summaryrefslogtreecommitdiff
path: root/libressl/include
diff options
context:
space:
mode:
authorEduardo Chappa <chappa@washington.edu>2020-01-04 20:08:32 -0700
committerEduardo Chappa <chappa@washington.edu>2020-01-04 20:08:32 -0700
commitf398f615b6df385aec2b3553310cc237b29e068a (patch)
tree5af79c6a9a180c72c58a9d9cd2d79a1d7657d152 /libressl/include
parent77191bf3e4e049603fb6a0547876259c29c71dbd (diff)
downloadalpine-f398f615b6df385aec2b3553310cc237b29e068a.tar.xz
* The feature that stopped alpine from saving passwords in the password
file prevented users from actually saving their passwords in Windows and MAC OS. Fix the code so that passwords will be saved. Also, update the documentation of this feature. * Fix a buffer overflow bug in the XOAUTH2 code (off by one error). * Update PC-Alpine to work with Libressl version 3.0.2 instead of version 2.5.5 (update build.bat and lib files from the LibreSSL build). * Erase SSLXXXXXX file. * ssl_nt.c actually directs the code to ssl_libressl.c or ssl_win.c. The file ssl_libressl.c is the file ssl_unix.c from the unix osdep directory. The file ssl_win.c is the native SSL windows code. The Unix side provides S/MIME support for Alpine and the latest encryption protocols support for Alpine when connecting to a secure server, while the windows side provide TLSv1_3 support for Alpine, but not S/MIME support. In order to provide unix code for TLSv1_3 (once LibreSSL supports it) edit the file os_nt.c and remove the comments on the #ifdef section. This would provide both TLSv1_3 and S/MIME support with unix code. On the other hand, when we provide TLSv1_3 with the Windows code we need to undefine DF_ENCRYPTION_RANGE, and this is done in the file include/config.wnt.h. The way this is done as of this moment is by commenting an #else directive that preceedes this #undefine. * Update makefile.nt and friends in the windows side to account for the addition of XOAUTH2, and the use of only ssl_nt.c when dealing with Alpine. * Define SMIME_SSLCERTS as c:\libressl\ssl\certs, so that these certificates be considered while checking a digital S/MIME signature. * Improvements to the SMARTTIME24 token to account for changes in year.
Diffstat (limited to 'libressl/include')
-rw-r--r--libressl/include/openssl/asn1.h326
-rw-r--r--libressl/include/openssl/asn1_mac.h426
-rw-r--r--libressl/include/openssl/asn1t.h73
-rw-r--r--libressl/include/openssl/bio.h81
-rw-r--r--libressl/include/openssl/bn.h104
-rw-r--r--libressl/include/openssl/chacha.h6
-rw-r--r--libressl/include/openssl/cms.h532
-rw-r--r--libressl/include/openssl/crypto.h107
-rw-r--r--libressl/include/openssl/curve25519.h1
-rw-r--r--libressl/include/openssl/dh.h14
-rw-r--r--libressl/include/openssl/dsa.h21
-rw-r--r--libressl/include/openssl/dtls1.h6
-rw-r--r--libressl/include/openssl/ec.h142
-rw-r--r--libressl/include/openssl/ecdsa.h47
-rw-r--r--libressl/include/openssl/engine.h19
-rw-r--r--libressl/include/openssl/evp.h93
-rw-r--r--libressl/include/openssl/hkdf.h65
-rw-r--r--libressl/include/openssl/hmac.h7
-rw-r--r--libressl/include/openssl/modes.h10
-rw-r--r--libressl/include/openssl/obj_mac.h158
-rw-r--r--libressl/include/openssl/ocsp.h32
-rw-r--r--libressl/include/openssl/opensslfeatures.h135
-rw-r--r--libressl/include/openssl/opensslv.h7
-rw-r--r--libressl/include/openssl/pem.h14
-rw-r--r--libressl/include/openssl/pkcs12.h32
-rw-r--r--libressl/include/openssl/rsa.h79
-rw-r--r--libressl/include/openssl/safestack.h531
-rw-r--r--libressl/include/openssl/sm3.h53
-rw-r--r--libressl/include/openssl/sm4.h51
-rw-r--r--libressl/include/openssl/ssl.h190
-rw-r--r--libressl/include/openssl/ssl3.h26
-rw-r--r--libressl/include/openssl/tls1.h88
-rw-r--r--libressl/include/openssl/ts.h13
-rw-r--r--libressl/include/openssl/ui.h16
-rw-r--r--libressl/include/openssl/x509.h267
-rw-r--r--libressl/include/openssl/x509_vfy.h69
-rw-r--r--libressl/include/openssl/x509v3.h97
-rw-r--r--libressl/include/tls.h16
38 files changed, 2278 insertions, 1676 deletions
diff --git a/libressl/include/openssl/asn1.h b/libressl/include/openssl/asn1.h
index e35c865e..0a8da415 100644
--- a/libressl/include/openssl/asn1.h
+++ b/libressl/include/openssl/asn1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1.h,v 1.42 2016/12/30 16:29:45 jsing Exp $ */
+/* $OpenBSD: asn1.h,v 1.53 2018/11/30 04:51:19 jeremy Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -125,7 +125,6 @@ extern "C" {
#define V_ASN1_UNIVERSALSTRING 28 /**/
#define V_ASN1_BMPSTRING 30
-/* For use with d2i_ASN1_type_bytes() */
#define B_ASN1_NUMERICSTRING 0x0001
#define B_ASN1_PRINTABLESTRING 0x0002
#define B_ASN1_T61STRING 0x0004
@@ -543,178 +542,6 @@ typedef struct BIT_STRING_BITNAME_st {
const char *sname;
} BIT_STRING_BITNAME;
-#ifndef LIBRESSL_INTERNAL
-
-#define M_ASN1_STRING_length(x) ((x)->length)
-#define M_ASN1_STRING_length_set(x, n) ((x)->length = (n))
-#define M_ASN1_STRING_type(x) ((x)->type)
-#define M_ASN1_STRING_data(x) ((x)->data)
-
-/* Macros for string operations */
-#define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\
- ASN1_STRING_type_new(V_ASN1_BIT_STRING)
-#define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
- ASN1_STRING_dup((const ASN1_STRING *)a)
-#define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
- (const ASN1_STRING *)a,(const ASN1_STRING *)b)
-#define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
-
-#define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\
- ASN1_STRING_type_new(V_ASN1_INTEGER)
-#define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)\
- ASN1_STRING_dup((const ASN1_STRING *)a)
-#define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\
- (const ASN1_STRING *)a,(const ASN1_STRING *)b)
-
-#define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\
- ASN1_STRING_type_new(V_ASN1_ENUMERATED)
-#define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)\
- ASN1_STRING_dup((const ASN1_STRING *)a)
-#define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\
- (const ASN1_STRING *)a,(const ASN1_STRING *)b)
-
-#define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\
- ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
-#define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
- ASN1_STRING_dup((const ASN1_STRING *)a)
-#define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
- (const ASN1_STRING *)a,(const ASN1_STRING *)b)
-#define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
-#define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b)
-#define M_i2d_ASN1_OCTET_STRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\
- V_ASN1_UNIVERSAL)
-
-#define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING)
-#define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
- pp,a->type,V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
- d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
- B_ASN1_PRINTABLE)
-
-#define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
-#define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
- pp,a->type,V_ASN1_UNIVERSAL)
-#define M_d2i_DIRECTORYSTRING(a,pp,l) \
- d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
- B_ASN1_DIRECTORYSTRING)
-
-#define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
-#define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
- pp,a->type,V_ASN1_UNIVERSAL)
-#define M_d2i_DISPLAYTEXT(a,pp,l) \
- d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
- B_ASN1_DISPLAYTEXT)
-
-#define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\
- ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
-#define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_PRINTABLESTRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\
- V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \
- (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING)
-
-#define M_ASN1_T61STRING_new() (ASN1_T61STRING *)\
- ASN1_STRING_type_new(V_ASN1_T61STRING)
-#define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_T61STRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\
- V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_T61STRING(a,pp,l) \
- (ASN1_T61STRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING)
-
-#define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\
- ASN1_STRING_type_new(V_ASN1_IA5STRING)
-#define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_IA5STRING_dup(a) \
- (ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a)
-#define M_i2d_ASN1_IA5STRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
- V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_IA5STRING(a,pp,l) \
- (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\
- B_ASN1_IA5STRING)
-
-#define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\
- ASN1_STRING_type_new(V_ASN1_UTCTIME)
-#define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)\
- ASN1_STRING_dup((const ASN1_STRING *)a)
-
-#define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\
- ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
-#define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\
- (const ASN1_STRING *)a)
-
-#define M_ASN1_TIME_new() (ASN1_TIME *)\
- ASN1_STRING_type_new(V_ASN1_UTCTIME)
-#define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_TIME_dup(a) (ASN1_TIME *)\
- ASN1_STRING_dup((const ASN1_STRING *)a)
-
-#define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\
- ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
-#define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_GENERALSTRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\
- V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_GENERALSTRING(a,pp,l) \
- (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING)
-
-#define M_ASN1_UNIVERSALSTRING_new() (ASN1_UNIVERSALSTRING *)\
- ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)
-#define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\
- V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \
- (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING)
-
-#define M_ASN1_BMPSTRING_new() (ASN1_BMPSTRING *)\
- ASN1_STRING_type_new(V_ASN1_BMPSTRING)
-#define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_BMPSTRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\
- V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_BMPSTRING(a,pp,l) \
- (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING)
-
-#define M_ASN1_VISIBLESTRING_new() (ASN1_VISIBLESTRING *)\
- ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
-#define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_VISIBLESTRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\
- V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \
- (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING)
-
-#define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\
- ASN1_STRING_type_new(V_ASN1_UTF8STRING)
-#define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_UTF8STRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\
- V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_UTF8STRING(a,pp,l) \
- (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING)
-
-#endif /* !LIBRESSL_INTERNAL */
-
#define B_ASN1_TIME \
B_ASN1_UTCTIME | \
B_ASN1_GENERALIZEDTIME
@@ -744,9 +571,18 @@ typedef struct BIT_STRING_BITNAME_st {
B_ASN1_BMPSTRING|\
B_ASN1_UTF8STRING
-/* for the is_set parameter to i2d_ASN1_SET */
-#define IS_SEQUENCE 0
-#define IS_SET 1
+#ifndef LIBRESSL_INTERNAL
+#define M_ASN1_IA5STRING_new ASN1_IA5STRING_new
+
+#define M_ASN1_INTEGER_free ASN1_INTEGER_free
+#define M_ASN1_ENUMERATED_free ASN1_ENUMERATED_free
+#define M_ASN1_OCTET_STRING_free ASN1_OCTET_STRING_free
+
+#define M_ASN1_OCTET_STRING_print ASN1_STRING_print
+
+#define M_ASN1_STRING_data ASN1_STRING_data
+#define M_ASN1_STRING_length ASN1_STRING_length
+#endif
ASN1_TYPE *ASN1_TYPE_new(void);
void ASN1_TYPE_free(ASN1_TYPE *a);
@@ -754,14 +590,14 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, const unsigned char **in, long len);
int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **out);
extern const ASN1_ITEM ASN1_ANY_it;
-int ASN1_TYPE_get(ASN1_TYPE *a);
+int ASN1_TYPE_get(const ASN1_TYPE *a);
void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
-int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b);
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
-ASN1_OBJECT *ASN1_OBJECT_new(void );
+ASN1_OBJECT *ASN1_OBJECT_new(void);
void ASN1_OBJECT_free(ASN1_OBJECT *a);
-int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp);
+int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp);
ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
long length);
ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
@@ -775,7 +611,7 @@ ASN1_STRING *ASN1_STRING_new(void);
void ASN1_STRING_free(ASN1_STRING *a);
int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a);
-ASN1_STRING *ASN1_STRING_type_new(int type );
+ASN1_STRING *ASN1_STRING_type_new(int type);
int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
/* Since this is used to store all sorts of things, via macros, for now, make
its data void * */
@@ -783,8 +619,9 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
int ASN1_STRING_length(const ASN1_STRING *x);
void ASN1_STRING_length_set(ASN1_STRING *x, int n);
-int ASN1_STRING_type(ASN1_STRING *x);
-unsigned char * ASN1_STRING_data(ASN1_STRING *x);
+int ASN1_STRING_type(const ASN1_STRING *x);
+unsigned char *ASN1_STRING_data(ASN1_STRING *x);
+const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x);
ASN1_BIT_STRING *ASN1_BIT_STRING_new(void);
void ASN1_BIT_STRING_free(ASN1_BIT_STRING *a);
@@ -794,18 +631,18 @@ extern const ASN1_ITEM ASN1_BIT_STRING_it;
int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp);
ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
const unsigned char **pp, long length);
-int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length );
+int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length);
int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
-int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
-int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
- unsigned char *flags, int flags_len);
+int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n);
+int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
+ const unsigned char *flags, int flags_len);
#ifndef OPENSSL_NO_BIO
int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
BIT_STRING_BITNAME *tbl, int indent);
#endif
-int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl);
-int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
+int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl);
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
BIT_STRING_BITNAME *tbl);
int i2d_ASN1_BOOLEAN(int a, unsigned char **pp);
@@ -830,7 +667,7 @@ ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, const unsigned char **
int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **out);
extern const ASN1_ITEM ASN1_ENUMERATED_it;
-int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *a);
ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
int offset_day, long offset_sec);
@@ -840,7 +677,7 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
#endif /* !LIBRESSL_INTERNAL */
-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a);
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
time_t t);
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
@@ -939,29 +776,24 @@ extern const ASN1_ITEM ASN1_TIME_it;
extern const ASN1_ITEM ASN1_OCTET_STRING_NDEF_it;
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
+ASN1_TIME *ASN1_TIME_set_tm(ASN1_TIME *s, struct tm *tm);
ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day,
long offset_sec);
-int ASN1_TIME_check(ASN1_TIME *t);
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
+int ASN1_TIME_check(const ASN1_TIME *t);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
ASN1_GENERALIZEDTIME **out);
int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
-int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
- i2d_of_void *i2d, int ex_tag, int ex_class, int is_set);
-STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
- const unsigned char **pp, long length, d2i_of_void *d2i,
- void (*free_func)(OPENSSL_BLOCK), int ex_tag, int ex_class);
-
#ifndef OPENSSL_NO_BIO
-int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
+int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a);
int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size);
-int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
+int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a);
int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size);
-int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a);
+int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a);
int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size);
-int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
+int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type);
#endif
-int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a);
+int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a);
int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num);
ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
@@ -973,26 +805,14 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
-long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
-ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
-BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn);
+long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai);
+BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn);
/* General */
/* given a string, return the correct type, max is the maximum length */
int ASN1_PRINTABLE_type(const unsigned char *s, int max);
-int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
- long length, int Ptag, int Pclass);
-unsigned long ASN1_tag2bit(int tag);
-/* type is one or more of the B_ASN1_ values. */
-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
- long length, int type);
-
-/* PARSING */
-int asn1_Finish(ASN1_CTX *c);
-int asn1_const_Finish(ASN1_const_CTX *c);
-
/* SPECIALS */
int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
int *pclass, long omax);
@@ -1007,25 +827,8 @@ void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
#ifndef LIBRESSL_INTERNAL
-/* Used to implement other functions */
void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x);
-#define ASN1_dup_of(type,i2d,d2i,x) \
- ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
- CHECKED_D2I_OF(type, d2i), \
- CHECKED_PTR_OF(type, x)))
-
-#define ASN1_dup_of_const(type,i2d,d2i,x) \
- ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
- CHECKED_D2I_OF(type, d2i), \
- CHECKED_PTR_OF(const type, x)))
-
-/* ASN1 alloc/free macros for when a type is only used internally */
-
-#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
-#define M_ASN1_free_of(x, type) \
- ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))
-
#endif /* !LIBRESSL_INTERNAL */
void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);
@@ -1050,9 +853,10 @@ int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x);
CHECKED_PTR_OF(const type, x)))
int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
-int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
+int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str,
+ unsigned long flags);
-int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
+int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in);
#ifndef OPENSSL_NO_BIO
void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x);
@@ -1081,12 +885,14 @@ int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a);
int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v);
-int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
+int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags);
int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
unsigned char *buf, int off);
int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent);
int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump);
#endif
+
+unsigned long ASN1_tag2bit(int tag);
const char *ASN1_tag2str(int tag);
/* Used to load and write netscape format cert */
@@ -1099,24 +905,17 @@ extern const ASN1_ITEM NETSCAPE_X509_it;
int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
-int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len);
-int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len);
-int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
- int len);
-int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data,
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, const unsigned char *data, int len);
+int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data,
int max_len);
-
-STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
- d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK));
-unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
- unsigned char **buf, int *len );
-void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
-void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
-ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,
- ASN1_OCTET_STRING **oct);
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, const unsigned char *data,
+ int len);
+int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
+ unsigned char *data, int max_len);
ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
ASN1_OCTET_STRING **oct);
+void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
void ASN1_STRING_set_default_mask(unsigned long mask);
int ASN1_STRING_set_default_mask_asc(const char *p);
@@ -1137,15 +936,15 @@ void ASN1_STRING_TABLE_cleanup(void);
/* Old API compatible functions */
ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
-ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in,
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in,
long len, const ASN1_ITEM *it);
int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
void ASN1_add_oid_module(void);
-ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
-ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
+ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf);
+ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
/* ASN1 Print flags */
@@ -1172,18 +971,18 @@ int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
const ASN1_ITEM *it, const ASN1_PCTX *pctx);
ASN1_PCTX *ASN1_PCTX_new(void);
void ASN1_PCTX_free(ASN1_PCTX *p);
-unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p);
+unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p);
void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags);
-unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p);
+unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p);
void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags);
-unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p);
+unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p);
void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags);
-unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p);
+unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p);
void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags);
-unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p);
+unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p);
void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags);
-BIO_METHOD *BIO_f_asn1(void);
+const BIO_METHOD *BIO_f_asn1(void);
BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it);
@@ -1403,6 +1202,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_MSTRING_NOT_UNIVERSAL 139
#define ASN1_R_MSTRING_WRONG_TAG 140
#define ASN1_R_NESTED_ASN1_STRING 197
+#define ASN1_R_NESTED_TOO_DEEP 219
#define ASN1_R_NON_HEX_CHARACTERS 141
#define ASN1_R_NOT_ASCII_FORMAT 190
#define ASN1_R_NOT_ENOUGH_DATA 142
diff --git a/libressl/include/openssl/asn1_mac.h b/libressl/include/openssl/asn1_mac.h
deleted file mode 100644
index fd524dc2..00000000
--- a/libressl/include/openssl/asn1_mac.h
+++ /dev/null
@@ -1,426 +0,0 @@
-/* $OpenBSD: asn1_mac.h,v 1.14 2014/06/27 04:41:09 miod Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_ASN1_MAC_H
-#define HEADER_ASN1_MAC_H
-
-#include <openssl/asn1.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef ASN1_MAC_ERR_LIB
-#define ASN1_MAC_ERR_LIB ERR_LIB_ASN1
-#endif
-
-#define ASN1_MAC_H_err(f,r,line) \
- ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
-
-#define M_ASN1_D2I_vars(a,type,func) \
- ASN1_const_CTX c; \
- type ret=NULL; \
- \
- c.pp=(const unsigned char **)pp; \
- c.q= *(const unsigned char **)pp; \
- c.error=ERR_R_NESTED_ASN1_ERROR; \
- if ((a == NULL) || ((*a) == NULL)) \
- { if ((ret=(type)func()) == NULL) \
- { c.line=__LINE__; goto err; } } \
- else ret=(*a);
-
-#define M_ASN1_D2I_Init() \
- c.p= *(const unsigned char **)pp; \
- c.max=(length == 0)?0:(c.p+length);
-
-#define M_ASN1_D2I_Finish_2(a) \
- if (!asn1_const_Finish(&c)) \
- { c.line=__LINE__; goto err; } \
- *(const unsigned char **)pp=c.p; \
- if (a != NULL) (*a)=ret; \
- return(ret);
-
-#define M_ASN1_D2I_Finish(a,func,e) \
- M_ASN1_D2I_Finish_2(a); \
-err:\
- ASN1_MAC_H_err((e),c.error,c.line); \
- asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \
- if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
- return(NULL)
-
-#define M_ASN1_D2I_start_sequence() \
- if (!asn1_GetSequence(&c,&length)) \
- { c.line=__LINE__; goto err; }
-/* Begin reading ASN1 without a surrounding sequence */
-#define M_ASN1_D2I_begin() \
- c.slen = length;
-
-/* End reading ASN1 with no check on length */
-#define M_ASN1_D2I_Finish_nolen(a, func, e) \
- *pp=c.p; \
- if (a != NULL) (*a)=ret; \
- return(ret); \
-err:\
- ASN1_MAC_H_err((e),c.error,c.line); \
- asn1_add_error(*pp,(int)(c.q- *pp)); \
- if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
- return(NULL)
-
-#define M_ASN1_D2I_end_sequence() \
- (((c.inf&1) == 0)?(c.slen <= 0): \
- (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen)))
-
-/* Don't use this with d2i_ASN1_BOOLEAN() */
-#define M_ASN1_D2I_get(b, func) \
- c.q=c.p; \
- if (func(&(b),&c.p,c.slen) == NULL) \
- {c.line=__LINE__; goto err; } \
- c.slen-=(c.p-c.q);
-
-/* Don't use this with d2i_ASN1_BOOLEAN() */
-#define M_ASN1_D2I_get_x(type,b,func) \
- c.q=c.p; \
- if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \
- {c.line=__LINE__; goto err; } \
- c.slen-=(c.p-c.q);
-
-/* use this instead () */
-#define M_ASN1_D2I_get_int(b,func) \
- c.q=c.p; \
- if (func(&(b),&c.p,c.slen) < 0) \
- {c.line=__LINE__; goto err; } \
- c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_opt(b,func,type) \
- if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
- == (V_ASN1_UNIVERSAL|(type)))) \
- { \
- M_ASN1_D2I_get(b,func); \
- }
-
-#define M_ASN1_D2I_get_int_opt(b,func,type) \
- if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
- == (V_ASN1_UNIVERSAL|(type)))) \
- { \
- M_ASN1_D2I_get_int(b,func); \
- }
-
-#define M_ASN1_D2I_get_imp(b,func, type) \
- M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
- c.q=c.p; \
- if (func(&(b),&c.p,c.slen) == NULL) \
- {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
- c.slen-=(c.p-c.q);\
- M_ASN1_next_prev=_tmp;
-
-#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \
- if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \
- (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \
- { \
- unsigned char _tmp = M_ASN1_next; \
- M_ASN1_D2I_get_imp(b,func, type);\
- }
-
-#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \
- M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \
- V_ASN1_SET,V_ASN1_UNIVERSAL);
-
-#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \
- if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
- V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
- { M_ASN1_D2I_get_set_type(type,r,func,free_func); }
-
-#define M_ASN1_I2D_len_SET_opt(a,f) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- M_ASN1_I2D_len_SET(a,f);
-
-#define M_ASN1_I2D_put_SET_opt(a,f) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- M_ASN1_I2D_put_SET(a,f);
-
-#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- M_ASN1_I2D_put_SEQUENCE(a,f);
-
-#define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
-
-#define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \
- if ((c.slen != 0) && \
- (M_ASN1_next == \
- (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
- { \
- M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\
- tag,V_ASN1_CONTEXT_SPECIFIC); \
- }
-
-#define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \
- M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
- V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
-
-#define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \
- if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
- V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
- { M_ASN1_D2I_get_seq_type(type,r,func,free_func); }
-
-#define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \
- M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
- x,V_ASN1_CONTEXT_SPECIFIC);
-
-#define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
- c.q=c.p; \
- if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
- free_func,a,b) == NULL) \
- { c.line=__LINE__; goto err; } \
- c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_set_strings(r,func,a,b) \
- c.q=c.p; \
- if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
- { c.line=__LINE__; goto err; } \
- c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
- if ((c.slen != 0L) && (M_ASN1_next == \
- (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
- { \
- int Tinf,Ttag,Tclass; \
- long Tlen; \
- \
- c.q=c.p; \
- Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
- if (Tinf & 0x80) \
- { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
- c.line=__LINE__; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
- Tlen = c.slen - (c.p - c.q) - 2; \
- if (func(&(r),&c.p,Tlen) == NULL) \
- { c.line=__LINE__; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
- Tlen = c.slen - (c.p - c.q); \
- if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \
- { c.error=ERR_R_MISSING_ASN1_EOS; \
- c.line=__LINE__; goto err; } \
- }\
- c.slen-=(c.p-c.q); \
- }
-
-#define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \
- if ((c.slen != 0) && (M_ASN1_next == \
- (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
- { \
- int Tinf,Ttag,Tclass; \
- long Tlen; \
- \
- c.q=c.p; \
- Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
- if (Tinf & 0x80) \
- { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
- c.line=__LINE__; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
- Tlen = c.slen - (c.p - c.q) - 2; \
- if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
- free_func,b,V_ASN1_UNIVERSAL) == NULL) \
- { c.line=__LINE__; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
- Tlen = c.slen - (c.p - c.q); \
- if(!ASN1_check_infinite_end(&c.p, Tlen)) \
- { c.error=ERR_R_MISSING_ASN1_EOS; \
- c.line=__LINE__; goto err; } \
- }\
- c.slen-=(c.p-c.q); \
- }
-
-/* BIG UGLY WARNING! This is so damn ugly I wanna puke. Unfortunately,
- some macros that use ASN1_const_CTX still insist on writing in the input
- stream. ARGH! ARGH! ARGH! Let's get rid of this macro package.
- Please? -- Richard Levitte */
-#define M_ASN1_next (*((unsigned char *)(c.p)))
-#define M_ASN1_next_prev (*((unsigned char *)(c.q)))
-
-/*************************************************/
-
-#define M_ASN1_I2D_vars(a) int r=0,ret=0; \
- unsigned char *p; \
- if (a == NULL) return(0)
-
-/* Length Macros */
-#define M_ASN1_I2D_len(a,f) ret+=f(a,NULL)
-#define M_ASN1_I2D_len_IMP_opt(a,f) if (a != NULL) M_ASN1_I2D_len(a,f)
-
-#define M_ASN1_I2D_len_SET_type(type,a,f) \
- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \
- V_ASN1_UNIVERSAL,IS_SET);
-
-#define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \
- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \
- V_ASN1_UNIVERSAL,IS_SEQUENCE)
-
-#define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- M_ASN1_I2D_len_SEQUENCE(a,f);
-
-#define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
-
-#define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \
- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
- V_ASN1_CONTEXT_SPECIFIC,IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
- V_ASN1_CONTEXT_SPECIFIC,IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
- V_ASN1_CONTEXT_SPECIFIC, \
- IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \
- if (a != NULL)\
- { \
- v=f(a,NULL); \
- ret+=ASN1_object_size(1,v,mtag); \
- }
-
-#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
- if ((a != NULL) && (sk_##type##_num(a) != 0))\
- { \
- v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
- V_ASN1_UNIVERSAL, \
- IS_SEQUENCE); \
- ret+=ASN1_object_size(1,v,mtag); \
- }
-
-/* Put Macros */
-#define M_ASN1_I2D_put(a,f) f(a,&p)
-
-#define M_ASN1_I2D_put_IMP_opt(a,f,t) \
- if (a != NULL) \
- { \
- unsigned char *q=p; \
- f(a,&p); \
- *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\
- }
-
-#define M_ASN1_I2D_put_SET_type(type,a,f) \
- i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET)
-#define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \
- i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET)
-
-#define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \
- i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
- IS_SEQUENCE)
-
-#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- M_ASN1_I2D_put_SEQUENCE(a,f);
-
-#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- { i2d_ASN1_SET_OF_##type(a,&p,f,x, \
- V_ASN1_CONTEXT_SPECIFIC, \
- IS_SET); }
-
-#define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- { i2d_ASN1_SET_OF_##type(a,&p,f,x, \
- V_ASN1_CONTEXT_SPECIFIC, \
- IS_SEQUENCE); }
-
-#define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \
- if (a != NULL) \
- { \
- ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \
- f(a,&p); \
- }
-
-#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- { \
- ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
- i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
- IS_SEQUENCE); \
- }
-
-#define M_ASN1_I2D_seq_total() \
- r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
- if (pp == NULL) return(r); \
- p= *pp; \
- ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
-
-#define M_ASN1_I2D_INF_seq_start(tag,ctx) \
- *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \
- *(p++)=0x80
-
-#define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00
-
-#define M_ASN1_I2D_finish() *pp=p; \
- return(r);
-
-int asn1_GetSequence(ASN1_const_CTX *c, long *length);
-void asn1_add_error(const unsigned char *address, int offset);
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/libressl/include/openssl/asn1t.h b/libressl/include/openssl/asn1t.h
index ba380bdf..d6168b65 100644
--- a/libressl/include/openssl/asn1t.h
+++ b/libressl/include/openssl/asn1t.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1t.h,v 1.14 2016/12/27 15:12:51 jsing Exp $ */
+/* $OpenBSD: asn1t.h,v 1.15 2019/08/20 13:10:09 inoguchi Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
@@ -81,6 +81,9 @@ extern "C" {
#define ASN1_ITEM_start(itname) \
const ASN1_ITEM itname##_it = {
+#define static_ASN1_ITEM_start(itname) \
+ static const ASN1_ITEM itname##_it = {
+
#define ASN1_ITEM_end(itname) \
};
@@ -103,6 +106,18 @@ extern "C" {
#tname \
ASN1_ITEM_end(tname)
+#define static_ASN1_ITEM_TEMPLATE_END(tname) \
+ ;\
+ static_ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_PRIMITIVE,\
+ -1,\
+ &tname##_item_tt,\
+ 0,\
+ NULL,\
+ 0,\
+ #tname \
+ ASN1_ITEM_end(tname)
+
/* This is a ASN1 type which just embeds a template */
@@ -131,6 +146,8 @@ extern "C" {
#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
+#define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname)
+
#define ASN1_SEQUENCE_END_name(stname, tname) \
;\
ASN1_ITEM_start(tname) \
@@ -143,6 +160,18 @@ extern "C" {
#stname \
ASN1_ITEM_end(tname)
+#define static_ASN1_SEQUENCE_END_name(stname, tname) \
+ ;\
+ static_ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_SEQUENCE,\
+ V_ASN1_SEQUENCE,\
+ tname##_seq_tt,\
+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+ NULL,\
+ sizeof(stname),\
+ #stname \
+ ASN1_ITEM_end(tname)
+
#define ASN1_NDEF_SEQUENCE(tname) \
ASN1_SEQUENCE(tname)
@@ -177,12 +206,26 @@ extern "C" {
#tname \
ASN1_ITEM_end(tname)
+#define static_ASN1_NDEF_SEQUENCE_END(tname) \
+ ;\
+ static_ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_NDEF_SEQUENCE,\
+ V_ASN1_SEQUENCE,\
+ tname##_seq_tt,\
+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+ NULL,\
+ sizeof(tname),\
+ #tname \
+ ASN1_ITEM_end(tname)
+
#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+#define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname)
+
#define ASN1_SEQUENCE_END_ref(stname, tname) \
;\
ASN1_ITEM_start(tname) \
@@ -195,6 +238,18 @@ extern "C" {
#stname \
ASN1_ITEM_end(tname)
+#define static_ASN1_SEQUENCE_END_ref(stname, tname) \
+ ;\
+ static_ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_SEQUENCE,\
+ V_ASN1_SEQUENCE,\
+ tname##_seq_tt,\
+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+ &tname##_aux,\
+ sizeof(stname),\
+ #stname \
+ ASN1_ITEM_end(tname)
+
#define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \
;\
ASN1_ITEM_start(tname) \
@@ -239,8 +294,12 @@ extern "C" {
#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
+#define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname)
+
#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
+#define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type)
+
#define ASN1_CHOICE_END_selector(stname, tname, selname) \
;\
ASN1_ITEM_start(tname) \
@@ -253,6 +312,18 @@ extern "C" {
#stname \
ASN1_ITEM_end(tname)
+#define static_ASN1_CHOICE_END_selector(stname, tname, selname) \
+ ;\
+ static_ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_CHOICE,\
+ offsetof(stname,selname) ,\
+ tname##_ch_tt,\
+ sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+ NULL,\
+ sizeof(stname),\
+ #stname \
+ ASN1_ITEM_end(tname)
+
#define ASN1_CHOICE_END_cb(stname, tname, selname) \
;\
ASN1_ITEM_start(tname) \
diff --git a/libressl/include/openssl/bio.h b/libressl/include/openssl/bio.h
index 9a9472c7..9fbf3bce 100644
--- a/libressl/include/openssl/bio.h
+++ b/libressl/include/openssl/bio.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bio.h,v 1.29 2015/06/20 01:17:27 doug Exp $ */
+/* $OpenBSD: bio.h,v 1.45 2018/06/02 04:41:12 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -103,6 +103,12 @@ extern "C" {
#define BIO_TYPE_FILTER 0x0200
#define BIO_TYPE_SOURCE_SINK 0x0400
+/*
+ * BIO_TYPE_START is the first user-allocated BIO type. No pre-defined type,
+ * flag bits aside, may exceed this value.
+ */
+#define BIO_TYPE_START 128
+
/* BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
* BIO_set_fp(in,stdin,BIO_NOCLOSE); */
#define BIO_NOCLOSE 0x00
@@ -264,6 +270,7 @@ const char * BIO_method_name(const BIO *b);
int BIO_method_type(const BIO *b);
typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long);
+typedef int BIO_info_cb(BIO *, int, int);
typedef struct bio_method_st {
int type;
@@ -279,7 +286,7 @@ typedef struct bio_method_st {
} BIO_METHOD;
struct bio_st {
- BIO_METHOD *method;
+ const BIO_METHOD *method;
/* bio, mode, argp, argi, argl, ret */
long (*callback)(struct bio_st *, int, const char *, int, long, long);
char *cb_arg; /* first argument for the callback */
@@ -327,6 +334,27 @@ typedef struct bio_f_buffer_ctx_struct {
/* Prefix and suffix callback in ASN1 BIO */
typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, void *parg);
+/* BIO_METHOD accessors */
+BIO_METHOD *BIO_meth_new(int type, const char *name);
+void BIO_meth_free(BIO_METHOD *biom);
+int (*BIO_meth_get_write(const BIO_METHOD *biom))(BIO *, const char *, int);
+int BIO_meth_set_write(BIO_METHOD *biom,
+ int (*write)(BIO *, const char *, int));
+int (*BIO_meth_get_read(const BIO_METHOD *biom))(BIO *, char *, int);
+int BIO_meth_set_read(BIO_METHOD *biom, int (*read)(BIO *, char *, int));
+int (*BIO_meth_get_puts(const BIO_METHOD *biom))(BIO *, const char *);
+int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts)(BIO *, const char *));
+int (*BIO_meth_get_gets(const BIO_METHOD *biom))(BIO *, char *, int);
+int BIO_meth_set_gets(BIO_METHOD *biom, int (*gets)(BIO *, char *, int));
+long (*BIO_meth_get_ctrl(const BIO_METHOD *biom))(BIO *, int, long, void *);
+int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl)(BIO *, int, long, void *));
+int (*BIO_meth_get_create(const BIO_METHOD *biom))(BIO *);
+int BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *));
+int (*BIO_meth_get_destroy(const BIO_METHOD *biom))(BIO *);
+int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *));
+long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *);
+int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
+ long (*callback_ctrl)(BIO *, int, BIO_info_cb *));
/* connect BIO stuff */
#define BIO_CONN_S_BEFORE 1
@@ -474,11 +502,11 @@ typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, void *parg);
#define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
#define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
#define BIO_set_ssl_renegotiate_bytes(b,num) \
- BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
+ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL)
#define BIO_get_num_renegotiates(b) \
- BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
+ BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL)
#define BIO_set_ssl_renegotiate_timeout(b,seconds) \
- BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
+ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL)
/* defined in evp.h */
/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
@@ -568,13 +596,20 @@ int
BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
asn1_ps_func **psuffix_free);
-BIO_METHOD *BIO_s_file(void );
+int BIO_get_new_index(void);
+const BIO_METHOD *BIO_s_file(void);
BIO *BIO_new_file(const char *filename, const char *mode);
BIO *BIO_new_fp(FILE *stream, int close_flag);
# define BIO_s_file_internal BIO_s_file
-BIO * BIO_new(BIO_METHOD *type);
-int BIO_set(BIO *a, BIO_METHOD *type);
+BIO *BIO_new(const BIO_METHOD *type);
+int BIO_set(BIO *a, const BIO_METHOD *type);
int BIO_free(BIO *a);
+int BIO_up_ref(BIO *bio);
+void *BIO_get_data(BIO *a);
+void BIO_set_data(BIO *a, void *ptr);
+void BIO_set_init(BIO *a, int init);
+int BIO_get_shutdown(BIO *a);
+void BIO_set_shutdown(BIO *a, int shut);
void BIO_vfree(BIO *a);
int BIO_read(BIO *b, void *data, int len)
__attribute__((__bounded__(__buffer__,2,3)));
@@ -606,20 +641,20 @@ int BIO_nwrite(BIO *bio, char **buf, int num);
long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
long argl, long ret);
-BIO_METHOD *BIO_s_mem(void);
-BIO *BIO_new_mem_buf(void *buf, int len);
-BIO_METHOD *BIO_s_socket(void);
-BIO_METHOD *BIO_s_connect(void);
-BIO_METHOD *BIO_s_accept(void);
-BIO_METHOD *BIO_s_fd(void);
-BIO_METHOD *BIO_s_log(void);
-BIO_METHOD *BIO_s_bio(void);
-BIO_METHOD *BIO_s_null(void);
-BIO_METHOD *BIO_f_null(void);
-BIO_METHOD *BIO_f_buffer(void);
-BIO_METHOD *BIO_f_nbio_test(void);
+const BIO_METHOD *BIO_s_mem(void);
+BIO *BIO_new_mem_buf(const void *buf, int len);
+const BIO_METHOD *BIO_s_socket(void);
+const BIO_METHOD *BIO_s_connect(void);
+const BIO_METHOD *BIO_s_accept(void);
+const BIO_METHOD *BIO_s_fd(void);
+const BIO_METHOD *BIO_s_log(void);
+const BIO_METHOD *BIO_s_bio(void);
+const BIO_METHOD *BIO_s_null(void);
+const BIO_METHOD *BIO_f_null(void);
+const BIO_METHOD *BIO_f_buffer(void);
+const BIO_METHOD *BIO_f_nbio_test(void);
#ifndef OPENSSL_NO_DGRAM
-BIO_METHOD *BIO_s_datagram(void);
+const BIO_METHOD *BIO_s_datagram(void);
#endif
/* BIO_METHOD *BIO_f_ber(void); */
@@ -663,8 +698,8 @@ int BIO_set_tcp_ndelay(int sock, int turn_on);
BIO *BIO_new_socket(int sock, int close_flag);
BIO *BIO_new_dgram(int fd, int close_flag);
BIO *BIO_new_fd(int fd, int close_flag);
-BIO *BIO_new_connect(char *host_port);
-BIO *BIO_new_accept(char *host_port);
+BIO *BIO_new_connect(const char *host_port);
+BIO *BIO_new_accept(const char *host_port);
int
BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
diff --git a/libressl/include/openssl/bn.h b/libressl/include/openssl/bn.h
index 0dde08a3..cc1f4675 100644
--- a/libressl/include/openssl/bn.h
+++ b/libressl/include/openssl/bn.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn.h,v 1.36 2017/01/25 06:15:44 beck Exp $ */
+/* $OpenBSD: bn.h,v 1.39 2019/08/25 19:23:59 schwarze Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -285,6 +285,11 @@ struct bn_gencb_st {
int (*cb_2)(int, int, BN_GENCB *);
} cb;
};
+
+BN_GENCB *BN_GENCB_new(void);
+void BN_GENCB_free(BN_GENCB *cb);
+void *BN_GENCB_get_arg(BN_GENCB *cb);
+
/* Wrapper function to make using BN_GENCB easier, */
int BN_GENCB_call(BN_GENCB *cb, int a, int b);
/* Macro to populate a BN_GENCB structure with an "old"-style callback */
@@ -303,24 +308,79 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b);
#define BN_prime_checks 0 /* default: select number of iterations
based on the size of the number */
-/* number of Miller-Rabin iterations for an error rate of less than 2^-80
- * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook
- * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
- * original paper: Damgaard, Landrock, Pomerance: Average case error estimates
- * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */
-#define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \
- (b) >= 850 ? 3 : \
- (b) >= 650 ? 4 : \
- (b) >= 550 ? 5 : \
- (b) >= 450 ? 6 : \
- (b) >= 400 ? 7 : \
- (b) >= 350 ? 8 : \
- (b) >= 300 ? 9 : \
- (b) >= 250 ? 12 : \
- (b) >= 200 ? 15 : \
- (b) >= 150 ? 18 : \
- /* b >= 100 */ 27)
+/*
+ * BN_prime_checks_for_size() returns the number of Miller-Rabin
+ * iterations that will be done for checking that a random number
+ * is probably prime. The error rate for accepting a composite
+ * number as prime depends on the size of the prime |b|. The error
+ * rates used are for calculating an RSA key with 2 primes, and so
+ * the level is what you would expect for a key of double the size
+ * of the prime.
+ *
+ * This table is generated using the algorithm of FIPS PUB 186-4
+ * Digital Signature Standard (DSS), section F.1, page 117.
+ * (https://dx.doi.org/10.6028/NIST.FIPS.186-4)
+ *
+ * The following magma script was used to generate the output:
+ * securitybits:=125;
+ * k:=1024;
+ * for t:=1 to 65 do
+ * for M:=3 to Floor(2*Sqrt(k-1)-1) do
+ * S:=0;
+ * // Sum over m
+ * for m:=3 to M do
+ * s:=0;
+ * // Sum over j
+ * for j:=2 to m do
+ * s+:=(RealField(32)!2)^-(j+(k-1)/j);
+ * end for;
+ * S+:=2^(m-(m-1)*t)*s;
+ * end for;
+ * A:=2^(k-2-M*t);
+ * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S;
+ * pkt:=2.00743*Log(2)*k*2^-k*(A+B);
+ * seclevel:=Floor(-Log(2,pkt));
+ * if seclevel ge securitybits then
+ * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M;
+ * break;
+ * end if;
+ * end for;
+ * if seclevel ge securitybits then break; end if;
+ * end for;
+ *
+ * It can be run online at:
+ * http://magma.maths.usyd.edu.au/calc
+ *
+ * And will output:
+ * k: 1024, security: 129 bits (t: 6, M: 23)
+ *
+ * k is the number of bits of the prime, securitybits is the level
+ * we want to reach.
+ *
+ * prime length | RSA key size | # MR tests | security level
+ * -------------+--------------|------------+---------------
+ * (b) >= 6394 | >= 12788 | 3 | 256 bit
+ * (b) >= 3747 | >= 7494 | 3 | 192 bit
+ * (b) >= 1345 | >= 2690 | 4 | 128 bit
+ * (b) >= 1080 | >= 2160 | 5 | 128 bit
+ * (b) >= 852 | >= 1704 | 5 | 112 bit
+ * (b) >= 476 | >= 952 | 5 | 80 bit
+ * (b) >= 400 | >= 800 | 6 | 80 bit
+ * (b) >= 347 | >= 694 | 7 | 80 bit
+ * (b) >= 308 | >= 616 | 8 | 80 bit
+ * (b) >= 55 | >= 110 | 27 | 64 bit
+ * (b) >= 6 | >= 12 | 34 | 64 bit
+ */
+#define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \
+ (b) >= 1345 ? 4 : \
+ (b) >= 476 ? 5 : \
+ (b) >= 400 ? 6 : \
+ (b) >= 347 ? 7 : \
+ (b) >= 308 ? 8 : \
+ (b) >= 55 ? 27 : \
+ /* b >= 6 */ 34)
+
#define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */
@@ -628,6 +688,8 @@ const BIGNUM *BN_get0_nist_prime_521(void);
/* Primes from RFC 2409 */
BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn);
+BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn);
+BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn);
/* Primes from RFC 3526 */
BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn);
@@ -636,6 +698,12 @@ BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn);
BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn);
BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn);
BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn);
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/libressl/include/openssl/chacha.h b/libressl/include/openssl/chacha.h
index 8d94e626..e2345b21 100644
--- a/libressl/include/openssl/chacha.h
+++ b/libressl/include/openssl/chacha.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: chacha.h,v 1.7 2015/12/09 14:07:55 bcook Exp $ */
+/* $OpenBSD: chacha.h,v 1.8 2019/01/22 00:59:21 dlg Exp $ */
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
*
@@ -46,6 +46,10 @@ void ChaCha(ChaCha_ctx *ctx, unsigned char *out, const unsigned char *in,
void CRYPTO_chacha_20(unsigned char *out, const unsigned char *in, size_t len,
const unsigned char key[32], const unsigned char iv[8], uint64_t counter);
+void CRYPTO_xchacha_20(unsigned char *out, const unsigned char *in, size_t len,
+ const unsigned char key[32], const unsigned char iv[24]);
+void CRYPTO_hchacha_20(unsigned char out[32],
+ const unsigned char key[32], const unsigned char iv[16]);
#ifdef __cplusplus
}
diff --git a/libressl/include/openssl/cms.h b/libressl/include/openssl/cms.h
new file mode 100644
index 00000000..3c92be34
--- /dev/null
+++ b/libressl/include/openssl/cms.h
@@ -0,0 +1,532 @@
+/* $OpenBSD: cms.h,v 1.15 2019/08/11 10:15:30 jsing Exp $ */
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#ifndef HEADER_CMS_H
+#define HEADER_CMS_H
+
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_CMS
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct CMS_ContentInfo_st CMS_ContentInfo;
+typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_CertificateChoices CMS_CertificateChoices;
+typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
+typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
+typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
+typedef struct CMS_Receipt_st CMS_Receipt;
+typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
+typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
+
+DECLARE_STACK_OF(CMS_SignerInfo)
+DECLARE_STACK_OF(CMS_RecipientEncryptedKey)
+DECLARE_STACK_OF(CMS_RecipientInfo)
+DECLARE_STACK_OF(CMS_RevocationInfoChoice)
+CMS_ContentInfo *CMS_ContentInfo_new(void);
+void CMS_ContentInfo_free(CMS_ContentInfo *a);
+CMS_ContentInfo *d2i_CMS_ContentInfo(CMS_ContentInfo **a, const unsigned char **in, long len);
+int i2d_CMS_ContentInfo(CMS_ContentInfo *a, unsigned char **out);
+extern const ASN1_ITEM CMS_ContentInfo_it;
+CMS_ReceiptRequest *CMS_ReceiptRequest_new(void);
+void CMS_ReceiptRequest_free(CMS_ReceiptRequest *a);
+CMS_ReceiptRequest *d2i_CMS_ReceiptRequest(CMS_ReceiptRequest **a, const unsigned char **in, long len);
+int i2d_CMS_ReceiptRequest(CMS_ReceiptRequest *a, unsigned char **out);
+extern const ASN1_ITEM CMS_ReceiptRequest_it;
+int CMS_ContentInfo_print_ctx(BIO *out, CMS_ContentInfo *x, int indent, const ASN1_PCTX *pctx);
+
+#define CMS_SIGNERINFO_ISSUER_SERIAL 0
+#define CMS_SIGNERINFO_KEYIDENTIFIER 1
+
+#define CMS_RECIPINFO_NONE -1
+#define CMS_RECIPINFO_TRANS 0
+#define CMS_RECIPINFO_AGREE 1
+#define CMS_RECIPINFO_KEK 2
+#define CMS_RECIPINFO_PASS 3
+#define CMS_RECIPINFO_OTHER 4
+
+/* S/MIME related flags */
+
+#define CMS_TEXT 0x1
+#define CMS_NOCERTS 0x2
+#define CMS_NO_CONTENT_VERIFY 0x4
+#define CMS_NO_ATTR_VERIFY 0x8
+#define CMS_NOSIGS \
+ (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
+#define CMS_NOINTERN 0x10
+#define CMS_NO_SIGNER_CERT_VERIFY 0x20
+#define CMS_NOVERIFY 0x20
+#define CMS_DETACHED 0x40
+#define CMS_BINARY 0x80
+#define CMS_NOATTR 0x100
+#define CMS_NOSMIMECAP 0x200
+#define CMS_NOOLDMIMETYPE 0x400
+#define CMS_CRLFEOL 0x800
+#define CMS_STREAM 0x1000
+#define CMS_NOCRL 0x2000
+#define CMS_PARTIAL 0x4000
+#define CMS_REUSE_DIGEST 0x8000
+#define CMS_USE_KEYID 0x10000
+#define CMS_DEBUG_DECRYPT 0x20000
+#define CMS_KEY_PARAM 0x40000
+#define CMS_ASCIICRLF 0x80000
+
+const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms);
+
+BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
+int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
+
+ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
+int CMS_is_detached(CMS_ContentInfo *cms);
+int CMS_set_detached(CMS_ContentInfo *cms, int detached);
+
+#ifdef HEADER_PEM_H
+CMS_ContentInfo *PEM_read_bio_CMS(BIO *bp, CMS_ContentInfo **x,
+ pem_password_cb *cb, void *u);
+CMS_ContentInfo *PEM_read_CMS(FILE *fp, CMS_ContentInfo **x,
+ pem_password_cb *cb, void *u);
+int PEM_write_bio_CMS(BIO *bp, const CMS_ContentInfo *x);
+int PEM_write_CMS(FILE *fp, const CMS_ContentInfo *x);
+#endif
+int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
+CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
+int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
+
+BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
+int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
+int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
+ int flags);
+CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
+int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
+
+int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);
+
+CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+ BIO *data, unsigned int flags);
+
+CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert,
+ EVP_PKEY *pkey, STACK_OF(X509) *certs, unsigned int flags);
+
+int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
+CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
+
+int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+ unsigned int flags);
+CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
+ unsigned int flags);
+
+int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key,
+ size_t keylen, BIO *dcont, BIO *out, unsigned int flags);
+
+CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
+ const unsigned char *key, size_t keylen, unsigned int flags);
+
+int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
+ const unsigned char *key, size_t keylen);
+
+int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+ X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
+
+int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+ STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags);
+
+STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
+
+CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
+ const EVP_CIPHER *cipher, unsigned int flags);
+
+int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
+ BIO *dcont, BIO *out, unsigned int flags);
+
+int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
+int CMS_decrypt_set1_key(CMS_ContentInfo *cms, unsigned char *key,
+ size_t keylen, const unsigned char *id, size_t idlen);
+int CMS_decrypt_set1_password(CMS_ContentInfo *cms, unsigned char *pass,
+ ssize_t passlen);
+
+STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
+int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
+EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
+CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
+CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip,
+ unsigned int flags);
+int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
+int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
+int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, EVP_PKEY **pk,
+ X509 **recip, X509_ALGOR **palg);
+int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+ ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
+
+CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
+ unsigned char *key, size_t keylen, unsigned char *id, size_t idlen,
+ ASN1_GENERALIZEDTIME *date, ASN1_OBJECT *otherTypeId, ASN1_TYPE *otherType);
+
+int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg,
+ ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate,
+ ASN1_OBJECT **potherid, ASN1_TYPE **pothertype);
+
+int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key,
+ size_t keylen);
+
+int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
+ const unsigned char *id, size_t idlen);
+
+int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass,
+ ssize_t passlen);
+
+CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter,
+ int wrap_nid, int pbe_nid, unsigned char *pass, ssize_t passlen,
+ const EVP_CIPHER *kekciph);
+
+int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+ unsigned int flags);
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
+
+int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
+const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
+
+CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
+int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
+int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
+STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
+
+CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
+int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
+
+int CMS_SignedData_init(CMS_ContentInfo *cms);
+CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer,
+ EVP_PKEY *pk, const EVP_MD *md, unsigned int flags);
+EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si);
+EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si);
+STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
+
+void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
+int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid,
+ X509_NAME **issuer, ASN1_INTEGER **sno);
+int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
+int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+ unsigned int flags);
+void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
+ X509_ALGOR **pdig, X509_ALGOR **psig);
+ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
+int CMS_SignerInfo_sign(CMS_SignerInfo *si);
+int CMS_SignerInfo_verify(CMS_SignerInfo *si);
+int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+
+int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
+int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, int algnid,
+ int keysize);
+int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
+
+int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
+int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos);
+int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
+ int lastpos);
+X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
+X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
+int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
+int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj,
+ int type, const void *bytes, int len);
+int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
+ const void *bytes, int len);
+int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
+ const char *attrname, int type, const void *bytes, int len);
+void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
+ int lastpos, int type);
+
+int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
+int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+ int lastpos);
+int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si,
+ const ASN1_OBJECT *obj, int lastpos);
+X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
+X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
+int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
+int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
+ const ASN1_OBJECT *obj, int type, const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
+ const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname,
+ int type, const void *bytes, int len);
+void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+ int lastpos, int type);
+
+#ifdef HEADER_X509V3_H
+
+int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
+ int allorfirst, STACK_OF(GENERAL_NAMES) *receiptList,
+ STACK_OF(GENERAL_NAMES) *receiptsTo);
+int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
+void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
+ int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist,
+ STACK_OF(GENERAL_NAMES) **prto);
+#endif
+int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, X509_ALGOR **palg,
+ ASN1_OCTET_STRING **pukm);
+STACK_OF(CMS_RecipientEncryptedKey) *
+ CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri);
+
+int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
+ X509_ALGOR **pubalg, ASN1_BIT_STRING **pubkey, ASN1_OCTET_STRING **keyid,
+ X509_NAME **issuer, ASN1_INTEGER **sno);
+
+int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert);
+
+int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
+ ASN1_OCTET_STRING **keyid, ASN1_GENERALIZEDTIME **tm,
+ CMS_OtherKeyAttribute **other, X509_NAME **issuer, ASN1_INTEGER **sno);
+int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
+ X509 *cert);
+int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk);
+EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri);
+int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
+ CMS_RecipientInfo *ri, CMS_RecipientEncryptedKey *rek);
+
+int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
+ ASN1_OCTET_STRING *ukm, int keylen);
+
+/* Backward compatibility for spelling errors. */
+#define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM
+#define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \
+ CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE
+
+int ERR_load_CMS_strings(void);
+
+/*
+ * CMS function codes.
+ */
+#define CMS_F_CHECK_CONTENT 99
+#define CMS_F_CMS_ADD0_CERT 164
+#define CMS_F_CMS_ADD0_RECIPIENT_KEY 100
+#define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165
+#define CMS_F_CMS_ADD1_RECEIPTREQUEST 158
+#define CMS_F_CMS_ADD1_RECIPIENT_CERT 101
+#define CMS_F_CMS_ADD1_SIGNER 102
+#define CMS_F_CMS_ADD1_SIGNINGTIME 103
+#define CMS_F_CMS_COMPRESS 104
+#define CMS_F_CMS_COMPRESSEDDATA_CREATE 105
+#define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106
+#define CMS_F_CMS_COPY_CONTENT 107
+#define CMS_F_CMS_COPY_MESSAGEDIGEST 108
+#define CMS_F_CMS_DATA 109
+#define CMS_F_CMS_DATAFINAL 110
+#define CMS_F_CMS_DATAINIT 111
+#define CMS_F_CMS_DECRYPT 112
+#define CMS_F_CMS_DECRYPT_SET1_KEY 113
+#define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166
+#define CMS_F_CMS_DECRYPT_SET1_PKEY 114
+#define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115
+#define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116
+#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117
+#define CMS_F_CMS_DIGEST_VERIFY 118
+#define CMS_F_CMS_ENCODE_RECEIPT 161
+#define CMS_F_CMS_ENCRYPT 119
+#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT 179
+#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120
+#define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121
+#define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122
+#define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123
+#define CMS_F_CMS_ENVELOPEDDATA_CREATE 124
+#define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125
+#define CMS_F_CMS_ENVELOPED_DATA_INIT 126
+#define CMS_F_CMS_ENV_ASN1_CTRL 171
+#define CMS_F_CMS_FINAL 127
+#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128
+#define CMS_F_CMS_GET0_CONTENT 129
+#define CMS_F_CMS_GET0_ECONTENT_TYPE 130
+#define CMS_F_CMS_GET0_ENVELOPED 131
+#define CMS_F_CMS_GET0_REVOCATION_CHOICES 132
+#define CMS_F_CMS_GET0_SIGNED 133
+#define CMS_F_CMS_MSGSIGDIGEST_ADD1 162
+#define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159
+#define CMS_F_CMS_RECEIPT_VERIFY 160
+#define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134
+#define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 169
+#define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 178
+#define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 175
+#define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 173
+#define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 172
+#define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 174
+#define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135
+#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136
+#define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137
+#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138
+#define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139
+#define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140
+#define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141
+#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142
+#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143
+#define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167
+#define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144
+#define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168
+#define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145
+#define CMS_F_CMS_SD_ASN1_CTRL 170
+#define CMS_F_CMS_SET1_IAS 176
+#define CMS_F_CMS_SET1_KEYID 177
+#define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146
+#define CMS_F_CMS_SET_DETACHED 147
+#define CMS_F_CMS_SIGN 148
+#define CMS_F_CMS_SIGNED_DATA_INIT 149
+#define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150
+#define CMS_F_CMS_SIGNERINFO_SIGN 151
+#define CMS_F_CMS_SIGNERINFO_VERIFY 152
+#define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153
+#define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154
+#define CMS_F_CMS_SIGN_RECEIPT 163
+#define CMS_F_CMS_STREAM 155
+#define CMS_F_CMS_UNCOMPRESS 156
+#define CMS_F_CMS_VERIFY 157
+#define CMS_F_KEK_UNWRAP_KEY 180
+
+/*
+ * CMS reason codes.
+ */
+#define CMS_R_ADD_SIGNER_ERROR 99
+#define CMS_R_CERTIFICATE_ALREADY_PRESENT 175
+#define CMS_R_CERTIFICATE_HAS_NO_KEYID 160
+#define CMS_R_CERTIFICATE_VERIFY_ERROR 100
+#define CMS_R_CIPHER_INITIALISATION_ERROR 101
+#define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102
+#define CMS_R_CMS_DATAFINAL_ERROR 103
+#define CMS_R_CMS_LIB 104
+#define CMS_R_CONTENTIDENTIFIER_MISMATCH 170
+#define CMS_R_CONTENT_NOT_FOUND 105
+#define CMS_R_CONTENT_TYPE_MISMATCH 171
+#define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106
+#define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107
+#define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108
+#define CMS_R_CONTENT_VERIFY_ERROR 109
+#define CMS_R_CTRL_ERROR 110
+#define CMS_R_CTRL_FAILURE 111
+#define CMS_R_DECRYPT_ERROR 112
+#define CMS_R_ERROR_GETTING_PUBLIC_KEY 113
+#define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114
+#define CMS_R_ERROR_SETTING_KEY 115
+#define CMS_R_ERROR_SETTING_RECIPIENTINFO 116
+#define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117
+#define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176
+#define CMS_R_INVALID_KEY_LENGTH 118
+#define CMS_R_MD_BIO_INIT_ERROR 119
+#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120
+#define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121
+#define CMS_R_MSGSIGDIGEST_ERROR 172
+#define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162
+#define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163
+#define CMS_R_NEED_ONE_SIGNER 164
+#define CMS_R_NOT_A_SIGNED_RECEIPT 165
+#define CMS_R_NOT_ENCRYPTED_DATA 122
+#define CMS_R_NOT_KEK 123
+#define CMS_R_NOT_KEY_AGREEMENT 181
+#define CMS_R_NOT_KEY_TRANSPORT 124
+#define CMS_R_NOT_PWRI 177
+#define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125
+#define CMS_R_NO_CIPHER 126
+#define CMS_R_NO_CONTENT 127
+#define CMS_R_NO_CONTENT_TYPE 173
+#define CMS_R_NO_DEFAULT_DIGEST 128
+#define CMS_R_NO_DIGEST_SET 129
+#define CMS_R_NO_KEY 130
+#define CMS_R_NO_KEY_OR_CERT 174
+#define CMS_R_NO_MATCHING_DIGEST 131
+#define CMS_R_NO_MATCHING_RECIPIENT 132
+#define CMS_R_NO_MATCHING_SIGNATURE 166
+#define CMS_R_NO_MSGSIGDIGEST 167
+#define CMS_R_NO_PASSWORD 178
+#define CMS_R_NO_PRIVATE_KEY 133
+#define CMS_R_NO_PUBLIC_KEY 134
+#define CMS_R_NO_RECEIPT_REQUEST 168
+#define CMS_R_NO_SIGNERS 135
+#define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136
+#define CMS_R_RECEIPT_DECODE_ERROR 169
+#define CMS_R_RECIPIENT_ERROR 137
+#define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138
+#define CMS_R_SIGNFINAL_ERROR 139
+#define CMS_R_SMIME_TEXT_ERROR 140
+#define CMS_R_STORE_INIT_ERROR 141
+#define CMS_R_TYPE_NOT_COMPRESSED_DATA 142
+#define CMS_R_TYPE_NOT_DATA 143
+#define CMS_R_TYPE_NOT_DIGESTED_DATA 144
+#define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145
+#define CMS_R_TYPE_NOT_ENVELOPED_DATA 146
+#define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147
+#define CMS_R_UNKNOWN_CIPHER 148
+#define CMS_R_UNKNOWN_DIGEST_ALGORITHM 149
+#define CMS_R_UNKNOWN_ID 150
+#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151
+#define CMS_R_UNSUPPORTED_CONTENT_TYPE 152
+#define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153
+#define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179
+#define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155
+#define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154
+#define CMS_R_UNSUPPORTED_TYPE 156
+#define CMS_R_UNWRAP_ERROR 157
+#define CMS_R_UNWRAP_FAILURE 180
+#define CMS_R_VERIFICATION_FAILURE 158
+#define CMS_R_WRAP_ERROR 159
+
+#ifdef __cplusplus
+}
+#endif
+#endif
+#endif
diff --git a/libressl/include/openssl/crypto.h b/libressl/include/openssl/crypto.h
index c1ee78fb..7de8abb4 100644
--- a/libressl/include/openssl/crypto.h
+++ b/libressl/include/openssl/crypto.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto.h,v 1.40 2015/09/17 09:51:40 bcook Exp $ */
+/* $OpenBSD: crypto.h,v 1.50 2019/01/19 01:07:00 tb Exp $ */
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
@@ -203,7 +203,6 @@ typedef struct openssl_item_st {
#define CRYPTO_READ 4
#define CRYPTO_WRITE 8
-#ifndef OPENSSL_NO_LOCKING
#ifndef CRYPTO_w_lock
#define CRYPTO_w_lock(type) \
CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
@@ -216,13 +215,6 @@ typedef struct openssl_item_st {
#define CRYPTO_add(addr,amount,type) \
CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
#endif
-#else
-#define CRYPTO_w_lock(a)
-#define CRYPTO_w_unlock(a)
-#define CRYPTO_r_lock(a)
-#define CRYPTO_r_unlock(a)
-#define CRYPTO_add(a,b,c) ((*(a))+=(b))
-#endif
/* Some applications as well as some parts of OpenSSL need to allocate
and deallocate locks in a dynamic fashion. The following typedef
@@ -294,11 +286,13 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
#define CRYPTO_EX_INDEX_ECDH 13
#define CRYPTO_EX_INDEX_COMP 14
#define CRYPTO_EX_INDEX_STORE 15
+#define CRYPTO_EX_INDEX_EC_KEY 16
/* Dynamically assigned indexes start from this value (don't use directly, use
* via CRYPTO_ex_data_new_class). */
#define CRYPTO_EX_INDEX_USER 100
+#ifndef LIBRESSL_INTERNAL
#define CRYPTO_malloc_init() (0)
#define CRYPTO_malloc_debug_init() (0)
@@ -329,7 +323,16 @@ int CRYPTO_is_mem_check_on(void);
#define OPENSSL_malloc_locked(num) \
CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
#define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
+#endif
+const char *OpenSSL_version(int type);
+#define OPENSSL_VERSION 0
+#define OPENSSL_CFLAGS 1
+#define OPENSSL_BUILT_ON 2
+#define OPENSSL_PLATFORM 3
+#define OPENSSL_DIR 4
+#define OPENSSL_ENGINES_DIR 5
+unsigned long OpenSSL_version_num(void);
const char *SSLeay_version(int type);
unsigned long SSLeay(void);
@@ -360,42 +363,43 @@ void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx);
* potential race-conditions. */
void CRYPTO_cleanup_all_ex_data(void);
-int CRYPTO_get_new_lockid(char *name);
-
-int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */
void CRYPTO_lock(int mode, int type, const char *file, int line);
-void CRYPTO_set_locking_callback(void (*func)(int mode, int type,
- const char *file, int line));
-void (*CRYPTO_get_locking_callback(void))(int mode, int type,
- const char *file, int line);
-void CRYPTO_set_add_lock_callback(int (*func)(int *num, int mount, int type,
- const char *file, int line));
-int (*CRYPTO_get_add_lock_callback(void))(int *num, int mount, int type,
- const char *file, int line);
+int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
+ int line);
/* Don't use this structure directly. */
typedef struct crypto_threadid_st {
void *ptr;
unsigned long val;
} CRYPTO_THREADID;
-/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */
-void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val);
-void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr);
-int CRYPTO_THREADID_set_callback(void (*threadid_func)(CRYPTO_THREADID *));
-void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *);
void CRYPTO_THREADID_current(CRYPTO_THREADID *id);
int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b);
void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src);
unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id);
-#ifndef OPENSSL_NO_DEPRECATED
+
+#ifndef LIBRESSL_INTERNAL
+/* These functions are deprecated no-op stubs */
void CRYPTO_set_id_callback(unsigned long (*func)(void));
unsigned long (*CRYPTO_get_id_callback(void))(void);
unsigned long CRYPTO_thread_id(void);
-#endif
+int CRYPTO_get_new_lockid(char *name);
const char *CRYPTO_get_lock_name(int type);
-int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
- int line);
+
+int CRYPTO_num_locks(void);
+void CRYPTO_set_locking_callback(void (*func)(int mode, int type,
+ const char *file, int line));
+void (*CRYPTO_get_locking_callback(void))(int mode, int type,
+ const char *file, int line);
+void CRYPTO_set_add_lock_callback(int (*func)(int *num, int mount, int type,
+ const char *file, int line));
+int (*CRYPTO_get_add_lock_callback(void))(int *num, int mount, int type,
+ const char *file, int line);
+
+void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val);
+void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr);
+int CRYPTO_THREADID_set_callback(void (*threadid_func)(CRYPTO_THREADID *));
+void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *);
int CRYPTO_get_new_dynlockid(void);
void CRYPTO_destroy_dynlockid(int i);
@@ -406,6 +410,7 @@ void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)(struct CRY
struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))(const char *file, int line);
void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line);
void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l, const char *file, int line);
+#endif
/* CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions --
* call the latter last if you need different functions */
@@ -485,11 +490,11 @@ long CRYPTO_dbg_get_options(void)
__attribute__ ((deprecated));
-void CRYPTO_mem_leaks_fp(FILE *);
-void CRYPTO_mem_leaks(struct bio_st *bio);
+int CRYPTO_mem_leaks_fp(FILE *);
+int CRYPTO_mem_leaks(struct bio_st *bio);
/* unsigned long order, char *file, int line, int num_bytes, char *addr */
-typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *);
-void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
+typedef int *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *);
+int CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
/* die if we have to */
void OpenSSLDie(const char *file, int line, const char *assertion);
@@ -499,9 +504,9 @@ uint64_t OPENSSL_cpu_caps(void);
int OPENSSL_isservice(void);
+#ifndef LIBRESSL_INTERNAL
void OPENSSL_init(void);
-#ifndef LIBRESSL_INTERNAL
/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
* takes an amount of time dependent on |len|, but independent of the contents
* of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
@@ -534,6 +539,40 @@ void ERR_load_CRYPTO_strings(void);
#define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101
#define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100
+/*
+ * OpenSSL compatible OPENSSL_INIT options.
+ */
+
+#define OPENSSL_INIT_NO_LOAD_CONFIG 0x00000001L
+#define OPENSSL_INIT_LOAD_CONFIG 0x00000002L
+
+/* LibreSSL specific */
+#define _OPENSSL_INIT_FLAG_NOOP 0x80000000L
+
+/*
+ * These are provided for compatibiliy, but have no effect
+ * on how LibreSSL is initialized.
+ */
+#define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS _OPENSSL_INIT_FLAG_NOOP
+#define OPENSSL_INIT_LOAD_CRYPTO_STRINGS _OPENSSL_INIT_FLAG_NOOP
+#define OPENSSL_INIT_ADD_ALL_CIPHERS _OPENSSL_INIT_FLAG_NOOP
+#define OPENSSL_INIT_ADD_ALL_DIGESTS _OPENSSL_INIT_FLAG_NOOP
+#define OPENSSL_INIT_NO_ADD_ALL_CIPHERS _OPENSSL_INIT_FLAG_NOOP
+#define OPENSSL_INIT_NO_ADD_ALL_DIGESTS _OPENSSL_INIT_FLAG_NOOP
+#define OPENSSL_INIT_ASYNC _OPENSSL_INIT_FLAG_NOOP
+#define OPENSSL_INIT_ENGINE_RDRAND _OPENSSL_INIT_FLAG_NOOP
+#define OPENSSL_INIT_ENGINE_DYNAMIC _OPENSSL_INIT_FLAG_NOOP
+#define OPENSSL_INIT_ENGINE_OPENSSL _OPENSSL_INIT_FLAG_NOOP
+#define OPENSSL_INIT_ENGINE_CRYPTODEV _OPENSSL_INIT_FLAG_NOOP
+#define OPENSSL_INIT_ENGINE_CAPI _OPENSSL_INIT_FLAG_NOOP
+#define OPENSSL_INIT_ENGINE_PADLOCK _OPENSSL_INIT_FLAG_NOOP
+#define OPENSSL_INIT_ENGINE_AFALG _OPENSSL_INIT_FLAG_NOOP
+#define OPENSSL_INIT_reserved_internal _OPENSSL_INIT_FLAG_NOOP
+#define OPENSSL_INIT_ATFORK _OPENSSL_INIT_FLAG_NOOP
+#define OPENSSL_INIT_ENGINE_ALL_BUILTIN _OPENSSL_INIT_FLAG_NOOP
+
+int OPENSSL_init_crypto(uint64_t opts, const void *settings);
+
#ifdef __cplusplus
}
#endif
diff --git a/libressl/include/openssl/curve25519.h b/libressl/include/openssl/curve25519.h
index 5aaa8c08..c16a4e26 100644
--- a/libressl/include/openssl/curve25519.h
+++ b/libressl/include/openssl/curve25519.h
@@ -1,3 +1,4 @@
+/* $OpenBSD: curve25519.h,v 1.3 2019/05/11 15:55:52 tb Exp $ */
/*
* Copyright (c) 2015, Google Inc.
*
diff --git a/libressl/include/openssl/dh.h b/libressl/include/openssl/dh.h
index 920af3b9..082b5025 100644
--- a/libressl/include/openssl/dh.h
+++ b/libressl/include/openssl/dh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.h,v 1.18 2016/11/04 18:35:30 jsing Exp $ */
+/* $OpenBSD: dh.h,v 1.25 2018/02/22 16:41:04 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -183,11 +183,23 @@ DH * DH_new(void);
void DH_free(DH *dh);
int DH_up_ref(DH *dh);
int DH_size(const DH *dh);
+int DH_bits(const DH *dh);
int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
int DH_set_ex_data(DH *d, int idx, void *arg);
void *DH_get_ex_data(DH *d, int idx);
+ENGINE *DH_get0_engine(DH *d);
+void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,
+ const BIGNUM **g);
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
+void DH_clear_flags(DH *dh, int flags);
+int DH_test_flags(const DH *dh, int flags);
+void DH_set_flags(DH *dh, int flags);
+int DH_set_length(DH *dh, long length);
+
/* Deprecated version */
#ifndef OPENSSL_NO_DEPRECATED
DH * DH_generate_parameters(int prime_len,int generator,
diff --git a/libressl/include/openssl/dsa.h b/libressl/include/openssl/dsa.h
index 6ddd4c35..61bfc2b4 100644
--- a/libressl/include/openssl/dsa.h
+++ b/libressl/include/openssl/dsa.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa.h,v 1.22 2016/11/04 18:35:30 jsing Exp $ */
+/* $OpenBSD: dsa.h,v 1.30 2018/03/17 15:19:12 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -183,6 +183,8 @@ DSA_SIG * DSA_SIG_new(void);
void DSA_SIG_free(DSA_SIG *a);
int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa);
int DSA_do_verify(const unsigned char *dgst,int dgst_len,
@@ -257,6 +259,23 @@ int DSA_print_fp(FILE *bp, const DSA *x, int off);
DH *DSA_dup_DH(const DSA *r);
#endif
+void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,
+ const BIGNUM **g);
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
+void DSA_clear_flags(DSA *d, int flags);
+int DSA_test_flags(const DSA *d, int flags);
+void DSA_set_flags(DSA *d, int flags);
+ENGINE *DSA_get0_engine(DSA *d);
+
+DSA_METHOD *DSA_meth_new(const char *name, int flags);
+void DSA_meth_free(DSA_METHOD *meth);
+DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth);
+int DSA_meth_set_sign(DSA_METHOD *meth,
+ DSA_SIG *(*sign)(const unsigned char *, int, DSA *));
+int DSA_meth_set_finish(DSA_METHOD *meth, int (*finish)(DSA *));
+
#define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
diff --git a/libressl/include/openssl/dtls1.h b/libressl/include/openssl/dtls1.h
index 31ba0653..a0018f2a 100644
--- a/libressl/include/openssl/dtls1.h
+++ b/libressl/include/openssl/dtls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dtls1.h,v 1.21 2017/01/22 07:16:39 beck Exp $ */
+/* $OpenBSD: dtls1.h,v 1.22 2018/08/24 19:35:05 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -91,11 +91,7 @@ extern "C" {
#define DTLS1_CCS_HEADER_LENGTH 1
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-#define DTLS1_AL_HEADER_LENGTH 7
-#else
#define DTLS1_AL_HEADER_LENGTH 2
-#endif
#ifndef OPENSSL_NO_SSL_INTERN
diff --git a/libressl/include/openssl/ec.h b/libressl/include/openssl/ec.h
index dc70cfa6..a95d99f6 100644
--- a/libressl/include/openssl/ec.h
+++ b/libressl/include/openssl/ec.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec.h,v 1.12 2016/11/04 17:33:19 miod Exp $ */
+/* $OpenBSD: ec.h,v 1.18 2019/09/29 10:09:09 tb Exp $ */
/*
* Originally written by Bodo Moeller for the OpenSSL project.
*/
@@ -97,7 +97,7 @@ extern "C" {
#ifndef OPENSSL_ECC_MAX_FIELD_BITS
-# define OPENSSL_ECC_MAX_FIELD_BITS 661
+#define OPENSSL_ECC_MAX_FIELD_BITS 661
#endif
/** Enum for the point conversion form as defined in X9.62 (ECDSA)
@@ -705,6 +705,7 @@ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
/********************************************************************/
typedef struct ec_key_st EC_KEY;
+typedef struct ec_key_method_st EC_KEY_METHOD;
/* some values for the encoding_flag */
#define EC_PKEY_NO_PARAMETERS 0x001
@@ -713,6 +714,7 @@ typedef struct ec_key_st EC_KEY;
/* some values for the flags field */
#define EC_FLAG_NON_FIPS_ALLOW 0x1
#define EC_FLAG_FIPS_CHECKED 0x2
+#define EC_FLAG_COFACTOR_ECDH 0x1000
/** Creates a new EC_KEY object.
* \return EC_KEY object or NULL if an error occurred.
@@ -911,7 +913,7 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);
* of bytes needed).
* \return 1 on success and 0 if an error occurred
*/
-int i2o_ECPublicKey(EC_KEY *key, unsigned char **out);
+int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out);
#ifndef OPENSSL_NO_BIO
/** Prints out the ec parameters on human readable form.
@@ -945,6 +947,44 @@ int ECParameters_print_fp(FILE *fp, const EC_KEY *key);
*/
int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
+#define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \
+ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef)
+int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg);
+void *EC_KEY_get_ex_data(const EC_KEY *key, int idx);
+
+const EC_KEY_METHOD *EC_KEY_OpenSSL(void);
+const EC_KEY_METHOD *EC_KEY_get_default_method(void);
+void EC_KEY_set_default_method(const EC_KEY_METHOD *meth);
+const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
+int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
+EC_KEY *EC_KEY_new_method(ENGINE *engine);
+EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth);
+void EC_KEY_METHOD_free(EC_KEY_METHOD *meth);
+void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth,
+ int (*init)(EC_KEY *key),
+ void (*finish)(EC_KEY *key),
+ int (*copy)(EC_KEY *dest, const EC_KEY *src),
+ int (*set_group)(EC_KEY *key, const EC_GROUP *grp),
+ int (*set_private)(EC_KEY *key, const BIGNUM *priv_key),
+ int (*set_public)(EC_KEY *key, const EC_POINT *pub_key));
+void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
+ int (*keygen)(EC_KEY *key));
+void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth,
+ int (*ckey)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
+ void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)));
+void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth,
+ int (**pinit)(EC_KEY *key),
+ void (**pfinish)(EC_KEY *key),
+ int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
+ int (**pset_group)(EC_KEY *key, const EC_GROUP *grp),
+ int (**pset_private)(EC_KEY *key, const BIGNUM *priv_key),
+ int (**pset_public)(EC_KEY *key, const EC_POINT *pub_key));
+void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
+ int (**pkeygen)(EC_KEY *key));
+void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth,
+ int (**pck)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
+ void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)));
+
EC_KEY *ECParameters_dup(EC_KEY *key);
#ifndef __cplusplus
@@ -956,11 +996,96 @@ EC_KEY *ECParameters_dup(EC_KEY *key);
#endif
#define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL)
-
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+ EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \
+ EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL)
+
+#define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+ EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \
+ EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL)
+
+#define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_EC_ECDH_COFACTOR, flag, NULL)
+
+#define EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL)
+
+#define EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, kdf) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL)
+
+#define EVP_PKEY_CTX_get_ecdh_kdf_type(ctx) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL)
+
+#define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md))
+
+#define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd))
+
+#define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_EC_KDF_OUTLEN, len, NULL)
+
+#define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, \
+ (void *)(plen))
+
+#define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)(p))
+
+#define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)(p))
+
+/* SM2 will skip the operation check so no need to pass operation here */
+#define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \
+ EVP_PKEY_CTX_ctrl(ctx, -1, -1, \
+ EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id))
+
+#define EVP_PKEY_CTX_get1_id(ctx, id) \
+ EVP_PKEY_CTX_ctrl(ctx, -1, -1, \
+ EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id))
+
+#define EVP_PKEY_CTX_get1_id_len(ctx, id_len) \
+ EVP_PKEY_CTX_ctrl(ctx, -1, -1, \
+ EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)(id_len))
#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1)
+#define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2)
+#define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3)
+#define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4)
+#define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5)
+#define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6)
+#define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7)
+#define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8)
+#define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9)
+#define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10)
+#define EVP_PKEY_CTRL_SET1_ID (EVP_PKEY_ALG_CTRL + 11)
+#define EVP_PKEY_CTRL_GET1_ID (EVP_PKEY_ALG_CTRL + 12)
+#define EVP_PKEY_CTRL_GET1_ID_LEN (EVP_PKEY_ALG_CTRL + 13)
+
+/* KDF types */
+#define EVP_PKEY_ECDH_KDF_NONE 1
+#define EVP_PKEY_ECDH_KDF_X9_63 2
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -1133,6 +1258,7 @@ void ERR_load_EC_strings(void);
#define EC_R_INVALID_COMPRESSED_POINT 110
#define EC_R_INVALID_COMPRESSION_BIT 109
#define EC_R_INVALID_CURVE 141
+#define EC_R_INVALID_DIGEST 151
#define EC_R_INVALID_DIGEST_TYPE 138
#define EC_R_INVALID_ENCODING 102
#define EC_R_INVALID_FIELD 103
@@ -1141,6 +1267,7 @@ void ERR_load_EC_strings(void);
#define EC_R_INVALID_PENTANOMIAL_BASIS 132
#define EC_R_INVALID_PRIVATE_KEY 123
#define EC_R_INVALID_TRINOMIAL_BASIS 137
+#define EC_R_KDF_PARAMETER_ERROR 148
#define EC_R_KEYS_NOT_SET 140
#define EC_R_MISSING_PARAMETERS 124
#define EC_R_MISSING_PRIVATE_KEY 125
@@ -1151,12 +1278,15 @@ void ERR_load_EC_strings(void);
#define EC_R_NO_FIELD_MOD 133
#define EC_R_NO_PARAMETERS_SET 139
#define EC_R_PASSED_NULL_PARAMETER 134
+#define EC_R_PEER_KEY_ERROR 149
#define EC_R_PKPARAMETERS2GROUP_FAILURE 127
#define EC_R_POINT_AT_INFINITY 106
#define EC_R_POINT_IS_NOT_ON_CURVE 107
+#define EC_R_SHARED_INFO_ERROR 150
#define EC_R_SLOT_FULL 108
#define EC_R_UNDEFINED_GENERATOR 113
#define EC_R_UNDEFINED_ORDER 128
+#define EC_R_UNKNOWN_COFACTOR 164
#define EC_R_UNKNOWN_GROUP 129
#define EC_R_UNKNOWN_ORDER 114
#define EC_R_UNSUPPORTED_FIELD 131
diff --git a/libressl/include/openssl/ecdsa.h b/libressl/include/openssl/ecdsa.h
index 530ab265..c4e107ee 100644
--- a/libressl/include/openssl/ecdsa.h
+++ b/libressl/include/openssl/ecdsa.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecdsa.h,v 1.4 2015/02/08 13:35:06 jsing Exp $ */
+/* $OpenBSD: ecdsa.h,v 1.8 2019/01/19 01:17:41 tb Exp $ */
/**
* \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions
* \author Written by Nils Larsch for the OpenSSL project
@@ -133,6 +133,20 @@ int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
*/
ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
+/** Accessor for r and s fields of ECDSA_SIG
+ * \param sig pointer to ECDSA_SIG pointer
+ * \param pr pointer to BIGNUM pointer for r (may be NULL)
+ * \param ps pointer to BIGNUM pointer for s (may be NULL)
+ */
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+
+/** Setter for r and s fields of ECDSA_SIG
+ * \param sig pointer to ECDSA_SIG pointer
+ * \param r pointer to BIGNUM for r (may be NULL)
+ * \param s pointer to BIGNUM for s (may be NULL)
+ */
+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+
/** Computes the ECDSA signature of the given hash value using
* the supplied private key and returns the created signature.
* \param dgst pointer to the hash value
@@ -255,6 +269,37 @@ int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg);
void *ECDSA_get_ex_data(EC_KEY *d, int idx);
+/* XXX should be in ec.h, but needs ECDSA_SIG */
+void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
+ int (*sign)(int type, const unsigned char *dgst,
+ int dlen, unsigned char *sig, unsigned int *siglen,
+ const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey),
+ int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+ BIGNUM **kinvp, BIGNUM **rp),
+ ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
+ int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r,
+ EC_KEY *eckey));
+void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
+ int (*verify)(int type, const unsigned char *dgst, int dgst_len,
+ const unsigned char *sigbuf, int sig_len, EC_KEY *eckey),
+ int (*verify_sig)(const unsigned char *dgst, int dgst_len,
+ const ECDSA_SIG *sig, EC_KEY *eckey));
+void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth,
+ int (**psign)(int type, const unsigned char *dgst,
+ int dlen, unsigned char *sig, unsigned int *siglen,
+ const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey),
+ int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+ BIGNUM **kinvp, BIGNUM **rp),
+ ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
+ int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r,
+ EC_KEY *eckey));
+void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
+ int (**pverify)(int type, const unsigned char *dgst, int dgst_len,
+ const unsigned char *sigbuf, int sig_len, EC_KEY *eckey),
+ int (**pverify_sig)(const unsigned char *dgst, int dgst_len,
+ const ECDSA_SIG *sig, EC_KEY *eckey));
+
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
diff --git a/libressl/include/openssl/engine.h b/libressl/include/openssl/engine.h
index 30d1bde4..dc14be8e 100644
--- a/libressl/include/openssl/engine.h
+++ b/libressl/include/openssl/engine.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: engine.h,v 1.31 2015/07/19 22:34:27 doug Exp $ */
+/* $OpenBSD: engine.h,v 1.33 2019/01/19 01:07:00 tb Exp $ */
/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
* project 2000.
*/
@@ -87,6 +87,9 @@
#ifndef OPENSSL_NO_ECDSA
#include <openssl/ecdsa.h>
#endif
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
#include <openssl/ui.h>
#include <openssl/err.h>
#endif
@@ -112,6 +115,7 @@ extern "C" {
#define ENGINE_METHOD_STORE (unsigned int)0x0100
#define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200
#define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400
+#define ENGINE_METHOD_EC (unsigned int)0x0800
/* Obvious all-or-nothing cases. */
#define ENGINE_METHOD_ALL (unsigned int)0xFFFF
#define ENGINE_METHOD_NONE (unsigned int)0x0000
@@ -353,6 +357,10 @@ int ENGINE_register_ECDSA(ENGINE *e);
void ENGINE_unregister_ECDSA(ENGINE *e);
void ENGINE_register_all_ECDSA(void);
+int ENGINE_register_EC(ENGINE *e);
+void ENGINE_unregister_EC(ENGINE *e);
+void ENGINE_register_all_EC(void);
+
int ENGINE_register_DH(ENGINE *e);
void ENGINE_unregister_DH(ENGINE *e);
void ENGINE_register_all_DH(void);
@@ -447,6 +455,7 @@ int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth);
int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth);
+int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ec_meth);
int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth);
@@ -486,6 +495,7 @@ const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
+const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e);
const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e);
@@ -553,6 +563,7 @@ ENGINE *ENGINE_get_default_RSA(void);
ENGINE *ENGINE_get_default_DSA(void);
ENGINE *ENGINE_get_default_ECDH(void);
ENGINE *ENGINE_get_default_ECDSA(void);
+ENGINE *ENGINE_get_default_EC(void);
ENGINE *ENGINE_get_default_DH(void);
ENGINE *ENGINE_get_default_RAND(void);
/* These functions can be used to get a functional reference to perform
@@ -572,6 +583,7 @@ int ENGINE_set_default_string(ENGINE *e, const char *def_list);
int ENGINE_set_default_DSA(ENGINE *e);
int ENGINE_set_default_ECDH(ENGINE *e);
int ENGINE_set_default_ECDSA(ENGINE *e);
+int ENGINE_set_default_EC(ENGINE *e);
int ENGINE_set_default_DH(ENGINE *e);
int ENGINE_set_default_RAND(ENGINE *e);
int ENGINE_set_default_ciphers(ENGINE *e);
@@ -686,11 +698,6 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
return 0; \
- CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
- CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
- CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
- CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
- CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
return 0; \
if(!ERR_set_implementation(fns->err_fns)) return 0; \
diff --git a/libressl/include/openssl/evp.h b/libressl/include/openssl/evp.h
index 68e10495..b49fc613 100644
--- a/libressl/include/openssl/evp.h
+++ b/libressl/include/openssl/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.52 2017/02/28 14:15:37 jsing Exp $ */
+/* $OpenBSD: evp.h,v 1.77 2019/09/09 18:06:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -325,6 +325,7 @@ struct evp_cipher_st {
#define EVP_CIPH_GCM_MODE 0x6
#define EVP_CIPH_CCM_MODE 0x7
#define EVP_CIPH_XTS_MODE 0x10001
+#define EVP_CIPH_WRAP_MODE 0x10002
#define EVP_CIPH_MODE 0xF0007
/* Set if variable length cipher */
#define EVP_CIPH_VARIABLE_LENGTH 0x8
@@ -356,6 +357,12 @@ struct evp_cipher_st {
#define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000
#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
+/*
+ * Cipher context flag to indicate that we can handle wrap mode: if allowed in
+ * older applications, it could overflow buffers.
+ */
+#define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1
+
/* ctrl() values */
#define EVP_CTRL_INIT 0x0
@@ -491,10 +498,15 @@ unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher);
#define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE)
const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx,
+ unsigned char *iv, size_t len);
+int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,
+ const unsigned char *iv, size_t len);
int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
@@ -535,15 +547,19 @@ int EVP_Cipher(EVP_CIPHER_CTX *c, unsigned char *out, const unsigned char *in,
#define EVP_delete_digest_alias(alias) \
OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
+EVP_MD_CTX *EVP_MD_CTX_new(void);
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
-int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
EVP_MD_CTX *EVP_MD_CTX_create(void);
void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
+int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr);
int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
+
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
@@ -613,7 +629,8 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen);
int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
-int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen);
+int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
+ size_t siglen);
int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv);
@@ -624,8 +641,10 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
int npubk);
int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
-void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl);
void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
@@ -640,16 +659,17 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a);
+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *a);
int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
#ifndef OPENSSL_NO_BIO
-BIO_METHOD *BIO_f_md(void);
-BIO_METHOD *BIO_f_base64(void);
-BIO_METHOD *BIO_f_cipher(void);
-void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
+const BIO_METHOD *BIO_f_md(void);
+const BIO_METHOD *BIO_f_base64(void);
+const BIO_METHOD *BIO_f_cipher(void);
+int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
const unsigned char *i, int enc);
#endif
@@ -675,6 +695,9 @@ const EVP_MD *EVP_sha256(void);
const EVP_MD *EVP_sha384(void);
const EVP_MD *EVP_sha512(void);
#endif
+#ifndef OPENSSL_NO_SM3
+const EVP_MD *EVP_sm3(void);
+#endif
#ifndef OPENSSL_NO_RIPEMD
const EVP_MD *EVP_ripemd160(void);
#endif
@@ -760,6 +783,7 @@ const EVP_CIPHER *EVP_aes_128_ofb(void);
const EVP_CIPHER *EVP_aes_128_ctr(void);
const EVP_CIPHER *EVP_aes_128_ccm(void);
const EVP_CIPHER *EVP_aes_128_gcm(void);
+const EVP_CIPHER *EVP_aes_128_wrap(void);
const EVP_CIPHER *EVP_aes_128_xts(void);
const EVP_CIPHER *EVP_aes_192_ecb(void);
const EVP_CIPHER *EVP_aes_192_cbc(void);
@@ -771,6 +795,7 @@ const EVP_CIPHER *EVP_aes_192_ofb(void);
const EVP_CIPHER *EVP_aes_192_ctr(void);
const EVP_CIPHER *EVP_aes_192_ccm(void);
const EVP_CIPHER *EVP_aes_192_gcm(void);
+const EVP_CIPHER *EVP_aes_192_wrap(void);
const EVP_CIPHER *EVP_aes_256_ecb(void);
const EVP_CIPHER *EVP_aes_256_cbc(void);
const EVP_CIPHER *EVP_aes_256_cfb1(void);
@@ -781,6 +806,7 @@ const EVP_CIPHER *EVP_aes_256_ofb(void);
const EVP_CIPHER *EVP_aes_256_ctr(void);
const EVP_CIPHER *EVP_aes_256_ccm(void);
const EVP_CIPHER *EVP_aes_256_gcm(void);
+const EVP_CIPHER *EVP_aes_256_wrap(void);
const EVP_CIPHER *EVP_aes_256_xts(void);
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
@@ -821,6 +847,15 @@ const EVP_CIPHER *EVP_gost2814789_cfb64(void);
const EVP_CIPHER *EVP_gost2814789_cnt(void);
#endif
+#ifndef OPENSSL_NO_SM4
+const EVP_CIPHER *EVP_sm4_ecb(void);
+const EVP_CIPHER *EVP_sm4_cbc(void);
+const EVP_CIPHER *EVP_sm4_cfb128(void);
+#define EVP_sm4_cfb EVP_sm4_cfb128
+const EVP_CIPHER *EVP_sm4_ofb(void);
+const EVP_CIPHER *EVP_sm4_ctr(void);
+#endif
+
void OPENSSL_add_all_algorithms_noconf(void);
void OPENSSL_add_all_algorithms_conf(void);
@@ -861,32 +896,37 @@ int EVP_PKEY_encrypt_old(unsigned char *enc_key, const unsigned char *key,
int EVP_PKEY_type(int type);
int EVP_PKEY_id(const EVP_PKEY *pkey);
int EVP_PKEY_base_id(const EVP_PKEY *pkey);
-int EVP_PKEY_bits(EVP_PKEY *pkey);
-int EVP_PKEY_size(EVP_PKEY *pkey);
+int EVP_PKEY_bits(const EVP_PKEY *pkey);
+int EVP_PKEY_size(const EVP_PKEY *pkey);
int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
-void *EVP_PKEY_get0(EVP_PKEY *pkey);
+void *EVP_PKEY_get0(const EVP_PKEY *pkey);
+const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
#ifndef OPENSSL_NO_RSA
struct rsa_st;
-int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
+struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
#endif
#ifndef OPENSSL_NO_DSA
struct dsa_st;
-int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key);
+struct dsa_st *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
+int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key);
#endif
#ifndef OPENSSL_NO_DH
struct dh_st;
-int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key);
+struct dh_st *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key);
#endif
#ifndef OPENSSL_NO_EC
struct ec_key_st;
-int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
+struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey);
struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
+int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
#endif
#ifndef OPENSSL_NO_GOST
struct gost_key_st;
@@ -894,6 +934,7 @@ struct gost_key_st;
EVP_PKEY *EVP_PKEY_new(void);
void EVP_PKEY_free(EVP_PKEY *pkey);
+int EVP_PKEY_up_ref(EVP_PKEY *pkey);
EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
long length);
@@ -973,6 +1014,7 @@ void EVP_PBE_cleanup(void);
#define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3
#define ASN1_PKEY_CTRL_CMS_SIGN 0x5
#define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7
+#define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8
int EVP_PKEY_asn1_get_count(void);
const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
@@ -985,7 +1027,7 @@ int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, int *ppkey_flags,
const char **pinfo, const char **ppem_str,
const EVP_PKEY_ASN1_METHOD *ameth);
-const EVP_PKEY_ASN1_METHOD* EVP_PKEY_get0_asn1(EVP_PKEY *pkey);
+const EVP_PKEY_ASN1_METHOD* EVP_PKEY_get0_asn1(const EVP_PKEY *pkey);
EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags, const char *pem_str,
const char *info);
void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
@@ -1000,7 +1042,7 @@ void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
int (*pkey_size)(const EVP_PKEY *pk),
int (*pkey_bits)(const EVP_PKEY *pk));
void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
- int (*priv_decode)(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf),
+ int (*priv_decode)(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf),
int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk),
int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx));
@@ -1043,9 +1085,13 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
#define EVP_PKEY_OP_TYPE_GEN \
(EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
-#define EVP_PKEY_CTX_set_signature_md(ctx, md) \
- EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \
- EVP_PKEY_CTRL_MD, 0, (void *)md)
+#define EVP_PKEY_CTX_set_signature_md(ctx, md) \
+ EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \
+ EVP_PKEY_CTRL_MD, 0, (void *)md)
+
+#define EVP_PKEY_CTX_get_signature_md(ctx, pmd) \
+ EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \
+ EVP_PKEY_CTRL_GET_MD, 0, (void *)(pmd))
#define EVP_PKEY_CTRL_MD 1
#define EVP_PKEY_CTRL_PEER_KEY 2
@@ -1068,6 +1114,8 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
#define EVP_PKEY_CTRL_CIPHER 12
+#define EVP_PKEY_CTRL_GET_MD 13
+
#define EVP_PKEY_ALG_CTRL 0x1000
@@ -1222,7 +1270,8 @@ const EVP_AEAD *EVP_aead_aes_256_gcm(void);
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
/* EVP_aead_chacha20_poly1305 is ChaCha20 with a Poly1305 authenticator. */
const EVP_AEAD *EVP_aead_chacha20_poly1305(void);
-const EVP_AEAD *EVP_aead_chacha20_poly1305_old(void);
+/* EVP_aead_xchacha20_poly1305 is XChaCha20 with a Poly1305 authenticator. */
+const EVP_AEAD *EVP_aead_xchacha20_poly1305(void);
#endif
/* EVP_AEAD_key_length returns the length of the keys used. */
@@ -1446,6 +1495,7 @@ void ERR_load_EVP_strings(void);
#define EVP_R_ERROR_LOADING_SECTION 165
#define EVP_R_ERROR_SETTING_FIPS_MODE 166
#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
+#define EVP_R_EXPECTING_AN_HMAC_KEY 174
#define EVP_R_EXPECTING_AN_RSA_KEY 127
#define EVP_R_EXPECTING_A_DH_KEY 128
#define EVP_R_EXPECTING_A_DSA_KEY 129
@@ -1492,6 +1542,7 @@ void ERR_load_EVP_strings(void);
#define EVP_R_UNSUPPORTED_KEY_SIZE 108
#define EVP_R_UNSUPPORTED_PRF 125
#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118
+#define EVP_R_WRAP_MODE_NOT_ALLOWED 170
#define EVP_R_UNSUPPORTED_SALT_TYPE 126
#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
#define EVP_R_WRONG_PUBLIC_KEY_TYPE 110
diff --git a/libressl/include/openssl/hkdf.h b/libressl/include/openssl/hkdf.h
new file mode 100644
index 00000000..34450f9d
--- /dev/null
+++ b/libressl/include/openssl/hkdf.h
@@ -0,0 +1,65 @@
+/* $OpenBSD: hkdf.h,v 1.2 2018/04/03 13:33:53 tb Exp $ */
+/* Copyright (c) 2014, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_HKDF_H
+#define OPENSSL_HEADER_HKDF_H
+
+#include <openssl/evp.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/*
+ * HKDF computes HKDF (as specified by RFC 5869) of initial keying
+ * material |secret| with |salt| and |info| using |digest|, and
+ * outputs |out_len| bytes to |out_key|. It returns one on success and
+ * zero on error.
+ *
+ * HKDF is an Extract-and-Expand algorithm. It does not do any key
+ * stretching, and as such, is not suited to be used alone to generate
+ * a key from a password.
+ */
+
+int HKDF(uint8_t *out_key, size_t out_len, const struct env_md_st *digest,
+ const uint8_t *secret, size_t secret_len, const uint8_t *salt,
+ size_t salt_len, const uint8_t *info, size_t info_len);
+
+/*
+ * HKDF_extract computes a HKDF PRK (as specified by RFC 5869) from
+ * initial keying material |secret| and salt |salt| using |digest|,
+ * and outputs |out_len| bytes to |out_key|. The maximum output size
+ * is |EVP_MAX_MD_SIZE|. It returns one on success and zero on error.
+ */
+int HKDF_extract(uint8_t *out_key, size_t *out_len,
+ const struct env_md_st *digest, const uint8_t *secret,
+ size_t secret_len, const uint8_t *salt, size_t salt_len);
+
+/*
+ * HKDF_expand computes a HKDF OKM (as specified by RFC 5869) of
+ * length |out_len| from the PRK |prk| and info |info| using |digest|,
+ * and outputs the result to |out_key|. It returns one on success and
+ * zero on error.
+ */
+int HKDF_expand(uint8_t *out_key, size_t out_len,
+ const EVP_MD *digest, const uint8_t *prk, size_t prk_len,
+ const uint8_t *info, size_t info_len);
+
+
+#if defined(__cplusplus)
+} /* extern C */
+#endif
+
+#endif /* OPENSSL_HEADER_HKDF_H */
diff --git a/libressl/include/openssl/hmac.h b/libressl/include/openssl/hmac.h
index f3418b3c..e787c62a 100644
--- a/libressl/include/openssl/hmac.h
+++ b/libressl/include/openssl/hmac.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: hmac.h,v 1.12 2014/06/21 13:39:46 jsing Exp $ */
+/* $OpenBSD: hmac.h,v 1.13 2018/02/17 14:53:59 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -83,8 +83,10 @@ typedef struct hmac_ctx_st {
#define HMAC_size(e) (EVP_MD_size((e)->md))
-
+HMAC_CTX *HMAC_CTX_new(void);
+void HMAC_CTX_free(HMAC_CTX *ctx);
void HMAC_CTX_init(HMAC_CTX *ctx);
+int HMAC_CTX_reset(HMAC_CTX *ctx);
void HMAC_CTX_cleanup(HMAC_CTX *ctx);
#define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */
@@ -100,6 +102,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
+const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
#ifdef __cplusplus
}
diff --git a/libressl/include/openssl/modes.h b/libressl/include/openssl/modes.h
index a532cb3f..67ec7518 100644
--- a/libressl/include/openssl/modes.h
+++ b/libressl/include/openssl/modes.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: modes.h,v 1.2 2014/06/12 15:49:30 deraadt Exp $ */
+/* $OpenBSD: modes.h,v 1.3 2018/07/24 10:47:19 bcook Exp $ */
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
*
@@ -8,6 +8,10 @@
#include <stddef.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
+
typedef void (*block128_f)(const unsigned char in[16],
unsigned char out[16],
const void *key);
@@ -134,3 +138,7 @@ typedef struct xts128_context XTS128_CONTEXT;
int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16],
const unsigned char *inp, unsigned char *out, size_t len, int enc);
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/libressl/include/openssl/obj_mac.h b/libressl/include/openssl/obj_mac.h
index e11e2832..2699111e 100644
--- a/libressl/include/openssl/obj_mac.h
+++ b/libressl/include/openssl/obj_mac.h
@@ -2549,6 +2549,20 @@
#define NID_dcObject 390
#define OBJ_dcObject OBJ_Enterprises,1466L,344L
+#define OBJ_extendedValidation OBJ_Enterprises,311L,60L
+
+#define LN_jurisdictionLocalityName "jurisdictionLocalityName"
+#define NID_jurisdictionLocalityName 956
+#define OBJ_jurisdictionLocalityName OBJ_extendedValidation,2L,1L,1L
+
+#define LN_jurisdictionStateOrProvinceName "jurisdictionStateOrProvinceName"
+#define NID_jurisdictionStateOrProvinceName 957
+#define OBJ_jurisdictionStateOrProvinceName OBJ_extendedValidation,2L,1L,2L
+
+#define LN_jurisdictionCountryName "jurisdictionCountryName"
+#define NID_jurisdictionCountryName 958
+#define OBJ_jurisdictionCountryName OBJ_extendedValidation,2L,1L,3L
+
#define SN_mime_mhs "mime-mhs"
#define LN_mime_mhs "MIME MHS"
#define NID_mime_mhs 504
@@ -3881,6 +3895,16 @@
#define NID_id_GostR3410_2001_ParamSet_cc 854
#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L
+#define SN_sm3 "SM3"
+#define LN_sm3 "sm3"
+#define NID_sm3 968
+#define OBJ_sm3 1L,2L,156L,10197L,1L,401L
+
+#define SN_sm3WithRSAEncryption "RSA-SM3"
+#define LN_sm3WithRSAEncryption "sm3WithRSAEncryption"
+#define NID_sm3WithRSAEncryption 969
+#define OBJ_sm3WithRSAEncryption 1L,2L,156L,10197L,1L,504L
+
#define SN_camellia_128_cbc "CAMELLIA-128-CBC"
#define LN_camellia_128_cbc "camellia-128-cbc"
#define NID_camellia_128_cbc 751
@@ -4006,6 +4030,54 @@
#define NID_seed_ofb128 778
#define OBJ_seed_ofb128 OBJ_kisa,1L,6L
+#define SN_ISO_CN "ISO-CN"
+#define LN_ISO_CN "ISO CN Member Body"
+#define NID_ISO_CN 970
+#define OBJ_ISO_CN OBJ_member_body,156L
+
+#define SN_oscca "oscca"
+#define NID_oscca 971
+#define OBJ_oscca OBJ_ISO_CN,10197L
+
+#define SN_sm_scheme "sm-scheme"
+#define NID_sm_scheme 972
+#define OBJ_sm_scheme OBJ_oscca,1L
+
+#define SN_sm4_ecb "SM4-ECB"
+#define LN_sm4_ecb "sm4-ecb"
+#define NID_sm4_ecb 973
+#define OBJ_sm4_ecb OBJ_sm_scheme,104L,1L
+
+#define SN_sm4_cbc "SM4-CBC"
+#define LN_sm4_cbc "sm4-cbc"
+#define NID_sm4_cbc 974
+#define OBJ_sm4_cbc OBJ_sm_scheme,104L,2L
+
+#define SN_sm4_ofb128 "SM4-OFB"
+#define LN_sm4_ofb128 "sm4-ofb"
+#define NID_sm4_ofb128 975
+#define OBJ_sm4_ofb128 OBJ_sm_scheme,104L,3L
+
+#define SN_sm4_cfb128 "SM4-CFB"
+#define LN_sm4_cfb128 "sm4-cfb"
+#define NID_sm4_cfb128 976
+#define OBJ_sm4_cfb128 OBJ_sm_scheme,104L,4L
+
+#define SN_sm4_cfb1 "SM4-CFB1"
+#define LN_sm4_cfb1 "sm4-cfb1"
+#define NID_sm4_cfb1 977
+#define OBJ_sm4_cfb1 OBJ_sm_scheme,104L,5L
+
+#define SN_sm4_cfb8 "SM4-CFB8"
+#define LN_sm4_cfb8 "sm4-cfb8"
+#define NID_sm4_cfb8 978
+#define OBJ_sm4_cfb8 OBJ_sm_scheme,104L,6L
+
+#define SN_sm4_ctr "SM4-CTR"
+#define LN_sm4_ctr "sm4-ctr"
+#define NID_sm4_ctr 979
+#define OBJ_sm4_ctr OBJ_sm_scheme,104L,7L
+
#define SN_hmac "HMAC"
#define LN_hmac "hmac"
#define NID_hmac 855
@@ -4030,6 +4102,56 @@
#define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1"
#define NID_aes_256_cbc_hmac_sha1 918
+#define OBJ_x9_63_scheme 1L,3L,133L,16L,840L,63L,0L
+
+#define OBJ_secg_scheme OBJ_certicom_arc,1L
+
+#define SN_dhSinglePass_stdDH_sha1kdf_scheme "dhSinglePass-stdDH-sha1kdf-scheme"
+#define NID_dhSinglePass_stdDH_sha1kdf_scheme 980
+#define OBJ_dhSinglePass_stdDH_sha1kdf_scheme OBJ_x9_63_scheme,2L
+
+#define SN_dhSinglePass_stdDH_sha224kdf_scheme "dhSinglePass-stdDH-sha224kdf-scheme"
+#define NID_dhSinglePass_stdDH_sha224kdf_scheme 981
+#define OBJ_dhSinglePass_stdDH_sha224kdf_scheme OBJ_secg_scheme,11L,0L
+
+#define SN_dhSinglePass_stdDH_sha256kdf_scheme "dhSinglePass-stdDH-sha256kdf-scheme"
+#define NID_dhSinglePass_stdDH_sha256kdf_scheme 982
+#define OBJ_dhSinglePass_stdDH_sha256kdf_scheme OBJ_secg_scheme,11L,1L
+
+#define SN_dhSinglePass_stdDH_sha384kdf_scheme "dhSinglePass-stdDH-sha384kdf-scheme"
+#define NID_dhSinglePass_stdDH_sha384kdf_scheme 983
+#define OBJ_dhSinglePass_stdDH_sha384kdf_scheme OBJ_secg_scheme,11L,2L
+
+#define SN_dhSinglePass_stdDH_sha512kdf_scheme "dhSinglePass-stdDH-sha512kdf-scheme"
+#define NID_dhSinglePass_stdDH_sha512kdf_scheme 984
+#define OBJ_dhSinglePass_stdDH_sha512kdf_scheme OBJ_secg_scheme,11L,3L
+
+#define SN_dhSinglePass_cofactorDH_sha1kdf_scheme "dhSinglePass-cofactorDH-sha1kdf-scheme"
+#define NID_dhSinglePass_cofactorDH_sha1kdf_scheme 985
+#define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme OBJ_x9_63_scheme,3L
+
+#define SN_dhSinglePass_cofactorDH_sha224kdf_scheme "dhSinglePass-cofactorDH-sha224kdf-scheme"
+#define NID_dhSinglePass_cofactorDH_sha224kdf_scheme 986
+#define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme OBJ_secg_scheme,14L,0L
+
+#define SN_dhSinglePass_cofactorDH_sha256kdf_scheme "dhSinglePass-cofactorDH-sha256kdf-scheme"
+#define NID_dhSinglePass_cofactorDH_sha256kdf_scheme 987
+#define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme OBJ_secg_scheme,14L,1L
+
+#define SN_dhSinglePass_cofactorDH_sha384kdf_scheme "dhSinglePass-cofactorDH-sha384kdf-scheme"
+#define NID_dhSinglePass_cofactorDH_sha384kdf_scheme 988
+#define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme OBJ_secg_scheme,14L,2L
+
+#define SN_dhSinglePass_cofactorDH_sha512kdf_scheme "dhSinglePass-cofactorDH-sha512kdf-scheme"
+#define NID_dhSinglePass_cofactorDH_sha512kdf_scheme 989
+#define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme OBJ_secg_scheme,14L,3L
+
+#define SN_dh_std_kdf "dh-std-kdf"
+#define NID_dh_std_kdf 990
+
+#define SN_dh_cofactor_kdf "dh-cofactor-kdf"
+#define NID_dh_cofactor_kdf 991
+
#define SN_teletrust "teletrust"
#define NID_teletrust 920
#define OBJ_teletrust OBJ_identified_organization,36L
@@ -4102,6 +4224,10 @@
#define LN_chacha20 "chacha"
#define NID_chacha20 937
+#define SN_chacha20_poly1305 "ChaCha20-Poly1305"
+#define LN_chacha20_poly1305 "chacha20-poly1305"
+#define NID_chacha20_poly1305 967
+
#define SN_gost89_ecb "gost89-ecb"
#define NID_gost89_ecb 938
@@ -4178,3 +4304,35 @@
#define NID_Ed448ph 955
#define OBJ_Ed448ph 1L,3L,101L,115L
+#define SN_kx_rsa "KxRSA"
+#define LN_kx_rsa "kx-rsa"
+#define NID_kx_rsa 959
+
+#define SN_kx_ecdhe "KxECDHE"
+#define LN_kx_ecdhe "kx-ecdhe"
+#define NID_kx_ecdhe 960
+
+#define SN_kx_dhe "KxDHE"
+#define LN_kx_dhe "kx-dhe"
+#define NID_kx_dhe 961
+
+#define SN_kx_gost "KxGOST"
+#define LN_kx_gost "kx-gost"
+#define NID_kx_gost 962
+
+#define SN_auth_rsa "AuthRSA"
+#define LN_auth_rsa "auth-rsa"
+#define NID_auth_rsa 963
+
+#define SN_auth_ecdsa "AuthECDSA"
+#define LN_auth_ecdsa "auth-ecdsa"
+#define NID_auth_ecdsa 964
+
+#define SN_auth_gost01 "AuthGOST01"
+#define LN_auth_gost01 "auth-gost01"
+#define NID_auth_gost01 965
+
+#define SN_auth_null "AuthNULL"
+#define LN_auth_null "auth-null"
+#define NID_auth_null 966
+
diff --git a/libressl/include/openssl/ocsp.h b/libressl/include/openssl/ocsp.h
index e3fa6f5a..316fb8ed 100644
--- a/libressl/include/openssl/ocsp.h
+++ b/libressl/include/openssl/ocsp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp.h,v 1.11 2016/12/30 16:19:04 jsing Exp $ */
+/* $OpenBSD: ocsp.h,v 1.16 2018/08/24 20:03:21 tb Exp $ */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
* project. */
@@ -383,8 +383,8 @@ typedef struct ocsp_service_locator_st {
OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
-OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
-OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req);
+OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
int maxline);
int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
@@ -392,10 +392,11 @@ int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, const char *name,
const char *value);
-OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
+ const X509 *issuer);
-OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName,
- ASN1_BIT_STRING* issuerKey, ASN1_INTEGER *serialNumber);
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, const X509_NAME *issuerName,
+ const ASN1_BIT_STRING *issuerKey, const ASN1_INTEGER *serialNumber);
OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
@@ -428,8 +429,8 @@ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
X509_STORE *store, unsigned long flags);
-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath,
- int *pssl);
+int OCSP_parse_url(const char *url, char **phost, char **pport,
+ char **ppath, int *pssl);
int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
@@ -449,17 +450,17 @@ int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags);
-X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
+X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim);
X509_EXTENSION *OCSP_accept_responses_new(char **oids);
X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);
-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, const char **urls);
int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj,
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj,
int lastpos);
int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit,
int lastpos);
@@ -472,7 +473,7 @@ int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);
int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
-int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj,
+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj,
int lastpos);
int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
@@ -484,7 +485,7 @@ int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);
int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj,
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj,
int lastpos);
int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
int lastpos);
@@ -499,8 +500,8 @@ int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);
int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid,
int lastpos);
-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj,
- int lastpos);
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x,
+ const ASN1_OBJECT *obj, int lastpos);
int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
int lastpos);
X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
@@ -511,6 +512,7 @@ int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value,
int crit, unsigned long flags);
int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex,
int loc);
+const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x);
OCSP_SINGLERESP *OCSP_SINGLERESP_new(void);
void OCSP_SINGLERESP_free(OCSP_SINGLERESP *a);
diff --git a/libressl/include/openssl/opensslfeatures.h b/libressl/include/openssl/opensslfeatures.h
index ba4dbba9..688d478d 100644
--- a/libressl/include/openssl/opensslfeatures.h
+++ b/libressl/include/openssl/opensslfeatures.h
@@ -1,26 +1,111 @@
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_CMS
-# define OPENSSL_NO_COMP
-# define OPENSSL_NO_EGD
-# define OPENSSL_NO_GMP
-# define OPENSSL_NO_JPAKE
-# define OPENSSL_NO_KRB5
-# define OPENSSL_NO_MD2
-# define OPENSSL_NO_MDC2
-# define OPENSSL_NO_PSK
-# define OPENSSL_NO_RC5
-# define OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RSAX
-# define OPENSSL_NO_SCTP
-# define OPENSSL_NO_SEED
-# define OPENSSL_NO_SHA0
-# define OPENSSL_NO_SRP
-# define OPENSSL_NO_SSL2
-# define OPENSSL_NO_SSL3
-# define OPENSSL_NO_SSL3_METHOD
-# define OPENSSL_NO_STORE
-# define OPENSSL_NO_BUF_FREELISTS
-# define OPENSSL_NO_HEARTBEATS
-# define OPENSSL_NO_DYNAMIC_ENGINE
+/*
+ * Feature flags for LibreSSL... so you can actually tell when things
+ * are enabled, rather than not being able to tell when things are
+ * enabled (or possibly not yet not implemented, or removed!).
+ */
+/* #define LIBRESSL_HAS_TLS1_3 */
-# define OPENSSL_THREADS
+#define OPENSSL_THREADS
+
+#define OPENSSL_NO_BUF_FREELISTS
+#define OPENSSL_NO_GMP
+#define OPENSSL_NO_JPAKE
+#define OPENSSL_NO_KRB5
+#define OPENSSL_NO_RSAX
+#define OPENSSL_NO_SHA0
+#define OPENSSL_NO_SSL2
+#define OPENSSL_NO_STORE
+
+/*
+ * OPENSSL_NO_* flags that currently appear in OpenSSL.
+ */
+
+/* #define OPENSSL_NO_AFALGENG */
+/* #define OPENSSL_NO_ALGORITHMS */
+/* #define OPENSSL_NO_ARIA */
+/* #define OPENSSL_NO_ASM */
+#define OPENSSL_NO_ASYNC
+/* #define OPENSSL_NO_AUTOALGINIT */
+/* #define OPENSSL_NO_AUTOERRINIT */
+/* #define OPENSSL_NO_AUTOLOAD_CONFIG */
+/* #define OPENSSL_NO_BF */
+/* #define OPENSSL_NO_BLAKE2 */
+/* #define OPENSSL_NO_CAMELLIA */
+/* #define OPENSSL_NO_CAST */
+/* #define OPENSSL_NO_CHACHA */
+/* #define OPENSSL_NO_CMAC */
+#define OPENSSL_NO_CMS
+#define OPENSSL_NO_COMP /* XXX */
+/* #define OPENSSL_NO_CRYPTO_MDEBUG */
+/* #define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE */
+/* #define OPENSSL_NO_CT */
+/* #define OPENSSL_NO_DECC_INIT */
+/* #define OPENSSL_NO_DES */
+/* #define OPENSSL_NO_DGRAM */
+/* #define OPENSSL_NO_DH */
+/* #define OPENSSL_NO_DSA */
+/* #define OPENSSL_NO_DSO */
+/* #define OPENSSL_NO_DTLS */
+/* #define OPENSSL_NO_DTLS1 */
+/* #define OPENSSL_NO_DTLS1_2 */
+/* #define OPENSSL_NO_DTLS1_2_METHOD */
+/* #define OPENSSL_NO_DTLS1_METHOD */
+#define OPENSSL_NO_DYNAMIC_ENGINE
+/* #define OPENSSL_NO_EC */
+/* #define OPENSSL_NO_EC2M */
+#define OPENSSL_NO_EC_NISTP_64_GCC_128
+#define OPENSSL_NO_EGD
+/* #define OPENSSL_NO_ENGINE */
+/* #define OPENSSL_NO_ERR */
+/* #define OPENSSL_NO_FUZZ_LIBFUZZER */
+/* #define OPENSSL_NO_GOST */
+#define OPENSSL_NO_HEARTBEATS
+/* #define OPENSSL_NO_HW */
+/* #define OPENSSL_NO_HW_PADLOCK */
+/* #define OPENSSL_NO_IDEA */
+#define OPENSSL_NO_MD2
+/* #define OPENSSL_NO_MD4 */
+/* #define OPENSSL_NO_MD5 */
+#define OPENSSL_NO_MDC2
+/* #define OPENSSL_NO_MULTIBLOCK */
+/* #define OPENSSL_NO_NEXTPROTONEG */
+/* #define OPENSSL_NO_OCB */
+/* #define OPENSSL_NO_OCSP */
+/* #define OPENSSL_NO_POLY1305 */
+/* #define OPENSSL_NO_POSIX_IO */
+#define OPENSSL_NO_PSK
+/* #define OPENSSL_NO_RC2 */
+/* #define OPENSSL_NO_RC4 */
+#define OPENSSL_NO_RC5
+#define OPENSSL_NO_RFC3779
+/* #define OPENSSL_NO_RMD160 */
+/* #define OPENSSL_NO_RSA */
+/* #define OPENSSL_NO_SCRYPT */
+#define OPENSSL_NO_SCTP
+#define OPENSSL_NO_SEED
+/* #define OPENSSL_NO_SIPHASH */
+/* #define OPENSSL_NO_SM2 */
+/* #define OPENSSL_NO_SM3 */
+/* #define OPENSSL_NO_SM4 */
+/* #define OPENSSL_NO_SOCK */
+#define OPENSSL_NO_SRP
+/* #define OPENSSL_NO_SRTP */
+#define OPENSSL_NO_SSL3
+#define OPENSSL_NO_SSL3_METHOD
+/* #define OPENSSL_NO_SSL_TRACE */
+/* #define OPENSSL_NO_STDIO */
+/* #define OPENSSL_NO_TLS */
+/* #define OPENSSL_NO_TLS1 */
+/* #define OPENSSL_NO_TLS1_1 */
+/* #define OPENSSL_NO_TLS1_1_METHOD */
+/* #define OPENSSL_NO_TLS1_2 */
+/* #define OPENSSL_NO_TLS1_2_METHOD */
+#ifndef LIBRESSL_HAS_TLS1_3
+#define OPENSSL_NO_TLS1_3
+#endif
+/* #define OPENSSL_NO_TLS1_METHOD */
+/* #define OPENSSL_NO_TS */
+/* #define OPENSSL_NO_UI_CONSOLE */
+/* #define OPENSSL_NO_UNIT_TEST */
+/* #define OPENSSL_NO_WEAK_SSL_CIPHERS */
+/* #define OPENSSL_NO_WHIRLPOOL */
diff --git a/libressl/include/openssl/opensslv.h b/libressl/include/openssl/opensslv.h
index d77f57f7..a32b0b25 100644
--- a/libressl/include/openssl/opensslv.h
+++ b/libressl/include/openssl/opensslv.h
@@ -1,10 +1,11 @@
-/* $OpenBSD: opensslv.h,v 1.39.4.3 2017/07/07 05:28:12 bcook Exp $ */
+/* $OpenBSD: opensslv.h,v 1.55 2019/10/10 14:29:20 bcook Exp $ */
#ifndef HEADER_OPENSSLV_H
#define HEADER_OPENSSLV_H
/* These will change with each release of LibreSSL-portable */
-#define LIBRESSL_VERSION_NUMBER 0x2050500fL
-#define LIBRESSL_VERSION_TEXT "LibreSSL 2.5.5"
+#define LIBRESSL_VERSION_NUMBER 0x3000200fL
+/* ^ Patch starts here */
+#define LIBRESSL_VERSION_TEXT "LibreSSL 3.0.2"
/* These will never change */
#define OPENSSL_VERSION_NUMBER 0x20000000L
diff --git a/libressl/include/openssl/pem.h b/libressl/include/openssl/pem.h
index d1916a18..adc85226 100644
--- a/libressl/include/openssl/pem.h
+++ b/libressl/include/openssl/pem.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem.h,v 1.17 2016/09/04 16:22:54 jsing Exp $ */
+/* $OpenBSD: pem.h,v 1.19 2018/08/24 19:51:31 tb Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -385,8 +385,8 @@ int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data, long *len,
#ifndef OPENSSL_NO_BIO
int PEM_read_bio(BIO *bp, char **name, char **header,
unsigned char **data, long *len);
-int PEM_write_bio(BIO *bp, const char *name, char *hdr, unsigned char *data,
- long len);
+int PEM_write_bio(BIO *bp, const char *name, const char *hdr,
+ const unsigned char *data, long len);
int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
const char *name, BIO *bp, pem_password_cb *cb, void *u);
void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp,
@@ -403,8 +403,8 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
int PEM_read(FILE *fp, char **name, char **header,
unsigned char **data, long *len);
-int PEM_write(FILE *fp, char *name, char *hdr, unsigned char *data,
- long len);
+int PEM_write(FILE *fp, const char *name, const char *hdr,
+ const unsigned char *data, long len);
void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
pem_password_cb *cb, void *u);
int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
@@ -421,8 +421,8 @@ void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
unsigned char *out, int *outl, EVP_PKEY *priv);
-void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
-void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt);
+int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
+int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt);
int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
unsigned int *siglen, EVP_PKEY *pkey);
diff --git a/libressl/include/openssl/pkcs12.h b/libressl/include/openssl/pkcs12.h
index e30f9ac7..56635f9d 100644
--- a/libressl/include/openssl/pkcs12.h
+++ b/libressl/include/openssl/pkcs12.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pkcs12.h,v 1.17 2016/12/30 15:08:58 jsing Exp $ */
+/* $OpenBSD: pkcs12.h,v 1.24 2018/05/30 15:32:11 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@@ -178,9 +178,10 @@ X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
int nid1, int nid2);
PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen);
-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass,
int passlen);
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag,
+ const char *pass, int passlen);
X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
const char *pass, int passlen, unsigned char *salt, int saltlen, int iter,
PKCS8_PRIV_KEY_INFO *p8);
@@ -195,7 +196,7 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
int passlen);
int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
-STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12);
int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
int namelen);
@@ -206,13 +207,14 @@ int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
int namelen);
int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
-ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);
+ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
+ int attr_nid);
char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
-unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
- int passlen, unsigned char *in, int inlen, unsigned char **data,
+unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass,
+ int passlen, const unsigned char *in, int inlen, unsigned char **data,
int *datalen, int en_de);
-void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
- const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf);
+void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
+ const char *pass, int passlen, const ASN1_OCTET_STRING *oct, int zbuf);
ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
const ASN1_ITEM *it, const char *pass, int passlen, void *obj, int zbuf);
PKCS12 *PKCS12_init(int mode);
@@ -235,7 +237,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
int saltlen, const EVP_MD *md_type);
unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
unsigned char **uni, int *unilen);
-char *OPENSSL_uni2asc(unsigned char *uni, int unilen);
+char *OPENSSL_uni2asc(const unsigned char *uni, int unilen);
PKCS12 *PKCS12_new(void);
void PKCS12_free(PKCS12 *a);
@@ -264,22 +266,22 @@ extern const ASN1_ITEM PKCS12_AUTHSAFES_it;
void PKCS12_PBE_add(void);
int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
STACK_OF(X509) **ca);
-PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
- STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
+PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
+ X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
int mac_iter, int keytype);
PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
- int key_usage, int iter, int key_nid, char *pass);
+ int key_usage, int iter, int key_nid, const char *pass);
int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
- int safe_nid, int iter, char *pass);
+ int safe_nid, int iter, const char *pass);
PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
-int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
+int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass);
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/libressl/include/openssl/rsa.h b/libressl/include/openssl/rsa.h
index febeb297..2aa472f5 100644
--- a/libressl/include/openssl/rsa.h
+++ b/libressl/include/openssl/rsa.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa.h,v 1.29 2016/09/04 17:25:27 jsing Exp $ */
+/* $OpenBSD: rsa.h,v 1.40 2019/06/05 15:41:33 gilles Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -256,6 +256,7 @@ struct rsa_st {
RSA *RSA_new(void);
RSA *RSA_new_method(ENGINE *engine);
+int RSA_bits(const RSA *rsa);
int RSA_size(const RSA *rsa);
/* Deprecated version */
@@ -367,10 +368,6 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *f, int fl, int rsa_len,
const unsigned char *p, int pl);
-int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
- const unsigned char *f, int fl);
-int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
- const unsigned char *f, int fl, int rsa_len);
int RSA_padding_add_none(unsigned char *to, int tlen,
const unsigned char *f, int fl);
int RSA_padding_check_none(unsigned char *to, int tlen,
@@ -399,6 +396,18 @@ int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
int RSA_set_ex_data(RSA *r, int idx, void *arg);
void *RSA_get_ex_data(const RSA *r, int idx);
+void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e,
+ const BIGNUM **d);
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
+void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
+ const BIGNUM **iqmp);
+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
+void RSA_clear_flags(RSA *r, int flags);
+int RSA_test_flags(const RSA *r, int flags);
+void RSA_set_flags(RSA *r, int flags);
+
RSA *RSAPublicKey_dup(RSA *rsa);
RSA *RSAPrivateKey_dup(RSA *rsa);
@@ -421,6 +430,64 @@ RSA *RSAPrivateKey_dup(RSA *rsa);
*/
#define RSA_FLAG_CHECKED 0x0800
+RSA_METHOD *RSA_meth_new(const char *name, int flags);
+void RSA_meth_free(RSA_METHOD *meth);
+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
+int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
+ const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
+int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
+ const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
+int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);
+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa));
+int RSA_meth_set_pub_enc(RSA_METHOD *meth, int (*pub_enc)(int flen,
+ const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
+int RSA_meth_set_pub_dec(RSA_METHOD *meth, int (*pub_dec)(int flen,
+ const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
+int RSA_meth_set_mod_exp(RSA_METHOD *meth, int (*mod_exp)(BIGNUM *r0,
+ const BIGNUM *i, RSA *rsa, BN_CTX *ctx));
+int RSA_meth_set_bn_mod_exp(RSA_METHOD *meth, int (*bn_mod_exp)(BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx));
+int RSA_meth_set_init(RSA_METHOD *meth, int (*init)(RSA *rsa));
+int RSA_meth_set_keygen(RSA_METHOD *meth, int (*keygen)(RSA *rsa, int bits,
+ BIGNUM *e, BN_GENCB *cb));
+int RSA_meth_set_flags(RSA_METHOD *meth, int flags);
+int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data);
+const char *RSA_meth_get0_name(const RSA_METHOD *);
+int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))(int flen,
+ const unsigned char *from, unsigned char *to, RSA *rsa, int padding);
+int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))(int flen,
+ const unsigned char *from, unsigned char *to, RSA *rsa, int padding);
+int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))(int flen,
+ const unsigned char *from, unsigned char *to, RSA *rsa, int padding);
+int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))(int flen,
+ const unsigned char *from, unsigned char *to, RSA *rsa, int padding);
+int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i,
+ RSA *rsa, BN_CTX *ctx);
+int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))(BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+int (*RSA_meth_get_init(const RSA_METHOD *meth))(RSA *rsa);
+int (*RSA_meth_get_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, BIGNUM *e,
+ BN_GENCB *cb);
+int RSA_meth_get_flags(const RSA_METHOD *meth);
+void *RSA_meth_get0_app_data(const RSA_METHOD *meth);
+int (*RSA_meth_get_sign(const RSA_METHOD *meth))(int type,
+ const unsigned char *m, unsigned int m_length,
+ unsigned char *sigret, unsigned int *siglen,
+ const RSA *rsa);
+int RSA_meth_set_sign(RSA_METHOD *rsa, int (*sign)(int type,
+ const unsigned char *m, unsigned int m_length, unsigned char *sigret,
+ unsigned int *siglen, const RSA *rsa));
+int (*RSA_meth_get_verify(const RSA_METHOD *meth))(int dtype,
+ const unsigned char *m, unsigned int m_length, const unsigned char *sigbuf,
+ unsigned int siglen, const RSA *rsa);
+int RSA_meth_set_verify(RSA_METHOD *rsa, int (*verify)(int dtype,
+ const unsigned char *m, unsigned int m_length, const unsigned char *sigbuf,
+ unsigned int siglen, const RSA *rsa));
+
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
@@ -464,13 +531,11 @@ void ERR_load_RSA_strings(void);
#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148
#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109
-#define RSA_F_RSA_PADDING_ADD_SSLV23 110
#define RSA_F_RSA_PADDING_ADD_X931 127
#define RSA_F_RSA_PADDING_CHECK_NONE 111
#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122
#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112
#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113
-#define RSA_F_RSA_PADDING_CHECK_SSLV23 114
#define RSA_F_RSA_PADDING_CHECK_X931 128
#define RSA_F_RSA_PRINT 115
#define RSA_F_RSA_PRINT_FP 116
diff --git a/libressl/include/openssl/safestack.h b/libressl/include/openssl/safestack.h
index 6540174d..690912b3 100644
--- a/libressl/include/openssl/safestack.h
+++ b/libressl/include/openssl/safestack.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: safestack.h,v 1.15 2016/12/27 16:02:40 jsing Exp $ */
+/* $OpenBSD: safestack.h,v 1.18 2019/08/11 14:14:14 jsing Exp $ */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
@@ -179,35 +179,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
#define SKM_sk_is_sorted(type, st) \
sk_is_sorted(CHECKED_STACK_OF(type, st))
-#ifndef LIBRESSL_INTERNAL
-#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- (STACK_OF(type) *)d2i_ASN1_SET( \
- (STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \
- pp, length, \
- CHECKED_D2I_OF(type, d2i_func), \
- CHECKED_SK_FREE_FUNC(type, free_func), \
- ex_tag, ex_class)
-
-#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
- i2d_ASN1_SET((STACK_OF(OPENSSL_BLOCK) *)CHECKED_STACK_OF(type, st), pp, \
- CHECKED_I2D_OF(type, i2d_func), \
- ex_tag, ex_class, is_set)
-
-#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
- ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \
- CHECKED_I2D_OF(type, i2d_func), buf, len)
-
-#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
- (STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func))
-
-#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
- (STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \
- CHECKED_D2I_OF(type, d2i_func), \
- CHECKED_SK_FREE_FUNC(type, free_func), \
- pass, passlen, oct, seq)
-#endif
-
-/* This block of defines is updated by util/mkstack.pl, please do not touch! */
#define sk_ACCESS_DESCRIPTION_new(cmp) SKM_sk_new(ACCESS_DESCRIPTION, (cmp))
#define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION)
#define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st))
@@ -494,6 +465,28 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
#define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st))
#define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st))
+#define sk_CMS_RecipientEncryptedKey_new(cmp) SKM_sk_new(CMS_RecipientEncryptedKey, (cmp))
+#define sk_CMS_RecipientEncryptedKey_new_null() SKM_sk_new_null(CMS_RecipientEncryptedKey)
+#define sk_CMS_RecipientEncryptedKey_free(st) SKM_sk_free(CMS_RecipientEncryptedKey, (st))
+#define sk_CMS_RecipientEncryptedKey_num(st) SKM_sk_num(CMS_RecipientEncryptedKey, (st))
+#define sk_CMS_RecipientEncryptedKey_value(st, i) SKM_sk_value(CMS_RecipientEncryptedKey, (st), (i))
+#define sk_CMS_RecipientEncryptedKey_set(st, i, val) SKM_sk_set(CMS_RecipientEncryptedKey, (st), (i), (val))
+#define sk_CMS_RecipientEncryptedKey_zero(st) SKM_sk_zero(CMS_RecipientEncryptedKey, (st))
+#define sk_CMS_RecipientEncryptedKey_push(st, val) SKM_sk_push(CMS_RecipientEncryptedKey, (st), (val))
+#define sk_CMS_RecipientEncryptedKey_unshift(st, val) SKM_sk_unshift(CMS_RecipientEncryptedKey, (st), (val))
+#define sk_CMS_RecipientEncryptedKey_find(st, val) SKM_sk_find(CMS_RecipientEncryptedKey, (st), (val))
+#define sk_CMS_RecipientEncryptedKey_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientEncryptedKey, (st), (val))
+#define sk_CMS_RecipientEncryptedKey_delete(st, i) SKM_sk_delete(CMS_RecipientEncryptedKey, (st), (i))
+#define sk_CMS_RecipientEncryptedKey_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientEncryptedKey, (st), (ptr))
+#define sk_CMS_RecipientEncryptedKey_insert(st, val, i) SKM_sk_insert(CMS_RecipientEncryptedKey, (st), (val), (i))
+#define sk_CMS_RecipientEncryptedKey_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientEncryptedKey, (st), (cmp))
+#define sk_CMS_RecipientEncryptedKey_dup(st) SKM_sk_dup(CMS_RecipientEncryptedKey, st)
+#define sk_CMS_RecipientEncryptedKey_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientEncryptedKey, (st), (free_func))
+#define sk_CMS_RecipientEncryptedKey_shift(st) SKM_sk_shift(CMS_RecipientEncryptedKey, (st))
+#define sk_CMS_RecipientEncryptedKey_pop(st) SKM_sk_pop(CMS_RecipientEncryptedKey, (st))
+#define sk_CMS_RecipientEncryptedKey_sort(st) SKM_sk_sort(CMS_RecipientEncryptedKey, (st))
+#define sk_CMS_RecipientEncryptedKey_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientEncryptedKey, (st))
+
#define sk_CMS_RecipientInfo_new(cmp) SKM_sk_new(CMS_RecipientInfo, (cmp))
#define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo)
#define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st))
@@ -956,182 +949,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
#define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st))
#define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st))
-#define sk_KRB5_APREQBODY_new(cmp) SKM_sk_new(KRB5_APREQBODY, (cmp))
-#define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY)
-#define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i))
-#define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val))
-#define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val))
-#define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val))
-#define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val))
-#define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val))
-#define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i))
-#define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr))
-#define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i))
-#define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp))
-#define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st)
-#define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func))
-#define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st))
-
-#define sk_KRB5_AUTHDATA_new(cmp) SKM_sk_new(KRB5_AUTHDATA, (cmp))
-#define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA)
-#define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i))
-#define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val))
-#define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val))
-#define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val))
-#define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val))
-#define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val))
-#define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i))
-#define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr))
-#define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i))
-#define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp))
-#define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st)
-#define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func))
-#define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st))
-
-#define sk_KRB5_AUTHENTBODY_new(cmp) SKM_sk_new(KRB5_AUTHENTBODY, (cmp))
-#define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY)
-#define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i))
-#define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val))
-#define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val))
-#define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val))
-#define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val))
-#define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val))
-#define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i))
-#define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr))
-#define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i))
-#define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp))
-#define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st)
-#define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func))
-#define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st))
-
-#define sk_KRB5_CHECKSUM_new(cmp) SKM_sk_new(KRB5_CHECKSUM, (cmp))
-#define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM)
-#define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i))
-#define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val))
-#define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val))
-#define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val))
-#define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val))
-#define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val))
-#define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i))
-#define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr))
-#define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i))
-#define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp))
-#define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st)
-#define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func))
-#define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st))
-
-#define sk_KRB5_ENCDATA_new(cmp) SKM_sk_new(KRB5_ENCDATA, (cmp))
-#define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA)
-#define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i))
-#define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val))
-#define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val))
-#define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val))
-#define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val))
-#define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val))
-#define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i))
-#define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr))
-#define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i))
-#define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp))
-#define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st)
-#define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func))
-#define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st))
-
-#define sk_KRB5_ENCKEY_new(cmp) SKM_sk_new(KRB5_ENCKEY, (cmp))
-#define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY)
-#define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i))
-#define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val))
-#define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val))
-#define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val))
-#define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val))
-#define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val))
-#define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i))
-#define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr))
-#define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i))
-#define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp))
-#define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st)
-#define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func))
-#define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st))
-
-#define sk_KRB5_PRINCNAME_new(cmp) SKM_sk_new(KRB5_PRINCNAME, (cmp))
-#define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME)
-#define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i))
-#define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val))
-#define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val))
-#define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val))
-#define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val))
-#define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val))
-#define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i))
-#define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr))
-#define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i))
-#define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp))
-#define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st)
-#define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func))
-#define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st))
-
-#define sk_KRB5_TKTBODY_new(cmp) SKM_sk_new(KRB5_TKTBODY, (cmp))
-#define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY)
-#define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i))
-#define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val))
-#define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val))
-#define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val))
-#define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val))
-#define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val))
-#define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i))
-#define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr))
-#define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i))
-#define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp))
-#define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st)
-#define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func))
-#define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st))
-
#define sk_MEM_OBJECT_DATA_new(cmp) SKM_sk_new(MEM_OBJECT_DATA, (cmp))
#define sk_MEM_OBJECT_DATA_new_null() SKM_sk_new_null(MEM_OBJECT_DATA)
#define sk_MEM_OBJECT_DATA_free(st) SKM_sk_free(MEM_OBJECT_DATA, (st))
@@ -1462,72 +1279,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
#define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st))
#define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st))
-#define sk_SRP_gN_new(cmp) SKM_sk_new(SRP_gN, (cmp))
-#define sk_SRP_gN_new_null() SKM_sk_new_null(SRP_gN)
-#define sk_SRP_gN_free(st) SKM_sk_free(SRP_gN, (st))
-#define sk_SRP_gN_num(st) SKM_sk_num(SRP_gN, (st))
-#define sk_SRP_gN_value(st, i) SKM_sk_value(SRP_gN, (st), (i))
-#define sk_SRP_gN_set(st, i, val) SKM_sk_set(SRP_gN, (st), (i), (val))
-#define sk_SRP_gN_zero(st) SKM_sk_zero(SRP_gN, (st))
-#define sk_SRP_gN_push(st, val) SKM_sk_push(SRP_gN, (st), (val))
-#define sk_SRP_gN_unshift(st, val) SKM_sk_unshift(SRP_gN, (st), (val))
-#define sk_SRP_gN_find(st, val) SKM_sk_find(SRP_gN, (st), (val))
-#define sk_SRP_gN_find_ex(st, val) SKM_sk_find_ex(SRP_gN, (st), (val))
-#define sk_SRP_gN_delete(st, i) SKM_sk_delete(SRP_gN, (st), (i))
-#define sk_SRP_gN_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN, (st), (ptr))
-#define sk_SRP_gN_insert(st, val, i) SKM_sk_insert(SRP_gN, (st), (val), (i))
-#define sk_SRP_gN_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN, (st), (cmp))
-#define sk_SRP_gN_dup(st) SKM_sk_dup(SRP_gN, st)
-#define sk_SRP_gN_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN, (st), (free_func))
-#define sk_SRP_gN_shift(st) SKM_sk_shift(SRP_gN, (st))
-#define sk_SRP_gN_pop(st) SKM_sk_pop(SRP_gN, (st))
-#define sk_SRP_gN_sort(st) SKM_sk_sort(SRP_gN, (st))
-#define sk_SRP_gN_is_sorted(st) SKM_sk_is_sorted(SRP_gN, (st))
-
-#define sk_SRP_gN_cache_new(cmp) SKM_sk_new(SRP_gN_cache, (cmp))
-#define sk_SRP_gN_cache_new_null() SKM_sk_new_null(SRP_gN_cache)
-#define sk_SRP_gN_cache_free(st) SKM_sk_free(SRP_gN_cache, (st))
-#define sk_SRP_gN_cache_num(st) SKM_sk_num(SRP_gN_cache, (st))
-#define sk_SRP_gN_cache_value(st, i) SKM_sk_value(SRP_gN_cache, (st), (i))
-#define sk_SRP_gN_cache_set(st, i, val) SKM_sk_set(SRP_gN_cache, (st), (i), (val))
-#define sk_SRP_gN_cache_zero(st) SKM_sk_zero(SRP_gN_cache, (st))
-#define sk_SRP_gN_cache_push(st, val) SKM_sk_push(SRP_gN_cache, (st), (val))
-#define sk_SRP_gN_cache_unshift(st, val) SKM_sk_unshift(SRP_gN_cache, (st), (val))
-#define sk_SRP_gN_cache_find(st, val) SKM_sk_find(SRP_gN_cache, (st), (val))
-#define sk_SRP_gN_cache_find_ex(st, val) SKM_sk_find_ex(SRP_gN_cache, (st), (val))
-#define sk_SRP_gN_cache_delete(st, i) SKM_sk_delete(SRP_gN_cache, (st), (i))
-#define sk_SRP_gN_cache_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN_cache, (st), (ptr))
-#define sk_SRP_gN_cache_insert(st, val, i) SKM_sk_insert(SRP_gN_cache, (st), (val), (i))
-#define sk_SRP_gN_cache_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN_cache, (st), (cmp))
-#define sk_SRP_gN_cache_dup(st) SKM_sk_dup(SRP_gN_cache, st)
-#define sk_SRP_gN_cache_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN_cache, (st), (free_func))
-#define sk_SRP_gN_cache_shift(st) SKM_sk_shift(SRP_gN_cache, (st))
-#define sk_SRP_gN_cache_pop(st) SKM_sk_pop(SRP_gN_cache, (st))
-#define sk_SRP_gN_cache_sort(st) SKM_sk_sort(SRP_gN_cache, (st))
-#define sk_SRP_gN_cache_is_sorted(st) SKM_sk_is_sorted(SRP_gN_cache, (st))
-
-#define sk_SRP_user_pwd_new(cmp) SKM_sk_new(SRP_user_pwd, (cmp))
-#define sk_SRP_user_pwd_new_null() SKM_sk_new_null(SRP_user_pwd)
-#define sk_SRP_user_pwd_free(st) SKM_sk_free(SRP_user_pwd, (st))
-#define sk_SRP_user_pwd_num(st) SKM_sk_num(SRP_user_pwd, (st))
-#define sk_SRP_user_pwd_value(st, i) SKM_sk_value(SRP_user_pwd, (st), (i))
-#define sk_SRP_user_pwd_set(st, i, val) SKM_sk_set(SRP_user_pwd, (st), (i), (val))
-#define sk_SRP_user_pwd_zero(st) SKM_sk_zero(SRP_user_pwd, (st))
-#define sk_SRP_user_pwd_push(st, val) SKM_sk_push(SRP_user_pwd, (st), (val))
-#define sk_SRP_user_pwd_unshift(st, val) SKM_sk_unshift(SRP_user_pwd, (st), (val))
-#define sk_SRP_user_pwd_find(st, val) SKM_sk_find(SRP_user_pwd, (st), (val))
-#define sk_SRP_user_pwd_find_ex(st, val) SKM_sk_find_ex(SRP_user_pwd, (st), (val))
-#define sk_SRP_user_pwd_delete(st, i) SKM_sk_delete(SRP_user_pwd, (st), (i))
-#define sk_SRP_user_pwd_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_user_pwd, (st), (ptr))
-#define sk_SRP_user_pwd_insert(st, val, i) SKM_sk_insert(SRP_user_pwd, (st), (val), (i))
-#define sk_SRP_user_pwd_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_user_pwd, (st), (cmp))
-#define sk_SRP_user_pwd_dup(st) SKM_sk_dup(SRP_user_pwd, st)
-#define sk_SRP_user_pwd_pop_free(st, free_func) SKM_sk_pop_free(SRP_user_pwd, (st), (free_func))
-#define sk_SRP_user_pwd_shift(st) SKM_sk_shift(SRP_user_pwd, (st))
-#define sk_SRP_user_pwd_pop(st) SKM_sk_pop(SRP_user_pwd, (st))
-#define sk_SRP_user_pwd_sort(st) SKM_sk_sort(SRP_user_pwd, (st))
-#define sk_SRP_user_pwd_is_sorted(st) SKM_sk_is_sorted(SRP_user_pwd, (st))
-
#define sk_SRTP_PROTECTION_PROFILE_new(cmp) SKM_sk_new(SRTP_PROTECTION_PROFILE, (cmp))
#define sk_SRTP_PROTECTION_PROFILE_new_null() SKM_sk_new_null(SRTP_PROTECTION_PROFILE)
#define sk_SRTP_PROTECTION_PROFILE_free(st) SKM_sk_free(SRTP_PROTECTION_PROFILE, (st))
@@ -2146,7 +1897,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st))
#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
-
#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
@@ -2171,7 +1921,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st))
#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
-
#define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
#define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null())
#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
@@ -2196,239 +1945,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
#define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st))
#define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st))
-#ifndef LIBRESSL_INTERNAL
-#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(ASN1_UTF8STRING, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(ASN1_UTF8STRING, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ASN1_UTF8STRING(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(ASN1_UTF8STRING, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ASN1_UTF8STRING(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(ASN1_UTF8STRING, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ESS_CERT_ID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(ESS_CERT_ID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_ESS_CERT_ID(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(ESS_CERT_ID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ESS_CERT_ID(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(ESS_CERT_ID, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ESS_CERT_ID(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(ESS_CERT_ID, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_EVP_MD(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(EVP_MD, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_EVP_MD(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(EVP_MD, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_EVP_MD(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(EVP_MD, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_EVP_MD(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(EVP_MD, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func))
-
-#define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \
- SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
-
-#define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \
- SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
-#endif /* !LIBRESSL_INTERNAL */
-
#define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj)
#define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst)
#define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst)
@@ -2662,6 +2178,5 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
#define lh_SSL_SESSION_stats_bio(lh,out) \
LHM_lh_stats_bio(SSL_SESSION,lh,out)
#define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh)
-/* End of util/mkstack.pl block, you may now edit :-) */
#endif /* !defined HEADER_SAFESTACK_H */
diff --git a/libressl/include/openssl/sm3.h b/libressl/include/openssl/sm3.h
new file mode 100644
index 00000000..553c64dc
--- /dev/null
+++ b/libressl/include/openssl/sm3.h
@@ -0,0 +1,53 @@
+/* $OpenBSD: sm3.h,v 1.1 2018/11/11 06:53:31 tb Exp $ */
+/*
+ * Copyright (c) 2018, Ribose Inc
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef HEADER_SM3_H
+#define HEADER_SM3_H
+
+#include <stddef.h>
+#include <openssl/opensslconf.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_NO_SM3
+#error SM3 is disabled.
+#endif
+
+#define SM3_DIGEST_LENGTH 32
+#define SM3_WORD unsigned int
+
+#define SM3_CBLOCK 64
+#define SM3_LBLOCK (SM3_CBLOCK / 4)
+
+typedef struct SM3state_st {
+ SM3_WORD A, B, C, D, E, F, G, H;
+ SM3_WORD Nl, Nh;
+ SM3_WORD data[SM3_LBLOCK];
+ unsigned int num;
+} SM3_CTX;
+
+int SM3_Init(SM3_CTX *c);
+int SM3_Update(SM3_CTX *c, const void *data, size_t len);
+int SM3_Final(unsigned char *md, SM3_CTX *c);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HEADER_SM3_H */
diff --git a/libressl/include/openssl/sm4.h b/libressl/include/openssl/sm4.h
new file mode 100644
index 00000000..5931ac71
--- /dev/null
+++ b/libressl/include/openssl/sm4.h
@@ -0,0 +1,51 @@
+/* $OpenBSD: sm4.h,v 1.1 2019/03/17 17:42:37 tb Exp $ */
+/*
+ * Copyright (c) 2017, 2019 Ribose Inc
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef HEADER_SM4_H
+#define HEADER_SM4_H
+
+#include <stdint.h>
+
+#include <openssl/opensslconf.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_NO_SM4
+#error SM4 is disabled.
+#endif
+
+#define SM4_DECRYPT 0
+#define SM4_ENCRYPT 1
+
+#define SM4_BLOCK_SIZE 16
+#define SM4_KEY_SCHEDULE 32
+
+typedef struct sm4_key_st {
+ unsigned char opaque[128];
+} SM4_KEY;
+
+int SM4_set_key(const uint8_t *key, SM4_KEY *ks);
+void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks);
+void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HEADER_SM4_H */
diff --git a/libressl/include/openssl/ssl.h b/libressl/include/openssl/ssl.h
index 0789b914..fc89b0ef 100644
--- a/libressl/include/openssl/ssl.h
+++ b/libressl/include/openssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.127 2017/02/05 15:06:05 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.166 2019/04/04 15:03:21 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -146,6 +146,7 @@
#include <stdint.h>
#include <openssl/opensslconf.h>
+
#include <openssl/hmac.h>
#include <openssl/pem.h>
#include <openssl/safestack.h>
@@ -305,6 +306,9 @@ extern "C" {
#define SSL_TXT_TLSV1 "TLSv1"
#define SSL_TXT_TLSV1_1 "TLSv1.1"
#define SSL_TXT_TLSV1_2 "TLSv1.2"
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define SSL_TXT_TLSV1_3 "TLSv1.3"
+#endif
#define SSL_TXT_EXP "EXP"
#define SSL_TXT_EXPORT "EXPORT"
@@ -481,7 +485,6 @@ struct ssl_session_st {
/* Allow initial connection to servers that don't support RI */
#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
-#define SSL_OP_TLSEXT_PADDING 0x00000010L
/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
* in OpenSSL 0.9.6d. Usually (depending on the application protocol)
@@ -503,38 +506,28 @@ struct ssl_session_st {
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
/* Disallow client initiated renegotiation. */
#define SSL_OP_NO_CLIENT_RENEGOTIATION 0x00020000L
-/* If set, always create a new key when using tmp_ecdh parameters */
-#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
/* If set, always create a new key when using tmp_dh parameters */
#define SSL_OP_SINGLE_DH_USE 0x00100000L
/* Set on servers to choose the cipher according to the server's
* preferences */
#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
-/* If set, a server will allow a client to issue a SSLv3.0 version number
- * as latest version supported in the premaster secret, even when TLSv1.0
- * (version 3.1) was announced in the client hello. Normally this is
- * forbidden to prevent version rollback attacks. */
-#define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L
#define SSL_OP_NO_TLSv1 0x04000000L
#define SSL_OP_NO_TLSv1_2 0x08000000L
#define SSL_OP_NO_TLSv1_1 0x10000000L
-/* Make server add server-hello extension from early version of
- * cryptopro draft, when GOST ciphersuite is negotiated.
- * Required for interoperability with CryptoPro CSP 3.x
- */
-#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define SSL_OP_NO_TLSv1_3 0x20000000L
+#endif
/* SSL_OP_ALL: various bug workarounds that should be rather harmless. */
#define SSL_OP_ALL \
- (SSL_OP_LEGACY_SERVER_CONNECT | \
- SSL_OP_TLSEXT_PADDING | \
- SSL_OP_CRYPTOPRO_TLSEXT_BUG)
+ (SSL_OP_LEGACY_SERVER_CONNECT)
/* Obsolete flags kept for compatibility. No sane code should use them. */
#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0
#define SSL_OP_CISCO_ANYCONNECT 0x0
+#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x0
#define SSL_OP_EPHEMERAL_RSA 0x0
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0
#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0
@@ -549,10 +542,13 @@ struct ssl_session_st {
#define SSL_OP_PKCS1_CHECK_1 0x0
#define SSL_OP_PKCS1_CHECK_2 0x0
#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x0
+#define SSL_OP_SINGLE_ECDH_USE 0x0
#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0
+#define SSL_OP_TLSEXT_PADDING 0x0
#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0
#define SSL_OP_TLS_D5_BUG 0x0
+#define SSL_OP_TLS_ROLLBACK_BUG 0x0
/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
* when just a single record has been written): */
@@ -739,10 +735,10 @@ void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx,
SSL_SESSION *sess);
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
- SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
- int len, int *copy));
+ SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
+ const unsigned char *data, int len, int *copy));
SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
- unsigned char *Data, int len, int *copy);
+ const unsigned char *data, int len, int *copy);
void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,
int type, int val));
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type,
@@ -758,7 +754,7 @@ void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
unsigned int *cookie_len));
void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
- int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
+ int (*app_verify_cookie_cb)(SSL *ssl, const unsigned char *cookie,
unsigned int cookie_len));
void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
const unsigned char **out, unsigned int *outlen, void *arg), void *arg);
@@ -932,12 +928,12 @@ extern "C" {
#define SSL_CB_HANDSHAKE_DONE 0x20
/* Is the SSL_connection established? */
-#define SSL_get_state(a) SSL_state(a)
-#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK)
-#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT)
-#define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE)
-#define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT)
-#define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT)
+#define SSL_get_state(a) (SSL_state((a)))
+#define SSL_is_init_finished(a) (SSL_state((a)) == SSL_ST_OK)
+#define SSL_in_init(a) (SSL_state((a))&SSL_ST_INIT)
+#define SSL_in_before(a) (SSL_state((a))&SSL_ST_BEFORE)
+#define SSL_in_connect_init(a) (SSL_state((a))&SSL_ST_CONNECT)
+#define SSL_in_accept_init(a) (SSL_state((a))&SSL_ST_ACCEPT)
/* The following 2 states are kept in ssl->rstate when reads fail,
* you should not need these */
@@ -1088,7 +1084,9 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
+#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66
@@ -1120,6 +1118,9 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
+#define SSL_CTRL_CHAIN 88
+#define SSL_CTRL_CHAIN_CERT 89
+
#define SSL_CTRL_SET_GROUPS 91
#define SSL_CTRL_SET_GROUPS_LIST 92
@@ -1127,8 +1128,15 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
#define SSL_CTRL_GET_SERVER_TMP_KEY 109
+#define SSL_CTRL_GET_CHAIN_CERTS 115
+
#define SSL_CTRL_SET_DH_AUTO 118
+#define SSL_CTRL_SET_MIN_PROTO_VERSION 123
+#define SSL_CTRL_SET_MAX_PROTO_VERSION 124
+#define SSL_CTRL_GET_MIN_PROTO_VERSION 130
+#define SSL_CTRL_GET_MAX_PROTO_VERSION 131
+
#define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
#define DTLSv1_handle_timeout(ssl) \
@@ -1171,12 +1179,36 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
#define SSL_set_ecdh_auto(s, onoff) \
SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL)
+int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *chain);
+int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *chain);
+int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509);
+int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509);
+int SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, STACK_OF(X509) **out_chain);
+int SSL_CTX_clear_chain_certs(SSL_CTX *ctx);
+
+int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *chain);
+int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *chain);
+int SSL_add0_chain_cert(SSL *ssl, X509 *x509);
+int SSL_add1_chain_cert(SSL *ssl, X509 *x509);
+int SSL_get0_chain_certs(const SSL *ssl, STACK_OF(X509) **out_chain);
+int SSL_clear_chain_certs(SSL *ssl);
+
int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len);
int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups);
int SSL_set1_groups(SSL *ssl, const int *groups, size_t groups_len);
int SSL_set1_groups_list(SSL *ssl, const char *groups);
+int SSL_CTX_get_min_proto_version(SSL_CTX *ctx);
+int SSL_CTX_get_max_proto_version(SSL_CTX *ctx);
+int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version);
+int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version);
+
+int SSL_get_min_proto_version(SSL *ssl);
+int SSL_get_max_proto_version(SSL *ssl);
+int SSL_set_min_proto_version(SSL *ssl, uint16_t version);
+int SSL_set_max_proto_version(SSL *ssl, uint16_t version);
+
#ifndef LIBRESSL_INTERNAL
#define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS
#define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST
@@ -1197,20 +1229,58 @@ int SSL_set1_groups_list(SSL *ssl, const char *groups);
#define SSL_get_server_tmp_key(s, pk) \
SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
-BIO_METHOD *BIO_f_ssl(void);
+#ifndef LIBRESSL_INTERNAL
+/*
+ * Also provide those functions as macros for compatibility with
+ * existing users.
+ */
+#define SSL_CTX_set0_chain SSL_CTX_set0_chain
+#define SSL_CTX_set1_chain SSL_CTX_set1_chain
+#define SSL_CTX_add0_chain_cert SSL_CTX_add0_chain_cert
+#define SSL_CTX_add1_chain_cert SSL_CTX_add1_chain_cert
+#define SSL_CTX_get0_chain_certs SSL_CTX_get0_chain_certs
+#define SSL_CTX_clear_chain_certs SSL_CTX_clear_chain_certs
+
+#define SSL_add0_chain_cert SSL_add0_chain_cert
+#define SSL_add1_chain_cert SSL_add1_chain_cert
+#define SSL_set0_chain SSL_set0_chain
+#define SSL_set1_chain SSL_set1_chain
+#define SSL_get0_chain_certs SSL_get0_chain_certs
+#define SSL_clear_chain_certs SSL_clear_chain_certs
+
+#define SSL_CTX_set1_groups SSL_CTX_set1_groups
+#define SSL_CTX_set1_groups_list SSL_CTX_set1_groups_list
+#define SSL_set1_groups SSL_set1_groups
+#define SSL_set1_groups_list SSL_set1_groups_list
+
+#define SSL_CTX_get_min_proto_version SSL_CTX_get_min_proto_version
+#define SSL_CTX_get_max_proto_version SSL_CTX_get_max_proto_version
+#define SSL_CTX_set_min_proto_version SSL_CTX_set_min_proto_version
+#define SSL_CTX_set_max_proto_version SSL_CTX_set_max_proto_version
+
+#define SSL_get_min_proto_version SSL_get_min_proto_version
+#define SSL_get_max_proto_version SSL_get_max_proto_version
+#define SSL_set_min_proto_version SSL_set_min_proto_version
+#define SSL_set_max_proto_version SSL_set_max_proto_version
+#endif
+
+const BIO_METHOD *BIO_f_ssl(void);
BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
int BIO_ssl_copy_session_id(BIO *to, BIO *from);
void BIO_ssl_shutdown(BIO *ssl_bio);
+STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
void SSL_CTX_free(SSL_CTX *);
+int SSL_CTX_up_ref(SSL_CTX *ctx);
long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
long SSL_CTX_get_timeout(const SSL_CTX *ctx);
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
+X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
int SSL_want(const SSL *s);
int SSL_clear(SSL *s);
@@ -1220,10 +1290,15 @@ const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
const SSL_CIPHER *SSL_CIPHER_get_by_id(unsigned int id);
const SSL_CIPHER *SSL_CIPHER_get_by_value(uint16_t value);
int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
-char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
+const char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c);
+int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);
+int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c);
+int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
+int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
+int SSL_CIPHER_is_aead(const SSL_CIPHER *c);
int SSL_get_fd(const SSL *s);
int SSL_get_rfd(const SSL *s);
@@ -1247,7 +1322,7 @@ void SSL_set_verify(SSL *s, int mode,
int (*callback)(int ok, X509_STORE_CTX *ctx));
void SSL_set_verify_depth(SSL *s, int depth);
int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
+int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len);
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len);
int SSL_use_certificate(SSL *ssl, X509 *x);
@@ -1272,22 +1347,32 @@ const char *SSL_state_string(const SSL *s);
const char *SSL_rstate_string(const SSL *s);
const char *SSL_state_string_long(const SSL *s);
const char *SSL_rstate_string_long(const SSL *s);
+size_t SSL_SESSION_get_master_key(const SSL_SESSION *ss,
+ unsigned char *out, size_t max_out);
+int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
long SSL_SESSION_get_time(const SSL_SESSION *s);
long SSL_SESSION_set_time(SSL_SESSION *s, long t);
long SSL_SESSION_get_timeout(const SSL_SESSION *s);
long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
-void SSL_copy_session_id(SSL *to, const SSL *from);
+int SSL_copy_session_id(SSL *to, const SSL *from);
X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
+int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+ unsigned int sid_len);
int SSL_SESSION_set1_id_context(SSL_SESSION *s,
const unsigned char *sid_ctx, unsigned int sid_ctx_len);
SSL_SESSION *SSL_SESSION_new(void);
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
+void SSL_SESSION_free(SSL_SESSION *ses);
+int SSL_SESSION_up_ref(SSL_SESSION *ss);
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *ss,
+ unsigned int *len);
+const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *ss,
unsigned int *len);
-unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
+unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
+int SSL_SESSION_has_ticket(const SSL_SESSION *s);
+unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *ss);
int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
-void SSL_SESSION_free(SSL_SESSION *ses);
int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
int SSL_set_session(SSL *to, SSL_SESSION *session);
int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
@@ -1319,7 +1404,9 @@ int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, lo
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
+pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx);
void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx);
void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
int SSL_CTX_check_private_key(const SSL_CTX *ctx);
@@ -1327,21 +1414,25 @@ int SSL_check_private_key(const SSL *ctx);
int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
-SSL *SSL_new(SSL_CTX *ctx);
int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
int SSL_set_purpose(SSL *s, int purpose);
int SSL_CTX_set_trust(SSL_CTX *s, int trust);
int SSL_set_trust(SSL *s, int trust);
+int SSL_set1_host(SSL *s, const char *hostname);
+X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx);
int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
+X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
-
+SSL *SSL_new(SSL_CTX *ctx);
void SSL_free(SSL *ssl);
+int SSL_up_ref(SSL *ssl);
int SSL_accept(SSL *ssl);
int SSL_connect(SSL *ssl);
+int SSL_is_server(const SSL *s);
int SSL_read(SSL *ssl, void *buf, int num);
int SSL_peek(SSL *ssl, void *buf, int num);
int SSL_write(SSL *ssl, const void *buf, int num);
@@ -1380,7 +1471,13 @@ const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
+const SSL_METHOD *DTLS_method(void); /* DTLS v1.0 or later */
+const SSL_METHOD *DTLS_server_method(void); /* DTLS v1.0 or later */
+const SSL_METHOD *DTLS_client_method(void); /* DTLS v1.0 or later */
+
STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
+STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s);
+STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
int SSL_do_handshake(SSL *s);
int SSL_renegotiate(SSL *s);
@@ -1410,12 +1507,12 @@ long SSL_get_default_timeout(const SSL *s);
int SSL_library_init(void );
char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
+STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk);
SSL *SSL_dup(SSL *ssl);
X509 *SSL_get_certificate(const SSL *ssl);
-/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
+/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl);
void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
@@ -1504,6 +1601,9 @@ void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
void SSL_set_tmp_ecdh_callback(SSL *ssl,
EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
+size_t SSL_get_client_random(const SSL *s, unsigned char *out, size_t max_out);
+size_t SSL_get_server_random(const SSL *s, unsigned char *out, size_t max_out);
+
const void *SSL_get_current_compression(SSL *s);
const void *SSL_get_current_expansion(SSL *s);
@@ -1987,6 +2087,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
+#define SSL_R_SSL_SESSION_ID_TOO_LONG 408
#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
@@ -2060,6 +2161,19 @@ void ERR_load_SSL_strings(void);
#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
#define SSL_R_PEER_BEHAVING_BADLY 666
+/*
+ * OpenSSL compatible OPENSSL_INIT options
+ */
+
+/*
+ * These are provided for compatibiliy, but have no effect
+ * on how LibreSSL is initialized.
+ */
+#define OPENSSL_INIT_LOAD_SSL_STRINGS _OPENSSL_INIT_FLAG_NOOP
+#define OPENSSL_INIT_SSL_DEFAULT _OPENSSL_INIT_FLAG_NOOP
+
+int OPENSSL_init_ssl(uint64_t opts, const void *settings);
+
#ifdef __cplusplus
}
#endif
diff --git a/libressl/include/openssl/ssl3.h b/libressl/include/openssl/ssl3.h
index 91cbaf29..cadf7fd3 100644
--- a/libressl/include/openssl/ssl3.h
+++ b/libressl/include/openssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.45 2017/01/22 09:02:07 jsing Exp $ */
+/* $OpenBSD: ssl3.h,v 1.49 2018/11/08 22:28:52 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -348,13 +348,9 @@ typedef struct ssl3_buffer_st {
*/
#define SSL3_CT_NUMBER 11
-
#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
-#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
-#define SSL3_FLAGS_POP_BUFFER 0x0004
-#define TLS1_FLAGS_TLS_PADDING_BUG 0x0
#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
-#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
+#define TLS1_FLAGS_FREEZE_TRANSCRIPT 0x0020
#define SSL3_FLAGS_CCS_OK 0x0080
#ifndef OPENSSL_NO_SSL_INTERN
@@ -367,18 +363,6 @@ typedef struct ssl3_state_st {
unsigned char server_random[SSL3_RANDOM_SIZE];
unsigned char client_random[SSL3_RANDOM_SIZE];
- SSL3_BUFFER rbuf; /* read IO goes into here */
- SSL3_BUFFER wbuf; /* write IO goes into here */
-
- /* we allow one fatal and one warning alert to be outstanding,
- * send close alert via the warning alert */
- int alert_dispatch;
- unsigned char send_alert[2];
-
- struct {
- int new_mac_secret_size;
- } tmp;
-
struct ssl3_state_internal_st *internal;
} SSL3_STATE;
@@ -415,8 +399,6 @@ typedef struct ssl3_state_st {
#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
-#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
-#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
/* read from server */
@@ -462,8 +444,6 @@ typedef struct ssl3_state_st {
#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
/* write to client */
@@ -489,8 +469,6 @@ typedef struct ssl3_state_st {
#define SSL3_MT_FINISHED 20
#define SSL3_MT_CERTIFICATE_STATUS 22
-#define SSL3_MT_NEXT_PROTO 67
-
#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
#define SSL3_MT_CCS 1
diff --git a/libressl/include/openssl/tls1.h b/libressl/include/openssl/tls1.h
index d06a1969..cb68bbb5 100644
--- a/libressl/include/openssl/tls1.h
+++ b/libressl/include/openssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.29 2017/03/25 14:15:11 jsing Exp $ */
+/* $OpenBSD: tls1.h,v 1.39 2019/03/19 16:53:03 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -151,6 +151,8 @@
#ifndef HEADER_TLS1_H
#define HEADER_TLS1_H
+#include <openssl/opensslconf.h>
+
#include <openssl/buffer.h>
#ifdef __cplusplus
@@ -159,6 +161,10 @@ extern "C" {
#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define TLS1_3_VERSION 0x0304
+#endif
+
#define TLS1_2_VERSION 0x0303
#define TLS1_2_VERSION_MAJOR 0x03
#define TLS1_2_VERSION_MINOR 0x03
@@ -230,14 +236,19 @@ extern "C" {
/* ExtensionType values from RFC 6091. */
#define TLSEXT_TYPE_cert_type 9
+/* ExtensionType values from RFC 7919. */
+#define TLSEXT_TYPE_supported_groups 10
+
/* ExtensionType values from RFC 4492. */
-#define TLSEXT_TYPE_elliptic_curves 10
+#ifndef LIBRESSL_INTERNAL
+#define TLSEXT_TYPE_elliptic_curves TLSEXT_TYPE_supported_groups
+#endif
#define TLSEXT_TYPE_ec_point_formats 11
/* ExtensionType value from RFC 5054. */
#define TLSEXT_TYPE_srp 12
-/* ExtensionType values from RFC 5246. */
+/* ExtensionType value from RFC 5246/RFC 8446. */
#define TLSEXT_TYPE_signature_algorithms 13
/* ExtensionType value from RFC 5764. */
@@ -255,12 +266,23 @@ extern "C" {
/* ExtensionType value from RFC 4507. */
#define TLSEXT_TYPE_session_ticket 35
+/* ExtensionType values from RFC 8446 section 4.2 */
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define TLSEXT_TYPE_pre_shared_key 41
+#define TLSEXT_TYPE_early_data 42
+#define TLSEXT_TYPE_supported_versions 43
+#define TLSEXT_TYPE_cookie 44
+#define TLSEXT_TYPE_psk_key_exchange_modes 45
+#define TLSEXT_TYPE_certificate_authorities 47
+#define TLSEXT_TYPE_oid_filters 48
+#define TLSEXT_TYPE_post_handshake_auth 49
+#define TLSEXT_TYPE_signature_algorithms_cert 50
+#define TLSEXT_TYPE_key_share 51
+#endif
+
/* Temporary extension type */
#define TLSEXT_TYPE_renegotiate 0xff01
-/* This is not an IANA defined extension number */
-#define TLSEXT_TYPE_next_proto_neg 13172
-
/* NameType value from RFC 3546. */
#define TLSEXT_NAMETYPE_host_name 0
/* status request value from RFC 3546 */
@@ -273,29 +295,6 @@ extern "C" {
#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2
#define TLSEXT_ECPOINTFORMAT_last 2
-/* Signature and hash algorithms from RFC 5246. */
-
-#define TLSEXT_signature_anonymous 0
-#define TLSEXT_signature_rsa 1
-#define TLSEXT_signature_dsa 2
-#define TLSEXT_signature_ecdsa 3
-/* FIXME IANA */
-#define TLSEXT_signature_gostr01 237
-#define TLSEXT_signature_gostr12_256 238
-#define TLSEXT_signature_gostr12_512 239
-
-#define TLSEXT_hash_none 0
-#define TLSEXT_hash_md5 1
-#define TLSEXT_hash_sha1 2
-#define TLSEXT_hash_sha224 3
-#define TLSEXT_hash_sha256 4
-#define TLSEXT_hash_sha384 5
-#define TLSEXT_hash_sha512 6
-/* FIXME IANA */
-#define TLSEXT_hash_gost94 237
-#define TLSEXT_hash_streebog_256 238
-#define TLSEXT_hash_streebog_512 239
-
#define TLSEXT_MAXLEN_host_name 255
const char *SSL_get_servername(const SSL *s, const int type);
@@ -357,11 +356,15 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
+#define SSL_CTX_get_tlsext_status_cb(ssl, cb) \
+SSL_CTX_callback_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
+#define SSL_CTX_get_tlsext_status_arg(ssl, arg) \
+SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0,(void *)arg)
#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
-SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
+SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0,(void *)arg)
#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
@@ -471,6 +474,15 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4
#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5
+/* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301
+#define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302
+#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303
+#define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304
+#define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305
+#endif
+
/* ECC ciphersuites from RFC 4492. */
#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
@@ -534,9 +546,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032
/* ChaCha20-Poly1305 based ciphersuites. */
-#define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD 0x0300CC13
-#define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD 0x0300CC14
-#define TLS1_CK_DHE_RSA_CHACHA20_POLY1305_OLD 0x0300CC15
#define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305 0x0300CCA8
#define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305 0x0300CCA9
#define TLS1_CK_DHE_RSA_CHACHA20_POLY1305 0x0300CCAA
@@ -680,7 +689,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384"
/* ECDH HMAC based ciphersuites from RFC 5289. */
-
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256"
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384"
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256"
@@ -701,13 +709,19 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"
/* ChaCha20-Poly1305 based ciphersuites. */
-#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD "ECDHE-RSA-CHACHA20-POLY1305-OLD"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD "ECDHE-ECDSA-CHACHA20-POLY1305-OLD"
-#define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_OLD "DHE-RSA-CHACHA20-POLY1305-OLD"
#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305"
#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305"
#define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305"
+/* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define TLS1_3_TXT_AES_128_GCM_SHA256 "AEAD-AES128-GCM-SHA256"
+#define TLS1_3_TXT_AES_256_GCM_SHA384 "AEAD-AES256-GCM-SHA384"
+#define TLS1_3_TXT_CHACHA20_POLY1305_SHA256 "AEAD-CHACHA20-POLY1305-SHA256"
+#define TLS1_3_TXT_AES_128_CCM_SHA256 "AEAD-AES128-CCM-SHA256"
+#define TLS1_3_TXT_AES_128_CCM_8_SHA256 "AEAD-AES128-CCM-8-SHA256"
+#endif
+
#define TLS_CT_RSA_SIGN 1
#define TLS_CT_DSS_SIGN 2
#define TLS_CT_RSA_FIXED_DH 3
diff --git a/libressl/include/openssl/ts.h b/libressl/include/openssl/ts.h
index a8d2281b..fa8eb949 100644
--- a/libressl/include/openssl/ts.h
+++ b/libressl/include/openssl/ts.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts.h,v 1.8 2016/12/27 16:05:57 jsing Exp $ */
+/* $OpenBSD: ts.h,v 1.10 2018/05/13 15:35:46 tb Exp $ */
/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL
* project 2002, 2003, 2004.
*/
@@ -365,7 +365,7 @@ X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a);
int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len);
ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a);
-int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy);
+int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy);
ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a);
int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce);
@@ -378,7 +378,7 @@ STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a);
void TS_REQ_ext_free(TS_REQ *a);
int TS_REQ_get_ext_count(TS_REQ *a);
int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos);
-int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos);
+int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos);
int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos);
X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc);
X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc);
@@ -439,7 +439,8 @@ STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a);
void TS_TST_INFO_ext_free(TS_TST_INFO *a);
int TS_TST_INFO_get_ext_count(TS_TST_INFO *a);
int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos);
-int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos);
+int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj,
+ int lastpos);
int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos);
X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc);
X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc);
@@ -524,14 +525,14 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer);
int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key);
/* This parameter must be set. */
-int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy);
+int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy);
/* No additional certs are included in the response by default. */
int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs);
/* Adds a new acceptable policy, only the default policy
is accepted by default. */
-int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy);
+int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy);
/* Adds a new acceptable message digest. Note that no message digests
are accepted by default. The md argument is shared with the caller. */
diff --git a/libressl/include/openssl/ui.h b/libressl/include/openssl/ui.h
index b6b0075e..8035fc2b 100644
--- a/libressl/include/openssl/ui.h
+++ b/libressl/include/openssl/ui.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ui.h,v 1.9 2014/07/10 22:45:58 jsing Exp $ */
+/* $OpenBSD: ui.h,v 1.11 2018/06/02 04:45:21 tb Exp $ */
/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
* project 2001.
*/
@@ -304,7 +304,7 @@ enum UI_string_types {
};
/* Create and manipulate methods */
-UI_METHOD *UI_create_method(char *name);
+UI_METHOD *UI_create_method(const char *name);
void UI_destroy_method(UI_METHOD *ui_method);
int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui));
int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis));
@@ -312,12 +312,12 @@ int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui));
int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis));
int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui));
int UI_method_set_prompt_constructor(UI_METHOD *method, char *(*prompt_constructor)(UI* ui, const char* object_desc, const char* object_name));
-int (*UI_method_get_opener(UI_METHOD *method))(UI*);
-int (*UI_method_get_writer(UI_METHOD *method))(UI*, UI_STRING*);
-int (*UI_method_get_flusher(UI_METHOD *method))(UI*);
-int (*UI_method_get_reader(UI_METHOD *method))(UI*, UI_STRING*);
-int (*UI_method_get_closer(UI_METHOD *method))(UI*);
-char * (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*);
+int (*UI_method_get_opener(const UI_METHOD *method))(UI*);
+int (*UI_method_get_writer(const UI_METHOD *method))(UI*, UI_STRING*);
+int (*UI_method_get_flusher(const UI_METHOD *method))(UI*);
+int (*UI_method_get_reader(const UI_METHOD *method))(UI*, UI_STRING*);
+int (*UI_method_get_closer(const UI_METHOD *method))(UI*);
+char * (*UI_method_get_prompt_constructor(const UI_METHOD *method))(UI*, const char*, const char*);
/* The following functions are helpers for method writers to access relevant
data from a UI_STRING. */
diff --git a/libressl/include/openssl/x509.h b/libressl/include/openssl/x509.h
index 29493258..e30cbc0f 100644
--- a/libressl/include/openssl/x509.h
+++ b/libressl/include/openssl/x509.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.26 2016/12/27 16:05:57 jsing Exp $ */
+/* $OpenBSD: x509.h,v 1.74 2018/08/24 20:26:03 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -112,7 +112,7 @@
extern "C" {
#endif
-#if defined(_WIN32)
+#if defined(_WIN32) && defined(__WINCRYPT_H__)
#ifndef LIBRESSL_INTERNAL
#ifdef _MSC_VER
#pragma message("Warning, overriding WinCrypt defines")
@@ -574,19 +574,12 @@ X509_ALGOR *prf;
/* PKCS#8 private key info structure */
-struct pkcs8_priv_key_info_st
- {
- int broken; /* Flag for various broken formats */
-#define PKCS8_OK 0
-#define PKCS8_NO_OCTET 1
-#define PKCS8_EMBEDDED_PARAM 2
-#define PKCS8_NS_DB 3
-#define PKCS8_NEG_PRIVKEY 4
+struct pkcs8_priv_key_info_st {
ASN1_INTEGER *version;
X509_ALGOR *pkeyalg;
- ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
+ ASN1_OCTET_STRING *pkey;
STACK_OF(X509_ATTRIBUTE) *attributes;
- };
+};
#ifdef __cplusplus
}
@@ -602,22 +595,28 @@ extern "C" {
#define X509_EXT_PACK_UNKNOWN 1
#define X509_EXT_PACK_STRING 2
-#define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
-/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
-#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
-#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
#define X509_extract_key(x) X509_get_pubkey(x) /*****/
-#define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
-#define X509_REQ_get_subject_name(x) ((x)->req_info->subject)
#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b))
-#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
-#define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
-#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
-#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
-#define X509_CRL_get_issuer(x) ((x)->crl->issuer)
-#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
+int X509_CRL_up_ref(X509_CRL *x);
+int X509_CRL_get_signature_nid(const X509_CRL *crl);
+
+const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
+long X509_CRL_get_version(const X509_CRL *crl);
+const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
+const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
+ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
+ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
+X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
+STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
+void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
+ const X509_ALGOR **palg);
+
+int X509_REQ_get_signature_nid(const X509_REQ *req);
+
+void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
+ const X509_ALGOR **palg);
void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
X509_CRL_METHOD *X509_CRL_METHOD_new(
@@ -652,8 +651,9 @@ int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
-int X509_signature_dump(BIO *bp,const ASN1_STRING *sig, int indent);
-int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig);
+int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent);
+int X509_signature_print(BIO *bp, const X509_ALGOR *alg,
+ const ASN1_STRING *sig);
int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
@@ -757,12 +757,13 @@ X509_CRL *X509_CRL_dup(X509_CRL *crl);
X509_REQ *X509_REQ_dup(X509_REQ *req);
X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
-void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
- X509_ALGOR *algor);
+void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval,
+ const X509_ALGOR *algor);
void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
X509_NAME *X509_NAME_dup(X509_NAME *xn);
+int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, size_t *pderlen);
X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
int X509_cmp_time(const ASN1_TIME *s, time_t *t);
@@ -804,6 +805,7 @@ extern const ASN1_ITEM X509_PUBKEY_it;
int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key);
+EVP_PKEY * X509_PUBKEY_get0(X509_PUBKEY *key);
int X509_get_pubkey_parameters(EVP_PKEY *pkey,
STACK_OF(X509) *chain);
int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
@@ -900,28 +902,34 @@ int X509_set_ex_data(X509 *r, int idx, void *arg);
void *X509_get_ex_data(X509 *r, int idx);
int i2d_X509_AUX(X509 *a,unsigned char **pp);
X509 * d2i_X509_AUX(X509 **a,const unsigned char **pp,long length);
-
-int X509_alias_set1(X509 *x, unsigned char *name, int len);
-int X509_keyid_set1(X509 *x, unsigned char *id, int len);
-unsigned char * X509_alias_get0(X509 *x, int *len);
-unsigned char * X509_keyid_get0(X509 *x, int *len);
+void X509_get0_signature(const ASN1_BIT_STRING **psig,
+ const X509_ALGOR **palg, const X509 *x);
+int X509_get_signature_nid(const X509 *x);
+
+int X509_alias_set1(X509 *x, const unsigned char *name, int len);
+int X509_keyid_set1(X509 *x, const unsigned char *id, int len);
+unsigned char *X509_alias_get0(X509 *x, int *len);
+unsigned char *X509_keyid_get0(X509 *x, int *len);
int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
int X509_TRUST_set(int *t, int trust);
-int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
-int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
+int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj);
+int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj);
void X509_trust_clear(X509 *x);
void X509_reject_clear(X509 *x);
X509_REVOKED *X509_REVOKED_new(void);
void X509_REVOKED_free(X509_REVOKED *a);
+X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *a);
X509_REVOKED *d2i_X509_REVOKED(X509_REVOKED **a, const unsigned char **in, long len);
int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **out);
extern const ASN1_ITEM X509_REVOKED_it;
+
X509_CRL_INFO *X509_CRL_INFO_new(void);
void X509_CRL_INFO_free(X509_CRL_INFO *a);
X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a, const unsigned char **in, long len);
int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **out);
extern const ASN1_ITEM X509_CRL_INFO_it;
+
X509_CRL *X509_CRL_new(void);
void X509_CRL_free(X509_CRL *a);
X509_CRL *d2i_X509_CRL(X509_CRL **a, const unsigned char **in, long len);
@@ -955,7 +963,7 @@ extern const ASN1_ITEM NETSCAPE_CERT_SEQUENCE_it;
#ifndef OPENSSL_NO_EVP
X509_INFO * X509_INFO_new(void);
void X509_INFO_free(X509_INFO *a);
-char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
+char * X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data,
unsigned char *md,unsigned int *len);
@@ -971,22 +979,39 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx);
#endif
-int X509_set_version(X509 *x,long version);
+const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
+const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
+int X509_set_version(X509 *x, long version);
+long X509_get_version(const X509 *x);
int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
ASN1_INTEGER * X509_get_serialNumber(X509 *x);
+const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x);
int X509_set_issuer_name(X509 *x, X509_NAME *name);
-X509_NAME * X509_get_issuer_name(X509 *a);
+X509_NAME * X509_get_issuer_name(const X509 *a);
int X509_set_subject_name(X509 *x, X509_NAME *name);
-X509_NAME * X509_get_subject_name(X509 *a);
+X509_NAME * X509_get_subject_name(const X509 *a);
int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
+int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
+int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
+const ASN1_TIME *X509_get0_notBefore(const X509 *x);
+ASN1_TIME *X509_getm_notBefore(const X509 *x);
+const ASN1_TIME *X509_get0_notAfter(const X509 *x);
+ASN1_TIME *X509_getm_notAfter(const X509 *x);
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
EVP_PKEY * X509_get_pubkey(X509 *x);
-ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);
-int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
+EVP_PKEY * X509_get0_pubkey(const X509 *x);
+ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
+int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey);
+int X509_get_signature_type(const X509 *x);
+
+#define X509_get_notBefore X509_getm_notBefore
+#define X509_get_notAfter X509_getm_notAfter
int X509_REQ_set_version(X509_REQ *x,long version);
-int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
+long X509_REQ_get_version(const X509_REQ *x);
+int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
+X509_NAME *X509_REQ_get_subject_name(const X509_REQ *x);
int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req);
int X509_REQ_extension_nid(int nid);
@@ -999,7 +1024,7 @@ int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
int X509_REQ_get_attr_count(const X509_REQ *req);
int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
int lastpos);
-int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
+int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj,
int lastpos);
X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
@@ -1017,15 +1042,20 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req,
int X509_CRL_set_version(X509_CRL *x, long version);
int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
+int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
+int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
int X509_CRL_sort(X509_CRL *crl);
-int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
+const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *x);
+const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x);
+const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x);
int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
+int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey);
-int X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
+int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
unsigned long X509_issuer_and_serial_hash(X509 *a);
@@ -1052,11 +1082,13 @@ int X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cfla
int X509_print_fp(FILE *bp,X509 *x);
int X509_CRL_print_fp(FILE *bp,X509_CRL *x);
int X509_REQ_print_fp(FILE *bp,X509_REQ *req);
-int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
+int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
+ unsigned long flags);
#ifndef OPENSSL_NO_BIO
-int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
-int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
+int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase);
+int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
+ unsigned long flags);
int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
int X509_print(BIO *bp,X509 *x);
int X509_ocspid_print(BIO *bp,X509 *x);
@@ -1066,46 +1098,48 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long
int X509_REQ_print(BIO *bp,X509_REQ *req);
#endif
-int X509_NAME_entry_count(X509_NAME *name);
+int X509_NAME_entry_count(const X509_NAME *name);
int X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
char *buf,int len);
-int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
- char *buf,int len);
+int X509_NAME_get_text_by_OBJ(X509_NAME *name,
+ const ASN1_OBJECT *obj, char *buf,int len);
/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
* lastpos, search after that position on. */
-int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
-int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
+int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid,
int lastpos);
-X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
+int X509_NAME_get_index_by_OBJ(const X509_NAME *name,
+ const ASN1_OBJECT *obj, int lastpos);
+X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc);
X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
-int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
+int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne,
int loc, int set);
-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
- unsigned char *bytes, int len, int loc, int set);
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
+ int type, const unsigned char *bytes, int len, int loc, int set);
int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
- unsigned char *bytes, int len, int loc, int set);
+ const unsigned char *bytes, int len, int loc, int set);
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
const char *field, int type, const unsigned char *bytes, int len);
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
- int type,unsigned char *bytes, int len);
+ int type, const unsigned char *bytes, int len);
int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
const unsigned char *bytes, int len, int loc, int set);
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
- ASN1_OBJECT *obj, int type,const unsigned char *bytes,
- int len);
+ const ASN1_OBJECT *obj, int type,
+ const unsigned char *bytes, int len);
int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
- ASN1_OBJECT *obj);
+ const ASN1_OBJECT *obj);
int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
const unsigned char *bytes, int len);
-ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
-ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
+ASN1_OBJECT * X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
+ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
+int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne);
int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
int nid, int lastpos);
int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
- ASN1_OBJECT *obj,int lastpos);
+ const ASN1_OBJECT *obj, int lastpos);
int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
int crit, int lastpos);
X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
@@ -1113,56 +1147,67 @@ X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
X509_EXTENSION *ex, int loc);
-int X509_get_ext_count(X509 *x);
-int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
-int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
-int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
-X509_EXTENSION *X509_get_ext(X509 *x, int loc);
+int X509_get_ext_count(const X509 *x);
+int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
+int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj,
+ int lastpos);
+int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos);
+X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
-void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
+void * X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
unsigned long flags);
-int X509_CRL_get_ext_count(X509_CRL *x);
-int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
-int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos);
-int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
-X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
+int X509_CRL_get_ext_count(const X509_CRL *x);
+int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid,
+ int lastpos);
+int X509_CRL_get_ext_by_OBJ(const X509_CRL *x,
+ const ASN1_OBJECT *obj, int lastpos);
+int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit,
+ int lastpos);
+X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
-void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
-int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
- unsigned long flags);
-
-int X509_REVOKED_get_ext_count(X509_REVOKED *x);
-int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
-int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos);
-int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
-X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
+void * X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit,
+ int *idx);
+int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value,
+ int crit, unsigned long flags);
+
+int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
+int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid,
+ int lastpos);
+int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x,
+ const ASN1_OBJECT *obj, int lastpos);
+int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x,
+ int crit, int lastpos);
+X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
-int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
-void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
-int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
- unsigned long flags);
+int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex,
+ int loc);
+void * X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid,
+ int *crit, int *idx);
+int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value,
+ int crit, unsigned long flags);
X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
int nid, int crit, ASN1_OCTET_STRING *data);
X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
- ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);
-int X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj);
+ const ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data);
+int X509_EXTENSION_set_object(X509_EXTENSION *ex,
+ const ASN1_OBJECT *obj);
int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
int X509_EXTENSION_set_data(X509_EXTENSION *ex,
ASN1_OCTET_STRING *data);
ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex);
ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
-int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
+int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
int lastpos);
-int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
- int lastpos);
+int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
+ const ASN1_OBJECT *obj, int lastpos);
X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
@@ -1177,7 +1222,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
const char *attrname, int type,
const unsigned char *bytes, int len);
void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
- ASN1_OBJECT *obj, int lastpos, int type);
+ const ASN1_OBJECT *obj, int lastpos, int type);
X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
int atrtype, const void *data, int len);
X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
@@ -1188,14 +1233,14 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len);
void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
int atrtype, void *data);
-int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
+int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr);
ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
int EVP_PKEY_get_attr_count(const EVP_PKEY *key);
int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,
int lastpos);
-int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
+int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj,
int lastpos);
X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);
X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);
@@ -1255,18 +1300,17 @@ PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a, const unsi
int i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **out);
extern const ASN1_ITEM PKCS8_PRIV_KEY_INFO_it;
-EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
+EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8);
PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
-PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
-int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
- int version, int ptype, void *pval,
- unsigned char *penc, int penclen);
-int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
- const unsigned char **pk, int *ppklen,
- X509_ALGOR **pa,
- PKCS8_PRIV_KEY_INFO *p8);
+int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version,
+ int ptype, void *pval, unsigned char *penc, int penclen);
+int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, const unsigned char **pk,
+ int *ppklen, const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8);
+
+const STACK_OF(X509_ATTRIBUTE) *PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8);
+int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
+ const unsigned char *bytes, int len);
int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
int ptype, void *pval,
@@ -1281,13 +1325,14 @@ int X509_TRUST_get_count(void);
X509_TRUST * X509_TRUST_get0(int idx);
int X509_TRUST_get_by_id(int id);
int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
- char *name, int arg1, void *arg2);
+ const char *name, int arg1, void *arg2);
void X509_TRUST_cleanup(void);
-int X509_TRUST_get_flags(X509_TRUST *xp);
-char *X509_TRUST_get0_name(X509_TRUST *xp);
-int X509_TRUST_get_trust(X509_TRUST *xp);
+int X509_TRUST_get_flags(const X509_TRUST *xp);
+char *X509_TRUST_get0_name(const X509_TRUST *xp);
+int X509_TRUST_get_trust(const X509_TRUST *xp);
int X509_up_ref(X509 *x);
+STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/libressl/include/openssl/x509_vfy.h b/libressl/include/openssl/x509_vfy.h
index b58d49d2..c5eae9d3 100644
--- a/libressl/include/openssl/x509_vfy.h
+++ b/libressl/include/openssl/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.18 2016/12/21 15:15:45 jsing Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.30 2018/08/24 19:21:09 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -134,17 +134,16 @@ typedef struct x509_lookup_method_st
void (*free)(X509_LOOKUP *ctx);
int (*init)(X509_LOOKUP *ctx);
int (*shutdown)(X509_LOOKUP *ctx);
- int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,
- char **ret);
- int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,
- X509_OBJECT *ret);
- int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,
- ASN1_INTEGER *serial,X509_OBJECT *ret);
- int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
- unsigned char *bytes,int len,
- X509_OBJECT *ret);
- int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
- X509_OBJECT *ret);
+ int (*ctrl)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+ char **ret);
+ int (*get_by_subject)(X509_LOOKUP *ctx, int type, X509_NAME *name,
+ X509_OBJECT *ret);
+ int (*get_by_issuer_serial)(X509_LOOKUP *ctx, int type, X509_NAME *name,
+ ASN1_INTEGER *serial,X509_OBJECT *ret);
+ int (*get_by_fingerprint)(X509_LOOKUP *ctx, int type,
+ const unsigned char *bytes, int len, X509_OBJECT *ret);
+ int (*get_by_alias)(X509_LOOKUP *ctx, int type, const char *str,
+ int len, X509_OBJECT *ret);
} X509_LOOKUP_METHOD;
typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID;
@@ -424,17 +423,30 @@ int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
X509_NAME *name);
X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name);
X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);
-void X509_OBJECT_up_ref_count(X509_OBJECT *a);
+int X509_OBJECT_up_ref_count(X509_OBJECT *a);
+int X509_OBJECT_get_type(const X509_OBJECT *a);
void X509_OBJECT_free_contents(X509_OBJECT *a);
-X509_STORE *X509_STORE_new(void );
-void X509_STORE_free(X509_STORE *v);
+X509 *X509_OBJECT_get0_X509(const X509_OBJECT *xo);
+X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *xo);
+X509_STORE *X509_STORE_new(void);
+void X509_STORE_free(X509_STORE *v);
+int X509_STORE_up_ref(X509_STORE *x);
STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *xs);
+void *X509_STORE_get_ex_data(X509_STORE *xs, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+
+#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
+ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, (l), (p), \
+ (newf), (dupf), (freef))
+
int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
int X509_STORE_set_trust(X509_STORE *ctx, int trust);
int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
void X509_STORE_set_verify_cb(X509_STORE *ctx,
int (*verify_cb)(int, X509_STORE_CTX *));
@@ -446,7 +458,13 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
X509 *x509, STACK_OF(X509) *chain);
+X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
+STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *xs);
+X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *xs);
+STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
@@ -477,8 +495,8 @@ int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
ASN1_INTEGER *serial, X509_OBJECT *ret);
int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
- unsigned char *bytes, int len, X509_OBJECT *ret);
-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
+ const unsigned char *bytes, int len, X509_OBJECT *ret);
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, const char *str,
int len, X509_OBJECT *ret);
int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
@@ -512,7 +530,7 @@ void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
time_t t);
void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
int (*verify_cb)(int, X509_STORE_CTX *));
-
+
X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);
int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
@@ -542,6 +560,21 @@ int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
STACK_OF(ASN1_OBJECT) *policies);
int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, const char *name,
+ size_t namelen);
+int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, const char *name,
+ size_t namelen);
+void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
+ unsigned int flags);
+char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email,
+ size_t emaillen);
+int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip,
+ size_t iplen);
+int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);
+const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param);
+const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id);
+int X509_VERIFY_PARAM_get_count(void);
int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
diff --git a/libressl/include/openssl/x509v3.h b/libressl/include/openssl/x509v3.h
index f0544be6..5d6c5887 100644
--- a/libressl/include/openssl/x509v3.h
+++ b/libressl/include/openssl/x509v3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509v3.h,v 1.21.4.1 2017/07/05 15:20:10 jsing Exp $ */
+/* $OpenBSD: x509v3.h,v 1.30 2018/05/19 10:50:08 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@@ -121,9 +121,9 @@ void *usr_data; /* Any extension specific data */
};
typedef struct X509V3_CONF_METHOD_st {
-char * (*get_string)(void *db, char *section, char *value);
-STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
-void (*free_string)(void *db, char * string);
+char *(*get_string)(void *db, const char *section, const char *value);
+STACK_OF(CONF_VALUE) *(*get_section)(void *db, const char *section);
+void (*free_string)(void *db, char *string);
void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
} X509V3_CONF_METHOD;
@@ -524,11 +524,14 @@ SXNETID *d2i_SXNETID(SXNETID **a, const unsigned char **in, long len);
int i2d_SXNETID(SXNETID *a, unsigned char **out);
extern const ASN1_ITEM SXNETID_it;
-int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen);
-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen);
-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen);
+int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user,
+ int userlen);
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
+ int userlen);
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user,
+ int userlen);
-ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone);
ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
@@ -592,15 +595,17 @@ int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen,
ASN1_OBJECT **poid, ASN1_TYPE **pvalue);
-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
-ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+ const ASN1_OCTET_STRING *ia5);
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, const char *str);
EXTENDED_KEY_USAGE *EXTENDED_KEY_USAGE_new(void);
void EXTENDED_KEY_USAGE_free(EXTENDED_KEY_USAGE *a);
EXTENDED_KEY_USAGE *d2i_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE **a, const unsigned char **in, long len);
int i2d_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE *a, unsigned char **out);
extern const ASN1_ITEM EXTENDED_KEY_USAGE_it;
-int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);
+int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION* a);
CERTIFICATEPOLICIES *CERTIFICATEPOLICIES_new(void);
void CERTIFICATEPOLICIES_free(CERTIFICATEPOLICIES *a);
@@ -683,7 +688,7 @@ extern const ASN1_ITEM POLICY_CONSTRAINTS_it;
GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
- int gen_type, char *value, int is_nc);
+ int gen_type, const char *value, int is_nc);
#ifdef HEADER_CONF_H
GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
@@ -693,34 +698,41 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
void X509V3_conf_free(CONF_VALUE *val);
-X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+ const char *value);
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
+ const char *value);
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
+ STACK_OF(X509_EXTENSION) **sk);
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+ X509 *cert);
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+ X509_REQ *req);
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+ X509_CRL *crl);
X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- int ext_nid, char *value);
+ int ext_nid, const char *value);
X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- char *name, char *value);
+ const char *name, const char *value);
int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- char *section, X509 *cert);
+ const char *section, X509 *cert);
int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- char *section, X509_REQ *req);
+ const char *section, X509_REQ *req);
int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- char *section, X509_CRL *crl);
+ const char *section, X509_CRL *crl);
-int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
STACK_OF(CONF_VALUE) **extlist);
-int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
-int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool);
+int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint);
void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
#endif
-char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
-STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
+char *X509V3_get_string(X509V3_CTX *ctx, const char *name,
+ const char *section);
+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section);
void X509V3_string_free(X509V3_CTX *ctx, char *str);
void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
@@ -732,12 +744,13 @@ int X509V3_add_value_uchar(const char *name, const unsigned char *value,
STACK_OF(CONF_VALUE) **extlist);
int X509V3_add_value_bool(const char *name, int asn1_bool,
STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
+int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
STACK_OF(CONF_VALUE) **extlist);
-char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
-ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
-char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
-char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint);
+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value);
+char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint);
+char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth,
+ const ASN1_ENUMERATED *aint);
int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
int X509V3_EXT_add_alias(int nid_to, int nid_from);
@@ -748,7 +761,8 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
int X509V3_add_standard_extensions(void);
STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
void *X509V3_EXT_d2i(X509_EXTENSION *ext);
-void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
+void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+ int *idx);
X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
@@ -763,7 +777,8 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
-int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
+int X509V3_extensions_print(BIO *out, const char *title,
+ const STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
int X509_check_ca(X509 *x);
int X509_check_purpose(X509 *x, int id, int ca);
@@ -773,16 +788,16 @@ int X509_check_issued(X509 *issuer, X509 *subject);
int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
int X509_PURPOSE_get_count(void);
X509_PURPOSE * X509_PURPOSE_get0(int idx);
-int X509_PURPOSE_get_by_sname(char *sname);
+int X509_PURPOSE_get_by_sname(const char *sname);
int X509_PURPOSE_get_by_id(int id);
int X509_PURPOSE_add(int id, int trust, int flags,
int (*ck)(const X509_PURPOSE *, const X509 *, int),
- char *name, char *sname, void *arg);
-char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);
-char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);
-int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
+ const char *name, const char *sname, void *arg);
+char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp);
+char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp);
+int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
void X509_PURPOSE_cleanup(void);
-int X509_PURPOSE_get_id(X509_PURPOSE *);
+int X509_PURPOSE_get_id(const X509_PURPOSE *);
STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
diff --git a/libressl/include/tls.h b/libressl/include/tls.h
index 1292cb6e..e4829699 100644
--- a/libressl/include/tls.h
+++ b/libressl/include/tls.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.h,v 1.47 2017/01/31 16:18:57 beck Exp $ */
+/* $OpenBSD: tls.h,v 1.55 2018/11/29 14:24:23 tedu Exp $ */
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
*
@@ -34,7 +34,7 @@ typedef SSIZE_T ssize_t;
#include <stddef.h>
#include <stdint.h>
-#define TLS_API 20170126
+#define TLS_API 20180210
#define TLS_PROTOCOL_TLSv1_0 (1 << 1)
#define TLS_PROTOCOL_TLSv1_1 (1 << 2)
@@ -92,6 +92,8 @@ const char *tls_error(struct tls *_ctx);
struct tls_config *tls_config_new(void);
void tls_config_free(struct tls_config *_config);
+const char *tls_default_ca_cert_file(void);
+
int tls_config_add_keypair_file(struct tls_config *_config,
const char *_cert_file, const char *_key_file);
int tls_config_add_keypair_mem(struct tls_config *_config, const uint8_t *_cert,
@@ -112,8 +114,12 @@ int tls_config_set_cert_file(struct tls_config *_config,
int tls_config_set_cert_mem(struct tls_config *_config, const uint8_t *_cert,
size_t _len);
int tls_config_set_ciphers(struct tls_config *_config, const char *_ciphers);
+int tls_config_set_crl_file(struct tls_config *_config, const char *_crl_file);
+int tls_config_set_crl_mem(struct tls_config *_config, const uint8_t *_crl,
+ size_t _len);
int tls_config_set_dheparams(struct tls_config *_config, const char *_params);
-int tls_config_set_ecdhecurve(struct tls_config *_config, const char *_name);
+int tls_config_set_ecdhecurve(struct tls_config *_config, const char *_curve);
+int tls_config_set_ecdhecurves(struct tls_config *_config, const char *_curves);
int tls_config_set_key_file(struct tls_config *_config, const char *_key_file);
int tls_config_set_key_mem(struct tls_config *_config, const uint8_t *_key,
size_t _len);
@@ -131,6 +137,7 @@ int tls_config_set_ocsp_staple_mem(struct tls_config *_config,
int tls_config_set_ocsp_staple_file(struct tls_config *_config,
const char *_staple_file);
int tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols);
+int tls_config_set_session_fd(struct tls_config *_config, int _session_fd);
int tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth);
void tls_config_prefer_ciphers_client(struct tls_config *_config);
@@ -186,13 +193,16 @@ const char *tls_peer_cert_issuer(struct tls *_ctx);
const char *tls_peer_cert_subject(struct tls *_ctx);
time_t tls_peer_cert_notbefore(struct tls *_ctx);
time_t tls_peer_cert_notafter(struct tls *_ctx);
+const uint8_t *tls_peer_cert_chain_pem(struct tls *_ctx, size_t *_len);
const char *tls_conn_alpn_selected(struct tls *_ctx);
const char *tls_conn_cipher(struct tls *_ctx);
const char *tls_conn_servername(struct tls *_ctx);
+int tls_conn_session_resumed(struct tls *_ctx);
const char *tls_conn_version(struct tls *_ctx);
uint8_t *tls_load_file(const char *_file, size_t *_len, char *_password);
+void tls_unload_file(uint8_t *_buf, size_t len);
int tls_ocsp_process_response(struct tls *_ctx, const unsigned char *_response,
size_t _size);