1 files changed, 144 insertions, 1 deletions
diff --git a/src/lib/libcrypto/x509/x509v3.h b/src/lib/libcrypto/x509/x509v3.h
index d2754fa624..3cccf86242 100644
--- a/src/lib/libcrypto/x509/x509v3.h
+++ b/src/lib/libcrypto/x509/x509v3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509v3.h,v 1.2 2020/09/13 15:06:17 beck Exp $ */
+/* $OpenBSD: x509v3.h,v 1.3 2021/09/02 12:41:44 job Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -842,6 +842,149 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
 void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
 DECLARE_STACK_OF(X509_POLICY_NODE)
+#if defined(LIBRESSL_INTERNAL)
+#ifndef OPENSSL_NO_RFC3779
+typedef struct ASRange_st {
+        ASN1_INTEGER *min, *max;
+} ASRange;
+# define ASIdOrRange_id          0
+# define ASIdOrRange_range       1
+typedef struct ASIdOrRange_st {
+    int type;
+    union {
+        ASN1_INTEGER *id;
+        ASRange *range;
+    } u;
+} ASIdOrRange;
+typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
+DEFINE_STACK_OF(ASIdOrRange)
+# define ASIdentifierChoice_inherit              0
+# define ASIdentifierChoice_asIdsOrRanges        1
+typedef struct ASIdentifierChoice_st {
+    int type;
+    union {
+        ASN1_NULL *inherit;
+        ASIdOrRanges *asIdsOrRanges;
+    } u;
+} ASIdentifierChoice;
+typedef struct ASIdentifiers_st {
+    ASIdentifierChoice *asnum, *rdi;
+} ASIdentifiers;
+DECLARE_ASN1_FUNCTIONS(ASRange)
+DECLARE_ASN1_FUNCTIONS(ASIdOrRange)
+DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice)
+DECLARE_ASN1_FUNCTIONS(ASIdentifiers)
+typedef struct IPAddressRange_st {
+    ASN1_BIT_STRING *min, *max;
+} IPAddressRange;
+# define IPAddressOrRange_addressPrefix  0
+# define IPAddressOrRange_addressRange   1
+typedef struct IPAddressOrRange_st {
+    int type;
+    union {
+        ASN1_BIT_STRING *addressPrefix;
+        IPAddressRange *addressRange;
+    } u;
+} IPAddressOrRange;
+typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
+DEFINE_STACK_OF(IPAddressOrRange)
+# define IPAddressChoice_inherit                 0
+# define IPAddressChoice_addressesOrRanges       1
+typedef struct IPAddressChoice_st {
+    int type;
+    union {
+        ASN1_NULL *inherit;
+        IPAddressOrRanges *addressesOrRanges;
+    } u;
+} IPAddressChoice;
+typedef struct IPAddressFamily_st {
+    ASN1_OCTET_STRING *addressFamily;
+    IPAddressChoice *ipAddressChoice;
+} IPAddressFamily;
+typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
+DEFINE_STACK_OF(IPAddressFamily)
+DECLARE_ASN1_FUNCTIONS(IPAddressRange)
+DECLARE_ASN1_FUNCTIONS(IPAddressOrRange)
+DECLARE_ASN1_FUNCTIONS(IPAddressChoice)
+DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
+/*
+ * API tag for elements of the ASIdentifer SEQUENCE.
+ */
+# define V3_ASID_ASNUM   0
+# define V3_ASID_RDI     1
+/*
+ * AFI values, assigned by IANA.  It'd be nice to make the AFI
+ * handling code totally generic, but there are too many little things
+ * that would need to be defined for other address families for it to
+ * be worth the trouble.
+ */
+# define IANA_AFI_IPV4   1
+# define IANA_AFI_IPV6   2
+/*
+ * Utilities to construct and extract values from RFC3779 extensions,
+ * since some of the encodings (particularly for IP address prefixes
+ * and ranges) are a bit tedious to work with directly.
+ */
+int X509v3_asid_add_inherit(ASIdentifiers *asid, int which);
+int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
+                                ASN1_INTEGER *min, ASN1_INTEGER *max);
+int X509v3_addr_add_inherit(IPAddrBlocks *addr,
+                            const unsigned afi, const unsigned *safi);
+int X509v3_addr_add_prefix(IPAddrBlocks *addr,
+                           const unsigned afi, const unsigned *safi,
+                           unsigned char *a, const int prefixlen);
+int X509v3_addr_add_range(IPAddrBlocks *addr,
+                          const unsigned afi, const unsigned *safi,
+                          unsigned char *min, unsigned char *max);
+unsigned X509v3_addr_get_afi(const IPAddressFamily *f);
+int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
+                          unsigned char *min, unsigned char *max,
+                          const int length);
+/*
+ * Canonical forms.
+ */
+int X509v3_asid_is_canonical(ASIdentifiers *asid);
+int X509v3_addr_is_canonical(IPAddrBlocks *addr);
+int X509v3_asid_canonize(ASIdentifiers *asid);
+int X509v3_addr_canonize(IPAddrBlocks *addr);
+/*
+ * Tests for inheritance and containment.
+ */
+int X509v3_asid_inherits(ASIdentifiers *asid);
+int X509v3_addr_inherits(IPAddrBlocks *addr);
+int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
+int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
+/*
+ * Check whether RFC 3779 extensions nest properly in chains.
+ */
+int X509v3_asid_validate_path(X509_STORE_CTX *);
+int X509v3_addr_validate_path(X509_STORE_CTX *);
+int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain,
+                                      ASIdentifiers *ext,
+                                      int allow_inheritance);
+int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
+                                      IPAddrBlocks *ext, int allow_inheritance);
+#endif                         /* OPENSSL_NO_RFC3779 */
+#endif
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes

diff --git a/src/lib/libcrypto/x509/x509v3.h b/src/lib/libcrypto/x509/x509v3.h index d2754fa624..3cccf86242 100644 --- a/src/lib/libcrypto/x509/x509v3.h +++ b/src/lib/libcrypto/x509/x509v3.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509v3.h,v 1.2 2020/09/13 15:06:17 beck Exp $ */	1	/* $OpenBSD: x509v3.h,v 1.3 2021/09/02 12:41:44 job Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -842,6 +842,149 @@ int X509V3_NAME_from_section(X509_NAME nm, STACK_OF(CONF_VALUE)dn_sk,
842	void X509_POLICY_NODE_print(BIO out, X509_POLICY_NODE node, int indent);	842	void X509_POLICY_NODE_print(BIO out, X509_POLICY_NODE node, int indent);
843	DECLARE_STACK_OF(X509_POLICY_NODE)	843	DECLARE_STACK_OF(X509_POLICY_NODE)
844		844
		845	#if defined(LIBRESSL_INTERNAL)
		846	#ifndef OPENSSL_NO_RFC3779
		847	typedef struct ASRange_st {
		848	ASN1_INTEGER min, max;
		849	} ASRange;
		850
		851	# define ASIdOrRange_id 0
		852	# define ASIdOrRange_range 1
		853
		854	typedef struct ASIdOrRange_st {
		855	int type;
		856	union {
		857	ASN1_INTEGER *id;
		858	ASRange *range;
		859	} u;
		860	} ASIdOrRange;
		861
		862	typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
		863	DEFINE_STACK_OF(ASIdOrRange)
		864
		865	# define ASIdentifierChoice_inherit 0
		866	# define ASIdentifierChoice_asIdsOrRanges 1
		867
		868	typedef struct ASIdentifierChoice_st {
		869	int type;
		870	union {
		871	ASN1_NULL *inherit;
		872	ASIdOrRanges *asIdsOrRanges;
		873	} u;
		874	} ASIdentifierChoice;
		875
		876	typedef struct ASIdentifiers_st {
		877	ASIdentifierChoice asnum, rdi;
		878	} ASIdentifiers;
		879
		880	DECLARE_ASN1_FUNCTIONS(ASRange)
		881	DECLARE_ASN1_FUNCTIONS(ASIdOrRange)
		882	DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice)
		883	DECLARE_ASN1_FUNCTIONS(ASIdentifiers)
		884	typedef struct IPAddressRange_st {
		885	ASN1_BIT_STRING min, max;
		886	} IPAddressRange;
		887
		888	# define IPAddressOrRange_addressPrefix 0
		889	# define IPAddressOrRange_addressRange 1
		890
		891	typedef struct IPAddressOrRange_st {
		892	int type;
		893	union {
		894	ASN1_BIT_STRING *addressPrefix;
		895	IPAddressRange *addressRange;
		896	} u;
		897	} IPAddressOrRange;
		898
		899	typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
		900	DEFINE_STACK_OF(IPAddressOrRange)
		901
		902	# define IPAddressChoice_inherit 0
		903	# define IPAddressChoice_addressesOrRanges 1
		904
		905	typedef struct IPAddressChoice_st {
		906	int type;
		907	union {
		908	ASN1_NULL *inherit;
		909	IPAddressOrRanges *addressesOrRanges;
		910	} u;
		911	} IPAddressChoice;
		912
		913	typedef struct IPAddressFamily_st {
		914	ASN1_OCTET_STRING *addressFamily;
		915	IPAddressChoice *ipAddressChoice;
		916	} IPAddressFamily;
		917
		918	typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
		919	DEFINE_STACK_OF(IPAddressFamily)
		920	DECLARE_ASN1_FUNCTIONS(IPAddressRange)
		921	DECLARE_ASN1_FUNCTIONS(IPAddressOrRange)
		922	DECLARE_ASN1_FUNCTIONS(IPAddressChoice)
		923	DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
		924
		925	/*
		926	* API tag for elements of the ASIdentifer SEQUENCE.
		927	*/
		928	# define V3_ASID_ASNUM 0
		929	# define V3_ASID_RDI 1
		930
		931	/*
		932	* AFI values, assigned by IANA. It'd be nice to make the AFI
		933	* handling code totally generic, but there are too many little things
		934	* that would need to be defined for other address families for it to
		935	* be worth the trouble.
		936	*/
		937	# define IANA_AFI_IPV4 1
		938	# define IANA_AFI_IPV6 2
		939	/*
		940	* Utilities to construct and extract values from RFC3779 extensions,
		941	* since some of the encodings (particularly for IP address prefixes
		942	* and ranges) are a bit tedious to work with directly.
		943	*/
		944	int X509v3_asid_add_inherit(ASIdentifiers *asid, int which);
		945	int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
		946	ASN1_INTEGER min, ASN1_INTEGER max);
		947	int X509v3_addr_add_inherit(IPAddrBlocks *addr,
		948	const unsigned afi, const unsigned *safi);
		949	int X509v3_addr_add_prefix(IPAddrBlocks *addr,
		950	const unsigned afi, const unsigned *safi,
		951	unsigned char *a, const int prefixlen);
		952	int X509v3_addr_add_range(IPAddrBlocks *addr,
		953	const unsigned afi, const unsigned *safi,
		954	unsigned char min, unsigned char max);
		955	unsigned X509v3_addr_get_afi(const IPAddressFamily *f);
		956	int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
		957	unsigned char min, unsigned char max,
		958	const int length);
		959	/*
		960	* Canonical forms.
		961	*/
		962	int X509v3_asid_is_canonical(ASIdentifiers *asid);
		963	int X509v3_addr_is_canonical(IPAddrBlocks *addr);
		964	int X509v3_asid_canonize(ASIdentifiers *asid);
		965	int X509v3_addr_canonize(IPAddrBlocks *addr);
		966
		967	/*
		968	* Tests for inheritance and containment.
		969	*/
		970	int X509v3_asid_inherits(ASIdentifiers *asid);
		971	int X509v3_addr_inherits(IPAddrBlocks *addr);
		972	int X509v3_asid_subset(ASIdentifiers a, ASIdentifiers b);
		973	int X509v3_addr_subset(IPAddrBlocks a, IPAddrBlocks b);
		974
		975	/*
		976	* Check whether RFC 3779 extensions nest properly in chains.
		977	*/
		978	int X509v3_asid_validate_path(X509_STORE_CTX *);
		979	int X509v3_addr_validate_path(X509_STORE_CTX *);
		980	int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain,
		981	ASIdentifiers *ext,
		982	int allow_inheritance);
		983	int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
		984	IPAddrBlocks *ext, int allow_inheritance);
		985
		986	#endif /* OPENSSL_NO_RFC3779 */
		987	#endif
845		988
846	/* BEGIN ERROR CODES */	989	/* BEGIN ERROR CODES */
847	/* The following lines are auto generated by the script mkerr.pl. Any changes	990	/* The following lines are auto generated by the script mkerr.pl. Any changes