godotengine/godot
1
0
Fork 0
mirror of https://github.com/godotengine/godot.git synced 2025-11-26 15:46:23 +00:00
Code Releases Wiki Activity

mbedtls: Update to upstream version 2.28.3

Browse Source 
Rediff patch from PR 1453, lstrlenW is no longer used upstream so
that part of the patch was dropped.

(cherry picked from commit 1fde2092d0)
This commit is contained in:
Rémi Verschelde
2023-04-18 10:38:24 +02:00
parent 1850325666
commit b7fe3c9c38
174 changed files with 36064 additions and 35819 deletions
Download Patch File Download Diff File Expand all files Collapse all files

251
thirdparty/mbedtls/include/mbedtls/x509_crt.h vendored
View File

@@ -49,8 +49,7 @@ extern "C" {
/**
* Container for an X.509 certificate. The certificate may be chained.
*/
typedef struct mbedtls_x509_crt
{
typedef struct mbedtls_x509_crt {
int own_buffer; /**< Indicates if \c raw is owned
* by the structure or not. */
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
@@ -104,24 +103,21 @@ mbedtls_x509_crt;
* type-id OBJECT IDENTIFIER,
* value [0] EXPLICIT ANY DEFINED BY type-id }
*/
typedef struct mbedtls_x509_san_other_name
{
typedef struct mbedtls_x509_san_other_name {
/**
* The type_id is an OID as defined in RFC 5280.
* To check the value of the type id, you should use
* \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
*/
mbedtls_x509_buf type_id; /**< The type id. */
union
{
union {
/**
* From RFC 4108 section 5:
* HardwareModuleName ::= SEQUENCE {
* hwType OBJECT IDENTIFIER,
* hwSerialNum OCTET STRING }
*/
struct
{
struct {
mbedtls_x509_buf oid; /**< The object identifier. */
mbedtls_x509_buf val; /**< The named value. */
}
@@ -134,8 +130,7 @@ mbedtls_x509_san_other_name;
/**
* A structure for holding the parsed Subject Alternative Name, according to type
*/
typedef struct mbedtls_x509_subject_alternative_name
{
typedef struct mbedtls_x509_subject_alternative_name {
int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
union {
mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
@@ -149,15 +144,14 @@ mbedtls_x509_subject_alternative_name;
* Build flag from an algorithm/curve identifier (pk, md, ecp)
* Since 0 is always XXX_NONE, ignore it.
*/
#define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( (id) - 1 ) )
#define MBEDTLS_X509_ID_FLAG(id) (1 << ((id) - 1))
/**
* Security profile for certificate verification.
*
* All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().
*/
typedef struct mbedtls_x509_crt_profile
{
typedef struct mbedtls_x509_crt_profile {
uint32_t allowed_mds; /**< MDs for signatures */
uint32_t allowed_pks; /**< PK algs for public keys;
* this applies to all certificates
@@ -174,15 +168,14 @@ mbedtls_x509_crt_profile;
#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
#if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
#if !defined(MBEDTLS_X509_MAX_FILE_PATH_LEN)
#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
#endif
/**
* Container for writing a certificate (CRT)
*/
typedef struct mbedtls_x509write_cert
{
typedef struct mbedtls_x509write_cert {
int version;
mbedtls_mpi serial;
mbedtls_pk_context *subject_key;
@@ -207,13 +200,12 @@ typedef struct {
/**
* Max size of verification chain: end-entity + intermediates + trusted root
*/
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2)
/**
* Verification chain as built by \c mbedtls_crt_verify_chain()
*/
typedef struct
{
typedef struct {
mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
unsigned len;
@@ -231,8 +223,7 @@ typedef struct
/**
* \brief Context for resuming X.509 verify operations
*/
typedef struct
{
typedef struct {
/* for check_signature() */
mbedtls_pk_restart_ctx pk;
@@ -292,6 +283,10 @@ extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
* \brief Parse a single DER formatted certificate and add it
* to the end of the provided chained list.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
*
* \param chain The pointer to the start of the CRT chain to attach to.
* When parsing the first CRT in a chain, this should point
* to an instance of ::mbedtls_x509_crt initialized through
@@ -308,9 +303,9 @@ extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen );
int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen);
/**
* \brief The type of certificate extension callbacks.
@@ -342,17 +337,21 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
* \return \c 0 on success.
* \return A negative error code on failure.
*/
typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx,
mbedtls_x509_crt const *crt,
mbedtls_x509_buf const *oid,
int critical,
const unsigned char *p,
const unsigned char *end );
typedef int (*mbedtls_x509_crt_ext_cb_t)(void *p_ctx,
mbedtls_x509_crt const *crt,
mbedtls_x509_buf const *oid,
int critical,
const unsigned char *p,
const unsigned char *end);
/**
* \brief Parse a single DER formatted certificate and add it
* to the end of the provided chained list.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
*
* \param chain The pointer to the start of the CRT chain to attach to.
* When parsing the first CRT in a chain, this should point
* to an instance of ::mbedtls_x509_crt initialized through
@@ -389,12 +388,12 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx,
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen,
int make_copy,
mbedtls_x509_crt_ext_cb_t cb,
void *p_ctx );
int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen,
int make_copy,
mbedtls_x509_crt_ext_cb_t cb,
void *p_ctx);
/**
* \brief Parse a single DER formatted certificate and add it
@@ -403,6 +402,10 @@ int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain,
* temporary ownership of the CRT buffer until the CRT
* is destroyed.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
*
* \param chain The pointer to the start of the CRT chain to attach to.
* When parsing the first CRT in a chain, this should point
* to an instance of ::mbedtls_x509_crt initialized through
@@ -423,9 +426,9 @@ int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain,
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen );
int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen);
/**
* \brief Parse one DER-encoded or one or more concatenated PEM-encoded
@@ -443,6 +446,10 @@ int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
* long as the certificates are enclosed in the PEM specific
* '-----{BEGIN/END} CERTIFICATE-----' delimiters.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
*
* \param chain The chain to which to add the parsed certificates.
* \param buf The buffer holding the certificate data in PEM or DER format.
* For certificates in PEM encoding, this may be a concatenation
@@ -457,7 +464,7 @@ int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
* \return A negative X509 or PEM error code otherwise.
*
*/
int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen);
#if defined(MBEDTLS_FS_IO)
/**
@@ -467,13 +474,17 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s
* of failed certificates it encountered. If none complete
* correctly, the first error is returned.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
*
* \param chain points to the start of the chain
* \param path filename to read the certificates from
*
* \return 0 if all certificates parsed successfully, a positive number
* if partly successful or a specific X509 or PEM error code
*/
int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path);
/**
* \brief Load one or more certificate files from a path and add them
@@ -488,7 +499,7 @@ int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
* \return 0 if all certificates parsed successfully, a positive number
* if partly successful or a specific X509 or PEM error code
*/
int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path);
#endif /* MBEDTLS_FS_IO */
/**
@@ -518,8 +529,8 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
* SAN type.
* \return Another negative value for any other failure.
*/
int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf,
mbedtls_x509_subject_alternative_name *san );
int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf,
mbedtls_x509_subject_alternative_name *san);
/**
* \brief Returns an informational string about the
* certificate.
@@ -532,8 +543,8 @@ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf,
* \return The length of the string written (not including the
* terminated nul byte), or a negative error code.
*/
int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
const mbedtls_x509_crt *crt );
int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix,
const mbedtls_x509_crt *crt);
/**
* \brief Returns an informational string about the
@@ -547,8 +558,8 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
* \return The length of the string written (not including the
* terminated nul byte), or a negative error code.
*/
int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
uint32_t flags );
int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix,
uint32_t flags);
/**
* \brief Verify a chain of certificates.
@@ -616,12 +627,12 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
* \return Another negative error code in case of a fatal error
* encountered during the verification process.
*/
int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const char *cn, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy );
int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const char *cn, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy);
/**
* \brief Verify a chain of certificates with respect to
@@ -657,13 +668,13 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
* \return Another negative error code in case of a fatal error
* encountered during the verification process.
*/
int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const mbedtls_x509_crt_profile *profile,
const char *cn, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy );
int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const mbedtls_x509_crt_profile *profile,
const char *cn, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy);
/**
* \brief Restartable version of \c mbedtls_crt_verify_with_profile()
@@ -691,14 +702,14 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
* \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
* operations was reached: see \c mbedtls_ecp_set_max_ops().
*/
int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const mbedtls_x509_crt_profile *profile,
const char *cn, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy,
mbedtls_x509_crt_restart_ctx *rs_ctx );
int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crl *ca_crl,
const mbedtls_x509_crt_profile *profile,
const char *cn, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy,
mbedtls_x509_crt_restart_ctx *rs_ctx);
/**
* \brief The type of trusted certificate callbacks.
@@ -730,9 +741,9 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
* to the caller.
* \return A negative error code on failure.
*/
typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx,
mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidate_cas );
typedef int (*mbedtls_x509_crt_ca_cb_t)(void *p_ctx,
mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidate_cas);
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
/**
@@ -757,13 +768,13 @@ typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx,
*
* \return See \c mbedtls_crt_verify_with_profile().
*/
int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt,
mbedtls_x509_crt_ca_cb_t f_ca_cb,
void *p_ca_cb,
const mbedtls_x509_crt_profile *profile,
const char *cn, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy );
int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt,
mbedtls_x509_crt_ca_cb_t f_ca_cb,
void *p_ca_cb,
const mbedtls_x509_crt_profile *profile,
const char *cn, uint32_t *flags,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy);
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
@@ -789,8 +800,8 @@ int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt,
* (intermediate) CAs the keyUsage extension is automatically
* checked by \c mbedtls_x509_crt_verify().
*/
int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
unsigned int usage );
int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt,
unsigned int usage);
#endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */
#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
@@ -807,9 +818,9 @@ int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
*
* \note Usually only makes sense on leaf certificates.
*/
int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
const char *usage_oid,
size_t usage_len );
int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt,
const char *usage_oid,
size_t usage_len);
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
#if defined(MBEDTLS_X509_CRL_PARSE_C)
@@ -822,7 +833,7 @@ int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
* \return 1 if the certificate is revoked, 0 otherwise
*
*/
int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl );
int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl);
#endif /* MBEDTLS_X509_CRL_PARSE_C */
/**
@@ -830,25 +841,25 @@ int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509
*
* \param crt Certificate chain to initialize
*/
void mbedtls_x509_crt_init( mbedtls_x509_crt *crt );
void mbedtls_x509_crt_init(mbedtls_x509_crt *crt);
/**
* \brief Unallocate all certificate data
*
* \param crt Certificate chain to free
*/
void mbedtls_x509_crt_free( mbedtls_x509_crt *crt );
void mbedtls_x509_crt_free(mbedtls_x509_crt *crt);
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
/**
* \brief Initialize a restart context
*/
void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx );
void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx);
/**
* \brief Free the components of a restart context
*/
void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx);
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
@@ -860,7 +871,7 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
*
* \param ctx CRT context to initialize
*/
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx);
/**
* \brief Set the version for a Certificate
@@ -870,7 +881,7 @@ void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
* \param version version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or
* MBEDTLS_X509_CRT_VERSION_3)
*/
void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version );
void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version);
/**
* \brief Set the serial number for a Certificate.
@@ -880,7 +891,7 @@ void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version
*
* \return 0 if successful
*/
int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial );
int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial);
/**
* \brief Set the validity period for a Certificate
@@ -896,8 +907,8 @@ int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls
* \return 0 if timestamp was parsed successfully, or
* a specific error code
*/
int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
const char *not_after );
int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, const char *not_before,
const char *not_after);
/**
* \brief Set the issuer name for a Certificate
@@ -911,8 +922,8 @@ int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char
* \return 0 if issuer name was parsed successfully, or
* a specific error code
*/
int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
const char *issuer_name );
int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx,
const char *issuer_name);
/**
* \brief Set the subject name for a Certificate
@@ -926,8 +937,8 @@ int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
* \return 0 if subject name was parsed successfully, or
* a specific error code
*/
int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
const char *subject_name );
int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx,
const char *subject_name);
/**
* \brief Set the subject public key for the certificate
@@ -935,7 +946,7 @@ int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
* \param ctx CRT context to use
* \param key public key to include
*/
void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key);
/**
* \brief Set the issuer key used for signing the certificate
@@ -943,7 +954,7 @@ void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls
* \param ctx CRT context to use
* \param key private key to sign with
*/
void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key);
/**
* \brief Set the MD algorithm to use for the signature
@@ -952,7 +963,7 @@ void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_
* \param ctx CRT context to use
* \param md_alg MD algorithm to use
*/
void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg );
void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg);
/**
* \brief Generic function to add to or replace an extension in the
@@ -967,10 +978,10 @@ void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_t
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
const char *oid, size_t oid_len,
int critical,
const unsigned char *val, size_t val_len );
int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx,
const char *oid, size_t oid_len,
int critical,
const unsigned char *val, size_t val_len);
/**
* \brief Set the basicConstraints extension for a CRT
@@ -983,8 +994,8 @@ int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
int is_ca, int max_pathlen );
int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx,
int is_ca, int max_pathlen);
#if defined(MBEDTLS_SHA1_C)
/**
@@ -996,7 +1007,7 @@ int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx );
int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx);
/**
* \brief Set the authorityKeyIdentifier extension for a CRT
@@ -1007,7 +1018,7 @@ int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ct
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx);
#endif /* MBEDTLS_SHA1_C */
/**
@@ -1019,8 +1030,8 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
*/
int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
unsigned int key_usage );
int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx,
unsigned int key_usage);
/**
* \brief Set the Netscape Cert Type flags
@@ -1031,15 +1042,15 @@ int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
*/
int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
unsigned char ns_cert_type );
int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx,
unsigned char ns_cert_type);
/**
* \brief Free the contents of a CRT write context
*
* \param ctx CRT context to free
*/
void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx);
/**
* \brief Write a built up certificate to a X509 DER structure
@@ -1061,9 +1072,9 @@ void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
* for countermeasures against timing attacks).
* ECDSA signatures always require a non-NULL f_rng.
*/
int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
#if defined(MBEDTLS_PEM_WRITE_C)
/**
@@ -1082,9 +1093,9 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf,
* for countermeasures against timing attacks).
* ECDSA signatures always require a non-NULL f_rng.
*/
int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
#endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_X509_CRT_WRITE_C */