diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/aes_platform.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/aes_platform.h index 87c35255..e641450b 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/aes_platform.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/aes_platform.h @@ -90,7 +90,7 @@ void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); # endif /* OPENSSL_SYS_AIX || OPENSSL_SYS_MACOSX */ # endif /* PPC */ -# if (defined(__arm__) || defined(__arm) || defined(__aarch64__)) +# if (defined(__arm__) || defined(__arm) || defined(__aarch64__) || defined(_M_ARM64)) # include "arm_arch.h" # if __ARM_MAX_ARCH__>=7 # if defined(BSAES_ASM) @@ -106,7 +106,7 @@ void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); # define HWAES_decrypt aes_v8_decrypt # define HWAES_cbc_encrypt aes_v8_cbc_encrypt # define HWAES_ecb_encrypt aes_v8_ecb_encrypt -# if __ARM_MAX_ARCH__>=8 && defined(__aarch64__) +# if __ARM_MAX_ARCH__>=8 && (defined(__aarch64__) || defined(_M_ARM64)) # define HWAES_xts_encrypt aes_v8_xts_encrypt # define HWAES_xts_decrypt aes_v8_xts_decrypt # endif @@ -114,36 +114,36 @@ void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); # define AES_PMULL_CAPABLE ((OPENSSL_armcap_P & ARMV8_PMULL) && (OPENSSL_armcap_P & ARMV8_AES)) # define AES_GCM_ENC_BYTES 512 # define AES_GCM_DEC_BYTES 512 -# if __ARM_MAX_ARCH__>=8 && defined(__aarch64__) +# if __ARM_MAX_ARCH__>=8 && (defined(__aarch64__) || defined(_M_ARM64)) # define AES_gcm_encrypt armv8_aes_gcm_encrypt # define AES_gcm_decrypt armv8_aes_gcm_decrypt # define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_v8_ctr32_encrypt_blocks && \ (gctx)->gcm.funcs.ghash==gcm_ghash_v8) /* The [unroll8_eor3_]aes_gcm_(enc|dec)_(128|192|256)_kernel() functions * take input length in BITS and return number of BYTES processed */ -size_t aes_gcm_enc_128_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext, +size_t aes_gcm_enc_128_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t aes_gcm_enc_192_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext, +size_t aes_gcm_enc_192_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t aes_gcm_enc_256_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext, +size_t aes_gcm_enc_256_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t aes_gcm_dec_128_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext, +size_t aes_gcm_dec_128_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t aes_gcm_dec_192_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext, +size_t aes_gcm_dec_192_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t aes_gcm_dec_256_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext, +size_t aes_gcm_dec_256_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t unroll8_eor3_aes_gcm_enc_128_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext, +size_t unroll8_eor3_aes_gcm_enc_128_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t unroll8_eor3_aes_gcm_enc_192_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext, +size_t unroll8_eor3_aes_gcm_enc_192_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t unroll8_eor3_aes_gcm_enc_256_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext, +size_t unroll8_eor3_aes_gcm_enc_256_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t unroll8_eor3_aes_gcm_dec_128_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext, +size_t unroll8_eor3_aes_gcm_dec_128_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t unroll8_eor3_aes_gcm_dec_192_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext, +size_t unroll8_eor3_aes_gcm_dec_192_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t unroll8_eor3_aes_gcm_dec_256_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext, +size_t unroll8_eor3_aes_gcm_dec_256_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, uint64_t *Xi, unsigned char ivec[16], const void *key); size_t armv8_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, unsigned char ivec[16], u64 *Xi); @@ -434,7 +434,6 @@ void aes256_t4_xts_decrypt(const unsigned char *in, unsigned char *out, # elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64 /* RISC-V 64 support */ # include "riscv_arch.h" -# define RV64I_ZKND_ZKNE_CAPABLE (RISCV_HAS_ZKND() && RISCV_HAS_ZKNE()) int rv64i_zkne_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key); @@ -447,8 +446,6 @@ void rv64i_zknd_decrypt(const unsigned char *in, unsigned char *out, # elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32 /* RISC-V 32 support */ # include "riscv_arch.h" -# define RV32I_ZKND_ZKNE_CAPABLE (RISCV_HAS_ZKND() && RISCV_HAS_ZKNE()) -# define RV32I_ZBKB_ZKND_ZKNE_CAPABLE (RV32I_ZKND_ZKNE_CAPABLE && RISCV_HAS_ZBKB()) int rv32i_zkne_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/asn1.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/asn1.h index ec76ae6f..36af1d76 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/asn1.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/asn1.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -142,8 +142,12 @@ X509_ALGOR *ossl_x509_algor_mgf1_decode(X509_ALGOR *alg); int ossl_x509_algor_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md); int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags); -EVP_PKEY * ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, - const unsigned char **pp, long length, - OSSL_LIB_CTX *libctx, const char *propq); +EVP_PKEY *ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, + const unsigned char **pp, long length, + OSSL_LIB_CTX *libctx, const char *propq); +X509_ALGOR *ossl_X509_ALGOR_from_nid(int nid, int ptype, void *pval); + +time_t ossl_asn1_string_to_time_t(const char *asn1_string); +void ossl_asn1_string_set_bits_left(ASN1_STRING *str, unsigned int num); #endif /* ndef OSSL_CRYPTO_ASN1_H */ diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/bioerr.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/bioerr.h index a0c06099..e38b981a 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/bioerr.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/bioerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/bn.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/bn.h index 00544d9d..33f979ce 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/bn.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/bn.h @@ -116,4 +116,13 @@ OSSL_LIB_CTX *ossl_bn_get_libctx(BN_CTX *ctx); extern const BIGNUM ossl_bn_inv_sqrt_2; +#if defined(OPENSSL_SYS_LINUX) && !defined(FIPS_MODULE) && defined (__s390x__) +# define S390X_MOD_EXP +#endif + +int s390x_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int s390x_crt(BIGNUM *r, const BIGNUM *i, const BIGNUM *p, const BIGNUM *q, + const BIGNUM *dmp, const BIGNUM *dmq, const BIGNUM *iqmp); + #endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/cmserr.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/cmserr.h index 1de2f9c7..a7fcf11f 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/cmserr.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/cmserr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/context.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/context.h index 8ad16834..7369a730 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/context.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/context.h @@ -24,6 +24,9 @@ void *ossl_rand_crng_ctx_new(OSSL_LIB_CTX *); int ossl_thread_register_fips(OSSL_LIB_CTX *); void *ossl_thread_event_ctx_new(OSSL_LIB_CTX *); void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *); +#if defined(OPENSSL_THREADS) +void *ossl_threads_ctx_new(OSSL_LIB_CTX *); +#endif void ossl_provider_store_free(void *); void ossl_property_string_data_free(void *); @@ -40,3 +43,6 @@ void ossl_rand_crng_ctx_free(void *); void ossl_thread_event_ctx_free(void *); void ossl_fips_prov_ossl_ctx_free(void *); void ossl_release_default_drbg_ctx(void); +#if defined(OPENSSL_THREADS) +void ossl_threads_ctx_free(void *); +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/decoder.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/decoder.h index 6b5ee56a..a0d5de65 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/decoder.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/decoder.h @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,16 +25,16 @@ void *ossl_decoder_from_algorithm(int id, const OSSL_ALGORITHM *algodef, OSSL_DECODER_INSTANCE * ossl_decoder_instance_new(OSSL_DECODER *decoder, void *decoderctx); void ossl_decoder_instance_free(OSSL_DECODER_INSTANCE *decoder_inst); +OSSL_DECODER_INSTANCE *ossl_decoder_instance_dup(const OSSL_DECODER_INSTANCE *src); int ossl_decoder_ctx_add_decoder_inst(OSSL_DECODER_CTX *ctx, OSSL_DECODER_INSTANCE *di); -int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx, - EVP_PKEY **pkey, const char *keytype, - OSSL_LIB_CTX *libctx, - const char *propquery); - int ossl_decoder_get_number(const OSSL_DECODER *encoder); int ossl_decoder_store_cache_flush(OSSL_LIB_CTX *libctx); int ossl_decoder_store_remove_all_provided(const OSSL_PROVIDER *prov); +void *ossl_decoder_cache_new(OSSL_LIB_CTX *ctx); +void ossl_decoder_cache_free(void *vcache); +int ossl_decoder_cache_flush(OSSL_LIB_CTX *libctx); + #endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/dherr.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/dherr.h index bb24d131..519327f7 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/dherr.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/dherr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/dsa.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/dsa.h index 260c30fa..85d92a18 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/dsa.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/dsa.h @@ -26,7 +26,9 @@ int ossl_dsa_generate_ffc_parameters(DSA *dsa, int type, int pbits, int qbits, BN_GENCB *cb); int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen, - unsigned char *sig, unsigned int *siglen, DSA *dsa); + unsigned char *sig, unsigned int *siglen, DSA *dsa, + unsigned int nonce_type, const char *digestname, + OSSL_LIB_CTX *libctx, const char *propq); FFC_PARAMS *ossl_dsa_get0_params(DSA *dsa); int ossl_dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[]); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/ec.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/ec.h index 62163b31..da85a7bd 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/ec.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/ec.h @@ -95,6 +95,12 @@ char *ossl_ec_pt_format_id2name(int id); char *ossl_ec_check_group_type_id2name(int flags); int ossl_ec_set_check_group_type_from_name(EC_KEY *ec, const char *name); - +int ossl_ec_generate_key_dhkem(EC_KEY *eckey, + const unsigned char *ikm, size_t ikmlen); +int ossl_ecdsa_deterministic_sign(const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, + EC_KEY *eckey, unsigned int nonce_type, + const char *digestname, + OSSL_LIB_CTX *libctx, const char *propq); # endif /* OPENSSL_NO_EC */ #endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/ecx.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/ecx.h index 48b95fa5..f35b875f 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/ecx.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/ecx.h @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,7 +15,7 @@ # include -# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX # include # include @@ -72,7 +72,6 @@ struct ecx_key_st { size_t keylen; ECX_KEY_TYPE type; CRYPTO_REF_COUNT references; - CRYPTO_RWLOCK *lock; }; size_t ossl_ecx_key_length(ECX_KEY_TYPE type); @@ -83,6 +82,9 @@ unsigned char *ossl_ecx_key_allocate_privkey(ECX_KEY *key); void ossl_ecx_key_free(ECX_KEY *key); int ossl_ecx_key_up_ref(ECX_KEY *key); ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key, int selection); +int ossl_ecx_compute_key(ECX_KEY *peer, ECX_KEY *priv, size_t keylen, + unsigned char *secret, size_t *secretlen, + size_t outlen); int ossl_x25519(uint8_t out_shared_key[32], const uint8_t private_key[32], const uint8_t peer_public_value[32]); @@ -94,27 +96,33 @@ ossl_ed25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32], const uint8_t private_key[32], const char *propq); int -ossl_ed25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, +ossl_ed25519_sign(uint8_t *out_sig, const uint8_t *tbs, size_t tbs_len, const uint8_t public_key[32], const uint8_t private_key[32], + const uint8_t dom2flag, const uint8_t phflag, const uint8_t csflag, + const uint8_t *context, size_t context_len, OSSL_LIB_CTX *libctx, const char *propq); int -ossl_ed25519_verify(const uint8_t *message, size_t message_len, +ossl_ed25519_verify(const uint8_t *tbs, size_t tbs_len, const uint8_t signature[64], const uint8_t public_key[32], + const uint8_t dom2flag, const uint8_t phflag, const uint8_t csflag, + const uint8_t *context, size_t context_len, OSSL_LIB_CTX *libctx, const char *propq); - int ossl_ed448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57], const uint8_t private_key[57], const char *propq); int -ossl_ed448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message, - size_t message_len, const uint8_t public_key[57], - const uint8_t private_key[57], const uint8_t *context, - size_t context_len, const char *propq); +ossl_ed448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, + const uint8_t *message, size_t message_len, + const uint8_t public_key[57], const uint8_t private_key[57], + const uint8_t *context, size_t context_len, + const uint8_t phflag, const char *propq); int -ossl_ed448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len, +ossl_ed448_verify(OSSL_LIB_CTX *ctx, + const uint8_t *message, size_t message_len, const uint8_t signature[114], const uint8_t public_key[57], - const uint8_t *context, size_t context_len, const char *propq); + const uint8_t *context, size_t context_len, + const uint8_t phflag, const char *propq); int ossl_x448(uint8_t out_shared_key[56], const uint8_t private_key[56], @@ -146,5 +154,5 @@ ECX_KEY *ossl_evp_pkey_get1_X25519(EVP_PKEY *pkey); ECX_KEY *ossl_evp_pkey_get1_X448(EVP_PKEY *pkey); ECX_KEY *ossl_evp_pkey_get1_ED25519(EVP_PKEY *pkey); ECX_KEY *ossl_evp_pkey_get1_ED448(EVP_PKEY *pkey); -# endif /* OPENSSL_NO_EC */ +# endif /* OPENSSL_NO_ECX */ #endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/encoder.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/encoder.h index 5c53bbea..6240438d 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/encoder.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/encoder.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/evp.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/evp.h index a0fff7fd..34cea2f9 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/evp.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/evp.h @@ -16,11 +16,21 @@ # include "internal/refcount.h" # include "crypto/ecx.h" +/* + * Default PKCS5 PBE KDF salt lengths + * In RFC 8018, PBE1 uses 8 bytes (64 bits) for its salt length. + * It also specifies to use at least 8 bytes for PBES2. + * The NIST requirement for PBKDF2 is 128 bits so we use this as the + * default for PBE2 (scrypt and HKDF2) + */ +# define PKCS5_DEFAULT_PBE1_SALT_LEN PKCS5_SALT_LEN +# define PKCS5_DEFAULT_PBE2_SALT_LEN 16 /* * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag * values in evp.h */ #define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400 +#define EVP_MD_CTX_FLAG_FINALISED 0x0800 #define evp_pkey_ctx_is_legacy(ctx) \ ((ctx)->keymgmt == NULL) @@ -203,7 +213,6 @@ struct evp_mac_st { const char *description; CRYPTO_REF_COUNT refcnt; - CRYPTO_RWLOCK *lock; OSSL_FUNC_mac_newctx_fn *newctx; OSSL_FUNC_mac_dupctx_fn *dupctx; @@ -225,7 +234,6 @@ struct evp_kdf_st { char *type_name; const char *description; CRYPTO_REF_COUNT refcnt; - CRYPTO_RWLOCK *lock; OSSL_FUNC_kdf_newctx_fn *newctx; OSSL_FUNC_kdf_dupctx_fn *dupctx; @@ -270,7 +278,6 @@ struct evp_md_st { const char *description; OSSL_PROVIDER *prov; CRYPTO_REF_COUNT refcnt; - CRYPTO_RWLOCK *lock; OSSL_FUNC_digest_newctx_fn *newctx; OSSL_FUNC_digest_init_fn *dinit; OSSL_FUNC_digest_update_fn *dupdate; @@ -326,7 +333,6 @@ struct evp_cipher_st { const char *description; OSSL_PROVIDER *prov; CRYPTO_REF_COUNT refcnt; - CRYPTO_RWLOCK *lock; OSSL_FUNC_cipher_newctx_fn *newctx; OSSL_FUNC_cipher_encrypt_init_fn *einit; OSSL_FUNC_cipher_decrypt_init_fn *dinit; @@ -646,7 +652,9 @@ union legacy_pkey_st { # endif # ifndef OPENSSL_NO_EC struct ec_key_st *ec; /* ECC */ +# ifndef OPENSSL_NO_ECX ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */ +# endif # endif }; @@ -784,7 +792,7 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, int selection); -int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking); +int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk); int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, void *keydata, int selection); void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk); @@ -813,7 +821,7 @@ int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt, void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection, const OSSL_PARAM params[]); int evp_keymgmt_gen_set_template(const EVP_KEYMGMT *keymgmt, void *genctx, - void *template); + void *templ); int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx, const OSSL_PARAM params[]); void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx, @@ -892,10 +900,6 @@ EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id, int evp_pkey_name2type(const char *name); const char *evp_pkey_type2name(int type); -int evp_pkey_ctx_set1_id_prov(EVP_PKEY_CTX *ctx, const void *id, int len); -int evp_pkey_ctx_get1_id_prov(EVP_PKEY_CTX *ctx, void *id); -int evp_pkey_ctx_get1_id_len_prov(EVP_PKEY_CTX *ctx, size_t *id_len); - int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx); # endif /* !defined(FIPS_MODULE) */ @@ -959,4 +963,8 @@ void evp_rand_clear_seed(EVP_RAND_CTX *ctx, unsigned char *buffer, size_t b_len); int evp_signature_get_number(const EVP_SIGNATURE *signature); +int evp_pkey_decrypt_alloc(EVP_PKEY_CTX *ctx, unsigned char **outp, + size_t *outlenp, size_t expected_outlen, + const unsigned char *in, size_t inlen); + #endif /* OSSL_CRYPTO_EVP_H */ diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/evperr.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/evperr.h index d90ba83f..4a001107 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/evperr.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/evperr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/md32_common.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/md32_common.h index 966e2684..46214f32 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/md32_common.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/md32_common.h @@ -63,37 +63,41 @@ * #define HASH_BLOCK_DATA_ORDER md5_block_data_order */ -#include +#ifndef OSSL_CRYPTO_MD32_COMMON_H +# define OSSL_CRYPTO_MD32_COMMON_H +# pragma once -#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) -# error "DATA_ORDER must be defined!" -#endif +# include -#ifndef HASH_CBLOCK -# error "HASH_CBLOCK must be defined!" -#endif -#ifndef HASH_LONG -# error "HASH_LONG must be defined!" -#endif -#ifndef HASH_CTX -# error "HASH_CTX must be defined!" -#endif +# if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) +# error "DATA_ORDER must be defined!" +# endif -#ifndef HASH_UPDATE -# error "HASH_UPDATE must be defined!" -#endif -#ifndef HASH_TRANSFORM -# error "HASH_TRANSFORM must be defined!" -#endif -#ifndef HASH_FINAL -# error "HASH_FINAL must be defined!" -#endif +# ifndef HASH_CBLOCK +# error "HASH_CBLOCK must be defined!" +# endif +# ifndef HASH_LONG +# error "HASH_LONG must be defined!" +# endif +# ifndef HASH_CTX +# error "HASH_CTX must be defined!" +# endif -#ifndef HASH_BLOCK_DATA_ORDER -# error "HASH_BLOCK_DATA_ORDER must be defined!" -#endif +# ifndef HASH_UPDATE +# error "HASH_UPDATE must be defined!" +# endif +# ifndef HASH_TRANSFORM +# error "HASH_TRANSFORM must be defined!" +# endif +# ifndef HASH_FINAL +# error "HASH_FINAL must be defined!" +# endif -#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) +# ifndef HASH_BLOCK_DATA_ORDER +# error "HASH_BLOCK_DATA_ORDER must be defined!" +# endif + +# define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) #ifndef PEDANTIC # if defined(__GNUC__) && __GNUC__>=2 && \ @@ -117,31 +121,31 @@ # endif #endif -#if defined(DATA_ORDER_IS_BIG_ENDIAN) +# if defined(DATA_ORDER_IS_BIG_ENDIAN) -# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ +# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ l|=(((unsigned long)(*((c)++)))<<16), \ l|=(((unsigned long)(*((c)++)))<< 8), \ l|=(((unsigned long)(*((c)++))) ) ) -# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ +# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ *((c)++)=(unsigned char)(((l) )&0xff), \ l) -#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) +# elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) -# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ +# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ l|=(((unsigned long)(*((c)++)))<< 8), \ l|=(((unsigned long)(*((c)++)))<<16), \ l|=(((unsigned long)(*((c)++)))<<24) ) -# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ +# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ *((c)++)=(unsigned char)(((l)>>24)&0xff), \ l) -#endif +# endif /* * Time for some action :-) @@ -226,30 +230,30 @@ int HASH_FINAL(unsigned char *md, HASH_CTX *c) memset(p + n, 0, HASH_CBLOCK - 8 - n); p += HASH_CBLOCK - 8; -#if defined(DATA_ORDER_IS_BIG_ENDIAN) +# if defined(DATA_ORDER_IS_BIG_ENDIAN) (void)HOST_l2c(c->Nh, p); (void)HOST_l2c(c->Nl, p); -#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) +# elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) (void)HOST_l2c(c->Nl, p); (void)HOST_l2c(c->Nh, p); -#endif +# endif p -= HASH_CBLOCK; HASH_BLOCK_DATA_ORDER(c, p, 1); c->num = 0; OPENSSL_cleanse(p, HASH_CBLOCK); -#ifndef HASH_MAKE_STRING -# error "HASH_MAKE_STRING must be defined!" -#else +# ifndef HASH_MAKE_STRING +# error "HASH_MAKE_STRING must be defined!" +# else HASH_MAKE_STRING(c, md); -#endif +# endif return 1; } -#ifndef MD32_REG_T -# if defined(__alpha) || defined(__sparcv9) || defined(__mips) -# define MD32_REG_T long +# ifndef MD32_REG_T +# if defined(__alpha) || defined(__sparcv9) || defined(__mips) +# define MD32_REG_T long /* * This comment was originally written for MD5, which is why it * discusses A-D. But it basically applies to all 32-bit digests, @@ -266,13 +270,15 @@ int HASH_FINAL(unsigned char *md, HASH_CTX *c) * Well, to be honest it should say that this *prevents* * performance degradation. */ -# else +# else /* * Above is not absolute and there are LP64 compilers that * generate better code if MD32_REG_T is defined int. The above * pre-processor condition reflects the circumstances under which * the conclusion was made and is subject to further extension. */ -# define MD32_REG_T int +# define MD32_REG_T int +# endif # endif + #endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/modes.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/modes.h index 573e1197..d03ca83d 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/modes.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/modes.h @@ -138,6 +138,12 @@ struct gcm128_context { #endif }; +/* GHASH functions */ +void ossl_gcm_init_4bit(u128 Htable[16], const u64 H[2]); +void ossl_gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], + const u8 *inp, size_t len); +void ossl_gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]); + /* * The maximum permitted number of cipher blocks per data unit in XTS mode. * Reference IEEE Std 1619-2018. @@ -149,6 +155,12 @@ struct xts128_context { block128_f block1, block2; }; +/* XTS mode for SM4 algorithm specified by GB/T 17964-2021 */ +int ossl_crypto_xts128gb_encrypt(const XTS128_CONTEXT *ctx, + const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, + size_t len, int enc); + struct ccm128_context { union { u64 u[2]; diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/pkcs12err.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/pkcs12err.h index 662f412e..114971c6 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/pkcs12err.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/pkcs12err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/punycode.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/punycode.h index 4c6e49f5..2e1c85c1 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/punycode.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/punycode.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,6 +22,4 @@ int ossl_punycode_decode ( int ossl_a2ulabel(const char *in, char *out, size_t outlen); -int ossl_a2ucompare(const char *a, const char *u); - #endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/rand.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/rand.h index 215b3b7a..d375c2f9 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/rand.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/rand.h @@ -140,4 +140,15 @@ EVP_RAND_CTX *ossl_rand_get0_private_noncreating(OSSL_LIB_CTX *ctx); # else EVP_RAND_CTX *ossl_rand_get0_seed_noncreating(OSSL_LIB_CTX *ctx); # endif + +/* Generate a uniformly distributed random integer in the interval [0, upper) */ +uint32_t ossl_rand_uniform_uint32(OSSL_LIB_CTX *ctx, uint32_t upper, int *err); + +/* + * Generate a uniformly distributed random integer in the interval + * [lower, upper). + */ +uint32_t ossl_rand_range_uint32(OSSL_LIB_CTX *ctx, uint32_t lower, uint32_t upper, + int *err); + #endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/riscv_arch.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/riscv_arch.h index 89a40bea..95185841 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/riscv_arch.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/riscv_arch.h @@ -1,5 +1,5 @@ /* - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -56,4 +56,9 @@ static const size_t kRISCVNumCaps = # include "riscv_arch.def" ; +/* Extension combination tests. */ +#define RISCV_HAS_ZBB_AND_ZBC() (RISCV_HAS_ZBB() && RISCV_HAS_ZBC()) +#define RISCV_HAS_ZBKB_AND_ZKND_AND_ZKNE() (RISCV_HAS_ZBKB() && RISCV_HAS_ZKND() && RISCV_HAS_ZKNE()) +#define RISCV_HAS_ZKND_AND_ZKNE() (RISCV_HAS_ZKND() && RISCV_HAS_ZKNE()) + #endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/rsa.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/rsa.h index 949873d0..8eddc168 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/rsa.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/rsa.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -34,8 +34,6 @@ int ossl_rsa_pss_params_30_copy(RSA_PSS_PARAMS_30 *to, int ossl_rsa_pss_params_30_is_unrestricted(const RSA_PSS_PARAMS_30 *rsa_pss_params); int ossl_rsa_pss_params_30_set_hashalg(RSA_PSS_PARAMS_30 *rsa_pss_params, int hashalg_nid); -int ossl_rsa_pss_params_30_set_maskgenalg(RSA_PSS_PARAMS_30 *rsa_pss_params, - int maskgenalg_nid); int ossl_rsa_pss_params_30_set_maskgenhashalg(RSA_PSS_PARAMS_30 *rsa_pss_params, int maskgenhashalg_nid); int ossl_rsa_pss_params_30_set_saltlen(RSA_PSS_PARAMS_30 *rsa_pss_params, @@ -83,6 +81,10 @@ int ossl_rsa_param_decode(RSA *rsa, const X509_ALGOR *alg); RSA *ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, OSSL_LIB_CTX *libctx, const char *propq); +int ossl_rsa_padding_check_PKCS1_type_2(OSSL_LIB_CTX *ctx, + unsigned char *to, int tlen, + const unsigned char *from, int flen, + int num, unsigned char *kdk); int ossl_rsa_padding_check_PKCS1_type_2_TLS(OSSL_LIB_CTX *ctx, unsigned char *to, size_t tlen, const unsigned char *from, diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/sha.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/sha.h index 64305d17..99bcf0ff 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/sha.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/sha.h @@ -1,5 +1,5 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -14,6 +14,7 @@ # include +int ossl_sha256_192_init(SHA256_CTX *c); int sha512_224_init(SHA512_CTX *); int sha512_256_init(SHA512_CTX *); int ossl_sha1_ctrl(SHA_CTX *ctx, int cmd, int mslen, void *ms); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/sm4_platform.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/sm4_platform.h index 6cc1dfa5..cc4f5142 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/sm4_platform.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/sm4_platform.h @@ -12,7 +12,7 @@ # pragma once # if defined(OPENSSL_CPUID_OBJ) -# if defined(__aarch64__) +# if defined(__aarch64__) || defined (_M_ARM64) # include "arm_arch.h" extern unsigned int OPENSSL_arm_midr; static inline int vpsm4_capable(void) @@ -21,8 +21,14 @@ static inline int vpsm4_capable(void) (MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_V1) || MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_N1)); } +static inline int vpsm4_ex_capable(void) +{ + return (OPENSSL_armcap_P & ARMV8_CPUID) && + (MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, HISI_CPU_IMP, HISI_CPU_PART_KP920)); +} # if defined(VPSM4_ASM) # define VPSM4_CAPABLE vpsm4_capable() +# define VPSM4_EX_CAPABLE vpsm4_ex_capable() # endif # define HWSM4_CAPABLE (OPENSSL_armcap_P & ARMV8_SM4) # define HWSM4_set_encrypt_key sm4_v8_set_encrypt_key @@ -53,7 +59,7 @@ void HWSM4_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, const unsigned char ivec[16]); # endif /* HWSM4_CAPABLE */ -#ifdef VPSM4_CAPABLE +# ifdef VPSM4_CAPABLE int vpsm4_set_encrypt_key(const unsigned char *userKey, SM4_KEY *key); int vpsm4_set_decrypt_key(const unsigned char *userKey, SM4_KEY *key); void vpsm4_encrypt(const unsigned char *in, unsigned char *out, @@ -69,7 +75,37 @@ void vpsm4_ecb_encrypt(const unsigned char *in, unsigned char *out, void vpsm4_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, size_t len, const void *key, const unsigned char ivec[16]); +void vpsm4_xts_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SM4_KEY *key1, const SM4_KEY *key2, + const unsigned char ivec[16], const int enc); +void vpsm4_xts_encrypt_gb(const unsigned char *in, unsigned char *out, + size_t len, const SM4_KEY *key1, const SM4_KEY *key2, + const unsigned char ivec[16], const int enc); # endif /* VPSM4_CAPABLE */ +# ifdef VPSM4_EX_CAPABLE +int vpsm4_ex_set_encrypt_key(const unsigned char *userKey, SM4_KEY *key); +int vpsm4_ex_set_decrypt_key(const unsigned char *userKey, SM4_KEY *key); +void vpsm4_ex_encrypt(const unsigned char *in, unsigned char *out, + const SM4_KEY *key); +void vpsm4_ex_decrypt(const unsigned char *in, unsigned char *out, + const SM4_KEY *key); +void vpsm4_ex_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const SM4_KEY *key, + unsigned char *ivec, const int enc); +void vpsm4_ex_ecb_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const SM4_KEY *key, + const int enc); +void vpsm4_ex_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + const unsigned char ivec[16]); +void vpsm4_ex_xts_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SM4_KEY *key1, const SM4_KEY *key2, + const unsigned char ivec[16], const int enc); +void vpsm4_ex_xts_encrypt_gb(const unsigned char *in, unsigned char *out, + size_t len, const SM4_KEY *key1, + const SM4_KEY *key2, const unsigned char ivec[16], + const int enc); +# endif /* VPSM4_EX_CAPABLE */ #endif /* OSSL_SM4_PLATFORM_H */ diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/store.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/store.h index 5645fc92..9b7be71a 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/store.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/store.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/x509.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/x509.h index 631150b7..5765b9f7 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/x509.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/x509.h @@ -278,6 +278,8 @@ struct x509_store_ctx_st { /* X509_STORE_CTX */ SSL_DANE *dane; /* signed via bare TA public key, rather than CA certificate */ int bare_ta_signed; + /* Raw Public Key */ + EVP_PKEY *rpk; OSSL_LIB_CTX *libctx; char *propq; @@ -309,7 +311,7 @@ struct x509_object_st { }; int ossl_a2i_ipadd(unsigned char *ipout, const char *ipasc); -int ossl_x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm); +int ossl_x509_set1_time(int *modified, ASN1_TIME **ptm, const ASN1_TIME *tm); int ossl_x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags); int ossl_x509v3_cache_extensions(X509 *x); int ossl_x509_init_sig_info(X509 *x); @@ -334,7 +336,8 @@ int ossl_x509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq, ASN1_OCTET_STRING *ossl_x509_pubkey_hash(X509_PUBKEY *pubkey); X509_PUBKEY *ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, - long len, OSSL_LIB_CTX *libctx); + long len, OSSL_LIB_CTX *libctx, + const char *propq); void ossl_X509_PUBKEY_INTERNAL_free(X509_PUBKEY *xpub); RSA *ossl_d2i_RSA_PSS_PUBKEY(RSA **a, const unsigned char **pp, long length); @@ -364,6 +367,7 @@ int ossl_i2d_X448_PUBKEY(const ECX_KEY *a, unsigned char **pp); # endif /* OPENSSL_NO_EC */ EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a, const unsigned char **pp, long length); +int ossl_x509_check_private_key(const EVP_PKEY *k, const EVP_PKEY *pkey); int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, size_t vallen, STACK_OF(CONF_VALUE) **extlist); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/x509err.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/x509err.h index 0a67975b..c7c7d25e 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/x509err.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/crypto/x509err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/asn1.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/asn1.h index 3143e340..36dbe0fc 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/asn1.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/asn1.h @@ -11,6 +11,8 @@ # define OSSL_INTERNAL_ASN1_H # pragma once +# include + int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); #endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/bio.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/bio.h index 547a73d0..9481f4c9 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/bio.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/bio.h @@ -27,6 +27,8 @@ struct bio_method_st { int (*create) (BIO *); int (*destroy) (BIO *); long (*callback_ctrl) (BIO *, int, BIO_info_cb *); + int (*bsendmmsg) (BIO *, BIO_MSG *, size_t, size_t, uint64_t, size_t *); + int (*brecvmmsg) (BIO *, BIO_MSG *, size_t, size_t, uint64_t, size_t *); }; void bio_free_ex_data(BIO *bio); @@ -41,16 +43,20 @@ int bread_conv(BIO *bio, char *data, size_t datal, size_t *read); # define BIO_CTRL_SET_KTLS 72 # define BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG 74 # define BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG 75 +# define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90 /* * This is used with socket BIOs: * BIO_FLAGS_KTLS_TX means we are using ktls with this BIO for sending. * BIO_FLAGS_KTLS_TX_CTRL_MSG means we are about to send a ctrl message next. * BIO_FLAGS_KTLS_RX means we are using ktls with this BIO for receiving. + * BIO_FLAGS_KTLS_TX_ZEROCOPY_SENDFILE means we are using the zerocopy mode with + * this BIO for sending using sendfile. */ # define BIO_FLAGS_KTLS_TX_CTRL_MSG 0x1000 # define BIO_FLAGS_KTLS_RX 0x2000 # define BIO_FLAGS_KTLS_TX 0x4000 +# define BIO_FLAGS_KTLS_TX_ZEROCOPY_SENDFILE 0x8000 /* KTLS related controls and flags */ # define BIO_set_ktls_flag(b, is_tx) \ @@ -63,6 +69,8 @@ int bread_conv(BIO *bio, char *data, size_t datal, size_t *read); BIO_test_flags(b, BIO_FLAGS_KTLS_TX_CTRL_MSG) # define BIO_clear_ktls_ctrl_msg_flag(b) \ BIO_clear_flags(b, BIO_FLAGS_KTLS_TX_CTRL_MSG) +# define BIO_set_ktls_zerocopy_sendfile_flag(b) \ + BIO_set_flags(b, BIO_FLAGS_KTLS_TX_ZEROCOPY_SENDFILE) # define BIO_set_ktls(b, keyblob, is_tx) \ BIO_ctrl(b, BIO_CTRL_SET_KTLS, is_tx, keyblob) @@ -70,6 +78,8 @@ int bread_conv(BIO *bio, char *data, size_t datal, size_t *read); BIO_ctrl(b, BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG, record_type, NULL) # define BIO_clear_ktls_ctrl_msg(b) \ BIO_ctrl(b, BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG, 0, NULL) +# define BIO_set_ktls_tx_zerocopy_sendfile(b) \ + BIO_ctrl(b, BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE, 0, NULL) /* Functions to allow the core to offer the CORE_BIO type to providers */ OSSL_CORE_BIO *ossl_core_bio_new_from_bio(BIO *bio); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/bio_addr.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/bio_addr.h new file mode 100644 index 00000000..a6449b7e --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/bio_addr.h @@ -0,0 +1,29 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_BIO_ADDR_H +# define OSSL_BIO_ADDR_H + +# include "internal/e_os.h" +# include "internal/sockets.h" + +# ifndef OPENSSL_NO_SOCK +union bio_addr_st { + struct sockaddr sa; +# if OPENSSL_USE_IPV6 + struct sockaddr_in6 s_in6; +# endif + struct sockaddr_in s_in; +# ifndef OPENSSL_NO_UNIX_SOCK + struct sockaddr_un s_un; +# endif +}; +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/bio_tfo.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/bio_tfo.h new file mode 100644 index 00000000..64c0d4c3 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/bio_tfo.h @@ -0,0 +1,151 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Contains definitions for simplifying the use of TCP Fast Open + * (RFC7413) in OpenSSL socket BIOs. + */ + +/* If a supported OS is added here, update test/bio_tfo_test.c */ +#if defined(TCP_FASTOPEN) && !defined(OPENSSL_NO_TFO) + +# if defined(OPENSSL_SYS_MACOSX) || defined(__FreeBSD__) +# include +# endif + +/* + * OSSL_TFO_SYSCTL is used to determine if TFO is supported by + * this kernel, and if supported, if it is enabled. This is more of + * a problem on FreeBSD 10.3 ~ 11.4, where TCP_FASTOPEN was defined, + * but not enabled by default in the kernel, and only for the server. + * Linux does not have sysctlbyname(), and the closest equivalent + * is to go into the /proc filesystem, but I'm not sure it's + * worthwhile. + * + * On MacOS and Linux: + * These operating systems use a single parameter to control TFO. + * The OSSL_TFO_CLIENT_FLAG and OSSL_TFO_SERVER_FLAGS are used to + * determine if TFO is enabled for the client and server respectively. + * + * OSSL_TFO_CLIENT_FLAG = 1 = client TFO enabled + * OSSL_TFO_SERVER_FLAG = 2 = server TFO enabled + * + * Such that: + * 0 = TFO disabled + * 3 = server and client TFO enabled + * + * macOS 10.14 and later support TFO. + * Linux kernel 3.6 added support for client TFO. + * Linux kernel 3.7 added support for server TFO. + * Linux kernel 3.13 enabled TFO by default. + * Linux kernel 4.11 added the TCP_FASTOPEN_CONNECT option. + * + * On FreeBSD: + * FreeBSD 10.3 ~ 11.4 uses a single sysctl for server enable. + * FreeBSD 12.0 and later uses separate sysctls for server and + * client enable. + * + * Some options are purposely NOT defined per-platform + * + * OSSL_TFO_SYSCTL + * Defined as a sysctlbyname() option to determine if + * TFO is enabled in the kernel (macOS, FreeBSD) + * + * OSSL_TFO_SERVER_SOCKOPT + * Defined to indicate the socket option used to enable + * TFO on a server socket (all) + * + * OSSL_TFO_SERVER_SOCKOPT_VALUE + * Value to be used with OSSL_TFO_SERVER_SOCKOPT + * + * OSSL_TFO_CONNECTX + * Use the connectx() function to make a client connection + * (macOS) + * + * OSSL_TFO_CLIENT_SOCKOPT + * Defined to indicate the socket option used to enable + * TFO on a client socket (FreeBSD, Linux 4.14 and later) + * + * OSSL_TFO_SENDTO + * Defined to indicate the sendto() message type to + * be used to initiate a TFO connection (FreeBSD, + * Linux pre-4.14) + * + * OSSL_TFO_DO_NOT_CONNECT + * Defined to skip calling connect() when creating a + * client socket (macOS, FreeBSD, Linux pre-4.14) + */ + +# if defined(OPENSSL_SYS_WINDOWS) +/* + * NO WINDOWS SUPPORT + * + * But this is what would be used on the server: + * + * define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN + * define OSSL_TFO_SERVER_SOCKOPT_VALUE 1 + * + * Still have to figure out client support + */ +# undef TCP_FASTOPEN +# endif + +/* NO VMS SUPPORT */ +# if defined(OPENSSL_SYS_VMS) +# undef TCP_FASTOPEN +# endif + +# if defined(OPENSSL_SYS_MACOSX) +# define OSSL_TFO_SYSCTL "net.inet.tcp.fastopen" +# define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN +# define OSSL_TFO_SERVER_SOCKOPT_VALUE 1 +# define OSSL_TFO_CONNECTX 1 +# define OSSL_TFO_DO_NOT_CONNECT 1 +# define OSSL_TFO_CLIENT_FLAG 1 +# define OSSL_TFO_SERVER_FLAG 2 +# endif + +# if defined(__FreeBSD__) +# if defined(TCP_FASTOPEN_PSK_LEN) +/* As of 12.0 these are the SYSCTLs */ +# define OSSL_TFO_SYSCTL_SERVER "net.inet.tcp.fastopen.server_enable" +# define OSSL_TFO_SYSCTL_CLIENT "net.inet.tcp.fastopen.client_enable" +# define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN +# define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN +# define OSSL_TFO_CLIENT_SOCKOPT TCP_FASTOPEN +# define OSSL_TFO_DO_NOT_CONNECT 1 +# define OSSL_TFO_SENDTO 0 +/* These are the same because the sysctl are client/server-specific */ +# define OSSL_TFO_CLIENT_FLAG 1 +# define OSSL_TFO_SERVER_FLAG 1 +# else +/* 10.3 through 11.4 SYSCTL - ONLY SERVER SUPPORT */ +# define OSSL_TFO_SYSCTL "net.inet.tcp.fastopen.enabled" +# define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN +# define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN +# define OSSL_TFO_SERVER_FLAG 1 +# endif +# endif + +# if defined(OPENSSL_SYS_LINUX) +/* OSSL_TFO_PROC not used, but of interest */ +# define OSSL_TFO_PROC "/proc/sys/net/ipv4/tcp_fastopen" +# define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN +# define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN +# if defined(TCP_FASTOPEN_CONNECT) +# define OSSL_TFO_CLIENT_SOCKOPT TCP_FASTOPEN_CONNECT +# else +# define OSSL_TFO_SENDTO MSG_FASTOPEN +# define OSSL_TFO_DO_NOT_CONNECT 1 +# endif +# define OSSL_TFO_CLIENT_FLAG 1 +# define OSSL_TFO_SERVER_FLAG 2 +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/common.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/common.h new file mode 100644 index 00000000..15666f11 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/common.h @@ -0,0 +1,217 @@ +/* + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_COMMON_H +# define OSSL_INTERNAL_COMMON_H +# pragma once + +# include +# include +# include "openssl/configuration.h" + +# include "internal/e_os.h" /* ossl_inline in many files */ +# include "internal/nelem.h" + +# if defined(__GNUC__) || defined(__clang__) +# define likely(x) __builtin_expect(!!(x), 1) +# define unlikely(x) __builtin_expect(!!(x), 0) +# else +# define likely(x) x +# define unlikely(x) x +# endif + +# if defined(__GNUC__) || defined(__clang__) +# define ALIGN32 __attribute((aligned(32))) +# define ALIGN64 __attribute((aligned(64))) +# elif defined(_MSC_VER) +# define ALIGN32 __declspec(align(32)) +# define ALIGN64 __declspec(align(64)) +# else +# define ALIGN32 +# define ALIGN64 +# endif + +# ifdef NDEBUG +# define ossl_assert(x) ((x) != 0) +# else +__owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr, + const char *file, int line) +{ + if (!expr) + OPENSSL_die(exprstr, file, line); + + return expr; +} + +# define ossl_assert(x) ossl_assert_int((x) != 0, "Assertion failed: "#x, \ + __FILE__, __LINE__) + +# endif + +/* Check if |pre|, which must be a string literal, is a prefix of |str| */ +#define HAS_PREFIX(str, pre) (strncmp(str, pre "", sizeof(pre) - 1) == 0) +/* As before, and if check succeeds, advance |str| past the prefix |pre| */ +#define CHECK_AND_SKIP_PREFIX(str, pre) \ + (HAS_PREFIX(str, pre) ? ((str) += sizeof(pre) - 1, 1) : 0) +/* Check if the string literal |p| is a case-insensitive prefix of |s| */ +#define HAS_CASE_PREFIX(s, p) (OPENSSL_strncasecmp(s, p "", sizeof(p) - 1) == 0) +/* As before, and if check succeeds, advance |str| past the prefix |pre| */ +#define CHECK_AND_SKIP_CASE_PREFIX(str, pre) \ + (HAS_CASE_PREFIX(str, pre) ? ((str) += sizeof(pre) - 1, 1) : 0) +/* Check if the string literal |suffix| is a case-insensitive suffix of |str| */ +#define HAS_CASE_SUFFIX(str, suffix) (strlen(str) < sizeof(suffix) - 1 ? 0 : \ + OPENSSL_strcasecmp(str + strlen(str) - sizeof(suffix) + 1, suffix "") == 0) + +/* + * Use this inside a union with the field that needs to be aligned to a + * reasonable boundary for the platform. The most pessimistic alignment + * of the listed types will be used by the compiler. + */ +# define OSSL_UNION_ALIGN \ + double align; \ + ossl_uintmax_t align_int; \ + void *align_ptr + +# define OPENSSL_CONF "openssl.cnf" + +# ifndef OPENSSL_SYS_VMS +# define X509_CERT_AREA OPENSSLDIR +# define X509_CERT_DIR OPENSSLDIR "/certs" +# define X509_CERT_FILE OPENSSLDIR "/cert.pem" +# define X509_PRIVATE_DIR OPENSSLDIR "/private" +# define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf" +# else +# define X509_CERT_AREA "OSSL$DATAROOT:[000000]" +# define X509_CERT_DIR "OSSL$DATAROOT:[CERTS]" +# define X509_CERT_FILE "OSSL$DATAROOT:[000000]cert.pem" +# define X509_PRIVATE_DIR "OSSL$DATAROOT:[PRIVATE]" +# define CTLOG_FILE "OSSL$DATAROOT:[000000]ct_log_list.cnf" +# endif + +# define X509_CERT_DIR_EVP "SSL_CERT_DIR" +# define X509_CERT_FILE_EVP "SSL_CERT_FILE" +# define CTLOG_FILE_EVP "CTLOG_FILE" + +/* size of string representations */ +# define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) +# define HEX_SIZE(type) (sizeof(type)*2) + +# define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ + l|=(((unsigned long)(*((c)++)))<< 8), \ + l|=(((unsigned long)(*((c)++)))<<16), \ + l|=(((unsigned long)(*((c)++)))<<24)) + +/* NOTE - c is not incremented as per c2l */ +# define c2ln(c,l1,l2,n) { \ + c+=n; \ + l1=l2=0; \ + switch (n) { \ + case 8: l2 =((unsigned long)(*(--(c))))<<24; \ + case 7: l2|=((unsigned long)(*(--(c))))<<16; \ + case 6: l2|=((unsigned long)(*(--(c))))<< 8; \ + case 5: l2|=((unsigned long)(*(--(c)))); \ + case 4: l1 =((unsigned long)(*(--(c))))<<24; \ + case 3: l1|=((unsigned long)(*(--(c))))<<16; \ + case 2: l1|=((unsigned long)(*(--(c))))<< 8; \ + case 1: l1|=((unsigned long)(*(--(c)))); \ + } \ + } + +# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24)&0xff)) + +# define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \ + l|=((unsigned long)(*((c)++)))<<16, \ + l|=((unsigned long)(*((c)++)))<< 8, \ + l|=((unsigned long)(*((c)++)))) + +# define n2l8(c,l) (l =((uint64_t)(*((c)++)))<<56, \ + l|=((uint64_t)(*((c)++)))<<48, \ + l|=((uint64_t)(*((c)++)))<<40, \ + l|=((uint64_t)(*((c)++)))<<32, \ + l|=((uint64_t)(*((c)++)))<<24, \ + l|=((uint64_t)(*((c)++)))<<16, \ + l|=((uint64_t)(*((c)++)))<< 8, \ + l|=((uint64_t)(*((c)++)))) + +# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +# define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ + *((c)++)=(unsigned char)(((l)>>48)&0xff), \ + *((c)++)=(unsigned char)(((l)>>40)&0xff), \ + *((c)++)=(unsigned char)(((l)>>32)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +/* NOTE - c is not incremented as per l2c */ +# define l2cn(l1,l2,c,n) { \ + c+=n; \ + switch (n) { \ + case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ + case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ + case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ + case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ + case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ + case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ + case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ + case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ + } \ + } + +# define n2s(c,s) ((s=(((unsigned int)((c)[0]))<< 8)| \ + (((unsigned int)((c)[1])) )),(c)+=2) +# define s2n(s,c) (((c)[0]=(unsigned char)(((s)>> 8)&0xff), \ + (c)[1]=(unsigned char)(((s) )&0xff)),(c)+=2) + +# define n2l3(c,l) ((l =(((unsigned long)((c)[0]))<<16)| \ + (((unsigned long)((c)[1]))<< 8)| \ + (((unsigned long)((c)[2])) )),(c)+=3) + +# define l2n3(l,c) (((c)[0]=(unsigned char)(((l)>>16)&0xff), \ + (c)[1]=(unsigned char)(((l)>> 8)&0xff), \ + (c)[2]=(unsigned char)(((l) )&0xff)),(c)+=3) + +static ossl_inline int ossl_ends_with_dirsep(const char *path) +{ + if (*path != '\0') + path += strlen(path) - 1; +# if defined __VMS + if (*path == ']' || *path == '>' || *path == ':') + return 1; +# elif defined _WIN32 + if (*path == '\\') + return 1; +# endif + return *path == '/'; +} + +static ossl_inline int ossl_is_absolute_path(const char *path) +{ +# if defined __VMS + if (strchr(path, ':') != NULL + || ((path[0] == '[' || path[0] == '<') + && path[1] != '.' && path[1] != '-' + && path[1] != ']' && path[1] != '>')) + return 1; +# elif defined _WIN32 + if (path[0] == '\\' + || (path[0] != '\0' && path[1] == ':')) + return 1; +# endif + return path[0] == '/'; +} + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/comp.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/comp.h index 3ad86fc7..c48c29d5 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/comp.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/comp.h @@ -10,3 +10,5 @@ #include void ossl_comp_zlib_cleanup(void); +void ossl_comp_brotli_cleanup(void); +void ossl_comp_zstd_cleanup(void); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/cryptlib.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/cryptlib.h index ac50eb3b..64851fd8 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/cryptlib.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/cryptlib.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,9 +11,6 @@ # define OSSL_INTERNAL_CRYPTLIB_H # pragma once -# include -# include - # ifdef OPENSSL_USE_APPLINK # define BIO_FLAGS_UPLINK_INTERNAL 0x8000 # include "ms/uplink.h" @@ -21,39 +18,13 @@ # define BIO_FLAGS_UPLINK_INTERNAL 0 # endif +# include "internal/common.h" + # include # include # include # include # include -# include "internal/nelem.h" - -#ifdef NDEBUG -# define ossl_assert(x) ((x) != 0) -#else -__owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr, - const char *file, int line) -{ - if (!expr) - OPENSSL_die(exprstr, file, line); - - return expr; -} - -# define ossl_assert(x) ossl_assert_int((x) != 0, "Assertion failed: "#x, \ - __FILE__, __LINE__) - -#endif - -/* - * Use this inside a union with the field that needs to be aligned to a - * reasonable boundary for the platform. The most pessimistic alignment - * of the listed types will be used by the compiler. - */ -# define OSSL_UNION_ALIGN \ - double align; \ - ossl_uintmax_t align_int; \ - void *align_ptr typedef struct ex_callback_st EX_CALLBACK; DEFINE_STACK_OF(EX_CALLBACK) @@ -61,30 +32,6 @@ DEFINE_STACK_OF(EX_CALLBACK) typedef struct mem_st MEM; DEFINE_LHASH_OF_EX(MEM); -# define OPENSSL_CONF "openssl.cnf" - -# ifndef OPENSSL_SYS_VMS -# define X509_CERT_AREA OPENSSLDIR -# define X509_CERT_DIR OPENSSLDIR "/certs" -# define X509_CERT_FILE OPENSSLDIR "/cert.pem" -# define X509_PRIVATE_DIR OPENSSLDIR "/private" -# define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf" -# else -# define X509_CERT_AREA "OSSL$DATAROOT:[000000]" -# define X509_CERT_DIR "OSSL$DATAROOT:[CERTS]" -# define X509_CERT_FILE "OSSL$DATAROOT:[000000]cert.pem" -# define X509_PRIVATE_DIR "OSSL$DATAROOT:[PRIVATE]" -# define CTLOG_FILE "OSSL$DATAROOT:[000000]ct_log_list.cnf" -# endif - -# define X509_CERT_DIR_EVP "SSL_CERT_DIR" -# define X509_CERT_FILE_EVP "SSL_CERT_FILE" -# define CTLOG_FILE_EVP "CTLOG_FILE" - -/* size of string representations */ -# define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) -# define HEX_SIZE(type) (sizeof(type)*2) - void OPENSSL_cpuid_setup(void); #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ defined(__x86_64) || defined(__x86_64__) || \ @@ -168,7 +115,9 @@ typedef struct ossl_ex_data_global_st { # define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16 # define OSSL_LIB_CTX_BIO_CORE_INDEX 17 # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 -# define OSSL_LIB_CTX_MAX_INDEXES 19 +# define OSSL_LIB_CTX_THREAD_INDEX 19 +# define OSSL_LIB_CTX_DECODER_CACHE_INDEX 20 +# define OSSL_LIB_CTX_MAX_INDEXES 20 OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx); int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx); @@ -211,34 +160,4 @@ char *ossl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep); unsigned char *ossl_hexstr2buf_sep(const char *str, long *buflen, const char sep); -static ossl_inline int ossl_ends_with_dirsep(const char *path) -{ - if (*path != '\0') - path += strlen(path) - 1; -# if defined __VMS - if (*path == ']' || *path == '>' || *path == ':') - return 1; -# elif defined _WIN32 - if (*path == '\\') - return 1; -# endif - return *path == '/'; -} - -static ossl_inline int ossl_is_absolute_path(const char *path) -{ -# if defined __VMS - if (strchr(path, ':') != NULL - || ((path[0] == '[' || path[0] == '<') - && path[1] != '.' && path[1] != '-' - && path[1] != ']' && path[1] != '>')) - return 1; -# elif defined _WIN32 - if (path[0] == '\\' - || (path[0] != '\0' && path[1] == ':')) - return 1; -# endif - return path[0] == '/'; -} - #endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/der.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/der.h index f23fabc2..8d6db8f0 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/der.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/der.h @@ -7,8 +7,12 @@ * https://www.openssl.org/source/license.html */ -#include -#include "internal/packet.h" +#ifndef OSSL_INTERNAL_DER_H +# define OSSL_INTERNAL_DER_H +# pragma once + +# include +# include "internal/packet.h" /* * NOTE: X.690 numbers the identifier octet bits 1 to 8. @@ -22,42 +26,42 @@ * These are only valid for the UNIVERSAL class. With the other classes, * these bits have a different meaning. */ -#define DER_P_EOC 0 /* BER End Of Contents tag */ -#define DER_P_BOOLEAN 1 -#define DER_P_INTEGER 2 -#define DER_P_BIT_STRING 3 -#define DER_P_OCTET_STRING 4 -#define DER_P_NULL 5 -#define DER_P_OBJECT 6 -#define DER_P_OBJECT_DESCRIPTOR 7 -#define DER_P_EXTERNAL 8 -#define DER_P_REAL 9 -#define DER_P_ENUMERATED 10 -#define DER_P_UTF8STRING 12 -#define DER_P_SEQUENCE 16 -#define DER_P_SET 17 -#define DER_P_NUMERICSTRING 18 -#define DER_P_PRINTABLESTRING 19 -#define DER_P_T61STRING 20 -#define DER_P_VIDEOTEXSTRING 21 -#define DER_P_IA5STRING 22 -#define DER_P_UTCTIME 23 -#define DER_P_GENERALIZEDTIME 24 -#define DER_P_GRAPHICSTRING 25 -#define DER_P_ISO64STRING 26 -#define DER_P_GENERALSTRING 27 -#define DER_P_UNIVERSALSTRING 28 -#define DER_P_BMPSTRING 30 +# define DER_P_EOC 0 /* BER End Of Contents tag */ +# define DER_P_BOOLEAN 1 +# define DER_P_INTEGER 2 +# define DER_P_BIT_STRING 3 +# define DER_P_OCTET_STRING 4 +# define DER_P_NULL 5 +# define DER_P_OBJECT 6 +# define DER_P_OBJECT_DESCRIPTOR 7 +# define DER_P_EXTERNAL 8 +# define DER_P_REAL 9 +# define DER_P_ENUMERATED 10 +# define DER_P_UTF8STRING 12 +# define DER_P_SEQUENCE 16 +# define DER_P_SET 17 +# define DER_P_NUMERICSTRING 18 +# define DER_P_PRINTABLESTRING 19 +# define DER_P_T61STRING 20 +# define DER_P_VIDEOTEXSTRING 21 +# define DER_P_IA5STRING 22 +# define DER_P_UTCTIME 23 +# define DER_P_GENERALIZEDTIME 24 +# define DER_P_GRAPHICSTRING 25 +# define DER_P_ISO64STRING 26 +# define DER_P_GENERALSTRING 27 +# define DER_P_UNIVERSALSTRING 28 +# define DER_P_BMPSTRING 30 /* DER Flags, occupying bit 6 in the DER identifier byte */ -#define DER_F_PRIMITIVE 0x00 -#define DER_F_CONSTRUCTED 0x20 +# define DER_F_PRIMITIVE 0x00 +# define DER_F_CONSTRUCTED 0x20 /* DER classes tags, occupying bits 7-8 in the DER identifier byte */ -#define DER_C_UNIVERSAL 0x00 -#define DER_C_APPLICATION 0x40 -#define DER_C_CONTEXT 0x80 -#define DER_C_PRIVATE 0xC0 +# define DER_C_UNIVERSAL 0x00 +# define DER_C_APPLICATION 0x40 +# define DER_C_CONTEXT 0x80 +# define DER_C_PRIVATE 0xC0 /* * Run-time constructors. @@ -67,7 +71,7 @@ */ /* This can be used for all items that don't have a context */ -#define DER_NO_CONTEXT -1 +# define DER_NO_CONTEXT -1 int ossl_DER_w_precompiled(WPACKET *pkt, int tag, const unsigned char *precompiled, @@ -86,3 +90,5 @@ int ossl_DER_w_octet_string_uint32(WPACKET *pkt, int tag, uint32_t value); */ int ossl_DER_w_begin_sequence(WPACKET *pkt, int tag); int ossl_DER_w_end_sequence(WPACKET *pkt, int tag); + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/deterministic_nonce.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/deterministic_nonce.h new file mode 100644 index 00000000..5f0313fe --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/deterministic_nonce.h @@ -0,0 +1,24 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_DETERMINISTIC_NONCE_H +# define OSSL_INTERNAL_DETERMINISTIC_NONCE_H +# pragma once + +# include + +int ossl_gen_deterministic_nonce_rfc6979(BIGNUM *out, const BIGNUM *q, + const BIGNUM *priv, + const unsigned char *message, + size_t message_len, + const char *digestname, + OSSL_LIB_CTX *libctx, + const char *propq); + +#endif /*OSSL_INTERNAL_DETERMINISTIC_NONCE_H */ diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/e_os.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/e_os.h index 7fdc3899..d1ed62e8 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/e_os.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/e_os.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -143,7 +143,7 @@ static __inline unsigned int _strlen31(const char *str) # undef stdin # undef stdout # undef stderr -FILE *__iob_func(); +FILE *__iob_func(void); # define stdin (&__iob_func()[0]) # define stdout (&__iob_func()[1]) # define stderr (&__iob_func()[2]) @@ -249,7 +249,7 @@ FILE *__iob_func(); /***********************************************/ # if defined(OPENSSL_SYS_WINDOWS) -# if (_MSC_VER >= 1310) && !defined(_WIN32_WCE) +# if defined(_MSC_VER) && (_MSC_VER >= 1310) && !defined(_WIN32_WCE) # define open _open # define fdopen _fdopen # define close _close @@ -286,54 +286,6 @@ struct servent *getservbyname(const char *name, const char *proto); # endif /* end vxworks */ -/* system-specific variants defining ossl_sleep() */ -#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) -# include -static ossl_inline void ossl_sleep(unsigned long millis) -{ -# ifdef OPENSSL_SYS_VXWORKS - struct timespec ts; - ts.tv_sec = (long int) (millis / 1000); - ts.tv_nsec = (long int) (millis % 1000) * 1000000ul; - nanosleep(&ts, NULL); -# elif defined(__TANDEM) -# if !defined(_REENTRANT) -# include - /* HPNS does not support usleep for non threaded apps */ - PROCESS_DELAY_(millis * 1000); -# elif defined(_SPT_MODEL_) -# include -# include - usleep(millis * 1000); -# else - usleep(millis * 1000); -# endif -# else - usleep(millis * 1000); -# endif -} -#elif defined(_WIN32) -# include -static ossl_inline void ossl_sleep(unsigned long millis) -{ - Sleep(millis); -} -#else -/* Fallback to a busy wait */ -static ossl_inline void ossl_sleep(unsigned long millis) -{ - struct timeval start, now; - unsigned long elapsedms; - - gettimeofday(&start, NULL); - do { - gettimeofday(&now, NULL); - elapsedms = (((now.tv_sec - start.tv_sec) * 1000000) - + now.tv_usec - start.tv_usec) / 1000; - } while (elapsedms < millis); -} -#endif /* defined OPENSSL_SYS_UNIX */ - /* ----------------------------- HP NonStop -------------------------------- */ /* Required to support platform variant without getpid() and pid_t. */ # if defined(__TANDEM) && defined(_GUARDIAN_TARGET) @@ -343,12 +295,12 @@ static ossl_inline void ossl_sleep(unsigned long millis) # define gethostbyname(name) gethostbyname((char*)name) # define ioctlsocket(a,b,c) ioctl(a,b,c) # ifdef NO_GETPID -inline int nssgetpid(); +inline int nssgetpid(void); # ifndef NSSGETPID_MACRO # define NSSGETPID_MACRO # include # include - inline int nssgetpid() + inline int nssgetpid(void) { short phandle[10]={0}; union pseudo_pid { diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/endian.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/endian.h index 8b34e03e..7d5a73b1 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/endian.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/endian.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,7 @@ # pragma once /* - * IS_LITTLE_ENDIAN and IS_BIG_ENDIAN can be used to detect the endiannes + * IS_LITTLE_ENDIAN and IS_BIG_ENDIAN can be used to detect the endianness * at compile time. To use it, DECLARE_IS_ENDIAN must be used to declare * a variable. * diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/event_queue.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/event_queue.h new file mode 100644 index 00000000..bda1ee6a --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/event_queue.h @@ -0,0 +1,163 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_EVENT_QUEUE_H +# define OSSL_INTERNAL_EVENT_QUEUE_H +# pragma once + +# include "internal/priority_queue.h" +# include "internal/time.h" + +/* + * Opaque type holding an event. + */ +typedef struct ossl_event_st OSSL_EVENT; + +DEFINE_PRIORITY_QUEUE_OF(OSSL_EVENT); + +/* + * Public type representing an event queue, the underlying structure being + * opaque. + */ +typedef struct ossl_event_queue_st OSSL_EVENT_QUEUE; + +/* + * Public type representing a event queue entry. + * It is (internally) public so that it can be embedded into other structures, + * it should otherwise be treated as opaque. + */ +struct ossl_event_st { + uint32_t type; /* What type of event this is */ + uint32_t priority; /* What priority this event has */ + OSSL_TIME when; /* When the event is scheduled to happen */ + void *ctx; /* User argument passed to call backs */ + void *payload; /* Event specific data of unknown kind */ + size_t payload_size; /* Length (in bytes) of event specific data */ + + /* These fields are for internal use only */ + PRIORITY_QUEUE_OF(OSSL_EVENT) *queue; /* Queue containing this event */ + size_t ref; /* ID for this event */ + unsigned int flag_dynamic : 1; /* Malloced or not? */ +}; + +/* + * Utility function to populate an event structure and add it to the queue + */ +int ossl_event_queue_add(OSSL_EVENT_QUEUE *queue, OSSL_EVENT *event, + uint32_t type, uint32_t priority, + OSSL_TIME when, void *ctx, + void *payload, size_t payload_size); + +/* + * Utility functions to extract event fields + */ +static ossl_unused ossl_inline +uint32_t ossl_event_get_type(const OSSL_EVENT *event) +{ + return event->type; +} + +static ossl_unused ossl_inline +uint32_t ossl_event_get_priority(const OSSL_EVENT *event) +{ + return event->priority; +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_event_get_when(const OSSL_EVENT *event) +{ + return event->when; +} + +static ossl_unused ossl_inline +void *ossl_event_get0_ctx(const OSSL_EVENT *event) +{ + return event->ctx; +} + +static ossl_unused ossl_inline +void *ossl_event_get0_payload(const OSSL_EVENT *event, size_t *length) +{ + if (length != NULL) + *length = event->payload_size; + return event->payload; +} + +/* + * Create and free a queue. + */ +OSSL_EVENT_QUEUE *ossl_event_queue_new(void); +void ossl_event_queue_free(OSSL_EVENT_QUEUE *queue); + +/* + * Schedule a new event into an event queue. + * + * The event parameters are taken from the function arguments. + * + * The function returns NULL on failure and the added event on success. + */ +OSSL_EVENT *ossl_event_queue_add_new(OSSL_EVENT_QUEUE *queue, + uint32_t type, uint32_t priority, + OSSL_TIME when, void *ctx, + void *payload, size_t payload_size) +; + +/* + * Schedule an event into an event queue. + * + * The event parameters are taken from the function arguments. + * + * The function returns 0 on failure and 1 on success. + */ +int ossl_event_queue_add(OSSL_EVENT_QUEUE *queue, OSSL_EVENT *event, + uint32_t type, uint32_t priority, + OSSL_TIME when, void *ctx, + void *payload, size_t payload_size); + +/* + * Delete an event from the queue. + * This will cause the early deletion function to be called if it is non-NULL. + * A pointer to the event structure is returned. + */ +int ossl_event_queue_remove(OSSL_EVENT_QUEUE *queue, OSSL_EVENT *event); + +/* + * Free a dynamic event. + * Is a NOP for a static event. + */ +void ossl_event_free(OSSL_EVENT *event); + +/* + * Return the time until the next event for the specified event, if the event's + * time is past, zero is returned. Once activated, the event reference becomes + * invalid and this function becomes undefined. + */ +OSSL_TIME ossl_event_time_until(const OSSL_EVENT *event); + +/* + * Return the time until the next event in the queue. + * If the next event is in the past, zero is returned. + */ +OSSL_TIME ossl_event_queue_time_until_next(const OSSL_EVENT_QUEUE *queue); + +/* + * Postpone an event to trigger at the specified time. + * If the event has triggered, this function's behaviour is undefined. + */ +int ossl_event_queue_postpone_until(OSSL_EVENT_QUEUE *queue, + OSSL_EVENT *event, + OSSL_TIME when); + +/* + * Return the next event to process. + */ +int ossl_event_queue_get1_next_event(OSSL_EVENT_QUEUE *queue, + OSSL_EVENT **event); + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/ffc.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/ffc.h index c4f09087..edd8381e 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/ffc.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/ffc.h @@ -58,8 +58,11 @@ # define FFC_CHECK_INVALID_Q_VALUE 0x00020 # define FFC_CHECK_INVALID_J_VALUE 0x00040 -# define FFC_CHECK_BAD_LN_PAIR 0x00080 -# define FFC_CHECK_INVALID_SEED_SIZE 0x00100 +/* + * 0x80, 0x100 reserved by include/openssl/dh.h with check bits that are not + * relevant for FFC. + */ + # define FFC_CHECK_MISSING_SEED_OR_COUNTER 0x00200 # define FFC_CHECK_INVALID_G 0x00400 # define FFC_CHECK_INVALID_PQ 0x00800 @@ -68,6 +71,8 @@ # define FFC_CHECK_Q_MISMATCH 0x04000 # define FFC_CHECK_G_MISMATCH 0x08000 # define FFC_CHECK_COUNTER_MISMATCH 0x10000 +# define FFC_CHECK_BAD_LN_PAIR 0x20000 +# define FFC_CHECK_INVALID_SEED_SIZE 0x40000 /* Validation Return codes */ # define FFC_ERROR_PUBKEY_TOO_SMALL 0x01 @@ -132,7 +137,7 @@ void ossl_ffc_params_set_h(FFC_PARAMS *params, int index); void ossl_ffc_params_set_flags(FFC_PARAMS *params, unsigned int flags); void ossl_ffc_params_enable_flags(FFC_PARAMS *params, unsigned int flags, int enable); -int ossl_ffc_set_digest(FFC_PARAMS *params, const char *alg, const char *props); +void ossl_ffc_set_digest(FFC_PARAMS *params, const char *alg, const char *props); int ossl_ffc_params_set_validate_params(FFC_PARAMS *params, const unsigned char *seed, diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/hpke_util.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/hpke_util.h new file mode 100644 index 00000000..e1da5e05 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/hpke_util.h @@ -0,0 +1,100 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_HPKE_UTIL_H +# define OSSL_INTERNAL_HPKE_UTIL_H +# pragma once + +/* Constants from RFC 9180 Section 7.1 and 7.3 */ +# define OSSL_HPKE_MAX_SECRET 64 +# define OSSL_HPKE_MAX_PUBLIC 133 +# define OSSL_HPKE_MAX_PRIVATE 66 +# define OSSL_HPKE_MAX_KDF_INPUTLEN 64 + +/* + * max length of a base-nonce (the Nn field from OSSL_HPKE_AEAD_INFO), this + * is used for a local stack array size + */ +# define OSSL_HPKE_MAX_NONCELEN 12 + +/* + * @brief info about a KEM + * Used to store constants from Section 7.1 "Table 2 KEM IDs" + * and the bitmask for EC curves described in Section 7.1.3 DeriveKeyPair + */ +typedef struct { + uint16_t kem_id; /* code point for key encipherment method */ + const char *keytype; /* string form of algtype "EC"/"X25519"/"X448" */ + const char *groupname; /* string form of EC group for NIST curves */ + const char *mdname; /* hash alg name for the HKDF */ + size_t Nsecret; /* size of secrets */ + size_t Nenc; /* length of encapsulated key */ + size_t Npk; /* length of public key */ + size_t Nsk; /* length of raw private key */ + uint8_t bitmask; +} OSSL_HPKE_KEM_INFO; + +/* + * @brief info about a KDF + */ +typedef struct { + uint16_t kdf_id; /* code point for KDF */ + const char *mdname; /* hash alg name for the HKDF */ + size_t Nh; /* length of hash/extract output */ +} OSSL_HPKE_KDF_INFO; + +/* + * @brief info about an AEAD + */ +typedef struct { + uint16_t aead_id; /* code point for aead alg */ + const char *name; /* alg name */ + size_t taglen; /* aead tag len */ + size_t Nk; /* size of a key for this aead */ + size_t Nn; /* length of a nonce for this aead */ +} OSSL_HPKE_AEAD_INFO; + +const OSSL_HPKE_KEM_INFO *ossl_HPKE_KEM_INFO_find_curve(const char *curve); +const OSSL_HPKE_KEM_INFO *ossl_HPKE_KEM_INFO_find_id(uint16_t kemid); +const OSSL_HPKE_KEM_INFO *ossl_HPKE_KEM_INFO_find_random(OSSL_LIB_CTX *ctx); +const OSSL_HPKE_KDF_INFO *ossl_HPKE_KDF_INFO_find_id(uint16_t kdfid); +const OSSL_HPKE_KDF_INFO *ossl_HPKE_KDF_INFO_find_random(OSSL_LIB_CTX *ctx); +const OSSL_HPKE_AEAD_INFO *ossl_HPKE_AEAD_INFO_find_id(uint16_t aeadid); +const OSSL_HPKE_AEAD_INFO *ossl_HPKE_AEAD_INFO_find_random(OSSL_LIB_CTX *ctx); + +int ossl_hpke_kdf_extract(EVP_KDF_CTX *kctx, + unsigned char *prk, size_t prklen, + const unsigned char *salt, size_t saltlen, + const unsigned char *ikm, size_t ikmlen); + +int ossl_hpke_kdf_expand(EVP_KDF_CTX *kctx, + unsigned char *okm, size_t okmlen, + const unsigned char *prk, size_t prklen, + const unsigned char *info, size_t infolen); + +int ossl_hpke_labeled_extract(EVP_KDF_CTX *kctx, + unsigned char *prk, size_t prklen, + const unsigned char *salt, size_t saltlen, + const char *protocol_label, + const unsigned char *suiteid, size_t suiteidlen, + const char *label, + const unsigned char *ikm, size_t ikmlen); +int ossl_hpke_labeled_expand(EVP_KDF_CTX *kctx, + unsigned char *okm, size_t okmlen, + const unsigned char *prk, size_t prklen, + const char *protocol_label, + const unsigned char *suiteid, size_t suiteidlen, + const char *label, + const unsigned char *info, size_t infolen); + +EVP_KDF_CTX *ossl_kdf_ctx_create(const char *kdfname, const char *mdname, + OSSL_LIB_CTX *libctx, const char *propq); + +int ossl_hpke_str2suite(const char *suitestr, OSSL_HPKE_SUITE *suite); +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/ktls.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/ktls.h index 95492fd0..af27a325 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/ktls.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/ktls.h @@ -1,5 +1,5 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,6 +40,11 @@ # define OPENSSL_KTLS_AES_GCM_128 # define OPENSSL_KTLS_AES_GCM_256 # define OPENSSL_KTLS_TLS13 +# ifdef TLS_CHACHA20_IV_LEN +# ifndef OPENSSL_NO_CHACHA +# define OPENSSL_KTLS_CHACHA20_POLY1305 +# endif +# endif typedef struct tls_enable ktls_crypto_info_t; @@ -209,6 +214,13 @@ static ossl_inline ossl_ssize_t ktls_sendfile(int s, int fd, off_t off, # warning "Skipping Compilation of KTLS receive data path" # endif # endif +# if LINUX_VERSION_CODE < KERNEL_VERSION(5, 19, 0) +# define OPENSSL_NO_KTLS_ZC_TX +# ifndef PEDANTIC +# warning "KTLS requires Kernel Headers >= 5.19.0 for zerocopy sendfile" +# warning "Skipping Compilation of KTLS zerocopy sendfile" +# endif +# endif # define OPENSSL_KTLS_AES_GCM_128 # if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0) # define OPENSSL_KTLS_AES_GCM_256 @@ -288,6 +300,18 @@ static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *crypto_info, crypto_info, crypto_info->tls_crypto_info_len) ? 0 : 1; } +static ossl_inline int ktls_enable_tx_zerocopy_sendfile(int fd) +{ +#ifndef OPENSSL_NO_KTLS_ZC_TX + int enable = 1; + + return setsockopt(fd, SOL_TLS, TLS_TX_ZEROCOPY_RO, + &enable, sizeof(enable)) ? 0 : 1; +#else + return 0; +#endif +} + /* * Send a TLS record using the crypto_info provided in ktls_start and use * record_type instead of the default SSL3_RT_APPLICATION_DATA. diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/list.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/list.h new file mode 100644 index 00000000..fdd356c4 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/list.h @@ -0,0 +1,169 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_LIST_H +# define OSSL_INTERNAL_LIST_H +# pragma once + +# include +# include + +# ifdef NDEBUG +# define OSSL_LIST_DBG(x) +# else +# define OSSL_LIST_DBG(x) x; +# endif + +/* Define a list structure */ +# define OSSL_LIST(name) OSSL_LIST_ ## name + +/* Define fields to include an element of a list */ +# define OSSL_LIST_MEMBER(name, type) \ + struct { \ + type *next, *prev; \ + OSSL_LIST_DBG(struct ossl_list_st_ ## name *list) \ + } ossl_list_ ## name + +# define DEFINE_LIST_OF(name, type) \ + typedef struct ossl_list_st_ ## name OSSL_LIST(name); \ + struct ossl_list_st_ ## name { \ + type *alpha, *omega; \ + size_t num_elems; \ + }; \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_init(OSSL_LIST(name) *list) \ + { \ + memset(list, 0, sizeof(*list)); \ + } \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_init_elem(type *elem) \ + { \ + memset(&elem->ossl_list_ ## name, 0, \ + sizeof(elem->ossl_list_ ## name)); \ + } \ + static ossl_unused ossl_inline int \ + ossl_list_##name##_is_empty(const OSSL_LIST(name) *list) \ + { \ + return list->num_elems == 0; \ + } \ + static ossl_unused ossl_inline size_t \ + ossl_list_##name##_num(const OSSL_LIST(name) *list) \ + { \ + return list->num_elems; \ + } \ + static ossl_unused ossl_inline type * \ + ossl_list_##name##_head(const OSSL_LIST(name) *list) \ + { \ + assert(list->alpha == NULL \ + || list->alpha->ossl_list_ ## name.list == list); \ + return list->alpha; \ + } \ + static ossl_unused ossl_inline type * \ + ossl_list_##name##_tail(const OSSL_LIST(name) *list) \ + { \ + assert(list->omega == NULL \ + || list->omega->ossl_list_ ## name.list == list); \ + return list->omega; \ + } \ + static ossl_unused ossl_inline type * \ + ossl_list_##name##_next(const type *elem) \ + { \ + assert(elem->ossl_list_ ## name.next == NULL \ + || elem->ossl_list_ ## name.next \ + ->ossl_list_ ## name.prev == elem); \ + return elem->ossl_list_ ## name.next; \ + } \ + static ossl_unused ossl_inline type * \ + ossl_list_##name##_prev(const type *elem) \ + { \ + assert(elem->ossl_list_ ## name.prev == NULL \ + || elem->ossl_list_ ## name.prev \ + ->ossl_list_ ## name.next == elem); \ + return elem->ossl_list_ ## name.prev; \ + } \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_remove(OSSL_LIST(name) *list, type *elem) \ + { \ + assert(elem->ossl_list_ ## name.list == list); \ + OSSL_LIST_DBG(elem->ossl_list_ ## name.list = NULL) \ + if (list->alpha == elem) \ + list->alpha = elem->ossl_list_ ## name.next; \ + if (list->omega == elem) \ + list->omega = elem->ossl_list_ ## name.prev; \ + if (elem->ossl_list_ ## name.prev != NULL) \ + elem->ossl_list_ ## name.prev->ossl_list_ ## name.next = \ + elem->ossl_list_ ## name.next; \ + if (elem->ossl_list_ ## name.next != NULL) \ + elem->ossl_list_ ## name.next->ossl_list_ ## name.prev = \ + elem->ossl_list_ ## name.prev; \ + list->num_elems--; \ + memset(&elem->ossl_list_ ## name, 0, \ + sizeof(elem->ossl_list_ ## name)); \ + } \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_insert_head(OSSL_LIST(name) *list, type *elem) \ + { \ + assert(elem->ossl_list_ ## name.list == NULL); \ + OSSL_LIST_DBG(elem->ossl_list_ ## name.list = list) \ + if (list->alpha != NULL) \ + list->alpha->ossl_list_ ## name.prev = elem; \ + elem->ossl_list_ ## name.next = list->alpha; \ + elem->ossl_list_ ## name.prev = NULL; \ + list->alpha = elem; \ + if (list->omega == NULL) \ + list->omega = elem; \ + list->num_elems++; \ + } \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_insert_tail(OSSL_LIST(name) *list, type *elem) \ + { \ + assert(elem->ossl_list_ ## name.list == NULL); \ + OSSL_LIST_DBG(elem->ossl_list_ ## name.list = list) \ + if (list->omega != NULL) \ + list->omega->ossl_list_ ## name.next = elem; \ + elem->ossl_list_ ## name.prev = list->omega; \ + elem->ossl_list_ ## name.next = NULL; \ + list->omega = elem; \ + if (list->alpha == NULL) \ + list->alpha = elem; \ + list->num_elems++; \ + } \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_insert_before(OSSL_LIST(name) *list, type *e, \ + type *elem) \ + { \ + assert(elem->ossl_list_ ## name.list == NULL); \ + OSSL_LIST_DBG(elem->ossl_list_ ## name.list = list) \ + elem->ossl_list_ ## name.next = e; \ + elem->ossl_list_ ## name.prev = e->ossl_list_ ## name.prev; \ + if (e->ossl_list_ ## name.prev != NULL) \ + e->ossl_list_ ## name.prev->ossl_list_ ## name.next = elem; \ + e->ossl_list_ ## name.prev = elem; \ + if (list->alpha == e) \ + list->alpha = elem; \ + list->num_elems++; \ + } \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_insert_after(OSSL_LIST(name) *list, type *e, \ + type *elem) \ + { \ + assert(elem->ossl_list_ ## name.list == NULL); \ + OSSL_LIST_DBG(elem->ossl_list_ ## name.list = list) \ + elem->ossl_list_ ## name.prev = e; \ + elem->ossl_list_ ## name.next = e->ossl_list_ ## name.next; \ + if (e->ossl_list_ ## name.next != NULL) \ + e->ossl_list_ ## name.next->ossl_list_ ## name.prev = elem; \ + e->ossl_list_ ## name.next = elem; \ + if (list->omega == e) \ + list->omega = elem; \ + list->num_elems++; \ + } \ + struct ossl_list_st_ ## name + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/namemap.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/namemap.h index fd36883f..6c42a9cd 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/namemap.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/namemap.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/numbers.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/numbers.h index 4f4d3306..47fb1677 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/numbers.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/numbers.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -61,6 +61,31 @@ # define UINT64_MAX __MAXUINT__(uint64_t) # endif +/* + * 64-bit processor with LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT_LONG +# ifndef UINT32_C +# define UINT32_C(c) (c) +# endif +# ifndef UINT64_C +# define UINT64_C(c) (c##UL) +# endif +# endif + +/* + * 64-bit processor other than LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT +# ifndef UINT32_C +# define UINT32_C(c) (c##UL) +# endif +# ifndef UINT64_C +# define UINT64_C(c) (c##ULL) +# endif +# endif + + # ifndef INT128_MAX # if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16 typedef __int128_t int128_t; diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/packet.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/packet.h index ed761720..7abc6b8b 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/packet.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/packet.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -691,6 +691,8 @@ struct wpacket_st { */ #define WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH 2 +/* QUIC variable-length integer length prefix */ +#define WPACKET_FLAGS_QUIC_VLINT 4 /* * Initialise a WPACKET with the buffer in |buf|. The buffer must exist diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/packet_quic.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/packet_quic.h new file mode 100644 index 00000000..5173b467 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/packet_quic.h @@ -0,0 +1,150 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_PACKET_QUIC_H +# define OSSL_INTERNAL_PACKET_QUIC_H +# pragma once + +# include "internal/packet.h" +# include "internal/quic_vlint.h" + +# ifndef OPENSSL_NO_QUIC +/* + * Decodes a QUIC variable-length integer in |pkt| and stores the result in + * |data|. + */ +__owur static ossl_inline int PACKET_get_quic_vlint(PACKET *pkt, + uint64_t *data) +{ + size_t enclen; + + if (PACKET_remaining(pkt) < 1) + return 0; + + enclen = ossl_quic_vlint_decode_len(*pkt->curr); + + if (PACKET_remaining(pkt) < enclen) + return 0; + + *data = ossl_quic_vlint_decode_unchecked(pkt->curr); + packet_forward(pkt, enclen); + return 1; +} + +/* + * Decodes a QUIC variable-length integer in |pkt| and stores the result in + * |data|. Unlike PACKET_get_quic_vlint, this does not advance the current + * position. If was_minimal is non-NULL, *was_minimal is set to 1 if the integer + * was encoded using the minimal possible number of bytes and 0 otherwise. + */ +__owur static ossl_inline int PACKET_peek_quic_vlint_ex(PACKET *pkt, + uint64_t *data, + int *was_minimal) +{ + size_t enclen; + + if (PACKET_remaining(pkt) < 1) + return 0; + + enclen = ossl_quic_vlint_decode_len(*pkt->curr); + + if (PACKET_remaining(pkt) < enclen) + return 0; + + *data = ossl_quic_vlint_decode_unchecked(pkt->curr); + + if (was_minimal != NULL) + *was_minimal = (enclen == ossl_quic_vlint_encode_len(*data)); + + return 1; +} + +__owur static ossl_inline int PACKET_peek_quic_vlint(PACKET *pkt, + uint64_t *data) +{ + return PACKET_peek_quic_vlint_ex(pkt, data, NULL); +} + +/* + * Skips over a QUIC variable-length integer in |pkt| without decoding it. + */ +__owur static ossl_inline int PACKET_skip_quic_vlint(PACKET *pkt) +{ + size_t enclen; + + if (PACKET_remaining(pkt) < 1) + return 0; + + enclen = ossl_quic_vlint_decode_len(*pkt->curr); + + if (PACKET_remaining(pkt) < enclen) + return 0; + + packet_forward(pkt, enclen); + return 1; +} + +/* + * Reads a variable-length vector prefixed with a QUIC variable-length integer + * denoting the length, and stores the contents in |subpkt|. |pkt| can equal + * |subpkt|. Data is not copied: the |subpkt| packet will share its underlying + * buffer with the original |pkt|, so data wrapped by |pkt| must outlive the + * |subpkt|. Upon failure, the original |pkt| and |subpkt| are not modified. + */ +__owur static ossl_inline int PACKET_get_quic_length_prefixed(PACKET *pkt, + PACKET *subpkt) +{ + uint64_t length; + const unsigned char *data; + PACKET tmp = *pkt; + + if (!PACKET_get_quic_vlint(&tmp, &length) || + length > SIZE_MAX || + !PACKET_get_bytes(&tmp, &data, (size_t)length)) { + return 0; + } + + *pkt = tmp; + subpkt->curr = data; + subpkt->remaining = (size_t)length; + + return 1; +} + +/* + * Starts a QUIC sub-packet headed by a QUIC variable-length integer. A 4-byte + * representation is used. + */ +__owur int WPACKET_start_quic_sub_packet(WPACKET *pkt); + +/* + * Starts a QUIC sub-packet headed by a QUIC variable-length integer. max_len + * specifies the upper bound for the sub-packet size at the time the sub-packet + * is closed, which determines the encoding size for the variable-length + * integer header. max_len can be a precise figure or a worst-case bound + * if a precise figure is not available. + */ +__owur int WPACKET_start_quic_sub_packet_bound(WPACKET *pkt, size_t max_len); + +/* + * Allocates a QUIC sub-packet with exactly len bytes of payload, headed by a + * QUIC variable-length integer. The pointer to the payload buffer is output and + * must be filled by the caller. This function assures optimal selection of + * variable-length integer encoding length. + */ +__owur int WPACKET_quic_sub_allocate_bytes(WPACKET *pkt, size_t len, + unsigned char **bytes); + +/* + * Write a QUIC variable-length integer to the packet. + */ +__owur int WPACKET_quic_write_vlint(WPACKET *pkt, uint64_t v); + +# endif /* OPENSSL_NO_QUIC */ +#endif /* OSSL_INTERNAL_PACKET_QUIC_H */ diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/param_build_set.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/param_build_set.h index 126211b7..3518f008 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/param_build_set.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/param_build_set.h @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,6 +39,11 @@ int ossl_param_build_set_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, const char *key, const BIGNUM *bn); int ossl_param_build_set_bn_pad(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, const char *key, const BIGNUM *bn, size_t sz); +int ossl_param_build_set_signed_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, + const char *key, const BIGNUM *bn); +int ossl_param_build_set_signed_bn_pad(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, + const char *key, const BIGNUM *bn, + size_t sz); int ossl_param_build_set_multi_key_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, const char *names[], STACK_OF(BIGNUM_const) *stk); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/param_names.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/param_names.h new file mode 100644 index 00000000..e721d071 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/param_names.h @@ -0,0 +1,376 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/internal/param_names.h.in + * + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + +int ossl_param_find_pidx(const char *s); + +/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */ +#define NUM_PIDX 290 + +#define PIDX_ALG_PARAM_CIPHER 0 +#define PIDX_ALG_PARAM_DIGEST 1 +#define PIDX_ALG_PARAM_ENGINE 2 +#define PIDX_ALG_PARAM_MAC 3 +#define PIDX_ALG_PARAM_PROPERTIES 4 +#define PIDX_ASYM_CIPHER_PARAM_DIGEST PIDX_PKEY_PARAM_DIGEST +#define PIDX_ASYM_CIPHER_PARAM_ENGINE PIDX_PKEY_PARAM_ENGINE +#define PIDX_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION 5 +#define PIDX_ASYM_CIPHER_PARAM_MGF1_DIGEST PIDX_PKEY_PARAM_MGF1_DIGEST +#define PIDX_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS PIDX_PKEY_PARAM_MGF1_PROPERTIES +#define PIDX_ASYM_CIPHER_PARAM_OAEP_DIGEST PIDX_ALG_PARAM_DIGEST +#define PIDX_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS 6 +#define PIDX_ASYM_CIPHER_PARAM_OAEP_LABEL 7 +#define PIDX_ASYM_CIPHER_PARAM_PAD_MODE PIDX_PKEY_PARAM_PAD_MODE +#define PIDX_ASYM_CIPHER_PARAM_PROPERTIES PIDX_PKEY_PARAM_PROPERTIES +#define PIDX_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION 8 +#define PIDX_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION 9 +#define PIDX_CAPABILITY_TLS_GROUP_ALG 10 +#define PIDX_CAPABILITY_TLS_GROUP_ID 11 +#define PIDX_CAPABILITY_TLS_GROUP_IS_KEM 12 +#define PIDX_CAPABILITY_TLS_GROUP_MAX_DTLS 13 +#define PIDX_CAPABILITY_TLS_GROUP_MAX_TLS 14 +#define PIDX_CAPABILITY_TLS_GROUP_MIN_DTLS 15 +#define PIDX_CAPABILITY_TLS_GROUP_MIN_TLS 16 +#define PIDX_CAPABILITY_TLS_GROUP_NAME 17 +#define PIDX_CAPABILITY_TLS_GROUP_NAME_INTERNAL 18 +#define PIDX_CAPABILITY_TLS_GROUP_SECURITY_BITS 19 +#define PIDX_CAPABILITY_TLS_SIGALG_CODE_POINT 20 +#define PIDX_CAPABILITY_TLS_SIGALG_HASH_NAME 21 +#define PIDX_CAPABILITY_TLS_SIGALG_HASH_OID 22 +#define PIDX_CAPABILITY_TLS_SIGALG_IANA_NAME 23 +#define PIDX_CAPABILITY_TLS_SIGALG_KEYTYPE 24 +#define PIDX_CAPABILITY_TLS_SIGALG_KEYTYPE_OID 25 +#define PIDX_CAPABILITY_TLS_SIGALG_MAX_TLS 14 +#define PIDX_CAPABILITY_TLS_SIGALG_MIN_TLS 16 +#define PIDX_CAPABILITY_TLS_SIGALG_NAME 26 +#define PIDX_CAPABILITY_TLS_SIGALG_OID 27 +#define PIDX_CAPABILITY_TLS_SIGALG_SECURITY_BITS 28 +#define PIDX_CAPABILITY_TLS_SIGALG_SIG_NAME 29 +#define PIDX_CAPABILITY_TLS_SIGALG_SIG_OID 30 +#define PIDX_CIPHER_PARAM_AEAD 31 +#define PIDX_CIPHER_PARAM_AEAD_IVLEN PIDX_CIPHER_PARAM_IVLEN +#define PIDX_CIPHER_PARAM_AEAD_MAC_KEY 32 +#define PIDX_CIPHER_PARAM_AEAD_TAG 33 +#define PIDX_CIPHER_PARAM_AEAD_TAGLEN 34 +#define PIDX_CIPHER_PARAM_AEAD_TLS1_AAD 35 +#define PIDX_CIPHER_PARAM_AEAD_TLS1_AAD_PAD 36 +#define PIDX_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN 37 +#define PIDX_CIPHER_PARAM_AEAD_TLS1_IV_FIXED 38 +#define PIDX_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV 39 +#define PIDX_CIPHER_PARAM_ALGORITHM_ID_PARAMS 40 +#define PIDX_CIPHER_PARAM_BLOCK_SIZE 41 +#define PIDX_CIPHER_PARAM_CTS 42 +#define PIDX_CIPHER_PARAM_CTS_MODE 43 +#define PIDX_CIPHER_PARAM_CUSTOM_IV 44 +#define PIDX_CIPHER_PARAM_HAS_RAND_KEY 45 +#define PIDX_CIPHER_PARAM_IV 46 +#define PIDX_CIPHER_PARAM_IVLEN 47 +#define PIDX_CIPHER_PARAM_KEYLEN 48 +#define PIDX_CIPHER_PARAM_MODE 49 +#define PIDX_CIPHER_PARAM_NUM 50 +#define PIDX_CIPHER_PARAM_PADDING 51 +#define PIDX_CIPHER_PARAM_RANDOM_KEY 52 +#define PIDX_CIPHER_PARAM_RC2_KEYBITS 53 +#define PIDX_CIPHER_PARAM_ROUNDS 54 +#define PIDX_CIPHER_PARAM_SPEED 55 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK 56 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD 57 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN 58 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC 59 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN 60 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN 61 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE 62 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE 63 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT 64 +#define PIDX_CIPHER_PARAM_TLS_MAC 65 +#define PIDX_CIPHER_PARAM_TLS_MAC_SIZE 66 +#define PIDX_CIPHER_PARAM_TLS_VERSION 67 +#define PIDX_CIPHER_PARAM_UPDATED_IV 68 +#define PIDX_CIPHER_PARAM_USE_BITS 69 +#define PIDX_CIPHER_PARAM_XTS_STANDARD 70 +#define PIDX_DECODER_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_DIGEST_PARAM_ALGID_ABSENT 71 +#define PIDX_DIGEST_PARAM_BLOCK_SIZE 41 +#define PIDX_DIGEST_PARAM_MICALG 72 +#define PIDX_DIGEST_PARAM_PAD_TYPE 73 +#define PIDX_DIGEST_PARAM_SIZE 74 +#define PIDX_DIGEST_PARAM_SSL3_MS 75 +#define PIDX_DIGEST_PARAM_XOF 76 +#define PIDX_DIGEST_PARAM_XOFLEN 77 +#define PIDX_DRBG_PARAM_CIPHER PIDX_ALG_PARAM_CIPHER +#define PIDX_DRBG_PARAM_DIGEST PIDX_ALG_PARAM_DIGEST +#define PIDX_DRBG_PARAM_ENTROPY_REQUIRED 78 +#define PIDX_DRBG_PARAM_MAC PIDX_ALG_PARAM_MAC +#define PIDX_DRBG_PARAM_MAX_ADINLEN 79 +#define PIDX_DRBG_PARAM_MAX_ENTROPYLEN 80 +#define PIDX_DRBG_PARAM_MAX_LENGTH 81 +#define PIDX_DRBG_PARAM_MAX_NONCELEN 82 +#define PIDX_DRBG_PARAM_MAX_PERSLEN 83 +#define PIDX_DRBG_PARAM_MIN_ENTROPYLEN 84 +#define PIDX_DRBG_PARAM_MIN_LENGTH 85 +#define PIDX_DRBG_PARAM_MIN_NONCELEN 86 +#define PIDX_DRBG_PARAM_PREDICTION_RESISTANCE 87 +#define PIDX_DRBG_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_DRBG_PARAM_RANDOM_DATA 88 +#define PIDX_DRBG_PARAM_RESEED_COUNTER 89 +#define PIDX_DRBG_PARAM_RESEED_REQUESTS 90 +#define PIDX_DRBG_PARAM_RESEED_TIME 91 +#define PIDX_DRBG_PARAM_RESEED_TIME_INTERVAL 92 +#define PIDX_DRBG_PARAM_SIZE 74 +#define PIDX_DRBG_PARAM_USE_DF 93 +#define PIDX_ENCODER_PARAM_CIPHER PIDX_ALG_PARAM_CIPHER +#define PIDX_ENCODER_PARAM_ENCRYPT_LEVEL 94 +#define PIDX_ENCODER_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_ENCODER_PARAM_SAVE_PARAMETERS 95 +#define PIDX_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE 96 +#define PIDX_EXCHANGE_PARAM_KDF_DIGEST 97 +#define PIDX_EXCHANGE_PARAM_KDF_DIGEST_PROPS 98 +#define PIDX_EXCHANGE_PARAM_KDF_OUTLEN 99 +#define PIDX_EXCHANGE_PARAM_KDF_TYPE 100 +#define PIDX_EXCHANGE_PARAM_KDF_UKM 101 +#define PIDX_EXCHANGE_PARAM_PAD 102 +#define PIDX_GEN_PARAM_ITERATION 103 +#define PIDX_GEN_PARAM_POTENTIAL 104 +#define PIDX_KDF_PARAM_ARGON2_AD 105 +#define PIDX_KDF_PARAM_ARGON2_LANES 106 +#define PIDX_KDF_PARAM_ARGON2_MEMCOST 107 +#define PIDX_KDF_PARAM_ARGON2_VERSION 108 +#define PIDX_KDF_PARAM_CEK_ALG 109 +#define PIDX_KDF_PARAM_CIPHER PIDX_ALG_PARAM_CIPHER +#define PIDX_KDF_PARAM_CONSTANT 110 +#define PIDX_KDF_PARAM_DATA 111 +#define PIDX_KDF_PARAM_DIGEST PIDX_ALG_PARAM_DIGEST +#define PIDX_KDF_PARAM_EARLY_CLEAN 112 +#define PIDX_KDF_PARAM_HMACDRBG_ENTROPY 113 +#define PIDX_KDF_PARAM_HMACDRBG_NONCE 114 +#define PIDX_KDF_PARAM_INFO 115 +#define PIDX_KDF_PARAM_ITER 116 +#define PIDX_KDF_PARAM_KBKDF_R 117 +#define PIDX_KDF_PARAM_KBKDF_USE_L 118 +#define PIDX_KDF_PARAM_KBKDF_USE_SEPARATOR 119 +#define PIDX_KDF_PARAM_KEY 120 +#define PIDX_KDF_PARAM_LABEL 121 +#define PIDX_KDF_PARAM_MAC PIDX_ALG_PARAM_MAC +#define PIDX_KDF_PARAM_MAC_SIZE 122 +#define PIDX_KDF_PARAM_MODE 49 +#define PIDX_KDF_PARAM_PASSWORD 123 +#define PIDX_KDF_PARAM_PKCS12_ID 124 +#define PIDX_KDF_PARAM_PKCS5 125 +#define PIDX_KDF_PARAM_PREFIX 126 +#define PIDX_KDF_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_KDF_PARAM_SALT 127 +#define PIDX_KDF_PARAM_SCRYPT_MAXMEM 128 +#define PIDX_KDF_PARAM_SCRYPT_N 129 +#define PIDX_KDF_PARAM_SCRYPT_P 130 +#define PIDX_KDF_PARAM_SCRYPT_R 117 +#define PIDX_KDF_PARAM_SECRET 131 +#define PIDX_KDF_PARAM_SEED 132 +#define PIDX_KDF_PARAM_SIZE 74 +#define PIDX_KDF_PARAM_SSHKDF_SESSION_ID 133 +#define PIDX_KDF_PARAM_SSHKDF_TYPE 134 +#define PIDX_KDF_PARAM_SSHKDF_XCGHASH 135 +#define PIDX_KDF_PARAM_THREADS 136 +#define PIDX_KDF_PARAM_UKM 137 +#define PIDX_KDF_PARAM_X942_ACVPINFO 138 +#define PIDX_KDF_PARAM_X942_PARTYUINFO 139 +#define PIDX_KDF_PARAM_X942_PARTYVINFO 140 +#define PIDX_KDF_PARAM_X942_SUPP_PRIVINFO 141 +#define PIDX_KDF_PARAM_X942_SUPP_PUBINFO 142 +#define PIDX_KDF_PARAM_X942_USE_KEYBITS 143 +#define PIDX_KEM_PARAM_IKME 144 +#define PIDX_KEM_PARAM_OPERATION 145 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING 146 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA 147 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN 148 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_MODE 49 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_OPTIONS 149 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD 150 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC 151 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_TLSTREE 152 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_USE_ETM 153 +#define PIDX_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN 154 +#define PIDX_MAC_PARAM_BLOCK_SIZE 155 +#define PIDX_MAC_PARAM_CIPHER PIDX_ALG_PARAM_CIPHER +#define PIDX_MAC_PARAM_CUSTOM 156 +#define PIDX_MAC_PARAM_C_ROUNDS 157 +#define PIDX_MAC_PARAM_DIGEST PIDX_ALG_PARAM_DIGEST +#define PIDX_MAC_PARAM_DIGEST_NOINIT 158 +#define PIDX_MAC_PARAM_DIGEST_ONESHOT 159 +#define PIDX_MAC_PARAM_D_ROUNDS 160 +#define PIDX_MAC_PARAM_IV 46 +#define PIDX_MAC_PARAM_KEY 120 +#define PIDX_MAC_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_MAC_PARAM_SALT 127 +#define PIDX_MAC_PARAM_SIZE 74 +#define PIDX_MAC_PARAM_TLS_DATA_SIZE 161 +#define PIDX_MAC_PARAM_XOF 76 +#define PIDX_OBJECT_PARAM_DATA 111 +#define PIDX_OBJECT_PARAM_DATA_STRUCTURE 162 +#define PIDX_OBJECT_PARAM_DATA_TYPE 163 +#define PIDX_OBJECT_PARAM_DESC 164 +#define PIDX_OBJECT_PARAM_REFERENCE 165 +#define PIDX_OBJECT_PARAM_TYPE 134 +#define PIDX_PASSPHRASE_PARAM_INFO 115 +#define PIDX_PKEY_PARAM_BITS 166 +#define PIDX_PKEY_PARAM_CIPHER PIDX_ALG_PARAM_CIPHER +#define PIDX_PKEY_PARAM_DEFAULT_DIGEST 167 +#define PIDX_PKEY_PARAM_DHKEM_IKM 168 +#define PIDX_PKEY_PARAM_DH_GENERATOR 169 +#define PIDX_PKEY_PARAM_DH_PRIV_LEN 170 +#define PIDX_PKEY_PARAM_DIGEST PIDX_ALG_PARAM_DIGEST +#define PIDX_PKEY_PARAM_DIGEST_SIZE 171 +#define PIDX_PKEY_PARAM_DIST_ID 172 +#define PIDX_PKEY_PARAM_EC_A 173 +#define PIDX_PKEY_PARAM_EC_B 174 +#define PIDX_PKEY_PARAM_EC_CHAR2_M 175 +#define PIDX_PKEY_PARAM_EC_CHAR2_PP_K1 176 +#define PIDX_PKEY_PARAM_EC_CHAR2_PP_K2 177 +#define PIDX_PKEY_PARAM_EC_CHAR2_PP_K3 178 +#define PIDX_PKEY_PARAM_EC_CHAR2_TP_BASIS 179 +#define PIDX_PKEY_PARAM_EC_CHAR2_TYPE 180 +#define PIDX_PKEY_PARAM_EC_COFACTOR 181 +#define PIDX_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS 182 +#define PIDX_PKEY_PARAM_EC_ENCODING 183 +#define PIDX_PKEY_PARAM_EC_FIELD_TYPE 184 +#define PIDX_PKEY_PARAM_EC_GENERATOR 185 +#define PIDX_PKEY_PARAM_EC_GROUP_CHECK_TYPE 186 +#define PIDX_PKEY_PARAM_EC_INCLUDE_PUBLIC 187 +#define PIDX_PKEY_PARAM_EC_ORDER 188 +#define PIDX_PKEY_PARAM_EC_P 130 +#define PIDX_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT 189 +#define PIDX_PKEY_PARAM_EC_PUB_X 190 +#define PIDX_PKEY_PARAM_EC_PUB_Y 191 +#define PIDX_PKEY_PARAM_EC_SEED 132 +#define PIDX_PKEY_PARAM_ENCODED_PUBLIC_KEY 192 +#define PIDX_PKEY_PARAM_ENGINE PIDX_ALG_PARAM_ENGINE +#define PIDX_PKEY_PARAM_FFC_COFACTOR 193 +#define PIDX_PKEY_PARAM_FFC_DIGEST PIDX_PKEY_PARAM_DIGEST +#define PIDX_PKEY_PARAM_FFC_DIGEST_PROPS PIDX_PKEY_PARAM_PROPERTIES +#define PIDX_PKEY_PARAM_FFC_G 194 +#define PIDX_PKEY_PARAM_FFC_GINDEX 195 +#define PIDX_PKEY_PARAM_FFC_H 196 +#define PIDX_PKEY_PARAM_FFC_P 130 +#define PIDX_PKEY_PARAM_FFC_PBITS 197 +#define PIDX_PKEY_PARAM_FFC_PCOUNTER 198 +#define PIDX_PKEY_PARAM_FFC_Q 199 +#define PIDX_PKEY_PARAM_FFC_QBITS 200 +#define PIDX_PKEY_PARAM_FFC_SEED 132 +#define PIDX_PKEY_PARAM_FFC_TYPE 134 +#define PIDX_PKEY_PARAM_FFC_VALIDATE_G 201 +#define PIDX_PKEY_PARAM_FFC_VALIDATE_LEGACY 202 +#define PIDX_PKEY_PARAM_FFC_VALIDATE_PQ 203 +#define PIDX_PKEY_PARAM_GROUP_NAME 204 +#define PIDX_PKEY_PARAM_IMPLICIT_REJECTION 5 +#define PIDX_PKEY_PARAM_MANDATORY_DIGEST 205 +#define PIDX_PKEY_PARAM_MASKGENFUNC 206 +#define PIDX_PKEY_PARAM_MAX_SIZE 207 +#define PIDX_PKEY_PARAM_MGF1_DIGEST 208 +#define PIDX_PKEY_PARAM_MGF1_PROPERTIES 209 +#define PIDX_PKEY_PARAM_PAD_MODE 210 +#define PIDX_PKEY_PARAM_PRIV_KEY 211 +#define PIDX_PKEY_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_PKEY_PARAM_PUB_KEY 212 +#define PIDX_PKEY_PARAM_RSA_BITS PIDX_PKEY_PARAM_BITS +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT 213 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT1 214 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT2 215 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT3 216 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT4 217 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT5 218 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT6 219 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT7 220 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT8 221 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT9 222 +#define PIDX_PKEY_PARAM_RSA_D 223 +#define PIDX_PKEY_PARAM_RSA_DIGEST PIDX_PKEY_PARAM_DIGEST +#define PIDX_PKEY_PARAM_RSA_DIGEST_PROPS PIDX_PKEY_PARAM_PROPERTIES +#define PIDX_PKEY_PARAM_RSA_E 224 +#define PIDX_PKEY_PARAM_RSA_EXPONENT 225 +#define PIDX_PKEY_PARAM_RSA_EXPONENT1 226 +#define PIDX_PKEY_PARAM_RSA_EXPONENT10 227 +#define PIDX_PKEY_PARAM_RSA_EXPONENT2 228 +#define PIDX_PKEY_PARAM_RSA_EXPONENT3 229 +#define PIDX_PKEY_PARAM_RSA_EXPONENT4 230 +#define PIDX_PKEY_PARAM_RSA_EXPONENT5 231 +#define PIDX_PKEY_PARAM_RSA_EXPONENT6 232 +#define PIDX_PKEY_PARAM_RSA_EXPONENT7 233 +#define PIDX_PKEY_PARAM_RSA_EXPONENT8 234 +#define PIDX_PKEY_PARAM_RSA_EXPONENT9 235 +#define PIDX_PKEY_PARAM_RSA_FACTOR 236 +#define PIDX_PKEY_PARAM_RSA_FACTOR1 237 +#define PIDX_PKEY_PARAM_RSA_FACTOR10 238 +#define PIDX_PKEY_PARAM_RSA_FACTOR2 239 +#define PIDX_PKEY_PARAM_RSA_FACTOR3 240 +#define PIDX_PKEY_PARAM_RSA_FACTOR4 241 +#define PIDX_PKEY_PARAM_RSA_FACTOR5 242 +#define PIDX_PKEY_PARAM_RSA_FACTOR6 243 +#define PIDX_PKEY_PARAM_RSA_FACTOR7 244 +#define PIDX_PKEY_PARAM_RSA_FACTOR8 245 +#define PIDX_PKEY_PARAM_RSA_FACTOR9 246 +#define PIDX_PKEY_PARAM_RSA_MASKGENFUNC PIDX_PKEY_PARAM_MASKGENFUNC +#define PIDX_PKEY_PARAM_RSA_MGF1_DIGEST PIDX_PKEY_PARAM_MGF1_DIGEST +#define PIDX_PKEY_PARAM_RSA_N 129 +#define PIDX_PKEY_PARAM_RSA_PRIMES 247 +#define PIDX_PKEY_PARAM_RSA_PSS_SALTLEN 248 +#define PIDX_PKEY_PARAM_RSA_TEST_P1 249 +#define PIDX_PKEY_PARAM_RSA_TEST_P2 250 +#define PIDX_PKEY_PARAM_RSA_TEST_Q1 251 +#define PIDX_PKEY_PARAM_RSA_TEST_Q2 252 +#define PIDX_PKEY_PARAM_RSA_TEST_XP 253 +#define PIDX_PKEY_PARAM_RSA_TEST_XP1 254 +#define PIDX_PKEY_PARAM_RSA_TEST_XP2 255 +#define PIDX_PKEY_PARAM_RSA_TEST_XQ 256 +#define PIDX_PKEY_PARAM_RSA_TEST_XQ1 257 +#define PIDX_PKEY_PARAM_RSA_TEST_XQ2 258 +#define PIDX_PKEY_PARAM_SECURITY_BITS 259 +#define PIDX_PKEY_PARAM_USE_COFACTOR_ECDH PIDX_PKEY_PARAM_USE_COFACTOR_FLAG +#define PIDX_PKEY_PARAM_USE_COFACTOR_FLAG 260 +#define PIDX_PROV_PARAM_BUILDINFO 261 +#define PIDX_PROV_PARAM_CORE_MODULE_FILENAME 262 +#define PIDX_PROV_PARAM_CORE_PROV_NAME 263 +#define PIDX_PROV_PARAM_CORE_VERSION 264 +#define PIDX_PROV_PARAM_DRBG_TRUNC_DIGEST 265 +#define PIDX_PROV_PARAM_NAME 266 +#define PIDX_PROV_PARAM_SECURITY_CHECKS 267 +#define PIDX_PROV_PARAM_SELF_TEST_DESC 268 +#define PIDX_PROV_PARAM_SELF_TEST_PHASE 269 +#define PIDX_PROV_PARAM_SELF_TEST_TYPE 270 +#define PIDX_PROV_PARAM_STATUS 271 +#define PIDX_PROV_PARAM_TLS1_PRF_EMS_CHECK 272 +#define PIDX_PROV_PARAM_VERSION 108 +#define PIDX_RAND_PARAM_GENERATE 273 +#define PIDX_RAND_PARAM_MAX_REQUEST 274 +#define PIDX_RAND_PARAM_STATE 275 +#define PIDX_RAND_PARAM_STRENGTH 276 +#define PIDX_RAND_PARAM_TEST_ENTROPY 277 +#define PIDX_RAND_PARAM_TEST_NONCE 278 +#define PIDX_SIGNATURE_PARAM_ALGORITHM_ID 279 +#define PIDX_SIGNATURE_PARAM_CONTEXT_STRING 280 +#define PIDX_SIGNATURE_PARAM_DIGEST PIDX_PKEY_PARAM_DIGEST +#define PIDX_SIGNATURE_PARAM_DIGEST_SIZE PIDX_PKEY_PARAM_DIGEST_SIZE +#define PIDX_SIGNATURE_PARAM_INSTANCE 281 +#define PIDX_SIGNATURE_PARAM_KAT 282 +#define PIDX_SIGNATURE_PARAM_MGF1_DIGEST PIDX_PKEY_PARAM_MGF1_DIGEST +#define PIDX_SIGNATURE_PARAM_MGF1_PROPERTIES PIDX_PKEY_PARAM_MGF1_PROPERTIES +#define PIDX_SIGNATURE_PARAM_NONCE_TYPE 283 +#define PIDX_SIGNATURE_PARAM_PAD_MODE PIDX_PKEY_PARAM_PAD_MODE +#define PIDX_SIGNATURE_PARAM_PROPERTIES PIDX_PKEY_PARAM_PROPERTIES +#define PIDX_SIGNATURE_PARAM_PSS_SALTLEN 248 +#define PIDX_STORE_PARAM_ALIAS 284 +#define PIDX_STORE_PARAM_DIGEST 1 +#define PIDX_STORE_PARAM_EXPECT 285 +#define PIDX_STORE_PARAM_FINGERPRINT 286 +#define PIDX_STORE_PARAM_INPUT_TYPE 287 +#define PIDX_STORE_PARAM_ISSUER 266 +#define PIDX_STORE_PARAM_PROPERTIES 4 +#define PIDX_STORE_PARAM_SERIAL 288 +#define PIDX_STORE_PARAM_SUBJECT 289 diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/param_names.h.in b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/param_names.h.in new file mode 100644 index 00000000..f34db219 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/param_names.h.in @@ -0,0 +1,18 @@ +/* + * {- join("\n * ", @autowarntext) -} + * + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +{- +use OpenSSL::paramnames qw(generate_internal_macros); +-} + +int ossl_param_find_pidx(const char *s); + +/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */ +{- generate_internal_macros(); -} diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/params.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/params.h new file mode 100644 index 00000000..3fbd0cf9 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/params.h @@ -0,0 +1,38 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +/* + * Extract the parameter into an allocated buffer. + * Any existing allocation in *out is cleared and freed. + * + * Returns 1 on success, 0 on failure and -1 if there are no matching params. + * + * *out and *out_len are guaranteed to be untouched if this function + * doesn't return success. + */ +int ossl_param_get1_octet_string(const OSSL_PARAM *params, const char *name, + unsigned char **out, size_t *out_len); +/* + * Concatenate all of the matching params together. + * *out will point to an allocated buffer on successful return. + * Any existing allocation in *out is cleared and freed. + * + * Passing 0 for maxsize means unlimited size output. + * + * Returns 1 on success, 0 on failure and -1 if there are no matching params. + * + * *out and *out_len are guaranteed to be untouched if this function + * doesn't return success. + */ +int ossl_param_get1_concat_octet_string(const OSSL_PARAM *params, const char *name, + unsigned char **out, size_t *out_len, + size_t maxsize); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/priority_queue.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/priority_queue.h new file mode 100644 index 00000000..5be03bf1 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/priority_queue.h @@ -0,0 +1,88 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_PRIORITY_QUEUE_H +# define OSSL_INTERNAL_PRIORITY_QUEUE_H +# pragma once + +# include +# include + +# define PRIORITY_QUEUE_OF(type) OSSL_PRIORITY_QUEUE_ ## type + +# define DEFINE_PRIORITY_QUEUE_OF_INTERNAL(type, ctype) \ + typedef struct ossl_priority_queue_st_ ## type PRIORITY_QUEUE_OF(type); \ + static ossl_unused ossl_inline PRIORITY_QUEUE_OF(type) * \ + ossl_pqueue_##type##_new(int (*compare)(const ctype *, const ctype *)) \ + { \ + return (PRIORITY_QUEUE_OF(type) *)ossl_pqueue_new( \ + (int (*)(const void *, const void *))compare); \ + } \ + static ossl_unused ossl_inline void \ + ossl_pqueue_##type##_free(PRIORITY_QUEUE_OF(type) *pq) \ + { \ + ossl_pqueue_free((OSSL_PQUEUE *)pq); \ + } \ + static ossl_unused ossl_inline void \ + ossl_pqueue_##type##_pop_free(PRIORITY_QUEUE_OF(type) *pq, \ + void (*freefunc)(ctype *)) \ + { \ + ossl_pqueue_pop_free((OSSL_PQUEUE *)pq, (void (*)(void *))freefunc);\ + } \ + static ossl_unused ossl_inline int \ + ossl_pqueue_##type##_reserve(PRIORITY_QUEUE_OF(type) *pq, size_t n) \ + { \ + return ossl_pqueue_reserve((OSSL_PQUEUE *)pq, n); \ + } \ + static ossl_unused ossl_inline size_t \ + ossl_pqueue_##type##_num(const PRIORITY_QUEUE_OF(type) *pq) \ + { \ + return ossl_pqueue_num((OSSL_PQUEUE *)pq); \ + } \ + static ossl_unused ossl_inline int \ + ossl_pqueue_##type##_push(PRIORITY_QUEUE_OF(type) *pq, \ + ctype *data, size_t *elem) \ + { \ + return ossl_pqueue_push((OSSL_PQUEUE *)pq, (void *)data, elem); \ + } \ + static ossl_unused ossl_inline ctype * \ + ossl_pqueue_##type##_peek(const PRIORITY_QUEUE_OF(type) *pq) \ + { \ + return (type *)ossl_pqueue_peek((OSSL_PQUEUE *)pq); \ + } \ + static ossl_unused ossl_inline ctype * \ + ossl_pqueue_##type##_pop(PRIORITY_QUEUE_OF(type) *pq) \ + { \ + return (type *)ossl_pqueue_pop((OSSL_PQUEUE *)pq); \ + } \ + static ossl_unused ossl_inline ctype * \ + ossl_pqueue_##type##_remove(PRIORITY_QUEUE_OF(type) *pq, \ + size_t elem) \ + { \ + return (type *)ossl_pqueue_remove((OSSL_PQUEUE *)pq, elem); \ + } \ + struct ossl_priority_queue_st_ ## type + +# define DEFINE_PRIORITY_QUEUE_OF(type) \ + DEFINE_PRIORITY_QUEUE_OF_INTERNAL(type, type) + +typedef struct ossl_pqueue_st OSSL_PQUEUE; + +OSSL_PQUEUE *ossl_pqueue_new(int (*compare)(const void *, const void *)); +void ossl_pqueue_free(OSSL_PQUEUE *pq); +void ossl_pqueue_pop_free(OSSL_PQUEUE *pq, void (*freefunc)(void *)); +int ossl_pqueue_reserve(OSSL_PQUEUE *pq, size_t n); + +size_t ossl_pqueue_num(const OSSL_PQUEUE *pq); +int ossl_pqueue_push(OSSL_PQUEUE *pq, void *data, size_t *elem); +void *ossl_pqueue_peek(const OSSL_PQUEUE *pq); +void *ossl_pqueue_pop(OSSL_PQUEUE *pq); +void *ossl_pqueue_remove(OSSL_PQUEUE *pq, size_t elem); + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/property.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/property.h index d09274d0..3adff499 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/property.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/property.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/provider.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/provider.h index 18937f84..ab41d643 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/provider.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/provider.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,7 +32,7 @@ OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name, int noconfig); OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name, OSSL_provider_init_fn *init_function, - int noconfig); + OSSL_PARAM *params, int noconfig); int ossl_provider_up_ref(OSSL_PROVIDER *prov); void ossl_provider_free(OSSL_PROVIDER *prov); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_ackm.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_ackm.h new file mode 100644 index 00000000..03fc6088 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_ackm.h @@ -0,0 +1,297 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef OSSL_QUIC_ACKM_H +# define OSSL_QUIC_ACKM_H + +# include "internal/quic_statm.h" +# include "internal/quic_cc.h" +# include "internal/quic_types.h" +# include "internal/quic_wire.h" +# include "internal/time.h" +# include "internal/list.h" + +# ifndef OPENSSL_NO_QUIC + +typedef struct ossl_ackm_st OSSL_ACKM; + +OSSL_ACKM *ossl_ackm_new(OSSL_TIME (*now)(void *arg), + void *now_arg, + OSSL_STATM *statm, + const OSSL_CC_METHOD *cc_method, + OSSL_CC_DATA *cc_data); +void ossl_ackm_free(OSSL_ACKM *ackm); + +void ossl_ackm_set_loss_detection_deadline_callback(OSSL_ACKM *ackm, + void (*fn)(OSSL_TIME deadline, + void *arg), + void *arg); + +void ossl_ackm_set_ack_deadline_callback(OSSL_ACKM *ackm, + void (*fn)(OSSL_TIME deadline, + int pkt_space, + void *arg), + void *arg); + +/* + * Configures the RX-side maximum ACK delay. This is the maximum amount of time + * the peer is allowed to delay sending an ACK frame after receiving an + * ACK-eliciting packet. The peer communicates this value via a transport + * parameter and it must be provided to the ACKM. + */ +void ossl_ackm_set_rx_max_ack_delay(OSSL_ACKM *ackm, OSSL_TIME rx_max_ack_delay); + +/* + * Configures the TX-side maximum ACK delay. This is the maximum amount of time + * we are allowed to delay sending an ACK frame after receiving an ACK-eliciting + * packet. Note that this cannot be changed after a connection is established as + * it must be accurately reported in the transport parameters we send to our + * peer. + */ +void ossl_ackm_set_tx_max_ack_delay(OSSL_ACKM *ackm, OSSL_TIME tx_max_ack_delay); + +typedef struct ossl_ackm_tx_pkt_st OSSL_ACKM_TX_PKT; +struct ossl_ackm_tx_pkt_st { + /* The packet number of the transmitted packet. */ + QUIC_PN pkt_num; + + /* The number of bytes in the packet which was sent. */ + size_t num_bytes; + + /* The time at which the packet was sent. */ + OSSL_TIME time; + + /* + * If the packet being described by this structure contains an ACK frame, + * this must be set to the largest PN ACK'd by that frame. + * + * Otherwise, it should be set to QUIC_PN_INVALID. + * + * This is necessary to bound the number of PNs we have to keep track of on + * the RX side (RFC 9000 s. 13.2.4). It allows older PN tracking information + * on the RX side to be discarded. + */ + QUIC_PN largest_acked; + + /* + * One of the QUIC_PN_SPACE_* values. This qualifies the pkt_num field + * into a packet number space. + */ + unsigned int pkt_space :2; + + /* + * 1 if the packet is in flight. A packet is considered 'in flight' if it is + * counted for purposes of congestion control and 'bytes in flight' counts. + * Most packets are considered in flight. The only circumstance where a + * numbered packet is not considered in flight is if it contains only ACK + * frames (not even PADDING frames), as these frames can bypass CC. + */ + unsigned int is_inflight :1; + + /* + * 1 if the packet has one or more ACK-eliciting frames. + * Note that if this is set, is_inflight must be set. + */ + unsigned int is_ack_eliciting :1; + + /* 1 if the packet is a PTO probe. */ + unsigned int is_pto_probe :1; + + /* 1 if the packet is an MTU probe. */ + unsigned int is_mtu_probe :1; + + /* Callback called if frames in this packet are lost. arg is cb_arg. */ + void (*on_lost)(void *arg); + /* Callback called if frames in this packet are acked. arg is cb_arg. */ + void (*on_acked)(void *arg); + /* + * Callback called if frames in this packet are neither acked nor lost. arg + * is cb_arg. + */ + void (*on_discarded)(void *arg); + void *cb_arg; + + /* + * (Internal use fields; must be zero-initialized.) + * + * Keep a TX history list, anext is used to manifest + * a singly-linked list of newly-acknowledged packets, and lnext is used to + * manifest a singly-linked list of newly lost packets. + */ + OSSL_LIST_MEMBER(tx_history, OSSL_ACKM_TX_PKT); + + struct ossl_ackm_tx_pkt_st *anext; + struct ossl_ackm_tx_pkt_st *lnext; +}; + +int ossl_ackm_on_tx_packet(OSSL_ACKM *ackm, OSSL_ACKM_TX_PKT *pkt); +int ossl_ackm_on_rx_datagram(OSSL_ACKM *ackm, size_t num_bytes); + +# define OSSL_ACKM_ECN_NONE 0 +# define OSSL_ACKM_ECN_ECT1 1 +# define OSSL_ACKM_ECN_ECT0 2 +# define OSSL_ACKM_ECN_ECNCE 3 + +typedef struct ossl_ackm_rx_pkt_st { + /* The packet number of the received packet. */ + QUIC_PN pkt_num; + + /* The time at which the packet was received. */ + OSSL_TIME time; + + /* + * One of the QUIC_PN_SPACE_* values. This qualifies the pkt_num field + * into a packet number space. + */ + unsigned int pkt_space :2; + + /* 1 if the packet has one or more ACK-eliciting frames. */ + unsigned int is_ack_eliciting :1; + + /* + * One of the OSSL_ACKM_ECN_* values. This is the ECN labelling applied to + * the received packet. If unknown, use OSSL_ACKM_ECN_NONE. + */ + unsigned int ecn :2; +} OSSL_ACKM_RX_PKT; + +int ossl_ackm_on_rx_packet(OSSL_ACKM *ackm, const OSSL_ACKM_RX_PKT *pkt); + +int ossl_ackm_on_rx_ack_frame(OSSL_ACKM *ackm, const OSSL_QUIC_FRAME_ACK *ack, + int pkt_space, OSSL_TIME rx_time); + +/* + * Discards a PN space. This must be called for a PN space before freeing the + * ACKM if you want in-flight packets to have their discarded callbacks called. + * This should never be called in ordinary QUIC usage for the Application Data + * PN space, but it may be called for the Application Data PN space prior to + * freeing the ACKM to simplify teardown implementations. + */ +int ossl_ackm_on_pkt_space_discarded(OSSL_ACKM *ackm, int pkt_space); + +int ossl_ackm_on_handshake_confirmed(OSSL_ACKM *ackm); +int ossl_ackm_on_timeout(OSSL_ACKM *ackm); + +OSSL_TIME ossl_ackm_get_loss_detection_deadline(OSSL_ACKM *ackm); + +/* + * Generates an ACK frame, regardless of whether the ACK manager thinks + * one should currently be sent. + * + * This clears the flag returned by ossl_ackm_is_ack_desired and the deadline + * returned by ossl_ackm_get_ack_deadline. + */ +const OSSL_QUIC_FRAME_ACK *ossl_ackm_get_ack_frame(OSSL_ACKM *ackm, + int pkt_space); + +/* + * Returns the deadline after which an ACK frame should be generated by calling + * ossl_ackm_get_ack_frame, or OSSL_TIME_INFINITY if no deadline is currently + * applicable. If the deadline has already passed, this function may return that + * deadline, or may return OSSL_TIME_ZERO. + */ +OSSL_TIME ossl_ackm_get_ack_deadline(OSSL_ACKM *ackm, int pkt_space); + +/* + * Returns 1 if the ACK manager thinks an ACK frame ought to be generated and + * sent at this time. ossl_ackm_get_ack_frame will always provide an ACK frame + * whether or not this returns 1, so it is suggested that you call this function + * first to determine whether you need to generate an ACK frame. + * + * The return value of this function can change based on calls to + * ossl_ackm_on_rx_packet and based on the passage of time (see + * ossl_ackm_get_ack_deadline). + */ +int ossl_ackm_is_ack_desired(OSSL_ACKM *ackm, int pkt_space); + +/* + * Returns 1 if the given RX PN is 'processable'. A processable PN is one that + * is not either + * + * - duplicate, meaning that we have already been passed such a PN in a call + * to ossl_ackm_on_rx_packet; or + * + * - written off, meaning that the PN is so old we have stopped tracking state + * for it (meaning that we cannot tell whether it is a duplicate and cannot + * process it safely). + * + * This should be called for a packet before attempting to process its contents. + * Failure to do so may result in processing a duplicated packet in violation of + * the RFC. + * + * The return value of this function transitions from 1 to 0 for a given PN once + * that PN is passed to ossl_ackm_on_rx_packet, thus this function must be used + * before calling ossl_ackm_on_rx_packet. + */ +int ossl_ackm_is_rx_pn_processable(OSSL_ACKM *ackm, QUIC_PN pn, int pkt_space); + +typedef struct ossl_ackm_probe_info_st { + /* + * The following two probe request types are used only for anti-deadlock + * purposes in relation to the anti-amplification logic, by generating + * packets to buy ourselves more anti-amplification credit with the server + * until a client address is verified. Note that like all Initial packets, + * any Initial probes are padded. + * + * Note: The ACKM will only ever increase these by one at a time, + * as only one probe packet should be generated for these cases. + */ + uint32_t anti_deadlock_initial, anti_deadlock_handshake; + + /* + * Send an ACK-eliciting packet for each count here. + * + * Note: The ACKM may increase this by either one or two for each probe + * request, depending on how many probe packets it thinks should be + * generated. + */ + uint32_t pto[QUIC_PN_SPACE_NUM]; +} OSSL_ACKM_PROBE_INFO; + +/* + * Returns a pointer to a structure counting any pending probe requests which + * have been generated by the ACKM. The fields in the structure are incremented + * by one every time the ACKM wants another probe of the given type to be sent. + * If the ACKM thinks two packets should be generated for a probe, it will + * increment the field twice. + * + * It is permissible for the caller to decrement or zero these fields to keep + * track of when it has generated a probe as asked. The returned structure + * has the same lifetime as the ACKM. + * + * This function should be called after calling e.g. ossl_ackm_on_timeout + * to determine if any probe requests have been generated. + */ +OSSL_ACKM_PROBE_INFO *ossl_ackm_get0_probe_request(OSSL_ACKM *ackm); + +int ossl_ackm_get_largest_unacked(OSSL_ACKM *ackm, int pkt_space, QUIC_PN *pn); + +/* + * Forces the ACKM to consider a packet with the given PN in the given PN space + * as having been pseudo-lost. The main reason to use this is during a Retry, to + * force any resources sent in the first Initial packet to be resent. + * + * The lost callback is called for the packet, but the packet is NOT considered + * lost for congestion control purposes. Thus this is not exactly the same as a + * true loss situation. + */ +int ossl_ackm_mark_packet_pseudo_lost(OSSL_ACKM *ackm, + int pkt_space, QUIC_PN pn); + +/* + * Returns the PTO duration as currently calculated. This is a quantity of time. + * This duration is used in various parts of QUIC besides the ACKM. + */ +OSSL_TIME ossl_ackm_get_pto_duration(OSSL_ACKM *ackm); + +/* Returns the largest acked PN in the given PN space. */ +QUIC_PN ossl_ackm_get_largest_acked(OSSL_ACKM *ackm, int pkt_space); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_cc.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_cc.h new file mode 100644 index 00000000..60c710b0 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_cc.h @@ -0,0 +1,219 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef OSSL_QUIC_CC_H +# define OSSL_QUIC_CC_H + +#include "openssl/params.h" +#include "internal/time.h" + +# ifndef OPENSSL_NO_QUIC + +typedef struct ossl_cc_data_st OSSL_CC_DATA; + +typedef struct ossl_cc_ack_info_st { + /* The time the packet being acknowledged was originally sent. */ + OSSL_TIME tx_time; + + /* The size in bytes of the packet being acknowledged. */ + size_t tx_size; +} OSSL_CC_ACK_INFO; + +typedef struct ossl_cc_loss_info_st { + /* The time the packet being lost was originally sent. */ + OSSL_TIME tx_time; + + /* The size in bytes of the packet which has been determined lost. */ + size_t tx_size; +} OSSL_CC_LOSS_INFO; + +typedef struct ossl_cc_ecn_info_st { + /* + * The time at which the largest acked PN (in the incoming ACK frame) was + * sent. + */ + OSSL_TIME largest_acked_time; +} OSSL_CC_ECN_INFO; + +/* Parameter (read-write): Maximum datagram payload length in bytes. */ +#define OSSL_CC_OPTION_MAX_DGRAM_PAYLOAD_LEN "max_dgram_payload_len" + +/* Diagnostic (read-only): current congestion window size in bytes. */ +#define OSSL_CC_OPTION_CUR_CWND_SIZE "cur_cwnd_size" + +/* Diagnostic (read-only): minimum congestion window size in bytes. */ +#define OSSL_CC_OPTION_MIN_CWND_SIZE "min_cwnd_size" + +/* Diagnostic (read-only): current net bytes in flight. */ +#define OSSL_CC_OPTION_CUR_BYTES_IN_FLIGHT "bytes_in_flight" + +/* Diagnostic (read-only): method-specific state value. */ +#define OSSL_CC_OPTION_CUR_STATE "cur_state" + +/* + * Congestion control abstract interface. + * + * This interface is broadly based on the design described in RFC 9002. However, + * the demarcation between the ACKM and the congestion controller does not + * exactly match that delineated in the RFC 9002 pseudocode. Where aspects of + * the demarcation involve the congestion controller accessing internal state of + * the ACKM, the interface has been revised where possible to provide the + * information needed by the congestion controller and avoid needing to give the + * congestion controller access to the ACKM's internal data structures. + * + * Particular changes include: + * + * - In our implementation, it is the responsibility of the ACKM to determine + * if a loss event constitutes persistent congestion. + * + * - In our implementation, it is the responsibility of the ACKM to determine + * if the ECN-CE counter has increased. The congestion controller is simply + * informed when an ECN-CE event occurs. + * + * All of these changes are intended to avoid having a congestion controller + * have to access ACKM internal state. + */ +#define OSSL_CC_LOST_FLAG_PERSISTENT_CONGESTION (1U << 0) + +typedef struct ossl_cc_method_st { + /* + * Instantiation. + */ + OSSL_CC_DATA *(*new)(OSSL_TIME (*now_cb)(void *arg), + void *now_cb_arg); + + void (*free)(OSSL_CC_DATA *ccdata); + + /* + * Reset of state. + */ + void (*reset)(OSSL_CC_DATA *ccdata); + + /* + * Escape hatch for option configuration. + * + * params is an array of OSSL_PARAM structures. + * + * Returns 1 on success and 0 on failure. + */ + int (*set_input_params)(OSSL_CC_DATA *ccdata, + const OSSL_PARAM *params); + + /* + * (Re)bind output (diagnostic) information. + * + * params is an array of OSSL_PARAM structures used to output values. The + * storage locations associated with each parameter are stored internally + * and updated whenever the state of the congestion controller is updated; + * thus, the storage locations associated with the OSSL_PARAMs passed in the + * call to this function must remain valid until the congestion controller + * is freed or those parameters are unbound. A given parameter name may be + * bound to only one location at a time. The params structures themselves + * do not need to remain allocated after this call returns. + * + * Returns 1 on success and 0 on failure. + */ + int (*bind_diagnostics)(OSSL_CC_DATA *ccdata, + OSSL_PARAM *params); + + /* + * Unbind diagnostic information. The parameters with the given names are + * unbound, cancelling the effects of a previous call to bind_diagnostic(). + * params is an array of OSSL_PARAMs. The values of the parameters are + * ignored. If a parameter is already unbound, there is no effect for that + * parameter but other parameters are still unbound. + * + * Returns 1 on success or 0 on failure. + */ + int (*unbind_diagnostics)(OSSL_CC_DATA *ccdata, + OSSL_PARAM *params); + + /* + * Returns the amount of additional data (above and beyond the data + * currently in flight) which can be sent in bytes. Returns 0 if no more + * data can be sent at this time. The return value of this method + * can vary as time passes. + */ + uint64_t (*get_tx_allowance)(OSSL_CC_DATA *ccdata); + + /* + * Returns the time at which the return value of get_tx_allowance might be + * higher than its current value. This is not a guarantee and spurious + * wakeups are allowed. Returns ossl_time_infinite() if there is no current + * wakeup deadline. + */ + OSSL_TIME (*get_wakeup_deadline)(OSSL_CC_DATA *ccdata); + + /* + * The On Data Sent event. num_bytes should be the size of the packet in + * bytes (or the aggregate size of multiple packets which have just been + * sent). + */ + int (*on_data_sent)(OSSL_CC_DATA *ccdata, + uint64_t num_bytes); + + /* + * The On Data Acked event. See OSSL_CC_ACK_INFO structure for details + * of the information to be passed. + */ + int (*on_data_acked)(OSSL_CC_DATA *ccdata, + const OSSL_CC_ACK_INFO *info); + + /* + * The On Data Lost event. See OSSL_CC_LOSS_INFO structure for details + * of the information to be passed. + * + * Note: When the ACKM determines that a set of multiple packets has been + * lost, it is useful for a congestion control algorithm to be able to + * process this as a single loss event rather than multiple loss events. + * Thus, calling this function may cause the congestion controller to defer + * state updates under the assumption that subsequent calls to + * on_data_lost() representing further lost packets in the same loss event + * may be forthcoming. Always call on_data_lost_finished() after one or more + * calls to on_data_lost(). + */ + int (*on_data_lost)(OSSL_CC_DATA *ccdata, + const OSSL_CC_LOSS_INFO *info); + + /* + * To be called after a sequence of one or more on_data_lost() calls + * representing multiple packets in a single loss detection incident. + * + * Flags may be 0 or OSSL_CC_LOST_FLAG_PERSISTENT_CONGESTION. + */ + int (*on_data_lost_finished)(OSSL_CC_DATA *ccdata, uint32_t flags); + + /* + * For use when a PN space is invalidated or a packet must otherwise be + * 'undone' for congestion control purposes without acting as a loss signal. + * Only the size of the packet is needed. + */ + int (*on_data_invalidated)(OSSL_CC_DATA *ccdata, + uint64_t num_bytes); + + /* + * Called from the ACKM when detecting an increased ECN-CE value in an ACK + * frame. This indicates congestion. + * + * Note that this differs from the RFC's conceptual segregation of the loss + * detection and congestion controller functions, as in our implementation + * the ACKM is responsible for detecting increases to ECN-CE and simply + * tells the congestion controller when ECN-triggered congestion has + * occurred. This allows a slightly more efficient implementation and + * narrower interface between the ACKM and CC. + */ + int (*on_ecn)(OSSL_CC_DATA *ccdata, + const OSSL_CC_ECN_INFO *info); +} OSSL_CC_METHOD; + +extern const OSSL_CC_METHOD ossl_cc_dummy_method; +extern const OSSL_CC_METHOD ossl_cc_newreno_method; + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_cfq.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_cfq.h new file mode 100644 index 00000000..22c436dc --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_cfq.h @@ -0,0 +1,154 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_CFQ_H +# define OSSL_QUIC_CFQ_H + +# include +# include "internal/quic_types.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Control Frame Queue Item + * ============================= + * + * The CFQ item structure has a public and a private part. This structure + * documents the public part. + */ +typedef struct quic_cfq_item_st QUIC_CFQ_ITEM; + +struct quic_cfq_item_st { + /* + * These fields are not used by the CFQ, but are a convenience to assist the + * TXPIM in keeping a list of GCR control frames which were sent in a + * packet. They may be used for any purpose. + */ + QUIC_CFQ_ITEM *pkt_prev, *pkt_next; + + /* All other fields are private; use ossl_quic_cfq_item_* accessors. */ +}; + +# define QUIC_CFQ_STATE_NEW 0 +# define QUIC_CFQ_STATE_TX 1 + +/* If set, do not retransmit on loss */ +#define QUIC_CFQ_ITEM_FLAG_UNRELIABLE (1U << 0) + +/* Returns the frame type of a CFQ item. */ +uint64_t ossl_quic_cfq_item_get_frame_type(const QUIC_CFQ_ITEM *item); + +/* Returns a pointer to the encoded buffer of a CFQ item. */ +const unsigned char *ossl_quic_cfq_item_get_encoded(const QUIC_CFQ_ITEM *item); + +/* Returns the length of the encoded buffer in bytes. */ +size_t ossl_quic_cfq_item_get_encoded_len(const QUIC_CFQ_ITEM *item); + +/* Returns the CFQ item state, a QUIC_CFQ_STATE_* value. */ +int ossl_quic_cfq_item_get_state(const QUIC_CFQ_ITEM *item); + +/* Returns the PN space for the CFQ item. */ +uint32_t ossl_quic_cfq_item_get_pn_space(const QUIC_CFQ_ITEM *item); + +/* Returns 1 if this is an unreliable frame. */ +int ossl_quic_cfq_item_is_unreliable(const QUIC_CFQ_ITEM *item); + +/* + * QUIC Control Frame Queue + * ======================== + */ +typedef struct quic_cfq_st QUIC_CFQ; + +QUIC_CFQ *ossl_quic_cfq_new(void); +void ossl_quic_cfq_free(QUIC_CFQ *cfq); + +/* + * Input Side + * ---------- + */ + +/* + * Enqueue a frame to the CFQ. + * + * encoded points to the opaque encoded frame. + * + * free_cb is called by the CFQ when the buffer is no longer needed; + * free_cb_arg is an opaque value passed to free_cb. + * + * priority determines the relative ordering of control frames in a packet. + * Lower numerical values for priority mean that a frame should come earlier in + * a packet. pn_space is a QUIC_PN_SPACE_* value. + * + * On success, returns a QUIC_CFQ_ITEM pointer which acts as a handle to + * the queued frame. On failure, returns NULL. + * + * The frame is initially in the TX state, so there is no need to call + * ossl_quic_cfq_mark_tx() immediately after calling this function. + * + * The frame type is duplicated as the frame_type argument here, even though it + * is also encoded into the buffer. This allows the caller to determine the + * frame type if desired without having to decode the frame. + * + * flags is zero or more QUIC_CFQ_ITEM_FLAG values. + */ +typedef void (cfq_free_cb)(unsigned char *buf, size_t buf_len, void *arg); + +QUIC_CFQ_ITEM *ossl_quic_cfq_add_frame(QUIC_CFQ *cfq, + uint32_t priority, + uint32_t pn_space, + uint64_t frame_type, + uint32_t flags, + const unsigned char *encoded, + size_t encoded_len, + cfq_free_cb *free_cb, + void *free_cb_arg); + +/* + * Effects an immediate transition of the given CFQ item to the TX state. + */ +void ossl_quic_cfq_mark_tx(QUIC_CFQ *cfq, QUIC_CFQ_ITEM *item); + +/* + * Effects an immediate transition of the given CFQ item to the NEW state, + * allowing the frame to be retransmitted. If priority is not UINT32_MAX, + * the priority is changed to the given value. + */ +void ossl_quic_cfq_mark_lost(QUIC_CFQ *cfq, QUIC_CFQ_ITEM *item, + uint32_t priority); + +/* + * Releases a CFQ item. The item may be in either state (NEW or TX) prior to the + * call. The QUIC_CFQ_ITEM pointer must not be used following this call. + */ +void ossl_quic_cfq_release(QUIC_CFQ *cfq, QUIC_CFQ_ITEM *item); + +/* + * Output Side + * ----------- + */ + +/* + * Gets the highest priority CFQ item in the given PN space awaiting + * transmission. If there are none, returns NULL. + */ +QUIC_CFQ_ITEM *ossl_quic_cfq_get_priority_head(const QUIC_CFQ *cfq, + uint32_t pn_space); + +/* + * Given a CFQ item, gets the next CFQ item awaiting transmission in priority + * order in the given PN space. In other words, given the return value of + * ossl_quic_cfq_get_priority_head(), returns the next-lower priority item. + * Returns NULL if the given item is the last item in priority order. + */ +QUIC_CFQ_ITEM *ossl_quic_cfq_item_get_priority_next(const QUIC_CFQ_ITEM *item, + uint32_t pn_space); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_channel.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_channel.h new file mode 100644 index 00000000..f46db063 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_channel.h @@ -0,0 +1,429 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_CHANNEL_H +# define OSSL_QUIC_CHANNEL_H + +# include +# include "internal/quic_types.h" +# include "internal/quic_stream_map.h" +# include "internal/quic_reactor.h" +# include "internal/quic_statm.h" +# include "internal/time.h" +# include "internal/thread.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Channel + * ============ + * + * A QUIC channel (QUIC_CHANNEL) is an object which binds together all of the + * various pieces of QUIC into a single top-level object, and handles connection + * state which is not specific to the client or server roles. In particular, it + * is strictly separated from the libssl front end I/O API personality layer, + * and is not an SSL object. + * + * The name QUIC_CHANNEL is chosen because QUIC_CONNECTION is already in use, + * but functionally these relate to the same thing (a QUIC connection). The use + * of two separate objects ensures clean separation between the API personality + * layer and common code for handling connections, and between the functionality + * which is specific to clients and which is specific to servers, and the + * functionality which is common to both. + * + * The API personality layer provides SSL objects (e.g. a QUIC_CONNECTION) which + * consume a QUIC channel and implement a specific public API. Things which are + * handled by the API personality layer include emulation of blocking semantics, + * handling of SSL object mode flags like non-partial write mode, etc. + * + * Where the QUIC_CHANNEL is used in a server role, there is one QUIC_CHANNEL + * per connection. In the future a QUIC Channel Manager will probably be defined + * to handle ownership of resources which are shared between connections (e.g. + * demuxers). Since we only use server-side functionality for dummy test servers + * for now, which only need to handle one connection at a time, this is not + * currently modelled. + * + * Synchronisation + * --------------- + * + * To support thread assisted mode, QUIC_CHANNEL can be used by multiple + * threads. **It is the caller's responsibility to ensure that the QUIC_CHANNEL + * is only accessed (whether via its methods or via direct access to its state) + * while the channel mutex is held**, except for methods explicitly marked as + * not requiring prior locking. This is an unchecked precondition. + * + * The instantiator of the channel is responsible for providing a suitable + * mutex which then serves as the channel mutex; see QUIC_CHANNEL_ARGS. + */ + +/* + * The function does not acquire the channel mutex and assumes it is already + * held by the calling thread. + * + * Any function tagged with this has the following precondition: + * + * Precondition: must hold channel mutex (unchecked) + */ +# define QUIC_NEEDS_LOCK + +/* + * The function acquires the channel mutex and releases it before returning in + * all circumstances. + * + * Any function tagged with this has the following precondition and + * postcondition: + * + * Precondition: must not hold channel mutex (unchecked) + * Postcondition: channel mutex is not held (by calling thread) + */ +# define QUIC_TAKES_LOCK + +/* + * The function acquires the channel mutex and leaves it acquired + * when returning success. + * + * Any function tagged with this has the following precondition and + * postcondition: + * + * Precondition: must not hold channel mutex (unchecked) + * Postcondition: channel mutex is held by calling thread + * or function returned failure + */ +# define QUIC_ACQUIRES_LOCK + +# define QUIC_TODO_LOCK + +# define QUIC_CHANNEL_STATE_IDLE 0 +# define QUIC_CHANNEL_STATE_ACTIVE 1 +# define QUIC_CHANNEL_STATE_TERMINATING_CLOSING 2 +# define QUIC_CHANNEL_STATE_TERMINATING_DRAINING 3 +# define QUIC_CHANNEL_STATE_TERMINATED 4 + +typedef struct quic_channel_args_st { + OSSL_LIB_CTX *libctx; + const char *propq; + int is_server; + SSL *tls; + + /* + * This must be a mutex the lifetime of which will exceed that of the + * channel. The instantiator of the channel is responsible for providing a + * mutex as this makes it easier to handle instantiation and teardown of + * channels in situations potentially requiring locking. + * + * Note that this is a MUTEX not a RWLOCK as it needs to be an OS mutex for + * compatibility with an OS's condition variable wait API, whereas RWLOCK + * may, depending on the build configuration, be implemented using an OS's + * mutex primitive or using its RW mutex primitive. + */ + CRYPTO_MUTEX *mutex; + + /* + * Optional function pointer to use to retrieve the current time. If NULL, + * ossl_time_now() is used. + */ + OSSL_TIME (*now_cb)(void *arg); + void *now_cb_arg; +} QUIC_CHANNEL_ARGS; + +typedef struct quic_channel_st QUIC_CHANNEL; + +/* Represents the cause for a connection's termination. */ +typedef struct quic_terminate_cause_st { + /* + * If we are in a TERMINATING or TERMINATED state, this is the error code + * associated with the error. This field is valid iff we are in the + * TERMINATING or TERMINATED states. + */ + uint64_t error_code; + + /* + * If terminate_app is set and this is nonzero, this is the frame type which + * caused the connection to be terminated. + */ + uint64_t frame_type; + + /* + * Optional reason string. When calling ossl_quic_channel_local_close, if a + * reason string pointer is passed, it is copied and stored inside + * QUIC_CHANNEL for the remainder of the lifetime of the channel object. + * Thus the string pointed to by this value, if non-NULL, is valid for the + * lifetime of the QUIC_CHANNEL object. + */ + const char *reason; + + /* + * Length of reason in bytes. The reason is supposed to contain a UTF-8 + * string but may be arbitrary data if the reason came from the network. + */ + size_t reason_len; + + /* Is this error code in the transport (0) or application (1) space? */ + unsigned int app : 1; + + /* + * If set, the cause of the termination is a received CONNECTION_CLOSE + * frame. Otherwise, we decided to terminate ourselves and sent a + * CONNECTION_CLOSE frame (regardless of whether the peer later also sends + * one). + */ + unsigned int remote : 1; +} QUIC_TERMINATE_CAUSE; + + +/* + * Create a new QUIC channel using the given arguments. The argument structure + * does not need to remain allocated. Returns NULL on failure. + */ +QUIC_CHANNEL *ossl_quic_channel_new(const QUIC_CHANNEL_ARGS *args); + +/* No-op if ch is NULL. */ +void ossl_quic_channel_free(QUIC_CHANNEL *ch); + +/* Set mutator callbacks for test framework support */ +int ossl_quic_channel_set_mutator(QUIC_CHANNEL *ch, + ossl_mutate_packet_cb mutatecb, + ossl_finish_mutate_cb finishmutatecb, + void *mutatearg); + +/* + * Connection Lifecycle Events + * =========================== + * + * Various events that can be raised on the channel by other parts of the QUIC + * implementation. Some of these are suitable for general use by any part of the + * code (e.g. ossl_quic_channel_raise_protocol_error), others are for very + * specific use by particular components only (e.g. + * ossl_quic_channel_on_handshake_confirmed). + */ + +/* + * To be used by a QUIC connection. Starts the channel. For a client-mode + * channel, this starts sending the first handshake layer message, etc. Can only + * be called in the idle state; successive calls are ignored. + */ +int ossl_quic_channel_start(QUIC_CHANNEL *ch); + +/* Start a locally initiated connection shutdown. */ +void ossl_quic_channel_local_close(QUIC_CHANNEL *ch, uint64_t app_error_code, + const char *app_reason); + +/* + * Called when the handshake is confirmed. + */ +int ossl_quic_channel_on_handshake_confirmed(QUIC_CHANNEL *ch); + +/* + * Raises a protocol error. This is intended to be the universal call suitable + * for handling of all peer-triggered protocol violations or errors detected by + * us. We specify a QUIC transport-scope error code and optional frame type + * which was responsible. If a frame type is not applicable, specify zero. The + * reason string is not currently handled, but should be a string of static + * storage duration. If the connection has already terminated due to a previous + * protocol error, this is a no-op; first error wins. + * + * Usually the ossl_quic_channel_raise_protocol_error() function should be used. + * The ossl_quic_channel_raise_protocol_error_loc() function can be used + * directly for passing through existing call site information from an existing + * error. + */ +void ossl_quic_channel_raise_protocol_error_loc(QUIC_CHANNEL *ch, + uint64_t error_code, + uint64_t frame_type, + const char *reason, + ERR_STATE *err_state, + const char *src_file, + int src_line, + const char *src_func); + +#define ossl_quic_channel_raise_protocol_error(ch, error_code, frame_type, reason) \ + ossl_quic_channel_raise_protocol_error_loc((ch), (error_code), \ + (frame_type), \ + (reason), \ + NULL, \ + OPENSSL_FILE, \ + OPENSSL_LINE, \ + OPENSSL_FUNC) + +#define ossl_quic_channel_raise_protocol_error_state(ch, error_code, frame_type, reason, state) \ + ossl_quic_channel_raise_protocol_error_loc((ch), (error_code), \ + (frame_type), \ + (reason), \ + (state), \ + OPENSSL_FILE, \ + OPENSSL_LINE, \ + OPENSSL_FUNC) + + +/* + * Returns 1 if permanent net error was detected on the QUIC_CHANNEL, + * 0 otherwise. + */ +int ossl_quic_channel_net_error(QUIC_CHANNEL *ch); + +/* Restore saved error state (best effort) */ +void ossl_quic_channel_restore_err_state(QUIC_CHANNEL *ch); + +/* For RXDP use. */ +void ossl_quic_channel_on_remote_conn_close(QUIC_CHANNEL *ch, + OSSL_QUIC_FRAME_CONN_CLOSE *f); +void ossl_quic_channel_on_new_conn_id(QUIC_CHANNEL *ch, + OSSL_QUIC_FRAME_NEW_CONN_ID *f); + +/* + * Queries and Accessors + * ===================== + */ + +/* Gets the reactor which can be used to tick/poll on the channel. */ +QUIC_REACTOR *ossl_quic_channel_get_reactor(QUIC_CHANNEL *ch); + +/* Gets the QSM used with the channel. */ +QUIC_STREAM_MAP *ossl_quic_channel_get_qsm(QUIC_CHANNEL *ch); + +/* Gets the statistics manager used with the channel. */ +OSSL_STATM *ossl_quic_channel_get_statm(QUIC_CHANNEL *ch); + +/* + * Gets/sets the current peer address. Generally this should be used before + * starting a channel in client mode. + */ +int ossl_quic_channel_get_peer_addr(QUIC_CHANNEL *ch, BIO_ADDR *peer_addr); +int ossl_quic_channel_set_peer_addr(QUIC_CHANNEL *ch, const BIO_ADDR *peer_addr); + +/* Gets/sets the underlying network read and write BIOs. */ +BIO *ossl_quic_channel_get_net_rbio(QUIC_CHANNEL *ch); +BIO *ossl_quic_channel_get_net_wbio(QUIC_CHANNEL *ch); +int ossl_quic_channel_set_net_rbio(QUIC_CHANNEL *ch, BIO *net_rbio); +int ossl_quic_channel_set_net_wbio(QUIC_CHANNEL *ch, BIO *net_wbio); + +/* + * Re-poll the network BIOs already set to determine if their support + * for polling has changed. + */ +int ossl_quic_channel_update_poll_descriptors(QUIC_CHANNEL *ch); + +/* + * Returns an existing stream by stream ID. Returns NULL if the stream does not + * exist. + */ +QUIC_STREAM *ossl_quic_channel_get_stream_by_id(QUIC_CHANNEL *ch, + uint64_t stream_id); + +/* Returns 1 if channel is terminating or terminated. */ +int ossl_quic_channel_is_term_any(const QUIC_CHANNEL *ch); +const QUIC_TERMINATE_CAUSE * +ossl_quic_channel_get_terminate_cause(const QUIC_CHANNEL *ch); +int ossl_quic_channel_is_closing(const QUIC_CHANNEL *ch); +int ossl_quic_channel_is_terminated(const QUIC_CHANNEL *ch); +int ossl_quic_channel_is_active(const QUIC_CHANNEL *ch); +int ossl_quic_channel_is_handshake_complete(const QUIC_CHANNEL *ch); +int ossl_quic_channel_is_handshake_confirmed(const QUIC_CHANNEL *ch); + +QUIC_DEMUX *ossl_quic_channel_get0_demux(QUIC_CHANNEL *ch); + +SSL *ossl_quic_channel_get0_ssl(QUIC_CHANNEL *ch); + +/* + * Retrieves a pointer to the channel mutex which was provided at the time the + * channel was instantiated. In order to allow locks to be acquired and released + * with the correct granularity, it is the caller's responsibility to ensure + * this lock is held for write while calling any QUIC_CHANNEL method, except for + * methods explicitly designed otherwise. + * + * This method is thread safe and does not require prior locking. It can also be + * called while the lock is already held. Note that this is simply a convenience + * function to access the mutex which was passed to the channel at instantiation + * time; it does not belong to the channel but rather is presumed to belong to + * the owner of the channel. + */ +CRYPTO_MUTEX *ossl_quic_channel_get_mutex(QUIC_CHANNEL *ch); + +/* + * Creates a new locally-initiated stream in the stream mapper, choosing an + * appropriate stream ID. If is_uni is 1, creates a unidirectional stream, else + * creates a bidirectional stream. Returns NULL on failure. + */ +QUIC_STREAM *ossl_quic_channel_new_stream_local(QUIC_CHANNEL *ch, int is_uni); + +/* + * Creates a new remotely-initiated stream in the stream mapper. The stream ID + * is used to confirm the initiator and determine the stream type. The stream is + * automatically added to the QSM's accept queue. A pointer to the stream is + * also returned. Returns NULL on failure. + */ +QUIC_STREAM *ossl_quic_channel_new_stream_remote(QUIC_CHANNEL *ch, + uint64_t stream_id); + +/* + * Configures incoming stream auto-reject. If enabled, incoming streams have + * both their sending and receiving parts automatically rejected using + * STOP_SENDING and STREAM_RESET frames. aec is the application error + * code to be used for those frames. + */ +void ossl_quic_channel_set_incoming_stream_auto_reject(QUIC_CHANNEL *ch, + int enable, + uint64_t aec); + +/* + * Causes the channel to reject the sending and receiving parts of a stream, + * as though autorejected. Can be used if a stream has already been + * accepted. + */ +void ossl_quic_channel_reject_stream(QUIC_CHANNEL *ch, QUIC_STREAM *qs); + +/* Replace local connection ID in TXP and DEMUX for testing purposes. */ +int ossl_quic_channel_replace_local_cid(QUIC_CHANNEL *ch, + const QUIC_CONN_ID *conn_id); + +/* Setters for the msg_callback and msg_callback_arg */ +void ossl_quic_channel_set_msg_callback(QUIC_CHANNEL *ch, + ossl_msg_cb msg_callback, + SSL *msg_callback_ssl); +void ossl_quic_channel_set_msg_callback_arg(QUIC_CHANNEL *ch, + void *msg_callback_arg); + +/* Testing use only - sets a TXKU threshold packet count override value. */ +void ossl_quic_channel_set_txku_threshold_override(QUIC_CHANNEL *ch, + uint64_t tx_pkt_threshold); + +/* Testing use only - gets current 1-RTT key epochs for QTX and QRX. */ +uint64_t ossl_quic_channel_get_tx_key_epoch(QUIC_CHANNEL *ch); +uint64_t ossl_quic_channel_get_rx_key_epoch(QUIC_CHANNEL *ch); + +/* Artificially trigger a spontaneous TXKU if possible. */ +int ossl_quic_channel_trigger_txku(QUIC_CHANNEL *ch); +int ossl_quic_channel_has_pending(const QUIC_CHANNEL *ch); + +/* Force transmission of an ACK-eliciting packet. */ +int ossl_quic_channel_ping(QUIC_CHANNEL *ch); + +/* For testing use. While enabled, ticking is not performed. */ +void ossl_quic_channel_set_inhibit_tick(QUIC_CHANNEL *ch, int inhibit); + +/* + * These queries exist for diagnostic purposes only. They may roll over. + * Do not rely on them for non-testing purposes. + */ +uint16_t ossl_quic_channel_get_diag_num_rx_ack(QUIC_CHANNEL *ch); + +/* + * Diagnostic use only. Gets the current local CID. + */ +void ossl_quic_channel_get_diag_local_cid(QUIC_CHANNEL *ch, QUIC_CONN_ID *cid); + +/* + * Returns 1 if stream count flow control allows us to create a new + * locally-initiated stream. + */ +int ossl_quic_channel_is_new_local_stream_admissible(QUIC_CHANNEL *ch, int is_uni); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_demux.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_demux.h new file mode 100644 index 00000000..444249e7 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_demux.h @@ -0,0 +1,364 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_DEMUX_H +# define OSSL_QUIC_DEMUX_H + +# include +# include "internal/quic_types.h" +# include "internal/bio_addr.h" +# include "internal/time.h" +# include "internal/list.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Demuxer + * ============ + * + * The QUIC connection demuxer is the entity responsible for receiving datagrams + * from the network via a datagram BIO. It parses packet headers to determine + * each packet's destination connection ID (DCID) and hands off processing of + * the packet to the correct QUIC Record Layer (QRL)'s RX side (known as the + * QRX). + * + * A QRX is instantiated per QUIC connection and contains the cryptographic + * resources needed to decrypt QUIC packets for that connection. Received + * datagrams are passed from the demuxer to the QRX via a callback registered + * for a specific DCID by the QRX; thus the demuxer has no specific knowledge of + * the QRX and is not coupled to it. + * + * A connection may have multiple connection IDs associated with it; a QRX + * handles this simply by registering multiple connection IDs with the demuxer + * via multiple register calls. + * + * URX Queue + * --------- + * + * Since the demuxer must handle the initial reception of datagrams from the OS, + * RX queue management for new, unprocessed datagrams is also handled by the + * demuxer. + * + * The demuxer maintains a queue of Unprocessed RX Entries (URXEs), which store + * unprocessed (i.e., encrypted, unvalidated) data received from the network. + * The URXE queue is designed to allow multiple datagrams to be received in a + * single call to BIO_recvmmsg, where supported. + * + * One URXE is used per received datagram. Each datagram may contain multiple + * packets, however, this is not the demuxer's concern. QUIC prohibits different + * packets in the same datagram from containing different DCIDs; the demuxer + * only considers the DCID of the first packet in a datagram when deciding how + * to route a received datagram, and it is the responsibility of the QRX to + * enforce this rule. Packets other than the first packet in a datagram are not + * examined by the demuxer, and the demuxer does not perform validation of + * packet headers other than to the minimum extent necessary to extract the + * DCID; further parsing and validation of packet headers is the responsibility + * of the QRX. + * + * Rather than defining an opaque interface, the URXE structure internals + * are exposed. Since the demuxer is only exposed to other parts of the QUIC + * implementation internals, this poses no problem, and has a number of + * advantages: + * + * - Fields in the URXE can be allocated to support requirements in other + * components, like the QRX, which would otherwise have to allocate extra + * memory corresponding to each URXE. + * + * - Other components, like the QRX, can keep the URXE in queues of its own + * when it is not being managed by the demuxer. + * + * URX Queue Structure + * ------------------- + * + * The URXE queue is maintained as a simple doubly-linked list. URXE entries are + * moved between different lists in their lifecycle (for example, from a free + * list to a pending list and vice versa). The buffer into which datagrams are + * received immediately follows this URXE header structure and is part of the + * same allocation. + */ + +typedef struct quic_urxe_st QUIC_URXE; + +/* Maximum number of packets we allow to exist in one datagram. */ +#define QUIC_MAX_PKT_PER_URXE (sizeof(uint64_t) * 8) + +struct quic_urxe_st { + OSSL_LIST_MEMBER(urxe, QUIC_URXE); + + /* + * The URXE data starts after this structure so we don't need a pointer. + * data_len stores the current length (i.e., the length of the received + * datagram) and alloc_len stores the allocation length. The URXE will be + * reallocated if we need a larger allocation than is available, though this + * should not be common as we will have a good idea of worst-case MTUs up + * front. + */ + size_t data_len, alloc_len; + + /* + * Bitfields per packet. processed indicates the packet has been processed + * and must not be processed again, hpr_removed indicates header protection + * has already been removed. Used by QRX only; not used by the demuxer. + */ + uint64_t processed, hpr_removed; + + /* + * Address of peer we received the datagram from, and the local interface + * address we received it on. If local address support is not enabled, local + * is zeroed. + */ + BIO_ADDR peer, local; + + /* + * Time at which datagram was received (or ossl_time_zero()) if a now + * function was not provided). + */ + OSSL_TIME time; + + /* + * Used by the QRX to mark whether a datagram has been deferred. Used by the + * QRX only; not used by the demuxer. + */ + char deferred; + + /* + * Used by the DEMUX to track if a URXE has been handed out. Used primarily + * for debugging purposes. + */ + char demux_state; +}; + +/* Accessors for URXE buffer. */ +static ossl_unused ossl_inline unsigned char * +ossl_quic_urxe_data(const QUIC_URXE *e) +{ + return (unsigned char *)&e[1]; +} + +static ossl_unused ossl_inline unsigned char * +ossl_quic_urxe_data_end(const QUIC_URXE *e) +{ + return ossl_quic_urxe_data(e) + e->data_len; +} + +/* List structure tracking a queue of URXEs. */ +DEFINE_LIST_OF(urxe, QUIC_URXE); +typedef OSSL_LIST(urxe) QUIC_URXE_LIST; + +/* + * List management helpers. These are used by the demuxer but can also be used + * by users of the demuxer to manage URXEs. + */ +void ossl_quic_urxe_remove(QUIC_URXE_LIST *l, QUIC_URXE *e); +void ossl_quic_urxe_insert_head(QUIC_URXE_LIST *l, QUIC_URXE *e); +void ossl_quic_urxe_insert_tail(QUIC_URXE_LIST *l, QUIC_URXE *e); + +/* Opaque type representing a demuxer. */ +typedef struct quic_demux_st QUIC_DEMUX; + +/* + * Called when a datagram is received for a given connection ID. + * + * e is a URXE containing the datagram payload. It is permissible for the callee + * to mutate this buffer; once the demuxer calls this callback, it will never + * read the buffer again. + * + * The callee must arrange for ossl_quic_demux_release_urxe or + * ossl_quic_demux_reinject_urxe to be called on the URXE at some point in the + * future (this need not be before the callback returns). + * + * At the time the callback is made, the URXE will not be in any queue, + * therefore the callee can use the prev and next fields as it wishes. + */ +typedef void (ossl_quic_demux_cb_fn)(QUIC_URXE *e, void *arg); + +/* + * Called when a datagram is received. + * Returns 1 if the datagram ends with a stateless reset token and + * 0 if not. + */ +typedef int (ossl_quic_stateless_reset_cb_fn)(const unsigned char *data, + size_t data_len, void *arg); + +/* + * Creates a new demuxer. The given BIO is used to receive datagrams from the + * network using BIO_recvmmsg. short_conn_id_len is the length of destination + * connection IDs used in RX'd packets; it must have the same value for all + * connections used on a socket. default_urxe_alloc_len is the buffer size to + * receive datagrams into; it should be a value large enough to contain any + * received datagram according to local MTUs, etc. + * + * now is an optional function used to determine the time a datagram was + * received. now_arg is an opaque argument passed to the function. If now is + * NULL, ossl_time_zero() is used as the datagram reception time. + */ +QUIC_DEMUX *ossl_quic_demux_new(BIO *net_bio, + size_t short_conn_id_len, + OSSL_TIME (*now)(void *arg), + void *now_arg); + +/* + * Destroy a demuxer. All URXEs must have been released back to the demuxer + * before calling this. No-op if demux is NULL. + */ +void ossl_quic_demux_free(QUIC_DEMUX *demux); + +/* + * Changes the BIO which the demuxer reads from. This also sets the MTU if the + * BIO supports querying the MTU. + */ +void ossl_quic_demux_set_bio(QUIC_DEMUX *demux, BIO *net_bio); + +/* + * Changes the MTU in bytes we use to receive datagrams. + */ +int ossl_quic_demux_set_mtu(QUIC_DEMUX *demux, unsigned int mtu); + +/* + * Register a datagram handler callback for a connection ID. + * + * ossl_quic_demux_pump will call the specified function if it receives a datagram + * the first packet of which has the specified destination connection ID. + * + * It is assumed all packets in a datagram have the same destination connection + * ID (as QUIC mandates this), but it is the user's responsibility to check for + * this and reject subsequent packets in a datagram that violate this rule. + * + * dst_conn_id is a destination connection ID; it is copied and need not remain + * valid after this function returns. + * + * cb_arg is passed to cb when it is called. For information on the callback, + * see its typedef above. + * + * Only one handler can be set for a given connection ID. If a handler is + * already set for the given connection ID, returns 0. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_demux_register(QUIC_DEMUX *demux, + const QUIC_CONN_ID *dst_conn_id, + ossl_quic_demux_cb_fn *cb, + void *cb_arg); + +/* + * Unregisters any datagram handler callback set for the given connection ID. + * Fails if no handler is registered for the given connection ID. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_demux_unregister(QUIC_DEMUX *demux, + const QUIC_CONN_ID *dst_conn_id); + +/* + * Unregisters any datagram handler callback from all connection IDs it is used + * for. cb and cb_arg must both match the values passed to + * ossl_quic_demux_register. + */ +void ossl_quic_demux_unregister_by_cb(QUIC_DEMUX *demux, + ossl_quic_demux_cb_fn *cb, + void *cb_arg); + +/* + * Set the default packet handler. This is used for incoming packets which don't + * match a registered DCID. This is only needed for servers. If a default packet + * handler is not set, a packet which doesn't match a registered DCID is + * silently dropped. A default packet handler may be unset by passing NULL. + * + * The handler is responsible for ensuring that ossl_quic_demux_reinject_urxe or + * ossl_quic_demux_release_urxe is called on the passed packet at some point in + * the future, which may or may not be before the handler returns. + */ +void ossl_quic_demux_set_default_handler(QUIC_DEMUX *demux, + ossl_quic_demux_cb_fn *cb, + void *cb_arg); + +/* + * Sets a callback for stateless reset processing. + * + * If set, this callback is called for datagrams for which we cannot identify + * a CID. This function should return 1 if there is a stateless reset token + * present and 0 if not. If there is a token present, the connection should + * also be reset. + */ +void ossl_quic_demux_set_stateless_reset_handler( + QUIC_DEMUX *demux, + ossl_quic_stateless_reset_cb_fn *cb, void *cb_arg); + +/* + * Releases a URXE back to the demuxer. No reference must be made to the URXE or + * its buffer after calling this function. The URXE must not be in any queue; + * that is, its prev and next pointers must be NULL. + */ +void ossl_quic_demux_release_urxe(QUIC_DEMUX *demux, + QUIC_URXE *e); + +/* + * Reinjects a URXE which was issued to a registered DCID callback or the + * default packet handler callback back into the pending queue. This is useful + * when a packet has been handled by the default packet handler callback such + * that a DCID has now been registered and can be dispatched normally by DCID. + * Once this has been called, the caller must not touch the URXE anymore and + * must not also call ossl_quic_demux_release_urxe(). + * + * The URXE is reinjected at the head of the queue, so it will be reprocessed + * immediately. + */ +void ossl_quic_demux_reinject_urxe(QUIC_DEMUX *demux, + QUIC_URXE *e); + +/* + * Process any unprocessed RX'd datagrams, by calling registered callbacks by + * connection ID, reading more datagrams from the BIO if necessary. + * + * Returns one of the following values: + * + * QUIC_DEMUX_PUMP_RES_OK + * At least one incoming datagram was processed. + * + * QUIC_DEMUX_PUMP_RES_TRANSIENT_FAIL + * No more incoming datagrams are currently available. + * Call again later. + * + * QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL + * Either the network read BIO has failed in a non-transient fashion, or + * the QUIC implementation has encountered an internal state, assertion + * or allocation error. The caller should tear down the connection + * similarly to in the case of a protocol violation. + * + */ +#define QUIC_DEMUX_PUMP_RES_OK 1 +#define QUIC_DEMUX_PUMP_RES_TRANSIENT_FAIL (-1) +#define QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL (-2) +#define QUIC_DEMUX_PUMP_RES_STATELESS_RESET (-3) + +int ossl_quic_demux_pump(QUIC_DEMUX *demux); + +/* + * Artificially inject a packet into the demuxer for testing purposes. The + * buffer must not exceed the URXE size being used by the demuxer. + * + * If peer or local are NULL, their respective fields are zeroed in the injected + * URXE. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_demux_inject(QUIC_DEMUX *demux, + const unsigned char *buf, + size_t buf_len, + const BIO_ADDR *peer, + const BIO_ADDR *local); + +/* + * Returns 1 if there are any pending URXEs. + */ +int ossl_quic_demux_has_pending(const QUIC_DEMUX *demux); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_error.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_error.h new file mode 100644 index 00000000..ae195a5f --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_error.h @@ -0,0 +1,56 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_ERROR_H +# define OSSL_QUIC_ERROR_H + +# include + +# ifndef OPENSSL_NO_QUIC + +/* RFC 9000 Section 20.1 */ +# define QUIC_ERR_NO_ERROR 0x00 +# define QUIC_ERR_INTERNAL_ERROR 0x01 +# define QUIC_ERR_CONNECTION_REFUSED 0x02 +# define QUIC_ERR_FLOW_CONTROL_ERROR 0x03 +# define QUIC_ERR_STREAM_LIMIT_ERROR 0x04 +# define QUIC_ERR_STREAM_STATE_ERROR 0x05 +# define QUIC_ERR_FINAL_SIZE_ERROR 0x06 +# define QUIC_ERR_FRAME_ENCODING_ERROR 0x07 +# define QUIC_ERR_TRANSPORT_PARAMETER_ERROR 0x08 +# define QUIC_ERR_CONNECTION_ID_LIMIT_ERROR 0x09 +# define QUIC_ERR_PROTOCOL_VIOLATION 0x0A +# define QUIC_ERR_INVALID_TOKEN 0x0B +# define QUIC_ERR_APPLICATION_ERROR 0x0C +# define QUIC_ERR_CRYPTO_BUFFER_EXCEEDED 0x0D +# define QUIC_ERR_KEY_UPDATE_ERROR 0x0E +# define QUIC_ERR_AEAD_LIMIT_REACHED 0x0F +# define QUIC_ERR_NO_VIABLE_PATH 0x10 + +/* Inclusive range for handshake-specific errors. */ +# define QUIC_ERR_CRYPTO_ERR_BEGIN 0x0100 +# define QUIC_ERR_CRYPTO_ERR_END 0x01FF + +# define QUIC_ERR_CRYPTO_ERR(X) \ + (QUIC_ERR_CRYPTO_ERR_BEGIN + (X)) + +# define QUIC_ERR_CRYPTO_UNEXPECTED_MESSAGE \ + QUIC_ERR_CRYPTO_ERR(SSL3_AD_UNEXPECTED_MESSAGE) + +# define QUIC_ERR_CRYPTO_MISSING_EXT \ + QUIC_ERR_CRYPTO_ERR(TLS13_AD_MISSING_EXTENSION) + +# define QUIC_ERR_CRYPTO_NO_APP_PROTO \ + QUIC_ERR_CRYPTO_ERR(TLS1_AD_NO_APPLICATION_PROTOCOL) + +const char *ossl_quic_err_to_string(uint64_t error_code); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_fc.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_fc.h new file mode 100644 index 00000000..49b448a3 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_fc.h @@ -0,0 +1,277 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_FC_H +# define OSSL_QUIC_FC_H + +# include +# include "internal/time.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * TX Flow Controller (TXFC) + * ========================= + * + * For discussion, see doc/designs/quic-design/quic-fc.md. + */ +typedef struct quic_txfc_st QUIC_TXFC; + +struct quic_txfc_st { + QUIC_TXFC *parent; /* stream-level iff non-NULL */ + uint64_t swm, cwm; + char has_become_blocked; +}; + +/* + * Initialises a TX flow controller. conn_txfc should be non-NULL and point to + * the connection-level flow controller if the TXFC is for stream-level flow + * control, and NULL otherwise. + */ +int ossl_quic_txfc_init(QUIC_TXFC *txfc, QUIC_TXFC *conn_txfc); + +/* + * Gets the parent (i.e., connection-level) TX flow controller. Returns NULL if + * called on a connection-level TX flow controller. + */ +QUIC_TXFC *ossl_quic_txfc_get_parent(QUIC_TXFC *txfc); + +/* + * Bump the credit watermark (CWM) value. This is the 'On TX Window Updated' + * operation. This function is a no-op if it has already been called with an + * equal or higher CWM value. + * + * It returns 1 iff the call resulted in the CWM being bumped and 0 if it was + * not increased because it has already been called with an equal or higher CWM + * value. This is not an error per se but may indicate a local programming error + * or a protocol error in a remote peer. + */ +int ossl_quic_txfc_bump_cwm(QUIC_TXFC *txfc, uint64_t cwm); + +/* + * Get the number of bytes by which we are in credit. This is the number of + * controlled bytes we are allowed to send. (Thus if this function returns 0, we + * are currently blocked.) + * + * If called on a stream-level TXFC, ossl_quic_txfc_get_credit is called on + * the connection-level TXFC as well, and the lesser of the two values is + * returned. The consumed value is the amount already consumed on the connection + * level TXFC. + */ +uint64_t ossl_quic_txfc_get_credit(QUIC_TXFC *txfc, uint64_t consumed); + +/* + * Like ossl_quic_txfc_get_credit(), but when called on a stream-level TXFC, + * retrieves only the stream-level credit value and does not clamp it based on + * connection-level flow control. Any credit value is reduced by the consumed + * amount. + */ +uint64_t ossl_quic_txfc_get_credit_local(QUIC_TXFC *txfc, uint64_t consumed); + +/* + * Consume num_bytes of credit. This is the 'On TX' operation. This should be + * called when we transmit any controlled bytes. Calling this with an argument + * of 0 is a no-op. + * + * We must never transmit more controlled bytes than we are in credit for (see + * the return value of ossl_quic_txfc_get_credit()). If you call this function + * with num_bytes greater than our current credit, this function consumes the + * remainder of the credit and returns 0. This indicates a serious programming + * error on the caller's part. Otherwise, the function returns 1. + * + * If called on a stream-level TXFC, ossl_quic_txfc_consume_credit() is called + * on the connection-level TXFC also. If the call to that function on the + * connection-level TXFC returns zero, this function will also return zero. + */ +int ossl_quic_txfc_consume_credit(QUIC_TXFC *txfc, uint64_t num_bytes); + +/* + * Like ossl_quic_txfc_consume_credit(), but when called on a stream-level TXFC, + * consumes only from the stream-level credit and does not inform the + * connection-level TXFC. + */ +int ossl_quic_txfc_consume_credit_local(QUIC_TXFC *txfc, uint64_t num_bytes); + +/* + * This flag is provided for convenience. A caller is not required to use it. It + * is a boolean flag set whenever our credit drops to zero. If clear is 1, the + * flag is cleared. The old value of the flag is returned. Callers may use this + * to determine if they need to send a DATA_BLOCKED or STREAM_DATA_BLOCKED + * frame, which should contain the value returned by ossl_quic_txfc_get_cwm(). + */ +int ossl_quic_txfc_has_become_blocked(QUIC_TXFC *txfc, int clear); + +/* + * Get the current CWM value. This is mainly only needed when generating a + * DATA_BLOCKED or STREAM_DATA_BLOCKED frame, or for diagnostic purposes. + */ +uint64_t ossl_quic_txfc_get_cwm(QUIC_TXFC *txfc); + +/* + * Get the current spent watermark (SWM) value. This is purely for diagnostic + * use and should not be needed in normal circumstances. + */ +uint64_t ossl_quic_txfc_get_swm(QUIC_TXFC *txfc); + +/* + * RX Flow Controller (RXFC) + * ========================= + */ +typedef struct quic_rxfc_st QUIC_RXFC; + +struct quic_rxfc_st { + /* + * swm is the sent/received watermark, which tracks how much we have + * received from the peer. rwm is the retired watermark, which tracks how + * much has been passed to the application. esrwm is the rwm value at which + * the current auto-tuning epoch started. hwm is the highest stream length + * (STREAM frame offset + payload length) we have seen from a STREAM frame + * yet. + */ + uint64_t cwm, swm, rwm, esrwm, hwm, cur_window_size, max_window_size; + OSSL_TIME epoch_start; + OSSL_TIME (*now)(void *arg); + void *now_arg; + QUIC_RXFC *parent; + unsigned char error_code, has_cwm_changed, is_fin, standalone; +}; + +/* + * Initialises an RX flow controller. conn_rxfc should be non-NULL and point to + * a connection-level RXFC if the RXFC is for stream-level flow control, and + * NULL otherwise. initial_window_size and max_window_size specify the initial + * and absolute maximum window sizes, respectively. Window size values are + * expressed in bytes and determine how much credit the RXFC extends to the peer + * to transmit more data at a time. + */ +int ossl_quic_rxfc_init(QUIC_RXFC *rxfc, QUIC_RXFC *conn_rxfc, + uint64_t initial_window_size, + uint64_t max_window_size, + OSSL_TIME (*now)(void *arg), + void *now_arg); + +/* + * Initialises an RX flow controller which is used by itself and not under a + * connection-level RX flow controller. This can be used for stream count + * enforcement as well as CRYPTO buffer enforcement. + */ +int ossl_quic_rxfc_init_standalone(QUIC_RXFC *rxfc, + uint64_t initial_window_size, + OSSL_TIME (*now)(void *arg), + void *now_arg); + +/* + * Gets the parent (i.e., connection-level) RXFC. Returns NULL if called on a + * connection-level RXFC. + */ +QUIC_RXFC *ossl_quic_rxfc_get_parent(QUIC_RXFC *rxfc); + +/* + * Changes the current maximum window size value. + */ +void ossl_quic_rxfc_set_max_window_size(QUIC_RXFC *rxfc, + size_t max_window_size); + +/* + * To be called whenever a STREAM frame is received. + * + * end is the value (offset + len), where offset is the offset field of the + * STREAM frame and len is the length of the STREAM frame's payload in bytes. + * + * is_fin should be 1 if the STREAM frame had the FIN flag set and 0 otherwise. + * + * This function may be used on a stream-level RXFC only. The connection-level + * RXFC will have its state updated by the stream-level RXFC. + * + * You should check ossl_quic_rxfc_has_error() on both connection-level and + * stream-level RXFCs after calling this function, as an incoming STREAM frame + * may cause flow control limits to be exceeded by an errant peer. This + * function still returns 1 in this case, as this is not a caller error. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_rxfc_on_rx_stream_frame(QUIC_RXFC *rxfc, + uint64_t end, int is_fin); + +/* + * To be called whenever controlled bytes are retired, i.e. when bytes are + * dequeued from a QUIC stream and passed to the application. num_bytes + * is the number of bytes which were passed to the application. + * + * You should call this only on a stream-level RXFC. This function will update + * the connection-level RXFC automatically. + * + * rtt should be the current best understanding of the RTT to the peer, as + * offered by the Statistics Manager. + * + * You should check ossl_quic_rxfc_has_cwm_changed() after calling this + * function, as it may have caused the RXFC to decide to grant more flow control + * credit to the peer. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_rxfc_on_retire(QUIC_RXFC *rxfc, + uint64_t num_bytes, + OSSL_TIME rtt); + +/* + * Returns the current CWM which the RXFC thinks the peer should have. + * + * Note that the RXFC will increase this value in response to events, at which + * time a MAX_DATA or MAX_STREAM_DATA frame must be generated. Use + * ossl_quic_rxfc_has_cwm_changed() to detect this condition. + * + * This value increases monotonically. + */ +uint64_t ossl_quic_rxfc_get_cwm(QUIC_RXFC *rxfc); + +/* + * Returns the current SWM. This is the total number of bytes the peer has + * transmitted to us. This is intended for diagnostic use only; you should + * not need it. + */ +uint64_t ossl_quic_rxfc_get_swm(QUIC_RXFC *rxfc); + +/* + * Returns the current RWM. This is the total number of bytes that has been + * retired. This is intended for diagnostic use only; you should not need it. + */ +uint64_t ossl_quic_rxfc_get_rwm(QUIC_RXFC *rxfc); + +/* + * Returns the CWM changed flag. If clear is 1, the flag is cleared and the old + * value is returned. + */ +int ossl_quic_rxfc_has_cwm_changed(QUIC_RXFC *rxfc, int clear); + +/* + * Returns a QUIC_ERR_* error code if a flow control error has been detected. + * Otherwise, returns QUIC_ERR_NO_ERROR. If clear is 1, the error is cleared + * and the old value is returned. + * + * May return one of the following values: + * + * QUIC_ERR_FLOW_CONTROL_ERROR: + * This indicates a flow control protocol violation by the remote peer; the + * connection should be terminated in this event. + * QUIC_ERR_FINAL_SIZE: + * The peer attempted to change the stream length after ending the stream. + */ +int ossl_quic_rxfc_get_error(QUIC_RXFC *rxfc, int clear); + +/* + * Returns 1 if the RXFC is a stream-level RXFC and the RXFC knows the final + * size for the stream in bytes. If this is the case and final_size is non-NULL, + * writes the final size to *final_size. Otherwise, returns 0. + */ +int ossl_quic_rxfc_get_final_size(const QUIC_RXFC *rxfc, uint64_t *final_size); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_fifd.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_fifd.h new file mode 100644 index 00000000..a260ec44 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_fifd.h @@ -0,0 +1,80 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_FIFD_H +# define OSSL_QUIC_FIFD_H + +# include +# include "internal/quic_types.h" +# include "internal/quic_cfq.h" +# include "internal/quic_ackm.h" +# include "internal/quic_txpim.h" +# include "internal/quic_stream.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Frame-in-Flight Dispatcher (FIFD) + * ====================================== + */ +struct quic_fifd_st { + /* Internal data; use the ossl_quic_fifd functions. */ + QUIC_CFQ *cfq; + OSSL_ACKM *ackm; + QUIC_TXPIM *txpim; + QUIC_SSTREAM *(*get_sstream_by_id)(uint64_t stream_id, + uint32_t pn_space, + void *arg); + void *get_sstream_by_id_arg; + void (*regen_frame)(uint64_t frame_type, + uint64_t stream_id, + QUIC_TXPIM_PKT *pkt, + void *arg); + void *regen_frame_arg; + void (*confirm_frame)(uint64_t frame_type, + uint64_t stream_id, + QUIC_TXPIM_PKT *pkt, + void *arg); + void *confirm_frame_arg; + void (*sstream_updated)(uint64_t stream_id, + void *arg); + void *sstream_updated_arg; +}; + +int ossl_quic_fifd_init(QUIC_FIFD *fifd, + QUIC_CFQ *cfq, + OSSL_ACKM *ackm, + QUIC_TXPIM *txpim, + /* stream_id is UINT64_MAX for the crypto stream */ + QUIC_SSTREAM *(*get_sstream_by_id)(uint64_t stream_id, + uint32_t pn_space, + void *arg), + void *get_sstream_by_id_arg, + /* stream_id is UINT64_MAX if not applicable */ + void (*regen_frame)(uint64_t frame_type, + uint64_t stream_id, + QUIC_TXPIM_PKT *pkt, + void *arg), + void *regen_frame_arg, + void (*confirm_frame)(uint64_t frame_type, + uint64_t stream_id, + QUIC_TXPIM_PKT *pkt, + void *arg), + void *confirm_frame_arg, + void (*sstream_updated)(uint64_t stream_id, + void *arg), + void *sstream_updated_arg); + +void ossl_quic_fifd_cleanup(QUIC_FIFD *fifd); /* (no-op) */ + +int ossl_quic_fifd_pkt_commit(QUIC_FIFD *fifd, QUIC_TXPIM_PKT *pkt); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_reactor.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_reactor.h new file mode 100644 index 00000000..57bb551e --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_reactor.h @@ -0,0 +1,188 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef OSSL_QUIC_REACTOR_H +# define OSSL_QUIC_REACTOR_H + +# include "internal/time.h" +# include "internal/sockets.h" +# include + +# ifndef OPENSSL_NO_QUIC + +/* + * Core I/O Reactor Framework + * ========================== + * + * Manages use of async network I/O which the QUIC stack is built on. The core + * mechanic looks like this: + * + * - There is a pollable FD for both the read and write side respectively. + * Readability and writeability of these FDs respectively determines when + * network I/O is available. + * + * - The reactor can export these FDs to the user, as well as flags indicating + * whether the user should listen for readability, writeability, or neither. + * + * - The reactor can export a timeout indication to the user, indicating when + * the reactor should be called (via libssl APIs) regardless of whether + * the network socket has become ready. + * + * The reactor is based around a tick callback which is essentially the mutator + * function. The mutator attempts to do whatever it can, attempting to perform + * network I/O to the extent currently feasible. When done, the mutator returns + * information to the reactor indicating when it should be woken up again: + * + * - Should it be woken up when network RX is possible? + * - Should it be woken up when network TX is possible? + * - Should it be woken up no later than some deadline X? + * + * The intention is that ALL I/O-related SSL_* functions with side effects (e.g. + * SSL_read/SSL_write) consist of three phases: + * + * - Optionally mutate the QUIC machine's state. + * - Optionally tick the QUIC reactor. + * - Optionally mutate the QUIC machine's state. + * + * For example, SSL_write is a mutation (appending to a stream buffer) followed + * by an optional tick (generally expected as we may want to send the data + * immediately, though not strictly needed if transmission is being deferred due + * to Nagle's algorithm, etc.). + * + * SSL_read is also a mutation and in principle does not need to tick the + * reactor, but it generally will anyway to ensure that the reactor is regularly + * ticked by an application which is only reading and not writing. + * + * If the SSL object is being used in blocking mode, SSL_read may need to block + * if no data is available yet, and SSL_write may need to block if buffers + * are full. + * + * The internals of the QUIC I/O engine always use asynchronous I/O. If the + * application desires blocking semantics, we handle this by adding a blocking + * adaptation layer on top of our internal asynchronous I/O API as exposed by + * the reactor interface. + */ +typedef struct quic_tick_result_st { + char net_read_desired; + char net_write_desired; + OSSL_TIME tick_deadline; +} QUIC_TICK_RESULT; + +typedef struct quic_reactor_st { + /* + * BIO poll descriptors which can be polled. poll_r is a poll descriptor + * which becomes readable when the QUIC state machine can potentially do + * work, and poll_w is a poll descriptor which becomes writable when the + * QUIC state machine can potentially do work. Generally, either of these + * conditions means that SSL_tick() should be called, or another SSL + * function which implicitly calls SSL_tick() (e.g. SSL_read/SSL_write()). + */ + BIO_POLL_DESCRIPTOR poll_r, poll_w; + OSSL_TIME tick_deadline; /* ossl_time_infinite() if none currently applicable */ + + void (*tick_cb)(QUIC_TICK_RESULT *res, void *arg, uint32_t flags); + void *tick_cb_arg; + + /* + * These are true if we would like to know when we can read or write from + * the network respectively. + */ + unsigned int net_read_desired : 1; + unsigned int net_write_desired : 1; + + /* + * Are the read and write poll descriptors we are currently configured with + * things we can actually poll? + */ + unsigned int can_poll_r : 1; + unsigned int can_poll_w : 1; +} QUIC_REACTOR; + +void ossl_quic_reactor_init(QUIC_REACTOR *rtor, + void (*tick_cb)(QUIC_TICK_RESULT *res, void *arg, + uint32_t flags), + void *tick_cb_arg, + OSSL_TIME initial_tick_deadline); + +void ossl_quic_reactor_set_poll_r(QUIC_REACTOR *rtor, + const BIO_POLL_DESCRIPTOR *r); + +void ossl_quic_reactor_set_poll_w(QUIC_REACTOR *rtor, + const BIO_POLL_DESCRIPTOR *w); + +const BIO_POLL_DESCRIPTOR *ossl_quic_reactor_get_poll_r(const QUIC_REACTOR *rtor); +const BIO_POLL_DESCRIPTOR *ossl_quic_reactor_get_poll_w(const QUIC_REACTOR *rtor); + +int ossl_quic_reactor_can_poll_r(const QUIC_REACTOR *rtor); +int ossl_quic_reactor_can_poll_w(const QUIC_REACTOR *rtor); + +int ossl_quic_reactor_can_support_poll_descriptor(const QUIC_REACTOR *rtor, + const BIO_POLL_DESCRIPTOR *d); + +int ossl_quic_reactor_net_read_desired(QUIC_REACTOR *rtor); +int ossl_quic_reactor_net_write_desired(QUIC_REACTOR *rtor); + +OSSL_TIME ossl_quic_reactor_get_tick_deadline(QUIC_REACTOR *rtor); + +/* + * Do whatever work can be done, and as much work as can be done. This involves + * e.g. seeing if we can read anything from the network (if we want to), seeing + * if we can write anything to the network (if we want to), etc. + * + * If the CHANNEL_ONLY flag is set, this indicates that we should only + * touch state which is synchronised by the channel mutex. + */ +#define QUIC_REACTOR_TICK_FLAG_CHANNEL_ONLY (1U << 0) + +int ossl_quic_reactor_tick(QUIC_REACTOR *rtor, uint32_t flags); + +/* + * Blocking I/O Adaptation Layer + * ============================= + * + * The blocking I/O adaptation layer implements blocking I/O on top of our + * asynchronous core. + * + * The core mechanism is block_until_pred(), which does not return until pred() + * returns a value other than 0. The blocker uses OS I/O synchronisation + * primitives (e.g. poll(2)) and ticks the reactor until the predicate is + * satisfied. The blocker is not required to call pred() more than once between + * tick calls. + * + * When pred returns a non-zero value, that value is returned by this function. + * This can be used to allow pred() to indicate error conditions and short + * circuit the blocking process. + * + * A return value of -1 is reserved for network polling errors. Therefore this + * return value should not be used by pred() if ambiguity is not desired. Note + * that the predicate function can always arrange its own output mechanism, for + * example by passing a structure of its own as the argument. + * + * If the SKIP_FIRST_TICK flag is set, the first call to reactor_tick() before + * the first call to pred() is skipped. This is useful if it is known that + * ticking the reactor again will not be useful (e.g. because it has already + * been done). + * + * This function assumes a write lock is held for the entire QUIC_CHANNEL. If + * mutex is non-NULL, it must be a lock currently held for write; it will be + * unlocked during any sleep, and then relocked for write afterwards. + * + * Precondition: mutex is NULL or is held for write (unchecked) + * Postcondition: mutex is NULL or is held for write (unless + * CRYPTO_THREAD_write_lock fails) + */ +#define SKIP_FIRST_TICK (1U << 0) + +int ossl_quic_reactor_block_until_pred(QUIC_REACTOR *rtor, + int (*pred)(void *arg), void *pred_arg, + uint32_t flags, + CRYPTO_RWLOCK *mutex); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_record_rx.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_record_rx.h new file mode 100644 index 00000000..e26fd356 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_record_rx.h @@ -0,0 +1,569 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_RECORD_RX_H +# define OSSL_QUIC_RECORD_RX_H + +# include +# include "internal/quic_wire_pkt.h" +# include "internal/quic_types.h" +# include "internal/quic_record_util.h" +# include "internal/quic_demux.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Record Layer - RX + * ====================== + */ +typedef struct ossl_qrx_st OSSL_QRX; + +typedef struct ossl_qrx_args_st { + OSSL_LIB_CTX *libctx; + const char *propq; + + /* Demux to receive datagrams from. */ + QUIC_DEMUX *demux; + + /* Length of connection IDs used in short-header packets in bytes. */ + size_t short_conn_id_len; + + /* + * Maximum number of deferred datagrams buffered at any one time. + * Suggested value: 32. + */ + size_t max_deferred; + + /* Initial reference PN used for RX. */ + QUIC_PN init_largest_pn[QUIC_PN_SPACE_NUM]; + + /* Initial key phase. For debugging use only; always 0 in real use. */ + unsigned char init_key_phase_bit; +} OSSL_QRX_ARGS; + +/* Instantiates a new QRX. */ +OSSL_QRX *ossl_qrx_new(const OSSL_QRX_ARGS *args); + +/* + * Frees the QRX. All packets obtained using ossl_qrx_read_pkt must already + * have been released by calling ossl_qrx_release_pkt. + * + * You do not need to call ossl_qrx_remove_dst_conn_id first; this function will + * unregister the QRX from the demuxer for all registered destination connection + * IDs (DCIDs) automatically. + */ +void ossl_qrx_free(OSSL_QRX *qrx); + +/* Setters for the msg_callback and msg_callback_arg */ +void ossl_qrx_set_msg_callback(OSSL_QRX *qrx, ossl_msg_cb msg_callback, + SSL *msg_callback_ssl); +void ossl_qrx_set_msg_callback_arg(OSSL_QRX *qrx, + void *msg_callback_arg); + +/* + * DCID Management + * =============== + */ + +/* + * Adds a given DCID to the QRX. The QRX will register the DCID with the demuxer + * so that incoming packets with that DCID are passed to the given QRX. Multiple + * DCIDs may be associated with a QRX at any one time. You will need to add at + * least one DCID after instantiating the QRX. A zero-length DCID is a valid + * input to this function. This function fails if the DCID is already + * registered. + * + * Returns 1 on success or 0 on error. + */ +int ossl_qrx_add_dst_conn_id(OSSL_QRX *qrx, + const QUIC_CONN_ID *dst_conn_id); + +/* + * Remove a DCID previously registered with ossl_qrx_add_dst_conn_id. The DCID + * is unregistered from the demuxer. Fails if the DCID is not registered with + * the demuxer. + * + * Returns 1 on success or 0 on error. + */ +int ossl_qrx_remove_dst_conn_id(OSSL_QRX *qrx, + const QUIC_CONN_ID *dst_conn_id); + +/* + * Secret Management + * ================= + * + * A QRX has several encryption levels (Initial, Handshake, 0-RTT, 1-RTT) and + * two directions (RX, TX). At any given time, key material is managed for each + * (EL, RX/TX) combination. + * + * Broadly, for a given (EL, RX/TX), the following state machine is applicable: + * + * WAITING_FOR_KEYS --[Provide]--> HAVE_KEYS --[Discard]--> | DISCARDED | + * \-------------------------------------[Discard]--> | | + * + * To transition the RX side of an EL from WAITING_FOR_KEYS to HAVE_KEYS, call + * ossl_qrx_provide_secret (for the INITIAL EL, use of + * ossl_quic_provide_initial_secret is recommended). + * + * Once keys have been provisioned for an EL, you call + * ossl_qrx_discard_enc_level to transition the EL to the DISCARDED state. You + * can also call this function to transition directly to the DISCARDED state + * even before any keys have been provisioned for that EL. + * + * The DISCARDED state is terminal for a given EL; you cannot provide a secret + * again for that EL after reaching it. + * + * Incoming packets cannot be processed and decrypted if they target an EL + * not in the HAVE_KEYS state. However, there is a distinction between + * the WAITING_FOR_KEYS and DISCARDED states: + * + * - In the WAITING_FOR_KEYS state, the QRX assumes keys for the given + * EL will eventually arrive. Therefore, if it receives any packet + * for an EL in this state, it buffers it and tries to process it + * again once the EL reaches HAVE_KEYS. + * + * - In the DISCARDED state, the QRX assumes no keys for the given + * EL will ever arrive again. If it receives any packet for an EL + * in this state, it is simply discarded. + * + * If the user wishes to instantiate a new QRX to replace an old one for + * whatever reason, for example to take over for an already established QUIC + * connection, it is important that all ELs no longer being used (i.e., INITIAL, + * 0-RTT, 1-RTT) are transitioned to the DISCARDED state. Otherwise, the QRX + * will assume that keys for these ELs will arrive in future, and will buffer + * any received packets for those ELs perpetually. This can be done by calling + * ossl_qrx_discard_enc_level for all non-1-RTT ELs immediately after + * instantiating the QRX. + * + * The INITIAL EL is not setup automatically when the QRX is instantiated. This + * allows the caller to instead discard it immediately after instantiation of + * the QRX if it is not needed, for example if the QRX is being instantiated to + * take over handling of an existing connection which has already passed the + * INITIAL phase. This avoids the unnecessary derivation of INITIAL keys where + * they are not needed. In the ordinary case, ossl_quic_provide_initial_secret + * should be called immediately after instantiation. + */ + +/* + * Provides a secret to the QRX, which arises due to an encryption level change. + * enc_level is a QUIC_ENC_LEVEL_* value. To initialise the INITIAL encryption + * level, it is recommended to use ossl_quic_provide_initial_secret instead. + * + * You should seek to call this function for a given EL before packets of that + * EL arrive and are processed by the QRX. However, if packets have already + * arrived for a given EL, the QRX will defer processing of them and perform + * processing of them when this function is eventually called for the EL in + * question. + * + * suite_id is a QRL_SUITE_* value which determines the AEAD function used for + * the QRX. + * + * The secret passed is used directly to derive the "quic key", "quic iv" and + * "quic hp" values. + * + * secret_len is the length of the secret buffer in bytes. The buffer must be + * sized correctly to the chosen suite, else the function fails. + * + * This function can only be called once for a given EL, except for the INITIAL + * EL, which can need rekeying when a connection retry occurs. Subsequent calls + * for non-INITIAL ELs fail, as do calls made after a corresponding call to + * ossl_qrx_discard_enc_level for that EL. The secret for a non-INITIAL EL + * cannot be changed after it is set because QUIC has no facility for + * introducing additional key material after an EL is setup. QUIC key updates + * are managed semi-automatically by the QRX but do require some caller handling + * (see below). + * + * md is for internal use and should be NULL. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_qrx_provide_secret(OSSL_QRX *qrx, + uint32_t enc_level, + uint32_t suite_id, + EVP_MD *md, + const unsigned char *secret, + size_t secret_len); + +/* + * Informs the QRX that it can now discard key material for a given EL. The QRX + * will no longer be able to process incoming packets received at that + * encryption level. This function is idempotent and succeeds if the EL has + * already been discarded. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_qrx_discard_enc_level(OSSL_QRX *qrx, uint32_t enc_level); + +/* + * Packet Reception + * ================ + */ + +/* Information about a received packet. */ +typedef struct ossl_qrx_pkt_st { + /* + * Points to a logical representation of the decoded QUIC packet header. The + * data and len fields point to the decrypted QUIC payload (i.e., to a + * sequence of zero or more (potentially malformed) frames to be decoded). + */ + QUIC_PKT_HDR *hdr; + + /* + * Address the packet was received from. If this is not available for this + * packet, this field is NULL (but this can only occur for manually injected + * packets). + */ + const BIO_ADDR *peer; + + /* + * Local address the packet was sent to. If this is not available for this + * packet, this field is NULL. + */ + const BIO_ADDR *local; + + /* + * This is the length of the datagram which contained this packet. Note that + * the datagram may have contained other packets than this. The intended use + * for this is so that the user can enforce minimum datagram sizes (e.g. for + * datagrams containing INITIAL packets), as required by RFC 9000. + */ + size_t datagram_len; + + /* The PN which was decoded for the packet, if the packet has a PN field. */ + QUIC_PN pn; + + /* + * Time the packet was received, or ossl_time_zero() if the demuxer is not + * using a now() function. + */ + OSSL_TIME time; + + /* The QRX which was used to receive the packet. */ + OSSL_QRX *qrx; + + /* + * The key epoch the packet was received with. Always 0 for non-1-RTT + * packets. + */ + uint64_t key_epoch; +} OSSL_QRX_PKT; + +/* + * Tries to read a new decrypted packet from the QRX. + * + * On success, *pkt points to a OSSL_QRX_PKT structure. The structure should be + * freed when no longer needed by calling ossl_qrx_pkt_release(). The structure + * is refcounted; to gain extra references, call ossl_qrx_pkt_up_ref(). This + * will cause a corresponding number of calls to ossl_qrx_pkt_release() to be + * ignored. + * + * The resources referenced by (*pkt)->hdr, (*pkt)->hdr->data and (*pkt)->peer + * have the same lifetime as *pkt. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_qrx_read_pkt(OSSL_QRX *qrx, OSSL_QRX_PKT **pkt); + +/* + * Decrement the reference count for the given packet and frees it if the + * reference count drops to zero. No-op if pkt is NULL. + */ +void ossl_qrx_pkt_release(OSSL_QRX_PKT *pkt); + +/* Increments the reference count for the given packet. */ +void ossl_qrx_pkt_up_ref(OSSL_QRX_PKT *pkt); + +/* + * Returns 1 if there are any already processed (i.e. decrypted) packets waiting + * to be read from the QRX. + */ +int ossl_qrx_processed_read_pending(OSSL_QRX *qrx); + +/* + * Returns 1 if there are any unprocessed (i.e. not yet decrypted) packets + * waiting to be processed by the QRX. These may or may not result in + * successfully decrypted packets once processed. This indicates whether + * unprocessed data is buffered by the QRX, not whether any data is available in + * a kernel socket buffer. + */ +int ossl_qrx_unprocessed_read_pending(OSSL_QRX *qrx); + +/* + * Returns the number of UDP payload bytes received from the network so far + * since the last time this counter was cleared. If clear is 1, clears the + * counter and returns the old value. + * + * The intended use of this is to allow callers to determine how much credit to + * add to their anti-amplification budgets. This is reported separately instead + * of in the OSSL_QRX_PKT structure so that a caller can apply + * anti-amplification credit as soon as a datagram is received, before it has + * necessarily read all processed packets contained within that datagram from + * the QRX. + */ +uint64_t ossl_qrx_get_bytes_received(OSSL_QRX *qrx, int clear); + +/* + * Sets a callback which is called when a packet is received and being validated + * before being queued in the read queue. This is called after packet body + * decryption and authentication to prevent exposing side channels. pn_space is + * a QUIC_PN_SPACE_* value denoting which PN space the PN belongs to. + * + * If this callback returns 1, processing continues normally. + * If this callback returns 0, the packet is discarded. + * + * Other packets in the same datagram will still be processed where possible. + * + * The callback is optional and can be unset by passing NULL for cb. + * cb_arg is an opaque value passed to cb. + */ +typedef int (ossl_qrx_late_validation_cb)(QUIC_PN pn, int pn_space, + void *arg); + +int ossl_qrx_set_late_validation_cb(OSSL_QRX *qrx, + ossl_qrx_late_validation_cb *cb, + void *cb_arg); + +/* + * Forcibly injects a URXE which has been issued by the DEMUX into the QRX for + * processing. This can be used to pass a received datagram to the QRX if it + * would not be correctly routed to the QRX via standard DCID-based routing; for + * example, when handling an incoming Initial packet which is attempting to + * establish a new connection. + */ +void ossl_qrx_inject_urxe(OSSL_QRX *qrx, QUIC_URXE *e); + +/* + * Decryption of 1-RTT packets must be explicitly enabled by calling this + * function. This is to comply with the requirement that we not process 1-RTT + * packets until the handshake is complete, even if we already have 1-RTT + * secrets. Even if a 1-RTT secret is provisioned for the QRX, incoming 1-RTT + * packets will be handled as though no key is available until this function is + * called. Calling this function will then requeue any such deferred packets for + * processing. + */ +void ossl_qrx_allow_1rtt_processing(OSSL_QRX *qrx); + +/* + * Key Update (RX) + * =============== + * + * Key update on the RX side is a largely but not entirely automatic process. + * + * Key update is initially triggered by receiving a 1-RTT packet with a + * different Key Phase value. This could be caused by an attacker in the network + * flipping random bits, therefore such a key update is tentative until the + * packet payload is successfully decrypted and authenticated by the AEAD with + * the 'next' keys. These 'next' keys then become the 'current' keys and the + * 'current' keys then become the 'previous' keys. The 'previous' keys must be + * kept around temporarily as some packets may still be in flight in the network + * encrypted with the old keys. If the old Key Phase value is X and the new Key + * Phase Value is Y (where obviously X != Y), this creates an ambiguity as any + * new packet received with a KP of X could either be an attempt to initiate yet + * another key update right after the last one, or an old packet encrypted + * before the key update. + * + * RFC 9001 provides some guidance on handling this issue: + * + * Strategy 1: + * Three keys, disambiguation using packet numbers + * + * "A recovered PN that is lower than any PN from the current KP uses the + * previous packet protection keys; a recovered PN that is higher than any + * PN from the current KP requires use of the next packet protection + * keys." + * + * Strategy 2: + * Two keys and a timer + * + * "Alternatively, endpoints can retain only two sets of packet protection + * keys, swapping previous keys for next after enough time has passed to + * allow for reordering in the network. In this case, the KP bit alone can + * be used to select keys." + * + * Strategy 2 is more efficient (we can keep fewer cipher contexts around) and + * should cover all actually possible network conditions. It also allows a delay + * after we make the 'next' keys our 'current' keys before we generate new + * 'next' keys, which allows us to mitigate against malicious peers who try to + * initiate an excessive number of key updates. + * + * We therefore model the following state machine: + * + * + * PROVISIONED + * _______________________________ + * | | + * UNPROVISIONED --|----> NORMAL <----------\ |------> DISCARDED + * | | | | + * | | | | + * | v | | + * | UPDATING | | + * | | | | + * | | | | + * | v | | + * | COOLDOWN | | + * | | | | + * | | | | + * | \---------------| | + * |_______________________________| + * + * + * The RX starts (once a secret has been provisioned) in the NORMAL state. In + * the NORMAL state, the current expected value of the Key Phase bit is + * recorded. When a flipped Key Phase bit is detected, the RX attempts to + * decrypt and authenticate the received packet with the 'next' keys rather than + * the 'current' keys. If (and only if) this authentication is successful, we + * move to the UPDATING state. (An attacker in the network could flip + * the Key Phase bit randomly, so it is essential we do nothing until AEAD + * authentication is complete.) + * + * In the UPDATING state, we know a key update is occurring and record + * the new Key Phase bit value as the newly current value, but we still keep the + * old keys around so that we can still process any packets which were still in + * flight when the key update was initiated. In the UPDATING state, a + * Key Phase bit value different to the current expected value is treated not as + * the initiation of another key update, but a reference to our old keys. + * + * Eventually we will be reasonably sure we are not going to receive any more + * packets with the old keys. At this point, we can transition to the COOLDOWN + * state. This transition occurs automatically after a certain amount of time; + * RFC 9001 recommends it be the PTO interval, which relates to our RTT to the + * peer. The duration also SHOULD NOT exceed three times the PTO to assist with + * maintaining PFS. + * + * In the COOLDOWN phase, the old keys have been securely erased and only one + * set of keys can be used: the current keys. If a packet is received with a Key + * Phase bit value different to the current Key Phase Bit value, this is treated + * as a request for a Key Update, but this request is ignored and the packet is + * treated as malformed. We do this to allow mitigation against malicious peers + * trying to initiate an excessive number of Key Updates. The timeout for the + * transition from UPDATING to COOLDOWN is recommended as adequate for + * this purpose in itself by the RFC, so the normal additional timeout value for + * the transition from COOLDOWN to normal is zero (immediate transition). + * + * A summary of each state: + * + * Epoch Exp KP Uses Keys KS0 KS1 If Non-Expected KP Bit + * ----- ------ --------- ------ ----- ---------------------- + * NORMAL 0 0 Keyset 0 Gen 0 Gen 1 → UPDATING + * UPDATING 1 1 Keyset 1 Gen 0 Gen 1 Use Keyset 0 + * COOLDOWN 1 1 Keyset 1 Erased Gen 1 Ignore Packet (*) + * + * NORMAL 1 1 Keyset 1 Gen 2 Gen 1 → UPDATING + * UPDATING 2 0 Keyset 0 Gen 2 Gen 1 Use Keyset 1 + * COOLDOWN 2 0 Keyset 0 Gen 2 Erased Ignore Packet (*) + * + * (*) Actually implemented by attempting to decrypt the packet with the + * wrong keys (which ultimately has the same outcome), as recommended + * by RFC 9001 to avoid creating timing channels. + * + * Note that the key material for the next key generation ("key epoch") is + * always kept in the NORMAL state (necessary to avoid side-channel attacks). + * This material is derived during the transition from COOLDOWN to NORMAL. + * + * Note that when a peer initiates a Key Update, we MUST also initiate a Key + * Update as per the RFC. The caller is responsible for detecting this condition + * and making the necessary calls to the TX side by detecting changes to the + * return value of ossl_qrx_get_key_epoch(). + * + * The above states (NORMAL, UPDATING, COOLDOWN) can themselves be + * considered substates of the PROVISIONED state. Providing a secret to the QRX + * for an EL transitions from UNPROVISIONED, the initial state, to PROVISIONED + * (NORMAL). Dropping key material for an EL transitions from whatever the + * current substate of the PROVISIONED state is to the DISCARDED state, which is + * the terminal state. + * + * Note that non-1RTT ELs cannot undergo key update, therefore a non-1RTT EL is + * always in the NORMAL substate if it is in the PROVISIONED state. + */ + +/* + * Return the current RX key epoch for the 1-RTT encryption level. This is + * initially zero and is incremented by one for every Key Update successfully + * signalled by the peer. If the 1-RTT EL has not yet been provisioned or has + * been discarded, returns UINT64_MAX. + * + * A necessary implication of this API is that the least significant bit of the + * returned value corresponds to the currently expected Key Phase bit, though + * callers are not anticipated to have any need of this information. + * + * It is not possible for the returned value to overflow, as a QUIC connection + * cannot support more than 2**62 packet numbers, and a connection must be + * terminated if this limit is reached. + * + * The caller should use this function to detect when the key epoch has changed + * and use it to initiate a key update on the TX side. + * + * The value returned by this function increments specifically at the transition + * from the NORMAL to the UPDATING state discussed above. + */ +uint64_t ossl_qrx_get_key_epoch(OSSL_QRX *qrx); + +/* + * Sets an optional callback which will be called when the key epoch changes. + * + * The callback is optional and can be unset by passing NULL for cb. + * cb_arg is an opaque value passed to cb. pn is the PN of the packet. + * Since key update is only supported for 1-RTT packets, the PN is always + * in the Application Data PN space. +*/ +typedef void (ossl_qrx_key_update_cb)(QUIC_PN pn, void *arg); + +int ossl_qrx_set_key_update_cb(OSSL_QRX *qrx, + ossl_qrx_key_update_cb *cb, void *cb_arg); + +/* + * Relates to the 1-RTT encryption level. The caller should call this after the + * UPDATING state is reached, after a timeout to be determined by the caller. + * + * This transitions from the UPDATING state to the COOLDOWN state (if + * still in the UPDATING state). If normal is 1, then transitions from + * the COOLDOWN state to the NORMAL state. Both transitions can be performed at + * once if desired. + * + * If in the normal state, or if in the COOLDOWN state and normal is 0, this is + * a no-op and returns 1. Returns 0 if the 1-RTT EL has not been provisioned or + * has been dropped. + * + * It is essential that the caller call this within a few PTO intervals of a key + * update occurring (as detected by the caller in a call to + * ossl_qrx_key_get_key_epoch()), as otherwise the peer will not be able to + * perform a Key Update ever again. + */ +int ossl_qrx_key_update_timeout(OSSL_QRX *qrx, int normal); + + +/* + * Key Expiration + * ============== + */ + +/* + * Returns the number of seemingly forged packets which have been received by + * the QRX. If this value reaches the value returned by + * ossl_qrx_get_max_epoch_forged_pkt_count() for a given EL, all further + * received encrypted packets for that EL will be discarded without processing. + * + * Note that the forged packet limit is for the connection lifetime, thus it is + * not reset by a key update. It is suggested that the caller terminate the + * connection a reasonable margin before the limit is reached. However, the + * exact limit imposed does vary by EL due to the possibility that different ELs + * use different AEADs. + */ +uint64_t ossl_qrx_get_cur_forged_pkt_count(OSSL_QRX *qrx); + +/* + * Returns the maximum number of forged packets which the record layer will + * permit to be verified using this QRX instance. + */ +uint64_t ossl_qrx_get_max_forged_pkt_count(OSSL_QRX *qrx, + uint32_t enc_level); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_record_tx.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_record_tx.h new file mode 100644 index 00000000..f3b798fe --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_record_tx.h @@ -0,0 +1,383 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_RECORD_TX_H +# define OSSL_QUIC_RECORD_TX_H + +# include +# include "internal/quic_wire_pkt.h" +# include "internal/quic_types.h" +# include "internal/quic_record_util.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Record Layer - TX + * ====================== + */ +typedef struct ossl_qtx_iovec_st { + const unsigned char *buf; + size_t buf_len; +} OSSL_QTX_IOVEC; + +typedef struct ossl_qtx_st OSSL_QTX; + +typedef int (*ossl_mutate_packet_cb)(const QUIC_PKT_HDR *hdrin, + const OSSL_QTX_IOVEC *iovecin, size_t numin, + QUIC_PKT_HDR **hdrout, + const OSSL_QTX_IOVEC **iovecout, + size_t *numout, + void *arg); + +typedef void (*ossl_finish_mutate_cb)(void *arg); + +typedef struct ossl_qtx_args_st { + OSSL_LIB_CTX *libctx; + const char *propq; + + /* BIO to transmit to. */ + BIO *bio; + + /* Maximum datagram payload length (MDPL) for TX purposes. */ + size_t mdpl; +} OSSL_QTX_ARGS; + +/* Instantiates a new QTX. */ +OSSL_QTX *ossl_qtx_new(const OSSL_QTX_ARGS *args); + +/* Frees the QTX. */ +void ossl_qtx_free(OSSL_QTX *qtx); + +/* Set mutator callbacks for test framework support */ +void ossl_qtx_set_mutator(OSSL_QTX *qtx, ossl_mutate_packet_cb mutatecb, + ossl_finish_mutate_cb finishmutatecb, void *mutatearg); + +/* Setters for the msg_callback and the msg_callback_arg */ +void ossl_qtx_set_msg_callback(OSSL_QTX *qtx, ossl_msg_cb msg_callback, + SSL *msg_callback_ssl); +void ossl_qtx_set_msg_callback_arg(OSSL_QTX *qtx, void *msg_callback_arg); + +/* + * Secret Management + * ----------------- + */ + +/* + * Provides a secret to the QTX, which arises due to an encryption level change. + * enc_level is a QUIC_ENC_LEVEL_* value. + * + * This function can be used to initialise the INITIAL encryption level, but you + * should not do so directly; see the utility function + * ossl_qrl_provide_initial_secret() instead, which can initialise the INITIAL + * encryption level of a QRX and QTX simultaneously without duplicating certain + * key derivation steps. + * + * You must call this function for a given EL before transmitting packets at + * that EL using this QTX, otherwise ossl_qtx_write_pkt will fail. + * + * suite_id is a QRL_SUITE_* value which determines the AEAD function used for + * the QTX. + * + * The secret passed is used directly to derive the "quic key", "quic iv" and + * "quic hp" values. + * + * secret_len is the length of the secret buffer in bytes. The buffer must be + * sized correctly to the chosen suite, else the function fails. + * + * This function can only be called once for a given EL, except for the INITIAL + * EL, as the INITIAL EL can need to be rekeyed if connection retry occurs. + * Subsequent calls for non-INITIAL ELs fail. Calls made after a corresponding + * call to ossl_qtx_discard_enc_level for a given EL also fail, including for + * the INITIAL EL. The secret for a non-INITIAL EL cannot be changed after it is + * set because QUIC has no facility for introducing additional key material + * after an EL is setup. (QUIC key updates generate new keys from existing key + * material and do not introduce new entropy into a connection's key material.) + * + * Returns 1 on success or 0 on failure. + */ +int ossl_qtx_provide_secret(OSSL_QTX *qtx, + uint32_t enc_level, + uint32_t suite_id, + EVP_MD *md, + const unsigned char *secret, + size_t secret_len); + +/* + * Informs the QTX that it can now discard key material for a given EL. The QTX + * will no longer be able to generate packets at that EL. This function is + * idempotent and succeeds if the EL has already been discarded. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_qtx_discard_enc_level(OSSL_QTX *qtx, uint32_t enc_level); + +/* Returns 1 if the given encryption level is provisioned. */ +int ossl_qtx_is_enc_level_provisioned(OSSL_QTX *qtx, uint32_t enc_level); + +/* + * Given the value ciphertext_len representing an encrypted packet payload + * length in bytes, determines how many plaintext bytes it will decrypt to. + * Returns 0 if the specified EL is not provisioned or ciphertext_len is too + * small. The result is written to *plaintext_len. + */ +int ossl_qtx_calculate_plaintext_payload_len(OSSL_QTX *qtx, uint32_t enc_level, + size_t ciphertext_len, + size_t *plaintext_len); + +/* + * Given the value plaintext_len represented a plaintext packet payload length + * in bytes, determines how many ciphertext bytes it will encrypt to. The value + * output does not include packet headers. Returns 0 if the specified EL is not + * provisioned. The result is written to *ciphertext_len. + */ +int ossl_qtx_calculate_ciphertext_payload_len(OSSL_QTX *qtx, uint32_t enc_level, + size_t plaintext_len, + size_t *ciphertext_len); + +uint32_t ossl_qrl_get_suite_cipher_tag_len(uint32_t suite_id); + + +/* + * Packet Transmission + * ------------------- + */ + +typedef struct ossl_qtx_pkt_st { + /* Logical packet header to be serialized. */ + QUIC_PKT_HDR *hdr; + + /* + * iovecs expressing the logical packet payload buffer. Zero-length entries + * are permitted. + */ + const OSSL_QTX_IOVEC *iovec; + size_t num_iovec; + + /* Destination address. Will be passed through to the BIO if non-NULL. */ + const BIO_ADDR *peer; + + /* + * Local address (optional). Specify as non-NULL only if TX BIO + * has local address support enabled. + */ + const BIO_ADDR *local; + + /* + * Logical PN. Used for encryption. This will automatically be encoded to + * hdr->pn, which need not be initialized. + */ + QUIC_PN pn; + + /* Packet flags. Zero or more OSSL_QTX_PKT_FLAG_* values. */ + uint32_t flags; +} OSSL_QTX_PKT; + +/* + * More packets will be written which should be coalesced into a single + * datagram; do not send this packet yet. To use this, set this flag for all + * packets but the final packet in a datagram, then send the final packet + * without this flag set. + * + * This flag is not a guarantee and the QTX may transmit immediately anyway if + * it is not possible to fit any more packets in the current datagram. + * + * If the caller change its mind and needs to cause a packet queued with + * COALESCE after having passed it to this function but without writing another + * packet, it should call ossl_qtx_flush_pkt(). + */ +#define OSSL_QTX_PKT_FLAG_COALESCE (1U << 0) + +/* + * Writes a packet. + * + * *pkt need be valid only for the duration of the call to this function. + * + * pkt->hdr->data and pkt->hdr->len are unused. The payload buffer is specified + * via an array of OSSL_QTX_IOVEC structures. The API is designed to support + * single-copy transmission; data is copied from the iovecs as it is encrypted + * into an internal staging buffer for transmission. + * + * The function may modify and clobber pkt->hdr->data, pkt->hdr->len, + * pkt->hdr->key_phase and pkt->hdr->pn for its own internal use. No other + * fields of pkt or pkt->hdr will be modified. + * + * It is the callers responsibility to determine how long the PN field in the + * encoded packet should be by setting pkt->hdr->pn_len. This function takes + * care of the PN encoding. Set pkt->pn to the desired PN. + * + * Note that 1-RTT packets do not have a DCID Length field, therefore the DCID + * length must be understood contextually. This function assumes the caller + * knows what it is doing and will serialize a DCID of whatever length is given. + * It is the caller's responsibility to ensure it uses a consistent DCID length + * for communication with any given set of remote peers. + * + * The packet is queued regardless of whether it is able to be sent immediately. + * This enables packets to be batched and sent at once on systems which support + * system calls to send multiple datagrams in a single system call (see + * BIO_sendmmsg). To flush queued datagrams to the network, see + * ossl_qtx_flush_net(). + * + * Returns 1 on success or 0 on failure. + */ +int ossl_qtx_write_pkt(OSSL_QTX *qtx, const OSSL_QTX_PKT *pkt); + +/* + * Finish any incomplete datagrams for transmission which were flagged for + * coalescing. If there is no current coalescing datagram, this is a no-op. + */ +void ossl_qtx_finish_dgram(OSSL_QTX *qtx); + +/* + * (Attempt to) flush any datagrams which are queued for transmission. Note that + * this does not cancel coalescing; call ossl_qtx_finish_dgram() first if that + * is desired. The queue is drained into the OS's sockets as much as possible. + * To determine if there is still data to be sent after calling this function, + * use ossl_qtx_get_queue_len_bytes(). + * + * Returns one of the following values: + * + * QTX_FLUSH_NET_RES_OK + * Either no packets are currently queued for transmission, + * or at least one packet was successfully submitted. + * + * QTX_FLUSH_NET_RES_TRANSIENT_FAIL + * The underlying network write BIO indicated a transient error + * (e.g. buffers full). + * + * QTX_FLUSH_NET_RES_PERMANENT_FAIL + * Internal error (e.g. assertion or allocation error) + * or the underlying network write BIO indicated a non-transient + * error. + */ +#define QTX_FLUSH_NET_RES_OK 1 +#define QTX_FLUSH_NET_RES_TRANSIENT_FAIL (-1) +#define QTX_FLUSH_NET_RES_PERMANENT_FAIL (-2) + +int ossl_qtx_flush_net(OSSL_QTX *qtx); + +/* + * Diagnostic function. If there is any datagram pending transmission, pops it + * and writes the details of the datagram as they would have been passed to + * *msg. Returns 1, or 0 if there are no datagrams pending. For test use only. + */ +int ossl_qtx_pop_net(OSSL_QTX *qtx, BIO_MSG *msg); + +/* Returns number of datagrams which are fully-formed but not yet sent. */ +size_t ossl_qtx_get_queue_len_datagrams(OSSL_QTX *qtx); + +/* + * Returns number of payload bytes across all datagrams which are fully-formed + * but not yet sent. Does not count any incomplete coalescing datagram. + */ +size_t ossl_qtx_get_queue_len_bytes(OSSL_QTX *qtx); + +/* + * Returns number of bytes in the current coalescing datagram, or 0 if there is + * no current coalescing datagram. Returns 0 after a call to + * ossl_qtx_finish_dgram(). + */ +size_t ossl_qtx_get_cur_dgram_len_bytes(OSSL_QTX *qtx); + +/* + * Returns number of queued coalesced packets which have not been put into a + * datagram yet. If this is non-zero, ossl_qtx_flush_pkt() needs to be called. + */ +size_t ossl_qtx_get_unflushed_pkt_count(OSSL_QTX *qtx); + +/* + * Change the BIO being used by the QTX. May be NULL if actual transmission is + * not currently required. Does not up-ref the BIO; the caller is responsible + * for ensuring the lifetime of the BIO exceeds the lifetime of the QTX. + */ +void ossl_qtx_set_bio(OSSL_QTX *qtx, BIO *bio); + +/* Changes the MDPL. */ +int ossl_qtx_set_mdpl(OSSL_QTX *qtx, size_t mdpl); + +/* Retrieves the current MDPL. */ +size_t ossl_qtx_get_mdpl(OSSL_QTX *qtx); + + +/* + * Key Update + * ---------- + * + * For additional discussion of key update considerations, see QRX header file. + */ + +/* + * Triggers a key update. The key update will be started by inverting the Key + * Phase bit of the next packet transmitted; no key update occurs until the next + * packet is transmitted. Thus, this function should generally be called + * immediately before queueing the next packet. + * + * There are substantial requirements imposed by RFC 9001 on under what + * circumstances a key update can be initiated. The caller is responsible for + * meeting most of these requirements. For example, this function cannot be + * called too soon after a previous key update has occurred. Key updates also + * cannot be initiated until the 1-RTT encryption level is reached. + * + * As a sanity check, this function will fail and return 0 if the non-1RTT + * encryption levels have not yet been dropped. + * + * The caller may decide itself to initiate a key update, but it also MUST + * initiate a key update where it detects that the peer has initiated a key + * update. The caller is responsible for initiating a TX key update by calling + * this function in this circumstance; thus, the caller is responsible for + * coupling the RX and TX QUIC record layers in this way. + */ +int ossl_qtx_trigger_key_update(OSSL_QTX *qtx); + + +/* + * Key Expiration + * -------------- + */ + +/* + * Returns the number of packets which have been encrypted for transmission with + * the current set of TX keys (the current "TX key epoch"). Reset to zero after + * a key update and incremented for each packet queued. If enc_level is not + * valid or relates to an EL which is not currently available, returns + * UINT64_MAX. + */ +uint64_t ossl_qtx_get_cur_epoch_pkt_count(OSSL_QTX *qtx, uint32_t enc_level); + +/* + * Returns the maximum number of packets which the record layer will permit to + * be encrypted using the current set of TX keys. If this limit is reached (that + * is, if the counter returned by ossl_qrx_tx_get_cur_epoch_pkt_count() reaches + * this value), as a safety measure, the QTX will not permit any further packets + * to be queued. All calls to ossl_qrx_write_pkt that try to send packets of a + * kind which need to be encrypted will fail. It is not possible to recover from + * this condition and the QTX must then be destroyed; therefore, callers should + * ensure they always trigger a key update well in advance of reaching this + * limit. + * + * The value returned by this function is based on the ciphersuite configured + * for the given encryption level. If keys have not been provisioned for the + * specified enc_level or the enc_level argument is invalid, this function + * returns UINT64_MAX, which is not a valid value. Note that it is not possible + * to perform a key update at any encryption level other than 1-RTT, therefore + * if this limit is reached at earlier encryption levels (which should not be + * possible) the connection must be terminated. Since this condition precludes + * the transmission of further packets, the only possible signalling of such an + * error condition to a peer is a Stateless Reset packet. + */ +uint64_t ossl_qtx_get_max_epoch_pkt_count(OSSL_QTX *qtx, uint32_t enc_level); + +/* + * Get the 1-RTT EL key epoch number for the QTX. This is intended for + * diagnostic purposes. Returns 0 if 1-RTT EL is not provisioned yet. + */ +uint64_t ossl_qtx_get_key_epoch(OSSL_QTX *qtx); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_record_util.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_record_util.h new file mode 100644 index 00000000..97e630d9 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_record_util.h @@ -0,0 +1,116 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_RECORD_UTIL_H +# define OSSL_QUIC_RECORD_UTIL_H + +# include +# include "internal/quic_types.h" + +# ifndef OPENSSL_NO_QUIC + +struct ossl_qrx_st; +struct ossl_qtx_st; + +/* + * QUIC Key Derivation Utilities + * ============================= + */ + +/* HKDF-Extract(salt, IKM) (RFC 5869) */ +int ossl_quic_hkdf_extract(OSSL_LIB_CTX *libctx, + const char *propq, + const EVP_MD *md, + const unsigned char *salt, size_t salt_len, + const unsigned char *ikm, size_t ikm_len, + unsigned char *out, size_t out_len); + +/* + * A QUIC client sends its first INITIAL packet with a random DCID, which + * is used to compute the secrets used for INITIAL packet encryption in both + * directions (both client-to-server and server-to-client). + * + * This function performs the necessary DCID-based key derivation, and then + * provides the derived key material for the INITIAL encryption level to a QRX + * instance, a QTX instance, or both. + * + * This function derives the necessary key material and then: + * - if qrx is non-NULL, provides the appropriate secret to it; + * - if qtx is non-NULL, provides the appropriate secret to it. + * + * If both qrx and qtx are NULL, this is a no-op. This function is equivalent to + * making the appropriate calls to ossl_qrx_provide_secret() and + * ossl_qtx_provide_secret(). + * + * It is possible to use a QRX or QTX without ever calling this, for example if + * there is no desire to handle INITIAL packets (e.g. if a QRX/QTX is + * instantiated to succeed a previous QRX/QTX and handle a connection which is + * already established). However in this case you should make sure you call + * ossl_qrx_discard_enc_level(); see the header for that function for more + * details. Calling ossl_qtx_discard_enc_level() is not essential but could + * protect against programming errors. + * + * Returns 1 on success or 0 on error. + */ +int ossl_quic_provide_initial_secret(OSSL_LIB_CTX *libctx, + const char *propq, + const QUIC_CONN_ID *dst_conn_id, + int is_server, + struct ossl_qrx_st *qrx, + struct ossl_qtx_st *qtx); + +/* + * QUIC Record Layer Ciphersuite Info + * ================================== + */ + +/* Available QUIC Record Layer (QRL) ciphersuites. */ +# define QRL_SUITE_AES128GCM 1 /* SHA256 */ +# define QRL_SUITE_AES256GCM 2 /* SHA384 */ +# define QRL_SUITE_CHACHA20POLY1305 3 /* SHA256 */ + +/* Returns cipher name in bytes or NULL if suite ID is invalid. */ +const char *ossl_qrl_get_suite_cipher_name(uint32_t suite_id); + +/* Returns hash function name in bytes or NULL if suite ID is invalid. */ +const char *ossl_qrl_get_suite_md_name(uint32_t suite_id); + +/* Returns secret length in bytes or 0 if suite ID is invalid. */ +uint32_t ossl_qrl_get_suite_secret_len(uint32_t suite_id); + +/* Returns key length in bytes or 0 if suite ID is invalid. */ +uint32_t ossl_qrl_get_suite_cipher_key_len(uint32_t suite_id); + +/* Returns IV length in bytes or 0 if suite ID is invalid. */ +uint32_t ossl_qrl_get_suite_cipher_iv_len(uint32_t suite_id); + +/* Returns AEAD auth tag length in bytes or 0 if suite ID is invalid. */ +uint32_t ossl_qrl_get_suite_cipher_tag_len(uint32_t suite_id); + +/* Returns a QUIC_HDR_PROT_CIPHER_* value or 0 if suite ID is invalid. */ +uint32_t ossl_qrl_get_suite_hdr_prot_cipher_id(uint32_t suite_id); + +/* Returns header protection key length in bytes or 0 if suite ID is invalid. */ +uint32_t ossl_qrl_get_suite_hdr_prot_key_len(uint32_t suite_id); + +/* + * Returns maximum number of packets which may be safely encrypted with a suite + * or 0 if suite ID is invalid. + */ +uint64_t ossl_qrl_get_suite_max_pkt(uint32_t suite_id); + +/* + * Returns maximum number of RX'd packets which may safely fail AEAD decryption + * for a given suite or 0 if suite ID is invalid. + */ +uint64_t ossl_qrl_get_suite_max_forged_pkt(uint32_t suite_id); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_rx_depack.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_rx_depack.h new file mode 100644 index 00000000..c90964a7 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_rx_depack.h @@ -0,0 +1,21 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_RX_DEPACK_H +# define OSSL_QUIC_RX_DEPACK_H + +# include "internal/quic_channel.h" + +# ifndef OPENSSL_NO_QUIC + +int ossl_quic_handle_frames(QUIC_CHANNEL *qc, OSSL_QRX_PKT *qpacket); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_sf_list.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_sf_list.h new file mode 100644 index 00000000..8ed1dcb1 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_sf_list.h @@ -0,0 +1,151 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_SF_LIST_H +# define OSSL_QUIC_SF_LIST_H + +#include "internal/common.h" +#include "internal/uint_set.h" +#include "internal/quic_record_rx.h" + +/* + * Stream frame list + * ================= + * + * This data structure supports similar operations as uint64 set but + * it has slightly different invariants and also carries data associated with + * the ranges in the list. + * + * Operations: + * Insert frame (optimized insertion at the beginning and at the end). + * Iterated peek into the frame(s) from the beginning. + * Dropping frames from the beginning up to an offset (exclusive). + * + * Invariant: The frames in the list are sorted by the start and end bounds. + * Invariant: There are no fully overlapping frames or frames that would + * be fully encompassed by another frame in the list. + * Invariant: No frame has start > end. + * Invariant: The range start is inclusive the end is exclusive to be + * able to mark an empty frame. + * Invariant: The offset never points further than into the first frame. + */ +# ifndef OPENSSL_NO_QUIC + +typedef struct stream_frame_st STREAM_FRAME; + +typedef struct sframe_list_st { + STREAM_FRAME *head, *tail; + /* Is the tail frame final. */ + unsigned int fin; + /* Number of stream frames in the list. */ + size_t num_frames; + /* Offset of data not yet dropped */ + uint64_t offset; + /* Is head locked ? */ + int head_locked; + /* Cleanse data on release? */ + int cleanse; +} SFRAME_LIST; + +/* + * Initializes the stream frame list fl. + */ +void ossl_sframe_list_init(SFRAME_LIST *fl); + +/* + * Destroys the stream frame list fl releasing any data + * still present inside it. + */ +void ossl_sframe_list_destroy(SFRAME_LIST *fl); + +/* + * Insert a stream frame data into the list. + * The data covers an offset range (range.start is inclusive, + * range.end is exclusive). + * fin should be set if this is the final frame of the stream. + * Returns an error if a frame cannot be inserted - due to + * STREAM_FRAME allocation error, or in case of erroneous + * fin flag (this is an ossl_assert() check so a caller must + * check it on its own too). + */ +int ossl_sframe_list_insert(SFRAME_LIST *fl, UINT_RANGE *range, + OSSL_QRX_PKT *pkt, + const unsigned char *data, int fin); + +/* + * Iterator to peek at the contiguous frames at the beginning + * of the frame list fl. + * The *data covers an offset range (range.start is inclusive, + * range.end is exclusive). + * *fin is set if this is the final frame of the stream. + * Opaque iterator *iter can be used to peek at the subsequent + * frame if there is any without any gap before it. + * Returns 1 on success. + * Returns 0 if there is no further contiguous frame. In that + * case *fin is set, if the end of the stream is reached. + */ +int ossl_sframe_list_peek(const SFRAME_LIST *fl, void **iter, + UINT_RANGE *range, const unsigned char **data, + int *fin); + +/* + * Drop all frames up to the offset limit. + * Also unlocks the head frame if locked. + * Returns 1 on success. + * Returns 0 when trying to drop frames at offsets that were not + * received yet. (ossl_assert() is used to check, so this is an invalid call.) + */ +int ossl_sframe_list_drop_frames(SFRAME_LIST *fl, uint64_t limit); + +/* + * Locks and returns the head frame of fl if it is readable - read offset is + * at the beginning or middle of the frame. + * range is set to encompass the not yet read part of the head frame, + * data pointer is set to appropriate offset within the frame if the read + * offset points in the middle of the frame, + * fin is set to 1 if the head frame is also the tail frame. + * Returns 1 on success, 0 if there is no readable data or the head + * frame is already locked. + */ +int ossl_sframe_list_lock_head(SFRAME_LIST *fl, UINT_RANGE *range, + const unsigned char **data, + int *fin); + +/* + * Just returns whether the head frame is locked by previous + * ossl_sframe_list_lock_head() call. + */ +int ossl_sframe_list_is_head_locked(SFRAME_LIST *fl); + +/* + * Callback function type to write stream frame data to some + * side storage before the packet containing the frame data + * is released. + * It should return 1 on success or 0 if there is not enough + * space available in the side storage. + */ +typedef int (sframe_list_write_at_cb)(uint64_t logical_offset, + const unsigned char *buf, + size_t buf_len, + void *cb_arg); + +/* + * Move the frame data in all the stream frames in the list fl + * from the packets to the side storage using the write_at_cb + * callback. + * Returns 1 if all the calls to the callback return 1. + * If the callback returns 0, the function stops processing further + * frames and returns 0. + */ +int ossl_sframe_list_move_data(SFRAME_LIST *fl, + sframe_list_write_at_cb *write_at_cb, + void *cb_arg); +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_ssl.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_ssl.h new file mode 100644 index 00000000..52d4527c --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_ssl.h @@ -0,0 +1,132 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_SSL_H +# define OSSL_QUIC_SSL_H + +# include +# include +# include "internal/quic_record_rx.h" /* OSSL_QRX */ +# include "internal/quic_ackm.h" /* OSSL_ACKM */ +# include "internal/quic_channel.h" /* QUIC_CHANNEL */ + +# ifndef OPENSSL_NO_QUIC + +__owur SSL *ossl_quic_new(SSL_CTX *ctx); +__owur int ossl_quic_init(SSL *s); +void ossl_quic_deinit(SSL *s); +void ossl_quic_free(SSL *s); +int ossl_quic_reset(SSL *s); +int ossl_quic_clear(SSL *s); +__owur int ossl_quic_accept(SSL *s); +__owur int ossl_quic_connect(SSL *s); +__owur int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *readbytes); +__owur int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *readbytes); +__owur int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written); +__owur long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg); +__owur long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); +__owur long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void)); +__owur long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)); +__owur size_t ossl_quic_pending(const SSL *s); +__owur int ossl_quic_key_update(SSL *s, int update_type); +__owur int ossl_quic_get_key_update_type(const SSL *s); +__owur const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p); +__owur int ossl_quic_num_ciphers(void); +__owur const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u); +int ossl_quic_renegotiate_check(SSL *ssl, int initok); + +typedef struct quic_conn_st QUIC_CONNECTION; +typedef struct quic_xso_st QUIC_XSO; + +int ossl_quic_do_handshake(SSL *s); +void ossl_quic_set_connect_state(SSL *s); +void ossl_quic_set_accept_state(SSL *s); + +__owur int ossl_quic_has_pending(const SSL *s); +__owur int ossl_quic_handle_events(SSL *s); +__owur int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, + int *is_infinite); +OSSL_TIME ossl_quic_get_event_deadline(SSL *s); +__owur int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *d); +__owur int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *d); +__owur int ossl_quic_get_net_read_desired(SSL *s); +__owur int ossl_quic_get_net_write_desired(SSL *s); +__owur int ossl_quic_get_error(const SSL *s, int i); +__owur int ossl_quic_want(const SSL *s); +__owur int ossl_quic_conn_get_blocking_mode(const SSL *s); +__owur int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking); +__owur int ossl_quic_conn_shutdown(SSL *s, uint64_t flags, + const SSL_SHUTDOWN_EX_ARGS *args, + size_t args_len); +__owur int ossl_quic_conn_stream_conclude(SSL *s); +void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_wbio); +void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio); +BIO *ossl_quic_conn_get_net_rbio(const SSL *s); +BIO *ossl_quic_conn_get_net_wbio(const SSL *s); +__owur int ossl_quic_conn_set_initial_peer_addr(SSL *s, + const BIO_ADDR *peer_addr); +__owur SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags); +__owur SSL *ossl_quic_get0_connection(SSL *s); +__owur int ossl_quic_get_stream_type(SSL *s); +__owur uint64_t ossl_quic_get_stream_id(SSL *s); +__owur int ossl_quic_is_stream_local(SSL *s); +__owur int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode); +__owur SSL *ossl_quic_detach_stream(SSL *s); +__owur int ossl_quic_attach_stream(SSL *conn, SSL *stream); +__owur int ossl_quic_set_incoming_stream_policy(SSL *s, int policy, + uint64_t aec); +__owur SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags); +__owur size_t ossl_quic_get_accept_stream_queue_len(SSL *s); + +__owur int ossl_quic_stream_reset(SSL *ssl, + const SSL_STREAM_RESET_ARGS *args, + size_t args_len); + +__owur int ossl_quic_get_stream_read_state(SSL *ssl); +__owur int ossl_quic_get_stream_write_state(SSL *ssl); +__owur int ossl_quic_get_stream_read_error_code(SSL *ssl, + uint64_t *app_error_code); +__owur int ossl_quic_get_stream_write_error_code(SSL *ssl, + uint64_t *app_error_code); +__owur int ossl_quic_get_conn_close_info(SSL *ssl, + SSL_CONN_CLOSE_INFO *info, + size_t info_len); + +uint64_t ossl_quic_set_options(SSL *s, uint64_t opts); +uint64_t ossl_quic_clear_options(SSL *s, uint64_t opts); +uint64_t ossl_quic_get_options(const SSL *s); + +/* Modifies write buffer size for a stream. */ +__owur int ossl_quic_set_write_buffer_size(SSL *s, size_t size); + +/* + * Used to override ossl_time_now() for debug purposes. While this may be + * overridden at any time, expect strange results if you change it after + * connecting. + */ +int ossl_quic_conn_set_override_now_cb(SSL *s, + OSSL_TIME (*now_cb)(void *arg), + void *now_cb_arg); + +/* + * Condvar waiting in the assist thread doesn't support time faking as it relies + * on the OS's notion of time, thus this is used in test code to force a + * spurious wakeup instead. + */ +void ossl_quic_conn_force_assist_thread_wake(SSL *s); + +/* For use by tests only. */ +QUIC_CHANNEL *ossl_quic_conn_get_channel(SSL *s); + +int ossl_quic_has_pending(const SSL *s); +int ossl_quic_get_shutdown(const SSL *s); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_statm.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_statm.h new file mode 100644 index 00000000..5b33551b --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_statm.h @@ -0,0 +1,40 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_STATS_H +# define OSSL_QUIC_STATS_H + +# include +# include "internal/time.h" + +# ifndef OPENSSL_NO_QUIC + +typedef struct ossl_statm_st { + OSSL_TIME smoothed_rtt, latest_rtt, min_rtt, rtt_variance; + char have_first_sample; +} OSSL_STATM; + +typedef struct ossl_rtt_info_st { + /* As defined in RFC 9002. */ + OSSL_TIME smoothed_rtt, latest_rtt, rtt_variance, min_rtt; +} OSSL_RTT_INFO; + +int ossl_statm_init(OSSL_STATM *statm); + +void ossl_statm_destroy(OSSL_STATM *statm); + +void ossl_statm_get_rtt_info(OSSL_STATM *statm, OSSL_RTT_INFO *rtt_info); + +void ossl_statm_update_rtt(OSSL_STATM *statm, + OSSL_TIME ack_delay, + OSSL_TIME override_latest_rtt); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_stream.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_stream.h new file mode 100644 index 00000000..0da8febd --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_stream.h @@ -0,0 +1,429 @@ +/* +* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +* +* Licensed under the Apache License 2.0 (the "License"). You may not use +* this file except in compliance with the License. You can obtain a copy +* in the file LICENSE in the source distribution or at +* https://www.openssl.org/source/license.html +*/ + +#ifndef OSSL_INTERNAL_QUIC_STREAM_H +# define OSSL_INTERNAL_QUIC_STREAM_H +# pragma once + +#include "internal/e_os.h" +#include "internal/time.h" +#include "internal/quic_types.h" +#include "internal/quic_wire.h" +#include "internal/quic_record_tx.h" +#include "internal/quic_record_rx.h" +#include "internal/quic_fc.h" +#include "internal/quic_statm.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Send Stream + * ================ + * + * The QUIC Send Stream Manager (QUIC_SSTREAM) is responsible for: + * + * - accepting octet strings of stream data; + * + * - generating corresponding STREAM frames; + * + * - receiving notifications of lost frames, in order to generate new STREAM + * frames for the lost data; + * + * - receiving notifications of acknowledged frames, in order to internally + * reuse memory used to store acknowledged stream data; + * + * - informing the caller of how much more stream data it can accept into + * its internal buffers, so as to ensure that the amount of unacknowledged + * data which can be written to a stream is not infinite and to allow the + * caller to manifest backpressure conditions to the user. + * + * The QUIC_SSTREAM is instantiated once for every stream with a send component + * (i.e., for a unidirectional send stream or for the send component of a + * bidirectional stream). + * + * Note: The terms 'TX' and 'RX' are used when referring to frames, packets and + * datagrams. The terms 'send' and 'receive' are used when referring to the + * stream abstraction. Applications send; we transmit. + */ +typedef struct quic_sstream_st QUIC_SSTREAM; + +/* + * Instantiates a new QUIC_SSTREAM. init_buf_size specifies the initial size of + * the stream data buffer in bytes, which must be positive. + */ +QUIC_SSTREAM *ossl_quic_sstream_new(size_t init_buf_size); + +/* + * Frees a QUIC_SSTREAM and associated stream data storage. + * + * Any iovecs returned by ossl_quic_sstream_get_stream_frame cease to be valid after + * calling this function. + */ +void ossl_quic_sstream_free(QUIC_SSTREAM *qss); + +/* + * (For TX packetizer use.) Retrieves information about application stream data + * which is ready for transmission. + * + * *hdr is filled with the logical offset, maximum possible length of stream + * data which can be transmitted, and a pointer to the stream data to be + * transmitted. is_fin is set to 1 if hdr->offset + hdr->len is the final size + * of the stream and 0 otherwise. hdr->stream_id is not set; the caller must set + * it. + * + * The caller is not obligated to send all of the data. If the caller does not + * send all of the data, the caller must reduce hdr->len before serializing the + * header structure and must ensure that hdr->is_fin is cleared. + * + * hdr->has_explicit_len is always set. It is the caller's responsibility to + * clear this if it wants to use the optimization of omitting the length field, + * as only the caller can know when this optimization can be performed. + * + * *num_iov must be set to the size of the iov array at call time. When this + * function returns successfully, it is updated to the number of iov entries + * which have been written. + * + * The stream data may be split across up to two IOVs due to internal ring + * buffer organisation. The sum of the lengths of the IOVs and the value written + * to hdr->len will always match. If the caller decides to send less than + * hdr->len of stream data, it must adjust the IOVs accordingly. This may be + * done by updating hdr->len and then calling the utility function + * ossl_quic_sstream_adjust_iov(). + * + * After committing one or more bytes returned by ossl_quic_sstream_get_stream_frame to a + * packet, call ossl_quic_sstream_mark_transmitted with the inclusive range of logical + * byte numbers of the transmitted bytes (i.e., hdr->offset, hdr->offset + + * hdr->len - 1). If you do not call ossl_quic_sstream_mark_transmitted, the next call to + * ossl_quic_sstream_get_stream_frame will return the same data (or potentially the same + * and more, if more data has been appended by the application). + * + * It is the caller's responsibility to clamp the length of data which this + * function indicates is available according to other concerns, such as + * stream-level flow control, connection-level flow control, or the applicable + * maximum datagram payload length (MDPL) for a packet under construction. + * + * The skip argument can usually be given as zero. If it is non-zero, this + * function outputs a range which would be output if it were called again after + * calling ossl_quic_sstream_mark_transmitted() with the returned range, repeated 'skip' + * times, and so on. This may be useful for callers which wish to enumerate + * available stream frames and batch their calls to ossl_quic_sstream_mark_transmitted at + * a later time. + * + * On success, this function will never write *num_iov with a value other than + * 0, 1 or 2. A *num_iov value of 0 can only occurs when hdr->is_fin is set (for + * example, when a stream is closed after all existing data has been sent, and + * without sending any more data); otherwise the function returns 0 as there is + * nothing useful to report. + * + * Returns 1 on success and 0 if there is no stream data available for + * transmission, or on other error (such as if the caller provides fewer + * than two IOVs.) + */ +int ossl_quic_sstream_get_stream_frame(QUIC_SSTREAM *qss, + size_t skip, + OSSL_QUIC_FRAME_STREAM *hdr, + OSSL_QTX_IOVEC *iov, + size_t *num_iov); + +/* + * Returns 1 if there is data pending transmission. Equivalent to calling + * ossl_quic_sstream_get_stream_frame and seeing if it succeeds. + */ +int ossl_quic_sstream_has_pending(QUIC_SSTREAM *qss); + +/* + * Returns the current size of the stream; i.e., the number of bytes which have + * been appended to the stream so far. + */ +uint64_t ossl_quic_sstream_get_cur_size(QUIC_SSTREAM *qss); + +/* + * (For TX packetizer use.) Marks a logical range of the send stream as having + * been transmitted. + * + * 0 denotes the first byte ever sent on the stream. The start and end values + * are both inclusive, therefore all calls to this function always mark at least + * one byte as being transmitted; if no bytes have been transmitted, do not call + * this function. + * + * If the STREAM frame sent had the FIN bit set, you must also call + * ossl_quic_sstream_mark_transmitted_fin() after calling this function. + * + * If you sent a zero-length STREAM frame with the FIN bit set, you need only + * call ossl_quic_sstream_mark_transmitted_fin() and must not call this function. + * + * Returns 1 on success and 0 on error (e.g. if end < start). + */ +int ossl_quic_sstream_mark_transmitted(QUIC_SSTREAM *qss, + uint64_t start, + uint64_t end); + +/* + * (For TX packetizer use.) Marks a STREAM frame with the FIN bit set as having + * been transmitted. final_size is the final size of the stream (i.e., the value + * offset + len of the transmitted STREAM frame). + * + * This function fails returning 0 if ossl_quic_sstream_fin() has not been called or if + * final_size is not correct. The final_size argument is not strictly needed by + * the QUIC_SSTREAM but is required as a sanity check. + */ +int ossl_quic_sstream_mark_transmitted_fin(QUIC_SSTREAM *qss, + uint64_t final_size); + +/* + * (RX/ACKM use.) Marks a logical range of the send stream as having been lost. + * The send stream will return the lost data for retransmission on a future call + * to ossl_quic_sstream_get_stream_frame. The start and end values denote logical byte + * numbers and are inclusive. + * + * If the lost frame had the FIN bit set, you must also call + * ossl_quic_sstream_mark_lost_fin() after calling this function. + * + * Returns 1 on success and 0 on error (e.g. if end < start). + */ +int ossl_quic_sstream_mark_lost(QUIC_SSTREAM *qss, + uint64_t start, + uint64_t end); + +/* + * (RX/ACKM use.) Informs the QUIC_SSTREAM that a STREAM frame with the FIN bit + * set was lost. + * + * Returns 1 on success and 0 on error. + */ +int ossl_quic_sstream_mark_lost_fin(QUIC_SSTREAM *qss); + +/* + * (RX/ACKM use.) Marks a logical range of the send stream as having been + * acknowledged, meaning that the storage for the data in that range of the + * stream can be now recycled and neither that logical range of the stream nor + * any subset of it can be retransmitted again. The start and end values are + * inclusive. + * + * If the acknowledged frame had the FIN bit set, you must also call + * ossl_quic_sstream_mark_acked_fin() after calling this function. + * + * Returns 1 on success and 0 on error (e.g. if end < start). + */ +int ossl_quic_sstream_mark_acked(QUIC_SSTREAM *qss, + uint64_t start, + uint64_t end); + +/* + * (RX/ACKM use.) Informs the QUIC_SSTREAM that a STREAM frame with the FIN bit + * set was acknowledged. + * + * Returns 1 on success and 0 on error. + */ +int ossl_quic_sstream_mark_acked_fin(QUIC_SSTREAM *qss); + +/* + * (Front end use.) Appends user data to the stream. The data is copied into the + * stream. The amount of data consumed from buf is written to *consumed on + * success (short writes are possible). The amount of data which can be written + * can be determined in advance by calling the ossl_quic_sstream_get_buffer_avail() + * function; data is copied into an internal ring buffer of finite size. + * + * If the buffer is full, this should be materialised as a backpressure + * condition by the front end. This is not considered a failure condition; + * *consumed is written as 0 and the function returns 1. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_sstream_append(QUIC_SSTREAM *qss, + const unsigned char *buf, + size_t buf_len, + size_t *consumed); + +/* + * Marks a stream as finished. ossl_quic_sstream_append() may not be called anymore + * after calling this. + */ +void ossl_quic_sstream_fin(QUIC_SSTREAM *qss); + +/* + * If the stream has had ossl_quic_sstream_fin() called, returns 1 and writes + * the final size to *final_size. Otherwise, returns 0. + */ +int ossl_quic_sstream_get_final_size(QUIC_SSTREAM *qss, uint64_t *final_size); + +/* + * Returns 1 iff all bytes (and any FIN, if any) which have been appended to the + * QUIC_SSTREAM so far, and any FIN (if any), have been both sent and acked. + */ +int ossl_quic_sstream_is_totally_acked(QUIC_SSTREAM *qss); + +/* + * Resizes the internal ring buffer. All stream data is preserved safely. + * + * This can be used to expand or contract the ring buffer, but not to contract + * the ring buffer below the amount of stream data currently stored in it. + * Returns 1 on success and 0 on failure. + * + * IMPORTANT: Any buffers referenced by iovecs output by + * ossl_quic_sstream_get_stream_frame() cease to be valid after calling this function. + */ +int ossl_quic_sstream_set_buffer_size(QUIC_SSTREAM *qss, size_t num_bytes); + +/* + * Gets the internal ring buffer size in bytes. + */ +size_t ossl_quic_sstream_get_buffer_size(QUIC_SSTREAM *qss); + +/* + * Gets the number of bytes used in the internal ring buffer. + */ +size_t ossl_quic_sstream_get_buffer_used(QUIC_SSTREAM *qss); + +/* + * Gets the number of bytes free in the internal ring buffer. + */ +size_t ossl_quic_sstream_get_buffer_avail(QUIC_SSTREAM *qss); + +/* + * Utility function to ensure the length of an array of iovecs matches the + * length given as len. Trailing iovecs have their length values reduced or set + * to 0 as necessary. + */ +void ossl_quic_sstream_adjust_iov(size_t len, + OSSL_QTX_IOVEC *iov, + size_t num_iov); + +/* + * Sets flag to cleanse the buffered data when it is acked. + */ +void ossl_quic_sstream_set_cleanse(QUIC_SSTREAM *qss, int cleanse); + +/* + * QUIC Receive Stream Manager + * =========================== + * + * The QUIC Receive Stream Manager (QUIC_RSTREAM) is responsible for + * storing the received stream data frames until the application + * is able to read the data. + * + * The QUIC_RSTREAM is instantiated once for every stream that can receive data. + * (i.e., for a unidirectional receiving stream or for the receiving component + * of a bidirectional stream). + */ +typedef struct quic_rstream_st QUIC_RSTREAM; + +/* + * Create a new instance of QUIC_RSTREAM with pointers to the flow + * controller and statistics module. They can be NULL for unit testing. + * If they are non-NULL, the `rxfc` is called when receive stream data + * is read by application. `statm` is queried for current rtt. + * `rbuf_size` is the initial size of the ring buffer to be used + * when ossl_quic_rstream_move_to_rbuf() is called. + */ +QUIC_RSTREAM *ossl_quic_rstream_new(QUIC_RXFC *rxfc, + OSSL_STATM *statm, size_t rbuf_size); + +/* + * Frees a QUIC_RSTREAM and any associated storage. + */ +void ossl_quic_rstream_free(QUIC_RSTREAM *qrs); + +/* + * Adds received stream frame data to `qrs`. The `pkt_wrap` refcount is + * incremented if the `data` is queued directly without copying. + * It can be NULL for unit-testing purposes, i.e. if `data` is static or + * never released before calling ossl_quic_rstream_free(). + * The `offset` is the absolute offset of the data in the stream. + * `data_len` can be 0 - can be useful for indicating `fin` for empty stream. + * Or to indicate `fin` without any further data added to the stream. + */ + +int ossl_quic_rstream_queue_data(QUIC_RSTREAM *qrs, OSSL_QRX_PKT *pkt, + uint64_t offset, + const unsigned char *data, uint64_t data_len, + int fin); + +/* + * Copies the data from the stream storage to buffer `buf` of size `size`. + * `readbytes` is set to the number of bytes actually copied. + * `fin` is set to 1 if all the data from the stream were read so the + * stream is finished. It is set to 0 otherwise. + */ +int ossl_quic_rstream_read(QUIC_RSTREAM *qrs, unsigned char *buf, size_t size, + size_t *readbytes, int *fin); + +/* + * Peeks at the data in the stream storage. It copies them to buffer `buf` + * of size `size` and sets `readbytes` to the number of bytes actually copied. + * `fin` is set to 1 if the copied data reach end of the stream. + * It is set to 0 otherwise. + */ +int ossl_quic_rstream_peek(QUIC_RSTREAM *qrs, unsigned char *buf, size_t size, + size_t *readbytes, int *fin); + +/* + * Returns the size of the data available for reading. `fin` is set to 1 if + * after reading all the available data the stream will be finished, + * set to 0 otherwise. + */ +int ossl_quic_rstream_available(QUIC_RSTREAM *qrs, size_t *avail, int *fin); + +/* + * Sets *record to the beginning of the first readable stream data chunk and + * *reclen to the size of the chunk. *fin is set to 1 if the end of the + * chunk is the last of the stream data chunks. + * If there is no record available *record is set to NULL and *rec_len to 0; + * ossl_quic_rstream_release_record() should not be called in that case. + * Returns 1 on success (including calls if no record is available, or + * after end of the stream - in that case *fin will be set to 1 and + * *rec_len to 0), 0 on error. + * It is an error to call ossl_quic_rstream_get_record() multiple times + * without calling ossl_quic_rstream_release_record() in between. + */ +int ossl_quic_rstream_get_record(QUIC_RSTREAM *qrs, + const unsigned char **record, size_t *rec_len, + int *fin); + +/* + * Releases (possibly partially) the record returned by + * previous ossl_quic_rstream_get_record() call. + * read_len between previously returned *rec_len and SIZE_MAX indicates + * release of the whole record. Otherwise only part of the record is + * released. The remaining part of the record is unlocked, another + * call to ossl_quic_rstream_get_record() is needed to obtain further + * stream data. + * Returns 1 on success, 0 on error. + * It is an error to call ossl_quic_rstream_release_record() multiple + * times without calling ossl_quic_rstream_get_record() in between. + */ +int ossl_quic_rstream_release_record(QUIC_RSTREAM *qrs, size_t read_len); + +/* + * Moves received frame data from decrypted packets to ring buffer. + * This should be called when there are too many decrypted packets allocated. + * Returns 1 on success, 0 when it was not possible to release all + * referenced packets due to an insufficient size of the ring buffer. + * Exception is the packet from the record returned previously by + * ossl_quic_rstream_get_record() - that one will be always skipped. + */ +int ossl_quic_rstream_move_to_rbuf(QUIC_RSTREAM *qrs); + +/* + * Resizes the internal ring buffer to a new `rbuf_size` size. + * Returns 1 on success, 0 on error. + * Possible error conditions are an allocation failure, trying to resize + * the ring buffer when ossl_quic_rstream_get_record() was called and + * not yet released, or trying to resize the ring buffer to a smaller size + * than currently occupied. + */ +int ossl_quic_rstream_resize_rbuf(QUIC_RSTREAM *qrs, size_t rbuf_size); + +/* + * Sets flag to cleanse the buffered data when user reads it. + */ +void ossl_quic_rstream_set_cleanse(QUIC_RSTREAM *qrs, int cleanse); +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_stream_map.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_stream_map.h new file mode 100644 index 00000000..ae749061 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_stream_map.h @@ -0,0 +1,878 @@ +/* +* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +* +* Licensed under the Apache License 2.0 (the "License"). You may not use +* this file except in compliance with the License. You can obtain a copy +* in the file LICENSE in the source distribution or at +* https://www.openssl.org/source/license.html +*/ + +#ifndef OSSL_INTERNAL_QUIC_STREAM_MAP_H +# define OSSL_INTERNAL_QUIC_STREAM_MAP_H +# pragma once + +# include "internal/e_os.h" +# include "internal/time.h" +# include "internal/common.h" +# include "internal/quic_types.h" +# include "internal/quic_stream.h" +# include "internal/quic_fc.h" +# include + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Stream + * =========== + * + * Logical QUIC stream composing all relevant send and receive components. + */ +typedef struct quic_stream_st QUIC_STREAM; + +typedef struct quic_stream_list_node_st QUIC_STREAM_LIST_NODE; + +struct quic_stream_list_node_st { + QUIC_STREAM_LIST_NODE *prev, *next; +}; + +/* + * QUIC Send Stream States + * ----------------------- + * + * These correspond to the states defined in RFC 9000 s. 3.1, with the + * exception of the NONE state which represents the absence of a send stream + * part. + * + * Invariants in each state are noted in comments below. In particular, once all + * data has been acknowledged received, or we have reset the stream, we don't + * need to keep the QUIC_SSTREAM and data buffers around. Of course, we also + * don't have a QUIC_SSTREAM on a receive-only stream. + */ +#define QUIC_SSTREAM_STATE_NONE 0 /* --- sstream == NULL */ +#define QUIC_SSTREAM_STATE_READY 1 /* \ */ +#define QUIC_SSTREAM_STATE_SEND 2 /* |-- sstream != NULL */ +#define QUIC_SSTREAM_STATE_DATA_SENT 3 /* / */ +#define QUIC_SSTREAM_STATE_DATA_RECVD 4 /* \ */ +#define QUIC_SSTREAM_STATE_RESET_SENT 5 /* |-- sstream == NULL */ +#define QUIC_SSTREAM_STATE_RESET_RECVD 6 /* / */ + +/* + * QUIC Receive Stream States + * -------------------------- + * + * These correspond to the states defined in RFC 9000 s. 3.2, with the exception + * of the NONE state which represents the absence of a receive stream part. + * + * Invariants in each state are noted in comments below. In particular, once all + * data has been read by the application, we don't need to keep the QUIC_RSTREAM + * and data buffers around. If the receive part is instead reset before it is + * finished, we also don't need to keep the QUIC_RSTREAM around. Finally, we + * don't need a QUIC_RSTREAM on a send-only stream. + */ +#define QUIC_RSTREAM_STATE_NONE 0 /* --- rstream == NULL */ +#define QUIC_RSTREAM_STATE_RECV 1 /* \ */ +#define QUIC_RSTREAM_STATE_SIZE_KNOWN 2 /* |-- rstream != NULL */ +#define QUIC_RSTREAM_STATE_DATA_RECVD 3 /* / */ +#define QUIC_RSTREAM_STATE_DATA_READ 4 /* \ */ +#define QUIC_RSTREAM_STATE_RESET_RECVD 5 /* |-- rstream == NULL */ +#define QUIC_RSTREAM_STATE_RESET_READ 6 /* / */ + +struct quic_stream_st { + QUIC_STREAM_LIST_NODE active_node; /* for use by QUIC_STREAM_MAP */ + QUIC_STREAM_LIST_NODE accept_node; /* accept queue of remotely-created streams */ + QUIC_STREAM_LIST_NODE ready_for_gc_node; /* queue of streams now ready for GC */ + + /* Temporary link used by TXP. */ + QUIC_STREAM *txp_next; + + /* + * QUIC Stream ID. Do not assume that this encodes a type as this is a + * version-specific property and may change between QUIC versions; instead, + * use the type field. + */ + uint64_t id; + + /* + * Application Error Code (AEC) used for STOP_SENDING frame. + * This is only valid if stop_sending is 1. + */ + uint64_t stop_sending_aec; + + /* + * Application Error Code (AEC) used for RESET_STREAM frame. + * This is only valid if reset_stream is 1. + */ + uint64_t reset_stream_aec; + + /* + * Application Error Code (AEC) for incoming STOP_SENDING frame. + * This is only valid if peer_stop_sending is 1. + */ + uint64_t peer_stop_sending_aec; + + /* + * Application Error Code (AEC) for incoming RESET_STREAM frame. + * This is only valid if peer_reset_stream is 1. + */ + uint64_t peer_reset_stream_aec; + + /* Temporary value used by TXP. */ + uint64_t txp_txfc_new_credit_consumed; + + /* + * The final size of the send stream. Although this information can be + * discerned from a QUIC_SSTREAM, it is stored separately as we need to keep + * track of this even if we have thrown away the QUIC_SSTREAM. Use + * ossl_quic_stream_send_get_final_size to determine if this contain a + * valid value or if there is no final size yet for a sending part. + * + * For the receive part, the final size is tracked by the stream-level RXFC; + * use ossl_quic_stream_recv_get_final_size or + * ossl_quic_rxfc_get_final_size. + */ + uint64_t send_final_size; + + /* + * Send stream part and receive stream part buffer management objects. + * + * DO NOT test these pointers (sstream, rstream) for NULL. Determine the + * state of the send or receive stream part first using the appropriate + * function; then the invariant of that state guarantees that sstream or + * rstream either is or is not NULL respectively, therefore there is no + * valid use case for testing these pointers for NULL. In particular, a + * stream with a send part can still have sstream as NULL, and a stream with + * a receive part can still have rstream as NULL. QUIC_SSTREAM and + * QUIC_RSTREAM are stream buffer resource management objects which exist + * only when they need to for buffer management purposes. The existence or + * non-existence of a QUIC_SSTREAM or QUIC_RSTREAM object does not + * correspond with whether a stream's respective send or receive part + * logically exists or not. + */ + QUIC_SSTREAM *sstream; /* NULL if RX-only */ + QUIC_RSTREAM *rstream; /* NULL if TX only */ + + /* Stream-level flow control managers. */ + QUIC_TXFC txfc; /* NULL if RX-only */ + QUIC_RXFC rxfc; /* NULL if TX-only */ + + unsigned int type : 8; /* QUIC_STREAM_INITIATOR_*, QUIC_STREAM_DIR_* */ + + unsigned int send_state : 8; /* QUIC_SSTREAM_STATE_* */ + unsigned int recv_state : 8; /* QUIC_RSTREAM_STATE_* */ + + /* 1 iff this QUIC_STREAM is on the active queue (invariant). */ + unsigned int active : 1; + + /* + * This is a copy of the QUIC connection as_server value, indicating + * whether we are locally operating as a server or not. Having this + * significantly simplifies stream type determination relative to our + * perspective. It never changes after a QUIC_STREAM is created and is the + * same for all QUIC_STREAMS under a QUIC_STREAM_MAP. + */ + unsigned int as_server : 1; + + /* + * Has STOP_SENDING been requested (by us)? Note that this is not the same + * as want_stop_sending below, as a STOP_SENDING frame may already have been + * sent and fully acknowledged. + */ + unsigned int stop_sending : 1; + + /* + * Has RESET_STREAM been requested (by us)? Works identically to + * STOP_SENDING for transmission purposes. + */ + /* Has our peer sent a STOP_SENDING frame? */ + unsigned int peer_stop_sending : 1; + + /* Temporary flags used by TXP. */ + unsigned int txp_sent_fc : 1; + unsigned int txp_sent_stop_sending : 1; + unsigned int txp_sent_reset_stream : 1; + unsigned int txp_drained : 1; + unsigned int txp_blocked : 1; + + /* Frame regeneration flags. */ + unsigned int want_max_stream_data : 1; /* used for regen only */ + unsigned int want_stop_sending : 1; /* used for gen or regen */ + unsigned int want_reset_stream : 1; /* used for gen or regen */ + + /* Flags set when frames *we* sent were acknowledged. */ + unsigned int acked_stop_sending : 1; + + /* + * The stream's XSO has been deleted. Pending GC. + * + * Here is how stream deletion works: + * + * - A QUIC_STREAM cannot be deleted until it is neither in the accept + * queue nor has an associated XSO. This condition occurs when and only + * when deleted is true. + * + * - Once this is the case (i.e., no user-facing API object exposing the + * stream), we can delete the stream once we determine that all of our + * protocol obligations requiring us to keep the QUIC_STREAM around have + * been met. + * + * The following frames relate to the streams layer for a specific + * stream: + * + * STREAM + * + * RX Obligations: + * Ignore for a deleted stream. + * + * (This is different from our obligation for a + * locally-initiated stream ID we have not created yet, + * which we must treat as a protocol error. This can be + * distinguished via a simple monotonic counter.) + * + * TX Obligations: + * None, once we've decided to (someday) delete the stream. + * + * STOP_SENDING + * + * We cannot delete the stream until we have finished informing + * the peer that we are not going to be listening to it + * anymore. + * + * RX Obligations: + * When we delete a stream we must have already had a FIN + * or RESET_STREAM we transmitted acknowledged by the peer. + * Thus we can ignore STOP_SENDING frames for deleted + * streams (if they occur, they are probably just + * retransmissions). + * + * TX Obligations: + * _Acknowledged_ receipt of a STOP_SENDING frame by the + * peer (unless the peer's send part has already FIN'd). + * + * RESET_STREAM + * + * We cannot delete the stream until we have finished informing + * the peer that we are not going to be transmitting on it + * anymore. + * + * RX Obligations: + * This indicates the peer is not going to send any more + * data on the stream. We don't need to care about this + * since once a stream is marked for deletion we don't care + * about any data it does send. We can ignore this for + * deleted streams. The important criterion is that the + * peer has been successfully delivered our STOP_SENDING + * frame. + * + * TX Obligations: + * _Acknowledged_ receipt of a RESET_STREAM frame or FIN by + * the peer. + * + * MAX_STREAM_DATA + * + * RX Obligations: + * Ignore. Since we are not going to be sending any more + * data on a stream once it has been marked for deletion, + * we don't need to care about flow control information. + * + * TX Obligations: + * None. + * + * In other words, our protocol obligation is simply: + * + * - either: + * - the peer has acknowledged receipt of a STOP_SENDING frame sent + * by us; -or- + * - we have received a FIN and all preceding segments from the peer + * + * [NOTE: The actual criterion required here is simply 'we have + * received a FIN from the peer'. However, due to reordering and + * retransmissions we might subsequently receive non-FIN segments + * out of order. The FIN means we know the peer will stop + * transmitting on the stream at *some* point, but by sending + * STOP_SENDING we can avoid these needless retransmissions we + * will just ignore anyway. In actuality we could just handle all + * cases by sending a STOP_SENDING. The strategy we choose is to + * only avoid sending a STOP_SENDING and rely on a received FIN + * when we have received all preceding data, as this makes it + * reasonably certain no benefit would be gained by sending + * STOP_SENDING.] + * + * TODO(QUIC FUTURE): Implement the latter case (currently we + just always do STOP_SENDING). + * + * and; + * + * - we have drained our send stream (for a finished send stream) + * and got acknowledgement all parts of it including the FIN, or + * sent a RESET_STREAM frame and got acknowledgement of that frame. + * + * Once these conditions are met, we can GC the QUIC_STREAM. + * + */ + unsigned int deleted : 1; + /* Set to 1 once the above conditions are actually met. */ + unsigned int ready_for_gc : 1; + /* Set to 1 if this is currently counted in the shutdown flush stream count. */ + unsigned int shutdown_flush : 1; +}; + +#define QUIC_STREAM_INITIATOR_CLIENT 0 +#define QUIC_STREAM_INITIATOR_SERVER 1 +#define QUIC_STREAM_INITIATOR_MASK 1 + +#define QUIC_STREAM_DIR_BIDI 0 +#define QUIC_STREAM_DIR_UNI 2 +#define QUIC_STREAM_DIR_MASK 2 + +void ossl_quic_stream_check(const QUIC_STREAM *s); + +/* + * Returns 1 if the QUIC_STREAM was initiated by the endpoint with the server + * role. + */ +static ossl_inline ossl_unused int ossl_quic_stream_is_server_init(const QUIC_STREAM *s) +{ + return (s->type & QUIC_STREAM_INITIATOR_MASK) == QUIC_STREAM_INITIATOR_SERVER; +} + +/* + * Returns 1 if the QUIC_STREAM is bidirectional and 0 if it is unidirectional. + */ +static ossl_inline ossl_unused int ossl_quic_stream_is_bidi(const QUIC_STREAM *s) +{ + return (s->type & QUIC_STREAM_DIR_MASK) == QUIC_STREAM_DIR_BIDI; +} + +/* Returns 1 if the QUIC_STREAM was locally initiated. */ +static ossl_inline ossl_unused int ossl_quic_stream_is_local_init(const QUIC_STREAM *s) +{ + return ossl_quic_stream_is_server_init(s) == s->as_server; +} + +/* + * Returns 1 if the QUIC_STREAM has a sending part, based on its stream type. + * + * Do NOT use (s->sstream != NULL) to test this; use this function. Note that + * even if this function returns 1, s->sstream might be NULL if the QUIC_SSTREAM + * has been deemed no longer needed, for example due to a RESET_STREAM. + */ +static ossl_inline ossl_unused int ossl_quic_stream_has_send(const QUIC_STREAM *s) +{ + return s->send_state != QUIC_SSTREAM_STATE_NONE; +} + +/* + * Returns 1 if the QUIC_STREAM has a receiving part, based on its stream type. + * + * Do NOT use (s->rstream != NULL) to test this; use this function. Note that + * even if this function returns 1, s->rstream might be NULL if the QUIC_RSTREAM + * has been deemed no longer needed, for example if the receive stream is + * completely finished with. + */ +static ossl_inline ossl_unused int ossl_quic_stream_has_recv(const QUIC_STREAM *s) +{ + return s->recv_state != QUIC_RSTREAM_STATE_NONE; +} + +/* + * Returns 1 if the QUIC_STREAM has a QUIC_SSTREAM send buffer associated with + * it. If this returns 1, s->sstream is guaranteed to be non-NULL. The converse + * is not necessarily true; erasure of a send stream buffer which is no longer + * required is an optimisation which the QSM may, but is not obliged, to + * perform. + * + * This call should be used where it is desired to do something with the send + * stream buffer but there is no more specific send state restriction which is + * applicable. + * + * Note: This does NOT indicate whether it is suitable to allow an application + * to append to the buffer. DATA_SENT indicates all data (including FIN) has + * been *sent*; the absence of DATA_SENT does not mean a FIN has not been queued + * (meaning no more application data can be appended). This is enforced by + * QUIC_SSTREAM. + */ +static ossl_inline ossl_unused int ossl_quic_stream_has_send_buffer(const QUIC_STREAM *s) +{ + switch (s->send_state) { + case QUIC_SSTREAM_STATE_READY: + case QUIC_SSTREAM_STATE_SEND: + case QUIC_SSTREAM_STATE_DATA_SENT: + return 1; + default: + return 0; + } +} + +/* + * Returns 1 if the QUIC_STREAM has a sending part which is in one of the reset + * states. + */ +static ossl_inline ossl_unused int ossl_quic_stream_send_is_reset(const QUIC_STREAM *s) +{ + return s->send_state == QUIC_SSTREAM_STATE_RESET_SENT + || s->send_state == QUIC_SSTREAM_STATE_RESET_RECVD; +} + +/* + * Returns 1 if the QUIC_STREAM has a QUIC_RSTREAM receive buffer associated + * with it. If this returns 1, s->rstream is guaranteed to be non-NULL. The + * converse is not necessarily true; erasure of a receive stream buffer which is + * no longer required is an optimisation which the QSM may, but is not obliged, + * to perform. + * + * This call should be used where it is desired to do something with the receive + * stream buffer but there is no more specific receive state restriction which is + * applicable. + */ +static ossl_inline ossl_unused int ossl_quic_stream_has_recv_buffer(const QUIC_STREAM *s) +{ + switch (s->recv_state) { + case QUIC_RSTREAM_STATE_RECV: + case QUIC_RSTREAM_STATE_SIZE_KNOWN: + case QUIC_RSTREAM_STATE_DATA_RECVD: + return 1; + default: + return 0; + } +} + +/* + * Returns 1 if the QUIC_STREAM has a receiving part which is in one of the + * reset states. + */ +static ossl_inline ossl_unused int ossl_quic_stream_recv_is_reset(const QUIC_STREAM *s) +{ + return s->recv_state == QUIC_RSTREAM_STATE_RESET_RECVD + || s->recv_state == QUIC_RSTREAM_STATE_RESET_READ; +} + +/* + * Returns 1 if the stream has a send part and that part has a final size. + * + * If final_size is non-NULL, *final_size is the final size (on success) or an + * undefined value otherwise. + */ +static ossl_inline ossl_unused int ossl_quic_stream_send_get_final_size(const QUIC_STREAM *s, + uint64_t *final_size) +{ + switch (s->send_state) { + default: + case QUIC_SSTREAM_STATE_NONE: + return 0; + case QUIC_SSTREAM_STATE_SEND: + /* + * SEND may or may not have had a FIN - even if we have a FIN we do not + * move to DATA_SENT until we have actually sent all the data. So + * ask the QUIC_SSTREAM. + */ + return ossl_quic_sstream_get_final_size(s->sstream, final_size); + case QUIC_SSTREAM_STATE_DATA_SENT: + case QUIC_SSTREAM_STATE_DATA_RECVD: + case QUIC_SSTREAM_STATE_RESET_SENT: + case QUIC_SSTREAM_STATE_RESET_RECVD: + if (final_size != NULL) + *final_size = s->send_final_size; + return 1; + } +} + +/* + * Returns 1 if the stream has a receive part and that part has a final size. + * + * If final_size is non-NULL, *final_size is the final size (on success) or an + * undefined value otherwise. + */ +static ossl_inline ossl_unused int ossl_quic_stream_recv_get_final_size(const QUIC_STREAM *s, + uint64_t *final_size) +{ + switch (s->recv_state) { + default: + case QUIC_RSTREAM_STATE_NONE: + case QUIC_RSTREAM_STATE_RECV: + return 0; + + case QUIC_RSTREAM_STATE_SIZE_KNOWN: + case QUIC_RSTREAM_STATE_DATA_RECVD: + case QUIC_RSTREAM_STATE_DATA_READ: + case QUIC_RSTREAM_STATE_RESET_RECVD: + case QUIC_RSTREAM_STATE_RESET_READ: + if (!ossl_assert(ossl_quic_rxfc_get_final_size(&s->rxfc, final_size))) + return 0; + + return 1; + } +} + +/* + * QUIC Stream Map + * =============== + * + * The QUIC stream map: + * + * - maps stream IDs to QUIC_STREAM objects; + * - tracks which streams are 'active' (currently have data for transmission); + * - allows iteration over the active streams only. + * + */ +typedef struct quic_stream_map_st { + LHASH_OF(QUIC_STREAM) *map; + QUIC_STREAM_LIST_NODE active_list; + QUIC_STREAM_LIST_NODE accept_list; + QUIC_STREAM_LIST_NODE ready_for_gc_list; + size_t rr_stepping, rr_counter; + size_t num_accept, num_shutdown_flush; + QUIC_STREAM *rr_cur; + uint64_t (*get_stream_limit_cb)(int uni, void *arg); + void *get_stream_limit_cb_arg; + QUIC_RXFC *max_streams_bidi_rxfc; + QUIC_RXFC *max_streams_uni_rxfc; + int is_server; +} QUIC_STREAM_MAP; + +/* + * get_stream_limit is a callback which is called to retrieve the current stream + * limit for streams created by us. This mechanism is not used for + * peer-initiated streams. If a stream's stream ID is x, a stream is allowed if + * (x >> 2) < returned limit value; i.e., the returned value is exclusive. + * + * If uni is 1, get the limit for locally-initiated unidirectional streams, else + * get the limit for locally-initiated bidirectional streams. + * + * If the callback is NULL, stream limiting is not applied. + * Stream limiting is used to determine if frames can currently be produced for + * a stream. + */ +int ossl_quic_stream_map_init(QUIC_STREAM_MAP *qsm, + uint64_t (*get_stream_limit_cb)(int uni, void *arg), + void *get_stream_limit_cb_arg, + QUIC_RXFC *max_streams_bidi_rxfc, + QUIC_RXFC *max_streams_uni_rxfc, + int is_server); + +/* + * Any streams still in the map will be released as though + * ossl_quic_stream_map_release was called on them. + */ +void ossl_quic_stream_map_cleanup(QUIC_STREAM_MAP *qsm); + +/* + * Allocate a new stream. type is a combination of one QUIC_STREAM_INITIATOR_* + * value and one QUIC_STREAM_DIR_* value. Note that clients can e.g. allocate + * server-initiated streams as they will need to allocate a QUIC_STREAM + * structure to track any stream created by the server, etc. + * + * stream_id must be a valid value. Returns NULL if a stream already exists + * with the given ID. + */ +QUIC_STREAM *ossl_quic_stream_map_alloc(QUIC_STREAM_MAP *qsm, + uint64_t stream_id, + int type); + +/* + * Releases a stream object. Note that this must only be done once the teardown + * process is entirely complete and the object will never be referenced again. + */ +void ossl_quic_stream_map_release(QUIC_STREAM_MAP *qsm, QUIC_STREAM *stream); + +/* + * Calls visit_cb() for each stream in the map. visit_cb_arg is an opaque + * argument which is passed through. + */ +void ossl_quic_stream_map_visit(QUIC_STREAM_MAP *qsm, + void (*visit_cb)(QUIC_STREAM *stream, void *arg), + void *visit_cb_arg); + +/* + * Retrieves a stream by stream ID. Returns NULL if it does not exist. + */ +QUIC_STREAM *ossl_quic_stream_map_get_by_id(QUIC_STREAM_MAP *qsm, + uint64_t stream_id); + +/* + * Marks the given stream as active or inactive based on its state. Idempotent. + * + * When a stream is marked active, it becomes available in the iteration list, + * and when a stream is marked inactive, it no longer appears in the iteration + * list. + * + * Calling this function invalidates any iterator currently pointing at the + * given stream object, but iterators not currently pointing at the given stream + * object are not invalidated. + */ +void ossl_quic_stream_map_update_state(QUIC_STREAM_MAP *qsm, QUIC_STREAM *s); + +/* + * Sets the RR stepping value, n. The RR rotation will be advanced every n + * packets. The default value is 1. + */ +void ossl_quic_stream_map_set_rr_stepping(QUIC_STREAM_MAP *qsm, size_t stepping); + +/* + * Returns 1 if the stream ordinal given is allowed by the current stream count + * flow control limit, assuming a locally initiated stream of a type described + * by is_uni. + * + * Note that stream_ordinal is a stream ordinal, not a stream ID. + */ +int ossl_quic_stream_map_is_local_allowed_by_stream_limit(QUIC_STREAM_MAP *qsm, + uint64_t stream_ordinal, + int is_uni); + +/* + * Stream Send Part + * ================ + */ + +/* + * Ensures that the sending part has transitioned out of the READY state (i.e., + * to SEND, or a subsequent state). This function is named as it is because, + * while on paper the distinction between READY and SEND is whether we have + * started transmitting application data, in practice the meaningful distinction + * between the two states is whether we have allocated a stream ID to the stream + * or not. QUIC permits us to defer stream ID allocation until first STREAM (or + * STREAM_DATA_BLOCKED) frame transmission for locally-initiated streams. + * + * Our implementation does not currently do this and we allocate stream IDs up + * front, however we may revisit this in the future. Calling this represents a + * demand for a stream ID by the caller and ensures one has been allocated to + * the stream, and causes us to transition to SEND if we are still in the READY + * state. + * + * Returns 0 if there is no send part (caller error) and 1 otherwise. + */ +int ossl_quic_stream_map_ensure_send_part_id(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + +/* + * Transitions from SEND to the DATA_SENT state. Note that this is NOT the same + * as the point in time at which the final size of the stream becomes known + * (i.e., the time at which ossl_quic_sstream_fin()) is called as it occurs when + * we have SENT all data on a given stream send part, not merely buffered it. + * Note that this transition is NOT reversed in the event of some of that data + * being lost. + * + * Returns 1 if the state transition was successfully taken. Returns 0 if there + * is no send part (caller error) or if the state transition cannot be taken + * because the send part is not in the SEND state. + */ +int ossl_quic_stream_map_notify_all_data_sent(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + +/* + * Transitions from the DATA_SENT to DATA_RECVD state; should be called + * when all transmitted stream data is ACKed by the peer. + * + * Returns 1 if the state transition was successfully taken. Returns 0 if there + * is no send part (caller error) or the state transition cannot be taken + * because the send part is not in the DATA_SENT state. Because + * ossl_quic_stream_map_notify_all_data_sent() should always be called prior to + * this function, the send state must already be in DATA_SENT in order for this + * function to succeed. + */ +int ossl_quic_stream_map_notify_totally_acked(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + +/* + * Resets the sending part of a stream. This is a transition from the READY, + * SEND or DATA_SENT send stream states to the RESET_SENT state. + * + * This function returns 1 if the transition is taken (i.e., if the send stream + * part was in one of the states above), or if it is already in the RESET_SENT + * state (idempotent operation), or if it has reached the RESET_RECVD state. + * + * It returns 0 if in the DATA_RECVD state, as a send stream cannot be reset + * in this state. It also returns 0 if there is no send part (caller error). + */ +int ossl_quic_stream_map_reset_stream_send_part(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs, + uint64_t aec); + +/* + * Transitions from the RESET_SENT to the RESET_RECVD state. This should be + * called when a sent RESET_STREAM frame has been acknowledged by the peer. + * + * This function returns 1 if the transition is taken (i.e., if the send stream + * part was in one of the states above) or if it is already in the RESET_RECVD + * state (idempotent operation). + * + * It returns 0 if not in the RESET_SENT or RESET_RECVD states, as this function + * should only be called after we have already sent a RESET_STREAM frame and + * entered the RESET_SENT state. It also returns 0 if there is no send part + * (caller error). + */ +int ossl_quic_stream_map_notify_reset_stream_acked(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + + +/* + * Stream Receive Part + * =================== + */ + +/* + * Transitions from the RECV receive stream state to the SIZE_KNOWN state. This + * should be called once a STREAM frame is received for the stream with the FIN + * bit set. final_size should be the final size of the stream in bytes. + * + * Returns 1 if the transition was taken. + */ +int ossl_quic_stream_map_notify_size_known_recv_part(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs, + uint64_t final_size); + +/* + * Transitions from the SIZE_KNOWN receive stream state to the DATA_RECVD state. + * This should be called once all data for a receive stream is received. + * + * Returns 1 if the transition was taken. + */ +int ossl_quic_stream_map_notify_totally_received(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + +/* + * Transitions from the DATA_RECVD receive stream state to the DATA_READ state. + * This should be called once all data for a receive stream is read by the + * application. + * + * Returns 1 if the transition was taken. + */ +int ossl_quic_stream_map_notify_totally_read(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + +/* + * Transitions from the RECV, SIZE_KNOWN or DATA_RECVD receive stream state to + * the RESET_RECVD state. This should be called on RESET_STREAM. + * + * Returns 1 if the transition was taken. + */ +int ossl_quic_stream_map_notify_reset_recv_part(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs, + uint64_t app_error_code, + uint64_t final_size); + +/* + * Transitions from the RESET_RECVD receive stream state to the RESET_READ + * receive stream state. This should be called when the application is notified + * of a stream reset. + */ +int ossl_quic_stream_map_notify_app_read_reset_recv_part(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + +/* + * Marks the receiving part of a stream for STOP_SENDING. This is orthogonal to + * receive stream state as it does not affect it directly. + * + * Returns 1 if the receiving part of a stream was not already marked for + * STOP_SENDING. + * Returns 0 otherwise, which need not be considered an error. + */ +int ossl_quic_stream_map_stop_sending_recv_part(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs, + uint64_t aec); + +/* + * Marks the stream as wanting a STOP_SENDING frame transmitted. It is not valid + * to call this if ossl_quic_stream_map_stop_sending_recv_part() has not been + * called. For TXP use. + */ +int ossl_quic_stream_map_schedule_stop_sending(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + + +/* + * Accept Queue Management + * ======================= + */ + +/* + * Adds a stream to the accept queue. + */ +void ossl_quic_stream_map_push_accept_queue(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *s); + +/* + * Returns the next item to be popped from the accept queue, or NULL if it is + * empty. + */ +QUIC_STREAM *ossl_quic_stream_map_peek_accept_queue(QUIC_STREAM_MAP *qsm); + +/* + * Removes a stream from the accept queue. rtt is the estimated connection RTT. + * The stream is retired for the purposes of MAX_STREAMS RXFC. + * + * Precondition: s is in the accept queue. + */ +void ossl_quic_stream_map_remove_from_accept_queue(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *s, + OSSL_TIME rtt); + +/* Returns the length of the accept queue. */ +size_t ossl_quic_stream_map_get_accept_queue_len(QUIC_STREAM_MAP *qsm); + +/* + * Shutdown Flush and GC + * ===================== + */ + +/* + * Delete streams ready for GC. Pointers to those QUIC_STREAM objects become + * invalid. + */ +void ossl_quic_stream_map_gc(QUIC_STREAM_MAP *qsm); + +/* + * Begins shutdown stream flush triage. Analyses all streams, including deleted + * but not yet GC'd streams, to determine if we should wait for that stream to + * be fully flushed before shutdown. After calling this, call + * ossl_quic_stream_map_is_shutdown_flush_finished() to determine if all + * shutdown flush eligible streams have been flushed. + */ +void ossl_quic_stream_map_begin_shutdown_flush(QUIC_STREAM_MAP *qsm); + +/* + * Returns 1 if all shutdown flush eligible streams have finished flushing, + * or if ossl_quic_stream_map_begin_shutdown_flush() has not been called. + */ +int ossl_quic_stream_map_is_shutdown_flush_finished(QUIC_STREAM_MAP *qsm); + +/* + * QUIC Stream Iterator + * ==================== + * + * Allows the current set of active streams to be walked using a RR-based + * algorithm. Each time ossl_quic_stream_iter_init is called, the RR algorithm + * is stepped. The RR algorithm rotates the iteration order such that the next + * active stream is returned first after n calls to ossl_quic_stream_iter_init, + * where n is the stepping value configured via + * ossl_quic_stream_map_set_rr_stepping. + * + * Suppose there are three active streams and the configured stepping is n: + * + * Iteration 0n: [Stream 1] [Stream 2] [Stream 3] + * Iteration 1n: [Stream 2] [Stream 3] [Stream 1] + * Iteration 2n: [Stream 3] [Stream 1] [Stream 2] + * + */ +typedef struct quic_stream_iter_st { + QUIC_STREAM_MAP *qsm; + QUIC_STREAM *first_stream, *stream; +} QUIC_STREAM_ITER; + +/* + * Initialise an iterator, advancing the RR algorithm as necessary (if + * advance_rr is 1). After calling this, it->stream will be the first stream in + * the iteration sequence, or NULL if there are no active streams. + */ +void ossl_quic_stream_iter_init(QUIC_STREAM_ITER *it, QUIC_STREAM_MAP *qsm, + int advance_rr); + +/* + * Advances to next stream in iteration sequence. You do not need to call this + * immediately after calling ossl_quic_stream_iter_init(). If the end of the + * list is reached, it->stream will be NULL after calling this. + */ +void ossl_quic_stream_iter_next(QUIC_STREAM_ITER *it); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_thread_assist.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_thread_assist.h new file mode 100644 index 00000000..592c2ffa --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_thread_assist.h @@ -0,0 +1,102 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_THREAD_ASSIST_H +# define OSSL_QUIC_THREAD_ASSIST_H + +# include +# include "internal/thread.h" +# include "internal/time.h" + +# if defined(OPENSSL_NO_QUIC) || defined(OPENSSL_NO_THREAD_POOL) +# define OPENSSL_NO_QUIC_THREAD_ASSIST +# endif + +# ifndef OPENSSL_NO_QUIC_THREAD_ASSIST + +/* + * QUIC Thread Assisted Functionality + * ================================== + * + * Where OS threading support is available, QUIC can optionally support a thread + * assisted mode of operation. The purpose of this mode of operation is to + * ensure that assorted timeout events which QUIC expects to be handled in a + * timely manner can be handled without the application needing to ensure that + * SSL_tick() is called on time. This is not needed if the application always + * has a call blocking to SSL_read() or SSL_write() (or another I/O function) on + * a QUIC SSL object, but if the application goes for long periods of time + * without making any such call to a QUIC SSL object, libssl cannot ordinarily + * guarantee that QUIC timeout events will be serviced in a timely fashion. + * Thread assisted mode is therefore of use to applications which do not always + * have an ongoing call to an I/O function on a QUIC SSL object but also do not + * want to have to arrange periodic ticking. + * + * A consequence of this is that the intrusiveness of thread assisted mode upon + * the general architecture of our QUIC engine is actually fairly limited and + * amounts to an automatic ticking of the QUIC engine when timeouts expire, + * synchronised correctly with an application's own threads using locking. + */ +typedef struct quic_thread_assist_st { + QUIC_CHANNEL *ch; + CRYPTO_CONDVAR *cv; + CRYPTO_THREAD *t; + int teardown, joined; + OSSL_TIME (*now_cb)(void *arg); + void *now_cb_arg; +} QUIC_THREAD_ASSIST; + +/* + * Initialise the thread assist object. The channel must have a valid mutex + * configured on it which will be retrieved automatically. It is assumed that + * the mutex is currently held when this function is called. This function does + * not affect the state of the mutex. + */ +int ossl_quic_thread_assist_init_start(QUIC_THREAD_ASSIST *qta, + QUIC_CHANNEL *ch, + OSSL_TIME (*now_cb)(void *arg), + void *now_cb_arg); + +/* + * Request the thread assist helper to begin stopping the assist thread. This + * returns before the teardown is complete. Idempotent; multiple calls to this + * function are inconsequential. + * + * Precondition: channel mutex must be held (unchecked) + */ +int ossl_quic_thread_assist_stop_async(QUIC_THREAD_ASSIST *qta); + +/* + * Wait until the thread assist helper is torn down. This automatically implies + * the effects of ossl_quic_thread_assist_stop_async(). Returns immediately + * if the teardown has already completed. + * + * Precondition: channel mutex must be held (unchecked) + */ +int ossl_quic_thread_assist_wait_stopped(QUIC_THREAD_ASSIST *qta); + +/* + * Deallocates state associated with the thread assist helper. + * ossl_quic_thread_assist_wait_stopped() must have returned successfully before + * calling this. It does not matter whether the channel mutex is held or not. + * + * Precondition: ossl_quic_thread_assist_wait_stopped() has returned 1 + * (asserted) + */ +int ossl_quic_thread_assist_cleanup(QUIC_THREAD_ASSIST *qta); + +/* + * Must be called to notify the assist thread if the channel deadline changes. + * + * Precondition: channel mutex must be held (unchecked) + */ +int ossl_quic_thread_assist_notify_deadline_changed(QUIC_THREAD_ASSIST *qta); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_tls.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_tls.h new file mode 100644 index 00000000..0e4a9d33 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_tls.h @@ -0,0 +1,106 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_TLS_H +# define OSSL_QUIC_TLS_H + +# include +# include "internal/quic_stream.h" + + +typedef struct quic_tls_st QUIC_TLS; + +typedef struct quic_tls_args_st { + /* + * The "inner" SSL object for the QUIC Connection. Contains an + * SSL_CONNECTION + */ + SSL *s; + + /* + * Called to send data on the crypto stream. We use a callback rather than + * passing the crypto stream QUIC_SSTREAM directly because this lets the CSM + * dynamically select the correct outgoing crypto stream based on the + * current EL. + */ + int (*crypto_send_cb)(const unsigned char *buf, size_t buf_len, + size_t *consumed, void *arg); + void *crypto_send_cb_arg; + + /* + * Call to receive crypto stream data. A pointer to the underlying buffer + * is provided, and subsequently released to avoid unnecessary copying of + * data. + */ + int (*crypto_recv_rcd_cb)(const unsigned char **buf, size_t *bytes_read, + void *arg); + void *crypto_recv_rcd_cb_arg; + int (*crypto_release_rcd_cb)(size_t bytes_read, void *arg); + void *crypto_release_rcd_cb_arg; + + + /* Called when a traffic secret is available for a given encryption level. */ + int (*yield_secret_cb)(uint32_t enc_level, int direction /* 0=RX, 1=TX */, + uint32_t suite_id, EVP_MD *md, + const unsigned char *secret, size_t secret_len, + void *arg); + void *yield_secret_cb_arg; + + /* + * Called when we receive transport parameters from the peer. + * + * Note: These parameters are not authenticated until the handshake is + * marked as completed. + */ + int (*got_transport_params_cb)(const unsigned char *params, + size_t params_len, + void *arg); + void *got_transport_params_cb_arg; + + /* + * Called when the handshake has been completed as far as the handshake + * protocol is concerned, meaning that the connection has been + * authenticated. + */ + int (*handshake_complete_cb)(void *arg); + void *handshake_complete_cb_arg; + + /* + * Called when something has gone wrong with the connection as far as the + * handshake layer is concerned, meaning that it should be immediately torn + * down. Note that this may happen at any time, including after a connection + * has been fully established. + */ + int (*alert_cb)(void *arg, unsigned char alert_code); + void *alert_cb_arg; + + /* Set to 1 if we are running in the server role. */ + int is_server; +} QUIC_TLS_ARGS; + +QUIC_TLS *ossl_quic_tls_new(const QUIC_TLS_ARGS *args); + +void ossl_quic_tls_free(QUIC_TLS *qtls); + +/* Advance the state machine */ +int ossl_quic_tls_tick(QUIC_TLS *qtls); + +int ossl_quic_tls_set_transport_params(QUIC_TLS *qtls, + const unsigned char *transport_params, + size_t transport_params_len); + +int ossl_quic_tls_get_error(QUIC_TLS *qtls, + uint64_t *error_code, + const char **error_msg, + ERR_STATE **error_state); + +int ossl_quic_tls_is_cert_request(QUIC_TLS *qtls); +int ossl_quic_tls_has_bad_max_early_data(QUIC_TLS *qtls); + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_tserver.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_tserver.h new file mode 100644 index 00000000..4f358dd4 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_tserver.h @@ -0,0 +1,220 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_TSERVER_H +# define OSSL_QUIC_TSERVER_H + +# include +# include +# include "internal/quic_stream.h" +# include "internal/quic_channel.h" +# include "internal/statem.h" +# include "internal/time.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Test Server Module + * ======================= + * + * This implements a QUIC test server. Since full QUIC server support is not yet + * implemented this server is limited in features and scope. It exists to + * provide a target for our QUIC client to talk to for testing purposes. + * + * A given QUIC test server instance supports only one client at a time. + * + * Note that this test server is not suitable for production use because it does + * not implement address verification, anti-amplification or retry logic. + */ +typedef struct quic_tserver_st QUIC_TSERVER; + +typedef struct quic_tserver_args_st { + OSSL_LIB_CTX *libctx; + const char *propq; + SSL_CTX *ctx; + BIO *net_rbio, *net_wbio; + OSSL_TIME (*now_cb)(void *arg); + void *now_cb_arg; + const unsigned char *alpn; + size_t alpnlen; +} QUIC_TSERVER_ARGS; + +QUIC_TSERVER *ossl_quic_tserver_new(const QUIC_TSERVER_ARGS *args, + const char *certfile, const char *keyfile); + +void ossl_quic_tserver_free(QUIC_TSERVER *srv); + +/* Set mutator callbacks for test framework support */ +int ossl_quic_tserver_set_plain_packet_mutator(QUIC_TSERVER *srv, + ossl_mutate_packet_cb mutatecb, + ossl_finish_mutate_cb finishmutatecb, + void *mutatearg); + +int ossl_quic_tserver_set_handshake_mutator(QUIC_TSERVER *srv, + ossl_statem_mutate_handshake_cb mutate_handshake_cb, + ossl_statem_finish_mutate_handshake_cb finish_mutate_handshake_cb, + void *mutatearg); + +/* Advances the state machine. */ +int ossl_quic_tserver_tick(QUIC_TSERVER *srv); + +/* Returns 1 if we have a (non-terminated) client. */ +int ossl_quic_tserver_is_connected(QUIC_TSERVER *srv); + +/* + * Returns 1 if we have finished the TLS handshake + */ +int ossl_quic_tserver_is_handshake_confirmed(const QUIC_TSERVER *srv); + +/* Returns 1 if the server is in any terminating or terminated state */ +int ossl_quic_tserver_is_term_any(const QUIC_TSERVER *srv); + +const QUIC_TERMINATE_CAUSE * +ossl_quic_tserver_get_terminate_cause(const QUIC_TSERVER *srv); + +/* Returns 1 if the server is in a terminated state */ +int ossl_quic_tserver_is_terminated(const QUIC_TSERVER *srv); + +/* + * Attempts to read from stream 0. Writes the number of bytes read to + * *bytes_read and returns 1 on success. If no bytes are available, 0 is written + * to *bytes_read and 1 is returned (this is considered a success case). + * + * Returns 0 if connection is not currently active. If the receive part of + * the stream has reached the end of stream condition, returns 0; call + * ossl_quic_tserver_has_read_ended() to identify this condition. + */ +int ossl_quic_tserver_read(QUIC_TSERVER *srv, + uint64_t stream_id, + unsigned char *buf, + size_t buf_len, + size_t *bytes_read); + +/* + * Returns 1 if the read part of the stream has ended normally. + */ +int ossl_quic_tserver_has_read_ended(QUIC_TSERVER *srv, uint64_t stream_id); + +/* + * Attempts to write to the given stream. Writes the number of bytes consumed to + * *bytes_written and returns 1 on success. If there is no space currently + * available to write any bytes, 0 is written to *consumed and 1 is returned + * (this is considered a success case). + * + * Note that unlike libssl public APIs, this API always works in a 'partial + * write' mode. + * + * Returns 0 if connection is not currently active. + */ +int ossl_quic_tserver_write(QUIC_TSERVER *srv, + uint64_t stream_id, + const unsigned char *buf, + size_t buf_len, + size_t *bytes_written); + +/* + * Signals normal end of the stream. + */ +int ossl_quic_tserver_conclude(QUIC_TSERVER *srv, uint64_t stream_id); + +/* + * Create a server-initiated stream. The stream ID of the newly + * created stream is written to *stream_id. + */ +int ossl_quic_tserver_stream_new(QUIC_TSERVER *srv, + int is_uni, + uint64_t *stream_id); + +BIO *ossl_quic_tserver_get0_rbio(QUIC_TSERVER *srv); + +SSL_CTX *ossl_quic_tserver_get0_ssl_ctx(QUIC_TSERVER *srv); + +/* + * Returns 1 if the peer has sent a STOP_SENDING frame for a stream. + * app_error_code is written if this returns 1. + */ +int ossl_quic_tserver_stream_has_peer_stop_sending(QUIC_TSERVER *srv, + uint64_t stream_id, + uint64_t *app_error_code); + +/* + * Returns 1 if the peer has sent a RESET_STREAM frame for a stream. + * app_error_code is written if this returns 1. + */ +int ossl_quic_tserver_stream_has_peer_reset_stream(QUIC_TSERVER *srv, + uint64_t stream_id, + uint64_t *app_error_code); + +/* + * Replaces existing local connection ID in the underlying QUIC_CHANNEL. + */ +int ossl_quic_tserver_set_new_local_cid(QUIC_TSERVER *srv, + const QUIC_CONN_ID *conn_id); + +/* + * Returns the stream ID of the next incoming stream, or UINT64_MAX if there + * currently is none. + */ +uint64_t ossl_quic_tserver_pop_incoming_stream(QUIC_TSERVER *srv); + +/* + * Returns 1 if all data sent on the given stream_id has been acked by the peer. + */ +int ossl_quic_tserver_is_stream_totally_acked(QUIC_TSERVER *srv, + uint64_t stream_id); + +/* Returns 1 if we are currently interested in reading data from the network */ +int ossl_quic_tserver_get_net_read_desired(QUIC_TSERVER *srv); + +/* Returns 1 if we are currently interested in writing data to the network */ +int ossl_quic_tserver_get_net_write_desired(QUIC_TSERVER *srv); + +/* Returns the next event deadline */ +OSSL_TIME ossl_quic_tserver_get_deadline(QUIC_TSERVER *srv); + +/* + * Shutdown the QUIC connection. Returns 1 if the connection is terminated and + * 0 otherwise. + */ +int ossl_quic_tserver_shutdown(QUIC_TSERVER *srv, uint64_t app_error_code); + +/* Force generation of an ACK-eliciting packet. */ +int ossl_quic_tserver_ping(QUIC_TSERVER *srv); + +/* Set tracing callback on channel. */ +void ossl_quic_tserver_set_msg_callback(QUIC_TSERVER *srv, + void (*f)(int write_p, int version, + int content_type, + const void *buf, size_t len, + SSL *ssl, void *arg), + void *arg); + +/* + * This is similar to ossl_quic_conn_get_channel; it should be used for test + * instrumentation only and not to bypass QUIC_TSERVER for 'normal' operations. + */ +QUIC_CHANNEL *ossl_quic_tserver_get_channel(QUIC_TSERVER *srv); + +/* Send a TLS new session ticket */ +int ossl_quic_tserver_new_ticket(QUIC_TSERVER *srv); + +/* + * Set the max_early_data value to be sent in NewSessionTickets. Only the + * values 0 and 0xffffffff are valid for use in QUIC. + */ +int ossl_quic_tserver_set_max_early_data(QUIC_TSERVER *srv, + uint32_t max_early_data); + +/* Set the find session callback for getting a server PSK */ +void ossl_quic_tserver_set_psk_find_session_cb(QUIC_TSERVER *srv, + SSL_psk_find_session_cb_func cb); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_txp.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_txp.h new file mode 100644 index 00000000..ae508f23 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_txp.h @@ -0,0 +1,209 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_TXP_H +# define OSSL_QUIC_TXP_H + +# include +# include "internal/quic_types.h" +# include "internal/quic_record_tx.h" +# include "internal/quic_cfq.h" +# include "internal/quic_txpim.h" +# include "internal/quic_stream.h" +# include "internal/quic_stream_map.h" +# include "internal/quic_fc.h" +# include "internal/bio_addr.h" +# include "internal/time.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC TX Packetiser + * ================== + */ +typedef struct ossl_quic_tx_packetiser_args_st { + /* Configuration Settings */ + QUIC_CONN_ID cur_scid; /* Current Source Connection ID we use. */ + QUIC_CONN_ID cur_dcid; /* Current Destination Connection ID we use. */ + BIO_ADDR peer; /* Current destination L4 address we use. */ + uint32_t ack_delay_exponent; /* ACK delay exponent used when encoding. */ + + /* Injected Dependencies */ + OSSL_QTX *qtx; /* QUIC Record Layer TX we are using */ + QUIC_TXPIM *txpim; /* QUIC TX'd Packet Information Manager */ + QUIC_CFQ *cfq; /* QUIC Control Frame Queue */ + OSSL_ACKM *ackm; /* QUIC Acknowledgement Manager */ + QUIC_STREAM_MAP *qsm; /* QUIC Streams Map */ + QUIC_TXFC *conn_txfc; /* QUIC Connection-Level TX Flow Controller */ + QUIC_RXFC *conn_rxfc; /* QUIC Connection-Level RX Flow Controller */ + QUIC_RXFC *max_streams_bidi_rxfc; /* QUIC RXFC for MAX_STREAMS generation */ + QUIC_RXFC *max_streams_uni_rxfc; + const OSSL_CC_METHOD *cc_method; /* QUIC Congestion Controller */ + OSSL_CC_DATA *cc_data; /* QUIC Congestion Controller Instance */ + OSSL_TIME (*now)(void *arg); /* Callback to get current time. */ + void *now_arg; + + /* + * Injected dependencies - crypto streams. + * + * Note: There is no crypto stream for the 0-RTT EL. + * crypto[QUIC_PN_SPACE_APP] is the 1-RTT crypto stream. + */ + QUIC_SSTREAM *crypto[QUIC_PN_SPACE_NUM]; + + } OSSL_QUIC_TX_PACKETISER_ARGS; + +typedef struct ossl_quic_tx_packetiser_st OSSL_QUIC_TX_PACKETISER; + +OSSL_QUIC_TX_PACKETISER *ossl_quic_tx_packetiser_new(const OSSL_QUIC_TX_PACKETISER_ARGS *args); + +typedef void (ossl_quic_initial_token_free_fn)(const unsigned char *buf, + size_t buf_len, void *arg); + +void ossl_quic_tx_packetiser_free(OSSL_QUIC_TX_PACKETISER *txp); + +/* + * When in the closing state we need to maintain a count of received bytes + * so that we can limit the number of close connection frames we send. + * Refer RFC 9000 s. 10.2.1 Closing Connection State. + */ +void ossl_quic_tx_packetiser_record_received_closing_bytes( + OSSL_QUIC_TX_PACKETISER *txp, size_t n); + +/* + * Generates a datagram by polling the various ELs to determine if they want to + * generate any frames, and generating a datagram which coalesces packets for + * any ELs which do. + * + * Returns 0 on failure (e.g. allocation error or other errors), 1 otherwise. + * + * *status is filled with status information about the generated packet. + * It is always filled even in case of failure. In particular, packets can be + * sent even if failure is later returned. + * See QUIC_TXP_STATUS for details. + */ +typedef struct quic_txp_status_st { + int sent_ack_eliciting; /* Was an ACK-eliciting packet sent? */ + int sent_handshake; /* Was a Handshake packet sent? */ + size_t sent_pkt; /* Number of packets sent (0 if nothing was sent) */ +} QUIC_TXP_STATUS; + +int ossl_quic_tx_packetiser_generate(OSSL_QUIC_TX_PACKETISER *txp, + QUIC_TXP_STATUS *status); + +/* + * Returns a deadline after which a call to ossl_quic_tx_packetiser_generate() + * might succeed even if it did not previously. This may return + * ossl_time_infinite() if there is no such deadline currently applicable. It + * returns ossl_time_zero() if there is (potentially) more data to be generated + * immediately. The value returned is liable to change after any call to + * ossl_quic_tx_packetiser_generate() (or after ACKM or CC state changes). Note + * that ossl_quic_tx_packetiser_generate() can also start to succeed for other + * non-chronological reasons, such as changes to send stream buffers, etc. + */ +OSSL_TIME ossl_quic_tx_packetiser_get_deadline(OSSL_QUIC_TX_PACKETISER *txp); + +/* + * Set the token used in Initial packets. The callback is called when the buffer + * is no longer needed; for example, when the TXP is freed or when this function + * is called again with a new buffer. Fails returning 0 if the token is too big + * to ever be reasonably encapsulated in an outgoing packet based on our current + * understanding of our PMTU. + */ +int ossl_quic_tx_packetiser_set_initial_token(OSSL_QUIC_TX_PACKETISER *txp, + const unsigned char *token, + size_t token_len, + ossl_quic_initial_token_free_fn *free_cb, + void *free_cb_arg); + +/* Change the DCID the TXP uses to send outgoing packets. */ +int ossl_quic_tx_packetiser_set_cur_dcid(OSSL_QUIC_TX_PACKETISER *txp, + const QUIC_CONN_ID *dcid); + +/* Change the SCID the TXP uses to send outgoing (long) packets. */ +int ossl_quic_tx_packetiser_set_cur_scid(OSSL_QUIC_TX_PACKETISER *txp, + const QUIC_CONN_ID *scid); + +/* + * Change the destination L4 address the TXP uses to send datagrams. Specify + * NULL (or AF_UNSPEC) to disable use of addressed mode. + */ +int ossl_quic_tx_packetiser_set_peer(OSSL_QUIC_TX_PACKETISER *txp, + const BIO_ADDR *peer); + +/* + * Inform the TX packetiser that an EL has been discarded. Idempotent. + * + * This does not inform the QTX as well; the caller must also inform the QTX. + * + * The TXP will no longer reference the crypto[enc_level] QUIC_SSTREAM which was + * provided in the TXP arguments. However, it is the callers responsibility to + * free that QUIC_SSTREAM if desired. + */ +int ossl_quic_tx_packetiser_discard_enc_level(OSSL_QUIC_TX_PACKETISER *txp, + uint32_t enc_level); + +/* + * Informs the TX packetiser that the handshake is complete. The TX packetiser + * will not send 1-RTT application data until the handshake is complete, + * as the authenticity of the peer is not confirmed until the handshake + * complete event occurs. + */ +void ossl_quic_tx_packetiser_notify_handshake_complete(OSSL_QUIC_TX_PACKETISER *txp); + +/* Asks the TXP to generate a HANDSHAKE_DONE frame in the next 1-RTT packet. */ +void ossl_quic_tx_packetiser_schedule_handshake_done(OSSL_QUIC_TX_PACKETISER *txp); + +/* Asks the TXP to ensure the next packet in the given PN space is ACK-eliciting. */ +void ossl_quic_tx_packetiser_schedule_ack_eliciting(OSSL_QUIC_TX_PACKETISER *txp, + uint32_t pn_space); + +/* + * Asks the TXP to ensure an ACK is put in the next packet in the given PN + * space. + */ +void ossl_quic_tx_packetiser_schedule_ack(OSSL_QUIC_TX_PACKETISER *txp, + uint32_t pn_space); + +/* + * Schedules a connection close. *f and f->reason are copied. This operation is + * irreversible and causes all further packets generated by the TXP to contain a + * CONNECTION_CLOSE frame. This function fails if it has already been called + * successfully; the information in *f cannot be changed after the first + * successful call to this function. + */ +int ossl_quic_tx_packetiser_schedule_conn_close(OSSL_QUIC_TX_PACKETISER *txp, + const OSSL_QUIC_FRAME_CONN_CLOSE *f); + +/* Setters for the msg_callback and msg_callback_arg */ +void ossl_quic_tx_packetiser_set_msg_callback(OSSL_QUIC_TX_PACKETISER *txp, + ossl_msg_cb msg_callback, + SSL *msg_callback_ssl); +void ossl_quic_tx_packetiser_set_msg_callback_arg(OSSL_QUIC_TX_PACKETISER *txp, + void *msg_callback_arg); + +/* + * Determines the next PN which will be used for a given PN space. + */ +QUIC_PN ossl_quic_tx_packetiser_get_next_pn(OSSL_QUIC_TX_PACKETISER *txp, + uint32_t pn_space); + +/* + * Sets a callback which is called whenever TXP sends an ACK frame. The callee + * must not modify the ACK frame data. Can be used to snoop on PNs being ACKed. + */ +void ossl_quic_tx_packetiser_set_ack_tx_cb(OSSL_QUIC_TX_PACKETISER *txp, + void (*cb)(const OSSL_QUIC_FRAME_ACK *ack, + uint32_t pn_space, + void *arg), + void *cb_arg); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_txpim.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_txpim.h new file mode 100644 index 00000000..ed6e3875 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_txpim.h @@ -0,0 +1,133 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_TXPIM_H +# define OSSL_QUIC_TXPIM_H + +# include +# include "internal/quic_types.h" +# include "internal/quic_cfq.h" +# include "internal/quic_ackm.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Transmitted Packet Information Manager + * =========================================== + */ +typedef struct quic_txpim_st QUIC_TXPIM; +typedef struct quic_fifd_st QUIC_FIFD; + +typedef struct quic_txpim_pkt_st { + /* ACKM-specific data. Caller should fill this. */ + OSSL_ACKM_TX_PKT ackm_pkt; + + /* Linked list of CFQ items in this packet. */ + QUIC_CFQ_ITEM *retx_head; + + /* Reserved for FIFD use. */ + QUIC_FIFD *fifd; + + /* Regenerate-strategy frames. */ + unsigned int had_handshake_done_frame : 1; + unsigned int had_max_data_frame : 1; + unsigned int had_max_streams_bidi_frame : 1; + unsigned int had_max_streams_uni_frame : 1; + unsigned int had_ack_frame : 1; + unsigned int had_conn_close : 1; + + /* Private data follows. */ +} QUIC_TXPIM_PKT; + +/* Represents a range of bytes in an application or CRYPTO stream. */ +typedef struct quic_txpim_chunk_st { + /* The stream ID, or UINT64_MAX for the CRYPTO stream. */ + uint64_t stream_id; + /* + * The inclusive range of bytes in the stream. Exceptionally, if end < + * start, designates a frame of zero length (used for FIN-only frames). In + * this case end is the number of the final byte (i.e., one less than the + * final size of the stream). + */ + uint64_t start, end; + /* + * Whether a FIN was sent for this stream in the packet. Not valid for + * CRYPTO stream. + */ + unsigned int has_fin : 1; + /* + * If set, a STOP_SENDING frame was sent for this stream ID. (If no data was + * sent for the stream, set end < start.) + */ + unsigned int has_stop_sending : 1; + /* + * If set, a RESET_STREAM frame was sent for this stream ID. (If no data was + * sent for the stream, set end < start.) + */ + unsigned int has_reset_stream : 1; +} QUIC_TXPIM_CHUNK; + +QUIC_TXPIM *ossl_quic_txpim_new(void); + +/* + * Frees the TXPIM. All QUIC_TXPIM_PKTs which have been handed out by the TXPIM + * must be released via a call to ossl_quic_txpim_pkt_release() before calling + * this function. + */ +void ossl_quic_txpim_free(QUIC_TXPIM *txpim); + +/* + * Allocates a new QUIC_TXPIM_PKT structure from the pool. Returns NULL on + * failure. The returned structure is cleared of all data and is in a fresh + * initial state. + */ +QUIC_TXPIM_PKT *ossl_quic_txpim_pkt_alloc(QUIC_TXPIM *txpim); + +/* + * Releases the TXPIM packet, returning it to the pool. + */ +void ossl_quic_txpim_pkt_release(QUIC_TXPIM *txpim, QUIC_TXPIM_PKT *fpkt); + +/* Clears the chunk list of the packet, removing all entries. */ +void ossl_quic_txpim_pkt_clear_chunks(QUIC_TXPIM_PKT *fpkt); + +/* Appends a chunk to the packet. The structure is copied. */ +int ossl_quic_txpim_pkt_append_chunk(QUIC_TXPIM_PKT *fpkt, + const QUIC_TXPIM_CHUNK *chunk); + +/* Adds a CFQ item to the packet by prepending it to the retx_head list. */ +void ossl_quic_txpim_pkt_add_cfq_item(QUIC_TXPIM_PKT *fpkt, + QUIC_CFQ_ITEM *item); + +/* + * Returns a pointer to an array of stream chunk information structures for the + * given packet. The caller must call ossl_quic_txpim_pkt_get_num_chunks() to + * determine the length of this array. The returned pointer is invalidated + * if the chunk list is mutated, for example via a call to + * ossl_quic_txpim_pkt_append_chunk() or ossl_quic_txpim_pkt_clear_chunks(). + * + * The chunks are sorted by (stream_id, start) in ascending order. + */ +const QUIC_TXPIM_CHUNK *ossl_quic_txpim_pkt_get_chunks(const QUIC_TXPIM_PKT *fpkt); + +/* + * Returns the number of entries in the array returned by + * ossl_quic_txpim_pkt_get_chunks(). + */ +size_t ossl_quic_txpim_pkt_get_num_chunks(const QUIC_TXPIM_PKT *fpkt); + +/* + * Returns the number of QUIC_TXPIM_PKTs allocated by the given TXPIM that have + * yet to be returned to the TXPIM. + */ +size_t ossl_quic_txpim_get_in_use(const QUIC_TXPIM *txpim); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_types.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_types.h new file mode 100644 index 00000000..d42164ba --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_types.h @@ -0,0 +1,116 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_TYPES_H +# define OSSL_QUIC_TYPES_H + +# include +# include +# include +# include + +# ifndef OPENSSL_NO_QUIC + +/* QUIC encryption levels. */ +enum { + QUIC_ENC_LEVEL_INITIAL = 0, + QUIC_ENC_LEVEL_HANDSHAKE, + QUIC_ENC_LEVEL_0RTT, + QUIC_ENC_LEVEL_1RTT, + QUIC_ENC_LEVEL_NUM /* Must be the ultimate entry */ +}; + +/* QUIC packet number spaces. */ +enum { + QUIC_PN_SPACE_INITIAL = 0, + QUIC_PN_SPACE_HANDSHAKE, + /* New entries must go here, so that QUIC_PN_SPACE_APP is the penultimate */ + QUIC_PN_SPACE_APP, + QUIC_PN_SPACE_NUM /* Must be the ultimate entry */ +}; + +static ossl_unused ossl_inline uint32_t +ossl_quic_enc_level_to_pn_space(uint32_t enc_level) +{ + switch (enc_level) { + case QUIC_ENC_LEVEL_INITIAL: + return QUIC_PN_SPACE_INITIAL; + case QUIC_ENC_LEVEL_HANDSHAKE: + return QUIC_PN_SPACE_HANDSHAKE; + case QUIC_ENC_LEVEL_0RTT: + case QUIC_ENC_LEVEL_1RTT: + return QUIC_PN_SPACE_APP; + default: + assert(0); + return QUIC_PN_SPACE_APP; + } +} + +/* QUIC packet number representation. */ +typedef uint64_t QUIC_PN; +# define QUIC_PN_INVALID UINT64_MAX + +static ossl_unused ossl_inline QUIC_PN ossl_quic_pn_max(QUIC_PN a, QUIC_PN b) +{ + return a > b ? a : b; +} + +static ossl_unused ossl_inline QUIC_PN ossl_quic_pn_min(QUIC_PN a, QUIC_PN b) +{ + return a < b ? a : b; +} + +static ossl_unused ossl_inline int ossl_quic_pn_valid(QUIC_PN pn) +{ + return pn < (((QUIC_PN)1) << 62); +} + +/* QUIC connection ID representation. */ +# define QUIC_MAX_CONN_ID_LEN 20 + +typedef struct quic_conn_id_st { + unsigned char id_len, id[QUIC_MAX_CONN_ID_LEN]; +} QUIC_CONN_ID; + +static ossl_unused ossl_inline int ossl_quic_conn_id_eq(const QUIC_CONN_ID *a, + const QUIC_CONN_ID *b) +{ + if (a->id_len != b->id_len || a->id_len > QUIC_MAX_CONN_ID_LEN) + return 0; + return memcmp(a->id, b->id, a->id_len) == 0; +} + +# define QUIC_MIN_INITIAL_DGRAM_LEN 1200 + +# define QUIC_DEFAULT_ACK_DELAY_EXP 3 +# define QUIC_MAX_ACK_DELAY_EXP 20 + +# define QUIC_DEFAULT_MAX_ACK_DELAY 25 + +# define QUIC_MIN_ACTIVE_CONN_ID_LIMIT 2 + +/* Arbitrary choice of default idle timeout (not an RFC value). */ +# define QUIC_DEFAULT_IDLE_TIMEOUT 30000 + +# define QUIC_STATELESS_RESET_TOKEN_LEN 16 + +typedef struct { + unsigned char token[QUIC_STATELESS_RESET_TOKEN_LEN]; +} QUIC_STATELESS_RESET_TOKEN; + +/* + * An encoded preferred_addr transport parameter cannot be shorter or longer + * than these lengths in bytes. + */ +# define QUIC_MIN_ENCODED_PREFERRED_ADDR_LEN 41 +# define QUIC_MAX_ENCODED_PREFERRED_ADDR_LEN 61 + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_vlint.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_vlint.h new file mode 100644 index 00000000..d4b70b22 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_vlint.h @@ -0,0 +1,127 @@ +/* +* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +* +* Licensed under the Apache License 2.0 (the "License"). You may not use +* this file except in compliance with the License. You can obtain a copy +* in the file LICENSE in the source distribution or at +* https://www.openssl.org/source/license.html +*/ + +#ifndef OSSL_INTERNAL_QUIC_VLINT_H +# define OSSL_INTERNAL_QUIC_VLINT_H +# pragma once + +# include "internal/e_os.h" + +# ifndef OPENSSL_NO_QUIC + +/* The smallest value requiring a 1, 2, 4, or 8-byte representation. */ +#define OSSL_QUIC_VLINT_1B_MIN 0 +#define OSSL_QUIC_VLINT_2B_MIN 64 +#define OSSL_QUIC_VLINT_4B_MIN 16384 +#define OSSL_QUIC_VLINT_8B_MIN 1073741824 + +/* The largest value representable in a given number of bytes. */ +#define OSSL_QUIC_VLINT_1B_MAX (OSSL_QUIC_VLINT_2B_MIN - 1) +#define OSSL_QUIC_VLINT_2B_MAX (OSSL_QUIC_VLINT_4B_MIN - 1) +#define OSSL_QUIC_VLINT_4B_MAX (OSSL_QUIC_VLINT_8B_MIN - 1) +#define OSSL_QUIC_VLINT_8B_MAX (((uint64_t)1 << 62) - 1) + +/* The largest value representable as a variable-length integer. */ +#define OSSL_QUIC_VLINT_MAX OSSL_QUIC_VLINT_8B_MAX + +/* + * Returns the number of bytes needed to encode v in the QUIC variable-length + * integer encoding. + * + * Returns 0 if v exceeds OSSL_QUIC_VLINT_MAX. + */ +static ossl_unused ossl_inline size_t ossl_quic_vlint_encode_len(uint64_t v) +{ + if (v < OSSL_QUIC_VLINT_2B_MIN) + return 1; + + if (v < OSSL_QUIC_VLINT_4B_MIN) + return 2; + + if (v < OSSL_QUIC_VLINT_8B_MIN) + return 4; + + if (v <= OSSL_QUIC_VLINT_MAX) + return 8; + + return 0; +} + +/* + * This function writes a QUIC varable-length encoded integer to buf. + * The smallest usable representation is used. + * + * It is the caller's responsibility to ensure that the buffer is big enough by + * calling ossl_quic_vlint_encode_len(v) before calling this function. + * + * Precondition: buf is at least ossl_quic_vlint_enc_len(v) bytes in size + * (unchecked) + * Precondition: v does not exceed OSSL_QUIC_VLINT_MAX + * (unchecked) + */ +void ossl_quic_vlint_encode(unsigned char *buf, uint64_t v); + +/* + * This function writes a QUIC variable-length encoded integer to buf. The + * specified number of bytes n are used for the encoding, which means that the + * encoded value may take up more space than necessary. + * + * It is the caller's responsibility to ensure that the buffer is of at least n + * bytes, and that v is representable by a n-byte QUIC variable-length integer. + * The representable ranges are: + * + * 1-byte encoding: [0, 2** 6-1] + * 2-byte encoding: [0, 2**14-1] + * 4-byte encoding: [0, 2**30-1] + * 8-byte encoding: [0, 2**62-1] + * + * Precondition: buf is at least n bytes in size (unchecked) + * Precondition: v does not exceed the representable range + * (ossl_quic_vlint_encode_len(v) <= n) (unchecked) + * Precondition: v does not exceed OSSL_QUIC_VLINT_MAX + * (unchecked) + */ +void ossl_quic_vlint_encode_n(unsigned char *buf, uint64_t v, int n); + +/* + * Given the first byte of an encoded QUIC variable-length integer, returns + * the number of bytes comprising the encoded integer, including the first + * byte. + */ +static ossl_unused ossl_inline size_t ossl_quic_vlint_decode_len(uint8_t first_byte) +{ + return 1U << ((first_byte & 0xC0) >> 6); +} + +/* + * Given a buffer containing an encoded QUIC variable-length integer, returns + * the decoded value. The buffer must be of at least + * ossl_quic_vlint_decode_len(buf[0]) bytes in size, and the caller is responsible + * for checking this. + * + * Precondition: buf is at least ossl_quic_vlint_decode_len(buf[0]) bytes in size + * (unchecked) + */ +uint64_t ossl_quic_vlint_decode_unchecked(const unsigned char *buf); + +/* + * Given a buffer buf of buf_len bytes in length, attempts to decode an encoded + * QUIC variable-length integer at the start of the buffer and writes the result + * to *v. If buf_len is inadequate, suggesting a truncated encoded integer, the + * function fails and 0 is returned. Otherwise, returns the number of bytes + * consumed. + * + * Precondition: buf is at least buf_len bytes in size + * Precondition: v (unchecked) + */ +int ossl_quic_vlint_decode(const unsigned char *buf, size_t buf_len, uint64_t *v); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_wire.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_wire.h new file mode 100644 index 00000000..cd01feb0 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_wire.h @@ -0,0 +1,784 @@ +/* +* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +* +* Licensed under the Apache License 2.0 (the "License"). You may not use +* this file except in compliance with the License. You can obtain a copy +* in the file LICENSE in the source distribution or at +* https://www.openssl.org/source/license.html +*/ + +#ifndef OSSL_INTERNAL_QUIC_WIRE_H +# define OSSL_INTERNAL_QUIC_WIRE_H +# pragma once + +# include "internal/e_os.h" +# include "internal/time.h" +# include "internal/quic_types.h" +# include "internal/packet_quic.h" + +# ifndef OPENSSL_NO_QUIC + +# define OSSL_QUIC_FRAME_TYPE_PADDING 0x00 +# define OSSL_QUIC_FRAME_TYPE_PING 0x01 +# define OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN 0x02 +# define OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN 0x03 +# define OSSL_QUIC_FRAME_TYPE_RESET_STREAM 0x04 +# define OSSL_QUIC_FRAME_TYPE_STOP_SENDING 0x05 +# define OSSL_QUIC_FRAME_TYPE_CRYPTO 0x06 +# define OSSL_QUIC_FRAME_TYPE_NEW_TOKEN 0x07 +# define OSSL_QUIC_FRAME_TYPE_MAX_DATA 0x10 +# define OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA 0x11 +# define OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI 0x12 +# define OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI 0x13 +# define OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED 0x14 +# define OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED 0x15 +# define OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI 0x16 +# define OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI 0x17 +# define OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID 0x18 +# define OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID 0x19 +# define OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE 0x1A +# define OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE 0x1B +# define OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_TRANSPORT 0x1C +# define OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP 0x1D +# define OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE 0x1E + +# define OSSL_QUIC_FRAME_FLAG_STREAM_FIN 0x01 +# define OSSL_QUIC_FRAME_FLAG_STREAM_LEN 0x02 +# define OSSL_QUIC_FRAME_FLAG_STREAM_OFF 0x04 +# define OSSL_QUIC_FRAME_FLAG_STREAM_MASK ((uint64_t)0x07) + +/* Low 3 bits of the type contain flags */ +# define OSSL_QUIC_FRAME_TYPE_STREAM 0x08 /* base ID */ +# define OSSL_QUIC_FRAME_TYPE_STREAM_FIN \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_FIN) +# define OSSL_QUIC_FRAME_TYPE_STREAM_LEN \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_LEN) +# define OSSL_QUIC_FRAME_TYPE_STREAM_LEN_FIN \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_LEN | \ + OSSL_QUIC_FRAME_FLAG_STREAM_FIN) +# define OSSL_QUIC_FRAME_TYPE_STREAM_OFF \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_OFF) +# define OSSL_QUIC_FRAME_TYPE_STREAM_OFF_FIN \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_OFF | \ + OSSL_QUIC_FRAME_FLAG_STREAM_FIN) +# define OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_OFF | \ + OSSL_QUIC_FRAME_FLAG_STREAM_LEN) +# define OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN_FIN \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_OFF | \ + OSSL_QUIC_FRAME_FLAG_STREAM_LEN | \ + OSSL_QUIC_FRAME_FLAG_STREAM_FIN) + +# define OSSL_QUIC_FRAME_TYPE_IS_STREAM(x) \ + (((x) & ~OSSL_QUIC_FRAME_FLAG_STREAM_MASK) == OSSL_QUIC_FRAME_TYPE_STREAM) +# define OSSL_QUIC_FRAME_TYPE_IS_ACK(x) \ + (((x) & ~(uint64_t)1) == OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN) +# define OSSL_QUIC_FRAME_TYPE_IS_MAX_STREAMS(x) \ + (((x) & ~(uint64_t)1) == OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI) +# define OSSL_QUIC_FRAME_TYPE_IS_STREAMS_BLOCKED(x) \ + (((x) & ~(uint64_t)1) == OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI) +# define OSSL_QUIC_FRAME_TYPE_IS_CONN_CLOSE(x) \ + (((x) & ~(uint64_t)1) == OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_TRANSPORT) + +const char *ossl_quic_frame_type_to_string(uint64_t frame_type); + +static ossl_unused ossl_inline int +ossl_quic_frame_type_is_ack_eliciting(uint64_t frame_type) +{ + switch (frame_type) { + case OSSL_QUIC_FRAME_TYPE_PADDING: + case OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN: + case OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN: + case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_TRANSPORT: + case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP: + return 0; + default: + return 1; + } +} + +/* QUIC Transport Parameter Types */ +# define QUIC_TPARAM_ORIG_DCID 0x00 +# define QUIC_TPARAM_MAX_IDLE_TIMEOUT 0x01 +# define QUIC_TPARAM_STATELESS_RESET_TOKEN 0x02 +# define QUIC_TPARAM_MAX_UDP_PAYLOAD_SIZE 0x03 +# define QUIC_TPARAM_INITIAL_MAX_DATA 0x04 +# define QUIC_TPARAM_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL 0x05 +# define QUIC_TPARAM_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE 0x06 +# define QUIC_TPARAM_INITIAL_MAX_STREAM_DATA_UNI 0x07 +# define QUIC_TPARAM_INITIAL_MAX_STREAMS_BIDI 0x08 +# define QUIC_TPARAM_INITIAL_MAX_STREAMS_UNI 0x09 +# define QUIC_TPARAM_ACK_DELAY_EXP 0x0A +# define QUIC_TPARAM_MAX_ACK_DELAY 0x0B +# define QUIC_TPARAM_DISABLE_ACTIVE_MIGRATION 0x0C +# define QUIC_TPARAM_PREFERRED_ADDR 0x0D +# define QUIC_TPARAM_ACTIVE_CONN_ID_LIMIT 0x0E +# define QUIC_TPARAM_INITIAL_SCID 0x0F +# define QUIC_TPARAM_RETRY_SCID 0x10 + +/* + * QUIC Frame Logical Representations + * ================================== + */ + +/* QUIC Frame: ACK */ +typedef struct ossl_quic_ack_range_st { + /* + * Represents an inclusive range of packet numbers [start, end]. + * start must be <= end. + */ + QUIC_PN start, end; +} OSSL_QUIC_ACK_RANGE; + +typedef struct ossl_quic_frame_ack_st { + /* + * A sequence of packet number ranges [[start, end]...]. + * + * The ranges must be sorted in descending order, for example: + * [ 95, 100] + * [ 90, 92] + * etc. + * + * As such, ack_ranges[0].end is always the highest packet number + * being acknowledged and ack_ranges[num_ack_ranges-1].start is + * always the lowest packet number being acknowledged. + * + * num_ack_ranges must be greater than zero, as an ACK frame must + * acknowledge at least one packet number. + */ + OSSL_QUIC_ACK_RANGE *ack_ranges; + size_t num_ack_ranges; + + OSSL_TIME delay_time; + uint64_t ect0, ect1, ecnce; + unsigned int ecn_present : 1; +} OSSL_QUIC_FRAME_ACK; + +/* Returns 1 if the given frame contains the given PN. */ +int ossl_quic_frame_ack_contains_pn(const OSSL_QUIC_FRAME_ACK *ack, QUIC_PN pn); + +/* QUIC Frame: STREAM */ +typedef struct ossl_quic_frame_stream_st { + uint64_t stream_id; /* Stream ID */ + uint64_t offset; /* Logical offset in stream */ + uint64_t len; /* Length of data in bytes */ + const unsigned char *data; + + /* + * On encode, this determines whether the len field should be encoded or + * not. If zero, the len field is not encoded and it is assumed the frame + * runs to the end of the packet. + * + * On decode, this determines whether the frame had an explicitly encoded + * length. If not set, the frame runs to the end of the packet and len has + * been set accordingly. + */ + unsigned int has_explicit_len : 1; + + /* 1 if this is the end of the stream */ + unsigned int is_fin : 1; +} OSSL_QUIC_FRAME_STREAM; + +/* QUIC Frame: CRYPTO */ +typedef struct ossl_quic_frame_crypto_st { + uint64_t offset; /* Logical offset in stream */ + uint64_t len; /* Length of the data in bytes */ + const unsigned char *data; +} OSSL_QUIC_FRAME_CRYPTO; + +/* QUIC Frame: RESET_STREAM */ +typedef struct ossl_quic_frame_reset_stream_st { + uint64_t stream_id; + uint64_t app_error_code; + uint64_t final_size; +} OSSL_QUIC_FRAME_RESET_STREAM; + +/* QUIC Frame: STOP_SENDING */ +typedef struct ossl_quic_frame_stop_sending_st { + uint64_t stream_id; + uint64_t app_error_code; +} OSSL_QUIC_FRAME_STOP_SENDING; + +/* QUIC Frame: NEW_CONNECTION_ID */ +typedef struct ossl_quic_frame_new_conn_id_st { + uint64_t seq_num; + uint64_t retire_prior_to; + QUIC_CONN_ID conn_id; + QUIC_STATELESS_RESET_TOKEN stateless_reset; +} OSSL_QUIC_FRAME_NEW_CONN_ID; + +/* QUIC Frame: CONNECTION_CLOSE */ +typedef struct ossl_quic_frame_conn_close_st { + unsigned int is_app : 1; /* 0: transport error, 1: app error */ + uint64_t error_code; /* 62-bit transport or app error code */ + uint64_t frame_type; /* transport errors only */ + char *reason; /* UTF-8 string, not necessarily zero-terminated */ + size_t reason_len; /* Length of reason in bytes */ +} OSSL_QUIC_FRAME_CONN_CLOSE; + +/* + * QUIC Wire Format Encoding + * ========================= + * + * These functions return 1 on success and 0 on failure. + */ + +/* + * Encodes zero or more QUIC PADDING frames to the packet writer. Each PADDING + * frame consumes one byte; num_bytes specifies the number of bytes of padding + * to write. + */ +int ossl_quic_wire_encode_padding(WPACKET *pkt, size_t num_bytes); + +/* + * Encodes a QUIC PING frame to the packet writer. This frame type takes + * no arguments. +*/ +int ossl_quic_wire_encode_frame_ping(WPACKET *pkt); + +/* + * Encodes a QUIC ACK frame to the packet writer, given a logical representation + * of the ACK frame. + * + * The ACK ranges passed must be sorted in descending order. + * + * The logical representation stores a list of packet number ranges. The wire + * encoding is slightly different and stores the first range in the list + * in a different manner. + * + * The ack_delay_exponent argument specifies the index of a power of two by + * which the ack->ack_delay field is be divided. This exponent value must match + * the value used when decoding. + */ +int ossl_quic_wire_encode_frame_ack(WPACKET *pkt, + uint32_t ack_delay_exponent, + const OSSL_QUIC_FRAME_ACK *ack); + +/* + * Encodes a QUIC RESET_STREAM frame to the packet writer, given a logical + * representation of the RESET_STREAM frame. + */ +int ossl_quic_wire_encode_frame_reset_stream(WPACKET *pkt, + const OSSL_QUIC_FRAME_RESET_STREAM *f); + +/* + * Encodes a QUIC STOP_SENDING frame to the packet writer, given a logical + * representation of the STOP_SENDING frame. + */ +int ossl_quic_wire_encode_frame_stop_sending(WPACKET *pkt, + const OSSL_QUIC_FRAME_STOP_SENDING *f); + +/* + * Encodes a QUIC CRYPTO frame header to the packet writer. + * + * To create a well-formed frame, the data written using this function must be + * immediately followed by f->len bytes of data. + */ +int ossl_quic_wire_encode_frame_crypto_hdr(WPACKET *hdr, + const OSSL_QUIC_FRAME_CRYPTO *f); + +/* + * Returns the number of bytes which will be required to encode the given + * CRYPTO frame header. Does not include the payload bytes in the count. + * Returns 0 if input is invalid. + */ +size_t ossl_quic_wire_get_encoded_frame_len_crypto_hdr(const OSSL_QUIC_FRAME_CRYPTO *f); + +/* + * Encodes a QUIC CRYPTO frame to the packet writer. + * + * This function returns a pointer to a buffer of f->len bytes which the caller + * should fill however it wishes. If f->data is non-NULL, it is automatically + * copied to the target buffer, otherwise the caller must fill the returned + * buffer. Returns NULL on failure. + */ +void *ossl_quic_wire_encode_frame_crypto(WPACKET *pkt, + const OSSL_QUIC_FRAME_CRYPTO *f); + +/* + * Encodes a QUIC NEW_TOKEN frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_new_token(WPACKET *pkt, + const unsigned char *token, + size_t token_len); + +/* + * Encodes a QUIC STREAM frame's header to the packet writer. The f->stream_id, + * f->offset and f->len fields are the values for the respective Stream ID, + * Offset and Length fields. + * + * If f->is_fin is non-zero, the frame is marked as the final frame in the + * stream. + * + * If f->has_explicit_len is zerro, the frame is assumed to be the final frame + * in the packet, which the caller is responsible for ensuring; the Length + * field is then omitted. + * + * To create a well-formed frame, the data written using this function must be + * immediately followed by f->len bytes of stream data. + */ +int ossl_quic_wire_encode_frame_stream_hdr(WPACKET *pkt, + const OSSL_QUIC_FRAME_STREAM *f); + +/* + * Returns the number of bytes which will be required to encode the given + * STREAM frame header. Does not include the payload bytes in the count. + * Returns 0 if input is invalid. + */ +size_t ossl_quic_wire_get_encoded_frame_len_stream_hdr(const OSSL_QUIC_FRAME_STREAM *f); + +/* + * Functions similarly to ossl_quic_wire_encode_frame_stream_hdr, but it also + * allocates space for f->len bytes of data after the header, creating a + * well-formed QUIC STREAM frame in one call. + * + * A pointer to the bytes allocated for the framme payload is returned, + * which the caller can fill however it wishes. If f->data is non-NULL, + * it is automatically copied to the target buffer, otherwise the caller + * must fill the returned buffer. Returns NULL on failure. + */ +void *ossl_quic_wire_encode_frame_stream(WPACKET *pkt, + const OSSL_QUIC_FRAME_STREAM *f); + +/* + * Encodes a QUIC MAX_DATA frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_max_data(WPACKET *pkt, + uint64_t max_data); + +/* + * Encodes a QUIC MAX_STREAM_DATA frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_max_stream_data(WPACKET *pkt, + uint64_t stream_id, + uint64_t max_data); + +/* + * Encodes a QUIC MAX_STREAMS frame to the packet writer. + * + * If is_uni is 0, the count specifies the maximum number of + * bidirectional streams; else it specifies the maximum number of unidirectional + * streams. + */ +int ossl_quic_wire_encode_frame_max_streams(WPACKET *pkt, + char is_uni, + uint64_t max_streams); + +/* + * Encodes a QUIC DATA_BLOCKED frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_data_blocked(WPACKET *pkt, + uint64_t max_data); + +/* + * Encodes a QUIC STREAM_DATA_BLOCKED frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_stream_data_blocked(WPACKET *pkt, + uint64_t stream_id, + uint64_t max_stream_data); +/* + * Encodes a QUIC STREAMS_BLOCKED frame to the packet writer. + * + * If is_uni is 0, the count specifies the maximum number of + * bidirectional streams; else it specifies the maximum number of unidirectional + * streams. + */ +int ossl_quic_wire_encode_frame_streams_blocked(WPACKET *pkt, + char is_uni, + uint64_t max_streams); + +/* + * Encodes a QUIC NEW_CONNECTION_ID frame to the packet writer, given a logical + * representation of the NEW_CONNECTION_ID frame. + * + * The buffer pointed to by the conn_id field must be valid for the duration of + * the call. + */ +int ossl_quic_wire_encode_frame_new_conn_id(WPACKET *pkt, + const OSSL_QUIC_FRAME_NEW_CONN_ID *f); + +/* + * Encodes a QUIC RETIRE_CONNECTION_ID frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_retire_conn_id(WPACKET *pkt, + uint64_t seq_num); + +/* + * Encodes a QUIC PATH_CHALLENGE frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_path_challenge(WPACKET *pkt, + uint64_t data); + +/* + * Encodes a QUIC PATH_RESPONSE frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_path_response(WPACKET *pkt, + uint64_t data); + +/* + * Encodes a QUIC CONNECTION_CLOSE frame to the packet writer, given a logical + * representation of the CONNECTION_CLOSE frame. + * + * The reason field may be NULL, in which case no reason is encoded. If the + * reason field is non-NULL, it must point to a valid UTF-8 string and + * reason_len must be set to the length of the reason string in bytes. The + * reason string need not be zero terminated. + */ +int ossl_quic_wire_encode_frame_conn_close(WPACKET *pkt, + const OSSL_QUIC_FRAME_CONN_CLOSE *f); + +/* + * Encodes a QUIC HANDSHAKE_DONE frame to the packet writer. This frame type + * takes no arguiments. + */ +int ossl_quic_wire_encode_frame_handshake_done(WPACKET *pkt); + +/* + * Encodes a QUIC transport parameter TLV with the given ID into the WPACKET. + * The payload is an arbitrary buffer. + * + * If value is non-NULL, the value is copied into the packet. + * If it is NULL, value_len bytes are allocated for the payload and the caller + * should fill the buffer using the returned pointer. + * + * Returns a pointer to the start of the payload on success, or NULL on failure. + */ +unsigned char *ossl_quic_wire_encode_transport_param_bytes(WPACKET *pkt, + uint64_t id, + const unsigned char *value, + size_t value_len); + +/* + * Encodes a QUIC transport parameter TLV with the given ID into the WPACKET. + * The payload is a QUIC variable-length integer with the given value. + */ +int ossl_quic_wire_encode_transport_param_int(WPACKET *pkt, + uint64_t id, + uint64_t value); + +/* + * Encodes a QUIC transport parameter TLV with a given ID into the WPACKET. + * The payload is a QUIC connection ID. + */ +int ossl_quic_wire_encode_transport_param_cid(WPACKET *wpkt, + uint64_t id, + const QUIC_CONN_ID *cid); + +/* + * QUIC Wire Format Decoding + * ========================= + * + * These functions return 1 on success or 0 for failure. Typical reasons + * why these functions may fail include: + * + * - A frame decode function is called but the frame in the PACKET's buffer + * is not of the correct type. + * + * - A variable-length field in the encoded frame appears to exceed the bounds + * of the PACKET's buffer. + * + * These functions should be called with the PACKET pointing to the start of the + * frame (including the initial type field), and consume an entire frame + * including its type field. The expectation is that the caller will have + * already discerned the frame type using ossl_quic_wire_peek_frame_header(). + */ + +/* + * Decodes the type field header of a QUIC frame (without advancing the current + * position). This can be used to determine the frame type and determine which + * frame decoding function to call. + */ +int ossl_quic_wire_peek_frame_header(PACKET *pkt, uint64_t *type, + int *was_minimal); + +/* + * Like ossl_quic_wire_peek_frame_header, but advances the current position + * so that the type field is consumed. For advanced use only. + */ +int ossl_quic_wire_skip_frame_header(PACKET *pkt, uint64_t *type); + +/* + * Determines how many ranges are needed to decode a QUIC ACK frame. + * + * The number of ranges which must be allocated before the call to + * ossl_quic_wire_decode_frame_ack is written to *total_ranges. + * + * The PACKET is not advanced. + */ +int ossl_quic_wire_peek_frame_ack_num_ranges(const PACKET *pkt, + uint64_t *total_ranges); + +/* + * Decodes a QUIC ACK frame. The ack_ranges field of the passed structure should + * point to a preallocated array of ACK ranges and the num_ack_ranges field + * should specify the length of allocation. + * + * *total_ranges is written with the number of ranges in the decoded frame, + * which may be greater than the number of ranges which were decoded (i.e. if + * num_ack_ranges was too small to decode all ranges). + * + * On success, this function modifies the num_ack_ranges field to indicate the + * number of ranges in the decoded frame. This is the number of entries in the + * ACK ranges array written by this function; any additional entries are not + * modified. + * + * If the number of ACK ranges in the decoded frame exceeds that in + * num_ack_ranges, as many ACK ranges as possible are decoded into the range + * array. The caller can use the value written to *total_ranges to detect this + * condition, as *total_ranges will exceed num_ack_ranges. + * + * If ack is NULL, the frame is still decoded, but only *total_ranges is + * written. This can be used to determine the number of ranges which must be + * allocated. + * + * The ack_delay_exponent argument specifies the index of a power of two used to + * decode the ack_delay field. This must match the ack_delay_exponent value used + * to encode the frame. + */ +int ossl_quic_wire_decode_frame_ack(PACKET *pkt, + uint32_t ack_delay_exponent, + OSSL_QUIC_FRAME_ACK *ack, + uint64_t *total_ranges); + +/* + * Decodes a QUIC RESET_STREAM frame. + */ +int ossl_quic_wire_decode_frame_reset_stream(PACKET *pkt, + OSSL_QUIC_FRAME_RESET_STREAM *f); + +/* + * Decodes a QUIC STOP_SENDING frame. + */ +int ossl_quic_wire_decode_frame_stop_sending(PACKET *pkt, + OSSL_QUIC_FRAME_STOP_SENDING *f); + +/* + * Decodes a QUIC CRYPTO frame. + * + * f->data is set to point inside the packet buffer inside the PACKET, therefore + * it is safe to access for as long as the packet buffer exists. If nodata is + * set to 1 then reading the PACKET stops after the frame header and f->data is + * set to NULL. + */ +int ossl_quic_wire_decode_frame_crypto(PACKET *pkt, int nodata, + OSSL_QUIC_FRAME_CRYPTO *f); + +/* + * Decodes a QUIC NEW_TOKEN frame. *token is written with a pointer to the token + * bytes and *token_len is written with the length of the token in bytes. + */ +int ossl_quic_wire_decode_frame_new_token(PACKET *pkt, + const unsigned char **token, + size_t *token_len); + +/* + * Decodes a QUIC STREAM frame. + * + * If nodata is set to 1 then reading the PACKET stops after the frame header + * and f->data is set to NULL. In this case f->len will also be 0 in the event + * that "has_explicit_len" is 0. + * + * If the frame did not contain an offset field, f->offset is set to 0, as the + * absence of an offset field is equivalent to an offset of 0. + * + * If the frame contained a length field, f->has_explicit_len is set to 1 and + * the length of the data is placed in f->len. This function ensures that the + * length does not exceed the packet buffer, thus it is safe to access f->data. + * + * If the frame did not contain a length field, this means that the frame runs + * until the end of the packet. This function sets f->has_explicit_len to zero, + * and f->len to the amount of data remaining in the input buffer. Therefore, + * this function should be used with a PACKET representing a single packet (and + * not e.g. multiple packets). + * + * Note also that this means f->len is always valid after this function returns + * successfully, regardless of the value of f->has_explicit_len. + * + * f->data points inside the packet buffer inside the PACKET, therefore it is + * safe to access for as long as the packet buffer exists. + * + * f->is_fin is set according to whether the frame was marked as ending the + * stream. + */ +int ossl_quic_wire_decode_frame_stream(PACKET *pkt, int nodata, + OSSL_QUIC_FRAME_STREAM *f); + +/* + * Decodes a QUIC MAX_DATA frame. The Maximum Data field is written to + * *max_data. + */ +int ossl_quic_wire_decode_frame_max_data(PACKET *pkt, + uint64_t *max_data); + +/* + * Decodes a QUIC MAX_STREAM_DATA frame. The Stream ID is written to *stream_id + * and Maximum Stream Data field is written to *max_stream_data. + */ +int ossl_quic_wire_decode_frame_max_stream_data(PACKET *pkt, + uint64_t *stream_id, + uint64_t *max_stream_data); +/* + * Decodes a QUIC MAX_STREAMS frame. The Maximum Streams field is written to + * *max_streams. + * + * Whether the limit concerns bidirectional streams or unidirectional streams is + * denoted by the frame type; the caller should examine the frame type to + * determine this. + */ +int ossl_quic_wire_decode_frame_max_streams(PACKET *pkt, + uint64_t *max_streams); + +/* + * Decodes a QUIC DATA_BLOCKED frame. The Maximum Data field is written to + * *max_data. + */ +int ossl_quic_wire_decode_frame_data_blocked(PACKET *pkt, + uint64_t *max_data); + +/* + * Decodes a QUIC STREAM_DATA_BLOCKED frame. The Stream ID and Maximum Stream + * Data fields are written to *stream_id and *max_stream_data respectively. + */ +int ossl_quic_wire_decode_frame_stream_data_blocked(PACKET *pkt, + uint64_t *stream_id, + uint64_t *max_stream_data); + +/* + * Decodes a QUIC STREAMS_BLOCKED frame. The Maximum Streams field is written to + * *max_streams. + * + * Whether the limit concerns bidirectional streams or unidirectional streams is + * denoted by the frame type; the caller should examine the frame type to + * determine this. + */ +int ossl_quic_wire_decode_frame_streams_blocked(PACKET *pkt, + uint64_t *max_streams); + + +/* + * Decodes a QUIC NEW_CONNECTION_ID frame. The logical representation of the + * frame is written to *f. + * + * The conn_id field is set to point to the connection ID string inside the + * packet buffer; it is therefore valid for as long as the PACKET's buffer is + * valid. The conn_id_len field is set to the length of the connection ID string + * in bytes. + */ +int ossl_quic_wire_decode_frame_new_conn_id(PACKET *pkt, + OSSL_QUIC_FRAME_NEW_CONN_ID *f); + +/* + * Decodes a QUIC RETIRE_CONNECTION_ID frame. The Sequence Number field + * is written to *seq_num. + */ +int ossl_quic_wire_decode_frame_retire_conn_id(PACKET *pkt, + uint64_t *seq_num); + +/* + * Decodes a QUIC PATH_CHALLENGE frame. The Data field is written to *data. + */ +int ossl_quic_wire_decode_frame_path_challenge(PACKET *pkt, + uint64_t *data); + +/* + * Decodes a QUIC PATH_CHALLENGE frame. The Data field is written to *data. + */ +int ossl_quic_wire_decode_frame_path_response(PACKET *pkt, + uint64_t *data); + +/* + * Decodes a QUIC CONNECTION_CLOSE frame. The logical representation + * of the frame is written to *f. + * + * The reason field is set to point to the UTF-8 reason string inside + * the packet buffer; it is therefore valid for as long as the PACKET's + * buffer is valid. The reason_len field is set to the length of the + * reason string in bytes. + * + * IMPORTANT: The reason string is not zero-terminated. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_wire_decode_frame_conn_close(PACKET *pkt, + OSSL_QUIC_FRAME_CONN_CLOSE *f); + +/* + * Decodes one or more PADDING frames. PADDING frames have no arguments. + * + * Returns the number of PADDING frames decoded or 0 on error. + */ +size_t ossl_quic_wire_decode_padding(PACKET *pkt); + +/* + * Decodes a PING frame. The frame has no arguments. + */ +int ossl_quic_wire_decode_frame_ping(PACKET *pkt); + +/* + * Decodes a HANDSHAKE_DONE frame. The frame has no arguments. + */ +int ossl_quic_wire_decode_frame_handshake_done(PACKET *pkt); + +/* + * Peeks at the ID of the next QUIC transport parameter TLV in the stream. + * The ID is written to *id. + */ +int ossl_quic_wire_peek_transport_param(PACKET *pkt, uint64_t *id); + +/* + * Decodes a QUIC transport parameter TLV. A pointer to the value buffer is + * returned on success. This points inside the PACKET's buffer and is therefore + * valid as long as the PACKET's buffer is valid. + * + * The transport parameter ID is written to *id (if non-NULL) and the length of + * the payload in bytes is written to *len. + * + * Returns NULL on failure. + */ +const unsigned char *ossl_quic_wire_decode_transport_param_bytes(PACKET *pkt, + uint64_t *id, + size_t *len); + +/* + * Decodes a QUIC transport parameter TLV containing a variable-length integer. + * + * The transport parameter ID is written to *id (if non-NULL) and the value is + * written to *value. + */ +int ossl_quic_wire_decode_transport_param_int(PACKET *pkt, + uint64_t *id, + uint64_t *value); + +/* + * Decodes a QUIC transport parameter TLV containing a connection ID. + * + * The transport parameter ID is written to *id (if non-NULL) and the value is + * written to *value. + */ +int ossl_quic_wire_decode_transport_param_cid(PACKET *pkt, + uint64_t *id, + QUIC_CONN_ID *cid); + +/* + * Decodes a QUIC transport parameter TLV containing a preferred_address. + */ +typedef struct quic_preferred_addr_st { + uint16_t ipv4_port, ipv6_port; + unsigned char ipv4[4], ipv6[16]; + QUIC_STATELESS_RESET_TOKEN stateless_reset; + QUIC_CONN_ID cid; +} QUIC_PREFERRED_ADDR; + +int ossl_quic_wire_decode_transport_param_preferred_addr(PACKET *pkt, + QUIC_PREFERRED_ADDR *p); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_wire_pkt.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_wire_pkt.h new file mode 100644 index 00000000..18a483fc --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/quic_wire_pkt.h @@ -0,0 +1,629 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_WIRE_PKT_H +# define OSSL_QUIC_WIRE_PKT_H + +# include +# include "internal/packet_quic.h" +# include "internal/quic_types.h" + +# ifndef OPENSSL_NO_QUIC + +# define QUIC_VERSION_NONE ((uint32_t)0) /* Used for version negotiation */ +# define QUIC_VERSION_1 ((uint32_t)1) /* QUIC v1 */ + +/* QUIC logical packet type. These do not match wire values. */ +# define QUIC_PKT_TYPE_INITIAL 1 +# define QUIC_PKT_TYPE_0RTT 2 +# define QUIC_PKT_TYPE_HANDSHAKE 3 +# define QUIC_PKT_TYPE_RETRY 4 +# define QUIC_PKT_TYPE_1RTT 5 +# define QUIC_PKT_TYPE_VERSION_NEG 6 + +/* + * Determine encryption level from packet type. Returns QUIC_ENC_LEVEL_NUM if + * the packet is not of a type which is encrypted. + */ +static ossl_inline ossl_unused uint32_t +ossl_quic_pkt_type_to_enc_level(uint32_t pkt_type) +{ + switch (pkt_type) { + case QUIC_PKT_TYPE_INITIAL: + return QUIC_ENC_LEVEL_INITIAL; + case QUIC_PKT_TYPE_HANDSHAKE: + return QUIC_ENC_LEVEL_HANDSHAKE; + case QUIC_PKT_TYPE_0RTT: + return QUIC_ENC_LEVEL_0RTT; + case QUIC_PKT_TYPE_1RTT: + return QUIC_ENC_LEVEL_1RTT; + default: + return QUIC_ENC_LEVEL_NUM; + } +} + +static ossl_inline ossl_unused uint32_t +ossl_quic_enc_level_to_pkt_type(uint32_t enc_level) +{ + switch (enc_level) { + case QUIC_ENC_LEVEL_INITIAL: + return QUIC_PKT_TYPE_INITIAL; + case QUIC_ENC_LEVEL_HANDSHAKE: + return QUIC_PKT_TYPE_HANDSHAKE; + case QUIC_ENC_LEVEL_0RTT: + return QUIC_PKT_TYPE_0RTT; + case QUIC_ENC_LEVEL_1RTT: + return QUIC_PKT_TYPE_1RTT; + default: + return UINT32_MAX; + } +} + +/* Determine if a packet type contains an encrypted payload. */ +static ossl_inline ossl_unused int +ossl_quic_pkt_type_is_encrypted(uint32_t pkt_type) +{ + switch (pkt_type) { + case QUIC_PKT_TYPE_RETRY: + case QUIC_PKT_TYPE_VERSION_NEG: + return 0; + default: + return 1; + } +} + +/* Determine if a packet type contains a PN field. */ +static ossl_inline ossl_unused int +ossl_quic_pkt_type_has_pn(uint32_t pkt_type) +{ + /* + * Currently a packet has a PN iff it is encrypted. This could change + * someday. + */ + return ossl_quic_pkt_type_is_encrypted(pkt_type); +} + +/* + * Determine if a packet type can appear with other packets in a datagram. Some + * packet types must be the sole packet in a datagram. + */ +static ossl_inline ossl_unused int +ossl_quic_pkt_type_can_share_dgram(uint32_t pkt_type) +{ + /* + * Currently only the encrypted packet types can share a datagram. This + * could change someday. + */ + return ossl_quic_pkt_type_is_encrypted(pkt_type); +} + +/* + * Determine if the packet type must come at the end of the datagram (due to the + * lack of a length field). + */ +static ossl_inline ossl_unused int +ossl_quic_pkt_type_must_be_last(uint32_t pkt_type) +{ + /* + * Any packet type which cannot share a datagram obviously must come last. + * 1-RTT also must come last as it lacks a length field. + */ + return !ossl_quic_pkt_type_can_share_dgram(pkt_type) + || pkt_type == QUIC_PKT_TYPE_1RTT; +} + +/* + * Determine if the packet type has a version field. + */ +static ossl_inline ossl_unused int +ossl_quic_pkt_type_has_version(uint32_t pkt_type) +{ + return pkt_type != QUIC_PKT_TYPE_1RTT && pkt_type != QUIC_PKT_TYPE_VERSION_NEG; +} + +/* + * Determine if the packet type has a SCID field. + */ +static ossl_inline ossl_unused int +ossl_quic_pkt_type_has_scid(uint32_t pkt_type) +{ + return pkt_type != QUIC_PKT_TYPE_1RTT; +} + +/* + * Smallest possible QUIC packet size as per RFC (aside from version negotiation + * packets). + */ +# define QUIC_MIN_VALID_PKT_LEN_CRYPTO 21 +# define QUIC_MIN_VALID_PKT_LEN_VERSION_NEG 7 +# define QUIC_MIN_VALID_PKT_LEN QUIC_MIN_VALID_PKT_LEN_VERSION_NEG + +typedef struct quic_pkt_hdr_ptrs_st QUIC_PKT_HDR_PTRS; + +/* + * QUIC Packet Header Protection + * ============================= + * + * Functions to apply and remove QUIC packet header protection. A header + * protector is initialised using ossl_quic_hdr_protector_init and must be + * destroyed using ossl_quic_hdr_protector_cleanup when no longer needed. + */ +typedef struct quic_hdr_protector_st { + OSSL_LIB_CTX *libctx; + const char *propq; + EVP_CIPHER_CTX *cipher_ctx; + EVP_CIPHER *cipher; + uint32_t cipher_id; +} QUIC_HDR_PROTECTOR; + +# define QUIC_HDR_PROT_CIPHER_AES_128 1 +# define QUIC_HDR_PROT_CIPHER_AES_256 2 +# define QUIC_HDR_PROT_CIPHER_CHACHA 3 + +/* + * Initialises a header protector. + * + * cipher_id: + * The header protection cipher method to use. One of + * QUIC_HDR_PROT_CIPHER_*. Must be chosen based on negotiated TLS cipher + * suite. + * + * quic_hp_key: + * This must be the "quic hp" key derived from a traffic secret. + * + * The length of the quic_hp_key must correspond to that expected for the + * given cipher ID. + * + * The header protector performs amortisable initialisation in this function, + * therefore a header protector should be used for as long as possible. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_hdr_protector_init(QUIC_HDR_PROTECTOR *hpr, + OSSL_LIB_CTX *libctx, + const char *propq, + uint32_t cipher_id, + const unsigned char *quic_hp_key, + size_t quic_hp_key_len); + +/* + * Destroys a header protector. This is also safe to call on a zero-initialized + * OSSL_QUIC_HDR_PROTECTOR structure which has not been initialized, or which + * has already been destroyed. + */ +void ossl_quic_hdr_protector_cleanup(QUIC_HDR_PROTECTOR *hpr); + +/* + * Removes header protection from a packet. The packet payload must currently be + * encrypted (i.e., you must remove header protection before decrypting packets + * received). The function examines the header buffer to determine which bytes + * of the header need to be decrypted. + * + * If this function fails, no data is modified. + * + * This is implemented as a call to ossl_quic_hdr_protector_decrypt_fields(). + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_hdr_protector_decrypt(QUIC_HDR_PROTECTOR *hpr, + QUIC_PKT_HDR_PTRS *ptrs); + +/* + * Applies header protection to a packet. The packet payload must already have + * been encrypted (i.e., you must apply header protection after encrypting + * a packet). The function examines the header buffer to determine which bytes + * of the header need to be encrypted. + * + * This is implemented as a call to ossl_quic_hdr_protector_encrypt_fields(). + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_hdr_protector_encrypt(QUIC_HDR_PROTECTOR *hpr, + QUIC_PKT_HDR_PTRS *ptrs); + +/* + * Removes header protection from a packet. The packet payload must currently + * be encrypted. This is a low-level function which assumes you have already + * determined which parts of the packet header need to be decrypted. + * + * sample: + * The range of bytes in the packet to be used to generate the header + * protection mask. It is permissible to set sample_len to the size of the + * remainder of the packet; this function will only use as many bytes as + * needed. If not enough sample bytes are provided, this function fails. + * + * first_byte: + * The first byte of the QUIC packet header to be decrypted. + * + * pn: + * Pointer to the start of the PN field. The caller is responsible + * for ensuring at least four bytes follow this pointer. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_hdr_protector_decrypt_fields(QUIC_HDR_PROTECTOR *hpr, + const unsigned char *sample, + size_t sample_len, + unsigned char *first_byte, + unsigned char *pn_bytes); + +/* + * Works analogously to ossl_hdr_protector_decrypt_fields, but applies header + * protection instead of removing it. + */ +int ossl_quic_hdr_protector_encrypt_fields(QUIC_HDR_PROTECTOR *hpr, + const unsigned char *sample, + size_t sample_len, + unsigned char *first_byte, + unsigned char *pn_bytes); + +/* + * QUIC Packet Header + * ================== + * + * This structure provides a logical representation of a QUIC packet header. + * + * QUIC packet formats fall into the following categories: + * + * Long Packets, which is subdivided into five possible packet types: + * Version Negotiation (a special case); + * Initial; + * 0-RTT; + * Handshake; and + * Retry + * + * Short Packets, which comprises only a single packet type (1-RTT). + * + * The packet formats vary and common fields are found in some packets but + * not others. The below table indicates which fields are present in which + * kinds of packet. * indicates header protection is applied. + * + * SLLLLL Legend: 1=1-RTT, i=Initial, 0=0-RTT, h=Handshake + * 1i0hrv r=Retry, v=Version Negotiation + * ------ + * 1i0hrv Header Form (0=Short, 1=Long) + * 1i0hr Fixed Bit (always 1) + * 1 Spin Bit + * 1 * Reserved Bits + * 1 * Key Phase + * 1i0h * Packet Number Length + * i0hr? Long Packet Type + * i0h Type-Specific Bits + * i0hr Version (note: always 0 for Version Negotiation packets) + * 1i0hrv Destination Connection ID + * i0hrv Source Connection ID + * 1i0h * Packet Number + * i Token + * i0h Length + * r Retry Token + * r Retry Integrity Tag + * + * For each field below, the conditions under which the field is valid are + * specified. If a field is not currently valid, it is initialized to a zero or + * NULL value. + */ +typedef struct quic_pkt_hdr_st { + /* [ALL] A QUIC_PKT_TYPE_* value. Always valid. */ + unsigned int type :8; + + /* [S] Value of the spin bit. Valid if (type == 1RTT). */ + unsigned int spin_bit :1; + + /* + * [S] Value of the Key Phase bit in the short packet. + * Valid if (type == 1RTT && !partial). + */ + unsigned int key_phase :1; + + /* + * [1i0h] Length of packet number in bytes. This is the decoded value. + * Valid if ((type == 1RTT || (version && type != RETRY)) && !partial). + */ + unsigned int pn_len :4; + + /* + * [ALL] Set to 1 if this is a partial decode because the packet header + * has not yet been deprotected. pn_len, pn and key_phase are not valid if + * this is set. + */ + unsigned int partial :1; + + /* + * [ALL] Whether the fixed bit was set. Note that only Version Negotiation + * packets are allowed to have this unset, so this will always be 1 for all + * other packet types (decode will fail if it is not set). Ignored when + * encoding unless encoding a Version Negotiation packet. + */ + unsigned int fixed :1; + + /* + * The unused bits in the low 4 bits of a Retry packet header's first byte. + * This is used to ensure that Retry packets have the same bit-for-bit + * representation in their header when decoding and encoding them again. + * This is necessary to validate Retry packet headers. + */ + unsigned int unused :4; + + /* + * The 'Reserved' bits in an Initial, Handshake, 0-RTT or 1-RTT packet + * header's first byte. These are provided so that the caller can validate + * that they are zero, as this must be done after packet protection is + * successfully removed to avoid creating a timing channel. + */ + unsigned int reserved :2; + + /* [L] Version field. Valid if (type != 1RTT). */ + uint32_t version; + + /* [ALL] The destination connection ID. Always valid. */ + QUIC_CONN_ID dst_conn_id; + + /* + * [L] The source connection ID. + * Valid if (type != 1RTT). + */ + QUIC_CONN_ID src_conn_id; + + /* + * [1i0h] Relatively-encoded packet number in raw, encoded form. The correct + * decoding of this value is context-dependent. The number of bytes valid in + * this buffer is determined by pn_len above. If the decode was partial, + * this field is not valid. + * + * Valid if ((type == 1RTT || (version && type != RETRY)) && !partial). + */ + unsigned char pn[4]; + + /* + * [i] Token field in Initial packet. Points to memory inside the decoded + * PACKET, and therefore is valid for as long as the PACKET's buffer is + * valid. token_len is the length of the token in bytes. + * + * Valid if (type == INITIAL). + */ + const unsigned char *token; + size_t token_len; + + /* + * [ALL] Payload length in bytes. + * + * Though 1-RTT, Retry and Version Negotiation packets do not contain an + * explicit length field, this field is always valid and is used by the + * packet header encoding and decoding routines to describe the payload + * length, regardless of whether the packet type encoded or decoded uses an + * explicit length indication. + */ + size_t len; + + /* + * Pointer to start of payload data in the packet. Points to memory inside + * the decoded PACKET, and therefore is valid for as long as the PACKET'S + * buffer is valid. The length of the buffer in bytes is in len above. + * + * For Version Negotiation packets, points to the array of supported + * versions. + * + * For Retry packets, points to the Retry packet payload, which comprises + * the Retry Token followed by a 16-byte Retry Integrity Tag. + * + * Regardless of whether a packet is a Version Negotiation packet (where the + * payload contains a list of supported versions), a Retry packet (where the + * payload contains a Retry Token and Retry Integrity Tag), or any other + * packet type (where the payload contains frames), the payload is not + * validated and the user must parse the payload bearing this in mind. + * + * If the decode was partial (partial is set), this points to the start of + * the packet number field, rather than the protected payload, as the length + * of the packet number field is unknown. The len field reflects this in + * this case (i.e., the len field is the number of payload bytes plus the + * number of bytes comprising the PN). + */ + const unsigned char *data; +} QUIC_PKT_HDR; + +/* + * Extra information which can be output by the packet header decode functions + * for the assistance of the header protector. This avoids the header protector + * needing to partially re-decode the packet header. + */ +struct quic_pkt_hdr_ptrs_st { + unsigned char *raw_start; /* start of packet */ + unsigned char *raw_sample; /* start of sampling range */ + size_t raw_sample_len; /* maximum length of sampling range */ + + /* + * Start of PN field. Guaranteed to be NULL unless at least four bytes are + * available via this pointer. + */ + unsigned char *raw_pn; +}; + +/* + * If partial is 1, reads the unprotected parts of a protected packet header + * from a PACKET, performing a partial decode. + * + * If partial is 0, the input is assumed to have already had header protection + * removed, and all header fields are decoded. + * + * If nodata is 1, the input is assumed to have no payload data in it. Otherwise + * payload data must be present. + * + * On success, the logical decode of the packet header is written to *hdr. + * hdr->partial is set or cleared according to whether a partial decode was + * performed. *ptrs is filled with pointers to various parts of the packet + * buffer. + * + * In order to decode short packets, the connection ID length being used must be + * known contextually, and should be passed as short_conn_id_len. If + * short_conn_id_len is set to an invalid value (a value greater than + * QUIC_MAX_CONN_ID_LEN), this function fails when trying to decode a short + * packet, but succeeds for long packets. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_wire_decode_pkt_hdr(PACKET *pkt, + size_t short_conn_id_len, + int partial, + int nodata, + QUIC_PKT_HDR *hdr, + QUIC_PKT_HDR_PTRS *ptrs); + +/* + * Encodes a packet header. The packet is written to pkt. + * + * The length of the (encrypted) packet payload should be written to hdr->len + * and will be placed in the serialized packet header. The payload data itself + * is not copied; the caller should write hdr->len bytes of encrypted payload to + * the WPACKET immediately after the call to this function. However, + * WPACKET_reserve_bytes is called for the payload size. + * + * This function does not apply header protection. You must apply header + * protection yourself after calling this function. *ptrs is filled with + * pointers which can be passed to a header protector, but this must be + * performed after the encrypted payload is written. + * + * The pointers in *ptrs are direct pointers into the WPACKET buffer. If more + * data is written to the WPACKET buffer, WPACKET buffer reallocations may + * occur, causing these pointers to become invalid. Therefore, you must not call + * any write WPACKET function between this call and the call to + * ossl_quic_hdr_protector_encrypt. This function calls WPACKET_reserve_bytes + * for the payload length, so you may assume hdr->len bytes are already free to + * write at the WPACKET cursor location once this function returns successfully. + * It is recommended that you call this function, write the encrypted payload, + * call ossl_quic_hdr_protector_encrypt, and then call + * WPACKET_allocate_bytes(hdr->len). + * + * Version Negotiation and Retry packets do not use header protection; for these + * header types, the fields in *ptrs are all written as zero. Version + * Negotiation, Retry and 1-RTT packets do not contain a Length field, but + * hdr->len bytes of data are still reserved in the WPACKET. + * + * If serializing a short packet and short_conn_id_len does not match the DCID + * specified in hdr, the function fails. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_wire_encode_pkt_hdr(WPACKET *pkt, + size_t short_conn_id_len, + const QUIC_PKT_HDR *hdr, + QUIC_PKT_HDR_PTRS *ptrs); + +/* + * Retrieves only the DCID from a packet header. This is intended for demuxer + * use. It avoids the need to parse the rest of the packet header twice. + * + * Information on packet length is not decoded, as this only needs to be used on + * the first packet in a datagram, therefore this takes a buffer and not a + * PACKET. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_wire_get_pkt_hdr_dst_conn_id(const unsigned char *buf, + size_t buf_len, + size_t short_conn_id_len, + QUIC_CONN_ID *dst_conn_id); + +/* + * Precisely predicts the encoded length of a packet header structure. + * + * May return 0 if the packet header is not valid, but the fact that this + * function returns non-zero does not guarantee that + * ossl_quic_wire_encode_pkt_hdr() will succeed. + */ +int ossl_quic_wire_get_encoded_pkt_hdr_len(size_t short_conn_id_len, + const QUIC_PKT_HDR *hdr); + +/* + * Packet Number Encoding + * ====================== + */ + +/* + * Decode an encoded packet header QUIC PN. + * + * enc_pn is the raw encoded PN to decode. enc_pn_len is its length in bytes as + * indicated by packet headers. largest_pn is the largest PN successfully + * processed in the relevant PN space. + * + * The resulting PN is written to *res_pn. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_wire_decode_pkt_hdr_pn(const unsigned char *enc_pn, + size_t enc_pn_len, + QUIC_PN largest_pn, + QUIC_PN *res_pn); + +/* + * Determine how many bytes should be used to encode a PN. Returns the number of + * bytes (which will be in range [1, 4]). + */ +int ossl_quic_wire_determine_pn_len(QUIC_PN pn, QUIC_PN largest_acked); + +/* + * Encode a PN for a packet header using the specified number of bytes, which + * should have been determined by calling ossl_quic_wire_determine_pn_len. The + * PN encoding process is done in two parts to allow the caller to override PN + * encoding length if it wishes. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_wire_encode_pkt_hdr_pn(QUIC_PN pn, + unsigned char *enc_pn, + size_t enc_pn_len); + +/* + * Retry Integrity Tags + * ==================== + */ + +# define QUIC_RETRY_INTEGRITY_TAG_LEN 16 + +/* + * Validate a retry integrity tag. Returns 1 if the tag is valid. + * + * Must be called on a hdr with a type of QUIC_PKT_TYPE_RETRY with a valid data + * pointer. + * + * client_initial_dcid must be the original DCID used by the client in its first + * Initial packet, as this is used to calculate the Retry Integrity Tag. + * + * Returns 0 if the tag is invalid, if called on any other type of packet or if + * the body is too short. + */ +int ossl_quic_validate_retry_integrity_tag(OSSL_LIB_CTX *libctx, + const char *propq, + const QUIC_PKT_HDR *hdr, + const QUIC_CONN_ID *client_initial_dcid); + +/* + * Calculates a retry integrity tag. Returns 0 on error, for example if hdr does + * not have a type of QUIC_PKT_TYPE_RETRY. + * + * client_initial_dcid must be the original DCID used by the client in its first + * Initial packet, as this is used to calculate the Retry Integrity Tag. + * + * tag must point to a buffer of QUIC_RETRY_INTEGRITY_TAG_LEN bytes in size. + * + * Note that hdr->data must point to the Retry packet body, and hdr->len must + * include the space for the Retry Integrity Tag. (This means that you can + * easily fill in a tag in a Retry packet you are generating by calling this + * function and passing (hdr->data + hdr->len - QUIC_RETRY_INTEGRITY_TAG_LEN) as + * the tag argument.) This function fails if hdr->len is too short to contain a + * Retry Integrity Tag. + */ +int ossl_quic_calculate_retry_integrity_tag(OSSL_LIB_CTX *libctx, + const char *propq, + const QUIC_PKT_HDR *hdr, + const QUIC_CONN_ID *client_initial_dcid, + unsigned char *tag); + +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/recordmethod.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/recordmethod.h new file mode 100644 index 00000000..53bd4ca6 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/recordmethod.h @@ -0,0 +1,339 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_RECORDMETHOD_H +# define OSSL_INTERNAL_RECORDMETHOD_H +# pragma once + +# include + +/* + * We use the term "record" here to refer to a packet of data. Records are + * typically protected via a cipher and MAC, or an AEAD cipher (although not + * always). This usage of the term record is consistent with the TLS concept. + * In QUIC the term "record" is not used but it is analogous to the QUIC term + * "packet". The interface in this file applies to all protocols that protect + * records/packets of data, i.e. (D)TLS and QUIC. The term record is used to + * refer to both contexts. + */ + +/* + * An OSSL_RECORD_METHOD is a protocol specific method which provides the + * functions for reading and writing records for that protocol. Which + * OSSL_RECORD_METHOD to use for a given protocol is defined by the SSL_METHOD. + */ +typedef struct ossl_record_method_st OSSL_RECORD_METHOD; + +/* + * An OSSL_RECORD_LAYER is just an externally defined opaque pointer created by + * the method + */ +typedef struct ossl_record_layer_st OSSL_RECORD_LAYER; + + +# define OSSL_RECORD_ROLE_CLIENT 0 +# define OSSL_RECORD_ROLE_SERVER 1 + +# define OSSL_RECORD_DIRECTION_READ 0 +# define OSSL_RECORD_DIRECTION_WRITE 1 + +/* + * Protection level. For <= TLSv1.2 only "NONE" and "APPLICATION" are used. + */ +# define OSSL_RECORD_PROTECTION_LEVEL_NONE 0 +# define OSSL_RECORD_PROTECTION_LEVEL_EARLY 1 +# define OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE 2 +# define OSSL_RECORD_PROTECTION_LEVEL_APPLICATION 3 + +# define OSSL_RECORD_RETURN_SUCCESS 1 +# define OSSL_RECORD_RETURN_RETRY 0 +# define OSSL_RECORD_RETURN_NON_FATAL_ERR -1 +# define OSSL_RECORD_RETURN_FATAL -2 +# define OSSL_RECORD_RETURN_EOF -3 + +/* + * Template for creating a record. A record consists of the |type| of data it + * will contain (e.g. alert, handshake, application data, etc) along with a + * buffer of payload data in |buf| of length |buflen|. + */ +struct ossl_record_template_st { + unsigned char type; + unsigned int version; + const unsigned char *buf; + size_t buflen; +}; + +typedef struct ossl_record_template_st OSSL_RECORD_TEMPLATE; + +/* + * Rather than a "method" approach, we could make this fetchable - Should we? + * There could be some complexity in finding suitable record layer implementations + * e.g. we need to find one that matches the negotiated protocol, cipher, + * extensions, etc. The selection_cb approach given above doesn't work so well + * if unknown third party providers with OSSL_RECORD_METHOD implementations are + * loaded. + */ + +/* + * If this becomes public API then we will need functions to create and + * free an OSSL_RECORD_METHOD, as well as functions to get/set the various + * function pointers....unless we make it fetchable. + */ +struct ossl_record_method_st { + /* + * Create a new OSSL_RECORD_LAYER object for handling the protocol version + * set by |vers|. |role| is 0 for client and 1 for server. |direction| + * indicates either read or write. |level| is the protection level as + * described above. |settings| are mandatory settings that will cause the + * new() call to fail if they are not understood (for example to require + * Encrypt-Then-Mac support). |options| are optional settings that will not + * cause the new() call to fail if they are not understood (for example + * whether to use "read ahead" or not). + * + * The BIO in |transport| is the BIO for the underlying transport layer. + * Where the direction is "read", then this BIO will only ever be used for + * reading data. Where the direction is "write", then this BIO will only + * every be used for writing data. + * + * An SSL object will always have at least 2 OSSL_RECORD_LAYER objects in + * force at any one time (one for reading and one for writing). In some + * protocols more than 2 might be used (e.g. in DTLS for retransmitting + * messages from an earlier epoch). + * + * The created OSSL_RECORD_LAYER object is stored in *ret on success (or + * NULL otherwise). The return value will be one of + * OSSL_RECORD_RETURN_SUCCESS, OSSL_RECORD_RETURN_FATAL or + * OSSL_RECORD_RETURN_NON_FATAL. A non-fatal return means that creation of + * the record layer has failed because it is unsuitable, but an alternative + * record layer can be tried instead. + */ + + /* + * If we eventually make this fetchable then we will need to use something + * other than EVP_CIPHER. Also mactype would not be a NID, but a string. For + * now though, this works. + */ + int (*new_record_layer)(OSSL_LIB_CTX *libctx, + const char *propq, int vers, + int role, int direction, + int level, + uint16_t epoch, + unsigned char *secret, + size_t secretlen, + unsigned char *key, + size_t keylen, + unsigned char *iv, + size_t ivlen, + unsigned char *mackey, + size_t mackeylen, + const EVP_CIPHER *ciph, + size_t taglen, + int mactype, + const EVP_MD *md, + COMP_METHOD *comp, + const EVP_MD *kdfdigest, + BIO *prev, + BIO *transport, + BIO *next, + BIO_ADDR *local, + BIO_ADDR *peer, + const OSSL_PARAM *settings, + const OSSL_PARAM *options, + const OSSL_DISPATCH *fns, + void *cbarg, + void *rlarg, + OSSL_RECORD_LAYER **ret); + int (*free)(OSSL_RECORD_LAYER *rl); + + /* Returns 1 if we have unprocessed data buffered or 0 otherwise */ + int (*unprocessed_read_pending)(OSSL_RECORD_LAYER *rl); + + /* + * Returns 1 if we have processed data buffered that can be read or 0 otherwise + * - not necessarily app data + */ + int (*processed_read_pending)(OSSL_RECORD_LAYER *rl); + + /* + * The amount of processed app data that is internally buffered and + * available to read + */ + size_t (*app_data_pending)(OSSL_RECORD_LAYER *rl); + + /* + * Find out the maximum number of records that the record layer is prepared + * to process in a single call to write_records. It is the caller's + * responsibility to ensure that no call to write_records exceeds this + * number of records. |type| is the type of the records that the caller + * wants to write, and |len| is the total amount of data that it wants + * to send. |maxfrag| is the maximum allowed fragment size based on user + * configuration, or TLS parameter negotiation. |*preffrag| contains on + * entry the default fragment size that will actually be used based on user + * configuration. This will always be less than or equal to |maxfrag|. On + * exit the record layer may update this to an alternative fragment size to + * be used. This must always be less than or equal to |maxfrag|. + */ + size_t (*get_max_records)(OSSL_RECORD_LAYER *rl, uint8_t type, size_t len, + size_t maxfrag, size_t *preffrag); + + /* + * Write |numtempl| records from the array of record templates pointed to + * by |templates|. Each record should be no longer than the value returned + * by get_max_record_len(), and there should be no more records than the + * value returned by get_max_records(). + * Where possible the caller will attempt to ensure that all records are the + * same length, except the last record. This may not always be possible so + * the record method implementation should not rely on this being the case. + * In the event of a retry the caller should call retry_write_records() + * to try again. No more calls to write_records() should be attempted until + * retry_write_records() returns success. + * Buffers allocated for the record templates can be freed immediately after + * write_records() returns - even in the case a retry. + * The record templates represent the plaintext payload. The encrypted + * output is written to the |transport| BIO. + * Returns: + * 1 on success + * 0 on retry + * -1 on failure + */ + int (*write_records)(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates, + size_t numtempl); + + /* + * Retry a previous call to write_records. The caller should continue to + * call this until the function returns with success or failure. After + * each retry more of the data may have been incrementally sent. + * Returns: + * 1 on success + * 0 on retry + * -1 on failure + */ + int (*retry_write_records)(OSSL_RECORD_LAYER *rl); + + /* + * Read a record and return the record layer version and record type in + * the |rversion| and |type| parameters. |*data| is set to point to a + * record layer buffer containing the record payload data and |*datalen| + * is filled in with the length of that data. The |epoch| and |seq_num| + * values are only used if DTLS has been negotiated. In that case they are + * filled in with the epoch and sequence number from the record. + * An opaque record layer handle for the record is returned in |*rechandle| + * which is used in a subsequent call to |release_record|. The buffer must + * remain available until all the bytes from record are released via one or + * more release_record calls. + * + * Internally the OSSL_RECORD_METHOD implementation may read/process + * multiple records in one go and buffer them. + */ + int (*read_record)(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion, + uint8_t *type, const unsigned char **data, size_t *datalen, + uint16_t *epoch, unsigned char *seq_num); + /* + * Release length bytes from a buffer associated with a record previously + * read with read_record. Once all the bytes from a record are released, the + * whole record and its associated buffer is released. Records are + * guaranteed to be released in the order that they are read. + */ + int (*release_record)(OSSL_RECORD_LAYER *rl, void *rechandle, size_t length); + + /* + * In the event that a fatal error is returned from the functions above then + * get_alert_code() can be called to obtain a more details identifier for + * the error. In (D)TLS this is the alert description code. + */ + int (*get_alert_code)(OSSL_RECORD_LAYER *rl); + + /* + * Update the transport BIO from the one originally set in the + * new_record_layer call + */ + int (*set1_bio)(OSSL_RECORD_LAYER *rl, BIO *bio); + + /* Called when protocol negotiation selects a protocol version to use */ + int (*set_protocol_version)(OSSL_RECORD_LAYER *rl, int version); + + /* + * Whether we are allowed to receive unencrypted alerts, even if we might + * otherwise expect encrypted records. Ignored by protocol versions where + * this isn't relevant + */ + void (*set_plain_alerts)(OSSL_RECORD_LAYER *rl, int allow); + + /* + * Called immediately after creation of the record layer if we are in a + * first handshake. Also called at the end of the first handshake + */ + void (*set_first_handshake)(OSSL_RECORD_LAYER *rl, int first); + + /* + * Set the maximum number of pipelines that the record layer should process. + * The default is 1. + */ + void (*set_max_pipelines)(OSSL_RECORD_LAYER *rl, size_t max_pipelines); + + /* + * Called to tell the record layer whether we are currently "in init" or + * not. Default at creation of the record layer is "yes". + */ + void (*set_in_init)(OSSL_RECORD_LAYER *rl, int in_init); + + /* + * Get a short or long human readable description of the record layer state + */ + void (*get_state)(OSSL_RECORD_LAYER *rl, const char **shortstr, + const char **longstr); + + /* + * Set new options or modify ones that were originally specified in the + * new_record_layer call. + */ + int (*set_options)(OSSL_RECORD_LAYER *rl, const OSSL_PARAM *options); + + const COMP_METHOD *(*get_compression)(OSSL_RECORD_LAYER *rl); + + /* + * Set the maximum fragment length to be used for the record layer. This + * will override any previous value supplied for the "max_frag_len" + * setting during construction of the record layer. + */ + void (*set_max_frag_len)(OSSL_RECORD_LAYER *rl, size_t max_frag_len); + + /* + * The maximum expansion in bytes that the record layer might add while + * writing a record + */ + size_t (*get_max_record_overhead)(OSSL_RECORD_LAYER *rl); + + /* + * Increment the record sequence number + */ + int (*increment_sequence_ctr)(OSSL_RECORD_LAYER *rl); + + /* + * Allocate read or write buffers. Does nothing if already allocated. + * Assumes default buffer length and 1 pipeline. + */ + int (*alloc_buffers)(OSSL_RECORD_LAYER *rl); + + /* + * Free read or write buffers. Fails if there is pending read or write + * data. Buffers are automatically reallocated on next read/write. + */ + int (*free_buffers)(OSSL_RECORD_LAYER *rl); +}; + + +/* Standard built-in record methods */ +extern const OSSL_RECORD_METHOD ossl_tls_record_method; +# ifndef OPENSSL_NO_KTLS +extern const OSSL_RECORD_METHOD ossl_ktls_record_method; +# endif +extern const OSSL_RECORD_METHOD ossl_dtls_record_method; + +#endif /* !defined(OSSL_INTERNAL_RECORDMETHOD_H) */ diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/refcount.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/refcount.h index 3392d3b4..4c9ab266 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/refcount.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/refcount.h @@ -12,6 +12,7 @@ # include # include +# include # if defined(OPENSSL_THREADS) && !defined(OPENSSL_DEV_NO_ATOMICS) # if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \ @@ -25,12 +26,13 @@ # define HAVE_ATOMICS 1 -typedef _Atomic int CRYPTO_REF_COUNT; +typedef struct { + _Atomic int val; +} CRYPTO_REF_COUNT; -static inline int CRYPTO_UP_REF(_Atomic int *val, int *ret, - ossl_unused void *lock) +static inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = atomic_fetch_add_explicit(val, 1, memory_order_relaxed) + 1; + *ret = atomic_fetch_add_explicit(&refcnt->val, 1, memory_order_relaxed) + 1; return 1; } @@ -44,50 +46,70 @@ static inline int CRYPTO_UP_REF(_Atomic int *val, int *ret, * to mutable members doesn't have to be serialized anymore, which would * otherwise imply an acquire fence. Hence conditional acquire fence... */ -static inline int CRYPTO_DOWN_REF(_Atomic int *val, int *ret, - ossl_unused void *lock) +static inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = atomic_fetch_sub_explicit(val, 1, memory_order_relaxed) - 1; + *ret = atomic_fetch_sub_explicit(&refcnt->val, 1, memory_order_relaxed) - 1; if (*ret == 0) atomic_thread_fence(memory_order_acquire); return 1; } +static inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = atomic_load_explicit(&refcnt->val, memory_order_relaxed); + return 1; +} + # elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) && __GCC_ATOMIC_INT_LOCK_FREE > 0 # define HAVE_ATOMICS 1 -typedef int CRYPTO_REF_COUNT; +typedef struct { + int val; +} CRYPTO_REF_COUNT; -static __inline__ int CRYPTO_UP_REF(int *val, int *ret, ossl_unused void *lock) +static __inline__ int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = __atomic_fetch_add(val, 1, __ATOMIC_RELAXED) + 1; + *ret = __atomic_fetch_add(&refcnt->val, 1, __ATOMIC_RELAXED) + 1; return 1; } -static __inline__ int CRYPTO_DOWN_REF(int *val, int *ret, - ossl_unused void *lock) +static __inline__ int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = __atomic_fetch_sub(val, 1, __ATOMIC_RELAXED) - 1; + *ret = __atomic_fetch_sub(&refcnt->val, 1, __ATOMIC_RELAXED) - 1; if (*ret == 0) __atomic_thread_fence(__ATOMIC_ACQUIRE); return 1; } -# elif defined(__ICL) && defined(_WIN32) -# define HAVE_ATOMICS 1 -typedef volatile int CRYPTO_REF_COUNT; -static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, - ossl_unused void *lock) +static __inline__ int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = _InterlockedExchangeAdd((void *)val, 1) + 1; + *ret = __atomic_load_n(&refcnt->val, __ATOMIC_RELAXED); return 1; } -static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, - ossl_unused void *lock) +# elif defined(__ICL) && defined(_WIN32) +# define HAVE_ATOMICS 1 + +typedef struct { + volatile int val; +} CRYPTO_REF_COUNT; + +static __inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = _InterlockedExchangeAdd((void *)val, -1) - 1; + *ret = _InterlockedExchangeAdd((void *)&refcnt->val, 1) + 1; + return 1; +} + +static __inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *val, int *refcnt) +{ + *ret = _InterlockedExchangeAdd((void *)&refcnt->val, -1) - 1; + return 1; +} + +static __inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = _InterlockedOr((void *)&refcnt->val, 0); return 1; } @@ -95,7 +117,9 @@ static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, # define HAVE_ATOMICS 1 -typedef volatile int CRYPTO_REF_COUNT; +typedef struct { + volatile int val; +} CRYPTO_REF_COUNT; # if (defined(_M_ARM) && _M_ARM>=7 && !defined(_WIN32_WCE)) || defined(_M_ARM64) # include @@ -103,21 +127,26 @@ typedef volatile int CRYPTO_REF_COUNT; # define _ARM_BARRIER_ISH _ARM64_BARRIER_ISH # endif -static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, - ossl_unused void *lock) +static __inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = _InterlockedExchangeAdd_nf(val, 1) + 1; + *ret = _InterlockedExchangeAdd_nf(&refcnt->val, 1) + 1; return 1; } -static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, - ossl_unused void *lock) +static __inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = _InterlockedExchangeAdd_nf(val, -1) - 1; + *ret = _InterlockedExchangeAdd_nf(&refcnt->val, -1) - 1; if (*ret == 0) __dmb(_ARM_BARRIER_ISH); return 1; } + +static __inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = _InterlockedOr_nf((void *)&refcnt->val, 0); + return 1; +} + # else # if !defined(_WIN32_WCE) # pragma intrinsic(_InterlockedExchangeAdd) @@ -131,19 +160,24 @@ static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, # endif # endif -static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, - ossl_unused void *lock) +static __inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = _InterlockedExchangeAdd(val, 1) + 1; + *ret = _InterlockedExchangeAdd(&refcnt->val, 1) + 1; return 1; } -static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, - ossl_unused void *lock) +static __inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = _InterlockedExchangeAdd(val, -1) - 1; + *ret = _InterlockedExchangeAdd(&refcnt->val, -1) - 1; return 1; } + +static __inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = _InterlockedExchangeAdd(&refcnt->val, 0); + return 1; +} + # endif # endif @@ -156,13 +190,92 @@ static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, */ # ifndef HAVE_ATOMICS -typedef int CRYPTO_REF_COUNT; +typedef struct { + int val; +# ifdef OPENSSL_THREADS + CRYPTO_RWLOCK *lock; +# endif +} CRYPTO_REF_COUNT; -# define CRYPTO_UP_REF(val, ret, lock) CRYPTO_atomic_add(val, 1, ret, lock) -# define CRYPTO_DOWN_REF(val, ret, lock) CRYPTO_atomic_add(val, -1, ret, lock) +# ifdef OPENSSL_THREADS +static ossl_unused ossl_inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, + int *ret) +{ + return CRYPTO_atomic_add(&refcnt->val, 1, ret, refcnt->lock); +} + +static ossl_unused ossl_inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, + int *ret) +{ + return CRYPTO_atomic_add(&refcnt->val, -1, ret, refcnt->lock); +} + +static ossl_unused ossl_inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, + int *ret) +{ + return CRYPTO_atomic_load_int(&refcnt->val, ret, refcnt->lock); +} + +# define CRYPTO_NEW_FREE_DEFINED 1 +static ossl_unused ossl_inline int CRYPTO_NEW_REF(CRYPTO_REF_COUNT *refcnt, int n) +{ + refcnt->val = n; + refcnt->lock = CRYPTO_THREAD_lock_new(); + if (refcnt->lock == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_CRYPTO_LIB); + return 0; + } + return 1; +} + +static ossl_unused ossl_inline void CRYPTO_FREE_REF(CRYPTO_REF_COUNT *refcnt) \ +{ + if (refcnt != NULL) + CRYPTO_THREAD_lock_free(refcnt->lock); +} + +# else /* OPENSSL_THREADS */ + +static ossl_unused ossl_inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, + int *ret) +{ + refcnt->val++; + *ret = refcnt->val; + return 1; +} + +static ossl_unused ossl_inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, + int *ret) +{ + refcnt->val--; + *ret = refcnt->val; + return 1; +} + +static ossl_unused ossl_inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, + int *ret) +{ + *ret = refcnt->val; + return 1; +} + +# endif /* OPENSSL_THREADS */ # endif +# ifndef CRYPTO_NEW_FREE_DEFINED +static ossl_unused ossl_inline int CRYPTO_NEW_REF(CRYPTO_REF_COUNT *refcnt, int n) +{ + refcnt->val = n; + return 1; +} + +static ossl_unused ossl_inline void CRYPTO_FREE_REF(CRYPTO_REF_COUNT *refcnt) \ +{ +} +# endif /* CRYPTO_NEW_FREE_DEFINED */ +#undef CRYPTO_NEW_FREE_DEFINED + # if !defined(NDEBUG) && !defined(OPENSSL_NO_STDIO) # define REF_ASSERT_ISNT(test) \ (void)((test) ? (OPENSSL_die("refcount error", __FILE__, __LINE__), 1) : 0) @@ -173,6 +286,6 @@ typedef int CRYPTO_REF_COUNT; # define REF_PRINT_EX(text, count, object) \ OSSL_TRACE3(REF_COUNT, "%p:%4d:%s\n", (object), (count), (text)); # define REF_PRINT_COUNT(text, object) \ - REF_PRINT_EX(text, object->references, (void *)object) + REF_PRINT_EX(text, object->references.val, (void *)object) #endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/ring_buf.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/ring_buf.h new file mode 100644 index 00000000..436f1ca1 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/ring_buf.h @@ -0,0 +1,277 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_RING_BUF_H +# define OSSL_INTERNAL_RING_BUF_H +# pragma once + +# include /* For 'ossl_inline' */ +# include "internal/safe_math.h" + +/* + * ================================================================== + * Byte-wise ring buffer which supports pushing and popping blocks of multiple + * bytes at a time. The logical offset of each byte for the purposes of a QUIC + * stream is tracked. Bytes can be popped from the ring buffer in two stages; + * first they are popped, and then they are culled. Bytes which have been popped + * but not yet culled will not be overwritten, and can be restored. + */ +struct ring_buf { + void *start; + size_t alloc; /* size of buffer allocation in bytes */ + + /* + * Logical offset of the head (where we append to). This is the current size + * of the QUIC stream. This increases monotonically. + */ + uint64_t head_offset; + + /* + * Logical offset of the cull tail. Data is no longer needed and is + * deallocated as the cull tail advances, which occurs as data is + * acknowledged. This increases monotonically. + */ + uint64_t ctail_offset; +}; + +OSSL_SAFE_MATH_UNSIGNED(u64, uint64_t) + +#define MAX_OFFSET (((uint64_t)1) << 62) /* QUIC-imposed limit */ + +static ossl_inline int ring_buf_init(struct ring_buf *r) +{ + r->start = NULL; + r->alloc = 0; + r->head_offset = r->ctail_offset = 0; + return 1; +} + +static ossl_inline void ring_buf_destroy(struct ring_buf *r, int cleanse) +{ + if (cleanse) + OPENSSL_clear_free(r->start, r->alloc); + else + OPENSSL_free(r->start); + r->start = NULL; + r->alloc = 0; +} + +static ossl_inline size_t ring_buf_used(struct ring_buf *r) +{ + return (size_t)(r->head_offset - r->ctail_offset); +} + +static ossl_inline size_t ring_buf_avail(struct ring_buf *r) +{ + return r->alloc - ring_buf_used(r); +} + +static ossl_inline int ring_buf_write_at(struct ring_buf *r, + uint64_t logical_offset, + const unsigned char *buf, + size_t buf_len) +{ + size_t avail, idx, l; + unsigned char *start = r->start; + int i, err = 0; + + avail = ring_buf_avail(r); + if (logical_offset < r->ctail_offset + || safe_add_u64(logical_offset, buf_len, &err) + > safe_add_u64(r->head_offset, avail, &err) + || safe_add_u64(r->head_offset, buf_len, &err) + > MAX_OFFSET + || err) + return 0; + + for (i = 0; buf_len > 0 && i < 2; ++i) { + idx = logical_offset % r->alloc; + l = r->alloc - idx; + if (buf_len < l) + l = buf_len; + + memcpy(start + idx, buf, l); + if (r->head_offset < logical_offset + l) + r->head_offset = logical_offset + l; + + logical_offset += l; + buf += l; + buf_len -= l; + } + + assert(buf_len == 0); + + return 1; +} + +static ossl_inline size_t ring_buf_push(struct ring_buf *r, + const unsigned char *buf, + size_t buf_len) +{ + size_t pushed = 0, avail, idx, l; + unsigned char *start = r->start; + + for (;;) { + avail = ring_buf_avail(r); + if (buf_len > avail) + buf_len = avail; + + if (buf_len > MAX_OFFSET - r->head_offset) + buf_len = (size_t)(MAX_OFFSET - r->head_offset); + + if (buf_len == 0) + break; + + idx = r->head_offset % r->alloc; + l = r->alloc - idx; + if (buf_len < l) + l = buf_len; + + memcpy(start + idx, buf, l); + r->head_offset += l; + buf += l; + buf_len -= l; + pushed += l; + } + + return pushed; +} + +static ossl_inline const unsigned char *ring_buf_get_ptr(const struct ring_buf *r, + uint64_t logical_offset, + size_t *max_len) +{ + unsigned char *start = r->start; + size_t idx; + + if (logical_offset >= r->head_offset || logical_offset < r->ctail_offset) + return NULL; + idx = logical_offset % r->alloc; + *max_len = r->alloc - idx; + return start + idx; +} + +/* + * Retrieves data out of the read side of the ring buffer starting at the given + * logical offset. *buf is set to point to a contiguous span of bytes and + * *buf_len is set to the number of contiguous bytes. After this function + * returns, there may or may not be more bytes available at the logical offset + * of (logical_offset + *buf_len) by calling this function again. If the logical + * offset is out of the range retained by the ring buffer, returns 0, else + * returns 1. A logical offset at the end of the range retained by the ring + * buffer is not considered an error and is returned with a *buf_len of 0. + * + * The ring buffer state is not changed. + */ +static ossl_inline int ring_buf_get_buf_at(const struct ring_buf *r, + uint64_t logical_offset, + const unsigned char **buf, + size_t *buf_len) +{ + const unsigned char *start = r->start; + size_t idx, l; + + if (logical_offset > r->head_offset || logical_offset < r->ctail_offset) + return 0; + + if (r->alloc == 0) { + *buf = NULL; + *buf_len = 0; + return 1; + } + + idx = logical_offset % r->alloc; + l = (size_t)(r->head_offset - logical_offset); + if (l > r->alloc - idx) + l = r->alloc - idx; + + *buf = start + idx; + *buf_len = l; + return 1; +} + +static ossl_inline void ring_buf_cpop_range(struct ring_buf *r, + uint64_t start, uint64_t end, + int cleanse) +{ + assert(end >= start); + + if (start > r->ctail_offset || end >= MAX_OFFSET) + return; + + if (cleanse && r->alloc > 0 && end > r->ctail_offset) { + size_t idx = r->ctail_offset % r->alloc; + uint64_t cleanse_end = end + 1; + size_t l; + + if (cleanse_end > r->head_offset) + cleanse_end = r->head_offset; + l = (size_t)(cleanse_end - r->ctail_offset); + if (l > r->alloc - idx) { + OPENSSL_cleanse((unsigned char *)r->start + idx, r->alloc - idx); + l -= r->alloc - idx; + idx = 0; + } + if (l > 0) + OPENSSL_cleanse((unsigned char *)r->start + idx, l); + } + + r->ctail_offset = end + 1; + /* Allow culling unpushed data */ + if (r->head_offset < r->ctail_offset) + r->head_offset = r->ctail_offset; +} + +static ossl_inline int ring_buf_resize(struct ring_buf *r, size_t num_bytes, + int cleanse) +{ + struct ring_buf rnew = {0}; + const unsigned char *src = NULL; + size_t src_len = 0, copied = 0; + + if (num_bytes == r->alloc) + return 1; + + if (num_bytes < ring_buf_used(r)) + return 0; + + rnew.start = OPENSSL_malloc(num_bytes); + if (rnew.start == NULL) + return 0; + + rnew.alloc = num_bytes; + rnew.head_offset = r->head_offset - ring_buf_used(r); + rnew.ctail_offset = rnew.head_offset; + + for (;;) { + if (!ring_buf_get_buf_at(r, r->ctail_offset + copied, &src, &src_len)) { + OPENSSL_free(rnew.start); + return 0; + } + + if (src_len == 0) + break; + + if (ring_buf_push(&rnew, src, src_len) != src_len) { + OPENSSL_free(rnew.start); + return 0; + } + + copied += src_len; + } + + assert(rnew.head_offset == r->head_offset); + rnew.ctail_offset = r->ctail_offset; + + ring_buf_destroy(r, cleanse); + memcpy(r, &rnew, sizeof(*r)); + return 1; +} + +#endif /* OSSL_INTERNAL_RING_BUF_H */ diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/safe_math.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/safe_math.h new file mode 100644 index 00000000..be37e6ab --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/safe_math.h @@ -0,0 +1,443 @@ +/* + * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_SAFE_MATH_H +# define OSSL_INTERNAL_SAFE_MATH_H +# pragma once + +# include /* For 'ossl_inline' */ + +# ifndef OPENSSL_NO_BUILTIN_OVERFLOW_CHECKING +# ifdef __has_builtin +# define has(func) __has_builtin(func) +# elif __GNUC__ > 5 +# define has(func) 1 +# endif +# endif /* OPENSSL_NO_BUILTIN_OVERFLOW_CHECKING */ + +# ifndef has +# define has(func) 0 +# endif + +/* + * Safe addition helpers + */ +# if has(__builtin_add_overflow) +# define OSSL_SAFE_MATH_ADDS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_add_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + type r; \ + \ + if (!__builtin_add_overflow(a, b, &r)) \ + return r; \ + *err |= 1; \ + return a < 0 ? min : max; \ + } + +# define OSSL_SAFE_MATH_ADDU(type_name, type, max) \ + static ossl_inline ossl_unused type safe_add_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + type r; \ + \ + if (!__builtin_add_overflow(a, b, &r)) \ + return r; \ + *err |= 1; \ + return a + b; \ + } + +# else /* has(__builtin_add_overflow) */ +# define OSSL_SAFE_MATH_ADDS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_add_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if ((a < 0) ^ (b < 0) \ + || (a > 0 && b <= max - a) \ + || (a < 0 && b >= min - a) \ + || a == 0) \ + return a + b; \ + *err |= 1; \ + return a < 0 ? min : max; \ + } + +# define OSSL_SAFE_MATH_ADDU(type_name, type, max) \ + static ossl_inline ossl_unused type safe_add_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b > max - a) \ + *err |= 1; \ + return a + b; \ + } +# endif /* has(__builtin_add_overflow) */ + +/* + * Safe subtraction helpers + */ +# if has(__builtin_sub_overflow) +# define OSSL_SAFE_MATH_SUBS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_sub_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + type r; \ + \ + if (!__builtin_sub_overflow(a, b, &r)) \ + return r; \ + *err |= 1; \ + return a < 0 ? min : max; \ + } + +# else /* has(__builtin_sub_overflow) */ +# define OSSL_SAFE_MATH_SUBS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_sub_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (!((a < 0) ^ (b < 0)) \ + || (b > 0 && a >= min + b) \ + || (b < 0 && a <= max + b) \ + || b == 0) \ + return a - b; \ + *err |= 1; \ + return a < 0 ? min : max; \ + } + +# endif /* has(__builtin_sub_overflow) */ + +# define OSSL_SAFE_MATH_SUBU(type_name, type) \ + static ossl_inline ossl_unused type safe_sub_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b > a) \ + *err |= 1; \ + return a - b; \ + } + +/* + * Safe multiplication helpers + */ +# if has(__builtin_mul_overflow) +# define OSSL_SAFE_MATH_MULS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_mul_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + type r; \ + \ + if (!__builtin_mul_overflow(a, b, &r)) \ + return r; \ + *err |= 1; \ + return (a < 0) ^ (b < 0) ? min : max; \ + } + +# define OSSL_SAFE_MATH_MULU(type_name, type, max) \ + static ossl_inline ossl_unused type safe_mul_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + type r; \ + \ + if (!__builtin_mul_overflow(a, b, &r)) \ + return r; \ + *err |= 1; \ + return a * b; \ + } + +# else /* has(__builtin_mul_overflow) */ +# define OSSL_SAFE_MATH_MULS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_mul_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (a == 0 || b == 0) \ + return 0; \ + if (a == 1) \ + return b; \ + if (b == 1) \ + return a; \ + if (a != min && b != min) { \ + const type x = a < 0 ? -a : a; \ + const type y = b < 0 ? -b : b; \ + \ + if (x <= max / y) \ + return a * b; \ + } \ + *err |= 1; \ + return (a < 0) ^ (b < 0) ? min : max; \ + } + +# define OSSL_SAFE_MATH_MULU(type_name, type, max) \ + static ossl_inline ossl_unused type safe_mul_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b != 0 && a > max / b) \ + *err |= 1; \ + return a * b; \ + } +# endif /* has(__builtin_mul_overflow) */ + +/* + * Safe division helpers + */ +# define OSSL_SAFE_MATH_DIVS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_div_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b == 0) { \ + *err |= 1; \ + return a < 0 ? min : max; \ + } \ + if (b == -1 && a == min) { \ + *err |= 1; \ + return max; \ + } \ + return a / b; \ + } + +# define OSSL_SAFE_MATH_DIVU(type_name, type, max) \ + static ossl_inline ossl_unused type safe_div_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b != 0) \ + return a / b; \ + *err |= 1; \ + return max; \ + } + +/* + * Safe modulus helpers + */ +# define OSSL_SAFE_MATH_MODS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_mod_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b == 0) { \ + *err |= 1; \ + return 0; \ + } \ + if (b == -1 && a == min) { \ + *err |= 1; \ + return max; \ + } \ + return a % b; \ + } + +# define OSSL_SAFE_MATH_MODU(type_name, type) \ + static ossl_inline ossl_unused type safe_mod_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b != 0) \ + return a % b; \ + *err |= 1; \ + return 0; \ + } + +/* + * Safe negation helpers + */ +# define OSSL_SAFE_MATH_NEGS(type_name, type, min) \ + static ossl_inline ossl_unused type safe_neg_ ## type_name(type a, \ + int *err) \ + { \ + if (a != min) \ + return -a; \ + *err |= 1; \ + return min; \ + } + +# define OSSL_SAFE_MATH_NEGU(type_name, type) \ + static ossl_inline ossl_unused type safe_neg_ ## type_name(type a, \ + int *err) \ + { \ + if (a == 0) \ + return a; \ + *err |= 1; \ + return 1 + ~a; \ + } + +/* + * Safe absolute value helpers + */ +# define OSSL_SAFE_MATH_ABSS(type_name, type, min) \ + static ossl_inline ossl_unused type safe_abs_ ## type_name(type a, \ + int *err) \ + { \ + if (a != min) \ + return a < 0 ? -a : a; \ + *err |= 1; \ + return min; \ + } + +# define OSSL_SAFE_MATH_ABSU(type_name, type) \ + static ossl_inline ossl_unused type safe_abs_ ## type_name(type a, \ + int *err) \ + { \ + return a; \ + } + +/* + * Safe fused multiply divide helpers + * + * These are a bit obscure: + * . They begin by checking the denominator for zero and getting rid of this + * corner case. + * + * . Second is an attempt to do the multiplication directly, if it doesn't + * overflow, the quotient is returned (for signed values there is a + * potential problem here which isn't present for unsigned). + * + * . Finally, the multiplication/division is transformed so that the larger + * of the numerators is divided first. This requires a remainder + * correction: + * + * a b / c = (a / c) b + (a mod c) b / c, where a > b + * + * The individual operations need to be overflow checked (again signed + * being more problematic). + * + * The algorithm used is not perfect but it should be "good enough". + */ +# define OSSL_SAFE_MATH_MULDIVS(type_name, type, max) \ + static ossl_inline ossl_unused type safe_muldiv_ ## type_name(type a, \ + type b, \ + type c, \ + int *err) \ + { \ + int e2 = 0; \ + type q, r, x, y; \ + \ + if (c == 0) { \ + *err |= 1; \ + return a == 0 || b == 0 ? 0 : max; \ + } \ + x = safe_mul_ ## type_name(a, b, &e2); \ + if (!e2) \ + return safe_div_ ## type_name(x, c, err); \ + if (b > a) { \ + x = b; \ + b = a; \ + a = x; \ + } \ + q = safe_div_ ## type_name(a, c, err); \ + r = safe_mod_ ## type_name(a, c, err); \ + x = safe_mul_ ## type_name(r, b, err); \ + y = safe_mul_ ## type_name(q, b, err); \ + q = safe_div_ ## type_name(x, c, err); \ + return safe_add_ ## type_name(y, q, err); \ + } + +# define OSSL_SAFE_MATH_MULDIVU(type_name, type, max) \ + static ossl_inline ossl_unused type safe_muldiv_ ## type_name(type a, \ + type b, \ + type c, \ + int *err) \ + { \ + int e2 = 0; \ + type x, y; \ + \ + if (c == 0) { \ + *err |= 1; \ + return a == 0 || b == 0 ? 0 : max; \ + } \ + x = safe_mul_ ## type_name(a, b, &e2); \ + if (!e2) \ + return x / c; \ + if (b > a) { \ + x = b; \ + b = a; \ + a = x; \ + } \ + x = safe_mul_ ## type_name(a % c, b, err); \ + y = safe_mul_ ## type_name(a / c, b, err); \ + return safe_add_ ## type_name(y, x / c, err); \ + } + +/* + * Calculate a / b rounding up: + * i.e. a / b + (a % b != 0) + * Which is usually (less safely) converted to (a + b - 1) / b + * If you *know* that b != 0, then it's safe to ignore err. + */ +#define OSSL_SAFE_MATH_DIV_ROUND_UP(type_name, type, max) \ + static ossl_inline ossl_unused type safe_div_round_up_ ## type_name \ + (type a, type b, int *errp) \ + { \ + type x; \ + int *err, err_local = 0; \ + \ + /* Allow errors to be ignored by callers */ \ + err = errp != NULL ? errp : &err_local; \ + /* Fast path, both positive */ \ + if (b > 0 && a > 0) { \ + /* Faster path: no overflow concerns */ \ + if (a < max - b) \ + return (a + b - 1) / b; \ + return a / b + (a % b != 0); \ + } \ + if (b == 0) { \ + *err |= 1; \ + return a == 0 ? 0 : max; \ + } \ + if (a == 0) \ + return 0; \ + /* Rather slow path because there are negatives involved */ \ + x = safe_mod_ ## type_name(a, b, err); \ + return safe_add_ ## type_name(safe_div_ ## type_name(a, b, err), \ + x != 0, err); \ + } + +/* Calculate ranges of types */ +# define OSSL_SAFE_MATH_MINS(type) ((type)1 << (sizeof(type) * 8 - 1)) +# define OSSL_SAFE_MATH_MAXS(type) (~OSSL_SAFE_MATH_MINS(type)) +# define OSSL_SAFE_MATH_MAXU(type) (~(type)0) + +/* + * Wrapper macros to create all the functions of a given type + */ +# define OSSL_SAFE_MATH_SIGNED(type_name, type) \ + OSSL_SAFE_MATH_ADDS(type_name, type, OSSL_SAFE_MATH_MINS(type), \ + OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_SUBS(type_name, type, OSSL_SAFE_MATH_MINS(type), \ + OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_MULS(type_name, type, OSSL_SAFE_MATH_MINS(type), \ + OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_DIVS(type_name, type, OSSL_SAFE_MATH_MINS(type), \ + OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_MODS(type_name, type, OSSL_SAFE_MATH_MINS(type), \ + OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_DIV_ROUND_UP(type_name, type, \ + OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_MULDIVS(type_name, type, OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_NEGS(type_name, type, OSSL_SAFE_MATH_MINS(type)) \ + OSSL_SAFE_MATH_ABSS(type_name, type, OSSL_SAFE_MATH_MINS(type)) + +# define OSSL_SAFE_MATH_UNSIGNED(type_name, type) \ + OSSL_SAFE_MATH_ADDU(type_name, type, OSSL_SAFE_MATH_MAXU(type)) \ + OSSL_SAFE_MATH_SUBU(type_name, type) \ + OSSL_SAFE_MATH_MULU(type_name, type, OSSL_SAFE_MATH_MAXU(type)) \ + OSSL_SAFE_MATH_DIVU(type_name, type, OSSL_SAFE_MATH_MAXU(type)) \ + OSSL_SAFE_MATH_MODU(type_name, type) \ + OSSL_SAFE_MATH_DIV_ROUND_UP(type_name, type, \ + OSSL_SAFE_MATH_MAXU(type)) \ + OSSL_SAFE_MATH_MULDIVU(type_name, type, OSSL_SAFE_MATH_MAXU(type)) \ + OSSL_SAFE_MATH_NEGU(type_name, type) \ + OSSL_SAFE_MATH_ABSU(type_name, type) + +#endif /* OSSL_INTERNAL_SAFE_MATH_H */ diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/sockets.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/sockets.h index 1f5fefcc..2550c56b 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/sockets.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/sockets.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -61,7 +61,25 @@ struct servent *PASCAL getservbyname(const char *, const char *); # define accept(s,f,l) ((int)accept(s,f,l)) # endif +/* Windows have other names for shutdown() reasons */ +# ifndef SHUT_RD +# define SHUT_RD SD_RECEIVE +# endif +# ifndef SHUT_WR +# define SHUT_WR SD_SEND +# endif +# ifndef SHUT_RDWR +# define SHUT_RDWR SD_BOTH +# endif + # else +# if defined(__APPLE__) + /* + * This must be defined before including to get + * IPV6_RECVPKTINFO + */ +# define __APPLE_USE_RFC_3542 +# endif # ifndef NO_SYS_PARAM_H # include @@ -71,6 +89,9 @@ struct servent *PASCAL getservbyname(const char *, const char *); # endif # include +# if defined(OPENSSL_SYS_VMS) +typedef size_t socklen_t; /* Currently appears to be missing on VMS */ +# endif # if defined(OPENSSL_SYS_VMS_NODECC) # include # include @@ -95,6 +116,13 @@ struct servent *PASCAL getservbyname(const char *, const char *); # include # endif +# ifdef OPENSSL_SYS_UNIX +# ifndef OPENSSL_SYS_TANDEM +# include +# endif +# include +# endif + # ifndef VMS # include # else @@ -136,12 +164,15 @@ struct servent *PASCAL getservbyname(const char *, const char *); # define get_last_socket_error() errno # define clear_socket_error() errno=0 +# define get_last_socket_error_is_eintr() (get_last_socket_error() == EINTR) # if defined(OPENSSL_SYS_WINDOWS) # undef get_last_socket_error # undef clear_socket_error +# undef get_last_socket_error_is_eintr # define get_last_socket_error() WSAGetLastError() # define clear_socket_error() WSASetLastError(0) +# define get_last_socket_error_is_eintr() (get_last_socket_error() == WSAEINTR) # define readsocket(s,b,n) recv((s),(b),(n),0) # define writesocket(s,b,n) send((s),(b),(n),0) # elif defined(__DJGPP__) diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/ssl.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/ssl.h new file mode 100644 index 00000000..8a0c7974 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/ssl.h @@ -0,0 +1,24 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#ifndef OSSL_INTERNAL_SSL_H +# define OSSL_INTERNAL_SSL_H +# pragma once + +typedef void (*ossl_msg_cb)(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); + +int ossl_ssl_get_error(const SSL *s, int i, int check_err); + +/* Set if this is the QUIC handshake layer */ +# define TLS1_FLAGS_QUIC 0x2000 + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/ssl3_cbc.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/ssl3_cbc.h new file mode 100644 index 00000000..4fb5da19 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/ssl3_cbc.h @@ -0,0 +1,40 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +/* tls_pad.c */ +int ssl3_cbc_remove_padding_and_mac(size_t *reclen, + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + OSSL_LIB_CTX *libctx); + +int tls1_cbc_remove_padding_and_mac(size_t *reclen, + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + int aead, + OSSL_LIB_CTX *libctx); + +/* ssl3_cbc.c */ +__owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); +__owur int ssl3_cbc_digest_record(const EVP_MD *md, + unsigned char *md_out, + size_t *md_out_size, + const unsigned char *header, + const unsigned char *data, + size_t data_size, + size_t data_plus_mac_plus_padding_size, + const unsigned char *mac_secret, + size_t mac_secret_length, char is_sslv3); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/statem.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/statem.h new file mode 100644 index 00000000..136e6523 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/statem.h @@ -0,0 +1,171 @@ +/* + * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef OSSL_INTERNAL_STATEM_H +# define OSSL_INTERNAL_STATEM_H + +/***************************************************************************** + * * + * These enums should be considered PRIVATE to the state machine. No * + * non-state machine code should need to use these * + * * + *****************************************************************************/ +/* + * Valid return codes used for functions performing work prior to or after + * sending or receiving a message + */ +typedef enum { + /* Something went wrong */ + WORK_ERROR, + /* We're done working and there shouldn't be anything else to do after */ + WORK_FINISHED_STOP, + /* We're done working move onto the next thing */ + WORK_FINISHED_CONTINUE, + /* We're working on phase A */ + WORK_MORE_A, + /* We're working on phase B */ + WORK_MORE_B, + /* We're working on phase C */ + WORK_MORE_C +} WORK_STATE; + +/* Write transition return codes */ +typedef enum { + /* Something went wrong */ + WRITE_TRAN_ERROR, + /* A transition was successfully completed and we should continue */ + WRITE_TRAN_CONTINUE, + /* There is no more write work to be done */ + WRITE_TRAN_FINISHED +} WRITE_TRAN; + +/* Message flow states */ +typedef enum { + /* No handshake in progress */ + MSG_FLOW_UNINITED, + /* A permanent error with this connection */ + MSG_FLOW_ERROR, + /* We are reading messages */ + MSG_FLOW_READING, + /* We are writing messages */ + MSG_FLOW_WRITING, + /* Handshake has finished */ + MSG_FLOW_FINISHED +} MSG_FLOW_STATE; + +/* Read states */ +typedef enum { + READ_STATE_HEADER, + READ_STATE_BODY, + READ_STATE_POST_PROCESS +} READ_STATE; + +/* Write states */ +typedef enum { + WRITE_STATE_TRANSITION, + WRITE_STATE_PRE_WORK, + WRITE_STATE_SEND, + WRITE_STATE_POST_WORK +} WRITE_STATE; + +typedef enum { + CON_FUNC_ERROR = 0, + CON_FUNC_SUCCESS, + CON_FUNC_DONT_SEND +} CON_FUNC_RETURN; + +typedef int (*ossl_statem_mutate_handshake_cb)(const unsigned char *msgin, + size_t inlen, + unsigned char **msgout, + size_t *outlen, + void *arg); + +typedef void (*ossl_statem_finish_mutate_handshake_cb)(void *arg); + +/***************************************************************************** + * * + * This structure should be considered "opaque" to anything outside of the * + * state machine. No non-state machine code should be accessing the members * + * of this structure. * + * * + *****************************************************************************/ + +struct ossl_statem_st { + MSG_FLOW_STATE state; + WRITE_STATE write_state; + WORK_STATE write_state_work; + READ_STATE read_state; + WORK_STATE read_state_work; + OSSL_HANDSHAKE_STATE hand_state; + /* The handshake state requested by an API call (e.g. HelloRequest) */ + OSSL_HANDSHAKE_STATE request_state; + int in_init; + int read_state_first_init; + /* true when we are actually in SSL_accept() or SSL_connect() */ + int in_handshake; + /* + * True when are processing a "real" handshake that needs cleaning up (not + * just a HelloRequest or similar). + */ + int cleanuphand; + /* Should we skip the CertificateVerify message? */ + unsigned int no_cert_verify; + int use_timer; + + /* Test harness message mutator callbacks */ + ossl_statem_mutate_handshake_cb mutate_handshake_cb; + ossl_statem_finish_mutate_handshake_cb finish_mutate_handshake_cb; + void *mutatearg; + unsigned int write_in_progress : 1; +}; +typedef struct ossl_statem_st OSSL_STATEM; + +/***************************************************************************** + * * + * The following macros/functions represent the libssl internal API to the * + * state machine. Any libssl code may call these functions/macros * + * * + *****************************************************************************/ + +typedef struct ssl_connection_st SSL_CONNECTION; + +__owur int ossl_statem_accept(SSL *s); +__owur int ossl_statem_connect(SSL *s); +OSSL_HANDSHAKE_STATE ossl_statem_get_state(SSL_CONNECTION *s); +void ossl_statem_clear(SSL_CONNECTION *s); +void ossl_statem_set_renegotiate(SSL_CONNECTION *s); +void ossl_statem_send_fatal(SSL_CONNECTION *s, int al); +void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason, + const char *fmt, ...); +# define SSLfatal_alert(s, al) ossl_statem_send_fatal((s), (al)) +# define SSLfatal(s, al, r) SSLfatal_data((s), (al), (r), NULL) +# define SSLfatal_data \ + (ERR_new(), \ + ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \ + ossl_statem_fatal) + +int ossl_statem_in_error(const SSL_CONNECTION *s); +void ossl_statem_set_in_init(SSL_CONNECTION *s, int init); +int ossl_statem_get_in_handshake(SSL_CONNECTION *s); +void ossl_statem_set_in_handshake(SSL_CONNECTION *s, int inhand); +__owur int ossl_statem_skip_early_data(SSL_CONNECTION *s); +void ossl_statem_check_finish_init(SSL_CONNECTION *s, int send); +void ossl_statem_set_hello_verify_done(SSL_CONNECTION *s); +__owur int ossl_statem_app_data_allowed(SSL_CONNECTION *s); +__owur int ossl_statem_export_allowed(SSL_CONNECTION *s); +__owur int ossl_statem_export_early_allowed(SSL_CONNECTION *s); + +/* Flush the write BIO */ +int statem_flush(SSL_CONNECTION *s); + +int ossl_statem_set_mutator(SSL *s, + ossl_statem_mutate_handshake_cb mutate_handshake_cb, + ossl_statem_finish_mutate_handshake_cb finish_mutate_handshake_cb, + void *mutatearg); + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/thread.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/thread.h new file mode 100644 index 00000000..8c5bad77 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/thread.h @@ -0,0 +1,39 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_INTERNAL_THREAD_H +# define OPENSSL_INTERNAL_THREAD_H +# include +# include +# include +# include +# include +# include "crypto/context.h" + +void *ossl_crypto_thread_start(OSSL_LIB_CTX *ctx, CRYPTO_THREAD_ROUTINE start, + void *data); +int ossl_crypto_thread_join(void *task, CRYPTO_THREAD_RETVAL *retval); +int ossl_crypto_thread_clean(void *vhandle); +uint64_t ossl_get_avail_threads(OSSL_LIB_CTX *ctx); + +# if defined(OPENSSL_THREADS) + +# define OSSL_LIB_CTX_GET_THREADS(CTX) \ + ossl_lib_ctx_get_data(CTX, OSSL_LIB_CTX_THREAD_INDEX); + +typedef struct openssl_threads_st { + uint64_t max_threads; + uint64_t active_threads; + CRYPTO_MUTEX *lock; + CRYPTO_CONDVAR *cond_finished; +} OSSL_LIB_CTX_THREADS; + +# endif /* defined(OPENSSL_THREADS) */ + +#endif /* OPENSSL_INTERNAL_THREAD_H */ diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/thread_arch.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/thread_arch.h new file mode 100644 index 00000000..1bfc0ebb --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/thread_arch.h @@ -0,0 +1,127 @@ +/* + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_THREAD_ARCH_H +# define OSSL_INTERNAL_THREAD_ARCH_H +# include +# include +# include "internal/time.h" + +# if defined(_WIN32) +# include +# endif + +# if defined(OPENSSL_THREADS) && defined(OPENSSL_SYS_UNIX) +# define OPENSSL_THREADS_POSIX +# elif defined(OPENSSL_THREADS) && defined(OPENSSL_SYS_VMS) +# define OPENSSL_THREADS_POSIX +# elif defined(OPENSSL_THREADS) && defined(OPENSSL_SYS_WINDOWS) && \ + defined(_WIN32_WINNT) +# if _WIN32_WINNT >= 0x0600 +# define OPENSSL_THREADS_WINNT +# elif _WIN32_WINNT >= 0x0501 +# define OPENSSL_THREADS_WINNT +# define OPENSSL_THREADS_WINNT_LEGACY +# else +# define OPENSSL_THREADS_NONE +# endif +# else +# define OPENSSL_THREADS_NONE +# endif + +# include + +typedef void CRYPTO_MUTEX; +typedef void CRYPTO_CONDVAR; + +CRYPTO_MUTEX *ossl_crypto_mutex_new(void); +void ossl_crypto_mutex_lock(CRYPTO_MUTEX *mutex); +int ossl_crypto_mutex_try_lock(CRYPTO_MUTEX *mutex); +void ossl_crypto_mutex_unlock(CRYPTO_MUTEX *mutex); +void ossl_crypto_mutex_free(CRYPTO_MUTEX **mutex); + +CRYPTO_CONDVAR *ossl_crypto_condvar_new(void); +void ossl_crypto_condvar_wait(CRYPTO_CONDVAR *cv, CRYPTO_MUTEX *mutex); +void ossl_crypto_condvar_wait_timeout(CRYPTO_CONDVAR *cv, CRYPTO_MUTEX *mutex, + OSSL_TIME deadline); +void ossl_crypto_condvar_broadcast(CRYPTO_CONDVAR *cv); +void ossl_crypto_condvar_signal(CRYPTO_CONDVAR *cv); +void ossl_crypto_condvar_free(CRYPTO_CONDVAR **cv); + +typedef uint32_t CRYPTO_THREAD_RETVAL; +typedef CRYPTO_THREAD_RETVAL (*CRYPTO_THREAD_ROUTINE)(void *); +typedef CRYPTO_THREAD_RETVAL (*CRYPTO_THREAD_ROUTINE_CB)(void *, + void (**)(void *), + void **); + +# define CRYPTO_THREAD_NO_STATE 0UL +# define CRYPTO_THREAD_FINISHED (1UL << 0) +# define CRYPTO_THREAD_JOIN_AWAIT (1UL << 1) +# define CRYPTO_THREAD_JOINED (1UL << 2) + +# define CRYPTO_THREAD_GET_STATE(THREAD, FLAG) ((THREAD)->state & (FLAG)) +# define CRYPTO_THREAD_GET_ERROR(THREAD, FLAG) (((THREAD)->state >> 16) & (FLAG)) + +typedef struct crypto_thread_st { + uint32_t state; + void *data; + CRYPTO_THREAD_ROUTINE routine; + CRYPTO_THREAD_RETVAL retval; + void *handle; + CRYPTO_MUTEX *lock; + CRYPTO_MUTEX *statelock; + CRYPTO_CONDVAR *condvar; + unsigned long thread_id; + int joinable; + OSSL_LIB_CTX *ctx; +} CRYPTO_THREAD; + +# if defined(OPENSSL_THREADS) + +# define CRYPTO_THREAD_UNSET_STATE(THREAD, FLAG) \ + do { \ + (THREAD)->state &= ~(FLAG); \ + } while ((void)0, 0) + +# define CRYPTO_THREAD_SET_STATE(THREAD, FLAG) \ + do { \ + (THREAD)->state |= (FLAG); \ + } while ((void)0, 0) + +# define CRYPTO_THREAD_SET_ERROR(THREAD, FLAG) \ + do { \ + (THREAD)->state |= ((FLAG) << 16); \ + } while ((void)0, 0) + +# define CRYPTO_THREAD_UNSET_ERROR(THREAD, FLAG) \ + do { \ + (THREAD)->state &= ~((FLAG) << 16); \ + } while ((void)0, 0) + +# else + +# define CRYPTO_THREAD_UNSET_STATE(THREAD, FLAG) +# define CRYPTO_THREAD_SET_STATE(THREAD, FLAG) +# define CRYPTO_THREAD_SET_ERROR(THREAD, FLAG) +# define CRYPTO_THREAD_UNSET_ERROR(THREAD, FLAG) + +# endif /* defined(OPENSSL_THREADS) */ + +CRYPTO_THREAD * ossl_crypto_thread_native_start(CRYPTO_THREAD_ROUTINE routine, + void *data, int joinable); +int ossl_crypto_thread_native_spawn(CRYPTO_THREAD *thread); +int ossl_crypto_thread_native_join(CRYPTO_THREAD *thread, + CRYPTO_THREAD_RETVAL *retval); +int ossl_crypto_thread_native_perform_join(CRYPTO_THREAD *thread, + CRYPTO_THREAD_RETVAL *retval); +int ossl_crypto_thread_native_exit(void); +int ossl_crypto_thread_native_is_self(CRYPTO_THREAD *thread); +int ossl_crypto_thread_native_clean(CRYPTO_THREAD *thread); + +#endif /* OSSL_INTERNAL_THREAD_ARCH_H */ diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/time.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/time.h new file mode 100644 index 00000000..14d724ab --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/time.h @@ -0,0 +1,242 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_TIME_H +# define OSSL_INTERNAL_TIME_H +# pragma once + +# include /* uint64_t */ +# include "internal/e_os.h" /* for struct timeval */ +# include "internal/safe_math.h" + +/* + * Internal type defining a time. + * This should be treated as an opaque structure. + * + * The time datum is Unix's 1970 and at nanosecond precision, this gives + * a range of 584 years roughly. + */ +typedef struct { + uint64_t t; /* Ticks since the epoch */ +} OSSL_TIME; + +/* The precision of times allows this many values per second */ +# define OSSL_TIME_SECOND ((uint64_t)1000000000) + +/* One millisecond. */ +# define OSSL_TIME_MS (OSSL_TIME_SECOND / 1000) + +/* One microsecond. */ +# define OSSL_TIME_US (OSSL_TIME_MS / 1000) + +/* One nanosecond. */ +# define OSSL_TIME_NS (OSSL_TIME_US / 1000) + +#define ossl_seconds2time(s) ossl_ticks2time((s) * OSSL_TIME_SECOND) +#define ossl_time2seconds(t) (ossl_time2ticks(t) / OSSL_TIME_SECOND) +#define ossl_ms2time(ms) ossl_ticks2time((ms) * OSSL_TIME_MS) +#define ossl_time2ms(t) (ossl_time2ticks(t) / OSSL_TIME_MS) +#define ossl_us2time(us) ossl_ticks2time((us) * OSSL_TIME_US) +#define ossl_time2us(t) (ossl_time2ticks(t) / OSSL_TIME_US) + +/* + * Arithmetic operations on times. + * These operations are saturating, in that an overflow or underflow returns + * the largest or smallest value respectively. + */ +OSSL_SAFE_MATH_UNSIGNED(time, uint64_t) + +/* Convert a tick count into a time */ +static ossl_unused ossl_inline +OSSL_TIME ossl_ticks2time(uint64_t ticks) +{ + OSSL_TIME r; + + r.t = ticks; + return r; +} + +/* Convert a time to a tick count */ +static ossl_unused ossl_inline +uint64_t ossl_time2ticks(OSSL_TIME t) +{ + return t.t; +} + +/* Get current time */ +OSSL_TIME ossl_time_now(void); + +/* The beginning and end of the time range */ +static ossl_unused ossl_inline +OSSL_TIME ossl_time_zero(void) +{ + return ossl_ticks2time(0); +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_time_infinite(void) +{ + return ossl_ticks2time(~(uint64_t)0); +} + + +/* Convert time to timeval */ +static ossl_unused ossl_inline +struct timeval ossl_time_to_timeval(OSSL_TIME t) +{ + struct timeval tv; + int err = 0; + + /* + * Round up any nano secs which struct timeval doesn't support. Ensures that + * we never return a zero time if the input time is non zero + */ + t.t = safe_add_time(t.t, OSSL_TIME_US - 1, &err); + if (err) + t = ossl_time_infinite(); + +#ifdef _WIN32 + tv.tv_sec = (long int)(t.t / OSSL_TIME_SECOND); +#else + tv.tv_sec = (time_t)(t.t / OSSL_TIME_SECOND); +#endif + tv.tv_usec = (t.t % OSSL_TIME_SECOND) / OSSL_TIME_US; + return tv; +} + +/* Convert timeval to time */ +static ossl_unused ossl_inline +OSSL_TIME ossl_time_from_timeval(struct timeval tv) +{ + OSSL_TIME t; + +#ifndef __DJGPP__ /* tv_sec is unsigned on djgpp. */ + if (tv.tv_sec < 0) + return ossl_time_zero(); +#endif + t.t = tv.tv_sec * OSSL_TIME_SECOND + tv.tv_usec * OSSL_TIME_US; + return t; +} + +/* Convert OSSL_TIME to time_t */ +static ossl_unused ossl_inline +time_t ossl_time_to_time_t(OSSL_TIME t) +{ + return (time_t)(t.t / OSSL_TIME_SECOND); +} + +/* Convert time_t to OSSL_TIME */ +static ossl_unused ossl_inline +OSSL_TIME ossl_time_from_time_t(time_t t) +{ + OSSL_TIME ot; + + ot.t = t; + ot.t *= OSSL_TIME_SECOND; + return ot; +} + +/* Compare two time values, return -1 if less, 1 if greater and 0 if equal */ +static ossl_unused ossl_inline +int ossl_time_compare(OSSL_TIME a, OSSL_TIME b) +{ + if (a.t > b.t) + return 1; + if (a.t < b.t) + return -1; + return 0; +} + +/* Returns true if an OSSL_TIME is ossl_time_zero(). */ +static ossl_unused ossl_inline +int ossl_time_is_zero(OSSL_TIME t) +{ + return ossl_time_compare(t, ossl_time_zero()) == 0; +} + +/* Returns true if an OSSL_TIME is ossl_time_infinite(). */ +static ossl_unused ossl_inline +int ossl_time_is_infinite(OSSL_TIME t) +{ + return ossl_time_compare(t, ossl_time_infinite()) == 0; +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_time_add(OSSL_TIME a, OSSL_TIME b) +{ + OSSL_TIME r; + int err = 0; + + r.t = safe_add_time(a.t, b.t, &err); + return err ? ossl_time_infinite() : r; +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_time_subtract(OSSL_TIME a, OSSL_TIME b) +{ + OSSL_TIME r; + int err = 0; + + r.t = safe_sub_time(a.t, b.t, &err); + return err ? ossl_time_zero() : r; +} + +/* Returns |a - b|. */ +static ossl_unused ossl_inline +OSSL_TIME ossl_time_abs_difference(OSSL_TIME a, OSSL_TIME b) +{ + return a.t > b.t ? ossl_time_subtract(a, b) + : ossl_time_subtract(b, a); +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_time_multiply(OSSL_TIME a, uint64_t b) +{ + OSSL_TIME r; + int err = 0; + + r.t = safe_mul_time(a.t, b, &err); + return err ? ossl_time_infinite() : r; +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_time_divide(OSSL_TIME a, uint64_t b) +{ + OSSL_TIME r; + int err = 0; + + r.t = safe_div_time(a.t, b, &err); + return err ? ossl_time_zero() : r; +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_time_muldiv(OSSL_TIME a, uint64_t b, uint64_t c) +{ + OSSL_TIME r; + int err = 0; + + r.t = safe_muldiv_time(a.t, b, c, &err); + return err ? ossl_time_zero() : r; +} + +/* Return higher of the two given time values. */ +static ossl_unused ossl_inline +OSSL_TIME ossl_time_max(OSSL_TIME a, OSSL_TIME b) +{ + return a.t > b.t ? a : b; +} + +/* Return the lower of the two given time values. */ +static ossl_unused ossl_inline +OSSL_TIME ossl_time_min(OSSL_TIME a, OSSL_TIME b) +{ + return a.t < b.t ? a : b; +} + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/tlsgroups.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/tlsgroups.h index 8a35ced1..73fb53bc 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/tlsgroups.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/tlsgroups.h @@ -41,6 +41,16 @@ # define OSSL_TLS_GROUP_ID_brainpoolP512r1 0x001C # define OSSL_TLS_GROUP_ID_x25519 0x001D # define OSSL_TLS_GROUP_ID_x448 0x001E +# define OSSL_TLS_GROUP_ID_brainpoolP256r1_tls13 0x001F +# define OSSL_TLS_GROUP_ID_brainpoolP384r1_tls13 0x0020 +# define OSSL_TLS_GROUP_ID_brainpoolP512r1_tls13 0x0021 +# define OSSL_TLS_GROUP_ID_gc256A 0x0022 +# define OSSL_TLS_GROUP_ID_gc256B 0x0023 +# define OSSL_TLS_GROUP_ID_gc256C 0x0024 +# define OSSL_TLS_GROUP_ID_gc256D 0x0025 +# define OSSL_TLS_GROUP_ID_gc512A 0x0026 +# define OSSL_TLS_GROUP_ID_gc512B 0x0027 +# define OSSL_TLS_GROUP_ID_gc512C 0x0028 # define OSSL_TLS_GROUP_ID_ffdhe2048 0x0100 # define OSSL_TLS_GROUP_ID_ffdhe3072 0x0101 # define OSSL_TLS_GROUP_ID_ffdhe4096 0x0102 diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/tsan_assist.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/tsan_assist.h index 17205d10..a840df0b 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/tsan_assist.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/tsan_assist.h @@ -47,33 +47,37 @@ * can use TSAN_QUALIFIER in cast specifically when it has to count. */ -#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \ +#ifndef OSSL_INTERNAL_TSAN_ASSIST_H +# define OSSL_INTERNAL_TSAN_ASSIST_H +# pragma once + +# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \ && !defined(__STDC_NO_ATOMICS__) -# include +# include -# if defined(ATOMIC_POINTER_LOCK_FREE) \ +# if defined(ATOMIC_POINTER_LOCK_FREE) \ && ATOMIC_POINTER_LOCK_FREE >= 2 -# define TSAN_QUALIFIER _Atomic -# define tsan_load(ptr) atomic_load_explicit((ptr), memory_order_relaxed) -# define tsan_store(ptr, val) atomic_store_explicit((ptr), (val), memory_order_relaxed) -# define tsan_add(ptr, n) atomic_fetch_add_explicit((ptr), (n), memory_order_relaxed) -# define tsan_ld_acq(ptr) atomic_load_explicit((ptr), memory_order_acquire) -# define tsan_st_rel(ptr, val) atomic_store_explicit((ptr), (val), memory_order_release) -# endif +# define TSAN_QUALIFIER _Atomic +# define tsan_load(ptr) atomic_load_explicit((ptr), memory_order_relaxed) +# define tsan_store(ptr, val) atomic_store_explicit((ptr), (val), memory_order_relaxed) +# define tsan_add(ptr, n) atomic_fetch_add_explicit((ptr), (n), memory_order_relaxed) +# define tsan_ld_acq(ptr) atomic_load_explicit((ptr), memory_order_acquire) +# define tsan_st_rel(ptr, val) atomic_store_explicit((ptr), (val), memory_order_release) +# endif -#elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) +# elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) -# if defined(__GCC_ATOMIC_POINTER_LOCK_FREE) \ +# if defined(__GCC_ATOMIC_POINTER_LOCK_FREE) \ && __GCC_ATOMIC_POINTER_LOCK_FREE >= 2 -# define TSAN_QUALIFIER volatile -# define tsan_load(ptr) __atomic_load_n((ptr), __ATOMIC_RELAXED) -# define tsan_store(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELAXED) -# define tsan_add(ptr, n) __atomic_fetch_add((ptr), (n), __ATOMIC_RELAXED) -# define tsan_ld_acq(ptr) __atomic_load_n((ptr), __ATOMIC_ACQUIRE) -# define tsan_st_rel(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELEASE) -# endif +# define TSAN_QUALIFIER volatile +# define tsan_load(ptr) __atomic_load_n((ptr), __ATOMIC_RELAXED) +# define tsan_store(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELAXED) +# define tsan_add(ptr, n) __atomic_fetch_add((ptr), (n), __ATOMIC_RELAXED) +# define tsan_ld_acq(ptr) __atomic_load_n((ptr), __ATOMIC_ACQUIRE) +# define tsan_st_rel(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELEASE) +# endif -#elif defined(_MSC_VER) && _MSC_VER>=1200 \ +# elif defined(_MSC_VER) && _MSC_VER>=1200 \ && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ defined(_M_ARM64) || (defined(_M_ARM) && _M_ARM >= 7 && !defined(_WIN32_WCE))) /* @@ -87,62 +91,63 @@ * with additional instructions and penalties, it kind of makes sense to * default to "iso"... */ -# define TSAN_QUALIFIER volatile -# if defined(_M_ARM) || defined(_M_ARM64) -# define _InterlockedExchangeAdd _InterlockedExchangeAdd_nf -# pragma intrinsic(_InterlockedExchangeAdd_nf) -# pragma intrinsic(__iso_volatile_load32, __iso_volatile_store32) -# ifdef _WIN64 -# define _InterlockedExchangeAdd64 _InterlockedExchangeAdd64_nf -# pragma intrinsic(_InterlockedExchangeAdd64_nf) -# pragma intrinsic(__iso_volatile_load64, __iso_volatile_store64) -# define tsan_load(ptr) (sizeof(*(ptr)) == 8 ? __iso_volatile_load64(ptr) \ +# define TSAN_QUALIFIER volatile +# if defined(_M_ARM) || defined(_M_ARM64) +# define _InterlockedExchangeAdd _InterlockedExchangeAdd_nf +# pragma intrinsic(_InterlockedExchangeAdd_nf) +# pragma intrinsic(__iso_volatile_load32, __iso_volatile_store32) +# ifdef _WIN64 +# define _InterlockedExchangeAdd64 _InterlockedExchangeAdd64_nf +# pragma intrinsic(_InterlockedExchangeAdd64_nf) +# pragma intrinsic(__iso_volatile_load64, __iso_volatile_store64) +# define tsan_load(ptr) (sizeof(*(ptr)) == 8 ? __iso_volatile_load64(ptr) \ : __iso_volatile_load32(ptr)) -# define tsan_store(ptr, val) (sizeof(*(ptr)) == 8 ? __iso_volatile_store64((ptr), (val)) \ +# define tsan_store(ptr, val) (sizeof(*(ptr)) == 8 ? __iso_volatile_store64((ptr), (val)) \ : __iso_volatile_store32((ptr), (val))) +# else +# define tsan_load(ptr) __iso_volatile_load32(ptr) +# define tsan_store(ptr, val) __iso_volatile_store32((ptr), (val)) +# endif # else -# define tsan_load(ptr) __iso_volatile_load32(ptr) -# define tsan_store(ptr, val) __iso_volatile_store32((ptr), (val)) +# define tsan_load(ptr) (*(ptr)) +# define tsan_store(ptr, val) (*(ptr) = (val)) # endif -# else +# pragma intrinsic(_InterlockedExchangeAdd) +# ifdef _WIN64 +# pragma intrinsic(_InterlockedExchangeAdd64) +# define tsan_add(ptr, n) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), (n)) \ + : _InterlockedExchangeAdd((ptr), (n))) +# else +# define tsan_add(ptr, n) _InterlockedExchangeAdd((ptr), (n)) +# endif +# if !defined(_ISO_VOLATILE) +# define tsan_ld_acq(ptr) (*(ptr)) +# define tsan_st_rel(ptr, val) (*(ptr) = (val)) +# endif + +# endif + +# ifndef TSAN_QUALIFIER + +# ifdef OPENSSL_THREADS +# define TSAN_QUALIFIER volatile +# define TSAN_REQUIRES_LOCKING +# else /* OPENSSL_THREADS */ +# define TSAN_QUALIFIER +# endif /* OPENSSL_THREADS */ + # define tsan_load(ptr) (*(ptr)) # define tsan_store(ptr, val) (*(ptr) = (val)) -# endif -# pragma intrinsic(_InterlockedExchangeAdd) -# ifdef _WIN64 -# pragma intrinsic(_InterlockedExchangeAdd64) -# define tsan_add(ptr, n) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), (n)) \ - : _InterlockedExchangeAdd((ptr), (n))) -# else -# define tsan_add(ptr, n) _InterlockedExchangeAdd((ptr), (n)) -# endif -# if !defined(_ISO_VOLATILE) -# define tsan_ld_acq(ptr) (*(ptr)) -# define tsan_st_rel(ptr, val) (*(ptr) = (val)) -# endif - -#endif - -#ifndef TSAN_QUALIFIER - -# ifdef OPENSSL_THREADS -# define TSAN_QUALIFIER volatile -# define TSAN_REQUIRES_LOCKING -# else /* OPENSSL_THREADS */ -# define TSAN_QUALIFIER -# endif /* OPENSSL_THREADS */ - -# define tsan_load(ptr) (*(ptr)) -# define tsan_store(ptr, val) (*(ptr) = (val)) -# define tsan_add(ptr, n) (*(ptr) += (n)) +# define tsan_add(ptr, n) (*(ptr) += (n)) /* * Lack of tsan_ld_acq and tsan_ld_rel means that compiler support is not * sophisticated enough to support them. Code that relies on them should be * protected with #ifdef tsan_ld_acq with locked fallback. */ +# endif + +# define tsan_counter(ptr) tsan_add((ptr), 1) +# define tsan_decr(ptr) tsan_add((ptr), -1) + #endif - -#define tsan_counter(ptr) tsan_add((ptr), 1) -#define tsan_decr(ptr) tsan_add((ptr), -1) - diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/uint_set.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/uint_set.h new file mode 100644 index 00000000..dcb29b33 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/internal/uint_set.h @@ -0,0 +1,63 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef OSSL_UINT_SET_H +# define OSSL_UINT_SET_H + +#include "openssl/params.h" +#include "internal/list.h" + +/* + * uint64_t Integer Sets + * ===================== + * + * Utilities for managing a logical set of unsigned 64-bit integers. The + * structure tracks each contiguous range of integers using one allocation and + * is thus optimised for cases where integers tend to appear consecutively. + * Queries are optimised under the assumption that they will generally be made + * on integers near the end of the set. + * + * Discussion of implementation details can be found in uint_set.c. + */ +typedef struct uint_range_st { + uint64_t start, end; +} UINT_RANGE; + +typedef struct uint_set_item_st UINT_SET_ITEM; +struct uint_set_item_st { + OSSL_LIST_MEMBER(uint_set, UINT_SET_ITEM); + UINT_RANGE range; +}; + +DEFINE_LIST_OF(uint_set, UINT_SET_ITEM); + +typedef OSSL_LIST(uint_set) UINT_SET; + +void ossl_uint_set_init(UINT_SET *s); +void ossl_uint_set_destroy(UINT_SET *s); + +/* + * Insert a range into a integer set. Returns 0 on allocation failure, in which + * case the integer set is in a valid but undefined state. Otherwise, returns 1. + * Ranges can overlap existing ranges without limitation. If a range is a subset + * of an existing range in the set, this is a no-op and returns 1. + */ +int ossl_uint_set_insert(UINT_SET *s, const UINT_RANGE *range); + +/* + * Remove a range from the set. Returns 0 on allocation failure, in which case + * the integer set is unchanged. Otherwise, returns 1. Ranges which are not + * already in the set can be removed without issue. If a passed range is not in + * the integer set at all, this is a no-op and returns 1. + */ +int ossl_uint_set_remove(UINT_SET *s, const UINT_RANGE *range); + +/* Returns 1 iff the given integer is in the integer set. */ +int ossl_uint_set_query(const UINT_SET *s, uint64_t v); + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/asn1.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/asn1.h index 85ae8d58..09712345 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/asn1.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/asn1.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/asn1.h.in * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR) -# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ +# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ /* * This indicates that the ASN1_STRING is not a real value but just a place * holder for the location where indefinite length constructed data should be @@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, unsigned char *data, int max_len); void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it); +void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq); ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/asn1.h.in b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/asn1.h.in index d478bc96..798b2211 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/asn1.h.in +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/asn1.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -135,7 +135,7 @@ extern "C" { -} -# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ +# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ /* * This indicates that the ASN1_STRING is not a real value but just a place * holder for the location where indefinite length constructed data should be @@ -832,6 +832,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, unsigned char *data, int max_len); void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it); +void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq); ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/async.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/async.h index bc27d5db..826ffb99 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/async.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/async.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); int ASYNC_is_capable(void); +typedef void *(*ASYNC_stack_alloc_fn)(size_t *num); +typedef void (*ASYNC_stack_free_fn)(void *addr); + +int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn, + ASYNC_stack_free_fn free_fn); +void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn, + ASYNC_stack_free_fn *free_fn); + int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, int (*func)(void *), void *args, size_t size); int ASYNC_pause_job(void); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/bio.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/bio.h index e16cf622..ea584def 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/bio.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/bio.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/bio.h.in * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -67,6 +67,8 @@ extern "C" { # define BIO_TYPE_DGRAM_SCTP (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) # endif # define BIO_TYPE_CORE_TO_PROV (25|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_DGRAM_PAIR (26|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_DGRAM_MEM (27|BIO_TYPE_SOURCE_SINK) #define BIO_TYPE_START 128 @@ -171,6 +173,30 @@ extern "C" { # define BIO_CTRL_SET_INDENT 80 # define BIO_CTRL_GET_INDENT 81 +# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP 82 +# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE 83 +# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE 84 +# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS 85 +# define BIO_CTRL_DGRAM_GET_CAPS 86 +# define BIO_CTRL_DGRAM_SET_CAPS 87 +# define BIO_CTRL_DGRAM_GET_NO_TRUNC 88 +# define BIO_CTRL_DGRAM_SET_NO_TRUNC 89 + +/* + * internal BIO: + * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90 + */ + +# define BIO_CTRL_GET_RPOLL_DESCRIPTOR 91 +# define BIO_CTRL_GET_WPOLL_DESCRIPTOR 92 +# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR 93 + +# define BIO_DGRAM_CAP_NONE 0U +# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR (1U << 0) +# define BIO_DGRAM_CAP_HANDLES_DST_ADDR (1U << 1) +# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR (1U << 2) +# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR (1U << 3) + # ifndef OPENSSL_NO_KTLS # define BIO_get_ktls_send(b) \ (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0) @@ -208,7 +234,7 @@ extern "C" { # define BIO_FLAGS_NONCLEAR_RST 0x400 # define BIO_FLAGS_IN_EOF 0x800 -/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */ +/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */ typedef union bio_addr_st BIO_ADDR; typedef struct bio_addrinfo_st BIO_ADDRINFO; @@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags); # define BIO_RR_ACCEPT 0x03 /* These are passed by the BIO callback */ -# define BIO_CB_FREE 0x01 -# define BIO_CB_READ 0x02 -# define BIO_CB_WRITE 0x03 -# define BIO_CB_PUTS 0x04 -# define BIO_CB_GETS 0x05 -# define BIO_CB_CTRL 0x06 +# define BIO_CB_FREE 0x01 +# define BIO_CB_READ 0x02 +# define BIO_CB_WRITE 0x03 +# define BIO_CB_PUTS 0x04 +# define BIO_CB_GETS 0x05 +# define BIO_CB_CTRL 0x06 +# define BIO_CB_RECVMMSG 0x07 +# define BIO_CB_SENDMMSG 0x08 /* * The callback is called before and after the underling operation, The @@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo { }; # endif +/* BIO_sendmmsg/BIO_recvmmsg-related definitions */ +typedef struct bio_msg_st { + void *data; + size_t data_len; + BIO_ADDR *peer, *local; + uint64_t flags; +} BIO_MSG; + +typedef struct bio_mmsg_cb_args_st { + BIO_MSG *msg; + size_t stride, num_msg; + uint64_t flags; + size_t *msgs_processed; +} BIO_MMSG_CB_ARGS; + +#define BIO_POLL_DESCRIPTOR_TYPE_NONE 0 +#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD 1 +#define BIO_POLL_DESCRIPTOR_CUSTOM_START 8192 + +typedef struct bio_poll_descriptor_st { + uint32_t type; + union { + int fd; + void *custom; + uintptr_t custom_ui; + } value; +} BIO_POLL_DESCRIPTOR; + /* * #define BIO_CONN_get_param_hostname BIO_ctrl */ @@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo { # define BIO_C_SET_CONNECT_MODE 155 +# define BIO_C_SET_TFO 156 /* like BIO_C_SET_NBIO */ + +# define BIO_C_SET_SOCK_TYPE 157 +# define BIO_C_GET_SOCK_TYPE 158 +# define BIO_C_GET_DGRAM_BIO 159 + # define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) # define BIO_get_app_data(s) BIO_get_ex_data(s,0) -# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) +# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) +# define BIO_set_tfo(b,n) BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL) # ifndef OPENSSL_NO_SOCK /* IP families we support, for BIO_s_connect() and BIO_s_accept() */ @@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo { # define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)) # define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)) # define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) +# define BIO_get_conn_mode(b) BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL) # define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL) +# define BIO_set_sock_type(b,t) BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL) +# define BIO_get_sock_type(b) BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL) +# define BIO_get0_dgram_bio(b, p) BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p)) /* BIO_s_accept() */ # define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \ @@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo { (char *)(bio)) # define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f) # define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL) +# define BIO_set_tfo_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL) /* Aliases kept for backward compatibility */ # define BIO_BIND_NORMAL 0 @@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b); (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer)) # define BIO_dgram_set_peer(b,peer) \ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer)) +# define BIO_dgram_detect_peer_addr(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer)) # define BIO_dgram_get_mtu_overhead(b) \ (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) +# define BIO_dgram_get_local_addr_cap(b) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL) +# define BIO_dgram_get_local_addr_enable(b, penable) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable)) +# define BIO_dgram_set_local_addr_enable(b, enable) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL) +# define BIO_dgram_get_effective_caps(b) \ + (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL) +# define BIO_dgram_get_caps(b) \ + (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL) +# define BIO_dgram_set_caps(b, caps) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL) +# define BIO_dgram_get_no_trunc(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL) +# define BIO_dgram_set_no_trunc(b, enable) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL) +# define BIO_dgram_get_mtu(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL) +# define BIO_dgram_set_mtu(b, mtu) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL) /* ctrl macros for BIO_f_prefix */ # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p)) @@ -640,10 +730,18 @@ void BIO_vfree(BIO *a); int BIO_up_ref(BIO *a); int BIO_read(BIO *b, void *data, int dlen); int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes); +__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg, + size_t stride, size_t num_msg, uint64_t flags, + size_t *msgs_processed); int BIO_gets(BIO *bp, char *buf, int size); int BIO_get_line(BIO *bio, char *buf, int size); int BIO_write(BIO *b, const void *data, int dlen); int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written); +__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg, + size_t stride, size_t num_msg, uint64_t flags, + size_t *msgs_processed); +__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc); +__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc); int BIO_puts(BIO *bp, const char *buf); int BIO_indent(BIO *b, int indent, int max); long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); @@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf); int BIO_nwrite(BIO *bio, char **buf, int num); const BIO_METHOD *BIO_s_mem(void); +# ifndef OPENSSL_NO_DGRAM +const BIO_METHOD *BIO_s_dgram_mem(void); +# endif const BIO_METHOD *BIO_s_secmem(void); BIO *BIO_new_mem_buf(const void *buf, int len); # ifndef OPENSSL_NO_SOCK @@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void); const BIO_METHOD *BIO_f_prefix(void); const BIO_METHOD *BIO_s_core(void); # ifndef OPENSSL_NO_DGRAM +const BIO_METHOD *BIO_s_dgram_pair(void); const BIO_METHOD *BIO_s_datagram(void); int BIO_dgram_non_fatal_error(int error); BIO *BIO_new_dgram(int fd, int close_flag); @@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b); # ifndef OPENSSL_NO_SOCK int BIO_sock_should_retry(int i); int BIO_sock_non_fatal_error(int error); +int BIO_err_is_non_fatal(unsigned int errcode); int BIO_socket_wait(int fd, int for_read, time_t max_time); # endif int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds); @@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data, # ifndef OPENSSL_NO_SOCK BIO_ADDR *BIO_ADDR_new(void); +int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src); +BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap); int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, const void *where, size_t wherelen, unsigned short port); void BIO_ADDR_free(BIO_ADDR *); @@ -788,6 +893,7 @@ int BIO_sock_info(int sock, # define BIO_SOCK_KEEPALIVE 0x04 # define BIO_SOCK_NONBLOCK 0x08 # define BIO_SOCK_NODELAY 0x10 +# define BIO_SOCK_TFO 0x20 int BIO_socket(int domain, int socktype, int protocol, int options); int BIO_connect(int sock, const BIO_ADDR *addr, int options); @@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag); int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); +# ifndef OPENSSL_NO_DGRAM +int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1, + BIO **bio2, size_t writebuf2); +# endif + /* * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default @@ -856,18 +967,30 @@ int BIO_meth_set_write(BIO_METHOD *biom, int (*write) (BIO *, const char *, int)); int BIO_meth_set_write_ex(BIO_METHOD *biom, int (*bwrite) (BIO *, const char *, size_t, size_t *)); +int BIO_meth_set_sendmmsg(BIO_METHOD *biom, + int (*f) (BIO *, BIO_MSG *, size_t, size_t, + uint64_t, size_t *)); +int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *, + size_t, size_t, + uint64_t, size_t *); int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *); int BIO_meth_set_read(BIO_METHOD *biom, int (*read) (BIO *, char *, int)); int BIO_meth_set_read_ex(BIO_METHOD *biom, int (*bread) (BIO *, char *, size_t, size_t *)); +int BIO_meth_set_recvmmsg(BIO_METHOD *biom, + int (*f) (BIO *, BIO_MSG *, size_t, size_t, + uint64_t, size_t *)); +int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *, + size_t, size_t, + uint64_t, size_t *); int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts) (BIO *, const char *)); int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); int BIO_meth_set_gets(BIO_METHOD *biom, - int (*gets) (BIO *, char *, int)); + int (*ossl_gets) (BIO *, char *, int)); long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *)); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/bio.h.in b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/bio.h.in index c521e41e..418d1197 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/bio.h.in +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/bio.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -68,6 +68,8 @@ extern "C" { # define BIO_TYPE_DGRAM_SCTP (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) # endif # define BIO_TYPE_CORE_TO_PROV (25|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_DGRAM_PAIR (26|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_DGRAM_MEM (27|BIO_TYPE_SOURCE_SINK) #define BIO_TYPE_START 128 @@ -172,6 +174,30 @@ extern "C" { # define BIO_CTRL_SET_INDENT 80 # define BIO_CTRL_GET_INDENT 81 +# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP 82 +# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE 83 +# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE 84 +# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS 85 +# define BIO_CTRL_DGRAM_GET_CAPS 86 +# define BIO_CTRL_DGRAM_SET_CAPS 87 +# define BIO_CTRL_DGRAM_GET_NO_TRUNC 88 +# define BIO_CTRL_DGRAM_SET_NO_TRUNC 89 + +/* + * internal BIO: + * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90 + */ + +# define BIO_CTRL_GET_RPOLL_DESCRIPTOR 91 +# define BIO_CTRL_GET_WPOLL_DESCRIPTOR 92 +# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR 93 + +# define BIO_DGRAM_CAP_NONE 0U +# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR (1U << 0) +# define BIO_DGRAM_CAP_HANDLES_DST_ADDR (1U << 1) +# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR (1U << 2) +# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR (1U << 3) + # ifndef OPENSSL_NO_KTLS # define BIO_get_ktls_send(b) \ (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0) @@ -209,7 +235,7 @@ extern "C" { # define BIO_FLAGS_NONCLEAR_RST 0x400 # define BIO_FLAGS_IN_EOF 0x800 -/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */ +/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */ typedef union bio_addr_st BIO_ADDR; typedef struct bio_addrinfo_st BIO_ADDRINFO; @@ -257,12 +283,14 @@ void BIO_clear_flags(BIO *b, int flags); # define BIO_RR_ACCEPT 0x03 /* These are passed by the BIO callback */ -# define BIO_CB_FREE 0x01 -# define BIO_CB_READ 0x02 -# define BIO_CB_WRITE 0x03 -# define BIO_CB_PUTS 0x04 -# define BIO_CB_GETS 0x05 -# define BIO_CB_CTRL 0x06 +# define BIO_CB_FREE 0x01 +# define BIO_CB_READ 0x02 +# define BIO_CB_WRITE 0x03 +# define BIO_CB_PUTS 0x04 +# define BIO_CB_GETS 0x05 +# define BIO_CB_CTRL 0x06 +# define BIO_CB_RECVMMSG 0x07 +# define BIO_CB_SENDMMSG 0x08 /* * The callback is called before and after the underling operation, The @@ -339,6 +367,34 @@ struct bio_dgram_sctp_prinfo { }; # endif +/* BIO_sendmmsg/BIO_recvmmsg-related definitions */ +typedef struct bio_msg_st { + void *data; + size_t data_len; + BIO_ADDR *peer, *local; + uint64_t flags; +} BIO_MSG; + +typedef struct bio_mmsg_cb_args_st { + BIO_MSG *msg; + size_t stride, num_msg; + uint64_t flags; + size_t *msgs_processed; +} BIO_MMSG_CB_ARGS; + +#define BIO_POLL_DESCRIPTOR_TYPE_NONE 0 +#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD 1 +#define BIO_POLL_DESCRIPTOR_CUSTOM_START 8192 + +typedef struct bio_poll_descriptor_st { + uint32_t type; + union { + int fd; + void *custom; + uintptr_t custom_ui; + } value; +} BIO_POLL_DESCRIPTOR; + /* * #define BIO_CONN_get_param_hostname BIO_ctrl */ @@ -405,10 +461,17 @@ struct bio_dgram_sctp_prinfo { # define BIO_C_SET_CONNECT_MODE 155 +# define BIO_C_SET_TFO 156 /* like BIO_C_SET_NBIO */ + +# define BIO_C_SET_SOCK_TYPE 157 +# define BIO_C_GET_SOCK_TYPE 158 +# define BIO_C_GET_DGRAM_BIO 159 + # define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) # define BIO_get_app_data(s) BIO_get_ex_data(s,0) -# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) +# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) +# define BIO_set_tfo(b,n) BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL) # ifndef OPENSSL_NO_SOCK /* IP families we support, for BIO_s_connect() and BIO_s_accept() */ @@ -429,7 +492,11 @@ struct bio_dgram_sctp_prinfo { # define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)) # define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)) # define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) +# define BIO_get_conn_mode(b) BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL) # define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL) +# define BIO_set_sock_type(b,t) BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL) +# define BIO_get_sock_type(b) BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL) +# define BIO_get0_dgram_bio(b, p) BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p)) /* BIO_s_accept() */ # define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \ @@ -446,6 +513,7 @@ struct bio_dgram_sctp_prinfo { (char *)(bio)) # define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f) # define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL) +# define BIO_set_tfo_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL) /* Aliases kept for backward compatibility */ # define BIO_BIND_NORMAL 0 @@ -573,8 +641,30 @@ int BIO_ctrl_reset_read_request(BIO *b); (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer)) # define BIO_dgram_set_peer(b,peer) \ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer)) +# define BIO_dgram_detect_peer_addr(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer)) # define BIO_dgram_get_mtu_overhead(b) \ (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) +# define BIO_dgram_get_local_addr_cap(b) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL) +# define BIO_dgram_get_local_addr_enable(b, penable) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable)) +# define BIO_dgram_set_local_addr_enable(b, enable) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL) +# define BIO_dgram_get_effective_caps(b) \ + (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL) +# define BIO_dgram_get_caps(b) \ + (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL) +# define BIO_dgram_set_caps(b, caps) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL) +# define BIO_dgram_get_no_trunc(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL) +# define BIO_dgram_set_no_trunc(b, enable) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL) +# define BIO_dgram_get_mtu(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL) +# define BIO_dgram_set_mtu(b, mtu) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL) /* ctrl macros for BIO_f_prefix */ # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p)) @@ -617,10 +707,18 @@ void BIO_vfree(BIO *a); int BIO_up_ref(BIO *a); int BIO_read(BIO *b, void *data, int dlen); int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes); +__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg, + size_t stride, size_t num_msg, uint64_t flags, + size_t *msgs_processed); int BIO_gets(BIO *bp, char *buf, int size); int BIO_get_line(BIO *bio, char *buf, int size); int BIO_write(BIO *b, const void *data, int dlen); int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written); +__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg, + size_t stride, size_t num_msg, uint64_t flags, + size_t *msgs_processed); +__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc); +__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc); int BIO_puts(BIO *bp, const char *buf); int BIO_indent(BIO *b, int indent, int max); long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); @@ -644,6 +742,9 @@ int BIO_nwrite0(BIO *bio, char **buf); int BIO_nwrite(BIO *bio, char **buf, int num); const BIO_METHOD *BIO_s_mem(void); +# ifndef OPENSSL_NO_DGRAM +const BIO_METHOD *BIO_s_dgram_mem(void); +# endif const BIO_METHOD *BIO_s_secmem(void); BIO *BIO_new_mem_buf(const void *buf, int len); # ifndef OPENSSL_NO_SOCK @@ -663,6 +764,7 @@ const BIO_METHOD *BIO_f_nbio_test(void); const BIO_METHOD *BIO_f_prefix(void); const BIO_METHOD *BIO_s_core(void); # ifndef OPENSSL_NO_DGRAM +const BIO_METHOD *BIO_s_dgram_pair(void); const BIO_METHOD *BIO_s_datagram(void); int BIO_dgram_non_fatal_error(int error); BIO *BIO_new_dgram(int fd, int close_flag); @@ -681,6 +783,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b); # ifndef OPENSSL_NO_SOCK int BIO_sock_should_retry(int i); int BIO_sock_non_fatal_error(int error); +int BIO_err_is_non_fatal(unsigned int errcode); int BIO_socket_wait(int fd, int for_read, time_t max_time); # endif int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds); @@ -703,6 +806,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data, # ifndef OPENSSL_NO_SOCK BIO_ADDR *BIO_ADDR_new(void); +int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src); +BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap); int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, const void *where, size_t wherelen, unsigned short port); void BIO_ADDR_free(BIO_ADDR *); @@ -765,6 +870,7 @@ int BIO_sock_info(int sock, # define BIO_SOCK_KEEPALIVE 0x04 # define BIO_SOCK_NONBLOCK 0x08 # define BIO_SOCK_NODELAY 0x10 +# define BIO_SOCK_TFO 0x20 int BIO_socket(int domain, int socktype, int protocol, int options); int BIO_connect(int sock, const BIO_ADDR *addr, int options); @@ -782,6 +888,11 @@ BIO *BIO_new_fd(int fd, int close_flag); int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); +# ifndef OPENSSL_NO_DGRAM +int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1, + BIO **bio2, size_t writebuf2); +# endif + /* * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default @@ -833,18 +944,30 @@ int BIO_meth_set_write(BIO_METHOD *biom, int (*write) (BIO *, const char *, int)); int BIO_meth_set_write_ex(BIO_METHOD *biom, int (*bwrite) (BIO *, const char *, size_t, size_t *)); +int BIO_meth_set_sendmmsg(BIO_METHOD *biom, + int (*f) (BIO *, BIO_MSG *, size_t, size_t, + uint64_t, size_t *)); +int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *, + size_t, size_t, + uint64_t, size_t *); int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *); int BIO_meth_set_read(BIO_METHOD *biom, int (*read) (BIO *, char *, int)); int BIO_meth_set_read_ex(BIO_METHOD *biom, int (*bread) (BIO *, char *, size_t, size_t *)); +int BIO_meth_set_recvmmsg(BIO_METHOD *biom, + int (*f) (BIO *, BIO_MSG *, size_t, size_t, + uint64_t, size_t *)); +int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *, + size_t, size_t, + uint64_t, size_t *); int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts) (BIO *, const char *)); int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); int BIO_meth_set_gets(BIO_METHOD *biom, - int (*gets) (BIO *, char *, int)); + int (*ossl_gets) (BIO *, char *, int)); long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *)); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/bioerr.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/bioerr.h index 787b30af..e4fdb649 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/bioerr.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/bioerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,14 +37,18 @@ # define BIO_R_IN_USE 123 # define BIO_R_LENGTH_TOO_LONG 102 # define BIO_R_LISTEN_V6_ONLY 136 +# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE 111 # define BIO_R_LOOKUP_RETURNED_NOTHING 142 # define BIO_R_MALFORMED_HOST_OR_SERVICE 130 # define BIO_R_NBIO_CONNECT_ERROR 110 +# define BIO_R_NON_FATAL 112 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED 143 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED 144 # define BIO_R_NO_PORT_DEFINED 113 # define BIO_R_NO_SUCH_FILE 128 # define BIO_R_NULL_PARAMETER 115 /* unused */ +# define BIO_R_TFO_DISABLED 106 +# define BIO_R_TFO_NO_KERNEL_SUPPORT 108 # define BIO_R_TRANSFER_ERROR 104 # define BIO_R_TRANSFER_TIMEOUT 105 # define BIO_R_UNABLE_TO_BIND_SOCKET 117 @@ -53,6 +57,7 @@ # define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 # define BIO_R_UNABLE_TO_NODELAY 138 # define BIO_R_UNABLE_TO_REUSEADDR 139 +# define BIO_R_UNABLE_TO_TFO 109 # define BIO_R_UNAVAILABLE_IP_FAMILY 145 # define BIO_R_UNINITIALIZED 120 # define BIO_R_UNKNOWN_INFO_TYPE 140 @@ -61,5 +66,7 @@ # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY 131 # define BIO_R_WRITE_TO_READ_ONLY_BIO 126 # define BIO_R_WSASTARTUP 122 +# define BIO_R_PORT_MISMATCH 150 +# define BIO_R_PEER_ADDR_NOT_AVAILABLE 151 #endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/bn.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/bn.h index 27b127a5..ea706dca 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/bn.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/bn.h @@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a); BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); void BN_swap(BIGNUM *a, BIGNUM *b); BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret); int BN_bn2bin(const BIGNUM *a, unsigned char *to); int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); +int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen); BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); +int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen); BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret); +BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret); int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen); +int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen); BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); int BN_bn2mpi(const BIGNUM *a, unsigned char *to); int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cmp.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cmp.h index 49825570..60beffd5 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cmp.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cmp.h @@ -35,7 +35,9 @@ extern "C" { # endif -# define OSSL_CMP_PVNO 2 +# define OSSL_CMP_PVNO_2 2 +# define OSSL_CMP_PVNO_3 3 +# define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */ /*- * PKIFailureInfo ::= BIT STRING { @@ -137,7 +139,6 @@ extern "C" { # if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX # error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int # endif - typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; # define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0) @@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; # define OSSL_CMP_PKISTATUS_revocationWarning 4 # define OSSL_CMP_PKISTATUS_revocationNotification 5 # define OSSL_CMP_PKISTATUS_keyUpdateWarning 6 - typedef ASN1_INTEGER OSSL_CMP_PKISTATUS; + DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS) # define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0 @@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, OSSL_CMP_ITAV *itav); void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); + +OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts); +int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out); + +OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert); +int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out); +OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew, + const X509 *newWithOld, + const X509 *oldWithNew); +int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav, + X509 **newWithNew, + X509 **newWithOld, + X509 **oldWithNew); + void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); /* from cmp_ctx.c */ OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq); void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx); +OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx); +const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx); /* CMP general options: */ # define OSSL_CMP_OPT_LOG_VERBOSITY 0 /* CMP transfer options: */ -# define OSSL_CMP_OPT_KEEP_ALIVE 10 -# define OSSL_CMP_OPT_MSG_TIMEOUT 11 +# define OSSL_CMP_OPT_KEEP_ALIVE 10 +# define OSSL_CMP_OPT_MSG_TIMEOUT 11 # define OSSL_CMP_OPT_TOTAL_TIMEOUT 12 +# define OSSL_CMP_OPT_USE_TLS 13 /* CMP request options: */ # define OSSL_CMP_OPT_VALIDITY_DAYS 20 # define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21 @@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address); int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port); int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name); int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names); +# ifndef OPENSSL_NO_HTTP int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb); int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg); void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx); +# endif typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req); int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb); @@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert); int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name); int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store); +# define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx); +# define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs); STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx); /* client authentication: */ @@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey); EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv); int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name); +int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn); int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name); int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, const GENERAL_NAME *name); @@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx); OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx); # define OSSL_CMP_PKISI_BUFLEN 1024 +X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx); X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx); STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx); STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx); @@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, X509_STORE *trusted_store, X509 *cert); /* from cmp_http.c */ +# ifndef OPENSSL_NO_HTTP OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req); +# endif /* from cmp_server.c */ typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX; @@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx); STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx); +/* from cmp_genm.c */ +int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out); +int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx, + const X509 *oldWithOld, X509 **newWithNew, + X509 **newWithOld, X509 **oldWithNew); + # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cmp.h.in b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cmp.h.in index fb5ae671..5bd8beb5 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cmp.h.in +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cmp.h.in @@ -36,7 +36,9 @@ use OpenSSL::stackhash qw(generate_stack_macros); extern "C" { # endif -# define OSSL_CMP_PVNO 2 +# define OSSL_CMP_PVNO_2 2 +# define OSSL_CMP_PVNO_3 3 +# define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */ /*- * PKIFailureInfo ::= BIT STRING { @@ -138,7 +140,6 @@ extern "C" { # if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX # error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int # endif - typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; # define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0) @@ -204,8 +205,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; # define OSSL_CMP_PKISTATUS_revocationWarning 4 # define OSSL_CMP_PKISTATUS_revocationNotification 5 # define OSSL_CMP_PKISTATUS_keyUpdateWarning 6 - typedef ASN1_INTEGER OSSL_CMP_PKISTATUS; + DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS) # define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0 @@ -259,18 +260,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, OSSL_CMP_ITAV *itav); void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); + +OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts); +int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out); + +OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert); +int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out); +OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew, + const X509 *newWithOld, + const X509 *oldWithNew); +int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav, + X509 **newWithNew, + X509 **newWithOld, + X509 **oldWithNew); + void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); /* from cmp_ctx.c */ OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq); void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx); +OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx); +const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx); /* CMP general options: */ # define OSSL_CMP_OPT_LOG_VERBOSITY 0 /* CMP transfer options: */ -# define OSSL_CMP_OPT_KEEP_ALIVE 10 -# define OSSL_CMP_OPT_MSG_TIMEOUT 11 +# define OSSL_CMP_OPT_KEEP_ALIVE 10 +# define OSSL_CMP_OPT_MSG_TIMEOUT 11 # define OSSL_CMP_OPT_TOTAL_TIMEOUT 12 +# define OSSL_CMP_OPT_USE_TLS 13 /* CMP request options: */ # define OSSL_CMP_OPT_VALIDITY_DAYS 20 # define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21 @@ -301,9 +319,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address); int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port); int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name); int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names); +# ifndef OPENSSL_NO_HTTP int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb); int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg); void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx); +# endif typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req); int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb); @@ -313,7 +333,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert); int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name); int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store); +# define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx); +# define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs); STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx); /* client authentication: */ @@ -335,6 +357,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey); EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv); int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name); +int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn); int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name); int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, const GENERAL_NAME *name); @@ -358,6 +381,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx); OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx); # define OSSL_CMP_PKISI_BUFLEN 1024 +X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx); X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx); STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx); STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx); @@ -398,8 +422,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, X509_STORE *trusted_store, X509 *cert); /* from cmp_http.c */ +# ifndef OPENSSL_NO_HTTP OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req); +# endif /* from cmp_server.c */ typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX; @@ -471,6 +497,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx); STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx); +/* from cmp_genm.c */ +int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out); +int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx, + const X509 *oldWithOld, X509 **newWithNew, + X509 **newWithOld, X509 **oldWithNew); + # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cmperr.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cmperr.h index 49fd5e39..57a6effb 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cmperr.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cmperr.h @@ -59,8 +59,11 @@ # define CMP_R_FAILED_EXTRACTING_PUBKEY 141 # define CMP_R_FAILURE_OBTAINING_RANDOM 110 # define CMP_R_FAIL_INFO_OUT_OF_RANGE 129 +# define CMP_R_GETTING_GENP 192 # define CMP_R_INVALID_ARGS 100 +# define CMP_R_INVALID_GENP 193 # define CMP_R_INVALID_OPTION 174 +# define CMP_R_INVALID_ROOTCAKEYUPDATE 195 # define CMP_R_MISSING_CERTID 165 # define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION 130 # define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE 142 @@ -94,6 +97,7 @@ # define CMP_R_TOTAL_TIMEOUT 184 # define CMP_R_TRANSACTIONID_UNMATCHED 152 # define CMP_R_TRANSFER_ERROR 159 +# define CMP_R_UNCLEAN_CTX 191 # define CMP_R_UNEXPECTED_PKIBODY 133 # define CMP_R_UNEXPECTED_PKISTATUS 185 # define CMP_R_UNEXPECTED_PVNO 153 diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cms.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cms.h index 3b453e6a..fe86a5c7 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cms.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cms.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/cms.h.in * - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -31,8 +31,10 @@ extern "C" { # endif +typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; typedef struct CMS_ContentInfo_st CMS_ContentInfo; typedef struct CMS_SignerInfo_st CMS_SignerInfo; +typedef struct CMS_SignedData_st CMS_SignedData; typedef struct CMS_CertificateChoices CMS_CertificateChoices; typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; @@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice, #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp))) +DECLARE_ASN1_ITEM(CMS_EnvelopedData) +DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData) DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) @@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); +int CMS_final_digest(CMS_ContentInfo *cms, + const unsigned char *md, unsigned int mdlen, BIO *dcont, + unsigned int flags); CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, unsigned int flags); CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, - unsigned int flags, OSSL_LIB_CTX *ctx, + unsigned int flags, OSSL_LIB_CTX *libctx, const char *propq); CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, @@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags, - OSSL_LIB_CTX *ctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags); CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, unsigned int flags); CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md, - unsigned int flags, OSSL_LIB_CTX *ctx, + unsigned int flags, OSSL_LIB_CTX *libctx, const char *propq); int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key, size_t keylen, BIO *dcont, BIO *out, unsigned int flags); - CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen, unsigned int flags); CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen, unsigned int flags, - OSSL_LIB_CTX *ctx, + OSSL_LIB_CTX *libctx, const char *propq); int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, @@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, unsigned int flags); CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, unsigned int flags, - OSSL_LIB_CTX *ctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, BIO *dcont, BIO *out, unsigned int flags); @@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri); CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher); CMS_ContentInfo * -CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx, +CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx, const char *propq); CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher, - OSSL_LIB_CTX *ctx, + OSSL_LIB_CTX *libctx, const char *propq); +BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data, + EVP_PKEY *pkey, X509 *cert, + ASN1_OCTET_STRING *secret, unsigned int flags, + OSSL_LIB_CTX *libctx, const char *propq); CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, unsigned int flags); @@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); int CMS_SignerInfo_sign(CMS_SignerInfo *si); int CMS_SignerInfo_verify(CMS_SignerInfo *si); int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); +BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data, + STACK_OF(X509) *scerts, X509_STORE *store, + STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls, + unsigned int flags, + OSSL_LIB_CTX *libctx, const char *propq); int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, @@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex( unsigned char *id, int idlen, int allorfirst, STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo, - OSSL_LIB_CTX *ctx); + OSSL_LIB_CTX *libctx); int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cms.h.in b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cms.h.in index da20ddf2..23966770 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cms.h.in +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cms.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,8 +32,10 @@ use OpenSSL::stackhash qw(generate_stack_macros); extern "C" { # endif +typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; typedef struct CMS_ContentInfo_st CMS_ContentInfo; typedef struct CMS_SignerInfo_st CMS_SignerInfo; +typedef struct CMS_SignedData_st CMS_SignedData; typedef struct CMS_CertificateChoices CMS_CertificateChoices; typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; @@ -49,6 +51,8 @@ typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; .generate_stack_macros("CMS_RevocationInfoChoice"); -} +DECLARE_ASN1_ITEM(CMS_EnvelopedData) +DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData) DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) @@ -119,13 +123,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); +int CMS_final_digest(CMS_ContentInfo *cms, + const unsigned char *md, unsigned int mdlen, BIO *dcont, + unsigned int flags); CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, unsigned int flags); CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, - unsigned int flags, OSSL_LIB_CTX *ctx, + unsigned int flags, OSSL_LIB_CTX *libctx, const char *propq); CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, @@ -135,27 +142,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags, - OSSL_LIB_CTX *ctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags); CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, unsigned int flags); CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md, - unsigned int flags, OSSL_LIB_CTX *ctx, + unsigned int flags, OSSL_LIB_CTX *libctx, const char *propq); int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key, size_t keylen, BIO *dcont, BIO *out, unsigned int flags); - CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen, unsigned int flags); CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen, unsigned int flags, - OSSL_LIB_CTX *ctx, + OSSL_LIB_CTX *libctx, const char *propq); int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, @@ -174,7 +180,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, unsigned int flags); CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, unsigned int flags, - OSSL_LIB_CTX *ctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, BIO *dcont, BIO *out, unsigned int flags); @@ -193,12 +199,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri); CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher); CMS_ContentInfo * -CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx, +CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx, const char *propq); CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher, - OSSL_LIB_CTX *ctx, + OSSL_LIB_CTX *libctx, const char *propq); +BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data, + EVP_PKEY *pkey, X509 *cert, + ASN1_OCTET_STRING *secret, unsigned int flags, + OSSL_LIB_CTX *libctx, const char *propq); CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, unsigned int flags); @@ -287,6 +297,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); int CMS_SignerInfo_sign(CMS_SignerInfo *si); int CMS_SignerInfo_verify(CMS_SignerInfo *si); int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); +BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data, + STACK_OF(X509) *scerts, X509_STORE *store, + STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls, + unsigned int flags, + OSSL_LIB_CTX *libctx, const char *propq); int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, @@ -343,7 +358,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex( unsigned char *id, int idlen, int allorfirst, STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo, - OSSL_LIB_CTX *ctx); + OSSL_LIB_CTX *libctx); int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cmserr.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cmserr.h index f2d7708f..887035b1 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cmserr.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/cmserr.h @@ -86,6 +86,7 @@ # define CMS_R_NO_PUBLIC_KEY 134 # define CMS_R_NO_RECEIPT_REQUEST 168 # define CMS_R_NO_SIGNERS 135 +# define CMS_R_OPERATION_UNSUPPORTED 182 # define CMS_R_PEER_KEY_ERROR 188 # define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 # define CMS_R_RECEIPT_DECODE_ERROR 169 diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/comp.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/comp.h index 06ff5810..f81ba0f3 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/comp.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/comp.h @@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, unsigned char *in, int ilen); COMP_METHOD *COMP_zlib(void); +COMP_METHOD *COMP_zlib_oneshot(void); +COMP_METHOD *COMP_brotli(void); +COMP_METHOD *COMP_brotli_oneshot(void); +COMP_METHOD *COMP_zstd(void); +COMP_METHOD *COMP_zstd_oneshot(void); #ifndef OPENSSL_NO_DEPRECATED_1_1_0 # define COMP_zlib_cleanup() while(0) continue #endif # ifdef OPENSSL_BIO_H -# ifdef ZLIB const BIO_METHOD *BIO_f_zlib(void); -# endif +const BIO_METHOD *BIO_f_brotli(void); +const BIO_METHOD *BIO_f_zstd(void); # endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/comperr.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/comperr.h index 01dd3e6b..1948d37f 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/comperr.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/comperr.h @@ -23,9 +23,16 @@ /* * COMP reason codes. */ +# define COMP_R_BROTLI_DECODE_ERROR 102 +# define COMP_R_BROTLI_ENCODE_ERROR 103 +# define COMP_R_BROTLI_NOT_SUPPORTED 104 # define COMP_R_ZLIB_DEFLATE_ERROR 99 # define COMP_R_ZLIB_INFLATE_ERROR 100 # define COMP_R_ZLIB_NOT_SUPPORTED 101 +# define COMP_R_ZSTD_COMPRESS_ERROR 105 +# define COMP_R_ZSTD_DECODE_ERROR 106 +# define COMP_R_ZSTD_DECOMPRESS_ERROR 107 +# define COMP_R_ZSTD_NOT_SUPPORTED 108 # endif #endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/conf.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/conf.h index e8fcf315..61bb0087 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/conf.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/conf.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/conf.h.in * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/conf.h.in b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/conf.h.in index 044b3eb5..56632870 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/conf.h.in +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/conf.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/configuration.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/configuration.h index 650b8e49..712dcded 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/configuration.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/configuration.h @@ -30,7 +30,7 @@ extern "C" { # ifndef OPENSSL_SYS_iOS # define OPENSSL_SYS_iOS 1 # endif -# define OPENSSL_CONFIGURED_API 30100 +# define OPENSSL_CONFIGURED_API 30200 # ifndef OPENSSL_RAND_SEED_OS # define OPENSSL_RAND_SEED_OS # endif @@ -46,12 +46,21 @@ extern "C" { # ifndef OPENSSL_NO_ASYNC # define OPENSSL_NO_ASYNC # endif +# ifndef OPENSSL_NO_BROTLI +# define OPENSSL_NO_BROTLI +# endif +# ifndef OPENSSL_NO_BROTLI_DYNAMIC +# define OPENSSL_NO_BROTLI_DYNAMIC +# endif # ifndef OPENSSL_NO_CRYPTO_MDEBUG # define OPENSSL_NO_CRYPTO_MDEBUG # endif # ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE # define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE # endif +# ifndef OPENSSL_NO_DEFAULT_THREAD_POOL +# define OPENSSL_NO_DEFAULT_THREAD_POOL +# endif # ifndef OPENSSL_NO_DEVCRYPTOENG # define OPENSSL_NO_DEVCRYPTOENG # endif @@ -100,6 +109,12 @@ extern "C" { # ifndef OPENSSL_NO_TESTS # define OPENSSL_NO_TESTS # endif +# ifndef OPENSSL_NO_TFO +# define OPENSSL_NO_TFO +# endif +# ifndef OPENSSL_NO_THREAD_POOL +# define OPENSSL_NO_THREAD_POOL +# endif # ifndef OPENSSL_NO_TRACE # define OPENSSL_NO_TRACE # endif @@ -115,6 +130,21 @@ extern "C" { # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS # define OPENSSL_NO_WEAK_SSL_CIPHERS # endif +# ifndef OPENSSL_NO_WINSTORE +# define OPENSSL_NO_WINSTORE +# endif +# ifndef OPENSSL_NO_ZLIB +# define OPENSSL_NO_ZLIB +# endif +# ifndef OPENSSL_NO_ZLIB_DYNAMIC +# define OPENSSL_NO_ZLIB_DYNAMIC +# endif +# ifndef OPENSSL_NO_ZSTD +# define OPENSSL_NO_ZSTD +# endif +# ifndef OPENSSL_NO_ZSTD_DYNAMIC +# define OPENSSL_NO_ZSTD_DYNAMIC +# endif # ifndef OPENSSL_NO_DYNAMIC_ENGINE # define OPENSSL_NO_DYNAMIC_ENGINE # endif @@ -136,6 +166,12 @@ extern "C" { # define RC4_INT unsigned char +# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB)) +# define OPENSSL_NO_COMP_ALG +# else +# undef OPENSSL_NO_COMP_ALG +# endif + # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/configuration.h.in b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/configuration.h.in index b84dc1df..86077d0a 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/configuration.h.in +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/configuration.h.in @@ -62,6 +62,12 @@ extern "C" { # define RC4_INT {- $config{rc4_int} -} +# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB)) +# define OPENSSL_NO_COMP_ALG +# else +# undef OPENSSL_NO_COMP_ALG +# endif + # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/core.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/core.h index 9683ac70..18c19918 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/core.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/core.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,6 +42,9 @@ struct ossl_dispatch_st { void (*function)(void); }; +# define OSSL_DISPATCH_END \ + { 0, NULL } + /* * Other items, essentially an int<->pointer map element. * diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/core_dispatch.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/core_dispatch.h index 61d75a38..9b03f20c 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/core_dispatch.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/core_dispatch.h @@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types, OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup, (const void *keydata_from, int selection)) +/* Extended import and export functions */ +# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX 45 +# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX 46 +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex, + (void *provctx, int selection)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex, + (void *provctx, int selection)) + /* Key Exchange */ # define OSSL_FUNC_KEYEXCH_NEWCTX 1 @@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params, # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS 9 # define OSSL_FUNC_KEM_SET_CTX_PARAMS 10 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS 11 +# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT 12 +# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT 13 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx)) OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey, + void *authprivkey, + const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx, unsigned char *out, size_t *outlen, unsigned char *secret, size_t *secretlen)) OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey, + void *authpubkey, + const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen)) @@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object, #define OSSL_FUNC_STORE_EOF 6 #define OSSL_FUNC_STORE_CLOSE 7 #define OSSL_FUNC_STORE_EXPORT_OBJECT 8 +#define OSSL_FUNC_STORE_DELETE 9 +#define OSSL_FUNC_STORE_OPEN_EX 10 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri)) OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in)) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params, @@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx)) OSSL_CORE_MAKE_FUNC(int, store_export_object, (void *loaderctx, const void *objref, size_t objref_sz, OSSL_CALLBACK *export_cb, void *export_cbarg)) +OSSL_CORE_MAKE_FUNC(int, store_delete, + (void *provctx, const char *uri, const OSSL_PARAM params[], + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)) +OSSL_CORE_MAKE_FUNC(void *, store_open_ex, + (void *provctx, const char *uri, const OSSL_PARAM params[], + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)) # ifdef __cplusplus } diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/core_names.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/core_names.h index 0a6ec1bb..ffffe90f 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/core_names.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/core_names.h @@ -1,4 +1,7 @@ /* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/core_names.h.in + * * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -7,6 +10,7 @@ * https://www.openssl.org/source/license.html */ + #ifndef OPENSSL_CORE_NAMES_H # define OPENSSL_CORE_NAMES_H # pragma once @@ -15,544 +19,454 @@ extern "C" { # endif -/* Well known parameter names that core passes to providers */ -#define OSSL_PROV_PARAM_CORE_VERSION "openssl-version" /* utf8_ptr */ -#define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name" /* utf8_ptr */ -#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */ - -/* Well known parameter names that Providers can define */ -#define OSSL_PROV_PARAM_NAME "name" /* utf8_ptr */ -#define OSSL_PROV_PARAM_VERSION "version" /* utf8_ptr */ -#define OSSL_PROV_PARAM_BUILDINFO "buildinfo" /* utf8_ptr */ -#define OSSL_PROV_PARAM_STATUS "status" /* uint */ -#define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks" /* uint */ -#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check" /* uint */ -#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md" /* uint */ - -/* Self test callback parameters */ -#define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase" /* utf8_string */ -#define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type" /* utf8_string */ -#define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc" /* utf8_string */ - -/*- - * Provider-native object abstractions - * - * These are used when a provider wants to pass object data or an object - * reference back to libcrypto. This is only useful for provider functions - * that take a callback to which an OSSL_PARAM array with these parameters - * can be passed. - * - * This set of parameter names is explained in detail in provider-object(7) - * (doc/man7/provider-object.pod) - */ -#define OSSL_OBJECT_PARAM_TYPE "type" /* INTEGER */ -#define OSSL_OBJECT_PARAM_DATA_TYPE "data-type" /* UTF8_STRING */ -#define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure" /* UTF8_STRING */ -#define OSSL_OBJECT_PARAM_REFERENCE "reference" /* OCTET_STRING */ -#define OSSL_OBJECT_PARAM_DATA "data" /* OCTET_STRING or UTF8_STRING */ -#define OSSL_OBJECT_PARAM_DESC "desc" /* UTF8_STRING */ - -/* - * Algorithm parameters - * If "engine" or "properties" are specified, they should always be paired - * with the algorithm type. - * Note these are common names that are shared by many types (such as kdf, mac, - * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below. - */ -#define OSSL_ALG_PARAM_DIGEST "digest" /* utf8_string */ -#define OSSL_ALG_PARAM_CIPHER "cipher" /* utf8_string */ -#define OSSL_ALG_PARAM_ENGINE "engine" /* utf8_string */ -#define OSSL_ALG_PARAM_MAC "mac" /* utf8_string */ -#define OSSL_ALG_PARAM_PROPERTIES "properties"/* utf8_string */ - -/* cipher parameters */ -#define OSSL_CIPHER_PARAM_PADDING "padding" /* uint */ -#define OSSL_CIPHER_PARAM_USE_BITS "use-bits" /* uint */ -#define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version" /* uint */ -#define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac" /* octet_ptr */ -#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size" /* size_t */ -#define OSSL_CIPHER_PARAM_MODE "mode" /* uint */ -#define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" /* size_t */ -#define OSSL_CIPHER_PARAM_AEAD "aead" /* int, 0 or 1 */ -#define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv" /* int, 0 or 1 */ -#define OSSL_CIPHER_PARAM_CTS "cts" /* int, 0 or 1 */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi" /* int, 0 or 1 */ -#define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey" /* int, 0 or 1 */ -#define OSSL_CIPHER_PARAM_KEYLEN "keylen" /* size_t */ -#define OSSL_CIPHER_PARAM_IVLEN "ivlen" /* size_t */ -#define OSSL_CIPHER_PARAM_IV "iv" /* octet_string OR octet_ptr */ -#define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv" /* octet_string OR octet_ptr */ -#define OSSL_CIPHER_PARAM_NUM "num" /* uint */ -#define OSSL_CIPHER_PARAM_ROUNDS "rounds" /* uint */ -#define OSSL_CIPHER_PARAM_AEAD_TAG "tag" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad" /* size_t */ -#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN -#define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen" /* size_t */ -#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey" /* octet_string */ -#define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey" /* octet_string */ -#define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits" /* size_t */ -#define OSSL_CIPHER_PARAM_SPEED "speed" /* uint */ -#define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode" /* utf8_string */ -/* For passing the AlgorithmIdentifier parameter in DER form */ -#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param" /* octet_string */ - -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT \ - "tls1multi_maxsndfrag" /* uint */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE \ - "tls1multi_maxbufsz" /* size_t */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE \ - "tls1multi_interleave" /* uint */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD \ - "tls1multi_aad" /* octet_string */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN \ - "tls1multi_aadpacklen" /* uint */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC \ - "tls1multi_enc" /* octet_string */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN \ - "tls1multi_encin" /* octet_string */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN \ - "tls1multi_enclen" /* size_t */ - /* OSSL_CIPHER_PARAM_CTS_MODE Values */ -#define OSSL_CIPHER_CTS_MODE_CS1 "CS1" -#define OSSL_CIPHER_CTS_MODE_CS2 "CS2" -#define OSSL_CIPHER_CTS_MODE_CS3 "CS3" +# define OSSL_CIPHER_CTS_MODE_CS1 "CS1" +# define OSSL_CIPHER_CTS_MODE_CS2 "CS2" +# define OSSL_CIPHER_CTS_MODE_CS3 "CS3" -/* digest parameters */ -#define OSSL_DIGEST_PARAM_XOFLEN "xoflen" /* size_t */ -#define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms" /* octet string */ -#define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type" /* uint */ -#define OSSL_DIGEST_PARAM_MICALG "micalg" /* utf8 string */ -#define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize" /* size_t */ -#define OSSL_DIGEST_PARAM_SIZE "size" /* size_t */ -#define OSSL_DIGEST_PARAM_XOF "xof" /* int, 0 or 1 */ -#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent" /* int, 0 or 1 */ +/* Known CIPHER names (not a complete list) */ +# define OSSL_CIPHER_NAME_AES_128_GCM_SIV "AES-128-GCM-SIV" +# define OSSL_CIPHER_NAME_AES_192_GCM_SIV "AES-192-GCM-SIV" +# define OSSL_CIPHER_NAME_AES_256_GCM_SIV "AES-256-GCM-SIV" /* Known DIGEST names (not a complete list) */ -#define OSSL_DIGEST_NAME_MD5 "MD5" -#define OSSL_DIGEST_NAME_MD5_SHA1 "MD5-SHA1" -#define OSSL_DIGEST_NAME_SHA1 "SHA1" -#define OSSL_DIGEST_NAME_SHA2_224 "SHA2-224" -#define OSSL_DIGEST_NAME_SHA2_256 "SHA2-256" -#define OSSL_DIGEST_NAME_SHA2_384 "SHA2-384" -#define OSSL_DIGEST_NAME_SHA2_512 "SHA2-512" -#define OSSL_DIGEST_NAME_SHA2_512_224 "SHA2-512/224" -#define OSSL_DIGEST_NAME_SHA2_512_256 "SHA2-512/256" -#define OSSL_DIGEST_NAME_MD2 "MD2" -#define OSSL_DIGEST_NAME_MD4 "MD4" -#define OSSL_DIGEST_NAME_MDC2 "MDC2" -#define OSSL_DIGEST_NAME_RIPEMD160 "RIPEMD160" -#define OSSL_DIGEST_NAME_SHA3_224 "SHA3-224" -#define OSSL_DIGEST_NAME_SHA3_256 "SHA3-256" -#define OSSL_DIGEST_NAME_SHA3_384 "SHA3-384" -#define OSSL_DIGEST_NAME_SHA3_512 "SHA3-512" -#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128" -#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256" -#define OSSL_DIGEST_NAME_SM3 "SM3" - -/* MAC parameters */ -#define OSSL_MAC_PARAM_KEY "key" /* octet string */ -#define OSSL_MAC_PARAM_IV "iv" /* octet string */ -#define OSSL_MAC_PARAM_CUSTOM "custom" /* utf8 string */ -#define OSSL_MAC_PARAM_SALT "salt" /* octet string */ -#define OSSL_MAC_PARAM_XOF "xof" /* int, 0 or 1 */ -#define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit" /* int, 0 or 1 */ -#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */ -#define OSSL_MAC_PARAM_C_ROUNDS "c-rounds" /* unsigned int */ -#define OSSL_MAC_PARAM_D_ROUNDS "d-rounds" /* unsigned int */ - -/* - * If "engine" or "properties" are specified, they should always be paired - * with "cipher" or "digest". - */ -#define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ -#define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */ -#define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* utf8 string */ -#define OSSL_MAC_PARAM_SIZE "size" /* size_t */ -#define OSSL_MAC_PARAM_BLOCK_SIZE "block-size" /* size_t */ -#define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size" /* size_t */ +# define OSSL_DIGEST_NAME_MD5 "MD5" +# define OSSL_DIGEST_NAME_MD5_SHA1 "MD5-SHA1" +# define OSSL_DIGEST_NAME_SHA1 "SHA1" +# define OSSL_DIGEST_NAME_SHA2_224 "SHA2-224" +# define OSSL_DIGEST_NAME_SHA2_256 "SHA2-256" +# define OSSL_DIGEST_NAME_SHA2_256_192 "SHA2-256/192" +# define OSSL_DIGEST_NAME_SHA2_384 "SHA2-384" +# define OSSL_DIGEST_NAME_SHA2_512 "SHA2-512" +# define OSSL_DIGEST_NAME_SHA2_512_224 "SHA2-512/224" +# define OSSL_DIGEST_NAME_SHA2_512_256 "SHA2-512/256" +# define OSSL_DIGEST_NAME_MD2 "MD2" +# define OSSL_DIGEST_NAME_MD4 "MD4" +# define OSSL_DIGEST_NAME_MDC2 "MDC2" +# define OSSL_DIGEST_NAME_RIPEMD160 "RIPEMD160" +# define OSSL_DIGEST_NAME_SHA3_224 "SHA3-224" +# define OSSL_DIGEST_NAME_SHA3_256 "SHA3-256" +# define OSSL_DIGEST_NAME_SHA3_384 "SHA3-384" +# define OSSL_DIGEST_NAME_SHA3_512 "SHA3-512" +# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128" +# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256" +# define OSSL_DIGEST_NAME_SM3 "SM3" /* Known MAC names */ -#define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC" -#define OSSL_MAC_NAME_BLAKE2SMAC "BLAKE2SMAC" -#define OSSL_MAC_NAME_CMAC "CMAC" -#define OSSL_MAC_NAME_GMAC "GMAC" -#define OSSL_MAC_NAME_HMAC "HMAC" -#define OSSL_MAC_NAME_KMAC128 "KMAC128" -#define OSSL_MAC_NAME_KMAC256 "KMAC256" -#define OSSL_MAC_NAME_POLY1305 "POLY1305" -#define OSSL_MAC_NAME_SIPHASH "SIPHASH" - -/* KDF / PRF parameters */ -#define OSSL_KDF_PARAM_SECRET "secret" /* octet string */ -#define OSSL_KDF_PARAM_KEY "key" /* octet string */ -#define OSSL_KDF_PARAM_SALT "salt" /* octet string */ -#define OSSL_KDF_PARAM_PASSWORD "pass" /* octet string */ -#define OSSL_KDF_PARAM_PREFIX "prefix" /* octet string */ -#define OSSL_KDF_PARAM_LABEL "label" /* octet string */ -#define OSSL_KDF_PARAM_DATA "data" /* octet string */ -#define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */ -#define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ -#define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC /* utf8 string */ -#define OSSL_KDF_PARAM_MAC_SIZE "maclen" /* size_t */ -#define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* utf8 string */ -#define OSSL_KDF_PARAM_ITER "iter" /* unsigned int */ -#define OSSL_KDF_PARAM_MODE "mode" /* utf8 string or int */ -#define OSSL_KDF_PARAM_PKCS5 "pkcs5" /* int */ -#define OSSL_KDF_PARAM_UKM "ukm" /* octet string */ -#define OSSL_KDF_PARAM_CEK_ALG "cekalg" /* utf8 string */ -#define OSSL_KDF_PARAM_SCRYPT_N "n" /* uint64_t */ -#define OSSL_KDF_PARAM_SCRYPT_R "r" /* uint32_t */ -#define OSSL_KDF_PARAM_SCRYPT_P "p" /* uint32_t */ -#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */ -#define OSSL_KDF_PARAM_INFO "info" /* octet string */ -#define OSSL_KDF_PARAM_SEED "seed" /* octet string */ -#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */ -#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */ -#define OSSL_KDF_PARAM_SSHKDF_TYPE "type" /* int */ -#define OSSL_KDF_PARAM_SIZE "size" /* size_t */ -#define OSSL_KDF_PARAM_CONSTANT "constant" /* octet string */ -#define OSSL_KDF_PARAM_PKCS12_ID "id" /* int */ -#define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" /* int */ -#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator" /* int */ -#define OSSL_KDF_PARAM_KBKDF_R "r" /* int */ -#define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info" -#define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info" -#define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info" -#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo" -#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo" -#define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits" +# define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC" +# define OSSL_MAC_NAME_BLAKE2SMAC "BLAKE2SMAC" +# define OSSL_MAC_NAME_CMAC "CMAC" +# define OSSL_MAC_NAME_GMAC "GMAC" +# define OSSL_MAC_NAME_HMAC "HMAC" +# define OSSL_MAC_NAME_KMAC128 "KMAC128" +# define OSSL_MAC_NAME_KMAC256 "KMAC256" +# define OSSL_MAC_NAME_POLY1305 "POLY1305" +# define OSSL_MAC_NAME_SIPHASH "SIPHASH" /* Known KDF names */ -#define OSSL_KDF_NAME_HKDF "HKDF" -#define OSSL_KDF_NAME_TLS1_3_KDF "TLS13-KDF" -#define OSSL_KDF_NAME_PBKDF1 "PBKDF1" -#define OSSL_KDF_NAME_PBKDF2 "PBKDF2" -#define OSSL_KDF_NAME_SCRYPT "SCRYPT" -#define OSSL_KDF_NAME_SSHKDF "SSHKDF" -#define OSSL_KDF_NAME_SSKDF "SSKDF" -#define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF" -#define OSSL_KDF_NAME_X942KDF_ASN1 "X942KDF-ASN1" -#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT" -#define OSSL_KDF_NAME_X963KDF "X963KDF" -#define OSSL_KDF_NAME_KBKDF "KBKDF" -#define OSSL_KDF_NAME_KRB5KDF "KRB5KDF" - -/* Known RAND names */ -#define OSSL_RAND_PARAM_STATE "state" -#define OSSL_RAND_PARAM_STRENGTH "strength" -#define OSSL_RAND_PARAM_MAX_REQUEST "max_request" -#define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy" -#define OSSL_RAND_PARAM_TEST_NONCE "test_nonce" -#define OSSL_RAND_PARAM_GENERATE "generate" - -/* RAND/DRBG names */ -#define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests" -#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval" -#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen" -#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen" -#define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen" -#define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen" -#define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen" -#define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen" -#define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter" -#define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time" -#define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES -#define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST -#define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER -#define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC -#define OSSL_DRBG_PARAM_USE_DF "use_derivation_function" - -/* DRBG call back parameters */ -#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required" -#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance" -#define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length" -#define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length" -#define OSSL_DRBG_PARAM_RANDOM_DATA "random_data" -#define OSSL_DRBG_PARAM_SIZE "size" - -/* PKEY parameters */ -/* Common PKEY parameters */ -#define OSSL_PKEY_PARAM_BITS "bits" /* integer */ -#define OSSL_PKEY_PARAM_MAX_SIZE "max-size" /* integer */ -#define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits" /* integer */ -#define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST -#define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ -#define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE /* utf8 string */ -#define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES -#define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest" /* utf8 string */ -#define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest" /* utf8 string */ -#define OSSL_PKEY_PARAM_PAD_MODE "pad-mode" -#define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size" -#define OSSL_PKEY_PARAM_MASKGENFUNC "mgf" -#define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest" -#define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties" -#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key" -#define OSSL_PKEY_PARAM_GROUP_NAME "group" -#define OSSL_PKEY_PARAM_DIST_ID "distid" -#define OSSL_PKEY_PARAM_PUB_KEY "pub" -#define OSSL_PKEY_PARAM_PRIV_KEY "priv" - -/* Diffie-Hellman/DSA Parameters */ -#define OSSL_PKEY_PARAM_FFC_P "p" -#define OSSL_PKEY_PARAM_FFC_G "g" -#define OSSL_PKEY_PARAM_FFC_Q "q" -#define OSSL_PKEY_PARAM_FFC_GINDEX "gindex" -#define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter" -#define OSSL_PKEY_PARAM_FFC_SEED "seed" -#define OSSL_PKEY_PARAM_FFC_COFACTOR "j" -#define OSSL_PKEY_PARAM_FFC_H "hindex" -#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq" -#define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g" -#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy" - -/* Diffie-Hellman params */ -#define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator" -#define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len" - -/* Elliptic Curve Domain Parameters */ -#define OSSL_PKEY_PARAM_EC_PUB_X "qx" -#define OSSL_PKEY_PARAM_EC_PUB_Y "qy" - -/* Elliptic Curve Explicit Domain Parameters */ -#define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type" -#define OSSL_PKEY_PARAM_EC_P "p" -#define OSSL_PKEY_PARAM_EC_A "a" -#define OSSL_PKEY_PARAM_EC_B "b" -#define OSSL_PKEY_PARAM_EC_GENERATOR "generator" -#define OSSL_PKEY_PARAM_EC_ORDER "order" -#define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor" -#define OSSL_PKEY_PARAM_EC_SEED "seed" -#define OSSL_PKEY_PARAM_EC_CHAR2_M "m" -#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type" -#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp" -#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1" -#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2" -#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3" -#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit" - -/* Elliptic Curve Key Parameters */ -#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag" -#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \ - OSSL_PKEY_PARAM_USE_COFACTOR_FLAG - -/* RSA Keys */ -/* - * n, e, d are the usual public and private key components - * - * rsa-num is the number of factors, including p and q - * rsa-factor is used for each factor: p, q, r_i (i = 3, ...) - * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...) - * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...) - * - * The number of rsa-factor items must be equal to the number of rsa-exponent - * items, and the number of rsa-coefficients must be one less. - * (the base i for the coefficients is 2, not 1, at least as implied by - * RFC 8017) - */ -#define OSSL_PKEY_PARAM_RSA_N "n" -#define OSSL_PKEY_PARAM_RSA_E "e" -#define OSSL_PKEY_PARAM_RSA_D "d" -#define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor" -#define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient" -#define OSSL_PKEY_PARAM_RSA_FACTOR1 OSSL_PKEY_PARAM_RSA_FACTOR"1" -#define OSSL_PKEY_PARAM_RSA_FACTOR2 OSSL_PKEY_PARAM_RSA_FACTOR"2" -#define OSSL_PKEY_PARAM_RSA_FACTOR3 OSSL_PKEY_PARAM_RSA_FACTOR"3" -#define OSSL_PKEY_PARAM_RSA_FACTOR4 OSSL_PKEY_PARAM_RSA_FACTOR"4" -#define OSSL_PKEY_PARAM_RSA_FACTOR5 OSSL_PKEY_PARAM_RSA_FACTOR"5" -#define OSSL_PKEY_PARAM_RSA_FACTOR6 OSSL_PKEY_PARAM_RSA_FACTOR"6" -#define OSSL_PKEY_PARAM_RSA_FACTOR7 OSSL_PKEY_PARAM_RSA_FACTOR"7" -#define OSSL_PKEY_PARAM_RSA_FACTOR8 OSSL_PKEY_PARAM_RSA_FACTOR"8" -#define OSSL_PKEY_PARAM_RSA_FACTOR9 OSSL_PKEY_PARAM_RSA_FACTOR"9" -#define OSSL_PKEY_PARAM_RSA_FACTOR10 OSSL_PKEY_PARAM_RSA_FACTOR"10" -#define OSSL_PKEY_PARAM_RSA_EXPONENT1 OSSL_PKEY_PARAM_RSA_EXPONENT"1" -#define OSSL_PKEY_PARAM_RSA_EXPONENT2 OSSL_PKEY_PARAM_RSA_EXPONENT"2" -#define OSSL_PKEY_PARAM_RSA_EXPONENT3 OSSL_PKEY_PARAM_RSA_EXPONENT"3" -#define OSSL_PKEY_PARAM_RSA_EXPONENT4 OSSL_PKEY_PARAM_RSA_EXPONENT"4" -#define OSSL_PKEY_PARAM_RSA_EXPONENT5 OSSL_PKEY_PARAM_RSA_EXPONENT"5" -#define OSSL_PKEY_PARAM_RSA_EXPONENT6 OSSL_PKEY_PARAM_RSA_EXPONENT"6" -#define OSSL_PKEY_PARAM_RSA_EXPONENT7 OSSL_PKEY_PARAM_RSA_EXPONENT"7" -#define OSSL_PKEY_PARAM_RSA_EXPONENT8 OSSL_PKEY_PARAM_RSA_EXPONENT"8" -#define OSSL_PKEY_PARAM_RSA_EXPONENT9 OSSL_PKEY_PARAM_RSA_EXPONENT"9" -#define OSSL_PKEY_PARAM_RSA_EXPONENT10 OSSL_PKEY_PARAM_RSA_EXPONENT"10" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9" +# define OSSL_KDF_NAME_HKDF "HKDF" +# define OSSL_KDF_NAME_TLS1_3_KDF "TLS13-KDF" +# define OSSL_KDF_NAME_PBKDF1 "PBKDF1" +# define OSSL_KDF_NAME_PBKDF2 "PBKDF2" +# define OSSL_KDF_NAME_SCRYPT "SCRYPT" +# define OSSL_KDF_NAME_SSHKDF "SSHKDF" +# define OSSL_KDF_NAME_SSKDF "SSKDF" +# define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF" +# define OSSL_KDF_NAME_X942KDF_ASN1 "X942KDF-ASN1" +# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT" +# define OSSL_KDF_NAME_X963KDF "X963KDF" +# define OSSL_KDF_NAME_KBKDF "KBKDF" +# define OSSL_KDF_NAME_KRB5KDF "KRB5KDF" +# define OSSL_KDF_NAME_HMACDRBGKDF "HMAC-DRBG-KDF" /* RSA padding modes */ -#define OSSL_PKEY_RSA_PAD_MODE_NONE "none" -#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1" -#define OSSL_PKEY_RSA_PAD_MODE_OAEP "oaep" -#define OSSL_PKEY_RSA_PAD_MODE_X931 "x931" -#define OSSL_PKEY_RSA_PAD_MODE_PSS "pss" +# define OSSL_PKEY_RSA_PAD_MODE_NONE "none" +# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1" +# define OSSL_PKEY_RSA_PAD_MODE_OAEP "oaep" +# define OSSL_PKEY_RSA_PAD_MODE_X931 "x931" +# define OSSL_PKEY_RSA_PAD_MODE_PSS "pss" /* RSA pss padding salt length */ -#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest" -#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX "max" -#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO "auto" -#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax" - -/* Key generation parameters */ -#define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS -#define OSSL_PKEY_PARAM_RSA_PRIMES "primes" -#define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST -#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES -#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC -#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST -#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen" - -/* Key generation parameters */ -#define OSSL_PKEY_PARAM_FFC_TYPE "type" -#define OSSL_PKEY_PARAM_FFC_PBITS "pbits" -#define OSSL_PKEY_PARAM_FFC_QBITS "qbits" -#define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST -#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES - -#define OSSL_PKEY_PARAM_EC_ENCODING "encoding" /* utf8_string */ -#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format" -#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check" -#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public" +# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest" +# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX "max" +# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO "auto" +# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax" /* OSSL_PKEY_PARAM_EC_ENCODING values */ -#define OSSL_PKEY_EC_ENCODING_EXPLICIT "explicit" -#define OSSL_PKEY_EC_ENCODING_GROUP "named_curve" +# define OSSL_PKEY_EC_ENCODING_EXPLICIT "explicit" +# define OSSL_PKEY_EC_ENCODING_GROUP "named_curve" -#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed" -#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED "compressed" -#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID "hybrid" +# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed" +# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED "compressed" +# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID "hybrid" -#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT "default" -#define OSSL_PKEY_EC_GROUP_CHECK_NAMED "named" -#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST "named-nist" - -/* Key Exchange parameters */ -#define OSSL_EXCHANGE_PARAM_PAD "pad" /* uint */ -#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */ -#define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type" /* utf8_string */ -#define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest" /* utf8_string */ -#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props" /* utf8_string */ -#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen" /* size_t */ -/* The following parameter is an octet_string on set and an octet_ptr on get */ -#define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm" - -/* Signature parameters */ -#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id" -#define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE -#define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST -#define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES -#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen" -#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST -#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES \ - OSSL_PKEY_PARAM_MGF1_PROPERTIES -#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE - -/* Asym cipher parameters */ -#define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST -#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES -#define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE -#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE -#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST \ - OSSL_PKEY_PARAM_MGF1_DIGEST -#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS \ - OSSL_PKEY_PARAM_MGF1_PROPERTIES -#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST -#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props" -/* The following parameter is an octet_string on set and an octet_ptr on get */ -#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" -#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" -#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" - -/* - * Encoder / decoder parameters - */ -#define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER -#define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES -/* Currently PVK only, but reusable for others as needed */ -#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level" -#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters" /* integer */ - -#define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES - -/* Passphrase callback parameters */ -#define OSSL_PASSPHRASE_PARAM_INFO "info" - -/* Keygen callback parameters, from provider to libcrypto */ -#define OSSL_GEN_PARAM_POTENTIAL "potential" /* integer */ -#define OSSL_GEN_PARAM_ITERATION "iteration" /* integer */ - -/* ACVP Test parameters : These should not be used normally */ -#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1" -#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2" -#define OSSL_PKEY_PARAM_RSA_TEST_XP "xp" -#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1" -#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2" -#define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq" -#define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1" -#define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2" -#define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1" -#define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2" -#define OSSL_SIGNATURE_PARAM_KAT "kat" - -/* KEM parameters */ -#define OSSL_KEM_PARAM_OPERATION "operation" +# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT "default" +# define OSSL_PKEY_EC_GROUP_CHECK_NAMED "named" +# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST "named-nist" /* OSSL_KEM_PARAM_OPERATION values */ #define OSSL_KEM_PARAM_OPERATION_RSASVE "RSASVE" +#define OSSL_KEM_PARAM_OPERATION_DHKEM "DHKEM" -/* Capabilities */ - -/* TLS-GROUP Capability */ -#define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name" -#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal" -#define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id" -#define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg" -#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits" -#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem" -#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls" -#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls" -#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls" -#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls" - -/*- - * storemgmt parameters - */ - -/* - * Used by storemgmt_ctx_set_params(): - * - * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the - * OSSL_STORE_INFO numbers. This is used to set the expected type of - * object loaded. - * - * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER, - * OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT, - * OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS - * are used as search criteria. - * (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT) - */ -#define OSSL_STORE_PARAM_EXPECT "expect" /* INTEGER */ -#define OSSL_STORE_PARAM_SUBJECT "subject" /* DER blob => OCTET_STRING */ -#define OSSL_STORE_PARAM_ISSUER "name" /* DER blob => OCTET_STRING */ -#define OSSL_STORE_PARAM_SERIAL "serial" /* INTEGER */ -#define OSSL_STORE_PARAM_DIGEST "digest" /* UTF8_STRING */ -#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */ -#define OSSL_STORE_PARAM_ALIAS "alias" /* UTF8_STRING */ - -/* You may want to pass properties for the provider implementation to use */ -#define OSSL_STORE_PARAM_PROPERTIES "properties" /* utf8_string */ -/* OSSL_DECODER input type if a decoder is used by the store */ -#define OSSL_STORE_PARAM_INPUT_TYPE "input-type" /* UTF8_STRING */ +/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */ +# define OSSL_ALG_PARAM_CIPHER "cipher" +# define OSSL_ALG_PARAM_DIGEST "digest" +# define OSSL_ALG_PARAM_ENGINE "engine" +# define OSSL_ALG_PARAM_MAC "mac" +# define OSSL_ALG_PARAM_PROPERTIES "properties" +# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST +# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE +# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection" +# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST +# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES +# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST +# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props" +# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" +# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE +# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES +# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" +# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" +# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg" +# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id" +# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem" +# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls" +# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls" +# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls" +# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls" +# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name" +# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal" +# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits" +# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point" +# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name" +# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid" +# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name" +# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype" +# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid" +# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls" +# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls" +# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name" +# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid" +# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits" +# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name" +# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid" +# define OSSL_CIPHER_PARAM_AEAD "aead" +# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN +# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey" +# define OSSL_CIPHER_PARAM_AEAD_TAG "tag" +# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen" +# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad" +# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad" +# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen" +# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed" +# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv" +# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param" +# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" +# define OSSL_CIPHER_PARAM_CTS "cts" +# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode" +# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv" +# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey" +# define OSSL_CIPHER_PARAM_IV "iv" +# define OSSL_CIPHER_PARAM_IVLEN "ivlen" +# define OSSL_CIPHER_PARAM_KEYLEN "keylen" +# define OSSL_CIPHER_PARAM_MODE "mode" +# define OSSL_CIPHER_PARAM_NUM "num" +# define OSSL_CIPHER_PARAM_PADDING "padding" +# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey" +# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits" +# define OSSL_CIPHER_PARAM_ROUNDS "rounds" +# define OSSL_CIPHER_PARAM_SPEED "speed" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag" +# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac" +# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size" +# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version" +# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv" +# define OSSL_CIPHER_PARAM_USE_BITS "use-bits" +# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard" +# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent" +# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize" +# define OSSL_DIGEST_PARAM_MICALG "micalg" +# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type" +# define OSSL_DIGEST_PARAM_SIZE "size" +# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms" +# define OSSL_DIGEST_PARAM_XOF "xof" +# define OSSL_DIGEST_PARAM_XOFLEN "xoflen" +# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST +# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required" +# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC +# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen" +# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen" +# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length" +# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen" +# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen" +# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen" +# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length" +# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen" +# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance" +# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data" +# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter" +# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests" +# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time" +# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval" +# define OSSL_DRBG_PARAM_SIZE "size" +# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function" +# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level" +# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters" +# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" +# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest" +# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props" +# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen" +# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type" +# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm" +# define OSSL_EXCHANGE_PARAM_PAD "pad" +# define OSSL_GEN_PARAM_ITERATION "iteration" +# define OSSL_GEN_PARAM_POTENTIAL "potential" +# define OSSL_KDF_PARAM_ARGON2_AD "ad" +# define OSSL_KDF_PARAM_ARGON2_LANES "lanes" +# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost" +# define OSSL_KDF_PARAM_ARGON2_VERSION "version" +# define OSSL_KDF_PARAM_CEK_ALG "cekalg" +# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +# define OSSL_KDF_PARAM_CONSTANT "constant" +# define OSSL_KDF_PARAM_DATA "data" +# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST +# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean" +# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy" +# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce" +# define OSSL_KDF_PARAM_INFO "info" +# define OSSL_KDF_PARAM_ITER "iter" +# define OSSL_KDF_PARAM_KBKDF_R "r" +# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" +# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator" +# define OSSL_KDF_PARAM_KEY "key" +# define OSSL_KDF_PARAM_LABEL "label" +# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC +# define OSSL_KDF_PARAM_MAC_SIZE "maclen" +# define OSSL_KDF_PARAM_MODE "mode" +# define OSSL_KDF_PARAM_PASSWORD "pass" +# define OSSL_KDF_PARAM_PKCS12_ID "id" +# define OSSL_KDF_PARAM_PKCS5 "pkcs5" +# define OSSL_KDF_PARAM_PREFIX "prefix" +# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +# define OSSL_KDF_PARAM_SALT "salt" +# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" +# define OSSL_KDF_PARAM_SCRYPT_N "n" +# define OSSL_KDF_PARAM_SCRYPT_P "p" +# define OSSL_KDF_PARAM_SCRYPT_R "r" +# define OSSL_KDF_PARAM_SECRET "secret" +# define OSSL_KDF_PARAM_SEED "seed" +# define OSSL_KDF_PARAM_SIZE "size" +# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" +# define OSSL_KDF_PARAM_SSHKDF_TYPE "type" +# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" +# define OSSL_KDF_PARAM_THREADS "threads" +# define OSSL_KDF_PARAM_UKM "ukm" +# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info" +# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info" +# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info" +# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo" +# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo" +# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits" +# define OSSL_KEM_PARAM_IKME "ikme" +# define OSSL_KEM_PARAM_OPERATION "operation" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm" +# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len" +# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size" +# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +# define OSSL_MAC_PARAM_CUSTOM "custom" +# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds" +# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST +# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit" +# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" +# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds" +# define OSSL_MAC_PARAM_IV "iv" +# define OSSL_MAC_PARAM_KEY "key" +# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +# define OSSL_MAC_PARAM_SALT "salt" +# define OSSL_MAC_PARAM_SIZE "size" +# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size" +# define OSSL_MAC_PARAM_XOF "xof" +# define OSSL_OBJECT_PARAM_DATA "data" +# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure" +# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type" +# define OSSL_OBJECT_PARAM_DESC "desc" +# define OSSL_OBJECT_PARAM_REFERENCE "reference" +# define OSSL_OBJECT_PARAM_TYPE "type" +# define OSSL_PASSPHRASE_PARAM_INFO "info" +# define OSSL_PKEY_PARAM_BITS "bits" +# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest" +# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm" +# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator" +# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len" +# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST +# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size" +# define OSSL_PKEY_PARAM_DIST_ID "distid" +# define OSSL_PKEY_PARAM_EC_A "a" +# define OSSL_PKEY_PARAM_EC_B "b" +# define OSSL_PKEY_PARAM_EC_CHAR2_M "m" +# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1" +# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2" +# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3" +# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp" +# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type" +# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor" +# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit" +# define OSSL_PKEY_PARAM_EC_ENCODING "encoding" +# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type" +# define OSSL_PKEY_PARAM_EC_GENERATOR "generator" +# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check" +# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public" +# define OSSL_PKEY_PARAM_EC_ORDER "order" +# define OSSL_PKEY_PARAM_EC_P "p" +# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format" +# define OSSL_PKEY_PARAM_EC_PUB_X "qx" +# define OSSL_PKEY_PARAM_EC_PUB_Y "qy" +# define OSSL_PKEY_PARAM_EC_SEED "seed" +# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key" +# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE +# define OSSL_PKEY_PARAM_FFC_COFACTOR "j" +# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST +# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES +# define OSSL_PKEY_PARAM_FFC_G "g" +# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex" +# define OSSL_PKEY_PARAM_FFC_H "hindex" +# define OSSL_PKEY_PARAM_FFC_P "p" +# define OSSL_PKEY_PARAM_FFC_PBITS "pbits" +# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter" +# define OSSL_PKEY_PARAM_FFC_Q "q" +# define OSSL_PKEY_PARAM_FFC_QBITS "qbits" +# define OSSL_PKEY_PARAM_FFC_SEED "seed" +# define OSSL_PKEY_PARAM_FFC_TYPE "type" +# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g" +# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy" +# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq" +# define OSSL_PKEY_PARAM_GROUP_NAME "group" +# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection" +# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest" +# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf" +# define OSSL_PKEY_PARAM_MAX_SIZE "max-size" +# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest" +# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties" +# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode" +# define OSSL_PKEY_PARAM_PRIV_KEY "priv" +# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +# define OSSL_PKEY_PARAM_PUB_KEY "pub" +# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9" +# define OSSL_PKEY_PARAM_RSA_D "d" +# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST +# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES +# define OSSL_PKEY_PARAM_RSA_E "e" +# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent" +# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1" +# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10" +# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2" +# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3" +# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4" +# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5" +# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6" +# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7" +# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8" +# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9" +# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor" +# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1" +# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10" +# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2" +# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3" +# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4" +# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5" +# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6" +# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7" +# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8" +# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9" +# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC +# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST +# define OSSL_PKEY_PARAM_RSA_N "n" +# define OSSL_PKEY_PARAM_RSA_PRIMES "primes" +# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen" +# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1" +# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2" +# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1" +# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2" +# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp" +# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1" +# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2" +# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq" +# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1" +# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2" +# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits" +# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG +# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag" +# define OSSL_PROV_PARAM_BUILDINFO "buildinfo" +# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" +# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name" +# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version" +# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md" +# define OSSL_PROV_PARAM_NAME "name" +# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks" +# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc" +# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase" +# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type" +# define OSSL_PROV_PARAM_STATUS "status" +# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check" +# define OSSL_PROV_PARAM_VERSION "version" +# define OSSL_RAND_PARAM_GENERATE "generate" +# define OSSL_RAND_PARAM_MAX_REQUEST "max_request" +# define OSSL_RAND_PARAM_STATE "state" +# define OSSL_RAND_PARAM_STRENGTH "strength" +# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy" +# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce" +# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id" +# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string" +# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST +# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE +# define OSSL_SIGNATURE_PARAM_INSTANCE "instance" +# define OSSL_SIGNATURE_PARAM_KAT "kat" +# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST +# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES +# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type" +# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE +# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES +# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen" +# define OSSL_STORE_PARAM_ALIAS "alias" +# define OSSL_STORE_PARAM_DIGEST "digest" +# define OSSL_STORE_PARAM_EXPECT "expect" +# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" +# define OSSL_STORE_PARAM_INPUT_TYPE "input-type" +# define OSSL_STORE_PARAM_ISSUER "name" +# define OSSL_STORE_PARAM_PROPERTIES "properties" +# define OSSL_STORE_PARAM_SERIAL "serial" +# define OSSL_STORE_PARAM_SUBJECT "subject" # ifdef __cplusplus } diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/core_names.h.in b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/core_names.h.in new file mode 100644 index 00000000..c14520fe --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/core_names.h.in @@ -0,0 +1,119 @@ +/* + * {- join("\n * ", @autowarntext) -} + * + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +{- +use OpenSSL::paramnames qw(generate_public_macros); +-} + +#ifndef OPENSSL_CORE_NAMES_H +# define OPENSSL_CORE_NAMES_H +# pragma once + +# ifdef __cplusplus +extern "C" { +# endif + +/* OSSL_CIPHER_PARAM_CTS_MODE Values */ +# define OSSL_CIPHER_CTS_MODE_CS1 "CS1" +# define OSSL_CIPHER_CTS_MODE_CS2 "CS2" +# define OSSL_CIPHER_CTS_MODE_CS3 "CS3" + +/* Known CIPHER names (not a complete list) */ +# define OSSL_CIPHER_NAME_AES_128_GCM_SIV "AES-128-GCM-SIV" +# define OSSL_CIPHER_NAME_AES_192_GCM_SIV "AES-192-GCM-SIV" +# define OSSL_CIPHER_NAME_AES_256_GCM_SIV "AES-256-GCM-SIV" + +/* Known DIGEST names (not a complete list) */ +# define OSSL_DIGEST_NAME_MD5 "MD5" +# define OSSL_DIGEST_NAME_MD5_SHA1 "MD5-SHA1" +# define OSSL_DIGEST_NAME_SHA1 "SHA1" +# define OSSL_DIGEST_NAME_SHA2_224 "SHA2-224" +# define OSSL_DIGEST_NAME_SHA2_256 "SHA2-256" +# define OSSL_DIGEST_NAME_SHA2_256_192 "SHA2-256/192" +# define OSSL_DIGEST_NAME_SHA2_384 "SHA2-384" +# define OSSL_DIGEST_NAME_SHA2_512 "SHA2-512" +# define OSSL_DIGEST_NAME_SHA2_512_224 "SHA2-512/224" +# define OSSL_DIGEST_NAME_SHA2_512_256 "SHA2-512/256" +# define OSSL_DIGEST_NAME_MD2 "MD2" +# define OSSL_DIGEST_NAME_MD4 "MD4" +# define OSSL_DIGEST_NAME_MDC2 "MDC2" +# define OSSL_DIGEST_NAME_RIPEMD160 "RIPEMD160" +# define OSSL_DIGEST_NAME_SHA3_224 "SHA3-224" +# define OSSL_DIGEST_NAME_SHA3_256 "SHA3-256" +# define OSSL_DIGEST_NAME_SHA3_384 "SHA3-384" +# define OSSL_DIGEST_NAME_SHA3_512 "SHA3-512" +# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128" +# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256" +# define OSSL_DIGEST_NAME_SM3 "SM3" + +/* Known MAC names */ +# define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC" +# define OSSL_MAC_NAME_BLAKE2SMAC "BLAKE2SMAC" +# define OSSL_MAC_NAME_CMAC "CMAC" +# define OSSL_MAC_NAME_GMAC "GMAC" +# define OSSL_MAC_NAME_HMAC "HMAC" +# define OSSL_MAC_NAME_KMAC128 "KMAC128" +# define OSSL_MAC_NAME_KMAC256 "KMAC256" +# define OSSL_MAC_NAME_POLY1305 "POLY1305" +# define OSSL_MAC_NAME_SIPHASH "SIPHASH" + +/* Known KDF names */ +# define OSSL_KDF_NAME_HKDF "HKDF" +# define OSSL_KDF_NAME_TLS1_3_KDF "TLS13-KDF" +# define OSSL_KDF_NAME_PBKDF1 "PBKDF1" +# define OSSL_KDF_NAME_PBKDF2 "PBKDF2" +# define OSSL_KDF_NAME_SCRYPT "SCRYPT" +# define OSSL_KDF_NAME_SSHKDF "SSHKDF" +# define OSSL_KDF_NAME_SSKDF "SSKDF" +# define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF" +# define OSSL_KDF_NAME_X942KDF_ASN1 "X942KDF-ASN1" +# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT" +# define OSSL_KDF_NAME_X963KDF "X963KDF" +# define OSSL_KDF_NAME_KBKDF "KBKDF" +# define OSSL_KDF_NAME_KRB5KDF "KRB5KDF" +# define OSSL_KDF_NAME_HMACDRBGKDF "HMAC-DRBG-KDF" + +/* RSA padding modes */ +# define OSSL_PKEY_RSA_PAD_MODE_NONE "none" +# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1" +# define OSSL_PKEY_RSA_PAD_MODE_OAEP "oaep" +# define OSSL_PKEY_RSA_PAD_MODE_X931 "x931" +# define OSSL_PKEY_RSA_PAD_MODE_PSS "pss" + +/* RSA pss padding salt length */ +# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest" +# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX "max" +# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO "auto" +# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax" + +/* OSSL_PKEY_PARAM_EC_ENCODING values */ +# define OSSL_PKEY_EC_ENCODING_EXPLICIT "explicit" +# define OSSL_PKEY_EC_ENCODING_GROUP "named_curve" + +# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed" +# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED "compressed" +# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID "hybrid" + +# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT "default" +# define OSSL_PKEY_EC_GROUP_CHECK_NAMED "named" +# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST "named-nist" + +/* OSSL_KEM_PARAM_OPERATION values */ +#define OSSL_KEM_PARAM_OPERATION_RSASVE "RSASVE" +#define OSSL_KEM_PARAM_OPERATION_DHKEM "DHKEM" + +/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */ +{- generate_public_macros(); -} + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/crmf.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/crmf.h index 71b747ed..1f901f35 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/crmf.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/crmf.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/crmf.h.in * - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -43,8 +43,8 @@ extern "C" { # define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0 # define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1 - typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE; + DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE) typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG) @@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, int rid, int acceptRAVerified, OSSL_LIB_CTX *libctx, const char *propq); OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm); -const ASN1_INTEGER -*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); +X509_PUBKEY +*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl); const X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl); const X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl); +const ASN1_INTEGER +*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); X509_EXTENSIONS *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl); const X509_NAME diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/crmf.h.in b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/crmf.h.in index 4d37ea6d..43411fa4 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/crmf.h.in +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/crmf.h.in @@ -1,7 +1,7 @@ /*- * {- join("\n * ", @autowarntext) -} * - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -44,8 +44,8 @@ extern "C" { # define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0 # define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1 - typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE; + DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE) typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG) @@ -151,12 +151,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, int rid, int acceptRAVerified, OSSL_LIB_CTX *libctx, const char *propq); OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm); -const ASN1_INTEGER -*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); +X509_PUBKEY +*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl); const X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl); const X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl); +const ASN1_INTEGER +*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); X509_EXTENSIONS *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl); const X509_NAME diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/crypto.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/crypto.h index ab01aae8..55e00dcc 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/crypto.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/crypto.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/crypto.h.in * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, CRYPTO_RWLOCK *lock); int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock); +int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock); /* No longer needed, so this is a no-op */ #define OPENSSL_malloc_init() while(0) continue @@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *); OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void); OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx); +void OSSL_sleep(uint64_t millis); + # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/crypto.h.in b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/crypto.h.in index fb0c7cbb..b2d691b9 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/crypto.h.in +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/crypto.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -89,6 +89,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, CRYPTO_RWLOCK *lock); int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock); +int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock); /* No longer needed, so this is a no-op */ #define OPENSSL_malloc_init() while(0) continue @@ -529,6 +530,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *); OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void); OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx); +void OSSL_sleep(uint64_t millis); + # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ct.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ct.h index b6dd8c35..e6dd1192 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ct.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ct.h @@ -133,7 +133,7 @@ typedef enum { */ CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq); - + /* * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library * context and property query string is used. diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ct.h.in b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ct.h.in index 16086b33..3fc2aaa9 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ct.h.in +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ct.h.in @@ -85,7 +85,7 @@ typedef enum { */ CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq); - + /* * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library * context and property query string is used. diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/dh.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/dh.h index 8bc17448..f1c0ed06 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/dh.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/dh.h @@ -144,7 +144,7 @@ DECLARE_ASN1_ITEM(DHparams) # define DH_GENERATOR_3 3 # define DH_GENERATOR_5 5 -/* DH_check error codes */ +/* DH_check error codes, some of them shared with DH_check_pub_key */ /* * NB: These values must align with the equivalently named macros in * internal/ffc.h. @@ -154,10 +154,10 @@ DECLARE_ASN1_ITEM(DHparams) # define DH_UNABLE_TO_CHECK_GENERATOR 0x04 # define DH_NOT_SUITABLE_GENERATOR 0x08 # define DH_CHECK_Q_NOT_PRIME 0x10 -# define DH_CHECK_INVALID_Q_VALUE 0x20 +# define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */ # define DH_CHECK_INVALID_J_VALUE 0x40 # define DH_MODULUS_TOO_SMALL 0x80 -# define DH_MODULUS_TOO_LARGE 0x100 +# define DH_MODULUS_TOO_LARGE 0x100 /* +DH_check_pub_key */ /* DH_check_pub_key error codes */ # define DH_CHECK_PUBKEY_TOO_SMALL 0x01 diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/dherr.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/dherr.h index 5d2a762a..2997d7d4 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/dherr.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/dherr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,6 +40,7 @@ # define DH_R_INVALID_PARAMETER_NID 114 # define DH_R_INVALID_PUBKEY 102 # define DH_R_INVALID_SECRET 128 +# define DH_R_INVALID_SIZE 129 # define DH_R_KDF_PARAMETER_ERROR 112 # define DH_R_KEYS_NOT_SET 108 # define DH_R_MISSING_PUBKEY 125 @@ -50,6 +51,7 @@ # define DH_R_NO_PRIVATE_VALUE 100 # define DH_R_PARAMETER_ENCODING_ERROR 105 # define DH_R_PEER_KEY_ERROR 111 +# define DH_R_Q_TOO_LARGE 130 # define DH_R_SHARED_INFO_ERROR 113 # define DH_R_UNABLE_TO_CHECK_GENERATOR 121 diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/dsa.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/dsa.h index 160404cc..109878e6 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/dsa.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/dsa.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/e_os2.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/e_os2.h index 32e142a9..e01f6275 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/e_os2.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/e_os2.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -89,7 +89,7 @@ extern "C" { /* * DLL settings. This part is a bit tough, because it's up to the - * application implementor how he or she will link the application, so it + * application implementer how he or she will link the application, so it * requires some macro to be used. */ # ifdef OPENSSL_SYS_WINDOWS diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/e_ostime.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/e_ostime.h new file mode 100644 index 00000000..8a7cc988 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/e_ostime.h @@ -0,0 +1,30 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_E_OSTIME_H +# define OPENSSL_E_OSTIME_H +# pragma once + +# include +# include +# include + +/* + * This header guarantees that 'struct timeval' will be available. It includes + * the minimum headers needed to facilitate this. This may still be a + * substantial set of headers on some platforms (e.g. on Win32). + */ + +# if defined(OPENSSL_SYS_WINDOWS) +# include +# else +# include +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ec.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ec.h index be9fb2f0..e1cbe982 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ec.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ec.h @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], OSSL_LIB_CTX *libctx, const char *propq); +/** + * Creates an OSSL_PARAM array with the parameters describing the given + * EC_GROUP. + * The resulting parameters may contain an explicit or a named curve depending + * on the EC_GROUP. + * \param group pointer to the EC_GROUP object + * \param libctx The associated library context or NULL for the default + * context + * \param propq A property query string + * \param bnctx BN_CTX object (optional) + * \return newly created OSSL_PARAM array with the parameters + * describing the given EC_GROUP or NULL if an error occurred + */ +OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx, + const char *propq, BN_CTX *bnctx); + /** * Creates a EC_GROUP object with a curve specified by a NID * \param libctx The associated library context or NULL for the default @@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key); /** Indicates if an EC_KEY can be used for signing. * \param eckey the EC_KEY object - * \return 1 if can can sign and 0 otherwise. + * \return 1 if can sign and 0 otherwise. */ OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey); @@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine); /** The old name for ecdh_KDF_X9_63 - * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * The ECDH KDF specification has been mistakenly attributed to ANSI X9.62, * it is actually specified in ANSI X9.63. * This identifier is retained for backwards compatibility */ diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/err.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/err.h index 2abf2483..b987e31f 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/err.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/err.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -496,6 +496,13 @@ int ERR_get_next_error_library(void); int ERR_set_mark(void); int ERR_pop_to_mark(void); int ERR_clear_last_mark(void); +int ERR_count_to_mark(void); + +ERR_STATE *OSSL_ERR_STATE_new(void); +void OSSL_ERR_STATE_save(ERR_STATE *es); +void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es); +void OSSL_ERR_STATE_restore(const ERR_STATE *es); +void OSSL_ERR_STATE_free(ERR_STATE *es); #ifdef __cplusplus } diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/err.h.in b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/err.h.in index 11dc2163..1ef09de0 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/err.h.in +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/err.h.in @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -485,6 +485,13 @@ int ERR_get_next_error_library(void); int ERR_set_mark(void); int ERR_pop_to_mark(void); int ERR_clear_last_mark(void); +int ERR_count_to_mark(void); + +ERR_STATE *OSSL_ERR_STATE_new(void); +void OSSL_ERR_STATE_save(ERR_STATE *es); +void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es); +void OSSL_ERR_STATE_restore(const ERR_STATE *es); +void OSSL_ERR_STATE_free(ERR_STATE *es); #ifdef __cplusplus } diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/evp.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/evp.h index d0fce0c5..ea7620d6 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/evp.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/evp.h @@ -35,6 +35,7 @@ # define EVP_MAX_KEY_LENGTH 64 # define EVP_MAX_IV_LENGTH 16 # define EVP_MAX_BLOCK_LENGTH 32 +# define EVP_MAX_AEAD_TAG_LENGTH 16 # define PKCS5_SALT_LEN 8 /* Default PKCS#5 iteration count */ @@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, * if the following flag is set. */ # define EVP_MD_CTX_FLAG_FINALISE 0x0200 -/* NOTE: 0x0400 is reserved for internal usage */ +/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */ + # ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); @@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int # define EVP_CIPH_WRAP_MODE 0x10002 # define EVP_CIPH_OCB_MODE 0x10003 # define EVP_CIPH_SIV_MODE 0x10004 +# define EVP_CIPH_GCM_SIV_MODE 0x10005 # define EVP_CIPH_MODE 0xF0007 /* Set if variable length cipher */ # define EVP_CIPH_VARIABLE_LENGTH 0x8 @@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md); # define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp)) -/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c, +__owur int EVP_Cipher(EVP_CIPHER_CTX *c, unsigned char *out, const unsigned char *in, unsigned int inl); @@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv); -/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, +__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv); @@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, const OSSL_PARAM params[]); -/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); -/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, +__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, +__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv); -/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, +__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv); @@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, const OSSL_PARAM params[]); -/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, +__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, int enc); -/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, +__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); @@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen, const unsigned char *tbs, size_t tbslen); -int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const char *mdname, OSSL_LIB_CTX *libctx, const char *props, EVP_PKEY *pkey, const OSSL_PARAM params[]); -/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); -int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize); +__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize); __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen); -int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const char *mdname, OSSL_LIB_CTX *libctx, const char *props, EVP_PKEY *pkey, const OSSL_PARAM params[]); @@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); +int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv, + const OSSL_PARAM params[]); int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx, unsigned char *wrappedkey, size_t *wrappedkeylen, unsigned char *genkey, size_t *genkeylen); int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); +int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub, + const OSSL_PARAM params[]); int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx, unsigned char *unwrapped, size_t *unwrappedlen, const unsigned char *wrapped, size_t wrappedlen); - typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/evperr.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/evperr.h index a5053f6c..11f3faa4 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/evperr.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/evperr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -110,11 +110,14 @@ # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH 216 # define EVP_R_UNABLE_TO_LOCK_CONTEXT 211 # define EVP_R_UNABLE_TO_SET_CALLBACKS 217 +# define EVP_R_UNKNOWN_BITS 166 # define EVP_R_UNKNOWN_CIPHER 160 # define EVP_R_UNKNOWN_DIGEST 161 # define EVP_R_UNKNOWN_KEY_TYPE 207 +# define EVP_R_UNKNOWN_MAX_SIZE 167 # define EVP_R_UNKNOWN_OPTION 169 # define EVP_R_UNKNOWN_PBE_ALGORITHM 121 +# define EVP_R_UNKNOWN_SECURITY_BITS 168 # define EVP_R_UNSUPPORTED_ALGORITHM 156 # define EVP_R_UNSUPPORTED_CIPHER 107 # define EVP_R_UNSUPPORTED_KEYLENGTH 123 diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/hpke.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/hpke.h new file mode 100644 index 00000000..af637ac6 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/hpke.h @@ -0,0 +1,169 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* APIs and data structures for HPKE (RFC9180) */ +#ifndef OSSL_HPKE_H +# define OSSL_HPKE_H +# pragma once + +# include + +/* HPKE modes */ +# define OSSL_HPKE_MODE_BASE 0 /* Base mode */ +# define OSSL_HPKE_MODE_PSK 1 /* Pre-shared key mode */ +# define OSSL_HPKE_MODE_AUTH 2 /* Authenticated mode */ +# define OSSL_HPKE_MODE_PSKAUTH 3 /* PSK+authenticated mode */ + +/* + * Max for ikm, psk, pskid, info and exporter contexts. + * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from + * Appendix A.6.1 with a 66 octet IKM so we'll allow that. + */ +# define OSSL_HPKE_MAX_PARMLEN 66 +# define OSSL_HPKE_MIN_PSKLEN 32 +# define OSSL_HPKE_MAX_INFOLEN 1024 + +/* + * The (16bit) HPKE algorithm ID IANA codepoints + * If/when new IANA codepoints are added there are tables in + * crypto/hpke/hpke_util.c that must also be updated. + */ +# define OSSL_HPKE_KEM_ID_RESERVED 0x0000 /* not used */ +# define OSSL_HPKE_KEM_ID_P256 0x0010 /* NIST P-256 */ +# define OSSL_HPKE_KEM_ID_P384 0x0011 /* NIST P-384 */ +# define OSSL_HPKE_KEM_ID_P521 0x0012 /* NIST P-521 */ +# define OSSL_HPKE_KEM_ID_X25519 0x0020 /* Curve25519 */ +# define OSSL_HPKE_KEM_ID_X448 0x0021 /* Curve448 */ + +# define OSSL_HPKE_KDF_ID_RESERVED 0x0000 /* not used */ +# define OSSL_HPKE_KDF_ID_HKDF_SHA256 0x0001 /* HKDF-SHA256 */ +# define OSSL_HPKE_KDF_ID_HKDF_SHA384 0x0002 /* HKDF-SHA384 */ +# define OSSL_HPKE_KDF_ID_HKDF_SHA512 0x0003 /* HKDF-SHA512 */ + +# define OSSL_HPKE_AEAD_ID_RESERVED 0x0000 /* not used */ +# define OSSL_HPKE_AEAD_ID_AES_GCM_128 0x0001 /* AES-GCM-128 */ +# define OSSL_HPKE_AEAD_ID_AES_GCM_256 0x0002 /* AES-GCM-256 */ +# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */ +# define OSSL_HPKE_AEAD_ID_EXPORTONLY 0xFFFF /* export-only fake ID */ + +/* strings for suite components */ +# define OSSL_HPKE_KEMSTR_P256 "P-256" /* KEM id 0x10 */ +# define OSSL_HPKE_KEMSTR_P384 "P-384" /* KEM id 0x11 */ +# define OSSL_HPKE_KEMSTR_P521 "P-521" /* KEM id 0x12 */ +# define OSSL_HPKE_KEMSTR_X25519 "X25519" /* KEM id 0x20 */ +# define OSSL_HPKE_KEMSTR_X448 "X448" /* KEM id 0x21 */ +# define OSSL_HPKE_KDFSTR_256 "hkdf-sha256" /* KDF id 1 */ +# define OSSL_HPKE_KDFSTR_384 "hkdf-sha384" /* KDF id 2 */ +# define OSSL_HPKE_KDFSTR_512 "hkdf-sha512" /* KDF id 3 */ +# define OSSL_HPKE_AEADSTR_AES128GCM "aes-128-gcm" /* AEAD id 1 */ +# define OSSL_HPKE_AEADSTR_AES256GCM "aes-256-gcm" /* AEAD id 2 */ +# define OSSL_HPKE_AEADSTR_CP "chacha20-poly1305" /* AEAD id 3 */ +# define OSSL_HPKE_AEADSTR_EXP "exporter" /* AEAD id 0xff */ + +/* + * Roles for use in creating an OSSL_HPKE_CTX, most + * important use of this is to control nonce re-use. + */ +# define OSSL_HPKE_ROLE_SENDER 0 +# define OSSL_HPKE_ROLE_RECEIVER 1 + +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct { + uint16_t kem_id; /* Key Encapsulation Method id */ + uint16_t kdf_id; /* Key Derivation Function id */ + uint16_t aead_id; /* AEAD alg id */ +} OSSL_HPKE_SUITE; + +/** + * Suite constants, use this like: + * OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT; + */ +# ifndef OPENSSL_NO_ECX +# define OSSL_HPKE_SUITE_DEFAULT \ + {\ + OSSL_HPKE_KEM_ID_X25519, \ + OSSL_HPKE_KDF_ID_HKDF_SHA256, \ + OSSL_HPKE_AEAD_ID_AES_GCM_128 \ + } +# else +# define OSSL_HPKE_SUITE_DEFAULT \ + {\ + OSSL_HPKE_KEM_ID_P256, \ + OSSL_HPKE_KDF_ID_HKDF_SHA256, \ + OSSL_HPKE_AEAD_ID_AES_GCM_128 \ + } +#endif + +typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX; + +OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role, + OSSL_LIB_CTX *libctx, const char *propq); +void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx); + +int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx, + unsigned char *enc, size_t *enclen, + const unsigned char *pub, size_t publen, + const unsigned char *info, size_t infolen); +int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx, + unsigned char *ct, size_t *ctlen, + const unsigned char *aad, size_t aadlen, + const unsigned char *pt, size_t ptlen); + +int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite, + unsigned char *pub, size_t *publen, EVP_PKEY **priv, + const unsigned char *ikm, size_t ikmlen, + OSSL_LIB_CTX *libctx, const char *propq); +int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx, + const unsigned char *enc, size_t enclen, + EVP_PKEY *recippriv, + const unsigned char *info, size_t infolen); +int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx, + unsigned char *pt, size_t *ptlen, + const unsigned char *aad, size_t aadlen, + const unsigned char *ct, size_t ctlen); + +int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx, + unsigned char *secret, + size_t secretlen, + const unsigned char *label, + size_t labellen); + +int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv); +int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx, + const unsigned char *pub, + size_t publen); +int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx, + const char *pskid, + const unsigned char *psk, size_t psklen); + +int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx, + const unsigned char *ikme, size_t ikmelen); + +int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq); +int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq); + +int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite); +int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in, + OSSL_HPKE_SUITE *suite, + unsigned char *enc, size_t *enclen, + unsigned char *ct, size_t ctlen, + OSSL_LIB_CTX *libctx, const char *propq); +int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite); +size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen); +size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite); +size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite); + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/http.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/http.h index f7ab2142..a3cbf15f 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/http.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/http.h @@ -1,5 +1,5 @@ /* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright Siemens AG 2018-2020 * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -33,6 +33,8 @@ extern "C" { # define OPENSSL_HTTP_PROXY "HTTP_PROXY" # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY" +# ifndef OPENSSL_NO_HTTP + #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024) #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024) @@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost, const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy, const char *server, int use_ssl); + +# endif /* !defined(OPENSSL_NO_HTTP) */ # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/lhash.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/lhash.h index f4155df1..8af9edd2 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/lhash.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/lhash.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/lhash.h.in b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/lhash.h.in index dc344a54..c9dbd1f3 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/lhash.h.in +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/lhash.h.in @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/macros.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/macros.h index a614cd66..e9ef9387 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/macros.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/macros.h @@ -158,7 +158,7 @@ /* * Define macros for deprecation and simulated removal purposes. * - * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for + * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for * all OpenSSL versions we care for. They can be used as attributes * in function declarations where appropriate. * @@ -169,6 +169,7 @@ * 'no-deprecated'. */ +# undef OPENSSL_NO_DEPRECATED_3_1 # undef OPENSSL_NO_DEPRECATED_3_0 # undef OPENSSL_NO_DEPRECATED_1_1_1 # undef OPENSSL_NO_DEPRECATED_1_1_0 diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/obj_mac.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/obj_mac.h index 0e860276..e1b441b3 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/obj_mac.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/obj_mac.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/objects.pl * - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at @@ -886,6 +886,14 @@ #define NID_id_ct_signedChecklist 1247 #define OBJ_id_ct_signedChecklist OBJ_id_smime_ct,48L +#define SN_id_ct_ASPA "id-ct-ASPA" +#define NID_id_ct_ASPA 1250 +#define OBJ_id_ct_ASPA OBJ_id_smime_ct,49L + +#define SN_id_ct_signedTAL "id-ct-signedTAL" +#define NID_id_ct_signedTAL 1284 +#define OBJ_id_ct_signedTAL OBJ_id_smime_ct,50L + #define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" #define NID_id_smime_aa_receiptRequest 212 #define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L @@ -1002,10 +1010,22 @@ #define NID_id_smime_aa_dvcs_dvc 240 #define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L +#define SN_id_aa_ets_attrCertificateRefs "id-aa-ets-attrCertificateRefs" +#define NID_id_aa_ets_attrCertificateRefs 1261 +#define OBJ_id_aa_ets_attrCertificateRefs OBJ_id_smime_aa,44L + +#define SN_id_aa_ets_attrRevocationRefs "id-aa-ets-attrRevocationRefs" +#define NID_id_aa_ets_attrRevocationRefs 1262 +#define OBJ_id_aa_ets_attrRevocationRefs OBJ_id_smime_aa,45L + #define SN_id_smime_aa_signingCertificateV2 "id-smime-aa-signingCertificateV2" #define NID_id_smime_aa_signingCertificateV2 1086 #define OBJ_id_smime_aa_signingCertificateV2 OBJ_id_smime_aa,47L +#define SN_id_aa_ets_archiveTimestampV2 "id-aa-ets-archiveTimestampV2" +#define NID_id_aa_ets_archiveTimestampV2 1280 +#define OBJ_id_aa_ets_archiveTimestampV2 OBJ_id_smime_aa,48L + #define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" #define NID_id_smime_alg_ESDHwith3DES 241 #define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L @@ -1082,15 +1102,17 @@ #define NID_localKeyID 157 #define OBJ_localKeyID OBJ_pkcs9,21L +#define OBJ_ms_corp 1L,3L,6L,1L,4L,1L,311L + #define SN_ms_csp_name "CSPName" #define LN_ms_csp_name "Microsoft CSP Name" #define NID_ms_csp_name 417 -#define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L +#define OBJ_ms_csp_name OBJ_ms_corp,17L,1L #define SN_LocalKeySet "LocalKeySet" #define LN_LocalKeySet "Microsoft Local Key set" #define NID_LocalKeySet 856 -#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L +#define OBJ_LocalKeySet OBJ_ms_corp,17L,2L #define OBJ_certTypes OBJ_pkcs9,22L @@ -1108,6 +1130,10 @@ #define NID_x509Crl 160 #define OBJ_x509Crl OBJ_crlTypes,1L +#define SN_id_aa_CMSAlgorithmProtection "id-aa-CMSAlgorithmProtection" +#define NID_id_aa_CMSAlgorithmProtection 1263 +#define OBJ_id_aa_CMSAlgorithmProtection OBJ_pkcs9,52L + #define OBJ_pkcs12 OBJ_pkcs,12L #define OBJ_pkcs12_pbeids OBJ_pkcs12,1L @@ -1217,6 +1243,10 @@ #define NID_SM2_with_SM3 1204 #define OBJ_SM2_with_SM3 OBJ_sm_scheme,501L +#define LN_hmacWithSM3 "hmacWithSM3" +#define NID_hmacWithSM3 1281 +#define OBJ_hmacWithSM3 OBJ_sm3,3L,1L + #define LN_hmacWithSHA224 "hmacWithSHA224" #define NID_hmacWithSHA224 798 #define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L @@ -1300,42 +1330,62 @@ #define SN_ms_ext_req "msExtReq" #define LN_ms_ext_req "Microsoft Extension Request" #define NID_ms_ext_req 171 -#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L +#define OBJ_ms_ext_req OBJ_ms_corp,2L,1L,14L #define SN_ms_code_ind "msCodeInd" #define LN_ms_code_ind "Microsoft Individual Code Signing" #define NID_ms_code_ind 134 -#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L +#define OBJ_ms_code_ind OBJ_ms_corp,2L,1L,21L #define SN_ms_code_com "msCodeCom" #define LN_ms_code_com "Microsoft Commercial Code Signing" #define NID_ms_code_com 135 -#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L +#define OBJ_ms_code_com OBJ_ms_corp,2L,1L,22L #define SN_ms_ctl_sign "msCTLSign" #define LN_ms_ctl_sign "Microsoft Trust List Signing" #define NID_ms_ctl_sign 136 -#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L +#define OBJ_ms_ctl_sign OBJ_ms_corp,10L,3L,1L #define SN_ms_sgc "msSGC" #define LN_ms_sgc "Microsoft Server Gated Crypto" #define NID_ms_sgc 137 -#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L +#define OBJ_ms_sgc OBJ_ms_corp,10L,3L,3L #define SN_ms_efs "msEFS" #define LN_ms_efs "Microsoft Encrypted File System" #define NID_ms_efs 138 -#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L +#define OBJ_ms_efs OBJ_ms_corp,10L,3L,4L #define SN_ms_smartcard_login "msSmartcardLogin" #define LN_ms_smartcard_login "Microsoft Smartcard Login" #define NID_ms_smartcard_login 648 -#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L +#define OBJ_ms_smartcard_login OBJ_ms_corp,20L,2L,2L #define SN_ms_upn "msUPN" #define LN_ms_upn "Microsoft User Principal Name" #define NID_ms_upn 649 -#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L +#define OBJ_ms_upn OBJ_ms_corp,20L,2L,3L + +#define SN_ms_ntds_sec_ext "ms-ntds-sec-ext" +#define LN_ms_ntds_sec_ext "Microsoft NTDS CA Extension" +#define NID_ms_ntds_sec_ext 1292 +#define OBJ_ms_ntds_sec_ext OBJ_ms_corp,25L,2L + +#define SN_ms_ntds_obj_sid "ms-ntds-obj-sid" +#define LN_ms_ntds_obj_sid "Microsoft NTDS AD objectSid" +#define NID_ms_ntds_obj_sid 1291 +#define OBJ_ms_ntds_obj_sid OBJ_ms_corp,25L,2L,1L + +#define SN_ms_cert_templ "ms-cert-templ" +#define LN_ms_cert_templ "Microsoft certificate template" +#define NID_ms_cert_templ 1293 +#define OBJ_ms_cert_templ OBJ_ms_corp,21L,7L + +#define SN_ms_app_policies "ms-app-policies" +#define LN_ms_app_policies "Microsoft Application Policies Extension" +#define NID_ms_app_policies 1294 +#define OBJ_ms_app_policies OBJ_ms_corp,21L,10L #define SN_idea_cbc "IDEA-CBC" #define LN_idea_cbc "idea-cbc" @@ -1503,6 +1553,18 @@ #define NID_id_mod_cmp2000 284 #define OBJ_id_mod_cmp2000 OBJ_id_pkix_mod,16L +#define SN_id_mod_cmp2000_02 "id-mod-cmp2000-02" +#define NID_id_mod_cmp2000_02 1251 +#define OBJ_id_mod_cmp2000_02 OBJ_id_pkix_mod,50L + +#define SN_id_mod_cmp2021_88 "id-mod-cmp2021-88" +#define NID_id_mod_cmp2021_88 1252 +#define OBJ_id_mod_cmp2021_88 OBJ_id_pkix_mod,99L + +#define SN_id_mod_cmp2021_02 "id-mod-cmp2021-02" +#define NID_id_mod_cmp2021_02 1253 +#define OBJ_id_mod_cmp2021_02 OBJ_id_pkix_mod,100L + #define SN_info_access "authorityInfoAccess" #define LN_info_access "Authority Information Access" #define NID_info_access 177 @@ -1783,6 +1845,22 @@ #define NID_id_it_certReqTemplate 1225 #define OBJ_id_it_certReqTemplate OBJ_id_it,19L +#define SN_id_it_rootCaCert "id-it-rootCaCert" +#define NID_id_it_rootCaCert 1254 +#define OBJ_id_it_rootCaCert OBJ_id_it,20L + +#define SN_id_it_certProfile "id-it-certProfile" +#define NID_id_it_certProfile 1255 +#define OBJ_id_it_certProfile OBJ_id_it,21L + +#define SN_id_it_crlStatusList "id-it-crlStatusList" +#define NID_id_it_crlStatusList 1256 +#define OBJ_id_it_crlStatusList OBJ_id_it,22L + +#define SN_id_it_crls "id-it-crls" +#define NID_id_it_crls 1257 +#define OBJ_id_it_crls OBJ_id_it,23L + #define SN_id_regCtrl "id-regCtrl" #define NID_id_regCtrl 313 #define OBJ_id_regCtrl OBJ_id_pkip,1L @@ -1815,6 +1893,18 @@ #define NID_id_regCtrl_protocolEncrKey 320 #define OBJ_id_regCtrl_protocolEncrKey OBJ_id_regCtrl,6L +#define SN_id_regCtrl_altCertTemplate "id-regCtrl-altCertTemplate" +#define NID_id_regCtrl_altCertTemplate 1258 +#define OBJ_id_regCtrl_altCertTemplate OBJ_id_regCtrl,7L + +#define SN_id_regCtrl_algId "id-regCtrl-algId" +#define NID_id_regCtrl_algId 1259 +#define OBJ_id_regCtrl_algId OBJ_id_regCtrl,11L + +#define SN_id_regCtrl_rsaKeyLen "id-regCtrl-rsaKeyLen" +#define NID_id_regCtrl_rsaKeyLen 1260 +#define OBJ_id_regCtrl_rsaKeyLen OBJ_id_regCtrl,12L + #define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs" #define NID_id_regInfo_utf8Pairs 321 #define OBJ_id_regInfo_utf8Pairs OBJ_id_regInfo,1L @@ -2649,11 +2739,56 @@ #define NID_ext_key_usage 126 #define OBJ_ext_key_usage OBJ_id_ce,37L +#define SN_authority_attribute_identifier "authorityAttributeIdentifier" +#define LN_authority_attribute_identifier "X509v3 Authority Attribute Identifier" +#define NID_authority_attribute_identifier 1295 +#define OBJ_authority_attribute_identifier OBJ_id_ce,38L + +#define SN_role_spec_cert_identifier "roleSpecCertIdentifier" +#define LN_role_spec_cert_identifier "X509v3 Role Specification Certificate Identifier" +#define NID_role_spec_cert_identifier 1296 +#define OBJ_role_spec_cert_identifier OBJ_id_ce,39L + +#define SN_basic_att_constraints "basicAttConstraints" +#define LN_basic_att_constraints "X509v3 Basic Attribute Certificate Constraints" +#define NID_basic_att_constraints 1297 +#define OBJ_basic_att_constraints OBJ_id_ce,41L + +#define SN_delegated_name_constraints "delegatedNameConstraints" +#define LN_delegated_name_constraints "X509v3 Delegated Name Constraints" +#define NID_delegated_name_constraints 1298 +#define OBJ_delegated_name_constraints OBJ_id_ce,42L + +#define SN_time_specification "timeSpecification" +#define LN_time_specification "X509v3 Time Specification" +#define NID_time_specification 1299 +#define OBJ_time_specification OBJ_id_ce,43L + #define SN_freshest_crl "freshestCRL" #define LN_freshest_crl "X509v3 Freshest CRL" #define NID_freshest_crl 857 #define OBJ_freshest_crl OBJ_id_ce,46L +#define SN_attribute_descriptor "attributeDescriptor" +#define LN_attribute_descriptor "X509v3 Attribute Descriptor" +#define NID_attribute_descriptor 1300 +#define OBJ_attribute_descriptor OBJ_id_ce,48L + +#define SN_user_notice "userNotice" +#define LN_user_notice "X509v3 User Notice" +#define NID_user_notice 1301 +#define OBJ_user_notice OBJ_id_ce,49L + +#define SN_soa_identifier "sOAIdentifier" +#define LN_soa_identifier "X509v3 Source of Authority Identifier" +#define NID_soa_identifier 1302 +#define OBJ_soa_identifier OBJ_id_ce,50L + +#define SN_acceptable_cert_policies "acceptableCertPolicies" +#define LN_acceptable_cert_policies "X509v3 Acceptable Certification Policies" +#define NID_acceptable_cert_policies 1303 +#define OBJ_acceptable_cert_policies OBJ_id_ce,52L + #define SN_inhibit_any_policy "inhibitAnyPolicy" #define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" #define NID_inhibit_any_policy 748 @@ -2669,6 +2804,86 @@ #define NID_no_rev_avail 403 #define OBJ_no_rev_avail OBJ_id_ce,56L +#define SN_acceptable_privilege_policies "acceptablePrivPolicies" +#define LN_acceptable_privilege_policies "X509v3 Acceptable Privilege Policies" +#define NID_acceptable_privilege_policies 1304 +#define OBJ_acceptable_privilege_policies OBJ_id_ce,57L + +#define SN_indirect_issuer "indirectIssuer" +#define LN_indirect_issuer "X509v3 Indirect Issuer" +#define NID_indirect_issuer 1305 +#define OBJ_indirect_issuer OBJ_id_ce,61L + +#define SN_no_assertion "noAssertion" +#define LN_no_assertion "X509v3 No Assertion" +#define NID_no_assertion 1306 +#define OBJ_no_assertion OBJ_id_ce,62L + +#define SN_id_aa_issuing_distribution_point "aAissuingDistributionPoint" +#define LN_id_aa_issuing_distribution_point "X509v3 Attribute Authority Issuing Distribution Point" +#define NID_id_aa_issuing_distribution_point 1307 +#define OBJ_id_aa_issuing_distribution_point OBJ_id_ce,63L + +#define SN_issued_on_behalf_of "issuedOnBehalfOf" +#define LN_issued_on_behalf_of "X509v3 Issued On Behalf Of" +#define NID_issued_on_behalf_of 1308 +#define OBJ_issued_on_behalf_of OBJ_id_ce,64L + +#define SN_single_use "singleUse" +#define LN_single_use "X509v3 Single Use" +#define NID_single_use 1309 +#define OBJ_single_use OBJ_id_ce,65L + +#define SN_group_ac "groupAC" +#define LN_group_ac "X509v3 Group Attribute Certificate" +#define NID_group_ac 1310 +#define OBJ_group_ac OBJ_id_ce,66L + +#define SN_allowed_attribute_assignments "allowedAttributeAssignments" +#define LN_allowed_attribute_assignments "X509v3 Allowed Attribute Assignments" +#define NID_allowed_attribute_assignments 1311 +#define OBJ_allowed_attribute_assignments OBJ_id_ce,67L + +#define SN_attribute_mappings "attributeMappings" +#define LN_attribute_mappings "X509v3 Attribute Mappings" +#define NID_attribute_mappings 1312 +#define OBJ_attribute_mappings OBJ_id_ce,68L + +#define SN_holder_name_constraints "holderNameConstraints" +#define LN_holder_name_constraints "X509v3 Holder Name Constraints" +#define NID_holder_name_constraints 1313 +#define OBJ_holder_name_constraints OBJ_id_ce,69L + +#define SN_authorization_validation "authorizationValidation" +#define LN_authorization_validation "X509v3 Authorization Validation" +#define NID_authorization_validation 1314 +#define OBJ_authorization_validation OBJ_id_ce,70L + +#define SN_prot_restrict "protRestrict" +#define LN_prot_restrict "X509v3 Protocol Restriction" +#define NID_prot_restrict 1315 +#define OBJ_prot_restrict OBJ_id_ce,71L + +#define SN_subject_alt_public_key_info "subjectAltPublicKeyInfo" +#define LN_subject_alt_public_key_info "X509v3 Subject Alternative Public Key Info" +#define NID_subject_alt_public_key_info 1316 +#define OBJ_subject_alt_public_key_info OBJ_id_ce,72L + +#define SN_alt_signature_algorithm "altSignatureAlgorithm" +#define LN_alt_signature_algorithm "X509v3 Alternative Signature Algorithm" +#define NID_alt_signature_algorithm 1317 +#define OBJ_alt_signature_algorithm OBJ_id_ce,73L + +#define SN_alt_signature_value "altSignatureValue" +#define LN_alt_signature_value "X509v3 Alternative Signature Value" +#define NID_alt_signature_value 1318 +#define OBJ_alt_signature_value OBJ_id_ce,74L + +#define SN_associated_information "associatedInformation" +#define LN_associated_information "X509v3 Associated Information" +#define NID_associated_information 1319 +#define OBJ_associated_information OBJ_id_ce,75L + #define SN_anyExtendedKeyUsage "anyExtendedKeyUsage" #define LN_anyExtendedKeyUsage "Any Extended Key Usage" #define NID_anyExtendedKeyUsage 910 @@ -3220,6 +3435,70 @@ #define NID_hold_instruction_reject 433 #define OBJ_hold_instruction_reject OBJ_holdInstruction,3L +#define SN_itu_t_identified_organization "itu-t-identified-organization" +#define NID_itu_t_identified_organization 1264 +#define OBJ_itu_t_identified_organization OBJ_itu_t,4L + +#define SN_etsi "etsi" +#define NID_etsi 1265 +#define OBJ_etsi OBJ_itu_t_identified_organization,0L + +#define SN_electronic_signature_standard "electronic-signature-standard" +#define NID_electronic_signature_standard 1266 +#define OBJ_electronic_signature_standard OBJ_etsi,1733L + +#define SN_ess_attributes "ess-attributes" +#define NID_ess_attributes 1267 +#define OBJ_ess_attributes OBJ_electronic_signature_standard,2L + +#define SN_id_aa_ets_mimeType "id-aa-ets-mimeType" +#define NID_id_aa_ets_mimeType 1268 +#define OBJ_id_aa_ets_mimeType OBJ_ess_attributes,1L + +#define SN_id_aa_ets_longTermValidation "id-aa-ets-longTermValidation" +#define NID_id_aa_ets_longTermValidation 1269 +#define OBJ_id_aa_ets_longTermValidation OBJ_ess_attributes,2L + +#define SN_id_aa_ets_SignaturePolicyDocument "id-aa-ets-SignaturePolicyDocument" +#define NID_id_aa_ets_SignaturePolicyDocument 1270 +#define OBJ_id_aa_ets_SignaturePolicyDocument OBJ_ess_attributes,3L + +#define SN_id_aa_ets_archiveTimestampV3 "id-aa-ets-archiveTimestampV3" +#define NID_id_aa_ets_archiveTimestampV3 1271 +#define OBJ_id_aa_ets_archiveTimestampV3 OBJ_ess_attributes,4L + +#define SN_id_aa_ATSHashIndex "id-aa-ATSHashIndex" +#define NID_id_aa_ATSHashIndex 1272 +#define OBJ_id_aa_ATSHashIndex OBJ_ess_attributes,5L + +#define SN_cades "cades" +#define NID_cades 1273 +#define OBJ_cades OBJ_etsi,19122L + +#define SN_cades_attributes "cades-attributes" +#define NID_cades_attributes 1274 +#define OBJ_cades_attributes OBJ_cades,1L + +#define SN_id_aa_ets_signerAttrV2 "id-aa-ets-signerAttrV2" +#define NID_id_aa_ets_signerAttrV2 1275 +#define OBJ_id_aa_ets_signerAttrV2 OBJ_cades_attributes,1L + +#define SN_id_aa_ets_sigPolicyStore "id-aa-ets-sigPolicyStore" +#define NID_id_aa_ets_sigPolicyStore 1276 +#define OBJ_id_aa_ets_sigPolicyStore OBJ_cades_attributes,3L + +#define SN_id_aa_ATSHashIndex_v2 "id-aa-ATSHashIndex-v2" +#define NID_id_aa_ATSHashIndex_v2 1277 +#define OBJ_id_aa_ATSHashIndex_v2 OBJ_cades_attributes,4L + +#define SN_id_aa_ATSHashIndex_v3 "id-aa-ATSHashIndex-v3" +#define NID_id_aa_ATSHashIndex_v3 1278 +#define OBJ_id_aa_ATSHashIndex_v3 OBJ_cades_attributes,5L + +#define SN_signedAssertion "signedAssertion" +#define NID_signedAssertion 1279 +#define OBJ_signedAssertion OBJ_cades_attributes,6L + #define SN_data "data" #define NID_data 434 #define OBJ_data OBJ_itu_t,9L @@ -4952,6 +5231,21 @@ #define NID_sm4_ctr 1139 #define OBJ_sm4_ctr OBJ_sm_scheme,104L,7L +#define SN_sm4_gcm "SM4-GCM" +#define LN_sm4_gcm "sm4-gcm" +#define NID_sm4_gcm 1248 +#define OBJ_sm4_gcm OBJ_sm_scheme,104L,8L + +#define SN_sm4_ccm "SM4-CCM" +#define LN_sm4_ccm "sm4-ccm" +#define NID_sm4_ccm 1249 +#define OBJ_sm4_ccm OBJ_sm_scheme,104L,9L + +#define SN_sm4_xts "SM4-XTS" +#define LN_sm4_xts "sm4-xts" +#define NID_sm4_xts 1290 +#define OBJ_sm4_xts OBJ_sm_scheme,104L,10L + #define SN_hmac "HMAC" #define LN_hmac "hmac" #define NID_hmac 855 @@ -5029,6 +5323,9 @@ #define NID_brainpoolP256r1 927 #define OBJ_brainpoolP256r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,7L +#define SN_brainpoolP256r1tls13 "brainpoolP256r1tls13" +#define NID_brainpoolP256r1tls13 1285 + #define SN_brainpoolP256t1 "brainpoolP256t1" #define NID_brainpoolP256t1 928 #define OBJ_brainpoolP256t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,8L @@ -5045,6 +5342,9 @@ #define NID_brainpoolP384r1 931 #define OBJ_brainpoolP384r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,11L +#define SN_brainpoolP384r1tls13 "brainpoolP384r1tls13" +#define NID_brainpoolP384r1tls13 1286 + #define SN_brainpoolP384t1 "brainpoolP384t1" #define NID_brainpoolP384t1 932 #define OBJ_brainpoolP384t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,12L @@ -5053,6 +5353,9 @@ #define NID_brainpoolP512r1 933 #define OBJ_brainpoolP512r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,13L +#define SN_brainpoolP512r1tls13 "brainpoolP512r1tls13" +#define NID_brainpoolP512r1tls13 1287 + #define SN_brainpoolP512t1 "brainpoolP512t1" #define NID_brainpoolP512t1 934 #define OBJ_brainpoolP512t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,14L @@ -5130,17 +5433,17 @@ #define SN_jurisdictionLocalityName "jurisdictionL" #define LN_jurisdictionLocalityName "jurisdictionLocalityName" #define NID_jurisdictionLocalityName 955 -#define OBJ_jurisdictionLocalityName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L +#define OBJ_jurisdictionLocalityName OBJ_ms_corp,60L,2L,1L,1L #define SN_jurisdictionStateOrProvinceName "jurisdictionST" #define LN_jurisdictionStateOrProvinceName "jurisdictionStateOrProvinceName" #define NID_jurisdictionStateOrProvinceName 956 -#define OBJ_jurisdictionStateOrProvinceName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L +#define OBJ_jurisdictionStateOrProvinceName OBJ_ms_corp,60L,2L,1L,2L #define SN_jurisdictionCountryName "jurisdictionC" #define LN_jurisdictionCountryName "jurisdictionCountryName" #define NID_jurisdictionCountryName 957 -#define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L +#define OBJ_jurisdictionCountryName OBJ_ms_corp,60L,2L,1L,3L #define SN_id_scrypt "id-scrypt" #define LN_id_scrypt "scrypt" @@ -5432,6 +5735,24 @@ #define LN_aes_256_siv "aes-256-siv" #define NID_aes_256_siv 1200 +#define SN_oracle "oracle-organization" +#define LN_oracle "Oracle organization" +#define NID_oracle 1282 +#define OBJ_oracle OBJ_joint_iso_itu_t,16L,840L,1L,113894L + +#define SN_oracle_jdk_trustedkeyusage "oracle-jdk-trustedkeyusage" +#define LN_oracle_jdk_trustedkeyusage "Trusted key usage (Oracle)" +#define NID_oracle_jdk_trustedkeyusage 1283 +#define OBJ_oracle_jdk_trustedkeyusage OBJ_oracle,746875L,1L,1L + +#define SN_brotli "brotli" +#define LN_brotli "Brotli compression" +#define NID_brotli 1288 + +#define SN_zstd "zstd" +#define LN_zstd "Zstandard compression" +#define NID_zstd 1289 + #endif /* OPENSSL_OBJ_MAC_H */ #ifndef OPENSSL_NO_DEPRECATED_3_0 diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/opensslv.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/opensslv.h index b87a4aa1..7f1ecf66 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/opensslv.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/opensslv.h @@ -28,8 +28,8 @@ extern "C" { * These macros express version number MAJOR.MINOR.PATCH exactly */ # define OPENSSL_VERSION_MAJOR 3 -# define OPENSSL_VERSION_MINOR 1 -# define OPENSSL_VERSION_PATCH 4 +# define OPENSSL_VERSION_MINOR 2 +# define OPENSSL_VERSION_PATCH 0 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.1.4" -# define OPENSSL_FULL_VERSION_STR "3.1.4" +# define OPENSSL_VERSION_STR "3.2.0" +# define OPENSSL_FULL_VERSION_STR "3.2.0" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "24 Oct 2023" +# define OPENSSL_RELEASE_DATE "23 Nov 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.4 24 Oct 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.0 23 Nov 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pem.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pem.h index 000d9c89..0446c770 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pem.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pem.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -57,6 +57,7 @@ extern "C" { # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" # define PEM_STRING_PARAMETERS "PARAMETERS" # define PEM_STRING_CMS "CMS" +# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS" # define PEM_TYPE_ENCRYPTED 10 # define PEM_TYPE_MIC_ONLY 20 diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pkcs12.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pkcs12.h index 9e20fc1a..b08b0bc2 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pkcs12.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pkcs12.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/pkcs12.h.in * - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -44,6 +44,7 @@ extern "C" { # define PKCS12_MAC_KEY_LENGTH 20 +/* The macro is expected to be used only internally. Kept for backwards compatibility. */ # define PKCS12_SALT_LEN 8 /* It's not clear if these are actually needed... */ @@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag); const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag); +X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq); X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); +X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq); X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); const STACK_OF(PKCS12_SAFEBAG) * PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); @@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); const STACK_OF(X509_ATTRIBUTE) * PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); +void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs); unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, int passlen, const unsigned char *in, int inlen, @@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) void PKCS12_PBE_add(void); int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); +typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg); PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, int keytype); @@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, int keytype, OSSL_LIB_CTX *ctx, const char *propq); +PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey, + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, + int iter, int mac_iter, int keytype, + OSSL_LIB_CTX *ctx, const char *propq, + PKCS12_create_cb *cb, void *cbarg); PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pkcs12.h.in b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pkcs12.h.in index cf956b41..35759d4d 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pkcs12.h.in +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pkcs12.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -45,6 +45,7 @@ extern "C" { # define PKCS12_MAC_KEY_LENGTH 20 +/* The macro is expected to be used only internally. Kept for backwards compatibility. */ # define PKCS12_SALT_LEN 8 /* It's not clear if these are actually needed... */ @@ -110,7 +111,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag); const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag); +X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq); X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); +X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq); X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); const STACK_OF(PKCS12_SAFEBAG) * PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); @@ -198,6 +201,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); const STACK_OF(X509_ATTRIBUTE) * PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); +void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs); unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, int passlen, const unsigned char *in, int inlen, @@ -285,6 +289,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) void PKCS12_PBE_add(void); int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); +typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg); PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, int keytype); @@ -292,6 +297,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, int keytype, OSSL_LIB_CTX *ctx, const char *propq); +PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey, + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, + int iter, int mac_iter, int keytype, + OSSL_LIB_CTX *ctx, const char *propq, + PKCS12_create_cb *cb, void *cbarg); PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pkcs12err.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pkcs12err.h index 933c8329..abce3736 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pkcs12err.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pkcs12err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,6 +21,7 @@ /* * PKCS12 reason codes. */ +# define PKCS12_R_CALLBACK_FAILED 115 # define PKCS12_R_CANT_PACK_STRUCTURE 100 # define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 # define PKCS12_R_DECODE_ERROR 101 diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pkcs7.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pkcs7.h index f824546c..dc46c511 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pkcs7.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pkcs7.h @@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF typedef struct pkcs7_signed_st { ASN1_INTEGER *version; /* version 1 */ STACK_OF(X509_ALGOR) *md_algs; /* md used */ - STACK_OF(X509) *cert; /* [ 0 ] */ - STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(X509) *cert; /* [ 0 ] */ /* name should be 'certificates' */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ /* name should be 'crls' */ STACK_OF(PKCS7_SIGNER_INFO) *signer_info; struct pkcs7_st *contents; } PKCS7_SIGNED; @@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st { typedef struct pkcs7_signedandenveloped_st { ASN1_INTEGER *version; /* version 1 */ STACK_OF(X509_ALGOR) *md_algs; /* md used */ - STACK_OF(X509) *cert; /* [ 0 ] */ - STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(X509) *cert; /* [ 0 ] */ /* name should be 'certificates' */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ /* name should be 'crls' */ STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_ENC_CONTENT *enc_data; STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; @@ -203,7 +203,7 @@ typedef struct pkcs7_st { /* NID_pkcs7_data */ ASN1_OCTET_STRING *data; /* NID_pkcs7_signed */ - PKCS7_SIGNED *sign; + PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */ /* NID_pkcs7_enveloped */ PKCS7_ENVELOPE *enveloped; /* NID_pkcs7_signedAndEnveloped */ @@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst); int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); -int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); -int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); +int PKCS7_add_certificate(PKCS7 *p7, X509 *cert); +int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl); int PKCS7_content_new(PKCS7 *p7, int nid); int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - X509 *x509); + X509 *signer); BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pkcs7.h.in b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pkcs7.h.in index a346bc74..11a636e1 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pkcs7.h.in +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/pkcs7.h.in @@ -87,8 +87,8 @@ typedef struct pkcs7_recip_info_st { typedef struct pkcs7_signed_st { ASN1_INTEGER *version; /* version 1 */ STACK_OF(X509_ALGOR) *md_algs; /* md used */ - STACK_OF(X509) *cert; /* [ 0 ] */ - STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(X509) *cert; /* [ 0 ] */ /* name should be 'certificates' */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ /* name should be 'crls' */ STACK_OF(PKCS7_SIGNER_INFO) *signer_info; struct pkcs7_st *contents; } PKCS7_SIGNED; @@ -114,8 +114,8 @@ typedef struct pkcs7_enveloped_st { typedef struct pkcs7_signedandenveloped_st { ASN1_INTEGER *version; /* version 1 */ STACK_OF(X509_ALGOR) *md_algs; /* md used */ - STACK_OF(X509) *cert; /* [ 0 ] */ - STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(X509) *cert; /* [ 0 ] */ /* name should be 'certificates' */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ /* name should be 'crls' */ STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_ENC_CONTENT *enc_data; STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; @@ -156,7 +156,7 @@ typedef struct pkcs7_st { /* NID_pkcs7_data */ ASN1_OCTET_STRING *data; /* NID_pkcs7_signed */ - PKCS7_SIGNED *sign; + PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */ /* NID_pkcs7_enveloped */ PKCS7_ENVELOPE *enveloped; /* NID_pkcs7_signedAndEnveloped */ @@ -273,13 +273,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst); int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); -int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); -int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); +int PKCS7_add_certificate(PKCS7 *p7, X509 *cert); +int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl); int PKCS7_content_new(PKCS7 *p7, int nid); int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - X509 *x509); + X509 *signer); BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/prov_ssl.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/prov_ssl.h index d3e0896c..76d01e1e 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/prov_ssl.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/prov_ssl.h @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,6 +19,7 @@ extern "C" { # define SSL_MAX_MASTER_KEY_LENGTH 48 +/* SSL/TLS uses a 2 byte unsigned version number */ # define SSL3_VERSION 0x0300 # define TLS1_VERSION 0x0301 # define TLS1_1_VERSION 0x0302 @@ -28,6 +29,9 @@ extern "C" { # define DTLS1_2_VERSION 0xFEFD # define DTLS1_BAD_VER 0x0100 +/* QUIC uses a 4 byte unsigned version number */ +# define OSSL_QUIC1_VERSION 0x0000001 + # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/proverr.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/proverr.h index 5d5c16d9..d9ef5681 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/proverr.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/proverr.h @@ -52,6 +52,7 @@ # define PROV_R_INDICATOR_INTEGRITY_FAILURE 210 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH 181 # define PROV_R_INVALID_AAD 108 +# define PROV_R_INVALID_AEAD 231 # define PROV_R_INVALID_CONFIG_DATA 211 # define PROV_R_INVALID_CONSTANT_LENGTH 157 # define PROV_R_INVALID_CURVE 176 @@ -63,9 +64,11 @@ # define PROV_R_INVALID_INPUT_LENGTH 230 # define PROV_R_INVALID_ITERATION_COUNT 123 # define PROV_R_INVALID_IV_LENGTH 109 +# define PROV_R_INVALID_KDF 232 # define PROV_R_INVALID_KEY 158 # define PROV_R_INVALID_KEY_LENGTH 105 # define PROV_R_INVALID_MAC 151 +# define PROV_R_INVALID_MEMORY_SIZE 235 # define PROV_R_INVALID_MGF1_MD 167 # define PROV_R_INVALID_MODE 125 # define PROV_R_INVALID_OUTPUT_LENGTH 217 @@ -77,6 +80,7 @@ # define PROV_R_INVALID_STATE 212 # define PROV_R_INVALID_TAG 110 # define PROV_R_INVALID_TAG_LENGTH 118 +# define PROV_R_INVALID_THREAD_POOL_SIZE 234 # define PROV_R_INVALID_UKM_LENGTH 200 # define PROV_R_INVALID_X931_DIGEST 170 # define PROV_R_IN_ERROR_STATE 192 diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/provider.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/provider.h index dc86ff58..24ec0827 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/provider.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/provider.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,13 +17,19 @@ extern "C" { # endif -/* Set the default provider search path */ +/* Set and Get a library context search path */ int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path); +const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx); /* Load and unload a provider */ OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name); +OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name, + OSSL_PARAM *params); OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name, int retain_fallbacks); +OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name, + OSSL_PARAM *params, + int retain_fallbacks); int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov); int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name); int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx, diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/quic.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/quic.h new file mode 100644 index 00000000..74a6345d --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/quic.h @@ -0,0 +1,37 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_QUIC_H +# define OPENSSL_QUIC_H +# pragma once + +# include +# include + +# ifndef OPENSSL_NO_QUIC + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * Method used for non-thread-assisted QUIC client operation. + */ +__owur const SSL_METHOD *OSSL_QUIC_client_method(void); +/* + * Method used for thread-assisted QUIC client operation. + */ +__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void); + +# ifdef __cplusplus +} +# endif + +# endif /* OPENSSL_NO_QUIC */ +#endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/rand.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/rand.h index 90e0f0a0..1fa1129e 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/rand.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/rand.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/rsa.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/rsa.h index d0c95992..167427d3 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/rsa.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/rsa.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) +# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14) + # define RSA_PKCS1_PADDING 1 # define RSA_NO_PADDING 3 # define RSA_PKCS1_OAEP_PADDING 4 @@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); # define RSA_PKCS1_PSS_PADDING 6 # define RSA_PKCS1_WITH_TLS_PADDING 7 +/* internal RSA_ only */ +# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8 + # define RSA_PKCS1_PADDING_SIZE 11 # define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/sha.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/sha.h index 6e65a040..163a7d58 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/sha.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/sha.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c, unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md); unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); +# define SHA256_192_DIGEST_LENGTH 24 # define SHA224_DIGEST_LENGTH 28 # define SHA256_DIGEST_LENGTH 32 # define SHA384_DIGEST_LENGTH 48 diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/srtp.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/srtp.h index d64606e5..2c2c3344 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/srtp.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/srtp.h @@ -28,16 +28,28 @@ extern "C" { #endif -# define SRTP_AES128_CM_SHA1_80 0x0001 -# define SRTP_AES128_CM_SHA1_32 0x0002 -# define SRTP_AES128_F8_SHA1_80 0x0003 -# define SRTP_AES128_F8_SHA1_32 0x0004 -# define SRTP_NULL_SHA1_80 0x0005 -# define SRTP_NULL_SHA1_32 0x0006 +# define SRTP_AES128_CM_SHA1_80 0x0001 +# define SRTP_AES128_CM_SHA1_32 0x0002 +# define SRTP_AES128_F8_SHA1_80 0x0003 +# define SRTP_AES128_F8_SHA1_32 0x0004 +# define SRTP_NULL_SHA1_80 0x0005 +# define SRTP_NULL_SHA1_32 0x0006 /* AEAD SRTP protection profiles from RFC 7714 */ -# define SRTP_AEAD_AES_128_GCM 0x0007 -# define SRTP_AEAD_AES_256_GCM 0x0008 +# define SRTP_AEAD_AES_128_GCM 0x0007 +# define SRTP_AEAD_AES_256_GCM 0x0008 + +/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */ +# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM 0x0009 +# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM 0x000A + +/* ARIA SRTP protection profiles from RFC 8269 */ +# define SRTP_ARIA_128_CTR_HMAC_SHA1_80 0x000B +# define SRTP_ARIA_128_CTR_HMAC_SHA1_32 0x000C +# define SRTP_ARIA_256_CTR_HMAC_SHA1_80 0x000D +# define SRTP_ARIA_256_CTR_HMAC_SHA1_32 0x000E +# define SRTP_AEAD_ARIA_128_GCM 0x000F +# define SRTP_AEAD_ARIA_256_GCM 0x0010 # ifndef OPENSSL_NO_SRTP diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ssl.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ssl.h index 942f20e6..2b43485f 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ssl.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ssl.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/ssl.h.in * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -24,6 +24,7 @@ # endif # include +# include # include # include # include @@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, /* Extension context codes */ /* This extension is only allowed in TLS */ -#define SSL_EXT_TLS_ONLY 0x0001 +#define SSL_EXT_TLS_ONLY 0x00001 /* This extension is only allowed in DTLS */ -#define SSL_EXT_DTLS_ONLY 0x0002 +#define SSL_EXT_DTLS_ONLY 0x00002 /* Some extensions may be allowed in DTLS but we don't implement them for it */ -#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004 +#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x00004 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ -#define SSL_EXT_SSL3_ALLOWED 0x0008 +#define SSL_EXT_SSL3_ALLOWED 0x00008 /* Extension is only defined for TLS1.2 and below */ -#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010 +#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x00010 /* Extension is only defined for TLS1.3 and above */ -#define SSL_EXT_TLS1_3_ONLY 0x0020 +#define SSL_EXT_TLS1_3_ONLY 0x00020 /* Ignore this extension during parsing if we are resuming */ -#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040 -#define SSL_EXT_CLIENT_HELLO 0x0080 +#define SSL_EXT_IGNORE_ON_RESUMPTION 0x00040 +#define SSL_EXT_CLIENT_HELLO 0x00080 /* Really means TLS1.2 or below */ -#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100 -#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200 -#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400 -#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800 -#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000 -#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000 -#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000 +#define SSL_EXT_TLS1_2_SERVER_HELLO 0x00100 +#define SSL_EXT_TLS1_3_SERVER_HELLO 0x00200 +#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x00400 +#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x00800 +#define SSL_EXT_TLS1_3_CERTIFICATE 0x01000 +#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x02000 +#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x04000 +#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION 0x08000 +/* When sending a raw public key in a certificate message */ +#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY 0x10000 /* Typedefs for handling custom extensions */ @@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); * interoperability with CryptoPro CSP 3.x */ # define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31) +/* + * Disable RFC8879 certificate compression + * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates, + * and ignore the extension when received. + * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and + * subsequently indicating that receiving is not supported + */ +# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION SSL_OP_BIT(32) +# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION SSL_OP_BIT(33) + /* Enable KTLS TX zerocopy on Linux */ +# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE SSL_OP_BIT(34) /* * Option "collections." @@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); # define CERT_PKEY_CERT_TYPE 0x400 /* Cert chain suitable to Suite B */ # define CERT_PKEY_SUITEB 0x800 +/* Cert pkey valid for raw public key use */ +# define CERT_PKEY_RPK 0x1000 # define SSL_CONF_FLAG_CMDLINE 0x1 # define SSL_CONF_FLAG_FILE 0x2 @@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s); # include /* This is mostly sslv3 with a few tweaks */ # include /* Datagram TLS */ # include /* Support for the use_srtp extension */ +# include #ifdef __cplusplus extern "C" { @@ -1069,6 +1087,7 @@ typedef enum { DTLS_ST_CR_HELLO_VERIFY_REQUEST, TLS_ST_CR_SRVR_HELLO, TLS_ST_CR_CERT, + TLS_ST_CR_COMP_CERT, TLS_ST_CR_CERT_STATUS, TLS_ST_CR_KEY_EXCH, TLS_ST_CR_CERT_REQ, @@ -1078,6 +1097,7 @@ typedef enum { TLS_ST_CR_FINISHED, TLS_ST_CW_CLNT_HELLO, TLS_ST_CW_CERT, + TLS_ST_CW_COMP_CERT, TLS_ST_CW_KEY_EXCH, TLS_ST_CW_CERT_VRFY, TLS_ST_CW_CHANGE, @@ -1088,10 +1108,12 @@ typedef enum { DTLS_ST_SW_HELLO_VERIFY_REQUEST, TLS_ST_SW_SRVR_HELLO, TLS_ST_SW_CERT, + TLS_ST_SW_COMP_CERT, TLS_ST_SW_KEY_EXCH, TLS_ST_SW_CERT_REQ, TLS_ST_SW_SRVR_DONE, TLS_ST_SR_CERT, + TLS_ST_SR_COMP_CERT, TLS_ST_SR_KEY_EXCH, TLS_ST_SR_CERT_VRFY, TLS_ST_SR_NEXT_PROTO, @@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_GET_SIGNATURE_NID 132 # define SSL_CTRL_GET_TMP_KEY 133 # define SSL_CTRL_GET_NEGOTIATED_GROUP 134 +# define SSL_CTRL_GET_IANA_GROUPS 135 # define SSL_CTRL_SET_RETRY_VERIFY 136 # define SSL_CTRL_GET_VERIFY_CERT_STORE 137 # define SSL_CTRL_GET_CHAIN_CERT_STORE 138 @@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_get1_groups(s, glist) \ SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) +# define SSL_get0_iana_groups(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst)) # define SSL_CTX_set1_groups(ctx, glist, glistlen) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist)) # define SSL_CTX_set1_groups_list(ctx, s) \ @@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_get_max_proto_version(s) \ SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) +const char *SSL_get0_group_name(SSL *s); const char *SSL_group_to_name(SSL *s, int id); /* Backwards compatibility, original 1.1.0 names */ @@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s, unsigned int id_len); SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length); +SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp, + long length, OSSL_LIB_CTX *libctx, + const char *propq); # ifdef OPENSSL_X509_H __owur X509 *SSL_get0_peer_certificate(const SSL *s); @@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, SSL *SSL_new(SSL_CTX *ctx); int SSL_up_ref(SSL *s); int SSL_is_dtls(const SSL *s); +int SSL_is_tls(const SSL *s); +int SSL_is_quic(const SSL *s); __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len); @@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out); int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen); +int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts, + size_t *num_exts); int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out, size_t *outlen); @@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s); __owur int SSL_get_error(const SSL *s, int ret_code); __owur const char *SSL_get_version(const SSL *s); +__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt); /* This sets the 'default' SSL version that SSL_new() will create */ # ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s); int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); +/* QUIC support */ +int SSL_handle_events(SSL *s); +__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite); +__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc); +__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc); +__owur int SSL_net_read_desired(SSL *s); +__owur int SSL_net_write_desired(SSL *s); +__owur int SSL_set_blocking_mode(SSL *s, int blocking); +__owur int SSL_get_blocking_mode(SSL *s); +__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr); +__owur SSL *SSL_get0_connection(SSL *s); +__owur int SSL_is_connection(SSL *s); + +#define SSL_STREAM_TYPE_NONE 0 +#define SSL_STREAM_TYPE_READ (1U << 0) +#define SSL_STREAM_TYPE_WRITE (1U << 1) +#define SSL_STREAM_TYPE_BIDI (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE) +__owur int SSL_get_stream_type(SSL *s); + +__owur uint64_t SSL_get_stream_id(SSL *s); +__owur int SSL_is_stream_local(SSL *s); + +#define SSL_DEFAULT_STREAM_MODE_NONE 0 +#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI 1 +#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI 2 +__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode); + +#define SSL_STREAM_FLAG_UNI (1U << 0) +#define SSL_STREAM_FLAG_NO_BLOCK (1U << 1) +#define SSL_STREAM_FLAG_ADVANCE (1U << 2) +__owur SSL *SSL_new_stream(SSL *s, uint64_t flags); + +#define SSL_INCOMING_STREAM_POLICY_AUTO 0 +#define SSL_INCOMING_STREAM_POLICY_ACCEPT 1 +#define SSL_INCOMING_STREAM_POLICY_REJECT 2 +__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec); + +#define SSL_ACCEPT_STREAM_NO_BLOCK (1U << 0) +__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags); +__owur size_t SSL_get_accept_stream_queue_len(SSL *s); + +# ifndef OPENSSL_NO_QUIC +__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf, + size_t buf_len, + const BIO_ADDR *peer, + const BIO_ADDR *local); +# endif + +typedef struct ssl_shutdown_ex_args_st { + uint64_t quic_error_code; + const char *quic_reason; +} SSL_SHUTDOWN_EX_ARGS; + +#define SSL_SHUTDOWN_FLAG_RAPID (1U << 0) +#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH (1U << 1) +#define SSL_SHUTDOWN_FLAG_NO_BLOCK (1U << 2) +#define SSL_SHUTDOWN_FLAG_WAIT_PEER (1U << 3) + +__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags, + const SSL_SHUTDOWN_EX_ARGS *args, + size_t args_len); + +__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags); + +typedef struct ssl_stream_reset_args_st { + uint64_t quic_error_code; +} SSL_STREAM_RESET_ARGS; + +__owur int SSL_stream_reset(SSL *ssl, + const SSL_STREAM_RESET_ARGS *args, + size_t args_len); + +#define SSL_STREAM_STATE_NONE 0 +#define SSL_STREAM_STATE_OK 1 +#define SSL_STREAM_STATE_WRONG_DIR 2 +#define SSL_STREAM_STATE_FINISHED 3 +#define SSL_STREAM_STATE_RESET_LOCAL 4 +#define SSL_STREAM_STATE_RESET_REMOTE 5 +#define SSL_STREAM_STATE_CONN_CLOSED 6 +__owur int SSL_get_stream_read_state(SSL *ssl); +__owur int SSL_get_stream_write_state(SSL *ssl); + +__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code); +__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code); + +#define SSL_CONN_CLOSE_FLAG_LOCAL (1U << 0) +#define SSL_CONN_CLOSE_FLAG_TRANSPORT (1U << 1) + +typedef struct ssl_conn_close_info_st { + uint64_t error_code, frame_type; + const char *reason; + size_t reason_len; + uint32_t flags; +} SSL_CONN_CLOSE_INFO; + +__owur int SSL_get_conn_close_info(SSL *ssl, + SSL_CONN_CLOSE_INFO *info, + size_t info_len); + # ifndef OPENSSL_NO_DEPRECATED_1_1_0 # define SSL_cache_hit(s) SSL_session_reused(s) # endif @@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s, const char *OSSL_default_cipher_list(void); const char *OSSL_default_ciphersuites(void); +/* RFC8879 Certificate compression APIs */ + +int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg); +int SSL_compress_certs(SSL *ssl, int alg); + +int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len); +int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len); + +int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data, + size_t comp_length, size_t orig_length); +int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data, + size_t comp_length, size_t orig_length); +size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len); +size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len); + +__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk); +__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s); +__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s); +__owur int SSL_get_negotiated_client_cert_type(const SSL *s); +__owur int SSL_get_negotiated_server_cert_type(const SSL *s); + +__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len); +__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len); +__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len); +__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len); +__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len); +__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len); +__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len); +__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len); + # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ssl.h.in b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ssl.h.in index f03f52fb..9f91039f 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ssl.h.in +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ssl.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -25,6 +25,7 @@ use OpenSSL::stackhash qw(generate_stack_macros generate_const_stack_macros); # endif # include +# include # include # include # include @@ -258,28 +259,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, /* Extension context codes */ /* This extension is only allowed in TLS */ -#define SSL_EXT_TLS_ONLY 0x0001 +#define SSL_EXT_TLS_ONLY 0x00001 /* This extension is only allowed in DTLS */ -#define SSL_EXT_DTLS_ONLY 0x0002 +#define SSL_EXT_DTLS_ONLY 0x00002 /* Some extensions may be allowed in DTLS but we don't implement them for it */ -#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004 +#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x00004 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ -#define SSL_EXT_SSL3_ALLOWED 0x0008 +#define SSL_EXT_SSL3_ALLOWED 0x00008 /* Extension is only defined for TLS1.2 and below */ -#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010 +#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x00010 /* Extension is only defined for TLS1.3 and above */ -#define SSL_EXT_TLS1_3_ONLY 0x0020 +#define SSL_EXT_TLS1_3_ONLY 0x00020 /* Ignore this extension during parsing if we are resuming */ -#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040 -#define SSL_EXT_CLIENT_HELLO 0x0080 +#define SSL_EXT_IGNORE_ON_RESUMPTION 0x00040 +#define SSL_EXT_CLIENT_HELLO 0x00080 /* Really means TLS1.2 or below */ -#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100 -#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200 -#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400 -#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800 -#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000 -#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000 -#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000 +#define SSL_EXT_TLS1_2_SERVER_HELLO 0x00100 +#define SSL_EXT_TLS1_3_SERVER_HELLO 0x00200 +#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x00400 +#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x00800 +#define SSL_EXT_TLS1_3_CERTIFICATE 0x01000 +#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x02000 +#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x04000 +#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION 0x08000 +/* When sending a raw public key in a certificate message */ +#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY 0x10000 /* Typedefs for handling custom extensions */ @@ -410,6 +414,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); * interoperability with CryptoPro CSP 3.x */ # define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31) +/* + * Disable RFC8879 certificate compression + * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates, + * and ignore the extension when received. + * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and + * subsequently indicating that receiving is not supported + */ +# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION SSL_OP_BIT(32) +# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION SSL_OP_BIT(33) + /* Enable KTLS TX zerocopy on Linux */ +# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE SSL_OP_BIT(34) /* * Option "collections." @@ -554,6 +569,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); # define CERT_PKEY_CERT_TYPE 0x400 /* Cert chain suitable to Suite B */ # define CERT_PKEY_SUITEB 0x800 +/* Cert pkey valid for raw public key use */ +# define CERT_PKEY_RPK 0x1000 # define SSL_CONF_FLAG_CMDLINE 0x1 # define SSL_CONF_FLAG_FILE 0x2 @@ -945,6 +962,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s); # include /* This is mostly sslv3 with a few tweaks */ # include /* Datagram TLS */ # include /* Support for the use_srtp extension */ +# include #ifdef __cplusplus extern "C" { @@ -997,6 +1015,7 @@ typedef enum { DTLS_ST_CR_HELLO_VERIFY_REQUEST, TLS_ST_CR_SRVR_HELLO, TLS_ST_CR_CERT, + TLS_ST_CR_COMP_CERT, TLS_ST_CR_CERT_STATUS, TLS_ST_CR_KEY_EXCH, TLS_ST_CR_CERT_REQ, @@ -1006,6 +1025,7 @@ typedef enum { TLS_ST_CR_FINISHED, TLS_ST_CW_CLNT_HELLO, TLS_ST_CW_CERT, + TLS_ST_CW_COMP_CERT, TLS_ST_CW_KEY_EXCH, TLS_ST_CW_CERT_VRFY, TLS_ST_CW_CHANGE, @@ -1016,10 +1036,12 @@ typedef enum { DTLS_ST_SW_HELLO_VERIFY_REQUEST, TLS_ST_SW_SRVR_HELLO, TLS_ST_SW_CERT, + TLS_ST_SW_COMP_CERT, TLS_ST_SW_KEY_EXCH, TLS_ST_SW_CERT_REQ, TLS_ST_SW_SRVR_DONE, TLS_ST_SR_CERT, + TLS_ST_SR_COMP_CERT, TLS_ST_SR_KEY_EXCH, TLS_ST_SR_CERT_VRFY, TLS_ST_SR_NEXT_PROTO, @@ -1311,6 +1333,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_GET_SIGNATURE_NID 132 # define SSL_CTRL_GET_TMP_KEY 133 # define SSL_CTRL_GET_NEGOTIATED_GROUP 134 +# define SSL_CTRL_GET_IANA_GROUPS 135 # define SSL_CTRL_SET_RETRY_VERIFY 136 # define SSL_CTRL_GET_VERIFY_CERT_STORE 137 # define SSL_CTRL_GET_CHAIN_CERT_STORE 138 @@ -1416,6 +1439,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_get1_groups(s, glist) \ SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) +# define SSL_get0_iana_groups(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst)) # define SSL_CTX_set1_groups(ctx, glist, glistlen) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist)) # define SSL_CTX_set1_groups_list(ctx, s) \ @@ -1480,6 +1505,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_get_max_proto_version(s) \ SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) +const char *SSL_get0_group_name(SSL *s); const char *SSL_group_to_name(SSL *s, int id); /* Backwards compatibility, original 1.1.0 names */ @@ -1714,6 +1740,9 @@ __owur int SSL_has_matching_session_id(const SSL *s, unsigned int id_len); SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length); +SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp, + long length, OSSL_LIB_CTX *libctx, + const char *propq); # ifdef OPENSSL_X509_H __owur X509 *SSL_get0_peer_certificate(const SSL *s); @@ -1771,6 +1800,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, SSL *SSL_new(SSL_CTX *ctx); int SSL_up_ref(SSL *s); int SSL_is_dtls(const SSL *s); +int SSL_is_tls(const SSL *s); +int SSL_is_quic(const SSL *s); __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len); @@ -1863,6 +1894,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out); int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen); +int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts, + size_t *num_exts); int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out, size_t *outlen); @@ -1917,6 +1950,7 @@ __owur int SSL_get_early_data_status(const SSL *s); __owur int SSL_get_error(const SSL *s, int ret_code); __owur const char *SSL_get_version(const SSL *s); +__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt); /* This sets the 'default' SSL version that SSL_new() will create */ # ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -2225,6 +2259,105 @@ size_t SSL_get_num_tickets(const SSL *s); int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); +/* QUIC support */ +int SSL_handle_events(SSL *s); +__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite); +__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc); +__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc); +__owur int SSL_net_read_desired(SSL *s); +__owur int SSL_net_write_desired(SSL *s); +__owur int SSL_set_blocking_mode(SSL *s, int blocking); +__owur int SSL_get_blocking_mode(SSL *s); +__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr); +__owur SSL *SSL_get0_connection(SSL *s); +__owur int SSL_is_connection(SSL *s); + +#define SSL_STREAM_TYPE_NONE 0 +#define SSL_STREAM_TYPE_READ (1U << 0) +#define SSL_STREAM_TYPE_WRITE (1U << 1) +#define SSL_STREAM_TYPE_BIDI (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE) +__owur int SSL_get_stream_type(SSL *s); + +__owur uint64_t SSL_get_stream_id(SSL *s); +__owur int SSL_is_stream_local(SSL *s); + +#define SSL_DEFAULT_STREAM_MODE_NONE 0 +#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI 1 +#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI 2 +__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode); + +#define SSL_STREAM_FLAG_UNI (1U << 0) +#define SSL_STREAM_FLAG_NO_BLOCK (1U << 1) +#define SSL_STREAM_FLAG_ADVANCE (1U << 2) +__owur SSL *SSL_new_stream(SSL *s, uint64_t flags); + +#define SSL_INCOMING_STREAM_POLICY_AUTO 0 +#define SSL_INCOMING_STREAM_POLICY_ACCEPT 1 +#define SSL_INCOMING_STREAM_POLICY_REJECT 2 +__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec); + +#define SSL_ACCEPT_STREAM_NO_BLOCK (1U << 0) +__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags); +__owur size_t SSL_get_accept_stream_queue_len(SSL *s); + +# ifndef OPENSSL_NO_QUIC +__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf, + size_t buf_len, + const BIO_ADDR *peer, + const BIO_ADDR *local); +# endif + +typedef struct ssl_shutdown_ex_args_st { + uint64_t quic_error_code; + const char *quic_reason; +} SSL_SHUTDOWN_EX_ARGS; + +#define SSL_SHUTDOWN_FLAG_RAPID (1U << 0) +#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH (1U << 1) +#define SSL_SHUTDOWN_FLAG_NO_BLOCK (1U << 2) +#define SSL_SHUTDOWN_FLAG_WAIT_PEER (1U << 3) + +__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags, + const SSL_SHUTDOWN_EX_ARGS *args, + size_t args_len); + +__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags); + +typedef struct ssl_stream_reset_args_st { + uint64_t quic_error_code; +} SSL_STREAM_RESET_ARGS; + +__owur int SSL_stream_reset(SSL *ssl, + const SSL_STREAM_RESET_ARGS *args, + size_t args_len); + +#define SSL_STREAM_STATE_NONE 0 +#define SSL_STREAM_STATE_OK 1 +#define SSL_STREAM_STATE_WRONG_DIR 2 +#define SSL_STREAM_STATE_FINISHED 3 +#define SSL_STREAM_STATE_RESET_LOCAL 4 +#define SSL_STREAM_STATE_RESET_REMOTE 5 +#define SSL_STREAM_STATE_CONN_CLOSED 6 +__owur int SSL_get_stream_read_state(SSL *ssl); +__owur int SSL_get_stream_write_state(SSL *ssl); + +__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code); +__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code); + +#define SSL_CONN_CLOSE_FLAG_LOCAL (1U << 0) +#define SSL_CONN_CLOSE_FLAG_TRANSPORT (1U << 1) + +typedef struct ssl_conn_close_info_st { + uint64_t error_code, frame_type; + const char *reason; + size_t reason_len; + uint32_t flags; +} SSL_CONN_CLOSE_INFO; + +__owur int SSL_get_conn_close_info(SSL *ssl, + SSL_CONN_CLOSE_INFO *info, + size_t info_len); + # ifndef OPENSSL_NO_DEPRECATED_1_1_0 # define SSL_cache_hit(s) SSL_session_reused(s) # endif @@ -2524,6 +2657,36 @@ void SSL_set_allow_early_data_cb(SSL *s, const char *OSSL_default_cipher_list(void); const char *OSSL_default_ciphersuites(void); +/* RFC8879 Certificate compression APIs */ + +int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg); +int SSL_compress_certs(SSL *ssl, int alg); + +int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len); +int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len); + +int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data, + size_t comp_length, size_t orig_length); +int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data, + size_t comp_length, size_t orig_length); +size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len); +size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len); + +__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk); +__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s); +__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s); +__owur int SSL_get_negotiated_client_cert_type(const SSL *s); +__owur int SSL_get_negotiated_server_cert_type(const SSL *s); + +__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len); +__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len); +__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len); +__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len); +__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len); +__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len); +__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len); +__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len); + # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ssl3.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ssl3.h index 49bd51f2..4f076c6c 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ssl3.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ssl3.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -239,6 +239,13 @@ extern "C" { # define SSL3_RT_HEADER 0x100 # define SSL3_RT_INNER_CONTENT_TYPE 0x101 +/* Pseudo content types for QUIC */ +# define SSL3_RT_QUIC_DATAGRAM 0x200 +# define SSL3_RT_QUIC_PACKET 0x201 +# define SSL3_RT_QUIC_FRAME_FULL 0x202 +# define SSL3_RT_QUIC_FRAME_HEADER 0x203 +# define SSL3_RT_QUIC_FRAME_PADDING 0x204 + # define SSL3_AL_WARNING 1 # define SSL3_AL_FATAL 2 @@ -300,6 +307,8 @@ extern "C" { /* Set if extended master secret extension required on renegotiation */ # define TLS1_FLAGS_REQUIRED_EXTMS 0x1000 +/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */ + # define SSL3_MT_HELLO_REQUEST 0 # define SSL3_MT_CLIENT_HELLO 1 # define SSL3_MT_SERVER_HELLO 2 @@ -317,6 +326,7 @@ extern "C" { # define SSL3_MT_CERTIFICATE_STATUS 22 # define SSL3_MT_SUPPLEMENTAL_DATA 23 # define SSL3_MT_KEY_UPDATE 24 +# define SSL3_MT_COMPRESSED_CERTIFICATE 25 # ifndef OPENSSL_NO_NEXTPROTONEG # define SSL3_MT_NEXT_PROTO 67 # endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/sslerr.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/sslerr.h index f1882558..e1eb9a56 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/sslerr.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/sslerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,8 +25,10 @@ # define SSL_R_APP_DATA_IN_HANDSHAKE 100 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158 +# define SSL_R_BAD_CERTIFICATE 348 # define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 # define SSL_R_BAD_CIPHER 186 +# define SSL_R_BAD_COMPRESSION_ALGORITHM 326 # define SSL_R_BAD_DATA 390 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 # define SSL_R_BAD_DECOMPRESSION 107 @@ -82,6 +84,7 @@ # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 # define SSL_R_COMPRESSION_LIBRARY_ERROR 142 # define SSL_R_CONNECTION_TYPE_NOT_SET 144 +# define SSL_R_CONN_USE_ONLY 356 # define SSL_R_CONTEXT_NOT_DANE_ENABLED 167 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400 # define SSL_R_COOKIE_MISMATCH 308 @@ -110,6 +113,7 @@ # define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 # define SSL_R_EE_KEY_TOO_SMALL 399 +# define SSL_R_EMPTY_RAW_PUBLIC_KEY 349 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 @@ -119,6 +123,7 @@ # define SSL_R_EXTENSION_NOT_RECEIVED 279 # define SSL_R_EXTRA_DATA_IN_MESSAGE 153 # define SSL_R_EXT_LENGTH_MISMATCH 163 +# define SSL_R_FAILED_TO_GET_PARAMETER 316 # define SSL_R_FAILED_TO_INIT_ASYNC 405 # define SSL_R_FRAGMENTED_CLIENT_HELLO 401 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 @@ -144,6 +149,8 @@ # define SSL_R_INVALID_KEY_UPDATE_TYPE 120 # define SSL_R_INVALID_MAX_EARLY_DATA 174 # define SSL_R_INVALID_NULL_CMD_NAME 385 +# define SSL_R_INVALID_RAW_PUBLIC_KEY 350 +# define SSL_R_INVALID_RECORD 317 # define SSL_R_INVALID_SEQUENCE_NUMBER 402 # define SSL_R_INVALID_SERVERINFO_DATA 388 # define SSL_R_INVALID_SESSION_ID 999 @@ -156,6 +163,7 @@ # define SSL_R_LENGTH_TOO_SHORT 160 # define SSL_R_LIBRARY_BUG 274 # define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED 395 # define SSL_R_MISSING_DSA_SIGNING_CERT 165 # define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 # define SSL_R_MISSING_FATAL 256 @@ -196,9 +204,11 @@ # define SSL_R_NO_SHARED_GROUPS 410 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376 # define SSL_R_NO_SRTP_PROFILES 359 +# define SSL_R_NO_STREAM 355 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM 297 # define SSL_R_NO_SUITABLE_GROUPS 295 # define SSL_R_NO_SUITABLE_KEY_SHARE 101 +# define SSL_R_NO_SUITABLE_RECORD_LAYER 322 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM 118 # define SSL_R_NO_VALID_SCTS 216 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 @@ -221,10 +231,16 @@ # define SSL_R_PSK_IDENTITY_NOT_FOUND 223 # define SSL_R_PSK_NO_CLIENT_CB 224 # define SSL_R_PSK_NO_SERVER_CB 225 +# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR 393 +# define SSL_R_QUIC_NETWORK_ERROR 387 +# define SSL_R_QUIC_PROTOCOL_ERROR 382 # define SSL_R_READ_BIO_NOT_SET 211 # define SSL_R_READ_TIMEOUT_EXPIRED 312 +# define SSL_R_RECORDS_NOT_RELEASED 321 +# define SSL_R_RECORD_LAYER_FAILURE 313 # define SSL_R_RECORD_LENGTH_MISMATCH 213 # define SSL_R_RECORD_TOO_SMALL 298 +# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET 346 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 # define SSL_R_RENEGOTIATION_ENCODING_ERR 336 # define SSL_R_RENEGOTIATION_MISMATCH 337 @@ -234,6 +250,7 @@ # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING 342 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 # define SSL_R_SCT_VERIFICATION_FAILED 208 +# define SSL_R_SEQUENCE_CTR_WRAPPED 327 # define SSL_R_SERVERHELLO_TLSEXT 275 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 # define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 @@ -273,6 +290,11 @@ # define SSL_R_SSL_SESSION_ID_TOO_LONG 408 # define SSL_R_SSL_SESSION_VERSION_MISMATCH 210 # define SSL_R_STILL_IN_INIT 121 +# define SSL_R_STREAM_COUNT_LIMITED 411 +# define SSL_R_STREAM_FINISHED 365 +# define SSL_R_STREAM_RECV_ONLY 366 +# define SSL_R_STREAM_RESET 375 +# define SSL_R_STREAM_SEND_ONLY 379 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 @@ -316,6 +338,7 @@ # define SSL_R_UNKNOWN_COMMAND 139 # define SSL_R_UNKNOWN_DIGEST 368 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 +# define SSL_R_UNKNOWN_MANDATORY_PARAMETER 323 # define SSL_R_UNKNOWN_PKEY_TYPE 251 # define SSL_R_UNKNOWN_PROTOCOL 252 # define SSL_R_UNKNOWN_SSL_VERSION 254 @@ -333,6 +356,7 @@ # define SSL_R_WRONG_CERTIFICATE_TYPE 383 # define SSL_R_WRONG_CIPHER_RETURNED 261 # define SSL_R_WRONG_CURVE 378 +# define SSL_R_WRONG_RPK_TYPE 351 # define SSL_R_WRONG_SIGNATURE_LENGTH 264 # define SSL_R_WRONG_SIGNATURE_SIZE 265 # define SSL_R_WRONG_SIGNATURE_TYPE 370 diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/store.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/store.h index 3c1445e0..e6ea3cf8 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/store.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/store.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, */ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); +/* + * Deletes the object in the store by URI. + * Returns 1 on success, 0 otherwise. + */ +int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data, + const OSSL_PARAM params[]); + /* * Check if end of data (end of file) is reached * Returns 1 on end, 0 otherwise. @@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader, OSSL_DEPRECATEDIN_3_0 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader); OSSL_DEPRECATEDIN_3_0 -const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader); +const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader); OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); OSSL_DEPRECATEDIN_3_0 diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/thread.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/thread.h new file mode 100644 index 00000000..3926ce54 --- /dev/null +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/thread.h @@ -0,0 +1,31 @@ +/* + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_THREAD_H +# define OPENSSL_THREAD_H + +# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0) +# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1) + +# include + +# ifdef __cplusplus +extern "C" { +# endif + +uint32_t OSSL_get_thread_support_flags(void); +int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads); +uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx); + +# ifdef __cplusplus +} +# endif + +#endif /* OPENSSL_THREAD_H */ diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/tls1.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/tls1.h index 793155e1..7e3d1a72 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/tls1.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/tls1.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -28,7 +28,7 @@ extern "C" { /* Default security level if not overridden at config time */ # ifndef OPENSSL_TLS_SECURITY_LEVEL -# define OPENSSL_TLS_SECURITY_LEVEL 1 +# define OPENSSL_TLS_SECURITY_LEVEL 2 # endif /* TLS*_VERSION constants are defined in prov_ssl.h */ @@ -122,6 +122,14 @@ extern "C" { */ # define TLSEXT_TYPE_signed_certificate_timestamp 18 +/* + * Extension type for Raw Public Keys + * https://tools.ietf.org/html/rfc7250 + * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml + */ +# define TLSEXT_TYPE_client_cert_type 19 +# define TLSEXT_TYPE_server_cert_type 20 + /* * ExtensionType value for TLS padding extension. * http://tools.ietf.org/html/draft-agl-tls-padding @@ -134,6 +142,9 @@ extern "C" { /* ExtensionType value from RFC7627 */ # define TLSEXT_TYPE_extended_master_secret 23 +/* ExtensionType value from RFC8879 */ +# define TLSEXT_TYPE_compress_certificate 27 + /* ExtensionType value from RFC4507 */ # define TLSEXT_TYPE_session_ticket 35 @@ -147,6 +158,7 @@ extern "C" { # define TLSEXT_TYPE_post_handshake_auth 49 # define TLSEXT_TYPE_signature_algorithms_cert 50 # define TLSEXT_TYPE_key_share 51 +# define TLSEXT_TYPE_quic_transport_parameters 57 /* Temporary extension type */ # define TLSEXT_TYPE_renegotiate 0xff01 @@ -195,6 +207,15 @@ extern "C" { # define TLSEXT_hash_num 10 +/* Possible compression values from RFC8879 */ +/* Not defined in RFC8879, but used internally for no-compression */ +# define TLSEXT_comp_cert_none 0 +# define TLSEXT_comp_cert_zlib 1 +# define TLSEXT_comp_cert_brotli 2 +# define TLSEXT_comp_cert_zstd 3 +/* one more than the number of defined values - used as size of 0-terminated array */ +# define TLSEXT_comp_cert_limit 4 + /* Flag set for unrecognised algorithms */ # define TLSEXT_nid_unknown 0x1000000 @@ -211,6 +232,15 @@ extern "C" { # define TLSEXT_max_fragment_length_2048 3 # define TLSEXT_max_fragment_length_4096 4 +/* + * TLS Certificate Type (for RFC7250) + * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3 + */ +# define TLSEXT_cert_type_x509 0 +# define TLSEXT_cert_type_pgp 1 /* recognized, but not supported */ +# define TLSEXT_cert_type_rpk 2 +# define TLSEXT_cert_type_1609dot2 3 /* recognized, but not supported */ + int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/trace.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/trace.h index 97e13857..9a5b56ea 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/trace.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/trace.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel); # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \ OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9)) +#define OSSL_TRACE_STRING_MAX 80 +int OSSL_trace_string(BIO *out, int text, int full, + const unsigned char *data, size_t size); +#define OSSL_TRACE_STRING(category, text, full, data, len) \ + OSSL_TRACE_BEGIN(category) { \ + OSSL_trace_string(trc_out, text, full, data, len); \ + } OSSL_TRACE_END(category) + # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ts.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ts.h index 8ff67332..b09b646d 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ts.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/ts.h @@ -1,5 +1,5 @@ /* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/types.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/types.h index 5f9d8c23..c2802868 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/types.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/types.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509.h index 483cb9d5..ac132633 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/x509.h.in * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, const char *propq); EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, + const char *propq); EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); # endif @@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, const char *propq); EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, + const char *propq); EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); DECLARE_ASN1_DUP_FUNCTION(X509) @@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req); int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); -EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); +EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req); X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req); int X509_REQ_extension_nid(int nid); int *X509_REQ_get_extension_nids(void); @@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r); X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); -int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); +int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey); -int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey); +int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey); int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, unsigned long flags); int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); +void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs); STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); @@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len); +void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub, + unsigned char *penc, int penclen); int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype, void *pval, unsigned char *penc, int penclen); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509.h.in b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509.h.in index d4df2adc..72103913 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509.h.in +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -412,6 +412,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, const char *propq); EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, + const char *propq); EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); # endif @@ -460,6 +462,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, const char *propq); EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, + const char *propq); EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); DECLARE_ASN1_DUP_FUNCTION(X509) @@ -693,7 +697,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req); int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); -EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); +EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req); X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req); int X509_REQ_extension_nid(int nid); int *X509_REQ_get_extension_nids(void); @@ -759,13 +763,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r); X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); -int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); +int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey); -int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey); +int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey); int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, unsigned long flags); int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); +void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs); STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); @@ -1071,6 +1076,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len); +void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub, + unsigned char *penc, int penclen); int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype, void *pval, unsigned char *penc, int penclen); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509_vfy.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509_vfy.h index 29b0e147..d3dfff8c 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509_vfy.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509_vfy.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/x509_vfy.h.in * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL, \ # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE 92 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 93 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 94 +# define X509_V_ERR_RPK_UNTRUSTED 95 /* Certificate verify flags */ # ifndef OPENSSL_NO_DEPRECATED_1_1_0 @@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a); int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); X509_STORE *X509_STORE_new(void); -void X509_STORE_free(X509_STORE *v); -int X509_STORE_lock(X509_STORE *ctx); -int X509_STORE_unlock(X509_STORE *ctx); -int X509_STORE_up_ref(X509_STORE *v); -STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v); -STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st); -STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, +void X509_STORE_free(X509_STORE *xs); +int X509_STORE_lock(X509_STORE *xs); +int X509_STORE_unlock(X509_STORE *xs); +int X509_STORE_up_ref(X509_STORE *xs); +STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs); +STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs); +STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs, const X509_NAME *nm); STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st, const X509_NAME *nm); -int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); -int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); -int X509_STORE_set_trust(X509_STORE *ctx, int trust); -int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm); -X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx); +int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags); +int X509_STORE_set_purpose(X509_STORE *xs, int purpose); +int X509_STORE_set_trust(X509_STORE *xs, int trust); +int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm); +X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs); -void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); +void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify); #define X509_STORE_set_verify_func(ctx, func) \ X509_STORE_set_verify((ctx),(func)) void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify); -X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx); -void X509_STORE_set_verify_cb(X509_STORE *ctx, +X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs); +void X509_STORE_set_verify_cb(X509_STORE *xs, X509_STORE_CTX_verify_cb verify_cb); # define X509_STORE_set_verify_cb_func(ctx,func) \ X509_STORE_set_verify_cb((ctx),(func)) -X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx); -void X509_STORE_set_get_issuer(X509_STORE *ctx, +X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs); +void X509_STORE_set_get_issuer(X509_STORE *xs, X509_STORE_CTX_get_issuer_fn get_issuer); -X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx); -void X509_STORE_set_check_issued(X509_STORE *ctx, +X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs); +void X509_STORE_set_check_issued(X509_STORE *xs, X509_STORE_CTX_check_issued_fn check_issued); -X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx); -void X509_STORE_set_check_revocation(X509_STORE *ctx, +X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s); +void X509_STORE_set_check_revocation(X509_STORE *xs, X509_STORE_CTX_check_revocation_fn check_revocation); X509_STORE_CTX_check_revocation_fn - X509_STORE_get_check_revocation(const X509_STORE *ctx); -void X509_STORE_set_get_crl(X509_STORE *ctx, + X509_STORE_get_check_revocation(const X509_STORE *xs); +void X509_STORE_set_get_crl(X509_STORE *xs, X509_STORE_CTX_get_crl_fn get_crl); -X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx); -void X509_STORE_set_check_crl(X509_STORE *ctx, +X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs); +void X509_STORE_set_check_crl(X509_STORE *xs, X509_STORE_CTX_check_crl_fn check_crl); -X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx); -void X509_STORE_set_cert_crl(X509_STORE *ctx, +X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs); +void X509_STORE_set_cert_crl(X509_STORE *xs, X509_STORE_CTX_cert_crl_fn cert_crl); -X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx); -void X509_STORE_set_check_policy(X509_STORE *ctx, +X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs); +void X509_STORE_set_check_policy(X509_STORE *xs, X509_STORE_CTX_check_policy_fn check_policy); -X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx); -void X509_STORE_set_lookup_certs(X509_STORE *ctx, +X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s); +void X509_STORE_set_lookup_certs(X509_STORE *xs, X509_STORE_CTX_lookup_certs_fn lookup_certs); -X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx); -void X509_STORE_set_lookup_crls(X509_STORE *ctx, +X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s); +void X509_STORE_set_lookup_crls(X509_STORE *xs, X509_STORE_CTX_lookup_crls_fn lookup_crls); #define X509_STORE_set_lookup_crls_cb(ctx, func) \ X509_STORE_set_lookup_crls((ctx), (func)) -X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx); -void X509_STORE_set_cleanup(X509_STORE *ctx, +X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs); +void X509_STORE_set_cleanup(X509_STORE *xs, X509_STORE_CTX_cleanup_fn cleanup); -X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx); +X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs); #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef) -int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data); -void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx); +int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data); +void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx); X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq); X509_STORE_CTX *X509_STORE_CTX_new(void); @@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); void X509_STORE_CTX_free(X509_STORE_CTX *ctx); int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store, X509 *target, STACK_OF(X509) *untrusted); +int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store, + EVP_PKEY* rpk); void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx); X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx); +EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx); STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, @@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx); X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx); X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx); X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx, + X509_STORE_CTX_get_crl_fn get_crl); X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx); X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx); X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx); @@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx); # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls #endif -X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); +X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m); X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); X509_LOOKUP_METHOD *X509_LOOKUP_file(void); X509_LOOKUP_METHOD *X509_LOOKUP_store(void); @@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( const X509_LOOKUP_METHOD *method); -int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); -int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); +int X509_STORE_add_cert(X509_STORE *xs, X509 *x); +int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x); int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, @@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); -int X509_STORE_load_file(X509_STORE *ctx, const char *file); -int X509_STORE_load_path(X509_STORE *ctx, const char *path); -int X509_STORE_load_store(X509_STORE *ctx, const char *store); -int X509_STORE_load_locations(X509_STORE *ctx, - const char *file, - const char *dir); -int X509_STORE_set_default_paths(X509_STORE *ctx); +int X509_STORE_load_file(X509_STORE *xs, const char *file); +int X509_STORE_load_path(X509_STORE *xs, const char *path); +int X509_STORE_load_store(X509_STORE *xs, const char *store); +int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir); +int X509_STORE_set_default_paths(X509_STORE *xs); -int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file, +int X509_STORE_load_file_ex(X509_STORE *xs, const char *file, OSSL_LIB_CTX *libctx, const char *propq); -int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store, +int X509_STORE_load_store_ex(X509_STORE *xs, const char *store, OSSL_LIB_CTX *libctx, const char *propq); -int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file, - const char *dir, OSSL_LIB_CTX *libctx, - const char *propq); -int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx, - const char *propq); +int X509_STORE_load_locations_ex(X509_STORE *xs, + const char *file, const char *dir, + OSSL_LIB_CTX *libctx, const char *propq); +int X509_STORE_set_default_paths_ex(X509_STORE *xs, + OSSL_LIB_CTX *libctx, const char *propq); #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) @@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target); +void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target); void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); @@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t); +void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx, + unsigned int current_reasons); X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx); int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509_vfy.h.in b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509_vfy.h.in index 80f18bd7..7a478d11 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509_vfy.h.in +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509_vfy.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -314,6 +314,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL, \ # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE 92 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 93 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 94 +# define X509_V_ERR_RPK_UNTRUSTED 95 /* Certificate verify flags */ # ifndef OPENSSL_NO_DEPRECATED_1_1_0 @@ -394,71 +395,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a); int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); X509_STORE *X509_STORE_new(void); -void X509_STORE_free(X509_STORE *v); -int X509_STORE_lock(X509_STORE *ctx); -int X509_STORE_unlock(X509_STORE *ctx); -int X509_STORE_up_ref(X509_STORE *v); -STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v); -STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st); -STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, +void X509_STORE_free(X509_STORE *xs); +int X509_STORE_lock(X509_STORE *xs); +int X509_STORE_unlock(X509_STORE *xs); +int X509_STORE_up_ref(X509_STORE *xs); +STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs); +STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs); +STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs, const X509_NAME *nm); STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st, const X509_NAME *nm); -int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); -int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); -int X509_STORE_set_trust(X509_STORE *ctx, int trust); -int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm); -X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx); +int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags); +int X509_STORE_set_purpose(X509_STORE *xs, int purpose); +int X509_STORE_set_trust(X509_STORE *xs, int trust); +int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm); +X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs); -void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); +void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify); #define X509_STORE_set_verify_func(ctx, func) \ X509_STORE_set_verify((ctx),(func)) void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify); -X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx); -void X509_STORE_set_verify_cb(X509_STORE *ctx, +X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs); +void X509_STORE_set_verify_cb(X509_STORE *xs, X509_STORE_CTX_verify_cb verify_cb); # define X509_STORE_set_verify_cb_func(ctx,func) \ X509_STORE_set_verify_cb((ctx),(func)) -X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx); -void X509_STORE_set_get_issuer(X509_STORE *ctx, +X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs); +void X509_STORE_set_get_issuer(X509_STORE *xs, X509_STORE_CTX_get_issuer_fn get_issuer); -X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx); -void X509_STORE_set_check_issued(X509_STORE *ctx, +X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs); +void X509_STORE_set_check_issued(X509_STORE *xs, X509_STORE_CTX_check_issued_fn check_issued); -X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx); -void X509_STORE_set_check_revocation(X509_STORE *ctx, +X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s); +void X509_STORE_set_check_revocation(X509_STORE *xs, X509_STORE_CTX_check_revocation_fn check_revocation); X509_STORE_CTX_check_revocation_fn - X509_STORE_get_check_revocation(const X509_STORE *ctx); -void X509_STORE_set_get_crl(X509_STORE *ctx, + X509_STORE_get_check_revocation(const X509_STORE *xs); +void X509_STORE_set_get_crl(X509_STORE *xs, X509_STORE_CTX_get_crl_fn get_crl); -X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx); -void X509_STORE_set_check_crl(X509_STORE *ctx, +X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs); +void X509_STORE_set_check_crl(X509_STORE *xs, X509_STORE_CTX_check_crl_fn check_crl); -X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx); -void X509_STORE_set_cert_crl(X509_STORE *ctx, +X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs); +void X509_STORE_set_cert_crl(X509_STORE *xs, X509_STORE_CTX_cert_crl_fn cert_crl); -X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx); -void X509_STORE_set_check_policy(X509_STORE *ctx, +X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs); +void X509_STORE_set_check_policy(X509_STORE *xs, X509_STORE_CTX_check_policy_fn check_policy); -X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx); -void X509_STORE_set_lookup_certs(X509_STORE *ctx, +X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s); +void X509_STORE_set_lookup_certs(X509_STORE *xs, X509_STORE_CTX_lookup_certs_fn lookup_certs); -X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx); -void X509_STORE_set_lookup_crls(X509_STORE *ctx, +X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s); +void X509_STORE_set_lookup_crls(X509_STORE *xs, X509_STORE_CTX_lookup_crls_fn lookup_crls); #define X509_STORE_set_lookup_crls_cb(ctx, func) \ X509_STORE_set_lookup_crls((ctx), (func)) -X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx); -void X509_STORE_set_cleanup(X509_STORE *ctx, +X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs); +void X509_STORE_set_cleanup(X509_STORE *xs, X509_STORE_CTX_cleanup_fn cleanup); -X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx); +X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs); #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef) -int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data); -void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx); +int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data); +void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx); X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq); X509_STORE_CTX *X509_STORE_CTX_new(void); @@ -468,11 +469,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); void X509_STORE_CTX_free(X509_STORE_CTX *ctx); int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store, X509 *target, STACK_OF(X509) *untrusted); +int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store, + EVP_PKEY* rpk); void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx); X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx); +EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx); STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, @@ -482,6 +486,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx); X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx); X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx); X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx, + X509_STORE_CTX_get_crl_fn get_crl); X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx); X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx); X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx); @@ -503,7 +509,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx); # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls #endif -X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); +X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m); X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); X509_LOOKUP_METHOD *X509_LOOKUP_file(void); X509_LOOKUP_METHOD *X509_LOOKUP_store(void); @@ -588,8 +594,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( const X509_LOOKUP_METHOD *method); -int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); -int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); +int X509_STORE_add_cert(X509_STORE *xs, X509 *x); +int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x); int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, @@ -633,23 +639,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); -int X509_STORE_load_file(X509_STORE *ctx, const char *file); -int X509_STORE_load_path(X509_STORE *ctx, const char *path); -int X509_STORE_load_store(X509_STORE *ctx, const char *store); -int X509_STORE_load_locations(X509_STORE *ctx, - const char *file, - const char *dir); -int X509_STORE_set_default_paths(X509_STORE *ctx); +int X509_STORE_load_file(X509_STORE *xs, const char *file); +int X509_STORE_load_path(X509_STORE *xs, const char *path); +int X509_STORE_load_store(X509_STORE *xs, const char *store); +int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir); +int X509_STORE_set_default_paths(X509_STORE *xs); -int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file, +int X509_STORE_load_file_ex(X509_STORE *xs, const char *file, OSSL_LIB_CTX *libctx, const char *propq); -int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store, +int X509_STORE_load_store_ex(X509_STORE *xs, const char *store, OSSL_LIB_CTX *libctx, const char *propq); -int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file, - const char *dir, OSSL_LIB_CTX *libctx, - const char *propq); -int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx, - const char *propq); +int X509_STORE_load_locations_ex(X509_STORE *xs, + const char *file, const char *dir, + OSSL_LIB_CTX *libctx, const char *propq); +int X509_STORE_set_default_paths_ex(X509_STORE *xs, + OSSL_LIB_CTX *libctx, const char *propq); #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) @@ -667,6 +671,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target); +void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target); void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); @@ -676,6 +681,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t); +void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx, + unsigned int current_reasons); X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx); int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx); diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509err.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509err.h index 34ead4b8..71b557a3 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509err.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509v3.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509v3.h index 75016354..e64da7e0 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509v3.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509v3.h @@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE) # define X509_PURPOSE_ANY 7 # define X509_PURPOSE_OCSP_HELPER 8 # define X509_PURPOSE_TIMESTAMP_SIGN 9 +# define X509_PURPOSE_CODE_SIGN 10 # define X509_PURPOSE_MIN 1 -# define X509_PURPOSE_MAX 9 +# define X509_PURPOSE_MAX 10 /* Flags for X509V3_EXT_print() */ diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509v3.h.in b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509v3.h.in index e33c9d30..56968037 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509v3.h.in +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509v3.h.in @@ -478,9 +478,10 @@ typedef struct x509_purpose_st { # define X509_PURPOSE_ANY 7 # define X509_PURPOSE_OCSP_HELPER 8 # define X509_PURPOSE_TIMESTAMP_SIGN 9 +# define X509_PURPOSE_CODE_SIGN 10 # define X509_PURPOSE_MIN 1 -# define X509_PURPOSE_MAX 9 +# define X509_PURPOSE_MAX 10 /* Flags for X509V3_EXT_print() */ diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509v3err.h b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509v3err.h index 1ae3a562..deede279 100644 --- a/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509v3err.h +++ b/deps/openssl/ios/ios64-xcrun/usr/local/include/openssl/x509v3err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,6 +23,8 @@ */ # define X509V3_R_BAD_IP_ADDRESS 118 # define X509V3_R_BAD_OBJECT 119 +# define X509V3_R_BAD_OPTION 170 +# define X509V3_R_BAD_VALUE 171 # define X509V3_R_BN_DEC2BN_ERROR 100 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 # define X509V3_R_DIRNAME_ERROR 149 @@ -86,6 +88,7 @@ # define X509V3_R_UNKNOWN_EXTENSION 129 # define X509V3_R_UNKNOWN_EXTENSION_NAME 130 # define X509V3_R_UNKNOWN_OPTION 120 +# define X509V3_R_UNKNOWN_VALUE 172 # define X509V3_R_UNSUPPORTED_OPTION 117 # define X509V3_R_UNSUPPORTED_TYPE 167 # define X509V3_R_USER_TOO_LONG 132 diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/lib/libcrypto.a b/deps/openssl/ios/ios64-xcrun/usr/local/lib/libcrypto.a index 62e92101..e8273402 100644 Binary files a/deps/openssl/ios/ios64-xcrun/usr/local/lib/libcrypto.a and b/deps/openssl/ios/ios64-xcrun/usr/local/lib/libcrypto.a differ diff --git a/deps/openssl/ios/ios64-xcrun/usr/local/lib/libssl.a b/deps/openssl/ios/ios64-xcrun/usr/local/lib/libssl.a index 8e263942..9121ef3e 100644 Binary files a/deps/openssl/ios/ios64-xcrun/usr/local/lib/libssl.a and b/deps/openssl/ios/ios64-xcrun/usr/local/lib/libssl.a differ diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/aes_platform.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/aes_platform.h index 87c35255..e641450b 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/aes_platform.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/aes_platform.h @@ -90,7 +90,7 @@ void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); # endif /* OPENSSL_SYS_AIX || OPENSSL_SYS_MACOSX */ # endif /* PPC */ -# if (defined(__arm__) || defined(__arm) || defined(__aarch64__)) +# if (defined(__arm__) || defined(__arm) || defined(__aarch64__) || defined(_M_ARM64)) # include "arm_arch.h" # if __ARM_MAX_ARCH__>=7 # if defined(BSAES_ASM) @@ -106,7 +106,7 @@ void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); # define HWAES_decrypt aes_v8_decrypt # define HWAES_cbc_encrypt aes_v8_cbc_encrypt # define HWAES_ecb_encrypt aes_v8_ecb_encrypt -# if __ARM_MAX_ARCH__>=8 && defined(__aarch64__) +# if __ARM_MAX_ARCH__>=8 && (defined(__aarch64__) || defined(_M_ARM64)) # define HWAES_xts_encrypt aes_v8_xts_encrypt # define HWAES_xts_decrypt aes_v8_xts_decrypt # endif @@ -114,36 +114,36 @@ void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); # define AES_PMULL_CAPABLE ((OPENSSL_armcap_P & ARMV8_PMULL) && (OPENSSL_armcap_P & ARMV8_AES)) # define AES_GCM_ENC_BYTES 512 # define AES_GCM_DEC_BYTES 512 -# if __ARM_MAX_ARCH__>=8 && defined(__aarch64__) +# if __ARM_MAX_ARCH__>=8 && (defined(__aarch64__) || defined(_M_ARM64)) # define AES_gcm_encrypt armv8_aes_gcm_encrypt # define AES_gcm_decrypt armv8_aes_gcm_decrypt # define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_v8_ctr32_encrypt_blocks && \ (gctx)->gcm.funcs.ghash==gcm_ghash_v8) /* The [unroll8_eor3_]aes_gcm_(enc|dec)_(128|192|256)_kernel() functions * take input length in BITS and return number of BYTES processed */ -size_t aes_gcm_enc_128_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext, +size_t aes_gcm_enc_128_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t aes_gcm_enc_192_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext, +size_t aes_gcm_enc_192_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t aes_gcm_enc_256_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext, +size_t aes_gcm_enc_256_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t aes_gcm_dec_128_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext, +size_t aes_gcm_dec_128_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t aes_gcm_dec_192_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext, +size_t aes_gcm_dec_192_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t aes_gcm_dec_256_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext, +size_t aes_gcm_dec_256_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t unroll8_eor3_aes_gcm_enc_128_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext, +size_t unroll8_eor3_aes_gcm_enc_128_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t unroll8_eor3_aes_gcm_enc_192_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext, +size_t unroll8_eor3_aes_gcm_enc_192_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t unroll8_eor3_aes_gcm_enc_256_kernel(const uint8_t * plaintext, uint64_t plaintext_length, uint8_t * ciphertext, +size_t unroll8_eor3_aes_gcm_enc_256_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t unroll8_eor3_aes_gcm_dec_128_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext, +size_t unroll8_eor3_aes_gcm_dec_128_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t unroll8_eor3_aes_gcm_dec_192_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext, +size_t unroll8_eor3_aes_gcm_dec_192_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, uint64_t *Xi, unsigned char ivec[16], const void *key); -size_t unroll8_eor3_aes_gcm_dec_256_kernel(const uint8_t * ciphertext, uint64_t plaintext_length, uint8_t * plaintext, +size_t unroll8_eor3_aes_gcm_dec_256_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext, uint64_t *Xi, unsigned char ivec[16], const void *key); size_t armv8_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, unsigned char ivec[16], u64 *Xi); @@ -434,7 +434,6 @@ void aes256_t4_xts_decrypt(const unsigned char *in, unsigned char *out, # elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64 /* RISC-V 64 support */ # include "riscv_arch.h" -# define RV64I_ZKND_ZKNE_CAPABLE (RISCV_HAS_ZKND() && RISCV_HAS_ZKNE()) int rv64i_zkne_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key); @@ -447,8 +446,6 @@ void rv64i_zknd_decrypt(const unsigned char *in, unsigned char *out, # elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32 /* RISC-V 32 support */ # include "riscv_arch.h" -# define RV32I_ZKND_ZKNE_CAPABLE (RISCV_HAS_ZKND() && RISCV_HAS_ZKNE()) -# define RV32I_ZBKB_ZKND_ZKNE_CAPABLE (RV32I_ZKND_ZKNE_CAPABLE && RISCV_HAS_ZBKB()) int rv32i_zkne_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/asn1.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/asn1.h index ec76ae6f..36af1d76 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/asn1.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/asn1.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -142,8 +142,12 @@ X509_ALGOR *ossl_x509_algor_mgf1_decode(X509_ALGOR *alg); int ossl_x509_algor_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md); int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags); -EVP_PKEY * ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, - const unsigned char **pp, long length, - OSSL_LIB_CTX *libctx, const char *propq); +EVP_PKEY *ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, + const unsigned char **pp, long length, + OSSL_LIB_CTX *libctx, const char *propq); +X509_ALGOR *ossl_X509_ALGOR_from_nid(int nid, int ptype, void *pval); + +time_t ossl_asn1_string_to_time_t(const char *asn1_string); +void ossl_asn1_string_set_bits_left(ASN1_STRING *str, unsigned int num); #endif /* ndef OSSL_CRYPTO_ASN1_H */ diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/bioerr.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/bioerr.h index a0c06099..e38b981a 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/bioerr.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/bioerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/bn.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/bn.h index 00544d9d..33f979ce 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/bn.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/bn.h @@ -116,4 +116,13 @@ OSSL_LIB_CTX *ossl_bn_get_libctx(BN_CTX *ctx); extern const BIGNUM ossl_bn_inv_sqrt_2; +#if defined(OPENSSL_SYS_LINUX) && !defined(FIPS_MODULE) && defined (__s390x__) +# define S390X_MOD_EXP +#endif + +int s390x_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int s390x_crt(BIGNUM *r, const BIGNUM *i, const BIGNUM *p, const BIGNUM *q, + const BIGNUM *dmp, const BIGNUM *dmq, const BIGNUM *iqmp); + #endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/cmserr.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/cmserr.h index 1de2f9c7..a7fcf11f 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/cmserr.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/cmserr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/context.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/context.h index 8ad16834..7369a730 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/context.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/context.h @@ -24,6 +24,9 @@ void *ossl_rand_crng_ctx_new(OSSL_LIB_CTX *); int ossl_thread_register_fips(OSSL_LIB_CTX *); void *ossl_thread_event_ctx_new(OSSL_LIB_CTX *); void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *); +#if defined(OPENSSL_THREADS) +void *ossl_threads_ctx_new(OSSL_LIB_CTX *); +#endif void ossl_provider_store_free(void *); void ossl_property_string_data_free(void *); @@ -40,3 +43,6 @@ void ossl_rand_crng_ctx_free(void *); void ossl_thread_event_ctx_free(void *); void ossl_fips_prov_ossl_ctx_free(void *); void ossl_release_default_drbg_ctx(void); +#if defined(OPENSSL_THREADS) +void ossl_threads_ctx_free(void *); +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/decoder.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/decoder.h index 6b5ee56a..a0d5de65 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/decoder.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/decoder.h @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,16 +25,16 @@ void *ossl_decoder_from_algorithm(int id, const OSSL_ALGORITHM *algodef, OSSL_DECODER_INSTANCE * ossl_decoder_instance_new(OSSL_DECODER *decoder, void *decoderctx); void ossl_decoder_instance_free(OSSL_DECODER_INSTANCE *decoder_inst); +OSSL_DECODER_INSTANCE *ossl_decoder_instance_dup(const OSSL_DECODER_INSTANCE *src); int ossl_decoder_ctx_add_decoder_inst(OSSL_DECODER_CTX *ctx, OSSL_DECODER_INSTANCE *di); -int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx, - EVP_PKEY **pkey, const char *keytype, - OSSL_LIB_CTX *libctx, - const char *propquery); - int ossl_decoder_get_number(const OSSL_DECODER *encoder); int ossl_decoder_store_cache_flush(OSSL_LIB_CTX *libctx); int ossl_decoder_store_remove_all_provided(const OSSL_PROVIDER *prov); +void *ossl_decoder_cache_new(OSSL_LIB_CTX *ctx); +void ossl_decoder_cache_free(void *vcache); +int ossl_decoder_cache_flush(OSSL_LIB_CTX *libctx); + #endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/dherr.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/dherr.h index bb24d131..519327f7 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/dherr.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/dherr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/dsa.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/dsa.h index 260c30fa..85d92a18 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/dsa.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/dsa.h @@ -26,7 +26,9 @@ int ossl_dsa_generate_ffc_parameters(DSA *dsa, int type, int pbits, int qbits, BN_GENCB *cb); int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen, - unsigned char *sig, unsigned int *siglen, DSA *dsa); + unsigned char *sig, unsigned int *siglen, DSA *dsa, + unsigned int nonce_type, const char *digestname, + OSSL_LIB_CTX *libctx, const char *propq); FFC_PARAMS *ossl_dsa_get0_params(DSA *dsa); int ossl_dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[]); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/ec.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/ec.h index 62163b31..da85a7bd 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/ec.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/ec.h @@ -95,6 +95,12 @@ char *ossl_ec_pt_format_id2name(int id); char *ossl_ec_check_group_type_id2name(int flags); int ossl_ec_set_check_group_type_from_name(EC_KEY *ec, const char *name); - +int ossl_ec_generate_key_dhkem(EC_KEY *eckey, + const unsigned char *ikm, size_t ikmlen); +int ossl_ecdsa_deterministic_sign(const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, + EC_KEY *eckey, unsigned int nonce_type, + const char *digestname, + OSSL_LIB_CTX *libctx, const char *propq); # endif /* OPENSSL_NO_EC */ #endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/ecx.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/ecx.h index 48b95fa5..f35b875f 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/ecx.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/ecx.h @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,7 +15,7 @@ # include -# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX # include # include @@ -72,7 +72,6 @@ struct ecx_key_st { size_t keylen; ECX_KEY_TYPE type; CRYPTO_REF_COUNT references; - CRYPTO_RWLOCK *lock; }; size_t ossl_ecx_key_length(ECX_KEY_TYPE type); @@ -83,6 +82,9 @@ unsigned char *ossl_ecx_key_allocate_privkey(ECX_KEY *key); void ossl_ecx_key_free(ECX_KEY *key); int ossl_ecx_key_up_ref(ECX_KEY *key); ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key, int selection); +int ossl_ecx_compute_key(ECX_KEY *peer, ECX_KEY *priv, size_t keylen, + unsigned char *secret, size_t *secretlen, + size_t outlen); int ossl_x25519(uint8_t out_shared_key[32], const uint8_t private_key[32], const uint8_t peer_public_value[32]); @@ -94,27 +96,33 @@ ossl_ed25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32], const uint8_t private_key[32], const char *propq); int -ossl_ed25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, +ossl_ed25519_sign(uint8_t *out_sig, const uint8_t *tbs, size_t tbs_len, const uint8_t public_key[32], const uint8_t private_key[32], + const uint8_t dom2flag, const uint8_t phflag, const uint8_t csflag, + const uint8_t *context, size_t context_len, OSSL_LIB_CTX *libctx, const char *propq); int -ossl_ed25519_verify(const uint8_t *message, size_t message_len, +ossl_ed25519_verify(const uint8_t *tbs, size_t tbs_len, const uint8_t signature[64], const uint8_t public_key[32], + const uint8_t dom2flag, const uint8_t phflag, const uint8_t csflag, + const uint8_t *context, size_t context_len, OSSL_LIB_CTX *libctx, const char *propq); - int ossl_ed448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57], const uint8_t private_key[57], const char *propq); int -ossl_ed448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message, - size_t message_len, const uint8_t public_key[57], - const uint8_t private_key[57], const uint8_t *context, - size_t context_len, const char *propq); +ossl_ed448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, + const uint8_t *message, size_t message_len, + const uint8_t public_key[57], const uint8_t private_key[57], + const uint8_t *context, size_t context_len, + const uint8_t phflag, const char *propq); int -ossl_ed448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len, +ossl_ed448_verify(OSSL_LIB_CTX *ctx, + const uint8_t *message, size_t message_len, const uint8_t signature[114], const uint8_t public_key[57], - const uint8_t *context, size_t context_len, const char *propq); + const uint8_t *context, size_t context_len, + const uint8_t phflag, const char *propq); int ossl_x448(uint8_t out_shared_key[56], const uint8_t private_key[56], @@ -146,5 +154,5 @@ ECX_KEY *ossl_evp_pkey_get1_X25519(EVP_PKEY *pkey); ECX_KEY *ossl_evp_pkey_get1_X448(EVP_PKEY *pkey); ECX_KEY *ossl_evp_pkey_get1_ED25519(EVP_PKEY *pkey); ECX_KEY *ossl_evp_pkey_get1_ED448(EVP_PKEY *pkey); -# endif /* OPENSSL_NO_EC */ +# endif /* OPENSSL_NO_ECX */ #endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/encoder.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/encoder.h index 5c53bbea..6240438d 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/encoder.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/encoder.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/evp.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/evp.h index a0fff7fd..34cea2f9 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/evp.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/evp.h @@ -16,11 +16,21 @@ # include "internal/refcount.h" # include "crypto/ecx.h" +/* + * Default PKCS5 PBE KDF salt lengths + * In RFC 8018, PBE1 uses 8 bytes (64 bits) for its salt length. + * It also specifies to use at least 8 bytes for PBES2. + * The NIST requirement for PBKDF2 is 128 bits so we use this as the + * default for PBE2 (scrypt and HKDF2) + */ +# define PKCS5_DEFAULT_PBE1_SALT_LEN PKCS5_SALT_LEN +# define PKCS5_DEFAULT_PBE2_SALT_LEN 16 /* * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag * values in evp.h */ #define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400 +#define EVP_MD_CTX_FLAG_FINALISED 0x0800 #define evp_pkey_ctx_is_legacy(ctx) \ ((ctx)->keymgmt == NULL) @@ -203,7 +213,6 @@ struct evp_mac_st { const char *description; CRYPTO_REF_COUNT refcnt; - CRYPTO_RWLOCK *lock; OSSL_FUNC_mac_newctx_fn *newctx; OSSL_FUNC_mac_dupctx_fn *dupctx; @@ -225,7 +234,6 @@ struct evp_kdf_st { char *type_name; const char *description; CRYPTO_REF_COUNT refcnt; - CRYPTO_RWLOCK *lock; OSSL_FUNC_kdf_newctx_fn *newctx; OSSL_FUNC_kdf_dupctx_fn *dupctx; @@ -270,7 +278,6 @@ struct evp_md_st { const char *description; OSSL_PROVIDER *prov; CRYPTO_REF_COUNT refcnt; - CRYPTO_RWLOCK *lock; OSSL_FUNC_digest_newctx_fn *newctx; OSSL_FUNC_digest_init_fn *dinit; OSSL_FUNC_digest_update_fn *dupdate; @@ -326,7 +333,6 @@ struct evp_cipher_st { const char *description; OSSL_PROVIDER *prov; CRYPTO_REF_COUNT refcnt; - CRYPTO_RWLOCK *lock; OSSL_FUNC_cipher_newctx_fn *newctx; OSSL_FUNC_cipher_encrypt_init_fn *einit; OSSL_FUNC_cipher_decrypt_init_fn *dinit; @@ -646,7 +652,9 @@ union legacy_pkey_st { # endif # ifndef OPENSSL_NO_EC struct ec_key_st *ec; /* ECC */ +# ifndef OPENSSL_NO_ECX ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */ +# endif # endif }; @@ -784,7 +792,7 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, int selection); -int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking); +int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk); int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, void *keydata, int selection); void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk); @@ -813,7 +821,7 @@ int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt, void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection, const OSSL_PARAM params[]); int evp_keymgmt_gen_set_template(const EVP_KEYMGMT *keymgmt, void *genctx, - void *template); + void *templ); int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx, const OSSL_PARAM params[]); void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx, @@ -892,10 +900,6 @@ EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id, int evp_pkey_name2type(const char *name); const char *evp_pkey_type2name(int type); -int evp_pkey_ctx_set1_id_prov(EVP_PKEY_CTX *ctx, const void *id, int len); -int evp_pkey_ctx_get1_id_prov(EVP_PKEY_CTX *ctx, void *id); -int evp_pkey_ctx_get1_id_len_prov(EVP_PKEY_CTX *ctx, size_t *id_len); - int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx); # endif /* !defined(FIPS_MODULE) */ @@ -959,4 +963,8 @@ void evp_rand_clear_seed(EVP_RAND_CTX *ctx, unsigned char *buffer, size_t b_len); int evp_signature_get_number(const EVP_SIGNATURE *signature); +int evp_pkey_decrypt_alloc(EVP_PKEY_CTX *ctx, unsigned char **outp, + size_t *outlenp, size_t expected_outlen, + const unsigned char *in, size_t inlen); + #endif /* OSSL_CRYPTO_EVP_H */ diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/evperr.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/evperr.h index d90ba83f..4a001107 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/evperr.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/evperr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/md32_common.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/md32_common.h index 966e2684..46214f32 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/md32_common.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/md32_common.h @@ -63,37 +63,41 @@ * #define HASH_BLOCK_DATA_ORDER md5_block_data_order */ -#include +#ifndef OSSL_CRYPTO_MD32_COMMON_H +# define OSSL_CRYPTO_MD32_COMMON_H +# pragma once -#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) -# error "DATA_ORDER must be defined!" -#endif +# include -#ifndef HASH_CBLOCK -# error "HASH_CBLOCK must be defined!" -#endif -#ifndef HASH_LONG -# error "HASH_LONG must be defined!" -#endif -#ifndef HASH_CTX -# error "HASH_CTX must be defined!" -#endif +# if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) +# error "DATA_ORDER must be defined!" +# endif -#ifndef HASH_UPDATE -# error "HASH_UPDATE must be defined!" -#endif -#ifndef HASH_TRANSFORM -# error "HASH_TRANSFORM must be defined!" -#endif -#ifndef HASH_FINAL -# error "HASH_FINAL must be defined!" -#endif +# ifndef HASH_CBLOCK +# error "HASH_CBLOCK must be defined!" +# endif +# ifndef HASH_LONG +# error "HASH_LONG must be defined!" +# endif +# ifndef HASH_CTX +# error "HASH_CTX must be defined!" +# endif -#ifndef HASH_BLOCK_DATA_ORDER -# error "HASH_BLOCK_DATA_ORDER must be defined!" -#endif +# ifndef HASH_UPDATE +# error "HASH_UPDATE must be defined!" +# endif +# ifndef HASH_TRANSFORM +# error "HASH_TRANSFORM must be defined!" +# endif +# ifndef HASH_FINAL +# error "HASH_FINAL must be defined!" +# endif -#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) +# ifndef HASH_BLOCK_DATA_ORDER +# error "HASH_BLOCK_DATA_ORDER must be defined!" +# endif + +# define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) #ifndef PEDANTIC # if defined(__GNUC__) && __GNUC__>=2 && \ @@ -117,31 +121,31 @@ # endif #endif -#if defined(DATA_ORDER_IS_BIG_ENDIAN) +# if defined(DATA_ORDER_IS_BIG_ENDIAN) -# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ +# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ l|=(((unsigned long)(*((c)++)))<<16), \ l|=(((unsigned long)(*((c)++)))<< 8), \ l|=(((unsigned long)(*((c)++))) ) ) -# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ +# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ *((c)++)=(unsigned char)(((l) )&0xff), \ l) -#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) +# elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) -# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ +# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ l|=(((unsigned long)(*((c)++)))<< 8), \ l|=(((unsigned long)(*((c)++)))<<16), \ l|=(((unsigned long)(*((c)++)))<<24) ) -# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ +# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ *((c)++)=(unsigned char)(((l)>>24)&0xff), \ l) -#endif +# endif /* * Time for some action :-) @@ -226,30 +230,30 @@ int HASH_FINAL(unsigned char *md, HASH_CTX *c) memset(p + n, 0, HASH_CBLOCK - 8 - n); p += HASH_CBLOCK - 8; -#if defined(DATA_ORDER_IS_BIG_ENDIAN) +# if defined(DATA_ORDER_IS_BIG_ENDIAN) (void)HOST_l2c(c->Nh, p); (void)HOST_l2c(c->Nl, p); -#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) +# elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) (void)HOST_l2c(c->Nl, p); (void)HOST_l2c(c->Nh, p); -#endif +# endif p -= HASH_CBLOCK; HASH_BLOCK_DATA_ORDER(c, p, 1); c->num = 0; OPENSSL_cleanse(p, HASH_CBLOCK); -#ifndef HASH_MAKE_STRING -# error "HASH_MAKE_STRING must be defined!" -#else +# ifndef HASH_MAKE_STRING +# error "HASH_MAKE_STRING must be defined!" +# else HASH_MAKE_STRING(c, md); -#endif +# endif return 1; } -#ifndef MD32_REG_T -# if defined(__alpha) || defined(__sparcv9) || defined(__mips) -# define MD32_REG_T long +# ifndef MD32_REG_T +# if defined(__alpha) || defined(__sparcv9) || defined(__mips) +# define MD32_REG_T long /* * This comment was originally written for MD5, which is why it * discusses A-D. But it basically applies to all 32-bit digests, @@ -266,13 +270,15 @@ int HASH_FINAL(unsigned char *md, HASH_CTX *c) * Well, to be honest it should say that this *prevents* * performance degradation. */ -# else +# else /* * Above is not absolute and there are LP64 compilers that * generate better code if MD32_REG_T is defined int. The above * pre-processor condition reflects the circumstances under which * the conclusion was made and is subject to further extension. */ -# define MD32_REG_T int +# define MD32_REG_T int +# endif # endif + #endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/modes.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/modes.h index 573e1197..d03ca83d 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/modes.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/modes.h @@ -138,6 +138,12 @@ struct gcm128_context { #endif }; +/* GHASH functions */ +void ossl_gcm_init_4bit(u128 Htable[16], const u64 H[2]); +void ossl_gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], + const u8 *inp, size_t len); +void ossl_gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]); + /* * The maximum permitted number of cipher blocks per data unit in XTS mode. * Reference IEEE Std 1619-2018. @@ -149,6 +155,12 @@ struct xts128_context { block128_f block1, block2; }; +/* XTS mode for SM4 algorithm specified by GB/T 17964-2021 */ +int ossl_crypto_xts128gb_encrypt(const XTS128_CONTEXT *ctx, + const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, + size_t len, int enc); + struct ccm128_context { union { u64 u[2]; diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/pkcs12err.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/pkcs12err.h index 662f412e..114971c6 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/pkcs12err.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/pkcs12err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/punycode.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/punycode.h index 4c6e49f5..2e1c85c1 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/punycode.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/punycode.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,6 +22,4 @@ int ossl_punycode_decode ( int ossl_a2ulabel(const char *in, char *out, size_t outlen); -int ossl_a2ucompare(const char *a, const char *u); - #endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/rand.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/rand.h index 215b3b7a..d375c2f9 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/rand.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/rand.h @@ -140,4 +140,15 @@ EVP_RAND_CTX *ossl_rand_get0_private_noncreating(OSSL_LIB_CTX *ctx); # else EVP_RAND_CTX *ossl_rand_get0_seed_noncreating(OSSL_LIB_CTX *ctx); # endif + +/* Generate a uniformly distributed random integer in the interval [0, upper) */ +uint32_t ossl_rand_uniform_uint32(OSSL_LIB_CTX *ctx, uint32_t upper, int *err); + +/* + * Generate a uniformly distributed random integer in the interval + * [lower, upper). + */ +uint32_t ossl_rand_range_uint32(OSSL_LIB_CTX *ctx, uint32_t lower, uint32_t upper, + int *err); + #endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/riscv_arch.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/riscv_arch.h index 89a40bea..95185841 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/riscv_arch.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/riscv_arch.h @@ -1,5 +1,5 @@ /* - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -56,4 +56,9 @@ static const size_t kRISCVNumCaps = # include "riscv_arch.def" ; +/* Extension combination tests. */ +#define RISCV_HAS_ZBB_AND_ZBC() (RISCV_HAS_ZBB() && RISCV_HAS_ZBC()) +#define RISCV_HAS_ZBKB_AND_ZKND_AND_ZKNE() (RISCV_HAS_ZBKB() && RISCV_HAS_ZKND() && RISCV_HAS_ZKNE()) +#define RISCV_HAS_ZKND_AND_ZKNE() (RISCV_HAS_ZKND() && RISCV_HAS_ZKNE()) + #endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/rsa.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/rsa.h index 949873d0..8eddc168 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/rsa.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/rsa.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -34,8 +34,6 @@ int ossl_rsa_pss_params_30_copy(RSA_PSS_PARAMS_30 *to, int ossl_rsa_pss_params_30_is_unrestricted(const RSA_PSS_PARAMS_30 *rsa_pss_params); int ossl_rsa_pss_params_30_set_hashalg(RSA_PSS_PARAMS_30 *rsa_pss_params, int hashalg_nid); -int ossl_rsa_pss_params_30_set_maskgenalg(RSA_PSS_PARAMS_30 *rsa_pss_params, - int maskgenalg_nid); int ossl_rsa_pss_params_30_set_maskgenhashalg(RSA_PSS_PARAMS_30 *rsa_pss_params, int maskgenhashalg_nid); int ossl_rsa_pss_params_30_set_saltlen(RSA_PSS_PARAMS_30 *rsa_pss_params, @@ -83,6 +81,10 @@ int ossl_rsa_param_decode(RSA *rsa, const X509_ALGOR *alg); RSA *ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, OSSL_LIB_CTX *libctx, const char *propq); +int ossl_rsa_padding_check_PKCS1_type_2(OSSL_LIB_CTX *ctx, + unsigned char *to, int tlen, + const unsigned char *from, int flen, + int num, unsigned char *kdk); int ossl_rsa_padding_check_PKCS1_type_2_TLS(OSSL_LIB_CTX *ctx, unsigned char *to, size_t tlen, const unsigned char *from, diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/sha.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/sha.h index 64305d17..99bcf0ff 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/sha.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/sha.h @@ -1,5 +1,5 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -14,6 +14,7 @@ # include +int ossl_sha256_192_init(SHA256_CTX *c); int sha512_224_init(SHA512_CTX *); int sha512_256_init(SHA512_CTX *); int ossl_sha1_ctrl(SHA_CTX *ctx, int cmd, int mslen, void *ms); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/sm4_platform.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/sm4_platform.h index 6cc1dfa5..cc4f5142 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/sm4_platform.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/sm4_platform.h @@ -12,7 +12,7 @@ # pragma once # if defined(OPENSSL_CPUID_OBJ) -# if defined(__aarch64__) +# if defined(__aarch64__) || defined (_M_ARM64) # include "arm_arch.h" extern unsigned int OPENSSL_arm_midr; static inline int vpsm4_capable(void) @@ -21,8 +21,14 @@ static inline int vpsm4_capable(void) (MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_V1) || MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_N1)); } +static inline int vpsm4_ex_capable(void) +{ + return (OPENSSL_armcap_P & ARMV8_CPUID) && + (MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, HISI_CPU_IMP, HISI_CPU_PART_KP920)); +} # if defined(VPSM4_ASM) # define VPSM4_CAPABLE vpsm4_capable() +# define VPSM4_EX_CAPABLE vpsm4_ex_capable() # endif # define HWSM4_CAPABLE (OPENSSL_armcap_P & ARMV8_SM4) # define HWSM4_set_encrypt_key sm4_v8_set_encrypt_key @@ -53,7 +59,7 @@ void HWSM4_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, const unsigned char ivec[16]); # endif /* HWSM4_CAPABLE */ -#ifdef VPSM4_CAPABLE +# ifdef VPSM4_CAPABLE int vpsm4_set_encrypt_key(const unsigned char *userKey, SM4_KEY *key); int vpsm4_set_decrypt_key(const unsigned char *userKey, SM4_KEY *key); void vpsm4_encrypt(const unsigned char *in, unsigned char *out, @@ -69,7 +75,37 @@ void vpsm4_ecb_encrypt(const unsigned char *in, unsigned char *out, void vpsm4_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, size_t len, const void *key, const unsigned char ivec[16]); +void vpsm4_xts_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SM4_KEY *key1, const SM4_KEY *key2, + const unsigned char ivec[16], const int enc); +void vpsm4_xts_encrypt_gb(const unsigned char *in, unsigned char *out, + size_t len, const SM4_KEY *key1, const SM4_KEY *key2, + const unsigned char ivec[16], const int enc); # endif /* VPSM4_CAPABLE */ +# ifdef VPSM4_EX_CAPABLE +int vpsm4_ex_set_encrypt_key(const unsigned char *userKey, SM4_KEY *key); +int vpsm4_ex_set_decrypt_key(const unsigned char *userKey, SM4_KEY *key); +void vpsm4_ex_encrypt(const unsigned char *in, unsigned char *out, + const SM4_KEY *key); +void vpsm4_ex_decrypt(const unsigned char *in, unsigned char *out, + const SM4_KEY *key); +void vpsm4_ex_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const SM4_KEY *key, + unsigned char *ivec, const int enc); +void vpsm4_ex_ecb_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const SM4_KEY *key, + const int enc); +void vpsm4_ex_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + const unsigned char ivec[16]); +void vpsm4_ex_xts_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SM4_KEY *key1, const SM4_KEY *key2, + const unsigned char ivec[16], const int enc); +void vpsm4_ex_xts_encrypt_gb(const unsigned char *in, unsigned char *out, + size_t len, const SM4_KEY *key1, + const SM4_KEY *key2, const unsigned char ivec[16], + const int enc); +# endif /* VPSM4_EX_CAPABLE */ #endif /* OSSL_SM4_PLATFORM_H */ diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/store.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/store.h index 5645fc92..9b7be71a 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/store.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/store.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/x509.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/x509.h index 631150b7..5765b9f7 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/x509.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/x509.h @@ -278,6 +278,8 @@ struct x509_store_ctx_st { /* X509_STORE_CTX */ SSL_DANE *dane; /* signed via bare TA public key, rather than CA certificate */ int bare_ta_signed; + /* Raw Public Key */ + EVP_PKEY *rpk; OSSL_LIB_CTX *libctx; char *propq; @@ -309,7 +311,7 @@ struct x509_object_st { }; int ossl_a2i_ipadd(unsigned char *ipout, const char *ipasc); -int ossl_x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm); +int ossl_x509_set1_time(int *modified, ASN1_TIME **ptm, const ASN1_TIME *tm); int ossl_x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags); int ossl_x509v3_cache_extensions(X509 *x); int ossl_x509_init_sig_info(X509 *x); @@ -334,7 +336,8 @@ int ossl_x509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq, ASN1_OCTET_STRING *ossl_x509_pubkey_hash(X509_PUBKEY *pubkey); X509_PUBKEY *ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, - long len, OSSL_LIB_CTX *libctx); + long len, OSSL_LIB_CTX *libctx, + const char *propq); void ossl_X509_PUBKEY_INTERNAL_free(X509_PUBKEY *xpub); RSA *ossl_d2i_RSA_PSS_PUBKEY(RSA **a, const unsigned char **pp, long length); @@ -364,6 +367,7 @@ int ossl_i2d_X448_PUBKEY(const ECX_KEY *a, unsigned char **pp); # endif /* OPENSSL_NO_EC */ EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a, const unsigned char **pp, long length); +int ossl_x509_check_private_key(const EVP_PKEY *k, const EVP_PKEY *pkey); int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, size_t vallen, STACK_OF(CONF_VALUE) **extlist); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/x509err.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/x509err.h index 0a67975b..c7c7d25e 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/x509err.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/crypto/x509err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/asn1.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/asn1.h index 3143e340..36dbe0fc 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/asn1.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/asn1.h @@ -11,6 +11,8 @@ # define OSSL_INTERNAL_ASN1_H # pragma once +# include + int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); #endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/bio.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/bio.h index 547a73d0..9481f4c9 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/bio.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/bio.h @@ -27,6 +27,8 @@ struct bio_method_st { int (*create) (BIO *); int (*destroy) (BIO *); long (*callback_ctrl) (BIO *, int, BIO_info_cb *); + int (*bsendmmsg) (BIO *, BIO_MSG *, size_t, size_t, uint64_t, size_t *); + int (*brecvmmsg) (BIO *, BIO_MSG *, size_t, size_t, uint64_t, size_t *); }; void bio_free_ex_data(BIO *bio); @@ -41,16 +43,20 @@ int bread_conv(BIO *bio, char *data, size_t datal, size_t *read); # define BIO_CTRL_SET_KTLS 72 # define BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG 74 # define BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG 75 +# define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90 /* * This is used with socket BIOs: * BIO_FLAGS_KTLS_TX means we are using ktls with this BIO for sending. * BIO_FLAGS_KTLS_TX_CTRL_MSG means we are about to send a ctrl message next. * BIO_FLAGS_KTLS_RX means we are using ktls with this BIO for receiving. + * BIO_FLAGS_KTLS_TX_ZEROCOPY_SENDFILE means we are using the zerocopy mode with + * this BIO for sending using sendfile. */ # define BIO_FLAGS_KTLS_TX_CTRL_MSG 0x1000 # define BIO_FLAGS_KTLS_RX 0x2000 # define BIO_FLAGS_KTLS_TX 0x4000 +# define BIO_FLAGS_KTLS_TX_ZEROCOPY_SENDFILE 0x8000 /* KTLS related controls and flags */ # define BIO_set_ktls_flag(b, is_tx) \ @@ -63,6 +69,8 @@ int bread_conv(BIO *bio, char *data, size_t datal, size_t *read); BIO_test_flags(b, BIO_FLAGS_KTLS_TX_CTRL_MSG) # define BIO_clear_ktls_ctrl_msg_flag(b) \ BIO_clear_flags(b, BIO_FLAGS_KTLS_TX_CTRL_MSG) +# define BIO_set_ktls_zerocopy_sendfile_flag(b) \ + BIO_set_flags(b, BIO_FLAGS_KTLS_TX_ZEROCOPY_SENDFILE) # define BIO_set_ktls(b, keyblob, is_tx) \ BIO_ctrl(b, BIO_CTRL_SET_KTLS, is_tx, keyblob) @@ -70,6 +78,8 @@ int bread_conv(BIO *bio, char *data, size_t datal, size_t *read); BIO_ctrl(b, BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG, record_type, NULL) # define BIO_clear_ktls_ctrl_msg(b) \ BIO_ctrl(b, BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG, 0, NULL) +# define BIO_set_ktls_tx_zerocopy_sendfile(b) \ + BIO_ctrl(b, BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE, 0, NULL) /* Functions to allow the core to offer the CORE_BIO type to providers */ OSSL_CORE_BIO *ossl_core_bio_new_from_bio(BIO *bio); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/bio_addr.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/bio_addr.h new file mode 100644 index 00000000..a6449b7e --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/bio_addr.h @@ -0,0 +1,29 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_BIO_ADDR_H +# define OSSL_BIO_ADDR_H + +# include "internal/e_os.h" +# include "internal/sockets.h" + +# ifndef OPENSSL_NO_SOCK +union bio_addr_st { + struct sockaddr sa; +# if OPENSSL_USE_IPV6 + struct sockaddr_in6 s_in6; +# endif + struct sockaddr_in s_in; +# ifndef OPENSSL_NO_UNIX_SOCK + struct sockaddr_un s_un; +# endif +}; +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/bio_tfo.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/bio_tfo.h new file mode 100644 index 00000000..64c0d4c3 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/bio_tfo.h @@ -0,0 +1,151 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Contains definitions for simplifying the use of TCP Fast Open + * (RFC7413) in OpenSSL socket BIOs. + */ + +/* If a supported OS is added here, update test/bio_tfo_test.c */ +#if defined(TCP_FASTOPEN) && !defined(OPENSSL_NO_TFO) + +# if defined(OPENSSL_SYS_MACOSX) || defined(__FreeBSD__) +# include +# endif + +/* + * OSSL_TFO_SYSCTL is used to determine if TFO is supported by + * this kernel, and if supported, if it is enabled. This is more of + * a problem on FreeBSD 10.3 ~ 11.4, where TCP_FASTOPEN was defined, + * but not enabled by default in the kernel, and only for the server. + * Linux does not have sysctlbyname(), and the closest equivalent + * is to go into the /proc filesystem, but I'm not sure it's + * worthwhile. + * + * On MacOS and Linux: + * These operating systems use a single parameter to control TFO. + * The OSSL_TFO_CLIENT_FLAG and OSSL_TFO_SERVER_FLAGS are used to + * determine if TFO is enabled for the client and server respectively. + * + * OSSL_TFO_CLIENT_FLAG = 1 = client TFO enabled + * OSSL_TFO_SERVER_FLAG = 2 = server TFO enabled + * + * Such that: + * 0 = TFO disabled + * 3 = server and client TFO enabled + * + * macOS 10.14 and later support TFO. + * Linux kernel 3.6 added support for client TFO. + * Linux kernel 3.7 added support for server TFO. + * Linux kernel 3.13 enabled TFO by default. + * Linux kernel 4.11 added the TCP_FASTOPEN_CONNECT option. + * + * On FreeBSD: + * FreeBSD 10.3 ~ 11.4 uses a single sysctl for server enable. + * FreeBSD 12.0 and later uses separate sysctls for server and + * client enable. + * + * Some options are purposely NOT defined per-platform + * + * OSSL_TFO_SYSCTL + * Defined as a sysctlbyname() option to determine if + * TFO is enabled in the kernel (macOS, FreeBSD) + * + * OSSL_TFO_SERVER_SOCKOPT + * Defined to indicate the socket option used to enable + * TFO on a server socket (all) + * + * OSSL_TFO_SERVER_SOCKOPT_VALUE + * Value to be used with OSSL_TFO_SERVER_SOCKOPT + * + * OSSL_TFO_CONNECTX + * Use the connectx() function to make a client connection + * (macOS) + * + * OSSL_TFO_CLIENT_SOCKOPT + * Defined to indicate the socket option used to enable + * TFO on a client socket (FreeBSD, Linux 4.14 and later) + * + * OSSL_TFO_SENDTO + * Defined to indicate the sendto() message type to + * be used to initiate a TFO connection (FreeBSD, + * Linux pre-4.14) + * + * OSSL_TFO_DO_NOT_CONNECT + * Defined to skip calling connect() when creating a + * client socket (macOS, FreeBSD, Linux pre-4.14) + */ + +# if defined(OPENSSL_SYS_WINDOWS) +/* + * NO WINDOWS SUPPORT + * + * But this is what would be used on the server: + * + * define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN + * define OSSL_TFO_SERVER_SOCKOPT_VALUE 1 + * + * Still have to figure out client support + */ +# undef TCP_FASTOPEN +# endif + +/* NO VMS SUPPORT */ +# if defined(OPENSSL_SYS_VMS) +# undef TCP_FASTOPEN +# endif + +# if defined(OPENSSL_SYS_MACOSX) +# define OSSL_TFO_SYSCTL "net.inet.tcp.fastopen" +# define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN +# define OSSL_TFO_SERVER_SOCKOPT_VALUE 1 +# define OSSL_TFO_CONNECTX 1 +# define OSSL_TFO_DO_NOT_CONNECT 1 +# define OSSL_TFO_CLIENT_FLAG 1 +# define OSSL_TFO_SERVER_FLAG 2 +# endif + +# if defined(__FreeBSD__) +# if defined(TCP_FASTOPEN_PSK_LEN) +/* As of 12.0 these are the SYSCTLs */ +# define OSSL_TFO_SYSCTL_SERVER "net.inet.tcp.fastopen.server_enable" +# define OSSL_TFO_SYSCTL_CLIENT "net.inet.tcp.fastopen.client_enable" +# define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN +# define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN +# define OSSL_TFO_CLIENT_SOCKOPT TCP_FASTOPEN +# define OSSL_TFO_DO_NOT_CONNECT 1 +# define OSSL_TFO_SENDTO 0 +/* These are the same because the sysctl are client/server-specific */ +# define OSSL_TFO_CLIENT_FLAG 1 +# define OSSL_TFO_SERVER_FLAG 1 +# else +/* 10.3 through 11.4 SYSCTL - ONLY SERVER SUPPORT */ +# define OSSL_TFO_SYSCTL "net.inet.tcp.fastopen.enabled" +# define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN +# define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN +# define OSSL_TFO_SERVER_FLAG 1 +# endif +# endif + +# if defined(OPENSSL_SYS_LINUX) +/* OSSL_TFO_PROC not used, but of interest */ +# define OSSL_TFO_PROC "/proc/sys/net/ipv4/tcp_fastopen" +# define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN +# define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN +# if defined(TCP_FASTOPEN_CONNECT) +# define OSSL_TFO_CLIENT_SOCKOPT TCP_FASTOPEN_CONNECT +# else +# define OSSL_TFO_SENDTO MSG_FASTOPEN +# define OSSL_TFO_DO_NOT_CONNECT 1 +# endif +# define OSSL_TFO_CLIENT_FLAG 1 +# define OSSL_TFO_SERVER_FLAG 2 +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/common.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/common.h new file mode 100644 index 00000000..15666f11 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/common.h @@ -0,0 +1,217 @@ +/* + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_COMMON_H +# define OSSL_INTERNAL_COMMON_H +# pragma once + +# include +# include +# include "openssl/configuration.h" + +# include "internal/e_os.h" /* ossl_inline in many files */ +# include "internal/nelem.h" + +# if defined(__GNUC__) || defined(__clang__) +# define likely(x) __builtin_expect(!!(x), 1) +# define unlikely(x) __builtin_expect(!!(x), 0) +# else +# define likely(x) x +# define unlikely(x) x +# endif + +# if defined(__GNUC__) || defined(__clang__) +# define ALIGN32 __attribute((aligned(32))) +# define ALIGN64 __attribute((aligned(64))) +# elif defined(_MSC_VER) +# define ALIGN32 __declspec(align(32)) +# define ALIGN64 __declspec(align(64)) +# else +# define ALIGN32 +# define ALIGN64 +# endif + +# ifdef NDEBUG +# define ossl_assert(x) ((x) != 0) +# else +__owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr, + const char *file, int line) +{ + if (!expr) + OPENSSL_die(exprstr, file, line); + + return expr; +} + +# define ossl_assert(x) ossl_assert_int((x) != 0, "Assertion failed: "#x, \ + __FILE__, __LINE__) + +# endif + +/* Check if |pre|, which must be a string literal, is a prefix of |str| */ +#define HAS_PREFIX(str, pre) (strncmp(str, pre "", sizeof(pre) - 1) == 0) +/* As before, and if check succeeds, advance |str| past the prefix |pre| */ +#define CHECK_AND_SKIP_PREFIX(str, pre) \ + (HAS_PREFIX(str, pre) ? ((str) += sizeof(pre) - 1, 1) : 0) +/* Check if the string literal |p| is a case-insensitive prefix of |s| */ +#define HAS_CASE_PREFIX(s, p) (OPENSSL_strncasecmp(s, p "", sizeof(p) - 1) == 0) +/* As before, and if check succeeds, advance |str| past the prefix |pre| */ +#define CHECK_AND_SKIP_CASE_PREFIX(str, pre) \ + (HAS_CASE_PREFIX(str, pre) ? ((str) += sizeof(pre) - 1, 1) : 0) +/* Check if the string literal |suffix| is a case-insensitive suffix of |str| */ +#define HAS_CASE_SUFFIX(str, suffix) (strlen(str) < sizeof(suffix) - 1 ? 0 : \ + OPENSSL_strcasecmp(str + strlen(str) - sizeof(suffix) + 1, suffix "") == 0) + +/* + * Use this inside a union with the field that needs to be aligned to a + * reasonable boundary for the platform. The most pessimistic alignment + * of the listed types will be used by the compiler. + */ +# define OSSL_UNION_ALIGN \ + double align; \ + ossl_uintmax_t align_int; \ + void *align_ptr + +# define OPENSSL_CONF "openssl.cnf" + +# ifndef OPENSSL_SYS_VMS +# define X509_CERT_AREA OPENSSLDIR +# define X509_CERT_DIR OPENSSLDIR "/certs" +# define X509_CERT_FILE OPENSSLDIR "/cert.pem" +# define X509_PRIVATE_DIR OPENSSLDIR "/private" +# define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf" +# else +# define X509_CERT_AREA "OSSL$DATAROOT:[000000]" +# define X509_CERT_DIR "OSSL$DATAROOT:[CERTS]" +# define X509_CERT_FILE "OSSL$DATAROOT:[000000]cert.pem" +# define X509_PRIVATE_DIR "OSSL$DATAROOT:[PRIVATE]" +# define CTLOG_FILE "OSSL$DATAROOT:[000000]ct_log_list.cnf" +# endif + +# define X509_CERT_DIR_EVP "SSL_CERT_DIR" +# define X509_CERT_FILE_EVP "SSL_CERT_FILE" +# define CTLOG_FILE_EVP "CTLOG_FILE" + +/* size of string representations */ +# define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) +# define HEX_SIZE(type) (sizeof(type)*2) + +# define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ + l|=(((unsigned long)(*((c)++)))<< 8), \ + l|=(((unsigned long)(*((c)++)))<<16), \ + l|=(((unsigned long)(*((c)++)))<<24)) + +/* NOTE - c is not incremented as per c2l */ +# define c2ln(c,l1,l2,n) { \ + c+=n; \ + l1=l2=0; \ + switch (n) { \ + case 8: l2 =((unsigned long)(*(--(c))))<<24; \ + case 7: l2|=((unsigned long)(*(--(c))))<<16; \ + case 6: l2|=((unsigned long)(*(--(c))))<< 8; \ + case 5: l2|=((unsigned long)(*(--(c)))); \ + case 4: l1 =((unsigned long)(*(--(c))))<<24; \ + case 3: l1|=((unsigned long)(*(--(c))))<<16; \ + case 2: l1|=((unsigned long)(*(--(c))))<< 8; \ + case 1: l1|=((unsigned long)(*(--(c)))); \ + } \ + } + +# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24)&0xff)) + +# define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \ + l|=((unsigned long)(*((c)++)))<<16, \ + l|=((unsigned long)(*((c)++)))<< 8, \ + l|=((unsigned long)(*((c)++)))) + +# define n2l8(c,l) (l =((uint64_t)(*((c)++)))<<56, \ + l|=((uint64_t)(*((c)++)))<<48, \ + l|=((uint64_t)(*((c)++)))<<40, \ + l|=((uint64_t)(*((c)++)))<<32, \ + l|=((uint64_t)(*((c)++)))<<24, \ + l|=((uint64_t)(*((c)++)))<<16, \ + l|=((uint64_t)(*((c)++)))<< 8, \ + l|=((uint64_t)(*((c)++)))) + +# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +# define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ + *((c)++)=(unsigned char)(((l)>>48)&0xff), \ + *((c)++)=(unsigned char)(((l)>>40)&0xff), \ + *((c)++)=(unsigned char)(((l)>>32)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +/* NOTE - c is not incremented as per l2c */ +# define l2cn(l1,l2,c,n) { \ + c+=n; \ + switch (n) { \ + case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ + case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ + case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ + case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ + case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ + case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ + case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ + case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ + } \ + } + +# define n2s(c,s) ((s=(((unsigned int)((c)[0]))<< 8)| \ + (((unsigned int)((c)[1])) )),(c)+=2) +# define s2n(s,c) (((c)[0]=(unsigned char)(((s)>> 8)&0xff), \ + (c)[1]=(unsigned char)(((s) )&0xff)),(c)+=2) + +# define n2l3(c,l) ((l =(((unsigned long)((c)[0]))<<16)| \ + (((unsigned long)((c)[1]))<< 8)| \ + (((unsigned long)((c)[2])) )),(c)+=3) + +# define l2n3(l,c) (((c)[0]=(unsigned char)(((l)>>16)&0xff), \ + (c)[1]=(unsigned char)(((l)>> 8)&0xff), \ + (c)[2]=(unsigned char)(((l) )&0xff)),(c)+=3) + +static ossl_inline int ossl_ends_with_dirsep(const char *path) +{ + if (*path != '\0') + path += strlen(path) - 1; +# if defined __VMS + if (*path == ']' || *path == '>' || *path == ':') + return 1; +# elif defined _WIN32 + if (*path == '\\') + return 1; +# endif + return *path == '/'; +} + +static ossl_inline int ossl_is_absolute_path(const char *path) +{ +# if defined __VMS + if (strchr(path, ':') != NULL + || ((path[0] == '[' || path[0] == '<') + && path[1] != '.' && path[1] != '-' + && path[1] != ']' && path[1] != '>')) + return 1; +# elif defined _WIN32 + if (path[0] == '\\' + || (path[0] != '\0' && path[1] == ':')) + return 1; +# endif + return path[0] == '/'; +} + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/comp.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/comp.h index 3ad86fc7..c48c29d5 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/comp.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/comp.h @@ -10,3 +10,5 @@ #include void ossl_comp_zlib_cleanup(void); +void ossl_comp_brotli_cleanup(void); +void ossl_comp_zstd_cleanup(void); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/cryptlib.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/cryptlib.h index ac50eb3b..64851fd8 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/cryptlib.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/cryptlib.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,9 +11,6 @@ # define OSSL_INTERNAL_CRYPTLIB_H # pragma once -# include -# include - # ifdef OPENSSL_USE_APPLINK # define BIO_FLAGS_UPLINK_INTERNAL 0x8000 # include "ms/uplink.h" @@ -21,39 +18,13 @@ # define BIO_FLAGS_UPLINK_INTERNAL 0 # endif +# include "internal/common.h" + # include # include # include # include # include -# include "internal/nelem.h" - -#ifdef NDEBUG -# define ossl_assert(x) ((x) != 0) -#else -__owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr, - const char *file, int line) -{ - if (!expr) - OPENSSL_die(exprstr, file, line); - - return expr; -} - -# define ossl_assert(x) ossl_assert_int((x) != 0, "Assertion failed: "#x, \ - __FILE__, __LINE__) - -#endif - -/* - * Use this inside a union with the field that needs to be aligned to a - * reasonable boundary for the platform. The most pessimistic alignment - * of the listed types will be used by the compiler. - */ -# define OSSL_UNION_ALIGN \ - double align; \ - ossl_uintmax_t align_int; \ - void *align_ptr typedef struct ex_callback_st EX_CALLBACK; DEFINE_STACK_OF(EX_CALLBACK) @@ -61,30 +32,6 @@ DEFINE_STACK_OF(EX_CALLBACK) typedef struct mem_st MEM; DEFINE_LHASH_OF_EX(MEM); -# define OPENSSL_CONF "openssl.cnf" - -# ifndef OPENSSL_SYS_VMS -# define X509_CERT_AREA OPENSSLDIR -# define X509_CERT_DIR OPENSSLDIR "/certs" -# define X509_CERT_FILE OPENSSLDIR "/cert.pem" -# define X509_PRIVATE_DIR OPENSSLDIR "/private" -# define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf" -# else -# define X509_CERT_AREA "OSSL$DATAROOT:[000000]" -# define X509_CERT_DIR "OSSL$DATAROOT:[CERTS]" -# define X509_CERT_FILE "OSSL$DATAROOT:[000000]cert.pem" -# define X509_PRIVATE_DIR "OSSL$DATAROOT:[PRIVATE]" -# define CTLOG_FILE "OSSL$DATAROOT:[000000]ct_log_list.cnf" -# endif - -# define X509_CERT_DIR_EVP "SSL_CERT_DIR" -# define X509_CERT_FILE_EVP "SSL_CERT_FILE" -# define CTLOG_FILE_EVP "CTLOG_FILE" - -/* size of string representations */ -# define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) -# define HEX_SIZE(type) (sizeof(type)*2) - void OPENSSL_cpuid_setup(void); #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ defined(__x86_64) || defined(__x86_64__) || \ @@ -168,7 +115,9 @@ typedef struct ossl_ex_data_global_st { # define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16 # define OSSL_LIB_CTX_BIO_CORE_INDEX 17 # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 -# define OSSL_LIB_CTX_MAX_INDEXES 19 +# define OSSL_LIB_CTX_THREAD_INDEX 19 +# define OSSL_LIB_CTX_DECODER_CACHE_INDEX 20 +# define OSSL_LIB_CTX_MAX_INDEXES 20 OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx); int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx); @@ -211,34 +160,4 @@ char *ossl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep); unsigned char *ossl_hexstr2buf_sep(const char *str, long *buflen, const char sep); -static ossl_inline int ossl_ends_with_dirsep(const char *path) -{ - if (*path != '\0') - path += strlen(path) - 1; -# if defined __VMS - if (*path == ']' || *path == '>' || *path == ':') - return 1; -# elif defined _WIN32 - if (*path == '\\') - return 1; -# endif - return *path == '/'; -} - -static ossl_inline int ossl_is_absolute_path(const char *path) -{ -# if defined __VMS - if (strchr(path, ':') != NULL - || ((path[0] == '[' || path[0] == '<') - && path[1] != '.' && path[1] != '-' - && path[1] != ']' && path[1] != '>')) - return 1; -# elif defined _WIN32 - if (path[0] == '\\' - || (path[0] != '\0' && path[1] == ':')) - return 1; -# endif - return path[0] == '/'; -} - #endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/der.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/der.h index f23fabc2..8d6db8f0 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/der.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/der.h @@ -7,8 +7,12 @@ * https://www.openssl.org/source/license.html */ -#include -#include "internal/packet.h" +#ifndef OSSL_INTERNAL_DER_H +# define OSSL_INTERNAL_DER_H +# pragma once + +# include +# include "internal/packet.h" /* * NOTE: X.690 numbers the identifier octet bits 1 to 8. @@ -22,42 +26,42 @@ * These are only valid for the UNIVERSAL class. With the other classes, * these bits have a different meaning. */ -#define DER_P_EOC 0 /* BER End Of Contents tag */ -#define DER_P_BOOLEAN 1 -#define DER_P_INTEGER 2 -#define DER_P_BIT_STRING 3 -#define DER_P_OCTET_STRING 4 -#define DER_P_NULL 5 -#define DER_P_OBJECT 6 -#define DER_P_OBJECT_DESCRIPTOR 7 -#define DER_P_EXTERNAL 8 -#define DER_P_REAL 9 -#define DER_P_ENUMERATED 10 -#define DER_P_UTF8STRING 12 -#define DER_P_SEQUENCE 16 -#define DER_P_SET 17 -#define DER_P_NUMERICSTRING 18 -#define DER_P_PRINTABLESTRING 19 -#define DER_P_T61STRING 20 -#define DER_P_VIDEOTEXSTRING 21 -#define DER_P_IA5STRING 22 -#define DER_P_UTCTIME 23 -#define DER_P_GENERALIZEDTIME 24 -#define DER_P_GRAPHICSTRING 25 -#define DER_P_ISO64STRING 26 -#define DER_P_GENERALSTRING 27 -#define DER_P_UNIVERSALSTRING 28 -#define DER_P_BMPSTRING 30 +# define DER_P_EOC 0 /* BER End Of Contents tag */ +# define DER_P_BOOLEAN 1 +# define DER_P_INTEGER 2 +# define DER_P_BIT_STRING 3 +# define DER_P_OCTET_STRING 4 +# define DER_P_NULL 5 +# define DER_P_OBJECT 6 +# define DER_P_OBJECT_DESCRIPTOR 7 +# define DER_P_EXTERNAL 8 +# define DER_P_REAL 9 +# define DER_P_ENUMERATED 10 +# define DER_P_UTF8STRING 12 +# define DER_P_SEQUENCE 16 +# define DER_P_SET 17 +# define DER_P_NUMERICSTRING 18 +# define DER_P_PRINTABLESTRING 19 +# define DER_P_T61STRING 20 +# define DER_P_VIDEOTEXSTRING 21 +# define DER_P_IA5STRING 22 +# define DER_P_UTCTIME 23 +# define DER_P_GENERALIZEDTIME 24 +# define DER_P_GRAPHICSTRING 25 +# define DER_P_ISO64STRING 26 +# define DER_P_GENERALSTRING 27 +# define DER_P_UNIVERSALSTRING 28 +# define DER_P_BMPSTRING 30 /* DER Flags, occupying bit 6 in the DER identifier byte */ -#define DER_F_PRIMITIVE 0x00 -#define DER_F_CONSTRUCTED 0x20 +# define DER_F_PRIMITIVE 0x00 +# define DER_F_CONSTRUCTED 0x20 /* DER classes tags, occupying bits 7-8 in the DER identifier byte */ -#define DER_C_UNIVERSAL 0x00 -#define DER_C_APPLICATION 0x40 -#define DER_C_CONTEXT 0x80 -#define DER_C_PRIVATE 0xC0 +# define DER_C_UNIVERSAL 0x00 +# define DER_C_APPLICATION 0x40 +# define DER_C_CONTEXT 0x80 +# define DER_C_PRIVATE 0xC0 /* * Run-time constructors. @@ -67,7 +71,7 @@ */ /* This can be used for all items that don't have a context */ -#define DER_NO_CONTEXT -1 +# define DER_NO_CONTEXT -1 int ossl_DER_w_precompiled(WPACKET *pkt, int tag, const unsigned char *precompiled, @@ -86,3 +90,5 @@ int ossl_DER_w_octet_string_uint32(WPACKET *pkt, int tag, uint32_t value); */ int ossl_DER_w_begin_sequence(WPACKET *pkt, int tag); int ossl_DER_w_end_sequence(WPACKET *pkt, int tag); + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/deterministic_nonce.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/deterministic_nonce.h new file mode 100644 index 00000000..5f0313fe --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/deterministic_nonce.h @@ -0,0 +1,24 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_DETERMINISTIC_NONCE_H +# define OSSL_INTERNAL_DETERMINISTIC_NONCE_H +# pragma once + +# include + +int ossl_gen_deterministic_nonce_rfc6979(BIGNUM *out, const BIGNUM *q, + const BIGNUM *priv, + const unsigned char *message, + size_t message_len, + const char *digestname, + OSSL_LIB_CTX *libctx, + const char *propq); + +#endif /*OSSL_INTERNAL_DETERMINISTIC_NONCE_H */ diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/e_os.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/e_os.h index 7fdc3899..d1ed62e8 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/e_os.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/e_os.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -143,7 +143,7 @@ static __inline unsigned int _strlen31(const char *str) # undef stdin # undef stdout # undef stderr -FILE *__iob_func(); +FILE *__iob_func(void); # define stdin (&__iob_func()[0]) # define stdout (&__iob_func()[1]) # define stderr (&__iob_func()[2]) @@ -249,7 +249,7 @@ FILE *__iob_func(); /***********************************************/ # if defined(OPENSSL_SYS_WINDOWS) -# if (_MSC_VER >= 1310) && !defined(_WIN32_WCE) +# if defined(_MSC_VER) && (_MSC_VER >= 1310) && !defined(_WIN32_WCE) # define open _open # define fdopen _fdopen # define close _close @@ -286,54 +286,6 @@ struct servent *getservbyname(const char *name, const char *proto); # endif /* end vxworks */ -/* system-specific variants defining ossl_sleep() */ -#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) -# include -static ossl_inline void ossl_sleep(unsigned long millis) -{ -# ifdef OPENSSL_SYS_VXWORKS - struct timespec ts; - ts.tv_sec = (long int) (millis / 1000); - ts.tv_nsec = (long int) (millis % 1000) * 1000000ul; - nanosleep(&ts, NULL); -# elif defined(__TANDEM) -# if !defined(_REENTRANT) -# include - /* HPNS does not support usleep for non threaded apps */ - PROCESS_DELAY_(millis * 1000); -# elif defined(_SPT_MODEL_) -# include -# include - usleep(millis * 1000); -# else - usleep(millis * 1000); -# endif -# else - usleep(millis * 1000); -# endif -} -#elif defined(_WIN32) -# include -static ossl_inline void ossl_sleep(unsigned long millis) -{ - Sleep(millis); -} -#else -/* Fallback to a busy wait */ -static ossl_inline void ossl_sleep(unsigned long millis) -{ - struct timeval start, now; - unsigned long elapsedms; - - gettimeofday(&start, NULL); - do { - gettimeofday(&now, NULL); - elapsedms = (((now.tv_sec - start.tv_sec) * 1000000) - + now.tv_usec - start.tv_usec) / 1000; - } while (elapsedms < millis); -} -#endif /* defined OPENSSL_SYS_UNIX */ - /* ----------------------------- HP NonStop -------------------------------- */ /* Required to support platform variant without getpid() and pid_t. */ # if defined(__TANDEM) && defined(_GUARDIAN_TARGET) @@ -343,12 +295,12 @@ static ossl_inline void ossl_sleep(unsigned long millis) # define gethostbyname(name) gethostbyname((char*)name) # define ioctlsocket(a,b,c) ioctl(a,b,c) # ifdef NO_GETPID -inline int nssgetpid(); +inline int nssgetpid(void); # ifndef NSSGETPID_MACRO # define NSSGETPID_MACRO # include # include - inline int nssgetpid() + inline int nssgetpid(void) { short phandle[10]={0}; union pseudo_pid { diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/endian.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/endian.h index 8b34e03e..7d5a73b1 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/endian.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/endian.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,7 @@ # pragma once /* - * IS_LITTLE_ENDIAN and IS_BIG_ENDIAN can be used to detect the endiannes + * IS_LITTLE_ENDIAN and IS_BIG_ENDIAN can be used to detect the endianness * at compile time. To use it, DECLARE_IS_ENDIAN must be used to declare * a variable. * diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/event_queue.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/event_queue.h new file mode 100644 index 00000000..bda1ee6a --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/event_queue.h @@ -0,0 +1,163 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_EVENT_QUEUE_H +# define OSSL_INTERNAL_EVENT_QUEUE_H +# pragma once + +# include "internal/priority_queue.h" +# include "internal/time.h" + +/* + * Opaque type holding an event. + */ +typedef struct ossl_event_st OSSL_EVENT; + +DEFINE_PRIORITY_QUEUE_OF(OSSL_EVENT); + +/* + * Public type representing an event queue, the underlying structure being + * opaque. + */ +typedef struct ossl_event_queue_st OSSL_EVENT_QUEUE; + +/* + * Public type representing a event queue entry. + * It is (internally) public so that it can be embedded into other structures, + * it should otherwise be treated as opaque. + */ +struct ossl_event_st { + uint32_t type; /* What type of event this is */ + uint32_t priority; /* What priority this event has */ + OSSL_TIME when; /* When the event is scheduled to happen */ + void *ctx; /* User argument passed to call backs */ + void *payload; /* Event specific data of unknown kind */ + size_t payload_size; /* Length (in bytes) of event specific data */ + + /* These fields are for internal use only */ + PRIORITY_QUEUE_OF(OSSL_EVENT) *queue; /* Queue containing this event */ + size_t ref; /* ID for this event */ + unsigned int flag_dynamic : 1; /* Malloced or not? */ +}; + +/* + * Utility function to populate an event structure and add it to the queue + */ +int ossl_event_queue_add(OSSL_EVENT_QUEUE *queue, OSSL_EVENT *event, + uint32_t type, uint32_t priority, + OSSL_TIME when, void *ctx, + void *payload, size_t payload_size); + +/* + * Utility functions to extract event fields + */ +static ossl_unused ossl_inline +uint32_t ossl_event_get_type(const OSSL_EVENT *event) +{ + return event->type; +} + +static ossl_unused ossl_inline +uint32_t ossl_event_get_priority(const OSSL_EVENT *event) +{ + return event->priority; +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_event_get_when(const OSSL_EVENT *event) +{ + return event->when; +} + +static ossl_unused ossl_inline +void *ossl_event_get0_ctx(const OSSL_EVENT *event) +{ + return event->ctx; +} + +static ossl_unused ossl_inline +void *ossl_event_get0_payload(const OSSL_EVENT *event, size_t *length) +{ + if (length != NULL) + *length = event->payload_size; + return event->payload; +} + +/* + * Create and free a queue. + */ +OSSL_EVENT_QUEUE *ossl_event_queue_new(void); +void ossl_event_queue_free(OSSL_EVENT_QUEUE *queue); + +/* + * Schedule a new event into an event queue. + * + * The event parameters are taken from the function arguments. + * + * The function returns NULL on failure and the added event on success. + */ +OSSL_EVENT *ossl_event_queue_add_new(OSSL_EVENT_QUEUE *queue, + uint32_t type, uint32_t priority, + OSSL_TIME when, void *ctx, + void *payload, size_t payload_size) +; + +/* + * Schedule an event into an event queue. + * + * The event parameters are taken from the function arguments. + * + * The function returns 0 on failure and 1 on success. + */ +int ossl_event_queue_add(OSSL_EVENT_QUEUE *queue, OSSL_EVENT *event, + uint32_t type, uint32_t priority, + OSSL_TIME when, void *ctx, + void *payload, size_t payload_size); + +/* + * Delete an event from the queue. + * This will cause the early deletion function to be called if it is non-NULL. + * A pointer to the event structure is returned. + */ +int ossl_event_queue_remove(OSSL_EVENT_QUEUE *queue, OSSL_EVENT *event); + +/* + * Free a dynamic event. + * Is a NOP for a static event. + */ +void ossl_event_free(OSSL_EVENT *event); + +/* + * Return the time until the next event for the specified event, if the event's + * time is past, zero is returned. Once activated, the event reference becomes + * invalid and this function becomes undefined. + */ +OSSL_TIME ossl_event_time_until(const OSSL_EVENT *event); + +/* + * Return the time until the next event in the queue. + * If the next event is in the past, zero is returned. + */ +OSSL_TIME ossl_event_queue_time_until_next(const OSSL_EVENT_QUEUE *queue); + +/* + * Postpone an event to trigger at the specified time. + * If the event has triggered, this function's behaviour is undefined. + */ +int ossl_event_queue_postpone_until(OSSL_EVENT_QUEUE *queue, + OSSL_EVENT *event, + OSSL_TIME when); + +/* + * Return the next event to process. + */ +int ossl_event_queue_get1_next_event(OSSL_EVENT_QUEUE *queue, + OSSL_EVENT **event); + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/ffc.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/ffc.h index c4f09087..edd8381e 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/ffc.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/ffc.h @@ -58,8 +58,11 @@ # define FFC_CHECK_INVALID_Q_VALUE 0x00020 # define FFC_CHECK_INVALID_J_VALUE 0x00040 -# define FFC_CHECK_BAD_LN_PAIR 0x00080 -# define FFC_CHECK_INVALID_SEED_SIZE 0x00100 +/* + * 0x80, 0x100 reserved by include/openssl/dh.h with check bits that are not + * relevant for FFC. + */ + # define FFC_CHECK_MISSING_SEED_OR_COUNTER 0x00200 # define FFC_CHECK_INVALID_G 0x00400 # define FFC_CHECK_INVALID_PQ 0x00800 @@ -68,6 +71,8 @@ # define FFC_CHECK_Q_MISMATCH 0x04000 # define FFC_CHECK_G_MISMATCH 0x08000 # define FFC_CHECK_COUNTER_MISMATCH 0x10000 +# define FFC_CHECK_BAD_LN_PAIR 0x20000 +# define FFC_CHECK_INVALID_SEED_SIZE 0x40000 /* Validation Return codes */ # define FFC_ERROR_PUBKEY_TOO_SMALL 0x01 @@ -132,7 +137,7 @@ void ossl_ffc_params_set_h(FFC_PARAMS *params, int index); void ossl_ffc_params_set_flags(FFC_PARAMS *params, unsigned int flags); void ossl_ffc_params_enable_flags(FFC_PARAMS *params, unsigned int flags, int enable); -int ossl_ffc_set_digest(FFC_PARAMS *params, const char *alg, const char *props); +void ossl_ffc_set_digest(FFC_PARAMS *params, const char *alg, const char *props); int ossl_ffc_params_set_validate_params(FFC_PARAMS *params, const unsigned char *seed, diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/hpke_util.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/hpke_util.h new file mode 100644 index 00000000..e1da5e05 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/hpke_util.h @@ -0,0 +1,100 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_HPKE_UTIL_H +# define OSSL_INTERNAL_HPKE_UTIL_H +# pragma once + +/* Constants from RFC 9180 Section 7.1 and 7.3 */ +# define OSSL_HPKE_MAX_SECRET 64 +# define OSSL_HPKE_MAX_PUBLIC 133 +# define OSSL_HPKE_MAX_PRIVATE 66 +# define OSSL_HPKE_MAX_KDF_INPUTLEN 64 + +/* + * max length of a base-nonce (the Nn field from OSSL_HPKE_AEAD_INFO), this + * is used for a local stack array size + */ +# define OSSL_HPKE_MAX_NONCELEN 12 + +/* + * @brief info about a KEM + * Used to store constants from Section 7.1 "Table 2 KEM IDs" + * and the bitmask for EC curves described in Section 7.1.3 DeriveKeyPair + */ +typedef struct { + uint16_t kem_id; /* code point for key encipherment method */ + const char *keytype; /* string form of algtype "EC"/"X25519"/"X448" */ + const char *groupname; /* string form of EC group for NIST curves */ + const char *mdname; /* hash alg name for the HKDF */ + size_t Nsecret; /* size of secrets */ + size_t Nenc; /* length of encapsulated key */ + size_t Npk; /* length of public key */ + size_t Nsk; /* length of raw private key */ + uint8_t bitmask; +} OSSL_HPKE_KEM_INFO; + +/* + * @brief info about a KDF + */ +typedef struct { + uint16_t kdf_id; /* code point for KDF */ + const char *mdname; /* hash alg name for the HKDF */ + size_t Nh; /* length of hash/extract output */ +} OSSL_HPKE_KDF_INFO; + +/* + * @brief info about an AEAD + */ +typedef struct { + uint16_t aead_id; /* code point for aead alg */ + const char *name; /* alg name */ + size_t taglen; /* aead tag len */ + size_t Nk; /* size of a key for this aead */ + size_t Nn; /* length of a nonce for this aead */ +} OSSL_HPKE_AEAD_INFO; + +const OSSL_HPKE_KEM_INFO *ossl_HPKE_KEM_INFO_find_curve(const char *curve); +const OSSL_HPKE_KEM_INFO *ossl_HPKE_KEM_INFO_find_id(uint16_t kemid); +const OSSL_HPKE_KEM_INFO *ossl_HPKE_KEM_INFO_find_random(OSSL_LIB_CTX *ctx); +const OSSL_HPKE_KDF_INFO *ossl_HPKE_KDF_INFO_find_id(uint16_t kdfid); +const OSSL_HPKE_KDF_INFO *ossl_HPKE_KDF_INFO_find_random(OSSL_LIB_CTX *ctx); +const OSSL_HPKE_AEAD_INFO *ossl_HPKE_AEAD_INFO_find_id(uint16_t aeadid); +const OSSL_HPKE_AEAD_INFO *ossl_HPKE_AEAD_INFO_find_random(OSSL_LIB_CTX *ctx); + +int ossl_hpke_kdf_extract(EVP_KDF_CTX *kctx, + unsigned char *prk, size_t prklen, + const unsigned char *salt, size_t saltlen, + const unsigned char *ikm, size_t ikmlen); + +int ossl_hpke_kdf_expand(EVP_KDF_CTX *kctx, + unsigned char *okm, size_t okmlen, + const unsigned char *prk, size_t prklen, + const unsigned char *info, size_t infolen); + +int ossl_hpke_labeled_extract(EVP_KDF_CTX *kctx, + unsigned char *prk, size_t prklen, + const unsigned char *salt, size_t saltlen, + const char *protocol_label, + const unsigned char *suiteid, size_t suiteidlen, + const char *label, + const unsigned char *ikm, size_t ikmlen); +int ossl_hpke_labeled_expand(EVP_KDF_CTX *kctx, + unsigned char *okm, size_t okmlen, + const unsigned char *prk, size_t prklen, + const char *protocol_label, + const unsigned char *suiteid, size_t suiteidlen, + const char *label, + const unsigned char *info, size_t infolen); + +EVP_KDF_CTX *ossl_kdf_ctx_create(const char *kdfname, const char *mdname, + OSSL_LIB_CTX *libctx, const char *propq); + +int ossl_hpke_str2suite(const char *suitestr, OSSL_HPKE_SUITE *suite); +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/ktls.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/ktls.h index 95492fd0..af27a325 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/ktls.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/ktls.h @@ -1,5 +1,5 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,6 +40,11 @@ # define OPENSSL_KTLS_AES_GCM_128 # define OPENSSL_KTLS_AES_GCM_256 # define OPENSSL_KTLS_TLS13 +# ifdef TLS_CHACHA20_IV_LEN +# ifndef OPENSSL_NO_CHACHA +# define OPENSSL_KTLS_CHACHA20_POLY1305 +# endif +# endif typedef struct tls_enable ktls_crypto_info_t; @@ -209,6 +214,13 @@ static ossl_inline ossl_ssize_t ktls_sendfile(int s, int fd, off_t off, # warning "Skipping Compilation of KTLS receive data path" # endif # endif +# if LINUX_VERSION_CODE < KERNEL_VERSION(5, 19, 0) +# define OPENSSL_NO_KTLS_ZC_TX +# ifndef PEDANTIC +# warning "KTLS requires Kernel Headers >= 5.19.0 for zerocopy sendfile" +# warning "Skipping Compilation of KTLS zerocopy sendfile" +# endif +# endif # define OPENSSL_KTLS_AES_GCM_128 # if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0) # define OPENSSL_KTLS_AES_GCM_256 @@ -288,6 +300,18 @@ static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *crypto_info, crypto_info, crypto_info->tls_crypto_info_len) ? 0 : 1; } +static ossl_inline int ktls_enable_tx_zerocopy_sendfile(int fd) +{ +#ifndef OPENSSL_NO_KTLS_ZC_TX + int enable = 1; + + return setsockopt(fd, SOL_TLS, TLS_TX_ZEROCOPY_RO, + &enable, sizeof(enable)) ? 0 : 1; +#else + return 0; +#endif +} + /* * Send a TLS record using the crypto_info provided in ktls_start and use * record_type instead of the default SSL3_RT_APPLICATION_DATA. diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/list.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/list.h new file mode 100644 index 00000000..fdd356c4 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/list.h @@ -0,0 +1,169 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_LIST_H +# define OSSL_INTERNAL_LIST_H +# pragma once + +# include +# include + +# ifdef NDEBUG +# define OSSL_LIST_DBG(x) +# else +# define OSSL_LIST_DBG(x) x; +# endif + +/* Define a list structure */ +# define OSSL_LIST(name) OSSL_LIST_ ## name + +/* Define fields to include an element of a list */ +# define OSSL_LIST_MEMBER(name, type) \ + struct { \ + type *next, *prev; \ + OSSL_LIST_DBG(struct ossl_list_st_ ## name *list) \ + } ossl_list_ ## name + +# define DEFINE_LIST_OF(name, type) \ + typedef struct ossl_list_st_ ## name OSSL_LIST(name); \ + struct ossl_list_st_ ## name { \ + type *alpha, *omega; \ + size_t num_elems; \ + }; \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_init(OSSL_LIST(name) *list) \ + { \ + memset(list, 0, sizeof(*list)); \ + } \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_init_elem(type *elem) \ + { \ + memset(&elem->ossl_list_ ## name, 0, \ + sizeof(elem->ossl_list_ ## name)); \ + } \ + static ossl_unused ossl_inline int \ + ossl_list_##name##_is_empty(const OSSL_LIST(name) *list) \ + { \ + return list->num_elems == 0; \ + } \ + static ossl_unused ossl_inline size_t \ + ossl_list_##name##_num(const OSSL_LIST(name) *list) \ + { \ + return list->num_elems; \ + } \ + static ossl_unused ossl_inline type * \ + ossl_list_##name##_head(const OSSL_LIST(name) *list) \ + { \ + assert(list->alpha == NULL \ + || list->alpha->ossl_list_ ## name.list == list); \ + return list->alpha; \ + } \ + static ossl_unused ossl_inline type * \ + ossl_list_##name##_tail(const OSSL_LIST(name) *list) \ + { \ + assert(list->omega == NULL \ + || list->omega->ossl_list_ ## name.list == list); \ + return list->omega; \ + } \ + static ossl_unused ossl_inline type * \ + ossl_list_##name##_next(const type *elem) \ + { \ + assert(elem->ossl_list_ ## name.next == NULL \ + || elem->ossl_list_ ## name.next \ + ->ossl_list_ ## name.prev == elem); \ + return elem->ossl_list_ ## name.next; \ + } \ + static ossl_unused ossl_inline type * \ + ossl_list_##name##_prev(const type *elem) \ + { \ + assert(elem->ossl_list_ ## name.prev == NULL \ + || elem->ossl_list_ ## name.prev \ + ->ossl_list_ ## name.next == elem); \ + return elem->ossl_list_ ## name.prev; \ + } \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_remove(OSSL_LIST(name) *list, type *elem) \ + { \ + assert(elem->ossl_list_ ## name.list == list); \ + OSSL_LIST_DBG(elem->ossl_list_ ## name.list = NULL) \ + if (list->alpha == elem) \ + list->alpha = elem->ossl_list_ ## name.next; \ + if (list->omega == elem) \ + list->omega = elem->ossl_list_ ## name.prev; \ + if (elem->ossl_list_ ## name.prev != NULL) \ + elem->ossl_list_ ## name.prev->ossl_list_ ## name.next = \ + elem->ossl_list_ ## name.next; \ + if (elem->ossl_list_ ## name.next != NULL) \ + elem->ossl_list_ ## name.next->ossl_list_ ## name.prev = \ + elem->ossl_list_ ## name.prev; \ + list->num_elems--; \ + memset(&elem->ossl_list_ ## name, 0, \ + sizeof(elem->ossl_list_ ## name)); \ + } \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_insert_head(OSSL_LIST(name) *list, type *elem) \ + { \ + assert(elem->ossl_list_ ## name.list == NULL); \ + OSSL_LIST_DBG(elem->ossl_list_ ## name.list = list) \ + if (list->alpha != NULL) \ + list->alpha->ossl_list_ ## name.prev = elem; \ + elem->ossl_list_ ## name.next = list->alpha; \ + elem->ossl_list_ ## name.prev = NULL; \ + list->alpha = elem; \ + if (list->omega == NULL) \ + list->omega = elem; \ + list->num_elems++; \ + } \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_insert_tail(OSSL_LIST(name) *list, type *elem) \ + { \ + assert(elem->ossl_list_ ## name.list == NULL); \ + OSSL_LIST_DBG(elem->ossl_list_ ## name.list = list) \ + if (list->omega != NULL) \ + list->omega->ossl_list_ ## name.next = elem; \ + elem->ossl_list_ ## name.prev = list->omega; \ + elem->ossl_list_ ## name.next = NULL; \ + list->omega = elem; \ + if (list->alpha == NULL) \ + list->alpha = elem; \ + list->num_elems++; \ + } \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_insert_before(OSSL_LIST(name) *list, type *e, \ + type *elem) \ + { \ + assert(elem->ossl_list_ ## name.list == NULL); \ + OSSL_LIST_DBG(elem->ossl_list_ ## name.list = list) \ + elem->ossl_list_ ## name.next = e; \ + elem->ossl_list_ ## name.prev = e->ossl_list_ ## name.prev; \ + if (e->ossl_list_ ## name.prev != NULL) \ + e->ossl_list_ ## name.prev->ossl_list_ ## name.next = elem; \ + e->ossl_list_ ## name.prev = elem; \ + if (list->alpha == e) \ + list->alpha = elem; \ + list->num_elems++; \ + } \ + static ossl_unused ossl_inline void \ + ossl_list_##name##_insert_after(OSSL_LIST(name) *list, type *e, \ + type *elem) \ + { \ + assert(elem->ossl_list_ ## name.list == NULL); \ + OSSL_LIST_DBG(elem->ossl_list_ ## name.list = list) \ + elem->ossl_list_ ## name.prev = e; \ + elem->ossl_list_ ## name.next = e->ossl_list_ ## name.next; \ + if (e->ossl_list_ ## name.next != NULL) \ + e->ossl_list_ ## name.next->ossl_list_ ## name.prev = elem; \ + e->ossl_list_ ## name.next = elem; \ + if (list->omega == e) \ + list->omega = elem; \ + list->num_elems++; \ + } \ + struct ossl_list_st_ ## name + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/namemap.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/namemap.h index fd36883f..6c42a9cd 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/namemap.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/namemap.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/numbers.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/numbers.h index 4f4d3306..47fb1677 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/numbers.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/numbers.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -61,6 +61,31 @@ # define UINT64_MAX __MAXUINT__(uint64_t) # endif +/* + * 64-bit processor with LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT_LONG +# ifndef UINT32_C +# define UINT32_C(c) (c) +# endif +# ifndef UINT64_C +# define UINT64_C(c) (c##UL) +# endif +# endif + +/* + * 64-bit processor other than LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT +# ifndef UINT32_C +# define UINT32_C(c) (c##UL) +# endif +# ifndef UINT64_C +# define UINT64_C(c) (c##ULL) +# endif +# endif + + # ifndef INT128_MAX # if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16 typedef __int128_t int128_t; diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/packet.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/packet.h index ed761720..7abc6b8b 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/packet.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/packet.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -691,6 +691,8 @@ struct wpacket_st { */ #define WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH 2 +/* QUIC variable-length integer length prefix */ +#define WPACKET_FLAGS_QUIC_VLINT 4 /* * Initialise a WPACKET with the buffer in |buf|. The buffer must exist diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/packet_quic.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/packet_quic.h new file mode 100644 index 00000000..5173b467 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/packet_quic.h @@ -0,0 +1,150 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_PACKET_QUIC_H +# define OSSL_INTERNAL_PACKET_QUIC_H +# pragma once + +# include "internal/packet.h" +# include "internal/quic_vlint.h" + +# ifndef OPENSSL_NO_QUIC +/* + * Decodes a QUIC variable-length integer in |pkt| and stores the result in + * |data|. + */ +__owur static ossl_inline int PACKET_get_quic_vlint(PACKET *pkt, + uint64_t *data) +{ + size_t enclen; + + if (PACKET_remaining(pkt) < 1) + return 0; + + enclen = ossl_quic_vlint_decode_len(*pkt->curr); + + if (PACKET_remaining(pkt) < enclen) + return 0; + + *data = ossl_quic_vlint_decode_unchecked(pkt->curr); + packet_forward(pkt, enclen); + return 1; +} + +/* + * Decodes a QUIC variable-length integer in |pkt| and stores the result in + * |data|. Unlike PACKET_get_quic_vlint, this does not advance the current + * position. If was_minimal is non-NULL, *was_minimal is set to 1 if the integer + * was encoded using the minimal possible number of bytes and 0 otherwise. + */ +__owur static ossl_inline int PACKET_peek_quic_vlint_ex(PACKET *pkt, + uint64_t *data, + int *was_minimal) +{ + size_t enclen; + + if (PACKET_remaining(pkt) < 1) + return 0; + + enclen = ossl_quic_vlint_decode_len(*pkt->curr); + + if (PACKET_remaining(pkt) < enclen) + return 0; + + *data = ossl_quic_vlint_decode_unchecked(pkt->curr); + + if (was_minimal != NULL) + *was_minimal = (enclen == ossl_quic_vlint_encode_len(*data)); + + return 1; +} + +__owur static ossl_inline int PACKET_peek_quic_vlint(PACKET *pkt, + uint64_t *data) +{ + return PACKET_peek_quic_vlint_ex(pkt, data, NULL); +} + +/* + * Skips over a QUIC variable-length integer in |pkt| without decoding it. + */ +__owur static ossl_inline int PACKET_skip_quic_vlint(PACKET *pkt) +{ + size_t enclen; + + if (PACKET_remaining(pkt) < 1) + return 0; + + enclen = ossl_quic_vlint_decode_len(*pkt->curr); + + if (PACKET_remaining(pkt) < enclen) + return 0; + + packet_forward(pkt, enclen); + return 1; +} + +/* + * Reads a variable-length vector prefixed with a QUIC variable-length integer + * denoting the length, and stores the contents in |subpkt|. |pkt| can equal + * |subpkt|. Data is not copied: the |subpkt| packet will share its underlying + * buffer with the original |pkt|, so data wrapped by |pkt| must outlive the + * |subpkt|. Upon failure, the original |pkt| and |subpkt| are not modified. + */ +__owur static ossl_inline int PACKET_get_quic_length_prefixed(PACKET *pkt, + PACKET *subpkt) +{ + uint64_t length; + const unsigned char *data; + PACKET tmp = *pkt; + + if (!PACKET_get_quic_vlint(&tmp, &length) || + length > SIZE_MAX || + !PACKET_get_bytes(&tmp, &data, (size_t)length)) { + return 0; + } + + *pkt = tmp; + subpkt->curr = data; + subpkt->remaining = (size_t)length; + + return 1; +} + +/* + * Starts a QUIC sub-packet headed by a QUIC variable-length integer. A 4-byte + * representation is used. + */ +__owur int WPACKET_start_quic_sub_packet(WPACKET *pkt); + +/* + * Starts a QUIC sub-packet headed by a QUIC variable-length integer. max_len + * specifies the upper bound for the sub-packet size at the time the sub-packet + * is closed, which determines the encoding size for the variable-length + * integer header. max_len can be a precise figure or a worst-case bound + * if a precise figure is not available. + */ +__owur int WPACKET_start_quic_sub_packet_bound(WPACKET *pkt, size_t max_len); + +/* + * Allocates a QUIC sub-packet with exactly len bytes of payload, headed by a + * QUIC variable-length integer. The pointer to the payload buffer is output and + * must be filled by the caller. This function assures optimal selection of + * variable-length integer encoding length. + */ +__owur int WPACKET_quic_sub_allocate_bytes(WPACKET *pkt, size_t len, + unsigned char **bytes); + +/* + * Write a QUIC variable-length integer to the packet. + */ +__owur int WPACKET_quic_write_vlint(WPACKET *pkt, uint64_t v); + +# endif /* OPENSSL_NO_QUIC */ +#endif /* OSSL_INTERNAL_PACKET_QUIC_H */ diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/param_build_set.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/param_build_set.h index 126211b7..3518f008 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/param_build_set.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/param_build_set.h @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,6 +39,11 @@ int ossl_param_build_set_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, const char *key, const BIGNUM *bn); int ossl_param_build_set_bn_pad(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, const char *key, const BIGNUM *bn, size_t sz); +int ossl_param_build_set_signed_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, + const char *key, const BIGNUM *bn); +int ossl_param_build_set_signed_bn_pad(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, + const char *key, const BIGNUM *bn, + size_t sz); int ossl_param_build_set_multi_key_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, const char *names[], STACK_OF(BIGNUM_const) *stk); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/param_names.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/param_names.h new file mode 100644 index 00000000..e721d071 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/param_names.h @@ -0,0 +1,376 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/internal/param_names.h.in + * + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + +int ossl_param_find_pidx(const char *s); + +/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */ +#define NUM_PIDX 290 + +#define PIDX_ALG_PARAM_CIPHER 0 +#define PIDX_ALG_PARAM_DIGEST 1 +#define PIDX_ALG_PARAM_ENGINE 2 +#define PIDX_ALG_PARAM_MAC 3 +#define PIDX_ALG_PARAM_PROPERTIES 4 +#define PIDX_ASYM_CIPHER_PARAM_DIGEST PIDX_PKEY_PARAM_DIGEST +#define PIDX_ASYM_CIPHER_PARAM_ENGINE PIDX_PKEY_PARAM_ENGINE +#define PIDX_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION 5 +#define PIDX_ASYM_CIPHER_PARAM_MGF1_DIGEST PIDX_PKEY_PARAM_MGF1_DIGEST +#define PIDX_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS PIDX_PKEY_PARAM_MGF1_PROPERTIES +#define PIDX_ASYM_CIPHER_PARAM_OAEP_DIGEST PIDX_ALG_PARAM_DIGEST +#define PIDX_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS 6 +#define PIDX_ASYM_CIPHER_PARAM_OAEP_LABEL 7 +#define PIDX_ASYM_CIPHER_PARAM_PAD_MODE PIDX_PKEY_PARAM_PAD_MODE +#define PIDX_ASYM_CIPHER_PARAM_PROPERTIES PIDX_PKEY_PARAM_PROPERTIES +#define PIDX_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION 8 +#define PIDX_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION 9 +#define PIDX_CAPABILITY_TLS_GROUP_ALG 10 +#define PIDX_CAPABILITY_TLS_GROUP_ID 11 +#define PIDX_CAPABILITY_TLS_GROUP_IS_KEM 12 +#define PIDX_CAPABILITY_TLS_GROUP_MAX_DTLS 13 +#define PIDX_CAPABILITY_TLS_GROUP_MAX_TLS 14 +#define PIDX_CAPABILITY_TLS_GROUP_MIN_DTLS 15 +#define PIDX_CAPABILITY_TLS_GROUP_MIN_TLS 16 +#define PIDX_CAPABILITY_TLS_GROUP_NAME 17 +#define PIDX_CAPABILITY_TLS_GROUP_NAME_INTERNAL 18 +#define PIDX_CAPABILITY_TLS_GROUP_SECURITY_BITS 19 +#define PIDX_CAPABILITY_TLS_SIGALG_CODE_POINT 20 +#define PIDX_CAPABILITY_TLS_SIGALG_HASH_NAME 21 +#define PIDX_CAPABILITY_TLS_SIGALG_HASH_OID 22 +#define PIDX_CAPABILITY_TLS_SIGALG_IANA_NAME 23 +#define PIDX_CAPABILITY_TLS_SIGALG_KEYTYPE 24 +#define PIDX_CAPABILITY_TLS_SIGALG_KEYTYPE_OID 25 +#define PIDX_CAPABILITY_TLS_SIGALG_MAX_TLS 14 +#define PIDX_CAPABILITY_TLS_SIGALG_MIN_TLS 16 +#define PIDX_CAPABILITY_TLS_SIGALG_NAME 26 +#define PIDX_CAPABILITY_TLS_SIGALG_OID 27 +#define PIDX_CAPABILITY_TLS_SIGALG_SECURITY_BITS 28 +#define PIDX_CAPABILITY_TLS_SIGALG_SIG_NAME 29 +#define PIDX_CAPABILITY_TLS_SIGALG_SIG_OID 30 +#define PIDX_CIPHER_PARAM_AEAD 31 +#define PIDX_CIPHER_PARAM_AEAD_IVLEN PIDX_CIPHER_PARAM_IVLEN +#define PIDX_CIPHER_PARAM_AEAD_MAC_KEY 32 +#define PIDX_CIPHER_PARAM_AEAD_TAG 33 +#define PIDX_CIPHER_PARAM_AEAD_TAGLEN 34 +#define PIDX_CIPHER_PARAM_AEAD_TLS1_AAD 35 +#define PIDX_CIPHER_PARAM_AEAD_TLS1_AAD_PAD 36 +#define PIDX_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN 37 +#define PIDX_CIPHER_PARAM_AEAD_TLS1_IV_FIXED 38 +#define PIDX_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV 39 +#define PIDX_CIPHER_PARAM_ALGORITHM_ID_PARAMS 40 +#define PIDX_CIPHER_PARAM_BLOCK_SIZE 41 +#define PIDX_CIPHER_PARAM_CTS 42 +#define PIDX_CIPHER_PARAM_CTS_MODE 43 +#define PIDX_CIPHER_PARAM_CUSTOM_IV 44 +#define PIDX_CIPHER_PARAM_HAS_RAND_KEY 45 +#define PIDX_CIPHER_PARAM_IV 46 +#define PIDX_CIPHER_PARAM_IVLEN 47 +#define PIDX_CIPHER_PARAM_KEYLEN 48 +#define PIDX_CIPHER_PARAM_MODE 49 +#define PIDX_CIPHER_PARAM_NUM 50 +#define PIDX_CIPHER_PARAM_PADDING 51 +#define PIDX_CIPHER_PARAM_RANDOM_KEY 52 +#define PIDX_CIPHER_PARAM_RC2_KEYBITS 53 +#define PIDX_CIPHER_PARAM_ROUNDS 54 +#define PIDX_CIPHER_PARAM_SPEED 55 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK 56 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD 57 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN 58 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC 59 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN 60 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN 61 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE 62 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE 63 +#define PIDX_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT 64 +#define PIDX_CIPHER_PARAM_TLS_MAC 65 +#define PIDX_CIPHER_PARAM_TLS_MAC_SIZE 66 +#define PIDX_CIPHER_PARAM_TLS_VERSION 67 +#define PIDX_CIPHER_PARAM_UPDATED_IV 68 +#define PIDX_CIPHER_PARAM_USE_BITS 69 +#define PIDX_CIPHER_PARAM_XTS_STANDARD 70 +#define PIDX_DECODER_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_DIGEST_PARAM_ALGID_ABSENT 71 +#define PIDX_DIGEST_PARAM_BLOCK_SIZE 41 +#define PIDX_DIGEST_PARAM_MICALG 72 +#define PIDX_DIGEST_PARAM_PAD_TYPE 73 +#define PIDX_DIGEST_PARAM_SIZE 74 +#define PIDX_DIGEST_PARAM_SSL3_MS 75 +#define PIDX_DIGEST_PARAM_XOF 76 +#define PIDX_DIGEST_PARAM_XOFLEN 77 +#define PIDX_DRBG_PARAM_CIPHER PIDX_ALG_PARAM_CIPHER +#define PIDX_DRBG_PARAM_DIGEST PIDX_ALG_PARAM_DIGEST +#define PIDX_DRBG_PARAM_ENTROPY_REQUIRED 78 +#define PIDX_DRBG_PARAM_MAC PIDX_ALG_PARAM_MAC +#define PIDX_DRBG_PARAM_MAX_ADINLEN 79 +#define PIDX_DRBG_PARAM_MAX_ENTROPYLEN 80 +#define PIDX_DRBG_PARAM_MAX_LENGTH 81 +#define PIDX_DRBG_PARAM_MAX_NONCELEN 82 +#define PIDX_DRBG_PARAM_MAX_PERSLEN 83 +#define PIDX_DRBG_PARAM_MIN_ENTROPYLEN 84 +#define PIDX_DRBG_PARAM_MIN_LENGTH 85 +#define PIDX_DRBG_PARAM_MIN_NONCELEN 86 +#define PIDX_DRBG_PARAM_PREDICTION_RESISTANCE 87 +#define PIDX_DRBG_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_DRBG_PARAM_RANDOM_DATA 88 +#define PIDX_DRBG_PARAM_RESEED_COUNTER 89 +#define PIDX_DRBG_PARAM_RESEED_REQUESTS 90 +#define PIDX_DRBG_PARAM_RESEED_TIME 91 +#define PIDX_DRBG_PARAM_RESEED_TIME_INTERVAL 92 +#define PIDX_DRBG_PARAM_SIZE 74 +#define PIDX_DRBG_PARAM_USE_DF 93 +#define PIDX_ENCODER_PARAM_CIPHER PIDX_ALG_PARAM_CIPHER +#define PIDX_ENCODER_PARAM_ENCRYPT_LEVEL 94 +#define PIDX_ENCODER_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_ENCODER_PARAM_SAVE_PARAMETERS 95 +#define PIDX_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE 96 +#define PIDX_EXCHANGE_PARAM_KDF_DIGEST 97 +#define PIDX_EXCHANGE_PARAM_KDF_DIGEST_PROPS 98 +#define PIDX_EXCHANGE_PARAM_KDF_OUTLEN 99 +#define PIDX_EXCHANGE_PARAM_KDF_TYPE 100 +#define PIDX_EXCHANGE_PARAM_KDF_UKM 101 +#define PIDX_EXCHANGE_PARAM_PAD 102 +#define PIDX_GEN_PARAM_ITERATION 103 +#define PIDX_GEN_PARAM_POTENTIAL 104 +#define PIDX_KDF_PARAM_ARGON2_AD 105 +#define PIDX_KDF_PARAM_ARGON2_LANES 106 +#define PIDX_KDF_PARAM_ARGON2_MEMCOST 107 +#define PIDX_KDF_PARAM_ARGON2_VERSION 108 +#define PIDX_KDF_PARAM_CEK_ALG 109 +#define PIDX_KDF_PARAM_CIPHER PIDX_ALG_PARAM_CIPHER +#define PIDX_KDF_PARAM_CONSTANT 110 +#define PIDX_KDF_PARAM_DATA 111 +#define PIDX_KDF_PARAM_DIGEST PIDX_ALG_PARAM_DIGEST +#define PIDX_KDF_PARAM_EARLY_CLEAN 112 +#define PIDX_KDF_PARAM_HMACDRBG_ENTROPY 113 +#define PIDX_KDF_PARAM_HMACDRBG_NONCE 114 +#define PIDX_KDF_PARAM_INFO 115 +#define PIDX_KDF_PARAM_ITER 116 +#define PIDX_KDF_PARAM_KBKDF_R 117 +#define PIDX_KDF_PARAM_KBKDF_USE_L 118 +#define PIDX_KDF_PARAM_KBKDF_USE_SEPARATOR 119 +#define PIDX_KDF_PARAM_KEY 120 +#define PIDX_KDF_PARAM_LABEL 121 +#define PIDX_KDF_PARAM_MAC PIDX_ALG_PARAM_MAC +#define PIDX_KDF_PARAM_MAC_SIZE 122 +#define PIDX_KDF_PARAM_MODE 49 +#define PIDX_KDF_PARAM_PASSWORD 123 +#define PIDX_KDF_PARAM_PKCS12_ID 124 +#define PIDX_KDF_PARAM_PKCS5 125 +#define PIDX_KDF_PARAM_PREFIX 126 +#define PIDX_KDF_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_KDF_PARAM_SALT 127 +#define PIDX_KDF_PARAM_SCRYPT_MAXMEM 128 +#define PIDX_KDF_PARAM_SCRYPT_N 129 +#define PIDX_KDF_PARAM_SCRYPT_P 130 +#define PIDX_KDF_PARAM_SCRYPT_R 117 +#define PIDX_KDF_PARAM_SECRET 131 +#define PIDX_KDF_PARAM_SEED 132 +#define PIDX_KDF_PARAM_SIZE 74 +#define PIDX_KDF_PARAM_SSHKDF_SESSION_ID 133 +#define PIDX_KDF_PARAM_SSHKDF_TYPE 134 +#define PIDX_KDF_PARAM_SSHKDF_XCGHASH 135 +#define PIDX_KDF_PARAM_THREADS 136 +#define PIDX_KDF_PARAM_UKM 137 +#define PIDX_KDF_PARAM_X942_ACVPINFO 138 +#define PIDX_KDF_PARAM_X942_PARTYUINFO 139 +#define PIDX_KDF_PARAM_X942_PARTYVINFO 140 +#define PIDX_KDF_PARAM_X942_SUPP_PRIVINFO 141 +#define PIDX_KDF_PARAM_X942_SUPP_PUBINFO 142 +#define PIDX_KDF_PARAM_X942_USE_KEYBITS 143 +#define PIDX_KEM_PARAM_IKME 144 +#define PIDX_KEM_PARAM_OPERATION 145 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING 146 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA 147 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN 148 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_MODE 49 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_OPTIONS 149 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD 150 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC 151 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_TLSTREE 152 +#define PIDX_LIBSSL_RECORD_LAYER_PARAM_USE_ETM 153 +#define PIDX_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN 154 +#define PIDX_MAC_PARAM_BLOCK_SIZE 155 +#define PIDX_MAC_PARAM_CIPHER PIDX_ALG_PARAM_CIPHER +#define PIDX_MAC_PARAM_CUSTOM 156 +#define PIDX_MAC_PARAM_C_ROUNDS 157 +#define PIDX_MAC_PARAM_DIGEST PIDX_ALG_PARAM_DIGEST +#define PIDX_MAC_PARAM_DIGEST_NOINIT 158 +#define PIDX_MAC_PARAM_DIGEST_ONESHOT 159 +#define PIDX_MAC_PARAM_D_ROUNDS 160 +#define PIDX_MAC_PARAM_IV 46 +#define PIDX_MAC_PARAM_KEY 120 +#define PIDX_MAC_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_MAC_PARAM_SALT 127 +#define PIDX_MAC_PARAM_SIZE 74 +#define PIDX_MAC_PARAM_TLS_DATA_SIZE 161 +#define PIDX_MAC_PARAM_XOF 76 +#define PIDX_OBJECT_PARAM_DATA 111 +#define PIDX_OBJECT_PARAM_DATA_STRUCTURE 162 +#define PIDX_OBJECT_PARAM_DATA_TYPE 163 +#define PIDX_OBJECT_PARAM_DESC 164 +#define PIDX_OBJECT_PARAM_REFERENCE 165 +#define PIDX_OBJECT_PARAM_TYPE 134 +#define PIDX_PASSPHRASE_PARAM_INFO 115 +#define PIDX_PKEY_PARAM_BITS 166 +#define PIDX_PKEY_PARAM_CIPHER PIDX_ALG_PARAM_CIPHER +#define PIDX_PKEY_PARAM_DEFAULT_DIGEST 167 +#define PIDX_PKEY_PARAM_DHKEM_IKM 168 +#define PIDX_PKEY_PARAM_DH_GENERATOR 169 +#define PIDX_PKEY_PARAM_DH_PRIV_LEN 170 +#define PIDX_PKEY_PARAM_DIGEST PIDX_ALG_PARAM_DIGEST +#define PIDX_PKEY_PARAM_DIGEST_SIZE 171 +#define PIDX_PKEY_PARAM_DIST_ID 172 +#define PIDX_PKEY_PARAM_EC_A 173 +#define PIDX_PKEY_PARAM_EC_B 174 +#define PIDX_PKEY_PARAM_EC_CHAR2_M 175 +#define PIDX_PKEY_PARAM_EC_CHAR2_PP_K1 176 +#define PIDX_PKEY_PARAM_EC_CHAR2_PP_K2 177 +#define PIDX_PKEY_PARAM_EC_CHAR2_PP_K3 178 +#define PIDX_PKEY_PARAM_EC_CHAR2_TP_BASIS 179 +#define PIDX_PKEY_PARAM_EC_CHAR2_TYPE 180 +#define PIDX_PKEY_PARAM_EC_COFACTOR 181 +#define PIDX_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS 182 +#define PIDX_PKEY_PARAM_EC_ENCODING 183 +#define PIDX_PKEY_PARAM_EC_FIELD_TYPE 184 +#define PIDX_PKEY_PARAM_EC_GENERATOR 185 +#define PIDX_PKEY_PARAM_EC_GROUP_CHECK_TYPE 186 +#define PIDX_PKEY_PARAM_EC_INCLUDE_PUBLIC 187 +#define PIDX_PKEY_PARAM_EC_ORDER 188 +#define PIDX_PKEY_PARAM_EC_P 130 +#define PIDX_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT 189 +#define PIDX_PKEY_PARAM_EC_PUB_X 190 +#define PIDX_PKEY_PARAM_EC_PUB_Y 191 +#define PIDX_PKEY_PARAM_EC_SEED 132 +#define PIDX_PKEY_PARAM_ENCODED_PUBLIC_KEY 192 +#define PIDX_PKEY_PARAM_ENGINE PIDX_ALG_PARAM_ENGINE +#define PIDX_PKEY_PARAM_FFC_COFACTOR 193 +#define PIDX_PKEY_PARAM_FFC_DIGEST PIDX_PKEY_PARAM_DIGEST +#define PIDX_PKEY_PARAM_FFC_DIGEST_PROPS PIDX_PKEY_PARAM_PROPERTIES +#define PIDX_PKEY_PARAM_FFC_G 194 +#define PIDX_PKEY_PARAM_FFC_GINDEX 195 +#define PIDX_PKEY_PARAM_FFC_H 196 +#define PIDX_PKEY_PARAM_FFC_P 130 +#define PIDX_PKEY_PARAM_FFC_PBITS 197 +#define PIDX_PKEY_PARAM_FFC_PCOUNTER 198 +#define PIDX_PKEY_PARAM_FFC_Q 199 +#define PIDX_PKEY_PARAM_FFC_QBITS 200 +#define PIDX_PKEY_PARAM_FFC_SEED 132 +#define PIDX_PKEY_PARAM_FFC_TYPE 134 +#define PIDX_PKEY_PARAM_FFC_VALIDATE_G 201 +#define PIDX_PKEY_PARAM_FFC_VALIDATE_LEGACY 202 +#define PIDX_PKEY_PARAM_FFC_VALIDATE_PQ 203 +#define PIDX_PKEY_PARAM_GROUP_NAME 204 +#define PIDX_PKEY_PARAM_IMPLICIT_REJECTION 5 +#define PIDX_PKEY_PARAM_MANDATORY_DIGEST 205 +#define PIDX_PKEY_PARAM_MASKGENFUNC 206 +#define PIDX_PKEY_PARAM_MAX_SIZE 207 +#define PIDX_PKEY_PARAM_MGF1_DIGEST 208 +#define PIDX_PKEY_PARAM_MGF1_PROPERTIES 209 +#define PIDX_PKEY_PARAM_PAD_MODE 210 +#define PIDX_PKEY_PARAM_PRIV_KEY 211 +#define PIDX_PKEY_PARAM_PROPERTIES PIDX_ALG_PARAM_PROPERTIES +#define PIDX_PKEY_PARAM_PUB_KEY 212 +#define PIDX_PKEY_PARAM_RSA_BITS PIDX_PKEY_PARAM_BITS +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT 213 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT1 214 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT2 215 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT3 216 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT4 217 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT5 218 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT6 219 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT7 220 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT8 221 +#define PIDX_PKEY_PARAM_RSA_COEFFICIENT9 222 +#define PIDX_PKEY_PARAM_RSA_D 223 +#define PIDX_PKEY_PARAM_RSA_DIGEST PIDX_PKEY_PARAM_DIGEST +#define PIDX_PKEY_PARAM_RSA_DIGEST_PROPS PIDX_PKEY_PARAM_PROPERTIES +#define PIDX_PKEY_PARAM_RSA_E 224 +#define PIDX_PKEY_PARAM_RSA_EXPONENT 225 +#define PIDX_PKEY_PARAM_RSA_EXPONENT1 226 +#define PIDX_PKEY_PARAM_RSA_EXPONENT10 227 +#define PIDX_PKEY_PARAM_RSA_EXPONENT2 228 +#define PIDX_PKEY_PARAM_RSA_EXPONENT3 229 +#define PIDX_PKEY_PARAM_RSA_EXPONENT4 230 +#define PIDX_PKEY_PARAM_RSA_EXPONENT5 231 +#define PIDX_PKEY_PARAM_RSA_EXPONENT6 232 +#define PIDX_PKEY_PARAM_RSA_EXPONENT7 233 +#define PIDX_PKEY_PARAM_RSA_EXPONENT8 234 +#define PIDX_PKEY_PARAM_RSA_EXPONENT9 235 +#define PIDX_PKEY_PARAM_RSA_FACTOR 236 +#define PIDX_PKEY_PARAM_RSA_FACTOR1 237 +#define PIDX_PKEY_PARAM_RSA_FACTOR10 238 +#define PIDX_PKEY_PARAM_RSA_FACTOR2 239 +#define PIDX_PKEY_PARAM_RSA_FACTOR3 240 +#define PIDX_PKEY_PARAM_RSA_FACTOR4 241 +#define PIDX_PKEY_PARAM_RSA_FACTOR5 242 +#define PIDX_PKEY_PARAM_RSA_FACTOR6 243 +#define PIDX_PKEY_PARAM_RSA_FACTOR7 244 +#define PIDX_PKEY_PARAM_RSA_FACTOR8 245 +#define PIDX_PKEY_PARAM_RSA_FACTOR9 246 +#define PIDX_PKEY_PARAM_RSA_MASKGENFUNC PIDX_PKEY_PARAM_MASKGENFUNC +#define PIDX_PKEY_PARAM_RSA_MGF1_DIGEST PIDX_PKEY_PARAM_MGF1_DIGEST +#define PIDX_PKEY_PARAM_RSA_N 129 +#define PIDX_PKEY_PARAM_RSA_PRIMES 247 +#define PIDX_PKEY_PARAM_RSA_PSS_SALTLEN 248 +#define PIDX_PKEY_PARAM_RSA_TEST_P1 249 +#define PIDX_PKEY_PARAM_RSA_TEST_P2 250 +#define PIDX_PKEY_PARAM_RSA_TEST_Q1 251 +#define PIDX_PKEY_PARAM_RSA_TEST_Q2 252 +#define PIDX_PKEY_PARAM_RSA_TEST_XP 253 +#define PIDX_PKEY_PARAM_RSA_TEST_XP1 254 +#define PIDX_PKEY_PARAM_RSA_TEST_XP2 255 +#define PIDX_PKEY_PARAM_RSA_TEST_XQ 256 +#define PIDX_PKEY_PARAM_RSA_TEST_XQ1 257 +#define PIDX_PKEY_PARAM_RSA_TEST_XQ2 258 +#define PIDX_PKEY_PARAM_SECURITY_BITS 259 +#define PIDX_PKEY_PARAM_USE_COFACTOR_ECDH PIDX_PKEY_PARAM_USE_COFACTOR_FLAG +#define PIDX_PKEY_PARAM_USE_COFACTOR_FLAG 260 +#define PIDX_PROV_PARAM_BUILDINFO 261 +#define PIDX_PROV_PARAM_CORE_MODULE_FILENAME 262 +#define PIDX_PROV_PARAM_CORE_PROV_NAME 263 +#define PIDX_PROV_PARAM_CORE_VERSION 264 +#define PIDX_PROV_PARAM_DRBG_TRUNC_DIGEST 265 +#define PIDX_PROV_PARAM_NAME 266 +#define PIDX_PROV_PARAM_SECURITY_CHECKS 267 +#define PIDX_PROV_PARAM_SELF_TEST_DESC 268 +#define PIDX_PROV_PARAM_SELF_TEST_PHASE 269 +#define PIDX_PROV_PARAM_SELF_TEST_TYPE 270 +#define PIDX_PROV_PARAM_STATUS 271 +#define PIDX_PROV_PARAM_TLS1_PRF_EMS_CHECK 272 +#define PIDX_PROV_PARAM_VERSION 108 +#define PIDX_RAND_PARAM_GENERATE 273 +#define PIDX_RAND_PARAM_MAX_REQUEST 274 +#define PIDX_RAND_PARAM_STATE 275 +#define PIDX_RAND_PARAM_STRENGTH 276 +#define PIDX_RAND_PARAM_TEST_ENTROPY 277 +#define PIDX_RAND_PARAM_TEST_NONCE 278 +#define PIDX_SIGNATURE_PARAM_ALGORITHM_ID 279 +#define PIDX_SIGNATURE_PARAM_CONTEXT_STRING 280 +#define PIDX_SIGNATURE_PARAM_DIGEST PIDX_PKEY_PARAM_DIGEST +#define PIDX_SIGNATURE_PARAM_DIGEST_SIZE PIDX_PKEY_PARAM_DIGEST_SIZE +#define PIDX_SIGNATURE_PARAM_INSTANCE 281 +#define PIDX_SIGNATURE_PARAM_KAT 282 +#define PIDX_SIGNATURE_PARAM_MGF1_DIGEST PIDX_PKEY_PARAM_MGF1_DIGEST +#define PIDX_SIGNATURE_PARAM_MGF1_PROPERTIES PIDX_PKEY_PARAM_MGF1_PROPERTIES +#define PIDX_SIGNATURE_PARAM_NONCE_TYPE 283 +#define PIDX_SIGNATURE_PARAM_PAD_MODE PIDX_PKEY_PARAM_PAD_MODE +#define PIDX_SIGNATURE_PARAM_PROPERTIES PIDX_PKEY_PARAM_PROPERTIES +#define PIDX_SIGNATURE_PARAM_PSS_SALTLEN 248 +#define PIDX_STORE_PARAM_ALIAS 284 +#define PIDX_STORE_PARAM_DIGEST 1 +#define PIDX_STORE_PARAM_EXPECT 285 +#define PIDX_STORE_PARAM_FINGERPRINT 286 +#define PIDX_STORE_PARAM_INPUT_TYPE 287 +#define PIDX_STORE_PARAM_ISSUER 266 +#define PIDX_STORE_PARAM_PROPERTIES 4 +#define PIDX_STORE_PARAM_SERIAL 288 +#define PIDX_STORE_PARAM_SUBJECT 289 diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/param_names.h.in b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/param_names.h.in new file mode 100644 index 00000000..f34db219 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/param_names.h.in @@ -0,0 +1,18 @@ +/* + * {- join("\n * ", @autowarntext) -} + * + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +{- +use OpenSSL::paramnames qw(generate_internal_macros); +-} + +int ossl_param_find_pidx(const char *s); + +/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */ +{- generate_internal_macros(); -} diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/params.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/params.h new file mode 100644 index 00000000..3fbd0cf9 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/params.h @@ -0,0 +1,38 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +/* + * Extract the parameter into an allocated buffer. + * Any existing allocation in *out is cleared and freed. + * + * Returns 1 on success, 0 on failure and -1 if there are no matching params. + * + * *out and *out_len are guaranteed to be untouched if this function + * doesn't return success. + */ +int ossl_param_get1_octet_string(const OSSL_PARAM *params, const char *name, + unsigned char **out, size_t *out_len); +/* + * Concatenate all of the matching params together. + * *out will point to an allocated buffer on successful return. + * Any existing allocation in *out is cleared and freed. + * + * Passing 0 for maxsize means unlimited size output. + * + * Returns 1 on success, 0 on failure and -1 if there are no matching params. + * + * *out and *out_len are guaranteed to be untouched if this function + * doesn't return success. + */ +int ossl_param_get1_concat_octet_string(const OSSL_PARAM *params, const char *name, + unsigned char **out, size_t *out_len, + size_t maxsize); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/priority_queue.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/priority_queue.h new file mode 100644 index 00000000..5be03bf1 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/priority_queue.h @@ -0,0 +1,88 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_PRIORITY_QUEUE_H +# define OSSL_INTERNAL_PRIORITY_QUEUE_H +# pragma once + +# include +# include + +# define PRIORITY_QUEUE_OF(type) OSSL_PRIORITY_QUEUE_ ## type + +# define DEFINE_PRIORITY_QUEUE_OF_INTERNAL(type, ctype) \ + typedef struct ossl_priority_queue_st_ ## type PRIORITY_QUEUE_OF(type); \ + static ossl_unused ossl_inline PRIORITY_QUEUE_OF(type) * \ + ossl_pqueue_##type##_new(int (*compare)(const ctype *, const ctype *)) \ + { \ + return (PRIORITY_QUEUE_OF(type) *)ossl_pqueue_new( \ + (int (*)(const void *, const void *))compare); \ + } \ + static ossl_unused ossl_inline void \ + ossl_pqueue_##type##_free(PRIORITY_QUEUE_OF(type) *pq) \ + { \ + ossl_pqueue_free((OSSL_PQUEUE *)pq); \ + } \ + static ossl_unused ossl_inline void \ + ossl_pqueue_##type##_pop_free(PRIORITY_QUEUE_OF(type) *pq, \ + void (*freefunc)(ctype *)) \ + { \ + ossl_pqueue_pop_free((OSSL_PQUEUE *)pq, (void (*)(void *))freefunc);\ + } \ + static ossl_unused ossl_inline int \ + ossl_pqueue_##type##_reserve(PRIORITY_QUEUE_OF(type) *pq, size_t n) \ + { \ + return ossl_pqueue_reserve((OSSL_PQUEUE *)pq, n); \ + } \ + static ossl_unused ossl_inline size_t \ + ossl_pqueue_##type##_num(const PRIORITY_QUEUE_OF(type) *pq) \ + { \ + return ossl_pqueue_num((OSSL_PQUEUE *)pq); \ + } \ + static ossl_unused ossl_inline int \ + ossl_pqueue_##type##_push(PRIORITY_QUEUE_OF(type) *pq, \ + ctype *data, size_t *elem) \ + { \ + return ossl_pqueue_push((OSSL_PQUEUE *)pq, (void *)data, elem); \ + } \ + static ossl_unused ossl_inline ctype * \ + ossl_pqueue_##type##_peek(const PRIORITY_QUEUE_OF(type) *pq) \ + { \ + return (type *)ossl_pqueue_peek((OSSL_PQUEUE *)pq); \ + } \ + static ossl_unused ossl_inline ctype * \ + ossl_pqueue_##type##_pop(PRIORITY_QUEUE_OF(type) *pq) \ + { \ + return (type *)ossl_pqueue_pop((OSSL_PQUEUE *)pq); \ + } \ + static ossl_unused ossl_inline ctype * \ + ossl_pqueue_##type##_remove(PRIORITY_QUEUE_OF(type) *pq, \ + size_t elem) \ + { \ + return (type *)ossl_pqueue_remove((OSSL_PQUEUE *)pq, elem); \ + } \ + struct ossl_priority_queue_st_ ## type + +# define DEFINE_PRIORITY_QUEUE_OF(type) \ + DEFINE_PRIORITY_QUEUE_OF_INTERNAL(type, type) + +typedef struct ossl_pqueue_st OSSL_PQUEUE; + +OSSL_PQUEUE *ossl_pqueue_new(int (*compare)(const void *, const void *)); +void ossl_pqueue_free(OSSL_PQUEUE *pq); +void ossl_pqueue_pop_free(OSSL_PQUEUE *pq, void (*freefunc)(void *)); +int ossl_pqueue_reserve(OSSL_PQUEUE *pq, size_t n); + +size_t ossl_pqueue_num(const OSSL_PQUEUE *pq); +int ossl_pqueue_push(OSSL_PQUEUE *pq, void *data, size_t *elem); +void *ossl_pqueue_peek(const OSSL_PQUEUE *pq); +void *ossl_pqueue_pop(OSSL_PQUEUE *pq); +void *ossl_pqueue_remove(OSSL_PQUEUE *pq, size_t elem); + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/property.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/property.h index d09274d0..3adff499 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/property.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/property.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/provider.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/provider.h index 18937f84..ab41d643 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/provider.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/provider.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,7 +32,7 @@ OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name, int noconfig); OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name, OSSL_provider_init_fn *init_function, - int noconfig); + OSSL_PARAM *params, int noconfig); int ossl_provider_up_ref(OSSL_PROVIDER *prov); void ossl_provider_free(OSSL_PROVIDER *prov); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_ackm.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_ackm.h new file mode 100644 index 00000000..03fc6088 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_ackm.h @@ -0,0 +1,297 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef OSSL_QUIC_ACKM_H +# define OSSL_QUIC_ACKM_H + +# include "internal/quic_statm.h" +# include "internal/quic_cc.h" +# include "internal/quic_types.h" +# include "internal/quic_wire.h" +# include "internal/time.h" +# include "internal/list.h" + +# ifndef OPENSSL_NO_QUIC + +typedef struct ossl_ackm_st OSSL_ACKM; + +OSSL_ACKM *ossl_ackm_new(OSSL_TIME (*now)(void *arg), + void *now_arg, + OSSL_STATM *statm, + const OSSL_CC_METHOD *cc_method, + OSSL_CC_DATA *cc_data); +void ossl_ackm_free(OSSL_ACKM *ackm); + +void ossl_ackm_set_loss_detection_deadline_callback(OSSL_ACKM *ackm, + void (*fn)(OSSL_TIME deadline, + void *arg), + void *arg); + +void ossl_ackm_set_ack_deadline_callback(OSSL_ACKM *ackm, + void (*fn)(OSSL_TIME deadline, + int pkt_space, + void *arg), + void *arg); + +/* + * Configures the RX-side maximum ACK delay. This is the maximum amount of time + * the peer is allowed to delay sending an ACK frame after receiving an + * ACK-eliciting packet. The peer communicates this value via a transport + * parameter and it must be provided to the ACKM. + */ +void ossl_ackm_set_rx_max_ack_delay(OSSL_ACKM *ackm, OSSL_TIME rx_max_ack_delay); + +/* + * Configures the TX-side maximum ACK delay. This is the maximum amount of time + * we are allowed to delay sending an ACK frame after receiving an ACK-eliciting + * packet. Note that this cannot be changed after a connection is established as + * it must be accurately reported in the transport parameters we send to our + * peer. + */ +void ossl_ackm_set_tx_max_ack_delay(OSSL_ACKM *ackm, OSSL_TIME tx_max_ack_delay); + +typedef struct ossl_ackm_tx_pkt_st OSSL_ACKM_TX_PKT; +struct ossl_ackm_tx_pkt_st { + /* The packet number of the transmitted packet. */ + QUIC_PN pkt_num; + + /* The number of bytes in the packet which was sent. */ + size_t num_bytes; + + /* The time at which the packet was sent. */ + OSSL_TIME time; + + /* + * If the packet being described by this structure contains an ACK frame, + * this must be set to the largest PN ACK'd by that frame. + * + * Otherwise, it should be set to QUIC_PN_INVALID. + * + * This is necessary to bound the number of PNs we have to keep track of on + * the RX side (RFC 9000 s. 13.2.4). It allows older PN tracking information + * on the RX side to be discarded. + */ + QUIC_PN largest_acked; + + /* + * One of the QUIC_PN_SPACE_* values. This qualifies the pkt_num field + * into a packet number space. + */ + unsigned int pkt_space :2; + + /* + * 1 if the packet is in flight. A packet is considered 'in flight' if it is + * counted for purposes of congestion control and 'bytes in flight' counts. + * Most packets are considered in flight. The only circumstance where a + * numbered packet is not considered in flight is if it contains only ACK + * frames (not even PADDING frames), as these frames can bypass CC. + */ + unsigned int is_inflight :1; + + /* + * 1 if the packet has one or more ACK-eliciting frames. + * Note that if this is set, is_inflight must be set. + */ + unsigned int is_ack_eliciting :1; + + /* 1 if the packet is a PTO probe. */ + unsigned int is_pto_probe :1; + + /* 1 if the packet is an MTU probe. */ + unsigned int is_mtu_probe :1; + + /* Callback called if frames in this packet are lost. arg is cb_arg. */ + void (*on_lost)(void *arg); + /* Callback called if frames in this packet are acked. arg is cb_arg. */ + void (*on_acked)(void *arg); + /* + * Callback called if frames in this packet are neither acked nor lost. arg + * is cb_arg. + */ + void (*on_discarded)(void *arg); + void *cb_arg; + + /* + * (Internal use fields; must be zero-initialized.) + * + * Keep a TX history list, anext is used to manifest + * a singly-linked list of newly-acknowledged packets, and lnext is used to + * manifest a singly-linked list of newly lost packets. + */ + OSSL_LIST_MEMBER(tx_history, OSSL_ACKM_TX_PKT); + + struct ossl_ackm_tx_pkt_st *anext; + struct ossl_ackm_tx_pkt_st *lnext; +}; + +int ossl_ackm_on_tx_packet(OSSL_ACKM *ackm, OSSL_ACKM_TX_PKT *pkt); +int ossl_ackm_on_rx_datagram(OSSL_ACKM *ackm, size_t num_bytes); + +# define OSSL_ACKM_ECN_NONE 0 +# define OSSL_ACKM_ECN_ECT1 1 +# define OSSL_ACKM_ECN_ECT0 2 +# define OSSL_ACKM_ECN_ECNCE 3 + +typedef struct ossl_ackm_rx_pkt_st { + /* The packet number of the received packet. */ + QUIC_PN pkt_num; + + /* The time at which the packet was received. */ + OSSL_TIME time; + + /* + * One of the QUIC_PN_SPACE_* values. This qualifies the pkt_num field + * into a packet number space. + */ + unsigned int pkt_space :2; + + /* 1 if the packet has one or more ACK-eliciting frames. */ + unsigned int is_ack_eliciting :1; + + /* + * One of the OSSL_ACKM_ECN_* values. This is the ECN labelling applied to + * the received packet. If unknown, use OSSL_ACKM_ECN_NONE. + */ + unsigned int ecn :2; +} OSSL_ACKM_RX_PKT; + +int ossl_ackm_on_rx_packet(OSSL_ACKM *ackm, const OSSL_ACKM_RX_PKT *pkt); + +int ossl_ackm_on_rx_ack_frame(OSSL_ACKM *ackm, const OSSL_QUIC_FRAME_ACK *ack, + int pkt_space, OSSL_TIME rx_time); + +/* + * Discards a PN space. This must be called for a PN space before freeing the + * ACKM if you want in-flight packets to have their discarded callbacks called. + * This should never be called in ordinary QUIC usage for the Application Data + * PN space, but it may be called for the Application Data PN space prior to + * freeing the ACKM to simplify teardown implementations. + */ +int ossl_ackm_on_pkt_space_discarded(OSSL_ACKM *ackm, int pkt_space); + +int ossl_ackm_on_handshake_confirmed(OSSL_ACKM *ackm); +int ossl_ackm_on_timeout(OSSL_ACKM *ackm); + +OSSL_TIME ossl_ackm_get_loss_detection_deadline(OSSL_ACKM *ackm); + +/* + * Generates an ACK frame, regardless of whether the ACK manager thinks + * one should currently be sent. + * + * This clears the flag returned by ossl_ackm_is_ack_desired and the deadline + * returned by ossl_ackm_get_ack_deadline. + */ +const OSSL_QUIC_FRAME_ACK *ossl_ackm_get_ack_frame(OSSL_ACKM *ackm, + int pkt_space); + +/* + * Returns the deadline after which an ACK frame should be generated by calling + * ossl_ackm_get_ack_frame, or OSSL_TIME_INFINITY if no deadline is currently + * applicable. If the deadline has already passed, this function may return that + * deadline, or may return OSSL_TIME_ZERO. + */ +OSSL_TIME ossl_ackm_get_ack_deadline(OSSL_ACKM *ackm, int pkt_space); + +/* + * Returns 1 if the ACK manager thinks an ACK frame ought to be generated and + * sent at this time. ossl_ackm_get_ack_frame will always provide an ACK frame + * whether or not this returns 1, so it is suggested that you call this function + * first to determine whether you need to generate an ACK frame. + * + * The return value of this function can change based on calls to + * ossl_ackm_on_rx_packet and based on the passage of time (see + * ossl_ackm_get_ack_deadline). + */ +int ossl_ackm_is_ack_desired(OSSL_ACKM *ackm, int pkt_space); + +/* + * Returns 1 if the given RX PN is 'processable'. A processable PN is one that + * is not either + * + * - duplicate, meaning that we have already been passed such a PN in a call + * to ossl_ackm_on_rx_packet; or + * + * - written off, meaning that the PN is so old we have stopped tracking state + * for it (meaning that we cannot tell whether it is a duplicate and cannot + * process it safely). + * + * This should be called for a packet before attempting to process its contents. + * Failure to do so may result in processing a duplicated packet in violation of + * the RFC. + * + * The return value of this function transitions from 1 to 0 for a given PN once + * that PN is passed to ossl_ackm_on_rx_packet, thus this function must be used + * before calling ossl_ackm_on_rx_packet. + */ +int ossl_ackm_is_rx_pn_processable(OSSL_ACKM *ackm, QUIC_PN pn, int pkt_space); + +typedef struct ossl_ackm_probe_info_st { + /* + * The following two probe request types are used only for anti-deadlock + * purposes in relation to the anti-amplification logic, by generating + * packets to buy ourselves more anti-amplification credit with the server + * until a client address is verified. Note that like all Initial packets, + * any Initial probes are padded. + * + * Note: The ACKM will only ever increase these by one at a time, + * as only one probe packet should be generated for these cases. + */ + uint32_t anti_deadlock_initial, anti_deadlock_handshake; + + /* + * Send an ACK-eliciting packet for each count here. + * + * Note: The ACKM may increase this by either one or two for each probe + * request, depending on how many probe packets it thinks should be + * generated. + */ + uint32_t pto[QUIC_PN_SPACE_NUM]; +} OSSL_ACKM_PROBE_INFO; + +/* + * Returns a pointer to a structure counting any pending probe requests which + * have been generated by the ACKM. The fields in the structure are incremented + * by one every time the ACKM wants another probe of the given type to be sent. + * If the ACKM thinks two packets should be generated for a probe, it will + * increment the field twice. + * + * It is permissible for the caller to decrement or zero these fields to keep + * track of when it has generated a probe as asked. The returned structure + * has the same lifetime as the ACKM. + * + * This function should be called after calling e.g. ossl_ackm_on_timeout + * to determine if any probe requests have been generated. + */ +OSSL_ACKM_PROBE_INFO *ossl_ackm_get0_probe_request(OSSL_ACKM *ackm); + +int ossl_ackm_get_largest_unacked(OSSL_ACKM *ackm, int pkt_space, QUIC_PN *pn); + +/* + * Forces the ACKM to consider a packet with the given PN in the given PN space + * as having been pseudo-lost. The main reason to use this is during a Retry, to + * force any resources sent in the first Initial packet to be resent. + * + * The lost callback is called for the packet, but the packet is NOT considered + * lost for congestion control purposes. Thus this is not exactly the same as a + * true loss situation. + */ +int ossl_ackm_mark_packet_pseudo_lost(OSSL_ACKM *ackm, + int pkt_space, QUIC_PN pn); + +/* + * Returns the PTO duration as currently calculated. This is a quantity of time. + * This duration is used in various parts of QUIC besides the ACKM. + */ +OSSL_TIME ossl_ackm_get_pto_duration(OSSL_ACKM *ackm); + +/* Returns the largest acked PN in the given PN space. */ +QUIC_PN ossl_ackm_get_largest_acked(OSSL_ACKM *ackm, int pkt_space); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_cc.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_cc.h new file mode 100644 index 00000000..60c710b0 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_cc.h @@ -0,0 +1,219 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef OSSL_QUIC_CC_H +# define OSSL_QUIC_CC_H + +#include "openssl/params.h" +#include "internal/time.h" + +# ifndef OPENSSL_NO_QUIC + +typedef struct ossl_cc_data_st OSSL_CC_DATA; + +typedef struct ossl_cc_ack_info_st { + /* The time the packet being acknowledged was originally sent. */ + OSSL_TIME tx_time; + + /* The size in bytes of the packet being acknowledged. */ + size_t tx_size; +} OSSL_CC_ACK_INFO; + +typedef struct ossl_cc_loss_info_st { + /* The time the packet being lost was originally sent. */ + OSSL_TIME tx_time; + + /* The size in bytes of the packet which has been determined lost. */ + size_t tx_size; +} OSSL_CC_LOSS_INFO; + +typedef struct ossl_cc_ecn_info_st { + /* + * The time at which the largest acked PN (in the incoming ACK frame) was + * sent. + */ + OSSL_TIME largest_acked_time; +} OSSL_CC_ECN_INFO; + +/* Parameter (read-write): Maximum datagram payload length in bytes. */ +#define OSSL_CC_OPTION_MAX_DGRAM_PAYLOAD_LEN "max_dgram_payload_len" + +/* Diagnostic (read-only): current congestion window size in bytes. */ +#define OSSL_CC_OPTION_CUR_CWND_SIZE "cur_cwnd_size" + +/* Diagnostic (read-only): minimum congestion window size in bytes. */ +#define OSSL_CC_OPTION_MIN_CWND_SIZE "min_cwnd_size" + +/* Diagnostic (read-only): current net bytes in flight. */ +#define OSSL_CC_OPTION_CUR_BYTES_IN_FLIGHT "bytes_in_flight" + +/* Diagnostic (read-only): method-specific state value. */ +#define OSSL_CC_OPTION_CUR_STATE "cur_state" + +/* + * Congestion control abstract interface. + * + * This interface is broadly based on the design described in RFC 9002. However, + * the demarcation between the ACKM and the congestion controller does not + * exactly match that delineated in the RFC 9002 pseudocode. Where aspects of + * the demarcation involve the congestion controller accessing internal state of + * the ACKM, the interface has been revised where possible to provide the + * information needed by the congestion controller and avoid needing to give the + * congestion controller access to the ACKM's internal data structures. + * + * Particular changes include: + * + * - In our implementation, it is the responsibility of the ACKM to determine + * if a loss event constitutes persistent congestion. + * + * - In our implementation, it is the responsibility of the ACKM to determine + * if the ECN-CE counter has increased. The congestion controller is simply + * informed when an ECN-CE event occurs. + * + * All of these changes are intended to avoid having a congestion controller + * have to access ACKM internal state. + */ +#define OSSL_CC_LOST_FLAG_PERSISTENT_CONGESTION (1U << 0) + +typedef struct ossl_cc_method_st { + /* + * Instantiation. + */ + OSSL_CC_DATA *(*new)(OSSL_TIME (*now_cb)(void *arg), + void *now_cb_arg); + + void (*free)(OSSL_CC_DATA *ccdata); + + /* + * Reset of state. + */ + void (*reset)(OSSL_CC_DATA *ccdata); + + /* + * Escape hatch for option configuration. + * + * params is an array of OSSL_PARAM structures. + * + * Returns 1 on success and 0 on failure. + */ + int (*set_input_params)(OSSL_CC_DATA *ccdata, + const OSSL_PARAM *params); + + /* + * (Re)bind output (diagnostic) information. + * + * params is an array of OSSL_PARAM structures used to output values. The + * storage locations associated with each parameter are stored internally + * and updated whenever the state of the congestion controller is updated; + * thus, the storage locations associated with the OSSL_PARAMs passed in the + * call to this function must remain valid until the congestion controller + * is freed or those parameters are unbound. A given parameter name may be + * bound to only one location at a time. The params structures themselves + * do not need to remain allocated after this call returns. + * + * Returns 1 on success and 0 on failure. + */ + int (*bind_diagnostics)(OSSL_CC_DATA *ccdata, + OSSL_PARAM *params); + + /* + * Unbind diagnostic information. The parameters with the given names are + * unbound, cancelling the effects of a previous call to bind_diagnostic(). + * params is an array of OSSL_PARAMs. The values of the parameters are + * ignored. If a parameter is already unbound, there is no effect for that + * parameter but other parameters are still unbound. + * + * Returns 1 on success or 0 on failure. + */ + int (*unbind_diagnostics)(OSSL_CC_DATA *ccdata, + OSSL_PARAM *params); + + /* + * Returns the amount of additional data (above and beyond the data + * currently in flight) which can be sent in bytes. Returns 0 if no more + * data can be sent at this time. The return value of this method + * can vary as time passes. + */ + uint64_t (*get_tx_allowance)(OSSL_CC_DATA *ccdata); + + /* + * Returns the time at which the return value of get_tx_allowance might be + * higher than its current value. This is not a guarantee and spurious + * wakeups are allowed. Returns ossl_time_infinite() if there is no current + * wakeup deadline. + */ + OSSL_TIME (*get_wakeup_deadline)(OSSL_CC_DATA *ccdata); + + /* + * The On Data Sent event. num_bytes should be the size of the packet in + * bytes (or the aggregate size of multiple packets which have just been + * sent). + */ + int (*on_data_sent)(OSSL_CC_DATA *ccdata, + uint64_t num_bytes); + + /* + * The On Data Acked event. See OSSL_CC_ACK_INFO structure for details + * of the information to be passed. + */ + int (*on_data_acked)(OSSL_CC_DATA *ccdata, + const OSSL_CC_ACK_INFO *info); + + /* + * The On Data Lost event. See OSSL_CC_LOSS_INFO structure for details + * of the information to be passed. + * + * Note: When the ACKM determines that a set of multiple packets has been + * lost, it is useful for a congestion control algorithm to be able to + * process this as a single loss event rather than multiple loss events. + * Thus, calling this function may cause the congestion controller to defer + * state updates under the assumption that subsequent calls to + * on_data_lost() representing further lost packets in the same loss event + * may be forthcoming. Always call on_data_lost_finished() after one or more + * calls to on_data_lost(). + */ + int (*on_data_lost)(OSSL_CC_DATA *ccdata, + const OSSL_CC_LOSS_INFO *info); + + /* + * To be called after a sequence of one or more on_data_lost() calls + * representing multiple packets in a single loss detection incident. + * + * Flags may be 0 or OSSL_CC_LOST_FLAG_PERSISTENT_CONGESTION. + */ + int (*on_data_lost_finished)(OSSL_CC_DATA *ccdata, uint32_t flags); + + /* + * For use when a PN space is invalidated or a packet must otherwise be + * 'undone' for congestion control purposes without acting as a loss signal. + * Only the size of the packet is needed. + */ + int (*on_data_invalidated)(OSSL_CC_DATA *ccdata, + uint64_t num_bytes); + + /* + * Called from the ACKM when detecting an increased ECN-CE value in an ACK + * frame. This indicates congestion. + * + * Note that this differs from the RFC's conceptual segregation of the loss + * detection and congestion controller functions, as in our implementation + * the ACKM is responsible for detecting increases to ECN-CE and simply + * tells the congestion controller when ECN-triggered congestion has + * occurred. This allows a slightly more efficient implementation and + * narrower interface between the ACKM and CC. + */ + int (*on_ecn)(OSSL_CC_DATA *ccdata, + const OSSL_CC_ECN_INFO *info); +} OSSL_CC_METHOD; + +extern const OSSL_CC_METHOD ossl_cc_dummy_method; +extern const OSSL_CC_METHOD ossl_cc_newreno_method; + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_cfq.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_cfq.h new file mode 100644 index 00000000..22c436dc --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_cfq.h @@ -0,0 +1,154 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_CFQ_H +# define OSSL_QUIC_CFQ_H + +# include +# include "internal/quic_types.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Control Frame Queue Item + * ============================= + * + * The CFQ item structure has a public and a private part. This structure + * documents the public part. + */ +typedef struct quic_cfq_item_st QUIC_CFQ_ITEM; + +struct quic_cfq_item_st { + /* + * These fields are not used by the CFQ, but are a convenience to assist the + * TXPIM in keeping a list of GCR control frames which were sent in a + * packet. They may be used for any purpose. + */ + QUIC_CFQ_ITEM *pkt_prev, *pkt_next; + + /* All other fields are private; use ossl_quic_cfq_item_* accessors. */ +}; + +# define QUIC_CFQ_STATE_NEW 0 +# define QUIC_CFQ_STATE_TX 1 + +/* If set, do not retransmit on loss */ +#define QUIC_CFQ_ITEM_FLAG_UNRELIABLE (1U << 0) + +/* Returns the frame type of a CFQ item. */ +uint64_t ossl_quic_cfq_item_get_frame_type(const QUIC_CFQ_ITEM *item); + +/* Returns a pointer to the encoded buffer of a CFQ item. */ +const unsigned char *ossl_quic_cfq_item_get_encoded(const QUIC_CFQ_ITEM *item); + +/* Returns the length of the encoded buffer in bytes. */ +size_t ossl_quic_cfq_item_get_encoded_len(const QUIC_CFQ_ITEM *item); + +/* Returns the CFQ item state, a QUIC_CFQ_STATE_* value. */ +int ossl_quic_cfq_item_get_state(const QUIC_CFQ_ITEM *item); + +/* Returns the PN space for the CFQ item. */ +uint32_t ossl_quic_cfq_item_get_pn_space(const QUIC_CFQ_ITEM *item); + +/* Returns 1 if this is an unreliable frame. */ +int ossl_quic_cfq_item_is_unreliable(const QUIC_CFQ_ITEM *item); + +/* + * QUIC Control Frame Queue + * ======================== + */ +typedef struct quic_cfq_st QUIC_CFQ; + +QUIC_CFQ *ossl_quic_cfq_new(void); +void ossl_quic_cfq_free(QUIC_CFQ *cfq); + +/* + * Input Side + * ---------- + */ + +/* + * Enqueue a frame to the CFQ. + * + * encoded points to the opaque encoded frame. + * + * free_cb is called by the CFQ when the buffer is no longer needed; + * free_cb_arg is an opaque value passed to free_cb. + * + * priority determines the relative ordering of control frames in a packet. + * Lower numerical values for priority mean that a frame should come earlier in + * a packet. pn_space is a QUIC_PN_SPACE_* value. + * + * On success, returns a QUIC_CFQ_ITEM pointer which acts as a handle to + * the queued frame. On failure, returns NULL. + * + * The frame is initially in the TX state, so there is no need to call + * ossl_quic_cfq_mark_tx() immediately after calling this function. + * + * The frame type is duplicated as the frame_type argument here, even though it + * is also encoded into the buffer. This allows the caller to determine the + * frame type if desired without having to decode the frame. + * + * flags is zero or more QUIC_CFQ_ITEM_FLAG values. + */ +typedef void (cfq_free_cb)(unsigned char *buf, size_t buf_len, void *arg); + +QUIC_CFQ_ITEM *ossl_quic_cfq_add_frame(QUIC_CFQ *cfq, + uint32_t priority, + uint32_t pn_space, + uint64_t frame_type, + uint32_t flags, + const unsigned char *encoded, + size_t encoded_len, + cfq_free_cb *free_cb, + void *free_cb_arg); + +/* + * Effects an immediate transition of the given CFQ item to the TX state. + */ +void ossl_quic_cfq_mark_tx(QUIC_CFQ *cfq, QUIC_CFQ_ITEM *item); + +/* + * Effects an immediate transition of the given CFQ item to the NEW state, + * allowing the frame to be retransmitted. If priority is not UINT32_MAX, + * the priority is changed to the given value. + */ +void ossl_quic_cfq_mark_lost(QUIC_CFQ *cfq, QUIC_CFQ_ITEM *item, + uint32_t priority); + +/* + * Releases a CFQ item. The item may be in either state (NEW or TX) prior to the + * call. The QUIC_CFQ_ITEM pointer must not be used following this call. + */ +void ossl_quic_cfq_release(QUIC_CFQ *cfq, QUIC_CFQ_ITEM *item); + +/* + * Output Side + * ----------- + */ + +/* + * Gets the highest priority CFQ item in the given PN space awaiting + * transmission. If there are none, returns NULL. + */ +QUIC_CFQ_ITEM *ossl_quic_cfq_get_priority_head(const QUIC_CFQ *cfq, + uint32_t pn_space); + +/* + * Given a CFQ item, gets the next CFQ item awaiting transmission in priority + * order in the given PN space. In other words, given the return value of + * ossl_quic_cfq_get_priority_head(), returns the next-lower priority item. + * Returns NULL if the given item is the last item in priority order. + */ +QUIC_CFQ_ITEM *ossl_quic_cfq_item_get_priority_next(const QUIC_CFQ_ITEM *item, + uint32_t pn_space); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_channel.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_channel.h new file mode 100644 index 00000000..f46db063 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_channel.h @@ -0,0 +1,429 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_CHANNEL_H +# define OSSL_QUIC_CHANNEL_H + +# include +# include "internal/quic_types.h" +# include "internal/quic_stream_map.h" +# include "internal/quic_reactor.h" +# include "internal/quic_statm.h" +# include "internal/time.h" +# include "internal/thread.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Channel + * ============ + * + * A QUIC channel (QUIC_CHANNEL) is an object which binds together all of the + * various pieces of QUIC into a single top-level object, and handles connection + * state which is not specific to the client or server roles. In particular, it + * is strictly separated from the libssl front end I/O API personality layer, + * and is not an SSL object. + * + * The name QUIC_CHANNEL is chosen because QUIC_CONNECTION is already in use, + * but functionally these relate to the same thing (a QUIC connection). The use + * of two separate objects ensures clean separation between the API personality + * layer and common code for handling connections, and between the functionality + * which is specific to clients and which is specific to servers, and the + * functionality which is common to both. + * + * The API personality layer provides SSL objects (e.g. a QUIC_CONNECTION) which + * consume a QUIC channel and implement a specific public API. Things which are + * handled by the API personality layer include emulation of blocking semantics, + * handling of SSL object mode flags like non-partial write mode, etc. + * + * Where the QUIC_CHANNEL is used in a server role, there is one QUIC_CHANNEL + * per connection. In the future a QUIC Channel Manager will probably be defined + * to handle ownership of resources which are shared between connections (e.g. + * demuxers). Since we only use server-side functionality for dummy test servers + * for now, which only need to handle one connection at a time, this is not + * currently modelled. + * + * Synchronisation + * --------------- + * + * To support thread assisted mode, QUIC_CHANNEL can be used by multiple + * threads. **It is the caller's responsibility to ensure that the QUIC_CHANNEL + * is only accessed (whether via its methods or via direct access to its state) + * while the channel mutex is held**, except for methods explicitly marked as + * not requiring prior locking. This is an unchecked precondition. + * + * The instantiator of the channel is responsible for providing a suitable + * mutex which then serves as the channel mutex; see QUIC_CHANNEL_ARGS. + */ + +/* + * The function does not acquire the channel mutex and assumes it is already + * held by the calling thread. + * + * Any function tagged with this has the following precondition: + * + * Precondition: must hold channel mutex (unchecked) + */ +# define QUIC_NEEDS_LOCK + +/* + * The function acquires the channel mutex and releases it before returning in + * all circumstances. + * + * Any function tagged with this has the following precondition and + * postcondition: + * + * Precondition: must not hold channel mutex (unchecked) + * Postcondition: channel mutex is not held (by calling thread) + */ +# define QUIC_TAKES_LOCK + +/* + * The function acquires the channel mutex and leaves it acquired + * when returning success. + * + * Any function tagged with this has the following precondition and + * postcondition: + * + * Precondition: must not hold channel mutex (unchecked) + * Postcondition: channel mutex is held by calling thread + * or function returned failure + */ +# define QUIC_ACQUIRES_LOCK + +# define QUIC_TODO_LOCK + +# define QUIC_CHANNEL_STATE_IDLE 0 +# define QUIC_CHANNEL_STATE_ACTIVE 1 +# define QUIC_CHANNEL_STATE_TERMINATING_CLOSING 2 +# define QUIC_CHANNEL_STATE_TERMINATING_DRAINING 3 +# define QUIC_CHANNEL_STATE_TERMINATED 4 + +typedef struct quic_channel_args_st { + OSSL_LIB_CTX *libctx; + const char *propq; + int is_server; + SSL *tls; + + /* + * This must be a mutex the lifetime of which will exceed that of the + * channel. The instantiator of the channel is responsible for providing a + * mutex as this makes it easier to handle instantiation and teardown of + * channels in situations potentially requiring locking. + * + * Note that this is a MUTEX not a RWLOCK as it needs to be an OS mutex for + * compatibility with an OS's condition variable wait API, whereas RWLOCK + * may, depending on the build configuration, be implemented using an OS's + * mutex primitive or using its RW mutex primitive. + */ + CRYPTO_MUTEX *mutex; + + /* + * Optional function pointer to use to retrieve the current time. If NULL, + * ossl_time_now() is used. + */ + OSSL_TIME (*now_cb)(void *arg); + void *now_cb_arg; +} QUIC_CHANNEL_ARGS; + +typedef struct quic_channel_st QUIC_CHANNEL; + +/* Represents the cause for a connection's termination. */ +typedef struct quic_terminate_cause_st { + /* + * If we are in a TERMINATING or TERMINATED state, this is the error code + * associated with the error. This field is valid iff we are in the + * TERMINATING or TERMINATED states. + */ + uint64_t error_code; + + /* + * If terminate_app is set and this is nonzero, this is the frame type which + * caused the connection to be terminated. + */ + uint64_t frame_type; + + /* + * Optional reason string. When calling ossl_quic_channel_local_close, if a + * reason string pointer is passed, it is copied and stored inside + * QUIC_CHANNEL for the remainder of the lifetime of the channel object. + * Thus the string pointed to by this value, if non-NULL, is valid for the + * lifetime of the QUIC_CHANNEL object. + */ + const char *reason; + + /* + * Length of reason in bytes. The reason is supposed to contain a UTF-8 + * string but may be arbitrary data if the reason came from the network. + */ + size_t reason_len; + + /* Is this error code in the transport (0) or application (1) space? */ + unsigned int app : 1; + + /* + * If set, the cause of the termination is a received CONNECTION_CLOSE + * frame. Otherwise, we decided to terminate ourselves and sent a + * CONNECTION_CLOSE frame (regardless of whether the peer later also sends + * one). + */ + unsigned int remote : 1; +} QUIC_TERMINATE_CAUSE; + + +/* + * Create a new QUIC channel using the given arguments. The argument structure + * does not need to remain allocated. Returns NULL on failure. + */ +QUIC_CHANNEL *ossl_quic_channel_new(const QUIC_CHANNEL_ARGS *args); + +/* No-op if ch is NULL. */ +void ossl_quic_channel_free(QUIC_CHANNEL *ch); + +/* Set mutator callbacks for test framework support */ +int ossl_quic_channel_set_mutator(QUIC_CHANNEL *ch, + ossl_mutate_packet_cb mutatecb, + ossl_finish_mutate_cb finishmutatecb, + void *mutatearg); + +/* + * Connection Lifecycle Events + * =========================== + * + * Various events that can be raised on the channel by other parts of the QUIC + * implementation. Some of these are suitable for general use by any part of the + * code (e.g. ossl_quic_channel_raise_protocol_error), others are for very + * specific use by particular components only (e.g. + * ossl_quic_channel_on_handshake_confirmed). + */ + +/* + * To be used by a QUIC connection. Starts the channel. For a client-mode + * channel, this starts sending the first handshake layer message, etc. Can only + * be called in the idle state; successive calls are ignored. + */ +int ossl_quic_channel_start(QUIC_CHANNEL *ch); + +/* Start a locally initiated connection shutdown. */ +void ossl_quic_channel_local_close(QUIC_CHANNEL *ch, uint64_t app_error_code, + const char *app_reason); + +/* + * Called when the handshake is confirmed. + */ +int ossl_quic_channel_on_handshake_confirmed(QUIC_CHANNEL *ch); + +/* + * Raises a protocol error. This is intended to be the universal call suitable + * for handling of all peer-triggered protocol violations or errors detected by + * us. We specify a QUIC transport-scope error code and optional frame type + * which was responsible. If a frame type is not applicable, specify zero. The + * reason string is not currently handled, but should be a string of static + * storage duration. If the connection has already terminated due to a previous + * protocol error, this is a no-op; first error wins. + * + * Usually the ossl_quic_channel_raise_protocol_error() function should be used. + * The ossl_quic_channel_raise_protocol_error_loc() function can be used + * directly for passing through existing call site information from an existing + * error. + */ +void ossl_quic_channel_raise_protocol_error_loc(QUIC_CHANNEL *ch, + uint64_t error_code, + uint64_t frame_type, + const char *reason, + ERR_STATE *err_state, + const char *src_file, + int src_line, + const char *src_func); + +#define ossl_quic_channel_raise_protocol_error(ch, error_code, frame_type, reason) \ + ossl_quic_channel_raise_protocol_error_loc((ch), (error_code), \ + (frame_type), \ + (reason), \ + NULL, \ + OPENSSL_FILE, \ + OPENSSL_LINE, \ + OPENSSL_FUNC) + +#define ossl_quic_channel_raise_protocol_error_state(ch, error_code, frame_type, reason, state) \ + ossl_quic_channel_raise_protocol_error_loc((ch), (error_code), \ + (frame_type), \ + (reason), \ + (state), \ + OPENSSL_FILE, \ + OPENSSL_LINE, \ + OPENSSL_FUNC) + + +/* + * Returns 1 if permanent net error was detected on the QUIC_CHANNEL, + * 0 otherwise. + */ +int ossl_quic_channel_net_error(QUIC_CHANNEL *ch); + +/* Restore saved error state (best effort) */ +void ossl_quic_channel_restore_err_state(QUIC_CHANNEL *ch); + +/* For RXDP use. */ +void ossl_quic_channel_on_remote_conn_close(QUIC_CHANNEL *ch, + OSSL_QUIC_FRAME_CONN_CLOSE *f); +void ossl_quic_channel_on_new_conn_id(QUIC_CHANNEL *ch, + OSSL_QUIC_FRAME_NEW_CONN_ID *f); + +/* + * Queries and Accessors + * ===================== + */ + +/* Gets the reactor which can be used to tick/poll on the channel. */ +QUIC_REACTOR *ossl_quic_channel_get_reactor(QUIC_CHANNEL *ch); + +/* Gets the QSM used with the channel. */ +QUIC_STREAM_MAP *ossl_quic_channel_get_qsm(QUIC_CHANNEL *ch); + +/* Gets the statistics manager used with the channel. */ +OSSL_STATM *ossl_quic_channel_get_statm(QUIC_CHANNEL *ch); + +/* + * Gets/sets the current peer address. Generally this should be used before + * starting a channel in client mode. + */ +int ossl_quic_channel_get_peer_addr(QUIC_CHANNEL *ch, BIO_ADDR *peer_addr); +int ossl_quic_channel_set_peer_addr(QUIC_CHANNEL *ch, const BIO_ADDR *peer_addr); + +/* Gets/sets the underlying network read and write BIOs. */ +BIO *ossl_quic_channel_get_net_rbio(QUIC_CHANNEL *ch); +BIO *ossl_quic_channel_get_net_wbio(QUIC_CHANNEL *ch); +int ossl_quic_channel_set_net_rbio(QUIC_CHANNEL *ch, BIO *net_rbio); +int ossl_quic_channel_set_net_wbio(QUIC_CHANNEL *ch, BIO *net_wbio); + +/* + * Re-poll the network BIOs already set to determine if their support + * for polling has changed. + */ +int ossl_quic_channel_update_poll_descriptors(QUIC_CHANNEL *ch); + +/* + * Returns an existing stream by stream ID. Returns NULL if the stream does not + * exist. + */ +QUIC_STREAM *ossl_quic_channel_get_stream_by_id(QUIC_CHANNEL *ch, + uint64_t stream_id); + +/* Returns 1 if channel is terminating or terminated. */ +int ossl_quic_channel_is_term_any(const QUIC_CHANNEL *ch); +const QUIC_TERMINATE_CAUSE * +ossl_quic_channel_get_terminate_cause(const QUIC_CHANNEL *ch); +int ossl_quic_channel_is_closing(const QUIC_CHANNEL *ch); +int ossl_quic_channel_is_terminated(const QUIC_CHANNEL *ch); +int ossl_quic_channel_is_active(const QUIC_CHANNEL *ch); +int ossl_quic_channel_is_handshake_complete(const QUIC_CHANNEL *ch); +int ossl_quic_channel_is_handshake_confirmed(const QUIC_CHANNEL *ch); + +QUIC_DEMUX *ossl_quic_channel_get0_demux(QUIC_CHANNEL *ch); + +SSL *ossl_quic_channel_get0_ssl(QUIC_CHANNEL *ch); + +/* + * Retrieves a pointer to the channel mutex which was provided at the time the + * channel was instantiated. In order to allow locks to be acquired and released + * with the correct granularity, it is the caller's responsibility to ensure + * this lock is held for write while calling any QUIC_CHANNEL method, except for + * methods explicitly designed otherwise. + * + * This method is thread safe and does not require prior locking. It can also be + * called while the lock is already held. Note that this is simply a convenience + * function to access the mutex which was passed to the channel at instantiation + * time; it does not belong to the channel but rather is presumed to belong to + * the owner of the channel. + */ +CRYPTO_MUTEX *ossl_quic_channel_get_mutex(QUIC_CHANNEL *ch); + +/* + * Creates a new locally-initiated stream in the stream mapper, choosing an + * appropriate stream ID. If is_uni is 1, creates a unidirectional stream, else + * creates a bidirectional stream. Returns NULL on failure. + */ +QUIC_STREAM *ossl_quic_channel_new_stream_local(QUIC_CHANNEL *ch, int is_uni); + +/* + * Creates a new remotely-initiated stream in the stream mapper. The stream ID + * is used to confirm the initiator and determine the stream type. The stream is + * automatically added to the QSM's accept queue. A pointer to the stream is + * also returned. Returns NULL on failure. + */ +QUIC_STREAM *ossl_quic_channel_new_stream_remote(QUIC_CHANNEL *ch, + uint64_t stream_id); + +/* + * Configures incoming stream auto-reject. If enabled, incoming streams have + * both their sending and receiving parts automatically rejected using + * STOP_SENDING and STREAM_RESET frames. aec is the application error + * code to be used for those frames. + */ +void ossl_quic_channel_set_incoming_stream_auto_reject(QUIC_CHANNEL *ch, + int enable, + uint64_t aec); + +/* + * Causes the channel to reject the sending and receiving parts of a stream, + * as though autorejected. Can be used if a stream has already been + * accepted. + */ +void ossl_quic_channel_reject_stream(QUIC_CHANNEL *ch, QUIC_STREAM *qs); + +/* Replace local connection ID in TXP and DEMUX for testing purposes. */ +int ossl_quic_channel_replace_local_cid(QUIC_CHANNEL *ch, + const QUIC_CONN_ID *conn_id); + +/* Setters for the msg_callback and msg_callback_arg */ +void ossl_quic_channel_set_msg_callback(QUIC_CHANNEL *ch, + ossl_msg_cb msg_callback, + SSL *msg_callback_ssl); +void ossl_quic_channel_set_msg_callback_arg(QUIC_CHANNEL *ch, + void *msg_callback_arg); + +/* Testing use only - sets a TXKU threshold packet count override value. */ +void ossl_quic_channel_set_txku_threshold_override(QUIC_CHANNEL *ch, + uint64_t tx_pkt_threshold); + +/* Testing use only - gets current 1-RTT key epochs for QTX and QRX. */ +uint64_t ossl_quic_channel_get_tx_key_epoch(QUIC_CHANNEL *ch); +uint64_t ossl_quic_channel_get_rx_key_epoch(QUIC_CHANNEL *ch); + +/* Artificially trigger a spontaneous TXKU if possible. */ +int ossl_quic_channel_trigger_txku(QUIC_CHANNEL *ch); +int ossl_quic_channel_has_pending(const QUIC_CHANNEL *ch); + +/* Force transmission of an ACK-eliciting packet. */ +int ossl_quic_channel_ping(QUIC_CHANNEL *ch); + +/* For testing use. While enabled, ticking is not performed. */ +void ossl_quic_channel_set_inhibit_tick(QUIC_CHANNEL *ch, int inhibit); + +/* + * These queries exist for diagnostic purposes only. They may roll over. + * Do not rely on them for non-testing purposes. + */ +uint16_t ossl_quic_channel_get_diag_num_rx_ack(QUIC_CHANNEL *ch); + +/* + * Diagnostic use only. Gets the current local CID. + */ +void ossl_quic_channel_get_diag_local_cid(QUIC_CHANNEL *ch, QUIC_CONN_ID *cid); + +/* + * Returns 1 if stream count flow control allows us to create a new + * locally-initiated stream. + */ +int ossl_quic_channel_is_new_local_stream_admissible(QUIC_CHANNEL *ch, int is_uni); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_demux.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_demux.h new file mode 100644 index 00000000..444249e7 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_demux.h @@ -0,0 +1,364 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_DEMUX_H +# define OSSL_QUIC_DEMUX_H + +# include +# include "internal/quic_types.h" +# include "internal/bio_addr.h" +# include "internal/time.h" +# include "internal/list.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Demuxer + * ============ + * + * The QUIC connection demuxer is the entity responsible for receiving datagrams + * from the network via a datagram BIO. It parses packet headers to determine + * each packet's destination connection ID (DCID) and hands off processing of + * the packet to the correct QUIC Record Layer (QRL)'s RX side (known as the + * QRX). + * + * A QRX is instantiated per QUIC connection and contains the cryptographic + * resources needed to decrypt QUIC packets for that connection. Received + * datagrams are passed from the demuxer to the QRX via a callback registered + * for a specific DCID by the QRX; thus the demuxer has no specific knowledge of + * the QRX and is not coupled to it. + * + * A connection may have multiple connection IDs associated with it; a QRX + * handles this simply by registering multiple connection IDs with the demuxer + * via multiple register calls. + * + * URX Queue + * --------- + * + * Since the demuxer must handle the initial reception of datagrams from the OS, + * RX queue management for new, unprocessed datagrams is also handled by the + * demuxer. + * + * The demuxer maintains a queue of Unprocessed RX Entries (URXEs), which store + * unprocessed (i.e., encrypted, unvalidated) data received from the network. + * The URXE queue is designed to allow multiple datagrams to be received in a + * single call to BIO_recvmmsg, where supported. + * + * One URXE is used per received datagram. Each datagram may contain multiple + * packets, however, this is not the demuxer's concern. QUIC prohibits different + * packets in the same datagram from containing different DCIDs; the demuxer + * only considers the DCID of the first packet in a datagram when deciding how + * to route a received datagram, and it is the responsibility of the QRX to + * enforce this rule. Packets other than the first packet in a datagram are not + * examined by the demuxer, and the demuxer does not perform validation of + * packet headers other than to the minimum extent necessary to extract the + * DCID; further parsing and validation of packet headers is the responsibility + * of the QRX. + * + * Rather than defining an opaque interface, the URXE structure internals + * are exposed. Since the demuxer is only exposed to other parts of the QUIC + * implementation internals, this poses no problem, and has a number of + * advantages: + * + * - Fields in the URXE can be allocated to support requirements in other + * components, like the QRX, which would otherwise have to allocate extra + * memory corresponding to each URXE. + * + * - Other components, like the QRX, can keep the URXE in queues of its own + * when it is not being managed by the demuxer. + * + * URX Queue Structure + * ------------------- + * + * The URXE queue is maintained as a simple doubly-linked list. URXE entries are + * moved between different lists in their lifecycle (for example, from a free + * list to a pending list and vice versa). The buffer into which datagrams are + * received immediately follows this URXE header structure and is part of the + * same allocation. + */ + +typedef struct quic_urxe_st QUIC_URXE; + +/* Maximum number of packets we allow to exist in one datagram. */ +#define QUIC_MAX_PKT_PER_URXE (sizeof(uint64_t) * 8) + +struct quic_urxe_st { + OSSL_LIST_MEMBER(urxe, QUIC_URXE); + + /* + * The URXE data starts after this structure so we don't need a pointer. + * data_len stores the current length (i.e., the length of the received + * datagram) and alloc_len stores the allocation length. The URXE will be + * reallocated if we need a larger allocation than is available, though this + * should not be common as we will have a good idea of worst-case MTUs up + * front. + */ + size_t data_len, alloc_len; + + /* + * Bitfields per packet. processed indicates the packet has been processed + * and must not be processed again, hpr_removed indicates header protection + * has already been removed. Used by QRX only; not used by the demuxer. + */ + uint64_t processed, hpr_removed; + + /* + * Address of peer we received the datagram from, and the local interface + * address we received it on. If local address support is not enabled, local + * is zeroed. + */ + BIO_ADDR peer, local; + + /* + * Time at which datagram was received (or ossl_time_zero()) if a now + * function was not provided). + */ + OSSL_TIME time; + + /* + * Used by the QRX to mark whether a datagram has been deferred. Used by the + * QRX only; not used by the demuxer. + */ + char deferred; + + /* + * Used by the DEMUX to track if a URXE has been handed out. Used primarily + * for debugging purposes. + */ + char demux_state; +}; + +/* Accessors for URXE buffer. */ +static ossl_unused ossl_inline unsigned char * +ossl_quic_urxe_data(const QUIC_URXE *e) +{ + return (unsigned char *)&e[1]; +} + +static ossl_unused ossl_inline unsigned char * +ossl_quic_urxe_data_end(const QUIC_URXE *e) +{ + return ossl_quic_urxe_data(e) + e->data_len; +} + +/* List structure tracking a queue of URXEs. */ +DEFINE_LIST_OF(urxe, QUIC_URXE); +typedef OSSL_LIST(urxe) QUIC_URXE_LIST; + +/* + * List management helpers. These are used by the demuxer but can also be used + * by users of the demuxer to manage URXEs. + */ +void ossl_quic_urxe_remove(QUIC_URXE_LIST *l, QUIC_URXE *e); +void ossl_quic_urxe_insert_head(QUIC_URXE_LIST *l, QUIC_URXE *e); +void ossl_quic_urxe_insert_tail(QUIC_URXE_LIST *l, QUIC_URXE *e); + +/* Opaque type representing a demuxer. */ +typedef struct quic_demux_st QUIC_DEMUX; + +/* + * Called when a datagram is received for a given connection ID. + * + * e is a URXE containing the datagram payload. It is permissible for the callee + * to mutate this buffer; once the demuxer calls this callback, it will never + * read the buffer again. + * + * The callee must arrange for ossl_quic_demux_release_urxe or + * ossl_quic_demux_reinject_urxe to be called on the URXE at some point in the + * future (this need not be before the callback returns). + * + * At the time the callback is made, the URXE will not be in any queue, + * therefore the callee can use the prev and next fields as it wishes. + */ +typedef void (ossl_quic_demux_cb_fn)(QUIC_URXE *e, void *arg); + +/* + * Called when a datagram is received. + * Returns 1 if the datagram ends with a stateless reset token and + * 0 if not. + */ +typedef int (ossl_quic_stateless_reset_cb_fn)(const unsigned char *data, + size_t data_len, void *arg); + +/* + * Creates a new demuxer. The given BIO is used to receive datagrams from the + * network using BIO_recvmmsg. short_conn_id_len is the length of destination + * connection IDs used in RX'd packets; it must have the same value for all + * connections used on a socket. default_urxe_alloc_len is the buffer size to + * receive datagrams into; it should be a value large enough to contain any + * received datagram according to local MTUs, etc. + * + * now is an optional function used to determine the time a datagram was + * received. now_arg is an opaque argument passed to the function. If now is + * NULL, ossl_time_zero() is used as the datagram reception time. + */ +QUIC_DEMUX *ossl_quic_demux_new(BIO *net_bio, + size_t short_conn_id_len, + OSSL_TIME (*now)(void *arg), + void *now_arg); + +/* + * Destroy a demuxer. All URXEs must have been released back to the demuxer + * before calling this. No-op if demux is NULL. + */ +void ossl_quic_demux_free(QUIC_DEMUX *demux); + +/* + * Changes the BIO which the demuxer reads from. This also sets the MTU if the + * BIO supports querying the MTU. + */ +void ossl_quic_demux_set_bio(QUIC_DEMUX *demux, BIO *net_bio); + +/* + * Changes the MTU in bytes we use to receive datagrams. + */ +int ossl_quic_demux_set_mtu(QUIC_DEMUX *demux, unsigned int mtu); + +/* + * Register a datagram handler callback for a connection ID. + * + * ossl_quic_demux_pump will call the specified function if it receives a datagram + * the first packet of which has the specified destination connection ID. + * + * It is assumed all packets in a datagram have the same destination connection + * ID (as QUIC mandates this), but it is the user's responsibility to check for + * this and reject subsequent packets in a datagram that violate this rule. + * + * dst_conn_id is a destination connection ID; it is copied and need not remain + * valid after this function returns. + * + * cb_arg is passed to cb when it is called. For information on the callback, + * see its typedef above. + * + * Only one handler can be set for a given connection ID. If a handler is + * already set for the given connection ID, returns 0. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_demux_register(QUIC_DEMUX *demux, + const QUIC_CONN_ID *dst_conn_id, + ossl_quic_demux_cb_fn *cb, + void *cb_arg); + +/* + * Unregisters any datagram handler callback set for the given connection ID. + * Fails if no handler is registered for the given connection ID. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_demux_unregister(QUIC_DEMUX *demux, + const QUIC_CONN_ID *dst_conn_id); + +/* + * Unregisters any datagram handler callback from all connection IDs it is used + * for. cb and cb_arg must both match the values passed to + * ossl_quic_demux_register. + */ +void ossl_quic_demux_unregister_by_cb(QUIC_DEMUX *demux, + ossl_quic_demux_cb_fn *cb, + void *cb_arg); + +/* + * Set the default packet handler. This is used for incoming packets which don't + * match a registered DCID. This is only needed for servers. If a default packet + * handler is not set, a packet which doesn't match a registered DCID is + * silently dropped. A default packet handler may be unset by passing NULL. + * + * The handler is responsible for ensuring that ossl_quic_demux_reinject_urxe or + * ossl_quic_demux_release_urxe is called on the passed packet at some point in + * the future, which may or may not be before the handler returns. + */ +void ossl_quic_demux_set_default_handler(QUIC_DEMUX *demux, + ossl_quic_demux_cb_fn *cb, + void *cb_arg); + +/* + * Sets a callback for stateless reset processing. + * + * If set, this callback is called for datagrams for which we cannot identify + * a CID. This function should return 1 if there is a stateless reset token + * present and 0 if not. If there is a token present, the connection should + * also be reset. + */ +void ossl_quic_demux_set_stateless_reset_handler( + QUIC_DEMUX *demux, + ossl_quic_stateless_reset_cb_fn *cb, void *cb_arg); + +/* + * Releases a URXE back to the demuxer. No reference must be made to the URXE or + * its buffer after calling this function. The URXE must not be in any queue; + * that is, its prev and next pointers must be NULL. + */ +void ossl_quic_demux_release_urxe(QUIC_DEMUX *demux, + QUIC_URXE *e); + +/* + * Reinjects a URXE which was issued to a registered DCID callback or the + * default packet handler callback back into the pending queue. This is useful + * when a packet has been handled by the default packet handler callback such + * that a DCID has now been registered and can be dispatched normally by DCID. + * Once this has been called, the caller must not touch the URXE anymore and + * must not also call ossl_quic_demux_release_urxe(). + * + * The URXE is reinjected at the head of the queue, so it will be reprocessed + * immediately. + */ +void ossl_quic_demux_reinject_urxe(QUIC_DEMUX *demux, + QUIC_URXE *e); + +/* + * Process any unprocessed RX'd datagrams, by calling registered callbacks by + * connection ID, reading more datagrams from the BIO if necessary. + * + * Returns one of the following values: + * + * QUIC_DEMUX_PUMP_RES_OK + * At least one incoming datagram was processed. + * + * QUIC_DEMUX_PUMP_RES_TRANSIENT_FAIL + * No more incoming datagrams are currently available. + * Call again later. + * + * QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL + * Either the network read BIO has failed in a non-transient fashion, or + * the QUIC implementation has encountered an internal state, assertion + * or allocation error. The caller should tear down the connection + * similarly to in the case of a protocol violation. + * + */ +#define QUIC_DEMUX_PUMP_RES_OK 1 +#define QUIC_DEMUX_PUMP_RES_TRANSIENT_FAIL (-1) +#define QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL (-2) +#define QUIC_DEMUX_PUMP_RES_STATELESS_RESET (-3) + +int ossl_quic_demux_pump(QUIC_DEMUX *demux); + +/* + * Artificially inject a packet into the demuxer for testing purposes. The + * buffer must not exceed the URXE size being used by the demuxer. + * + * If peer or local are NULL, their respective fields are zeroed in the injected + * URXE. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_demux_inject(QUIC_DEMUX *demux, + const unsigned char *buf, + size_t buf_len, + const BIO_ADDR *peer, + const BIO_ADDR *local); + +/* + * Returns 1 if there are any pending URXEs. + */ +int ossl_quic_demux_has_pending(const QUIC_DEMUX *demux); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_error.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_error.h new file mode 100644 index 00000000..ae195a5f --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_error.h @@ -0,0 +1,56 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_ERROR_H +# define OSSL_QUIC_ERROR_H + +# include + +# ifndef OPENSSL_NO_QUIC + +/* RFC 9000 Section 20.1 */ +# define QUIC_ERR_NO_ERROR 0x00 +# define QUIC_ERR_INTERNAL_ERROR 0x01 +# define QUIC_ERR_CONNECTION_REFUSED 0x02 +# define QUIC_ERR_FLOW_CONTROL_ERROR 0x03 +# define QUIC_ERR_STREAM_LIMIT_ERROR 0x04 +# define QUIC_ERR_STREAM_STATE_ERROR 0x05 +# define QUIC_ERR_FINAL_SIZE_ERROR 0x06 +# define QUIC_ERR_FRAME_ENCODING_ERROR 0x07 +# define QUIC_ERR_TRANSPORT_PARAMETER_ERROR 0x08 +# define QUIC_ERR_CONNECTION_ID_LIMIT_ERROR 0x09 +# define QUIC_ERR_PROTOCOL_VIOLATION 0x0A +# define QUIC_ERR_INVALID_TOKEN 0x0B +# define QUIC_ERR_APPLICATION_ERROR 0x0C +# define QUIC_ERR_CRYPTO_BUFFER_EXCEEDED 0x0D +# define QUIC_ERR_KEY_UPDATE_ERROR 0x0E +# define QUIC_ERR_AEAD_LIMIT_REACHED 0x0F +# define QUIC_ERR_NO_VIABLE_PATH 0x10 + +/* Inclusive range for handshake-specific errors. */ +# define QUIC_ERR_CRYPTO_ERR_BEGIN 0x0100 +# define QUIC_ERR_CRYPTO_ERR_END 0x01FF + +# define QUIC_ERR_CRYPTO_ERR(X) \ + (QUIC_ERR_CRYPTO_ERR_BEGIN + (X)) + +# define QUIC_ERR_CRYPTO_UNEXPECTED_MESSAGE \ + QUIC_ERR_CRYPTO_ERR(SSL3_AD_UNEXPECTED_MESSAGE) + +# define QUIC_ERR_CRYPTO_MISSING_EXT \ + QUIC_ERR_CRYPTO_ERR(TLS13_AD_MISSING_EXTENSION) + +# define QUIC_ERR_CRYPTO_NO_APP_PROTO \ + QUIC_ERR_CRYPTO_ERR(TLS1_AD_NO_APPLICATION_PROTOCOL) + +const char *ossl_quic_err_to_string(uint64_t error_code); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_fc.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_fc.h new file mode 100644 index 00000000..49b448a3 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_fc.h @@ -0,0 +1,277 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_FC_H +# define OSSL_QUIC_FC_H + +# include +# include "internal/time.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * TX Flow Controller (TXFC) + * ========================= + * + * For discussion, see doc/designs/quic-design/quic-fc.md. + */ +typedef struct quic_txfc_st QUIC_TXFC; + +struct quic_txfc_st { + QUIC_TXFC *parent; /* stream-level iff non-NULL */ + uint64_t swm, cwm; + char has_become_blocked; +}; + +/* + * Initialises a TX flow controller. conn_txfc should be non-NULL and point to + * the connection-level flow controller if the TXFC is for stream-level flow + * control, and NULL otherwise. + */ +int ossl_quic_txfc_init(QUIC_TXFC *txfc, QUIC_TXFC *conn_txfc); + +/* + * Gets the parent (i.e., connection-level) TX flow controller. Returns NULL if + * called on a connection-level TX flow controller. + */ +QUIC_TXFC *ossl_quic_txfc_get_parent(QUIC_TXFC *txfc); + +/* + * Bump the credit watermark (CWM) value. This is the 'On TX Window Updated' + * operation. This function is a no-op if it has already been called with an + * equal or higher CWM value. + * + * It returns 1 iff the call resulted in the CWM being bumped and 0 if it was + * not increased because it has already been called with an equal or higher CWM + * value. This is not an error per se but may indicate a local programming error + * or a protocol error in a remote peer. + */ +int ossl_quic_txfc_bump_cwm(QUIC_TXFC *txfc, uint64_t cwm); + +/* + * Get the number of bytes by which we are in credit. This is the number of + * controlled bytes we are allowed to send. (Thus if this function returns 0, we + * are currently blocked.) + * + * If called on a stream-level TXFC, ossl_quic_txfc_get_credit is called on + * the connection-level TXFC as well, and the lesser of the two values is + * returned. The consumed value is the amount already consumed on the connection + * level TXFC. + */ +uint64_t ossl_quic_txfc_get_credit(QUIC_TXFC *txfc, uint64_t consumed); + +/* + * Like ossl_quic_txfc_get_credit(), but when called on a stream-level TXFC, + * retrieves only the stream-level credit value and does not clamp it based on + * connection-level flow control. Any credit value is reduced by the consumed + * amount. + */ +uint64_t ossl_quic_txfc_get_credit_local(QUIC_TXFC *txfc, uint64_t consumed); + +/* + * Consume num_bytes of credit. This is the 'On TX' operation. This should be + * called when we transmit any controlled bytes. Calling this with an argument + * of 0 is a no-op. + * + * We must never transmit more controlled bytes than we are in credit for (see + * the return value of ossl_quic_txfc_get_credit()). If you call this function + * with num_bytes greater than our current credit, this function consumes the + * remainder of the credit and returns 0. This indicates a serious programming + * error on the caller's part. Otherwise, the function returns 1. + * + * If called on a stream-level TXFC, ossl_quic_txfc_consume_credit() is called + * on the connection-level TXFC also. If the call to that function on the + * connection-level TXFC returns zero, this function will also return zero. + */ +int ossl_quic_txfc_consume_credit(QUIC_TXFC *txfc, uint64_t num_bytes); + +/* + * Like ossl_quic_txfc_consume_credit(), but when called on a stream-level TXFC, + * consumes only from the stream-level credit and does not inform the + * connection-level TXFC. + */ +int ossl_quic_txfc_consume_credit_local(QUIC_TXFC *txfc, uint64_t num_bytes); + +/* + * This flag is provided for convenience. A caller is not required to use it. It + * is a boolean flag set whenever our credit drops to zero. If clear is 1, the + * flag is cleared. The old value of the flag is returned. Callers may use this + * to determine if they need to send a DATA_BLOCKED or STREAM_DATA_BLOCKED + * frame, which should contain the value returned by ossl_quic_txfc_get_cwm(). + */ +int ossl_quic_txfc_has_become_blocked(QUIC_TXFC *txfc, int clear); + +/* + * Get the current CWM value. This is mainly only needed when generating a + * DATA_BLOCKED or STREAM_DATA_BLOCKED frame, or for diagnostic purposes. + */ +uint64_t ossl_quic_txfc_get_cwm(QUIC_TXFC *txfc); + +/* + * Get the current spent watermark (SWM) value. This is purely for diagnostic + * use and should not be needed in normal circumstances. + */ +uint64_t ossl_quic_txfc_get_swm(QUIC_TXFC *txfc); + +/* + * RX Flow Controller (RXFC) + * ========================= + */ +typedef struct quic_rxfc_st QUIC_RXFC; + +struct quic_rxfc_st { + /* + * swm is the sent/received watermark, which tracks how much we have + * received from the peer. rwm is the retired watermark, which tracks how + * much has been passed to the application. esrwm is the rwm value at which + * the current auto-tuning epoch started. hwm is the highest stream length + * (STREAM frame offset + payload length) we have seen from a STREAM frame + * yet. + */ + uint64_t cwm, swm, rwm, esrwm, hwm, cur_window_size, max_window_size; + OSSL_TIME epoch_start; + OSSL_TIME (*now)(void *arg); + void *now_arg; + QUIC_RXFC *parent; + unsigned char error_code, has_cwm_changed, is_fin, standalone; +}; + +/* + * Initialises an RX flow controller. conn_rxfc should be non-NULL and point to + * a connection-level RXFC if the RXFC is for stream-level flow control, and + * NULL otherwise. initial_window_size and max_window_size specify the initial + * and absolute maximum window sizes, respectively. Window size values are + * expressed in bytes and determine how much credit the RXFC extends to the peer + * to transmit more data at a time. + */ +int ossl_quic_rxfc_init(QUIC_RXFC *rxfc, QUIC_RXFC *conn_rxfc, + uint64_t initial_window_size, + uint64_t max_window_size, + OSSL_TIME (*now)(void *arg), + void *now_arg); + +/* + * Initialises an RX flow controller which is used by itself and not under a + * connection-level RX flow controller. This can be used for stream count + * enforcement as well as CRYPTO buffer enforcement. + */ +int ossl_quic_rxfc_init_standalone(QUIC_RXFC *rxfc, + uint64_t initial_window_size, + OSSL_TIME (*now)(void *arg), + void *now_arg); + +/* + * Gets the parent (i.e., connection-level) RXFC. Returns NULL if called on a + * connection-level RXFC. + */ +QUIC_RXFC *ossl_quic_rxfc_get_parent(QUIC_RXFC *rxfc); + +/* + * Changes the current maximum window size value. + */ +void ossl_quic_rxfc_set_max_window_size(QUIC_RXFC *rxfc, + size_t max_window_size); + +/* + * To be called whenever a STREAM frame is received. + * + * end is the value (offset + len), where offset is the offset field of the + * STREAM frame and len is the length of the STREAM frame's payload in bytes. + * + * is_fin should be 1 if the STREAM frame had the FIN flag set and 0 otherwise. + * + * This function may be used on a stream-level RXFC only. The connection-level + * RXFC will have its state updated by the stream-level RXFC. + * + * You should check ossl_quic_rxfc_has_error() on both connection-level and + * stream-level RXFCs after calling this function, as an incoming STREAM frame + * may cause flow control limits to be exceeded by an errant peer. This + * function still returns 1 in this case, as this is not a caller error. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_rxfc_on_rx_stream_frame(QUIC_RXFC *rxfc, + uint64_t end, int is_fin); + +/* + * To be called whenever controlled bytes are retired, i.e. when bytes are + * dequeued from a QUIC stream and passed to the application. num_bytes + * is the number of bytes which were passed to the application. + * + * You should call this only on a stream-level RXFC. This function will update + * the connection-level RXFC automatically. + * + * rtt should be the current best understanding of the RTT to the peer, as + * offered by the Statistics Manager. + * + * You should check ossl_quic_rxfc_has_cwm_changed() after calling this + * function, as it may have caused the RXFC to decide to grant more flow control + * credit to the peer. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_rxfc_on_retire(QUIC_RXFC *rxfc, + uint64_t num_bytes, + OSSL_TIME rtt); + +/* + * Returns the current CWM which the RXFC thinks the peer should have. + * + * Note that the RXFC will increase this value in response to events, at which + * time a MAX_DATA or MAX_STREAM_DATA frame must be generated. Use + * ossl_quic_rxfc_has_cwm_changed() to detect this condition. + * + * This value increases monotonically. + */ +uint64_t ossl_quic_rxfc_get_cwm(QUIC_RXFC *rxfc); + +/* + * Returns the current SWM. This is the total number of bytes the peer has + * transmitted to us. This is intended for diagnostic use only; you should + * not need it. + */ +uint64_t ossl_quic_rxfc_get_swm(QUIC_RXFC *rxfc); + +/* + * Returns the current RWM. This is the total number of bytes that has been + * retired. This is intended for diagnostic use only; you should not need it. + */ +uint64_t ossl_quic_rxfc_get_rwm(QUIC_RXFC *rxfc); + +/* + * Returns the CWM changed flag. If clear is 1, the flag is cleared and the old + * value is returned. + */ +int ossl_quic_rxfc_has_cwm_changed(QUIC_RXFC *rxfc, int clear); + +/* + * Returns a QUIC_ERR_* error code if a flow control error has been detected. + * Otherwise, returns QUIC_ERR_NO_ERROR. If clear is 1, the error is cleared + * and the old value is returned. + * + * May return one of the following values: + * + * QUIC_ERR_FLOW_CONTROL_ERROR: + * This indicates a flow control protocol violation by the remote peer; the + * connection should be terminated in this event. + * QUIC_ERR_FINAL_SIZE: + * The peer attempted to change the stream length after ending the stream. + */ +int ossl_quic_rxfc_get_error(QUIC_RXFC *rxfc, int clear); + +/* + * Returns 1 if the RXFC is a stream-level RXFC and the RXFC knows the final + * size for the stream in bytes. If this is the case and final_size is non-NULL, + * writes the final size to *final_size. Otherwise, returns 0. + */ +int ossl_quic_rxfc_get_final_size(const QUIC_RXFC *rxfc, uint64_t *final_size); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_fifd.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_fifd.h new file mode 100644 index 00000000..a260ec44 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_fifd.h @@ -0,0 +1,80 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_FIFD_H +# define OSSL_QUIC_FIFD_H + +# include +# include "internal/quic_types.h" +# include "internal/quic_cfq.h" +# include "internal/quic_ackm.h" +# include "internal/quic_txpim.h" +# include "internal/quic_stream.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Frame-in-Flight Dispatcher (FIFD) + * ====================================== + */ +struct quic_fifd_st { + /* Internal data; use the ossl_quic_fifd functions. */ + QUIC_CFQ *cfq; + OSSL_ACKM *ackm; + QUIC_TXPIM *txpim; + QUIC_SSTREAM *(*get_sstream_by_id)(uint64_t stream_id, + uint32_t pn_space, + void *arg); + void *get_sstream_by_id_arg; + void (*regen_frame)(uint64_t frame_type, + uint64_t stream_id, + QUIC_TXPIM_PKT *pkt, + void *arg); + void *regen_frame_arg; + void (*confirm_frame)(uint64_t frame_type, + uint64_t stream_id, + QUIC_TXPIM_PKT *pkt, + void *arg); + void *confirm_frame_arg; + void (*sstream_updated)(uint64_t stream_id, + void *arg); + void *sstream_updated_arg; +}; + +int ossl_quic_fifd_init(QUIC_FIFD *fifd, + QUIC_CFQ *cfq, + OSSL_ACKM *ackm, + QUIC_TXPIM *txpim, + /* stream_id is UINT64_MAX for the crypto stream */ + QUIC_SSTREAM *(*get_sstream_by_id)(uint64_t stream_id, + uint32_t pn_space, + void *arg), + void *get_sstream_by_id_arg, + /* stream_id is UINT64_MAX if not applicable */ + void (*regen_frame)(uint64_t frame_type, + uint64_t stream_id, + QUIC_TXPIM_PKT *pkt, + void *arg), + void *regen_frame_arg, + void (*confirm_frame)(uint64_t frame_type, + uint64_t stream_id, + QUIC_TXPIM_PKT *pkt, + void *arg), + void *confirm_frame_arg, + void (*sstream_updated)(uint64_t stream_id, + void *arg), + void *sstream_updated_arg); + +void ossl_quic_fifd_cleanup(QUIC_FIFD *fifd); /* (no-op) */ + +int ossl_quic_fifd_pkt_commit(QUIC_FIFD *fifd, QUIC_TXPIM_PKT *pkt); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_reactor.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_reactor.h new file mode 100644 index 00000000..57bb551e --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_reactor.h @@ -0,0 +1,188 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef OSSL_QUIC_REACTOR_H +# define OSSL_QUIC_REACTOR_H + +# include "internal/time.h" +# include "internal/sockets.h" +# include + +# ifndef OPENSSL_NO_QUIC + +/* + * Core I/O Reactor Framework + * ========================== + * + * Manages use of async network I/O which the QUIC stack is built on. The core + * mechanic looks like this: + * + * - There is a pollable FD for both the read and write side respectively. + * Readability and writeability of these FDs respectively determines when + * network I/O is available. + * + * - The reactor can export these FDs to the user, as well as flags indicating + * whether the user should listen for readability, writeability, or neither. + * + * - The reactor can export a timeout indication to the user, indicating when + * the reactor should be called (via libssl APIs) regardless of whether + * the network socket has become ready. + * + * The reactor is based around a tick callback which is essentially the mutator + * function. The mutator attempts to do whatever it can, attempting to perform + * network I/O to the extent currently feasible. When done, the mutator returns + * information to the reactor indicating when it should be woken up again: + * + * - Should it be woken up when network RX is possible? + * - Should it be woken up when network TX is possible? + * - Should it be woken up no later than some deadline X? + * + * The intention is that ALL I/O-related SSL_* functions with side effects (e.g. + * SSL_read/SSL_write) consist of three phases: + * + * - Optionally mutate the QUIC machine's state. + * - Optionally tick the QUIC reactor. + * - Optionally mutate the QUIC machine's state. + * + * For example, SSL_write is a mutation (appending to a stream buffer) followed + * by an optional tick (generally expected as we may want to send the data + * immediately, though not strictly needed if transmission is being deferred due + * to Nagle's algorithm, etc.). + * + * SSL_read is also a mutation and in principle does not need to tick the + * reactor, but it generally will anyway to ensure that the reactor is regularly + * ticked by an application which is only reading and not writing. + * + * If the SSL object is being used in blocking mode, SSL_read may need to block + * if no data is available yet, and SSL_write may need to block if buffers + * are full. + * + * The internals of the QUIC I/O engine always use asynchronous I/O. If the + * application desires blocking semantics, we handle this by adding a blocking + * adaptation layer on top of our internal asynchronous I/O API as exposed by + * the reactor interface. + */ +typedef struct quic_tick_result_st { + char net_read_desired; + char net_write_desired; + OSSL_TIME tick_deadline; +} QUIC_TICK_RESULT; + +typedef struct quic_reactor_st { + /* + * BIO poll descriptors which can be polled. poll_r is a poll descriptor + * which becomes readable when the QUIC state machine can potentially do + * work, and poll_w is a poll descriptor which becomes writable when the + * QUIC state machine can potentially do work. Generally, either of these + * conditions means that SSL_tick() should be called, or another SSL + * function which implicitly calls SSL_tick() (e.g. SSL_read/SSL_write()). + */ + BIO_POLL_DESCRIPTOR poll_r, poll_w; + OSSL_TIME tick_deadline; /* ossl_time_infinite() if none currently applicable */ + + void (*tick_cb)(QUIC_TICK_RESULT *res, void *arg, uint32_t flags); + void *tick_cb_arg; + + /* + * These are true if we would like to know when we can read or write from + * the network respectively. + */ + unsigned int net_read_desired : 1; + unsigned int net_write_desired : 1; + + /* + * Are the read and write poll descriptors we are currently configured with + * things we can actually poll? + */ + unsigned int can_poll_r : 1; + unsigned int can_poll_w : 1; +} QUIC_REACTOR; + +void ossl_quic_reactor_init(QUIC_REACTOR *rtor, + void (*tick_cb)(QUIC_TICK_RESULT *res, void *arg, + uint32_t flags), + void *tick_cb_arg, + OSSL_TIME initial_tick_deadline); + +void ossl_quic_reactor_set_poll_r(QUIC_REACTOR *rtor, + const BIO_POLL_DESCRIPTOR *r); + +void ossl_quic_reactor_set_poll_w(QUIC_REACTOR *rtor, + const BIO_POLL_DESCRIPTOR *w); + +const BIO_POLL_DESCRIPTOR *ossl_quic_reactor_get_poll_r(const QUIC_REACTOR *rtor); +const BIO_POLL_DESCRIPTOR *ossl_quic_reactor_get_poll_w(const QUIC_REACTOR *rtor); + +int ossl_quic_reactor_can_poll_r(const QUIC_REACTOR *rtor); +int ossl_quic_reactor_can_poll_w(const QUIC_REACTOR *rtor); + +int ossl_quic_reactor_can_support_poll_descriptor(const QUIC_REACTOR *rtor, + const BIO_POLL_DESCRIPTOR *d); + +int ossl_quic_reactor_net_read_desired(QUIC_REACTOR *rtor); +int ossl_quic_reactor_net_write_desired(QUIC_REACTOR *rtor); + +OSSL_TIME ossl_quic_reactor_get_tick_deadline(QUIC_REACTOR *rtor); + +/* + * Do whatever work can be done, and as much work as can be done. This involves + * e.g. seeing if we can read anything from the network (if we want to), seeing + * if we can write anything to the network (if we want to), etc. + * + * If the CHANNEL_ONLY flag is set, this indicates that we should only + * touch state which is synchronised by the channel mutex. + */ +#define QUIC_REACTOR_TICK_FLAG_CHANNEL_ONLY (1U << 0) + +int ossl_quic_reactor_tick(QUIC_REACTOR *rtor, uint32_t flags); + +/* + * Blocking I/O Adaptation Layer + * ============================= + * + * The blocking I/O adaptation layer implements blocking I/O on top of our + * asynchronous core. + * + * The core mechanism is block_until_pred(), which does not return until pred() + * returns a value other than 0. The blocker uses OS I/O synchronisation + * primitives (e.g. poll(2)) and ticks the reactor until the predicate is + * satisfied. The blocker is not required to call pred() more than once between + * tick calls. + * + * When pred returns a non-zero value, that value is returned by this function. + * This can be used to allow pred() to indicate error conditions and short + * circuit the blocking process. + * + * A return value of -1 is reserved for network polling errors. Therefore this + * return value should not be used by pred() if ambiguity is not desired. Note + * that the predicate function can always arrange its own output mechanism, for + * example by passing a structure of its own as the argument. + * + * If the SKIP_FIRST_TICK flag is set, the first call to reactor_tick() before + * the first call to pred() is skipped. This is useful if it is known that + * ticking the reactor again will not be useful (e.g. because it has already + * been done). + * + * This function assumes a write lock is held for the entire QUIC_CHANNEL. If + * mutex is non-NULL, it must be a lock currently held for write; it will be + * unlocked during any sleep, and then relocked for write afterwards. + * + * Precondition: mutex is NULL or is held for write (unchecked) + * Postcondition: mutex is NULL or is held for write (unless + * CRYPTO_THREAD_write_lock fails) + */ +#define SKIP_FIRST_TICK (1U << 0) + +int ossl_quic_reactor_block_until_pred(QUIC_REACTOR *rtor, + int (*pred)(void *arg), void *pred_arg, + uint32_t flags, + CRYPTO_RWLOCK *mutex); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_record_rx.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_record_rx.h new file mode 100644 index 00000000..e26fd356 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_record_rx.h @@ -0,0 +1,569 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_RECORD_RX_H +# define OSSL_QUIC_RECORD_RX_H + +# include +# include "internal/quic_wire_pkt.h" +# include "internal/quic_types.h" +# include "internal/quic_record_util.h" +# include "internal/quic_demux.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Record Layer - RX + * ====================== + */ +typedef struct ossl_qrx_st OSSL_QRX; + +typedef struct ossl_qrx_args_st { + OSSL_LIB_CTX *libctx; + const char *propq; + + /* Demux to receive datagrams from. */ + QUIC_DEMUX *demux; + + /* Length of connection IDs used in short-header packets in bytes. */ + size_t short_conn_id_len; + + /* + * Maximum number of deferred datagrams buffered at any one time. + * Suggested value: 32. + */ + size_t max_deferred; + + /* Initial reference PN used for RX. */ + QUIC_PN init_largest_pn[QUIC_PN_SPACE_NUM]; + + /* Initial key phase. For debugging use only; always 0 in real use. */ + unsigned char init_key_phase_bit; +} OSSL_QRX_ARGS; + +/* Instantiates a new QRX. */ +OSSL_QRX *ossl_qrx_new(const OSSL_QRX_ARGS *args); + +/* + * Frees the QRX. All packets obtained using ossl_qrx_read_pkt must already + * have been released by calling ossl_qrx_release_pkt. + * + * You do not need to call ossl_qrx_remove_dst_conn_id first; this function will + * unregister the QRX from the demuxer for all registered destination connection + * IDs (DCIDs) automatically. + */ +void ossl_qrx_free(OSSL_QRX *qrx); + +/* Setters for the msg_callback and msg_callback_arg */ +void ossl_qrx_set_msg_callback(OSSL_QRX *qrx, ossl_msg_cb msg_callback, + SSL *msg_callback_ssl); +void ossl_qrx_set_msg_callback_arg(OSSL_QRX *qrx, + void *msg_callback_arg); + +/* + * DCID Management + * =============== + */ + +/* + * Adds a given DCID to the QRX. The QRX will register the DCID with the demuxer + * so that incoming packets with that DCID are passed to the given QRX. Multiple + * DCIDs may be associated with a QRX at any one time. You will need to add at + * least one DCID after instantiating the QRX. A zero-length DCID is a valid + * input to this function. This function fails if the DCID is already + * registered. + * + * Returns 1 on success or 0 on error. + */ +int ossl_qrx_add_dst_conn_id(OSSL_QRX *qrx, + const QUIC_CONN_ID *dst_conn_id); + +/* + * Remove a DCID previously registered with ossl_qrx_add_dst_conn_id. The DCID + * is unregistered from the demuxer. Fails if the DCID is not registered with + * the demuxer. + * + * Returns 1 on success or 0 on error. + */ +int ossl_qrx_remove_dst_conn_id(OSSL_QRX *qrx, + const QUIC_CONN_ID *dst_conn_id); + +/* + * Secret Management + * ================= + * + * A QRX has several encryption levels (Initial, Handshake, 0-RTT, 1-RTT) and + * two directions (RX, TX). At any given time, key material is managed for each + * (EL, RX/TX) combination. + * + * Broadly, for a given (EL, RX/TX), the following state machine is applicable: + * + * WAITING_FOR_KEYS --[Provide]--> HAVE_KEYS --[Discard]--> | DISCARDED | + * \-------------------------------------[Discard]--> | | + * + * To transition the RX side of an EL from WAITING_FOR_KEYS to HAVE_KEYS, call + * ossl_qrx_provide_secret (for the INITIAL EL, use of + * ossl_quic_provide_initial_secret is recommended). + * + * Once keys have been provisioned for an EL, you call + * ossl_qrx_discard_enc_level to transition the EL to the DISCARDED state. You + * can also call this function to transition directly to the DISCARDED state + * even before any keys have been provisioned for that EL. + * + * The DISCARDED state is terminal for a given EL; you cannot provide a secret + * again for that EL after reaching it. + * + * Incoming packets cannot be processed and decrypted if they target an EL + * not in the HAVE_KEYS state. However, there is a distinction between + * the WAITING_FOR_KEYS and DISCARDED states: + * + * - In the WAITING_FOR_KEYS state, the QRX assumes keys for the given + * EL will eventually arrive. Therefore, if it receives any packet + * for an EL in this state, it buffers it and tries to process it + * again once the EL reaches HAVE_KEYS. + * + * - In the DISCARDED state, the QRX assumes no keys for the given + * EL will ever arrive again. If it receives any packet for an EL + * in this state, it is simply discarded. + * + * If the user wishes to instantiate a new QRX to replace an old one for + * whatever reason, for example to take over for an already established QUIC + * connection, it is important that all ELs no longer being used (i.e., INITIAL, + * 0-RTT, 1-RTT) are transitioned to the DISCARDED state. Otherwise, the QRX + * will assume that keys for these ELs will arrive in future, and will buffer + * any received packets for those ELs perpetually. This can be done by calling + * ossl_qrx_discard_enc_level for all non-1-RTT ELs immediately after + * instantiating the QRX. + * + * The INITIAL EL is not setup automatically when the QRX is instantiated. This + * allows the caller to instead discard it immediately after instantiation of + * the QRX if it is not needed, for example if the QRX is being instantiated to + * take over handling of an existing connection which has already passed the + * INITIAL phase. This avoids the unnecessary derivation of INITIAL keys where + * they are not needed. In the ordinary case, ossl_quic_provide_initial_secret + * should be called immediately after instantiation. + */ + +/* + * Provides a secret to the QRX, which arises due to an encryption level change. + * enc_level is a QUIC_ENC_LEVEL_* value. To initialise the INITIAL encryption + * level, it is recommended to use ossl_quic_provide_initial_secret instead. + * + * You should seek to call this function for a given EL before packets of that + * EL arrive and are processed by the QRX. However, if packets have already + * arrived for a given EL, the QRX will defer processing of them and perform + * processing of them when this function is eventually called for the EL in + * question. + * + * suite_id is a QRL_SUITE_* value which determines the AEAD function used for + * the QRX. + * + * The secret passed is used directly to derive the "quic key", "quic iv" and + * "quic hp" values. + * + * secret_len is the length of the secret buffer in bytes. The buffer must be + * sized correctly to the chosen suite, else the function fails. + * + * This function can only be called once for a given EL, except for the INITIAL + * EL, which can need rekeying when a connection retry occurs. Subsequent calls + * for non-INITIAL ELs fail, as do calls made after a corresponding call to + * ossl_qrx_discard_enc_level for that EL. The secret for a non-INITIAL EL + * cannot be changed after it is set because QUIC has no facility for + * introducing additional key material after an EL is setup. QUIC key updates + * are managed semi-automatically by the QRX but do require some caller handling + * (see below). + * + * md is for internal use and should be NULL. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_qrx_provide_secret(OSSL_QRX *qrx, + uint32_t enc_level, + uint32_t suite_id, + EVP_MD *md, + const unsigned char *secret, + size_t secret_len); + +/* + * Informs the QRX that it can now discard key material for a given EL. The QRX + * will no longer be able to process incoming packets received at that + * encryption level. This function is idempotent and succeeds if the EL has + * already been discarded. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_qrx_discard_enc_level(OSSL_QRX *qrx, uint32_t enc_level); + +/* + * Packet Reception + * ================ + */ + +/* Information about a received packet. */ +typedef struct ossl_qrx_pkt_st { + /* + * Points to a logical representation of the decoded QUIC packet header. The + * data and len fields point to the decrypted QUIC payload (i.e., to a + * sequence of zero or more (potentially malformed) frames to be decoded). + */ + QUIC_PKT_HDR *hdr; + + /* + * Address the packet was received from. If this is not available for this + * packet, this field is NULL (but this can only occur for manually injected + * packets). + */ + const BIO_ADDR *peer; + + /* + * Local address the packet was sent to. If this is not available for this + * packet, this field is NULL. + */ + const BIO_ADDR *local; + + /* + * This is the length of the datagram which contained this packet. Note that + * the datagram may have contained other packets than this. The intended use + * for this is so that the user can enforce minimum datagram sizes (e.g. for + * datagrams containing INITIAL packets), as required by RFC 9000. + */ + size_t datagram_len; + + /* The PN which was decoded for the packet, if the packet has a PN field. */ + QUIC_PN pn; + + /* + * Time the packet was received, or ossl_time_zero() if the demuxer is not + * using a now() function. + */ + OSSL_TIME time; + + /* The QRX which was used to receive the packet. */ + OSSL_QRX *qrx; + + /* + * The key epoch the packet was received with. Always 0 for non-1-RTT + * packets. + */ + uint64_t key_epoch; +} OSSL_QRX_PKT; + +/* + * Tries to read a new decrypted packet from the QRX. + * + * On success, *pkt points to a OSSL_QRX_PKT structure. The structure should be + * freed when no longer needed by calling ossl_qrx_pkt_release(). The structure + * is refcounted; to gain extra references, call ossl_qrx_pkt_up_ref(). This + * will cause a corresponding number of calls to ossl_qrx_pkt_release() to be + * ignored. + * + * The resources referenced by (*pkt)->hdr, (*pkt)->hdr->data and (*pkt)->peer + * have the same lifetime as *pkt. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_qrx_read_pkt(OSSL_QRX *qrx, OSSL_QRX_PKT **pkt); + +/* + * Decrement the reference count for the given packet and frees it if the + * reference count drops to zero. No-op if pkt is NULL. + */ +void ossl_qrx_pkt_release(OSSL_QRX_PKT *pkt); + +/* Increments the reference count for the given packet. */ +void ossl_qrx_pkt_up_ref(OSSL_QRX_PKT *pkt); + +/* + * Returns 1 if there are any already processed (i.e. decrypted) packets waiting + * to be read from the QRX. + */ +int ossl_qrx_processed_read_pending(OSSL_QRX *qrx); + +/* + * Returns 1 if there are any unprocessed (i.e. not yet decrypted) packets + * waiting to be processed by the QRX. These may or may not result in + * successfully decrypted packets once processed. This indicates whether + * unprocessed data is buffered by the QRX, not whether any data is available in + * a kernel socket buffer. + */ +int ossl_qrx_unprocessed_read_pending(OSSL_QRX *qrx); + +/* + * Returns the number of UDP payload bytes received from the network so far + * since the last time this counter was cleared. If clear is 1, clears the + * counter and returns the old value. + * + * The intended use of this is to allow callers to determine how much credit to + * add to their anti-amplification budgets. This is reported separately instead + * of in the OSSL_QRX_PKT structure so that a caller can apply + * anti-amplification credit as soon as a datagram is received, before it has + * necessarily read all processed packets contained within that datagram from + * the QRX. + */ +uint64_t ossl_qrx_get_bytes_received(OSSL_QRX *qrx, int clear); + +/* + * Sets a callback which is called when a packet is received and being validated + * before being queued in the read queue. This is called after packet body + * decryption and authentication to prevent exposing side channels. pn_space is + * a QUIC_PN_SPACE_* value denoting which PN space the PN belongs to. + * + * If this callback returns 1, processing continues normally. + * If this callback returns 0, the packet is discarded. + * + * Other packets in the same datagram will still be processed where possible. + * + * The callback is optional and can be unset by passing NULL for cb. + * cb_arg is an opaque value passed to cb. + */ +typedef int (ossl_qrx_late_validation_cb)(QUIC_PN pn, int pn_space, + void *arg); + +int ossl_qrx_set_late_validation_cb(OSSL_QRX *qrx, + ossl_qrx_late_validation_cb *cb, + void *cb_arg); + +/* + * Forcibly injects a URXE which has been issued by the DEMUX into the QRX for + * processing. This can be used to pass a received datagram to the QRX if it + * would not be correctly routed to the QRX via standard DCID-based routing; for + * example, when handling an incoming Initial packet which is attempting to + * establish a new connection. + */ +void ossl_qrx_inject_urxe(OSSL_QRX *qrx, QUIC_URXE *e); + +/* + * Decryption of 1-RTT packets must be explicitly enabled by calling this + * function. This is to comply with the requirement that we not process 1-RTT + * packets until the handshake is complete, even if we already have 1-RTT + * secrets. Even if a 1-RTT secret is provisioned for the QRX, incoming 1-RTT + * packets will be handled as though no key is available until this function is + * called. Calling this function will then requeue any such deferred packets for + * processing. + */ +void ossl_qrx_allow_1rtt_processing(OSSL_QRX *qrx); + +/* + * Key Update (RX) + * =============== + * + * Key update on the RX side is a largely but not entirely automatic process. + * + * Key update is initially triggered by receiving a 1-RTT packet with a + * different Key Phase value. This could be caused by an attacker in the network + * flipping random bits, therefore such a key update is tentative until the + * packet payload is successfully decrypted and authenticated by the AEAD with + * the 'next' keys. These 'next' keys then become the 'current' keys and the + * 'current' keys then become the 'previous' keys. The 'previous' keys must be + * kept around temporarily as some packets may still be in flight in the network + * encrypted with the old keys. If the old Key Phase value is X and the new Key + * Phase Value is Y (where obviously X != Y), this creates an ambiguity as any + * new packet received with a KP of X could either be an attempt to initiate yet + * another key update right after the last one, or an old packet encrypted + * before the key update. + * + * RFC 9001 provides some guidance on handling this issue: + * + * Strategy 1: + * Three keys, disambiguation using packet numbers + * + * "A recovered PN that is lower than any PN from the current KP uses the + * previous packet protection keys; a recovered PN that is higher than any + * PN from the current KP requires use of the next packet protection + * keys." + * + * Strategy 2: + * Two keys and a timer + * + * "Alternatively, endpoints can retain only two sets of packet protection + * keys, swapping previous keys for next after enough time has passed to + * allow for reordering in the network. In this case, the KP bit alone can + * be used to select keys." + * + * Strategy 2 is more efficient (we can keep fewer cipher contexts around) and + * should cover all actually possible network conditions. It also allows a delay + * after we make the 'next' keys our 'current' keys before we generate new + * 'next' keys, which allows us to mitigate against malicious peers who try to + * initiate an excessive number of key updates. + * + * We therefore model the following state machine: + * + * + * PROVISIONED + * _______________________________ + * | | + * UNPROVISIONED --|----> NORMAL <----------\ |------> DISCARDED + * | | | | + * | | | | + * | v | | + * | UPDATING | | + * | | | | + * | | | | + * | v | | + * | COOLDOWN | | + * | | | | + * | | | | + * | \---------------| | + * |_______________________________| + * + * + * The RX starts (once a secret has been provisioned) in the NORMAL state. In + * the NORMAL state, the current expected value of the Key Phase bit is + * recorded. When a flipped Key Phase bit is detected, the RX attempts to + * decrypt and authenticate the received packet with the 'next' keys rather than + * the 'current' keys. If (and only if) this authentication is successful, we + * move to the UPDATING state. (An attacker in the network could flip + * the Key Phase bit randomly, so it is essential we do nothing until AEAD + * authentication is complete.) + * + * In the UPDATING state, we know a key update is occurring and record + * the new Key Phase bit value as the newly current value, but we still keep the + * old keys around so that we can still process any packets which were still in + * flight when the key update was initiated. In the UPDATING state, a + * Key Phase bit value different to the current expected value is treated not as + * the initiation of another key update, but a reference to our old keys. + * + * Eventually we will be reasonably sure we are not going to receive any more + * packets with the old keys. At this point, we can transition to the COOLDOWN + * state. This transition occurs automatically after a certain amount of time; + * RFC 9001 recommends it be the PTO interval, which relates to our RTT to the + * peer. The duration also SHOULD NOT exceed three times the PTO to assist with + * maintaining PFS. + * + * In the COOLDOWN phase, the old keys have been securely erased and only one + * set of keys can be used: the current keys. If a packet is received with a Key + * Phase bit value different to the current Key Phase Bit value, this is treated + * as a request for a Key Update, but this request is ignored and the packet is + * treated as malformed. We do this to allow mitigation against malicious peers + * trying to initiate an excessive number of Key Updates. The timeout for the + * transition from UPDATING to COOLDOWN is recommended as adequate for + * this purpose in itself by the RFC, so the normal additional timeout value for + * the transition from COOLDOWN to normal is zero (immediate transition). + * + * A summary of each state: + * + * Epoch Exp KP Uses Keys KS0 KS1 If Non-Expected KP Bit + * ----- ------ --------- ------ ----- ---------------------- + * NORMAL 0 0 Keyset 0 Gen 0 Gen 1 → UPDATING + * UPDATING 1 1 Keyset 1 Gen 0 Gen 1 Use Keyset 0 + * COOLDOWN 1 1 Keyset 1 Erased Gen 1 Ignore Packet (*) + * + * NORMAL 1 1 Keyset 1 Gen 2 Gen 1 → UPDATING + * UPDATING 2 0 Keyset 0 Gen 2 Gen 1 Use Keyset 1 + * COOLDOWN 2 0 Keyset 0 Gen 2 Erased Ignore Packet (*) + * + * (*) Actually implemented by attempting to decrypt the packet with the + * wrong keys (which ultimately has the same outcome), as recommended + * by RFC 9001 to avoid creating timing channels. + * + * Note that the key material for the next key generation ("key epoch") is + * always kept in the NORMAL state (necessary to avoid side-channel attacks). + * This material is derived during the transition from COOLDOWN to NORMAL. + * + * Note that when a peer initiates a Key Update, we MUST also initiate a Key + * Update as per the RFC. The caller is responsible for detecting this condition + * and making the necessary calls to the TX side by detecting changes to the + * return value of ossl_qrx_get_key_epoch(). + * + * The above states (NORMAL, UPDATING, COOLDOWN) can themselves be + * considered substates of the PROVISIONED state. Providing a secret to the QRX + * for an EL transitions from UNPROVISIONED, the initial state, to PROVISIONED + * (NORMAL). Dropping key material for an EL transitions from whatever the + * current substate of the PROVISIONED state is to the DISCARDED state, which is + * the terminal state. + * + * Note that non-1RTT ELs cannot undergo key update, therefore a non-1RTT EL is + * always in the NORMAL substate if it is in the PROVISIONED state. + */ + +/* + * Return the current RX key epoch for the 1-RTT encryption level. This is + * initially zero and is incremented by one for every Key Update successfully + * signalled by the peer. If the 1-RTT EL has not yet been provisioned or has + * been discarded, returns UINT64_MAX. + * + * A necessary implication of this API is that the least significant bit of the + * returned value corresponds to the currently expected Key Phase bit, though + * callers are not anticipated to have any need of this information. + * + * It is not possible for the returned value to overflow, as a QUIC connection + * cannot support more than 2**62 packet numbers, and a connection must be + * terminated if this limit is reached. + * + * The caller should use this function to detect when the key epoch has changed + * and use it to initiate a key update on the TX side. + * + * The value returned by this function increments specifically at the transition + * from the NORMAL to the UPDATING state discussed above. + */ +uint64_t ossl_qrx_get_key_epoch(OSSL_QRX *qrx); + +/* + * Sets an optional callback which will be called when the key epoch changes. + * + * The callback is optional and can be unset by passing NULL for cb. + * cb_arg is an opaque value passed to cb. pn is the PN of the packet. + * Since key update is only supported for 1-RTT packets, the PN is always + * in the Application Data PN space. +*/ +typedef void (ossl_qrx_key_update_cb)(QUIC_PN pn, void *arg); + +int ossl_qrx_set_key_update_cb(OSSL_QRX *qrx, + ossl_qrx_key_update_cb *cb, void *cb_arg); + +/* + * Relates to the 1-RTT encryption level. The caller should call this after the + * UPDATING state is reached, after a timeout to be determined by the caller. + * + * This transitions from the UPDATING state to the COOLDOWN state (if + * still in the UPDATING state). If normal is 1, then transitions from + * the COOLDOWN state to the NORMAL state. Both transitions can be performed at + * once if desired. + * + * If in the normal state, or if in the COOLDOWN state and normal is 0, this is + * a no-op and returns 1. Returns 0 if the 1-RTT EL has not been provisioned or + * has been dropped. + * + * It is essential that the caller call this within a few PTO intervals of a key + * update occurring (as detected by the caller in a call to + * ossl_qrx_key_get_key_epoch()), as otherwise the peer will not be able to + * perform a Key Update ever again. + */ +int ossl_qrx_key_update_timeout(OSSL_QRX *qrx, int normal); + + +/* + * Key Expiration + * ============== + */ + +/* + * Returns the number of seemingly forged packets which have been received by + * the QRX. If this value reaches the value returned by + * ossl_qrx_get_max_epoch_forged_pkt_count() for a given EL, all further + * received encrypted packets for that EL will be discarded without processing. + * + * Note that the forged packet limit is for the connection lifetime, thus it is + * not reset by a key update. It is suggested that the caller terminate the + * connection a reasonable margin before the limit is reached. However, the + * exact limit imposed does vary by EL due to the possibility that different ELs + * use different AEADs. + */ +uint64_t ossl_qrx_get_cur_forged_pkt_count(OSSL_QRX *qrx); + +/* + * Returns the maximum number of forged packets which the record layer will + * permit to be verified using this QRX instance. + */ +uint64_t ossl_qrx_get_max_forged_pkt_count(OSSL_QRX *qrx, + uint32_t enc_level); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_record_tx.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_record_tx.h new file mode 100644 index 00000000..f3b798fe --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_record_tx.h @@ -0,0 +1,383 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_RECORD_TX_H +# define OSSL_QUIC_RECORD_TX_H + +# include +# include "internal/quic_wire_pkt.h" +# include "internal/quic_types.h" +# include "internal/quic_record_util.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Record Layer - TX + * ====================== + */ +typedef struct ossl_qtx_iovec_st { + const unsigned char *buf; + size_t buf_len; +} OSSL_QTX_IOVEC; + +typedef struct ossl_qtx_st OSSL_QTX; + +typedef int (*ossl_mutate_packet_cb)(const QUIC_PKT_HDR *hdrin, + const OSSL_QTX_IOVEC *iovecin, size_t numin, + QUIC_PKT_HDR **hdrout, + const OSSL_QTX_IOVEC **iovecout, + size_t *numout, + void *arg); + +typedef void (*ossl_finish_mutate_cb)(void *arg); + +typedef struct ossl_qtx_args_st { + OSSL_LIB_CTX *libctx; + const char *propq; + + /* BIO to transmit to. */ + BIO *bio; + + /* Maximum datagram payload length (MDPL) for TX purposes. */ + size_t mdpl; +} OSSL_QTX_ARGS; + +/* Instantiates a new QTX. */ +OSSL_QTX *ossl_qtx_new(const OSSL_QTX_ARGS *args); + +/* Frees the QTX. */ +void ossl_qtx_free(OSSL_QTX *qtx); + +/* Set mutator callbacks for test framework support */ +void ossl_qtx_set_mutator(OSSL_QTX *qtx, ossl_mutate_packet_cb mutatecb, + ossl_finish_mutate_cb finishmutatecb, void *mutatearg); + +/* Setters for the msg_callback and the msg_callback_arg */ +void ossl_qtx_set_msg_callback(OSSL_QTX *qtx, ossl_msg_cb msg_callback, + SSL *msg_callback_ssl); +void ossl_qtx_set_msg_callback_arg(OSSL_QTX *qtx, void *msg_callback_arg); + +/* + * Secret Management + * ----------------- + */ + +/* + * Provides a secret to the QTX, which arises due to an encryption level change. + * enc_level is a QUIC_ENC_LEVEL_* value. + * + * This function can be used to initialise the INITIAL encryption level, but you + * should not do so directly; see the utility function + * ossl_qrl_provide_initial_secret() instead, which can initialise the INITIAL + * encryption level of a QRX and QTX simultaneously without duplicating certain + * key derivation steps. + * + * You must call this function for a given EL before transmitting packets at + * that EL using this QTX, otherwise ossl_qtx_write_pkt will fail. + * + * suite_id is a QRL_SUITE_* value which determines the AEAD function used for + * the QTX. + * + * The secret passed is used directly to derive the "quic key", "quic iv" and + * "quic hp" values. + * + * secret_len is the length of the secret buffer in bytes. The buffer must be + * sized correctly to the chosen suite, else the function fails. + * + * This function can only be called once for a given EL, except for the INITIAL + * EL, as the INITIAL EL can need to be rekeyed if connection retry occurs. + * Subsequent calls for non-INITIAL ELs fail. Calls made after a corresponding + * call to ossl_qtx_discard_enc_level for a given EL also fail, including for + * the INITIAL EL. The secret for a non-INITIAL EL cannot be changed after it is + * set because QUIC has no facility for introducing additional key material + * after an EL is setup. (QUIC key updates generate new keys from existing key + * material and do not introduce new entropy into a connection's key material.) + * + * Returns 1 on success or 0 on failure. + */ +int ossl_qtx_provide_secret(OSSL_QTX *qtx, + uint32_t enc_level, + uint32_t suite_id, + EVP_MD *md, + const unsigned char *secret, + size_t secret_len); + +/* + * Informs the QTX that it can now discard key material for a given EL. The QTX + * will no longer be able to generate packets at that EL. This function is + * idempotent and succeeds if the EL has already been discarded. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_qtx_discard_enc_level(OSSL_QTX *qtx, uint32_t enc_level); + +/* Returns 1 if the given encryption level is provisioned. */ +int ossl_qtx_is_enc_level_provisioned(OSSL_QTX *qtx, uint32_t enc_level); + +/* + * Given the value ciphertext_len representing an encrypted packet payload + * length in bytes, determines how many plaintext bytes it will decrypt to. + * Returns 0 if the specified EL is not provisioned or ciphertext_len is too + * small. The result is written to *plaintext_len. + */ +int ossl_qtx_calculate_plaintext_payload_len(OSSL_QTX *qtx, uint32_t enc_level, + size_t ciphertext_len, + size_t *plaintext_len); + +/* + * Given the value plaintext_len represented a plaintext packet payload length + * in bytes, determines how many ciphertext bytes it will encrypt to. The value + * output does not include packet headers. Returns 0 if the specified EL is not + * provisioned. The result is written to *ciphertext_len. + */ +int ossl_qtx_calculate_ciphertext_payload_len(OSSL_QTX *qtx, uint32_t enc_level, + size_t plaintext_len, + size_t *ciphertext_len); + +uint32_t ossl_qrl_get_suite_cipher_tag_len(uint32_t suite_id); + + +/* + * Packet Transmission + * ------------------- + */ + +typedef struct ossl_qtx_pkt_st { + /* Logical packet header to be serialized. */ + QUIC_PKT_HDR *hdr; + + /* + * iovecs expressing the logical packet payload buffer. Zero-length entries + * are permitted. + */ + const OSSL_QTX_IOVEC *iovec; + size_t num_iovec; + + /* Destination address. Will be passed through to the BIO if non-NULL. */ + const BIO_ADDR *peer; + + /* + * Local address (optional). Specify as non-NULL only if TX BIO + * has local address support enabled. + */ + const BIO_ADDR *local; + + /* + * Logical PN. Used for encryption. This will automatically be encoded to + * hdr->pn, which need not be initialized. + */ + QUIC_PN pn; + + /* Packet flags. Zero or more OSSL_QTX_PKT_FLAG_* values. */ + uint32_t flags; +} OSSL_QTX_PKT; + +/* + * More packets will be written which should be coalesced into a single + * datagram; do not send this packet yet. To use this, set this flag for all + * packets but the final packet in a datagram, then send the final packet + * without this flag set. + * + * This flag is not a guarantee and the QTX may transmit immediately anyway if + * it is not possible to fit any more packets in the current datagram. + * + * If the caller change its mind and needs to cause a packet queued with + * COALESCE after having passed it to this function but without writing another + * packet, it should call ossl_qtx_flush_pkt(). + */ +#define OSSL_QTX_PKT_FLAG_COALESCE (1U << 0) + +/* + * Writes a packet. + * + * *pkt need be valid only for the duration of the call to this function. + * + * pkt->hdr->data and pkt->hdr->len are unused. The payload buffer is specified + * via an array of OSSL_QTX_IOVEC structures. The API is designed to support + * single-copy transmission; data is copied from the iovecs as it is encrypted + * into an internal staging buffer for transmission. + * + * The function may modify and clobber pkt->hdr->data, pkt->hdr->len, + * pkt->hdr->key_phase and pkt->hdr->pn for its own internal use. No other + * fields of pkt or pkt->hdr will be modified. + * + * It is the callers responsibility to determine how long the PN field in the + * encoded packet should be by setting pkt->hdr->pn_len. This function takes + * care of the PN encoding. Set pkt->pn to the desired PN. + * + * Note that 1-RTT packets do not have a DCID Length field, therefore the DCID + * length must be understood contextually. This function assumes the caller + * knows what it is doing and will serialize a DCID of whatever length is given. + * It is the caller's responsibility to ensure it uses a consistent DCID length + * for communication with any given set of remote peers. + * + * The packet is queued regardless of whether it is able to be sent immediately. + * This enables packets to be batched and sent at once on systems which support + * system calls to send multiple datagrams in a single system call (see + * BIO_sendmmsg). To flush queued datagrams to the network, see + * ossl_qtx_flush_net(). + * + * Returns 1 on success or 0 on failure. + */ +int ossl_qtx_write_pkt(OSSL_QTX *qtx, const OSSL_QTX_PKT *pkt); + +/* + * Finish any incomplete datagrams for transmission which were flagged for + * coalescing. If there is no current coalescing datagram, this is a no-op. + */ +void ossl_qtx_finish_dgram(OSSL_QTX *qtx); + +/* + * (Attempt to) flush any datagrams which are queued for transmission. Note that + * this does not cancel coalescing; call ossl_qtx_finish_dgram() first if that + * is desired. The queue is drained into the OS's sockets as much as possible. + * To determine if there is still data to be sent after calling this function, + * use ossl_qtx_get_queue_len_bytes(). + * + * Returns one of the following values: + * + * QTX_FLUSH_NET_RES_OK + * Either no packets are currently queued for transmission, + * or at least one packet was successfully submitted. + * + * QTX_FLUSH_NET_RES_TRANSIENT_FAIL + * The underlying network write BIO indicated a transient error + * (e.g. buffers full). + * + * QTX_FLUSH_NET_RES_PERMANENT_FAIL + * Internal error (e.g. assertion or allocation error) + * or the underlying network write BIO indicated a non-transient + * error. + */ +#define QTX_FLUSH_NET_RES_OK 1 +#define QTX_FLUSH_NET_RES_TRANSIENT_FAIL (-1) +#define QTX_FLUSH_NET_RES_PERMANENT_FAIL (-2) + +int ossl_qtx_flush_net(OSSL_QTX *qtx); + +/* + * Diagnostic function. If there is any datagram pending transmission, pops it + * and writes the details of the datagram as they would have been passed to + * *msg. Returns 1, or 0 if there are no datagrams pending. For test use only. + */ +int ossl_qtx_pop_net(OSSL_QTX *qtx, BIO_MSG *msg); + +/* Returns number of datagrams which are fully-formed but not yet sent. */ +size_t ossl_qtx_get_queue_len_datagrams(OSSL_QTX *qtx); + +/* + * Returns number of payload bytes across all datagrams which are fully-formed + * but not yet sent. Does not count any incomplete coalescing datagram. + */ +size_t ossl_qtx_get_queue_len_bytes(OSSL_QTX *qtx); + +/* + * Returns number of bytes in the current coalescing datagram, or 0 if there is + * no current coalescing datagram. Returns 0 after a call to + * ossl_qtx_finish_dgram(). + */ +size_t ossl_qtx_get_cur_dgram_len_bytes(OSSL_QTX *qtx); + +/* + * Returns number of queued coalesced packets which have not been put into a + * datagram yet. If this is non-zero, ossl_qtx_flush_pkt() needs to be called. + */ +size_t ossl_qtx_get_unflushed_pkt_count(OSSL_QTX *qtx); + +/* + * Change the BIO being used by the QTX. May be NULL if actual transmission is + * not currently required. Does not up-ref the BIO; the caller is responsible + * for ensuring the lifetime of the BIO exceeds the lifetime of the QTX. + */ +void ossl_qtx_set_bio(OSSL_QTX *qtx, BIO *bio); + +/* Changes the MDPL. */ +int ossl_qtx_set_mdpl(OSSL_QTX *qtx, size_t mdpl); + +/* Retrieves the current MDPL. */ +size_t ossl_qtx_get_mdpl(OSSL_QTX *qtx); + + +/* + * Key Update + * ---------- + * + * For additional discussion of key update considerations, see QRX header file. + */ + +/* + * Triggers a key update. The key update will be started by inverting the Key + * Phase bit of the next packet transmitted; no key update occurs until the next + * packet is transmitted. Thus, this function should generally be called + * immediately before queueing the next packet. + * + * There are substantial requirements imposed by RFC 9001 on under what + * circumstances a key update can be initiated. The caller is responsible for + * meeting most of these requirements. For example, this function cannot be + * called too soon after a previous key update has occurred. Key updates also + * cannot be initiated until the 1-RTT encryption level is reached. + * + * As a sanity check, this function will fail and return 0 if the non-1RTT + * encryption levels have not yet been dropped. + * + * The caller may decide itself to initiate a key update, but it also MUST + * initiate a key update where it detects that the peer has initiated a key + * update. The caller is responsible for initiating a TX key update by calling + * this function in this circumstance; thus, the caller is responsible for + * coupling the RX and TX QUIC record layers in this way. + */ +int ossl_qtx_trigger_key_update(OSSL_QTX *qtx); + + +/* + * Key Expiration + * -------------- + */ + +/* + * Returns the number of packets which have been encrypted for transmission with + * the current set of TX keys (the current "TX key epoch"). Reset to zero after + * a key update and incremented for each packet queued. If enc_level is not + * valid or relates to an EL which is not currently available, returns + * UINT64_MAX. + */ +uint64_t ossl_qtx_get_cur_epoch_pkt_count(OSSL_QTX *qtx, uint32_t enc_level); + +/* + * Returns the maximum number of packets which the record layer will permit to + * be encrypted using the current set of TX keys. If this limit is reached (that + * is, if the counter returned by ossl_qrx_tx_get_cur_epoch_pkt_count() reaches + * this value), as a safety measure, the QTX will not permit any further packets + * to be queued. All calls to ossl_qrx_write_pkt that try to send packets of a + * kind which need to be encrypted will fail. It is not possible to recover from + * this condition and the QTX must then be destroyed; therefore, callers should + * ensure they always trigger a key update well in advance of reaching this + * limit. + * + * The value returned by this function is based on the ciphersuite configured + * for the given encryption level. If keys have not been provisioned for the + * specified enc_level or the enc_level argument is invalid, this function + * returns UINT64_MAX, which is not a valid value. Note that it is not possible + * to perform a key update at any encryption level other than 1-RTT, therefore + * if this limit is reached at earlier encryption levels (which should not be + * possible) the connection must be terminated. Since this condition precludes + * the transmission of further packets, the only possible signalling of such an + * error condition to a peer is a Stateless Reset packet. + */ +uint64_t ossl_qtx_get_max_epoch_pkt_count(OSSL_QTX *qtx, uint32_t enc_level); + +/* + * Get the 1-RTT EL key epoch number for the QTX. This is intended for + * diagnostic purposes. Returns 0 if 1-RTT EL is not provisioned yet. + */ +uint64_t ossl_qtx_get_key_epoch(OSSL_QTX *qtx); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_record_util.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_record_util.h new file mode 100644 index 00000000..97e630d9 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_record_util.h @@ -0,0 +1,116 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_RECORD_UTIL_H +# define OSSL_QUIC_RECORD_UTIL_H + +# include +# include "internal/quic_types.h" + +# ifndef OPENSSL_NO_QUIC + +struct ossl_qrx_st; +struct ossl_qtx_st; + +/* + * QUIC Key Derivation Utilities + * ============================= + */ + +/* HKDF-Extract(salt, IKM) (RFC 5869) */ +int ossl_quic_hkdf_extract(OSSL_LIB_CTX *libctx, + const char *propq, + const EVP_MD *md, + const unsigned char *salt, size_t salt_len, + const unsigned char *ikm, size_t ikm_len, + unsigned char *out, size_t out_len); + +/* + * A QUIC client sends its first INITIAL packet with a random DCID, which + * is used to compute the secrets used for INITIAL packet encryption in both + * directions (both client-to-server and server-to-client). + * + * This function performs the necessary DCID-based key derivation, and then + * provides the derived key material for the INITIAL encryption level to a QRX + * instance, a QTX instance, or both. + * + * This function derives the necessary key material and then: + * - if qrx is non-NULL, provides the appropriate secret to it; + * - if qtx is non-NULL, provides the appropriate secret to it. + * + * If both qrx and qtx are NULL, this is a no-op. This function is equivalent to + * making the appropriate calls to ossl_qrx_provide_secret() and + * ossl_qtx_provide_secret(). + * + * It is possible to use a QRX or QTX without ever calling this, for example if + * there is no desire to handle INITIAL packets (e.g. if a QRX/QTX is + * instantiated to succeed a previous QRX/QTX and handle a connection which is + * already established). However in this case you should make sure you call + * ossl_qrx_discard_enc_level(); see the header for that function for more + * details. Calling ossl_qtx_discard_enc_level() is not essential but could + * protect against programming errors. + * + * Returns 1 on success or 0 on error. + */ +int ossl_quic_provide_initial_secret(OSSL_LIB_CTX *libctx, + const char *propq, + const QUIC_CONN_ID *dst_conn_id, + int is_server, + struct ossl_qrx_st *qrx, + struct ossl_qtx_st *qtx); + +/* + * QUIC Record Layer Ciphersuite Info + * ================================== + */ + +/* Available QUIC Record Layer (QRL) ciphersuites. */ +# define QRL_SUITE_AES128GCM 1 /* SHA256 */ +# define QRL_SUITE_AES256GCM 2 /* SHA384 */ +# define QRL_SUITE_CHACHA20POLY1305 3 /* SHA256 */ + +/* Returns cipher name in bytes or NULL if suite ID is invalid. */ +const char *ossl_qrl_get_suite_cipher_name(uint32_t suite_id); + +/* Returns hash function name in bytes or NULL if suite ID is invalid. */ +const char *ossl_qrl_get_suite_md_name(uint32_t suite_id); + +/* Returns secret length in bytes or 0 if suite ID is invalid. */ +uint32_t ossl_qrl_get_suite_secret_len(uint32_t suite_id); + +/* Returns key length in bytes or 0 if suite ID is invalid. */ +uint32_t ossl_qrl_get_suite_cipher_key_len(uint32_t suite_id); + +/* Returns IV length in bytes or 0 if suite ID is invalid. */ +uint32_t ossl_qrl_get_suite_cipher_iv_len(uint32_t suite_id); + +/* Returns AEAD auth tag length in bytes or 0 if suite ID is invalid. */ +uint32_t ossl_qrl_get_suite_cipher_tag_len(uint32_t suite_id); + +/* Returns a QUIC_HDR_PROT_CIPHER_* value or 0 if suite ID is invalid. */ +uint32_t ossl_qrl_get_suite_hdr_prot_cipher_id(uint32_t suite_id); + +/* Returns header protection key length in bytes or 0 if suite ID is invalid. */ +uint32_t ossl_qrl_get_suite_hdr_prot_key_len(uint32_t suite_id); + +/* + * Returns maximum number of packets which may be safely encrypted with a suite + * or 0 if suite ID is invalid. + */ +uint64_t ossl_qrl_get_suite_max_pkt(uint32_t suite_id); + +/* + * Returns maximum number of RX'd packets which may safely fail AEAD decryption + * for a given suite or 0 if suite ID is invalid. + */ +uint64_t ossl_qrl_get_suite_max_forged_pkt(uint32_t suite_id); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_rx_depack.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_rx_depack.h new file mode 100644 index 00000000..c90964a7 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_rx_depack.h @@ -0,0 +1,21 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_RX_DEPACK_H +# define OSSL_QUIC_RX_DEPACK_H + +# include "internal/quic_channel.h" + +# ifndef OPENSSL_NO_QUIC + +int ossl_quic_handle_frames(QUIC_CHANNEL *qc, OSSL_QRX_PKT *qpacket); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_sf_list.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_sf_list.h new file mode 100644 index 00000000..8ed1dcb1 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_sf_list.h @@ -0,0 +1,151 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_SF_LIST_H +# define OSSL_QUIC_SF_LIST_H + +#include "internal/common.h" +#include "internal/uint_set.h" +#include "internal/quic_record_rx.h" + +/* + * Stream frame list + * ================= + * + * This data structure supports similar operations as uint64 set but + * it has slightly different invariants and also carries data associated with + * the ranges in the list. + * + * Operations: + * Insert frame (optimized insertion at the beginning and at the end). + * Iterated peek into the frame(s) from the beginning. + * Dropping frames from the beginning up to an offset (exclusive). + * + * Invariant: The frames in the list are sorted by the start and end bounds. + * Invariant: There are no fully overlapping frames or frames that would + * be fully encompassed by another frame in the list. + * Invariant: No frame has start > end. + * Invariant: The range start is inclusive the end is exclusive to be + * able to mark an empty frame. + * Invariant: The offset never points further than into the first frame. + */ +# ifndef OPENSSL_NO_QUIC + +typedef struct stream_frame_st STREAM_FRAME; + +typedef struct sframe_list_st { + STREAM_FRAME *head, *tail; + /* Is the tail frame final. */ + unsigned int fin; + /* Number of stream frames in the list. */ + size_t num_frames; + /* Offset of data not yet dropped */ + uint64_t offset; + /* Is head locked ? */ + int head_locked; + /* Cleanse data on release? */ + int cleanse; +} SFRAME_LIST; + +/* + * Initializes the stream frame list fl. + */ +void ossl_sframe_list_init(SFRAME_LIST *fl); + +/* + * Destroys the stream frame list fl releasing any data + * still present inside it. + */ +void ossl_sframe_list_destroy(SFRAME_LIST *fl); + +/* + * Insert a stream frame data into the list. + * The data covers an offset range (range.start is inclusive, + * range.end is exclusive). + * fin should be set if this is the final frame of the stream. + * Returns an error if a frame cannot be inserted - due to + * STREAM_FRAME allocation error, or in case of erroneous + * fin flag (this is an ossl_assert() check so a caller must + * check it on its own too). + */ +int ossl_sframe_list_insert(SFRAME_LIST *fl, UINT_RANGE *range, + OSSL_QRX_PKT *pkt, + const unsigned char *data, int fin); + +/* + * Iterator to peek at the contiguous frames at the beginning + * of the frame list fl. + * The *data covers an offset range (range.start is inclusive, + * range.end is exclusive). + * *fin is set if this is the final frame of the stream. + * Opaque iterator *iter can be used to peek at the subsequent + * frame if there is any without any gap before it. + * Returns 1 on success. + * Returns 0 if there is no further contiguous frame. In that + * case *fin is set, if the end of the stream is reached. + */ +int ossl_sframe_list_peek(const SFRAME_LIST *fl, void **iter, + UINT_RANGE *range, const unsigned char **data, + int *fin); + +/* + * Drop all frames up to the offset limit. + * Also unlocks the head frame if locked. + * Returns 1 on success. + * Returns 0 when trying to drop frames at offsets that were not + * received yet. (ossl_assert() is used to check, so this is an invalid call.) + */ +int ossl_sframe_list_drop_frames(SFRAME_LIST *fl, uint64_t limit); + +/* + * Locks and returns the head frame of fl if it is readable - read offset is + * at the beginning or middle of the frame. + * range is set to encompass the not yet read part of the head frame, + * data pointer is set to appropriate offset within the frame if the read + * offset points in the middle of the frame, + * fin is set to 1 if the head frame is also the tail frame. + * Returns 1 on success, 0 if there is no readable data or the head + * frame is already locked. + */ +int ossl_sframe_list_lock_head(SFRAME_LIST *fl, UINT_RANGE *range, + const unsigned char **data, + int *fin); + +/* + * Just returns whether the head frame is locked by previous + * ossl_sframe_list_lock_head() call. + */ +int ossl_sframe_list_is_head_locked(SFRAME_LIST *fl); + +/* + * Callback function type to write stream frame data to some + * side storage before the packet containing the frame data + * is released. + * It should return 1 on success or 0 if there is not enough + * space available in the side storage. + */ +typedef int (sframe_list_write_at_cb)(uint64_t logical_offset, + const unsigned char *buf, + size_t buf_len, + void *cb_arg); + +/* + * Move the frame data in all the stream frames in the list fl + * from the packets to the side storage using the write_at_cb + * callback. + * Returns 1 if all the calls to the callback return 1. + * If the callback returns 0, the function stops processing further + * frames and returns 0. + */ +int ossl_sframe_list_move_data(SFRAME_LIST *fl, + sframe_list_write_at_cb *write_at_cb, + void *cb_arg); +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_ssl.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_ssl.h new file mode 100644 index 00000000..52d4527c --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_ssl.h @@ -0,0 +1,132 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_SSL_H +# define OSSL_QUIC_SSL_H + +# include +# include +# include "internal/quic_record_rx.h" /* OSSL_QRX */ +# include "internal/quic_ackm.h" /* OSSL_ACKM */ +# include "internal/quic_channel.h" /* QUIC_CHANNEL */ + +# ifndef OPENSSL_NO_QUIC + +__owur SSL *ossl_quic_new(SSL_CTX *ctx); +__owur int ossl_quic_init(SSL *s); +void ossl_quic_deinit(SSL *s); +void ossl_quic_free(SSL *s); +int ossl_quic_reset(SSL *s); +int ossl_quic_clear(SSL *s); +__owur int ossl_quic_accept(SSL *s); +__owur int ossl_quic_connect(SSL *s); +__owur int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *readbytes); +__owur int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *readbytes); +__owur int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written); +__owur long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg); +__owur long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); +__owur long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void)); +__owur long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)); +__owur size_t ossl_quic_pending(const SSL *s); +__owur int ossl_quic_key_update(SSL *s, int update_type); +__owur int ossl_quic_get_key_update_type(const SSL *s); +__owur const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p); +__owur int ossl_quic_num_ciphers(void); +__owur const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u); +int ossl_quic_renegotiate_check(SSL *ssl, int initok); + +typedef struct quic_conn_st QUIC_CONNECTION; +typedef struct quic_xso_st QUIC_XSO; + +int ossl_quic_do_handshake(SSL *s); +void ossl_quic_set_connect_state(SSL *s); +void ossl_quic_set_accept_state(SSL *s); + +__owur int ossl_quic_has_pending(const SSL *s); +__owur int ossl_quic_handle_events(SSL *s); +__owur int ossl_quic_get_event_timeout(SSL *s, struct timeval *tv, + int *is_infinite); +OSSL_TIME ossl_quic_get_event_deadline(SSL *s); +__owur int ossl_quic_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *d); +__owur int ossl_quic_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *d); +__owur int ossl_quic_get_net_read_desired(SSL *s); +__owur int ossl_quic_get_net_write_desired(SSL *s); +__owur int ossl_quic_get_error(const SSL *s, int i); +__owur int ossl_quic_want(const SSL *s); +__owur int ossl_quic_conn_get_blocking_mode(const SSL *s); +__owur int ossl_quic_conn_set_blocking_mode(SSL *s, int blocking); +__owur int ossl_quic_conn_shutdown(SSL *s, uint64_t flags, + const SSL_SHUTDOWN_EX_ARGS *args, + size_t args_len); +__owur int ossl_quic_conn_stream_conclude(SSL *s); +void ossl_quic_conn_set0_net_rbio(SSL *s, BIO *net_wbio); +void ossl_quic_conn_set0_net_wbio(SSL *s, BIO *net_wbio); +BIO *ossl_quic_conn_get_net_rbio(const SSL *s); +BIO *ossl_quic_conn_get_net_wbio(const SSL *s); +__owur int ossl_quic_conn_set_initial_peer_addr(SSL *s, + const BIO_ADDR *peer_addr); +__owur SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags); +__owur SSL *ossl_quic_get0_connection(SSL *s); +__owur int ossl_quic_get_stream_type(SSL *s); +__owur uint64_t ossl_quic_get_stream_id(SSL *s); +__owur int ossl_quic_is_stream_local(SSL *s); +__owur int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode); +__owur SSL *ossl_quic_detach_stream(SSL *s); +__owur int ossl_quic_attach_stream(SSL *conn, SSL *stream); +__owur int ossl_quic_set_incoming_stream_policy(SSL *s, int policy, + uint64_t aec); +__owur SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags); +__owur size_t ossl_quic_get_accept_stream_queue_len(SSL *s); + +__owur int ossl_quic_stream_reset(SSL *ssl, + const SSL_STREAM_RESET_ARGS *args, + size_t args_len); + +__owur int ossl_quic_get_stream_read_state(SSL *ssl); +__owur int ossl_quic_get_stream_write_state(SSL *ssl); +__owur int ossl_quic_get_stream_read_error_code(SSL *ssl, + uint64_t *app_error_code); +__owur int ossl_quic_get_stream_write_error_code(SSL *ssl, + uint64_t *app_error_code); +__owur int ossl_quic_get_conn_close_info(SSL *ssl, + SSL_CONN_CLOSE_INFO *info, + size_t info_len); + +uint64_t ossl_quic_set_options(SSL *s, uint64_t opts); +uint64_t ossl_quic_clear_options(SSL *s, uint64_t opts); +uint64_t ossl_quic_get_options(const SSL *s); + +/* Modifies write buffer size for a stream. */ +__owur int ossl_quic_set_write_buffer_size(SSL *s, size_t size); + +/* + * Used to override ossl_time_now() for debug purposes. While this may be + * overridden at any time, expect strange results if you change it after + * connecting. + */ +int ossl_quic_conn_set_override_now_cb(SSL *s, + OSSL_TIME (*now_cb)(void *arg), + void *now_cb_arg); + +/* + * Condvar waiting in the assist thread doesn't support time faking as it relies + * on the OS's notion of time, thus this is used in test code to force a + * spurious wakeup instead. + */ +void ossl_quic_conn_force_assist_thread_wake(SSL *s); + +/* For use by tests only. */ +QUIC_CHANNEL *ossl_quic_conn_get_channel(SSL *s); + +int ossl_quic_has_pending(const SSL *s); +int ossl_quic_get_shutdown(const SSL *s); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_statm.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_statm.h new file mode 100644 index 00000000..5b33551b --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_statm.h @@ -0,0 +1,40 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_STATS_H +# define OSSL_QUIC_STATS_H + +# include +# include "internal/time.h" + +# ifndef OPENSSL_NO_QUIC + +typedef struct ossl_statm_st { + OSSL_TIME smoothed_rtt, latest_rtt, min_rtt, rtt_variance; + char have_first_sample; +} OSSL_STATM; + +typedef struct ossl_rtt_info_st { + /* As defined in RFC 9002. */ + OSSL_TIME smoothed_rtt, latest_rtt, rtt_variance, min_rtt; +} OSSL_RTT_INFO; + +int ossl_statm_init(OSSL_STATM *statm); + +void ossl_statm_destroy(OSSL_STATM *statm); + +void ossl_statm_get_rtt_info(OSSL_STATM *statm, OSSL_RTT_INFO *rtt_info); + +void ossl_statm_update_rtt(OSSL_STATM *statm, + OSSL_TIME ack_delay, + OSSL_TIME override_latest_rtt); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_stream.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_stream.h new file mode 100644 index 00000000..0da8febd --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_stream.h @@ -0,0 +1,429 @@ +/* +* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +* +* Licensed under the Apache License 2.0 (the "License"). You may not use +* this file except in compliance with the License. You can obtain a copy +* in the file LICENSE in the source distribution or at +* https://www.openssl.org/source/license.html +*/ + +#ifndef OSSL_INTERNAL_QUIC_STREAM_H +# define OSSL_INTERNAL_QUIC_STREAM_H +# pragma once + +#include "internal/e_os.h" +#include "internal/time.h" +#include "internal/quic_types.h" +#include "internal/quic_wire.h" +#include "internal/quic_record_tx.h" +#include "internal/quic_record_rx.h" +#include "internal/quic_fc.h" +#include "internal/quic_statm.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Send Stream + * ================ + * + * The QUIC Send Stream Manager (QUIC_SSTREAM) is responsible for: + * + * - accepting octet strings of stream data; + * + * - generating corresponding STREAM frames; + * + * - receiving notifications of lost frames, in order to generate new STREAM + * frames for the lost data; + * + * - receiving notifications of acknowledged frames, in order to internally + * reuse memory used to store acknowledged stream data; + * + * - informing the caller of how much more stream data it can accept into + * its internal buffers, so as to ensure that the amount of unacknowledged + * data which can be written to a stream is not infinite and to allow the + * caller to manifest backpressure conditions to the user. + * + * The QUIC_SSTREAM is instantiated once for every stream with a send component + * (i.e., for a unidirectional send stream or for the send component of a + * bidirectional stream). + * + * Note: The terms 'TX' and 'RX' are used when referring to frames, packets and + * datagrams. The terms 'send' and 'receive' are used when referring to the + * stream abstraction. Applications send; we transmit. + */ +typedef struct quic_sstream_st QUIC_SSTREAM; + +/* + * Instantiates a new QUIC_SSTREAM. init_buf_size specifies the initial size of + * the stream data buffer in bytes, which must be positive. + */ +QUIC_SSTREAM *ossl_quic_sstream_new(size_t init_buf_size); + +/* + * Frees a QUIC_SSTREAM and associated stream data storage. + * + * Any iovecs returned by ossl_quic_sstream_get_stream_frame cease to be valid after + * calling this function. + */ +void ossl_quic_sstream_free(QUIC_SSTREAM *qss); + +/* + * (For TX packetizer use.) Retrieves information about application stream data + * which is ready for transmission. + * + * *hdr is filled with the logical offset, maximum possible length of stream + * data which can be transmitted, and a pointer to the stream data to be + * transmitted. is_fin is set to 1 if hdr->offset + hdr->len is the final size + * of the stream and 0 otherwise. hdr->stream_id is not set; the caller must set + * it. + * + * The caller is not obligated to send all of the data. If the caller does not + * send all of the data, the caller must reduce hdr->len before serializing the + * header structure and must ensure that hdr->is_fin is cleared. + * + * hdr->has_explicit_len is always set. It is the caller's responsibility to + * clear this if it wants to use the optimization of omitting the length field, + * as only the caller can know when this optimization can be performed. + * + * *num_iov must be set to the size of the iov array at call time. When this + * function returns successfully, it is updated to the number of iov entries + * which have been written. + * + * The stream data may be split across up to two IOVs due to internal ring + * buffer organisation. The sum of the lengths of the IOVs and the value written + * to hdr->len will always match. If the caller decides to send less than + * hdr->len of stream data, it must adjust the IOVs accordingly. This may be + * done by updating hdr->len and then calling the utility function + * ossl_quic_sstream_adjust_iov(). + * + * After committing one or more bytes returned by ossl_quic_sstream_get_stream_frame to a + * packet, call ossl_quic_sstream_mark_transmitted with the inclusive range of logical + * byte numbers of the transmitted bytes (i.e., hdr->offset, hdr->offset + + * hdr->len - 1). If you do not call ossl_quic_sstream_mark_transmitted, the next call to + * ossl_quic_sstream_get_stream_frame will return the same data (or potentially the same + * and more, if more data has been appended by the application). + * + * It is the caller's responsibility to clamp the length of data which this + * function indicates is available according to other concerns, such as + * stream-level flow control, connection-level flow control, or the applicable + * maximum datagram payload length (MDPL) for a packet under construction. + * + * The skip argument can usually be given as zero. If it is non-zero, this + * function outputs a range which would be output if it were called again after + * calling ossl_quic_sstream_mark_transmitted() with the returned range, repeated 'skip' + * times, and so on. This may be useful for callers which wish to enumerate + * available stream frames and batch their calls to ossl_quic_sstream_mark_transmitted at + * a later time. + * + * On success, this function will never write *num_iov with a value other than + * 0, 1 or 2. A *num_iov value of 0 can only occurs when hdr->is_fin is set (for + * example, when a stream is closed after all existing data has been sent, and + * without sending any more data); otherwise the function returns 0 as there is + * nothing useful to report. + * + * Returns 1 on success and 0 if there is no stream data available for + * transmission, or on other error (such as if the caller provides fewer + * than two IOVs.) + */ +int ossl_quic_sstream_get_stream_frame(QUIC_SSTREAM *qss, + size_t skip, + OSSL_QUIC_FRAME_STREAM *hdr, + OSSL_QTX_IOVEC *iov, + size_t *num_iov); + +/* + * Returns 1 if there is data pending transmission. Equivalent to calling + * ossl_quic_sstream_get_stream_frame and seeing if it succeeds. + */ +int ossl_quic_sstream_has_pending(QUIC_SSTREAM *qss); + +/* + * Returns the current size of the stream; i.e., the number of bytes which have + * been appended to the stream so far. + */ +uint64_t ossl_quic_sstream_get_cur_size(QUIC_SSTREAM *qss); + +/* + * (For TX packetizer use.) Marks a logical range of the send stream as having + * been transmitted. + * + * 0 denotes the first byte ever sent on the stream. The start and end values + * are both inclusive, therefore all calls to this function always mark at least + * one byte as being transmitted; if no bytes have been transmitted, do not call + * this function. + * + * If the STREAM frame sent had the FIN bit set, you must also call + * ossl_quic_sstream_mark_transmitted_fin() after calling this function. + * + * If you sent a zero-length STREAM frame with the FIN bit set, you need only + * call ossl_quic_sstream_mark_transmitted_fin() and must not call this function. + * + * Returns 1 on success and 0 on error (e.g. if end < start). + */ +int ossl_quic_sstream_mark_transmitted(QUIC_SSTREAM *qss, + uint64_t start, + uint64_t end); + +/* + * (For TX packetizer use.) Marks a STREAM frame with the FIN bit set as having + * been transmitted. final_size is the final size of the stream (i.e., the value + * offset + len of the transmitted STREAM frame). + * + * This function fails returning 0 if ossl_quic_sstream_fin() has not been called or if + * final_size is not correct. The final_size argument is not strictly needed by + * the QUIC_SSTREAM but is required as a sanity check. + */ +int ossl_quic_sstream_mark_transmitted_fin(QUIC_SSTREAM *qss, + uint64_t final_size); + +/* + * (RX/ACKM use.) Marks a logical range of the send stream as having been lost. + * The send stream will return the lost data for retransmission on a future call + * to ossl_quic_sstream_get_stream_frame. The start and end values denote logical byte + * numbers and are inclusive. + * + * If the lost frame had the FIN bit set, you must also call + * ossl_quic_sstream_mark_lost_fin() after calling this function. + * + * Returns 1 on success and 0 on error (e.g. if end < start). + */ +int ossl_quic_sstream_mark_lost(QUIC_SSTREAM *qss, + uint64_t start, + uint64_t end); + +/* + * (RX/ACKM use.) Informs the QUIC_SSTREAM that a STREAM frame with the FIN bit + * set was lost. + * + * Returns 1 on success and 0 on error. + */ +int ossl_quic_sstream_mark_lost_fin(QUIC_SSTREAM *qss); + +/* + * (RX/ACKM use.) Marks a logical range of the send stream as having been + * acknowledged, meaning that the storage for the data in that range of the + * stream can be now recycled and neither that logical range of the stream nor + * any subset of it can be retransmitted again. The start and end values are + * inclusive. + * + * If the acknowledged frame had the FIN bit set, you must also call + * ossl_quic_sstream_mark_acked_fin() after calling this function. + * + * Returns 1 on success and 0 on error (e.g. if end < start). + */ +int ossl_quic_sstream_mark_acked(QUIC_SSTREAM *qss, + uint64_t start, + uint64_t end); + +/* + * (RX/ACKM use.) Informs the QUIC_SSTREAM that a STREAM frame with the FIN bit + * set was acknowledged. + * + * Returns 1 on success and 0 on error. + */ +int ossl_quic_sstream_mark_acked_fin(QUIC_SSTREAM *qss); + +/* + * (Front end use.) Appends user data to the stream. The data is copied into the + * stream. The amount of data consumed from buf is written to *consumed on + * success (short writes are possible). The amount of data which can be written + * can be determined in advance by calling the ossl_quic_sstream_get_buffer_avail() + * function; data is copied into an internal ring buffer of finite size. + * + * If the buffer is full, this should be materialised as a backpressure + * condition by the front end. This is not considered a failure condition; + * *consumed is written as 0 and the function returns 1. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_sstream_append(QUIC_SSTREAM *qss, + const unsigned char *buf, + size_t buf_len, + size_t *consumed); + +/* + * Marks a stream as finished. ossl_quic_sstream_append() may not be called anymore + * after calling this. + */ +void ossl_quic_sstream_fin(QUIC_SSTREAM *qss); + +/* + * If the stream has had ossl_quic_sstream_fin() called, returns 1 and writes + * the final size to *final_size. Otherwise, returns 0. + */ +int ossl_quic_sstream_get_final_size(QUIC_SSTREAM *qss, uint64_t *final_size); + +/* + * Returns 1 iff all bytes (and any FIN, if any) which have been appended to the + * QUIC_SSTREAM so far, and any FIN (if any), have been both sent and acked. + */ +int ossl_quic_sstream_is_totally_acked(QUIC_SSTREAM *qss); + +/* + * Resizes the internal ring buffer. All stream data is preserved safely. + * + * This can be used to expand or contract the ring buffer, but not to contract + * the ring buffer below the amount of stream data currently stored in it. + * Returns 1 on success and 0 on failure. + * + * IMPORTANT: Any buffers referenced by iovecs output by + * ossl_quic_sstream_get_stream_frame() cease to be valid after calling this function. + */ +int ossl_quic_sstream_set_buffer_size(QUIC_SSTREAM *qss, size_t num_bytes); + +/* + * Gets the internal ring buffer size in bytes. + */ +size_t ossl_quic_sstream_get_buffer_size(QUIC_SSTREAM *qss); + +/* + * Gets the number of bytes used in the internal ring buffer. + */ +size_t ossl_quic_sstream_get_buffer_used(QUIC_SSTREAM *qss); + +/* + * Gets the number of bytes free in the internal ring buffer. + */ +size_t ossl_quic_sstream_get_buffer_avail(QUIC_SSTREAM *qss); + +/* + * Utility function to ensure the length of an array of iovecs matches the + * length given as len. Trailing iovecs have their length values reduced or set + * to 0 as necessary. + */ +void ossl_quic_sstream_adjust_iov(size_t len, + OSSL_QTX_IOVEC *iov, + size_t num_iov); + +/* + * Sets flag to cleanse the buffered data when it is acked. + */ +void ossl_quic_sstream_set_cleanse(QUIC_SSTREAM *qss, int cleanse); + +/* + * QUIC Receive Stream Manager + * =========================== + * + * The QUIC Receive Stream Manager (QUIC_RSTREAM) is responsible for + * storing the received stream data frames until the application + * is able to read the data. + * + * The QUIC_RSTREAM is instantiated once for every stream that can receive data. + * (i.e., for a unidirectional receiving stream or for the receiving component + * of a bidirectional stream). + */ +typedef struct quic_rstream_st QUIC_RSTREAM; + +/* + * Create a new instance of QUIC_RSTREAM with pointers to the flow + * controller and statistics module. They can be NULL for unit testing. + * If they are non-NULL, the `rxfc` is called when receive stream data + * is read by application. `statm` is queried for current rtt. + * `rbuf_size` is the initial size of the ring buffer to be used + * when ossl_quic_rstream_move_to_rbuf() is called. + */ +QUIC_RSTREAM *ossl_quic_rstream_new(QUIC_RXFC *rxfc, + OSSL_STATM *statm, size_t rbuf_size); + +/* + * Frees a QUIC_RSTREAM and any associated storage. + */ +void ossl_quic_rstream_free(QUIC_RSTREAM *qrs); + +/* + * Adds received stream frame data to `qrs`. The `pkt_wrap` refcount is + * incremented if the `data` is queued directly without copying. + * It can be NULL for unit-testing purposes, i.e. if `data` is static or + * never released before calling ossl_quic_rstream_free(). + * The `offset` is the absolute offset of the data in the stream. + * `data_len` can be 0 - can be useful for indicating `fin` for empty stream. + * Or to indicate `fin` without any further data added to the stream. + */ + +int ossl_quic_rstream_queue_data(QUIC_RSTREAM *qrs, OSSL_QRX_PKT *pkt, + uint64_t offset, + const unsigned char *data, uint64_t data_len, + int fin); + +/* + * Copies the data from the stream storage to buffer `buf` of size `size`. + * `readbytes` is set to the number of bytes actually copied. + * `fin` is set to 1 if all the data from the stream were read so the + * stream is finished. It is set to 0 otherwise. + */ +int ossl_quic_rstream_read(QUIC_RSTREAM *qrs, unsigned char *buf, size_t size, + size_t *readbytes, int *fin); + +/* + * Peeks at the data in the stream storage. It copies them to buffer `buf` + * of size `size` and sets `readbytes` to the number of bytes actually copied. + * `fin` is set to 1 if the copied data reach end of the stream. + * It is set to 0 otherwise. + */ +int ossl_quic_rstream_peek(QUIC_RSTREAM *qrs, unsigned char *buf, size_t size, + size_t *readbytes, int *fin); + +/* + * Returns the size of the data available for reading. `fin` is set to 1 if + * after reading all the available data the stream will be finished, + * set to 0 otherwise. + */ +int ossl_quic_rstream_available(QUIC_RSTREAM *qrs, size_t *avail, int *fin); + +/* + * Sets *record to the beginning of the first readable stream data chunk and + * *reclen to the size of the chunk. *fin is set to 1 if the end of the + * chunk is the last of the stream data chunks. + * If there is no record available *record is set to NULL and *rec_len to 0; + * ossl_quic_rstream_release_record() should not be called in that case. + * Returns 1 on success (including calls if no record is available, or + * after end of the stream - in that case *fin will be set to 1 and + * *rec_len to 0), 0 on error. + * It is an error to call ossl_quic_rstream_get_record() multiple times + * without calling ossl_quic_rstream_release_record() in between. + */ +int ossl_quic_rstream_get_record(QUIC_RSTREAM *qrs, + const unsigned char **record, size_t *rec_len, + int *fin); + +/* + * Releases (possibly partially) the record returned by + * previous ossl_quic_rstream_get_record() call. + * read_len between previously returned *rec_len and SIZE_MAX indicates + * release of the whole record. Otherwise only part of the record is + * released. The remaining part of the record is unlocked, another + * call to ossl_quic_rstream_get_record() is needed to obtain further + * stream data. + * Returns 1 on success, 0 on error. + * It is an error to call ossl_quic_rstream_release_record() multiple + * times without calling ossl_quic_rstream_get_record() in between. + */ +int ossl_quic_rstream_release_record(QUIC_RSTREAM *qrs, size_t read_len); + +/* + * Moves received frame data from decrypted packets to ring buffer. + * This should be called when there are too many decrypted packets allocated. + * Returns 1 on success, 0 when it was not possible to release all + * referenced packets due to an insufficient size of the ring buffer. + * Exception is the packet from the record returned previously by + * ossl_quic_rstream_get_record() - that one will be always skipped. + */ +int ossl_quic_rstream_move_to_rbuf(QUIC_RSTREAM *qrs); + +/* + * Resizes the internal ring buffer to a new `rbuf_size` size. + * Returns 1 on success, 0 on error. + * Possible error conditions are an allocation failure, trying to resize + * the ring buffer when ossl_quic_rstream_get_record() was called and + * not yet released, or trying to resize the ring buffer to a smaller size + * than currently occupied. + */ +int ossl_quic_rstream_resize_rbuf(QUIC_RSTREAM *qrs, size_t rbuf_size); + +/* + * Sets flag to cleanse the buffered data when user reads it. + */ +void ossl_quic_rstream_set_cleanse(QUIC_RSTREAM *qrs, int cleanse); +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_stream_map.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_stream_map.h new file mode 100644 index 00000000..ae749061 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_stream_map.h @@ -0,0 +1,878 @@ +/* +* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +* +* Licensed under the Apache License 2.0 (the "License"). You may not use +* this file except in compliance with the License. You can obtain a copy +* in the file LICENSE in the source distribution or at +* https://www.openssl.org/source/license.html +*/ + +#ifndef OSSL_INTERNAL_QUIC_STREAM_MAP_H +# define OSSL_INTERNAL_QUIC_STREAM_MAP_H +# pragma once + +# include "internal/e_os.h" +# include "internal/time.h" +# include "internal/common.h" +# include "internal/quic_types.h" +# include "internal/quic_stream.h" +# include "internal/quic_fc.h" +# include + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Stream + * =========== + * + * Logical QUIC stream composing all relevant send and receive components. + */ +typedef struct quic_stream_st QUIC_STREAM; + +typedef struct quic_stream_list_node_st QUIC_STREAM_LIST_NODE; + +struct quic_stream_list_node_st { + QUIC_STREAM_LIST_NODE *prev, *next; +}; + +/* + * QUIC Send Stream States + * ----------------------- + * + * These correspond to the states defined in RFC 9000 s. 3.1, with the + * exception of the NONE state which represents the absence of a send stream + * part. + * + * Invariants in each state are noted in comments below. In particular, once all + * data has been acknowledged received, or we have reset the stream, we don't + * need to keep the QUIC_SSTREAM and data buffers around. Of course, we also + * don't have a QUIC_SSTREAM on a receive-only stream. + */ +#define QUIC_SSTREAM_STATE_NONE 0 /* --- sstream == NULL */ +#define QUIC_SSTREAM_STATE_READY 1 /* \ */ +#define QUIC_SSTREAM_STATE_SEND 2 /* |-- sstream != NULL */ +#define QUIC_SSTREAM_STATE_DATA_SENT 3 /* / */ +#define QUIC_SSTREAM_STATE_DATA_RECVD 4 /* \ */ +#define QUIC_SSTREAM_STATE_RESET_SENT 5 /* |-- sstream == NULL */ +#define QUIC_SSTREAM_STATE_RESET_RECVD 6 /* / */ + +/* + * QUIC Receive Stream States + * -------------------------- + * + * These correspond to the states defined in RFC 9000 s. 3.2, with the exception + * of the NONE state which represents the absence of a receive stream part. + * + * Invariants in each state are noted in comments below. In particular, once all + * data has been read by the application, we don't need to keep the QUIC_RSTREAM + * and data buffers around. If the receive part is instead reset before it is + * finished, we also don't need to keep the QUIC_RSTREAM around. Finally, we + * don't need a QUIC_RSTREAM on a send-only stream. + */ +#define QUIC_RSTREAM_STATE_NONE 0 /* --- rstream == NULL */ +#define QUIC_RSTREAM_STATE_RECV 1 /* \ */ +#define QUIC_RSTREAM_STATE_SIZE_KNOWN 2 /* |-- rstream != NULL */ +#define QUIC_RSTREAM_STATE_DATA_RECVD 3 /* / */ +#define QUIC_RSTREAM_STATE_DATA_READ 4 /* \ */ +#define QUIC_RSTREAM_STATE_RESET_RECVD 5 /* |-- rstream == NULL */ +#define QUIC_RSTREAM_STATE_RESET_READ 6 /* / */ + +struct quic_stream_st { + QUIC_STREAM_LIST_NODE active_node; /* for use by QUIC_STREAM_MAP */ + QUIC_STREAM_LIST_NODE accept_node; /* accept queue of remotely-created streams */ + QUIC_STREAM_LIST_NODE ready_for_gc_node; /* queue of streams now ready for GC */ + + /* Temporary link used by TXP. */ + QUIC_STREAM *txp_next; + + /* + * QUIC Stream ID. Do not assume that this encodes a type as this is a + * version-specific property and may change between QUIC versions; instead, + * use the type field. + */ + uint64_t id; + + /* + * Application Error Code (AEC) used for STOP_SENDING frame. + * This is only valid if stop_sending is 1. + */ + uint64_t stop_sending_aec; + + /* + * Application Error Code (AEC) used for RESET_STREAM frame. + * This is only valid if reset_stream is 1. + */ + uint64_t reset_stream_aec; + + /* + * Application Error Code (AEC) for incoming STOP_SENDING frame. + * This is only valid if peer_stop_sending is 1. + */ + uint64_t peer_stop_sending_aec; + + /* + * Application Error Code (AEC) for incoming RESET_STREAM frame. + * This is only valid if peer_reset_stream is 1. + */ + uint64_t peer_reset_stream_aec; + + /* Temporary value used by TXP. */ + uint64_t txp_txfc_new_credit_consumed; + + /* + * The final size of the send stream. Although this information can be + * discerned from a QUIC_SSTREAM, it is stored separately as we need to keep + * track of this even if we have thrown away the QUIC_SSTREAM. Use + * ossl_quic_stream_send_get_final_size to determine if this contain a + * valid value or if there is no final size yet for a sending part. + * + * For the receive part, the final size is tracked by the stream-level RXFC; + * use ossl_quic_stream_recv_get_final_size or + * ossl_quic_rxfc_get_final_size. + */ + uint64_t send_final_size; + + /* + * Send stream part and receive stream part buffer management objects. + * + * DO NOT test these pointers (sstream, rstream) for NULL. Determine the + * state of the send or receive stream part first using the appropriate + * function; then the invariant of that state guarantees that sstream or + * rstream either is or is not NULL respectively, therefore there is no + * valid use case for testing these pointers for NULL. In particular, a + * stream with a send part can still have sstream as NULL, and a stream with + * a receive part can still have rstream as NULL. QUIC_SSTREAM and + * QUIC_RSTREAM are stream buffer resource management objects which exist + * only when they need to for buffer management purposes. The existence or + * non-existence of a QUIC_SSTREAM or QUIC_RSTREAM object does not + * correspond with whether a stream's respective send or receive part + * logically exists or not. + */ + QUIC_SSTREAM *sstream; /* NULL if RX-only */ + QUIC_RSTREAM *rstream; /* NULL if TX only */ + + /* Stream-level flow control managers. */ + QUIC_TXFC txfc; /* NULL if RX-only */ + QUIC_RXFC rxfc; /* NULL if TX-only */ + + unsigned int type : 8; /* QUIC_STREAM_INITIATOR_*, QUIC_STREAM_DIR_* */ + + unsigned int send_state : 8; /* QUIC_SSTREAM_STATE_* */ + unsigned int recv_state : 8; /* QUIC_RSTREAM_STATE_* */ + + /* 1 iff this QUIC_STREAM is on the active queue (invariant). */ + unsigned int active : 1; + + /* + * This is a copy of the QUIC connection as_server value, indicating + * whether we are locally operating as a server or not. Having this + * significantly simplifies stream type determination relative to our + * perspective. It never changes after a QUIC_STREAM is created and is the + * same for all QUIC_STREAMS under a QUIC_STREAM_MAP. + */ + unsigned int as_server : 1; + + /* + * Has STOP_SENDING been requested (by us)? Note that this is not the same + * as want_stop_sending below, as a STOP_SENDING frame may already have been + * sent and fully acknowledged. + */ + unsigned int stop_sending : 1; + + /* + * Has RESET_STREAM been requested (by us)? Works identically to + * STOP_SENDING for transmission purposes. + */ + /* Has our peer sent a STOP_SENDING frame? */ + unsigned int peer_stop_sending : 1; + + /* Temporary flags used by TXP. */ + unsigned int txp_sent_fc : 1; + unsigned int txp_sent_stop_sending : 1; + unsigned int txp_sent_reset_stream : 1; + unsigned int txp_drained : 1; + unsigned int txp_blocked : 1; + + /* Frame regeneration flags. */ + unsigned int want_max_stream_data : 1; /* used for regen only */ + unsigned int want_stop_sending : 1; /* used for gen or regen */ + unsigned int want_reset_stream : 1; /* used for gen or regen */ + + /* Flags set when frames *we* sent were acknowledged. */ + unsigned int acked_stop_sending : 1; + + /* + * The stream's XSO has been deleted. Pending GC. + * + * Here is how stream deletion works: + * + * - A QUIC_STREAM cannot be deleted until it is neither in the accept + * queue nor has an associated XSO. This condition occurs when and only + * when deleted is true. + * + * - Once this is the case (i.e., no user-facing API object exposing the + * stream), we can delete the stream once we determine that all of our + * protocol obligations requiring us to keep the QUIC_STREAM around have + * been met. + * + * The following frames relate to the streams layer for a specific + * stream: + * + * STREAM + * + * RX Obligations: + * Ignore for a deleted stream. + * + * (This is different from our obligation for a + * locally-initiated stream ID we have not created yet, + * which we must treat as a protocol error. This can be + * distinguished via a simple monotonic counter.) + * + * TX Obligations: + * None, once we've decided to (someday) delete the stream. + * + * STOP_SENDING + * + * We cannot delete the stream until we have finished informing + * the peer that we are not going to be listening to it + * anymore. + * + * RX Obligations: + * When we delete a stream we must have already had a FIN + * or RESET_STREAM we transmitted acknowledged by the peer. + * Thus we can ignore STOP_SENDING frames for deleted + * streams (if they occur, they are probably just + * retransmissions). + * + * TX Obligations: + * _Acknowledged_ receipt of a STOP_SENDING frame by the + * peer (unless the peer's send part has already FIN'd). + * + * RESET_STREAM + * + * We cannot delete the stream until we have finished informing + * the peer that we are not going to be transmitting on it + * anymore. + * + * RX Obligations: + * This indicates the peer is not going to send any more + * data on the stream. We don't need to care about this + * since once a stream is marked for deletion we don't care + * about any data it does send. We can ignore this for + * deleted streams. The important criterion is that the + * peer has been successfully delivered our STOP_SENDING + * frame. + * + * TX Obligations: + * _Acknowledged_ receipt of a RESET_STREAM frame or FIN by + * the peer. + * + * MAX_STREAM_DATA + * + * RX Obligations: + * Ignore. Since we are not going to be sending any more + * data on a stream once it has been marked for deletion, + * we don't need to care about flow control information. + * + * TX Obligations: + * None. + * + * In other words, our protocol obligation is simply: + * + * - either: + * - the peer has acknowledged receipt of a STOP_SENDING frame sent + * by us; -or- + * - we have received a FIN and all preceding segments from the peer + * + * [NOTE: The actual criterion required here is simply 'we have + * received a FIN from the peer'. However, due to reordering and + * retransmissions we might subsequently receive non-FIN segments + * out of order. The FIN means we know the peer will stop + * transmitting on the stream at *some* point, but by sending + * STOP_SENDING we can avoid these needless retransmissions we + * will just ignore anyway. In actuality we could just handle all + * cases by sending a STOP_SENDING. The strategy we choose is to + * only avoid sending a STOP_SENDING and rely on a received FIN + * when we have received all preceding data, as this makes it + * reasonably certain no benefit would be gained by sending + * STOP_SENDING.] + * + * TODO(QUIC FUTURE): Implement the latter case (currently we + just always do STOP_SENDING). + * + * and; + * + * - we have drained our send stream (for a finished send stream) + * and got acknowledgement all parts of it including the FIN, or + * sent a RESET_STREAM frame and got acknowledgement of that frame. + * + * Once these conditions are met, we can GC the QUIC_STREAM. + * + */ + unsigned int deleted : 1; + /* Set to 1 once the above conditions are actually met. */ + unsigned int ready_for_gc : 1; + /* Set to 1 if this is currently counted in the shutdown flush stream count. */ + unsigned int shutdown_flush : 1; +}; + +#define QUIC_STREAM_INITIATOR_CLIENT 0 +#define QUIC_STREAM_INITIATOR_SERVER 1 +#define QUIC_STREAM_INITIATOR_MASK 1 + +#define QUIC_STREAM_DIR_BIDI 0 +#define QUIC_STREAM_DIR_UNI 2 +#define QUIC_STREAM_DIR_MASK 2 + +void ossl_quic_stream_check(const QUIC_STREAM *s); + +/* + * Returns 1 if the QUIC_STREAM was initiated by the endpoint with the server + * role. + */ +static ossl_inline ossl_unused int ossl_quic_stream_is_server_init(const QUIC_STREAM *s) +{ + return (s->type & QUIC_STREAM_INITIATOR_MASK) == QUIC_STREAM_INITIATOR_SERVER; +} + +/* + * Returns 1 if the QUIC_STREAM is bidirectional and 0 if it is unidirectional. + */ +static ossl_inline ossl_unused int ossl_quic_stream_is_bidi(const QUIC_STREAM *s) +{ + return (s->type & QUIC_STREAM_DIR_MASK) == QUIC_STREAM_DIR_BIDI; +} + +/* Returns 1 if the QUIC_STREAM was locally initiated. */ +static ossl_inline ossl_unused int ossl_quic_stream_is_local_init(const QUIC_STREAM *s) +{ + return ossl_quic_stream_is_server_init(s) == s->as_server; +} + +/* + * Returns 1 if the QUIC_STREAM has a sending part, based on its stream type. + * + * Do NOT use (s->sstream != NULL) to test this; use this function. Note that + * even if this function returns 1, s->sstream might be NULL if the QUIC_SSTREAM + * has been deemed no longer needed, for example due to a RESET_STREAM. + */ +static ossl_inline ossl_unused int ossl_quic_stream_has_send(const QUIC_STREAM *s) +{ + return s->send_state != QUIC_SSTREAM_STATE_NONE; +} + +/* + * Returns 1 if the QUIC_STREAM has a receiving part, based on its stream type. + * + * Do NOT use (s->rstream != NULL) to test this; use this function. Note that + * even if this function returns 1, s->rstream might be NULL if the QUIC_RSTREAM + * has been deemed no longer needed, for example if the receive stream is + * completely finished with. + */ +static ossl_inline ossl_unused int ossl_quic_stream_has_recv(const QUIC_STREAM *s) +{ + return s->recv_state != QUIC_RSTREAM_STATE_NONE; +} + +/* + * Returns 1 if the QUIC_STREAM has a QUIC_SSTREAM send buffer associated with + * it. If this returns 1, s->sstream is guaranteed to be non-NULL. The converse + * is not necessarily true; erasure of a send stream buffer which is no longer + * required is an optimisation which the QSM may, but is not obliged, to + * perform. + * + * This call should be used where it is desired to do something with the send + * stream buffer but there is no more specific send state restriction which is + * applicable. + * + * Note: This does NOT indicate whether it is suitable to allow an application + * to append to the buffer. DATA_SENT indicates all data (including FIN) has + * been *sent*; the absence of DATA_SENT does not mean a FIN has not been queued + * (meaning no more application data can be appended). This is enforced by + * QUIC_SSTREAM. + */ +static ossl_inline ossl_unused int ossl_quic_stream_has_send_buffer(const QUIC_STREAM *s) +{ + switch (s->send_state) { + case QUIC_SSTREAM_STATE_READY: + case QUIC_SSTREAM_STATE_SEND: + case QUIC_SSTREAM_STATE_DATA_SENT: + return 1; + default: + return 0; + } +} + +/* + * Returns 1 if the QUIC_STREAM has a sending part which is in one of the reset + * states. + */ +static ossl_inline ossl_unused int ossl_quic_stream_send_is_reset(const QUIC_STREAM *s) +{ + return s->send_state == QUIC_SSTREAM_STATE_RESET_SENT + || s->send_state == QUIC_SSTREAM_STATE_RESET_RECVD; +} + +/* + * Returns 1 if the QUIC_STREAM has a QUIC_RSTREAM receive buffer associated + * with it. If this returns 1, s->rstream is guaranteed to be non-NULL. The + * converse is not necessarily true; erasure of a receive stream buffer which is + * no longer required is an optimisation which the QSM may, but is not obliged, + * to perform. + * + * This call should be used where it is desired to do something with the receive + * stream buffer but there is no more specific receive state restriction which is + * applicable. + */ +static ossl_inline ossl_unused int ossl_quic_stream_has_recv_buffer(const QUIC_STREAM *s) +{ + switch (s->recv_state) { + case QUIC_RSTREAM_STATE_RECV: + case QUIC_RSTREAM_STATE_SIZE_KNOWN: + case QUIC_RSTREAM_STATE_DATA_RECVD: + return 1; + default: + return 0; + } +} + +/* + * Returns 1 if the QUIC_STREAM has a receiving part which is in one of the + * reset states. + */ +static ossl_inline ossl_unused int ossl_quic_stream_recv_is_reset(const QUIC_STREAM *s) +{ + return s->recv_state == QUIC_RSTREAM_STATE_RESET_RECVD + || s->recv_state == QUIC_RSTREAM_STATE_RESET_READ; +} + +/* + * Returns 1 if the stream has a send part and that part has a final size. + * + * If final_size is non-NULL, *final_size is the final size (on success) or an + * undefined value otherwise. + */ +static ossl_inline ossl_unused int ossl_quic_stream_send_get_final_size(const QUIC_STREAM *s, + uint64_t *final_size) +{ + switch (s->send_state) { + default: + case QUIC_SSTREAM_STATE_NONE: + return 0; + case QUIC_SSTREAM_STATE_SEND: + /* + * SEND may or may not have had a FIN - even if we have a FIN we do not + * move to DATA_SENT until we have actually sent all the data. So + * ask the QUIC_SSTREAM. + */ + return ossl_quic_sstream_get_final_size(s->sstream, final_size); + case QUIC_SSTREAM_STATE_DATA_SENT: + case QUIC_SSTREAM_STATE_DATA_RECVD: + case QUIC_SSTREAM_STATE_RESET_SENT: + case QUIC_SSTREAM_STATE_RESET_RECVD: + if (final_size != NULL) + *final_size = s->send_final_size; + return 1; + } +} + +/* + * Returns 1 if the stream has a receive part and that part has a final size. + * + * If final_size is non-NULL, *final_size is the final size (on success) or an + * undefined value otherwise. + */ +static ossl_inline ossl_unused int ossl_quic_stream_recv_get_final_size(const QUIC_STREAM *s, + uint64_t *final_size) +{ + switch (s->recv_state) { + default: + case QUIC_RSTREAM_STATE_NONE: + case QUIC_RSTREAM_STATE_RECV: + return 0; + + case QUIC_RSTREAM_STATE_SIZE_KNOWN: + case QUIC_RSTREAM_STATE_DATA_RECVD: + case QUIC_RSTREAM_STATE_DATA_READ: + case QUIC_RSTREAM_STATE_RESET_RECVD: + case QUIC_RSTREAM_STATE_RESET_READ: + if (!ossl_assert(ossl_quic_rxfc_get_final_size(&s->rxfc, final_size))) + return 0; + + return 1; + } +} + +/* + * QUIC Stream Map + * =============== + * + * The QUIC stream map: + * + * - maps stream IDs to QUIC_STREAM objects; + * - tracks which streams are 'active' (currently have data for transmission); + * - allows iteration over the active streams only. + * + */ +typedef struct quic_stream_map_st { + LHASH_OF(QUIC_STREAM) *map; + QUIC_STREAM_LIST_NODE active_list; + QUIC_STREAM_LIST_NODE accept_list; + QUIC_STREAM_LIST_NODE ready_for_gc_list; + size_t rr_stepping, rr_counter; + size_t num_accept, num_shutdown_flush; + QUIC_STREAM *rr_cur; + uint64_t (*get_stream_limit_cb)(int uni, void *arg); + void *get_stream_limit_cb_arg; + QUIC_RXFC *max_streams_bidi_rxfc; + QUIC_RXFC *max_streams_uni_rxfc; + int is_server; +} QUIC_STREAM_MAP; + +/* + * get_stream_limit is a callback which is called to retrieve the current stream + * limit for streams created by us. This mechanism is not used for + * peer-initiated streams. If a stream's stream ID is x, a stream is allowed if + * (x >> 2) < returned limit value; i.e., the returned value is exclusive. + * + * If uni is 1, get the limit for locally-initiated unidirectional streams, else + * get the limit for locally-initiated bidirectional streams. + * + * If the callback is NULL, stream limiting is not applied. + * Stream limiting is used to determine if frames can currently be produced for + * a stream. + */ +int ossl_quic_stream_map_init(QUIC_STREAM_MAP *qsm, + uint64_t (*get_stream_limit_cb)(int uni, void *arg), + void *get_stream_limit_cb_arg, + QUIC_RXFC *max_streams_bidi_rxfc, + QUIC_RXFC *max_streams_uni_rxfc, + int is_server); + +/* + * Any streams still in the map will be released as though + * ossl_quic_stream_map_release was called on them. + */ +void ossl_quic_stream_map_cleanup(QUIC_STREAM_MAP *qsm); + +/* + * Allocate a new stream. type is a combination of one QUIC_STREAM_INITIATOR_* + * value and one QUIC_STREAM_DIR_* value. Note that clients can e.g. allocate + * server-initiated streams as they will need to allocate a QUIC_STREAM + * structure to track any stream created by the server, etc. + * + * stream_id must be a valid value. Returns NULL if a stream already exists + * with the given ID. + */ +QUIC_STREAM *ossl_quic_stream_map_alloc(QUIC_STREAM_MAP *qsm, + uint64_t stream_id, + int type); + +/* + * Releases a stream object. Note that this must only be done once the teardown + * process is entirely complete and the object will never be referenced again. + */ +void ossl_quic_stream_map_release(QUIC_STREAM_MAP *qsm, QUIC_STREAM *stream); + +/* + * Calls visit_cb() for each stream in the map. visit_cb_arg is an opaque + * argument which is passed through. + */ +void ossl_quic_stream_map_visit(QUIC_STREAM_MAP *qsm, + void (*visit_cb)(QUIC_STREAM *stream, void *arg), + void *visit_cb_arg); + +/* + * Retrieves a stream by stream ID. Returns NULL if it does not exist. + */ +QUIC_STREAM *ossl_quic_stream_map_get_by_id(QUIC_STREAM_MAP *qsm, + uint64_t stream_id); + +/* + * Marks the given stream as active or inactive based on its state. Idempotent. + * + * When a stream is marked active, it becomes available in the iteration list, + * and when a stream is marked inactive, it no longer appears in the iteration + * list. + * + * Calling this function invalidates any iterator currently pointing at the + * given stream object, but iterators not currently pointing at the given stream + * object are not invalidated. + */ +void ossl_quic_stream_map_update_state(QUIC_STREAM_MAP *qsm, QUIC_STREAM *s); + +/* + * Sets the RR stepping value, n. The RR rotation will be advanced every n + * packets. The default value is 1. + */ +void ossl_quic_stream_map_set_rr_stepping(QUIC_STREAM_MAP *qsm, size_t stepping); + +/* + * Returns 1 if the stream ordinal given is allowed by the current stream count + * flow control limit, assuming a locally initiated stream of a type described + * by is_uni. + * + * Note that stream_ordinal is a stream ordinal, not a stream ID. + */ +int ossl_quic_stream_map_is_local_allowed_by_stream_limit(QUIC_STREAM_MAP *qsm, + uint64_t stream_ordinal, + int is_uni); + +/* + * Stream Send Part + * ================ + */ + +/* + * Ensures that the sending part has transitioned out of the READY state (i.e., + * to SEND, or a subsequent state). This function is named as it is because, + * while on paper the distinction between READY and SEND is whether we have + * started transmitting application data, in practice the meaningful distinction + * between the two states is whether we have allocated a stream ID to the stream + * or not. QUIC permits us to defer stream ID allocation until first STREAM (or + * STREAM_DATA_BLOCKED) frame transmission for locally-initiated streams. + * + * Our implementation does not currently do this and we allocate stream IDs up + * front, however we may revisit this in the future. Calling this represents a + * demand for a stream ID by the caller and ensures one has been allocated to + * the stream, and causes us to transition to SEND if we are still in the READY + * state. + * + * Returns 0 if there is no send part (caller error) and 1 otherwise. + */ +int ossl_quic_stream_map_ensure_send_part_id(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + +/* + * Transitions from SEND to the DATA_SENT state. Note that this is NOT the same + * as the point in time at which the final size of the stream becomes known + * (i.e., the time at which ossl_quic_sstream_fin()) is called as it occurs when + * we have SENT all data on a given stream send part, not merely buffered it. + * Note that this transition is NOT reversed in the event of some of that data + * being lost. + * + * Returns 1 if the state transition was successfully taken. Returns 0 if there + * is no send part (caller error) or if the state transition cannot be taken + * because the send part is not in the SEND state. + */ +int ossl_quic_stream_map_notify_all_data_sent(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + +/* + * Transitions from the DATA_SENT to DATA_RECVD state; should be called + * when all transmitted stream data is ACKed by the peer. + * + * Returns 1 if the state transition was successfully taken. Returns 0 if there + * is no send part (caller error) or the state transition cannot be taken + * because the send part is not in the DATA_SENT state. Because + * ossl_quic_stream_map_notify_all_data_sent() should always be called prior to + * this function, the send state must already be in DATA_SENT in order for this + * function to succeed. + */ +int ossl_quic_stream_map_notify_totally_acked(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + +/* + * Resets the sending part of a stream. This is a transition from the READY, + * SEND or DATA_SENT send stream states to the RESET_SENT state. + * + * This function returns 1 if the transition is taken (i.e., if the send stream + * part was in one of the states above), or if it is already in the RESET_SENT + * state (idempotent operation), or if it has reached the RESET_RECVD state. + * + * It returns 0 if in the DATA_RECVD state, as a send stream cannot be reset + * in this state. It also returns 0 if there is no send part (caller error). + */ +int ossl_quic_stream_map_reset_stream_send_part(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs, + uint64_t aec); + +/* + * Transitions from the RESET_SENT to the RESET_RECVD state. This should be + * called when a sent RESET_STREAM frame has been acknowledged by the peer. + * + * This function returns 1 if the transition is taken (i.e., if the send stream + * part was in one of the states above) or if it is already in the RESET_RECVD + * state (idempotent operation). + * + * It returns 0 if not in the RESET_SENT or RESET_RECVD states, as this function + * should only be called after we have already sent a RESET_STREAM frame and + * entered the RESET_SENT state. It also returns 0 if there is no send part + * (caller error). + */ +int ossl_quic_stream_map_notify_reset_stream_acked(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + + +/* + * Stream Receive Part + * =================== + */ + +/* + * Transitions from the RECV receive stream state to the SIZE_KNOWN state. This + * should be called once a STREAM frame is received for the stream with the FIN + * bit set. final_size should be the final size of the stream in bytes. + * + * Returns 1 if the transition was taken. + */ +int ossl_quic_stream_map_notify_size_known_recv_part(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs, + uint64_t final_size); + +/* + * Transitions from the SIZE_KNOWN receive stream state to the DATA_RECVD state. + * This should be called once all data for a receive stream is received. + * + * Returns 1 if the transition was taken. + */ +int ossl_quic_stream_map_notify_totally_received(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + +/* + * Transitions from the DATA_RECVD receive stream state to the DATA_READ state. + * This should be called once all data for a receive stream is read by the + * application. + * + * Returns 1 if the transition was taken. + */ +int ossl_quic_stream_map_notify_totally_read(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + +/* + * Transitions from the RECV, SIZE_KNOWN or DATA_RECVD receive stream state to + * the RESET_RECVD state. This should be called on RESET_STREAM. + * + * Returns 1 if the transition was taken. + */ +int ossl_quic_stream_map_notify_reset_recv_part(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs, + uint64_t app_error_code, + uint64_t final_size); + +/* + * Transitions from the RESET_RECVD receive stream state to the RESET_READ + * receive stream state. This should be called when the application is notified + * of a stream reset. + */ +int ossl_quic_stream_map_notify_app_read_reset_recv_part(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + +/* + * Marks the receiving part of a stream for STOP_SENDING. This is orthogonal to + * receive stream state as it does not affect it directly. + * + * Returns 1 if the receiving part of a stream was not already marked for + * STOP_SENDING. + * Returns 0 otherwise, which need not be considered an error. + */ +int ossl_quic_stream_map_stop_sending_recv_part(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs, + uint64_t aec); + +/* + * Marks the stream as wanting a STOP_SENDING frame transmitted. It is not valid + * to call this if ossl_quic_stream_map_stop_sending_recv_part() has not been + * called. For TXP use. + */ +int ossl_quic_stream_map_schedule_stop_sending(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *qs); + + +/* + * Accept Queue Management + * ======================= + */ + +/* + * Adds a stream to the accept queue. + */ +void ossl_quic_stream_map_push_accept_queue(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *s); + +/* + * Returns the next item to be popped from the accept queue, or NULL if it is + * empty. + */ +QUIC_STREAM *ossl_quic_stream_map_peek_accept_queue(QUIC_STREAM_MAP *qsm); + +/* + * Removes a stream from the accept queue. rtt is the estimated connection RTT. + * The stream is retired for the purposes of MAX_STREAMS RXFC. + * + * Precondition: s is in the accept queue. + */ +void ossl_quic_stream_map_remove_from_accept_queue(QUIC_STREAM_MAP *qsm, + QUIC_STREAM *s, + OSSL_TIME rtt); + +/* Returns the length of the accept queue. */ +size_t ossl_quic_stream_map_get_accept_queue_len(QUIC_STREAM_MAP *qsm); + +/* + * Shutdown Flush and GC + * ===================== + */ + +/* + * Delete streams ready for GC. Pointers to those QUIC_STREAM objects become + * invalid. + */ +void ossl_quic_stream_map_gc(QUIC_STREAM_MAP *qsm); + +/* + * Begins shutdown stream flush triage. Analyses all streams, including deleted + * but not yet GC'd streams, to determine if we should wait for that stream to + * be fully flushed before shutdown. After calling this, call + * ossl_quic_stream_map_is_shutdown_flush_finished() to determine if all + * shutdown flush eligible streams have been flushed. + */ +void ossl_quic_stream_map_begin_shutdown_flush(QUIC_STREAM_MAP *qsm); + +/* + * Returns 1 if all shutdown flush eligible streams have finished flushing, + * or if ossl_quic_stream_map_begin_shutdown_flush() has not been called. + */ +int ossl_quic_stream_map_is_shutdown_flush_finished(QUIC_STREAM_MAP *qsm); + +/* + * QUIC Stream Iterator + * ==================== + * + * Allows the current set of active streams to be walked using a RR-based + * algorithm. Each time ossl_quic_stream_iter_init is called, the RR algorithm + * is stepped. The RR algorithm rotates the iteration order such that the next + * active stream is returned first after n calls to ossl_quic_stream_iter_init, + * where n is the stepping value configured via + * ossl_quic_stream_map_set_rr_stepping. + * + * Suppose there are three active streams and the configured stepping is n: + * + * Iteration 0n: [Stream 1] [Stream 2] [Stream 3] + * Iteration 1n: [Stream 2] [Stream 3] [Stream 1] + * Iteration 2n: [Stream 3] [Stream 1] [Stream 2] + * + */ +typedef struct quic_stream_iter_st { + QUIC_STREAM_MAP *qsm; + QUIC_STREAM *first_stream, *stream; +} QUIC_STREAM_ITER; + +/* + * Initialise an iterator, advancing the RR algorithm as necessary (if + * advance_rr is 1). After calling this, it->stream will be the first stream in + * the iteration sequence, or NULL if there are no active streams. + */ +void ossl_quic_stream_iter_init(QUIC_STREAM_ITER *it, QUIC_STREAM_MAP *qsm, + int advance_rr); + +/* + * Advances to next stream in iteration sequence. You do not need to call this + * immediately after calling ossl_quic_stream_iter_init(). If the end of the + * list is reached, it->stream will be NULL after calling this. + */ +void ossl_quic_stream_iter_next(QUIC_STREAM_ITER *it); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_thread_assist.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_thread_assist.h new file mode 100644 index 00000000..592c2ffa --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_thread_assist.h @@ -0,0 +1,102 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_THREAD_ASSIST_H +# define OSSL_QUIC_THREAD_ASSIST_H + +# include +# include "internal/thread.h" +# include "internal/time.h" + +# if defined(OPENSSL_NO_QUIC) || defined(OPENSSL_NO_THREAD_POOL) +# define OPENSSL_NO_QUIC_THREAD_ASSIST +# endif + +# ifndef OPENSSL_NO_QUIC_THREAD_ASSIST + +/* + * QUIC Thread Assisted Functionality + * ================================== + * + * Where OS threading support is available, QUIC can optionally support a thread + * assisted mode of operation. The purpose of this mode of operation is to + * ensure that assorted timeout events which QUIC expects to be handled in a + * timely manner can be handled without the application needing to ensure that + * SSL_tick() is called on time. This is not needed if the application always + * has a call blocking to SSL_read() or SSL_write() (or another I/O function) on + * a QUIC SSL object, but if the application goes for long periods of time + * without making any such call to a QUIC SSL object, libssl cannot ordinarily + * guarantee that QUIC timeout events will be serviced in a timely fashion. + * Thread assisted mode is therefore of use to applications which do not always + * have an ongoing call to an I/O function on a QUIC SSL object but also do not + * want to have to arrange periodic ticking. + * + * A consequence of this is that the intrusiveness of thread assisted mode upon + * the general architecture of our QUIC engine is actually fairly limited and + * amounts to an automatic ticking of the QUIC engine when timeouts expire, + * synchronised correctly with an application's own threads using locking. + */ +typedef struct quic_thread_assist_st { + QUIC_CHANNEL *ch; + CRYPTO_CONDVAR *cv; + CRYPTO_THREAD *t; + int teardown, joined; + OSSL_TIME (*now_cb)(void *arg); + void *now_cb_arg; +} QUIC_THREAD_ASSIST; + +/* + * Initialise the thread assist object. The channel must have a valid mutex + * configured on it which will be retrieved automatically. It is assumed that + * the mutex is currently held when this function is called. This function does + * not affect the state of the mutex. + */ +int ossl_quic_thread_assist_init_start(QUIC_THREAD_ASSIST *qta, + QUIC_CHANNEL *ch, + OSSL_TIME (*now_cb)(void *arg), + void *now_cb_arg); + +/* + * Request the thread assist helper to begin stopping the assist thread. This + * returns before the teardown is complete. Idempotent; multiple calls to this + * function are inconsequential. + * + * Precondition: channel mutex must be held (unchecked) + */ +int ossl_quic_thread_assist_stop_async(QUIC_THREAD_ASSIST *qta); + +/* + * Wait until the thread assist helper is torn down. This automatically implies + * the effects of ossl_quic_thread_assist_stop_async(). Returns immediately + * if the teardown has already completed. + * + * Precondition: channel mutex must be held (unchecked) + */ +int ossl_quic_thread_assist_wait_stopped(QUIC_THREAD_ASSIST *qta); + +/* + * Deallocates state associated with the thread assist helper. + * ossl_quic_thread_assist_wait_stopped() must have returned successfully before + * calling this. It does not matter whether the channel mutex is held or not. + * + * Precondition: ossl_quic_thread_assist_wait_stopped() has returned 1 + * (asserted) + */ +int ossl_quic_thread_assist_cleanup(QUIC_THREAD_ASSIST *qta); + +/* + * Must be called to notify the assist thread if the channel deadline changes. + * + * Precondition: channel mutex must be held (unchecked) + */ +int ossl_quic_thread_assist_notify_deadline_changed(QUIC_THREAD_ASSIST *qta); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_tls.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_tls.h new file mode 100644 index 00000000..0e4a9d33 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_tls.h @@ -0,0 +1,106 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_TLS_H +# define OSSL_QUIC_TLS_H + +# include +# include "internal/quic_stream.h" + + +typedef struct quic_tls_st QUIC_TLS; + +typedef struct quic_tls_args_st { + /* + * The "inner" SSL object for the QUIC Connection. Contains an + * SSL_CONNECTION + */ + SSL *s; + + /* + * Called to send data on the crypto stream. We use a callback rather than + * passing the crypto stream QUIC_SSTREAM directly because this lets the CSM + * dynamically select the correct outgoing crypto stream based on the + * current EL. + */ + int (*crypto_send_cb)(const unsigned char *buf, size_t buf_len, + size_t *consumed, void *arg); + void *crypto_send_cb_arg; + + /* + * Call to receive crypto stream data. A pointer to the underlying buffer + * is provided, and subsequently released to avoid unnecessary copying of + * data. + */ + int (*crypto_recv_rcd_cb)(const unsigned char **buf, size_t *bytes_read, + void *arg); + void *crypto_recv_rcd_cb_arg; + int (*crypto_release_rcd_cb)(size_t bytes_read, void *arg); + void *crypto_release_rcd_cb_arg; + + + /* Called when a traffic secret is available for a given encryption level. */ + int (*yield_secret_cb)(uint32_t enc_level, int direction /* 0=RX, 1=TX */, + uint32_t suite_id, EVP_MD *md, + const unsigned char *secret, size_t secret_len, + void *arg); + void *yield_secret_cb_arg; + + /* + * Called when we receive transport parameters from the peer. + * + * Note: These parameters are not authenticated until the handshake is + * marked as completed. + */ + int (*got_transport_params_cb)(const unsigned char *params, + size_t params_len, + void *arg); + void *got_transport_params_cb_arg; + + /* + * Called when the handshake has been completed as far as the handshake + * protocol is concerned, meaning that the connection has been + * authenticated. + */ + int (*handshake_complete_cb)(void *arg); + void *handshake_complete_cb_arg; + + /* + * Called when something has gone wrong with the connection as far as the + * handshake layer is concerned, meaning that it should be immediately torn + * down. Note that this may happen at any time, including after a connection + * has been fully established. + */ + int (*alert_cb)(void *arg, unsigned char alert_code); + void *alert_cb_arg; + + /* Set to 1 if we are running in the server role. */ + int is_server; +} QUIC_TLS_ARGS; + +QUIC_TLS *ossl_quic_tls_new(const QUIC_TLS_ARGS *args); + +void ossl_quic_tls_free(QUIC_TLS *qtls); + +/* Advance the state machine */ +int ossl_quic_tls_tick(QUIC_TLS *qtls); + +int ossl_quic_tls_set_transport_params(QUIC_TLS *qtls, + const unsigned char *transport_params, + size_t transport_params_len); + +int ossl_quic_tls_get_error(QUIC_TLS *qtls, + uint64_t *error_code, + const char **error_msg, + ERR_STATE **error_state); + +int ossl_quic_tls_is_cert_request(QUIC_TLS *qtls); +int ossl_quic_tls_has_bad_max_early_data(QUIC_TLS *qtls); + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_tserver.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_tserver.h new file mode 100644 index 00000000..4f358dd4 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_tserver.h @@ -0,0 +1,220 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_TSERVER_H +# define OSSL_QUIC_TSERVER_H + +# include +# include +# include "internal/quic_stream.h" +# include "internal/quic_channel.h" +# include "internal/statem.h" +# include "internal/time.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Test Server Module + * ======================= + * + * This implements a QUIC test server. Since full QUIC server support is not yet + * implemented this server is limited in features and scope. It exists to + * provide a target for our QUIC client to talk to for testing purposes. + * + * A given QUIC test server instance supports only one client at a time. + * + * Note that this test server is not suitable for production use because it does + * not implement address verification, anti-amplification or retry logic. + */ +typedef struct quic_tserver_st QUIC_TSERVER; + +typedef struct quic_tserver_args_st { + OSSL_LIB_CTX *libctx; + const char *propq; + SSL_CTX *ctx; + BIO *net_rbio, *net_wbio; + OSSL_TIME (*now_cb)(void *arg); + void *now_cb_arg; + const unsigned char *alpn; + size_t alpnlen; +} QUIC_TSERVER_ARGS; + +QUIC_TSERVER *ossl_quic_tserver_new(const QUIC_TSERVER_ARGS *args, + const char *certfile, const char *keyfile); + +void ossl_quic_tserver_free(QUIC_TSERVER *srv); + +/* Set mutator callbacks for test framework support */ +int ossl_quic_tserver_set_plain_packet_mutator(QUIC_TSERVER *srv, + ossl_mutate_packet_cb mutatecb, + ossl_finish_mutate_cb finishmutatecb, + void *mutatearg); + +int ossl_quic_tserver_set_handshake_mutator(QUIC_TSERVER *srv, + ossl_statem_mutate_handshake_cb mutate_handshake_cb, + ossl_statem_finish_mutate_handshake_cb finish_mutate_handshake_cb, + void *mutatearg); + +/* Advances the state machine. */ +int ossl_quic_tserver_tick(QUIC_TSERVER *srv); + +/* Returns 1 if we have a (non-terminated) client. */ +int ossl_quic_tserver_is_connected(QUIC_TSERVER *srv); + +/* + * Returns 1 if we have finished the TLS handshake + */ +int ossl_quic_tserver_is_handshake_confirmed(const QUIC_TSERVER *srv); + +/* Returns 1 if the server is in any terminating or terminated state */ +int ossl_quic_tserver_is_term_any(const QUIC_TSERVER *srv); + +const QUIC_TERMINATE_CAUSE * +ossl_quic_tserver_get_terminate_cause(const QUIC_TSERVER *srv); + +/* Returns 1 if the server is in a terminated state */ +int ossl_quic_tserver_is_terminated(const QUIC_TSERVER *srv); + +/* + * Attempts to read from stream 0. Writes the number of bytes read to + * *bytes_read and returns 1 on success. If no bytes are available, 0 is written + * to *bytes_read and 1 is returned (this is considered a success case). + * + * Returns 0 if connection is not currently active. If the receive part of + * the stream has reached the end of stream condition, returns 0; call + * ossl_quic_tserver_has_read_ended() to identify this condition. + */ +int ossl_quic_tserver_read(QUIC_TSERVER *srv, + uint64_t stream_id, + unsigned char *buf, + size_t buf_len, + size_t *bytes_read); + +/* + * Returns 1 if the read part of the stream has ended normally. + */ +int ossl_quic_tserver_has_read_ended(QUIC_TSERVER *srv, uint64_t stream_id); + +/* + * Attempts to write to the given stream. Writes the number of bytes consumed to + * *bytes_written and returns 1 on success. If there is no space currently + * available to write any bytes, 0 is written to *consumed and 1 is returned + * (this is considered a success case). + * + * Note that unlike libssl public APIs, this API always works in a 'partial + * write' mode. + * + * Returns 0 if connection is not currently active. + */ +int ossl_quic_tserver_write(QUIC_TSERVER *srv, + uint64_t stream_id, + const unsigned char *buf, + size_t buf_len, + size_t *bytes_written); + +/* + * Signals normal end of the stream. + */ +int ossl_quic_tserver_conclude(QUIC_TSERVER *srv, uint64_t stream_id); + +/* + * Create a server-initiated stream. The stream ID of the newly + * created stream is written to *stream_id. + */ +int ossl_quic_tserver_stream_new(QUIC_TSERVER *srv, + int is_uni, + uint64_t *stream_id); + +BIO *ossl_quic_tserver_get0_rbio(QUIC_TSERVER *srv); + +SSL_CTX *ossl_quic_tserver_get0_ssl_ctx(QUIC_TSERVER *srv); + +/* + * Returns 1 if the peer has sent a STOP_SENDING frame for a stream. + * app_error_code is written if this returns 1. + */ +int ossl_quic_tserver_stream_has_peer_stop_sending(QUIC_TSERVER *srv, + uint64_t stream_id, + uint64_t *app_error_code); + +/* + * Returns 1 if the peer has sent a RESET_STREAM frame for a stream. + * app_error_code is written if this returns 1. + */ +int ossl_quic_tserver_stream_has_peer_reset_stream(QUIC_TSERVER *srv, + uint64_t stream_id, + uint64_t *app_error_code); + +/* + * Replaces existing local connection ID in the underlying QUIC_CHANNEL. + */ +int ossl_quic_tserver_set_new_local_cid(QUIC_TSERVER *srv, + const QUIC_CONN_ID *conn_id); + +/* + * Returns the stream ID of the next incoming stream, or UINT64_MAX if there + * currently is none. + */ +uint64_t ossl_quic_tserver_pop_incoming_stream(QUIC_TSERVER *srv); + +/* + * Returns 1 if all data sent on the given stream_id has been acked by the peer. + */ +int ossl_quic_tserver_is_stream_totally_acked(QUIC_TSERVER *srv, + uint64_t stream_id); + +/* Returns 1 if we are currently interested in reading data from the network */ +int ossl_quic_tserver_get_net_read_desired(QUIC_TSERVER *srv); + +/* Returns 1 if we are currently interested in writing data to the network */ +int ossl_quic_tserver_get_net_write_desired(QUIC_TSERVER *srv); + +/* Returns the next event deadline */ +OSSL_TIME ossl_quic_tserver_get_deadline(QUIC_TSERVER *srv); + +/* + * Shutdown the QUIC connection. Returns 1 if the connection is terminated and + * 0 otherwise. + */ +int ossl_quic_tserver_shutdown(QUIC_TSERVER *srv, uint64_t app_error_code); + +/* Force generation of an ACK-eliciting packet. */ +int ossl_quic_tserver_ping(QUIC_TSERVER *srv); + +/* Set tracing callback on channel. */ +void ossl_quic_tserver_set_msg_callback(QUIC_TSERVER *srv, + void (*f)(int write_p, int version, + int content_type, + const void *buf, size_t len, + SSL *ssl, void *arg), + void *arg); + +/* + * This is similar to ossl_quic_conn_get_channel; it should be used for test + * instrumentation only and not to bypass QUIC_TSERVER for 'normal' operations. + */ +QUIC_CHANNEL *ossl_quic_tserver_get_channel(QUIC_TSERVER *srv); + +/* Send a TLS new session ticket */ +int ossl_quic_tserver_new_ticket(QUIC_TSERVER *srv); + +/* + * Set the max_early_data value to be sent in NewSessionTickets. Only the + * values 0 and 0xffffffff are valid for use in QUIC. + */ +int ossl_quic_tserver_set_max_early_data(QUIC_TSERVER *srv, + uint32_t max_early_data); + +/* Set the find session callback for getting a server PSK */ +void ossl_quic_tserver_set_psk_find_session_cb(QUIC_TSERVER *srv, + SSL_psk_find_session_cb_func cb); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_txp.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_txp.h new file mode 100644 index 00000000..ae508f23 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_txp.h @@ -0,0 +1,209 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_TXP_H +# define OSSL_QUIC_TXP_H + +# include +# include "internal/quic_types.h" +# include "internal/quic_record_tx.h" +# include "internal/quic_cfq.h" +# include "internal/quic_txpim.h" +# include "internal/quic_stream.h" +# include "internal/quic_stream_map.h" +# include "internal/quic_fc.h" +# include "internal/bio_addr.h" +# include "internal/time.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC TX Packetiser + * ================== + */ +typedef struct ossl_quic_tx_packetiser_args_st { + /* Configuration Settings */ + QUIC_CONN_ID cur_scid; /* Current Source Connection ID we use. */ + QUIC_CONN_ID cur_dcid; /* Current Destination Connection ID we use. */ + BIO_ADDR peer; /* Current destination L4 address we use. */ + uint32_t ack_delay_exponent; /* ACK delay exponent used when encoding. */ + + /* Injected Dependencies */ + OSSL_QTX *qtx; /* QUIC Record Layer TX we are using */ + QUIC_TXPIM *txpim; /* QUIC TX'd Packet Information Manager */ + QUIC_CFQ *cfq; /* QUIC Control Frame Queue */ + OSSL_ACKM *ackm; /* QUIC Acknowledgement Manager */ + QUIC_STREAM_MAP *qsm; /* QUIC Streams Map */ + QUIC_TXFC *conn_txfc; /* QUIC Connection-Level TX Flow Controller */ + QUIC_RXFC *conn_rxfc; /* QUIC Connection-Level RX Flow Controller */ + QUIC_RXFC *max_streams_bidi_rxfc; /* QUIC RXFC for MAX_STREAMS generation */ + QUIC_RXFC *max_streams_uni_rxfc; + const OSSL_CC_METHOD *cc_method; /* QUIC Congestion Controller */ + OSSL_CC_DATA *cc_data; /* QUIC Congestion Controller Instance */ + OSSL_TIME (*now)(void *arg); /* Callback to get current time. */ + void *now_arg; + + /* + * Injected dependencies - crypto streams. + * + * Note: There is no crypto stream for the 0-RTT EL. + * crypto[QUIC_PN_SPACE_APP] is the 1-RTT crypto stream. + */ + QUIC_SSTREAM *crypto[QUIC_PN_SPACE_NUM]; + + } OSSL_QUIC_TX_PACKETISER_ARGS; + +typedef struct ossl_quic_tx_packetiser_st OSSL_QUIC_TX_PACKETISER; + +OSSL_QUIC_TX_PACKETISER *ossl_quic_tx_packetiser_new(const OSSL_QUIC_TX_PACKETISER_ARGS *args); + +typedef void (ossl_quic_initial_token_free_fn)(const unsigned char *buf, + size_t buf_len, void *arg); + +void ossl_quic_tx_packetiser_free(OSSL_QUIC_TX_PACKETISER *txp); + +/* + * When in the closing state we need to maintain a count of received bytes + * so that we can limit the number of close connection frames we send. + * Refer RFC 9000 s. 10.2.1 Closing Connection State. + */ +void ossl_quic_tx_packetiser_record_received_closing_bytes( + OSSL_QUIC_TX_PACKETISER *txp, size_t n); + +/* + * Generates a datagram by polling the various ELs to determine if they want to + * generate any frames, and generating a datagram which coalesces packets for + * any ELs which do. + * + * Returns 0 on failure (e.g. allocation error or other errors), 1 otherwise. + * + * *status is filled with status information about the generated packet. + * It is always filled even in case of failure. In particular, packets can be + * sent even if failure is later returned. + * See QUIC_TXP_STATUS for details. + */ +typedef struct quic_txp_status_st { + int sent_ack_eliciting; /* Was an ACK-eliciting packet sent? */ + int sent_handshake; /* Was a Handshake packet sent? */ + size_t sent_pkt; /* Number of packets sent (0 if nothing was sent) */ +} QUIC_TXP_STATUS; + +int ossl_quic_tx_packetiser_generate(OSSL_QUIC_TX_PACKETISER *txp, + QUIC_TXP_STATUS *status); + +/* + * Returns a deadline after which a call to ossl_quic_tx_packetiser_generate() + * might succeed even if it did not previously. This may return + * ossl_time_infinite() if there is no such deadline currently applicable. It + * returns ossl_time_zero() if there is (potentially) more data to be generated + * immediately. The value returned is liable to change after any call to + * ossl_quic_tx_packetiser_generate() (or after ACKM or CC state changes). Note + * that ossl_quic_tx_packetiser_generate() can also start to succeed for other + * non-chronological reasons, such as changes to send stream buffers, etc. + */ +OSSL_TIME ossl_quic_tx_packetiser_get_deadline(OSSL_QUIC_TX_PACKETISER *txp); + +/* + * Set the token used in Initial packets. The callback is called when the buffer + * is no longer needed; for example, when the TXP is freed or when this function + * is called again with a new buffer. Fails returning 0 if the token is too big + * to ever be reasonably encapsulated in an outgoing packet based on our current + * understanding of our PMTU. + */ +int ossl_quic_tx_packetiser_set_initial_token(OSSL_QUIC_TX_PACKETISER *txp, + const unsigned char *token, + size_t token_len, + ossl_quic_initial_token_free_fn *free_cb, + void *free_cb_arg); + +/* Change the DCID the TXP uses to send outgoing packets. */ +int ossl_quic_tx_packetiser_set_cur_dcid(OSSL_QUIC_TX_PACKETISER *txp, + const QUIC_CONN_ID *dcid); + +/* Change the SCID the TXP uses to send outgoing (long) packets. */ +int ossl_quic_tx_packetiser_set_cur_scid(OSSL_QUIC_TX_PACKETISER *txp, + const QUIC_CONN_ID *scid); + +/* + * Change the destination L4 address the TXP uses to send datagrams. Specify + * NULL (or AF_UNSPEC) to disable use of addressed mode. + */ +int ossl_quic_tx_packetiser_set_peer(OSSL_QUIC_TX_PACKETISER *txp, + const BIO_ADDR *peer); + +/* + * Inform the TX packetiser that an EL has been discarded. Idempotent. + * + * This does not inform the QTX as well; the caller must also inform the QTX. + * + * The TXP will no longer reference the crypto[enc_level] QUIC_SSTREAM which was + * provided in the TXP arguments. However, it is the callers responsibility to + * free that QUIC_SSTREAM if desired. + */ +int ossl_quic_tx_packetiser_discard_enc_level(OSSL_QUIC_TX_PACKETISER *txp, + uint32_t enc_level); + +/* + * Informs the TX packetiser that the handshake is complete. The TX packetiser + * will not send 1-RTT application data until the handshake is complete, + * as the authenticity of the peer is not confirmed until the handshake + * complete event occurs. + */ +void ossl_quic_tx_packetiser_notify_handshake_complete(OSSL_QUIC_TX_PACKETISER *txp); + +/* Asks the TXP to generate a HANDSHAKE_DONE frame in the next 1-RTT packet. */ +void ossl_quic_tx_packetiser_schedule_handshake_done(OSSL_QUIC_TX_PACKETISER *txp); + +/* Asks the TXP to ensure the next packet in the given PN space is ACK-eliciting. */ +void ossl_quic_tx_packetiser_schedule_ack_eliciting(OSSL_QUIC_TX_PACKETISER *txp, + uint32_t pn_space); + +/* + * Asks the TXP to ensure an ACK is put in the next packet in the given PN + * space. + */ +void ossl_quic_tx_packetiser_schedule_ack(OSSL_QUIC_TX_PACKETISER *txp, + uint32_t pn_space); + +/* + * Schedules a connection close. *f and f->reason are copied. This operation is + * irreversible and causes all further packets generated by the TXP to contain a + * CONNECTION_CLOSE frame. This function fails if it has already been called + * successfully; the information in *f cannot be changed after the first + * successful call to this function. + */ +int ossl_quic_tx_packetiser_schedule_conn_close(OSSL_QUIC_TX_PACKETISER *txp, + const OSSL_QUIC_FRAME_CONN_CLOSE *f); + +/* Setters for the msg_callback and msg_callback_arg */ +void ossl_quic_tx_packetiser_set_msg_callback(OSSL_QUIC_TX_PACKETISER *txp, + ossl_msg_cb msg_callback, + SSL *msg_callback_ssl); +void ossl_quic_tx_packetiser_set_msg_callback_arg(OSSL_QUIC_TX_PACKETISER *txp, + void *msg_callback_arg); + +/* + * Determines the next PN which will be used for a given PN space. + */ +QUIC_PN ossl_quic_tx_packetiser_get_next_pn(OSSL_QUIC_TX_PACKETISER *txp, + uint32_t pn_space); + +/* + * Sets a callback which is called whenever TXP sends an ACK frame. The callee + * must not modify the ACK frame data. Can be used to snoop on PNs being ACKed. + */ +void ossl_quic_tx_packetiser_set_ack_tx_cb(OSSL_QUIC_TX_PACKETISER *txp, + void (*cb)(const OSSL_QUIC_FRAME_ACK *ack, + uint32_t pn_space, + void *arg), + void *cb_arg); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_txpim.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_txpim.h new file mode 100644 index 00000000..ed6e3875 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_txpim.h @@ -0,0 +1,133 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_TXPIM_H +# define OSSL_QUIC_TXPIM_H + +# include +# include "internal/quic_types.h" +# include "internal/quic_cfq.h" +# include "internal/quic_ackm.h" + +# ifndef OPENSSL_NO_QUIC + +/* + * QUIC Transmitted Packet Information Manager + * =========================================== + */ +typedef struct quic_txpim_st QUIC_TXPIM; +typedef struct quic_fifd_st QUIC_FIFD; + +typedef struct quic_txpim_pkt_st { + /* ACKM-specific data. Caller should fill this. */ + OSSL_ACKM_TX_PKT ackm_pkt; + + /* Linked list of CFQ items in this packet. */ + QUIC_CFQ_ITEM *retx_head; + + /* Reserved for FIFD use. */ + QUIC_FIFD *fifd; + + /* Regenerate-strategy frames. */ + unsigned int had_handshake_done_frame : 1; + unsigned int had_max_data_frame : 1; + unsigned int had_max_streams_bidi_frame : 1; + unsigned int had_max_streams_uni_frame : 1; + unsigned int had_ack_frame : 1; + unsigned int had_conn_close : 1; + + /* Private data follows. */ +} QUIC_TXPIM_PKT; + +/* Represents a range of bytes in an application or CRYPTO stream. */ +typedef struct quic_txpim_chunk_st { + /* The stream ID, or UINT64_MAX for the CRYPTO stream. */ + uint64_t stream_id; + /* + * The inclusive range of bytes in the stream. Exceptionally, if end < + * start, designates a frame of zero length (used for FIN-only frames). In + * this case end is the number of the final byte (i.e., one less than the + * final size of the stream). + */ + uint64_t start, end; + /* + * Whether a FIN was sent for this stream in the packet. Not valid for + * CRYPTO stream. + */ + unsigned int has_fin : 1; + /* + * If set, a STOP_SENDING frame was sent for this stream ID. (If no data was + * sent for the stream, set end < start.) + */ + unsigned int has_stop_sending : 1; + /* + * If set, a RESET_STREAM frame was sent for this stream ID. (If no data was + * sent for the stream, set end < start.) + */ + unsigned int has_reset_stream : 1; +} QUIC_TXPIM_CHUNK; + +QUIC_TXPIM *ossl_quic_txpim_new(void); + +/* + * Frees the TXPIM. All QUIC_TXPIM_PKTs which have been handed out by the TXPIM + * must be released via a call to ossl_quic_txpim_pkt_release() before calling + * this function. + */ +void ossl_quic_txpim_free(QUIC_TXPIM *txpim); + +/* + * Allocates a new QUIC_TXPIM_PKT structure from the pool. Returns NULL on + * failure. The returned structure is cleared of all data and is in a fresh + * initial state. + */ +QUIC_TXPIM_PKT *ossl_quic_txpim_pkt_alloc(QUIC_TXPIM *txpim); + +/* + * Releases the TXPIM packet, returning it to the pool. + */ +void ossl_quic_txpim_pkt_release(QUIC_TXPIM *txpim, QUIC_TXPIM_PKT *fpkt); + +/* Clears the chunk list of the packet, removing all entries. */ +void ossl_quic_txpim_pkt_clear_chunks(QUIC_TXPIM_PKT *fpkt); + +/* Appends a chunk to the packet. The structure is copied. */ +int ossl_quic_txpim_pkt_append_chunk(QUIC_TXPIM_PKT *fpkt, + const QUIC_TXPIM_CHUNK *chunk); + +/* Adds a CFQ item to the packet by prepending it to the retx_head list. */ +void ossl_quic_txpim_pkt_add_cfq_item(QUIC_TXPIM_PKT *fpkt, + QUIC_CFQ_ITEM *item); + +/* + * Returns a pointer to an array of stream chunk information structures for the + * given packet. The caller must call ossl_quic_txpim_pkt_get_num_chunks() to + * determine the length of this array. The returned pointer is invalidated + * if the chunk list is mutated, for example via a call to + * ossl_quic_txpim_pkt_append_chunk() or ossl_quic_txpim_pkt_clear_chunks(). + * + * The chunks are sorted by (stream_id, start) in ascending order. + */ +const QUIC_TXPIM_CHUNK *ossl_quic_txpim_pkt_get_chunks(const QUIC_TXPIM_PKT *fpkt); + +/* + * Returns the number of entries in the array returned by + * ossl_quic_txpim_pkt_get_chunks(). + */ +size_t ossl_quic_txpim_pkt_get_num_chunks(const QUIC_TXPIM_PKT *fpkt); + +/* + * Returns the number of QUIC_TXPIM_PKTs allocated by the given TXPIM that have + * yet to be returned to the TXPIM. + */ +size_t ossl_quic_txpim_get_in_use(const QUIC_TXPIM *txpim); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_types.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_types.h new file mode 100644 index 00000000..d42164ba --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_types.h @@ -0,0 +1,116 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_TYPES_H +# define OSSL_QUIC_TYPES_H + +# include +# include +# include +# include + +# ifndef OPENSSL_NO_QUIC + +/* QUIC encryption levels. */ +enum { + QUIC_ENC_LEVEL_INITIAL = 0, + QUIC_ENC_LEVEL_HANDSHAKE, + QUIC_ENC_LEVEL_0RTT, + QUIC_ENC_LEVEL_1RTT, + QUIC_ENC_LEVEL_NUM /* Must be the ultimate entry */ +}; + +/* QUIC packet number spaces. */ +enum { + QUIC_PN_SPACE_INITIAL = 0, + QUIC_PN_SPACE_HANDSHAKE, + /* New entries must go here, so that QUIC_PN_SPACE_APP is the penultimate */ + QUIC_PN_SPACE_APP, + QUIC_PN_SPACE_NUM /* Must be the ultimate entry */ +}; + +static ossl_unused ossl_inline uint32_t +ossl_quic_enc_level_to_pn_space(uint32_t enc_level) +{ + switch (enc_level) { + case QUIC_ENC_LEVEL_INITIAL: + return QUIC_PN_SPACE_INITIAL; + case QUIC_ENC_LEVEL_HANDSHAKE: + return QUIC_PN_SPACE_HANDSHAKE; + case QUIC_ENC_LEVEL_0RTT: + case QUIC_ENC_LEVEL_1RTT: + return QUIC_PN_SPACE_APP; + default: + assert(0); + return QUIC_PN_SPACE_APP; + } +} + +/* QUIC packet number representation. */ +typedef uint64_t QUIC_PN; +# define QUIC_PN_INVALID UINT64_MAX + +static ossl_unused ossl_inline QUIC_PN ossl_quic_pn_max(QUIC_PN a, QUIC_PN b) +{ + return a > b ? a : b; +} + +static ossl_unused ossl_inline QUIC_PN ossl_quic_pn_min(QUIC_PN a, QUIC_PN b) +{ + return a < b ? a : b; +} + +static ossl_unused ossl_inline int ossl_quic_pn_valid(QUIC_PN pn) +{ + return pn < (((QUIC_PN)1) << 62); +} + +/* QUIC connection ID representation. */ +# define QUIC_MAX_CONN_ID_LEN 20 + +typedef struct quic_conn_id_st { + unsigned char id_len, id[QUIC_MAX_CONN_ID_LEN]; +} QUIC_CONN_ID; + +static ossl_unused ossl_inline int ossl_quic_conn_id_eq(const QUIC_CONN_ID *a, + const QUIC_CONN_ID *b) +{ + if (a->id_len != b->id_len || a->id_len > QUIC_MAX_CONN_ID_LEN) + return 0; + return memcmp(a->id, b->id, a->id_len) == 0; +} + +# define QUIC_MIN_INITIAL_DGRAM_LEN 1200 + +# define QUIC_DEFAULT_ACK_DELAY_EXP 3 +# define QUIC_MAX_ACK_DELAY_EXP 20 + +# define QUIC_DEFAULT_MAX_ACK_DELAY 25 + +# define QUIC_MIN_ACTIVE_CONN_ID_LIMIT 2 + +/* Arbitrary choice of default idle timeout (not an RFC value). */ +# define QUIC_DEFAULT_IDLE_TIMEOUT 30000 + +# define QUIC_STATELESS_RESET_TOKEN_LEN 16 + +typedef struct { + unsigned char token[QUIC_STATELESS_RESET_TOKEN_LEN]; +} QUIC_STATELESS_RESET_TOKEN; + +/* + * An encoded preferred_addr transport parameter cannot be shorter or longer + * than these lengths in bytes. + */ +# define QUIC_MIN_ENCODED_PREFERRED_ADDR_LEN 41 +# define QUIC_MAX_ENCODED_PREFERRED_ADDR_LEN 61 + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_vlint.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_vlint.h new file mode 100644 index 00000000..d4b70b22 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_vlint.h @@ -0,0 +1,127 @@ +/* +* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +* +* Licensed under the Apache License 2.0 (the "License"). You may not use +* this file except in compliance with the License. You can obtain a copy +* in the file LICENSE in the source distribution or at +* https://www.openssl.org/source/license.html +*/ + +#ifndef OSSL_INTERNAL_QUIC_VLINT_H +# define OSSL_INTERNAL_QUIC_VLINT_H +# pragma once + +# include "internal/e_os.h" + +# ifndef OPENSSL_NO_QUIC + +/* The smallest value requiring a 1, 2, 4, or 8-byte representation. */ +#define OSSL_QUIC_VLINT_1B_MIN 0 +#define OSSL_QUIC_VLINT_2B_MIN 64 +#define OSSL_QUIC_VLINT_4B_MIN 16384 +#define OSSL_QUIC_VLINT_8B_MIN 1073741824 + +/* The largest value representable in a given number of bytes. */ +#define OSSL_QUIC_VLINT_1B_MAX (OSSL_QUIC_VLINT_2B_MIN - 1) +#define OSSL_QUIC_VLINT_2B_MAX (OSSL_QUIC_VLINT_4B_MIN - 1) +#define OSSL_QUIC_VLINT_4B_MAX (OSSL_QUIC_VLINT_8B_MIN - 1) +#define OSSL_QUIC_VLINT_8B_MAX (((uint64_t)1 << 62) - 1) + +/* The largest value representable as a variable-length integer. */ +#define OSSL_QUIC_VLINT_MAX OSSL_QUIC_VLINT_8B_MAX + +/* + * Returns the number of bytes needed to encode v in the QUIC variable-length + * integer encoding. + * + * Returns 0 if v exceeds OSSL_QUIC_VLINT_MAX. + */ +static ossl_unused ossl_inline size_t ossl_quic_vlint_encode_len(uint64_t v) +{ + if (v < OSSL_QUIC_VLINT_2B_MIN) + return 1; + + if (v < OSSL_QUIC_VLINT_4B_MIN) + return 2; + + if (v < OSSL_QUIC_VLINT_8B_MIN) + return 4; + + if (v <= OSSL_QUIC_VLINT_MAX) + return 8; + + return 0; +} + +/* + * This function writes a QUIC varable-length encoded integer to buf. + * The smallest usable representation is used. + * + * It is the caller's responsibility to ensure that the buffer is big enough by + * calling ossl_quic_vlint_encode_len(v) before calling this function. + * + * Precondition: buf is at least ossl_quic_vlint_enc_len(v) bytes in size + * (unchecked) + * Precondition: v does not exceed OSSL_QUIC_VLINT_MAX + * (unchecked) + */ +void ossl_quic_vlint_encode(unsigned char *buf, uint64_t v); + +/* + * This function writes a QUIC variable-length encoded integer to buf. The + * specified number of bytes n are used for the encoding, which means that the + * encoded value may take up more space than necessary. + * + * It is the caller's responsibility to ensure that the buffer is of at least n + * bytes, and that v is representable by a n-byte QUIC variable-length integer. + * The representable ranges are: + * + * 1-byte encoding: [0, 2** 6-1] + * 2-byte encoding: [0, 2**14-1] + * 4-byte encoding: [0, 2**30-1] + * 8-byte encoding: [0, 2**62-1] + * + * Precondition: buf is at least n bytes in size (unchecked) + * Precondition: v does not exceed the representable range + * (ossl_quic_vlint_encode_len(v) <= n) (unchecked) + * Precondition: v does not exceed OSSL_QUIC_VLINT_MAX + * (unchecked) + */ +void ossl_quic_vlint_encode_n(unsigned char *buf, uint64_t v, int n); + +/* + * Given the first byte of an encoded QUIC variable-length integer, returns + * the number of bytes comprising the encoded integer, including the first + * byte. + */ +static ossl_unused ossl_inline size_t ossl_quic_vlint_decode_len(uint8_t first_byte) +{ + return 1U << ((first_byte & 0xC0) >> 6); +} + +/* + * Given a buffer containing an encoded QUIC variable-length integer, returns + * the decoded value. The buffer must be of at least + * ossl_quic_vlint_decode_len(buf[0]) bytes in size, and the caller is responsible + * for checking this. + * + * Precondition: buf is at least ossl_quic_vlint_decode_len(buf[0]) bytes in size + * (unchecked) + */ +uint64_t ossl_quic_vlint_decode_unchecked(const unsigned char *buf); + +/* + * Given a buffer buf of buf_len bytes in length, attempts to decode an encoded + * QUIC variable-length integer at the start of the buffer and writes the result + * to *v. If buf_len is inadequate, suggesting a truncated encoded integer, the + * function fails and 0 is returned. Otherwise, returns the number of bytes + * consumed. + * + * Precondition: buf is at least buf_len bytes in size + * Precondition: v (unchecked) + */ +int ossl_quic_vlint_decode(const unsigned char *buf, size_t buf_len, uint64_t *v); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_wire.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_wire.h new file mode 100644 index 00000000..cd01feb0 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_wire.h @@ -0,0 +1,784 @@ +/* +* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +* +* Licensed under the Apache License 2.0 (the "License"). You may not use +* this file except in compliance with the License. You can obtain a copy +* in the file LICENSE in the source distribution or at +* https://www.openssl.org/source/license.html +*/ + +#ifndef OSSL_INTERNAL_QUIC_WIRE_H +# define OSSL_INTERNAL_QUIC_WIRE_H +# pragma once + +# include "internal/e_os.h" +# include "internal/time.h" +# include "internal/quic_types.h" +# include "internal/packet_quic.h" + +# ifndef OPENSSL_NO_QUIC + +# define OSSL_QUIC_FRAME_TYPE_PADDING 0x00 +# define OSSL_QUIC_FRAME_TYPE_PING 0x01 +# define OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN 0x02 +# define OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN 0x03 +# define OSSL_QUIC_FRAME_TYPE_RESET_STREAM 0x04 +# define OSSL_QUIC_FRAME_TYPE_STOP_SENDING 0x05 +# define OSSL_QUIC_FRAME_TYPE_CRYPTO 0x06 +# define OSSL_QUIC_FRAME_TYPE_NEW_TOKEN 0x07 +# define OSSL_QUIC_FRAME_TYPE_MAX_DATA 0x10 +# define OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA 0x11 +# define OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI 0x12 +# define OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI 0x13 +# define OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED 0x14 +# define OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED 0x15 +# define OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI 0x16 +# define OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI 0x17 +# define OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID 0x18 +# define OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID 0x19 +# define OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE 0x1A +# define OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE 0x1B +# define OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_TRANSPORT 0x1C +# define OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP 0x1D +# define OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE 0x1E + +# define OSSL_QUIC_FRAME_FLAG_STREAM_FIN 0x01 +# define OSSL_QUIC_FRAME_FLAG_STREAM_LEN 0x02 +# define OSSL_QUIC_FRAME_FLAG_STREAM_OFF 0x04 +# define OSSL_QUIC_FRAME_FLAG_STREAM_MASK ((uint64_t)0x07) + +/* Low 3 bits of the type contain flags */ +# define OSSL_QUIC_FRAME_TYPE_STREAM 0x08 /* base ID */ +# define OSSL_QUIC_FRAME_TYPE_STREAM_FIN \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_FIN) +# define OSSL_QUIC_FRAME_TYPE_STREAM_LEN \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_LEN) +# define OSSL_QUIC_FRAME_TYPE_STREAM_LEN_FIN \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_LEN | \ + OSSL_QUIC_FRAME_FLAG_STREAM_FIN) +# define OSSL_QUIC_FRAME_TYPE_STREAM_OFF \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_OFF) +# define OSSL_QUIC_FRAME_TYPE_STREAM_OFF_FIN \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_OFF | \ + OSSL_QUIC_FRAME_FLAG_STREAM_FIN) +# define OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_OFF | \ + OSSL_QUIC_FRAME_FLAG_STREAM_LEN) +# define OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN_FIN \ + (OSSL_QUIC_FRAME_TYPE_STREAM | \ + OSSL_QUIC_FRAME_FLAG_STREAM_OFF | \ + OSSL_QUIC_FRAME_FLAG_STREAM_LEN | \ + OSSL_QUIC_FRAME_FLAG_STREAM_FIN) + +# define OSSL_QUIC_FRAME_TYPE_IS_STREAM(x) \ + (((x) & ~OSSL_QUIC_FRAME_FLAG_STREAM_MASK) == OSSL_QUIC_FRAME_TYPE_STREAM) +# define OSSL_QUIC_FRAME_TYPE_IS_ACK(x) \ + (((x) & ~(uint64_t)1) == OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN) +# define OSSL_QUIC_FRAME_TYPE_IS_MAX_STREAMS(x) \ + (((x) & ~(uint64_t)1) == OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI) +# define OSSL_QUIC_FRAME_TYPE_IS_STREAMS_BLOCKED(x) \ + (((x) & ~(uint64_t)1) == OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI) +# define OSSL_QUIC_FRAME_TYPE_IS_CONN_CLOSE(x) \ + (((x) & ~(uint64_t)1) == OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_TRANSPORT) + +const char *ossl_quic_frame_type_to_string(uint64_t frame_type); + +static ossl_unused ossl_inline int +ossl_quic_frame_type_is_ack_eliciting(uint64_t frame_type) +{ + switch (frame_type) { + case OSSL_QUIC_FRAME_TYPE_PADDING: + case OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN: + case OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN: + case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_TRANSPORT: + case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP: + return 0; + default: + return 1; + } +} + +/* QUIC Transport Parameter Types */ +# define QUIC_TPARAM_ORIG_DCID 0x00 +# define QUIC_TPARAM_MAX_IDLE_TIMEOUT 0x01 +# define QUIC_TPARAM_STATELESS_RESET_TOKEN 0x02 +# define QUIC_TPARAM_MAX_UDP_PAYLOAD_SIZE 0x03 +# define QUIC_TPARAM_INITIAL_MAX_DATA 0x04 +# define QUIC_TPARAM_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL 0x05 +# define QUIC_TPARAM_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE 0x06 +# define QUIC_TPARAM_INITIAL_MAX_STREAM_DATA_UNI 0x07 +# define QUIC_TPARAM_INITIAL_MAX_STREAMS_BIDI 0x08 +# define QUIC_TPARAM_INITIAL_MAX_STREAMS_UNI 0x09 +# define QUIC_TPARAM_ACK_DELAY_EXP 0x0A +# define QUIC_TPARAM_MAX_ACK_DELAY 0x0B +# define QUIC_TPARAM_DISABLE_ACTIVE_MIGRATION 0x0C +# define QUIC_TPARAM_PREFERRED_ADDR 0x0D +# define QUIC_TPARAM_ACTIVE_CONN_ID_LIMIT 0x0E +# define QUIC_TPARAM_INITIAL_SCID 0x0F +# define QUIC_TPARAM_RETRY_SCID 0x10 + +/* + * QUIC Frame Logical Representations + * ================================== + */ + +/* QUIC Frame: ACK */ +typedef struct ossl_quic_ack_range_st { + /* + * Represents an inclusive range of packet numbers [start, end]. + * start must be <= end. + */ + QUIC_PN start, end; +} OSSL_QUIC_ACK_RANGE; + +typedef struct ossl_quic_frame_ack_st { + /* + * A sequence of packet number ranges [[start, end]...]. + * + * The ranges must be sorted in descending order, for example: + * [ 95, 100] + * [ 90, 92] + * etc. + * + * As such, ack_ranges[0].end is always the highest packet number + * being acknowledged and ack_ranges[num_ack_ranges-1].start is + * always the lowest packet number being acknowledged. + * + * num_ack_ranges must be greater than zero, as an ACK frame must + * acknowledge at least one packet number. + */ + OSSL_QUIC_ACK_RANGE *ack_ranges; + size_t num_ack_ranges; + + OSSL_TIME delay_time; + uint64_t ect0, ect1, ecnce; + unsigned int ecn_present : 1; +} OSSL_QUIC_FRAME_ACK; + +/* Returns 1 if the given frame contains the given PN. */ +int ossl_quic_frame_ack_contains_pn(const OSSL_QUIC_FRAME_ACK *ack, QUIC_PN pn); + +/* QUIC Frame: STREAM */ +typedef struct ossl_quic_frame_stream_st { + uint64_t stream_id; /* Stream ID */ + uint64_t offset; /* Logical offset in stream */ + uint64_t len; /* Length of data in bytes */ + const unsigned char *data; + + /* + * On encode, this determines whether the len field should be encoded or + * not. If zero, the len field is not encoded and it is assumed the frame + * runs to the end of the packet. + * + * On decode, this determines whether the frame had an explicitly encoded + * length. If not set, the frame runs to the end of the packet and len has + * been set accordingly. + */ + unsigned int has_explicit_len : 1; + + /* 1 if this is the end of the stream */ + unsigned int is_fin : 1; +} OSSL_QUIC_FRAME_STREAM; + +/* QUIC Frame: CRYPTO */ +typedef struct ossl_quic_frame_crypto_st { + uint64_t offset; /* Logical offset in stream */ + uint64_t len; /* Length of the data in bytes */ + const unsigned char *data; +} OSSL_QUIC_FRAME_CRYPTO; + +/* QUIC Frame: RESET_STREAM */ +typedef struct ossl_quic_frame_reset_stream_st { + uint64_t stream_id; + uint64_t app_error_code; + uint64_t final_size; +} OSSL_QUIC_FRAME_RESET_STREAM; + +/* QUIC Frame: STOP_SENDING */ +typedef struct ossl_quic_frame_stop_sending_st { + uint64_t stream_id; + uint64_t app_error_code; +} OSSL_QUIC_FRAME_STOP_SENDING; + +/* QUIC Frame: NEW_CONNECTION_ID */ +typedef struct ossl_quic_frame_new_conn_id_st { + uint64_t seq_num; + uint64_t retire_prior_to; + QUIC_CONN_ID conn_id; + QUIC_STATELESS_RESET_TOKEN stateless_reset; +} OSSL_QUIC_FRAME_NEW_CONN_ID; + +/* QUIC Frame: CONNECTION_CLOSE */ +typedef struct ossl_quic_frame_conn_close_st { + unsigned int is_app : 1; /* 0: transport error, 1: app error */ + uint64_t error_code; /* 62-bit transport or app error code */ + uint64_t frame_type; /* transport errors only */ + char *reason; /* UTF-8 string, not necessarily zero-terminated */ + size_t reason_len; /* Length of reason in bytes */ +} OSSL_QUIC_FRAME_CONN_CLOSE; + +/* + * QUIC Wire Format Encoding + * ========================= + * + * These functions return 1 on success and 0 on failure. + */ + +/* + * Encodes zero or more QUIC PADDING frames to the packet writer. Each PADDING + * frame consumes one byte; num_bytes specifies the number of bytes of padding + * to write. + */ +int ossl_quic_wire_encode_padding(WPACKET *pkt, size_t num_bytes); + +/* + * Encodes a QUIC PING frame to the packet writer. This frame type takes + * no arguments. +*/ +int ossl_quic_wire_encode_frame_ping(WPACKET *pkt); + +/* + * Encodes a QUIC ACK frame to the packet writer, given a logical representation + * of the ACK frame. + * + * The ACK ranges passed must be sorted in descending order. + * + * The logical representation stores a list of packet number ranges. The wire + * encoding is slightly different and stores the first range in the list + * in a different manner. + * + * The ack_delay_exponent argument specifies the index of a power of two by + * which the ack->ack_delay field is be divided. This exponent value must match + * the value used when decoding. + */ +int ossl_quic_wire_encode_frame_ack(WPACKET *pkt, + uint32_t ack_delay_exponent, + const OSSL_QUIC_FRAME_ACK *ack); + +/* + * Encodes a QUIC RESET_STREAM frame to the packet writer, given a logical + * representation of the RESET_STREAM frame. + */ +int ossl_quic_wire_encode_frame_reset_stream(WPACKET *pkt, + const OSSL_QUIC_FRAME_RESET_STREAM *f); + +/* + * Encodes a QUIC STOP_SENDING frame to the packet writer, given a logical + * representation of the STOP_SENDING frame. + */ +int ossl_quic_wire_encode_frame_stop_sending(WPACKET *pkt, + const OSSL_QUIC_FRAME_STOP_SENDING *f); + +/* + * Encodes a QUIC CRYPTO frame header to the packet writer. + * + * To create a well-formed frame, the data written using this function must be + * immediately followed by f->len bytes of data. + */ +int ossl_quic_wire_encode_frame_crypto_hdr(WPACKET *hdr, + const OSSL_QUIC_FRAME_CRYPTO *f); + +/* + * Returns the number of bytes which will be required to encode the given + * CRYPTO frame header. Does not include the payload bytes in the count. + * Returns 0 if input is invalid. + */ +size_t ossl_quic_wire_get_encoded_frame_len_crypto_hdr(const OSSL_QUIC_FRAME_CRYPTO *f); + +/* + * Encodes a QUIC CRYPTO frame to the packet writer. + * + * This function returns a pointer to a buffer of f->len bytes which the caller + * should fill however it wishes. If f->data is non-NULL, it is automatically + * copied to the target buffer, otherwise the caller must fill the returned + * buffer. Returns NULL on failure. + */ +void *ossl_quic_wire_encode_frame_crypto(WPACKET *pkt, + const OSSL_QUIC_FRAME_CRYPTO *f); + +/* + * Encodes a QUIC NEW_TOKEN frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_new_token(WPACKET *pkt, + const unsigned char *token, + size_t token_len); + +/* + * Encodes a QUIC STREAM frame's header to the packet writer. The f->stream_id, + * f->offset and f->len fields are the values for the respective Stream ID, + * Offset and Length fields. + * + * If f->is_fin is non-zero, the frame is marked as the final frame in the + * stream. + * + * If f->has_explicit_len is zerro, the frame is assumed to be the final frame + * in the packet, which the caller is responsible for ensuring; the Length + * field is then omitted. + * + * To create a well-formed frame, the data written using this function must be + * immediately followed by f->len bytes of stream data. + */ +int ossl_quic_wire_encode_frame_stream_hdr(WPACKET *pkt, + const OSSL_QUIC_FRAME_STREAM *f); + +/* + * Returns the number of bytes which will be required to encode the given + * STREAM frame header. Does not include the payload bytes in the count. + * Returns 0 if input is invalid. + */ +size_t ossl_quic_wire_get_encoded_frame_len_stream_hdr(const OSSL_QUIC_FRAME_STREAM *f); + +/* + * Functions similarly to ossl_quic_wire_encode_frame_stream_hdr, but it also + * allocates space for f->len bytes of data after the header, creating a + * well-formed QUIC STREAM frame in one call. + * + * A pointer to the bytes allocated for the framme payload is returned, + * which the caller can fill however it wishes. If f->data is non-NULL, + * it is automatically copied to the target buffer, otherwise the caller + * must fill the returned buffer. Returns NULL on failure. + */ +void *ossl_quic_wire_encode_frame_stream(WPACKET *pkt, + const OSSL_QUIC_FRAME_STREAM *f); + +/* + * Encodes a QUIC MAX_DATA frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_max_data(WPACKET *pkt, + uint64_t max_data); + +/* + * Encodes a QUIC MAX_STREAM_DATA frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_max_stream_data(WPACKET *pkt, + uint64_t stream_id, + uint64_t max_data); + +/* + * Encodes a QUIC MAX_STREAMS frame to the packet writer. + * + * If is_uni is 0, the count specifies the maximum number of + * bidirectional streams; else it specifies the maximum number of unidirectional + * streams. + */ +int ossl_quic_wire_encode_frame_max_streams(WPACKET *pkt, + char is_uni, + uint64_t max_streams); + +/* + * Encodes a QUIC DATA_BLOCKED frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_data_blocked(WPACKET *pkt, + uint64_t max_data); + +/* + * Encodes a QUIC STREAM_DATA_BLOCKED frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_stream_data_blocked(WPACKET *pkt, + uint64_t stream_id, + uint64_t max_stream_data); +/* + * Encodes a QUIC STREAMS_BLOCKED frame to the packet writer. + * + * If is_uni is 0, the count specifies the maximum number of + * bidirectional streams; else it specifies the maximum number of unidirectional + * streams. + */ +int ossl_quic_wire_encode_frame_streams_blocked(WPACKET *pkt, + char is_uni, + uint64_t max_streams); + +/* + * Encodes a QUIC NEW_CONNECTION_ID frame to the packet writer, given a logical + * representation of the NEW_CONNECTION_ID frame. + * + * The buffer pointed to by the conn_id field must be valid for the duration of + * the call. + */ +int ossl_quic_wire_encode_frame_new_conn_id(WPACKET *pkt, + const OSSL_QUIC_FRAME_NEW_CONN_ID *f); + +/* + * Encodes a QUIC RETIRE_CONNECTION_ID frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_retire_conn_id(WPACKET *pkt, + uint64_t seq_num); + +/* + * Encodes a QUIC PATH_CHALLENGE frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_path_challenge(WPACKET *pkt, + uint64_t data); + +/* + * Encodes a QUIC PATH_RESPONSE frame to the packet writer. + */ +int ossl_quic_wire_encode_frame_path_response(WPACKET *pkt, + uint64_t data); + +/* + * Encodes a QUIC CONNECTION_CLOSE frame to the packet writer, given a logical + * representation of the CONNECTION_CLOSE frame. + * + * The reason field may be NULL, in which case no reason is encoded. If the + * reason field is non-NULL, it must point to a valid UTF-8 string and + * reason_len must be set to the length of the reason string in bytes. The + * reason string need not be zero terminated. + */ +int ossl_quic_wire_encode_frame_conn_close(WPACKET *pkt, + const OSSL_QUIC_FRAME_CONN_CLOSE *f); + +/* + * Encodes a QUIC HANDSHAKE_DONE frame to the packet writer. This frame type + * takes no arguiments. + */ +int ossl_quic_wire_encode_frame_handshake_done(WPACKET *pkt); + +/* + * Encodes a QUIC transport parameter TLV with the given ID into the WPACKET. + * The payload is an arbitrary buffer. + * + * If value is non-NULL, the value is copied into the packet. + * If it is NULL, value_len bytes are allocated for the payload and the caller + * should fill the buffer using the returned pointer. + * + * Returns a pointer to the start of the payload on success, or NULL on failure. + */ +unsigned char *ossl_quic_wire_encode_transport_param_bytes(WPACKET *pkt, + uint64_t id, + const unsigned char *value, + size_t value_len); + +/* + * Encodes a QUIC transport parameter TLV with the given ID into the WPACKET. + * The payload is a QUIC variable-length integer with the given value. + */ +int ossl_quic_wire_encode_transport_param_int(WPACKET *pkt, + uint64_t id, + uint64_t value); + +/* + * Encodes a QUIC transport parameter TLV with a given ID into the WPACKET. + * The payload is a QUIC connection ID. + */ +int ossl_quic_wire_encode_transport_param_cid(WPACKET *wpkt, + uint64_t id, + const QUIC_CONN_ID *cid); + +/* + * QUIC Wire Format Decoding + * ========================= + * + * These functions return 1 on success or 0 for failure. Typical reasons + * why these functions may fail include: + * + * - A frame decode function is called but the frame in the PACKET's buffer + * is not of the correct type. + * + * - A variable-length field in the encoded frame appears to exceed the bounds + * of the PACKET's buffer. + * + * These functions should be called with the PACKET pointing to the start of the + * frame (including the initial type field), and consume an entire frame + * including its type field. The expectation is that the caller will have + * already discerned the frame type using ossl_quic_wire_peek_frame_header(). + */ + +/* + * Decodes the type field header of a QUIC frame (without advancing the current + * position). This can be used to determine the frame type and determine which + * frame decoding function to call. + */ +int ossl_quic_wire_peek_frame_header(PACKET *pkt, uint64_t *type, + int *was_minimal); + +/* + * Like ossl_quic_wire_peek_frame_header, but advances the current position + * so that the type field is consumed. For advanced use only. + */ +int ossl_quic_wire_skip_frame_header(PACKET *pkt, uint64_t *type); + +/* + * Determines how many ranges are needed to decode a QUIC ACK frame. + * + * The number of ranges which must be allocated before the call to + * ossl_quic_wire_decode_frame_ack is written to *total_ranges. + * + * The PACKET is not advanced. + */ +int ossl_quic_wire_peek_frame_ack_num_ranges(const PACKET *pkt, + uint64_t *total_ranges); + +/* + * Decodes a QUIC ACK frame. The ack_ranges field of the passed structure should + * point to a preallocated array of ACK ranges and the num_ack_ranges field + * should specify the length of allocation. + * + * *total_ranges is written with the number of ranges in the decoded frame, + * which may be greater than the number of ranges which were decoded (i.e. if + * num_ack_ranges was too small to decode all ranges). + * + * On success, this function modifies the num_ack_ranges field to indicate the + * number of ranges in the decoded frame. This is the number of entries in the + * ACK ranges array written by this function; any additional entries are not + * modified. + * + * If the number of ACK ranges in the decoded frame exceeds that in + * num_ack_ranges, as many ACK ranges as possible are decoded into the range + * array. The caller can use the value written to *total_ranges to detect this + * condition, as *total_ranges will exceed num_ack_ranges. + * + * If ack is NULL, the frame is still decoded, but only *total_ranges is + * written. This can be used to determine the number of ranges which must be + * allocated. + * + * The ack_delay_exponent argument specifies the index of a power of two used to + * decode the ack_delay field. This must match the ack_delay_exponent value used + * to encode the frame. + */ +int ossl_quic_wire_decode_frame_ack(PACKET *pkt, + uint32_t ack_delay_exponent, + OSSL_QUIC_FRAME_ACK *ack, + uint64_t *total_ranges); + +/* + * Decodes a QUIC RESET_STREAM frame. + */ +int ossl_quic_wire_decode_frame_reset_stream(PACKET *pkt, + OSSL_QUIC_FRAME_RESET_STREAM *f); + +/* + * Decodes a QUIC STOP_SENDING frame. + */ +int ossl_quic_wire_decode_frame_stop_sending(PACKET *pkt, + OSSL_QUIC_FRAME_STOP_SENDING *f); + +/* + * Decodes a QUIC CRYPTO frame. + * + * f->data is set to point inside the packet buffer inside the PACKET, therefore + * it is safe to access for as long as the packet buffer exists. If nodata is + * set to 1 then reading the PACKET stops after the frame header and f->data is + * set to NULL. + */ +int ossl_quic_wire_decode_frame_crypto(PACKET *pkt, int nodata, + OSSL_QUIC_FRAME_CRYPTO *f); + +/* + * Decodes a QUIC NEW_TOKEN frame. *token is written with a pointer to the token + * bytes and *token_len is written with the length of the token in bytes. + */ +int ossl_quic_wire_decode_frame_new_token(PACKET *pkt, + const unsigned char **token, + size_t *token_len); + +/* + * Decodes a QUIC STREAM frame. + * + * If nodata is set to 1 then reading the PACKET stops after the frame header + * and f->data is set to NULL. In this case f->len will also be 0 in the event + * that "has_explicit_len" is 0. + * + * If the frame did not contain an offset field, f->offset is set to 0, as the + * absence of an offset field is equivalent to an offset of 0. + * + * If the frame contained a length field, f->has_explicit_len is set to 1 and + * the length of the data is placed in f->len. This function ensures that the + * length does not exceed the packet buffer, thus it is safe to access f->data. + * + * If the frame did not contain a length field, this means that the frame runs + * until the end of the packet. This function sets f->has_explicit_len to zero, + * and f->len to the amount of data remaining in the input buffer. Therefore, + * this function should be used with a PACKET representing a single packet (and + * not e.g. multiple packets). + * + * Note also that this means f->len is always valid after this function returns + * successfully, regardless of the value of f->has_explicit_len. + * + * f->data points inside the packet buffer inside the PACKET, therefore it is + * safe to access for as long as the packet buffer exists. + * + * f->is_fin is set according to whether the frame was marked as ending the + * stream. + */ +int ossl_quic_wire_decode_frame_stream(PACKET *pkt, int nodata, + OSSL_QUIC_FRAME_STREAM *f); + +/* + * Decodes a QUIC MAX_DATA frame. The Maximum Data field is written to + * *max_data. + */ +int ossl_quic_wire_decode_frame_max_data(PACKET *pkt, + uint64_t *max_data); + +/* + * Decodes a QUIC MAX_STREAM_DATA frame. The Stream ID is written to *stream_id + * and Maximum Stream Data field is written to *max_stream_data. + */ +int ossl_quic_wire_decode_frame_max_stream_data(PACKET *pkt, + uint64_t *stream_id, + uint64_t *max_stream_data); +/* + * Decodes a QUIC MAX_STREAMS frame. The Maximum Streams field is written to + * *max_streams. + * + * Whether the limit concerns bidirectional streams or unidirectional streams is + * denoted by the frame type; the caller should examine the frame type to + * determine this. + */ +int ossl_quic_wire_decode_frame_max_streams(PACKET *pkt, + uint64_t *max_streams); + +/* + * Decodes a QUIC DATA_BLOCKED frame. The Maximum Data field is written to + * *max_data. + */ +int ossl_quic_wire_decode_frame_data_blocked(PACKET *pkt, + uint64_t *max_data); + +/* + * Decodes a QUIC STREAM_DATA_BLOCKED frame. The Stream ID and Maximum Stream + * Data fields are written to *stream_id and *max_stream_data respectively. + */ +int ossl_quic_wire_decode_frame_stream_data_blocked(PACKET *pkt, + uint64_t *stream_id, + uint64_t *max_stream_data); + +/* + * Decodes a QUIC STREAMS_BLOCKED frame. The Maximum Streams field is written to + * *max_streams. + * + * Whether the limit concerns bidirectional streams or unidirectional streams is + * denoted by the frame type; the caller should examine the frame type to + * determine this. + */ +int ossl_quic_wire_decode_frame_streams_blocked(PACKET *pkt, + uint64_t *max_streams); + + +/* + * Decodes a QUIC NEW_CONNECTION_ID frame. The logical representation of the + * frame is written to *f. + * + * The conn_id field is set to point to the connection ID string inside the + * packet buffer; it is therefore valid for as long as the PACKET's buffer is + * valid. The conn_id_len field is set to the length of the connection ID string + * in bytes. + */ +int ossl_quic_wire_decode_frame_new_conn_id(PACKET *pkt, + OSSL_QUIC_FRAME_NEW_CONN_ID *f); + +/* + * Decodes a QUIC RETIRE_CONNECTION_ID frame. The Sequence Number field + * is written to *seq_num. + */ +int ossl_quic_wire_decode_frame_retire_conn_id(PACKET *pkt, + uint64_t *seq_num); + +/* + * Decodes a QUIC PATH_CHALLENGE frame. The Data field is written to *data. + */ +int ossl_quic_wire_decode_frame_path_challenge(PACKET *pkt, + uint64_t *data); + +/* + * Decodes a QUIC PATH_CHALLENGE frame. The Data field is written to *data. + */ +int ossl_quic_wire_decode_frame_path_response(PACKET *pkt, + uint64_t *data); + +/* + * Decodes a QUIC CONNECTION_CLOSE frame. The logical representation + * of the frame is written to *f. + * + * The reason field is set to point to the UTF-8 reason string inside + * the packet buffer; it is therefore valid for as long as the PACKET's + * buffer is valid. The reason_len field is set to the length of the + * reason string in bytes. + * + * IMPORTANT: The reason string is not zero-terminated. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_wire_decode_frame_conn_close(PACKET *pkt, + OSSL_QUIC_FRAME_CONN_CLOSE *f); + +/* + * Decodes one or more PADDING frames. PADDING frames have no arguments. + * + * Returns the number of PADDING frames decoded or 0 on error. + */ +size_t ossl_quic_wire_decode_padding(PACKET *pkt); + +/* + * Decodes a PING frame. The frame has no arguments. + */ +int ossl_quic_wire_decode_frame_ping(PACKET *pkt); + +/* + * Decodes a HANDSHAKE_DONE frame. The frame has no arguments. + */ +int ossl_quic_wire_decode_frame_handshake_done(PACKET *pkt); + +/* + * Peeks at the ID of the next QUIC transport parameter TLV in the stream. + * The ID is written to *id. + */ +int ossl_quic_wire_peek_transport_param(PACKET *pkt, uint64_t *id); + +/* + * Decodes a QUIC transport parameter TLV. A pointer to the value buffer is + * returned on success. This points inside the PACKET's buffer and is therefore + * valid as long as the PACKET's buffer is valid. + * + * The transport parameter ID is written to *id (if non-NULL) and the length of + * the payload in bytes is written to *len. + * + * Returns NULL on failure. + */ +const unsigned char *ossl_quic_wire_decode_transport_param_bytes(PACKET *pkt, + uint64_t *id, + size_t *len); + +/* + * Decodes a QUIC transport parameter TLV containing a variable-length integer. + * + * The transport parameter ID is written to *id (if non-NULL) and the value is + * written to *value. + */ +int ossl_quic_wire_decode_transport_param_int(PACKET *pkt, + uint64_t *id, + uint64_t *value); + +/* + * Decodes a QUIC transport parameter TLV containing a connection ID. + * + * The transport parameter ID is written to *id (if non-NULL) and the value is + * written to *value. + */ +int ossl_quic_wire_decode_transport_param_cid(PACKET *pkt, + uint64_t *id, + QUIC_CONN_ID *cid); + +/* + * Decodes a QUIC transport parameter TLV containing a preferred_address. + */ +typedef struct quic_preferred_addr_st { + uint16_t ipv4_port, ipv6_port; + unsigned char ipv4[4], ipv6[16]; + QUIC_STATELESS_RESET_TOKEN stateless_reset; + QUIC_CONN_ID cid; +} QUIC_PREFERRED_ADDR; + +int ossl_quic_wire_decode_transport_param_preferred_addr(PACKET *pkt, + QUIC_PREFERRED_ADDR *p); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_wire_pkt.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_wire_pkt.h new file mode 100644 index 00000000..18a483fc --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/quic_wire_pkt.h @@ -0,0 +1,629 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_WIRE_PKT_H +# define OSSL_QUIC_WIRE_PKT_H + +# include +# include "internal/packet_quic.h" +# include "internal/quic_types.h" + +# ifndef OPENSSL_NO_QUIC + +# define QUIC_VERSION_NONE ((uint32_t)0) /* Used for version negotiation */ +# define QUIC_VERSION_1 ((uint32_t)1) /* QUIC v1 */ + +/* QUIC logical packet type. These do not match wire values. */ +# define QUIC_PKT_TYPE_INITIAL 1 +# define QUIC_PKT_TYPE_0RTT 2 +# define QUIC_PKT_TYPE_HANDSHAKE 3 +# define QUIC_PKT_TYPE_RETRY 4 +# define QUIC_PKT_TYPE_1RTT 5 +# define QUIC_PKT_TYPE_VERSION_NEG 6 + +/* + * Determine encryption level from packet type. Returns QUIC_ENC_LEVEL_NUM if + * the packet is not of a type which is encrypted. + */ +static ossl_inline ossl_unused uint32_t +ossl_quic_pkt_type_to_enc_level(uint32_t pkt_type) +{ + switch (pkt_type) { + case QUIC_PKT_TYPE_INITIAL: + return QUIC_ENC_LEVEL_INITIAL; + case QUIC_PKT_TYPE_HANDSHAKE: + return QUIC_ENC_LEVEL_HANDSHAKE; + case QUIC_PKT_TYPE_0RTT: + return QUIC_ENC_LEVEL_0RTT; + case QUIC_PKT_TYPE_1RTT: + return QUIC_ENC_LEVEL_1RTT; + default: + return QUIC_ENC_LEVEL_NUM; + } +} + +static ossl_inline ossl_unused uint32_t +ossl_quic_enc_level_to_pkt_type(uint32_t enc_level) +{ + switch (enc_level) { + case QUIC_ENC_LEVEL_INITIAL: + return QUIC_PKT_TYPE_INITIAL; + case QUIC_ENC_LEVEL_HANDSHAKE: + return QUIC_PKT_TYPE_HANDSHAKE; + case QUIC_ENC_LEVEL_0RTT: + return QUIC_PKT_TYPE_0RTT; + case QUIC_ENC_LEVEL_1RTT: + return QUIC_PKT_TYPE_1RTT; + default: + return UINT32_MAX; + } +} + +/* Determine if a packet type contains an encrypted payload. */ +static ossl_inline ossl_unused int +ossl_quic_pkt_type_is_encrypted(uint32_t pkt_type) +{ + switch (pkt_type) { + case QUIC_PKT_TYPE_RETRY: + case QUIC_PKT_TYPE_VERSION_NEG: + return 0; + default: + return 1; + } +} + +/* Determine if a packet type contains a PN field. */ +static ossl_inline ossl_unused int +ossl_quic_pkt_type_has_pn(uint32_t pkt_type) +{ + /* + * Currently a packet has a PN iff it is encrypted. This could change + * someday. + */ + return ossl_quic_pkt_type_is_encrypted(pkt_type); +} + +/* + * Determine if a packet type can appear with other packets in a datagram. Some + * packet types must be the sole packet in a datagram. + */ +static ossl_inline ossl_unused int +ossl_quic_pkt_type_can_share_dgram(uint32_t pkt_type) +{ + /* + * Currently only the encrypted packet types can share a datagram. This + * could change someday. + */ + return ossl_quic_pkt_type_is_encrypted(pkt_type); +} + +/* + * Determine if the packet type must come at the end of the datagram (due to the + * lack of a length field). + */ +static ossl_inline ossl_unused int +ossl_quic_pkt_type_must_be_last(uint32_t pkt_type) +{ + /* + * Any packet type which cannot share a datagram obviously must come last. + * 1-RTT also must come last as it lacks a length field. + */ + return !ossl_quic_pkt_type_can_share_dgram(pkt_type) + || pkt_type == QUIC_PKT_TYPE_1RTT; +} + +/* + * Determine if the packet type has a version field. + */ +static ossl_inline ossl_unused int +ossl_quic_pkt_type_has_version(uint32_t pkt_type) +{ + return pkt_type != QUIC_PKT_TYPE_1RTT && pkt_type != QUIC_PKT_TYPE_VERSION_NEG; +} + +/* + * Determine if the packet type has a SCID field. + */ +static ossl_inline ossl_unused int +ossl_quic_pkt_type_has_scid(uint32_t pkt_type) +{ + return pkt_type != QUIC_PKT_TYPE_1RTT; +} + +/* + * Smallest possible QUIC packet size as per RFC (aside from version negotiation + * packets). + */ +# define QUIC_MIN_VALID_PKT_LEN_CRYPTO 21 +# define QUIC_MIN_VALID_PKT_LEN_VERSION_NEG 7 +# define QUIC_MIN_VALID_PKT_LEN QUIC_MIN_VALID_PKT_LEN_VERSION_NEG + +typedef struct quic_pkt_hdr_ptrs_st QUIC_PKT_HDR_PTRS; + +/* + * QUIC Packet Header Protection + * ============================= + * + * Functions to apply and remove QUIC packet header protection. A header + * protector is initialised using ossl_quic_hdr_protector_init and must be + * destroyed using ossl_quic_hdr_protector_cleanup when no longer needed. + */ +typedef struct quic_hdr_protector_st { + OSSL_LIB_CTX *libctx; + const char *propq; + EVP_CIPHER_CTX *cipher_ctx; + EVP_CIPHER *cipher; + uint32_t cipher_id; +} QUIC_HDR_PROTECTOR; + +# define QUIC_HDR_PROT_CIPHER_AES_128 1 +# define QUIC_HDR_PROT_CIPHER_AES_256 2 +# define QUIC_HDR_PROT_CIPHER_CHACHA 3 + +/* + * Initialises a header protector. + * + * cipher_id: + * The header protection cipher method to use. One of + * QUIC_HDR_PROT_CIPHER_*. Must be chosen based on negotiated TLS cipher + * suite. + * + * quic_hp_key: + * This must be the "quic hp" key derived from a traffic secret. + * + * The length of the quic_hp_key must correspond to that expected for the + * given cipher ID. + * + * The header protector performs amortisable initialisation in this function, + * therefore a header protector should be used for as long as possible. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_hdr_protector_init(QUIC_HDR_PROTECTOR *hpr, + OSSL_LIB_CTX *libctx, + const char *propq, + uint32_t cipher_id, + const unsigned char *quic_hp_key, + size_t quic_hp_key_len); + +/* + * Destroys a header protector. This is also safe to call on a zero-initialized + * OSSL_QUIC_HDR_PROTECTOR structure which has not been initialized, or which + * has already been destroyed. + */ +void ossl_quic_hdr_protector_cleanup(QUIC_HDR_PROTECTOR *hpr); + +/* + * Removes header protection from a packet. The packet payload must currently be + * encrypted (i.e., you must remove header protection before decrypting packets + * received). The function examines the header buffer to determine which bytes + * of the header need to be decrypted. + * + * If this function fails, no data is modified. + * + * This is implemented as a call to ossl_quic_hdr_protector_decrypt_fields(). + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_hdr_protector_decrypt(QUIC_HDR_PROTECTOR *hpr, + QUIC_PKT_HDR_PTRS *ptrs); + +/* + * Applies header protection to a packet. The packet payload must already have + * been encrypted (i.e., you must apply header protection after encrypting + * a packet). The function examines the header buffer to determine which bytes + * of the header need to be encrypted. + * + * This is implemented as a call to ossl_quic_hdr_protector_encrypt_fields(). + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_hdr_protector_encrypt(QUIC_HDR_PROTECTOR *hpr, + QUIC_PKT_HDR_PTRS *ptrs); + +/* + * Removes header protection from a packet. The packet payload must currently + * be encrypted. This is a low-level function which assumes you have already + * determined which parts of the packet header need to be decrypted. + * + * sample: + * The range of bytes in the packet to be used to generate the header + * protection mask. It is permissible to set sample_len to the size of the + * remainder of the packet; this function will only use as many bytes as + * needed. If not enough sample bytes are provided, this function fails. + * + * first_byte: + * The first byte of the QUIC packet header to be decrypted. + * + * pn: + * Pointer to the start of the PN field. The caller is responsible + * for ensuring at least four bytes follow this pointer. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_hdr_protector_decrypt_fields(QUIC_HDR_PROTECTOR *hpr, + const unsigned char *sample, + size_t sample_len, + unsigned char *first_byte, + unsigned char *pn_bytes); + +/* + * Works analogously to ossl_hdr_protector_decrypt_fields, but applies header + * protection instead of removing it. + */ +int ossl_quic_hdr_protector_encrypt_fields(QUIC_HDR_PROTECTOR *hpr, + const unsigned char *sample, + size_t sample_len, + unsigned char *first_byte, + unsigned char *pn_bytes); + +/* + * QUIC Packet Header + * ================== + * + * This structure provides a logical representation of a QUIC packet header. + * + * QUIC packet formats fall into the following categories: + * + * Long Packets, which is subdivided into five possible packet types: + * Version Negotiation (a special case); + * Initial; + * 0-RTT; + * Handshake; and + * Retry + * + * Short Packets, which comprises only a single packet type (1-RTT). + * + * The packet formats vary and common fields are found in some packets but + * not others. The below table indicates which fields are present in which + * kinds of packet. * indicates header protection is applied. + * + * SLLLLL Legend: 1=1-RTT, i=Initial, 0=0-RTT, h=Handshake + * 1i0hrv r=Retry, v=Version Negotiation + * ------ + * 1i0hrv Header Form (0=Short, 1=Long) + * 1i0hr Fixed Bit (always 1) + * 1 Spin Bit + * 1 * Reserved Bits + * 1 * Key Phase + * 1i0h * Packet Number Length + * i0hr? Long Packet Type + * i0h Type-Specific Bits + * i0hr Version (note: always 0 for Version Negotiation packets) + * 1i0hrv Destination Connection ID + * i0hrv Source Connection ID + * 1i0h * Packet Number + * i Token + * i0h Length + * r Retry Token + * r Retry Integrity Tag + * + * For each field below, the conditions under which the field is valid are + * specified. If a field is not currently valid, it is initialized to a zero or + * NULL value. + */ +typedef struct quic_pkt_hdr_st { + /* [ALL] A QUIC_PKT_TYPE_* value. Always valid. */ + unsigned int type :8; + + /* [S] Value of the spin bit. Valid if (type == 1RTT). */ + unsigned int spin_bit :1; + + /* + * [S] Value of the Key Phase bit in the short packet. + * Valid if (type == 1RTT && !partial). + */ + unsigned int key_phase :1; + + /* + * [1i0h] Length of packet number in bytes. This is the decoded value. + * Valid if ((type == 1RTT || (version && type != RETRY)) && !partial). + */ + unsigned int pn_len :4; + + /* + * [ALL] Set to 1 if this is a partial decode because the packet header + * has not yet been deprotected. pn_len, pn and key_phase are not valid if + * this is set. + */ + unsigned int partial :1; + + /* + * [ALL] Whether the fixed bit was set. Note that only Version Negotiation + * packets are allowed to have this unset, so this will always be 1 for all + * other packet types (decode will fail if it is not set). Ignored when + * encoding unless encoding a Version Negotiation packet. + */ + unsigned int fixed :1; + + /* + * The unused bits in the low 4 bits of a Retry packet header's first byte. + * This is used to ensure that Retry packets have the same bit-for-bit + * representation in their header when decoding and encoding them again. + * This is necessary to validate Retry packet headers. + */ + unsigned int unused :4; + + /* + * The 'Reserved' bits in an Initial, Handshake, 0-RTT or 1-RTT packet + * header's first byte. These are provided so that the caller can validate + * that they are zero, as this must be done after packet protection is + * successfully removed to avoid creating a timing channel. + */ + unsigned int reserved :2; + + /* [L] Version field. Valid if (type != 1RTT). */ + uint32_t version; + + /* [ALL] The destination connection ID. Always valid. */ + QUIC_CONN_ID dst_conn_id; + + /* + * [L] The source connection ID. + * Valid if (type != 1RTT). + */ + QUIC_CONN_ID src_conn_id; + + /* + * [1i0h] Relatively-encoded packet number in raw, encoded form. The correct + * decoding of this value is context-dependent. The number of bytes valid in + * this buffer is determined by pn_len above. If the decode was partial, + * this field is not valid. + * + * Valid if ((type == 1RTT || (version && type != RETRY)) && !partial). + */ + unsigned char pn[4]; + + /* + * [i] Token field in Initial packet. Points to memory inside the decoded + * PACKET, and therefore is valid for as long as the PACKET's buffer is + * valid. token_len is the length of the token in bytes. + * + * Valid if (type == INITIAL). + */ + const unsigned char *token; + size_t token_len; + + /* + * [ALL] Payload length in bytes. + * + * Though 1-RTT, Retry and Version Negotiation packets do not contain an + * explicit length field, this field is always valid and is used by the + * packet header encoding and decoding routines to describe the payload + * length, regardless of whether the packet type encoded or decoded uses an + * explicit length indication. + */ + size_t len; + + /* + * Pointer to start of payload data in the packet. Points to memory inside + * the decoded PACKET, and therefore is valid for as long as the PACKET'S + * buffer is valid. The length of the buffer in bytes is in len above. + * + * For Version Negotiation packets, points to the array of supported + * versions. + * + * For Retry packets, points to the Retry packet payload, which comprises + * the Retry Token followed by a 16-byte Retry Integrity Tag. + * + * Regardless of whether a packet is a Version Negotiation packet (where the + * payload contains a list of supported versions), a Retry packet (where the + * payload contains a Retry Token and Retry Integrity Tag), or any other + * packet type (where the payload contains frames), the payload is not + * validated and the user must parse the payload bearing this in mind. + * + * If the decode was partial (partial is set), this points to the start of + * the packet number field, rather than the protected payload, as the length + * of the packet number field is unknown. The len field reflects this in + * this case (i.e., the len field is the number of payload bytes plus the + * number of bytes comprising the PN). + */ + const unsigned char *data; +} QUIC_PKT_HDR; + +/* + * Extra information which can be output by the packet header decode functions + * for the assistance of the header protector. This avoids the header protector + * needing to partially re-decode the packet header. + */ +struct quic_pkt_hdr_ptrs_st { + unsigned char *raw_start; /* start of packet */ + unsigned char *raw_sample; /* start of sampling range */ + size_t raw_sample_len; /* maximum length of sampling range */ + + /* + * Start of PN field. Guaranteed to be NULL unless at least four bytes are + * available via this pointer. + */ + unsigned char *raw_pn; +}; + +/* + * If partial is 1, reads the unprotected parts of a protected packet header + * from a PACKET, performing a partial decode. + * + * If partial is 0, the input is assumed to have already had header protection + * removed, and all header fields are decoded. + * + * If nodata is 1, the input is assumed to have no payload data in it. Otherwise + * payload data must be present. + * + * On success, the logical decode of the packet header is written to *hdr. + * hdr->partial is set or cleared according to whether a partial decode was + * performed. *ptrs is filled with pointers to various parts of the packet + * buffer. + * + * In order to decode short packets, the connection ID length being used must be + * known contextually, and should be passed as short_conn_id_len. If + * short_conn_id_len is set to an invalid value (a value greater than + * QUIC_MAX_CONN_ID_LEN), this function fails when trying to decode a short + * packet, but succeeds for long packets. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_wire_decode_pkt_hdr(PACKET *pkt, + size_t short_conn_id_len, + int partial, + int nodata, + QUIC_PKT_HDR *hdr, + QUIC_PKT_HDR_PTRS *ptrs); + +/* + * Encodes a packet header. The packet is written to pkt. + * + * The length of the (encrypted) packet payload should be written to hdr->len + * and will be placed in the serialized packet header. The payload data itself + * is not copied; the caller should write hdr->len bytes of encrypted payload to + * the WPACKET immediately after the call to this function. However, + * WPACKET_reserve_bytes is called for the payload size. + * + * This function does not apply header protection. You must apply header + * protection yourself after calling this function. *ptrs is filled with + * pointers which can be passed to a header protector, but this must be + * performed after the encrypted payload is written. + * + * The pointers in *ptrs are direct pointers into the WPACKET buffer. If more + * data is written to the WPACKET buffer, WPACKET buffer reallocations may + * occur, causing these pointers to become invalid. Therefore, you must not call + * any write WPACKET function between this call and the call to + * ossl_quic_hdr_protector_encrypt. This function calls WPACKET_reserve_bytes + * for the payload length, so you may assume hdr->len bytes are already free to + * write at the WPACKET cursor location once this function returns successfully. + * It is recommended that you call this function, write the encrypted payload, + * call ossl_quic_hdr_protector_encrypt, and then call + * WPACKET_allocate_bytes(hdr->len). + * + * Version Negotiation and Retry packets do not use header protection; for these + * header types, the fields in *ptrs are all written as zero. Version + * Negotiation, Retry and 1-RTT packets do not contain a Length field, but + * hdr->len bytes of data are still reserved in the WPACKET. + * + * If serializing a short packet and short_conn_id_len does not match the DCID + * specified in hdr, the function fails. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_wire_encode_pkt_hdr(WPACKET *pkt, + size_t short_conn_id_len, + const QUIC_PKT_HDR *hdr, + QUIC_PKT_HDR_PTRS *ptrs); + +/* + * Retrieves only the DCID from a packet header. This is intended for demuxer + * use. It avoids the need to parse the rest of the packet header twice. + * + * Information on packet length is not decoded, as this only needs to be used on + * the first packet in a datagram, therefore this takes a buffer and not a + * PACKET. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_wire_get_pkt_hdr_dst_conn_id(const unsigned char *buf, + size_t buf_len, + size_t short_conn_id_len, + QUIC_CONN_ID *dst_conn_id); + +/* + * Precisely predicts the encoded length of a packet header structure. + * + * May return 0 if the packet header is not valid, but the fact that this + * function returns non-zero does not guarantee that + * ossl_quic_wire_encode_pkt_hdr() will succeed. + */ +int ossl_quic_wire_get_encoded_pkt_hdr_len(size_t short_conn_id_len, + const QUIC_PKT_HDR *hdr); + +/* + * Packet Number Encoding + * ====================== + */ + +/* + * Decode an encoded packet header QUIC PN. + * + * enc_pn is the raw encoded PN to decode. enc_pn_len is its length in bytes as + * indicated by packet headers. largest_pn is the largest PN successfully + * processed in the relevant PN space. + * + * The resulting PN is written to *res_pn. + * + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_wire_decode_pkt_hdr_pn(const unsigned char *enc_pn, + size_t enc_pn_len, + QUIC_PN largest_pn, + QUIC_PN *res_pn); + +/* + * Determine how many bytes should be used to encode a PN. Returns the number of + * bytes (which will be in range [1, 4]). + */ +int ossl_quic_wire_determine_pn_len(QUIC_PN pn, QUIC_PN largest_acked); + +/* + * Encode a PN for a packet header using the specified number of bytes, which + * should have been determined by calling ossl_quic_wire_determine_pn_len. The + * PN encoding process is done in two parts to allow the caller to override PN + * encoding length if it wishes. + * + * Returns 1 on success and 0 on failure. + */ +int ossl_quic_wire_encode_pkt_hdr_pn(QUIC_PN pn, + unsigned char *enc_pn, + size_t enc_pn_len); + +/* + * Retry Integrity Tags + * ==================== + */ + +# define QUIC_RETRY_INTEGRITY_TAG_LEN 16 + +/* + * Validate a retry integrity tag. Returns 1 if the tag is valid. + * + * Must be called on a hdr with a type of QUIC_PKT_TYPE_RETRY with a valid data + * pointer. + * + * client_initial_dcid must be the original DCID used by the client in its first + * Initial packet, as this is used to calculate the Retry Integrity Tag. + * + * Returns 0 if the tag is invalid, if called on any other type of packet or if + * the body is too short. + */ +int ossl_quic_validate_retry_integrity_tag(OSSL_LIB_CTX *libctx, + const char *propq, + const QUIC_PKT_HDR *hdr, + const QUIC_CONN_ID *client_initial_dcid); + +/* + * Calculates a retry integrity tag. Returns 0 on error, for example if hdr does + * not have a type of QUIC_PKT_TYPE_RETRY. + * + * client_initial_dcid must be the original DCID used by the client in its first + * Initial packet, as this is used to calculate the Retry Integrity Tag. + * + * tag must point to a buffer of QUIC_RETRY_INTEGRITY_TAG_LEN bytes in size. + * + * Note that hdr->data must point to the Retry packet body, and hdr->len must + * include the space for the Retry Integrity Tag. (This means that you can + * easily fill in a tag in a Retry packet you are generating by calling this + * function and passing (hdr->data + hdr->len - QUIC_RETRY_INTEGRITY_TAG_LEN) as + * the tag argument.) This function fails if hdr->len is too short to contain a + * Retry Integrity Tag. + */ +int ossl_quic_calculate_retry_integrity_tag(OSSL_LIB_CTX *libctx, + const char *propq, + const QUIC_PKT_HDR *hdr, + const QUIC_CONN_ID *client_initial_dcid, + unsigned char *tag); + +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/recordmethod.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/recordmethod.h new file mode 100644 index 00000000..53bd4ca6 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/recordmethod.h @@ -0,0 +1,339 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_RECORDMETHOD_H +# define OSSL_INTERNAL_RECORDMETHOD_H +# pragma once + +# include + +/* + * We use the term "record" here to refer to a packet of data. Records are + * typically protected via a cipher and MAC, or an AEAD cipher (although not + * always). This usage of the term record is consistent with the TLS concept. + * In QUIC the term "record" is not used but it is analogous to the QUIC term + * "packet". The interface in this file applies to all protocols that protect + * records/packets of data, i.e. (D)TLS and QUIC. The term record is used to + * refer to both contexts. + */ + +/* + * An OSSL_RECORD_METHOD is a protocol specific method which provides the + * functions for reading and writing records for that protocol. Which + * OSSL_RECORD_METHOD to use for a given protocol is defined by the SSL_METHOD. + */ +typedef struct ossl_record_method_st OSSL_RECORD_METHOD; + +/* + * An OSSL_RECORD_LAYER is just an externally defined opaque pointer created by + * the method + */ +typedef struct ossl_record_layer_st OSSL_RECORD_LAYER; + + +# define OSSL_RECORD_ROLE_CLIENT 0 +# define OSSL_RECORD_ROLE_SERVER 1 + +# define OSSL_RECORD_DIRECTION_READ 0 +# define OSSL_RECORD_DIRECTION_WRITE 1 + +/* + * Protection level. For <= TLSv1.2 only "NONE" and "APPLICATION" are used. + */ +# define OSSL_RECORD_PROTECTION_LEVEL_NONE 0 +# define OSSL_RECORD_PROTECTION_LEVEL_EARLY 1 +# define OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE 2 +# define OSSL_RECORD_PROTECTION_LEVEL_APPLICATION 3 + +# define OSSL_RECORD_RETURN_SUCCESS 1 +# define OSSL_RECORD_RETURN_RETRY 0 +# define OSSL_RECORD_RETURN_NON_FATAL_ERR -1 +# define OSSL_RECORD_RETURN_FATAL -2 +# define OSSL_RECORD_RETURN_EOF -3 + +/* + * Template for creating a record. A record consists of the |type| of data it + * will contain (e.g. alert, handshake, application data, etc) along with a + * buffer of payload data in |buf| of length |buflen|. + */ +struct ossl_record_template_st { + unsigned char type; + unsigned int version; + const unsigned char *buf; + size_t buflen; +}; + +typedef struct ossl_record_template_st OSSL_RECORD_TEMPLATE; + +/* + * Rather than a "method" approach, we could make this fetchable - Should we? + * There could be some complexity in finding suitable record layer implementations + * e.g. we need to find one that matches the negotiated protocol, cipher, + * extensions, etc. The selection_cb approach given above doesn't work so well + * if unknown third party providers with OSSL_RECORD_METHOD implementations are + * loaded. + */ + +/* + * If this becomes public API then we will need functions to create and + * free an OSSL_RECORD_METHOD, as well as functions to get/set the various + * function pointers....unless we make it fetchable. + */ +struct ossl_record_method_st { + /* + * Create a new OSSL_RECORD_LAYER object for handling the protocol version + * set by |vers|. |role| is 0 for client and 1 for server. |direction| + * indicates either read or write. |level| is the protection level as + * described above. |settings| are mandatory settings that will cause the + * new() call to fail if they are not understood (for example to require + * Encrypt-Then-Mac support). |options| are optional settings that will not + * cause the new() call to fail if they are not understood (for example + * whether to use "read ahead" or not). + * + * The BIO in |transport| is the BIO for the underlying transport layer. + * Where the direction is "read", then this BIO will only ever be used for + * reading data. Where the direction is "write", then this BIO will only + * every be used for writing data. + * + * An SSL object will always have at least 2 OSSL_RECORD_LAYER objects in + * force at any one time (one for reading and one for writing). In some + * protocols more than 2 might be used (e.g. in DTLS for retransmitting + * messages from an earlier epoch). + * + * The created OSSL_RECORD_LAYER object is stored in *ret on success (or + * NULL otherwise). The return value will be one of + * OSSL_RECORD_RETURN_SUCCESS, OSSL_RECORD_RETURN_FATAL or + * OSSL_RECORD_RETURN_NON_FATAL. A non-fatal return means that creation of + * the record layer has failed because it is unsuitable, but an alternative + * record layer can be tried instead. + */ + + /* + * If we eventually make this fetchable then we will need to use something + * other than EVP_CIPHER. Also mactype would not be a NID, but a string. For + * now though, this works. + */ + int (*new_record_layer)(OSSL_LIB_CTX *libctx, + const char *propq, int vers, + int role, int direction, + int level, + uint16_t epoch, + unsigned char *secret, + size_t secretlen, + unsigned char *key, + size_t keylen, + unsigned char *iv, + size_t ivlen, + unsigned char *mackey, + size_t mackeylen, + const EVP_CIPHER *ciph, + size_t taglen, + int mactype, + const EVP_MD *md, + COMP_METHOD *comp, + const EVP_MD *kdfdigest, + BIO *prev, + BIO *transport, + BIO *next, + BIO_ADDR *local, + BIO_ADDR *peer, + const OSSL_PARAM *settings, + const OSSL_PARAM *options, + const OSSL_DISPATCH *fns, + void *cbarg, + void *rlarg, + OSSL_RECORD_LAYER **ret); + int (*free)(OSSL_RECORD_LAYER *rl); + + /* Returns 1 if we have unprocessed data buffered or 0 otherwise */ + int (*unprocessed_read_pending)(OSSL_RECORD_LAYER *rl); + + /* + * Returns 1 if we have processed data buffered that can be read or 0 otherwise + * - not necessarily app data + */ + int (*processed_read_pending)(OSSL_RECORD_LAYER *rl); + + /* + * The amount of processed app data that is internally buffered and + * available to read + */ + size_t (*app_data_pending)(OSSL_RECORD_LAYER *rl); + + /* + * Find out the maximum number of records that the record layer is prepared + * to process in a single call to write_records. It is the caller's + * responsibility to ensure that no call to write_records exceeds this + * number of records. |type| is the type of the records that the caller + * wants to write, and |len| is the total amount of data that it wants + * to send. |maxfrag| is the maximum allowed fragment size based on user + * configuration, or TLS parameter negotiation. |*preffrag| contains on + * entry the default fragment size that will actually be used based on user + * configuration. This will always be less than or equal to |maxfrag|. On + * exit the record layer may update this to an alternative fragment size to + * be used. This must always be less than or equal to |maxfrag|. + */ + size_t (*get_max_records)(OSSL_RECORD_LAYER *rl, uint8_t type, size_t len, + size_t maxfrag, size_t *preffrag); + + /* + * Write |numtempl| records from the array of record templates pointed to + * by |templates|. Each record should be no longer than the value returned + * by get_max_record_len(), and there should be no more records than the + * value returned by get_max_records(). + * Where possible the caller will attempt to ensure that all records are the + * same length, except the last record. This may not always be possible so + * the record method implementation should not rely on this being the case. + * In the event of a retry the caller should call retry_write_records() + * to try again. No more calls to write_records() should be attempted until + * retry_write_records() returns success. + * Buffers allocated for the record templates can be freed immediately after + * write_records() returns - even in the case a retry. + * The record templates represent the plaintext payload. The encrypted + * output is written to the |transport| BIO. + * Returns: + * 1 on success + * 0 on retry + * -1 on failure + */ + int (*write_records)(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates, + size_t numtempl); + + /* + * Retry a previous call to write_records. The caller should continue to + * call this until the function returns with success or failure. After + * each retry more of the data may have been incrementally sent. + * Returns: + * 1 on success + * 0 on retry + * -1 on failure + */ + int (*retry_write_records)(OSSL_RECORD_LAYER *rl); + + /* + * Read a record and return the record layer version and record type in + * the |rversion| and |type| parameters. |*data| is set to point to a + * record layer buffer containing the record payload data and |*datalen| + * is filled in with the length of that data. The |epoch| and |seq_num| + * values are only used if DTLS has been negotiated. In that case they are + * filled in with the epoch and sequence number from the record. + * An opaque record layer handle for the record is returned in |*rechandle| + * which is used in a subsequent call to |release_record|. The buffer must + * remain available until all the bytes from record are released via one or + * more release_record calls. + * + * Internally the OSSL_RECORD_METHOD implementation may read/process + * multiple records in one go and buffer them. + */ + int (*read_record)(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion, + uint8_t *type, const unsigned char **data, size_t *datalen, + uint16_t *epoch, unsigned char *seq_num); + /* + * Release length bytes from a buffer associated with a record previously + * read with read_record. Once all the bytes from a record are released, the + * whole record and its associated buffer is released. Records are + * guaranteed to be released in the order that they are read. + */ + int (*release_record)(OSSL_RECORD_LAYER *rl, void *rechandle, size_t length); + + /* + * In the event that a fatal error is returned from the functions above then + * get_alert_code() can be called to obtain a more details identifier for + * the error. In (D)TLS this is the alert description code. + */ + int (*get_alert_code)(OSSL_RECORD_LAYER *rl); + + /* + * Update the transport BIO from the one originally set in the + * new_record_layer call + */ + int (*set1_bio)(OSSL_RECORD_LAYER *rl, BIO *bio); + + /* Called when protocol negotiation selects a protocol version to use */ + int (*set_protocol_version)(OSSL_RECORD_LAYER *rl, int version); + + /* + * Whether we are allowed to receive unencrypted alerts, even if we might + * otherwise expect encrypted records. Ignored by protocol versions where + * this isn't relevant + */ + void (*set_plain_alerts)(OSSL_RECORD_LAYER *rl, int allow); + + /* + * Called immediately after creation of the record layer if we are in a + * first handshake. Also called at the end of the first handshake + */ + void (*set_first_handshake)(OSSL_RECORD_LAYER *rl, int first); + + /* + * Set the maximum number of pipelines that the record layer should process. + * The default is 1. + */ + void (*set_max_pipelines)(OSSL_RECORD_LAYER *rl, size_t max_pipelines); + + /* + * Called to tell the record layer whether we are currently "in init" or + * not. Default at creation of the record layer is "yes". + */ + void (*set_in_init)(OSSL_RECORD_LAYER *rl, int in_init); + + /* + * Get a short or long human readable description of the record layer state + */ + void (*get_state)(OSSL_RECORD_LAYER *rl, const char **shortstr, + const char **longstr); + + /* + * Set new options or modify ones that were originally specified in the + * new_record_layer call. + */ + int (*set_options)(OSSL_RECORD_LAYER *rl, const OSSL_PARAM *options); + + const COMP_METHOD *(*get_compression)(OSSL_RECORD_LAYER *rl); + + /* + * Set the maximum fragment length to be used for the record layer. This + * will override any previous value supplied for the "max_frag_len" + * setting during construction of the record layer. + */ + void (*set_max_frag_len)(OSSL_RECORD_LAYER *rl, size_t max_frag_len); + + /* + * The maximum expansion in bytes that the record layer might add while + * writing a record + */ + size_t (*get_max_record_overhead)(OSSL_RECORD_LAYER *rl); + + /* + * Increment the record sequence number + */ + int (*increment_sequence_ctr)(OSSL_RECORD_LAYER *rl); + + /* + * Allocate read or write buffers. Does nothing if already allocated. + * Assumes default buffer length and 1 pipeline. + */ + int (*alloc_buffers)(OSSL_RECORD_LAYER *rl); + + /* + * Free read or write buffers. Fails if there is pending read or write + * data. Buffers are automatically reallocated on next read/write. + */ + int (*free_buffers)(OSSL_RECORD_LAYER *rl); +}; + + +/* Standard built-in record methods */ +extern const OSSL_RECORD_METHOD ossl_tls_record_method; +# ifndef OPENSSL_NO_KTLS +extern const OSSL_RECORD_METHOD ossl_ktls_record_method; +# endif +extern const OSSL_RECORD_METHOD ossl_dtls_record_method; + +#endif /* !defined(OSSL_INTERNAL_RECORDMETHOD_H) */ diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/refcount.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/refcount.h index 3392d3b4..4c9ab266 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/refcount.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/refcount.h @@ -12,6 +12,7 @@ # include # include +# include # if defined(OPENSSL_THREADS) && !defined(OPENSSL_DEV_NO_ATOMICS) # if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \ @@ -25,12 +26,13 @@ # define HAVE_ATOMICS 1 -typedef _Atomic int CRYPTO_REF_COUNT; +typedef struct { + _Atomic int val; +} CRYPTO_REF_COUNT; -static inline int CRYPTO_UP_REF(_Atomic int *val, int *ret, - ossl_unused void *lock) +static inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = atomic_fetch_add_explicit(val, 1, memory_order_relaxed) + 1; + *ret = atomic_fetch_add_explicit(&refcnt->val, 1, memory_order_relaxed) + 1; return 1; } @@ -44,50 +46,70 @@ static inline int CRYPTO_UP_REF(_Atomic int *val, int *ret, * to mutable members doesn't have to be serialized anymore, which would * otherwise imply an acquire fence. Hence conditional acquire fence... */ -static inline int CRYPTO_DOWN_REF(_Atomic int *val, int *ret, - ossl_unused void *lock) +static inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = atomic_fetch_sub_explicit(val, 1, memory_order_relaxed) - 1; + *ret = atomic_fetch_sub_explicit(&refcnt->val, 1, memory_order_relaxed) - 1; if (*ret == 0) atomic_thread_fence(memory_order_acquire); return 1; } +static inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = atomic_load_explicit(&refcnt->val, memory_order_relaxed); + return 1; +} + # elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) && __GCC_ATOMIC_INT_LOCK_FREE > 0 # define HAVE_ATOMICS 1 -typedef int CRYPTO_REF_COUNT; +typedef struct { + int val; +} CRYPTO_REF_COUNT; -static __inline__ int CRYPTO_UP_REF(int *val, int *ret, ossl_unused void *lock) +static __inline__ int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = __atomic_fetch_add(val, 1, __ATOMIC_RELAXED) + 1; + *ret = __atomic_fetch_add(&refcnt->val, 1, __ATOMIC_RELAXED) + 1; return 1; } -static __inline__ int CRYPTO_DOWN_REF(int *val, int *ret, - ossl_unused void *lock) +static __inline__ int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = __atomic_fetch_sub(val, 1, __ATOMIC_RELAXED) - 1; + *ret = __atomic_fetch_sub(&refcnt->val, 1, __ATOMIC_RELAXED) - 1; if (*ret == 0) __atomic_thread_fence(__ATOMIC_ACQUIRE); return 1; } -# elif defined(__ICL) && defined(_WIN32) -# define HAVE_ATOMICS 1 -typedef volatile int CRYPTO_REF_COUNT; -static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, - ossl_unused void *lock) +static __inline__ int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = _InterlockedExchangeAdd((void *)val, 1) + 1; + *ret = __atomic_load_n(&refcnt->val, __ATOMIC_RELAXED); return 1; } -static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, - ossl_unused void *lock) +# elif defined(__ICL) && defined(_WIN32) +# define HAVE_ATOMICS 1 + +typedef struct { + volatile int val; +} CRYPTO_REF_COUNT; + +static __inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = _InterlockedExchangeAdd((void *)val, -1) - 1; + *ret = _InterlockedExchangeAdd((void *)&refcnt->val, 1) + 1; + return 1; +} + +static __inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *val, int *refcnt) +{ + *ret = _InterlockedExchangeAdd((void *)&refcnt->val, -1) - 1; + return 1; +} + +static __inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = _InterlockedOr((void *)&refcnt->val, 0); return 1; } @@ -95,7 +117,9 @@ static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, # define HAVE_ATOMICS 1 -typedef volatile int CRYPTO_REF_COUNT; +typedef struct { + volatile int val; +} CRYPTO_REF_COUNT; # if (defined(_M_ARM) && _M_ARM>=7 && !defined(_WIN32_WCE)) || defined(_M_ARM64) # include @@ -103,21 +127,26 @@ typedef volatile int CRYPTO_REF_COUNT; # define _ARM_BARRIER_ISH _ARM64_BARRIER_ISH # endif -static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, - ossl_unused void *lock) +static __inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = _InterlockedExchangeAdd_nf(val, 1) + 1; + *ret = _InterlockedExchangeAdd_nf(&refcnt->val, 1) + 1; return 1; } -static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, - ossl_unused void *lock) +static __inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = _InterlockedExchangeAdd_nf(val, -1) - 1; + *ret = _InterlockedExchangeAdd_nf(&refcnt->val, -1) - 1; if (*ret == 0) __dmb(_ARM_BARRIER_ISH); return 1; } + +static __inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = _InterlockedOr_nf((void *)&refcnt->val, 0); + return 1; +} + # else # if !defined(_WIN32_WCE) # pragma intrinsic(_InterlockedExchangeAdd) @@ -131,19 +160,24 @@ static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, # endif # endif -static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, - ossl_unused void *lock) +static __inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = _InterlockedExchangeAdd(val, 1) + 1; + *ret = _InterlockedExchangeAdd(&refcnt->val, 1) + 1; return 1; } -static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, - ossl_unused void *lock) +static __inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = _InterlockedExchangeAdd(val, -1) - 1; + *ret = _InterlockedExchangeAdd(&refcnt->val, -1) - 1; return 1; } + +static __inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) +{ + *ret = _InterlockedExchangeAdd(&refcnt->val, 0); + return 1; +} + # endif # endif @@ -156,13 +190,92 @@ static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, */ # ifndef HAVE_ATOMICS -typedef int CRYPTO_REF_COUNT; +typedef struct { + int val; +# ifdef OPENSSL_THREADS + CRYPTO_RWLOCK *lock; +# endif +} CRYPTO_REF_COUNT; -# define CRYPTO_UP_REF(val, ret, lock) CRYPTO_atomic_add(val, 1, ret, lock) -# define CRYPTO_DOWN_REF(val, ret, lock) CRYPTO_atomic_add(val, -1, ret, lock) +# ifdef OPENSSL_THREADS +static ossl_unused ossl_inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, + int *ret) +{ + return CRYPTO_atomic_add(&refcnt->val, 1, ret, refcnt->lock); +} + +static ossl_unused ossl_inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, + int *ret) +{ + return CRYPTO_atomic_add(&refcnt->val, -1, ret, refcnt->lock); +} + +static ossl_unused ossl_inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, + int *ret) +{ + return CRYPTO_atomic_load_int(&refcnt->val, ret, refcnt->lock); +} + +# define CRYPTO_NEW_FREE_DEFINED 1 +static ossl_unused ossl_inline int CRYPTO_NEW_REF(CRYPTO_REF_COUNT *refcnt, int n) +{ + refcnt->val = n; + refcnt->lock = CRYPTO_THREAD_lock_new(); + if (refcnt->lock == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_CRYPTO_LIB); + return 0; + } + return 1; +} + +static ossl_unused ossl_inline void CRYPTO_FREE_REF(CRYPTO_REF_COUNT *refcnt) \ +{ + if (refcnt != NULL) + CRYPTO_THREAD_lock_free(refcnt->lock); +} + +# else /* OPENSSL_THREADS */ + +static ossl_unused ossl_inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, + int *ret) +{ + refcnt->val++; + *ret = refcnt->val; + return 1; +} + +static ossl_unused ossl_inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, + int *ret) +{ + refcnt->val--; + *ret = refcnt->val; + return 1; +} + +static ossl_unused ossl_inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, + int *ret) +{ + *ret = refcnt->val; + return 1; +} + +# endif /* OPENSSL_THREADS */ # endif +# ifndef CRYPTO_NEW_FREE_DEFINED +static ossl_unused ossl_inline int CRYPTO_NEW_REF(CRYPTO_REF_COUNT *refcnt, int n) +{ + refcnt->val = n; + return 1; +} + +static ossl_unused ossl_inline void CRYPTO_FREE_REF(CRYPTO_REF_COUNT *refcnt) \ +{ +} +# endif /* CRYPTO_NEW_FREE_DEFINED */ +#undef CRYPTO_NEW_FREE_DEFINED + # if !defined(NDEBUG) && !defined(OPENSSL_NO_STDIO) # define REF_ASSERT_ISNT(test) \ (void)((test) ? (OPENSSL_die("refcount error", __FILE__, __LINE__), 1) : 0) @@ -173,6 +286,6 @@ typedef int CRYPTO_REF_COUNT; # define REF_PRINT_EX(text, count, object) \ OSSL_TRACE3(REF_COUNT, "%p:%4d:%s\n", (object), (count), (text)); # define REF_PRINT_COUNT(text, object) \ - REF_PRINT_EX(text, object->references, (void *)object) + REF_PRINT_EX(text, object->references.val, (void *)object) #endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/ring_buf.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/ring_buf.h new file mode 100644 index 00000000..436f1ca1 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/ring_buf.h @@ -0,0 +1,277 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_RING_BUF_H +# define OSSL_INTERNAL_RING_BUF_H +# pragma once + +# include /* For 'ossl_inline' */ +# include "internal/safe_math.h" + +/* + * ================================================================== + * Byte-wise ring buffer which supports pushing and popping blocks of multiple + * bytes at a time. The logical offset of each byte for the purposes of a QUIC + * stream is tracked. Bytes can be popped from the ring buffer in two stages; + * first they are popped, and then they are culled. Bytes which have been popped + * but not yet culled will not be overwritten, and can be restored. + */ +struct ring_buf { + void *start; + size_t alloc; /* size of buffer allocation in bytes */ + + /* + * Logical offset of the head (where we append to). This is the current size + * of the QUIC stream. This increases monotonically. + */ + uint64_t head_offset; + + /* + * Logical offset of the cull tail. Data is no longer needed and is + * deallocated as the cull tail advances, which occurs as data is + * acknowledged. This increases monotonically. + */ + uint64_t ctail_offset; +}; + +OSSL_SAFE_MATH_UNSIGNED(u64, uint64_t) + +#define MAX_OFFSET (((uint64_t)1) << 62) /* QUIC-imposed limit */ + +static ossl_inline int ring_buf_init(struct ring_buf *r) +{ + r->start = NULL; + r->alloc = 0; + r->head_offset = r->ctail_offset = 0; + return 1; +} + +static ossl_inline void ring_buf_destroy(struct ring_buf *r, int cleanse) +{ + if (cleanse) + OPENSSL_clear_free(r->start, r->alloc); + else + OPENSSL_free(r->start); + r->start = NULL; + r->alloc = 0; +} + +static ossl_inline size_t ring_buf_used(struct ring_buf *r) +{ + return (size_t)(r->head_offset - r->ctail_offset); +} + +static ossl_inline size_t ring_buf_avail(struct ring_buf *r) +{ + return r->alloc - ring_buf_used(r); +} + +static ossl_inline int ring_buf_write_at(struct ring_buf *r, + uint64_t logical_offset, + const unsigned char *buf, + size_t buf_len) +{ + size_t avail, idx, l; + unsigned char *start = r->start; + int i, err = 0; + + avail = ring_buf_avail(r); + if (logical_offset < r->ctail_offset + || safe_add_u64(logical_offset, buf_len, &err) + > safe_add_u64(r->head_offset, avail, &err) + || safe_add_u64(r->head_offset, buf_len, &err) + > MAX_OFFSET + || err) + return 0; + + for (i = 0; buf_len > 0 && i < 2; ++i) { + idx = logical_offset % r->alloc; + l = r->alloc - idx; + if (buf_len < l) + l = buf_len; + + memcpy(start + idx, buf, l); + if (r->head_offset < logical_offset + l) + r->head_offset = logical_offset + l; + + logical_offset += l; + buf += l; + buf_len -= l; + } + + assert(buf_len == 0); + + return 1; +} + +static ossl_inline size_t ring_buf_push(struct ring_buf *r, + const unsigned char *buf, + size_t buf_len) +{ + size_t pushed = 0, avail, idx, l; + unsigned char *start = r->start; + + for (;;) { + avail = ring_buf_avail(r); + if (buf_len > avail) + buf_len = avail; + + if (buf_len > MAX_OFFSET - r->head_offset) + buf_len = (size_t)(MAX_OFFSET - r->head_offset); + + if (buf_len == 0) + break; + + idx = r->head_offset % r->alloc; + l = r->alloc - idx; + if (buf_len < l) + l = buf_len; + + memcpy(start + idx, buf, l); + r->head_offset += l; + buf += l; + buf_len -= l; + pushed += l; + } + + return pushed; +} + +static ossl_inline const unsigned char *ring_buf_get_ptr(const struct ring_buf *r, + uint64_t logical_offset, + size_t *max_len) +{ + unsigned char *start = r->start; + size_t idx; + + if (logical_offset >= r->head_offset || logical_offset < r->ctail_offset) + return NULL; + idx = logical_offset % r->alloc; + *max_len = r->alloc - idx; + return start + idx; +} + +/* + * Retrieves data out of the read side of the ring buffer starting at the given + * logical offset. *buf is set to point to a contiguous span of bytes and + * *buf_len is set to the number of contiguous bytes. After this function + * returns, there may or may not be more bytes available at the logical offset + * of (logical_offset + *buf_len) by calling this function again. If the logical + * offset is out of the range retained by the ring buffer, returns 0, else + * returns 1. A logical offset at the end of the range retained by the ring + * buffer is not considered an error and is returned with a *buf_len of 0. + * + * The ring buffer state is not changed. + */ +static ossl_inline int ring_buf_get_buf_at(const struct ring_buf *r, + uint64_t logical_offset, + const unsigned char **buf, + size_t *buf_len) +{ + const unsigned char *start = r->start; + size_t idx, l; + + if (logical_offset > r->head_offset || logical_offset < r->ctail_offset) + return 0; + + if (r->alloc == 0) { + *buf = NULL; + *buf_len = 0; + return 1; + } + + idx = logical_offset % r->alloc; + l = (size_t)(r->head_offset - logical_offset); + if (l > r->alloc - idx) + l = r->alloc - idx; + + *buf = start + idx; + *buf_len = l; + return 1; +} + +static ossl_inline void ring_buf_cpop_range(struct ring_buf *r, + uint64_t start, uint64_t end, + int cleanse) +{ + assert(end >= start); + + if (start > r->ctail_offset || end >= MAX_OFFSET) + return; + + if (cleanse && r->alloc > 0 && end > r->ctail_offset) { + size_t idx = r->ctail_offset % r->alloc; + uint64_t cleanse_end = end + 1; + size_t l; + + if (cleanse_end > r->head_offset) + cleanse_end = r->head_offset; + l = (size_t)(cleanse_end - r->ctail_offset); + if (l > r->alloc - idx) { + OPENSSL_cleanse((unsigned char *)r->start + idx, r->alloc - idx); + l -= r->alloc - idx; + idx = 0; + } + if (l > 0) + OPENSSL_cleanse((unsigned char *)r->start + idx, l); + } + + r->ctail_offset = end + 1; + /* Allow culling unpushed data */ + if (r->head_offset < r->ctail_offset) + r->head_offset = r->ctail_offset; +} + +static ossl_inline int ring_buf_resize(struct ring_buf *r, size_t num_bytes, + int cleanse) +{ + struct ring_buf rnew = {0}; + const unsigned char *src = NULL; + size_t src_len = 0, copied = 0; + + if (num_bytes == r->alloc) + return 1; + + if (num_bytes < ring_buf_used(r)) + return 0; + + rnew.start = OPENSSL_malloc(num_bytes); + if (rnew.start == NULL) + return 0; + + rnew.alloc = num_bytes; + rnew.head_offset = r->head_offset - ring_buf_used(r); + rnew.ctail_offset = rnew.head_offset; + + for (;;) { + if (!ring_buf_get_buf_at(r, r->ctail_offset + copied, &src, &src_len)) { + OPENSSL_free(rnew.start); + return 0; + } + + if (src_len == 0) + break; + + if (ring_buf_push(&rnew, src, src_len) != src_len) { + OPENSSL_free(rnew.start); + return 0; + } + + copied += src_len; + } + + assert(rnew.head_offset == r->head_offset); + rnew.ctail_offset = r->ctail_offset; + + ring_buf_destroy(r, cleanse); + memcpy(r, &rnew, sizeof(*r)); + return 1; +} + +#endif /* OSSL_INTERNAL_RING_BUF_H */ diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/safe_math.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/safe_math.h new file mode 100644 index 00000000..be37e6ab --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/safe_math.h @@ -0,0 +1,443 @@ +/* + * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_SAFE_MATH_H +# define OSSL_INTERNAL_SAFE_MATH_H +# pragma once + +# include /* For 'ossl_inline' */ + +# ifndef OPENSSL_NO_BUILTIN_OVERFLOW_CHECKING +# ifdef __has_builtin +# define has(func) __has_builtin(func) +# elif __GNUC__ > 5 +# define has(func) 1 +# endif +# endif /* OPENSSL_NO_BUILTIN_OVERFLOW_CHECKING */ + +# ifndef has +# define has(func) 0 +# endif + +/* + * Safe addition helpers + */ +# if has(__builtin_add_overflow) +# define OSSL_SAFE_MATH_ADDS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_add_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + type r; \ + \ + if (!__builtin_add_overflow(a, b, &r)) \ + return r; \ + *err |= 1; \ + return a < 0 ? min : max; \ + } + +# define OSSL_SAFE_MATH_ADDU(type_name, type, max) \ + static ossl_inline ossl_unused type safe_add_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + type r; \ + \ + if (!__builtin_add_overflow(a, b, &r)) \ + return r; \ + *err |= 1; \ + return a + b; \ + } + +# else /* has(__builtin_add_overflow) */ +# define OSSL_SAFE_MATH_ADDS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_add_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if ((a < 0) ^ (b < 0) \ + || (a > 0 && b <= max - a) \ + || (a < 0 && b >= min - a) \ + || a == 0) \ + return a + b; \ + *err |= 1; \ + return a < 0 ? min : max; \ + } + +# define OSSL_SAFE_MATH_ADDU(type_name, type, max) \ + static ossl_inline ossl_unused type safe_add_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b > max - a) \ + *err |= 1; \ + return a + b; \ + } +# endif /* has(__builtin_add_overflow) */ + +/* + * Safe subtraction helpers + */ +# if has(__builtin_sub_overflow) +# define OSSL_SAFE_MATH_SUBS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_sub_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + type r; \ + \ + if (!__builtin_sub_overflow(a, b, &r)) \ + return r; \ + *err |= 1; \ + return a < 0 ? min : max; \ + } + +# else /* has(__builtin_sub_overflow) */ +# define OSSL_SAFE_MATH_SUBS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_sub_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (!((a < 0) ^ (b < 0)) \ + || (b > 0 && a >= min + b) \ + || (b < 0 && a <= max + b) \ + || b == 0) \ + return a - b; \ + *err |= 1; \ + return a < 0 ? min : max; \ + } + +# endif /* has(__builtin_sub_overflow) */ + +# define OSSL_SAFE_MATH_SUBU(type_name, type) \ + static ossl_inline ossl_unused type safe_sub_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b > a) \ + *err |= 1; \ + return a - b; \ + } + +/* + * Safe multiplication helpers + */ +# if has(__builtin_mul_overflow) +# define OSSL_SAFE_MATH_MULS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_mul_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + type r; \ + \ + if (!__builtin_mul_overflow(a, b, &r)) \ + return r; \ + *err |= 1; \ + return (a < 0) ^ (b < 0) ? min : max; \ + } + +# define OSSL_SAFE_MATH_MULU(type_name, type, max) \ + static ossl_inline ossl_unused type safe_mul_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + type r; \ + \ + if (!__builtin_mul_overflow(a, b, &r)) \ + return r; \ + *err |= 1; \ + return a * b; \ + } + +# else /* has(__builtin_mul_overflow) */ +# define OSSL_SAFE_MATH_MULS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_mul_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (a == 0 || b == 0) \ + return 0; \ + if (a == 1) \ + return b; \ + if (b == 1) \ + return a; \ + if (a != min && b != min) { \ + const type x = a < 0 ? -a : a; \ + const type y = b < 0 ? -b : b; \ + \ + if (x <= max / y) \ + return a * b; \ + } \ + *err |= 1; \ + return (a < 0) ^ (b < 0) ? min : max; \ + } + +# define OSSL_SAFE_MATH_MULU(type_name, type, max) \ + static ossl_inline ossl_unused type safe_mul_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b != 0 && a > max / b) \ + *err |= 1; \ + return a * b; \ + } +# endif /* has(__builtin_mul_overflow) */ + +/* + * Safe division helpers + */ +# define OSSL_SAFE_MATH_DIVS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_div_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b == 0) { \ + *err |= 1; \ + return a < 0 ? min : max; \ + } \ + if (b == -1 && a == min) { \ + *err |= 1; \ + return max; \ + } \ + return a / b; \ + } + +# define OSSL_SAFE_MATH_DIVU(type_name, type, max) \ + static ossl_inline ossl_unused type safe_div_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b != 0) \ + return a / b; \ + *err |= 1; \ + return max; \ + } + +/* + * Safe modulus helpers + */ +# define OSSL_SAFE_MATH_MODS(type_name, type, min, max) \ + static ossl_inline ossl_unused type safe_mod_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b == 0) { \ + *err |= 1; \ + return 0; \ + } \ + if (b == -1 && a == min) { \ + *err |= 1; \ + return max; \ + } \ + return a % b; \ + } + +# define OSSL_SAFE_MATH_MODU(type_name, type) \ + static ossl_inline ossl_unused type safe_mod_ ## type_name(type a, \ + type b, \ + int *err) \ + { \ + if (b != 0) \ + return a % b; \ + *err |= 1; \ + return 0; \ + } + +/* + * Safe negation helpers + */ +# define OSSL_SAFE_MATH_NEGS(type_name, type, min) \ + static ossl_inline ossl_unused type safe_neg_ ## type_name(type a, \ + int *err) \ + { \ + if (a != min) \ + return -a; \ + *err |= 1; \ + return min; \ + } + +# define OSSL_SAFE_MATH_NEGU(type_name, type) \ + static ossl_inline ossl_unused type safe_neg_ ## type_name(type a, \ + int *err) \ + { \ + if (a == 0) \ + return a; \ + *err |= 1; \ + return 1 + ~a; \ + } + +/* + * Safe absolute value helpers + */ +# define OSSL_SAFE_MATH_ABSS(type_name, type, min) \ + static ossl_inline ossl_unused type safe_abs_ ## type_name(type a, \ + int *err) \ + { \ + if (a != min) \ + return a < 0 ? -a : a; \ + *err |= 1; \ + return min; \ + } + +# define OSSL_SAFE_MATH_ABSU(type_name, type) \ + static ossl_inline ossl_unused type safe_abs_ ## type_name(type a, \ + int *err) \ + { \ + return a; \ + } + +/* + * Safe fused multiply divide helpers + * + * These are a bit obscure: + * . They begin by checking the denominator for zero and getting rid of this + * corner case. + * + * . Second is an attempt to do the multiplication directly, if it doesn't + * overflow, the quotient is returned (for signed values there is a + * potential problem here which isn't present for unsigned). + * + * . Finally, the multiplication/division is transformed so that the larger + * of the numerators is divided first. This requires a remainder + * correction: + * + * a b / c = (a / c) b + (a mod c) b / c, where a > b + * + * The individual operations need to be overflow checked (again signed + * being more problematic). + * + * The algorithm used is not perfect but it should be "good enough". + */ +# define OSSL_SAFE_MATH_MULDIVS(type_name, type, max) \ + static ossl_inline ossl_unused type safe_muldiv_ ## type_name(type a, \ + type b, \ + type c, \ + int *err) \ + { \ + int e2 = 0; \ + type q, r, x, y; \ + \ + if (c == 0) { \ + *err |= 1; \ + return a == 0 || b == 0 ? 0 : max; \ + } \ + x = safe_mul_ ## type_name(a, b, &e2); \ + if (!e2) \ + return safe_div_ ## type_name(x, c, err); \ + if (b > a) { \ + x = b; \ + b = a; \ + a = x; \ + } \ + q = safe_div_ ## type_name(a, c, err); \ + r = safe_mod_ ## type_name(a, c, err); \ + x = safe_mul_ ## type_name(r, b, err); \ + y = safe_mul_ ## type_name(q, b, err); \ + q = safe_div_ ## type_name(x, c, err); \ + return safe_add_ ## type_name(y, q, err); \ + } + +# define OSSL_SAFE_MATH_MULDIVU(type_name, type, max) \ + static ossl_inline ossl_unused type safe_muldiv_ ## type_name(type a, \ + type b, \ + type c, \ + int *err) \ + { \ + int e2 = 0; \ + type x, y; \ + \ + if (c == 0) { \ + *err |= 1; \ + return a == 0 || b == 0 ? 0 : max; \ + } \ + x = safe_mul_ ## type_name(a, b, &e2); \ + if (!e2) \ + return x / c; \ + if (b > a) { \ + x = b; \ + b = a; \ + a = x; \ + } \ + x = safe_mul_ ## type_name(a % c, b, err); \ + y = safe_mul_ ## type_name(a / c, b, err); \ + return safe_add_ ## type_name(y, x / c, err); \ + } + +/* + * Calculate a / b rounding up: + * i.e. a / b + (a % b != 0) + * Which is usually (less safely) converted to (a + b - 1) / b + * If you *know* that b != 0, then it's safe to ignore err. + */ +#define OSSL_SAFE_MATH_DIV_ROUND_UP(type_name, type, max) \ + static ossl_inline ossl_unused type safe_div_round_up_ ## type_name \ + (type a, type b, int *errp) \ + { \ + type x; \ + int *err, err_local = 0; \ + \ + /* Allow errors to be ignored by callers */ \ + err = errp != NULL ? errp : &err_local; \ + /* Fast path, both positive */ \ + if (b > 0 && a > 0) { \ + /* Faster path: no overflow concerns */ \ + if (a < max - b) \ + return (a + b - 1) / b; \ + return a / b + (a % b != 0); \ + } \ + if (b == 0) { \ + *err |= 1; \ + return a == 0 ? 0 : max; \ + } \ + if (a == 0) \ + return 0; \ + /* Rather slow path because there are negatives involved */ \ + x = safe_mod_ ## type_name(a, b, err); \ + return safe_add_ ## type_name(safe_div_ ## type_name(a, b, err), \ + x != 0, err); \ + } + +/* Calculate ranges of types */ +# define OSSL_SAFE_MATH_MINS(type) ((type)1 << (sizeof(type) * 8 - 1)) +# define OSSL_SAFE_MATH_MAXS(type) (~OSSL_SAFE_MATH_MINS(type)) +# define OSSL_SAFE_MATH_MAXU(type) (~(type)0) + +/* + * Wrapper macros to create all the functions of a given type + */ +# define OSSL_SAFE_MATH_SIGNED(type_name, type) \ + OSSL_SAFE_MATH_ADDS(type_name, type, OSSL_SAFE_MATH_MINS(type), \ + OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_SUBS(type_name, type, OSSL_SAFE_MATH_MINS(type), \ + OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_MULS(type_name, type, OSSL_SAFE_MATH_MINS(type), \ + OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_DIVS(type_name, type, OSSL_SAFE_MATH_MINS(type), \ + OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_MODS(type_name, type, OSSL_SAFE_MATH_MINS(type), \ + OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_DIV_ROUND_UP(type_name, type, \ + OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_MULDIVS(type_name, type, OSSL_SAFE_MATH_MAXS(type)) \ + OSSL_SAFE_MATH_NEGS(type_name, type, OSSL_SAFE_MATH_MINS(type)) \ + OSSL_SAFE_MATH_ABSS(type_name, type, OSSL_SAFE_MATH_MINS(type)) + +# define OSSL_SAFE_MATH_UNSIGNED(type_name, type) \ + OSSL_SAFE_MATH_ADDU(type_name, type, OSSL_SAFE_MATH_MAXU(type)) \ + OSSL_SAFE_MATH_SUBU(type_name, type) \ + OSSL_SAFE_MATH_MULU(type_name, type, OSSL_SAFE_MATH_MAXU(type)) \ + OSSL_SAFE_MATH_DIVU(type_name, type, OSSL_SAFE_MATH_MAXU(type)) \ + OSSL_SAFE_MATH_MODU(type_name, type) \ + OSSL_SAFE_MATH_DIV_ROUND_UP(type_name, type, \ + OSSL_SAFE_MATH_MAXU(type)) \ + OSSL_SAFE_MATH_MULDIVU(type_name, type, OSSL_SAFE_MATH_MAXU(type)) \ + OSSL_SAFE_MATH_NEGU(type_name, type) \ + OSSL_SAFE_MATH_ABSU(type_name, type) + +#endif /* OSSL_INTERNAL_SAFE_MATH_H */ diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/sockets.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/sockets.h index 1f5fefcc..2550c56b 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/sockets.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/sockets.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -61,7 +61,25 @@ struct servent *PASCAL getservbyname(const char *, const char *); # define accept(s,f,l) ((int)accept(s,f,l)) # endif +/* Windows have other names for shutdown() reasons */ +# ifndef SHUT_RD +# define SHUT_RD SD_RECEIVE +# endif +# ifndef SHUT_WR +# define SHUT_WR SD_SEND +# endif +# ifndef SHUT_RDWR +# define SHUT_RDWR SD_BOTH +# endif + # else +# if defined(__APPLE__) + /* + * This must be defined before including to get + * IPV6_RECVPKTINFO + */ +# define __APPLE_USE_RFC_3542 +# endif # ifndef NO_SYS_PARAM_H # include @@ -71,6 +89,9 @@ struct servent *PASCAL getservbyname(const char *, const char *); # endif # include +# if defined(OPENSSL_SYS_VMS) +typedef size_t socklen_t; /* Currently appears to be missing on VMS */ +# endif # if defined(OPENSSL_SYS_VMS_NODECC) # include # include @@ -95,6 +116,13 @@ struct servent *PASCAL getservbyname(const char *, const char *); # include # endif +# ifdef OPENSSL_SYS_UNIX +# ifndef OPENSSL_SYS_TANDEM +# include +# endif +# include +# endif + # ifndef VMS # include # else @@ -136,12 +164,15 @@ struct servent *PASCAL getservbyname(const char *, const char *); # define get_last_socket_error() errno # define clear_socket_error() errno=0 +# define get_last_socket_error_is_eintr() (get_last_socket_error() == EINTR) # if defined(OPENSSL_SYS_WINDOWS) # undef get_last_socket_error # undef clear_socket_error +# undef get_last_socket_error_is_eintr # define get_last_socket_error() WSAGetLastError() # define clear_socket_error() WSASetLastError(0) +# define get_last_socket_error_is_eintr() (get_last_socket_error() == WSAEINTR) # define readsocket(s,b,n) recv((s),(b),(n),0) # define writesocket(s,b,n) send((s),(b),(n),0) # elif defined(__DJGPP__) diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/ssl.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/ssl.h new file mode 100644 index 00000000..8a0c7974 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/ssl.h @@ -0,0 +1,24 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#ifndef OSSL_INTERNAL_SSL_H +# define OSSL_INTERNAL_SSL_H +# pragma once + +typedef void (*ossl_msg_cb)(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); + +int ossl_ssl_get_error(const SSL *s, int i, int check_err); + +/* Set if this is the QUIC handshake layer */ +# define TLS1_FLAGS_QUIC 0x2000 + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/ssl3_cbc.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/ssl3_cbc.h new file mode 100644 index 00000000..4fb5da19 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/ssl3_cbc.h @@ -0,0 +1,40 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +/* tls_pad.c */ +int ssl3_cbc_remove_padding_and_mac(size_t *reclen, + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + OSSL_LIB_CTX *libctx); + +int tls1_cbc_remove_padding_and_mac(size_t *reclen, + size_t origreclen, + unsigned char *recdata, + unsigned char **mac, + int *alloced, + size_t block_size, size_t mac_size, + int aead, + OSSL_LIB_CTX *libctx); + +/* ssl3_cbc.c */ +__owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); +__owur int ssl3_cbc_digest_record(const EVP_MD *md, + unsigned char *md_out, + size_t *md_out_size, + const unsigned char *header, + const unsigned char *data, + size_t data_size, + size_t data_plus_mac_plus_padding_size, + const unsigned char *mac_secret, + size_t mac_secret_length, char is_sslv3); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/statem.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/statem.h new file mode 100644 index 00000000..136e6523 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/statem.h @@ -0,0 +1,171 @@ +/* + * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef OSSL_INTERNAL_STATEM_H +# define OSSL_INTERNAL_STATEM_H + +/***************************************************************************** + * * + * These enums should be considered PRIVATE to the state machine. No * + * non-state machine code should need to use these * + * * + *****************************************************************************/ +/* + * Valid return codes used for functions performing work prior to or after + * sending or receiving a message + */ +typedef enum { + /* Something went wrong */ + WORK_ERROR, + /* We're done working and there shouldn't be anything else to do after */ + WORK_FINISHED_STOP, + /* We're done working move onto the next thing */ + WORK_FINISHED_CONTINUE, + /* We're working on phase A */ + WORK_MORE_A, + /* We're working on phase B */ + WORK_MORE_B, + /* We're working on phase C */ + WORK_MORE_C +} WORK_STATE; + +/* Write transition return codes */ +typedef enum { + /* Something went wrong */ + WRITE_TRAN_ERROR, + /* A transition was successfully completed and we should continue */ + WRITE_TRAN_CONTINUE, + /* There is no more write work to be done */ + WRITE_TRAN_FINISHED +} WRITE_TRAN; + +/* Message flow states */ +typedef enum { + /* No handshake in progress */ + MSG_FLOW_UNINITED, + /* A permanent error with this connection */ + MSG_FLOW_ERROR, + /* We are reading messages */ + MSG_FLOW_READING, + /* We are writing messages */ + MSG_FLOW_WRITING, + /* Handshake has finished */ + MSG_FLOW_FINISHED +} MSG_FLOW_STATE; + +/* Read states */ +typedef enum { + READ_STATE_HEADER, + READ_STATE_BODY, + READ_STATE_POST_PROCESS +} READ_STATE; + +/* Write states */ +typedef enum { + WRITE_STATE_TRANSITION, + WRITE_STATE_PRE_WORK, + WRITE_STATE_SEND, + WRITE_STATE_POST_WORK +} WRITE_STATE; + +typedef enum { + CON_FUNC_ERROR = 0, + CON_FUNC_SUCCESS, + CON_FUNC_DONT_SEND +} CON_FUNC_RETURN; + +typedef int (*ossl_statem_mutate_handshake_cb)(const unsigned char *msgin, + size_t inlen, + unsigned char **msgout, + size_t *outlen, + void *arg); + +typedef void (*ossl_statem_finish_mutate_handshake_cb)(void *arg); + +/***************************************************************************** + * * + * This structure should be considered "opaque" to anything outside of the * + * state machine. No non-state machine code should be accessing the members * + * of this structure. * + * * + *****************************************************************************/ + +struct ossl_statem_st { + MSG_FLOW_STATE state; + WRITE_STATE write_state; + WORK_STATE write_state_work; + READ_STATE read_state; + WORK_STATE read_state_work; + OSSL_HANDSHAKE_STATE hand_state; + /* The handshake state requested by an API call (e.g. HelloRequest) */ + OSSL_HANDSHAKE_STATE request_state; + int in_init; + int read_state_first_init; + /* true when we are actually in SSL_accept() or SSL_connect() */ + int in_handshake; + /* + * True when are processing a "real" handshake that needs cleaning up (not + * just a HelloRequest or similar). + */ + int cleanuphand; + /* Should we skip the CertificateVerify message? */ + unsigned int no_cert_verify; + int use_timer; + + /* Test harness message mutator callbacks */ + ossl_statem_mutate_handshake_cb mutate_handshake_cb; + ossl_statem_finish_mutate_handshake_cb finish_mutate_handshake_cb; + void *mutatearg; + unsigned int write_in_progress : 1; +}; +typedef struct ossl_statem_st OSSL_STATEM; + +/***************************************************************************** + * * + * The following macros/functions represent the libssl internal API to the * + * state machine. Any libssl code may call these functions/macros * + * * + *****************************************************************************/ + +typedef struct ssl_connection_st SSL_CONNECTION; + +__owur int ossl_statem_accept(SSL *s); +__owur int ossl_statem_connect(SSL *s); +OSSL_HANDSHAKE_STATE ossl_statem_get_state(SSL_CONNECTION *s); +void ossl_statem_clear(SSL_CONNECTION *s); +void ossl_statem_set_renegotiate(SSL_CONNECTION *s); +void ossl_statem_send_fatal(SSL_CONNECTION *s, int al); +void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason, + const char *fmt, ...); +# define SSLfatal_alert(s, al) ossl_statem_send_fatal((s), (al)) +# define SSLfatal(s, al, r) SSLfatal_data((s), (al), (r), NULL) +# define SSLfatal_data \ + (ERR_new(), \ + ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \ + ossl_statem_fatal) + +int ossl_statem_in_error(const SSL_CONNECTION *s); +void ossl_statem_set_in_init(SSL_CONNECTION *s, int init); +int ossl_statem_get_in_handshake(SSL_CONNECTION *s); +void ossl_statem_set_in_handshake(SSL_CONNECTION *s, int inhand); +__owur int ossl_statem_skip_early_data(SSL_CONNECTION *s); +void ossl_statem_check_finish_init(SSL_CONNECTION *s, int send); +void ossl_statem_set_hello_verify_done(SSL_CONNECTION *s); +__owur int ossl_statem_app_data_allowed(SSL_CONNECTION *s); +__owur int ossl_statem_export_allowed(SSL_CONNECTION *s); +__owur int ossl_statem_export_early_allowed(SSL_CONNECTION *s); + +/* Flush the write BIO */ +int statem_flush(SSL_CONNECTION *s); + +int ossl_statem_set_mutator(SSL *s, + ossl_statem_mutate_handshake_cb mutate_handshake_cb, + ossl_statem_finish_mutate_handshake_cb finish_mutate_handshake_cb, + void *mutatearg); + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/thread.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/thread.h new file mode 100644 index 00000000..8c5bad77 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/thread.h @@ -0,0 +1,39 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_INTERNAL_THREAD_H +# define OPENSSL_INTERNAL_THREAD_H +# include +# include +# include +# include +# include +# include "crypto/context.h" + +void *ossl_crypto_thread_start(OSSL_LIB_CTX *ctx, CRYPTO_THREAD_ROUTINE start, + void *data); +int ossl_crypto_thread_join(void *task, CRYPTO_THREAD_RETVAL *retval); +int ossl_crypto_thread_clean(void *vhandle); +uint64_t ossl_get_avail_threads(OSSL_LIB_CTX *ctx); + +# if defined(OPENSSL_THREADS) + +# define OSSL_LIB_CTX_GET_THREADS(CTX) \ + ossl_lib_ctx_get_data(CTX, OSSL_LIB_CTX_THREAD_INDEX); + +typedef struct openssl_threads_st { + uint64_t max_threads; + uint64_t active_threads; + CRYPTO_MUTEX *lock; + CRYPTO_CONDVAR *cond_finished; +} OSSL_LIB_CTX_THREADS; + +# endif /* defined(OPENSSL_THREADS) */ + +#endif /* OPENSSL_INTERNAL_THREAD_H */ diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/thread_arch.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/thread_arch.h new file mode 100644 index 00000000..1bfc0ebb --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/thread_arch.h @@ -0,0 +1,127 @@ +/* + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_THREAD_ARCH_H +# define OSSL_INTERNAL_THREAD_ARCH_H +# include +# include +# include "internal/time.h" + +# if defined(_WIN32) +# include +# endif + +# if defined(OPENSSL_THREADS) && defined(OPENSSL_SYS_UNIX) +# define OPENSSL_THREADS_POSIX +# elif defined(OPENSSL_THREADS) && defined(OPENSSL_SYS_VMS) +# define OPENSSL_THREADS_POSIX +# elif defined(OPENSSL_THREADS) && defined(OPENSSL_SYS_WINDOWS) && \ + defined(_WIN32_WINNT) +# if _WIN32_WINNT >= 0x0600 +# define OPENSSL_THREADS_WINNT +# elif _WIN32_WINNT >= 0x0501 +# define OPENSSL_THREADS_WINNT +# define OPENSSL_THREADS_WINNT_LEGACY +# else +# define OPENSSL_THREADS_NONE +# endif +# else +# define OPENSSL_THREADS_NONE +# endif + +# include + +typedef void CRYPTO_MUTEX; +typedef void CRYPTO_CONDVAR; + +CRYPTO_MUTEX *ossl_crypto_mutex_new(void); +void ossl_crypto_mutex_lock(CRYPTO_MUTEX *mutex); +int ossl_crypto_mutex_try_lock(CRYPTO_MUTEX *mutex); +void ossl_crypto_mutex_unlock(CRYPTO_MUTEX *mutex); +void ossl_crypto_mutex_free(CRYPTO_MUTEX **mutex); + +CRYPTO_CONDVAR *ossl_crypto_condvar_new(void); +void ossl_crypto_condvar_wait(CRYPTO_CONDVAR *cv, CRYPTO_MUTEX *mutex); +void ossl_crypto_condvar_wait_timeout(CRYPTO_CONDVAR *cv, CRYPTO_MUTEX *mutex, + OSSL_TIME deadline); +void ossl_crypto_condvar_broadcast(CRYPTO_CONDVAR *cv); +void ossl_crypto_condvar_signal(CRYPTO_CONDVAR *cv); +void ossl_crypto_condvar_free(CRYPTO_CONDVAR **cv); + +typedef uint32_t CRYPTO_THREAD_RETVAL; +typedef CRYPTO_THREAD_RETVAL (*CRYPTO_THREAD_ROUTINE)(void *); +typedef CRYPTO_THREAD_RETVAL (*CRYPTO_THREAD_ROUTINE_CB)(void *, + void (**)(void *), + void **); + +# define CRYPTO_THREAD_NO_STATE 0UL +# define CRYPTO_THREAD_FINISHED (1UL << 0) +# define CRYPTO_THREAD_JOIN_AWAIT (1UL << 1) +# define CRYPTO_THREAD_JOINED (1UL << 2) + +# define CRYPTO_THREAD_GET_STATE(THREAD, FLAG) ((THREAD)->state & (FLAG)) +# define CRYPTO_THREAD_GET_ERROR(THREAD, FLAG) (((THREAD)->state >> 16) & (FLAG)) + +typedef struct crypto_thread_st { + uint32_t state; + void *data; + CRYPTO_THREAD_ROUTINE routine; + CRYPTO_THREAD_RETVAL retval; + void *handle; + CRYPTO_MUTEX *lock; + CRYPTO_MUTEX *statelock; + CRYPTO_CONDVAR *condvar; + unsigned long thread_id; + int joinable; + OSSL_LIB_CTX *ctx; +} CRYPTO_THREAD; + +# if defined(OPENSSL_THREADS) + +# define CRYPTO_THREAD_UNSET_STATE(THREAD, FLAG) \ + do { \ + (THREAD)->state &= ~(FLAG); \ + } while ((void)0, 0) + +# define CRYPTO_THREAD_SET_STATE(THREAD, FLAG) \ + do { \ + (THREAD)->state |= (FLAG); \ + } while ((void)0, 0) + +# define CRYPTO_THREAD_SET_ERROR(THREAD, FLAG) \ + do { \ + (THREAD)->state |= ((FLAG) << 16); \ + } while ((void)0, 0) + +# define CRYPTO_THREAD_UNSET_ERROR(THREAD, FLAG) \ + do { \ + (THREAD)->state &= ~((FLAG) << 16); \ + } while ((void)0, 0) + +# else + +# define CRYPTO_THREAD_UNSET_STATE(THREAD, FLAG) +# define CRYPTO_THREAD_SET_STATE(THREAD, FLAG) +# define CRYPTO_THREAD_SET_ERROR(THREAD, FLAG) +# define CRYPTO_THREAD_UNSET_ERROR(THREAD, FLAG) + +# endif /* defined(OPENSSL_THREADS) */ + +CRYPTO_THREAD * ossl_crypto_thread_native_start(CRYPTO_THREAD_ROUTINE routine, + void *data, int joinable); +int ossl_crypto_thread_native_spawn(CRYPTO_THREAD *thread); +int ossl_crypto_thread_native_join(CRYPTO_THREAD *thread, + CRYPTO_THREAD_RETVAL *retval); +int ossl_crypto_thread_native_perform_join(CRYPTO_THREAD *thread, + CRYPTO_THREAD_RETVAL *retval); +int ossl_crypto_thread_native_exit(void); +int ossl_crypto_thread_native_is_self(CRYPTO_THREAD *thread); +int ossl_crypto_thread_native_clean(CRYPTO_THREAD *thread); + +#endif /* OSSL_INTERNAL_THREAD_ARCH_H */ diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/time.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/time.h new file mode 100644 index 00000000..14d724ab --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/time.h @@ -0,0 +1,242 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_TIME_H +# define OSSL_INTERNAL_TIME_H +# pragma once + +# include /* uint64_t */ +# include "internal/e_os.h" /* for struct timeval */ +# include "internal/safe_math.h" + +/* + * Internal type defining a time. + * This should be treated as an opaque structure. + * + * The time datum is Unix's 1970 and at nanosecond precision, this gives + * a range of 584 years roughly. + */ +typedef struct { + uint64_t t; /* Ticks since the epoch */ +} OSSL_TIME; + +/* The precision of times allows this many values per second */ +# define OSSL_TIME_SECOND ((uint64_t)1000000000) + +/* One millisecond. */ +# define OSSL_TIME_MS (OSSL_TIME_SECOND / 1000) + +/* One microsecond. */ +# define OSSL_TIME_US (OSSL_TIME_MS / 1000) + +/* One nanosecond. */ +# define OSSL_TIME_NS (OSSL_TIME_US / 1000) + +#define ossl_seconds2time(s) ossl_ticks2time((s) * OSSL_TIME_SECOND) +#define ossl_time2seconds(t) (ossl_time2ticks(t) / OSSL_TIME_SECOND) +#define ossl_ms2time(ms) ossl_ticks2time((ms) * OSSL_TIME_MS) +#define ossl_time2ms(t) (ossl_time2ticks(t) / OSSL_TIME_MS) +#define ossl_us2time(us) ossl_ticks2time((us) * OSSL_TIME_US) +#define ossl_time2us(t) (ossl_time2ticks(t) / OSSL_TIME_US) + +/* + * Arithmetic operations on times. + * These operations are saturating, in that an overflow or underflow returns + * the largest or smallest value respectively. + */ +OSSL_SAFE_MATH_UNSIGNED(time, uint64_t) + +/* Convert a tick count into a time */ +static ossl_unused ossl_inline +OSSL_TIME ossl_ticks2time(uint64_t ticks) +{ + OSSL_TIME r; + + r.t = ticks; + return r; +} + +/* Convert a time to a tick count */ +static ossl_unused ossl_inline +uint64_t ossl_time2ticks(OSSL_TIME t) +{ + return t.t; +} + +/* Get current time */ +OSSL_TIME ossl_time_now(void); + +/* The beginning and end of the time range */ +static ossl_unused ossl_inline +OSSL_TIME ossl_time_zero(void) +{ + return ossl_ticks2time(0); +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_time_infinite(void) +{ + return ossl_ticks2time(~(uint64_t)0); +} + + +/* Convert time to timeval */ +static ossl_unused ossl_inline +struct timeval ossl_time_to_timeval(OSSL_TIME t) +{ + struct timeval tv; + int err = 0; + + /* + * Round up any nano secs which struct timeval doesn't support. Ensures that + * we never return a zero time if the input time is non zero + */ + t.t = safe_add_time(t.t, OSSL_TIME_US - 1, &err); + if (err) + t = ossl_time_infinite(); + +#ifdef _WIN32 + tv.tv_sec = (long int)(t.t / OSSL_TIME_SECOND); +#else + tv.tv_sec = (time_t)(t.t / OSSL_TIME_SECOND); +#endif + tv.tv_usec = (t.t % OSSL_TIME_SECOND) / OSSL_TIME_US; + return tv; +} + +/* Convert timeval to time */ +static ossl_unused ossl_inline +OSSL_TIME ossl_time_from_timeval(struct timeval tv) +{ + OSSL_TIME t; + +#ifndef __DJGPP__ /* tv_sec is unsigned on djgpp. */ + if (tv.tv_sec < 0) + return ossl_time_zero(); +#endif + t.t = tv.tv_sec * OSSL_TIME_SECOND + tv.tv_usec * OSSL_TIME_US; + return t; +} + +/* Convert OSSL_TIME to time_t */ +static ossl_unused ossl_inline +time_t ossl_time_to_time_t(OSSL_TIME t) +{ + return (time_t)(t.t / OSSL_TIME_SECOND); +} + +/* Convert time_t to OSSL_TIME */ +static ossl_unused ossl_inline +OSSL_TIME ossl_time_from_time_t(time_t t) +{ + OSSL_TIME ot; + + ot.t = t; + ot.t *= OSSL_TIME_SECOND; + return ot; +} + +/* Compare two time values, return -1 if less, 1 if greater and 0 if equal */ +static ossl_unused ossl_inline +int ossl_time_compare(OSSL_TIME a, OSSL_TIME b) +{ + if (a.t > b.t) + return 1; + if (a.t < b.t) + return -1; + return 0; +} + +/* Returns true if an OSSL_TIME is ossl_time_zero(). */ +static ossl_unused ossl_inline +int ossl_time_is_zero(OSSL_TIME t) +{ + return ossl_time_compare(t, ossl_time_zero()) == 0; +} + +/* Returns true if an OSSL_TIME is ossl_time_infinite(). */ +static ossl_unused ossl_inline +int ossl_time_is_infinite(OSSL_TIME t) +{ + return ossl_time_compare(t, ossl_time_infinite()) == 0; +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_time_add(OSSL_TIME a, OSSL_TIME b) +{ + OSSL_TIME r; + int err = 0; + + r.t = safe_add_time(a.t, b.t, &err); + return err ? ossl_time_infinite() : r; +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_time_subtract(OSSL_TIME a, OSSL_TIME b) +{ + OSSL_TIME r; + int err = 0; + + r.t = safe_sub_time(a.t, b.t, &err); + return err ? ossl_time_zero() : r; +} + +/* Returns |a - b|. */ +static ossl_unused ossl_inline +OSSL_TIME ossl_time_abs_difference(OSSL_TIME a, OSSL_TIME b) +{ + return a.t > b.t ? ossl_time_subtract(a, b) + : ossl_time_subtract(b, a); +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_time_multiply(OSSL_TIME a, uint64_t b) +{ + OSSL_TIME r; + int err = 0; + + r.t = safe_mul_time(a.t, b, &err); + return err ? ossl_time_infinite() : r; +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_time_divide(OSSL_TIME a, uint64_t b) +{ + OSSL_TIME r; + int err = 0; + + r.t = safe_div_time(a.t, b, &err); + return err ? ossl_time_zero() : r; +} + +static ossl_unused ossl_inline +OSSL_TIME ossl_time_muldiv(OSSL_TIME a, uint64_t b, uint64_t c) +{ + OSSL_TIME r; + int err = 0; + + r.t = safe_muldiv_time(a.t, b, c, &err); + return err ? ossl_time_zero() : r; +} + +/* Return higher of the two given time values. */ +static ossl_unused ossl_inline +OSSL_TIME ossl_time_max(OSSL_TIME a, OSSL_TIME b) +{ + return a.t > b.t ? a : b; +} + +/* Return the lower of the two given time values. */ +static ossl_unused ossl_inline +OSSL_TIME ossl_time_min(OSSL_TIME a, OSSL_TIME b) +{ + return a.t < b.t ? a : b; +} + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/tlsgroups.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/tlsgroups.h index 8a35ced1..73fb53bc 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/tlsgroups.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/tlsgroups.h @@ -41,6 +41,16 @@ # define OSSL_TLS_GROUP_ID_brainpoolP512r1 0x001C # define OSSL_TLS_GROUP_ID_x25519 0x001D # define OSSL_TLS_GROUP_ID_x448 0x001E +# define OSSL_TLS_GROUP_ID_brainpoolP256r1_tls13 0x001F +# define OSSL_TLS_GROUP_ID_brainpoolP384r1_tls13 0x0020 +# define OSSL_TLS_GROUP_ID_brainpoolP512r1_tls13 0x0021 +# define OSSL_TLS_GROUP_ID_gc256A 0x0022 +# define OSSL_TLS_GROUP_ID_gc256B 0x0023 +# define OSSL_TLS_GROUP_ID_gc256C 0x0024 +# define OSSL_TLS_GROUP_ID_gc256D 0x0025 +# define OSSL_TLS_GROUP_ID_gc512A 0x0026 +# define OSSL_TLS_GROUP_ID_gc512B 0x0027 +# define OSSL_TLS_GROUP_ID_gc512C 0x0028 # define OSSL_TLS_GROUP_ID_ffdhe2048 0x0100 # define OSSL_TLS_GROUP_ID_ffdhe3072 0x0101 # define OSSL_TLS_GROUP_ID_ffdhe4096 0x0102 diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/tsan_assist.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/tsan_assist.h index 17205d10..a840df0b 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/tsan_assist.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/tsan_assist.h @@ -47,33 +47,37 @@ * can use TSAN_QUALIFIER in cast specifically when it has to count. */ -#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \ +#ifndef OSSL_INTERNAL_TSAN_ASSIST_H +# define OSSL_INTERNAL_TSAN_ASSIST_H +# pragma once + +# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \ && !defined(__STDC_NO_ATOMICS__) -# include +# include -# if defined(ATOMIC_POINTER_LOCK_FREE) \ +# if defined(ATOMIC_POINTER_LOCK_FREE) \ && ATOMIC_POINTER_LOCK_FREE >= 2 -# define TSAN_QUALIFIER _Atomic -# define tsan_load(ptr) atomic_load_explicit((ptr), memory_order_relaxed) -# define tsan_store(ptr, val) atomic_store_explicit((ptr), (val), memory_order_relaxed) -# define tsan_add(ptr, n) atomic_fetch_add_explicit((ptr), (n), memory_order_relaxed) -# define tsan_ld_acq(ptr) atomic_load_explicit((ptr), memory_order_acquire) -# define tsan_st_rel(ptr, val) atomic_store_explicit((ptr), (val), memory_order_release) -# endif +# define TSAN_QUALIFIER _Atomic +# define tsan_load(ptr) atomic_load_explicit((ptr), memory_order_relaxed) +# define tsan_store(ptr, val) atomic_store_explicit((ptr), (val), memory_order_relaxed) +# define tsan_add(ptr, n) atomic_fetch_add_explicit((ptr), (n), memory_order_relaxed) +# define tsan_ld_acq(ptr) atomic_load_explicit((ptr), memory_order_acquire) +# define tsan_st_rel(ptr, val) atomic_store_explicit((ptr), (val), memory_order_release) +# endif -#elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) +# elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) -# if defined(__GCC_ATOMIC_POINTER_LOCK_FREE) \ +# if defined(__GCC_ATOMIC_POINTER_LOCK_FREE) \ && __GCC_ATOMIC_POINTER_LOCK_FREE >= 2 -# define TSAN_QUALIFIER volatile -# define tsan_load(ptr) __atomic_load_n((ptr), __ATOMIC_RELAXED) -# define tsan_store(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELAXED) -# define tsan_add(ptr, n) __atomic_fetch_add((ptr), (n), __ATOMIC_RELAXED) -# define tsan_ld_acq(ptr) __atomic_load_n((ptr), __ATOMIC_ACQUIRE) -# define tsan_st_rel(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELEASE) -# endif +# define TSAN_QUALIFIER volatile +# define tsan_load(ptr) __atomic_load_n((ptr), __ATOMIC_RELAXED) +# define tsan_store(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELAXED) +# define tsan_add(ptr, n) __atomic_fetch_add((ptr), (n), __ATOMIC_RELAXED) +# define tsan_ld_acq(ptr) __atomic_load_n((ptr), __ATOMIC_ACQUIRE) +# define tsan_st_rel(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELEASE) +# endif -#elif defined(_MSC_VER) && _MSC_VER>=1200 \ +# elif defined(_MSC_VER) && _MSC_VER>=1200 \ && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ defined(_M_ARM64) || (defined(_M_ARM) && _M_ARM >= 7 && !defined(_WIN32_WCE))) /* @@ -87,62 +91,63 @@ * with additional instructions and penalties, it kind of makes sense to * default to "iso"... */ -# define TSAN_QUALIFIER volatile -# if defined(_M_ARM) || defined(_M_ARM64) -# define _InterlockedExchangeAdd _InterlockedExchangeAdd_nf -# pragma intrinsic(_InterlockedExchangeAdd_nf) -# pragma intrinsic(__iso_volatile_load32, __iso_volatile_store32) -# ifdef _WIN64 -# define _InterlockedExchangeAdd64 _InterlockedExchangeAdd64_nf -# pragma intrinsic(_InterlockedExchangeAdd64_nf) -# pragma intrinsic(__iso_volatile_load64, __iso_volatile_store64) -# define tsan_load(ptr) (sizeof(*(ptr)) == 8 ? __iso_volatile_load64(ptr) \ +# define TSAN_QUALIFIER volatile +# if defined(_M_ARM) || defined(_M_ARM64) +# define _InterlockedExchangeAdd _InterlockedExchangeAdd_nf +# pragma intrinsic(_InterlockedExchangeAdd_nf) +# pragma intrinsic(__iso_volatile_load32, __iso_volatile_store32) +# ifdef _WIN64 +# define _InterlockedExchangeAdd64 _InterlockedExchangeAdd64_nf +# pragma intrinsic(_InterlockedExchangeAdd64_nf) +# pragma intrinsic(__iso_volatile_load64, __iso_volatile_store64) +# define tsan_load(ptr) (sizeof(*(ptr)) == 8 ? __iso_volatile_load64(ptr) \ : __iso_volatile_load32(ptr)) -# define tsan_store(ptr, val) (sizeof(*(ptr)) == 8 ? __iso_volatile_store64((ptr), (val)) \ +# define tsan_store(ptr, val) (sizeof(*(ptr)) == 8 ? __iso_volatile_store64((ptr), (val)) \ : __iso_volatile_store32((ptr), (val))) +# else +# define tsan_load(ptr) __iso_volatile_load32(ptr) +# define tsan_store(ptr, val) __iso_volatile_store32((ptr), (val)) +# endif # else -# define tsan_load(ptr) __iso_volatile_load32(ptr) -# define tsan_store(ptr, val) __iso_volatile_store32((ptr), (val)) +# define tsan_load(ptr) (*(ptr)) +# define tsan_store(ptr, val) (*(ptr) = (val)) # endif -# else +# pragma intrinsic(_InterlockedExchangeAdd) +# ifdef _WIN64 +# pragma intrinsic(_InterlockedExchangeAdd64) +# define tsan_add(ptr, n) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), (n)) \ + : _InterlockedExchangeAdd((ptr), (n))) +# else +# define tsan_add(ptr, n) _InterlockedExchangeAdd((ptr), (n)) +# endif +# if !defined(_ISO_VOLATILE) +# define tsan_ld_acq(ptr) (*(ptr)) +# define tsan_st_rel(ptr, val) (*(ptr) = (val)) +# endif + +# endif + +# ifndef TSAN_QUALIFIER + +# ifdef OPENSSL_THREADS +# define TSAN_QUALIFIER volatile +# define TSAN_REQUIRES_LOCKING +# else /* OPENSSL_THREADS */ +# define TSAN_QUALIFIER +# endif /* OPENSSL_THREADS */ + # define tsan_load(ptr) (*(ptr)) # define tsan_store(ptr, val) (*(ptr) = (val)) -# endif -# pragma intrinsic(_InterlockedExchangeAdd) -# ifdef _WIN64 -# pragma intrinsic(_InterlockedExchangeAdd64) -# define tsan_add(ptr, n) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), (n)) \ - : _InterlockedExchangeAdd((ptr), (n))) -# else -# define tsan_add(ptr, n) _InterlockedExchangeAdd((ptr), (n)) -# endif -# if !defined(_ISO_VOLATILE) -# define tsan_ld_acq(ptr) (*(ptr)) -# define tsan_st_rel(ptr, val) (*(ptr) = (val)) -# endif - -#endif - -#ifndef TSAN_QUALIFIER - -# ifdef OPENSSL_THREADS -# define TSAN_QUALIFIER volatile -# define TSAN_REQUIRES_LOCKING -# else /* OPENSSL_THREADS */ -# define TSAN_QUALIFIER -# endif /* OPENSSL_THREADS */ - -# define tsan_load(ptr) (*(ptr)) -# define tsan_store(ptr, val) (*(ptr) = (val)) -# define tsan_add(ptr, n) (*(ptr) += (n)) +# define tsan_add(ptr, n) (*(ptr) += (n)) /* * Lack of tsan_ld_acq and tsan_ld_rel means that compiler support is not * sophisticated enough to support them. Code that relies on them should be * protected with #ifdef tsan_ld_acq with locked fallback. */ +# endif + +# define tsan_counter(ptr) tsan_add((ptr), 1) +# define tsan_decr(ptr) tsan_add((ptr), -1) + #endif - -#define tsan_counter(ptr) tsan_add((ptr), 1) -#define tsan_decr(ptr) tsan_add((ptr), -1) - diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/uint_set.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/uint_set.h new file mode 100644 index 00000000..dcb29b33 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/internal/uint_set.h @@ -0,0 +1,63 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef OSSL_UINT_SET_H +# define OSSL_UINT_SET_H + +#include "openssl/params.h" +#include "internal/list.h" + +/* + * uint64_t Integer Sets + * ===================== + * + * Utilities for managing a logical set of unsigned 64-bit integers. The + * structure tracks each contiguous range of integers using one allocation and + * is thus optimised for cases where integers tend to appear consecutively. + * Queries are optimised under the assumption that they will generally be made + * on integers near the end of the set. + * + * Discussion of implementation details can be found in uint_set.c. + */ +typedef struct uint_range_st { + uint64_t start, end; +} UINT_RANGE; + +typedef struct uint_set_item_st UINT_SET_ITEM; +struct uint_set_item_st { + OSSL_LIST_MEMBER(uint_set, UINT_SET_ITEM); + UINT_RANGE range; +}; + +DEFINE_LIST_OF(uint_set, UINT_SET_ITEM); + +typedef OSSL_LIST(uint_set) UINT_SET; + +void ossl_uint_set_init(UINT_SET *s); +void ossl_uint_set_destroy(UINT_SET *s); + +/* + * Insert a range into a integer set. Returns 0 on allocation failure, in which + * case the integer set is in a valid but undefined state. Otherwise, returns 1. + * Ranges can overlap existing ranges without limitation. If a range is a subset + * of an existing range in the set, this is a no-op and returns 1. + */ +int ossl_uint_set_insert(UINT_SET *s, const UINT_RANGE *range); + +/* + * Remove a range from the set. Returns 0 on allocation failure, in which case + * the integer set is unchanged. Otherwise, returns 1. Ranges which are not + * already in the set can be removed without issue. If a passed range is not in + * the integer set at all, this is a no-op and returns 1. + */ +int ossl_uint_set_remove(UINT_SET *s, const UINT_RANGE *range); + +/* Returns 1 iff the given integer is in the integer set. */ +int ossl_uint_set_query(const UINT_SET *s, uint64_t v); + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/asn1.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/asn1.h index 85ae8d58..09712345 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/asn1.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/asn1.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/asn1.h.in * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -158,7 +158,7 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_ALGOR, X509_ALGOR, X509_ALGOR) -# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ +# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ /* * This indicates that the ASN1_STRING is not a real value but just a place * holder for the location where indefinite length constructed data should be @@ -999,6 +999,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, unsigned char *data, int max_len); void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it); +void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq); ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/asn1.h.in b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/asn1.h.in index d478bc96..798b2211 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/asn1.h.in +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/asn1.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -135,7 +135,7 @@ extern "C" { -} -# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ +# define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ /* * This indicates that the ASN1_STRING is not a real value but just a place * holder for the location where indefinite length constructed data should be @@ -832,6 +832,8 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, unsigned char *data, int max_len); void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it); +void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq); ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/async.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/async.h index bc27d5db..826ffb99 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/async.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/async.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -80,6 +80,14 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); int ASYNC_is_capable(void); +typedef void *(*ASYNC_stack_alloc_fn)(size_t *num); +typedef void (*ASYNC_stack_free_fn)(void *addr); + +int ASYNC_set_mem_functions(ASYNC_stack_alloc_fn alloc_fn, + ASYNC_stack_free_fn free_fn); +void ASYNC_get_mem_functions(ASYNC_stack_alloc_fn *alloc_fn, + ASYNC_stack_free_fn *free_fn); + int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, int (*func)(void *), void *args, size_t size); int ASYNC_pause_job(void); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/bio.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/bio.h index e16cf622..ea584def 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/bio.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/bio.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/bio.h.in * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -67,6 +67,8 @@ extern "C" { # define BIO_TYPE_DGRAM_SCTP (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) # endif # define BIO_TYPE_CORE_TO_PROV (25|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_DGRAM_PAIR (26|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_DGRAM_MEM (27|BIO_TYPE_SOURCE_SINK) #define BIO_TYPE_START 128 @@ -171,6 +173,30 @@ extern "C" { # define BIO_CTRL_SET_INDENT 80 # define BIO_CTRL_GET_INDENT 81 +# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP 82 +# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE 83 +# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE 84 +# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS 85 +# define BIO_CTRL_DGRAM_GET_CAPS 86 +# define BIO_CTRL_DGRAM_SET_CAPS 87 +# define BIO_CTRL_DGRAM_GET_NO_TRUNC 88 +# define BIO_CTRL_DGRAM_SET_NO_TRUNC 89 + +/* + * internal BIO: + * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90 + */ + +# define BIO_CTRL_GET_RPOLL_DESCRIPTOR 91 +# define BIO_CTRL_GET_WPOLL_DESCRIPTOR 92 +# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR 93 + +# define BIO_DGRAM_CAP_NONE 0U +# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR (1U << 0) +# define BIO_DGRAM_CAP_HANDLES_DST_ADDR (1U << 1) +# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR (1U << 2) +# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR (1U << 3) + # ifndef OPENSSL_NO_KTLS # define BIO_get_ktls_send(b) \ (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0) @@ -208,7 +234,7 @@ extern "C" { # define BIO_FLAGS_NONCLEAR_RST 0x400 # define BIO_FLAGS_IN_EOF 0x800 -/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */ +/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */ typedef union bio_addr_st BIO_ADDR; typedef struct bio_addrinfo_st BIO_ADDRINFO; @@ -256,12 +282,14 @@ void BIO_clear_flags(BIO *b, int flags); # define BIO_RR_ACCEPT 0x03 /* These are passed by the BIO callback */ -# define BIO_CB_FREE 0x01 -# define BIO_CB_READ 0x02 -# define BIO_CB_WRITE 0x03 -# define BIO_CB_PUTS 0x04 -# define BIO_CB_GETS 0x05 -# define BIO_CB_CTRL 0x06 +# define BIO_CB_FREE 0x01 +# define BIO_CB_READ 0x02 +# define BIO_CB_WRITE 0x03 +# define BIO_CB_PUTS 0x04 +# define BIO_CB_GETS 0x05 +# define BIO_CB_CTRL 0x06 +# define BIO_CB_RECVMMSG 0x07 +# define BIO_CB_SENDMMSG 0x08 /* * The callback is called before and after the underling operation, The @@ -362,6 +390,34 @@ struct bio_dgram_sctp_prinfo { }; # endif +/* BIO_sendmmsg/BIO_recvmmsg-related definitions */ +typedef struct bio_msg_st { + void *data; + size_t data_len; + BIO_ADDR *peer, *local; + uint64_t flags; +} BIO_MSG; + +typedef struct bio_mmsg_cb_args_st { + BIO_MSG *msg; + size_t stride, num_msg; + uint64_t flags; + size_t *msgs_processed; +} BIO_MMSG_CB_ARGS; + +#define BIO_POLL_DESCRIPTOR_TYPE_NONE 0 +#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD 1 +#define BIO_POLL_DESCRIPTOR_CUSTOM_START 8192 + +typedef struct bio_poll_descriptor_st { + uint32_t type; + union { + int fd; + void *custom; + uintptr_t custom_ui; + } value; +} BIO_POLL_DESCRIPTOR; + /* * #define BIO_CONN_get_param_hostname BIO_ctrl */ @@ -428,10 +484,17 @@ struct bio_dgram_sctp_prinfo { # define BIO_C_SET_CONNECT_MODE 155 +# define BIO_C_SET_TFO 156 /* like BIO_C_SET_NBIO */ + +# define BIO_C_SET_SOCK_TYPE 157 +# define BIO_C_GET_SOCK_TYPE 158 +# define BIO_C_GET_DGRAM_BIO 159 + # define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) # define BIO_get_app_data(s) BIO_get_ex_data(s,0) -# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) +# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) +# define BIO_set_tfo(b,n) BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL) # ifndef OPENSSL_NO_SOCK /* IP families we support, for BIO_s_connect() and BIO_s_accept() */ @@ -452,7 +515,11 @@ struct bio_dgram_sctp_prinfo { # define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)) # define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)) # define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) +# define BIO_get_conn_mode(b) BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL) # define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL) +# define BIO_set_sock_type(b,t) BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL) +# define BIO_get_sock_type(b) BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL) +# define BIO_get0_dgram_bio(b, p) BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p)) /* BIO_s_accept() */ # define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \ @@ -469,6 +536,7 @@ struct bio_dgram_sctp_prinfo { (char *)(bio)) # define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f) # define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL) +# define BIO_set_tfo_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL) /* Aliases kept for backward compatibility */ # define BIO_BIND_NORMAL 0 @@ -596,8 +664,30 @@ int BIO_ctrl_reset_read_request(BIO *b); (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer)) # define BIO_dgram_set_peer(b,peer) \ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer)) +# define BIO_dgram_detect_peer_addr(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer)) # define BIO_dgram_get_mtu_overhead(b) \ (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) +# define BIO_dgram_get_local_addr_cap(b) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL) +# define BIO_dgram_get_local_addr_enable(b, penable) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable)) +# define BIO_dgram_set_local_addr_enable(b, enable) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL) +# define BIO_dgram_get_effective_caps(b) \ + (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL) +# define BIO_dgram_get_caps(b) \ + (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL) +# define BIO_dgram_set_caps(b, caps) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL) +# define BIO_dgram_get_no_trunc(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL) +# define BIO_dgram_set_no_trunc(b, enable) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL) +# define BIO_dgram_get_mtu(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL) +# define BIO_dgram_set_mtu(b, mtu) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL) /* ctrl macros for BIO_f_prefix */ # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p)) @@ -640,10 +730,18 @@ void BIO_vfree(BIO *a); int BIO_up_ref(BIO *a); int BIO_read(BIO *b, void *data, int dlen); int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes); +__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg, + size_t stride, size_t num_msg, uint64_t flags, + size_t *msgs_processed); int BIO_gets(BIO *bp, char *buf, int size); int BIO_get_line(BIO *bio, char *buf, int size); int BIO_write(BIO *b, const void *data, int dlen); int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written); +__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg, + size_t stride, size_t num_msg, uint64_t flags, + size_t *msgs_processed); +__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc); +__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc); int BIO_puts(BIO *bp, const char *buf); int BIO_indent(BIO *b, int indent, int max); long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); @@ -667,6 +765,9 @@ int BIO_nwrite0(BIO *bio, char **buf); int BIO_nwrite(BIO *bio, char **buf, int num); const BIO_METHOD *BIO_s_mem(void); +# ifndef OPENSSL_NO_DGRAM +const BIO_METHOD *BIO_s_dgram_mem(void); +# endif const BIO_METHOD *BIO_s_secmem(void); BIO *BIO_new_mem_buf(const void *buf, int len); # ifndef OPENSSL_NO_SOCK @@ -686,6 +787,7 @@ const BIO_METHOD *BIO_f_nbio_test(void); const BIO_METHOD *BIO_f_prefix(void); const BIO_METHOD *BIO_s_core(void); # ifndef OPENSSL_NO_DGRAM +const BIO_METHOD *BIO_s_dgram_pair(void); const BIO_METHOD *BIO_s_datagram(void); int BIO_dgram_non_fatal_error(int error); BIO *BIO_new_dgram(int fd, int close_flag); @@ -704,6 +806,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b); # ifndef OPENSSL_NO_SOCK int BIO_sock_should_retry(int i); int BIO_sock_non_fatal_error(int error); +int BIO_err_is_non_fatal(unsigned int errcode); int BIO_socket_wait(int fd, int for_read, time_t max_time); # endif int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds); @@ -726,6 +829,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data, # ifndef OPENSSL_NO_SOCK BIO_ADDR *BIO_ADDR_new(void); +int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src); +BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap); int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, const void *where, size_t wherelen, unsigned short port); void BIO_ADDR_free(BIO_ADDR *); @@ -788,6 +893,7 @@ int BIO_sock_info(int sock, # define BIO_SOCK_KEEPALIVE 0x04 # define BIO_SOCK_NONBLOCK 0x08 # define BIO_SOCK_NODELAY 0x10 +# define BIO_SOCK_TFO 0x20 int BIO_socket(int domain, int socktype, int protocol, int options); int BIO_connect(int sock, const BIO_ADDR *addr, int options); @@ -805,6 +911,11 @@ BIO *BIO_new_fd(int fd, int close_flag); int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); +# ifndef OPENSSL_NO_DGRAM +int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1, + BIO **bio2, size_t writebuf2); +# endif + /* * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default @@ -856,18 +967,30 @@ int BIO_meth_set_write(BIO_METHOD *biom, int (*write) (BIO *, const char *, int)); int BIO_meth_set_write_ex(BIO_METHOD *biom, int (*bwrite) (BIO *, const char *, size_t, size_t *)); +int BIO_meth_set_sendmmsg(BIO_METHOD *biom, + int (*f) (BIO *, BIO_MSG *, size_t, size_t, + uint64_t, size_t *)); +int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *, + size_t, size_t, + uint64_t, size_t *); int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *); int BIO_meth_set_read(BIO_METHOD *biom, int (*read) (BIO *, char *, int)); int BIO_meth_set_read_ex(BIO_METHOD *biom, int (*bread) (BIO *, char *, size_t, size_t *)); +int BIO_meth_set_recvmmsg(BIO_METHOD *biom, + int (*f) (BIO *, BIO_MSG *, size_t, size_t, + uint64_t, size_t *)); +int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *, + size_t, size_t, + uint64_t, size_t *); int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts) (BIO *, const char *)); int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); int BIO_meth_set_gets(BIO_METHOD *biom, - int (*gets) (BIO *, char *, int)); + int (*ossl_gets) (BIO *, char *, int)); long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *)); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/bio.h.in b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/bio.h.in index c521e41e..418d1197 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/bio.h.in +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/bio.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -68,6 +68,8 @@ extern "C" { # define BIO_TYPE_DGRAM_SCTP (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) # endif # define BIO_TYPE_CORE_TO_PROV (25|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_DGRAM_PAIR (26|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_DGRAM_MEM (27|BIO_TYPE_SOURCE_SINK) #define BIO_TYPE_START 128 @@ -172,6 +174,30 @@ extern "C" { # define BIO_CTRL_SET_INDENT 80 # define BIO_CTRL_GET_INDENT 81 +# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP 82 +# define BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE 83 +# define BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE 84 +# define BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS 85 +# define BIO_CTRL_DGRAM_GET_CAPS 86 +# define BIO_CTRL_DGRAM_SET_CAPS 87 +# define BIO_CTRL_DGRAM_GET_NO_TRUNC 88 +# define BIO_CTRL_DGRAM_SET_NO_TRUNC 89 + +/* + * internal BIO: + * # define BIO_CTRL_SET_KTLS_TX_ZEROCOPY_SENDFILE 90 + */ + +# define BIO_CTRL_GET_RPOLL_DESCRIPTOR 91 +# define BIO_CTRL_GET_WPOLL_DESCRIPTOR 92 +# define BIO_CTRL_DGRAM_DETECT_PEER_ADDR 93 + +# define BIO_DGRAM_CAP_NONE 0U +# define BIO_DGRAM_CAP_HANDLES_SRC_ADDR (1U << 0) +# define BIO_DGRAM_CAP_HANDLES_DST_ADDR (1U << 1) +# define BIO_DGRAM_CAP_PROVIDES_SRC_ADDR (1U << 2) +# define BIO_DGRAM_CAP_PROVIDES_DST_ADDR (1U << 3) + # ifndef OPENSSL_NO_KTLS # define BIO_get_ktls_send(b) \ (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0) @@ -209,7 +235,7 @@ extern "C" { # define BIO_FLAGS_NONCLEAR_RST 0x400 # define BIO_FLAGS_IN_EOF 0x800 -/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */ +/* the BIO FLAGS values 0x1000 to 0x8000 are reserved for internal KTLS flags */ typedef union bio_addr_st BIO_ADDR; typedef struct bio_addrinfo_st BIO_ADDRINFO; @@ -257,12 +283,14 @@ void BIO_clear_flags(BIO *b, int flags); # define BIO_RR_ACCEPT 0x03 /* These are passed by the BIO callback */ -# define BIO_CB_FREE 0x01 -# define BIO_CB_READ 0x02 -# define BIO_CB_WRITE 0x03 -# define BIO_CB_PUTS 0x04 -# define BIO_CB_GETS 0x05 -# define BIO_CB_CTRL 0x06 +# define BIO_CB_FREE 0x01 +# define BIO_CB_READ 0x02 +# define BIO_CB_WRITE 0x03 +# define BIO_CB_PUTS 0x04 +# define BIO_CB_GETS 0x05 +# define BIO_CB_CTRL 0x06 +# define BIO_CB_RECVMMSG 0x07 +# define BIO_CB_SENDMMSG 0x08 /* * The callback is called before and after the underling operation, The @@ -339,6 +367,34 @@ struct bio_dgram_sctp_prinfo { }; # endif +/* BIO_sendmmsg/BIO_recvmmsg-related definitions */ +typedef struct bio_msg_st { + void *data; + size_t data_len; + BIO_ADDR *peer, *local; + uint64_t flags; +} BIO_MSG; + +typedef struct bio_mmsg_cb_args_st { + BIO_MSG *msg; + size_t stride, num_msg; + uint64_t flags; + size_t *msgs_processed; +} BIO_MMSG_CB_ARGS; + +#define BIO_POLL_DESCRIPTOR_TYPE_NONE 0 +#define BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD 1 +#define BIO_POLL_DESCRIPTOR_CUSTOM_START 8192 + +typedef struct bio_poll_descriptor_st { + uint32_t type; + union { + int fd; + void *custom; + uintptr_t custom_ui; + } value; +} BIO_POLL_DESCRIPTOR; + /* * #define BIO_CONN_get_param_hostname BIO_ctrl */ @@ -405,10 +461,17 @@ struct bio_dgram_sctp_prinfo { # define BIO_C_SET_CONNECT_MODE 155 +# define BIO_C_SET_TFO 156 /* like BIO_C_SET_NBIO */ + +# define BIO_C_SET_SOCK_TYPE 157 +# define BIO_C_GET_SOCK_TYPE 158 +# define BIO_C_GET_DGRAM_BIO 159 + # define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) # define BIO_get_app_data(s) BIO_get_ex_data(s,0) -# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) +# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) +# define BIO_set_tfo(b,n) BIO_ctrl(b,BIO_C_SET_TFO,(n),NULL) # ifndef OPENSSL_NO_SOCK /* IP families we support, for BIO_s_connect() and BIO_s_accept() */ @@ -429,7 +492,11 @@ struct bio_dgram_sctp_prinfo { # define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)) # define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)) # define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) +# define BIO_get_conn_mode(b) BIO_ctrl(b,BIO_C_GET_CONNECT,4,NULL) # define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL) +# define BIO_set_sock_type(b,t) BIO_ctrl(b,BIO_C_SET_SOCK_TYPE,(t),NULL) +# define BIO_get_sock_type(b) BIO_ctrl(b,BIO_C_GET_SOCK_TYPE,0,NULL) +# define BIO_get0_dgram_bio(b, p) BIO_ctrl(b,BIO_C_GET_DGRAM_BIO,0,(void *)(BIO **)(p)) /* BIO_s_accept() */ # define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \ @@ -446,6 +513,7 @@ struct bio_dgram_sctp_prinfo { (char *)(bio)) # define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f) # define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL) +# define BIO_set_tfo_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,5,(n)?(void *)"a":NULL) /* Aliases kept for backward compatibility */ # define BIO_BIND_NORMAL 0 @@ -573,8 +641,30 @@ int BIO_ctrl_reset_read_request(BIO *b); (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer)) # define BIO_dgram_set_peer(b,peer) \ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer)) +# define BIO_dgram_detect_peer_addr(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_DETECT_PEER_ADDR, 0, (char *)(peer)) # define BIO_dgram_get_mtu_overhead(b) \ (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) +# define BIO_dgram_get_local_addr_cap(b) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_CAP, 0, NULL) +# define BIO_dgram_get_local_addr_enable(b, penable) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_LOCAL_ADDR_ENABLE, 0, (char *)(penable)) +# define BIO_dgram_set_local_addr_enable(b, enable) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_LOCAL_ADDR_ENABLE, (enable), NULL) +# define BIO_dgram_get_effective_caps(b) \ + (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_EFFECTIVE_CAPS, 0, NULL) +# define BIO_dgram_get_caps(b) \ + (uint32_t)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_CAPS, 0, NULL) +# define BIO_dgram_set_caps(b, caps) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_CAPS, (long)(caps), NULL) +# define BIO_dgram_get_no_trunc(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_NO_TRUNC, 0, NULL) +# define BIO_dgram_set_no_trunc(b, enable) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_NO_TRUNC, (enable), NULL) +# define BIO_dgram_get_mtu(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU, 0, NULL) +# define BIO_dgram_set_mtu(b, mtu) \ + (int)BIO_ctrl((b), BIO_CTRL_DGRAM_SET_MTU, (mtu), NULL) /* ctrl macros for BIO_f_prefix */ # define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p)) @@ -617,10 +707,18 @@ void BIO_vfree(BIO *a); int BIO_up_ref(BIO *a); int BIO_read(BIO *b, void *data, int dlen); int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes); +__owur int BIO_recvmmsg(BIO *b, BIO_MSG *msg, + size_t stride, size_t num_msg, uint64_t flags, + size_t *msgs_processed); int BIO_gets(BIO *bp, char *buf, int size); int BIO_get_line(BIO *bio, char *buf, int size); int BIO_write(BIO *b, const void *data, int dlen); int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written); +__owur int BIO_sendmmsg(BIO *b, BIO_MSG *msg, + size_t stride, size_t num_msg, uint64_t flags, + size_t *msgs_processed); +__owur int BIO_get_rpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc); +__owur int BIO_get_wpoll_descriptor(BIO *b, BIO_POLL_DESCRIPTOR *desc); int BIO_puts(BIO *bp, const char *buf); int BIO_indent(BIO *b, int indent, int max); long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); @@ -644,6 +742,9 @@ int BIO_nwrite0(BIO *bio, char **buf); int BIO_nwrite(BIO *bio, char **buf, int num); const BIO_METHOD *BIO_s_mem(void); +# ifndef OPENSSL_NO_DGRAM +const BIO_METHOD *BIO_s_dgram_mem(void); +# endif const BIO_METHOD *BIO_s_secmem(void); BIO *BIO_new_mem_buf(const void *buf, int len); # ifndef OPENSSL_NO_SOCK @@ -663,6 +764,7 @@ const BIO_METHOD *BIO_f_nbio_test(void); const BIO_METHOD *BIO_f_prefix(void); const BIO_METHOD *BIO_s_core(void); # ifndef OPENSSL_NO_DGRAM +const BIO_METHOD *BIO_s_dgram_pair(void); const BIO_METHOD *BIO_s_datagram(void); int BIO_dgram_non_fatal_error(int error); BIO *BIO_new_dgram(int fd, int close_flag); @@ -681,6 +783,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b); # ifndef OPENSSL_NO_SOCK int BIO_sock_should_retry(int i); int BIO_sock_non_fatal_error(int error); +int BIO_err_is_non_fatal(unsigned int errcode); int BIO_socket_wait(int fd, int for_read, time_t max_time); # endif int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds); @@ -703,6 +806,8 @@ int BIO_hex_string(BIO *out, int indent, int width, const void *data, # ifndef OPENSSL_NO_SOCK BIO_ADDR *BIO_ADDR_new(void); +int BIO_ADDR_copy(BIO_ADDR *dst, const BIO_ADDR *src); +BIO_ADDR *BIO_ADDR_dup(const BIO_ADDR *ap); int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, const void *where, size_t wherelen, unsigned short port); void BIO_ADDR_free(BIO_ADDR *); @@ -765,6 +870,7 @@ int BIO_sock_info(int sock, # define BIO_SOCK_KEEPALIVE 0x04 # define BIO_SOCK_NONBLOCK 0x08 # define BIO_SOCK_NODELAY 0x10 +# define BIO_SOCK_TFO 0x20 int BIO_socket(int domain, int socktype, int protocol, int options); int BIO_connect(int sock, const BIO_ADDR *addr, int options); @@ -782,6 +888,11 @@ BIO *BIO_new_fd(int fd, int close_flag); int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); +# ifndef OPENSSL_NO_DGRAM +int BIO_new_bio_dgram_pair(BIO **bio1, size_t writebuf1, + BIO **bio2, size_t writebuf2); +# endif + /* * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default @@ -833,18 +944,30 @@ int BIO_meth_set_write(BIO_METHOD *biom, int (*write) (BIO *, const char *, int)); int BIO_meth_set_write_ex(BIO_METHOD *biom, int (*bwrite) (BIO *, const char *, size_t, size_t *)); +int BIO_meth_set_sendmmsg(BIO_METHOD *biom, + int (*f) (BIO *, BIO_MSG *, size_t, size_t, + uint64_t, size_t *)); +int (*BIO_meth_get_sendmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *, + size_t, size_t, + uint64_t, size_t *); int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *); int BIO_meth_set_read(BIO_METHOD *biom, int (*read) (BIO *, char *, int)); int BIO_meth_set_read_ex(BIO_METHOD *biom, int (*bread) (BIO *, char *, size_t, size_t *)); +int BIO_meth_set_recvmmsg(BIO_METHOD *biom, + int (*f) (BIO *, BIO_MSG *, size_t, size_t, + uint64_t, size_t *)); +int (*BIO_meth_get_recvmmsg(const BIO_METHOD *biom))(BIO *, BIO_MSG *, + size_t, size_t, + uint64_t, size_t *); int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts) (BIO *, const char *)); int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); int BIO_meth_set_gets(BIO_METHOD *biom, - int (*gets) (BIO *, char *, int)); + int (*ossl_gets) (BIO *, char *, int)); long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *)); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/bioerr.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/bioerr.h index 787b30af..e4fdb649 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/bioerr.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/bioerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,14 +37,18 @@ # define BIO_R_IN_USE 123 # define BIO_R_LENGTH_TOO_LONG 102 # define BIO_R_LISTEN_V6_ONLY 136 +# define BIO_R_LOCAL_ADDR_NOT_AVAILABLE 111 # define BIO_R_LOOKUP_RETURNED_NOTHING 142 # define BIO_R_MALFORMED_HOST_OR_SERVICE 130 # define BIO_R_NBIO_CONNECT_ERROR 110 +# define BIO_R_NON_FATAL 112 # define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED 143 # define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED 144 # define BIO_R_NO_PORT_DEFINED 113 # define BIO_R_NO_SUCH_FILE 128 # define BIO_R_NULL_PARAMETER 115 /* unused */ +# define BIO_R_TFO_DISABLED 106 +# define BIO_R_TFO_NO_KERNEL_SUPPORT 108 # define BIO_R_TRANSFER_ERROR 104 # define BIO_R_TRANSFER_TIMEOUT 105 # define BIO_R_UNABLE_TO_BIND_SOCKET 117 @@ -53,6 +57,7 @@ # define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 # define BIO_R_UNABLE_TO_NODELAY 138 # define BIO_R_UNABLE_TO_REUSEADDR 139 +# define BIO_R_UNABLE_TO_TFO 109 # define BIO_R_UNAVAILABLE_IP_FAMILY 145 # define BIO_R_UNINITIALIZED 120 # define BIO_R_UNKNOWN_INFO_TYPE 140 @@ -61,5 +66,7 @@ # define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY 131 # define BIO_R_WRITE_TO_READ_ONLY_BIO 126 # define BIO_R_WSASTARTUP 122 +# define BIO_R_PORT_MISMATCH 150 +# define BIO_R_PEER_ADDR_NOT_AVAILABLE 151 #endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/bn.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/bn.h index 27b127a5..ea706dca 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/bn.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/bn.h @@ -241,12 +241,18 @@ void BN_clear_free(BIGNUM *a); BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); void BN_swap(BIGNUM *a, BIGNUM *b); BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +BIGNUM *BN_signed_bin2bn(const unsigned char *s, int len, BIGNUM *ret); int BN_bn2bin(const BIGNUM *a, unsigned char *to); int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); +int BN_signed_bn2bin(const BIGNUM *a, unsigned char *to, int tolen); BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +BIGNUM *BN_signed_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); +int BN_signed_bn2lebin(const BIGNUM *a, unsigned char *to, int tolen); BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret); +BIGNUM *BN_signed_native2bn(const unsigned char *s, int len, BIGNUM *ret); int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen); +int BN_signed_bn2native(const BIGNUM *a, unsigned char *to, int tolen); BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); int BN_bn2mpi(const BIGNUM *a, unsigned char *to); int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cmp.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cmp.h index 49825570..60beffd5 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cmp.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cmp.h @@ -35,7 +35,9 @@ extern "C" { # endif -# define OSSL_CMP_PVNO 2 +# define OSSL_CMP_PVNO_2 2 +# define OSSL_CMP_PVNO_3 3 +# define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */ /*- * PKIFailureInfo ::= BIT STRING { @@ -137,7 +139,6 @@ extern "C" { # if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX # error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int # endif - typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; # define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0) @@ -203,8 +204,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; # define OSSL_CMP_PKISTATUS_revocationWarning 4 # define OSSL_CMP_PKISTATUS_revocationNotification 5 # define OSSL_CMP_PKISTATUS_keyUpdateWarning 6 - typedef ASN1_INTEGER OSSL_CMP_PKISTATUS; + DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS) # define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0 @@ -378,18 +379,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, OSSL_CMP_ITAV *itav); void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); + +OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts); +int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out); + +OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert); +int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out); +OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew, + const X509 *newWithOld, + const X509 *oldWithNew); +int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav, + X509 **newWithNew, + X509 **newWithOld, + X509 **oldWithNew); + void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); /* from cmp_ctx.c */ OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq); void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx); +OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx); +const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx); /* CMP general options: */ # define OSSL_CMP_OPT_LOG_VERBOSITY 0 /* CMP transfer options: */ -# define OSSL_CMP_OPT_KEEP_ALIVE 10 -# define OSSL_CMP_OPT_MSG_TIMEOUT 11 +# define OSSL_CMP_OPT_KEEP_ALIVE 10 +# define OSSL_CMP_OPT_MSG_TIMEOUT 11 # define OSSL_CMP_OPT_TOTAL_TIMEOUT 12 +# define OSSL_CMP_OPT_USE_TLS 13 /* CMP request options: */ # define OSSL_CMP_OPT_VALIDITY_DAYS 20 # define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21 @@ -420,9 +438,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address); int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port); int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name); int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names); +# ifndef OPENSSL_NO_HTTP int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb); int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg); void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx); +# endif typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req); int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb); @@ -432,7 +452,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert); int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name); int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store); +# define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx); +# define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs); STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx); /* client authentication: */ @@ -454,6 +476,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey); EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv); int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name); +int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn); int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name); int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, const GENERAL_NAME *name); @@ -477,6 +500,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx); OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx); # define OSSL_CMP_PKISI_BUFLEN 1024 +X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx); X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx); STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx); STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx); @@ -517,8 +541,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, X509_STORE *trusted_store, X509 *cert); /* from cmp_http.c */ +# ifndef OPENSSL_NO_HTTP OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req); +# endif /* from cmp_server.c */ typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX; @@ -590,6 +616,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx); STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx); +/* from cmp_genm.c */ +int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out); +int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx, + const X509 *oldWithOld, X509 **newWithNew, + X509 **newWithOld, X509 **oldWithNew); + # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cmp.h.in b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cmp.h.in index fb5ae671..5bd8beb5 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cmp.h.in +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cmp.h.in @@ -36,7 +36,9 @@ use OpenSSL::stackhash qw(generate_stack_macros); extern "C" { # endif -# define OSSL_CMP_PVNO 2 +# define OSSL_CMP_PVNO_2 2 +# define OSSL_CMP_PVNO_3 3 +# define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */ /*- * PKIFailureInfo ::= BIT STRING { @@ -138,7 +140,6 @@ extern "C" { # if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX # error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int # endif - typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; # define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0) @@ -204,8 +205,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; # define OSSL_CMP_PKISTATUS_revocationWarning 4 # define OSSL_CMP_PKISTATUS_revocationNotification 5 # define OSSL_CMP_PKISTATUS_keyUpdateWarning 6 - typedef ASN1_INTEGER OSSL_CMP_PKISTATUS; + DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS) # define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0 @@ -259,18 +260,35 @@ ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, OSSL_CMP_ITAV *itav); void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); + +OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts); +int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out); + +OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert); +int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out); +OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew, + const X509 *newWithOld, + const X509 *oldWithNew); +int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav, + X509 **newWithNew, + X509 **newWithOld, + X509 **oldWithNew); + void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); /* from cmp_ctx.c */ OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq); void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx); +OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx); +const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx); /* CMP general options: */ # define OSSL_CMP_OPT_LOG_VERBOSITY 0 /* CMP transfer options: */ -# define OSSL_CMP_OPT_KEEP_ALIVE 10 -# define OSSL_CMP_OPT_MSG_TIMEOUT 11 +# define OSSL_CMP_OPT_KEEP_ALIVE 10 +# define OSSL_CMP_OPT_MSG_TIMEOUT 11 # define OSSL_CMP_OPT_TOTAL_TIMEOUT 12 +# define OSSL_CMP_OPT_USE_TLS 13 /* CMP request options: */ # define OSSL_CMP_OPT_VALIDITY_DAYS 20 # define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21 @@ -301,9 +319,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address); int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port); int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name); int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names); +# ifndef OPENSSL_NO_HTTP int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb); int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg); void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx); +# endif typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req); int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb); @@ -313,7 +333,9 @@ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert); int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name); int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store); +# define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx); +# define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs); STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx); /* client authentication: */ @@ -335,6 +357,7 @@ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey); EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv); int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name); +int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn); int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name); int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, const GENERAL_NAME *name); @@ -358,6 +381,7 @@ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx); OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx); # define OSSL_CMP_PKISI_BUFLEN 1024 +X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx); X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx); STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx); STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx); @@ -398,8 +422,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, X509_STORE *trusted_store, X509 *cert); /* from cmp_http.c */ +# ifndef OPENSSL_NO_HTTP OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req); +# endif /* from cmp_server.c */ typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX; @@ -471,6 +497,12 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx); STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx); +/* from cmp_genm.c */ +int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out); +int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx, + const X509 *oldWithOld, X509 **newWithNew, + X509 **newWithOld, X509 **oldWithNew); + # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cmperr.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cmperr.h index 49fd5e39..57a6effb 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cmperr.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cmperr.h @@ -59,8 +59,11 @@ # define CMP_R_FAILED_EXTRACTING_PUBKEY 141 # define CMP_R_FAILURE_OBTAINING_RANDOM 110 # define CMP_R_FAIL_INFO_OUT_OF_RANGE 129 +# define CMP_R_GETTING_GENP 192 # define CMP_R_INVALID_ARGS 100 +# define CMP_R_INVALID_GENP 193 # define CMP_R_INVALID_OPTION 174 +# define CMP_R_INVALID_ROOTCAKEYUPDATE 195 # define CMP_R_MISSING_CERTID 165 # define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION 130 # define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE 142 @@ -94,6 +97,7 @@ # define CMP_R_TOTAL_TIMEOUT 184 # define CMP_R_TRANSACTIONID_UNMATCHED 152 # define CMP_R_TRANSFER_ERROR 159 +# define CMP_R_UNCLEAN_CTX 191 # define CMP_R_UNEXPECTED_PKIBODY 133 # define CMP_R_UNEXPECTED_PKISTATUS 185 # define CMP_R_UNEXPECTED_PVNO 153 diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cms.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cms.h index 3b453e6a..fe86a5c7 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cms.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cms.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/cms.h.in * - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -31,8 +31,10 @@ extern "C" { # endif +typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; typedef struct CMS_ContentInfo_st CMS_ContentInfo; typedef struct CMS_SignerInfo_st CMS_SignerInfo; +typedef struct CMS_SignedData_st CMS_SignedData; typedef struct CMS_CertificateChoices CMS_CertificateChoices; typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; @@ -147,6 +149,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(CMS_RevocationInfoChoice, CMS_RevocationInfoChoice, #define sk_CMS_RevocationInfoChoice_set_cmp_func(sk, cmp) ((sk_CMS_RevocationInfoChoice_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CMS_RevocationInfoChoice_sk_type(sk), ossl_check_CMS_RevocationInfoChoice_compfunc_type(cmp))) +DECLARE_ASN1_ITEM(CMS_EnvelopedData) +DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData) DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) @@ -217,13 +221,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); +int CMS_final_digest(CMS_ContentInfo *cms, + const unsigned char *md, unsigned int mdlen, BIO *dcont, + unsigned int flags); CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, unsigned int flags); CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, - unsigned int flags, OSSL_LIB_CTX *ctx, + unsigned int flags, OSSL_LIB_CTX *libctx, const char *propq); CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, @@ -233,27 +240,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags, - OSSL_LIB_CTX *ctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags); CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, unsigned int flags); CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md, - unsigned int flags, OSSL_LIB_CTX *ctx, + unsigned int flags, OSSL_LIB_CTX *libctx, const char *propq); int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key, size_t keylen, BIO *dcont, BIO *out, unsigned int flags); - CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen, unsigned int flags); CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen, unsigned int flags, - OSSL_LIB_CTX *ctx, + OSSL_LIB_CTX *libctx, const char *propq); int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, @@ -272,7 +278,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, unsigned int flags); CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, unsigned int flags, - OSSL_LIB_CTX *ctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, BIO *dcont, BIO *out, unsigned int flags); @@ -291,12 +297,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri); CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher); CMS_ContentInfo * -CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx, +CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx, const char *propq); CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher, - OSSL_LIB_CTX *ctx, + OSSL_LIB_CTX *libctx, const char *propq); +BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data, + EVP_PKEY *pkey, X509 *cert, + ASN1_OCTET_STRING *secret, unsigned int flags, + OSSL_LIB_CTX *libctx, const char *propq); CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, unsigned int flags); @@ -385,6 +395,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); int CMS_SignerInfo_sign(CMS_SignerInfo *si); int CMS_SignerInfo_verify(CMS_SignerInfo *si); int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); +BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data, + STACK_OF(X509) *scerts, X509_STORE *store, + STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls, + unsigned int flags, + OSSL_LIB_CTX *libctx, const char *propq); int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, @@ -441,7 +456,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex( unsigned char *id, int idlen, int allorfirst, STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo, - OSSL_LIB_CTX *ctx); + OSSL_LIB_CTX *libctx); int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cms.h.in b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cms.h.in index da20ddf2..23966770 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cms.h.in +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cms.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,8 +32,10 @@ use OpenSSL::stackhash qw(generate_stack_macros); extern "C" { # endif +typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; typedef struct CMS_ContentInfo_st CMS_ContentInfo; typedef struct CMS_SignerInfo_st CMS_SignerInfo; +typedef struct CMS_SignedData_st CMS_SignedData; typedef struct CMS_CertificateChoices CMS_CertificateChoices; typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; @@ -49,6 +51,8 @@ typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; .generate_stack_macros("CMS_RevocationInfoChoice"); -} +DECLARE_ASN1_ITEM(CMS_EnvelopedData) +DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData) DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) @@ -119,13 +123,16 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); +int CMS_final_digest(CMS_ContentInfo *cms, + const unsigned char *md, unsigned int mdlen, BIO *dcont, + unsigned int flags); CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, unsigned int flags); CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, - unsigned int flags, OSSL_LIB_CTX *ctx, + unsigned int flags, OSSL_LIB_CTX *libctx, const char *propq); CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, @@ -135,27 +142,26 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags, - OSSL_LIB_CTX *ctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags); CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, unsigned int flags); CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md, - unsigned int flags, OSSL_LIB_CTX *ctx, + unsigned int flags, OSSL_LIB_CTX *libctx, const char *propq); int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key, size_t keylen, BIO *dcont, BIO *out, unsigned int flags); - CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen, unsigned int flags); CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen, unsigned int flags, - OSSL_LIB_CTX *ctx, + OSSL_LIB_CTX *libctx, const char *propq); int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, @@ -174,7 +180,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, unsigned int flags); CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, unsigned int flags, - OSSL_LIB_CTX *ctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, BIO *dcont, BIO *out, unsigned int flags); @@ -193,12 +199,16 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri); CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher); CMS_ContentInfo * -CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx, +CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx, const char *propq); CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher, - OSSL_LIB_CTX *ctx, + OSSL_LIB_CTX *libctx, const char *propq); +BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data, + EVP_PKEY *pkey, X509 *cert, + ASN1_OCTET_STRING *secret, unsigned int flags, + OSSL_LIB_CTX *libctx, const char *propq); CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, unsigned int flags); @@ -287,6 +297,11 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); int CMS_SignerInfo_sign(CMS_SignerInfo *si); int CMS_SignerInfo_verify(CMS_SignerInfo *si); int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); +BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data, + STACK_OF(X509) *scerts, X509_STORE *store, + STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls, + unsigned int flags, + OSSL_LIB_CTX *libctx, const char *propq); int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, @@ -343,7 +358,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex( unsigned char *id, int idlen, int allorfirst, STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo, - OSSL_LIB_CTX *ctx); + OSSL_LIB_CTX *libctx); int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cmserr.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cmserr.h index f2d7708f..887035b1 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cmserr.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/cmserr.h @@ -86,6 +86,7 @@ # define CMS_R_NO_PUBLIC_KEY 134 # define CMS_R_NO_RECEIPT_REQUEST 168 # define CMS_R_NO_SIGNERS 135 +# define CMS_R_OPERATION_UNSUPPORTED 182 # define CMS_R_PEER_KEY_ERROR 188 # define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 # define CMS_R_RECEIPT_DECODE_ERROR 169 diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/comp.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/comp.h index 06ff5810..f81ba0f3 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/comp.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/comp.h @@ -40,15 +40,20 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, unsigned char *in, int ilen); COMP_METHOD *COMP_zlib(void); +COMP_METHOD *COMP_zlib_oneshot(void); +COMP_METHOD *COMP_brotli(void); +COMP_METHOD *COMP_brotli_oneshot(void); +COMP_METHOD *COMP_zstd(void); +COMP_METHOD *COMP_zstd_oneshot(void); #ifndef OPENSSL_NO_DEPRECATED_1_1_0 # define COMP_zlib_cleanup() while(0) continue #endif # ifdef OPENSSL_BIO_H -# ifdef ZLIB const BIO_METHOD *BIO_f_zlib(void); -# endif +const BIO_METHOD *BIO_f_brotli(void); +const BIO_METHOD *BIO_f_zstd(void); # endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/comperr.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/comperr.h index 01dd3e6b..1948d37f 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/comperr.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/comperr.h @@ -23,9 +23,16 @@ /* * COMP reason codes. */ +# define COMP_R_BROTLI_DECODE_ERROR 102 +# define COMP_R_BROTLI_ENCODE_ERROR 103 +# define COMP_R_BROTLI_NOT_SUPPORTED 104 # define COMP_R_ZLIB_DEFLATE_ERROR 99 # define COMP_R_ZLIB_INFLATE_ERROR 100 # define COMP_R_ZLIB_NOT_SUPPORTED 101 +# define COMP_R_ZSTD_COMPRESS_ERROR 105 +# define COMP_R_ZSTD_DECODE_ERROR 106 +# define COMP_R_ZSTD_DECOMPRESS_ERROR 107 +# define COMP_R_ZSTD_NOT_SUPPORTED 108 # endif #endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/conf.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/conf.h index e8fcf315..61bb0087 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/conf.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/conf.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/conf.h.in * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/conf.h.in b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/conf.h.in index 044b3eb5..56632870 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/conf.h.in +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/conf.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/configuration.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/configuration.h index 2ecc52f0..5bca9de4 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/configuration.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/configuration.h @@ -30,7 +30,7 @@ extern "C" { # ifndef OPENSSL_SYS_iOS # define OPENSSL_SYS_iOS 1 # endif -# define OPENSSL_CONFIGURED_API 30100 +# define OPENSSL_CONFIGURED_API 30200 # ifndef OPENSSL_RAND_SEED_OS # define OPENSSL_RAND_SEED_OS # endif @@ -49,12 +49,21 @@ extern "C" { # ifndef OPENSSL_NO_ASYNC # define OPENSSL_NO_ASYNC # endif +# ifndef OPENSSL_NO_BROTLI +# define OPENSSL_NO_BROTLI +# endif +# ifndef OPENSSL_NO_BROTLI_DYNAMIC +# define OPENSSL_NO_BROTLI_DYNAMIC +# endif # ifndef OPENSSL_NO_CRYPTO_MDEBUG # define OPENSSL_NO_CRYPTO_MDEBUG # endif # ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE # define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE # endif +# ifndef OPENSSL_NO_DEFAULT_THREAD_POOL +# define OPENSSL_NO_DEFAULT_THREAD_POOL +# endif # ifndef OPENSSL_NO_DEVCRYPTOENG # define OPENSSL_NO_DEVCRYPTOENG # endif @@ -103,6 +112,12 @@ extern "C" { # ifndef OPENSSL_NO_TESTS # define OPENSSL_NO_TESTS # endif +# ifndef OPENSSL_NO_TFO +# define OPENSSL_NO_TFO +# endif +# ifndef OPENSSL_NO_THREAD_POOL +# define OPENSSL_NO_THREAD_POOL +# endif # ifndef OPENSSL_NO_TRACE # define OPENSSL_NO_TRACE # endif @@ -118,6 +133,21 @@ extern "C" { # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS # define OPENSSL_NO_WEAK_SSL_CIPHERS # endif +# ifndef OPENSSL_NO_WINSTORE +# define OPENSSL_NO_WINSTORE +# endif +# ifndef OPENSSL_NO_ZLIB +# define OPENSSL_NO_ZLIB +# endif +# ifndef OPENSSL_NO_ZLIB_DYNAMIC +# define OPENSSL_NO_ZLIB_DYNAMIC +# endif +# ifndef OPENSSL_NO_ZSTD +# define OPENSSL_NO_ZSTD +# endif +# ifndef OPENSSL_NO_ZSTD_DYNAMIC +# define OPENSSL_NO_ZSTD_DYNAMIC +# endif # ifndef OPENSSL_NO_DYNAMIC_ENGINE # define OPENSSL_NO_DYNAMIC_ENGINE # endif @@ -139,6 +169,12 @@ extern "C" { # define RC4_INT unsigned char +# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB)) +# define OPENSSL_NO_COMP_ALG +# else +# undef OPENSSL_NO_COMP_ALG +# endif + # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/configuration.h.in b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/configuration.h.in index b84dc1df..86077d0a 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/configuration.h.in +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/configuration.h.in @@ -62,6 +62,12 @@ extern "C" { # define RC4_INT {- $config{rc4_int} -} +# if defined(OPENSSL_NO_COMP) || (defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) && defined(OPENSSL_NO_ZLIB)) +# define OPENSSL_NO_COMP_ALG +# else +# undef OPENSSL_NO_COMP_ALG +# endif + # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/core.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/core.h index 9683ac70..18c19918 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/core.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/core.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,6 +42,9 @@ struct ossl_dispatch_st { void (*function)(void); }; +# define OSSL_DISPATCH_END \ + { 0, NULL } + /* * Other items, essentially an int<->pointer map element. * diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/core_dispatch.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/core_dispatch.h index 61d75a38..9b03f20c 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/core_dispatch.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/core_dispatch.h @@ -661,6 +661,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types, OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup, (const void *keydata_from, int selection)) +/* Extended import and export functions */ +# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX 45 +# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX 46 +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_import_types_ex, + (void *provctx, int selection)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types_ex, + (void *provctx, int selection)) + /* Key Exchange */ # define OSSL_FUNC_KEYEXCH_NEWCTX 1 @@ -832,16 +840,24 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, asym_cipher_settable_ctx_params, # define OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS 9 # define OSSL_FUNC_KEM_SET_CTX_PARAMS 10 # define OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS 11 +# define OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT 12 +# define OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT 13 OSSL_CORE_MAKE_FUNC(void *, kem_newctx, (void *provctx)) OSSL_CORE_MAKE_FUNC(int, kem_encapsulate_init, (void *ctx, void *provkey, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, kem_auth_encapsulate_init, (void *ctx, void *provkey, + void *authprivkey, + const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, kem_encapsulate, (void *ctx, unsigned char *out, size_t *outlen, unsigned char *secret, size_t *secretlen)) OSSL_CORE_MAKE_FUNC(int, kem_decapsulate_init, (void *ctx, void *provkey, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, kem_auth_decapsulate_init, (void *ctx, void *provkey, + void *authpubkey, + const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, kem_decapsulate, (void *ctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen)) @@ -937,6 +953,8 @@ OSSL_CORE_MAKE_FUNC(int, decoder_export_object, #define OSSL_FUNC_STORE_EOF 6 #define OSSL_FUNC_STORE_CLOSE 7 #define OSSL_FUNC_STORE_EXPORT_OBJECT 8 +#define OSSL_FUNC_STORE_DELETE 9 +#define OSSL_FUNC_STORE_OPEN_EX 10 OSSL_CORE_MAKE_FUNC(void *, store_open, (void *provctx, const char *uri)) OSSL_CORE_MAKE_FUNC(void *, store_attach, (void *provctx, OSSL_CORE_BIO *in)) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, store_settable_ctx_params, @@ -952,6 +970,12 @@ OSSL_CORE_MAKE_FUNC(int, store_close, (void *loaderctx)) OSSL_CORE_MAKE_FUNC(int, store_export_object, (void *loaderctx, const void *objref, size_t objref_sz, OSSL_CALLBACK *export_cb, void *export_cbarg)) +OSSL_CORE_MAKE_FUNC(int, store_delete, + (void *provctx, const char *uri, const OSSL_PARAM params[], + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)) +OSSL_CORE_MAKE_FUNC(void *, store_open_ex, + (void *provctx, const char *uri, const OSSL_PARAM params[], + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)) # ifdef __cplusplus } diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/core_names.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/core_names.h index 0a6ec1bb..ffffe90f 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/core_names.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/core_names.h @@ -1,4 +1,7 @@ /* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/core_names.h.in + * * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -7,6 +10,7 @@ * https://www.openssl.org/source/license.html */ + #ifndef OPENSSL_CORE_NAMES_H # define OPENSSL_CORE_NAMES_H # pragma once @@ -15,544 +19,454 @@ extern "C" { # endif -/* Well known parameter names that core passes to providers */ -#define OSSL_PROV_PARAM_CORE_VERSION "openssl-version" /* utf8_ptr */ -#define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name" /* utf8_ptr */ -#define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" /* utf8_ptr */ - -/* Well known parameter names that Providers can define */ -#define OSSL_PROV_PARAM_NAME "name" /* utf8_ptr */ -#define OSSL_PROV_PARAM_VERSION "version" /* utf8_ptr */ -#define OSSL_PROV_PARAM_BUILDINFO "buildinfo" /* utf8_ptr */ -#define OSSL_PROV_PARAM_STATUS "status" /* uint */ -#define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks" /* uint */ -#define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check" /* uint */ -#define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md" /* uint */ - -/* Self test callback parameters */ -#define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase" /* utf8_string */ -#define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type" /* utf8_string */ -#define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc" /* utf8_string */ - -/*- - * Provider-native object abstractions - * - * These are used when a provider wants to pass object data or an object - * reference back to libcrypto. This is only useful for provider functions - * that take a callback to which an OSSL_PARAM array with these parameters - * can be passed. - * - * This set of parameter names is explained in detail in provider-object(7) - * (doc/man7/provider-object.pod) - */ -#define OSSL_OBJECT_PARAM_TYPE "type" /* INTEGER */ -#define OSSL_OBJECT_PARAM_DATA_TYPE "data-type" /* UTF8_STRING */ -#define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure" /* UTF8_STRING */ -#define OSSL_OBJECT_PARAM_REFERENCE "reference" /* OCTET_STRING */ -#define OSSL_OBJECT_PARAM_DATA "data" /* OCTET_STRING or UTF8_STRING */ -#define OSSL_OBJECT_PARAM_DESC "desc" /* UTF8_STRING */ - -/* - * Algorithm parameters - * If "engine" or "properties" are specified, they should always be paired - * with the algorithm type. - * Note these are common names that are shared by many types (such as kdf, mac, - * and pkey) e.g: see OSSL_MAC_PARAM_DIGEST below. - */ -#define OSSL_ALG_PARAM_DIGEST "digest" /* utf8_string */ -#define OSSL_ALG_PARAM_CIPHER "cipher" /* utf8_string */ -#define OSSL_ALG_PARAM_ENGINE "engine" /* utf8_string */ -#define OSSL_ALG_PARAM_MAC "mac" /* utf8_string */ -#define OSSL_ALG_PARAM_PROPERTIES "properties"/* utf8_string */ - -/* cipher parameters */ -#define OSSL_CIPHER_PARAM_PADDING "padding" /* uint */ -#define OSSL_CIPHER_PARAM_USE_BITS "use-bits" /* uint */ -#define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version" /* uint */ -#define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac" /* octet_ptr */ -#define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size" /* size_t */ -#define OSSL_CIPHER_PARAM_MODE "mode" /* uint */ -#define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" /* size_t */ -#define OSSL_CIPHER_PARAM_AEAD "aead" /* int, 0 or 1 */ -#define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv" /* int, 0 or 1 */ -#define OSSL_CIPHER_PARAM_CTS "cts" /* int, 0 or 1 */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi" /* int, 0 or 1 */ -#define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey" /* int, 0 or 1 */ -#define OSSL_CIPHER_PARAM_KEYLEN "keylen" /* size_t */ -#define OSSL_CIPHER_PARAM_IVLEN "ivlen" /* size_t */ -#define OSSL_CIPHER_PARAM_IV "iv" /* octet_string OR octet_ptr */ -#define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv" /* octet_string OR octet_ptr */ -#define OSSL_CIPHER_PARAM_NUM "num" /* uint */ -#define OSSL_CIPHER_PARAM_ROUNDS "rounds" /* uint */ -#define OSSL_CIPHER_PARAM_AEAD_TAG "tag" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad" /* size_t */ -#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN -#define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen" /* size_t */ -#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey" /* octet_string */ -#define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey" /* octet_string */ -#define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits" /* size_t */ -#define OSSL_CIPHER_PARAM_SPEED "speed" /* uint */ -#define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode" /* utf8_string */ -/* For passing the AlgorithmIdentifier parameter in DER form */ -#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param" /* octet_string */ - -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT \ - "tls1multi_maxsndfrag" /* uint */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE \ - "tls1multi_maxbufsz" /* size_t */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE \ - "tls1multi_interleave" /* uint */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD \ - "tls1multi_aad" /* octet_string */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN \ - "tls1multi_aadpacklen" /* uint */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC \ - "tls1multi_enc" /* octet_string */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN \ - "tls1multi_encin" /* octet_string */ -#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN \ - "tls1multi_enclen" /* size_t */ - /* OSSL_CIPHER_PARAM_CTS_MODE Values */ -#define OSSL_CIPHER_CTS_MODE_CS1 "CS1" -#define OSSL_CIPHER_CTS_MODE_CS2 "CS2" -#define OSSL_CIPHER_CTS_MODE_CS3 "CS3" +# define OSSL_CIPHER_CTS_MODE_CS1 "CS1" +# define OSSL_CIPHER_CTS_MODE_CS2 "CS2" +# define OSSL_CIPHER_CTS_MODE_CS3 "CS3" -/* digest parameters */ -#define OSSL_DIGEST_PARAM_XOFLEN "xoflen" /* size_t */ -#define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms" /* octet string */ -#define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type" /* uint */ -#define OSSL_DIGEST_PARAM_MICALG "micalg" /* utf8 string */ -#define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize" /* size_t */ -#define OSSL_DIGEST_PARAM_SIZE "size" /* size_t */ -#define OSSL_DIGEST_PARAM_XOF "xof" /* int, 0 or 1 */ -#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent" /* int, 0 or 1 */ +/* Known CIPHER names (not a complete list) */ +# define OSSL_CIPHER_NAME_AES_128_GCM_SIV "AES-128-GCM-SIV" +# define OSSL_CIPHER_NAME_AES_192_GCM_SIV "AES-192-GCM-SIV" +# define OSSL_CIPHER_NAME_AES_256_GCM_SIV "AES-256-GCM-SIV" /* Known DIGEST names (not a complete list) */ -#define OSSL_DIGEST_NAME_MD5 "MD5" -#define OSSL_DIGEST_NAME_MD5_SHA1 "MD5-SHA1" -#define OSSL_DIGEST_NAME_SHA1 "SHA1" -#define OSSL_DIGEST_NAME_SHA2_224 "SHA2-224" -#define OSSL_DIGEST_NAME_SHA2_256 "SHA2-256" -#define OSSL_DIGEST_NAME_SHA2_384 "SHA2-384" -#define OSSL_DIGEST_NAME_SHA2_512 "SHA2-512" -#define OSSL_DIGEST_NAME_SHA2_512_224 "SHA2-512/224" -#define OSSL_DIGEST_NAME_SHA2_512_256 "SHA2-512/256" -#define OSSL_DIGEST_NAME_MD2 "MD2" -#define OSSL_DIGEST_NAME_MD4 "MD4" -#define OSSL_DIGEST_NAME_MDC2 "MDC2" -#define OSSL_DIGEST_NAME_RIPEMD160 "RIPEMD160" -#define OSSL_DIGEST_NAME_SHA3_224 "SHA3-224" -#define OSSL_DIGEST_NAME_SHA3_256 "SHA3-256" -#define OSSL_DIGEST_NAME_SHA3_384 "SHA3-384" -#define OSSL_DIGEST_NAME_SHA3_512 "SHA3-512" -#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128" -#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256" -#define OSSL_DIGEST_NAME_SM3 "SM3" - -/* MAC parameters */ -#define OSSL_MAC_PARAM_KEY "key" /* octet string */ -#define OSSL_MAC_PARAM_IV "iv" /* octet string */ -#define OSSL_MAC_PARAM_CUSTOM "custom" /* utf8 string */ -#define OSSL_MAC_PARAM_SALT "salt" /* octet string */ -#define OSSL_MAC_PARAM_XOF "xof" /* int, 0 or 1 */ -#define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit" /* int, 0 or 1 */ -#define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" /* int, 0 or 1 */ -#define OSSL_MAC_PARAM_C_ROUNDS "c-rounds" /* unsigned int */ -#define OSSL_MAC_PARAM_D_ROUNDS "d-rounds" /* unsigned int */ - -/* - * If "engine" or "properties" are specified, they should always be paired - * with "cipher" or "digest". - */ -#define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ -#define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */ -#define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* utf8 string */ -#define OSSL_MAC_PARAM_SIZE "size" /* size_t */ -#define OSSL_MAC_PARAM_BLOCK_SIZE "block-size" /* size_t */ -#define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size" /* size_t */ +# define OSSL_DIGEST_NAME_MD5 "MD5" +# define OSSL_DIGEST_NAME_MD5_SHA1 "MD5-SHA1" +# define OSSL_DIGEST_NAME_SHA1 "SHA1" +# define OSSL_DIGEST_NAME_SHA2_224 "SHA2-224" +# define OSSL_DIGEST_NAME_SHA2_256 "SHA2-256" +# define OSSL_DIGEST_NAME_SHA2_256_192 "SHA2-256/192" +# define OSSL_DIGEST_NAME_SHA2_384 "SHA2-384" +# define OSSL_DIGEST_NAME_SHA2_512 "SHA2-512" +# define OSSL_DIGEST_NAME_SHA2_512_224 "SHA2-512/224" +# define OSSL_DIGEST_NAME_SHA2_512_256 "SHA2-512/256" +# define OSSL_DIGEST_NAME_MD2 "MD2" +# define OSSL_DIGEST_NAME_MD4 "MD4" +# define OSSL_DIGEST_NAME_MDC2 "MDC2" +# define OSSL_DIGEST_NAME_RIPEMD160 "RIPEMD160" +# define OSSL_DIGEST_NAME_SHA3_224 "SHA3-224" +# define OSSL_DIGEST_NAME_SHA3_256 "SHA3-256" +# define OSSL_DIGEST_NAME_SHA3_384 "SHA3-384" +# define OSSL_DIGEST_NAME_SHA3_512 "SHA3-512" +# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128" +# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256" +# define OSSL_DIGEST_NAME_SM3 "SM3" /* Known MAC names */ -#define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC" -#define OSSL_MAC_NAME_BLAKE2SMAC "BLAKE2SMAC" -#define OSSL_MAC_NAME_CMAC "CMAC" -#define OSSL_MAC_NAME_GMAC "GMAC" -#define OSSL_MAC_NAME_HMAC "HMAC" -#define OSSL_MAC_NAME_KMAC128 "KMAC128" -#define OSSL_MAC_NAME_KMAC256 "KMAC256" -#define OSSL_MAC_NAME_POLY1305 "POLY1305" -#define OSSL_MAC_NAME_SIPHASH "SIPHASH" - -/* KDF / PRF parameters */ -#define OSSL_KDF_PARAM_SECRET "secret" /* octet string */ -#define OSSL_KDF_PARAM_KEY "key" /* octet string */ -#define OSSL_KDF_PARAM_SALT "salt" /* octet string */ -#define OSSL_KDF_PARAM_PASSWORD "pass" /* octet string */ -#define OSSL_KDF_PARAM_PREFIX "prefix" /* octet string */ -#define OSSL_KDF_PARAM_LABEL "label" /* octet string */ -#define OSSL_KDF_PARAM_DATA "data" /* octet string */ -#define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */ -#define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ -#define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC /* utf8 string */ -#define OSSL_KDF_PARAM_MAC_SIZE "maclen" /* size_t */ -#define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* utf8 string */ -#define OSSL_KDF_PARAM_ITER "iter" /* unsigned int */ -#define OSSL_KDF_PARAM_MODE "mode" /* utf8 string or int */ -#define OSSL_KDF_PARAM_PKCS5 "pkcs5" /* int */ -#define OSSL_KDF_PARAM_UKM "ukm" /* octet string */ -#define OSSL_KDF_PARAM_CEK_ALG "cekalg" /* utf8 string */ -#define OSSL_KDF_PARAM_SCRYPT_N "n" /* uint64_t */ -#define OSSL_KDF_PARAM_SCRYPT_R "r" /* uint32_t */ -#define OSSL_KDF_PARAM_SCRYPT_P "p" /* uint32_t */ -#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */ -#define OSSL_KDF_PARAM_INFO "info" /* octet string */ -#define OSSL_KDF_PARAM_SEED "seed" /* octet string */ -#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */ -#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */ -#define OSSL_KDF_PARAM_SSHKDF_TYPE "type" /* int */ -#define OSSL_KDF_PARAM_SIZE "size" /* size_t */ -#define OSSL_KDF_PARAM_CONSTANT "constant" /* octet string */ -#define OSSL_KDF_PARAM_PKCS12_ID "id" /* int */ -#define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" /* int */ -#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator" /* int */ -#define OSSL_KDF_PARAM_KBKDF_R "r" /* int */ -#define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info" -#define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info" -#define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info" -#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo" -#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo" -#define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits" +# define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC" +# define OSSL_MAC_NAME_BLAKE2SMAC "BLAKE2SMAC" +# define OSSL_MAC_NAME_CMAC "CMAC" +# define OSSL_MAC_NAME_GMAC "GMAC" +# define OSSL_MAC_NAME_HMAC "HMAC" +# define OSSL_MAC_NAME_KMAC128 "KMAC128" +# define OSSL_MAC_NAME_KMAC256 "KMAC256" +# define OSSL_MAC_NAME_POLY1305 "POLY1305" +# define OSSL_MAC_NAME_SIPHASH "SIPHASH" /* Known KDF names */ -#define OSSL_KDF_NAME_HKDF "HKDF" -#define OSSL_KDF_NAME_TLS1_3_KDF "TLS13-KDF" -#define OSSL_KDF_NAME_PBKDF1 "PBKDF1" -#define OSSL_KDF_NAME_PBKDF2 "PBKDF2" -#define OSSL_KDF_NAME_SCRYPT "SCRYPT" -#define OSSL_KDF_NAME_SSHKDF "SSHKDF" -#define OSSL_KDF_NAME_SSKDF "SSKDF" -#define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF" -#define OSSL_KDF_NAME_X942KDF_ASN1 "X942KDF-ASN1" -#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT" -#define OSSL_KDF_NAME_X963KDF "X963KDF" -#define OSSL_KDF_NAME_KBKDF "KBKDF" -#define OSSL_KDF_NAME_KRB5KDF "KRB5KDF" - -/* Known RAND names */ -#define OSSL_RAND_PARAM_STATE "state" -#define OSSL_RAND_PARAM_STRENGTH "strength" -#define OSSL_RAND_PARAM_MAX_REQUEST "max_request" -#define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy" -#define OSSL_RAND_PARAM_TEST_NONCE "test_nonce" -#define OSSL_RAND_PARAM_GENERATE "generate" - -/* RAND/DRBG names */ -#define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests" -#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval" -#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen" -#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen" -#define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen" -#define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen" -#define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen" -#define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen" -#define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter" -#define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time" -#define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES -#define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST -#define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER -#define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC -#define OSSL_DRBG_PARAM_USE_DF "use_derivation_function" - -/* DRBG call back parameters */ -#define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required" -#define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance" -#define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length" -#define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length" -#define OSSL_DRBG_PARAM_RANDOM_DATA "random_data" -#define OSSL_DRBG_PARAM_SIZE "size" - -/* PKEY parameters */ -/* Common PKEY parameters */ -#define OSSL_PKEY_PARAM_BITS "bits" /* integer */ -#define OSSL_PKEY_PARAM_MAX_SIZE "max-size" /* integer */ -#define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits" /* integer */ -#define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST -#define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ -#define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE /* utf8 string */ -#define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES -#define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest" /* utf8 string */ -#define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest" /* utf8 string */ -#define OSSL_PKEY_PARAM_PAD_MODE "pad-mode" -#define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size" -#define OSSL_PKEY_PARAM_MASKGENFUNC "mgf" -#define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest" -#define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties" -#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key" -#define OSSL_PKEY_PARAM_GROUP_NAME "group" -#define OSSL_PKEY_PARAM_DIST_ID "distid" -#define OSSL_PKEY_PARAM_PUB_KEY "pub" -#define OSSL_PKEY_PARAM_PRIV_KEY "priv" - -/* Diffie-Hellman/DSA Parameters */ -#define OSSL_PKEY_PARAM_FFC_P "p" -#define OSSL_PKEY_PARAM_FFC_G "g" -#define OSSL_PKEY_PARAM_FFC_Q "q" -#define OSSL_PKEY_PARAM_FFC_GINDEX "gindex" -#define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter" -#define OSSL_PKEY_PARAM_FFC_SEED "seed" -#define OSSL_PKEY_PARAM_FFC_COFACTOR "j" -#define OSSL_PKEY_PARAM_FFC_H "hindex" -#define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq" -#define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g" -#define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy" - -/* Diffie-Hellman params */ -#define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator" -#define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len" - -/* Elliptic Curve Domain Parameters */ -#define OSSL_PKEY_PARAM_EC_PUB_X "qx" -#define OSSL_PKEY_PARAM_EC_PUB_Y "qy" - -/* Elliptic Curve Explicit Domain Parameters */ -#define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type" -#define OSSL_PKEY_PARAM_EC_P "p" -#define OSSL_PKEY_PARAM_EC_A "a" -#define OSSL_PKEY_PARAM_EC_B "b" -#define OSSL_PKEY_PARAM_EC_GENERATOR "generator" -#define OSSL_PKEY_PARAM_EC_ORDER "order" -#define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor" -#define OSSL_PKEY_PARAM_EC_SEED "seed" -#define OSSL_PKEY_PARAM_EC_CHAR2_M "m" -#define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type" -#define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp" -#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1" -#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2" -#define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3" -#define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit" - -/* Elliptic Curve Key Parameters */ -#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag" -#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \ - OSSL_PKEY_PARAM_USE_COFACTOR_FLAG - -/* RSA Keys */ -/* - * n, e, d are the usual public and private key components - * - * rsa-num is the number of factors, including p and q - * rsa-factor is used for each factor: p, q, r_i (i = 3, ...) - * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...) - * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...) - * - * The number of rsa-factor items must be equal to the number of rsa-exponent - * items, and the number of rsa-coefficients must be one less. - * (the base i for the coefficients is 2, not 1, at least as implied by - * RFC 8017) - */ -#define OSSL_PKEY_PARAM_RSA_N "n" -#define OSSL_PKEY_PARAM_RSA_E "e" -#define OSSL_PKEY_PARAM_RSA_D "d" -#define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor" -#define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient" -#define OSSL_PKEY_PARAM_RSA_FACTOR1 OSSL_PKEY_PARAM_RSA_FACTOR"1" -#define OSSL_PKEY_PARAM_RSA_FACTOR2 OSSL_PKEY_PARAM_RSA_FACTOR"2" -#define OSSL_PKEY_PARAM_RSA_FACTOR3 OSSL_PKEY_PARAM_RSA_FACTOR"3" -#define OSSL_PKEY_PARAM_RSA_FACTOR4 OSSL_PKEY_PARAM_RSA_FACTOR"4" -#define OSSL_PKEY_PARAM_RSA_FACTOR5 OSSL_PKEY_PARAM_RSA_FACTOR"5" -#define OSSL_PKEY_PARAM_RSA_FACTOR6 OSSL_PKEY_PARAM_RSA_FACTOR"6" -#define OSSL_PKEY_PARAM_RSA_FACTOR7 OSSL_PKEY_PARAM_RSA_FACTOR"7" -#define OSSL_PKEY_PARAM_RSA_FACTOR8 OSSL_PKEY_PARAM_RSA_FACTOR"8" -#define OSSL_PKEY_PARAM_RSA_FACTOR9 OSSL_PKEY_PARAM_RSA_FACTOR"9" -#define OSSL_PKEY_PARAM_RSA_FACTOR10 OSSL_PKEY_PARAM_RSA_FACTOR"10" -#define OSSL_PKEY_PARAM_RSA_EXPONENT1 OSSL_PKEY_PARAM_RSA_EXPONENT"1" -#define OSSL_PKEY_PARAM_RSA_EXPONENT2 OSSL_PKEY_PARAM_RSA_EXPONENT"2" -#define OSSL_PKEY_PARAM_RSA_EXPONENT3 OSSL_PKEY_PARAM_RSA_EXPONENT"3" -#define OSSL_PKEY_PARAM_RSA_EXPONENT4 OSSL_PKEY_PARAM_RSA_EXPONENT"4" -#define OSSL_PKEY_PARAM_RSA_EXPONENT5 OSSL_PKEY_PARAM_RSA_EXPONENT"5" -#define OSSL_PKEY_PARAM_RSA_EXPONENT6 OSSL_PKEY_PARAM_RSA_EXPONENT"6" -#define OSSL_PKEY_PARAM_RSA_EXPONENT7 OSSL_PKEY_PARAM_RSA_EXPONENT"7" -#define OSSL_PKEY_PARAM_RSA_EXPONENT8 OSSL_PKEY_PARAM_RSA_EXPONENT"8" -#define OSSL_PKEY_PARAM_RSA_EXPONENT9 OSSL_PKEY_PARAM_RSA_EXPONENT"9" -#define OSSL_PKEY_PARAM_RSA_EXPONENT10 OSSL_PKEY_PARAM_RSA_EXPONENT"10" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 OSSL_PKEY_PARAM_RSA_COEFFICIENT"1" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 OSSL_PKEY_PARAM_RSA_COEFFICIENT"2" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 OSSL_PKEY_PARAM_RSA_COEFFICIENT"3" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 OSSL_PKEY_PARAM_RSA_COEFFICIENT"4" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 OSSL_PKEY_PARAM_RSA_COEFFICIENT"5" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 OSSL_PKEY_PARAM_RSA_COEFFICIENT"6" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 OSSL_PKEY_PARAM_RSA_COEFFICIENT"7" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 OSSL_PKEY_PARAM_RSA_COEFFICIENT"8" -#define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 OSSL_PKEY_PARAM_RSA_COEFFICIENT"9" +# define OSSL_KDF_NAME_HKDF "HKDF" +# define OSSL_KDF_NAME_TLS1_3_KDF "TLS13-KDF" +# define OSSL_KDF_NAME_PBKDF1 "PBKDF1" +# define OSSL_KDF_NAME_PBKDF2 "PBKDF2" +# define OSSL_KDF_NAME_SCRYPT "SCRYPT" +# define OSSL_KDF_NAME_SSHKDF "SSHKDF" +# define OSSL_KDF_NAME_SSKDF "SSKDF" +# define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF" +# define OSSL_KDF_NAME_X942KDF_ASN1 "X942KDF-ASN1" +# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT" +# define OSSL_KDF_NAME_X963KDF "X963KDF" +# define OSSL_KDF_NAME_KBKDF "KBKDF" +# define OSSL_KDF_NAME_KRB5KDF "KRB5KDF" +# define OSSL_KDF_NAME_HMACDRBGKDF "HMAC-DRBG-KDF" /* RSA padding modes */ -#define OSSL_PKEY_RSA_PAD_MODE_NONE "none" -#define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1" -#define OSSL_PKEY_RSA_PAD_MODE_OAEP "oaep" -#define OSSL_PKEY_RSA_PAD_MODE_X931 "x931" -#define OSSL_PKEY_RSA_PAD_MODE_PSS "pss" +# define OSSL_PKEY_RSA_PAD_MODE_NONE "none" +# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1" +# define OSSL_PKEY_RSA_PAD_MODE_OAEP "oaep" +# define OSSL_PKEY_RSA_PAD_MODE_X931 "x931" +# define OSSL_PKEY_RSA_PAD_MODE_PSS "pss" /* RSA pss padding salt length */ -#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest" -#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX "max" -#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO "auto" -#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax" - -/* Key generation parameters */ -#define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS -#define OSSL_PKEY_PARAM_RSA_PRIMES "primes" -#define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST -#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES -#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC -#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST -#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen" - -/* Key generation parameters */ -#define OSSL_PKEY_PARAM_FFC_TYPE "type" -#define OSSL_PKEY_PARAM_FFC_PBITS "pbits" -#define OSSL_PKEY_PARAM_FFC_QBITS "qbits" -#define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST -#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES - -#define OSSL_PKEY_PARAM_EC_ENCODING "encoding" /* utf8_string */ -#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format" -#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check" -#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public" +# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest" +# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX "max" +# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO "auto" +# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax" /* OSSL_PKEY_PARAM_EC_ENCODING values */ -#define OSSL_PKEY_EC_ENCODING_EXPLICIT "explicit" -#define OSSL_PKEY_EC_ENCODING_GROUP "named_curve" +# define OSSL_PKEY_EC_ENCODING_EXPLICIT "explicit" +# define OSSL_PKEY_EC_ENCODING_GROUP "named_curve" -#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed" -#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED "compressed" -#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID "hybrid" +# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed" +# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED "compressed" +# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID "hybrid" -#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT "default" -#define OSSL_PKEY_EC_GROUP_CHECK_NAMED "named" -#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST "named-nist" - -/* Key Exchange parameters */ -#define OSSL_EXCHANGE_PARAM_PAD "pad" /* uint */ -#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */ -#define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type" /* utf8_string */ -#define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest" /* utf8_string */ -#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props" /* utf8_string */ -#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen" /* size_t */ -/* The following parameter is an octet_string on set and an octet_ptr on get */ -#define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm" - -/* Signature parameters */ -#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id" -#define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE -#define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST -#define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES -#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen" -#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST -#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES \ - OSSL_PKEY_PARAM_MGF1_PROPERTIES -#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE - -/* Asym cipher parameters */ -#define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST -#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES -#define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE -#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE -#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST \ - OSSL_PKEY_PARAM_MGF1_DIGEST -#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS \ - OSSL_PKEY_PARAM_MGF1_PROPERTIES -#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST -#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props" -/* The following parameter is an octet_string on set and an octet_ptr on get */ -#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" -#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" -#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" - -/* - * Encoder / decoder parameters - */ -#define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER -#define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES -/* Currently PVK only, but reusable for others as needed */ -#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level" -#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters" /* integer */ - -#define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES - -/* Passphrase callback parameters */ -#define OSSL_PASSPHRASE_PARAM_INFO "info" - -/* Keygen callback parameters, from provider to libcrypto */ -#define OSSL_GEN_PARAM_POTENTIAL "potential" /* integer */ -#define OSSL_GEN_PARAM_ITERATION "iteration" /* integer */ - -/* ACVP Test parameters : These should not be used normally */ -#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1" -#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2" -#define OSSL_PKEY_PARAM_RSA_TEST_XP "xp" -#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1" -#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2" -#define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq" -#define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1" -#define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2" -#define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1" -#define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2" -#define OSSL_SIGNATURE_PARAM_KAT "kat" - -/* KEM parameters */ -#define OSSL_KEM_PARAM_OPERATION "operation" +# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT "default" +# define OSSL_PKEY_EC_GROUP_CHECK_NAMED "named" +# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST "named-nist" /* OSSL_KEM_PARAM_OPERATION values */ #define OSSL_KEM_PARAM_OPERATION_RSASVE "RSASVE" +#define OSSL_KEM_PARAM_OPERATION_DHKEM "DHKEM" -/* Capabilities */ - -/* TLS-GROUP Capability */ -#define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name" -#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal" -#define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id" -#define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg" -#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits" -#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem" -#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls" -#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls" -#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls" -#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls" - -/*- - * storemgmt parameters - */ - -/* - * Used by storemgmt_ctx_set_params(): - * - * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the - * OSSL_STORE_INFO numbers. This is used to set the expected type of - * object loaded. - * - * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER, - * OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT, - * OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS - * are used as search criteria. - * (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT) - */ -#define OSSL_STORE_PARAM_EXPECT "expect" /* INTEGER */ -#define OSSL_STORE_PARAM_SUBJECT "subject" /* DER blob => OCTET_STRING */ -#define OSSL_STORE_PARAM_ISSUER "name" /* DER blob => OCTET_STRING */ -#define OSSL_STORE_PARAM_SERIAL "serial" /* INTEGER */ -#define OSSL_STORE_PARAM_DIGEST "digest" /* UTF8_STRING */ -#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */ -#define OSSL_STORE_PARAM_ALIAS "alias" /* UTF8_STRING */ - -/* You may want to pass properties for the provider implementation to use */ -#define OSSL_STORE_PARAM_PROPERTIES "properties" /* utf8_string */ -/* OSSL_DECODER input type if a decoder is used by the store */ -#define OSSL_STORE_PARAM_INPUT_TYPE "input-type" /* UTF8_STRING */ +/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */ +# define OSSL_ALG_PARAM_CIPHER "cipher" +# define OSSL_ALG_PARAM_DIGEST "digest" +# define OSSL_ALG_PARAM_ENGINE "engine" +# define OSSL_ALG_PARAM_MAC "mac" +# define OSSL_ALG_PARAM_PROPERTIES "properties" +# define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST +# define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE +# define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection" +# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST +# define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS OSSL_PKEY_PARAM_MGF1_PROPERTIES +# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST +# define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props" +# define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" +# define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE +# define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES +# define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" +# define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" +# define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg" +# define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id" +# define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem" +# define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls" +# define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls" +# define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls" +# define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls" +# define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name" +# define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal" +# define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits" +# define OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT "tls-sigalg-code-point" +# define OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME "tls-sigalg-hash-name" +# define OSSL_CAPABILITY_TLS_SIGALG_HASH_OID "tls-sigalg-hash-oid" +# define OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME "tls-sigalg-iana-name" +# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE "tls-sigalg-keytype" +# define OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID "tls-sigalg-keytype-oid" +# define OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS "tls-max-tls" +# define OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS "tls-min-tls" +# define OSSL_CAPABILITY_TLS_SIGALG_NAME "tls-sigalg-name" +# define OSSL_CAPABILITY_TLS_SIGALG_OID "tls-sigalg-oid" +# define OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS "tls-sigalg-sec-bits" +# define OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME "tls-sigalg-sig-name" +# define OSSL_CAPABILITY_TLS_SIGALG_SIG_OID "tls-sigalg-sig-oid" +# define OSSL_CIPHER_PARAM_AEAD "aead" +# define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN +# define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey" +# define OSSL_CIPHER_PARAM_AEAD_TAG "tag" +# define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen" +# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad" +# define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad" +# define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen" +# define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed" +# define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv" +# define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param" +# define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" +# define OSSL_CIPHER_PARAM_CTS "cts" +# define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode" +# define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv" +# define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey" +# define OSSL_CIPHER_PARAM_IV "iv" +# define OSSL_CIPHER_PARAM_IVLEN "ivlen" +# define OSSL_CIPHER_PARAM_KEYLEN "keylen" +# define OSSL_CIPHER_PARAM_MODE "mode" +# define OSSL_CIPHER_PARAM_NUM "num" +# define OSSL_CIPHER_PARAM_PADDING "padding" +# define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey" +# define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits" +# define OSSL_CIPHER_PARAM_ROUNDS "rounds" +# define OSSL_CIPHER_PARAM_SPEED "speed" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD "tls1multi_aad" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN "tls1multi_aadpacklen" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC "tls1multi_enc" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN "tls1multi_encin" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN "tls1multi_enclen" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE "tls1multi_interleave" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE "tls1multi_maxbufsz" +# define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT "tls1multi_maxsndfrag" +# define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac" +# define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size" +# define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version" +# define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv" +# define OSSL_CIPHER_PARAM_USE_BITS "use-bits" +# define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard" +# define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +# define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent" +# define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize" +# define OSSL_DIGEST_PARAM_MICALG "micalg" +# define OSSL_DIGEST_PARAM_PAD_TYPE "pad-type" +# define OSSL_DIGEST_PARAM_SIZE "size" +# define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms" +# define OSSL_DIGEST_PARAM_XOF "xof" +# define OSSL_DIGEST_PARAM_XOFLEN "xoflen" +# define OSSL_DRBG_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +# define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST +# define OSSL_DRBG_PARAM_ENTROPY_REQUIRED "entropy_required" +# define OSSL_DRBG_PARAM_MAC OSSL_ALG_PARAM_MAC +# define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen" +# define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen" +# define OSSL_DRBG_PARAM_MAX_LENGTH "maxium_length" +# define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen" +# define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen" +# define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen" +# define OSSL_DRBG_PARAM_MIN_LENGTH "minium_length" +# define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen" +# define OSSL_DRBG_PARAM_PREDICTION_RESISTANCE "prediction_resistance" +# define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +# define OSSL_DRBG_PARAM_RANDOM_DATA "random_data" +# define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter" +# define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests" +# define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time" +# define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval" +# define OSSL_DRBG_PARAM_SIZE "size" +# define OSSL_DRBG_PARAM_USE_DF "use_derivation_function" +# define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +# define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level" +# define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +# define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters" +# define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" +# define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest" +# define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props" +# define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen" +# define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type" +# define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm" +# define OSSL_EXCHANGE_PARAM_PAD "pad" +# define OSSL_GEN_PARAM_ITERATION "iteration" +# define OSSL_GEN_PARAM_POTENTIAL "potential" +# define OSSL_KDF_PARAM_ARGON2_AD "ad" +# define OSSL_KDF_PARAM_ARGON2_LANES "lanes" +# define OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost" +# define OSSL_KDF_PARAM_ARGON2_VERSION "version" +# define OSSL_KDF_PARAM_CEK_ALG "cekalg" +# define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +# define OSSL_KDF_PARAM_CONSTANT "constant" +# define OSSL_KDF_PARAM_DATA "data" +# define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST +# define OSSL_KDF_PARAM_EARLY_CLEAN "early_clean" +# define OSSL_KDF_PARAM_HMACDRBG_ENTROPY "entropy" +# define OSSL_KDF_PARAM_HMACDRBG_NONCE "nonce" +# define OSSL_KDF_PARAM_INFO "info" +# define OSSL_KDF_PARAM_ITER "iter" +# define OSSL_KDF_PARAM_KBKDF_R "r" +# define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" +# define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator" +# define OSSL_KDF_PARAM_KEY "key" +# define OSSL_KDF_PARAM_LABEL "label" +# define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC +# define OSSL_KDF_PARAM_MAC_SIZE "maclen" +# define OSSL_KDF_PARAM_MODE "mode" +# define OSSL_KDF_PARAM_PASSWORD "pass" +# define OSSL_KDF_PARAM_PKCS12_ID "id" +# define OSSL_KDF_PARAM_PKCS5 "pkcs5" +# define OSSL_KDF_PARAM_PREFIX "prefix" +# define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +# define OSSL_KDF_PARAM_SALT "salt" +# define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" +# define OSSL_KDF_PARAM_SCRYPT_N "n" +# define OSSL_KDF_PARAM_SCRYPT_P "p" +# define OSSL_KDF_PARAM_SCRYPT_R "r" +# define OSSL_KDF_PARAM_SECRET "secret" +# define OSSL_KDF_PARAM_SEED "seed" +# define OSSL_KDF_PARAM_SIZE "size" +# define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" +# define OSSL_KDF_PARAM_SSHKDF_TYPE "type" +# define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" +# define OSSL_KDF_PARAM_THREADS "threads" +# define OSSL_KDF_PARAM_UKM "ukm" +# define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info" +# define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info" +# define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info" +# define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo" +# define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo" +# define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits" +# define OSSL_KEM_PARAM_IKME "ikme" +# define OSSL_KEM_PARAM_OPERATION "operation" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING "block_padding" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA "max_early_data" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN "max_frag_len" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC "stream_mac" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE "tlstree" +# define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm" +# define OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN "read_buffer_len" +# define OSSL_MAC_PARAM_BLOCK_SIZE "block-size" +# define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +# define OSSL_MAC_PARAM_CUSTOM "custom" +# define OSSL_MAC_PARAM_C_ROUNDS "c-rounds" +# define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST +# define OSSL_MAC_PARAM_DIGEST_NOINIT "digest-noinit" +# define OSSL_MAC_PARAM_DIGEST_ONESHOT "digest-oneshot" +# define OSSL_MAC_PARAM_D_ROUNDS "d-rounds" +# define OSSL_MAC_PARAM_IV "iv" +# define OSSL_MAC_PARAM_KEY "key" +# define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +# define OSSL_MAC_PARAM_SALT "salt" +# define OSSL_MAC_PARAM_SIZE "size" +# define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size" +# define OSSL_MAC_PARAM_XOF "xof" +# define OSSL_OBJECT_PARAM_DATA "data" +# define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure" +# define OSSL_OBJECT_PARAM_DATA_TYPE "data-type" +# define OSSL_OBJECT_PARAM_DESC "desc" +# define OSSL_OBJECT_PARAM_REFERENCE "reference" +# define OSSL_OBJECT_PARAM_TYPE "type" +# define OSSL_PASSPHRASE_PARAM_INFO "info" +# define OSSL_PKEY_PARAM_BITS "bits" +# define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +# define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest" +# define OSSL_PKEY_PARAM_DHKEM_IKM "dhkem-ikm" +# define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator" +# define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len" +# define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST +# define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size" +# define OSSL_PKEY_PARAM_DIST_ID "distid" +# define OSSL_PKEY_PARAM_EC_A "a" +# define OSSL_PKEY_PARAM_EC_B "b" +# define OSSL_PKEY_PARAM_EC_CHAR2_M "m" +# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K1 "k1" +# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K2 "k2" +# define OSSL_PKEY_PARAM_EC_CHAR2_PP_K3 "k3" +# define OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS "tp" +# define OSSL_PKEY_PARAM_EC_CHAR2_TYPE "basis-type" +# define OSSL_PKEY_PARAM_EC_COFACTOR "cofactor" +# define OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS "decoded-from-explicit" +# define OSSL_PKEY_PARAM_EC_ENCODING "encoding" +# define OSSL_PKEY_PARAM_EC_FIELD_TYPE "field-type" +# define OSSL_PKEY_PARAM_EC_GENERATOR "generator" +# define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check" +# define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public" +# define OSSL_PKEY_PARAM_EC_ORDER "order" +# define OSSL_PKEY_PARAM_EC_P "p" +# define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format" +# define OSSL_PKEY_PARAM_EC_PUB_X "qx" +# define OSSL_PKEY_PARAM_EC_PUB_Y "qy" +# define OSSL_PKEY_PARAM_EC_SEED "seed" +# define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key" +# define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE +# define OSSL_PKEY_PARAM_FFC_COFACTOR "j" +# define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST +# define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES +# define OSSL_PKEY_PARAM_FFC_G "g" +# define OSSL_PKEY_PARAM_FFC_GINDEX "gindex" +# define OSSL_PKEY_PARAM_FFC_H "hindex" +# define OSSL_PKEY_PARAM_FFC_P "p" +# define OSSL_PKEY_PARAM_FFC_PBITS "pbits" +# define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter" +# define OSSL_PKEY_PARAM_FFC_Q "q" +# define OSSL_PKEY_PARAM_FFC_QBITS "qbits" +# define OSSL_PKEY_PARAM_FFC_SEED "seed" +# define OSSL_PKEY_PARAM_FFC_TYPE "type" +# define OSSL_PKEY_PARAM_FFC_VALIDATE_G "validate-g" +# define OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY "validate-legacy" +# define OSSL_PKEY_PARAM_FFC_VALIDATE_PQ "validate-pq" +# define OSSL_PKEY_PARAM_GROUP_NAME "group" +# define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection" +# define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest" +# define OSSL_PKEY_PARAM_MASKGENFUNC "mgf" +# define OSSL_PKEY_PARAM_MAX_SIZE "max-size" +# define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest" +# define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties" +# define OSSL_PKEY_PARAM_PAD_MODE "pad-mode" +# define OSSL_PKEY_PARAM_PRIV_KEY "priv" +# define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +# define OSSL_PKEY_PARAM_PUB_KEY "pub" +# define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT1 "rsa-coefficient1" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT2 "rsa-coefficient2" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT3 "rsa-coefficient3" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT4 "rsa-coefficient4" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT5 "rsa-coefficient5" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT6 "rsa-coefficient6" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT7 "rsa-coefficient7" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT8 "rsa-coefficient8" +# define OSSL_PKEY_PARAM_RSA_COEFFICIENT9 "rsa-coefficient9" +# define OSSL_PKEY_PARAM_RSA_D "d" +# define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST +# define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES +# define OSSL_PKEY_PARAM_RSA_E "e" +# define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent" +# define OSSL_PKEY_PARAM_RSA_EXPONENT1 "rsa-exponent1" +# define OSSL_PKEY_PARAM_RSA_EXPONENT10 "rsa-exponent10" +# define OSSL_PKEY_PARAM_RSA_EXPONENT2 "rsa-exponent2" +# define OSSL_PKEY_PARAM_RSA_EXPONENT3 "rsa-exponent3" +# define OSSL_PKEY_PARAM_RSA_EXPONENT4 "rsa-exponent4" +# define OSSL_PKEY_PARAM_RSA_EXPONENT5 "rsa-exponent5" +# define OSSL_PKEY_PARAM_RSA_EXPONENT6 "rsa-exponent6" +# define OSSL_PKEY_PARAM_RSA_EXPONENT7 "rsa-exponent7" +# define OSSL_PKEY_PARAM_RSA_EXPONENT8 "rsa-exponent8" +# define OSSL_PKEY_PARAM_RSA_EXPONENT9 "rsa-exponent9" +# define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor" +# define OSSL_PKEY_PARAM_RSA_FACTOR1 "rsa-factor1" +# define OSSL_PKEY_PARAM_RSA_FACTOR10 "rsa-factor10" +# define OSSL_PKEY_PARAM_RSA_FACTOR2 "rsa-factor2" +# define OSSL_PKEY_PARAM_RSA_FACTOR3 "rsa-factor3" +# define OSSL_PKEY_PARAM_RSA_FACTOR4 "rsa-factor4" +# define OSSL_PKEY_PARAM_RSA_FACTOR5 "rsa-factor5" +# define OSSL_PKEY_PARAM_RSA_FACTOR6 "rsa-factor6" +# define OSSL_PKEY_PARAM_RSA_FACTOR7 "rsa-factor7" +# define OSSL_PKEY_PARAM_RSA_FACTOR8 "rsa-factor8" +# define OSSL_PKEY_PARAM_RSA_FACTOR9 "rsa-factor9" +# define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC +# define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST +# define OSSL_PKEY_PARAM_RSA_N "n" +# define OSSL_PKEY_PARAM_RSA_PRIMES "primes" +# define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen" +# define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1" +# define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2" +# define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1" +# define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2" +# define OSSL_PKEY_PARAM_RSA_TEST_XP "xp" +# define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1" +# define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2" +# define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq" +# define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1" +# define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2" +# define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits" +# define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH OSSL_PKEY_PARAM_USE_COFACTOR_FLAG +# define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag" +# define OSSL_PROV_PARAM_BUILDINFO "buildinfo" +# define OSSL_PROV_PARAM_CORE_MODULE_FILENAME "module-filename" +# define OSSL_PROV_PARAM_CORE_PROV_NAME "provider-name" +# define OSSL_PROV_PARAM_CORE_VERSION "openssl-version" +# define OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md" +# define OSSL_PROV_PARAM_NAME "name" +# define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks" +# define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc" +# define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase" +# define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type" +# define OSSL_PROV_PARAM_STATUS "status" +# define OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check" +# define OSSL_PROV_PARAM_VERSION "version" +# define OSSL_RAND_PARAM_GENERATE "generate" +# define OSSL_RAND_PARAM_MAX_REQUEST "max_request" +# define OSSL_RAND_PARAM_STATE "state" +# define OSSL_RAND_PARAM_STRENGTH "strength" +# define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy" +# define OSSL_RAND_PARAM_TEST_NONCE "test_nonce" +# define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id" +# define OSSL_SIGNATURE_PARAM_CONTEXT_STRING "context-string" +# define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST +# define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE +# define OSSL_SIGNATURE_PARAM_INSTANCE "instance" +# define OSSL_SIGNATURE_PARAM_KAT "kat" +# define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST +# define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES OSSL_PKEY_PARAM_MGF1_PROPERTIES +# define OSSL_SIGNATURE_PARAM_NONCE_TYPE "nonce-type" +# define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE +# define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES +# define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "saltlen" +# define OSSL_STORE_PARAM_ALIAS "alias" +# define OSSL_STORE_PARAM_DIGEST "digest" +# define OSSL_STORE_PARAM_EXPECT "expect" +# define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" +# define OSSL_STORE_PARAM_INPUT_TYPE "input-type" +# define OSSL_STORE_PARAM_ISSUER "name" +# define OSSL_STORE_PARAM_PROPERTIES "properties" +# define OSSL_STORE_PARAM_SERIAL "serial" +# define OSSL_STORE_PARAM_SUBJECT "subject" # ifdef __cplusplus } diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/core_names.h.in b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/core_names.h.in new file mode 100644 index 00000000..c14520fe --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/core_names.h.in @@ -0,0 +1,119 @@ +/* + * {- join("\n * ", @autowarntext) -} + * + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +{- +use OpenSSL::paramnames qw(generate_public_macros); +-} + +#ifndef OPENSSL_CORE_NAMES_H +# define OPENSSL_CORE_NAMES_H +# pragma once + +# ifdef __cplusplus +extern "C" { +# endif + +/* OSSL_CIPHER_PARAM_CTS_MODE Values */ +# define OSSL_CIPHER_CTS_MODE_CS1 "CS1" +# define OSSL_CIPHER_CTS_MODE_CS2 "CS2" +# define OSSL_CIPHER_CTS_MODE_CS3 "CS3" + +/* Known CIPHER names (not a complete list) */ +# define OSSL_CIPHER_NAME_AES_128_GCM_SIV "AES-128-GCM-SIV" +# define OSSL_CIPHER_NAME_AES_192_GCM_SIV "AES-192-GCM-SIV" +# define OSSL_CIPHER_NAME_AES_256_GCM_SIV "AES-256-GCM-SIV" + +/* Known DIGEST names (not a complete list) */ +# define OSSL_DIGEST_NAME_MD5 "MD5" +# define OSSL_DIGEST_NAME_MD5_SHA1 "MD5-SHA1" +# define OSSL_DIGEST_NAME_SHA1 "SHA1" +# define OSSL_DIGEST_NAME_SHA2_224 "SHA2-224" +# define OSSL_DIGEST_NAME_SHA2_256 "SHA2-256" +# define OSSL_DIGEST_NAME_SHA2_256_192 "SHA2-256/192" +# define OSSL_DIGEST_NAME_SHA2_384 "SHA2-384" +# define OSSL_DIGEST_NAME_SHA2_512 "SHA2-512" +# define OSSL_DIGEST_NAME_SHA2_512_224 "SHA2-512/224" +# define OSSL_DIGEST_NAME_SHA2_512_256 "SHA2-512/256" +# define OSSL_DIGEST_NAME_MD2 "MD2" +# define OSSL_DIGEST_NAME_MD4 "MD4" +# define OSSL_DIGEST_NAME_MDC2 "MDC2" +# define OSSL_DIGEST_NAME_RIPEMD160 "RIPEMD160" +# define OSSL_DIGEST_NAME_SHA3_224 "SHA3-224" +# define OSSL_DIGEST_NAME_SHA3_256 "SHA3-256" +# define OSSL_DIGEST_NAME_SHA3_384 "SHA3-384" +# define OSSL_DIGEST_NAME_SHA3_512 "SHA3-512" +# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128" +# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256" +# define OSSL_DIGEST_NAME_SM3 "SM3" + +/* Known MAC names */ +# define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC" +# define OSSL_MAC_NAME_BLAKE2SMAC "BLAKE2SMAC" +# define OSSL_MAC_NAME_CMAC "CMAC" +# define OSSL_MAC_NAME_GMAC "GMAC" +# define OSSL_MAC_NAME_HMAC "HMAC" +# define OSSL_MAC_NAME_KMAC128 "KMAC128" +# define OSSL_MAC_NAME_KMAC256 "KMAC256" +# define OSSL_MAC_NAME_POLY1305 "POLY1305" +# define OSSL_MAC_NAME_SIPHASH "SIPHASH" + +/* Known KDF names */ +# define OSSL_KDF_NAME_HKDF "HKDF" +# define OSSL_KDF_NAME_TLS1_3_KDF "TLS13-KDF" +# define OSSL_KDF_NAME_PBKDF1 "PBKDF1" +# define OSSL_KDF_NAME_PBKDF2 "PBKDF2" +# define OSSL_KDF_NAME_SCRYPT "SCRYPT" +# define OSSL_KDF_NAME_SSHKDF "SSHKDF" +# define OSSL_KDF_NAME_SSKDF "SSKDF" +# define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF" +# define OSSL_KDF_NAME_X942KDF_ASN1 "X942KDF-ASN1" +# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT" +# define OSSL_KDF_NAME_X963KDF "X963KDF" +# define OSSL_KDF_NAME_KBKDF "KBKDF" +# define OSSL_KDF_NAME_KRB5KDF "KRB5KDF" +# define OSSL_KDF_NAME_HMACDRBGKDF "HMAC-DRBG-KDF" + +/* RSA padding modes */ +# define OSSL_PKEY_RSA_PAD_MODE_NONE "none" +# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1" +# define OSSL_PKEY_RSA_PAD_MODE_OAEP "oaep" +# define OSSL_PKEY_RSA_PAD_MODE_X931 "x931" +# define OSSL_PKEY_RSA_PAD_MODE_PSS "pss" + +/* RSA pss padding salt length */ +# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest" +# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX "max" +# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO "auto" +# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax" + +/* OSSL_PKEY_PARAM_EC_ENCODING values */ +# define OSSL_PKEY_EC_ENCODING_EXPLICIT "explicit" +# define OSSL_PKEY_EC_ENCODING_GROUP "named_curve" + +# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed" +# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED "compressed" +# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID "hybrid" + +# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT "default" +# define OSSL_PKEY_EC_GROUP_CHECK_NAMED "named" +# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST "named-nist" + +/* OSSL_KEM_PARAM_OPERATION values */ +#define OSSL_KEM_PARAM_OPERATION_RSASVE "RSASVE" +#define OSSL_KEM_PARAM_OPERATION_DHKEM "DHKEM" + +/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */ +{- generate_public_macros(); -} + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/crmf.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/crmf.h index 71b747ed..1f901f35 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/crmf.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/crmf.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/crmf.h.in * - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -43,8 +43,8 @@ extern "C" { # define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0 # define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1 - typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE; + DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE) typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG) @@ -198,12 +198,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, int rid, int acceptRAVerified, OSSL_LIB_CTX *libctx, const char *propq); OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm); -const ASN1_INTEGER -*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); +X509_PUBKEY +*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl); const X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl); const X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl); +const ASN1_INTEGER +*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); X509_EXTENSIONS *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl); const X509_NAME diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/crmf.h.in b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/crmf.h.in index 4d37ea6d..43411fa4 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/crmf.h.in +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/crmf.h.in @@ -1,7 +1,7 @@ /*- * {- join("\n * ", @autowarntext) -} * - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -44,8 +44,8 @@ extern "C" { # define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0 # define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1 - typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE; + DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE) typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG) @@ -151,12 +151,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, int rid, int acceptRAVerified, OSSL_LIB_CTX *libctx, const char *propq); OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm); -const ASN1_INTEGER -*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); +X509_PUBKEY +*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl); const X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl); const X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl); +const ASN1_INTEGER +*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); X509_EXTENSIONS *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl); const X509_NAME diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/crypto.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/crypto.h index ab01aae8..55e00dcc 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/crypto.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/crypto.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/crypto.h.in * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -88,6 +88,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, CRYPTO_RWLOCK *lock); int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock); +int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock); /* No longer needed, so this is a no-op */ #define OPENSSL_malloc_init() while(0) continue @@ -552,6 +553,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *); OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void); OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx); +void OSSL_sleep(uint64_t millis); + # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/crypto.h.in b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/crypto.h.in index fb0c7cbb..b2d691b9 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/crypto.h.in +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/crypto.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -89,6 +89,7 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, CRYPTO_RWLOCK *lock); int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock); +int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock); /* No longer needed, so this is a no-op */ #define OPENSSL_malloc_init() while(0) continue @@ -529,6 +530,8 @@ void OSSL_LIB_CTX_free(OSSL_LIB_CTX *); OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void); OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx); +void OSSL_sleep(uint64_t millis); + # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ct.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ct.h index b6dd8c35..e6dd1192 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ct.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ct.h @@ -133,7 +133,7 @@ typedef enum { */ CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq); - + /* * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library * context and property query string is used. diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ct.h.in b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ct.h.in index 16086b33..3fc2aaa9 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ct.h.in +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ct.h.in @@ -85,7 +85,7 @@ typedef enum { */ CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq); - + /* * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library * context and property query string is used. diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/dh.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/dh.h index 8bc17448..f1c0ed06 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/dh.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/dh.h @@ -144,7 +144,7 @@ DECLARE_ASN1_ITEM(DHparams) # define DH_GENERATOR_3 3 # define DH_GENERATOR_5 5 -/* DH_check error codes */ +/* DH_check error codes, some of them shared with DH_check_pub_key */ /* * NB: These values must align with the equivalently named macros in * internal/ffc.h. @@ -154,10 +154,10 @@ DECLARE_ASN1_ITEM(DHparams) # define DH_UNABLE_TO_CHECK_GENERATOR 0x04 # define DH_NOT_SUITABLE_GENERATOR 0x08 # define DH_CHECK_Q_NOT_PRIME 0x10 -# define DH_CHECK_INVALID_Q_VALUE 0x20 +# define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */ # define DH_CHECK_INVALID_J_VALUE 0x40 # define DH_MODULUS_TOO_SMALL 0x80 -# define DH_MODULUS_TOO_LARGE 0x100 +# define DH_MODULUS_TOO_LARGE 0x100 /* +DH_check_pub_key */ /* DH_check_pub_key error codes */ # define DH_CHECK_PUBKEY_TOO_SMALL 0x01 diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/dherr.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/dherr.h index 5d2a762a..2997d7d4 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/dherr.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/dherr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,6 +40,7 @@ # define DH_R_INVALID_PARAMETER_NID 114 # define DH_R_INVALID_PUBKEY 102 # define DH_R_INVALID_SECRET 128 +# define DH_R_INVALID_SIZE 129 # define DH_R_KDF_PARAMETER_ERROR 112 # define DH_R_KEYS_NOT_SET 108 # define DH_R_MISSING_PUBKEY 125 @@ -50,6 +51,7 @@ # define DH_R_NO_PRIVATE_VALUE 100 # define DH_R_PARAMETER_ENCODING_ERROR 105 # define DH_R_PEER_KEY_ERROR 111 +# define DH_R_Q_TOO_LARGE 130 # define DH_R_SHARED_INFO_ERROR 113 # define DH_R_UNABLE_TO_CHECK_GENERATOR 121 diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/dsa.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/dsa.h index 160404cc..109878e6 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/dsa.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/dsa.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/e_os2.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/e_os2.h index 32e142a9..e01f6275 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/e_os2.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/e_os2.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -89,7 +89,7 @@ extern "C" { /* * DLL settings. This part is a bit tough, because it's up to the - * application implementor how he or she will link the application, so it + * application implementer how he or she will link the application, so it * requires some macro to be used. */ # ifdef OPENSSL_SYS_WINDOWS diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/e_ostime.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/e_ostime.h new file mode 100644 index 00000000..8a7cc988 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/e_ostime.h @@ -0,0 +1,30 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_E_OSTIME_H +# define OPENSSL_E_OSTIME_H +# pragma once + +# include +# include +# include + +/* + * This header guarantees that 'struct timeval' will be available. It includes + * the minimum headers needed to facilitate this. This may still be a + * substantial set of headers on some platforms (e.g. on Win32). + */ + +# if defined(OPENSSL_SYS_WINDOWS) +# include +# else +# include +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ec.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ec.h index be9fb2f0..e1cbe982 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ec.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ec.h @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -460,6 +460,22 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], OSSL_LIB_CTX *libctx, const char *propq); +/** + * Creates an OSSL_PARAM array with the parameters describing the given + * EC_GROUP. + * The resulting parameters may contain an explicit or a named curve depending + * on the EC_GROUP. + * \param group pointer to the EC_GROUP object + * \param libctx The associated library context or NULL for the default + * context + * \param propq A property query string + * \param bnctx BN_CTX object (optional) + * \return newly created OSSL_PARAM array with the parameters + * describing the given EC_GROUP or NULL if an error occurred + */ +OSSL_PARAM *EC_GROUP_to_params(const EC_GROUP *group, OSSL_LIB_CTX *libctx, + const char *propq, BN_CTX *bnctx); + /** * Creates a EC_GROUP object with a curve specified by a NID * \param libctx The associated library context or NULL for the default @@ -1111,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key); /** Indicates if an EC_KEY can be used for signing. * \param eckey the EC_KEY object - * \return 1 if can can sign and 0 otherwise. + * \return 1 if can sign and 0 otherwise. */ OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey); @@ -1287,7 +1303,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *me OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine); /** The old name for ecdh_KDF_X9_63 - * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * The ECDH KDF specification has been mistakenly attributed to ANSI X9.62, * it is actually specified in ANSI X9.63. * This identifier is retained for backwards compatibility */ diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/err.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/err.h index 2abf2483..b987e31f 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/err.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/err.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -496,6 +496,13 @@ int ERR_get_next_error_library(void); int ERR_set_mark(void); int ERR_pop_to_mark(void); int ERR_clear_last_mark(void); +int ERR_count_to_mark(void); + +ERR_STATE *OSSL_ERR_STATE_new(void); +void OSSL_ERR_STATE_save(ERR_STATE *es); +void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es); +void OSSL_ERR_STATE_restore(const ERR_STATE *es); +void OSSL_ERR_STATE_free(ERR_STATE *es); #ifdef __cplusplus } diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/err.h.in b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/err.h.in index 11dc2163..1ef09de0 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/err.h.in +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/err.h.in @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -485,6 +485,13 @@ int ERR_get_next_error_library(void); int ERR_set_mark(void); int ERR_pop_to_mark(void); int ERR_clear_last_mark(void); +int ERR_count_to_mark(void); + +ERR_STATE *OSSL_ERR_STATE_new(void); +void OSSL_ERR_STATE_save(ERR_STATE *es); +void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es); +void OSSL_ERR_STATE_restore(const ERR_STATE *es); +void OSSL_ERR_STATE_free(ERR_STATE *es); #ifdef __cplusplus } diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/evp.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/evp.h index d0fce0c5..ea7620d6 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/evp.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/evp.h @@ -35,6 +35,7 @@ # define EVP_MAX_KEY_LENGTH 64 # define EVP_MAX_IV_LENGTH 16 # define EVP_MAX_BLOCK_LENGTH 32 +# define EVP_MAX_AEAD_TAG_LENGTH 16 # define PKCS5_SALT_LEN 8 /* Default PKCS#5 iteration count */ @@ -228,7 +229,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, * if the following flag is set. */ # define EVP_MD_CTX_FLAG_FINALISE 0x0200 -/* NOTE: 0x0400 is reserved for internal usage */ +/* NOTE: 0x0400 and 0x0800 are reserved for internal usage */ + # ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); @@ -308,6 +310,7 @@ OSSL_DEPRECATEDIN_3_0 int # define EVP_CIPH_WRAP_MODE 0x10002 # define EVP_CIPH_OCB_MODE 0x10003 # define EVP_CIPH_SIV_MODE 0x10004 +# define EVP_CIPH_GCM_SIV_MODE 0x10005 # define EVP_CIPH_MODE 0xF0007 /* Set if variable length cipher */ # define EVP_CIPH_VARIABLE_LENGTH 0x8 @@ -674,7 +677,7 @@ void BIO_set_md(BIO *, const EVP_MD *md); # define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp)) -/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c, +__owur int EVP_Cipher(EVP_CIPHER_CTX *c, unsigned char *out, const unsigned char *in, unsigned int inl); @@ -752,7 +755,7 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv); -/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, +__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv); @@ -760,16 +763,16 @@ __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, const OSSL_PARAM params[]); -/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); -/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, +__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, +__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv); -/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, +__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv); @@ -777,17 +780,17 @@ __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, const OSSL_PARAM params[]); -/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, +__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, int enc); -/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, +__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); @@ -821,18 +824,18 @@ __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen, const unsigned char *tbs, size_t tbslen); -int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +__owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const char *mdname, OSSL_LIB_CTX *libctx, const char *props, EVP_PKEY *pkey, const OSSL_PARAM params[]); -/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); -int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize); +__owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize); __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen); -int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +__owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const char *mdname, OSSL_LIB_CTX *libctx, const char *props, EVP_PKEY *pkey, const OSSL_PARAM params[]); @@ -1927,14 +1930,17 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); +int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv, + const OSSL_PARAM params[]); int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx, unsigned char *wrappedkey, size_t *wrappedkeylen, unsigned char *genkey, size_t *genkeylen); int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); +int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub, + const OSSL_PARAM params[]); int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx, unsigned char *unwrapped, size_t *unwrappedlen, const unsigned char *wrapped, size_t wrappedlen); - typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/evperr.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/evperr.h index a5053f6c..11f3faa4 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/evperr.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/evperr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -110,11 +110,14 @@ # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH 216 # define EVP_R_UNABLE_TO_LOCK_CONTEXT 211 # define EVP_R_UNABLE_TO_SET_CALLBACKS 217 +# define EVP_R_UNKNOWN_BITS 166 # define EVP_R_UNKNOWN_CIPHER 160 # define EVP_R_UNKNOWN_DIGEST 161 # define EVP_R_UNKNOWN_KEY_TYPE 207 +# define EVP_R_UNKNOWN_MAX_SIZE 167 # define EVP_R_UNKNOWN_OPTION 169 # define EVP_R_UNKNOWN_PBE_ALGORITHM 121 +# define EVP_R_UNKNOWN_SECURITY_BITS 168 # define EVP_R_UNSUPPORTED_ALGORITHM 156 # define EVP_R_UNSUPPORTED_CIPHER 107 # define EVP_R_UNSUPPORTED_KEYLENGTH 123 diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/hpke.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/hpke.h new file mode 100644 index 00000000..af637ac6 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/hpke.h @@ -0,0 +1,169 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* APIs and data structures for HPKE (RFC9180) */ +#ifndef OSSL_HPKE_H +# define OSSL_HPKE_H +# pragma once + +# include + +/* HPKE modes */ +# define OSSL_HPKE_MODE_BASE 0 /* Base mode */ +# define OSSL_HPKE_MODE_PSK 1 /* Pre-shared key mode */ +# define OSSL_HPKE_MODE_AUTH 2 /* Authenticated mode */ +# define OSSL_HPKE_MODE_PSKAUTH 3 /* PSK+authenticated mode */ + +/* + * Max for ikm, psk, pskid, info and exporter contexts. + * RFC9180, section 7.2.1 RECOMMENDS 64 octets but we have test vectors from + * Appendix A.6.1 with a 66 octet IKM so we'll allow that. + */ +# define OSSL_HPKE_MAX_PARMLEN 66 +# define OSSL_HPKE_MIN_PSKLEN 32 +# define OSSL_HPKE_MAX_INFOLEN 1024 + +/* + * The (16bit) HPKE algorithm ID IANA codepoints + * If/when new IANA codepoints are added there are tables in + * crypto/hpke/hpke_util.c that must also be updated. + */ +# define OSSL_HPKE_KEM_ID_RESERVED 0x0000 /* not used */ +# define OSSL_HPKE_KEM_ID_P256 0x0010 /* NIST P-256 */ +# define OSSL_HPKE_KEM_ID_P384 0x0011 /* NIST P-384 */ +# define OSSL_HPKE_KEM_ID_P521 0x0012 /* NIST P-521 */ +# define OSSL_HPKE_KEM_ID_X25519 0x0020 /* Curve25519 */ +# define OSSL_HPKE_KEM_ID_X448 0x0021 /* Curve448 */ + +# define OSSL_HPKE_KDF_ID_RESERVED 0x0000 /* not used */ +# define OSSL_HPKE_KDF_ID_HKDF_SHA256 0x0001 /* HKDF-SHA256 */ +# define OSSL_HPKE_KDF_ID_HKDF_SHA384 0x0002 /* HKDF-SHA384 */ +# define OSSL_HPKE_KDF_ID_HKDF_SHA512 0x0003 /* HKDF-SHA512 */ + +# define OSSL_HPKE_AEAD_ID_RESERVED 0x0000 /* not used */ +# define OSSL_HPKE_AEAD_ID_AES_GCM_128 0x0001 /* AES-GCM-128 */ +# define OSSL_HPKE_AEAD_ID_AES_GCM_256 0x0002 /* AES-GCM-256 */ +# define OSSL_HPKE_AEAD_ID_CHACHA_POLY1305 0x0003 /* Chacha20-Poly1305 */ +# define OSSL_HPKE_AEAD_ID_EXPORTONLY 0xFFFF /* export-only fake ID */ + +/* strings for suite components */ +# define OSSL_HPKE_KEMSTR_P256 "P-256" /* KEM id 0x10 */ +# define OSSL_HPKE_KEMSTR_P384 "P-384" /* KEM id 0x11 */ +# define OSSL_HPKE_KEMSTR_P521 "P-521" /* KEM id 0x12 */ +# define OSSL_HPKE_KEMSTR_X25519 "X25519" /* KEM id 0x20 */ +# define OSSL_HPKE_KEMSTR_X448 "X448" /* KEM id 0x21 */ +# define OSSL_HPKE_KDFSTR_256 "hkdf-sha256" /* KDF id 1 */ +# define OSSL_HPKE_KDFSTR_384 "hkdf-sha384" /* KDF id 2 */ +# define OSSL_HPKE_KDFSTR_512 "hkdf-sha512" /* KDF id 3 */ +# define OSSL_HPKE_AEADSTR_AES128GCM "aes-128-gcm" /* AEAD id 1 */ +# define OSSL_HPKE_AEADSTR_AES256GCM "aes-256-gcm" /* AEAD id 2 */ +# define OSSL_HPKE_AEADSTR_CP "chacha20-poly1305" /* AEAD id 3 */ +# define OSSL_HPKE_AEADSTR_EXP "exporter" /* AEAD id 0xff */ + +/* + * Roles for use in creating an OSSL_HPKE_CTX, most + * important use of this is to control nonce re-use. + */ +# define OSSL_HPKE_ROLE_SENDER 0 +# define OSSL_HPKE_ROLE_RECEIVER 1 + +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct { + uint16_t kem_id; /* Key Encapsulation Method id */ + uint16_t kdf_id; /* Key Derivation Function id */ + uint16_t aead_id; /* AEAD alg id */ +} OSSL_HPKE_SUITE; + +/** + * Suite constants, use this like: + * OSSL_HPKE_SUITE myvar = OSSL_HPKE_SUITE_DEFAULT; + */ +# ifndef OPENSSL_NO_ECX +# define OSSL_HPKE_SUITE_DEFAULT \ + {\ + OSSL_HPKE_KEM_ID_X25519, \ + OSSL_HPKE_KDF_ID_HKDF_SHA256, \ + OSSL_HPKE_AEAD_ID_AES_GCM_128 \ + } +# else +# define OSSL_HPKE_SUITE_DEFAULT \ + {\ + OSSL_HPKE_KEM_ID_P256, \ + OSSL_HPKE_KDF_ID_HKDF_SHA256, \ + OSSL_HPKE_AEAD_ID_AES_GCM_128 \ + } +#endif + +typedef struct ossl_hpke_ctx_st OSSL_HPKE_CTX; + +OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role, + OSSL_LIB_CTX *libctx, const char *propq); +void OSSL_HPKE_CTX_free(OSSL_HPKE_CTX *ctx); + +int OSSL_HPKE_encap(OSSL_HPKE_CTX *ctx, + unsigned char *enc, size_t *enclen, + const unsigned char *pub, size_t publen, + const unsigned char *info, size_t infolen); +int OSSL_HPKE_seal(OSSL_HPKE_CTX *ctx, + unsigned char *ct, size_t *ctlen, + const unsigned char *aad, size_t aadlen, + const unsigned char *pt, size_t ptlen); + +int OSSL_HPKE_keygen(OSSL_HPKE_SUITE suite, + unsigned char *pub, size_t *publen, EVP_PKEY **priv, + const unsigned char *ikm, size_t ikmlen, + OSSL_LIB_CTX *libctx, const char *propq); +int OSSL_HPKE_decap(OSSL_HPKE_CTX *ctx, + const unsigned char *enc, size_t enclen, + EVP_PKEY *recippriv, + const unsigned char *info, size_t infolen); +int OSSL_HPKE_open(OSSL_HPKE_CTX *ctx, + unsigned char *pt, size_t *ptlen, + const unsigned char *aad, size_t aadlen, + const unsigned char *ct, size_t ctlen); + +int OSSL_HPKE_export(OSSL_HPKE_CTX *ctx, + unsigned char *secret, + size_t secretlen, + const unsigned char *label, + size_t labellen); + +int OSSL_HPKE_CTX_set1_authpriv(OSSL_HPKE_CTX *ctx, EVP_PKEY *priv); +int OSSL_HPKE_CTX_set1_authpub(OSSL_HPKE_CTX *ctx, + const unsigned char *pub, + size_t publen); +int OSSL_HPKE_CTX_set1_psk(OSSL_HPKE_CTX *ctx, + const char *pskid, + const unsigned char *psk, size_t psklen); + +int OSSL_HPKE_CTX_set1_ikme(OSSL_HPKE_CTX *ctx, + const unsigned char *ikme, size_t ikmelen); + +int OSSL_HPKE_CTX_set_seq(OSSL_HPKE_CTX *ctx, uint64_t seq); +int OSSL_HPKE_CTX_get_seq(OSSL_HPKE_CTX *ctx, uint64_t *seq); + +int OSSL_HPKE_suite_check(OSSL_HPKE_SUITE suite); +int OSSL_HPKE_get_grease_value(const OSSL_HPKE_SUITE *suite_in, + OSSL_HPKE_SUITE *suite, + unsigned char *enc, size_t *enclen, + unsigned char *ct, size_t ctlen, + OSSL_LIB_CTX *libctx, const char *propq); +int OSSL_HPKE_str2suite(const char *str, OSSL_HPKE_SUITE *suite); +size_t OSSL_HPKE_get_ciphertext_size(OSSL_HPKE_SUITE suite, size_t clearlen); +size_t OSSL_HPKE_get_public_encap_size(OSSL_HPKE_SUITE suite); +size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite); + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/http.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/http.h index f7ab2142..a3cbf15f 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/http.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/http.h @@ -1,5 +1,5 @@ /* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright Siemens AG 2018-2020 * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -33,6 +33,8 @@ extern "C" { # define OPENSSL_HTTP_PROXY "HTTP_PROXY" # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY" +# ifndef OPENSSL_NO_HTTP + #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024) #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024) @@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost, const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy, const char *server, int use_ssl); + +# endif /* !defined(OPENSSL_NO_HTTP) */ # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/lhash.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/lhash.h index f4155df1..8af9edd2 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/lhash.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/lhash.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/lhash.h.in b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/lhash.h.in index dc344a54..c9dbd1f3 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/lhash.h.in +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/lhash.h.in @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/macros.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/macros.h index a614cd66..e9ef9387 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/macros.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/macros.h @@ -158,7 +158,7 @@ /* * Define macros for deprecation and simulated removal purposes. * - * The macros OSSL_DEPRECATED_{major}_{minor} are always defined for + * The macros OSSL_DEPRECATEDIN_{major}_{minor} are always defined for * all OpenSSL versions we care for. They can be used as attributes * in function declarations where appropriate. * @@ -169,6 +169,7 @@ * 'no-deprecated'. */ +# undef OPENSSL_NO_DEPRECATED_3_1 # undef OPENSSL_NO_DEPRECATED_3_0 # undef OPENSSL_NO_DEPRECATED_1_1_1 # undef OPENSSL_NO_DEPRECATED_1_1_0 diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/obj_mac.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/obj_mac.h index 0e860276..e1b441b3 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/obj_mac.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/obj_mac.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/objects.pl * - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at @@ -886,6 +886,14 @@ #define NID_id_ct_signedChecklist 1247 #define OBJ_id_ct_signedChecklist OBJ_id_smime_ct,48L +#define SN_id_ct_ASPA "id-ct-ASPA" +#define NID_id_ct_ASPA 1250 +#define OBJ_id_ct_ASPA OBJ_id_smime_ct,49L + +#define SN_id_ct_signedTAL "id-ct-signedTAL" +#define NID_id_ct_signedTAL 1284 +#define OBJ_id_ct_signedTAL OBJ_id_smime_ct,50L + #define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" #define NID_id_smime_aa_receiptRequest 212 #define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L @@ -1002,10 +1010,22 @@ #define NID_id_smime_aa_dvcs_dvc 240 #define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L +#define SN_id_aa_ets_attrCertificateRefs "id-aa-ets-attrCertificateRefs" +#define NID_id_aa_ets_attrCertificateRefs 1261 +#define OBJ_id_aa_ets_attrCertificateRefs OBJ_id_smime_aa,44L + +#define SN_id_aa_ets_attrRevocationRefs "id-aa-ets-attrRevocationRefs" +#define NID_id_aa_ets_attrRevocationRefs 1262 +#define OBJ_id_aa_ets_attrRevocationRefs OBJ_id_smime_aa,45L + #define SN_id_smime_aa_signingCertificateV2 "id-smime-aa-signingCertificateV2" #define NID_id_smime_aa_signingCertificateV2 1086 #define OBJ_id_smime_aa_signingCertificateV2 OBJ_id_smime_aa,47L +#define SN_id_aa_ets_archiveTimestampV2 "id-aa-ets-archiveTimestampV2" +#define NID_id_aa_ets_archiveTimestampV2 1280 +#define OBJ_id_aa_ets_archiveTimestampV2 OBJ_id_smime_aa,48L + #define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" #define NID_id_smime_alg_ESDHwith3DES 241 #define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L @@ -1082,15 +1102,17 @@ #define NID_localKeyID 157 #define OBJ_localKeyID OBJ_pkcs9,21L +#define OBJ_ms_corp 1L,3L,6L,1L,4L,1L,311L + #define SN_ms_csp_name "CSPName" #define LN_ms_csp_name "Microsoft CSP Name" #define NID_ms_csp_name 417 -#define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L +#define OBJ_ms_csp_name OBJ_ms_corp,17L,1L #define SN_LocalKeySet "LocalKeySet" #define LN_LocalKeySet "Microsoft Local Key set" #define NID_LocalKeySet 856 -#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L +#define OBJ_LocalKeySet OBJ_ms_corp,17L,2L #define OBJ_certTypes OBJ_pkcs9,22L @@ -1108,6 +1130,10 @@ #define NID_x509Crl 160 #define OBJ_x509Crl OBJ_crlTypes,1L +#define SN_id_aa_CMSAlgorithmProtection "id-aa-CMSAlgorithmProtection" +#define NID_id_aa_CMSAlgorithmProtection 1263 +#define OBJ_id_aa_CMSAlgorithmProtection OBJ_pkcs9,52L + #define OBJ_pkcs12 OBJ_pkcs,12L #define OBJ_pkcs12_pbeids OBJ_pkcs12,1L @@ -1217,6 +1243,10 @@ #define NID_SM2_with_SM3 1204 #define OBJ_SM2_with_SM3 OBJ_sm_scheme,501L +#define LN_hmacWithSM3 "hmacWithSM3" +#define NID_hmacWithSM3 1281 +#define OBJ_hmacWithSM3 OBJ_sm3,3L,1L + #define LN_hmacWithSHA224 "hmacWithSHA224" #define NID_hmacWithSHA224 798 #define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L @@ -1300,42 +1330,62 @@ #define SN_ms_ext_req "msExtReq" #define LN_ms_ext_req "Microsoft Extension Request" #define NID_ms_ext_req 171 -#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L +#define OBJ_ms_ext_req OBJ_ms_corp,2L,1L,14L #define SN_ms_code_ind "msCodeInd" #define LN_ms_code_ind "Microsoft Individual Code Signing" #define NID_ms_code_ind 134 -#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L +#define OBJ_ms_code_ind OBJ_ms_corp,2L,1L,21L #define SN_ms_code_com "msCodeCom" #define LN_ms_code_com "Microsoft Commercial Code Signing" #define NID_ms_code_com 135 -#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L +#define OBJ_ms_code_com OBJ_ms_corp,2L,1L,22L #define SN_ms_ctl_sign "msCTLSign" #define LN_ms_ctl_sign "Microsoft Trust List Signing" #define NID_ms_ctl_sign 136 -#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L +#define OBJ_ms_ctl_sign OBJ_ms_corp,10L,3L,1L #define SN_ms_sgc "msSGC" #define LN_ms_sgc "Microsoft Server Gated Crypto" #define NID_ms_sgc 137 -#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L +#define OBJ_ms_sgc OBJ_ms_corp,10L,3L,3L #define SN_ms_efs "msEFS" #define LN_ms_efs "Microsoft Encrypted File System" #define NID_ms_efs 138 -#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L +#define OBJ_ms_efs OBJ_ms_corp,10L,3L,4L #define SN_ms_smartcard_login "msSmartcardLogin" #define LN_ms_smartcard_login "Microsoft Smartcard Login" #define NID_ms_smartcard_login 648 -#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L +#define OBJ_ms_smartcard_login OBJ_ms_corp,20L,2L,2L #define SN_ms_upn "msUPN" #define LN_ms_upn "Microsoft User Principal Name" #define NID_ms_upn 649 -#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L +#define OBJ_ms_upn OBJ_ms_corp,20L,2L,3L + +#define SN_ms_ntds_sec_ext "ms-ntds-sec-ext" +#define LN_ms_ntds_sec_ext "Microsoft NTDS CA Extension" +#define NID_ms_ntds_sec_ext 1292 +#define OBJ_ms_ntds_sec_ext OBJ_ms_corp,25L,2L + +#define SN_ms_ntds_obj_sid "ms-ntds-obj-sid" +#define LN_ms_ntds_obj_sid "Microsoft NTDS AD objectSid" +#define NID_ms_ntds_obj_sid 1291 +#define OBJ_ms_ntds_obj_sid OBJ_ms_corp,25L,2L,1L + +#define SN_ms_cert_templ "ms-cert-templ" +#define LN_ms_cert_templ "Microsoft certificate template" +#define NID_ms_cert_templ 1293 +#define OBJ_ms_cert_templ OBJ_ms_corp,21L,7L + +#define SN_ms_app_policies "ms-app-policies" +#define LN_ms_app_policies "Microsoft Application Policies Extension" +#define NID_ms_app_policies 1294 +#define OBJ_ms_app_policies OBJ_ms_corp,21L,10L #define SN_idea_cbc "IDEA-CBC" #define LN_idea_cbc "idea-cbc" @@ -1503,6 +1553,18 @@ #define NID_id_mod_cmp2000 284 #define OBJ_id_mod_cmp2000 OBJ_id_pkix_mod,16L +#define SN_id_mod_cmp2000_02 "id-mod-cmp2000-02" +#define NID_id_mod_cmp2000_02 1251 +#define OBJ_id_mod_cmp2000_02 OBJ_id_pkix_mod,50L + +#define SN_id_mod_cmp2021_88 "id-mod-cmp2021-88" +#define NID_id_mod_cmp2021_88 1252 +#define OBJ_id_mod_cmp2021_88 OBJ_id_pkix_mod,99L + +#define SN_id_mod_cmp2021_02 "id-mod-cmp2021-02" +#define NID_id_mod_cmp2021_02 1253 +#define OBJ_id_mod_cmp2021_02 OBJ_id_pkix_mod,100L + #define SN_info_access "authorityInfoAccess" #define LN_info_access "Authority Information Access" #define NID_info_access 177 @@ -1783,6 +1845,22 @@ #define NID_id_it_certReqTemplate 1225 #define OBJ_id_it_certReqTemplate OBJ_id_it,19L +#define SN_id_it_rootCaCert "id-it-rootCaCert" +#define NID_id_it_rootCaCert 1254 +#define OBJ_id_it_rootCaCert OBJ_id_it,20L + +#define SN_id_it_certProfile "id-it-certProfile" +#define NID_id_it_certProfile 1255 +#define OBJ_id_it_certProfile OBJ_id_it,21L + +#define SN_id_it_crlStatusList "id-it-crlStatusList" +#define NID_id_it_crlStatusList 1256 +#define OBJ_id_it_crlStatusList OBJ_id_it,22L + +#define SN_id_it_crls "id-it-crls" +#define NID_id_it_crls 1257 +#define OBJ_id_it_crls OBJ_id_it,23L + #define SN_id_regCtrl "id-regCtrl" #define NID_id_regCtrl 313 #define OBJ_id_regCtrl OBJ_id_pkip,1L @@ -1815,6 +1893,18 @@ #define NID_id_regCtrl_protocolEncrKey 320 #define OBJ_id_regCtrl_protocolEncrKey OBJ_id_regCtrl,6L +#define SN_id_regCtrl_altCertTemplate "id-regCtrl-altCertTemplate" +#define NID_id_regCtrl_altCertTemplate 1258 +#define OBJ_id_regCtrl_altCertTemplate OBJ_id_regCtrl,7L + +#define SN_id_regCtrl_algId "id-regCtrl-algId" +#define NID_id_regCtrl_algId 1259 +#define OBJ_id_regCtrl_algId OBJ_id_regCtrl,11L + +#define SN_id_regCtrl_rsaKeyLen "id-regCtrl-rsaKeyLen" +#define NID_id_regCtrl_rsaKeyLen 1260 +#define OBJ_id_regCtrl_rsaKeyLen OBJ_id_regCtrl,12L + #define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs" #define NID_id_regInfo_utf8Pairs 321 #define OBJ_id_regInfo_utf8Pairs OBJ_id_regInfo,1L @@ -2649,11 +2739,56 @@ #define NID_ext_key_usage 126 #define OBJ_ext_key_usage OBJ_id_ce,37L +#define SN_authority_attribute_identifier "authorityAttributeIdentifier" +#define LN_authority_attribute_identifier "X509v3 Authority Attribute Identifier" +#define NID_authority_attribute_identifier 1295 +#define OBJ_authority_attribute_identifier OBJ_id_ce,38L + +#define SN_role_spec_cert_identifier "roleSpecCertIdentifier" +#define LN_role_spec_cert_identifier "X509v3 Role Specification Certificate Identifier" +#define NID_role_spec_cert_identifier 1296 +#define OBJ_role_spec_cert_identifier OBJ_id_ce,39L + +#define SN_basic_att_constraints "basicAttConstraints" +#define LN_basic_att_constraints "X509v3 Basic Attribute Certificate Constraints" +#define NID_basic_att_constraints 1297 +#define OBJ_basic_att_constraints OBJ_id_ce,41L + +#define SN_delegated_name_constraints "delegatedNameConstraints" +#define LN_delegated_name_constraints "X509v3 Delegated Name Constraints" +#define NID_delegated_name_constraints 1298 +#define OBJ_delegated_name_constraints OBJ_id_ce,42L + +#define SN_time_specification "timeSpecification" +#define LN_time_specification "X509v3 Time Specification" +#define NID_time_specification 1299 +#define OBJ_time_specification OBJ_id_ce,43L + #define SN_freshest_crl "freshestCRL" #define LN_freshest_crl "X509v3 Freshest CRL" #define NID_freshest_crl 857 #define OBJ_freshest_crl OBJ_id_ce,46L +#define SN_attribute_descriptor "attributeDescriptor" +#define LN_attribute_descriptor "X509v3 Attribute Descriptor" +#define NID_attribute_descriptor 1300 +#define OBJ_attribute_descriptor OBJ_id_ce,48L + +#define SN_user_notice "userNotice" +#define LN_user_notice "X509v3 User Notice" +#define NID_user_notice 1301 +#define OBJ_user_notice OBJ_id_ce,49L + +#define SN_soa_identifier "sOAIdentifier" +#define LN_soa_identifier "X509v3 Source of Authority Identifier" +#define NID_soa_identifier 1302 +#define OBJ_soa_identifier OBJ_id_ce,50L + +#define SN_acceptable_cert_policies "acceptableCertPolicies" +#define LN_acceptable_cert_policies "X509v3 Acceptable Certification Policies" +#define NID_acceptable_cert_policies 1303 +#define OBJ_acceptable_cert_policies OBJ_id_ce,52L + #define SN_inhibit_any_policy "inhibitAnyPolicy" #define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" #define NID_inhibit_any_policy 748 @@ -2669,6 +2804,86 @@ #define NID_no_rev_avail 403 #define OBJ_no_rev_avail OBJ_id_ce,56L +#define SN_acceptable_privilege_policies "acceptablePrivPolicies" +#define LN_acceptable_privilege_policies "X509v3 Acceptable Privilege Policies" +#define NID_acceptable_privilege_policies 1304 +#define OBJ_acceptable_privilege_policies OBJ_id_ce,57L + +#define SN_indirect_issuer "indirectIssuer" +#define LN_indirect_issuer "X509v3 Indirect Issuer" +#define NID_indirect_issuer 1305 +#define OBJ_indirect_issuer OBJ_id_ce,61L + +#define SN_no_assertion "noAssertion" +#define LN_no_assertion "X509v3 No Assertion" +#define NID_no_assertion 1306 +#define OBJ_no_assertion OBJ_id_ce,62L + +#define SN_id_aa_issuing_distribution_point "aAissuingDistributionPoint" +#define LN_id_aa_issuing_distribution_point "X509v3 Attribute Authority Issuing Distribution Point" +#define NID_id_aa_issuing_distribution_point 1307 +#define OBJ_id_aa_issuing_distribution_point OBJ_id_ce,63L + +#define SN_issued_on_behalf_of "issuedOnBehalfOf" +#define LN_issued_on_behalf_of "X509v3 Issued On Behalf Of" +#define NID_issued_on_behalf_of 1308 +#define OBJ_issued_on_behalf_of OBJ_id_ce,64L + +#define SN_single_use "singleUse" +#define LN_single_use "X509v3 Single Use" +#define NID_single_use 1309 +#define OBJ_single_use OBJ_id_ce,65L + +#define SN_group_ac "groupAC" +#define LN_group_ac "X509v3 Group Attribute Certificate" +#define NID_group_ac 1310 +#define OBJ_group_ac OBJ_id_ce,66L + +#define SN_allowed_attribute_assignments "allowedAttributeAssignments" +#define LN_allowed_attribute_assignments "X509v3 Allowed Attribute Assignments" +#define NID_allowed_attribute_assignments 1311 +#define OBJ_allowed_attribute_assignments OBJ_id_ce,67L + +#define SN_attribute_mappings "attributeMappings" +#define LN_attribute_mappings "X509v3 Attribute Mappings" +#define NID_attribute_mappings 1312 +#define OBJ_attribute_mappings OBJ_id_ce,68L + +#define SN_holder_name_constraints "holderNameConstraints" +#define LN_holder_name_constraints "X509v3 Holder Name Constraints" +#define NID_holder_name_constraints 1313 +#define OBJ_holder_name_constraints OBJ_id_ce,69L + +#define SN_authorization_validation "authorizationValidation" +#define LN_authorization_validation "X509v3 Authorization Validation" +#define NID_authorization_validation 1314 +#define OBJ_authorization_validation OBJ_id_ce,70L + +#define SN_prot_restrict "protRestrict" +#define LN_prot_restrict "X509v3 Protocol Restriction" +#define NID_prot_restrict 1315 +#define OBJ_prot_restrict OBJ_id_ce,71L + +#define SN_subject_alt_public_key_info "subjectAltPublicKeyInfo" +#define LN_subject_alt_public_key_info "X509v3 Subject Alternative Public Key Info" +#define NID_subject_alt_public_key_info 1316 +#define OBJ_subject_alt_public_key_info OBJ_id_ce,72L + +#define SN_alt_signature_algorithm "altSignatureAlgorithm" +#define LN_alt_signature_algorithm "X509v3 Alternative Signature Algorithm" +#define NID_alt_signature_algorithm 1317 +#define OBJ_alt_signature_algorithm OBJ_id_ce,73L + +#define SN_alt_signature_value "altSignatureValue" +#define LN_alt_signature_value "X509v3 Alternative Signature Value" +#define NID_alt_signature_value 1318 +#define OBJ_alt_signature_value OBJ_id_ce,74L + +#define SN_associated_information "associatedInformation" +#define LN_associated_information "X509v3 Associated Information" +#define NID_associated_information 1319 +#define OBJ_associated_information OBJ_id_ce,75L + #define SN_anyExtendedKeyUsage "anyExtendedKeyUsage" #define LN_anyExtendedKeyUsage "Any Extended Key Usage" #define NID_anyExtendedKeyUsage 910 @@ -3220,6 +3435,70 @@ #define NID_hold_instruction_reject 433 #define OBJ_hold_instruction_reject OBJ_holdInstruction,3L +#define SN_itu_t_identified_organization "itu-t-identified-organization" +#define NID_itu_t_identified_organization 1264 +#define OBJ_itu_t_identified_organization OBJ_itu_t,4L + +#define SN_etsi "etsi" +#define NID_etsi 1265 +#define OBJ_etsi OBJ_itu_t_identified_organization,0L + +#define SN_electronic_signature_standard "electronic-signature-standard" +#define NID_electronic_signature_standard 1266 +#define OBJ_electronic_signature_standard OBJ_etsi,1733L + +#define SN_ess_attributes "ess-attributes" +#define NID_ess_attributes 1267 +#define OBJ_ess_attributes OBJ_electronic_signature_standard,2L + +#define SN_id_aa_ets_mimeType "id-aa-ets-mimeType" +#define NID_id_aa_ets_mimeType 1268 +#define OBJ_id_aa_ets_mimeType OBJ_ess_attributes,1L + +#define SN_id_aa_ets_longTermValidation "id-aa-ets-longTermValidation" +#define NID_id_aa_ets_longTermValidation 1269 +#define OBJ_id_aa_ets_longTermValidation OBJ_ess_attributes,2L + +#define SN_id_aa_ets_SignaturePolicyDocument "id-aa-ets-SignaturePolicyDocument" +#define NID_id_aa_ets_SignaturePolicyDocument 1270 +#define OBJ_id_aa_ets_SignaturePolicyDocument OBJ_ess_attributes,3L + +#define SN_id_aa_ets_archiveTimestampV3 "id-aa-ets-archiveTimestampV3" +#define NID_id_aa_ets_archiveTimestampV3 1271 +#define OBJ_id_aa_ets_archiveTimestampV3 OBJ_ess_attributes,4L + +#define SN_id_aa_ATSHashIndex "id-aa-ATSHashIndex" +#define NID_id_aa_ATSHashIndex 1272 +#define OBJ_id_aa_ATSHashIndex OBJ_ess_attributes,5L + +#define SN_cades "cades" +#define NID_cades 1273 +#define OBJ_cades OBJ_etsi,19122L + +#define SN_cades_attributes "cades-attributes" +#define NID_cades_attributes 1274 +#define OBJ_cades_attributes OBJ_cades,1L + +#define SN_id_aa_ets_signerAttrV2 "id-aa-ets-signerAttrV2" +#define NID_id_aa_ets_signerAttrV2 1275 +#define OBJ_id_aa_ets_signerAttrV2 OBJ_cades_attributes,1L + +#define SN_id_aa_ets_sigPolicyStore "id-aa-ets-sigPolicyStore" +#define NID_id_aa_ets_sigPolicyStore 1276 +#define OBJ_id_aa_ets_sigPolicyStore OBJ_cades_attributes,3L + +#define SN_id_aa_ATSHashIndex_v2 "id-aa-ATSHashIndex-v2" +#define NID_id_aa_ATSHashIndex_v2 1277 +#define OBJ_id_aa_ATSHashIndex_v2 OBJ_cades_attributes,4L + +#define SN_id_aa_ATSHashIndex_v3 "id-aa-ATSHashIndex-v3" +#define NID_id_aa_ATSHashIndex_v3 1278 +#define OBJ_id_aa_ATSHashIndex_v3 OBJ_cades_attributes,5L + +#define SN_signedAssertion "signedAssertion" +#define NID_signedAssertion 1279 +#define OBJ_signedAssertion OBJ_cades_attributes,6L + #define SN_data "data" #define NID_data 434 #define OBJ_data OBJ_itu_t,9L @@ -4952,6 +5231,21 @@ #define NID_sm4_ctr 1139 #define OBJ_sm4_ctr OBJ_sm_scheme,104L,7L +#define SN_sm4_gcm "SM4-GCM" +#define LN_sm4_gcm "sm4-gcm" +#define NID_sm4_gcm 1248 +#define OBJ_sm4_gcm OBJ_sm_scheme,104L,8L + +#define SN_sm4_ccm "SM4-CCM" +#define LN_sm4_ccm "sm4-ccm" +#define NID_sm4_ccm 1249 +#define OBJ_sm4_ccm OBJ_sm_scheme,104L,9L + +#define SN_sm4_xts "SM4-XTS" +#define LN_sm4_xts "sm4-xts" +#define NID_sm4_xts 1290 +#define OBJ_sm4_xts OBJ_sm_scheme,104L,10L + #define SN_hmac "HMAC" #define LN_hmac "hmac" #define NID_hmac 855 @@ -5029,6 +5323,9 @@ #define NID_brainpoolP256r1 927 #define OBJ_brainpoolP256r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,7L +#define SN_brainpoolP256r1tls13 "brainpoolP256r1tls13" +#define NID_brainpoolP256r1tls13 1285 + #define SN_brainpoolP256t1 "brainpoolP256t1" #define NID_brainpoolP256t1 928 #define OBJ_brainpoolP256t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,8L @@ -5045,6 +5342,9 @@ #define NID_brainpoolP384r1 931 #define OBJ_brainpoolP384r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,11L +#define SN_brainpoolP384r1tls13 "brainpoolP384r1tls13" +#define NID_brainpoolP384r1tls13 1286 + #define SN_brainpoolP384t1 "brainpoolP384t1" #define NID_brainpoolP384t1 932 #define OBJ_brainpoolP384t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,12L @@ -5053,6 +5353,9 @@ #define NID_brainpoolP512r1 933 #define OBJ_brainpoolP512r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,13L +#define SN_brainpoolP512r1tls13 "brainpoolP512r1tls13" +#define NID_brainpoolP512r1tls13 1287 + #define SN_brainpoolP512t1 "brainpoolP512t1" #define NID_brainpoolP512t1 934 #define OBJ_brainpoolP512t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,14L @@ -5130,17 +5433,17 @@ #define SN_jurisdictionLocalityName "jurisdictionL" #define LN_jurisdictionLocalityName "jurisdictionLocalityName" #define NID_jurisdictionLocalityName 955 -#define OBJ_jurisdictionLocalityName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L +#define OBJ_jurisdictionLocalityName OBJ_ms_corp,60L,2L,1L,1L #define SN_jurisdictionStateOrProvinceName "jurisdictionST" #define LN_jurisdictionStateOrProvinceName "jurisdictionStateOrProvinceName" #define NID_jurisdictionStateOrProvinceName 956 -#define OBJ_jurisdictionStateOrProvinceName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L +#define OBJ_jurisdictionStateOrProvinceName OBJ_ms_corp,60L,2L,1L,2L #define SN_jurisdictionCountryName "jurisdictionC" #define LN_jurisdictionCountryName "jurisdictionCountryName" #define NID_jurisdictionCountryName 957 -#define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L +#define OBJ_jurisdictionCountryName OBJ_ms_corp,60L,2L,1L,3L #define SN_id_scrypt "id-scrypt" #define LN_id_scrypt "scrypt" @@ -5432,6 +5735,24 @@ #define LN_aes_256_siv "aes-256-siv" #define NID_aes_256_siv 1200 +#define SN_oracle "oracle-organization" +#define LN_oracle "Oracle organization" +#define NID_oracle 1282 +#define OBJ_oracle OBJ_joint_iso_itu_t,16L,840L,1L,113894L + +#define SN_oracle_jdk_trustedkeyusage "oracle-jdk-trustedkeyusage" +#define LN_oracle_jdk_trustedkeyusage "Trusted key usage (Oracle)" +#define NID_oracle_jdk_trustedkeyusage 1283 +#define OBJ_oracle_jdk_trustedkeyusage OBJ_oracle,746875L,1L,1L + +#define SN_brotli "brotli" +#define LN_brotli "Brotli compression" +#define NID_brotli 1288 + +#define SN_zstd "zstd" +#define LN_zstd "Zstandard compression" +#define NID_zstd 1289 + #endif /* OPENSSL_OBJ_MAC_H */ #ifndef OPENSSL_NO_DEPRECATED_3_0 diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/opensslv.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/opensslv.h index b87a4aa1..7f1ecf66 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/opensslv.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/opensslv.h @@ -28,8 +28,8 @@ extern "C" { * These macros express version number MAJOR.MINOR.PATCH exactly */ # define OPENSSL_VERSION_MAJOR 3 -# define OPENSSL_VERSION_MINOR 1 -# define OPENSSL_VERSION_PATCH 4 +# define OPENSSL_VERSION_MINOR 2 +# define OPENSSL_VERSION_PATCH 0 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.1.4" -# define OPENSSL_FULL_VERSION_STR "3.1.4" +# define OPENSSL_VERSION_STR "3.2.0" +# define OPENSSL_FULL_VERSION_STR "3.2.0" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "24 Oct 2023" +# define OPENSSL_RELEASE_DATE "23 Nov 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.4 24 Oct 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.0 23 Nov 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pem.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pem.h index 000d9c89..0446c770 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pem.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pem.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -57,6 +57,7 @@ extern "C" { # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" # define PEM_STRING_PARAMETERS "PARAMETERS" # define PEM_STRING_CMS "CMS" +# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS" # define PEM_TYPE_ENCRYPTED 10 # define PEM_TYPE_MIC_ONLY 20 diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pkcs12.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pkcs12.h index 9e20fc1a..b08b0bc2 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pkcs12.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pkcs12.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/pkcs12.h.in * - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -44,6 +44,7 @@ extern "C" { # define PKCS12_MAC_KEY_LENGTH 20 +/* The macro is expected to be used only internally. Kept for backwards compatibility. */ # define PKCS12_SALT_LEN 8 /* It's not clear if these are actually needed... */ @@ -133,7 +134,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag); const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag); +X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq); X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); +X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq); X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); const STACK_OF(PKCS12_SAFEBAG) * PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); @@ -221,6 +224,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); const STACK_OF(X509_ATTRIBUTE) * PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); +void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs); unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, int passlen, const unsigned char *in, int inlen, @@ -308,6 +312,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) void PKCS12_PBE_add(void); int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); +typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg); PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, int keytype); @@ -315,6 +320,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, int keytype, OSSL_LIB_CTX *ctx, const char *propq); +PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey, + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, + int iter, int mac_iter, int keytype, + OSSL_LIB_CTX *ctx, const char *propq, + PKCS12_create_cb *cb, void *cbarg); PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pkcs12.h.in b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pkcs12.h.in index cf956b41..35759d4d 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pkcs12.h.in +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pkcs12.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -45,6 +45,7 @@ extern "C" { # define PKCS12_MAC_KEY_LENGTH 20 +/* The macro is expected to be used only internally. Kept for backwards compatibility. */ # define PKCS12_SALT_LEN 8 /* It's not clear if these are actually needed... */ @@ -110,7 +111,9 @@ int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag); const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag); +X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq); X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); +X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq); X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); const STACK_OF(PKCS12_SAFEBAG) * PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); @@ -198,6 +201,7 @@ ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); const STACK_OF(X509_ATTRIBUTE) * PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); +void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs); unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, int passlen, const unsigned char *in, int inlen, @@ -285,6 +289,7 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) void PKCS12_PBE_add(void); int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); +typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg); PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, int keytype); @@ -292,6 +297,11 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, int keytype, OSSL_LIB_CTX *ctx, const char *propq); +PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey, + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, + int iter, int mac_iter, int keytype, + OSSL_LIB_CTX *ctx, const char *propq, + PKCS12_create_cb *cb, void *cbarg); PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pkcs12err.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pkcs12err.h index 933c8329..abce3736 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pkcs12err.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pkcs12err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,6 +21,7 @@ /* * PKCS12 reason codes. */ +# define PKCS12_R_CALLBACK_FAILED 115 # define PKCS12_R_CANT_PACK_STRUCTURE 100 # define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 # define PKCS12_R_DECODE_ERROR 101 diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pkcs7.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pkcs7.h index f824546c..dc46c511 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pkcs7.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pkcs7.h @@ -134,8 +134,8 @@ SKM_DEFINE_STACK_OF_INTERNAL(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO, PKCS7_RECIP_INF typedef struct pkcs7_signed_st { ASN1_INTEGER *version; /* version 1 */ STACK_OF(X509_ALGOR) *md_algs; /* md used */ - STACK_OF(X509) *cert; /* [ 0 ] */ - STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(X509) *cert; /* [ 0 ] */ /* name should be 'certificates' */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ /* name should be 'crls' */ STACK_OF(PKCS7_SIGNER_INFO) *signer_info; struct pkcs7_st *contents; } PKCS7_SIGNED; @@ -161,8 +161,8 @@ typedef struct pkcs7_enveloped_st { typedef struct pkcs7_signedandenveloped_st { ASN1_INTEGER *version; /* version 1 */ STACK_OF(X509_ALGOR) *md_algs; /* md used */ - STACK_OF(X509) *cert; /* [ 0 ] */ - STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(X509) *cert; /* [ 0 ] */ /* name should be 'certificates' */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ /* name should be 'crls' */ STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_ENC_CONTENT *enc_data; STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; @@ -203,7 +203,7 @@ typedef struct pkcs7_st { /* NID_pkcs7_data */ ASN1_OCTET_STRING *data; /* NID_pkcs7_signed */ - PKCS7_SIGNED *sign; + PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */ /* NID_pkcs7_enveloped */ PKCS7_ENVELOPE *enveloped; /* NID_pkcs7_signedAndEnveloped */ @@ -344,13 +344,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst); int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); -int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); -int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); +int PKCS7_add_certificate(PKCS7 *p7, X509 *cert); +int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl); int PKCS7_content_new(PKCS7 *p7, int nid); int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - X509 *x509); + X509 *signer); BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pkcs7.h.in b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pkcs7.h.in index a346bc74..11a636e1 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pkcs7.h.in +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/pkcs7.h.in @@ -87,8 +87,8 @@ typedef struct pkcs7_recip_info_st { typedef struct pkcs7_signed_st { ASN1_INTEGER *version; /* version 1 */ STACK_OF(X509_ALGOR) *md_algs; /* md used */ - STACK_OF(X509) *cert; /* [ 0 ] */ - STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(X509) *cert; /* [ 0 ] */ /* name should be 'certificates' */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ /* name should be 'crls' */ STACK_OF(PKCS7_SIGNER_INFO) *signer_info; struct pkcs7_st *contents; } PKCS7_SIGNED; @@ -114,8 +114,8 @@ typedef struct pkcs7_enveloped_st { typedef struct pkcs7_signedandenveloped_st { ASN1_INTEGER *version; /* version 1 */ STACK_OF(X509_ALGOR) *md_algs; /* md used */ - STACK_OF(X509) *cert; /* [ 0 ] */ - STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(X509) *cert; /* [ 0 ] */ /* name should be 'certificates' */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ /* name should be 'crls' */ STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_ENC_CONTENT *enc_data; STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; @@ -156,7 +156,7 @@ typedef struct pkcs7_st { /* NID_pkcs7_data */ ASN1_OCTET_STRING *data; /* NID_pkcs7_signed */ - PKCS7_SIGNED *sign; + PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */ /* NID_pkcs7_enveloped */ PKCS7_ENVELOPE *enveloped; /* NID_pkcs7_signedAndEnveloped */ @@ -273,13 +273,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst); int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); -int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); -int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); +int PKCS7_add_certificate(PKCS7 *p7, X509 *cert); +int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl); int PKCS7_content_new(PKCS7 *p7, int nid); int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - X509 *x509); + X509 *signer); BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/prov_ssl.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/prov_ssl.h index d3e0896c..76d01e1e 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/prov_ssl.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/prov_ssl.h @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,6 +19,7 @@ extern "C" { # define SSL_MAX_MASTER_KEY_LENGTH 48 +/* SSL/TLS uses a 2 byte unsigned version number */ # define SSL3_VERSION 0x0300 # define TLS1_VERSION 0x0301 # define TLS1_1_VERSION 0x0302 @@ -28,6 +29,9 @@ extern "C" { # define DTLS1_2_VERSION 0xFEFD # define DTLS1_BAD_VER 0x0100 +/* QUIC uses a 4 byte unsigned version number */ +# define OSSL_QUIC1_VERSION 0x0000001 + # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/proverr.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/proverr.h index 5d5c16d9..d9ef5681 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/proverr.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/proverr.h @@ -52,6 +52,7 @@ # define PROV_R_INDICATOR_INTEGRITY_FAILURE 210 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH 181 # define PROV_R_INVALID_AAD 108 +# define PROV_R_INVALID_AEAD 231 # define PROV_R_INVALID_CONFIG_DATA 211 # define PROV_R_INVALID_CONSTANT_LENGTH 157 # define PROV_R_INVALID_CURVE 176 @@ -63,9 +64,11 @@ # define PROV_R_INVALID_INPUT_LENGTH 230 # define PROV_R_INVALID_ITERATION_COUNT 123 # define PROV_R_INVALID_IV_LENGTH 109 +# define PROV_R_INVALID_KDF 232 # define PROV_R_INVALID_KEY 158 # define PROV_R_INVALID_KEY_LENGTH 105 # define PROV_R_INVALID_MAC 151 +# define PROV_R_INVALID_MEMORY_SIZE 235 # define PROV_R_INVALID_MGF1_MD 167 # define PROV_R_INVALID_MODE 125 # define PROV_R_INVALID_OUTPUT_LENGTH 217 @@ -77,6 +80,7 @@ # define PROV_R_INVALID_STATE 212 # define PROV_R_INVALID_TAG 110 # define PROV_R_INVALID_TAG_LENGTH 118 +# define PROV_R_INVALID_THREAD_POOL_SIZE 234 # define PROV_R_INVALID_UKM_LENGTH 200 # define PROV_R_INVALID_X931_DIGEST 170 # define PROV_R_IN_ERROR_STATE 192 diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/provider.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/provider.h index dc86ff58..24ec0827 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/provider.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/provider.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,13 +17,19 @@ extern "C" { # endif -/* Set the default provider search path */ +/* Set and Get a library context search path */ int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *path); +const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx); /* Load and unload a provider */ OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *name); +OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name, + OSSL_PARAM *params); OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *name, int retain_fallbacks); +OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name, + OSSL_PARAM *params, + int retain_fallbacks); int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov); int OSSL_PROVIDER_available(OSSL_LIB_CTX *, const char *name); int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx, diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/quic.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/quic.h new file mode 100644 index 00000000..74a6345d --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/quic.h @@ -0,0 +1,37 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_QUIC_H +# define OPENSSL_QUIC_H +# pragma once + +# include +# include + +# ifndef OPENSSL_NO_QUIC + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * Method used for non-thread-assisted QUIC client operation. + */ +__owur const SSL_METHOD *OSSL_QUIC_client_method(void); +/* + * Method used for thread-assisted QUIC client operation. + */ +__owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void); + +# ifdef __cplusplus +} +# endif + +# endif /* OPENSSL_NO_QUIC */ +#endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/rand.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/rand.h index 90e0f0a0..1fa1129e 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/rand.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/rand.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/rsa.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/rsa.h index d0c95992..167427d3 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/rsa.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/rsa.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) +# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14) + # define RSA_PKCS1_PADDING 1 # define RSA_NO_PADDING 3 # define RSA_PKCS1_OAEP_PADDING 4 @@ -198,6 +200,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); # define RSA_PKCS1_PSS_PADDING 6 # define RSA_PKCS1_WITH_TLS_PADDING 7 +/* internal RSA_ only */ +# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8 + # define RSA_PKCS1_PADDING_SIZE 11 # define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/sha.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/sha.h index 6e65a040..163a7d58 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/sha.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/sha.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -81,6 +81,7 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c, unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md); unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); +# define SHA256_192_DIGEST_LENGTH 24 # define SHA224_DIGEST_LENGTH 28 # define SHA256_DIGEST_LENGTH 32 # define SHA384_DIGEST_LENGTH 48 diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/srtp.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/srtp.h index d64606e5..2c2c3344 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/srtp.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/srtp.h @@ -28,16 +28,28 @@ extern "C" { #endif -# define SRTP_AES128_CM_SHA1_80 0x0001 -# define SRTP_AES128_CM_SHA1_32 0x0002 -# define SRTP_AES128_F8_SHA1_80 0x0003 -# define SRTP_AES128_F8_SHA1_32 0x0004 -# define SRTP_NULL_SHA1_80 0x0005 -# define SRTP_NULL_SHA1_32 0x0006 +# define SRTP_AES128_CM_SHA1_80 0x0001 +# define SRTP_AES128_CM_SHA1_32 0x0002 +# define SRTP_AES128_F8_SHA1_80 0x0003 +# define SRTP_AES128_F8_SHA1_32 0x0004 +# define SRTP_NULL_SHA1_80 0x0005 +# define SRTP_NULL_SHA1_32 0x0006 /* AEAD SRTP protection profiles from RFC 7714 */ -# define SRTP_AEAD_AES_128_GCM 0x0007 -# define SRTP_AEAD_AES_256_GCM 0x0008 +# define SRTP_AEAD_AES_128_GCM 0x0007 +# define SRTP_AEAD_AES_256_GCM 0x0008 + +/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */ +# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM 0x0009 +# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM 0x000A + +/* ARIA SRTP protection profiles from RFC 8269 */ +# define SRTP_ARIA_128_CTR_HMAC_SHA1_80 0x000B +# define SRTP_ARIA_128_CTR_HMAC_SHA1_32 0x000C +# define SRTP_ARIA_256_CTR_HMAC_SHA1_80 0x000D +# define SRTP_ARIA_256_CTR_HMAC_SHA1_32 0x000E +# define SRTP_AEAD_ARIA_128_GCM 0x000F +# define SRTP_AEAD_ARIA_256_GCM 0x0010 # ifndef OPENSSL_NO_SRTP diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ssl.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ssl.h index 942f20e6..2b43485f 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ssl.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ssl.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/ssl.h.in * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -24,6 +24,7 @@ # endif # include +# include # include # include # include @@ -281,28 +282,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, /* Extension context codes */ /* This extension is only allowed in TLS */ -#define SSL_EXT_TLS_ONLY 0x0001 +#define SSL_EXT_TLS_ONLY 0x00001 /* This extension is only allowed in DTLS */ -#define SSL_EXT_DTLS_ONLY 0x0002 +#define SSL_EXT_DTLS_ONLY 0x00002 /* Some extensions may be allowed in DTLS but we don't implement them for it */ -#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004 +#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x00004 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ -#define SSL_EXT_SSL3_ALLOWED 0x0008 +#define SSL_EXT_SSL3_ALLOWED 0x00008 /* Extension is only defined for TLS1.2 and below */ -#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010 +#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x00010 /* Extension is only defined for TLS1.3 and above */ -#define SSL_EXT_TLS1_3_ONLY 0x0020 +#define SSL_EXT_TLS1_3_ONLY 0x00020 /* Ignore this extension during parsing if we are resuming */ -#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040 -#define SSL_EXT_CLIENT_HELLO 0x0080 +#define SSL_EXT_IGNORE_ON_RESUMPTION 0x00040 +#define SSL_EXT_CLIENT_HELLO 0x00080 /* Really means TLS1.2 or below */ -#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100 -#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200 -#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400 -#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800 -#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000 -#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000 -#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000 +#define SSL_EXT_TLS1_2_SERVER_HELLO 0x00100 +#define SSL_EXT_TLS1_3_SERVER_HELLO 0x00200 +#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x00400 +#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x00800 +#define SSL_EXT_TLS1_3_CERTIFICATE 0x01000 +#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x02000 +#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x04000 +#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION 0x08000 +/* When sending a raw public key in a certificate message */ +#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY 0x10000 /* Typedefs for handling custom extensions */ @@ -433,6 +437,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); * interoperability with CryptoPro CSP 3.x */ # define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31) +/* + * Disable RFC8879 certificate compression + * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates, + * and ignore the extension when received. + * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and + * subsequently indicating that receiving is not supported + */ +# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION SSL_OP_BIT(32) +# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION SSL_OP_BIT(33) + /* Enable KTLS TX zerocopy on Linux */ +# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE SSL_OP_BIT(34) /* * Option "collections." @@ -577,6 +592,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); # define CERT_PKEY_CERT_TYPE 0x400 /* Cert chain suitable to Suite B */ # define CERT_PKEY_SUITEB 0x800 +/* Cert pkey valid for raw public key use */ +# define CERT_PKEY_RPK 0x1000 # define SSL_CONF_FLAG_CMDLINE 0x1 # define SSL_CONF_FLAG_FILE 0x2 @@ -968,6 +985,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s); # include /* This is mostly sslv3 with a few tweaks */ # include /* Datagram TLS */ # include /* Support for the use_srtp extension */ +# include #ifdef __cplusplus extern "C" { @@ -1069,6 +1087,7 @@ typedef enum { DTLS_ST_CR_HELLO_VERIFY_REQUEST, TLS_ST_CR_SRVR_HELLO, TLS_ST_CR_CERT, + TLS_ST_CR_COMP_CERT, TLS_ST_CR_CERT_STATUS, TLS_ST_CR_KEY_EXCH, TLS_ST_CR_CERT_REQ, @@ -1078,6 +1097,7 @@ typedef enum { TLS_ST_CR_FINISHED, TLS_ST_CW_CLNT_HELLO, TLS_ST_CW_CERT, + TLS_ST_CW_COMP_CERT, TLS_ST_CW_KEY_EXCH, TLS_ST_CW_CERT_VRFY, TLS_ST_CW_CHANGE, @@ -1088,10 +1108,12 @@ typedef enum { DTLS_ST_SW_HELLO_VERIFY_REQUEST, TLS_ST_SW_SRVR_HELLO, TLS_ST_SW_CERT, + TLS_ST_SW_COMP_CERT, TLS_ST_SW_KEY_EXCH, TLS_ST_SW_CERT_REQ, TLS_ST_SW_SRVR_DONE, TLS_ST_SR_CERT, + TLS_ST_SR_COMP_CERT, TLS_ST_SR_KEY_EXCH, TLS_ST_SR_CERT_VRFY, TLS_ST_SR_NEXT_PROTO, @@ -1383,6 +1405,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_GET_SIGNATURE_NID 132 # define SSL_CTRL_GET_TMP_KEY 133 # define SSL_CTRL_GET_NEGOTIATED_GROUP 134 +# define SSL_CTRL_GET_IANA_GROUPS 135 # define SSL_CTRL_SET_RETRY_VERIFY 136 # define SSL_CTRL_GET_VERIFY_CERT_STORE 137 # define SSL_CTRL_GET_CHAIN_CERT_STORE 138 @@ -1488,6 +1511,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_get1_groups(s, glist) \ SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) +# define SSL_get0_iana_groups(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst)) # define SSL_CTX_set1_groups(ctx, glist, glistlen) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist)) # define SSL_CTX_set1_groups_list(ctx, s) \ @@ -1552,6 +1577,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_get_max_proto_version(s) \ SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) +const char *SSL_get0_group_name(SSL *s); const char *SSL_group_to_name(SSL *s, int id); /* Backwards compatibility, original 1.1.0 names */ @@ -1786,6 +1812,9 @@ __owur int SSL_has_matching_session_id(const SSL *s, unsigned int id_len); SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length); +SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp, + long length, OSSL_LIB_CTX *libctx, + const char *propq); # ifdef OPENSSL_X509_H __owur X509 *SSL_get0_peer_certificate(const SSL *s); @@ -1843,6 +1872,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, SSL *SSL_new(SSL_CTX *ctx); int SSL_up_ref(SSL *s); int SSL_is_dtls(const SSL *s); +int SSL_is_tls(const SSL *s); +int SSL_is_quic(const SSL *s); __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len); @@ -1935,6 +1966,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out); int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen); +int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts, + size_t *num_exts); int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out, size_t *outlen); @@ -1989,6 +2022,7 @@ __owur int SSL_get_early_data_status(const SSL *s); __owur int SSL_get_error(const SSL *s, int ret_code); __owur const char *SSL_get_version(const SSL *s); +__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt); /* This sets the 'default' SSL version that SSL_new() will create */ # ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -2297,6 +2331,105 @@ size_t SSL_get_num_tickets(const SSL *s); int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); +/* QUIC support */ +int SSL_handle_events(SSL *s); +__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite); +__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc); +__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc); +__owur int SSL_net_read_desired(SSL *s); +__owur int SSL_net_write_desired(SSL *s); +__owur int SSL_set_blocking_mode(SSL *s, int blocking); +__owur int SSL_get_blocking_mode(SSL *s); +__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr); +__owur SSL *SSL_get0_connection(SSL *s); +__owur int SSL_is_connection(SSL *s); + +#define SSL_STREAM_TYPE_NONE 0 +#define SSL_STREAM_TYPE_READ (1U << 0) +#define SSL_STREAM_TYPE_WRITE (1U << 1) +#define SSL_STREAM_TYPE_BIDI (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE) +__owur int SSL_get_stream_type(SSL *s); + +__owur uint64_t SSL_get_stream_id(SSL *s); +__owur int SSL_is_stream_local(SSL *s); + +#define SSL_DEFAULT_STREAM_MODE_NONE 0 +#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI 1 +#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI 2 +__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode); + +#define SSL_STREAM_FLAG_UNI (1U << 0) +#define SSL_STREAM_FLAG_NO_BLOCK (1U << 1) +#define SSL_STREAM_FLAG_ADVANCE (1U << 2) +__owur SSL *SSL_new_stream(SSL *s, uint64_t flags); + +#define SSL_INCOMING_STREAM_POLICY_AUTO 0 +#define SSL_INCOMING_STREAM_POLICY_ACCEPT 1 +#define SSL_INCOMING_STREAM_POLICY_REJECT 2 +__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec); + +#define SSL_ACCEPT_STREAM_NO_BLOCK (1U << 0) +__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags); +__owur size_t SSL_get_accept_stream_queue_len(SSL *s); + +# ifndef OPENSSL_NO_QUIC +__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf, + size_t buf_len, + const BIO_ADDR *peer, + const BIO_ADDR *local); +# endif + +typedef struct ssl_shutdown_ex_args_st { + uint64_t quic_error_code; + const char *quic_reason; +} SSL_SHUTDOWN_EX_ARGS; + +#define SSL_SHUTDOWN_FLAG_RAPID (1U << 0) +#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH (1U << 1) +#define SSL_SHUTDOWN_FLAG_NO_BLOCK (1U << 2) +#define SSL_SHUTDOWN_FLAG_WAIT_PEER (1U << 3) + +__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags, + const SSL_SHUTDOWN_EX_ARGS *args, + size_t args_len); + +__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags); + +typedef struct ssl_stream_reset_args_st { + uint64_t quic_error_code; +} SSL_STREAM_RESET_ARGS; + +__owur int SSL_stream_reset(SSL *ssl, + const SSL_STREAM_RESET_ARGS *args, + size_t args_len); + +#define SSL_STREAM_STATE_NONE 0 +#define SSL_STREAM_STATE_OK 1 +#define SSL_STREAM_STATE_WRONG_DIR 2 +#define SSL_STREAM_STATE_FINISHED 3 +#define SSL_STREAM_STATE_RESET_LOCAL 4 +#define SSL_STREAM_STATE_RESET_REMOTE 5 +#define SSL_STREAM_STATE_CONN_CLOSED 6 +__owur int SSL_get_stream_read_state(SSL *ssl); +__owur int SSL_get_stream_write_state(SSL *ssl); + +__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code); +__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code); + +#define SSL_CONN_CLOSE_FLAG_LOCAL (1U << 0) +#define SSL_CONN_CLOSE_FLAG_TRANSPORT (1U << 1) + +typedef struct ssl_conn_close_info_st { + uint64_t error_code, frame_type; + const char *reason; + size_t reason_len; + uint32_t flags; +} SSL_CONN_CLOSE_INFO; + +__owur int SSL_get_conn_close_info(SSL *ssl, + SSL_CONN_CLOSE_INFO *info, + size_t info_len); + # ifndef OPENSSL_NO_DEPRECATED_1_1_0 # define SSL_cache_hit(s) SSL_session_reused(s) # endif @@ -2596,6 +2729,36 @@ void SSL_set_allow_early_data_cb(SSL *s, const char *OSSL_default_cipher_list(void); const char *OSSL_default_ciphersuites(void); +/* RFC8879 Certificate compression APIs */ + +int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg); +int SSL_compress_certs(SSL *ssl, int alg); + +int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len); +int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len); + +int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data, + size_t comp_length, size_t orig_length); +int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data, + size_t comp_length, size_t orig_length); +size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len); +size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len); + +__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk); +__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s); +__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s); +__owur int SSL_get_negotiated_client_cert_type(const SSL *s); +__owur int SSL_get_negotiated_server_cert_type(const SSL *s); + +__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len); +__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len); +__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len); +__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len); +__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len); +__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len); +__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len); +__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len); + # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ssl.h.in b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ssl.h.in index f03f52fb..9f91039f 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ssl.h.in +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ssl.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -25,6 +25,7 @@ use OpenSSL::stackhash qw(generate_stack_macros generate_const_stack_macros); # endif # include +# include # include # include # include @@ -258,28 +259,31 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, /* Extension context codes */ /* This extension is only allowed in TLS */ -#define SSL_EXT_TLS_ONLY 0x0001 +#define SSL_EXT_TLS_ONLY 0x00001 /* This extension is only allowed in DTLS */ -#define SSL_EXT_DTLS_ONLY 0x0002 +#define SSL_EXT_DTLS_ONLY 0x00002 /* Some extensions may be allowed in DTLS but we don't implement them for it */ -#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004 +#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x00004 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ -#define SSL_EXT_SSL3_ALLOWED 0x0008 +#define SSL_EXT_SSL3_ALLOWED 0x00008 /* Extension is only defined for TLS1.2 and below */ -#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010 +#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x00010 /* Extension is only defined for TLS1.3 and above */ -#define SSL_EXT_TLS1_3_ONLY 0x0020 +#define SSL_EXT_TLS1_3_ONLY 0x00020 /* Ignore this extension during parsing if we are resuming */ -#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040 -#define SSL_EXT_CLIENT_HELLO 0x0080 +#define SSL_EXT_IGNORE_ON_RESUMPTION 0x00040 +#define SSL_EXT_CLIENT_HELLO 0x00080 /* Really means TLS1.2 or below */ -#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100 -#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200 -#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400 -#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800 -#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000 -#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000 -#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000 +#define SSL_EXT_TLS1_2_SERVER_HELLO 0x00100 +#define SSL_EXT_TLS1_3_SERVER_HELLO 0x00200 +#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x00400 +#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x00800 +#define SSL_EXT_TLS1_3_CERTIFICATE 0x01000 +#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x02000 +#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x04000 +#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION 0x08000 +/* When sending a raw public key in a certificate message */ +#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY 0x10000 /* Typedefs for handling custom extensions */ @@ -410,6 +414,17 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); * interoperability with CryptoPro CSP 3.x */ # define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31) +/* + * Disable RFC8879 certificate compression + * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates, + * and ignore the extension when received. + * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and + * subsequently indicating that receiving is not supported + */ +# define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION SSL_OP_BIT(32) +# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION SSL_OP_BIT(33) + /* Enable KTLS TX zerocopy on Linux */ +# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE SSL_OP_BIT(34) /* * Option "collections." @@ -554,6 +569,8 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); # define CERT_PKEY_CERT_TYPE 0x400 /* Cert chain suitable to Suite B */ # define CERT_PKEY_SUITEB 0x800 +/* Cert pkey valid for raw public key use */ +# define CERT_PKEY_RPK 0x1000 # define SSL_CONF_FLAG_CMDLINE 0x1 # define SSL_CONF_FLAG_FILE 0x2 @@ -945,6 +962,7 @@ uint32_t SSL_get_recv_max_early_data(const SSL *s); # include /* This is mostly sslv3 with a few tweaks */ # include /* Datagram TLS */ # include /* Support for the use_srtp extension */ +# include #ifdef __cplusplus extern "C" { @@ -997,6 +1015,7 @@ typedef enum { DTLS_ST_CR_HELLO_VERIFY_REQUEST, TLS_ST_CR_SRVR_HELLO, TLS_ST_CR_CERT, + TLS_ST_CR_COMP_CERT, TLS_ST_CR_CERT_STATUS, TLS_ST_CR_KEY_EXCH, TLS_ST_CR_CERT_REQ, @@ -1006,6 +1025,7 @@ typedef enum { TLS_ST_CR_FINISHED, TLS_ST_CW_CLNT_HELLO, TLS_ST_CW_CERT, + TLS_ST_CW_COMP_CERT, TLS_ST_CW_KEY_EXCH, TLS_ST_CW_CERT_VRFY, TLS_ST_CW_CHANGE, @@ -1016,10 +1036,12 @@ typedef enum { DTLS_ST_SW_HELLO_VERIFY_REQUEST, TLS_ST_SW_SRVR_HELLO, TLS_ST_SW_CERT, + TLS_ST_SW_COMP_CERT, TLS_ST_SW_KEY_EXCH, TLS_ST_SW_CERT_REQ, TLS_ST_SW_SRVR_DONE, TLS_ST_SR_CERT, + TLS_ST_SR_COMP_CERT, TLS_ST_SR_KEY_EXCH, TLS_ST_SR_CERT_VRFY, TLS_ST_SR_NEXT_PROTO, @@ -1311,6 +1333,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_GET_SIGNATURE_NID 132 # define SSL_CTRL_GET_TMP_KEY 133 # define SSL_CTRL_GET_NEGOTIATED_GROUP 134 +# define SSL_CTRL_GET_IANA_GROUPS 135 # define SSL_CTRL_SET_RETRY_VERIFY 136 # define SSL_CTRL_GET_VERIFY_CERT_STORE 137 # define SSL_CTRL_GET_CHAIN_CERT_STORE 138 @@ -1416,6 +1439,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_get1_groups(s, glist) \ SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) +# define SSL_get0_iana_groups(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst)) # define SSL_CTX_set1_groups(ctx, glist, glistlen) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist)) # define SSL_CTX_set1_groups_list(ctx, s) \ @@ -1480,6 +1505,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_get_max_proto_version(s) \ SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) +const char *SSL_get0_group_name(SSL *s); const char *SSL_group_to_name(SSL *s, int id); /* Backwards compatibility, original 1.1.0 names */ @@ -1714,6 +1740,9 @@ __owur int SSL_has_matching_session_id(const SSL *s, unsigned int id_len); SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length); +SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp, + long length, OSSL_LIB_CTX *libctx, + const char *propq); # ifdef OPENSSL_X509_H __owur X509 *SSL_get0_peer_certificate(const SSL *s); @@ -1771,6 +1800,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, SSL *SSL_new(SSL_CTX *ctx); int SSL_up_ref(SSL *s); int SSL_is_dtls(const SSL *s); +int SSL_is_tls(const SSL *s); +int SSL_is_quic(const SSL *s); __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len); @@ -1863,6 +1894,8 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out); int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen); +int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts, + size_t *num_exts); int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out, size_t *outlen); @@ -1917,6 +1950,7 @@ __owur int SSL_get_early_data_status(const SSL *s); __owur int SSL_get_error(const SSL *s, int ret_code); __owur const char *SSL_get_version(const SSL *s); +__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt); /* This sets the 'default' SSL version that SSL_new() will create */ # ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -2225,6 +2259,105 @@ size_t SSL_get_num_tickets(const SSL *s); int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); +/* QUIC support */ +int SSL_handle_events(SSL *s); +__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite); +__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc); +__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc); +__owur int SSL_net_read_desired(SSL *s); +__owur int SSL_net_write_desired(SSL *s); +__owur int SSL_set_blocking_mode(SSL *s, int blocking); +__owur int SSL_get_blocking_mode(SSL *s); +__owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr); +__owur SSL *SSL_get0_connection(SSL *s); +__owur int SSL_is_connection(SSL *s); + +#define SSL_STREAM_TYPE_NONE 0 +#define SSL_STREAM_TYPE_READ (1U << 0) +#define SSL_STREAM_TYPE_WRITE (1U << 1) +#define SSL_STREAM_TYPE_BIDI (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE) +__owur int SSL_get_stream_type(SSL *s); + +__owur uint64_t SSL_get_stream_id(SSL *s); +__owur int SSL_is_stream_local(SSL *s); + +#define SSL_DEFAULT_STREAM_MODE_NONE 0 +#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI 1 +#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI 2 +__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode); + +#define SSL_STREAM_FLAG_UNI (1U << 0) +#define SSL_STREAM_FLAG_NO_BLOCK (1U << 1) +#define SSL_STREAM_FLAG_ADVANCE (1U << 2) +__owur SSL *SSL_new_stream(SSL *s, uint64_t flags); + +#define SSL_INCOMING_STREAM_POLICY_AUTO 0 +#define SSL_INCOMING_STREAM_POLICY_ACCEPT 1 +#define SSL_INCOMING_STREAM_POLICY_REJECT 2 +__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec); + +#define SSL_ACCEPT_STREAM_NO_BLOCK (1U << 0) +__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags); +__owur size_t SSL_get_accept_stream_queue_len(SSL *s); + +# ifndef OPENSSL_NO_QUIC +__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf, + size_t buf_len, + const BIO_ADDR *peer, + const BIO_ADDR *local); +# endif + +typedef struct ssl_shutdown_ex_args_st { + uint64_t quic_error_code; + const char *quic_reason; +} SSL_SHUTDOWN_EX_ARGS; + +#define SSL_SHUTDOWN_FLAG_RAPID (1U << 0) +#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH (1U << 1) +#define SSL_SHUTDOWN_FLAG_NO_BLOCK (1U << 2) +#define SSL_SHUTDOWN_FLAG_WAIT_PEER (1U << 3) + +__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags, + const SSL_SHUTDOWN_EX_ARGS *args, + size_t args_len); + +__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags); + +typedef struct ssl_stream_reset_args_st { + uint64_t quic_error_code; +} SSL_STREAM_RESET_ARGS; + +__owur int SSL_stream_reset(SSL *ssl, + const SSL_STREAM_RESET_ARGS *args, + size_t args_len); + +#define SSL_STREAM_STATE_NONE 0 +#define SSL_STREAM_STATE_OK 1 +#define SSL_STREAM_STATE_WRONG_DIR 2 +#define SSL_STREAM_STATE_FINISHED 3 +#define SSL_STREAM_STATE_RESET_LOCAL 4 +#define SSL_STREAM_STATE_RESET_REMOTE 5 +#define SSL_STREAM_STATE_CONN_CLOSED 6 +__owur int SSL_get_stream_read_state(SSL *ssl); +__owur int SSL_get_stream_write_state(SSL *ssl); + +__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code); +__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code); + +#define SSL_CONN_CLOSE_FLAG_LOCAL (1U << 0) +#define SSL_CONN_CLOSE_FLAG_TRANSPORT (1U << 1) + +typedef struct ssl_conn_close_info_st { + uint64_t error_code, frame_type; + const char *reason; + size_t reason_len; + uint32_t flags; +} SSL_CONN_CLOSE_INFO; + +__owur int SSL_get_conn_close_info(SSL *ssl, + SSL_CONN_CLOSE_INFO *info, + size_t info_len); + # ifndef OPENSSL_NO_DEPRECATED_1_1_0 # define SSL_cache_hit(s) SSL_session_reused(s) # endif @@ -2524,6 +2657,36 @@ void SSL_set_allow_early_data_cb(SSL *s, const char *OSSL_default_cipher_list(void); const char *OSSL_default_ciphersuites(void); +/* RFC8879 Certificate compression APIs */ + +int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg); +int SSL_compress_certs(SSL *ssl, int alg); + +int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len); +int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len); + +int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data, + size_t comp_length, size_t orig_length); +int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data, + size_t comp_length, size_t orig_length); +size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len); +size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len); + +__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk); +__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s); +__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s); +__owur int SSL_get_negotiated_client_cert_type(const SSL *s); +__owur int SSL_get_negotiated_server_cert_type(const SSL *s); + +__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len); +__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len); +__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len); +__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len); +__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len); +__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len); +__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len); +__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len); + # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ssl3.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ssl3.h index 49bd51f2..4f076c6c 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ssl3.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ssl3.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -239,6 +239,13 @@ extern "C" { # define SSL3_RT_HEADER 0x100 # define SSL3_RT_INNER_CONTENT_TYPE 0x101 +/* Pseudo content types for QUIC */ +# define SSL3_RT_QUIC_DATAGRAM 0x200 +# define SSL3_RT_QUIC_PACKET 0x201 +# define SSL3_RT_QUIC_FRAME_FULL 0x202 +# define SSL3_RT_QUIC_FRAME_HEADER 0x203 +# define SSL3_RT_QUIC_FRAME_PADDING 0x204 + # define SSL3_AL_WARNING 1 # define SSL3_AL_FATAL 2 @@ -300,6 +307,8 @@ extern "C" { /* Set if extended master secret extension required on renegotiation */ # define TLS1_FLAGS_REQUIRED_EXTMS 0x1000 +/* 0x2000 is reserved for TLS1_FLAGS_QUIC (internal) */ + # define SSL3_MT_HELLO_REQUEST 0 # define SSL3_MT_CLIENT_HELLO 1 # define SSL3_MT_SERVER_HELLO 2 @@ -317,6 +326,7 @@ extern "C" { # define SSL3_MT_CERTIFICATE_STATUS 22 # define SSL3_MT_SUPPLEMENTAL_DATA 23 # define SSL3_MT_KEY_UPDATE 24 +# define SSL3_MT_COMPRESSED_CERTIFICATE 25 # ifndef OPENSSL_NO_NEXTPROTONEG # define SSL3_MT_NEXT_PROTO 67 # endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/sslerr.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/sslerr.h index f1882558..e1eb9a56 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/sslerr.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/sslerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,8 +25,10 @@ # define SSL_R_APP_DATA_IN_HANDSHAKE 100 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 # define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158 +# define SSL_R_BAD_CERTIFICATE 348 # define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 # define SSL_R_BAD_CIPHER 186 +# define SSL_R_BAD_COMPRESSION_ALGORITHM 326 # define SSL_R_BAD_DATA 390 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 # define SSL_R_BAD_DECOMPRESSION 107 @@ -82,6 +84,7 @@ # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 # define SSL_R_COMPRESSION_LIBRARY_ERROR 142 # define SSL_R_CONNECTION_TYPE_NOT_SET 144 +# define SSL_R_CONN_USE_ONLY 356 # define SSL_R_CONTEXT_NOT_DANE_ENABLED 167 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400 # define SSL_R_COOKIE_MISMATCH 308 @@ -110,6 +113,7 @@ # define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 # define SSL_R_EE_KEY_TOO_SMALL 399 +# define SSL_R_EMPTY_RAW_PUBLIC_KEY 349 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 @@ -119,6 +123,7 @@ # define SSL_R_EXTENSION_NOT_RECEIVED 279 # define SSL_R_EXTRA_DATA_IN_MESSAGE 153 # define SSL_R_EXT_LENGTH_MISMATCH 163 +# define SSL_R_FAILED_TO_GET_PARAMETER 316 # define SSL_R_FAILED_TO_INIT_ASYNC 405 # define SSL_R_FRAGMENTED_CLIENT_HELLO 401 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 @@ -144,6 +149,8 @@ # define SSL_R_INVALID_KEY_UPDATE_TYPE 120 # define SSL_R_INVALID_MAX_EARLY_DATA 174 # define SSL_R_INVALID_NULL_CMD_NAME 385 +# define SSL_R_INVALID_RAW_PUBLIC_KEY 350 +# define SSL_R_INVALID_RECORD 317 # define SSL_R_INVALID_SEQUENCE_NUMBER 402 # define SSL_R_INVALID_SERVERINFO_DATA 388 # define SSL_R_INVALID_SESSION_ID 999 @@ -156,6 +163,7 @@ # define SSL_R_LENGTH_TOO_SHORT 160 # define SSL_R_LIBRARY_BUG 274 # define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +# define SSL_R_MAXIMUM_ENCRYPTED_PKTS_REACHED 395 # define SSL_R_MISSING_DSA_SIGNING_CERT 165 # define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 # define SSL_R_MISSING_FATAL 256 @@ -196,9 +204,11 @@ # define SSL_R_NO_SHARED_GROUPS 410 # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376 # define SSL_R_NO_SRTP_PROFILES 359 +# define SSL_R_NO_STREAM 355 # define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM 297 # define SSL_R_NO_SUITABLE_GROUPS 295 # define SSL_R_NO_SUITABLE_KEY_SHARE 101 +# define SSL_R_NO_SUITABLE_RECORD_LAYER 322 # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM 118 # define SSL_R_NO_VALID_SCTS 216 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 @@ -221,10 +231,16 @@ # define SSL_R_PSK_IDENTITY_NOT_FOUND 223 # define SSL_R_PSK_NO_CLIENT_CB 224 # define SSL_R_PSK_NO_SERVER_CB 225 +# define SSL_R_QUIC_HANDSHAKE_LAYER_ERROR 393 +# define SSL_R_QUIC_NETWORK_ERROR 387 +# define SSL_R_QUIC_PROTOCOL_ERROR 382 # define SSL_R_READ_BIO_NOT_SET 211 # define SSL_R_READ_TIMEOUT_EXPIRED 312 +# define SSL_R_RECORDS_NOT_RELEASED 321 +# define SSL_R_RECORD_LAYER_FAILURE 313 # define SSL_R_RECORD_LENGTH_MISMATCH 213 # define SSL_R_RECORD_TOO_SMALL 298 +# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET 346 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 # define SSL_R_RENEGOTIATION_ENCODING_ERR 336 # define SSL_R_RENEGOTIATION_MISMATCH 337 @@ -234,6 +250,7 @@ # define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING 342 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 # define SSL_R_SCT_VERIFICATION_FAILED 208 +# define SSL_R_SEQUENCE_CTR_WRAPPED 327 # define SSL_R_SERVERHELLO_TLSEXT 275 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 # define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 @@ -273,6 +290,11 @@ # define SSL_R_SSL_SESSION_ID_TOO_LONG 408 # define SSL_R_SSL_SESSION_VERSION_MISMATCH 210 # define SSL_R_STILL_IN_INIT 121 +# define SSL_R_STREAM_COUNT_LIMITED 411 +# define SSL_R_STREAM_FINISHED 365 +# define SSL_R_STREAM_RECV_ONLY 366 +# define SSL_R_STREAM_RESET 375 +# define SSL_R_STREAM_SEND_ONLY 379 # define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 # define SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 @@ -316,6 +338,7 @@ # define SSL_R_UNKNOWN_COMMAND 139 # define SSL_R_UNKNOWN_DIGEST 368 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 +# define SSL_R_UNKNOWN_MANDATORY_PARAMETER 323 # define SSL_R_UNKNOWN_PKEY_TYPE 251 # define SSL_R_UNKNOWN_PROTOCOL 252 # define SSL_R_UNKNOWN_SSL_VERSION 254 @@ -333,6 +356,7 @@ # define SSL_R_WRONG_CERTIFICATE_TYPE 383 # define SSL_R_WRONG_CIPHER_RETURNED 261 # define SSL_R_WRONG_CURVE 378 +# define SSL_R_WRONG_RPK_TYPE 351 # define SSL_R_WRONG_SIGNATURE_LENGTH 264 # define SSL_R_WRONG_SIGNATURE_SIZE 265 # define SSL_R_WRONG_SIGNATURE_TYPE 370 diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/store.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/store.h index 3c1445e0..e6ea3cf8 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/store.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/store.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -98,6 +98,14 @@ OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, */ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); +/* + * Deletes the object in the store by URI. + * Returns 1 on success, 0 otherwise. + */ +int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq, + const UI_METHOD *ui_method, void *ui_data, + const OSSL_PARAM params[]); + /* * Check if end of data (end of file) is reached * Returns 1 on end, 0 otherwise. @@ -345,7 +353,7 @@ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader, OSSL_DEPRECATEDIN_3_0 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader); OSSL_DEPRECATEDIN_3_0 -const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader); +const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader); OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); OSSL_DEPRECATEDIN_3_0 diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/thread.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/thread.h new file mode 100644 index 00000000..3926ce54 --- /dev/null +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/thread.h @@ -0,0 +1,31 @@ +/* + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_THREAD_H +# define OPENSSL_THREAD_H + +# define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL (1U<<0) +# define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN (1U<<1) + +# include + +# ifdef __cplusplus +extern "C" { +# endif + +uint32_t OSSL_get_thread_support_flags(void); +int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads); +uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx); + +# ifdef __cplusplus +} +# endif + +#endif /* OPENSSL_THREAD_H */ diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/tls1.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/tls1.h index 793155e1..7e3d1a72 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/tls1.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/tls1.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -28,7 +28,7 @@ extern "C" { /* Default security level if not overridden at config time */ # ifndef OPENSSL_TLS_SECURITY_LEVEL -# define OPENSSL_TLS_SECURITY_LEVEL 1 +# define OPENSSL_TLS_SECURITY_LEVEL 2 # endif /* TLS*_VERSION constants are defined in prov_ssl.h */ @@ -122,6 +122,14 @@ extern "C" { */ # define TLSEXT_TYPE_signed_certificate_timestamp 18 +/* + * Extension type for Raw Public Keys + * https://tools.ietf.org/html/rfc7250 + * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml + */ +# define TLSEXT_TYPE_client_cert_type 19 +# define TLSEXT_TYPE_server_cert_type 20 + /* * ExtensionType value for TLS padding extension. * http://tools.ietf.org/html/draft-agl-tls-padding @@ -134,6 +142,9 @@ extern "C" { /* ExtensionType value from RFC7627 */ # define TLSEXT_TYPE_extended_master_secret 23 +/* ExtensionType value from RFC8879 */ +# define TLSEXT_TYPE_compress_certificate 27 + /* ExtensionType value from RFC4507 */ # define TLSEXT_TYPE_session_ticket 35 @@ -147,6 +158,7 @@ extern "C" { # define TLSEXT_TYPE_post_handshake_auth 49 # define TLSEXT_TYPE_signature_algorithms_cert 50 # define TLSEXT_TYPE_key_share 51 +# define TLSEXT_TYPE_quic_transport_parameters 57 /* Temporary extension type */ # define TLSEXT_TYPE_renegotiate 0xff01 @@ -195,6 +207,15 @@ extern "C" { # define TLSEXT_hash_num 10 +/* Possible compression values from RFC8879 */ +/* Not defined in RFC8879, but used internally for no-compression */ +# define TLSEXT_comp_cert_none 0 +# define TLSEXT_comp_cert_zlib 1 +# define TLSEXT_comp_cert_brotli 2 +# define TLSEXT_comp_cert_zstd 3 +/* one more than the number of defined values - used as size of 0-terminated array */ +# define TLSEXT_comp_cert_limit 4 + /* Flag set for unrecognised algorithms */ # define TLSEXT_nid_unknown 0x1000000 @@ -211,6 +232,15 @@ extern "C" { # define TLSEXT_max_fragment_length_2048 3 # define TLSEXT_max_fragment_length_4096 4 +/* + * TLS Certificate Type (for RFC7250) + * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3 + */ +# define TLSEXT_cert_type_x509 0 +# define TLSEXT_cert_type_pgp 1 /* recognized, but not supported */ +# define TLSEXT_cert_type_rpk 2 +# define TLSEXT_cert_type_1609dot2 3 /* recognized, but not supported */ + int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/trace.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/trace.h index 97e13857..9a5b56ea 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/trace.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/trace.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -305,6 +305,14 @@ void OSSL_trace_end(int category, BIO *channel); # define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) \ OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9)) +#define OSSL_TRACE_STRING_MAX 80 +int OSSL_trace_string(BIO *out, int text, int full, + const unsigned char *data, size_t size); +#define OSSL_TRACE_STRING(category, text, full, data, len) \ + OSSL_TRACE_BEGIN(category) { \ + OSSL_trace_string(trc_out, text, full, data, len); \ + } OSSL_TRACE_END(category) + # ifdef __cplusplus } # endif diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ts.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ts.h index 8ff67332..b09b646d 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ts.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/ts.h @@ -1,5 +1,5 @@ /* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/types.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/types.h index 5f9d8c23..c2802868 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/types.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/types.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509.h index 483cb9d5..ac132633 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/x509.h.in * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -606,6 +606,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, const char *propq); EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, + const char *propq); EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); # endif @@ -654,6 +656,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, const char *propq); EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, + const char *propq); EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); DECLARE_ASN1_DUP_FUNCTION(X509) @@ -887,7 +891,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req); int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); -EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); +EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req); X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req); int X509_REQ_extension_nid(int nid); int *X509_REQ_get_extension_nids(void); @@ -953,13 +957,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r); X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); -int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); +int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey); -int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey); +int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey); int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, unsigned long flags); int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); +void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs); STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); @@ -1265,6 +1270,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len); +void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub, + unsigned char *penc, int penclen); int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype, void *pval, unsigned char *penc, int penclen); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509.h.in b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509.h.in index d4df2adc..72103913 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509.h.in +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -412,6 +412,8 @@ EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, const char *propq); EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, + const char *propq); EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); # endif @@ -460,6 +462,8 @@ EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, const char *propq); EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, + const char *propq); EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); DECLARE_ASN1_DUP_FUNCTION(X509) @@ -693,7 +697,7 @@ int X509_REQ_get_signature_nid(const X509_REQ *req); int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); -EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); +EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req); X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req); int X509_REQ_extension_nid(int nid); int *X509_REQ_get_extension_nids(void); @@ -759,13 +763,14 @@ X509_REVOKED_get0_extensions(const X509_REVOKED *r); X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); -int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); +int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey); -int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey); +int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey); int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, unsigned long flags); int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); +void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs); STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); @@ -1071,6 +1076,8 @@ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len); +void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub, + unsigned char *penc, int penclen); int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype, void *pval, unsigned char *penc, int penclen); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509_vfy.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509_vfy.h index 29b0e147..d3dfff8c 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509_vfy.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509_vfy.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/x509_vfy.h.in * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -411,6 +411,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL, \ # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE 92 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 93 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 94 +# define X509_V_ERR_RPK_UNTRUSTED 95 /* Certificate verify flags */ # ifndef OPENSSL_NO_DEPRECATED_1_1_0 @@ -491,71 +492,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a); int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); X509_STORE *X509_STORE_new(void); -void X509_STORE_free(X509_STORE *v); -int X509_STORE_lock(X509_STORE *ctx); -int X509_STORE_unlock(X509_STORE *ctx); -int X509_STORE_up_ref(X509_STORE *v); -STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v); -STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st); -STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, +void X509_STORE_free(X509_STORE *xs); +int X509_STORE_lock(X509_STORE *xs); +int X509_STORE_unlock(X509_STORE *xs); +int X509_STORE_up_ref(X509_STORE *xs); +STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs); +STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs); +STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs, const X509_NAME *nm); STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st, const X509_NAME *nm); -int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); -int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); -int X509_STORE_set_trust(X509_STORE *ctx, int trust); -int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm); -X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx); +int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags); +int X509_STORE_set_purpose(X509_STORE *xs, int purpose); +int X509_STORE_set_trust(X509_STORE *xs, int trust); +int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm); +X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs); -void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); +void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify); #define X509_STORE_set_verify_func(ctx, func) \ X509_STORE_set_verify((ctx),(func)) void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify); -X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx); -void X509_STORE_set_verify_cb(X509_STORE *ctx, +X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs); +void X509_STORE_set_verify_cb(X509_STORE *xs, X509_STORE_CTX_verify_cb verify_cb); # define X509_STORE_set_verify_cb_func(ctx,func) \ X509_STORE_set_verify_cb((ctx),(func)) -X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx); -void X509_STORE_set_get_issuer(X509_STORE *ctx, +X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs); +void X509_STORE_set_get_issuer(X509_STORE *xs, X509_STORE_CTX_get_issuer_fn get_issuer); -X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx); -void X509_STORE_set_check_issued(X509_STORE *ctx, +X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs); +void X509_STORE_set_check_issued(X509_STORE *xs, X509_STORE_CTX_check_issued_fn check_issued); -X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx); -void X509_STORE_set_check_revocation(X509_STORE *ctx, +X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s); +void X509_STORE_set_check_revocation(X509_STORE *xs, X509_STORE_CTX_check_revocation_fn check_revocation); X509_STORE_CTX_check_revocation_fn - X509_STORE_get_check_revocation(const X509_STORE *ctx); -void X509_STORE_set_get_crl(X509_STORE *ctx, + X509_STORE_get_check_revocation(const X509_STORE *xs); +void X509_STORE_set_get_crl(X509_STORE *xs, X509_STORE_CTX_get_crl_fn get_crl); -X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx); -void X509_STORE_set_check_crl(X509_STORE *ctx, +X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs); +void X509_STORE_set_check_crl(X509_STORE *xs, X509_STORE_CTX_check_crl_fn check_crl); -X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx); -void X509_STORE_set_cert_crl(X509_STORE *ctx, +X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs); +void X509_STORE_set_cert_crl(X509_STORE *xs, X509_STORE_CTX_cert_crl_fn cert_crl); -X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx); -void X509_STORE_set_check_policy(X509_STORE *ctx, +X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs); +void X509_STORE_set_check_policy(X509_STORE *xs, X509_STORE_CTX_check_policy_fn check_policy); -X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx); -void X509_STORE_set_lookup_certs(X509_STORE *ctx, +X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s); +void X509_STORE_set_lookup_certs(X509_STORE *xs, X509_STORE_CTX_lookup_certs_fn lookup_certs); -X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx); -void X509_STORE_set_lookup_crls(X509_STORE *ctx, +X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s); +void X509_STORE_set_lookup_crls(X509_STORE *xs, X509_STORE_CTX_lookup_crls_fn lookup_crls); #define X509_STORE_set_lookup_crls_cb(ctx, func) \ X509_STORE_set_lookup_crls((ctx), (func)) -X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx); -void X509_STORE_set_cleanup(X509_STORE *ctx, +X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs); +void X509_STORE_set_cleanup(X509_STORE *xs, X509_STORE_CTX_cleanup_fn cleanup); -X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx); +X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs); #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef) -int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data); -void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx); +int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data); +void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx); X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq); X509_STORE_CTX *X509_STORE_CTX_new(void); @@ -565,11 +566,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); void X509_STORE_CTX_free(X509_STORE_CTX *ctx); int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store, X509 *target, STACK_OF(X509) *untrusted); +int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store, + EVP_PKEY* rpk); void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx); X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx); +EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx); STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, @@ -579,6 +583,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx); X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx); X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx); X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx, + X509_STORE_CTX_get_crl_fn get_crl); X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx); X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx); X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx); @@ -600,7 +606,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx); # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls #endif -X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); +X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m); X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); X509_LOOKUP_METHOD *X509_LOOKUP_file(void); X509_LOOKUP_METHOD *X509_LOOKUP_store(void); @@ -685,8 +691,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( const X509_LOOKUP_METHOD *method); -int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); -int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); +int X509_STORE_add_cert(X509_STORE *xs, X509 *x); +int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x); int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, @@ -730,23 +736,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); -int X509_STORE_load_file(X509_STORE *ctx, const char *file); -int X509_STORE_load_path(X509_STORE *ctx, const char *path); -int X509_STORE_load_store(X509_STORE *ctx, const char *store); -int X509_STORE_load_locations(X509_STORE *ctx, - const char *file, - const char *dir); -int X509_STORE_set_default_paths(X509_STORE *ctx); +int X509_STORE_load_file(X509_STORE *xs, const char *file); +int X509_STORE_load_path(X509_STORE *xs, const char *path); +int X509_STORE_load_store(X509_STORE *xs, const char *store); +int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir); +int X509_STORE_set_default_paths(X509_STORE *xs); -int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file, +int X509_STORE_load_file_ex(X509_STORE *xs, const char *file, OSSL_LIB_CTX *libctx, const char *propq); -int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store, +int X509_STORE_load_store_ex(X509_STORE *xs, const char *store, OSSL_LIB_CTX *libctx, const char *propq); -int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file, - const char *dir, OSSL_LIB_CTX *libctx, - const char *propq); -int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx, - const char *propq); +int X509_STORE_load_locations_ex(X509_STORE *xs, + const char *file, const char *dir, + OSSL_LIB_CTX *libctx, const char *propq); +int X509_STORE_set_default_paths_ex(X509_STORE *xs, + OSSL_LIB_CTX *libctx, const char *propq); #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) @@ -764,6 +768,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target); +void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target); void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); @@ -773,6 +778,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t); +void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx, + unsigned int current_reasons); X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx); int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509_vfy.h.in b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509_vfy.h.in index 80f18bd7..7a478d11 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509_vfy.h.in +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509_vfy.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -314,6 +314,7 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL, \ # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE 92 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 93 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 94 +# define X509_V_ERR_RPK_UNTRUSTED 95 /* Certificate verify flags */ # ifndef OPENSSL_NO_DEPRECATED_1_1_0 @@ -394,71 +395,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a); int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); X509_STORE *X509_STORE_new(void); -void X509_STORE_free(X509_STORE *v); -int X509_STORE_lock(X509_STORE *ctx); -int X509_STORE_unlock(X509_STORE *ctx); -int X509_STORE_up_ref(X509_STORE *v); -STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v); -STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st); -STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, +void X509_STORE_free(X509_STORE *xs); +int X509_STORE_lock(X509_STORE *xs); +int X509_STORE_unlock(X509_STORE *xs); +int X509_STORE_up_ref(X509_STORE *xs); +STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs); +STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs); +STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs, const X509_NAME *nm); STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st, const X509_NAME *nm); -int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); -int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); -int X509_STORE_set_trust(X509_STORE *ctx, int trust); -int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm); -X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx); +int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags); +int X509_STORE_set_purpose(X509_STORE *xs, int purpose); +int X509_STORE_set_trust(X509_STORE *xs, int trust); +int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm); +X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs); -void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); +void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify); #define X509_STORE_set_verify_func(ctx, func) \ X509_STORE_set_verify((ctx),(func)) void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify); -X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx); -void X509_STORE_set_verify_cb(X509_STORE *ctx, +X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs); +void X509_STORE_set_verify_cb(X509_STORE *xs, X509_STORE_CTX_verify_cb verify_cb); # define X509_STORE_set_verify_cb_func(ctx,func) \ X509_STORE_set_verify_cb((ctx),(func)) -X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx); -void X509_STORE_set_get_issuer(X509_STORE *ctx, +X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs); +void X509_STORE_set_get_issuer(X509_STORE *xs, X509_STORE_CTX_get_issuer_fn get_issuer); -X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx); -void X509_STORE_set_check_issued(X509_STORE *ctx, +X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs); +void X509_STORE_set_check_issued(X509_STORE *xs, X509_STORE_CTX_check_issued_fn check_issued); -X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx); -void X509_STORE_set_check_revocation(X509_STORE *ctx, +X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s); +void X509_STORE_set_check_revocation(X509_STORE *xs, X509_STORE_CTX_check_revocation_fn check_revocation); X509_STORE_CTX_check_revocation_fn - X509_STORE_get_check_revocation(const X509_STORE *ctx); -void X509_STORE_set_get_crl(X509_STORE *ctx, + X509_STORE_get_check_revocation(const X509_STORE *xs); +void X509_STORE_set_get_crl(X509_STORE *xs, X509_STORE_CTX_get_crl_fn get_crl); -X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx); -void X509_STORE_set_check_crl(X509_STORE *ctx, +X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs); +void X509_STORE_set_check_crl(X509_STORE *xs, X509_STORE_CTX_check_crl_fn check_crl); -X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx); -void X509_STORE_set_cert_crl(X509_STORE *ctx, +X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs); +void X509_STORE_set_cert_crl(X509_STORE *xs, X509_STORE_CTX_cert_crl_fn cert_crl); -X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx); -void X509_STORE_set_check_policy(X509_STORE *ctx, +X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs); +void X509_STORE_set_check_policy(X509_STORE *xs, X509_STORE_CTX_check_policy_fn check_policy); -X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx); -void X509_STORE_set_lookup_certs(X509_STORE *ctx, +X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s); +void X509_STORE_set_lookup_certs(X509_STORE *xs, X509_STORE_CTX_lookup_certs_fn lookup_certs); -X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx); -void X509_STORE_set_lookup_crls(X509_STORE *ctx, +X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s); +void X509_STORE_set_lookup_crls(X509_STORE *xs, X509_STORE_CTX_lookup_crls_fn lookup_crls); #define X509_STORE_set_lookup_crls_cb(ctx, func) \ X509_STORE_set_lookup_crls((ctx), (func)) -X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx); -void X509_STORE_set_cleanup(X509_STORE *ctx, +X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs); +void X509_STORE_set_cleanup(X509_STORE *xs, X509_STORE_CTX_cleanup_fn cleanup); -X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx); +X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs); #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef) -int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data); -void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx); +int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data); +void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx); X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq); X509_STORE_CTX *X509_STORE_CTX_new(void); @@ -468,11 +469,14 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); void X509_STORE_CTX_free(X509_STORE_CTX *ctx); int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store, X509 *target, STACK_OF(X509) *untrusted); +int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store, + EVP_PKEY* rpk); void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx); X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx); +EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx); STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, @@ -482,6 +486,8 @@ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx); X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx); X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx); X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx, + X509_STORE_CTX_get_crl_fn get_crl); X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx); X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx); X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx); @@ -503,7 +509,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx); # define X509_STORE_get1_crl X509_STORE_CTX_get1_crls #endif -X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); +X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m); X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); X509_LOOKUP_METHOD *X509_LOOKUP_file(void); X509_LOOKUP_METHOD *X509_LOOKUP_store(void); @@ -588,8 +594,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( const X509_LOOKUP_METHOD *method); -int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); -int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); +int X509_STORE_add_cert(X509_STORE *xs, X509 *x); +int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x); int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, @@ -633,23 +639,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); -int X509_STORE_load_file(X509_STORE *ctx, const char *file); -int X509_STORE_load_path(X509_STORE *ctx, const char *path); -int X509_STORE_load_store(X509_STORE *ctx, const char *store); -int X509_STORE_load_locations(X509_STORE *ctx, - const char *file, - const char *dir); -int X509_STORE_set_default_paths(X509_STORE *ctx); +int X509_STORE_load_file(X509_STORE *xs, const char *file); +int X509_STORE_load_path(X509_STORE *xs, const char *path); +int X509_STORE_load_store(X509_STORE *xs, const char *store); +int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir); +int X509_STORE_set_default_paths(X509_STORE *xs); -int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file, +int X509_STORE_load_file_ex(X509_STORE *xs, const char *file, OSSL_LIB_CTX *libctx, const char *propq); -int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store, +int X509_STORE_load_store_ex(X509_STORE *xs, const char *store, OSSL_LIB_CTX *libctx, const char *propq); -int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file, - const char *dir, OSSL_LIB_CTX *libctx, - const char *propq); -int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx, - const char *propq); +int X509_STORE_load_locations_ex(X509_STORE *xs, + const char *file, const char *dir, + OSSL_LIB_CTX *libctx, const char *propq); +int X509_STORE_set_default_paths_ex(X509_STORE *xs, + OSSL_LIB_CTX *libctx, const char *propq); #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) @@ -667,6 +671,7 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target); +void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target); void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); @@ -676,6 +681,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t); +void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx, + unsigned int current_reasons); X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx); int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx); diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509err.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509err.h index 34ead4b8..71b557a3 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509err.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509v3.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509v3.h index 75016354..e64da7e0 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509v3.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509v3.h @@ -742,9 +742,10 @@ SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE) # define X509_PURPOSE_ANY 7 # define X509_PURPOSE_OCSP_HELPER 8 # define X509_PURPOSE_TIMESTAMP_SIGN 9 +# define X509_PURPOSE_CODE_SIGN 10 # define X509_PURPOSE_MIN 1 -# define X509_PURPOSE_MAX 9 +# define X509_PURPOSE_MAX 10 /* Flags for X509V3_EXT_print() */ diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509v3.h.in b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509v3.h.in index e33c9d30..56968037 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509v3.h.in +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509v3.h.in @@ -478,9 +478,10 @@ typedef struct x509_purpose_st { # define X509_PURPOSE_ANY 7 # define X509_PURPOSE_OCSP_HELPER 8 # define X509_PURPOSE_TIMESTAMP_SIGN 9 +# define X509_PURPOSE_CODE_SIGN 10 # define X509_PURPOSE_MIN 1 -# define X509_PURPOSE_MAX 9 +# define X509_PURPOSE_MAX 10 /* Flags for X509V3_EXT_print() */ diff --git a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509v3err.h b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509v3err.h index 1ae3a562..deede279 100644 --- a/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509v3err.h +++ b/deps/openssl/ios/iossimulator-xcrun/usr/local/include/openssl/x509v3err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,6 +23,8 @@ */ # define X509V3_R_BAD_IP_ADDRESS 118 # define X509V3_R_BAD_OBJECT 119 +# define X509V3_R_BAD_OPTION 170 +# define X509V3_R_BAD_VALUE 171 # define X509V3_R_BN_DEC2BN_ERROR 100 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 # define X509V3_R_DIRNAME_ERROR 149 @@ -86,6 +88,7 @@ # define X509V3_R_UNKNOWN_EXTENSION 129 # define X509V3_R_UNKNOWN_EXTENSION_NAME 130 # define X509V3_R_UNKNOWN_OPTION 120 +# define X509V3_R_UNKNOWN_VALUE 172 # define X509V3_R_UNSUPPORTED_OPTION 117 # define X509V3_R_UNSUPPORTED_TYPE 167 # define X509V3_R_USER_TOO_LONG 132 diff --git a/tools/ssl-ios b/tools/ssl-ios index 91092de2..1fb25b1c 100755 --- a/tools/ssl-ios +++ b/tools/ssl-ios @@ -1,6 +1,6 @@ #!/bin/sh -OPENSSL_VERSION=3.1.4 +OPENSSL_VERSION=3.2.0 API_LEVEL=28