godotengine/godot
1
0
Fork 0
mirror of https://github.com/godotengine/godot.git synced 2025-11-13 13:31:48 +00:00
Code Releases Wiki Activity

mbedTLS: Update to new LTS v3.6.0

Browse Source 
Keep module compatibility with mbedtls 2.x (old LTS branch).

A patch has been added to allow compiling after removing all the `psa_*`
files from the library folder (will look into upstreaming it).

Note: mbedTLS 3.6 finally enabled TLSv1.3 by default, but it requires
some module changes, and to enable PSA crypto (new "standard" API
specification), so it might be best done in a separate commit/PR.
This commit is contained in:
Lyuma
2023-09-24 20:04:06 -07:00
committed by Fabio Alessandrelli
parent 6c57928063
commit 40fa684c18
276 changed files with 97018 additions and 38349 deletions
Download Patch File Download Diff File Expand all files Collapse all files

245
thirdparty/mbedtls/include/mbedtls/x509.h vendored
View File

@@ -9,12 +9,9 @@
*/
#ifndef MBEDTLS_X509_H
#define MBEDTLS_X509_H
#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/build_info.h"
#include "mbedtls/asn1.h"
#include "mbedtls/pk.h"
@@ -139,7 +136,7 @@
/*
* X.509 v3 Key Usage Extension flags
* Reminder: update x509_info_key_usage() when adding new flags.
* Reminder: update mbedtls_x509_info_key_usage() when adding new flags.
*/
#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
#define MBEDTLS_X509_KU_NON_REPUDIATION (0x40) /* bit 1 */
@@ -234,6 +231,17 @@ typedef mbedtls_asn1_named_data mbedtls_x509_name;
*/
typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
/*
* Container for the fields of the Authority Key Identifier object
*/
typedef struct mbedtls_x509_authority {
mbedtls_x509_buf keyIdentifier;
mbedtls_x509_sequence authorityCertIssuer;
mbedtls_x509_buf authorityCertSerialNumber;
mbedtls_x509_buf raw;
}
mbedtls_x509_authority;
/** Container for date and time (precision in seconds). */
typedef struct mbedtls_x509_time {
int year, mon, day; /**< Date. */
@@ -241,7 +249,65 @@ typedef struct mbedtls_x509_time {
}
mbedtls_x509_time;
/**
* From RFC 5280 section 4.2.1.6:
* OtherName ::= SEQUENCE {
* type-id OBJECT IDENTIFIER,
* value [0] EXPLICIT ANY DEFINED BY type-id }
*
* Future versions of the library may add new fields to this structure or
* to its embedded union and structure.
*/
typedef struct mbedtls_x509_san_other_name {
/**
* The type_id is an OID as defined in RFC 5280.
* To check the value of the type id, you should use
* \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
*/
mbedtls_x509_buf type_id; /**< The type id. */
union {
/**
* From RFC 4108 section 5:
* HardwareModuleName ::= SEQUENCE {
* hwType OBJECT IDENTIFIER,
* hwSerialNum OCTET STRING }
*/
struct {
mbedtls_x509_buf oid; /**< The object identifier. */
mbedtls_x509_buf val; /**< The named value. */
}
hardware_module_name;
}
value;
}
mbedtls_x509_san_other_name;
/**
* A structure for holding the parsed Subject Alternative Name,
* according to type.
*
* Future versions of the library may add new fields to this structure or
* to its embedded union and structure.
*/
typedef struct mbedtls_x509_subject_alternative_name {
int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
union {
mbedtls_x509_san_other_name other_name;
mbedtls_x509_name directory_name;
mbedtls_x509_buf unstructured_name; /**< The buffer for the unstructured types. rfc822Name, dnsName and uniformResourceIdentifier are currently supported. */
}
san; /**< A union of the supported SAN types */
}
mbedtls_x509_subject_alternative_name;
typedef struct mbedtls_x509_san_list {
mbedtls_x509_subject_alternative_name node;
struct mbedtls_x509_san_list *next;
}
mbedtls_x509_san_list;
/** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
/** \} addtogroup x509_module */
/**
* \brief Store the certificate DN in printable form into buf;
@@ -256,6 +322,43 @@ mbedtls_x509_time;
*/
int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn);
/**
* \brief Convert the certificate DN string \p name into
* a linked list of mbedtls_x509_name (equivalent to
* mbedtls_asn1_named_data).
*
* \note This function allocates a linked list, and places the head
* pointer in \p head. This list must later be freed by a
* call to mbedtls_asn1_free_named_data_list().
*
* \param[out] head Address in which to store the pointer to the head of the
* allocated list of mbedtls_x509_name
* \param[in] name The string representation of a DN to convert
*
* \return 0 on success, or a negative error code.
*/
int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name);
/**
* \brief Return the next relative DN in an X509 name.
*
* \note Intended use is to compare function result to dn->next
* in order to detect boundaries of multi-valued RDNs.
*
* \param dn Current node in the X509 name
*
* \return Pointer to the first attribute-value pair of the
* next RDN in sequence, or NULL if end is reached.
*/
static inline mbedtls_x509_name *mbedtls_x509_dn_get_next(
mbedtls_x509_name *dn)
{
while (dn->MBEDTLS_PRIVATE(next_merged) && dn->next != NULL) {
dn = dn->next;
}
return dn->next;
}
/**
* \brief Store the certificate serial in printable form into buf;
* no more than size characters will be written.
@@ -269,6 +372,31 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn);
*/
int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial);
/**
* \brief Compare pair of mbedtls_x509_time.
*
* \param t1 mbedtls_x509_time to compare
* \param t2 mbedtls_x509_time to compare
*
* \return < 0 if t1 is before t2
* 0 if t1 equals t2
* > 0 if t1 is after t2
*/
int mbedtls_x509_time_cmp(const mbedtls_x509_time *t1, const mbedtls_x509_time *t2);
#if defined(MBEDTLS_HAVE_TIME_DATE)
/**
* \brief Fill mbedtls_x509_time with provided mbedtls_time_t.
*
* \param tt mbedtls_time_t to convert
* \param now mbedtls_x509_time to fill with converted mbedtls_time_t
*
* \return \c 0 on success
* \return A non-zero return value on failure.
*/
int mbedtls_x509_time_gmtime(mbedtls_time_t tt, mbedtls_x509_time *now);
#endif /* MBEDTLS_HAVE_TIME_DATE */
/**
* \brief Check a given mbedtls_x509_time against the system time
* and tell if it's in the past.
@@ -297,60 +425,63 @@ int mbedtls_x509_time_is_past(const mbedtls_x509_time *to);
*/
int mbedtls_x509_time_is_future(const mbedtls_x509_time *from);
/** \} addtogroup x509_module */
#if defined(MBEDTLS_SELF_TEST)
/**
* \brief This function parses an item in the SubjectAlternativeNames
* extension. Please note that this function might allocate
* additional memory for a subject alternative name, thus
* mbedtls_x509_free_subject_alt_name has to be called
* to dispose of this additional memory afterwards.
*
* \param san_buf The buffer holding the raw data item of the subject
* alternative name.
* \param san The target structure to populate with the parsed presentation
* of the subject alternative name encoded in \p san_buf.
*
* \note Supported GeneralName types, as defined in RFC 5280:
* "rfc822Name", "dnsName", "directoryName",
* "uniformResourceIdentifier" and "hardware_module_name"
* of type "otherName", as defined in RFC 4108.
*
* \note This function should be called on a single raw data of
* subject alternative name. For example, after successful
* certificate parsing, one must iterate on every item in the
* \c crt->subject_alt_names sequence, and pass it to
* this function.
*
* \warning The target structure contains pointers to the raw data of the
* parsed certificate, and its lifetime is restricted by the
* lifetime of the certificate.
*
* \return \c 0 on success
* \return #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported
* SAN type.
* \return Another negative value for any other failure.
*/
int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf,
mbedtls_x509_subject_alternative_name *san);
/**
* \brief Unallocate all data related to subject alternative name
*
* \param san SAN structure - extra memory owned by this structure will be freed
*/
void mbedtls_x509_free_subject_alt_name(mbedtls_x509_subject_alternative_name *san);
/**
* \brief Checkup routine
* \brief This function parses a CN string as an IP address.
*
* \return 0 if successful, or 1 if the test failed
* \param cn The CN string to parse. CN string MUST be null-terminated.
* \param dst The target buffer to populate with the binary IP address.
* The buffer MUST be 16 bytes to save IPv6, and should be
* 4-byte aligned if the result will be used as struct in_addr.
* e.g. uint32_t dst[4]
*
* \note \p cn is parsed as an IPv6 address if string contains ':',
* else \p cn is parsed as an IPv4 address.
*
* \return Length of binary IP address; num bytes written to target.
* \return \c 0 on failure to parse CN string as an IP address.
*/
int mbedtls_x509_self_test(int verbose);
#endif /* MBEDTLS_SELF_TEST */
/*
* Internal module functions. You probably do not want to use these unless you
* know you do.
*/
int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end,
mbedtls_x509_name *cur);
int mbedtls_x509_get_alg_null(unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *alg);
int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *alg, mbedtls_x509_buf *params);
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params,
mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
int *salt_len);
#endif
int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig);
int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
void **sig_opts);
int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end,
mbedtls_x509_time *t);
int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *serial);
int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *ext, int tag);
int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
const void *sig_opts);
int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name);
int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name);
int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
int critical, const unsigned char *val,
size_t val_len);
int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start,
mbedtls_asn1_named_data *first);
int mbedtls_x509_write_names(unsigned char **p, unsigned char *start,
mbedtls_asn1_named_data *first);
int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
const char *oid, size_t oid_len,
unsigned char *sig, size_t size,
mbedtls_pk_type_t pk_alg);
size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst);
#define MBEDTLS_X509_SAFE_SNPRINTF \
do { \
@@ -365,4 +496,4 @@ int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
}
#endif
#endif /* x509.h */
#endif /* MBEDTLS_X509_H */