mirror of
https://github.com/deneraraujo/OpenVPNAdapter.git
synced 2024-10-06 17:22:07 +08:00
Update mbedTLS headers
This commit is contained in:
parent
d95f12c99a
commit
9935faf056
@ -26,7 +26,7 @@
|
||||
#ifndef MBEDTLS_CMAC_H
|
||||
#define MBEDTLS_CMAC_H
|
||||
|
||||
#include "cipher.h"
|
||||
#include "mbedtls/cipher.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
@ -2087,7 +2087,7 @@
|
||||
* it, and considering stronger message digests instead.
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_MD4_C
|
||||
#define MBEDTLS_MD4_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_MD5_C
|
||||
|
@ -25,7 +25,7 @@
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#include "net_sockets.h"
|
||||
#include "mbedtls/net_sockets.h"
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#warning "Deprecated header file: Superseded by mbedtls/net_sockets.h"
|
||||
#endif /* MBEDTLS_DEPRECATED_WARNING */
|
||||
|
@ -228,6 +228,14 @@
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA256 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA384 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
|
||||
|
||||
/*
|
||||
* Encryption algorithms
|
||||
*/
|
||||
@ -402,7 +410,7 @@ int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_b
|
||||
|
||||
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
|
||||
/**
|
||||
* \brief Translate an X.509 extension OID into local values
|
||||
* \brief Translate supported X.509 extension OID into local values
|
||||
*
|
||||
* \param oid OID to use
|
||||
* \param ext_type place to store the extension type
|
||||
@ -410,6 +418,17 @@ int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_b
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
|
||||
|
||||
/**
|
||||
* \brief Translate supported and unsupported X.509 extension OID into local values
|
||||
*
|
||||
* \param oid OID to use
|
||||
* \param ext_type place to store the extension type
|
||||
* \param is_supported place to store flag if extension is supported (1 - supported, 0 otherwise)
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_x509_ext_type_supported( const mbedtls_asn1_buf *oid, int *ext_type, int *is_supported );
|
||||
#endif
|
||||
|
||||
/**
|
||||
@ -514,6 +533,16 @@ int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
|
||||
|
||||
/**
|
||||
* \brief Translate hmac algorithm OID into md_type
|
||||
*
|
||||
* \param oid OID to use
|
||||
* \param md_hmac place to store message hmac algorithm
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
*/
|
||||
int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac );
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
/**
|
||||
|
@ -31,7 +31,7 @@
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
#include "platform_time.h"
|
||||
#include "mbedtls/platform_time.h"
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
@ -53,7 +53,7 @@
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
#include "platform_time.h"
|
||||
#include "mbedtls/platform_time.h"
|
||||
#endif
|
||||
|
||||
/*
|
||||
@ -696,6 +696,10 @@ struct mbedtls_ssl_config
|
||||
retransmission timeout (ms) */
|
||||
#endif
|
||||
|
||||
uint32_t allowed_unsupported_critical_exts; /*!< Bit flags which represent runtime-enabled
|
||||
unsupported critical extensions, e.g.
|
||||
MBEDTLS_X509_EXT_NAME_CONSTRAINTS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
int renego_max_records; /*!< grace period for renegotiation */
|
||||
unsigned char renego_period[8]; /*!< value of the record counters
|
||||
@ -2274,6 +2278,24 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
|
||||
const unsigned char period[8] );
|
||||
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||
|
||||
/**
|
||||
* \brief Allows unsupported critical extensions
|
||||
*
|
||||
* Without compile-time flag MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
|
||||
* mbedTLS fails certificate verification if certificate contains
|
||||
* unsupported critical extensions.
|
||||
*
|
||||
* This method allows to modify behavior in runtime by providing
|
||||
* bit flags which represent unsupported extensions (for example MBEDTLS_X509_EXT_NAME_CONSTRAINTS)
|
||||
* which should be allowed despite missing above mentioned compile-time flag.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param exts Bit flags which represent runtime-enabled unsupported critical extensions,
|
||||
* e.g. MBEDTLS_X509_EXT_NAME_CONSTRAINTS
|
||||
*
|
||||
*/
|
||||
void mbedtls_ssl_conf_allow_unsupported_critical_exts( mbedtls_ssl_config *conf, uint32_t exts );
|
||||
|
||||
/**
|
||||
* \brief Return the number of data bytes available to read
|
||||
*
|
||||
|
@ -90,6 +90,8 @@ typedef struct mbedtls_x509_crt
|
||||
mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
|
||||
void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
|
||||
|
||||
uint32_t allowed_unsupported_critical_exts; /**< Optional Bit flags which represent runtime-enabled unsupported critical extensions, e.g. MBEDTLS_X509_EXT_NAME_CONSTRAINTS */
|
||||
|
||||
struct mbedtls_x509_crt *next; /**< Next certificate in the CA-chain. */
|
||||
}
|
||||
mbedtls_x509_crt;
|
||||
|
Loading…
Reference in New Issue
Block a user