a CT log in the store based on its log ID.
* Returns the CT log, or NULL if no match is found.
*/
const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store,
const uint8_t *log_id, size_t log_id_len);
/*
* Loads a CT log list into a |store| from a |file|.
* Returns 1 if loading is successful, or 0 otherwise.
*/
int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file);
/*
* Loads the default CT log list into a |store|.
* Returns 1 if loading is successful, or 0 otherwise.
*/
int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
#ifdef __cplusplus
}
#endif
#endif
#endif

127
externals/libressl/include/openssl/cterr.h vendored Executable file
View File

@@ -0,0 +1,127 @@
/* $OpenBSD: cterr.h,v 1.5 2021/12/18 16:50:40 tb Exp $ */
/* ====================================================================
* Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#ifndef HEADER_CTERR_H
# define HEADER_CTERR_H
# include <openssl/opensslconf.h>
# ifndef OPENSSL_NO_CT
#ifdef __cplusplus
extern "C"
#endif
int ERR_load_CT_strings(void);
/*
* CT function codes.
*/
# define CT_F_CTLOG_NEW 117
# define CT_F_CTLOG_NEW_FROM_BASE64 118
# define CT_F_CTLOG_NEW_FROM_CONF 119
# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122
# define CT_F_CTLOG_STORE_LOAD_FILE 123
# define CT_F_CTLOG_STORE_LOAD_LOG 130
# define CT_F_CTLOG_STORE_NEW 131
# define CT_F_CT_BASE64_DECODE 124
# define CT_F_CT_POLICY_EVAL_CTX_NEW 133
# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125
# define CT_F_I2O_SCT 107
# define CT_F_I2O_SCT_LIST 108
# define CT_F_I2O_SCT_SIGNATURE 109
# define CT_F_O2I_SCT 110
# define CT_F_O2I_SCT_LIST 111
# define CT_F_O2I_SCT_SIGNATURE 112
# define CT_F_SCT_CTX_NEW 126
# define CT_F_SCT_CTX_VERIFY 128
# define CT_F_SCT_NEW 100
# define CT_F_SCT_NEW_FROM_BASE64 127
# define CT_F_SCT_SET0_LOG_ID 101
# define CT_F_SCT_SET1_EXTENSIONS 114
# define CT_F_SCT_SET1_LOG_ID 115
# define CT_F_SCT_SET1_SIGNATURE 116
# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102
# define CT_F_SCT_SET_SIGNATURE_NID 103
# define CT_F_SCT_SET_VERSION 104
/*
* CT reason codes.
*/
# define CT_R_BASE64_DECODE_ERROR 108
# define CT_R_INVALID_LOG_ID_LENGTH 100
# define CT_R_LOG_CONF_INVALID 109
# define CT_R_LOG_CONF_INVALID_KEY 110
# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111
# define CT_R_LOG_CONF_MISSING_KEY 112
# define CT_R_LOG_KEY_INVALID 113
# define CT_R_SCT_FUTURE_TIMESTAMP 116
# define CT_R_SCT_INVALID 104
# define CT_R_SCT_INVALID_SIGNATURE 107
# define CT_R_SCT_LIST_INVALID 105
# define CT_R_SCT_LOG_ID_MISMATCH 114
# define CT_R_SCT_NOT_SET 106
# define CT_R_SCT_UNSUPPORTED_VERSION 115
# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101
# define CT_R_UNSUPPORTED_ENTRY_TYPE 102
# define CT_R_UNSUPPORTED_VERSION 103
# endif
#endif

88
externals/libressl/include/openssl/dh.h vendored
View File

@@ -1,25 +1,25 @@
/* $OpenBSD: dh.h,v 1.25 2018/02/22 16:41:04 jsing Exp $ */
/* $OpenBSD: dh.h,v 1.32 2022/01/14 08:25:44 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -72,7 +72,7 @@
#ifndef OPENSSL_NO_DEPRECATED
#include <openssl/bn.h>
#endif
#ifndef OPENSSL_DH_MAX_MODULUS_BITS
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
#endif
@@ -98,55 +98,6 @@
extern "C" {
#endif
/* Already defined in ossl_typ.h */
/* typedef struct dh_st DH; */
/* typedef struct dh_method DH_METHOD; */
struct dh_method
{
const char *name;
/* Methods here */
int (*generate_key)(DH *dh);
int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh);
int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx); /* Can be null */
int (*init)(DH *dh);
int (*finish)(DH *dh);
int flags;
char *app_data;
/* If this is non-NULL, it will be used to generate parameters */
int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb);
};
struct dh_st
{
/* This first argument is used to pick up errors when
* a DH is passed instead of a EVP_PKEY */
int pad;
int version;
BIGNUM *p;
BIGNUM *g;
long length; /* optional */
BIGNUM *pub_key; /* g^x */
BIGNUM *priv_key; /* x */
int flags;
BN_MONT_CTX *method_mont_p;
/* Place holders if we want to do X9.42 DH */
BIGNUM *q;
BIGNUM *j;
unsigned char *seed;
int seedlen;
BIGNUM *counter;
int references;
CRYPTO_EX_DATA ex_data;
const DH_METHOD *meth;
ENGINE *engine;
};
#define DH_GENERATOR_2 2
/* #define DH_GENERATOR_3 3 */
#define DH_GENERATOR_5 5
@@ -156,10 +107,14 @@ struct dh_st
#define DH_CHECK_P_NOT_SAFE_PRIME 0x02
#define DH_UNABLE_TO_CHECK_GENERATOR 0x04
#define DH_NOT_SUITABLE_GENERATOR 0x08
#define DH_CHECK_Q_NOT_PRIME 0x10
#define DH_CHECK_INVALID_Q_VALUE 0x20
#define DH_CHECK_INVALID_J_VALUE 0x40
/* DH_check_pub_key error codes */
#define DH_CHECK_PUBKEY_TOO_SMALL 0x01
#define DH_CHECK_PUBKEY_TOO_LARGE 0x02
#define DH_CHECK_PUBKEY_INVALID 0x04
/* primes p where (p-1)/2 is prime too are called "safe"; we define
this for backward compatibility: */
@@ -195,9 +150,15 @@ void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
const BIGNUM *DH_get0_p(const DH *dh);
const BIGNUM *DH_get0_q(const DH *dh);
const BIGNUM *DH_get0_g(const DH *dh);
const BIGNUM *DH_get0_priv_key(const DH *dh);
const BIGNUM *DH_get0_pub_key(const DH *dh);
void DH_clear_flags(DH *dh, int flags);
int DH_test_flags(const DH *dh, int flags);
void DH_set_flags(DH *dh, int flags);
long DH_get_length(const DH *dh);
int DH_set_length(DH *dh, long length);
/* Deprecated version */
@@ -232,7 +193,7 @@ int DHparams_print(char *bp, const DH *x);
#define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1)
#define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2)
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -274,6 +235,17 @@ void ERR_load_DH_strings(void);
#define DH_R_NO_PARAMETERS_SET 107
#define DH_R_NO_PRIVATE_VALUE 100
#define DH_R_PARAMETER_ENCODING_ERROR 105
#define DH_R_CHECK_INVALID_J_VALUE 115
#define DH_R_CHECK_INVALID_Q_VALUE 116
#define DH_R_CHECK_PUBKEY_INVALID 122
#define DH_R_CHECK_PUBKEY_TOO_LARGE 123
#define DH_R_CHECK_PUBKEY_TOO_SMALL 124
#define DH_R_CHECK_P_NOT_PRIME 117
#define DH_R_CHECK_P_NOT_SAFE_PRIME 118
#define DH_R_CHECK_Q_NOT_PRIME 119
#define DH_R_MISSING_PUBKEY 125
#define DH_R_NOT_SUITABLE_GENERATOR 120
#define DH_R_UNABLE_TO_CHECK_GENERATOR 121
#ifdef __cplusplus
}

81
externals/libressl/include/openssl/dsa.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: dsa.h,v 1.30 2018/03/17 15:19:12 tb Exp $ */
/* $OpenBSD: dsa.h,v 1.35 2022/01/14 08:27:23 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -109,69 +109,7 @@
extern "C" {
#endif
/* Already defined in ossl_typ.h */
/* typedef struct dsa_st DSA; */
/* typedef struct dsa_method DSA_METHOD; */
typedef struct DSA_SIG_st
{
BIGNUM *r;
BIGNUM *s;
} DSA_SIG;
struct dsa_method
{
const char *name;
DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);
int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
BIGNUM **rp);
int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *in_mont);
int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx); /* Can be null */
int (*init)(DSA *dsa);
int (*finish)(DSA *dsa);
int flags;
char *app_data;
/* If this is non-NULL, it is used to generate DSA parameters */
int (*dsa_paramgen)(DSA *dsa, int bits,
const unsigned char *seed, int seed_len,
int *counter_ret, unsigned long *h_ret,
BN_GENCB *cb);
/* If this is non-NULL, it is used to generate DSA keys */
int (*dsa_keygen)(DSA *dsa);
};
struct dsa_st
{
/* This first variable is used to pick up errors where
* a DSA is passed instead of of a EVP_PKEY */
int pad;
long version;
int write_params;
BIGNUM *p;
BIGNUM *q; /* == 20 */
BIGNUM *g;
BIGNUM *pub_key; /* y public key */
BIGNUM *priv_key; /* x private key */
BIGNUM *kinv; /* Signing pre-calc */
BIGNUM *r; /* Signing pre-calc */
int flags;
/* Normally used to cache montgomery values */
BN_MONT_CTX *method_mont_p;
int references;
CRYPTO_EX_DATA ex_data;
const DSA_METHOD *meth;
/* functional reference if 'meth' is ENGINE-provided */
ENGINE *engine;
};
typedef struct DSA_SIG_st DSA_SIG;
DSA *d2i_DSAparams_bio(BIO *bp, DSA **a);
int i2d_DSAparams_bio(BIO *bp, DSA *a);
@@ -202,6 +140,7 @@ void DSA_free(DSA *r);
/* "up" the DSA object's reference count */
int DSA_up_ref(DSA *r);
int DSA_size(const DSA *);
int DSA_bits(const DSA *d);
/* next 4 return -1 on error */
int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
int DSA_sign(int type,const unsigned char *dgst,int dlen,
@@ -247,9 +186,12 @@ int DSA_print(BIO *bp, const DSA *x, int off);
int DSAparams_print_fp(FILE *fp, const DSA *x);
int DSA_print_fp(FILE *bp, const DSA *x, int off);
#define DSS_prime_checks 50
/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:
* 50 rounds of Rabin-Miller */
/*
* Primality test according to FIPS PUB 186-4, Appendix C.3. Set the number
* to 64 rounds of Miller-Rabin, which corresponds to 128 bits of security.
* This is necessary for keys of size >= 3072.
*/
#define DSS_prime_checks 64
#define DSA_is_prime(n, callback, cb_arg) \
BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
@@ -264,6 +206,11 @@ void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,
int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key);
int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
const BIGNUM *DSA_get0_p(const DSA *d);
const BIGNUM *DSA_get0_q(const DSA *d);
const BIGNUM *DSA_get0_g(const DSA *d);
const BIGNUM *DSA_get0_pub_key(const DSA *d);
const BIGNUM *DSA_get0_priv_key(const DSA *d);
void DSA_clear_flags(DSA *d, int flags);
int DSA_test_flags(const DSA *d, int flags);
void DSA_set_flags(DSA *d, int flags);

89
externals/libressl/include/openssl/dtls1.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: dtls1.h,v 1.23 2020/03/12 17:01:53 jsing Exp $ */
/* $OpenBSD: dtls1.h,v 1.27 2021/05/16 13:56:30 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -78,6 +78,8 @@ extern "C" {
#endif
#define DTLS1_VERSION 0xFEFF
#define DTLS1_2_VERSION 0xFEFD
#define DTLS1_VERSION_MAJOR 0xFE
/* lengths of messages */
#define DTLS1_COOKIE_LENGTH 256
@@ -93,91 +95,6 @@ extern "C" {
#define DTLS1_AL_HEADER_LENGTH 2
#ifndef OPENSSL_NO_SSL_INTERN
typedef struct dtls1_bitmap_st {
unsigned long map; /* track 32 packets on 32-bit systems
and 64 - on 64-bit systems */
unsigned char max_seq_num[8]; /* max record number seen so far,
64-bit value in big-endian
encoding */
} DTLS1_BITMAP;
struct dtls1_retransmit_state {
EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
EVP_MD_CTX *write_hash; /* used for mac generation */
SSL_SESSION *session;
unsigned short epoch;
};
struct hm_header_st {
unsigned char type;
unsigned long msg_len;
unsigned short seq;
unsigned long frag_off;
unsigned long frag_len;
unsigned int is_ccs;
struct dtls1_retransmit_state saved_retransmit_state;
};
struct ccs_header_st {
unsigned char type;
unsigned short seq;
};
struct dtls1_timeout_st {
/* Number of read timeouts so far */
unsigned int read_timeouts;
/* Number of write timeouts so far */
unsigned int write_timeouts;
/* Number of alerts received so far */
unsigned int num_alerts;
};
struct _pqueue;
typedef struct record_pqueue_st {
unsigned short epoch;
struct _pqueue *q;
} record_pqueue;
typedef struct hm_fragment_st {
struct hm_header_st msg_header;
unsigned char *fragment;
unsigned char *reassembly;
} hm_fragment;
struct dtls1_state_internal_st;
typedef struct dtls1_state_st {
/* Buffered (sent) handshake records */
struct _pqueue *sent_messages;
/* Indicates when the last handshake msg or heartbeat sent will timeout */
struct timeval next_timeout;
/* Timeout duration */
unsigned short timeout_duration;
struct dtls1_state_internal_st *internal;
} DTLS1_STATE;
#ifndef LIBRESSL_INTERNAL
typedef struct dtls1_record_data_st {
unsigned char *packet;
unsigned int packet_length;
SSL3_BUFFER rbuf;
SSL3_RECORD rrec;
} DTLS1_RECORD_DATA;
#endif
#endif
/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
#define DTLS1_TMO_READ_COUNT 2
#define DTLS1_TMO_WRITE_COUNT 2

35
externals/libressl/include/openssl/ec.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ec.h,v 1.18 2019/09/29 10:09:09 tb Exp $ */
/* $OpenBSD: ec.h,v 1.27 2021/09/12 16:23:19 tb Exp $ */
/*
* Originally written by Bodo Moeller for the OpenSSL project.
*/
@@ -250,6 +250,8 @@ const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
*/
int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
int EC_GROUP_order_bits(const EC_GROUP *group);
/** Gets the cofactor of a EC_GROUP
* \param group EC_GROUP object
* \param cofactor BIGNUM to which the cofactor is copied
@@ -280,6 +282,11 @@ unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
size_t EC_GROUP_get_seed_len(const EC_GROUP *);
size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx);
int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
BN_CTX *ctx);
#if !defined(LIBRESSL_INTERNAL)
/** Sets the parameter of a ec over GFp defined by y^2 = x^3 + a*x + b
* \param group EC_GROUP object
* \param p BIGNUM with the prime number
@@ -321,6 +328,8 @@ int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, c
*/
int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
#endif
#endif
/** Returns the number of bits needed to represent a field element
* \param group EC_GROUP object
* \return number of bits needed to represent a field element
@@ -446,6 +455,22 @@ const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
*/
int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p,
BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, int y_bit, BN_CTX *ctx);
#if defined(LIBRESSL_INTERNAL)
int EC_POINT_set_Jprojective_coordinates(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx);
int EC_POINT_get_Jprojective_coordinates(const EC_GROUP *group,
const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
#else
/** Sets the jacobian projective coordinates of a EC_POINT over GFp
* \param group underlying EC_GROUP object
* \param p EC_POINT object
@@ -502,6 +527,7 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
*/
int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, int y_bit, BN_CTX *ctx);
#ifndef OPENSSL_NO_EC2M
/** Sets the affine coordinates of a EC_POINT over GF2m
* \param group underlying EC_GROUP object
@@ -535,7 +561,9 @@ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
*/
int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, int y_bit, BN_CTX *ctx);
#endif
#endif /* OPENSSL_NO_EC2M */
#endif /* !LIBRESSL_INTERNAL */
/** Encodes a EC_POINT object to a octet string
* \param group underlying EC_GROUP object
* \param p EC_POINT object
@@ -680,7 +708,8 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
unsigned int *k2, unsigned int *k3);
#endif
#define OPENSSL_EC_NAMED_CURVE 0x001
#define OPENSSL_EC_EXPLICIT_CURVE 0x000
#define OPENSSL_EC_NAMED_CURVE 0x001
typedef struct ecpk_parameters_st ECPKPARAMETERS;

14
externals/libressl/include/openssl/ecdsa.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ecdsa.h,v 1.8 2019/01/19 01:17:41 tb Exp $ */
/* $OpenBSD: ecdsa.h,v 1.11 2022/01/14 08:31:03 tb Exp $ */
/**
* \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions
* \author Written by Nils Larsch for the OpenSSL project
@@ -85,10 +85,6 @@ struct ecdsa_method {
BIGNUM **r);
int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
const ECDSA_SIG *sig, EC_KEY *eckey);
#if 0
int (*init)(EC_KEY *eckey);
int (*finish)(EC_KEY *eckey);
#endif
int flags;
char *app_data;
};
@@ -101,11 +97,6 @@ struct ecdsa_method {
#define ECDSA_FLAG_FIPS_METHOD 0x1
struct ECDSA_SIG_st {
BIGNUM *r;
BIGNUM *s;
};
/** Allocates and initialize a ECDSA_SIG structure
* \return pointer to a ECDSA_SIG structure or NULL if an error occurred
*/
@@ -140,6 +131,9 @@ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
*/
void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig);
const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig);
/** Setter for r and s fields of ECDSA_SIG
* \param sig pointer to ECDSA_SIG pointer
* \param r pointer to BIGNUM for r (may be NULL)

5
externals/libressl/include/openssl/err.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: err.h,v 1.25 2017/02/20 23:21:19 beck Exp $ */
/* $OpenBSD: err.h,v 1.26 2021/11/24 01:12:43 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -196,6 +196,7 @@ typedef struct err_state_st {
#define ERR_LIB_HMAC 48
#define ERR_LIB_JPAKE 49
#define ERR_LIB_GOST 50
#define ERR_LIB_CT 51
#define ERR_LIB_USER 128
@@ -234,6 +235,7 @@ typedef struct err_state_st {
#define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
#define GOSTerr(f,r) ERR_PUT_error(ERR_LIB_GOST,(f),(r),__FILE__,__LINE__)
#define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)
#define CTerr(f, r) ERR_PUT_error(ERR_LIB_CT,(f),(r),__FILE__,__LINE__)
#endif
#ifdef LIBRESSL_INTERNAL
@@ -270,6 +272,7 @@ typedef struct err_state_st {
#define HMACerror(r) ERR_PUT_error(ERR_LIB_HMAC,(0xfff),(r),__FILE__,__LINE__)
#define JPAKEerror(r) ERR_PUT_error(ERR_LIB_JPAKE,(0xfff),(r),__FILE__,__LINE__)
#define GOSTerror(r) ERR_PUT_error(ERR_LIB_GOST,(0xfff),(r),__FILE__,__LINE__)
#define CTerror(r) ERR_PUT_error(ERR_LIB_CT,(0xfff),(r),__FILE__,__LINE__)
#endif
#define ERR_PACK(l,f,r) (((((unsigned long)l)&0xffL)<<24L)| \

289
externals/libressl/include/openssl/evp.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: evp.h,v 1.79 2020/04/27 19:31:02 tb Exp $ */
/* $OpenBSD: evp.h,v 1.99 2022/01/14 08:38:05 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -119,82 +119,15 @@
extern "C" {
#endif
/* Type needs to be a bit field
* Sub-type needs to be for variations on the method, as in, can it do
* arbitrary encryption.... */
struct evp_pkey_st {
int type;
int save_type;
int references;
const EVP_PKEY_ASN1_METHOD *ameth;
ENGINE *engine;
union {
char *ptr;
#ifndef OPENSSL_NO_RSA
struct rsa_st *rsa; /* RSA */
#endif
#ifndef OPENSSL_NO_DSA
struct dsa_st *dsa; /* DSA */
#endif
#ifndef OPENSSL_NO_DH
struct dh_st *dh; /* DH */
#endif
#ifndef OPENSSL_NO_EC
struct ec_key_st *ec; /* ECC */
#endif
#ifndef OPENSSL_NO_GOST
struct gost_key_st *gost; /* GOST */
#endif
} pkey;
int save_parameters;
STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
} /* EVP_PKEY */;
#define EVP_PKEY_MO_SIGN 0x0001
#define EVP_PKEY_MO_VERIFY 0x0002
#define EVP_PKEY_MO_ENCRYPT 0x0004
#define EVP_PKEY_MO_DECRYPT 0x0008
typedef int evp_sign_method(int type, const unsigned char *m,
unsigned int m_length, unsigned char *sigret, unsigned int *siglen,
void *key);
typedef int evp_verify_method(int type, const unsigned char *m,
unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen,
void *key);
#ifndef EVP_MD
struct env_md_st {
int type;
int pkey_type;
int md_size;
unsigned long flags;
int (*init)(EVP_MD_CTX *ctx);
int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
int (*final)(EVP_MD_CTX *ctx, unsigned char *md);
int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from);
int (*cleanup)(EVP_MD_CTX *ctx);
evp_sign_method *sign;
evp_verify_method *verify;
int required_pkey_type[5]; /*EVP_PKEY_xxx */
int block_size;
int ctx_size; /* how big does the ctx->md_data need to be */
/* control function */
int (*md_ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
} /* EVP_MD */;
#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single
* block */
#define EVP_MD_FLAG_PKEY_DIGEST 0x0002 /* digest is a "clone" digest used
* which is a copy of an existing
* one for a specific public key type.
* EVP_dss1() etc */
/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */
#define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004
/* DigestAlgorithmIdentifier flags... */
#define EVP_MD_FLAG_DIGALGID_MASK 0x0018
@@ -224,51 +157,8 @@ struct env_md_st {
#define EVP_MD_CTRL_ALG_CTRL 0x1000
#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0}
#ifndef OPENSSL_NO_DSA
#define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \
(evp_verify_method *)DSA_verify, \
{EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \
EVP_PKEY_DSA4,0}
#else
#define EVP_PKEY_DSA_method EVP_PKEY_NULL_method
#endif
#ifndef OPENSSL_NO_ECDSA
#define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \
(evp_verify_method *)ECDSA_verify, \
{EVP_PKEY_EC,0,0,0}
#else
#define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method
#endif
#ifndef OPENSSL_NO_RSA
#define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \
(evp_verify_method *)RSA_verify, \
{EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \
(evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \
(evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \
{EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
#else
#define EVP_PKEY_RSA_method EVP_PKEY_NULL_method
#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method
#endif
#endif /* !EVP_MD */
struct env_md_ctx_st {
const EVP_MD *digest;
ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */
unsigned long flags;
void *md_data;
/* Public key context for sign/verify */
EVP_PKEY_CTX *pctx;
/* Update function: usually copied from EVP_MD */
int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
} /* EVP_MD_CTX */;
/* values for EVP_MD_CTX flags */
#define EVP_MD_CTX_FLAG_ONESHOT 0x0001 /* digest update will be called
@@ -295,24 +185,6 @@ struct env_md_ctx_st {
#define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */
struct evp_cipher_st {
int nid;
int block_size;
int key_len; /* Default value for variable length ciphers */
int iv_len;
unsigned long flags; /* Various flags */
int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc); /* init key */
int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl);/* encrypt/decrypt data */
int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
int ctx_size; /* how big ctx->cipher_data needs to be */
int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */
int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */
int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */
void *app_data; /* Application data */
} /* EVP_CIPHER */;
/* Values for cipher flags */
/* Modes for ciphers */
@@ -327,23 +199,23 @@ struct evp_cipher_st {
#define EVP_CIPH_CCM_MODE 0x7
#define EVP_CIPH_XTS_MODE 0x10001
#define EVP_CIPH_WRAP_MODE 0x10002
#define EVP_CIPH_MODE 0xF0007
#define EVP_CIPH_MODE 0xF0007
/* Set if variable length cipher */
#define EVP_CIPH_VARIABLE_LENGTH 0x8
#define EVP_CIPH_VARIABLE_LENGTH 0x8
/* Set if the iv handling should be done by the cipher itself */
#define EVP_CIPH_CUSTOM_IV 0x10
#define EVP_CIPH_CUSTOM_IV 0x10
/* Set if the cipher's init() function should be called if key is NULL */
#define EVP_CIPH_ALWAYS_CALL_INIT 0x20
#define EVP_CIPH_ALWAYS_CALL_INIT 0x20
/* Call ctrl() to init cipher parameters */
#define EVP_CIPH_CTRL_INIT 0x40
#define EVP_CIPH_CTRL_INIT 0x40
/* Don't use standard key length function */
#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80
#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80
/* Don't use standard block padding */
#define EVP_CIPH_NO_PADDING 0x100
#define EVP_CIPH_NO_PADDING 0x100
/* cipher handles random key generation */
#define EVP_CIPH_RAND_KEY 0x200
#define EVP_CIPH_RAND_KEY 0x200
/* cipher has its own additional copying logic */
#define EVP_CIPH_CUSTOM_COPY 0x400
#define EVP_CIPH_CUSTOM_COPY 0x400
/* Allow use default ASN1 get/set iv */
#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000
/* Buffer length in bits not bytes: CFB1 mode only */
@@ -355,7 +227,7 @@ struct evp_cipher_st {
/* Cipher handles any and all padding logic as well
* as finalisation.
*/
#define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000
#define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000
#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
/*
@@ -367,22 +239,25 @@ struct evp_cipher_st {
/* ctrl() values */
#define EVP_CTRL_INIT 0x0
#define EVP_CTRL_SET_KEY_LENGTH 0x1
#define EVP_CTRL_GET_RC2_KEY_BITS 0x2
#define EVP_CTRL_SET_RC2_KEY_BITS 0x3
#define EVP_CTRL_GET_RC5_ROUNDS 0x4
#define EVP_CTRL_SET_RC5_ROUNDS 0x5
#define EVP_CTRL_RAND_KEY 0x6
#define EVP_CTRL_PBE_PRF_NID 0x7
#define EVP_CTRL_COPY 0x8
#define EVP_CTRL_GCM_SET_IVLEN 0x9
#define EVP_CTRL_GCM_GET_TAG 0x10
#define EVP_CTRL_GCM_SET_TAG 0x11
#define EVP_CTRL_SET_KEY_LENGTH 0x1
#define EVP_CTRL_GET_RC2_KEY_BITS 0x2
#define EVP_CTRL_SET_RC2_KEY_BITS 0x3
#define EVP_CTRL_GET_RC5_ROUNDS 0x4
#define EVP_CTRL_SET_RC5_ROUNDS 0x5
#define EVP_CTRL_RAND_KEY 0x6
#define EVP_CTRL_PBE_PRF_NID 0x7
#define EVP_CTRL_COPY 0x8
#define EVP_CTRL_AEAD_SET_IVLEN 0x9
#define EVP_CTRL_AEAD_GET_TAG 0x10
#define EVP_CTRL_AEAD_SET_TAG 0x11
#define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN
#define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG
#define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG
#define EVP_CTRL_GCM_SET_IV_FIXED 0x12
#define EVP_CTRL_GCM_IV_GEN 0x13
#define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN
#define EVP_CTRL_CCM_GET_TAG EVP_CTRL_GCM_GET_TAG
#define EVP_CTRL_CCM_SET_TAG EVP_CTRL_GCM_SET_TAG
#define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN
#define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG
#define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG
#define EVP_CTRL_CCM_SET_L 0x14
#define EVP_CTRL_CCM_SET_MSGLEN 0x15
/* AEAD cipher deduces payload length and returns number of bytes
@@ -410,38 +285,6 @@ typedef struct evp_cipher_info_st {
unsigned char iv[EVP_MAX_IV_LENGTH];
} EVP_CIPHER_INFO;
struct evp_cipher_ctx_st {
const EVP_CIPHER *cipher;
ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */
int encrypt; /* encrypt or decrypt */
int buf_len; /* number we have left */
unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */
unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */
unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */
int num; /* used by cfb/ofb/ctr mode */
void *app_data; /* application stuff */
int key_len; /* May change for variable length cipher */
unsigned long flags; /* Various flags */
void *cipher_data; /* per EVP data */
int final_used;
int block_mask;
unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */
} /* EVP_CIPHER_CTX */;
typedef struct evp_Encode_Ctx_st {
int num; /* number saved in a partial encode/decode */
int length; /* The length is either the output line length
* (in input bytes) or the shortest input line
* length that is ok. Once decoding begins,
* the length is adjusted up each time a longer
* line is decoded */
unsigned char enc_data[80]; /* data to encode */
int line_num; /* number read on current line */
int expect_nl;
} EVP_ENCODE_CTX;
/* Password based encryption function */
typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de);
@@ -485,7 +328,28 @@ int EVP_MD_size(const EVP_MD *md);
int EVP_MD_block_size(const EVP_MD *md);
unsigned long EVP_MD_flags(const EVP_MD *md);
EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type);
void EVP_MD_meth_free(EVP_MD *md);
EVP_MD *EVP_MD_meth_dup(const EVP_MD *md);
int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize);
int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize);
int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize);
int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags);
int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx));
int EVP_MD_meth_set_update(EVP_MD *md,
int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count));
int EVP_MD_meth_set_final(EVP_MD *md,
int (*final)(EVP_MD_CTX *ctx, unsigned char *md));
int EVP_MD_meth_set_copy(EVP_MD *md,
int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from));
int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx));
int EVP_MD_meth_set_ctrl(EVP_MD *md,
int (*ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2));
const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx);
#define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e))
#define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e))
#define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e))
@@ -509,8 +373,11 @@ int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx,
int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,
const unsigned char *iv, size_t len);
int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx);
void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data);
unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx);
#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
#define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)
@@ -617,7 +484,7 @@ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
#ifndef LIBRESSL_INTERNAL
int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
#endif
int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
EVP_PKEY *pkey);
@@ -628,11 +495,17 @@ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen);
int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
const unsigned char *tbs, size_t tbslen);
int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen);
int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
size_t siglen, const unsigned char *tbs, size_t tbslen);
int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv);
int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
@@ -684,9 +557,6 @@ const EVP_MD *EVP_md5_sha1(void);
#endif
#ifndef OPENSSL_NO_SHA
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_dss(void);
const EVP_MD *EVP_dss1(void);
const EVP_MD *EVP_ecdsa(void);
#endif
#ifndef OPENSSL_NO_SHA256
const EVP_MD *EVP_sha224(void);
@@ -1061,6 +931,13 @@ void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2));
void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
int (*pkey_check)(const EVP_PKEY *pk));
void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
int (*pkey_public_check)(const EVP_PKEY *pk));
void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
int (*pkey_check)(const EVP_PKEY *pk));
#define EVP_PKEY_OP_UNDEFINED 0
#define EVP_PKEY_OP_PARAMGEN (1<<1)
#define EVP_PKEY_OP_KEYGEN (1<<2)
@@ -1107,7 +984,7 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
#define EVP_PKEY_CTRL_DIGESTINIT 7
/* Used by GOST key encryption in TLS */
#define EVP_PKEY_CTRL_SET_IV 8
#define EVP_PKEY_CTRL_SET_IV 8
#define EVP_PKEY_CTRL_CMS_ENCRYPT 9
#define EVP_PKEY_CTRL_CMS_DECRYPT 10
@@ -1149,6 +1026,8 @@ void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key,
int keylen);
EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
size_t len, const EVP_CIPHER *cipher);
void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
@@ -1185,6 +1064,9 @@ int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
@@ -1251,6 +1133,13 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2),
int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value));
void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
int (*check)(EVP_PKEY *pkey));
void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
int (*public_check)(EVP_PKEY *pkey));
void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
int (*param_check)(EVP_PKEY *pkey));
/* Authenticated Encryption with Additional Data.
*
* AEAD couples confidentiality and integrity in a single primtive. AEAD
@@ -1258,7 +1147,6 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
* message has a unique, per-message nonce and, optionally, additional data
* which is authenticated but not included in the output. */
struct evp_aead_st;
typedef struct evp_aead_st EVP_AEAD;
#ifndef OPENSSL_NO_AES
@@ -1292,11 +1180,7 @@ size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead);
/* An EVP_AEAD_CTX represents an AEAD algorithm configured with a specific key
* and message-independent IV. */
typedef struct evp_aead_ctx_st {
const EVP_AEAD *aead;
/* aead_state is an opaque pointer to the AEAD specific state. */
void *aead_state;
} EVP_AEAD_CTX;
typedef struct evp_aead_ctx_st EVP_AEAD_CTX;
/* EVP_AEAD_MAX_TAG_LENGTH is the maximum tag length used by any AEAD
* defined in this header. */
@@ -1307,7 +1191,15 @@ typedef struct evp_aead_ctx_st {
* should be used. */
#define EVP_AEAD_DEFAULT_TAG_LENGTH 0
/* EVP_AEAD_init initializes the context for the given AEAD algorithm.
/* EVP_AEAD_CTX_new allocates a new context for use with EVP_AEAD_CTX_init.
* It can be cleaned up for reuse with EVP_AEAD_CTX_cleanup and must be freed
* with EVP_AEAD_CTX_free. */
EVP_AEAD_CTX *EVP_AEAD_CTX_new(void);
/* EVP_AEAD_CTX_free releases all memory owned by the context. */
void EVP_AEAD_CTX_free(EVP_AEAD_CTX *ctx);
/* EVP_AEAD_CTX_init initializes the context for the given AEAD algorithm.
* The implementation argument may be NULL to choose the default implementation.
* Authentication tags may be truncated by passing a tag length. A tag length
* of zero indicates the default tag length should be used. */
@@ -1512,6 +1404,7 @@ void ERR_load_EVP_strings(void);
#define EVP_R_INVALID_OPERATION 148
#define EVP_R_IV_TOO_LARGE 102
#define EVP_R_KEYGEN_FAILURE 120
#define EVP_R_KEY_SETUP_FAILED 180
#define EVP_R_MESSAGE_DIGEST_IS_NULL 159
#define EVP_R_METHOD_NOT_SUPPORTED 144
#define EVP_R_MISSING_PARAMETERS 103

17
externals/libressl/include/openssl/hmac.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: hmac.h,v 1.13 2018/02/17 14:53:59 jsing Exp $ */
/* $OpenBSD: hmac.h,v 1.16 2022/01/14 08:06:03 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -72,24 +72,11 @@
extern "C" {
#endif
typedef struct hmac_ctx_st {
const EVP_MD *md;
EVP_MD_CTX md_ctx;
EVP_MD_CTX i_ctx;
EVP_MD_CTX o_ctx;
unsigned int key_length;
unsigned char key[HMAC_MAX_MD_CBLOCK];
} HMAC_CTX;
#define HMAC_size(e) (EVP_MD_size((e)->md))
#define HMAC_size(e) (EVP_MD_size(HMAC_CTX_get_md((e))))
HMAC_CTX *HMAC_CTX_new(void);
void HMAC_CTX_free(HMAC_CTX *ctx);
void HMAC_CTX_init(HMAC_CTX *ctx);
int HMAC_CTX_reset(HMAC_CTX *ctx);
void HMAC_CTX_cleanup(HMAC_CTX *ctx);
#define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */
int HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
const EVP_MD *md); /* deprecated */

93
externals/libressl/include/openssl/obj_mac.h vendored
View File

@@ -853,10 +853,38 @@
#define NID_id_smime_ct_compressedData 786
#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L
#define SN_id_ct_routeOriginAuthz "id-ct-routeOriginAuthz"
#define NID_id_ct_routeOriginAuthz 1001
#define OBJ_id_ct_routeOriginAuthz OBJ_id_smime_ct,24L
#define SN_id_ct_rpkiManifest "id-ct-rpkiManifest"
#define NID_id_ct_rpkiManifest 1002
#define OBJ_id_ct_rpkiManifest OBJ_id_smime_ct,26L
#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF"
#define NID_id_ct_asciiTextWithCRLF 787
#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L
#define SN_id_ct_rpkiGhostbusters "id-ct-rpkiGhostbusters"
#define NID_id_ct_rpkiGhostbusters 1003
#define OBJ_id_ct_rpkiGhostbusters OBJ_id_smime_ct,35L
#define SN_id_ct_resourceTaggedAttest "id-ct-resourceTaggedAttest"
#define NID_id_ct_resourceTaggedAttest 1004
#define OBJ_id_ct_resourceTaggedAttest OBJ_id_smime_ct,36L
#define SN_id_ct_geofeedCSVwithCRLF "id-ct-geofeedCSVwithCRLF"
#define NID_id_ct_geofeedCSVwithCRLF 1013
#define OBJ_id_ct_geofeedCSVwithCRLF OBJ_id_smime_ct,47L
#define SN_id_ct_signedChecklist "id-ct-signedChecklist"
#define NID_id_ct_signedChecklist 1014
#define OBJ_id_ct_signedChecklist OBJ_id_smime_ct,48L
#define SN_id_ct_ASPA "id-ct-ASPA"
#define NID_id_ct_ASPA 1017
#define OBJ_id_ct_ASPA OBJ_id_smime_ct,49L
#define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest"
#define NID_id_smime_aa_receiptRequest 212
#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L
@@ -1366,6 +1394,10 @@
#define NID_id_cct 268
#define OBJ_id_cct OBJ_id_pkix,12L
#define SN_id_cp "id-cp"
#define NID_id_cp 1005
#define OBJ_id_cp OBJ_id_pkix,14L
#define SN_id_ppl "id-ppl"
#define NID_id_ppl 662
#define OBJ_id_ppl OBJ_id_pkix,21L
@@ -1490,6 +1522,19 @@
#define NID_proxyCertInfo 663
#define OBJ_proxyCertInfo OBJ_id_pe,14L
#define SN_tlsfeature "tlsfeature"
#define LN_tlsfeature "TLS Feature"
#define NID_tlsfeature 1016
#define OBJ_tlsfeature OBJ_id_pe,24L
#define SN_sbgp_ipAddrBlockv2 "sbgp-ipAddrBlockv2"
#define NID_sbgp_ipAddrBlockv2 1006
#define OBJ_sbgp_ipAddrBlockv2 OBJ_id_pe,28L
#define SN_sbgp_autonomousSysNumv2 "sbgp-autonomousSysNumv2"
#define NID_sbgp_autonomousSysNumv2 1007
#define OBJ_sbgp_autonomousSysNumv2 OBJ_id_pe,29L
#define SN_id_qt_cps "id-qt-cps"
#define LN_id_qt_cps "Policy Qualifier CPS"
#define NID_id_qt_cps 164
@@ -1554,6 +1599,11 @@
#define NID_dvcs 297
#define OBJ_dvcs OBJ_id_kp,10L
#define SN_id_kp_bgpsec_router "id-kp-bgpsec-router"
#define LN_id_kp_bgpsec_router "BGPsec Router"
#define NID_id_kp_bgpsec_router 1015
#define OBJ_id_kp_bgpsec_router OBJ_id_kp,30L
#define SN_id_it_caProtEncCert "id-it-caProtEncCert"
#define NID_id_it_caProtEncCert 298
#define OBJ_id_it_caProtEncCert OBJ_id_it,1L
@@ -1823,6 +1873,14 @@
#define NID_id_cct_PKIResponse 362
#define OBJ_id_cct_PKIResponse OBJ_id_cct,3L
#define SN_ipAddr_asNumber "ipAddr-asNumber"
#define NID_ipAddr_asNumber 1008
#define OBJ_ipAddr_asNumber OBJ_id_cp,2L
#define SN_ipAddr_asNumberv2 "ipAddr-asNumberv2"
#define NID_ipAddr_asNumberv2 1009
#define OBJ_ipAddr_asNumberv2 OBJ_id_cp,3L
#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage"
#define LN_id_ppl_anyLanguage "Any language"
#define NID_id_ppl_anyLanguage 664
@@ -1863,6 +1921,21 @@
#define NID_caRepository 785
#define OBJ_caRepository OBJ_id_ad,5L
#define SN_rpkiManifest "rpkiManifest"
#define LN_rpkiManifest "RPKI Manifest"
#define NID_rpkiManifest 1010
#define OBJ_rpkiManifest OBJ_id_ad,10L
#define SN_signedObject "signedObject"
#define LN_signedObject "Signed Object"
#define NID_signedObject 1011
#define OBJ_signedObject OBJ_id_ad,11L
#define SN_rpkiNotify "rpkiNotify"
#define LN_rpkiNotify "RPKI Notify"
#define NID_rpkiNotify 1012
#define OBJ_rpkiNotify OBJ_id_ad,13L
#define OBJ_id_pkix_OCSP OBJ_ad_OCSP
#define SN_id_pkix_OCSP_basic "basicOCSPResponse"
@@ -4157,6 +4230,26 @@
#define SN_dh_cofactor_kdf "dh-cofactor-kdf"
#define NID_dh_cofactor_kdf 991
#define SN_ct_precert_scts "ct_precert_scts"
#define LN_ct_precert_scts "CT Precertificate SCTs"
#define NID_ct_precert_scts 1018
#define OBJ_ct_precert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L
#define SN_ct_precert_poison "ct_precert_poison"
#define LN_ct_precert_poison "CT Precertificate Poison"
#define NID_ct_precert_poison 1019
#define OBJ_ct_precert_poison 1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L
#define SN_ct_precert_signer "ct_precert_signer"
#define LN_ct_precert_signer "CT Precertificate Signer"
#define NID_ct_precert_signer 1020
#define OBJ_ct_precert_signer 1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L
#define SN_ct_cert_scts "ct_cert_scts"
#define LN_ct_cert_scts "CT Certificate SCTs"
#define NID_ct_cert_scts 1021
#define OBJ_ct_cert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L
#define SN_teletrust "teletrust"
#define NID_teletrust 920
#define OBJ_teletrust OBJ_identified_organization,36L

95
externals/libressl/include/openssl/objects.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: objects.h,v 1.12 2017/01/21 04:53:22 jsing Exp $ */
/* $OpenBSD: objects.h,v 1.17 2022/01/14 08:56:00 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1010,108 +1010,33 @@ int OBJ_txt2nid(const char *s);
int OBJ_ln2nid(const char *s);
int OBJ_sn2nid(const char *s);
int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
#if defined(LIBRESSL_INTERNAL)
const void * OBJ_bsearch_(const void *key, const void *base, int num,
int size, int (*cmp)(const void *, const void *));
const void * OBJ_bsearch_ex_(const void *key, const void *base, int num,
int size, int (*cmp)(const void *, const void *),
int flags);
#ifndef LIBRESSL_INTERNAL
#define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \
static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \
static int nm##_cmp(type1 const *, type2 const *); \
scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
#define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \
_DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
#define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \
type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
/*
* Unsolved problem: if a type is actually a pointer type, like
* nid_triple is, then its impossible to get a const where you need
* it. Consider:
*
* typedef int nid_triple[3];
* const void *a_;
* const nid_triple const *a = a_;
*
* The assignement discards a const because what you really want is:
*
* const int const * const *a = a_;
*
* But if you do that, you lose the fact that a is an array of 3 ints,
* which breaks comparison functions.
*
* Thus we end up having to cast, sadly, or unpack the
* declarations. Or, as I finally did in this case, delcare nid_triple
* to be a struct, which it should have been in the first place.
*
* Ben, August 2008.
*
* Also, strictly speaking not all types need be const, but handling
* the non-constness means a lot of complication, and in practice
* comparison routines do always not touch their arguments.
*/
#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \
static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \
{ \
type1 const *a = a_; \
type2 const *b = b_; \
return nm##_cmp(a,b); \
} \
static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
{ \
return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
nm##_cmp_BSEARCH_CMP_FN); \
} \
extern void dummy_prototype(void)
#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \
static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \
{ \
type1 const *a = a_; \
type2 const *b = b_; \
return nm##_cmp(a,b); \
} \
type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
{ \
return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
nm##_cmp_BSEARCH_CMP_FN); \
} \
extern void dummy_prototype(void)
#define OBJ_bsearch(type1,key,type2,base,num,cmp) \
((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
num,sizeof(type2), \
((void)CHECKED_PTR_OF(type1,cmp##_type_1), \
(void)CHECKED_PTR_OF(type2,cmp##_type_2), \
cmp##_BSEARCH_CMP_FN)))
#define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags) \
((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
num,sizeof(type2), \
((void)CHECKED_PTR_OF(type1,cmp##_type_1), \
(void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \
cmp##_BSEARCH_CMP_FN)),flags)
#endif /* !LIBRESSL_INTERNAL */
#endif
int OBJ_new_nid(int num);
int OBJ_add_object(const ASN1_OBJECT *obj);
int OBJ_create(const char *oid, const char *sn, const char *ln);
void OBJ_cleanup(void );
void OBJ_cleanup(void);
int OBJ_create_objects(BIO *in);
size_t OBJ_length(const ASN1_OBJECT *obj);
const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj);
int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid);
int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
void OBJ_sigid_free(void);
#if defined(LIBRESSL_CRYPTO_INTERNAL)
extern int obj_cleanup_defer;
void check_defer(int nid);
#endif
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes

339
externals/libressl/include/openssl/ocsp.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ocsp.h,v 1.16 2018/08/24 20:03:21 tb Exp $ */
/* $OpenBSD: ocsp.h,v 1.19 2022/01/14 08:32:26 tb Exp $ */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
* project. */
@@ -73,230 +73,6 @@
extern "C" {
#endif
/* Various flags and values */
#define OCSP_DEFAULT_NONCE_LENGTH 16
#define OCSP_NOCERTS 0x1
#define OCSP_NOINTERN 0x2
#define OCSP_NOSIGS 0x4
#define OCSP_NOCHAIN 0x8
#define OCSP_NOVERIFY 0x10
#define OCSP_NOEXPLICIT 0x20
#define OCSP_NOCASIGN 0x40
#define OCSP_NODELEGATED 0x80
#define OCSP_NOCHECKS 0x100
#define OCSP_TRUSTOTHER 0x200
#define OCSP_RESPID_KEY 0x400
#define OCSP_NOTIME 0x800
/* CertID ::= SEQUENCE {
* hashAlgorithm AlgorithmIdentifier,
* issuerNameHash OCTET STRING, -- Hash of Issuer's DN
* issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
* serialNumber CertificateSerialNumber }
*/
typedef struct ocsp_cert_id_st {
X509_ALGOR *hashAlgorithm;
ASN1_OCTET_STRING *issuerNameHash;
ASN1_OCTET_STRING *issuerKeyHash;
ASN1_INTEGER *serialNumber;
} OCSP_CERTID;
DECLARE_STACK_OF(OCSP_CERTID)
/* Request ::= SEQUENCE {
* reqCert CertID,
* singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
*/
typedef struct ocsp_one_request_st {
OCSP_CERTID *reqCert;
STACK_OF(X509_EXTENSION) *singleRequestExtensions;
} OCSP_ONEREQ;
DECLARE_STACK_OF(OCSP_ONEREQ)
/* TBSRequest ::= SEQUENCE {
* version [0] EXPLICIT Version DEFAULT v1,
* requestorName [1] EXPLICIT GeneralName OPTIONAL,
* requestList SEQUENCE OF Request,
* requestExtensions [2] EXPLICIT Extensions OPTIONAL }
*/
typedef struct ocsp_req_info_st {
ASN1_INTEGER *version;
GENERAL_NAME *requestorName;
STACK_OF(OCSP_ONEREQ) *requestList;
STACK_OF(X509_EXTENSION) *requestExtensions;
} OCSP_REQINFO;
/* Signature ::= SEQUENCE {
* signatureAlgorithm AlgorithmIdentifier,
* signature BIT STRING,
* certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
*/
typedef struct ocsp_signature_st {
X509_ALGOR *signatureAlgorithm;
ASN1_BIT_STRING *signature;
STACK_OF(X509) *certs;
} OCSP_SIGNATURE;
/* OCSPRequest ::= SEQUENCE {
* tbsRequest TBSRequest,
* optionalSignature [0] EXPLICIT Signature OPTIONAL }
*/
typedef struct ocsp_request_st {
OCSP_REQINFO *tbsRequest;
OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
} OCSP_REQUEST;
/* OCSPResponseStatus ::= ENUMERATED {
* successful (0), --Response has valid confirmations
* malformedRequest (1), --Illegal confirmation request
* internalError (2), --Internal error in issuer
* tryLater (3), --Try again later
* --(4) is not used
* sigRequired (5), --Must sign the request
* unauthorized (6) --Request unauthorized
* }
*/
#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0
#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1
#define OCSP_RESPONSE_STATUS_INTERNALERROR 2
#define OCSP_RESPONSE_STATUS_TRYLATER 3
#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5
#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6
/* ResponseBytes ::= SEQUENCE {
* responseType OBJECT IDENTIFIER,
* response OCTET STRING }
*/
typedef struct ocsp_resp_bytes_st {
ASN1_OBJECT *responseType;
ASN1_OCTET_STRING *response;
} OCSP_RESPBYTES;
/* OCSPResponse ::= SEQUENCE {
* responseStatus OCSPResponseStatus,
* responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
*/
struct ocsp_response_st {
ASN1_ENUMERATED *responseStatus;
OCSP_RESPBYTES *responseBytes;
};
/* ResponderID ::= CHOICE {
* byName [1] Name,
* byKey [2] KeyHash }
*/
#define V_OCSP_RESPID_NAME 0
#define V_OCSP_RESPID_KEY 1
struct ocsp_responder_id_st {
int type;
union {
X509_NAME* byName;
ASN1_OCTET_STRING *byKey;
} value;
};
DECLARE_STACK_OF(OCSP_RESPID)
OCSP_RESPID *OCSP_RESPID_new(void);
void OCSP_RESPID_free(OCSP_RESPID *a);
OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a, const unsigned char **in, long len);
int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **out);
extern const ASN1_ITEM OCSP_RESPID_it;
/* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
* --(excluding the tag and length fields)
*/
/* RevokedInfo ::= SEQUENCE {
* revocationTime GeneralizedTime,
* revocationReason [0] EXPLICIT CRLReason OPTIONAL }
*/
typedef struct ocsp_revoked_info_st {
ASN1_GENERALIZEDTIME *revocationTime;
ASN1_ENUMERATED *revocationReason;
} OCSP_REVOKEDINFO;
/* CertStatus ::= CHOICE {
* good [0] IMPLICIT NULL,
* revoked [1] IMPLICIT RevokedInfo,
* unknown [2] IMPLICIT UnknownInfo }
*/
#define V_OCSP_CERTSTATUS_GOOD 0
#define V_OCSP_CERTSTATUS_REVOKED 1
#define V_OCSP_CERTSTATUS_UNKNOWN 2
typedef struct ocsp_cert_status_st {
int type;
union {
ASN1_NULL *good;
OCSP_REVOKEDINFO *revoked;
ASN1_NULL *unknown;
} value;
} OCSP_CERTSTATUS;
/* SingleResponse ::= SEQUENCE {
* certID CertID,
* certStatus CertStatus,
* thisUpdate GeneralizedTime,
* nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
* singleExtensions [1] EXPLICIT Extensions OPTIONAL }
*/
typedef struct ocsp_single_response_st {
OCSP_CERTID *certId;
OCSP_CERTSTATUS *certStatus;
ASN1_GENERALIZEDTIME *thisUpdate;
ASN1_GENERALIZEDTIME *nextUpdate;
STACK_OF(X509_EXTENSION) *singleExtensions;
} OCSP_SINGLERESP;
DECLARE_STACK_OF(OCSP_SINGLERESP)
/* ResponseData ::= SEQUENCE {
* version [0] EXPLICIT Version DEFAULT v1,
* responderID ResponderID,
* producedAt GeneralizedTime,
* responses SEQUENCE OF SingleResponse,
* responseExtensions [1] EXPLICIT Extensions OPTIONAL }
*/
typedef struct ocsp_response_data_st {
ASN1_INTEGER *version;
OCSP_RESPID *responderId;
ASN1_GENERALIZEDTIME *producedAt;
STACK_OF(OCSP_SINGLERESP) *responses;
STACK_OF(X509_EXTENSION) *responseExtensions;
} OCSP_RESPDATA;
/* BasicOCSPResponse ::= SEQUENCE {
* tbsResponseData ResponseData,
* signatureAlgorithm AlgorithmIdentifier,
* signature BIT STRING,
* certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
*/
/* Note 1:
The value for "signature" is specified in the OCSP rfc2560 as follows:
"The value for the signature SHALL be computed on the hash of the DER
encoding ResponseData." This means that you must hash the DER-encoded
tbsResponseData, and then run it through a crypto-signing function, which
will (at least w/RSA) do a hash-'n'-private-encrypt operation. This seems
a bit odd, but that's the spec. Also note that the data structures do not
leave anywhere to independently specify the algorithm used for the initial
hash. So, we look at the signature-specification algorithm, and try to do
something intelligent. -- Kathy Weinhold, CertCo */
/* Note 2:
It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open
for interpretation. I've done tests against another responder, and found
that it doesn't do the double hashing that the RFC seems to say one
should. Therefore, all relevant functions take a flag saying which
variant should be used. -- Richard Levitte, OpenSSL team and CeloCom */
typedef struct ocsp_basic_response_st {
OCSP_RESPDATA *tbsResponseData;
X509_ALGOR *signatureAlgorithm;
ASN1_BIT_STRING *signature;
STACK_OF(X509) *certs;
} OCSP_BASICRESP;
/*
* CRLReason ::= ENUMERATED {
* unspecified (0),
@@ -318,25 +94,73 @@ typedef struct ocsp_basic_response_st {
#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6
#define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8
/* CrlID ::= SEQUENCE {
* crlUrl [0] EXPLICIT IA5String OPTIONAL,
* crlNum [1] EXPLICIT INTEGER OPTIONAL,
* crlTime [2] EXPLICIT GeneralizedTime OPTIONAL }
*/
typedef struct ocsp_crl_id_st {
ASN1_IA5STRING *crlUrl;
ASN1_INTEGER *crlNum;
ASN1_GENERALIZEDTIME *crlTime;
} OCSP_CRLID;
/* ServiceLocator ::= SEQUENCE {
* issuer Name,
* locator AuthorityInfoAccessSyntax OPTIONAL }
*/
typedef struct ocsp_service_locator_st {
X509_NAME* issuer;
STACK_OF(ACCESS_DESCRIPTION) *locator;
} OCSP_SERVICELOC;
/* Various flags and values */
#define OCSP_DEFAULT_NONCE_LENGTH 16
#define OCSP_NOCERTS 0x1
#define OCSP_NOINTERN 0x2
#define OCSP_NOSIGS 0x4
#define OCSP_NOCHAIN 0x8
#define OCSP_NOVERIFY 0x10
#define OCSP_NOEXPLICIT 0x20
#define OCSP_NOCASIGN 0x40
#define OCSP_NODELEGATED 0x80
#define OCSP_NOCHECKS 0x100
#define OCSP_TRUSTOTHER 0x200
#define OCSP_RESPID_KEY 0x400
#define OCSP_NOTIME 0x800
typedef struct ocsp_cert_id_st OCSP_CERTID;
DECLARE_STACK_OF(OCSP_CERTID)
typedef struct ocsp_one_request_st OCSP_ONEREQ;
DECLARE_STACK_OF(OCSP_ONEREQ)
typedef struct ocsp_req_info_st OCSP_REQINFO;
typedef struct ocsp_signature_st OCSP_SIGNATURE;
typedef struct ocsp_request_st OCSP_REQUEST;
#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0
#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1
#define OCSP_RESPONSE_STATUS_INTERNALERROR 2
#define OCSP_RESPONSE_STATUS_TRYLATER 3
#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5
#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6
typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES;
#define V_OCSP_RESPID_NAME 0
#define V_OCSP_RESPID_KEY 1
DECLARE_STACK_OF(OCSP_RESPID)
OCSP_RESPID *OCSP_RESPID_new(void);
void OCSP_RESPID_free(OCSP_RESPID *a);
OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a, const unsigned char **in, long len);
int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **out);
extern const ASN1_ITEM OCSP_RESPID_it;
typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO;
#define V_OCSP_CERTSTATUS_GOOD 0
#define V_OCSP_CERTSTATUS_REVOKED 1
#define V_OCSP_CERTSTATUS_UNKNOWN 2
typedef struct ocsp_cert_status_st OCSP_CERTSTATUS;
typedef struct ocsp_single_response_st OCSP_SINGLERESP;
DECLARE_STACK_OF(OCSP_SINGLERESP)
typedef struct ocsp_response_data_st OCSP_RESPDATA;
typedef struct ocsp_basic_response_st OCSP_BASICRESP;
typedef struct ocsp_crl_id_st OCSP_CRLID;
typedef struct ocsp_service_locator_st OCSP_SERVICELOC;
#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
@@ -357,24 +181,6 @@ typedef struct ocsp_service_locator_st {
PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
bp,(char *)o, NULL,NULL,0,NULL,NULL)
#define OCSP_REQUEST_sign(o,pkey,md) \
ASN1_item_sign(&OCSP_REQINFO_it, \
o->optionalSignature->signatureAlgorithm,NULL, \
o->optionalSignature->signature,o->tbsRequest,pkey,md)
#define OCSP_BASICRESP_sign(o,pkey,md,d) \
ASN1_item_sign(&OCSP_RESPDATA_it,o->signatureAlgorithm,NULL, \
o->signature,o->tbsResponseData,pkey,md)
#define OCSP_REQUEST_verify(a,r) \
ASN1_item_verify(&OCSP_REQINFO_it, \
a->optionalSignature->signatureAlgorithm, \
a->optionalSignature->signature,a->tbsRequest,r)
#define OCSP_BASICRESP_verify(a,r,d) \
ASN1_item_verify(&OCSP_RESPDATA_it, \
a->signatureAlgorithm,a->signature,a->tbsResponseData,r)
#define ASN1_BIT_STRING_digest(data,type,md,len) \
ASN1_item_digest(&ASN1_BIT_STRING_it,type,data,md,len)
@@ -414,8 +220,19 @@ int OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key,
int OCSP_response_status(OCSP_RESPONSE *resp);
OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs);
const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs);
const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs);
int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
STACK_OF(X509) *extra_certs);
int OCSP_resp_count(OCSP_BASICRESP *bs);
OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs);
const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
const ASN1_OCTET_STRING **pid, const X509_NAME **pname);
int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
ASN1_GENERALIZEDTIME **revtime, ASN1_GENERALIZEDTIME **thisupd,

5
externals/libressl/include/openssl/opensslfeatures.h vendored
View File

@@ -3,7 +3,8 @@
* are enabled, rather than not being able to tell when things are
* enabled (or possibly not yet not implemented, or removed!).
*/
/* #define LIBRESSL_HAS_TLS1_3 */
#define LIBRESSL_HAS_TLS1_3
#define LIBRESSL_HAS_DTLS1_2
#define OPENSSL_THREADS
@@ -83,7 +84,7 @@
/* #define OPENSSL_NO_RC4 */
#define OPENSSL_NO_RC5
/* #define OPENSSL_NO_RDRAND */
#define OPENSSL_NO_RFC3779
/* #define OPENSSL_NO_RFC3779 */
/* #define OPENSSL_NO_RMD160 */
/* #define OPENSSL_NO_RSA */
/* #define OPENSSL_NO_SCRYPT */

6
externals/libressl/include/openssl/opensslv.h vendored
View File

@@ -1,11 +1,11 @@
/* $OpenBSD: opensslv.h,v 1.61 2020/09/25 11:31:39 bcook Exp $ */
/* $OpenBSD: opensslv.h,v 1.69 2022/03/15 21:15:08 bcook Exp $ */
#ifndef HEADER_OPENSSLV_H
#define HEADER_OPENSSLV_H
/* These will change with each release of LibreSSL-portable */
#define LIBRESSL_VERSION_NUMBER 0x3020200fL
#define LIBRESSL_VERSION_NUMBER 0x3050200fL
/* ^ Patch starts here */
#define LIBRESSL_VERSION_TEXT "LibreSSL 3.2.2"
#define LIBRESSL_VERSION_TEXT "LibreSSL 3.5.2"
/* These will never change */
#define OPENSSL_VERSION_NUMBER 0x20000000L

24
externals/libressl/include/openssl/ossl_typ.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ossl_typ.h,v 1.13 2015/09/30 04:10:07 doug Exp $ */
/* $OpenBSD: ossl_typ.h,v 1.21 2022/01/14 08:59:30 tb Exp $ */
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
@@ -77,6 +77,8 @@ typedef struct asn1_string_st ASN1_STRING;
typedef int ASN1_BOOLEAN;
typedef int ASN1_NULL;
typedef struct asn1_object_st ASN1_OBJECT;
typedef struct ASN1_ITEM_st ASN1_ITEM;
typedef struct asn1_pctx_st ASN1_PCTX;
@@ -106,8 +108,12 @@ typedef struct bn_mont_ctx_st BN_MONT_CTX;
typedef struct bn_recp_ctx_st BN_RECP_CTX;
typedef struct bn_gencb_st BN_GENCB;
typedef struct bio_st BIO;
typedef struct buf_mem_st BUF_MEM;
typedef struct comp_ctx_st COMP_CTX;
typedef struct comp_method_st COMP_METHOD;
typedef struct evp_cipher_st EVP_CIPHER;
typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
typedef struct env_md_st EVP_MD;
@@ -119,6 +125,10 @@ typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX;
typedef struct hmac_ctx_st HMAC_CTX;
typedef struct dh_st DH;
typedef struct dh_method DH_METHOD;
@@ -127,6 +137,7 @@ typedef struct dsa_method DSA_METHOD;
typedef struct rsa_st RSA;
typedef struct rsa_meth_st RSA_METHOD;
typedef struct rsa_pss_params_st RSA_PSS_PARAMS;
typedef struct rand_meth_st RAND_METHOD;
@@ -143,6 +154,11 @@ typedef struct X509_pubkey_st X509_PUBKEY;
typedef struct x509_store_st X509_STORE;
typedef struct x509_store_ctx_st X509_STORE_CTX;
typedef struct x509_object_st X509_OBJECT;
typedef struct x509_lookup_st X509_LOOKUP;
typedef struct x509_lookup_method_st X509_LOOKUP_METHOD;
typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM;
typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
typedef struct v3_ext_ctx X509V3_CTX;
@@ -187,4 +203,10 @@ typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
typedef struct ocsp_response_st OCSP_RESPONSE;
typedef struct ocsp_responder_id_st OCSP_RESPID;
typedef struct sct_st SCT;
typedef struct sct_ctx_st SCT_CTX;
typedef struct ctlog_st CTLOG;
typedef struct ctlog_store_st CTLOG_STORE;
typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX;
#endif /* def HEADER_OPENSSL_TYPES_H */

24
externals/libressl/include/openssl/pem.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: pem.h,v 1.19 2018/08/24 19:51:31 tb Exp $ */
/* $OpenBSD: pem.h,v 1.23 2022/01/14 07:52:24 tb Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -114,7 +114,6 @@ extern "C" {
#define PEM_STRING_X509_OLD "X509 CERTIFICATE"
#define PEM_STRING_X509 "CERTIFICATE"
#define PEM_STRING_X509_PAIR "CERTIFICATE PAIR"
#define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
#define PEM_STRING_X509_REQ "CERTIFICATE REQUEST"
@@ -138,14 +137,6 @@ extern "C" {
#define PEM_STRING_PARAMETERS "PARAMETERS"
#define PEM_STRING_CMS "CMS"
/* Note that this structure is initialised by PEM_SealInit and cleaned up
by PEM_SealFinal (at least for now) */
typedef struct PEM_Encode_Seal_st {
EVP_ENCODE_CTX encode;
EVP_MD_CTX md;
EVP_CIPHER_CTX cipher;
} PEM_ENCODE_SEAL_CTX;
/* enc_type is one off */
#define PEM_TYPE_ENCRYPTED 10
#define PEM_TYPE_MIC_ONLY 20
@@ -413,14 +404,6 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
pem_password_cb *cb, void *u);
int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
EVP_MD *md_type, unsigned char **ek, int *ekl,
unsigned char *iv, EVP_PKEY **pubk, int npubk);
void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
unsigned char *in, int inl);
int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
unsigned char *out, int *outl, EVP_PKEY *priv);
int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt);
int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
@@ -435,8 +418,6 @@ DECLARE_PEM_rw(X509, X509)
DECLARE_PEM_rw(X509_AUX, X509)
DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR)
DECLARE_PEM_rw(X509_REQ, X509_REQ)
DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
@@ -485,6 +466,9 @@ DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb,
void *u);
int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
char *kstr, int klen,
pem_password_cb *cb, void *u);

105
externals/libressl/include/openssl/rsa.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: rsa.h,v 1.51 2019/11/04 12:30:56 jsing Exp $ */
/* $OpenBSD: rsa.h,v 1.55 2022/01/14 08:34:39 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -80,11 +80,7 @@
extern "C" {
#endif
/* Declared already in ossl_typ.h */
/* typedef struct rsa_st RSA; */
/* typedef struct rsa_meth_st RSA_METHOD; */
typedef struct rsa_pss_params_st {
struct rsa_pss_params_st {
X509_ALGOR *hashAlgorithm;
X509_ALGOR *maskGenAlgorithm;
ASN1_INTEGER *saltLength;
@@ -92,7 +88,7 @@ typedef struct rsa_pss_params_st {
/* Hash algorithm decoded from maskGenAlgorithm. */
X509_ALGOR *maskHash;
} RSA_PSS_PARAMS;
} /* RSA_PSS_PARAMS */;
typedef struct rsa_oaep_params_st {
X509_ALGOR *hashFunc;
@@ -103,80 +99,6 @@ typedef struct rsa_oaep_params_st {
X509_ALGOR *maskHash;
} RSA_OAEP_PARAMS;
struct rsa_meth_st {
const char *name;
int (*rsa_pub_enc)(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
int (*rsa_pub_dec)(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
int (*rsa_priv_enc)(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
int (*rsa_priv_dec)(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
int (*rsa_mod_exp)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx); /* Can be null */
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* Can be null */
int (*init)(RSA *rsa); /* called at new */
int (*finish)(RSA *rsa); /* called at free */
int flags; /* RSA_METHOD_FLAG_* things */
char *app_data; /* may be needed! */
/* New sign and verify functions: some libraries don't allow arbitrary data
* to be signed/verified: this allows them to be used. Note: for this to work
* the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used
* RSA_sign(), RSA_verify() should be used instead. Note: for backwards
* compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
* option is set in 'flags'.
*/
int (*rsa_sign)(int type, const unsigned char *m, unsigned int m_length,
unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
int (*rsa_verify)(int dtype, const unsigned char *m,
unsigned int m_length, const unsigned char *sigbuf,
unsigned int siglen, const RSA *rsa);
/* If this callback is NULL, the builtin software RSA key-gen will be used. This
* is for behavioural compatibility whilst the code gets rewired, but one day
* it would be nice to assume there are no such things as "builtin software"
* implementations. */
int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
};
struct rsa_st {
/* The first parameter is used to pickup errors where
* this is passed instead of aEVP_PKEY, it is set to 0 */
int pad;
long version;
const RSA_METHOD *meth;
/* functional reference if 'meth' is ENGINE-provided */
ENGINE *engine;
BIGNUM *n;
BIGNUM *e;
BIGNUM *d;
BIGNUM *p;
BIGNUM *q;
BIGNUM *dmp1;
BIGNUM *dmq1;
BIGNUM *iqmp;
/* Parameter restrictions for PSS only keys. */
RSA_PSS_PARAMS *pss;
/* be careful using this if the RSA structure is shared */
CRYPTO_EX_DATA ex_data;
int references;
int flags;
/* Used to cache montgomery values */
BN_MONT_CTX *_method_mod_n;
BN_MONT_CTX *_method_mod_p;
BN_MONT_CTX *_method_mod_q;
/* all BIGNUM values are actually in the following data, if it is not
* NULL */
BN_BLINDING *blinding;
BN_BLINDING *mt_blinding;
};
#ifndef OPENSSL_RSA_MAX_MODULUS_BITS
# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
#endif
@@ -380,18 +302,6 @@ int RSA_print_fp(FILE *fp, const RSA *r, int offset);
int RSA_print(BIO *bp, const RSA *r, int offset);
#endif
#ifndef OPENSSL_NO_RC4
int i2d_RSA_NET(const RSA *a, unsigned char **pp,
int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey);
RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey);
int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
int (*cb)(char *buf, int len, const char *prompt, int verify));
RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
int (*cb)(char *buf, int len, const char *prompt, int verify));
#endif
/* The following 2 functions sign and verify a X509_SIG ASN1 object
* inside PKCS#1 padded RSA encryption */
int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
@@ -470,6 +380,15 @@ void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
const BIGNUM *RSA_get0_n(const RSA *r);
const BIGNUM *RSA_get0_e(const RSA *r);
const BIGNUM *RSA_get0_d(const RSA *r);
const BIGNUM *RSA_get0_p(const RSA *r);
const BIGNUM *RSA_get0_q(const RSA *r);
const BIGNUM *RSA_get0_dmp1(const RSA *r);
const BIGNUM *RSA_get0_dmq1(const RSA *r);
const BIGNUM *RSA_get0_iqmp(const RSA *r);
const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r);
void RSA_clear_flags(RSA *r, int flags);
int RSA_test_flags(const RSA *r, int flags);
void RSA_set_flags(RSA *r, int flags);

46
externals/libressl/include/openssl/safestack.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: safestack.h,v 1.18 2019/08/11 14:14:14 jsing Exp $ */
/* $OpenBSD: safestack.h,v 1.21 2022/01/14 08:59:30 tb Exp $ */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
@@ -663,6 +663,28 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
#define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st))
#define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st))
#define sk_CTLOG_new(cmp) SKM_sk_new(CTLOG, (cmp))
#define sk_CTLOG_new_null() SKM_sk_new_null(CTLOG)
#define sk_CTLOG_free(st) SKM_sk_free(CTLOG, (st))
#define sk_CTLOG_num(st) SKM_sk_num(CTLOG, (st))
#define sk_CTLOG_value(st, i) SKM_sk_value(CTLOG, (st), (i))
#define sk_CTLOG_set(st, i, val) SKM_sk_set(CTLOG, (st), (i), (val))
#define sk_CTLOG_zero(st) SKM_sk_zero(CTLOG, (st))
#define sk_CTLOG_push(st, val) SKM_sk_push(CTLOG, (st), (val))
#define sk_CTLOG_unshift(st, val) SKM_sk_unshift(CTLOG, (st), (val))
#define sk_CTLOG_find(st, val) SKM_sk_find(CTLOG, (st), (val))
#define sk_CTLOG_find_ex(st, val) SKM_sk_find_ex(CTLOG, (st), (val))
#define sk_CTLOG_delete(st, i) SKM_sk_delete(CTLOG, (st), (i))
#define sk_CTLOG_delete_ptr(st, ptr) SKM_sk_delete_ptr(CTLOG, (st), (ptr))
#define sk_CTLOG_insert(st, val, i) SKM_sk_insert(CTLOG, (st), (val), (i))
#define sk_CTLOG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CTLOG, (st), (cmp))
#define sk_CTLOG_dup(st) SKM_sk_dup(CTLOG, st)
#define sk_CTLOG_pop_free(st, free_func) SKM_sk_pop_free(CTLOG, (st), (free_func))
#define sk_CTLOG_shift(st) SKM_sk_shift(CTLOG, (st))
#define sk_CTLOG_pop(st) SKM_sk_pop(CTLOG, (st))
#define sk_CTLOG_sort(st) SKM_sk_sort(CTLOG, (st))
#define sk_CTLOG_is_sorted(st) SKM_sk_is_sorted(CTLOG, (st))
#define sk_DIST_POINT_new(cmp) SKM_sk_new(DIST_POINT, (cmp))
#define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT)
#define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st))
@@ -1279,6 +1301,28 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
#define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st))
#define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st))
#define sk_SCT_new(cmp) SKM_sk_new(SCT, (cmp))
#define sk_SCT_new_null() SKM_sk_new_null(SCT)
#define sk_SCT_free(st) SKM_sk_free(SCT, (st))
#define sk_SCT_num(st) SKM_sk_num(SCT, (st))
#define sk_SCT_value(st, i) SKM_sk_value(SCT, (st), (i))
#define sk_SCT_set(st, i, val) SKM_sk_set(SCT, (st), (i), (val))
#define sk_SCT_zero(st) SKM_sk_zero(SCT, (st))
#define sk_SCT_push(st, val) SKM_sk_push(SCT, (st), (val))
#define sk_SCT_unshift(st, val) SKM_sk_unshift(SCT, (st), (val))
#define sk_SCT_find(st, val) SKM_sk_find(SCT, (st), (val))
#define sk_SCT_find_ex(st, val) SKM_sk_find_ex(SCT, (st), (val))
#define sk_SCT_delete(st, i) SKM_sk_delete(SCT, (st), (i))
#define sk_SCT_delete_ptr(st, ptr) SKM_sk_delete_ptr(SCT, (st), (ptr))
#define sk_SCT_insert(st, val, i) SKM_sk_insert(SCT, (st), (val), (i))
#define sk_SCT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SCT, (st), (cmp))
#define sk_SCT_dup(st) SKM_sk_dup(SCT, st)
#define sk_SCT_pop_free(st, free_func) SKM_sk_pop_free(SCT, (st), (free_func))
#define sk_SCT_shift(st) SKM_sk_shift(SCT, (st))
#define sk_SCT_pop(st) SKM_sk_pop(SCT, (st))
#define sk_SCT_sort(st) SKM_sk_sort(SCT, (st))
#define sk_SCT_is_sorted(st) SKM_sk_is_sorted(SCT, (st))
#define sk_SRTP_PROTECTION_PROFILE_new(cmp) SKM_sk_new(SRTP_PROTECTION_PROFILE, (cmp))
#define sk_SRTP_PROTECTION_PROFILE_new_null() SKM_sk_new_null(SRTP_PROTECTION_PROFILE)
#define sk_SRTP_PROTECTION_PROFILE_free(st) SKM_sk_free(SRTP_PROTECTION_PROFILE, (st))

6
externals/libressl/include/openssl/srtp.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: srtp.h,v 1.6 2015/09/01 15:18:23 jsing Exp $ */
/* $OpenBSD: srtp.h,v 1.7 2021/06/11 15:28:13 landry Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -129,6 +129,10 @@ extern "C" {
#define SRTP_NULL_SHA1_80 0x0005
#define SRTP_NULL_SHA1_32 0x0006
/* AEAD SRTP protection profiles from RFC 7714 */
#define SRTP_AEAD_AES_128_GCM 0x0007
#define SRTP_AEAD_AES_256_GCM 0x0008
int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);

381
externals/libressl/include/openssl/ssl.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ssl.h,v 1.178 2020/09/20 09:42:00 tb Exp $ */
/* $OpenBSD: ssl.h,v 1.215 2021/11/01 08:14:36 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -301,6 +301,7 @@ extern "C" {
#define SSL_TXT_STREEBOG512 "STREEBOG512"
#define SSL_TXT_DTLS1 "DTLSv1"
#define SSL_TXT_DTLS1_2 "DTLSv1.2"
#define SSL_TXT_SSLV2 "SSLv2"
#define SSL_TXT_SSLV3 "SSLv3"
#define SSL_TXT_TLSV1 "TLSv1"
@@ -356,7 +357,6 @@ extern "C" {
* in SSL_CTX. */
typedef struct ssl_st *ssl_crock_st;
typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
typedef struct ssl_method_st SSL_METHOD;
typedef struct ssl_cipher_st SSL_CIPHER;
typedef struct ssl_session_st SSL_SESSION;
@@ -376,113 +376,6 @@ typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data,
typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
#ifndef OPENSSL_NO_SSL_INTERN
/* used to hold info on the particular ciphers used */
struct ssl_cipher_st {
int valid;
const char *name; /* text name */
unsigned long id; /* id, 4 bytes, first is version */
unsigned long algorithm_mkey; /* key exchange algorithm */
unsigned long algorithm_auth; /* server authentication */
unsigned long algorithm_enc; /* symmetric encryption */
unsigned long algorithm_mac; /* symmetric authentication */
unsigned long algorithm_ssl; /* (major) protocol version */
unsigned long algo_strength; /* strength and export flags */
unsigned long algorithm2; /* Extra flags */
int strength_bits; /* Number of bits really used */
int alg_bits; /* Number of bits for algorithm */
};
/* Used to hold functions for SSLv3/TLSv1 functions */
struct ssl_method_internal_st;
struct ssl_method_st {
int (*ssl_dispatch_alert)(SSL *s);
int (*num_ciphers)(void);
const SSL_CIPHER *(*get_cipher)(unsigned int ncipher);
const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);
const struct ssl_method_internal_st *internal;
};
/* Lets make this into an ASN.1 type structure as follows
* SSL_SESSION_ID ::= SEQUENCE {
* version INTEGER, -- structure version number
* SSLversion INTEGER, -- SSL version number
* Cipher OCTET STRING, -- the 3 byte cipher ID
* Session_ID OCTET STRING, -- the Session ID
* Master_key OCTET STRING, -- the master key
* KRB5_principal OCTET STRING -- optional Kerberos principal
* Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
* Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
* Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
* Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context
* Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer'
* HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension
* PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
* PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity
* Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
* Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only)
* Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method
* SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
* }
* Look in ssl/ssl_asn1.c for more details
* I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
*/
struct ssl_session_internal_st;
struct ssl_session_st {
int ssl_version; /* what ssl version session info is
* being kept in here? */
int master_key_length;
unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
/* session_id - valid? */
unsigned int session_id_length;
unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
/* this is used to determine whether the session is being reused in
* the appropriate context. It is up to the application to set this,
* via SSL_new */
unsigned int sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
/* This is the cert for the other end. */
X509 *peer;
/* when app_verify_callback accepts a session where the peer's certificate
* is not ok, we must remember the error for session reuse: */
long verify_result; /* only for servers */
long timeout;
time_t time;
int references;
const SSL_CIPHER *cipher;
unsigned long cipher_id; /* when ASN.1 loaded, this
* needs to be used to load
* the 'cipher' structure */
STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
char *tlsext_hostname;
/* RFC4507 info */
unsigned char *tlsext_tick; /* Session ticket */
size_t tlsext_ticklen; /* Session ticket length */
long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
struct ssl_session_internal_st *internal;
};
#endif
/* Allow initial connection to servers that don't support RI */
#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
@@ -520,6 +413,9 @@ struct ssl_session_st {
#define SSL_OP_NO_TLSv1_3 0x20000000L
#endif
#define SSL_OP_NO_DTLSv1 0x40000000L
#define SSL_OP_NO_DTLSv1_2 0x80000000L
/* SSL_OP_ALL: various bug workarounds that should be rather harmless. */
#define SSL_OP_ALL \
(SSL_OP_LEGACY_SERVER_CONNECT)
@@ -609,9 +505,19 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);
void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb);
SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx);
int SSL_set_num_tickets(SSL *s, size_t num_tickets);
size_t SSL_get_num_tickets(const SSL *s);
int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s);
#ifndef LIBRESSL_INTERNAL
struct ssl_aead_ctx_st;
typedef struct ssl_aead_ctx_st SSL_AEAD_CTX;
#endif
#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
@@ -635,58 +541,11 @@ typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
typedef struct ssl_comp_st SSL_COMP;
#ifndef OPENSSL_NO_SSL_INTERN
struct ssl_comp_st {
int id;
const char *name;
};
#ifdef LIBRESSL_INTERNAL
DECLARE_STACK_OF(SSL_COMP)
struct lhash_st_SSL_SESSION {
int dummy;
};
struct ssl_ctx_internal_st;
struct ssl_ctx_st {
const SSL_METHOD *method;
STACK_OF(SSL_CIPHER) *cipher_list;
struct x509_store_st /* X509_STORE */ *cert_store;
/* If timeout is not 0, it is the default timeout value set
* when SSL_new() is called. This has been put in to make
* life easier to set things up */
long session_timeout;
int references;
/* Default values to use in SSL structures follow (these are copied by SSL_new) */
STACK_OF(X509) *extra_certs;
int verify_mode;
unsigned int sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
X509_VERIFY_PARAM *param;
/*
* XXX
* default_passwd_cb used by python and openvpn, need to keep it until we
* add an accessor
*/
/* Default password callback. */
pem_password_cb *default_passwd_callback;
/* Default password callback user data. */
void *default_passwd_callback_userdata;
struct ssl_ctx_internal_st *internal;
};
#endif
#define SSL_SESS_CACHE_OFF 0x0000
@@ -782,6 +641,12 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
unsigned int *len);
#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md,
const unsigned char **id, size_t *idlen, SSL_SESSION **sess);
void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb);
#endif
#define SSL_NOTHING 1
#define SSL_WRITING 2
#define SSL_READING 3
@@ -796,85 +661,6 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
#define SSL_MAC_FLAG_READ_MAC_STREAM 1
#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
#ifndef OPENSSL_NO_SSL_INTERN
struct ssl_internal_st;
struct ssl_st {
/* protocol version
* (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
*/
int version;
const SSL_METHOD *method; /* SSLv3 */
/* There are 2 BIO's even though they are normally both the
* same. This is so data can be read and written to different
* handlers */
BIO *rbio; /* used by SSL_read */
BIO *wbio; /* used by SSL_write */
BIO *bbio; /* used during session-id reuse to concatenate
* messages */
int server; /* are we the server side? - mostly used by SSL_clear*/
struct ssl3_state_st *s3; /* SSLv3 variables */
struct dtls1_state_st *d1; /* DTLSv1 variables */
X509_VERIFY_PARAM *param;
/* crypto */
STACK_OF(SSL_CIPHER) *cipher_list;
/* This is used to hold the server certificate used */
struct cert_st /* CERT */ *cert;
/* the session_id_context is used to ensure sessions are only reused
* in the appropriate context */
unsigned int sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
/* This can also be in the session once a session is established */
SSL_SESSION *session;
/* Used in SSL2 and SSL3 */
int verify_mode; /* 0 don't care about verify failure.
* 1 fail if verify fails */
int error; /* error bytes to be written */
int error_code; /* actual code */
SSL_CTX *ctx;
long verify_result;
int references;
int client_version; /* what was passed, used for
* SSLv3/TLS rollback check */
unsigned int max_send_fragment;
char *tlsext_hostname;
/* certificate status request info */
/* Status type or -1 if no status type */
int tlsext_status_type;
SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
#define session_ctx initial_ctx
/*
* XXX really should be internal, but is
* touched unnaturally by wpa-supplicant
* and freeradius and other perversions
*/
EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
EVP_MD_CTX *read_hash; /* used for mac generation */
struct ssl_internal_st *internal;
};
#endif
#ifdef __cplusplus
}
#endif
@@ -954,6 +740,13 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
#define SSL_VERIFY_PEER 0x01
#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
#define SSL_VERIFY_CLIENT_ONCE 0x04
#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
#define SSL_VERIFY_POST_HANDSHAKE 0x08
int SSL_verify_client_post_handshake(SSL *s);
void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val);
void SSL_set_post_handshake_auth(SSL *s, int val);
#endif
#define OpenSSL_add_ssl_algorithms() SSL_library_init()
#define SSLeay_add_ssl_algorithms() SSL_library_init()
@@ -982,40 +775,53 @@ SSL_SESSION *PEM_read_SSL_SESSION(FILE *fp, SSL_SESSION **x,
int PEM_write_bio_SSL_SESSION(BIO *bp, SSL_SESSION *x);
int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
#define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value from SSL_AD_... */
/*
* TLS Alerts.
*
* https://www.iana.org/assignments/tls-parameters/#tls-parameters-6
*/
/* These alert types are for SSLv3 and TLSv1 */
#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */
#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */
#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */
#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */
#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */
#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */
#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */
#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */
#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */
#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */
#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION
#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
/* Obsolete alerts. */
#ifndef LIBRESSL_INTERNAL
#define SSL_AD_DECRYPTION_FAILED 21 /* Removed in TLSv1.1 */
#define SSL_AD_NO_CERTIFICATE 41 /* Removed in TLSv1.0 */
#define SSL_AD_EXPORT_RESTRICTION 60 /* Removed in TLSv1.1 */
#endif
#define SSL_AD_CLOSE_NOTIFY 0
#define SSL_AD_UNEXPECTED_MESSAGE 10
#define SSL_AD_BAD_RECORD_MAC 20
#define SSL_AD_RECORD_OVERFLOW 22
#define SSL_AD_DECOMPRESSION_FAILURE 30 /* Removed in TLSv1.3 */
#define SSL_AD_HANDSHAKE_FAILURE 40
#define SSL_AD_BAD_CERTIFICATE 42
#define SSL_AD_UNSUPPORTED_CERTIFICATE 43
#define SSL_AD_CERTIFICATE_REVOKED 44
#define SSL_AD_CERTIFICATE_EXPIRED 45
#define SSL_AD_CERTIFICATE_UNKNOWN 46
#define SSL_AD_ILLEGAL_PARAMETER 47
#define SSL_AD_UNKNOWN_CA 48
#define SSL_AD_ACCESS_DENIED 49
#define SSL_AD_DECODE_ERROR 50
#define SSL_AD_DECRYPT_ERROR 51
#define SSL_AD_PROTOCOL_VERSION 70
#define SSL_AD_INSUFFICIENT_SECURITY 71
#define SSL_AD_INTERNAL_ERROR 80
#define SSL_AD_INAPPROPRIATE_FALLBACK 86
#define SSL_AD_USER_CANCELLED 90
#define SSL_AD_NO_RENEGOTIATION 100 /* Removed in TLSv1.3 */
#define SSL_AD_MISSING_EXTENSION 109 /* Added in TLSv1.3. */
#define SSL_AD_UNSUPPORTED_EXTENSION 110
#define SSL_AD_CERTIFICATE_UNOBTAINABLE 111 /* Removed in TLSv1.3 */
#define SSL_AD_UNRECOGNIZED_NAME 112
#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE 114 /* Removed in TLSv1.3 */
#define SSL_AD_UNKNOWN_PSK_IDENTITY 115
#define SSL_AD_CERTIFICATE_REQUIRED 116
#define SSL_AD_NO_APPLICATION_PROTOCOL 120
/* Offset to get an SSL_R_... value from an SSL_AD_... value. */
#define SSL_AD_REASON_OFFSET 1000
#define SSL_ERROR_NONE 0
#define SSL_ERROR_SSL 1
@@ -1088,6 +894,7 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67
@@ -1127,6 +934,7 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
#define SSL_CTRL_SET_ECDH_AUTO 94
#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
#define SSL_CTRL_GET_PEER_SIGNATURE_NID 108
#define SSL_CTRL_GET_PEER_TMP_KEY 109
#define SSL_CTRL_GET_SERVER_TMP_KEY SSL_CTRL_GET_PEER_TMP_KEY
#else
@@ -1142,6 +950,10 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
#define SSL_CTRL_GET_MIN_PROTO_VERSION 130
#define SSL_CTRL_GET_MAX_PROTO_VERSION 131
#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
#define SSL_CTRL_GET_SIGNATURE_NID 132
#endif
#define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
#define DTLSv1_handle_timeout(ssl) \
@@ -1214,6 +1026,8 @@ int SSL_get_max_proto_version(SSL *ssl);
int SSL_set_min_proto_version(SSL *ssl, uint16_t version);
int SSL_set_max_proto_version(SSL *ssl, uint16_t version);
const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx);
#ifndef LIBRESSL_INTERNAL
#define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS
#define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST
@@ -1237,8 +1051,17 @@ int SSL_set_max_proto_version(SSL *ssl, uint16_t version);
SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
#define SSL_get_signature_nid(s, pn) \
SSL_ctrl(s, SSL_CTRL_GET_SIGNATURE_NID, 0, pn)
#define SSL_get_peer_signature_nid(s, pn) \
SSL_ctrl(s, SSL_CTRL_GET_PEER_SIGNATURE_NID, 0, pn)
#define SSL_get_peer_tmp_key(s, pk) \
SSL_ctrl(s, SSL_CTRL_GET_PEER_TMP_KEY, 0, pk)
int SSL_get_signature_type_nid(const SSL *ssl, int *nid);
int SSL_get_peer_signature_type_nid(const SSL *ssl, int *nid);
#endif /* LIBRESSL_HAS_TLS1_3 || LIBRESSL_INTERNAL */
#ifndef LIBRESSL_INTERNAL
@@ -1296,6 +1119,7 @@ long SSL_CTX_get_timeout(const SSL_CTX *ctx);
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
int SSL_want(const SSL *s);
int SSL_clear(SSL *s);
@@ -1309,6 +1133,7 @@ const char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c);
const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);
int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c);
int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
@@ -1327,6 +1152,7 @@ int SSL_set_rfd(SSL *s, int fd);
int SSL_set_wfd(SSL *s, int fd);
void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
BIO * SSL_get_rbio(const SSL *s);
void SSL_set0_rbio(SSL *s, BIO *rbio);
BIO * SSL_get_wbio(const SSL *s);
int SSL_set_cipher_list(SSL *s, const char *str);
#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
@@ -1349,6 +1175,7 @@ int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
int SSL_use_certificate_chain_file(SSL *ssl, const char *file);
int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
@@ -1365,6 +1192,7 @@ const char *SSL_state_string(const SSL *s);
const char *SSL_rstate_string(const SSL *s);
const char *SSL_state_string_long(const SSL *s);
const char *SSL_rstate_string_long(const SSL *s);
const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *ss);
size_t SSL_SESSION_get_master_key(const SSL_SESSION *ss,
unsigned char *out, size_t max_out);
int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
@@ -1378,6 +1206,9 @@ int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
unsigned int sid_len);
int SSL_SESSION_set1_id_context(SSL_SESSION *s,
const unsigned char *sid_ctx, unsigned int sid_ctx_len);
#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
int SSL_SESSION_is_resumable(const SSL_SESSION *s);
#endif
SSL_SESSION *SSL_SESSION_new(void);
void SSL_SESSION_free(SSL_SESSION *ses);
@@ -1443,9 +1274,8 @@ int SSL_set_purpose(SSL *s, int purpose);
int SSL_CTX_set_trust(SSL_CTX *s, int trust);
int SSL_set_trust(SSL *s, int trust);
int SSL_set1_host(SSL *s, const char *hostname);
#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
void SSL_set_hostflags(SSL *s, unsigned int flags);
const char *SSL_get0_peername(SSL *s);
#endif
X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx);
int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
@@ -1457,10 +1287,14 @@ void SSL_free(SSL *ssl);
int SSL_up_ref(SSL *ssl);
int SSL_accept(SSL *ssl);
int SSL_connect(SSL *ssl);
int SSL_is_dtls(const SSL *s);
int SSL_is_server(const SSL *s);
int SSL_read(SSL *ssl, void *buf, int num);
int SSL_peek(SSL *ssl, void *buf, int num);
int SSL_write(SSL *ssl, const void *buf, int num);
int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_read);
int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_peeked);
int SSL_write_ex(SSL *ssl, const void *buf, size_t num, size_t *bytes_written);
#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx);
@@ -1516,6 +1350,10 @@ const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
const SSL_METHOD *DTLSv1_2_method(void); /* DTLSv1.2 */
const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */
const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */
const SSL_METHOD *DTLS_method(void); /* DTLS v1.0 or later */
const SSL_METHOD *DTLS_server_method(void); /* DTLS v1.0 or later */
const SSL_METHOD *DTLS_client_method(void); /* DTLS v1.0 or later */
@@ -2035,6 +1873,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_MISSING_VERIFY_MESSAGE 174
#define SSL_R_MULTIPLE_SGC_RESTARTS 346
#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
#define SSL_R_NO_APPLICATION_PROTOCOL 235
#define SSL_R_NO_CERTIFICATES_RETURNED 176
#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
#define SSL_R_NO_CERTIFICATE_RETURNED 178

46
externals/libressl/include/openssl/ssl3.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ssl3.h,v 1.51 2020/06/05 18:14:05 jsing Exp $ */
/* $OpenBSD: ssl3.h,v 1.57 2021/09/10 14:49:13 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -292,11 +292,11 @@ extern "C" {
#define SSL3_RT_ALERT 21
#define SSL3_RT_HANDSHAKE 22
#define SSL3_RT_APPLICATION_DATA 23
#define TLS1_RT_HEARTBEAT 24
#define SSL3_AL_WARNING 1
#define SSL3_AL_FATAL 2
#ifndef LIBRESSL_INTERNAL
#define SSL3_AD_CLOSE_NOTIFY 0
#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */
#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */
@@ -309,34 +309,11 @@ extern "C" {
#define SSL3_AD_CERTIFICATE_EXPIRED 45
#define SSL3_AD_CERTIFICATE_UNKNOWN 46
#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
#endif
#define TLS1_HB_REQUEST 1
#define TLS1_HB_RESPONSE 2
#ifndef OPENSSL_NO_SSL_INTERN
#ifndef LIBRESSL_INTERNAL
typedef struct ssl3_record_st {
/*r */ int type; /* type of record */
/*rw*/ unsigned int length; /* How many bytes available */
/*r */ unsigned int off; /* read/write offset into 'buf' */
/*rw*/ unsigned char *data; /* pointer to the record data */
/*rw*/ unsigned char *input; /* where the decode bytes are */
/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */
/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
} SSL3_RECORD;
typedef struct ssl3_buffer_st {
unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
* see ssl3_setup_buffers() */
size_t len; /* buffer size */
int offset; /* where to 'copy from' */
int left; /* how many bytes left */
} SSL3_BUFFER;
#endif
#endif
#define SSL3_CT_RSA_SIGN 1
#define SSL3_CT_DSS_SIGN 2
#define SSL3_CT_RSA_FIXED_DH 3
@@ -355,21 +332,6 @@ typedef struct ssl3_buffer_st {
#define TLS1_FLAGS_FREEZE_TRANSCRIPT 0x0020
#define SSL3_FLAGS_CCS_OK 0x0080
#ifndef OPENSSL_NO_SSL_INTERN
struct ssl3_state_internal_st;
typedef struct ssl3_state_st {
long flags;
unsigned char server_random[SSL3_RANDOM_SIZE];
unsigned char client_random[SSL3_RANDOM_SIZE];
struct ssl3_state_internal_st *internal;
} SSL3_STATE;
#endif
/* SSLv3 */
/*client */
/* extra state */
@@ -475,6 +437,7 @@ typedef struct ssl3_state_st {
#define SSL3_MT_CCS 1
#ifndef LIBRESSL_INTERNAL
/* These are used when changing over to a new cipher */
#define SSL3_CC_READ 0x01
#define SSL3_CC_WRITE 0x02
@@ -484,6 +447,7 @@ typedef struct ssl3_state_st {
#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ)
#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ)
#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
#endif
#ifdef __cplusplus
}

31
externals/libressl/include/openssl/tls1.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: tls1.h,v 1.41 2020/06/05 18:14:05 jsing Exp $ */
/* $OpenBSD: tls1.h,v 1.51 2022/02/05 18:18:18 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -177,18 +177,7 @@ extern "C" {
#define TLS1_VERSION_MAJOR 0x03
#define TLS1_VERSION_MINOR 0x01
#define TLS1_get_version(s) \
((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
#define TLS1_get_client_version(s) \
((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
/*
* TLS Alert codes.
*
* https://www.iana.org/assignments/tls-parameters/#tls-parameters-6
*/
#ifndef LIBRESSL_INTERNAL
#define TLS1_AD_DECRYPTION_FAILED 21
#define TLS1_AD_RECORD_OVERFLOW 22
#define TLS1_AD_UNKNOWN_CA 48 /* fatal */
@@ -211,6 +200,7 @@ extern "C" {
#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
/* Code 115 from RFC 4279. */
#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
#endif
/*
* TLS ExtensionType values.
@@ -328,6 +318,9 @@ SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
#define SSL_set_tlsext_debug_arg(ssl, arg) \
SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
#define SSL_get_tlsext_status_type(ssl) \
SSL_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE, 0, NULL)
#define SSL_set_tlsext_status_type(ssl, type) \
SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
@@ -729,6 +722,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
#define TLS1_3_TXT_CHACHA20_POLY1305_SHA256 "AEAD-CHACHA20-POLY1305-SHA256"
#define TLS1_3_TXT_AES_128_CCM_SHA256 "AEAD-AES128-CCM-SHA256"
#define TLS1_3_TXT_AES_128_CCM_8_SHA256 "AEAD-AES128-CCM-8-SHA256"
#define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256"
#define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384"
#define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256"
#define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256"
#define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256"
#endif
#define TLS_CT_RSA_SIGN 1
@@ -768,12 +767,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
#define TLS_MD_MASTER_SECRET_CONST "master secret"
#define TLS_MD_MASTER_SECRET_CONST_SIZE 13
/* TLS Session Ticket extension struct. */
struct tls_session_ticket_ext_st {
unsigned short length;
void *data;
};
#ifdef __cplusplus
}
#endif

295
externals/libressl/include/openssl/x509.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: x509.h,v 1.74 2018/08/24 20:26:03 tb Exp $ */
/* $OpenBSD: x509.h,v 1.89 2022/01/10 14:13:03 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -140,171 +140,43 @@ extern "C" {
#define X509v3_KU_DECIPHER_ONLY 0x8000
#define X509v3_KU_UNDEF 0xffff
typedef struct X509_objects_st
{
int nid;
int (*a2i)(void);
int (*i2a)(void);
} X509_OBJECTS;
struct X509_algor_st
{
struct X509_algor_st {
ASN1_OBJECT *algorithm;
ASN1_TYPE *parameter;
} /* X509_ALGOR */;
} /* X509_ALGOR */;
typedef STACK_OF(X509_ALGOR) X509_ALGORS;
typedef struct X509_val_st
{
typedef struct X509_val_st {
ASN1_TIME *notBefore;
ASN1_TIME *notAfter;
} X509_VAL;
} X509_VAL;
struct X509_pubkey_st
{
X509_ALGOR *algor;
ASN1_BIT_STRING *public_key;
EVP_PKEY *pkey;
};
typedef struct X509_sig_st X509_SIG;
typedef struct X509_sig_st
{
X509_ALGOR *algor;
ASN1_OCTET_STRING *digest;
} X509_SIG;
typedef struct X509_name_entry_st
{
ASN1_OBJECT *object;
ASN1_STRING *value;
int set;
int size; /* temp variable */
} X509_NAME_ENTRY;
typedef struct X509_name_entry_st X509_NAME_ENTRY;
DECLARE_STACK_OF(X509_NAME_ENTRY)
/* we always keep X509_NAMEs in 2 forms. */
struct X509_name_st
{
STACK_OF(X509_NAME_ENTRY) *entries;
int modified; /* true if 'bytes' needs to be built */
#ifndef OPENSSL_NO_BUFFER
BUF_MEM *bytes;
#else
char *bytes;
#endif
/* unsigned long hash; Keep the hash around for lookups */
unsigned char *canon_enc;
int canon_enclen;
} /* X509_NAME */;
DECLARE_STACK_OF(X509_NAME)
#define X509_EX_V_NETSCAPE_HACK 0x8000
#define X509_EX_V_INIT 0x0001
typedef struct X509_extension_st
{
ASN1_OBJECT *object;
ASN1_BOOLEAN critical;
ASN1_OCTET_STRING *value;
} X509_EXTENSION;
typedef struct X509_extension_st X509_EXTENSION;
typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
DECLARE_STACK_OF(X509_EXTENSION)
/* a sequence of these are used */
typedef struct x509_attributes_st
{
ASN1_OBJECT *object;
int single; /* 0 for a set, 1 for a single item (which is wrong) */
union {
char *ptr;
/* 0 */ STACK_OF(ASN1_TYPE) *set;
/* 1 */ ASN1_TYPE *single;
} value;
} X509_ATTRIBUTE;
typedef struct x509_attributes_st X509_ATTRIBUTE;
DECLARE_STACK_OF(X509_ATTRIBUTE)
typedef struct X509_req_info_st X509_REQ_INFO;
typedef struct X509_req_info_st
{
ASN1_ENCODING enc;
ASN1_INTEGER *version;
X509_NAME *subject;
X509_PUBKEY *pubkey;
/* d=2 hl=2 l= 0 cons: cont: 00 */
STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
} X509_REQ_INFO;
typedef struct X509_req_st X509_REQ;
typedef struct X509_req_st
{
X509_REQ_INFO *req_info;
X509_ALGOR *sig_alg;
ASN1_BIT_STRING *signature;
int references;
} X509_REQ;
typedef struct x509_cert_aux_st X509_CERT_AUX;
typedef struct x509_cinf_st
{
ASN1_INTEGER *version; /* [ 0 ] default of v1 */
ASN1_INTEGER *serialNumber;
X509_ALGOR *signature;
X509_NAME *issuer;
X509_VAL *validity;
X509_NAME *subject;
X509_PUBKEY *key;
ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
ASN1_ENCODING enc;
} X509_CINF;
/* This stuff is certificate "auxiliary info"
* it contains details which are useful in certificate
* stores and databases. When used this is tagged onto
* the end of the certificate itself
*/
typedef struct x509_cert_aux_st
{
STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
ASN1_UTF8STRING *alias; /* "friendly name" */
ASN1_OCTET_STRING *keyid; /* key id of private key */
STACK_OF(X509_ALGOR) *other; /* other unspecified info */
} X509_CERT_AUX;
struct x509_st
{
X509_CINF *cert_info;
X509_ALGOR *sig_alg;
ASN1_BIT_STRING *signature;
int valid;
int references;
char *name;
CRYPTO_EX_DATA ex_data;
/* These contain copies of various extension values */
long ex_pathlen;
long ex_pcpathlen;
unsigned long ex_flags;
unsigned long ex_kusage;
unsigned long ex_xkusage;
unsigned long ex_nscert;
ASN1_OCTET_STRING *skid;
AUTHORITY_KEYID *akid;
X509_POLICY_CACHE *policy_cache;
STACK_OF(DIST_POINT) *crldp;
STACK_OF(GENERAL_NAME) *altname;
NAME_CONSTRAINTS *nc;
#ifndef OPENSSL_NO_SHA
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
#endif
X509_CERT_AUX *aux;
} /* X509 */;
typedef struct x509_cinf_st X509_CINF;
DECLARE_STACK_OF(X509)
@@ -321,13 +193,9 @@ typedef struct x509_trust_st {
DECLARE_STACK_OF(X509_TRUST)
typedef struct x509_cert_pair_st {
X509 *forward;
X509 *reverse;
} X509_CERT_PAIR;
/* standard trust ids */
/* OpenSSL changed this to 0 */
#define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */
#define X509_TRUST_COMPAT 1
@@ -428,61 +296,13 @@ typedef struct x509_cert_pair_st {
XN_FLAG_FN_LN | \
XN_FLAG_FN_ALIGN)
struct x509_revoked_st
{
ASN1_INTEGER *serialNumber;
ASN1_TIME *revocationDate;
STACK_OF(X509_EXTENSION) /* optional */ *extensions;
/* Set up if indirect CRL */
STACK_OF(GENERAL_NAME) *issuer;
/* Revocation reason */
int reason;
int sequence; /* load sequence */
};
DECLARE_STACK_OF(X509_REVOKED)
typedef struct X509_crl_info_st
{
ASN1_INTEGER *version;
X509_ALGOR *sig_alg;
X509_NAME *issuer;
ASN1_TIME *lastUpdate;
ASN1_TIME *nextUpdate;
STACK_OF(X509_REVOKED) *revoked;
STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
ASN1_ENCODING enc;
} X509_CRL_INFO;
struct X509_crl_st
{
/* actual signature */
X509_CRL_INFO *crl;
X509_ALGOR *sig_alg;
ASN1_BIT_STRING *signature;
int references;
int flags;
/* Copies of various extensions */
AUTHORITY_KEYID *akid;
ISSUING_DIST_POINT *idp;
/* Convenient breakdown of IDP */
int idp_flags;
int idp_reasons;
/* CRL and base CRL numbers for delta processing */
ASN1_INTEGER *crl_number;
ASN1_INTEGER *base_crl_number;
#ifndef OPENSSL_NO_SHA
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
#endif
STACK_OF(GENERAL_NAMES) *issuers;
const X509_CRL_METHOD *meth;
void *meth_data;
} /* X509_CRL */;
typedef struct X509_crl_info_st X509_CRL_INFO;
DECLARE_STACK_OF(X509_CRL)
typedef struct private_key_st
{
typedef struct private_key_st {
int version;
/* The PKCS#8 data types */
X509_ALGOR *enc_algor;
@@ -500,11 +320,10 @@ typedef struct private_key_st
EVP_CIPHER_INFO cipher;
int references;
} X509_PKEY;
} X509_PKEY;
#ifndef OPENSSL_NO_EVP
typedef struct X509_info_st
{
typedef struct X509_info_st {
X509 *x509;
X509_CRL *crl;
X509_PKEY *x_pkey;
@@ -514,7 +333,7 @@ typedef struct X509_info_st
char *enc_data;
int references;
} X509_INFO;
} X509_INFO;
DECLARE_STACK_OF(X509_INFO)
#endif
@@ -523,64 +342,46 @@ DECLARE_STACK_OF(X509_INFO)
* Pat Richard <patr@x509.com> and are used to manipulate
* Netscapes spki structures - useful if you are writing a CA web page
*/
typedef struct Netscape_spkac_st
{
typedef struct Netscape_spkac_st {
X509_PUBKEY *pubkey;
ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */
} NETSCAPE_SPKAC;
} NETSCAPE_SPKAC;
typedef struct Netscape_spki_st
{
typedef struct Netscape_spki_st {
NETSCAPE_SPKAC *spkac; /* signed public key and challenge */
X509_ALGOR *sig_algor;
ASN1_BIT_STRING *signature;
} NETSCAPE_SPKI;
} NETSCAPE_SPKI;
/* Netscape certificate sequence structure */
typedef struct Netscape_certificate_sequence
{
typedef struct Netscape_certificate_sequence {
ASN1_OBJECT *type;
STACK_OF(X509) *certs;
} NETSCAPE_CERT_SEQUENCE;
} NETSCAPE_CERT_SEQUENCE;
/* Unused (and iv length is wrong)
typedef struct CBCParameter_st
{
unsigned char iv[8];
} CBC_PARAM;
*/
/* Password based encryption structure */
typedef struct PBEPARAM_st {
ASN1_OCTET_STRING *salt;
ASN1_INTEGER *iter;
ASN1_OCTET_STRING *salt;
ASN1_INTEGER *iter;
} PBEPARAM;
/* Password based encryption V2 structures */
typedef struct PBE2PARAM_st {
X509_ALGOR *keyfunc;
X509_ALGOR *encryption;
X509_ALGOR *keyfunc;
X509_ALGOR *encryption;
} PBE2PARAM;
typedef struct PBKDF2PARAM_st {
ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */
ASN1_INTEGER *iter;
ASN1_INTEGER *keylength;
X509_ALGOR *prf;
/* Usually OCTET STRING but could be anything */
ASN1_TYPE *salt;
ASN1_INTEGER *iter;
ASN1_INTEGER *keylength;
X509_ALGOR *prf;
} PBKDF2PARAM;
/* PKCS#8 private key info structure */
struct pkcs8_priv_key_info_st {
ASN1_INTEGER *version;
X509_ALGOR *pkeyalg;
ASN1_OCTET_STRING *pkey;
STACK_OF(X509_ATTRIBUTE) *attributes;
};
#ifdef __cplusplus
}
#endif
@@ -592,9 +393,6 @@ struct pkcs8_priv_key_info_st {
extern "C" {
#endif
#define X509_EXT_PACK_UNKNOWN 1
#define X509_EXT_PACK_STRING 2
#define X509_extract_key(x) X509_get_pubkey(x) /*****/
#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b))
@@ -602,6 +400,8 @@ extern "C" {
int X509_CRL_up_ref(X509_CRL *x);
int X509_CRL_get_signature_nid(const X509_CRL *crl);
int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp);
const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
long X509_CRL_get_version(const X509_CRL *crl);
const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
@@ -630,10 +430,7 @@ void X509_CRL_METHOD_free(X509_CRL_METHOD *m);
void X509_CRL_set_meth_data(X509_CRL *crl, void *dat);
void *X509_CRL_get_meth_data(X509_CRL *crl);
/* This one is only used so that a binary form can output, as in
* i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x);
const char *X509_verify_cert_error_string(long n);
@@ -692,6 +489,7 @@ int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
#ifndef OPENSSL_NO_DSA
DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
#endif
#ifndef OPENSSL_NO_EC
@@ -832,6 +630,11 @@ void X509_SIG_free(X509_SIG *a);
X509_SIG *d2i_X509_SIG(X509_SIG **a, const unsigned char **in, long len);
int i2d_X509_SIG(X509_SIG *a, unsigned char **out);
extern const ASN1_ITEM X509_SIG_it;
void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
const ASN1_OCTET_STRING **pdigest);
void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
ASN1_OCTET_STRING **pdigest);
X509_REQ_INFO *X509_REQ_INFO_new(void);
void X509_REQ_INFO_free(X509_REQ_INFO *a);
X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a, const unsigned char **in, long len);
@@ -890,18 +693,15 @@ X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, const unsigned char **in, lo
int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **out);
extern const ASN1_ITEM X509_CERT_AUX_it;
X509_CERT_PAIR *X509_CERT_PAIR_new(void);
void X509_CERT_PAIR_free(X509_CERT_PAIR *a);
X509_CERT_PAIR *d2i_X509_CERT_PAIR(X509_CERT_PAIR **a, const unsigned char **in, long len);
int i2d_X509_CERT_PAIR(X509_CERT_PAIR *a, unsigned char **out);
extern const ASN1_ITEM X509_CERT_PAIR_it;
int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
int X509_set_ex_data(X509 *r, int idx, void *arg);
void *X509_get_ex_data(X509 *r, int idx);
int i2d_X509_AUX(X509 *a,unsigned char **pp);
X509 * d2i_X509_AUX(X509 **a,const unsigned char **pp,long length);
int i2d_re_X509_tbs(X509 *x, unsigned char **pp);
void X509_get0_signature(const ASN1_BIT_STRING **psig,
const X509_ALGOR **palg, const X509 *x);
int X509_get_signature_nid(const X509 *x);
@@ -1014,6 +814,8 @@ int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
X509_NAME *X509_REQ_get_subject_name(const X509_REQ *x);
int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req);
int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
EVP_PKEY * X509_REQ_get0_pubkey(X509_REQ *req);
int X509_REQ_extension_nid(int nid);
int * X509_REQ_get_extension_nids(void);
void X509_REQ_set_extension_nids(int *nids);
@@ -1403,6 +1205,7 @@ void ERR_load_X509_strings(void);
#define X509_R_LOADING_CERT_DIR 103
#define X509_R_LOADING_DEFAULTS 104
#define X509_R_METHOD_NOT_SUPPORTED 124
#define X509_R_NO_CERTIFICATE_OR_CRL_FOUND 136
#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
#define X509_R_PUBLIC_KEY_DECODE_ERROR 125
#define X509_R_PUBLIC_KEY_ENCODE_ERROR 126

3
externals/libressl/include/openssl/x509_verify.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: x509_verify.h,v 1.1 2020/09/13 15:06:17 beck Exp $ */
/* $OpenBSD: x509_verify.h,v 1.2 2021/11/04 23:52:34 beck Exp $ */
/*
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
*
@@ -19,6 +19,7 @@
#ifdef LIBRESSL_INTERNAL
struct x509_verify_ctx;
struct x509_verify_cert_info;
typedef struct x509_verify_ctx X509_VERIFY_CTX;
X509_VERIFY_CTX *x509_verify_ctx_new(STACK_OF(X509) *roots);

283
externals/libressl/include/openssl/x509_vfy.h vendored
View File

@@ -1,25 +1,25 @@
/* $OpenBSD: x509_vfy.h,v 1.31 2020/09/13 15:06:17 beck Exp $ */
/* $OpenBSD: x509_vfy.h,v 1.50 2022/01/14 07:53:45 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -77,197 +77,40 @@
extern "C" {
#endif
typedef struct x509_file_st
{
int num_paths; /* number of paths to files or directories */
int num_alloced;
char **paths; /* the list of paths or directories */
int *path_type;
} X509_CERT_FILE_CTX;
/*******************************/
/*
SSL_CTX -> X509_STORE
-> X509_LOOKUP
->X509_LOOKUP_METHOD
-> X509_LOOKUP
->X509_LOOKUP_METHOD
SSL -> X509_STORE_CTX
->X509_STORE
* SSL_CTX -> X509_STORE
* -> X509_LOOKUP
* ->X509_LOOKUP_METHOD
* -> X509_LOOKUP
* ->X509_LOOKUP_METHOD
*
* SSL -> X509_STORE_CTX
* ->X509_STORE
*
* The X509_STORE holds the tables etc for verification stuff.
* A X509_STORE_CTX is used while validating a single certificate.
* The X509_STORE has X509_LOOKUPs for looking up certs.
* The X509_STORE then calls a function to actually verify the
* certificate chain.
*/
The X509_STORE holds the tables etc for verification stuff.
A X509_STORE_CTX is used while validating a single certificate.
The X509_STORE has X509_LOOKUPs for looking up certs.
The X509_STORE then calls a function to actually verify the
certificate chain.
*/
typedef enum {
X509_LU_NONE,
X509_LU_X509,
X509_LU_CRL,
} X509_LOOKUP_TYPE;
#define X509_LU_RETRY -1
#define X509_LU_FAIL 0
#define X509_LU_X509 1
#define X509_LU_CRL 2
#define X509_LU_PKEY 3
typedef struct x509_object_st
{
/* one of the above types */
int type;
union {
char *ptr;
X509 *x509;
X509_CRL *crl;
EVP_PKEY *pkey;
} data;
} X509_OBJECT;
typedef struct x509_lookup_st X509_LOOKUP;
DECLARE_STACK_OF(X509_LOOKUP)
DECLARE_STACK_OF(X509_OBJECT)
/* This is a static that defines the function interface */
typedef struct x509_lookup_method_st
{
const char *name;
int (*new_item)(X509_LOOKUP *ctx);
void (*free)(X509_LOOKUP *ctx);
int (*init)(X509_LOOKUP *ctx);
int (*shutdown)(X509_LOOKUP *ctx);
int (*ctrl)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
char **ret);
int (*get_by_subject)(X509_LOOKUP *ctx, int type, X509_NAME *name,
X509_OBJECT *ret);
int (*get_by_issuer_serial)(X509_LOOKUP *ctx, int type, X509_NAME *name,
ASN1_INTEGER *serial,X509_OBJECT *ret);
int (*get_by_fingerprint)(X509_LOOKUP *ctx, int type,
const unsigned char *bytes, int len, X509_OBJECT *ret);
int (*get_by_alias)(X509_LOOKUP *ctx, int type, const char *str,
int len, X509_OBJECT *ret);
} X509_LOOKUP_METHOD;
typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID;
/* This structure hold all parameters associated with a verify operation
* by including an X509_VERIFY_PARAM structure in related structures the
* parameters used can be customized
*/
typedef struct X509_VERIFY_PARAM_st
{
char *name;
time_t check_time; /* Time to use */
unsigned long inh_flags; /* Inheritance flags */
unsigned long flags; /* Various verify flags */
int purpose; /* purpose to check untrusted certificates */
int trust; /* trust setting to check */
int depth; /* Verify depth */
STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */
X509_VERIFY_PARAM_ID *id; /* opaque ID data */
} X509_VERIFY_PARAM;
DECLARE_STACK_OF(X509_VERIFY_PARAM)
/* This is used to hold everything. It is used for all certificate
* validation. Once we have a certificate chain, the 'verify'
* function is then called to actually check the cert chain. */
struct x509_store_st
{
/* The following is a cache of trusted certs */
int cache; /* if true, stash any hits */
STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
/* unused in OpenSSL */
typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID;
/* These are external lookup methods */
STACK_OF(X509_LOOKUP) *get_cert_methods;
X509_VERIFY_PARAM *param;
/* Callbacks for various operations */
int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
int (*cleanup)(X509_STORE_CTX *ctx);
CRYPTO_EX_DATA ex_data;
int references;
} /* X509_STORE */;
int X509_STORE_set_depth(X509_STORE *store, int depth);
#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
/* This is the functions plus an instance of the local variables. */
struct x509_lookup_st
{
int init; /* have we been started */
int skip; /* don't use us. */
X509_LOOKUP_METHOD *method; /* the functions */
char *method_data; /* method data */
X509_STORE *store_ctx; /* who owns us */
} /* X509_LOOKUP */;
/* This is a used when verifying cert chains. Since the
* gathering of the cert chain can take some time (and have to be
* 'retried', this needs to be kept and passed around. */
struct x509_store_ctx_st /* X509_STORE_CTX */
{
X509_STORE *ctx;
int current_method; /* used when looking up certs */
/* The following are set by the caller */
X509 *cert; /* The cert to check */
STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */
STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */
X509_VERIFY_PARAM *param;
void *other_ctx; /* Other info for use with get_issuer() */
/* Callbacks for various operations */
int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
int (*check_policy)(X509_STORE_CTX *ctx);
STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
int (*cleanup)(X509_STORE_CTX *ctx);
/* The following is built up */
int valid; /* if 0, rebuild chain */
int last_untrusted; /* index of last untrusted cert */
STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */
X509_POLICY_TREE *tree; /* Valid policy tree */
int explicit_policy; /* Require explicit policy value */
/* When something goes wrong, this is why */
int error_depth;
int error;
X509 *current_cert;
X509 *current_issuer; /* cert currently being tested as valid issuer */
X509_CRL *current_crl; /* current CRL */
int current_crl_score; /* score of current CRL */
unsigned int current_reasons; /* Reason mask */
X509_STORE_CTX *parent; /* For CRL path validation: parent context */
CRYPTO_EX_DATA ex_data;
} /* X509_STORE_CTX */;
void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
#define X509_STORE_CTX_set_app_data(ctx,data) \
@@ -422,21 +265,23 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
| X509_V_FLAG_INHIBIT_ANY \
| X509_V_FLAG_INHIBIT_MAP)
int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
X509_OBJECT *X509_OBJECT_new(void);
void X509_OBJECT_free(X509_OBJECT *a);
int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
X509_NAME *name);
X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name);
X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
X509_LOOKUP_TYPE type, X509_NAME *name);
X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);
int X509_OBJECT_up_ref_count(X509_OBJECT *a);
int X509_OBJECT_get_type(const X509_OBJECT *a);
void X509_OBJECT_free_contents(X509_OBJECT *a);
X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a);
X509 *X509_OBJECT_get0_X509(const X509_OBJECT *xo);
X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *xo);
X509_STORE *X509_STORE_new(void);
void X509_STORE_free(X509_STORE *v);
int X509_STORE_up_ref(X509_STORE *x);
STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *xs);
void *X509_STORE_get_ex_data(X509_STORE *xs, int idx);
int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
@@ -451,8 +296,14 @@ int X509_STORE_set_trust(X509_STORE *ctx, int trust);
int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *);
void X509_STORE_set_verify_cb(X509_STORE *ctx,
int (*verify_cb)(int, X509_STORE_CTX *));
int (*verify_cb)(int, X509_STORE_CTX *));
#define X509_STORE_set_verify_cb_func(ctx, func) \
X509_STORE_set_verify_cb((ctx), (func))
X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -479,8 +330,11 @@ X509_LOOKUP_METHOD *X509_LOOKUP_mem(void);
int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
X509_OBJECT *ret);
int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
X509_NAME *name, X509_OBJECT *ret);
#define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject
X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
X509_LOOKUP_TYPE type, X509_NAME *name);
int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
long argl, char **ret);
@@ -493,17 +347,17 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
void X509_LOOKUP_free(X509_LOOKUP *ctx);
int X509_LOOKUP_init(X509_LOOKUP *ctx);
int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
X509_OBJECT *ret);
int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
ASN1_INTEGER *serial, X509_OBJECT *ret);
int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
const unsigned char *bytes, int len, X509_OBJECT *ret);
int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, const char *str,
int len, X509_OBJECT *ret);
int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
X509_NAME *name, X509_OBJECT *ret);
int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
X509_NAME *name, ASN1_INTEGER *serial, X509_OBJECT *ret);
int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
const unsigned char *bytes, int len, X509_OBJECT *ret);
int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
const char *str, int len, X509_OBJECT *ret);
int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
int X509_STORE_load_locations (X509_STORE *ctx,
int X509_STORE_load_locations(X509_STORE *ctx,
const char *file, const char *dir);
int X509_STORE_load_mem(X509_STORE *ctx, void *buf, int len);
int X509_STORE_set_default_paths(X509_STORE *ctx);
@@ -515,7 +369,9 @@ void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth);
X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x);
X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
@@ -531,11 +387,24 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
time_t t);
void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
int (*X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx))(X509_STORE_CTX *);
void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
int (*verify)(X509_STORE_CTX *));
int (*X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx))(int, X509_STORE_CTX *);
void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
int (*verify_cb)(int, X509_STORE_CTX *));
typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx);
#define X509_STORE_set_verify_func(ctx, func) \
X509_STORE_set_verify((ctx), (func))
X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);
int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx);
X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
@@ -547,7 +416,7 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);
int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
const X509_VERIFY_PARAM *from);
int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
const X509_VERIFY_PARAM *from);
int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);
int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);
@@ -560,7 +429,7 @@ void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
ASN1_OBJECT *policy);
int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
STACK_OF(ASN1_OBJECT) *policies);
int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, const char *name,

203
externals/libressl/include/openssl/x509v3.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: x509v3.h,v 1.2 2020/09/13 15:06:17 beck Exp $ */
/* $OpenBSD: x509v3.h,v 1.14 2022/01/14 09:01:36 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@@ -206,8 +206,6 @@ union {
} d;
} GENERAL_NAME;
typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
typedef struct ACCESS_DESCRIPTION_st {
ASN1_OBJECT *method;
GENERAL_NAME *location;
@@ -219,6 +217,9 @@ typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
DECLARE_STACK_OF(GENERAL_NAME)
typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
DECLARE_STACK_OF(GENERAL_NAMES)
DECLARE_STACK_OF(ACCESS_DESCRIPTION)
typedef struct DIST_POINT_NAME_st {
@@ -446,7 +447,7 @@ struct ISSUING_DIST_POINT_st
#define NS_OBJSIGN_CA 0x01
#define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
#define XKU_SSL_SERVER 0x1
#define XKU_SSL_SERVER 0x1
#define XKU_SSL_CLIENT 0x2
#define XKU_SMIME 0x4
#define XKU_CODE_SIGN 0x8
@@ -454,6 +455,7 @@ struct ISSUING_DIST_POINT_st
#define XKU_OCSP_SIGN 0x20
#define XKU_TIMESTAMP 0x40
#define XKU_DVCS 0x80
#define XKU_ANYEKU 0x100
#define X509_PURPOSE_DYNAMIC 0x1
#define X509_PURPOSE_DYNAMIC_NAME 0x2
@@ -770,7 +772,6 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit
char *hex_to_string(const unsigned char *buffer, long len);
unsigned char *string_to_hex(const char *str, long *len);
int name_cmp(const char *name, const char *cmp);
void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
int ml);
@@ -798,6 +799,9 @@ char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp);
int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
void X509_PURPOSE_cleanup(void);
int X509_PURPOSE_get_id(const X509_PURPOSE *);
uint32_t X509_get_extension_flags(X509 *x);
uint32_t X509_get_key_usage(X509 *x);
uint32_t X509_get_extended_key_usage(X509 *x);
STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
@@ -842,6 +846,195 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
DECLARE_STACK_OF(X509_POLICY_NODE)
#ifndef OPENSSL_NO_RFC3779
typedef struct ASRange_st {
ASN1_INTEGER *min;
ASN1_INTEGER *max;
} ASRange;
#define ASIdOrRange_id 0
#define ASIdOrRange_range 1
typedef struct ASIdOrRange_st {
int type;
union {
ASN1_INTEGER *id;
ASRange *range;
} u;
} ASIdOrRange;
typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
DECLARE_STACK_OF(ASIdOrRange)
#define ASIdentifierChoice_inherit 0
#define ASIdentifierChoice_asIdsOrRanges 1
typedef struct ASIdentifierChoice_st {
int type;
union {
ASN1_NULL *inherit;
ASIdOrRanges *asIdsOrRanges;
} u;
} ASIdentifierChoice;
typedef struct ASIdentifiers_st {
ASIdentifierChoice *asnum;
ASIdentifierChoice *rdi;
} ASIdentifiers;
ASRange *ASRange_new(void);
void ASRange_free(ASRange *a);
ASRange *d2i_ASRange(ASRange **a, const unsigned char **in, long len);
int i2d_ASRange(ASRange *a, unsigned char **out);
extern const ASN1_ITEM ASRange_it;
ASIdOrRange *ASIdOrRange_new(void);
void ASIdOrRange_free(ASIdOrRange *a);
ASIdOrRange *d2i_ASIdOrRange(ASIdOrRange **a, const unsigned char **in,
long len);
int i2d_ASIdOrRange(ASIdOrRange *a, unsigned char **out);
extern const ASN1_ITEM ASIdOrRange_it;
ASIdentifierChoice *ASIdentifierChoice_new(void);
void ASIdentifierChoice_free(ASIdentifierChoice *a);
ASIdentifierChoice *d2i_ASIdentifierChoice(ASIdentifierChoice **a,
const unsigned char **in, long len);
int i2d_ASIdentifierChoice(ASIdentifierChoice *a, unsigned char **out);
extern const ASN1_ITEM ASIdentifierChoice_it;
ASIdentifiers *ASIdentifiers_new(void);
void ASIdentifiers_free(ASIdentifiers *a);
ASIdentifiers *d2i_ASIdentifiers(ASIdentifiers **a, const unsigned char **in,
long len);
int i2d_ASIdentifiers(ASIdentifiers *a, unsigned char **out);
extern const ASN1_ITEM ASIdentifiers_it;
typedef struct IPAddressRange_st {
ASN1_BIT_STRING *min;
ASN1_BIT_STRING *max;
} IPAddressRange;
#define IPAddressOrRange_addressPrefix 0
#define IPAddressOrRange_addressRange 1
typedef struct IPAddressOrRange_st {
int type;
union {
ASN1_BIT_STRING *addressPrefix;
IPAddressRange *addressRange;
} u;
} IPAddressOrRange;
typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
DECLARE_STACK_OF(IPAddressOrRange)
#define IPAddressChoice_inherit 0
#define IPAddressChoice_addressesOrRanges 1
typedef struct IPAddressChoice_st {
int type;
union {
ASN1_NULL *inherit;
IPAddressOrRanges *addressesOrRanges;
} u;
} IPAddressChoice;
typedef struct IPAddressFamily_st {
ASN1_OCTET_STRING *addressFamily;
IPAddressChoice *ipAddressChoice;
} IPAddressFamily;
typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
DECLARE_STACK_OF(IPAddressFamily)
IPAddressRange *IPAddressRange_new(void);
void IPAddressRange_free(IPAddressRange *a);
IPAddressRange *d2i_IPAddressRange(IPAddressRange **a,
const unsigned char **in, long len);
int i2d_IPAddressRange(IPAddressRange *a, unsigned char **out);
extern const ASN1_ITEM IPAddressRange_it;
IPAddressOrRange *IPAddressOrRange_new(void);
void IPAddressOrRange_free(IPAddressOrRange *a);
IPAddressOrRange *d2i_IPAddressOrRange(IPAddressOrRange **a,
const unsigned char **in, long len);
int i2d_IPAddressOrRange(IPAddressOrRange *a, unsigned char **out);
extern const ASN1_ITEM IPAddressOrRange_it;
IPAddressChoice *IPAddressChoice_new(void);
void IPAddressChoice_free(IPAddressChoice *a);
IPAddressChoice *d2i_IPAddressChoice(IPAddressChoice **a,
const unsigned char **in, long len);
int i2d_IPAddressChoice(IPAddressChoice *a, unsigned char **out);
extern const ASN1_ITEM IPAddressChoice_it;
IPAddressFamily *IPAddressFamily_new(void);
void IPAddressFamily_free(IPAddressFamily *a);
IPAddressFamily *d2i_IPAddressFamily(IPAddressFamily **a,
const unsigned char **in, long len);
int i2d_IPAddressFamily(IPAddressFamily *a, unsigned char **out);
extern const ASN1_ITEM IPAddressFamily_it;
/*
* API tag for elements of the ASIdentifer SEQUENCE.
*/
#define V3_ASID_ASNUM 0
#define V3_ASID_RDI 1
/*
* AFI values, assigned by IANA. It'd be nice to make the AFI
* handling code totally generic, but there are too many little things
* that would need to be defined for other address families for it to
* be worth the trouble.
*/
#define IANA_AFI_IPV4 1
#define IANA_AFI_IPV6 2
/*
* Utilities to construct and extract values from RFC3779 extensions,
* since some of the encodings (particularly for IP address prefixes
* and ranges) are a bit tedious to work with directly.
*/
int X509v3_asid_add_inherit(ASIdentifiers *asid, int which);
int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
ASN1_INTEGER *min, ASN1_INTEGER *max);
int X509v3_addr_add_inherit(IPAddrBlocks *addr, const unsigned afi,
const unsigned *safi);
int X509v3_addr_add_prefix(IPAddrBlocks *addr, const unsigned afi,
const unsigned *safi, unsigned char *a, const int prefixlen);
int X509v3_addr_add_range(IPAddrBlocks *addr, const unsigned afi,
const unsigned *safi, unsigned char *min, unsigned char *max);
unsigned X509v3_addr_get_afi(const IPAddressFamily *f);
int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
unsigned char *min, unsigned char *max, const int length);
/*
* Canonical forms.
*/
int X509v3_asid_is_canonical(ASIdentifiers *asid);
int X509v3_addr_is_canonical(IPAddrBlocks *addr);
int X509v3_asid_canonize(ASIdentifiers *asid);
int X509v3_addr_canonize(IPAddrBlocks *addr);
/*
* Tests for inheritance and containment.
*/
int X509v3_asid_inherits(ASIdentifiers *asid);
int X509v3_addr_inherits(IPAddrBlocks *addr);
int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
/*
* Check whether RFC 3779 extensions nest properly in chains.
*/
int X509v3_asid_validate_path(X509_STORE_CTX *);
int X509v3_addr_validate_path(X509_STORE_CTX *);
int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, ASIdentifiers *ext,
int allow_inheritance);
int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, IPAddrBlocks *ext,
int allow_inheritance);
#endif /* !OPENSSL_NO_RFC3779 */
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes