early-access version 2698

2022-04-24 22:29:35 +02:00
parent c96f949832
commit caa0c2911b
486 changed files with 37806 additions and 14362 deletions
--- a/externals/libressl/include/openssl/x509v3.h
+++ b/externals/libressl/include/openssl/x509v3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509v3.h,v 1.2 2020/09/13 15:06:17 beck Exp $ */
+/* $OpenBSD: x509v3.h,v 1.14 2022/01/14 09:01:36 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -206,8 +206,6 @@ union {
 } d;
 } GENERAL_NAME;

-typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
-
 typedef struct ACCESS_DESCRIPTION_st {
 	ASN1_OBJECT *method;
 	GENERAL_NAME *location;
@@ -219,6 +217,9 @@ typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;

 DECLARE_STACK_OF(GENERAL_NAME)

+typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
+DECLARE_STACK_OF(GENERAL_NAMES)
+
 DECLARE_STACK_OF(ACCESS_DESCRIPTION)

 typedef struct DIST_POINT_NAME_st {
@@ -446,7 +447,7 @@ struct ISSUING_DIST_POINT_st
 #define NS_OBJSIGN_CA		0x01
 #define NS_ANY_CA		(NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)

-#define XKU_SSL_SERVER		0x1	
+#define XKU_SSL_SERVER		0x1
 #define XKU_SSL_CLIENT		0x2
 #define XKU_SMIME		0x4
 #define XKU_CODE_SIGN		0x8
@@ -454,6 +455,7 @@ struct ISSUING_DIST_POINT_st
 #define XKU_OCSP_SIGN		0x20
 #define XKU_TIMESTAMP		0x40
 #define XKU_DVCS		0x80
+#define XKU_ANYEKU		0x100

 #define X509_PURPOSE_DYNAMIC	0x1
 #define X509_PURPOSE_DYNAMIC_NAME	0x2
@@ -770,7 +772,6 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit

 char *hex_to_string(const unsigned char *buffer, long len);
 unsigned char *string_to_hex(const char *str, long *len);
-int name_cmp(const char *name, const char *cmp);

 void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
 								 int ml);
@@ -798,6 +799,9 @@ char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp);
 int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
 void X509_PURPOSE_cleanup(void);
 int X509_PURPOSE_get_id(const X509_PURPOSE *);
+uint32_t X509_get_extension_flags(X509 *x);
+uint32_t X509_get_key_usage(X509 *x);
+uint32_t X509_get_extended_key_usage(X509 *x);

 STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
 STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
@@ -842,6 +846,195 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
 void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
 DECLARE_STACK_OF(X509_POLICY_NODE)

+#ifndef OPENSSL_NO_RFC3779
+typedef struct ASRange_st {
+	ASN1_INTEGER *min;
+	ASN1_INTEGER *max;
+} ASRange;
+
+#define ASIdOrRange_id		0
+#define ASIdOrRange_range	1
+
+typedef struct ASIdOrRange_st {
+	int type;
+	union {
+		ASN1_INTEGER *id;
+		ASRange *range;
+	} u;
+} ASIdOrRange;
+
+typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
+DECLARE_STACK_OF(ASIdOrRange)
+
+#define ASIdentifierChoice_inherit		0
+#define ASIdentifierChoice_asIdsOrRanges	1
+
+typedef struct ASIdentifierChoice_st {
+	int type;
+	union {
+		ASN1_NULL *inherit;
+		ASIdOrRanges *asIdsOrRanges;
+	} u;
+} ASIdentifierChoice;
+
+typedef struct ASIdentifiers_st {
+	ASIdentifierChoice *asnum;
+	ASIdentifierChoice *rdi;
+} ASIdentifiers;
+
+ASRange *ASRange_new(void);
+void ASRange_free(ASRange *a);
+ASRange *d2i_ASRange(ASRange **a, const unsigned char **in, long len);
+int i2d_ASRange(ASRange *a, unsigned char **out);
+extern const ASN1_ITEM ASRange_it;
+
+ASIdOrRange *ASIdOrRange_new(void);
+void ASIdOrRange_free(ASIdOrRange *a);
+ASIdOrRange *d2i_ASIdOrRange(ASIdOrRange **a, const unsigned char **in,
+    long len);
+int i2d_ASIdOrRange(ASIdOrRange *a, unsigned char **out);
+extern const ASN1_ITEM ASIdOrRange_it;
+
+ASIdentifierChoice *ASIdentifierChoice_new(void);
+void ASIdentifierChoice_free(ASIdentifierChoice *a);
+ASIdentifierChoice *d2i_ASIdentifierChoice(ASIdentifierChoice **a,
+    const unsigned char **in, long len);
+int i2d_ASIdentifierChoice(ASIdentifierChoice *a, unsigned char **out);
+extern const ASN1_ITEM ASIdentifierChoice_it;
+
+ASIdentifiers *ASIdentifiers_new(void);
+void ASIdentifiers_free(ASIdentifiers *a);
+ASIdentifiers *d2i_ASIdentifiers(ASIdentifiers **a, const unsigned char **in,
+    long len);
+int i2d_ASIdentifiers(ASIdentifiers *a, unsigned char **out);
+extern const ASN1_ITEM ASIdentifiers_it;
+
+typedef struct IPAddressRange_st {
+	ASN1_BIT_STRING *min;
+	ASN1_BIT_STRING *max;
+} IPAddressRange;
+
+#define IPAddressOrRange_addressPrefix	0
+#define IPAddressOrRange_addressRange	1
+
+typedef struct IPAddressOrRange_st {
+	int type;
+	union {
+		ASN1_BIT_STRING *addressPrefix;
+		IPAddressRange *addressRange;
+	} u;
+} IPAddressOrRange;
+
+typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
+DECLARE_STACK_OF(IPAddressOrRange)
+
+#define IPAddressChoice_inherit			0
+#define IPAddressChoice_addressesOrRanges	1
+
+typedef struct IPAddressChoice_st {
+	int type;
+	union {
+		ASN1_NULL *inherit;
+		IPAddressOrRanges *addressesOrRanges;
+	} u;
+} IPAddressChoice;
+
+typedef struct IPAddressFamily_st {
+	ASN1_OCTET_STRING *addressFamily;
+	IPAddressChoice *ipAddressChoice;
+} IPAddressFamily;
+
+typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
+DECLARE_STACK_OF(IPAddressFamily)
+
+IPAddressRange *IPAddressRange_new(void);
+void IPAddressRange_free(IPAddressRange *a);
+IPAddressRange *d2i_IPAddressRange(IPAddressRange **a,
+    const unsigned char **in, long len);
+int i2d_IPAddressRange(IPAddressRange *a, unsigned char **out);
+extern const ASN1_ITEM IPAddressRange_it;
+
+IPAddressOrRange *IPAddressOrRange_new(void);
+void IPAddressOrRange_free(IPAddressOrRange *a);
+IPAddressOrRange *d2i_IPAddressOrRange(IPAddressOrRange **a,
+    const unsigned char **in, long len);
+int i2d_IPAddressOrRange(IPAddressOrRange *a, unsigned char **out);
+extern const ASN1_ITEM IPAddressOrRange_it;
+
+IPAddressChoice *IPAddressChoice_new(void);
+void IPAddressChoice_free(IPAddressChoice *a);
+IPAddressChoice *d2i_IPAddressChoice(IPAddressChoice **a,
+    const unsigned char **in, long len);
+int i2d_IPAddressChoice(IPAddressChoice *a, unsigned char **out);
+extern const ASN1_ITEM IPAddressChoice_it;
+
+IPAddressFamily *IPAddressFamily_new(void);
+void IPAddressFamily_free(IPAddressFamily *a);
+IPAddressFamily *d2i_IPAddressFamily(IPAddressFamily **a,
+    const unsigned char **in, long len);
+int i2d_IPAddressFamily(IPAddressFamily *a, unsigned char **out);
+extern const ASN1_ITEM IPAddressFamily_it;
+
+/*
+ * API tag for elements of the ASIdentifer SEQUENCE.
+ */
+#define V3_ASID_ASNUM	0
+#define V3_ASID_RDI	1
+
+/*
+ * AFI values, assigned by IANA.  It'd be nice to make the AFI
+ * handling code totally generic, but there are too many little things
+ * that would need to be defined for other address families for it to
+ * be worth the trouble.
+ */
+#define IANA_AFI_IPV4	1
+#define IANA_AFI_IPV6	2
+
+/*
+ * Utilities to construct and extract values from RFC3779 extensions,
+ * since some of the encodings (particularly for IP address prefixes
+ * and ranges) are a bit tedious to work with directly.
+ */
+int X509v3_asid_add_inherit(ASIdentifiers *asid, int which);
+int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
+    ASN1_INTEGER *min, ASN1_INTEGER *max);
+int X509v3_addr_add_inherit(IPAddrBlocks *addr, const unsigned afi,
+    const unsigned *safi);
+int X509v3_addr_add_prefix(IPAddrBlocks *addr, const unsigned afi,
+    const unsigned *safi, unsigned char *a, const int prefixlen);
+int X509v3_addr_add_range(IPAddrBlocks *addr, const unsigned afi,
+    const unsigned *safi, unsigned char *min, unsigned char *max);
+unsigned X509v3_addr_get_afi(const IPAddressFamily *f);
+int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
+    unsigned char *min, unsigned char *max, const int length);
+
+/*
+ * Canonical forms.
+ */
+int X509v3_asid_is_canonical(ASIdentifiers *asid);
+int X509v3_addr_is_canonical(IPAddrBlocks *addr);
+int X509v3_asid_canonize(ASIdentifiers *asid);
+int X509v3_addr_canonize(IPAddrBlocks *addr);
+
+/*
+ * Tests for inheritance and containment.
+ */
+int X509v3_asid_inherits(ASIdentifiers *asid);
+int X509v3_addr_inherits(IPAddrBlocks *addr);
+int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
+int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
+
+/*
+ * Check whether RFC 3779 extensions nest properly in chains.
+ */
+int X509v3_asid_validate_path(X509_STORE_CTX *);
+int X509v3_addr_validate_path(X509_STORE_CTX *);
+int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, ASIdentifiers *ext,
+    int allow_inheritance);
+int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, IPAddrBlocks *ext,
+    int allow_inheritance);
+
+#endif /* !OPENSSL_NO_RFC3779 */

 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes