From cd6ab002286d1b52f414cee955827ab43f41b838 Mon Sep 17 00:00:00 2001 From: Ted Poole Date: Fri, 21 Jul 2023 14:58:43 +0100 Subject: [PATCH] OSSM-4338 Upgraded BoringSSL version from b95124305 to ca1690e22 Many of the patch files broke as a result of the upgrade, even though the changes in BoringSSL on the whole weren't that big. Therefore, as part of this upgrade, the mechanism of copying and modifying BoringSSL files into the bssl-compat build has been changed in the hope that subsequent upgrades will be easier. Also upgraded envoy submodule to v1.26.3 Signed-off-by: Ted Poole --- bssl-compat/.gitignore | 2 +- bssl-compat/CMakeLists.txt | 174 +- bssl-compat/cmake/boringssl.cmake | 17 +- bssl-compat/external/boringssl | 2 +- .../patch/include/openssl/asn1.h.patch | 283 - bssl-compat/patch/include/openssl/asn1.h.sh | 34 +- .../patch/include/openssl/asn1t.h.patch | 37 - bssl-compat/patch/include/openssl/asn1t.h.sh | 5 + .../patch/include/openssl/base.h.patch | 862 - bssl-compat/patch/include/openssl/base.h.sh | 96 + .../patch/include/openssl/base64.h.patch | 56 - bssl-compat/patch/include/openssl/base64.h.sh | 7 + bssl-compat/patch/include/openssl/bio.h.patch | 329 - bssl-compat/patch/include/openssl/bio.h.sh | 34 +- bssl-compat/patch/include/openssl/bn.h.patch | 196 - bssl-compat/patch/include/openssl/bn.h.sh | 18 +- bssl-compat/patch/include/openssl/buf.h.sh | 4 +- .../patch/include/openssl/bytestring.h.patch | 311 - .../patch/include/openssl/bytestring.h.sh | 32 + .../patch/include/openssl/cipher.h.patch | 183 - bssl-compat/patch/include/openssl/cipher.h.sh | 20 +- bssl-compat/patch/include/openssl/conf.h.sh | 4 +- .../patch/include/openssl/crypto.h.patch | 58 - bssl-compat/patch/include/openssl/crypto.h.sh | 4 +- bssl-compat/patch/include/openssl/dh.h.sh | 4 +- .../patch/include/openssl/digest.h.patch | 216 - bssl-compat/patch/include/openssl/digest.h.sh | 58 +- bssl-compat/patch/include/openssl/dsa.h.sh | 4 +- bssl-compat/patch/include/openssl/ec.h.patch | 89 - bssl-compat/patch/include/openssl/ec.h.sh | 7 +- .../patch/include/openssl/ec_key.h.patch | 89 - bssl-compat/patch/include/openssl/ec_key.h.sh | 8 + bssl-compat/patch/include/openssl/ecdh.h.sh | 4 +- .../patch/include/openssl/ecdsa.h.patch | 82 - bssl-compat/patch/include/openssl/ecdsa.h.sh | 6 +- bssl-compat/patch/include/openssl/engine.h.sh | 4 +- bssl-compat/patch/include/openssl/err.h.patch | 181 - bssl-compat/patch/include/openssl/err.h.sh | 35 +- bssl-compat/patch/include/openssl/evp.h.patch | 166 - bssl-compat/patch/include/openssl/evp.h.sh | 21 +- .../patch/include/openssl/ex_data.h.patch | 77 - .../patch/include/openssl/ex_data.h.sh | 9 + bssl-compat/patch/include/openssl/hkdf.h.sh | 4 +- .../patch/include/openssl/hmac.h.patch | 144 - bssl-compat/patch/include/openssl/hmac.h.sh | 38 +- bssl-compat/patch/include/openssl/md5.h.patch | 56 - bssl-compat/patch/include/openssl/md5.h.sh | 7 + bssl-compat/patch/include/openssl/mem.h.patch | 108 - bssl-compat/patch/include/openssl/mem.h.sh | 16 + bssl-compat/patch/include/openssl/nid.h.patch | 14650 ---------------- bssl-compat/patch/include/openssl/nid.h.sh | 23 +- bssl-compat/patch/include/openssl/obj.h.patch | 56 - bssl-compat/patch/include/openssl/obj.h.sh | 5 +- bssl-compat/patch/include/openssl/pem.h.patch | 276 - bssl-compat/patch/include/openssl/pem.h.sh | 24 +- bssl-compat/patch/include/openssl/pkcs7.h.sh | 4 +- .../patch/include/openssl/pkcs8.h.patch | 112 - bssl-compat/patch/include/openssl/pkcs8.h.sh | 10 +- .../patch/include/openssl/pool.h.patch | 77 - bssl-compat/patch/include/openssl/pool.h.sh | 8 + .../patch/include/openssl/rand.h.patch | 44 - bssl-compat/patch/include/openssl/rand.h.sh | 4 +- bssl-compat/patch/include/openssl/rsa.h.patch | 276 - bssl-compat/patch/include/openssl/rsa.h.sh | 34 +- bssl-compat/patch/include/openssl/sha.h.patch | 151 - bssl-compat/patch/include/openssl/sha.h.sh | 12 + .../patch/include/openssl/span.h.patch | 359 - bssl-compat/patch/include/openssl/span.h.sh | 14 + bssl-compat/patch/include/openssl/ssl.h.patch | 1516 -- bssl-compat/patch/include/openssl/ssl.h.sh | 192 +- .../patch/include/openssl/stack.h.patch | 798 +- bssl-compat/patch/include/openssl/stack.h.sh | 52 + .../patch/include/openssl/tls1.h.patch | 111 - bssl-compat/patch/include/openssl/tls1.h.sh | 25 +- .../patch/include/openssl/trust_token.h.sh | 4 +- .../patch/include/openssl/x509.h.patch | 718 - bssl-compat/patch/include/openssl/x509.h.sh | 90 +- .../patch/include/openssl/x509v3.h.patch | 178 - bssl-compat/patch/include/openssl/x509v3.h.sh | 30 +- .../patch/source/crypto/bio/bio_test.cc.patch | 621 - .../patch/source/crypto/bio/bio_test.cc.sh | 4 + .../source/crypto/bytestring/cbb.c.patch | 716 - .../patch/source/crypto/bytestring/cbb.c.sh | 25 + .../source/crypto/bytestring/cbs.c.patch | 219 - .../patch/source/crypto/bytestring/cbs.c.sh | 17 + .../crypto/digest_extra/digest_test.cc.patch | 645 - .../crypto/digest_extra/digest_test.cc.sh | 12 + .../patch/source/crypto/err/err_test.cc.patch | 157 - .../patch/source/crypto/err/err_test.cc.sh | 12 + .../crypto/hmac_extra/hmac_test.cc.patch | 153 - .../source/crypto/hmac_extra/hmac_test.cc.sh | 9 + .../patch/source/crypto/internal.h.patch | 286 - bssl-compat/patch/source/crypto/internal.h.sh | 11 + bssl-compat/patch/source/crypto/mem.c.sh | 9 + .../source/crypto/pkcs8/pkcs12_test.cc.patch | 334 - .../source/crypto/pkcs8/pkcs12_test.cc.sh | 21 + .../crypto/rand_extra/rand_test.cc.patch | 376 - .../source/crypto/rand_extra/rand_test.cc.sh | 7 + .../source/crypto/rsa_extra/rsa_test.cc.patch | 839 +- .../source/crypto/rsa_extra/rsa_test.cc.sh | 21 + .../source/crypto/stack/stack_test.cc.patch | 748 - .../source/crypto/stack/stack_test.cc.sh | 6 + .../source/crypto/test/file_test.cc.patch | 582 - .../patch/source/crypto/test/file_test.cc.sh | 4 + .../source/crypto/test/file_test.h.patch | 383 - .../patch/source/crypto/test/file_test.h.sh | 4 + .../crypto/test/file_test_gtest.cc.patch | 190 - .../source/crypto/test/file_test_gtest.cc.sh | 4 + .../source/crypto/test/test_util.cc.patch | 128 - .../patch/source/crypto/test/test_util.cc.sh | 8 + .../source/crypto/test/test_util.h.patch | 97 - .../patch/source/crypto/test/test_util.h.sh | 11 + .../source/crypto/x509/x509_test.cc.patch | 3259 +--- .../patch/source/crypto/x509/x509_test.cc.sh | 37 + .../source/crypto/x509v3/internal.h.patch | 48 - .../patch/source/crypto/x509v3/internal.h.sh | 6 + .../patch/source/ssl/ssl_c_test.c.patch | 30 - bssl-compat/patch/source/ssl/ssl_c_test.c.sh | 4 + .../patch/source/ssl/ssl_test.cc.patch | 2264 +-- bssl-compat/patch/source/ssl/ssl_test.cc.sh | 48 + bssl-compat/source/GENERAL_NAME_cmp.cc | 11 - .../X509_STORE_CTX_set0_trusted_stack.cc | 7 + .../source/X509_STORE_CTX_trusted_stack.cc | 11 - .../X509_VERIFY_PARAM_set_time_posix.cc | 7 + bssl-compat/source/stack.c | 38 +- bssl-compat/tools/generate.c.sh | 7 +- bssl-compat/tools/generate.h.sh | 62 +- bssl-compat/tools/generate.patch.sh | 15 + bssl-compat/tools/uncomment.sh | 300 + envoy | 2 +- 130 files changed, 1893 insertions(+), 34976 deletions(-) delete mode 100644 bssl-compat/patch/include/openssl/asn1.h.patch delete mode 100644 bssl-compat/patch/include/openssl/asn1t.h.patch create mode 100755 bssl-compat/patch/include/openssl/asn1t.h.sh delete mode 100644 bssl-compat/patch/include/openssl/base.h.patch create mode 100755 bssl-compat/patch/include/openssl/base.h.sh delete mode 100644 bssl-compat/patch/include/openssl/base64.h.patch create mode 100755 bssl-compat/patch/include/openssl/base64.h.sh delete mode 100644 bssl-compat/patch/include/openssl/bio.h.patch delete mode 100644 bssl-compat/patch/include/openssl/bn.h.patch delete mode 100644 bssl-compat/patch/include/openssl/bytestring.h.patch create mode 100755 bssl-compat/patch/include/openssl/bytestring.h.sh delete mode 100644 bssl-compat/patch/include/openssl/cipher.h.patch delete mode 100644 bssl-compat/patch/include/openssl/crypto.h.patch delete mode 100644 bssl-compat/patch/include/openssl/digest.h.patch delete mode 100644 bssl-compat/patch/include/openssl/ec.h.patch delete mode 100644 bssl-compat/patch/include/openssl/ec_key.h.patch create mode 100755 bssl-compat/patch/include/openssl/ec_key.h.sh delete mode 100644 bssl-compat/patch/include/openssl/ecdsa.h.patch delete mode 100644 bssl-compat/patch/include/openssl/err.h.patch delete mode 100644 bssl-compat/patch/include/openssl/evp.h.patch delete mode 100644 bssl-compat/patch/include/openssl/ex_data.h.patch create mode 100755 bssl-compat/patch/include/openssl/ex_data.h.sh delete mode 100644 bssl-compat/patch/include/openssl/hmac.h.patch delete mode 100644 bssl-compat/patch/include/openssl/md5.h.patch create mode 100755 bssl-compat/patch/include/openssl/md5.h.sh delete mode 100644 bssl-compat/patch/include/openssl/mem.h.patch create mode 100755 bssl-compat/patch/include/openssl/mem.h.sh delete mode 100644 bssl-compat/patch/include/openssl/nid.h.patch delete mode 100644 bssl-compat/patch/include/openssl/obj.h.patch delete mode 100644 bssl-compat/patch/include/openssl/pem.h.patch delete mode 100644 bssl-compat/patch/include/openssl/pkcs8.h.patch delete mode 100644 bssl-compat/patch/include/openssl/pool.h.patch create mode 100755 bssl-compat/patch/include/openssl/pool.h.sh delete mode 100644 bssl-compat/patch/include/openssl/rand.h.patch delete mode 100644 bssl-compat/patch/include/openssl/rsa.h.patch delete mode 100644 bssl-compat/patch/include/openssl/sha.h.patch create mode 100755 bssl-compat/patch/include/openssl/sha.h.sh delete mode 100644 bssl-compat/patch/include/openssl/span.h.patch create mode 100755 bssl-compat/patch/include/openssl/span.h.sh delete mode 100644 bssl-compat/patch/include/openssl/ssl.h.patch create mode 100755 bssl-compat/patch/include/openssl/stack.h.sh delete mode 100644 bssl-compat/patch/include/openssl/tls1.h.patch delete mode 100644 bssl-compat/patch/include/openssl/x509.h.patch delete mode 100644 bssl-compat/patch/include/openssl/x509v3.h.patch delete mode 100644 bssl-compat/patch/source/crypto/bio/bio_test.cc.patch create mode 100755 bssl-compat/patch/source/crypto/bio/bio_test.cc.sh delete mode 100644 bssl-compat/patch/source/crypto/bytestring/cbb.c.patch create mode 100755 bssl-compat/patch/source/crypto/bytestring/cbb.c.sh delete mode 100644 bssl-compat/patch/source/crypto/bytestring/cbs.c.patch create mode 100755 bssl-compat/patch/source/crypto/bytestring/cbs.c.sh delete mode 100644 bssl-compat/patch/source/crypto/digest_extra/digest_test.cc.patch create mode 100755 bssl-compat/patch/source/crypto/digest_extra/digest_test.cc.sh delete mode 100644 bssl-compat/patch/source/crypto/err/err_test.cc.patch create mode 100755 bssl-compat/patch/source/crypto/err/err_test.cc.sh delete mode 100644 bssl-compat/patch/source/crypto/hmac_extra/hmac_test.cc.patch create mode 100755 bssl-compat/patch/source/crypto/hmac_extra/hmac_test.cc.sh delete mode 100644 bssl-compat/patch/source/crypto/internal.h.patch create mode 100755 bssl-compat/patch/source/crypto/internal.h.sh create mode 100755 bssl-compat/patch/source/crypto/mem.c.sh delete mode 100644 bssl-compat/patch/source/crypto/pkcs8/pkcs12_test.cc.patch create mode 100755 bssl-compat/patch/source/crypto/pkcs8/pkcs12_test.cc.sh delete mode 100644 bssl-compat/patch/source/crypto/rand_extra/rand_test.cc.patch create mode 100755 bssl-compat/patch/source/crypto/rand_extra/rand_test.cc.sh create mode 100755 bssl-compat/patch/source/crypto/rsa_extra/rsa_test.cc.sh delete mode 100644 bssl-compat/patch/source/crypto/stack/stack_test.cc.patch create mode 100755 bssl-compat/patch/source/crypto/stack/stack_test.cc.sh delete mode 100644 bssl-compat/patch/source/crypto/test/file_test.cc.patch create mode 100755 bssl-compat/patch/source/crypto/test/file_test.cc.sh delete mode 100644 bssl-compat/patch/source/crypto/test/file_test.h.patch create mode 100755 bssl-compat/patch/source/crypto/test/file_test.h.sh delete mode 100644 bssl-compat/patch/source/crypto/test/file_test_gtest.cc.patch create mode 100755 bssl-compat/patch/source/crypto/test/file_test_gtest.cc.sh delete mode 100644 bssl-compat/patch/source/crypto/test/test_util.cc.patch create mode 100755 bssl-compat/patch/source/crypto/test/test_util.cc.sh delete mode 100644 bssl-compat/patch/source/crypto/test/test_util.h.patch create mode 100755 bssl-compat/patch/source/crypto/test/test_util.h.sh create mode 100755 bssl-compat/patch/source/crypto/x509/x509_test.cc.sh delete mode 100644 bssl-compat/patch/source/crypto/x509v3/internal.h.patch create mode 100755 bssl-compat/patch/source/crypto/x509v3/internal.h.sh delete mode 100644 bssl-compat/patch/source/ssl/ssl_c_test.c.patch create mode 100755 bssl-compat/patch/source/ssl/ssl_c_test.c.sh create mode 100755 bssl-compat/patch/source/ssl/ssl_test.cc.sh delete mode 100644 bssl-compat/source/GENERAL_NAME_cmp.cc create mode 100644 bssl-compat/source/X509_STORE_CTX_set0_trusted_stack.cc delete mode 100644 bssl-compat/source/X509_STORE_CTX_trusted_stack.cc create mode 100644 bssl-compat/source/X509_VERIFY_PARAM_set_time_posix.cc create mode 100755 bssl-compat/tools/generate.patch.sh create mode 100755 bssl-compat/tools/uncomment.sh diff --git a/bssl-compat/.gitignore b/bssl-compat/.gitignore index b2ef5f2066..f6b5ab6ec9 100644 --- a/bssl-compat/.gitignore +++ b/bssl-compat/.gitignore @@ -1,4 +1,3 @@ -include/openssl/ include/openssl/aead.h include/openssl/aes.h include/openssl/arm_arch.h @@ -90,6 +89,7 @@ source/crypto/digest_extra/digest_test.cc source/crypto/err/err_test.cc source/crypto/hmac_extra/hmac_test.cc source/crypto/internal.h +source/crypto/mem.c source/crypto/pkcs8/pkcs12_test.cc source/crypto/rand_extra/rand_test.cc source/crypto/rsa_extra/rsa_test.cc diff --git a/bssl-compat/CMakeLists.txt b/bssl-compat/CMakeLists.txt index ea9a3eae3c..6349320fbd 100644 --- a/bssl-compat/CMakeLists.txt +++ b/bssl-compat/CMakeLists.txt @@ -79,7 +79,6 @@ add_library(bssl-compat STATIC source/EVP_PKEY_id.cc source/ext_SSL_get_all_async_fds.c source/FIPS_mode.cc - source/GENERAL_NAME_cmp.cc source/GENERAL_NAME_free.cc source/GENERAL_NAME_new.cc source/GENERAL_NAMES_new.cc @@ -168,8 +167,93 @@ add_library(bssl-compat STATIC source/X509_STORE_CTX_get0_untrusted.cc source/X509_STORE_CTX_init.cc source/X509_STORE_CTX_set0_crls.cc + source/X509_STORE_CTX_set0_trusted_stack.cc source/X509_STORE_CTX_set_verify_cb.cc - source/X509_STORE_CTX_trusted_stack.cc + source/X509_VERIFY_PARAM_set_time_posix.cc +) + +target_add_bssl_include(bssl-compat + include/openssl/aead.h + include/openssl/aes.h + include/openssl/arm_arch.h + include/openssl/asn1.h + include/openssl/asn1_mac.h + include/openssl/asn1t.h + include/openssl/base64.h + include/openssl/base.h + include/openssl/bio.h + include/openssl/blake2.h + include/openssl/blowfish.h + include/openssl/bn.h + include/openssl/buffer.h + include/openssl/buf.h + include/openssl/bytestring.h + include/openssl/cast.h + include/openssl/chacha.h + include/openssl/cipher.h + include/openssl/cmac.h + include/openssl/conf.h + include/openssl/cpu.h + include/openssl/crypto.h + include/openssl/curve25519.h + include/openssl/des.h + include/openssl/dh.h + include/openssl/digest.h + include/openssl/dsa.h + include/openssl/dtls1.h + include/openssl/ecdh.h + include/openssl/ecdsa.h + include/openssl/ec.h + include/openssl/ec_key.h + include/openssl/engine.h + include/openssl/e_os2.h + include/openssl/err.h + include/openssl/evp_errors.h + include/openssl/evp.h + include/openssl/ex_data.h + include/openssl/hkdf.h + include/openssl/hmac.h + include/openssl/hpke.h + include/openssl/hrss.h + include/openssl/is_boringssl.h + include/openssl/kdf.h + include/openssl/lhash.h + include/openssl/md4.h + include/openssl/md5.h + include/openssl/mem.h + include/openssl/nid.h + include/openssl/objects.h + include/openssl/obj.h + include/openssl/obj_mac.h + include/openssl/opensslconf.h + include/openssl/opensslv.h + include/openssl/ossl_typ.h + include/openssl/pem.h + include/openssl/pkcs12.h + include/openssl/pkcs7.h + include/openssl/pkcs8.h + include/openssl/poly1305.h + include/openssl/pool.h + include/openssl/rand.h + include/openssl/rc4.h + include/openssl/ripemd.h + include/openssl/rsa.h + include/openssl/safestack.h + include/openssl/service_indicator.h + include/openssl/sha.h + include/openssl/siphash.h + include/openssl/span.h + include/openssl/srtp.h + include/openssl/ssl3.h + include/openssl/ssl.h + include/openssl/stack.h + include/openssl/thread.h + include/openssl/tls1.h + include/openssl/trust_token.h + include/openssl/type_check.h + include/openssl/x509.h + include/openssl/x509v3.h + include/openssl/x509_vfy.h ) target_add_bssl_function(bssl-compat @@ -444,99 +528,15 @@ target_add_bssl_function(bssl-compat X509_verify_cert_error_string X509_VERIFY_PARAM_clear_flags X509_VERIFY_PARAM_set_flags - X509_VERIFY_PARAM_set_time X509_VERIFY_PARAM_set1 ) target_add_bssl_source(bssl-compat source/crypto/internal.h + source/crypto/mem.c source/crypto/bytestring/cbs.c source/crypto/bytestring/cbb.c ) - -target_add_bssl_include(bssl-compat - include/openssl/aead.h - include/openssl/aes.h - include/openssl/arm_arch.h - include/openssl/asn1.h - include/openssl/asn1_mac.h - include/openssl/asn1t.h - include/openssl/base64.h - include/openssl/base.h - include/openssl/bio.h - include/openssl/blake2.h - include/openssl/blowfish.h - include/openssl/bn.h - include/openssl/buffer.h - include/openssl/buf.h - include/openssl/bytestring.h - include/openssl/cast.h - include/openssl/chacha.h - include/openssl/cipher.h - include/openssl/cmac.h - include/openssl/conf.h - include/openssl/cpu.h - include/openssl/crypto.h - include/openssl/curve25519.h - include/openssl/des.h - include/openssl/dh.h - include/openssl/digest.h - include/openssl/dsa.h - include/openssl/dtls1.h - include/openssl/ecdh.h - include/openssl/ecdsa.h - include/openssl/ec.h - include/openssl/ec_key.h - include/openssl/engine.h - include/openssl/e_os2.h - include/openssl/err.h - include/openssl/evp_errors.h - include/openssl/evp.h - include/openssl/ex_data.h - include/openssl/hkdf.h - include/openssl/hmac.h - include/openssl/hpke.h - include/openssl/hrss.h - include/openssl/is_boringssl.h - include/openssl/kdf.h - include/openssl/lhash.h - include/openssl/md4.h - include/openssl/md5.h - include/openssl/mem.h - include/openssl/nid.h - include/openssl/objects.h - include/openssl/obj.h - include/openssl/obj_mac.h - include/openssl/opensslconf.h - include/openssl/opensslv.h - include/openssl/ossl_typ.h - include/openssl/pem.h - include/openssl/pkcs12.h - include/openssl/pkcs7.h - include/openssl/pkcs8.h - include/openssl/poly1305.h - include/openssl/pool.h - include/openssl/rand.h - include/openssl/rc4.h - include/openssl/ripemd.h - include/openssl/rsa.h - include/openssl/safestack.h - include/openssl/service_indicator.h - include/openssl/sha.h - include/openssl/siphash.h - include/openssl/span.h - include/openssl/srtp.h - include/openssl/ssl3.h - include/openssl/ssl.h - include/openssl/stack.h - include/openssl/thread.h - include/openssl/tls1.h - include/openssl/trust_token.h - include/openssl/type_check.h - include/openssl/x509.h - include/openssl/x509v3.h - include/openssl/x509_vfy.h -) target_compile_definitions(bssl-compat PUBLIC ossl_OPENSSL_SUPPRESS_DEPRECATED) target_include_directories(bssl-compat PUBLIC include) target_link_libraries(bssl-compat INTERFACE ${CMAKE_DL_LIBS}) diff --git a/bssl-compat/cmake/boringssl.cmake b/bssl-compat/cmake/boringssl.cmake index ba7fd35ce4..5185ae86a0 100644 --- a/bssl-compat/cmake/boringssl.cmake +++ b/bssl-compat/cmake/boringssl.cmake @@ -22,15 +22,16 @@ add_dependencies(BoringSSL::Crypto BoringSSL) function(_target_add_bssl_file target src-file dst-file) - set(generate-cmd "${CMAKE_CURRENT_SOURCE_DIR}/tools/generate.h.sh" - "${CMAKE_CURRENT_SOURCE_DIR}" - "${CMAKE_CURRENT_BINARY_DIR}" - "${src-file}" "${dst-file}") - execute_process(COMMAND ${generate-cmd}) target_sources(${target} PRIVATE ${dst-file}) - string(MAKE_C_IDENTIFIER ${dst-file} dst-file-target) - add_custom_target(${dst-file-target} COMMAND ${generate-cmd}) - add_dependencies(${target} ${dst-file-target}) + set(generate-cmd "${CMAKE_CURRENT_SOURCE_DIR}/tools/generate.h.sh" "${CMAKE_CURRENT_SOURCE_DIR}" "${CMAKE_CURRENT_BINARY_DIR}" "${src-file}" "${dst-file}") + foreach(dependency "external/boringssl/${src-file}" "patch/${dst-file}.sh" "patch/${dst-file}.patch") + if(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/${dependency}") + set(dependencies ${dependencies} "${CMAKE_CURRENT_SOURCE_DIR}/${dependency}") + endif() + endforeach() + set(dependencies ${dependencies} "${CMAKE_CURRENT_SOURCE_DIR}/tools/generate.h.sh") + set(dependencies ${dependencies} "${CMAKE_CURRENT_SOURCE_DIR}/tools/uncomment.sh") + add_custom_command(COMMAND ${generate-cmd} DEPENDS ${dependencies} OUTPUT "${CMAKE_CURRENT_SOURCE_DIR}/${dst-file}") endfunction() function(target_add_bssl_include target) diff --git a/bssl-compat/external/boringssl b/bssl-compat/external/boringssl index b95124305a..ca1690e221 160000 --- a/bssl-compat/external/boringssl +++ b/bssl-compat/external/boringssl @@ -1 +1 @@ -Subproject commit b95124305ab15c7523d3e21437309fa5dd717ee8 +Subproject commit ca1690e221677cea3fb946f324eb89d846ec53f2 diff --git a/bssl-compat/patch/include/openssl/asn1.h.patch b/bssl-compat/patch/include/openssl/asn1.h.patch deleted file mode 100644 index f5682c48fd..0000000000 --- a/bssl-compat/patch/include/openssl/asn1.h.patch +++ /dev/null @@ -1,283 +0,0 @@ ---- a/include/openssl/asn1.h -+++ b/include/openssl/asn1.h -@@ -55,20 +55,20 @@ - * [including the GNU Public Licence.] - */ - --// #ifndef HEADER_ASN1_H --// #define HEADER_ASN1_H -+#ifndef HEADER_ASN1_H -+#define HEADER_ASN1_H - --// #include -+#include - --// #include -+#include - --// #include --// #include --// #include -+#include -+#include -+#include - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // Legacy ASN.1 library. -@@ -296,7 +296,7 @@ - // DECLARE_ASN1_ITEM declares an |ASN1_ITEM| with name |name|. The |ASN1_ITEM| - // may be referenced with |ASN1_ITEM_rptr|. Uses of this macro should document - // the corresponding ASN.1 and C types. --// #define DECLARE_ASN1_ITEM(name) extern OPENSSL_EXPORT const ASN1_ITEM name##_it; -+#define DECLARE_ASN1_ITEM(name) extern OPENSSL_EXPORT const ASN1_ITEM name##_it; - - // ASN1_ITEM_rptr returns the |const ASN1_ITEM *| named |name|. - // #define ASN1_ITEM_rptr(name) (&(name##_it)) -@@ -563,7 +563,7 @@ - // OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_new(void); - - // ASN1_STRING_free releases memory associated with |str|. --// OPENSSL_EXPORT void ASN1_STRING_free(ASN1_STRING *str); -+OPENSSL_EXPORT void ASN1_STRING_free(ASN1_STRING *str); - - // ASN1_STRING_copy sets |dst| to a copy of |str|. It returns one on success and - // zero on error. -@@ -579,18 +579,18 @@ - // ASN1_STRING_get0_data returns a pointer to |str|'s contents. Callers should - // use |ASN1_STRING_length| to determine the length of the string. The string - // may have embedded NUL bytes and may not be NUL-terminated. --// OPENSSL_EXPORT const unsigned char *ASN1_STRING_get0_data( --// const ASN1_STRING *str); -+OPENSSL_EXPORT const unsigned char *ASN1_STRING_get0_data( -+ const ASN1_STRING *str); - - // ASN1_STRING_data returns a mutable pointer to |str|'s contents. Callers - // should use |ASN1_STRING_length| to determine the length of the string. The - // string may have embedded NUL bytes and may not be NUL-terminated. - // - // Prefer |ASN1_STRING_get0_data|. --// OPENSSL_EXPORT unsigned char *ASN1_STRING_data(ASN1_STRING *str); -+OPENSSL_EXPORT unsigned char *ASN1_STRING_data(ASN1_STRING *str); - - // ASN1_STRING_length returns the length of |str|, in bytes. --// OPENSSL_EXPORT int ASN1_STRING_length(const ASN1_STRING *str); -+OPENSSL_EXPORT int ASN1_STRING_length(const ASN1_STRING *str); - - // ASN1_STRING_cmp compares |a| and |b|'s type and contents. It returns an - // integer equal to, less than, or greater than zero if |a| is equal to, less -@@ -608,7 +608,7 @@ - // |data|. It returns one on success and zero on error. If |data| is NULL, it - // updates the length and allocates the buffer as needed, but does not - // initialize the contents. --// OPENSSL_EXPORT int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); -+OPENSSL_EXPORT int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); - - // ASN1_STRING_set0 sets the contents of |str| to |len| bytes from |data|. It - // takes ownership of |data|, which must have been allocated with -@@ -619,7 +619,7 @@ - // |V_ASN1_*| constant. - // OPENSSL_EXPORT ASN1_BMPSTRING *ASN1_BMPSTRING_new(void); - // OPENSSL_EXPORT ASN1_GENERALSTRING *ASN1_GENERALSTRING_new(void); --// OPENSSL_EXPORT ASN1_IA5STRING *ASN1_IA5STRING_new(void); -+OPENSSL_EXPORT ASN1_IA5STRING *ASN1_IA5STRING_new(void); - // OPENSSL_EXPORT ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(void); - // OPENSSL_EXPORT ASN1_PRINTABLESTRING *ASN1_PRINTABLESTRING_new(void); - // OPENSSL_EXPORT ASN1_T61STRING *ASN1_T61STRING_new(void); -@@ -630,7 +630,7 @@ - // The following functions call |ASN1_STRING_free|. - // OPENSSL_EXPORT void ASN1_BMPSTRING_free(ASN1_BMPSTRING *str); - // OPENSSL_EXPORT void ASN1_GENERALSTRING_free(ASN1_GENERALSTRING *str); --// OPENSSL_EXPORT void ASN1_IA5STRING_free(ASN1_IA5STRING *str); -+OPENSSL_EXPORT void ASN1_IA5STRING_free(ASN1_IA5STRING *str); - // OPENSSL_EXPORT void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *str); - // OPENSSL_EXPORT void ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *str); - // OPENSSL_EXPORT void ASN1_T61STRING_free(ASN1_T61STRING *str); -@@ -1037,10 +1037,10 @@ - - // ASN1_INTEGER_new calls |ASN1_STRING_type_new| with |V_ASN1_INTEGER|. The - // resulting object has value zero. --// OPENSSL_EXPORT ASN1_INTEGER *ASN1_INTEGER_new(void); -+OPENSSL_EXPORT ASN1_INTEGER *ASN1_INTEGER_new(void); - - // ASN1_INTEGER_free calls |ASN1_STRING_free|. --// OPENSSL_EXPORT void ASN1_INTEGER_free(ASN1_INTEGER *str); -+OPENSSL_EXPORT void ASN1_INTEGER_free(ASN1_INTEGER *str); - - // ASN1_INTEGER_dup calls |ASN1_STRING_dup|. - // OPENSSL_EXPORT ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x); -@@ -1061,11 +1061,11 @@ - // DER-encoded INTEGER, excluding the tag and length. It behaves like - // |d2i_SAMPLE_with_reuse| except, on success, it always consumes all |len| - // bytes. --// -+ - // TODO(https://crbug.com/boringssl/354): This function currently also accepts - // some invalid inputs, but this will be removed in the future. --// OPENSSL_EXPORT ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **in, --// const uint8_t **outp, long len); -+OPENSSL_EXPORT ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **in, -+ const uint8_t **outp, long len); - - // i2c_ASN1_INTEGER encodes |in| as the contents of a DER-encoded INTEGER, - // excluding the tag and length. If |outp| is non-NULL, it writes the result to -@@ -1117,7 +1117,7 @@ - // ASN1_INTEGER_to_BN sets |bn| to the value of |ai| and returns |bn| on success - // or NULL or error. If |bn| is NULL, it returns a newly-allocated |BIGNUM| on - // success instead, which the caller must release with |BN_free|. --// OPENSSL_EXPORT BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); -+OPENSSL_EXPORT BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); - - // ASN1_INTEGER_cmp compares the values of |x| and |y|. It returns an integer - // equal to, less than, or greater than zero if |x| is equal to, less than, or -@@ -1318,10 +1318,10 @@ - // ASN1_TIME_new returns a newly-allocated |ASN1_TIME| with type -1, or NULL on - // error. The resulting |ASN1_TIME| is not a valid X.509 Time until initialized - // with a value. --// OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_new(void); -+OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_new(void); - - // ASN1_TIME_free releases memory associated with |str|. --// OPENSSL_EXPORT void ASN1_TIME_free(ASN1_TIME *str); -+OPENSSL_EXPORT void ASN1_TIME_free(ASN1_TIME *str); - - // d2i_ASN1_TIME parses up to |len| bytes from |*inp| as a DER-encoded X.509 - // Time (RFC 5280), as described in |d2i_SAMPLE_with_reuse|. -@@ -1349,8 +1349,8 @@ - // - // Note this function may fail on overflow, or if |from| or |to| cannot be - // decoded. --// OPENSSL_EXPORT int ASN1_TIME_diff(int *out_days, int *out_seconds, --// const ASN1_TIME *from, const ASN1_TIME *to); -+OPENSSL_EXPORT int ASN1_TIME_diff(int *out_days, int *out_seconds, -+ const ASN1_TIME *from, const ASN1_TIME *to); - - // ASN1_TIME_set represents |t| as a GeneralizedTime or UTCTime and writes - // the result to |s|. As in RFC 5280, section 4.1.2.5, it uses UTCTime when the -@@ -1358,7 +1358,7 @@ - // on error. If |s| is NULL, it returns a newly-allocated |ASN1_TIME| instead. - // - // Note this function may fail if the time is out of range for GeneralizedTime. --// OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); -+OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); - - // ASN1_TIME_adj adds |offset_day| days and |offset_sec| seconds to - // |t| and writes the result to |s|. As in RFC 5280, section 4.1.2.5, it uses -@@ -1368,8 +1368,8 @@ - // - // Note this function may fail if the time overflows or is out of range for - // GeneralizedTime. --// OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, --// long offset_sec); -+OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, -+ long offset_sec); - - // ASN1_TIME_check returns one if |t| is a valid UTCTime or GeneralizedTime, and - // zero otherwise. |t|'s type determines which check is performed. This -@@ -1837,38 +1837,38 @@ - // prototypes directly. Particularly when |type|, |itname|, or |name| differ, - // the macros can be difficult to understand. - --// #define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) -+#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) - --// #define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ --// DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) -+#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ -+ DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) - --// #define DECLARE_ASN1_FUNCTIONS_name(type, name) \ --// DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ --// DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) -+#define DECLARE_ASN1_FUNCTIONS_name(type, name) \ -+ DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ -+ DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) - - // #define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ - // DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ - // DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) - --// #define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ --// OPENSSL_EXPORT type *d2i_##name(type **a, const unsigned char **in, \ --// long len); \ --// OPENSSL_EXPORT int i2d_##name(type *a, unsigned char **out); \ --// DECLARE_ASN1_ITEM(itname) -- --// #define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ --// OPENSSL_EXPORT type *d2i_##name(type **a, const unsigned char **in, \ --// long len); \ --// OPENSSL_EXPORT int i2d_##name(const type *a, unsigned char **out); \ --// DECLARE_ASN1_ITEM(name) -- --// #define DECLARE_ASN1_FUNCTIONS_const(name) \ --// DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ --// DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) -- --// #define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ --// OPENSSL_EXPORT type *name##_new(void); \ --// OPENSSL_EXPORT void name##_free(type *a); -+#define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ -+ OPENSSL_EXPORT type *d2i_##name(type **a, const unsigned char **in, \ -+ long len); \ -+ OPENSSL_EXPORT int i2d_##name(type *a, unsigned char **out); \ -+ DECLARE_ASN1_ITEM(itname) -+ -+#define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ -+ OPENSSL_EXPORT type *d2i_##name(type **a, const unsigned char **in, \ -+ long len); \ -+ OPENSSL_EXPORT int i2d_##name(const type *a, unsigned char **out); \ -+ DECLARE_ASN1_ITEM(name) -+ -+#define DECLARE_ASN1_FUNCTIONS_const(name) \ -+ DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ -+ DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) -+ -+#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ -+ OPENSSL_EXPORT type *name##_new(void); \ -+ OPENSSL_EXPORT void name##_free(type *a); - - - // Deprecated functions. -@@ -1987,22 +1987,22 @@ - // DECLARE_ASN1_ITEM(ASN1_PRINTABLE) - - --// #if defined(__cplusplus) --// } // extern C -+#if defined(__cplusplus) -+} // extern C - --// extern "C++" { -+extern "C++" { - --// BSSL_NAMESPACE_BEGIN -+BSSL_NAMESPACE_BEGIN - - // BORINGSSL_MAKE_DELETER(ASN1_OBJECT, ASN1_OBJECT_free) --// BORINGSSL_MAKE_DELETER(ASN1_STRING, ASN1_STRING_free) -+BORINGSSL_MAKE_DELETER(ASN1_STRING, ASN1_STRING_free) - // BORINGSSL_MAKE_DELETER(ASN1_TYPE, ASN1_TYPE_free) - --// BSSL_NAMESPACE_END -+BSSL_NAMESPACE_END - --// } // extern C++ -+} // extern C++ - --// #endif -+#endif - - #ifdef ossl_ASN1_R_ASN1_LENGTH_MISMATCH - #define ASN1_R_ASN1_LENGTH_MISMATCH ossl_ASN1_R_ASN1_LENGTH_MISMATCH -@@ -2296,4 +2296,4 @@ - #define ASN1_R_INVALID_INTEGER ossl_ASN1_R_INVALID_INTEGER - #endif - --// #endif -+#endif diff --git a/bssl-compat/patch/include/openssl/asn1.h.sh b/bssl-compat/patch/include/openssl/asn1.h.sh index 4711d299d1..2be6822138 100755 --- a/bssl-compat/patch/include/openssl/asn1.h.sh +++ b/bssl-compat/patch/include/openssl/asn1.h.sh @@ -1,5 +1,33 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(ASN1_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' \ - -e 's|^// \(#[ \t]*define[ \t]*\)\(MBSTRING_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' \ - -e 's|^// \(#[ \t]*define[ \t]*\)\(ASN1_STRFLGS_[A-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --uncomment-macro-redef 'ASN1_R_[a-zA-Z0-9_]*' \ + --uncomment-macro-redef 'MBSTRING_[a-zA-Z0-9_]*' \ + --uncomment-macro-redef 'ASN1_STRFLGS_[A-Z0-9_]*' \ + --uncomment-macro 'DECLARE_ASN1_ITEM' \ + --uncomment-func-decl ASN1_STRING_free \ + --uncomment-func-decl ASN1_STRING_get0_data \ + --uncomment-func-decl ASN1_STRING_data \ + --uncomment-func-decl ASN1_STRING_length \ + --uncomment-func-decl ASN1_STRING_set \ + --uncomment-func-decl ASN1_IA5STRING_new \ + --uncomment-func-decl ASN1_IA5STRING_free \ + --uncomment-func-decl ASN1_INTEGER_new \ + --uncomment-func-decl ASN1_INTEGER_free \ + --uncomment-func-decl c2i_ASN1_INTEGER \ + --uncomment-func-decl ASN1_INTEGER_to_BN \ + --uncomment-func-decl ASN1_TIME_new \ + --uncomment-func-decl ASN1_TIME_free \ + --uncomment-func-decl ASN1_TIME_diff \ + --uncomment-func-decl ASN1_TIME_set \ + --uncomment-func-decl ASN1_TIME_adj \ + --uncomment-macro DECLARE_ASN1_FUNCTIONS \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(ASN1_STRING' \ + --uncomment-macro DECLARE_ASN1_ALLOC_FUNCTIONS \ + --uncomment-macro DECLARE_ASN1_FUNCTIONS_name \ + --uncomment-macro DECLARE_ASN1_ENCODE_FUNCTIONS \ + --uncomment-macro DECLARE_ASN1_ENCODE_FUNCTIONS_const \ + --uncomment-macro DECLARE_ASN1_FUNCTIONS_const \ + --uncomment-macro DECLARE_ASN1_ALLOC_FUNCTIONS_name diff --git a/bssl-compat/patch/include/openssl/asn1t.h.patch b/bssl-compat/patch/include/openssl/asn1t.h.patch deleted file mode 100644 index 7187250325..0000000000 --- a/bssl-compat/patch/include/openssl/asn1t.h.patch +++ /dev/null @@ -1,37 +0,0 @@ ---- a/include/openssl/asn1t.h -+++ b/include/openssl/asn1t.h -@@ -54,15 +54,15 @@ - * Hudson (tjh@cryptsoft.com). - * - */ --// #ifndef HEADER_ASN1T_H --// #define HEADER_ASN1T_H -+#ifndef HEADER_ASN1T_H -+#define HEADER_ASN1T_H - --// #include --// #include -+#include -+#include - --// #ifdef __cplusplus --// extern "C" { --// #endif -+#ifdef __cplusplus -+extern "C" { -+#endif - - - /* Legacy ASN.1 library template definitions. -@@ -702,7 +702,7 @@ - - // DEFINE_STACK_OF(ASN1_VALUE) - --// #ifdef __cplusplus --// } --// #endif --// #endif -+#ifdef __cplusplus -+} -+#endif -+#endif diff --git a/bssl-compat/patch/include/openssl/asn1t.h.sh b/bssl-compat/patch/include/openssl/asn1t.h.sh new file mode 100755 index 0000000000..30a3b7b6b0 --- /dev/null +++ b/bssl-compat/patch/include/openssl/asn1t.h.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment -h diff --git a/bssl-compat/patch/include/openssl/base.h.patch b/bssl-compat/patch/include/openssl/base.h.patch deleted file mode 100644 index 99599980d3..0000000000 --- a/bssl-compat/patch/include/openssl/base.h.patch +++ /dev/null @@ -1,862 +0,0 @@ ---- a/include/openssl/base.h -+++ b/include/openssl/base.h -@@ -50,123 +50,128 @@ - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). */ - --// #ifndef OPENSSL_HEADER_BASE_H --// #define OPENSSL_HEADER_BASE_H -+#ifndef OPENSSL_HEADER_BASE_H -+#define OPENSSL_HEADER_BASE_H - - - // This file should be the first included by all BoringSSL headers. - --// #include --// #include --// #include -+#include -+#include -+#include - --// #if defined(__MINGW32__) -+#if defined(__MINGW32__) - // stdio.h is needed on MinGW for __MINGW_PRINTF_FORMAT. --// #include --// #endif -+#include -+#endif - --// #if defined(__APPLE__) --// #include --// #endif -+#if defined(__APPLE__) -+#include -+#endif - - // Include a BoringSSL-only header so consumers including this header without - // setting up include paths do not accidentally pick up the system - // opensslconf.h. --// #include --// #include -+#include -+#include - --// #if defined(BORINGSSL_PREFIX) --// #include --// #endif -- --// #if defined(__cplusplus) --// extern "C" { --// #endif -- -- --// #if defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) --// #define OPENSSL_64_BIT --// #define OPENSSL_X86_64 --// #elif defined(__x86) || defined(__i386) || defined(__i386__) || defined(_M_IX86) --// #define OPENSSL_32_BIT --// #define OPENSSL_X86 --// #elif defined(__AARCH64EL__) || defined(_M_ARM64) --// #define OPENSSL_64_BIT --// #define OPENSSL_AARCH64 --// #elif defined(__ARMEL__) || defined(_M_ARM) --// #define OPENSSL_32_BIT --// #define OPENSSL_ARM --// #elif (defined(__PPC64__) || defined(__powerpc64__)) && defined(_LITTLE_ENDIAN) --// #define OPENSSL_64_BIT --// #define OPENSSL_PPC64LE --// #elif defined(__MIPSEL__) && !defined(__LP64__) --// #define OPENSSL_32_BIT --// #define OPENSSL_MIPS --// #elif defined(__MIPSEL__) && defined(__LP64__) --// #define OPENSSL_64_BIT --// #define OPENSSL_MIPS64 --// #elif defined(__riscv) && __SIZEOF_POINTER__ == 8 --// #define OPENSSL_64_BIT --// #elif defined(__riscv) && __SIZEOF_POINTER__ == 4 --// #define OPENSSL_32_BIT --// #elif defined(__pnacl__) --// #define OPENSSL_32_BIT --// #define OPENSSL_PNACL --// #elif defined(__wasm__) --// #define OPENSSL_32_BIT --// #elif defined(__asmjs__) --// #define OPENSSL_32_BIT --// #elif defined(__myriad2__) --// #define OPENSSL_32_BIT --// #elif defined(__riscv) && __riscv_xlen == 64 --// #define OPENSSL_64_BIT --// #else -+#if defined(BORINGSSL_PREFIX) -+#include -+#endif -+ -+#define BSSL_COMPAT -+#include -+#include -+#include -+ -+#if defined(__cplusplus) -+extern "C" { -+#endif -+ -+ -+#if defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) -+#define OPENSSL_64_BIT -+#define OPENSSL_X86_64 -+#elif defined(__x86) || defined(__i386) || defined(__i386__) || defined(_M_IX86) -+#define OPENSSL_32_BIT -+#define OPENSSL_X86 -+#elif defined(__AARCH64EL__) || defined(_M_ARM64) -+#define OPENSSL_64_BIT -+#define OPENSSL_AARCH64 -+#elif defined(__ARMEL__) || defined(_M_ARM) -+#define OPENSSL_32_BIT -+#define OPENSSL_ARM -+#elif (defined(__PPC64__) || defined(__powerpc64__)) && defined(_LITTLE_ENDIAN) -+#define OPENSSL_64_BIT -+#define OPENSSL_PPC64LE -+#elif defined(__MIPSEL__) && !defined(__LP64__) -+#define OPENSSL_32_BIT -+#define OPENSSL_MIPS -+#elif defined(__MIPSEL__) && defined(__LP64__) -+#define OPENSSL_64_BIT -+#define OPENSSL_MIPS64 -+#elif defined(__riscv) && __SIZEOF_POINTER__ == 8 -+#define OPENSSL_64_BIT -+#elif defined(__riscv) && __SIZEOF_POINTER__ == 4 -+#define OPENSSL_32_BIT -+#elif defined(__pnacl__) -+#define OPENSSL_32_BIT -+#define OPENSSL_PNACL -+#elif defined(__wasm__) -+#define OPENSSL_32_BIT -+#elif defined(__asmjs__) -+#define OPENSSL_32_BIT -+#elif defined(__myriad2__) -+#define OPENSSL_32_BIT -+#elif defined(__riscv) && __riscv_xlen == 64 -+#define OPENSSL_64_BIT -+#else - // Note BoringSSL only supports standard 32-bit and 64-bit two's-complement, - // little-endian architectures. Functions will not produce the correct answer - // on other systems. Run the crypto_test binary, notably - // crypto/compiler_test.cc, before adding a new architecture. --// #error "Unknown target CPU" --// #endif -+#error "Unknown target CPU" -+#endif - --// #if defined(__APPLE__) --// #define OPENSSL_APPLE -+#if defined(__APPLE__) -+#define OPENSSL_APPLE - // Note |TARGET_OS_MAC| is set for all Apple OS variants. |TARGET_OS_OSX| - // targets macOS specifically. --// #if defined(TARGET_OS_OSX) && TARGET_OS_OSX --// #define OPENSSL_MACOS --// #endif --// #if defined(TARGET_OS_IPHONE) && TARGET_OS_IPHONE --// #define OPENSSL_IOS --// #endif --// #endif -- --// #if defined(_WIN32) --// #define OPENSSL_WINDOWS --// #endif -+#if defined(TARGET_OS_OSX) && TARGET_OS_OSX -+#define OPENSSL_MACOS -+#endif -+#if defined(TARGET_OS_IPHONE) && TARGET_OS_IPHONE -+#define OPENSSL_IOS -+#endif -+#endif -+ -+#if defined(_WIN32) -+#define OPENSSL_WINDOWS -+#endif - - // Trusty isn't Linux but currently defines __linux__. As a workaround, we - // exclude it here. - // TODO(b/169780122): Remove this workaround once Trusty no longer defines it. --// #if defined(__linux__) && !defined(__TRUSTY__) --// #define OPENSSL_LINUX --// #endif -- --// #if defined(__Fuchsia__) --// #define OPENSSL_FUCHSIA --// #endif -- --// #if defined(__TRUSTY__) --// #define OPENSSL_TRUSTY --// #define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED --// #endif -- --// #if defined(__ANDROID_API__) --// #define OPENSSL_ANDROID --// #endif -- --// #if defined(__FreeBSD__) --// #define OPENSSL_FREEBSD --// #endif -+#if defined(__linux__) && !defined(__TRUSTY__) -+#define OPENSSL_LINUX -+#endif -+ -+#if defined(__Fuchsia__) -+#define OPENSSL_FUCHSIA -+#endif -+ -+#if defined(__TRUSTY__) -+#define OPENSSL_TRUSTY -+#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED -+#endif -+ -+#if defined(__ANDROID_API__) -+#define OPENSSL_ANDROID -+#endif -+ -+#if defined(__FreeBSD__) -+#define OPENSSL_FREEBSD -+#endif - - // BoringSSL requires platform's locking APIs to make internal global state - // thread-safe, including the PRNG. On some single-threaded embedded platforms, -@@ -181,13 +186,13 @@ - // Do not set this flag on any platform where threads are possible. BoringSSL - // maintainers will not provide support for any consumers that do so. Changes - // which break such unsupported configurations will not be reverted. --// #if !defined(OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED) --// #define OPENSSL_THREADS --// #endif -- --// #define OPENSSL_IS_BORINGSSL --// #define OPENSSL_VERSION_NUMBER 0x1010107f --// #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER -+#if !defined(OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED) -+#define OPENSSL_THREADS -+#endif -+ -+#define OPENSSL_IS_BORINGSSL -+#define OPENSSL_VERSION_NUMBER 0x1010107f -+#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER - - // BORINGSSL_API_VERSION is a positive integer that increments as BoringSSL - // changes over time. The value itself is not meaningful. It will be incremented -@@ -197,63 +202,63 @@ - // A consumer may use this symbol in the preprocessor to temporarily build - // against multiple revisions of BoringSSL at the same time. It is not - // recommended to do so for longer than is necessary. --// #define BORINGSSL_API_VERSION 18 -+#define BORINGSSL_API_VERSION 18 - --// #if defined(BORINGSSL_SHARED_LIBRARY) -+#if defined(BORINGSSL_SHARED_LIBRARY) - --// #if defined(OPENSSL_WINDOWS) -+#if defined(OPENSSL_WINDOWS) - --// #if defined(BORINGSSL_IMPLEMENTATION) --// #define OPENSSL_EXPORT __declspec(dllexport) --// #else --// #define OPENSSL_EXPORT __declspec(dllimport) --// #endif -+#if defined(BORINGSSL_IMPLEMENTATION) -+#define OPENSSL_EXPORT __declspec(dllexport) -+#else -+#define OPENSSL_EXPORT __declspec(dllimport) -+#endif - --// #else // defined(OPENSSL_WINDOWS) -+#else // defined(OPENSSL_WINDOWS) - --// #if defined(BORINGSSL_IMPLEMENTATION) --// #define OPENSSL_EXPORT __attribute__((visibility("default"))) --// #else --// #define OPENSSL_EXPORT --// #endif -+#if defined(BORINGSSL_IMPLEMENTATION) -+#define OPENSSL_EXPORT __attribute__((visibility("default"))) -+#else -+#define OPENSSL_EXPORT -+#endif - --// #endif // defined(OPENSSL_WINDOWS) -+#endif // defined(OPENSSL_WINDOWS) - --// #else // defined(BORINGSSL_SHARED_LIBRARY) -+#else // defined(BORINGSSL_SHARED_LIBRARY) - --// #define OPENSSL_EXPORT -+#define OPENSSL_EXPORT - --// #endif // defined(BORINGSSL_SHARED_LIBRARY) -+#endif // defined(BORINGSSL_SHARED_LIBRARY) - - --// #if defined(__GNUC__) || defined(__clang__) -+#if defined(__GNUC__) || defined(__clang__) - // MinGW has two different printf implementations. Ensure the format macro - // matches the selected implementation. See - // https://sourceforge.net/p/mingw-w64/wiki2/gnu%20printf/. --// #if defined(__MINGW_PRINTF_FORMAT) --// #define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) \ --// __attribute__( \ --// (__format__(__MINGW_PRINTF_FORMAT, string_index, first_to_check))) --// #else --// #define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) \ --// __attribute__((__format__(__printf__, string_index, first_to_check))) --// #endif --// #else --// #define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) --// #endif -+#if defined(__MINGW_PRINTF_FORMAT) -+#define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) \ -+ __attribute__( \ -+ (__format__(__MINGW_PRINTF_FORMAT, string_index, first_to_check))) -+#else -+#define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) \ -+ __attribute__((__format__(__printf__, string_index, first_to_check))) -+#endif -+#else -+#define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) -+#endif - - // OPENSSL_MSVC_PRAGMA emits a pragma on MSVC and nothing on other compilers. --// #if defined(_MSC_VER) --// #define OPENSSL_MSVC_PRAGMA(arg) __pragma(arg) --// #else --// #define OPENSSL_MSVC_PRAGMA(arg) --// #endif -- --// #if defined(__GNUC__) || defined(__clang__) --// #define OPENSSL_UNUSED __attribute__((unused)) --// #else --// #define OPENSSL_UNUSED --// #endif -+#if defined(_MSC_VER) -+#define OPENSSL_MSVC_PRAGMA(arg) __pragma(arg) -+#else -+#define OPENSSL_MSVC_PRAGMA(arg) -+#endif -+ -+#if defined(__GNUC__) || defined(__clang__) -+#define OPENSSL_UNUSED __attribute__((unused)) -+#else -+#define OPENSSL_UNUSED -+#endif - - // C and C++ handle inline functions differently. In C++, an inline function is - // defined in just the header file, potentially emitted in multiple compilation -@@ -275,134 +280,134 @@ - // not used much in practice, extern inline is tedious, and there are conflicts - // with the old gnu89 model: - // https://stackoverflow.com/questions/216510/extern-inline --// #if defined(__cplusplus) --// #define OPENSSL_INLINE inline --// #else -+#if defined(__cplusplus) -+#define OPENSSL_INLINE inline -+#else - // Add OPENSSL_UNUSED so that, should an inline function be emitted via macro - // (e.g. a |STACK_OF(T)| implementation) in a source file without tripping - // clang's -Wunused-function. --// #define OPENSSL_INLINE static inline OPENSSL_UNUSED --// #endif -+#define OPENSSL_INLINE static inline OPENSSL_UNUSED -+#endif - --// #if defined(BORINGSSL_UNSAFE_FUZZER_MODE) && \ --// !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE) --// #define BORINGSSL_UNSAFE_DETERMINISTIC_MODE --// #endif -- --// #if defined(__has_feature) --// #if __has_feature(address_sanitizer) --// #define OPENSSL_ASAN --// #endif --// #if __has_feature(thread_sanitizer) --// #define OPENSSL_TSAN --// #endif --// #if __has_feature(memory_sanitizer) --// #define OPENSSL_MSAN --// #define OPENSSL_ASM_INCOMPATIBLE --// #endif --// #endif -- --// #if defined(OPENSSL_ASM_INCOMPATIBLE) --// #undef OPENSSL_ASM_INCOMPATIBLE --// #if !defined(OPENSSL_NO_ASM) --// #define OPENSSL_NO_ASM --// #endif --// #endif // OPENSSL_ASM_INCOMPATIBLE -+#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) && \ -+ !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE) -+#define BORINGSSL_UNSAFE_DETERMINISTIC_MODE -+#endif -+ -+#if defined(__has_feature) -+#if __has_feature(address_sanitizer) -+#define OPENSSL_ASAN -+#endif -+#if __has_feature(thread_sanitizer) -+#define OPENSSL_TSAN -+#endif -+#if __has_feature(memory_sanitizer) -+#define OPENSSL_MSAN -+#define OPENSSL_ASM_INCOMPATIBLE -+#endif -+#endif -+ -+#if defined(OPENSSL_ASM_INCOMPATIBLE) -+#undef OPENSSL_ASM_INCOMPATIBLE -+#if !defined(OPENSSL_NO_ASM) -+#define OPENSSL_NO_ASM -+#endif -+#endif // OPENSSL_ASM_INCOMPATIBLE - --// #if defined(__cplusplus) -+#if defined(__cplusplus) - // enums can be predeclared, but only in C++ and only if given an explicit type. - // C doesn't support setting an explicit type for enums thus a #define is used - // to do this only for C++. However, the ABI type between C and C++ need to have - // equal sizes, which is confirmed in a unittest. --// #define BORINGSSL_ENUM_INT : int --// enum ssl_early_data_reason_t BORINGSSL_ENUM_INT; --// enum ssl_encryption_level_t BORINGSSL_ENUM_INT; --// enum ssl_private_key_result_t BORINGSSL_ENUM_INT; --// enum ssl_renegotiate_mode_t BORINGSSL_ENUM_INT; --// enum ssl_select_cert_result_t BORINGSSL_ENUM_INT; --// enum ssl_select_cert_result_t BORINGSSL_ENUM_INT; --// enum ssl_ticket_aead_result_t BORINGSSL_ENUM_INT; --// enum ssl_verify_result_t BORINGSSL_ENUM_INT; --// #else --// #define BORINGSSL_ENUM_INT --// #endif -+#define BORINGSSL_ENUM_INT : int -+enum ssl_early_data_reason_t BORINGSSL_ENUM_INT; -+enum ssl_encryption_level_t BORINGSSL_ENUM_INT; -+enum ssl_private_key_result_t BORINGSSL_ENUM_INT; -+enum ssl_renegotiate_mode_t BORINGSSL_ENUM_INT; -+enum ssl_select_cert_result_t BORINGSSL_ENUM_INT; -+enum ssl_select_cert_result_t BORINGSSL_ENUM_INT; -+enum ssl_ticket_aead_result_t BORINGSSL_ENUM_INT; -+enum ssl_verify_result_t BORINGSSL_ENUM_INT; -+#else -+#define BORINGSSL_ENUM_INT -+#endif - - // CRYPTO_THREADID is a dummy value. --// typedef int CRYPTO_THREADID; -+typedef int CRYPTO_THREADID; - - // An |ASN1_NULL| is an opaque type. asn1.h represents the ASN.1 NULL value as - // an opaque, non-NULL |ASN1_NULL*| pointer. - // typedef struct asn1_null_st ASN1_NULL; - - // typedef int ASN1_BOOLEAN; --// typedef struct ASN1_ITEM_st ASN1_ITEM; --// typedef struct asn1_object_st ASN1_OBJECT; -+typedef struct ossl_ASN1_ITEM_st ASN1_ITEM; -+typedef ossl_ASN1_OBJECT ASN1_OBJECT; - // typedef struct asn1_pctx_st ASN1_PCTX; - // typedef struct asn1_string_st ASN1_BIT_STRING; - // typedef struct asn1_string_st ASN1_BMPSTRING; - // typedef struct asn1_string_st ASN1_ENUMERATED; - // typedef struct asn1_string_st ASN1_GENERALIZEDTIME; - // typedef struct asn1_string_st ASN1_GENERALSTRING; --// typedef struct asn1_string_st ASN1_IA5STRING; --// typedef struct asn1_string_st ASN1_INTEGER; --// typedef struct asn1_string_st ASN1_OCTET_STRING; -+typedef ossl_ASN1_IA5STRING ASN1_IA5STRING; -+typedef ossl_ASN1_INTEGER ASN1_INTEGER; -+typedef ossl_ASN1_OCTET_STRING ASN1_OCTET_STRING; - // typedef struct asn1_string_st ASN1_PRINTABLESTRING; --// typedef struct asn1_string_st ASN1_STRING; -+typedef ossl_ASN1_STRING ASN1_STRING; - // typedef struct asn1_string_st ASN1_T61STRING; --// typedef struct asn1_string_st ASN1_TIME; -+typedef ossl_ASN1_TIME ASN1_TIME; - // typedef struct asn1_string_st ASN1_UNIVERSALSTRING; - // typedef struct asn1_string_st ASN1_UTCTIME; - // typedef struct asn1_string_st ASN1_UTF8STRING; - // typedef struct asn1_string_st ASN1_VISIBLESTRING; - // typedef struct asn1_type_st ASN1_TYPE; - // typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID; --// typedef struct BASIC_CONSTRAINTS_st BASIC_CONSTRAINTS; -+typedef ossl_BASIC_CONSTRAINTS BASIC_CONSTRAINTS; - // typedef struct DIST_POINT_st DIST_POINT; - // typedef struct DSA_SIG_st DSA_SIG; - // typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; --// typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; -+typedef ossl_NAME_CONSTRAINTS NAME_CONSTRAINTS; - // typedef struct Netscape_spkac_st NETSCAPE_SPKAC; - // typedef struct Netscape_spki_st NETSCAPE_SPKI; - // typedef struct RIPEMD160state_st RIPEMD160_CTX; --// typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; -+typedef ossl_X509_VERIFY_PARAM X509_VERIFY_PARAM; - // typedef struct X509_algor_st X509_ALGOR; --// typedef struct X509_crl_st X509_CRL; --// typedef struct X509_extension_st X509_EXTENSION; --// typedef struct X509_info_st X509_INFO; --// typedef struct X509_name_entry_st X509_NAME_ENTRY; --// typedef struct X509_name_st X509_NAME; --// typedef struct X509_pubkey_st X509_PUBKEY; -+typedef ossl_X509_CRL X509_CRL; -+typedef ossl_X509_EXTENSION X509_EXTENSION; -+typedef ossl_X509_INFO X509_INFO; -+typedef ossl_X509_NAME_ENTRY X509_NAME_ENTRY; -+typedef ossl_X509_NAME X509_NAME; -+typedef ossl_X509_PUBKEY X509_PUBKEY; - // typedef struct X509_req_st X509_REQ; - // typedef struct X509_sig_st X509_SIG; - // typedef struct bignum_ctx BN_CTX; --// typedef struct bignum_st BIGNUM; --// typedef struct bio_method_st BIO_METHOD; --// typedef struct bio_st BIO; -+typedef ossl_BIGNUM BIGNUM; -+typedef struct bio_method_st BIO_METHOD; -+typedef ossl_BIO BIO; - // typedef struct blake2b_state_st BLAKE2B_CTX; --// typedef struct bn_gencb_st BN_GENCB; -+typedef ossl_BN_GENCB BN_GENCB; - // typedef struct bn_mont_ctx_st BN_MONT_CTX; - // typedef struct buf_mem_st BUF_MEM; --// typedef struct cbb_st CBB; --// typedef struct cbs_st CBS; -+typedef struct cbb_st CBB; -+typedef struct cbs_st CBS; - // typedef struct cmac_ctx_st CMAC_CTX; - // typedef struct conf_st CONF; - // typedef struct conf_value_st CONF_VALUE; --// typedef struct crypto_buffer_pool_st CRYPTO_BUFFER_POOL; --// typedef struct crypto_buffer_st CRYPTO_BUFFER; -+typedef struct crypto_buffer_pool_st CRYPTO_BUFFER_POOL; -+typedef struct crypto_buffer_st CRYPTO_BUFFER; - // typedef struct dh_st DH; - // typedef struct dsa_st DSA; --// typedef struct ec_group_st EC_GROUP; --// typedef struct ec_key_st EC_KEY; -+typedef ossl_EC_GROUP EC_GROUP; -+typedef ossl_EC_KEY EC_KEY; - // typedef struct ec_point_st EC_POINT; - // typedef struct ecdsa_method_st ECDSA_METHOD; - // typedef struct ecdsa_sig_st ECDSA_SIG; --// typedef struct engine_st ENGINE; --// typedef struct env_md_ctx_st EVP_MD_CTX; --// typedef struct env_md_st EVP_MD; -+typedef ossl_ENGINE ENGINE; -+typedef ossl_EVP_MD_CTX EVP_MD_CTX; -+typedef ossl_EVP_MD EVP_MD; - // typedef struct evp_aead_st EVP_AEAD; - // typedef struct evp_aead_ctx_st EVP_AEAD_CTX; --// typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; --// typedef struct evp_cipher_st EVP_CIPHER; -+typedef ossl_EVP_CIPHER_CTX EVP_CIPHER_CTX; -+typedef ossl_EVP_CIPHER EVP_CIPHER; - // typedef struct evp_encode_ctx_st EVP_ENCODE_CTX; - // typedef struct evp_hpke_aead_st EVP_HPKE_AEAD; - // typedef struct evp_hpke_ctx_st EVP_HPKE_CTX; -@@ -410,35 +415,35 @@ - // typedef struct evp_hpke_kem_st EVP_HPKE_KEM; - // typedef struct evp_hpke_key_st EVP_HPKE_KEY; - // typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; --// typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; -+typedef ossl_EVP_PKEY_CTX EVP_PKEY_CTX; - // typedef struct evp_pkey_method_st EVP_PKEY_METHOD; --// typedef struct evp_pkey_st EVP_PKEY; --// typedef struct hmac_ctx_st HMAC_CTX; -+typedef ossl_EVP_PKEY EVP_PKEY; -+typedef ossl_HMAC_CTX HMAC_CTX; - // typedef struct md4_state_st MD4_CTX; - // typedef struct md5_state_st MD5_CTX; - // typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS; --// typedef struct pkcs12_st PKCS12; -+typedef struct ossl_PKCS12_st PKCS12; - // typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; - // typedef struct private_key_st X509_PKEY; - // typedef struct rand_meth_st RAND_METHOD; - // typedef struct rc4_key_st RC4_KEY; - // typedef struct rsa_meth_st RSA_METHOD; - // typedef struct rsa_pss_params_st RSA_PSS_PARAMS; --// typedef struct rsa_st RSA; -+typedef ossl_RSA RSA; - // typedef struct sha256_state_st SHA256_CTX; - // typedef struct sha512_state_st SHA512_CTX; - // typedef struct sha_state_st SHA_CTX; - // typedef struct spake2_ctx_st SPAKE2_CTX; - // typedef struct srtp_protection_profile_st SRTP_PROTECTION_PROFILE; --// typedef struct ssl_cipher_st SSL_CIPHER; --// typedef struct ssl_ctx_st SSL_CTX; --// typedef struct ssl_early_callback_ctx SSL_CLIENT_HELLO; -+typedef ossl_SSL_CIPHER SSL_CIPHER; -+typedef ossl_SSL_CTX SSL_CTX; -+typedef struct ssl_early_callback_ctx SSL_CLIENT_HELLO; - // typedef struct ssl_ech_keys_st SSL_ECH_KEYS; --// typedef struct ssl_method_st SSL_METHOD; --// typedef struct ssl_private_key_method_st SSL_PRIVATE_KEY_METHOD; -+typedef ossl_SSL_METHOD SSL_METHOD; -+typedef struct ssl_private_key_method_st SSL_PRIVATE_KEY_METHOD; - // typedef struct ssl_quic_method_st SSL_QUIC_METHOD; --// typedef struct ssl_session_st SSL_SESSION; --// typedef struct ssl_st SSL; -+typedef ossl_SSL_SESSION SSL_SESSION; -+typedef ossl_SSL SSL; - // typedef struct ssl_ticket_aead_method_st SSL_TICKET_AEAD_METHOD; - // typedef struct st_ERR_FNS ERR_FNS; - // typedef struct trust_token_st TRUST_TOKEN; -@@ -451,110 +456,110 @@ - // typedef struct x509_lookup_method_st X509_LOOKUP_METHOD; - // typedef struct x509_object_st X509_OBJECT; - // typedef struct x509_revoked_st X509_REVOKED; --// typedef struct x509_st X509; --// typedef struct x509_store_ctx_st X509_STORE_CTX; --// typedef struct x509_store_st X509_STORE; -+typedef ossl_X509 X509; -+typedef ossl_X509_STORE_CTX X509_STORE_CTX; -+typedef ossl_X509_STORE X509_STORE; - // typedef struct x509_trust_st X509_TRUST; - - // typedef void *OPENSSL_BLOCK; - - --// #if defined(__cplusplus) --// } // extern C --// #elif !defined(BORINGSSL_NO_CXX) --// #define BORINGSSL_NO_CXX --// #endif -- --// #if defined(BORINGSSL_PREFIX) --// #define BSSL_NAMESPACE_BEGIN \ --// namespace bssl { \ --// inline namespace BORINGSSL_PREFIX { --// #define BSSL_NAMESPACE_END \ --// } \ --// } --// #else --// #define BSSL_NAMESPACE_BEGIN namespace bssl { --// #define BSSL_NAMESPACE_END } --// #endif -+#if defined(__cplusplus) -+} // extern C -+#elif !defined(BORINGSSL_NO_CXX) -+#define BORINGSSL_NO_CXX -+#endif -+ -+#if defined(BORINGSSL_PREFIX) -+#define BSSL_NAMESPACE_BEGIN \ -+ namespace bssl { \ -+ inline namespace BORINGSSL_PREFIX { -+#define BSSL_NAMESPACE_END \ -+ } \ -+ } -+#else -+#define BSSL_NAMESPACE_BEGIN namespace bssl { -+#define BSSL_NAMESPACE_END } -+#endif - - // MSVC doesn't set __cplusplus to 201103 to indicate C++11 support (see - // https://connect.microsoft.com/VisualStudio/feedback/details/763051/a-value-of-predefined-macro-cplusplus-is-still-199711l) - // so MSVC is just assumed to support C++11. --// #if !defined(BORINGSSL_NO_CXX) && __cplusplus < 201103L && !defined(_MSC_VER) --// #define BORINGSSL_NO_CXX --// #endif -+#if !defined(BORINGSSL_NO_CXX) && __cplusplus < 201103L && !defined(_MSC_VER) -+#define BORINGSSL_NO_CXX -+#endif - --// #if !defined(BORINGSSL_NO_CXX) -+#if !defined(BORINGSSL_NO_CXX) - --// extern "C++" { -+extern "C++" { - --// #include -+#include - - // STLPort, used by some Android consumers, not have std::unique_ptr. --// #if defined(_STLPORT_VERSION) --// #define BORINGSSL_NO_CXX --// #endif -+#if defined(_STLPORT_VERSION) -+#define BORINGSSL_NO_CXX -+#endif - --// } // extern C++ --// #endif // !BORINGSSL_NO_CXX -+} // extern C++ -+#endif // !BORINGSSL_NO_CXX - --// #if defined(BORINGSSL_NO_CXX) -+#if defined(BORINGSSL_NO_CXX) - --// #define BORINGSSL_MAKE_DELETER(type, deleter) --// #define BORINGSSL_MAKE_UP_REF(type, up_ref_func) -+#define BORINGSSL_MAKE_DELETER(type, deleter) -+#define BORINGSSL_MAKE_UP_REF(type, up_ref_func) - --// #else -+#else - --// extern "C++" { -+extern "C++" { - --// BSSL_NAMESPACE_BEGIN -+BSSL_NAMESPACE_BEGIN - --// namespace internal { -+namespace internal { - - // The Enable parameter is ignored and only exists so specializations can use - // SFINAE. --// template --// struct DeleterImpl {}; -- --// template --// struct Deleter { --// void operator()(T *ptr) { --// // Rather than specialize Deleter for each type, we specialize --// // DeleterImpl. This allows bssl::UniquePtr to be used while only --// // including base.h as long as the destructor is not emitted. This matches --// // std::unique_ptr's behavior on forward-declared types. --// // --// // DeleterImpl itself is specialized in the corresponding module's header --// // and must be included to release an object. If not included, the compiler --// // will error that DeleterImpl does not have a method Free. --// DeleterImpl::Free(ptr); --// } --// }; -- --// template --// class StackAllocated { --// public: --// StackAllocated() { init(&ctx_); } --// ~StackAllocated() { cleanup(&ctx_); } -- --// StackAllocated(const StackAllocated &) = delete; --// StackAllocated& operator=(const StackAllocated &) = delete; -- --// T *get() { return &ctx_; } --// const T *get() const { return &ctx_; } -- --// T *operator->() { return &ctx_; } --// const T *operator->() const { return &ctx_; } -- --// void Reset() { --// cleanup(&ctx_); --// init(&ctx_); --// } -+template -+struct DeleterImpl {}; - --// private: --// T ctx_; --// }; -+template -+struct Deleter { -+ void operator()(T *ptr) { -+ // Rather than specialize Deleter for each type, we specialize -+ // DeleterImpl. This allows bssl::UniquePtr to be used while only -+ // including base.h as long as the destructor is not emitted. This matches -+ // std::unique_ptr's behavior on forward-declared types. -+ // -+ // DeleterImpl itself is specialized in the corresponding module's header -+ // and must be included to release an object. If not included, the compiler -+ // will error that DeleterImpl does not have a method Free. -+ DeleterImpl::Free(ptr); -+ } -+}; -+ -+template -+class StackAllocated { -+ public: -+ StackAllocated() { init(&ctx_); } -+ ~StackAllocated() { cleanup(&ctx_); } -+ -+ StackAllocated(const StackAllocated &) = delete; -+ StackAllocated& operator=(const StackAllocated &) = delete; -+ -+ T *get() { return &ctx_; } -+ const T *get() const { return &ctx_; } -+ -+ T *operator->() { return &ctx_; } -+ const T *operator->() const { return &ctx_; } -+ -+ void Reset() { -+ cleanup(&ctx_); -+ init(&ctx_); -+ } -+ -+ private: -+ T ctx_; -+}; - - // template -@@ -587,38 +592,38 @@ - // T ctx_; - // }; - --// } // namespace internal -+} // namespace internal - --// #define BORINGSSL_MAKE_DELETER(type, deleter) \ --// namespace internal { \ --// template <> \ --// struct DeleterImpl { \ --// static void Free(type *ptr) { deleter(ptr); } \ --// }; \ --// } -+#define BORINGSSL_MAKE_DELETER(type, deleter) \ -+ namespace internal { \ -+ template <> \ -+ struct DeleterImpl { \ -+ static void Free(type *ptr) { deleter(ptr); } \ -+ }; \ -+ } - - // Holds ownership of heap-allocated BoringSSL structures. Sample usage: - // bssl::UniquePtr rsa(RSA_new()); - // bssl::UniquePtr bio(BIO_new(BIO_s_mem())); --// template --// using UniquePtr = std::unique_ptr>; -+template -+using UniquePtr = std::unique_ptr>; - --// #define BORINGSSL_MAKE_UP_REF(type, up_ref_func) \ --// inline UniquePtr UpRef(type *v) { \ --// if (v != nullptr) { \ --// up_ref_func(v); \ --// } \ --// return UniquePtr(v); \ --// } \ --// \ --// inline UniquePtr UpRef(const UniquePtr &ptr) { \ --// return UpRef(ptr.get()); \ --// } -+#define BORINGSSL_MAKE_UP_REF(type, up_ref_func) \ -+ inline UniquePtr UpRef(type *v) { \ -+ if (v != nullptr) { \ -+ up_ref_func(v); \ -+ } \ -+ return UniquePtr(v); \ -+ } \ -+ \ -+ inline UniquePtr UpRef(const UniquePtr &ptr) { \ -+ return UpRef(ptr.get()); \ -+ } - --// BSSL_NAMESPACE_END -+BSSL_NAMESPACE_END - --// } // extern C++ -+} // extern C++ - --// #endif // !BORINGSSL_NO_CXX -+#endif // !BORINGSSL_NO_CXX - --// #endif // OPENSSL_HEADER_BASE_H -+#endif // OPENSSL_HEADER_BASE_H diff --git a/bssl-compat/patch/include/openssl/base.h.sh b/bssl-compat/patch/include/openssl/base.h.sh new file mode 100755 index 0000000000..6acd785dcf --- /dev/null +++ b/bssl-compat/patch/include/openssl/base.h.sh @@ -0,0 +1,96 @@ +#!/bin/bash + +set -euo pipefail + +MYTMPDIR="$(mktemp -d)" +trap 'rm -rf -- "$MYTMPDIR"' EXIT + +cat > "$MYTMPDIR/extraincs" < +#include +#include +EOF + +uncomment.sh "$1" --comment -h \ + --sed "/#include\s/ e cat $MYTMPDIR/extraincs" \ + --uncomment-typedef CRYPTO_THREADID \ + --uncomment-typedef CBB \ + --uncomment-typedef CBS \ + --uncomment-typedef CRYPTO_BUFFER_POOL \ + --uncomment-typedef CRYPTO_BUFFER \ + --uncomment-typedef SSL_CLIENT_HELLO \ + --uncomment-typedef SSL_PRIVATE_KEY_METHOD \ + --uncomment-typedef ossl_ssize_t \ + --uncomment-typedef CBS_ASN1_TAG \ + --uncomment-typedef-redef ASN1_TIME \ + --uncomment-typedef-redef ASN1_ITEM \ + --uncomment-typedef-redef ASN1_OBJECT \ + --uncomment-typedef-redef ASN1_IA5STRING \ + --uncomment-typedef-redef ASN1_INTEGER \ + --uncomment-typedef-redef ASN1_OCTET_STRING \ + --uncomment-typedef-redef ASN1_STRING \ + --uncomment-typedef-redef BASIC_CONSTRAINTS \ + --uncomment-typedef-redef NAME_CONSTRAINTS \ + --uncomment-typedef-redef X509_VERIFY_PARAM \ + --uncomment-typedef-redef X509_CRL \ + --uncomment-typedef-redef X509_EXTENSION \ + --uncomment-typedef-redef X509_INFO \ + --uncomment-typedef-redef X509_NAME_ENTRY \ + --uncomment-typedef-redef X509_NAME \ + --uncomment-typedef-redef X509_PUBKEY \ + --uncomment-typedef-redef BIGNUM \ + --uncomment-typedef-redef BIO \ + --uncomment-typedef-redef BN_GENCB \ + --uncomment-typedef-redef EC_GROUP \ + --uncomment-typedef-redef EC_KEY \ + --uncomment-typedef-redef ENGINE \ + --uncomment-typedef-redef EVP_MD_CTX --sed 's/ossl_env_md_ctx_st/ossl_evp_md_ctx_st/' \ + --uncomment-typedef-redef EVP_MD --sed 's/ossl_env_md_st/ossl_evp_md_st/' \ + --uncomment-typedef-redef EVP_CIPHER_CTX \ + --uncomment-typedef-redef EVP_CIPHER \ + --uncomment-typedef-redef EVP_PKEY_CTX \ + --uncomment-typedef-redef EVP_PKEY \ + --uncomment-typedef-redef HMAC_CTX \ + --uncomment-typedef-redef RSA \ + --uncomment-typedef-redef PKCS12 --sed 's/ossl_pkcs12_st/ossl_PKCS12_st/' \ + --uncomment-typedef-redef SSL_CIPHER \ + --uncomment-typedef-redef SSL_CTX \ + --uncomment-typedef-redef SSL_METHOD \ + --uncomment-typedef-redef SSL_SESSION \ + --uncomment-typedef-redef SSL \ + --uncomment-typedef-redef X509 \ + --uncomment-typedef-redef X509_STORE_CTX \ + --uncomment-typedef-redef X509_STORE \ + --uncomment-typedef BIO_METHOD \ + --uncomment-macro BORINGSSL_UNSAFE_DETERMINISTIC_MODE \ + --uncomment-macro BORINGSSL_API_VERSION \ + --uncomment-macro OPENSSL_EXPORT \ + --uncomment-macro OPENSSL_MSVC_PRAGMA \ + --uncomment-macro OPENSSL_UNUSED \ + --uncomment-macro OPENSSL_INLINE \ + --uncomment-macro OPENSSL_ASM_INCOMPATIBLE \ + --uncomment-macro OPENSSL_NO_ASM \ + --uncomment-macro BORINGSSL_ENUM_INT \ + --uncomment-macro BORINGSSL_NO_CXX \ + --uncomment-macro OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED \ + --uncomment-macro 'OPENSSL_\(32\|64\)_BIT' \ + --uncomment-macro 'OPENSSL_\(X86_64\|X86\|AARCH64\|ARM\|MIPS\|MIPS64\|RISCV64\|PNACL\)' \ + --uncomment-macro 'OPENSSL_\(APPLE\|MACOS\|IOS\)' \ + --uncomment-macro 'OPENSSL_\(WINDOWS\|LINUX\|FUCHSIA\|TRUSTY\|ANDROID\|FREEBSD\)' \ + --uncomment-macro 'OPENSSL_\(THREADS\|IS_BORINGSSL\|VERSION_NUMBER\|\)' \ + --uncomment-macro 'OPENSSL_[ATM]SAN' \ + --uncomment-regex 'enum\s*.*\s*BORINGSSL_ENUM_INT' \ + --uncomment-regex 'namespace\s*internal\s*{' \ + --uncomment-regex '}\s*//\s*namespace\s*internal' \ + --uncomment-macro BORINGSSL_MAKE_DELETER \ + --uncomment-macro BORINGSSL_MAKE_UP_REF \ + --uncomment-macro OPENSSL_PRINTF_FORMAT_FUNC \ + --uncomment-macro BSSL_NAMESPACE_BEGIN \ + --uncomment-macro BSSL_NAMESPACE_END \ + --uncomment-regex-range 'template\s*' 'struct\s*DeleterImpl\s*\{\};' \ + --uncomment-struct Deleter \ + --uncomment-regex-range 'template\s* -+#include - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // base64 functions. -@@ -94,15 +94,15 @@ - // be needed to call |EVP_DecodeBase64| on an input of length |len|. It returns - // one on success or zero if |len| is not a valid length for a base64-encoded - // string. --// OPENSSL_EXPORT int EVP_DecodedLength(size_t *out_len, size_t len); -+OPENSSL_EXPORT int EVP_DecodedLength(size_t *out_len, size_t len); - - // EVP_DecodeBase64 decodes |in_len| bytes from base64 and writes - // |*out_len| bytes to |out|. |max_out| is the size of the output - // buffer. If it is not enough for the maximum output size, the - // operation fails. It returns one on success or zero on error. --// OPENSSL_EXPORT int EVP_DecodeBase64(uint8_t *out, size_t *out_len, --// size_t max_out, const uint8_t *in, --// size_t in_len); -+OPENSSL_EXPORT int EVP_DecodeBase64(uint8_t *out, size_t *out_len, -+ size_t max_out, const uint8_t *in, -+ size_t in_len); - - - // Deprecated functions. -@@ -191,8 +191,8 @@ - // }; - - --// #if defined(__cplusplus) --// } // extern C --// #endif -+#if defined(__cplusplus) -+} // extern C -+#endif - --// #endif // OPENSSL_HEADER_BASE64_H -+#endif // OPENSSL_HEADER_BASE64_H diff --git a/bssl-compat/patch/include/openssl/base64.h.sh b/bssl-compat/patch/include/openssl/base64.h.sh new file mode 100755 index 0000000000..074ed3799f --- /dev/null +++ b/bssl-compat/patch/include/openssl/base64.h.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --uncomment-func-decl EVP_DecodedLength \ + --uncomment-func-decl EVP_DecodeBase64 diff --git a/bssl-compat/patch/include/openssl/bio.h.patch b/bssl-compat/patch/include/openssl/bio.h.patch deleted file mode 100644 index 5dc380b626..0000000000 --- a/bssl-compat/patch/include/openssl/bio.h.patch +++ /dev/null @@ -1,329 +0,0 @@ ---- a/include/openssl/bio.h -+++ b/include/openssl/bio.h -@@ -54,22 +54,22 @@ - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - --// #ifndef OPENSSL_HEADER_BIO_H --// #define OPENSSL_HEADER_BIO_H -+#ifndef OPENSSL_HEADER_BIO_H -+#define OPENSSL_HEADER_BIO_H - --// #include -+#include - --// #include // For FILE -+#include // For FILE - --// #include --// #include // for ERR_print_errors_fp --// #include --// #include --// #include -- --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#include -+#include // for ERR_print_errors_fp -+#include -+#include -+#include -+ -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // BIO abstracts over a file-descriptor like interface. -@@ -81,7 +81,7 @@ - - // BIO_new creates a new BIO with the given method and a reference count of one. - // It returns the fresh |BIO|, or NULL on error. --// OPENSSL_EXPORT BIO *BIO_new(const BIO_METHOD *method); -+OPENSSL_EXPORT BIO *BIO_new(const BIO_METHOD *method); - - // BIO_free decrements the reference count of |bio|. If the reference count - // drops to zero, it calls the destroy callback, if present, on the method and -@@ -89,7 +89,7 @@ - // any. - // - // It returns one on success or zero otherwise. --// OPENSSL_EXPORT int BIO_free(BIO *bio); -+OPENSSL_EXPORT int BIO_free(BIO *bio); - - // BIO_vfree performs the same actions as |BIO_free|, but has a void return - // value. This is provided for API-compat. -@@ -98,14 +98,14 @@ - // OPENSSL_EXPORT void BIO_vfree(BIO *bio); - - // BIO_up_ref increments the reference count of |bio| and returns one. --// OPENSSL_EXPORT int BIO_up_ref(BIO *bio); -+OPENSSL_EXPORT int BIO_up_ref(BIO *bio); - - - // Basic I/O. - - // BIO_read attempts to read |len| bytes into |data|. It returns the number of - // bytes read, zero on EOF, or a negative number on error. --// OPENSSL_EXPORT int BIO_read(BIO *bio, void *data, int len); -+OPENSSL_EXPORT int BIO_read(BIO *bio, void *data, int len); - - // BIO_gets "reads a line" from |bio| and puts at most |size| bytes into |buf|. - // It returns the number of bytes read or a negative number on error. The -@@ -119,7 +119,7 @@ - - // BIO_write writes |len| bytes from |data| to |bio|. It returns the number of - // bytes written or a negative number on error. --// OPENSSL_EXPORT int BIO_write(BIO *bio, const void *data, int len); -+OPENSSL_EXPORT int BIO_write(BIO *bio, const void *data, int len); - - // BIO_write_all writes |len| bytes from |data| to |bio|, looping as necessary. - // It returns one if all bytes were successfully written and zero on error. -@@ -127,7 +127,7 @@ - - // BIO_puts writes a NUL terminated string from |buf| to |bio|. It returns the - // number of bytes written or a negative number on error. --// OPENSSL_EXPORT int BIO_puts(BIO *bio, const char *buf); -+OPENSSL_EXPORT int BIO_puts(BIO *bio, const char *buf); - - // BIO_flush flushes any buffered output. It returns one on success and zero - // otherwise. -@@ -155,7 +155,7 @@ - // BIO_reset resets |bio| to its initial state, the precise meaning of which - // depends on the concrete type of |bio|. It returns one on success and zero - // otherwise. --// OPENSSL_EXPORT int BIO_reset(BIO *bio); -+OPENSSL_EXPORT int BIO_reset(BIO *bio); - - // BIO_eof returns non-zero when |bio| has reached end-of-file. The precise - // meaning of which depends on the concrete type of |bio|. Note that in the -@@ -171,12 +171,12 @@ - // BIO_should_read returns non-zero if |bio| encountered a temporary error - // while reading (i.e. EAGAIN), indicating that the caller should retry the - // read. --// OPENSSL_EXPORT int BIO_should_read(const BIO *bio); -+OPENSSL_EXPORT int BIO_should_read(const BIO *bio); - - // BIO_should_write returns non-zero if |bio| encountered a temporary error - // while writing (i.e. EAGAIN), indicating that the caller should retry the - // write. --// OPENSSL_EXPORT int BIO_should_write(const BIO *bio); -+OPENSSL_EXPORT int BIO_should_write(const BIO *bio); - - // BIO_should_retry returns non-zero if the reason that caused a failed I/O - // operation is temporary and thus the operation should be retried. Otherwise, -@@ -208,11 +208,11 @@ - - // BIO_set_retry_read sets the |BIO_FLAGS_READ| and |BIO_FLAGS_SHOULD_RETRY| - // flags on |bio|. --// OPENSSL_EXPORT void BIO_set_retry_read(BIO *bio); -+OPENSSL_EXPORT void BIO_set_retry_read(BIO *bio); - - // BIO_set_retry_write sets the |BIO_FLAGS_WRITE| and |BIO_FLAGS_SHOULD_RETRY| - // flags on |bio|. --// OPENSSL_EXPORT void BIO_set_retry_write(BIO *bio); -+OPENSSL_EXPORT void BIO_set_retry_write(BIO *bio); - - // BIO_get_retry_flags gets the |BIO_FLAGS_READ|, |BIO_FLAGS_WRITE|, - // |BIO_FLAGS_IO_SPECIAL| and |BIO_FLAGS_SHOULD_RETRY| flags from |bio|. -@@ -220,7 +220,7 @@ - - // BIO_clear_retry_flags clears the |BIO_FLAGS_READ|, |BIO_FLAGS_WRITE|, - // |BIO_FLAGS_IO_SPECIAL| and |BIO_FLAGS_SHOULD_RETRY| flags from |bio|. --// OPENSSL_EXPORT void BIO_clear_retry_flags(BIO *bio); -+OPENSSL_EXPORT void BIO_clear_retry_flags(BIO *bio); - - // BIO_method_type returns the type of |bio|, which is one of the |BIO_TYPE_*| - // values. -@@ -243,8 +243,8 @@ - // with |BIO_CB_RETURN| if the callback is being made after the operation in - // question. In that case, |return_value| will contain the return value from - // the operation. --// typedef long (*bio_info_cb)(BIO *bio, int event, const char *parg, int cmd, --// long larg, long return_value); -+typedef long (*bio_info_cb)(BIO *bio, int event, const char *parg, int cmd, -+ long larg, long return_value); - - // BIO_callback_ctrl allows the callback function to be manipulated. The |cmd| - // arg will generally be |BIO_CTRL_SET_CALLBACK| but arbitrary command values -@@ -317,8 +317,8 @@ - - // BIO_printf behaves like |printf| but outputs to |bio| rather than a |FILE|. - // It returns the number of bytes written or a negative number on error. --// OPENSSL_EXPORT int BIO_printf(BIO *bio, const char *format, ...) --// OPENSSL_PRINTF_FORMAT_FUNC(2, 3); -+OPENSSL_EXPORT int BIO_printf(BIO *bio, const char *format, ...) -+ OPENSSL_PRINTF_FORMAT_FUNC(2, 3); - - - // Utility functions. -@@ -348,8 +348,8 @@ - // - // If the function fails then some unknown amount of data may have been read - // from |bio|. --// OPENSSL_EXPORT int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len, --// size_t max_len); -+OPENSSL_EXPORT int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len, -+ size_t max_len); - - - // Memory BIOs. -@@ -374,7 +374,7 @@ - // #define BIO_CLOSE 1 - - // BIO_s_mem returns a |BIO_METHOD| that uses a in-memory buffer. --// OPENSSL_EXPORT const BIO_METHOD *BIO_s_mem(void); -+OPENSSL_EXPORT const BIO_METHOD *BIO_s_mem(void); - - // BIO_new_mem_buf creates read-only BIO that reads from |len| bytes at |buf|. - // It returns the BIO or NULL on error. This function does not copy or take -@@ -383,14 +383,14 @@ - // - // If |len| is negative, then |buf| is treated as a NUL-terminated string, but - // don't depend on this in new code. --// OPENSSL_EXPORT BIO *BIO_new_mem_buf(const void *buf, int len); -+OPENSSL_EXPORT BIO *BIO_new_mem_buf(const void *buf, int len); - - // BIO_mem_contents sets |*out_contents| to point to the current contents of - // |bio| and |*out_len| to contain the length of that data. It returns one on - // success and zero otherwise. --// OPENSSL_EXPORT int BIO_mem_contents(const BIO *bio, --// const uint8_t **out_contents, --// size_t *out_len); -+OPENSSL_EXPORT int BIO_mem_contents(const BIO *bio, -+ const uint8_t **out_contents, -+ size_t *out_len); - - // BIO_get_mem_data sets |*contents| to point to the current contents of |bio| - // and returns the length of the data. -@@ -419,7 +419,7 @@ - // - // For a read-only BIO, the default is zero (EOF). For a writable BIO, the - // default is -1 so that additional data can be written once exhausted. --// OPENSSL_EXPORT int BIO_set_mem_eof_return(BIO *bio, int eof_value); -+OPENSSL_EXPORT int BIO_set_mem_eof_return(BIO *bio, int eof_value); - - - // File descriptor BIOs. -@@ -561,7 +561,7 @@ - // be provided with |BIO_set_conn_port|. - // - // It returns the new BIO on success, or NULL on error. --// OPENSSL_EXPORT BIO *BIO_new_connect(const char *host_and_optional_port); -+OPENSSL_EXPORT BIO *BIO_new_connect(const char *host_and_optional_port); - - // BIO_set_conn_hostname sets |host_and_optional_port| as the hostname and - // optional port that |bio| will connect to. If the port is omitted, it must be -@@ -617,22 +617,22 @@ - // data written to one can be read from the other and vice versa. The - // |writebuf1| argument gives the size of the buffer used in |*out1| and - // |writebuf2| for |*out2|. It returns one on success and zero on error. --// OPENSSL_EXPORT int BIO_new_bio_pair(BIO **out1, size_t writebuf1, BIO **out2, --// size_t writebuf2); -+OPENSSL_EXPORT int BIO_new_bio_pair(BIO **out1, size_t writebuf1, BIO **out2, -+ size_t writebuf2); - - // BIO_ctrl_get_read_request returns the number of bytes that the other side of - // |bio| tried (unsuccessfully) to read. --// OPENSSL_EXPORT size_t BIO_ctrl_get_read_request(BIO *bio); -+OPENSSL_EXPORT size_t BIO_ctrl_get_read_request(BIO *bio); - - // BIO_ctrl_get_write_guarantee returns the number of bytes that |bio| (which - // must have been returned by |BIO_new_bio_pair|) will accept on the next - // |BIO_write| call. --// OPENSSL_EXPORT size_t BIO_ctrl_get_write_guarantee(BIO *bio); -+OPENSSL_EXPORT size_t BIO_ctrl_get_write_guarantee(BIO *bio); - - // BIO_shutdown_wr marks |bio| as closed, from the point of view of the other - // side of the pair. Future |BIO_write| calls on |bio| will fail. It returns - // one on success and zero otherwise. --// OPENSSL_EXPORT int BIO_shutdown_wr(BIO *bio); -+OPENSSL_EXPORT int BIO_shutdown_wr(BIO *bio); - - - // Custom BIOs. -@@ -793,10 +793,10 @@ - - // These are the 'types' of BIOs - // #define BIO_TYPE_NONE 0 --// #define BIO_TYPE_MEM (1 | 0x0400) -+#define BIO_TYPE_MEM (1 | 0x0400) - // #define BIO_TYPE_FILE (2 | 0x0400) - // #define BIO_TYPE_FD (4 | 0x0400 | 0x0100) --// #define BIO_TYPE_SOCKET (5 | 0x0400 | 0x0100) -+#define BIO_TYPE_SOCKET (5 | 0x0400 | 0x0100) - // #define BIO_TYPE_NULL (6 | 0x0400) - // #define BIO_TYPE_SSL (7 | 0x0200) - // #define BIO_TYPE_MD (8 | 0x0200) // passive filter -@@ -826,19 +826,19 @@ - // flag bits aside, may exceed this value. - // #define BIO_TYPE_START 128 - --// struct bio_method_st { --// int type; --// const char *name; --// int (*bwrite)(BIO *, const char *, int); --// int (*bread)(BIO *, char *, int); --// // TODO(fork): remove bputs. --// int (*bputs)(BIO *, const char *); --// int (*bgets)(BIO *, char *, int); --// long (*ctrl)(BIO *, int, long, void *); --// int (*create)(BIO *); --// int (*destroy)(BIO *); --// long (*callback_ctrl)(BIO *, int, bio_info_cb); --// }; -+struct bio_method_st { -+ int type; -+ const char *name; -+ int (*bwrite)(BIO *, const char *, int); -+ int (*bread)(BIO *, char *, int); -+ // TODO(fork): remove bputs. -+ int (*bputs)(BIO *, const char *); -+ int (*bgets)(BIO *, char *, int); -+ long (*ctrl)(BIO *, int, long, void *); -+ int (*create)(BIO *); -+ int (*destroy)(BIO *); -+ long (*callback_ctrl)(BIO *, int, bio_info_cb); -+}; - - // struct bio_st { - // const BIO_METHOD *method; -@@ -920,22 +920,22 @@ - // #define BIO_C_GET_EX_ARG 154 - - --// #if defined(__cplusplus) --// } // extern C -+#if defined(__cplusplus) -+} // extern C - --// extern "C++" { -+extern "C++" { - --// BSSL_NAMESPACE_BEGIN -+BSSL_NAMESPACE_BEGIN - --// BORINGSSL_MAKE_DELETER(BIO, BIO_free) --// BORINGSSL_MAKE_UP_REF(BIO, BIO_up_ref) -+BORINGSSL_MAKE_DELETER(BIO, BIO_free) -+BORINGSSL_MAKE_UP_REF(BIO, BIO_up_ref) - // BORINGSSL_MAKE_DELETER(BIO_METHOD, BIO_meth_free) - --// BSSL_NAMESPACE_END -+BSSL_NAMESPACE_END - --// } // extern C++ -+} // extern C++ - --// #endif -+#endif - - #ifdef ossl_BIO_R_BAD_FOPEN_MODE - #define BIO_R_BAD_FOPEN_MODE ossl_BIO_R_BAD_FOPEN_MODE -@@ -989,4 +989,4 @@ - #define BIO_R_WRITE_TO_READ_ONLY_BIO ossl_BIO_R_WRITE_TO_READ_ONLY_BIO - #endif - --// #endif // OPENSSL_HEADER_BIO_H -+#endif // OPENSSL_HEADER_BIO_H diff --git a/bssl-compat/patch/include/openssl/bio.h.sh b/bssl-compat/patch/include/openssl/bio.h.sh index 0ea9cb4cf7..d82562f7a9 100755 --- a/bssl-compat/patch/include/openssl/bio.h.sh +++ b/bssl-compat/patch/include/openssl/bio.h.sh @@ -1,4 +1,36 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(BIO_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --uncomment-macro-redef 'BIO_R_[[:alnum:]_]*' \ + --uncomment-struct bio_method_st \ + --uncomment-typedef bio_info_cb \ + --uncomment-func-decl BIO_new \ + --uncomment-func-decl BIO_free \ + --uncomment-func-decl BIO_up_ref \ + --uncomment-func-decl BIO_read \ + --uncomment-func-decl BIO_write \ + --uncomment-func-decl BIO_puts \ + --uncomment-func-decl BIO_reset \ + --uncomment-func-decl BIO_should_read \ + --uncomment-func-decl BIO_should_write \ + --uncomment-func-decl BIO_set_retry_read \ + --uncomment-func-decl BIO_set_retry_write \ + --uncomment-func-decl BIO_clear_retry_flags \ + --uncomment-func-decl BIO_printf \ + --uncomment-func-decl BIO_read_asn1 \ + --uncomment-func-decl BIO_s_mem \ + --uncomment-func-decl BIO_new_mem_buf \ + --uncomment-func-decl BIO_mem_contents \ + --uncomment-func-decl BIO_set_mem_eof_return \ + --uncomment-func-decl BIO_new_connect \ + --uncomment-func-decl BIO_new_bio_pair \ + --uncomment-func-decl BIO_ctrl_get_read_request \ + --uncomment-func-decl BIO_ctrl_get_write_guarantee \ + --uncomment-func-decl BIO_shutdown_wr \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(BIO,' \ + --uncomment-regex 'BORINGSSL_MAKE_UP_REF(BIO,' \ + --uncomment-macro BIO_TYPE_MEM \ + --uncomment-macro BIO_TYPE_SOCKET diff --git a/bssl-compat/patch/include/openssl/bn.h.patch b/bssl-compat/patch/include/openssl/bn.h.patch deleted file mode 100644 index 1888deafe9..0000000000 --- a/bssl-compat/patch/include/openssl/bn.h.patch +++ /dev/null @@ -1,196 +0,0 @@ ---- a/include/openssl/bn.h -+++ b/include/openssl/bn.h -@@ -120,18 +120,20 @@ - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems - * Laboratories. */ - --// #ifndef OPENSSL_HEADER_BN_H --// #define OPENSSL_HEADER_BN_H -+#ifndef OPENSSL_HEADER_BN_H -+#define OPENSSL_HEADER_BN_H - --// #include --// #include -+#include -+#include - --// #include // for PRIu64 and friends --// #include // for FILE* -+#include // for PRIu64 and friends -+#include // for FILE* - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#include -+ -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // BN provides support for working with arbitrary sized integers. For example, -@@ -147,36 +149,36 @@ - // this is a public header, bn.h does not define |__STDC_FORMAT_MACROS| itself. - // Projects which use |BN_*_FMT*| with outdated C headers may need to define it - // externally. --// #if defined(OPENSSL_64_BIT) --// typedef uint64_t BN_ULONG; --// #define BN_BITS2 64 --// #define BN_DEC_FMT1 "%" PRIu64 --// #define BN_DEC_FMT2 "%019" PRIu64 --// #define BN_HEX_FMT1 "%" PRIx64 --// #define BN_HEX_FMT2 "%016" PRIx64 --// #elif defined(OPENSSL_32_BIT) --// typedef uint32_t BN_ULONG; --// #define BN_BITS2 32 --// #define BN_DEC_FMT1 "%" PRIu32 --// #define BN_DEC_FMT2 "%09" PRIu32 --// #define BN_HEX_FMT1 "%" PRIx32 --// #define BN_HEX_FMT2 "%08" PRIx32 --// #else --// #error "Must define either OPENSSL_32_BIT or OPENSSL_64_BIT" --// #endif -+#if defined(OPENSSL_64_BIT) -+typedef uint64_t BN_ULONG; -+#define BN_BITS2 64 -+#define BN_DEC_FMT1 "%" PRIu64 -+#define BN_DEC_FMT2 "%019" PRIu64 -+#define BN_HEX_FMT1 "%" PRIx64 -+#define BN_HEX_FMT2 "%016" PRIx64 -+#elif defined(OPENSSL_32_BIT) -+typedef uint32_t BN_ULONG; -+#define BN_BITS2 32 -+#define BN_DEC_FMT1 "%" PRIu32 -+#define BN_DEC_FMT2 "%09" PRIu32 -+#define BN_HEX_FMT1 "%" PRIx32 -+#define BN_HEX_FMT2 "%08" PRIx32 -+#else -+#error "Must define either OPENSSL_32_BIT or OPENSSL_64_BIT" -+#endif - - - // Allocation and freeing. - - // BN_new creates a new, allocated BIGNUM and initialises it. --// OPENSSL_EXPORT BIGNUM *BN_new(void); -+OPENSSL_EXPORT BIGNUM *BN_new(void); - - // BN_init initialises a stack allocated |BIGNUM|. - // OPENSSL_EXPORT void BN_init(BIGNUM *bn); - - // BN_free frees the data referenced by |bn| and, if |bn| was originally - // allocated on the heap, frees |bn| also. --// OPENSSL_EXPORT void BN_free(BIGNUM *bn); -+OPENSSL_EXPORT void BN_free(BIGNUM *bn); - - // BN_clear_free erases and frees the data referenced by |bn| and, if |bn| was - // originally allocated on the heap, frees |bn| also. -@@ -184,7 +186,7 @@ - - // BN_dup allocates a new BIGNUM and sets it equal to |src|. It returns the - // allocated BIGNUM on success or NULL otherwise. --// OPENSSL_EXPORT BIGNUM *BN_dup(const BIGNUM *src); -+OPENSSL_EXPORT BIGNUM *BN_dup(const BIGNUM *src); - - // BN_copy sets |dest| equal to |src| and returns |dest| or NULL on allocation - // failure. -@@ -201,7 +203,7 @@ - - // BN_num_bits returns the minimum number of bits needed to represent the - // absolute value of |bn|. --// OPENSSL_EXPORT unsigned BN_num_bits(const BIGNUM *bn); -+OPENSSL_EXPORT unsigned BN_num_bits(const BIGNUM *bn); - - // BN_num_bytes returns the minimum number of bytes needed to represent the - // absolute value of |bn|. -@@ -216,7 +218,7 @@ - - // BN_set_word sets |bn| to |value|. It returns one on success or zero on - // allocation failure. --// OPENSSL_EXPORT int BN_set_word(BIGNUM *bn, BN_ULONG value); -+OPENSSL_EXPORT int BN_set_word(BIGNUM *bn, BN_ULONG value); - - // BN_set_u64 sets |bn| to |value|. It returns one on success or zero on - // allocation failure. -@@ -267,7 +269,7 @@ - // BN_bn2hex returns an allocated string that contains a NUL-terminated, hex - // representation of |bn|. If |bn| is negative, the first char in the resulting - // string will be '-'. Returns NULL on allocation failure. --// OPENSSL_EXPORT char *BN_bn2hex(const BIGNUM *bn); -+OPENSSL_EXPORT char *BN_bn2hex(const BIGNUM *bn); - - // BN_hex2bn parses the leading hex number from |in|, which may be proceeded by - // a '-' to indicate a negative number and may contain trailing, non-hex data. -@@ -275,7 +277,7 @@ - // stores it in |*outp|. If |*outp| is NULL then it allocates a new BIGNUM and - // updates |*outp|. It returns the number of bytes of |in| processed or zero on - // error. --// OPENSSL_EXPORT int BN_hex2bn(BIGNUM **outp, const char *in); -+OPENSSL_EXPORT int BN_hex2bn(BIGNUM **outp, const char *in); - - // BN_bn2dec returns an allocated string that contains a NUL-terminated, - // decimal representation of |bn|. If |bn| is negative, the first char in the -@@ -374,7 +376,7 @@ - // OPENSSL_EXPORT int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); - - // BN_add_word adds |w| to |a|. It returns one on success and zero otherwise. --// OPENSSL_EXPORT int BN_add_word(BIGNUM *a, BN_ULONG w); -+OPENSSL_EXPORT int BN_add_word(BIGNUM *a, BN_ULONG w); - - // BN_sub sets |r| = |a| - |b|, where |r| may be the same pointer as either |a| - // or |b|. It returns one on success and zero on allocation failure. -@@ -436,7 +438,7 @@ - // BN_ucmp returns a value less than, equal to or greater than zero if the - // absolute value of |a| is less than, equal to or greater than the absolute - // value of |b|, respectively. --// OPENSSL_EXPORT int BN_ucmp(const BIGNUM *a, const BIGNUM *b); -+OPENSSL_EXPORT int BN_ucmp(const BIGNUM *a, const BIGNUM *b); - - // BN_equal_consttime returns one if |a| is equal to |b|, and zero otherwise. - // It takes an amount of time dependent on the sizes of |a| and |b|, but -@@ -1018,15 +1020,15 @@ - // directly. - - --// #if defined(__cplusplus) --// } // extern C -+#if defined(__cplusplus) -+} // extern C - --// #if !defined(BORINGSSL_NO_CXX) --// extern "C++" { -+#if !defined(BORINGSSL_NO_CXX) -+extern "C++" { - --// BSSL_NAMESPACE_BEGIN -+BSSL_NAMESPACE_BEGIN - --// BORINGSSL_MAKE_DELETER(BIGNUM, BN_free) -+BORINGSSL_MAKE_DELETER(BIGNUM, BN_free) - // BORINGSSL_MAKE_DELETER(BN_CTX, BN_CTX_free) - // BORINGSSL_MAKE_DELETER(BN_MONT_CTX, BN_MONT_CTX_free) - -@@ -1042,12 +1044,12 @@ - // BN_CTXScope &operator=(BN_CTXScope &) = delete; - // }; - --// BSSL_NAMESPACE_END -+BSSL_NAMESPACE_END - --// } // extern C++ --// #endif -+} // extern C++ -+#endif - --// #endif -+#endif - - #ifdef ossl_BN_R_ARG2_LT_ARG3 - #define BN_R_ARG2_LT_ARG3 ossl_BN_R_ARG2_LT_ARG3 -@@ -1110,4 +1112,4 @@ - #define BN_R_INVALID_INPUT ossl_BN_R_INVALID_INPUT - #endif - --// #endif // OPENSSL_HEADER_BN_H -+#endif // OPENSSL_HEADER_BN_H diff --git a/bssl-compat/patch/include/openssl/bn.h.sh b/bssl-compat/patch/include/openssl/bn.h.sh index ad9ba72d4f..eac5d56098 100755 --- a/bssl-compat/patch/include/openssl/bn.h.sh +++ b/bssl-compat/patch/include/openssl/bn.h.sh @@ -1,4 +1,20 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(BN_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail +uncomment.sh "$1" --comment -h \ + --sed '/stdio\.h/a#include ' \ + --uncomment-macro-redef 'BN_R_[a-zA-Z0-9_]*' \ + --uncomment-typedef BN_ULONG \ + --uncomment-macro BN_BITS2 \ + --uncomment-macro 'BN_\(DEC\|HEX\)_FMT[12]' \ + --uncomment-func-decl BN_new \ + --uncomment-func-decl BN_free \ + --uncomment-func-decl BN_dup \ + --uncomment-func-decl BN_num_bits \ + --uncomment-func-decl BN_set_word \ + --uncomment-func-decl BN_bn2hex \ + --uncomment-func-decl BN_hex2bn \ + --uncomment-func-decl BN_add_word \ + --uncomment-func-decl BN_ucmp \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(BIGNUM' \ diff --git a/bssl-compat/patch/include/openssl/buf.h.sh b/bssl-compat/patch/include/openssl/buf.h.sh index 7a9865a501..78af45552a 100755 --- a/bssl-compat/patch/include/openssl/buf.h.sh +++ b/bssl-compat/patch/include/openssl/buf.h.sh @@ -1,4 +1,6 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(BUF_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail + +uncomment.sh "$1" --comment -h diff --git a/bssl-compat/patch/include/openssl/bytestring.h.patch b/bssl-compat/patch/include/openssl/bytestring.h.patch deleted file mode 100644 index 0f1cd516e0..0000000000 --- a/bssl-compat/patch/include/openssl/bytestring.h.patch +++ /dev/null @@ -1,311 +0,0 @@ ---- a/include/openssl/bytestring.h -+++ b/include/openssl/bytestring.h -@@ -12,17 +12,17 @@ - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - --// #ifndef OPENSSL_HEADER_BYTESTRING_H --// #define OPENSSL_HEADER_BYTESTRING_H -+#ifndef OPENSSL_HEADER_BYTESTRING_H -+#define OPENSSL_HEADER_BYTESTRING_H - --// #include -+#include - --// #include --// #include -+#include -+#include - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // Bytestrings are used for parsing and building TLS and ASN.1 messages. -@@ -37,38 +37,38 @@ - - // CRYPTO ByteString - --// struct cbs_st { --// const uint8_t *data; --// size_t len; -- --// #if !defined(BORINGSSL_NO_CXX) --// // Allow implicit conversions to and from bssl::Span. --// cbs_st(bssl::Span span) --// : data(span.data()), len(span.size()) {} --// operator bssl::Span() const { --// return bssl::MakeConstSpan(data, len); --// } -- --// // Defining any constructors requires we explicitly default the others. --// cbs_st() = default; --// cbs_st(const cbs_st &) = default; --// cbs_st &operator=(const cbs_st &) = default; --// #endif --// }; -+struct cbs_st { -+ const uint8_t *data; -+ size_t len; -+ -+#if !defined(BORINGSSL_NO_CXX) -+ // Allow implicit conversions to and from bssl::Span. -+ cbs_st(bssl::Span span) -+ : data(span.data()), len(span.size()) {} -+ operator bssl::Span() const { -+ return bssl::MakeConstSpan(data, len); -+ } -+ -+ // Defining any constructors requires we explicitly default the others. -+ cbs_st() = default; -+ cbs_st(const cbs_st &) = default; -+ cbs_st &operator=(const cbs_st &) = default; -+#endif -+}; - - // CBS_init sets |cbs| to point to |data|. It does not take ownership of - // |data|. --// OPENSSL_EXPORT void CBS_init(CBS *cbs, const uint8_t *data, size_t len); -+OPENSSL_EXPORT void CBS_init(CBS *cbs, const uint8_t *data, size_t len); - - // CBS_skip advances |cbs| by |len| bytes. It returns one on success and zero - // otherwise. --// OPENSSL_EXPORT int CBS_skip(CBS *cbs, size_t len); -+OPENSSL_EXPORT int CBS_skip(CBS *cbs, size_t len); - --// CBS_data returns a pointer to the contents of |cbs|. --// OPENSSL_EXPORT const uint8_t *CBS_data(const CBS *cbs); -+// CBS_data returns a pointer to the contents of |cbs|. -+OPENSSL_EXPORT const uint8_t *CBS_data(const CBS *cbs); - - // CBS_len returns the number of bytes remaining in |cbs|. --// OPENSSL_EXPORT size_t CBS_len(const CBS *cbs); -+OPENSSL_EXPORT size_t CBS_len(const CBS *cbs); - - // CBS_stow copies the current contents of |cbs| into |*out_ptr| and - // |*out_len|. If |*out_ptr| is not NULL, the contents are freed with -@@ -98,11 +98,11 @@ - - // CBS_get_u8 sets |*out| to the next uint8_t from |cbs| and advances |cbs|. It - // returns one on success and zero on error. --// OPENSSL_EXPORT int CBS_get_u8(CBS *cbs, uint8_t *out); -+OPENSSL_EXPORT int CBS_get_u8(CBS *cbs, uint8_t *out); - - // CBS_get_u16 sets |*out| to the next, big-endian uint16_t from |cbs| and - // advances |cbs|. It returns one on success and zero on error. --// OPENSSL_EXPORT int CBS_get_u16(CBS *cbs, uint16_t *out); -+OPENSSL_EXPORT int CBS_get_u16(CBS *cbs, uint16_t *out); - - // CBS_get_u16le sets |*out| to the next, little-endian uint16_t from |cbs| and - // advances |cbs|. It returns one on success and zero on error. -@@ -148,7 +148,7 @@ - // CBS_get_u16_length_prefixed sets |*out| to the contents of a 16-bit, - // big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It - // returns one on success and zero on error. --// OPENSSL_EXPORT int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out); -+OPENSSL_EXPORT int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out); - - // CBS_get_u24_length_prefixed sets |*out| to the contents of a 24-bit, - // big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It -@@ -183,7 +183,7 @@ - - // CBS_ASN1_TAG_SHIFT is how much the in-memory representation shifts the class - // and constructed bits from the DER serialization. --// #define CBS_ASN1_TAG_SHIFT 24 -+#define CBS_ASN1_TAG_SHIFT 24 - - // CBS_ASN1_CONSTRUCTED may be ORed into a tag to set the constructed bit. - // #define CBS_ASN1_CONSTRUCTED (0x20u << CBS_ASN1_TAG_SHIFT) -@@ -200,12 +200,12 @@ - // #define CBS_ASN1_CLASS_MASK (0xc0u << CBS_ASN1_TAG_SHIFT) - - // CBS_ASN1_TAG_NUMBER_MASK may be ANDed with a tag to query its number. --// #define CBS_ASN1_TAG_NUMBER_MASK ((1u << (5 + CBS_ASN1_TAG_SHIFT)) - 1) -+#define CBS_ASN1_TAG_NUMBER_MASK ((1u << (5 + CBS_ASN1_TAG_SHIFT)) - 1) - - // The following values are constants for UNIVERSAL tags. Note these constants - // include the constructed bit. - // #define CBS_ASN1_BOOLEAN 0x1u --// #define CBS_ASN1_INTEGER 0x2u -+#define CBS_ASN1_INTEGER 0x2u - // #define CBS_ASN1_BITSTRING 0x3u - // #define CBS_ASN1_OCTETSTRING 0x4u - // #define CBS_ASN1_NULL 0x5u -@@ -389,42 +389,42 @@ - // going out of scope, use |CBB_flush|. If an operation on a |CBB| fails, it is - // in an undefined state and must not be used except to call |CBB_cleanup|. - --// struct cbb_buffer_st { --// uint8_t *buf; --// size_t len; // The number of valid bytes. --// size_t cap; // The size of buf. --// char can_resize; /* One iff |buf| is owned by this object. If not then |buf| --// cannot be resized. */ --// char error; /* One iff there was an error writing to this CBB. All future --// operations will fail. */ --// }; -- --// struct cbb_st { --// struct cbb_buffer_st *base; --// // child points to a child CBB if a length-prefix is pending. --// CBB *child; --// // offset is the number of bytes from the start of |base->buf| to this |CBB|'s --// // pending length prefix. --// size_t offset; --// // pending_len_len contains the number of bytes in this |CBB|'s pending --// // length-prefix, or zero if no length-prefix is pending. --// uint8_t pending_len_len; --// char pending_is_asn1; --// // is_child is true iff this is a child |CBB| (as opposed to a top-level --// // |CBB|). Top-level objects are valid arguments for |CBB_finish|. --// char is_child; --// }; -+struct cbb_buffer_st { -+ uint8_t *buf; -+ size_t len; // The number of valid bytes. -+ size_t cap; // The size of buf. -+ char can_resize; /* One iff |buf| is owned by this object. If not then |buf| -+ cannot be resized. */ -+ char error; /* One iff there was an error writing to this CBB. All future -+ operations will fail. */ -+}; -+ -+struct cbb_st { -+ struct cbb_buffer_st *base; -+ // child points to a child CBB if a length-prefix is pending. -+ CBB *child; -+ // offset is the number of bytes from the start of |base->buf| to this |CBB|'s -+ // pending length prefix. -+ size_t offset; -+ // pending_len_len contains the number of bytes in this |CBB|'s pending -+ // length-prefix, or zero if no length-prefix is pending. -+ uint8_t pending_len_len; -+ char pending_is_asn1; -+ // is_child is true iff this is a child |CBB| (as opposed to a top-level -+ // |CBB|). Top-level objects are valid arguments for |CBB_finish|. -+ char is_child; -+}; - - // CBB_zero sets an uninitialised |cbb| to the zero state. It must be - // initialised with |CBB_init| or |CBB_init_fixed| before use, but it is safe to - // call |CBB_cleanup| without a successful |CBB_init|. This may be used for more - // uniform cleanup of a |CBB|. --// OPENSSL_EXPORT void CBB_zero(CBB *cbb); -+OPENSSL_EXPORT void CBB_zero(CBB *cbb); - - // CBB_init initialises |cbb| with |initial_capacity|. Since a |CBB| grows as - // needed, the |initial_capacity| is just a hint. It returns one on success or - // zero on allocation failure. --// OPENSSL_EXPORT int CBB_init(CBB *cbb, size_t initial_capacity); -+OPENSSL_EXPORT int CBB_init(CBB *cbb, size_t initial_capacity); - - // CBB_init_fixed initialises |cbb| to write to |len| bytes at |buf|. Since - // |buf| cannot grow, trying to write more than |len| bytes will cause CBB -@@ -438,7 +438,7 @@ - // This function can only be called on a "top level" |CBB|, i.e. one initialised - // with |CBB_init| or |CBB_init_fixed|, or a |CBB| set to the zero state with - // |CBB_zero|. --// OPENSSL_EXPORT void CBB_cleanup(CBB *cbb); -+OPENSSL_EXPORT void CBB_cleanup(CBB *cbb); - - // CBB_finish completes any pending length prefix and sets |*out_data| to a - // malloced buffer and |*out_len| to the length of that buffer. The caller -@@ -448,28 +448,28 @@ - // It can only be called on a "top level" |CBB|, i.e. one initialised with - // |CBB_init| or |CBB_init_fixed|. It returns one on success and zero on - // error. --// OPENSSL_EXPORT int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len); -+OPENSSL_EXPORT int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len); - - // CBB_flush causes any pending length prefixes to be written out and any child - // |CBB| objects of |cbb| to be invalidated. This allows |cbb| to continue to be - // used after the children go out of scope, e.g. when local |CBB| objects are - // added as children to a |CBB| that persists after a function returns. This - // function returns one on success or zero on error. --// OPENSSL_EXPORT int CBB_flush(CBB *cbb); -+OPENSSL_EXPORT int CBB_flush(CBB *cbb); - - // CBB_data returns a pointer to the bytes written to |cbb|. It does not flush - // |cbb|. The pointer is valid until the next operation to |cbb|. - // - // To avoid unfinalized length prefixes, it is a fatal error to call this on a - // CBB with any active children. --// OPENSSL_EXPORT const uint8_t *CBB_data(const CBB *cbb); -+OPENSSL_EXPORT const uint8_t *CBB_data(const CBB *cbb); - - // CBB_len returns the number of bytes written to |cbb|. It does not flush - // |cbb|. - // - // To avoid unfinalized length prefixes, it is a fatal error to call this on a - // CBB with any active children. --// OPENSSL_EXPORT size_t CBB_len(const CBB *cbb); -+OPENSSL_EXPORT size_t CBB_len(const CBB *cbb); - - // CBB_add_u8_length_prefixed sets |*out_contents| to a new child of |cbb|. The - // data written to |*out_contents| will be prefixed in |cbb| with an 8-bit -@@ -489,11 +489,11 @@ - // CBB_add_asn1 sets |*out_contents| to a |CBB| into which the contents of an - // ASN.1 object can be written. The |tag| argument will be used as the tag for - // the object. It returns one on success or zero on error. --// OPENSSL_EXPORT int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned tag); -+OPENSSL_EXPORT int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned tag); - - // CBB_add_bytes appends |len| bytes from |data| to |cbb|. It returns one on - // success and zero otherwise. --// OPENSSL_EXPORT int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len); -+OPENSSL_EXPORT int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len); - - // CBB_add_zeros append |len| bytes with value zero to |cbb|. It returns one on - // success and zero otherwise. -@@ -518,11 +518,11 @@ - - // CBB_add_u8 appends an 8-bit number from |value| to |cbb|. It returns one on - // success and zero otherwise. --// OPENSSL_EXPORT int CBB_add_u8(CBB *cbb, uint8_t value); -+OPENSSL_EXPORT int CBB_add_u8(CBB *cbb, uint8_t value); - - // CBB_add_u16 appends a 16-bit, big-endian number from |value| to |cbb|. It - // returns one on success and zero otherwise. --// OPENSSL_EXPORT int CBB_add_u16(CBB *cbb, uint16_t value); -+OPENSSL_EXPORT int CBB_add_u16(CBB *cbb, uint16_t value); - - // CBB_add_u16le appends a 16-bit, little-endian number from |value| to |cbb|. - // It returns one on success and zero otherwise. -@@ -592,22 +592,22 @@ - // OPENSSL_EXPORT int CBB_flush_asn1_set_of(CBB *cbb); - - --// #if defined(__cplusplus) --// } // extern C -+#if defined(__cplusplus) -+} // extern C - - --// #if !defined(BORINGSSL_NO_CXX) --// extern "C++" { -+#if !defined(BORINGSSL_NO_CXX) -+extern "C++" { - --// BSSL_NAMESPACE_BEGIN -+BSSL_NAMESPACE_BEGIN - --// using ScopedCBB = internal::StackAllocated; -+using ScopedCBB = internal::StackAllocated; - --// BSSL_NAMESPACE_END -+BSSL_NAMESPACE_END - --// } // extern C++ --// #endif -+} // extern C++ -+#endif - --// #endif -+#endif - --// #endif // OPENSSL_HEADER_BYTESTRING_H -+#endif // OPENSSL_HEADER_BYTESTRING_H diff --git a/bssl-compat/patch/include/openssl/bytestring.h.sh b/bssl-compat/patch/include/openssl/bytestring.h.sh new file mode 100755 index 0000000000..eafe157045 --- /dev/null +++ b/bssl-compat/patch/include/openssl/bytestring.h.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --uncomment-struct cbs_st \ + --uncomment-func-decl CBS_init \ + --uncomment-func-decl CBS_skip \ + --uncomment-func-decl CBS_data \ + --uncomment-func-decl CBS_len \ + --uncomment-func-decl CBS_get_u8 \ + --uncomment-func-decl CBS_get_u16 \ + --uncomment-func-decl CBS_get_u16_length_prefixed \ + --uncomment-macro CBS_ASN1_TAG_SHIFT \ + --uncomment-macro CBS_ASN1_TAG_NUMBER_MASK \ + --uncomment-macro CBS_ASN1_INTEGER \ + --uncomment-struct cbb_buffer_st \ + --uncomment-struct cbb_child_st \ + --uncomment-struct cbb_st \ + --uncomment-func-decl CBB_zero \ + --uncomment-func-decl CBB_init \ + --uncomment-func-decl CBB_cleanup \ + --uncomment-func-decl CBB_finish \ + --uncomment-func-decl CBB_flush \ + --uncomment-func-decl CBB_data \ + --uncomment-func-decl CBB_len \ + --uncomment-func-decl CBB_add_asn1 \ + --uncomment-func-decl CBB_add_bytes \ + --uncomment-func-decl CBB_add_space \ + --uncomment-func-decl CBB_add_u8 \ + --uncomment-func-decl CBB_add_u16 \ + --uncomment-using ScopedCBB diff --git a/bssl-compat/patch/include/openssl/cipher.h.patch b/bssl-compat/patch/include/openssl/cipher.h.patch deleted file mode 100644 index 5985ccef0f..0000000000 --- a/bssl-compat/patch/include/openssl/cipher.h.patch +++ /dev/null @@ -1,183 +0,0 @@ ---- a/include/openssl/cipher.h -+++ b/include/openssl/cipher.h -@@ -54,14 +54,14 @@ - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - --// #ifndef OPENSSL_HEADER_CIPHER_H --// #define OPENSSL_HEADER_CIPHER_H -+#ifndef OPENSSL_HEADER_CIPHER_H -+#define OPENSSL_HEADER_CIPHER_H - --// #include -+#include - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // Ciphers. -@@ -87,7 +87,7 @@ - // OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ofb(void); - - // OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ecb(void); --// OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cbc(void); -+OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cbc(void); - // OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ctr(void); - // OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ofb(void); - // OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_xts(void); -@@ -123,7 +123,7 @@ - - // EVP_CIPHER_CTX_new allocates a fresh |EVP_CIPHER_CTX|, calls - // |EVP_CIPHER_CTX_init| and returns it, or NULL on allocation failure. --// OPENSSL_EXPORT EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); -+OPENSSL_EXPORT EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); - - // EVP_CIPHER_CTX_cleanup frees any memory referenced by |ctx|. It returns - // one. -@@ -131,7 +131,7 @@ - - // EVP_CIPHER_CTX_free calls |EVP_CIPHER_CTX_cleanup| on |ctx| and then frees - // |ctx| itself. --// OPENSSL_EXPORT void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); -+OPENSSL_EXPORT void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); - - // EVP_CIPHER_CTX_copy sets |out| to be a duplicate of the current state of - // |in|. The |out| argument must have been previously initialised. -@@ -158,14 +158,14 @@ - // int enc); - - // EVP_EncryptInit_ex calls |EVP_CipherInit_ex| with |enc| equal to one. --// OPENSSL_EXPORT int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, --// const EVP_CIPHER *cipher, ENGINE *impl, --// const uint8_t *key, const uint8_t *iv); -+OPENSSL_EXPORT int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, -+ const EVP_CIPHER *cipher, ENGINE *impl, -+ const uint8_t *key, const uint8_t *iv); - - // EVP_DecryptInit_ex calls |EVP_CipherInit_ex| with |enc| equal to zero. --// OPENSSL_EXPORT int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, --// const EVP_CIPHER *cipher, ENGINE *impl, --// const uint8_t *key, const uint8_t *iv); -+OPENSSL_EXPORT int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, -+ const EVP_CIPHER *cipher, ENGINE *impl, -+ const uint8_t *key, const uint8_t *iv); - - - // Cipher operations. -@@ -179,9 +179,9 @@ - // function instead adds |in_len| bytes from |in| to the AAD and sets |*out_len| - // to |in_len|. The AAD must be fully specified in this way before this function - // is used to encrypt plaintext. --// OPENSSL_EXPORT int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, --// int *out_len, const uint8_t *in, --// int in_len); -+OPENSSL_EXPORT int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, -+ int *out_len, const uint8_t *in, -+ int in_len); - - // EVP_EncryptFinal_ex writes at most a block of ciphertext to |out| and sets - // |*out_len| to the number of bytes written. If padding is enabled (the -@@ -189,8 +189,8 @@ - // padding is disabled (with |EVP_CIPHER_CTX_set_padding|) then any partial - // block remaining will cause an error. The function returns one on success and - // zero otherwise. --// OPENSSL_EXPORT int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out, --// int *out_len); -+OPENSSL_EXPORT int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out, -+ int *out_len); - - // EVP_DecryptUpdate decrypts |in_len| bytes from |in| to |out|. The number of - // output bytes may be up to |in_len| plus the block length minus one and |out| -@@ -201,9 +201,9 @@ - // function instead adds |in_len| bytes from |in| to the AAD and sets |*out_len| - // to |in_len|. The AAD must be fully specified in this way before this function - // is used to decrypt ciphertext. --// OPENSSL_EXPORT int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, --// int *out_len, const uint8_t *in, --// int in_len); -+OPENSSL_EXPORT int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, -+ int *out_len, const uint8_t *in, -+ int in_len); - - // EVP_DecryptFinal_ex writes at most a block of ciphertext to |out| and sets - // |*out_len| to the number of bytes written. If padding is enabled (the -@@ -211,8 +211,8 @@ - // - // WARNING: it is unsafe to call this function with unauthenticated - // ciphertext if padding is enabled. --// OPENSSL_EXPORT int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out, --// int *out_len); -+OPENSSL_EXPORT int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out, -+ int *out_len); - - // EVP_Cipher performs a one-shot encryption/decryption operation for non-AEAD - // ciphers. No partial blocks are maintained between calls. However, any -@@ -318,17 +318,17 @@ - - // EVP_CIPHER_block_size returns the block size, in bytes, for |cipher|, or one - // if |cipher| is a stream cipher. --// OPENSSL_EXPORT unsigned EVP_CIPHER_block_size(const EVP_CIPHER *cipher); -+OPENSSL_EXPORT unsigned EVP_CIPHER_block_size(const EVP_CIPHER *cipher); - - // EVP_CIPHER_key_length returns the key size, in bytes, for |cipher|. If - // |cipher| can take a variable key length then this function returns the - // default key length and |EVP_CIPHER_flags| will return a value with - // |EVP_CIPH_VARIABLE_LENGTH| set. --// OPENSSL_EXPORT unsigned EVP_CIPHER_key_length(const EVP_CIPHER *cipher); -+OPENSSL_EXPORT unsigned EVP_CIPHER_key_length(const EVP_CIPHER *cipher); - - // EVP_CIPHER_iv_length returns the IV size, in bytes, of |cipher|, or zero if - // |cipher| doesn't take an IV. --// OPENSSL_EXPORT unsigned EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); -+OPENSSL_EXPORT unsigned EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); - - // EVP_CIPHER_flags returns a value which is the OR of zero or more - // |EVP_CIPH_*| flags. -@@ -601,26 +601,26 @@ - // } EVP_CIPHER_INFO; - - --// #if defined(__cplusplus) --// } // extern C -+#if defined(__cplusplus) -+} // extern C - --// #if !defined(BORINGSSL_NO_CXX) --// extern "C++" { -+#if !defined(BORINGSSL_NO_CXX) -+extern "C++" { - --// BSSL_NAMESPACE_BEGIN -+BSSL_NAMESPACE_BEGIN - --// BORINGSSL_MAKE_DELETER(EVP_CIPHER_CTX, EVP_CIPHER_CTX_free) -+BORINGSSL_MAKE_DELETER(EVP_CIPHER_CTX, EVP_CIPHER_CTX_free) - - // using ScopedEVP_CIPHER_CTX = - // internal::StackAllocated; - --// BSSL_NAMESPACE_END -+BSSL_NAMESPACE_END - --// } // extern C++ --// #endif -+} // extern C++ -+#endif - --// #endif -+#endif - - #ifdef ossl_CIPHER_R_AES_KEY_SETUP_FAILED - #define CIPHER_R_AES_KEY_SETUP_FAILED ossl_CIPHER_R_AES_KEY_SETUP_FAILED -@@ -701,4 +701,4 @@ - #define CIPHER_R_INVALID_NONCE ossl_CIPHER_R_INVALID_NONCE - #endif - --// #endif // OPENSSL_HEADER_CIPHER_H -+#endif // OPENSSL_HEADER_CIPHER_H diff --git a/bssl-compat/patch/include/openssl/cipher.h.sh b/bssl-compat/patch/include/openssl/cipher.h.sh index 9710dc9218..c97fde9cf0 100755 --- a/bssl-compat/patch/include/openssl/cipher.h.sh +++ b/bssl-compat/patch/include/openssl/cipher.h.sh @@ -1,4 +1,20 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(CIPHER_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' \ - -e 's|^// \(#[ \t]*define[ \t]*\)\(EVP_MAX_[A-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --uncomment-func-decl EVP_aes_256_cbc \ + --uncomment-func-decl EVP_CIPHER_CTX_new \ + --uncomment-func-decl EVP_CIPHER_CTX_free \ + --uncomment-func-decl EVP_EncryptInit_ex \ + --uncomment-func-decl EVP_DecryptInit_ex \ + --uncomment-func-decl EVP_EncryptUpdate \ + --uncomment-func-decl EVP_EncryptFinal_ex \ + --uncomment-func-decl EVP_DecryptUpdate \ + --uncomment-func-decl EVP_DecryptFinal_ex \ + --uncomment-func-decl EVP_CIPHER_block_size \ + --uncomment-func-decl EVP_CIPHER_key_length \ + --uncomment-func-decl EVP_CIPHER_iv_length \ + --uncomment-macro-redef 'EVP_MAX_[A-Z0-9_]*_LENGTH' \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(EVP_CIPHER_CTX' \ + --uncomment-macro-redef 'CIPHER_R_[[:alnum:]_]*' diff --git a/bssl-compat/patch/include/openssl/conf.h.sh b/bssl-compat/patch/include/openssl/conf.h.sh index 9e0e48ddd7..242a7ef46e 100755 --- a/bssl-compat/patch/include/openssl/conf.h.sh +++ b/bssl-compat/patch/include/openssl/conf.h.sh @@ -1,4 +1,6 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(CONF_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail +uncomment.sh "$1" --comment \ + --uncomment-macro-redef 'CONF_R_[a-zA-Z0-9_]*' \ diff --git a/bssl-compat/patch/include/openssl/crypto.h.patch b/bssl-compat/patch/include/openssl/crypto.h.patch deleted file mode 100644 index 6aa87adb95..0000000000 --- a/bssl-compat/patch/include/openssl/crypto.h.patch +++ /dev/null @@ -1,58 +0,0 @@ ---- a/include/openssl/crypto.h -+++ b/include/openssl/crypto.h -@@ -12,24 +12,24 @@ - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - --// #ifndef OPENSSL_HEADER_CRYPTO_H --// #define OPENSSL_HEADER_CRYPTO_H -+#ifndef OPENSSL_HEADER_CRYPTO_H -+#define OPENSSL_HEADER_CRYPTO_H - --// #include --// #include -+#include -+#include - - // Upstream OpenSSL defines |OPENSSL_malloc|, etc., in crypto.h rather than - // mem.h. --// #include -+#include - - // Upstream OpenSSL defines |CRYPTO_LOCK|, etc., in crypto.h rather than - // thread.h. --// #include -+#include - - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // crypto.h contains functions for initializing the crypto library. -@@ -89,7 +89,7 @@ - - // FIPS_mode returns zero unless BoringSSL is built with BORINGSSL_FIPS, in - // which case it returns one. --// OPENSSL_EXPORT int FIPS_mode(void); -+OPENSSL_EXPORT int FIPS_mode(void); - - // fips_counter_t denotes specific APIs/algorithms. A counter is maintained for - // each in FIPS mode so that tests can be written to assert that the expected, -@@ -194,8 +194,8 @@ - // OPENSSL_EXPORT int FIPS_query_algorithm_status(const char *algorithm); - - --// #if defined(__cplusplus) --// } // extern C --// #endif -+#if defined(__cplusplus) -+} // extern C -+#endif - --// #endif // OPENSSL_HEADER_CRYPTO_H -+#endif // OPENSSL_HEADER_CRYPTO_H diff --git a/bssl-compat/patch/include/openssl/crypto.h.sh b/bssl-compat/patch/include/openssl/crypto.h.sh index cdbcf0ce9e..51a8e3ddf3 100755 --- a/bssl-compat/patch/include/openssl/crypto.h.sh +++ b/bssl-compat/patch/include/openssl/crypto.h.sh @@ -1,4 +1,6 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(CRYPTO_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail +uncomment.sh "$1" --comment -h \ + --uncomment-func-decl FIPS_mode diff --git a/bssl-compat/patch/include/openssl/dh.h.sh b/bssl-compat/patch/include/openssl/dh.h.sh index f19a4cd200..841a181f7e 100755 --- a/bssl-compat/patch/include/openssl/dh.h.sh +++ b/bssl-compat/patch/include/openssl/dh.h.sh @@ -1,4 +1,6 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(DH_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail +uncomment.sh "$1" --comment \ + --uncomment-macro-redef 'DH_R_[a-zA-Z0-9_]*' \ diff --git a/bssl-compat/patch/include/openssl/digest.h.patch b/bssl-compat/patch/include/openssl/digest.h.patch deleted file mode 100644 index d1d43cab30..0000000000 --- a/bssl-compat/patch/include/openssl/digest.h.patch +++ /dev/null @@ -1,216 +0,0 @@ ---- a/include/openssl/digest.h -+++ b/include/openssl/digest.h -@@ -54,14 +54,14 @@ - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - --// #ifndef OPENSSL_HEADER_DIGEST_H --// #define OPENSSL_HEADER_DIGEST_H -+#ifndef OPENSSL_HEADER_DIGEST_H -+#define OPENSSL_HEADER_DIGEST_H - --// #include -+#include - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // Digest functions. -@@ -76,19 +76,19 @@ - // The following functions return |EVP_MD| objects that implement the named hash - // function. - --// OPENSSL_EXPORT const EVP_MD *EVP_md4(void); --// OPENSSL_EXPORT const EVP_MD *EVP_md5(void); --// OPENSSL_EXPORT const EVP_MD *EVP_sha1(void); --// OPENSSL_EXPORT const EVP_MD *EVP_sha224(void); --// OPENSSL_EXPORT const EVP_MD *EVP_sha256(void); --// OPENSSL_EXPORT const EVP_MD *EVP_sha384(void); --// OPENSSL_EXPORT const EVP_MD *EVP_sha512(void); --// OPENSSL_EXPORT const EVP_MD *EVP_sha512_256(void); -+OPENSSL_EXPORT const EVP_MD *EVP_md4(void); -+OPENSSL_EXPORT const EVP_MD *EVP_md5(void); -+OPENSSL_EXPORT const EVP_MD *EVP_sha1(void); -+OPENSSL_EXPORT const EVP_MD *EVP_sha224(void); -+OPENSSL_EXPORT const EVP_MD *EVP_sha256(void); -+OPENSSL_EXPORT const EVP_MD *EVP_sha384(void); -+OPENSSL_EXPORT const EVP_MD *EVP_sha512(void); -+OPENSSL_EXPORT const EVP_MD *EVP_sha512_256(void); - // OPENSSL_EXPORT const EVP_MD *EVP_blake2b256(void); - - // EVP_md5_sha1 is a TLS-specific |EVP_MD| which computes the concatenation of - // MD5 and SHA-1, as used in TLS 1.1 and below. --// OPENSSL_EXPORT const EVP_MD *EVP_md5_sha1(void); -+OPENSSL_EXPORT const EVP_MD *EVP_md5_sha1(void); - - // EVP_get_digestbynid returns an |EVP_MD| for the given NID, or NULL if no - // such digest is known. -@@ -111,7 +111,7 @@ - // EVP_MD_CTX_new allocates and initialises a fresh |EVP_MD_CTX| and returns - // it, or NULL on allocation failure. The caller must use |EVP_MD_CTX_free| to - // release the resulting object. --// OPENSSL_EXPORT EVP_MD_CTX *EVP_MD_CTX_new(void); -+OPENSSL_EXPORT EVP_MD_CTX *EVP_MD_CTX_new(void); - - // EVP_MD_CTX_cleanup frees any resources owned by |ctx| and resets it to a - // freshly initialised state. It does not free |ctx| itself. It returns one. -@@ -125,19 +125,19 @@ - // OPENSSL_EXPORT void EVP_MD_CTX_cleanse(EVP_MD_CTX *ctx); - - // EVP_MD_CTX_free calls |EVP_MD_CTX_cleanup| and then frees |ctx| itself. --// OPENSSL_EXPORT void EVP_MD_CTX_free(EVP_MD_CTX *ctx); -+OPENSSL_EXPORT void EVP_MD_CTX_free(EVP_MD_CTX *ctx); - - // EVP_MD_CTX_copy_ex sets |out|, which must already be initialised, to be a - // copy of |in|. It returns one on success and zero on allocation failure. --// OPENSSL_EXPORT int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); -+OPENSSL_EXPORT int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); - - // EVP_MD_CTX_move sets |out|, which must already be initialised, to the hash - // state in |in|. |in| is mutated and left in an empty state. --// OPENSSL_EXPORT void EVP_MD_CTX_move(EVP_MD_CTX *out, EVP_MD_CTX *in); -+OPENSSL_EXPORT void EVP_MD_CTX_move(EVP_MD_CTX *out, EVP_MD_CTX *in); - - // EVP_MD_CTX_reset calls |EVP_MD_CTX_cleanup| followed by |EVP_MD_CTX_init|. It - // returns one. --// OPENSSL_EXPORT int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); -+OPENSSL_EXPORT int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); - - - // Digest operations. -@@ -145,22 +145,22 @@ - // EVP_DigestInit_ex configures |ctx|, which must already have been - // initialised, for a fresh hashing operation using |type|. It returns one on - // success and zero on allocation failure. --// OPENSSL_EXPORT int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, --// ENGINE *engine); -+OPENSSL_EXPORT int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, -+ ENGINE *engine); - - // EVP_DigestInit acts like |EVP_DigestInit_ex| except that |ctx| is - // initialised before use. --// OPENSSL_EXPORT int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); -+OPENSSL_EXPORT int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); - - // EVP_DigestUpdate hashes |len| bytes from |data| into the hashing operation - // in |ctx|. It returns one. --// OPENSSL_EXPORT int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, --// size_t len); -+OPENSSL_EXPORT int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, -+ size_t len); - - // EVP_MAX_MD_SIZE is the largest digest size supported, in bytes. - // Functions that output a digest generally require the buffer have - // at least this much space. --// #define EVP_MAX_MD_SIZE 64 // SHA-512 is the longest so far. -+#define EVP_MAX_MD_SIZE ossl_EVP_MAX_MD_SIZE - - // EVP_MAX_MD_BLOCK_SIZE is the largest digest block size supported, in - // bytes. -@@ -172,13 +172,13 @@ - // number of bytes written. It returns one. After this call, the hash cannot be - // updated or finished again until |EVP_DigestInit_ex| is called to start - // another hashing operation. --// OPENSSL_EXPORT int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, uint8_t *md_out, --// unsigned int *out_size); -+OPENSSL_EXPORT int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, uint8_t *md_out, -+ unsigned int *out_size); - - // EVP_DigestFinal acts like |EVP_DigestFinal_ex| except that - // |EVP_MD_CTX_cleanup| is called on |ctx| before returning. --// OPENSSL_EXPORT int EVP_DigestFinal(EVP_MD_CTX *ctx, uint8_t *md_out, --// unsigned int *out_size); -+OPENSSL_EXPORT int EVP_DigestFinal(EVP_MD_CTX *ctx, uint8_t *md_out, -+ unsigned int *out_size); - - // EVP_Digest performs a complete hashing operation in one call. It hashes |len| - // bytes from |data| and writes the digest to |md_out|. |EVP_MD_CTX_size| bytes -@@ -196,14 +196,14 @@ - // function. - - // EVP_MD_type returns a NID identifying |md|. (For example, |NID_sha256|.) --// OPENSSL_EXPORT int EVP_MD_type(const EVP_MD *md); -+OPENSSL_EXPORT int EVP_MD_type(const EVP_MD *md); - - // EVP_MD_flags returns the flags for |md|, which is a set of |EVP_MD_FLAG_*| - // values, ORed together. - // OPENSSL_EXPORT uint32_t EVP_MD_flags(const EVP_MD *md); - - // EVP_MD_size returns the digest size of |md|, in bytes. --// OPENSSL_EXPORT size_t EVP_MD_size(const EVP_MD *md); -+OPENSSL_EXPORT size_t EVP_MD_size(const EVP_MD *md); - - // EVP_MD_block_size returns the native block-size of |md|, in bytes. - // OPENSSL_EXPORT size_t EVP_MD_block_size(const EVP_MD *md); -@@ -327,26 +327,48 @@ - // } /* EVP_MD_CTX */; - - --// #if defined(__cplusplus) --// } // extern C -+#if defined(__cplusplus) -+} // extern C - --// #if !defined(BORINGSSL_NO_CXX) --// extern "C++" { -+#if !defined(BORINGSSL_NO_CXX) -+extern "C++" { - --// BSSL_NAMESPACE_BEGIN -+BSSL_NAMESPACE_BEGIN - - // BORINGSSL_MAKE_DELETER(EVP_MD_CTX, EVP_MD_CTX_free) - --// using ScopedEVP_MD_CTX = --// internal::StackAllocatedMovable; -+class ScopedEVP_MD_CTX { -+ public: -+ ScopedEVP_MD_CTX() : ctx_(EVP_MD_CTX_new()) {} -+ ~ScopedEVP_MD_CTX() { EVP_MD_CTX_free(ctx_); } -+ -+ ScopedEVP_MD_CTX(ScopedEVP_MD_CTX &&other) { -+ EVP_MD_CTX_move(ctx_, other.ctx_); -+ } -+ ScopedEVP_MD_CTX &operator=(ScopedEVP_MD_CTX &&other) { -+ EVP_MD_CTX_move(ctx_, other.ctx_); -+ return *this; -+ } -+ -+ EVP_MD_CTX *get() { return ctx_; } -+ const EVP_MD_CTX *get() const { return ctx_; } -+ -+ EVP_MD_CTX *operator->() { return ctx_; } -+ const EVP_MD_CTX *operator->() const { return ctx_; } -+ -+ void Reset() { -+ EVP_MD_CTX_reset(ctx_); -+ } -+ private: -+ EVP_MD_CTX *ctx_; -+}; - --// BSSL_NAMESPACE_END -+BSSL_NAMESPACE_END - --// } // extern C++ --// #endif -+} // extern C++ -+#endif - --// #endif -+#endif - - #ifdef ossl_DIGEST_R_INPUT_NOT_INITIALIZED - #define DIGEST_R_INPUT_NOT_INITIALIZED ossl_DIGEST_R_INPUT_NOT_INITIALIZED -@@ -358,4 +380,4 @@ - #define DIGEST_R_UNKNOWN_HASH ossl_DIGEST_R_UNKNOWN_HASH - #endif - --// #endif // OPENSSL_HEADER_DIGEST_H -+#endif // OPENSSL_HEADER_DIGEST_H diff --git a/bssl-compat/patch/include/openssl/digest.h.sh b/bssl-compat/patch/include/openssl/digest.h.sh index 2b16adde06..cf133dda42 100755 --- a/bssl-compat/patch/include/openssl/digest.h.sh +++ b/bssl-compat/patch/include/openssl/digest.h.sh @@ -1,4 +1,60 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(DIGEST_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail +MYTMPDIR="$(mktemp -d)" +trap 'rm -rf -- "$MYTMPDIR"' EXIT + +cat > "$MYTMPDIR/ScopedEVP_MD_CTX.h" <() { return ctx_; } + const EVP_MD_CTX *operator->() const { return ctx_; } + + void Reset() { + EVP_MD_CTX_reset(ctx_); + } + private: + EVP_MD_CTX *ctx_; +}; +EOF + +uncomment.sh "$1" --comment -h \ + --uncomment-func-decl EVP_md4 \ + --uncomment-func-decl EVP_md5 \ + --uncomment-func-decl EVP_sha1 \ + --uncomment-func-decl EVP_sha224 \ + --uncomment-func-decl EVP_sha256 \ + --uncomment-func-decl EVP_sha384 \ + --uncomment-func-decl EVP_sha512 \ + --uncomment-func-decl EVP_sha512_256 \ + --uncomment-func-decl EVP_md5_sha1 \ + --uncomment-func-decl EVP_MD_CTX_new \ + --uncomment-func-decl EVP_MD_CTX_free \ + --uncomment-func-decl EVP_MD_CTX_copy_ex \ + --uncomment-func-decl EVP_MD_CTX_move \ + --uncomment-func-decl EVP_MD_CTX_reset \ + --uncomment-func-decl EVP_DigestInit_ex \ + --uncomment-func-decl EVP_DigestInit \ + --uncomment-func-decl EVP_DigestUpdate \ + --uncomment-macro-redef EVP_MAX_MD_SIZE \ + --uncomment-func-decl EVP_DigestFinal_ex \ + --uncomment-func-decl EVP_DigestFinal \ + --uncomment-func-decl EVP_MD_type \ + --uncomment-func-decl EVP_MD_size \ + --uncomment-macro-redef 'DIGEST_R_[[:alnum:]_]*' \ + --sed "/^\/\/ using ScopedEVP_MD_CTX/ e cat $MYTMPDIR/ScopedEVP_MD_CTX.h" diff --git a/bssl-compat/patch/include/openssl/dsa.h.sh b/bssl-compat/patch/include/openssl/dsa.h.sh index f9306fe9f8..9918e33f2e 100755 --- a/bssl-compat/patch/include/openssl/dsa.h.sh +++ b/bssl-compat/patch/include/openssl/dsa.h.sh @@ -1,4 +1,6 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(DSA_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail +uncomment.sh "$1" --comment \ + --uncomment-macro-redef 'DSA_R_[a-zA-Z0-9_]*' \ diff --git a/bssl-compat/patch/include/openssl/ec.h.patch b/bssl-compat/patch/include/openssl/ec.h.patch deleted file mode 100644 index 8b9dff0777..0000000000 --- a/bssl-compat/patch/include/openssl/ec.h.patch +++ /dev/null @@ -1,89 +0,0 @@ ---- a/include/openssl/ec.h -+++ b/include/openssl/ec.h -@@ -65,14 +65,14 @@ - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems - * Laboratories. */ - --// #ifndef OPENSSL_HEADER_EC_H --// #define OPENSSL_HEADER_EC_H -+#ifndef OPENSSL_HEADER_EC_H -+#define OPENSSL_HEADER_EC_H - --// #include -+#include - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // Low-level operations on elliptic curves. -@@ -131,7 +131,7 @@ - - // EC_GROUP_get0_order returns a pointer to the internal |BIGNUM| object in - // |group| that specifies the order of the group. --// OPENSSL_EXPORT const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); -+OPENSSL_EXPORT const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); - - // EC_GROUP_order_bits returns the number of bits of the order of |group|. - // OPENSSL_EXPORT int EC_GROUP_order_bits(const EC_GROUP *group); -@@ -151,11 +151,11 @@ - // BN_CTX *ctx); - - // EC_GROUP_get_curve_name returns a NID that identifies |group|. --// OPENSSL_EXPORT int EC_GROUP_get_curve_name(const EC_GROUP *group); -+OPENSSL_EXPORT int EC_GROUP_get_curve_name(const EC_GROUP *group); - - // EC_GROUP_get_degree returns the number of bits needed to represent an - // element of the field underlying |group|. --// OPENSSL_EXPORT unsigned EC_GROUP_get_degree(const EC_GROUP *group); -+OPENSSL_EXPORT unsigned EC_GROUP_get_degree(const EC_GROUP *group); - - // EC_curve_nid2nist returns the NIST name of the elliptic curve specified by - // |nid|, or NULL if |nid| is not a NIST curve. For example, it returns "P-256" -@@ -391,26 +391,26 @@ - // OPENSSL_EXPORT void EC_POINT_clear_free(EC_POINT *point); - - --// #if defined(__cplusplus) --// } // extern C --// #endif -+#if defined(__cplusplus) -+} // extern C -+#endif - - // Old code expects to get EC_KEY from ec.h. --// #include -+#include - --// #if defined(__cplusplus) --// extern "C++" { -+#if defined(__cplusplus) -+extern "C++" { - --// BSSL_NAMESPACE_BEGIN -+BSSL_NAMESPACE_BEGIN - - // BORINGSSL_MAKE_DELETER(EC_POINT, EC_POINT_free) - // BORINGSSL_MAKE_DELETER(EC_GROUP, EC_GROUP_free) - --// BSSL_NAMESPACE_END -+BSSL_NAMESPACE_END - --// } // extern C++ -+} // extern C++ - --// #endif -+#endif - - #ifdef ossl_EC_R_BUFFER_TOO_SMALL - #define EC_R_BUFFER_TOO_SMALL ossl_EC_R_BUFFER_TOO_SMALL -@@ -515,4 +515,4 @@ - #define EC_R_INVALID_SCALAR ossl_EC_R_INVALID_SCALAR - #endif - --// #endif // OPENSSL_HEADER_EC_H -+#endif // OPENSSL_HEADER_EC_H diff --git a/bssl-compat/patch/include/openssl/ec.h.sh b/bssl-compat/patch/include/openssl/ec.h.sh index c146dc4588..7898280393 100755 --- a/bssl-compat/patch/include/openssl/ec.h.sh +++ b/bssl-compat/patch/include/openssl/ec.h.sh @@ -1,4 +1,9 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(EC_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail +uncomment.sh "$1" --comment -h \ + --uncomment-func-decl EC_GROUP_get0_order \ + --uncomment-func-decl EC_GROUP_get_curve_name \ + --uncomment-func-decl EC_GROUP_get_degree \ + --uncomment-macro-redef 'EC_R_[[:alnum:]_]*' diff --git a/bssl-compat/patch/include/openssl/ec_key.h.patch b/bssl-compat/patch/include/openssl/ec_key.h.patch deleted file mode 100644 index 746a9d717a..0000000000 --- a/bssl-compat/patch/include/openssl/ec_key.h.patch +++ /dev/null @@ -1,89 +0,0 @@ ---- a/include/openssl/ec_key.h -+++ b/include/openssl/ec_key.h -@@ -65,18 +65,18 @@ - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems - * Laboratories. */ - --// #ifndef OPENSSL_HEADER_EC_KEY_H --// #define OPENSSL_HEADER_EC_KEY_H -+#ifndef OPENSSL_HEADER_EC_KEY_H -+#define OPENSSL_HEADER_EC_KEY_H - --// #include -+#include - --// #include --// #include --// #include -- --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#include -+#include -+#include -+ -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // ec_key.h contains functions that handle elliptic-curve points that are -@@ -103,7 +103,7 @@ - // OPENSSL_EXPORT EC_KEY *EC_KEY_new_by_curve_name(int nid); - - // EC_KEY_free frees all the data owned by |key| and |key| itself. --// OPENSSL_EXPORT void EC_KEY_free(EC_KEY *key); -+OPENSSL_EXPORT void EC_KEY_free(EC_KEY *key); - - // EC_KEY_dup returns a fresh copy of |src| or NULL on error. - // OPENSSL_EXPORT EC_KEY *EC_KEY_dup(const EC_KEY *src); -@@ -117,7 +117,7 @@ - // OPENSSL_EXPORT int EC_KEY_is_opaque(const EC_KEY *key); - - // EC_KEY_get0_group returns a pointer to the |EC_GROUP| object inside |key|. --// OPENSSL_EXPORT const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); -+OPENSSL_EXPORT const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); - - // EC_KEY_set_group sets the |EC_GROUP| object that |key| will use to |group|. - // It returns one on success and zero if |key| is already configured with a -@@ -222,8 +222,8 @@ - // NULL on error. If |group| is non-null, the parameters field of the - // ECPrivateKey may be omitted (but must match |group| if present). Otherwise, - // the parameters field is required. --// OPENSSL_EXPORT EC_KEY *EC_KEY_parse_private_key(CBS *cbs, --// const EC_GROUP *group); -+OPENSSL_EXPORT EC_KEY *EC_KEY_parse_private_key(CBS *cbs, -+ const EC_GROUP *group); - - // EC_KEY_marshal_private_key marshals |key| as a DER-encoded ECPrivateKey - // structure (RFC 5915) and appends the result to |cbb|. It returns one on -@@ -341,20 +341,20 @@ - // OPENSSL_EXPORT int i2o_ECPublicKey(const EC_KEY *key, unsigned char **outp); - - --// #if defined(__cplusplus) --// } // extern C -+#if defined(__cplusplus) -+} // extern C - --// extern "C++" { -+extern "C++" { - --// BSSL_NAMESPACE_BEGIN -+BSSL_NAMESPACE_BEGIN - - // BORINGSSL_MAKE_DELETER(EC_KEY, EC_KEY_free) - // BORINGSSL_MAKE_UP_REF(EC_KEY, EC_KEY_up_ref) - --// BSSL_NAMESPACE_END -+BSSL_NAMESPACE_END - --// } // extern C++ -+} // extern C++ - --// #endif -+#endif - --// #endif // OPENSSL_HEADER_EC_KEY_H -+#endif // OPENSSL_HEADER_EC_KEY_H diff --git a/bssl-compat/patch/include/openssl/ec_key.h.sh b/bssl-compat/patch/include/openssl/ec_key.h.sh new file mode 100755 index 0000000000..8e6162a2d8 --- /dev/null +++ b/bssl-compat/patch/include/openssl/ec_key.h.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --uncomment-func-decl EC_KEY_free \ + --uncomment-func-decl EC_KEY_get0_group \ + --uncomment-func-decl EC_KEY_parse_private_key diff --git a/bssl-compat/patch/include/openssl/ecdh.h.sh b/bssl-compat/patch/include/openssl/ecdh.h.sh index f3b0e042f7..66db36ed1e 100755 --- a/bssl-compat/patch/include/openssl/ecdh.h.sh +++ b/bssl-compat/patch/include/openssl/ecdh.h.sh @@ -1,4 +1,6 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(ECDH_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail +uncomment.sh "$1" --comment \ + --uncomment-macro-redef 'ECDH_R_[a-zA-Z0-9_]*' \ diff --git a/bssl-compat/patch/include/openssl/ecdsa.h.patch b/bssl-compat/patch/include/openssl/ecdsa.h.patch deleted file mode 100644 index 9722a1a31c..0000000000 --- a/bssl-compat/patch/include/openssl/ecdsa.h.patch +++ /dev/null @@ -1,82 +0,0 @@ ---- a/include/openssl/ecdsa.h -+++ b/include/openssl/ecdsa.h -@@ -50,16 +50,16 @@ - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). */ - --// #ifndef OPENSSL_HEADER_ECDSA_H --// #define OPENSSL_HEADER_ECDSA_H -+#ifndef OPENSSL_HEADER_ECDSA_H -+#define OPENSSL_HEADER_ECDSA_H - --// #include -+#include - --// #include -+#include - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // ECDSA contains functions for signing and verifying with the Digital Signature -@@ -76,9 +76,9 @@ - // - // WARNING: |digest| must be the output of some hash function on the data to be - // signed. Passing unhashed inputs will not result in a secure signature scheme. --// OPENSSL_EXPORT int ECDSA_sign(int type, const uint8_t *digest, --// size_t digest_len, uint8_t *sig, --// unsigned int *sig_len, const EC_KEY *key); -+OPENSSL_EXPORT int ECDSA_sign(int type, const uint8_t *digest, -+ size_t digest_len, uint8_t *sig, -+ unsigned int *sig_len, const EC_KEY *key); - - // ECDSA_verify verifies that |sig_len| bytes from |sig| constitute a valid - // signature by |key| of |digest|. (The |type| argument should be zero.) It -@@ -94,7 +94,7 @@ - - // ECDSA_size returns the maximum size of an ECDSA signature using |key|. It - // returns zero if |key| is NULL or if it doesn't have a group set. --// OPENSSL_EXPORT size_t ECDSA_size(const EC_KEY *key); -+OPENSSL_EXPORT size_t ECDSA_size(const EC_KEY *key); - - - // Low-level signing and verification. -@@ -211,20 +211,20 @@ - // OPENSSL_EXPORT int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp); - - --// #if defined(__cplusplus) --// } // extern C -+#if defined(__cplusplus) -+} // extern C - --// extern "C++" { -+extern "C++" { - --// BSSL_NAMESPACE_BEGIN -+BSSL_NAMESPACE_BEGIN - - // BORINGSSL_MAKE_DELETER(ECDSA_SIG, ECDSA_SIG_free) - --// BSSL_NAMESPACE_END -+BSSL_NAMESPACE_END - --// } // extern C++ -+} // extern C++ - --// #endif -+#endif - - #ifdef ossl_ECDSA_R_BAD_SIGNATURE - #define ECDSA_R_BAD_SIGNATURE ossl_ECDSA_R_BAD_SIGNATURE -@@ -245,4 +245,4 @@ - #define ECDSA_R_ENCODE_ERROR ossl_ECDSA_R_ENCODE_ERROR - #endif - --// #endif // OPENSSL_HEADER_ECDSA_H -+#endif // OPENSSL_HEADER_ECDSA_H diff --git a/bssl-compat/patch/include/openssl/ecdsa.h.sh b/bssl-compat/patch/include/openssl/ecdsa.h.sh index e4e61debb4..aff91f1093 100755 --- a/bssl-compat/patch/include/openssl/ecdsa.h.sh +++ b/bssl-compat/patch/include/openssl/ecdsa.h.sh @@ -1,4 +1,8 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(ECDSA_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail +uncomment.sh "$1" --comment -h \ + --uncomment-func-decl ECDSA_sign \ + --uncomment-func-decl ECDSA_size \ + --uncomment-macro-redef 'ECDSA_R_[[:alnum:]_]*' diff --git a/bssl-compat/patch/include/openssl/engine.h.sh b/bssl-compat/patch/include/openssl/engine.h.sh index cfefe5296e..f3d04738ed 100755 --- a/bssl-compat/patch/include/openssl/engine.h.sh +++ b/bssl-compat/patch/include/openssl/engine.h.sh @@ -1,4 +1,6 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(ENGINE_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail +uncomment.sh "$1" --comment \ + --uncomment-macro-redef 'ENGINE_R_[a-zA-Z0-9_]*' diff --git a/bssl-compat/patch/include/openssl/err.h.patch b/bssl-compat/patch/include/openssl/err.h.patch deleted file mode 100644 index 551dcfe678..0000000000 --- a/bssl-compat/patch/include/openssl/err.h.patch +++ /dev/null @@ -1,181 +0,0 @@ ---- a/include/openssl/err.h -+++ b/include/openssl/err.h -@@ -106,16 +106,17 @@ - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). */ - --// #ifndef OPENSSL_HEADER_ERR_H --// #define OPENSSL_HEADER_ERR_H -+#ifndef OPENSSL_HEADER_ERR_H -+#define OPENSSL_HEADER_ERR_H - --// #include -+#include - --// #include -+#include -+#include - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // Error queue handling functions. -@@ -163,17 +164,17 @@ - - // ERR_GET_LIB returns the library code for the error. This is one of - // the |ERR_LIB_*| values. --// #define ERR_GET_LIB(packed_error) ((int)(((packed_error) >> 24) & 0xff)) -+#define ERR_GET_LIB(packed_error) ossl_ERR_GET_LIB(packed_error) - - // ERR_GET_REASON returns the reason code for the error. This is one of - // library-specific |LIB_R_*| values where |LIB| is the library (see - // |ERR_GET_LIB|). Note that reason codes are specific to the library. --// #define ERR_GET_REASON(packed_error) ((int)((packed_error) & 0xfff)) -+#define ERR_GET_REASON(packed_error) ossl_ERR_GET_REASON(packed_error) - - // ERR_get_error gets the packed error code for the least recent error and - // removes that error from the queue. If there are no errors in the queue then - // it returns zero. --// OPENSSL_EXPORT uint32_t ERR_get_error(void); -+OPENSSL_EXPORT uint32_t ERR_get_error(void); - - // ERR_get_error_line acts like |ERR_get_error|, except that the file and line - // number of the call that added the error are also returned. -@@ -199,14 +200,14 @@ - - // The "peek" functions act like the |ERR_get_error| functions, above, but they - // do not remove the error from the queue. --// OPENSSL_EXPORT uint32_t ERR_peek_error(void); -+OPENSSL_EXPORT uint32_t ERR_peek_error(void); - // OPENSSL_EXPORT uint32_t ERR_peek_error_line(const char **file, int *line); --// OPENSSL_EXPORT uint32_t ERR_peek_error_line_data(const char **file, int *line, --// const char **data, int *flags); -+OPENSSL_EXPORT uint32_t ERR_peek_error_line_data(const char **file, int *line, -+ const char **data, int *flags); - - // The "peek last" functions act like the "peek" functions, above, except that - // they return the most recent error. --// OPENSSL_EXPORT uint32_t ERR_peek_last_error(void); -+OPENSSL_EXPORT uint32_t ERR_peek_last_error(void); - // OPENSSL_EXPORT uint32_t ERR_peek_last_error_line(const char **file, int *line); - // OPENSSL_EXPORT uint32_t ERR_peek_last_error_line_data(const char **file, - // int *line, -@@ -224,17 +225,17 @@ - // - // error code is an 8 digit hexadecimal number; library name and reason string - // are ASCII text. --// OPENSSL_EXPORT char *ERR_error_string_n(uint32_t packed_error, char *buf, --// size_t len); -+OPENSSL_EXPORT char *ERR_error_string_n(uint32_t packed_error, char *buf, -+ size_t len); - - // ERR_lib_error_string returns a string representation of the library that - // generated |packed_error|, or a placeholder string is the library is - // unrecognized. --// OPENSSL_EXPORT const char *ERR_lib_error_string(uint32_t packed_error); -+OPENSSL_EXPORT const char *ERR_lib_error_string(uint32_t packed_error); - - // ERR_reason_error_string returns a string representation of the reason for - // |packed_error|, or a placeholder string if the reason is unrecognized. --// OPENSSL_EXPORT const char *ERR_reason_error_string(uint32_t packed_error); -+OPENSSL_EXPORT const char *ERR_reason_error_string(uint32_t packed_error); - - // ERR_print_errors_callback_t is the type of a function used by - // |ERR_print_errors_cb|. It takes a pointer to a human readable string (and -@@ -263,13 +264,13 @@ - - // ERR_print_errors_fp clears the current thread's error queue, printing each - // error to |file|. See |ERR_print_errors_cb| for the format. --// OPENSSL_EXPORT void ERR_print_errors_fp(FILE *file); -+OPENSSL_EXPORT void ERR_print_errors_fp(FILE *file); - - - // Clearing errors. - - // ERR_clear_error clears the error queue for the current thread. --// OPENSSL_EXPORT void ERR_clear_error(void); -+OPENSSL_EXPORT void ERR_clear_error(void); - - // ERR_set_mark "marks" the most recent error for use with |ERR_pop_to_mark|. - // It returns one if an error was marked and zero if there are no errors. -@@ -293,7 +294,7 @@ - // Built-in library and reason codes. - - // The following values are built-in library codes. --// enum { -+enum { - #ifdef ossl_ERR_LIB_NONE - ERR_LIB_NONE = ossl_ERR_LIB_NONE, - #endif -@@ -393,8 +394,8 @@ - #ifdef ossl_ERR_LIB_USER - ERR_LIB_USER = ossl_ERR_LIB_USER, - #endif --// ERR_NUM_LIBS --// }; -+ ERR_NUM_LIBS -+}; - - // The following reason codes used to denote an error occuring in another - // library. They are sometimes used for a stack trace. -@@ -561,8 +562,8 @@ - // Use |ERR_error_string_n| instead. - // - // TODO(fork): remove this function. --// OPENSSL_EXPORT char *ERR_error_string(uint32_t packed_error, char *buf); --// #define ERR_ERROR_STRING_BUF_LEN 120 -+OPENSSL_EXPORT char *ERR_error_string(uint32_t packed_error, char *buf); -+#define ERR_ERROR_STRING_BUF_LEN 120 - - // ERR_GET_FUNC returns zero. BoringSSL errors do not report a function code. - // #define ERR_GET_FUNC(packed_error) 0 -@@ -580,8 +581,8 @@ - - // OPENSSL_PUT_ERROR is used by OpenSSL code to add an error to the error - // queue. --// #define OPENSSL_PUT_ERROR(library, reason) \ --// ERR_put_error(ERR_LIB_##library, 0, reason, __FILE__, __LINE__) -+#define OPENSSL_PUT_ERROR(library, reason) \ -+ ERR_put_error(ERR_LIB_##library, 0, reason, __FILE__, __LINE__) - - // OPENSSL_PUT_SYSTEM_ERROR is used by OpenSSL code to add an error from the - // operating system to the error queue. -@@ -591,8 +592,8 @@ - - // ERR_put_error adds an error to the error queue, dropping the least recent - // error if necessary for space reasons. --// OPENSSL_EXPORT void ERR_put_error(int library, int unused, int reason, --// const char *file, unsigned line); -+OPENSSL_EXPORT void ERR_put_error(int library, int unused, int reason, -+ const char *file, unsigned line); - - // ERR_add_error_data takes a variable number (|count|) of const char* - // pointers, concatenates them and sets the result as the data on the most -@@ -621,8 +622,7 @@ - #define ERR_NUM_ERRORS ossl_ERR_NUM_ERRORS - #endif - --// #define ERR_PACK(lib, reason) \ --// (((((uint32_t)(lib)) & 0xff) << 24) | ((((uint32_t)(reason)) & 0xfff))) -+#define ERR_PACK(lib, reason) ossl_ERR_PACK(lib, 0, reason) - - // OPENSSL_DECLARE_ERROR_REASON is used by util/make_errors.h (which generates - // the error defines) to recognise that an additional reason value is needed. -@@ -632,8 +632,8 @@ - // #define OPENSSL_DECLARE_ERROR_REASON(lib, reason) - - --// #if defined(__cplusplus) --// } // extern C --// #endif -+#if defined(__cplusplus) -+} // extern C -+#endif - --// #endif // OPENSSL_HEADER_ERR_H -+#endif // OPENSSL_HEADER_ERR_H diff --git a/bssl-compat/patch/include/openssl/err.h.sh b/bssl-compat/patch/include/openssl/err.h.sh index ec410c7b16..af7ea4a6e6 100755 --- a/bssl-compat/patch/include/openssl/err.h.sh +++ b/bssl-compat/patch/include/openssl/err.h.sh @@ -1,11 +1,30 @@ #!/bin/bash -set -e +set -euo pipefail -BSSL_COMPAT_DIR="$(cd "$(dirname "$0")/../../.."; pwd)" - -sed -i -e 's|^// \([ \t]*\)\(ERR_LIB_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 = ossl_\2,\n#endif|g' \ - -e 's|^// \(#[ \t]*define[ \t]*\)ERR_R_\([a-zA-Z0-9_]*\)_LIB[^a-zA-Z0-9_].*$|#ifdef ossl_ERR_R_\2_LIB\n\1ERR_R_\2_LIB ossl_ERR_R_\2_LIB\n#endif|g' \ - -e 's|^// \(#[ \t]*define[ \t]*\)\(ERR_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' \ - -e 's|^// \(#[ \t]*define[ \t]*\)\(ERR_NUM_ERRORS\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' \ - "$1" +uncomment.sh "$1" --comment -h \ + --sed '/base\.h/a#include ' \ + --sed '/OPENSSL_INLINE int ERR_GET_LIB/i#define ERR_GET_LIB(packed_error) ossl_ERR_GET_LIB(packed_error)' \ + --sed '/OPENSSL_INLINE int ERR_GET_REASON/i#define ERR_GET_REASON(packed_error) ossl_ERR_GET_REASON(packed_error)' \ + --uncomment-func-decl ERR_get_error \ + --uncomment-func-decl ERR_peek_error \ + --uncomment-func-decl ERR_peek_error_line_data \ + --uncomment-func-decl ERR_peek_last_error \ + --uncomment-func-decl ERR_error_string_n \ + --uncomment-func-decl ERR_lib_error_string \ + --uncomment-func-decl ERR_reason_error_string \ + --uncomment-func-decl ERR_print_errors_fp \ + --uncomment-func-decl ERR_clear_error \ + --uncomment-regex 'enum\s{' \ + --sed 's|^// \([ \t]*\)\(ERR_LIB_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 = ossl_\2,\n#endif|g' \ + --uncomment-regex '\s\sERR_NUM_LIBS' '};' \ + --uncomment-macro 'ERR_R_[A-Z0-9_]*_LIB' \ + --uncomment-macro-redef 'ERR_R_[[:alnum:]_]*' \ + --sed 's|ossl_ERR_R_OVERFLOW|ossl_ERR_R_INTERNAL_ERROR|' \ + --uncomment-func-decl ERR_error_string \ + --uncomment-macro ERR_ERROR_STRING_BUF_LEN \ + --sed '/OPENSSL_INLINE int ERR_GET_FUNC/i#define ERR_GET_FUNC(packed_error) ossl_ERR_GET_FUNC(packed_error)' \ + --uncomment-macro OPENSSL_PUT_ERROR \ + --uncomment-func-decl ERR_put_error \ + --uncomment-macro-redef ERR_NUM_ERRORS \ + --sed '/#define ERR_PACK/i#define ERR_PACK(lib, reason) ossl_ERR_PACK(lib, 0, reason)' diff --git a/bssl-compat/patch/include/openssl/evp.h.patch b/bssl-compat/patch/include/openssl/evp.h.patch deleted file mode 100644 index 0efa30fe9a..0000000000 --- a/bssl-compat/patch/include/openssl/evp.h.patch +++ /dev/null @@ -1,166 +0,0 @@ ---- a/include/openssl/evp.h -+++ b/include/openssl/evp.h -@@ -54,27 +54,27 @@ - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - --// #ifndef OPENSSL_HEADER_EVP_H --// #define OPENSSL_HEADER_EVP_H -+#ifndef OPENSSL_HEADER_EVP_H -+#define OPENSSL_HEADER_EVP_H - --// #include -+#include - --// #include --// #include -+#include -+#include - - // OpenSSL included digest and cipher functions in this header so we include - // them for users that still expect that. - // - // TODO(fork): clean up callers so that they include what they use. --// #include --// #include --// #include --// #include --// #include -+#include -+#include -+#include -+#include -+#include - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // EVP abstracts over public/private key algorithms. -@@ -90,11 +90,11 @@ - - // EVP_PKEY_new creates a new, empty public-key object and returns it or NULL - // on allocation failure. --// OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new(void); -+OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new(void); - - // EVP_PKEY_free frees all data referenced by |pkey| and then frees |pkey| - // itself. --// OPENSSL_EXPORT void EVP_PKEY_free(EVP_PKEY *pkey); -+OPENSSL_EXPORT void EVP_PKEY_free(EVP_PKEY *pkey); - - // EVP_PKEY_up_ref increments the reference count of |pkey| and returns one. It - // does not mutate |pkey| for thread-safety purposes and may be used -@@ -111,7 +111,7 @@ - // - // WARNING: this differs from the traditional return value of a "cmp" - // function. --// OPENSSL_EXPORT int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); -+OPENSSL_EXPORT int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); - - // EVP_PKEY_copy_parameters sets the parameters of |to| to equal the parameters - // of |from|. It returns one on success and zero on error. -@@ -134,7 +134,7 @@ - - // EVP_PKEY_id returns the type of |pkey|, which is one of the |EVP_PKEY_*| - // values. --// OPENSSL_EXPORT int EVP_PKEY_id(const EVP_PKEY *pkey); -+OPENSSL_EXPORT int EVP_PKEY_id(const EVP_PKEY *pkey); - - // EVP_PKEY_type returns |nid| if |nid| is a known key type and |NID_undef| - // otherwise. -@@ -157,9 +157,9 @@ - // may not be called concurrently with other operations on the |EVP_PKEY|. - - // OPENSSL_EXPORT int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key); --// OPENSSL_EXPORT int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key); --// OPENSSL_EXPORT RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey); --// OPENSSL_EXPORT RSA *EVP_PKEY_get1_RSA(const EVP_PKEY *pkey); -+OPENSSL_EXPORT int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key); -+OPENSSL_EXPORT RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey); -+OPENSSL_EXPORT RSA *EVP_PKEY_get1_RSA(const EVP_PKEY *pkey); - - // OPENSSL_EXPORT int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key); - // OPENSSL_EXPORT int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key); -@@ -167,9 +167,9 @@ - // OPENSSL_EXPORT DSA *EVP_PKEY_get1_DSA(const EVP_PKEY *pkey); - - // OPENSSL_EXPORT int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); --// OPENSSL_EXPORT int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); --// OPENSSL_EXPORT EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey); --// OPENSSL_EXPORT EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey); -+OPENSSL_EXPORT int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); -+OPENSSL_EXPORT EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey); -+OPENSSL_EXPORT EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey); - - #ifdef ossl_EVP_PKEY_NONE - #define EVP_PKEY_NONE ossl_EVP_PKEY_NONE -@@ -224,7 +224,7 @@ - // The caller must check the type of the parsed public key to ensure it is - // suitable and validate other desired key properties such as RSA modulus size - // or EC curve. --// OPENSSL_EXPORT EVP_PKEY *EVP_parse_public_key(CBS *cbs); -+OPENSSL_EXPORT EVP_PKEY *EVP_parse_public_key(CBS *cbs); - - // EVP_marshal_public_key marshals |key| as a DER-encoded SubjectPublicKeyInfo - // structure (RFC 5280) and appends the result to |cbb|. It returns one on -@@ -366,9 +366,9 @@ - // used concurrently with other non-mutating functions on |pkey|. - // - // It returns one on success, or zero on error. --// OPENSSL_EXPORT int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, --// const EVP_MD *type, ENGINE *e, --// EVP_PKEY *pkey); -+OPENSSL_EXPORT int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, -+ const EVP_MD *type, ENGINE *e, -+ EVP_PKEY *pkey); - - // EVP_DigestVerifyUpdate appends |len| bytes from |data| to the data which - // will be verified by |EVP_DigestVerifyFinal|. It returns one. -@@ -391,9 +391,9 @@ - - // EVP_DigestVerify verifies that |sig_len| bytes from |sig| are a valid - // signature for |data|. It returns one on success or zero on error. --// OPENSSL_EXPORT int EVP_DigestVerify(EVP_MD_CTX *ctx, const uint8_t *sig, --// size_t sig_len, const uint8_t *data, --// size_t len); -+OPENSSL_EXPORT int EVP_DigestVerify(EVP_MD_CTX *ctx, const uint8_t *sig, -+ size_t sig_len, const uint8_t *data, -+ size_t len); - - - // Signing (old functions) -@@ -1089,20 +1089,20 @@ - // } /* EVP_PKEY */; - - --// #if defined(__cplusplus) --// } // extern C -+#if defined(__cplusplus) -+} // extern C - --// extern "C++" { --// BSSL_NAMESPACE_BEGIN -+extern "C++" { -+BSSL_NAMESPACE_BEGIN - --// BORINGSSL_MAKE_DELETER(EVP_PKEY, EVP_PKEY_free) -+BORINGSSL_MAKE_DELETER(EVP_PKEY, EVP_PKEY_free) - // BORINGSSL_MAKE_UP_REF(EVP_PKEY, EVP_PKEY_up_ref) - // BORINGSSL_MAKE_DELETER(EVP_PKEY_CTX, EVP_PKEY_CTX_free) - --// BSSL_NAMESPACE_END -+BSSL_NAMESPACE_END - --// } // extern C++ -+} // extern C++ - --// #endif -+#endif - --// #endif // OPENSSL_HEADER_EVP_H -+#endif // OPENSSL_HEADER_EVP_H diff --git a/bssl-compat/patch/include/openssl/evp.h.sh b/bssl-compat/patch/include/openssl/evp.h.sh index 093c1f9bd8..1539f7ae10 100755 --- a/bssl-compat/patch/include/openssl/evp.h.sh +++ b/bssl-compat/patch/include/openssl/evp.h.sh @@ -1,6 +1,21 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(EVP_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' \ - -e 's|^// \(#[ \t]*define[ \t]*\)\(EVP_PKEY_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_]*NID_[a-zA-Z0-9_]*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' \ - "$1" +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --uncomment-func-decl EVP_PKEY_new \ + --uncomment-func-decl EVP_PKEY_free \ + --uncomment-func-decl EVP_PKEY_cmp \ + --uncomment-func-decl EVP_PKEY_id \ + --uncomment-func-decl EVP_PKEY_assign_RSA \ + --uncomment-func-decl EVP_PKEY_get0_RSA \ + --uncomment-func-decl EVP_PKEY_get1_RSA \ + --uncomment-func-decl EVP_PKEY_assign_EC_KEY \ + --uncomment-func-decl EVP_PKEY_get0_EC_KEY \ + --uncomment-func-decl EVP_PKEY_get1_EC_KEY \ + --uncomment-macro-redef 'EVP_PKEY_[A-Z0-9_]*' \ + --uncomment-func-decl EVP_parse_public_key \ + --uncomment-func-decl EVP_DigestVerifyInit \ + --uncomment-func-decl EVP_DigestVerify \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(EVP_PKEY,' diff --git a/bssl-compat/patch/include/openssl/ex_data.h.patch b/bssl-compat/patch/include/openssl/ex_data.h.patch deleted file mode 100644 index bab2f2d835..0000000000 --- a/bssl-compat/patch/include/openssl/ex_data.h.patch +++ /dev/null @@ -1,77 +0,0 @@ ---- a/include/openssl/ex_data.h -+++ b/include/openssl/ex_data.h -@@ -106,16 +106,16 @@ - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). */ - --// #ifndef OPENSSL_HEADER_EX_DATA_H --// #define OPENSSL_HEADER_EX_DATA_H -+#ifndef OPENSSL_HEADER_EX_DATA_H -+#define OPENSSL_HEADER_EX_DATA_H - --// #include -+#include - --// #include -+#include - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // ex_data is a mechanism for associating arbitrary extra data with objects. -@@ -125,7 +125,7 @@ - // duplicated. - - --// typedef struct crypto_ex_data_st CRYPTO_EX_DATA; -+typedef ossl_CRYPTO_EX_DATA CRYPTO_EX_DATA; - - - // Type-specific functions. -@@ -171,8 +171,8 @@ - // This callback may be called with a NULL value for |ptr| if |parent| has no - // value set for this index. However, the callbacks may also be skipped entirely - // if no extra data pointers are set on |parent| at all. --// typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, --// int index, long argl, void *argp); -+typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, -+ int index, long argl, void *argp); - - - // Deprecated functions. -@@ -181,23 +181,23 @@ - // OPENSSL_EXPORT void CRYPTO_cleanup_all_ex_data(void); - - // CRYPTO_EX_dup is a legacy callback function type which is ignored. --// typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, --// void **from_d, int index, long argl, void *argp); -+typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, -+ void **from_d, int index, long argl, void *argp); - - - // Private structures. - - // CRYPTO_EX_unused is a placeholder for an unused callback. It is aliased to - // int to ensure non-NULL callers fail to compile rather than fail silently. --// typedef int CRYPTO_EX_unused; -+typedef int CRYPTO_EX_unused; - - // struct crypto_ex_data_st { - // STACK_OF(void) *sk; - // }; - - --// #if defined(__cplusplus) --// } // extern C --// #endif -+#if defined(__cplusplus) -+} // extern C -+#endif - --// #endif // OPENSSL_HEADER_EX_DATA_H -+#endif // OPENSSL_HEADER_EX_DATA_H diff --git a/bssl-compat/patch/include/openssl/ex_data.h.sh b/bssl-compat/patch/include/openssl/ex_data.h.sh new file mode 100755 index 0000000000..3ea13d2d02 --- /dev/null +++ b/bssl-compat/patch/include/openssl/ex_data.h.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --uncomment-typedef-redef CRYPTO_EX_DATA \ + --uncomment-typedef CRYPTO_EX_free \ + --uncomment-typedef CRYPTO_EX_dup \ + --uncomment-typedef CRYPTO_EX_unused diff --git a/bssl-compat/patch/include/openssl/hkdf.h.sh b/bssl-compat/patch/include/openssl/hkdf.h.sh index 698374ee95..3e63af85a1 100755 --- a/bssl-compat/patch/include/openssl/hkdf.h.sh +++ b/bssl-compat/patch/include/openssl/hkdf.h.sh @@ -1,4 +1,6 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(HKDF_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail +uncomment.sh "$1" --comment -h \ + --uncomment-macro-redef 'HKDF_R_[a-zA-Z0-9_]*' diff --git a/bssl-compat/patch/include/openssl/hmac.h.patch b/bssl-compat/patch/include/openssl/hmac.h.patch deleted file mode 100644 index 7e3f970def..0000000000 --- a/bssl-compat/patch/include/openssl/hmac.h.patch +++ /dev/null @@ -1,144 +0,0 @@ ---- a/include/openssl/hmac.h -+++ b/include/openssl/hmac.h -@@ -54,16 +54,16 @@ - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - --// #ifndef OPENSSL_HEADER_HMAC_H --// #define OPENSSL_HEADER_HMAC_H -+#ifndef OPENSSL_HEADER_HMAC_H -+#define OPENSSL_HEADER_HMAC_H - --// #include -+#include - --// #include -+#include - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // HMAC contains functions for constructing PRFs from Merkle–Damgård hash -@@ -77,10 +77,10 @@ - // contain at least |EVP_MD_size| bytes of space. The actual length of the - // result is written to |*out_len|. An output size of |EVP_MAX_MD_SIZE| will - // always be large enough. It returns |out| or NULL on error. --// OPENSSL_EXPORT uint8_t *HMAC(const EVP_MD *evp_md, const void *key, --// size_t key_len, const uint8_t *data, --// size_t data_len, uint8_t *out, --// unsigned int *out_len); -+OPENSSL_EXPORT uint8_t *HMAC(const EVP_MD *evp_md, const void *key, -+ size_t key_len, const uint8_t *data, -+ size_t data_len, uint8_t *out, -+ unsigned int *out_len); - - - // Incremental operation. -@@ -93,7 +93,7 @@ - // HMAC_CTX_new allocates and initialises a new |HMAC_CTX| and returns it, or - // NULL on allocation failure. The caller must use |HMAC_CTX_free| to release - // the resulting object. --// OPENSSL_EXPORT HMAC_CTX *HMAC_CTX_new(void); -+OPENSSL_EXPORT HMAC_CTX *HMAC_CTX_new(void); - - // HMAC_CTX_cleanup frees data owned by |ctx|. It does not free |ctx| itself. - // OPENSSL_EXPORT void HMAC_CTX_cleanup(HMAC_CTX *ctx); -@@ -103,7 +103,7 @@ - // OPENSSL_EXPORT void HMAC_CTX_cleanse(HMAC_CTX *ctx); - - // HMAC_CTX_free calls |HMAC_CTX_cleanup| and then frees |ctx| itself. --// OPENSSL_EXPORT void HMAC_CTX_free(HMAC_CTX *ctx); -+OPENSSL_EXPORT void HMAC_CTX_free(HMAC_CTX *ctx); - - // HMAC_Init_ex sets up an initialised |HMAC_CTX| to use |md| as the hash - // function and |key| as the key. For a non-initial call, |md| may be NULL, in -@@ -114,21 +114,21 @@ - // WARNING: NULL and empty keys are ambiguous on non-initial calls. Passing NULL - // |key| but repeating the previous |md| reuses the previous key rather than the - // empty key. --// OPENSSL_EXPORT int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t key_len, --// const EVP_MD *md, ENGINE *impl); -+OPENSSL_EXPORT int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t key_len, -+ const EVP_MD *md, ENGINE *impl); - - // HMAC_Update hashes |data_len| bytes from |data| into the current HMAC - // operation in |ctx|. It returns one. --// OPENSSL_EXPORT int HMAC_Update(HMAC_CTX *ctx, const uint8_t *data, --// size_t data_len); -+OPENSSL_EXPORT int HMAC_Update(HMAC_CTX *ctx, const uint8_t *data, -+ size_t data_len); - - // HMAC_Final completes the HMAC operation in |ctx| and writes the result to - // |out| and the sets |*out_len| to the length of the result. On entry, |out| - // must contain at least |HMAC_size| bytes of space. An output size of - // |EVP_MAX_MD_SIZE| will always be large enough. It returns one on success or - // zero on allocation failure. --// OPENSSL_EXPORT int HMAC_Final(HMAC_CTX *ctx, uint8_t *out, --// unsigned int *out_len); -+OPENSSL_EXPORT int HMAC_Final(HMAC_CTX *ctx, uint8_t *out, -+ unsigned int *out_len); - - - // Utility functions. -@@ -167,24 +167,44 @@ - // } /* HMAC_CTX */; - - --// #if defined(__cplusplus) --// } // extern C -+#if defined(__cplusplus) -+} // extern C - --// #if !defined(BORINGSSL_NO_CXX) --// extern "C++" { -+#if !defined(BORINGSSL_NO_CXX) -+extern "C++" { - --// BSSL_NAMESPACE_BEGIN -+BSSL_NAMESPACE_BEGIN - - // BORINGSSL_MAKE_DELETER(HMAC_CTX, HMAC_CTX_free) - --// using ScopedHMAC_CTX = --// internal::StackAllocated; -+class ScopedHMAC_CTX { -+ public: -+ ScopedHMAC_CTX() : ctx_{HMAC_CTX_new()} {} -+ ~ScopedHMAC_CTX() { HMAC_CTX_free(ctx_); } - --// BSSL_NAMESPACE_END -+ ScopedHMAC_CTX(const ScopedHMAC_CTX &) = delete; -+ ScopedHMAC_CTX& operator=(const ScopedHMAC_CTX &) = delete; - --// } // extern C++ --// #endif -+ HMAC_CTX *get() { return ctx_; } -+ const HMAC_CTX *get() const { return ctx_; } - --// #endif -+ HMAC_CTX *operator->() { return ctx_; } -+ const HMAC_CTX *operator->() const { return ctx_; } - --// #endif // OPENSSL_HEADER_HMAC_H -+ void Reset() { -+ HMAC_CTX_free(ctx_); -+ ctx_ = HMAC_CTX_new(); -+ } -+ -+ private: -+ HMAC_CTX *ctx_; -+}; -+ -+BSSL_NAMESPACE_END -+ -+} // extern C++ -+#endif -+ -+#endif -+ -+#endif // OPENSSL_HEADER_HMAC_H diff --git a/bssl-compat/patch/include/openssl/hmac.h.sh b/bssl-compat/patch/include/openssl/hmac.h.sh index 6e0770df12..792e2c99c4 100755 --- a/bssl-compat/patch/include/openssl/hmac.h.sh +++ b/bssl-compat/patch/include/openssl/hmac.h.sh @@ -1,4 +1,40 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(HMAC_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail +MYTMPDIR="$(mktemp -d)" +trap 'rm -rf -- "$MYTMPDIR"' EXIT + +cat > "$MYTMPDIR/ScopedHMAC_CTX.h" <() { return ctx_; } + const HMAC_CTX *operator->() const { return ctx_; } + + void Reset() { + HMAC_CTX_free(ctx_); + ctx_ = HMAC_CTX_new(); + } + + private: + HMAC_CTX *ctx_; +}; +EOF + +uncomment.sh "$1" --comment -h \ + --uncomment-func-decl HMAC \ + --uncomment-func-decl HMAC_CTX_new \ + --uncomment-func-decl HMAC_CTX_free \ + --uncomment-func-decl HMAC_Init_ex \ + --uncomment-func-decl HMAC_Update \ + --uncomment-func-decl HMAC_Final \ + --sed "/^\/\/ using ScopedHMAC_CTX/ e cat $MYTMPDIR/ScopedHMAC_CTX.h" diff --git a/bssl-compat/patch/include/openssl/md5.h.patch b/bssl-compat/patch/include/openssl/md5.h.patch deleted file mode 100644 index 74686558c7..0000000000 --- a/bssl-compat/patch/include/openssl/md5.h.patch +++ /dev/null @@ -1,56 +0,0 @@ ---- a/include/openssl/md5.h -+++ b/include/openssl/md5.h -@@ -54,14 +54,14 @@ - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - --// #ifndef OPENSSL_HEADER_MD5_H --// #define OPENSSL_HEADER_MD5_H -+#ifndef OPENSSL_HEADER_MD5_H -+#define OPENSSL_HEADER_MD5_H - --// #include -+#include - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // MD5. -@@ -71,7 +71,7 @@ - // #define MD5_CBLOCK 64 - - // MD5_DIGEST_LENGTH is the length of an MD5 digest. --// #define MD5_DIGEST_LENGTH 16 -+#define MD5_DIGEST_LENGTH 16 - - // MD5_Init initialises |md5| and returns one. - // OPENSSL_EXPORT int MD5_Init(MD5_CTX *md5); -@@ -86,8 +86,8 @@ - - // MD5 writes the digest of |len| bytes from |data| to |out| and returns |out|. - // There must be at least |MD5_DIGEST_LENGTH| bytes of space in |out|. --// OPENSSL_EXPORT uint8_t *MD5(const uint8_t *data, size_t len, --// uint8_t out[MD5_DIGEST_LENGTH]); -+OPENSSL_EXPORT uint8_t *MD5(const uint8_t *data, size_t len, -+ uint8_t out[MD5_DIGEST_LENGTH]); - - // MD5_Transform is a low-level function that performs a single, MD5 block - // transformation using the state from |md5| and 64 bytes from |block|. -@@ -102,8 +102,8 @@ - // }; - - --// #if defined(__cplusplus) --// } // extern C --// #endif -+#if defined(__cplusplus) -+} // extern C -+#endif - --// #endif // OPENSSL_HEADER_MD5_H -+#endif // OPENSSL_HEADER_MD5_H diff --git a/bssl-compat/patch/include/openssl/md5.h.sh b/bssl-compat/patch/include/openssl/md5.h.sh new file mode 100755 index 0000000000..eaee19a40a --- /dev/null +++ b/bssl-compat/patch/include/openssl/md5.h.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --uncomment-macro MD5_DIGEST_LENGTH \ + --uncomment-func-decl MD5 diff --git a/bssl-compat/patch/include/openssl/mem.h.patch b/bssl-compat/patch/include/openssl/mem.h.patch deleted file mode 100644 index c168653a2b..0000000000 --- a/bssl-compat/patch/include/openssl/mem.h.patch +++ /dev/null @@ -1,108 +0,0 @@ ---- a/include/openssl/mem.h -+++ b/include/openssl/mem.h -@@ -54,17 +54,17 @@ - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - --// #ifndef OPENSSL_HEADER_MEM_H --// #define OPENSSL_HEADER_MEM_H -+#ifndef OPENSSL_HEADER_MEM_H -+#define OPENSSL_HEADER_MEM_H - --// #include -+#include - --// #include --// #include -+#include -+#include - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // Memory and string functions, see also buf.h. -@@ -76,16 +76,16 @@ - - - // OPENSSL_malloc acts like a regular |malloc|. --// OPENSSL_EXPORT void *OPENSSL_malloc(size_t size); -+OPENSSL_EXPORT void *OPENSSL_malloc(size_t size); - - // OPENSSL_free does nothing if |ptr| is NULL. Otherwise it zeros out the - // memory allocated at |ptr| and frees it. --// OPENSSL_EXPORT void OPENSSL_free(void *ptr); -+OPENSSL_EXPORT void OPENSSL_free(void *ptr); - - // OPENSSL_realloc returns a pointer to a buffer of |new_size| bytes that - // contains the contents of |ptr|. Unlike |realloc|, a new buffer is always - // allocated and the data at |ptr| is always wiped and freed. --// OPENSSL_EXPORT void *OPENSSL_realloc(void *ptr, size_t new_size); -+OPENSSL_EXPORT void *OPENSSL_realloc(void *ptr, size_t new_size); - - // OPENSSL_cleanse zeros out |len| bytes of memory at |ptr|. This is similar to - // |memset_s| from C11. -@@ -96,7 +96,7 @@ - // of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a - // defined order as the return value when a != b is undefined, other than to be - // non-zero. --// OPENSSL_EXPORT int CRYPTO_memcmp(const void *a, const void *b, size_t len); -+OPENSSL_EXPORT int CRYPTO_memcmp(const void *a, const void *b, size_t len); - - // OPENSSL_hash32 implements the 32 bit, FNV-1a hash. - // OPENSSL_EXPORT uint32_t OPENSSL_hash32(const void *ptr, size_t len); -@@ -124,8 +124,8 @@ - // #define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) - - // BIO_snprintf has the same behavior as snprintf(3). --// OPENSSL_EXPORT int BIO_snprintf(char *buf, size_t n, const char *format, ...) --// OPENSSL_PRINTF_FORMAT_FUNC(3, 4); -+OPENSSL_EXPORT int BIO_snprintf(char *buf, size_t n, const char *format, ...) -+ OPENSSL_PRINTF_FORMAT_FUNC(3, 4); - - // BIO_vsnprintf has the same behavior as vsnprintf(3). - // OPENSSL_EXPORT int BIO_vsnprintf(char *buf, size_t n, const char *format, -@@ -137,7 +137,7 @@ - - // OPENSSL_memdup returns an allocated, duplicate of |size| bytes from |data| or - // NULL on allocation failure. --// OPENSSL_EXPORT void *OPENSSL_memdup(const void *data, size_t size); -+OPENSSL_EXPORT void *OPENSSL_memdup(const void *data, size_t size); - - // OPENSSL_strlcpy acts like strlcpy(3). - // OPENSSL_EXPORT size_t OPENSSL_strlcpy(char *dst, const char *src, -@@ -165,20 +165,20 @@ - // OPENSSL_EXPORT void OPENSSL_clear_free(void *ptr, size_t len); - - --// #if defined(__cplusplus) --// } // extern C -+#if defined(__cplusplus) -+} // extern C - --// extern "C++" { -+extern "C++" { - --// BSSL_NAMESPACE_BEGIN -+BSSL_NAMESPACE_BEGIN - --// BORINGSSL_MAKE_DELETER(char, OPENSSL_free) --// BORINGSSL_MAKE_DELETER(uint8_t, OPENSSL_free) -+BORINGSSL_MAKE_DELETER(char, OPENSSL_free) -+BORINGSSL_MAKE_DELETER(uint8_t, OPENSSL_free) - --// BSSL_NAMESPACE_END -+BSSL_NAMESPACE_END - --// } // extern C++ -+} // extern C++ - --// #endif -+#endif - --// #endif // OPENSSL_HEADER_MEM_H -+#endif // OPENSSL_HEADER_MEM_H diff --git a/bssl-compat/patch/include/openssl/mem.h.sh b/bssl-compat/patch/include/openssl/mem.h.sh new file mode 100755 index 0000000000..fee198db64 --- /dev/null +++ b/bssl-compat/patch/include/openssl/mem.h.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --uncomment-func-decl OPENSSL_malloc \ + --uncomment-func-decl OPENSSL_free \ + --uncomment-func-decl OPENSSL_realloc \ + --uncomment-func-decl CRYPTO_memcmp \ + --uncomment-func-decl OPENSSL_isdigit \ + --uncomment-func-decl OPENSSL_fromxdigit \ + --uncomment-func-decl OPENSSL_isspace \ + --uncomment-func-decl BIO_snprintf \ + --uncomment-func-decl OPENSSL_memdup \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(char,' \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(uint8_t,' diff --git a/bssl-compat/patch/include/openssl/nid.h.patch b/bssl-compat/patch/include/openssl/nid.h.patch deleted file mode 100644 index 82e6caca7c..0000000000 --- a/bssl-compat/patch/include/openssl/nid.h.patch +++ /dev/null @@ -1,14650 +0,0 @@ ---- a/include/openssl/nid.h -+++ b/include/openssl/nid.h -@@ -56,14 +56,14 @@ - - /* This file is generated by crypto/obj/objects.go. */ - --// #ifndef OPENSSL_HEADER_NID_H --// #define OPENSSL_HEADER_NID_H -+#ifndef OPENSSL_HEADER_NID_H -+#define OPENSSL_HEADER_NID_H - --// #include -+#include - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - /* The nid library provides numbered values for ASN.1 object identifiers and -@@ -80,4184 +80,10446 @@ - * stable identifiers. */ - - --// #define SN_undef "UNDEF" --// #define LN_undef "undefined" --// #define NID_undef 0 --// #define OBJ_undef 0L -- --// #define SN_rsadsi "rsadsi" --// #define LN_rsadsi "RSA Data Security, Inc." --// #define NID_rsadsi 1 --// #define OBJ_rsadsi 1L, 2L, 840L, 113549L -- --// #define SN_pkcs "pkcs" --// #define LN_pkcs "RSA Data Security, Inc. PKCS" --// #define NID_pkcs 2 --// #define OBJ_pkcs 1L, 2L, 840L, 113549L, 1L -- --// #define SN_md2 "MD2" --// #define LN_md2 "md2" --// #define NID_md2 3 --// #define OBJ_md2 1L, 2L, 840L, 113549L, 2L, 2L -- --// #define SN_md5 "MD5" --// #define LN_md5 "md5" --// #define NID_md5 4 --// #define OBJ_md5 1L, 2L, 840L, 113549L, 2L, 5L -- --// #define SN_rc4 "RC4" --// #define LN_rc4 "rc4" --// #define NID_rc4 5 --// #define OBJ_rc4 1L, 2L, 840L, 113549L, 3L, 4L -- --// #define LN_rsaEncryption "rsaEncryption" --// #define NID_rsaEncryption 6 --// #define OBJ_rsaEncryption 1L, 2L, 840L, 113549L, 1L, 1L, 1L -- --// #define SN_md2WithRSAEncryption "RSA-MD2" --// #define LN_md2WithRSAEncryption "md2WithRSAEncryption" --// #define NID_md2WithRSAEncryption 7 --// #define OBJ_md2WithRSAEncryption 1L, 2L, 840L, 113549L, 1L, 1L, 2L -- --// #define SN_md5WithRSAEncryption "RSA-MD5" --// #define LN_md5WithRSAEncryption "md5WithRSAEncryption" --// #define NID_md5WithRSAEncryption 8 --// #define OBJ_md5WithRSAEncryption 1L, 2L, 840L, 113549L, 1L, 1L, 4L -- --// #define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" --// #define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" --// #define NID_pbeWithMD2AndDES_CBC 9 --// #define OBJ_pbeWithMD2AndDES_CBC 1L, 2L, 840L, 113549L, 1L, 5L, 1L -- --// #define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" --// #define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" --// #define NID_pbeWithMD5AndDES_CBC 10 --// #define OBJ_pbeWithMD5AndDES_CBC 1L, 2L, 840L, 113549L, 1L, 5L, 3L -- --// #define SN_X500 "X500" --// #define LN_X500 "directory services (X.500)" --// #define NID_X500 11 --// #define OBJ_X500 2L, 5L -- --// #define SN_X509 "X509" --// #define NID_X509 12 --// #define OBJ_X509 2L, 5L, 4L -- --// #define SN_commonName "CN" --// #define LN_commonName "commonName" --// #define NID_commonName 13 --// #define OBJ_commonName 2L, 5L, 4L, 3L -- --// #define SN_countryName "C" --// #define LN_countryName "countryName" --// #define NID_countryName 14 --// #define OBJ_countryName 2L, 5L, 4L, 6L -- --// #define SN_localityName "L" --// #define LN_localityName "localityName" --// #define NID_localityName 15 --// #define OBJ_localityName 2L, 5L, 4L, 7L -- --// #define SN_stateOrProvinceName "ST" --// #define LN_stateOrProvinceName "stateOrProvinceName" --// #define NID_stateOrProvinceName 16 --// #define OBJ_stateOrProvinceName 2L, 5L, 4L, 8L -- --// #define SN_organizationName "O" --// #define LN_organizationName "organizationName" --// #define NID_organizationName 17 --// #define OBJ_organizationName 2L, 5L, 4L, 10L -- --// #define SN_organizationalUnitName "OU" --// #define LN_organizationalUnitName "organizationalUnitName" --// #define NID_organizationalUnitName 18 --// #define OBJ_organizationalUnitName 2L, 5L, 4L, 11L -- --// #define SN_rsa "RSA" --// #define LN_rsa "rsa" --// #define NID_rsa 19 --// #define OBJ_rsa 2L, 5L, 8L, 1L, 1L -- --// #define SN_pkcs7 "pkcs7" --// #define NID_pkcs7 20 --// #define OBJ_pkcs7 1L, 2L, 840L, 113549L, 1L, 7L -- --// #define LN_pkcs7_data "pkcs7-data" --// #define NID_pkcs7_data 21 --// #define OBJ_pkcs7_data 1L, 2L, 840L, 113549L, 1L, 7L, 1L -- --// #define LN_pkcs7_signed "pkcs7-signedData" --// #define NID_pkcs7_signed 22 --// #define OBJ_pkcs7_signed 1L, 2L, 840L, 113549L, 1L, 7L, 2L -- --// #define LN_pkcs7_enveloped "pkcs7-envelopedData" --// #define NID_pkcs7_enveloped 23 --// #define OBJ_pkcs7_enveloped 1L, 2L, 840L, 113549L, 1L, 7L, 3L -- --// #define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" --// #define NID_pkcs7_signedAndEnveloped 24 --// #define OBJ_pkcs7_signedAndEnveloped 1L, 2L, 840L, 113549L, 1L, 7L, 4L -- --// #define LN_pkcs7_digest "pkcs7-digestData" --// #define NID_pkcs7_digest 25 --// #define OBJ_pkcs7_digest 1L, 2L, 840L, 113549L, 1L, 7L, 5L -- --// #define LN_pkcs7_encrypted "pkcs7-encryptedData" --// #define NID_pkcs7_encrypted 26 --// #define OBJ_pkcs7_encrypted 1L, 2L, 840L, 113549L, 1L, 7L, 6L -- --// #define SN_pkcs3 "pkcs3" --// #define NID_pkcs3 27 --// #define OBJ_pkcs3 1L, 2L, 840L, 113549L, 1L, 3L -- --// #define LN_dhKeyAgreement "dhKeyAgreement" --// #define NID_dhKeyAgreement 28 --// #define OBJ_dhKeyAgreement 1L, 2L, 840L, 113549L, 1L, 3L, 1L -- --// #define SN_des_ecb "DES-ECB" --// #define LN_des_ecb "des-ecb" --// #define NID_des_ecb 29 --// #define OBJ_des_ecb 1L, 3L, 14L, 3L, 2L, 6L -- --// #define SN_des_cfb64 "DES-CFB" --// #define LN_des_cfb64 "des-cfb" --// #define NID_des_cfb64 30 --// #define OBJ_des_cfb64 1L, 3L, 14L, 3L, 2L, 9L -- --// #define SN_des_cbc "DES-CBC" --// #define LN_des_cbc "des-cbc" --// #define NID_des_cbc 31 --// #define OBJ_des_cbc 1L, 3L, 14L, 3L, 2L, 7L -- --// #define SN_des_ede_ecb "DES-EDE" --// #define LN_des_ede_ecb "des-ede" --// #define NID_des_ede_ecb 32 --// #define OBJ_des_ede_ecb 1L, 3L, 14L, 3L, 2L, 17L -- --// #define SN_des_ede3_ecb "DES-EDE3" --// #define LN_des_ede3_ecb "des-ede3" --// #define NID_des_ede3_ecb 33 -- --// #define SN_idea_cbc "IDEA-CBC" --// #define LN_idea_cbc "idea-cbc" --// #define NID_idea_cbc 34 --// #define OBJ_idea_cbc 1L, 3L, 6L, 1L, 4L, 1L, 188L, 7L, 1L, 1L, 2L -- --// #define SN_idea_cfb64 "IDEA-CFB" --// #define LN_idea_cfb64 "idea-cfb" --// #define NID_idea_cfb64 35 -- --// #define SN_idea_ecb "IDEA-ECB" --// #define LN_idea_ecb "idea-ecb" --// #define NID_idea_ecb 36 -- --// #define SN_rc2_cbc "RC2-CBC" --// #define LN_rc2_cbc "rc2-cbc" --// #define NID_rc2_cbc 37 --// #define OBJ_rc2_cbc 1L, 2L, 840L, 113549L, 3L, 2L -- --// #define SN_rc2_ecb "RC2-ECB" --// #define LN_rc2_ecb "rc2-ecb" --// #define NID_rc2_ecb 38 -- --// #define SN_rc2_cfb64 "RC2-CFB" --// #define LN_rc2_cfb64 "rc2-cfb" --// #define NID_rc2_cfb64 39 -- --// #define SN_rc2_ofb64 "RC2-OFB" --// #define LN_rc2_ofb64 "rc2-ofb" --// #define NID_rc2_ofb64 40 -- --// #define SN_sha "SHA" --// #define LN_sha "sha" --// #define NID_sha 41 --// #define OBJ_sha 1L, 3L, 14L, 3L, 2L, 18L -- --// #define SN_shaWithRSAEncryption "RSA-SHA" --// #define LN_shaWithRSAEncryption "shaWithRSAEncryption" --// #define NID_shaWithRSAEncryption 42 --// #define OBJ_shaWithRSAEncryption 1L, 3L, 14L, 3L, 2L, 15L -- --// #define SN_des_ede_cbc "DES-EDE-CBC" --// #define LN_des_ede_cbc "des-ede-cbc" --// #define NID_des_ede_cbc 43 -- --// #define SN_des_ede3_cbc "DES-EDE3-CBC" --// #define LN_des_ede3_cbc "des-ede3-cbc" --// #define NID_des_ede3_cbc 44 --// #define OBJ_des_ede3_cbc 1L, 2L, 840L, 113549L, 3L, 7L -- --// #define SN_des_ofb64 "DES-OFB" --// #define LN_des_ofb64 "des-ofb" --// #define NID_des_ofb64 45 --// #define OBJ_des_ofb64 1L, 3L, 14L, 3L, 2L, 8L -- --// #define SN_idea_ofb64 "IDEA-OFB" --// #define LN_idea_ofb64 "idea-ofb" --// #define NID_idea_ofb64 46 -- --// #define SN_pkcs9 "pkcs9" --// #define NID_pkcs9 47 --// #define OBJ_pkcs9 1L, 2L, 840L, 113549L, 1L, 9L -- --// #define LN_pkcs9_emailAddress "emailAddress" --// #define NID_pkcs9_emailAddress 48 --// #define OBJ_pkcs9_emailAddress 1L, 2L, 840L, 113549L, 1L, 9L, 1L -- --// #define LN_pkcs9_unstructuredName "unstructuredName" --// #define NID_pkcs9_unstructuredName 49 --// #define OBJ_pkcs9_unstructuredName 1L, 2L, 840L, 113549L, 1L, 9L, 2L -- --// #define LN_pkcs9_contentType "contentType" --// #define NID_pkcs9_contentType 50 --// #define OBJ_pkcs9_contentType 1L, 2L, 840L, 113549L, 1L, 9L, 3L -- --// #define LN_pkcs9_messageDigest "messageDigest" --// #define NID_pkcs9_messageDigest 51 --// #define OBJ_pkcs9_messageDigest 1L, 2L, 840L, 113549L, 1L, 9L, 4L -- --// #define LN_pkcs9_signingTime "signingTime" --// #define NID_pkcs9_signingTime 52 --// #define OBJ_pkcs9_signingTime 1L, 2L, 840L, 113549L, 1L, 9L, 5L -- --// #define LN_pkcs9_countersignature "countersignature" --// #define NID_pkcs9_countersignature 53 --// #define OBJ_pkcs9_countersignature 1L, 2L, 840L, 113549L, 1L, 9L, 6L -- --// #define LN_pkcs9_challengePassword "challengePassword" --// #define NID_pkcs9_challengePassword 54 --// #define OBJ_pkcs9_challengePassword 1L, 2L, 840L, 113549L, 1L, 9L, 7L -- --// #define LN_pkcs9_unstructuredAddress "unstructuredAddress" --// #define NID_pkcs9_unstructuredAddress 55 --// #define OBJ_pkcs9_unstructuredAddress 1L, 2L, 840L, 113549L, 1L, 9L, 8L -- --// #define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" --// #define NID_pkcs9_extCertAttributes 56 --// #define OBJ_pkcs9_extCertAttributes 1L, 2L, 840L, 113549L, 1L, 9L, 9L -- --// #define SN_netscape "Netscape" --// #define LN_netscape "Netscape Communications Corp." --// #define NID_netscape 57 --// #define OBJ_netscape 2L, 16L, 840L, 1L, 113730L -- --// #define SN_netscape_cert_extension "nsCertExt" --// #define LN_netscape_cert_extension "Netscape Certificate Extension" --// #define NID_netscape_cert_extension 58 --// #define OBJ_netscape_cert_extension 2L, 16L, 840L, 1L, 113730L, 1L -- --// #define SN_netscape_data_type "nsDataType" --// #define LN_netscape_data_type "Netscape Data Type" --// #define NID_netscape_data_type 59 --// #define OBJ_netscape_data_type 2L, 16L, 840L, 1L, 113730L, 2L -- --// #define SN_des_ede_cfb64 "DES-EDE-CFB" --// #define LN_des_ede_cfb64 "des-ede-cfb" --// #define NID_des_ede_cfb64 60 -- --// #define SN_des_ede3_cfb64 "DES-EDE3-CFB" --// #define LN_des_ede3_cfb64 "des-ede3-cfb" --// #define NID_des_ede3_cfb64 61 -- --// #define SN_des_ede_ofb64 "DES-EDE-OFB" --// #define LN_des_ede_ofb64 "des-ede-ofb" --// #define NID_des_ede_ofb64 62 -- --// #define SN_des_ede3_ofb64 "DES-EDE3-OFB" --// #define LN_des_ede3_ofb64 "des-ede3-ofb" --// #define NID_des_ede3_ofb64 63 -- --// #define SN_sha1 "SHA1" --// #define LN_sha1 "sha1" --// #define NID_sha1 64 --// #define OBJ_sha1 1L, 3L, 14L, 3L, 2L, 26L -- --// #define SN_sha1WithRSAEncryption "RSA-SHA1" --// #define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" --// #define NID_sha1WithRSAEncryption 65 --// #define OBJ_sha1WithRSAEncryption 1L, 2L, 840L, 113549L, 1L, 1L, 5L -- --// #define SN_dsaWithSHA "DSA-SHA" --// #define LN_dsaWithSHA "dsaWithSHA" --// #define NID_dsaWithSHA 66 --// #define OBJ_dsaWithSHA 1L, 3L, 14L, 3L, 2L, 13L -- --// #define SN_dsa_2 "DSA-old" --// #define LN_dsa_2 "dsaEncryption-old" --// #define NID_dsa_2 67 --// #define OBJ_dsa_2 1L, 3L, 14L, 3L, 2L, 12L -- --// #define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" --// #define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" --// #define NID_pbeWithSHA1AndRC2_CBC 68 --// #define OBJ_pbeWithSHA1AndRC2_CBC 1L, 2L, 840L, 113549L, 1L, 5L, 11L -- --// #define LN_id_pbkdf2 "PBKDF2" --// #define NID_id_pbkdf2 69 --// #define OBJ_id_pbkdf2 1L, 2L, 840L, 113549L, 1L, 5L, 12L -- --// #define SN_dsaWithSHA1_2 "DSA-SHA1-old" --// #define LN_dsaWithSHA1_2 "dsaWithSHA1-old" --// #define NID_dsaWithSHA1_2 70 --// #define OBJ_dsaWithSHA1_2 1L, 3L, 14L, 3L, 2L, 27L -- --// #define SN_netscape_cert_type "nsCertType" --// #define LN_netscape_cert_type "Netscape Cert Type" --// #define NID_netscape_cert_type 71 --// #define OBJ_netscape_cert_type 2L, 16L, 840L, 1L, 113730L, 1L, 1L -- --// #define SN_netscape_base_url "nsBaseUrl" --// #define LN_netscape_base_url "Netscape Base Url" --// #define NID_netscape_base_url 72 --// #define OBJ_netscape_base_url 2L, 16L, 840L, 1L, 113730L, 1L, 2L -- --// #define SN_netscape_revocation_url "nsRevocationUrl" --// #define LN_netscape_revocation_url "Netscape Revocation Url" --// #define NID_netscape_revocation_url 73 --// #define OBJ_netscape_revocation_url 2L, 16L, 840L, 1L, 113730L, 1L, 3L -- --// #define SN_netscape_ca_revocation_url "nsCaRevocationUrl" --// #define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" --// #define NID_netscape_ca_revocation_url 74 --// #define OBJ_netscape_ca_revocation_url 2L, 16L, 840L, 1L, 113730L, 1L, 4L -- --// #define SN_netscape_renewal_url "nsRenewalUrl" --// #define LN_netscape_renewal_url "Netscape Renewal Url" --// #define NID_netscape_renewal_url 75 --// #define OBJ_netscape_renewal_url 2L, 16L, 840L, 1L, 113730L, 1L, 7L -- --// #define SN_netscape_ca_policy_url "nsCaPolicyUrl" --// #define LN_netscape_ca_policy_url "Netscape CA Policy Url" --// #define NID_netscape_ca_policy_url 76 --// #define OBJ_netscape_ca_policy_url 2L, 16L, 840L, 1L, 113730L, 1L, 8L -- --// #define SN_netscape_ssl_server_name "nsSslServerName" --// #define LN_netscape_ssl_server_name "Netscape SSL Server Name" --// #define NID_netscape_ssl_server_name 77 --// #define OBJ_netscape_ssl_server_name 2L, 16L, 840L, 1L, 113730L, 1L, 12L -- --// #define SN_netscape_comment "nsComment" --// #define LN_netscape_comment "Netscape Comment" --// #define NID_netscape_comment 78 --// #define OBJ_netscape_comment 2L, 16L, 840L, 1L, 113730L, 1L, 13L -- --// #define SN_netscape_cert_sequence "nsCertSequence" --// #define LN_netscape_cert_sequence "Netscape Certificate Sequence" --// #define NID_netscape_cert_sequence 79 --// #define OBJ_netscape_cert_sequence 2L, 16L, 840L, 1L, 113730L, 2L, 5L -- --// #define SN_desx_cbc "DESX-CBC" --// #define LN_desx_cbc "desx-cbc" --// #define NID_desx_cbc 80 -- --// #define SN_id_ce "id-ce" --// #define NID_id_ce 81 --// #define OBJ_id_ce 2L, 5L, 29L -- --// #define SN_subject_key_identifier "subjectKeyIdentifier" --// #define LN_subject_key_identifier "X509v3 Subject Key Identifier" --// #define NID_subject_key_identifier 82 --// #define OBJ_subject_key_identifier 2L, 5L, 29L, 14L -- --// #define SN_key_usage "keyUsage" --// #define LN_key_usage "X509v3 Key Usage" --// #define NID_key_usage 83 --// #define OBJ_key_usage 2L, 5L, 29L, 15L -- --// #define SN_private_key_usage_period "privateKeyUsagePeriod" --// #define LN_private_key_usage_period "X509v3 Private Key Usage Period" --// #define NID_private_key_usage_period 84 --// #define OBJ_private_key_usage_period 2L, 5L, 29L, 16L -- --// #define SN_subject_alt_name "subjectAltName" --// #define LN_subject_alt_name "X509v3 Subject Alternative Name" --// #define NID_subject_alt_name 85 --// #define OBJ_subject_alt_name 2L, 5L, 29L, 17L -- --// #define SN_issuer_alt_name "issuerAltName" --// #define LN_issuer_alt_name "X509v3 Issuer Alternative Name" --// #define NID_issuer_alt_name 86 --// #define OBJ_issuer_alt_name 2L, 5L, 29L, 18L -- --// #define SN_basic_constraints "basicConstraints" --// #define LN_basic_constraints "X509v3 Basic Constraints" --// #define NID_basic_constraints 87 --// #define OBJ_basic_constraints 2L, 5L, 29L, 19L -- --// #define SN_crl_number "crlNumber" --// #define LN_crl_number "X509v3 CRL Number" --// #define NID_crl_number 88 --// #define OBJ_crl_number 2L, 5L, 29L, 20L -- --// #define SN_certificate_policies "certificatePolicies" --// #define LN_certificate_policies "X509v3 Certificate Policies" --// #define NID_certificate_policies 89 --// #define OBJ_certificate_policies 2L, 5L, 29L, 32L -- --// #define SN_authority_key_identifier "authorityKeyIdentifier" --// #define LN_authority_key_identifier "X509v3 Authority Key Identifier" --// #define NID_authority_key_identifier 90 --// #define OBJ_authority_key_identifier 2L, 5L, 29L, 35L -- --// #define SN_bf_cbc "BF-CBC" --// #define LN_bf_cbc "bf-cbc" --// #define NID_bf_cbc 91 --// #define OBJ_bf_cbc 1L, 3L, 6L, 1L, 4L, 1L, 3029L, 1L, 2L -- --// #define SN_bf_ecb "BF-ECB" --// #define LN_bf_ecb "bf-ecb" --// #define NID_bf_ecb 92 -- --// #define SN_bf_cfb64 "BF-CFB" --// #define LN_bf_cfb64 "bf-cfb" --// #define NID_bf_cfb64 93 -- --// #define SN_bf_ofb64 "BF-OFB" --// #define LN_bf_ofb64 "bf-ofb" --// #define NID_bf_ofb64 94 -- --// #define SN_mdc2 "MDC2" --// #define LN_mdc2 "mdc2" --// #define NID_mdc2 95 --// #define OBJ_mdc2 2L, 5L, 8L, 3L, 101L -- --// #define SN_mdc2WithRSA "RSA-MDC2" --// #define LN_mdc2WithRSA "mdc2WithRSA" --// #define NID_mdc2WithRSA 96 --// #define OBJ_mdc2WithRSA 2L, 5L, 8L, 3L, 100L -- --// #define SN_rc4_40 "RC4-40" --// #define LN_rc4_40 "rc4-40" --// #define NID_rc4_40 97 -- --// #define SN_rc2_40_cbc "RC2-40-CBC" --// #define LN_rc2_40_cbc "rc2-40-cbc" --// #define NID_rc2_40_cbc 98 -- --// #define SN_givenName "GN" --// #define LN_givenName "givenName" --// #define NID_givenName 99 --// #define OBJ_givenName 2L, 5L, 4L, 42L -- --// #define SN_surname "SN" --// #define LN_surname "surname" --// #define NID_surname 100 --// #define OBJ_surname 2L, 5L, 4L, 4L -- --// #define SN_initials "initials" --// #define LN_initials "initials" --// #define NID_initials 101 --// #define OBJ_initials 2L, 5L, 4L, 43L -- --// #define SN_crl_distribution_points "crlDistributionPoints" --// #define LN_crl_distribution_points "X509v3 CRL Distribution Points" --// #define NID_crl_distribution_points 103 --// #define OBJ_crl_distribution_points 2L, 5L, 29L, 31L -- --// #define SN_md5WithRSA "RSA-NP-MD5" --// #define LN_md5WithRSA "md5WithRSA" --// #define NID_md5WithRSA 104 --// #define OBJ_md5WithRSA 1L, 3L, 14L, 3L, 2L, 3L -- --// #define LN_serialNumber "serialNumber" --// #define NID_serialNumber 105 --// #define OBJ_serialNumber 2L, 5L, 4L, 5L -- --// #define SN_title "title" --// #define LN_title "title" --// #define NID_title 106 --// #define OBJ_title 2L, 5L, 4L, 12L -- --// #define LN_description "description" --// #define NID_description 107 --// #define OBJ_description 2L, 5L, 4L, 13L -- --// #define SN_cast5_cbc "CAST5-CBC" --// #define LN_cast5_cbc "cast5-cbc" --// #define NID_cast5_cbc 108 --// #define OBJ_cast5_cbc 1L, 2L, 840L, 113533L, 7L, 66L, 10L -- --// #define SN_cast5_ecb "CAST5-ECB" --// #define LN_cast5_ecb "cast5-ecb" --// #define NID_cast5_ecb 109 -- --// #define SN_cast5_cfb64 "CAST5-CFB" --// #define LN_cast5_cfb64 "cast5-cfb" --// #define NID_cast5_cfb64 110 -- --// #define SN_cast5_ofb64 "CAST5-OFB" --// #define LN_cast5_ofb64 "cast5-ofb" --// #define NID_cast5_ofb64 111 -- --// #define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" --// #define NID_pbeWithMD5AndCast5_CBC 112 --// #define OBJ_pbeWithMD5AndCast5_CBC 1L, 2L, 840L, 113533L, 7L, 66L, 12L -- --// #define SN_dsaWithSHA1 "DSA-SHA1" --// #define LN_dsaWithSHA1 "dsaWithSHA1" --// #define NID_dsaWithSHA1 113 --// #define OBJ_dsaWithSHA1 1L, 2L, 840L, 10040L, 4L, 3L -- --// #define SN_md5_sha1 "MD5-SHA1" --// #define LN_md5_sha1 "md5-sha1" --// #define NID_md5_sha1 114 -- --// #define SN_sha1WithRSA "RSA-SHA1-2" --// #define LN_sha1WithRSA "sha1WithRSA" --// #define NID_sha1WithRSA 115 --// #define OBJ_sha1WithRSA 1L, 3L, 14L, 3L, 2L, 29L -- --// #define SN_dsa "DSA" --// #define LN_dsa "dsaEncryption" --// #define NID_dsa 116 --// #define OBJ_dsa 1L, 2L, 840L, 10040L, 4L, 1L -- --// #define SN_ripemd160 "RIPEMD160" --// #define LN_ripemd160 "ripemd160" --// #define NID_ripemd160 117 --// #define OBJ_ripemd160 1L, 3L, 36L, 3L, 2L, 1L -- --// #define SN_ripemd160WithRSA "RSA-RIPEMD160" --// #define LN_ripemd160WithRSA "ripemd160WithRSA" --// #define NID_ripemd160WithRSA 119 --// #define OBJ_ripemd160WithRSA 1L, 3L, 36L, 3L, 3L, 1L, 2L -- --// #define SN_rc5_cbc "RC5-CBC" --// #define LN_rc5_cbc "rc5-cbc" --// #define NID_rc5_cbc 120 --// #define OBJ_rc5_cbc 1L, 2L, 840L, 113549L, 3L, 8L -- --// #define SN_rc5_ecb "RC5-ECB" --// #define LN_rc5_ecb "rc5-ecb" --// #define NID_rc5_ecb 121 -- --// #define SN_rc5_cfb64 "RC5-CFB" --// #define LN_rc5_cfb64 "rc5-cfb" --// #define NID_rc5_cfb64 122 -- --// #define SN_rc5_ofb64 "RC5-OFB" --// #define LN_rc5_ofb64 "rc5-ofb" --// #define NID_rc5_ofb64 123 -- --// #define SN_zlib_compression "ZLIB" --// #define LN_zlib_compression "zlib compression" --// #define NID_zlib_compression 125 --// #define OBJ_zlib_compression 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 3L, 8L -- --// #define SN_ext_key_usage "extendedKeyUsage" --// #define LN_ext_key_usage "X509v3 Extended Key Usage" --// #define NID_ext_key_usage 126 --// #define OBJ_ext_key_usage 2L, 5L, 29L, 37L -- --// #define SN_id_pkix "PKIX" --// #define NID_id_pkix 127 --// #define OBJ_id_pkix 1L, 3L, 6L, 1L, 5L, 5L, 7L -- --// #define SN_id_kp "id-kp" --// #define NID_id_kp 128 --// #define OBJ_id_kp 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L -- --// #define SN_server_auth "serverAuth" --// #define LN_server_auth "TLS Web Server Authentication" --// #define NID_server_auth 129 --// #define OBJ_server_auth 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L, 1L -- --// #define SN_client_auth "clientAuth" --// #define LN_client_auth "TLS Web Client Authentication" --// #define NID_client_auth 130 --// #define OBJ_client_auth 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L, 2L -- --// #define SN_code_sign "codeSigning" --// #define LN_code_sign "Code Signing" --// #define NID_code_sign 131 --// #define OBJ_code_sign 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L, 3L -- --// #define SN_email_protect "emailProtection" --// #define LN_email_protect "E-mail Protection" --// #define NID_email_protect 132 --// #define OBJ_email_protect 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L, 4L -- --// #define SN_time_stamp "timeStamping" --// #define LN_time_stamp "Time Stamping" --// #define NID_time_stamp 133 --// #define OBJ_time_stamp 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L, 8L -- --// #define SN_ms_code_ind "msCodeInd" --// #define LN_ms_code_ind "Microsoft Individual Code Signing" --// #define NID_ms_code_ind 134 --// #define OBJ_ms_code_ind 1L, 3L, 6L, 1L, 4L, 1L, 311L, 2L, 1L, 21L -- --// #define SN_ms_code_com "msCodeCom" --// #define LN_ms_code_com "Microsoft Commercial Code Signing" --// #define NID_ms_code_com 135 --// #define OBJ_ms_code_com 1L, 3L, 6L, 1L, 4L, 1L, 311L, 2L, 1L, 22L -- --// #define SN_ms_ctl_sign "msCTLSign" --// #define LN_ms_ctl_sign "Microsoft Trust List Signing" --// #define NID_ms_ctl_sign 136 --// #define OBJ_ms_ctl_sign 1L, 3L, 6L, 1L, 4L, 1L, 311L, 10L, 3L, 1L -- --// #define SN_ms_sgc "msSGC" --// #define LN_ms_sgc "Microsoft Server Gated Crypto" --// #define NID_ms_sgc 137 --// #define OBJ_ms_sgc 1L, 3L, 6L, 1L, 4L, 1L, 311L, 10L, 3L, 3L -- --// #define SN_ms_efs "msEFS" --// #define LN_ms_efs "Microsoft Encrypted File System" --// #define NID_ms_efs 138 --// #define OBJ_ms_efs 1L, 3L, 6L, 1L, 4L, 1L, 311L, 10L, 3L, 4L -- --// #define SN_ns_sgc "nsSGC" --// #define LN_ns_sgc "Netscape Server Gated Crypto" --// #define NID_ns_sgc 139 --// #define OBJ_ns_sgc 2L, 16L, 840L, 1L, 113730L, 4L, 1L -- --// #define SN_delta_crl "deltaCRL" --// #define LN_delta_crl "X509v3 Delta CRL Indicator" --// #define NID_delta_crl 140 --// #define OBJ_delta_crl 2L, 5L, 29L, 27L -- --// #define SN_crl_reason "CRLReason" --// #define LN_crl_reason "X509v3 CRL Reason Code" --// #define NID_crl_reason 141 --// #define OBJ_crl_reason 2L, 5L, 29L, 21L -- --// #define SN_invalidity_date "invalidityDate" --// #define LN_invalidity_date "Invalidity Date" --// #define NID_invalidity_date 142 --// #define OBJ_invalidity_date 2L, 5L, 29L, 24L -- --// #define SN_sxnet "SXNetID" --// #define LN_sxnet "Strong Extranet ID" --// #define NID_sxnet 143 --// #define OBJ_sxnet 1L, 3L, 101L, 1L, 4L, 1L -- --// #define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" --// #define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" --// #define NID_pbe_WithSHA1And128BitRC4 144 --// #define OBJ_pbe_WithSHA1And128BitRC4 1L, 2L, 840L, 113549L, 1L, 12L, 1L, 1L -- --// #define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" --// #define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" --// #define NID_pbe_WithSHA1And40BitRC4 145 --// #define OBJ_pbe_WithSHA1And40BitRC4 1L, 2L, 840L, 113549L, 1L, 12L, 1L, 2L -- --// #define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" --// #define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" --// #define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 --// #define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC \ --// 1L, 2L, 840L, 113549L, 1L, 12L, 1L, 3L -- --// #define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" --// #define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" --// #define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 --// #define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC \ --// 1L, 2L, 840L, 113549L, 1L, 12L, 1L, 4L -- --// #define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" --// #define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" --// #define NID_pbe_WithSHA1And128BitRC2_CBC 148 --// #define OBJ_pbe_WithSHA1And128BitRC2_CBC 1L, 2L, 840L, 113549L, 1L, 12L, 1L, 5L -- --// #define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" --// #define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" --// #define NID_pbe_WithSHA1And40BitRC2_CBC 149 --// #define OBJ_pbe_WithSHA1And40BitRC2_CBC 1L, 2L, 840L, 113549L, 1L, 12L, 1L, 6L -- --// #define LN_keyBag "keyBag" --// #define NID_keyBag 150 --// #define OBJ_keyBag 1L, 2L, 840L, 113549L, 1L, 12L, 10L, 1L, 1L -- --// #define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" --// #define NID_pkcs8ShroudedKeyBag 151 --// #define OBJ_pkcs8ShroudedKeyBag 1L, 2L, 840L, 113549L, 1L, 12L, 10L, 1L, 2L -- --// #define LN_certBag "certBag" --// #define NID_certBag 152 --// #define OBJ_certBag 1L, 2L, 840L, 113549L, 1L, 12L, 10L, 1L, 3L -- --// #define LN_crlBag "crlBag" --// #define NID_crlBag 153 --// #define OBJ_crlBag 1L, 2L, 840L, 113549L, 1L, 12L, 10L, 1L, 4L -- --// #define LN_secretBag "secretBag" --// #define NID_secretBag 154 --// #define OBJ_secretBag 1L, 2L, 840L, 113549L, 1L, 12L, 10L, 1L, 5L -- --// #define LN_safeContentsBag "safeContentsBag" --// #define NID_safeContentsBag 155 --// #define OBJ_safeContentsBag 1L, 2L, 840L, 113549L, 1L, 12L, 10L, 1L, 6L -- --// #define LN_friendlyName "friendlyName" --// #define NID_friendlyName 156 --// #define OBJ_friendlyName 1L, 2L, 840L, 113549L, 1L, 9L, 20L -- --// #define LN_localKeyID "localKeyID" --// #define NID_localKeyID 157 --// #define OBJ_localKeyID 1L, 2L, 840L, 113549L, 1L, 9L, 21L -- --// #define LN_x509Certificate "x509Certificate" --// #define NID_x509Certificate 158 --// #define OBJ_x509Certificate 1L, 2L, 840L, 113549L, 1L, 9L, 22L, 1L -- --// #define LN_sdsiCertificate "sdsiCertificate" --// #define NID_sdsiCertificate 159 --// #define OBJ_sdsiCertificate 1L, 2L, 840L, 113549L, 1L, 9L, 22L, 2L -- --// #define LN_x509Crl "x509Crl" --// #define NID_x509Crl 160 --// #define OBJ_x509Crl 1L, 2L, 840L, 113549L, 1L, 9L, 23L, 1L -- --// #define LN_pbes2 "PBES2" --// #define NID_pbes2 161 --// #define OBJ_pbes2 1L, 2L, 840L, 113549L, 1L, 5L, 13L -- --// #define LN_pbmac1 "PBMAC1" --// #define NID_pbmac1 162 --// #define OBJ_pbmac1 1L, 2L, 840L, 113549L, 1L, 5L, 14L -- --// #define LN_hmacWithSHA1 "hmacWithSHA1" --// #define NID_hmacWithSHA1 163 --// #define OBJ_hmacWithSHA1 1L, 2L, 840L, 113549L, 2L, 7L -- --// #define SN_id_qt_cps "id-qt-cps" --// #define LN_id_qt_cps "Policy Qualifier CPS" --// #define NID_id_qt_cps 164 --// #define OBJ_id_qt_cps 1L, 3L, 6L, 1L, 5L, 5L, 7L, 2L, 1L -- --// #define SN_id_qt_unotice "id-qt-unotice" --// #define LN_id_qt_unotice "Policy Qualifier User Notice" --// #define NID_id_qt_unotice 165 --// #define OBJ_id_qt_unotice 1L, 3L, 6L, 1L, 5L, 5L, 7L, 2L, 2L -- --// #define SN_rc2_64_cbc "RC2-64-CBC" --// #define LN_rc2_64_cbc "rc2-64-cbc" --// #define NID_rc2_64_cbc 166 -- --// #define SN_SMIMECapabilities "SMIME-CAPS" --// #define LN_SMIMECapabilities "S/MIME Capabilities" --// #define NID_SMIMECapabilities 167 --// #define OBJ_SMIMECapabilities 1L, 2L, 840L, 113549L, 1L, 9L, 15L -- --// #define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" --// #define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" --// #define NID_pbeWithMD2AndRC2_CBC 168 --// #define OBJ_pbeWithMD2AndRC2_CBC 1L, 2L, 840L, 113549L, 1L, 5L, 4L -- --// #define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" --// #define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" --// #define NID_pbeWithMD5AndRC2_CBC 169 --// #define OBJ_pbeWithMD5AndRC2_CBC 1L, 2L, 840L, 113549L, 1L, 5L, 6L -- --// #define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" --// #define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" --// #define NID_pbeWithSHA1AndDES_CBC 170 --// #define OBJ_pbeWithSHA1AndDES_CBC 1L, 2L, 840L, 113549L, 1L, 5L, 10L -- --// #define SN_ms_ext_req "msExtReq" --// #define LN_ms_ext_req "Microsoft Extension Request" --// #define NID_ms_ext_req 171 --// #define OBJ_ms_ext_req 1L, 3L, 6L, 1L, 4L, 1L, 311L, 2L, 1L, 14L -- --// #define SN_ext_req "extReq" --// #define LN_ext_req "Extension Request" --// #define NID_ext_req 172 --// #define OBJ_ext_req 1L, 2L, 840L, 113549L, 1L, 9L, 14L -- --// #define SN_name "name" --// #define LN_name "name" --// #define NID_name 173 --// #define OBJ_name 2L, 5L, 4L, 41L -- --// #define SN_dnQualifier "dnQualifier" --// #define LN_dnQualifier "dnQualifier" --// #define NID_dnQualifier 174 --// #define OBJ_dnQualifier 2L, 5L, 4L, 46L -- --// #define SN_id_pe "id-pe" --// #define NID_id_pe 175 --// #define OBJ_id_pe 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L -- --// #define SN_id_ad "id-ad" --// #define NID_id_ad 176 --// #define OBJ_id_ad 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L -- --// #define SN_info_access "authorityInfoAccess" --// #define LN_info_access "Authority Information Access" --// #define NID_info_access 177 --// #define OBJ_info_access 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 1L -- --// #define SN_ad_OCSP "OCSP" --// #define LN_ad_OCSP "OCSP" --// #define NID_ad_OCSP 178 --// #define OBJ_ad_OCSP 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L -- --// #define SN_ad_ca_issuers "caIssuers" --// #define LN_ad_ca_issuers "CA Issuers" --// #define NID_ad_ca_issuers 179 --// #define OBJ_ad_ca_issuers 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 2L -- --// #define SN_OCSP_sign "OCSPSigning" --// #define LN_OCSP_sign "OCSP Signing" --// #define NID_OCSP_sign 180 --// #define OBJ_OCSP_sign 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L, 9L -- --// #define SN_iso "ISO" --// #define LN_iso "iso" --// #define NID_iso 181 --// #define OBJ_iso 1L -- --// #define SN_member_body "member-body" --// #define LN_member_body "ISO Member Body" --// #define NID_member_body 182 --// #define OBJ_member_body 1L, 2L -- --// #define SN_ISO_US "ISO-US" --// #define LN_ISO_US "ISO US Member Body" --// #define NID_ISO_US 183 --// #define OBJ_ISO_US 1L, 2L, 840L -- --// #define SN_X9_57 "X9-57" --// #define LN_X9_57 "X9.57" --// #define NID_X9_57 184 --// #define OBJ_X9_57 1L, 2L, 840L, 10040L -- --// #define SN_X9cm "X9cm" --// #define LN_X9cm "X9.57 CM ?" --// #define NID_X9cm 185 --// #define OBJ_X9cm 1L, 2L, 840L, 10040L, 4L -- --// #define SN_pkcs1 "pkcs1" --// #define NID_pkcs1 186 --// #define OBJ_pkcs1 1L, 2L, 840L, 113549L, 1L, 1L -- --// #define SN_pkcs5 "pkcs5" --// #define NID_pkcs5 187 --// #define OBJ_pkcs5 1L, 2L, 840L, 113549L, 1L, 5L -- --// #define SN_SMIME "SMIME" --// #define LN_SMIME "S/MIME" --// #define NID_SMIME 188 --// #define OBJ_SMIME 1L, 2L, 840L, 113549L, 1L, 9L, 16L -- --// #define SN_id_smime_mod "id-smime-mod" --// #define NID_id_smime_mod 189 --// #define OBJ_id_smime_mod 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 0L -- --// #define SN_id_smime_ct "id-smime-ct" --// #define NID_id_smime_ct 190 --// #define OBJ_id_smime_ct 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L -- --// #define SN_id_smime_aa "id-smime-aa" --// #define NID_id_smime_aa 191 --// #define OBJ_id_smime_aa 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L -- --// #define SN_id_smime_alg "id-smime-alg" --// #define NID_id_smime_alg 192 --// #define OBJ_id_smime_alg 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 3L -- --// #define SN_id_smime_cd "id-smime-cd" --// #define NID_id_smime_cd 193 --// #define OBJ_id_smime_cd 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 4L -- --// #define SN_id_smime_spq "id-smime-spq" --// #define NID_id_smime_spq 194 --// #define OBJ_id_smime_spq 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 5L -- --// #define SN_id_smime_cti "id-smime-cti" --// #define NID_id_smime_cti 195 --// #define OBJ_id_smime_cti 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 6L -- --// #define SN_id_smime_mod_cms "id-smime-mod-cms" --// #define NID_id_smime_mod_cms 196 --// #define OBJ_id_smime_mod_cms 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 0L, 1L -- --// #define SN_id_smime_mod_ess "id-smime-mod-ess" --// #define NID_id_smime_mod_ess 197 --// #define OBJ_id_smime_mod_ess 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 0L, 2L -- --// #define SN_id_smime_mod_oid "id-smime-mod-oid" --// #define NID_id_smime_mod_oid 198 --// #define OBJ_id_smime_mod_oid 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 0L, 3L -- --// #define SN_id_smime_mod_msg_v3 "id-smime-mod-msg-v3" --// #define NID_id_smime_mod_msg_v3 199 --// #define OBJ_id_smime_mod_msg_v3 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 0L, 4L -- --// #define SN_id_smime_mod_ets_eSignature_88 "id-smime-mod-ets-eSignature-88" --// #define NID_id_smime_mod_ets_eSignature_88 200 --// #define OBJ_id_smime_mod_ets_eSignature_88 \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 0L, 5L -- --// #define SN_id_smime_mod_ets_eSignature_97 "id-smime-mod-ets-eSignature-97" --// #define NID_id_smime_mod_ets_eSignature_97 201 --// #define OBJ_id_smime_mod_ets_eSignature_97 \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 0L, 6L -- --// #define SN_id_smime_mod_ets_eSigPolicy_88 "id-smime-mod-ets-eSigPolicy-88" --// #define NID_id_smime_mod_ets_eSigPolicy_88 202 --// #define OBJ_id_smime_mod_ets_eSigPolicy_88 \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 0L, 7L -- --// #define SN_id_smime_mod_ets_eSigPolicy_97 "id-smime-mod-ets-eSigPolicy-97" --// #define NID_id_smime_mod_ets_eSigPolicy_97 203 --// #define OBJ_id_smime_mod_ets_eSigPolicy_97 \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 0L, 8L -- --// #define SN_id_smime_ct_receipt "id-smime-ct-receipt" --// #define NID_id_smime_ct_receipt 204 --// #define OBJ_id_smime_ct_receipt 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L, 1L -- --// #define SN_id_smime_ct_authData "id-smime-ct-authData" --// #define NID_id_smime_ct_authData 205 --// #define OBJ_id_smime_ct_authData 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L, 2L -- --// #define SN_id_smime_ct_publishCert "id-smime-ct-publishCert" --// #define NID_id_smime_ct_publishCert 206 --// #define OBJ_id_smime_ct_publishCert 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L, 3L -- --// #define SN_id_smime_ct_TSTInfo "id-smime-ct-TSTInfo" --// #define NID_id_smime_ct_TSTInfo 207 --// #define OBJ_id_smime_ct_TSTInfo 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L, 4L -- --// #define SN_id_smime_ct_TDTInfo "id-smime-ct-TDTInfo" --// #define NID_id_smime_ct_TDTInfo 208 --// #define OBJ_id_smime_ct_TDTInfo 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L, 5L -- --// #define SN_id_smime_ct_contentInfo "id-smime-ct-contentInfo" --// #define NID_id_smime_ct_contentInfo 209 --// #define OBJ_id_smime_ct_contentInfo 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L, 6L -- --// #define SN_id_smime_ct_DVCSRequestData "id-smime-ct-DVCSRequestData" --// #define NID_id_smime_ct_DVCSRequestData 210 --// #define OBJ_id_smime_ct_DVCSRequestData \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L, 7L -- --// #define SN_id_smime_ct_DVCSResponseData "id-smime-ct-DVCSResponseData" --// #define NID_id_smime_ct_DVCSResponseData 211 --// #define OBJ_id_smime_ct_DVCSResponseData \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L, 8L -- --// #define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" --// #define NID_id_smime_aa_receiptRequest 212 --// #define OBJ_id_smime_aa_receiptRequest \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 1L -- --// #define SN_id_smime_aa_securityLabel "id-smime-aa-securityLabel" --// #define NID_id_smime_aa_securityLabel 213 --// #define OBJ_id_smime_aa_securityLabel 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 2L -- --// #define SN_id_smime_aa_mlExpandHistory "id-smime-aa-mlExpandHistory" --// #define NID_id_smime_aa_mlExpandHistory 214 --// #define OBJ_id_smime_aa_mlExpandHistory \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 3L -- --// #define SN_id_smime_aa_contentHint "id-smime-aa-contentHint" --// #define NID_id_smime_aa_contentHint 215 --// #define OBJ_id_smime_aa_contentHint 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 4L -- --// #define SN_id_smime_aa_msgSigDigest "id-smime-aa-msgSigDigest" --// #define NID_id_smime_aa_msgSigDigest 216 --// #define OBJ_id_smime_aa_msgSigDigest 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 5L -- --// #define SN_id_smime_aa_encapContentType "id-smime-aa-encapContentType" --// #define NID_id_smime_aa_encapContentType 217 --// #define OBJ_id_smime_aa_encapContentType \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 6L -- --// #define SN_id_smime_aa_contentIdentifier "id-smime-aa-contentIdentifier" --// #define NID_id_smime_aa_contentIdentifier 218 --// #define OBJ_id_smime_aa_contentIdentifier \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 7L -- --// #define SN_id_smime_aa_macValue "id-smime-aa-macValue" --// #define NID_id_smime_aa_macValue 219 --// #define OBJ_id_smime_aa_macValue 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 8L -- --// #define SN_id_smime_aa_equivalentLabels "id-smime-aa-equivalentLabels" --// #define NID_id_smime_aa_equivalentLabels 220 --// #define OBJ_id_smime_aa_equivalentLabels \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 9L -- --// #define SN_id_smime_aa_contentReference "id-smime-aa-contentReference" --// #define NID_id_smime_aa_contentReference 221 --// #define OBJ_id_smime_aa_contentReference \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 10L -- --// #define SN_id_smime_aa_encrypKeyPref "id-smime-aa-encrypKeyPref" --// #define NID_id_smime_aa_encrypKeyPref 222 --// #define OBJ_id_smime_aa_encrypKeyPref \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 11L -- --// #define SN_id_smime_aa_signingCertificate "id-smime-aa-signingCertificate" --// #define NID_id_smime_aa_signingCertificate 223 --// #define OBJ_id_smime_aa_signingCertificate \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 12L -- --// #define SN_id_smime_aa_smimeEncryptCerts "id-smime-aa-smimeEncryptCerts" --// #define NID_id_smime_aa_smimeEncryptCerts 224 --// #define OBJ_id_smime_aa_smimeEncryptCerts \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 13L -- --// #define SN_id_smime_aa_timeStampToken "id-smime-aa-timeStampToken" --// #define NID_id_smime_aa_timeStampToken 225 --// #define OBJ_id_smime_aa_timeStampToken \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 14L -- --// #define SN_id_smime_aa_ets_sigPolicyId "id-smime-aa-ets-sigPolicyId" --// #define NID_id_smime_aa_ets_sigPolicyId 226 --// #define OBJ_id_smime_aa_ets_sigPolicyId \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 15L -- --// #define SN_id_smime_aa_ets_commitmentType "id-smime-aa-ets-commitmentType" --// #define NID_id_smime_aa_ets_commitmentType 227 --// #define OBJ_id_smime_aa_ets_commitmentType \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 16L -- --// #define SN_id_smime_aa_ets_signerLocation "id-smime-aa-ets-signerLocation" --// #define NID_id_smime_aa_ets_signerLocation 228 --// #define OBJ_id_smime_aa_ets_signerLocation \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 17L -- --// #define SN_id_smime_aa_ets_signerAttr "id-smime-aa-ets-signerAttr" --// #define NID_id_smime_aa_ets_signerAttr 229 --// #define OBJ_id_smime_aa_ets_signerAttr \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 18L -- --// #define SN_id_smime_aa_ets_otherSigCert "id-smime-aa-ets-otherSigCert" --// #define NID_id_smime_aa_ets_otherSigCert 230 --// #define OBJ_id_smime_aa_ets_otherSigCert \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 19L -- --// #define SN_id_smime_aa_ets_contentTimestamp "id-smime-aa-ets-contentTimestamp" --// #define NID_id_smime_aa_ets_contentTimestamp 231 --// #define OBJ_id_smime_aa_ets_contentTimestamp \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 20L -- --// #define SN_id_smime_aa_ets_CertificateRefs "id-smime-aa-ets-CertificateRefs" --// #define NID_id_smime_aa_ets_CertificateRefs 232 --// #define OBJ_id_smime_aa_ets_CertificateRefs \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 21L -- --// #define SN_id_smime_aa_ets_RevocationRefs "id-smime-aa-ets-RevocationRefs" --// #define NID_id_smime_aa_ets_RevocationRefs 233 --// #define OBJ_id_smime_aa_ets_RevocationRefs \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 22L -- --// #define SN_id_smime_aa_ets_certValues "id-smime-aa-ets-certValues" --// #define NID_id_smime_aa_ets_certValues 234 --// #define OBJ_id_smime_aa_ets_certValues \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 23L -- --// #define SN_id_smime_aa_ets_revocationValues "id-smime-aa-ets-revocationValues" --// #define NID_id_smime_aa_ets_revocationValues 235 --// #define OBJ_id_smime_aa_ets_revocationValues \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 24L -- --// #define SN_id_smime_aa_ets_escTimeStamp "id-smime-aa-ets-escTimeStamp" --// #define NID_id_smime_aa_ets_escTimeStamp 236 --// #define OBJ_id_smime_aa_ets_escTimeStamp \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 25L -- --// #define SN_id_smime_aa_ets_certCRLTimestamp "id-smime-aa-ets-certCRLTimestamp" --// #define NID_id_smime_aa_ets_certCRLTimestamp 237 --// #define OBJ_id_smime_aa_ets_certCRLTimestamp \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 26L -- --// #define SN_id_smime_aa_ets_archiveTimeStamp "id-smime-aa-ets-archiveTimeStamp" --// #define NID_id_smime_aa_ets_archiveTimeStamp 238 --// #define OBJ_id_smime_aa_ets_archiveTimeStamp \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 27L -- --// #define SN_id_smime_aa_signatureType "id-smime-aa-signatureType" --// #define NID_id_smime_aa_signatureType 239 --// #define OBJ_id_smime_aa_signatureType \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 28L -- --// #define SN_id_smime_aa_dvcs_dvc "id-smime-aa-dvcs-dvc" --// #define NID_id_smime_aa_dvcs_dvc 240 --// #define OBJ_id_smime_aa_dvcs_dvc 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 2L, 29L -- --// #define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" --// #define NID_id_smime_alg_ESDHwith3DES 241 --// #define OBJ_id_smime_alg_ESDHwith3DES 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 3L, 1L -- --// #define SN_id_smime_alg_ESDHwithRC2 "id-smime-alg-ESDHwithRC2" --// #define NID_id_smime_alg_ESDHwithRC2 242 --// #define OBJ_id_smime_alg_ESDHwithRC2 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 3L, 2L -- --// #define SN_id_smime_alg_3DESwrap "id-smime-alg-3DESwrap" --// #define NID_id_smime_alg_3DESwrap 243 --// #define OBJ_id_smime_alg_3DESwrap 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 3L, 3L -- --// #define SN_id_smime_alg_RC2wrap "id-smime-alg-RC2wrap" --// #define NID_id_smime_alg_RC2wrap 244 --// #define OBJ_id_smime_alg_RC2wrap 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 3L, 4L -- --// #define SN_id_smime_alg_ESDH "id-smime-alg-ESDH" --// #define NID_id_smime_alg_ESDH 245 --// #define OBJ_id_smime_alg_ESDH 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 3L, 5L -- --// #define SN_id_smime_alg_CMS3DESwrap "id-smime-alg-CMS3DESwrap" --// #define NID_id_smime_alg_CMS3DESwrap 246 --// #define OBJ_id_smime_alg_CMS3DESwrap 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 3L, 6L -- --// #define SN_id_smime_alg_CMSRC2wrap "id-smime-alg-CMSRC2wrap" --// #define NID_id_smime_alg_CMSRC2wrap 247 --// #define OBJ_id_smime_alg_CMSRC2wrap 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 3L, 7L -- --// #define SN_id_smime_cd_ldap "id-smime-cd-ldap" --// #define NID_id_smime_cd_ldap 248 --// #define OBJ_id_smime_cd_ldap 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 4L, 1L -- --// #define SN_id_smime_spq_ets_sqt_uri "id-smime-spq-ets-sqt-uri" --// #define NID_id_smime_spq_ets_sqt_uri 249 --// #define OBJ_id_smime_spq_ets_sqt_uri 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 5L, 1L -- --// #define SN_id_smime_spq_ets_sqt_unotice "id-smime-spq-ets-sqt-unotice" --// #define NID_id_smime_spq_ets_sqt_unotice 250 --// #define OBJ_id_smime_spq_ets_sqt_unotice \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 5L, 2L -- --// #define SN_id_smime_cti_ets_proofOfOrigin "id-smime-cti-ets-proofOfOrigin" --// #define NID_id_smime_cti_ets_proofOfOrigin 251 --// #define OBJ_id_smime_cti_ets_proofOfOrigin \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 6L, 1L -- --// #define SN_id_smime_cti_ets_proofOfReceipt "id-smime-cti-ets-proofOfReceipt" --// #define NID_id_smime_cti_ets_proofOfReceipt 252 --// #define OBJ_id_smime_cti_ets_proofOfReceipt \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 6L, 2L -- --// #define SN_id_smime_cti_ets_proofOfDelivery "id-smime-cti-ets-proofOfDelivery" --// #define NID_id_smime_cti_ets_proofOfDelivery 253 --// #define OBJ_id_smime_cti_ets_proofOfDelivery \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 6L, 3L -- --// #define SN_id_smime_cti_ets_proofOfSender "id-smime-cti-ets-proofOfSender" --// #define NID_id_smime_cti_ets_proofOfSender 254 --// #define OBJ_id_smime_cti_ets_proofOfSender \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 6L, 4L -- --// #define SN_id_smime_cti_ets_proofOfApproval "id-smime-cti-ets-proofOfApproval" --// #define NID_id_smime_cti_ets_proofOfApproval 255 --// #define OBJ_id_smime_cti_ets_proofOfApproval \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 6L, 5L -- --// #define SN_id_smime_cti_ets_proofOfCreation "id-smime-cti-ets-proofOfCreation" --// #define NID_id_smime_cti_ets_proofOfCreation 256 --// #define OBJ_id_smime_cti_ets_proofOfCreation \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 6L, 6L -- --// #define SN_md4 "MD4" --// #define LN_md4 "md4" --// #define NID_md4 257 --// #define OBJ_md4 1L, 2L, 840L, 113549L, 2L, 4L -- --// #define SN_id_pkix_mod "id-pkix-mod" --// #define NID_id_pkix_mod 258 --// #define OBJ_id_pkix_mod 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L -- --// #define SN_id_qt "id-qt" --// #define NID_id_qt 259 --// #define OBJ_id_qt 1L, 3L, 6L, 1L, 5L, 5L, 7L, 2L -- --// #define SN_id_it "id-it" --// #define NID_id_it 260 --// #define OBJ_id_it 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L -- --// #define SN_id_pkip "id-pkip" --// #define NID_id_pkip 261 --// #define OBJ_id_pkip 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L -- --// #define SN_id_alg "id-alg" --// #define NID_id_alg 262 --// #define OBJ_id_alg 1L, 3L, 6L, 1L, 5L, 5L, 7L, 6L -- --// #define SN_id_cmc "id-cmc" --// #define NID_id_cmc 263 --// #define OBJ_id_cmc 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L -- --// #define SN_id_on "id-on" --// #define NID_id_on 264 --// #define OBJ_id_on 1L, 3L, 6L, 1L, 5L, 5L, 7L, 8L -- --// #define SN_id_pda "id-pda" --// #define NID_id_pda 265 --// #define OBJ_id_pda 1L, 3L, 6L, 1L, 5L, 5L, 7L, 9L -- --// #define SN_id_aca "id-aca" --// #define NID_id_aca 266 --// #define OBJ_id_aca 1L, 3L, 6L, 1L, 5L, 5L, 7L, 10L -- --// #define SN_id_qcs "id-qcs" --// #define NID_id_qcs 267 --// #define OBJ_id_qcs 1L, 3L, 6L, 1L, 5L, 5L, 7L, 11L -- --// #define SN_id_cct "id-cct" --// #define NID_id_cct 268 --// #define OBJ_id_cct 1L, 3L, 6L, 1L, 5L, 5L, 7L, 12L -- --// #define SN_id_pkix1_explicit_88 "id-pkix1-explicit-88" --// #define NID_id_pkix1_explicit_88 269 --// #define OBJ_id_pkix1_explicit_88 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 1L -- --// #define SN_id_pkix1_implicit_88 "id-pkix1-implicit-88" --// #define NID_id_pkix1_implicit_88 270 --// #define OBJ_id_pkix1_implicit_88 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 2L -- --// #define SN_id_pkix1_explicit_93 "id-pkix1-explicit-93" --// #define NID_id_pkix1_explicit_93 271 --// #define OBJ_id_pkix1_explicit_93 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 3L -- --// #define SN_id_pkix1_implicit_93 "id-pkix1-implicit-93" --// #define NID_id_pkix1_implicit_93 272 --// #define OBJ_id_pkix1_implicit_93 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 4L -- --// #define SN_id_mod_crmf "id-mod-crmf" --// #define NID_id_mod_crmf 273 --// #define OBJ_id_mod_crmf 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 5L -- --// #define SN_id_mod_cmc "id-mod-cmc" --// #define NID_id_mod_cmc 274 --// #define OBJ_id_mod_cmc 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 6L -- --// #define SN_id_mod_kea_profile_88 "id-mod-kea-profile-88" --// #define NID_id_mod_kea_profile_88 275 --// #define OBJ_id_mod_kea_profile_88 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 7L -- --// #define SN_id_mod_kea_profile_93 "id-mod-kea-profile-93" --// #define NID_id_mod_kea_profile_93 276 --// #define OBJ_id_mod_kea_profile_93 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 8L -- --// #define SN_id_mod_cmp "id-mod-cmp" --// #define NID_id_mod_cmp 277 --// #define OBJ_id_mod_cmp 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 9L -- --// #define SN_id_mod_qualified_cert_88 "id-mod-qualified-cert-88" --// #define NID_id_mod_qualified_cert_88 278 --// #define OBJ_id_mod_qualified_cert_88 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 10L -- --// #define SN_id_mod_qualified_cert_93 "id-mod-qualified-cert-93" --// #define NID_id_mod_qualified_cert_93 279 --// #define OBJ_id_mod_qualified_cert_93 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 11L -- --// #define SN_id_mod_attribute_cert "id-mod-attribute-cert" --// #define NID_id_mod_attribute_cert 280 --// #define OBJ_id_mod_attribute_cert 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 12L -- --// #define SN_id_mod_timestamp_protocol "id-mod-timestamp-protocol" --// #define NID_id_mod_timestamp_protocol 281 --// #define OBJ_id_mod_timestamp_protocol 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 13L -- --// #define SN_id_mod_ocsp "id-mod-ocsp" --// #define NID_id_mod_ocsp 282 --// #define OBJ_id_mod_ocsp 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 14L -- --// #define SN_id_mod_dvcs "id-mod-dvcs" --// #define NID_id_mod_dvcs 283 --// #define OBJ_id_mod_dvcs 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 15L -- --// #define SN_id_mod_cmp2000 "id-mod-cmp2000" --// #define NID_id_mod_cmp2000 284 --// #define OBJ_id_mod_cmp2000 1L, 3L, 6L, 1L, 5L, 5L, 7L, 0L, 16L -- --// #define SN_biometricInfo "biometricInfo" --// #define LN_biometricInfo "Biometric Info" --// #define NID_biometricInfo 285 --// #define OBJ_biometricInfo 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 2L -- --// #define SN_qcStatements "qcStatements" --// #define NID_qcStatements 286 --// #define OBJ_qcStatements 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 3L -- --// #define SN_ac_auditEntity "ac-auditEntity" --// #define NID_ac_auditEntity 287 --// #define OBJ_ac_auditEntity 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 4L -- --// #define SN_ac_targeting "ac-targeting" --// #define NID_ac_targeting 288 --// #define OBJ_ac_targeting 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 5L -- --// #define SN_aaControls "aaControls" --// #define NID_aaControls 289 --// #define OBJ_aaControls 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 6L -- --// #define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock" --// #define NID_sbgp_ipAddrBlock 290 --// #define OBJ_sbgp_ipAddrBlock 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 7L -- --// #define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum" --// #define NID_sbgp_autonomousSysNum 291 --// #define OBJ_sbgp_autonomousSysNum 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 8L -- --// #define SN_sbgp_routerIdentifier "sbgp-routerIdentifier" --// #define NID_sbgp_routerIdentifier 292 --// #define OBJ_sbgp_routerIdentifier 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 9L -- --// #define SN_textNotice "textNotice" --// #define NID_textNotice 293 --// #define OBJ_textNotice 1L, 3L, 6L, 1L, 5L, 5L, 7L, 2L, 3L -- --// #define SN_ipsecEndSystem "ipsecEndSystem" --// #define LN_ipsecEndSystem "IPSec End System" --// #define NID_ipsecEndSystem 294 --// #define OBJ_ipsecEndSystem 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L, 5L -- --// #define SN_ipsecTunnel "ipsecTunnel" --// #define LN_ipsecTunnel "IPSec Tunnel" --// #define NID_ipsecTunnel 295 --// #define OBJ_ipsecTunnel 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L, 6L -- --// #define SN_ipsecUser "ipsecUser" --// #define LN_ipsecUser "IPSec User" --// #define NID_ipsecUser 296 --// #define OBJ_ipsecUser 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L, 7L -- --// #define SN_dvcs "DVCS" --// #define LN_dvcs "dvcs" --// #define NID_dvcs 297 --// #define OBJ_dvcs 1L, 3L, 6L, 1L, 5L, 5L, 7L, 3L, 10L -- --// #define SN_id_it_caProtEncCert "id-it-caProtEncCert" --// #define NID_id_it_caProtEncCert 298 --// #define OBJ_id_it_caProtEncCert 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 1L -- --// #define SN_id_it_signKeyPairTypes "id-it-signKeyPairTypes" --// #define NID_id_it_signKeyPairTypes 299 --// #define OBJ_id_it_signKeyPairTypes 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 2L -- --// #define SN_id_it_encKeyPairTypes "id-it-encKeyPairTypes" --// #define NID_id_it_encKeyPairTypes 300 --// #define OBJ_id_it_encKeyPairTypes 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 3L -- --// #define SN_id_it_preferredSymmAlg "id-it-preferredSymmAlg" --// #define NID_id_it_preferredSymmAlg 301 --// #define OBJ_id_it_preferredSymmAlg 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 4L -- --// #define SN_id_it_caKeyUpdateInfo "id-it-caKeyUpdateInfo" --// #define NID_id_it_caKeyUpdateInfo 302 --// #define OBJ_id_it_caKeyUpdateInfo 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 5L -- --// #define SN_id_it_currentCRL "id-it-currentCRL" --// #define NID_id_it_currentCRL 303 --// #define OBJ_id_it_currentCRL 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 6L -- --// #define SN_id_it_unsupportedOIDs "id-it-unsupportedOIDs" --// #define NID_id_it_unsupportedOIDs 304 --// #define OBJ_id_it_unsupportedOIDs 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 7L -- --// #define SN_id_it_subscriptionRequest "id-it-subscriptionRequest" --// #define NID_id_it_subscriptionRequest 305 --// #define OBJ_id_it_subscriptionRequest 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 8L -- --// #define SN_id_it_subscriptionResponse "id-it-subscriptionResponse" --// #define NID_id_it_subscriptionResponse 306 --// #define OBJ_id_it_subscriptionResponse 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 9L -- --// #define SN_id_it_keyPairParamReq "id-it-keyPairParamReq" --// #define NID_id_it_keyPairParamReq 307 --// #define OBJ_id_it_keyPairParamReq 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 10L -- --// #define SN_id_it_keyPairParamRep "id-it-keyPairParamRep" --// #define NID_id_it_keyPairParamRep 308 --// #define OBJ_id_it_keyPairParamRep 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 11L -- --// #define SN_id_it_revPassphrase "id-it-revPassphrase" --// #define NID_id_it_revPassphrase 309 --// #define OBJ_id_it_revPassphrase 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 12L -- --// #define SN_id_it_implicitConfirm "id-it-implicitConfirm" --// #define NID_id_it_implicitConfirm 310 --// #define OBJ_id_it_implicitConfirm 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 13L -- --// #define SN_id_it_confirmWaitTime "id-it-confirmWaitTime" --// #define NID_id_it_confirmWaitTime 311 --// #define OBJ_id_it_confirmWaitTime 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 14L -- --// #define SN_id_it_origPKIMessage "id-it-origPKIMessage" --// #define NID_id_it_origPKIMessage 312 --// #define OBJ_id_it_origPKIMessage 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 15L -- --// #define SN_id_regCtrl "id-regCtrl" --// #define NID_id_regCtrl 313 --// #define OBJ_id_regCtrl 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L, 1L -- --// #define SN_id_regInfo "id-regInfo" --// #define NID_id_regInfo 314 --// #define OBJ_id_regInfo 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L, 2L -- --// #define SN_id_regCtrl_regToken "id-regCtrl-regToken" --// #define NID_id_regCtrl_regToken 315 --// #define OBJ_id_regCtrl_regToken 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L, 1L, 1L -- --// #define SN_id_regCtrl_authenticator "id-regCtrl-authenticator" --// #define NID_id_regCtrl_authenticator 316 --// #define OBJ_id_regCtrl_authenticator 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L, 1L, 2L -- --// #define SN_id_regCtrl_pkiPublicationInfo "id-regCtrl-pkiPublicationInfo" --// #define NID_id_regCtrl_pkiPublicationInfo 317 --// #define OBJ_id_regCtrl_pkiPublicationInfo 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L, 1L, 3L -- --// #define SN_id_regCtrl_pkiArchiveOptions "id-regCtrl-pkiArchiveOptions" --// #define NID_id_regCtrl_pkiArchiveOptions 318 --// #define OBJ_id_regCtrl_pkiArchiveOptions 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L, 1L, 4L -- --// #define SN_id_regCtrl_oldCertID "id-regCtrl-oldCertID" --// #define NID_id_regCtrl_oldCertID 319 --// #define OBJ_id_regCtrl_oldCertID 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L, 1L, 5L -- --// #define SN_id_regCtrl_protocolEncrKey "id-regCtrl-protocolEncrKey" --// #define NID_id_regCtrl_protocolEncrKey 320 --// #define OBJ_id_regCtrl_protocolEncrKey 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L, 1L, 6L -- --// #define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs" --// #define NID_id_regInfo_utf8Pairs 321 --// #define OBJ_id_regInfo_utf8Pairs 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L, 2L, 1L -- --// #define SN_id_regInfo_certReq "id-regInfo-certReq" --// #define NID_id_regInfo_certReq 322 --// #define OBJ_id_regInfo_certReq 1L, 3L, 6L, 1L, 5L, 5L, 7L, 5L, 2L, 2L -- --// #define SN_id_alg_des40 "id-alg-des40" --// #define NID_id_alg_des40 323 --// #define OBJ_id_alg_des40 1L, 3L, 6L, 1L, 5L, 5L, 7L, 6L, 1L -- --// #define SN_id_alg_noSignature "id-alg-noSignature" --// #define NID_id_alg_noSignature 324 --// #define OBJ_id_alg_noSignature 1L, 3L, 6L, 1L, 5L, 5L, 7L, 6L, 2L -- --// #define SN_id_alg_dh_sig_hmac_sha1 "id-alg-dh-sig-hmac-sha1" --// #define NID_id_alg_dh_sig_hmac_sha1 325 --// #define OBJ_id_alg_dh_sig_hmac_sha1 1L, 3L, 6L, 1L, 5L, 5L, 7L, 6L, 3L -- --// #define SN_id_alg_dh_pop "id-alg-dh-pop" --// #define NID_id_alg_dh_pop 326 --// #define OBJ_id_alg_dh_pop 1L, 3L, 6L, 1L, 5L, 5L, 7L, 6L, 4L -- --// #define SN_id_cmc_statusInfo "id-cmc-statusInfo" --// #define NID_id_cmc_statusInfo 327 --// #define OBJ_id_cmc_statusInfo 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 1L -- --// #define SN_id_cmc_identification "id-cmc-identification" --// #define NID_id_cmc_identification 328 --// #define OBJ_id_cmc_identification 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 2L -- --// #define SN_id_cmc_identityProof "id-cmc-identityProof" --// #define NID_id_cmc_identityProof 329 --// #define OBJ_id_cmc_identityProof 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 3L -- --// #define SN_id_cmc_dataReturn "id-cmc-dataReturn" --// #define NID_id_cmc_dataReturn 330 --// #define OBJ_id_cmc_dataReturn 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 4L -- --// #define SN_id_cmc_transactionId "id-cmc-transactionId" --// #define NID_id_cmc_transactionId 331 --// #define OBJ_id_cmc_transactionId 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 5L -- --// #define SN_id_cmc_senderNonce "id-cmc-senderNonce" --// #define NID_id_cmc_senderNonce 332 --// #define OBJ_id_cmc_senderNonce 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 6L -- --// #define SN_id_cmc_recipientNonce "id-cmc-recipientNonce" --// #define NID_id_cmc_recipientNonce 333 --// #define OBJ_id_cmc_recipientNonce 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 7L -- --// #define SN_id_cmc_addExtensions "id-cmc-addExtensions" --// #define NID_id_cmc_addExtensions 334 --// #define OBJ_id_cmc_addExtensions 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 8L -- --// #define SN_id_cmc_encryptedPOP "id-cmc-encryptedPOP" --// #define NID_id_cmc_encryptedPOP 335 --// #define OBJ_id_cmc_encryptedPOP 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 9L -- --// #define SN_id_cmc_decryptedPOP "id-cmc-decryptedPOP" --// #define NID_id_cmc_decryptedPOP 336 --// #define OBJ_id_cmc_decryptedPOP 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 10L -- --// #define SN_id_cmc_lraPOPWitness "id-cmc-lraPOPWitness" --// #define NID_id_cmc_lraPOPWitness 337 --// #define OBJ_id_cmc_lraPOPWitness 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 11L -- --// #define SN_id_cmc_getCert "id-cmc-getCert" --// #define NID_id_cmc_getCert 338 --// #define OBJ_id_cmc_getCert 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 15L -- --// #define SN_id_cmc_getCRL "id-cmc-getCRL" --// #define NID_id_cmc_getCRL 339 --// #define OBJ_id_cmc_getCRL 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 16L -- --// #define SN_id_cmc_revokeRequest "id-cmc-revokeRequest" --// #define NID_id_cmc_revokeRequest 340 --// #define OBJ_id_cmc_revokeRequest 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 17L -- --// #define SN_id_cmc_regInfo "id-cmc-regInfo" --// #define NID_id_cmc_regInfo 341 --// #define OBJ_id_cmc_regInfo 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 18L -- --// #define SN_id_cmc_responseInfo "id-cmc-responseInfo" --// #define NID_id_cmc_responseInfo 342 --// #define OBJ_id_cmc_responseInfo 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 19L -- --// #define SN_id_cmc_queryPending "id-cmc-queryPending" --// #define NID_id_cmc_queryPending 343 --// #define OBJ_id_cmc_queryPending 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 21L -- --// #define SN_id_cmc_popLinkRandom "id-cmc-popLinkRandom" --// #define NID_id_cmc_popLinkRandom 344 --// #define OBJ_id_cmc_popLinkRandom 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 22L -- --// #define SN_id_cmc_popLinkWitness "id-cmc-popLinkWitness" --// #define NID_id_cmc_popLinkWitness 345 --// #define OBJ_id_cmc_popLinkWitness 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 23L -- --// #define SN_id_cmc_confirmCertAcceptance "id-cmc-confirmCertAcceptance" --// #define NID_id_cmc_confirmCertAcceptance 346 --// #define OBJ_id_cmc_confirmCertAcceptance 1L, 3L, 6L, 1L, 5L, 5L, 7L, 7L, 24L -- --// #define SN_id_on_personalData "id-on-personalData" --// #define NID_id_on_personalData 347 --// #define OBJ_id_on_personalData 1L, 3L, 6L, 1L, 5L, 5L, 7L, 8L, 1L -- --// #define SN_id_pda_dateOfBirth "id-pda-dateOfBirth" --// #define NID_id_pda_dateOfBirth 348 --// #define OBJ_id_pda_dateOfBirth 1L, 3L, 6L, 1L, 5L, 5L, 7L, 9L, 1L -- --// #define SN_id_pda_placeOfBirth "id-pda-placeOfBirth" --// #define NID_id_pda_placeOfBirth 349 --// #define OBJ_id_pda_placeOfBirth 1L, 3L, 6L, 1L, 5L, 5L, 7L, 9L, 2L -- --// #define SN_id_pda_gender "id-pda-gender" --// #define NID_id_pda_gender 351 --// #define OBJ_id_pda_gender 1L, 3L, 6L, 1L, 5L, 5L, 7L, 9L, 3L -- --// #define SN_id_pda_countryOfCitizenship "id-pda-countryOfCitizenship" --// #define NID_id_pda_countryOfCitizenship 352 --// #define OBJ_id_pda_countryOfCitizenship 1L, 3L, 6L, 1L, 5L, 5L, 7L, 9L, 4L -- --// #define SN_id_pda_countryOfResidence "id-pda-countryOfResidence" --// #define NID_id_pda_countryOfResidence 353 --// #define OBJ_id_pda_countryOfResidence 1L, 3L, 6L, 1L, 5L, 5L, 7L, 9L, 5L -- --// #define SN_id_aca_authenticationInfo "id-aca-authenticationInfo" --// #define NID_id_aca_authenticationInfo 354 --// #define OBJ_id_aca_authenticationInfo 1L, 3L, 6L, 1L, 5L, 5L, 7L, 10L, 1L -- --// #define SN_id_aca_accessIdentity "id-aca-accessIdentity" --// #define NID_id_aca_accessIdentity 355 --// #define OBJ_id_aca_accessIdentity 1L, 3L, 6L, 1L, 5L, 5L, 7L, 10L, 2L -- --// #define SN_id_aca_chargingIdentity "id-aca-chargingIdentity" --// #define NID_id_aca_chargingIdentity 356 --// #define OBJ_id_aca_chargingIdentity 1L, 3L, 6L, 1L, 5L, 5L, 7L, 10L, 3L -- --// #define SN_id_aca_group "id-aca-group" --// #define NID_id_aca_group 357 --// #define OBJ_id_aca_group 1L, 3L, 6L, 1L, 5L, 5L, 7L, 10L, 4L -- --// #define SN_id_aca_role "id-aca-role" --// #define NID_id_aca_role 358 --// #define OBJ_id_aca_role 1L, 3L, 6L, 1L, 5L, 5L, 7L, 10L, 5L -- --// #define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1" --// #define NID_id_qcs_pkixQCSyntax_v1 359 --// #define OBJ_id_qcs_pkixQCSyntax_v1 1L, 3L, 6L, 1L, 5L, 5L, 7L, 11L, 1L -- --// #define SN_id_cct_crs "id-cct-crs" --// #define NID_id_cct_crs 360 --// #define OBJ_id_cct_crs 1L, 3L, 6L, 1L, 5L, 5L, 7L, 12L, 1L -- --// #define SN_id_cct_PKIData "id-cct-PKIData" --// #define NID_id_cct_PKIData 361 --// #define OBJ_id_cct_PKIData 1L, 3L, 6L, 1L, 5L, 5L, 7L, 12L, 2L -- --// #define SN_id_cct_PKIResponse "id-cct-PKIResponse" --// #define NID_id_cct_PKIResponse 362 --// #define OBJ_id_cct_PKIResponse 1L, 3L, 6L, 1L, 5L, 5L, 7L, 12L, 3L -- --// #define SN_ad_timeStamping "ad_timestamping" --// #define LN_ad_timeStamping "AD Time Stamping" --// #define NID_ad_timeStamping 363 --// #define OBJ_ad_timeStamping 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 3L -- --// #define SN_ad_dvcs "AD_DVCS" --// #define LN_ad_dvcs "ad dvcs" --// #define NID_ad_dvcs 364 --// #define OBJ_ad_dvcs 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 4L -- --// #define SN_id_pkix_OCSP_basic "basicOCSPResponse" --// #define LN_id_pkix_OCSP_basic "Basic OCSP Response" --// #define NID_id_pkix_OCSP_basic 365 --// #define OBJ_id_pkix_OCSP_basic 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 1L -- --// #define SN_id_pkix_OCSP_Nonce "Nonce" --// #define LN_id_pkix_OCSP_Nonce "OCSP Nonce" --// #define NID_id_pkix_OCSP_Nonce 366 --// #define OBJ_id_pkix_OCSP_Nonce 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 2L -- --// #define SN_id_pkix_OCSP_CrlID "CrlID" --// #define LN_id_pkix_OCSP_CrlID "OCSP CRL ID" --// #define NID_id_pkix_OCSP_CrlID 367 --// #define OBJ_id_pkix_OCSP_CrlID 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 3L -- --// #define SN_id_pkix_OCSP_acceptableResponses "acceptableResponses" --// #define LN_id_pkix_OCSP_acceptableResponses "Acceptable OCSP Responses" --// #define NID_id_pkix_OCSP_acceptableResponses 368 --// #define OBJ_id_pkix_OCSP_acceptableResponses \ --// 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 4L -- --// #define SN_id_pkix_OCSP_noCheck "noCheck" --// #define LN_id_pkix_OCSP_noCheck "OCSP No Check" --// #define NID_id_pkix_OCSP_noCheck 369 --// #define OBJ_id_pkix_OCSP_noCheck 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 5L -- --// #define SN_id_pkix_OCSP_archiveCutoff "archiveCutoff" --// #define LN_id_pkix_OCSP_archiveCutoff "OCSP Archive Cutoff" --// #define NID_id_pkix_OCSP_archiveCutoff 370 --// #define OBJ_id_pkix_OCSP_archiveCutoff 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 6L -- --// #define SN_id_pkix_OCSP_serviceLocator "serviceLocator" --// #define LN_id_pkix_OCSP_serviceLocator "OCSP Service Locator" --// #define NID_id_pkix_OCSP_serviceLocator 371 --// #define OBJ_id_pkix_OCSP_serviceLocator 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 7L -- --// #define SN_id_pkix_OCSP_extendedStatus "extendedStatus" --// #define LN_id_pkix_OCSP_extendedStatus "Extended OCSP Status" --// #define NID_id_pkix_OCSP_extendedStatus 372 --// #define OBJ_id_pkix_OCSP_extendedStatus 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 8L -- --// #define SN_id_pkix_OCSP_valid "valid" --// #define NID_id_pkix_OCSP_valid 373 --// #define OBJ_id_pkix_OCSP_valid 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 9L -- --// #define SN_id_pkix_OCSP_path "path" --// #define NID_id_pkix_OCSP_path 374 --// #define OBJ_id_pkix_OCSP_path 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 10L -- --// #define SN_id_pkix_OCSP_trustRoot "trustRoot" --// #define LN_id_pkix_OCSP_trustRoot "Trust Root" --// #define NID_id_pkix_OCSP_trustRoot 375 --// #define OBJ_id_pkix_OCSP_trustRoot 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 1L, 11L -- --// #define SN_algorithm "algorithm" --// #define LN_algorithm "algorithm" --// #define NID_algorithm 376 --// #define OBJ_algorithm 1L, 3L, 14L, 3L, 2L -- --// #define SN_rsaSignature "rsaSignature" --// #define NID_rsaSignature 377 --// #define OBJ_rsaSignature 1L, 3L, 14L, 3L, 2L, 11L -- --// #define SN_X500algorithms "X500algorithms" --// #define LN_X500algorithms "directory services - algorithms" --// #define NID_X500algorithms 378 --// #define OBJ_X500algorithms 2L, 5L, 8L -- --// #define SN_org "ORG" --// #define LN_org "org" --// #define NID_org 379 --// #define OBJ_org 1L, 3L -- --// #define SN_dod "DOD" --// #define LN_dod "dod" --// #define NID_dod 380 --// #define OBJ_dod 1L, 3L, 6L -- --// #define SN_iana "IANA" --// #define LN_iana "iana" --// #define NID_iana 381 --// #define OBJ_iana 1L, 3L, 6L, 1L -- --// #define SN_Directory "directory" --// #define LN_Directory "Directory" --// #define NID_Directory 382 --// #define OBJ_Directory 1L, 3L, 6L, 1L, 1L -- --// #define SN_Management "mgmt" --// #define LN_Management "Management" --// #define NID_Management 383 --// #define OBJ_Management 1L, 3L, 6L, 1L, 2L -- --// #define SN_Experimental "experimental" --// #define LN_Experimental "Experimental" --// #define NID_Experimental 384 --// #define OBJ_Experimental 1L, 3L, 6L, 1L, 3L -- --// #define SN_Private "private" --// #define LN_Private "Private" --// #define NID_Private 385 --// #define OBJ_Private 1L, 3L, 6L, 1L, 4L -- --// #define SN_Security "security" --// #define LN_Security "Security" --// #define NID_Security 386 --// #define OBJ_Security 1L, 3L, 6L, 1L, 5L -- --// #define SN_SNMPv2 "snmpv2" --// #define LN_SNMPv2 "SNMPv2" --// #define NID_SNMPv2 387 --// #define OBJ_SNMPv2 1L, 3L, 6L, 1L, 6L -- --// #define LN_Mail "Mail" --// #define NID_Mail 388 --// #define OBJ_Mail 1L, 3L, 6L, 1L, 7L -- --// #define SN_Enterprises "enterprises" --// #define LN_Enterprises "Enterprises" --// #define NID_Enterprises 389 --// #define OBJ_Enterprises 1L, 3L, 6L, 1L, 4L, 1L -- --// #define SN_dcObject "dcobject" --// #define LN_dcObject "dcObject" --// #define NID_dcObject 390 --// #define OBJ_dcObject 1L, 3L, 6L, 1L, 4L, 1L, 1466L, 344L -- --// #define SN_domainComponent "DC" --// #define LN_domainComponent "domainComponent" --// #define NID_domainComponent 391 --// #define OBJ_domainComponent 0L, 9L, 2342L, 19200300L, 100L, 1L, 25L -- --// #define SN_Domain "domain" --// #define LN_Domain "Domain" --// #define NID_Domain 392 --// #define OBJ_Domain 0L, 9L, 2342L, 19200300L, 100L, 4L, 13L -- --// #define SN_selected_attribute_types "selected-attribute-types" --// #define LN_selected_attribute_types "Selected Attribute Types" --// #define NID_selected_attribute_types 394 --// #define OBJ_selected_attribute_types 2L, 5L, 1L, 5L -- --// #define SN_clearance "clearance" --// #define NID_clearance 395 --// #define OBJ_clearance 2L, 5L, 1L, 5L, 55L -- --// #define SN_md4WithRSAEncryption "RSA-MD4" --// #define LN_md4WithRSAEncryption "md4WithRSAEncryption" --// #define NID_md4WithRSAEncryption 396 --// #define OBJ_md4WithRSAEncryption 1L, 2L, 840L, 113549L, 1L, 1L, 3L -- --// #define SN_ac_proxying "ac-proxying" --// #define NID_ac_proxying 397 --// #define OBJ_ac_proxying 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 10L -- --// #define SN_sinfo_access "subjectInfoAccess" --// #define LN_sinfo_access "Subject Information Access" --// #define NID_sinfo_access 398 --// #define OBJ_sinfo_access 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 11L -- --// #define SN_id_aca_encAttrs "id-aca-encAttrs" --// #define NID_id_aca_encAttrs 399 --// #define OBJ_id_aca_encAttrs 1L, 3L, 6L, 1L, 5L, 5L, 7L, 10L, 6L -- --// #define SN_role "role" --// #define LN_role "role" --// #define NID_role 400 --// #define OBJ_role 2L, 5L, 4L, 72L -- --// #define SN_policy_constraints "policyConstraints" --// #define LN_policy_constraints "X509v3 Policy Constraints" --// #define NID_policy_constraints 401 --// #define OBJ_policy_constraints 2L, 5L, 29L, 36L -- --// #define SN_target_information "targetInformation" --// #define LN_target_information "X509v3 AC Targeting" --// #define NID_target_information 402 --// #define OBJ_target_information 2L, 5L, 29L, 55L -- --// #define SN_no_rev_avail "noRevAvail" --// #define LN_no_rev_avail "X509v3 No Revocation Available" --// #define NID_no_rev_avail 403 --// #define OBJ_no_rev_avail 2L, 5L, 29L, 56L -- --// #define SN_ansi_X9_62 "ansi-X9-62" --// #define LN_ansi_X9_62 "ANSI X9.62" --// #define NID_ansi_X9_62 405 --// #define OBJ_ansi_X9_62 1L, 2L, 840L, 10045L -- --// #define SN_X9_62_prime_field "prime-field" --// #define NID_X9_62_prime_field 406 --// #define OBJ_X9_62_prime_field 1L, 2L, 840L, 10045L, 1L, 1L -- --// #define SN_X9_62_characteristic_two_field "characteristic-two-field" --// #define NID_X9_62_characteristic_two_field 407 --// #define OBJ_X9_62_characteristic_two_field 1L, 2L, 840L, 10045L, 1L, 2L -- --// #define SN_X9_62_id_ecPublicKey "id-ecPublicKey" --// #define NID_X9_62_id_ecPublicKey 408 --// #define OBJ_X9_62_id_ecPublicKey 1L, 2L, 840L, 10045L, 2L, 1L -- --// #define SN_X9_62_prime192v1 "prime192v1" --// #define NID_X9_62_prime192v1 409 --// #define OBJ_X9_62_prime192v1 1L, 2L, 840L, 10045L, 3L, 1L, 1L -- --// #define SN_X9_62_prime192v2 "prime192v2" --// #define NID_X9_62_prime192v2 410 --// #define OBJ_X9_62_prime192v2 1L, 2L, 840L, 10045L, 3L, 1L, 2L -- --// #define SN_X9_62_prime192v3 "prime192v3" --// #define NID_X9_62_prime192v3 411 --// #define OBJ_X9_62_prime192v3 1L, 2L, 840L, 10045L, 3L, 1L, 3L -- --// #define SN_X9_62_prime239v1 "prime239v1" --// #define NID_X9_62_prime239v1 412 --// #define OBJ_X9_62_prime239v1 1L, 2L, 840L, 10045L, 3L, 1L, 4L -- --// #define SN_X9_62_prime239v2 "prime239v2" --// #define NID_X9_62_prime239v2 413 --// #define OBJ_X9_62_prime239v2 1L, 2L, 840L, 10045L, 3L, 1L, 5L -- --// #define SN_X9_62_prime239v3 "prime239v3" --// #define NID_X9_62_prime239v3 414 --// #define OBJ_X9_62_prime239v3 1L, 2L, 840L, 10045L, 3L, 1L, 6L -- --// #define SN_X9_62_prime256v1 "prime256v1" --// #define NID_X9_62_prime256v1 415 --// #define OBJ_X9_62_prime256v1 1L, 2L, 840L, 10045L, 3L, 1L, 7L -- --// #define SN_ecdsa_with_SHA1 "ecdsa-with-SHA1" --// #define NID_ecdsa_with_SHA1 416 --// #define OBJ_ecdsa_with_SHA1 1L, 2L, 840L, 10045L, 4L, 1L -- --// #define SN_ms_csp_name "CSPName" --// #define LN_ms_csp_name "Microsoft CSP Name" --// #define NID_ms_csp_name 417 --// #define OBJ_ms_csp_name 1L, 3L, 6L, 1L, 4L, 1L, 311L, 17L, 1L -- --// #define SN_aes_128_ecb "AES-128-ECB" --// #define LN_aes_128_ecb "aes-128-ecb" --// #define NID_aes_128_ecb 418 --// #define OBJ_aes_128_ecb 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 1L -- --// #define SN_aes_128_cbc "AES-128-CBC" --// #define LN_aes_128_cbc "aes-128-cbc" --// #define NID_aes_128_cbc 419 --// #define OBJ_aes_128_cbc 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 2L -- --// #define SN_aes_128_ofb128 "AES-128-OFB" --// #define LN_aes_128_ofb128 "aes-128-ofb" --// #define NID_aes_128_ofb128 420 --// #define OBJ_aes_128_ofb128 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 3L -- --// #define SN_aes_128_cfb128 "AES-128-CFB" --// #define LN_aes_128_cfb128 "aes-128-cfb" --// #define NID_aes_128_cfb128 421 --// #define OBJ_aes_128_cfb128 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 4L -- --// #define SN_aes_192_ecb "AES-192-ECB" --// #define LN_aes_192_ecb "aes-192-ecb" --// #define NID_aes_192_ecb 422 --// #define OBJ_aes_192_ecb 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 21L -- --// #define SN_aes_192_cbc "AES-192-CBC" --// #define LN_aes_192_cbc "aes-192-cbc" --// #define NID_aes_192_cbc 423 --// #define OBJ_aes_192_cbc 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 22L -- --// #define SN_aes_192_ofb128 "AES-192-OFB" --// #define LN_aes_192_ofb128 "aes-192-ofb" --// #define NID_aes_192_ofb128 424 --// #define OBJ_aes_192_ofb128 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 23L -- --// #define SN_aes_192_cfb128 "AES-192-CFB" --// #define LN_aes_192_cfb128 "aes-192-cfb" --// #define NID_aes_192_cfb128 425 --// #define OBJ_aes_192_cfb128 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 24L -- --// #define SN_aes_256_ecb "AES-256-ECB" --// #define LN_aes_256_ecb "aes-256-ecb" --// #define NID_aes_256_ecb 426 --// #define OBJ_aes_256_ecb 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 41L -- --// #define SN_aes_256_cbc "AES-256-CBC" --// #define LN_aes_256_cbc "aes-256-cbc" --// #define NID_aes_256_cbc 427 --// #define OBJ_aes_256_cbc 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 42L -- --// #define SN_aes_256_ofb128 "AES-256-OFB" --// #define LN_aes_256_ofb128 "aes-256-ofb" --// #define NID_aes_256_ofb128 428 --// #define OBJ_aes_256_ofb128 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 43L -- --// #define SN_aes_256_cfb128 "AES-256-CFB" --// #define LN_aes_256_cfb128 "aes-256-cfb" --// #define NID_aes_256_cfb128 429 --// #define OBJ_aes_256_cfb128 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 44L -- --// #define SN_hold_instruction_code "holdInstructionCode" --// #define LN_hold_instruction_code "Hold Instruction Code" --// #define NID_hold_instruction_code 430 --// #define OBJ_hold_instruction_code 2L, 5L, 29L, 23L -- --// #define SN_hold_instruction_none "holdInstructionNone" --// #define LN_hold_instruction_none "Hold Instruction None" --// #define NID_hold_instruction_none 431 --// #define OBJ_hold_instruction_none 1L, 2L, 840L, 10040L, 2L, 1L -- --// #define SN_hold_instruction_call_issuer "holdInstructionCallIssuer" --// #define LN_hold_instruction_call_issuer "Hold Instruction Call Issuer" --// #define NID_hold_instruction_call_issuer 432 --// #define OBJ_hold_instruction_call_issuer 1L, 2L, 840L, 10040L, 2L, 2L -- --// #define SN_hold_instruction_reject "holdInstructionReject" --// #define LN_hold_instruction_reject "Hold Instruction Reject" --// #define NID_hold_instruction_reject 433 --// #define OBJ_hold_instruction_reject 1L, 2L, 840L, 10040L, 2L, 3L -- --// #define SN_data "data" --// #define NID_data 434 --// #define OBJ_data 0L, 9L -- --// #define SN_pss "pss" --// #define NID_pss 435 --// #define OBJ_pss 0L, 9L, 2342L -- --// #define SN_ucl "ucl" --// #define NID_ucl 436 --// #define OBJ_ucl 0L, 9L, 2342L, 19200300L -- --// #define SN_pilot "pilot" --// #define NID_pilot 437 --// #define OBJ_pilot 0L, 9L, 2342L, 19200300L, 100L -- --// #define LN_pilotAttributeType "pilotAttributeType" --// #define NID_pilotAttributeType 438 --// #define OBJ_pilotAttributeType 0L, 9L, 2342L, 19200300L, 100L, 1L -- --// #define LN_pilotAttributeSyntax "pilotAttributeSyntax" --// #define NID_pilotAttributeSyntax 439 --// #define OBJ_pilotAttributeSyntax 0L, 9L, 2342L, 19200300L, 100L, 3L -- --// #define LN_pilotObjectClass "pilotObjectClass" --// #define NID_pilotObjectClass 440 --// #define OBJ_pilotObjectClass 0L, 9L, 2342L, 19200300L, 100L, 4L -- --// #define LN_pilotGroups "pilotGroups" --// #define NID_pilotGroups 441 --// #define OBJ_pilotGroups 0L, 9L, 2342L, 19200300L, 100L, 10L -- --// #define LN_iA5StringSyntax "iA5StringSyntax" --// #define NID_iA5StringSyntax 442 --// #define OBJ_iA5StringSyntax 0L, 9L, 2342L, 19200300L, 100L, 3L, 4L -- --// #define LN_caseIgnoreIA5StringSyntax "caseIgnoreIA5StringSyntax" --// #define NID_caseIgnoreIA5StringSyntax 443 --// #define OBJ_caseIgnoreIA5StringSyntax 0L, 9L, 2342L, 19200300L, 100L, 3L, 5L -- --// #define LN_pilotObject "pilotObject" --// #define NID_pilotObject 444 --// #define OBJ_pilotObject 0L, 9L, 2342L, 19200300L, 100L, 4L, 3L -- --// #define LN_pilotPerson "pilotPerson" --// #define NID_pilotPerson 445 --// #define OBJ_pilotPerson 0L, 9L, 2342L, 19200300L, 100L, 4L, 4L -- --// #define SN_account "account" --// #define NID_account 446 --// #define OBJ_account 0L, 9L, 2342L, 19200300L, 100L, 4L, 5L -- --// #define SN_document "document" --// #define NID_document 447 --// #define OBJ_document 0L, 9L, 2342L, 19200300L, 100L, 4L, 6L -- --// #define SN_room "room" --// #define NID_room 448 --// #define OBJ_room 0L, 9L, 2342L, 19200300L, 100L, 4L, 7L -- --// #define LN_documentSeries "documentSeries" --// #define NID_documentSeries 449 --// #define OBJ_documentSeries 0L, 9L, 2342L, 19200300L, 100L, 4L, 9L -- --// #define LN_rFC822localPart "rFC822localPart" --// #define NID_rFC822localPart 450 --// #define OBJ_rFC822localPart 0L, 9L, 2342L, 19200300L, 100L, 4L, 14L -- --// #define LN_dNSDomain "dNSDomain" --// #define NID_dNSDomain 451 --// #define OBJ_dNSDomain 0L, 9L, 2342L, 19200300L, 100L, 4L, 15L -- --// #define LN_domainRelatedObject "domainRelatedObject" --// #define NID_domainRelatedObject 452 --// #define OBJ_domainRelatedObject 0L, 9L, 2342L, 19200300L, 100L, 4L, 17L -- --// #define LN_friendlyCountry "friendlyCountry" --// #define NID_friendlyCountry 453 --// #define OBJ_friendlyCountry 0L, 9L, 2342L, 19200300L, 100L, 4L, 18L -- --// #define LN_simpleSecurityObject "simpleSecurityObject" --// #define NID_simpleSecurityObject 454 --// #define OBJ_simpleSecurityObject 0L, 9L, 2342L, 19200300L, 100L, 4L, 19L -- --// #define LN_pilotOrganization "pilotOrganization" --// #define NID_pilotOrganization 455 --// #define OBJ_pilotOrganization 0L, 9L, 2342L, 19200300L, 100L, 4L, 20L -- --// #define LN_pilotDSA "pilotDSA" --// #define NID_pilotDSA 456 --// #define OBJ_pilotDSA 0L, 9L, 2342L, 19200300L, 100L, 4L, 21L -- --// #define LN_qualityLabelledData "qualityLabelledData" --// #define NID_qualityLabelledData 457 --// #define OBJ_qualityLabelledData 0L, 9L, 2342L, 19200300L, 100L, 4L, 22L -- --// #define SN_userId "UID" --// #define LN_userId "userId" --// #define NID_userId 458 --// #define OBJ_userId 0L, 9L, 2342L, 19200300L, 100L, 1L, 1L -- --// #define LN_textEncodedORAddress "textEncodedORAddress" --// #define NID_textEncodedORAddress 459 --// #define OBJ_textEncodedORAddress 0L, 9L, 2342L, 19200300L, 100L, 1L, 2L -- --// #define SN_rfc822Mailbox "mail" --// #define LN_rfc822Mailbox "rfc822Mailbox" --// #define NID_rfc822Mailbox 460 --// #define OBJ_rfc822Mailbox 0L, 9L, 2342L, 19200300L, 100L, 1L, 3L -- --// #define SN_info "info" --// #define NID_info 461 --// #define OBJ_info 0L, 9L, 2342L, 19200300L, 100L, 1L, 4L -- --// #define LN_favouriteDrink "favouriteDrink" --// #define NID_favouriteDrink 462 --// #define OBJ_favouriteDrink 0L, 9L, 2342L, 19200300L, 100L, 1L, 5L -- --// #define LN_roomNumber "roomNumber" --// #define NID_roomNumber 463 --// #define OBJ_roomNumber 0L, 9L, 2342L, 19200300L, 100L, 1L, 6L -- --// #define SN_photo "photo" --// #define NID_photo 464 --// #define OBJ_photo 0L, 9L, 2342L, 19200300L, 100L, 1L, 7L -- --// #define LN_userClass "userClass" --// #define NID_userClass 465 --// #define OBJ_userClass 0L, 9L, 2342L, 19200300L, 100L, 1L, 8L -- --// #define SN_host "host" --// #define NID_host 466 --// #define OBJ_host 0L, 9L, 2342L, 19200300L, 100L, 1L, 9L -- --// #define SN_manager "manager" --// #define NID_manager 467 --// #define OBJ_manager 0L, 9L, 2342L, 19200300L, 100L, 1L, 10L -- --// #define LN_documentIdentifier "documentIdentifier" --// #define NID_documentIdentifier 468 --// #define OBJ_documentIdentifier 0L, 9L, 2342L, 19200300L, 100L, 1L, 11L -- --// #define LN_documentTitle "documentTitle" --// #define NID_documentTitle 469 --// #define OBJ_documentTitle 0L, 9L, 2342L, 19200300L, 100L, 1L, 12L -- --// #define LN_documentVersion "documentVersion" --// #define NID_documentVersion 470 --// #define OBJ_documentVersion 0L, 9L, 2342L, 19200300L, 100L, 1L, 13L -- --// #define LN_documentAuthor "documentAuthor" --// #define NID_documentAuthor 471 --// #define OBJ_documentAuthor 0L, 9L, 2342L, 19200300L, 100L, 1L, 14L -- --// #define LN_documentLocation "documentLocation" --// #define NID_documentLocation 472 --// #define OBJ_documentLocation 0L, 9L, 2342L, 19200300L, 100L, 1L, 15L -- --// #define LN_homeTelephoneNumber "homeTelephoneNumber" --// #define NID_homeTelephoneNumber 473 --// #define OBJ_homeTelephoneNumber 0L, 9L, 2342L, 19200300L, 100L, 1L, 20L -- --// #define SN_secretary "secretary" --// #define NID_secretary 474 --// #define OBJ_secretary 0L, 9L, 2342L, 19200300L, 100L, 1L, 21L -- --// #define LN_otherMailbox "otherMailbox" --// #define NID_otherMailbox 475 --// #define OBJ_otherMailbox 0L, 9L, 2342L, 19200300L, 100L, 1L, 22L -- --// #define LN_lastModifiedTime "lastModifiedTime" --// #define NID_lastModifiedTime 476 --// #define OBJ_lastModifiedTime 0L, 9L, 2342L, 19200300L, 100L, 1L, 23L -- --// #define LN_lastModifiedBy "lastModifiedBy" --// #define NID_lastModifiedBy 477 --// #define OBJ_lastModifiedBy 0L, 9L, 2342L, 19200300L, 100L, 1L, 24L -- --// #define LN_aRecord "aRecord" --// #define NID_aRecord 478 --// #define OBJ_aRecord 0L, 9L, 2342L, 19200300L, 100L, 1L, 26L -- --// #define LN_pilotAttributeType27 "pilotAttributeType27" --// #define NID_pilotAttributeType27 479 --// #define OBJ_pilotAttributeType27 0L, 9L, 2342L, 19200300L, 100L, 1L, 27L -- --// #define LN_mXRecord "mXRecord" --// #define NID_mXRecord 480 --// #define OBJ_mXRecord 0L, 9L, 2342L, 19200300L, 100L, 1L, 28L -- --// #define LN_nSRecord "nSRecord" --// #define NID_nSRecord 481 --// #define OBJ_nSRecord 0L, 9L, 2342L, 19200300L, 100L, 1L, 29L -- --// #define LN_sOARecord "sOARecord" --// #define NID_sOARecord 482 --// #define OBJ_sOARecord 0L, 9L, 2342L, 19200300L, 100L, 1L, 30L -- --// #define LN_cNAMERecord "cNAMERecord" --// #define NID_cNAMERecord 483 --// #define OBJ_cNAMERecord 0L, 9L, 2342L, 19200300L, 100L, 1L, 31L -- --// #define LN_associatedDomain "associatedDomain" --// #define NID_associatedDomain 484 --// #define OBJ_associatedDomain 0L, 9L, 2342L, 19200300L, 100L, 1L, 37L -- --// #define LN_associatedName "associatedName" --// #define NID_associatedName 485 --// #define OBJ_associatedName 0L, 9L, 2342L, 19200300L, 100L, 1L, 38L -- --// #define LN_homePostalAddress "homePostalAddress" --// #define NID_homePostalAddress 486 --// #define OBJ_homePostalAddress 0L, 9L, 2342L, 19200300L, 100L, 1L, 39L -- --// #define LN_personalTitle "personalTitle" --// #define NID_personalTitle 487 --// #define OBJ_personalTitle 0L, 9L, 2342L, 19200300L, 100L, 1L, 40L -- --// #define LN_mobileTelephoneNumber "mobileTelephoneNumber" --// #define NID_mobileTelephoneNumber 488 --// #define OBJ_mobileTelephoneNumber 0L, 9L, 2342L, 19200300L, 100L, 1L, 41L -- --// #define LN_pagerTelephoneNumber "pagerTelephoneNumber" --// #define NID_pagerTelephoneNumber 489 --// #define OBJ_pagerTelephoneNumber 0L, 9L, 2342L, 19200300L, 100L, 1L, 42L -- --// #define LN_friendlyCountryName "friendlyCountryName" --// #define NID_friendlyCountryName 490 --// #define OBJ_friendlyCountryName 0L, 9L, 2342L, 19200300L, 100L, 1L, 43L -- --// #define LN_organizationalStatus "organizationalStatus" --// #define NID_organizationalStatus 491 --// #define OBJ_organizationalStatus 0L, 9L, 2342L, 19200300L, 100L, 1L, 45L -- --// #define LN_janetMailbox "janetMailbox" --// #define NID_janetMailbox 492 --// #define OBJ_janetMailbox 0L, 9L, 2342L, 19200300L, 100L, 1L, 46L -- --// #define LN_mailPreferenceOption "mailPreferenceOption" --// #define NID_mailPreferenceOption 493 --// #define OBJ_mailPreferenceOption 0L, 9L, 2342L, 19200300L, 100L, 1L, 47L -- --// #define LN_buildingName "buildingName" --// #define NID_buildingName 494 --// #define OBJ_buildingName 0L, 9L, 2342L, 19200300L, 100L, 1L, 48L -- --// #define LN_dSAQuality "dSAQuality" --// #define NID_dSAQuality 495 --// #define OBJ_dSAQuality 0L, 9L, 2342L, 19200300L, 100L, 1L, 49L -- --// #define LN_singleLevelQuality "singleLevelQuality" --// #define NID_singleLevelQuality 496 --// #define OBJ_singleLevelQuality 0L, 9L, 2342L, 19200300L, 100L, 1L, 50L -- --// #define LN_subtreeMinimumQuality "subtreeMinimumQuality" --// #define NID_subtreeMinimumQuality 497 --// #define OBJ_subtreeMinimumQuality 0L, 9L, 2342L, 19200300L, 100L, 1L, 51L -- --// #define LN_subtreeMaximumQuality "subtreeMaximumQuality" --// #define NID_subtreeMaximumQuality 498 --// #define OBJ_subtreeMaximumQuality 0L, 9L, 2342L, 19200300L, 100L, 1L, 52L -- --// #define LN_personalSignature "personalSignature" --// #define NID_personalSignature 499 --// #define OBJ_personalSignature 0L, 9L, 2342L, 19200300L, 100L, 1L, 53L -- --// #define LN_dITRedirect "dITRedirect" --// #define NID_dITRedirect 500 --// #define OBJ_dITRedirect 0L, 9L, 2342L, 19200300L, 100L, 1L, 54L -- --// #define SN_audio "audio" --// #define NID_audio 501 --// #define OBJ_audio 0L, 9L, 2342L, 19200300L, 100L, 1L, 55L -- --// #define LN_documentPublisher "documentPublisher" --// #define NID_documentPublisher 502 --// #define OBJ_documentPublisher 0L, 9L, 2342L, 19200300L, 100L, 1L, 56L -- --// #define LN_x500UniqueIdentifier "x500UniqueIdentifier" --// #define NID_x500UniqueIdentifier 503 --// #define OBJ_x500UniqueIdentifier 2L, 5L, 4L, 45L -- --// #define SN_mime_mhs "mime-mhs" --// #define LN_mime_mhs "MIME MHS" --// #define NID_mime_mhs 504 --// #define OBJ_mime_mhs 1L, 3L, 6L, 1L, 7L, 1L -- --// #define SN_mime_mhs_headings "mime-mhs-headings" --// #define LN_mime_mhs_headings "mime-mhs-headings" --// #define NID_mime_mhs_headings 505 --// #define OBJ_mime_mhs_headings 1L, 3L, 6L, 1L, 7L, 1L, 1L -- --// #define SN_mime_mhs_bodies "mime-mhs-bodies" --// #define LN_mime_mhs_bodies "mime-mhs-bodies" --// #define NID_mime_mhs_bodies 506 --// #define OBJ_mime_mhs_bodies 1L, 3L, 6L, 1L, 7L, 1L, 2L -- --// #define SN_id_hex_partial_message "id-hex-partial-message" --// #define LN_id_hex_partial_message "id-hex-partial-message" --// #define NID_id_hex_partial_message 507 --// #define OBJ_id_hex_partial_message 1L, 3L, 6L, 1L, 7L, 1L, 1L, 1L -- --// #define SN_id_hex_multipart_message "id-hex-multipart-message" --// #define LN_id_hex_multipart_message "id-hex-multipart-message" --// #define NID_id_hex_multipart_message 508 --// #define OBJ_id_hex_multipart_message 1L, 3L, 6L, 1L, 7L, 1L, 1L, 2L -- --// #define LN_generationQualifier "generationQualifier" --// #define NID_generationQualifier 509 --// #define OBJ_generationQualifier 2L, 5L, 4L, 44L -- --// #define LN_pseudonym "pseudonym" --// #define NID_pseudonym 510 --// #define OBJ_pseudonym 2L, 5L, 4L, 65L -- --// #define SN_id_set "id-set" --// #define LN_id_set "Secure Electronic Transactions" --// #define NID_id_set 512 --// #define OBJ_id_set 2L, 23L, 42L -- --// #define SN_set_ctype "set-ctype" --// #define LN_set_ctype "content types" --// #define NID_set_ctype 513 --// #define OBJ_set_ctype 2L, 23L, 42L, 0L -- --// #define SN_set_msgExt "set-msgExt" --// #define LN_set_msgExt "message extensions" --// #define NID_set_msgExt 514 --// #define OBJ_set_msgExt 2L, 23L, 42L, 1L -- --// #define SN_set_attr "set-attr" --// #define NID_set_attr 515 --// #define OBJ_set_attr 2L, 23L, 42L, 3L -- --// #define SN_set_policy "set-policy" --// #define NID_set_policy 516 --// #define OBJ_set_policy 2L, 23L, 42L, 5L -- --// #define SN_set_certExt "set-certExt" --// #define LN_set_certExt "certificate extensions" --// #define NID_set_certExt 517 --// #define OBJ_set_certExt 2L, 23L, 42L, 7L -- --// #define SN_set_brand "set-brand" --// #define NID_set_brand 518 --// #define OBJ_set_brand 2L, 23L, 42L, 8L -- --// #define SN_setct_PANData "setct-PANData" --// #define NID_setct_PANData 519 --// #define OBJ_setct_PANData 2L, 23L, 42L, 0L, 0L -- --// #define SN_setct_PANToken "setct-PANToken" --// #define NID_setct_PANToken 520 --// #define OBJ_setct_PANToken 2L, 23L, 42L, 0L, 1L -- --// #define SN_setct_PANOnly "setct-PANOnly" --// #define NID_setct_PANOnly 521 --// #define OBJ_setct_PANOnly 2L, 23L, 42L, 0L, 2L -- --// #define SN_setct_OIData "setct-OIData" --// #define NID_setct_OIData 522 --// #define OBJ_setct_OIData 2L, 23L, 42L, 0L, 3L -- --// #define SN_setct_PI "setct-PI" --// #define NID_setct_PI 523 --// #define OBJ_setct_PI 2L, 23L, 42L, 0L, 4L -- --// #define SN_setct_PIData "setct-PIData" --// #define NID_setct_PIData 524 --// #define OBJ_setct_PIData 2L, 23L, 42L, 0L, 5L -- --// #define SN_setct_PIDataUnsigned "setct-PIDataUnsigned" --// #define NID_setct_PIDataUnsigned 525 --// #define OBJ_setct_PIDataUnsigned 2L, 23L, 42L, 0L, 6L -- --// #define SN_setct_HODInput "setct-HODInput" --// #define NID_setct_HODInput 526 --// #define OBJ_setct_HODInput 2L, 23L, 42L, 0L, 7L -- --// #define SN_setct_AuthResBaggage "setct-AuthResBaggage" --// #define NID_setct_AuthResBaggage 527 --// #define OBJ_setct_AuthResBaggage 2L, 23L, 42L, 0L, 8L -- --// #define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage" --// #define NID_setct_AuthRevReqBaggage 528 --// #define OBJ_setct_AuthRevReqBaggage 2L, 23L, 42L, 0L, 9L -- --// #define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage" --// #define NID_setct_AuthRevResBaggage 529 --// #define OBJ_setct_AuthRevResBaggage 2L, 23L, 42L, 0L, 10L -- --// #define SN_setct_CapTokenSeq "setct-CapTokenSeq" --// #define NID_setct_CapTokenSeq 530 --// #define OBJ_setct_CapTokenSeq 2L, 23L, 42L, 0L, 11L -- --// #define SN_setct_PInitResData "setct-PInitResData" --// #define NID_setct_PInitResData 531 --// #define OBJ_setct_PInitResData 2L, 23L, 42L, 0L, 12L -- --// #define SN_setct_PI_TBS "setct-PI-TBS" --// #define NID_setct_PI_TBS 532 --// #define OBJ_setct_PI_TBS 2L, 23L, 42L, 0L, 13L -- --// #define SN_setct_PResData "setct-PResData" --// #define NID_setct_PResData 533 --// #define OBJ_setct_PResData 2L, 23L, 42L, 0L, 14L -- --// #define SN_setct_AuthReqTBS "setct-AuthReqTBS" --// #define NID_setct_AuthReqTBS 534 --// #define OBJ_setct_AuthReqTBS 2L, 23L, 42L, 0L, 16L -- --// #define SN_setct_AuthResTBS "setct-AuthResTBS" --// #define NID_setct_AuthResTBS 535 --// #define OBJ_setct_AuthResTBS 2L, 23L, 42L, 0L, 17L -- --// #define SN_setct_AuthResTBSX "setct-AuthResTBSX" --// #define NID_setct_AuthResTBSX 536 --// #define OBJ_setct_AuthResTBSX 2L, 23L, 42L, 0L, 18L -- --// #define SN_setct_AuthTokenTBS "setct-AuthTokenTBS" --// #define NID_setct_AuthTokenTBS 537 --// #define OBJ_setct_AuthTokenTBS 2L, 23L, 42L, 0L, 19L -- --// #define SN_setct_CapTokenData "setct-CapTokenData" --// #define NID_setct_CapTokenData 538 --// #define OBJ_setct_CapTokenData 2L, 23L, 42L, 0L, 20L -- --// #define SN_setct_CapTokenTBS "setct-CapTokenTBS" --// #define NID_setct_CapTokenTBS 539 --// #define OBJ_setct_CapTokenTBS 2L, 23L, 42L, 0L, 21L -- --// #define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg" --// #define NID_setct_AcqCardCodeMsg 540 --// #define OBJ_setct_AcqCardCodeMsg 2L, 23L, 42L, 0L, 22L -- --// #define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS" --// #define NID_setct_AuthRevReqTBS 541 --// #define OBJ_setct_AuthRevReqTBS 2L, 23L, 42L, 0L, 23L -- --// #define SN_setct_AuthRevResData "setct-AuthRevResData" --// #define NID_setct_AuthRevResData 542 --// #define OBJ_setct_AuthRevResData 2L, 23L, 42L, 0L, 24L -- --// #define SN_setct_AuthRevResTBS "setct-AuthRevResTBS" --// #define NID_setct_AuthRevResTBS 543 --// #define OBJ_setct_AuthRevResTBS 2L, 23L, 42L, 0L, 25L -- --// #define SN_setct_CapReqTBS "setct-CapReqTBS" --// #define NID_setct_CapReqTBS 544 --// #define OBJ_setct_CapReqTBS 2L, 23L, 42L, 0L, 26L -- --// #define SN_setct_CapReqTBSX "setct-CapReqTBSX" --// #define NID_setct_CapReqTBSX 545 --// #define OBJ_setct_CapReqTBSX 2L, 23L, 42L, 0L, 27L -- --// #define SN_setct_CapResData "setct-CapResData" --// #define NID_setct_CapResData 546 --// #define OBJ_setct_CapResData 2L, 23L, 42L, 0L, 28L -- --// #define SN_setct_CapRevReqTBS "setct-CapRevReqTBS" --// #define NID_setct_CapRevReqTBS 547 --// #define OBJ_setct_CapRevReqTBS 2L, 23L, 42L, 0L, 29L -- --// #define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX" --// #define NID_setct_CapRevReqTBSX 548 --// #define OBJ_setct_CapRevReqTBSX 2L, 23L, 42L, 0L, 30L -- --// #define SN_setct_CapRevResData "setct-CapRevResData" --// #define NID_setct_CapRevResData 549 --// #define OBJ_setct_CapRevResData 2L, 23L, 42L, 0L, 31L -- --// #define SN_setct_CredReqTBS "setct-CredReqTBS" --// #define NID_setct_CredReqTBS 550 --// #define OBJ_setct_CredReqTBS 2L, 23L, 42L, 0L, 32L -- --// #define SN_setct_CredReqTBSX "setct-CredReqTBSX" --// #define NID_setct_CredReqTBSX 551 --// #define OBJ_setct_CredReqTBSX 2L, 23L, 42L, 0L, 33L -- --// #define SN_setct_CredResData "setct-CredResData" --// #define NID_setct_CredResData 552 --// #define OBJ_setct_CredResData 2L, 23L, 42L, 0L, 34L -- --// #define SN_setct_CredRevReqTBS "setct-CredRevReqTBS" --// #define NID_setct_CredRevReqTBS 553 --// #define OBJ_setct_CredRevReqTBS 2L, 23L, 42L, 0L, 35L -- --// #define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX" --// #define NID_setct_CredRevReqTBSX 554 --// #define OBJ_setct_CredRevReqTBSX 2L, 23L, 42L, 0L, 36L -- --// #define SN_setct_CredRevResData "setct-CredRevResData" --// #define NID_setct_CredRevResData 555 --// #define OBJ_setct_CredRevResData 2L, 23L, 42L, 0L, 37L -- --// #define SN_setct_PCertReqData "setct-PCertReqData" --// #define NID_setct_PCertReqData 556 --// #define OBJ_setct_PCertReqData 2L, 23L, 42L, 0L, 38L -- --// #define SN_setct_PCertResTBS "setct-PCertResTBS" --// #define NID_setct_PCertResTBS 557 --// #define OBJ_setct_PCertResTBS 2L, 23L, 42L, 0L, 39L -- --// #define SN_setct_BatchAdminReqData "setct-BatchAdminReqData" --// #define NID_setct_BatchAdminReqData 558 --// #define OBJ_setct_BatchAdminReqData 2L, 23L, 42L, 0L, 40L -- --// #define SN_setct_BatchAdminResData "setct-BatchAdminResData" --// #define NID_setct_BatchAdminResData 559 --// #define OBJ_setct_BatchAdminResData 2L, 23L, 42L, 0L, 41L -- --// #define SN_setct_CardCInitResTBS "setct-CardCInitResTBS" --// #define NID_setct_CardCInitResTBS 560 --// #define OBJ_setct_CardCInitResTBS 2L, 23L, 42L, 0L, 42L -- --// #define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS" --// #define NID_setct_MeAqCInitResTBS 561 --// #define OBJ_setct_MeAqCInitResTBS 2L, 23L, 42L, 0L, 43L -- --// #define SN_setct_RegFormResTBS "setct-RegFormResTBS" --// #define NID_setct_RegFormResTBS 562 --// #define OBJ_setct_RegFormResTBS 2L, 23L, 42L, 0L, 44L -- --// #define SN_setct_CertReqData "setct-CertReqData" --// #define NID_setct_CertReqData 563 --// #define OBJ_setct_CertReqData 2L, 23L, 42L, 0L, 45L -- --// #define SN_setct_CertReqTBS "setct-CertReqTBS" --// #define NID_setct_CertReqTBS 564 --// #define OBJ_setct_CertReqTBS 2L, 23L, 42L, 0L, 46L -- --// #define SN_setct_CertResData "setct-CertResData" --// #define NID_setct_CertResData 565 --// #define OBJ_setct_CertResData 2L, 23L, 42L, 0L, 47L -- --// #define SN_setct_CertInqReqTBS "setct-CertInqReqTBS" --// #define NID_setct_CertInqReqTBS 566 --// #define OBJ_setct_CertInqReqTBS 2L, 23L, 42L, 0L, 48L -- --// #define SN_setct_ErrorTBS "setct-ErrorTBS" --// #define NID_setct_ErrorTBS 567 --// #define OBJ_setct_ErrorTBS 2L, 23L, 42L, 0L, 49L -- --// #define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE" --// #define NID_setct_PIDualSignedTBE 568 --// #define OBJ_setct_PIDualSignedTBE 2L, 23L, 42L, 0L, 50L -- --// #define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE" --// #define NID_setct_PIUnsignedTBE 569 --// #define OBJ_setct_PIUnsignedTBE 2L, 23L, 42L, 0L, 51L -- --// #define SN_setct_AuthReqTBE "setct-AuthReqTBE" --// #define NID_setct_AuthReqTBE 570 --// #define OBJ_setct_AuthReqTBE 2L, 23L, 42L, 0L, 52L -- --// #define SN_setct_AuthResTBE "setct-AuthResTBE" --// #define NID_setct_AuthResTBE 571 --// #define OBJ_setct_AuthResTBE 2L, 23L, 42L, 0L, 53L -- --// #define SN_setct_AuthResTBEX "setct-AuthResTBEX" --// #define NID_setct_AuthResTBEX 572 --// #define OBJ_setct_AuthResTBEX 2L, 23L, 42L, 0L, 54L -- --// #define SN_setct_AuthTokenTBE "setct-AuthTokenTBE" --// #define NID_setct_AuthTokenTBE 573 --// #define OBJ_setct_AuthTokenTBE 2L, 23L, 42L, 0L, 55L -- --// #define SN_setct_CapTokenTBE "setct-CapTokenTBE" --// #define NID_setct_CapTokenTBE 574 --// #define OBJ_setct_CapTokenTBE 2L, 23L, 42L, 0L, 56L -- --// #define SN_setct_CapTokenTBEX "setct-CapTokenTBEX" --// #define NID_setct_CapTokenTBEX 575 --// #define OBJ_setct_CapTokenTBEX 2L, 23L, 42L, 0L, 57L -- --// #define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE" --// #define NID_setct_AcqCardCodeMsgTBE 576 --// #define OBJ_setct_AcqCardCodeMsgTBE 2L, 23L, 42L, 0L, 58L -- --// #define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE" --// #define NID_setct_AuthRevReqTBE 577 --// #define OBJ_setct_AuthRevReqTBE 2L, 23L, 42L, 0L, 59L -- --// #define SN_setct_AuthRevResTBE "setct-AuthRevResTBE" --// #define NID_setct_AuthRevResTBE 578 --// #define OBJ_setct_AuthRevResTBE 2L, 23L, 42L, 0L, 60L -- --// #define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB" --// #define NID_setct_AuthRevResTBEB 579 --// #define OBJ_setct_AuthRevResTBEB 2L, 23L, 42L, 0L, 61L -- --// #define SN_setct_CapReqTBE "setct-CapReqTBE" --// #define NID_setct_CapReqTBE 580 --// #define OBJ_setct_CapReqTBE 2L, 23L, 42L, 0L, 62L -- --// #define SN_setct_CapReqTBEX "setct-CapReqTBEX" --// #define NID_setct_CapReqTBEX 581 --// #define OBJ_setct_CapReqTBEX 2L, 23L, 42L, 0L, 63L -- --// #define SN_setct_CapResTBE "setct-CapResTBE" --// #define NID_setct_CapResTBE 582 --// #define OBJ_setct_CapResTBE 2L, 23L, 42L, 0L, 64L -- --// #define SN_setct_CapRevReqTBE "setct-CapRevReqTBE" --// #define NID_setct_CapRevReqTBE 583 --// #define OBJ_setct_CapRevReqTBE 2L, 23L, 42L, 0L, 65L -- --// #define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX" --// #define NID_setct_CapRevReqTBEX 584 --// #define OBJ_setct_CapRevReqTBEX 2L, 23L, 42L, 0L, 66L -- --// #define SN_setct_CapRevResTBE "setct-CapRevResTBE" --// #define NID_setct_CapRevResTBE 585 --// #define OBJ_setct_CapRevResTBE 2L, 23L, 42L, 0L, 67L -- --// #define SN_setct_CredReqTBE "setct-CredReqTBE" --// #define NID_setct_CredReqTBE 586 --// #define OBJ_setct_CredReqTBE 2L, 23L, 42L, 0L, 68L -- --// #define SN_setct_CredReqTBEX "setct-CredReqTBEX" --// #define NID_setct_CredReqTBEX 587 --// #define OBJ_setct_CredReqTBEX 2L, 23L, 42L, 0L, 69L -- --// #define SN_setct_CredResTBE "setct-CredResTBE" --// #define NID_setct_CredResTBE 588 --// #define OBJ_setct_CredResTBE 2L, 23L, 42L, 0L, 70L -- --// #define SN_setct_CredRevReqTBE "setct-CredRevReqTBE" --// #define NID_setct_CredRevReqTBE 589 --// #define OBJ_setct_CredRevReqTBE 2L, 23L, 42L, 0L, 71L -- --// #define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX" --// #define NID_setct_CredRevReqTBEX 590 --// #define OBJ_setct_CredRevReqTBEX 2L, 23L, 42L, 0L, 72L -- --// #define SN_setct_CredRevResTBE "setct-CredRevResTBE" --// #define NID_setct_CredRevResTBE 591 --// #define OBJ_setct_CredRevResTBE 2L, 23L, 42L, 0L, 73L -- --// #define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE" --// #define NID_setct_BatchAdminReqTBE 592 --// #define OBJ_setct_BatchAdminReqTBE 2L, 23L, 42L, 0L, 74L -- --// #define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE" --// #define NID_setct_BatchAdminResTBE 593 --// #define OBJ_setct_BatchAdminResTBE 2L, 23L, 42L, 0L, 75L -- --// #define SN_setct_RegFormReqTBE "setct-RegFormReqTBE" --// #define NID_setct_RegFormReqTBE 594 --// #define OBJ_setct_RegFormReqTBE 2L, 23L, 42L, 0L, 76L -- --// #define SN_setct_CertReqTBE "setct-CertReqTBE" --// #define NID_setct_CertReqTBE 595 --// #define OBJ_setct_CertReqTBE 2L, 23L, 42L, 0L, 77L -- --// #define SN_setct_CertReqTBEX "setct-CertReqTBEX" --// #define NID_setct_CertReqTBEX 596 --// #define OBJ_setct_CertReqTBEX 2L, 23L, 42L, 0L, 78L -- --// #define SN_setct_CertResTBE "setct-CertResTBE" --// #define NID_setct_CertResTBE 597 --// #define OBJ_setct_CertResTBE 2L, 23L, 42L, 0L, 79L -- --// #define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS" --// #define NID_setct_CRLNotificationTBS 598 --// #define OBJ_setct_CRLNotificationTBS 2L, 23L, 42L, 0L, 80L -- --// #define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS" --// #define NID_setct_CRLNotificationResTBS 599 --// #define OBJ_setct_CRLNotificationResTBS 2L, 23L, 42L, 0L, 81L -- --// #define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS" --// #define NID_setct_BCIDistributionTBS 600 --// #define OBJ_setct_BCIDistributionTBS 2L, 23L, 42L, 0L, 82L -- --// #define SN_setext_genCrypt "setext-genCrypt" --// #define LN_setext_genCrypt "generic cryptogram" --// #define NID_setext_genCrypt 601 --// #define OBJ_setext_genCrypt 2L, 23L, 42L, 1L, 1L -- --// #define SN_setext_miAuth "setext-miAuth" --// #define LN_setext_miAuth "merchant initiated auth" --// #define NID_setext_miAuth 602 --// #define OBJ_setext_miAuth 2L, 23L, 42L, 1L, 3L -- --// #define SN_setext_pinSecure "setext-pinSecure" --// #define NID_setext_pinSecure 603 --// #define OBJ_setext_pinSecure 2L, 23L, 42L, 1L, 4L -- --// #define SN_setext_pinAny "setext-pinAny" --// #define NID_setext_pinAny 604 --// #define OBJ_setext_pinAny 2L, 23L, 42L, 1L, 5L -- --// #define SN_setext_track2 "setext-track2" --// #define NID_setext_track2 605 --// #define OBJ_setext_track2 2L, 23L, 42L, 1L, 7L -- --// #define SN_setext_cv "setext-cv" --// #define LN_setext_cv "additional verification" --// #define NID_setext_cv 606 --// #define OBJ_setext_cv 2L, 23L, 42L, 1L, 8L -- --// #define SN_set_policy_root "set-policy-root" --// #define NID_set_policy_root 607 --// #define OBJ_set_policy_root 2L, 23L, 42L, 5L, 0L -- --// #define SN_setCext_hashedRoot "setCext-hashedRoot" --// #define NID_setCext_hashedRoot 608 --// #define OBJ_setCext_hashedRoot 2L, 23L, 42L, 7L, 0L -- --// #define SN_setCext_certType "setCext-certType" --// #define NID_setCext_certType 609 --// #define OBJ_setCext_certType 2L, 23L, 42L, 7L, 1L -- --// #define SN_setCext_merchData "setCext-merchData" --// #define NID_setCext_merchData 610 --// #define OBJ_setCext_merchData 2L, 23L, 42L, 7L, 2L -- --// #define SN_setCext_cCertRequired "setCext-cCertRequired" --// #define NID_setCext_cCertRequired 611 --// #define OBJ_setCext_cCertRequired 2L, 23L, 42L, 7L, 3L -- --// #define SN_setCext_tunneling "setCext-tunneling" --// #define NID_setCext_tunneling 612 --// #define OBJ_setCext_tunneling 2L, 23L, 42L, 7L, 4L -- --// #define SN_setCext_setExt "setCext-setExt" --// #define NID_setCext_setExt 613 --// #define OBJ_setCext_setExt 2L, 23L, 42L, 7L, 5L -- --// #define SN_setCext_setQualf "setCext-setQualf" --// #define NID_setCext_setQualf 614 --// #define OBJ_setCext_setQualf 2L, 23L, 42L, 7L, 6L -- --// #define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities" --// #define NID_setCext_PGWYcapabilities 615 --// #define OBJ_setCext_PGWYcapabilities 2L, 23L, 42L, 7L, 7L -- --// #define SN_setCext_TokenIdentifier "setCext-TokenIdentifier" --// #define NID_setCext_TokenIdentifier 616 --// #define OBJ_setCext_TokenIdentifier 2L, 23L, 42L, 7L, 8L -- --// #define SN_setCext_Track2Data "setCext-Track2Data" --// #define NID_setCext_Track2Data 617 --// #define OBJ_setCext_Track2Data 2L, 23L, 42L, 7L, 9L -- --// #define SN_setCext_TokenType "setCext-TokenType" --// #define NID_setCext_TokenType 618 --// #define OBJ_setCext_TokenType 2L, 23L, 42L, 7L, 10L -- --// #define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities" --// #define NID_setCext_IssuerCapabilities 619 --// #define OBJ_setCext_IssuerCapabilities 2L, 23L, 42L, 7L, 11L -- --// #define SN_setAttr_Cert "setAttr-Cert" --// #define NID_setAttr_Cert 620 --// #define OBJ_setAttr_Cert 2L, 23L, 42L, 3L, 0L -- --// #define SN_setAttr_PGWYcap "setAttr-PGWYcap" --// #define LN_setAttr_PGWYcap "payment gateway capabilities" --// #define NID_setAttr_PGWYcap 621 --// #define OBJ_setAttr_PGWYcap 2L, 23L, 42L, 3L, 1L -- --// #define SN_setAttr_TokenType "setAttr-TokenType" --// #define NID_setAttr_TokenType 622 --// #define OBJ_setAttr_TokenType 2L, 23L, 42L, 3L, 2L -- --// #define SN_setAttr_IssCap "setAttr-IssCap" --// #define LN_setAttr_IssCap "issuer capabilities" --// #define NID_setAttr_IssCap 623 --// #define OBJ_setAttr_IssCap 2L, 23L, 42L, 3L, 3L -- --// #define SN_set_rootKeyThumb "set-rootKeyThumb" --// #define NID_set_rootKeyThumb 624 --// #define OBJ_set_rootKeyThumb 2L, 23L, 42L, 3L, 0L, 0L -- --// #define SN_set_addPolicy "set-addPolicy" --// #define NID_set_addPolicy 625 --// #define OBJ_set_addPolicy 2L, 23L, 42L, 3L, 0L, 1L -- --// #define SN_setAttr_Token_EMV "setAttr-Token-EMV" --// #define NID_setAttr_Token_EMV 626 --// #define OBJ_setAttr_Token_EMV 2L, 23L, 42L, 3L, 2L, 1L -- --// #define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime" --// #define NID_setAttr_Token_B0Prime 627 --// #define OBJ_setAttr_Token_B0Prime 2L, 23L, 42L, 3L, 2L, 2L -- --// #define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM" --// #define NID_setAttr_IssCap_CVM 628 --// #define OBJ_setAttr_IssCap_CVM 2L, 23L, 42L, 3L, 3L, 3L -- --// #define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2" --// #define NID_setAttr_IssCap_T2 629 --// #define OBJ_setAttr_IssCap_T2 2L, 23L, 42L, 3L, 3L, 4L -- --// #define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig" --// #define NID_setAttr_IssCap_Sig 630 --// #define OBJ_setAttr_IssCap_Sig 2L, 23L, 42L, 3L, 3L, 5L -- --// #define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm" --// #define LN_setAttr_GenCryptgrm "generate cryptogram" --// #define NID_setAttr_GenCryptgrm 631 --// #define OBJ_setAttr_GenCryptgrm 2L, 23L, 42L, 3L, 3L, 3L, 1L -- --// #define SN_setAttr_T2Enc "setAttr-T2Enc" --// #define LN_setAttr_T2Enc "encrypted track 2" --// #define NID_setAttr_T2Enc 632 --// #define OBJ_setAttr_T2Enc 2L, 23L, 42L, 3L, 3L, 4L, 1L -- --// #define SN_setAttr_T2cleartxt "setAttr-T2cleartxt" --// #define LN_setAttr_T2cleartxt "cleartext track 2" --// #define NID_setAttr_T2cleartxt 633 --// #define OBJ_setAttr_T2cleartxt 2L, 23L, 42L, 3L, 3L, 4L, 2L -- --// #define SN_setAttr_TokICCsig "setAttr-TokICCsig" --// #define LN_setAttr_TokICCsig "ICC or token signature" --// #define NID_setAttr_TokICCsig 634 --// #define OBJ_setAttr_TokICCsig 2L, 23L, 42L, 3L, 3L, 5L, 1L -- --// #define SN_setAttr_SecDevSig "setAttr-SecDevSig" --// #define LN_setAttr_SecDevSig "secure device signature" --// #define NID_setAttr_SecDevSig 635 --// #define OBJ_setAttr_SecDevSig 2L, 23L, 42L, 3L, 3L, 5L, 2L -- --// #define SN_set_brand_IATA_ATA "set-brand-IATA-ATA" --// #define NID_set_brand_IATA_ATA 636 --// #define OBJ_set_brand_IATA_ATA 2L, 23L, 42L, 8L, 1L -- --// #define SN_set_brand_Diners "set-brand-Diners" --// #define NID_set_brand_Diners 637 --// #define OBJ_set_brand_Diners 2L, 23L, 42L, 8L, 30L -- --// #define SN_set_brand_AmericanExpress "set-brand-AmericanExpress" --// #define NID_set_brand_AmericanExpress 638 --// #define OBJ_set_brand_AmericanExpress 2L, 23L, 42L, 8L, 34L -- --// #define SN_set_brand_JCB "set-brand-JCB" --// #define NID_set_brand_JCB 639 --// #define OBJ_set_brand_JCB 2L, 23L, 42L, 8L, 35L -- --// #define SN_set_brand_Visa "set-brand-Visa" --// #define NID_set_brand_Visa 640 --// #define OBJ_set_brand_Visa 2L, 23L, 42L, 8L, 4L -- --// #define SN_set_brand_MasterCard "set-brand-MasterCard" --// #define NID_set_brand_MasterCard 641 --// #define OBJ_set_brand_MasterCard 2L, 23L, 42L, 8L, 5L -- --// #define SN_set_brand_Novus "set-brand-Novus" --// #define NID_set_brand_Novus 642 --// #define OBJ_set_brand_Novus 2L, 23L, 42L, 8L, 6011L -- --// #define SN_des_cdmf "DES-CDMF" --// #define LN_des_cdmf "des-cdmf" --// #define NID_des_cdmf 643 --// #define OBJ_des_cdmf 1L, 2L, 840L, 113549L, 3L, 10L -- --// #define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET" --// #define NID_rsaOAEPEncryptionSET 644 --// #define OBJ_rsaOAEPEncryptionSET 1L, 2L, 840L, 113549L, 1L, 1L, 6L -- --// #define SN_itu_t "ITU-T" --// #define LN_itu_t "itu-t" --// #define NID_itu_t 645 --// #define OBJ_itu_t 0L -- --// #define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" --// #define LN_joint_iso_itu_t "joint-iso-itu-t" --// #define NID_joint_iso_itu_t 646 --// #define OBJ_joint_iso_itu_t 2L -- --// #define SN_international_organizations "international-organizations" --// #define LN_international_organizations "International Organizations" --// #define NID_international_organizations 647 --// #define OBJ_international_organizations 2L, 23L -- --// #define SN_ms_smartcard_login "msSmartcardLogin" --// #define LN_ms_smartcard_login "Microsoft Smartcardlogin" --// #define NID_ms_smartcard_login 648 --// #define OBJ_ms_smartcard_login 1L, 3L, 6L, 1L, 4L, 1L, 311L, 20L, 2L, 2L -- --// #define SN_ms_upn "msUPN" --// #define LN_ms_upn "Microsoft Universal Principal Name" --// #define NID_ms_upn 649 --// #define OBJ_ms_upn 1L, 3L, 6L, 1L, 4L, 1L, 311L, 20L, 2L, 3L -- --// #define SN_aes_128_cfb1 "AES-128-CFB1" --// #define LN_aes_128_cfb1 "aes-128-cfb1" --// #define NID_aes_128_cfb1 650 -- --// #define SN_aes_192_cfb1 "AES-192-CFB1" --// #define LN_aes_192_cfb1 "aes-192-cfb1" --// #define NID_aes_192_cfb1 651 -- --// #define SN_aes_256_cfb1 "AES-256-CFB1" --// #define LN_aes_256_cfb1 "aes-256-cfb1" --// #define NID_aes_256_cfb1 652 -- --// #define SN_aes_128_cfb8 "AES-128-CFB8" --// #define LN_aes_128_cfb8 "aes-128-cfb8" --// #define NID_aes_128_cfb8 653 -- --// #define SN_aes_192_cfb8 "AES-192-CFB8" --// #define LN_aes_192_cfb8 "aes-192-cfb8" --// #define NID_aes_192_cfb8 654 -- --// #define SN_aes_256_cfb8 "AES-256-CFB8" --// #define LN_aes_256_cfb8 "aes-256-cfb8" --// #define NID_aes_256_cfb8 655 -- --// #define SN_des_cfb1 "DES-CFB1" --// #define LN_des_cfb1 "des-cfb1" --// #define NID_des_cfb1 656 -- --// #define SN_des_cfb8 "DES-CFB8" --// #define LN_des_cfb8 "des-cfb8" --// #define NID_des_cfb8 657 -- --// #define SN_des_ede3_cfb1 "DES-EDE3-CFB1" --// #define LN_des_ede3_cfb1 "des-ede3-cfb1" --// #define NID_des_ede3_cfb1 658 -- --// #define SN_des_ede3_cfb8 "DES-EDE3-CFB8" --// #define LN_des_ede3_cfb8 "des-ede3-cfb8" --// #define NID_des_ede3_cfb8 659 -- --// #define SN_streetAddress "street" --// #define LN_streetAddress "streetAddress" --// #define NID_streetAddress 660 --// #define OBJ_streetAddress 2L, 5L, 4L, 9L -- --// #define LN_postalCode "postalCode" --// #define NID_postalCode 661 --// #define OBJ_postalCode 2L, 5L, 4L, 17L -- --// #define SN_id_ppl "id-ppl" --// #define NID_id_ppl 662 --// #define OBJ_id_ppl 1L, 3L, 6L, 1L, 5L, 5L, 7L, 21L -- --// #define SN_proxyCertInfo "proxyCertInfo" --// #define LN_proxyCertInfo "Proxy Certificate Information" --// #define NID_proxyCertInfo 663 --// #define OBJ_proxyCertInfo 1L, 3L, 6L, 1L, 5L, 5L, 7L, 1L, 14L -- --// #define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" --// #define LN_id_ppl_anyLanguage "Any language" --// #define NID_id_ppl_anyLanguage 664 --// #define OBJ_id_ppl_anyLanguage 1L, 3L, 6L, 1L, 5L, 5L, 7L, 21L, 0L -- --// #define SN_id_ppl_inheritAll "id-ppl-inheritAll" --// #define LN_id_ppl_inheritAll "Inherit all" --// #define NID_id_ppl_inheritAll 665 --// #define OBJ_id_ppl_inheritAll 1L, 3L, 6L, 1L, 5L, 5L, 7L, 21L, 1L -- --// #define SN_name_constraints "nameConstraints" --// #define LN_name_constraints "X509v3 Name Constraints" --// #define NID_name_constraints 666 --// #define OBJ_name_constraints 2L, 5L, 29L, 30L -- --// #define SN_Independent "id-ppl-independent" --// #define LN_Independent "Independent" --// #define NID_Independent 667 --// #define OBJ_Independent 1L, 3L, 6L, 1L, 5L, 5L, 7L, 21L, 2L -- --// #define SN_sha256WithRSAEncryption "RSA-SHA256" --// #define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" --// #define NID_sha256WithRSAEncryption 668 --// #define OBJ_sha256WithRSAEncryption 1L, 2L, 840L, 113549L, 1L, 1L, 11L -- --// #define SN_sha384WithRSAEncryption "RSA-SHA384" --// #define LN_sha384WithRSAEncryption "sha384WithRSAEncryption" --// #define NID_sha384WithRSAEncryption 669 --// #define OBJ_sha384WithRSAEncryption 1L, 2L, 840L, 113549L, 1L, 1L, 12L -- --// #define SN_sha512WithRSAEncryption "RSA-SHA512" --// #define LN_sha512WithRSAEncryption "sha512WithRSAEncryption" --// #define NID_sha512WithRSAEncryption 670 --// #define OBJ_sha512WithRSAEncryption 1L, 2L, 840L, 113549L, 1L, 1L, 13L -- --// #define SN_sha224WithRSAEncryption "RSA-SHA224" --// #define LN_sha224WithRSAEncryption "sha224WithRSAEncryption" --// #define NID_sha224WithRSAEncryption 671 --// #define OBJ_sha224WithRSAEncryption 1L, 2L, 840L, 113549L, 1L, 1L, 14L -- --// #define SN_sha256 "SHA256" --// #define LN_sha256 "sha256" --// #define NID_sha256 672 --// #define OBJ_sha256 2L, 16L, 840L, 1L, 101L, 3L, 4L, 2L, 1L -- --// #define SN_sha384 "SHA384" --// #define LN_sha384 "sha384" --// #define NID_sha384 673 --// #define OBJ_sha384 2L, 16L, 840L, 1L, 101L, 3L, 4L, 2L, 2L -- --// #define SN_sha512 "SHA512" --// #define LN_sha512 "sha512" --// #define NID_sha512 674 --// #define OBJ_sha512 2L, 16L, 840L, 1L, 101L, 3L, 4L, 2L, 3L -- --// #define SN_sha224 "SHA224" --// #define LN_sha224 "sha224" --// #define NID_sha224 675 --// #define OBJ_sha224 2L, 16L, 840L, 1L, 101L, 3L, 4L, 2L, 4L -- --// #define SN_identified_organization "identified-organization" --// #define NID_identified_organization 676 --// #define OBJ_identified_organization 1L, 3L -- --// #define SN_certicom_arc "certicom-arc" --// #define NID_certicom_arc 677 --// #define OBJ_certicom_arc 1L, 3L, 132L -- --// #define SN_wap "wap" --// #define NID_wap 678 --// #define OBJ_wap 2L, 23L, 43L -- --// #define SN_wap_wsg "wap-wsg" --// #define NID_wap_wsg 679 --// #define OBJ_wap_wsg 2L, 23L, 43L, 1L -- --// #define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis" --// #define NID_X9_62_id_characteristic_two_basis 680 --// #define OBJ_X9_62_id_characteristic_two_basis 1L, 2L, 840L, 10045L, 1L, 2L, 3L -- --// #define SN_X9_62_onBasis "onBasis" --// #define NID_X9_62_onBasis 681 --// #define OBJ_X9_62_onBasis 1L, 2L, 840L, 10045L, 1L, 2L, 3L, 1L -- --// #define SN_X9_62_tpBasis "tpBasis" --// #define NID_X9_62_tpBasis 682 --// #define OBJ_X9_62_tpBasis 1L, 2L, 840L, 10045L, 1L, 2L, 3L, 2L -- --// #define SN_X9_62_ppBasis "ppBasis" --// #define NID_X9_62_ppBasis 683 --// #define OBJ_X9_62_ppBasis 1L, 2L, 840L, 10045L, 1L, 2L, 3L, 3L -- --// #define SN_X9_62_c2pnb163v1 "c2pnb163v1" --// #define NID_X9_62_c2pnb163v1 684 --// #define OBJ_X9_62_c2pnb163v1 1L, 2L, 840L, 10045L, 3L, 0L, 1L -- --// #define SN_X9_62_c2pnb163v2 "c2pnb163v2" --// #define NID_X9_62_c2pnb163v2 685 --// #define OBJ_X9_62_c2pnb163v2 1L, 2L, 840L, 10045L, 3L, 0L, 2L -- --// #define SN_X9_62_c2pnb163v3 "c2pnb163v3" --// #define NID_X9_62_c2pnb163v3 686 --// #define OBJ_X9_62_c2pnb163v3 1L, 2L, 840L, 10045L, 3L, 0L, 3L -- --// #define SN_X9_62_c2pnb176v1 "c2pnb176v1" --// #define NID_X9_62_c2pnb176v1 687 --// #define OBJ_X9_62_c2pnb176v1 1L, 2L, 840L, 10045L, 3L, 0L, 4L -- --// #define SN_X9_62_c2tnb191v1 "c2tnb191v1" --// #define NID_X9_62_c2tnb191v1 688 --// #define OBJ_X9_62_c2tnb191v1 1L, 2L, 840L, 10045L, 3L, 0L, 5L -- --// #define SN_X9_62_c2tnb191v2 "c2tnb191v2" --// #define NID_X9_62_c2tnb191v2 689 --// #define OBJ_X9_62_c2tnb191v2 1L, 2L, 840L, 10045L, 3L, 0L, 6L -- --// #define SN_X9_62_c2tnb191v3 "c2tnb191v3" --// #define NID_X9_62_c2tnb191v3 690 --// #define OBJ_X9_62_c2tnb191v3 1L, 2L, 840L, 10045L, 3L, 0L, 7L -- --// #define SN_X9_62_c2onb191v4 "c2onb191v4" --// #define NID_X9_62_c2onb191v4 691 --// #define OBJ_X9_62_c2onb191v4 1L, 2L, 840L, 10045L, 3L, 0L, 8L -- --// #define SN_X9_62_c2onb191v5 "c2onb191v5" --// #define NID_X9_62_c2onb191v5 692 --// #define OBJ_X9_62_c2onb191v5 1L, 2L, 840L, 10045L, 3L, 0L, 9L -- --// #define SN_X9_62_c2pnb208w1 "c2pnb208w1" --// #define NID_X9_62_c2pnb208w1 693 --// #define OBJ_X9_62_c2pnb208w1 1L, 2L, 840L, 10045L, 3L, 0L, 10L -- --// #define SN_X9_62_c2tnb239v1 "c2tnb239v1" --// #define NID_X9_62_c2tnb239v1 694 --// #define OBJ_X9_62_c2tnb239v1 1L, 2L, 840L, 10045L, 3L, 0L, 11L -- --// #define SN_X9_62_c2tnb239v2 "c2tnb239v2" --// #define NID_X9_62_c2tnb239v2 695 --// #define OBJ_X9_62_c2tnb239v2 1L, 2L, 840L, 10045L, 3L, 0L, 12L -- --// #define SN_X9_62_c2tnb239v3 "c2tnb239v3" --// #define NID_X9_62_c2tnb239v3 696 --// #define OBJ_X9_62_c2tnb239v3 1L, 2L, 840L, 10045L, 3L, 0L, 13L -- --// #define SN_X9_62_c2onb239v4 "c2onb239v4" --// #define NID_X9_62_c2onb239v4 697 --// #define OBJ_X9_62_c2onb239v4 1L, 2L, 840L, 10045L, 3L, 0L, 14L -- --// #define SN_X9_62_c2onb239v5 "c2onb239v5" --// #define NID_X9_62_c2onb239v5 698 --// #define OBJ_X9_62_c2onb239v5 1L, 2L, 840L, 10045L, 3L, 0L, 15L -- --// #define SN_X9_62_c2pnb272w1 "c2pnb272w1" --// #define NID_X9_62_c2pnb272w1 699 --// #define OBJ_X9_62_c2pnb272w1 1L, 2L, 840L, 10045L, 3L, 0L, 16L -- --// #define SN_X9_62_c2pnb304w1 "c2pnb304w1" --// #define NID_X9_62_c2pnb304w1 700 --// #define OBJ_X9_62_c2pnb304w1 1L, 2L, 840L, 10045L, 3L, 0L, 17L -- --// #define SN_X9_62_c2tnb359v1 "c2tnb359v1" --// #define NID_X9_62_c2tnb359v1 701 --// #define OBJ_X9_62_c2tnb359v1 1L, 2L, 840L, 10045L, 3L, 0L, 18L -- --// #define SN_X9_62_c2pnb368w1 "c2pnb368w1" --// #define NID_X9_62_c2pnb368w1 702 --// #define OBJ_X9_62_c2pnb368w1 1L, 2L, 840L, 10045L, 3L, 0L, 19L -- --// #define SN_X9_62_c2tnb431r1 "c2tnb431r1" --// #define NID_X9_62_c2tnb431r1 703 --// #define OBJ_X9_62_c2tnb431r1 1L, 2L, 840L, 10045L, 3L, 0L, 20L -- --// #define SN_secp112r1 "secp112r1" --// #define NID_secp112r1 704 --// #define OBJ_secp112r1 1L, 3L, 132L, 0L, 6L -- --// #define SN_secp112r2 "secp112r2" --// #define NID_secp112r2 705 --// #define OBJ_secp112r2 1L, 3L, 132L, 0L, 7L -- --// #define SN_secp128r1 "secp128r1" --// #define NID_secp128r1 706 --// #define OBJ_secp128r1 1L, 3L, 132L, 0L, 28L -- --// #define SN_secp128r2 "secp128r2" --// #define NID_secp128r2 707 --// #define OBJ_secp128r2 1L, 3L, 132L, 0L, 29L -- --// #define SN_secp160k1 "secp160k1" --// #define NID_secp160k1 708 --// #define OBJ_secp160k1 1L, 3L, 132L, 0L, 9L -- --// #define SN_secp160r1 "secp160r1" --// #define NID_secp160r1 709 --// #define OBJ_secp160r1 1L, 3L, 132L, 0L, 8L -- --// #define SN_secp160r2 "secp160r2" --// #define NID_secp160r2 710 --// #define OBJ_secp160r2 1L, 3L, 132L, 0L, 30L -- --// #define SN_secp192k1 "secp192k1" --// #define NID_secp192k1 711 --// #define OBJ_secp192k1 1L, 3L, 132L, 0L, 31L -- --// #define SN_secp224k1 "secp224k1" --// #define NID_secp224k1 712 --// #define OBJ_secp224k1 1L, 3L, 132L, 0L, 32L -- --// #define SN_secp224r1 "secp224r1" --// #define NID_secp224r1 713 --// #define OBJ_secp224r1 1L, 3L, 132L, 0L, 33L -- --// #define SN_secp256k1 "secp256k1" --// #define NID_secp256k1 714 --// #define OBJ_secp256k1 1L, 3L, 132L, 0L, 10L -- --// #define SN_secp384r1 "secp384r1" --// #define NID_secp384r1 715 --// #define OBJ_secp384r1 1L, 3L, 132L, 0L, 34L -- --// #define SN_secp521r1 "secp521r1" --// #define NID_secp521r1 716 --// #define OBJ_secp521r1 1L, 3L, 132L, 0L, 35L -- --// #define SN_sect113r1 "sect113r1" --// #define NID_sect113r1 717 --// #define OBJ_sect113r1 1L, 3L, 132L, 0L, 4L -- --// #define SN_sect113r2 "sect113r2" --// #define NID_sect113r2 718 --// #define OBJ_sect113r2 1L, 3L, 132L, 0L, 5L -- --// #define SN_sect131r1 "sect131r1" --// #define NID_sect131r1 719 --// #define OBJ_sect131r1 1L, 3L, 132L, 0L, 22L -- --// #define SN_sect131r2 "sect131r2" --// #define NID_sect131r2 720 --// #define OBJ_sect131r2 1L, 3L, 132L, 0L, 23L -- --// #define SN_sect163k1 "sect163k1" --// #define NID_sect163k1 721 --// #define OBJ_sect163k1 1L, 3L, 132L, 0L, 1L -- --// #define SN_sect163r1 "sect163r1" --// #define NID_sect163r1 722 --// #define OBJ_sect163r1 1L, 3L, 132L, 0L, 2L -- --// #define SN_sect163r2 "sect163r2" --// #define NID_sect163r2 723 --// #define OBJ_sect163r2 1L, 3L, 132L, 0L, 15L -- --// #define SN_sect193r1 "sect193r1" --// #define NID_sect193r1 724 --// #define OBJ_sect193r1 1L, 3L, 132L, 0L, 24L -- --// #define SN_sect193r2 "sect193r2" --// #define NID_sect193r2 725 --// #define OBJ_sect193r2 1L, 3L, 132L, 0L, 25L -- --// #define SN_sect233k1 "sect233k1" --// #define NID_sect233k1 726 --// #define OBJ_sect233k1 1L, 3L, 132L, 0L, 26L -- --// #define SN_sect233r1 "sect233r1" --// #define NID_sect233r1 727 --// #define OBJ_sect233r1 1L, 3L, 132L, 0L, 27L -- --// #define SN_sect239k1 "sect239k1" --// #define NID_sect239k1 728 --// #define OBJ_sect239k1 1L, 3L, 132L, 0L, 3L -- --// #define SN_sect283k1 "sect283k1" --// #define NID_sect283k1 729 --// #define OBJ_sect283k1 1L, 3L, 132L, 0L, 16L -- --// #define SN_sect283r1 "sect283r1" --// #define NID_sect283r1 730 --// #define OBJ_sect283r1 1L, 3L, 132L, 0L, 17L -- --// #define SN_sect409k1 "sect409k1" --// #define NID_sect409k1 731 --// #define OBJ_sect409k1 1L, 3L, 132L, 0L, 36L -- --// #define SN_sect409r1 "sect409r1" --// #define NID_sect409r1 732 --// #define OBJ_sect409r1 1L, 3L, 132L, 0L, 37L -- --// #define SN_sect571k1 "sect571k1" --// #define NID_sect571k1 733 --// #define OBJ_sect571k1 1L, 3L, 132L, 0L, 38L -- --// #define SN_sect571r1 "sect571r1" --// #define NID_sect571r1 734 --// #define OBJ_sect571r1 1L, 3L, 132L, 0L, 39L -- --// #define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1" --// #define NID_wap_wsg_idm_ecid_wtls1 735 --// #define OBJ_wap_wsg_idm_ecid_wtls1 2L, 23L, 43L, 1L, 4L, 1L -- --// #define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3" --// #define NID_wap_wsg_idm_ecid_wtls3 736 --// #define OBJ_wap_wsg_idm_ecid_wtls3 2L, 23L, 43L, 1L, 4L, 3L -- --// #define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4" --// #define NID_wap_wsg_idm_ecid_wtls4 737 --// #define OBJ_wap_wsg_idm_ecid_wtls4 2L, 23L, 43L, 1L, 4L, 4L -- --// #define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5" --// #define NID_wap_wsg_idm_ecid_wtls5 738 --// #define OBJ_wap_wsg_idm_ecid_wtls5 2L, 23L, 43L, 1L, 4L, 5L -- --// #define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6" --// #define NID_wap_wsg_idm_ecid_wtls6 739 --// #define OBJ_wap_wsg_idm_ecid_wtls6 2L, 23L, 43L, 1L, 4L, 6L -- --// #define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7" --// #define NID_wap_wsg_idm_ecid_wtls7 740 --// #define OBJ_wap_wsg_idm_ecid_wtls7 2L, 23L, 43L, 1L, 4L, 7L -- --// #define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8" --// #define NID_wap_wsg_idm_ecid_wtls8 741 --// #define OBJ_wap_wsg_idm_ecid_wtls8 2L, 23L, 43L, 1L, 4L, 8L -- --// #define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9" --// #define NID_wap_wsg_idm_ecid_wtls9 742 --// #define OBJ_wap_wsg_idm_ecid_wtls9 2L, 23L, 43L, 1L, 4L, 9L -- --// #define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10" --// #define NID_wap_wsg_idm_ecid_wtls10 743 --// #define OBJ_wap_wsg_idm_ecid_wtls10 2L, 23L, 43L, 1L, 4L, 10L -- --// #define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11" --// #define NID_wap_wsg_idm_ecid_wtls11 744 --// #define OBJ_wap_wsg_idm_ecid_wtls11 2L, 23L, 43L, 1L, 4L, 11L -- --// #define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12" --// #define NID_wap_wsg_idm_ecid_wtls12 745 --// #define OBJ_wap_wsg_idm_ecid_wtls12 2L, 23L, 43L, 1L, 4L, 12L -- --// #define SN_any_policy "anyPolicy" --// #define LN_any_policy "X509v3 Any Policy" --// #define NID_any_policy 746 --// #define OBJ_any_policy 2L, 5L, 29L, 32L, 0L -- --// #define SN_policy_mappings "policyMappings" --// #define LN_policy_mappings "X509v3 Policy Mappings" --// #define NID_policy_mappings 747 --// #define OBJ_policy_mappings 2L, 5L, 29L, 33L -- --// #define SN_inhibit_any_policy "inhibitAnyPolicy" --// #define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" --// #define NID_inhibit_any_policy 748 --// #define OBJ_inhibit_any_policy 2L, 5L, 29L, 54L -- --// #define SN_ipsec3 "Oakley-EC2N-3" --// #define LN_ipsec3 "ipsec3" --// #define NID_ipsec3 749 -- --// #define SN_ipsec4 "Oakley-EC2N-4" --// #define LN_ipsec4 "ipsec4" --// #define NID_ipsec4 750 -- --// #define SN_camellia_128_cbc "CAMELLIA-128-CBC" --// #define LN_camellia_128_cbc "camellia-128-cbc" --// #define NID_camellia_128_cbc 751 --// #define OBJ_camellia_128_cbc 1L, 2L, 392L, 200011L, 61L, 1L, 1L, 1L, 2L -- --// #define SN_camellia_192_cbc "CAMELLIA-192-CBC" --// #define LN_camellia_192_cbc "camellia-192-cbc" --// #define NID_camellia_192_cbc 752 --// #define OBJ_camellia_192_cbc 1L, 2L, 392L, 200011L, 61L, 1L, 1L, 1L, 3L -- --// #define SN_camellia_256_cbc "CAMELLIA-256-CBC" --// #define LN_camellia_256_cbc "camellia-256-cbc" --// #define NID_camellia_256_cbc 753 --// #define OBJ_camellia_256_cbc 1L, 2L, 392L, 200011L, 61L, 1L, 1L, 1L, 4L -- --// #define SN_camellia_128_ecb "CAMELLIA-128-ECB" --// #define LN_camellia_128_ecb "camellia-128-ecb" --// #define NID_camellia_128_ecb 754 --// #define OBJ_camellia_128_ecb 0L, 3L, 4401L, 5L, 3L, 1L, 9L, 1L -- --// #define SN_camellia_192_ecb "CAMELLIA-192-ECB" --// #define LN_camellia_192_ecb "camellia-192-ecb" --// #define NID_camellia_192_ecb 755 --// #define OBJ_camellia_192_ecb 0L, 3L, 4401L, 5L, 3L, 1L, 9L, 21L -- --// #define SN_camellia_256_ecb "CAMELLIA-256-ECB" --// #define LN_camellia_256_ecb "camellia-256-ecb" --// #define NID_camellia_256_ecb 756 --// #define OBJ_camellia_256_ecb 0L, 3L, 4401L, 5L, 3L, 1L, 9L, 41L -- --// #define SN_camellia_128_cfb128 "CAMELLIA-128-CFB" --// #define LN_camellia_128_cfb128 "camellia-128-cfb" --// #define NID_camellia_128_cfb128 757 --// #define OBJ_camellia_128_cfb128 0L, 3L, 4401L, 5L, 3L, 1L, 9L, 4L -- --// #define SN_camellia_192_cfb128 "CAMELLIA-192-CFB" --// #define LN_camellia_192_cfb128 "camellia-192-cfb" --// #define NID_camellia_192_cfb128 758 --// #define OBJ_camellia_192_cfb128 0L, 3L, 4401L, 5L, 3L, 1L, 9L, 24L -- --// #define SN_camellia_256_cfb128 "CAMELLIA-256-CFB" --// #define LN_camellia_256_cfb128 "camellia-256-cfb" --// #define NID_camellia_256_cfb128 759 --// #define OBJ_camellia_256_cfb128 0L, 3L, 4401L, 5L, 3L, 1L, 9L, 44L -- --// #define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" --// #define LN_camellia_128_cfb1 "camellia-128-cfb1" --// #define NID_camellia_128_cfb1 760 -- --// #define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1" --// #define LN_camellia_192_cfb1 "camellia-192-cfb1" --// #define NID_camellia_192_cfb1 761 -- --// #define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1" --// #define LN_camellia_256_cfb1 "camellia-256-cfb1" --// #define NID_camellia_256_cfb1 762 -- --// #define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8" --// #define LN_camellia_128_cfb8 "camellia-128-cfb8" --// #define NID_camellia_128_cfb8 763 -- --// #define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8" --// #define LN_camellia_192_cfb8 "camellia-192-cfb8" --// #define NID_camellia_192_cfb8 764 -- --// #define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8" --// #define LN_camellia_256_cfb8 "camellia-256-cfb8" --// #define NID_camellia_256_cfb8 765 -- --// #define SN_camellia_128_ofb128 "CAMELLIA-128-OFB" --// #define LN_camellia_128_ofb128 "camellia-128-ofb" --// #define NID_camellia_128_ofb128 766 --// #define OBJ_camellia_128_ofb128 0L, 3L, 4401L, 5L, 3L, 1L, 9L, 3L -- --// #define SN_camellia_192_ofb128 "CAMELLIA-192-OFB" --// #define LN_camellia_192_ofb128 "camellia-192-ofb" --// #define NID_camellia_192_ofb128 767 --// #define OBJ_camellia_192_ofb128 0L, 3L, 4401L, 5L, 3L, 1L, 9L, 23L -- --// #define SN_camellia_256_ofb128 "CAMELLIA-256-OFB" --// #define LN_camellia_256_ofb128 "camellia-256-ofb" --// #define NID_camellia_256_ofb128 768 --// #define OBJ_camellia_256_ofb128 0L, 3L, 4401L, 5L, 3L, 1L, 9L, 43L -- --// #define SN_subject_directory_attributes "subjectDirectoryAttributes" --// #define LN_subject_directory_attributes "X509v3 Subject Directory Attributes" --// #define NID_subject_directory_attributes 769 --// #define OBJ_subject_directory_attributes 2L, 5L, 29L, 9L -- --// #define SN_issuing_distribution_point "issuingDistributionPoint" --// #define LN_issuing_distribution_point "X509v3 Issuing Distribution Point" --// #define NID_issuing_distribution_point 770 --// #define OBJ_issuing_distribution_point 2L, 5L, 29L, 28L -- --// #define SN_certificate_issuer "certificateIssuer" --// #define LN_certificate_issuer "X509v3 Certificate Issuer" --// #define NID_certificate_issuer 771 --// #define OBJ_certificate_issuer 2L, 5L, 29L, 29L -- --// #define SN_kisa "KISA" --// #define LN_kisa "kisa" --// #define NID_kisa 773 --// #define OBJ_kisa 1L, 2L, 410L, 200004L -- --// #define SN_seed_ecb "SEED-ECB" --// #define LN_seed_ecb "seed-ecb" --// #define NID_seed_ecb 776 --// #define OBJ_seed_ecb 1L, 2L, 410L, 200004L, 1L, 3L -- --// #define SN_seed_cbc "SEED-CBC" --// #define LN_seed_cbc "seed-cbc" --// #define NID_seed_cbc 777 --// #define OBJ_seed_cbc 1L, 2L, 410L, 200004L, 1L, 4L -- --// #define SN_seed_ofb128 "SEED-OFB" --// #define LN_seed_ofb128 "seed-ofb" --// #define NID_seed_ofb128 778 --// #define OBJ_seed_ofb128 1L, 2L, 410L, 200004L, 1L, 6L -- --// #define SN_seed_cfb128 "SEED-CFB" --// #define LN_seed_cfb128 "seed-cfb" --// #define NID_seed_cfb128 779 --// #define OBJ_seed_cfb128 1L, 2L, 410L, 200004L, 1L, 5L -- --// #define SN_hmac_md5 "HMAC-MD5" --// #define LN_hmac_md5 "hmac-md5" --// #define NID_hmac_md5 780 --// #define OBJ_hmac_md5 1L, 3L, 6L, 1L, 5L, 5L, 8L, 1L, 1L -- --// #define SN_hmac_sha1 "HMAC-SHA1" --// #define LN_hmac_sha1 "hmac-sha1" --// #define NID_hmac_sha1 781 --// #define OBJ_hmac_sha1 1L, 3L, 6L, 1L, 5L, 5L, 8L, 1L, 2L -- --// #define SN_id_PasswordBasedMAC "id-PasswordBasedMAC" --// #define LN_id_PasswordBasedMAC "password based MAC" --// #define NID_id_PasswordBasedMAC 782 --// #define OBJ_id_PasswordBasedMAC 1L, 2L, 840L, 113533L, 7L, 66L, 13L -- --// #define SN_id_DHBasedMac "id-DHBasedMac" --// #define LN_id_DHBasedMac "Diffie-Hellman based MAC" --// #define NID_id_DHBasedMac 783 --// #define OBJ_id_DHBasedMac 1L, 2L, 840L, 113533L, 7L, 66L, 30L -- --// #define SN_id_it_suppLangTags "id-it-suppLangTags" --// #define NID_id_it_suppLangTags 784 --// #define OBJ_id_it_suppLangTags 1L, 3L, 6L, 1L, 5L, 5L, 7L, 4L, 16L -- --// #define SN_caRepository "caRepository" --// #define LN_caRepository "CA Repository" --// #define NID_caRepository 785 --// #define OBJ_caRepository 1L, 3L, 6L, 1L, 5L, 5L, 7L, 48L, 5L -- --// #define SN_id_smime_ct_compressedData "id-smime-ct-compressedData" --// #define NID_id_smime_ct_compressedData 786 --// #define OBJ_id_smime_ct_compressedData \ --// 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L, 9L -- --// #define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" --// #define NID_id_ct_asciiTextWithCRLF 787 --// #define OBJ_id_ct_asciiTextWithCRLF 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 1L, 27L -- --// #define SN_id_aes128_wrap "id-aes128-wrap" --// #define NID_id_aes128_wrap 788 --// #define OBJ_id_aes128_wrap 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 5L -- --// #define SN_id_aes192_wrap "id-aes192-wrap" --// #define NID_id_aes192_wrap 789 --// #define OBJ_id_aes192_wrap 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 25L -- --// #define SN_id_aes256_wrap "id-aes256-wrap" --// #define NID_id_aes256_wrap 790 --// #define OBJ_id_aes256_wrap 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 45L -- --// #define SN_ecdsa_with_Recommended "ecdsa-with-Recommended" --// #define NID_ecdsa_with_Recommended 791 --// #define OBJ_ecdsa_with_Recommended 1L, 2L, 840L, 10045L, 4L, 2L -- --// #define SN_ecdsa_with_Specified "ecdsa-with-Specified" --// #define NID_ecdsa_with_Specified 792 --// #define OBJ_ecdsa_with_Specified 1L, 2L, 840L, 10045L, 4L, 3L -- --// #define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224" --// #define NID_ecdsa_with_SHA224 793 --// #define OBJ_ecdsa_with_SHA224 1L, 2L, 840L, 10045L, 4L, 3L, 1L -- --// #define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256" --// #define NID_ecdsa_with_SHA256 794 --// #define OBJ_ecdsa_with_SHA256 1L, 2L, 840L, 10045L, 4L, 3L, 2L -- --// #define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384" --// #define NID_ecdsa_with_SHA384 795 --// #define OBJ_ecdsa_with_SHA384 1L, 2L, 840L, 10045L, 4L, 3L, 3L -- --// #define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512" --// #define NID_ecdsa_with_SHA512 796 --// #define OBJ_ecdsa_with_SHA512 1L, 2L, 840L, 10045L, 4L, 3L, 4L -- --// #define LN_hmacWithMD5 "hmacWithMD5" --// #define NID_hmacWithMD5 797 --// #define OBJ_hmacWithMD5 1L, 2L, 840L, 113549L, 2L, 6L -- --// #define LN_hmacWithSHA224 "hmacWithSHA224" --// #define NID_hmacWithSHA224 798 --// #define OBJ_hmacWithSHA224 1L, 2L, 840L, 113549L, 2L, 8L -- --// #define LN_hmacWithSHA256 "hmacWithSHA256" --// #define NID_hmacWithSHA256 799 --// #define OBJ_hmacWithSHA256 1L, 2L, 840L, 113549L, 2L, 9L -- --// #define LN_hmacWithSHA384 "hmacWithSHA384" --// #define NID_hmacWithSHA384 800 --// #define OBJ_hmacWithSHA384 1L, 2L, 840L, 113549L, 2L, 10L -- --// #define LN_hmacWithSHA512 "hmacWithSHA512" --// #define NID_hmacWithSHA512 801 --// #define OBJ_hmacWithSHA512 1L, 2L, 840L, 113549L, 2L, 11L -- --// #define SN_dsa_with_SHA224 "dsa_with_SHA224" --// #define NID_dsa_with_SHA224 802 --// #define OBJ_dsa_with_SHA224 2L, 16L, 840L, 1L, 101L, 3L, 4L, 3L, 1L -- --// #define SN_dsa_with_SHA256 "dsa_with_SHA256" --// #define NID_dsa_with_SHA256 803 --// #define OBJ_dsa_with_SHA256 2L, 16L, 840L, 1L, 101L, 3L, 4L, 3L, 2L -- --// #define SN_whirlpool "whirlpool" --// #define NID_whirlpool 804 --// #define OBJ_whirlpool 1L, 0L, 10118L, 3L, 0L, 55L -- --// #define SN_cryptopro "cryptopro" --// #define NID_cryptopro 805 --// #define OBJ_cryptopro 1L, 2L, 643L, 2L, 2L -- --// #define SN_cryptocom "cryptocom" --// #define NID_cryptocom 806 --// #define OBJ_cryptocom 1L, 2L, 643L, 2L, 9L -- --// #define SN_id_GostR3411_94_with_GostR3410_2001 \ --// "id-GostR3411-94-with-GostR3410-2001" --// #define LN_id_GostR3411_94_with_GostR3410_2001 \ --// "GOST R 34.11-94 with GOST R 34.10-2001" --// #define NID_id_GostR3411_94_with_GostR3410_2001 807 --// #define OBJ_id_GostR3411_94_with_GostR3410_2001 1L, 2L, 643L, 2L, 2L, 3L -- --// #define SN_id_GostR3411_94_with_GostR3410_94 "id-GostR3411-94-with-GostR3410-94" --// #define LN_id_GostR3411_94_with_GostR3410_94 \ --// "GOST R 34.11-94 with GOST R 34.10-94" --// #define NID_id_GostR3411_94_with_GostR3410_94 808 --// #define OBJ_id_GostR3411_94_with_GostR3410_94 1L, 2L, 643L, 2L, 2L, 4L -- --// #define SN_id_GostR3411_94 "md_gost94" --// #define LN_id_GostR3411_94 "GOST R 34.11-94" --// #define NID_id_GostR3411_94 809 --// #define OBJ_id_GostR3411_94 1L, 2L, 643L, 2L, 2L, 9L -- --// #define SN_id_HMACGostR3411_94 "id-HMACGostR3411-94" --// #define LN_id_HMACGostR3411_94 "HMAC GOST 34.11-94" --// #define NID_id_HMACGostR3411_94 810 --// #define OBJ_id_HMACGostR3411_94 1L, 2L, 643L, 2L, 2L, 10L -- --// #define SN_id_GostR3410_2001 "gost2001" --// #define LN_id_GostR3410_2001 "GOST R 34.10-2001" --// #define NID_id_GostR3410_2001 811 --// #define OBJ_id_GostR3410_2001 1L, 2L, 643L, 2L, 2L, 19L -- --// #define SN_id_GostR3410_94 "gost94" --// #define LN_id_GostR3410_94 "GOST R 34.10-94" --// #define NID_id_GostR3410_94 812 --// #define OBJ_id_GostR3410_94 1L, 2L, 643L, 2L, 2L, 20L -- --// #define SN_id_Gost28147_89 "gost89" --// #define LN_id_Gost28147_89 "GOST 28147-89" --// #define NID_id_Gost28147_89 813 --// #define OBJ_id_Gost28147_89 1L, 2L, 643L, 2L, 2L, 21L -- --// #define SN_gost89_cnt "gost89-cnt" --// #define NID_gost89_cnt 814 -- --// #define SN_id_Gost28147_89_MAC "gost-mac" --// #define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" --// #define NID_id_Gost28147_89_MAC 815 --// #define OBJ_id_Gost28147_89_MAC 1L, 2L, 643L, 2L, 2L, 22L -- --// #define SN_id_GostR3411_94_prf "prf-gostr3411-94" --// #define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" --// #define NID_id_GostR3411_94_prf 816 --// #define OBJ_id_GostR3411_94_prf 1L, 2L, 643L, 2L, 2L, 23L -- --// #define SN_id_GostR3410_2001DH "id-GostR3410-2001DH" --// #define LN_id_GostR3410_2001DH "GOST R 34.10-2001 DH" --// #define NID_id_GostR3410_2001DH 817 --// #define OBJ_id_GostR3410_2001DH 1L, 2L, 643L, 2L, 2L, 98L -- --// #define SN_id_GostR3410_94DH "id-GostR3410-94DH" --// #define LN_id_GostR3410_94DH "GOST R 34.10-94 DH" --// #define NID_id_GostR3410_94DH 818 --// #define OBJ_id_GostR3410_94DH 1L, 2L, 643L, 2L, 2L, 99L -- --// #define SN_id_Gost28147_89_CryptoPro_KeyMeshing \ --// "id-Gost28147-89-CryptoPro-KeyMeshing" --// #define NID_id_Gost28147_89_CryptoPro_KeyMeshing 819 --// #define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1L, 2L, 643L, 2L, 2L, 14L, 1L -- --// #define SN_id_Gost28147_89_None_KeyMeshing "id-Gost28147-89-None-KeyMeshing" --// #define NID_id_Gost28147_89_None_KeyMeshing 820 --// #define OBJ_id_Gost28147_89_None_KeyMeshing 1L, 2L, 643L, 2L, 2L, 14L, 0L -- --// #define SN_id_GostR3411_94_TestParamSet "id-GostR3411-94-TestParamSet" --// #define NID_id_GostR3411_94_TestParamSet 821 --// #define OBJ_id_GostR3411_94_TestParamSet 1L, 2L, 643L, 2L, 2L, 30L, 0L -- --// #define SN_id_GostR3411_94_CryptoProParamSet "id-GostR3411-94-CryptoProParamSet" --// #define NID_id_GostR3411_94_CryptoProParamSet 822 --// #define OBJ_id_GostR3411_94_CryptoProParamSet 1L, 2L, 643L, 2L, 2L, 30L, 1L -- --// #define SN_id_Gost28147_89_TestParamSet "id-Gost28147-89-TestParamSet" --// #define NID_id_Gost28147_89_TestParamSet 823 --// #define OBJ_id_Gost28147_89_TestParamSet 1L, 2L, 643L, 2L, 2L, 31L, 0L -- --// #define SN_id_Gost28147_89_CryptoPro_A_ParamSet \ --// "id-Gost28147-89-CryptoPro-A-ParamSet" --// #define NID_id_Gost28147_89_CryptoPro_A_ParamSet 824 --// #define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1L, 2L, 643L, 2L, 2L, 31L, 1L -- --// #define SN_id_Gost28147_89_CryptoPro_B_ParamSet \ --// "id-Gost28147-89-CryptoPro-B-ParamSet" --// #define NID_id_Gost28147_89_CryptoPro_B_ParamSet 825 --// #define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1L, 2L, 643L, 2L, 2L, 31L, 2L -- --// #define SN_id_Gost28147_89_CryptoPro_C_ParamSet \ --// "id-Gost28147-89-CryptoPro-C-ParamSet" --// #define NID_id_Gost28147_89_CryptoPro_C_ParamSet 826 --// #define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1L, 2L, 643L, 2L, 2L, 31L, 3L -- --// #define SN_id_Gost28147_89_CryptoPro_D_ParamSet \ --// "id-Gost28147-89-CryptoPro-D-ParamSet" --// #define NID_id_Gost28147_89_CryptoPro_D_ParamSet 827 --// #define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1L, 2L, 643L, 2L, 2L, 31L, 4L -- --// #define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet \ --// "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" --// #define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 --// #define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet \ --// 1L, 2L, 643L, 2L, 2L, 31L, 5L -- --// #define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet \ --// "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" --// #define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 --// #define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet \ --// 1L, 2L, 643L, 2L, 2L, 31L, 6L -- --// #define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet \ --// "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" --// #define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 --// #define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet \ --// 1L, 2L, 643L, 2L, 2L, 31L, 7L -- --// #define SN_id_GostR3410_94_TestParamSet "id-GostR3410-94-TestParamSet" --// #define NID_id_GostR3410_94_TestParamSet 831 --// #define OBJ_id_GostR3410_94_TestParamSet 1L, 2L, 643L, 2L, 2L, 32L, 0L -- --// #define SN_id_GostR3410_94_CryptoPro_A_ParamSet \ --// "id-GostR3410-94-CryptoPro-A-ParamSet" --// #define NID_id_GostR3410_94_CryptoPro_A_ParamSet 832 --// #define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1L, 2L, 643L, 2L, 2L, 32L, 2L -- --// #define SN_id_GostR3410_94_CryptoPro_B_ParamSet \ --// "id-GostR3410-94-CryptoPro-B-ParamSet" --// #define NID_id_GostR3410_94_CryptoPro_B_ParamSet 833 --// #define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1L, 2L, 643L, 2L, 2L, 32L, 3L -- --// #define SN_id_GostR3410_94_CryptoPro_C_ParamSet \ --// "id-GostR3410-94-CryptoPro-C-ParamSet" --// #define NID_id_GostR3410_94_CryptoPro_C_ParamSet 834 --// #define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1L, 2L, 643L, 2L, 2L, 32L, 4L -- --// #define SN_id_GostR3410_94_CryptoPro_D_ParamSet \ --// "id-GostR3410-94-CryptoPro-D-ParamSet" --// #define NID_id_GostR3410_94_CryptoPro_D_ParamSet 835 --// #define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1L, 2L, 643L, 2L, 2L, 32L, 5L -- --// #define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet \ --// "id-GostR3410-94-CryptoPro-XchA-ParamSet" --// #define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet 836 --// #define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet \ --// 1L, 2L, 643L, 2L, 2L, 33L, 1L -- --// #define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet \ --// "id-GostR3410-94-CryptoPro-XchB-ParamSet" --// #define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet 837 --// #define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet \ --// 1L, 2L, 643L, 2L, 2L, 33L, 2L -- --// #define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet \ --// "id-GostR3410-94-CryptoPro-XchC-ParamSet" --// #define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet 838 --// #define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet \ --// 1L, 2L, 643L, 2L, 2L, 33L, 3L -- --// #define SN_id_GostR3410_2001_TestParamSet "id-GostR3410-2001-TestParamSet" --// #define NID_id_GostR3410_2001_TestParamSet 839 --// #define OBJ_id_GostR3410_2001_TestParamSet 1L, 2L, 643L, 2L, 2L, 35L, 0L -- --// #define SN_id_GostR3410_2001_CryptoPro_A_ParamSet \ --// "id-GostR3410-2001-CryptoPro-A-ParamSet" --// #define NID_id_GostR3410_2001_CryptoPro_A_ParamSet 840 --// #define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1L, 2L, 643L, 2L, 2L, 35L, 1L -- --// #define SN_id_GostR3410_2001_CryptoPro_B_ParamSet \ --// "id-GostR3410-2001-CryptoPro-B-ParamSet" --// #define NID_id_GostR3410_2001_CryptoPro_B_ParamSet 841 --// #define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1L, 2L, 643L, 2L, 2L, 35L, 2L -- --// #define SN_id_GostR3410_2001_CryptoPro_C_ParamSet \ --// "id-GostR3410-2001-CryptoPro-C-ParamSet" --// #define NID_id_GostR3410_2001_CryptoPro_C_ParamSet 842 --// #define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1L, 2L, 643L, 2L, 2L, 35L, 3L -- --// #define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet \ --// "id-GostR3410-2001-CryptoPro-XchA-ParamSet" --// #define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 --// #define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet \ --// 1L, 2L, 643L, 2L, 2L, 36L, 0L -- --// #define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet \ --// "id-GostR3410-2001-CryptoPro-XchB-ParamSet" --// #define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 --// #define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet \ --// 1L, 2L, 643L, 2L, 2L, 36L, 1L -- --// #define SN_id_GostR3410_94_a "id-GostR3410-94-a" --// #define NID_id_GostR3410_94_a 845 --// #define OBJ_id_GostR3410_94_a 1L, 2L, 643L, 2L, 2L, 20L, 1L -- --// #define SN_id_GostR3410_94_aBis "id-GostR3410-94-aBis" --// #define NID_id_GostR3410_94_aBis 846 --// #define OBJ_id_GostR3410_94_aBis 1L, 2L, 643L, 2L, 2L, 20L, 2L -- --// #define SN_id_GostR3410_94_b "id-GostR3410-94-b" --// #define NID_id_GostR3410_94_b 847 --// #define OBJ_id_GostR3410_94_b 1L, 2L, 643L, 2L, 2L, 20L, 3L -- --// #define SN_id_GostR3410_94_bBis "id-GostR3410-94-bBis" --// #define NID_id_GostR3410_94_bBis 848 --// #define OBJ_id_GostR3410_94_bBis 1L, 2L, 643L, 2L, 2L, 20L, 4L -- --// #define SN_id_Gost28147_89_cc "id-Gost28147-89-cc" --// #define LN_id_Gost28147_89_cc "GOST 28147-89 Cryptocom ParamSet" --// #define NID_id_Gost28147_89_cc 849 --// #define OBJ_id_Gost28147_89_cc 1L, 2L, 643L, 2L, 9L, 1L, 6L, 1L -- --// #define SN_id_GostR3410_94_cc "gost94cc" --// #define LN_id_GostR3410_94_cc "GOST 34.10-94 Cryptocom" --// #define NID_id_GostR3410_94_cc 850 --// #define OBJ_id_GostR3410_94_cc 1L, 2L, 643L, 2L, 9L, 1L, 5L, 3L -- --// #define SN_id_GostR3410_2001_cc "gost2001cc" --// #define LN_id_GostR3410_2001_cc "GOST 34.10-2001 Cryptocom" --// #define NID_id_GostR3410_2001_cc 851 --// #define OBJ_id_GostR3410_2001_cc 1L, 2L, 643L, 2L, 9L, 1L, 5L, 4L -- --// #define SN_id_GostR3411_94_with_GostR3410_94_cc \ --// "id-GostR3411-94-with-GostR3410-94-cc" --// #define LN_id_GostR3411_94_with_GostR3410_94_cc \ --// "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" --// #define NID_id_GostR3411_94_with_GostR3410_94_cc 852 --// #define OBJ_id_GostR3411_94_with_GostR3410_94_cc \ --// 1L, 2L, 643L, 2L, 9L, 1L, 3L, 3L -- --// #define SN_id_GostR3411_94_with_GostR3410_2001_cc \ --// "id-GostR3411-94-with-GostR3410-2001-cc" --// #define LN_id_GostR3411_94_with_GostR3410_2001_cc \ --// "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" --// #define NID_id_GostR3411_94_with_GostR3410_2001_cc 853 --// #define OBJ_id_GostR3411_94_with_GostR3410_2001_cc \ --// 1L, 2L, 643L, 2L, 9L, 1L, 3L, 4L -- --// #define SN_id_GostR3410_2001_ParamSet_cc "id-GostR3410-2001-ParamSet-cc" --// #define LN_id_GostR3410_2001_ParamSet_cc \ --// "GOST R 3410-2001 Parameter Set Cryptocom" --// #define NID_id_GostR3410_2001_ParamSet_cc 854 --// #define OBJ_id_GostR3410_2001_ParamSet_cc 1L, 2L, 643L, 2L, 9L, 1L, 8L, 1L -- --// #define SN_hmac "HMAC" --// #define LN_hmac "hmac" --// #define NID_hmac 855 -- --// #define SN_LocalKeySet "LocalKeySet" --// #define LN_LocalKeySet "Microsoft Local Key set" --// #define NID_LocalKeySet 856 --// #define OBJ_LocalKeySet 1L, 3L, 6L, 1L, 4L, 1L, 311L, 17L, 2L -- --// #define SN_freshest_crl "freshestCRL" --// #define LN_freshest_crl "X509v3 Freshest CRL" --// #define NID_freshest_crl 857 --// #define OBJ_freshest_crl 2L, 5L, 29L, 46L -- --// #define SN_id_on_permanentIdentifier "id-on-permanentIdentifier" --// #define LN_id_on_permanentIdentifier "Permanent Identifier" --// #define NID_id_on_permanentIdentifier 858 --// #define OBJ_id_on_permanentIdentifier 1L, 3L, 6L, 1L, 5L, 5L, 7L, 8L, 3L -- --// #define LN_searchGuide "searchGuide" --// #define NID_searchGuide 859 --// #define OBJ_searchGuide 2L, 5L, 4L, 14L -- --// #define LN_businessCategory "businessCategory" --// #define NID_businessCategory 860 --// #define OBJ_businessCategory 2L, 5L, 4L, 15L -- --// #define LN_postalAddress "postalAddress" --// #define NID_postalAddress 861 --// #define OBJ_postalAddress 2L, 5L, 4L, 16L -- --// #define LN_postOfficeBox "postOfficeBox" --// #define NID_postOfficeBox 862 --// #define OBJ_postOfficeBox 2L, 5L, 4L, 18L -- --// #define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" --// #define NID_physicalDeliveryOfficeName 863 --// #define OBJ_physicalDeliveryOfficeName 2L, 5L, 4L, 19L -- --// #define LN_telephoneNumber "telephoneNumber" --// #define NID_telephoneNumber 864 --// #define OBJ_telephoneNumber 2L, 5L, 4L, 20L -- --// #define LN_telexNumber "telexNumber" --// #define NID_telexNumber 865 --// #define OBJ_telexNumber 2L, 5L, 4L, 21L -- --// #define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" --// #define NID_teletexTerminalIdentifier 866 --// #define OBJ_teletexTerminalIdentifier 2L, 5L, 4L, 22L -- --// #define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" --// #define NID_facsimileTelephoneNumber 867 --// #define OBJ_facsimileTelephoneNumber 2L, 5L, 4L, 23L -- --// #define LN_x121Address "x121Address" --// #define NID_x121Address 868 --// #define OBJ_x121Address 2L, 5L, 4L, 24L -- --// #define LN_internationaliSDNNumber "internationaliSDNNumber" --// #define NID_internationaliSDNNumber 869 --// #define OBJ_internationaliSDNNumber 2L, 5L, 4L, 25L -- --// #define LN_registeredAddress "registeredAddress" --// #define NID_registeredAddress 870 --// #define OBJ_registeredAddress 2L, 5L, 4L, 26L -- --// #define LN_destinationIndicator "destinationIndicator" --// #define NID_destinationIndicator 871 --// #define OBJ_destinationIndicator 2L, 5L, 4L, 27L -- --// #define LN_preferredDeliveryMethod "preferredDeliveryMethod" --// #define NID_preferredDeliveryMethod 872 --// #define OBJ_preferredDeliveryMethod 2L, 5L, 4L, 28L -- --// #define LN_presentationAddress "presentationAddress" --// #define NID_presentationAddress 873 --// #define OBJ_presentationAddress 2L, 5L, 4L, 29L -- --// #define LN_supportedApplicationContext "supportedApplicationContext" --// #define NID_supportedApplicationContext 874 --// #define OBJ_supportedApplicationContext 2L, 5L, 4L, 30L -- --// #define SN_member "member" --// #define NID_member 875 --// #define OBJ_member 2L, 5L, 4L, 31L -- --// #define SN_owner "owner" --// #define NID_owner 876 --// #define OBJ_owner 2L, 5L, 4L, 32L -- --// #define LN_roleOccupant "roleOccupant" --// #define NID_roleOccupant 877 --// #define OBJ_roleOccupant 2L, 5L, 4L, 33L -- --// #define SN_seeAlso "seeAlso" --// #define NID_seeAlso 878 --// #define OBJ_seeAlso 2L, 5L, 4L, 34L -- --// #define LN_userPassword "userPassword" --// #define NID_userPassword 879 --// #define OBJ_userPassword 2L, 5L, 4L, 35L -- --// #define LN_userCertificate "userCertificate" --// #define NID_userCertificate 880 --// #define OBJ_userCertificate 2L, 5L, 4L, 36L -- --// #define LN_cACertificate "cACertificate" --// #define NID_cACertificate 881 --// #define OBJ_cACertificate 2L, 5L, 4L, 37L -- --// #define LN_authorityRevocationList "authorityRevocationList" --// #define NID_authorityRevocationList 882 --// #define OBJ_authorityRevocationList 2L, 5L, 4L, 38L -- --// #define LN_certificateRevocationList "certificateRevocationList" --// #define NID_certificateRevocationList 883 --// #define OBJ_certificateRevocationList 2L, 5L, 4L, 39L -- --// #define LN_crossCertificatePair "crossCertificatePair" --// #define NID_crossCertificatePair 884 --// #define OBJ_crossCertificatePair 2L, 5L, 4L, 40L -- --// #define LN_enhancedSearchGuide "enhancedSearchGuide" --// #define NID_enhancedSearchGuide 885 --// #define OBJ_enhancedSearchGuide 2L, 5L, 4L, 47L -- --// #define LN_protocolInformation "protocolInformation" --// #define NID_protocolInformation 886 --// #define OBJ_protocolInformation 2L, 5L, 4L, 48L -- --// #define LN_distinguishedName "distinguishedName" --// #define NID_distinguishedName 887 --// #define OBJ_distinguishedName 2L, 5L, 4L, 49L -- --// #define LN_uniqueMember "uniqueMember" --// #define NID_uniqueMember 888 --// #define OBJ_uniqueMember 2L, 5L, 4L, 50L -- --// #define LN_houseIdentifier "houseIdentifier" --// #define NID_houseIdentifier 889 --// #define OBJ_houseIdentifier 2L, 5L, 4L, 51L -- --// #define LN_supportedAlgorithms "supportedAlgorithms" --// #define NID_supportedAlgorithms 890 --// #define OBJ_supportedAlgorithms 2L, 5L, 4L, 52L -- --// #define LN_deltaRevocationList "deltaRevocationList" --// #define NID_deltaRevocationList 891 --// #define OBJ_deltaRevocationList 2L, 5L, 4L, 53L -- --// #define SN_dmdName "dmdName" --// #define NID_dmdName 892 --// #define OBJ_dmdName 2L, 5L, 4L, 54L -- --// #define SN_id_alg_PWRI_KEK "id-alg-PWRI-KEK" --// #define NID_id_alg_PWRI_KEK 893 --// #define OBJ_id_alg_PWRI_KEK 1L, 2L, 840L, 113549L, 1L, 9L, 16L, 3L, 9L -- --// #define SN_cmac "CMAC" --// #define LN_cmac "cmac" --// #define NID_cmac 894 -- --// #define SN_aes_128_gcm "id-aes128-GCM" --// #define LN_aes_128_gcm "aes-128-gcm" --// #define NID_aes_128_gcm 895 --// #define OBJ_aes_128_gcm 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 6L -- --// #define SN_aes_128_ccm "id-aes128-CCM" --// #define LN_aes_128_ccm "aes-128-ccm" --// #define NID_aes_128_ccm 896 --// #define OBJ_aes_128_ccm 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 7L -- --// #define SN_id_aes128_wrap_pad "id-aes128-wrap-pad" --// #define NID_id_aes128_wrap_pad 897 --// #define OBJ_id_aes128_wrap_pad 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 8L -- --// #define SN_aes_192_gcm "id-aes192-GCM" --// #define LN_aes_192_gcm "aes-192-gcm" --// #define NID_aes_192_gcm 898 --// #define OBJ_aes_192_gcm 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 26L -- --// #define SN_aes_192_ccm "id-aes192-CCM" --// #define LN_aes_192_ccm "aes-192-ccm" --// #define NID_aes_192_ccm 899 --// #define OBJ_aes_192_ccm 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 27L -- --// #define SN_id_aes192_wrap_pad "id-aes192-wrap-pad" --// #define NID_id_aes192_wrap_pad 900 --// #define OBJ_id_aes192_wrap_pad 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 28L -- --// #define SN_aes_256_gcm "id-aes256-GCM" --// #define LN_aes_256_gcm "aes-256-gcm" --// #define NID_aes_256_gcm 901 --// #define OBJ_aes_256_gcm 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 46L -- --// #define SN_aes_256_ccm "id-aes256-CCM" --// #define LN_aes_256_ccm "aes-256-ccm" --// #define NID_aes_256_ccm 902 --// #define OBJ_aes_256_ccm 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 47L -- --// #define SN_id_aes256_wrap_pad "id-aes256-wrap-pad" --// #define NID_id_aes256_wrap_pad 903 --// #define OBJ_id_aes256_wrap_pad 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 48L -- --// #define SN_aes_128_ctr "AES-128-CTR" --// #define LN_aes_128_ctr "aes-128-ctr" --// #define NID_aes_128_ctr 904 -- --// #define SN_aes_192_ctr "AES-192-CTR" --// #define LN_aes_192_ctr "aes-192-ctr" --// #define NID_aes_192_ctr 905 -- --// #define SN_aes_256_ctr "AES-256-CTR" --// #define LN_aes_256_ctr "aes-256-ctr" --// #define NID_aes_256_ctr 906 -- --// #define SN_id_camellia128_wrap "id-camellia128-wrap" --// #define NID_id_camellia128_wrap 907 --// #define OBJ_id_camellia128_wrap 1L, 2L, 392L, 200011L, 61L, 1L, 1L, 3L, 2L -- --// #define SN_id_camellia192_wrap "id-camellia192-wrap" --// #define NID_id_camellia192_wrap 908 --// #define OBJ_id_camellia192_wrap 1L, 2L, 392L, 200011L, 61L, 1L, 1L, 3L, 3L -- --// #define SN_id_camellia256_wrap "id-camellia256-wrap" --// #define NID_id_camellia256_wrap 909 --// #define OBJ_id_camellia256_wrap 1L, 2L, 392L, 200011L, 61L, 1L, 1L, 3L, 4L -- --// #define SN_anyExtendedKeyUsage "anyExtendedKeyUsage" --// #define LN_anyExtendedKeyUsage "Any Extended Key Usage" --// #define NID_anyExtendedKeyUsage 910 --// #define OBJ_anyExtendedKeyUsage 2L, 5L, 29L, 37L, 0L -- --// #define SN_mgf1 "MGF1" --// #define LN_mgf1 "mgf1" --// #define NID_mgf1 911 --// #define OBJ_mgf1 1L, 2L, 840L, 113549L, 1L, 1L, 8L -- --// #define SN_rsassaPss "RSASSA-PSS" --// #define LN_rsassaPss "rsassaPss" --// #define NID_rsassaPss 912 --// #define OBJ_rsassaPss 1L, 2L, 840L, 113549L, 1L, 1L, 10L -- --// #define SN_aes_128_xts "AES-128-XTS" --// #define LN_aes_128_xts "aes-128-xts" --// #define NID_aes_128_xts 913 -- --// #define SN_aes_256_xts "AES-256-XTS" --// #define LN_aes_256_xts "aes-256-xts" --// #define NID_aes_256_xts 914 -- --// #define SN_rc4_hmac_md5 "RC4-HMAC-MD5" --// #define LN_rc4_hmac_md5 "rc4-hmac-md5" --// #define NID_rc4_hmac_md5 915 -- --// #define SN_aes_128_cbc_hmac_sha1 "AES-128-CBC-HMAC-SHA1" --// #define LN_aes_128_cbc_hmac_sha1 "aes-128-cbc-hmac-sha1" --// #define NID_aes_128_cbc_hmac_sha1 916 -- --// #define SN_aes_192_cbc_hmac_sha1 "AES-192-CBC-HMAC-SHA1" --// #define LN_aes_192_cbc_hmac_sha1 "aes-192-cbc-hmac-sha1" --// #define NID_aes_192_cbc_hmac_sha1 917 -- --// #define SN_aes_256_cbc_hmac_sha1 "AES-256-CBC-HMAC-SHA1" --// #define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" --// #define NID_aes_256_cbc_hmac_sha1 918 -- --// #define SN_rsaesOaep "RSAES-OAEP" --// #define LN_rsaesOaep "rsaesOaep" --// #define NID_rsaesOaep 919 --// #define OBJ_rsaesOaep 1L, 2L, 840L, 113549L, 1L, 1L, 7L -- --// #define SN_dhpublicnumber "dhpublicnumber" --// #define LN_dhpublicnumber "X9.42 DH" --// #define NID_dhpublicnumber 920 --// #define OBJ_dhpublicnumber 1L, 2L, 840L, 10046L, 2L, 1L -- --// #define SN_brainpoolP160r1 "brainpoolP160r1" --// #define NID_brainpoolP160r1 921 --// #define OBJ_brainpoolP160r1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 1L -- --// #define SN_brainpoolP160t1 "brainpoolP160t1" --// #define NID_brainpoolP160t1 922 --// #define OBJ_brainpoolP160t1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 2L -- --// #define SN_brainpoolP192r1 "brainpoolP192r1" --// #define NID_brainpoolP192r1 923 --// #define OBJ_brainpoolP192r1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 3L -- --// #define SN_brainpoolP192t1 "brainpoolP192t1" --// #define NID_brainpoolP192t1 924 --// #define OBJ_brainpoolP192t1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 4L -- --// #define SN_brainpoolP224r1 "brainpoolP224r1" --// #define NID_brainpoolP224r1 925 --// #define OBJ_brainpoolP224r1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 5L -- --// #define SN_brainpoolP224t1 "brainpoolP224t1" --// #define NID_brainpoolP224t1 926 --// #define OBJ_brainpoolP224t1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 6L -- --// #define SN_brainpoolP256r1 "brainpoolP256r1" --// #define NID_brainpoolP256r1 927 --// #define OBJ_brainpoolP256r1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 7L -- --// #define SN_brainpoolP256t1 "brainpoolP256t1" --// #define NID_brainpoolP256t1 928 --// #define OBJ_brainpoolP256t1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 8L -- --// #define SN_brainpoolP320r1 "brainpoolP320r1" --// #define NID_brainpoolP320r1 929 --// #define OBJ_brainpoolP320r1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 9L -- --// #define SN_brainpoolP320t1 "brainpoolP320t1" --// #define NID_brainpoolP320t1 930 --// #define OBJ_brainpoolP320t1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 10L -- --// #define SN_brainpoolP384r1 "brainpoolP384r1" --// #define NID_brainpoolP384r1 931 --// #define OBJ_brainpoolP384r1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 11L -- --// #define SN_brainpoolP384t1 "brainpoolP384t1" --// #define NID_brainpoolP384t1 932 --// #define OBJ_brainpoolP384t1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 12L -- --// #define SN_brainpoolP512r1 "brainpoolP512r1" --// #define NID_brainpoolP512r1 933 --// #define OBJ_brainpoolP512r1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 13L -- --// #define SN_brainpoolP512t1 "brainpoolP512t1" --// #define NID_brainpoolP512t1 934 --// #define OBJ_brainpoolP512t1 1L, 3L, 36L, 3L, 3L, 2L, 8L, 1L, 1L, 14L -- --// #define SN_pSpecified "PSPECIFIED" --// #define LN_pSpecified "pSpecified" --// #define NID_pSpecified 935 --// #define OBJ_pSpecified 1L, 2L, 840L, 113549L, 1L, 1L, 9L -- --// #define SN_dhSinglePass_stdDH_sha1kdf_scheme "dhSinglePass-stdDH-sha1kdf-scheme" --// #define NID_dhSinglePass_stdDH_sha1kdf_scheme 936 --// #define OBJ_dhSinglePass_stdDH_sha1kdf_scheme \ --// 1L, 3L, 133L, 16L, 840L, 63L, 0L, 2L -- --// #define SN_dhSinglePass_stdDH_sha224kdf_scheme \ --// "dhSinglePass-stdDH-sha224kdf-scheme" --// #define NID_dhSinglePass_stdDH_sha224kdf_scheme 937 --// #define OBJ_dhSinglePass_stdDH_sha224kdf_scheme 1L, 3L, 132L, 1L, 11L, 0L -- --// #define SN_dhSinglePass_stdDH_sha256kdf_scheme \ --// "dhSinglePass-stdDH-sha256kdf-scheme" --// #define NID_dhSinglePass_stdDH_sha256kdf_scheme 938 --// #define OBJ_dhSinglePass_stdDH_sha256kdf_scheme 1L, 3L, 132L, 1L, 11L, 1L -- --// #define SN_dhSinglePass_stdDH_sha384kdf_scheme \ --// "dhSinglePass-stdDH-sha384kdf-scheme" --// #define NID_dhSinglePass_stdDH_sha384kdf_scheme 939 --// #define OBJ_dhSinglePass_stdDH_sha384kdf_scheme 1L, 3L, 132L, 1L, 11L, 2L -- --// #define SN_dhSinglePass_stdDH_sha512kdf_scheme \ --// "dhSinglePass-stdDH-sha512kdf-scheme" --// #define NID_dhSinglePass_stdDH_sha512kdf_scheme 940 --// #define OBJ_dhSinglePass_stdDH_sha512kdf_scheme 1L, 3L, 132L, 1L, 11L, 3L -- --// #define SN_dhSinglePass_cofactorDH_sha1kdf_scheme \ --// "dhSinglePass-cofactorDH-sha1kdf-scheme" --// #define NID_dhSinglePass_cofactorDH_sha1kdf_scheme 941 --// #define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme \ --// 1L, 3L, 133L, 16L, 840L, 63L, 0L, 3L -- --// #define SN_dhSinglePass_cofactorDH_sha224kdf_scheme \ --// "dhSinglePass-cofactorDH-sha224kdf-scheme" --// #define NID_dhSinglePass_cofactorDH_sha224kdf_scheme 942 --// #define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme 1L, 3L, 132L, 1L, 14L, 0L -- --// #define SN_dhSinglePass_cofactorDH_sha256kdf_scheme \ --// "dhSinglePass-cofactorDH-sha256kdf-scheme" --// #define NID_dhSinglePass_cofactorDH_sha256kdf_scheme 943 --// #define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme 1L, 3L, 132L, 1L, 14L, 1L -- --// #define SN_dhSinglePass_cofactorDH_sha384kdf_scheme \ --// "dhSinglePass-cofactorDH-sha384kdf-scheme" --// #define NID_dhSinglePass_cofactorDH_sha384kdf_scheme 944 --// #define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme 1L, 3L, 132L, 1L, 14L, 2L -- --// #define SN_dhSinglePass_cofactorDH_sha512kdf_scheme \ --// "dhSinglePass-cofactorDH-sha512kdf-scheme" --// #define NID_dhSinglePass_cofactorDH_sha512kdf_scheme 945 --// #define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme 1L, 3L, 132L, 1L, 14L, 3L -- --// #define SN_dh_std_kdf "dh-std-kdf" --// #define NID_dh_std_kdf 946 -- --// #define SN_dh_cofactor_kdf "dh-cofactor-kdf" --// #define NID_dh_cofactor_kdf 947 -- --// #define SN_X25519 "X25519" --// #define NID_X25519 948 --// #define OBJ_X25519 1L, 3L, 101L, 110L -- --// #define SN_ED25519 "ED25519" --// #define NID_ED25519 949 --// #define OBJ_ED25519 1L, 3L, 101L, 112L -- --// #define SN_chacha20_poly1305 "ChaCha20-Poly1305" --// #define LN_chacha20_poly1305 "chacha20-poly1305" --// #define NID_chacha20_poly1305 950 -- --// #define SN_kx_rsa "KxRSA" --// #define LN_kx_rsa "kx-rsa" --// #define NID_kx_rsa 951 -- --// #define SN_kx_ecdhe "KxECDHE" --// #define LN_kx_ecdhe "kx-ecdhe" --// #define NID_kx_ecdhe 952 -- --// #define SN_kx_psk "KxPSK" --// #define LN_kx_psk "kx-psk" --// #define NID_kx_psk 953 -- --// #define SN_auth_rsa "AuthRSA" --// #define LN_auth_rsa "auth-rsa" --// #define NID_auth_rsa 954 -- --// #define SN_auth_ecdsa "AuthECDSA" --// #define LN_auth_ecdsa "auth-ecdsa" --// #define NID_auth_ecdsa 955 -- --// #define SN_auth_psk "AuthPSK" --// #define LN_auth_psk "auth-psk" --// #define NID_auth_psk 956 -- --// #define SN_kx_any "KxANY" --// #define LN_kx_any "kx-any" --// #define NID_kx_any 957 -- --// #define SN_auth_any "AuthANY" --// #define LN_auth_any "auth-any" --// #define NID_auth_any 958 -- --// #define SN_CECPQ2 "CECPQ2" --// #define NID_CECPQ2 959 -- --// #define SN_ED448 "ED448" --// #define NID_ED448 960 --// #define OBJ_ED448 1L, 3L, 101L, 113L -- --// #define SN_X448 "X448" --// #define NID_X448 961 --// #define OBJ_X448 1L, 3L, 101L, 111L -- --// #define SN_sha512_256 "SHA512-256" --// #define LN_sha512_256 "sha512-256" --// #define NID_sha512_256 962 --// #define OBJ_sha512_256 2L, 16L, 840L, 1L, 101L, 3L, 4L, 2L, 6L -- --// #define SN_hkdf "HKDF" --// #define LN_hkdf "hkdf" --// #define NID_hkdf 963 -- -- --// #if defined(__cplusplus) --// } /* extern C */ --// #endif -+#ifdef ossl_SN_undef -+#define SN_undef ossl_SN_undef -+#endif -+#ifdef ossl_LN_undef -+#define LN_undef ossl_LN_undef -+#endif -+#ifdef ossl_NID_undef -+#define NID_undef ossl_NID_undef -+#endif -+#ifdef ossl_OBJ_undef -+#define OBJ_undef ossl_OBJ_undef -+#endif -+ -+#ifdef ossl_SN_rsadsi -+#define SN_rsadsi ossl_SN_rsadsi -+#endif -+#ifdef ossl_LN_rsadsi -+#define LN_rsadsi ossl_LN_rsadsi -+#endif -+#ifdef ossl_NID_rsadsi -+#define NID_rsadsi ossl_NID_rsadsi -+#endif -+#ifdef ossl_OBJ_rsadsi -+#define OBJ_rsadsi ossl_OBJ_rsadsi -+#endif -+ -+#ifdef ossl_SN_pkcs -+#define SN_pkcs ossl_SN_pkcs -+#endif -+#ifdef ossl_LN_pkcs -+#define LN_pkcs ossl_LN_pkcs -+#endif -+#ifdef ossl_NID_pkcs -+#define NID_pkcs ossl_NID_pkcs -+#endif -+#ifdef ossl_OBJ_pkcs -+#define OBJ_pkcs ossl_OBJ_pkcs -+#endif -+ -+#ifdef ossl_SN_md2 -+#define SN_md2 ossl_SN_md2 -+#endif -+#ifdef ossl_LN_md2 -+#define LN_md2 ossl_LN_md2 -+#endif -+#ifdef ossl_NID_md2 -+#define NID_md2 ossl_NID_md2 -+#endif -+#ifdef ossl_OBJ_md2 -+#define OBJ_md2 ossl_OBJ_md2 -+#endif -+ -+#ifdef ossl_SN_md5 -+#define SN_md5 ossl_SN_md5 -+#endif -+#ifdef ossl_LN_md5 -+#define LN_md5 ossl_LN_md5 -+#endif -+#ifdef ossl_NID_md5 -+#define NID_md5 ossl_NID_md5 -+#endif -+#ifdef ossl_OBJ_md5 -+#define OBJ_md5 ossl_OBJ_md5 -+#endif -+ -+#ifdef ossl_SN_rc4 -+#define SN_rc4 ossl_SN_rc4 -+#endif -+#ifdef ossl_LN_rc4 -+#define LN_rc4 ossl_LN_rc4 -+#endif -+#ifdef ossl_NID_rc4 -+#define NID_rc4 ossl_NID_rc4 -+#endif -+#ifdef ossl_OBJ_rc4 -+#define OBJ_rc4 ossl_OBJ_rc4 -+#endif -+ -+#ifdef ossl_LN_rsaEncryption -+#define LN_rsaEncryption ossl_LN_rsaEncryption -+#endif -+#ifdef ossl_NID_rsaEncryption -+#define NID_rsaEncryption ossl_NID_rsaEncryption -+#endif -+#ifdef ossl_OBJ_rsaEncryption -+#define OBJ_rsaEncryption ossl_OBJ_rsaEncryption -+#endif -+ -+#ifdef ossl_SN_md2WithRSAEncryption -+#define SN_md2WithRSAEncryption ossl_SN_md2WithRSAEncryption -+#endif -+#ifdef ossl_LN_md2WithRSAEncryption -+#define LN_md2WithRSAEncryption ossl_LN_md2WithRSAEncryption -+#endif -+#ifdef ossl_NID_md2WithRSAEncryption -+#define NID_md2WithRSAEncryption ossl_NID_md2WithRSAEncryption -+#endif -+#ifdef ossl_OBJ_md2WithRSAEncryption -+#define OBJ_md2WithRSAEncryption ossl_OBJ_md2WithRSAEncryption -+#endif -+ -+#ifdef ossl_SN_md5WithRSAEncryption -+#define SN_md5WithRSAEncryption ossl_SN_md5WithRSAEncryption -+#endif -+#ifdef ossl_LN_md5WithRSAEncryption -+#define LN_md5WithRSAEncryption ossl_LN_md5WithRSAEncryption -+#endif -+#ifdef ossl_NID_md5WithRSAEncryption -+#define NID_md5WithRSAEncryption ossl_NID_md5WithRSAEncryption -+#endif -+#ifdef ossl_OBJ_md5WithRSAEncryption -+#define OBJ_md5WithRSAEncryption ossl_OBJ_md5WithRSAEncryption -+#endif -+ -+#ifdef ossl_SN_pbeWithMD2AndDES_CBC -+#define SN_pbeWithMD2AndDES_CBC ossl_SN_pbeWithMD2AndDES_CBC -+#endif -+#ifdef ossl_LN_pbeWithMD2AndDES_CBC -+#define LN_pbeWithMD2AndDES_CBC ossl_LN_pbeWithMD2AndDES_CBC -+#endif -+#ifdef ossl_NID_pbeWithMD2AndDES_CBC -+#define NID_pbeWithMD2AndDES_CBC ossl_NID_pbeWithMD2AndDES_CBC -+#endif -+#ifdef ossl_OBJ_pbeWithMD2AndDES_CBC -+#define OBJ_pbeWithMD2AndDES_CBC ossl_OBJ_pbeWithMD2AndDES_CBC -+#endif -+ -+#ifdef ossl_SN_pbeWithMD5AndDES_CBC -+#define SN_pbeWithMD5AndDES_CBC ossl_SN_pbeWithMD5AndDES_CBC -+#endif -+#ifdef ossl_LN_pbeWithMD5AndDES_CBC -+#define LN_pbeWithMD5AndDES_CBC ossl_LN_pbeWithMD5AndDES_CBC -+#endif -+#ifdef ossl_NID_pbeWithMD5AndDES_CBC -+#define NID_pbeWithMD5AndDES_CBC ossl_NID_pbeWithMD5AndDES_CBC -+#endif -+#ifdef ossl_OBJ_pbeWithMD5AndDES_CBC -+#define OBJ_pbeWithMD5AndDES_CBC ossl_OBJ_pbeWithMD5AndDES_CBC -+#endif -+ -+#ifdef ossl_SN_X500 -+#define SN_X500 ossl_SN_X500 -+#endif -+#ifdef ossl_LN_X500 -+#define LN_X500 ossl_LN_X500 -+#endif -+#ifdef ossl_NID_X500 -+#define NID_X500 ossl_NID_X500 -+#endif -+#ifdef ossl_OBJ_X500 -+#define OBJ_X500 ossl_OBJ_X500 -+#endif -+ -+#ifdef ossl_SN_X509 -+#define SN_X509 ossl_SN_X509 -+#endif -+#ifdef ossl_NID_X509 -+#define NID_X509 ossl_NID_X509 -+#endif -+#ifdef ossl_OBJ_X509 -+#define OBJ_X509 ossl_OBJ_X509 -+#endif -+ -+#ifdef ossl_SN_commonName -+#define SN_commonName ossl_SN_commonName -+#endif -+#ifdef ossl_LN_commonName -+#define LN_commonName ossl_LN_commonName -+#endif -+#ifdef ossl_NID_commonName -+#define NID_commonName ossl_NID_commonName -+#endif -+#ifdef ossl_OBJ_commonName -+#define OBJ_commonName ossl_OBJ_commonName -+#endif -+ -+#ifdef ossl_SN_countryName -+#define SN_countryName ossl_SN_countryName -+#endif -+#ifdef ossl_LN_countryName -+#define LN_countryName ossl_LN_countryName -+#endif -+#ifdef ossl_NID_countryName -+#define NID_countryName ossl_NID_countryName -+#endif -+#ifdef ossl_OBJ_countryName -+#define OBJ_countryName ossl_OBJ_countryName -+#endif -+ -+#ifdef ossl_SN_localityName -+#define SN_localityName ossl_SN_localityName -+#endif -+#ifdef ossl_LN_localityName -+#define LN_localityName ossl_LN_localityName -+#endif -+#ifdef ossl_NID_localityName -+#define NID_localityName ossl_NID_localityName -+#endif -+#ifdef ossl_OBJ_localityName -+#define OBJ_localityName ossl_OBJ_localityName -+#endif -+ -+#ifdef ossl_SN_stateOrProvinceName -+#define SN_stateOrProvinceName ossl_SN_stateOrProvinceName -+#endif -+#ifdef ossl_LN_stateOrProvinceName -+#define LN_stateOrProvinceName ossl_LN_stateOrProvinceName -+#endif -+#ifdef ossl_NID_stateOrProvinceName -+#define NID_stateOrProvinceName ossl_NID_stateOrProvinceName -+#endif -+#ifdef ossl_OBJ_stateOrProvinceName -+#define OBJ_stateOrProvinceName ossl_OBJ_stateOrProvinceName -+#endif -+ -+#ifdef ossl_SN_organizationName -+#define SN_organizationName ossl_SN_organizationName -+#endif -+#ifdef ossl_LN_organizationName -+#define LN_organizationName ossl_LN_organizationName -+#endif -+#ifdef ossl_NID_organizationName -+#define NID_organizationName ossl_NID_organizationName -+#endif -+#ifdef ossl_OBJ_organizationName -+#define OBJ_organizationName ossl_OBJ_organizationName -+#endif -+ -+#ifdef ossl_SN_organizationalUnitName -+#define SN_organizationalUnitName ossl_SN_organizationalUnitName -+#endif -+#ifdef ossl_LN_organizationalUnitName -+#define LN_organizationalUnitName ossl_LN_organizationalUnitName -+#endif -+#ifdef ossl_NID_organizationalUnitName -+#define NID_organizationalUnitName ossl_NID_organizationalUnitName -+#endif -+#ifdef ossl_OBJ_organizationalUnitName -+#define OBJ_organizationalUnitName ossl_OBJ_organizationalUnitName -+#endif -+ -+#ifdef ossl_SN_rsa -+#define SN_rsa ossl_SN_rsa -+#endif -+#ifdef ossl_LN_rsa -+#define LN_rsa ossl_LN_rsa -+#endif -+#ifdef ossl_NID_rsa -+#define NID_rsa ossl_NID_rsa -+#endif -+#ifdef ossl_OBJ_rsa -+#define OBJ_rsa ossl_OBJ_rsa -+#endif -+ -+#ifdef ossl_SN_pkcs7 -+#define SN_pkcs7 ossl_SN_pkcs7 -+#endif -+#ifdef ossl_NID_pkcs7 -+#define NID_pkcs7 ossl_NID_pkcs7 -+#endif -+#ifdef ossl_OBJ_pkcs7 -+#define OBJ_pkcs7 ossl_OBJ_pkcs7 -+#endif -+ -+#ifdef ossl_LN_pkcs7_data -+#define LN_pkcs7_data ossl_LN_pkcs7_data -+#endif -+#ifdef ossl_NID_pkcs7_data -+#define NID_pkcs7_data ossl_NID_pkcs7_data -+#endif -+#ifdef ossl_OBJ_pkcs7_data -+#define OBJ_pkcs7_data ossl_OBJ_pkcs7_data -+#endif -+ -+#ifdef ossl_LN_pkcs7_signed -+#define LN_pkcs7_signed ossl_LN_pkcs7_signed -+#endif -+#ifdef ossl_NID_pkcs7_signed -+#define NID_pkcs7_signed ossl_NID_pkcs7_signed -+#endif -+#ifdef ossl_OBJ_pkcs7_signed -+#define OBJ_pkcs7_signed ossl_OBJ_pkcs7_signed -+#endif -+ -+#ifdef ossl_LN_pkcs7_enveloped -+#define LN_pkcs7_enveloped ossl_LN_pkcs7_enveloped -+#endif -+#ifdef ossl_NID_pkcs7_enveloped -+#define NID_pkcs7_enveloped ossl_NID_pkcs7_enveloped -+#endif -+#ifdef ossl_OBJ_pkcs7_enveloped -+#define OBJ_pkcs7_enveloped ossl_OBJ_pkcs7_enveloped -+#endif -+ -+#ifdef ossl_LN_pkcs7_signedAndEnveloped -+#define LN_pkcs7_signedAndEnveloped ossl_LN_pkcs7_signedAndEnveloped -+#endif -+#ifdef ossl_NID_pkcs7_signedAndEnveloped -+#define NID_pkcs7_signedAndEnveloped ossl_NID_pkcs7_signedAndEnveloped -+#endif -+#ifdef ossl_OBJ_pkcs7_signedAndEnveloped -+#define OBJ_pkcs7_signedAndEnveloped ossl_OBJ_pkcs7_signedAndEnveloped -+#endif -+ -+#ifdef ossl_LN_pkcs7_digest -+#define LN_pkcs7_digest ossl_LN_pkcs7_digest -+#endif -+#ifdef ossl_NID_pkcs7_digest -+#define NID_pkcs7_digest ossl_NID_pkcs7_digest -+#endif -+#ifdef ossl_OBJ_pkcs7_digest -+#define OBJ_pkcs7_digest ossl_OBJ_pkcs7_digest -+#endif -+ -+#ifdef ossl_LN_pkcs7_encrypted -+#define LN_pkcs7_encrypted ossl_LN_pkcs7_encrypted -+#endif -+#ifdef ossl_NID_pkcs7_encrypted -+#define NID_pkcs7_encrypted ossl_NID_pkcs7_encrypted -+#endif -+#ifdef ossl_OBJ_pkcs7_encrypted -+#define OBJ_pkcs7_encrypted ossl_OBJ_pkcs7_encrypted -+#endif -+ -+#ifdef ossl_SN_pkcs3 -+#define SN_pkcs3 ossl_SN_pkcs3 -+#endif -+#ifdef ossl_NID_pkcs3 -+#define NID_pkcs3 ossl_NID_pkcs3 -+#endif -+#ifdef ossl_OBJ_pkcs3 -+#define OBJ_pkcs3 ossl_OBJ_pkcs3 -+#endif -+ -+#ifdef ossl_LN_dhKeyAgreement -+#define LN_dhKeyAgreement ossl_LN_dhKeyAgreement -+#endif -+#ifdef ossl_NID_dhKeyAgreement -+#define NID_dhKeyAgreement ossl_NID_dhKeyAgreement -+#endif -+#ifdef ossl_OBJ_dhKeyAgreement -+#define OBJ_dhKeyAgreement ossl_OBJ_dhKeyAgreement -+#endif -+ -+#ifdef ossl_SN_des_ecb -+#define SN_des_ecb ossl_SN_des_ecb -+#endif -+#ifdef ossl_LN_des_ecb -+#define LN_des_ecb ossl_LN_des_ecb -+#endif -+#ifdef ossl_NID_des_ecb -+#define NID_des_ecb ossl_NID_des_ecb -+#endif -+#ifdef ossl_OBJ_des_ecb -+#define OBJ_des_ecb ossl_OBJ_des_ecb -+#endif -+ -+#ifdef ossl_SN_des_cfb64 -+#define SN_des_cfb64 ossl_SN_des_cfb64 -+#endif -+#ifdef ossl_LN_des_cfb64 -+#define LN_des_cfb64 ossl_LN_des_cfb64 -+#endif -+#ifdef ossl_NID_des_cfb64 -+#define NID_des_cfb64 ossl_NID_des_cfb64 -+#endif -+#ifdef ossl_OBJ_des_cfb64 -+#define OBJ_des_cfb64 ossl_OBJ_des_cfb64 -+#endif -+ -+#ifdef ossl_SN_des_cbc -+#define SN_des_cbc ossl_SN_des_cbc -+#endif -+#ifdef ossl_LN_des_cbc -+#define LN_des_cbc ossl_LN_des_cbc -+#endif -+#ifdef ossl_NID_des_cbc -+#define NID_des_cbc ossl_NID_des_cbc -+#endif -+#ifdef ossl_OBJ_des_cbc -+#define OBJ_des_cbc ossl_OBJ_des_cbc -+#endif -+ -+#ifdef ossl_SN_des_ede_ecb -+#define SN_des_ede_ecb ossl_SN_des_ede_ecb -+#endif -+#ifdef ossl_LN_des_ede_ecb -+#define LN_des_ede_ecb ossl_LN_des_ede_ecb -+#endif -+#ifdef ossl_NID_des_ede_ecb -+#define NID_des_ede_ecb ossl_NID_des_ede_ecb -+#endif -+#ifdef ossl_OBJ_des_ede_ecb -+#define OBJ_des_ede_ecb ossl_OBJ_des_ede_ecb -+#endif -+ -+#ifdef ossl_SN_des_ede3_ecb -+#define SN_des_ede3_ecb ossl_SN_des_ede3_ecb -+#endif -+#ifdef ossl_LN_des_ede3_ecb -+#define LN_des_ede3_ecb ossl_LN_des_ede3_ecb -+#endif -+#ifdef ossl_NID_des_ede3_ecb -+#define NID_des_ede3_ecb ossl_NID_des_ede3_ecb -+#endif -+ -+#ifdef ossl_SN_idea_cbc -+#define SN_idea_cbc ossl_SN_idea_cbc -+#endif -+#ifdef ossl_LN_idea_cbc -+#define LN_idea_cbc ossl_LN_idea_cbc -+#endif -+#ifdef ossl_NID_idea_cbc -+#define NID_idea_cbc ossl_NID_idea_cbc -+#endif -+#ifdef ossl_OBJ_idea_cbc -+#define OBJ_idea_cbc ossl_OBJ_idea_cbc -+#endif -+ -+#ifdef ossl_SN_idea_cfb64 -+#define SN_idea_cfb64 ossl_SN_idea_cfb64 -+#endif -+#ifdef ossl_LN_idea_cfb64 -+#define LN_idea_cfb64 ossl_LN_idea_cfb64 -+#endif -+#ifdef ossl_NID_idea_cfb64 -+#define NID_idea_cfb64 ossl_NID_idea_cfb64 -+#endif -+ -+#ifdef ossl_SN_idea_ecb -+#define SN_idea_ecb ossl_SN_idea_ecb -+#endif -+#ifdef ossl_LN_idea_ecb -+#define LN_idea_ecb ossl_LN_idea_ecb -+#endif -+#ifdef ossl_NID_idea_ecb -+#define NID_idea_ecb ossl_NID_idea_ecb -+#endif -+ -+#ifdef ossl_SN_rc2_cbc -+#define SN_rc2_cbc ossl_SN_rc2_cbc -+#endif -+#ifdef ossl_LN_rc2_cbc -+#define LN_rc2_cbc ossl_LN_rc2_cbc -+#endif -+#ifdef ossl_NID_rc2_cbc -+#define NID_rc2_cbc ossl_NID_rc2_cbc -+#endif -+#ifdef ossl_OBJ_rc2_cbc -+#define OBJ_rc2_cbc ossl_OBJ_rc2_cbc -+#endif -+ -+#ifdef ossl_SN_rc2_ecb -+#define SN_rc2_ecb ossl_SN_rc2_ecb -+#endif -+#ifdef ossl_LN_rc2_ecb -+#define LN_rc2_ecb ossl_LN_rc2_ecb -+#endif -+#ifdef ossl_NID_rc2_ecb -+#define NID_rc2_ecb ossl_NID_rc2_ecb -+#endif -+ -+#ifdef ossl_SN_rc2_cfb64 -+#define SN_rc2_cfb64 ossl_SN_rc2_cfb64 -+#endif -+#ifdef ossl_LN_rc2_cfb64 -+#define LN_rc2_cfb64 ossl_LN_rc2_cfb64 -+#endif -+#ifdef ossl_NID_rc2_cfb64 -+#define NID_rc2_cfb64 ossl_NID_rc2_cfb64 -+#endif -+ -+#ifdef ossl_SN_rc2_ofb64 -+#define SN_rc2_ofb64 ossl_SN_rc2_ofb64 -+#endif -+#ifdef ossl_LN_rc2_ofb64 -+#define LN_rc2_ofb64 ossl_LN_rc2_ofb64 -+#endif -+#ifdef ossl_NID_rc2_ofb64 -+#define NID_rc2_ofb64 ossl_NID_rc2_ofb64 -+#endif -+ -+#ifdef ossl_SN_sha -+#define SN_sha ossl_SN_sha -+#endif -+#ifdef ossl_LN_sha -+#define LN_sha ossl_LN_sha -+#endif -+#ifdef ossl_NID_sha -+#define NID_sha ossl_NID_sha -+#endif -+#ifdef ossl_OBJ_sha -+#define OBJ_sha ossl_OBJ_sha -+#endif -+ -+#ifdef ossl_SN_shaWithRSAEncryption -+#define SN_shaWithRSAEncryption ossl_SN_shaWithRSAEncryption -+#endif -+#ifdef ossl_LN_shaWithRSAEncryption -+#define LN_shaWithRSAEncryption ossl_LN_shaWithRSAEncryption -+#endif -+#ifdef ossl_NID_shaWithRSAEncryption -+#define NID_shaWithRSAEncryption ossl_NID_shaWithRSAEncryption -+#endif -+#ifdef ossl_OBJ_shaWithRSAEncryption -+#define OBJ_shaWithRSAEncryption ossl_OBJ_shaWithRSAEncryption -+#endif -+ -+#ifdef ossl_SN_des_ede_cbc -+#define SN_des_ede_cbc ossl_SN_des_ede_cbc -+#endif -+#ifdef ossl_LN_des_ede_cbc -+#define LN_des_ede_cbc ossl_LN_des_ede_cbc -+#endif -+#ifdef ossl_NID_des_ede_cbc -+#define NID_des_ede_cbc ossl_NID_des_ede_cbc -+#endif -+ -+#ifdef ossl_SN_des_ede3_cbc -+#define SN_des_ede3_cbc ossl_SN_des_ede3_cbc -+#endif -+#ifdef ossl_LN_des_ede3_cbc -+#define LN_des_ede3_cbc ossl_LN_des_ede3_cbc -+#endif -+#ifdef ossl_NID_des_ede3_cbc -+#define NID_des_ede3_cbc ossl_NID_des_ede3_cbc -+#endif -+#ifdef ossl_OBJ_des_ede3_cbc -+#define OBJ_des_ede3_cbc ossl_OBJ_des_ede3_cbc -+#endif -+ -+#ifdef ossl_SN_des_ofb64 -+#define SN_des_ofb64 ossl_SN_des_ofb64 -+#endif -+#ifdef ossl_LN_des_ofb64 -+#define LN_des_ofb64 ossl_LN_des_ofb64 -+#endif -+#ifdef ossl_NID_des_ofb64 -+#define NID_des_ofb64 ossl_NID_des_ofb64 -+#endif -+#ifdef ossl_OBJ_des_ofb64 -+#define OBJ_des_ofb64 ossl_OBJ_des_ofb64 -+#endif -+ -+#ifdef ossl_SN_idea_ofb64 -+#define SN_idea_ofb64 ossl_SN_idea_ofb64 -+#endif -+#ifdef ossl_LN_idea_ofb64 -+#define LN_idea_ofb64 ossl_LN_idea_ofb64 -+#endif -+#ifdef ossl_NID_idea_ofb64 -+#define NID_idea_ofb64 ossl_NID_idea_ofb64 -+#endif -+ -+#ifdef ossl_SN_pkcs9 -+#define SN_pkcs9 ossl_SN_pkcs9 -+#endif -+#ifdef ossl_NID_pkcs9 -+#define NID_pkcs9 ossl_NID_pkcs9 -+#endif -+#ifdef ossl_OBJ_pkcs9 -+#define OBJ_pkcs9 ossl_OBJ_pkcs9 -+#endif -+ -+#ifdef ossl_LN_pkcs9_emailAddress -+#define LN_pkcs9_emailAddress ossl_LN_pkcs9_emailAddress -+#endif -+#ifdef ossl_NID_pkcs9_emailAddress -+#define NID_pkcs9_emailAddress ossl_NID_pkcs9_emailAddress -+#endif -+#ifdef ossl_OBJ_pkcs9_emailAddress -+#define OBJ_pkcs9_emailAddress ossl_OBJ_pkcs9_emailAddress -+#endif -+ -+#ifdef ossl_LN_pkcs9_unstructuredName -+#define LN_pkcs9_unstructuredName ossl_LN_pkcs9_unstructuredName -+#endif -+#ifdef ossl_NID_pkcs9_unstructuredName -+#define NID_pkcs9_unstructuredName ossl_NID_pkcs9_unstructuredName -+#endif -+#ifdef ossl_OBJ_pkcs9_unstructuredName -+#define OBJ_pkcs9_unstructuredName ossl_OBJ_pkcs9_unstructuredName -+#endif -+ -+#ifdef ossl_LN_pkcs9_contentType -+#define LN_pkcs9_contentType ossl_LN_pkcs9_contentType -+#endif -+#ifdef ossl_NID_pkcs9_contentType -+#define NID_pkcs9_contentType ossl_NID_pkcs9_contentType -+#endif -+#ifdef ossl_OBJ_pkcs9_contentType -+#define OBJ_pkcs9_contentType ossl_OBJ_pkcs9_contentType -+#endif -+ -+#ifdef ossl_LN_pkcs9_messageDigest -+#define LN_pkcs9_messageDigest ossl_LN_pkcs9_messageDigest -+#endif -+#ifdef ossl_NID_pkcs9_messageDigest -+#define NID_pkcs9_messageDigest ossl_NID_pkcs9_messageDigest -+#endif -+#ifdef ossl_OBJ_pkcs9_messageDigest -+#define OBJ_pkcs9_messageDigest ossl_OBJ_pkcs9_messageDigest -+#endif -+ -+#ifdef ossl_LN_pkcs9_signingTime -+#define LN_pkcs9_signingTime ossl_LN_pkcs9_signingTime -+#endif -+#ifdef ossl_NID_pkcs9_signingTime -+#define NID_pkcs9_signingTime ossl_NID_pkcs9_signingTime -+#endif -+#ifdef ossl_OBJ_pkcs9_signingTime -+#define OBJ_pkcs9_signingTime ossl_OBJ_pkcs9_signingTime -+#endif -+ -+#ifdef ossl_LN_pkcs9_countersignature -+#define LN_pkcs9_countersignature ossl_LN_pkcs9_countersignature -+#endif -+#ifdef ossl_NID_pkcs9_countersignature -+#define NID_pkcs9_countersignature ossl_NID_pkcs9_countersignature -+#endif -+#ifdef ossl_OBJ_pkcs9_countersignature -+#define OBJ_pkcs9_countersignature ossl_OBJ_pkcs9_countersignature -+#endif -+ -+#ifdef ossl_LN_pkcs9_challengePassword -+#define LN_pkcs9_challengePassword ossl_LN_pkcs9_challengePassword -+#endif -+#ifdef ossl_NID_pkcs9_challengePassword -+#define NID_pkcs9_challengePassword ossl_NID_pkcs9_challengePassword -+#endif -+#ifdef ossl_OBJ_pkcs9_challengePassword -+#define OBJ_pkcs9_challengePassword ossl_OBJ_pkcs9_challengePassword -+#endif -+ -+#ifdef ossl_LN_pkcs9_unstructuredAddress -+#define LN_pkcs9_unstructuredAddress ossl_LN_pkcs9_unstructuredAddress -+#endif -+#ifdef ossl_NID_pkcs9_unstructuredAddress -+#define NID_pkcs9_unstructuredAddress ossl_NID_pkcs9_unstructuredAddress -+#endif -+#ifdef ossl_OBJ_pkcs9_unstructuredAddress -+#define OBJ_pkcs9_unstructuredAddress ossl_OBJ_pkcs9_unstructuredAddress -+#endif -+ -+#ifdef ossl_LN_pkcs9_extCertAttributes -+#define LN_pkcs9_extCertAttributes ossl_LN_pkcs9_extCertAttributes -+#endif -+#ifdef ossl_NID_pkcs9_extCertAttributes -+#define NID_pkcs9_extCertAttributes ossl_NID_pkcs9_extCertAttributes -+#endif -+#ifdef ossl_OBJ_pkcs9_extCertAttributes -+#define OBJ_pkcs9_extCertAttributes ossl_OBJ_pkcs9_extCertAttributes -+#endif -+ -+#ifdef ossl_SN_netscape -+#define SN_netscape ossl_SN_netscape -+#endif -+#ifdef ossl_LN_netscape -+#define LN_netscape ossl_LN_netscape -+#endif -+#ifdef ossl_NID_netscape -+#define NID_netscape ossl_NID_netscape -+#endif -+#ifdef ossl_OBJ_netscape -+#define OBJ_netscape ossl_OBJ_netscape -+#endif -+ -+#ifdef ossl_SN_netscape_cert_extension -+#define SN_netscape_cert_extension ossl_SN_netscape_cert_extension -+#endif -+#ifdef ossl_LN_netscape_cert_extension -+#define LN_netscape_cert_extension ossl_LN_netscape_cert_extension -+#endif -+#ifdef ossl_NID_netscape_cert_extension -+#define NID_netscape_cert_extension ossl_NID_netscape_cert_extension -+#endif -+#ifdef ossl_OBJ_netscape_cert_extension -+#define OBJ_netscape_cert_extension ossl_OBJ_netscape_cert_extension -+#endif -+ -+#ifdef ossl_SN_netscape_data_type -+#define SN_netscape_data_type ossl_SN_netscape_data_type -+#endif -+#ifdef ossl_LN_netscape_data_type -+#define LN_netscape_data_type ossl_LN_netscape_data_type -+#endif -+#ifdef ossl_NID_netscape_data_type -+#define NID_netscape_data_type ossl_NID_netscape_data_type -+#endif -+#ifdef ossl_OBJ_netscape_data_type -+#define OBJ_netscape_data_type ossl_OBJ_netscape_data_type -+#endif -+ -+#ifdef ossl_SN_des_ede_cfb64 -+#define SN_des_ede_cfb64 ossl_SN_des_ede_cfb64 -+#endif -+#ifdef ossl_LN_des_ede_cfb64 -+#define LN_des_ede_cfb64 ossl_LN_des_ede_cfb64 -+#endif -+#ifdef ossl_NID_des_ede_cfb64 -+#define NID_des_ede_cfb64 ossl_NID_des_ede_cfb64 -+#endif -+ -+#ifdef ossl_SN_des_ede3_cfb64 -+#define SN_des_ede3_cfb64 ossl_SN_des_ede3_cfb64 -+#endif -+#ifdef ossl_LN_des_ede3_cfb64 -+#define LN_des_ede3_cfb64 ossl_LN_des_ede3_cfb64 -+#endif -+#ifdef ossl_NID_des_ede3_cfb64 -+#define NID_des_ede3_cfb64 ossl_NID_des_ede3_cfb64 -+#endif -+ -+#ifdef ossl_SN_des_ede_ofb64 -+#define SN_des_ede_ofb64 ossl_SN_des_ede_ofb64 -+#endif -+#ifdef ossl_LN_des_ede_ofb64 -+#define LN_des_ede_ofb64 ossl_LN_des_ede_ofb64 -+#endif -+#ifdef ossl_NID_des_ede_ofb64 -+#define NID_des_ede_ofb64 ossl_NID_des_ede_ofb64 -+#endif -+ -+#ifdef ossl_SN_des_ede3_ofb64 -+#define SN_des_ede3_ofb64 ossl_SN_des_ede3_ofb64 -+#endif -+#ifdef ossl_LN_des_ede3_ofb64 -+#define LN_des_ede3_ofb64 ossl_LN_des_ede3_ofb64 -+#endif -+#ifdef ossl_NID_des_ede3_ofb64 -+#define NID_des_ede3_ofb64 ossl_NID_des_ede3_ofb64 -+#endif -+ -+#ifdef ossl_SN_sha1 -+#define SN_sha1 ossl_SN_sha1 -+#endif -+#ifdef ossl_LN_sha1 -+#define LN_sha1 ossl_LN_sha1 -+#endif -+#ifdef ossl_NID_sha1 -+#define NID_sha1 ossl_NID_sha1 -+#endif -+#ifdef ossl_OBJ_sha1 -+#define OBJ_sha1 ossl_OBJ_sha1 -+#endif -+ -+#ifdef ossl_SN_sha1WithRSAEncryption -+#define SN_sha1WithRSAEncryption ossl_SN_sha1WithRSAEncryption -+#endif -+#ifdef ossl_LN_sha1WithRSAEncryption -+#define LN_sha1WithRSAEncryption ossl_LN_sha1WithRSAEncryption -+#endif -+#ifdef ossl_NID_sha1WithRSAEncryption -+#define NID_sha1WithRSAEncryption ossl_NID_sha1WithRSAEncryption -+#endif -+#ifdef ossl_OBJ_sha1WithRSAEncryption -+#define OBJ_sha1WithRSAEncryption ossl_OBJ_sha1WithRSAEncryption -+#endif -+ -+#ifdef ossl_SN_dsaWithSHA -+#define SN_dsaWithSHA ossl_SN_dsaWithSHA -+#endif -+#ifdef ossl_LN_dsaWithSHA -+#define LN_dsaWithSHA ossl_LN_dsaWithSHA -+#endif -+#ifdef ossl_NID_dsaWithSHA -+#define NID_dsaWithSHA ossl_NID_dsaWithSHA -+#endif -+#ifdef ossl_OBJ_dsaWithSHA -+#define OBJ_dsaWithSHA ossl_OBJ_dsaWithSHA -+#endif -+ -+#ifdef ossl_SN_dsa_2 -+#define SN_dsa_2 ossl_SN_dsa_2 -+#endif -+#ifdef ossl_LN_dsa_2 -+#define LN_dsa_2 ossl_LN_dsa_2 -+#endif -+#ifdef ossl_NID_dsa_2 -+#define NID_dsa_2 ossl_NID_dsa_2 -+#endif -+#ifdef ossl_OBJ_dsa_2 -+#define OBJ_dsa_2 ossl_OBJ_dsa_2 -+#endif -+ -+#ifdef ossl_SN_pbeWithSHA1AndRC2_CBC -+#define SN_pbeWithSHA1AndRC2_CBC ossl_SN_pbeWithSHA1AndRC2_CBC -+#endif -+#ifdef ossl_LN_pbeWithSHA1AndRC2_CBC -+#define LN_pbeWithSHA1AndRC2_CBC ossl_LN_pbeWithSHA1AndRC2_CBC -+#endif -+#ifdef ossl_NID_pbeWithSHA1AndRC2_CBC -+#define NID_pbeWithSHA1AndRC2_CBC ossl_NID_pbeWithSHA1AndRC2_CBC -+#endif -+#ifdef ossl_OBJ_pbeWithSHA1AndRC2_CBC -+#define OBJ_pbeWithSHA1AndRC2_CBC ossl_OBJ_pbeWithSHA1AndRC2_CBC -+#endif -+ -+#ifdef ossl_LN_id_pbkdf2 -+#define LN_id_pbkdf2 ossl_LN_id_pbkdf2 -+#endif -+#ifdef ossl_NID_id_pbkdf2 -+#define NID_id_pbkdf2 ossl_NID_id_pbkdf2 -+#endif -+#ifdef ossl_OBJ_id_pbkdf2 -+#define OBJ_id_pbkdf2 ossl_OBJ_id_pbkdf2 -+#endif -+ -+#ifdef ossl_SN_dsaWithSHA1_2 -+#define SN_dsaWithSHA1_2 ossl_SN_dsaWithSHA1_2 -+#endif -+#ifdef ossl_LN_dsaWithSHA1_2 -+#define LN_dsaWithSHA1_2 ossl_LN_dsaWithSHA1_2 -+#endif -+#ifdef ossl_NID_dsaWithSHA1_2 -+#define NID_dsaWithSHA1_2 ossl_NID_dsaWithSHA1_2 -+#endif -+#ifdef ossl_OBJ_dsaWithSHA1_2 -+#define OBJ_dsaWithSHA1_2 ossl_OBJ_dsaWithSHA1_2 -+#endif -+ -+#ifdef ossl_SN_netscape_cert_type -+#define SN_netscape_cert_type ossl_SN_netscape_cert_type -+#endif -+#ifdef ossl_LN_netscape_cert_type -+#define LN_netscape_cert_type ossl_LN_netscape_cert_type -+#endif -+#ifdef ossl_NID_netscape_cert_type -+#define NID_netscape_cert_type ossl_NID_netscape_cert_type -+#endif -+#ifdef ossl_OBJ_netscape_cert_type -+#define OBJ_netscape_cert_type ossl_OBJ_netscape_cert_type -+#endif -+ -+#ifdef ossl_SN_netscape_base_url -+#define SN_netscape_base_url ossl_SN_netscape_base_url -+#endif -+#ifdef ossl_LN_netscape_base_url -+#define LN_netscape_base_url ossl_LN_netscape_base_url -+#endif -+#ifdef ossl_NID_netscape_base_url -+#define NID_netscape_base_url ossl_NID_netscape_base_url -+#endif -+#ifdef ossl_OBJ_netscape_base_url -+#define OBJ_netscape_base_url ossl_OBJ_netscape_base_url -+#endif -+ -+#ifdef ossl_SN_netscape_revocation_url -+#define SN_netscape_revocation_url ossl_SN_netscape_revocation_url -+#endif -+#ifdef ossl_LN_netscape_revocation_url -+#define LN_netscape_revocation_url ossl_LN_netscape_revocation_url -+#endif -+#ifdef ossl_NID_netscape_revocation_url -+#define NID_netscape_revocation_url ossl_NID_netscape_revocation_url -+#endif -+#ifdef ossl_OBJ_netscape_revocation_url -+#define OBJ_netscape_revocation_url ossl_OBJ_netscape_revocation_url -+#endif -+ -+#ifdef ossl_SN_netscape_ca_revocation_url -+#define SN_netscape_ca_revocation_url ossl_SN_netscape_ca_revocation_url -+#endif -+#ifdef ossl_LN_netscape_ca_revocation_url -+#define LN_netscape_ca_revocation_url ossl_LN_netscape_ca_revocation_url -+#endif -+#ifdef ossl_NID_netscape_ca_revocation_url -+#define NID_netscape_ca_revocation_url ossl_NID_netscape_ca_revocation_url -+#endif -+#ifdef ossl_OBJ_netscape_ca_revocation_url -+#define OBJ_netscape_ca_revocation_url ossl_OBJ_netscape_ca_revocation_url -+#endif -+ -+#ifdef ossl_SN_netscape_renewal_url -+#define SN_netscape_renewal_url ossl_SN_netscape_renewal_url -+#endif -+#ifdef ossl_LN_netscape_renewal_url -+#define LN_netscape_renewal_url ossl_LN_netscape_renewal_url -+#endif -+#ifdef ossl_NID_netscape_renewal_url -+#define NID_netscape_renewal_url ossl_NID_netscape_renewal_url -+#endif -+#ifdef ossl_OBJ_netscape_renewal_url -+#define OBJ_netscape_renewal_url ossl_OBJ_netscape_renewal_url -+#endif -+ -+#ifdef ossl_SN_netscape_ca_policy_url -+#define SN_netscape_ca_policy_url ossl_SN_netscape_ca_policy_url -+#endif -+#ifdef ossl_LN_netscape_ca_policy_url -+#define LN_netscape_ca_policy_url ossl_LN_netscape_ca_policy_url -+#endif -+#ifdef ossl_NID_netscape_ca_policy_url -+#define NID_netscape_ca_policy_url ossl_NID_netscape_ca_policy_url -+#endif -+#ifdef ossl_OBJ_netscape_ca_policy_url -+#define OBJ_netscape_ca_policy_url ossl_OBJ_netscape_ca_policy_url -+#endif -+ -+#ifdef ossl_SN_netscape_ssl_server_name -+#define SN_netscape_ssl_server_name ossl_SN_netscape_ssl_server_name -+#endif -+#ifdef ossl_LN_netscape_ssl_server_name -+#define LN_netscape_ssl_server_name ossl_LN_netscape_ssl_server_name -+#endif -+#ifdef ossl_NID_netscape_ssl_server_name -+#define NID_netscape_ssl_server_name ossl_NID_netscape_ssl_server_name -+#endif -+#ifdef ossl_OBJ_netscape_ssl_server_name -+#define OBJ_netscape_ssl_server_name ossl_OBJ_netscape_ssl_server_name -+#endif -+ -+#ifdef ossl_SN_netscape_comment -+#define SN_netscape_comment ossl_SN_netscape_comment -+#endif -+#ifdef ossl_LN_netscape_comment -+#define LN_netscape_comment ossl_LN_netscape_comment -+#endif -+#ifdef ossl_NID_netscape_comment -+#define NID_netscape_comment ossl_NID_netscape_comment -+#endif -+#ifdef ossl_OBJ_netscape_comment -+#define OBJ_netscape_comment ossl_OBJ_netscape_comment -+#endif -+ -+#ifdef ossl_SN_netscape_cert_sequence -+#define SN_netscape_cert_sequence ossl_SN_netscape_cert_sequence -+#endif -+#ifdef ossl_LN_netscape_cert_sequence -+#define LN_netscape_cert_sequence ossl_LN_netscape_cert_sequence -+#endif -+#ifdef ossl_NID_netscape_cert_sequence -+#define NID_netscape_cert_sequence ossl_NID_netscape_cert_sequence -+#endif -+#ifdef ossl_OBJ_netscape_cert_sequence -+#define OBJ_netscape_cert_sequence ossl_OBJ_netscape_cert_sequence -+#endif -+ -+#ifdef ossl_SN_desx_cbc -+#define SN_desx_cbc ossl_SN_desx_cbc -+#endif -+#ifdef ossl_LN_desx_cbc -+#define LN_desx_cbc ossl_LN_desx_cbc -+#endif -+#ifdef ossl_NID_desx_cbc -+#define NID_desx_cbc ossl_NID_desx_cbc -+#endif -+ -+#ifdef ossl_SN_id_ce -+#define SN_id_ce ossl_SN_id_ce -+#endif -+#ifdef ossl_NID_id_ce -+#define NID_id_ce ossl_NID_id_ce -+#endif -+#ifdef ossl_OBJ_id_ce -+#define OBJ_id_ce ossl_OBJ_id_ce -+#endif -+ -+#ifdef ossl_SN_subject_key_identifier -+#define SN_subject_key_identifier ossl_SN_subject_key_identifier -+#endif -+#ifdef ossl_LN_subject_key_identifier -+#define LN_subject_key_identifier ossl_LN_subject_key_identifier -+#endif -+#ifdef ossl_NID_subject_key_identifier -+#define NID_subject_key_identifier ossl_NID_subject_key_identifier -+#endif -+#ifdef ossl_OBJ_subject_key_identifier -+#define OBJ_subject_key_identifier ossl_OBJ_subject_key_identifier -+#endif -+ -+#ifdef ossl_SN_key_usage -+#define SN_key_usage ossl_SN_key_usage -+#endif -+#ifdef ossl_LN_key_usage -+#define LN_key_usage ossl_LN_key_usage -+#endif -+#ifdef ossl_NID_key_usage -+#define NID_key_usage ossl_NID_key_usage -+#endif -+#ifdef ossl_OBJ_key_usage -+#define OBJ_key_usage ossl_OBJ_key_usage -+#endif -+ -+#ifdef ossl_SN_private_key_usage_period -+#define SN_private_key_usage_period ossl_SN_private_key_usage_period -+#endif -+#ifdef ossl_LN_private_key_usage_period -+#define LN_private_key_usage_period ossl_LN_private_key_usage_period -+#endif -+#ifdef ossl_NID_private_key_usage_period -+#define NID_private_key_usage_period ossl_NID_private_key_usage_period -+#endif -+#ifdef ossl_OBJ_private_key_usage_period -+#define OBJ_private_key_usage_period ossl_OBJ_private_key_usage_period -+#endif -+ -+#ifdef ossl_SN_subject_alt_name -+#define SN_subject_alt_name ossl_SN_subject_alt_name -+#endif -+#ifdef ossl_LN_subject_alt_name -+#define LN_subject_alt_name ossl_LN_subject_alt_name -+#endif -+#ifdef ossl_NID_subject_alt_name -+#define NID_subject_alt_name ossl_NID_subject_alt_name -+#endif -+#ifdef ossl_OBJ_subject_alt_name -+#define OBJ_subject_alt_name ossl_OBJ_subject_alt_name -+#endif -+ -+#ifdef ossl_SN_issuer_alt_name -+#define SN_issuer_alt_name ossl_SN_issuer_alt_name -+#endif -+#ifdef ossl_LN_issuer_alt_name -+#define LN_issuer_alt_name ossl_LN_issuer_alt_name -+#endif -+#ifdef ossl_NID_issuer_alt_name -+#define NID_issuer_alt_name ossl_NID_issuer_alt_name -+#endif -+#ifdef ossl_OBJ_issuer_alt_name -+#define OBJ_issuer_alt_name ossl_OBJ_issuer_alt_name -+#endif -+ -+#ifdef ossl_SN_basic_constraints -+#define SN_basic_constraints ossl_SN_basic_constraints -+#endif -+#ifdef ossl_LN_basic_constraints -+#define LN_basic_constraints ossl_LN_basic_constraints -+#endif -+#ifdef ossl_NID_basic_constraints -+#define NID_basic_constraints ossl_NID_basic_constraints -+#endif -+#ifdef ossl_OBJ_basic_constraints -+#define OBJ_basic_constraints ossl_OBJ_basic_constraints -+#endif -+ -+#ifdef ossl_SN_crl_number -+#define SN_crl_number ossl_SN_crl_number -+#endif -+#ifdef ossl_LN_crl_number -+#define LN_crl_number ossl_LN_crl_number -+#endif -+#ifdef ossl_NID_crl_number -+#define NID_crl_number ossl_NID_crl_number -+#endif -+#ifdef ossl_OBJ_crl_number -+#define OBJ_crl_number ossl_OBJ_crl_number -+#endif -+ -+#ifdef ossl_SN_certificate_policies -+#define SN_certificate_policies ossl_SN_certificate_policies -+#endif -+#ifdef ossl_LN_certificate_policies -+#define LN_certificate_policies ossl_LN_certificate_policies -+#endif -+#ifdef ossl_NID_certificate_policies -+#define NID_certificate_policies ossl_NID_certificate_policies -+#endif -+#ifdef ossl_OBJ_certificate_policies -+#define OBJ_certificate_policies ossl_OBJ_certificate_policies -+#endif -+ -+#ifdef ossl_SN_authority_key_identifier -+#define SN_authority_key_identifier ossl_SN_authority_key_identifier -+#endif -+#ifdef ossl_LN_authority_key_identifier -+#define LN_authority_key_identifier ossl_LN_authority_key_identifier -+#endif -+#ifdef ossl_NID_authority_key_identifier -+#define NID_authority_key_identifier ossl_NID_authority_key_identifier -+#endif -+#ifdef ossl_OBJ_authority_key_identifier -+#define OBJ_authority_key_identifier ossl_OBJ_authority_key_identifier -+#endif -+ -+#ifdef ossl_SN_bf_cbc -+#define SN_bf_cbc ossl_SN_bf_cbc -+#endif -+#ifdef ossl_LN_bf_cbc -+#define LN_bf_cbc ossl_LN_bf_cbc -+#endif -+#ifdef ossl_NID_bf_cbc -+#define NID_bf_cbc ossl_NID_bf_cbc -+#endif -+#ifdef ossl_OBJ_bf_cbc -+#define OBJ_bf_cbc ossl_OBJ_bf_cbc -+#endif -+ -+#ifdef ossl_SN_bf_ecb -+#define SN_bf_ecb ossl_SN_bf_ecb -+#endif -+#ifdef ossl_LN_bf_ecb -+#define LN_bf_ecb ossl_LN_bf_ecb -+#endif -+#ifdef ossl_NID_bf_ecb -+#define NID_bf_ecb ossl_NID_bf_ecb -+#endif -+ -+#ifdef ossl_SN_bf_cfb64 -+#define SN_bf_cfb64 ossl_SN_bf_cfb64 -+#endif -+#ifdef ossl_LN_bf_cfb64 -+#define LN_bf_cfb64 ossl_LN_bf_cfb64 -+#endif -+#ifdef ossl_NID_bf_cfb64 -+#define NID_bf_cfb64 ossl_NID_bf_cfb64 -+#endif -+ -+#ifdef ossl_SN_bf_ofb64 -+#define SN_bf_ofb64 ossl_SN_bf_ofb64 -+#endif -+#ifdef ossl_LN_bf_ofb64 -+#define LN_bf_ofb64 ossl_LN_bf_ofb64 -+#endif -+#ifdef ossl_NID_bf_ofb64 -+#define NID_bf_ofb64 ossl_NID_bf_ofb64 -+#endif -+ -+#ifdef ossl_SN_mdc2 -+#define SN_mdc2 ossl_SN_mdc2 -+#endif -+#ifdef ossl_LN_mdc2 -+#define LN_mdc2 ossl_LN_mdc2 -+#endif -+#ifdef ossl_NID_mdc2 -+#define NID_mdc2 ossl_NID_mdc2 -+#endif -+#ifdef ossl_OBJ_mdc2 -+#define OBJ_mdc2 ossl_OBJ_mdc2 -+#endif -+ -+#ifdef ossl_SN_mdc2WithRSA -+#define SN_mdc2WithRSA ossl_SN_mdc2WithRSA -+#endif -+#ifdef ossl_LN_mdc2WithRSA -+#define LN_mdc2WithRSA ossl_LN_mdc2WithRSA -+#endif -+#ifdef ossl_NID_mdc2WithRSA -+#define NID_mdc2WithRSA ossl_NID_mdc2WithRSA -+#endif -+#ifdef ossl_OBJ_mdc2WithRSA -+#define OBJ_mdc2WithRSA ossl_OBJ_mdc2WithRSA -+#endif -+ -+#ifdef ossl_SN_rc4_40 -+#define SN_rc4_40 ossl_SN_rc4_40 -+#endif -+#ifdef ossl_LN_rc4_40 -+#define LN_rc4_40 ossl_LN_rc4_40 -+#endif -+#ifdef ossl_NID_rc4_40 -+#define NID_rc4_40 ossl_NID_rc4_40 -+#endif -+ -+#ifdef ossl_SN_rc2_40_cbc -+#define SN_rc2_40_cbc ossl_SN_rc2_40_cbc -+#endif -+#ifdef ossl_LN_rc2_40_cbc -+#define LN_rc2_40_cbc ossl_LN_rc2_40_cbc -+#endif -+#ifdef ossl_NID_rc2_40_cbc -+#define NID_rc2_40_cbc ossl_NID_rc2_40_cbc -+#endif -+ -+#ifdef ossl_SN_givenName -+#define SN_givenName ossl_SN_givenName -+#endif -+#ifdef ossl_LN_givenName -+#define LN_givenName ossl_LN_givenName -+#endif -+#ifdef ossl_NID_givenName -+#define NID_givenName ossl_NID_givenName -+#endif -+#ifdef ossl_OBJ_givenName -+#define OBJ_givenName ossl_OBJ_givenName -+#endif -+ -+#ifdef ossl_SN_surname -+#define SN_surname ossl_SN_surname -+#endif -+#ifdef ossl_LN_surname -+#define LN_surname ossl_LN_surname -+#endif -+#ifdef ossl_NID_surname -+#define NID_surname ossl_NID_surname -+#endif -+#ifdef ossl_OBJ_surname -+#define OBJ_surname ossl_OBJ_surname -+#endif -+ -+#ifdef ossl_SN_initials -+#define SN_initials ossl_SN_initials -+#endif -+#ifdef ossl_LN_initials -+#define LN_initials ossl_LN_initials -+#endif -+#ifdef ossl_NID_initials -+#define NID_initials ossl_NID_initials -+#endif -+#ifdef ossl_OBJ_initials -+#define OBJ_initials ossl_OBJ_initials -+#endif -+ -+#ifdef ossl_SN_crl_distribution_points -+#define SN_crl_distribution_points ossl_SN_crl_distribution_points -+#endif -+#ifdef ossl_LN_crl_distribution_points -+#define LN_crl_distribution_points ossl_LN_crl_distribution_points -+#endif -+#ifdef ossl_NID_crl_distribution_points -+#define NID_crl_distribution_points ossl_NID_crl_distribution_points -+#endif -+#ifdef ossl_OBJ_crl_distribution_points -+#define OBJ_crl_distribution_points ossl_OBJ_crl_distribution_points -+#endif -+ -+#ifdef ossl_SN_md5WithRSA -+#define SN_md5WithRSA ossl_SN_md5WithRSA -+#endif -+#ifdef ossl_LN_md5WithRSA -+#define LN_md5WithRSA ossl_LN_md5WithRSA -+#endif -+#ifdef ossl_NID_md5WithRSA -+#define NID_md5WithRSA ossl_NID_md5WithRSA -+#endif -+#ifdef ossl_OBJ_md5WithRSA -+#define OBJ_md5WithRSA ossl_OBJ_md5WithRSA -+#endif -+ -+#ifdef ossl_LN_serialNumber -+#define LN_serialNumber ossl_LN_serialNumber -+#endif -+#ifdef ossl_NID_serialNumber -+#define NID_serialNumber ossl_NID_serialNumber -+#endif -+#ifdef ossl_OBJ_serialNumber -+#define OBJ_serialNumber ossl_OBJ_serialNumber -+#endif -+ -+#ifdef ossl_SN_title -+#define SN_title ossl_SN_title -+#endif -+#ifdef ossl_LN_title -+#define LN_title ossl_LN_title -+#endif -+#ifdef ossl_NID_title -+#define NID_title ossl_NID_title -+#endif -+#ifdef ossl_OBJ_title -+#define OBJ_title ossl_OBJ_title -+#endif -+ -+#ifdef ossl_LN_description -+#define LN_description ossl_LN_description -+#endif -+#ifdef ossl_NID_description -+#define NID_description ossl_NID_description -+#endif -+#ifdef ossl_OBJ_description -+#define OBJ_description ossl_OBJ_description -+#endif -+ -+#ifdef ossl_SN_cast5_cbc -+#define SN_cast5_cbc ossl_SN_cast5_cbc -+#endif -+#ifdef ossl_LN_cast5_cbc -+#define LN_cast5_cbc ossl_LN_cast5_cbc -+#endif -+#ifdef ossl_NID_cast5_cbc -+#define NID_cast5_cbc ossl_NID_cast5_cbc -+#endif -+#ifdef ossl_OBJ_cast5_cbc -+#define OBJ_cast5_cbc ossl_OBJ_cast5_cbc -+#endif -+ -+#ifdef ossl_SN_cast5_ecb -+#define SN_cast5_ecb ossl_SN_cast5_ecb -+#endif -+#ifdef ossl_LN_cast5_ecb -+#define LN_cast5_ecb ossl_LN_cast5_ecb -+#endif -+#ifdef ossl_NID_cast5_ecb -+#define NID_cast5_ecb ossl_NID_cast5_ecb -+#endif -+ -+#ifdef ossl_SN_cast5_cfb64 -+#define SN_cast5_cfb64 ossl_SN_cast5_cfb64 -+#endif -+#ifdef ossl_LN_cast5_cfb64 -+#define LN_cast5_cfb64 ossl_LN_cast5_cfb64 -+#endif -+#ifdef ossl_NID_cast5_cfb64 -+#define NID_cast5_cfb64 ossl_NID_cast5_cfb64 -+#endif -+ -+#ifdef ossl_SN_cast5_ofb64 -+#define SN_cast5_ofb64 ossl_SN_cast5_ofb64 -+#endif -+#ifdef ossl_LN_cast5_ofb64 -+#define LN_cast5_ofb64 ossl_LN_cast5_ofb64 -+#endif -+#ifdef ossl_NID_cast5_ofb64 -+#define NID_cast5_ofb64 ossl_NID_cast5_ofb64 -+#endif -+ -+#ifdef ossl_LN_pbeWithMD5AndCast5_CBC -+#define LN_pbeWithMD5AndCast5_CBC ossl_LN_pbeWithMD5AndCast5_CBC -+#endif -+#ifdef ossl_NID_pbeWithMD5AndCast5_CBC -+#define NID_pbeWithMD5AndCast5_CBC ossl_NID_pbeWithMD5AndCast5_CBC -+#endif -+#ifdef ossl_OBJ_pbeWithMD5AndCast5_CBC -+#define OBJ_pbeWithMD5AndCast5_CBC ossl_OBJ_pbeWithMD5AndCast5_CBC -+#endif -+ -+#ifdef ossl_SN_dsaWithSHA1 -+#define SN_dsaWithSHA1 ossl_SN_dsaWithSHA1 -+#endif -+#ifdef ossl_LN_dsaWithSHA1 -+#define LN_dsaWithSHA1 ossl_LN_dsaWithSHA1 -+#endif -+#ifdef ossl_NID_dsaWithSHA1 -+#define NID_dsaWithSHA1 ossl_NID_dsaWithSHA1 -+#endif -+#ifdef ossl_OBJ_dsaWithSHA1 -+#define OBJ_dsaWithSHA1 ossl_OBJ_dsaWithSHA1 -+#endif -+ -+#ifdef ossl_SN_md5_sha1 -+#define SN_md5_sha1 ossl_SN_md5_sha1 -+#endif -+#ifdef ossl_LN_md5_sha1 -+#define LN_md5_sha1 ossl_LN_md5_sha1 -+#endif -+#ifdef ossl_NID_md5_sha1 -+#define NID_md5_sha1 ossl_NID_md5_sha1 -+#endif -+ -+#ifdef ossl_SN_sha1WithRSA -+#define SN_sha1WithRSA ossl_SN_sha1WithRSA -+#endif -+#ifdef ossl_LN_sha1WithRSA -+#define LN_sha1WithRSA ossl_LN_sha1WithRSA -+#endif -+#ifdef ossl_NID_sha1WithRSA -+#define NID_sha1WithRSA ossl_NID_sha1WithRSA -+#endif -+#ifdef ossl_OBJ_sha1WithRSA -+#define OBJ_sha1WithRSA ossl_OBJ_sha1WithRSA -+#endif -+ -+#ifdef ossl_SN_dsa -+#define SN_dsa ossl_SN_dsa -+#endif -+#ifdef ossl_LN_dsa -+#define LN_dsa ossl_LN_dsa -+#endif -+#ifdef ossl_NID_dsa -+#define NID_dsa ossl_NID_dsa -+#endif -+#ifdef ossl_OBJ_dsa -+#define OBJ_dsa ossl_OBJ_dsa -+#endif -+ -+#ifdef ossl_SN_ripemd160 -+#define SN_ripemd160 ossl_SN_ripemd160 -+#endif -+#ifdef ossl_LN_ripemd160 -+#define LN_ripemd160 ossl_LN_ripemd160 -+#endif -+#ifdef ossl_NID_ripemd160 -+#define NID_ripemd160 ossl_NID_ripemd160 -+#endif -+#ifdef ossl_OBJ_ripemd160 -+#define OBJ_ripemd160 ossl_OBJ_ripemd160 -+#endif -+ -+#ifdef ossl_SN_ripemd160WithRSA -+#define SN_ripemd160WithRSA ossl_SN_ripemd160WithRSA -+#endif -+#ifdef ossl_LN_ripemd160WithRSA -+#define LN_ripemd160WithRSA ossl_LN_ripemd160WithRSA -+#endif -+#ifdef ossl_NID_ripemd160WithRSA -+#define NID_ripemd160WithRSA ossl_NID_ripemd160WithRSA -+#endif -+#ifdef ossl_OBJ_ripemd160WithRSA -+#define OBJ_ripemd160WithRSA ossl_OBJ_ripemd160WithRSA -+#endif -+ -+#ifdef ossl_SN_rc5_cbc -+#define SN_rc5_cbc ossl_SN_rc5_cbc -+#endif -+#ifdef ossl_LN_rc5_cbc -+#define LN_rc5_cbc ossl_LN_rc5_cbc -+#endif -+#ifdef ossl_NID_rc5_cbc -+#define NID_rc5_cbc ossl_NID_rc5_cbc -+#endif -+#ifdef ossl_OBJ_rc5_cbc -+#define OBJ_rc5_cbc ossl_OBJ_rc5_cbc -+#endif -+ -+#ifdef ossl_SN_rc5_ecb -+#define SN_rc5_ecb ossl_SN_rc5_ecb -+#endif -+#ifdef ossl_LN_rc5_ecb -+#define LN_rc5_ecb ossl_LN_rc5_ecb -+#endif -+#ifdef ossl_NID_rc5_ecb -+#define NID_rc5_ecb ossl_NID_rc5_ecb -+#endif -+ -+#ifdef ossl_SN_rc5_cfb64 -+#define SN_rc5_cfb64 ossl_SN_rc5_cfb64 -+#endif -+#ifdef ossl_LN_rc5_cfb64 -+#define LN_rc5_cfb64 ossl_LN_rc5_cfb64 -+#endif -+#ifdef ossl_NID_rc5_cfb64 -+#define NID_rc5_cfb64 ossl_NID_rc5_cfb64 -+#endif -+ -+#ifdef ossl_SN_rc5_ofb64 -+#define SN_rc5_ofb64 ossl_SN_rc5_ofb64 -+#endif -+#ifdef ossl_LN_rc5_ofb64 -+#define LN_rc5_ofb64 ossl_LN_rc5_ofb64 -+#endif -+#ifdef ossl_NID_rc5_ofb64 -+#define NID_rc5_ofb64 ossl_NID_rc5_ofb64 -+#endif -+ -+#ifdef ossl_SN_zlib_compression -+#define SN_zlib_compression ossl_SN_zlib_compression -+#endif -+#ifdef ossl_LN_zlib_compression -+#define LN_zlib_compression ossl_LN_zlib_compression -+#endif -+#ifdef ossl_NID_zlib_compression -+#define NID_zlib_compression ossl_NID_zlib_compression -+#endif -+#ifdef ossl_OBJ_zlib_compression -+#define OBJ_zlib_compression ossl_OBJ_zlib_compression -+#endif -+ -+#ifdef ossl_SN_ext_key_usage -+#define SN_ext_key_usage ossl_SN_ext_key_usage -+#endif -+#ifdef ossl_LN_ext_key_usage -+#define LN_ext_key_usage ossl_LN_ext_key_usage -+#endif -+#ifdef ossl_NID_ext_key_usage -+#define NID_ext_key_usage ossl_NID_ext_key_usage -+#endif -+#ifdef ossl_OBJ_ext_key_usage -+#define OBJ_ext_key_usage ossl_OBJ_ext_key_usage -+#endif -+ -+#ifdef ossl_SN_id_pkix -+#define SN_id_pkix ossl_SN_id_pkix -+#endif -+#ifdef ossl_NID_id_pkix -+#define NID_id_pkix ossl_NID_id_pkix -+#endif -+#ifdef ossl_OBJ_id_pkix -+#define OBJ_id_pkix ossl_OBJ_id_pkix -+#endif -+ -+#ifdef ossl_SN_id_kp -+#define SN_id_kp ossl_SN_id_kp -+#endif -+#ifdef ossl_NID_id_kp -+#define NID_id_kp ossl_NID_id_kp -+#endif -+#ifdef ossl_OBJ_id_kp -+#define OBJ_id_kp ossl_OBJ_id_kp -+#endif -+ -+#ifdef ossl_SN_server_auth -+#define SN_server_auth ossl_SN_server_auth -+#endif -+#ifdef ossl_LN_server_auth -+#define LN_server_auth ossl_LN_server_auth -+#endif -+#ifdef ossl_NID_server_auth -+#define NID_server_auth ossl_NID_server_auth -+#endif -+#ifdef ossl_OBJ_server_auth -+#define OBJ_server_auth ossl_OBJ_server_auth -+#endif -+ -+#ifdef ossl_SN_client_auth -+#define SN_client_auth ossl_SN_client_auth -+#endif -+#ifdef ossl_LN_client_auth -+#define LN_client_auth ossl_LN_client_auth -+#endif -+#ifdef ossl_NID_client_auth -+#define NID_client_auth ossl_NID_client_auth -+#endif -+#ifdef ossl_OBJ_client_auth -+#define OBJ_client_auth ossl_OBJ_client_auth -+#endif -+ -+#ifdef ossl_SN_code_sign -+#define SN_code_sign ossl_SN_code_sign -+#endif -+#ifdef ossl_LN_code_sign -+#define LN_code_sign ossl_LN_code_sign -+#endif -+#ifdef ossl_NID_code_sign -+#define NID_code_sign ossl_NID_code_sign -+#endif -+#ifdef ossl_OBJ_code_sign -+#define OBJ_code_sign ossl_OBJ_code_sign -+#endif -+ -+#ifdef ossl_SN_email_protect -+#define SN_email_protect ossl_SN_email_protect -+#endif -+#ifdef ossl_LN_email_protect -+#define LN_email_protect ossl_LN_email_protect -+#endif -+#ifdef ossl_NID_email_protect -+#define NID_email_protect ossl_NID_email_protect -+#endif -+#ifdef ossl_OBJ_email_protect -+#define OBJ_email_protect ossl_OBJ_email_protect -+#endif -+ -+#ifdef ossl_SN_time_stamp -+#define SN_time_stamp ossl_SN_time_stamp -+#endif -+#ifdef ossl_LN_time_stamp -+#define LN_time_stamp ossl_LN_time_stamp -+#endif -+#ifdef ossl_NID_time_stamp -+#define NID_time_stamp ossl_NID_time_stamp -+#endif -+#ifdef ossl_OBJ_time_stamp -+#define OBJ_time_stamp ossl_OBJ_time_stamp -+#endif -+ -+#ifdef ossl_SN_ms_code_ind -+#define SN_ms_code_ind ossl_SN_ms_code_ind -+#endif -+#ifdef ossl_LN_ms_code_ind -+#define LN_ms_code_ind ossl_LN_ms_code_ind -+#endif -+#ifdef ossl_NID_ms_code_ind -+#define NID_ms_code_ind ossl_NID_ms_code_ind -+#endif -+#ifdef ossl_OBJ_ms_code_ind -+#define OBJ_ms_code_ind ossl_OBJ_ms_code_ind -+#endif -+ -+#ifdef ossl_SN_ms_code_com -+#define SN_ms_code_com ossl_SN_ms_code_com -+#endif -+#ifdef ossl_LN_ms_code_com -+#define LN_ms_code_com ossl_LN_ms_code_com -+#endif -+#ifdef ossl_NID_ms_code_com -+#define NID_ms_code_com ossl_NID_ms_code_com -+#endif -+#ifdef ossl_OBJ_ms_code_com -+#define OBJ_ms_code_com ossl_OBJ_ms_code_com -+#endif -+ -+#ifdef ossl_SN_ms_ctl_sign -+#define SN_ms_ctl_sign ossl_SN_ms_ctl_sign -+#endif -+#ifdef ossl_LN_ms_ctl_sign -+#define LN_ms_ctl_sign ossl_LN_ms_ctl_sign -+#endif -+#ifdef ossl_NID_ms_ctl_sign -+#define NID_ms_ctl_sign ossl_NID_ms_ctl_sign -+#endif -+#ifdef ossl_OBJ_ms_ctl_sign -+#define OBJ_ms_ctl_sign ossl_OBJ_ms_ctl_sign -+#endif -+ -+#ifdef ossl_SN_ms_sgc -+#define SN_ms_sgc ossl_SN_ms_sgc -+#endif -+#ifdef ossl_LN_ms_sgc -+#define LN_ms_sgc ossl_LN_ms_sgc -+#endif -+#ifdef ossl_NID_ms_sgc -+#define NID_ms_sgc ossl_NID_ms_sgc -+#endif -+#ifdef ossl_OBJ_ms_sgc -+#define OBJ_ms_sgc ossl_OBJ_ms_sgc -+#endif -+ -+#ifdef ossl_SN_ms_efs -+#define SN_ms_efs ossl_SN_ms_efs -+#endif -+#ifdef ossl_LN_ms_efs -+#define LN_ms_efs ossl_LN_ms_efs -+#endif -+#ifdef ossl_NID_ms_efs -+#define NID_ms_efs ossl_NID_ms_efs -+#endif -+#ifdef ossl_OBJ_ms_efs -+#define OBJ_ms_efs ossl_OBJ_ms_efs -+#endif -+ -+#ifdef ossl_SN_ns_sgc -+#define SN_ns_sgc ossl_SN_ns_sgc -+#endif -+#ifdef ossl_LN_ns_sgc -+#define LN_ns_sgc ossl_LN_ns_sgc -+#endif -+#ifdef ossl_NID_ns_sgc -+#define NID_ns_sgc ossl_NID_ns_sgc -+#endif -+#ifdef ossl_OBJ_ns_sgc -+#define OBJ_ns_sgc ossl_OBJ_ns_sgc -+#endif -+ -+#ifdef ossl_SN_delta_crl -+#define SN_delta_crl ossl_SN_delta_crl -+#endif -+#ifdef ossl_LN_delta_crl -+#define LN_delta_crl ossl_LN_delta_crl -+#endif -+#ifdef ossl_NID_delta_crl -+#define NID_delta_crl ossl_NID_delta_crl -+#endif -+#ifdef ossl_OBJ_delta_crl -+#define OBJ_delta_crl ossl_OBJ_delta_crl -+#endif -+ -+#ifdef ossl_SN_crl_reason -+#define SN_crl_reason ossl_SN_crl_reason -+#endif -+#ifdef ossl_LN_crl_reason -+#define LN_crl_reason ossl_LN_crl_reason -+#endif -+#ifdef ossl_NID_crl_reason -+#define NID_crl_reason ossl_NID_crl_reason -+#endif -+#ifdef ossl_OBJ_crl_reason -+#define OBJ_crl_reason ossl_OBJ_crl_reason -+#endif -+ -+#ifdef ossl_SN_invalidity_date -+#define SN_invalidity_date ossl_SN_invalidity_date -+#endif -+#ifdef ossl_LN_invalidity_date -+#define LN_invalidity_date ossl_LN_invalidity_date -+#endif -+#ifdef ossl_NID_invalidity_date -+#define NID_invalidity_date ossl_NID_invalidity_date -+#endif -+#ifdef ossl_OBJ_invalidity_date -+#define OBJ_invalidity_date ossl_OBJ_invalidity_date -+#endif -+ -+#ifdef ossl_SN_sxnet -+#define SN_sxnet ossl_SN_sxnet -+#endif -+#ifdef ossl_LN_sxnet -+#define LN_sxnet ossl_LN_sxnet -+#endif -+#ifdef ossl_NID_sxnet -+#define NID_sxnet ossl_NID_sxnet -+#endif -+#ifdef ossl_OBJ_sxnet -+#define OBJ_sxnet ossl_OBJ_sxnet -+#endif -+ -+#ifdef ossl_SN_pbe_WithSHA1And128BitRC4 -+#define SN_pbe_WithSHA1And128BitRC4 ossl_SN_pbe_WithSHA1And128BitRC4 -+#endif -+#ifdef ossl_LN_pbe_WithSHA1And128BitRC4 -+#define LN_pbe_WithSHA1And128BitRC4 ossl_LN_pbe_WithSHA1And128BitRC4 -+#endif -+#ifdef ossl_NID_pbe_WithSHA1And128BitRC4 -+#define NID_pbe_WithSHA1And128BitRC4 ossl_NID_pbe_WithSHA1And128BitRC4 -+#endif -+#ifdef ossl_OBJ_pbe_WithSHA1And128BitRC4 -+#define OBJ_pbe_WithSHA1And128BitRC4 ossl_OBJ_pbe_WithSHA1And128BitRC4 -+#endif -+ -+#ifdef ossl_SN_pbe_WithSHA1And40BitRC4 -+#define SN_pbe_WithSHA1And40BitRC4 ossl_SN_pbe_WithSHA1And40BitRC4 -+#endif -+#ifdef ossl_LN_pbe_WithSHA1And40BitRC4 -+#define LN_pbe_WithSHA1And40BitRC4 ossl_LN_pbe_WithSHA1And40BitRC4 -+#endif -+#ifdef ossl_NID_pbe_WithSHA1And40BitRC4 -+#define NID_pbe_WithSHA1And40BitRC4 ossl_NID_pbe_WithSHA1And40BitRC4 -+#endif -+#ifdef ossl_OBJ_pbe_WithSHA1And40BitRC4 -+#define OBJ_pbe_WithSHA1And40BitRC4 ossl_OBJ_pbe_WithSHA1And40BitRC4 -+#endif -+ -+#ifdef ossl_SN_pbe_WithSHA1And3_Key_TripleDES_CBC -+#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC ossl_SN_pbe_WithSHA1And3_Key_TripleDES_CBC -+#endif -+#ifdef ossl_LN_pbe_WithSHA1And3_Key_TripleDES_CBC -+#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC ossl_LN_pbe_WithSHA1And3_Key_TripleDES_CBC -+#endif -+#ifdef ossl_NID_pbe_WithSHA1And3_Key_TripleDES_CBC -+#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC ossl_NID_pbe_WithSHA1And3_Key_TripleDES_CBC -+#endif -+#ifdef ossl_OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC -+#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC ossl_OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC -+#endif -+ -+ -+#ifdef ossl_SN_pbe_WithSHA1And2_Key_TripleDES_CBC -+#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC ossl_SN_pbe_WithSHA1And2_Key_TripleDES_CBC -+#endif -+#ifdef ossl_LN_pbe_WithSHA1And2_Key_TripleDES_CBC -+#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC ossl_LN_pbe_WithSHA1And2_Key_TripleDES_CBC -+#endif -+#ifdef ossl_NID_pbe_WithSHA1And2_Key_TripleDES_CBC -+#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC ossl_NID_pbe_WithSHA1And2_Key_TripleDES_CBC -+#endif -+#ifdef ossl_OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC -+#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC ossl_OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC -+#endif -+ -+ -+#ifdef ossl_SN_pbe_WithSHA1And128BitRC2_CBC -+#define SN_pbe_WithSHA1And128BitRC2_CBC ossl_SN_pbe_WithSHA1And128BitRC2_CBC -+#endif -+#ifdef ossl_LN_pbe_WithSHA1And128BitRC2_CBC -+#define LN_pbe_WithSHA1And128BitRC2_CBC ossl_LN_pbe_WithSHA1And128BitRC2_CBC -+#endif -+#ifdef ossl_NID_pbe_WithSHA1And128BitRC2_CBC -+#define NID_pbe_WithSHA1And128BitRC2_CBC ossl_NID_pbe_WithSHA1And128BitRC2_CBC -+#endif -+#ifdef ossl_OBJ_pbe_WithSHA1And128BitRC2_CBC -+#define OBJ_pbe_WithSHA1And128BitRC2_CBC ossl_OBJ_pbe_WithSHA1And128BitRC2_CBC -+#endif -+ -+#ifdef ossl_SN_pbe_WithSHA1And40BitRC2_CBC -+#define SN_pbe_WithSHA1And40BitRC2_CBC ossl_SN_pbe_WithSHA1And40BitRC2_CBC -+#endif -+#ifdef ossl_LN_pbe_WithSHA1And40BitRC2_CBC -+#define LN_pbe_WithSHA1And40BitRC2_CBC ossl_LN_pbe_WithSHA1And40BitRC2_CBC -+#endif -+#ifdef ossl_NID_pbe_WithSHA1And40BitRC2_CBC -+#define NID_pbe_WithSHA1And40BitRC2_CBC ossl_NID_pbe_WithSHA1And40BitRC2_CBC -+#endif -+#ifdef ossl_OBJ_pbe_WithSHA1And40BitRC2_CBC -+#define OBJ_pbe_WithSHA1And40BitRC2_CBC ossl_OBJ_pbe_WithSHA1And40BitRC2_CBC -+#endif -+ -+#ifdef ossl_LN_keyBag -+#define LN_keyBag ossl_LN_keyBag -+#endif -+#ifdef ossl_NID_keyBag -+#define NID_keyBag ossl_NID_keyBag -+#endif -+#ifdef ossl_OBJ_keyBag -+#define OBJ_keyBag ossl_OBJ_keyBag -+#endif -+ -+#ifdef ossl_LN_pkcs8ShroudedKeyBag -+#define LN_pkcs8ShroudedKeyBag ossl_LN_pkcs8ShroudedKeyBag -+#endif -+#ifdef ossl_NID_pkcs8ShroudedKeyBag -+#define NID_pkcs8ShroudedKeyBag ossl_NID_pkcs8ShroudedKeyBag -+#endif -+#ifdef ossl_OBJ_pkcs8ShroudedKeyBag -+#define OBJ_pkcs8ShroudedKeyBag ossl_OBJ_pkcs8ShroudedKeyBag -+#endif -+ -+#ifdef ossl_LN_certBag -+#define LN_certBag ossl_LN_certBag -+#endif -+#ifdef ossl_NID_certBag -+#define NID_certBag ossl_NID_certBag -+#endif -+#ifdef ossl_OBJ_certBag -+#define OBJ_certBag ossl_OBJ_certBag -+#endif -+ -+#ifdef ossl_LN_crlBag -+#define LN_crlBag ossl_LN_crlBag -+#endif -+#ifdef ossl_NID_crlBag -+#define NID_crlBag ossl_NID_crlBag -+#endif -+#ifdef ossl_OBJ_crlBag -+#define OBJ_crlBag ossl_OBJ_crlBag -+#endif -+ -+#ifdef ossl_LN_secretBag -+#define LN_secretBag ossl_LN_secretBag -+#endif -+#ifdef ossl_NID_secretBag -+#define NID_secretBag ossl_NID_secretBag -+#endif -+#ifdef ossl_OBJ_secretBag -+#define OBJ_secretBag ossl_OBJ_secretBag -+#endif -+ -+#ifdef ossl_LN_safeContentsBag -+#define LN_safeContentsBag ossl_LN_safeContentsBag -+#endif -+#ifdef ossl_NID_safeContentsBag -+#define NID_safeContentsBag ossl_NID_safeContentsBag -+#endif -+#ifdef ossl_OBJ_safeContentsBag -+#define OBJ_safeContentsBag ossl_OBJ_safeContentsBag -+#endif -+ -+#ifdef ossl_LN_friendlyName -+#define LN_friendlyName ossl_LN_friendlyName -+#endif -+#ifdef ossl_NID_friendlyName -+#define NID_friendlyName ossl_NID_friendlyName -+#endif -+#ifdef ossl_OBJ_friendlyName -+#define OBJ_friendlyName ossl_OBJ_friendlyName -+#endif -+ -+#ifdef ossl_LN_localKeyID -+#define LN_localKeyID ossl_LN_localKeyID -+#endif -+#ifdef ossl_NID_localKeyID -+#define NID_localKeyID ossl_NID_localKeyID -+#endif -+#ifdef ossl_OBJ_localKeyID -+#define OBJ_localKeyID ossl_OBJ_localKeyID -+#endif -+ -+#ifdef ossl_LN_x509Certificate -+#define LN_x509Certificate ossl_LN_x509Certificate -+#endif -+#ifdef ossl_NID_x509Certificate -+#define NID_x509Certificate ossl_NID_x509Certificate -+#endif -+#ifdef ossl_OBJ_x509Certificate -+#define OBJ_x509Certificate ossl_OBJ_x509Certificate -+#endif -+ -+#ifdef ossl_LN_sdsiCertificate -+#define LN_sdsiCertificate ossl_LN_sdsiCertificate -+#endif -+#ifdef ossl_NID_sdsiCertificate -+#define NID_sdsiCertificate ossl_NID_sdsiCertificate -+#endif -+#ifdef ossl_OBJ_sdsiCertificate -+#define OBJ_sdsiCertificate ossl_OBJ_sdsiCertificate -+#endif -+ -+#ifdef ossl_LN_x509Crl -+#define LN_x509Crl ossl_LN_x509Crl -+#endif -+#ifdef ossl_NID_x509Crl -+#define NID_x509Crl ossl_NID_x509Crl -+#endif -+#ifdef ossl_OBJ_x509Crl -+#define OBJ_x509Crl ossl_OBJ_x509Crl -+#endif -+ -+#ifdef ossl_LN_pbes2 -+#define LN_pbes2 ossl_LN_pbes2 -+#endif -+#ifdef ossl_NID_pbes2 -+#define NID_pbes2 ossl_NID_pbes2 -+#endif -+#ifdef ossl_OBJ_pbes2 -+#define OBJ_pbes2 ossl_OBJ_pbes2 -+#endif -+ -+#ifdef ossl_LN_pbmac1 -+#define LN_pbmac1 ossl_LN_pbmac1 -+#endif -+#ifdef ossl_NID_pbmac1 -+#define NID_pbmac1 ossl_NID_pbmac1 -+#endif -+#ifdef ossl_OBJ_pbmac1 -+#define OBJ_pbmac1 ossl_OBJ_pbmac1 -+#endif -+ -+#ifdef ossl_LN_hmacWithSHA1 -+#define LN_hmacWithSHA1 ossl_LN_hmacWithSHA1 -+#endif -+#ifdef ossl_NID_hmacWithSHA1 -+#define NID_hmacWithSHA1 ossl_NID_hmacWithSHA1 -+#endif -+#ifdef ossl_OBJ_hmacWithSHA1 -+#define OBJ_hmacWithSHA1 ossl_OBJ_hmacWithSHA1 -+#endif -+ -+#ifdef ossl_SN_id_qt_cps -+#define SN_id_qt_cps ossl_SN_id_qt_cps -+#endif -+#ifdef ossl_LN_id_qt_cps -+#define LN_id_qt_cps ossl_LN_id_qt_cps -+#endif -+#ifdef ossl_NID_id_qt_cps -+#define NID_id_qt_cps ossl_NID_id_qt_cps -+#endif -+#ifdef ossl_OBJ_id_qt_cps -+#define OBJ_id_qt_cps ossl_OBJ_id_qt_cps -+#endif -+ -+#ifdef ossl_SN_id_qt_unotice -+#define SN_id_qt_unotice ossl_SN_id_qt_unotice -+#endif -+#ifdef ossl_LN_id_qt_unotice -+#define LN_id_qt_unotice ossl_LN_id_qt_unotice -+#endif -+#ifdef ossl_NID_id_qt_unotice -+#define NID_id_qt_unotice ossl_NID_id_qt_unotice -+#endif -+#ifdef ossl_OBJ_id_qt_unotice -+#define OBJ_id_qt_unotice ossl_OBJ_id_qt_unotice -+#endif -+ -+#ifdef ossl_SN_rc2_64_cbc -+#define SN_rc2_64_cbc ossl_SN_rc2_64_cbc -+#endif -+#ifdef ossl_LN_rc2_64_cbc -+#define LN_rc2_64_cbc ossl_LN_rc2_64_cbc -+#endif -+#ifdef ossl_NID_rc2_64_cbc -+#define NID_rc2_64_cbc ossl_NID_rc2_64_cbc -+#endif -+ -+#ifdef ossl_SN_SMIMECapabilities -+#define SN_SMIMECapabilities ossl_SN_SMIMECapabilities -+#endif -+#ifdef ossl_LN_SMIMECapabilities -+#define LN_SMIMECapabilities ossl_LN_SMIMECapabilities -+#endif -+#ifdef ossl_NID_SMIMECapabilities -+#define NID_SMIMECapabilities ossl_NID_SMIMECapabilities -+#endif -+#ifdef ossl_OBJ_SMIMECapabilities -+#define OBJ_SMIMECapabilities ossl_OBJ_SMIMECapabilities -+#endif -+ -+#ifdef ossl_SN_pbeWithMD2AndRC2_CBC -+#define SN_pbeWithMD2AndRC2_CBC ossl_SN_pbeWithMD2AndRC2_CBC -+#endif -+#ifdef ossl_LN_pbeWithMD2AndRC2_CBC -+#define LN_pbeWithMD2AndRC2_CBC ossl_LN_pbeWithMD2AndRC2_CBC -+#endif -+#ifdef ossl_NID_pbeWithMD2AndRC2_CBC -+#define NID_pbeWithMD2AndRC2_CBC ossl_NID_pbeWithMD2AndRC2_CBC -+#endif -+#ifdef ossl_OBJ_pbeWithMD2AndRC2_CBC -+#define OBJ_pbeWithMD2AndRC2_CBC ossl_OBJ_pbeWithMD2AndRC2_CBC -+#endif -+ -+#ifdef ossl_SN_pbeWithMD5AndRC2_CBC -+#define SN_pbeWithMD5AndRC2_CBC ossl_SN_pbeWithMD5AndRC2_CBC -+#endif -+#ifdef ossl_LN_pbeWithMD5AndRC2_CBC -+#define LN_pbeWithMD5AndRC2_CBC ossl_LN_pbeWithMD5AndRC2_CBC -+#endif -+#ifdef ossl_NID_pbeWithMD5AndRC2_CBC -+#define NID_pbeWithMD5AndRC2_CBC ossl_NID_pbeWithMD5AndRC2_CBC -+#endif -+#ifdef ossl_OBJ_pbeWithMD5AndRC2_CBC -+#define OBJ_pbeWithMD5AndRC2_CBC ossl_OBJ_pbeWithMD5AndRC2_CBC -+#endif -+ -+#ifdef ossl_SN_pbeWithSHA1AndDES_CBC -+#define SN_pbeWithSHA1AndDES_CBC ossl_SN_pbeWithSHA1AndDES_CBC -+#endif -+#ifdef ossl_LN_pbeWithSHA1AndDES_CBC -+#define LN_pbeWithSHA1AndDES_CBC ossl_LN_pbeWithSHA1AndDES_CBC -+#endif -+#ifdef ossl_NID_pbeWithSHA1AndDES_CBC -+#define NID_pbeWithSHA1AndDES_CBC ossl_NID_pbeWithSHA1AndDES_CBC -+#endif -+#ifdef ossl_OBJ_pbeWithSHA1AndDES_CBC -+#define OBJ_pbeWithSHA1AndDES_CBC ossl_OBJ_pbeWithSHA1AndDES_CBC -+#endif -+ -+#ifdef ossl_SN_ms_ext_req -+#define SN_ms_ext_req ossl_SN_ms_ext_req -+#endif -+#ifdef ossl_LN_ms_ext_req -+#define LN_ms_ext_req ossl_LN_ms_ext_req -+#endif -+#ifdef ossl_NID_ms_ext_req -+#define NID_ms_ext_req ossl_NID_ms_ext_req -+#endif -+#ifdef ossl_OBJ_ms_ext_req -+#define OBJ_ms_ext_req ossl_OBJ_ms_ext_req -+#endif -+ -+#ifdef ossl_SN_ext_req -+#define SN_ext_req ossl_SN_ext_req -+#endif -+#ifdef ossl_LN_ext_req -+#define LN_ext_req ossl_LN_ext_req -+#endif -+#ifdef ossl_NID_ext_req -+#define NID_ext_req ossl_NID_ext_req -+#endif -+#ifdef ossl_OBJ_ext_req -+#define OBJ_ext_req ossl_OBJ_ext_req -+#endif -+ -+#ifdef ossl_SN_name -+#define SN_name ossl_SN_name -+#endif -+#ifdef ossl_LN_name -+#define LN_name ossl_LN_name -+#endif -+#ifdef ossl_NID_name -+#define NID_name ossl_NID_name -+#endif -+#ifdef ossl_OBJ_name -+#define OBJ_name ossl_OBJ_name -+#endif -+ -+#ifdef ossl_SN_dnQualifier -+#define SN_dnQualifier ossl_SN_dnQualifier -+#endif -+#ifdef ossl_LN_dnQualifier -+#define LN_dnQualifier ossl_LN_dnQualifier -+#endif -+#ifdef ossl_NID_dnQualifier -+#define NID_dnQualifier ossl_NID_dnQualifier -+#endif -+#ifdef ossl_OBJ_dnQualifier -+#define OBJ_dnQualifier ossl_OBJ_dnQualifier -+#endif -+ -+#ifdef ossl_SN_id_pe -+#define SN_id_pe ossl_SN_id_pe -+#endif -+#ifdef ossl_NID_id_pe -+#define NID_id_pe ossl_NID_id_pe -+#endif -+#ifdef ossl_OBJ_id_pe -+#define OBJ_id_pe ossl_OBJ_id_pe -+#endif -+ -+#ifdef ossl_SN_id_ad -+#define SN_id_ad ossl_SN_id_ad -+#endif -+#ifdef ossl_NID_id_ad -+#define NID_id_ad ossl_NID_id_ad -+#endif -+#ifdef ossl_OBJ_id_ad -+#define OBJ_id_ad ossl_OBJ_id_ad -+#endif -+ -+#ifdef ossl_SN_info_access -+#define SN_info_access ossl_SN_info_access -+#endif -+#ifdef ossl_LN_info_access -+#define LN_info_access ossl_LN_info_access -+#endif -+#ifdef ossl_NID_info_access -+#define NID_info_access ossl_NID_info_access -+#endif -+#ifdef ossl_OBJ_info_access -+#define OBJ_info_access ossl_OBJ_info_access -+#endif -+ -+#ifdef ossl_SN_ad_OCSP -+#define SN_ad_OCSP ossl_SN_ad_OCSP -+#endif -+#ifdef ossl_LN_ad_OCSP -+#define LN_ad_OCSP ossl_LN_ad_OCSP -+#endif -+#ifdef ossl_NID_ad_OCSP -+#define NID_ad_OCSP ossl_NID_ad_OCSP -+#endif -+#ifdef ossl_OBJ_ad_OCSP -+#define OBJ_ad_OCSP ossl_OBJ_ad_OCSP -+#endif -+ -+#ifdef ossl_SN_ad_ca_issuers -+#define SN_ad_ca_issuers ossl_SN_ad_ca_issuers -+#endif -+#ifdef ossl_LN_ad_ca_issuers -+#define LN_ad_ca_issuers ossl_LN_ad_ca_issuers -+#endif -+#ifdef ossl_NID_ad_ca_issuers -+#define NID_ad_ca_issuers ossl_NID_ad_ca_issuers -+#endif -+#ifdef ossl_OBJ_ad_ca_issuers -+#define OBJ_ad_ca_issuers ossl_OBJ_ad_ca_issuers -+#endif -+ -+#ifdef ossl_SN_OCSP_sign -+#define SN_OCSP_sign ossl_SN_OCSP_sign -+#endif -+#ifdef ossl_LN_OCSP_sign -+#define LN_OCSP_sign ossl_LN_OCSP_sign -+#endif -+#ifdef ossl_NID_OCSP_sign -+#define NID_OCSP_sign ossl_NID_OCSP_sign -+#endif -+#ifdef ossl_OBJ_OCSP_sign -+#define OBJ_OCSP_sign ossl_OBJ_OCSP_sign -+#endif -+ -+#ifdef ossl_SN_iso -+#define SN_iso ossl_SN_iso -+#endif -+#ifdef ossl_LN_iso -+#define LN_iso ossl_LN_iso -+#endif -+#ifdef ossl_NID_iso -+#define NID_iso ossl_NID_iso -+#endif -+#ifdef ossl_OBJ_iso -+#define OBJ_iso ossl_OBJ_iso -+#endif -+ -+#ifdef ossl_SN_member_body -+#define SN_member_body ossl_SN_member_body -+#endif -+#ifdef ossl_LN_member_body -+#define LN_member_body ossl_LN_member_body -+#endif -+#ifdef ossl_NID_member_body -+#define NID_member_body ossl_NID_member_body -+#endif -+#ifdef ossl_OBJ_member_body -+#define OBJ_member_body ossl_OBJ_member_body -+#endif -+ -+#ifdef ossl_SN_ISO_US -+#define SN_ISO_US ossl_SN_ISO_US -+#endif -+#ifdef ossl_LN_ISO_US -+#define LN_ISO_US ossl_LN_ISO_US -+#endif -+#ifdef ossl_NID_ISO_US -+#define NID_ISO_US ossl_NID_ISO_US -+#endif -+#ifdef ossl_OBJ_ISO_US -+#define OBJ_ISO_US ossl_OBJ_ISO_US -+#endif -+ -+#ifdef ossl_SN_X9_57 -+#define SN_X9_57 ossl_SN_X9_57 -+#endif -+#ifdef ossl_LN_X9_57 -+#define LN_X9_57 ossl_LN_X9_57 -+#endif -+#ifdef ossl_NID_X9_57 -+#define NID_X9_57 ossl_NID_X9_57 -+#endif -+#ifdef ossl_OBJ_X9_57 -+#define OBJ_X9_57 ossl_OBJ_X9_57 -+#endif -+ -+#ifdef ossl_SN_X9cm -+#define SN_X9cm ossl_SN_X9cm -+#endif -+#ifdef ossl_LN_X9cm -+#define LN_X9cm ossl_LN_X9cm -+#endif -+#ifdef ossl_NID_X9cm -+#define NID_X9cm ossl_NID_X9cm -+#endif -+#ifdef ossl_OBJ_X9cm -+#define OBJ_X9cm ossl_OBJ_X9cm -+#endif -+ -+#ifdef ossl_SN_pkcs1 -+#define SN_pkcs1 ossl_SN_pkcs1 -+#endif -+#ifdef ossl_NID_pkcs1 -+#define NID_pkcs1 ossl_NID_pkcs1 -+#endif -+#ifdef ossl_OBJ_pkcs1 -+#define OBJ_pkcs1 ossl_OBJ_pkcs1 -+#endif -+ -+#ifdef ossl_SN_pkcs5 -+#define SN_pkcs5 ossl_SN_pkcs5 -+#endif -+#ifdef ossl_NID_pkcs5 -+#define NID_pkcs5 ossl_NID_pkcs5 -+#endif -+#ifdef ossl_OBJ_pkcs5 -+#define OBJ_pkcs5 ossl_OBJ_pkcs5 -+#endif -+ -+#ifdef ossl_SN_SMIME -+#define SN_SMIME ossl_SN_SMIME -+#endif -+#ifdef ossl_LN_SMIME -+#define LN_SMIME ossl_LN_SMIME -+#endif -+#ifdef ossl_NID_SMIME -+#define NID_SMIME ossl_NID_SMIME -+#endif -+#ifdef ossl_OBJ_SMIME -+#define OBJ_SMIME ossl_OBJ_SMIME -+#endif -+ -+#ifdef ossl_SN_id_smime_mod -+#define SN_id_smime_mod ossl_SN_id_smime_mod -+#endif -+#ifdef ossl_NID_id_smime_mod -+#define NID_id_smime_mod ossl_NID_id_smime_mod -+#endif -+#ifdef ossl_OBJ_id_smime_mod -+#define OBJ_id_smime_mod ossl_OBJ_id_smime_mod -+#endif -+ -+#ifdef ossl_SN_id_smime_ct -+#define SN_id_smime_ct ossl_SN_id_smime_ct -+#endif -+#ifdef ossl_NID_id_smime_ct -+#define NID_id_smime_ct ossl_NID_id_smime_ct -+#endif -+#ifdef ossl_OBJ_id_smime_ct -+#define OBJ_id_smime_ct ossl_OBJ_id_smime_ct -+#endif -+ -+#ifdef ossl_SN_id_smime_aa -+#define SN_id_smime_aa ossl_SN_id_smime_aa -+#endif -+#ifdef ossl_NID_id_smime_aa -+#define NID_id_smime_aa ossl_NID_id_smime_aa -+#endif -+#ifdef ossl_OBJ_id_smime_aa -+#define OBJ_id_smime_aa ossl_OBJ_id_smime_aa -+#endif -+ -+#ifdef ossl_SN_id_smime_alg -+#define SN_id_smime_alg ossl_SN_id_smime_alg -+#endif -+#ifdef ossl_NID_id_smime_alg -+#define NID_id_smime_alg ossl_NID_id_smime_alg -+#endif -+#ifdef ossl_OBJ_id_smime_alg -+#define OBJ_id_smime_alg ossl_OBJ_id_smime_alg -+#endif -+ -+#ifdef ossl_SN_id_smime_cd -+#define SN_id_smime_cd ossl_SN_id_smime_cd -+#endif -+#ifdef ossl_NID_id_smime_cd -+#define NID_id_smime_cd ossl_NID_id_smime_cd -+#endif -+#ifdef ossl_OBJ_id_smime_cd -+#define OBJ_id_smime_cd ossl_OBJ_id_smime_cd -+#endif -+ -+#ifdef ossl_SN_id_smime_spq -+#define SN_id_smime_spq ossl_SN_id_smime_spq -+#endif -+#ifdef ossl_NID_id_smime_spq -+#define NID_id_smime_spq ossl_NID_id_smime_spq -+#endif -+#ifdef ossl_OBJ_id_smime_spq -+#define OBJ_id_smime_spq ossl_OBJ_id_smime_spq -+#endif -+ -+#ifdef ossl_SN_id_smime_cti -+#define SN_id_smime_cti ossl_SN_id_smime_cti -+#endif -+#ifdef ossl_NID_id_smime_cti -+#define NID_id_smime_cti ossl_NID_id_smime_cti -+#endif -+#ifdef ossl_OBJ_id_smime_cti -+#define OBJ_id_smime_cti ossl_OBJ_id_smime_cti -+#endif -+ -+#ifdef ossl_SN_id_smime_mod_cms -+#define SN_id_smime_mod_cms ossl_SN_id_smime_mod_cms -+#endif -+#ifdef ossl_NID_id_smime_mod_cms -+#define NID_id_smime_mod_cms ossl_NID_id_smime_mod_cms -+#endif -+#ifdef ossl_OBJ_id_smime_mod_cms -+#define OBJ_id_smime_mod_cms ossl_OBJ_id_smime_mod_cms -+#endif -+ -+#ifdef ossl_SN_id_smime_mod_ess -+#define SN_id_smime_mod_ess ossl_SN_id_smime_mod_ess -+#endif -+#ifdef ossl_NID_id_smime_mod_ess -+#define NID_id_smime_mod_ess ossl_NID_id_smime_mod_ess -+#endif -+#ifdef ossl_OBJ_id_smime_mod_ess -+#define OBJ_id_smime_mod_ess ossl_OBJ_id_smime_mod_ess -+#endif -+ -+#ifdef ossl_SN_id_smime_mod_oid -+#define SN_id_smime_mod_oid ossl_SN_id_smime_mod_oid -+#endif -+#ifdef ossl_NID_id_smime_mod_oid -+#define NID_id_smime_mod_oid ossl_NID_id_smime_mod_oid -+#endif -+#ifdef ossl_OBJ_id_smime_mod_oid -+#define OBJ_id_smime_mod_oid ossl_OBJ_id_smime_mod_oid -+#endif -+ -+#ifdef ossl_SN_id_smime_mod_msg_v3 -+#define SN_id_smime_mod_msg_v3 ossl_SN_id_smime_mod_msg_v3 -+#endif -+#ifdef ossl_NID_id_smime_mod_msg_v3 -+#define NID_id_smime_mod_msg_v3 ossl_NID_id_smime_mod_msg_v3 -+#endif -+#ifdef ossl_OBJ_id_smime_mod_msg_v3 -+#define OBJ_id_smime_mod_msg_v3 ossl_OBJ_id_smime_mod_msg_v3 -+#endif -+ -+#ifdef ossl_SN_id_smime_mod_ets_eSignature_88 -+#define SN_id_smime_mod_ets_eSignature_88 ossl_SN_id_smime_mod_ets_eSignature_88 -+#endif -+#ifdef ossl_NID_id_smime_mod_ets_eSignature_88 -+#define NID_id_smime_mod_ets_eSignature_88 ossl_NID_id_smime_mod_ets_eSignature_88 -+#endif -+#ifdef ossl_OBJ_id_smime_mod_ets_eSignature_88 -+#define OBJ_id_smime_mod_ets_eSignature_88 ossl_OBJ_id_smime_mod_ets_eSignature_88 -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_mod_ets_eSignature_97 -+#define SN_id_smime_mod_ets_eSignature_97 ossl_SN_id_smime_mod_ets_eSignature_97 -+#endif -+#ifdef ossl_NID_id_smime_mod_ets_eSignature_97 -+#define NID_id_smime_mod_ets_eSignature_97 ossl_NID_id_smime_mod_ets_eSignature_97 -+#endif -+#ifdef ossl_OBJ_id_smime_mod_ets_eSignature_97 -+#define OBJ_id_smime_mod_ets_eSignature_97 ossl_OBJ_id_smime_mod_ets_eSignature_97 -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_mod_ets_eSigPolicy_88 -+#define SN_id_smime_mod_ets_eSigPolicy_88 ossl_SN_id_smime_mod_ets_eSigPolicy_88 -+#endif -+#ifdef ossl_NID_id_smime_mod_ets_eSigPolicy_88 -+#define NID_id_smime_mod_ets_eSigPolicy_88 ossl_NID_id_smime_mod_ets_eSigPolicy_88 -+#endif -+#ifdef ossl_OBJ_id_smime_mod_ets_eSigPolicy_88 -+#define OBJ_id_smime_mod_ets_eSigPolicy_88 ossl_OBJ_id_smime_mod_ets_eSigPolicy_88 -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_mod_ets_eSigPolicy_97 -+#define SN_id_smime_mod_ets_eSigPolicy_97 ossl_SN_id_smime_mod_ets_eSigPolicy_97 -+#endif -+#ifdef ossl_NID_id_smime_mod_ets_eSigPolicy_97 -+#define NID_id_smime_mod_ets_eSigPolicy_97 ossl_NID_id_smime_mod_ets_eSigPolicy_97 -+#endif -+#ifdef ossl_OBJ_id_smime_mod_ets_eSigPolicy_97 -+#define OBJ_id_smime_mod_ets_eSigPolicy_97 ossl_OBJ_id_smime_mod_ets_eSigPolicy_97 -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_ct_receipt -+#define SN_id_smime_ct_receipt ossl_SN_id_smime_ct_receipt -+#endif -+#ifdef ossl_NID_id_smime_ct_receipt -+#define NID_id_smime_ct_receipt ossl_NID_id_smime_ct_receipt -+#endif -+#ifdef ossl_OBJ_id_smime_ct_receipt -+#define OBJ_id_smime_ct_receipt ossl_OBJ_id_smime_ct_receipt -+#endif -+ -+#ifdef ossl_SN_id_smime_ct_authData -+#define SN_id_smime_ct_authData ossl_SN_id_smime_ct_authData -+#endif -+#ifdef ossl_NID_id_smime_ct_authData -+#define NID_id_smime_ct_authData ossl_NID_id_smime_ct_authData -+#endif -+#ifdef ossl_OBJ_id_smime_ct_authData -+#define OBJ_id_smime_ct_authData ossl_OBJ_id_smime_ct_authData -+#endif -+ -+#ifdef ossl_SN_id_smime_ct_publishCert -+#define SN_id_smime_ct_publishCert ossl_SN_id_smime_ct_publishCert -+#endif -+#ifdef ossl_NID_id_smime_ct_publishCert -+#define NID_id_smime_ct_publishCert ossl_NID_id_smime_ct_publishCert -+#endif -+#ifdef ossl_OBJ_id_smime_ct_publishCert -+#define OBJ_id_smime_ct_publishCert ossl_OBJ_id_smime_ct_publishCert -+#endif -+ -+#ifdef ossl_SN_id_smime_ct_TSTInfo -+#define SN_id_smime_ct_TSTInfo ossl_SN_id_smime_ct_TSTInfo -+#endif -+#ifdef ossl_NID_id_smime_ct_TSTInfo -+#define NID_id_smime_ct_TSTInfo ossl_NID_id_smime_ct_TSTInfo -+#endif -+#ifdef ossl_OBJ_id_smime_ct_TSTInfo -+#define OBJ_id_smime_ct_TSTInfo ossl_OBJ_id_smime_ct_TSTInfo -+#endif -+ -+#ifdef ossl_SN_id_smime_ct_TDTInfo -+#define SN_id_smime_ct_TDTInfo ossl_SN_id_smime_ct_TDTInfo -+#endif -+#ifdef ossl_NID_id_smime_ct_TDTInfo -+#define NID_id_smime_ct_TDTInfo ossl_NID_id_smime_ct_TDTInfo -+#endif -+#ifdef ossl_OBJ_id_smime_ct_TDTInfo -+#define OBJ_id_smime_ct_TDTInfo ossl_OBJ_id_smime_ct_TDTInfo -+#endif -+ -+#ifdef ossl_SN_id_smime_ct_contentInfo -+#define SN_id_smime_ct_contentInfo ossl_SN_id_smime_ct_contentInfo -+#endif -+#ifdef ossl_NID_id_smime_ct_contentInfo -+#define NID_id_smime_ct_contentInfo ossl_NID_id_smime_ct_contentInfo -+#endif -+#ifdef ossl_OBJ_id_smime_ct_contentInfo -+#define OBJ_id_smime_ct_contentInfo ossl_OBJ_id_smime_ct_contentInfo -+#endif -+ -+#ifdef ossl_SN_id_smime_ct_DVCSRequestData -+#define SN_id_smime_ct_DVCSRequestData ossl_SN_id_smime_ct_DVCSRequestData -+#endif -+#ifdef ossl_NID_id_smime_ct_DVCSRequestData -+#define NID_id_smime_ct_DVCSRequestData ossl_NID_id_smime_ct_DVCSRequestData -+#endif -+#ifdef ossl_OBJ_id_smime_ct_DVCSRequestData -+#define OBJ_id_smime_ct_DVCSRequestData ossl_OBJ_id_smime_ct_DVCSRequestData -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_ct_DVCSResponseData -+#define SN_id_smime_ct_DVCSResponseData ossl_SN_id_smime_ct_DVCSResponseData -+#endif -+#ifdef ossl_NID_id_smime_ct_DVCSResponseData -+#define NID_id_smime_ct_DVCSResponseData ossl_NID_id_smime_ct_DVCSResponseData -+#endif -+#ifdef ossl_OBJ_id_smime_ct_DVCSResponseData -+#define OBJ_id_smime_ct_DVCSResponseData ossl_OBJ_id_smime_ct_DVCSResponseData -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_receiptRequest -+#define SN_id_smime_aa_receiptRequest ossl_SN_id_smime_aa_receiptRequest -+#endif -+#ifdef ossl_NID_id_smime_aa_receiptRequest -+#define NID_id_smime_aa_receiptRequest ossl_NID_id_smime_aa_receiptRequest -+#endif -+#ifdef ossl_OBJ_id_smime_aa_receiptRequest -+#define OBJ_id_smime_aa_receiptRequest ossl_OBJ_id_smime_aa_receiptRequest -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_securityLabel -+#define SN_id_smime_aa_securityLabel ossl_SN_id_smime_aa_securityLabel -+#endif -+#ifdef ossl_NID_id_smime_aa_securityLabel -+#define NID_id_smime_aa_securityLabel ossl_NID_id_smime_aa_securityLabel -+#endif -+#ifdef ossl_OBJ_id_smime_aa_securityLabel -+#define OBJ_id_smime_aa_securityLabel ossl_OBJ_id_smime_aa_securityLabel -+#endif -+ -+#ifdef ossl_SN_id_smime_aa_mlExpandHistory -+#define SN_id_smime_aa_mlExpandHistory ossl_SN_id_smime_aa_mlExpandHistory -+#endif -+#ifdef ossl_NID_id_smime_aa_mlExpandHistory -+#define NID_id_smime_aa_mlExpandHistory ossl_NID_id_smime_aa_mlExpandHistory -+#endif -+#ifdef ossl_OBJ_id_smime_aa_mlExpandHistory -+#define OBJ_id_smime_aa_mlExpandHistory ossl_OBJ_id_smime_aa_mlExpandHistory -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_contentHint -+#define SN_id_smime_aa_contentHint ossl_SN_id_smime_aa_contentHint -+#endif -+#ifdef ossl_NID_id_smime_aa_contentHint -+#define NID_id_smime_aa_contentHint ossl_NID_id_smime_aa_contentHint -+#endif -+#ifdef ossl_OBJ_id_smime_aa_contentHint -+#define OBJ_id_smime_aa_contentHint ossl_OBJ_id_smime_aa_contentHint -+#endif -+ -+#ifdef ossl_SN_id_smime_aa_msgSigDigest -+#define SN_id_smime_aa_msgSigDigest ossl_SN_id_smime_aa_msgSigDigest -+#endif -+#ifdef ossl_NID_id_smime_aa_msgSigDigest -+#define NID_id_smime_aa_msgSigDigest ossl_NID_id_smime_aa_msgSigDigest -+#endif -+#ifdef ossl_OBJ_id_smime_aa_msgSigDigest -+#define OBJ_id_smime_aa_msgSigDigest ossl_OBJ_id_smime_aa_msgSigDigest -+#endif -+ -+#ifdef ossl_SN_id_smime_aa_encapContentType -+#define SN_id_smime_aa_encapContentType ossl_SN_id_smime_aa_encapContentType -+#endif -+#ifdef ossl_NID_id_smime_aa_encapContentType -+#define NID_id_smime_aa_encapContentType ossl_NID_id_smime_aa_encapContentType -+#endif -+#ifdef ossl_OBJ_id_smime_aa_encapContentType -+#define OBJ_id_smime_aa_encapContentType ossl_OBJ_id_smime_aa_encapContentType -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_contentIdentifier -+#define SN_id_smime_aa_contentIdentifier ossl_SN_id_smime_aa_contentIdentifier -+#endif -+#ifdef ossl_NID_id_smime_aa_contentIdentifier -+#define NID_id_smime_aa_contentIdentifier ossl_NID_id_smime_aa_contentIdentifier -+#endif -+#ifdef ossl_OBJ_id_smime_aa_contentIdentifier -+#define OBJ_id_smime_aa_contentIdentifier ossl_OBJ_id_smime_aa_contentIdentifier -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_macValue -+#define SN_id_smime_aa_macValue ossl_SN_id_smime_aa_macValue -+#endif -+#ifdef ossl_NID_id_smime_aa_macValue -+#define NID_id_smime_aa_macValue ossl_NID_id_smime_aa_macValue -+#endif -+#ifdef ossl_OBJ_id_smime_aa_macValue -+#define OBJ_id_smime_aa_macValue ossl_OBJ_id_smime_aa_macValue -+#endif -+ -+#ifdef ossl_SN_id_smime_aa_equivalentLabels -+#define SN_id_smime_aa_equivalentLabels ossl_SN_id_smime_aa_equivalentLabels -+#endif -+#ifdef ossl_NID_id_smime_aa_equivalentLabels -+#define NID_id_smime_aa_equivalentLabels ossl_NID_id_smime_aa_equivalentLabels -+#endif -+#ifdef ossl_OBJ_id_smime_aa_equivalentLabels -+#define OBJ_id_smime_aa_equivalentLabels ossl_OBJ_id_smime_aa_equivalentLabels -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_contentReference -+#define SN_id_smime_aa_contentReference ossl_SN_id_smime_aa_contentReference -+#endif -+#ifdef ossl_NID_id_smime_aa_contentReference -+#define NID_id_smime_aa_contentReference ossl_NID_id_smime_aa_contentReference -+#endif -+#ifdef ossl_OBJ_id_smime_aa_contentReference -+#define OBJ_id_smime_aa_contentReference ossl_OBJ_id_smime_aa_contentReference -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_encrypKeyPref -+#define SN_id_smime_aa_encrypKeyPref ossl_SN_id_smime_aa_encrypKeyPref -+#endif -+#ifdef ossl_NID_id_smime_aa_encrypKeyPref -+#define NID_id_smime_aa_encrypKeyPref ossl_NID_id_smime_aa_encrypKeyPref -+#endif -+#ifdef ossl_OBJ_id_smime_aa_encrypKeyPref -+#define OBJ_id_smime_aa_encrypKeyPref ossl_OBJ_id_smime_aa_encrypKeyPref -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_signingCertificate -+#define SN_id_smime_aa_signingCertificate ossl_SN_id_smime_aa_signingCertificate -+#endif -+#ifdef ossl_NID_id_smime_aa_signingCertificate -+#define NID_id_smime_aa_signingCertificate ossl_NID_id_smime_aa_signingCertificate -+#endif -+#ifdef ossl_OBJ_id_smime_aa_signingCertificate -+#define OBJ_id_smime_aa_signingCertificate ossl_OBJ_id_smime_aa_signingCertificate -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_smimeEncryptCerts -+#define SN_id_smime_aa_smimeEncryptCerts ossl_SN_id_smime_aa_smimeEncryptCerts -+#endif -+#ifdef ossl_NID_id_smime_aa_smimeEncryptCerts -+#define NID_id_smime_aa_smimeEncryptCerts ossl_NID_id_smime_aa_smimeEncryptCerts -+#endif -+#ifdef ossl_OBJ_id_smime_aa_smimeEncryptCerts -+#define OBJ_id_smime_aa_smimeEncryptCerts ossl_OBJ_id_smime_aa_smimeEncryptCerts -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_timeStampToken -+#define SN_id_smime_aa_timeStampToken ossl_SN_id_smime_aa_timeStampToken -+#endif -+#ifdef ossl_NID_id_smime_aa_timeStampToken -+#define NID_id_smime_aa_timeStampToken ossl_NID_id_smime_aa_timeStampToken -+#endif -+#ifdef ossl_OBJ_id_smime_aa_timeStampToken -+#define OBJ_id_smime_aa_timeStampToken ossl_OBJ_id_smime_aa_timeStampToken -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_ets_sigPolicyId -+#define SN_id_smime_aa_ets_sigPolicyId ossl_SN_id_smime_aa_ets_sigPolicyId -+#endif -+#ifdef ossl_NID_id_smime_aa_ets_sigPolicyId -+#define NID_id_smime_aa_ets_sigPolicyId ossl_NID_id_smime_aa_ets_sigPolicyId -+#endif -+#ifdef ossl_OBJ_id_smime_aa_ets_sigPolicyId -+#define OBJ_id_smime_aa_ets_sigPolicyId ossl_OBJ_id_smime_aa_ets_sigPolicyId -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_ets_commitmentType -+#define SN_id_smime_aa_ets_commitmentType ossl_SN_id_smime_aa_ets_commitmentType -+#endif -+#ifdef ossl_NID_id_smime_aa_ets_commitmentType -+#define NID_id_smime_aa_ets_commitmentType ossl_NID_id_smime_aa_ets_commitmentType -+#endif -+#ifdef ossl_OBJ_id_smime_aa_ets_commitmentType -+#define OBJ_id_smime_aa_ets_commitmentType ossl_OBJ_id_smime_aa_ets_commitmentType -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_ets_signerLocation -+#define SN_id_smime_aa_ets_signerLocation ossl_SN_id_smime_aa_ets_signerLocation -+#endif -+#ifdef ossl_NID_id_smime_aa_ets_signerLocation -+#define NID_id_smime_aa_ets_signerLocation ossl_NID_id_smime_aa_ets_signerLocation -+#endif -+#ifdef ossl_OBJ_id_smime_aa_ets_signerLocation -+#define OBJ_id_smime_aa_ets_signerLocation ossl_OBJ_id_smime_aa_ets_signerLocation -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_ets_signerAttr -+#define SN_id_smime_aa_ets_signerAttr ossl_SN_id_smime_aa_ets_signerAttr -+#endif -+#ifdef ossl_NID_id_smime_aa_ets_signerAttr -+#define NID_id_smime_aa_ets_signerAttr ossl_NID_id_smime_aa_ets_signerAttr -+#endif -+#ifdef ossl_OBJ_id_smime_aa_ets_signerAttr -+#define OBJ_id_smime_aa_ets_signerAttr ossl_OBJ_id_smime_aa_ets_signerAttr -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_ets_otherSigCert -+#define SN_id_smime_aa_ets_otherSigCert ossl_SN_id_smime_aa_ets_otherSigCert -+#endif -+#ifdef ossl_NID_id_smime_aa_ets_otherSigCert -+#define NID_id_smime_aa_ets_otherSigCert ossl_NID_id_smime_aa_ets_otherSigCert -+#endif -+#ifdef ossl_OBJ_id_smime_aa_ets_otherSigCert -+#define OBJ_id_smime_aa_ets_otherSigCert ossl_OBJ_id_smime_aa_ets_otherSigCert -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_ets_contentTimestamp -+#define SN_id_smime_aa_ets_contentTimestamp ossl_SN_id_smime_aa_ets_contentTimestamp -+#endif -+#ifdef ossl_NID_id_smime_aa_ets_contentTimestamp -+#define NID_id_smime_aa_ets_contentTimestamp ossl_NID_id_smime_aa_ets_contentTimestamp -+#endif -+#ifdef ossl_OBJ_id_smime_aa_ets_contentTimestamp -+#define OBJ_id_smime_aa_ets_contentTimestamp ossl_OBJ_id_smime_aa_ets_contentTimestamp -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_ets_CertificateRefs -+#define SN_id_smime_aa_ets_CertificateRefs ossl_SN_id_smime_aa_ets_CertificateRefs -+#endif -+#ifdef ossl_NID_id_smime_aa_ets_CertificateRefs -+#define NID_id_smime_aa_ets_CertificateRefs ossl_NID_id_smime_aa_ets_CertificateRefs -+#endif -+#ifdef ossl_OBJ_id_smime_aa_ets_CertificateRefs -+#define OBJ_id_smime_aa_ets_CertificateRefs ossl_OBJ_id_smime_aa_ets_CertificateRefs -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_ets_RevocationRefs -+#define SN_id_smime_aa_ets_RevocationRefs ossl_SN_id_smime_aa_ets_RevocationRefs -+#endif -+#ifdef ossl_NID_id_smime_aa_ets_RevocationRefs -+#define NID_id_smime_aa_ets_RevocationRefs ossl_NID_id_smime_aa_ets_RevocationRefs -+#endif -+#ifdef ossl_OBJ_id_smime_aa_ets_RevocationRefs -+#define OBJ_id_smime_aa_ets_RevocationRefs ossl_OBJ_id_smime_aa_ets_RevocationRefs -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_ets_certValues -+#define SN_id_smime_aa_ets_certValues ossl_SN_id_smime_aa_ets_certValues -+#endif -+#ifdef ossl_NID_id_smime_aa_ets_certValues -+#define NID_id_smime_aa_ets_certValues ossl_NID_id_smime_aa_ets_certValues -+#endif -+#ifdef ossl_OBJ_id_smime_aa_ets_certValues -+#define OBJ_id_smime_aa_ets_certValues ossl_OBJ_id_smime_aa_ets_certValues -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_ets_revocationValues -+#define SN_id_smime_aa_ets_revocationValues ossl_SN_id_smime_aa_ets_revocationValues -+#endif -+#ifdef ossl_NID_id_smime_aa_ets_revocationValues -+#define NID_id_smime_aa_ets_revocationValues ossl_NID_id_smime_aa_ets_revocationValues -+#endif -+#ifdef ossl_OBJ_id_smime_aa_ets_revocationValues -+#define OBJ_id_smime_aa_ets_revocationValues ossl_OBJ_id_smime_aa_ets_revocationValues -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_ets_escTimeStamp -+#define SN_id_smime_aa_ets_escTimeStamp ossl_SN_id_smime_aa_ets_escTimeStamp -+#endif -+#ifdef ossl_NID_id_smime_aa_ets_escTimeStamp -+#define NID_id_smime_aa_ets_escTimeStamp ossl_NID_id_smime_aa_ets_escTimeStamp -+#endif -+#ifdef ossl_OBJ_id_smime_aa_ets_escTimeStamp -+#define OBJ_id_smime_aa_ets_escTimeStamp ossl_OBJ_id_smime_aa_ets_escTimeStamp -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_ets_certCRLTimestamp -+#define SN_id_smime_aa_ets_certCRLTimestamp ossl_SN_id_smime_aa_ets_certCRLTimestamp -+#endif -+#ifdef ossl_NID_id_smime_aa_ets_certCRLTimestamp -+#define NID_id_smime_aa_ets_certCRLTimestamp ossl_NID_id_smime_aa_ets_certCRLTimestamp -+#endif -+#ifdef ossl_OBJ_id_smime_aa_ets_certCRLTimestamp -+#define OBJ_id_smime_aa_ets_certCRLTimestamp ossl_OBJ_id_smime_aa_ets_certCRLTimestamp -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_ets_archiveTimeStamp -+#define SN_id_smime_aa_ets_archiveTimeStamp ossl_SN_id_smime_aa_ets_archiveTimeStamp -+#endif -+#ifdef ossl_NID_id_smime_aa_ets_archiveTimeStamp -+#define NID_id_smime_aa_ets_archiveTimeStamp ossl_NID_id_smime_aa_ets_archiveTimeStamp -+#endif -+#ifdef ossl_OBJ_id_smime_aa_ets_archiveTimeStamp -+#define OBJ_id_smime_aa_ets_archiveTimeStamp ossl_OBJ_id_smime_aa_ets_archiveTimeStamp -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_signatureType -+#define SN_id_smime_aa_signatureType ossl_SN_id_smime_aa_signatureType -+#endif -+#ifdef ossl_NID_id_smime_aa_signatureType -+#define NID_id_smime_aa_signatureType ossl_NID_id_smime_aa_signatureType -+#endif -+#ifdef ossl_OBJ_id_smime_aa_signatureType -+#define OBJ_id_smime_aa_signatureType ossl_OBJ_id_smime_aa_signatureType -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_aa_dvcs_dvc -+#define SN_id_smime_aa_dvcs_dvc ossl_SN_id_smime_aa_dvcs_dvc -+#endif -+#ifdef ossl_NID_id_smime_aa_dvcs_dvc -+#define NID_id_smime_aa_dvcs_dvc ossl_NID_id_smime_aa_dvcs_dvc -+#endif -+#ifdef ossl_OBJ_id_smime_aa_dvcs_dvc -+#define OBJ_id_smime_aa_dvcs_dvc ossl_OBJ_id_smime_aa_dvcs_dvc -+#endif -+ -+#ifdef ossl_SN_id_smime_alg_ESDHwith3DES -+#define SN_id_smime_alg_ESDHwith3DES ossl_SN_id_smime_alg_ESDHwith3DES -+#endif -+#ifdef ossl_NID_id_smime_alg_ESDHwith3DES -+#define NID_id_smime_alg_ESDHwith3DES ossl_NID_id_smime_alg_ESDHwith3DES -+#endif -+#ifdef ossl_OBJ_id_smime_alg_ESDHwith3DES -+#define OBJ_id_smime_alg_ESDHwith3DES ossl_OBJ_id_smime_alg_ESDHwith3DES -+#endif -+ -+#ifdef ossl_SN_id_smime_alg_ESDHwithRC2 -+#define SN_id_smime_alg_ESDHwithRC2 ossl_SN_id_smime_alg_ESDHwithRC2 -+#endif -+#ifdef ossl_NID_id_smime_alg_ESDHwithRC2 -+#define NID_id_smime_alg_ESDHwithRC2 ossl_NID_id_smime_alg_ESDHwithRC2 -+#endif -+#ifdef ossl_OBJ_id_smime_alg_ESDHwithRC2 -+#define OBJ_id_smime_alg_ESDHwithRC2 ossl_OBJ_id_smime_alg_ESDHwithRC2 -+#endif -+ -+#ifdef ossl_SN_id_smime_alg_3DESwrap -+#define SN_id_smime_alg_3DESwrap ossl_SN_id_smime_alg_3DESwrap -+#endif -+#ifdef ossl_NID_id_smime_alg_3DESwrap -+#define NID_id_smime_alg_3DESwrap ossl_NID_id_smime_alg_3DESwrap -+#endif -+#ifdef ossl_OBJ_id_smime_alg_3DESwrap -+#define OBJ_id_smime_alg_3DESwrap ossl_OBJ_id_smime_alg_3DESwrap -+#endif -+ -+#ifdef ossl_SN_id_smime_alg_RC2wrap -+#define SN_id_smime_alg_RC2wrap ossl_SN_id_smime_alg_RC2wrap -+#endif -+#ifdef ossl_NID_id_smime_alg_RC2wrap -+#define NID_id_smime_alg_RC2wrap ossl_NID_id_smime_alg_RC2wrap -+#endif -+#ifdef ossl_OBJ_id_smime_alg_RC2wrap -+#define OBJ_id_smime_alg_RC2wrap ossl_OBJ_id_smime_alg_RC2wrap -+#endif -+ -+#ifdef ossl_SN_id_smime_alg_ESDH -+#define SN_id_smime_alg_ESDH ossl_SN_id_smime_alg_ESDH -+#endif -+#ifdef ossl_NID_id_smime_alg_ESDH -+#define NID_id_smime_alg_ESDH ossl_NID_id_smime_alg_ESDH -+#endif -+#ifdef ossl_OBJ_id_smime_alg_ESDH -+#define OBJ_id_smime_alg_ESDH ossl_OBJ_id_smime_alg_ESDH -+#endif -+ -+#ifdef ossl_SN_id_smime_alg_CMS3DESwrap -+#define SN_id_smime_alg_CMS3DESwrap ossl_SN_id_smime_alg_CMS3DESwrap -+#endif -+#ifdef ossl_NID_id_smime_alg_CMS3DESwrap -+#define NID_id_smime_alg_CMS3DESwrap ossl_NID_id_smime_alg_CMS3DESwrap -+#endif -+#ifdef ossl_OBJ_id_smime_alg_CMS3DESwrap -+#define OBJ_id_smime_alg_CMS3DESwrap ossl_OBJ_id_smime_alg_CMS3DESwrap -+#endif -+ -+#ifdef ossl_SN_id_smime_alg_CMSRC2wrap -+#define SN_id_smime_alg_CMSRC2wrap ossl_SN_id_smime_alg_CMSRC2wrap -+#endif -+#ifdef ossl_NID_id_smime_alg_CMSRC2wrap -+#define NID_id_smime_alg_CMSRC2wrap ossl_NID_id_smime_alg_CMSRC2wrap -+#endif -+#ifdef ossl_OBJ_id_smime_alg_CMSRC2wrap -+#define OBJ_id_smime_alg_CMSRC2wrap ossl_OBJ_id_smime_alg_CMSRC2wrap -+#endif -+ -+#ifdef ossl_SN_id_smime_cd_ldap -+#define SN_id_smime_cd_ldap ossl_SN_id_smime_cd_ldap -+#endif -+#ifdef ossl_NID_id_smime_cd_ldap -+#define NID_id_smime_cd_ldap ossl_NID_id_smime_cd_ldap -+#endif -+#ifdef ossl_OBJ_id_smime_cd_ldap -+#define OBJ_id_smime_cd_ldap ossl_OBJ_id_smime_cd_ldap -+#endif -+ -+#ifdef ossl_SN_id_smime_spq_ets_sqt_uri -+#define SN_id_smime_spq_ets_sqt_uri ossl_SN_id_smime_spq_ets_sqt_uri -+#endif -+#ifdef ossl_NID_id_smime_spq_ets_sqt_uri -+#define NID_id_smime_spq_ets_sqt_uri ossl_NID_id_smime_spq_ets_sqt_uri -+#endif -+#ifdef ossl_OBJ_id_smime_spq_ets_sqt_uri -+#define OBJ_id_smime_spq_ets_sqt_uri ossl_OBJ_id_smime_spq_ets_sqt_uri -+#endif -+ -+#ifdef ossl_SN_id_smime_spq_ets_sqt_unotice -+#define SN_id_smime_spq_ets_sqt_unotice ossl_SN_id_smime_spq_ets_sqt_unotice -+#endif -+#ifdef ossl_NID_id_smime_spq_ets_sqt_unotice -+#define NID_id_smime_spq_ets_sqt_unotice ossl_NID_id_smime_spq_ets_sqt_unotice -+#endif -+#ifdef ossl_OBJ_id_smime_spq_ets_sqt_unotice -+#define OBJ_id_smime_spq_ets_sqt_unotice ossl_OBJ_id_smime_spq_ets_sqt_unotice -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_cti_ets_proofOfOrigin -+#define SN_id_smime_cti_ets_proofOfOrigin ossl_SN_id_smime_cti_ets_proofOfOrigin -+#endif -+#ifdef ossl_NID_id_smime_cti_ets_proofOfOrigin -+#define NID_id_smime_cti_ets_proofOfOrigin ossl_NID_id_smime_cti_ets_proofOfOrigin -+#endif -+#ifdef ossl_OBJ_id_smime_cti_ets_proofOfOrigin -+#define OBJ_id_smime_cti_ets_proofOfOrigin ossl_OBJ_id_smime_cti_ets_proofOfOrigin -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_cti_ets_proofOfReceipt -+#define SN_id_smime_cti_ets_proofOfReceipt ossl_SN_id_smime_cti_ets_proofOfReceipt -+#endif -+#ifdef ossl_NID_id_smime_cti_ets_proofOfReceipt -+#define NID_id_smime_cti_ets_proofOfReceipt ossl_NID_id_smime_cti_ets_proofOfReceipt -+#endif -+#ifdef ossl_OBJ_id_smime_cti_ets_proofOfReceipt -+#define OBJ_id_smime_cti_ets_proofOfReceipt ossl_OBJ_id_smime_cti_ets_proofOfReceipt -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_cti_ets_proofOfDelivery -+#define SN_id_smime_cti_ets_proofOfDelivery ossl_SN_id_smime_cti_ets_proofOfDelivery -+#endif -+#ifdef ossl_NID_id_smime_cti_ets_proofOfDelivery -+#define NID_id_smime_cti_ets_proofOfDelivery ossl_NID_id_smime_cti_ets_proofOfDelivery -+#endif -+#ifdef ossl_OBJ_id_smime_cti_ets_proofOfDelivery -+#define OBJ_id_smime_cti_ets_proofOfDelivery ossl_OBJ_id_smime_cti_ets_proofOfDelivery -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_cti_ets_proofOfSender -+#define SN_id_smime_cti_ets_proofOfSender ossl_SN_id_smime_cti_ets_proofOfSender -+#endif -+#ifdef ossl_NID_id_smime_cti_ets_proofOfSender -+#define NID_id_smime_cti_ets_proofOfSender ossl_NID_id_smime_cti_ets_proofOfSender -+#endif -+#ifdef ossl_OBJ_id_smime_cti_ets_proofOfSender -+#define OBJ_id_smime_cti_ets_proofOfSender ossl_OBJ_id_smime_cti_ets_proofOfSender -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_cti_ets_proofOfApproval -+#define SN_id_smime_cti_ets_proofOfApproval ossl_SN_id_smime_cti_ets_proofOfApproval -+#endif -+#ifdef ossl_NID_id_smime_cti_ets_proofOfApproval -+#define NID_id_smime_cti_ets_proofOfApproval ossl_NID_id_smime_cti_ets_proofOfApproval -+#endif -+#ifdef ossl_OBJ_id_smime_cti_ets_proofOfApproval -+#define OBJ_id_smime_cti_ets_proofOfApproval ossl_OBJ_id_smime_cti_ets_proofOfApproval -+#endif -+ -+ -+#ifdef ossl_SN_id_smime_cti_ets_proofOfCreation -+#define SN_id_smime_cti_ets_proofOfCreation ossl_SN_id_smime_cti_ets_proofOfCreation -+#endif -+#ifdef ossl_NID_id_smime_cti_ets_proofOfCreation -+#define NID_id_smime_cti_ets_proofOfCreation ossl_NID_id_smime_cti_ets_proofOfCreation -+#endif -+#ifdef ossl_OBJ_id_smime_cti_ets_proofOfCreation -+#define OBJ_id_smime_cti_ets_proofOfCreation ossl_OBJ_id_smime_cti_ets_proofOfCreation -+#endif -+ -+ -+#ifdef ossl_SN_md4 -+#define SN_md4 ossl_SN_md4 -+#endif -+#ifdef ossl_LN_md4 -+#define LN_md4 ossl_LN_md4 -+#endif -+#ifdef ossl_NID_md4 -+#define NID_md4 ossl_NID_md4 -+#endif -+#ifdef ossl_OBJ_md4 -+#define OBJ_md4 ossl_OBJ_md4 -+#endif -+ -+#ifdef ossl_SN_id_pkix_mod -+#define SN_id_pkix_mod ossl_SN_id_pkix_mod -+#endif -+#ifdef ossl_NID_id_pkix_mod -+#define NID_id_pkix_mod ossl_NID_id_pkix_mod -+#endif -+#ifdef ossl_OBJ_id_pkix_mod -+#define OBJ_id_pkix_mod ossl_OBJ_id_pkix_mod -+#endif -+ -+#ifdef ossl_SN_id_qt -+#define SN_id_qt ossl_SN_id_qt -+#endif -+#ifdef ossl_NID_id_qt -+#define NID_id_qt ossl_NID_id_qt -+#endif -+#ifdef ossl_OBJ_id_qt -+#define OBJ_id_qt ossl_OBJ_id_qt -+#endif -+ -+#ifdef ossl_SN_id_it -+#define SN_id_it ossl_SN_id_it -+#endif -+#ifdef ossl_NID_id_it -+#define NID_id_it ossl_NID_id_it -+#endif -+#ifdef ossl_OBJ_id_it -+#define OBJ_id_it ossl_OBJ_id_it -+#endif -+ -+#ifdef ossl_SN_id_pkip -+#define SN_id_pkip ossl_SN_id_pkip -+#endif -+#ifdef ossl_NID_id_pkip -+#define NID_id_pkip ossl_NID_id_pkip -+#endif -+#ifdef ossl_OBJ_id_pkip -+#define OBJ_id_pkip ossl_OBJ_id_pkip -+#endif -+ -+#ifdef ossl_SN_id_alg -+#define SN_id_alg ossl_SN_id_alg -+#endif -+#ifdef ossl_NID_id_alg -+#define NID_id_alg ossl_NID_id_alg -+#endif -+#ifdef ossl_OBJ_id_alg -+#define OBJ_id_alg ossl_OBJ_id_alg -+#endif -+ -+#ifdef ossl_SN_id_cmc -+#define SN_id_cmc ossl_SN_id_cmc -+#endif -+#ifdef ossl_NID_id_cmc -+#define NID_id_cmc ossl_NID_id_cmc -+#endif -+#ifdef ossl_OBJ_id_cmc -+#define OBJ_id_cmc ossl_OBJ_id_cmc -+#endif -+ -+#ifdef ossl_SN_id_on -+#define SN_id_on ossl_SN_id_on -+#endif -+#ifdef ossl_NID_id_on -+#define NID_id_on ossl_NID_id_on -+#endif -+#ifdef ossl_OBJ_id_on -+#define OBJ_id_on ossl_OBJ_id_on -+#endif -+ -+#ifdef ossl_SN_id_pda -+#define SN_id_pda ossl_SN_id_pda -+#endif -+#ifdef ossl_NID_id_pda -+#define NID_id_pda ossl_NID_id_pda -+#endif -+#ifdef ossl_OBJ_id_pda -+#define OBJ_id_pda ossl_OBJ_id_pda -+#endif -+ -+#ifdef ossl_SN_id_aca -+#define SN_id_aca ossl_SN_id_aca -+#endif -+#ifdef ossl_NID_id_aca -+#define NID_id_aca ossl_NID_id_aca -+#endif -+#ifdef ossl_OBJ_id_aca -+#define OBJ_id_aca ossl_OBJ_id_aca -+#endif -+ -+#ifdef ossl_SN_id_qcs -+#define SN_id_qcs ossl_SN_id_qcs -+#endif -+#ifdef ossl_NID_id_qcs -+#define NID_id_qcs ossl_NID_id_qcs -+#endif -+#ifdef ossl_OBJ_id_qcs -+#define OBJ_id_qcs ossl_OBJ_id_qcs -+#endif -+ -+#ifdef ossl_SN_id_cct -+#define SN_id_cct ossl_SN_id_cct -+#endif -+#ifdef ossl_NID_id_cct -+#define NID_id_cct ossl_NID_id_cct -+#endif -+#ifdef ossl_OBJ_id_cct -+#define OBJ_id_cct ossl_OBJ_id_cct -+#endif -+ -+#ifdef ossl_SN_id_pkix1_explicit_88 -+#define SN_id_pkix1_explicit_88 ossl_SN_id_pkix1_explicit_88 -+#endif -+#ifdef ossl_NID_id_pkix1_explicit_88 -+#define NID_id_pkix1_explicit_88 ossl_NID_id_pkix1_explicit_88 -+#endif -+#ifdef ossl_OBJ_id_pkix1_explicit_88 -+#define OBJ_id_pkix1_explicit_88 ossl_OBJ_id_pkix1_explicit_88 -+#endif -+ -+#ifdef ossl_SN_id_pkix1_implicit_88 -+#define SN_id_pkix1_implicit_88 ossl_SN_id_pkix1_implicit_88 -+#endif -+#ifdef ossl_NID_id_pkix1_implicit_88 -+#define NID_id_pkix1_implicit_88 ossl_NID_id_pkix1_implicit_88 -+#endif -+#ifdef ossl_OBJ_id_pkix1_implicit_88 -+#define OBJ_id_pkix1_implicit_88 ossl_OBJ_id_pkix1_implicit_88 -+#endif -+ -+#ifdef ossl_SN_id_pkix1_explicit_93 -+#define SN_id_pkix1_explicit_93 ossl_SN_id_pkix1_explicit_93 -+#endif -+#ifdef ossl_NID_id_pkix1_explicit_93 -+#define NID_id_pkix1_explicit_93 ossl_NID_id_pkix1_explicit_93 -+#endif -+#ifdef ossl_OBJ_id_pkix1_explicit_93 -+#define OBJ_id_pkix1_explicit_93 ossl_OBJ_id_pkix1_explicit_93 -+#endif -+ -+#ifdef ossl_SN_id_pkix1_implicit_93 -+#define SN_id_pkix1_implicit_93 ossl_SN_id_pkix1_implicit_93 -+#endif -+#ifdef ossl_NID_id_pkix1_implicit_93 -+#define NID_id_pkix1_implicit_93 ossl_NID_id_pkix1_implicit_93 -+#endif -+#ifdef ossl_OBJ_id_pkix1_implicit_93 -+#define OBJ_id_pkix1_implicit_93 ossl_OBJ_id_pkix1_implicit_93 -+#endif -+ -+#ifdef ossl_SN_id_mod_crmf -+#define SN_id_mod_crmf ossl_SN_id_mod_crmf -+#endif -+#ifdef ossl_NID_id_mod_crmf -+#define NID_id_mod_crmf ossl_NID_id_mod_crmf -+#endif -+#ifdef ossl_OBJ_id_mod_crmf -+#define OBJ_id_mod_crmf ossl_OBJ_id_mod_crmf -+#endif -+ -+#ifdef ossl_SN_id_mod_cmc -+#define SN_id_mod_cmc ossl_SN_id_mod_cmc -+#endif -+#ifdef ossl_NID_id_mod_cmc -+#define NID_id_mod_cmc ossl_NID_id_mod_cmc -+#endif -+#ifdef ossl_OBJ_id_mod_cmc -+#define OBJ_id_mod_cmc ossl_OBJ_id_mod_cmc -+#endif -+ -+#ifdef ossl_SN_id_mod_kea_profile_88 -+#define SN_id_mod_kea_profile_88 ossl_SN_id_mod_kea_profile_88 -+#endif -+#ifdef ossl_NID_id_mod_kea_profile_88 -+#define NID_id_mod_kea_profile_88 ossl_NID_id_mod_kea_profile_88 -+#endif -+#ifdef ossl_OBJ_id_mod_kea_profile_88 -+#define OBJ_id_mod_kea_profile_88 ossl_OBJ_id_mod_kea_profile_88 -+#endif -+ -+#ifdef ossl_SN_id_mod_kea_profile_93 -+#define SN_id_mod_kea_profile_93 ossl_SN_id_mod_kea_profile_93 -+#endif -+#ifdef ossl_NID_id_mod_kea_profile_93 -+#define NID_id_mod_kea_profile_93 ossl_NID_id_mod_kea_profile_93 -+#endif -+#ifdef ossl_OBJ_id_mod_kea_profile_93 -+#define OBJ_id_mod_kea_profile_93 ossl_OBJ_id_mod_kea_profile_93 -+#endif -+ -+#ifdef ossl_SN_id_mod_cmp -+#define SN_id_mod_cmp ossl_SN_id_mod_cmp -+#endif -+#ifdef ossl_NID_id_mod_cmp -+#define NID_id_mod_cmp ossl_NID_id_mod_cmp -+#endif -+#ifdef ossl_OBJ_id_mod_cmp -+#define OBJ_id_mod_cmp ossl_OBJ_id_mod_cmp -+#endif -+ -+#ifdef ossl_SN_id_mod_qualified_cert_88 -+#define SN_id_mod_qualified_cert_88 ossl_SN_id_mod_qualified_cert_88 -+#endif -+#ifdef ossl_NID_id_mod_qualified_cert_88 -+#define NID_id_mod_qualified_cert_88 ossl_NID_id_mod_qualified_cert_88 -+#endif -+#ifdef ossl_OBJ_id_mod_qualified_cert_88 -+#define OBJ_id_mod_qualified_cert_88 ossl_OBJ_id_mod_qualified_cert_88 -+#endif -+ -+#ifdef ossl_SN_id_mod_qualified_cert_93 -+#define SN_id_mod_qualified_cert_93 ossl_SN_id_mod_qualified_cert_93 -+#endif -+#ifdef ossl_NID_id_mod_qualified_cert_93 -+#define NID_id_mod_qualified_cert_93 ossl_NID_id_mod_qualified_cert_93 -+#endif -+#ifdef ossl_OBJ_id_mod_qualified_cert_93 -+#define OBJ_id_mod_qualified_cert_93 ossl_OBJ_id_mod_qualified_cert_93 -+#endif -+ -+#ifdef ossl_SN_id_mod_attribute_cert -+#define SN_id_mod_attribute_cert ossl_SN_id_mod_attribute_cert -+#endif -+#ifdef ossl_NID_id_mod_attribute_cert -+#define NID_id_mod_attribute_cert ossl_NID_id_mod_attribute_cert -+#endif -+#ifdef ossl_OBJ_id_mod_attribute_cert -+#define OBJ_id_mod_attribute_cert ossl_OBJ_id_mod_attribute_cert -+#endif -+ -+#ifdef ossl_SN_id_mod_timestamp_protocol -+#define SN_id_mod_timestamp_protocol ossl_SN_id_mod_timestamp_protocol -+#endif -+#ifdef ossl_NID_id_mod_timestamp_protocol -+#define NID_id_mod_timestamp_protocol ossl_NID_id_mod_timestamp_protocol -+#endif -+#ifdef ossl_OBJ_id_mod_timestamp_protocol -+#define OBJ_id_mod_timestamp_protocol ossl_OBJ_id_mod_timestamp_protocol -+#endif -+ -+#ifdef ossl_SN_id_mod_ocsp -+#define SN_id_mod_ocsp ossl_SN_id_mod_ocsp -+#endif -+#ifdef ossl_NID_id_mod_ocsp -+#define NID_id_mod_ocsp ossl_NID_id_mod_ocsp -+#endif -+#ifdef ossl_OBJ_id_mod_ocsp -+#define OBJ_id_mod_ocsp ossl_OBJ_id_mod_ocsp -+#endif -+ -+#ifdef ossl_SN_id_mod_dvcs -+#define SN_id_mod_dvcs ossl_SN_id_mod_dvcs -+#endif -+#ifdef ossl_NID_id_mod_dvcs -+#define NID_id_mod_dvcs ossl_NID_id_mod_dvcs -+#endif -+#ifdef ossl_OBJ_id_mod_dvcs -+#define OBJ_id_mod_dvcs ossl_OBJ_id_mod_dvcs -+#endif -+ -+#ifdef ossl_SN_id_mod_cmp2000 -+#define SN_id_mod_cmp2000 ossl_SN_id_mod_cmp2000 -+#endif -+#ifdef ossl_NID_id_mod_cmp2000 -+#define NID_id_mod_cmp2000 ossl_NID_id_mod_cmp2000 -+#endif -+#ifdef ossl_OBJ_id_mod_cmp2000 -+#define OBJ_id_mod_cmp2000 ossl_OBJ_id_mod_cmp2000 -+#endif -+ -+#ifdef ossl_SN_biometricInfo -+#define SN_biometricInfo ossl_SN_biometricInfo -+#endif -+#ifdef ossl_LN_biometricInfo -+#define LN_biometricInfo ossl_LN_biometricInfo -+#endif -+#ifdef ossl_NID_biometricInfo -+#define NID_biometricInfo ossl_NID_biometricInfo -+#endif -+#ifdef ossl_OBJ_biometricInfo -+#define OBJ_biometricInfo ossl_OBJ_biometricInfo -+#endif -+ -+#ifdef ossl_SN_qcStatements -+#define SN_qcStatements ossl_SN_qcStatements -+#endif -+#ifdef ossl_NID_qcStatements -+#define NID_qcStatements ossl_NID_qcStatements -+#endif -+#ifdef ossl_OBJ_qcStatements -+#define OBJ_qcStatements ossl_OBJ_qcStatements -+#endif -+ -+#ifdef ossl_SN_ac_auditEntity -+#define SN_ac_auditEntity ossl_SN_ac_auditEntity -+#endif -+#ifdef ossl_NID_ac_auditEntity -+#define NID_ac_auditEntity ossl_NID_ac_auditEntity -+#endif -+#ifdef ossl_OBJ_ac_auditEntity -+#define OBJ_ac_auditEntity ossl_OBJ_ac_auditEntity -+#endif -+ -+#ifdef ossl_SN_ac_targeting -+#define SN_ac_targeting ossl_SN_ac_targeting -+#endif -+#ifdef ossl_NID_ac_targeting -+#define NID_ac_targeting ossl_NID_ac_targeting -+#endif -+#ifdef ossl_OBJ_ac_targeting -+#define OBJ_ac_targeting ossl_OBJ_ac_targeting -+#endif -+ -+#ifdef ossl_SN_aaControls -+#define SN_aaControls ossl_SN_aaControls -+#endif -+#ifdef ossl_NID_aaControls -+#define NID_aaControls ossl_NID_aaControls -+#endif -+#ifdef ossl_OBJ_aaControls -+#define OBJ_aaControls ossl_OBJ_aaControls -+#endif -+ -+#ifdef ossl_SN_sbgp_ipAddrBlock -+#define SN_sbgp_ipAddrBlock ossl_SN_sbgp_ipAddrBlock -+#endif -+#ifdef ossl_NID_sbgp_ipAddrBlock -+#define NID_sbgp_ipAddrBlock ossl_NID_sbgp_ipAddrBlock -+#endif -+#ifdef ossl_OBJ_sbgp_ipAddrBlock -+#define OBJ_sbgp_ipAddrBlock ossl_OBJ_sbgp_ipAddrBlock -+#endif -+ -+#ifdef ossl_SN_sbgp_autonomousSysNum -+#define SN_sbgp_autonomousSysNum ossl_SN_sbgp_autonomousSysNum -+#endif -+#ifdef ossl_NID_sbgp_autonomousSysNum -+#define NID_sbgp_autonomousSysNum ossl_NID_sbgp_autonomousSysNum -+#endif -+#ifdef ossl_OBJ_sbgp_autonomousSysNum -+#define OBJ_sbgp_autonomousSysNum ossl_OBJ_sbgp_autonomousSysNum -+#endif -+ -+#ifdef ossl_SN_sbgp_routerIdentifier -+#define SN_sbgp_routerIdentifier ossl_SN_sbgp_routerIdentifier -+#endif -+#ifdef ossl_NID_sbgp_routerIdentifier -+#define NID_sbgp_routerIdentifier ossl_NID_sbgp_routerIdentifier -+#endif -+#ifdef ossl_OBJ_sbgp_routerIdentifier -+#define OBJ_sbgp_routerIdentifier ossl_OBJ_sbgp_routerIdentifier -+#endif -+ -+#ifdef ossl_SN_textNotice -+#define SN_textNotice ossl_SN_textNotice -+#endif -+#ifdef ossl_NID_textNotice -+#define NID_textNotice ossl_NID_textNotice -+#endif -+#ifdef ossl_OBJ_textNotice -+#define OBJ_textNotice ossl_OBJ_textNotice -+#endif -+ -+#ifdef ossl_SN_ipsecEndSystem -+#define SN_ipsecEndSystem ossl_SN_ipsecEndSystem -+#endif -+#ifdef ossl_LN_ipsecEndSystem -+#define LN_ipsecEndSystem ossl_LN_ipsecEndSystem -+#endif -+#ifdef ossl_NID_ipsecEndSystem -+#define NID_ipsecEndSystem ossl_NID_ipsecEndSystem -+#endif -+#ifdef ossl_OBJ_ipsecEndSystem -+#define OBJ_ipsecEndSystem ossl_OBJ_ipsecEndSystem -+#endif -+ -+#ifdef ossl_SN_ipsecTunnel -+#define SN_ipsecTunnel ossl_SN_ipsecTunnel -+#endif -+#ifdef ossl_LN_ipsecTunnel -+#define LN_ipsecTunnel ossl_LN_ipsecTunnel -+#endif -+#ifdef ossl_NID_ipsecTunnel -+#define NID_ipsecTunnel ossl_NID_ipsecTunnel -+#endif -+#ifdef ossl_OBJ_ipsecTunnel -+#define OBJ_ipsecTunnel ossl_OBJ_ipsecTunnel -+#endif -+ -+#ifdef ossl_SN_ipsecUser -+#define SN_ipsecUser ossl_SN_ipsecUser -+#endif -+#ifdef ossl_LN_ipsecUser -+#define LN_ipsecUser ossl_LN_ipsecUser -+#endif -+#ifdef ossl_NID_ipsecUser -+#define NID_ipsecUser ossl_NID_ipsecUser -+#endif -+#ifdef ossl_OBJ_ipsecUser -+#define OBJ_ipsecUser ossl_OBJ_ipsecUser -+#endif -+ -+#ifdef ossl_SN_dvcs -+#define SN_dvcs ossl_SN_dvcs -+#endif -+#ifdef ossl_LN_dvcs -+#define LN_dvcs ossl_LN_dvcs -+#endif -+#ifdef ossl_NID_dvcs -+#define NID_dvcs ossl_NID_dvcs -+#endif -+#ifdef ossl_OBJ_dvcs -+#define OBJ_dvcs ossl_OBJ_dvcs -+#endif -+ -+#ifdef ossl_SN_id_it_caProtEncCert -+#define SN_id_it_caProtEncCert ossl_SN_id_it_caProtEncCert -+#endif -+#ifdef ossl_NID_id_it_caProtEncCert -+#define NID_id_it_caProtEncCert ossl_NID_id_it_caProtEncCert -+#endif -+#ifdef ossl_OBJ_id_it_caProtEncCert -+#define OBJ_id_it_caProtEncCert ossl_OBJ_id_it_caProtEncCert -+#endif -+ -+#ifdef ossl_SN_id_it_signKeyPairTypes -+#define SN_id_it_signKeyPairTypes ossl_SN_id_it_signKeyPairTypes -+#endif -+#ifdef ossl_NID_id_it_signKeyPairTypes -+#define NID_id_it_signKeyPairTypes ossl_NID_id_it_signKeyPairTypes -+#endif -+#ifdef ossl_OBJ_id_it_signKeyPairTypes -+#define OBJ_id_it_signKeyPairTypes ossl_OBJ_id_it_signKeyPairTypes -+#endif -+ -+#ifdef ossl_SN_id_it_encKeyPairTypes -+#define SN_id_it_encKeyPairTypes ossl_SN_id_it_encKeyPairTypes -+#endif -+#ifdef ossl_NID_id_it_encKeyPairTypes -+#define NID_id_it_encKeyPairTypes ossl_NID_id_it_encKeyPairTypes -+#endif -+#ifdef ossl_OBJ_id_it_encKeyPairTypes -+#define OBJ_id_it_encKeyPairTypes ossl_OBJ_id_it_encKeyPairTypes -+#endif -+ -+#ifdef ossl_SN_id_it_preferredSymmAlg -+#define SN_id_it_preferredSymmAlg ossl_SN_id_it_preferredSymmAlg -+#endif -+#ifdef ossl_NID_id_it_preferredSymmAlg -+#define NID_id_it_preferredSymmAlg ossl_NID_id_it_preferredSymmAlg -+#endif -+#ifdef ossl_OBJ_id_it_preferredSymmAlg -+#define OBJ_id_it_preferredSymmAlg ossl_OBJ_id_it_preferredSymmAlg -+#endif -+ -+#ifdef ossl_SN_id_it_caKeyUpdateInfo -+#define SN_id_it_caKeyUpdateInfo ossl_SN_id_it_caKeyUpdateInfo -+#endif -+#ifdef ossl_NID_id_it_caKeyUpdateInfo -+#define NID_id_it_caKeyUpdateInfo ossl_NID_id_it_caKeyUpdateInfo -+#endif -+#ifdef ossl_OBJ_id_it_caKeyUpdateInfo -+#define OBJ_id_it_caKeyUpdateInfo ossl_OBJ_id_it_caKeyUpdateInfo -+#endif -+ -+#ifdef ossl_SN_id_it_currentCRL -+#define SN_id_it_currentCRL ossl_SN_id_it_currentCRL -+#endif -+#ifdef ossl_NID_id_it_currentCRL -+#define NID_id_it_currentCRL ossl_NID_id_it_currentCRL -+#endif -+#ifdef ossl_OBJ_id_it_currentCRL -+#define OBJ_id_it_currentCRL ossl_OBJ_id_it_currentCRL -+#endif -+ -+#ifdef ossl_SN_id_it_unsupportedOIDs -+#define SN_id_it_unsupportedOIDs ossl_SN_id_it_unsupportedOIDs -+#endif -+#ifdef ossl_NID_id_it_unsupportedOIDs -+#define NID_id_it_unsupportedOIDs ossl_NID_id_it_unsupportedOIDs -+#endif -+#ifdef ossl_OBJ_id_it_unsupportedOIDs -+#define OBJ_id_it_unsupportedOIDs ossl_OBJ_id_it_unsupportedOIDs -+#endif -+ -+#ifdef ossl_SN_id_it_subscriptionRequest -+#define SN_id_it_subscriptionRequest ossl_SN_id_it_subscriptionRequest -+#endif -+#ifdef ossl_NID_id_it_subscriptionRequest -+#define NID_id_it_subscriptionRequest ossl_NID_id_it_subscriptionRequest -+#endif -+#ifdef ossl_OBJ_id_it_subscriptionRequest -+#define OBJ_id_it_subscriptionRequest ossl_OBJ_id_it_subscriptionRequest -+#endif -+ -+#ifdef ossl_SN_id_it_subscriptionResponse -+#define SN_id_it_subscriptionResponse ossl_SN_id_it_subscriptionResponse -+#endif -+#ifdef ossl_NID_id_it_subscriptionResponse -+#define NID_id_it_subscriptionResponse ossl_NID_id_it_subscriptionResponse -+#endif -+#ifdef ossl_OBJ_id_it_subscriptionResponse -+#define OBJ_id_it_subscriptionResponse ossl_OBJ_id_it_subscriptionResponse -+#endif -+ -+#ifdef ossl_SN_id_it_keyPairParamReq -+#define SN_id_it_keyPairParamReq ossl_SN_id_it_keyPairParamReq -+#endif -+#ifdef ossl_NID_id_it_keyPairParamReq -+#define NID_id_it_keyPairParamReq ossl_NID_id_it_keyPairParamReq -+#endif -+#ifdef ossl_OBJ_id_it_keyPairParamReq -+#define OBJ_id_it_keyPairParamReq ossl_OBJ_id_it_keyPairParamReq -+#endif -+ -+#ifdef ossl_SN_id_it_keyPairParamRep -+#define SN_id_it_keyPairParamRep ossl_SN_id_it_keyPairParamRep -+#endif -+#ifdef ossl_NID_id_it_keyPairParamRep -+#define NID_id_it_keyPairParamRep ossl_NID_id_it_keyPairParamRep -+#endif -+#ifdef ossl_OBJ_id_it_keyPairParamRep -+#define OBJ_id_it_keyPairParamRep ossl_OBJ_id_it_keyPairParamRep -+#endif -+ -+#ifdef ossl_SN_id_it_revPassphrase -+#define SN_id_it_revPassphrase ossl_SN_id_it_revPassphrase -+#endif -+#ifdef ossl_NID_id_it_revPassphrase -+#define NID_id_it_revPassphrase ossl_NID_id_it_revPassphrase -+#endif -+#ifdef ossl_OBJ_id_it_revPassphrase -+#define OBJ_id_it_revPassphrase ossl_OBJ_id_it_revPassphrase -+#endif -+ -+#ifdef ossl_SN_id_it_implicitConfirm -+#define SN_id_it_implicitConfirm ossl_SN_id_it_implicitConfirm -+#endif -+#ifdef ossl_NID_id_it_implicitConfirm -+#define NID_id_it_implicitConfirm ossl_NID_id_it_implicitConfirm -+#endif -+#ifdef ossl_OBJ_id_it_implicitConfirm -+#define OBJ_id_it_implicitConfirm ossl_OBJ_id_it_implicitConfirm -+#endif -+ -+#ifdef ossl_SN_id_it_confirmWaitTime -+#define SN_id_it_confirmWaitTime ossl_SN_id_it_confirmWaitTime -+#endif -+#ifdef ossl_NID_id_it_confirmWaitTime -+#define NID_id_it_confirmWaitTime ossl_NID_id_it_confirmWaitTime -+#endif -+#ifdef ossl_OBJ_id_it_confirmWaitTime -+#define OBJ_id_it_confirmWaitTime ossl_OBJ_id_it_confirmWaitTime -+#endif -+ -+#ifdef ossl_SN_id_it_origPKIMessage -+#define SN_id_it_origPKIMessage ossl_SN_id_it_origPKIMessage -+#endif -+#ifdef ossl_NID_id_it_origPKIMessage -+#define NID_id_it_origPKIMessage ossl_NID_id_it_origPKIMessage -+#endif -+#ifdef ossl_OBJ_id_it_origPKIMessage -+#define OBJ_id_it_origPKIMessage ossl_OBJ_id_it_origPKIMessage -+#endif -+ -+#ifdef ossl_SN_id_regCtrl -+#define SN_id_regCtrl ossl_SN_id_regCtrl -+#endif -+#ifdef ossl_NID_id_regCtrl -+#define NID_id_regCtrl ossl_NID_id_regCtrl -+#endif -+#ifdef ossl_OBJ_id_regCtrl -+#define OBJ_id_regCtrl ossl_OBJ_id_regCtrl -+#endif -+ -+#ifdef ossl_SN_id_regInfo -+#define SN_id_regInfo ossl_SN_id_regInfo -+#endif -+#ifdef ossl_NID_id_regInfo -+#define NID_id_regInfo ossl_NID_id_regInfo -+#endif -+#ifdef ossl_OBJ_id_regInfo -+#define OBJ_id_regInfo ossl_OBJ_id_regInfo -+#endif -+ -+#ifdef ossl_SN_id_regCtrl_regToken -+#define SN_id_regCtrl_regToken ossl_SN_id_regCtrl_regToken -+#endif -+#ifdef ossl_NID_id_regCtrl_regToken -+#define NID_id_regCtrl_regToken ossl_NID_id_regCtrl_regToken -+#endif -+#ifdef ossl_OBJ_id_regCtrl_regToken -+#define OBJ_id_regCtrl_regToken ossl_OBJ_id_regCtrl_regToken -+#endif -+ -+#ifdef ossl_SN_id_regCtrl_authenticator -+#define SN_id_regCtrl_authenticator ossl_SN_id_regCtrl_authenticator -+#endif -+#ifdef ossl_NID_id_regCtrl_authenticator -+#define NID_id_regCtrl_authenticator ossl_NID_id_regCtrl_authenticator -+#endif -+#ifdef ossl_OBJ_id_regCtrl_authenticator -+#define OBJ_id_regCtrl_authenticator ossl_OBJ_id_regCtrl_authenticator -+#endif -+ -+#ifdef ossl_SN_id_regCtrl_pkiPublicationInfo -+#define SN_id_regCtrl_pkiPublicationInfo ossl_SN_id_regCtrl_pkiPublicationInfo -+#endif -+#ifdef ossl_NID_id_regCtrl_pkiPublicationInfo -+#define NID_id_regCtrl_pkiPublicationInfo ossl_NID_id_regCtrl_pkiPublicationInfo -+#endif -+#ifdef ossl_OBJ_id_regCtrl_pkiPublicationInfo -+#define OBJ_id_regCtrl_pkiPublicationInfo ossl_OBJ_id_regCtrl_pkiPublicationInfo -+#endif -+ -+#ifdef ossl_SN_id_regCtrl_pkiArchiveOptions -+#define SN_id_regCtrl_pkiArchiveOptions ossl_SN_id_regCtrl_pkiArchiveOptions -+#endif -+#ifdef ossl_NID_id_regCtrl_pkiArchiveOptions -+#define NID_id_regCtrl_pkiArchiveOptions ossl_NID_id_regCtrl_pkiArchiveOptions -+#endif -+#ifdef ossl_OBJ_id_regCtrl_pkiArchiveOptions -+#define OBJ_id_regCtrl_pkiArchiveOptions ossl_OBJ_id_regCtrl_pkiArchiveOptions -+#endif -+ -+#ifdef ossl_SN_id_regCtrl_oldCertID -+#define SN_id_regCtrl_oldCertID ossl_SN_id_regCtrl_oldCertID -+#endif -+#ifdef ossl_NID_id_regCtrl_oldCertID -+#define NID_id_regCtrl_oldCertID ossl_NID_id_regCtrl_oldCertID -+#endif -+#ifdef ossl_OBJ_id_regCtrl_oldCertID -+#define OBJ_id_regCtrl_oldCertID ossl_OBJ_id_regCtrl_oldCertID -+#endif -+ -+#ifdef ossl_SN_id_regCtrl_protocolEncrKey -+#define SN_id_regCtrl_protocolEncrKey ossl_SN_id_regCtrl_protocolEncrKey -+#endif -+#ifdef ossl_NID_id_regCtrl_protocolEncrKey -+#define NID_id_regCtrl_protocolEncrKey ossl_NID_id_regCtrl_protocolEncrKey -+#endif -+#ifdef ossl_OBJ_id_regCtrl_protocolEncrKey -+#define OBJ_id_regCtrl_protocolEncrKey ossl_OBJ_id_regCtrl_protocolEncrKey -+#endif -+ -+#ifdef ossl_SN_id_regInfo_utf8Pairs -+#define SN_id_regInfo_utf8Pairs ossl_SN_id_regInfo_utf8Pairs -+#endif -+#ifdef ossl_NID_id_regInfo_utf8Pairs -+#define NID_id_regInfo_utf8Pairs ossl_NID_id_regInfo_utf8Pairs -+#endif -+#ifdef ossl_OBJ_id_regInfo_utf8Pairs -+#define OBJ_id_regInfo_utf8Pairs ossl_OBJ_id_regInfo_utf8Pairs -+#endif -+ -+#ifdef ossl_SN_id_regInfo_certReq -+#define SN_id_regInfo_certReq ossl_SN_id_regInfo_certReq -+#endif -+#ifdef ossl_NID_id_regInfo_certReq -+#define NID_id_regInfo_certReq ossl_NID_id_regInfo_certReq -+#endif -+#ifdef ossl_OBJ_id_regInfo_certReq -+#define OBJ_id_regInfo_certReq ossl_OBJ_id_regInfo_certReq -+#endif -+ -+#ifdef ossl_SN_id_alg_des40 -+#define SN_id_alg_des40 ossl_SN_id_alg_des40 -+#endif -+#ifdef ossl_NID_id_alg_des40 -+#define NID_id_alg_des40 ossl_NID_id_alg_des40 -+#endif -+#ifdef ossl_OBJ_id_alg_des40 -+#define OBJ_id_alg_des40 ossl_OBJ_id_alg_des40 -+#endif -+ -+#ifdef ossl_SN_id_alg_noSignature -+#define SN_id_alg_noSignature ossl_SN_id_alg_noSignature -+#endif -+#ifdef ossl_NID_id_alg_noSignature -+#define NID_id_alg_noSignature ossl_NID_id_alg_noSignature -+#endif -+#ifdef ossl_OBJ_id_alg_noSignature -+#define OBJ_id_alg_noSignature ossl_OBJ_id_alg_noSignature -+#endif -+ -+#ifdef ossl_SN_id_alg_dh_sig_hmac_sha1 -+#define SN_id_alg_dh_sig_hmac_sha1 ossl_SN_id_alg_dh_sig_hmac_sha1 -+#endif -+#ifdef ossl_NID_id_alg_dh_sig_hmac_sha1 -+#define NID_id_alg_dh_sig_hmac_sha1 ossl_NID_id_alg_dh_sig_hmac_sha1 -+#endif -+#ifdef ossl_OBJ_id_alg_dh_sig_hmac_sha1 -+#define OBJ_id_alg_dh_sig_hmac_sha1 ossl_OBJ_id_alg_dh_sig_hmac_sha1 -+#endif -+ -+#ifdef ossl_SN_id_alg_dh_pop -+#define SN_id_alg_dh_pop ossl_SN_id_alg_dh_pop -+#endif -+#ifdef ossl_NID_id_alg_dh_pop -+#define NID_id_alg_dh_pop ossl_NID_id_alg_dh_pop -+#endif -+#ifdef ossl_OBJ_id_alg_dh_pop -+#define OBJ_id_alg_dh_pop ossl_OBJ_id_alg_dh_pop -+#endif -+ -+#ifdef ossl_SN_id_cmc_statusInfo -+#define SN_id_cmc_statusInfo ossl_SN_id_cmc_statusInfo -+#endif -+#ifdef ossl_NID_id_cmc_statusInfo -+#define NID_id_cmc_statusInfo ossl_NID_id_cmc_statusInfo -+#endif -+#ifdef ossl_OBJ_id_cmc_statusInfo -+#define OBJ_id_cmc_statusInfo ossl_OBJ_id_cmc_statusInfo -+#endif -+ -+#ifdef ossl_SN_id_cmc_identification -+#define SN_id_cmc_identification ossl_SN_id_cmc_identification -+#endif -+#ifdef ossl_NID_id_cmc_identification -+#define NID_id_cmc_identification ossl_NID_id_cmc_identification -+#endif -+#ifdef ossl_OBJ_id_cmc_identification -+#define OBJ_id_cmc_identification ossl_OBJ_id_cmc_identification -+#endif -+ -+#ifdef ossl_SN_id_cmc_identityProof -+#define SN_id_cmc_identityProof ossl_SN_id_cmc_identityProof -+#endif -+#ifdef ossl_NID_id_cmc_identityProof -+#define NID_id_cmc_identityProof ossl_NID_id_cmc_identityProof -+#endif -+#ifdef ossl_OBJ_id_cmc_identityProof -+#define OBJ_id_cmc_identityProof ossl_OBJ_id_cmc_identityProof -+#endif -+ -+#ifdef ossl_SN_id_cmc_dataReturn -+#define SN_id_cmc_dataReturn ossl_SN_id_cmc_dataReturn -+#endif -+#ifdef ossl_NID_id_cmc_dataReturn -+#define NID_id_cmc_dataReturn ossl_NID_id_cmc_dataReturn -+#endif -+#ifdef ossl_OBJ_id_cmc_dataReturn -+#define OBJ_id_cmc_dataReturn ossl_OBJ_id_cmc_dataReturn -+#endif -+ -+#ifdef ossl_SN_id_cmc_transactionId -+#define SN_id_cmc_transactionId ossl_SN_id_cmc_transactionId -+#endif -+#ifdef ossl_NID_id_cmc_transactionId -+#define NID_id_cmc_transactionId ossl_NID_id_cmc_transactionId -+#endif -+#ifdef ossl_OBJ_id_cmc_transactionId -+#define OBJ_id_cmc_transactionId ossl_OBJ_id_cmc_transactionId -+#endif -+ -+#ifdef ossl_SN_id_cmc_senderNonce -+#define SN_id_cmc_senderNonce ossl_SN_id_cmc_senderNonce -+#endif -+#ifdef ossl_NID_id_cmc_senderNonce -+#define NID_id_cmc_senderNonce ossl_NID_id_cmc_senderNonce -+#endif -+#ifdef ossl_OBJ_id_cmc_senderNonce -+#define OBJ_id_cmc_senderNonce ossl_OBJ_id_cmc_senderNonce -+#endif -+ -+#ifdef ossl_SN_id_cmc_recipientNonce -+#define SN_id_cmc_recipientNonce ossl_SN_id_cmc_recipientNonce -+#endif -+#ifdef ossl_NID_id_cmc_recipientNonce -+#define NID_id_cmc_recipientNonce ossl_NID_id_cmc_recipientNonce -+#endif -+#ifdef ossl_OBJ_id_cmc_recipientNonce -+#define OBJ_id_cmc_recipientNonce ossl_OBJ_id_cmc_recipientNonce -+#endif -+ -+#ifdef ossl_SN_id_cmc_addExtensions -+#define SN_id_cmc_addExtensions ossl_SN_id_cmc_addExtensions -+#endif -+#ifdef ossl_NID_id_cmc_addExtensions -+#define NID_id_cmc_addExtensions ossl_NID_id_cmc_addExtensions -+#endif -+#ifdef ossl_OBJ_id_cmc_addExtensions -+#define OBJ_id_cmc_addExtensions ossl_OBJ_id_cmc_addExtensions -+#endif -+ -+#ifdef ossl_SN_id_cmc_encryptedPOP -+#define SN_id_cmc_encryptedPOP ossl_SN_id_cmc_encryptedPOP -+#endif -+#ifdef ossl_NID_id_cmc_encryptedPOP -+#define NID_id_cmc_encryptedPOP ossl_NID_id_cmc_encryptedPOP -+#endif -+#ifdef ossl_OBJ_id_cmc_encryptedPOP -+#define OBJ_id_cmc_encryptedPOP ossl_OBJ_id_cmc_encryptedPOP -+#endif -+ -+#ifdef ossl_SN_id_cmc_decryptedPOP -+#define SN_id_cmc_decryptedPOP ossl_SN_id_cmc_decryptedPOP -+#endif -+#ifdef ossl_NID_id_cmc_decryptedPOP -+#define NID_id_cmc_decryptedPOP ossl_NID_id_cmc_decryptedPOP -+#endif -+#ifdef ossl_OBJ_id_cmc_decryptedPOP -+#define OBJ_id_cmc_decryptedPOP ossl_OBJ_id_cmc_decryptedPOP -+#endif -+ -+#ifdef ossl_SN_id_cmc_lraPOPWitness -+#define SN_id_cmc_lraPOPWitness ossl_SN_id_cmc_lraPOPWitness -+#endif -+#ifdef ossl_NID_id_cmc_lraPOPWitness -+#define NID_id_cmc_lraPOPWitness ossl_NID_id_cmc_lraPOPWitness -+#endif -+#ifdef ossl_OBJ_id_cmc_lraPOPWitness -+#define OBJ_id_cmc_lraPOPWitness ossl_OBJ_id_cmc_lraPOPWitness -+#endif -+ -+#ifdef ossl_SN_id_cmc_getCert -+#define SN_id_cmc_getCert ossl_SN_id_cmc_getCert -+#endif -+#ifdef ossl_NID_id_cmc_getCert -+#define NID_id_cmc_getCert ossl_NID_id_cmc_getCert -+#endif -+#ifdef ossl_OBJ_id_cmc_getCert -+#define OBJ_id_cmc_getCert ossl_OBJ_id_cmc_getCert -+#endif -+ -+#ifdef ossl_SN_id_cmc_getCRL -+#define SN_id_cmc_getCRL ossl_SN_id_cmc_getCRL -+#endif -+#ifdef ossl_NID_id_cmc_getCRL -+#define NID_id_cmc_getCRL ossl_NID_id_cmc_getCRL -+#endif -+#ifdef ossl_OBJ_id_cmc_getCRL -+#define OBJ_id_cmc_getCRL ossl_OBJ_id_cmc_getCRL -+#endif -+ -+#ifdef ossl_SN_id_cmc_revokeRequest -+#define SN_id_cmc_revokeRequest ossl_SN_id_cmc_revokeRequest -+#endif -+#ifdef ossl_NID_id_cmc_revokeRequest -+#define NID_id_cmc_revokeRequest ossl_NID_id_cmc_revokeRequest -+#endif -+#ifdef ossl_OBJ_id_cmc_revokeRequest -+#define OBJ_id_cmc_revokeRequest ossl_OBJ_id_cmc_revokeRequest -+#endif -+ -+#ifdef ossl_SN_id_cmc_regInfo -+#define SN_id_cmc_regInfo ossl_SN_id_cmc_regInfo -+#endif -+#ifdef ossl_NID_id_cmc_regInfo -+#define NID_id_cmc_regInfo ossl_NID_id_cmc_regInfo -+#endif -+#ifdef ossl_OBJ_id_cmc_regInfo -+#define OBJ_id_cmc_regInfo ossl_OBJ_id_cmc_regInfo -+#endif -+ -+#ifdef ossl_SN_id_cmc_responseInfo -+#define SN_id_cmc_responseInfo ossl_SN_id_cmc_responseInfo -+#endif -+#ifdef ossl_NID_id_cmc_responseInfo -+#define NID_id_cmc_responseInfo ossl_NID_id_cmc_responseInfo -+#endif -+#ifdef ossl_OBJ_id_cmc_responseInfo -+#define OBJ_id_cmc_responseInfo ossl_OBJ_id_cmc_responseInfo -+#endif -+ -+#ifdef ossl_SN_id_cmc_queryPending -+#define SN_id_cmc_queryPending ossl_SN_id_cmc_queryPending -+#endif -+#ifdef ossl_NID_id_cmc_queryPending -+#define NID_id_cmc_queryPending ossl_NID_id_cmc_queryPending -+#endif -+#ifdef ossl_OBJ_id_cmc_queryPending -+#define OBJ_id_cmc_queryPending ossl_OBJ_id_cmc_queryPending -+#endif -+ -+#ifdef ossl_SN_id_cmc_popLinkRandom -+#define SN_id_cmc_popLinkRandom ossl_SN_id_cmc_popLinkRandom -+#endif -+#ifdef ossl_NID_id_cmc_popLinkRandom -+#define NID_id_cmc_popLinkRandom ossl_NID_id_cmc_popLinkRandom -+#endif -+#ifdef ossl_OBJ_id_cmc_popLinkRandom -+#define OBJ_id_cmc_popLinkRandom ossl_OBJ_id_cmc_popLinkRandom -+#endif -+ -+#ifdef ossl_SN_id_cmc_popLinkWitness -+#define SN_id_cmc_popLinkWitness ossl_SN_id_cmc_popLinkWitness -+#endif -+#ifdef ossl_NID_id_cmc_popLinkWitness -+#define NID_id_cmc_popLinkWitness ossl_NID_id_cmc_popLinkWitness -+#endif -+#ifdef ossl_OBJ_id_cmc_popLinkWitness -+#define OBJ_id_cmc_popLinkWitness ossl_OBJ_id_cmc_popLinkWitness -+#endif -+ -+#ifdef ossl_SN_id_cmc_confirmCertAcceptance -+#define SN_id_cmc_confirmCertAcceptance ossl_SN_id_cmc_confirmCertAcceptance -+#endif -+#ifdef ossl_NID_id_cmc_confirmCertAcceptance -+#define NID_id_cmc_confirmCertAcceptance ossl_NID_id_cmc_confirmCertAcceptance -+#endif -+#ifdef ossl_OBJ_id_cmc_confirmCertAcceptance -+#define OBJ_id_cmc_confirmCertAcceptance ossl_OBJ_id_cmc_confirmCertAcceptance -+#endif -+ -+#ifdef ossl_SN_id_on_personalData -+#define SN_id_on_personalData ossl_SN_id_on_personalData -+#endif -+#ifdef ossl_NID_id_on_personalData -+#define NID_id_on_personalData ossl_NID_id_on_personalData -+#endif -+#ifdef ossl_OBJ_id_on_personalData -+#define OBJ_id_on_personalData ossl_OBJ_id_on_personalData -+#endif -+ -+#ifdef ossl_SN_id_pda_dateOfBirth -+#define SN_id_pda_dateOfBirth ossl_SN_id_pda_dateOfBirth -+#endif -+#ifdef ossl_NID_id_pda_dateOfBirth -+#define NID_id_pda_dateOfBirth ossl_NID_id_pda_dateOfBirth -+#endif -+#ifdef ossl_OBJ_id_pda_dateOfBirth -+#define OBJ_id_pda_dateOfBirth ossl_OBJ_id_pda_dateOfBirth -+#endif -+ -+#ifdef ossl_SN_id_pda_placeOfBirth -+#define SN_id_pda_placeOfBirth ossl_SN_id_pda_placeOfBirth -+#endif -+#ifdef ossl_NID_id_pda_placeOfBirth -+#define NID_id_pda_placeOfBirth ossl_NID_id_pda_placeOfBirth -+#endif -+#ifdef ossl_OBJ_id_pda_placeOfBirth -+#define OBJ_id_pda_placeOfBirth ossl_OBJ_id_pda_placeOfBirth -+#endif -+ -+#ifdef ossl_SN_id_pda_gender -+#define SN_id_pda_gender ossl_SN_id_pda_gender -+#endif -+#ifdef ossl_NID_id_pda_gender -+#define NID_id_pda_gender ossl_NID_id_pda_gender -+#endif -+#ifdef ossl_OBJ_id_pda_gender -+#define OBJ_id_pda_gender ossl_OBJ_id_pda_gender -+#endif -+ -+#ifdef ossl_SN_id_pda_countryOfCitizenship -+#define SN_id_pda_countryOfCitizenship ossl_SN_id_pda_countryOfCitizenship -+#endif -+#ifdef ossl_NID_id_pda_countryOfCitizenship -+#define NID_id_pda_countryOfCitizenship ossl_NID_id_pda_countryOfCitizenship -+#endif -+#ifdef ossl_OBJ_id_pda_countryOfCitizenship -+#define OBJ_id_pda_countryOfCitizenship ossl_OBJ_id_pda_countryOfCitizenship -+#endif -+ -+#ifdef ossl_SN_id_pda_countryOfResidence -+#define SN_id_pda_countryOfResidence ossl_SN_id_pda_countryOfResidence -+#endif -+#ifdef ossl_NID_id_pda_countryOfResidence -+#define NID_id_pda_countryOfResidence ossl_NID_id_pda_countryOfResidence -+#endif -+#ifdef ossl_OBJ_id_pda_countryOfResidence -+#define OBJ_id_pda_countryOfResidence ossl_OBJ_id_pda_countryOfResidence -+#endif -+ -+#ifdef ossl_SN_id_aca_authenticationInfo -+#define SN_id_aca_authenticationInfo ossl_SN_id_aca_authenticationInfo -+#endif -+#ifdef ossl_NID_id_aca_authenticationInfo -+#define NID_id_aca_authenticationInfo ossl_NID_id_aca_authenticationInfo -+#endif -+#ifdef ossl_OBJ_id_aca_authenticationInfo -+#define OBJ_id_aca_authenticationInfo ossl_OBJ_id_aca_authenticationInfo -+#endif -+ -+#ifdef ossl_SN_id_aca_accessIdentity -+#define SN_id_aca_accessIdentity ossl_SN_id_aca_accessIdentity -+#endif -+#ifdef ossl_NID_id_aca_accessIdentity -+#define NID_id_aca_accessIdentity ossl_NID_id_aca_accessIdentity -+#endif -+#ifdef ossl_OBJ_id_aca_accessIdentity -+#define OBJ_id_aca_accessIdentity ossl_OBJ_id_aca_accessIdentity -+#endif -+ -+#ifdef ossl_SN_id_aca_chargingIdentity -+#define SN_id_aca_chargingIdentity ossl_SN_id_aca_chargingIdentity -+#endif -+#ifdef ossl_NID_id_aca_chargingIdentity -+#define NID_id_aca_chargingIdentity ossl_NID_id_aca_chargingIdentity -+#endif -+#ifdef ossl_OBJ_id_aca_chargingIdentity -+#define OBJ_id_aca_chargingIdentity ossl_OBJ_id_aca_chargingIdentity -+#endif -+ -+#ifdef ossl_SN_id_aca_group -+#define SN_id_aca_group ossl_SN_id_aca_group -+#endif -+#ifdef ossl_NID_id_aca_group -+#define NID_id_aca_group ossl_NID_id_aca_group -+#endif -+#ifdef ossl_OBJ_id_aca_group -+#define OBJ_id_aca_group ossl_OBJ_id_aca_group -+#endif -+ -+#ifdef ossl_SN_id_aca_role -+#define SN_id_aca_role ossl_SN_id_aca_role -+#endif -+#ifdef ossl_NID_id_aca_role -+#define NID_id_aca_role ossl_NID_id_aca_role -+#endif -+#ifdef ossl_OBJ_id_aca_role -+#define OBJ_id_aca_role ossl_OBJ_id_aca_role -+#endif -+ -+#ifdef ossl_SN_id_qcs_pkixQCSyntax_v1 -+#define SN_id_qcs_pkixQCSyntax_v1 ossl_SN_id_qcs_pkixQCSyntax_v1 -+#endif -+#ifdef ossl_NID_id_qcs_pkixQCSyntax_v1 -+#define NID_id_qcs_pkixQCSyntax_v1 ossl_NID_id_qcs_pkixQCSyntax_v1 -+#endif -+#ifdef ossl_OBJ_id_qcs_pkixQCSyntax_v1 -+#define OBJ_id_qcs_pkixQCSyntax_v1 ossl_OBJ_id_qcs_pkixQCSyntax_v1 -+#endif -+ -+#ifdef ossl_SN_id_cct_crs -+#define SN_id_cct_crs ossl_SN_id_cct_crs -+#endif -+#ifdef ossl_NID_id_cct_crs -+#define NID_id_cct_crs ossl_NID_id_cct_crs -+#endif -+#ifdef ossl_OBJ_id_cct_crs -+#define OBJ_id_cct_crs ossl_OBJ_id_cct_crs -+#endif -+ -+#ifdef ossl_SN_id_cct_PKIData -+#define SN_id_cct_PKIData ossl_SN_id_cct_PKIData -+#endif -+#ifdef ossl_NID_id_cct_PKIData -+#define NID_id_cct_PKIData ossl_NID_id_cct_PKIData -+#endif -+#ifdef ossl_OBJ_id_cct_PKIData -+#define OBJ_id_cct_PKIData ossl_OBJ_id_cct_PKIData -+#endif -+ -+#ifdef ossl_SN_id_cct_PKIResponse -+#define SN_id_cct_PKIResponse ossl_SN_id_cct_PKIResponse -+#endif -+#ifdef ossl_NID_id_cct_PKIResponse -+#define NID_id_cct_PKIResponse ossl_NID_id_cct_PKIResponse -+#endif -+#ifdef ossl_OBJ_id_cct_PKIResponse -+#define OBJ_id_cct_PKIResponse ossl_OBJ_id_cct_PKIResponse -+#endif -+ -+#ifdef ossl_SN_ad_timeStamping -+#define SN_ad_timeStamping ossl_SN_ad_timeStamping -+#endif -+#ifdef ossl_LN_ad_timeStamping -+#define LN_ad_timeStamping ossl_LN_ad_timeStamping -+#endif -+#ifdef ossl_NID_ad_timeStamping -+#define NID_ad_timeStamping ossl_NID_ad_timeStamping -+#endif -+#ifdef ossl_OBJ_ad_timeStamping -+#define OBJ_ad_timeStamping ossl_OBJ_ad_timeStamping -+#endif -+ -+#ifdef ossl_SN_ad_dvcs -+#define SN_ad_dvcs ossl_SN_ad_dvcs -+#endif -+#ifdef ossl_LN_ad_dvcs -+#define LN_ad_dvcs ossl_LN_ad_dvcs -+#endif -+#ifdef ossl_NID_ad_dvcs -+#define NID_ad_dvcs ossl_NID_ad_dvcs -+#endif -+#ifdef ossl_OBJ_ad_dvcs -+#define OBJ_ad_dvcs ossl_OBJ_ad_dvcs -+#endif -+ -+#ifdef ossl_SN_id_pkix_OCSP_basic -+#define SN_id_pkix_OCSP_basic ossl_SN_id_pkix_OCSP_basic -+#endif -+#ifdef ossl_LN_id_pkix_OCSP_basic -+#define LN_id_pkix_OCSP_basic ossl_LN_id_pkix_OCSP_basic -+#endif -+#ifdef ossl_NID_id_pkix_OCSP_basic -+#define NID_id_pkix_OCSP_basic ossl_NID_id_pkix_OCSP_basic -+#endif -+#ifdef ossl_OBJ_id_pkix_OCSP_basic -+#define OBJ_id_pkix_OCSP_basic ossl_OBJ_id_pkix_OCSP_basic -+#endif -+ -+#ifdef ossl_SN_id_pkix_OCSP_Nonce -+#define SN_id_pkix_OCSP_Nonce ossl_SN_id_pkix_OCSP_Nonce -+#endif -+#ifdef ossl_LN_id_pkix_OCSP_Nonce -+#define LN_id_pkix_OCSP_Nonce ossl_LN_id_pkix_OCSP_Nonce -+#endif -+#ifdef ossl_NID_id_pkix_OCSP_Nonce -+#define NID_id_pkix_OCSP_Nonce ossl_NID_id_pkix_OCSP_Nonce -+#endif -+#ifdef ossl_OBJ_id_pkix_OCSP_Nonce -+#define OBJ_id_pkix_OCSP_Nonce ossl_OBJ_id_pkix_OCSP_Nonce -+#endif -+ -+#ifdef ossl_SN_id_pkix_OCSP_CrlID -+#define SN_id_pkix_OCSP_CrlID ossl_SN_id_pkix_OCSP_CrlID -+#endif -+#ifdef ossl_LN_id_pkix_OCSP_CrlID -+#define LN_id_pkix_OCSP_CrlID ossl_LN_id_pkix_OCSP_CrlID -+#endif -+#ifdef ossl_NID_id_pkix_OCSP_CrlID -+#define NID_id_pkix_OCSP_CrlID ossl_NID_id_pkix_OCSP_CrlID -+#endif -+#ifdef ossl_OBJ_id_pkix_OCSP_CrlID -+#define OBJ_id_pkix_OCSP_CrlID ossl_OBJ_id_pkix_OCSP_CrlID -+#endif -+ -+#ifdef ossl_SN_id_pkix_OCSP_acceptableResponses -+#define SN_id_pkix_OCSP_acceptableResponses ossl_SN_id_pkix_OCSP_acceptableResponses -+#endif -+#ifdef ossl_LN_id_pkix_OCSP_acceptableResponses -+#define LN_id_pkix_OCSP_acceptableResponses ossl_LN_id_pkix_OCSP_acceptableResponses -+#endif -+#ifdef ossl_NID_id_pkix_OCSP_acceptableResponses -+#define NID_id_pkix_OCSP_acceptableResponses ossl_NID_id_pkix_OCSP_acceptableResponses -+#endif -+#ifdef ossl_OBJ_id_pkix_OCSP_acceptableResponses -+#define OBJ_id_pkix_OCSP_acceptableResponses ossl_OBJ_id_pkix_OCSP_acceptableResponses -+#endif -+ -+ -+#ifdef ossl_SN_id_pkix_OCSP_noCheck -+#define SN_id_pkix_OCSP_noCheck ossl_SN_id_pkix_OCSP_noCheck -+#endif -+#ifdef ossl_LN_id_pkix_OCSP_noCheck -+#define LN_id_pkix_OCSP_noCheck ossl_LN_id_pkix_OCSP_noCheck -+#endif -+#ifdef ossl_NID_id_pkix_OCSP_noCheck -+#define NID_id_pkix_OCSP_noCheck ossl_NID_id_pkix_OCSP_noCheck -+#endif -+#ifdef ossl_OBJ_id_pkix_OCSP_noCheck -+#define OBJ_id_pkix_OCSP_noCheck ossl_OBJ_id_pkix_OCSP_noCheck -+#endif -+ -+#ifdef ossl_SN_id_pkix_OCSP_archiveCutoff -+#define SN_id_pkix_OCSP_archiveCutoff ossl_SN_id_pkix_OCSP_archiveCutoff -+#endif -+#ifdef ossl_LN_id_pkix_OCSP_archiveCutoff -+#define LN_id_pkix_OCSP_archiveCutoff ossl_LN_id_pkix_OCSP_archiveCutoff -+#endif -+#ifdef ossl_NID_id_pkix_OCSP_archiveCutoff -+#define NID_id_pkix_OCSP_archiveCutoff ossl_NID_id_pkix_OCSP_archiveCutoff -+#endif -+#ifdef ossl_OBJ_id_pkix_OCSP_archiveCutoff -+#define OBJ_id_pkix_OCSP_archiveCutoff ossl_OBJ_id_pkix_OCSP_archiveCutoff -+#endif -+ -+#ifdef ossl_SN_id_pkix_OCSP_serviceLocator -+#define SN_id_pkix_OCSP_serviceLocator ossl_SN_id_pkix_OCSP_serviceLocator -+#endif -+#ifdef ossl_LN_id_pkix_OCSP_serviceLocator -+#define LN_id_pkix_OCSP_serviceLocator ossl_LN_id_pkix_OCSP_serviceLocator -+#endif -+#ifdef ossl_NID_id_pkix_OCSP_serviceLocator -+#define NID_id_pkix_OCSP_serviceLocator ossl_NID_id_pkix_OCSP_serviceLocator -+#endif -+#ifdef ossl_OBJ_id_pkix_OCSP_serviceLocator -+#define OBJ_id_pkix_OCSP_serviceLocator ossl_OBJ_id_pkix_OCSP_serviceLocator -+#endif -+ -+#ifdef ossl_SN_id_pkix_OCSP_extendedStatus -+#define SN_id_pkix_OCSP_extendedStatus ossl_SN_id_pkix_OCSP_extendedStatus -+#endif -+#ifdef ossl_LN_id_pkix_OCSP_extendedStatus -+#define LN_id_pkix_OCSP_extendedStatus ossl_LN_id_pkix_OCSP_extendedStatus -+#endif -+#ifdef ossl_NID_id_pkix_OCSP_extendedStatus -+#define NID_id_pkix_OCSP_extendedStatus ossl_NID_id_pkix_OCSP_extendedStatus -+#endif -+#ifdef ossl_OBJ_id_pkix_OCSP_extendedStatus -+#define OBJ_id_pkix_OCSP_extendedStatus ossl_OBJ_id_pkix_OCSP_extendedStatus -+#endif -+ -+#ifdef ossl_SN_id_pkix_OCSP_valid -+#define SN_id_pkix_OCSP_valid ossl_SN_id_pkix_OCSP_valid -+#endif -+#ifdef ossl_NID_id_pkix_OCSP_valid -+#define NID_id_pkix_OCSP_valid ossl_NID_id_pkix_OCSP_valid -+#endif -+#ifdef ossl_OBJ_id_pkix_OCSP_valid -+#define OBJ_id_pkix_OCSP_valid ossl_OBJ_id_pkix_OCSP_valid -+#endif -+ -+#ifdef ossl_SN_id_pkix_OCSP_path -+#define SN_id_pkix_OCSP_path ossl_SN_id_pkix_OCSP_path -+#endif -+#ifdef ossl_NID_id_pkix_OCSP_path -+#define NID_id_pkix_OCSP_path ossl_NID_id_pkix_OCSP_path -+#endif -+#ifdef ossl_OBJ_id_pkix_OCSP_path -+#define OBJ_id_pkix_OCSP_path ossl_OBJ_id_pkix_OCSP_path -+#endif -+ -+#ifdef ossl_SN_id_pkix_OCSP_trustRoot -+#define SN_id_pkix_OCSP_trustRoot ossl_SN_id_pkix_OCSP_trustRoot -+#endif -+#ifdef ossl_LN_id_pkix_OCSP_trustRoot -+#define LN_id_pkix_OCSP_trustRoot ossl_LN_id_pkix_OCSP_trustRoot -+#endif -+#ifdef ossl_NID_id_pkix_OCSP_trustRoot -+#define NID_id_pkix_OCSP_trustRoot ossl_NID_id_pkix_OCSP_trustRoot -+#endif -+#ifdef ossl_OBJ_id_pkix_OCSP_trustRoot -+#define OBJ_id_pkix_OCSP_trustRoot ossl_OBJ_id_pkix_OCSP_trustRoot -+#endif -+ -+#ifdef ossl_SN_algorithm -+#define SN_algorithm ossl_SN_algorithm -+#endif -+#ifdef ossl_LN_algorithm -+#define LN_algorithm ossl_LN_algorithm -+#endif -+#ifdef ossl_NID_algorithm -+#define NID_algorithm ossl_NID_algorithm -+#endif -+#ifdef ossl_OBJ_algorithm -+#define OBJ_algorithm ossl_OBJ_algorithm -+#endif -+ -+#ifdef ossl_SN_rsaSignature -+#define SN_rsaSignature ossl_SN_rsaSignature -+#endif -+#ifdef ossl_NID_rsaSignature -+#define NID_rsaSignature ossl_NID_rsaSignature -+#endif -+#ifdef ossl_OBJ_rsaSignature -+#define OBJ_rsaSignature ossl_OBJ_rsaSignature -+#endif -+ -+#ifdef ossl_SN_X500algorithms -+#define SN_X500algorithms ossl_SN_X500algorithms -+#endif -+#ifdef ossl_LN_X500algorithms -+#define LN_X500algorithms ossl_LN_X500algorithms -+#endif -+#ifdef ossl_NID_X500algorithms -+#define NID_X500algorithms ossl_NID_X500algorithms -+#endif -+#ifdef ossl_OBJ_X500algorithms -+#define OBJ_X500algorithms ossl_OBJ_X500algorithms -+#endif -+ -+#ifdef ossl_SN_org -+#define SN_org ossl_SN_org -+#endif -+#ifdef ossl_LN_org -+#define LN_org ossl_LN_org -+#endif -+#ifdef ossl_NID_org -+#define NID_org ossl_NID_org -+#endif -+#ifdef ossl_OBJ_org -+#define OBJ_org ossl_OBJ_org -+#endif -+ -+#ifdef ossl_SN_dod -+#define SN_dod ossl_SN_dod -+#endif -+#ifdef ossl_LN_dod -+#define LN_dod ossl_LN_dod -+#endif -+#ifdef ossl_NID_dod -+#define NID_dod ossl_NID_dod -+#endif -+#ifdef ossl_OBJ_dod -+#define OBJ_dod ossl_OBJ_dod -+#endif -+ -+#ifdef ossl_SN_iana -+#define SN_iana ossl_SN_iana -+#endif -+#ifdef ossl_LN_iana -+#define LN_iana ossl_LN_iana -+#endif -+#ifdef ossl_NID_iana -+#define NID_iana ossl_NID_iana -+#endif -+#ifdef ossl_OBJ_iana -+#define OBJ_iana ossl_OBJ_iana -+#endif -+ -+#ifdef ossl_SN_Directory -+#define SN_Directory ossl_SN_Directory -+#endif -+#ifdef ossl_LN_Directory -+#define LN_Directory ossl_LN_Directory -+#endif -+#ifdef ossl_NID_Directory -+#define NID_Directory ossl_NID_Directory -+#endif -+#ifdef ossl_OBJ_Directory -+#define OBJ_Directory ossl_OBJ_Directory -+#endif -+ -+#ifdef ossl_SN_Management -+#define SN_Management ossl_SN_Management -+#endif -+#ifdef ossl_LN_Management -+#define LN_Management ossl_LN_Management -+#endif -+#ifdef ossl_NID_Management -+#define NID_Management ossl_NID_Management -+#endif -+#ifdef ossl_OBJ_Management -+#define OBJ_Management ossl_OBJ_Management -+#endif -+ -+#ifdef ossl_SN_Experimental -+#define SN_Experimental ossl_SN_Experimental -+#endif -+#ifdef ossl_LN_Experimental -+#define LN_Experimental ossl_LN_Experimental -+#endif -+#ifdef ossl_NID_Experimental -+#define NID_Experimental ossl_NID_Experimental -+#endif -+#ifdef ossl_OBJ_Experimental -+#define OBJ_Experimental ossl_OBJ_Experimental -+#endif -+ -+#ifdef ossl_SN_Private -+#define SN_Private ossl_SN_Private -+#endif -+#ifdef ossl_LN_Private -+#define LN_Private ossl_LN_Private -+#endif -+#ifdef ossl_NID_Private -+#define NID_Private ossl_NID_Private -+#endif -+#ifdef ossl_OBJ_Private -+#define OBJ_Private ossl_OBJ_Private -+#endif -+ -+#ifdef ossl_SN_Security -+#define SN_Security ossl_SN_Security -+#endif -+#ifdef ossl_LN_Security -+#define LN_Security ossl_LN_Security -+#endif -+#ifdef ossl_NID_Security -+#define NID_Security ossl_NID_Security -+#endif -+#ifdef ossl_OBJ_Security -+#define OBJ_Security ossl_OBJ_Security -+#endif -+ -+#ifdef ossl_SN_SNMPv2 -+#define SN_SNMPv2 ossl_SN_SNMPv2 -+#endif -+#ifdef ossl_LN_SNMPv2 -+#define LN_SNMPv2 ossl_LN_SNMPv2 -+#endif -+#ifdef ossl_NID_SNMPv2 -+#define NID_SNMPv2 ossl_NID_SNMPv2 -+#endif -+#ifdef ossl_OBJ_SNMPv2 -+#define OBJ_SNMPv2 ossl_OBJ_SNMPv2 -+#endif -+ -+#ifdef ossl_LN_Mail -+#define LN_Mail ossl_LN_Mail -+#endif -+#ifdef ossl_NID_Mail -+#define NID_Mail ossl_NID_Mail -+#endif -+#ifdef ossl_OBJ_Mail -+#define OBJ_Mail ossl_OBJ_Mail -+#endif -+ -+#ifdef ossl_SN_Enterprises -+#define SN_Enterprises ossl_SN_Enterprises -+#endif -+#ifdef ossl_LN_Enterprises -+#define LN_Enterprises ossl_LN_Enterprises -+#endif -+#ifdef ossl_NID_Enterprises -+#define NID_Enterprises ossl_NID_Enterprises -+#endif -+#ifdef ossl_OBJ_Enterprises -+#define OBJ_Enterprises ossl_OBJ_Enterprises -+#endif -+ -+#ifdef ossl_SN_dcObject -+#define SN_dcObject ossl_SN_dcObject -+#endif -+#ifdef ossl_LN_dcObject -+#define LN_dcObject ossl_LN_dcObject -+#endif -+#ifdef ossl_NID_dcObject -+#define NID_dcObject ossl_NID_dcObject -+#endif -+#ifdef ossl_OBJ_dcObject -+#define OBJ_dcObject ossl_OBJ_dcObject -+#endif -+ -+#ifdef ossl_SN_domainComponent -+#define SN_domainComponent ossl_SN_domainComponent -+#endif -+#ifdef ossl_LN_domainComponent -+#define LN_domainComponent ossl_LN_domainComponent -+#endif -+#ifdef ossl_NID_domainComponent -+#define NID_domainComponent ossl_NID_domainComponent -+#endif -+#ifdef ossl_OBJ_domainComponent -+#define OBJ_domainComponent ossl_OBJ_domainComponent -+#endif -+ -+#ifdef ossl_SN_Domain -+#define SN_Domain ossl_SN_Domain -+#endif -+#ifdef ossl_LN_Domain -+#define LN_Domain ossl_LN_Domain -+#endif -+#ifdef ossl_NID_Domain -+#define NID_Domain ossl_NID_Domain -+#endif -+#ifdef ossl_OBJ_Domain -+#define OBJ_Domain ossl_OBJ_Domain -+#endif -+ -+#ifdef ossl_SN_selected_attribute_types -+#define SN_selected_attribute_types ossl_SN_selected_attribute_types -+#endif -+#ifdef ossl_LN_selected_attribute_types -+#define LN_selected_attribute_types ossl_LN_selected_attribute_types -+#endif -+#ifdef ossl_NID_selected_attribute_types -+#define NID_selected_attribute_types ossl_NID_selected_attribute_types -+#endif -+#ifdef ossl_OBJ_selected_attribute_types -+#define OBJ_selected_attribute_types ossl_OBJ_selected_attribute_types -+#endif -+ -+#ifdef ossl_SN_clearance -+#define SN_clearance ossl_SN_clearance -+#endif -+#ifdef ossl_NID_clearance -+#define NID_clearance ossl_NID_clearance -+#endif -+#ifdef ossl_OBJ_clearance -+#define OBJ_clearance ossl_OBJ_clearance -+#endif -+ -+#ifdef ossl_SN_md4WithRSAEncryption -+#define SN_md4WithRSAEncryption ossl_SN_md4WithRSAEncryption -+#endif -+#ifdef ossl_LN_md4WithRSAEncryption -+#define LN_md4WithRSAEncryption ossl_LN_md4WithRSAEncryption -+#endif -+#ifdef ossl_NID_md4WithRSAEncryption -+#define NID_md4WithRSAEncryption ossl_NID_md4WithRSAEncryption -+#endif -+#ifdef ossl_OBJ_md4WithRSAEncryption -+#define OBJ_md4WithRSAEncryption ossl_OBJ_md4WithRSAEncryption -+#endif -+ -+#ifdef ossl_SN_ac_proxying -+#define SN_ac_proxying ossl_SN_ac_proxying -+#endif -+#ifdef ossl_NID_ac_proxying -+#define NID_ac_proxying ossl_NID_ac_proxying -+#endif -+#ifdef ossl_OBJ_ac_proxying -+#define OBJ_ac_proxying ossl_OBJ_ac_proxying -+#endif -+ -+#ifdef ossl_SN_sinfo_access -+#define SN_sinfo_access ossl_SN_sinfo_access -+#endif -+#ifdef ossl_LN_sinfo_access -+#define LN_sinfo_access ossl_LN_sinfo_access -+#endif -+#ifdef ossl_NID_sinfo_access -+#define NID_sinfo_access ossl_NID_sinfo_access -+#endif -+#ifdef ossl_OBJ_sinfo_access -+#define OBJ_sinfo_access ossl_OBJ_sinfo_access -+#endif -+ -+#ifdef ossl_SN_id_aca_encAttrs -+#define SN_id_aca_encAttrs ossl_SN_id_aca_encAttrs -+#endif -+#ifdef ossl_NID_id_aca_encAttrs -+#define NID_id_aca_encAttrs ossl_NID_id_aca_encAttrs -+#endif -+#ifdef ossl_OBJ_id_aca_encAttrs -+#define OBJ_id_aca_encAttrs ossl_OBJ_id_aca_encAttrs -+#endif -+ -+#ifdef ossl_SN_role -+#define SN_role ossl_SN_role -+#endif -+#ifdef ossl_LN_role -+#define LN_role ossl_LN_role -+#endif -+#ifdef ossl_NID_role -+#define NID_role ossl_NID_role -+#endif -+#ifdef ossl_OBJ_role -+#define OBJ_role ossl_OBJ_role -+#endif -+ -+#ifdef ossl_SN_policy_constraints -+#define SN_policy_constraints ossl_SN_policy_constraints -+#endif -+#ifdef ossl_LN_policy_constraints -+#define LN_policy_constraints ossl_LN_policy_constraints -+#endif -+#ifdef ossl_NID_policy_constraints -+#define NID_policy_constraints ossl_NID_policy_constraints -+#endif -+#ifdef ossl_OBJ_policy_constraints -+#define OBJ_policy_constraints ossl_OBJ_policy_constraints -+#endif -+ -+#ifdef ossl_SN_target_information -+#define SN_target_information ossl_SN_target_information -+#endif -+#ifdef ossl_LN_target_information -+#define LN_target_information ossl_LN_target_information -+#endif -+#ifdef ossl_NID_target_information -+#define NID_target_information ossl_NID_target_information -+#endif -+#ifdef ossl_OBJ_target_information -+#define OBJ_target_information ossl_OBJ_target_information -+#endif -+ -+#ifdef ossl_SN_no_rev_avail -+#define SN_no_rev_avail ossl_SN_no_rev_avail -+#endif -+#ifdef ossl_LN_no_rev_avail -+#define LN_no_rev_avail ossl_LN_no_rev_avail -+#endif -+#ifdef ossl_NID_no_rev_avail -+#define NID_no_rev_avail ossl_NID_no_rev_avail -+#endif -+#ifdef ossl_OBJ_no_rev_avail -+#define OBJ_no_rev_avail ossl_OBJ_no_rev_avail -+#endif -+ -+#ifdef ossl_SN_ansi_X9_62 -+#define SN_ansi_X9_62 ossl_SN_ansi_X9_62 -+#endif -+#ifdef ossl_LN_ansi_X9_62 -+#define LN_ansi_X9_62 ossl_LN_ansi_X9_62 -+#endif -+#ifdef ossl_NID_ansi_X9_62 -+#define NID_ansi_X9_62 ossl_NID_ansi_X9_62 -+#endif -+#ifdef ossl_OBJ_ansi_X9_62 -+#define OBJ_ansi_X9_62 ossl_OBJ_ansi_X9_62 -+#endif -+ -+#ifdef ossl_SN_X9_62_prime_field -+#define SN_X9_62_prime_field ossl_SN_X9_62_prime_field -+#endif -+#ifdef ossl_NID_X9_62_prime_field -+#define NID_X9_62_prime_field ossl_NID_X9_62_prime_field -+#endif -+#ifdef ossl_OBJ_X9_62_prime_field -+#define OBJ_X9_62_prime_field ossl_OBJ_X9_62_prime_field -+#endif -+ -+#ifdef ossl_SN_X9_62_characteristic_two_field -+#define SN_X9_62_characteristic_two_field ossl_SN_X9_62_characteristic_two_field -+#endif -+#ifdef ossl_NID_X9_62_characteristic_two_field -+#define NID_X9_62_characteristic_two_field ossl_NID_X9_62_characteristic_two_field -+#endif -+#ifdef ossl_OBJ_X9_62_characteristic_two_field -+#define OBJ_X9_62_characteristic_two_field ossl_OBJ_X9_62_characteristic_two_field -+#endif -+ -+#ifdef ossl_SN_X9_62_id_ecPublicKey -+#define SN_X9_62_id_ecPublicKey ossl_SN_X9_62_id_ecPublicKey -+#endif -+#ifdef ossl_NID_X9_62_id_ecPublicKey -+#define NID_X9_62_id_ecPublicKey ossl_NID_X9_62_id_ecPublicKey -+#endif -+#ifdef ossl_OBJ_X9_62_id_ecPublicKey -+#define OBJ_X9_62_id_ecPublicKey ossl_OBJ_X9_62_id_ecPublicKey -+#endif -+ -+#ifdef ossl_SN_X9_62_prime192v1 -+#define SN_X9_62_prime192v1 ossl_SN_X9_62_prime192v1 -+#endif -+#ifdef ossl_NID_X9_62_prime192v1 -+#define NID_X9_62_prime192v1 ossl_NID_X9_62_prime192v1 -+#endif -+#ifdef ossl_OBJ_X9_62_prime192v1 -+#define OBJ_X9_62_prime192v1 ossl_OBJ_X9_62_prime192v1 -+#endif -+ -+#ifdef ossl_SN_X9_62_prime192v2 -+#define SN_X9_62_prime192v2 ossl_SN_X9_62_prime192v2 -+#endif -+#ifdef ossl_NID_X9_62_prime192v2 -+#define NID_X9_62_prime192v2 ossl_NID_X9_62_prime192v2 -+#endif -+#ifdef ossl_OBJ_X9_62_prime192v2 -+#define OBJ_X9_62_prime192v2 ossl_OBJ_X9_62_prime192v2 -+#endif -+ -+#ifdef ossl_SN_X9_62_prime192v3 -+#define SN_X9_62_prime192v3 ossl_SN_X9_62_prime192v3 -+#endif -+#ifdef ossl_NID_X9_62_prime192v3 -+#define NID_X9_62_prime192v3 ossl_NID_X9_62_prime192v3 -+#endif -+#ifdef ossl_OBJ_X9_62_prime192v3 -+#define OBJ_X9_62_prime192v3 ossl_OBJ_X9_62_prime192v3 -+#endif -+ -+#ifdef ossl_SN_X9_62_prime239v1 -+#define SN_X9_62_prime239v1 ossl_SN_X9_62_prime239v1 -+#endif -+#ifdef ossl_NID_X9_62_prime239v1 -+#define NID_X9_62_prime239v1 ossl_NID_X9_62_prime239v1 -+#endif -+#ifdef ossl_OBJ_X9_62_prime239v1 -+#define OBJ_X9_62_prime239v1 ossl_OBJ_X9_62_prime239v1 -+#endif -+ -+#ifdef ossl_SN_X9_62_prime239v2 -+#define SN_X9_62_prime239v2 ossl_SN_X9_62_prime239v2 -+#endif -+#ifdef ossl_NID_X9_62_prime239v2 -+#define NID_X9_62_prime239v2 ossl_NID_X9_62_prime239v2 -+#endif -+#ifdef ossl_OBJ_X9_62_prime239v2 -+#define OBJ_X9_62_prime239v2 ossl_OBJ_X9_62_prime239v2 -+#endif -+ -+#ifdef ossl_SN_X9_62_prime239v3 -+#define SN_X9_62_prime239v3 ossl_SN_X9_62_prime239v3 -+#endif -+#ifdef ossl_NID_X9_62_prime239v3 -+#define NID_X9_62_prime239v3 ossl_NID_X9_62_prime239v3 -+#endif -+#ifdef ossl_OBJ_X9_62_prime239v3 -+#define OBJ_X9_62_prime239v3 ossl_OBJ_X9_62_prime239v3 -+#endif -+ -+#ifdef ossl_SN_X9_62_prime256v1 -+#define SN_X9_62_prime256v1 ossl_SN_X9_62_prime256v1 -+#endif -+#ifdef ossl_NID_X9_62_prime256v1 -+#define NID_X9_62_prime256v1 ossl_NID_X9_62_prime256v1 -+#endif -+#ifdef ossl_OBJ_X9_62_prime256v1 -+#define OBJ_X9_62_prime256v1 ossl_OBJ_X9_62_prime256v1 -+#endif -+ -+#ifdef ossl_SN_ecdsa_with_SHA1 -+#define SN_ecdsa_with_SHA1 ossl_SN_ecdsa_with_SHA1 -+#endif -+#ifdef ossl_NID_ecdsa_with_SHA1 -+#define NID_ecdsa_with_SHA1 ossl_NID_ecdsa_with_SHA1 -+#endif -+#ifdef ossl_OBJ_ecdsa_with_SHA1 -+#define OBJ_ecdsa_with_SHA1 ossl_OBJ_ecdsa_with_SHA1 -+#endif -+ -+#ifdef ossl_SN_ms_csp_name -+#define SN_ms_csp_name ossl_SN_ms_csp_name -+#endif -+#ifdef ossl_LN_ms_csp_name -+#define LN_ms_csp_name ossl_LN_ms_csp_name -+#endif -+#ifdef ossl_NID_ms_csp_name -+#define NID_ms_csp_name ossl_NID_ms_csp_name -+#endif -+#ifdef ossl_OBJ_ms_csp_name -+#define OBJ_ms_csp_name ossl_OBJ_ms_csp_name -+#endif -+ -+#ifdef ossl_SN_aes_128_ecb -+#define SN_aes_128_ecb ossl_SN_aes_128_ecb -+#endif -+#ifdef ossl_LN_aes_128_ecb -+#define LN_aes_128_ecb ossl_LN_aes_128_ecb -+#endif -+#ifdef ossl_NID_aes_128_ecb -+#define NID_aes_128_ecb ossl_NID_aes_128_ecb -+#endif -+#ifdef ossl_OBJ_aes_128_ecb -+#define OBJ_aes_128_ecb ossl_OBJ_aes_128_ecb -+#endif -+ -+#ifdef ossl_SN_aes_128_cbc -+#define SN_aes_128_cbc ossl_SN_aes_128_cbc -+#endif -+#ifdef ossl_LN_aes_128_cbc -+#define LN_aes_128_cbc ossl_LN_aes_128_cbc -+#endif -+#ifdef ossl_NID_aes_128_cbc -+#define NID_aes_128_cbc ossl_NID_aes_128_cbc -+#endif -+#ifdef ossl_OBJ_aes_128_cbc -+#define OBJ_aes_128_cbc ossl_OBJ_aes_128_cbc -+#endif -+ -+#ifdef ossl_SN_aes_128_ofb128 -+#define SN_aes_128_ofb128 ossl_SN_aes_128_ofb128 -+#endif -+#ifdef ossl_LN_aes_128_ofb128 -+#define LN_aes_128_ofb128 ossl_LN_aes_128_ofb128 -+#endif -+#ifdef ossl_NID_aes_128_ofb128 -+#define NID_aes_128_ofb128 ossl_NID_aes_128_ofb128 -+#endif -+#ifdef ossl_OBJ_aes_128_ofb128 -+#define OBJ_aes_128_ofb128 ossl_OBJ_aes_128_ofb128 -+#endif -+ -+#ifdef ossl_SN_aes_128_cfb128 -+#define SN_aes_128_cfb128 ossl_SN_aes_128_cfb128 -+#endif -+#ifdef ossl_LN_aes_128_cfb128 -+#define LN_aes_128_cfb128 ossl_LN_aes_128_cfb128 -+#endif -+#ifdef ossl_NID_aes_128_cfb128 -+#define NID_aes_128_cfb128 ossl_NID_aes_128_cfb128 -+#endif -+#ifdef ossl_OBJ_aes_128_cfb128 -+#define OBJ_aes_128_cfb128 ossl_OBJ_aes_128_cfb128 -+#endif -+ -+#ifdef ossl_SN_aes_192_ecb -+#define SN_aes_192_ecb ossl_SN_aes_192_ecb -+#endif -+#ifdef ossl_LN_aes_192_ecb -+#define LN_aes_192_ecb ossl_LN_aes_192_ecb -+#endif -+#ifdef ossl_NID_aes_192_ecb -+#define NID_aes_192_ecb ossl_NID_aes_192_ecb -+#endif -+#ifdef ossl_OBJ_aes_192_ecb -+#define OBJ_aes_192_ecb ossl_OBJ_aes_192_ecb -+#endif -+ -+#ifdef ossl_SN_aes_192_cbc -+#define SN_aes_192_cbc ossl_SN_aes_192_cbc -+#endif -+#ifdef ossl_LN_aes_192_cbc -+#define LN_aes_192_cbc ossl_LN_aes_192_cbc -+#endif -+#ifdef ossl_NID_aes_192_cbc -+#define NID_aes_192_cbc ossl_NID_aes_192_cbc -+#endif -+#ifdef ossl_OBJ_aes_192_cbc -+#define OBJ_aes_192_cbc ossl_OBJ_aes_192_cbc -+#endif -+ -+#ifdef ossl_SN_aes_192_ofb128 -+#define SN_aes_192_ofb128 ossl_SN_aes_192_ofb128 -+#endif -+#ifdef ossl_LN_aes_192_ofb128 -+#define LN_aes_192_ofb128 ossl_LN_aes_192_ofb128 -+#endif -+#ifdef ossl_NID_aes_192_ofb128 -+#define NID_aes_192_ofb128 ossl_NID_aes_192_ofb128 -+#endif -+#ifdef ossl_OBJ_aes_192_ofb128 -+#define OBJ_aes_192_ofb128 ossl_OBJ_aes_192_ofb128 -+#endif -+ -+#ifdef ossl_SN_aes_192_cfb128 -+#define SN_aes_192_cfb128 ossl_SN_aes_192_cfb128 -+#endif -+#ifdef ossl_LN_aes_192_cfb128 -+#define LN_aes_192_cfb128 ossl_LN_aes_192_cfb128 -+#endif -+#ifdef ossl_NID_aes_192_cfb128 -+#define NID_aes_192_cfb128 ossl_NID_aes_192_cfb128 -+#endif -+#ifdef ossl_OBJ_aes_192_cfb128 -+#define OBJ_aes_192_cfb128 ossl_OBJ_aes_192_cfb128 -+#endif -+ -+#ifdef ossl_SN_aes_256_ecb -+#define SN_aes_256_ecb ossl_SN_aes_256_ecb -+#endif -+#ifdef ossl_LN_aes_256_ecb -+#define LN_aes_256_ecb ossl_LN_aes_256_ecb -+#endif -+#ifdef ossl_NID_aes_256_ecb -+#define NID_aes_256_ecb ossl_NID_aes_256_ecb -+#endif -+#ifdef ossl_OBJ_aes_256_ecb -+#define OBJ_aes_256_ecb ossl_OBJ_aes_256_ecb -+#endif -+ -+#ifdef ossl_SN_aes_256_cbc -+#define SN_aes_256_cbc ossl_SN_aes_256_cbc -+#endif -+#ifdef ossl_LN_aes_256_cbc -+#define LN_aes_256_cbc ossl_LN_aes_256_cbc -+#endif -+#ifdef ossl_NID_aes_256_cbc -+#define NID_aes_256_cbc ossl_NID_aes_256_cbc -+#endif -+#ifdef ossl_OBJ_aes_256_cbc -+#define OBJ_aes_256_cbc ossl_OBJ_aes_256_cbc -+#endif -+ -+#ifdef ossl_SN_aes_256_ofb128 -+#define SN_aes_256_ofb128 ossl_SN_aes_256_ofb128 -+#endif -+#ifdef ossl_LN_aes_256_ofb128 -+#define LN_aes_256_ofb128 ossl_LN_aes_256_ofb128 -+#endif -+#ifdef ossl_NID_aes_256_ofb128 -+#define NID_aes_256_ofb128 ossl_NID_aes_256_ofb128 -+#endif -+#ifdef ossl_OBJ_aes_256_ofb128 -+#define OBJ_aes_256_ofb128 ossl_OBJ_aes_256_ofb128 -+#endif -+ -+#ifdef ossl_SN_aes_256_cfb128 -+#define SN_aes_256_cfb128 ossl_SN_aes_256_cfb128 -+#endif -+#ifdef ossl_LN_aes_256_cfb128 -+#define LN_aes_256_cfb128 ossl_LN_aes_256_cfb128 -+#endif -+#ifdef ossl_NID_aes_256_cfb128 -+#define NID_aes_256_cfb128 ossl_NID_aes_256_cfb128 -+#endif -+#ifdef ossl_OBJ_aes_256_cfb128 -+#define OBJ_aes_256_cfb128 ossl_OBJ_aes_256_cfb128 -+#endif -+ -+#ifdef ossl_SN_hold_instruction_code -+#define SN_hold_instruction_code ossl_SN_hold_instruction_code -+#endif -+#ifdef ossl_LN_hold_instruction_code -+#define LN_hold_instruction_code ossl_LN_hold_instruction_code -+#endif -+#ifdef ossl_NID_hold_instruction_code -+#define NID_hold_instruction_code ossl_NID_hold_instruction_code -+#endif -+#ifdef ossl_OBJ_hold_instruction_code -+#define OBJ_hold_instruction_code ossl_OBJ_hold_instruction_code -+#endif -+ -+#ifdef ossl_SN_hold_instruction_none -+#define SN_hold_instruction_none ossl_SN_hold_instruction_none -+#endif -+#ifdef ossl_LN_hold_instruction_none -+#define LN_hold_instruction_none ossl_LN_hold_instruction_none -+#endif -+#ifdef ossl_NID_hold_instruction_none -+#define NID_hold_instruction_none ossl_NID_hold_instruction_none -+#endif -+#ifdef ossl_OBJ_hold_instruction_none -+#define OBJ_hold_instruction_none ossl_OBJ_hold_instruction_none -+#endif -+ -+#ifdef ossl_SN_hold_instruction_call_issuer -+#define SN_hold_instruction_call_issuer ossl_SN_hold_instruction_call_issuer -+#endif -+#ifdef ossl_LN_hold_instruction_call_issuer -+#define LN_hold_instruction_call_issuer ossl_LN_hold_instruction_call_issuer -+#endif -+#ifdef ossl_NID_hold_instruction_call_issuer -+#define NID_hold_instruction_call_issuer ossl_NID_hold_instruction_call_issuer -+#endif -+#ifdef ossl_OBJ_hold_instruction_call_issuer -+#define OBJ_hold_instruction_call_issuer ossl_OBJ_hold_instruction_call_issuer -+#endif -+ -+#ifdef ossl_SN_hold_instruction_reject -+#define SN_hold_instruction_reject ossl_SN_hold_instruction_reject -+#endif -+#ifdef ossl_LN_hold_instruction_reject -+#define LN_hold_instruction_reject ossl_LN_hold_instruction_reject -+#endif -+#ifdef ossl_NID_hold_instruction_reject -+#define NID_hold_instruction_reject ossl_NID_hold_instruction_reject -+#endif -+#ifdef ossl_OBJ_hold_instruction_reject -+#define OBJ_hold_instruction_reject ossl_OBJ_hold_instruction_reject -+#endif -+ -+#ifdef ossl_SN_data -+#define SN_data ossl_SN_data -+#endif -+#ifdef ossl_NID_data -+#define NID_data ossl_NID_data -+#endif -+#ifdef ossl_OBJ_data -+#define OBJ_data ossl_OBJ_data -+#endif -+ -+#ifdef ossl_SN_pss -+#define SN_pss ossl_SN_pss -+#endif -+#ifdef ossl_NID_pss -+#define NID_pss ossl_NID_pss -+#endif -+#ifdef ossl_OBJ_pss -+#define OBJ_pss ossl_OBJ_pss -+#endif -+ -+#ifdef ossl_SN_ucl -+#define SN_ucl ossl_SN_ucl -+#endif -+#ifdef ossl_NID_ucl -+#define NID_ucl ossl_NID_ucl -+#endif -+#ifdef ossl_OBJ_ucl -+#define OBJ_ucl ossl_OBJ_ucl -+#endif -+ -+#ifdef ossl_SN_pilot -+#define SN_pilot ossl_SN_pilot -+#endif -+#ifdef ossl_NID_pilot -+#define NID_pilot ossl_NID_pilot -+#endif -+#ifdef ossl_OBJ_pilot -+#define OBJ_pilot ossl_OBJ_pilot -+#endif -+ -+#ifdef ossl_LN_pilotAttributeType -+#define LN_pilotAttributeType ossl_LN_pilotAttributeType -+#endif -+#ifdef ossl_NID_pilotAttributeType -+#define NID_pilotAttributeType ossl_NID_pilotAttributeType -+#endif -+#ifdef ossl_OBJ_pilotAttributeType -+#define OBJ_pilotAttributeType ossl_OBJ_pilotAttributeType -+#endif -+ -+#ifdef ossl_LN_pilotAttributeSyntax -+#define LN_pilotAttributeSyntax ossl_LN_pilotAttributeSyntax -+#endif -+#ifdef ossl_NID_pilotAttributeSyntax -+#define NID_pilotAttributeSyntax ossl_NID_pilotAttributeSyntax -+#endif -+#ifdef ossl_OBJ_pilotAttributeSyntax -+#define OBJ_pilotAttributeSyntax ossl_OBJ_pilotAttributeSyntax -+#endif -+ -+#ifdef ossl_LN_pilotObjectClass -+#define LN_pilotObjectClass ossl_LN_pilotObjectClass -+#endif -+#ifdef ossl_NID_pilotObjectClass -+#define NID_pilotObjectClass ossl_NID_pilotObjectClass -+#endif -+#ifdef ossl_OBJ_pilotObjectClass -+#define OBJ_pilotObjectClass ossl_OBJ_pilotObjectClass -+#endif -+ -+#ifdef ossl_LN_pilotGroups -+#define LN_pilotGroups ossl_LN_pilotGroups -+#endif -+#ifdef ossl_NID_pilotGroups -+#define NID_pilotGroups ossl_NID_pilotGroups -+#endif -+#ifdef ossl_OBJ_pilotGroups -+#define OBJ_pilotGroups ossl_OBJ_pilotGroups -+#endif -+ -+#ifdef ossl_LN_iA5StringSyntax -+#define LN_iA5StringSyntax ossl_LN_iA5StringSyntax -+#endif -+#ifdef ossl_NID_iA5StringSyntax -+#define NID_iA5StringSyntax ossl_NID_iA5StringSyntax -+#endif -+#ifdef ossl_OBJ_iA5StringSyntax -+#define OBJ_iA5StringSyntax ossl_OBJ_iA5StringSyntax -+#endif -+ -+#ifdef ossl_LN_caseIgnoreIA5StringSyntax -+#define LN_caseIgnoreIA5StringSyntax ossl_LN_caseIgnoreIA5StringSyntax -+#endif -+#ifdef ossl_NID_caseIgnoreIA5StringSyntax -+#define NID_caseIgnoreIA5StringSyntax ossl_NID_caseIgnoreIA5StringSyntax -+#endif -+#ifdef ossl_OBJ_caseIgnoreIA5StringSyntax -+#define OBJ_caseIgnoreIA5StringSyntax ossl_OBJ_caseIgnoreIA5StringSyntax -+#endif -+ -+#ifdef ossl_LN_pilotObject -+#define LN_pilotObject ossl_LN_pilotObject -+#endif -+#ifdef ossl_NID_pilotObject -+#define NID_pilotObject ossl_NID_pilotObject -+#endif -+#ifdef ossl_OBJ_pilotObject -+#define OBJ_pilotObject ossl_OBJ_pilotObject -+#endif -+ -+#ifdef ossl_LN_pilotPerson -+#define LN_pilotPerson ossl_LN_pilotPerson -+#endif -+#ifdef ossl_NID_pilotPerson -+#define NID_pilotPerson ossl_NID_pilotPerson -+#endif -+#ifdef ossl_OBJ_pilotPerson -+#define OBJ_pilotPerson ossl_OBJ_pilotPerson -+#endif -+ -+#ifdef ossl_SN_account -+#define SN_account ossl_SN_account -+#endif -+#ifdef ossl_NID_account -+#define NID_account ossl_NID_account -+#endif -+#ifdef ossl_OBJ_account -+#define OBJ_account ossl_OBJ_account -+#endif -+ -+#ifdef ossl_SN_document -+#define SN_document ossl_SN_document -+#endif -+#ifdef ossl_NID_document -+#define NID_document ossl_NID_document -+#endif -+#ifdef ossl_OBJ_document -+#define OBJ_document ossl_OBJ_document -+#endif -+ -+#ifdef ossl_SN_room -+#define SN_room ossl_SN_room -+#endif -+#ifdef ossl_NID_room -+#define NID_room ossl_NID_room -+#endif -+#ifdef ossl_OBJ_room -+#define OBJ_room ossl_OBJ_room -+#endif -+ -+#ifdef ossl_LN_documentSeries -+#define LN_documentSeries ossl_LN_documentSeries -+#endif -+#ifdef ossl_NID_documentSeries -+#define NID_documentSeries ossl_NID_documentSeries -+#endif -+#ifdef ossl_OBJ_documentSeries -+#define OBJ_documentSeries ossl_OBJ_documentSeries -+#endif -+ -+#ifdef ossl_LN_rFC822localPart -+#define LN_rFC822localPart ossl_LN_rFC822localPart -+#endif -+#ifdef ossl_NID_rFC822localPart -+#define NID_rFC822localPart ossl_NID_rFC822localPart -+#endif -+#ifdef ossl_OBJ_rFC822localPart -+#define OBJ_rFC822localPart ossl_OBJ_rFC822localPart -+#endif -+ -+#ifdef ossl_LN_dNSDomain -+#define LN_dNSDomain ossl_LN_dNSDomain -+#endif -+#ifdef ossl_NID_dNSDomain -+#define NID_dNSDomain ossl_NID_dNSDomain -+#endif -+#ifdef ossl_OBJ_dNSDomain -+#define OBJ_dNSDomain ossl_OBJ_dNSDomain -+#endif -+ -+#ifdef ossl_LN_domainRelatedObject -+#define LN_domainRelatedObject ossl_LN_domainRelatedObject -+#endif -+#ifdef ossl_NID_domainRelatedObject -+#define NID_domainRelatedObject ossl_NID_domainRelatedObject -+#endif -+#ifdef ossl_OBJ_domainRelatedObject -+#define OBJ_domainRelatedObject ossl_OBJ_domainRelatedObject -+#endif -+ -+#ifdef ossl_LN_friendlyCountry -+#define LN_friendlyCountry ossl_LN_friendlyCountry -+#endif -+#ifdef ossl_NID_friendlyCountry -+#define NID_friendlyCountry ossl_NID_friendlyCountry -+#endif -+#ifdef ossl_OBJ_friendlyCountry -+#define OBJ_friendlyCountry ossl_OBJ_friendlyCountry -+#endif -+ -+#ifdef ossl_LN_simpleSecurityObject -+#define LN_simpleSecurityObject ossl_LN_simpleSecurityObject -+#endif -+#ifdef ossl_NID_simpleSecurityObject -+#define NID_simpleSecurityObject ossl_NID_simpleSecurityObject -+#endif -+#ifdef ossl_OBJ_simpleSecurityObject -+#define OBJ_simpleSecurityObject ossl_OBJ_simpleSecurityObject -+#endif -+ -+#ifdef ossl_LN_pilotOrganization -+#define LN_pilotOrganization ossl_LN_pilotOrganization -+#endif -+#ifdef ossl_NID_pilotOrganization -+#define NID_pilotOrganization ossl_NID_pilotOrganization -+#endif -+#ifdef ossl_OBJ_pilotOrganization -+#define OBJ_pilotOrganization ossl_OBJ_pilotOrganization -+#endif -+ -+#ifdef ossl_LN_pilotDSA -+#define LN_pilotDSA ossl_LN_pilotDSA -+#endif -+#ifdef ossl_NID_pilotDSA -+#define NID_pilotDSA ossl_NID_pilotDSA -+#endif -+#ifdef ossl_OBJ_pilotDSA -+#define OBJ_pilotDSA ossl_OBJ_pilotDSA -+#endif -+ -+#ifdef ossl_LN_qualityLabelledData -+#define LN_qualityLabelledData ossl_LN_qualityLabelledData -+#endif -+#ifdef ossl_NID_qualityLabelledData -+#define NID_qualityLabelledData ossl_NID_qualityLabelledData -+#endif -+#ifdef ossl_OBJ_qualityLabelledData -+#define OBJ_qualityLabelledData ossl_OBJ_qualityLabelledData -+#endif -+ -+#ifdef ossl_SN_userId -+#define SN_userId ossl_SN_userId -+#endif -+#ifdef ossl_LN_userId -+#define LN_userId ossl_LN_userId -+#endif -+#ifdef ossl_NID_userId -+#define NID_userId ossl_NID_userId -+#endif -+#ifdef ossl_OBJ_userId -+#define OBJ_userId ossl_OBJ_userId -+#endif -+ -+#ifdef ossl_LN_textEncodedORAddress -+#define LN_textEncodedORAddress ossl_LN_textEncodedORAddress -+#endif -+#ifdef ossl_NID_textEncodedORAddress -+#define NID_textEncodedORAddress ossl_NID_textEncodedORAddress -+#endif -+#ifdef ossl_OBJ_textEncodedORAddress -+#define OBJ_textEncodedORAddress ossl_OBJ_textEncodedORAddress -+#endif -+ -+#ifdef ossl_SN_rfc822Mailbox -+#define SN_rfc822Mailbox ossl_SN_rfc822Mailbox -+#endif -+#ifdef ossl_LN_rfc822Mailbox -+#define LN_rfc822Mailbox ossl_LN_rfc822Mailbox -+#endif -+#ifdef ossl_NID_rfc822Mailbox -+#define NID_rfc822Mailbox ossl_NID_rfc822Mailbox -+#endif -+#ifdef ossl_OBJ_rfc822Mailbox -+#define OBJ_rfc822Mailbox ossl_OBJ_rfc822Mailbox -+#endif -+ -+#ifdef ossl_SN_info -+#define SN_info ossl_SN_info -+#endif -+#ifdef ossl_NID_info -+#define NID_info ossl_NID_info -+#endif -+#ifdef ossl_OBJ_info -+#define OBJ_info ossl_OBJ_info -+#endif -+ -+#ifdef ossl_LN_favouriteDrink -+#define LN_favouriteDrink ossl_LN_favouriteDrink -+#endif -+#ifdef ossl_NID_favouriteDrink -+#define NID_favouriteDrink ossl_NID_favouriteDrink -+#endif -+#ifdef ossl_OBJ_favouriteDrink -+#define OBJ_favouriteDrink ossl_OBJ_favouriteDrink -+#endif -+ -+#ifdef ossl_LN_roomNumber -+#define LN_roomNumber ossl_LN_roomNumber -+#endif -+#ifdef ossl_NID_roomNumber -+#define NID_roomNumber ossl_NID_roomNumber -+#endif -+#ifdef ossl_OBJ_roomNumber -+#define OBJ_roomNumber ossl_OBJ_roomNumber -+#endif -+ -+#ifdef ossl_SN_photo -+#define SN_photo ossl_SN_photo -+#endif -+#ifdef ossl_NID_photo -+#define NID_photo ossl_NID_photo -+#endif -+#ifdef ossl_OBJ_photo -+#define OBJ_photo ossl_OBJ_photo -+#endif -+ -+#ifdef ossl_LN_userClass -+#define LN_userClass ossl_LN_userClass -+#endif -+#ifdef ossl_NID_userClass -+#define NID_userClass ossl_NID_userClass -+#endif -+#ifdef ossl_OBJ_userClass -+#define OBJ_userClass ossl_OBJ_userClass -+#endif -+ -+#ifdef ossl_SN_host -+#define SN_host ossl_SN_host -+#endif -+#ifdef ossl_NID_host -+#define NID_host ossl_NID_host -+#endif -+#ifdef ossl_OBJ_host -+#define OBJ_host ossl_OBJ_host -+#endif -+ -+#ifdef ossl_SN_manager -+#define SN_manager ossl_SN_manager -+#endif -+#ifdef ossl_NID_manager -+#define NID_manager ossl_NID_manager -+#endif -+#ifdef ossl_OBJ_manager -+#define OBJ_manager ossl_OBJ_manager -+#endif -+ -+#ifdef ossl_LN_documentIdentifier -+#define LN_documentIdentifier ossl_LN_documentIdentifier -+#endif -+#ifdef ossl_NID_documentIdentifier -+#define NID_documentIdentifier ossl_NID_documentIdentifier -+#endif -+#ifdef ossl_OBJ_documentIdentifier -+#define OBJ_documentIdentifier ossl_OBJ_documentIdentifier -+#endif -+ -+#ifdef ossl_LN_documentTitle -+#define LN_documentTitle ossl_LN_documentTitle -+#endif -+#ifdef ossl_NID_documentTitle -+#define NID_documentTitle ossl_NID_documentTitle -+#endif -+#ifdef ossl_OBJ_documentTitle -+#define OBJ_documentTitle ossl_OBJ_documentTitle -+#endif -+ -+#ifdef ossl_LN_documentVersion -+#define LN_documentVersion ossl_LN_documentVersion -+#endif -+#ifdef ossl_NID_documentVersion -+#define NID_documentVersion ossl_NID_documentVersion -+#endif -+#ifdef ossl_OBJ_documentVersion -+#define OBJ_documentVersion ossl_OBJ_documentVersion -+#endif -+ -+#ifdef ossl_LN_documentAuthor -+#define LN_documentAuthor ossl_LN_documentAuthor -+#endif -+#ifdef ossl_NID_documentAuthor -+#define NID_documentAuthor ossl_NID_documentAuthor -+#endif -+#ifdef ossl_OBJ_documentAuthor -+#define OBJ_documentAuthor ossl_OBJ_documentAuthor -+#endif -+ -+#ifdef ossl_LN_documentLocation -+#define LN_documentLocation ossl_LN_documentLocation -+#endif -+#ifdef ossl_NID_documentLocation -+#define NID_documentLocation ossl_NID_documentLocation -+#endif -+#ifdef ossl_OBJ_documentLocation -+#define OBJ_documentLocation ossl_OBJ_documentLocation -+#endif -+ -+#ifdef ossl_LN_homeTelephoneNumber -+#define LN_homeTelephoneNumber ossl_LN_homeTelephoneNumber -+#endif -+#ifdef ossl_NID_homeTelephoneNumber -+#define NID_homeTelephoneNumber ossl_NID_homeTelephoneNumber -+#endif -+#ifdef ossl_OBJ_homeTelephoneNumber -+#define OBJ_homeTelephoneNumber ossl_OBJ_homeTelephoneNumber -+#endif -+ -+#ifdef ossl_SN_secretary -+#define SN_secretary ossl_SN_secretary -+#endif -+#ifdef ossl_NID_secretary -+#define NID_secretary ossl_NID_secretary -+#endif -+#ifdef ossl_OBJ_secretary -+#define OBJ_secretary ossl_OBJ_secretary -+#endif -+ -+#ifdef ossl_LN_otherMailbox -+#define LN_otherMailbox ossl_LN_otherMailbox -+#endif -+#ifdef ossl_NID_otherMailbox -+#define NID_otherMailbox ossl_NID_otherMailbox -+#endif -+#ifdef ossl_OBJ_otherMailbox -+#define OBJ_otherMailbox ossl_OBJ_otherMailbox -+#endif -+ -+#ifdef ossl_LN_lastModifiedTime -+#define LN_lastModifiedTime ossl_LN_lastModifiedTime -+#endif -+#ifdef ossl_NID_lastModifiedTime -+#define NID_lastModifiedTime ossl_NID_lastModifiedTime -+#endif -+#ifdef ossl_OBJ_lastModifiedTime -+#define OBJ_lastModifiedTime ossl_OBJ_lastModifiedTime -+#endif -+ -+#ifdef ossl_LN_lastModifiedBy -+#define LN_lastModifiedBy ossl_LN_lastModifiedBy -+#endif -+#ifdef ossl_NID_lastModifiedBy -+#define NID_lastModifiedBy ossl_NID_lastModifiedBy -+#endif -+#ifdef ossl_OBJ_lastModifiedBy -+#define OBJ_lastModifiedBy ossl_OBJ_lastModifiedBy -+#endif -+ -+#ifdef ossl_LN_aRecord -+#define LN_aRecord ossl_LN_aRecord -+#endif -+#ifdef ossl_NID_aRecord -+#define NID_aRecord ossl_NID_aRecord -+#endif -+#ifdef ossl_OBJ_aRecord -+#define OBJ_aRecord ossl_OBJ_aRecord -+#endif -+ -+#ifdef ossl_LN_pilotAttributeType27 -+#define LN_pilotAttributeType27 ossl_LN_pilotAttributeType27 -+#endif -+#ifdef ossl_NID_pilotAttributeType27 -+#define NID_pilotAttributeType27 ossl_NID_pilotAttributeType27 -+#endif -+#ifdef ossl_OBJ_pilotAttributeType27 -+#define OBJ_pilotAttributeType27 ossl_OBJ_pilotAttributeType27 -+#endif -+ -+#ifdef ossl_LN_mXRecord -+#define LN_mXRecord ossl_LN_mXRecord -+#endif -+#ifdef ossl_NID_mXRecord -+#define NID_mXRecord ossl_NID_mXRecord -+#endif -+#ifdef ossl_OBJ_mXRecord -+#define OBJ_mXRecord ossl_OBJ_mXRecord -+#endif -+ -+#ifdef ossl_LN_nSRecord -+#define LN_nSRecord ossl_LN_nSRecord -+#endif -+#ifdef ossl_NID_nSRecord -+#define NID_nSRecord ossl_NID_nSRecord -+#endif -+#ifdef ossl_OBJ_nSRecord -+#define OBJ_nSRecord ossl_OBJ_nSRecord -+#endif -+ -+#ifdef ossl_LN_sOARecord -+#define LN_sOARecord ossl_LN_sOARecord -+#endif -+#ifdef ossl_NID_sOARecord -+#define NID_sOARecord ossl_NID_sOARecord -+#endif -+#ifdef ossl_OBJ_sOARecord -+#define OBJ_sOARecord ossl_OBJ_sOARecord -+#endif -+ -+#ifdef ossl_LN_cNAMERecord -+#define LN_cNAMERecord ossl_LN_cNAMERecord -+#endif -+#ifdef ossl_NID_cNAMERecord -+#define NID_cNAMERecord ossl_NID_cNAMERecord -+#endif -+#ifdef ossl_OBJ_cNAMERecord -+#define OBJ_cNAMERecord ossl_OBJ_cNAMERecord -+#endif -+ -+#ifdef ossl_LN_associatedDomain -+#define LN_associatedDomain ossl_LN_associatedDomain -+#endif -+#ifdef ossl_NID_associatedDomain -+#define NID_associatedDomain ossl_NID_associatedDomain -+#endif -+#ifdef ossl_OBJ_associatedDomain -+#define OBJ_associatedDomain ossl_OBJ_associatedDomain -+#endif -+ -+#ifdef ossl_LN_associatedName -+#define LN_associatedName ossl_LN_associatedName -+#endif -+#ifdef ossl_NID_associatedName -+#define NID_associatedName ossl_NID_associatedName -+#endif -+#ifdef ossl_OBJ_associatedName -+#define OBJ_associatedName ossl_OBJ_associatedName -+#endif -+ -+#ifdef ossl_LN_homePostalAddress -+#define LN_homePostalAddress ossl_LN_homePostalAddress -+#endif -+#ifdef ossl_NID_homePostalAddress -+#define NID_homePostalAddress ossl_NID_homePostalAddress -+#endif -+#ifdef ossl_OBJ_homePostalAddress -+#define OBJ_homePostalAddress ossl_OBJ_homePostalAddress -+#endif -+ -+#ifdef ossl_LN_personalTitle -+#define LN_personalTitle ossl_LN_personalTitle -+#endif -+#ifdef ossl_NID_personalTitle -+#define NID_personalTitle ossl_NID_personalTitle -+#endif -+#ifdef ossl_OBJ_personalTitle -+#define OBJ_personalTitle ossl_OBJ_personalTitle -+#endif -+ -+#ifdef ossl_LN_mobileTelephoneNumber -+#define LN_mobileTelephoneNumber ossl_LN_mobileTelephoneNumber -+#endif -+#ifdef ossl_NID_mobileTelephoneNumber -+#define NID_mobileTelephoneNumber ossl_NID_mobileTelephoneNumber -+#endif -+#ifdef ossl_OBJ_mobileTelephoneNumber -+#define OBJ_mobileTelephoneNumber ossl_OBJ_mobileTelephoneNumber -+#endif -+ -+#ifdef ossl_LN_pagerTelephoneNumber -+#define LN_pagerTelephoneNumber ossl_LN_pagerTelephoneNumber -+#endif -+#ifdef ossl_NID_pagerTelephoneNumber -+#define NID_pagerTelephoneNumber ossl_NID_pagerTelephoneNumber -+#endif -+#ifdef ossl_OBJ_pagerTelephoneNumber -+#define OBJ_pagerTelephoneNumber ossl_OBJ_pagerTelephoneNumber -+#endif -+ -+#ifdef ossl_LN_friendlyCountryName -+#define LN_friendlyCountryName ossl_LN_friendlyCountryName -+#endif -+#ifdef ossl_NID_friendlyCountryName -+#define NID_friendlyCountryName ossl_NID_friendlyCountryName -+#endif -+#ifdef ossl_OBJ_friendlyCountryName -+#define OBJ_friendlyCountryName ossl_OBJ_friendlyCountryName -+#endif -+ -+#ifdef ossl_LN_organizationalStatus -+#define LN_organizationalStatus ossl_LN_organizationalStatus -+#endif -+#ifdef ossl_NID_organizationalStatus -+#define NID_organizationalStatus ossl_NID_organizationalStatus -+#endif -+#ifdef ossl_OBJ_organizationalStatus -+#define OBJ_organizationalStatus ossl_OBJ_organizationalStatus -+#endif -+ -+#ifdef ossl_LN_janetMailbox -+#define LN_janetMailbox ossl_LN_janetMailbox -+#endif -+#ifdef ossl_NID_janetMailbox -+#define NID_janetMailbox ossl_NID_janetMailbox -+#endif -+#ifdef ossl_OBJ_janetMailbox -+#define OBJ_janetMailbox ossl_OBJ_janetMailbox -+#endif -+ -+#ifdef ossl_LN_mailPreferenceOption -+#define LN_mailPreferenceOption ossl_LN_mailPreferenceOption -+#endif -+#ifdef ossl_NID_mailPreferenceOption -+#define NID_mailPreferenceOption ossl_NID_mailPreferenceOption -+#endif -+#ifdef ossl_OBJ_mailPreferenceOption -+#define OBJ_mailPreferenceOption ossl_OBJ_mailPreferenceOption -+#endif -+ -+#ifdef ossl_LN_buildingName -+#define LN_buildingName ossl_LN_buildingName -+#endif -+#ifdef ossl_NID_buildingName -+#define NID_buildingName ossl_NID_buildingName -+#endif -+#ifdef ossl_OBJ_buildingName -+#define OBJ_buildingName ossl_OBJ_buildingName -+#endif -+ -+#ifdef ossl_LN_dSAQuality -+#define LN_dSAQuality ossl_LN_dSAQuality -+#endif -+#ifdef ossl_NID_dSAQuality -+#define NID_dSAQuality ossl_NID_dSAQuality -+#endif -+#ifdef ossl_OBJ_dSAQuality -+#define OBJ_dSAQuality ossl_OBJ_dSAQuality -+#endif -+ -+#ifdef ossl_LN_singleLevelQuality -+#define LN_singleLevelQuality ossl_LN_singleLevelQuality -+#endif -+#ifdef ossl_NID_singleLevelQuality -+#define NID_singleLevelQuality ossl_NID_singleLevelQuality -+#endif -+#ifdef ossl_OBJ_singleLevelQuality -+#define OBJ_singleLevelQuality ossl_OBJ_singleLevelQuality -+#endif -+ -+#ifdef ossl_LN_subtreeMinimumQuality -+#define LN_subtreeMinimumQuality ossl_LN_subtreeMinimumQuality -+#endif -+#ifdef ossl_NID_subtreeMinimumQuality -+#define NID_subtreeMinimumQuality ossl_NID_subtreeMinimumQuality -+#endif -+#ifdef ossl_OBJ_subtreeMinimumQuality -+#define OBJ_subtreeMinimumQuality ossl_OBJ_subtreeMinimumQuality -+#endif -+ -+#ifdef ossl_LN_subtreeMaximumQuality -+#define LN_subtreeMaximumQuality ossl_LN_subtreeMaximumQuality -+#endif -+#ifdef ossl_NID_subtreeMaximumQuality -+#define NID_subtreeMaximumQuality ossl_NID_subtreeMaximumQuality -+#endif -+#ifdef ossl_OBJ_subtreeMaximumQuality -+#define OBJ_subtreeMaximumQuality ossl_OBJ_subtreeMaximumQuality -+#endif -+ -+#ifdef ossl_LN_personalSignature -+#define LN_personalSignature ossl_LN_personalSignature -+#endif -+#ifdef ossl_NID_personalSignature -+#define NID_personalSignature ossl_NID_personalSignature -+#endif -+#ifdef ossl_OBJ_personalSignature -+#define OBJ_personalSignature ossl_OBJ_personalSignature -+#endif -+ -+#ifdef ossl_LN_dITRedirect -+#define LN_dITRedirect ossl_LN_dITRedirect -+#endif -+#ifdef ossl_NID_dITRedirect -+#define NID_dITRedirect ossl_NID_dITRedirect -+#endif -+#ifdef ossl_OBJ_dITRedirect -+#define OBJ_dITRedirect ossl_OBJ_dITRedirect -+#endif -+ -+#ifdef ossl_SN_audio -+#define SN_audio ossl_SN_audio -+#endif -+#ifdef ossl_NID_audio -+#define NID_audio ossl_NID_audio -+#endif -+#ifdef ossl_OBJ_audio -+#define OBJ_audio ossl_OBJ_audio -+#endif -+ -+#ifdef ossl_LN_documentPublisher -+#define LN_documentPublisher ossl_LN_documentPublisher -+#endif -+#ifdef ossl_NID_documentPublisher -+#define NID_documentPublisher ossl_NID_documentPublisher -+#endif -+#ifdef ossl_OBJ_documentPublisher -+#define OBJ_documentPublisher ossl_OBJ_documentPublisher -+#endif -+ -+#ifdef ossl_LN_x500UniqueIdentifier -+#define LN_x500UniqueIdentifier ossl_LN_x500UniqueIdentifier -+#endif -+#ifdef ossl_NID_x500UniqueIdentifier -+#define NID_x500UniqueIdentifier ossl_NID_x500UniqueIdentifier -+#endif -+#ifdef ossl_OBJ_x500UniqueIdentifier -+#define OBJ_x500UniqueIdentifier ossl_OBJ_x500UniqueIdentifier -+#endif -+ -+#ifdef ossl_SN_mime_mhs -+#define SN_mime_mhs ossl_SN_mime_mhs -+#endif -+#ifdef ossl_LN_mime_mhs -+#define LN_mime_mhs ossl_LN_mime_mhs -+#endif -+#ifdef ossl_NID_mime_mhs -+#define NID_mime_mhs ossl_NID_mime_mhs -+#endif -+#ifdef ossl_OBJ_mime_mhs -+#define OBJ_mime_mhs ossl_OBJ_mime_mhs -+#endif -+ -+#ifdef ossl_SN_mime_mhs_headings -+#define SN_mime_mhs_headings ossl_SN_mime_mhs_headings -+#endif -+#ifdef ossl_LN_mime_mhs_headings -+#define LN_mime_mhs_headings ossl_LN_mime_mhs_headings -+#endif -+#ifdef ossl_NID_mime_mhs_headings -+#define NID_mime_mhs_headings ossl_NID_mime_mhs_headings -+#endif -+#ifdef ossl_OBJ_mime_mhs_headings -+#define OBJ_mime_mhs_headings ossl_OBJ_mime_mhs_headings -+#endif -+ -+#ifdef ossl_SN_mime_mhs_bodies -+#define SN_mime_mhs_bodies ossl_SN_mime_mhs_bodies -+#endif -+#ifdef ossl_LN_mime_mhs_bodies -+#define LN_mime_mhs_bodies ossl_LN_mime_mhs_bodies -+#endif -+#ifdef ossl_NID_mime_mhs_bodies -+#define NID_mime_mhs_bodies ossl_NID_mime_mhs_bodies -+#endif -+#ifdef ossl_OBJ_mime_mhs_bodies -+#define OBJ_mime_mhs_bodies ossl_OBJ_mime_mhs_bodies -+#endif -+ -+#ifdef ossl_SN_id_hex_partial_message -+#define SN_id_hex_partial_message ossl_SN_id_hex_partial_message -+#endif -+#ifdef ossl_LN_id_hex_partial_message -+#define LN_id_hex_partial_message ossl_LN_id_hex_partial_message -+#endif -+#ifdef ossl_NID_id_hex_partial_message -+#define NID_id_hex_partial_message ossl_NID_id_hex_partial_message -+#endif -+#ifdef ossl_OBJ_id_hex_partial_message -+#define OBJ_id_hex_partial_message ossl_OBJ_id_hex_partial_message -+#endif -+ -+#ifdef ossl_SN_id_hex_multipart_message -+#define SN_id_hex_multipart_message ossl_SN_id_hex_multipart_message -+#endif -+#ifdef ossl_LN_id_hex_multipart_message -+#define LN_id_hex_multipart_message ossl_LN_id_hex_multipart_message -+#endif -+#ifdef ossl_NID_id_hex_multipart_message -+#define NID_id_hex_multipart_message ossl_NID_id_hex_multipart_message -+#endif -+#ifdef ossl_OBJ_id_hex_multipart_message -+#define OBJ_id_hex_multipart_message ossl_OBJ_id_hex_multipart_message -+#endif -+ -+#ifdef ossl_LN_generationQualifier -+#define LN_generationQualifier ossl_LN_generationQualifier -+#endif -+#ifdef ossl_NID_generationQualifier -+#define NID_generationQualifier ossl_NID_generationQualifier -+#endif -+#ifdef ossl_OBJ_generationQualifier -+#define OBJ_generationQualifier ossl_OBJ_generationQualifier -+#endif -+ -+#ifdef ossl_LN_pseudonym -+#define LN_pseudonym ossl_LN_pseudonym -+#endif -+#ifdef ossl_NID_pseudonym -+#define NID_pseudonym ossl_NID_pseudonym -+#endif -+#ifdef ossl_OBJ_pseudonym -+#define OBJ_pseudonym ossl_OBJ_pseudonym -+#endif -+ -+#ifdef ossl_SN_id_set -+#define SN_id_set ossl_SN_id_set -+#endif -+#ifdef ossl_LN_id_set -+#define LN_id_set ossl_LN_id_set -+#endif -+#ifdef ossl_NID_id_set -+#define NID_id_set ossl_NID_id_set -+#endif -+#ifdef ossl_OBJ_id_set -+#define OBJ_id_set ossl_OBJ_id_set -+#endif -+ -+#ifdef ossl_SN_set_ctype -+#define SN_set_ctype ossl_SN_set_ctype -+#endif -+#ifdef ossl_LN_set_ctype -+#define LN_set_ctype ossl_LN_set_ctype -+#endif -+#ifdef ossl_NID_set_ctype -+#define NID_set_ctype ossl_NID_set_ctype -+#endif -+#ifdef ossl_OBJ_set_ctype -+#define OBJ_set_ctype ossl_OBJ_set_ctype -+#endif -+ -+#ifdef ossl_SN_set_msgExt -+#define SN_set_msgExt ossl_SN_set_msgExt -+#endif -+#ifdef ossl_LN_set_msgExt -+#define LN_set_msgExt ossl_LN_set_msgExt -+#endif -+#ifdef ossl_NID_set_msgExt -+#define NID_set_msgExt ossl_NID_set_msgExt -+#endif -+#ifdef ossl_OBJ_set_msgExt -+#define OBJ_set_msgExt ossl_OBJ_set_msgExt -+#endif -+ -+#ifdef ossl_SN_set_attr -+#define SN_set_attr ossl_SN_set_attr -+#endif -+#ifdef ossl_NID_set_attr -+#define NID_set_attr ossl_NID_set_attr -+#endif -+#ifdef ossl_OBJ_set_attr -+#define OBJ_set_attr ossl_OBJ_set_attr -+#endif -+ -+#ifdef ossl_SN_set_policy -+#define SN_set_policy ossl_SN_set_policy -+#endif -+#ifdef ossl_NID_set_policy -+#define NID_set_policy ossl_NID_set_policy -+#endif -+#ifdef ossl_OBJ_set_policy -+#define OBJ_set_policy ossl_OBJ_set_policy -+#endif -+ -+#ifdef ossl_SN_set_certExt -+#define SN_set_certExt ossl_SN_set_certExt -+#endif -+#ifdef ossl_LN_set_certExt -+#define LN_set_certExt ossl_LN_set_certExt -+#endif -+#ifdef ossl_NID_set_certExt -+#define NID_set_certExt ossl_NID_set_certExt -+#endif -+#ifdef ossl_OBJ_set_certExt -+#define OBJ_set_certExt ossl_OBJ_set_certExt -+#endif -+ -+#ifdef ossl_SN_set_brand -+#define SN_set_brand ossl_SN_set_brand -+#endif -+#ifdef ossl_NID_set_brand -+#define NID_set_brand ossl_NID_set_brand -+#endif -+#ifdef ossl_OBJ_set_brand -+#define OBJ_set_brand ossl_OBJ_set_brand -+#endif -+ -+#ifdef ossl_SN_setct_PANData -+#define SN_setct_PANData ossl_SN_setct_PANData -+#endif -+#ifdef ossl_NID_setct_PANData -+#define NID_setct_PANData ossl_NID_setct_PANData -+#endif -+#ifdef ossl_OBJ_setct_PANData -+#define OBJ_setct_PANData ossl_OBJ_setct_PANData -+#endif -+ -+#ifdef ossl_SN_setct_PANToken -+#define SN_setct_PANToken ossl_SN_setct_PANToken -+#endif -+#ifdef ossl_NID_setct_PANToken -+#define NID_setct_PANToken ossl_NID_setct_PANToken -+#endif -+#ifdef ossl_OBJ_setct_PANToken -+#define OBJ_setct_PANToken ossl_OBJ_setct_PANToken -+#endif -+ -+#ifdef ossl_SN_setct_PANOnly -+#define SN_setct_PANOnly ossl_SN_setct_PANOnly -+#endif -+#ifdef ossl_NID_setct_PANOnly -+#define NID_setct_PANOnly ossl_NID_setct_PANOnly -+#endif -+#ifdef ossl_OBJ_setct_PANOnly -+#define OBJ_setct_PANOnly ossl_OBJ_setct_PANOnly -+#endif -+ -+#ifdef ossl_SN_setct_OIData -+#define SN_setct_OIData ossl_SN_setct_OIData -+#endif -+#ifdef ossl_NID_setct_OIData -+#define NID_setct_OIData ossl_NID_setct_OIData -+#endif -+#ifdef ossl_OBJ_setct_OIData -+#define OBJ_setct_OIData ossl_OBJ_setct_OIData -+#endif -+ -+#ifdef ossl_SN_setct_PI -+#define SN_setct_PI ossl_SN_setct_PI -+#endif -+#ifdef ossl_NID_setct_PI -+#define NID_setct_PI ossl_NID_setct_PI -+#endif -+#ifdef ossl_OBJ_setct_PI -+#define OBJ_setct_PI ossl_OBJ_setct_PI -+#endif -+ -+#ifdef ossl_SN_setct_PIData -+#define SN_setct_PIData ossl_SN_setct_PIData -+#endif -+#ifdef ossl_NID_setct_PIData -+#define NID_setct_PIData ossl_NID_setct_PIData -+#endif -+#ifdef ossl_OBJ_setct_PIData -+#define OBJ_setct_PIData ossl_OBJ_setct_PIData -+#endif -+ -+#ifdef ossl_SN_setct_PIDataUnsigned -+#define SN_setct_PIDataUnsigned ossl_SN_setct_PIDataUnsigned -+#endif -+#ifdef ossl_NID_setct_PIDataUnsigned -+#define NID_setct_PIDataUnsigned ossl_NID_setct_PIDataUnsigned -+#endif -+#ifdef ossl_OBJ_setct_PIDataUnsigned -+#define OBJ_setct_PIDataUnsigned ossl_OBJ_setct_PIDataUnsigned -+#endif -+ -+#ifdef ossl_SN_setct_HODInput -+#define SN_setct_HODInput ossl_SN_setct_HODInput -+#endif -+#ifdef ossl_NID_setct_HODInput -+#define NID_setct_HODInput ossl_NID_setct_HODInput -+#endif -+#ifdef ossl_OBJ_setct_HODInput -+#define OBJ_setct_HODInput ossl_OBJ_setct_HODInput -+#endif -+ -+#ifdef ossl_SN_setct_AuthResBaggage -+#define SN_setct_AuthResBaggage ossl_SN_setct_AuthResBaggage -+#endif -+#ifdef ossl_NID_setct_AuthResBaggage -+#define NID_setct_AuthResBaggage ossl_NID_setct_AuthResBaggage -+#endif -+#ifdef ossl_OBJ_setct_AuthResBaggage -+#define OBJ_setct_AuthResBaggage ossl_OBJ_setct_AuthResBaggage -+#endif -+ -+#ifdef ossl_SN_setct_AuthRevReqBaggage -+#define SN_setct_AuthRevReqBaggage ossl_SN_setct_AuthRevReqBaggage -+#endif -+#ifdef ossl_NID_setct_AuthRevReqBaggage -+#define NID_setct_AuthRevReqBaggage ossl_NID_setct_AuthRevReqBaggage -+#endif -+#ifdef ossl_OBJ_setct_AuthRevReqBaggage -+#define OBJ_setct_AuthRevReqBaggage ossl_OBJ_setct_AuthRevReqBaggage -+#endif -+ -+#ifdef ossl_SN_setct_AuthRevResBaggage -+#define SN_setct_AuthRevResBaggage ossl_SN_setct_AuthRevResBaggage -+#endif -+#ifdef ossl_NID_setct_AuthRevResBaggage -+#define NID_setct_AuthRevResBaggage ossl_NID_setct_AuthRevResBaggage -+#endif -+#ifdef ossl_OBJ_setct_AuthRevResBaggage -+#define OBJ_setct_AuthRevResBaggage ossl_OBJ_setct_AuthRevResBaggage -+#endif -+ -+#ifdef ossl_SN_setct_CapTokenSeq -+#define SN_setct_CapTokenSeq ossl_SN_setct_CapTokenSeq -+#endif -+#ifdef ossl_NID_setct_CapTokenSeq -+#define NID_setct_CapTokenSeq ossl_NID_setct_CapTokenSeq -+#endif -+#ifdef ossl_OBJ_setct_CapTokenSeq -+#define OBJ_setct_CapTokenSeq ossl_OBJ_setct_CapTokenSeq -+#endif -+ -+#ifdef ossl_SN_setct_PInitResData -+#define SN_setct_PInitResData ossl_SN_setct_PInitResData -+#endif -+#ifdef ossl_NID_setct_PInitResData -+#define NID_setct_PInitResData ossl_NID_setct_PInitResData -+#endif -+#ifdef ossl_OBJ_setct_PInitResData -+#define OBJ_setct_PInitResData ossl_OBJ_setct_PInitResData -+#endif -+ -+#ifdef ossl_SN_setct_PI_TBS -+#define SN_setct_PI_TBS ossl_SN_setct_PI_TBS -+#endif -+#ifdef ossl_NID_setct_PI_TBS -+#define NID_setct_PI_TBS ossl_NID_setct_PI_TBS -+#endif -+#ifdef ossl_OBJ_setct_PI_TBS -+#define OBJ_setct_PI_TBS ossl_OBJ_setct_PI_TBS -+#endif -+ -+#ifdef ossl_SN_setct_PResData -+#define SN_setct_PResData ossl_SN_setct_PResData -+#endif -+#ifdef ossl_NID_setct_PResData -+#define NID_setct_PResData ossl_NID_setct_PResData -+#endif -+#ifdef ossl_OBJ_setct_PResData -+#define OBJ_setct_PResData ossl_OBJ_setct_PResData -+#endif -+ -+#ifdef ossl_SN_setct_AuthReqTBS -+#define SN_setct_AuthReqTBS ossl_SN_setct_AuthReqTBS -+#endif -+#ifdef ossl_NID_setct_AuthReqTBS -+#define NID_setct_AuthReqTBS ossl_NID_setct_AuthReqTBS -+#endif -+#ifdef ossl_OBJ_setct_AuthReqTBS -+#define OBJ_setct_AuthReqTBS ossl_OBJ_setct_AuthReqTBS -+#endif -+ -+#ifdef ossl_SN_setct_AuthResTBS -+#define SN_setct_AuthResTBS ossl_SN_setct_AuthResTBS -+#endif -+#ifdef ossl_NID_setct_AuthResTBS -+#define NID_setct_AuthResTBS ossl_NID_setct_AuthResTBS -+#endif -+#ifdef ossl_OBJ_setct_AuthResTBS -+#define OBJ_setct_AuthResTBS ossl_OBJ_setct_AuthResTBS -+#endif -+ -+#ifdef ossl_SN_setct_AuthResTBSX -+#define SN_setct_AuthResTBSX ossl_SN_setct_AuthResTBSX -+#endif -+#ifdef ossl_NID_setct_AuthResTBSX -+#define NID_setct_AuthResTBSX ossl_NID_setct_AuthResTBSX -+#endif -+#ifdef ossl_OBJ_setct_AuthResTBSX -+#define OBJ_setct_AuthResTBSX ossl_OBJ_setct_AuthResTBSX -+#endif -+ -+#ifdef ossl_SN_setct_AuthTokenTBS -+#define SN_setct_AuthTokenTBS ossl_SN_setct_AuthTokenTBS -+#endif -+#ifdef ossl_NID_setct_AuthTokenTBS -+#define NID_setct_AuthTokenTBS ossl_NID_setct_AuthTokenTBS -+#endif -+#ifdef ossl_OBJ_setct_AuthTokenTBS -+#define OBJ_setct_AuthTokenTBS ossl_OBJ_setct_AuthTokenTBS -+#endif -+ -+#ifdef ossl_SN_setct_CapTokenData -+#define SN_setct_CapTokenData ossl_SN_setct_CapTokenData -+#endif -+#ifdef ossl_NID_setct_CapTokenData -+#define NID_setct_CapTokenData ossl_NID_setct_CapTokenData -+#endif -+#ifdef ossl_OBJ_setct_CapTokenData -+#define OBJ_setct_CapTokenData ossl_OBJ_setct_CapTokenData -+#endif -+ -+#ifdef ossl_SN_setct_CapTokenTBS -+#define SN_setct_CapTokenTBS ossl_SN_setct_CapTokenTBS -+#endif -+#ifdef ossl_NID_setct_CapTokenTBS -+#define NID_setct_CapTokenTBS ossl_NID_setct_CapTokenTBS -+#endif -+#ifdef ossl_OBJ_setct_CapTokenTBS -+#define OBJ_setct_CapTokenTBS ossl_OBJ_setct_CapTokenTBS -+#endif -+ -+#ifdef ossl_SN_setct_AcqCardCodeMsg -+#define SN_setct_AcqCardCodeMsg ossl_SN_setct_AcqCardCodeMsg -+#endif -+#ifdef ossl_NID_setct_AcqCardCodeMsg -+#define NID_setct_AcqCardCodeMsg ossl_NID_setct_AcqCardCodeMsg -+#endif -+#ifdef ossl_OBJ_setct_AcqCardCodeMsg -+#define OBJ_setct_AcqCardCodeMsg ossl_OBJ_setct_AcqCardCodeMsg -+#endif -+ -+#ifdef ossl_SN_setct_AuthRevReqTBS -+#define SN_setct_AuthRevReqTBS ossl_SN_setct_AuthRevReqTBS -+#endif -+#ifdef ossl_NID_setct_AuthRevReqTBS -+#define NID_setct_AuthRevReqTBS ossl_NID_setct_AuthRevReqTBS -+#endif -+#ifdef ossl_OBJ_setct_AuthRevReqTBS -+#define OBJ_setct_AuthRevReqTBS ossl_OBJ_setct_AuthRevReqTBS -+#endif -+ -+#ifdef ossl_SN_setct_AuthRevResData -+#define SN_setct_AuthRevResData ossl_SN_setct_AuthRevResData -+#endif -+#ifdef ossl_NID_setct_AuthRevResData -+#define NID_setct_AuthRevResData ossl_NID_setct_AuthRevResData -+#endif -+#ifdef ossl_OBJ_setct_AuthRevResData -+#define OBJ_setct_AuthRevResData ossl_OBJ_setct_AuthRevResData -+#endif -+ -+#ifdef ossl_SN_setct_AuthRevResTBS -+#define SN_setct_AuthRevResTBS ossl_SN_setct_AuthRevResTBS -+#endif -+#ifdef ossl_NID_setct_AuthRevResTBS -+#define NID_setct_AuthRevResTBS ossl_NID_setct_AuthRevResTBS -+#endif -+#ifdef ossl_OBJ_setct_AuthRevResTBS -+#define OBJ_setct_AuthRevResTBS ossl_OBJ_setct_AuthRevResTBS -+#endif -+ -+#ifdef ossl_SN_setct_CapReqTBS -+#define SN_setct_CapReqTBS ossl_SN_setct_CapReqTBS -+#endif -+#ifdef ossl_NID_setct_CapReqTBS -+#define NID_setct_CapReqTBS ossl_NID_setct_CapReqTBS -+#endif -+#ifdef ossl_OBJ_setct_CapReqTBS -+#define OBJ_setct_CapReqTBS ossl_OBJ_setct_CapReqTBS -+#endif -+ -+#ifdef ossl_SN_setct_CapReqTBSX -+#define SN_setct_CapReqTBSX ossl_SN_setct_CapReqTBSX -+#endif -+#ifdef ossl_NID_setct_CapReqTBSX -+#define NID_setct_CapReqTBSX ossl_NID_setct_CapReqTBSX -+#endif -+#ifdef ossl_OBJ_setct_CapReqTBSX -+#define OBJ_setct_CapReqTBSX ossl_OBJ_setct_CapReqTBSX -+#endif -+ -+#ifdef ossl_SN_setct_CapResData -+#define SN_setct_CapResData ossl_SN_setct_CapResData -+#endif -+#ifdef ossl_NID_setct_CapResData -+#define NID_setct_CapResData ossl_NID_setct_CapResData -+#endif -+#ifdef ossl_OBJ_setct_CapResData -+#define OBJ_setct_CapResData ossl_OBJ_setct_CapResData -+#endif -+ -+#ifdef ossl_SN_setct_CapRevReqTBS -+#define SN_setct_CapRevReqTBS ossl_SN_setct_CapRevReqTBS -+#endif -+#ifdef ossl_NID_setct_CapRevReqTBS -+#define NID_setct_CapRevReqTBS ossl_NID_setct_CapRevReqTBS -+#endif -+#ifdef ossl_OBJ_setct_CapRevReqTBS -+#define OBJ_setct_CapRevReqTBS ossl_OBJ_setct_CapRevReqTBS -+#endif -+ -+#ifdef ossl_SN_setct_CapRevReqTBSX -+#define SN_setct_CapRevReqTBSX ossl_SN_setct_CapRevReqTBSX -+#endif -+#ifdef ossl_NID_setct_CapRevReqTBSX -+#define NID_setct_CapRevReqTBSX ossl_NID_setct_CapRevReqTBSX -+#endif -+#ifdef ossl_OBJ_setct_CapRevReqTBSX -+#define OBJ_setct_CapRevReqTBSX ossl_OBJ_setct_CapRevReqTBSX -+#endif -+ -+#ifdef ossl_SN_setct_CapRevResData -+#define SN_setct_CapRevResData ossl_SN_setct_CapRevResData -+#endif -+#ifdef ossl_NID_setct_CapRevResData -+#define NID_setct_CapRevResData ossl_NID_setct_CapRevResData -+#endif -+#ifdef ossl_OBJ_setct_CapRevResData -+#define OBJ_setct_CapRevResData ossl_OBJ_setct_CapRevResData -+#endif -+ -+#ifdef ossl_SN_setct_CredReqTBS -+#define SN_setct_CredReqTBS ossl_SN_setct_CredReqTBS -+#endif -+#ifdef ossl_NID_setct_CredReqTBS -+#define NID_setct_CredReqTBS ossl_NID_setct_CredReqTBS -+#endif -+#ifdef ossl_OBJ_setct_CredReqTBS -+#define OBJ_setct_CredReqTBS ossl_OBJ_setct_CredReqTBS -+#endif -+ -+#ifdef ossl_SN_setct_CredReqTBSX -+#define SN_setct_CredReqTBSX ossl_SN_setct_CredReqTBSX -+#endif -+#ifdef ossl_NID_setct_CredReqTBSX -+#define NID_setct_CredReqTBSX ossl_NID_setct_CredReqTBSX -+#endif -+#ifdef ossl_OBJ_setct_CredReqTBSX -+#define OBJ_setct_CredReqTBSX ossl_OBJ_setct_CredReqTBSX -+#endif -+ -+#ifdef ossl_SN_setct_CredResData -+#define SN_setct_CredResData ossl_SN_setct_CredResData -+#endif -+#ifdef ossl_NID_setct_CredResData -+#define NID_setct_CredResData ossl_NID_setct_CredResData -+#endif -+#ifdef ossl_OBJ_setct_CredResData -+#define OBJ_setct_CredResData ossl_OBJ_setct_CredResData -+#endif -+ -+#ifdef ossl_SN_setct_CredRevReqTBS -+#define SN_setct_CredRevReqTBS ossl_SN_setct_CredRevReqTBS -+#endif -+#ifdef ossl_NID_setct_CredRevReqTBS -+#define NID_setct_CredRevReqTBS ossl_NID_setct_CredRevReqTBS -+#endif -+#ifdef ossl_OBJ_setct_CredRevReqTBS -+#define OBJ_setct_CredRevReqTBS ossl_OBJ_setct_CredRevReqTBS -+#endif -+ -+#ifdef ossl_SN_setct_CredRevReqTBSX -+#define SN_setct_CredRevReqTBSX ossl_SN_setct_CredRevReqTBSX -+#endif -+#ifdef ossl_NID_setct_CredRevReqTBSX -+#define NID_setct_CredRevReqTBSX ossl_NID_setct_CredRevReqTBSX -+#endif -+#ifdef ossl_OBJ_setct_CredRevReqTBSX -+#define OBJ_setct_CredRevReqTBSX ossl_OBJ_setct_CredRevReqTBSX -+#endif -+ -+#ifdef ossl_SN_setct_CredRevResData -+#define SN_setct_CredRevResData ossl_SN_setct_CredRevResData -+#endif -+#ifdef ossl_NID_setct_CredRevResData -+#define NID_setct_CredRevResData ossl_NID_setct_CredRevResData -+#endif -+#ifdef ossl_OBJ_setct_CredRevResData -+#define OBJ_setct_CredRevResData ossl_OBJ_setct_CredRevResData -+#endif -+ -+#ifdef ossl_SN_setct_PCertReqData -+#define SN_setct_PCertReqData ossl_SN_setct_PCertReqData -+#endif -+#ifdef ossl_NID_setct_PCertReqData -+#define NID_setct_PCertReqData ossl_NID_setct_PCertReqData -+#endif -+#ifdef ossl_OBJ_setct_PCertReqData -+#define OBJ_setct_PCertReqData ossl_OBJ_setct_PCertReqData -+#endif -+ -+#ifdef ossl_SN_setct_PCertResTBS -+#define SN_setct_PCertResTBS ossl_SN_setct_PCertResTBS -+#endif -+#ifdef ossl_NID_setct_PCertResTBS -+#define NID_setct_PCertResTBS ossl_NID_setct_PCertResTBS -+#endif -+#ifdef ossl_OBJ_setct_PCertResTBS -+#define OBJ_setct_PCertResTBS ossl_OBJ_setct_PCertResTBS -+#endif -+ -+#ifdef ossl_SN_setct_BatchAdminReqData -+#define SN_setct_BatchAdminReqData ossl_SN_setct_BatchAdminReqData -+#endif -+#ifdef ossl_NID_setct_BatchAdminReqData -+#define NID_setct_BatchAdminReqData ossl_NID_setct_BatchAdminReqData -+#endif -+#ifdef ossl_OBJ_setct_BatchAdminReqData -+#define OBJ_setct_BatchAdminReqData ossl_OBJ_setct_BatchAdminReqData -+#endif -+ -+#ifdef ossl_SN_setct_BatchAdminResData -+#define SN_setct_BatchAdminResData ossl_SN_setct_BatchAdminResData -+#endif -+#ifdef ossl_NID_setct_BatchAdminResData -+#define NID_setct_BatchAdminResData ossl_NID_setct_BatchAdminResData -+#endif -+#ifdef ossl_OBJ_setct_BatchAdminResData -+#define OBJ_setct_BatchAdminResData ossl_OBJ_setct_BatchAdminResData -+#endif -+ -+#ifdef ossl_SN_setct_CardCInitResTBS -+#define SN_setct_CardCInitResTBS ossl_SN_setct_CardCInitResTBS -+#endif -+#ifdef ossl_NID_setct_CardCInitResTBS -+#define NID_setct_CardCInitResTBS ossl_NID_setct_CardCInitResTBS -+#endif -+#ifdef ossl_OBJ_setct_CardCInitResTBS -+#define OBJ_setct_CardCInitResTBS ossl_OBJ_setct_CardCInitResTBS -+#endif -+ -+#ifdef ossl_SN_setct_MeAqCInitResTBS -+#define SN_setct_MeAqCInitResTBS ossl_SN_setct_MeAqCInitResTBS -+#endif -+#ifdef ossl_NID_setct_MeAqCInitResTBS -+#define NID_setct_MeAqCInitResTBS ossl_NID_setct_MeAqCInitResTBS -+#endif -+#ifdef ossl_OBJ_setct_MeAqCInitResTBS -+#define OBJ_setct_MeAqCInitResTBS ossl_OBJ_setct_MeAqCInitResTBS -+#endif -+ -+#ifdef ossl_SN_setct_RegFormResTBS -+#define SN_setct_RegFormResTBS ossl_SN_setct_RegFormResTBS -+#endif -+#ifdef ossl_NID_setct_RegFormResTBS -+#define NID_setct_RegFormResTBS ossl_NID_setct_RegFormResTBS -+#endif -+#ifdef ossl_OBJ_setct_RegFormResTBS -+#define OBJ_setct_RegFormResTBS ossl_OBJ_setct_RegFormResTBS -+#endif -+ -+#ifdef ossl_SN_setct_CertReqData -+#define SN_setct_CertReqData ossl_SN_setct_CertReqData -+#endif -+#ifdef ossl_NID_setct_CertReqData -+#define NID_setct_CertReqData ossl_NID_setct_CertReqData -+#endif -+#ifdef ossl_OBJ_setct_CertReqData -+#define OBJ_setct_CertReqData ossl_OBJ_setct_CertReqData -+#endif -+ -+#ifdef ossl_SN_setct_CertReqTBS -+#define SN_setct_CertReqTBS ossl_SN_setct_CertReqTBS -+#endif -+#ifdef ossl_NID_setct_CertReqTBS -+#define NID_setct_CertReqTBS ossl_NID_setct_CertReqTBS -+#endif -+#ifdef ossl_OBJ_setct_CertReqTBS -+#define OBJ_setct_CertReqTBS ossl_OBJ_setct_CertReqTBS -+#endif -+ -+#ifdef ossl_SN_setct_CertResData -+#define SN_setct_CertResData ossl_SN_setct_CertResData -+#endif -+#ifdef ossl_NID_setct_CertResData -+#define NID_setct_CertResData ossl_NID_setct_CertResData -+#endif -+#ifdef ossl_OBJ_setct_CertResData -+#define OBJ_setct_CertResData ossl_OBJ_setct_CertResData -+#endif -+ -+#ifdef ossl_SN_setct_CertInqReqTBS -+#define SN_setct_CertInqReqTBS ossl_SN_setct_CertInqReqTBS -+#endif -+#ifdef ossl_NID_setct_CertInqReqTBS -+#define NID_setct_CertInqReqTBS ossl_NID_setct_CertInqReqTBS -+#endif -+#ifdef ossl_OBJ_setct_CertInqReqTBS -+#define OBJ_setct_CertInqReqTBS ossl_OBJ_setct_CertInqReqTBS -+#endif -+ -+#ifdef ossl_SN_setct_ErrorTBS -+#define SN_setct_ErrorTBS ossl_SN_setct_ErrorTBS -+#endif -+#ifdef ossl_NID_setct_ErrorTBS -+#define NID_setct_ErrorTBS ossl_NID_setct_ErrorTBS -+#endif -+#ifdef ossl_OBJ_setct_ErrorTBS -+#define OBJ_setct_ErrorTBS ossl_OBJ_setct_ErrorTBS -+#endif -+ -+#ifdef ossl_SN_setct_PIDualSignedTBE -+#define SN_setct_PIDualSignedTBE ossl_SN_setct_PIDualSignedTBE -+#endif -+#ifdef ossl_NID_setct_PIDualSignedTBE -+#define NID_setct_PIDualSignedTBE ossl_NID_setct_PIDualSignedTBE -+#endif -+#ifdef ossl_OBJ_setct_PIDualSignedTBE -+#define OBJ_setct_PIDualSignedTBE ossl_OBJ_setct_PIDualSignedTBE -+#endif -+ -+#ifdef ossl_SN_setct_PIUnsignedTBE -+#define SN_setct_PIUnsignedTBE ossl_SN_setct_PIUnsignedTBE -+#endif -+#ifdef ossl_NID_setct_PIUnsignedTBE -+#define NID_setct_PIUnsignedTBE ossl_NID_setct_PIUnsignedTBE -+#endif -+#ifdef ossl_OBJ_setct_PIUnsignedTBE -+#define OBJ_setct_PIUnsignedTBE ossl_OBJ_setct_PIUnsignedTBE -+#endif -+ -+#ifdef ossl_SN_setct_AuthReqTBE -+#define SN_setct_AuthReqTBE ossl_SN_setct_AuthReqTBE -+#endif -+#ifdef ossl_NID_setct_AuthReqTBE -+#define NID_setct_AuthReqTBE ossl_NID_setct_AuthReqTBE -+#endif -+#ifdef ossl_OBJ_setct_AuthReqTBE -+#define OBJ_setct_AuthReqTBE ossl_OBJ_setct_AuthReqTBE -+#endif -+ -+#ifdef ossl_SN_setct_AuthResTBE -+#define SN_setct_AuthResTBE ossl_SN_setct_AuthResTBE -+#endif -+#ifdef ossl_NID_setct_AuthResTBE -+#define NID_setct_AuthResTBE ossl_NID_setct_AuthResTBE -+#endif -+#ifdef ossl_OBJ_setct_AuthResTBE -+#define OBJ_setct_AuthResTBE ossl_OBJ_setct_AuthResTBE -+#endif -+ -+#ifdef ossl_SN_setct_AuthResTBEX -+#define SN_setct_AuthResTBEX ossl_SN_setct_AuthResTBEX -+#endif -+#ifdef ossl_NID_setct_AuthResTBEX -+#define NID_setct_AuthResTBEX ossl_NID_setct_AuthResTBEX -+#endif -+#ifdef ossl_OBJ_setct_AuthResTBEX -+#define OBJ_setct_AuthResTBEX ossl_OBJ_setct_AuthResTBEX -+#endif -+ -+#ifdef ossl_SN_setct_AuthTokenTBE -+#define SN_setct_AuthTokenTBE ossl_SN_setct_AuthTokenTBE -+#endif -+#ifdef ossl_NID_setct_AuthTokenTBE -+#define NID_setct_AuthTokenTBE ossl_NID_setct_AuthTokenTBE -+#endif -+#ifdef ossl_OBJ_setct_AuthTokenTBE -+#define OBJ_setct_AuthTokenTBE ossl_OBJ_setct_AuthTokenTBE -+#endif -+ -+#ifdef ossl_SN_setct_CapTokenTBE -+#define SN_setct_CapTokenTBE ossl_SN_setct_CapTokenTBE -+#endif -+#ifdef ossl_NID_setct_CapTokenTBE -+#define NID_setct_CapTokenTBE ossl_NID_setct_CapTokenTBE -+#endif -+#ifdef ossl_OBJ_setct_CapTokenTBE -+#define OBJ_setct_CapTokenTBE ossl_OBJ_setct_CapTokenTBE -+#endif -+ -+#ifdef ossl_SN_setct_CapTokenTBEX -+#define SN_setct_CapTokenTBEX ossl_SN_setct_CapTokenTBEX -+#endif -+#ifdef ossl_NID_setct_CapTokenTBEX -+#define NID_setct_CapTokenTBEX ossl_NID_setct_CapTokenTBEX -+#endif -+#ifdef ossl_OBJ_setct_CapTokenTBEX -+#define OBJ_setct_CapTokenTBEX ossl_OBJ_setct_CapTokenTBEX -+#endif -+ -+#ifdef ossl_SN_setct_AcqCardCodeMsgTBE -+#define SN_setct_AcqCardCodeMsgTBE ossl_SN_setct_AcqCardCodeMsgTBE -+#endif -+#ifdef ossl_NID_setct_AcqCardCodeMsgTBE -+#define NID_setct_AcqCardCodeMsgTBE ossl_NID_setct_AcqCardCodeMsgTBE -+#endif -+#ifdef ossl_OBJ_setct_AcqCardCodeMsgTBE -+#define OBJ_setct_AcqCardCodeMsgTBE ossl_OBJ_setct_AcqCardCodeMsgTBE -+#endif -+ -+#ifdef ossl_SN_setct_AuthRevReqTBE -+#define SN_setct_AuthRevReqTBE ossl_SN_setct_AuthRevReqTBE -+#endif -+#ifdef ossl_NID_setct_AuthRevReqTBE -+#define NID_setct_AuthRevReqTBE ossl_NID_setct_AuthRevReqTBE -+#endif -+#ifdef ossl_OBJ_setct_AuthRevReqTBE -+#define OBJ_setct_AuthRevReqTBE ossl_OBJ_setct_AuthRevReqTBE -+#endif -+ -+#ifdef ossl_SN_setct_AuthRevResTBE -+#define SN_setct_AuthRevResTBE ossl_SN_setct_AuthRevResTBE -+#endif -+#ifdef ossl_NID_setct_AuthRevResTBE -+#define NID_setct_AuthRevResTBE ossl_NID_setct_AuthRevResTBE -+#endif -+#ifdef ossl_OBJ_setct_AuthRevResTBE -+#define OBJ_setct_AuthRevResTBE ossl_OBJ_setct_AuthRevResTBE -+#endif -+ -+#ifdef ossl_SN_setct_AuthRevResTBEB -+#define SN_setct_AuthRevResTBEB ossl_SN_setct_AuthRevResTBEB -+#endif -+#ifdef ossl_NID_setct_AuthRevResTBEB -+#define NID_setct_AuthRevResTBEB ossl_NID_setct_AuthRevResTBEB -+#endif -+#ifdef ossl_OBJ_setct_AuthRevResTBEB -+#define OBJ_setct_AuthRevResTBEB ossl_OBJ_setct_AuthRevResTBEB -+#endif -+ -+#ifdef ossl_SN_setct_CapReqTBE -+#define SN_setct_CapReqTBE ossl_SN_setct_CapReqTBE -+#endif -+#ifdef ossl_NID_setct_CapReqTBE -+#define NID_setct_CapReqTBE ossl_NID_setct_CapReqTBE -+#endif -+#ifdef ossl_OBJ_setct_CapReqTBE -+#define OBJ_setct_CapReqTBE ossl_OBJ_setct_CapReqTBE -+#endif -+ -+#ifdef ossl_SN_setct_CapReqTBEX -+#define SN_setct_CapReqTBEX ossl_SN_setct_CapReqTBEX -+#endif -+#ifdef ossl_NID_setct_CapReqTBEX -+#define NID_setct_CapReqTBEX ossl_NID_setct_CapReqTBEX -+#endif -+#ifdef ossl_OBJ_setct_CapReqTBEX -+#define OBJ_setct_CapReqTBEX ossl_OBJ_setct_CapReqTBEX -+#endif -+ -+#ifdef ossl_SN_setct_CapResTBE -+#define SN_setct_CapResTBE ossl_SN_setct_CapResTBE -+#endif -+#ifdef ossl_NID_setct_CapResTBE -+#define NID_setct_CapResTBE ossl_NID_setct_CapResTBE -+#endif -+#ifdef ossl_OBJ_setct_CapResTBE -+#define OBJ_setct_CapResTBE ossl_OBJ_setct_CapResTBE -+#endif -+ -+#ifdef ossl_SN_setct_CapRevReqTBE -+#define SN_setct_CapRevReqTBE ossl_SN_setct_CapRevReqTBE -+#endif -+#ifdef ossl_NID_setct_CapRevReqTBE -+#define NID_setct_CapRevReqTBE ossl_NID_setct_CapRevReqTBE -+#endif -+#ifdef ossl_OBJ_setct_CapRevReqTBE -+#define OBJ_setct_CapRevReqTBE ossl_OBJ_setct_CapRevReqTBE -+#endif -+ -+#ifdef ossl_SN_setct_CapRevReqTBEX -+#define SN_setct_CapRevReqTBEX ossl_SN_setct_CapRevReqTBEX -+#endif -+#ifdef ossl_NID_setct_CapRevReqTBEX -+#define NID_setct_CapRevReqTBEX ossl_NID_setct_CapRevReqTBEX -+#endif -+#ifdef ossl_OBJ_setct_CapRevReqTBEX -+#define OBJ_setct_CapRevReqTBEX ossl_OBJ_setct_CapRevReqTBEX -+#endif -+ -+#ifdef ossl_SN_setct_CapRevResTBE -+#define SN_setct_CapRevResTBE ossl_SN_setct_CapRevResTBE -+#endif -+#ifdef ossl_NID_setct_CapRevResTBE -+#define NID_setct_CapRevResTBE ossl_NID_setct_CapRevResTBE -+#endif -+#ifdef ossl_OBJ_setct_CapRevResTBE -+#define OBJ_setct_CapRevResTBE ossl_OBJ_setct_CapRevResTBE -+#endif -+ -+#ifdef ossl_SN_setct_CredReqTBE -+#define SN_setct_CredReqTBE ossl_SN_setct_CredReqTBE -+#endif -+#ifdef ossl_NID_setct_CredReqTBE -+#define NID_setct_CredReqTBE ossl_NID_setct_CredReqTBE -+#endif -+#ifdef ossl_OBJ_setct_CredReqTBE -+#define OBJ_setct_CredReqTBE ossl_OBJ_setct_CredReqTBE -+#endif -+ -+#ifdef ossl_SN_setct_CredReqTBEX -+#define SN_setct_CredReqTBEX ossl_SN_setct_CredReqTBEX -+#endif -+#ifdef ossl_NID_setct_CredReqTBEX -+#define NID_setct_CredReqTBEX ossl_NID_setct_CredReqTBEX -+#endif -+#ifdef ossl_OBJ_setct_CredReqTBEX -+#define OBJ_setct_CredReqTBEX ossl_OBJ_setct_CredReqTBEX -+#endif -+ -+#ifdef ossl_SN_setct_CredResTBE -+#define SN_setct_CredResTBE ossl_SN_setct_CredResTBE -+#endif -+#ifdef ossl_NID_setct_CredResTBE -+#define NID_setct_CredResTBE ossl_NID_setct_CredResTBE -+#endif -+#ifdef ossl_OBJ_setct_CredResTBE -+#define OBJ_setct_CredResTBE ossl_OBJ_setct_CredResTBE -+#endif -+ -+#ifdef ossl_SN_setct_CredRevReqTBE -+#define SN_setct_CredRevReqTBE ossl_SN_setct_CredRevReqTBE -+#endif -+#ifdef ossl_NID_setct_CredRevReqTBE -+#define NID_setct_CredRevReqTBE ossl_NID_setct_CredRevReqTBE -+#endif -+#ifdef ossl_OBJ_setct_CredRevReqTBE -+#define OBJ_setct_CredRevReqTBE ossl_OBJ_setct_CredRevReqTBE -+#endif -+ -+#ifdef ossl_SN_setct_CredRevReqTBEX -+#define SN_setct_CredRevReqTBEX ossl_SN_setct_CredRevReqTBEX -+#endif -+#ifdef ossl_NID_setct_CredRevReqTBEX -+#define NID_setct_CredRevReqTBEX ossl_NID_setct_CredRevReqTBEX -+#endif -+#ifdef ossl_OBJ_setct_CredRevReqTBEX -+#define OBJ_setct_CredRevReqTBEX ossl_OBJ_setct_CredRevReqTBEX -+#endif -+ -+#ifdef ossl_SN_setct_CredRevResTBE -+#define SN_setct_CredRevResTBE ossl_SN_setct_CredRevResTBE -+#endif -+#ifdef ossl_NID_setct_CredRevResTBE -+#define NID_setct_CredRevResTBE ossl_NID_setct_CredRevResTBE -+#endif -+#ifdef ossl_OBJ_setct_CredRevResTBE -+#define OBJ_setct_CredRevResTBE ossl_OBJ_setct_CredRevResTBE -+#endif -+ -+#ifdef ossl_SN_setct_BatchAdminReqTBE -+#define SN_setct_BatchAdminReqTBE ossl_SN_setct_BatchAdminReqTBE -+#endif -+#ifdef ossl_NID_setct_BatchAdminReqTBE -+#define NID_setct_BatchAdminReqTBE ossl_NID_setct_BatchAdminReqTBE -+#endif -+#ifdef ossl_OBJ_setct_BatchAdminReqTBE -+#define OBJ_setct_BatchAdminReqTBE ossl_OBJ_setct_BatchAdminReqTBE -+#endif -+ -+#ifdef ossl_SN_setct_BatchAdminResTBE -+#define SN_setct_BatchAdminResTBE ossl_SN_setct_BatchAdminResTBE -+#endif -+#ifdef ossl_NID_setct_BatchAdminResTBE -+#define NID_setct_BatchAdminResTBE ossl_NID_setct_BatchAdminResTBE -+#endif -+#ifdef ossl_OBJ_setct_BatchAdminResTBE -+#define OBJ_setct_BatchAdminResTBE ossl_OBJ_setct_BatchAdminResTBE -+#endif -+ -+#ifdef ossl_SN_setct_RegFormReqTBE -+#define SN_setct_RegFormReqTBE ossl_SN_setct_RegFormReqTBE -+#endif -+#ifdef ossl_NID_setct_RegFormReqTBE -+#define NID_setct_RegFormReqTBE ossl_NID_setct_RegFormReqTBE -+#endif -+#ifdef ossl_OBJ_setct_RegFormReqTBE -+#define OBJ_setct_RegFormReqTBE ossl_OBJ_setct_RegFormReqTBE -+#endif -+ -+#ifdef ossl_SN_setct_CertReqTBE -+#define SN_setct_CertReqTBE ossl_SN_setct_CertReqTBE -+#endif -+#ifdef ossl_NID_setct_CertReqTBE -+#define NID_setct_CertReqTBE ossl_NID_setct_CertReqTBE -+#endif -+#ifdef ossl_OBJ_setct_CertReqTBE -+#define OBJ_setct_CertReqTBE ossl_OBJ_setct_CertReqTBE -+#endif -+ -+#ifdef ossl_SN_setct_CertReqTBEX -+#define SN_setct_CertReqTBEX ossl_SN_setct_CertReqTBEX -+#endif -+#ifdef ossl_NID_setct_CertReqTBEX -+#define NID_setct_CertReqTBEX ossl_NID_setct_CertReqTBEX -+#endif -+#ifdef ossl_OBJ_setct_CertReqTBEX -+#define OBJ_setct_CertReqTBEX ossl_OBJ_setct_CertReqTBEX -+#endif -+ -+#ifdef ossl_SN_setct_CertResTBE -+#define SN_setct_CertResTBE ossl_SN_setct_CertResTBE -+#endif -+#ifdef ossl_NID_setct_CertResTBE -+#define NID_setct_CertResTBE ossl_NID_setct_CertResTBE -+#endif -+#ifdef ossl_OBJ_setct_CertResTBE -+#define OBJ_setct_CertResTBE ossl_OBJ_setct_CertResTBE -+#endif -+ -+#ifdef ossl_SN_setct_CRLNotificationTBS -+#define SN_setct_CRLNotificationTBS ossl_SN_setct_CRLNotificationTBS -+#endif -+#ifdef ossl_NID_setct_CRLNotificationTBS -+#define NID_setct_CRLNotificationTBS ossl_NID_setct_CRLNotificationTBS -+#endif -+#ifdef ossl_OBJ_setct_CRLNotificationTBS -+#define OBJ_setct_CRLNotificationTBS ossl_OBJ_setct_CRLNotificationTBS -+#endif -+ -+#ifdef ossl_SN_setct_CRLNotificationResTBS -+#define SN_setct_CRLNotificationResTBS ossl_SN_setct_CRLNotificationResTBS -+#endif -+#ifdef ossl_NID_setct_CRLNotificationResTBS -+#define NID_setct_CRLNotificationResTBS ossl_NID_setct_CRLNotificationResTBS -+#endif -+#ifdef ossl_OBJ_setct_CRLNotificationResTBS -+#define OBJ_setct_CRLNotificationResTBS ossl_OBJ_setct_CRLNotificationResTBS -+#endif -+ -+#ifdef ossl_SN_setct_BCIDistributionTBS -+#define SN_setct_BCIDistributionTBS ossl_SN_setct_BCIDistributionTBS -+#endif -+#ifdef ossl_NID_setct_BCIDistributionTBS -+#define NID_setct_BCIDistributionTBS ossl_NID_setct_BCIDistributionTBS -+#endif -+#ifdef ossl_OBJ_setct_BCIDistributionTBS -+#define OBJ_setct_BCIDistributionTBS ossl_OBJ_setct_BCIDistributionTBS -+#endif -+ -+#ifdef ossl_SN_setext_genCrypt -+#define SN_setext_genCrypt ossl_SN_setext_genCrypt -+#endif -+#ifdef ossl_LN_setext_genCrypt -+#define LN_setext_genCrypt ossl_LN_setext_genCrypt -+#endif -+#ifdef ossl_NID_setext_genCrypt -+#define NID_setext_genCrypt ossl_NID_setext_genCrypt -+#endif -+#ifdef ossl_OBJ_setext_genCrypt -+#define OBJ_setext_genCrypt ossl_OBJ_setext_genCrypt -+#endif -+ -+#ifdef ossl_SN_setext_miAuth -+#define SN_setext_miAuth ossl_SN_setext_miAuth -+#endif -+#ifdef ossl_LN_setext_miAuth -+#define LN_setext_miAuth ossl_LN_setext_miAuth -+#endif -+#ifdef ossl_NID_setext_miAuth -+#define NID_setext_miAuth ossl_NID_setext_miAuth -+#endif -+#ifdef ossl_OBJ_setext_miAuth -+#define OBJ_setext_miAuth ossl_OBJ_setext_miAuth -+#endif -+ -+#ifdef ossl_SN_setext_pinSecure -+#define SN_setext_pinSecure ossl_SN_setext_pinSecure -+#endif -+#ifdef ossl_NID_setext_pinSecure -+#define NID_setext_pinSecure ossl_NID_setext_pinSecure -+#endif -+#ifdef ossl_OBJ_setext_pinSecure -+#define OBJ_setext_pinSecure ossl_OBJ_setext_pinSecure -+#endif -+ -+#ifdef ossl_SN_setext_pinAny -+#define SN_setext_pinAny ossl_SN_setext_pinAny -+#endif -+#ifdef ossl_NID_setext_pinAny -+#define NID_setext_pinAny ossl_NID_setext_pinAny -+#endif -+#ifdef ossl_OBJ_setext_pinAny -+#define OBJ_setext_pinAny ossl_OBJ_setext_pinAny -+#endif -+ -+#ifdef ossl_SN_setext_track2 -+#define SN_setext_track2 ossl_SN_setext_track2 -+#endif -+#ifdef ossl_NID_setext_track2 -+#define NID_setext_track2 ossl_NID_setext_track2 -+#endif -+#ifdef ossl_OBJ_setext_track2 -+#define OBJ_setext_track2 ossl_OBJ_setext_track2 -+#endif -+ -+#ifdef ossl_SN_setext_cv -+#define SN_setext_cv ossl_SN_setext_cv -+#endif -+#ifdef ossl_LN_setext_cv -+#define LN_setext_cv ossl_LN_setext_cv -+#endif -+#ifdef ossl_NID_setext_cv -+#define NID_setext_cv ossl_NID_setext_cv -+#endif -+#ifdef ossl_OBJ_setext_cv -+#define OBJ_setext_cv ossl_OBJ_setext_cv -+#endif -+ -+#ifdef ossl_SN_set_policy_root -+#define SN_set_policy_root ossl_SN_set_policy_root -+#endif -+#ifdef ossl_NID_set_policy_root -+#define NID_set_policy_root ossl_NID_set_policy_root -+#endif -+#ifdef ossl_OBJ_set_policy_root -+#define OBJ_set_policy_root ossl_OBJ_set_policy_root -+#endif -+ -+#ifdef ossl_SN_setCext_hashedRoot -+#define SN_setCext_hashedRoot ossl_SN_setCext_hashedRoot -+#endif -+#ifdef ossl_NID_setCext_hashedRoot -+#define NID_setCext_hashedRoot ossl_NID_setCext_hashedRoot -+#endif -+#ifdef ossl_OBJ_setCext_hashedRoot -+#define OBJ_setCext_hashedRoot ossl_OBJ_setCext_hashedRoot -+#endif -+ -+#ifdef ossl_SN_setCext_certType -+#define SN_setCext_certType ossl_SN_setCext_certType -+#endif -+#ifdef ossl_NID_setCext_certType -+#define NID_setCext_certType ossl_NID_setCext_certType -+#endif -+#ifdef ossl_OBJ_setCext_certType -+#define OBJ_setCext_certType ossl_OBJ_setCext_certType -+#endif -+ -+#ifdef ossl_SN_setCext_merchData -+#define SN_setCext_merchData ossl_SN_setCext_merchData -+#endif -+#ifdef ossl_NID_setCext_merchData -+#define NID_setCext_merchData ossl_NID_setCext_merchData -+#endif -+#ifdef ossl_OBJ_setCext_merchData -+#define OBJ_setCext_merchData ossl_OBJ_setCext_merchData -+#endif -+ -+#ifdef ossl_SN_setCext_cCertRequired -+#define SN_setCext_cCertRequired ossl_SN_setCext_cCertRequired -+#endif -+#ifdef ossl_NID_setCext_cCertRequired -+#define NID_setCext_cCertRequired ossl_NID_setCext_cCertRequired -+#endif -+#ifdef ossl_OBJ_setCext_cCertRequired -+#define OBJ_setCext_cCertRequired ossl_OBJ_setCext_cCertRequired -+#endif -+ -+#ifdef ossl_SN_setCext_tunneling -+#define SN_setCext_tunneling ossl_SN_setCext_tunneling -+#endif -+#ifdef ossl_NID_setCext_tunneling -+#define NID_setCext_tunneling ossl_NID_setCext_tunneling -+#endif -+#ifdef ossl_OBJ_setCext_tunneling -+#define OBJ_setCext_tunneling ossl_OBJ_setCext_tunneling -+#endif -+ -+#ifdef ossl_SN_setCext_setExt -+#define SN_setCext_setExt ossl_SN_setCext_setExt -+#endif -+#ifdef ossl_NID_setCext_setExt -+#define NID_setCext_setExt ossl_NID_setCext_setExt -+#endif -+#ifdef ossl_OBJ_setCext_setExt -+#define OBJ_setCext_setExt ossl_OBJ_setCext_setExt -+#endif -+ -+#ifdef ossl_SN_setCext_setQualf -+#define SN_setCext_setQualf ossl_SN_setCext_setQualf -+#endif -+#ifdef ossl_NID_setCext_setQualf -+#define NID_setCext_setQualf ossl_NID_setCext_setQualf -+#endif -+#ifdef ossl_OBJ_setCext_setQualf -+#define OBJ_setCext_setQualf ossl_OBJ_setCext_setQualf -+#endif -+ -+#ifdef ossl_SN_setCext_PGWYcapabilities -+#define SN_setCext_PGWYcapabilities ossl_SN_setCext_PGWYcapabilities -+#endif -+#ifdef ossl_NID_setCext_PGWYcapabilities -+#define NID_setCext_PGWYcapabilities ossl_NID_setCext_PGWYcapabilities -+#endif -+#ifdef ossl_OBJ_setCext_PGWYcapabilities -+#define OBJ_setCext_PGWYcapabilities ossl_OBJ_setCext_PGWYcapabilities -+#endif -+ -+#ifdef ossl_SN_setCext_TokenIdentifier -+#define SN_setCext_TokenIdentifier ossl_SN_setCext_TokenIdentifier -+#endif -+#ifdef ossl_NID_setCext_TokenIdentifier -+#define NID_setCext_TokenIdentifier ossl_NID_setCext_TokenIdentifier -+#endif -+#ifdef ossl_OBJ_setCext_TokenIdentifier -+#define OBJ_setCext_TokenIdentifier ossl_OBJ_setCext_TokenIdentifier -+#endif -+ -+#ifdef ossl_SN_setCext_Track2Data -+#define SN_setCext_Track2Data ossl_SN_setCext_Track2Data -+#endif -+#ifdef ossl_NID_setCext_Track2Data -+#define NID_setCext_Track2Data ossl_NID_setCext_Track2Data -+#endif -+#ifdef ossl_OBJ_setCext_Track2Data -+#define OBJ_setCext_Track2Data ossl_OBJ_setCext_Track2Data -+#endif -+ -+#ifdef ossl_SN_setCext_TokenType -+#define SN_setCext_TokenType ossl_SN_setCext_TokenType -+#endif -+#ifdef ossl_NID_setCext_TokenType -+#define NID_setCext_TokenType ossl_NID_setCext_TokenType -+#endif -+#ifdef ossl_OBJ_setCext_TokenType -+#define OBJ_setCext_TokenType ossl_OBJ_setCext_TokenType -+#endif -+ -+#ifdef ossl_SN_setCext_IssuerCapabilities -+#define SN_setCext_IssuerCapabilities ossl_SN_setCext_IssuerCapabilities -+#endif -+#ifdef ossl_NID_setCext_IssuerCapabilities -+#define NID_setCext_IssuerCapabilities ossl_NID_setCext_IssuerCapabilities -+#endif -+#ifdef ossl_OBJ_setCext_IssuerCapabilities -+#define OBJ_setCext_IssuerCapabilities ossl_OBJ_setCext_IssuerCapabilities -+#endif -+ -+#ifdef ossl_SN_setAttr_Cert -+#define SN_setAttr_Cert ossl_SN_setAttr_Cert -+#endif -+#ifdef ossl_NID_setAttr_Cert -+#define NID_setAttr_Cert ossl_NID_setAttr_Cert -+#endif -+#ifdef ossl_OBJ_setAttr_Cert -+#define OBJ_setAttr_Cert ossl_OBJ_setAttr_Cert -+#endif -+ -+#ifdef ossl_SN_setAttr_PGWYcap -+#define SN_setAttr_PGWYcap ossl_SN_setAttr_PGWYcap -+#endif -+#ifdef ossl_LN_setAttr_PGWYcap -+#define LN_setAttr_PGWYcap ossl_LN_setAttr_PGWYcap -+#endif -+#ifdef ossl_NID_setAttr_PGWYcap -+#define NID_setAttr_PGWYcap ossl_NID_setAttr_PGWYcap -+#endif -+#ifdef ossl_OBJ_setAttr_PGWYcap -+#define OBJ_setAttr_PGWYcap ossl_OBJ_setAttr_PGWYcap -+#endif -+ -+#ifdef ossl_SN_setAttr_TokenType -+#define SN_setAttr_TokenType ossl_SN_setAttr_TokenType -+#endif -+#ifdef ossl_NID_setAttr_TokenType -+#define NID_setAttr_TokenType ossl_NID_setAttr_TokenType -+#endif -+#ifdef ossl_OBJ_setAttr_TokenType -+#define OBJ_setAttr_TokenType ossl_OBJ_setAttr_TokenType -+#endif -+ -+#ifdef ossl_SN_setAttr_IssCap -+#define SN_setAttr_IssCap ossl_SN_setAttr_IssCap -+#endif -+#ifdef ossl_LN_setAttr_IssCap -+#define LN_setAttr_IssCap ossl_LN_setAttr_IssCap -+#endif -+#ifdef ossl_NID_setAttr_IssCap -+#define NID_setAttr_IssCap ossl_NID_setAttr_IssCap -+#endif -+#ifdef ossl_OBJ_setAttr_IssCap -+#define OBJ_setAttr_IssCap ossl_OBJ_setAttr_IssCap -+#endif -+ -+#ifdef ossl_SN_set_rootKeyThumb -+#define SN_set_rootKeyThumb ossl_SN_set_rootKeyThumb -+#endif -+#ifdef ossl_NID_set_rootKeyThumb -+#define NID_set_rootKeyThumb ossl_NID_set_rootKeyThumb -+#endif -+#ifdef ossl_OBJ_set_rootKeyThumb -+#define OBJ_set_rootKeyThumb ossl_OBJ_set_rootKeyThumb -+#endif -+ -+#ifdef ossl_SN_set_addPolicy -+#define SN_set_addPolicy ossl_SN_set_addPolicy -+#endif -+#ifdef ossl_NID_set_addPolicy -+#define NID_set_addPolicy ossl_NID_set_addPolicy -+#endif -+#ifdef ossl_OBJ_set_addPolicy -+#define OBJ_set_addPolicy ossl_OBJ_set_addPolicy -+#endif -+ -+#ifdef ossl_SN_setAttr_Token_EMV -+#define SN_setAttr_Token_EMV ossl_SN_setAttr_Token_EMV -+#endif -+#ifdef ossl_NID_setAttr_Token_EMV -+#define NID_setAttr_Token_EMV ossl_NID_setAttr_Token_EMV -+#endif -+#ifdef ossl_OBJ_setAttr_Token_EMV -+#define OBJ_setAttr_Token_EMV ossl_OBJ_setAttr_Token_EMV -+#endif -+ -+#ifdef ossl_SN_setAttr_Token_B0Prime -+#define SN_setAttr_Token_B0Prime ossl_SN_setAttr_Token_B0Prime -+#endif -+#ifdef ossl_NID_setAttr_Token_B0Prime -+#define NID_setAttr_Token_B0Prime ossl_NID_setAttr_Token_B0Prime -+#endif -+#ifdef ossl_OBJ_setAttr_Token_B0Prime -+#define OBJ_setAttr_Token_B0Prime ossl_OBJ_setAttr_Token_B0Prime -+#endif -+ -+#ifdef ossl_SN_setAttr_IssCap_CVM -+#define SN_setAttr_IssCap_CVM ossl_SN_setAttr_IssCap_CVM -+#endif -+#ifdef ossl_NID_setAttr_IssCap_CVM -+#define NID_setAttr_IssCap_CVM ossl_NID_setAttr_IssCap_CVM -+#endif -+#ifdef ossl_OBJ_setAttr_IssCap_CVM -+#define OBJ_setAttr_IssCap_CVM ossl_OBJ_setAttr_IssCap_CVM -+#endif -+ -+#ifdef ossl_SN_setAttr_IssCap_T2 -+#define SN_setAttr_IssCap_T2 ossl_SN_setAttr_IssCap_T2 -+#endif -+#ifdef ossl_NID_setAttr_IssCap_T2 -+#define NID_setAttr_IssCap_T2 ossl_NID_setAttr_IssCap_T2 -+#endif -+#ifdef ossl_OBJ_setAttr_IssCap_T2 -+#define OBJ_setAttr_IssCap_T2 ossl_OBJ_setAttr_IssCap_T2 -+#endif -+ -+#ifdef ossl_SN_setAttr_IssCap_Sig -+#define SN_setAttr_IssCap_Sig ossl_SN_setAttr_IssCap_Sig -+#endif -+#ifdef ossl_NID_setAttr_IssCap_Sig -+#define NID_setAttr_IssCap_Sig ossl_NID_setAttr_IssCap_Sig -+#endif -+#ifdef ossl_OBJ_setAttr_IssCap_Sig -+#define OBJ_setAttr_IssCap_Sig ossl_OBJ_setAttr_IssCap_Sig -+#endif -+ -+#ifdef ossl_SN_setAttr_GenCryptgrm -+#define SN_setAttr_GenCryptgrm ossl_SN_setAttr_GenCryptgrm -+#endif -+#ifdef ossl_LN_setAttr_GenCryptgrm -+#define LN_setAttr_GenCryptgrm ossl_LN_setAttr_GenCryptgrm -+#endif -+#ifdef ossl_NID_setAttr_GenCryptgrm -+#define NID_setAttr_GenCryptgrm ossl_NID_setAttr_GenCryptgrm -+#endif -+#ifdef ossl_OBJ_setAttr_GenCryptgrm -+#define OBJ_setAttr_GenCryptgrm ossl_OBJ_setAttr_GenCryptgrm -+#endif -+ -+#ifdef ossl_SN_setAttr_T2Enc -+#define SN_setAttr_T2Enc ossl_SN_setAttr_T2Enc -+#endif -+#ifdef ossl_LN_setAttr_T2Enc -+#define LN_setAttr_T2Enc ossl_LN_setAttr_T2Enc -+#endif -+#ifdef ossl_NID_setAttr_T2Enc -+#define NID_setAttr_T2Enc ossl_NID_setAttr_T2Enc -+#endif -+#ifdef ossl_OBJ_setAttr_T2Enc -+#define OBJ_setAttr_T2Enc ossl_OBJ_setAttr_T2Enc -+#endif -+ -+#ifdef ossl_SN_setAttr_T2cleartxt -+#define SN_setAttr_T2cleartxt ossl_SN_setAttr_T2cleartxt -+#endif -+#ifdef ossl_LN_setAttr_T2cleartxt -+#define LN_setAttr_T2cleartxt ossl_LN_setAttr_T2cleartxt -+#endif -+#ifdef ossl_NID_setAttr_T2cleartxt -+#define NID_setAttr_T2cleartxt ossl_NID_setAttr_T2cleartxt -+#endif -+#ifdef ossl_OBJ_setAttr_T2cleartxt -+#define OBJ_setAttr_T2cleartxt ossl_OBJ_setAttr_T2cleartxt -+#endif -+ -+#ifdef ossl_SN_setAttr_TokICCsig -+#define SN_setAttr_TokICCsig ossl_SN_setAttr_TokICCsig -+#endif -+#ifdef ossl_LN_setAttr_TokICCsig -+#define LN_setAttr_TokICCsig ossl_LN_setAttr_TokICCsig -+#endif -+#ifdef ossl_NID_setAttr_TokICCsig -+#define NID_setAttr_TokICCsig ossl_NID_setAttr_TokICCsig -+#endif -+#ifdef ossl_OBJ_setAttr_TokICCsig -+#define OBJ_setAttr_TokICCsig ossl_OBJ_setAttr_TokICCsig -+#endif -+ -+#ifdef ossl_SN_setAttr_SecDevSig -+#define SN_setAttr_SecDevSig ossl_SN_setAttr_SecDevSig -+#endif -+#ifdef ossl_LN_setAttr_SecDevSig -+#define LN_setAttr_SecDevSig ossl_LN_setAttr_SecDevSig -+#endif -+#ifdef ossl_NID_setAttr_SecDevSig -+#define NID_setAttr_SecDevSig ossl_NID_setAttr_SecDevSig -+#endif -+#ifdef ossl_OBJ_setAttr_SecDevSig -+#define OBJ_setAttr_SecDevSig ossl_OBJ_setAttr_SecDevSig -+#endif -+ -+#ifdef ossl_SN_set_brand_IATA_ATA -+#define SN_set_brand_IATA_ATA ossl_SN_set_brand_IATA_ATA -+#endif -+#ifdef ossl_NID_set_brand_IATA_ATA -+#define NID_set_brand_IATA_ATA ossl_NID_set_brand_IATA_ATA -+#endif -+#ifdef ossl_OBJ_set_brand_IATA_ATA -+#define OBJ_set_brand_IATA_ATA ossl_OBJ_set_brand_IATA_ATA -+#endif -+ -+#ifdef ossl_SN_set_brand_Diners -+#define SN_set_brand_Diners ossl_SN_set_brand_Diners -+#endif -+#ifdef ossl_NID_set_brand_Diners -+#define NID_set_brand_Diners ossl_NID_set_brand_Diners -+#endif -+#ifdef ossl_OBJ_set_brand_Diners -+#define OBJ_set_brand_Diners ossl_OBJ_set_brand_Diners -+#endif -+ -+#ifdef ossl_SN_set_brand_AmericanExpress -+#define SN_set_brand_AmericanExpress ossl_SN_set_brand_AmericanExpress -+#endif -+#ifdef ossl_NID_set_brand_AmericanExpress -+#define NID_set_brand_AmericanExpress ossl_NID_set_brand_AmericanExpress -+#endif -+#ifdef ossl_OBJ_set_brand_AmericanExpress -+#define OBJ_set_brand_AmericanExpress ossl_OBJ_set_brand_AmericanExpress -+#endif -+ -+#ifdef ossl_SN_set_brand_JCB -+#define SN_set_brand_JCB ossl_SN_set_brand_JCB -+#endif -+#ifdef ossl_NID_set_brand_JCB -+#define NID_set_brand_JCB ossl_NID_set_brand_JCB -+#endif -+#ifdef ossl_OBJ_set_brand_JCB -+#define OBJ_set_brand_JCB ossl_OBJ_set_brand_JCB -+#endif -+ -+#ifdef ossl_SN_set_brand_Visa -+#define SN_set_brand_Visa ossl_SN_set_brand_Visa -+#endif -+#ifdef ossl_NID_set_brand_Visa -+#define NID_set_brand_Visa ossl_NID_set_brand_Visa -+#endif -+#ifdef ossl_OBJ_set_brand_Visa -+#define OBJ_set_brand_Visa ossl_OBJ_set_brand_Visa -+#endif -+ -+#ifdef ossl_SN_set_brand_MasterCard -+#define SN_set_brand_MasterCard ossl_SN_set_brand_MasterCard -+#endif -+#ifdef ossl_NID_set_brand_MasterCard -+#define NID_set_brand_MasterCard ossl_NID_set_brand_MasterCard -+#endif -+#ifdef ossl_OBJ_set_brand_MasterCard -+#define OBJ_set_brand_MasterCard ossl_OBJ_set_brand_MasterCard -+#endif -+ -+#ifdef ossl_SN_set_brand_Novus -+#define SN_set_brand_Novus ossl_SN_set_brand_Novus -+#endif -+#ifdef ossl_NID_set_brand_Novus -+#define NID_set_brand_Novus ossl_NID_set_brand_Novus -+#endif -+#ifdef ossl_OBJ_set_brand_Novus -+#define OBJ_set_brand_Novus ossl_OBJ_set_brand_Novus -+#endif -+ -+#ifdef ossl_SN_des_cdmf -+#define SN_des_cdmf ossl_SN_des_cdmf -+#endif -+#ifdef ossl_LN_des_cdmf -+#define LN_des_cdmf ossl_LN_des_cdmf -+#endif -+#ifdef ossl_NID_des_cdmf -+#define NID_des_cdmf ossl_NID_des_cdmf -+#endif -+#ifdef ossl_OBJ_des_cdmf -+#define OBJ_des_cdmf ossl_OBJ_des_cdmf -+#endif -+ -+#ifdef ossl_SN_rsaOAEPEncryptionSET -+#define SN_rsaOAEPEncryptionSET ossl_SN_rsaOAEPEncryptionSET -+#endif -+#ifdef ossl_NID_rsaOAEPEncryptionSET -+#define NID_rsaOAEPEncryptionSET ossl_NID_rsaOAEPEncryptionSET -+#endif -+#ifdef ossl_OBJ_rsaOAEPEncryptionSET -+#define OBJ_rsaOAEPEncryptionSET ossl_OBJ_rsaOAEPEncryptionSET -+#endif -+ -+#ifdef ossl_SN_itu_t -+#define SN_itu_t ossl_SN_itu_t -+#endif -+#ifdef ossl_LN_itu_t -+#define LN_itu_t ossl_LN_itu_t -+#endif -+#ifdef ossl_NID_itu_t -+#define NID_itu_t ossl_NID_itu_t -+#endif -+#ifdef ossl_OBJ_itu_t -+#define OBJ_itu_t ossl_OBJ_itu_t -+#endif -+ -+#ifdef ossl_SN_joint_iso_itu_t -+#define SN_joint_iso_itu_t ossl_SN_joint_iso_itu_t -+#endif -+#ifdef ossl_LN_joint_iso_itu_t -+#define LN_joint_iso_itu_t ossl_LN_joint_iso_itu_t -+#endif -+#ifdef ossl_NID_joint_iso_itu_t -+#define NID_joint_iso_itu_t ossl_NID_joint_iso_itu_t -+#endif -+#ifdef ossl_OBJ_joint_iso_itu_t -+#define OBJ_joint_iso_itu_t ossl_OBJ_joint_iso_itu_t -+#endif -+ -+#ifdef ossl_SN_international_organizations -+#define SN_international_organizations ossl_SN_international_organizations -+#endif -+#ifdef ossl_LN_international_organizations -+#define LN_international_organizations ossl_LN_international_organizations -+#endif -+#ifdef ossl_NID_international_organizations -+#define NID_international_organizations ossl_NID_international_organizations -+#endif -+#ifdef ossl_OBJ_international_organizations -+#define OBJ_international_organizations ossl_OBJ_international_organizations -+#endif -+ -+#ifdef ossl_SN_ms_smartcard_login -+#define SN_ms_smartcard_login ossl_SN_ms_smartcard_login -+#endif -+#ifdef ossl_LN_ms_smartcard_login -+#define LN_ms_smartcard_login ossl_LN_ms_smartcard_login -+#endif -+#ifdef ossl_NID_ms_smartcard_login -+#define NID_ms_smartcard_login ossl_NID_ms_smartcard_login -+#endif -+#ifdef ossl_OBJ_ms_smartcard_login -+#define OBJ_ms_smartcard_login ossl_OBJ_ms_smartcard_login -+#endif -+ -+#ifdef ossl_SN_ms_upn -+#define SN_ms_upn ossl_SN_ms_upn -+#endif -+#ifdef ossl_LN_ms_upn -+#define LN_ms_upn ossl_LN_ms_upn -+#endif -+#ifdef ossl_NID_ms_upn -+#define NID_ms_upn ossl_NID_ms_upn -+#endif -+#ifdef ossl_OBJ_ms_upn -+#define OBJ_ms_upn ossl_OBJ_ms_upn -+#endif -+ -+#ifdef ossl_SN_aes_128_cfb1 -+#define SN_aes_128_cfb1 ossl_SN_aes_128_cfb1 -+#endif -+#ifdef ossl_LN_aes_128_cfb1 -+#define LN_aes_128_cfb1 ossl_LN_aes_128_cfb1 -+#endif -+#ifdef ossl_NID_aes_128_cfb1 -+#define NID_aes_128_cfb1 ossl_NID_aes_128_cfb1 -+#endif -+ -+#ifdef ossl_SN_aes_192_cfb1 -+#define SN_aes_192_cfb1 ossl_SN_aes_192_cfb1 -+#endif -+#ifdef ossl_LN_aes_192_cfb1 -+#define LN_aes_192_cfb1 ossl_LN_aes_192_cfb1 -+#endif -+#ifdef ossl_NID_aes_192_cfb1 -+#define NID_aes_192_cfb1 ossl_NID_aes_192_cfb1 -+#endif -+ -+#ifdef ossl_SN_aes_256_cfb1 -+#define SN_aes_256_cfb1 ossl_SN_aes_256_cfb1 -+#endif -+#ifdef ossl_LN_aes_256_cfb1 -+#define LN_aes_256_cfb1 ossl_LN_aes_256_cfb1 -+#endif -+#ifdef ossl_NID_aes_256_cfb1 -+#define NID_aes_256_cfb1 ossl_NID_aes_256_cfb1 -+#endif -+ -+#ifdef ossl_SN_aes_128_cfb8 -+#define SN_aes_128_cfb8 ossl_SN_aes_128_cfb8 -+#endif -+#ifdef ossl_LN_aes_128_cfb8 -+#define LN_aes_128_cfb8 ossl_LN_aes_128_cfb8 -+#endif -+#ifdef ossl_NID_aes_128_cfb8 -+#define NID_aes_128_cfb8 ossl_NID_aes_128_cfb8 -+#endif -+ -+#ifdef ossl_SN_aes_192_cfb8 -+#define SN_aes_192_cfb8 ossl_SN_aes_192_cfb8 -+#endif -+#ifdef ossl_LN_aes_192_cfb8 -+#define LN_aes_192_cfb8 ossl_LN_aes_192_cfb8 -+#endif -+#ifdef ossl_NID_aes_192_cfb8 -+#define NID_aes_192_cfb8 ossl_NID_aes_192_cfb8 -+#endif -+ -+#ifdef ossl_SN_aes_256_cfb8 -+#define SN_aes_256_cfb8 ossl_SN_aes_256_cfb8 -+#endif -+#ifdef ossl_LN_aes_256_cfb8 -+#define LN_aes_256_cfb8 ossl_LN_aes_256_cfb8 -+#endif -+#ifdef ossl_NID_aes_256_cfb8 -+#define NID_aes_256_cfb8 ossl_NID_aes_256_cfb8 -+#endif -+ -+#ifdef ossl_SN_des_cfb1 -+#define SN_des_cfb1 ossl_SN_des_cfb1 -+#endif -+#ifdef ossl_LN_des_cfb1 -+#define LN_des_cfb1 ossl_LN_des_cfb1 -+#endif -+#ifdef ossl_NID_des_cfb1 -+#define NID_des_cfb1 ossl_NID_des_cfb1 -+#endif -+ -+#ifdef ossl_SN_des_cfb8 -+#define SN_des_cfb8 ossl_SN_des_cfb8 -+#endif -+#ifdef ossl_LN_des_cfb8 -+#define LN_des_cfb8 ossl_LN_des_cfb8 -+#endif -+#ifdef ossl_NID_des_cfb8 -+#define NID_des_cfb8 ossl_NID_des_cfb8 -+#endif -+ -+#ifdef ossl_SN_des_ede3_cfb1 -+#define SN_des_ede3_cfb1 ossl_SN_des_ede3_cfb1 -+#endif -+#ifdef ossl_LN_des_ede3_cfb1 -+#define LN_des_ede3_cfb1 ossl_LN_des_ede3_cfb1 -+#endif -+#ifdef ossl_NID_des_ede3_cfb1 -+#define NID_des_ede3_cfb1 ossl_NID_des_ede3_cfb1 -+#endif -+ -+#ifdef ossl_SN_des_ede3_cfb8 -+#define SN_des_ede3_cfb8 ossl_SN_des_ede3_cfb8 -+#endif -+#ifdef ossl_LN_des_ede3_cfb8 -+#define LN_des_ede3_cfb8 ossl_LN_des_ede3_cfb8 -+#endif -+#ifdef ossl_NID_des_ede3_cfb8 -+#define NID_des_ede3_cfb8 ossl_NID_des_ede3_cfb8 -+#endif -+ -+#ifdef ossl_SN_streetAddress -+#define SN_streetAddress ossl_SN_streetAddress -+#endif -+#ifdef ossl_LN_streetAddress -+#define LN_streetAddress ossl_LN_streetAddress -+#endif -+#ifdef ossl_NID_streetAddress -+#define NID_streetAddress ossl_NID_streetAddress -+#endif -+#ifdef ossl_OBJ_streetAddress -+#define OBJ_streetAddress ossl_OBJ_streetAddress -+#endif -+ -+#ifdef ossl_LN_postalCode -+#define LN_postalCode ossl_LN_postalCode -+#endif -+#ifdef ossl_NID_postalCode -+#define NID_postalCode ossl_NID_postalCode -+#endif -+#ifdef ossl_OBJ_postalCode -+#define OBJ_postalCode ossl_OBJ_postalCode -+#endif -+ -+#ifdef ossl_SN_id_ppl -+#define SN_id_ppl ossl_SN_id_ppl -+#endif -+#ifdef ossl_NID_id_ppl -+#define NID_id_ppl ossl_NID_id_ppl -+#endif -+#ifdef ossl_OBJ_id_ppl -+#define OBJ_id_ppl ossl_OBJ_id_ppl -+#endif -+ -+#ifdef ossl_SN_proxyCertInfo -+#define SN_proxyCertInfo ossl_SN_proxyCertInfo -+#endif -+#ifdef ossl_LN_proxyCertInfo -+#define LN_proxyCertInfo ossl_LN_proxyCertInfo -+#endif -+#ifdef ossl_NID_proxyCertInfo -+#define NID_proxyCertInfo ossl_NID_proxyCertInfo -+#endif -+#ifdef ossl_OBJ_proxyCertInfo -+#define OBJ_proxyCertInfo ossl_OBJ_proxyCertInfo -+#endif -+ -+#ifdef ossl_SN_id_ppl_anyLanguage -+#define SN_id_ppl_anyLanguage ossl_SN_id_ppl_anyLanguage -+#endif -+#ifdef ossl_LN_id_ppl_anyLanguage -+#define LN_id_ppl_anyLanguage ossl_LN_id_ppl_anyLanguage -+#endif -+#ifdef ossl_NID_id_ppl_anyLanguage -+#define NID_id_ppl_anyLanguage ossl_NID_id_ppl_anyLanguage -+#endif -+#ifdef ossl_OBJ_id_ppl_anyLanguage -+#define OBJ_id_ppl_anyLanguage ossl_OBJ_id_ppl_anyLanguage -+#endif -+ -+#ifdef ossl_SN_id_ppl_inheritAll -+#define SN_id_ppl_inheritAll ossl_SN_id_ppl_inheritAll -+#endif -+#ifdef ossl_LN_id_ppl_inheritAll -+#define LN_id_ppl_inheritAll ossl_LN_id_ppl_inheritAll -+#endif -+#ifdef ossl_NID_id_ppl_inheritAll -+#define NID_id_ppl_inheritAll ossl_NID_id_ppl_inheritAll -+#endif -+#ifdef ossl_OBJ_id_ppl_inheritAll -+#define OBJ_id_ppl_inheritAll ossl_OBJ_id_ppl_inheritAll -+#endif -+ -+#ifdef ossl_SN_name_constraints -+#define SN_name_constraints ossl_SN_name_constraints -+#endif -+#ifdef ossl_LN_name_constraints -+#define LN_name_constraints ossl_LN_name_constraints -+#endif -+#ifdef ossl_NID_name_constraints -+#define NID_name_constraints ossl_NID_name_constraints -+#endif -+#ifdef ossl_OBJ_name_constraints -+#define OBJ_name_constraints ossl_OBJ_name_constraints -+#endif -+ -+#ifdef ossl_SN_Independent -+#define SN_Independent ossl_SN_Independent -+#endif -+#ifdef ossl_LN_Independent -+#define LN_Independent ossl_LN_Independent -+#endif -+#ifdef ossl_NID_Independent -+#define NID_Independent ossl_NID_Independent -+#endif -+#ifdef ossl_OBJ_Independent -+#define OBJ_Independent ossl_OBJ_Independent -+#endif -+ -+#ifdef ossl_SN_sha256WithRSAEncryption -+#define SN_sha256WithRSAEncryption ossl_SN_sha256WithRSAEncryption -+#endif -+#ifdef ossl_LN_sha256WithRSAEncryption -+#define LN_sha256WithRSAEncryption ossl_LN_sha256WithRSAEncryption -+#endif -+#ifdef ossl_NID_sha256WithRSAEncryption -+#define NID_sha256WithRSAEncryption ossl_NID_sha256WithRSAEncryption -+#endif -+#ifdef ossl_OBJ_sha256WithRSAEncryption -+#define OBJ_sha256WithRSAEncryption ossl_OBJ_sha256WithRSAEncryption -+#endif -+ -+#ifdef ossl_SN_sha384WithRSAEncryption -+#define SN_sha384WithRSAEncryption ossl_SN_sha384WithRSAEncryption -+#endif -+#ifdef ossl_LN_sha384WithRSAEncryption -+#define LN_sha384WithRSAEncryption ossl_LN_sha384WithRSAEncryption -+#endif -+#ifdef ossl_NID_sha384WithRSAEncryption -+#define NID_sha384WithRSAEncryption ossl_NID_sha384WithRSAEncryption -+#endif -+#ifdef ossl_OBJ_sha384WithRSAEncryption -+#define OBJ_sha384WithRSAEncryption ossl_OBJ_sha384WithRSAEncryption -+#endif -+ -+#ifdef ossl_SN_sha512WithRSAEncryption -+#define SN_sha512WithRSAEncryption ossl_SN_sha512WithRSAEncryption -+#endif -+#ifdef ossl_LN_sha512WithRSAEncryption -+#define LN_sha512WithRSAEncryption ossl_LN_sha512WithRSAEncryption -+#endif -+#ifdef ossl_NID_sha512WithRSAEncryption -+#define NID_sha512WithRSAEncryption ossl_NID_sha512WithRSAEncryption -+#endif -+#ifdef ossl_OBJ_sha512WithRSAEncryption -+#define OBJ_sha512WithRSAEncryption ossl_OBJ_sha512WithRSAEncryption -+#endif -+ -+#ifdef ossl_SN_sha224WithRSAEncryption -+#define SN_sha224WithRSAEncryption ossl_SN_sha224WithRSAEncryption -+#endif -+#ifdef ossl_LN_sha224WithRSAEncryption -+#define LN_sha224WithRSAEncryption ossl_LN_sha224WithRSAEncryption -+#endif -+#ifdef ossl_NID_sha224WithRSAEncryption -+#define NID_sha224WithRSAEncryption ossl_NID_sha224WithRSAEncryption -+#endif -+#ifdef ossl_OBJ_sha224WithRSAEncryption -+#define OBJ_sha224WithRSAEncryption ossl_OBJ_sha224WithRSAEncryption -+#endif -+ -+#ifdef ossl_SN_sha256 -+#define SN_sha256 ossl_SN_sha256 -+#endif -+#ifdef ossl_LN_sha256 -+#define LN_sha256 ossl_LN_sha256 -+#endif -+#ifdef ossl_NID_sha256 -+#define NID_sha256 ossl_NID_sha256 -+#endif -+#ifdef ossl_OBJ_sha256 -+#define OBJ_sha256 ossl_OBJ_sha256 -+#endif -+ -+#ifdef ossl_SN_sha384 -+#define SN_sha384 ossl_SN_sha384 -+#endif -+#ifdef ossl_LN_sha384 -+#define LN_sha384 ossl_LN_sha384 -+#endif -+#ifdef ossl_NID_sha384 -+#define NID_sha384 ossl_NID_sha384 -+#endif -+#ifdef ossl_OBJ_sha384 -+#define OBJ_sha384 ossl_OBJ_sha384 -+#endif -+ -+#ifdef ossl_SN_sha512 -+#define SN_sha512 ossl_SN_sha512 -+#endif -+#ifdef ossl_LN_sha512 -+#define LN_sha512 ossl_LN_sha512 -+#endif -+#ifdef ossl_NID_sha512 -+#define NID_sha512 ossl_NID_sha512 -+#endif -+#ifdef ossl_OBJ_sha512 -+#define OBJ_sha512 ossl_OBJ_sha512 -+#endif -+ -+#ifdef ossl_SN_sha224 -+#define SN_sha224 ossl_SN_sha224 -+#endif -+#ifdef ossl_LN_sha224 -+#define LN_sha224 ossl_LN_sha224 -+#endif -+#ifdef ossl_NID_sha224 -+#define NID_sha224 ossl_NID_sha224 -+#endif -+#ifdef ossl_OBJ_sha224 -+#define OBJ_sha224 ossl_OBJ_sha224 -+#endif -+ -+#ifdef ossl_SN_identified_organization -+#define SN_identified_organization ossl_SN_identified_organization -+#endif -+#ifdef ossl_NID_identified_organization -+#define NID_identified_organization ossl_NID_identified_organization -+#endif -+#ifdef ossl_OBJ_identified_organization -+#define OBJ_identified_organization ossl_OBJ_identified_organization -+#endif -+ -+#ifdef ossl_SN_certicom_arc -+#define SN_certicom_arc ossl_SN_certicom_arc -+#endif -+#ifdef ossl_NID_certicom_arc -+#define NID_certicom_arc ossl_NID_certicom_arc -+#endif -+#ifdef ossl_OBJ_certicom_arc -+#define OBJ_certicom_arc ossl_OBJ_certicom_arc -+#endif -+ -+#ifdef ossl_SN_wap -+#define SN_wap ossl_SN_wap -+#endif -+#ifdef ossl_NID_wap -+#define NID_wap ossl_NID_wap -+#endif -+#ifdef ossl_OBJ_wap -+#define OBJ_wap ossl_OBJ_wap -+#endif -+ -+#ifdef ossl_SN_wap_wsg -+#define SN_wap_wsg ossl_SN_wap_wsg -+#endif -+#ifdef ossl_NID_wap_wsg -+#define NID_wap_wsg ossl_NID_wap_wsg -+#endif -+#ifdef ossl_OBJ_wap_wsg -+#define OBJ_wap_wsg ossl_OBJ_wap_wsg -+#endif -+ -+#ifdef ossl_SN_X9_62_id_characteristic_two_basis -+#define SN_X9_62_id_characteristic_two_basis ossl_SN_X9_62_id_characteristic_two_basis -+#endif -+#ifdef ossl_NID_X9_62_id_characteristic_two_basis -+#define NID_X9_62_id_characteristic_two_basis ossl_NID_X9_62_id_characteristic_two_basis -+#endif -+#ifdef ossl_OBJ_X9_62_id_characteristic_two_basis -+#define OBJ_X9_62_id_characteristic_two_basis ossl_OBJ_X9_62_id_characteristic_two_basis -+#endif -+ -+#ifdef ossl_SN_X9_62_onBasis -+#define SN_X9_62_onBasis ossl_SN_X9_62_onBasis -+#endif -+#ifdef ossl_NID_X9_62_onBasis -+#define NID_X9_62_onBasis ossl_NID_X9_62_onBasis -+#endif -+#ifdef ossl_OBJ_X9_62_onBasis -+#define OBJ_X9_62_onBasis ossl_OBJ_X9_62_onBasis -+#endif -+ -+#ifdef ossl_SN_X9_62_tpBasis -+#define SN_X9_62_tpBasis ossl_SN_X9_62_tpBasis -+#endif -+#ifdef ossl_NID_X9_62_tpBasis -+#define NID_X9_62_tpBasis ossl_NID_X9_62_tpBasis -+#endif -+#ifdef ossl_OBJ_X9_62_tpBasis -+#define OBJ_X9_62_tpBasis ossl_OBJ_X9_62_tpBasis -+#endif -+ -+#ifdef ossl_SN_X9_62_ppBasis -+#define SN_X9_62_ppBasis ossl_SN_X9_62_ppBasis -+#endif -+#ifdef ossl_NID_X9_62_ppBasis -+#define NID_X9_62_ppBasis ossl_NID_X9_62_ppBasis -+#endif -+#ifdef ossl_OBJ_X9_62_ppBasis -+#define OBJ_X9_62_ppBasis ossl_OBJ_X9_62_ppBasis -+#endif -+ -+#ifdef ossl_SN_X9_62_c2pnb163v1 -+#define SN_X9_62_c2pnb163v1 ossl_SN_X9_62_c2pnb163v1 -+#endif -+#ifdef ossl_NID_X9_62_c2pnb163v1 -+#define NID_X9_62_c2pnb163v1 ossl_NID_X9_62_c2pnb163v1 -+#endif -+#ifdef ossl_OBJ_X9_62_c2pnb163v1 -+#define OBJ_X9_62_c2pnb163v1 ossl_OBJ_X9_62_c2pnb163v1 -+#endif -+ -+#ifdef ossl_SN_X9_62_c2pnb163v2 -+#define SN_X9_62_c2pnb163v2 ossl_SN_X9_62_c2pnb163v2 -+#endif -+#ifdef ossl_NID_X9_62_c2pnb163v2 -+#define NID_X9_62_c2pnb163v2 ossl_NID_X9_62_c2pnb163v2 -+#endif -+#ifdef ossl_OBJ_X9_62_c2pnb163v2 -+#define OBJ_X9_62_c2pnb163v2 ossl_OBJ_X9_62_c2pnb163v2 -+#endif -+ -+#ifdef ossl_SN_X9_62_c2pnb163v3 -+#define SN_X9_62_c2pnb163v3 ossl_SN_X9_62_c2pnb163v3 -+#endif -+#ifdef ossl_NID_X9_62_c2pnb163v3 -+#define NID_X9_62_c2pnb163v3 ossl_NID_X9_62_c2pnb163v3 -+#endif -+#ifdef ossl_OBJ_X9_62_c2pnb163v3 -+#define OBJ_X9_62_c2pnb163v3 ossl_OBJ_X9_62_c2pnb163v3 -+#endif -+ -+#ifdef ossl_SN_X9_62_c2pnb176v1 -+#define SN_X9_62_c2pnb176v1 ossl_SN_X9_62_c2pnb176v1 -+#endif -+#ifdef ossl_NID_X9_62_c2pnb176v1 -+#define NID_X9_62_c2pnb176v1 ossl_NID_X9_62_c2pnb176v1 -+#endif -+#ifdef ossl_OBJ_X9_62_c2pnb176v1 -+#define OBJ_X9_62_c2pnb176v1 ossl_OBJ_X9_62_c2pnb176v1 -+#endif -+ -+#ifdef ossl_SN_X9_62_c2tnb191v1 -+#define SN_X9_62_c2tnb191v1 ossl_SN_X9_62_c2tnb191v1 -+#endif -+#ifdef ossl_NID_X9_62_c2tnb191v1 -+#define NID_X9_62_c2tnb191v1 ossl_NID_X9_62_c2tnb191v1 -+#endif -+#ifdef ossl_OBJ_X9_62_c2tnb191v1 -+#define OBJ_X9_62_c2tnb191v1 ossl_OBJ_X9_62_c2tnb191v1 -+#endif -+ -+#ifdef ossl_SN_X9_62_c2tnb191v2 -+#define SN_X9_62_c2tnb191v2 ossl_SN_X9_62_c2tnb191v2 -+#endif -+#ifdef ossl_NID_X9_62_c2tnb191v2 -+#define NID_X9_62_c2tnb191v2 ossl_NID_X9_62_c2tnb191v2 -+#endif -+#ifdef ossl_OBJ_X9_62_c2tnb191v2 -+#define OBJ_X9_62_c2tnb191v2 ossl_OBJ_X9_62_c2tnb191v2 -+#endif -+ -+#ifdef ossl_SN_X9_62_c2tnb191v3 -+#define SN_X9_62_c2tnb191v3 ossl_SN_X9_62_c2tnb191v3 -+#endif -+#ifdef ossl_NID_X9_62_c2tnb191v3 -+#define NID_X9_62_c2tnb191v3 ossl_NID_X9_62_c2tnb191v3 -+#endif -+#ifdef ossl_OBJ_X9_62_c2tnb191v3 -+#define OBJ_X9_62_c2tnb191v3 ossl_OBJ_X9_62_c2tnb191v3 -+#endif -+ -+#ifdef ossl_SN_X9_62_c2onb191v4 -+#define SN_X9_62_c2onb191v4 ossl_SN_X9_62_c2onb191v4 -+#endif -+#ifdef ossl_NID_X9_62_c2onb191v4 -+#define NID_X9_62_c2onb191v4 ossl_NID_X9_62_c2onb191v4 -+#endif -+#ifdef ossl_OBJ_X9_62_c2onb191v4 -+#define OBJ_X9_62_c2onb191v4 ossl_OBJ_X9_62_c2onb191v4 -+#endif -+ -+#ifdef ossl_SN_X9_62_c2onb191v5 -+#define SN_X9_62_c2onb191v5 ossl_SN_X9_62_c2onb191v5 -+#endif -+#ifdef ossl_NID_X9_62_c2onb191v5 -+#define NID_X9_62_c2onb191v5 ossl_NID_X9_62_c2onb191v5 -+#endif -+#ifdef ossl_OBJ_X9_62_c2onb191v5 -+#define OBJ_X9_62_c2onb191v5 ossl_OBJ_X9_62_c2onb191v5 -+#endif -+ -+#ifdef ossl_SN_X9_62_c2pnb208w1 -+#define SN_X9_62_c2pnb208w1 ossl_SN_X9_62_c2pnb208w1 -+#endif -+#ifdef ossl_NID_X9_62_c2pnb208w1 -+#define NID_X9_62_c2pnb208w1 ossl_NID_X9_62_c2pnb208w1 -+#endif -+#ifdef ossl_OBJ_X9_62_c2pnb208w1 -+#define OBJ_X9_62_c2pnb208w1 ossl_OBJ_X9_62_c2pnb208w1 -+#endif -+ -+#ifdef ossl_SN_X9_62_c2tnb239v1 -+#define SN_X9_62_c2tnb239v1 ossl_SN_X9_62_c2tnb239v1 -+#endif -+#ifdef ossl_NID_X9_62_c2tnb239v1 -+#define NID_X9_62_c2tnb239v1 ossl_NID_X9_62_c2tnb239v1 -+#endif -+#ifdef ossl_OBJ_X9_62_c2tnb239v1 -+#define OBJ_X9_62_c2tnb239v1 ossl_OBJ_X9_62_c2tnb239v1 -+#endif -+ -+#ifdef ossl_SN_X9_62_c2tnb239v2 -+#define SN_X9_62_c2tnb239v2 ossl_SN_X9_62_c2tnb239v2 -+#endif -+#ifdef ossl_NID_X9_62_c2tnb239v2 -+#define NID_X9_62_c2tnb239v2 ossl_NID_X9_62_c2tnb239v2 -+#endif -+#ifdef ossl_OBJ_X9_62_c2tnb239v2 -+#define OBJ_X9_62_c2tnb239v2 ossl_OBJ_X9_62_c2tnb239v2 -+#endif -+ -+#ifdef ossl_SN_X9_62_c2tnb239v3 -+#define SN_X9_62_c2tnb239v3 ossl_SN_X9_62_c2tnb239v3 -+#endif -+#ifdef ossl_NID_X9_62_c2tnb239v3 -+#define NID_X9_62_c2tnb239v3 ossl_NID_X9_62_c2tnb239v3 -+#endif -+#ifdef ossl_OBJ_X9_62_c2tnb239v3 -+#define OBJ_X9_62_c2tnb239v3 ossl_OBJ_X9_62_c2tnb239v3 -+#endif -+ -+#ifdef ossl_SN_X9_62_c2onb239v4 -+#define SN_X9_62_c2onb239v4 ossl_SN_X9_62_c2onb239v4 -+#endif -+#ifdef ossl_NID_X9_62_c2onb239v4 -+#define NID_X9_62_c2onb239v4 ossl_NID_X9_62_c2onb239v4 -+#endif -+#ifdef ossl_OBJ_X9_62_c2onb239v4 -+#define OBJ_X9_62_c2onb239v4 ossl_OBJ_X9_62_c2onb239v4 -+#endif -+ -+#ifdef ossl_SN_X9_62_c2onb239v5 -+#define SN_X9_62_c2onb239v5 ossl_SN_X9_62_c2onb239v5 -+#endif -+#ifdef ossl_NID_X9_62_c2onb239v5 -+#define NID_X9_62_c2onb239v5 ossl_NID_X9_62_c2onb239v5 -+#endif -+#ifdef ossl_OBJ_X9_62_c2onb239v5 -+#define OBJ_X9_62_c2onb239v5 ossl_OBJ_X9_62_c2onb239v5 -+#endif -+ -+#ifdef ossl_SN_X9_62_c2pnb272w1 -+#define SN_X9_62_c2pnb272w1 ossl_SN_X9_62_c2pnb272w1 -+#endif -+#ifdef ossl_NID_X9_62_c2pnb272w1 -+#define NID_X9_62_c2pnb272w1 ossl_NID_X9_62_c2pnb272w1 -+#endif -+#ifdef ossl_OBJ_X9_62_c2pnb272w1 -+#define OBJ_X9_62_c2pnb272w1 ossl_OBJ_X9_62_c2pnb272w1 -+#endif -+ -+#ifdef ossl_SN_X9_62_c2pnb304w1 -+#define SN_X9_62_c2pnb304w1 ossl_SN_X9_62_c2pnb304w1 -+#endif -+#ifdef ossl_NID_X9_62_c2pnb304w1 -+#define NID_X9_62_c2pnb304w1 ossl_NID_X9_62_c2pnb304w1 -+#endif -+#ifdef ossl_OBJ_X9_62_c2pnb304w1 -+#define OBJ_X9_62_c2pnb304w1 ossl_OBJ_X9_62_c2pnb304w1 -+#endif -+ -+#ifdef ossl_SN_X9_62_c2tnb359v1 -+#define SN_X9_62_c2tnb359v1 ossl_SN_X9_62_c2tnb359v1 -+#endif -+#ifdef ossl_NID_X9_62_c2tnb359v1 -+#define NID_X9_62_c2tnb359v1 ossl_NID_X9_62_c2tnb359v1 -+#endif -+#ifdef ossl_OBJ_X9_62_c2tnb359v1 -+#define OBJ_X9_62_c2tnb359v1 ossl_OBJ_X9_62_c2tnb359v1 -+#endif -+ -+#ifdef ossl_SN_X9_62_c2pnb368w1 -+#define SN_X9_62_c2pnb368w1 ossl_SN_X9_62_c2pnb368w1 -+#endif -+#ifdef ossl_NID_X9_62_c2pnb368w1 -+#define NID_X9_62_c2pnb368w1 ossl_NID_X9_62_c2pnb368w1 -+#endif -+#ifdef ossl_OBJ_X9_62_c2pnb368w1 -+#define OBJ_X9_62_c2pnb368w1 ossl_OBJ_X9_62_c2pnb368w1 -+#endif -+ -+#ifdef ossl_SN_X9_62_c2tnb431r1 -+#define SN_X9_62_c2tnb431r1 ossl_SN_X9_62_c2tnb431r1 -+#endif -+#ifdef ossl_NID_X9_62_c2tnb431r1 -+#define NID_X9_62_c2tnb431r1 ossl_NID_X9_62_c2tnb431r1 -+#endif -+#ifdef ossl_OBJ_X9_62_c2tnb431r1 -+#define OBJ_X9_62_c2tnb431r1 ossl_OBJ_X9_62_c2tnb431r1 -+#endif -+ -+#ifdef ossl_SN_secp112r1 -+#define SN_secp112r1 ossl_SN_secp112r1 -+#endif -+#ifdef ossl_NID_secp112r1 -+#define NID_secp112r1 ossl_NID_secp112r1 -+#endif -+#ifdef ossl_OBJ_secp112r1 -+#define OBJ_secp112r1 ossl_OBJ_secp112r1 -+#endif -+ -+#ifdef ossl_SN_secp112r2 -+#define SN_secp112r2 ossl_SN_secp112r2 -+#endif -+#ifdef ossl_NID_secp112r2 -+#define NID_secp112r2 ossl_NID_secp112r2 -+#endif -+#ifdef ossl_OBJ_secp112r2 -+#define OBJ_secp112r2 ossl_OBJ_secp112r2 -+#endif -+ -+#ifdef ossl_SN_secp128r1 -+#define SN_secp128r1 ossl_SN_secp128r1 -+#endif -+#ifdef ossl_NID_secp128r1 -+#define NID_secp128r1 ossl_NID_secp128r1 -+#endif -+#ifdef ossl_OBJ_secp128r1 -+#define OBJ_secp128r1 ossl_OBJ_secp128r1 -+#endif -+ -+#ifdef ossl_SN_secp128r2 -+#define SN_secp128r2 ossl_SN_secp128r2 -+#endif -+#ifdef ossl_NID_secp128r2 -+#define NID_secp128r2 ossl_NID_secp128r2 -+#endif -+#ifdef ossl_OBJ_secp128r2 -+#define OBJ_secp128r2 ossl_OBJ_secp128r2 -+#endif -+ -+#ifdef ossl_SN_secp160k1 -+#define SN_secp160k1 ossl_SN_secp160k1 -+#endif -+#ifdef ossl_NID_secp160k1 -+#define NID_secp160k1 ossl_NID_secp160k1 -+#endif -+#ifdef ossl_OBJ_secp160k1 -+#define OBJ_secp160k1 ossl_OBJ_secp160k1 -+#endif -+ -+#ifdef ossl_SN_secp160r1 -+#define SN_secp160r1 ossl_SN_secp160r1 -+#endif -+#ifdef ossl_NID_secp160r1 -+#define NID_secp160r1 ossl_NID_secp160r1 -+#endif -+#ifdef ossl_OBJ_secp160r1 -+#define OBJ_secp160r1 ossl_OBJ_secp160r1 -+#endif -+ -+#ifdef ossl_SN_secp160r2 -+#define SN_secp160r2 ossl_SN_secp160r2 -+#endif -+#ifdef ossl_NID_secp160r2 -+#define NID_secp160r2 ossl_NID_secp160r2 -+#endif -+#ifdef ossl_OBJ_secp160r2 -+#define OBJ_secp160r2 ossl_OBJ_secp160r2 -+#endif -+ -+#ifdef ossl_SN_secp192k1 -+#define SN_secp192k1 ossl_SN_secp192k1 -+#endif -+#ifdef ossl_NID_secp192k1 -+#define NID_secp192k1 ossl_NID_secp192k1 -+#endif -+#ifdef ossl_OBJ_secp192k1 -+#define OBJ_secp192k1 ossl_OBJ_secp192k1 -+#endif -+ -+#ifdef ossl_SN_secp224k1 -+#define SN_secp224k1 ossl_SN_secp224k1 -+#endif -+#ifdef ossl_NID_secp224k1 -+#define NID_secp224k1 ossl_NID_secp224k1 -+#endif -+#ifdef ossl_OBJ_secp224k1 -+#define OBJ_secp224k1 ossl_OBJ_secp224k1 -+#endif -+ -+#ifdef ossl_SN_secp224r1 -+#define SN_secp224r1 ossl_SN_secp224r1 -+#endif -+#ifdef ossl_NID_secp224r1 -+#define NID_secp224r1 ossl_NID_secp224r1 -+#endif -+#ifdef ossl_OBJ_secp224r1 -+#define OBJ_secp224r1 ossl_OBJ_secp224r1 -+#endif -+ -+#ifdef ossl_SN_secp256k1 -+#define SN_secp256k1 ossl_SN_secp256k1 -+#endif -+#ifdef ossl_NID_secp256k1 -+#define NID_secp256k1 ossl_NID_secp256k1 -+#endif -+#ifdef ossl_OBJ_secp256k1 -+#define OBJ_secp256k1 ossl_OBJ_secp256k1 -+#endif -+ -+#ifdef ossl_SN_secp384r1 -+#define SN_secp384r1 ossl_SN_secp384r1 -+#endif -+#ifdef ossl_NID_secp384r1 -+#define NID_secp384r1 ossl_NID_secp384r1 -+#endif -+#ifdef ossl_OBJ_secp384r1 -+#define OBJ_secp384r1 ossl_OBJ_secp384r1 -+#endif -+ -+#ifdef ossl_SN_secp521r1 -+#define SN_secp521r1 ossl_SN_secp521r1 -+#endif -+#ifdef ossl_NID_secp521r1 -+#define NID_secp521r1 ossl_NID_secp521r1 -+#endif -+#ifdef ossl_OBJ_secp521r1 -+#define OBJ_secp521r1 ossl_OBJ_secp521r1 -+#endif -+ -+#ifdef ossl_SN_sect113r1 -+#define SN_sect113r1 ossl_SN_sect113r1 -+#endif -+#ifdef ossl_NID_sect113r1 -+#define NID_sect113r1 ossl_NID_sect113r1 -+#endif -+#ifdef ossl_OBJ_sect113r1 -+#define OBJ_sect113r1 ossl_OBJ_sect113r1 -+#endif -+ -+#ifdef ossl_SN_sect113r2 -+#define SN_sect113r2 ossl_SN_sect113r2 -+#endif -+#ifdef ossl_NID_sect113r2 -+#define NID_sect113r2 ossl_NID_sect113r2 -+#endif -+#ifdef ossl_OBJ_sect113r2 -+#define OBJ_sect113r2 ossl_OBJ_sect113r2 -+#endif -+ -+#ifdef ossl_SN_sect131r1 -+#define SN_sect131r1 ossl_SN_sect131r1 -+#endif -+#ifdef ossl_NID_sect131r1 -+#define NID_sect131r1 ossl_NID_sect131r1 -+#endif -+#ifdef ossl_OBJ_sect131r1 -+#define OBJ_sect131r1 ossl_OBJ_sect131r1 -+#endif -+ -+#ifdef ossl_SN_sect131r2 -+#define SN_sect131r2 ossl_SN_sect131r2 -+#endif -+#ifdef ossl_NID_sect131r2 -+#define NID_sect131r2 ossl_NID_sect131r2 -+#endif -+#ifdef ossl_OBJ_sect131r2 -+#define OBJ_sect131r2 ossl_OBJ_sect131r2 -+#endif -+ -+#ifdef ossl_SN_sect163k1 -+#define SN_sect163k1 ossl_SN_sect163k1 -+#endif -+#ifdef ossl_NID_sect163k1 -+#define NID_sect163k1 ossl_NID_sect163k1 -+#endif -+#ifdef ossl_OBJ_sect163k1 -+#define OBJ_sect163k1 ossl_OBJ_sect163k1 -+#endif -+ -+#ifdef ossl_SN_sect163r1 -+#define SN_sect163r1 ossl_SN_sect163r1 -+#endif -+#ifdef ossl_NID_sect163r1 -+#define NID_sect163r1 ossl_NID_sect163r1 -+#endif -+#ifdef ossl_OBJ_sect163r1 -+#define OBJ_sect163r1 ossl_OBJ_sect163r1 -+#endif -+ -+#ifdef ossl_SN_sect163r2 -+#define SN_sect163r2 ossl_SN_sect163r2 -+#endif -+#ifdef ossl_NID_sect163r2 -+#define NID_sect163r2 ossl_NID_sect163r2 -+#endif -+#ifdef ossl_OBJ_sect163r2 -+#define OBJ_sect163r2 ossl_OBJ_sect163r2 -+#endif -+ -+#ifdef ossl_SN_sect193r1 -+#define SN_sect193r1 ossl_SN_sect193r1 -+#endif -+#ifdef ossl_NID_sect193r1 -+#define NID_sect193r1 ossl_NID_sect193r1 -+#endif -+#ifdef ossl_OBJ_sect193r1 -+#define OBJ_sect193r1 ossl_OBJ_sect193r1 -+#endif -+ -+#ifdef ossl_SN_sect193r2 -+#define SN_sect193r2 ossl_SN_sect193r2 -+#endif -+#ifdef ossl_NID_sect193r2 -+#define NID_sect193r2 ossl_NID_sect193r2 -+#endif -+#ifdef ossl_OBJ_sect193r2 -+#define OBJ_sect193r2 ossl_OBJ_sect193r2 -+#endif -+ -+#ifdef ossl_SN_sect233k1 -+#define SN_sect233k1 ossl_SN_sect233k1 -+#endif -+#ifdef ossl_NID_sect233k1 -+#define NID_sect233k1 ossl_NID_sect233k1 -+#endif -+#ifdef ossl_OBJ_sect233k1 -+#define OBJ_sect233k1 ossl_OBJ_sect233k1 -+#endif -+ -+#ifdef ossl_SN_sect233r1 -+#define SN_sect233r1 ossl_SN_sect233r1 -+#endif -+#ifdef ossl_NID_sect233r1 -+#define NID_sect233r1 ossl_NID_sect233r1 -+#endif -+#ifdef ossl_OBJ_sect233r1 -+#define OBJ_sect233r1 ossl_OBJ_sect233r1 -+#endif -+ -+#ifdef ossl_SN_sect239k1 -+#define SN_sect239k1 ossl_SN_sect239k1 -+#endif -+#ifdef ossl_NID_sect239k1 -+#define NID_sect239k1 ossl_NID_sect239k1 -+#endif -+#ifdef ossl_OBJ_sect239k1 -+#define OBJ_sect239k1 ossl_OBJ_sect239k1 -+#endif -+ -+#ifdef ossl_SN_sect283k1 -+#define SN_sect283k1 ossl_SN_sect283k1 -+#endif -+#ifdef ossl_NID_sect283k1 -+#define NID_sect283k1 ossl_NID_sect283k1 -+#endif -+#ifdef ossl_OBJ_sect283k1 -+#define OBJ_sect283k1 ossl_OBJ_sect283k1 -+#endif -+ -+#ifdef ossl_SN_sect283r1 -+#define SN_sect283r1 ossl_SN_sect283r1 -+#endif -+#ifdef ossl_NID_sect283r1 -+#define NID_sect283r1 ossl_NID_sect283r1 -+#endif -+#ifdef ossl_OBJ_sect283r1 -+#define OBJ_sect283r1 ossl_OBJ_sect283r1 -+#endif -+ -+#ifdef ossl_SN_sect409k1 -+#define SN_sect409k1 ossl_SN_sect409k1 -+#endif -+#ifdef ossl_NID_sect409k1 -+#define NID_sect409k1 ossl_NID_sect409k1 -+#endif -+#ifdef ossl_OBJ_sect409k1 -+#define OBJ_sect409k1 ossl_OBJ_sect409k1 -+#endif -+ -+#ifdef ossl_SN_sect409r1 -+#define SN_sect409r1 ossl_SN_sect409r1 -+#endif -+#ifdef ossl_NID_sect409r1 -+#define NID_sect409r1 ossl_NID_sect409r1 -+#endif -+#ifdef ossl_OBJ_sect409r1 -+#define OBJ_sect409r1 ossl_OBJ_sect409r1 -+#endif -+ -+#ifdef ossl_SN_sect571k1 -+#define SN_sect571k1 ossl_SN_sect571k1 -+#endif -+#ifdef ossl_NID_sect571k1 -+#define NID_sect571k1 ossl_NID_sect571k1 -+#endif -+#ifdef ossl_OBJ_sect571k1 -+#define OBJ_sect571k1 ossl_OBJ_sect571k1 -+#endif -+ -+#ifdef ossl_SN_sect571r1 -+#define SN_sect571r1 ossl_SN_sect571r1 -+#endif -+#ifdef ossl_NID_sect571r1 -+#define NID_sect571r1 ossl_NID_sect571r1 -+#endif -+#ifdef ossl_OBJ_sect571r1 -+#define OBJ_sect571r1 ossl_OBJ_sect571r1 -+#endif -+ -+#ifdef ossl_SN_wap_wsg_idm_ecid_wtls1 -+#define SN_wap_wsg_idm_ecid_wtls1 ossl_SN_wap_wsg_idm_ecid_wtls1 -+#endif -+#ifdef ossl_NID_wap_wsg_idm_ecid_wtls1 -+#define NID_wap_wsg_idm_ecid_wtls1 ossl_NID_wap_wsg_idm_ecid_wtls1 -+#endif -+#ifdef ossl_OBJ_wap_wsg_idm_ecid_wtls1 -+#define OBJ_wap_wsg_idm_ecid_wtls1 ossl_OBJ_wap_wsg_idm_ecid_wtls1 -+#endif -+ -+#ifdef ossl_SN_wap_wsg_idm_ecid_wtls3 -+#define SN_wap_wsg_idm_ecid_wtls3 ossl_SN_wap_wsg_idm_ecid_wtls3 -+#endif -+#ifdef ossl_NID_wap_wsg_idm_ecid_wtls3 -+#define NID_wap_wsg_idm_ecid_wtls3 ossl_NID_wap_wsg_idm_ecid_wtls3 -+#endif -+#ifdef ossl_OBJ_wap_wsg_idm_ecid_wtls3 -+#define OBJ_wap_wsg_idm_ecid_wtls3 ossl_OBJ_wap_wsg_idm_ecid_wtls3 -+#endif -+ -+#ifdef ossl_SN_wap_wsg_idm_ecid_wtls4 -+#define SN_wap_wsg_idm_ecid_wtls4 ossl_SN_wap_wsg_idm_ecid_wtls4 -+#endif -+#ifdef ossl_NID_wap_wsg_idm_ecid_wtls4 -+#define NID_wap_wsg_idm_ecid_wtls4 ossl_NID_wap_wsg_idm_ecid_wtls4 -+#endif -+#ifdef ossl_OBJ_wap_wsg_idm_ecid_wtls4 -+#define OBJ_wap_wsg_idm_ecid_wtls4 ossl_OBJ_wap_wsg_idm_ecid_wtls4 -+#endif -+ -+#ifdef ossl_SN_wap_wsg_idm_ecid_wtls5 -+#define SN_wap_wsg_idm_ecid_wtls5 ossl_SN_wap_wsg_idm_ecid_wtls5 -+#endif -+#ifdef ossl_NID_wap_wsg_idm_ecid_wtls5 -+#define NID_wap_wsg_idm_ecid_wtls5 ossl_NID_wap_wsg_idm_ecid_wtls5 -+#endif -+#ifdef ossl_OBJ_wap_wsg_idm_ecid_wtls5 -+#define OBJ_wap_wsg_idm_ecid_wtls5 ossl_OBJ_wap_wsg_idm_ecid_wtls5 -+#endif -+ -+#ifdef ossl_SN_wap_wsg_idm_ecid_wtls6 -+#define SN_wap_wsg_idm_ecid_wtls6 ossl_SN_wap_wsg_idm_ecid_wtls6 -+#endif -+#ifdef ossl_NID_wap_wsg_idm_ecid_wtls6 -+#define NID_wap_wsg_idm_ecid_wtls6 ossl_NID_wap_wsg_idm_ecid_wtls6 -+#endif -+#ifdef ossl_OBJ_wap_wsg_idm_ecid_wtls6 -+#define OBJ_wap_wsg_idm_ecid_wtls6 ossl_OBJ_wap_wsg_idm_ecid_wtls6 -+#endif -+ -+#ifdef ossl_SN_wap_wsg_idm_ecid_wtls7 -+#define SN_wap_wsg_idm_ecid_wtls7 ossl_SN_wap_wsg_idm_ecid_wtls7 -+#endif -+#ifdef ossl_NID_wap_wsg_idm_ecid_wtls7 -+#define NID_wap_wsg_idm_ecid_wtls7 ossl_NID_wap_wsg_idm_ecid_wtls7 -+#endif -+#ifdef ossl_OBJ_wap_wsg_idm_ecid_wtls7 -+#define OBJ_wap_wsg_idm_ecid_wtls7 ossl_OBJ_wap_wsg_idm_ecid_wtls7 -+#endif -+ -+#ifdef ossl_SN_wap_wsg_idm_ecid_wtls8 -+#define SN_wap_wsg_idm_ecid_wtls8 ossl_SN_wap_wsg_idm_ecid_wtls8 -+#endif -+#ifdef ossl_NID_wap_wsg_idm_ecid_wtls8 -+#define NID_wap_wsg_idm_ecid_wtls8 ossl_NID_wap_wsg_idm_ecid_wtls8 -+#endif -+#ifdef ossl_OBJ_wap_wsg_idm_ecid_wtls8 -+#define OBJ_wap_wsg_idm_ecid_wtls8 ossl_OBJ_wap_wsg_idm_ecid_wtls8 -+#endif -+ -+#ifdef ossl_SN_wap_wsg_idm_ecid_wtls9 -+#define SN_wap_wsg_idm_ecid_wtls9 ossl_SN_wap_wsg_idm_ecid_wtls9 -+#endif -+#ifdef ossl_NID_wap_wsg_idm_ecid_wtls9 -+#define NID_wap_wsg_idm_ecid_wtls9 ossl_NID_wap_wsg_idm_ecid_wtls9 -+#endif -+#ifdef ossl_OBJ_wap_wsg_idm_ecid_wtls9 -+#define OBJ_wap_wsg_idm_ecid_wtls9 ossl_OBJ_wap_wsg_idm_ecid_wtls9 -+#endif -+ -+#ifdef ossl_SN_wap_wsg_idm_ecid_wtls10 -+#define SN_wap_wsg_idm_ecid_wtls10 ossl_SN_wap_wsg_idm_ecid_wtls10 -+#endif -+#ifdef ossl_NID_wap_wsg_idm_ecid_wtls10 -+#define NID_wap_wsg_idm_ecid_wtls10 ossl_NID_wap_wsg_idm_ecid_wtls10 -+#endif -+#ifdef ossl_OBJ_wap_wsg_idm_ecid_wtls10 -+#define OBJ_wap_wsg_idm_ecid_wtls10 ossl_OBJ_wap_wsg_idm_ecid_wtls10 -+#endif -+ -+#ifdef ossl_SN_wap_wsg_idm_ecid_wtls11 -+#define SN_wap_wsg_idm_ecid_wtls11 ossl_SN_wap_wsg_idm_ecid_wtls11 -+#endif -+#ifdef ossl_NID_wap_wsg_idm_ecid_wtls11 -+#define NID_wap_wsg_idm_ecid_wtls11 ossl_NID_wap_wsg_idm_ecid_wtls11 -+#endif -+#ifdef ossl_OBJ_wap_wsg_idm_ecid_wtls11 -+#define OBJ_wap_wsg_idm_ecid_wtls11 ossl_OBJ_wap_wsg_idm_ecid_wtls11 -+#endif -+ -+#ifdef ossl_SN_wap_wsg_idm_ecid_wtls12 -+#define SN_wap_wsg_idm_ecid_wtls12 ossl_SN_wap_wsg_idm_ecid_wtls12 -+#endif -+#ifdef ossl_NID_wap_wsg_idm_ecid_wtls12 -+#define NID_wap_wsg_idm_ecid_wtls12 ossl_NID_wap_wsg_idm_ecid_wtls12 -+#endif -+#ifdef ossl_OBJ_wap_wsg_idm_ecid_wtls12 -+#define OBJ_wap_wsg_idm_ecid_wtls12 ossl_OBJ_wap_wsg_idm_ecid_wtls12 -+#endif -+ -+#ifdef ossl_SN_any_policy -+#define SN_any_policy ossl_SN_any_policy -+#endif -+#ifdef ossl_LN_any_policy -+#define LN_any_policy ossl_LN_any_policy -+#endif -+#ifdef ossl_NID_any_policy -+#define NID_any_policy ossl_NID_any_policy -+#endif -+#ifdef ossl_OBJ_any_policy -+#define OBJ_any_policy ossl_OBJ_any_policy -+#endif -+ -+#ifdef ossl_SN_policy_mappings -+#define SN_policy_mappings ossl_SN_policy_mappings -+#endif -+#ifdef ossl_LN_policy_mappings -+#define LN_policy_mappings ossl_LN_policy_mappings -+#endif -+#ifdef ossl_NID_policy_mappings -+#define NID_policy_mappings ossl_NID_policy_mappings -+#endif -+#ifdef ossl_OBJ_policy_mappings -+#define OBJ_policy_mappings ossl_OBJ_policy_mappings -+#endif -+ -+#ifdef ossl_SN_inhibit_any_policy -+#define SN_inhibit_any_policy ossl_SN_inhibit_any_policy -+#endif -+#ifdef ossl_LN_inhibit_any_policy -+#define LN_inhibit_any_policy ossl_LN_inhibit_any_policy -+#endif -+#ifdef ossl_NID_inhibit_any_policy -+#define NID_inhibit_any_policy ossl_NID_inhibit_any_policy -+#endif -+#ifdef ossl_OBJ_inhibit_any_policy -+#define OBJ_inhibit_any_policy ossl_OBJ_inhibit_any_policy -+#endif -+ -+#ifdef ossl_SN_ipsec3 -+#define SN_ipsec3 ossl_SN_ipsec3 -+#endif -+#ifdef ossl_LN_ipsec3 -+#define LN_ipsec3 ossl_LN_ipsec3 -+#endif -+#ifdef ossl_NID_ipsec3 -+#define NID_ipsec3 ossl_NID_ipsec3 -+#endif -+ -+#ifdef ossl_SN_ipsec4 -+#define SN_ipsec4 ossl_SN_ipsec4 -+#endif -+#ifdef ossl_LN_ipsec4 -+#define LN_ipsec4 ossl_LN_ipsec4 -+#endif -+#ifdef ossl_NID_ipsec4 -+#define NID_ipsec4 ossl_NID_ipsec4 -+#endif -+ -+#ifdef ossl_SN_camellia_128_cbc -+#define SN_camellia_128_cbc ossl_SN_camellia_128_cbc -+#endif -+#ifdef ossl_LN_camellia_128_cbc -+#define LN_camellia_128_cbc ossl_LN_camellia_128_cbc -+#endif -+#ifdef ossl_NID_camellia_128_cbc -+#define NID_camellia_128_cbc ossl_NID_camellia_128_cbc -+#endif -+#ifdef ossl_OBJ_camellia_128_cbc -+#define OBJ_camellia_128_cbc ossl_OBJ_camellia_128_cbc -+#endif -+ -+#ifdef ossl_SN_camellia_192_cbc -+#define SN_camellia_192_cbc ossl_SN_camellia_192_cbc -+#endif -+#ifdef ossl_LN_camellia_192_cbc -+#define LN_camellia_192_cbc ossl_LN_camellia_192_cbc -+#endif -+#ifdef ossl_NID_camellia_192_cbc -+#define NID_camellia_192_cbc ossl_NID_camellia_192_cbc -+#endif -+#ifdef ossl_OBJ_camellia_192_cbc -+#define OBJ_camellia_192_cbc ossl_OBJ_camellia_192_cbc -+#endif -+ -+#ifdef ossl_SN_camellia_256_cbc -+#define SN_camellia_256_cbc ossl_SN_camellia_256_cbc -+#endif -+#ifdef ossl_LN_camellia_256_cbc -+#define LN_camellia_256_cbc ossl_LN_camellia_256_cbc -+#endif -+#ifdef ossl_NID_camellia_256_cbc -+#define NID_camellia_256_cbc ossl_NID_camellia_256_cbc -+#endif -+#ifdef ossl_OBJ_camellia_256_cbc -+#define OBJ_camellia_256_cbc ossl_OBJ_camellia_256_cbc -+#endif -+ -+#ifdef ossl_SN_camellia_128_ecb -+#define SN_camellia_128_ecb ossl_SN_camellia_128_ecb -+#endif -+#ifdef ossl_LN_camellia_128_ecb -+#define LN_camellia_128_ecb ossl_LN_camellia_128_ecb -+#endif -+#ifdef ossl_NID_camellia_128_ecb -+#define NID_camellia_128_ecb ossl_NID_camellia_128_ecb -+#endif -+#ifdef ossl_OBJ_camellia_128_ecb -+#define OBJ_camellia_128_ecb ossl_OBJ_camellia_128_ecb -+#endif -+ -+#ifdef ossl_SN_camellia_192_ecb -+#define SN_camellia_192_ecb ossl_SN_camellia_192_ecb -+#endif -+#ifdef ossl_LN_camellia_192_ecb -+#define LN_camellia_192_ecb ossl_LN_camellia_192_ecb -+#endif -+#ifdef ossl_NID_camellia_192_ecb -+#define NID_camellia_192_ecb ossl_NID_camellia_192_ecb -+#endif -+#ifdef ossl_OBJ_camellia_192_ecb -+#define OBJ_camellia_192_ecb ossl_OBJ_camellia_192_ecb -+#endif -+ -+#ifdef ossl_SN_camellia_256_ecb -+#define SN_camellia_256_ecb ossl_SN_camellia_256_ecb -+#endif -+#ifdef ossl_LN_camellia_256_ecb -+#define LN_camellia_256_ecb ossl_LN_camellia_256_ecb -+#endif -+#ifdef ossl_NID_camellia_256_ecb -+#define NID_camellia_256_ecb ossl_NID_camellia_256_ecb -+#endif -+#ifdef ossl_OBJ_camellia_256_ecb -+#define OBJ_camellia_256_ecb ossl_OBJ_camellia_256_ecb -+#endif -+ -+#ifdef ossl_SN_camellia_128_cfb128 -+#define SN_camellia_128_cfb128 ossl_SN_camellia_128_cfb128 -+#endif -+#ifdef ossl_LN_camellia_128_cfb128 -+#define LN_camellia_128_cfb128 ossl_LN_camellia_128_cfb128 -+#endif -+#ifdef ossl_NID_camellia_128_cfb128 -+#define NID_camellia_128_cfb128 ossl_NID_camellia_128_cfb128 -+#endif -+#ifdef ossl_OBJ_camellia_128_cfb128 -+#define OBJ_camellia_128_cfb128 ossl_OBJ_camellia_128_cfb128 -+#endif -+ -+#ifdef ossl_SN_camellia_192_cfb128 -+#define SN_camellia_192_cfb128 ossl_SN_camellia_192_cfb128 -+#endif -+#ifdef ossl_LN_camellia_192_cfb128 -+#define LN_camellia_192_cfb128 ossl_LN_camellia_192_cfb128 -+#endif -+#ifdef ossl_NID_camellia_192_cfb128 -+#define NID_camellia_192_cfb128 ossl_NID_camellia_192_cfb128 -+#endif -+#ifdef ossl_OBJ_camellia_192_cfb128 -+#define OBJ_camellia_192_cfb128 ossl_OBJ_camellia_192_cfb128 -+#endif -+ -+#ifdef ossl_SN_camellia_256_cfb128 -+#define SN_camellia_256_cfb128 ossl_SN_camellia_256_cfb128 -+#endif -+#ifdef ossl_LN_camellia_256_cfb128 -+#define LN_camellia_256_cfb128 ossl_LN_camellia_256_cfb128 -+#endif -+#ifdef ossl_NID_camellia_256_cfb128 -+#define NID_camellia_256_cfb128 ossl_NID_camellia_256_cfb128 -+#endif -+#ifdef ossl_OBJ_camellia_256_cfb128 -+#define OBJ_camellia_256_cfb128 ossl_OBJ_camellia_256_cfb128 -+#endif -+ -+#ifdef ossl_SN_camellia_128_cfb1 -+#define SN_camellia_128_cfb1 ossl_SN_camellia_128_cfb1 -+#endif -+#ifdef ossl_LN_camellia_128_cfb1 -+#define LN_camellia_128_cfb1 ossl_LN_camellia_128_cfb1 -+#endif -+#ifdef ossl_NID_camellia_128_cfb1 -+#define NID_camellia_128_cfb1 ossl_NID_camellia_128_cfb1 -+#endif -+ -+#ifdef ossl_SN_camellia_192_cfb1 -+#define SN_camellia_192_cfb1 ossl_SN_camellia_192_cfb1 -+#endif -+#ifdef ossl_LN_camellia_192_cfb1 -+#define LN_camellia_192_cfb1 ossl_LN_camellia_192_cfb1 -+#endif -+#ifdef ossl_NID_camellia_192_cfb1 -+#define NID_camellia_192_cfb1 ossl_NID_camellia_192_cfb1 -+#endif -+ -+#ifdef ossl_SN_camellia_256_cfb1 -+#define SN_camellia_256_cfb1 ossl_SN_camellia_256_cfb1 -+#endif -+#ifdef ossl_LN_camellia_256_cfb1 -+#define LN_camellia_256_cfb1 ossl_LN_camellia_256_cfb1 -+#endif -+#ifdef ossl_NID_camellia_256_cfb1 -+#define NID_camellia_256_cfb1 ossl_NID_camellia_256_cfb1 -+#endif -+ -+#ifdef ossl_SN_camellia_128_cfb8 -+#define SN_camellia_128_cfb8 ossl_SN_camellia_128_cfb8 -+#endif -+#ifdef ossl_LN_camellia_128_cfb8 -+#define LN_camellia_128_cfb8 ossl_LN_camellia_128_cfb8 -+#endif -+#ifdef ossl_NID_camellia_128_cfb8 -+#define NID_camellia_128_cfb8 ossl_NID_camellia_128_cfb8 -+#endif -+ -+#ifdef ossl_SN_camellia_192_cfb8 -+#define SN_camellia_192_cfb8 ossl_SN_camellia_192_cfb8 -+#endif -+#ifdef ossl_LN_camellia_192_cfb8 -+#define LN_camellia_192_cfb8 ossl_LN_camellia_192_cfb8 -+#endif -+#ifdef ossl_NID_camellia_192_cfb8 -+#define NID_camellia_192_cfb8 ossl_NID_camellia_192_cfb8 -+#endif -+ -+#ifdef ossl_SN_camellia_256_cfb8 -+#define SN_camellia_256_cfb8 ossl_SN_camellia_256_cfb8 -+#endif -+#ifdef ossl_LN_camellia_256_cfb8 -+#define LN_camellia_256_cfb8 ossl_LN_camellia_256_cfb8 -+#endif -+#ifdef ossl_NID_camellia_256_cfb8 -+#define NID_camellia_256_cfb8 ossl_NID_camellia_256_cfb8 -+#endif -+ -+#ifdef ossl_SN_camellia_128_ofb128 -+#define SN_camellia_128_ofb128 ossl_SN_camellia_128_ofb128 -+#endif -+#ifdef ossl_LN_camellia_128_ofb128 -+#define LN_camellia_128_ofb128 ossl_LN_camellia_128_ofb128 -+#endif -+#ifdef ossl_NID_camellia_128_ofb128 -+#define NID_camellia_128_ofb128 ossl_NID_camellia_128_ofb128 -+#endif -+#ifdef ossl_OBJ_camellia_128_ofb128 -+#define OBJ_camellia_128_ofb128 ossl_OBJ_camellia_128_ofb128 -+#endif -+ -+#ifdef ossl_SN_camellia_192_ofb128 -+#define SN_camellia_192_ofb128 ossl_SN_camellia_192_ofb128 -+#endif -+#ifdef ossl_LN_camellia_192_ofb128 -+#define LN_camellia_192_ofb128 ossl_LN_camellia_192_ofb128 -+#endif -+#ifdef ossl_NID_camellia_192_ofb128 -+#define NID_camellia_192_ofb128 ossl_NID_camellia_192_ofb128 -+#endif -+#ifdef ossl_OBJ_camellia_192_ofb128 -+#define OBJ_camellia_192_ofb128 ossl_OBJ_camellia_192_ofb128 -+#endif -+ -+#ifdef ossl_SN_camellia_256_ofb128 -+#define SN_camellia_256_ofb128 ossl_SN_camellia_256_ofb128 -+#endif -+#ifdef ossl_LN_camellia_256_ofb128 -+#define LN_camellia_256_ofb128 ossl_LN_camellia_256_ofb128 -+#endif -+#ifdef ossl_NID_camellia_256_ofb128 -+#define NID_camellia_256_ofb128 ossl_NID_camellia_256_ofb128 -+#endif -+#ifdef ossl_OBJ_camellia_256_ofb128 -+#define OBJ_camellia_256_ofb128 ossl_OBJ_camellia_256_ofb128 -+#endif -+ -+#ifdef ossl_SN_subject_directory_attributes -+#define SN_subject_directory_attributes ossl_SN_subject_directory_attributes -+#endif -+#ifdef ossl_LN_subject_directory_attributes -+#define LN_subject_directory_attributes ossl_LN_subject_directory_attributes -+#endif -+#ifdef ossl_NID_subject_directory_attributes -+#define NID_subject_directory_attributes ossl_NID_subject_directory_attributes -+#endif -+#ifdef ossl_OBJ_subject_directory_attributes -+#define OBJ_subject_directory_attributes ossl_OBJ_subject_directory_attributes -+#endif -+ -+#ifdef ossl_SN_issuing_distribution_point -+#define SN_issuing_distribution_point ossl_SN_issuing_distribution_point -+#endif -+#ifdef ossl_LN_issuing_distribution_point -+#define LN_issuing_distribution_point ossl_LN_issuing_distribution_point -+#endif -+#ifdef ossl_NID_issuing_distribution_point -+#define NID_issuing_distribution_point ossl_NID_issuing_distribution_point -+#endif -+#ifdef ossl_OBJ_issuing_distribution_point -+#define OBJ_issuing_distribution_point ossl_OBJ_issuing_distribution_point -+#endif -+ -+#ifdef ossl_SN_certificate_issuer -+#define SN_certificate_issuer ossl_SN_certificate_issuer -+#endif -+#ifdef ossl_LN_certificate_issuer -+#define LN_certificate_issuer ossl_LN_certificate_issuer -+#endif -+#ifdef ossl_NID_certificate_issuer -+#define NID_certificate_issuer ossl_NID_certificate_issuer -+#endif -+#ifdef ossl_OBJ_certificate_issuer -+#define OBJ_certificate_issuer ossl_OBJ_certificate_issuer -+#endif -+ -+#ifdef ossl_SN_kisa -+#define SN_kisa ossl_SN_kisa -+#endif -+#ifdef ossl_LN_kisa -+#define LN_kisa ossl_LN_kisa -+#endif -+#ifdef ossl_NID_kisa -+#define NID_kisa ossl_NID_kisa -+#endif -+#ifdef ossl_OBJ_kisa -+#define OBJ_kisa ossl_OBJ_kisa -+#endif -+ -+#ifdef ossl_SN_seed_ecb -+#define SN_seed_ecb ossl_SN_seed_ecb -+#endif -+#ifdef ossl_LN_seed_ecb -+#define LN_seed_ecb ossl_LN_seed_ecb -+#endif -+#ifdef ossl_NID_seed_ecb -+#define NID_seed_ecb ossl_NID_seed_ecb -+#endif -+#ifdef ossl_OBJ_seed_ecb -+#define OBJ_seed_ecb ossl_OBJ_seed_ecb -+#endif -+ -+#ifdef ossl_SN_seed_cbc -+#define SN_seed_cbc ossl_SN_seed_cbc -+#endif -+#ifdef ossl_LN_seed_cbc -+#define LN_seed_cbc ossl_LN_seed_cbc -+#endif -+#ifdef ossl_NID_seed_cbc -+#define NID_seed_cbc ossl_NID_seed_cbc -+#endif -+#ifdef ossl_OBJ_seed_cbc -+#define OBJ_seed_cbc ossl_OBJ_seed_cbc -+#endif -+ -+#ifdef ossl_SN_seed_ofb128 -+#define SN_seed_ofb128 ossl_SN_seed_ofb128 -+#endif -+#ifdef ossl_LN_seed_ofb128 -+#define LN_seed_ofb128 ossl_LN_seed_ofb128 -+#endif -+#ifdef ossl_NID_seed_ofb128 -+#define NID_seed_ofb128 ossl_NID_seed_ofb128 -+#endif -+#ifdef ossl_OBJ_seed_ofb128 -+#define OBJ_seed_ofb128 ossl_OBJ_seed_ofb128 -+#endif -+ -+#ifdef ossl_SN_seed_cfb128 -+#define SN_seed_cfb128 ossl_SN_seed_cfb128 -+#endif -+#ifdef ossl_LN_seed_cfb128 -+#define LN_seed_cfb128 ossl_LN_seed_cfb128 -+#endif -+#ifdef ossl_NID_seed_cfb128 -+#define NID_seed_cfb128 ossl_NID_seed_cfb128 -+#endif -+#ifdef ossl_OBJ_seed_cfb128 -+#define OBJ_seed_cfb128 ossl_OBJ_seed_cfb128 -+#endif -+ -+#ifdef ossl_SN_hmac_md5 -+#define SN_hmac_md5 ossl_SN_hmac_md5 -+#endif -+#ifdef ossl_LN_hmac_md5 -+#define LN_hmac_md5 ossl_LN_hmac_md5 -+#endif -+#ifdef ossl_NID_hmac_md5 -+#define NID_hmac_md5 ossl_NID_hmac_md5 -+#endif -+#ifdef ossl_OBJ_hmac_md5 -+#define OBJ_hmac_md5 ossl_OBJ_hmac_md5 -+#endif -+ -+#ifdef ossl_SN_hmac_sha1 -+#define SN_hmac_sha1 ossl_SN_hmac_sha1 -+#endif -+#ifdef ossl_LN_hmac_sha1 -+#define LN_hmac_sha1 ossl_LN_hmac_sha1 -+#endif -+#ifdef ossl_NID_hmac_sha1 -+#define NID_hmac_sha1 ossl_NID_hmac_sha1 -+#endif -+#ifdef ossl_OBJ_hmac_sha1 -+#define OBJ_hmac_sha1 ossl_OBJ_hmac_sha1 -+#endif -+ -+#ifdef ossl_SN_id_PasswordBasedMAC -+#define SN_id_PasswordBasedMAC ossl_SN_id_PasswordBasedMAC -+#endif -+#ifdef ossl_LN_id_PasswordBasedMAC -+#define LN_id_PasswordBasedMAC ossl_LN_id_PasswordBasedMAC -+#endif -+#ifdef ossl_NID_id_PasswordBasedMAC -+#define NID_id_PasswordBasedMAC ossl_NID_id_PasswordBasedMAC -+#endif -+#ifdef ossl_OBJ_id_PasswordBasedMAC -+#define OBJ_id_PasswordBasedMAC ossl_OBJ_id_PasswordBasedMAC -+#endif -+ -+#ifdef ossl_SN_id_DHBasedMac -+#define SN_id_DHBasedMac ossl_SN_id_DHBasedMac -+#endif -+#ifdef ossl_LN_id_DHBasedMac -+#define LN_id_DHBasedMac ossl_LN_id_DHBasedMac -+#endif -+#ifdef ossl_NID_id_DHBasedMac -+#define NID_id_DHBasedMac ossl_NID_id_DHBasedMac -+#endif -+#ifdef ossl_OBJ_id_DHBasedMac -+#define OBJ_id_DHBasedMac ossl_OBJ_id_DHBasedMac -+#endif -+ -+#ifdef ossl_SN_id_it_suppLangTags -+#define SN_id_it_suppLangTags ossl_SN_id_it_suppLangTags -+#endif -+#ifdef ossl_NID_id_it_suppLangTags -+#define NID_id_it_suppLangTags ossl_NID_id_it_suppLangTags -+#endif -+#ifdef ossl_OBJ_id_it_suppLangTags -+#define OBJ_id_it_suppLangTags ossl_OBJ_id_it_suppLangTags -+#endif -+ -+#ifdef ossl_SN_caRepository -+#define SN_caRepository ossl_SN_caRepository -+#endif -+#ifdef ossl_LN_caRepository -+#define LN_caRepository ossl_LN_caRepository -+#endif -+#ifdef ossl_NID_caRepository -+#define NID_caRepository ossl_NID_caRepository -+#endif -+#ifdef ossl_OBJ_caRepository -+#define OBJ_caRepository ossl_OBJ_caRepository -+#endif -+ -+#ifdef ossl_SN_id_smime_ct_compressedData -+#define SN_id_smime_ct_compressedData ossl_SN_id_smime_ct_compressedData -+#endif -+#ifdef ossl_NID_id_smime_ct_compressedData -+#define NID_id_smime_ct_compressedData ossl_NID_id_smime_ct_compressedData -+#endif -+#ifdef ossl_OBJ_id_smime_ct_compressedData -+#define OBJ_id_smime_ct_compressedData ossl_OBJ_id_smime_ct_compressedData -+#endif -+ -+ -+#ifdef ossl_SN_id_ct_asciiTextWithCRLF -+#define SN_id_ct_asciiTextWithCRLF ossl_SN_id_ct_asciiTextWithCRLF -+#endif -+#ifdef ossl_NID_id_ct_asciiTextWithCRLF -+#define NID_id_ct_asciiTextWithCRLF ossl_NID_id_ct_asciiTextWithCRLF -+#endif -+#ifdef ossl_OBJ_id_ct_asciiTextWithCRLF -+#define OBJ_id_ct_asciiTextWithCRLF ossl_OBJ_id_ct_asciiTextWithCRLF -+#endif -+ -+#ifdef ossl_SN_id_aes128_wrap -+#define SN_id_aes128_wrap ossl_SN_id_aes128_wrap -+#endif -+#ifdef ossl_NID_id_aes128_wrap -+#define NID_id_aes128_wrap ossl_NID_id_aes128_wrap -+#endif -+#ifdef ossl_OBJ_id_aes128_wrap -+#define OBJ_id_aes128_wrap ossl_OBJ_id_aes128_wrap -+#endif -+ -+#ifdef ossl_SN_id_aes192_wrap -+#define SN_id_aes192_wrap ossl_SN_id_aes192_wrap -+#endif -+#ifdef ossl_NID_id_aes192_wrap -+#define NID_id_aes192_wrap ossl_NID_id_aes192_wrap -+#endif -+#ifdef ossl_OBJ_id_aes192_wrap -+#define OBJ_id_aes192_wrap ossl_OBJ_id_aes192_wrap -+#endif -+ -+#ifdef ossl_SN_id_aes256_wrap -+#define SN_id_aes256_wrap ossl_SN_id_aes256_wrap -+#endif -+#ifdef ossl_NID_id_aes256_wrap -+#define NID_id_aes256_wrap ossl_NID_id_aes256_wrap -+#endif -+#ifdef ossl_OBJ_id_aes256_wrap -+#define OBJ_id_aes256_wrap ossl_OBJ_id_aes256_wrap -+#endif -+ -+#ifdef ossl_SN_ecdsa_with_Recommended -+#define SN_ecdsa_with_Recommended ossl_SN_ecdsa_with_Recommended -+#endif -+#ifdef ossl_NID_ecdsa_with_Recommended -+#define NID_ecdsa_with_Recommended ossl_NID_ecdsa_with_Recommended -+#endif -+#ifdef ossl_OBJ_ecdsa_with_Recommended -+#define OBJ_ecdsa_with_Recommended ossl_OBJ_ecdsa_with_Recommended -+#endif -+ -+#ifdef ossl_SN_ecdsa_with_Specified -+#define SN_ecdsa_with_Specified ossl_SN_ecdsa_with_Specified -+#endif -+#ifdef ossl_NID_ecdsa_with_Specified -+#define NID_ecdsa_with_Specified ossl_NID_ecdsa_with_Specified -+#endif -+#ifdef ossl_OBJ_ecdsa_with_Specified -+#define OBJ_ecdsa_with_Specified ossl_OBJ_ecdsa_with_Specified -+#endif -+ -+#ifdef ossl_SN_ecdsa_with_SHA224 -+#define SN_ecdsa_with_SHA224 ossl_SN_ecdsa_with_SHA224 -+#endif -+#ifdef ossl_NID_ecdsa_with_SHA224 -+#define NID_ecdsa_with_SHA224 ossl_NID_ecdsa_with_SHA224 -+#endif -+#ifdef ossl_OBJ_ecdsa_with_SHA224 -+#define OBJ_ecdsa_with_SHA224 ossl_OBJ_ecdsa_with_SHA224 -+#endif -+ -+#ifdef ossl_SN_ecdsa_with_SHA256 -+#define SN_ecdsa_with_SHA256 ossl_SN_ecdsa_with_SHA256 -+#endif -+#ifdef ossl_NID_ecdsa_with_SHA256 -+#define NID_ecdsa_with_SHA256 ossl_NID_ecdsa_with_SHA256 -+#endif -+#ifdef ossl_OBJ_ecdsa_with_SHA256 -+#define OBJ_ecdsa_with_SHA256 ossl_OBJ_ecdsa_with_SHA256 -+#endif -+ -+#ifdef ossl_SN_ecdsa_with_SHA384 -+#define SN_ecdsa_with_SHA384 ossl_SN_ecdsa_with_SHA384 -+#endif -+#ifdef ossl_NID_ecdsa_with_SHA384 -+#define NID_ecdsa_with_SHA384 ossl_NID_ecdsa_with_SHA384 -+#endif -+#ifdef ossl_OBJ_ecdsa_with_SHA384 -+#define OBJ_ecdsa_with_SHA384 ossl_OBJ_ecdsa_with_SHA384 -+#endif -+ -+#ifdef ossl_SN_ecdsa_with_SHA512 -+#define SN_ecdsa_with_SHA512 ossl_SN_ecdsa_with_SHA512 -+#endif -+#ifdef ossl_NID_ecdsa_with_SHA512 -+#define NID_ecdsa_with_SHA512 ossl_NID_ecdsa_with_SHA512 -+#endif -+#ifdef ossl_OBJ_ecdsa_with_SHA512 -+#define OBJ_ecdsa_with_SHA512 ossl_OBJ_ecdsa_with_SHA512 -+#endif -+ -+#ifdef ossl_LN_hmacWithMD5 -+#define LN_hmacWithMD5 ossl_LN_hmacWithMD5 -+#endif -+#ifdef ossl_NID_hmacWithMD5 -+#define NID_hmacWithMD5 ossl_NID_hmacWithMD5 -+#endif -+#ifdef ossl_OBJ_hmacWithMD5 -+#define OBJ_hmacWithMD5 ossl_OBJ_hmacWithMD5 -+#endif -+ -+#ifdef ossl_LN_hmacWithSHA224 -+#define LN_hmacWithSHA224 ossl_LN_hmacWithSHA224 -+#endif -+#ifdef ossl_NID_hmacWithSHA224 -+#define NID_hmacWithSHA224 ossl_NID_hmacWithSHA224 -+#endif -+#ifdef ossl_OBJ_hmacWithSHA224 -+#define OBJ_hmacWithSHA224 ossl_OBJ_hmacWithSHA224 -+#endif -+ -+#ifdef ossl_LN_hmacWithSHA256 -+#define LN_hmacWithSHA256 ossl_LN_hmacWithSHA256 -+#endif -+#ifdef ossl_NID_hmacWithSHA256 -+#define NID_hmacWithSHA256 ossl_NID_hmacWithSHA256 -+#endif -+#ifdef ossl_OBJ_hmacWithSHA256 -+#define OBJ_hmacWithSHA256 ossl_OBJ_hmacWithSHA256 -+#endif -+ -+#ifdef ossl_LN_hmacWithSHA384 -+#define LN_hmacWithSHA384 ossl_LN_hmacWithSHA384 -+#endif -+#ifdef ossl_NID_hmacWithSHA384 -+#define NID_hmacWithSHA384 ossl_NID_hmacWithSHA384 -+#endif -+#ifdef ossl_OBJ_hmacWithSHA384 -+#define OBJ_hmacWithSHA384 ossl_OBJ_hmacWithSHA384 -+#endif -+ -+#ifdef ossl_LN_hmacWithSHA512 -+#define LN_hmacWithSHA512 ossl_LN_hmacWithSHA512 -+#endif -+#ifdef ossl_NID_hmacWithSHA512 -+#define NID_hmacWithSHA512 ossl_NID_hmacWithSHA512 -+#endif -+#ifdef ossl_OBJ_hmacWithSHA512 -+#define OBJ_hmacWithSHA512 ossl_OBJ_hmacWithSHA512 -+#endif -+ -+#ifdef ossl_SN_dsa_with_SHA224 -+#define SN_dsa_with_SHA224 ossl_SN_dsa_with_SHA224 -+#endif -+#ifdef ossl_NID_dsa_with_SHA224 -+#define NID_dsa_with_SHA224 ossl_NID_dsa_with_SHA224 -+#endif -+#ifdef ossl_OBJ_dsa_with_SHA224 -+#define OBJ_dsa_with_SHA224 ossl_OBJ_dsa_with_SHA224 -+#endif -+ -+#ifdef ossl_SN_dsa_with_SHA256 -+#define SN_dsa_with_SHA256 ossl_SN_dsa_with_SHA256 -+#endif -+#ifdef ossl_NID_dsa_with_SHA256 -+#define NID_dsa_with_SHA256 ossl_NID_dsa_with_SHA256 -+#endif -+#ifdef ossl_OBJ_dsa_with_SHA256 -+#define OBJ_dsa_with_SHA256 ossl_OBJ_dsa_with_SHA256 -+#endif -+ -+#ifdef ossl_SN_whirlpool -+#define SN_whirlpool ossl_SN_whirlpool -+#endif -+#ifdef ossl_NID_whirlpool -+#define NID_whirlpool ossl_NID_whirlpool -+#endif -+#ifdef ossl_OBJ_whirlpool -+#define OBJ_whirlpool ossl_OBJ_whirlpool -+#endif -+ -+#ifdef ossl_SN_cryptopro -+#define SN_cryptopro ossl_SN_cryptopro -+#endif -+#ifdef ossl_NID_cryptopro -+#define NID_cryptopro ossl_NID_cryptopro -+#endif -+#ifdef ossl_OBJ_cryptopro -+#define OBJ_cryptopro ossl_OBJ_cryptopro -+#endif -+ -+#ifdef ossl_SN_cryptocom -+#define SN_cryptocom ossl_SN_cryptocom -+#endif -+#ifdef ossl_NID_cryptocom -+#define NID_cryptocom ossl_NID_cryptocom -+#endif -+#ifdef ossl_OBJ_cryptocom -+#define OBJ_cryptocom ossl_OBJ_cryptocom -+#endif -+ -+#ifdef ossl_SN_id_GostR3411_94_with_GostR3410_2001 -+#define SN_id_GostR3411_94_with_GostR3410_2001 ossl_SN_id_GostR3411_94_with_GostR3410_2001 -+#endif -+ -+#ifdef ossl_LN_id_GostR3411_94_with_GostR3410_2001 -+#define LN_id_GostR3411_94_with_GostR3410_2001 ossl_LN_id_GostR3411_94_with_GostR3410_2001 -+#endif -+ -+#ifdef ossl_NID_id_GostR3411_94_with_GostR3410_2001 -+#define NID_id_GostR3411_94_with_GostR3410_2001 ossl_NID_id_GostR3411_94_with_GostR3410_2001 -+#endif -+#ifdef ossl_OBJ_id_GostR3411_94_with_GostR3410_2001 -+#define OBJ_id_GostR3411_94_with_GostR3410_2001 ossl_OBJ_id_GostR3411_94_with_GostR3410_2001 -+#endif -+ -+#ifdef ossl_SN_id_GostR3411_94_with_GostR3410_94 -+#define SN_id_GostR3411_94_with_GostR3410_94 ossl_SN_id_GostR3411_94_with_GostR3410_94 -+#endif -+#ifdef ossl_LN_id_GostR3411_94_with_GostR3410_94 -+#define LN_id_GostR3411_94_with_GostR3410_94 ossl_LN_id_GostR3411_94_with_GostR3410_94 -+#endif -+ -+#ifdef ossl_NID_id_GostR3411_94_with_GostR3410_94 -+#define NID_id_GostR3411_94_with_GostR3410_94 ossl_NID_id_GostR3411_94_with_GostR3410_94 -+#endif -+#ifdef ossl_OBJ_id_GostR3411_94_with_GostR3410_94 -+#define OBJ_id_GostR3411_94_with_GostR3410_94 ossl_OBJ_id_GostR3411_94_with_GostR3410_94 -+#endif -+ -+#ifdef ossl_SN_id_GostR3411_94 -+#define SN_id_GostR3411_94 ossl_SN_id_GostR3411_94 -+#endif -+#ifdef ossl_LN_id_GostR3411_94 -+#define LN_id_GostR3411_94 ossl_LN_id_GostR3411_94 -+#endif -+#ifdef ossl_NID_id_GostR3411_94 -+#define NID_id_GostR3411_94 ossl_NID_id_GostR3411_94 -+#endif -+#ifdef ossl_OBJ_id_GostR3411_94 -+#define OBJ_id_GostR3411_94 ossl_OBJ_id_GostR3411_94 -+#endif -+ -+#ifdef ossl_SN_id_HMACGostR3411_94 -+#define SN_id_HMACGostR3411_94 ossl_SN_id_HMACGostR3411_94 -+#endif -+#ifdef ossl_LN_id_HMACGostR3411_94 -+#define LN_id_HMACGostR3411_94 ossl_LN_id_HMACGostR3411_94 -+#endif -+#ifdef ossl_NID_id_HMACGostR3411_94 -+#define NID_id_HMACGostR3411_94 ossl_NID_id_HMACGostR3411_94 -+#endif -+#ifdef ossl_OBJ_id_HMACGostR3411_94 -+#define OBJ_id_HMACGostR3411_94 ossl_OBJ_id_HMACGostR3411_94 -+#endif -+ -+#ifdef ossl_SN_id_GostR3410_2001 -+#define SN_id_GostR3410_2001 ossl_SN_id_GostR3410_2001 -+#endif -+#ifdef ossl_LN_id_GostR3410_2001 -+#define LN_id_GostR3410_2001 ossl_LN_id_GostR3410_2001 -+#endif -+#ifdef ossl_NID_id_GostR3410_2001 -+#define NID_id_GostR3410_2001 ossl_NID_id_GostR3410_2001 -+#endif -+#ifdef ossl_OBJ_id_GostR3410_2001 -+#define OBJ_id_GostR3410_2001 ossl_OBJ_id_GostR3410_2001 -+#endif -+ -+#ifdef ossl_SN_id_GostR3410_94 -+#define SN_id_GostR3410_94 ossl_SN_id_GostR3410_94 -+#endif -+#ifdef ossl_LN_id_GostR3410_94 -+#define LN_id_GostR3410_94 ossl_LN_id_GostR3410_94 -+#endif -+#ifdef ossl_NID_id_GostR3410_94 -+#define NID_id_GostR3410_94 ossl_NID_id_GostR3410_94 -+#endif -+#ifdef ossl_OBJ_id_GostR3410_94 -+#define OBJ_id_GostR3410_94 ossl_OBJ_id_GostR3410_94 -+#endif -+ -+#ifdef ossl_SN_id_Gost28147_89 -+#define SN_id_Gost28147_89 ossl_SN_id_Gost28147_89 -+#endif -+#ifdef ossl_LN_id_Gost28147_89 -+#define LN_id_Gost28147_89 ossl_LN_id_Gost28147_89 -+#endif -+#ifdef ossl_NID_id_Gost28147_89 -+#define NID_id_Gost28147_89 ossl_NID_id_Gost28147_89 -+#endif -+#ifdef ossl_OBJ_id_Gost28147_89 -+#define OBJ_id_Gost28147_89 ossl_OBJ_id_Gost28147_89 -+#endif -+ -+#ifdef ossl_SN_gost89_cnt -+#define SN_gost89_cnt ossl_SN_gost89_cnt -+#endif -+#ifdef ossl_NID_gost89_cnt -+#define NID_gost89_cnt ossl_NID_gost89_cnt -+#endif -+ -+#ifdef ossl_SN_id_Gost28147_89_MAC -+#define SN_id_Gost28147_89_MAC ossl_SN_id_Gost28147_89_MAC -+#endif -+#ifdef ossl_LN_id_Gost28147_89_MAC -+#define LN_id_Gost28147_89_MAC ossl_LN_id_Gost28147_89_MAC -+#endif -+#ifdef ossl_NID_id_Gost28147_89_MAC -+#define NID_id_Gost28147_89_MAC ossl_NID_id_Gost28147_89_MAC -+#endif -+#ifdef ossl_OBJ_id_Gost28147_89_MAC -+#define OBJ_id_Gost28147_89_MAC ossl_OBJ_id_Gost28147_89_MAC -+#endif -+ -+#ifdef ossl_SN_id_GostR3411_94_prf -+#define SN_id_GostR3411_94_prf ossl_SN_id_GostR3411_94_prf -+#endif -+#ifdef ossl_LN_id_GostR3411_94_prf -+#define LN_id_GostR3411_94_prf ossl_LN_id_GostR3411_94_prf -+#endif -+#ifdef ossl_NID_id_GostR3411_94_prf -+#define NID_id_GostR3411_94_prf ossl_NID_id_GostR3411_94_prf -+#endif -+#ifdef ossl_OBJ_id_GostR3411_94_prf -+#define OBJ_id_GostR3411_94_prf ossl_OBJ_id_GostR3411_94_prf -+#endif -+ -+#ifdef ossl_SN_id_GostR3410_2001DH -+#define SN_id_GostR3410_2001DH ossl_SN_id_GostR3410_2001DH -+#endif -+#ifdef ossl_LN_id_GostR3410_2001DH -+#define LN_id_GostR3410_2001DH ossl_LN_id_GostR3410_2001DH -+#endif -+#ifdef ossl_NID_id_GostR3410_2001DH -+#define NID_id_GostR3410_2001DH ossl_NID_id_GostR3410_2001DH -+#endif -+#ifdef ossl_OBJ_id_GostR3410_2001DH -+#define OBJ_id_GostR3410_2001DH ossl_OBJ_id_GostR3410_2001DH -+#endif -+ -+#ifdef ossl_SN_id_GostR3410_94DH -+#define SN_id_GostR3410_94DH ossl_SN_id_GostR3410_94DH -+#endif -+#ifdef ossl_LN_id_GostR3410_94DH -+#define LN_id_GostR3410_94DH ossl_LN_id_GostR3410_94DH -+#endif -+#ifdef ossl_NID_id_GostR3410_94DH -+#define NID_id_GostR3410_94DH ossl_NID_id_GostR3410_94DH -+#endif -+#ifdef ossl_OBJ_id_GostR3410_94DH -+#define OBJ_id_GostR3410_94DH ossl_OBJ_id_GostR3410_94DH -+#endif -+ -+#ifdef ossl_SN_id_Gost28147_89_CryptoPro_KeyMeshing -+#define SN_id_Gost28147_89_CryptoPro_KeyMeshing ossl_SN_id_Gost28147_89_CryptoPro_KeyMeshing -+#endif -+ -+#ifdef ossl_NID_id_Gost28147_89_CryptoPro_KeyMeshing -+#define NID_id_Gost28147_89_CryptoPro_KeyMeshing ossl_NID_id_Gost28147_89_CryptoPro_KeyMeshing -+#endif -+#ifdef ossl_OBJ_id_Gost28147_89_CryptoPro_KeyMeshing -+#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing ossl_OBJ_id_Gost28147_89_CryptoPro_KeyMeshing -+#endif -+ -+#ifdef ossl_SN_id_Gost28147_89_None_KeyMeshing -+#define SN_id_Gost28147_89_None_KeyMeshing ossl_SN_id_Gost28147_89_None_KeyMeshing -+#endif -+#ifdef ossl_NID_id_Gost28147_89_None_KeyMeshing -+#define NID_id_Gost28147_89_None_KeyMeshing ossl_NID_id_Gost28147_89_None_KeyMeshing -+#endif -+#ifdef ossl_OBJ_id_Gost28147_89_None_KeyMeshing -+#define OBJ_id_Gost28147_89_None_KeyMeshing ossl_OBJ_id_Gost28147_89_None_KeyMeshing -+#endif -+ -+#ifdef ossl_SN_id_GostR3411_94_TestParamSet -+#define SN_id_GostR3411_94_TestParamSet ossl_SN_id_GostR3411_94_TestParamSet -+#endif -+#ifdef ossl_NID_id_GostR3411_94_TestParamSet -+#define NID_id_GostR3411_94_TestParamSet ossl_NID_id_GostR3411_94_TestParamSet -+#endif -+#ifdef ossl_OBJ_id_GostR3411_94_TestParamSet -+#define OBJ_id_GostR3411_94_TestParamSet ossl_OBJ_id_GostR3411_94_TestParamSet -+#endif -+ -+#ifdef ossl_SN_id_GostR3411_94_CryptoProParamSet -+#define SN_id_GostR3411_94_CryptoProParamSet ossl_SN_id_GostR3411_94_CryptoProParamSet -+#endif -+#ifdef ossl_NID_id_GostR3411_94_CryptoProParamSet -+#define NID_id_GostR3411_94_CryptoProParamSet ossl_NID_id_GostR3411_94_CryptoProParamSet -+#endif -+#ifdef ossl_OBJ_id_GostR3411_94_CryptoProParamSet -+#define OBJ_id_GostR3411_94_CryptoProParamSet ossl_OBJ_id_GostR3411_94_CryptoProParamSet -+#endif -+ -+#ifdef ossl_SN_id_Gost28147_89_TestParamSet -+#define SN_id_Gost28147_89_TestParamSet ossl_SN_id_Gost28147_89_TestParamSet -+#endif -+#ifdef ossl_NID_id_Gost28147_89_TestParamSet -+#define NID_id_Gost28147_89_TestParamSet ossl_NID_id_Gost28147_89_TestParamSet -+#endif -+#ifdef ossl_OBJ_id_Gost28147_89_TestParamSet -+#define OBJ_id_Gost28147_89_TestParamSet ossl_OBJ_id_Gost28147_89_TestParamSet -+#endif -+ -+#ifdef ossl_SN_id_Gost28147_89_CryptoPro_A_ParamSet -+#define SN_id_Gost28147_89_CryptoPro_A_ParamSet ossl_SN_id_Gost28147_89_CryptoPro_A_ParamSet -+#endif -+ -+#ifdef ossl_NID_id_Gost28147_89_CryptoPro_A_ParamSet -+#define NID_id_Gost28147_89_CryptoPro_A_ParamSet ossl_NID_id_Gost28147_89_CryptoPro_A_ParamSet -+#endif -+#ifdef ossl_OBJ_id_Gost28147_89_CryptoPro_A_ParamSet -+#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet ossl_OBJ_id_Gost28147_89_CryptoPro_A_ParamSet -+#endif -+ -+#ifdef ossl_SN_id_Gost28147_89_CryptoPro_B_ParamSet -+#define SN_id_Gost28147_89_CryptoPro_B_ParamSet ossl_SN_id_Gost28147_89_CryptoPro_B_ParamSet -+#endif -+ -+#ifdef ossl_NID_id_Gost28147_89_CryptoPro_B_ParamSet -+#define NID_id_Gost28147_89_CryptoPro_B_ParamSet ossl_NID_id_Gost28147_89_CryptoPro_B_ParamSet -+#endif -+#ifdef ossl_OBJ_id_Gost28147_89_CryptoPro_B_ParamSet -+#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet ossl_OBJ_id_Gost28147_89_CryptoPro_B_ParamSet -+#endif -+ -+#ifdef ossl_SN_id_Gost28147_89_CryptoPro_C_ParamSet -+#define SN_id_Gost28147_89_CryptoPro_C_ParamSet ossl_SN_id_Gost28147_89_CryptoPro_C_ParamSet -+#endif -+ -+#ifdef ossl_NID_id_Gost28147_89_CryptoPro_C_ParamSet -+#define NID_id_Gost28147_89_CryptoPro_C_ParamSet ossl_NID_id_Gost28147_89_CryptoPro_C_ParamSet -+#endif -+#ifdef ossl_OBJ_id_Gost28147_89_CryptoPro_C_ParamSet -+#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet ossl_OBJ_id_Gost28147_89_CryptoPro_C_ParamSet -+#endif -+ -+#ifdef ossl_SN_id_Gost28147_89_CryptoPro_D_ParamSet -+#define SN_id_Gost28147_89_CryptoPro_D_ParamSet ossl_SN_id_Gost28147_89_CryptoPro_D_ParamSet -+#endif -+ -+#ifdef ossl_NID_id_Gost28147_89_CryptoPro_D_ParamSet -+#define NID_id_Gost28147_89_CryptoPro_D_ParamSet ossl_NID_id_Gost28147_89_CryptoPro_D_ParamSet -+#endif -+#ifdef ossl_OBJ_id_Gost28147_89_CryptoPro_D_ParamSet -+#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet ossl_OBJ_id_Gost28147_89_CryptoPro_D_ParamSet -+#endif -+ -+#ifdef ossl_SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet -+#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet ossl_SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet -+#endif -+ -+#ifdef ossl_NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet -+#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet ossl_NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet -+#endif -+#ifdef ossl_OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet -+#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet ossl_OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet -+#endif -+ -+ -+#ifdef ossl_SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet -+#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet ossl_SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet -+#endif -+ -+#ifdef ossl_NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet -+#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet ossl_NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet -+#endif -+#ifdef ossl_OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet -+#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet ossl_OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet -+#endif -+ -+ -+#ifdef ossl_SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet -+#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet ossl_SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet -+#endif -+ -+#ifdef ossl_NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet -+#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet ossl_NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet -+#endif -+#ifdef ossl_OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet -+#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet ossl_OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet -+#endif -+ -+ -+#ifdef ossl_SN_id_GostR3410_94_TestParamSet -+#define SN_id_GostR3410_94_TestParamSet ossl_SN_id_GostR3410_94_TestParamSet -+#endif -+#ifdef ossl_NID_id_GostR3410_94_TestParamSet -+#define NID_id_GostR3410_94_TestParamSet ossl_NID_id_GostR3410_94_TestParamSet -+#endif -+#ifdef ossl_OBJ_id_GostR3410_94_TestParamSet -+#define OBJ_id_GostR3410_94_TestParamSet ossl_OBJ_id_GostR3410_94_TestParamSet -+#endif -+ -+#ifdef ossl_SN_id_GostR3410_94_CryptoPro_A_ParamSet -+#define SN_id_GostR3410_94_CryptoPro_A_ParamSet ossl_SN_id_GostR3410_94_CryptoPro_A_ParamSet -+#endif -+ -+#ifdef ossl_NID_id_GostR3410_94_CryptoPro_A_ParamSet -+#define NID_id_GostR3410_94_CryptoPro_A_ParamSet ossl_NID_id_GostR3410_94_CryptoPro_A_ParamSet -+#endif -+#ifdef ossl_OBJ_id_GostR3410_94_CryptoPro_A_ParamSet -+#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet ossl_OBJ_id_GostR3410_94_CryptoPro_A_ParamSet -+#endif -+ -+#ifdef ossl_SN_id_GostR3410_94_CryptoPro_B_ParamSet -+#define SN_id_GostR3410_94_CryptoPro_B_ParamSet ossl_SN_id_GostR3410_94_CryptoPro_B_ParamSet -+#endif -+ -+#ifdef ossl_NID_id_GostR3410_94_CryptoPro_B_ParamSet -+#define NID_id_GostR3410_94_CryptoPro_B_ParamSet ossl_NID_id_GostR3410_94_CryptoPro_B_ParamSet -+#endif -+#ifdef ossl_OBJ_id_GostR3410_94_CryptoPro_B_ParamSet -+#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet ossl_OBJ_id_GostR3410_94_CryptoPro_B_ParamSet -+#endif -+ -+#ifdef ossl_SN_id_GostR3410_94_CryptoPro_C_ParamSet -+#define SN_id_GostR3410_94_CryptoPro_C_ParamSet ossl_SN_id_GostR3410_94_CryptoPro_C_ParamSet -+#endif -+ -+#ifdef ossl_NID_id_GostR3410_94_CryptoPro_C_ParamSet -+#define NID_id_GostR3410_94_CryptoPro_C_ParamSet ossl_NID_id_GostR3410_94_CryptoPro_C_ParamSet -+#endif -+#ifdef ossl_OBJ_id_GostR3410_94_CryptoPro_C_ParamSet -+#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet ossl_OBJ_id_GostR3410_94_CryptoPro_C_ParamSet -+#endif -+ -+#ifdef ossl_SN_id_GostR3410_94_CryptoPro_D_ParamSet -+#define SN_id_GostR3410_94_CryptoPro_D_ParamSet ossl_SN_id_GostR3410_94_CryptoPro_D_ParamSet -+#endif -+ -+#ifdef ossl_NID_id_GostR3410_94_CryptoPro_D_ParamSet -+#define NID_id_GostR3410_94_CryptoPro_D_ParamSet ossl_NID_id_GostR3410_94_CryptoPro_D_ParamSet -+#endif -+#ifdef ossl_OBJ_id_GostR3410_94_CryptoPro_D_ParamSet -+#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet ossl_OBJ_id_GostR3410_94_CryptoPro_D_ParamSet -+#endif -+ -+#ifdef ossl_SN_id_GostR3410_94_CryptoPro_XchA_ParamSet -+#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet ossl_SN_id_GostR3410_94_CryptoPro_XchA_ParamSet -+#endif -+ -+#ifdef ossl_NID_id_GostR3410_94_CryptoPro_XchA_ParamSet -+#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet ossl_NID_id_GostR3410_94_CryptoPro_XchA_ParamSet -+#endif -+#ifdef ossl_OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet -+#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet ossl_OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet -+#endif -+ -+ -+#ifdef ossl_SN_id_GostR3410_94_CryptoPro_XchB_ParamSet -+#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet ossl_SN_id_GostR3410_94_CryptoPro_XchB_ParamSet -+#endif -+ -+#ifdef ossl_NID_id_GostR3410_94_CryptoPro_XchB_ParamSet -+#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet ossl_NID_id_GostR3410_94_CryptoPro_XchB_ParamSet -+#endif -+#ifdef ossl_OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet -+#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet ossl_OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet -+#endif -+ -+ -+#ifdef ossl_SN_id_GostR3410_94_CryptoPro_XchC_ParamSet -+#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet ossl_SN_id_GostR3410_94_CryptoPro_XchC_ParamSet -+#endif -+ -+#ifdef ossl_NID_id_GostR3410_94_CryptoPro_XchC_ParamSet -+#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet ossl_NID_id_GostR3410_94_CryptoPro_XchC_ParamSet -+#endif -+#ifdef ossl_OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet -+#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet ossl_OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet -+#endif -+ -+ -+#ifdef ossl_SN_id_GostR3410_2001_TestParamSet -+#define SN_id_GostR3410_2001_TestParamSet ossl_SN_id_GostR3410_2001_TestParamSet -+#endif -+#ifdef ossl_NID_id_GostR3410_2001_TestParamSet -+#define NID_id_GostR3410_2001_TestParamSet ossl_NID_id_GostR3410_2001_TestParamSet -+#endif -+#ifdef ossl_OBJ_id_GostR3410_2001_TestParamSet -+#define OBJ_id_GostR3410_2001_TestParamSet ossl_OBJ_id_GostR3410_2001_TestParamSet -+#endif -+ -+#ifdef ossl_SN_id_GostR3410_2001_CryptoPro_A_ParamSet -+#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet ossl_SN_id_GostR3410_2001_CryptoPro_A_ParamSet -+#endif -+ -+#ifdef ossl_NID_id_GostR3410_2001_CryptoPro_A_ParamSet -+#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet ossl_NID_id_GostR3410_2001_CryptoPro_A_ParamSet -+#endif -+#ifdef ossl_OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet -+#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet ossl_OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet -+#endif -+ -+#ifdef ossl_SN_id_GostR3410_2001_CryptoPro_B_ParamSet -+#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet ossl_SN_id_GostR3410_2001_CryptoPro_B_ParamSet -+#endif -+ -+#ifdef ossl_NID_id_GostR3410_2001_CryptoPro_B_ParamSet -+#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet ossl_NID_id_GostR3410_2001_CryptoPro_B_ParamSet -+#endif -+#ifdef ossl_OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet -+#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet ossl_OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet -+#endif -+ -+#ifdef ossl_SN_id_GostR3410_2001_CryptoPro_C_ParamSet -+#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet ossl_SN_id_GostR3410_2001_CryptoPro_C_ParamSet -+#endif -+ -+#ifdef ossl_NID_id_GostR3410_2001_CryptoPro_C_ParamSet -+#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet ossl_NID_id_GostR3410_2001_CryptoPro_C_ParamSet -+#endif -+#ifdef ossl_OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet -+#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet ossl_OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet -+#endif -+ -+#ifdef ossl_SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet -+#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet ossl_SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet -+#endif -+ -+#ifdef ossl_NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet -+#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet ossl_NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet -+#endif -+#ifdef ossl_OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet -+#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet ossl_OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet -+#endif -+ -+ -+#ifdef ossl_SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet -+#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet ossl_SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet -+#endif -+ -+#ifdef ossl_NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet -+#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet ossl_NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet -+#endif -+#ifdef ossl_OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet -+#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet ossl_OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet -+#endif -+ -+ -+#ifdef ossl_SN_id_GostR3410_94_a -+#define SN_id_GostR3410_94_a ossl_SN_id_GostR3410_94_a -+#endif -+#ifdef ossl_NID_id_GostR3410_94_a -+#define NID_id_GostR3410_94_a ossl_NID_id_GostR3410_94_a -+#endif -+#ifdef ossl_OBJ_id_GostR3410_94_a -+#define OBJ_id_GostR3410_94_a ossl_OBJ_id_GostR3410_94_a -+#endif -+ -+#ifdef ossl_SN_id_GostR3410_94_aBis -+#define SN_id_GostR3410_94_aBis ossl_SN_id_GostR3410_94_aBis -+#endif -+#ifdef ossl_NID_id_GostR3410_94_aBis -+#define NID_id_GostR3410_94_aBis ossl_NID_id_GostR3410_94_aBis -+#endif -+#ifdef ossl_OBJ_id_GostR3410_94_aBis -+#define OBJ_id_GostR3410_94_aBis ossl_OBJ_id_GostR3410_94_aBis -+#endif -+ -+#ifdef ossl_SN_id_GostR3410_94_b -+#define SN_id_GostR3410_94_b ossl_SN_id_GostR3410_94_b -+#endif -+#ifdef ossl_NID_id_GostR3410_94_b -+#define NID_id_GostR3410_94_b ossl_NID_id_GostR3410_94_b -+#endif -+#ifdef ossl_OBJ_id_GostR3410_94_b -+#define OBJ_id_GostR3410_94_b ossl_OBJ_id_GostR3410_94_b -+#endif -+ -+#ifdef ossl_SN_id_GostR3410_94_bBis -+#define SN_id_GostR3410_94_bBis ossl_SN_id_GostR3410_94_bBis -+#endif -+#ifdef ossl_NID_id_GostR3410_94_bBis -+#define NID_id_GostR3410_94_bBis ossl_NID_id_GostR3410_94_bBis -+#endif -+#ifdef ossl_OBJ_id_GostR3410_94_bBis -+#define OBJ_id_GostR3410_94_bBis ossl_OBJ_id_GostR3410_94_bBis -+#endif -+ -+#ifdef ossl_SN_id_Gost28147_89_cc -+#define SN_id_Gost28147_89_cc ossl_SN_id_Gost28147_89_cc -+#endif -+#ifdef ossl_LN_id_Gost28147_89_cc -+#define LN_id_Gost28147_89_cc ossl_LN_id_Gost28147_89_cc -+#endif -+#ifdef ossl_NID_id_Gost28147_89_cc -+#define NID_id_Gost28147_89_cc ossl_NID_id_Gost28147_89_cc -+#endif -+#ifdef ossl_OBJ_id_Gost28147_89_cc -+#define OBJ_id_Gost28147_89_cc ossl_OBJ_id_Gost28147_89_cc -+#endif -+ -+#ifdef ossl_SN_id_GostR3410_94_cc -+#define SN_id_GostR3410_94_cc ossl_SN_id_GostR3410_94_cc -+#endif -+#ifdef ossl_LN_id_GostR3410_94_cc -+#define LN_id_GostR3410_94_cc ossl_LN_id_GostR3410_94_cc -+#endif -+#ifdef ossl_NID_id_GostR3410_94_cc -+#define NID_id_GostR3410_94_cc ossl_NID_id_GostR3410_94_cc -+#endif -+#ifdef ossl_OBJ_id_GostR3410_94_cc -+#define OBJ_id_GostR3410_94_cc ossl_OBJ_id_GostR3410_94_cc -+#endif -+ -+#ifdef ossl_SN_id_GostR3410_2001_cc -+#define SN_id_GostR3410_2001_cc ossl_SN_id_GostR3410_2001_cc -+#endif -+#ifdef ossl_LN_id_GostR3410_2001_cc -+#define LN_id_GostR3410_2001_cc ossl_LN_id_GostR3410_2001_cc -+#endif -+#ifdef ossl_NID_id_GostR3410_2001_cc -+#define NID_id_GostR3410_2001_cc ossl_NID_id_GostR3410_2001_cc -+#endif -+#ifdef ossl_OBJ_id_GostR3410_2001_cc -+#define OBJ_id_GostR3410_2001_cc ossl_OBJ_id_GostR3410_2001_cc -+#endif -+ -+#ifdef ossl_SN_id_GostR3411_94_with_GostR3410_94_cc -+#define SN_id_GostR3411_94_with_GostR3410_94_cc ossl_SN_id_GostR3411_94_with_GostR3410_94_cc -+#endif -+ -+#ifdef ossl_LN_id_GostR3411_94_with_GostR3410_94_cc -+#define LN_id_GostR3411_94_with_GostR3410_94_cc ossl_LN_id_GostR3411_94_with_GostR3410_94_cc -+#endif -+ -+#ifdef ossl_NID_id_GostR3411_94_with_GostR3410_94_cc -+#define NID_id_GostR3411_94_with_GostR3410_94_cc ossl_NID_id_GostR3411_94_with_GostR3410_94_cc -+#endif -+#ifdef ossl_OBJ_id_GostR3411_94_with_GostR3410_94_cc -+#define OBJ_id_GostR3411_94_with_GostR3410_94_cc ossl_OBJ_id_GostR3411_94_with_GostR3410_94_cc -+#endif -+ -+ -+#ifdef ossl_SN_id_GostR3411_94_with_GostR3410_2001_cc -+#define SN_id_GostR3411_94_with_GostR3410_2001_cc ossl_SN_id_GostR3411_94_with_GostR3410_2001_cc -+#endif -+ -+#ifdef ossl_LN_id_GostR3411_94_with_GostR3410_2001_cc -+#define LN_id_GostR3411_94_with_GostR3410_2001_cc ossl_LN_id_GostR3411_94_with_GostR3410_2001_cc -+#endif -+ -+#ifdef ossl_NID_id_GostR3411_94_with_GostR3410_2001_cc -+#define NID_id_GostR3411_94_with_GostR3410_2001_cc ossl_NID_id_GostR3411_94_with_GostR3410_2001_cc -+#endif -+#ifdef ossl_OBJ_id_GostR3411_94_with_GostR3410_2001_cc -+#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc ossl_OBJ_id_GostR3411_94_with_GostR3410_2001_cc -+#endif -+ -+ -+#ifdef ossl_SN_id_GostR3410_2001_ParamSet_cc -+#define SN_id_GostR3410_2001_ParamSet_cc ossl_SN_id_GostR3410_2001_ParamSet_cc -+#endif -+#ifdef ossl_LN_id_GostR3410_2001_ParamSet_cc -+#define LN_id_GostR3410_2001_ParamSet_cc ossl_LN_id_GostR3410_2001_ParamSet_cc -+#endif -+ -+#ifdef ossl_NID_id_GostR3410_2001_ParamSet_cc -+#define NID_id_GostR3410_2001_ParamSet_cc ossl_NID_id_GostR3410_2001_ParamSet_cc -+#endif -+#ifdef ossl_OBJ_id_GostR3410_2001_ParamSet_cc -+#define OBJ_id_GostR3410_2001_ParamSet_cc ossl_OBJ_id_GostR3410_2001_ParamSet_cc -+#endif -+ -+#ifdef ossl_SN_hmac -+#define SN_hmac ossl_SN_hmac -+#endif -+#ifdef ossl_LN_hmac -+#define LN_hmac ossl_LN_hmac -+#endif -+#ifdef ossl_NID_hmac -+#define NID_hmac ossl_NID_hmac -+#endif -+ -+#ifdef ossl_SN_LocalKeySet -+#define SN_LocalKeySet ossl_SN_LocalKeySet -+#endif -+#ifdef ossl_LN_LocalKeySet -+#define LN_LocalKeySet ossl_LN_LocalKeySet -+#endif -+#ifdef ossl_NID_LocalKeySet -+#define NID_LocalKeySet ossl_NID_LocalKeySet -+#endif -+#ifdef ossl_OBJ_LocalKeySet -+#define OBJ_LocalKeySet ossl_OBJ_LocalKeySet -+#endif -+ -+#ifdef ossl_SN_freshest_crl -+#define SN_freshest_crl ossl_SN_freshest_crl -+#endif -+#ifdef ossl_LN_freshest_crl -+#define LN_freshest_crl ossl_LN_freshest_crl -+#endif -+#ifdef ossl_NID_freshest_crl -+#define NID_freshest_crl ossl_NID_freshest_crl -+#endif -+#ifdef ossl_OBJ_freshest_crl -+#define OBJ_freshest_crl ossl_OBJ_freshest_crl -+#endif -+ -+#ifdef ossl_SN_id_on_permanentIdentifier -+#define SN_id_on_permanentIdentifier ossl_SN_id_on_permanentIdentifier -+#endif -+#ifdef ossl_LN_id_on_permanentIdentifier -+#define LN_id_on_permanentIdentifier ossl_LN_id_on_permanentIdentifier -+#endif -+#ifdef ossl_NID_id_on_permanentIdentifier -+#define NID_id_on_permanentIdentifier ossl_NID_id_on_permanentIdentifier -+#endif -+#ifdef ossl_OBJ_id_on_permanentIdentifier -+#define OBJ_id_on_permanentIdentifier ossl_OBJ_id_on_permanentIdentifier -+#endif -+ -+#ifdef ossl_LN_searchGuide -+#define LN_searchGuide ossl_LN_searchGuide -+#endif -+#ifdef ossl_NID_searchGuide -+#define NID_searchGuide ossl_NID_searchGuide -+#endif -+#ifdef ossl_OBJ_searchGuide -+#define OBJ_searchGuide ossl_OBJ_searchGuide -+#endif -+ -+#ifdef ossl_LN_businessCategory -+#define LN_businessCategory ossl_LN_businessCategory -+#endif -+#ifdef ossl_NID_businessCategory -+#define NID_businessCategory ossl_NID_businessCategory -+#endif -+#ifdef ossl_OBJ_businessCategory -+#define OBJ_businessCategory ossl_OBJ_businessCategory -+#endif -+ -+#ifdef ossl_LN_postalAddress -+#define LN_postalAddress ossl_LN_postalAddress -+#endif -+#ifdef ossl_NID_postalAddress -+#define NID_postalAddress ossl_NID_postalAddress -+#endif -+#ifdef ossl_OBJ_postalAddress -+#define OBJ_postalAddress ossl_OBJ_postalAddress -+#endif -+ -+#ifdef ossl_LN_postOfficeBox -+#define LN_postOfficeBox ossl_LN_postOfficeBox -+#endif -+#ifdef ossl_NID_postOfficeBox -+#define NID_postOfficeBox ossl_NID_postOfficeBox -+#endif -+#ifdef ossl_OBJ_postOfficeBox -+#define OBJ_postOfficeBox ossl_OBJ_postOfficeBox -+#endif -+ -+#ifdef ossl_LN_physicalDeliveryOfficeName -+#define LN_physicalDeliveryOfficeName ossl_LN_physicalDeliveryOfficeName -+#endif -+#ifdef ossl_NID_physicalDeliveryOfficeName -+#define NID_physicalDeliveryOfficeName ossl_NID_physicalDeliveryOfficeName -+#endif -+#ifdef ossl_OBJ_physicalDeliveryOfficeName -+#define OBJ_physicalDeliveryOfficeName ossl_OBJ_physicalDeliveryOfficeName -+#endif -+ -+#ifdef ossl_LN_telephoneNumber -+#define LN_telephoneNumber ossl_LN_telephoneNumber -+#endif -+#ifdef ossl_NID_telephoneNumber -+#define NID_telephoneNumber ossl_NID_telephoneNumber -+#endif -+#ifdef ossl_OBJ_telephoneNumber -+#define OBJ_telephoneNumber ossl_OBJ_telephoneNumber -+#endif -+ -+#ifdef ossl_LN_telexNumber -+#define LN_telexNumber ossl_LN_telexNumber -+#endif -+#ifdef ossl_NID_telexNumber -+#define NID_telexNumber ossl_NID_telexNumber -+#endif -+#ifdef ossl_OBJ_telexNumber -+#define OBJ_telexNumber ossl_OBJ_telexNumber -+#endif -+ -+#ifdef ossl_LN_teletexTerminalIdentifier -+#define LN_teletexTerminalIdentifier ossl_LN_teletexTerminalIdentifier -+#endif -+#ifdef ossl_NID_teletexTerminalIdentifier -+#define NID_teletexTerminalIdentifier ossl_NID_teletexTerminalIdentifier -+#endif -+#ifdef ossl_OBJ_teletexTerminalIdentifier -+#define OBJ_teletexTerminalIdentifier ossl_OBJ_teletexTerminalIdentifier -+#endif -+ -+#ifdef ossl_LN_facsimileTelephoneNumber -+#define LN_facsimileTelephoneNumber ossl_LN_facsimileTelephoneNumber -+#endif -+#ifdef ossl_NID_facsimileTelephoneNumber -+#define NID_facsimileTelephoneNumber ossl_NID_facsimileTelephoneNumber -+#endif -+#ifdef ossl_OBJ_facsimileTelephoneNumber -+#define OBJ_facsimileTelephoneNumber ossl_OBJ_facsimileTelephoneNumber -+#endif -+ -+#ifdef ossl_LN_x121Address -+#define LN_x121Address ossl_LN_x121Address -+#endif -+#ifdef ossl_NID_x121Address -+#define NID_x121Address ossl_NID_x121Address -+#endif -+#ifdef ossl_OBJ_x121Address -+#define OBJ_x121Address ossl_OBJ_x121Address -+#endif -+ -+#ifdef ossl_LN_internationaliSDNNumber -+#define LN_internationaliSDNNumber ossl_LN_internationaliSDNNumber -+#endif -+#ifdef ossl_NID_internationaliSDNNumber -+#define NID_internationaliSDNNumber ossl_NID_internationaliSDNNumber -+#endif -+#ifdef ossl_OBJ_internationaliSDNNumber -+#define OBJ_internationaliSDNNumber ossl_OBJ_internationaliSDNNumber -+#endif -+ -+#ifdef ossl_LN_registeredAddress -+#define LN_registeredAddress ossl_LN_registeredAddress -+#endif -+#ifdef ossl_NID_registeredAddress -+#define NID_registeredAddress ossl_NID_registeredAddress -+#endif -+#ifdef ossl_OBJ_registeredAddress -+#define OBJ_registeredAddress ossl_OBJ_registeredAddress -+#endif -+ -+#ifdef ossl_LN_destinationIndicator -+#define LN_destinationIndicator ossl_LN_destinationIndicator -+#endif -+#ifdef ossl_NID_destinationIndicator -+#define NID_destinationIndicator ossl_NID_destinationIndicator -+#endif -+#ifdef ossl_OBJ_destinationIndicator -+#define OBJ_destinationIndicator ossl_OBJ_destinationIndicator -+#endif -+ -+#ifdef ossl_LN_preferredDeliveryMethod -+#define LN_preferredDeliveryMethod ossl_LN_preferredDeliveryMethod -+#endif -+#ifdef ossl_NID_preferredDeliveryMethod -+#define NID_preferredDeliveryMethod ossl_NID_preferredDeliveryMethod -+#endif -+#ifdef ossl_OBJ_preferredDeliveryMethod -+#define OBJ_preferredDeliveryMethod ossl_OBJ_preferredDeliveryMethod -+#endif -+ -+#ifdef ossl_LN_presentationAddress -+#define LN_presentationAddress ossl_LN_presentationAddress -+#endif -+#ifdef ossl_NID_presentationAddress -+#define NID_presentationAddress ossl_NID_presentationAddress -+#endif -+#ifdef ossl_OBJ_presentationAddress -+#define OBJ_presentationAddress ossl_OBJ_presentationAddress -+#endif -+ -+#ifdef ossl_LN_supportedApplicationContext -+#define LN_supportedApplicationContext ossl_LN_supportedApplicationContext -+#endif -+#ifdef ossl_NID_supportedApplicationContext -+#define NID_supportedApplicationContext ossl_NID_supportedApplicationContext -+#endif -+#ifdef ossl_OBJ_supportedApplicationContext -+#define OBJ_supportedApplicationContext ossl_OBJ_supportedApplicationContext -+#endif -+ -+#ifdef ossl_SN_member -+#define SN_member ossl_SN_member -+#endif -+#ifdef ossl_NID_member -+#define NID_member ossl_NID_member -+#endif -+#ifdef ossl_OBJ_member -+#define OBJ_member ossl_OBJ_member -+#endif -+ -+#ifdef ossl_SN_owner -+#define SN_owner ossl_SN_owner -+#endif -+#ifdef ossl_NID_owner -+#define NID_owner ossl_NID_owner -+#endif -+#ifdef ossl_OBJ_owner -+#define OBJ_owner ossl_OBJ_owner -+#endif -+ -+#ifdef ossl_LN_roleOccupant -+#define LN_roleOccupant ossl_LN_roleOccupant -+#endif -+#ifdef ossl_NID_roleOccupant -+#define NID_roleOccupant ossl_NID_roleOccupant -+#endif -+#ifdef ossl_OBJ_roleOccupant -+#define OBJ_roleOccupant ossl_OBJ_roleOccupant -+#endif -+ -+#ifdef ossl_SN_seeAlso -+#define SN_seeAlso ossl_SN_seeAlso -+#endif -+#ifdef ossl_NID_seeAlso -+#define NID_seeAlso ossl_NID_seeAlso -+#endif -+#ifdef ossl_OBJ_seeAlso -+#define OBJ_seeAlso ossl_OBJ_seeAlso -+#endif -+ -+#ifdef ossl_LN_userPassword -+#define LN_userPassword ossl_LN_userPassword -+#endif -+#ifdef ossl_NID_userPassword -+#define NID_userPassword ossl_NID_userPassword -+#endif -+#ifdef ossl_OBJ_userPassword -+#define OBJ_userPassword ossl_OBJ_userPassword -+#endif -+ -+#ifdef ossl_LN_userCertificate -+#define LN_userCertificate ossl_LN_userCertificate -+#endif -+#ifdef ossl_NID_userCertificate -+#define NID_userCertificate ossl_NID_userCertificate -+#endif -+#ifdef ossl_OBJ_userCertificate -+#define OBJ_userCertificate ossl_OBJ_userCertificate -+#endif -+ -+#ifdef ossl_LN_cACertificate -+#define LN_cACertificate ossl_LN_cACertificate -+#endif -+#ifdef ossl_NID_cACertificate -+#define NID_cACertificate ossl_NID_cACertificate -+#endif -+#ifdef ossl_OBJ_cACertificate -+#define OBJ_cACertificate ossl_OBJ_cACertificate -+#endif -+ -+#ifdef ossl_LN_authorityRevocationList -+#define LN_authorityRevocationList ossl_LN_authorityRevocationList -+#endif -+#ifdef ossl_NID_authorityRevocationList -+#define NID_authorityRevocationList ossl_NID_authorityRevocationList -+#endif -+#ifdef ossl_OBJ_authorityRevocationList -+#define OBJ_authorityRevocationList ossl_OBJ_authorityRevocationList -+#endif -+ -+#ifdef ossl_LN_certificateRevocationList -+#define LN_certificateRevocationList ossl_LN_certificateRevocationList -+#endif -+#ifdef ossl_NID_certificateRevocationList -+#define NID_certificateRevocationList ossl_NID_certificateRevocationList -+#endif -+#ifdef ossl_OBJ_certificateRevocationList -+#define OBJ_certificateRevocationList ossl_OBJ_certificateRevocationList -+#endif -+ -+#ifdef ossl_LN_crossCertificatePair -+#define LN_crossCertificatePair ossl_LN_crossCertificatePair -+#endif -+#ifdef ossl_NID_crossCertificatePair -+#define NID_crossCertificatePair ossl_NID_crossCertificatePair -+#endif -+#ifdef ossl_OBJ_crossCertificatePair -+#define OBJ_crossCertificatePair ossl_OBJ_crossCertificatePair -+#endif -+ -+#ifdef ossl_LN_enhancedSearchGuide -+#define LN_enhancedSearchGuide ossl_LN_enhancedSearchGuide -+#endif -+#ifdef ossl_NID_enhancedSearchGuide -+#define NID_enhancedSearchGuide ossl_NID_enhancedSearchGuide -+#endif -+#ifdef ossl_OBJ_enhancedSearchGuide -+#define OBJ_enhancedSearchGuide ossl_OBJ_enhancedSearchGuide -+#endif -+ -+#ifdef ossl_LN_protocolInformation -+#define LN_protocolInformation ossl_LN_protocolInformation -+#endif -+#ifdef ossl_NID_protocolInformation -+#define NID_protocolInformation ossl_NID_protocolInformation -+#endif -+#ifdef ossl_OBJ_protocolInformation -+#define OBJ_protocolInformation ossl_OBJ_protocolInformation -+#endif -+ -+#ifdef ossl_LN_distinguishedName -+#define LN_distinguishedName ossl_LN_distinguishedName -+#endif -+#ifdef ossl_NID_distinguishedName -+#define NID_distinguishedName ossl_NID_distinguishedName -+#endif -+#ifdef ossl_OBJ_distinguishedName -+#define OBJ_distinguishedName ossl_OBJ_distinguishedName -+#endif -+ -+#ifdef ossl_LN_uniqueMember -+#define LN_uniqueMember ossl_LN_uniqueMember -+#endif -+#ifdef ossl_NID_uniqueMember -+#define NID_uniqueMember ossl_NID_uniqueMember -+#endif -+#ifdef ossl_OBJ_uniqueMember -+#define OBJ_uniqueMember ossl_OBJ_uniqueMember -+#endif -+ -+#ifdef ossl_LN_houseIdentifier -+#define LN_houseIdentifier ossl_LN_houseIdentifier -+#endif -+#ifdef ossl_NID_houseIdentifier -+#define NID_houseIdentifier ossl_NID_houseIdentifier -+#endif -+#ifdef ossl_OBJ_houseIdentifier -+#define OBJ_houseIdentifier ossl_OBJ_houseIdentifier -+#endif -+ -+#ifdef ossl_LN_supportedAlgorithms -+#define LN_supportedAlgorithms ossl_LN_supportedAlgorithms -+#endif -+#ifdef ossl_NID_supportedAlgorithms -+#define NID_supportedAlgorithms ossl_NID_supportedAlgorithms -+#endif -+#ifdef ossl_OBJ_supportedAlgorithms -+#define OBJ_supportedAlgorithms ossl_OBJ_supportedAlgorithms -+#endif -+ -+#ifdef ossl_LN_deltaRevocationList -+#define LN_deltaRevocationList ossl_LN_deltaRevocationList -+#endif -+#ifdef ossl_NID_deltaRevocationList -+#define NID_deltaRevocationList ossl_NID_deltaRevocationList -+#endif -+#ifdef ossl_OBJ_deltaRevocationList -+#define OBJ_deltaRevocationList ossl_OBJ_deltaRevocationList -+#endif -+ -+#ifdef ossl_SN_dmdName -+#define SN_dmdName ossl_SN_dmdName -+#endif -+#ifdef ossl_NID_dmdName -+#define NID_dmdName ossl_NID_dmdName -+#endif -+#ifdef ossl_OBJ_dmdName -+#define OBJ_dmdName ossl_OBJ_dmdName -+#endif -+ -+#ifdef ossl_SN_id_alg_PWRI_KEK -+#define SN_id_alg_PWRI_KEK ossl_SN_id_alg_PWRI_KEK -+#endif -+#ifdef ossl_NID_id_alg_PWRI_KEK -+#define NID_id_alg_PWRI_KEK ossl_NID_id_alg_PWRI_KEK -+#endif -+#ifdef ossl_OBJ_id_alg_PWRI_KEK -+#define OBJ_id_alg_PWRI_KEK ossl_OBJ_id_alg_PWRI_KEK -+#endif -+ -+#ifdef ossl_SN_cmac -+#define SN_cmac ossl_SN_cmac -+#endif -+#ifdef ossl_LN_cmac -+#define LN_cmac ossl_LN_cmac -+#endif -+#ifdef ossl_NID_cmac -+#define NID_cmac ossl_NID_cmac -+#endif -+ -+#ifdef ossl_SN_aes_128_gcm -+#define SN_aes_128_gcm ossl_SN_aes_128_gcm -+#endif -+#ifdef ossl_LN_aes_128_gcm -+#define LN_aes_128_gcm ossl_LN_aes_128_gcm -+#endif -+#ifdef ossl_NID_aes_128_gcm -+#define NID_aes_128_gcm ossl_NID_aes_128_gcm -+#endif -+#ifdef ossl_OBJ_aes_128_gcm -+#define OBJ_aes_128_gcm ossl_OBJ_aes_128_gcm -+#endif -+ -+#ifdef ossl_SN_aes_128_ccm -+#define SN_aes_128_ccm ossl_SN_aes_128_ccm -+#endif -+#ifdef ossl_LN_aes_128_ccm -+#define LN_aes_128_ccm ossl_LN_aes_128_ccm -+#endif -+#ifdef ossl_NID_aes_128_ccm -+#define NID_aes_128_ccm ossl_NID_aes_128_ccm -+#endif -+#ifdef ossl_OBJ_aes_128_ccm -+#define OBJ_aes_128_ccm ossl_OBJ_aes_128_ccm -+#endif -+ -+#ifdef ossl_SN_id_aes128_wrap_pad -+#define SN_id_aes128_wrap_pad ossl_SN_id_aes128_wrap_pad -+#endif -+#ifdef ossl_NID_id_aes128_wrap_pad -+#define NID_id_aes128_wrap_pad ossl_NID_id_aes128_wrap_pad -+#endif -+#ifdef ossl_OBJ_id_aes128_wrap_pad -+#define OBJ_id_aes128_wrap_pad ossl_OBJ_id_aes128_wrap_pad -+#endif -+ -+#ifdef ossl_SN_aes_192_gcm -+#define SN_aes_192_gcm ossl_SN_aes_192_gcm -+#endif -+#ifdef ossl_LN_aes_192_gcm -+#define LN_aes_192_gcm ossl_LN_aes_192_gcm -+#endif -+#ifdef ossl_NID_aes_192_gcm -+#define NID_aes_192_gcm ossl_NID_aes_192_gcm -+#endif -+#ifdef ossl_OBJ_aes_192_gcm -+#define OBJ_aes_192_gcm ossl_OBJ_aes_192_gcm -+#endif -+ -+#ifdef ossl_SN_aes_192_ccm -+#define SN_aes_192_ccm ossl_SN_aes_192_ccm -+#endif -+#ifdef ossl_LN_aes_192_ccm -+#define LN_aes_192_ccm ossl_LN_aes_192_ccm -+#endif -+#ifdef ossl_NID_aes_192_ccm -+#define NID_aes_192_ccm ossl_NID_aes_192_ccm -+#endif -+#ifdef ossl_OBJ_aes_192_ccm -+#define OBJ_aes_192_ccm ossl_OBJ_aes_192_ccm -+#endif -+ -+#ifdef ossl_SN_id_aes192_wrap_pad -+#define SN_id_aes192_wrap_pad ossl_SN_id_aes192_wrap_pad -+#endif -+#ifdef ossl_NID_id_aes192_wrap_pad -+#define NID_id_aes192_wrap_pad ossl_NID_id_aes192_wrap_pad -+#endif -+#ifdef ossl_OBJ_id_aes192_wrap_pad -+#define OBJ_id_aes192_wrap_pad ossl_OBJ_id_aes192_wrap_pad -+#endif -+ -+#ifdef ossl_SN_aes_256_gcm -+#define SN_aes_256_gcm ossl_SN_aes_256_gcm -+#endif -+#ifdef ossl_LN_aes_256_gcm -+#define LN_aes_256_gcm ossl_LN_aes_256_gcm -+#endif -+#ifdef ossl_NID_aes_256_gcm -+#define NID_aes_256_gcm ossl_NID_aes_256_gcm -+#endif -+#ifdef ossl_OBJ_aes_256_gcm -+#define OBJ_aes_256_gcm ossl_OBJ_aes_256_gcm -+#endif -+ -+#ifdef ossl_SN_aes_256_ccm -+#define SN_aes_256_ccm ossl_SN_aes_256_ccm -+#endif -+#ifdef ossl_LN_aes_256_ccm -+#define LN_aes_256_ccm ossl_LN_aes_256_ccm -+#endif -+#ifdef ossl_NID_aes_256_ccm -+#define NID_aes_256_ccm ossl_NID_aes_256_ccm -+#endif -+#ifdef ossl_OBJ_aes_256_ccm -+#define OBJ_aes_256_ccm ossl_OBJ_aes_256_ccm -+#endif -+ -+#ifdef ossl_SN_id_aes256_wrap_pad -+#define SN_id_aes256_wrap_pad ossl_SN_id_aes256_wrap_pad -+#endif -+#ifdef ossl_NID_id_aes256_wrap_pad -+#define NID_id_aes256_wrap_pad ossl_NID_id_aes256_wrap_pad -+#endif -+#ifdef ossl_OBJ_id_aes256_wrap_pad -+#define OBJ_id_aes256_wrap_pad ossl_OBJ_id_aes256_wrap_pad -+#endif -+ -+#ifdef ossl_SN_aes_128_ctr -+#define SN_aes_128_ctr ossl_SN_aes_128_ctr -+#endif -+#ifdef ossl_LN_aes_128_ctr -+#define LN_aes_128_ctr ossl_LN_aes_128_ctr -+#endif -+#ifdef ossl_NID_aes_128_ctr -+#define NID_aes_128_ctr ossl_NID_aes_128_ctr -+#endif -+ -+#ifdef ossl_SN_aes_192_ctr -+#define SN_aes_192_ctr ossl_SN_aes_192_ctr -+#endif -+#ifdef ossl_LN_aes_192_ctr -+#define LN_aes_192_ctr ossl_LN_aes_192_ctr -+#endif -+#ifdef ossl_NID_aes_192_ctr -+#define NID_aes_192_ctr ossl_NID_aes_192_ctr -+#endif -+ -+#ifdef ossl_SN_aes_256_ctr -+#define SN_aes_256_ctr ossl_SN_aes_256_ctr -+#endif -+#ifdef ossl_LN_aes_256_ctr -+#define LN_aes_256_ctr ossl_LN_aes_256_ctr -+#endif -+#ifdef ossl_NID_aes_256_ctr -+#define NID_aes_256_ctr ossl_NID_aes_256_ctr -+#endif -+ -+#ifdef ossl_SN_id_camellia128_wrap -+#define SN_id_camellia128_wrap ossl_SN_id_camellia128_wrap -+#endif -+#ifdef ossl_NID_id_camellia128_wrap -+#define NID_id_camellia128_wrap ossl_NID_id_camellia128_wrap -+#endif -+#ifdef ossl_OBJ_id_camellia128_wrap -+#define OBJ_id_camellia128_wrap ossl_OBJ_id_camellia128_wrap -+#endif -+ -+#ifdef ossl_SN_id_camellia192_wrap -+#define SN_id_camellia192_wrap ossl_SN_id_camellia192_wrap -+#endif -+#ifdef ossl_NID_id_camellia192_wrap -+#define NID_id_camellia192_wrap ossl_NID_id_camellia192_wrap -+#endif -+#ifdef ossl_OBJ_id_camellia192_wrap -+#define OBJ_id_camellia192_wrap ossl_OBJ_id_camellia192_wrap -+#endif -+ -+#ifdef ossl_SN_id_camellia256_wrap -+#define SN_id_camellia256_wrap ossl_SN_id_camellia256_wrap -+#endif -+#ifdef ossl_NID_id_camellia256_wrap -+#define NID_id_camellia256_wrap ossl_NID_id_camellia256_wrap -+#endif -+#ifdef ossl_OBJ_id_camellia256_wrap -+#define OBJ_id_camellia256_wrap ossl_OBJ_id_camellia256_wrap -+#endif -+ -+#ifdef ossl_SN_anyExtendedKeyUsage -+#define SN_anyExtendedKeyUsage ossl_SN_anyExtendedKeyUsage -+#endif -+#ifdef ossl_LN_anyExtendedKeyUsage -+#define LN_anyExtendedKeyUsage ossl_LN_anyExtendedKeyUsage -+#endif -+#ifdef ossl_NID_anyExtendedKeyUsage -+#define NID_anyExtendedKeyUsage ossl_NID_anyExtendedKeyUsage -+#endif -+#ifdef ossl_OBJ_anyExtendedKeyUsage -+#define OBJ_anyExtendedKeyUsage ossl_OBJ_anyExtendedKeyUsage -+#endif -+ -+#ifdef ossl_SN_mgf1 -+#define SN_mgf1 ossl_SN_mgf1 -+#endif -+#ifdef ossl_LN_mgf1 -+#define LN_mgf1 ossl_LN_mgf1 -+#endif -+#ifdef ossl_NID_mgf1 -+#define NID_mgf1 ossl_NID_mgf1 -+#endif -+#ifdef ossl_OBJ_mgf1 -+#define OBJ_mgf1 ossl_OBJ_mgf1 -+#endif -+ -+#ifdef ossl_SN_rsassaPss -+#define SN_rsassaPss ossl_SN_rsassaPss -+#endif -+#ifdef ossl_LN_rsassaPss -+#define LN_rsassaPss ossl_LN_rsassaPss -+#endif -+#ifdef ossl_NID_rsassaPss -+#define NID_rsassaPss ossl_NID_rsassaPss -+#endif -+#ifdef ossl_OBJ_rsassaPss -+#define OBJ_rsassaPss ossl_OBJ_rsassaPss -+#endif -+ -+#ifdef ossl_SN_aes_128_xts -+#define SN_aes_128_xts ossl_SN_aes_128_xts -+#endif -+#ifdef ossl_LN_aes_128_xts -+#define LN_aes_128_xts ossl_LN_aes_128_xts -+#endif -+#ifdef ossl_NID_aes_128_xts -+#define NID_aes_128_xts ossl_NID_aes_128_xts -+#endif -+ -+#ifdef ossl_SN_aes_256_xts -+#define SN_aes_256_xts ossl_SN_aes_256_xts -+#endif -+#ifdef ossl_LN_aes_256_xts -+#define LN_aes_256_xts ossl_LN_aes_256_xts -+#endif -+#ifdef ossl_NID_aes_256_xts -+#define NID_aes_256_xts ossl_NID_aes_256_xts -+#endif -+ -+#ifdef ossl_SN_rc4_hmac_md5 -+#define SN_rc4_hmac_md5 ossl_SN_rc4_hmac_md5 -+#endif -+#ifdef ossl_LN_rc4_hmac_md5 -+#define LN_rc4_hmac_md5 ossl_LN_rc4_hmac_md5 -+#endif -+#ifdef ossl_NID_rc4_hmac_md5 -+#define NID_rc4_hmac_md5 ossl_NID_rc4_hmac_md5 -+#endif -+ -+#ifdef ossl_SN_aes_128_cbc_hmac_sha1 -+#define SN_aes_128_cbc_hmac_sha1 ossl_SN_aes_128_cbc_hmac_sha1 -+#endif -+#ifdef ossl_LN_aes_128_cbc_hmac_sha1 -+#define LN_aes_128_cbc_hmac_sha1 ossl_LN_aes_128_cbc_hmac_sha1 -+#endif -+#ifdef ossl_NID_aes_128_cbc_hmac_sha1 -+#define NID_aes_128_cbc_hmac_sha1 ossl_NID_aes_128_cbc_hmac_sha1 -+#endif -+ -+#ifdef ossl_SN_aes_192_cbc_hmac_sha1 -+#define SN_aes_192_cbc_hmac_sha1 ossl_SN_aes_192_cbc_hmac_sha1 -+#endif -+#ifdef ossl_LN_aes_192_cbc_hmac_sha1 -+#define LN_aes_192_cbc_hmac_sha1 ossl_LN_aes_192_cbc_hmac_sha1 -+#endif -+#ifdef ossl_NID_aes_192_cbc_hmac_sha1 -+#define NID_aes_192_cbc_hmac_sha1 ossl_NID_aes_192_cbc_hmac_sha1 -+#endif -+ -+#ifdef ossl_SN_aes_256_cbc_hmac_sha1 -+#define SN_aes_256_cbc_hmac_sha1 ossl_SN_aes_256_cbc_hmac_sha1 -+#endif -+#ifdef ossl_LN_aes_256_cbc_hmac_sha1 -+#define LN_aes_256_cbc_hmac_sha1 ossl_LN_aes_256_cbc_hmac_sha1 -+#endif -+#ifdef ossl_NID_aes_256_cbc_hmac_sha1 -+#define NID_aes_256_cbc_hmac_sha1 ossl_NID_aes_256_cbc_hmac_sha1 -+#endif -+ -+#ifdef ossl_SN_rsaesOaep -+#define SN_rsaesOaep ossl_SN_rsaesOaep -+#endif -+#ifdef ossl_LN_rsaesOaep -+#define LN_rsaesOaep ossl_LN_rsaesOaep -+#endif -+#ifdef ossl_NID_rsaesOaep -+#define NID_rsaesOaep ossl_NID_rsaesOaep -+#endif -+#ifdef ossl_OBJ_rsaesOaep -+#define OBJ_rsaesOaep ossl_OBJ_rsaesOaep -+#endif -+ -+#ifdef ossl_SN_dhpublicnumber -+#define SN_dhpublicnumber ossl_SN_dhpublicnumber -+#endif -+#ifdef ossl_LN_dhpublicnumber -+#define LN_dhpublicnumber ossl_LN_dhpublicnumber -+#endif -+#ifdef ossl_NID_dhpublicnumber -+#define NID_dhpublicnumber ossl_NID_dhpublicnumber -+#endif -+#ifdef ossl_OBJ_dhpublicnumber -+#define OBJ_dhpublicnumber ossl_OBJ_dhpublicnumber -+#endif -+ -+#ifdef ossl_SN_brainpoolP160r1 -+#define SN_brainpoolP160r1 ossl_SN_brainpoolP160r1 -+#endif -+#ifdef ossl_NID_brainpoolP160r1 -+#define NID_brainpoolP160r1 ossl_NID_brainpoolP160r1 -+#endif -+#ifdef ossl_OBJ_brainpoolP160r1 -+#define OBJ_brainpoolP160r1 ossl_OBJ_brainpoolP160r1 -+#endif -+ -+#ifdef ossl_SN_brainpoolP160t1 -+#define SN_brainpoolP160t1 ossl_SN_brainpoolP160t1 -+#endif -+#ifdef ossl_NID_brainpoolP160t1 -+#define NID_brainpoolP160t1 ossl_NID_brainpoolP160t1 -+#endif -+#ifdef ossl_OBJ_brainpoolP160t1 -+#define OBJ_brainpoolP160t1 ossl_OBJ_brainpoolP160t1 -+#endif -+ -+#ifdef ossl_SN_brainpoolP192r1 -+#define SN_brainpoolP192r1 ossl_SN_brainpoolP192r1 -+#endif -+#ifdef ossl_NID_brainpoolP192r1 -+#define NID_brainpoolP192r1 ossl_NID_brainpoolP192r1 -+#endif -+#ifdef ossl_OBJ_brainpoolP192r1 -+#define OBJ_brainpoolP192r1 ossl_OBJ_brainpoolP192r1 -+#endif -+ -+#ifdef ossl_SN_brainpoolP192t1 -+#define SN_brainpoolP192t1 ossl_SN_brainpoolP192t1 -+#endif -+#ifdef ossl_NID_brainpoolP192t1 -+#define NID_brainpoolP192t1 ossl_NID_brainpoolP192t1 -+#endif -+#ifdef ossl_OBJ_brainpoolP192t1 -+#define OBJ_brainpoolP192t1 ossl_OBJ_brainpoolP192t1 -+#endif -+ -+#ifdef ossl_SN_brainpoolP224r1 -+#define SN_brainpoolP224r1 ossl_SN_brainpoolP224r1 -+#endif -+#ifdef ossl_NID_brainpoolP224r1 -+#define NID_brainpoolP224r1 ossl_NID_brainpoolP224r1 -+#endif -+#ifdef ossl_OBJ_brainpoolP224r1 -+#define OBJ_brainpoolP224r1 ossl_OBJ_brainpoolP224r1 -+#endif -+ -+#ifdef ossl_SN_brainpoolP224t1 -+#define SN_brainpoolP224t1 ossl_SN_brainpoolP224t1 -+#endif -+#ifdef ossl_NID_brainpoolP224t1 -+#define NID_brainpoolP224t1 ossl_NID_brainpoolP224t1 -+#endif -+#ifdef ossl_OBJ_brainpoolP224t1 -+#define OBJ_brainpoolP224t1 ossl_OBJ_brainpoolP224t1 -+#endif -+ -+#ifdef ossl_SN_brainpoolP256r1 -+#define SN_brainpoolP256r1 ossl_SN_brainpoolP256r1 -+#endif -+#ifdef ossl_NID_brainpoolP256r1 -+#define NID_brainpoolP256r1 ossl_NID_brainpoolP256r1 -+#endif -+#ifdef ossl_OBJ_brainpoolP256r1 -+#define OBJ_brainpoolP256r1 ossl_OBJ_brainpoolP256r1 -+#endif -+ -+#ifdef ossl_SN_brainpoolP256t1 -+#define SN_brainpoolP256t1 ossl_SN_brainpoolP256t1 -+#endif -+#ifdef ossl_NID_brainpoolP256t1 -+#define NID_brainpoolP256t1 ossl_NID_brainpoolP256t1 -+#endif -+#ifdef ossl_OBJ_brainpoolP256t1 -+#define OBJ_brainpoolP256t1 ossl_OBJ_brainpoolP256t1 -+#endif -+ -+#ifdef ossl_SN_brainpoolP320r1 -+#define SN_brainpoolP320r1 ossl_SN_brainpoolP320r1 -+#endif -+#ifdef ossl_NID_brainpoolP320r1 -+#define NID_brainpoolP320r1 ossl_NID_brainpoolP320r1 -+#endif -+#ifdef ossl_OBJ_brainpoolP320r1 -+#define OBJ_brainpoolP320r1 ossl_OBJ_brainpoolP320r1 -+#endif -+ -+#ifdef ossl_SN_brainpoolP320t1 -+#define SN_brainpoolP320t1 ossl_SN_brainpoolP320t1 -+#endif -+#ifdef ossl_NID_brainpoolP320t1 -+#define NID_brainpoolP320t1 ossl_NID_brainpoolP320t1 -+#endif -+#ifdef ossl_OBJ_brainpoolP320t1 -+#define OBJ_brainpoolP320t1 ossl_OBJ_brainpoolP320t1 -+#endif -+ -+#ifdef ossl_SN_brainpoolP384r1 -+#define SN_brainpoolP384r1 ossl_SN_brainpoolP384r1 -+#endif -+#ifdef ossl_NID_brainpoolP384r1 -+#define NID_brainpoolP384r1 ossl_NID_brainpoolP384r1 -+#endif -+#ifdef ossl_OBJ_brainpoolP384r1 -+#define OBJ_brainpoolP384r1 ossl_OBJ_brainpoolP384r1 -+#endif -+ -+#ifdef ossl_SN_brainpoolP384t1 -+#define SN_brainpoolP384t1 ossl_SN_brainpoolP384t1 -+#endif -+#ifdef ossl_NID_brainpoolP384t1 -+#define NID_brainpoolP384t1 ossl_NID_brainpoolP384t1 -+#endif -+#ifdef ossl_OBJ_brainpoolP384t1 -+#define OBJ_brainpoolP384t1 ossl_OBJ_brainpoolP384t1 -+#endif -+ -+#ifdef ossl_SN_brainpoolP512r1 -+#define SN_brainpoolP512r1 ossl_SN_brainpoolP512r1 -+#endif -+#ifdef ossl_NID_brainpoolP512r1 -+#define NID_brainpoolP512r1 ossl_NID_brainpoolP512r1 -+#endif -+#ifdef ossl_OBJ_brainpoolP512r1 -+#define OBJ_brainpoolP512r1 ossl_OBJ_brainpoolP512r1 -+#endif -+ -+#ifdef ossl_SN_brainpoolP512t1 -+#define SN_brainpoolP512t1 ossl_SN_brainpoolP512t1 -+#endif -+#ifdef ossl_NID_brainpoolP512t1 -+#define NID_brainpoolP512t1 ossl_NID_brainpoolP512t1 -+#endif -+#ifdef ossl_OBJ_brainpoolP512t1 -+#define OBJ_brainpoolP512t1 ossl_OBJ_brainpoolP512t1 -+#endif -+ -+#ifdef ossl_SN_pSpecified -+#define SN_pSpecified ossl_SN_pSpecified -+#endif -+#ifdef ossl_LN_pSpecified -+#define LN_pSpecified ossl_LN_pSpecified -+#endif -+#ifdef ossl_NID_pSpecified -+#define NID_pSpecified ossl_NID_pSpecified -+#endif -+#ifdef ossl_OBJ_pSpecified -+#define OBJ_pSpecified ossl_OBJ_pSpecified -+#endif -+ -+#ifdef ossl_SN_dhSinglePass_stdDH_sha1kdf_scheme -+#define SN_dhSinglePass_stdDH_sha1kdf_scheme ossl_SN_dhSinglePass_stdDH_sha1kdf_scheme -+#endif -+#ifdef ossl_NID_dhSinglePass_stdDH_sha1kdf_scheme -+#define NID_dhSinglePass_stdDH_sha1kdf_scheme ossl_NID_dhSinglePass_stdDH_sha1kdf_scheme -+#endif -+#ifdef ossl_OBJ_dhSinglePass_stdDH_sha1kdf_scheme -+#define OBJ_dhSinglePass_stdDH_sha1kdf_scheme ossl_OBJ_dhSinglePass_stdDH_sha1kdf_scheme -+#endif -+ -+ -+#ifdef ossl_SN_dhSinglePass_stdDH_sha224kdf_scheme -+#define SN_dhSinglePass_stdDH_sha224kdf_scheme ossl_SN_dhSinglePass_stdDH_sha224kdf_scheme -+#endif -+ -+#ifdef ossl_NID_dhSinglePass_stdDH_sha224kdf_scheme -+#define NID_dhSinglePass_stdDH_sha224kdf_scheme ossl_NID_dhSinglePass_stdDH_sha224kdf_scheme -+#endif -+#ifdef ossl_OBJ_dhSinglePass_stdDH_sha224kdf_scheme -+#define OBJ_dhSinglePass_stdDH_sha224kdf_scheme ossl_OBJ_dhSinglePass_stdDH_sha224kdf_scheme -+#endif -+ -+#ifdef ossl_SN_dhSinglePass_stdDH_sha256kdf_scheme -+#define SN_dhSinglePass_stdDH_sha256kdf_scheme ossl_SN_dhSinglePass_stdDH_sha256kdf_scheme -+#endif -+ -+#ifdef ossl_NID_dhSinglePass_stdDH_sha256kdf_scheme -+#define NID_dhSinglePass_stdDH_sha256kdf_scheme ossl_NID_dhSinglePass_stdDH_sha256kdf_scheme -+#endif -+#ifdef ossl_OBJ_dhSinglePass_stdDH_sha256kdf_scheme -+#define OBJ_dhSinglePass_stdDH_sha256kdf_scheme ossl_OBJ_dhSinglePass_stdDH_sha256kdf_scheme -+#endif -+ -+#ifdef ossl_SN_dhSinglePass_stdDH_sha384kdf_scheme -+#define SN_dhSinglePass_stdDH_sha384kdf_scheme ossl_SN_dhSinglePass_stdDH_sha384kdf_scheme -+#endif -+ -+#ifdef ossl_NID_dhSinglePass_stdDH_sha384kdf_scheme -+#define NID_dhSinglePass_stdDH_sha384kdf_scheme ossl_NID_dhSinglePass_stdDH_sha384kdf_scheme -+#endif -+#ifdef ossl_OBJ_dhSinglePass_stdDH_sha384kdf_scheme -+#define OBJ_dhSinglePass_stdDH_sha384kdf_scheme ossl_OBJ_dhSinglePass_stdDH_sha384kdf_scheme -+#endif -+ -+#ifdef ossl_SN_dhSinglePass_stdDH_sha512kdf_scheme -+#define SN_dhSinglePass_stdDH_sha512kdf_scheme ossl_SN_dhSinglePass_stdDH_sha512kdf_scheme -+#endif -+ -+#ifdef ossl_NID_dhSinglePass_stdDH_sha512kdf_scheme -+#define NID_dhSinglePass_stdDH_sha512kdf_scheme ossl_NID_dhSinglePass_stdDH_sha512kdf_scheme -+#endif -+#ifdef ossl_OBJ_dhSinglePass_stdDH_sha512kdf_scheme -+#define OBJ_dhSinglePass_stdDH_sha512kdf_scheme ossl_OBJ_dhSinglePass_stdDH_sha512kdf_scheme -+#endif -+ -+#ifdef ossl_SN_dhSinglePass_cofactorDH_sha1kdf_scheme -+#define SN_dhSinglePass_cofactorDH_sha1kdf_scheme ossl_SN_dhSinglePass_cofactorDH_sha1kdf_scheme -+#endif -+ -+#ifdef ossl_NID_dhSinglePass_cofactorDH_sha1kdf_scheme -+#define NID_dhSinglePass_cofactorDH_sha1kdf_scheme ossl_NID_dhSinglePass_cofactorDH_sha1kdf_scheme -+#endif -+#ifdef ossl_OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme -+#define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme ossl_OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme -+#endif -+ -+ -+#ifdef ossl_SN_dhSinglePass_cofactorDH_sha224kdf_scheme -+#define SN_dhSinglePass_cofactorDH_sha224kdf_scheme ossl_SN_dhSinglePass_cofactorDH_sha224kdf_scheme -+#endif -+ -+#ifdef ossl_NID_dhSinglePass_cofactorDH_sha224kdf_scheme -+#define NID_dhSinglePass_cofactorDH_sha224kdf_scheme ossl_NID_dhSinglePass_cofactorDH_sha224kdf_scheme -+#endif -+#ifdef ossl_OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme -+#define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme ossl_OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme -+#endif -+ -+#ifdef ossl_SN_dhSinglePass_cofactorDH_sha256kdf_scheme -+#define SN_dhSinglePass_cofactorDH_sha256kdf_scheme ossl_SN_dhSinglePass_cofactorDH_sha256kdf_scheme -+#endif -+ -+#ifdef ossl_NID_dhSinglePass_cofactorDH_sha256kdf_scheme -+#define NID_dhSinglePass_cofactorDH_sha256kdf_scheme ossl_NID_dhSinglePass_cofactorDH_sha256kdf_scheme -+#endif -+#ifdef ossl_OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme -+#define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme ossl_OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme -+#endif -+ -+#ifdef ossl_SN_dhSinglePass_cofactorDH_sha384kdf_scheme -+#define SN_dhSinglePass_cofactorDH_sha384kdf_scheme ossl_SN_dhSinglePass_cofactorDH_sha384kdf_scheme -+#endif -+ -+#ifdef ossl_NID_dhSinglePass_cofactorDH_sha384kdf_scheme -+#define NID_dhSinglePass_cofactorDH_sha384kdf_scheme ossl_NID_dhSinglePass_cofactorDH_sha384kdf_scheme -+#endif -+#ifdef ossl_OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme -+#define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme ossl_OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme -+#endif -+ -+#ifdef ossl_SN_dhSinglePass_cofactorDH_sha512kdf_scheme -+#define SN_dhSinglePass_cofactorDH_sha512kdf_scheme ossl_SN_dhSinglePass_cofactorDH_sha512kdf_scheme -+#endif -+ -+#ifdef ossl_NID_dhSinglePass_cofactorDH_sha512kdf_scheme -+#define NID_dhSinglePass_cofactorDH_sha512kdf_scheme ossl_NID_dhSinglePass_cofactorDH_sha512kdf_scheme -+#endif -+#ifdef ossl_OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme -+#define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme ossl_OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme -+#endif -+ -+#ifdef ossl_SN_dh_std_kdf -+#define SN_dh_std_kdf ossl_SN_dh_std_kdf -+#endif -+#ifdef ossl_NID_dh_std_kdf -+#define NID_dh_std_kdf ossl_NID_dh_std_kdf -+#endif -+ -+#ifdef ossl_SN_dh_cofactor_kdf -+#define SN_dh_cofactor_kdf ossl_SN_dh_cofactor_kdf -+#endif -+#ifdef ossl_NID_dh_cofactor_kdf -+#define NID_dh_cofactor_kdf ossl_NID_dh_cofactor_kdf -+#endif -+ -+#ifdef ossl_SN_X25519 -+#define SN_X25519 ossl_SN_X25519 -+#endif -+#ifdef ossl_NID_X25519 -+#define NID_X25519 ossl_NID_X25519 -+#endif -+#ifdef ossl_OBJ_X25519 -+#define OBJ_X25519 ossl_OBJ_X25519 -+#endif -+ -+#ifdef ossl_SN_ED25519 -+#define SN_ED25519 ossl_SN_ED25519 -+#endif -+#ifdef ossl_NID_ED25519 -+#define NID_ED25519 ossl_NID_ED25519 -+#endif -+#ifdef ossl_OBJ_ED25519 -+#define OBJ_ED25519 ossl_OBJ_ED25519 -+#endif -+ -+#ifdef ossl_SN_chacha20_poly1305 -+#define SN_chacha20_poly1305 ossl_SN_chacha20_poly1305 -+#endif -+#ifdef ossl_LN_chacha20_poly1305 -+#define LN_chacha20_poly1305 ossl_LN_chacha20_poly1305 -+#endif -+#ifdef ossl_NID_chacha20_poly1305 -+#define NID_chacha20_poly1305 ossl_NID_chacha20_poly1305 -+#endif -+ -+#ifdef ossl_SN_kx_rsa -+#define SN_kx_rsa ossl_SN_kx_rsa -+#endif -+#ifdef ossl_LN_kx_rsa -+#define LN_kx_rsa ossl_LN_kx_rsa -+#endif -+#ifdef ossl_NID_kx_rsa -+#define NID_kx_rsa ossl_NID_kx_rsa -+#endif -+ -+#ifdef ossl_SN_kx_ecdhe -+#define SN_kx_ecdhe ossl_SN_kx_ecdhe -+#endif -+#ifdef ossl_LN_kx_ecdhe -+#define LN_kx_ecdhe ossl_LN_kx_ecdhe -+#endif -+#ifdef ossl_NID_kx_ecdhe -+#define NID_kx_ecdhe ossl_NID_kx_ecdhe -+#endif -+ -+#ifdef ossl_SN_kx_psk -+#define SN_kx_psk ossl_SN_kx_psk -+#endif -+#ifdef ossl_LN_kx_psk -+#define LN_kx_psk ossl_LN_kx_psk -+#endif -+#ifdef ossl_NID_kx_psk -+#define NID_kx_psk ossl_NID_kx_psk -+#endif -+ -+#ifdef ossl_SN_auth_rsa -+#define SN_auth_rsa ossl_SN_auth_rsa -+#endif -+#ifdef ossl_LN_auth_rsa -+#define LN_auth_rsa ossl_LN_auth_rsa -+#endif -+#ifdef ossl_NID_auth_rsa -+#define NID_auth_rsa ossl_NID_auth_rsa -+#endif -+ -+#ifdef ossl_SN_auth_ecdsa -+#define SN_auth_ecdsa ossl_SN_auth_ecdsa -+#endif -+#ifdef ossl_LN_auth_ecdsa -+#define LN_auth_ecdsa ossl_LN_auth_ecdsa -+#endif -+#ifdef ossl_NID_auth_ecdsa -+#define NID_auth_ecdsa ossl_NID_auth_ecdsa -+#endif -+ -+#ifdef ossl_SN_auth_psk -+#define SN_auth_psk ossl_SN_auth_psk -+#endif -+#ifdef ossl_LN_auth_psk -+#define LN_auth_psk ossl_LN_auth_psk -+#endif -+#ifdef ossl_NID_auth_psk -+#define NID_auth_psk ossl_NID_auth_psk -+#endif -+ -+#ifdef ossl_SN_kx_any -+#define SN_kx_any ossl_SN_kx_any -+#endif -+#ifdef ossl_LN_kx_any -+#define LN_kx_any ossl_LN_kx_any -+#endif -+#ifdef ossl_NID_kx_any -+#define NID_kx_any ossl_NID_kx_any -+#endif -+ -+#ifdef ossl_SN_auth_any -+#define SN_auth_any ossl_SN_auth_any -+#endif -+#ifdef ossl_LN_auth_any -+#define LN_auth_any ossl_LN_auth_any -+#endif -+#ifdef ossl_NID_auth_any -+#define NID_auth_any ossl_NID_auth_any -+#endif -+ -+#ifdef ossl_SN_CECPQ2 -+#define SN_CECPQ2 ossl_SN_CECPQ2 -+#endif -+#ifdef ossl_NID_CECPQ2 -+#define NID_CECPQ2 ossl_NID_CECPQ2 -+#endif -+ -+#ifdef ossl_SN_ED448 -+#define SN_ED448 ossl_SN_ED448 -+#endif -+#ifdef ossl_NID_ED448 -+#define NID_ED448 ossl_NID_ED448 -+#endif -+#ifdef ossl_OBJ_ED448 -+#define OBJ_ED448 ossl_OBJ_ED448 -+#endif -+ -+#ifdef ossl_SN_X448 -+#define SN_X448 ossl_SN_X448 -+#endif -+#ifdef ossl_NID_X448 -+#define NID_X448 ossl_NID_X448 -+#endif -+#ifdef ossl_OBJ_X448 -+#define OBJ_X448 ossl_OBJ_X448 -+#endif -+ -+#ifdef ossl_SN_sha512_256 -+#define SN_sha512_256 ossl_SN_sha512_256 -+#endif -+#ifdef ossl_LN_sha512_256 -+#define LN_sha512_256 ossl_LN_sha512_256 -+#endif -+#ifdef ossl_NID_sha512_256 -+#define NID_sha512_256 ossl_NID_sha512_256 -+#endif -+#ifdef ossl_OBJ_sha512_256 -+#define OBJ_sha512_256 ossl_OBJ_sha512_256 -+#endif -+ -+#ifdef ossl_SN_hkdf -+#define SN_hkdf ossl_SN_hkdf -+#endif -+#ifdef ossl_LN_hkdf -+#define LN_hkdf ossl_LN_hkdf -+#endif -+#ifdef ossl_NID_hkdf -+#define NID_hkdf ossl_NID_hkdf -+#endif -+ -+ -+#if defined(__cplusplus) -+} /* extern C */ -+#endif - --// #endif /* OPENSSL_HEADER_NID_H */ -+#endif /* OPENSSL_HEADER_NID_H */ diff --git a/bssl-compat/patch/include/openssl/nid.h.sh b/bssl-compat/patch/include/openssl/nid.h.sh index 12f9b71fef..8c5c986db0 100755 --- a/bssl-compat/patch/include/openssl/nid.h.sh +++ b/bssl-compat/patch/include/openssl/nid.h.sh @@ -1,16 +1,11 @@ #!/bin/bash -SUBSTITUTIONS+=('SN_[a-zA-Z0-9_]*') -SUBSTITUTIONS+=('LN_[a-zA-Z0-9_]*') -SUBSTITUTIONS+=('NID_[a-zA-Z0-9_]*') -SUBSTITUTIONS+=('OBJ_[a-zA-Z0-9_]*') - -EXPRE='s|^#[ \t]*define[ \t]*[^a-zA-Z0-9_]\(' -EXPOST='\)[^a-zA-Z0-9_].*$|#ifdef ossl_\1\n#define \1 ossl_\1\n#endif|' - -for SUBSTITUTION in "${SUBSTITUTIONS[@]}" -do - sed -i -e "${EXPRE}${SUBSTITUTION}${EXPOST}" "$1" -done - -sed -i -e 's|^[ \t]*1L, .*$||g' -e 's|^[ \t]*"[^"]*"$||g' "$1" +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --uncomment-macro-redef 'SN_[a-zA-Z0-9_]*' \ + --uncomment-macro-redef 'LN_[a-zA-Z0-9_]*' \ + --uncomment-macro-redef 'NID_[a-zA-Z0-9_]*' \ + --uncomment-macro-redef 'OBJ_[a-zA-Z0-9_]*' \ + --sed 's|^// \s*1L, .*$||g' \ + --sed 's|^// \s*"[^"]*"$||g' diff --git a/bssl-compat/patch/include/openssl/obj.h.patch b/bssl-compat/patch/include/openssl/obj.h.patch deleted file mode 100644 index c7c6de0272..0000000000 --- a/bssl-compat/patch/include/openssl/obj.h.patch +++ /dev/null @@ -1,56 +0,0 @@ ---- a/include/openssl/obj.h -+++ b/include/openssl/obj.h -@@ -54,17 +54,17 @@ - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - --// #ifndef OPENSSL_HEADER_OBJ_H --// #define OPENSSL_HEADER_OBJ_H -+#ifndef OPENSSL_HEADER_OBJ_H -+#define OPENSSL_HEADER_OBJ_H - --// #include -+#include - --// #include --// #include -+#include -+#include - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // The objects library deals with the registration and indexing of ASN.1 object -@@ -167,7 +167,7 @@ - // contain an ASCII string with a dotted sequence of numbers. The resulting - // object need not be previously known. It returns a freshly allocated - // |ASN1_OBJECT| or NULL on error. --// OPENSSL_EXPORT ASN1_OBJECT *OBJ_txt2obj(const char *s, int dont_search_names); -+OPENSSL_EXPORT ASN1_OBJECT *OBJ_txt2obj(const char *s, int dont_search_names); - - // OBJ_obj2txt converts |obj| to a textual representation. If - // |always_return_oid| is zero then |obj| will be matched against known objects -@@ -246,9 +246,9 @@ - // OPENSSL_EXPORT void OBJ_cleanup(void); - - --// #if defined(__cplusplus) --// } // extern C --// #endif -+#if defined(__cplusplus) -+} // extern C -+#endif - - #ifdef ossl_OBJ_R_UNKNOWN_NID - #define OBJ_R_UNKNOWN_NID ossl_OBJ_R_UNKNOWN_NID -@@ -257,4 +257,4 @@ - #define OBJ_R_INVALID_OID_STRING ossl_OBJ_R_INVALID_OID_STRING - #endif - --// #endif // OPENSSL_HEADER_OBJ_H -+#endif // OPENSSL_HEADER_OBJ_H diff --git a/bssl-compat/patch/include/openssl/obj.h.sh b/bssl-compat/patch/include/openssl/obj.h.sh index a047ff889c..dcc3bff4c4 100755 --- a/bssl-compat/patch/include/openssl/obj.h.sh +++ b/bssl-compat/patch/include/openssl/obj.h.sh @@ -1,4 +1,7 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(OBJ_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail +uncomment.sh "$1" --comment -h \ + --uncomment-func-decl OBJ_txt2obj \ + --uncomment-macro-redef 'OBJ_R_[[:alnum:]_]*' diff --git a/bssl-compat/patch/include/openssl/pem.h.patch b/bssl-compat/patch/include/openssl/pem.h.patch deleted file mode 100644 index cd6a4dd431..0000000000 --- a/bssl-compat/patch/include/openssl/pem.h.patch +++ /dev/null @@ -1,276 +0,0 @@ ---- a/include/openssl/pem.h -+++ b/include/openssl/pem.h -@@ -54,53 +54,53 @@ - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - --// #ifndef OPENSSL_HEADER_PEM_H --// #define OPENSSL_HEADER_PEM_H -+#ifndef OPENSSL_HEADER_PEM_H -+#define OPENSSL_HEADER_PEM_H - --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include - - // For compatibility with open-iscsi, which assumes that it can get - // |OPENSSL_malloc| from pem.h or err.h --// #include -+#include - --// #ifdef __cplusplus --// extern "C" { --// #endif -+#ifdef __cplusplus -+extern "C" { -+#endif - - - // #define PEM_BUFSIZE 1024 - --// #define PEM_STRING_X509_OLD "X509 CERTIFICATE" --// #define PEM_STRING_X509 "CERTIFICATE" --// #define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" --// #define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" --// #define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" --// #define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" --// #define PEM_STRING_X509_CRL "X509 CRL" --// #define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" --// #define PEM_STRING_PUBLIC "PUBLIC KEY" --// #define PEM_STRING_RSA "RSA PRIVATE KEY" --// #define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" --// #define PEM_STRING_DSA "DSA PRIVATE KEY" --// #define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" --// #define PEM_STRING_EC "EC PRIVATE KEY" --// #define PEM_STRING_PKCS7 "PKCS7" --// #define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" --// #define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" --// #define PEM_STRING_PKCS8INF "PRIVATE KEY" --// #define PEM_STRING_DHPARAMS "DH PARAMETERS" --// #define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" --// #define PEM_STRING_DSAPARAMS "DSA PARAMETERS" --// #define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" --// #define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" --// #define PEM_STRING_CMS "CMS" -+#define PEM_STRING_X509_OLD "X509 CERTIFICATE" -+#define PEM_STRING_X509 "CERTIFICATE" -+#define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" -+#define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" -+#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" -+#define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" -+#define PEM_STRING_X509_CRL "X509 CRL" -+#define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" -+#define PEM_STRING_PUBLIC "PUBLIC KEY" -+#define PEM_STRING_RSA "RSA PRIVATE KEY" -+#define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" -+#define PEM_STRING_DSA "DSA PRIVATE KEY" -+#define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" -+#define PEM_STRING_EC "EC PRIVATE KEY" -+#define PEM_STRING_PKCS7 "PKCS7" -+#define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" -+#define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" -+#define PEM_STRING_PKCS8INF "PRIVATE KEY" -+#define PEM_STRING_DHPARAMS "DH PARAMETERS" -+#define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" -+#define PEM_STRING_DSAPARAMS "DSA PARAMETERS" -+#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" -+#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" -+#define PEM_STRING_CMS "CMS" - - // enc_type is one off - // #define PEM_TYPE_ENCRYPTED 10 -@@ -250,67 +250,67 @@ - - // These are the same except they are for the declarations - --// #define DECLARE_PEM_read_fp(name, type) \ --// OPENSSL_EXPORT type *PEM_read_##name(FILE *fp, type **x, \ --// pem_password_cb *cb, void *u); -+#define DECLARE_PEM_read_fp(name, type) \ -+ OPENSSL_EXPORT type *PEM_read_##name(FILE *fp, type **x, \ -+ pem_password_cb *cb, void *u); - --// #define DECLARE_PEM_write_fp(name, type) \ --// OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x); -+#define DECLARE_PEM_write_fp(name, type) \ -+ OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x); - - // #define DECLARE_PEM_write_fp_const(name, type) \ - // OPENSSL_EXPORT int PEM_write_##name(FILE *fp, const type *x); - --// #define DECLARE_PEM_write_cb_fp(name, type) \ --// OPENSSL_EXPORT int PEM_write_##name( \ --// FILE *fp, type *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen, \ --// pem_password_cb *cb, void *u); -- --// #define DECLARE_PEM_read_bio(name, type) \ --// OPENSSL_EXPORT type *PEM_read_bio_##name(BIO *bp, type **x, \ --// pem_password_cb *cb, void *u); -+#define DECLARE_PEM_write_cb_fp(name, type) \ -+ OPENSSL_EXPORT int PEM_write_##name( \ -+ FILE *fp, type *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen, \ -+ pem_password_cb *cb, void *u); -+ -+#define DECLARE_PEM_read_bio(name, type) \ -+ OPENSSL_EXPORT type *PEM_read_bio_##name(BIO *bp, type **x, \ -+ pem_password_cb *cb, void *u); - --// #define DECLARE_PEM_write_bio(name, type) \ --// OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x); -+#define DECLARE_PEM_write_bio(name, type) \ -+ OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x); - - // #define DECLARE_PEM_write_bio_const(name, type) \ - // OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, const type *x); - --// #define DECLARE_PEM_write_cb_bio(name, type) \ --// OPENSSL_EXPORT int PEM_write_bio_##name( \ --// BIO *bp, type *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen, \ --// pem_password_cb *cb, void *u); -+#define DECLARE_PEM_write_cb_bio(name, type) \ -+ OPENSSL_EXPORT int PEM_write_bio_##name( \ -+ BIO *bp, type *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen, \ -+ pem_password_cb *cb, void *u); - - --// #define DECLARE_PEM_write(name, type) \ --// DECLARE_PEM_write_bio(name, type) \ --// DECLARE_PEM_write_fp(name, type) -+#define DECLARE_PEM_write(name, type) \ -+ DECLARE_PEM_write_bio(name, type) \ -+ DECLARE_PEM_write_fp(name, type) - - // #define DECLARE_PEM_write_const(name, type) \ - // DECLARE_PEM_write_bio_const(name, type) \ - // DECLARE_PEM_write_fp_const(name, type) - --// #define DECLARE_PEM_write_cb(name, type) \ --// DECLARE_PEM_write_cb_bio(name, type) \ --// DECLARE_PEM_write_cb_fp(name, type) -- --// #define DECLARE_PEM_read(name, type) \ --// DECLARE_PEM_read_bio(name, type) \ --// DECLARE_PEM_read_fp(name, type) -- --// #define DECLARE_PEM_rw(name, type) \ --// DECLARE_PEM_read(name, type) \ --// DECLARE_PEM_write(name, type) -+#define DECLARE_PEM_write_cb(name, type) \ -+ DECLARE_PEM_write_cb_bio(name, type) \ -+ DECLARE_PEM_write_cb_fp(name, type) -+ -+#define DECLARE_PEM_read(name, type) \ -+ DECLARE_PEM_read_bio(name, type) \ -+ DECLARE_PEM_read_fp(name, type) -+ -+#define DECLARE_PEM_rw(name, type) \ -+ DECLARE_PEM_read(name, type) \ -+ DECLARE_PEM_write(name, type) - - // #define DECLARE_PEM_rw_const(name, type) \ - // DECLARE_PEM_read(name, type) \ - // DECLARE_PEM_write_const(name, type) - --// #define DECLARE_PEM_rw_cb(name, type) \ --// DECLARE_PEM_read(name, type) \ --// DECLARE_PEM_write_cb(name, type) -+#define DECLARE_PEM_rw_cb(name, type) \ -+ DECLARE_PEM_read(name, type) \ -+ DECLARE_PEM_write_cb(name, type) - - // "userdata": new with OpenSSL 0.9.4 --// typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata); -+typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata); - - // OPENSSL_EXPORT int PEM_get_EVP_CIPHER_INFO(char *header, - // EVP_CIPHER_INFO *cipher); -@@ -336,9 +336,9 @@ - // OPENSSL_EXPORT int PEM_write_bio(BIO *bp, const char *name, const char *hdr, - // const unsigned char *data, long len); - --// OPENSSL_EXPORT int PEM_bytes_read_bio(unsigned char **pdata, long *plen, --// char **pnm, const char *name, BIO *bp, --// pem_password_cb *cb, void *u); -+OPENSSL_EXPORT int PEM_bytes_read_bio(unsigned char **pdata, long *plen, -+ char **pnm, const char *name, BIO *bp, -+ pem_password_cb *cb, void *u); - // OPENSSL_EXPORT void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, - // BIO *bp, void **x, pem_password_cb *cb, - // void *u); -@@ -347,8 +347,8 @@ - // unsigned char *kstr, int klen, - // pem_password_cb *cb, void *u); - --// OPENSSL_EXPORT STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio( --// BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); -+OPENSSL_EXPORT STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio( -+ BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); - // OPENSSL_EXPORT int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, - // EVP_CIPHER *enc, unsigned char *kstr, - // int klen, pem_password_cb *cd, -@@ -381,21 +381,21 @@ - // char *str); - - --// DECLARE_PEM_rw(X509, X509) -+DECLARE_PEM_rw(X509, X509) - - // DECLARE_PEM_rw(X509_AUX, X509) - - // DECLARE_PEM_rw(X509_REQ, X509_REQ) - // DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) - --// DECLARE_PEM_rw(X509_CRL, X509_CRL) -+DECLARE_PEM_rw(X509_CRL, X509_CRL) - - // DECLARE_PEM_rw(PKCS7, PKCS7) - // DECLARE_PEM_rw(PKCS8, X509_SIG) - - // DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) - --// DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) -+DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) - - // DECLARE_PEM_rw_const(RSAPublicKey, RSA) - // DECLARE_PEM_rw(RSA_PUBKEY, RSA) -@@ -417,7 +417,7 @@ - // DECLARE_PEM_rw_const(DHparams, DH) - - --// DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) -+DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) - - // DECLARE_PEM_rw(PUBKEY, EVP_PKEY) - -@@ -460,9 +460,9 @@ - // void *u); - - --// #ifdef __cplusplus --// } --// #endif -+#ifdef __cplusplus -+} -+#endif - - #ifdef ossl_PEM_R_BAD_BASE64_DECODE - #define PEM_R_BAD_BASE64_DECODE ossl_PEM_R_BAD_BASE64_DECODE -@@ -510,4 +510,4 @@ - #define PEM_R_UNSUPPORTED_ENCRYPTION ossl_PEM_R_UNSUPPORTED_ENCRYPTION - #endif - --// #endif // OPENSSL_HEADER_PEM_H -+#endif // OPENSSL_HEADER_PEM_H diff --git a/bssl-compat/patch/include/openssl/pem.h.sh b/bssl-compat/patch/include/openssl/pem.h.sh index cf3d6a5087..8963e12d35 100755 --- a/bssl-compat/patch/include/openssl/pem.h.sh +++ b/bssl-compat/patch/include/openssl/pem.h.sh @@ -1,4 +1,26 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(PEM_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail +uncomment.sh "$1" --comment -h \ + --uncomment-macro 'PEM_STRING_[[:alnum:]_]*' \ + --uncomment-macro DECLARE_PEM_read_fp \ + --uncomment-macro DECLARE_PEM_write_fp \ + --uncomment-macro DECLARE_PEM_write_cb_fp \ + --uncomment-macro DECLARE_PEM_read_bio \ + --uncomment-macro DECLARE_PEM_write_bio \ + --uncomment-macro DECLARE_PEM_write_cb_bio \ + --uncomment-macro DECLARE_PEM_write \ + --uncomment-macro DECLARE_PEM_write_cb \ + --uncomment-macro DECLARE_PEM_read \ + --uncomment-macro DECLARE_PEM_rw \ + --uncomment-macro DECLARE_PEM_rw_cb \ + --uncomment-typedef pem_password_cb \ + --uncomment-func-decl PEM_bytes_read_bio \ + --uncomment-func-decl PEM_X509_INFO_read_bio \ + --uncomment-regex 'DECLARE_PEM_rw(X509,' \ + --uncomment-regex 'DECLARE_PEM_rw(X509_CRL,' \ + --uncomment-regex 'DECLARE_PEM_rw_cb(RSAPrivateKey,' \ + --uncomment-regex 'DECLARE_PEM_rw_cb(PrivateKey,' \ + --uncomment-regex '}$' \ + --uncomment-macro-redef 'PEM_R_[[:alnum:]_]*' diff --git a/bssl-compat/patch/include/openssl/pkcs7.h.sh b/bssl-compat/patch/include/openssl/pkcs7.h.sh index b7f0fc714e..74d50a7d0c 100755 --- a/bssl-compat/patch/include/openssl/pkcs7.h.sh +++ b/bssl-compat/patch/include/openssl/pkcs7.h.sh @@ -1,4 +1,6 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(PKCS7_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail +uncomment.sh "$1" --comment \ + --uncomment-macro-redef 'PKCS7_R_[a-zA-Z0-9_]*' diff --git a/bssl-compat/patch/include/openssl/pkcs8.h.patch b/bssl-compat/patch/include/openssl/pkcs8.h.patch deleted file mode 100644 index 4b0fe90530..0000000000 --- a/bssl-compat/patch/include/openssl/pkcs8.h.patch +++ /dev/null @@ -1,112 +0,0 @@ ---- a/include/openssl/pkcs8.h -+++ b/include/openssl/pkcs8.h -@@ -54,16 +54,16 @@ - * Hudson (tjh@cryptsoft.com). */ - - --// #ifndef OPENSSL_HEADER_PKCS8_H --// #define OPENSSL_HEADER_PKCS8_H -+#ifndef OPENSSL_HEADER_PKCS8_H -+#define OPENSSL_HEADER_PKCS8_H - --// #include --// #include -+#include -+#include - - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // PKCS8_encrypt serializes and encrypts a PKCS8_PRIV_KEY_INFO with PBES1 or -@@ -124,9 +124,9 @@ - // success and zero on error. The caller takes ownership of the outputs. - // Any friendlyName attributes (RFC 2985) in the PKCS#12 structure will be - // returned on the |X509| objects as aliases. See also |X509_alias_get0|. --// OPENSSL_EXPORT int PKCS12_get_key_and_certs(EVP_PKEY **out_key, --// STACK_OF(X509) *out_certs, --// CBS *in, const char *password); -+OPENSSL_EXPORT int PKCS12_get_key_and_certs(EVP_PKEY **out_key, -+ STACK_OF(X509) *out_certs, -+ CBS *in, const char *password); - - - // Deprecated functions. -@@ -149,7 +149,7 @@ - // size_t ber_len); - - // d2i_PKCS12_bio acts like |d2i_PKCS12| but reads from a |BIO|. --// OPENSSL_EXPORT PKCS12* d2i_PKCS12_bio(BIO *bio, PKCS12 **out_p12); -+OPENSSL_EXPORT PKCS12* d2i_PKCS12_bio(BIO *bio, PKCS12 **out_p12); - - // d2i_PKCS12_fp acts like |d2i_PKCS12| but reads from a |FILE|. - // OPENSSL_EXPORT PKCS12* d2i_PKCS12_fp(FILE *fp, PKCS12 **out_p12); -@@ -184,9 +184,9 @@ - // It returns one on success and zero on error. - // - // Use |PKCS12_get_key_and_certs| instead. --// OPENSSL_EXPORT int PKCS12_parse(const PKCS12 *p12, const char *password, --// EVP_PKEY **out_pkey, X509 **out_cert, --// STACK_OF(X509) **out_ca_certs); -+OPENSSL_EXPORT int PKCS12_parse(const PKCS12 *p12, const char *password, -+ EVP_PKEY **out_pkey, X509 **out_cert, -+ STACK_OF(X509) **out_ca_certs); - - // PKCS12_verify_mac returns one if |password| is a valid password for |p12| - // and zero otherwise. Since |PKCS12_parse| doesn't take a length parameter, -@@ -196,8 +196,8 @@ - // |password[password_len]| must be zero and no other NUL bytes may appear in - // |password|. If the |password_len| checks fail, zero is returned - // immediately. --// OPENSSL_EXPORT int PKCS12_verify_mac(const PKCS12 *p12, const char *password, --// int password_len); -+OPENSSL_EXPORT int PKCS12_verify_mac(const PKCS12 *p12, const char *password, -+ int password_len); - - // PKCS12_DEFAULT_ITER is the default number of KDF iterations used when - // creating a |PKCS12| object. -@@ -233,24 +233,24 @@ - // int mac_iterations, int key_type); - - // PKCS12_free frees |p12| and its contents. --// OPENSSL_EXPORT void PKCS12_free(PKCS12 *p12); -+OPENSSL_EXPORT void PKCS12_free(PKCS12 *p12); - - --// #if defined(__cplusplus) --// } // extern C -+#if defined(__cplusplus) -+} // extern C - --// extern "C++" { -+extern "C++" { - --// BSSL_NAMESPACE_BEGIN -+BSSL_NAMESPACE_BEGIN - --// BORINGSSL_MAKE_DELETER(PKCS12, PKCS12_free) -+BORINGSSL_MAKE_DELETER(PKCS12, PKCS12_free) - // BORINGSSL_MAKE_DELETER(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free) - --// BSSL_NAMESPACE_END -+BSSL_NAMESPACE_END - --// } // extern C++ -+} // extern C++ - --// #endif -+#endif - - #ifdef ossl_PKCS8_R_BAD_PKCS12_DATA - #define PKCS8_R_BAD_PKCS12_DATA ossl_PKCS8_R_BAD_PKCS12_DATA -@@ -355,4 +355,4 @@ - #define PKCS8_R_AMBIGUOUS_FRIENDLY_NAME ossl_PKCS8_R_AMBIGUOUS_FRIENDLY_NAME - #endif - --// #endif // OPENSSL_HEADER_PKCS8_H -+#endif // OPENSSL_HEADER_PKCS8_H diff --git a/bssl-compat/patch/include/openssl/pkcs8.h.sh b/bssl-compat/patch/include/openssl/pkcs8.h.sh index eeaa362021..5aed0aa21f 100755 --- a/bssl-compat/patch/include/openssl/pkcs8.h.sh +++ b/bssl-compat/patch/include/openssl/pkcs8.h.sh @@ -1,4 +1,12 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(PKCS8_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail +uncomment.sh "$1" --comment -h \ + --uncomment-func-decl PKCS12_get_key_and_certs \ + --uncomment-func-decl d2i_PKCS12_bio \ + --uncomment-func-decl PKCS12_parse \ + --uncomment-func-decl PKCS12_verify_mac \ + --uncomment-func-decl PKCS12_free \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(PKCS12,' \ + --uncomment-macro-redef 'PKCS8_R_[[:alnum:]_]*' diff --git a/bssl-compat/patch/include/openssl/pool.h.patch b/bssl-compat/patch/include/openssl/pool.h.patch deleted file mode 100644 index 88edb44283..0000000000 --- a/bssl-compat/patch/include/openssl/pool.h.patch +++ /dev/null @@ -1,77 +0,0 @@ ---- a/include/openssl/pool.h -+++ b/include/openssl/pool.h -@@ -12,16 +12,16 @@ - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - --// #ifndef OPENSSL_HEADER_POOL_H --// #define OPENSSL_HEADER_POOL_H -+#ifndef OPENSSL_HEADER_POOL_H -+#define OPENSSL_HEADER_POOL_H - --// #include -+#include - --// #include -+#include - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // Buffers and buffer pools. -@@ -45,8 +45,8 @@ - // reference to a previously existing |CRYPTO_BUFFER| that contained the same - // data. Otherwise, the returned, fresh |CRYPTO_BUFFER| will be added to the - // pool. --// OPENSSL_EXPORT CRYPTO_BUFFER *CRYPTO_BUFFER_new(const uint8_t *data, size_t len, --// CRYPTO_BUFFER_POOL *pool); -+OPENSSL_EXPORT CRYPTO_BUFFER *CRYPTO_BUFFER_new(const uint8_t *data, size_t len, -+ CRYPTO_BUFFER_POOL *pool); - - // CRYPTO_BUFFER_alloc creates an unpooled |CRYPTO_BUFFER| of the given size and - // writes the underlying data pointer to |*out_data|. It returns NULL on error. -@@ -71,7 +71,7 @@ - // CRYPTO_BUFFER_free decrements the reference count of |buf|. If there are no - // other references, or if the only remaining reference is from a pool, then - // |buf| will be freed. --// OPENSSL_EXPORT void CRYPTO_BUFFER_free(CRYPTO_BUFFER *buf); -+OPENSSL_EXPORT void CRYPTO_BUFFER_free(CRYPTO_BUFFER *buf); - - // CRYPTO_BUFFER_up_ref increments the reference count of |buf| and returns - // one. -@@ -88,21 +88,21 @@ - // OPENSSL_EXPORT void CRYPTO_BUFFER_init_CBS(const CRYPTO_BUFFER *buf, CBS *out); - - --// #if defined(__cplusplus) --// } // extern C -+#if defined(__cplusplus) -+} // extern C - --// extern "C++" { -+extern "C++" { - --// BSSL_NAMESPACE_BEGIN -+BSSL_NAMESPACE_BEGIN - - // BORINGSSL_MAKE_DELETER(CRYPTO_BUFFER_POOL, CRYPTO_BUFFER_POOL_free) --// BORINGSSL_MAKE_DELETER(CRYPTO_BUFFER, CRYPTO_BUFFER_free) -+BORINGSSL_MAKE_DELETER(CRYPTO_BUFFER, CRYPTO_BUFFER_free) - // BORINGSSL_MAKE_UP_REF(CRYPTO_BUFFER, CRYPTO_BUFFER_up_ref) - --// BSSL_NAMESPACE_END -+BSSL_NAMESPACE_END - --// } // extern C++ -+} // extern C++ - --// #endif -+#endif - --// #endif // OPENSSL_HEADER_POOL_H -+#endif // OPENSSL_HEADER_POOL_H diff --git a/bssl-compat/patch/include/openssl/pool.h.sh b/bssl-compat/patch/include/openssl/pool.h.sh new file mode 100755 index 0000000000..82295ff6d0 --- /dev/null +++ b/bssl-compat/patch/include/openssl/pool.h.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --uncomment-func-decl 'CRYPTO_BUFFER_new' \ + --uncomment-func-decl 'CRYPTO_BUFFER_free' \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(CRYPTO_BUFFER,' diff --git a/bssl-compat/patch/include/openssl/rand.h.patch b/bssl-compat/patch/include/openssl/rand.h.patch deleted file mode 100644 index baf1248c8c..0000000000 --- a/bssl-compat/patch/include/openssl/rand.h.patch +++ /dev/null @@ -1,44 +0,0 @@ ---- a/include/openssl/rand.h -+++ b/include/openssl/rand.h -@@ -12,21 +12,21 @@ - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - --// #ifndef OPENSSL_HEADER_RAND_H --// #define OPENSSL_HEADER_RAND_H -+#ifndef OPENSSL_HEADER_RAND_H -+#define OPENSSL_HEADER_RAND_H - --// #include -+#include - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // Random number generation. - - - // RAND_bytes writes |len| bytes of random data to |buf| and returns one. --// OPENSSL_EXPORT int RAND_bytes(uint8_t *buf, size_t len); -+OPENSSL_EXPORT int RAND_bytes(uint8_t *buf, size_t len); - - // RAND_cleanup frees any resources used by the RNG. This is not safe if other - // threads might still be calling |RAND_bytes|. -@@ -107,8 +107,8 @@ - // OPENSSL_EXPORT int RAND_set_rand_method(const RAND_METHOD *); - - --// #if defined(__cplusplus) --// } // extern C --// #endif -+#if defined(__cplusplus) -+} // extern C -+#endif - --// #endif // OPENSSL_HEADER_RAND_H -+#endif // OPENSSL_HEADER_RAND_H diff --git a/bssl-compat/patch/include/openssl/rand.h.sh b/bssl-compat/patch/include/openssl/rand.h.sh index 4fd59a449c..169fe39421 100755 --- a/bssl-compat/patch/include/openssl/rand.h.sh +++ b/bssl-compat/patch/include/openssl/rand.h.sh @@ -1,4 +1,6 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(RAND_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail +uncomment.sh "$1" --comment -h \ + --uncomment-func-decl RAND_bytes diff --git a/bssl-compat/patch/include/openssl/rsa.h.patch b/bssl-compat/patch/include/openssl/rsa.h.patch deleted file mode 100644 index d9d0d4c646..0000000000 --- a/bssl-compat/patch/include/openssl/rsa.h.patch +++ /dev/null @@ -1,276 +0,0 @@ ---- a/include/openssl/rsa.h -+++ b/include/openssl/rsa.h -@@ -54,18 +54,18 @@ - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - --// #ifndef OPENSSL_HEADER_RSA_H --// #define OPENSSL_HEADER_RSA_H -+#ifndef OPENSSL_HEADER_RSA_H -+#define OPENSSL_HEADER_RSA_H - --// #include -+#include - --// #include --// #include --// #include -- --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#include -+#include -+#include -+ -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // rsa.h contains functions for handling encryption and signature using RSA. -@@ -80,14 +80,14 @@ - // functions which take a non-|const| pointer are mutating. - - // RSA_new returns a new, empty |RSA| object or NULL on error. --// OPENSSL_EXPORT RSA *RSA_new(void); -+OPENSSL_EXPORT RSA *RSA_new(void); - - // RSA_new_method acts the same as |RSA_new| but takes an explicit |ENGINE|. - // OPENSSL_EXPORT RSA *RSA_new_method(const ENGINE *engine); - - // RSA_free decrements the reference count of |rsa| and frees it if the - // reference count drops to zero. --// OPENSSL_EXPORT void RSA_free(RSA *rsa); -+OPENSSL_EXPORT void RSA_free(RSA *rsa); - - // RSA_up_ref increments the reference count of |rsa| and returns one. It does - // not mutate |rsa| for thread-safety purposes and may be used concurrently. -@@ -97,7 +97,7 @@ - // Properties. - - // RSA_bits returns the size of |rsa|, in bits. --// OPENSSL_EXPORT unsigned RSA_bits(const RSA *rsa); -+OPENSSL_EXPORT unsigned RSA_bits(const RSA *rsa); - - // RSA_get0_n returns |rsa|'s public modulus. - // OPENSSL_EXPORT const BIGNUM *RSA_get0_n(const RSA *rsa); -@@ -132,21 +132,21 @@ - // RSA_get0_key sets |*out_n|, |*out_e|, and |*out_d|, if non-NULL, to |rsa|'s - // modulus, public exponent, and private exponent, respectively. If |rsa| is a - // public key, the private exponent will be set to NULL. --// OPENSSL_EXPORT void RSA_get0_key(const RSA *rsa, const BIGNUM **out_n, --// const BIGNUM **out_e, const BIGNUM **out_d); -+OPENSSL_EXPORT void RSA_get0_key(const RSA *rsa, const BIGNUM **out_n, -+ const BIGNUM **out_e, const BIGNUM **out_d); - - // RSA_get0_factors sets |*out_p| and |*out_q|, if non-NULL, to |rsa|'s prime - // factors. If |rsa| is a public key, they will be set to NULL. --// OPENSSL_EXPORT void RSA_get0_factors(const RSA *rsa, const BIGNUM **out_p, --// const BIGNUM **out_q); -+OPENSSL_EXPORT void RSA_get0_factors(const RSA *rsa, const BIGNUM **out_p, -+ const BIGNUM **out_q); - - // RSA_get0_crt_params sets |*out_dmp1|, |*out_dmq1|, and |*out_iqmp|, if - // non-NULL, to |rsa|'s CRT parameters. These are d (mod p-1), d (mod q-1) and - // q^-1 (mod p), respectively. If |rsa| is a public key, each parameter will be - // set to NULL. --// OPENSSL_EXPORT void RSA_get0_crt_params(const RSA *rsa, const BIGNUM **out_dmp1, --// const BIGNUM **out_dmq1, --// const BIGNUM **out_iqmp); -+OPENSSL_EXPORT void RSA_get0_crt_params(const RSA *rsa, const BIGNUM **out_dmp1, -+ const BIGNUM **out_dmq1, -+ const BIGNUM **out_iqmp); - - // RSA_set0_key sets |rsa|'s modulus, public exponent, and private exponent to - // |n|, |e|, and |d| respectively, if non-NULL. On success, it takes ownership -@@ -157,7 +157,7 @@ - // - // It is an error to call this function after |rsa| has been used for a - // cryptographic operation. Construct a new |RSA| object instead. --// OPENSSL_EXPORT int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d); -+OPENSSL_EXPORT int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d); - - // RSA_set0_factors sets |rsa|'s prime factors to |p| and |q|, if non-NULL, and - // takes ownership of them. On success, it takes ownership of each argument and -@@ -167,7 +167,7 @@ - // - // It is an error to call this function after |rsa| has been used for a - // cryptographic operation. Construct a new |RSA| object instead. --// OPENSSL_EXPORT int RSA_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q); -+OPENSSL_EXPORT int RSA_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q); - - // RSA_set0_crt_params sets |rsa|'s CRT parameters to |dmp1|, |dmq1|, and - // |iqmp|, if non-NULL, and takes ownership of them. On success, it takes -@@ -177,8 +177,8 @@ - // - // It is an error to call this function after |rsa| has been used for a - // cryptographic operation. Construct a new |RSA| object instead. --// OPENSSL_EXPORT int RSA_set0_crt_params(RSA *rsa, BIGNUM *dmp1, BIGNUM *dmq1, --// BIGNUM *iqmp); -+OPENSSL_EXPORT int RSA_set0_crt_params(RSA *rsa, BIGNUM *dmp1, BIGNUM *dmq1, -+ BIGNUM *iqmp); - - - // Key generation. -@@ -191,8 +191,8 @@ - // with event=3 when a suitable value for |p| is found. - // - // It returns one on success or zero on error. --// OPENSSL_EXPORT int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, --// BN_GENCB *cb); -+OPENSSL_EXPORT int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, -+ BN_GENCB *cb); - - // RSA_generate_key_fips behaves like |RSA_generate_key_ex| but performs - // additional checks for FIPS compliance. The public exponent is always 65537 -@@ -237,9 +237,9 @@ - // The |padding| argument must be one of the |RSA_*_PADDING| values. If in - // doubt, use |RSA_PKCS1_OAEP_PADDING| for new protocols but - // |RSA_PKCS1_PADDING| is most common. --// OPENSSL_EXPORT int RSA_encrypt(RSA *rsa, size_t *out_len, uint8_t *out, --// size_t max_out, const uint8_t *in, size_t in_len, --// int padding); -+OPENSSL_EXPORT int RSA_encrypt(RSA *rsa, size_t *out_len, uint8_t *out, -+ size_t max_out, const uint8_t *in, size_t in_len, -+ int padding); - - // RSA_decrypt decrypts |in_len| bytes from |in| with the private key from - // |rsa| and writes, at most, |max_out| bytes of plaintext to |out|. The -@@ -256,9 +256,9 @@ - // or other mitigation. See "Chosen Ciphertext Attacks Against Protocols Based - // on the RSA Encryption Standard PKCS #1", Daniel Bleichenbacher, Advances in - // Cryptology (Crypto '98). --// OPENSSL_EXPORT int RSA_decrypt(RSA *rsa, size_t *out_len, uint8_t *out, --// size_t max_out, const uint8_t *in, size_t in_len, --// int padding); -+OPENSSL_EXPORT int RSA_decrypt(RSA *rsa, size_t *out_len, uint8_t *out, -+ size_t max_out, const uint8_t *in, size_t in_len, -+ int padding); - - // RSA_public_encrypt encrypts |flen| bytes from |from| to the public key in - // |rsa| and writes the encrypted data to |to|. The |to| buffer must have at -@@ -305,9 +305,9 @@ - // WARNING: |digest| must be the result of hashing the data to be signed with - // |hash_nid|. Passing unhashed inputs will not result in a secure signature - // scheme. --// OPENSSL_EXPORT int RSA_sign(int hash_nid, const uint8_t *digest, --// unsigned digest_len, uint8_t *out, --// unsigned *out_len, RSA *rsa); -+OPENSSL_EXPORT int RSA_sign(int hash_nid, const uint8_t *digest, -+ unsigned digest_len, uint8_t *out, -+ unsigned *out_len, RSA *rsa); - - // RSA_sign_pss_mgf1 signs |digest_len| bytes from |digest| with the public key - // from |rsa| using RSASSA-PSS with MGF1 as the mask generation function. It -@@ -368,9 +368,9 @@ - // WARNING: |digest| must be the result of hashing the data to be verified with - // |hash_nid|. Passing unhashed input will not result in a secure signature - // scheme. --// OPENSSL_EXPORT int RSA_verify(int hash_nid, const uint8_t *digest, --// size_t digest_len, const uint8_t *sig, --// size_t sig_len, RSA *rsa); -+OPENSSL_EXPORT int RSA_verify(int hash_nid, const uint8_t *digest, -+ size_t digest_len, const uint8_t *sig, -+ size_t sig_len, RSA *rsa); - - // RSA_verify_pss_mgf1 verifies that |sig_len| bytes from |sig| are a valid, - // RSASSA-PSS signature of |digest_len| bytes at |digest| by |rsa|. It returns -@@ -449,7 +449,7 @@ - - // RSA_size returns the number of bytes in the modulus, which is also the size - // of a signature or encrypted value using |rsa|. --// OPENSSL_EXPORT unsigned RSA_size(const RSA *rsa); -+OPENSSL_EXPORT unsigned RSA_size(const RSA *rsa); - - // RSA_is_opaque returns one if |rsa| is opaque and doesn't expose its key - // material. Otherwise it returns zero. -@@ -466,7 +466,7 @@ - // RSA_check_key performs basic validity tests on |rsa|. It returns one if - // they pass and zero otherwise. Opaque keys and public keys always pass. If it - // returns zero then a more detailed error is available on the error queue. --// OPENSSL_EXPORT int RSA_check_key(const RSA *rsa); -+OPENSSL_EXPORT int RSA_check_key(const RSA *rsa); - - // RSA_check_fips performs public key validity tests on |key|. It returns one if - // they pass and zero otherwise. Opaque keys always fail. This function does not -@@ -526,10 +526,10 @@ - // DigestInfo header for the given hash function and sets |out_msg| to point to - // it. On successful return, if |*is_alloced| is one, the caller must release - // |*out_msg| with |OPENSSL_free|. --// OPENSSL_EXPORT int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len, --// int *is_alloced, int hash_nid, --// const uint8_t *digest, --// size_t digest_len); -+OPENSSL_EXPORT int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len, -+ int *is_alloced, int hash_nid, -+ const uint8_t *digest, -+ size_t digest_len); - - - // ASN.1 functions. -@@ -541,7 +541,7 @@ - - // RSA_public_key_from_bytes parses |in| as a DER-encoded RSAPublicKey structure - // (RFC 8017). It returns a newly-allocated |RSA| or NULL on error. --// OPENSSL_EXPORT RSA *RSA_public_key_from_bytes(const uint8_t *in, size_t in_len); -+OPENSSL_EXPORT RSA *RSA_public_key_from_bytes(const uint8_t *in, size_t in_len); - - // RSA_marshal_public_key marshals |rsa| as a DER-encoded RSAPublicKey structure - // (RFC 8017) and appends the result to |cbb|. It returns one on success and -@@ -562,8 +562,8 @@ - - // RSA_private_key_from_bytes parses |in| as a DER-encoded RSAPrivateKey - // structure (RFC 8017). It returns a newly-allocated |RSA| or NULL on error. --// OPENSSL_EXPORT RSA *RSA_private_key_from_bytes(const uint8_t *in, --// size_t in_len); -+OPENSSL_EXPORT RSA *RSA_private_key_from_bytes(const uint8_t *in, -+ size_t in_len); - - // RSA_marshal_private_key marshals |rsa| as a DER-encoded RSAPrivateKey - // structure (RFC 8017) and appends the result to |cbb|. It returns one on -@@ -612,7 +612,7 @@ - // RSA public exponent values. - - // #define RSA_3 0x3 --// #define RSA_F4 0x10001 -+#define RSA_F4 ossl_RSA_F4 - - - // Deprecated functions. -@@ -797,21 +797,21 @@ - // }; - - --// #if defined(__cplusplus) --// } // extern C -+#if defined(__cplusplus) -+} // extern C - --// extern "C++" { -+extern "C++" { - --// BSSL_NAMESPACE_BEGIN -+BSSL_NAMESPACE_BEGIN - --// BORINGSSL_MAKE_DELETER(RSA, RSA_free) -+BORINGSSL_MAKE_DELETER(RSA, RSA_free) - // BORINGSSL_MAKE_UP_REF(RSA, RSA_up_ref) - --// BSSL_NAMESPACE_END -+BSSL_NAMESPACE_END - --// } // extern C++ -+} // extern C++ - --// #endif -+#endif - - #ifdef ossl_RSA_R_BAD_ENCODING - #define RSA_R_BAD_ENCODING ossl_RSA_R_BAD_ENCODING -@@ -961,4 +961,4 @@ - #define RSA_R_BLOCK_TYPE_IS_NOT_02 ossl_RSA_R_BLOCK_TYPE_IS_NOT_02 - #endif - --// #endif // OPENSSL_HEADER_RSA_H -+#endif // OPENSSL_HEADER_RSA_H diff --git a/bssl-compat/patch/include/openssl/rsa.h.sh b/bssl-compat/patch/include/openssl/rsa.h.sh index 54843fab0e..89bb27f629 100755 --- a/bssl-compat/patch/include/openssl/rsa.h.sh +++ b/bssl-compat/patch/include/openssl/rsa.h.sh @@ -1,12 +1,28 @@ #!/bin/bash -SUBSTITUTIONS+=('RSA_R_[a-zA-Z0-9_]*') -SUBSTITUTIONS+=('RSA_[a-zA-Z0-9_]*_PADDING') +set -euo pipefail -EXPRE='s|^//[ \t]#[ \t]*define[ \t]*[^a-zA-Z0-9_]\(' -EXPOST='\)[^a-zA-Z0-9_].*$|#ifdef ossl_\1\n#define \1 ossl_\1\n#endif|' - -for SUBSTITUTION in "${SUBSTITUTIONS[@]}" -do - sed -i -e "${EXPRE}${SUBSTITUTION}${EXPOST}" "$1" -done +uncomment.sh "$1" --comment -h \ +--uncomment-func-decl RSA_new \ +--uncomment-func-decl RSA_free \ +--uncomment-func-decl RSA_bits \ +--uncomment-func-decl RSA_get0_key \ +--uncomment-func-decl RSA_get0_factors \ +--uncomment-func-decl RSA_get0_crt_params \ +--uncomment-func-decl RSA_set0_key \ +--uncomment-func-decl RSA_set0_factors \ +--uncomment-func-decl RSA_set0_crt_params \ +--uncomment-func-decl RSA_generate_key_ex \ +--uncomment-func-decl RSA_encrypt \ +--uncomment-func-decl RSA_decrypt \ +--uncomment-func-decl RSA_sign \ +--uncomment-func-decl RSA_verify \ +--uncomment-func-decl RSA_size \ +--uncomment-func-decl RSA_check_key \ +--uncomment-func-decl RSA_add_pkcs1_prefix \ +--uncomment-func-decl RSA_public_key_from_bytes \ +--uncomment-func-decl RSA_private_key_from_bytes \ +--uncomment-macro-redef 'RSA_R_[a-zA-Z0-9_]*' \ +--uncomment-macro-redef 'RSA_[a-zA-Z0-9_]*_PADDING' \ +--uncomment-macro-redef RSA_F4 \ +--uncomment-regex 'BORINGSSL_MAKE_DELETER(RSA' diff --git a/bssl-compat/patch/include/openssl/sha.h.patch b/bssl-compat/patch/include/openssl/sha.h.patch deleted file mode 100644 index 9d34514601..0000000000 --- a/bssl-compat/patch/include/openssl/sha.h.patch +++ /dev/null @@ -1,151 +0,0 @@ ---- a/include/openssl/sha.h -+++ b/include/openssl/sha.h -@@ -54,14 +54,14 @@ - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - --// #ifndef OPENSSL_HEADER_SHA_H --// #define OPENSSL_HEADER_SHA_H -+#ifndef OPENSSL_HEADER_SHA_H -+#define OPENSSL_HEADER_SHA_H - --// #include -+#include - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // The SHA family of hash functions (SHA-1 and SHA-2). -@@ -71,7 +71,7 @@ - // #define SHA_CBLOCK 64 - - // SHA_DIGEST_LENGTH is the length of a SHA-1 digest. --// #define SHA_DIGEST_LENGTH 20 -+#define SHA_DIGEST_LENGTH 20 - - // SHA1_Init initialises |sha| and returns one. - // OPENSSL_EXPORT int SHA1_Init(SHA_CTX *sha); -@@ -87,8 +87,8 @@ - // SHA1 writes the digest of |len| bytes from |data| to |out| and returns - // |out|. There must be at least |SHA_DIGEST_LENGTH| bytes of space in - // |out|. --// OPENSSL_EXPORT uint8_t *SHA1(const uint8_t *data, size_t len, --// uint8_t out[SHA_DIGEST_LENGTH]); -+OPENSSL_EXPORT uint8_t *SHA1(const uint8_t *data, size_t len, -+ uint8_t out[SHA_DIGEST_LENGTH]); - - // SHA1_Transform is a low-level function that performs a single, SHA-1 block - // transformation using the state from |sha| and |SHA_CBLOCK| bytes from -@@ -125,7 +125,7 @@ - // #define SHA224_CBLOCK 64 - - // SHA224_DIGEST_LENGTH is the length of a SHA-224 digest. --// #define SHA224_DIGEST_LENGTH 28 -+#define SHA224_DIGEST_LENGTH 28 - - // SHA224_Init initialises |sha| and returns 1. - // OPENSSL_EXPORT int SHA224_Init(SHA256_CTX *sha); -@@ -142,8 +142,8 @@ - // SHA224 writes the digest of |len| bytes from |data| to |out| and returns - // |out|. There must be at least |SHA224_DIGEST_LENGTH| bytes of space in - // |out|. --// OPENSSL_EXPORT uint8_t *SHA224(const uint8_t *data, size_t len, --// uint8_t out[SHA224_DIGEST_LENGTH]); -+OPENSSL_EXPORT uint8_t *SHA224(const uint8_t *data, size_t len, -+ uint8_t out[SHA224_DIGEST_LENGTH]); - - - // SHA-256. -@@ -152,7 +152,7 @@ - // #define SHA256_CBLOCK 64 - - // SHA256_DIGEST_LENGTH is the length of a SHA-256 digest. --// #define SHA256_DIGEST_LENGTH 32 -+#define SHA256_DIGEST_LENGTH 32 - - // SHA256_Init initialises |sha| and returns 1. - // OPENSSL_EXPORT int SHA256_Init(SHA256_CTX *sha); -@@ -169,8 +169,8 @@ - // SHA256 writes the digest of |len| bytes from |data| to |out| and returns - // |out|. There must be at least |SHA256_DIGEST_LENGTH| bytes of space in - // |out|. --// OPENSSL_EXPORT uint8_t *SHA256(const uint8_t *data, size_t len, --// uint8_t out[SHA256_DIGEST_LENGTH]); -+OPENSSL_EXPORT uint8_t *SHA256(const uint8_t *data, size_t len, -+ uint8_t out[SHA256_DIGEST_LENGTH]); - - // SHA256_Transform is a low-level function that performs a single, SHA-256 - // block transformation using the state from |sha| and |SHA256_CBLOCK| bytes -@@ -200,7 +200,7 @@ - // #define SHA384_CBLOCK 128 - - // SHA384_DIGEST_LENGTH is the length of a SHA-384 digest. --// #define SHA384_DIGEST_LENGTH 48 -+#define SHA384_DIGEST_LENGTH 48 - - // SHA384_Init initialises |sha| and returns 1. - // OPENSSL_EXPORT int SHA384_Init(SHA512_CTX *sha); -@@ -217,8 +217,8 @@ - // SHA384 writes the digest of |len| bytes from |data| to |out| and returns - // |out|. There must be at least |SHA384_DIGEST_LENGTH| bytes of space in - // |out|. --// OPENSSL_EXPORT uint8_t *SHA384(const uint8_t *data, size_t len, --// uint8_t out[SHA384_DIGEST_LENGTH]); -+OPENSSL_EXPORT uint8_t *SHA384(const uint8_t *data, size_t len, -+ uint8_t out[SHA384_DIGEST_LENGTH]); - - - // SHA-512. -@@ -227,7 +227,7 @@ - // #define SHA512_CBLOCK 128 - - // SHA512_DIGEST_LENGTH is the length of a SHA-512 digest. --// #define SHA512_DIGEST_LENGTH 64 -+#define SHA512_DIGEST_LENGTH 64 - - // SHA512_Init initialises |sha| and returns 1. - // OPENSSL_EXPORT int SHA512_Init(SHA512_CTX *sha); -@@ -244,8 +244,8 @@ - // SHA512 writes the digest of |len| bytes from |data| to |out| and returns - // |out|. There must be at least |SHA512_DIGEST_LENGTH| bytes of space in - // |out|. --// OPENSSL_EXPORT uint8_t *SHA512(const uint8_t *data, size_t len, --// uint8_t out[SHA512_DIGEST_LENGTH]); -+OPENSSL_EXPORT uint8_t *SHA512(const uint8_t *data, size_t len, -+ uint8_t out[SHA512_DIGEST_LENGTH]); - - // SHA512_Transform is a low-level function that performs a single, SHA-512 - // block transformation using the state from |sha| and |SHA512_CBLOCK| bytes -@@ -265,7 +265,7 @@ - // - // See https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf section 5.3.6 - --// #define SHA512_256_DIGEST_LENGTH 32 -+#define SHA512_256_DIGEST_LENGTH 32 - - // SHA512_256_Init initialises |sha| and returns 1. - // OPENSSL_EXPORT int SHA512_256_Init(SHA512_CTX *sha); -@@ -283,12 +283,12 @@ - // SHA512_256 writes the digest of |len| bytes from |data| to |out| and returns - // |out|. There must be at least |SHA512_256_DIGEST_LENGTH| bytes of space in - // |out|. --// OPENSSL_EXPORT uint8_t *SHA512_256(const uint8_t *data, size_t len, --// uint8_t out[SHA512_256_DIGEST_LENGTH]); -+OPENSSL_EXPORT uint8_t *SHA512_256(const uint8_t *data, size_t len, -+ uint8_t out[SHA512_256_DIGEST_LENGTH]); - - --// #if defined(__cplusplus) --// } // extern C --// #endif -+#if defined(__cplusplus) -+} // extern C -+#endif - --// #endif // OPENSSL_HEADER_SHA_H -+#endif // OPENSSL_HEADER_SHA_H diff --git a/bssl-compat/patch/include/openssl/sha.h.sh b/bssl-compat/patch/include/openssl/sha.h.sh new file mode 100755 index 0000000000..421003e00b --- /dev/null +++ b/bssl-compat/patch/include/openssl/sha.h.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --uncomment-macro 'SHA[0-9_]*_DIGEST_LENGTH' \ + --uncomment-func-decl SHA1 \ + --uncomment-func-decl SHA224 \ + --uncomment-func-decl SHA256 \ + --uncomment-func-decl SHA384 \ + --uncomment-func-decl SHA512 \ + --uncomment-func-decl SHA512_256 diff --git a/bssl-compat/patch/include/openssl/span.h.patch b/bssl-compat/patch/include/openssl/span.h.patch deleted file mode 100644 index 0498293ade..0000000000 --- a/bssl-compat/patch/include/openssl/span.h.patch +++ /dev/null @@ -1,359 +0,0 @@ ---- a/include/openssl/span.h -+++ b/include/openssl/span.h -@@ -12,53 +12,53 @@ - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - --// #ifndef OPENSSL_HEADER_SSL_SPAN_H --// #define OPENSSL_HEADER_SSL_SPAN_H -+#ifndef OPENSSL_HEADER_SSL_SPAN_H -+#define OPENSSL_HEADER_SSL_SPAN_H - --// #include -+#include - --// #if !defined(BORINGSSL_NO_CXX) -+#if !defined(BORINGSSL_NO_CXX) - --// extern "C++" { -+extern "C++" { - --// #include -- --// #include --// #include -- --// BSSL_NAMESPACE_BEGIN -- --// template --// class Span; -- --// namespace internal { --// template --// class SpanBase { --// // Put comparison operator implementations into a base class with const T, so --// // they can be used with any type that implicitly converts into a Span. --// static_assert(std::is_const::value, --// "Span must be derived from SpanBase"); -- --// friend bool operator==(Span lhs, Span rhs) { --// // MSVC issues warning C4996 because std::equal is unsafe. The pragma to --// // suppress the warning mysteriously has no effect, hence this --// // implementation. See --// // https://msdn.microsoft.com/en-us/library/aa985974.aspx. --// if (lhs.size() != rhs.size()) { --// return false; --// } --// for (T *l = lhs.begin(), *r = rhs.begin(); l != lhs.end() && r != rhs.end(); --// ++l, ++r) { --// if (*l != *r) { --// return false; --// } --// } --// return true; --// } -- --// friend bool operator!=(Span lhs, Span rhs) { return !(lhs == rhs); } --// }; --// } // namespace internal -+#include -+ -+#include -+#include -+ -+BSSL_NAMESPACE_BEGIN -+ -+template -+class Span; -+ -+namespace internal { -+template -+class SpanBase { -+ // Put comparison operator implementations into a base class with const T, so -+ // they can be used with any type that implicitly converts into a Span. -+ static_assert(std::is_const::value, -+ "Span must be derived from SpanBase"); -+ -+ friend bool operator==(Span lhs, Span rhs) { -+ // MSVC issues warning C4996 because std::equal is unsafe. The pragma to -+ // suppress the warning mysteriously has no effect, hence this -+ // implementation. See -+ // https://msdn.microsoft.com/en-us/library/aa985974.aspx. -+ if (lhs.size() != rhs.size()) { -+ return false; -+ } -+ for (T *l = lhs.begin(), *r = rhs.begin(); l != lhs.end() && r != rhs.end(); -+ ++l, ++r) { -+ if (*l != *r) { -+ return false; -+ } -+ } -+ return true; -+ } -+ -+ friend bool operator!=(Span lhs, Span rhs) { return !(lhs == rhs); } -+}; -+} // namespace internal - - // A Span is a non-owning reference to a contiguous array of objects of type - // |T|. Conceptually, a Span is a simple a pointer to |T| and a count of -@@ -70,7 +70,7 @@ - // implicit. This allows writing methods that accept data from some unspecified - // container type: - // --// // Foo views data referenced by v. -+// Foo views data referenced by v. - // void Foo(bssl::Span v) { ... } - // - // std::vector vec; -@@ -78,7 +78,7 @@ - // - // For mutable Spans, conversion is explicit: - // --// // FooMutate mutates data referenced by v. -+// FooMutate mutates data referenced by v. - // void FooMutate(bssl::Span v) { ... } - // - // FooMutate(bssl::Span(vec)); -@@ -91,124 +91,124 @@ - // Note that Spans have value type sematics. They are cheap to construct and - // copy, and should be passed by value whenever a method would otherwise accept - // a reference or pointer to a container or array. --// template --// class Span : private internal::SpanBase { --// private: --// static const size_t npos = static_cast(-1); -- --// // Heuristically test whether C is a container type that can be converted into --// // a Span by checking for data() and size() member functions. --// // --// // TODO(davidben): Require C++17 support for std::is_convertible_v, etc. --// template --// using EnableIfContainer = std::enable_if_t< --// std::is_convertible().data()), T *>::value && --// std::is_integral().size())>::value>; -- --// public: --// constexpr Span() : Span(nullptr, 0) {} --// constexpr Span(T *ptr, size_t len) : data_(ptr), size_(len) {} -- --// template --// constexpr Span(T (&array)[N]) : Span(array, N) {} -- --// template , --// typename = std::enable_if_t::value, C>> --// Span(const C &container) : data_(container.data()), size_(container.size()) {} -- --// template , --// typename = std::enable_if_t::value, C>> --// explicit Span(C &container) --// : data_(container.data()), size_(container.size()) {} -- --// T *data() const { return data_; } --// size_t size() const { return size_; } --// bool empty() const { return size_ == 0; } -- --// T *begin() const { return data_; } --// const T *cbegin() const { return data_; } --// T *end() const { return data_ + size_; } --// const T *cend() const { return end(); } -- --// T &front() const { --// if (size_ == 0) { --// abort(); --// } --// return data_[0]; --// } --// T &back() const { --// if (size_ == 0) { --// abort(); --// } --// return data_[size_ - 1]; --// } -- --// T &operator[](size_t i) const { --// if (i >= size_) { --// abort(); --// } --// return data_[i]; --// } --// T &at(size_t i) const { return (*this)[i]; } -- --// Span subspan(size_t pos = 0, size_t len = npos) const { --// if (pos > size_) { --// // absl::Span throws an exception here. Note std::span and Chromium --// // base::span additionally forbid pos + len being out of range, with a --// // special case at npos/dynamic_extent, while absl::Span::subspan clips --// // the span. For now, we align with absl::Span in case we switch to it in --// // the future. --// abort(); --// } --// return Span(data_ + pos, std::min(size_ - pos, len)); --// } -- --// Span first(size_t len) { --// if (len > size_) { --// abort(); --// } --// return Span(data_, len); --// } -- --// Span last(size_t len) { --// if (len > size_) { --// abort(); --// } --// return Span(data_ + size_ - len, len); --// } -- --// private: --// T *data_; --// size_t size_; --// }; -- --// template --// const size_t Span::npos; -- --// template --// Span MakeSpan(T *ptr, size_t size) { --// return Span(ptr, size); --// } -- --// template --// auto MakeSpan(C &c) -> decltype(MakeSpan(c.data(), c.size())) { --// return MakeSpan(c.data(), c.size()); --// } -- --// template --// Span MakeConstSpan(T *ptr, size_t size) { --// return Span(ptr, size); --// } -- --// template --// auto MakeConstSpan(const C &c) -> decltype(MakeConstSpan(c.data(), c.size())) { --// return MakeConstSpan(c.data(), c.size()); --// } -+template -+class Span : private internal::SpanBase { -+ private: -+ static const size_t npos = static_cast(-1); -+ -+ // Heuristically test whether C is a container type that can be converted into -+ // a Span by checking for data() and size() member functions. -+ // -+ // TODO(davidben): Require C++17 support for std::is_convertible_v, etc. -+ template -+ using EnableIfContainer = std::enable_if_t< -+ std::is_convertible().data()), T *>::value && -+ std::is_integral().size())>::value>; -+ -+ public: -+ constexpr Span() : Span(nullptr, 0) {} -+ constexpr Span(T *ptr, size_t len) : data_(ptr), size_(len) {} -+ -+ template -+ constexpr Span(T (&array)[N]) : Span(array, N) {} -+ -+ template , -+ typename = std::enable_if_t::value, C>> -+ Span(const C &container) : data_(container.data()), size_(container.size()) {} -+ -+ template , -+ typename = std::enable_if_t::value, C>> -+ explicit Span(C &container) -+ : data_(container.data()), size_(container.size()) {} -+ -+ T *data() const { return data_; } -+ size_t size() const { return size_; } -+ bool empty() const { return size_ == 0; } -+ -+ T *begin() const { return data_; } -+ const T *cbegin() const { return data_; } -+ T *end() const { return data_ + size_; } -+ const T *cend() const { return end(); } -+ -+ T &front() const { -+ if (size_ == 0) { -+ abort(); -+ } -+ return data_[0]; -+ } -+ T &back() const { -+ if (size_ == 0) { -+ abort(); -+ } -+ return data_[size_ - 1]; -+ } -+ -+ T &operator[](size_t i) const { -+ if (i >= size_) { -+ abort(); -+ } -+ return data_[i]; -+ } -+ T &at(size_t i) const { return (*this)[i]; } -+ -+ Span subspan(size_t pos = 0, size_t len = npos) const { -+ if (pos > size_) { -+ // absl::Span throws an exception here. Note std::span and Chromium -+ // base::span additionally forbid pos + len being out of range, with a -+ // special case at npos/dynamic_extent, while absl::Span::subspan clips -+ // the span. For now, we align with absl::Span in case we switch to it in -+ // the future. -+ abort(); -+ } -+ return Span(data_ + pos, std::min(size_ - pos, len)); -+ } -+ -+ Span first(size_t len) { -+ if (len > size_) { -+ abort(); -+ } -+ return Span(data_, len); -+ } -+ -+ Span last(size_t len) { -+ if (len > size_) { -+ abort(); -+ } -+ return Span(data_ + size_ - len, len); -+ } -+ -+ private: -+ T *data_; -+ size_t size_; -+}; -+ -+template -+const size_t Span::npos; -+ -+template -+Span MakeSpan(T *ptr, size_t size) { -+ return Span(ptr, size); -+} -+ -+template -+auto MakeSpan(C &c) -> decltype(MakeSpan(c.data(), c.size())) { -+ return MakeSpan(c.data(), c.size()); -+} -+ -+template -+Span MakeConstSpan(T *ptr, size_t size) { -+ return Span(ptr, size); -+} -+ -+template -+auto MakeConstSpan(const C &c) -> decltype(MakeConstSpan(c.data(), c.size())) { -+ return MakeConstSpan(c.data(), c.size()); -+} - --// BSSL_NAMESPACE_END -+BSSL_NAMESPACE_END - --// } // extern C++ -+} // extern C++ - --// #endif // !defined(BORINGSSL_NO_CXX) -+#endif // !defined(BORINGSSL_NO_CXX) - --// #endif // OPENSSL_HEADER_SSL_SPAN_H -+#endif // OPENSSL_HEADER_SSL_SPAN_H diff --git a/bssl-compat/patch/include/openssl/span.h.sh b/bssl-compat/patch/include/openssl/span.h.sh new file mode 100755 index 0000000000..5af9a0ffaf --- /dev/null +++ b/bssl-compat/patch/include/openssl/span.h.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --uncomment-regex 'template ' \ + --uncomment-class-fwd Span \ + --uncomment-regex-range 'namespace internal {' '.\s\s..\snamespace\sinternal' \ + --uncomment-class Span \ + --uncomment-regex '.*Span::npos' \ + --uncomment-func-impl MakeSpan \ + --uncomment-func-impl MakeSpan \ + --uncomment-func-impl MakeConstSpan \ + --uncomment-func-impl MakeConstSpan \ diff --git a/bssl-compat/patch/include/openssl/ssl.h.patch b/bssl-compat/patch/include/openssl/ssl.h.patch deleted file mode 100644 index 14c10d2574..0000000000 --- a/bssl-compat/patch/include/openssl/ssl.h.patch +++ /dev/null @@ -1,1516 +0,0 @@ ---- a/include/openssl/ssl.h -+++ b/include/openssl/ssl.h -@@ -139,37 +139,38 @@ - * OTHERWISE. - */ - --// #ifndef OPENSSL_HEADER_SSL_H --// #define OPENSSL_HEADER_SSL_H -+#ifndef OPENSSL_HEADER_SSL_H -+#define OPENSSL_HEADER_SSL_H - --// #include -+#include - --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include -- --// #if !defined(OPENSSL_WINDOWS) --// #include --// #endif -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#if !defined(OPENSSL_WINDOWS) -+#include -+#endif - - // NGINX needs this #include. Consider revisiting this after NGINX 1.14.0 has - // been out for a year or so (assuming that they fix it in that release.) See - // https://boringssl-review.googlesource.com/c/boringssl/+/21664. --// #include -+#include - - // Forward-declare struct timeval. On Windows, it is defined in winsock2.h and - // Windows headers define too many macros to be included in public headers. - // However, only a forward declaration is needed. --// struct timeval; -+struct timeval; - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // SSL implementation. -@@ -186,16 +187,16 @@ - // configuration may not be used. - - // TLS_method is the |SSL_METHOD| used for TLS connections. --// OPENSSL_EXPORT const SSL_METHOD *TLS_method(void); -+OPENSSL_EXPORT const SSL_METHOD *TLS_method(void); - - // DTLS_method is the |SSL_METHOD| used for DTLS connections. --// OPENSSL_EXPORT const SSL_METHOD *DTLS_method(void); -+OPENSSL_EXPORT const SSL_METHOD *DTLS_method(void); - - // TLS_with_buffers_method is like |TLS_method|, but avoids all use of - // crypto/x509. All client connections created with |TLS_with_buffers_method| - // will fail unless a certificate verifier is installed with - // |SSL_set_custom_verify| or |SSL_CTX_set_custom_verify|. --// OPENSSL_EXPORT const SSL_METHOD *TLS_with_buffers_method(void); -+OPENSSL_EXPORT const SSL_METHOD *TLS_with_buffers_method(void); - - // DTLS_with_buffers_method is like |DTLS_method|, but avoids all use of - // crypto/x509. -@@ -203,13 +204,13 @@ - - // SSL_CTX_new returns a newly-allocated |SSL_CTX| with default settings or NULL - // on error. --// OPENSSL_EXPORT SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); -+OPENSSL_EXPORT SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); - - // SSL_CTX_up_ref increments the reference count of |ctx|. It returns one. --// OPENSSL_EXPORT int SSL_CTX_up_ref(SSL_CTX *ctx); -+OPENSSL_EXPORT int SSL_CTX_up_ref(SSL_CTX *ctx); - - // SSL_CTX_free releases memory associated with |ctx|. --// OPENSSL_EXPORT void SSL_CTX_free(SSL_CTX *ctx); -+OPENSSL_EXPORT void SSL_CTX_free(SSL_CTX *ctx); - - - // SSL connections. -@@ -224,25 +225,25 @@ - // - // On creation, an |SSL| is not configured to be either a client or server. Call - // |SSL_set_connect_state| or |SSL_set_accept_state| to set this. --// OPENSSL_EXPORT SSL *SSL_new(SSL_CTX *ctx); -+OPENSSL_EXPORT SSL *SSL_new(SSL_CTX *ctx); - - // SSL_free releases memory associated with |ssl|. --// OPENSSL_EXPORT void SSL_free(SSL *ssl); -+OPENSSL_EXPORT void SSL_free(SSL *ssl); - - // SSL_get_SSL_CTX returns the |SSL_CTX| associated with |ssl|. If - // |SSL_set_SSL_CTX| is called, it returns the new |SSL_CTX|, not the initial - // one. --// OPENSSL_EXPORT SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); -+OPENSSL_EXPORT SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); - - // SSL_set_connect_state configures |ssl| to be a client. --// OPENSSL_EXPORT void SSL_set_connect_state(SSL *ssl); -+OPENSSL_EXPORT void SSL_set_connect_state(SSL *ssl); - - // SSL_set_accept_state configures |ssl| to be a server. --// OPENSSL_EXPORT void SSL_set_accept_state(SSL *ssl); -+OPENSSL_EXPORT void SSL_set_accept_state(SSL *ssl); - - // SSL_is_server returns one if |ssl| is configured as a server and zero - // otherwise. --// OPENSSL_EXPORT int SSL_is_server(const SSL *ssl); -+OPENSSL_EXPORT int SSL_is_server(const SSL *ssl); - - // SSL_is_dtls returns one if |ssl| is a DTLS connection and zero otherwise. - // OPENSSL_EXPORT int SSL_is_dtls(const SSL *ssl); -@@ -265,27 +266,27 @@ - // Due to the very complex historical behavior of this function, calling this - // function if |ssl| already has |BIO|s configured is deprecated. Prefer - // |SSL_set0_rbio| and |SSL_set0_wbio| instead. --// OPENSSL_EXPORT void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); -+OPENSSL_EXPORT void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); - - // SSL_set0_rbio configures |ssl| to read from |rbio|. It takes ownership of - // |rbio|. - // - // Note that, although this function and |SSL_set0_wbio| may be called on the - // same |BIO|, each call takes a reference. Use |BIO_up_ref| to balance this. --// OPENSSL_EXPORT void SSL_set0_rbio(SSL *ssl, BIO *rbio); -+OPENSSL_EXPORT void SSL_set0_rbio(SSL *ssl, BIO *rbio); - - // SSL_set0_wbio configures |ssl| to write to |wbio|. It takes ownership of - // |wbio|. - // - // Note that, although this function and |SSL_set0_rbio| may be called on the - // same |BIO|, each call takes a reference. Use |BIO_up_ref| to balance this. --// OPENSSL_EXPORT void SSL_set0_wbio(SSL *ssl, BIO *wbio); -+OPENSSL_EXPORT void SSL_set0_wbio(SSL *ssl, BIO *wbio); - - // SSL_get_rbio returns the |BIO| that |ssl| reads from. - // OPENSSL_EXPORT BIO *SSL_get_rbio(const SSL *ssl); - - // SSL_get_wbio returns the |BIO| that |ssl| writes to. --// OPENSSL_EXPORT BIO *SSL_get_wbio(const SSL *ssl); -+OPENSSL_EXPORT BIO *SSL_get_wbio(const SSL *ssl); - - // SSL_get_fd calls |SSL_get_rfd|. - // OPENSSL_EXPORT int SSL_get_fd(const SSL *ssl); -@@ -313,7 +314,7 @@ - // |fd|. - // - // On Windows, |fd| is cast to a |SOCKET| and used with Winsock APIs. --// OPENSSL_EXPORT int SSL_set_fd(SSL *ssl, int fd); -+OPENSSL_EXPORT int SSL_set_fd(SSL *ssl, int fd); - - // SSL_set_rfd configures |ssl| to read from |fd|. It returns one on success and - // zero on allocation error. The caller retains ownership of |fd|. -@@ -340,15 +341,15 @@ - // - // TODO(davidben): Ensure 0 is only returned on transport EOF. - // https://crbug.com/466303. --// OPENSSL_EXPORT int SSL_do_handshake(SSL *ssl); -+OPENSSL_EXPORT int SSL_do_handshake(SSL *ssl); - - // SSL_connect configures |ssl| as a client, if unconfigured, and calls - // |SSL_do_handshake|. --// OPENSSL_EXPORT int SSL_connect(SSL *ssl); -+OPENSSL_EXPORT int SSL_connect(SSL *ssl); - - // SSL_accept configures |ssl| as a server, if unconfigured, and calls - // |SSL_do_handshake|. --// OPENSSL_EXPORT int SSL_accept(SSL *ssl); -+OPENSSL_EXPORT int SSL_accept(SSL *ssl); - - // SSL_read reads up to |num| bytes from |ssl| into |buf|. It implicitly runs - // any pending handshakes, including renegotiations when enabled. On success, it -@@ -357,7 +358,7 @@ - // - // TODO(davidben): Ensure 0 is only returned on transport EOF. - // https://crbug.com/466303. --// OPENSSL_EXPORT int SSL_read(SSL *ssl, void *buf, int num); -+OPENSSL_EXPORT int SSL_read(SSL *ssl, void *buf, int num); - - // SSL_peek behaves like |SSL_read| but does not consume any bytes returned. - // OPENSSL_EXPORT int SSL_peek(SSL *ssl, void *buf, int num); -@@ -413,7 +414,7 @@ - // - // TODO(davidben): Ensure 0 is only returned on transport EOF. - // https://crbug.com/466303. --// OPENSSL_EXPORT int SSL_write(SSL *ssl, const void *buf, int num); -+OPENSSL_EXPORT int SSL_write(SSL *ssl, const void *buf, int num); - - // SSL_KEY_UPDATE_REQUESTED indicates that the peer should reply to a KeyUpdate - // message with its own, thus updating traffic secrets for both directions on -@@ -452,7 +453,7 @@ - // primarily used for uncommon protocols where the underlying transport is - // reused after TLS completes. Additionally, DTLS uses an unordered transport - // and is unordered, so the second stage is a no-op in DTLS. --// OPENSSL_EXPORT int SSL_shutdown(SSL *ssl); -+OPENSSL_EXPORT int SSL_shutdown(SSL *ssl); - - // SSL_CTX_set_quiet_shutdown sets quiet shutdown on |ctx| to |mode|. If - // enabled, |SSL_shutdown| will not send a close_notify alert or wait for one -@@ -466,7 +467,7 @@ - // SSL_set_quiet_shutdown sets quiet shutdown on |ssl| to |mode|. If enabled, - // |SSL_shutdown| will not send a close_notify alert or wait for one from the - // peer. It will instead synchronously return one. --// OPENSSL_EXPORT void SSL_set_quiet_shutdown(SSL *ssl, int mode); -+OPENSSL_EXPORT void SSL_set_quiet_shutdown(SSL *ssl, int mode); - - // SSL_get_quiet_shutdown returns whether quiet shutdown is enabled for - // |ssl|. -@@ -475,7 +476,7 @@ - // SSL_get_error returns a |SSL_ERROR_*| value for the most recent operation on - // |ssl|. It should be called after an operation failed to determine whether the - // error was fatal and, if not, when to retry. --// OPENSSL_EXPORT int SSL_get_error(const SSL *ssl, int ret_code); -+OPENSSL_EXPORT int SSL_get_error(const SSL *ssl, int ret_code); - - // SSL_ERROR_NONE indicates the operation succeeded. - #ifdef ossl_SSL_ERROR_NONE -@@ -634,7 +635,7 @@ - // SSL_error_description returns a string representation of |err|, where |err| - // is one of the |SSL_ERROR_*| constants returned by |SSL_get_error|, or NULL - // if the value is unrecognized. --// OPENSSL_EXPORT const char *SSL_error_description(int err); -+OPENSSL_EXPORT const char *SSL_error_description(int err); - - // SSL_set_mtu sets the |ssl|'s MTU in DTLS to |mtu|. It returns one on success - // and zero on failure. -@@ -716,20 +717,20 @@ - // SSL_CTX_set_min_proto_version sets the minimum protocol version for |ctx| to - // |version|. If |version| is zero, the default minimum version is used. It - // returns one on success and zero if |version| is invalid. --// OPENSSL_EXPORT int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, --// uint16_t version); -+OPENSSL_EXPORT int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, -+ uint16_t version); - - // SSL_CTX_set_max_proto_version sets the maximum protocol version for |ctx| to - // |version|. If |version| is zero, the default maximum version is used. It - // returns one on success and zero if |version| is invalid. --// OPENSSL_EXPORT int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, --// uint16_t version); -+OPENSSL_EXPORT int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, -+ uint16_t version); - - // SSL_CTX_get_min_proto_version returns the minimum protocol version for |ctx| --// OPENSSL_EXPORT uint16_t SSL_CTX_get_min_proto_version(const SSL_CTX *ctx); -+OPENSSL_EXPORT uint16_t SSL_CTX_get_min_proto_version(const SSL_CTX *ctx); - - // SSL_CTX_get_max_proto_version returns the maximum protocol version for |ctx| --// OPENSSL_EXPORT uint16_t SSL_CTX_get_max_proto_version(const SSL_CTX *ctx); -+OPENSSL_EXPORT uint16_t SSL_CTX_get_max_proto_version(const SSL_CTX *ctx); - - // SSL_set_min_proto_version sets the minimum protocol version for |ssl| to - // |version|. If |version| is zero, the default minimum version is used. It -@@ -752,7 +753,7 @@ - // SSL_version returns the TLS or DTLS protocol version used by |ssl|, which is - // one of the |*_VERSION| values. (E.g. |TLS1_2_VERSION|.) Before the version - // is negotiated, the result is undefined. --// OPENSSL_EXPORT int SSL_version(const SSL *ssl); -+OPENSSL_EXPORT int SSL_version(const SSL *ssl); - - - // Options. -@@ -802,7 +803,7 @@ - // SSL_CTX_set_options enables all options set in |options| (which should be one - // or more of the |SSL_OP_*| values, ORed together) in |ctx|. It returns a - // bitmask representing the resulting enabled options. --// OPENSSL_EXPORT uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options); -+OPENSSL_EXPORT uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options); - - // SSL_CTX_clear_options disables all options set in |options| (which should be - // one or more of the |SSL_OP_*| values, ORed together) in |ctx|. It returns a -@@ -811,7 +812,7 @@ - - // SSL_CTX_get_options returns a bitmask of |SSL_OP_*| values that represent all - // the options enabled for |ctx|. --// OPENSSL_EXPORT uint32_t SSL_CTX_get_options(const SSL_CTX *ctx); -+OPENSSL_EXPORT uint32_t SSL_CTX_get_options(const SSL_CTX *ctx); - - // SSL_set_options enables all options set in |options| (which should be one or - // more of the |SSL_OP_*| values, ORed together) in |ssl|. It returns a bitmask -@@ -946,7 +947,7 @@ - - // SSL_CTX_use_certificate sets |ctx|'s leaf certificate to |x509|. It returns - // one on success and zero on failure. --// OPENSSL_EXPORT int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x509); -+OPENSSL_EXPORT int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x509); - - // SSL_use_certificate sets |ssl|'s leaf certificate to |x509|. It returns one - // on success and zero on failure. -@@ -954,7 +955,7 @@ - - // SSL_CTX_use_PrivateKey sets |ctx|'s private key to |pkey|. It returns one on - // success and zero on failure. --// OPENSSL_EXPORT int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); -+OPENSSL_EXPORT int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); - - // SSL_use_PrivateKey sets |ssl|'s private key to |pkey|. It returns one on - // success and zero on failure. -@@ -995,7 +996,7 @@ - // OPENSSL_EXPORT int SSL_add0_chain_cert(SSL *ssl, X509 *x509); - - // SSL_CTX_add_extra_chain_cert calls |SSL_CTX_add0_chain_cert|. --// OPENSSL_EXPORT int SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); -+OPENSSL_EXPORT int SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); - - // SSL_add1_chain_cert appends |x509| to |ctx|'s certificate chain. It returns - // one on success and zero on failure. The caller retains ownership of |x509| -@@ -1040,8 +1041,8 @@ - // On the server, the callback will be called after extensions have been - // processed, but before the resumption decision has been made. This differs - // from OpenSSL which handles resumption before selecting the certificate. --// OPENSSL_EXPORT void SSL_set_cert_cb(SSL *ssl, int (*cb)(SSL *ssl, void *arg), --// void *arg); -+OPENSSL_EXPORT void SSL_set_cert_cb(SSL *ssl, int (*cb)(SSL *ssl, void *arg), -+ void *arg); - - // SSL_get0_certificate_types, for a client, sets |*out_types| to an array - // containing the client certificate types requested by a server. It returns the -@@ -1092,10 +1093,10 @@ - // OPENSSL_EXPORT int SSL_check_private_key(const SSL *ssl); - - // SSL_CTX_get0_certificate returns |ctx|'s leaf certificate. --// OPENSSL_EXPORT X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); -+OPENSSL_EXPORT X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); - - // SSL_get_certificate returns |ssl|'s leaf certificate. --// OPENSSL_EXPORT X509 *SSL_get_certificate(const SSL *ssl); -+OPENSSL_EXPORT X509 *SSL_get_certificate(const SSL *ssl); - - // SSL_CTX_get0_privatekey returns |ctx|'s private key. - // OPENSSL_EXPORT EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); -@@ -1147,23 +1148,23 @@ - // SSL_set_ocsp_response sets the OCSP response that is sent to clients which - // request it. It returns one on success and zero on error. The caller retains - // ownership of |response|. --// OPENSSL_EXPORT int SSL_set_ocsp_response(SSL *ssl, --// const uint8_t *response, --// size_t response_len); -+OPENSSL_EXPORT int SSL_set_ocsp_response(SSL *ssl, -+ const uint8_t *response, -+ size_t response_len); - - // SSL_SIGN_* are signature algorithm values as defined in TLS 1.3. --// #define SSL_SIGN_RSA_PKCS1_SHA1 0x0201 --// #define SSL_SIGN_RSA_PKCS1_SHA256 0x0401 --// #define SSL_SIGN_RSA_PKCS1_SHA384 0x0501 --// #define SSL_SIGN_RSA_PKCS1_SHA512 0x0601 --// #define SSL_SIGN_ECDSA_SHA1 0x0203 --// #define SSL_SIGN_ECDSA_SECP256R1_SHA256 0x0403 --// #define SSL_SIGN_ECDSA_SECP384R1_SHA384 0x0503 --// #define SSL_SIGN_ECDSA_SECP521R1_SHA512 0x0603 --// #define SSL_SIGN_RSA_PSS_RSAE_SHA256 0x0804 --// #define SSL_SIGN_RSA_PSS_RSAE_SHA384 0x0805 --// #define SSL_SIGN_RSA_PSS_RSAE_SHA512 0x0806 --// #define SSL_SIGN_ED25519 0x0807 -+#define SSL_SIGN_RSA_PKCS1_SHA1 0x0201 -+#define SSL_SIGN_RSA_PKCS1_SHA256 0x0401 -+#define SSL_SIGN_RSA_PKCS1_SHA384 0x0501 -+#define SSL_SIGN_RSA_PKCS1_SHA512 0x0601 -+#define SSL_SIGN_ECDSA_SHA1 0x0203 -+#define SSL_SIGN_ECDSA_SECP256R1_SHA256 0x0403 -+#define SSL_SIGN_ECDSA_SECP384R1_SHA384 0x0503 -+#define SSL_SIGN_ECDSA_SECP521R1_SHA512 0x0603 -+#define SSL_SIGN_RSA_PSS_RSAE_SHA256 0x0804 -+#define SSL_SIGN_RSA_PSS_RSAE_SHA384 0x0805 -+#define SSL_SIGN_RSA_PSS_RSAE_SHA512 0x0806 -+#define SSL_SIGN_ED25519 0x0807 - - // SSL_SIGN_RSA_PKCS1_MD5_SHA1 is an internal signature algorithm used to - // specify raw RSASSA-PKCS1-v1_5 with an MD5/SHA-1 concatenation, as used in TLS -@@ -1173,21 +1174,21 @@ - // SSL_get_signature_algorithm_name returns a human-readable name for |sigalg|, - // or NULL if unknown. If |include_curve| is one, the curve for ECDSA algorithms - // is included as in TLS 1.3. Otherwise, it is excluded as in TLS 1.2. --// OPENSSL_EXPORT const char *SSL_get_signature_algorithm_name(uint16_t sigalg, --// int include_curve); -+OPENSSL_EXPORT const char *SSL_get_signature_algorithm_name(uint16_t sigalg, -+ int include_curve); - - // SSL_get_signature_algorithm_key_type returns the key type associated with - // |sigalg| as an |EVP_PKEY_*| constant or |EVP_PKEY_NONE| if unknown. --// OPENSSL_EXPORT int SSL_get_signature_algorithm_key_type(uint16_t sigalg); -+OPENSSL_EXPORT int SSL_get_signature_algorithm_key_type(uint16_t sigalg); - - // SSL_get_signature_algorithm_digest returns the digest function associated - // with |sigalg| or |NULL| if |sigalg| has no prehash (Ed25519) or is unknown. --// OPENSSL_EXPORT const EVP_MD *SSL_get_signature_algorithm_digest( --// uint16_t sigalg); -+OPENSSL_EXPORT const EVP_MD *SSL_get_signature_algorithm_digest( -+ uint16_t sigalg); - - // SSL_is_signature_algorithm_rsa_pss returns one if |sigalg| is an RSA-PSS - // signature algorithm and zero otherwise. --// OPENSSL_EXPORT int SSL_is_signature_algorithm_rsa_pss(uint16_t sigalg); -+OPENSSL_EXPORT int SSL_is_signature_algorithm_rsa_pss(uint16_t sigalg); - - // SSL_CTX_set_signing_algorithm_prefs configures |ctx| to use |prefs| as the - // preference list when signing with |ctx|'s private key. It returns one on -@@ -1220,9 +1221,9 @@ - // client or server. References to the given |CRYPTO_BUFFER| and |EVP_PKEY| - // objects are added as needed. Exactly one of |privkey| or |privkey_method| - // may be non-NULL. Returns one on success and zero on error. --// OPENSSL_EXPORT int SSL_set_chain_and_key( --// SSL *ssl, CRYPTO_BUFFER *const *certs, size_t num_certs, EVP_PKEY *privkey, --// const SSL_PRIVATE_KEY_METHOD *privkey_method); -+OPENSSL_EXPORT int SSL_set_chain_and_key( -+ SSL *ssl, CRYPTO_BUFFER *const *certs, size_t num_certs, EVP_PKEY *privkey, -+ const SSL_PRIVATE_KEY_METHOD *privkey_method); - - // SSL_CTX_get0_chain returns the list of |CRYPTO_BUFFER|s that were set by - // |SSL_CTX_set_chain_and_key|. Reference counts are not incremented by this -@@ -1272,8 +1273,8 @@ - // |type| parameter is one of the |SSL_FILETYPE_*| values and determines whether - // the file's contents are read as PEM or DER. - --// #define SSL_FILETYPE_PEM 1 --// #define SSL_FILETYPE_ASN1 2 -+#define SSL_FILETYPE_PEM ossl_SSL_FILETYPE_PEM -+#define SSL_FILETYPE_ASN1 ossl_SSL_FILETYPE_ASN1 - - // OPENSSL_EXPORT int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, - // const char *file, -@@ -1281,13 +1282,13 @@ - // OPENSSL_EXPORT int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, - // int type); - --// OPENSSL_EXPORT int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, --// int type); -+OPENSSL_EXPORT int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, -+ int type); - // OPENSSL_EXPORT int SSL_use_certificate_file(SSL *ssl, const char *file, - // int type); - --// OPENSSL_EXPORT int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, --// int type); -+OPENSSL_EXPORT int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, -+ int type); - // OPENSSL_EXPORT int SSL_use_PrivateKey_file(SSL *ssl, const char *file, - // int type); - -@@ -1295,8 +1296,8 @@ - // reads the contents of |file| as a PEM-encoded leaf certificate followed - // optionally by the certificate chain to send to the peer. It returns one on - // success and zero on failure. --// OPENSSL_EXPORT int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, --// const char *file); -+OPENSSL_EXPORT int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, -+ const char *file); - - // SSL_CTX_set_default_passwd_cb sets the password callback for PEM-based - // convenience functions called on |ctx|. -@@ -1320,11 +1321,11 @@ - - // Custom private keys. - --// enum ssl_private_key_result_t BORINGSSL_ENUM_INT { --// ssl_private_key_success, --// ssl_private_key_retry, --// ssl_private_key_failure, --// }; -+enum ssl_private_key_result_t BORINGSSL_ENUM_INT { -+ ssl_private_key_success, -+ ssl_private_key_retry, -+ ssl_private_key_failure, -+}; - - // ssl_private_key_method_st (aka |SSL_PRIVATE_KEY_METHOD|) describes private - // key hooks. This is used to off-load signing operations to a custom, -@@ -1409,17 +1410,17 @@ - // - // |SSL_CIPHER| objects represent cipher suites. - --// DEFINE_CONST_STACK_OF(SSL_CIPHER) -+DEFINE_CONST_STACK_OF(SSL_CIPHER) - - // SSL_get_cipher_by_value returns the structure representing a TLS cipher - // suite based on its assigned number, or NULL if unknown. See - // https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4. --// OPENSSL_EXPORT const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value); -+OPENSSL_EXPORT const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value); - - // SSL_CIPHER_get_id returns |cipher|'s non-IANA id. This is not its - // IANA-assigned number, which is called the "value" here, although it may be - // cast to a |uint16_t| to get it. --// OPENSSL_EXPORT uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher); -+OPENSSL_EXPORT uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher); - - // SSL_CIPHER_get_protocol_id returns |cipher|'s IANA-assigned number. - // OPENSSL_EXPORT uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *cipher); -@@ -1434,36 +1435,36 @@ - // cipher. Possible values are |NID_aes_128_gcm|, |NID_aes_256_gcm|, - // |NID_chacha20_poly1305|, |NID_aes_128_cbc|, |NID_aes_256_cbc|, and - // |NID_des_ede3_cbc|. --// OPENSSL_EXPORT int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *cipher); -+OPENSSL_EXPORT int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *cipher); - - // SSL_CIPHER_get_digest_nid returns the NID for |cipher|'s HMAC if it is a - // legacy cipher suite. For modern AEAD-based ciphers (see - // |SSL_CIPHER_is_aead|), it returns |NID_undef|. - // - // Note this function only returns the legacy HMAC digest, not the PRF hash. --// OPENSSL_EXPORT int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *cipher); -+OPENSSL_EXPORT int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *cipher); - - // SSL_CIPHER_get_kx_nid returns the NID for |cipher|'s key exchange. This may - // be |NID_kx_rsa|, |NID_kx_ecdhe|, or |NID_kx_psk| for TLS 1.2. In TLS 1.3, - // cipher suites do not specify the key exchange, so this function returns - // |NID_kx_any|. --// OPENSSL_EXPORT int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *cipher); -+OPENSSL_EXPORT int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *cipher); - - // SSL_CIPHER_get_auth_nid returns the NID for |cipher|'s authentication - // type. This may be |NID_auth_rsa|, |NID_auth_ecdsa|, or |NID_auth_psk| for TLS - // 1.2. In TLS 1.3, cipher suites do not specify authentication, so this - // function returns |NID_auth_any|. --// OPENSSL_EXPORT int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *cipher); -+OPENSSL_EXPORT int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *cipher); - - // SSL_CIPHER_get_prf_nid retuns the NID for |cipher|'s PRF hash. If |cipher| is - // a pre-TLS-1.2 cipher, it returns |NID_md5_sha1| but note these ciphers use - // SHA-256 in TLS 1.2. Other return values may be treated uniformly in all - // applicable versions. --// OPENSSL_EXPORT int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *cipher); -+OPENSSL_EXPORT int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *cipher); - - // SSL_CIPHER_get_min_version returns the minimum protocol version required - // for |cipher|. --// OPENSSL_EXPORT uint16_t SSL_CIPHER_get_min_version(const SSL_CIPHER *cipher); -+OPENSSL_EXPORT uint16_t SSL_CIPHER_get_min_version(const SSL_CIPHER *cipher); - - // SSL_CIPHER_get_max_version returns the maximum protocol version that - // supports |cipher|. -@@ -1471,12 +1472,12 @@ - - // SSL_CIPHER_standard_name returns the standard IETF name for |cipher|. For - // example, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256". --// OPENSSL_EXPORT const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher); -+OPENSSL_EXPORT const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher); - - // SSL_CIPHER_get_name returns the OpenSSL name of |cipher|. For example, - // "ECDHE-RSA-AES128-GCM-SHA256". Callers are recommended to use - // |SSL_CIPHER_standard_name| instead. --// OPENSSL_EXPORT const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); -+OPENSSL_EXPORT const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); - - // SSL_CIPHER_get_kx_name returns a string that describes the key-exchange - // method used by |cipher|. For example, "ECDHE_ECDSA". TLS 1.3 AEAD-only -@@ -1595,15 +1596,15 @@ - // SSL_CTX_set_strict_cipher_list configures the cipher list for |ctx|, - // evaluating |str| as a cipher string and returning error if |str| contains - // anything meaningless. It returns one on success and zero on failure. --// OPENSSL_EXPORT int SSL_CTX_set_strict_cipher_list(SSL_CTX *ctx, --// const char *str); -+OPENSSL_EXPORT int SSL_CTX_set_strict_cipher_list(SSL_CTX *ctx, -+ const char *str); - - // SSL_CTX_set_cipher_list configures the cipher list for |ctx|, evaluating - // |str| as a cipher string. It returns one on success and zero on failure. - // - // Prefer to use |SSL_CTX_set_strict_cipher_list|. This function tolerates - // garbage inputs, unless an empty cipher list results. --// OPENSSL_EXPORT int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); -+OPENSSL_EXPORT int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); - - // SSL_set_strict_cipher_list configures the cipher list for |ssl|, evaluating - // |str| as a cipher string and returning error if |str| contains anything -@@ -1615,11 +1616,11 @@ - // - // Prefer to use |SSL_set_strict_cipher_list|. This function tolerates garbage - // inputs, unless an empty cipher list results. --// OPENSSL_EXPORT int SSL_set_cipher_list(SSL *ssl, const char *str); -+OPENSSL_EXPORT int SSL_set_cipher_list(SSL *ssl, const char *str); - - // SSL_CTX_get_ciphers returns the cipher list for |ctx|, in order of - // preference. --// OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); -+OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); - - // SSL_CTX_cipher_in_group returns one if the |i|th cipher (see - // |SSL_CTX_get_ciphers|) is in the same equipreference group as the one -@@ -1627,7 +1628,7 @@ - // OPENSSL_EXPORT int SSL_CTX_cipher_in_group(const SSL_CTX *ctx, size_t i); - - // SSL_get_ciphers returns the cipher list for |ssl|, in order of preference. --// OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); -+OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); - - - // Connection information. -@@ -1651,7 +1652,7 @@ - // SSL_get_peer_certificate returns the peer's leaf certificate or NULL if the - // peer did not use certificates. The caller must call |X509_free| on the - // result to release it. --// OPENSSL_EXPORT X509 *SSL_get_peer_certificate(const SSL *ssl); -+OPENSSL_EXPORT X509 *SSL_get_peer_certificate(const SSL *ssl); - - // SSL_get_peer_cert_chain returns the peer's certificate chain or NULL if - // unavailable or the peer did not use certificates. This is the unverified list -@@ -1661,7 +1662,7 @@ - // WARNING: This function behaves differently between client and server. If - // |ssl| is a server, the returned chain does not include the leaf certificate. - // If a client, it does. --// OPENSSL_EXPORT STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl); -+OPENSSL_EXPORT STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl); - - // SSL_get_peer_full_cert_chain returns the peer's certificate chain, or NULL if - // unavailable or the peer did not use certificates. This is the unverified list -@@ -1673,7 +1674,7 @@ - // (if any) will be the leaf certificate. In constrast, - // |SSL_get_peer_cert_chain| returns only the intermediate certificates if the - // |ssl| is a server. --// OPENSSL_EXPORT STACK_OF(X509) *SSL_get_peer_full_cert_chain(const SSL *ssl); -+OPENSSL_EXPORT STACK_OF(X509) *SSL_get_peer_full_cert_chain(const SSL *ssl); - - // SSL_get0_peer_certificates returns the peer's certificate chain, or NULL if - // unavailable or the peer did not use certificates. This is the unverified list -@@ -1701,8 +1702,8 @@ - // OCSPResponse type as defined in RFC 2560. - // - // WARNING: the returned data is not guaranteed to be well formed. --// OPENSSL_EXPORT void SSL_get0_ocsp_response(const SSL *ssl, const uint8_t **out, --// size_t *out_len); -+OPENSSL_EXPORT void SSL_get0_ocsp_response(const SSL *ssl, const uint8_t **out, -+ size_t *out_len); - - // SSL_get_tls_unique writes at most |max_out| bytes of the tls-unique value - // for |ssl| to |out| and sets |*out_len| to the number of bytes written. It -@@ -1730,14 +1731,14 @@ - - // SSL_get_current_cipher returns cipher suite used by |ssl|, or NULL if it has - // not been negotiated yet. --// OPENSSL_EXPORT const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); -+OPENSSL_EXPORT const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); - - // SSL_session_reused returns one if |ssl| performed an abbreviated handshake - // and zero otherwise. - // - // TODO(davidben): Hammer down the semantics of this API while a handshake, - // initial or renego, is in progress. --// OPENSSL_EXPORT int SSL_session_reused(const SSL *ssl); -+OPENSSL_EXPORT int SSL_session_reused(const SSL *ssl); - - // SSL_get_secure_renegotiation_support returns one if the peer supports secure - // renegotiation (RFC 5746) or TLS 1.3. Otherwise, it returns zero. -@@ -1771,7 +1772,7 @@ - // SSL_SESSION_new returns a newly-allocated blank |SSL_SESSION| or NULL on - // error. This may be useful when writing tests but should otherwise not be - // used. --// OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_new(const SSL_CTX *ctx); -+OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_new(const SSL_CTX *ctx); - - // SSL_SESSION_up_ref increments the reference count of |session| and returns - // one. -@@ -1779,14 +1780,14 @@ - - // SSL_SESSION_free decrements the reference count of |session|. If it reaches - // zero, all data referenced by |session| and |session| itself are released. --// OPENSSL_EXPORT void SSL_SESSION_free(SSL_SESSION *session); -+OPENSSL_EXPORT void SSL_SESSION_free(SSL_SESSION *session); - - // SSL_SESSION_to_bytes serializes |in| into a newly allocated buffer and sets - // |*out_data| to that buffer and |*out_len| to its length. The caller takes - // ownership of the buffer and must call |OPENSSL_free| when done. It returns - // one on success and zero on error. --// OPENSSL_EXPORT int SSL_SESSION_to_bytes(const SSL_SESSION *in, --// uint8_t **out_data, size_t *out_len); -+OPENSSL_EXPORT int SSL_SESSION_to_bytes(const SSL_SESSION *in, -+ uint8_t **out_data, size_t *out_len); - - // SSL_SESSION_to_bytes_for_ticket serializes |in|, but excludes the session - // identification information, namely the session ID and ticket. -@@ -1796,12 +1797,12 @@ - - // SSL_SESSION_from_bytes parses |in_len| bytes from |in| as an SSL_SESSION. It - // returns a newly-allocated |SSL_SESSION| on success or NULL on error. --// OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_from_bytes( --// const uint8_t *in, size_t in_len, const SSL_CTX *ctx); -+OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_from_bytes( -+ const uint8_t *in, size_t in_len, const SSL_CTX *ctx); - - // SSL_SESSION_get_version returns a string describing the TLS or DTLS version - // |session| was established at. For example, "TLSv1.2" or "DTLSv1". --// OPENSSL_EXPORT const char *SSL_SESSION_get_version(const SSL_SESSION *session); -+OPENSSL_EXPORT const char *SSL_SESSION_get_version(const SSL_SESSION *session); - - // SSL_SESSION_get_protocol_version returns the TLS or DTLS version |session| - // was established at. -@@ -1811,8 +1812,8 @@ - // SSL_SESSION_set_protocol_version sets |session|'s TLS or DTLS version to - // |version|. This may be useful when writing tests but should otherwise not be - // used. It returns one on success and zero on error. --// OPENSSL_EXPORT int SSL_SESSION_set_protocol_version(SSL_SESSION *session, --// uint16_t version); -+OPENSSL_EXPORT int SSL_SESSION_set_protocol_version(SSL_SESSION *session, -+ uint16_t version); - - // SSL_MAX_SSL_SESSION_ID_LENGTH is the maximum length of an SSL session ID. - // #define SSL_MAX_SSL_SESSION_ID_LENGTH 32 -@@ -1832,8 +1833,8 @@ - // As a workaround for some broken applications, BoringSSL sometimes synthesizes - // arbitrary session IDs for non-ID-based sessions. This behavior may be - // removed in the future. --// OPENSSL_EXPORT const uint8_t *SSL_SESSION_get_id(const SSL_SESSION *session, --// unsigned *out_len); -+OPENSSL_EXPORT const uint8_t *SSL_SESSION_get_id(const SSL_SESSION *session, -+ unsigned *out_len); - - // SSL_SESSION_set1_id sets |session|'s session ID to |sid|, It returns one on - // success and zero on error. This function may be useful in writing tests but -@@ -1923,13 +1924,13 @@ - // only once. This prevents passive observers from correlating connections with - // tickets. See RFC 8446, appendix C.4. If it returns zero, |session| cannot be - // used without leaking a correlator. --// OPENSSL_EXPORT int SSL_SESSION_should_be_single_use(const SSL_SESSION *session); -+OPENSSL_EXPORT int SSL_SESSION_should_be_single_use(const SSL_SESSION *session); - - // SSL_SESSION_is_resumable returns one if |session| is complete and contains a - // session ID or ticket. It returns zero otherwise. Note this function does not - // ensure |session| will be resumed. It may be expired, dropped by the server, - // or associated with incompatible parameters. --// OPENSSL_EXPORT int SSL_SESSION_is_resumable(const SSL_SESSION *session); -+OPENSSL_EXPORT int SSL_SESSION_is_resumable(const SSL_SESSION *session); - - // SSL_SESSION_has_ticket returns one if |session| has a ticket and zero - // otherwise. -@@ -1951,8 +1952,8 @@ - - // SSL_SESSION_get_ticket_lifetime_hint returns ticket lifetime hint of - // |session| in seconds or zero if none was set. --// OPENSSL_EXPORT uint32_t --// SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *session); -+OPENSSL_EXPORT uint32_t -+SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *session); - - // SSL_SESSION_get0_cipher returns the cipher negotiated by the connection which - // established |session|. -@@ -2067,7 +2068,7 @@ - - // SSL_CTX_set_session_cache_mode sets the session cache mode bits for |ctx| to - // |mode|. It returns the previous value. --// OPENSSL_EXPORT int SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode); -+OPENSSL_EXPORT int SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode); - - // SSL_CTX_get_session_cache_mode returns the session cache mode bits for - // |ctx| -@@ -2082,7 +2083,7 @@ - // |SSL_SESSION_get0_ocsp_response|. - // - // It is an error to call this function after the handshake has begun. --// OPENSSL_EXPORT int SSL_set_session(SSL *ssl, SSL_SESSION *session); -+OPENSSL_EXPORT int SSL_set_session(SSL *ssl, SSL_SESSION *session); - - // SSL_DEFAULT_SESSION_TIMEOUT is the default lifetime, in seconds, of a - // session in TLS 1.2 or earlier. This is how long we are willing to use the -@@ -2101,7 +2102,7 @@ - - // SSL_CTX_set_timeout sets the lifetime, in seconds, of TLS 1.2 (or earlier) - // sessions created in |ctx| to |timeout|. --// OPENSSL_EXPORT uint32_t SSL_CTX_set_timeout(SSL_CTX *ctx, uint32_t timeout); -+OPENSSL_EXPORT uint32_t SSL_CTX_set_timeout(SSL_CTX *ctx, uint32_t timeout); - - // SSL_CTX_set_session_psk_dhe_timeout sets the lifetime, in seconds, of TLS 1.3 - // sessions created in |ctx| to |timeout|. -@@ -2122,15 +2123,15 @@ - // - // For a server, if |SSL_VERIFY_PEER| is enabled, it is an error to not set a - // session ID context. --// OPENSSL_EXPORT int SSL_CTX_set_session_id_context(SSL_CTX *ctx, --// const uint8_t *sid_ctx, --// size_t sid_ctx_len); -+OPENSSL_EXPORT int SSL_CTX_set_session_id_context(SSL_CTX *ctx, -+ const uint8_t *sid_ctx, -+ size_t sid_ctx_len); - - // SSL_set_session_id_context sets |ssl|'s session ID context to |sid_ctx|. It - // returns one on success and zero on error. See also - // |SSL_CTX_set_session_id_context|. --// OPENSSL_EXPORT int SSL_set_session_id_context(SSL *ssl, const uint8_t *sid_ctx, --// size_t sid_ctx_len); -+OPENSSL_EXPORT int SSL_set_session_id_context(SSL *ssl, const uint8_t *sid_ctx, -+ size_t sid_ctx_len); - - // SSL_get0_session_id_context returns a pointer to |ssl|'s session ID context - // and sets |*out_len| to its length. It returns NULL on error. -@@ -2185,8 +2186,8 @@ - // |SSL_do_handshake| or |SSL_connect| completes if False Start is enabled. Thus - // it's recommended to use this callback over calling |SSL_get_session| on - // handshake completion. --// OPENSSL_EXPORT void SSL_CTX_sess_set_new_cb( --// SSL_CTX *ctx, int (*new_session_cb)(SSL *ssl, SSL_SESSION *session)); -+OPENSSL_EXPORT void SSL_CTX_sess_set_new_cb( -+ SSL_CTX *ctx, int (*new_session_cb)(SSL *ssl, SSL_SESSION *session)); - - // SSL_CTX_sess_get_new_cb returns the callback set by - // |SSL_CTX_sess_set_new_cb|. -@@ -2289,8 +2290,8 @@ - // SSL_CTX_set_tlsext_ticket_keys sets |ctx|'s session ticket key material to - // |len| bytes of |in|. It returns one on success and zero if |len| is not - // 48. If |in| is NULL, it returns 48 instead. --// OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, const void *in, --// size_t len); -+OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, const void *in, -+ size_t len); - - // SSL_TICKET_KEY_NAME_LEN is the length of the key name prefix of a session - // ticket. -@@ -2319,10 +2320,10 @@ - // - // WARNING: |callback| wildly breaks the usual return value convention and is - // called in two different modes. --// OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_key_cb( --// SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv, --// EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, --// int encrypt)); -+OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_key_cb( -+ SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv, -+ EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, -+ int encrypt)); - - // ssl_ticket_aead_result_t enumerates the possible results from decrypting a - // ticket with an |SSL_TICKET_AEAD_METHOD|. -@@ -2427,20 +2428,20 @@ - // colon-separated list |curves|. Each element of |curves| should be a curve - // name (e.g. P-256, X25519, ...). It returns one on success and zero on - // failure. --// OPENSSL_EXPORT int SSL_CTX_set1_curves_list(SSL_CTX *ctx, const char *curves); -+OPENSSL_EXPORT int SSL_CTX_set1_curves_list(SSL_CTX *ctx, const char *curves); - - // SSL_set1_curves_list sets the preferred curves for |ssl| to be the - // colon-separated list |curves|. Each element of |curves| should be a curve - // name (e.g. P-256, X25519, ...). It returns one on success and zero on - // failure. --// OPENSSL_EXPORT int SSL_set1_curves_list(SSL *ssl, const char *curves); -+OPENSSL_EXPORT int SSL_set1_curves_list(SSL *ssl, const char *curves); - - // SSL_CURVE_* define TLS curve IDs. --// #define SSL_CURVE_SECP224R1 21 --// #define SSL_CURVE_SECP256R1 23 --// #define SSL_CURVE_SECP384R1 24 --// #define SSL_CURVE_SECP521R1 25 --// #define SSL_CURVE_X25519 29 -+#define SSL_CURVE_SECP224R1 21 -+#define SSL_CURVE_SECP256R1 23 -+#define SSL_CURVE_SECP384R1 24 -+#define SSL_CURVE_SECP521R1 25 -+#define SSL_CURVE_X25519 29 - // #define SSL_CURVE_CECPQ2 16696 - - // SSL_get_curve_id returns the ID of the curve used by |ssl|'s most recently -@@ -2448,11 +2449,11 @@ - // - // TODO(davidben): This API currently does not work correctly if there is a - // renegotiation in progress. Fix this. --// OPENSSL_EXPORT uint16_t SSL_get_curve_id(const SSL *ssl); -+OPENSSL_EXPORT uint16_t SSL_get_curve_id(const SSL *ssl); - - // SSL_get_curve_name returns a human-readable name for the curve specified by - // the given TLS curve id, or NULL if the curve is unknown. --// OPENSSL_EXPORT const char *SSL_get_curve_name(uint16_t curve_id); -+OPENSSL_EXPORT const char *SSL_get_curve_name(uint16_t curve_id); - - - // Certificate verification. -@@ -2483,18 +2484,18 @@ - // SSL_VERIFY_NONE, on a client, verifies the server certificate but does not - // make errors fatal. The result may be checked with |SSL_get_verify_result|. On - // a server it does not request a client certificate. This is the default. --// #define SSL_VERIFY_NONE 0x00 -+#define SSL_VERIFY_NONE ossl_SSL_VERIFY_NONE - - // SSL_VERIFY_PEER, on a client, makes server certificate errors fatal. On a - // server it requests a client certificate and makes errors fatal. However, - // anonymous clients are still allowed. See - // |SSL_VERIFY_FAIL_IF_NO_PEER_CERT|. --// #define SSL_VERIFY_PEER 0x01 -+#define SSL_VERIFY_PEER ossl_SSL_VERIFY_PEER - - // SSL_VERIFY_FAIL_IF_NO_PEER_CERT configures a server to reject connections if - // the client declines to send a certificate. This flag must be used together - // with |SSL_VERIFY_PEER|, otherwise it won't work. --// #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 -+#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT ossl_SSL_VERIFY_FAIL_IF_NO_PEER_CERT - - // SSL_VERIFY_PEER_IF_NO_OBC configures a server to request a client certificate - // if and only if Channel ID is not negotiated. -@@ -2507,8 +2508,8 @@ - // - // The callback may use |SSL_get_ex_data_X509_STORE_CTX_idx| with - // |X509_STORE_CTX_get_ex_data| to look up the |SSL| from |store_ctx|. --// OPENSSL_EXPORT void SSL_CTX_set_verify( --// SSL_CTX *ctx, int mode, int (*callback)(int ok, X509_STORE_CTX *store_ctx)); -+OPENSSL_EXPORT void SSL_CTX_set_verify( -+ SSL_CTX *ctx, int mode, int (*callback)(int ok, X509_STORE_CTX *store_ctx)); - - // SSL_set_verify configures certificate verification behavior. |mode| is one of - // the |SSL_VERIFY_*| values defined above. |callback|, if not NULL, is used to -@@ -2517,9 +2518,9 @@ - // - // The callback may use |SSL_get_ex_data_X509_STORE_CTX_idx| with - // |X509_STORE_CTX_get_ex_data| to look up the |SSL| from |store_ctx|. --// OPENSSL_EXPORT void SSL_set_verify(SSL *ssl, int mode, --// int (*callback)(int ok, --// X509_STORE_CTX *store_ctx)); -+OPENSSL_EXPORT void SSL_set_verify(SSL *ssl, int mode, -+ int (*callback)(int ok, -+ X509_STORE_CTX *store_ctx)); - - // enum ssl_verify_result_t BORINGSSL_ENUM_INT { - // ssl_verify_ok, -@@ -2556,7 +2557,7 @@ - - // SSL_CTX_get_verify_mode returns |ctx|'s verify mode, set by - // |SSL_CTX_set_verify|. --// OPENSSL_EXPORT int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); -+OPENSSL_EXPORT int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); - - // SSL_get_verify_mode returns |ssl|'s verify mode, set by |SSL_CTX_set_verify| - // or |SSL_set_verify|. It returns -1 on error. -@@ -2584,7 +2585,7 @@ - // SSL_CTX_set_verify_depth sets the maximum depth of a certificate chain - // accepted in verification. This number does not include the leaf, so a depth - // of 1 allows the leaf and one CA certificate. --// OPENSSL_EXPORT void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); -+OPENSSL_EXPORT void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); - - // SSL_set_verify_depth sets the maximum depth of a certificate chain accepted - // in verification. This number does not include the leaf, so a depth of 1 -@@ -2612,7 +2613,7 @@ - // SSL_CTX_get0_param returns |ctx|'s |X509_VERIFY_PARAM| for certificate - // verification. The caller must not release the returned pointer but may call - // functions on it to configure it. --// OPENSSL_EXPORT X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); -+OPENSSL_EXPORT X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); - - // SSL_get0_param returns |ssl|'s |X509_VERIFY_PARAM| for certificate - // verification. The caller must not release the returned pointer but may call -@@ -2643,7 +2644,7 @@ - // OPENSSL_EXPORT void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); - - // SSL_CTX_get_cert_store returns |ctx|'s certificate store. --// OPENSSL_EXPORT X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); -+OPENSSL_EXPORT X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); - - // SSL_CTX_set_default_verify_paths loads the OpenSSL system-default trust - // anchors into |ctx|'s store. It returns one on success and zero on failure. -@@ -2658,9 +2659,9 @@ - // See - // https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_load_verify_locations.html - // for documentation on the directory format. --// OPENSSL_EXPORT int SSL_CTX_load_verify_locations(SSL_CTX *ctx, --// const char *ca_file, --// const char *ca_dir); -+OPENSSL_EXPORT int SSL_CTX_load_verify_locations(SSL_CTX *ctx, -+ const char *ca_file, -+ const char *ca_dir); - - // SSL_get_verify_result returns the result of certificate verification. It is - // either |X509_V_OK| or a |X509_V_ERR_*| value. -@@ -2673,7 +2674,7 @@ - - // SSL_get_ex_data_X509_STORE_CTX_idx returns the ex_data index used to look up - // the |SSL| associated with an |X509_STORE_CTX| in the verify callback. --// OPENSSL_EXPORT int SSL_get_ex_data_X509_STORE_CTX_idx(void); -+OPENSSL_EXPORT int SSL_get_ex_data_X509_STORE_CTX_idx(void); - - // SSL_CTX_set_cert_verify_callback sets a custom callback to be called on - // certificate verification rather than |X509_verify_cert|. |store_ctx| contains -@@ -2683,9 +2684,9 @@ - // - // The callback may use |SSL_get_ex_data_X509_STORE_CTX_idx| to recover the - // |SSL| object from |store_ctx|. --// OPENSSL_EXPORT void SSL_CTX_set_cert_verify_callback( --// SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *store_ctx, void *arg), --// void *arg); -+OPENSSL_EXPORT void SSL_CTX_set_cert_verify_callback( -+ SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *store_ctx, void *arg), -+ void *arg); - - // SSL_enable_signed_cert_timestamps causes |ssl| (which must be the client end - // of a connection) to request SCTs from the server. See -@@ -2707,7 +2708,7 @@ - // - // Call |SSL_get0_ocsp_response| to recover the OCSP response after the - // handshake. --// OPENSSL_EXPORT void SSL_enable_ocsp_stapling(SSL *ssl); -+OPENSSL_EXPORT void SSL_enable_ocsp_stapling(SSL *ssl); - - // SSL_CTX_enable_ocsp_stapling enables OCSP stapling on all client SSL objects - // created from |ctx|. -@@ -2742,9 +2743,9 @@ - // preference list when verifying signatures from the peer's long-term key. It - // returns one on zero on error. |prefs| should not include the internal-only - // value |SSL_SIGN_RSA_PKCS1_MD5_SHA1|. --// OPENSSL_EXPORT int SSL_CTX_set_verify_algorithm_prefs(SSL_CTX *ctx, --// const uint16_t *prefs, --// size_t num_prefs); -+OPENSSL_EXPORT int SSL_CTX_set_verify_algorithm_prefs(SSL_CTX *ctx, -+ const uint16_t *prefs, -+ size_t num_prefs); - - // SSL_set_verify_algorithm_prefs configures |ssl| to use |prefs| as the - // preference list when verifying signatures from the peer's long-term key. It -@@ -2768,13 +2769,13 @@ - - // SSL_set_client_CA_list sets |ssl|'s client certificate CA list to - // |name_list|. It takes ownership of |name_list|. --// OPENSSL_EXPORT void SSL_set_client_CA_list(SSL *ssl, --// STACK_OF(X509_NAME) *name_list); -+OPENSSL_EXPORT void SSL_set_client_CA_list(SSL *ssl, -+ STACK_OF(X509_NAME) *name_list); - - // SSL_CTX_set_client_CA_list sets |ctx|'s client certificate CA list to - // |name_list|. It takes ownership of |name_list|. --// OPENSSL_EXPORT void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, --// STACK_OF(X509_NAME) *name_list); -+OPENSSL_EXPORT void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, -+ STACK_OF(X509_NAME) *name_list); - - // SSL_set0_client_CAs sets |ssl|'s client certificate CA list to |name_list|, - // which should contain DER-encoded distinguished names (RFC 5280). It takes -@@ -2796,7 +2797,7 @@ - // the server. In this mode, the behavior is undefined except during the - // callbacks set by |SSL_CTX_set_cert_cb| and |SSL_CTX_set_client_cert_cb| or - // when the handshake is paused because of them. --// OPENSSL_EXPORT STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *ssl); -+OPENSSL_EXPORT STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *ssl); - - // SSL_get0_server_requested_CAs returns the CAs sent by a server to guide a - // client in certificate selection. They are a series of DER-encoded X.509 -@@ -2809,8 +2810,8 @@ - // SSL_get0_server_requested_CAs(const SSL *ssl); - - // SSL_CTX_get_client_CA_list returns |ctx|'s client certificate CA list. --// OPENSSL_EXPORT STACK_OF(X509_NAME) * --// SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); -+OPENSSL_EXPORT STACK_OF(X509_NAME) * -+ SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); - - // SSL_add_client_CA appends |x509|'s subject to the client certificate CA list. - // It returns one on success or zero on error. The caller retains ownership of -@@ -2834,8 +2835,8 @@ - // SSL_add_file_cert_subjects_to_stack behaves like |SSL_load_client_CA_file| - // but appends the result to |out|. It returns one on success or zero on - // error. --// OPENSSL_EXPORT int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *out, --// const char *file); -+OPENSSL_EXPORT int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *out, -+ const char *file); - - // SSL_add_bio_cert_subjects_to_stack behaves like - // |SSL_add_file_cert_subjects_to_stack| but reads from |bio|. -@@ -2850,16 +2851,16 @@ - // deployments to select one of a several certificates on a single IP. Only the - // host_name name type is supported. - --// #define TLSEXT_NAMETYPE_host_name 0 -+#define TLSEXT_NAMETYPE_host_name 0 - - // SSL_set_tlsext_host_name, for a client, configures |ssl| to advertise |name| - // in the server_name extension. It returns one on success and zero on error. --// OPENSSL_EXPORT int SSL_set_tlsext_host_name(SSL *ssl, const char *name); -+OPENSSL_EXPORT int SSL_set_tlsext_host_name(SSL *ssl, const char *name); - - // SSL_get_servername, for a server, returns the hostname supplied by the - // client or NULL if there was none. The |type| argument must be - // |TLSEXT_NAMETYPE_host_name|. --// OPENSSL_EXPORT const char *SSL_get_servername(const SSL *ssl, const int type); -+OPENSSL_EXPORT const char *SSL_get_servername(const SSL *ssl, const int type); - - // SSL_get_servername_type, for a server, returns |TLSEXT_NAMETYPE_host_name| - // if the client sent a hostname and -1 otherwise. -@@ -2876,12 +2877,12 @@ - // |SSL_TLSEXT_ERR_ALERT_FATAL|, then |*out_alert| is the alert to send, - // defaulting to |SSL_AD_UNRECOGNIZED_NAME|. |SSL_TLSEXT_ERR_ALERT_WARNING| is - // ignored and treated as |SSL_TLSEXT_ERR_OK|. --// OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_callback( --// SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg)); -+OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_callback( -+ SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg)); - - // SSL_CTX_set_tlsext_servername_arg sets the argument to the servername - // callback and returns one. See |SSL_CTX_set_tlsext_servername_callback|. --// OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); -+OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); - - // SSL_TLSEXT_ERR_* are values returned by some extension-related callbacks. - #ifdef ossl_SSL_TLSEXT_ERR_OK -@@ -2896,7 +2897,6 @@ - #ifdef ossl_SSL_TLSEXT_ERR_NOACK - #define SSL_TLSEXT_ERR_NOACK ossl_SSL_TLSEXT_ERR_NOACK - #endif -- - // SSL_set_SSL_CTX changes |ssl|'s |SSL_CTX|. |ssl| will use the - // certificate-related settings from |ctx|, and |SSL_get_SSL_CTX| will report - // |ctx|. This function may be used during the callbacks registered by -@@ -2910,7 +2910,7 @@ - // the session cache between different domains. - // - // TODO(davidben): Should other settings change after this call? --// OPENSSL_EXPORT SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); -+OPENSSL_EXPORT SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); - - - // Application-layer protocol negotiation. -@@ -2927,8 +2927,8 @@ - // - // WARNING: this function is dangerous because it breaks the usual return value - // convention. --// OPENSSL_EXPORT int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos, --// unsigned protos_len); -+OPENSSL_EXPORT int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos, -+ unsigned protos_len); - - // SSL_set_alpn_protos sets the client ALPN protocol list on |ssl| to |protos|. - // |protos| must be in wire-format (i.e. a series of non-empty, 8-bit -@@ -2938,8 +2938,8 @@ - // - // WARNING: this function is dangerous because it breaks the usual return value - // convention. --// OPENSSL_EXPORT int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, --// unsigned protos_len); -+OPENSSL_EXPORT int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, -+ unsigned protos_len); - - // SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is called - // during ClientHello processing in order to select an ALPN protocol from the -@@ -2971,18 +2971,18 @@ - // The cipher suite is selected before negotiating ALPN. The callback may use - // |SSL_get_pending_cipher| to query the cipher suite. This may be used to - // implement HTTP/2's cipher suite constraints. --// OPENSSL_EXPORT void SSL_CTX_set_alpn_select_cb( --// SSL_CTX *ctx, int (*cb)(SSL *ssl, const uint8_t **out, uint8_t *out_len, --// const uint8_t *in, unsigned in_len, void *arg), --// void *arg); -+OPENSSL_EXPORT void SSL_CTX_set_alpn_select_cb( -+ SSL_CTX *ctx, int (*cb)(SSL *ssl, const uint8_t **out, uint8_t *out_len, -+ const uint8_t *in, unsigned in_len, void *arg), -+ void *arg); - - // SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|. - // On return it sets |*out_data| to point to |*out_len| bytes of protocol name - // (not including the leading length-prefix byte). If the server didn't respond - // with a negotiated protocol then |*out_len| will be zero. --// OPENSSL_EXPORT void SSL_get0_alpn_selected(const SSL *ssl, --// const uint8_t **out_data, --// unsigned *out_len); -+OPENSSL_EXPORT void SSL_get0_alpn_selected(const SSL *ssl, -+ const uint8_t **out_data, -+ unsigned *out_len); - - // SSL_CTX_set_allow_unknown_alpn_protos configures client connections on |ctx| - // to allow unknown ALPN protocols from the server. Otherwise, by default, the -@@ -3144,10 +3144,10 @@ - // and returns |OPENSSL_NPN_NEGOTIATED|. Otherwise, it returns - // |OPENSSL_NPN_NO_OVERLAP| and sets |*out| and |*out_len| to the first - // supported protocol. --// OPENSSL_EXPORT int SSL_select_next_proto(uint8_t **out, uint8_t *out_len, --// const uint8_t *peer, unsigned peer_len, --// const uint8_t *supported, --// unsigned supported_len); -+OPENSSL_EXPORT int SSL_select_next_proto(uint8_t **out, uint8_t *out_len, -+ const uint8_t *peer, unsigned peer_len, -+ const uint8_t *supported, -+ unsigned supported_len); - - #ifdef ossl_OPENSSL_NPN_UNSUPPORTED - #define OPENSSL_NPN_UNSUPPORTED ossl_OPENSSL_NPN_UNSUPPORTED -@@ -4069,12 +4069,12 @@ - // - // See |ex_data.h| for details. - --// OPENSSL_EXPORT int SSL_set_ex_data(SSL *ssl, int idx, void *data); --// OPENSSL_EXPORT void *SSL_get_ex_data(const SSL *ssl, int idx); --// OPENSSL_EXPORT int SSL_get_ex_new_index(long argl, void *argp, --// CRYPTO_EX_unused *unused, --// CRYPTO_EX_dup *dup_unused, --// CRYPTO_EX_free *free_func); -+OPENSSL_EXPORT int SSL_set_ex_data(SSL *ssl, int idx, void *data); -+OPENSSL_EXPORT void *SSL_get_ex_data(const SSL *ssl, int idx); -+OPENSSL_EXPORT int SSL_get_ex_new_index(long argl, void *argp, -+ CRYPTO_EX_unused *unused, -+ CRYPTO_EX_dup *dup_unused, -+ CRYPTO_EX_free *free_func); - - // OPENSSL_EXPORT int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, - // void *data); -@@ -4085,8 +4085,8 @@ - // CRYPTO_EX_dup *dup_unused, - // CRYPTO_EX_free *free_func); - --// OPENSSL_EXPORT int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *data); --// OPENSSL_EXPORT void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx); -+OPENSSL_EXPORT int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *data); -+OPENSSL_EXPORT void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx); - // OPENSSL_EXPORT int SSL_CTX_get_ex_new_index(long argl, void *argp, - // CRYPTO_EX_unused *unused, - // CRYPTO_EX_dup *dup_unused, -@@ -4310,13 +4310,13 @@ - // such as HTTP/1.1, and not others, such as HTTP/2. - // OPENSSL_EXPORT void SSL_set_shed_handshake_config(SSL *ssl, int enable); - --// enum ssl_renegotiate_mode_t BORINGSSL_ENUM_INT { --// ssl_renegotiate_never = 0, --// ssl_renegotiate_once, --// ssl_renegotiate_freely, --// ssl_renegotiate_ignore, --// ssl_renegotiate_explicit, --// }; -+enum ssl_renegotiate_mode_t BORINGSSL_ENUM_INT { -+ ssl_renegotiate_never = 0, -+ ssl_renegotiate_once, -+ ssl_renegotiate_freely, -+ ssl_renegotiate_ignore, -+ ssl_renegotiate_explicit, -+}; - - // SSL_set_renegotiate_mode configures how |ssl|, a client, reacts to - // renegotiation attempts by a server. If |ssl| is a server, peer-initiated -@@ -4345,8 +4345,8 @@ - // - // There is no support in BoringSSL for initiating renegotiations as a client - // or server. --// OPENSSL_EXPORT void SSL_set_renegotiate_mode(SSL *ssl, --// enum ssl_renegotiate_mode_t mode); -+OPENSSL_EXPORT void SSL_set_renegotiate_mode(SSL *ssl, -+ enum ssl_renegotiate_mode_t mode); - - // SSL_renegotiate starts a deferred renegotiation on |ssl| if it was configured - // with |ssl_renegotiate_explicit| and has a pending HelloRequest. It returns -@@ -4407,45 +4407,45 @@ - // callbacks that are called very early on during the server handshake. At this - // point, much of the SSL* hasn't been filled out and only the ClientHello can - // be depended on. --// struct ssl_early_callback_ctx { --// SSL *ssl; --// const uint8_t *client_hello; --// size_t client_hello_len; --// uint16_t version; --// const uint8_t *random; --// size_t random_len; --// const uint8_t *session_id; --// size_t session_id_len; --// const uint8_t *cipher_suites; --// size_t cipher_suites_len; --// const uint8_t *compression_methods; --// size_t compression_methods_len; --// const uint8_t *extensions; --// size_t extensions_len; --// } /* SSL_CLIENT_HELLO */; -+struct ssl_early_callback_ctx { -+ SSL *ssl; -+ const uint8_t *client_hello; -+ size_t client_hello_len; -+ uint16_t version; -+ const uint8_t *random; -+ size_t random_len; -+ const uint8_t *session_id; -+ size_t session_id_len; -+ const uint8_t *cipher_suites; -+ size_t cipher_suites_len; -+ const uint8_t *compression_methods; -+ size_t compression_methods_len; -+ const uint8_t *extensions; -+ size_t extensions_len; -+} /* SSL_CLIENT_HELLO */; - - // ssl_select_cert_result_t enumerates the possible results from selecting a - // certificate with |select_certificate_cb|. --// enum ssl_select_cert_result_t BORINGSSL_ENUM_INT { --// // ssl_select_cert_success indicates that the certificate selection was --// // successful. --// ssl_select_cert_success = 1, --// // ssl_select_cert_retry indicates that the operation could not be --// // immediately completed and must be reattempted at a later point. --// ssl_select_cert_retry = 0, --// // ssl_select_cert_error indicates that a fatal error occured and the --// // handshake should be terminated. --// ssl_select_cert_error = -1, --// }; -+enum ssl_select_cert_result_t BORINGSSL_ENUM_INT { -+ // ssl_select_cert_success indicates that the certificate selection was -+ // successful. -+ ssl_select_cert_success = 1, -+ // ssl_select_cert_retry indicates that the operation could not be -+ // immediately completed and must be reattempted at a later point. -+ ssl_select_cert_retry = 0, -+ // ssl_select_cert_error indicates that a fatal error occured and the -+ // handshake should be terminated. -+ ssl_select_cert_error = -1, -+}; - - // SSL_early_callback_ctx_extension_get searches the extensions in - // |client_hello| for an extension of the given type. If not found, it returns - // zero. Otherwise it sets |out_data| to point to the extension contents (not - // including the type and length bytes), sets |out_len| to the length of the - // extension contents and returns one. --// OPENSSL_EXPORT int SSL_early_callback_ctx_extension_get( --// const SSL_CLIENT_HELLO *client_hello, uint16_t extension_type, --// const uint8_t **out_data, size_t *out_len); -+OPENSSL_EXPORT int SSL_early_callback_ctx_extension_get( -+ const SSL_CLIENT_HELLO *client_hello, uint16_t extension_type, -+ const uint8_t **out_data, size_t *out_len); - - // SSL_CTX_set_select_certificate_cb sets a callback that is called before most - // ClientHello processing and before the decision whether to resume a session -@@ -4461,9 +4461,9 @@ - // - // Note: The |SSL_CLIENT_HELLO| is only valid for the duration of the callback - // and is not valid while the handshake is paused. --// OPENSSL_EXPORT void SSL_CTX_set_select_certificate_cb( --// SSL_CTX *ctx, --// enum ssl_select_cert_result_t (*cb)(const SSL_CLIENT_HELLO *)); -+OPENSSL_EXPORT void SSL_CTX_set_select_certificate_cb( -+ SSL_CTX *ctx, -+ enum ssl_select_cert_result_t (*cb)(const SSL_CLIENT_HELLO *)); - - // SSL_CTX_set_dos_protection_cb sets a callback that is called once the - // resumption decision for a ClientHello has been made. It can return one to -@@ -4579,7 +4579,7 @@ - - // SSL_get_peer_signature_algorithm returns the signature algorithm used by the - // peer. If not applicable, it returns zero. --// OPENSSL_EXPORT uint16_t SSL_get_peer_signature_algorithm(const SSL *ssl); -+OPENSSL_EXPORT uint16_t SSL_get_peer_signature_algorithm(const SSL *ssl); - - // SSL_get_client_random writes up to |max_out| bytes of the most recent - // handshake's client_random to |out| and returns the number of bytes written. -@@ -4675,7 +4675,7 @@ - // responsible for calling |OPENSSL_free| on the result. - // - // Use |SSL_CIPHER_standard_name| instead. --// OPENSSL_EXPORT char *SSL_CIPHER_get_rfc_name(const SSL_CIPHER *cipher); -+OPENSSL_EXPORT char *SSL_CIPHER_get_rfc_name(const SSL_CIPHER *cipher); - - // typedef void COMP_METHOD; - // typedef struct ssl_comp_st SSL_COMP; -@@ -4713,8 +4713,8 @@ - - // These client- and server-specific methods call their corresponding generic - // methods. --// OPENSSL_EXPORT const SSL_METHOD *TLS_server_method(void); --// OPENSSL_EXPORT const SSL_METHOD *TLS_client_method(void); -+OPENSSL_EXPORT const SSL_METHOD *TLS_server_method(void); -+OPENSSL_EXPORT const SSL_METHOD *TLS_client_method(void); - // OPENSSL_EXPORT const SSL_METHOD *SSLv23_server_method(void); - // OPENSSL_EXPORT const SSL_METHOD *SSLv23_client_method(void); - // OPENSSL_EXPORT const SSL_METHOD *TLSv1_server_method(void); -@@ -4829,14 +4829,14 @@ - // i2d_SSL_SESSION serializes |in|, as described in |i2d_SAMPLE|. - // - // Use |SSL_SESSION_to_bytes| instead. --// OPENSSL_EXPORT int i2d_SSL_SESSION(SSL_SESSION *in, uint8_t **pp); -+OPENSSL_EXPORT int i2d_SSL_SESSION(SSL_SESSION *in, uint8_t **pp); - - // d2i_SSL_SESSION parses a serialized session from the |length| bytes pointed - // to by |*pp|, as described in |d2i_SAMPLE|. - // - // Use |SSL_SESSION_from_bytes| instead. --// OPENSSL_EXPORT SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, --// long length); -+OPENSSL_EXPORT SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, -+ long length); - - // i2d_SSL_SESSION_bio serializes |session| and writes the result to |bio|. It - // returns the number of bytes written on success and <= 0 on error. -@@ -4925,7 +4925,7 @@ - // This API is compatible with OpenSSL. However, BoringSSL-specific code should - // prefer |SSL_CTX_set_signing_algorithm_prefs| because it's clearer and it's - // more convenient to codesearch for specific algorithm values. --// OPENSSL_EXPORT int SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str); -+OPENSSL_EXPORT int SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str); - - // SSL_set1_sigalgs_list takes a textual specification of a set of signature - // algorithms and configures them on |ssl|. It returns one on success and zero -@@ -4940,14 +4940,14 @@ - // more convenient to codesearch for specific algorithm values. - // OPENSSL_EXPORT int SSL_set1_sigalgs_list(SSL *ssl, const char *str); - --// #define SSL_set_app_data(s, arg) (SSL_set_ex_data(s, 0, (char *)(arg))) --// #define SSL_get_app_data(s) (SSL_get_ex_data(s, 0)) -+#define SSL_set_app_data(s, arg) (SSL_set_ex_data(s, 0, (char *)(arg))) -+#define SSL_get_app_data(s) (SSL_get_ex_data(s, 0)) - // #define SSL_SESSION_set_app_data(s, a) \ - // (SSL_SESSION_set_ex_data(s, 0, (char *)(a))) - // #define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s, 0)) --// #define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx, 0)) --// #define SSL_CTX_set_app_data(ctx, arg) \ --// (SSL_CTX_set_ex_data(ctx, 0, (char *)(arg))) -+#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx, 0)) -+#define SSL_CTX_set_app_data(ctx, arg) \ -+ (SSL_CTX_set_ex_data(ctx, 0, (char *)(arg))) - - // #define OpenSSL_add_ssl_algorithms() SSL_library_init() - // #define SSLeay_add_ssl_algorithms() SSL_library_init() -@@ -4957,8 +4957,8 @@ - // SSL_CIPHER_get_bits(SSL_get_current_cipher(ssl), out_alg_bits) - // #define SSL_get_cipher_version(ssl) \ - // SSL_CIPHER_get_version(SSL_get_current_cipher(ssl)) --// #define SSL_get_cipher_name(ssl) \ --// SSL_CIPHER_get_name(SSL_get_current_cipher(ssl)) -+#define SSL_get_cipher_name(ssl) \ -+ SSL_CIPHER_get_name(SSL_get_current_cipher(ssl)) - // #define SSL_get_time(session) SSL_SESSION_get_time(session) - // #define SSL_set_time(session, time) SSL_SESSION_set_time((session), (time)) - // #define SSL_get_timeout(session) SSL_SESSION_get_timeout(session) -@@ -5075,7 +5075,7 @@ - - // SSL_get_version returns a string describing the TLS version used by |ssl|. - // For example, "TLSv1.2" or "DTLSv1". --// OPENSSL_EXPORT const char *SSL_get_version(const SSL *ssl); -+OPENSSL_EXPORT const char *SSL_get_version(const SSL *ssl); - - // SSL_get_cipher_list returns the name of the |n|th cipher in the output of - // |SSL_get_ciphers| or NULL if out of range. Use |SSL_get_ciphers| instead. -@@ -5255,14 +5255,14 @@ - // unresumable session which may be cached, but will never be resumed. - // - // If querying properties of the connection, use APIs on the |SSL| object. --// OPENSSL_EXPORT SSL_SESSION *SSL_get_session(const SSL *ssl); -+OPENSSL_EXPORT SSL_SESSION *SSL_get_session(const SSL *ssl); - - // SSL_get0_session is an alias for |SSL_get_session|. - // #define SSL_get0_session SSL_get_session - - // SSL_get1_session acts like |SSL_get_session| but returns a new reference to - // the session. --// OPENSSL_EXPORT SSL_SESSION *SSL_get1_session(SSL *ssl); -+OPENSSL_EXPORT SSL_SESSION *SSL_get1_session(SSL *ssl); - - // #define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0 - // #define OPENSSL_INIT_LOAD_SSL_STRINGS 0 -@@ -5330,9 +5330,9 @@ - // OCSP responses like other server credentials, such as certificates or SCT - // lists. Configure, store, and refresh them eagerly. This avoids downtime if - // the CA's OCSP responder is briefly offline. --// OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, --// int (*callback)(SSL *ssl, --// void *arg)); -+OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, -+ int (*callback)(SSL *ssl, -+ void *arg)); - - // SSL_CTX_set_tlsext_status_arg sets additional data for - // |SSL_CTX_set_tlsext_status_cb|'s callback and returns one. -@@ -5562,21 +5562,21 @@ - // #endif // !defined(BORINGSSL_PREFIX) - - --// #if defined(__cplusplus) --// } // extern C -+#if defined(__cplusplus) -+} // extern C - --// #if !defined(BORINGSSL_NO_CXX) -+#if !defined(BORINGSSL_NO_CXX) - --// extern "C++" { -+extern "C++" { - --// BSSL_NAMESPACE_BEGIN -+BSSL_NAMESPACE_BEGIN - --// BORINGSSL_MAKE_DELETER(SSL, SSL_free) --// BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free) -+BORINGSSL_MAKE_DELETER(SSL, SSL_free) -+BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free) - // BORINGSSL_MAKE_UP_REF(SSL_CTX, SSL_CTX_up_ref) - // BORINGSSL_MAKE_DELETER(SSL_ECH_KEYS, SSL_ECH_KEYS_free) - // BORINGSSL_MAKE_UP_REF(SSL_ECH_KEYS, SSL_ECH_KEYS_up_ref) --// BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free) -+BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free) - // BORINGSSL_MAKE_UP_REF(SSL_SESSION, SSL_SESSION_up_ref) - - // enum class OpenRecordResult { -@@ -5693,13 +5693,13 @@ - // Span *out_write_traffic_secret); - - --// BSSL_NAMESPACE_END -+BSSL_NAMESPACE_END - --// } // extern C++ -+} // extern C++ - --// #endif // !defined(BORINGSSL_NO_CXX) -+#endif // !defined(BORINGSSL_NO_CXX) - --// #endif -+#endif - - #ifdef ossl_SSL_R_APP_DATA_IN_HANDSHAKE - #define SSL_R_APP_DATA_IN_HANDSHAKE ossl_SSL_R_APP_DATA_IN_HANDSHAKE -@@ -6467,4 +6467,4 @@ - #define SSL_R_TLSV1_ALERT_ECH_REQUIRED ossl_SSL_R_TLSV1_ALERT_ECH_REQUIRED - #endif - --// #endif // OPENSSL_HEADER_SSL_H -+#endif // OPENSSL_HEADER_SSL_H diff --git a/bssl-compat/patch/include/openssl/ssl.h.sh b/bssl-compat/patch/include/openssl/ssl.h.sh index 319f71104c..9b8caa0043 100755 --- a/bssl-compat/patch/include/openssl/ssl.h.sh +++ b/bssl-compat/patch/include/openssl/ssl.h.sh @@ -1,27 +1,171 @@ #!/bin/bash -SUBSTITUTIONS+=('SSL_ERROR_[a-zA-Z0-9_]*') -SUBSTITUTIONS+=('SSL_MODE_[a-zA-Z0-9_]*') -SUBSTITUTIONS+=('SSL_AD_[a-zA-Z0-9_]*') -SUBSTITUTIONS+=('DTLS1_VERSION_MAJOR') -SUBSTITUTIONS+=('SSL3_VERSION_MAJOR') -SUBSTITUTIONS+=('SSL3_VERSION') -SUBSTITUTIONS+=('TLS1_VERSION') -SUBSTITUTIONS+=('TLS1_1_VERSION') -SUBSTITUTIONS+=('TLS1_2_VERSION') -SUBSTITUTIONS+=('TLS1_3_VERSION') -SUBSTITUTIONS+=('DTLS1_VERSION') -SUBSTITUTIONS+=('DTLS1_2_VERSION') -SUBSTITUTIONS+=('SSL_R_[a-zA-Z0-9_]*') -SUBSTITUTIONS+=('SSL_TLSEXT_ERR_[A-Z_]*') -SUBSTITUTIONS+=('SSL_SESS_CACHE_[A-Z_]*') -SUBSTITUTIONS+=('OPENSSL_NPN_[A-Z_]*') -SUBSTITUTIONS+=('SSL_OP_[a-zA-Z0-9_]*') +set -euo pipefail -EXPRE='s|^//[ \t]#[ \t]*define[ \t]*[^a-zA-Z0-9_]\(' -EXPOST='\)[^a-zA-Z0-9_].*$|#ifdef ossl_\1\n#define \1 ossl_\1\n#endif|' - -for SUBSTITUTION in "${SUBSTITUTIONS[@]}" -do - sed -i -e "${EXPRE}${SUBSTITUTION}${EXPOST}" "$1" -done +uncomment.sh "$1" --comment -h \ + --uncomment-func-decl TLS_method \ + --uncomment-func-decl DTLS_method \ + --uncomment-func-decl SSL_write \ + --uncomment-func-decl SSL_version \ + --uncomment-func-decl SSL_shutdown \ + --uncomment-func-decl SSL_set1_curves_list \ + --uncomment-func-decl SSL_set0_wbio \ + --uncomment-func-decl SSL_set0_rbio \ + --uncomment-func-decl SSL_set_verify \ + --uncomment-func-decl SSL_set_tlsext_host_name \ + --uncomment-func-decl SSL_set_session \ + --uncomment-func-decl SSL_set_quiet_shutdown \ + --uncomment-func-decl SSL_set_fd \ + --uncomment-func-decl SSL_set_ex_data \ + --uncomment-func-decl SSL_set_connect_state \ + --uncomment-func-decl SSL_set_cipher_list \ + --uncomment-func-decl SSL_set_cert_cb \ + --uncomment-func-decl SSL_set_bio \ + --uncomment-macro SSL_set_app_data \ + --uncomment-func-decl SSL_set_alpn_protos \ + --uncomment-func-decl SSL_set_accept_state \ + --uncomment-func-decl SSL_session_reused \ + --uncomment-func-decl SSL_SESSION_is_resumable \ + --uncomment-func-decl SSL_SESSION_get_ticket_lifetime_hint \ + --uncomment-func-decl SSL_SESSION_get_id \ + --uncomment-func-decl SSL_SESSION_free \ + --uncomment-func-decl SSL_select_next_proto \ + --uncomment-func-decl SSL_read \ + --uncomment-func-decl SSL_new \ + --uncomment-func-decl SSL_get1_session \ + --uncomment-func-decl SSL_get0_alpn_selected \ + --uncomment-func-decl SSL_get_version \ + --uncomment-func-decl SSL_get_SSL_CTX \ + --uncomment-func-decl SSL_get_session \ + --uncomment-func-decl SSL_get_servername \ + --uncomment-func-decl SSL_get_peer_certificate \ + --uncomment-func-decl SSL_get_ex_new_index \ + --uncomment-func-decl SSL_get_ex_data \ + --uncomment-func-decl SSL_get_ex_data_X509_STORE_CTX_idx \ + --uncomment-func-decl SSL_get_error \ + --uncomment-func-decl SSL_get_current_cipher \ + --uncomment-func-decl SSL_get_client_CA_list \ + --uncomment-macro SSL_get_cipher_name \ + --uncomment-func-decl SSL_get_certificate \ + --uncomment-macro SSL_get_app_data \ + --uncomment-func-decl SSL_do_handshake \ + --uncomment-func-decl SSL_CTX_use_PrivateKey \ + --uncomment-func-decl SSL_CTX_use_PrivateKey_file \ + --uncomment-func-decl SSL_CTX_use_certificate \ + --uncomment-func-decl SSL_CTX_use_certificate_file \ + --uncomment-func-decl SSL_CTX_set1_curves_list \ + --uncomment-func-decl SSL_CTX_set_verify \ + --uncomment-func-decl SSL_CTX_set_verify_depth \ + --uncomment-func-decl SSL_CTX_set_tlsext_ticket_key_cb \ + --uncomment-func-decl SSL_CTX_set_tlsext_servername_callback \ + --uncomment-func-decl SSL_CTX_set_timeout \ + --uncomment-func-decl SSL_CTX_set_session_id_context \ + --uncomment-func-decl SSL_CTX_set_session_cache_mode \ + --uncomment-func-decl SSL_CTX_set_options \ + --uncomment-func-decl SSL_CTX_set_min_proto_version \ + --uncomment-func-decl SSL_CTX_set_max_proto_version \ + --uncomment-func-decl SSL_CTX_set_client_CA_list \ + --uncomment-func-decl SSL_CTX_set_cert_verify_callback \ + --uncomment-macro SSL_CTX_set_app_data \ + --uncomment-func-decl SSL_CTX_set_alpn_select_cb \ + --uncomment-func-decl SSL_CTX_set_alpn_protos \ + --uncomment-func-decl SSL_CTX_sess_set_new_cb \ + --uncomment-func-decl SSL_CTX_new \ + --uncomment-func-decl SSL_CTX_up_ref \ + --uncomment-func-decl SSL_CTX_get0_param \ + --uncomment-func-decl SSL_CTX_get_verify_mode \ + --uncomment-func-decl SSL_CTX_get_options \ + --uncomment-func-decl SSL_CTX_get_client_CA_list \ + --uncomment-func-decl SSL_CTX_get_ciphers \ + --uncomment-func-decl SSL_CTX_get_cert_store \ + --uncomment-macro SSL_CTX_get_app_data \ + --uncomment-func-decl SSL_CTX_free \ + --uncomment-func-decl SSL_CTX_add_extra_chain_cert \ + --uncomment-func-decl SSL_CIPHER_get_name \ + --uncomment-func-decl SSL_CIPHER_get_id \ + --uncomment-func-decl SSL_CIPHER_get_auth_nid \ + --uncomment-func-decl SSL_CTX_set_select_certificate_cb \ + --uncomment-func-decl SSL_CIPHER_get_min_version \ + --uncomment-func-decl SSL_get_peer_full_cert_chain \ + --uncomment-func-decl SSL_set_ocsp_response \ + --uncomment-func-decl SSL_set_renegotiate_mode \ + --uncomment-func-decl SSL_CTX_get0_certificate \ + --uncomment-func-decl SSL_enable_ocsp_stapling \ + --uncomment-func-decl SSL_error_description \ + --uncomment-func-decl SSL_SESSION_should_be_single_use \ + --uncomment-func-decl SSL_set_SSL_CTX \ + --uncomment-func-decl TLS_with_buffers_method \ + --uncomment-func-decl SSL_get_signature_algorithm_digest \ + --uncomment-func-decl SSL_get_signature_algorithm_key_type \ + --uncomment-func-decl SSL_is_signature_algorithm_rsa_pss \ + --uncomment-func-decl SSL_CTX_set_strict_cipher_list \ + --uncomment-func-decl SSL_CTX_set_verify_algorithm_prefs \ + --uncomment-func-decl SSL_early_callback_ctx_extension_get \ + --uncomment-func-decl SSL_get_cipher_by_value \ + --uncomment-func-decl SSL_get_curve_id \ + --uncomment-func-decl SSL_get_curve_name \ + --uncomment-func-decl SSL_get_peer_signature_algorithm \ + --uncomment-func-decl SSL_get_signature_algorithm_name \ + --uncomment-func-decl SSL_get0_ocsp_response \ + --uncomment-func-decl SSL_set_chain_and_key \ + --uncomment-func-decl SSL_SESSION_from_bytes \ + --uncomment-func-decl SSL_is_server \ + --uncomment-func-decl SSL_get_wbio \ + --uncomment-func-decl SSL_connect \ + --uncomment-func-decl SSL_accept \ + --uncomment-func-decl SSL_free \ + --uncomment-macro-redef 'SSL_ERROR_[[:alnum:]_]*' \ + --uncomment-macro-redef '\(DTLS1\|DTLS1_2\|SSL3\|TLS1\|TLS1_1\|TLS1_2\|TLS1_3\)_VERSION' \ + --uncomment-macro-redef '\(DTLS1\|SSL3\)_VERSION_MAJOR' \ + --uncomment-func-decl SSL_CTX_get_min_proto_version \ + --uncomment-func-decl SSL_CTX_get_max_proto_version \ + --uncomment-macro-redef 'SSL_OP_[[:alnum:]_]*' \ + --uncomment-macro-redef 'SSL_MODE_[[:alnum:]_]*' \ + --uncomment-macro 'SSL_SIGN_[[:alnum:]_]*' \ + --uncomment-macro-redef 'SSL_FILETYPE_[[:alnum:]_]*' \ + --uncomment-func-decl SSL_CTX_use_certificate_chain_file \ + --uncomment-enum ssl_private_key_result_t \ + --uncomment-regex 'DEFINE_CONST_STACK_OF(SSL_CIPHER)' \ + --uncomment-func-decl SSL_CIPHER_get_cipher_nid \ + --uncomment-func-decl SSL_CIPHER_get_digest_nid \ + --uncomment-func-decl SSL_CIPHER_get_kx_nid \ + --uncomment-func-decl SSL_CIPHER_get_prf_nid \ + --uncomment-func-decl SSL_CIPHER_standard_name \ + --uncomment-func-decl SSL_CTX_set_cipher_list \ + --uncomment-func-decl SSL_get_ciphers \ + --uncomment-func-decl SSL_get_peer_cert_chain \ + --uncomment-func-decl SSL_SESSION_new \ + --uncomment-func-decl SSL_SESSION_to_bytes \ + --uncomment-func-decl SSL_SESSION_get_version \ + --uncomment-func-decl SSL_SESSION_set_protocol_version \ + --uncomment-macro-redef 'SSL_SESS_[[:alnum:]_]*' \ + --uncomment-func-decl SSL_set_session_id_context \ + --uncomment-func-decl SSL_CTX_set_tlsext_ticket_keys \ + --uncomment-macro 'SSL_CURVE_SECP[0-9]*R1' \ + --uncomment-macro 'SSL_CURVE_X25519' \ + --uncomment-macro-redef 'SSL_VERIFY_[[:alnum:]_]*' \ + --uncomment-func-decl SSL_CTX_load_verify_locations \ + --uncomment-func-decl SSL_set_client_CA_list \ + --uncomment-func-decl SSL_add_file_cert_subjects_to_stack \ + --uncomment-macro TLSEXT_NAMETYPE_host_name \ + --uncomment-func-decl SSL_CTX_set_tlsext_servername_arg \ + --uncomment-macro-redef 'SSL_TLSEXT_ERR_[[:alnum:]_]*' \ + --uncomment-macro-redef 'OPENSSL_NPN_[[:alnum:]_]*' \ + --uncomment-macro-redef 'SSL_AD_[[:alnum:]_]*' \ + --uncomment-func-decl SSL_CTX_set_ex_data \ + --uncomment-func-decl SSL_CTX_get_ex_data \ + --uncomment-enum ssl_renegotiate_mode_t \ + --uncomment-struct ssl_early_callback_ctx \ + --uncomment-enum ssl_select_cert_result_t \ + --uncomment-func-decl SSL_CIPHER_get_rfc_name \ + --uncomment-func-decl TLS_server_method \ + --uncomment-func-decl TLS_client_method \ + --uncomment-func-decl i2d_SSL_SESSION \ + --uncomment-func-decl d2i_SSL_SESSION \ + --uncomment-func-decl SSL_CTX_set1_sigalgs_list \ + --uncomment-func-decl SSL_CTX_set_tlsext_status_cb \ + --uncomment-macro-redef 'SSL_R_[[:alnum:]_]*' \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(SSL,' \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(SSL_CTX,' \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(SSL_SESSION,' \ + diff --git a/bssl-compat/patch/include/openssl/stack.h.patch b/bssl-compat/patch/include/openssl/stack.h.patch index 41f6c1a67c..dbe44cff89 100644 --- a/bssl-compat/patch/include/openssl/stack.h.patch +++ b/bssl-compat/patch/include/openssl/stack.h.patch @@ -1,767 +1,41 @@ --- a/include/openssl/stack.h +++ b/include/openssl/stack.h -@@ -54,16 +54,16 @@ - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - --// #ifndef OPENSSL_HEADER_STACK_H --// #define OPENSSL_HEADER_STACK_H -+#ifndef OPENSSL_HEADER_STACK_H -+#define OPENSSL_HEADER_STACK_H - --// #include -+#include - --// #include -+#include - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // A stack, in OpenSSL, is an array of pointers. They are the most commonly -@@ -89,12 +89,12 @@ - // stack_free_func is a function that frees an element in a stack. Note its - // actual type is void (*)(T *) for some T. Low-level |sk_*| functions will be - // passed a type-specific wrapper to call it correctly. --// typedef void (*stack_free_func)(void *ptr); -+typedef void (*stack_free_func)(void *ptr); - - // stack_copy_func is a function that copies an element in a stack. Note its - // actual type is T *(*)(T *) for some T. Low-level |sk_*| functions will be - // passed a type-specific wrapper to call it correctly. --// typedef void *(*stack_copy_func)(void *ptr); -+typedef void *(*stack_copy_func)(void *ptr); - - // stack_cmp_func is a comparison function that returns a value < 0, 0 or > 0 - // if |*a| is less than, equal to or greater than |*b|, respectively. Note the -@@ -106,88 +106,73 @@ - // - // TODO(davidben): This type should be |const T *const *|. It is already fixed - // in OpenSSL 1.1.1, so hopefully we can fix this compatibly. --// typedef int (*stack_cmp_func)(const void **a, const void **b); -+typedef int (*stack_cmp_func)(const void **a, const void **b); - - // The following function types call the above type-erased signatures with the - // true types. --// typedef void (*stack_call_free_func)(stack_free_func, void *); --// typedef void *(*stack_call_copy_func)(stack_copy_func, void *); --// typedef int (*stack_call_cmp_func)(stack_cmp_func, const void *const *, --// const void *const *); -- --// stack_st contains an array of pointers. It is not designed to be used --// directly, rather the wrapper macros should be used. --// typedef struct stack_st { --// // num contains the number of valid pointers in |data|. --// size_t num; --// void **data; --// // sorted is non-zero if the values pointed to by |data| are in ascending --// // order, based on |comp|. --// int sorted; --// // num_alloc contains the number of pointers allocated in the buffer pointed --// // to by |data|, which may be larger than |num|. --// size_t num_alloc; --// // comp is an optional comparison function. --// stack_cmp_func comp; --// } _STACK; -+typedef void (*stack_call_free_func)(stack_free_func, void *); -+typedef void *(*stack_call_copy_func)(stack_copy_func, void *); -+typedef int (*stack_call_cmp_func)(stack_cmp_func, const void *const *, -+ const void *const *); - -+typedef ossl_OPENSSL_STACK _STACK; - --// #define STACK_OF(type) struct stack_st_##type -+#define STACK_OF(type) struct stack_st_##type - --// #define DECLARE_STACK_OF(type) STACK_OF(type); -+#define DECLARE_STACK_OF(type) STACK_OF(type); - - // These are the raw stack functions, you shouldn't be using them. Rather you - // should be using the type stack macros implemented above. - - // sk_new creates a new, empty stack with the given comparison function, which - // may be zero. It returns the new stack or NULL on allocation failure. --// OPENSSL_EXPORT _STACK *sk_new(stack_cmp_func comp); -+OPENSSL_EXPORT _STACK *sk_new(stack_cmp_func comp); - - // sk_new_null creates a new, empty stack. It returns the new stack or NULL on - // allocation failure. --// OPENSSL_EXPORT _STACK *sk_new_null(void); -+OPENSSL_EXPORT _STACK *sk_new_null(void); - - // sk_num returns the number of elements in |s|. --// OPENSSL_EXPORT size_t sk_num(const _STACK *sk); -+OPENSSL_EXPORT size_t sk_num(const _STACK *sk); - - // sk_zero resets |sk| to the empty state but does nothing to free the - // individual elements themselves. --// OPENSSL_EXPORT void sk_zero(_STACK *sk); -+OPENSSL_EXPORT void sk_zero(_STACK *sk); - - // sk_value returns the |i|th pointer in |sk|, or NULL if |i| is out of - // range. --// OPENSSL_EXPORT void *sk_value(const _STACK *sk, size_t i); -+OPENSSL_EXPORT void *sk_value(const _STACK *sk, size_t i); - - // sk_set sets the |i|th pointer in |sk| to |p| and returns |p|. If |i| is out - // of range, it returns NULL. --// OPENSSL_EXPORT void *sk_set(_STACK *sk, size_t i, void *p); -+OPENSSL_EXPORT void *sk_set(_STACK *sk, size_t i, void *p); - - // sk_free frees the given stack and array of pointers, but does nothing to - // free the individual elements. Also see |sk_pop_free_ex|. --// OPENSSL_EXPORT void sk_free(_STACK *sk); -+OPENSSL_EXPORT void sk_free(_STACK *sk); - - // sk_pop_free_ex calls |free_func| on each element in the stack and then frees - // the stack itself. Note this corresponds to |sk_FOO_pop_free|. It is named - // |sk_pop_free_ex| as a workaround for existing code calling an older version - // of |sk_pop_free|. --// OPENSSL_EXPORT void sk_pop_free_ex(_STACK *sk, --// stack_call_free_func call_free_func, --// stack_free_func free_func); -+OPENSSL_EXPORT void sk_pop_free_ex(_STACK *sk, -+ stack_call_free_func call_free_func, -+ stack_free_func free_func); - - // sk_insert inserts |p| into the stack at index |where|, moving existing - // elements if needed. It returns the length of the new stack, or zero on - // error. --// OPENSSL_EXPORT size_t sk_insert(_STACK *sk, void *p, size_t where); -+OPENSSL_EXPORT size_t sk_insert(_STACK *sk, void *p, size_t where); - - // sk_delete removes the pointer at index |where|, moving other elements down - // if needed. It returns the removed pointer, or NULL if |where| is out of - // range. --// OPENSSL_EXPORT void *sk_delete(_STACK *sk, size_t where); -+OPENSSL_EXPORT void *sk_delete(_STACK *sk, size_t where); - - // sk_delete_ptr removes, at most, one instance of |p| from the stack based on - // pointer equality. If an instance of |p| is found then |p| is returned, - // otherwise it returns NULL. --// OPENSSL_EXPORT void *sk_delete_ptr(_STACK *sk, const void *p); -+OPENSSL_EXPORT void *sk_delete_ptr(_STACK *sk, const void *p); - - // sk_find returns the first value in the stack equal to |p|. If a comparison - // function has been set on the stack, equality is defined by it, otherwise -@@ -200,46 +185,46 @@ - // Note this differs from OpenSSL. The type signature is slightly different, and - // OpenSSL's sk_find will implicitly sort |sk| if it has a comparison function - // defined. --// OPENSSL_EXPORT int sk_find(const _STACK *sk, size_t *out_index, const void *p, --// stack_call_cmp_func call_cmp_func); -+OPENSSL_EXPORT int sk_find(const _STACK *sk, size_t *out_index, const void *p, -+ stack_call_cmp_func call_cmp_func); - - // sk_shift removes and returns the first element in the stack, or returns NULL - // if the stack is empty. --// OPENSSL_EXPORT void *sk_shift(_STACK *sk); -+OPENSSL_EXPORT void *sk_shift(_STACK *sk); - - // sk_push appends |p| to the stack and returns the length of the new stack, or - // 0 on allocation failure. --// OPENSSL_EXPORT size_t sk_push(_STACK *sk, void *p); -+OPENSSL_EXPORT size_t sk_push(_STACK *sk, void *p); - - // sk_pop returns and removes the last element on the stack, or NULL if the - // stack is empty. --// OPENSSL_EXPORT void *sk_pop(_STACK *sk); -+OPENSSL_EXPORT void *sk_pop(_STACK *sk); - - // sk_dup performs a shallow copy of a stack and returns the new stack, or NULL - // on error. --// OPENSSL_EXPORT _STACK *sk_dup(const _STACK *sk); -+OPENSSL_EXPORT _STACK *sk_dup(const _STACK *sk); - - // sk_sort sorts the elements of |sk| into ascending order based on the - // comparison function. The stack maintains a |sorted| flag and sorting an - // already sorted stack is a no-op. --// OPENSSL_EXPORT void sk_sort(_STACK *sk, stack_call_cmp_func call_cmp_func); -+OPENSSL_EXPORT void sk_sort(_STACK *sk, stack_call_cmp_func call_cmp_func); - - // sk_is_sorted returns one if |sk| is known to be sorted and zero - // otherwise. --// OPENSSL_EXPORT int sk_is_sorted(const _STACK *sk); -+OPENSSL_EXPORT int sk_is_sorted(const _STACK *sk); - - // sk_set_cmp_func sets the comparison function to be used by |sk| and returns - // the previous one. --// OPENSSL_EXPORT stack_cmp_func sk_set_cmp_func(_STACK *sk, stack_cmp_func comp); -+OPENSSL_EXPORT stack_cmp_func sk_set_cmp_func(_STACK *sk, stack_cmp_func comp); - - // sk_deep_copy performs a copy of |sk| and of each of the non-NULL elements in - // |sk| by using |copy_func|. If an error occurs, |free_func| is used to free - // any copies already made and NULL is returned. --// OPENSSL_EXPORT _STACK *sk_deep_copy(const _STACK *sk, --// stack_call_copy_func call_copy_func, --// stack_copy_func copy_func, --// stack_call_free_func call_free_func, --// stack_free_func free_func); -+OPENSSL_EXPORT _STACK *sk_deep_copy(const _STACK *sk, -+ stack_call_copy_func call_copy_func, -+ stack_copy_func copy_func, -+ stack_call_free_func call_free_func, -+ stack_free_func free_func); - - - // Deprecated functions. -@@ -257,185 +242,185 @@ - // This set of macros is used to emit the typed functions that act on a - // |STACK_OF(T)|. - --// #if !defined(BORINGSSL_NO_CXX) --// extern "C++" { --// BSSL_NAMESPACE_BEGIN --// namespace internal { --// template --// struct StackTraits {}; --// } --// BSSL_NAMESPACE_END --// } -- --// #define BORINGSSL_DEFINE_STACK_TRAITS(name, type, is_const) \ --// extern "C++" { \ --// BSSL_NAMESPACE_BEGIN \ --// namespace internal { \ --// template <> \ --// struct StackTraits { \ --// static constexpr bool kIsStack = true; \ --// using Type = type; \ --// static constexpr bool kIsConst = is_const; \ --// }; \ --// } \ --// BSSL_NAMESPACE_END \ --// } -- --// #else --// #define BORINGSSL_DEFINE_STACK_TRAITS(name, type, is_const) --// #endif -- --// #define BORINGSSL_DEFINE_STACK_OF_IMPL(name, ptrtype, constptrtype) \ --// /* We disable MSVC C4191 in this macro, which warns when pointers are cast \ --// * to the wrong type. While the cast itself is valid, it is often a bug \ --// * because calling it through the cast is UB. However, we never actually \ --// * call functions as |stack_cmp_func|. The type is just a type-erased \ --// * function pointer. (C does not guarantee function pointers fit in \ --// * |void*|, and GCC will warn on this.) Thus we just disable the false \ --// * positive warning. */ \ --// OPENSSL_MSVC_PRAGMA(warning(push)) \ --// OPENSSL_MSVC_PRAGMA(warning(disable : 4191)) \ --// \ --// DECLARE_STACK_OF(name) \ --// \ --// typedef void (*stack_##name##_free_func)(ptrtype); \ --// typedef ptrtype (*stack_##name##_copy_func)(ptrtype); \ --// typedef int (*stack_##name##_cmp_func)(constptrtype *a, constptrtype *b); \ --// \ --// OPENSSL_INLINE void sk_##name##_call_free_func(stack_free_func free_func, \ --// void *ptr) { \ --// ((stack_##name##_free_func)free_func)((ptrtype)ptr); \ --// } \ --// \ --// OPENSSL_INLINE void *sk_##name##_call_copy_func(stack_copy_func copy_func, \ --// void *ptr) { \ --// return (void *)((stack_##name##_copy_func)copy_func)((ptrtype)ptr); \ --// } \ --// \ --// OPENSSL_INLINE int sk_##name##_call_cmp_func( \ --// stack_cmp_func cmp_func, const void *const *a, const void *const *b) { \ --// /* The data is actually stored as |void*| pointers, so read the pointer \ --// * as |void*| and then pass the corrected type into the caller-supplied \ --// * function, which expects |constptrtype*|. */ \ --// constptrtype a_ptr = (constptrtype)*a; \ --// constptrtype b_ptr = (constptrtype)*b; \ --// return ((stack_##name##_cmp_func)cmp_func)(&a_ptr, &b_ptr); \ --// } \ --// \ --// OPENSSL_INLINE STACK_OF(name) *sk_##name##_new( \ --// stack_##name##_cmp_func comp) { \ --// return (STACK_OF(name) *)sk_new((stack_cmp_func)comp); \ --// } \ --// \ --// OPENSSL_INLINE STACK_OF(name) *sk_##name##_new_null(void) { \ --// return (STACK_OF(name) *)sk_new_null(); \ --// } \ --// \ --// OPENSSL_INLINE size_t sk_##name##_num(const STACK_OF(name) *sk) { \ --// return sk_num((const _STACK *)sk); \ --// } \ --// \ --// OPENSSL_INLINE void sk_##name##_zero(STACK_OF(name) *sk) { \ --// sk_zero((_STACK *)sk); \ --// } \ --// \ --// OPENSSL_INLINE ptrtype sk_##name##_value(const STACK_OF(name) *sk, \ --// size_t i) { \ --// return (ptrtype)sk_value((const _STACK *)sk, i); \ --// } \ --// \ --// OPENSSL_INLINE ptrtype sk_##name##_set(STACK_OF(name) *sk, size_t i, \ --// ptrtype p) { \ --// return (ptrtype)sk_set((_STACK *)sk, i, (void *)p); \ --// } \ --// \ --// OPENSSL_INLINE void sk_##name##_free(STACK_OF(name) *sk) { \ --// sk_free((_STACK *)sk); \ --// } \ --// \ --// OPENSSL_INLINE void sk_##name##_pop_free( \ --// STACK_OF(name) *sk, stack_##name##_free_func free_func) { \ --// sk_pop_free_ex((_STACK *)sk, sk_##name##_call_free_func, \ --// (stack_free_func)free_func); \ --// } \ --// \ --// OPENSSL_INLINE size_t sk_##name##_insert(STACK_OF(name) *sk, ptrtype p, \ --// size_t where) { \ --// return sk_insert((_STACK *)sk, (void *)p, where); \ --// } \ --// \ --// OPENSSL_INLINE ptrtype sk_##name##_delete(STACK_OF(name) *sk, \ --// size_t where) { \ --// return (ptrtype)sk_delete((_STACK *)sk, where); \ --// } \ --// \ --// OPENSSL_INLINE ptrtype sk_##name##_delete_ptr(STACK_OF(name) *sk, \ --// constptrtype p) { \ --// return (ptrtype)sk_delete_ptr((_STACK *)sk, (const void *)p); \ --// } \ --// \ --// OPENSSL_INLINE int sk_##name##_find(const STACK_OF(name) *sk, \ --// size_t *out_index, constptrtype p) { \ --// return sk_find((const _STACK *)sk, out_index, (const void *)p, \ --// sk_##name##_call_cmp_func); \ --// } \ --// \ --// OPENSSL_INLINE ptrtype sk_##name##_shift(STACK_OF(name) *sk) { \ --// return (ptrtype)sk_shift((_STACK *)sk); \ --// } \ --// \ --// OPENSSL_INLINE size_t sk_##name##_push(STACK_OF(name) *sk, ptrtype p) { \ --// return sk_push((_STACK *)sk, (void *)p); \ --// } \ --// \ --// OPENSSL_INLINE ptrtype sk_##name##_pop(STACK_OF(name) *sk) { \ --// return (ptrtype)sk_pop((_STACK *)sk); \ --// } \ --// \ --// OPENSSL_INLINE STACK_OF(name) *sk_##name##_dup(const STACK_OF(name) *sk) { \ --// return (STACK_OF(name) *)sk_dup((const _STACK *)sk); \ --// } \ --// \ --// OPENSSL_INLINE void sk_##name##_sort(STACK_OF(name) *sk) { \ --// sk_sort((_STACK *)sk, sk_##name##_call_cmp_func); \ --// } \ --// \ --// OPENSSL_INLINE int sk_##name##_is_sorted(const STACK_OF(name) *sk) { \ --// return sk_is_sorted((const _STACK *)sk); \ --// } \ --// \ --// OPENSSL_INLINE stack_##name##_cmp_func sk_##name##_set_cmp_func( \ --// STACK_OF(name) *sk, stack_##name##_cmp_func comp) { \ --// return (stack_##name##_cmp_func)sk_set_cmp_func((_STACK *)sk, \ --// (stack_cmp_func)comp); \ --// } \ --// \ --// OPENSSL_INLINE STACK_OF(name) *sk_##name##_deep_copy( \ --// const STACK_OF(name) *sk, ptrtype (*copy_func)(ptrtype), \ --// void (*free_func)(ptrtype)) { \ --// return (STACK_OF(name) *)sk_deep_copy( \ --// (const _STACK *)sk, sk_##name##_call_copy_func, \ --// (stack_copy_func)copy_func, sk_##name##_call_free_func, \ --// (stack_free_func)free_func); \ --// } \ --// \ --// OPENSSL_MSVC_PRAGMA(warning(pop)) -+#if !defined(BORINGSSL_NO_CXX) -+extern "C++" { -+BSSL_NAMESPACE_BEGIN -+namespace internal { -+template -+struct StackTraits {}; -+} -+BSSL_NAMESPACE_END -+} -+ -+#define BORINGSSL_DEFINE_STACK_TRAITS(name, type, is_const) \ -+ extern "C++" { \ -+ BSSL_NAMESPACE_BEGIN \ -+ namespace internal { \ -+ template <> \ -+ struct StackTraits { \ -+ static constexpr bool kIsStack = true; \ -+ using Type = type; \ -+ static constexpr bool kIsConst = is_const; \ -+ }; \ -+ } \ -+ BSSL_NAMESPACE_END \ -+ } -+ -+#else -+#define BORINGSSL_DEFINE_STACK_TRAITS(name, type, is_const) -+#endif -+ -+#define BORINGSSL_DEFINE_STACK_OF_IMPL(name, ptrtype, constptrtype) \ -+ /* We disable MSVC C4191 in this macro, which warns when pointers are cast \ -+ * to the wrong type. While the cast itself is valid, it is often a bug \ -+ * because calling it through the cast is UB. However, we never actually \ -+ * call functions as |stack_cmp_func|. The type is just a type-erased \ -+ * function pointer. (C does not guarantee function pointers fit in \ -+ * |void*|, and GCC will warn on this.) Thus we just disable the false \ -+ * positive warning. */ \ -+ OPENSSL_MSVC_PRAGMA(warning(push)) \ -+ OPENSSL_MSVC_PRAGMA(warning(disable : 4191)) \ -+ \ -+ DECLARE_STACK_OF(name) \ -+ \ -+ typedef void (*stack_##name##_free_func)(ptrtype); \ -+ typedef ptrtype (*stack_##name##_copy_func)(ptrtype); \ -+ typedef int (*stack_##name##_cmp_func)(constptrtype *a, constptrtype *b); \ -+ \ -+ OPENSSL_INLINE void sk_##name##_call_free_func(stack_free_func free_func, \ -+ void *ptr) { \ -+ ((stack_##name##_free_func)free_func)((ptrtype)ptr); \ -+ } \ -+ \ -+ OPENSSL_INLINE void *sk_##name##_call_copy_func(stack_copy_func copy_func, \ -+ void *ptr) { \ -+ return (void *)((stack_##name##_copy_func)copy_func)((ptrtype)ptr); \ -+ } \ -+ \ -+ OPENSSL_INLINE int sk_##name##_call_cmp_func( \ -+ stack_cmp_func cmp_func, const void *const *a, const void *const *b) { \ -+ /* The data is actually stored as |void*| pointers, so read the pointer \ -+ * as |void*| and then pass the corrected type into the caller-supplied \ -+ * function, which expects |constptrtype*|. */ \ -+ constptrtype a_ptr = (constptrtype)*a; \ -+ constptrtype b_ptr = (constptrtype)*b; \ -+ return ((stack_##name##_cmp_func)cmp_func)(&a_ptr, &b_ptr); \ -+ } \ -+ \ -+ OPENSSL_INLINE STACK_OF(name) *sk_##name##_new( \ -+ stack_##name##_cmp_func comp) { \ -+ return (STACK_OF(name) *)sk_new((stack_cmp_func)comp); \ -+ } \ -+ \ -+ OPENSSL_INLINE STACK_OF(name) *sk_##name##_new_null(void) { \ -+ return (STACK_OF(name) *)sk_new_null(); \ -+ } \ -+ \ -+ OPENSSL_INLINE size_t sk_##name##_num(const STACK_OF(name) *sk) { \ -+ return sk_num((const _STACK *)sk); \ -+ } \ -+ \ -+ OPENSSL_INLINE void sk_##name##_zero(STACK_OF(name) *sk) { \ -+ sk_zero((_STACK *)sk); \ -+ } \ -+ \ -+ OPENSSL_INLINE ptrtype sk_##name##_value(const STACK_OF(name) *sk, \ -+ size_t i) { \ -+ return (ptrtype)sk_value((const _STACK *)sk, i); \ -+ } \ -+ \ -+ OPENSSL_INLINE ptrtype sk_##name##_set(STACK_OF(name) *sk, size_t i, \ -+ ptrtype p) { \ -+ return (ptrtype)sk_set((_STACK *)sk, i, (void *)p); \ -+ } \ -+ \ -+ OPENSSL_INLINE void sk_##name##_free(STACK_OF(name) *sk) { \ -+ sk_free((_STACK *)sk); \ -+ } \ -+ \ -+ OPENSSL_INLINE void sk_##name##_pop_free( \ -+ STACK_OF(name) *sk, stack_##name##_free_func free_func) { \ -+ sk_pop_free_ex((_STACK *)sk, sk_##name##_call_free_func, \ -+ (stack_free_func)free_func); \ -+ } \ -+ \ -+ OPENSSL_INLINE size_t sk_##name##_insert(STACK_OF(name) *sk, ptrtype p, \ -+ size_t where) { \ -+ return sk_insert((_STACK *)sk, (void *)p, where); \ -+ } \ -+ \ -+ OPENSSL_INLINE ptrtype sk_##name##_delete(STACK_OF(name) *sk, \ -+ size_t where) { \ -+ return (ptrtype)sk_delete((_STACK *)sk, where); \ -+ } \ -+ \ -+ OPENSSL_INLINE ptrtype sk_##name##_delete_ptr(STACK_OF(name) *sk, \ -+ constptrtype p) { \ -+ return (ptrtype)sk_delete_ptr((_STACK *)sk, (const void *)p); \ -+ } \ -+ \ -+ OPENSSL_INLINE int sk_##name##_find(const STACK_OF(name) *sk, \ -+ size_t *out_index, constptrtype p) { \ -+ return sk_find((const _STACK *)sk, out_index, (const void *)p, \ -+ sk_##name##_call_cmp_func); \ -+ } \ -+ \ -+ OPENSSL_INLINE ptrtype sk_##name##_shift(STACK_OF(name) *sk) { \ -+ return (ptrtype)sk_shift((_STACK *)sk); \ -+ } \ -+ \ -+ OPENSSL_INLINE size_t sk_##name##_push(STACK_OF(name) *sk, ptrtype p) { \ -+ return sk_push((_STACK *)sk, (void *)p); \ -+ } \ -+ \ -+ OPENSSL_INLINE ptrtype sk_##name##_pop(STACK_OF(name) *sk) { \ -+ return (ptrtype)sk_pop((_STACK *)sk); \ -+ } \ -+ \ -+ OPENSSL_INLINE STACK_OF(name) *sk_##name##_dup(const STACK_OF(name) *sk) { \ -+ return (STACK_OF(name) *)sk_dup((const _STACK *)sk); \ -+ } \ -+ \ -+ OPENSSL_INLINE void sk_##name##_sort(STACK_OF(name) *sk) { \ -+ sk_sort((_STACK *)sk, sk_##name##_call_cmp_func); \ -+ } \ -+ \ -+ OPENSSL_INLINE int sk_##name##_is_sorted(const STACK_OF(name) *sk) { \ -+ return sk_is_sorted((const _STACK *)sk); \ -+ } \ -+ \ -+ OPENSSL_INLINE stack_##name##_cmp_func sk_##name##_set_cmp_func( \ -+ STACK_OF(name) *sk, stack_##name##_cmp_func comp) { \ -+ return (stack_##name##_cmp_func)sk_set_cmp_func((_STACK *)sk, \ -+ (stack_cmp_func)comp); \ -+ } \ -+ \ -+ OPENSSL_INLINE STACK_OF(name) *sk_##name##_deep_copy( \ -+ const STACK_OF(name) *sk, ptrtype (*copy_func)(ptrtype), \ -+ void (*free_func)(ptrtype)) { \ -+ return (STACK_OF(name) *)sk_deep_copy( \ -+ (const _STACK *)sk, sk_##name##_call_copy_func, \ -+ (stack_copy_func)copy_func, sk_##name##_call_free_func, \ -+ (stack_free_func)free_func); \ -+ } \ -+ \ -+ OPENSSL_MSVC_PRAGMA(warning(pop)) - - // DEFINE_NAMED_STACK_OF defines |STACK_OF(name)| to be a stack whose elements - // are |type| *. --// #define DEFINE_NAMED_STACK_OF(name, type) \ --// BORINGSSL_DEFINE_STACK_OF_IMPL(name, type *, const type *) \ --// BORINGSSL_DEFINE_STACK_TRAITS(name, type, false) -+#define DEFINE_NAMED_STACK_OF(name, type) \ -+ BORINGSSL_DEFINE_STACK_OF_IMPL(name, type *, const type *) \ -+ BORINGSSL_DEFINE_STACK_TRAITS(name, type, false) - - // DEFINE_STACK_OF defines |STACK_OF(type)| to be a stack whose elements are - // |type| *. --// #define DEFINE_STACK_OF(type) DEFINE_NAMED_STACK_OF(type, type) -+#define DEFINE_STACK_OF(type) DEFINE_NAMED_STACK_OF(type, type) - - // DEFINE_CONST_STACK_OF defines |STACK_OF(type)| to be a stack whose elements - // are const |type| *. --// #define DEFINE_CONST_STACK_OF(type) \ --// BORINGSSL_DEFINE_STACK_OF_IMPL(type, const type *, const type *) \ --// BORINGSSL_DEFINE_STACK_TRAITS(type, const type, true) -+#define DEFINE_CONST_STACK_OF(type) \ -+ BORINGSSL_DEFINE_STACK_OF_IMPL(type, const type *, const type *) \ -+ BORINGSSL_DEFINE_STACK_TRAITS(type, const type, true) - - // typedef char *OPENSSL_STRING; - -@@ -443,112 +428,107 @@ - // DEFINE_NAMED_STACK_OF(OPENSSL_STRING, char) - - --// #if defined(__cplusplus) --// } // extern C --// #endif -+#if defined(__cplusplus) -+} // extern C -+#endif - --// #if !defined(BORINGSSL_NO_CXX) --// extern "C++" { -+#if !defined(BORINGSSL_NO_CXX) -+extern "C++" { - --// #include -+#include - --// BSSL_NAMESPACE_BEGIN -+BSSL_NAMESPACE_BEGIN - --// namespace internal { -+namespace internal { - - // Stacks defined with |DEFINE_CONST_STACK_OF| are freed with |sk_free|. --// template --// struct DeleterImpl::kIsConst>> { --// static void Free(Stack *sk) { sk_free(reinterpret_cast<_STACK *>(sk)); } --// }; -+template -+struct DeleterImpl::kIsConst>> { -+ static void Free(Stack *sk) { sk_free(reinterpret_cast<_STACK *>(sk)); } -+}; - - // Stacks defined with |DEFINE_STACK_OF| are freed with |sk_pop_free| and the - // corresponding type's deleter. --// template --// struct DeleterImpl::kIsConst>> { --// static void Free(Stack *sk) { --// // sk_FOO_pop_free is defined by macros and bound by name, so we cannot --// // access it from C++ here. --// using Type = typename StackTraits::Type; --// sk_pop_free_ex(reinterpret_cast<_STACK *>(sk), --// [](stack_free_func /* unused */, void *ptr) { --// DeleterImpl::Free(reinterpret_cast(ptr)); --// }, --// nullptr); --// } --// }; -- --// template --// class StackIteratorImpl { --// public: --// using Type = typename StackTraits::Type; --// // Iterators must be default-constructable. --// StackIteratorImpl() : sk_(nullptr), idx_(0) {} --// StackIteratorImpl(const Stack *sk, size_t idx) : sk_(sk), idx_(idx) {} -- --// bool operator==(StackIteratorImpl other) const { --// return sk_ == other.sk_ && idx_ == other.idx_; --// } --// bool operator!=(StackIteratorImpl other) const { --// return !(*this == other); --// } -- --// Type *operator*() const { --// return reinterpret_cast( --// sk_value(reinterpret_cast(sk_), idx_)); --// } -- --// StackIteratorImpl &operator++(/* prefix */) { --// idx_++; --// return *this; --// } -- --// StackIteratorImpl operator++(int /* postfix */) { --// StackIteratorImpl copy(*this); --// ++(*this); --// return copy; --// } -- --// private: --// const Stack *sk_; --// size_t idx_; --// }; -- --// template --// using StackIterator = --// std::enable_if_t::kIsStack, StackIteratorImpl>; -+template -+struct DeleterImpl::kIsConst>> { -+ static void Free(Stack *sk) { -+ using Type = typename StackTraits::Type; +@@ -413,11 +413,6 @@ + return ((sk_##name##_cmp_func)cmp_func)(&a_ptr, &b_ptr); \ + } \ + \ +- OPENSSL_INLINE int sk_##name##_call_delete_if_func( \ +- OPENSSL_sk_delete_if_func func, void *obj, void *data) { \ +- return ((sk_##name##_delete_if_func)func)((ptrtype)obj, data); \ +- } \ +- \ + OPENSSL_INLINE STACK_OF(name) *sk_##name##_new(sk_##name##_cmp_func comp) { \ + return (STACK_OF(name) *)sk_new((OPENSSL_sk_cmp_func)comp); \ + } \ +@@ -469,12 +464,6 @@ + return (ptrtype)sk_delete_ptr((_STACK *)sk, (const void *)p); \ + } \ + \ +- OPENSSL_INLINE void sk_##name##_delete_if( \ +- STACK_OF(name) *sk, sk_##name##_delete_if_func func, void *data) { \ +- sk_delete_if((_STACK *)sk, sk_##name##_call_delete_if_func, \ +- (OPENSSL_sk_delete_if_func)func, data); \ +- } \ +- \ + OPENSSL_INLINE int sk_##name##_find(const STACK_OF(name) *sk, \ + size_t *out_index, constptrtype p) { \ + return sk_find((const _STACK *)sk, out_index, (const void *)p, \ +@@ -558,11 +547,8 @@ + // sk_FOO_pop_free is defined by macros and bound by name, so we cannot + // access it from C++ here. + using Type = typename StackTraits::Type; +- sk_pop_free_ex(reinterpret_cast<_STACK *>(sk), +- [](OPENSSL_sk_free_func /* unused */, void *ptr) { +- DeleterImpl::Free(reinterpret_cast(ptr)); +- }, +- nullptr); + ossl_OPENSSL_sk_pop_free(reinterpret_cast<_STACK *>(sk), + reinterpret_cast(DeleterImpl::Free)); -+ } -+}; -+ -+template -+class StackIteratorImpl { -+ public: -+ using Type = typename StackTraits::Type; -+ // Iterators must be default-constructable. -+ StackIteratorImpl() : sk_(nullptr), idx_(0) {} -+ StackIteratorImpl(const Stack *sk, size_t idx) : sk_(sk), idx_(idx) {} -+ -+ bool operator==(StackIteratorImpl other) const { -+ return sk_ == other.sk_ && idx_ == other.idx_; -+ } -+ bool operator!=(StackIteratorImpl other) const { -+ return !(*this == other); -+ } -+ -+ Type *operator*() const { -+ return reinterpret_cast( -+ sk_value(reinterpret_cast(sk_), idx_)); -+ } -+ -+ StackIteratorImpl &operator++(/* prefix */) { -+ idx_++; -+ return *this; -+ } -+ -+ StackIteratorImpl operator++(int /* postfix */) { -+ StackIteratorImpl copy(*this); -+ ++(*this); -+ return copy; -+ } -+ -+ private: -+ const Stack *sk_; -+ size_t idx_; -+}; -+ -+template -+using StackIterator = -+ std::enable_if_t::kIsStack, StackIteratorImpl>; - --// } // namespace internal -+} // namespace internal - - // PushToStack pushes |elem| to |sk|. It returns true on success and false on - // allocation failure. --// template --// inline std::enable_if_t::kIsConst, bool> --// PushToStack(Stack *sk, --// UniquePtr::Type> elem) { --// if (!sk_push(reinterpret_cast<_STACK *>(sk), elem.get())) { --// return false; --// } --// // sk_push takes ownership on success. --// elem.release(); --// return true; --// } -+template -+inline std::enable_if_t::kIsConst, bool> -+PushToStack(Stack *sk, -+ UniquePtr::Type> elem) { -+ if (!sk_push(reinterpret_cast<_STACK *>(sk), elem.get())) { -+ return false; -+ } -+ // sk_push takes ownership on success. -+ elem.release(); -+ return true; -+} - --// BSSL_NAMESPACE_END -+BSSL_NAMESPACE_END - - // Define begin() and end() for stack types so C++ range for loops work. --// template --// inline bssl::internal::StackIterator begin(const Stack *sk) { --// return bssl::internal::StackIterator(sk, 0); --// } -- --// template --// inline bssl::internal::StackIterator end(const Stack *sk) { --// return bssl::internal::StackIterator( --// sk, sk_num(reinterpret_cast(sk))); --// } -+template -+inline bssl::internal::StackIterator begin(const Stack *sk) { -+ return bssl::internal::StackIterator(sk, 0); -+} -+ -+template -+inline bssl::internal::StackIterator end(const Stack *sk) { -+ return bssl::internal::StackIterator( -+ sk, sk_num(reinterpret_cast(sk))); -+} - --// } // extern C++ --// #endif -+} // extern C++ -+#endif + } + }; --// #endif // OPENSSL_HEADER_STACK_H -+#endif // OPENSSL_HEADER_STACK_H diff --git a/bssl-compat/patch/include/openssl/stack.h.sh b/bssl-compat/patch/include/openssl/stack.h.sh new file mode 100755 index 0000000000..e2049dc797 --- /dev/null +++ b/bssl-compat/patch/include/openssl/stack.h.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --sed '/#include /a#include ' \ + --uncomment-macro STACK_OF \ + --uncomment-macro DECLARE_STACK_OF \ + --uncomment-macro DEFINE_NAMED_STACK_OF \ + --uncomment-macro DEFINE_STACK_OF \ + --uncomment-macro DEFINE_CONST_STACK_OF \ + --uncomment-regex 'template '\ + --uncomment-regex 'namespace internal {' 'template ' 'struct StackTraits \{\};' '}' \ + --uncomment-macro BORINGSSL_DEFINE_STACK_TRAITS \ + --uncomment-macro BORINGSSL_DEFINE_STACK_OF_IMPL \ + --uncomment-struct DeleterImpl \ + --uncomment-struct DeleterImpl \ + --uncomment-class StackIteratorImpl \ + --uncomment-using StackIterator \ + --uncomment-regex-range 'inline\>' '}' \ + --uncomment-regex-range 'inline\>.*\' '}' \ + --uncomment-regex-range 'inline\>.*\' '}' \ + --uncomment-regex '}$' \ + --uncomment-regex 'namespace internal {' \ + --uncomment-regex '} // namespace internal' \ + --sed '/^\/\/ } _STACK;$/atypedef struct ossl_stack_st _STACK;' \ + --uncomment-typedef OPENSSL_sk_free_func \ + --uncomment-typedef OPENSSL_sk_copy_func \ + --uncomment-typedef OPENSSL_sk_cmp_func \ + --uncomment-typedef OPENSSL_sk_call_free_func \ + --uncomment-typedef OPENSSL_sk_call_copy_func \ + --uncomment-typedef OPENSSL_sk_call_cmp_func \ + --uncomment-func-decl sk_new \ + --uncomment-func-decl sk_new_null \ + --uncomment-func-decl sk_num \ + --uncomment-func-decl sk_zero \ + --uncomment-func-decl sk_value \ + --uncomment-func-decl sk_set \ + --uncomment-func-decl sk_free \ + --uncomment-func-decl sk_pop_free_ex \ + --uncomment-func-decl sk_insert \ + --uncomment-func-decl sk_delete \ + --uncomment-func-decl sk_delete_ptr \ + --uncomment-func-decl sk_find \ + --uncomment-func-decl sk_shift \ + --uncomment-func-decl sk_push \ + --uncomment-func-decl sk_pop \ + --uncomment-func-decl sk_dup \ + --uncomment-func-decl sk_sort \ + --uncomment-func-decl sk_is_sorted \ + --uncomment-func-decl sk_set_cmp_func \ + --uncomment-func-decl sk_deep_copy \ diff --git a/bssl-compat/patch/include/openssl/tls1.h.patch b/bssl-compat/patch/include/openssl/tls1.h.patch deleted file mode 100644 index 6841565b0d..0000000000 --- a/bssl-compat/patch/include/openssl/tls1.h.patch +++ /dev/null @@ -1,111 +0,0 @@ ---- a/include/openssl/tls1.h -+++ b/include/openssl/tls1.h -@@ -267,8 +267,8 @@ - #ifdef ossl_TLSEXT_TYPE_cookie - #define TLSEXT_TYPE_cookie ossl_TLSEXT_TYPE_cookie - #endif --#ifdef ossl_TLSEXT_TYPE_psk_key_exchange_modes --#define TLSEXT_TYPE_psk_key_exchange_modes ossl_TLSEXT_TYPE_psk_key_exchange_modes -+#ifdef ossl_TLSEXT_TYPE_psk_kex_modes -+#define TLSEXT_TYPE_psk_key_exchange_modes ossl_TLSEXT_TYPE_psk_kex_modes - #endif - #ifdef ossl_TLSEXT_TYPE_certificate_authorities - #define TLSEXT_TYPE_certificate_authorities ossl_TLSEXT_TYPE_certificate_authorities -@@ -352,11 +352,11 @@ - // PSK ciphersuites from 4279 - // #define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A - // #define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B --// #define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C --// #define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D -+#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C -+#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D - - // PSK ciphersuites from RFC 5489 --// #define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035 -+#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035 - // #define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036 - - // Additional TLS ciphersuites from expired Internet Draft -@@ -374,14 +374,14 @@ - - // AES ciphersuites from RFC 3268 - --// #define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F -+#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F - // #define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 - // #define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 - // #define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 - // #define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 - // #define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 - --// #define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 -+#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 - // #define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 - // #define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 - // #define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 -@@ -430,8 +430,8 @@ - // #define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B - - // TLS v1.2 GCM ciphersuites from RFC 5288 --// #define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C --// #define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D -+#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C -+#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D - // #define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E - // #define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F - // #define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0 -@@ -453,8 +453,8 @@ - // #define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 - // #define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 - // #define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 --// #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 --// #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A -+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 -+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A - - // #define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B - // #define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C -@@ -465,8 +465,8 @@ - // #define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 - // #define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 - // #define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 --// #define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 --// #define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 -+#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 -+#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 - - // #define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 - // #define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 -@@ -497,24 +497,24 @@ - // #define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A - - // ECDH GCM based ciphersuites from RFC 5289 --// #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B --// #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C -+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B -+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C - // #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D - // #define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E --// #define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F -+#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F - // #define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030 - // #define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 - // #define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 - - // ChaCha20-Poly1305 cipher suites from RFC 7905. --// #define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0x0300CCA8 --// #define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0x0300CCA9 -+#define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0x0300CCA8 -+#define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0x0300CCA9 - // #define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0x0300CCAC - - // TLS 1.3 ciphersuites from RFC 8446. --// #define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301 --// #define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302 --// #define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303 -+#define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301 -+#define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302 -+#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303 - - // The following constants are legacy aliases of |TLS1_3_CK_*|. - // TODO(davidben): Migrate callers to the new name and remove these. diff --git a/bssl-compat/patch/include/openssl/tls1.h.sh b/bssl-compat/patch/include/openssl/tls1.h.sh index 98be8fe09c..1e1791c558 100755 --- a/bssl-compat/patch/include/openssl/tls1.h.sh +++ b/bssl-compat/patch/include/openssl/tls1.h.sh @@ -1,3 +1,26 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(TLSEXT_TYPE_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --uncomment-macro-redef 'TLSEXT_TYPE_[[:alnum:]_]*' \ + --sed 's/ossl_TLSEXT_TYPE_psk_key_exchange_modes/ossl_TLSEXT_TYPE_psk_kex_modes/' \ + --uncomment-macro TLS1_CK_PSK_WITH_AES_128_CBC_SHA \ + --uncomment-macro TLS1_CK_PSK_WITH_AES_256_CBC_SHA \ + --uncomment-macro TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA \ + --uncomment-macro TLS1_CK_RSA_WITH_AES_128_SHA \ + --uncomment-macro TLS1_CK_RSA_WITH_AES_256_SHA \ + --uncomment-macro TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 \ + --uncomment-macro TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 \ + --uncomment-macro TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA \ + --uncomment-macro TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA \ + --uncomment-macro TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA \ + --uncomment-macro TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA \ + --uncomment-macro TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 \ + --uncomment-macro TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 \ + --uncomment-macro TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 \ + --uncomment-macro TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \ + --uncomment-macro TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 \ + --uncomment-macro TLS1_3_CK_AES_128_GCM_SHA256 \ + --uncomment-macro TLS1_3_CK_AES_256_GCM_SHA384 \ + --uncomment-macro TLS1_3_CK_CHACHA20_POLY1305_SHA256 diff --git a/bssl-compat/patch/include/openssl/trust_token.h.sh b/bssl-compat/patch/include/openssl/trust_token.h.sh index fec224ed91..b9522aff3c 100755 --- a/bssl-compat/patch/include/openssl/trust_token.h.sh +++ b/bssl-compat/patch/include/openssl/trust_token.h.sh @@ -1,4 +1,6 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(TRUST_TOKEN_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail +uncomment.sh "$1" --comment -h \ + --uncomment-macro-redef 'TRUST_TOKEN_R_[a-zA-Z0-9_]*' diff --git a/bssl-compat/patch/include/openssl/x509.h.patch b/bssl-compat/patch/include/openssl/x509.h.patch deleted file mode 100644 index 204836d2c9..0000000000 --- a/bssl-compat/patch/include/openssl/x509.h.patch +++ /dev/null @@ -1,718 +0,0 @@ ---- a/include/openssl/x509.h -+++ b/include/openssl/x509.h -@@ -60,31 +60,31 @@ - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - --// #ifndef HEADER_X509_H --// #define HEADER_X509_H -+#ifndef HEADER_X509_H -+#define HEADER_X509_H - --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // Legacy X.509 library. -@@ -116,14 +116,14 @@ - // Instead, mutation functions should only be used when issuing new - // certificates, as described in a later section. - --// DEFINE_STACK_OF(X509) -+DEFINE_STACK_OF(X509) - - // X509 is an |ASN1_ITEM| whose ASN.1 type is X.509 Certificate (RFC 5280) and C - // type is |X509*|. - // DECLARE_ASN1_ITEM(X509) - - // X509_up_ref adds one to the reference count of |x509| and returns one. --// OPENSSL_EXPORT int X509_up_ref(X509 *x509); -+OPENSSL_EXPORT int X509_up_ref(X509 *x509); - - // X509_chain_up_ref returns a newly-allocated |STACK_OF(X509)| containing a - // shallow copy of |chain|, or NULL on error. That is, the return value has the -@@ -143,7 +143,7 @@ - - // X509_free decrements |x509|'s reference count and, if zero, releases memory - // associated with |x509|. --// OPENSSL_EXPORT void X509_free(X509 *x509); -+OPENSSL_EXPORT void X509_free(X509 *x509); - - // d2i_X509 parses up to |len| bytes from |*inp| as a DER-encoded X.509 - // Certificate (RFC 5280), as described in |d2i_SAMPLE_with_reuse|. -@@ -161,13 +161,13 @@ - // TODO(https://crbug.com/boringssl/407): This function should be const and - // thread-safe but is currently neither in some cases, notably if |x509| was - // mutated. --// OPENSSL_EXPORT int i2d_X509(X509 *x509, uint8_t **outp); -+OPENSSL_EXPORT int i2d_X509(X509 *x509, uint8_t **outp); - - // X509_VERSION_* are X.509 version numbers. Note the numerical values of all - // defined X.509 versions are one less than the named version. --// #define X509_VERSION_1 0 --// #define X509_VERSION_2 1 --// #define X509_VERSION_3 2 -+#define X509_VERSION_1 ossl_X509_VERSION_1 -+#define X509_VERSION_2 ossl_X509_VERSION_2 -+#define X509_VERSION_3 ossl_X509_VERSION_3 - - // X509_get_version returns the numerical value of |x509|'s version, which will - // be one of the |X509_VERSION_*| constants. -@@ -177,27 +177,27 @@ - // OPENSSL_EXPORT const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x509); - - // X509_get0_notBefore returns |x509|'s notBefore time. --// OPENSSL_EXPORT const ASN1_TIME *X509_get0_notBefore(const X509 *x509); -+OPENSSL_EXPORT const ASN1_TIME *X509_get0_notBefore(const X509 *x509); - - // X509_get0_notAfter returns |x509|'s notAfter time. --// OPENSSL_EXPORT const ASN1_TIME *X509_get0_notAfter(const X509 *x509); -+OPENSSL_EXPORT const ASN1_TIME *X509_get0_notAfter(const X509 *x509); - - // X509_get_issuer_name returns |x509|'s issuer. --// OPENSSL_EXPORT X509_NAME *X509_get_issuer_name(const X509 *x509); -+OPENSSL_EXPORT X509_NAME *X509_get_issuer_name(const X509 *x509); - - // X509_get_subject_name returns |x509|'s subject. --// OPENSSL_EXPORT X509_NAME *X509_get_subject_name(const X509 *x509); -+OPENSSL_EXPORT X509_NAME *X509_get_subject_name(const X509 *x509); - - // X509_get_X509_PUBKEY returns the public key of |x509|. Note this function is - // not const-correct for legacy reasons. Callers should not modify the returned - // object. --// OPENSSL_EXPORT X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x509); -+OPENSSL_EXPORT X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x509); - - // X509_get_pubkey returns |x509|'s public key as an |EVP_PKEY|, or NULL if the - // public key was unsupported or could not be decoded. This function returns a - // reference to the |EVP_PKEY|. The caller must release the result with - // |EVP_PKEY_free| when done. --// OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(X509 *x509); -+OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(X509 *x509); - - // X509_get0_pubkey_bitstr returns the BIT STRING portion of |x509|'s public - // key. Note this does not contain the AlgorithmIdentifier portion. -@@ -231,8 +231,8 @@ - - // X509_get_ext_by_OBJ behaves like |X509v3_get_ext_by_OBJ| but searches for - // extensions in |x|. --// OPENSSL_EXPORT int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, --// int lastpos); -+OPENSSL_EXPORT int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, -+ int lastpos); - - // X509_get_ext_by_critical behaves like |X509v3_get_ext_by_critical| but - // searches for extensions in |x|. -@@ -242,7 +242,7 @@ - // X509_get_ext returns the extension in |x| at index |loc|, or NULL if |loc| is - // out of bounds. This function returns a non-const pointer for OpenSSL - // compatibility, but callers should not mutate the result. --// OPENSSL_EXPORT X509_EXTENSION *X509_get_ext(const X509 *x, int loc); -+OPENSSL_EXPORT X509_EXTENSION *X509_get_ext(const X509 *x, int loc); - - // X509_get0_tbs_sigalg returns the signature algorithm in |x509|'s - // TBSCertificate. For the outer signature algorithm, see |X509_get0_signature|. -@@ -287,13 +287,13 @@ - // X509_new returns a newly-allocated, empty |X509| object, or NULL on error. - // This produces an incomplete certificate which may be filled in to issue a new - // certificate. --// OPENSSL_EXPORT X509 *X509_new(void); -+OPENSSL_EXPORT X509 *X509_new(void); - - // X509_set_version sets |x509|'s version to |version|, which should be one of - // the |X509V_VERSION_*| constants. It returns one on success and zero on error. - // - // If unsure, use |X509_VERSION_3|. --// OPENSSL_EXPORT int X509_set_version(X509 *x509, long version); -+OPENSSL_EXPORT int X509_set_version(X509 *x509, long version); - - // X509_set_serialNumber sets |x509|'s serial number to |serial|. It returns one - // on success and zero on error. -@@ -309,10 +309,10 @@ - // OPENSSL_EXPORT int X509_set1_notAfter(X509 *x509, const ASN1_TIME *tm); - - // X509_getm_notBefore returns a mutable pointer to |x509|'s notBefore time. --// OPENSSL_EXPORT ASN1_TIME *X509_getm_notBefore(X509 *x509); -+OPENSSL_EXPORT ASN1_TIME *X509_getm_notBefore(X509 *x509); - - // X509_getm_notAfter returns a mutable pointer to |x509|'s notAfter time. --// OPENSSL_EXPORT ASN1_TIME *X509_getm_notAfter(X509 *x); -+OPENSSL_EXPORT ASN1_TIME *X509_getm_notAfter(X509 *x); - - // X509_set_issuer_name sets |x509|'s issuer to a copy of |name|. It returns one - // on success and zero on error. -@@ -325,7 +325,7 @@ - // X509_set_pubkey sets |x509|'s public key to |pkey|. It returns one on success - // and zero on error. This function does not take ownership of |pkey| and - // internally copies and updates reference counts as needed. --// OPENSSL_EXPORT int X509_set_pubkey(X509 *x509, EVP_PKEY *pkey); -+OPENSSL_EXPORT int X509_set_pubkey(X509 *x509, EVP_PKEY *pkey); - - // X509_delete_ext removes the extension in |x| at index |loc| and returns the - // removed extension, or NULL if |loc| was out of bounds. If non-NULL, the -@@ -345,7 +345,7 @@ - // signature fields. It returns one on success and zero on error. This function - // uses digest algorithm |md|, or |pkey|'s default if NULL. Other signing - // parameters use |pkey|'s defaults. To customize them, use |X509_sign_ctx|. --// OPENSSL_EXPORT int X509_sign(X509 *x509, EVP_PKEY *pkey, const EVP_MD *md); -+OPENSSL_EXPORT int X509_sign(X509 *x509, EVP_PKEY *pkey, const EVP_MD *md); - - // X509_sign_ctx signs |x509| with |ctx| and replaces the signature algorithm - // and signature fields. It returns one on success and zero on error. The -@@ -434,7 +434,7 @@ - // WARNING: In OpenSSL, this function did not set |*out_len| when the alias was - // missing. Callers that target both OpenSSL and BoringSSL should set the value - // to zero before calling this function. --// OPENSSL_EXPORT unsigned char *X509_alias_get0(X509 *x509, int *out_len); -+OPENSSL_EXPORT unsigned char *X509_alias_get0(X509 *x509, int *out_len); - - // X509_keyid_get0 looks up |x509|'s key ID. If found, it sets |*out_len| to the - // key ID's length and returns a pointer to a buffer containing the contents. If -@@ -462,14 +462,14 @@ - // Instead, mutation functions should only be used when issuing new CRLs, as - // described in a later section. - --// DEFINE_STACK_OF(X509_CRL) -+DEFINE_STACK_OF(X509_CRL) - - // X509_CRL is an |ASN1_ITEM| whose ASN.1 type is X.509 CertificateList (RFC - // 5280) and C type is |X509_CRL*|. - // DECLARE_ASN1_ITEM(X509_CRL) - - // X509_CRL_up_ref adds one to the reference count of |crl| and returns one. --// OPENSSL_EXPORT int X509_CRL_up_ref(X509_CRL *crl); -+OPENSSL_EXPORT int X509_CRL_up_ref(X509_CRL *crl); - - // X509_CRL_dup returns a newly-allocated copy of |crl|, or NULL on error. This - // function works by serializing the structure, so if |crl| is incomplete, it -@@ -482,7 +482,7 @@ - - // X509_CRL_free decrements |crl|'s reference count and, if zero, releases - // memory associated with |crl|. --// OPENSSL_EXPORT void X509_CRL_free(X509_CRL *crl); -+OPENSSL_EXPORT void X509_CRL_free(X509_CRL *crl); - - // d2i_X509_CRL parses up to |len| bytes from |*inp| as a DER-encoded X.509 - // CertificateList (RFC 5280), as described in |d2i_SAMPLE_with_reuse|. -@@ -835,8 +835,8 @@ - // moved to the subject alternative name extension. In modern usage, X.509 names - // are primarily opaque identifiers to link a certificate with its issuer. - --// DEFINE_STACK_OF(X509_NAME_ENTRY) --// DEFINE_STACK_OF(X509_NAME) -+DEFINE_STACK_OF(X509_NAME_ENTRY) -+DEFINE_STACK_OF(X509_NAME) - - // X509_NAME is an |ASN1_ITEM| whose ASN.1 type is X.509 Name (RFC 5280) and C - // type is |X509_NAME*|. -@@ -844,10 +844,10 @@ - - // X509_NAME_new returns a new, empty |X509_NAME_new|, or NULL on - // error. --// OPENSSL_EXPORT X509_NAME *X509_NAME_new(void); -+OPENSSL_EXPORT X509_NAME *X509_NAME_new(void); - - // X509_NAME_free releases memory associated with |name|. --// OPENSSL_EXPORT void X509_NAME_free(X509_NAME *name); -+OPENSSL_EXPORT void X509_NAME_free(X509_NAME *name); - - // d2i_X509_NAME parses up to |len| bytes from |*inp| as a DER-encoded X.509 - // Name (RFC 5280), as described in |d2i_SAMPLE_with_reuse|. -@@ -867,7 +867,7 @@ - // TODO(https://crbug.com/boringssl/407): This function should be const and - // thread-safe but is currently neither in some cases, notably if |name| was - // mutated. --// OPENSSL_EXPORT X509_NAME *X509_NAME_dup(X509_NAME *name); -+OPENSSL_EXPORT X509_NAME *X509_NAME_dup(X509_NAME *name); - - // X509_NAME_get0_der sets |*out_der| and |*out_der_len| - // -@@ -887,7 +887,7 @@ - // OPENSSL_EXPORT int X509_NAME_set(X509_NAME **xn, X509_NAME *name); - - // X509_NAME_entry_count returns the number of entries in |name|. --// OPENSSL_EXPORT int X509_NAME_entry_count(const X509_NAME *name); -+OPENSSL_EXPORT int X509_NAME_entry_count(const X509_NAME *name); - - // X509_NAME_get_index_by_NID returns the zero-based index of the first - // attribute in |name| with type |nid|, or -1 if there is none. |nid| should be -@@ -895,8 +895,8 @@ - // searching at |lastpos+1|. To search all attributes, pass in -1, not zero. - // - // Indices from this function refer to |X509_NAME|'s flattened representation. --// OPENSSL_EXPORT int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, --// int lastpos); -+OPENSSL_EXPORT int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, -+ int lastpos); - - // X509_NAME_get_index_by_OBJ behaves like |X509_NAME_get_index_by_NID| but - // looks for attributes with type |obj|. -@@ -909,8 +909,8 @@ - // representation. This function returns a non-const pointer for OpenSSL - // compatibility, but callers should not mutate the result. Doing so will break - // internal invariants in the library. --// OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, --// int loc); -+OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, -+ int loc); - - // X509_NAME_delete_entry removes and returns the attribute in |name| at index - // |loc|, or NULL if |loc| is out of range. |loc| is interpreted using -@@ -953,10 +953,10 @@ - - // X509_NAME_add_entry_by_txt behaves like |X509_NAME_add_entry_by_OBJ| but sets - // the entry's attribute type to |field|, which is passed to |OBJ_txt2obj|. --// OPENSSL_EXPORT int X509_NAME_add_entry_by_txt(X509_NAME *name, --// const char *field, int type, --// const uint8_t *bytes, int len, --// int loc, int set); -+OPENSSL_EXPORT int X509_NAME_add_entry_by_txt(X509_NAME *name, -+ const char *field, int type, -+ const uint8_t *bytes, int len, -+ int loc, int set); - - // X509_NAME_ENTRY is an |ASN1_ITEM| whose ASN.1 type is AttributeTypeAndValue - // (RFC 5280) and C type is |X509_NAME_ENTRY*|. -@@ -1026,7 +1026,7 @@ - - // X509_NAME_ENTRY_set returns the zero-based index of the RDN which contains - // |entry|. Consecutive entries with the same index are part of the same RDN. --// OPENSSL_EXPORT int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *entry); -+OPENSSL_EXPORT int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *entry); - - // X509_NAME_ENTRY_create_by_OBJ creates a new |X509_NAME_ENTRY| with attribute - // type |obj|. The attribute value is determined from |type|, |bytes|, and |len| -@@ -1113,8 +1113,8 @@ - // X509_EXTENSION_get_data returns |ne|'s extension value. This function returns - // a non-const pointer for OpenSSL compatibility, but callers should not mutate - // the result. --// OPENSSL_EXPORT ASN1_OCTET_STRING *X509_EXTENSION_get_data( --// const X509_EXTENSION *ne); -+OPENSSL_EXPORT ASN1_OCTET_STRING *X509_EXTENSION_get_data( -+ const X509_EXTENSION *ne); - - // X509_EXTENSION_get_critical returns one if |ex| is critical and zero - // otherwise. -@@ -1330,8 +1330,8 @@ - // |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number - // of bytes written. This function returns one on success and zero on error. - // Note this digest covers the entire certificate, not just the signed portion. --// OPENSSL_EXPORT int X509_digest(const X509 *x509, const EVP_MD *md, uint8_t *out, --// unsigned *out_len); -+OPENSSL_EXPORT int X509_digest(const X509 *x509, const EVP_MD *md, uint8_t *out, -+ unsigned *out_len); - - // X509_CRL_digest hashes |crl|'s DER encoding with |md| and writes the result - // to |out|. |EVP_MD_CTX_size| bytes are written, which is at most -@@ -1354,8 +1354,8 @@ - // to |out|. |EVP_MD_CTX_size| bytes are written, which is at most - // |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number - // of bytes written. This function returns one on success and zero on error. --// OPENSSL_EXPORT int X509_NAME_digest(const X509_NAME *name, const EVP_MD *md, --// uint8_t *out, unsigned *out_len); -+OPENSSL_EXPORT int X509_NAME_digest(const X509_NAME *name, const EVP_MD *md, -+ uint8_t *out, unsigned *out_len); - - // The following functions behave like the corresponding unsuffixed |d2i_*| - // functions, but read the result from |bp| instead. Callers using these -@@ -1462,7 +1462,7 @@ - // CRYPTO_EX_free *free_func); - // OPENSSL_EXPORT int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, - // void *data); --// OPENSSL_EXPORT void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); -+OPENSSL_EXPORT void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); - - - // Deprecated functions. -@@ -1512,7 +1512,7 @@ - - // X509_get_serialNumber returns a mutable pointer to |x509|'s serial number. - // Prefer |X509_get0_serialNumber|. --// OPENSSL_EXPORT ASN1_INTEGER *X509_get_serialNumber(X509 *x509); -+OPENSSL_EXPORT ASN1_INTEGER *X509_get_serialNumber(X509 *x509); - - // X509_NAME_get_text_by_OBJ finds the first attribute with type |obj| in - // |name|. If found, it ignores the value's ASN.1 type, writes the raw -@@ -1753,7 +1753,7 @@ - - // } /* X509_INFO */; - --// DEFINE_STACK_OF(X509_INFO) -+DEFINE_STACK_OF(X509_INFO) - - // The next 2 structures and their 8 routines were sent to me by - // Pat Richard and are used to manipulate -@@ -1776,7 +1776,7 @@ - // Note that decoding an |X509| object will not check for invalid extensions. To - // detect the error case, call |X509_get_extensions_flags| and check the - // |EXFLAG_INVALID| bit. --// OPENSSL_EXPORT long X509_get_pathlen(X509 *x509); -+OPENSSL_EXPORT long X509_get_pathlen(X509 *x509); - - // X509_SIG_get0 sets |*out_alg| and |*out_digest| to non-owning pointers to - // |sig|'s algorithm and digest fields, respectively. Either |out_alg| and -@@ -1792,13 +1792,13 @@ - // X509_verify_cert_error_string returns |err| as a human-readable string, where - // |err| should be one of the |X509_V_*| values. If |err| is unknown, it returns - // a default description. --// OPENSSL_EXPORT const char *X509_verify_cert_error_string(long err); -+OPENSSL_EXPORT const char *X509_verify_cert_error_string(long err); - - // X509_verify checks that |x509| has a valid signature by |pkey|. It returns - // one if the signature is valid and zero otherwise. Note this function only - // checks the signature itself and does not perform a full certificate - // validation. --// OPENSSL_EXPORT int X509_verify(X509 *x509, EVP_PKEY *pkey); -+OPENSSL_EXPORT int X509_verify(X509 *x509, EVP_PKEY *pkey); - - // X509_REQ_verify checks that |req| has a valid signature by |pkey|. It returns - // one if the signature is valid and zero otherwise. -@@ -1897,7 +1897,7 @@ - // success, or NULL on error. The caller must release the result with - // |EVP_PKEY_free| when done. The |EVP_PKEY| is cached in |key|, so callers must - // not mutate the result. --// OPENSSL_EXPORT EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); -+OPENSSL_EXPORT EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); - - // DECLARE_ASN1_FUNCTIONS_const(X509_SIG) - -@@ -1933,7 +1933,7 @@ - // DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_SPKAC) - - // OPENSSL_EXPORT X509_INFO *X509_INFO_new(void); --// OPENSSL_EXPORT void X509_INFO_free(X509_INFO *a); -+OPENSSL_EXPORT void X509_INFO_free(X509_INFO *a); - // OPENSSL_EXPORT char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); - - // OPENSSL_EXPORT int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, -@@ -2090,12 +2090,12 @@ - // OPENSSL_EXPORT unsigned long X509_issuer_name_hash_old(X509 *a); - // OPENSSL_EXPORT unsigned long X509_subject_name_hash_old(X509 *x); - --// OPENSSL_EXPORT int X509_cmp(const X509 *a, const X509 *b); --// OPENSSL_EXPORT int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); -+OPENSSL_EXPORT int X509_cmp(const X509 *a, const X509 *b); -+OPENSSL_EXPORT int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); - // OPENSSL_EXPORT unsigned long X509_NAME_hash(X509_NAME *x); - // OPENSSL_EXPORT unsigned long X509_NAME_hash_old(X509_NAME *x); - --// OPENSSL_EXPORT int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); -+OPENSSL_EXPORT int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); - // OPENSSL_EXPORT int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); - // OPENSSL_EXPORT int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, - // unsigned long cflag); -@@ -2106,8 +2106,8 @@ - // int indent, unsigned long flags); - - // OPENSSL_EXPORT int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); --// OPENSSL_EXPORT int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, --// unsigned long flags); -+OPENSSL_EXPORT int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, -+ unsigned long flags); - // OPENSSL_EXPORT int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, - // unsigned long cflag); - // OPENSSL_EXPORT int X509_print(BIO *bp, X509 *x); -@@ -2121,8 +2121,8 @@ - // - // WARNING: This function is difficult to use correctly. See the documentation - // for |X509V3_get_d2i| for details. --// OPENSSL_EXPORT void *X509_get_ext_d2i(const X509 *x509, int nid, --// int *out_critical, int *out_idx); -+OPENSSL_EXPORT void *X509_get_ext_d2i(const X509 *x509, int nid, -+ int *out_critical, int *out_idx); - - // X509_add1_ext_i2d behaves like |X509V3_add1_i2d| but adds the extension to - // |x|'s extension list. -@@ -2130,8 +2130,8 @@ - // WARNING: This function may return zero or -1 on error. The caller must also - // ensure |value|'s type matches |nid|. See the documentation for - // |X509V3_add1_i2d| for details. --// OPENSSL_EXPORT int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, --// unsigned long flags); -+OPENSSL_EXPORT int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, -+ unsigned long flags); - - // X509_CRL_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the - // extension in |crl|'s extension list. -@@ -2357,7 +2357,7 @@ - // OPENSSL_EXPORT ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, - // int idx); - --// OPENSSL_EXPORT int X509_verify_cert(X509_STORE_CTX *ctx); -+OPENSSL_EXPORT int X509_verify_cert(X509_STORE_CTX *ctx); - - // lookup a cert from a X509 STACK - // OPENSSL_EXPORT X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, -@@ -2440,7 +2440,7 @@ - - // DECLARE_ASN1_FUNCTIONS_const(RSA_PSS_PARAMS) - --/* -+// /* - // SSL_CTX -> X509_STORE - // -> X509_LOOKUP - // ->X509_LOOKUP_METHOD -@@ -2465,7 +2465,7 @@ - // DEFINE_STACK_OF(X509_OBJECT) - // DEFINE_STACK_OF(X509_VERIFY_PARAM) - --// typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); -+typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); - // typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); - // typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, X509_STORE_CTX *ctx, - // X509 *x); -@@ -2799,16 +2799,16 @@ - // OPENSSL_EXPORT void X509_OBJECT_free_contents(X509_OBJECT *a); - // OPENSSL_EXPORT int X509_OBJECT_get_type(const X509_OBJECT *a); - // OPENSSL_EXPORT X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); --// OPENSSL_EXPORT X509_STORE *X509_STORE_new(void); -+OPENSSL_EXPORT X509_STORE *X509_STORE_new(void); - // OPENSSL_EXPORT int X509_STORE_up_ref(X509_STORE *store); --// OPENSSL_EXPORT void X509_STORE_free(X509_STORE *v); -+OPENSSL_EXPORT void X509_STORE_free(X509_STORE *v); - - // OPENSSL_EXPORT STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *st); - // OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, - // X509_NAME *nm); - // OPENSSL_EXPORT STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, - // X509_NAME *nm); --// OPENSSL_EXPORT int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); -+OPENSSL_EXPORT int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); - // OPENSSL_EXPORT int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); - // OPENSSL_EXPORT int X509_STORE_set_trust(X509_STORE *ctx, int trust); - // OPENSSL_EXPORT int X509_STORE_set1_param(X509_STORE *ctx, -@@ -2822,8 +2822,8 @@ - // OPENSSL_EXPORT void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, - // X509_STORE_CTX_verify_fn verify); - // OPENSSL_EXPORT X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx); --// OPENSSL_EXPORT void X509_STORE_set_verify_cb( --// X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb); -+OPENSSL_EXPORT void X509_STORE_set_verify_cb( -+ X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb); - // #define X509_STORE_set_verify_cb_func(ctx, func) \ - // X509_STORE_set_verify_cb((ctx), (func)) - // OPENSSL_EXPORT X509_STORE_CTX_verify_cb -@@ -2867,17 +2867,17 @@ - // OPENSSL_EXPORT X509_STORE_CTX_cleanup_fn - // X509_STORE_get_cleanup(X509_STORE *ctx); - --// OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_new(void); -+OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_new(void); - - // OPENSSL_EXPORT int X509_STORE_CTX_get1_issuer(X509 **issuer, - // X509_STORE_CTX *ctx, X509 *x); - - // OPENSSL_EXPORT void X509_STORE_CTX_zero(X509_STORE_CTX *ctx); --// OPENSSL_EXPORT void X509_STORE_CTX_free(X509_STORE_CTX *ctx); --// OPENSSL_EXPORT int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, --// X509 *x509, STACK_OF(X509) *chain); --// OPENSSL_EXPORT void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, --// STACK_OF(X509) *sk); -+OPENSSL_EXPORT void X509_STORE_CTX_free(X509_STORE_CTX *ctx); -+OPENSSL_EXPORT int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, -+ X509 *x509, STACK_OF(X509) *chain); -+OPENSSL_EXPORT void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, -+ STACK_OF(X509) *sk); - // OPENSSL_EXPORT void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); - - // OPENSSL_EXPORT X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); -@@ -2889,8 +2889,8 @@ - // OPENSSL_EXPORT X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); - // OPENSSL_EXPORT X509_LOOKUP_METHOD *X509_LOOKUP_file(void); - --// OPENSSL_EXPORT int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); --// OPENSSL_EXPORT int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); -+OPENSSL_EXPORT int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); -+OPENSSL_EXPORT int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); - - // OPENSSL_EXPORT int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, - // X509_NAME *name, X509_OBJECT *ret); -@@ -2928,9 +2928,9 @@ - // const char *dir); - // OPENSSL_EXPORT int X509_STORE_set_default_paths(X509_STORE *ctx); - // #endif --// OPENSSL_EXPORT int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); --// OPENSSL_EXPORT void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); --// OPENSSL_EXPORT int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); -+OPENSSL_EXPORT int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); -+OPENSSL_EXPORT void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); -+OPENSSL_EXPORT int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); - // OPENSSL_EXPORT X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); - // OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); - // OPENSSL_EXPORT X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); -@@ -2942,10 +2942,10 @@ - // OPENSSL_EXPORT void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); - // OPENSSL_EXPORT void X509_STORE_CTX_set_chain(X509_STORE_CTX *c, - // STACK_OF(X509) *sk); --// OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_untrusted( --// X509_STORE_CTX *ctx); --// OPENSSL_EXPORT void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, --// STACK_OF(X509_CRL) *sk); -+OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_untrusted( -+ X509_STORE_CTX *ctx); -+OPENSSL_EXPORT void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, -+ STACK_OF(X509_CRL) *sk); - // OPENSSL_EXPORT int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); - // OPENSSL_EXPORT int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); - // OPENSSL_EXPORT int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, -@@ -2955,15 +2955,15 @@ - // unsigned long flags); - // OPENSSL_EXPORT void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, - // unsigned long flags, time_t t); --// OPENSSL_EXPORT void X509_STORE_CTX_set_verify_cb( --// X509_STORE_CTX *ctx, int (*verify_cb)(int, X509_STORE_CTX *)); -+OPENSSL_EXPORT void X509_STORE_CTX_set_verify_cb( -+ X509_STORE_CTX *ctx, int (*verify_cb)(int, X509_STORE_CTX *)); - --// OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_CTX_get0_param( --// X509_STORE_CTX *ctx); -+OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_CTX_get0_param( -+ X509_STORE_CTX *ctx); - // OPENSSL_EXPORT void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, - // X509_VERIFY_PARAM *param); --// OPENSSL_EXPORT int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, --// const char *name); -+OPENSSL_EXPORT int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, -+ const char *name); - - // X509_VERIFY_PARAM functions - -@@ -2971,14 +2971,14 @@ - // OPENSSL_EXPORT void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); - // OPENSSL_EXPORT int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, - // const X509_VERIFY_PARAM *from); --// OPENSSL_EXPORT int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, --// const X509_VERIFY_PARAM *from); -+OPENSSL_EXPORT int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, -+ const X509_VERIFY_PARAM *from); - // OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, - // const char *name); --// OPENSSL_EXPORT int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, --// unsigned long flags); --// OPENSSL_EXPORT int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, --// unsigned long flags); -+OPENSSL_EXPORT int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, -+ unsigned long flags); -+OPENSSL_EXPORT int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, -+ unsigned long flags); - // OPENSSL_EXPORT unsigned long X509_VERIFY_PARAM_get_flags( - // X509_VERIFY_PARAM *param); - // OPENSSL_EXPORT int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, -@@ -2987,8 +2987,8 @@ - // int trust); - // OPENSSL_EXPORT void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, - // int depth); --// OPENSSL_EXPORT void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, --// time_t t); -+OPENSSL_EXPORT void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, -+ time_t t); - // OPENSSL_EXPORT int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, - // ASN1_OBJECT *policy); - // OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_policies( -@@ -3024,42 +3024,42 @@ - // OPENSSL_EXPORT void X509_VERIFY_PARAM_table_cleanup(void); - - --// #if defined(__cplusplus) --// } // extern C --// #endif -+#if defined(__cplusplus) -+} // extern C -+#endif - --// #if !defined(BORINGSSL_NO_CXX) --// extern "C++" { -+#if !defined(BORINGSSL_NO_CXX) -+extern "C++" { - --// BSSL_NAMESPACE_BEGIN -+BSSL_NAMESPACE_BEGIN - - // BORINGSSL_MAKE_DELETER(NETSCAPE_SPKI, NETSCAPE_SPKI_free) - // BORINGSSL_MAKE_DELETER(RSA_PSS_PARAMS, RSA_PSS_PARAMS_free) --// BORINGSSL_MAKE_DELETER(X509, X509_free) --// BORINGSSL_MAKE_UP_REF(X509, X509_up_ref) -+BORINGSSL_MAKE_DELETER(X509, X509_free) -+BORINGSSL_MAKE_UP_REF(X509, X509_up_ref) - // BORINGSSL_MAKE_DELETER(X509_ALGOR, X509_ALGOR_free) - // BORINGSSL_MAKE_DELETER(X509_ATTRIBUTE, X509_ATTRIBUTE_free) --// BORINGSSL_MAKE_DELETER(X509_CRL, X509_CRL_free) --// BORINGSSL_MAKE_UP_REF(X509_CRL, X509_CRL_up_ref) -+BORINGSSL_MAKE_DELETER(X509_CRL, X509_CRL_free) -+BORINGSSL_MAKE_UP_REF(X509_CRL, X509_CRL_up_ref) - // BORINGSSL_MAKE_DELETER(X509_EXTENSION, X509_EXTENSION_free) --// BORINGSSL_MAKE_DELETER(X509_INFO, X509_INFO_free) -+BORINGSSL_MAKE_DELETER(X509_INFO, X509_INFO_free) - // BORINGSSL_MAKE_DELETER(X509_LOOKUP, X509_LOOKUP_free) --// BORINGSSL_MAKE_DELETER(X509_NAME, X509_NAME_free) -+BORINGSSL_MAKE_DELETER(X509_NAME, X509_NAME_free) - // BORINGSSL_MAKE_DELETER(X509_NAME_ENTRY, X509_NAME_ENTRY_free) - // BORINGSSL_MAKE_DELETER(X509_PKEY, X509_PKEY_free) - // BORINGSSL_MAKE_DELETER(X509_PUBKEY, X509_PUBKEY_free) - // BORINGSSL_MAKE_DELETER(X509_REQ, X509_REQ_free) - // BORINGSSL_MAKE_DELETER(X509_REVOKED, X509_REVOKED_free) - // BORINGSSL_MAKE_DELETER(X509_SIG, X509_SIG_free) --// BORINGSSL_MAKE_DELETER(X509_STORE, X509_STORE_free) -+BORINGSSL_MAKE_DELETER(X509_STORE, X509_STORE_free) - // BORINGSSL_MAKE_UP_REF(X509_STORE, X509_STORE_up_ref) --// BORINGSSL_MAKE_DELETER(X509_STORE_CTX, X509_STORE_CTX_free) -+BORINGSSL_MAKE_DELETER(X509_STORE_CTX, X509_STORE_CTX_free) - // BORINGSSL_MAKE_DELETER(X509_VERIFY_PARAM, X509_VERIFY_PARAM_free) - --// BSSL_NAMESPACE_END -+BSSL_NAMESPACE_END - --// } // extern C++ --// #endif // !BORINGSSL_NO_CXX -+} // extern C++ -+#endif // !BORINGSSL_NO_CXX - - #ifdef ossl_X509_R_AKID_MISMATCH - #define X509_R_AKID_MISMATCH ossl_X509_R_AKID_MISMATCH -@@ -3194,4 +3194,4 @@ - #define X509_R_NO_CRL_FOUND ossl_X509_R_NO_CRL_FOUND - #endif - --// #endif -+#endif diff --git a/bssl-compat/patch/include/openssl/x509.h.sh b/bssl-compat/patch/include/openssl/x509.h.sh index 2099608ed9..149b334a61 100755 --- a/bssl-compat/patch/include/openssl/x509.h.sh +++ b/bssl-compat/patch/include/openssl/x509.h.sh @@ -1,6 +1,90 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(X509_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' \ - -e 's|^// \(#[ \t]*define[ \t]*\)\(X509_V_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' \ - -e 's|^// \(#[ \t]*define[ \t]*\)\(XN_FLAG_[A-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail +uncomment.sh "$1" --comment -h \ + --uncomment-regex 'DEFINE_STACK_OF(X509)' \ + --uncomment-func-decl X509_up_ref \ + --uncomment-func-decl X509_free \ + --uncomment-func-decl i2d_X509 \ + --uncomment-macro-redef 'X509_VERSION_[123]' \ + --uncomment-func-decl X509_get0_notBefore \ + --uncomment-func-decl X509_get0_notAfter \ + --uncomment-func-decl X509_get_issuer_name \ + --uncomment-func-decl X509_get_subject_name \ + --uncomment-func-decl X509_get_X509_PUBKEY \ + --uncomment-func-decl X509_get_pubkey \ + --uncomment-func-decl X509_get_ext_by_OBJ \ + --uncomment-func-decl X509_get_ext \ + --uncomment-func-decl X509_new \ + --uncomment-func-decl X509_set_version \ + --uncomment-func-decl X509_getm_notBefore \ + --uncomment-func-decl X509_getm_notAfter \ + --uncomment-func-decl X509_set_pubkey \ + --uncomment-func-decl X509_sign \ + --uncomment-func-decl X509_alias_get0 \ + --uncomment-regex 'DEFINE_STACK_OF(X509_CRL)' \ + --uncomment-func-decl X509_CRL_up_ref \ + --uncomment-func-decl X509_CRL_free \ + --uncomment-regex 'DEFINE_STACK_OF(X509_NAME_ENTRY)' \ + --uncomment-regex 'DEFINE_STACK_OF(X509_NAME)' \ + --uncomment-func-decl X509_NAME_new \ + --uncomment-func-decl X509_NAME_free \ + --uncomment-func-decl X509_NAME_dup \ + --uncomment-func-decl X509_NAME_entry_count \ + --uncomment-func-decl X509_NAME_get_index_by_NID \ + --uncomment-func-decl X509_NAME_get_entry \ + --uncomment-func-decl X509_NAME_add_entry_by_txt \ + --uncomment-func-decl X509_NAME_ENTRY_set \ + --uncomment-func-decl X509_EXTENSION_get_data \ + --uncomment-func-decl X509_digest \ + --uncomment-func-decl X509_NAME_digest \ + --uncomment-func-decl X509_STORE_CTX_get_ex_data \ + --uncomment-func-decl X509_get_serialNumber \ + --uncomment-macro-redef 'XN_FLAG_[[:alnum:]_]*' \ + --uncomment-regex 'DEFINE_STACK_OF(X509_INFO)' \ + --uncomment-func-decl X509_get_pathlen \ + --uncomment-func-decl X509_verify_cert_error_string \ + --uncomment-func-decl X509_verify \ + --uncomment-func-decl X509_PUBKEY_get \ + --uncomment-func-decl X509_INFO_free \ + --uncomment-func-decl X509_cmp \ + --uncomment-func-decl X509_NAME_cmp \ + --uncomment-func-decl X509_CRL_cmp \ + --uncomment-func-decl X509_NAME_print_ex \ + --uncomment-func-decl X509_get_ext_d2i \ + --uncomment-func-decl X509_add1_ext_i2d \ + --uncomment-func-decl X509_verify_cert \ + --uncomment-typedef X509_STORE_CTX_verify_cb \ + --uncomment-macro-redef 'X509_V_[[:alnum:]_]*' \ + --uncomment-func-decl X509_STORE_new \ + --uncomment-func-decl X509_STORE_free \ + --uncomment-func-decl X509_STORE_set_flags \ + --uncomment-func-decl X509_STORE_set_verify_cb \ + --uncomment-func-decl X509_STORE_CTX_new \ + --uncomment-func-decl X509_STORE_CTX_free \ + --uncomment-func-decl X509_STORE_CTX_init \ + --uncomment-func-decl X509_STORE_CTX_set0_trusted_stack \ + --uncomment-func-decl X509_STORE_add_cert \ + --uncomment-func-decl X509_STORE_add_crl \ + --uncomment-func-decl X509_STORE_CTX_get_error \ + --uncomment-func-decl X509_STORE_CTX_set_error \ + --uncomment-func-decl X509_STORE_CTX_get_error_depth \ + --uncomment-func-decl X509_STORE_CTX_get0_untrusted \ + --uncomment-func-decl X509_STORE_CTX_set0_crls \ + --uncomment-func-decl X509_STORE_CTX_set_verify_cb \ + --uncomment-func-decl X509_STORE_CTX_get0_param \ + --uncomment-func-decl X509_STORE_CTX_set_default \ + --uncomment-func-decl X509_VERIFY_PARAM_set1 \ + --uncomment-func-decl X509_VERIFY_PARAM_set_flags \ + --uncomment-func-decl X509_VERIFY_PARAM_clear_flags \ + --uncomment-func-decl X509_VERIFY_PARAM_set_time_posix \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(X509,' \ + --uncomment-regex 'BORINGSSL_MAKE_UP_REF(X509,' \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(X509_CRL,' \ + --uncomment-regex 'BORINGSSL_MAKE_UP_REF(X509_CRL,' \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(X509_INFO,' \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(X509_NAME,' \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(X509_STORE,' \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(X509_STORE_CTX,' \ + --uncomment-macro-redef 'X509_R_[[:alnum:]_]*' \ diff --git a/bssl-compat/patch/include/openssl/x509v3.h.patch b/bssl-compat/patch/include/openssl/x509v3.h.patch deleted file mode 100644 index 7b48e2f041..0000000000 --- a/bssl-compat/patch/include/openssl/x509v3.h.patch +++ /dev/null @@ -1,178 +0,0 @@ ---- a/include/openssl/x509v3.h -+++ b/include/openssl/x509v3.h -@@ -52,17 +52,19 @@ - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). */ - --// #ifndef HEADER_X509V3_H --// #define HEADER_X509V3_H -+#ifndef HEADER_X509V3_H -+#define HEADER_X509V3_H - --// #include --// #include --// #include --// #include -- --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#include -+#include -+#include -+#include -+ -+#include -+ -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // Legacy X.509 library. -@@ -219,12 +221,13 @@ - // ASN1_TYPE *other; // x400Address - // } d; - // } GENERAL_NAME; -+typedef struct ossl_GENERAL_NAME_st GENERAL_NAME; - --// DEFINE_STACK_OF(GENERAL_NAME) -+DEFINE_STACK_OF(GENERAL_NAME) - --// typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; -+typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; - --// DEFINE_STACK_OF(GENERAL_NAMES) -+DEFINE_STACK_OF(GENERAL_NAMES) - - // typedef struct ACCESS_DESCRIPTION_st { - // ASN1_OBJECT *method; -@@ -322,8 +325,9 @@ - // ASN1_INTEGER *minimum; - // ASN1_INTEGER *maximum; - // } GENERAL_SUBTREE; -+typedef ossl_GENERAL_SUBTREE GENERAL_SUBTREE; - --// DEFINE_STACK_OF(GENERAL_SUBTREE) -+DEFINE_STACK_OF(GENERAL_SUBTREE) - - // struct NAME_CONSTRAINTS_st { - // STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; -@@ -507,7 +511,7 @@ - - // DEFINE_STACK_OF(X509_PURPOSE) - --// DECLARE_ASN1_FUNCTIONS_const(BASIC_CONSTRAINTS) -+DECLARE_ASN1_FUNCTIONS_const(BASIC_CONSTRAINTS) - - // TODO(https://crbug.com/boringssl/407): This is not const because it contains - // an |X509_NAME|. -@@ -515,14 +519,14 @@ - - // TODO(https://crbug.com/boringssl/407): This is not const because it contains - // an |X509_NAME|. --// DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) -+DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) - // OPENSSL_EXPORT GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a); - - // GENERAL_NAME_cmp returns zero if |a| and |b| are equal and a non-zero - // value otherwise. Note this function does not provide a comparison suitable - // for sorting. --// OPENSSL_EXPORT int GENERAL_NAME_cmp(const GENERAL_NAME *a, --// const GENERAL_NAME *b); -+OPENSSL_EXPORT int GENERAL_NAME_cmp(const GENERAL_NAME *a, -+ const GENERAL_NAME *b); - - // i2v_GENERAL_NAME serializes |gen| as a |CONF_VALUE|. If |ret| is non-NULL, it - // appends the value to |ret| and returns |ret| on success or NULL on error. If -@@ -540,7 +544,7 @@ - - // TODO(https://crbug.com/boringssl/407): This is not const because it contains - // an |X509_NAME|. --// DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) -+DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) - - // i2v_GENERAL_NAMES serializes |gen| as a list of |CONF_VALUE|s. If |ret| is - // non-NULL, it appends the values to |ret| and returns |ret| on success or NULL -@@ -561,8 +565,8 @@ - // DECLARE_ASN1_FUNCTIONS_const(OTHERNAME) - // DECLARE_ASN1_FUNCTIONS_const(EDIPARTYNAME) - // OPENSSL_EXPORT int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); --// OPENSSL_EXPORT void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, --// void *value); -+OPENSSL_EXPORT void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, -+ void *value); - // OPENSSL_EXPORT void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype); - // OPENSSL_EXPORT int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, - // ASN1_OBJECT *oid, -@@ -615,10 +619,10 @@ - // DECLARE_ASN1_ITEM(POLICY_MAPPINGS) - - // DECLARE_ASN1_ITEM(GENERAL_SUBTREE) --// DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) -+DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) - - // DECLARE_ASN1_ITEM(NAME_CONSTRAINTS) --// DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) -+DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) - - // DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) - // DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) -@@ -875,8 +879,8 @@ - // OPENSSL_EXPORT int X509_check_issued(X509 *issuer, X509 *subject); - // OPENSSL_EXPORT int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); - --// OPENSSL_EXPORT uint32_t X509_get_extension_flags(X509 *x); --// OPENSSL_EXPORT uint32_t X509_get_key_usage(X509 *x); -+OPENSSL_EXPORT uint32_t X509_get_extension_flags(X509 *x); -+OPENSSL_EXPORT uint32_t X509_get_key_usage(X509 *x); - // OPENSSL_EXPORT uint32_t X509_get_extended_key_usage(X509 *x); - - // X509_get0_subject_key_id returns |x509|'s subject key identifier, if present. -@@ -976,29 +980,29 @@ - // made after this point may be overwritten when the script is next run. - - --// #if defined(__cplusplus) --// } // extern C -+#if defined(__cplusplus) -+} // extern C - --// extern "C++" { -+extern "C++" { - --// BSSL_NAMESPACE_BEGIN -+BSSL_NAMESPACE_BEGIN - - // BORINGSSL_MAKE_DELETER(ACCESS_DESCRIPTION, ACCESS_DESCRIPTION_free) - // BORINGSSL_MAKE_DELETER(AUTHORITY_KEYID, AUTHORITY_KEYID_free) --// BORINGSSL_MAKE_DELETER(BASIC_CONSTRAINTS, BASIC_CONSTRAINTS_free) -+BORINGSSL_MAKE_DELETER(BASIC_CONSTRAINTS, BASIC_CONSTRAINTS_free) - // TODO(davidben): Move this to conf.h and rename to CONF_VALUE_free. - // BORINGSSL_MAKE_DELETER(CONF_VALUE, X509V3_conf_free) - // BORINGSSL_MAKE_DELETER(DIST_POINT, DIST_POINT_free) --// BORINGSSL_MAKE_DELETER(GENERAL_NAME, GENERAL_NAME_free) --// BORINGSSL_MAKE_DELETER(GENERAL_SUBTREE, GENERAL_SUBTREE_free) --// BORINGSSL_MAKE_DELETER(NAME_CONSTRAINTS, NAME_CONSTRAINTS_free) -+BORINGSSL_MAKE_DELETER(GENERAL_NAME, GENERAL_NAME_free) -+BORINGSSL_MAKE_DELETER(GENERAL_SUBTREE, GENERAL_SUBTREE_free) -+BORINGSSL_MAKE_DELETER(NAME_CONSTRAINTS, NAME_CONSTRAINTS_free) - // BORINGSSL_MAKE_DELETER(POLICY_MAPPING, POLICY_MAPPING_free) - // BORINGSSL_MAKE_DELETER(POLICYINFO, POLICYINFO_free) - --// BSSL_NAMESPACE_END -+BSSL_NAMESPACE_END - --// } // extern C++ --// #endif -+} // extern C++ -+#endif - - #ifdef ossl_X509V3_R_BAD_IP_ADDRESS - #define X509V3_R_BAD_IP_ADDRESS ossl_X509V3_R_BAD_IP_ADDRESS -@@ -1196,4 +1200,4 @@ - #define X509V3_R_TRAILING_DATA_IN_EXTENSION ossl_X509V3_R_TRAILING_DATA_IN_EXTENSION - #endif - --// #endif -+#endif diff --git a/bssl-compat/patch/include/openssl/x509v3.h.sh b/bssl-compat/patch/include/openssl/x509v3.h.sh index ec272574d6..d08e32015f 100755 --- a/bssl-compat/patch/include/openssl/x509v3.h.sh +++ b/bssl-compat/patch/include/openssl/x509v3.h.sh @@ -1,7 +1,29 @@ #!/bin/bash -sed -i -e 's|^// \(#[ \t]*define[ \t]*\)\(X509V3_R_[a-zA-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' \ - -e 's|^// \(#[ \t]*define[ \t]*\)\(GEN_[A-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' \ - -e 's|^// \(#[ \t]*define[ \t]*\)\(EXFLAG_[A-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' \ - -e 's|^// \(#[ \t]*define[ \t]*\)\(KU_[A-Z0-9_]*\)[^a-zA-Z0-9_].*$|#ifdef ossl_\2\n\1\2 ossl_\2\n#endif|g' "$1" +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --sed '/openssl\/x509\.h/a#include ' \ + --uncomment-macro-redef 'GEN_[[:alnum:]_]*' \ + --sed '/typedef struct GENERAL_NAME_st {/itypedef struct ossl_GENERAL_NAME_st GENERAL_NAME;' \ + --uncomment-regex 'DEFINE_STACK_OF(GENERAL_NAME)' \ + --uncomment-typedef GENERAL_NAMES \ + --uncomment-regex 'DEFINE_STACK_OF(GENERAL_NAMES)' \ + --sed '/typedef struct GENERAL_SUBTREE_st {/itypedef ossl_GENERAL_SUBTREE GENERAL_SUBTREE;' \ + --uncomment-regex 'DEFINE_STACK_OF(GENERAL_SUBTREE)' \ + --uncomment-macro-redef 'EXFLAG_[[:alnum:]_]*' \ + --uncomment-macro-redef 'KU_[[:alnum:]_]*' \ + --uncomment-regex 'DECLARE_ASN1_FUNCTIONS_const(BASIC_CONSTRAINTS)' \ + --uncomment-regex 'DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)' \ + --uncomment-regex 'DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)' \ + --uncomment-func-decl GENERAL_NAME_set0_value \ + --uncomment-regex 'DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)' \ + --uncomment-regex 'DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)' \ + --uncomment-func-decl X509_get_extension_flags \ + --uncomment-func-decl X509_get_key_usage \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(BASIC_CONSTRAINTS, BASIC_CONSTRAINTS_free)' \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(GENERAL_NAME, GENERAL_NAME_free)' \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(GENERAL_SUBTREE, GENERAL_SUBTREE_free)' \ + --uncomment-regex 'BORINGSSL_MAKE_DELETER(NAME_CONSTRAINTS, NAME_CONSTRAINTS_free)' \ + --uncomment-macro-redef 'X509V3_R_[[:alnum:]_]*' \ diff --git a/bssl-compat/patch/source/crypto/bio/bio_test.cc.patch b/bssl-compat/patch/source/crypto/bio/bio_test.cc.patch deleted file mode 100644 index e0265e4801..0000000000 --- a/bssl-compat/patch/source/crypto/bio/bio_test.cc.patch +++ /dev/null @@ -1,621 +0,0 @@ ---- a/source/crypto/bio/bio_test.cc -+++ b/source/crypto/bio/bio_test.cc -@@ -12,314 +12,314 @@ - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - --// #include --// #include -+#include -+#include - --// #include -+#include - --// #include --// #include --// #include --// #include -- --// #include "../internal.h" --// #include "../test/test_util.h" -- --// #if !defined(OPENSSL_WINDOWS) --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #else --// #include --// OPENSSL_MSVC_PRAGMA(warning(push, 3)) --// #include --// #include --// OPENSSL_MSVC_PRAGMA(warning(pop)) --// #endif -- -- --// #if !defined(OPENSSL_WINDOWS) --// static int closesocket(int sock) { return close(sock); } --// static std::string LastSocketError() { return strerror(errno); } --// #else --// static std::string LastSocketError() { --// char buf[DECIMAL_SIZE(int) + 1]; --// BIO_snprintf(buf, sizeof(buf), "%d", WSAGetLastError()); --// return buf; --// } --// #endif -- --// class ScopedSocket { --// public: --// explicit ScopedSocket(int sock) : sock_(sock) {} --// ~ScopedSocket() { --// closesocket(sock_); --// } -- --// private: --// const int sock_; --// }; -- --// TEST(BIOTest, SocketConnect) { --// static const char kTestMessage[] = "test"; --// int listening_sock = -1; --// socklen_t len = 0; --// sockaddr_storage ss; --// struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) &ss; --// struct sockaddr_in *sin = (struct sockaddr_in *) &ss; --// OPENSSL_memset(&ss, 0, sizeof(ss)); -- --// ss.ss_family = AF_INET6; --// listening_sock = socket(AF_INET6, SOCK_STREAM, 0); --// ASSERT_NE(-1, listening_sock) << LastSocketError(); --// len = sizeof(*sin6); --// ASSERT_EQ(1, inet_pton(AF_INET6, "::1", &sin6->sin6_addr)) --// << LastSocketError(); --// if (bind(listening_sock, (struct sockaddr *)sin6, sizeof(*sin6)) == -1) { --// closesocket(listening_sock); -- --// ss.ss_family = AF_INET; --// listening_sock = socket(AF_INET, SOCK_STREAM, 0); --// ASSERT_NE(-1, listening_sock) << LastSocketError(); --// len = sizeof(*sin); --// ASSERT_EQ(1, inet_pton(AF_INET, "127.0.0.1", &sin->sin_addr)) --// << LastSocketError(); --// ASSERT_EQ(0, bind(listening_sock, (struct sockaddr *)sin, sizeof(*sin))) --// << LastSocketError(); --// } -- --// ScopedSocket listening_sock_closer(listening_sock); --// ASSERT_EQ(0, listen(listening_sock, 1)) << LastSocketError(); --// ASSERT_EQ(0, getsockname(listening_sock, (struct sockaddr *)&ss, &len)) --// << LastSocketError(); -- --// char hostname[80]; --// if (ss.ss_family == AF_INET6) { --// BIO_snprintf(hostname, sizeof(hostname), "[::1]:%d", --// ntohs(sin6->sin6_port)); --// } else if (ss.ss_family == AF_INET) { --// BIO_snprintf(hostname, sizeof(hostname), "127.0.0.1:%d", --// ntohs(sin->sin_port)); --// } -- --// // Connect to it with a connect BIO. --// bssl::UniquePtr bio(BIO_new_connect(hostname)); --// ASSERT_TRUE(bio); -- --// // Write a test message to the BIO. --// ASSERT_EQ(static_cast(sizeof(kTestMessage)), --// BIO_write(bio.get(), kTestMessage, sizeof(kTestMessage))); -- --// // Accept the socket. --// int sock = accept(listening_sock, (struct sockaddr *) &ss, &len); --// ASSERT_NE(-1, sock) << LastSocketError(); --// ScopedSocket sock_closer(sock); -- --// // Check the same message is read back out. --// char buf[sizeof(kTestMessage)]; --// ASSERT_EQ(static_cast(sizeof(kTestMessage)), --// recv(sock, buf, sizeof(buf), 0)) --// << LastSocketError(); --// EXPECT_EQ(Bytes(kTestMessage, sizeof(kTestMessage)), Bytes(buf, sizeof(buf))); --// } -- --// TEST(BIOTest, Printf) { --// // Test a short output, a very long one, and various sizes around --// // 256 (the size of the buffer) to ensure edge cases are correct. --// static const size_t kLengths[] = {5, 250, 251, 252, 253, 254, 1023}; -- --// bssl::UniquePtr bio(BIO_new(BIO_s_mem())); --// ASSERT_TRUE(bio); -- --// for (size_t length : kLengths) { --// SCOPED_TRACE(length); -- --// std::string in(length, 'a'); -- --// int ret = BIO_printf(bio.get(), "test %s", in.c_str()); --// ASSERT_GE(ret, 0); --// EXPECT_EQ(5 + length, static_cast(ret)); -- --// const uint8_t *contents; --// size_t len; --// ASSERT_TRUE(BIO_mem_contents(bio.get(), &contents, &len)); --// EXPECT_EQ("test " + in, --// std::string(reinterpret_cast(contents), len)); -- --// ASSERT_TRUE(BIO_reset(bio.get())); --// } --// } -- --// static const size_t kLargeASN1PayloadLen = 8000; -- --// struct ASN1TestParam { --// bool should_succeed; --// std::vector input; --// // suffix_len is the number of zeros to append to |input|. --// size_t suffix_len; --// // expected_len, if |should_succeed| is true, is the expected length of the --// // ASN.1 element. --// size_t expected_len; --// size_t max_len; --// } kASN1TestParams[] = { --// {true, {0x30, 2, 1, 2, 0, 0}, 0, 4, 100}, --// {false /* truncated */, {0x30, 3, 1, 2}, 0, 0, 100}, --// {false /* should be short len */, {0x30, 0x81, 1, 1}, 0, 0, 100}, --// {false /* zero padded */, {0x30, 0x82, 0, 1, 1}, 0, 0, 100}, -- --// // Test a large payload. --// {true, --// {0x30, 0x82, kLargeASN1PayloadLen >> 8, kLargeASN1PayloadLen & 0xff}, --// kLargeASN1PayloadLen, --// 4 + kLargeASN1PayloadLen, --// kLargeASN1PayloadLen * 2}, --// {false /* max_len too short */, --// {0x30, 0x82, kLargeASN1PayloadLen >> 8, kLargeASN1PayloadLen & 0xff}, --// kLargeASN1PayloadLen, --// 4 + kLargeASN1PayloadLen, --// 3 + kLargeASN1PayloadLen}, -- --// // Test an indefinite-length input. --// {true, --// {0x30, 0x80}, --// kLargeASN1PayloadLen + 2, --// 2 + kLargeASN1PayloadLen + 2, --// kLargeASN1PayloadLen * 2}, --// {false /* max_len too short */, --// {0x30, 0x80}, --// kLargeASN1PayloadLen + 2, --// 2 + kLargeASN1PayloadLen + 2, --// 2 + kLargeASN1PayloadLen + 1}, --// }; -- --// class BIOASN1Test : public testing::TestWithParam {}; -- --// TEST_P(BIOASN1Test, ReadASN1) { --// const ASN1TestParam& param = GetParam(); --// std::vector input = param.input; --// input.resize(input.size() + param.suffix_len, 0); -- --// bssl::UniquePtr bio(BIO_new_mem_buf(input.data(), input.size())); --// ASSERT_TRUE(bio); -- --// uint8_t *out; --// size_t out_len; --// int ok = BIO_read_asn1(bio.get(), &out, &out_len, param.max_len); --// if (!ok) { --// out = nullptr; --// } --// bssl::UniquePtr out_storage(out); -- --// ASSERT_EQ(param.should_succeed, (ok == 1)); --// if (param.should_succeed) { --// EXPECT_EQ(Bytes(input.data(), param.expected_len), Bytes(out, out_len)); --// } --// } -+#include -+#include -+#include -+#include -+ -+#include "../internal.h" -+#include "../test/test_util.h" -+ -+#if !defined(OPENSSL_WINDOWS) -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#else -+#include -+OPENSSL_MSVC_PRAGMA(warning(push, 3)) -+#include -+#include -+OPENSSL_MSVC_PRAGMA(warning(pop)) -+#endif -+ -+ -+#if !defined(OPENSSL_WINDOWS) -+static int closesocket(int sock) { return close(sock); } -+static std::string LastSocketError() { return strerror(errno); } -+#else -+static std::string LastSocketError() { -+ char buf[DECIMAL_SIZE(int) + 1]; -+ BIO_snprintf(buf, sizeof(buf), "%d", WSAGetLastError()); -+ return buf; -+} -+#endif -+ -+class ScopedSocket { -+ public: -+ explicit ScopedSocket(int sock) : sock_(sock) {} -+ ~ScopedSocket() { -+ closesocket(sock_); -+ } -+ -+ private: -+ const int sock_; -+}; -+ -+TEST(BIOTest, SocketConnect) { -+ static const char kTestMessage[] = "test"; -+ int listening_sock = -1; -+ socklen_t len = 0; -+ sockaddr_storage ss; -+ struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) &ss; -+ struct sockaddr_in *sin = (struct sockaddr_in *) &ss; -+ OPENSSL_memset(&ss, 0, sizeof(ss)); -+ -+ ss.ss_family = AF_INET6; -+ listening_sock = socket(AF_INET6, SOCK_STREAM, 0); -+ ASSERT_NE(-1, listening_sock) << LastSocketError(); -+ len = sizeof(*sin6); -+ ASSERT_EQ(1, inet_pton(AF_INET6, "::1", &sin6->sin6_addr)) -+ << LastSocketError(); -+ if (bind(listening_sock, (struct sockaddr *)sin6, sizeof(*sin6)) == -1) { -+ closesocket(listening_sock); -+ -+ ss.ss_family = AF_INET; -+ listening_sock = socket(AF_INET, SOCK_STREAM, 0); -+ ASSERT_NE(-1, listening_sock) << LastSocketError(); -+ len = sizeof(*sin); -+ ASSERT_EQ(1, inet_pton(AF_INET, "127.0.0.1", &sin->sin_addr)) -+ << LastSocketError(); -+ ASSERT_EQ(0, bind(listening_sock, (struct sockaddr *)sin, sizeof(*sin))) -+ << LastSocketError(); -+ } -+ -+ ScopedSocket listening_sock_closer(listening_sock); -+ ASSERT_EQ(0, listen(listening_sock, 1)) << LastSocketError(); -+ ASSERT_EQ(0, getsockname(listening_sock, (struct sockaddr *)&ss, &len)) -+ << LastSocketError(); -+ -+ char hostname[80]; -+ if (ss.ss_family == AF_INET6) { -+ BIO_snprintf(hostname, sizeof(hostname), "[::1]:%d", -+ ntohs(sin6->sin6_port)); -+ } else if (ss.ss_family == AF_INET) { -+ BIO_snprintf(hostname, sizeof(hostname), "127.0.0.1:%d", -+ ntohs(sin->sin_port)); -+ } -+ -+ // Connect to it with a connect BIO. -+ bssl::UniquePtr bio(BIO_new_connect(hostname)); -+ ASSERT_TRUE(bio); -+ -+ // Write a test message to the BIO. -+ ASSERT_EQ(static_cast(sizeof(kTestMessage)), -+ BIO_write(bio.get(), kTestMessage, sizeof(kTestMessage))); -+ -+ // Accept the socket. -+ int sock = accept(listening_sock, (struct sockaddr *) &ss, &len); -+ ASSERT_NE(-1, sock) << LastSocketError(); -+ ScopedSocket sock_closer(sock); -+ -+ // Check the same message is read back out. -+ char buf[sizeof(kTestMessage)]; -+ ASSERT_EQ(static_cast(sizeof(kTestMessage)), -+ recv(sock, buf, sizeof(buf), 0)) -+ << LastSocketError(); -+ EXPECT_EQ(Bytes(kTestMessage, sizeof(kTestMessage)), Bytes(buf, sizeof(buf))); -+} -+ -+TEST(BIOTest, Printf) { -+ // Test a short output, a very long one, and various sizes around -+ // 256 (the size of the buffer) to ensure edge cases are correct. -+ static const size_t kLengths[] = {5, 250, 251, 252, 253, 254, 1023}; -+ -+ bssl::UniquePtr bio(BIO_new(BIO_s_mem())); -+ ASSERT_TRUE(bio); -+ -+ for (size_t length : kLengths) { -+ SCOPED_TRACE(length); -+ -+ std::string in(length, 'a'); -+ -+ int ret = BIO_printf(bio.get(), "test %s", in.c_str()); -+ ASSERT_GE(ret, 0); -+ EXPECT_EQ(5 + length, static_cast(ret)); -+ -+ const uint8_t *contents; -+ size_t len; -+ ASSERT_TRUE(BIO_mem_contents(bio.get(), &contents, &len)); -+ EXPECT_EQ("test " + in, -+ std::string(reinterpret_cast(contents), len)); -+ -+ ASSERT_TRUE(BIO_reset(bio.get())); -+ } -+} -+ -+static const size_t kLargeASN1PayloadLen = 8000; -+ -+struct ASN1TestParam { -+ bool should_succeed; -+ std::vector input; -+ // suffix_len is the number of zeros to append to |input|. -+ size_t suffix_len; -+ // expected_len, if |should_succeed| is true, is the expected length of the -+ // ASN.1 element. -+ size_t expected_len; -+ size_t max_len; -+} kASN1TestParams[] = { -+ {true, {0x30, 2, 1, 2, 0, 0}, 0, 4, 100}, -+ {false /* truncated */, {0x30, 3, 1, 2}, 0, 0, 100}, -+ {false /* should be short len */, {0x30, 0x81, 1, 1}, 0, 0, 100}, -+ {false /* zero padded */, {0x30, 0x82, 0, 1, 1}, 0, 0, 100}, -+ -+ // Test a large payload. -+ {true, -+ {0x30, 0x82, kLargeASN1PayloadLen >> 8, kLargeASN1PayloadLen & 0xff}, -+ kLargeASN1PayloadLen, -+ 4 + kLargeASN1PayloadLen, -+ kLargeASN1PayloadLen * 2}, -+ {false /* max_len too short */, -+ {0x30, 0x82, kLargeASN1PayloadLen >> 8, kLargeASN1PayloadLen & 0xff}, -+ kLargeASN1PayloadLen, -+ 4 + kLargeASN1PayloadLen, -+ 3 + kLargeASN1PayloadLen}, -+ -+ // Test an indefinite-length input. -+ {true, -+ {0x30, 0x80}, -+ kLargeASN1PayloadLen + 2, -+ 2 + kLargeASN1PayloadLen + 2, -+ kLargeASN1PayloadLen * 2}, -+ {false /* max_len too short */, -+ {0x30, 0x80}, -+ kLargeASN1PayloadLen + 2, -+ 2 + kLargeASN1PayloadLen + 2, -+ 2 + kLargeASN1PayloadLen + 1}, -+}; -+ -+class BIOASN1Test : public testing::TestWithParam {}; -+ -+TEST_P(BIOASN1Test, ReadASN1) { -+ const ASN1TestParam& param = GetParam(); -+ std::vector input = param.input; -+ input.resize(input.size() + param.suffix_len, 0); -+ -+ bssl::UniquePtr bio(BIO_new_mem_buf(input.data(), input.size())); -+ ASSERT_TRUE(bio); -+ -+ uint8_t *out; -+ size_t out_len; -+ int ok = BIO_read_asn1(bio.get(), &out, &out_len, param.max_len); -+ if (!ok) { -+ out = nullptr; -+ } -+ bssl::UniquePtr out_storage(out); -+ -+ ASSERT_EQ(param.should_succeed, (ok == 1)); -+ if (param.should_succeed) { -+ EXPECT_EQ(Bytes(input.data(), param.expected_len), Bytes(out, out_len)); -+ } -+} - --// INSTANTIATE_TEST_SUITE_P(All, BIOASN1Test, testing::ValuesIn(kASN1TestParams)); -+INSTANTIATE_TEST_SUITE_P(All, BIOASN1Test, testing::ValuesIn(kASN1TestParams)); - - // Run through the tests twice, swapping |bio1| and |bio2|, for symmetry. --// class BIOPairTest : public testing::TestWithParam {}; -+class BIOPairTest : public testing::TestWithParam {}; - --// TEST_P(BIOPairTest, TestPair) { --// BIO *bio1, *bio2; --// ASSERT_TRUE(BIO_new_bio_pair(&bio1, 10, &bio2, 10)); --// bssl::UniquePtr free_bio1(bio1), free_bio2(bio2); -- --// if (GetParam()) { --// std::swap(bio1, bio2); --// } -- --// // Check initial states. --// EXPECT_EQ(10u, BIO_ctrl_get_write_guarantee(bio1)); --// EXPECT_EQ(0u, BIO_ctrl_get_read_request(bio1)); -- --// // Data written in one end may be read out the other. --// uint8_t buf[20]; --// EXPECT_EQ(5, BIO_write(bio1, "12345", 5)); --// EXPECT_EQ(5u, BIO_ctrl_get_write_guarantee(bio1)); --// ASSERT_EQ(5, BIO_read(bio2, buf, sizeof(buf))); --// EXPECT_EQ(Bytes("12345"), Bytes(buf, 5)); --// EXPECT_EQ(10u, BIO_ctrl_get_write_guarantee(bio1)); -- --// // Attempting to write more than 10 bytes will write partially. --// EXPECT_EQ(10, BIO_write(bio1, "1234567890___", 13)); --// EXPECT_EQ(0u, BIO_ctrl_get_write_guarantee(bio1)); --// EXPECT_EQ(-1, BIO_write(bio1, "z", 1)); --// EXPECT_TRUE(BIO_should_write(bio1)); --// ASSERT_EQ(10, BIO_read(bio2, buf, sizeof(buf))); --// EXPECT_EQ(Bytes("1234567890"), Bytes(buf, 10)); --// EXPECT_EQ(10u, BIO_ctrl_get_write_guarantee(bio1)); -- --// // Unsuccessful reads update the read request. --// EXPECT_EQ(-1, BIO_read(bio2, buf, 5)); --// EXPECT_TRUE(BIO_should_read(bio2)); --// EXPECT_EQ(5u, BIO_ctrl_get_read_request(bio1)); -- --// // The read request is clamped to the size of the buffer. --// EXPECT_EQ(-1, BIO_read(bio2, buf, 20)); --// EXPECT_TRUE(BIO_should_read(bio2)); --// EXPECT_EQ(10u, BIO_ctrl_get_read_request(bio1)); -- --// // Data may be written and read in chunks. --// EXPECT_EQ(5, BIO_write(bio1, "12345", 5)); --// EXPECT_EQ(5u, BIO_ctrl_get_write_guarantee(bio1)); --// EXPECT_EQ(5, BIO_write(bio1, "67890___", 8)); --// EXPECT_EQ(0u, BIO_ctrl_get_write_guarantee(bio1)); --// ASSERT_EQ(3, BIO_read(bio2, buf, 3)); --// EXPECT_EQ(Bytes("123"), Bytes(buf, 3)); --// EXPECT_EQ(3u, BIO_ctrl_get_write_guarantee(bio1)); --// ASSERT_EQ(7, BIO_read(bio2, buf, sizeof(buf))); --// EXPECT_EQ(Bytes("4567890"), Bytes(buf, 7)); --// EXPECT_EQ(10u, BIO_ctrl_get_write_guarantee(bio1)); -- --// // Successful reads reset the read request. --// EXPECT_EQ(0u, BIO_ctrl_get_read_request(bio1)); -- --// // Test writes and reads starting in the middle of the ring buffer and --// // wrapping to front. --// EXPECT_EQ(8, BIO_write(bio1, "abcdefgh", 8)); --// EXPECT_EQ(2u, BIO_ctrl_get_write_guarantee(bio1)); --// ASSERT_EQ(3, BIO_read(bio2, buf, 3)); --// EXPECT_EQ(Bytes("abc"), Bytes(buf, 3)); --// EXPECT_EQ(5u, BIO_ctrl_get_write_guarantee(bio1)); --// EXPECT_EQ(5, BIO_write(bio1, "ijklm___", 8)); --// EXPECT_EQ(0u, BIO_ctrl_get_write_guarantee(bio1)); --// ASSERT_EQ(10, BIO_read(bio2, buf, sizeof(buf))); --// EXPECT_EQ(Bytes("defghijklm"), Bytes(buf, 10)); --// EXPECT_EQ(10u, BIO_ctrl_get_write_guarantee(bio1)); -- --// // Data may flow from both ends in parallel. --// EXPECT_EQ(5, BIO_write(bio1, "12345", 5)); --// EXPECT_EQ(5, BIO_write(bio2, "67890", 5)); --// ASSERT_EQ(5, BIO_read(bio2, buf, sizeof(buf))); --// EXPECT_EQ(Bytes("12345"), Bytes(buf, 5)); --// ASSERT_EQ(5, BIO_read(bio1, buf, sizeof(buf))); --// EXPECT_EQ(Bytes("67890"), Bytes(buf, 5)); -- --// // Closing the write end causes an EOF on the read half, after draining. --// EXPECT_EQ(5, BIO_write(bio1, "12345", 5)); --// EXPECT_TRUE(BIO_shutdown_wr(bio1)); --// ASSERT_EQ(5, BIO_read(bio2, buf, sizeof(buf))); --// EXPECT_EQ(Bytes("12345"), Bytes(buf, 5)); --// EXPECT_EQ(0, BIO_read(bio2, buf, sizeof(buf))); -- --// // A closed write end may not be written to. --// EXPECT_EQ(0u, BIO_ctrl_get_write_guarantee(bio1)); --// EXPECT_EQ(-1, BIO_write(bio1, "_____", 5)); -- --// uint32_t err = ERR_get_error(); --// EXPECT_EQ(ERR_LIB_BIO, ERR_GET_LIB(err)); --// EXPECT_EQ(BIO_R_BROKEN_PIPE, ERR_GET_REASON(err)); -- --// // The other end is still functional. --// EXPECT_EQ(5, BIO_write(bio2, "12345", 5)); --// ASSERT_EQ(5, BIO_read(bio1, buf, sizeof(buf))); --// EXPECT_EQ(Bytes("12345"), Bytes(buf, 5)); --// } -+TEST_P(BIOPairTest, TestPair) { -+ BIO *bio1, *bio2; -+ ASSERT_TRUE(BIO_new_bio_pair(&bio1, 10, &bio2, 10)); -+ bssl::UniquePtr free_bio1(bio1), free_bio2(bio2); -+ -+ if (GetParam()) { -+ std::swap(bio1, bio2); -+ } -+ -+ // Check initial states. -+ EXPECT_EQ(10u, BIO_ctrl_get_write_guarantee(bio1)); -+ EXPECT_EQ(0u, BIO_ctrl_get_read_request(bio1)); -+ -+ // Data written in one end may be read out the other. -+ uint8_t buf[20]; -+ EXPECT_EQ(5, BIO_write(bio1, "12345", 5)); -+ EXPECT_EQ(5u, BIO_ctrl_get_write_guarantee(bio1)); -+ ASSERT_EQ(5, BIO_read(bio2, buf, sizeof(buf))); -+ EXPECT_EQ(Bytes("12345"), Bytes(buf, 5)); -+ EXPECT_EQ(10u, BIO_ctrl_get_write_guarantee(bio1)); -+ -+ // Attempting to write more than 10 bytes will write partially. -+ EXPECT_EQ(10, BIO_write(bio1, "1234567890___", 13)); -+ EXPECT_EQ(0u, BIO_ctrl_get_write_guarantee(bio1)); -+ EXPECT_EQ(-1, BIO_write(bio1, "z", 1)); -+ EXPECT_TRUE(BIO_should_write(bio1)); -+ ASSERT_EQ(10, BIO_read(bio2, buf, sizeof(buf))); -+ EXPECT_EQ(Bytes("1234567890"), Bytes(buf, 10)); -+ EXPECT_EQ(10u, BIO_ctrl_get_write_guarantee(bio1)); -+ -+ // Unsuccessful reads update the read request. -+ EXPECT_EQ(-1, BIO_read(bio2, buf, 5)); -+ EXPECT_TRUE(BIO_should_read(bio2)); -+ EXPECT_EQ(5u, BIO_ctrl_get_read_request(bio1)); -+ -+ // The read request is clamped to the size of the buffer. -+ EXPECT_EQ(-1, BIO_read(bio2, buf, 20)); -+ EXPECT_TRUE(BIO_should_read(bio2)); -+ EXPECT_EQ(10u, BIO_ctrl_get_read_request(bio1)); -+ -+ // Data may be written and read in chunks. -+ EXPECT_EQ(5, BIO_write(bio1, "12345", 5)); -+ EXPECT_EQ(5u, BIO_ctrl_get_write_guarantee(bio1)); -+ EXPECT_EQ(5, BIO_write(bio1, "67890___", 8)); -+ EXPECT_EQ(0u, BIO_ctrl_get_write_guarantee(bio1)); -+ ASSERT_EQ(3, BIO_read(bio2, buf, 3)); -+ EXPECT_EQ(Bytes("123"), Bytes(buf, 3)); -+ EXPECT_EQ(3u, BIO_ctrl_get_write_guarantee(bio1)); -+ ASSERT_EQ(7, BIO_read(bio2, buf, sizeof(buf))); -+ EXPECT_EQ(Bytes("4567890"), Bytes(buf, 7)); -+ EXPECT_EQ(10u, BIO_ctrl_get_write_guarantee(bio1)); -+ -+ // Successful reads reset the read request. -+ EXPECT_EQ(0u, BIO_ctrl_get_read_request(bio1)); -+ -+ // Test writes and reads starting in the middle of the ring buffer and -+ // wrapping to front. -+ EXPECT_EQ(8, BIO_write(bio1, "abcdefgh", 8)); -+ EXPECT_EQ(2u, BIO_ctrl_get_write_guarantee(bio1)); -+ ASSERT_EQ(3, BIO_read(bio2, buf, 3)); -+ EXPECT_EQ(Bytes("abc"), Bytes(buf, 3)); -+ EXPECT_EQ(5u, BIO_ctrl_get_write_guarantee(bio1)); -+ EXPECT_EQ(5, BIO_write(bio1, "ijklm___", 8)); -+ EXPECT_EQ(0u, BIO_ctrl_get_write_guarantee(bio1)); -+ ASSERT_EQ(10, BIO_read(bio2, buf, sizeof(buf))); -+ EXPECT_EQ(Bytes("defghijklm"), Bytes(buf, 10)); -+ EXPECT_EQ(10u, BIO_ctrl_get_write_guarantee(bio1)); -+ -+ // Data may flow from both ends in parallel. -+ EXPECT_EQ(5, BIO_write(bio1, "12345", 5)); -+ EXPECT_EQ(5, BIO_write(bio2, "67890", 5)); -+ ASSERT_EQ(5, BIO_read(bio2, buf, sizeof(buf))); -+ EXPECT_EQ(Bytes("12345"), Bytes(buf, 5)); -+ ASSERT_EQ(5, BIO_read(bio1, buf, sizeof(buf))); -+ EXPECT_EQ(Bytes("67890"), Bytes(buf, 5)); -+ -+ // Closing the write end causes an EOF on the read half, after draining. -+ EXPECT_EQ(5, BIO_write(bio1, "12345", 5)); -+ EXPECT_TRUE(BIO_shutdown_wr(bio1)); -+ ASSERT_EQ(5, BIO_read(bio2, buf, sizeof(buf))); -+ EXPECT_EQ(Bytes("12345"), Bytes(buf, 5)); -+ EXPECT_EQ(0, BIO_read(bio2, buf, sizeof(buf))); -+ -+ // A closed write end may not be written to. -+ EXPECT_EQ(0u, BIO_ctrl_get_write_guarantee(bio1)); -+ EXPECT_EQ(-1, BIO_write(bio1, "_____", 5)); -+ -+ uint32_t err = ERR_get_error(); -+ EXPECT_EQ(ERR_LIB_BIO, ERR_GET_LIB(err)); -+ EXPECT_EQ(BIO_R_BROKEN_PIPE, ERR_GET_REASON(err)); -+ -+ // The other end is still functional. -+ EXPECT_EQ(5, BIO_write(bio2, "12345", 5)); -+ ASSERT_EQ(5, BIO_read(bio1, buf, sizeof(buf))); -+ EXPECT_EQ(Bytes("12345"), Bytes(buf, 5)); -+} - --// INSTANTIATE_TEST_SUITE_P(All, BIOPairTest, testing::Values(false, true)); -+INSTANTIATE_TEST_SUITE_P(All, BIOPairTest, testing::Values(false, true)); diff --git a/bssl-compat/patch/source/crypto/bio/bio_test.cc.sh b/bssl-compat/patch/source/crypto/bio/bio_test.cc.sh new file mode 100755 index 0000000000..e13e6157e8 --- /dev/null +++ b/bssl-compat/patch/source/crypto/bio/bio_test.cc.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +# Do nothing here so the file just gets copied +# without commenting or uncommenting anything \ No newline at end of file diff --git a/bssl-compat/patch/source/crypto/bytestring/cbb.c.patch b/bssl-compat/patch/source/crypto/bytestring/cbb.c.patch deleted file mode 100644 index 93b26f8e3d..0000000000 --- a/bssl-compat/patch/source/crypto/bytestring/cbb.c.patch +++ /dev/null @@ -1,716 +0,0 @@ ---- a/source/crypto/bytestring/cbb.c -+++ b/source/crypto/bytestring/cbb.c -@@ -12,56 +12,56 @@ - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - --// #include -+#include - --// #include --// #include --// #include -+#include -+#include -+#include - --// #include -+#include - --// #include "../internal.h" -+#include "../internal.h" - - --// void CBB_zero(CBB *cbb) { --// OPENSSL_memset(cbb, 0, sizeof(CBB)); --// } -+void CBB_zero(CBB *cbb) { -+ OPENSSL_memset(cbb, 0, sizeof(CBB)); -+} - --// static int cbb_init(CBB *cbb, uint8_t *buf, size_t cap) { --// // This assumes that |cbb| has already been zeroed. --// struct cbb_buffer_st *base; -+static int cbb_init(CBB *cbb, uint8_t *buf, size_t cap) { -+ // This assumes that |cbb| has already been zeroed. -+ struct cbb_buffer_st *base; - --// base = OPENSSL_malloc(sizeof(struct cbb_buffer_st)); --// if (base == NULL) { --// return 0; --// } -+ base = OPENSSL_malloc(sizeof(struct cbb_buffer_st)); -+ if (base == NULL) { -+ return 0; -+ } - --// base->buf = buf; --// base->len = 0; --// base->cap = cap; --// base->can_resize = 1; --// base->error = 0; -+ base->buf = buf; -+ base->len = 0; -+ base->cap = cap; -+ base->can_resize = 1; -+ base->error = 0; - --// cbb->base = base; --// cbb->is_child = 0; --// return 1; --// } -+ cbb->base = base; -+ cbb->is_child = 0; -+ return 1; -+} - --// int CBB_init(CBB *cbb, size_t initial_capacity) { --// CBB_zero(cbb); -+int CBB_init(CBB *cbb, size_t initial_capacity) { -+ CBB_zero(cbb); - --// uint8_t *buf = OPENSSL_malloc(initial_capacity); --// if (initial_capacity > 0 && buf == NULL) { --// return 0; --// } -+ uint8_t *buf = OPENSSL_malloc(initial_capacity); -+ if (initial_capacity > 0 && buf == NULL) { -+ return 0; -+ } - --// if (!cbb_init(cbb, buf, initial_capacity)) { --// OPENSSL_free(buf); --// return 0; --// } -+ if (!cbb_init(cbb, buf, initial_capacity)) { -+ OPENSSL_free(buf); -+ return 0; -+ } - --// return 1; --// } -+ return 1; -+} - - // int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len) { - // CBB_zero(cbb); -@@ -74,227 +74,227 @@ - // return 1; - // } - --// void CBB_cleanup(CBB *cbb) { --// // Child |CBB|s are non-owning. They are implicitly discarded and should not --// // be used with |CBB_cleanup| or |ScopedCBB|. --// assert(!cbb->is_child); --// if (cbb->is_child) { --// return; --// } -- --// if (cbb->base) { --// if (cbb->base->can_resize) { --// OPENSSL_free(cbb->base->buf); --// } --// OPENSSL_free(cbb->base); --// } --// cbb->base = NULL; --// } -- --// static int cbb_buffer_reserve(struct cbb_buffer_st *base, uint8_t **out, --// size_t len) { --// size_t newlen; -- --// if (base == NULL) { --// return 0; --// } -- --// newlen = base->len + len; --// if (newlen < base->len) { --// // Overflow --// goto err; --// } -- --// if (newlen > base->cap) { --// size_t newcap = base->cap * 2; --// uint8_t *newbuf; -- --// if (!base->can_resize) { --// goto err; --// } -- --// if (newcap < base->cap || newcap < newlen) { --// newcap = newlen; --// } --// newbuf = OPENSSL_realloc(base->buf, newcap); --// if (newbuf == NULL) { --// goto err; --// } -- --// base->buf = newbuf; --// base->cap = newcap; --// } -- --// if (out) { --// *out = base->buf + base->len; --// } -- --// return 1; -- --// err: --// base->error = 1; --// return 0; --// } -- --// static int cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out, --// size_t len) { --// if (!cbb_buffer_reserve(base, out, len)) { --// return 0; --// } --// // This will not overflow or |cbb_buffer_reserve| would have failed. --// base->len += len; --// return 1; --// } -- --// static int cbb_buffer_add_u(struct cbb_buffer_st *base, uint64_t v, --// size_t len_len) { --// if (len_len == 0) { --// return 1; --// } -- --// uint8_t *buf; --// if (!cbb_buffer_add(base, &buf, len_len)) { --// return 0; --// } -- --// for (size_t i = len_len - 1; i < len_len; i--) { --// buf[i] = v; --// v >>= 8; --// } -- --// if (v != 0) { --// base->error = 1; --// return 0; --// } -- --// return 1; --// } -- --// int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len) { --// if (cbb->is_child) { --// return 0; --// } -- --// if (!CBB_flush(cbb)) { --// return 0; --// } -- --// if (cbb->base->can_resize && (out_data == NULL || out_len == NULL)) { --// // |out_data| and |out_len| can only be NULL if the CBB is fixed. --// return 0; --// } -- --// if (out_data != NULL) { --// *out_data = cbb->base->buf; --// } --// if (out_len != NULL) { --// *out_len = cbb->base->len; --// } --// cbb->base->buf = NULL; --// CBB_cleanup(cbb); --// return 1; --// } -+void CBB_cleanup(CBB *cbb) { -+ // Child |CBB|s are non-owning. They are implicitly discarded and should not -+ // be used with |CBB_cleanup| or |ScopedCBB|. -+ assert(!cbb->is_child); -+ if (cbb->is_child) { -+ return; -+ } -+ -+ if (cbb->base) { -+ if (cbb->base->can_resize) { -+ OPENSSL_free(cbb->base->buf); -+ } -+ OPENSSL_free(cbb->base); -+ } -+ cbb->base = NULL; -+} -+ -+static int cbb_buffer_reserve(struct cbb_buffer_st *base, uint8_t **out, -+ size_t len) { -+ size_t newlen; -+ -+ if (base == NULL) { -+ return 0; -+ } -+ -+ newlen = base->len + len; -+ if (newlen < base->len) { -+ // Overflow -+ goto err; -+ } -+ -+ if (newlen > base->cap) { -+ size_t newcap = base->cap * 2; -+ uint8_t *newbuf; -+ -+ if (!base->can_resize) { -+ goto err; -+ } -+ -+ if (newcap < base->cap || newcap < newlen) { -+ newcap = newlen; -+ } -+ newbuf = OPENSSL_realloc(base->buf, newcap); -+ if (newbuf == NULL) { -+ goto err; -+ } -+ -+ base->buf = newbuf; -+ base->cap = newcap; -+ } -+ -+ if (out) { -+ *out = base->buf + base->len; -+ } -+ -+ return 1; -+ -+err: -+ base->error = 1; -+ return 0; -+} -+ -+static int cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out, -+ size_t len) { -+ if (!cbb_buffer_reserve(base, out, len)) { -+ return 0; -+ } -+ // This will not overflow or |cbb_buffer_reserve| would have failed. -+ base->len += len; -+ return 1; -+} -+ -+static int cbb_buffer_add_u(struct cbb_buffer_st *base, uint64_t v, -+ size_t len_len) { -+ if (len_len == 0) { -+ return 1; -+ } -+ -+ uint8_t *buf; -+ if (!cbb_buffer_add(base, &buf, len_len)) { -+ return 0; -+ } -+ -+ for (size_t i = len_len - 1; i < len_len; i--) { -+ buf[i] = v; -+ v >>= 8; -+ } -+ -+ if (v != 0) { -+ base->error = 1; -+ return 0; -+ } -+ -+ return 1; -+} -+ -+int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len) { -+ if (cbb->is_child) { -+ return 0; -+ } -+ -+ if (!CBB_flush(cbb)) { -+ return 0; -+ } -+ -+ if (cbb->base->can_resize && (out_data == NULL || out_len == NULL)) { -+ // |out_data| and |out_len| can only be NULL if the CBB is fixed. -+ return 0; -+ } -+ -+ if (out_data != NULL) { -+ *out_data = cbb->base->buf; -+ } -+ if (out_len != NULL) { -+ *out_len = cbb->base->len; -+ } -+ cbb->base->buf = NULL; -+ CBB_cleanup(cbb); -+ return 1; -+} - - // CBB_flush recurses and then writes out any pending length prefix. The - // current length of the underlying base is taken to be the length of the - // length-prefixed data. --// int CBB_flush(CBB *cbb) { --// size_t child_start, i, len; -+int CBB_flush(CBB *cbb) { -+ size_t child_start, i, len; - --// // If |cbb->base| has hit an error, the buffer is in an undefined state, so --// // fail all following calls. In particular, |cbb->child| may point to invalid --// // memory. --// if (cbb->base == NULL || cbb->base->error) { --// return 0; --// } -- --// if (cbb->child == NULL || cbb->child->pending_len_len == 0) { --// return 1; --// } -- --// child_start = cbb->child->offset + cbb->child->pending_len_len; -- --// if (!CBB_flush(cbb->child) || --// child_start < cbb->child->offset || --// cbb->base->len < child_start) { --// goto err; --// } -- --// len = cbb->base->len - child_start; -- --// if (cbb->child->pending_is_asn1) { --// // For ASN.1 we assume that we'll only need a single byte for the length. --// // If that turned out to be incorrect, we have to move the contents along --// // in order to make space. --// uint8_t len_len; --// uint8_t initial_length_byte; -- --// assert (cbb->child->pending_len_len == 1); -- --// if (len > 0xfffffffe) { --// // Too large. --// goto err; --// } else if (len > 0xffffff) { --// len_len = 5; --// initial_length_byte = 0x80 | 4; --// } else if (len > 0xffff) { --// len_len = 4; --// initial_length_byte = 0x80 | 3; --// } else if (len > 0xff) { --// len_len = 3; --// initial_length_byte = 0x80 | 2; --// } else if (len > 0x7f) { --// len_len = 2; --// initial_length_byte = 0x80 | 1; --// } else { --// len_len = 1; --// initial_length_byte = (uint8_t)len; --// len = 0; --// } -- --// if (len_len != 1) { --// // We need to move the contents along in order to make space. --// size_t extra_bytes = len_len - 1; --// if (!cbb_buffer_add(cbb->base, NULL, extra_bytes)) { --// goto err; --// } --// OPENSSL_memmove(cbb->base->buf + child_start + extra_bytes, --// cbb->base->buf + child_start, len); --// } --// cbb->base->buf[cbb->child->offset++] = initial_length_byte; --// cbb->child->pending_len_len = len_len - 1; --// } -- --// for (i = cbb->child->pending_len_len - 1; i < cbb->child->pending_len_len; --// i--) { --// cbb->base->buf[cbb->child->offset + i] = (uint8_t)len; --// len >>= 8; --// } --// if (len != 0) { --// goto err; --// } -- --// cbb->child->base = NULL; --// cbb->child = NULL; -- --// return 1; -+ // If |cbb->base| has hit an error, the buffer is in an undefined state, so -+ // fail all following calls. In particular, |cbb->child| may point to invalid -+ // memory. -+ if (cbb->base == NULL || cbb->base->error) { -+ return 0; -+ } -+ -+ if (cbb->child == NULL || cbb->child->pending_len_len == 0) { -+ return 1; -+ } -+ -+ child_start = cbb->child->offset + cbb->child->pending_len_len; -+ -+ if (!CBB_flush(cbb->child) || -+ child_start < cbb->child->offset || -+ cbb->base->len < child_start) { -+ goto err; -+ } -+ -+ len = cbb->base->len - child_start; -+ -+ if (cbb->child->pending_is_asn1) { -+ // For ASN.1 we assume that we'll only need a single byte for the length. -+ // If that turned out to be incorrect, we have to move the contents along -+ // in order to make space. -+ uint8_t len_len; -+ uint8_t initial_length_byte; -+ -+ assert (cbb->child->pending_len_len == 1); -+ -+ if (len > 0xfffffffe) { -+ // Too large. -+ goto err; -+ } else if (len > 0xffffff) { -+ len_len = 5; -+ initial_length_byte = 0x80 | 4; -+ } else if (len > 0xffff) { -+ len_len = 4; -+ initial_length_byte = 0x80 | 3; -+ } else if (len > 0xff) { -+ len_len = 3; -+ initial_length_byte = 0x80 | 2; -+ } else if (len > 0x7f) { -+ len_len = 2; -+ initial_length_byte = 0x80 | 1; -+ } else { -+ len_len = 1; -+ initial_length_byte = (uint8_t)len; -+ len = 0; -+ } -+ -+ if (len_len != 1) { -+ // We need to move the contents along in order to make space. -+ size_t extra_bytes = len_len - 1; -+ if (!cbb_buffer_add(cbb->base, NULL, extra_bytes)) { -+ goto err; -+ } -+ OPENSSL_memmove(cbb->base->buf + child_start + extra_bytes, -+ cbb->base->buf + child_start, len); -+ } -+ cbb->base->buf[cbb->child->offset++] = initial_length_byte; -+ cbb->child->pending_len_len = len_len - 1; -+ } -+ -+ for (i = cbb->child->pending_len_len - 1; i < cbb->child->pending_len_len; -+ i--) { -+ cbb->base->buf[cbb->child->offset + i] = (uint8_t)len; -+ len >>= 8; -+ } -+ if (len != 0) { -+ goto err; -+ } -+ -+ cbb->child->base = NULL; -+ cbb->child = NULL; -+ -+ return 1; -+ -+err: -+ cbb->base->error = 1; -+ return 0; -+} -+ -+const uint8_t *CBB_data(const CBB *cbb) { -+ assert(cbb->child == NULL); -+ return cbb->base->buf + cbb->offset + cbb->pending_len_len; -+} -+ -+size_t CBB_len(const CBB *cbb) { -+ assert(cbb->child == NULL); -+ assert(cbb->offset + cbb->pending_len_len <= cbb->base->len); - --// err: --// cbb->base->error = 1; --// return 0; --// } -- --// const uint8_t *CBB_data(const CBB *cbb) { --// assert(cbb->child == NULL); --// return cbb->base->buf + cbb->offset + cbb->pending_len_len; --// } -- --// size_t CBB_len(const CBB *cbb) { --// assert(cbb->child == NULL); --// assert(cbb->offset + cbb->pending_len_len <= cbb->base->len); -- --// return cbb->base->len - cbb->offset - cbb->pending_len_len; --// } -+ return cbb->base->len - cbb->offset - cbb->pending_len_len; -+} - - // static int cbb_add_length_prefixed(CBB *cbb, CBB *out_contents, - // uint8_t len_len) { -@@ -336,73 +336,73 @@ - // add_base128_integer encodes |v| as a big-endian base-128 integer where the - // high bit of each byte indicates where there is more data. This is the - // encoding used in DER for both high tag number form and OID components. --// static int add_base128_integer(CBB *cbb, uint64_t v) { --// unsigned len_len = 0; --// uint64_t copy = v; --// while (copy > 0) { --// len_len++; --// copy >>= 7; --// } --// if (len_len == 0) { --// len_len = 1; // Zero is encoded with one byte. --// } --// for (unsigned i = len_len - 1; i < len_len; i--) { --// uint8_t byte = (v >> (7 * i)) & 0x7f; --// if (i != 0) { --// // The high bit denotes whether there is more data. --// byte |= 0x80; --// } --// if (!CBB_add_u8(cbb, byte)) { --// return 0; --// } --// } --// return 1; --// } -- --// int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned tag) { --// if (!CBB_flush(cbb)) { --// return 0; --// } -- --// // Split the tag into leading bits and tag number. --// uint8_t tag_bits = (tag >> CBS_ASN1_TAG_SHIFT) & 0xe0; --// unsigned tag_number = tag & CBS_ASN1_TAG_NUMBER_MASK; --// if (tag_number >= 0x1f) { --// // Set all the bits in the tag number to signal high tag number form. --// if (!CBB_add_u8(cbb, tag_bits | 0x1f) || --// !add_base128_integer(cbb, tag_number)) { --// return 0; --// } --// } else if (!CBB_add_u8(cbb, tag_bits | tag_number)) { --// return 0; --// } -- --// size_t offset = cbb->base->len; --// if (!CBB_add_u8(cbb, 0)) { --// return 0; --// } -- --// OPENSSL_memset(out_contents, 0, sizeof(CBB)); --// out_contents->base = cbb->base; --// out_contents->is_child = 1; --// cbb->child = out_contents; --// cbb->child->offset = offset; --// cbb->child->pending_len_len = 1; --// cbb->child->pending_is_asn1 = 1; -- --// return 1; --// } -- --// int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len) { --// uint8_t *dest; -- --// if (!CBB_flush(cbb) || --// !cbb_buffer_add(cbb->base, &dest, len)) { --// return 0; --// } --// OPENSSL_memcpy(dest, data, len); --// return 1; --// } -+static int add_base128_integer(CBB *cbb, uint64_t v) { -+ unsigned len_len = 0; -+ uint64_t copy = v; -+ while (copy > 0) { -+ len_len++; -+ copy >>= 7; -+ } -+ if (len_len == 0) { -+ len_len = 1; // Zero is encoded with one byte. -+ } -+ for (unsigned i = len_len - 1; i < len_len; i--) { -+ uint8_t byte = (v >> (7 * i)) & 0x7f; -+ if (i != 0) { -+ // The high bit denotes whether there is more data. -+ byte |= 0x80; -+ } -+ if (!CBB_add_u8(cbb, byte)) { -+ return 0; -+ } -+ } -+ return 1; -+} -+ -+int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned tag) { -+ if (!CBB_flush(cbb)) { -+ return 0; -+ } -+ -+ // Split the tag into leading bits and tag number. -+ uint8_t tag_bits = (tag >> CBS_ASN1_TAG_SHIFT) & 0xe0; -+ unsigned tag_number = tag & CBS_ASN1_TAG_NUMBER_MASK; -+ if (tag_number >= 0x1f) { -+ // Set all the bits in the tag number to signal high tag number form. -+ if (!CBB_add_u8(cbb, tag_bits | 0x1f) || -+ !add_base128_integer(cbb, tag_number)) { -+ return 0; -+ } -+ } else if (!CBB_add_u8(cbb, tag_bits | tag_number)) { -+ return 0; -+ } -+ -+ size_t offset = cbb->base->len; -+ if (!CBB_add_u8(cbb, 0)) { -+ return 0; -+ } -+ -+ OPENSSL_memset(out_contents, 0, sizeof(CBB)); -+ out_contents->base = cbb->base; -+ out_contents->is_child = 1; -+ cbb->child = out_contents; -+ cbb->child->offset = offset; -+ cbb->child->pending_len_len = 1; -+ cbb->child->pending_is_asn1 = 1; -+ -+ return 1; -+} -+ -+int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len) { -+ uint8_t *dest; -+ -+ if (!CBB_flush(cbb) || -+ !cbb_buffer_add(cbb->base, &dest, len)) { -+ return 0; -+ } -+ OPENSSL_memcpy(dest, data, len); -+ return 1; -+} - - // int CBB_add_zeros(CBB *cbb, size_t len) { - // uint8_t *out; -@@ -440,21 +440,21 @@ - // return 1; - // } - --// int CBB_add_u8(CBB *cbb, uint8_t value) { --// if (!CBB_flush(cbb)) { --// return 0; --// } -- --// return cbb_buffer_add_u(cbb->base, value, 1); --// } -- --// int CBB_add_u16(CBB *cbb, uint16_t value) { --// if (!CBB_flush(cbb)) { --// return 0; --// } -+int CBB_add_u8(CBB *cbb, uint8_t value) { -+ if (!CBB_flush(cbb)) { -+ return 0; -+ } -+ -+ return cbb_buffer_add_u(cbb->base, value, 1); -+} -+ -+int CBB_add_u16(CBB *cbb, uint16_t value) { -+ if (!CBB_flush(cbb)) { -+ return 0; -+ } - --// return cbb_buffer_add_u(cbb->base, value, 2); --// } -+ return cbb_buffer_add_u(cbb->base, value, 2); -+} - - // int CBB_add_u16le(CBB *cbb, uint16_t value) { - // return CBB_add_u16(cbb, CRYPTO_bswap2(value)); diff --git a/bssl-compat/patch/source/crypto/bytestring/cbb.c.sh b/bssl-compat/patch/source/crypto/bytestring/cbb.c.sh new file mode 100755 index 0000000000..aeede5b277 --- /dev/null +++ b/bssl-compat/patch/source/crypto/bytestring/cbb.c.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment \ + --uncomment-regex '#include' \ + --uncomment-func-impl CBB_zero \ + --uncomment-func-impl cbb_init \ + --uncomment-func-impl CBB_init \ + --uncomment-func-impl CBB_cleanup \ + --uncomment-static-func-impl cbb_buffer_reserve \ + --uncomment-static-func-impl cbb_buffer_add \ + --uncomment-func-impl CBB_finish \ + --uncomment-func-impl cbb_get_base \ + --uncomment-func-impl CBB_flush \ + --uncomment-func-impl CBB_data \ + --uncomment-func-impl CBB_len \ + --uncomment-static-func-impl cbb_add_child \ + --uncomment-func-impl add_base128_integer \ + --uncomment-func-impl CBB_add_asn1 \ + --uncomment-func-impl CBB_add_bytes \ + --uncomment-func-impl CBB_add_space \ + --uncomment-func-impl cbb_add_u \ + --uncomment-func-impl CBB_add_u8 \ + --uncomment-func-impl CBB_add_u16 \ diff --git a/bssl-compat/patch/source/crypto/bytestring/cbs.c.patch b/bssl-compat/patch/source/crypto/bytestring/cbs.c.patch deleted file mode 100644 index 53dde2f71a..0000000000 --- a/bssl-compat/patch/source/crypto/bytestring/cbs.c.patch +++ /dev/null @@ -1,219 +0,0 @@ ---- a/source/crypto/bytestring/cbs.c -+++ b/source/crypto/bytestring/cbs.c -@@ -12,48 +12,48 @@ - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - --// #include --// #include --// #include -- --// #include --// #include --// #include --// #include -+#include -+#include -+#include -+ -+#include -+#include -+#include -+#include - - // #include "../asn1/internal.h" - // #include "../internal.h" - // #include "internal.h" - - --// void CBS_init(CBS *cbs, const uint8_t *data, size_t len) { --// cbs->data = data; --// cbs->len = len; --// } -- --// static int cbs_get(CBS *cbs, const uint8_t **p, size_t n) { --// if (cbs->len < n) { --// return 0; --// } -- --// *p = cbs->data; --// cbs->data += n; --// cbs->len -= n; --// return 1; --// } -- --// int CBS_skip(CBS *cbs, size_t len) { --// const uint8_t *dummy; --// return cbs_get(cbs, &dummy, len); --// } -- --// const uint8_t *CBS_data(const CBS *cbs) { --// return cbs->data; --// } -- --// size_t CBS_len(const CBS *cbs) { --// return cbs->len; --// } -+void CBS_init(CBS *cbs, const uint8_t *data, size_t len) { -+ cbs->data = data; -+ cbs->len = len; -+} -+ -+static int cbs_get(CBS *cbs, const uint8_t **p, size_t n) { -+ if (cbs->len < n) { -+ return 0; -+ } -+ -+ *p = cbs->data; -+ cbs->data += n; -+ cbs->len -= n; -+ return 1; -+} -+ -+int CBS_skip(CBS *cbs, size_t len) { -+ const uint8_t *dummy; -+ return cbs_get(cbs, &dummy, len); -+} -+ -+const uint8_t *CBS_data(const CBS *cbs) { -+ return cbs->data; -+} -+ -+size_t CBS_len(const CBS *cbs) { -+ return cbs->len; -+} - - // int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len) { - // OPENSSL_free(*out_ptr); -@@ -90,38 +90,38 @@ - // return CRYPTO_memcmp(cbs->data, data, len) == 0; - // } - --// static int cbs_get_u(CBS *cbs, uint64_t *out, size_t len) { --// uint64_t result = 0; --// const uint8_t *data; -- --// if (!cbs_get(cbs, &data, len)) { --// return 0; --// } --// for (size_t i = 0; i < len; i++) { --// result <<= 8; --// result |= data[i]; --// } --// *out = result; --// return 1; --// } -- --// int CBS_get_u8(CBS *cbs, uint8_t *out) { --// const uint8_t *v; --// if (!cbs_get(cbs, &v, 1)) { --// return 0; --// } --// *out = *v; --// return 1; --// } -- --// int CBS_get_u16(CBS *cbs, uint16_t *out) { --// uint64_t v; --// if (!cbs_get_u(cbs, &v, 2)) { --// return 0; --// } --// *out = v; --// return 1; --// } -+static int cbs_get_u(CBS *cbs, uint64_t *out, size_t len) { -+ uint64_t result = 0; -+ const uint8_t *data; -+ -+ if (!cbs_get(cbs, &data, len)) { -+ return 0; -+ } -+ for (size_t i = 0; i < len; i++) { -+ result <<= 8; -+ result |= data[i]; -+ } -+ *out = result; -+ return 1; -+} -+ -+int CBS_get_u8(CBS *cbs, uint8_t *out) { -+ const uint8_t *v; -+ if (!cbs_get(cbs, &v, 1)) { -+ return 0; -+ } -+ *out = *v; -+ return 1; -+} -+ -+int CBS_get_u16(CBS *cbs, uint16_t *out) { -+ uint64_t v; -+ if (!cbs_get_u(cbs, &v, 2)) { -+ return 0; -+ } -+ *out = v; -+ return 1; -+} - - // int CBS_get_u16le(CBS *cbs, uint16_t *out) { - // if (!CBS_get_u16(cbs, out)) { -@@ -178,14 +178,14 @@ - // return 1; - // } - --// int CBS_get_bytes(CBS *cbs, CBS *out, size_t len) { --// const uint8_t *v; --// if (!cbs_get(cbs, &v, len)) { --// return 0; --// } --// CBS_init(out, v, len); --// return 1; --// } -+int CBS_get_bytes(CBS *cbs, CBS *out, size_t len) { -+ const uint8_t *v; -+ if (!cbs_get(cbs, &v, len)) { -+ return 0; -+ } -+ CBS_init(out, v, len); -+ return 1; -+} - - // int CBS_copy_bytes(CBS *cbs, uint8_t *out, size_t len) { - // const uint8_t *v; -@@ -196,24 +196,24 @@ - // return 1; - // } - --// static int cbs_get_length_prefixed(CBS *cbs, CBS *out, size_t len_len) { --// uint64_t len; --// if (!cbs_get_u(cbs, &len, len_len)) { --// return 0; --// } --// // If |len_len| <= 3 then we know that |len| will fit into a |size_t|, even on --// // 32-bit systems. --// assert(len_len <= 3); --// return CBS_get_bytes(cbs, out, len); --// } -+static int cbs_get_length_prefixed(CBS *cbs, CBS *out, size_t len_len) { -+ uint64_t len; -+ if (!cbs_get_u(cbs, &len, len_len)) { -+ return 0; -+ } -+ // If |len_len| <= 3 then we know that |len| will fit into a |size_t|, even on -+ // 32-bit systems. -+ assert(len_len <= 3); -+ return CBS_get_bytes(cbs, out, len); -+} - - // int CBS_get_u8_length_prefixed(CBS *cbs, CBS *out) { - // return cbs_get_length_prefixed(cbs, out, 1); - // } - --// int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out) { --// return cbs_get_length_prefixed(cbs, out, 2); --// } -+int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out) { -+ return cbs_get_length_prefixed(cbs, out, 2); -+} - - // int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out) { - // return cbs_get_length_prefixed(cbs, out, 3); diff --git a/bssl-compat/patch/source/crypto/bytestring/cbs.c.sh b/bssl-compat/patch/source/crypto/bytestring/cbs.c.sh new file mode 100755 index 0000000000..6998a3623b --- /dev/null +++ b/bssl-compat/patch/source/crypto/bytestring/cbs.c.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment \ + --uncomment-regex '\#include <' \ + --uncomment-func-impl CBS_init \ + --uncomment-func-impl CBS_len \ + --uncomment-func-impl cbs_get \ + --uncomment-func-impl CBS_skip \ + --uncomment-func-impl CBS_data \ + --uncomment-func-impl cbs_get_u \ + --uncomment-func-impl CBS_get_u8 \ + --uncomment-func-impl CBS_get_u16 \ + --uncomment-func-impl CBS_get_bytes \ + --uncomment-func-impl cbs_get_length_prefixed \ + --uncomment-func-impl CBS_get_u16_length_prefixed \ diff --git a/bssl-compat/patch/source/crypto/digest_extra/digest_test.cc.patch b/bssl-compat/patch/source/crypto/digest_extra/digest_test.cc.patch deleted file mode 100644 index bda686f378..0000000000 --- a/bssl-compat/patch/source/crypto/digest_extra/digest_test.cc.patch +++ /dev/null @@ -1,645 +0,0 @@ ---- a/source/crypto/digest_extra/digest_test.cc -+++ b/source/crypto/digest_extra/digest_test.cc -@@ -12,324 +12,324 @@ - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - --// #include --// #include --// #include -- --// #include --// #include -- --// #include -- --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include -- --// #include "../internal.h" --// #include "../test/test_util.h" -- -- --// struct MD { --// // name is the name of the digest. --// const char* name; --// // md_func is the digest to test. --// const EVP_MD *(*func)(void); --// // one_shot_func is the convenience one-shot version of the --// // digest. --// uint8_t *(*one_shot_func)(const uint8_t *, size_t, uint8_t *); --// }; -- --// static const MD md4 = { "MD4", &EVP_md4, nullptr }; --// static const MD md5 = { "MD5", &EVP_md5, &MD5 }; --// static const MD sha1 = { "SHA1", &EVP_sha1, &SHA1 }; --// static const MD sha224 = { "SHA224", &EVP_sha224, &SHA224 }; --// static const MD sha256 = { "SHA256", &EVP_sha256, &SHA256 }; --// static const MD sha384 = { "SHA384", &EVP_sha384, &SHA384 }; --// static const MD sha512 = { "SHA512", &EVP_sha512, &SHA512 }; -+#include -+#include -+#include -+ -+#include -+#include -+ -+#include -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include "../internal.h" -+#include "../test/test_util.h" -+ -+ -+struct MD { -+ // name is the name of the digest. -+ const char* name; -+ // md_func is the digest to test. -+ const EVP_MD *(*func)(void); -+ // one_shot_func is the convenience one-shot version of the -+ // digest. -+ uint8_t *(*one_shot_func)(const uint8_t *, size_t, uint8_t *); -+}; -+ -+static const MD md4 = { "MD4", &EVP_md4, nullptr }; -+static const MD md5 = { "MD5", &EVP_md5, &MD5 }; -+static const MD sha1 = { "SHA1", &EVP_sha1, &SHA1 }; -+static const MD sha224 = { "SHA224", &EVP_sha224, &SHA224 }; -+static const MD sha256 = { "SHA256", &EVP_sha256, &SHA256 }; -+static const MD sha384 = { "SHA384", &EVP_sha384, &SHA384 }; -+static const MD sha512 = { "SHA512", &EVP_sha512, &SHA512 }; - // static const MD sha512_256 = { "SHA512-256", &EVP_sha512_256, &SHA512_256 }; --// static const MD md5_sha1 = { "MD5-SHA1", &EVP_md5_sha1, nullptr }; -+static const MD md5_sha1 = { "MD5-SHA1", &EVP_md5_sha1, nullptr }; - // static const MD blake2b256 = { "BLAKE2b-256", &EVP_blake2b256, nullptr }; - --// struct DigestTestVector { --// // md is the digest to test. --// const MD &md; --// // input is a NUL-terminated string to hash. --// const char *input; --// // repeat is the number of times to repeat input. --// size_t repeat; --// // expected_hex is the expected digest in hexadecimal. --// const char *expected_hex; --// }; -- --// static const DigestTestVector kTestVectors[] = { --// // MD4 tests, from RFC 1320. (crypto/md4 does not provide a --// // one-shot MD4 function.) --// {md4, "", 1, "31d6cfe0d16ae931b73c59d7e0c089c0"}, --// {md4, "a", 1, "bde52cb31de33e46245e05fbdbd6fb24"}, --// {md4, "abc", 1, "a448017aaf21d8525fc10ae87aa6729d"}, --// {md4, "message digest", 1, "d9130a8164549fe818874806e1c7014b"}, --// {md4, "abcdefghijklmnopqrstuvwxyz", 1, "d79e1c308aa5bbcdeea8ed63df412da9"}, --// {md4, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 1, --// "043f8582f241db351ce627e153e7f0e4"}, --// {md4, "1234567890", 8, "e33b4ddc9c38f2199c3e7b164fcc0536"}, -- --// // MD5 tests, from RFC 1321. --// {md5, "", 1, "d41d8cd98f00b204e9800998ecf8427e"}, --// {md5, "a", 1, "0cc175b9c0f1b6a831c399e269772661"}, --// {md5, "abc", 1, "900150983cd24fb0d6963f7d28e17f72"}, --// {md5, "message digest", 1, "f96b697d7cb7938d525a2f31aaf161d0"}, --// {md5, "abcdefghijklmnopqrstuvwxyz", 1, "c3fcd3d76192e4007dfb496cca67e13b"}, --// {md5, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 1, --// "d174ab98d277d9f5a5611c2c9f419d9f"}, --// {md5, "1234567890", 8, "57edf4a22be3c955ac49da2e2107b67a"}, -- --// // SHA-1 tests, from RFC 3174. --// {sha1, "abc", 1, "a9993e364706816aba3e25717850c26c9cd0d89d"}, --// {sha1, "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, --// "84983e441c3bd26ebaae4aa1f95129e5e54670f1"}, --// {sha1, "a", 1000000, "34aa973cd4c4daa4f61eeb2bdbad27316534016f"}, --// {sha1, "0123456701234567012345670123456701234567012345670123456701234567", --// 10, "dea356a2cddd90c7a7ecedc5ebb563934f460452"}, -- --// // SHA-224 tests, from RFC 3874. --// {sha224, "abc", 1, --// "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7"}, --// {sha224, "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, --// "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525"}, --// {sha224, "a", 1000000, --// "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67"}, -- --// // SHA-256 tests, from NIST. --// {sha256, "abc", 1, --// "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"}, --// {sha256, "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, --// "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1"}, -- --// // SHA-384 tests, from NIST. --// {sha384, "abc", 1, --// "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed" --// "8086072ba1e7cc2358baeca134c825a7"}, --// {sha384, --// "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" --// "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", --// 1, --// "09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712" --// "fcc7c71a557e2db966c3e9fa91746039"}, -- --// // SHA-512 tests, from NIST. --// {sha512, "abc", 1, --// "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a" --// "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f"}, --// {sha512, --// "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" --// "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", --// 1, --// "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018" --// "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909"}, -- --// // SHA-512-256 tests, from --// // https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/examples/sha512_256.pdf --// {sha512_256, "abc", 1, --// "53048e2681941ef99b2e29b76b4c7dabe4c2d0c634fc6d46e0e2f13107e7af23"}, --// {sha512_256, --// "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopj" --// "klmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", --// 1, "3928e184fb8690f840da3988121d31be65cb9d3ef83ee6146feac861e19b563a"}, -- --// // MD5-SHA1 tests. --// {md5_sha1, "abc", 1, --// "900150983cd24fb0d6963f7d28e17f72a9993e364706816aba3e25717850c26c9cd0d89d"}, -- --// // BLAKE2b-256 tests. --// {blake2b256, "abc", 1, --// "bddd813c634239723171ef3fee98579b94964e3bb1cb3e427262c8c068d52319"}, --// }; -- --// static void CompareDigest(const DigestTestVector *test, --// const uint8_t *digest, --// size_t digest_len) { --// EXPECT_EQ(test->expected_hex, --// EncodeHex(bssl::MakeConstSpan(digest, digest_len))); --// } -- --// static void TestDigest(const DigestTestVector *test) { --// bssl::ScopedEVP_MD_CTX ctx; -- --// // Test the input provided. --// ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), nullptr)); --// for (size_t i = 0; i < test->repeat; i++) { --// ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), test->input, strlen(test->input))); --// } --// std::unique_ptr digest(new uint8_t[EVP_MD_size(test->md.func())]); --// unsigned digest_len; --// ASSERT_TRUE(EVP_DigestFinal_ex(ctx.get(), digest.get(), &digest_len)); --// CompareDigest(test, digest.get(), digest_len); -- --// // Test the input one character at a time. --// ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), nullptr)); --// ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), nullptr, 0)); --// for (size_t i = 0; i < test->repeat; i++) { --// for (const char *p = test->input; *p; p++) { --// ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), p, 1)); --// } --// } --// ASSERT_TRUE(EVP_DigestFinal_ex(ctx.get(), digest.get(), &digest_len)); --// EXPECT_EQ(EVP_MD_size(test->md.func()), digest_len); --// CompareDigest(test, digest.get(), digest_len); -- --// // Test with unaligned input. --// ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), nullptr)); --// std::vector unaligned(strlen(test->input) + 1); --// char *ptr = unaligned.data(); --// if ((reinterpret_cast(ptr) & 1) == 0) { --// ptr++; --// } --// OPENSSL_memcpy(ptr, test->input, strlen(test->input)); --// for (size_t i = 0; i < test->repeat; i++) { --// ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), ptr, strlen(test->input))); --// } --// ASSERT_TRUE(EVP_DigestFinal_ex(ctx.get(), digest.get(), &digest_len)); --// CompareDigest(test, digest.get(), digest_len); -- --// // Make a copy of the digest in the initial state. --// ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), nullptr)); --// bssl::ScopedEVP_MD_CTX copy; --// ASSERT_TRUE(EVP_MD_CTX_copy_ex(copy.get(), ctx.get())); --// for (size_t i = 0; i < test->repeat; i++) { --// ASSERT_TRUE(EVP_DigestUpdate(copy.get(), test->input, strlen(test->input))); --// } --// ASSERT_TRUE(EVP_DigestFinal_ex(copy.get(), digest.get(), &digest_len)); --// CompareDigest(test, digest.get(), digest_len); -- --// // Make a copy of the digest with half the input provided. --// size_t half = strlen(test->input) / 2; --// ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), test->input, half)); --// ASSERT_TRUE(EVP_MD_CTX_copy_ex(copy.get(), ctx.get())); --// ASSERT_TRUE(EVP_DigestUpdate(copy.get(), test->input + half, --// strlen(test->input) - half)); --// for (size_t i = 1; i < test->repeat; i++) { --// ASSERT_TRUE(EVP_DigestUpdate(copy.get(), test->input, strlen(test->input))); --// } --// ASSERT_TRUE(EVP_DigestFinal_ex(copy.get(), digest.get(), &digest_len)); --// CompareDigest(test, digest.get(), digest_len); -- --// // Move the digest from the initial state. --// ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), nullptr)); --// copy = std::move(ctx); --// for (size_t i = 0; i < test->repeat; i++) { --// ASSERT_TRUE(EVP_DigestUpdate(copy.get(), test->input, strlen(test->input))); --// } --// ASSERT_TRUE(EVP_DigestFinal_ex(copy.get(), digest.get(), &digest_len)); --// CompareDigest(test, digest.get(), digest_len); -- --// // Move the digest with half the input provided. --// ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), nullptr)); --// ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), test->input, half)); --// copy = std::move(ctx); --// ASSERT_TRUE(EVP_DigestUpdate(copy.get(), test->input + half, --// strlen(test->input) - half)); --// for (size_t i = 1; i < test->repeat; i++) { --// ASSERT_TRUE(EVP_DigestUpdate(copy.get(), test->input, strlen(test->input))); --// } --// ASSERT_TRUE(EVP_DigestFinal_ex(copy.get(), digest.get(), &digest_len)); --// CompareDigest(test, digest.get(), digest_len); -- --// // Test the one-shot function. --// if (test->md.one_shot_func && test->repeat == 1) { --// uint8_t *out = test->md.one_shot_func((const uint8_t *)test->input, --// strlen(test->input), digest.get()); --// // One-shot functions return their supplied buffers. --// EXPECT_EQ(digest.get(), out); --// CompareDigest(test, digest.get(), EVP_MD_size(test->md.func())); --// } --// } -- --// TEST(DigestTest, TestVectors) { --// for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kTestVectors); i++) { --// SCOPED_TRACE(i); --// TestDigest(&kTestVectors[i]); --// } --// } -- --// TEST(DigestTest, Getters) { --// EXPECT_EQ(EVP_sha512(), EVP_get_digestbyname("RSA-SHA512")); --// EXPECT_EQ(EVP_sha512(), EVP_get_digestbyname("sha512WithRSAEncryption")); --// EXPECT_EQ(nullptr, EVP_get_digestbyname("nonsense")); --// EXPECT_EQ(EVP_sha512(), EVP_get_digestbyname("SHA512")); --// EXPECT_EQ(EVP_sha512(), EVP_get_digestbyname("sha512")); -- --// EXPECT_EQ(EVP_sha512(), EVP_get_digestbynid(NID_sha512)); --// EXPECT_EQ(nullptr, EVP_get_digestbynid(NID_sha512WithRSAEncryption)); --// EXPECT_EQ(nullptr, EVP_get_digestbynid(NID_undef)); -- --// bssl::UniquePtr obj(OBJ_txt2obj("1.3.14.3.2.26", 0)); --// ASSERT_TRUE(obj); --// EXPECT_EQ(EVP_sha1(), EVP_get_digestbyobj(obj.get())); --// EXPECT_EQ(EVP_md5_sha1(), EVP_get_digestbyobj(OBJ_nid2obj(NID_md5_sha1))); --// EXPECT_EQ(EVP_sha1(), EVP_get_digestbyobj(OBJ_nid2obj(NID_sha1))); --// } -- --// TEST(DigestTest, ASN1) { --// bssl::ScopedCBB cbb; --// ASSERT_TRUE(CBB_init(cbb.get(), 0)); --// EXPECT_FALSE(EVP_marshal_digest_algorithm(cbb.get(), EVP_md5_sha1())); -- --// static const uint8_t kSHA256[] = {0x30, 0x0d, 0x06, 0x09, 0x60, --// 0x86, 0x48, 0x01, 0x65, 0x03, --// 0x04, 0x02, 0x01, 0x05, 0x00}; --// static const uint8_t kSHA256NoParam[] = {0x30, 0x0b, 0x06, 0x09, 0x60, --// 0x86, 0x48, 0x01, 0x65, 0x03, --// 0x04, 0x02, 0x01}; --// static const uint8_t kSHA256GarbageParam[] = { --// 0x30, 0x0e, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, --// 0x65, 0x03, 0x04, 0x02, 0x01, 0x02, 0x01, 0x2a}; -- --// // Serialize SHA-256. --// cbb.Reset(); --// ASSERT_TRUE(CBB_init(cbb.get(), 0)); --// ASSERT_TRUE(EVP_marshal_digest_algorithm(cbb.get(), EVP_sha256())); --// uint8_t *der; --// size_t der_len; --// ASSERT_TRUE(CBB_finish(cbb.get(), &der, &der_len)); --// bssl::UniquePtr free_der(der); --// EXPECT_EQ(Bytes(kSHA256), Bytes(der, der_len)); -- --// // Parse SHA-256. --// CBS cbs; --// CBS_init(&cbs, kSHA256, sizeof(kSHA256)); --// EXPECT_EQ(EVP_sha256(), EVP_parse_digest_algorithm(&cbs)); --// EXPECT_EQ(0u, CBS_len(&cbs)); -- --// // Missing parameters are tolerated for compatibility. --// CBS_init(&cbs, kSHA256NoParam, sizeof(kSHA256NoParam)); --// EXPECT_EQ(EVP_sha256(), EVP_parse_digest_algorithm(&cbs)); --// EXPECT_EQ(0u, CBS_len(&cbs)); -- --// // Garbage parameters are not. --// CBS_init(&cbs, kSHA256GarbageParam, sizeof(kSHA256GarbageParam)); --// EXPECT_FALSE(EVP_parse_digest_algorithm(&cbs)); --// } -- --// TEST(DigestTest, TransformBlocks) { --// uint8_t blocks[SHA256_CBLOCK * 10]; --// for (size_t i = 0; i < sizeof(blocks); i++) { --// blocks[i] = i*3; --// } -- --// SHA256_CTX ctx1; --// SHA256_Init(&ctx1); --// SHA256_Update(&ctx1, blocks, sizeof(blocks)); -- --// SHA256_CTX ctx2; --// SHA256_Init(&ctx2); --// SHA256_TransformBlocks(ctx2.h, blocks, sizeof(blocks) / SHA256_CBLOCK); -- --// EXPECT_TRUE(0 == OPENSSL_memcmp(ctx1.h, ctx2.h, sizeof(ctx1.h))); --// } -+struct DigestTestVector { -+ // md is the digest to test. -+ const MD &md; -+ // input is a NUL-terminated string to hash. -+ const char *input; -+ // repeat is the number of times to repeat input. -+ size_t repeat; -+ // expected_hex is the expected digest in hexadecimal. -+ const char *expected_hex; -+}; -+ -+static const DigestTestVector kTestVectors[] = { -+ // MD4 tests, from RFC 1320. (crypto/md4 does not provide a -+ // one-shot MD4 function.) -+ {md4, "", 1, "31d6cfe0d16ae931b73c59d7e0c089c0"}, -+ {md4, "a", 1, "bde52cb31de33e46245e05fbdbd6fb24"}, -+ {md4, "abc", 1, "a448017aaf21d8525fc10ae87aa6729d"}, -+ {md4, "message digest", 1, "d9130a8164549fe818874806e1c7014b"}, -+ {md4, "abcdefghijklmnopqrstuvwxyz", 1, "d79e1c308aa5bbcdeea8ed63df412da9"}, -+ {md4, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 1, -+ "043f8582f241db351ce627e153e7f0e4"}, -+ {md4, "1234567890", 8, "e33b4ddc9c38f2199c3e7b164fcc0536"}, -+ -+ // MD5 tests, from RFC 1321. -+ {md5, "", 1, "d41d8cd98f00b204e9800998ecf8427e"}, -+ {md5, "a", 1, "0cc175b9c0f1b6a831c399e269772661"}, -+ {md5, "abc", 1, "900150983cd24fb0d6963f7d28e17f72"}, -+ {md5, "message digest", 1, "f96b697d7cb7938d525a2f31aaf161d0"}, -+ {md5, "abcdefghijklmnopqrstuvwxyz", 1, "c3fcd3d76192e4007dfb496cca67e13b"}, -+ {md5, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 1, -+ "d174ab98d277d9f5a5611c2c9f419d9f"}, -+ {md5, "1234567890", 8, "57edf4a22be3c955ac49da2e2107b67a"}, -+ -+ // SHA-1 tests, from RFC 3174. -+ {sha1, "abc", 1, "a9993e364706816aba3e25717850c26c9cd0d89d"}, -+ {sha1, "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, -+ "84983e441c3bd26ebaae4aa1f95129e5e54670f1"}, -+ {sha1, "a", 1000000, "34aa973cd4c4daa4f61eeb2bdbad27316534016f"}, -+ {sha1, "0123456701234567012345670123456701234567012345670123456701234567", -+ 10, "dea356a2cddd90c7a7ecedc5ebb563934f460452"}, -+ -+ // SHA-224 tests, from RFC 3874. -+ {sha224, "abc", 1, -+ "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7"}, -+ {sha224, "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, -+ "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525"}, -+ {sha224, "a", 1000000, -+ "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67"}, -+ -+ // SHA-256 tests, from NIST. -+ {sha256, "abc", 1, -+ "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"}, -+ {sha256, "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, -+ "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1"}, -+ -+ // SHA-384 tests, from NIST. -+ {sha384, "abc", 1, -+ "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed" -+ "8086072ba1e7cc2358baeca134c825a7"}, -+ {sha384, -+ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" -+ "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", -+ 1, -+ "09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712" -+ "fcc7c71a557e2db966c3e9fa91746039"}, -+ -+ // SHA-512 tests, from NIST. -+ {sha512, "abc", 1, -+ "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a" -+ "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f"}, -+ {sha512, -+ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" -+ "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", -+ 1, -+ "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018" -+ "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909"}, -+ -+ // SHA-512-256 tests, from -+ // https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/examples/sha512_256.pdf -+ // {sha512_256, "abc", 1, -+ // "53048e2681941ef99b2e29b76b4c7dabe4c2d0c634fc6d46e0e2f13107e7af23"}, -+ // {sha512_256, -+ // "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopj" -+ // "klmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", -+ // 1, "3928e184fb8690f840da3988121d31be65cb9d3ef83ee6146feac861e19b563a"}, -+ -+ // MD5-SHA1 tests. -+ {md5_sha1, "abc", 1, -+ "900150983cd24fb0d6963f7d28e17f72a9993e364706816aba3e25717850c26c9cd0d89d"}, -+ -+ // BLAKE2b-256 tests. -+ // {blake2b256, "abc", 1, -+ // "bddd813c634239723171ef3fee98579b94964e3bb1cb3e427262c8c068d52319"}, -+}; -+ -+static void CompareDigest(const DigestTestVector *test, -+ const uint8_t *digest, -+ size_t digest_len) { -+ EXPECT_EQ(test->expected_hex, -+ EncodeHex(bssl::MakeConstSpan(digest, digest_len))); -+} -+ -+static void TestDigest(const DigestTestVector *test) { -+ bssl::ScopedEVP_MD_CTX ctx; -+ -+ // Test the input provided. -+ ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), nullptr)); -+ for (size_t i = 0; i < test->repeat; i++) { -+ ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), test->input, strlen(test->input))); -+ } -+ std::unique_ptr digest(new uint8_t[EVP_MD_size(test->md.func())]); -+ unsigned digest_len; -+ ASSERT_TRUE(EVP_DigestFinal_ex(ctx.get(), digest.get(), &digest_len)); -+ CompareDigest(test, digest.get(), digest_len); -+ -+ // Test the input one character at a time. -+ ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), nullptr)); -+ ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), nullptr, 0)); -+ for (size_t i = 0; i < test->repeat; i++) { -+ for (const char *p = test->input; *p; p++) { -+ ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), p, 1)); -+ } -+ } -+ ASSERT_TRUE(EVP_DigestFinal_ex(ctx.get(), digest.get(), &digest_len)); -+ EXPECT_EQ(EVP_MD_size(test->md.func()), digest_len); -+ CompareDigest(test, digest.get(), digest_len); -+ -+ // Test with unaligned input. -+ ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), nullptr)); -+ std::vector unaligned(strlen(test->input) + 1); -+ char *ptr = unaligned.data(); -+ if ((reinterpret_cast(ptr) & 1) == 0) { -+ ptr++; -+ } -+ OPENSSL_memcpy(ptr, test->input, strlen(test->input)); -+ for (size_t i = 0; i < test->repeat; i++) { -+ ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), ptr, strlen(test->input))); -+ } -+ ASSERT_TRUE(EVP_DigestFinal_ex(ctx.get(), digest.get(), &digest_len)); -+ CompareDigest(test, digest.get(), digest_len); -+ -+ // Make a copy of the digest in the initial state. -+ ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), nullptr)); -+ bssl::ScopedEVP_MD_CTX copy; -+ ASSERT_TRUE(EVP_MD_CTX_copy_ex(copy.get(), ctx.get())); -+ for (size_t i = 0; i < test->repeat; i++) { -+ ASSERT_TRUE(EVP_DigestUpdate(copy.get(), test->input, strlen(test->input))); -+ } -+ ASSERT_TRUE(EVP_DigestFinal_ex(copy.get(), digest.get(), &digest_len)); -+ CompareDigest(test, digest.get(), digest_len); -+ -+ // Make a copy of the digest with half the input provided. -+ size_t half = strlen(test->input) / 2; -+ ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), test->input, half)); -+ ASSERT_TRUE(EVP_MD_CTX_copy_ex(copy.get(), ctx.get())); -+ ASSERT_TRUE(EVP_DigestUpdate(copy.get(), test->input + half, -+ strlen(test->input) - half)); -+ for (size_t i = 1; i < test->repeat; i++) { -+ ASSERT_TRUE(EVP_DigestUpdate(copy.get(), test->input, strlen(test->input))); -+ } -+ ASSERT_TRUE(EVP_DigestFinal_ex(copy.get(), digest.get(), &digest_len)); -+ CompareDigest(test, digest.get(), digest_len); -+ -+ // Move the digest from the initial state. -+ ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), nullptr)); -+ copy = std::move(ctx); -+ for (size_t i = 0; i < test->repeat; i++) { -+ ASSERT_TRUE(EVP_DigestUpdate(copy.get(), test->input, strlen(test->input))); -+ } -+ ASSERT_TRUE(EVP_DigestFinal_ex(copy.get(), digest.get(), &digest_len)); -+ CompareDigest(test, digest.get(), digest_len); -+ -+ // Move the digest with half the input provided. -+ ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), nullptr)); -+ ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), test->input, half)); -+ copy = std::move(ctx); -+ ASSERT_TRUE(EVP_DigestUpdate(copy.get(), test->input + half, -+ strlen(test->input) - half)); -+ for (size_t i = 1; i < test->repeat; i++) { -+ ASSERT_TRUE(EVP_DigestUpdate(copy.get(), test->input, strlen(test->input))); -+ } -+ ASSERT_TRUE(EVP_DigestFinal_ex(copy.get(), digest.get(), &digest_len)); -+ CompareDigest(test, digest.get(), digest_len); -+ -+ // Test the one-shot function. -+ if (test->md.one_shot_func && test->repeat == 1) { -+ uint8_t *out = test->md.one_shot_func((const uint8_t *)test->input, -+ strlen(test->input), digest.get()); -+ // One-shot functions return their supplied buffers. -+ EXPECT_EQ(digest.get(), out); -+ CompareDigest(test, digest.get(), EVP_MD_size(test->md.func())); -+ } -+} -+ -+TEST(DigestTest, TestVectors) { -+ for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kTestVectors); i++) { -+ SCOPED_TRACE(i); -+ TestDigest(&kTestVectors[i]); -+ } -+} -+ -+//TEST(DigestTest, Getters) { -+// EXPECT_EQ(EVP_sha512(), EVP_get_digestbyname("RSA-SHA512")); -+// EXPECT_EQ(EVP_sha512(), EVP_get_digestbyname("sha512WithRSAEncryption")); -+// EXPECT_EQ(nullptr, EVP_get_digestbyname("nonsense")); -+// EXPECT_EQ(EVP_sha512(), EVP_get_digestbyname("SHA512")); -+// EXPECT_EQ(EVP_sha512(), EVP_get_digestbyname("sha512")); -+// -+// EXPECT_EQ(EVP_sha512(), EVP_get_digestbynid(NID_sha512)); -+// EXPECT_EQ(nullptr, EVP_get_digestbynid(NID_sha512WithRSAEncryption)); -+// EXPECT_EQ(nullptr, EVP_get_digestbynid(NID_undef)); -+// -+// bssl::UniquePtr obj(OBJ_txt2obj("1.3.14.3.2.26", 0)); -+// ASSERT_TRUE(obj); -+// EXPECT_EQ(EVP_sha1(), EVP_get_digestbyobj(obj.get())); -+// EXPECT_EQ(EVP_md5_sha1(), EVP_get_digestbyobj(OBJ_nid2obj(NID_md5_sha1))); -+// EXPECT_EQ(EVP_sha1(), EVP_get_digestbyobj(OBJ_nid2obj(NID_sha1))); -+//} -+ -+//TEST(DigestTest, ASN1) { -+// bssl::ScopedCBB cbb; -+// ASSERT_TRUE(CBB_init(cbb.get(), 0)); -+// EXPECT_FALSE(EVP_marshal_digest_algorithm(cbb.get(), EVP_md5_sha1())); -+// -+// static const uint8_t kSHA256[] = {0x30, 0x0d, 0x06, 0x09, 0x60, -+// 0x86, 0x48, 0x01, 0x65, 0x03, -+// 0x04, 0x02, 0x01, 0x05, 0x00}; -+// static const uint8_t kSHA256NoParam[] = {0x30, 0x0b, 0x06, 0x09, 0x60, -+// 0x86, 0x48, 0x01, 0x65, 0x03, -+// 0x04, 0x02, 0x01}; -+// static const uint8_t kSHA256GarbageParam[] = { -+// 0x30, 0x0e, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, -+// 0x65, 0x03, 0x04, 0x02, 0x01, 0x02, 0x01, 0x2a}; -+// -+// // Serialize SHA-256. -+// cbb.Reset(); -+// ASSERT_TRUE(CBB_init(cbb.get(), 0)); -+// ASSERT_TRUE(EVP_marshal_digest_algorithm(cbb.get(), EVP_sha256())); -+// uint8_t *der; -+// size_t der_len; -+// ASSERT_TRUE(CBB_finish(cbb.get(), &der, &der_len)); -+// bssl::UniquePtr free_der(der); -+// EXPECT_EQ(Bytes(kSHA256), Bytes(der, der_len)); -+// -+// // Parse SHA-256. -+// CBS cbs; -+// CBS_init(&cbs, kSHA256, sizeof(kSHA256)); -+// EXPECT_EQ(EVP_sha256(), EVP_parse_digest_algorithm(&cbs)); -+// EXPECT_EQ(0u, CBS_len(&cbs)); -+// -+// // Missing parameters are tolerated for compatibility. -+// CBS_init(&cbs, kSHA256NoParam, sizeof(kSHA256NoParam)); -+// EXPECT_EQ(EVP_sha256(), EVP_parse_digest_algorithm(&cbs)); -+// EXPECT_EQ(0u, CBS_len(&cbs)); -+// -+// // Garbage parameters are not. -+// CBS_init(&cbs, kSHA256GarbageParam, sizeof(kSHA256GarbageParam)); -+// EXPECT_FALSE(EVP_parse_digest_algorithm(&cbs)); -+//} -+ -+//TEST(DigestTest, TransformBlocks) { -+// uint8_t blocks[SHA256_CBLOCK * 10]; -+// for (size_t i = 0; i < sizeof(blocks); i++) { -+// blocks[i] = i*3; -+// } -+// -+// SHA256_CTX ctx1; -+// SHA256_Init(&ctx1); -+// SHA256_Update(&ctx1, blocks, sizeof(blocks)); -+// -+// SHA256_CTX ctx2; -+// SHA256_Init(&ctx2); -+// SHA256_TransformBlocks(ctx2.h, blocks, sizeof(blocks) / SHA256_CBLOCK); -+// -+// EXPECT_TRUE(0 == OPENSSL_memcmp(ctx1.h, ctx2.h, sizeof(ctx1.h))); -+//} diff --git a/bssl-compat/patch/source/crypto/digest_extra/digest_test.cc.sh b/bssl-compat/patch/source/crypto/digest_extra/digest_test.cc.sh new file mode 100755 index 0000000000..83b2012334 --- /dev/null +++ b/bssl-compat/patch/source/crypto/digest_extra/digest_test.cc.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" \ + --comment-regex '^static const MD sha512_256' \ + --comment-regex '^static const MD blake2b256' \ + --comment-regex-range '^\s*// SHA-512-256 tests' '^$' \ + --comment-regex-range '^\s*// BLAKE2b-256 tests' '},\s*$' \ + --comment-gtest-func DigestTest Getters \ + --comment-gtest-func DigestTest ASN1 \ + --comment-gtest-func DigestTest TransformBlocks \ diff --git a/bssl-compat/patch/source/crypto/err/err_test.cc.patch b/bssl-compat/patch/source/crypto/err/err_test.cc.patch deleted file mode 100644 index eea0ace1a3..0000000000 --- a/bssl-compat/patch/source/crypto/err/err_test.cc.patch +++ /dev/null @@ -1,157 +0,0 @@ ---- a/source/crypto/err/err_test.cc -+++ b/source/crypto/err/err_test.cc -@@ -12,43 +12,43 @@ - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - --// #include --// #include -+#include -+#include - --// #include -+#include - --// #include --// #include --// #include -+#include -+#include -+#include - - // #include "./internal.h" - --// #if defined(OPENSSL_WINDOWS) --// OPENSSL_MSVC_PRAGMA(warning(push, 3)) --// #include --// OPENSSL_MSVC_PRAGMA(warning(pop)) --// #else --// #include --// #endif -+#if defined(OPENSSL_WINDOWS) -+OPENSSL_MSVC_PRAGMA(warning(push, 3)) -+#include -+OPENSSL_MSVC_PRAGMA(warning(pop)) -+#else -+#include -+#endif -+ -+ -+TEST(ErrTest, Overflow) { -+ for (unsigned i = 0; i < ERR_NUM_ERRORS*2; i++) { -+ ERR_put_error(1, 0 /* unused */, i+1, "test", 1); -+ } -+ -+ for (unsigned i = 0; i < ERR_NUM_ERRORS - 1; i++) { -+ SCOPED_TRACE(i); -+ uint32_t err = ERR_get_error(); -+ // Errors are returned in order they were pushed, with the least recent ones -+ // removed, up to |ERR_NUM_ERRORS - 1| errors. So the errors returned are -+ // |ERR_NUM_ERRORS + 2| through |ERR_NUM_ERRORS * 2|, inclusive. -+ EXPECT_NE(0u, err); -+ EXPECT_EQ(static_cast(i + ERR_NUM_ERRORS + 2), ERR_GET_REASON(err)); -+ } - -- --// TEST(ErrTest, Overflow) { --// for (unsigned i = 0; i < ERR_NUM_ERRORS*2; i++) { --// ERR_put_error(1, 0 /* unused */, i+1, "test", 1); --// } -- --// for (unsigned i = 0; i < ERR_NUM_ERRORS - 1; i++) { --// SCOPED_TRACE(i); --// uint32_t err = ERR_get_error(); --// // Errors are returned in order they were pushed, with the least recent ones --// // removed, up to |ERR_NUM_ERRORS - 1| errors. So the errors returned are --// // |ERR_NUM_ERRORS + 2| through |ERR_NUM_ERRORS * 2|, inclusive. --// EXPECT_NE(0u, err); --// EXPECT_EQ(static_cast(i + ERR_NUM_ERRORS + 2), ERR_GET_REASON(err)); --// } -- --// EXPECT_EQ(0u, ERR_get_error()); --// } -+ EXPECT_EQ(0u, ERR_get_error()); -+} - - // TEST(ErrTest, PutError) { - // ASSERT_EQ(0u, ERR_get_error()) -@@ -88,16 +88,16 @@ - // EXPECT_STREQ("testing", data); - // } - --// TEST(ErrTest, ClearError) { --// ASSERT_EQ(0u, ERR_get_error()) --// << "ERR_get_error returned value before an error was added."; -- --// ERR_put_error(1, 0 /* unused */, 2, "test", 4); --// ERR_clear_error(); -- --// // The error queue should be cleared. --// EXPECT_EQ(0u, ERR_get_error()); --// } -+TEST(ErrTest, ClearError) { -+ ASSERT_EQ(0u, ERR_get_error()) -+ << "ERR_get_error returned value before an error was added."; -+ -+ ERR_put_error(1, 0 /* unused */, 2, "test", 4); -+ ERR_clear_error(); -+ -+ // The error queue should be cleared. -+ EXPECT_EQ(0u, ERR_get_error()); -+} - - // TEST(ErrTest, Print) { - // ERR_put_error(1, 0 /* unused */, 2, "test", 4); -@@ -233,19 +233,19 @@ - // } - - // Querying the error queue should not affect the OS error. --// #if defined(OPENSSL_WINDOWS) --// TEST(ErrTest, PreservesLastError) { --// SetLastError(ERROR_INVALID_FUNCTION); --// ERR_get_error(); --// EXPECT_EQ(static_cast(ERROR_INVALID_FUNCTION), GetLastError()); --// } --// #else --// TEST(ErrTest, PreservesErrno) { --// errno = EINVAL; --// ERR_get_error(); --// EXPECT_EQ(EINVAL, errno); --// } --// #endif -+#if defined(OPENSSL_WINDOWS) -+TEST(ErrTest, PreservesLastError) { -+ SetLastError(ERROR_INVALID_FUNCTION); -+ ERR_get_error(); -+ EXPECT_EQ(static_cast(ERROR_INVALID_FUNCTION), GetLastError()); -+} -+#else -+TEST(ErrTest, PreservesErrno) { -+ errno = EINVAL; -+ ERR_get_error(); -+ EXPECT_EQ(EINVAL, errno); -+} -+#endif - - // TEST(ErrTest, String) { - // char buf[128]; -@@ -296,11 +296,11 @@ - // } - - // Error-printing functions should return something with unknown errors. --// TEST(ErrTest, UnknownError) { --// uint32_t err = ERR_PACK(0xff, 0xfff); --// EXPECT_TRUE(ERR_lib_error_string(err)); --// EXPECT_TRUE(ERR_reason_error_string(err)); --// char buf[128]; --// ERR_error_string_n(err, buf, sizeof(buf)); --// EXPECT_NE(0u, strlen(buf)); --// } -+TEST(ErrTest, UnknownError) { -+ uint32_t err = ERR_PACK(0xff, 0xfff); -+ EXPECT_TRUE(ERR_lib_error_string(err)); -+ EXPECT_TRUE(ERR_reason_error_string(err)); -+ char buf[128]; -+ ERR_error_string_n(err, buf, sizeof(buf)); -+ EXPECT_NE(0u, strlen(buf)); -+} diff --git a/bssl-compat/patch/source/crypto/err/err_test.cc.sh b/bssl-compat/patch/source/crypto/err/err_test.cc.sh new file mode 100755 index 0000000000..9c2838f041 --- /dev/null +++ b/bssl-compat/patch/source/crypto/err/err_test.cc.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment \ + --uncomment-regex '#include' \ + --comment-regex '#include\s*"./internal.h"' \ + --uncomment-regex-range '#if defined(OPENSSL_WINDOWS)' '#endif' \ + --uncomment-gtest-func ErrTest Overflow \ + --uncomment-gtest-func ErrTest ClearError \ + --uncomment-gtest-func ErrTest PreservesErrno \ + --uncomment-gtest-func ErrTest UnknownError \ \ No newline at end of file diff --git a/bssl-compat/patch/source/crypto/hmac_extra/hmac_test.cc.patch b/bssl-compat/patch/source/crypto/hmac_extra/hmac_test.cc.patch deleted file mode 100644 index bbdf52d8f8..0000000000 --- a/bssl-compat/patch/source/crypto/hmac_extra/hmac_test.cc.patch +++ /dev/null @@ -1,153 +0,0 @@ ---- a/source/crypto/hmac_extra/hmac_test.cc -+++ b/source/crypto/hmac_extra/hmac_test.cc -@@ -54,81 +54,81 @@ - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - --// #include --// #include --// #include -+#include -+#include -+#include - --// #include -+#include - --// #include --// #include -+#include -+#include - --// #include "../test/file_test.h" --// #include "../test/test_util.h" -+#include "../test/file_test.h" -+#include "../test/test_util.h" - // #include "../test/wycheproof_util.h" - - --// static const EVP_MD *GetDigest(const std::string &name) { --// if (name == "MD5") { --// return EVP_md5(); --// } else if (name == "SHA1") { --// return EVP_sha1(); --// } else if (name == "SHA224") { --// return EVP_sha224(); --// } else if (name == "SHA256") { --// return EVP_sha256(); --// } else if (name == "SHA384") { --// return EVP_sha384(); --// } else if (name == "SHA512") { --// return EVP_sha512(); --// } --// return nullptr; --// } -- --// TEST(HMACTest, TestVectors) { --// FileTestGTest("crypto/hmac_extra/hmac_tests.txt", [](FileTest *t) { --// std::string digest_str; --// ASSERT_TRUE(t->GetAttribute(&digest_str, "HMAC")); --// const EVP_MD *digest = GetDigest(digest_str); --// ASSERT_TRUE(digest) << "Unknown digest: " << digest_str; -- --// std::vector key, input, output; --// ASSERT_TRUE(t->GetBytes(&key, "Key")); --// ASSERT_TRUE(t->GetBytes(&input, "Input")); --// ASSERT_TRUE(t->GetBytes(&output, "Output")); --// ASSERT_EQ(EVP_MD_size(digest), output.size()); -- --// // Test using the one-shot API. --// unsigned expected_mac_len = EVP_MD_size(digest); --// std::unique_ptr mac(new uint8_t[expected_mac_len]); --// unsigned mac_len; --// ASSERT_TRUE(HMAC(digest, key.data(), key.size(), input.data(), input.size(), --// mac.get(), &mac_len)); --// EXPECT_EQ(Bytes(output), Bytes(mac.get(), mac_len)); -- --// // Test using HMAC_CTX. --// bssl::ScopedHMAC_CTX ctx; --// ASSERT_TRUE( --// HMAC_Init_ex(ctx.get(), key.data(), key.size(), digest, nullptr)); --// ASSERT_TRUE(HMAC_Update(ctx.get(), input.data(), input.size())); --// ASSERT_TRUE(HMAC_Final(ctx.get(), mac.get(), &mac_len)); --// EXPECT_EQ(Bytes(output), Bytes(mac.get(), mac_len)); -- --// // Test that an HMAC_CTX may be reset with the same key. --// ASSERT_TRUE(HMAC_Init_ex(ctx.get(), nullptr, 0, digest, nullptr)); --// ASSERT_TRUE(HMAC_Update(ctx.get(), input.data(), input.size())); --// ASSERT_TRUE(HMAC_Final(ctx.get(), mac.get(), &mac_len)); --// EXPECT_EQ(Bytes(output), Bytes(mac.get(), mac_len)); -- --// // Test feeding the input in byte by byte. --// ASSERT_TRUE(HMAC_Init_ex(ctx.get(), nullptr, 0, nullptr, nullptr)); --// for (size_t i = 0; i < input.size(); i++) { --// ASSERT_TRUE(HMAC_Update(ctx.get(), &input[i], 1)); --// } --// ASSERT_TRUE(HMAC_Final(ctx.get(), mac.get(), &mac_len)); --// EXPECT_EQ(Bytes(output), Bytes(mac.get(), mac_len)); --// }); --// } -+static const EVP_MD *GetDigest(const std::string &name) { -+ if (name == "MD5") { -+ return EVP_md5(); -+ } else if (name == "SHA1") { -+ return EVP_sha1(); -+ } else if (name == "SHA224") { -+ return EVP_sha224(); -+ } else if (name == "SHA256") { -+ return EVP_sha256(); -+ } else if (name == "SHA384") { -+ return EVP_sha384(); -+ } else if (name == "SHA512") { -+ return EVP_sha512(); -+ } -+ return nullptr; -+} -+ -+TEST(HMACTest, TestVectors) { -+ FileTestGTest("crypto/hmac_extra/hmac_tests.txt", [](FileTest *t) { -+ std::string digest_str; -+ ASSERT_TRUE(t->GetAttribute(&digest_str, "HMAC")); -+ const EVP_MD *digest = GetDigest(digest_str); -+ ASSERT_TRUE(digest) << "Unknown digest: " << digest_str; -+ -+ std::vector key, input, output; -+ ASSERT_TRUE(t->GetBytes(&key, "Key")); -+ ASSERT_TRUE(t->GetBytes(&input, "Input")); -+ ASSERT_TRUE(t->GetBytes(&output, "Output")); -+ ASSERT_EQ(EVP_MD_size(digest), output.size()); -+ -+ // Test using the one-shot API. -+ unsigned expected_mac_len = EVP_MD_size(digest); -+ std::unique_ptr mac(new uint8_t[expected_mac_len]); -+ unsigned mac_len; -+ ASSERT_TRUE(HMAC(digest, key.data(), key.size(), input.data(), input.size(), -+ mac.get(), &mac_len)); -+ EXPECT_EQ(Bytes(output), Bytes(mac.get(), mac_len)); -+ -+ // Test using HMAC_CTX. -+ bssl::ScopedHMAC_CTX ctx; -+ ASSERT_TRUE( -+ HMAC_Init_ex(ctx.get(), key.data(), key.size(), digest, nullptr)); -+ ASSERT_TRUE(HMAC_Update(ctx.get(), input.data(), input.size())); -+ ASSERT_TRUE(HMAC_Final(ctx.get(), mac.get(), &mac_len)); -+ EXPECT_EQ(Bytes(output), Bytes(mac.get(), mac_len)); -+ -+ // Test that an HMAC_CTX may be reset with the same key. -+ ASSERT_TRUE(HMAC_Init_ex(ctx.get(), nullptr, 0, digest, nullptr)); -+ ASSERT_TRUE(HMAC_Update(ctx.get(), input.data(), input.size())); -+ ASSERT_TRUE(HMAC_Final(ctx.get(), mac.get(), &mac_len)); -+ EXPECT_EQ(Bytes(output), Bytes(mac.get(), mac_len)); -+ -+ // Test feeding the input in byte by byte. -+ ASSERT_TRUE(HMAC_Init_ex(ctx.get(), nullptr, 0, nullptr, nullptr)); -+ for (size_t i = 0; i < input.size(); i++) { -+ ASSERT_TRUE(HMAC_Update(ctx.get(), &input[i], 1)); -+ } -+ ASSERT_TRUE(HMAC_Final(ctx.get(), mac.get(), &mac_len)); -+ EXPECT_EQ(Bytes(output), Bytes(mac.get(), mac_len)); -+ }); -+} - - // static void RunWycheproofTest(const char *path, const EVP_MD *md) { - // SCOPED_TRACE(path); diff --git a/bssl-compat/patch/source/crypto/hmac_extra/hmac_test.cc.sh b/bssl-compat/patch/source/crypto/hmac_extra/hmac_test.cc.sh new file mode 100755 index 0000000000..dcad5aa484 --- /dev/null +++ b/bssl-compat/patch/source/crypto/hmac_extra/hmac_test.cc.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment \ + --uncomment-regex '#include' \ + --comment-regex '#include\s*"\.\./test/wycheproof_util\.h"' \ + --uncomment-func-impl GetDigest \ + --uncomment-gtest-func HMACTest TestVectors \ No newline at end of file diff --git a/bssl-compat/patch/source/crypto/internal.h.patch b/bssl-compat/patch/source/crypto/internal.h.patch deleted file mode 100644 index 25d0e5390b..0000000000 --- a/bssl-compat/patch/source/crypto/internal.h.patch +++ /dev/null @@ -1,286 +0,0 @@ ---- a/source/crypto/internal.h -+++ b/source/crypto/internal.h -@@ -106,124 +106,124 @@ - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). */ - --// #ifndef OPENSSL_HEADER_CRYPTO_INTERNAL_H --// #define OPENSSL_HEADER_CRYPTO_INTERNAL_H -+#ifndef OPENSSL_HEADER_CRYPTO_INTERNAL_H -+#define OPENSSL_HEADER_CRYPTO_INTERNAL_H - --// #include --// #include --// #include --// #include -+#include -+#include -+#include -+#include -+ -+#include -+#include -+ -+#if defined(BORINGSSL_CONSTANT_TIME_VALIDATION) -+#include -+#endif -+ -+#if defined(BORINGSSL_FIPS_BREAK_TESTS) -+#include -+#endif -+ -+#if !defined(__cplusplus) -+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L -+#include -+#elif defined(_MSC_VER) && !defined(__clang__) -+#define alignas(x) __declspec(align(x)) -+#define alignof __alignof -+#else -+With the exception of MSVC, we require C11 to build the library. C11 is a -+prerequisite for improved refcounting performance. All our supported C -+compilers have long implemented C11 and made it default. The most likely -+cause of pre-C11 modes is stale -std=c99 or -std=gnu99 flags in build -+configuration. Such flags can be removed. -+ -+TODO(davidben): In MSVC 2019 16.8 or higher (_MSC_VER >= 1928), -+|__STDC_VERSION__| will be 201112 when passed /std:c11 and unset otherwise. -+C11 alignas and alignof are only implemented in C11 mode. Can we mandate C11 -+mode for those versions? -+#error "BoringSSL must be built in C11 mode or higher." -+#endif -+#endif -+ -+#if defined(OPENSSL_THREADS) && \ -+ (!defined(OPENSSL_WINDOWS) || defined(__MINGW32__)) -+#include -+#define OPENSSL_PTHREADS -+#endif -+ -+#if defined(OPENSSL_THREADS) && !defined(OPENSSL_PTHREADS) && \ -+ defined(OPENSSL_WINDOWS) -+#define OPENSSL_WINDOWS_THREADS -+OPENSSL_MSVC_PRAGMA(warning(push, 3)) -+#include -+OPENSSL_MSVC_PRAGMA(warning(pop)) -+#endif -+ -+#if defined(__cplusplus) -+extern "C" { -+#endif - --// #include --// #include - --// #if defined(BORINGSSL_CONSTANT_TIME_VALIDATION) --// #include --// #endif -- --// #if defined(BORINGSSL_FIPS_BREAK_TESTS) --// #include --// #endif -- --// #if !defined(__cplusplus) --// #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L --// #include --// #elif defined(_MSC_VER) && !defined(__clang__) --// #define alignas(x) __declspec(align(x)) --// #define alignof __alignof --// #else --// With the exception of MSVC, we require C11 to build the library. C11 is a --// prerequisite for improved refcounting performance. All our supported C --// compilers have long implemented C11 and made it default. The most likely --// cause of pre-C11 modes is stale -std=c99 or -std=gnu99 flags in build --// configuration. Such flags can be removed. --// --// TODO(davidben): In MSVC 2019 16.8 or higher (_MSC_VER >= 1928), --// |__STDC_VERSION__| will be 201112 when passed /std:c11 and unset otherwise. --// C11 alignas and alignof are only implemented in C11 mode. Can we mandate C11 --// mode for those versions? --// #error "BoringSSL must be built in C11 mode or higher." --// #endif --// #endif -- --// #if defined(OPENSSL_THREADS) && \ --// (!defined(OPENSSL_WINDOWS) || defined(__MINGW32__)) --// #include --// #define OPENSSL_PTHREADS --// #endif -- --// #if defined(OPENSSL_THREADS) && !defined(OPENSSL_PTHREADS) && \ --// defined(OPENSSL_WINDOWS) --// #define OPENSSL_WINDOWS_THREADS --// OPENSSL_MSVC_PRAGMA(warning(push, 3)) --// #include --// OPENSSL_MSVC_PRAGMA(warning(pop)) --// #endif -- --// #if defined(__cplusplus) --// extern "C" { --// #endif -- -- --// #if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || defined(OPENSSL_ARM) || \ --// defined(OPENSSL_AARCH64) || defined(OPENSSL_PPC64LE) -+#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || defined(OPENSSL_ARM) || \ -+ defined(OPENSSL_AARCH64) || defined(OPENSSL_PPC64LE) - // OPENSSL_cpuid_setup initializes the platform-specific feature cache. --// void OPENSSL_cpuid_setup(void); --// #endif -+void OPENSSL_cpuid_setup(void); -+#endif - --// #if (defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) && \ --// !defined(OPENSSL_STATIC_ARMCAP) -+#if (defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) && \ -+ !defined(OPENSSL_STATIC_ARMCAP) - // OPENSSL_get_armcap_pointer_for_test returns a pointer to |OPENSSL_armcap_P| - // for unit tests. Any modifications to the value must be made after - // |CRYPTO_library_init| but before any other function call in BoringSSL. --// OPENSSL_EXPORT uint32_t *OPENSSL_get_armcap_pointer_for_test(void); --// #endif -+OPENSSL_EXPORT uint32_t *OPENSSL_get_armcap_pointer_for_test(void); -+#endif - - --// #if (!defined(_MSC_VER) || defined(__clang__)) && defined(OPENSSL_64_BIT) --// #define BORINGSSL_HAS_UINT128 --// typedef __int128_t int128_t; --// typedef __uint128_t uint128_t; -+#if (!defined(_MSC_VER) || defined(__clang__)) && defined(OPENSSL_64_BIT) -+#define BORINGSSL_HAS_UINT128 -+typedef __int128_t int128_t; -+typedef __uint128_t uint128_t; - - // clang-cl supports __uint128_t but modulus and division don't work. - // https://crbug.com/787617. --// #if !defined(_MSC_VER) || !defined(__clang__) --// #define BORINGSSL_CAN_DIVIDE_UINT128 --// #endif --// #endif -+#if !defined(_MSC_VER) || !defined(__clang__) -+#define BORINGSSL_CAN_DIVIDE_UINT128 -+#endif -+#endif - --// #define OPENSSL_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0])) -+#define OPENSSL_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0])) - - // Have a generic fall-through for different versions of C/C++. --// #if defined(__cplusplus) && __cplusplus >= 201703L --// #define OPENSSL_FALLTHROUGH [[fallthrough]] --// #elif defined(__cplusplus) && __cplusplus >= 201103L && defined(__clang__) --// #define OPENSSL_FALLTHROUGH [[clang::fallthrough]] --// #elif defined(__cplusplus) && __cplusplus >= 201103L && defined(__GNUC__) && \ --// __GNUC__ >= 7 --// #define OPENSSL_FALLTHROUGH [[gnu::fallthrough]] --// #elif defined(__GNUC__) && __GNUC__ >= 7 // gcc 7 --// #define OPENSSL_FALLTHROUGH __attribute__ ((fallthrough)) --// #elif defined(__clang__) --// #if __has_attribute(fallthrough) && __clang_major__ >= 5 -+#if defined(__cplusplus) && __cplusplus >= 201703L -+#define OPENSSL_FALLTHROUGH [[fallthrough]] -+#elif defined(__cplusplus) && __cplusplus >= 201103L && defined(__clang__) -+#define OPENSSL_FALLTHROUGH [[clang::fallthrough]] -+#elif defined(__cplusplus) && __cplusplus >= 201103L && defined(__GNUC__) && \ -+ __GNUC__ >= 7 -+#define OPENSSL_FALLTHROUGH [[gnu::fallthrough]] -+#elif defined(__GNUC__) && __GNUC__ >= 7 // gcc 7 -+#define OPENSSL_FALLTHROUGH __attribute__ ((fallthrough)) -+#elif defined(__clang__) -+#if __has_attribute(fallthrough) && __clang_major__ >= 5 - // Clang 3.5, at least, complains about "error: declaration does not declare - // anything", possibily because we put a semicolon after this macro in - // practice. Thus limit it to >= Clang 5, which does work. --// #define OPENSSL_FALLTHROUGH __attribute__ ((fallthrough)) --// #else // clang versions that do not support fallthrough. --// #define OPENSSL_FALLTHROUGH --// #endif --// #else // C++11 on gcc 6, and all other cases --// #define OPENSSL_FALLTHROUGH --// #endif -+#define OPENSSL_FALLTHROUGH __attribute__ ((fallthrough)) -+#else // clang versions that do not support fallthrough. -+#define OPENSSL_FALLTHROUGH -+#endif -+#else // C++11 on gcc 6, and all other cases -+#define OPENSSL_FALLTHROUGH -+#endif - - // For convenience in testing 64-bit generic code, we allow disabling SSE2 - // intrinsics via |OPENSSL_NO_SSE2_FOR_TESTING|. x86_64 always has SSE2 - // available, so we would otherwise need to test such code on a non-x86_64 - // platform. --// #if defined(__SSE2__) && !defined(OPENSSL_NO_SSE2_FOR_TESTING) --// #define OPENSSL_SSE2 --// #endif -+#if defined(__SSE2__) && !defined(OPENSSL_NO_SSE2_FOR_TESTING) -+#define OPENSSL_SSE2 -+#endif - - - // Pointer utility functions. -@@ -833,29 +833,29 @@ - // return memcmp(s1, s2, n); - // } - --// static inline void *OPENSSL_memcpy(void *dst, const void *src, size_t n) { --// if (n == 0) { --// return dst; --// } -+static inline void *OPENSSL_memcpy(void *dst, const void *src, size_t n) { -+ if (n == 0) { -+ return dst; -+ } -+ -+ return memcpy(dst, src, n); -+} -+ -+static inline void *OPENSSL_memmove(void *dst, const void *src, size_t n) { -+ if (n == 0) { -+ return dst; -+ } -+ -+ return memmove(dst, src, n); -+} -+ -+static inline void *OPENSSL_memset(void *dst, int c, size_t n) { -+ if (n == 0) { -+ return dst; -+ } - --// return memcpy(dst, src, n); --// } -- --// static inline void *OPENSSL_memmove(void *dst, const void *src, size_t n) { --// if (n == 0) { --// return dst; --// } -- --// return memmove(dst, src, n); --// } -- --// static inline void *OPENSSL_memset(void *dst, int c, size_t n) { --// if (n == 0) { --// return dst; --// } -- --// return memset(dst, c, n); --// } -+ return memset(dst, c, n); -+} - - - // Loads and stores. -@@ -1276,8 +1276,8 @@ - // #endif // BORINGSSL_DISPATCH_TEST - - --// #if defined(__cplusplus) --// } // extern C --// #endif -+#if defined(__cplusplus) -+} // extern C -+#endif - --// #endif // OPENSSL_HEADER_CRYPTO_INTERNAL_H -+#endif // OPENSSL_HEADER_CRYPTO_INTERNAL_H diff --git a/bssl-compat/patch/source/crypto/internal.h.sh b/bssl-compat/patch/source/crypto/internal.h.sh new file mode 100755 index 0000000000..8adbf579ee --- /dev/null +++ b/bssl-compat/patch/source/crypto/internal.h.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment \ + --uncomment-regex '#\(ifndef\|define\|endif\).*OPENSSL_HEADER_CRYPTO_INTERNAL_H' \ + --uncomment-regex '#include\s* -+#include - --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include - --// #include "../test/test_util.h" -+#include "../test/test_util.h" - - --// std::string GetTestData(const char *path); -+std::string GetTestData(const char *path); - - // kPassword is the password shared by most of the sample PKCS#12 files. --// static const char kPassword[] = "foo"; -+static const char kPassword[] = "foo"; - - // kUnicodePassword is the password for unicode_password.p12 --// static const char kUnicodePassword[] = "Hello, 世界"; -+static const char kUnicodePassword[] = "Hello, 世界"; - --// static bssl::Span StringToBytes(const std::string &str) { --// return bssl::MakeConstSpan(reinterpret_cast(str.data()), --// str.size()); --// } -- --// static void TestImpl(const char *name, bssl::Span der, --// const char *password, --// const char *friendly_name) { --// SCOPED_TRACE(name); --// bssl::UniquePtr certs(sk_X509_new_null()); --// ASSERT_TRUE(certs); -- --// EVP_PKEY *key = nullptr; --// CBS pkcs12 = der; --// ASSERT_TRUE(PKCS12_get_key_and_certs(&key, certs.get(), &pkcs12, password)); --// bssl::UniquePtr delete_key(key); -- --// ASSERT_EQ(1u, sk_X509_num(certs.get())); --// ASSERT_TRUE(key); -- --// int actual_name_len; --// const uint8_t *actual_name = --// X509_alias_get0(sk_X509_value(certs.get(), 0), &actual_name_len); --// if (friendly_name == nullptr) { --// EXPECT_EQ(nullptr, actual_name); --// } else { --// EXPECT_EQ(friendly_name, --// std::string(reinterpret_cast(actual_name), --// static_cast(actual_name_len))); --// } --// } -- --// static void TestCompat(bssl::Span der) { --// bssl::UniquePtr bio(BIO_new_mem_buf(der.data(), der.size())); --// ASSERT_TRUE(bio); -- --// bssl::UniquePtr p12(d2i_PKCS12_bio(bio.get(), nullptr)); --// ASSERT_TRUE(p12); -- --// ASSERT_FALSE(PKCS12_verify_mac(p12.get(), "badpass", 7)); --// ASSERT_TRUE(PKCS12_verify_mac(p12.get(), kPassword, sizeof(kPassword) - 1)); -- --// EVP_PKEY *key = nullptr; --// X509 *cert = nullptr; --// STACK_OF(X509) *ca_certs = nullptr; --// ASSERT_TRUE(PKCS12_parse(p12.get(), kPassword, &key, &cert, &ca_certs)); -- --// bssl::UniquePtr delete_key(key); --// bssl::UniquePtr delete_cert(cert); --// bssl::UniquePtr delete_ca_certs(ca_certs); -- --// ASSERT_TRUE(key); --// ASSERT_TRUE(cert); --// ASSERT_EQ(0u, sk_X509_num(ca_certs)); --// } -- --// TEST(PKCS12Test, TestOpenSSL) { --// // openssl.p12 was generated by OpenSSL with: --// // openssl pkcs12 -export -inkey key.pem -in cacert.pem --// std::string data = GetTestData("crypto/pkcs8/test/openssl.p12"); --// TestImpl("OpenSSL", StringToBytes(data), kPassword, nullptr); --// } -- --// TEST(PKCS12Test, TestNSS) { --// // nss.p12 is the result of importing the OpenSSL example PKCS#12 into Chrome --// // on Linux and then exporting it again. --// std::string data = GetTestData("crypto/pkcs8/test/nss.p12"); --// TestImpl("NSS", StringToBytes(data), kPassword, "Internet Widgits Pty Ltd"); --// } -- --// TEST(PKCS12Test, TestWindows) { --// // windows.p12 is a dummy key and certificate exported from the certificate --// // manager on Windows 7. It has a friendlyName, but only on the key, where we --// // ignore it, and not the certificate. --// std::string data = GetTestData("crypto/pkcs8/test/windows.p12"); --// TestImpl("Windows", StringToBytes(data), kPassword, nullptr); --// } -- --// TEST(PKCS12Test, TestPBES2) { --// // pbes2_sha1.p12 is a PKCS#12 file using PBES2 and HMAC-SHA-1 created with: --// // openssl pkcs12 -export -inkey key.pem -in cert.pem -keypbe AES-128-CBC --// // -certpbe AES-128-CBC --// // --// // This was generated with an older OpenSSL, which used hmacWithSHA1 as the --// // PRF. (There is currently no way to specify the PRF in the pkcs12 command.) --// std::string data = GetTestData("crypto/pkcs8/test/pbes2_sha1.p12"); --// TestImpl("kPBES2WithSHA1", StringToBytes(data), kPassword, nullptr); -- --// // pbes2_sha256.p12 is a PKCS#12 file using PBES2 and HMAC-SHA-256. It was --// // generated in the same way as pbes2_sha1.p12, but using OpenSSL 1.1.1b, --// // which uses hmacWithSHA256 as the PRF. --// data = GetTestData("crypto/pkcs8/test/pbes2_sha256.p12"); --// TestImpl("kPBES2WithSHA256", StringToBytes(data), kPassword, nullptr); --// } -- --// TEST(PKCS12Test, TestNoEncryption) { --// // no_encryption.p12 is a PKCS#12 file with neither the key or certificate is --// // encrypted. It was generated with: --// // --// // openssl pkcs12 -export -inkey ecdsa_p256_key.pem -in ecdsa_p256_cert.pem -keypbe NONE -certpbe NONE -password pass:foo --// std::string data = GetTestData("crypto/pkcs8/test/no_encryption.p12"); --// TestImpl("kNoEncryption", StringToBytes(data), kPassword, nullptr); --// } -- --// TEST(PKCS12Test, TestEmptyPassword) { --// #if defined(BORINGSSL_UNSAFE_FUZZER_MODE) --// return; // The MAC check always passes in fuzzer mode. --// #endif -- --// // Generated with --// // openssl pkcs12 -export -inkey ecdsa_p256_key.pem -in ecdsa_p256_cert.pem -password pass: --// std::string data = GetTestData("crypto/pkcs8/test/empty_password.p12"); --// TestImpl("EmptyPassword (empty password)", StringToBytes(data), "", nullptr); --// TestImpl("EmptyPassword (null password)", StringToBytes(data), nullptr, --// nullptr); --// } -- --// TEST(PKCS12Test, TestNullPassword) { --// #if defined(BORINGSSL_UNSAFE_FUZZER_MODE) --// return; // The MAC check always passes in fuzzer mode. --// #endif -- --// // Generated with --// // openssl pkcs12 -export -inkey ecdsa_p256_key.pem -in ecdsa_p256_cert.pem -password pass: --// // But with OpenSSL patched to pass NULL into PKCS12_create and --// // PKCS12_set_mac. --// std::string data = GetTestData("crypto/pkcs8/test/null_password.p12"); --// TestImpl("NullPassword (empty password)", StringToBytes(data), "", nullptr); --// TestImpl("NullPassword (null password)", StringToBytes(data), nullptr, --// nullptr); --// } -- --// TEST(PKCS12Test, TestUnicode) { --// // Generated with --// // openssl pkcs12 -export -inkey ecdsa_p256_key.pem -in ecdsa_p256_cert.pem -password pass:"Hello, 世界" --// std::string data = GetTestData("crypto/pkcs8/test/unicode_password.p12"); --// TestImpl("Unicode", StringToBytes(data), kUnicodePassword, nullptr); --// } -- --// TEST(PKCS12Test, TestWindowsCompat) { --// std::string data = GetTestData("crypto/pkcs8/test/windows.p12"); --// TestCompat(StringToBytes(data)); --// } -+static bssl::Span StringToBytes(const std::string &str) { -+ return bssl::MakeConstSpan(reinterpret_cast(str.data()), -+ str.size()); -+} -+ -+static void TestImpl(const char *name, bssl::Span der, -+ const char *password, -+ const char *friendly_name) { -+ SCOPED_TRACE(name); -+ bssl::UniquePtr certs(sk_X509_new_null()); -+ ASSERT_TRUE(certs); -+ -+ EVP_PKEY *key = nullptr; -+ CBS pkcs12 = der; -+ ASSERT_TRUE(PKCS12_get_key_and_certs(&key, certs.get(), &pkcs12, password)); -+ bssl::UniquePtr delete_key(key); -+ -+ ASSERT_EQ(1u, sk_X509_num(certs.get())); -+ ASSERT_TRUE(key); -+ -+ int actual_name_len; -+ const uint8_t *actual_name = -+ X509_alias_get0(sk_X509_value(certs.get(), 0), &actual_name_len); -+ if (friendly_name == nullptr) { -+ EXPECT_EQ(nullptr, actual_name); -+ } else { -+ EXPECT_EQ(friendly_name, -+ std::string(reinterpret_cast(actual_name), -+ static_cast(actual_name_len))); -+ } -+} -+ -+static void TestCompat(bssl::Span der) { -+ bssl::UniquePtr bio(BIO_new_mem_buf(der.data(), der.size())); -+ ASSERT_TRUE(bio); -+ -+ bssl::UniquePtr p12(d2i_PKCS12_bio(bio.get(), nullptr)); -+ ASSERT_TRUE(p12); -+ -+ ASSERT_FALSE(PKCS12_verify_mac(p12.get(), "badpass", 7)); -+ ASSERT_TRUE(PKCS12_verify_mac(p12.get(), kPassword, sizeof(kPassword) - 1)); -+ -+ EVP_PKEY *key = nullptr; -+ X509 *cert = nullptr; -+ STACK_OF(X509) *ca_certs = nullptr; -+ ASSERT_TRUE(PKCS12_parse(p12.get(), kPassword, &key, &cert, &ca_certs)); -+ -+ bssl::UniquePtr delete_key(key); -+ bssl::UniquePtr delete_cert(cert); -+ bssl::UniquePtr delete_ca_certs(ca_certs); -+ -+ ASSERT_TRUE(key); -+ ASSERT_TRUE(cert); -+ ASSERT_EQ(0u, sk_X509_num(ca_certs)); -+} -+ -+TEST(PKCS12Test, TestOpenSSL) { -+ // openssl.p12 was generated by OpenSSL with: -+ // openssl pkcs12 -export -inkey key.pem -in cacert.pem -+ std::string data = GetTestData("crypto/pkcs8/test/openssl.p12"); -+ TestImpl("OpenSSL", StringToBytes(data), kPassword, nullptr); -+} -+ -+TEST(PKCS12Test, TestNSS) { -+ // nss.p12 is the result of importing the OpenSSL example PKCS#12 into Chrome -+ // on Linux and then exporting it again. -+ std::string data = GetTestData("crypto/pkcs8/test/nss.p12"); -+ TestImpl("NSS", StringToBytes(data), kPassword, "Internet Widgits Pty Ltd"); -+} -+ -+TEST(PKCS12Test, TestWindows) { -+ // windows.p12 is a dummy key and certificate exported from the certificate -+ // manager on Windows 7. It has a friendlyName, but only on the key, where we -+ // ignore it, and not the certificate. -+ std::string data = GetTestData("crypto/pkcs8/test/windows.p12"); -+ TestImpl("Windows", StringToBytes(data), kPassword, nullptr); -+} -+ -+TEST(PKCS12Test, TestPBES2) { -+ // pbes2_sha1.p12 is a PKCS#12 file using PBES2 and HMAC-SHA-1 created with: -+ // openssl pkcs12 -export -inkey key.pem -in cert.pem -keypbe AES-128-CBC -+ // -certpbe AES-128-CBC -+ // -+ // This was generated with an older OpenSSL, which used hmacWithSHA1 as the -+ // PRF. (There is currently no way to specify the PRF in the pkcs12 command.) -+ std::string data = GetTestData("crypto/pkcs8/test/pbes2_sha1.p12"); -+ TestImpl("kPBES2WithSHA1", StringToBytes(data), kPassword, nullptr); -+ -+ // pbes2_sha256.p12 is a PKCS#12 file using PBES2 and HMAC-SHA-256. It was -+ // generated in the same way as pbes2_sha1.p12, but using OpenSSL 1.1.1b, -+ // which uses hmacWithSHA256 as the PRF. -+ data = GetTestData("crypto/pkcs8/test/pbes2_sha256.p12"); -+ TestImpl("kPBES2WithSHA256", StringToBytes(data), kPassword, nullptr); -+} -+ -+TEST(PKCS12Test, TestNoEncryption) { -+ // no_encryption.p12 is a PKCS#12 file with neither the key or certificate is -+ // encrypted. It was generated with: -+ // -+ // openssl pkcs12 -export -inkey ecdsa_p256_key.pem -in ecdsa_p256_cert.pem -keypbe NONE -certpbe NONE -password pass:foo -+ std::string data = GetTestData("crypto/pkcs8/test/no_encryption.p12"); -+ TestImpl("kNoEncryption", StringToBytes(data), kPassword, nullptr); -+} -+ -+TEST(PKCS12Test, TestEmptyPassword) { -+#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) -+ return; // The MAC check always passes in fuzzer mode. -+#endif -+ -+ // Generated with -+ // openssl pkcs12 -export -inkey ecdsa_p256_key.pem -in ecdsa_p256_cert.pem -password pass: -+ std::string data = GetTestData("crypto/pkcs8/test/empty_password.p12"); -+ TestImpl("EmptyPassword (empty password)", StringToBytes(data), "", nullptr); -+ TestImpl("EmptyPassword (null password)", StringToBytes(data), nullptr, -+ nullptr); -+} -+ -+TEST(PKCS12Test, TestNullPassword) { -+#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) -+ return; // The MAC check always passes in fuzzer mode. -+#endif -+ -+ // Generated with -+ // openssl pkcs12 -export -inkey ecdsa_p256_key.pem -in ecdsa_p256_cert.pem -password pass: -+ // But with OpenSSL patched to pass NULL into PKCS12_create and -+ // PKCS12_set_mac. -+ std::string data = GetTestData("crypto/pkcs8/test/null_password.p12"); -+ TestImpl("NullPassword (empty password)", StringToBytes(data), "", nullptr); -+ TestImpl("NullPassword (null password)", StringToBytes(data), nullptr, -+ nullptr); -+} -+ -+TEST(PKCS12Test, TestUnicode) { -+ // Generated with -+ // openssl pkcs12 -export -inkey ecdsa_p256_key.pem -in ecdsa_p256_cert.pem -password pass:"Hello, 世界" -+ std::string data = GetTestData("crypto/pkcs8/test/unicode_password.p12"); -+ TestImpl("Unicode", StringToBytes(data), kUnicodePassword, nullptr); -+} -+ -+TEST(PKCS12Test, TestWindowsCompat) { -+ std::string data = GetTestData("crypto/pkcs8/test/windows.p12"); -+ TestCompat(StringToBytes(data)); -+} - - // kTestKey is a test P-256 key. - // static const uint8_t kTestKey[] = { diff --git a/bssl-compat/patch/source/crypto/pkcs8/pkcs12_test.cc.sh b/bssl-compat/patch/source/crypto/pkcs8/pkcs12_test.cc.sh new file mode 100755 index 0000000000..f4d213c488 --- /dev/null +++ b/bssl-compat/patch/source/crypto/pkcs8/pkcs12_test.cc.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment \ + --uncomment-regex '#include' \ + --uncomment-regex 'std::string\s*GetTestData\s*(.*);' \ + --uncomment-regex 'static .* kPassword\[\] = ' \ + --uncomment-regex 'static .* kUnicodePassword\[\] = ' \ + --uncomment-func-impl StringToBytes \ + --uncomment-static-func-impl TestImpl \ + --uncomment-func-impl TestCompat \ + --uncomment-gtest-func PKCS12Test TestOpenSSL \ + --uncomment-gtest-func PKCS12Test TestNSS \ + --uncomment-gtest-func PKCS12Test TestWindows \ + --uncomment-gtest-func PKCS12Test TestPBES2 \ + --uncomment-gtest-func PKCS12Test TestNoEncryption \ + --uncomment-gtest-func PKCS12Test TestEmptyPassword \ + --uncomment-gtest-func PKCS12Test TestNullPassword \ + --uncomment-gtest-func PKCS12Test TestUnicode \ + --uncomment-gtest-func PKCS12Test TestWindowsCompat \ diff --git a/bssl-compat/patch/source/crypto/rand_extra/rand_test.cc.patch b/bssl-compat/patch/source/crypto/rand_extra/rand_test.cc.patch deleted file mode 100644 index 99e493ec19..0000000000 --- a/bssl-compat/patch/source/crypto/rand_extra/rand_test.cc.patch +++ /dev/null @@ -1,376 +0,0 @@ ---- a/source/crypto/rand_extra/rand_test.cc -+++ b/source/crypto/rand_extra/rand_test.cc -@@ -12,196 +12,196 @@ - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - --// #include -+#include - --// #include -+#include - --// #include -+#include - --// #include -+#include - - // #include "../fipsmodule/rand/fork_detect.h" - // #include "../fipsmodule/rand/internal.h" - // #include "../test/abi_test.h" --// #include "../test/test_util.h" -+#include "../test/test_util.h" - --// #if defined(OPENSSL_THREADS) --// #include --// #include --// #include --// #endif -- --// #if !defined(OPENSSL_WINDOWS) --// #include --// #include --// #include --// #include --// #endif -+#if defined(OPENSSL_THREADS) -+#include -+#include -+#include -+#endif -+ -+#if !defined(OPENSSL_WINDOWS) -+#include -+#include -+#include -+#include -+#endif - - - // These tests are, strictly speaking, flaky, but we use large enough buffers - // that the probability of failing when we should pass is negligible. - --// TEST(RandTest, NotObviouslyBroken) { --// static const uint8_t kZeros[256] = {0}; -+TEST(RandTest, NotObviouslyBroken) { -+ static const uint8_t kZeros[256] = {0}; - --// uint8_t buf1[256], buf2[256]; --// RAND_bytes(buf1, sizeof(buf1)); --// RAND_bytes(buf2, sizeof(buf2)); -- --// EXPECT_NE(Bytes(buf1), Bytes(buf2)); --// EXPECT_NE(Bytes(buf1), Bytes(kZeros)); --// EXPECT_NE(Bytes(buf2), Bytes(kZeros)); --// } -- --// #if !defined(OPENSSL_WINDOWS) && !defined(OPENSSL_IOS) && \ --// !defined(OPENSSL_FUCHSIA) && !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE) --// static bool ForkAndRand(bssl::Span out) { --// int pipefds[2]; --// if (pipe(pipefds) < 0) { --// perror("pipe"); --// return false; --// } -- --// // This is a multi-threaded process, but GTest does not run tests concurrently --// // and there currently are no threads, so this should be safe. --// pid_t child = fork(); --// if (child < 0) { --// perror("fork"); --// close(pipefds[0]); --// close(pipefds[1]); --// return false; --// } -- --// if (child == 0) { --// // This is the child. Generate entropy and write it to the parent. --// close(pipefds[0]); --// RAND_bytes(out.data(), out.size()); --// while (!out.empty()) { --// ssize_t ret = write(pipefds[1], out.data(), out.size()); --// if (ret < 0) { --// if (errno == EINTR) { --// continue; --// } --// perror("write"); --// _exit(1); --// } --// out = out.subspan(static_cast(ret)); --// } --// _exit(0); --// } -- --// // This is the parent. Read the entropy from the child. --// close(pipefds[1]); --// while (!out.empty()) { --// ssize_t ret = read(pipefds[0], out.data(), out.size()); --// if (ret <= 0) { --// if (ret == 0) { --// fprintf(stderr, "Unexpected EOF from child.\n"); --// } else { --// if (errno == EINTR) { --// continue; --// } --// perror("read"); --// } --// close(pipefds[0]); --// return false; --// } --// out = out.subspan(static_cast(ret)); --// } --// close(pipefds[0]); -- --// // Wait for the child to exit. --// int status; --// if (waitpid(child, &status, 0) < 0) { --// perror("waitpid"); --// return false; --// } --// if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { --// fprintf(stderr, "Child did not exit cleanly.\n"); --// return false; --// } -- --// return true; --// } -- --// TEST(RandTest, Fork) { --// static const uint8_t kZeros[16] = {0}; -- --// // Draw a little entropy to initialize any internal PRNG buffering. --// uint8_t byte; --// RAND_bytes(&byte, 1); -- --// // Draw entropy in two child processes and the parent process. This test --// // intentionally uses smaller buffers than the others, to minimize the chance --// // of sneaking by with a large enough buffer that we've since reseeded from --// // the OS. --// uint8_t buf1[16], buf2[16], buf3[16]; --// ASSERT_TRUE(ForkAndRand(buf1)); --// ASSERT_TRUE(ForkAndRand(buf2)); --// RAND_bytes(buf3, sizeof(buf3)); -- --// // All should be different. --// EXPECT_NE(Bytes(buf1), Bytes(buf2)); --// EXPECT_NE(Bytes(buf2), Bytes(buf3)); --// EXPECT_NE(Bytes(buf1), Bytes(buf3)); --// EXPECT_NE(Bytes(buf1), Bytes(kZeros)); --// EXPECT_NE(Bytes(buf2), Bytes(kZeros)); --// EXPECT_NE(Bytes(buf3), Bytes(kZeros)); --// } --// #endif // !OPENSSL_WINDOWS && !OPENSSL_IOS && --// // !OPENSSL_FUCHSIA && !BORINGSSL_UNSAFE_DETERMINISTIC_MODE -- --// #if defined(OPENSSL_THREADS) --// static void RunConcurrentRands(size_t num_threads) { --// static const uint8_t kZeros[256] = {0}; -- --// std::vector> bufs(num_threads); --// std::vector threads(num_threads); -- --// for (size_t i = 0; i < num_threads; i++) { --// threads[i] = --// std::thread([i, &bufs] { RAND_bytes(bufs[i].data(), bufs[i].size()); }); --// } --// for (size_t i = 0; i < num_threads; i++) { --// threads[i].join(); --// } -- --// for (size_t i = 0; i < num_threads; i++) { --// EXPECT_NE(Bytes(bufs[i]), Bytes(kZeros)); --// for (size_t j = i + 1; j < num_threads; j++) { --// EXPECT_NE(Bytes(bufs[i]), Bytes(bufs[j])); --// } --// } --// } -+ uint8_t buf1[256], buf2[256]; -+ RAND_bytes(buf1, sizeof(buf1)); -+ RAND_bytes(buf2, sizeof(buf2)); -+ -+ EXPECT_NE(Bytes(buf1), Bytes(buf2)); -+ EXPECT_NE(Bytes(buf1), Bytes(kZeros)); -+ EXPECT_NE(Bytes(buf2), Bytes(kZeros)); -+} -+ -+#if !defined(OPENSSL_WINDOWS) && !defined(OPENSSL_IOS) && \ -+ !defined(OPENSSL_FUCHSIA) && !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE) -+static bool ForkAndRand(bssl::Span out) { -+ int pipefds[2]; -+ if (pipe(pipefds) < 0) { -+ perror("pipe"); -+ return false; -+ } -+ -+ // This is a multi-threaded process, but GTest does not run tests concurrently -+ // and there currently are no threads, so this should be safe. -+ pid_t child = fork(); -+ if (child < 0) { -+ perror("fork"); -+ close(pipefds[0]); -+ close(pipefds[1]); -+ return false; -+ } -+ -+ if (child == 0) { -+ // This is the child. Generate entropy and write it to the parent. -+ close(pipefds[0]); -+ RAND_bytes(out.data(), out.size()); -+ while (!out.empty()) { -+ ssize_t ret = write(pipefds[1], out.data(), out.size()); -+ if (ret < 0) { -+ if (errno == EINTR) { -+ continue; -+ } -+ perror("write"); -+ _exit(1); -+ } -+ out = out.subspan(static_cast(ret)); -+ } -+ _exit(0); -+ } -+ -+ // This is the parent. Read the entropy from the child. -+ close(pipefds[1]); -+ while (!out.empty()) { -+ ssize_t ret = read(pipefds[0], out.data(), out.size()); -+ if (ret <= 0) { -+ if (ret == 0) { -+ fprintf(stderr, "Unexpected EOF from child.\n"); -+ } else { -+ if (errno == EINTR) { -+ continue; -+ } -+ perror("read"); -+ } -+ close(pipefds[0]); -+ return false; -+ } -+ out = out.subspan(static_cast(ret)); -+ } -+ close(pipefds[0]); -+ -+ // Wait for the child to exit. -+ int status; -+ if (waitpid(child, &status, 0) < 0) { -+ perror("waitpid"); -+ return false; -+ } -+ if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { -+ fprintf(stderr, "Child did not exit cleanly.\n"); -+ return false; -+ } -+ -+ return true; -+} -+ -+TEST(RandTest, Fork) { -+ static const uint8_t kZeros[16] = {0}; -+ -+ // Draw a little entropy to initialize any internal PRNG buffering. -+ uint8_t byte; -+ RAND_bytes(&byte, 1); -+ -+ // Draw entropy in two child processes and the parent process. This test -+ // intentionally uses smaller buffers than the others, to minimize the chance -+ // of sneaking by with a large enough buffer that we've since reseeded from -+ // the OS. -+ uint8_t buf1[16], buf2[16], buf3[16]; -+ ASSERT_TRUE(ForkAndRand(buf1)); -+ ASSERT_TRUE(ForkAndRand(buf2)); -+ RAND_bytes(buf3, sizeof(buf3)); -+ -+ // All should be different. -+ EXPECT_NE(Bytes(buf1), Bytes(buf2)); -+ EXPECT_NE(Bytes(buf2), Bytes(buf3)); -+ EXPECT_NE(Bytes(buf1), Bytes(buf3)); -+ EXPECT_NE(Bytes(buf1), Bytes(kZeros)); -+ EXPECT_NE(Bytes(buf2), Bytes(kZeros)); -+ EXPECT_NE(Bytes(buf3), Bytes(kZeros)); -+} -+#endif // !OPENSSL_WINDOWS && !OPENSSL_IOS && -+ // !OPENSSL_FUCHSIA && !BORINGSSL_UNSAFE_DETERMINISTIC_MODE -+ -+#if defined(OPENSSL_THREADS) -+static void RunConcurrentRands(size_t num_threads) { -+ static const uint8_t kZeros[256] = {0}; -+ -+ std::vector> bufs(num_threads); -+ std::vector threads(num_threads); -+ -+ for (size_t i = 0; i < num_threads; i++) { -+ threads[i] = -+ std::thread([i, &bufs] { RAND_bytes(bufs[i].data(), bufs[i].size()); }); -+ } -+ for (size_t i = 0; i < num_threads; i++) { -+ threads[i].join(); -+ } -+ -+ for (size_t i = 0; i < num_threads; i++) { -+ EXPECT_NE(Bytes(bufs[i]), Bytes(kZeros)); -+ for (size_t j = i + 1; j < num_threads; j++) { -+ EXPECT_NE(Bytes(bufs[i]), Bytes(bufs[j])); -+ } -+ } -+} - - // Test that threads may concurrently draw entropy without tripping TSan. --// TEST(RandTest, Threads) { --// constexpr size_t kFewerThreads = 10; --// constexpr size_t kMoreThreads = 20; -- --// // Draw entropy in parallel. --// RunConcurrentRands(kFewerThreads); --// // Draw entropy in parallel with higher concurrency than the previous maximum. --// RunConcurrentRands(kMoreThreads); --// // Draw entropy in parallel with lower concurrency than the previous maximum. --// RunConcurrentRands(kFewerThreads); --// } --// #endif // OPENSSL_THREADS -- --// #if defined(OPENSSL_X86_64) && defined(SUPPORTS_ABI_TEST) --// TEST(RandTest, RdrandABI) { --// if (!have_rdrand()) { --// fprintf(stderr, "rdrand not supported. Skipping.\n"); --// return; --// } -- --// uint8_t buf[32]; --// CHECK_ABI_SEH(CRYPTO_rdrand, buf); --// CHECK_ABI_SEH(CRYPTO_rdrand_multiple8_buf, nullptr, 0); --// CHECK_ABI_SEH(CRYPTO_rdrand_multiple8_buf, buf, 8); --// CHECK_ABI_SEH(CRYPTO_rdrand_multiple8_buf, buf, 16); --// CHECK_ABI_SEH(CRYPTO_rdrand_multiple8_buf, buf, 24); --// CHECK_ABI_SEH(CRYPTO_rdrand_multiple8_buf, buf, 32); --// } --// #endif // OPENSSL_X86_64 && SUPPORTS_ABI_TEST -+TEST(RandTest, Threads) { -+ constexpr size_t kFewerThreads = 10; -+ constexpr size_t kMoreThreads = 20; -+ -+ // Draw entropy in parallel. -+ RunConcurrentRands(kFewerThreads); -+ // Draw entropy in parallel with higher concurrency than the previous maximum. -+ RunConcurrentRands(kMoreThreads); -+ // Draw entropy in parallel with lower concurrency than the previous maximum. -+ RunConcurrentRands(kFewerThreads); -+} -+#endif // OPENSSL_THREADS -+ -+#if defined(OPENSSL_X86_64) && defined(SUPPORTS_ABI_TEST) -+TEST(RandTest, RdrandABI) { -+ if (!have_rdrand()) { -+ fprintf(stderr, "rdrand not supported. Skipping.\n"); -+ return; -+ } -+ -+ uint8_t buf[32]; -+ CHECK_ABI_SEH(CRYPTO_rdrand, buf); -+ CHECK_ABI_SEH(CRYPTO_rdrand_multiple8_buf, nullptr, 0); -+ CHECK_ABI_SEH(CRYPTO_rdrand_multiple8_buf, buf, 8); -+ CHECK_ABI_SEH(CRYPTO_rdrand_multiple8_buf, buf, 16); -+ CHECK_ABI_SEH(CRYPTO_rdrand_multiple8_buf, buf, 24); -+ CHECK_ABI_SEH(CRYPTO_rdrand_multiple8_buf, buf, 32); -+} -+#endif // OPENSSL_X86_64 && SUPPORTS_ABI_TEST diff --git a/bssl-compat/patch/source/crypto/rand_extra/rand_test.cc.sh b/bssl-compat/patch/source/crypto/rand_extra/rand_test.cc.sh new file mode 100755 index 0000000000..ac2d49fbec --- /dev/null +++ b/bssl-compat/patch/source/crypto/rand_extra/rand_test.cc.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" \ + --comment-regex '#include "../fipsmodule/' \ + --comment-regex '#include "../test/abi_test.h"' \ \ No newline at end of file diff --git a/bssl-compat/patch/source/crypto/rsa_extra/rsa_test.cc.patch b/bssl-compat/patch/source/crypto/rsa_extra/rsa_test.cc.patch index b04b9eec42..689169f10e 100644 --- a/bssl-compat/patch/source/crypto/rsa_extra/rsa_test.cc.patch +++ b/bssl-compat/patch/source/crypto/rsa_extra/rsa_test.cc.patch @@ -1,717 +1,9 @@ --- a/source/crypto/rsa_extra/rsa_test.cc +++ b/source/crypto/rsa_extra/rsa_test.cc -@@ -54,54 +54,54 @@ - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ +@@ -554,12 +554,24 @@ --// #include -+#include - --// #include --// #include -+#include -+#include - --// #include -+#include - --// #include --// #include --// #include --// #include --// #include -+#include -+#include -+#include -+#include -+#include - - // #include "../fipsmodule/bn/internal.h" - // #include "../fipsmodule/rsa/internal.h" - // #include "../internal.h" --// #include "../test/test_util.h" -+#include "../test/test_util.h" - --// #if defined(OPENSSL_THREADS) --// #include --// #include --// #endif -+#if defined(OPENSSL_THREADS) -+#include -+#include -+#endif - - - // kPlaintext is a sample plaintext. --// static const uint8_t kPlaintext[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; --// static const size_t kPlaintextLen = sizeof(kPlaintext) - 1; -+static const uint8_t kPlaintext[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; -+static const size_t kPlaintextLen = sizeof(kPlaintext) - 1; - - // kKey1 is a DER-encoded RSAPrivateKey. --// static const uint8_t kKey1[] = --// "\x30\x82\x01\x38\x02\x01\x00\x02\x41\x00\xaa\x36\xab\xce\x88\xac\xfd\xff" --// "\x55\x52\x3c\x7f\xc4\x52\x3f\x90\xef\xa0\x0d\xf3\x77\x4a\x25\x9f\x2e\x62" --// "\xb4\xc5\xd9\x9c\xb5\xad\xb3\x00\xa0\x28\x5e\x53\x01\x93\x0e\x0c\x70\xfb" --// "\x68\x76\x93\x9c\xe6\x16\xce\x62\x4a\x11\xe0\x08\x6d\x34\x1e\xbc\xac\xa0" --// "\xa1\xf5\x02\x01\x11\x02\x40\x0a\x03\x37\x48\x62\x64\x87\x69\x5f\x5f\x30" --// "\xbc\x38\xb9\x8b\x44\xc2\xcd\x2d\xff\x43\x40\x98\xcd\x20\xd8\xa1\x38\xd0" --// "\x90\xbf\x64\x79\x7c\x3f\xa7\xa2\xcd\xcb\x3c\xd1\xe0\xbd\xba\x26\x54\xb4" --// "\xf9\xdf\x8e\x8a\xe5\x9d\x73\x3d\x9f\x33\xb3\x01\x62\x4a\xfd\x1d\x51\x02" --// "\x21\x00\xd8\x40\xb4\x16\x66\xb4\x2e\x92\xea\x0d\xa3\xb4\x32\x04\xb5\xcf" --// "\xce\x33\x52\x52\x4d\x04\x16\xa5\xa4\x41\xe7\x00\xaf\x46\x12\x0d\x02\x21" --// "\x00\xc9\x7f\xb1\xf0\x27\xf4\x53\xf6\x34\x12\x33\xea\xaa\xd1\xd9\x35\x3f" --// "\x6c\x42\xd0\x88\x66\xb1\xd0\x5a\x0f\x20\x35\x02\x8b\x9d\x89\x02\x20\x59" --// "\x0b\x95\x72\xa2\xc2\xa9\xc4\x06\x05\x9d\xc2\xab\x2f\x1d\xaf\xeb\x7e\x8b" --// "\x4f\x10\xa7\x54\x9e\x8e\xed\xf5\xb4\xfc\xe0\x9e\x05\x02\x21\x00\x8e\x3c" --// "\x05\x21\xfe\x15\xe0\xea\x06\xa3\x6f\xf0\xf1\x0c\x99\x52\xc3\x5b\x7a\x75" --// "\x14\xfd\x32\x38\xb8\x0a\xad\x52\x98\x62\x8d\x51\x02\x20\x36\x3f\xf7\x18" --// "\x9d\xa8\xe9\x0b\x1d\x34\x1f\x71\xd0\x9b\x76\xa8\xa9\x43\xe1\x1d\x10\xb2" --// "\x4d\x24\x9f\x2d\xea\xfe\xf8\x0c\x18\x26"; -+static const uint8_t kKey1[] = -+ "\x30\x82\x01\x38\x02\x01\x00\x02\x41\x00\xaa\x36\xab\xce\x88\xac\xfd\xff" -+ "\x55\x52\x3c\x7f\xc4\x52\x3f\x90\xef\xa0\x0d\xf3\x77\x4a\x25\x9f\x2e\x62" -+ "\xb4\xc5\xd9\x9c\xb5\xad\xb3\x00\xa0\x28\x5e\x53\x01\x93\x0e\x0c\x70\xfb" -+ "\x68\x76\x93\x9c\xe6\x16\xce\x62\x4a\x11\xe0\x08\x6d\x34\x1e\xbc\xac\xa0" -+ "\xa1\xf5\x02\x01\x11\x02\x40\x0a\x03\x37\x48\x62\x64\x87\x69\x5f\x5f\x30" -+ "\xbc\x38\xb9\x8b\x44\xc2\xcd\x2d\xff\x43\x40\x98\xcd\x20\xd8\xa1\x38\xd0" -+ "\x90\xbf\x64\x79\x7c\x3f\xa7\xa2\xcd\xcb\x3c\xd1\xe0\xbd\xba\x26\x54\xb4" -+ "\xf9\xdf\x8e\x8a\xe5\x9d\x73\x3d\x9f\x33\xb3\x01\x62\x4a\xfd\x1d\x51\x02" -+ "\x21\x00\xd8\x40\xb4\x16\x66\xb4\x2e\x92\xea\x0d\xa3\xb4\x32\x04\xb5\xcf" -+ "\xce\x33\x52\x52\x4d\x04\x16\xa5\xa4\x41\xe7\x00\xaf\x46\x12\x0d\x02\x21" -+ "\x00\xc9\x7f\xb1\xf0\x27\xf4\x53\xf6\x34\x12\x33\xea\xaa\xd1\xd9\x35\x3f" -+ "\x6c\x42\xd0\x88\x66\xb1\xd0\x5a\x0f\x20\x35\x02\x8b\x9d\x89\x02\x20\x59" -+ "\x0b\x95\x72\xa2\xc2\xa9\xc4\x06\x05\x9d\xc2\xab\x2f\x1d\xaf\xeb\x7e\x8b" -+ "\x4f\x10\xa7\x54\x9e\x8e\xed\xf5\xb4\xfc\xe0\x9e\x05\x02\x21\x00\x8e\x3c" -+ "\x05\x21\xfe\x15\xe0\xea\x06\xa3\x6f\xf0\xf1\x0c\x99\x52\xc3\x5b\x7a\x75" -+ "\x14\xfd\x32\x38\xb8\x0a\xad\x52\x98\x62\x8d\x51\x02\x20\x36\x3f\xf7\x18" -+ "\x9d\xa8\xe9\x0b\x1d\x34\x1f\x71\xd0\x9b\x76\xa8\xa9\x43\xe1\x1d\x10\xb2" -+ "\x4d\x24\x9f\x2d\xea\xfe\xf8\x0c\x18\x26"; - - // kFIPSKey is a DER-encoded RSAPrivateKey that is FIPS-compliant. - // static const uint8_t kFIPSKey[] = -@@ -140,191 +140,191 @@ - // "\xb3\xf5\x9a\x6c\x3d\x5a\x72\xb1\x2d\xfe\xac\x09\x4f\xdd\xe5\x44\xd1\x4e" - // "\xf8\x59\x85\x3a\x65\xe2\xcd\xbc\x27\x1d\x9b\x48\x9f\xb9"; - --// static const uint8_t kFIPSPublicKey[] = --// "\x30\x81\x89\x02\x81\x81\x00\xa1\x71\x90\x77\x86\x8a\xc7\xb8\xfc\x2a\x45" --// "\x82\x6d\xee\xeb\x35\x3a\x18\x3f\xb6\xb0\x1e\xb1\xd3\x09\x6b\x05\x4d\xec" --// "\x1c\x37\x6f\x09\x31\x32\xda\x21\x8a\x49\x0e\x16\x28\xed\x9a\x30\xf3\x14" --// "\x53\xfd\x5b\xb0\xf6\x4a\x5d\x52\xe1\xda\xe1\x40\x6e\x65\xbf\xca\x45\xd9" --// "\x62\x96\x4a\x1e\x11\xc4\x61\x83\x1f\x58\x8d\x5e\xd0\x12\xaf\xa5\xec\x9b" --// "\x97\x2f\x6c\xb2\x82\x4a\x73\xd0\xd3\x9a\xc9\x69\x6b\x24\x3c\x82\x6f\xee" --// "\x4d\x0c\x7e\xdf\xd7\xae\xea\x3a\xeb\x04\x27\x8d\x43\x81\x59\xa7\x90\x56" --// "\xc1\x69\x42\xb3\xaf\x1c\x8d\x4e\xbf\x02\x03\x01\x00\x01"; -+static const uint8_t kFIPSPublicKey[] = -+ "\x30\x81\x89\x02\x81\x81\x00\xa1\x71\x90\x77\x86\x8a\xc7\xb8\xfc\x2a\x45" -+ "\x82\x6d\xee\xeb\x35\x3a\x18\x3f\xb6\xb0\x1e\xb1\xd3\x09\x6b\x05\x4d\xec" -+ "\x1c\x37\x6f\x09\x31\x32\xda\x21\x8a\x49\x0e\x16\x28\xed\x9a\x30\xf3\x14" -+ "\x53\xfd\x5b\xb0\xf6\x4a\x5d\x52\xe1\xda\xe1\x40\x6e\x65\xbf\xca\x45\xd9" -+ "\x62\x96\x4a\x1e\x11\xc4\x61\x83\x1f\x58\x8d\x5e\xd0\x12\xaf\xa5\xec\x9b" -+ "\x97\x2f\x6c\xb2\x82\x4a\x73\xd0\xd3\x9a\xc9\x69\x6b\x24\x3c\x82\x6f\xee" -+ "\x4d\x0c\x7e\xdf\xd7\xae\xea\x3a\xeb\x04\x27\x8d\x43\x81\x59\xa7\x90\x56" -+ "\xc1\x69\x42\xb3\xaf\x1c\x8d\x4e\xbf\x02\x03\x01\x00\x01"; - - // kOAEPCiphertext1 is a sample encryption of |kPlaintext| with |kKey1| using - // RSA OAEP. --// static const uint8_t kOAEPCiphertext1[] = --// "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89\x2b\xfb" --// "\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52\x33\x89\x5c\x74" --// "\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44\xb0\x05\xc3\x9e\xd8\x27" --// "\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2"; -+static const uint8_t kOAEPCiphertext1[] = -+ "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89\x2b\xfb" -+ "\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52\x33\x89\x5c\x74" -+ "\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44\xb0\x05\xc3\x9e\xd8\x27" -+ "\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2"; - - // kKey2 is a DER-encoded RSAPrivateKey. --// static const uint8_t kKey2[] = --// "\x30\x81\xfb\x02\x01\x00\x02\x33\x00\xa3\x07\x9a\x90\xdf\x0d\xfd\x72\xac" --// "\x09\x0c\xcc\x2a\x78\xb8\x74\x13\x13\x3e\x40\x75\x9c\x98\xfa\xf8\x20\x4f" --// "\x35\x8a\x0b\x26\x3c\x67\x70\xe7\x83\xa9\x3b\x69\x71\xb7\x37\x79\xd2\x71" --// "\x7b\xe8\x34\x77\xcf\x02\x01\x03\x02\x32\x6c\xaf\xbc\x60\x94\xb3\xfe\x4c" --// "\x72\xb0\xb3\x32\xc6\xfb\x25\xa2\xb7\x62\x29\x80\x4e\x68\x65\xfc\xa4\x5a" --// "\x74\xdf\x0f\x8f\xb8\x41\x3b\x52\xc0\xd0\xe5\x3d\x9b\x59\x0f\xf1\x9b\xe7" --// "\x9f\x49\xdd\x21\xe5\xeb\x02\x1a\x00\xcf\x20\x35\x02\x8b\x9d\x86\x98\x40" --// "\xb4\x16\x66\xb4\x2e\x92\xea\x0d\xa3\xb4\x32\x04\xb5\xcf\xce\x91\x02\x1a" --// "\x00\xc9\x7f\xb1\xf0\x27\xf4\x53\xf6\x34\x12\x33\xea\xaa\xd1\xd9\x35\x3f" --// "\x6c\x42\xd0\x88\x66\xb1\xd0\x5f\x02\x1a\x00\x8a\x15\x78\xac\x5d\x13\xaf" --// "\x10\x2b\x22\xb9\x99\xcd\x74\x61\xf1\x5e\x6d\x22\xcc\x03\x23\xdf\xdf\x0b" --// "\x02\x1a\x00\x86\x55\x21\x4a\xc5\x4d\x8d\x4e\xcd\x61\x77\xf1\xc7\x36\x90" --// "\xce\x2a\x48\x2c\x8b\x05\x99\xcb\xe0\x3f\x02\x1a\x00\x83\xef\xef\xb8\xa9" --// "\xa4\x0d\x1d\xb6\xed\x98\xad\x84\xed\x13\x35\xdc\xc1\x08\xf3\x22\xd0\x57" --// "\xcf\x8d"; -+static const uint8_t kKey2[] = -+ "\x30\x81\xfb\x02\x01\x00\x02\x33\x00\xa3\x07\x9a\x90\xdf\x0d\xfd\x72\xac" -+ "\x09\x0c\xcc\x2a\x78\xb8\x74\x13\x13\x3e\x40\x75\x9c\x98\xfa\xf8\x20\x4f" -+ "\x35\x8a\x0b\x26\x3c\x67\x70\xe7\x83\xa9\x3b\x69\x71\xb7\x37\x79\xd2\x71" -+ "\x7b\xe8\x34\x77\xcf\x02\x01\x03\x02\x32\x6c\xaf\xbc\x60\x94\xb3\xfe\x4c" -+ "\x72\xb0\xb3\x32\xc6\xfb\x25\xa2\xb7\x62\x29\x80\x4e\x68\x65\xfc\xa4\x5a" -+ "\x74\xdf\x0f\x8f\xb8\x41\x3b\x52\xc0\xd0\xe5\x3d\x9b\x59\x0f\xf1\x9b\xe7" -+ "\x9f\x49\xdd\x21\xe5\xeb\x02\x1a\x00\xcf\x20\x35\x02\x8b\x9d\x86\x98\x40" -+ "\xb4\x16\x66\xb4\x2e\x92\xea\x0d\xa3\xb4\x32\x04\xb5\xcf\xce\x91\x02\x1a" -+ "\x00\xc9\x7f\xb1\xf0\x27\xf4\x53\xf6\x34\x12\x33\xea\xaa\xd1\xd9\x35\x3f" -+ "\x6c\x42\xd0\x88\x66\xb1\xd0\x5f\x02\x1a\x00\x8a\x15\x78\xac\x5d\x13\xaf" -+ "\x10\x2b\x22\xb9\x99\xcd\x74\x61\xf1\x5e\x6d\x22\xcc\x03\x23\xdf\xdf\x0b" -+ "\x02\x1a\x00\x86\x55\x21\x4a\xc5\x4d\x8d\x4e\xcd\x61\x77\xf1\xc7\x36\x90" -+ "\xce\x2a\x48\x2c\x8b\x05\x99\xcb\xe0\x3f\x02\x1a\x00\x83\xef\xef\xb8\xa9" -+ "\xa4\x0d\x1d\xb6\xed\x98\xad\x84\xed\x13\x35\xdc\xc1\x08\xf3\x22\xd0\x57" -+ "\xcf\x8d"; - - // kOAEPCiphertext2 is a sample encryption of |kPlaintext| with |kKey2| using - // RSA OAEP. --// static const uint8_t kOAEPCiphertext2[] = --// "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a\x8b\x40" --// "\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4\x17\x53\x03\x29" --// "\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52\x62\x51"; -+static const uint8_t kOAEPCiphertext2[] = -+ "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a\x8b\x40" -+ "\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4\x17\x53\x03\x29" -+ "\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52\x62\x51"; - - // kKey3 is a DER-encoded RSAPrivateKey. --// static const uint8_t kKey3[] = --// "\x30\x82\x02\x5b\x02\x01\x00\x02\x81\x81\x00\xbb\xf8\x2f\x09\x06\x82\xce" --// "\x9c\x23\x38\xac\x2b\x9d\xa8\x71\xf7\x36\x8d\x07\xee\xd4\x10\x43\xa4\x40" --// "\xd6\xb6\xf0\x74\x54\xf5\x1f\xb8\xdf\xba\xaf\x03\x5c\x02\xab\x61\xea\x48" --// "\xce\xeb\x6f\xcd\x48\x76\xed\x52\x0d\x60\xe1\xec\x46\x19\x71\x9d\x8a\x5b" --// "\x8b\x80\x7f\xaf\xb8\xe0\xa3\xdf\xc7\x37\x72\x3e\xe6\xb4\xb7\xd9\x3a\x25" --// "\x84\xee\x6a\x64\x9d\x06\x09\x53\x74\x88\x34\xb2\x45\x45\x98\x39\x4e\xe0" --// "\xaa\xb1\x2d\x7b\x61\xa5\x1f\x52\x7a\x9a\x41\xf6\xc1\x68\x7f\xe2\x53\x72" --// "\x98\xca\x2a\x8f\x59\x46\xf8\xe5\xfd\x09\x1d\xbd\xcb\x02\x01\x11\x02\x81" --// "\x81\x00\xa5\xda\xfc\x53\x41\xfa\xf2\x89\xc4\xb9\x88\xdb\x30\xc1\xcd\xf8" --// "\x3f\x31\x25\x1e\x06\x68\xb4\x27\x84\x81\x38\x01\x57\x96\x41\xb2\x94\x10" --// "\xb3\xc7\x99\x8d\x6b\xc4\x65\x74\x5e\x5c\x39\x26\x69\xd6\x87\x0d\xa2\xc0" --// "\x82\xa9\x39\xe3\x7f\xdc\xb8\x2e\xc9\x3e\xda\xc9\x7f\xf3\xad\x59\x50\xac" --// "\xcf\xbc\x11\x1c\x76\xf1\xa9\x52\x94\x44\xe5\x6a\xaf\x68\xc5\x6c\x09\x2c" --// "\xd3\x8d\xc3\xbe\xf5\xd2\x0a\x93\x99\x26\xed\x4f\x74\xa1\x3e\xdd\xfb\xe1" --// "\xa1\xce\xcc\x48\x94\xaf\x94\x28\xc2\xb7\xb8\x88\x3f\xe4\x46\x3a\x4b\xc8" --// "\x5b\x1c\xb3\xc1\x02\x41\x00\xee\xcf\xae\x81\xb1\xb9\xb3\xc9\x08\x81\x0b" --// "\x10\xa1\xb5\x60\x01\x99\xeb\x9f\x44\xae\xf4\xfd\xa4\x93\xb8\x1a\x9e\x3d" --// "\x84\xf6\x32\x12\x4e\xf0\x23\x6e\x5d\x1e\x3b\x7e\x28\xfa\xe7\xaa\x04\x0a" --// "\x2d\x5b\x25\x21\x76\x45\x9d\x1f\x39\x75\x41\xba\x2a\x58\xfb\x65\x99\x02" --// "\x41\x00\xc9\x7f\xb1\xf0\x27\xf4\x53\xf6\x34\x12\x33\xea\xaa\xd1\xd9\x35" --// "\x3f\x6c\x42\xd0\x88\x66\xb1\xd0\x5a\x0f\x20\x35\x02\x8b\x9d\x86\x98\x40" --// "\xb4\x16\x66\xb4\x2e\x92\xea\x0d\xa3\xb4\x32\x04\xb5\xcf\xce\x33\x52\x52" --// "\x4d\x04\x16\xa5\xa4\x41\xe7\x00\xaf\x46\x15\x03\x02\x40\x54\x49\x4c\xa6" --// "\x3e\xba\x03\x37\xe4\xe2\x40\x23\xfc\xd6\x9a\x5a\xeb\x07\xdd\xdc\x01\x83" --// "\xa4\xd0\xac\x9b\x54\xb0\x51\xf2\xb1\x3e\xd9\x49\x09\x75\xea\xb7\x74\x14" --// "\xff\x59\xc1\xf7\x69\x2e\x9a\x2e\x20\x2b\x38\xfc\x91\x0a\x47\x41\x74\xad" --// "\xc9\x3c\x1f\x67\xc9\x81\x02\x40\x47\x1e\x02\x90\xff\x0a\xf0\x75\x03\x51" --// "\xb7\xf8\x78\x86\x4c\xa9\x61\xad\xbd\x3a\x8a\x7e\x99\x1c\x5c\x05\x56\xa9" --// "\x4c\x31\x46\xa7\xf9\x80\x3f\x8f\x6f\x8a\xe3\x42\xe9\x31\xfd\x8a\xe4\x7a" --// "\x22\x0d\x1b\x99\xa4\x95\x84\x98\x07\xfe\x39\xf9\x24\x5a\x98\x36\xda\x3d" --// "\x02\x41\x00\xb0\x6c\x4f\xda\xbb\x63\x01\x19\x8d\x26\x5b\xdb\xae\x94\x23" --// "\xb3\x80\xf2\x71\xf7\x34\x53\x88\x50\x93\x07\x7f\xcd\x39\xe2\x11\x9f\xc9" --// "\x86\x32\x15\x4f\x58\x83\xb1\x67\xa9\x67\xbf\x40\x2b\x4e\x9e\x2e\x0f\x96" --// "\x56\xe6\x98\xea\x36\x66\xed\xfb\x25\x79\x80\x39\xf7"; -+static const uint8_t kKey3[] = -+ "\x30\x82\x02\x5b\x02\x01\x00\x02\x81\x81\x00\xbb\xf8\x2f\x09\x06\x82\xce" -+ "\x9c\x23\x38\xac\x2b\x9d\xa8\x71\xf7\x36\x8d\x07\xee\xd4\x10\x43\xa4\x40" -+ "\xd6\xb6\xf0\x74\x54\xf5\x1f\xb8\xdf\xba\xaf\x03\x5c\x02\xab\x61\xea\x48" -+ "\xce\xeb\x6f\xcd\x48\x76\xed\x52\x0d\x60\xe1\xec\x46\x19\x71\x9d\x8a\x5b" -+ "\x8b\x80\x7f\xaf\xb8\xe0\xa3\xdf\xc7\x37\x72\x3e\xe6\xb4\xb7\xd9\x3a\x25" -+ "\x84\xee\x6a\x64\x9d\x06\x09\x53\x74\x88\x34\xb2\x45\x45\x98\x39\x4e\xe0" -+ "\xaa\xb1\x2d\x7b\x61\xa5\x1f\x52\x7a\x9a\x41\xf6\xc1\x68\x7f\xe2\x53\x72" -+ "\x98\xca\x2a\x8f\x59\x46\xf8\xe5\xfd\x09\x1d\xbd\xcb\x02\x01\x11\x02\x81" -+ "\x81\x00\xa5\xda\xfc\x53\x41\xfa\xf2\x89\xc4\xb9\x88\xdb\x30\xc1\xcd\xf8" -+ "\x3f\x31\x25\x1e\x06\x68\xb4\x27\x84\x81\x38\x01\x57\x96\x41\xb2\x94\x10" -+ "\xb3\xc7\x99\x8d\x6b\xc4\x65\x74\x5e\x5c\x39\x26\x69\xd6\x87\x0d\xa2\xc0" -+ "\x82\xa9\x39\xe3\x7f\xdc\xb8\x2e\xc9\x3e\xda\xc9\x7f\xf3\xad\x59\x50\xac" -+ "\xcf\xbc\x11\x1c\x76\xf1\xa9\x52\x94\x44\xe5\x6a\xaf\x68\xc5\x6c\x09\x2c" -+ "\xd3\x8d\xc3\xbe\xf5\xd2\x0a\x93\x99\x26\xed\x4f\x74\xa1\x3e\xdd\xfb\xe1" -+ "\xa1\xce\xcc\x48\x94\xaf\x94\x28\xc2\xb7\xb8\x88\x3f\xe4\x46\x3a\x4b\xc8" -+ "\x5b\x1c\xb3\xc1\x02\x41\x00\xee\xcf\xae\x81\xb1\xb9\xb3\xc9\x08\x81\x0b" -+ "\x10\xa1\xb5\x60\x01\x99\xeb\x9f\x44\xae\xf4\xfd\xa4\x93\xb8\x1a\x9e\x3d" -+ "\x84\xf6\x32\x12\x4e\xf0\x23\x6e\x5d\x1e\x3b\x7e\x28\xfa\xe7\xaa\x04\x0a" -+ "\x2d\x5b\x25\x21\x76\x45\x9d\x1f\x39\x75\x41\xba\x2a\x58\xfb\x65\x99\x02" -+ "\x41\x00\xc9\x7f\xb1\xf0\x27\xf4\x53\xf6\x34\x12\x33\xea\xaa\xd1\xd9\x35" -+ "\x3f\x6c\x42\xd0\x88\x66\xb1\xd0\x5a\x0f\x20\x35\x02\x8b\x9d\x86\x98\x40" -+ "\xb4\x16\x66\xb4\x2e\x92\xea\x0d\xa3\xb4\x32\x04\xb5\xcf\xce\x33\x52\x52" -+ "\x4d\x04\x16\xa5\xa4\x41\xe7\x00\xaf\x46\x15\x03\x02\x40\x54\x49\x4c\xa6" -+ "\x3e\xba\x03\x37\xe4\xe2\x40\x23\xfc\xd6\x9a\x5a\xeb\x07\xdd\xdc\x01\x83" -+ "\xa4\xd0\xac\x9b\x54\xb0\x51\xf2\xb1\x3e\xd9\x49\x09\x75\xea\xb7\x74\x14" -+ "\xff\x59\xc1\xf7\x69\x2e\x9a\x2e\x20\x2b\x38\xfc\x91\x0a\x47\x41\x74\xad" -+ "\xc9\x3c\x1f\x67\xc9\x81\x02\x40\x47\x1e\x02\x90\xff\x0a\xf0\x75\x03\x51" -+ "\xb7\xf8\x78\x86\x4c\xa9\x61\xad\xbd\x3a\x8a\x7e\x99\x1c\x5c\x05\x56\xa9" -+ "\x4c\x31\x46\xa7\xf9\x80\x3f\x8f\x6f\x8a\xe3\x42\xe9\x31\xfd\x8a\xe4\x7a" -+ "\x22\x0d\x1b\x99\xa4\x95\x84\x98\x07\xfe\x39\xf9\x24\x5a\x98\x36\xda\x3d" -+ "\x02\x41\x00\xb0\x6c\x4f\xda\xbb\x63\x01\x19\x8d\x26\x5b\xdb\xae\x94\x23" -+ "\xb3\x80\xf2\x71\xf7\x34\x53\x88\x50\x93\x07\x7f\xcd\x39\xe2\x11\x9f\xc9" -+ "\x86\x32\x15\x4f\x58\x83\xb1\x67\xa9\x67\xbf\x40\x2b\x4e\x9e\x2e\x0f\x96" -+ "\x56\xe6\x98\xea\x36\x66\xed\xfb\x25\x79\x80\x39\xf7"; - - // kOAEPCiphertext3 is a sample encryption of |kPlaintext| with |kKey3| using - // RSA OAEP. --// static const uint8_t kOAEPCiphertext3[] = --// "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7\x90\xc4" --// "\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce\xf0\xc4\x36\x6f" --// "\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3\xf2\xf1\x92\xdb\xea\xca" --// "\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06\x69\xac\x22\xe9\xf3\xa7\x85\x2e" --// "\x3c\x15\xd9\x13\xca\xb0\xb8\x86\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49" --// "\x54\x61\x03\x46\xf4\xd4\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a" --// "\x1f\xc4\x02\x6a\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20" --// "\x2f\xb1"; -- --// static const uint8_t kTwoPrimeKey[] = --// "\x30\x82\x04\xa1\x02\x01\x00\x02\x82\x01\x01\x00\x93\x3a\x4f\xc9\x6a\x0a" --// "\x6b\x28\x04\xfa\xb7\x05\x56\xdf\xa0\xaa\x4f\xaa\xab\x94\xa0\xa9\x25\xef" --// "\xc5\x96\xd2\xd4\x66\x16\x62\x2c\x13\x7b\x91\xd0\x36\x0a\x10\x11\x6d\x7a" --// "\x91\xb6\xe4\x74\x57\xc1\x3d\x7a\xbe\x24\x05\x3a\x04\x0b\x73\x91\x53\xb1" --// "\x74\x10\xe1\x87\xdc\x91\x28\x9c\x1e\xe5\xf2\xb9\xfc\xa2\x48\x34\xb6\x78" --// "\xed\x6d\x95\xfb\xf2\xc0\x4e\x1c\xa4\x15\x00\x3c\x8a\x68\x2b\xd6\xce\xd5" --// "\xb3\x9f\x66\x02\xa7\x0d\x08\xa3\x23\x9b\xe5\x36\x96\x13\x22\xf9\x69\xa6" --// "\x87\x88\x9b\x85\x3f\x83\x9c\xab\x1a\x1b\x6d\x8d\x16\xf4\x5e\xbd\xee\x4b" --// "\x59\x56\xf8\x9d\x58\xcd\xd2\x83\x85\x59\x43\x84\x63\x4f\xe6\x1a\x86\x66" --// "\x0d\xb5\xa0\x87\x89\xb6\x13\x82\x43\xda\x34\x92\x3b\x68\xc4\x95\x71\x2f" --// "\x15\xc2\xe0\x43\x67\x3c\x08\x00\x36\x10\xc3\xb4\x46\x4c\x4e\x6e\xf5\x44" --// "\xa9\x04\x44\x9d\xce\xc7\x05\x79\xee\x11\xcf\xaf\x2c\xd7\x9a\x32\xd3\xa5" --// "\x30\xd4\x3a\x78\x43\x37\x74\x22\x90\x24\x04\x11\xd7\x95\x08\x52\xa4\x71" --// "\x41\x68\x94\xb0\xa0\xc3\xec\x4e\xd2\xc4\x30\x71\x98\x64\x9c\xe3\x7c\x76" --// "\xef\x33\xa3\x2b\xb1\x87\x63\xd2\x5c\x09\xfc\x90\x2d\x92\xf4\x57\x02\x01" --// "\x03\x02\x82\x01\x00\x62\x26\xdf\xdb\x9c\x06\xf2\x1a\xad\xfc\x7a\x03\x8f" --// "\x3f\xc0\x71\x8a\x71\xc7\xb8\x6b\x1b\x6e\x9f\xd9\x0f\x37\x38\x44\x0e\xec" --// "\x1d\x62\x52\x61\x35\x79\x5c\x0a\xb6\x48\xfc\x61\x24\x98\x4d\x8f\xd6\x28" --// "\xfc\x7e\xc2\xae\x26\xad\x5c\xf7\xb6\x37\xcb\xa2\xb5\xeb\xaf\xe8\x60\xc5" --// "\xbd\x69\xee\xa1\xd1\x53\x16\xda\xcd\xce\xfb\x48\xf3\xb9\x52\xa1\xd5\x89" --// "\x68\x6d\x63\x55\x7d\xb1\x9a\xc7\xe4\x89\xe3\xcd\x14\xee\xac\x6f\x5e\x05" --// "\xc2\x17\xbd\x43\x79\xb9\x62\x17\x50\xf1\x19\xaf\xb0\x67\xae\x2a\x57\xbd" --// "\xc7\x66\xbc\xf3\xb3\x64\xa1\xe3\x16\x74\x9e\xea\x02\x5c\xab\x94\xd8\x97" --// "\x02\x42\x0c\x2c\xba\x54\xb9\xaf\xe0\x45\x93\xad\x7f\xb3\x10\x6a\x96\x50" --// "\x4b\xaf\xcf\xc8\x27\x62\x2d\x83\xe9\x26\xc6\x94\xc1\xef\x5c\x8e\x06\x42" --// "\x53\xe5\x56\xaf\xc2\x99\x01\xaa\x9a\x71\xbc\xe8\x21\x33\x2a\x2d\xa3\x36" --// "\xac\x1b\x86\x19\xf8\xcd\x1f\x80\xa4\x26\x98\xb8\x9f\x62\x62\xd5\x1a\x7f" --// "\xee\xdb\xdf\x81\xd3\x21\xdb\x33\x92\xee\xff\xe2\x2f\x32\x77\x73\x6a\x58" --// "\xab\x21\xf3\xe3\xe1\xbc\x4f\x12\x72\xa6\xb5\xc2\xfb\x27\x9e\xc8\xca\xab" --// "\x64\xa0\x87\x07\x9d\xef\xca\x0f\xdb\x02\x81\x81\x00\xe6\xd3\x4d\xc0\xa1" --// "\x91\x0e\x62\xfd\xb0\xdd\xc6\x30\xb8\x8c\xcb\x14\xc1\x4b\x69\x30\xdd\xcd" --// "\x86\x67\xcb\x37\x14\xc5\x03\xd2\xb4\x69\xab\x3d\xe5\x16\x81\x0f\xe5\x50" --// "\xf4\x18\xb1\xec\xbc\x71\xe9\x80\x99\x06\xe4\xa3\xfe\x44\x84\x4a\x2d\x1e" --// "\x07\x7f\x22\x70\x6d\x4f\xd4\x93\x0b\x8b\x99\xce\x1e\xab\xcd\x4c\xd2\xd3" --// "\x10\x47\x5c\x09\x9f\x6d\x82\xc0\x08\x75\xe3\x3d\x83\xc2\x19\x50\x29\xec" --// "\x1f\x84\x29\xcc\xf1\x56\xee\xbd\x54\x5d\xe6\x19\xdf\x0d\x1c\xa4\xbb\x0a" --// "\xfe\x84\x44\x29\x1d\xf9\x5c\x80\x96\x5b\x24\xb4\xf7\x02\x1b\x02\x81\x81" --// "\x00\xa3\x48\xf1\x9c\x58\xc2\x5f\x38\xfb\xd8\x12\x39\xf1\x8e\x73\xa1\xcf" --// "\x78\x12\xe0\xed\x2a\xbb\xef\xac\x23\xb2\xbf\xd6\x0c\xe9\x6e\x1e\xab\xea" --// "\x3f\x68\x36\xa7\x1f\xe5\xab\xe0\x86\xa5\x76\x32\x98\xdd\x75\xb5\x2b\xbc" --// "\xcb\x8a\x03\x00\x7c\x2e\xca\xf8\xbc\x19\xe4\xe3\xa3\x31\xbd\x1d\x20\x2b" --// "\x09\xad\x6f\x4c\xed\x48\xd4\xdf\x87\xf9\xf0\x46\xb9\x86\x4c\x4b\x71\xe7" --// "\x48\x78\xdc\xed\xc7\x82\x02\x44\xd3\xa6\xb3\x10\x5f\x62\x81\xfc\xb8\xe4" --// "\x0e\xf4\x1a\xdd\xab\x3f\xbc\x63\x79\x5b\x39\x69\x5e\xea\xa9\x15\xfe\x90" --// "\xec\xda\x75\x02\x81\x81\x00\x99\xe2\x33\xd5\xc1\x0b\x5e\xec\xa9\x20\x93" --// "\xd9\x75\xd0\x5d\xdc\xb8\x80\xdc\xf0\xcb\x3e\x89\x04\x45\x32\x24\xb8\x83" --// "\x57\xe1\xcd\x9b\xc7\x7e\x98\xb9\xab\x5f\xee\x35\xf8\x10\x76\x9d\xd2\xf6" --// "\x9b\xab\x10\xaf\x43\x17\xfe\xd8\x58\x31\x73\x69\x5a\x54\xc1\xa0\x48\xdf" --// "\xe3\x0c\xb2\x5d\x11\x34\x14\x72\x88\xdd\xe1\xe2\x0a\xda\x3d\x5b\xbf\x9e" --// "\x57\x2a\xb0\x4e\x97\x7e\x57\xd6\xbb\x8a\xc6\x9d\x6a\x58\x1b\xdd\xf6\x39" --// "\xf4\x7e\x38\x3e\x99\x66\x94\xb3\x68\x6d\xd2\x07\x54\x58\x2d\x70\xbe\xa6" --// "\x3d\xab\x0e\xe7\x6d\xcd\xfa\x01\x67\x02\x81\x80\x6c\xdb\x4b\xbd\x90\x81" --// "\x94\xd0\xa7\xe5\x61\x7b\xf6\x5e\xf7\xc1\x34\xfa\xb7\x40\x9e\x1c\x7d\x4a" --// "\x72\xc2\x77\x2a\x8e\xb3\x46\x49\x69\xc7\xf1\x7f\x9a\xcf\x1a\x15\x43\xc7" --// "\xeb\x04\x6e\x4e\xcc\x65\xe8\xf9\x23\x72\x7d\xdd\x06\xac\xaa\xfd\x74\x87" --// "\x50\x7d\x66\x98\x97\xc2\x21\x28\xbe\x15\x72\x06\x73\x9f\x88\x9e\x30\x8d" --// "\xea\x5a\xa6\xa0\x2f\x26\x59\x88\x32\x4b\xef\x85\xa5\xe8\x9e\x85\x01\x56" --// "\xd8\x8d\x19\xcc\xb5\x94\xec\x56\xa8\x7b\x42\xb4\xa2\xbc\x93\xc7\x7f\xd2" --// "\xec\xfb\x92\x26\x46\x3f\x47\x1b\x63\xff\x0b\x48\x91\xa3\x02\x81\x80\x2c" --// "\x4a\xb9\xa4\x46\x7b\xff\x50\x7e\xbf\x60\x47\x3b\x2b\x66\x82\xdc\x0e\x53" --// "\x65\x71\xe9\xda\x2a\xb8\x32\x93\x42\xb7\xff\xea\x67\x66\xf1\xbc\x87\x28" --// "\x65\x29\x79\xca\xab\x93\x56\xda\x95\xc1\x26\x44\x3d\x27\xc1\x91\xc6\x9b" --// "\xd9\xec\x9d\xb7\x49\xe7\x16\xee\x99\x87\x50\x95\x81\xd4\x5c\x5b\x5a\x5d" --// "\x0a\x43\xa5\xa7\x8f\x5a\x80\x49\xa0\xb7\x10\x85\xc7\xf4\x42\x34\x86\xb6" --// "\x5f\x3f\x88\x9e\xc7\xf5\x59\x29\x39\x68\x48\xf2\xd7\x08\x5b\x92\x8e\x6b" --// "\xea\xa5\x63\x5f\xc0\xfb\xe4\xe1\xb2\x7d\xb7\x40\xe9\x55\x06\xbf\x58\x25" --// "\x6f"; -- --// static const uint8_t kTwoPrimeEncryptedMessage[] = { --// 0x63, 0x0a, 0x30, 0x45, 0x43, 0x11, 0x45, 0xb7, 0x99, 0x67, 0x90, 0x35, --// 0x37, 0x27, 0xff, 0xbc, 0xe0, 0xbf, 0xa6, 0xd1, 0x47, 0x50, 0xbb, 0x6c, --// 0x1c, 0xaa, 0x66, 0xf2, 0xff, 0x9d, 0x9a, 0xa6, 0xb4, 0x16, 0x63, 0xb0, --// 0xa1, 0x7c, 0x7c, 0x0c, 0xef, 0xb3, 0x66, 0x52, 0x42, 0xd7, 0x5e, 0xf3, --// 0xa4, 0x15, 0x33, 0x40, 0x43, 0xe8, 0xb1, 0xfc, 0xe0, 0x42, 0x83, 0x46, --// 0x28, 0xce, 0xde, 0x7b, 0x01, 0xeb, 0x28, 0x92, 0x70, 0xdf, 0x8d, 0x54, --// 0x9e, 0xed, 0x23, 0xb4, 0x78, 0xc3, 0xca, 0x85, 0x53, 0x48, 0xd6, 0x8a, --// 0x87, 0xf7, 0x69, 0xcd, 0x82, 0x8c, 0x4f, 0x5c, 0x05, 0x55, 0xa6, 0x78, --// 0x89, 0xab, 0x4c, 0xd8, 0xa9, 0xd6, 0xa5, 0xf4, 0x29, 0x4c, 0x23, 0xc8, --// 0xcf, 0xf0, 0x4c, 0x64, 0x6b, 0x4e, 0x02, 0x17, 0x69, 0xd6, 0x47, 0x83, --// 0x30, 0x43, 0x02, 0x29, 0xda, 0xda, 0x75, 0x3b, 0xd7, 0xa7, 0x2b, 0x31, --// 0xb3, 0xe9, 0x71, 0xa4, 0x41, 0xf7, 0x26, 0x9b, 0xcd, 0x23, 0xfa, 0x45, --// 0x3c, 0x9b, 0x7d, 0x28, 0xf7, 0xf9, 0x67, 0x04, 0xba, 0xfc, 0x46, 0x75, --// 0x11, 0x3c, 0xd5, 0x27, 0x43, 0x53, 0xb1, 0xb6, 0x9e, 0x18, 0xeb, 0x11, --// 0xb4, 0x25, 0x20, 0x30, 0x0b, 0xe0, 0x1c, 0x17, 0x36, 0x22, 0x10, 0x0f, --// 0x99, 0xb5, 0x50, 0x14, 0x73, 0x07, 0xf0, 0x2f, 0x5d, 0x4c, 0xe3, 0xf2, --// 0x86, 0xc2, 0x05, 0xc8, 0x38, 0xed, 0xeb, 0x2a, 0x4a, 0xab, 0x76, 0xe3, --// 0x1a, 0x75, 0x44, 0xf7, 0x6e, 0x94, 0xdc, 0x25, 0x62, 0x7e, 0x31, 0xca, --// 0xc2, 0x73, 0x51, 0xb5, 0x03, 0xfb, 0xf9, 0xf6, 0xb5, 0x8d, 0x4e, 0x6c, --// 0x21, 0x0e, 0xf9, 0x97, 0x26, 0x57, 0xf3, 0x52, 0x72, 0x07, 0xf8, 0xb4, --// 0xcd, 0xb4, 0x39, 0xcf, 0xbf, 0x78, 0xcc, 0xb6, 0x87, 0xf9, 0xb7, 0x8b, --// 0x6a, 0xce, 0x9f, 0xc8, --// }; -+static const uint8_t kOAEPCiphertext3[] = -+ "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7\x90\xc4" -+ "\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce\xf0\xc4\x36\x6f" -+ "\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3\xf2\xf1\x92\xdb\xea\xca" -+ "\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06\x69\xac\x22\xe9\xf3\xa7\x85\x2e" -+ "\x3c\x15\xd9\x13\xca\xb0\xb8\x86\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49" -+ "\x54\x61\x03\x46\xf4\xd4\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a" -+ "\x1f\xc4\x02\x6a\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20" -+ "\x2f\xb1"; -+ -+static const uint8_t kTwoPrimeKey[] = -+ "\x30\x82\x04\xa1\x02\x01\x00\x02\x82\x01\x01\x00\x93\x3a\x4f\xc9\x6a\x0a" -+ "\x6b\x28\x04\xfa\xb7\x05\x56\xdf\xa0\xaa\x4f\xaa\xab\x94\xa0\xa9\x25\xef" -+ "\xc5\x96\xd2\xd4\x66\x16\x62\x2c\x13\x7b\x91\xd0\x36\x0a\x10\x11\x6d\x7a" -+ "\x91\xb6\xe4\x74\x57\xc1\x3d\x7a\xbe\x24\x05\x3a\x04\x0b\x73\x91\x53\xb1" -+ "\x74\x10\xe1\x87\xdc\x91\x28\x9c\x1e\xe5\xf2\xb9\xfc\xa2\x48\x34\xb6\x78" -+ "\xed\x6d\x95\xfb\xf2\xc0\x4e\x1c\xa4\x15\x00\x3c\x8a\x68\x2b\xd6\xce\xd5" -+ "\xb3\x9f\x66\x02\xa7\x0d\x08\xa3\x23\x9b\xe5\x36\x96\x13\x22\xf9\x69\xa6" -+ "\x87\x88\x9b\x85\x3f\x83\x9c\xab\x1a\x1b\x6d\x8d\x16\xf4\x5e\xbd\xee\x4b" -+ "\x59\x56\xf8\x9d\x58\xcd\xd2\x83\x85\x59\x43\x84\x63\x4f\xe6\x1a\x86\x66" -+ "\x0d\xb5\xa0\x87\x89\xb6\x13\x82\x43\xda\x34\x92\x3b\x68\xc4\x95\x71\x2f" -+ "\x15\xc2\xe0\x43\x67\x3c\x08\x00\x36\x10\xc3\xb4\x46\x4c\x4e\x6e\xf5\x44" -+ "\xa9\x04\x44\x9d\xce\xc7\x05\x79\xee\x11\xcf\xaf\x2c\xd7\x9a\x32\xd3\xa5" -+ "\x30\xd4\x3a\x78\x43\x37\x74\x22\x90\x24\x04\x11\xd7\x95\x08\x52\xa4\x71" -+ "\x41\x68\x94\xb0\xa0\xc3\xec\x4e\xd2\xc4\x30\x71\x98\x64\x9c\xe3\x7c\x76" -+ "\xef\x33\xa3\x2b\xb1\x87\x63\xd2\x5c\x09\xfc\x90\x2d\x92\xf4\x57\x02\x01" -+ "\x03\x02\x82\x01\x00\x62\x26\xdf\xdb\x9c\x06\xf2\x1a\xad\xfc\x7a\x03\x8f" -+ "\x3f\xc0\x71\x8a\x71\xc7\xb8\x6b\x1b\x6e\x9f\xd9\x0f\x37\x38\x44\x0e\xec" -+ "\x1d\x62\x52\x61\x35\x79\x5c\x0a\xb6\x48\xfc\x61\x24\x98\x4d\x8f\xd6\x28" -+ "\xfc\x7e\xc2\xae\x26\xad\x5c\xf7\xb6\x37\xcb\xa2\xb5\xeb\xaf\xe8\x60\xc5" -+ "\xbd\x69\xee\xa1\xd1\x53\x16\xda\xcd\xce\xfb\x48\xf3\xb9\x52\xa1\xd5\x89" -+ "\x68\x6d\x63\x55\x7d\xb1\x9a\xc7\xe4\x89\xe3\xcd\x14\xee\xac\x6f\x5e\x05" -+ "\xc2\x17\xbd\x43\x79\xb9\x62\x17\x50\xf1\x19\xaf\xb0\x67\xae\x2a\x57\xbd" -+ "\xc7\x66\xbc\xf3\xb3\x64\xa1\xe3\x16\x74\x9e\xea\x02\x5c\xab\x94\xd8\x97" -+ "\x02\x42\x0c\x2c\xba\x54\xb9\xaf\xe0\x45\x93\xad\x7f\xb3\x10\x6a\x96\x50" -+ "\x4b\xaf\xcf\xc8\x27\x62\x2d\x83\xe9\x26\xc6\x94\xc1\xef\x5c\x8e\x06\x42" -+ "\x53\xe5\x56\xaf\xc2\x99\x01\xaa\x9a\x71\xbc\xe8\x21\x33\x2a\x2d\xa3\x36" -+ "\xac\x1b\x86\x19\xf8\xcd\x1f\x80\xa4\x26\x98\xb8\x9f\x62\x62\xd5\x1a\x7f" -+ "\xee\xdb\xdf\x81\xd3\x21\xdb\x33\x92\xee\xff\xe2\x2f\x32\x77\x73\x6a\x58" -+ "\xab\x21\xf3\xe3\xe1\xbc\x4f\x12\x72\xa6\xb5\xc2\xfb\x27\x9e\xc8\xca\xab" -+ "\x64\xa0\x87\x07\x9d\xef\xca\x0f\xdb\x02\x81\x81\x00\xe6\xd3\x4d\xc0\xa1" -+ "\x91\x0e\x62\xfd\xb0\xdd\xc6\x30\xb8\x8c\xcb\x14\xc1\x4b\x69\x30\xdd\xcd" -+ "\x86\x67\xcb\x37\x14\xc5\x03\xd2\xb4\x69\xab\x3d\xe5\x16\x81\x0f\xe5\x50" -+ "\xf4\x18\xb1\xec\xbc\x71\xe9\x80\x99\x06\xe4\xa3\xfe\x44\x84\x4a\x2d\x1e" -+ "\x07\x7f\x22\x70\x6d\x4f\xd4\x93\x0b\x8b\x99\xce\x1e\xab\xcd\x4c\xd2\xd3" -+ "\x10\x47\x5c\x09\x9f\x6d\x82\xc0\x08\x75\xe3\x3d\x83\xc2\x19\x50\x29\xec" -+ "\x1f\x84\x29\xcc\xf1\x56\xee\xbd\x54\x5d\xe6\x19\xdf\x0d\x1c\xa4\xbb\x0a" -+ "\xfe\x84\x44\x29\x1d\xf9\x5c\x80\x96\x5b\x24\xb4\xf7\x02\x1b\x02\x81\x81" -+ "\x00\xa3\x48\xf1\x9c\x58\xc2\x5f\x38\xfb\xd8\x12\x39\xf1\x8e\x73\xa1\xcf" -+ "\x78\x12\xe0\xed\x2a\xbb\xef\xac\x23\xb2\xbf\xd6\x0c\xe9\x6e\x1e\xab\xea" -+ "\x3f\x68\x36\xa7\x1f\xe5\xab\xe0\x86\xa5\x76\x32\x98\xdd\x75\xb5\x2b\xbc" -+ "\xcb\x8a\x03\x00\x7c\x2e\xca\xf8\xbc\x19\xe4\xe3\xa3\x31\xbd\x1d\x20\x2b" -+ "\x09\xad\x6f\x4c\xed\x48\xd4\xdf\x87\xf9\xf0\x46\xb9\x86\x4c\x4b\x71\xe7" -+ "\x48\x78\xdc\xed\xc7\x82\x02\x44\xd3\xa6\xb3\x10\x5f\x62\x81\xfc\xb8\xe4" -+ "\x0e\xf4\x1a\xdd\xab\x3f\xbc\x63\x79\x5b\x39\x69\x5e\xea\xa9\x15\xfe\x90" -+ "\xec\xda\x75\x02\x81\x81\x00\x99\xe2\x33\xd5\xc1\x0b\x5e\xec\xa9\x20\x93" -+ "\xd9\x75\xd0\x5d\xdc\xb8\x80\xdc\xf0\xcb\x3e\x89\x04\x45\x32\x24\xb8\x83" -+ "\x57\xe1\xcd\x9b\xc7\x7e\x98\xb9\xab\x5f\xee\x35\xf8\x10\x76\x9d\xd2\xf6" -+ "\x9b\xab\x10\xaf\x43\x17\xfe\xd8\x58\x31\x73\x69\x5a\x54\xc1\xa0\x48\xdf" -+ "\xe3\x0c\xb2\x5d\x11\x34\x14\x72\x88\xdd\xe1\xe2\x0a\xda\x3d\x5b\xbf\x9e" -+ "\x57\x2a\xb0\x4e\x97\x7e\x57\xd6\xbb\x8a\xc6\x9d\x6a\x58\x1b\xdd\xf6\x39" -+ "\xf4\x7e\x38\x3e\x99\x66\x94\xb3\x68\x6d\xd2\x07\x54\x58\x2d\x70\xbe\xa6" -+ "\x3d\xab\x0e\xe7\x6d\xcd\xfa\x01\x67\x02\x81\x80\x6c\xdb\x4b\xbd\x90\x81" -+ "\x94\xd0\xa7\xe5\x61\x7b\xf6\x5e\xf7\xc1\x34\xfa\xb7\x40\x9e\x1c\x7d\x4a" -+ "\x72\xc2\x77\x2a\x8e\xb3\x46\x49\x69\xc7\xf1\x7f\x9a\xcf\x1a\x15\x43\xc7" -+ "\xeb\x04\x6e\x4e\xcc\x65\xe8\xf9\x23\x72\x7d\xdd\x06\xac\xaa\xfd\x74\x87" -+ "\x50\x7d\x66\x98\x97\xc2\x21\x28\xbe\x15\x72\x06\x73\x9f\x88\x9e\x30\x8d" -+ "\xea\x5a\xa6\xa0\x2f\x26\x59\x88\x32\x4b\xef\x85\xa5\xe8\x9e\x85\x01\x56" -+ "\xd8\x8d\x19\xcc\xb5\x94\xec\x56\xa8\x7b\x42\xb4\xa2\xbc\x93\xc7\x7f\xd2" -+ "\xec\xfb\x92\x26\x46\x3f\x47\x1b\x63\xff\x0b\x48\x91\xa3\x02\x81\x80\x2c" -+ "\x4a\xb9\xa4\x46\x7b\xff\x50\x7e\xbf\x60\x47\x3b\x2b\x66\x82\xdc\x0e\x53" -+ "\x65\x71\xe9\xda\x2a\xb8\x32\x93\x42\xb7\xff\xea\x67\x66\xf1\xbc\x87\x28" -+ "\x65\x29\x79\xca\xab\x93\x56\xda\x95\xc1\x26\x44\x3d\x27\xc1\x91\xc6\x9b" -+ "\xd9\xec\x9d\xb7\x49\xe7\x16\xee\x99\x87\x50\x95\x81\xd4\x5c\x5b\x5a\x5d" -+ "\x0a\x43\xa5\xa7\x8f\x5a\x80\x49\xa0\xb7\x10\x85\xc7\xf4\x42\x34\x86\xb6" -+ "\x5f\x3f\x88\x9e\xc7\xf5\x59\x29\x39\x68\x48\xf2\xd7\x08\x5b\x92\x8e\x6b" -+ "\xea\xa5\x63\x5f\xc0\xfb\xe4\xe1\xb2\x7d\xb7\x40\xe9\x55\x06\xbf\x58\x25" -+ "\x6f"; -+ -+static const uint8_t kTwoPrimeEncryptedMessage[] = { -+ 0x63, 0x0a, 0x30, 0x45, 0x43, 0x11, 0x45, 0xb7, 0x99, 0x67, 0x90, 0x35, -+ 0x37, 0x27, 0xff, 0xbc, 0xe0, 0xbf, 0xa6, 0xd1, 0x47, 0x50, 0xbb, 0x6c, -+ 0x1c, 0xaa, 0x66, 0xf2, 0xff, 0x9d, 0x9a, 0xa6, 0xb4, 0x16, 0x63, 0xb0, -+ 0xa1, 0x7c, 0x7c, 0x0c, 0xef, 0xb3, 0x66, 0x52, 0x42, 0xd7, 0x5e, 0xf3, -+ 0xa4, 0x15, 0x33, 0x40, 0x43, 0xe8, 0xb1, 0xfc, 0xe0, 0x42, 0x83, 0x46, -+ 0x28, 0xce, 0xde, 0x7b, 0x01, 0xeb, 0x28, 0x92, 0x70, 0xdf, 0x8d, 0x54, -+ 0x9e, 0xed, 0x23, 0xb4, 0x78, 0xc3, 0xca, 0x85, 0x53, 0x48, 0xd6, 0x8a, -+ 0x87, 0xf7, 0x69, 0xcd, 0x82, 0x8c, 0x4f, 0x5c, 0x05, 0x55, 0xa6, 0x78, -+ 0x89, 0xab, 0x4c, 0xd8, 0xa9, 0xd6, 0xa5, 0xf4, 0x29, 0x4c, 0x23, 0xc8, -+ 0xcf, 0xf0, 0x4c, 0x64, 0x6b, 0x4e, 0x02, 0x17, 0x69, 0xd6, 0x47, 0x83, -+ 0x30, 0x43, 0x02, 0x29, 0xda, 0xda, 0x75, 0x3b, 0xd7, 0xa7, 0x2b, 0x31, -+ 0xb3, 0xe9, 0x71, 0xa4, 0x41, 0xf7, 0x26, 0x9b, 0xcd, 0x23, 0xfa, 0x45, -+ 0x3c, 0x9b, 0x7d, 0x28, 0xf7, 0xf9, 0x67, 0x04, 0xba, 0xfc, 0x46, 0x75, -+ 0x11, 0x3c, 0xd5, 0x27, 0x43, 0x53, 0xb1, 0xb6, 0x9e, 0x18, 0xeb, 0x11, -+ 0xb4, 0x25, 0x20, 0x30, 0x0b, 0xe0, 0x1c, 0x17, 0x36, 0x22, 0x10, 0x0f, -+ 0x99, 0xb5, 0x50, 0x14, 0x73, 0x07, 0xf0, 0x2f, 0x5d, 0x4c, 0xe3, 0xf2, -+ 0x86, 0xc2, 0x05, 0xc8, 0x38, 0xed, 0xeb, 0x2a, 0x4a, 0xab, 0x76, 0xe3, -+ 0x1a, 0x75, 0x44, 0xf7, 0x6e, 0x94, 0xdc, 0x25, 0x62, 0x7e, 0x31, 0xca, -+ 0xc2, 0x73, 0x51, 0xb5, 0x03, 0xfb, 0xf9, 0xf6, 0xb5, 0x8d, 0x4e, 0x6c, -+ 0x21, 0x0e, 0xf9, 0x97, 0x26, 0x57, 0xf3, 0x52, 0x72, 0x07, 0xf8, 0xb4, -+ 0xcd, 0xb4, 0x39, 0xcf, 0xbf, 0x78, 0xcc, 0xb6, 0x87, 0xf9, 0xb7, 0x8b, -+ 0x6a, 0xce, 0x9f, 0xc8, -+}; - - // kEstonianRSAKey is an RSAPublicKey encoded with a negative modulus. See - // https://crbug.com/532048. -@@ -382,102 +382,102 @@ - // 0xdd, 0x02, 0x01, 0x01, - // }; - --// struct RSAEncryptParam { --// const uint8_t *der; --// size_t der_len; --// const uint8_t *oaep_ciphertext; --// size_t oaep_ciphertext_len; --// } kRSAEncryptParams[] = { --// {kKey1, sizeof(kKey1) - 1, kOAEPCiphertext1, sizeof(kOAEPCiphertext1) - 1}, --// {kKey2, sizeof(kKey2) - 1, kOAEPCiphertext2, sizeof(kOAEPCiphertext2) - 1}, --// {kKey3, sizeof(kKey3) - 1, kOAEPCiphertext3, sizeof(kOAEPCiphertext3) - 1}, --// }; -- --// class RSAEncryptTest : public testing::TestWithParam {}; -- --// TEST_P(RSAEncryptTest, TestKey) { --// const auto ¶m = GetParam(); --// bssl::UniquePtr key( --// RSA_private_key_from_bytes(param.der, param.der_len)); --// ASSERT_TRUE(key); -- --// EXPECT_TRUE(RSA_check_key(key.get())); -- --// uint8_t ciphertext[256]; -- --// // Test that PKCS#1 v1.5 encryption round-trips. --// size_t ciphertext_len = 0; --// ASSERT_TRUE(RSA_encrypt(key.get(), &ciphertext_len, ciphertext, --// sizeof(ciphertext), kPlaintext, kPlaintextLen, --// RSA_PKCS1_PADDING)); --// EXPECT_EQ(RSA_size(key.get()), ciphertext_len); -- --// uint8_t plaintext[256]; --// size_t plaintext_len = 0; --// ASSERT_TRUE(RSA_decrypt(key.get(), &plaintext_len, plaintext, --// sizeof(plaintext), ciphertext, ciphertext_len, --// RSA_PKCS1_PADDING)); --// EXPECT_EQ(Bytes(kPlaintext, kPlaintextLen), Bytes(plaintext, plaintext_len)); -- --// // Test that OAEP encryption round-trips. --// ciphertext_len = 0; --// ASSERT_TRUE(RSA_encrypt(key.get(), &ciphertext_len, ciphertext, --// sizeof(ciphertext), kPlaintext, kPlaintextLen, --// RSA_PKCS1_OAEP_PADDING)); --// EXPECT_EQ(RSA_size(key.get()), ciphertext_len); -- --// plaintext_len = 0; --// ASSERT_TRUE(RSA_decrypt(key.get(), &plaintext_len, plaintext, --// sizeof(plaintext), ciphertext, ciphertext_len, --// RSA_PKCS1_OAEP_PADDING)); --// EXPECT_EQ(Bytes(kPlaintext, kPlaintextLen), Bytes(plaintext, plaintext_len)); -- --// // |oaep_ciphertext| should decrypt to |kPlaintext|. --// plaintext_len = 0; --// ASSERT_TRUE(RSA_decrypt(key.get(), &plaintext_len, plaintext, --// sizeof(plaintext), param.oaep_ciphertext, --// param.oaep_ciphertext_len, RSA_PKCS1_OAEP_PADDING)); --// EXPECT_EQ(Bytes(kPlaintext, kPlaintextLen), Bytes(plaintext, plaintext_len)); -- --// // Try decrypting corrupted ciphertexts. --// OPENSSL_memcpy(ciphertext, param.oaep_ciphertext, param.oaep_ciphertext_len); --// for (size_t i = 0; i < param.oaep_ciphertext_len; i++) { --// SCOPED_TRACE(i); --// ciphertext[i] ^= 1; --// EXPECT_FALSE(RSA_decrypt( --// key.get(), &plaintext_len, plaintext, sizeof(plaintext), ciphertext, --// param.oaep_ciphertext_len, RSA_PKCS1_OAEP_PADDING)); --// ERR_clear_error(); --// ciphertext[i] ^= 1; --// } -- --// // Test truncated ciphertexts. --// for (size_t len = 0; len < param.oaep_ciphertext_len; len++) { --// SCOPED_TRACE(len); --// EXPECT_FALSE(RSA_decrypt(key.get(), &plaintext_len, plaintext, --// sizeof(plaintext), ciphertext, len, --// RSA_PKCS1_OAEP_PADDING)); --// ERR_clear_error(); --// } --// } -- --// INSTANTIATE_TEST_SUITE_P(All, RSAEncryptTest, --// testing::ValuesIn(kRSAEncryptParams)); -- --// TEST(RSATest, TestDecrypt) { --// bssl::UniquePtr rsa( --// RSA_private_key_from_bytes(kTwoPrimeKey, sizeof(kTwoPrimeKey) - 1)); --// ASSERT_TRUE(rsa); -- --// EXPECT_TRUE(RSA_check_key(rsa.get())); -- --// uint8_t out[256]; --// size_t out_len; --// ASSERT_TRUE(RSA_decrypt( --// rsa.get(), &out_len, out, sizeof(out), kTwoPrimeEncryptedMessage, --// sizeof(kTwoPrimeEncryptedMessage), RSA_PKCS1_PADDING)); --// EXPECT_EQ(Bytes("hello world"), Bytes(out, out_len)); --// } -+struct RSAEncryptParam { -+ const uint8_t *der; -+ size_t der_len; -+ const uint8_t *oaep_ciphertext; -+ size_t oaep_ciphertext_len; -+} kRSAEncryptParams[] = { -+ {kKey1, sizeof(kKey1) - 1, kOAEPCiphertext1, sizeof(kOAEPCiphertext1) - 1}, -+ {kKey2, sizeof(kKey2) - 1, kOAEPCiphertext2, sizeof(kOAEPCiphertext2) - 1}, -+ {kKey3, sizeof(kKey3) - 1, kOAEPCiphertext3, sizeof(kOAEPCiphertext3) - 1}, -+}; -+ -+class RSAEncryptTest : public testing::TestWithParam {}; -+ -+TEST_P(RSAEncryptTest, TestKey) { -+ const auto ¶m = GetParam(); -+ bssl::UniquePtr key( -+ RSA_private_key_from_bytes(param.der, param.der_len)); -+ ASSERT_TRUE(key); -+ -+ EXPECT_TRUE(RSA_check_key(key.get())); -+ -+ uint8_t ciphertext[256]; -+ -+ // Test that PKCS#1 v1.5 encryption round-trips. -+ size_t ciphertext_len = 0; -+ ASSERT_TRUE(RSA_encrypt(key.get(), &ciphertext_len, ciphertext, -+ sizeof(ciphertext), kPlaintext, kPlaintextLen, -+ RSA_PKCS1_PADDING)); -+ EXPECT_EQ(RSA_size(key.get()), ciphertext_len); -+ -+ uint8_t plaintext[256]; -+ size_t plaintext_len = 0; -+ ASSERT_TRUE(RSA_decrypt(key.get(), &plaintext_len, plaintext, -+ sizeof(plaintext), ciphertext, ciphertext_len, -+ RSA_PKCS1_PADDING)); -+ EXPECT_EQ(Bytes(kPlaintext, kPlaintextLen), Bytes(plaintext, plaintext_len)); -+ -+ // Test that OAEP encryption round-trips. -+ ciphertext_len = 0; -+ ASSERT_TRUE(RSA_encrypt(key.get(), &ciphertext_len, ciphertext, -+ sizeof(ciphertext), kPlaintext, kPlaintextLen, -+ RSA_PKCS1_OAEP_PADDING)); -+ EXPECT_EQ(RSA_size(key.get()), ciphertext_len); -+ -+ plaintext_len = 0; -+ ASSERT_TRUE(RSA_decrypt(key.get(), &plaintext_len, plaintext, -+ sizeof(plaintext), ciphertext, ciphertext_len, -+ RSA_PKCS1_OAEP_PADDING)); -+ EXPECT_EQ(Bytes(kPlaintext, kPlaintextLen), Bytes(plaintext, plaintext_len)); -+ -+ // |oaep_ciphertext| should decrypt to |kPlaintext|. -+ plaintext_len = 0; -+ ASSERT_TRUE(RSA_decrypt(key.get(), &plaintext_len, plaintext, -+ sizeof(plaintext), param.oaep_ciphertext, -+ param.oaep_ciphertext_len, RSA_PKCS1_OAEP_PADDING)); -+ EXPECT_EQ(Bytes(kPlaintext, kPlaintextLen), Bytes(plaintext, plaintext_len)); -+ -+ // Try decrypting corrupted ciphertexts. -+ OPENSSL_memcpy(ciphertext, param.oaep_ciphertext, param.oaep_ciphertext_len); -+ for (size_t i = 0; i < param.oaep_ciphertext_len; i++) { -+ SCOPED_TRACE(i); -+ ciphertext[i] ^= 1; -+ EXPECT_FALSE(RSA_decrypt( -+ key.get(), &plaintext_len, plaintext, sizeof(plaintext), ciphertext, -+ param.oaep_ciphertext_len, RSA_PKCS1_OAEP_PADDING)); -+ ERR_clear_error(); -+ ciphertext[i] ^= 1; -+ } -+ -+ // Test truncated ciphertexts. -+ for (size_t len = 0; len < param.oaep_ciphertext_len; len++) { -+ SCOPED_TRACE(len); -+ EXPECT_FALSE(RSA_decrypt(key.get(), &plaintext_len, plaintext, -+ sizeof(plaintext), ciphertext, len, -+ RSA_PKCS1_OAEP_PADDING)); -+ ERR_clear_error(); -+ } -+} -+ -+INSTANTIATE_TEST_SUITE_P(All, RSAEncryptTest, -+ testing::ValuesIn(kRSAEncryptParams)); -+ -+TEST(RSATest, TestDecrypt) { -+ bssl::UniquePtr rsa( -+ RSA_private_key_from_bytes(kTwoPrimeKey, sizeof(kTwoPrimeKey) - 1)); -+ ASSERT_TRUE(rsa); -+ -+ EXPECT_TRUE(RSA_check_key(rsa.get())); -+ -+ uint8_t out[256]; -+ size_t out_len; -+ ASSERT_TRUE(RSA_decrypt( -+ rsa.get(), &out_len, out, sizeof(out), kTwoPrimeEncryptedMessage, -+ sizeof(kTwoPrimeEncryptedMessage), RSA_PKCS1_PADDING)); -+ EXPECT_EQ(Bytes("hello world"), Bytes(out, out_len)); -+} - - // TEST(RSATest, CheckFIPS) { - // bssl::UniquePtr rsa( -@@ -542,50 +542,64 @@ - // EXPECT_FALSE(key); - // } - --// TEST(RSATest, OnlyDGiven) { --// static const char kN[] = --// "00e77bbf3889d4ef36a9a25d4d69f3f632eb4362214c74517da6d6aeaa9bd09ac42b2662" --// "1cd88f3a6eb013772fc3bf9f83914b6467231c630202c35b3e5808c659"; --// static const char kE[] = "010001"; --// static const char kD[] = --// "0365db9eb6d73b53b015c40cd8db4de7dd7035c68b5ac1bf786d7a4ee2cea316eaeca21a" --// "73ac365e58713195f2ae9849348525ca855386b6d028e437a9495a01"; -- --// bssl::UniquePtr key(RSA_new()); --// ASSERT_TRUE(key); --// ASSERT_TRUE(BN_hex2bn(&key->n, kN)); --// ASSERT_TRUE(BN_hex2bn(&key->e, kE)); --// ASSERT_TRUE(BN_hex2bn(&key->d, kD)); -- --// // Keys with only n, e, and d are functional. --// EXPECT_TRUE(RSA_check_key(key.get())); -- --// const uint8_t kDummyHash[32] = {0}; --// uint8_t buf[64]; --// unsigned buf_len = sizeof(buf); --// ASSERT_LE(RSA_size(key.get()), sizeof(buf)); --// EXPECT_TRUE(RSA_sign(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, --// &buf_len, key.get())); --// EXPECT_TRUE(RSA_verify(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, --// buf_len, key.get())); -- --// // Keys without the public exponent must continue to work when blinding is --// // disabled to support Java's RSAPrivateKeySpec API. See --// // https://bugs.chromium.org/p/boringssl/issues/detail?id=12. --// bssl::UniquePtr key2(RSA_new()); --// ASSERT_TRUE(key2); --// ASSERT_TRUE(BN_hex2bn(&key2->n, kN)); --// ASSERT_TRUE(BN_hex2bn(&key2->d, kD)); --// key2->flags |= RSA_FLAG_NO_BLINDING; -- --// ASSERT_LE(RSA_size(key2.get()), sizeof(buf)); --// EXPECT_TRUE(RSA_sign(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, --// &buf_len, key2.get())); -- --// // Verify the signature with |key|. |key2| has no public exponent. --// EXPECT_TRUE(RSA_verify(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, --// buf_len, key.get())); --// } -+TEST(RSATest, OnlyDGiven) { -+ static const char kN[] = -+ "00e77bbf3889d4ef36a9a25d4d69f3f632eb4362214c74517da6d6aeaa9bd09ac42b2662" -+ "1cd88f3a6eb013772fc3bf9f83914b6467231c630202c35b3e5808c659"; -+ static const char kE[] = "010001"; -+ static const char kD[] = -+ "0365db9eb6d73b53b015c40cd8db4de7dd7035c68b5ac1bf786d7a4ee2cea316eaeca21a" -+ "73ac365e58713195f2ae9849348525ca855386b6d028e437a9495a01"; -+ -+ bssl::UniquePtr key(RSA_new()); -+ ASSERT_TRUE(key); + bssl::UniquePtr key(RSA_new()); + ASSERT_TRUE(key); +#ifdef BSSL_COMPAT + BIGNUM *n {BN_new()}; + BIGNUM *e {BN_new()}; @@ -721,114 +13,43 @@ + ASSERT_TRUE(BN_hex2bn(&d, kD)); + ASSERT_EQ(1, RSA_set0_key(key.get(), n, e, d)); +#else -+ ASSERT_TRUE(BN_hex2bn(&key->n, kN)); -+ ASSERT_TRUE(BN_hex2bn(&key->e, kE)); -+ ASSERT_TRUE(BN_hex2bn(&key->d, kD)); + ASSERT_TRUE(BN_hex2bn(&key->n, kN)); + ASSERT_TRUE(BN_hex2bn(&key->e, kE)); + ASSERT_TRUE(BN_hex2bn(&key->d, kD)); +#endif -+ + +#ifndef BSSL_COMPAT -+ // Keys with only n, e, and d are functional. -+ EXPECT_TRUE(RSA_check_key(key.get())); + // Keys with only n, e, and d are functional. + EXPECT_TRUE(RSA_check_key(key.get())); +#endif -+ -+ const uint8_t kDummyHash[32] = {0}; -+ uint8_t buf[64]; -+ unsigned buf_len = sizeof(buf); -+ ASSERT_LE(RSA_size(key.get()), sizeof(buf)); -+ EXPECT_TRUE(RSA_sign(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, -+ &buf_len, key.get())); -+ EXPECT_TRUE(RSA_verify(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, -+ buf_len, key.get())); -+ -+ // Keys without the public exponent must continue to work when blinding is -+ // disabled to support Java's RSAPrivateKeySpec API. See -+ // https://bugs.chromium.org/p/boringssl/issues/detail?id=12. + + const uint8_t kDummyHash[32] = {0}; + uint8_t buf[64]; +@@ -573,6 +585,7 @@ + // Keys without the public exponent must continue to work when blinding is + // disabled to support Java's RSAPrivateKeySpec API. See + // https://bugs.chromium.org/p/boringssl/issues/detail?id=12. +#ifndef BSSL_COMPAT -+ bssl::UniquePtr key2(RSA_new()); -+ ASSERT_TRUE(key2); -+ ASSERT_TRUE(BN_hex2bn(&key2->n, kN)); -+ ASSERT_TRUE(BN_hex2bn(&key2->d, kD)); -+ key2->flags |= RSA_FLAG_NO_BLINDING; -+ -+ ASSERT_LE(RSA_size(key2.get()), sizeof(buf)); -+ EXPECT_TRUE(RSA_sign(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, -+ &buf_len, key2.get())); -+ -+ // Verify the signature with |key|. |key2| has no public exponent. -+ EXPECT_TRUE(RSA_verify(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, -+ buf_len, key.get())); + bssl::UniquePtr key2(RSA_new()); + ASSERT_TRUE(key2); + ASSERT_TRUE(BN_hex2bn(&key2->n, kN)); +@@ -586,6 +599,7 @@ + // Verify the signature with |key|. |key2| has no public exponent. + EXPECT_TRUE(RSA_verify(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, + buf_len, key.get())); +#endif // BSSL_COMPAT -+} + } // TEST(RSATest, ASN1) { - // // Test that private keys may be decoded. -@@ -640,18 +654,18 @@ - // } - - // Attempting to generate an excessively small key should fail. --// TEST(RSATest, GenerateSmallKey) { --// bssl::UniquePtr rsa(RSA_new()); --// ASSERT_TRUE(rsa); --// bssl::UniquePtr e(BN_new()); --// ASSERT_TRUE(e); --// ASSERT_TRUE(BN_set_word(e.get(), RSA_F4)); -- --// EXPECT_FALSE(RSA_generate_key_ex(rsa.get(), 255, e.get(), nullptr)); --// uint32_t err = ERR_get_error(); --// EXPECT_EQ(ERR_LIB_RSA, ERR_GET_LIB(err)); --// EXPECT_EQ(RSA_R_KEY_SIZE_TOO_SMALL, ERR_GET_REASON(err)); --// } -+TEST(RSATest, GenerateSmallKey) { -+ bssl::UniquePtr rsa(RSA_new()); -+ ASSERT_TRUE(rsa); -+ bssl::UniquePtr e(BN_new()); -+ ASSERT_TRUE(e); -+ ASSERT_TRUE(BN_set_word(e.get(), RSA_F4)); -+ -+ EXPECT_FALSE(RSA_generate_key_ex(rsa.get(), 255, e.get(), nullptr)); -+ uint32_t err = ERR_get_error(); -+ EXPECT_EQ(ERR_LIB_RSA, ERR_GET_LIB(err)); -+ EXPECT_EQ(RSA_R_KEY_SIZE_TOO_SMALL, ERR_GET_REASON(err)); -+} - - // Attempting to generate an funny RSA key length should round down. - // TEST(RSATest, RoundKeyLengths) { -@@ -699,20 +713,24 @@ - // } - - // Test that decrypting with a public key fails gracefully rather than crashing. --// TEST(RSATest, DecryptPublic) { --// bssl::UniquePtr pub( --// RSA_public_key_from_bytes(kFIPSPublicKey, sizeof(kFIPSPublicKey) - 1)); --// ASSERT_TRUE(pub); --// ASSERT_EQ(1024u / 8u, RSA_size(pub.get())); -- --// size_t len; --// uint8_t in[1024 / 8] = {0}, out[1024 / 8]; --// EXPECT_FALSE(RSA_decrypt(pub.get(), &len, out, sizeof(out), in, sizeof(in), --// RSA_PKCS1_PADDING)); --// uint32_t err = ERR_get_error(); --// EXPECT_EQ(ERR_LIB_RSA, ERR_GET_LIB(err)); --// EXPECT_EQ(RSA_R_VALUE_MISSING, ERR_GET_REASON(err)); --// } -+TEST(RSATest, DecryptPublic) { -+ bssl::UniquePtr pub( -+ RSA_public_key_from_bytes(kFIPSPublicKey, sizeof(kFIPSPublicKey) - 1)); -+ ASSERT_TRUE(pub); -+ ASSERT_EQ(1024u / 8u, RSA_size(pub.get())); -+ -+ size_t len; -+ uint8_t in[1024 / 8] = {0}, out[1024 / 8]; -+ EXPECT_FALSE(RSA_decrypt(pub.get(), &len, out, sizeof(out), in, sizeof(in), -+ RSA_PKCS1_PADDING)); -+ uint32_t err = ERR_get_error(); -+ EXPECT_EQ(ERR_LIB_RSA, ERR_GET_LIB(err)); +@@ -712,7 +726,11 @@ + RSA_PKCS1_PADDING)); + uint32_t err = ERR_get_error(); + EXPECT_EQ(ERR_LIB_RSA, ERR_GET_LIB(err)); +#ifdef BSSL_COMPAT + EXPECT_EQ(ossl_RSA_R_MISSING_PRIVATE_KEY, ERR_GET_REASON(err)); +#else -+ EXPECT_EQ(RSA_R_VALUE_MISSING, ERR_GET_REASON(err)); + EXPECT_EQ(RSA_R_VALUE_MISSING, ERR_GET_REASON(err)); +#endif -+} + } // TEST(RSATest, CheckKey) { - // static const char kN[] = diff --git a/bssl-compat/patch/source/crypto/rsa_extra/rsa_test.cc.sh b/bssl-compat/patch/source/crypto/rsa_extra/rsa_test.cc.sh new file mode 100755 index 0000000000..dbbb454b1d --- /dev/null +++ b/bssl-compat/patch/source/crypto/rsa_extra/rsa_test.cc.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment \ + --uncomment-regex '#include' \ + --comment-regex '#include "../fipsmodule' \ + --uncomment-regex 'static\s*const\s*.*\ -+#include - --// #include -+#include - --// #include --// #include --// #include --// #include -+#include -+#include -+#include -+#include - --// #include -+#include - --// #include -+#include - - - // Define a custom stack type for testing. --// using TEST_INT = int; -+using TEST_INT = int; - --// static void TEST_INT_free(TEST_INT *x) { OPENSSL_free(x); } -+static void TEST_INT_free(TEST_INT *x) { OPENSSL_free(x); } - --// BSSL_NAMESPACE_BEGIN --// BORINGSSL_MAKE_DELETER(TEST_INT, TEST_INT_free) --// BSSL_NAMESPACE_END -- --// static bssl::UniquePtr TEST_INT_new(int x) { --// bssl::UniquePtr ret( --// static_cast(OPENSSL_malloc(sizeof(TEST_INT)))); --// if (!ret) { --// return nullptr; --// } --// *ret = x; --// return ret; --// } -- --// DEFINE_STACK_OF(TEST_INT) -- --// struct ShallowStackDeleter { --// void operator()(STACK_OF(TEST_INT) *sk) const { sk_TEST_INT_free(sk); } --// }; -+BSSL_NAMESPACE_BEGIN -+BORINGSSL_MAKE_DELETER(TEST_INT, TEST_INT_free) -+BSSL_NAMESPACE_END -+ -+static bssl::UniquePtr TEST_INT_new(int x) { -+ bssl::UniquePtr ret( -+ static_cast(OPENSSL_malloc(sizeof(TEST_INT)))); -+ if (!ret) { -+ return nullptr; -+ } -+ *ret = x; -+ return ret; -+} -+ -+DEFINE_STACK_OF(TEST_INT) -+ -+struct ShallowStackDeleter { -+ void operator()(STACK_OF(TEST_INT) *sk) const { sk_TEST_INT_free(sk); } -+}; - --// using ShallowStack = std::unique_ptr; -+using ShallowStack = std::unique_ptr; - - // kNull is treated as a nullptr expectation for purposes of ExpectStackEquals. - // The tests in this file will never use it as a test value. --// static const int kNull = INT_MIN; -+static const int kNull = INT_MIN; - --// static void ExpectStackEquals(const STACK_OF(TEST_INT) *sk, --// const std::vector &vec) { --// EXPECT_EQ(vec.size(), sk_TEST_INT_num(sk)); --// for (size_t i = 0; i < vec.size(); i++) { --// SCOPED_TRACE(i); --// const TEST_INT *obj = sk_TEST_INT_value(sk, i); --// if (vec[i] == kNull) { --// EXPECT_FALSE(obj); --// } else { --// EXPECT_TRUE(obj); --// if (obj) { --// EXPECT_EQ(vec[i], *obj); --// } --// } --// } -- --// // Reading out-of-bounds fails. --// EXPECT_FALSE(sk_TEST_INT_value(sk, vec.size())); --// EXPECT_FALSE(sk_TEST_INT_value(sk, vec.size() + 1)); --// } -- --// TEST(StackTest, Basic) { --// bssl::UniquePtr sk(sk_TEST_INT_new_null()); --// ASSERT_TRUE(sk); -- --// // The stack starts out empty. --// ExpectStackEquals(sk.get(), {}); -- --// // Removing elements from an empty stack does nothing. --// EXPECT_FALSE(sk_TEST_INT_pop(sk.get())); --// EXPECT_FALSE(sk_TEST_INT_shift(sk.get())); --// EXPECT_FALSE(sk_TEST_INT_delete(sk.get(), 0)); -- --// // Push some elements. --// for (int i = 0; i < 6; i++) { --// auto value = TEST_INT_new(i); --// ASSERT_TRUE(value); --// ASSERT_TRUE(bssl::PushToStack(sk.get(), std::move(value))); --// } -- --// ExpectStackEquals(sk.get(), {0, 1, 2, 3, 4, 5}); -- --// // Items may be inserted in the middle. --// auto value = TEST_INT_new(6); --// ASSERT_TRUE(value); --// // Hold on to the object for later. --// TEST_INT *raw = value.get(); --// ASSERT_TRUE(sk_TEST_INT_insert(sk.get(), value.get(), 4)); --// value.release(); // sk_TEST_INT_insert takes ownership on success. -- --// ExpectStackEquals(sk.get(), {0, 1, 2, 3, 6, 4, 5}); -- --// // Without a comparison function, find searches by pointer. --// value = TEST_INT_new(6); --// ASSERT_TRUE(value); --// size_t index; --// EXPECT_FALSE(sk_TEST_INT_find(sk.get(), &index, value.get())); --// ASSERT_TRUE(sk_TEST_INT_find(sk.get(), &index, raw)); --// EXPECT_EQ(4u, index); -- --// // sk_TEST_INT_insert can also insert values at the end. --// value = TEST_INT_new(7); --// ASSERT_TRUE(value); --// ASSERT_TRUE(sk_TEST_INT_insert(sk.get(), value.get(), 7)); --// value.release(); // sk_TEST_INT_insert takes ownership on success. -- --// ExpectStackEquals(sk.get(), {0, 1, 2, 3, 6, 4, 5, 7}); -- --// // Out-of-bounds indices are clamped. --// value = TEST_INT_new(8); --// ASSERT_TRUE(value); --// ASSERT_TRUE(sk_TEST_INT_insert(sk.get(), value.get(), 999)); --// value.release(); // sk_TEST_INT_insert takes ownership on success. -- --// ExpectStackEquals(sk.get(), {0, 1, 2, 3, 6, 4, 5, 7, 8}); -- --// // Test removing elements from various places. --// bssl::UniquePtr removed(sk_TEST_INT_pop(sk.get())); --// EXPECT_EQ(8, *removed); --// ExpectStackEquals(sk.get(), {0, 1, 2, 3, 6, 4, 5, 7}); -- --// removed.reset(sk_TEST_INT_shift(sk.get())); --// EXPECT_EQ(0, *removed); --// ExpectStackEquals(sk.get(), {1, 2, 3, 6, 4, 5, 7}); -- --// removed.reset(sk_TEST_INT_delete(sk.get(), 2)); --// EXPECT_EQ(3, *removed); --// ExpectStackEquals(sk.get(), {1, 2, 6, 4, 5, 7}); -- --// // Objects may also be deleted by pointer. --// removed.reset(sk_TEST_INT_delete_ptr(sk.get(), raw)); --// EXPECT_EQ(raw, removed.get()); --// ExpectStackEquals(sk.get(), {1, 2, 4, 5, 7}); -- --// // Deleting is a no-op is the object is not found. --// value = TEST_INT_new(100); --// ASSERT_TRUE(value); --// EXPECT_FALSE(sk_TEST_INT_delete_ptr(sk.get(), value.get())); -- --// // Insert nullptr to test deep copy handling of it. --// ASSERT_TRUE(sk_TEST_INT_insert(sk.get(), nullptr, 0)); --// ExpectStackEquals(sk.get(), {kNull, 1, 2, 4, 5, 7}); -- --// // Test both deep and shallow copies. --// bssl::UniquePtr copy(sk_TEST_INT_deep_copy( --// sk.get(), --// [](TEST_INT *x) -> TEST_INT * { --// return x == nullptr ? nullptr : TEST_INT_new(*x).release(); --// }, --// TEST_INT_free)); --// ASSERT_TRUE(copy); --// ExpectStackEquals(copy.get(), {kNull, 1, 2, 4, 5, 7}); -- --// ShallowStack shallow(sk_TEST_INT_dup(sk.get())); --// ASSERT_TRUE(shallow); --// ASSERT_EQ(sk_TEST_INT_num(sk.get()), sk_TEST_INT_num(shallow.get())); --// for (size_t i = 0; i < sk_TEST_INT_num(sk.get()); i++) { --// EXPECT_EQ(sk_TEST_INT_value(sk.get(), i), --// sk_TEST_INT_value(shallow.get(), i)); --// } -- --// // Deep copies may fail. This should clean up temporaries. --// EXPECT_FALSE(sk_TEST_INT_deep_copy(sk.get(), --// [](TEST_INT *x) -> TEST_INT * { --// return x == nullptr || *x == 4 --// ? nullptr --// : TEST_INT_new(*x).release(); --// }, --// TEST_INT_free)); -- --// // sk_TEST_INT_zero clears a stack, but does not free the elements. --// ShallowStack shallow2(sk_TEST_INT_dup(sk.get())); --// ASSERT_TRUE(shallow2); --// sk_TEST_INT_zero(shallow2.get()); --// ExpectStackEquals(shallow2.get(), {}); --// } -- --// TEST(StackTest, BigStack) { --// bssl::UniquePtr sk(sk_TEST_INT_new_null()); --// ASSERT_TRUE(sk); -- --// std::vector expected; --// static const int kCount = 100000; --// for (int i = 0; i < kCount; i++) { --// auto value = TEST_INT_new(i); --// ASSERT_TRUE(value); --// ASSERT_TRUE(bssl::PushToStack(sk.get(), std::move(value))); --// expected.push_back(i); --// } --// ExpectStackEquals(sk.get(), expected); --// } -- --// static uint64_t g_compare_count = 0; -- --// static int compare(const TEST_INT **a, const TEST_INT **b) { --// g_compare_count++; --// if (**a < **b) { --// return -1; --// } --// if (**a > **b) { --// return 1; --// } --// return 0; --// } -- --// static int compare_reverse(const TEST_INT **a, const TEST_INT **b) { --// return -compare(a, b); --// } -- --// TEST(StackTest, Sorted) { --// std::vector vec_sorted = {0, 1, 2, 3, 4, 5, 6}; --// std::vector vec = vec_sorted; --// do { --// bssl::UniquePtr sk(sk_TEST_INT_new(compare)); --// ASSERT_TRUE(sk); --// for (int v : vec) { --// auto value = TEST_INT_new(v); --// ASSERT_TRUE(value); --// ASSERT_TRUE(bssl::PushToStack(sk.get(), std::move(value))); --// } -- --// // The stack is not (known to be) sorted. --// EXPECT_FALSE(sk_TEST_INT_is_sorted(sk.get())); -- --// // With a comparison function, find matches by value. --// auto ten = TEST_INT_new(10); --// ASSERT_TRUE(ten); --// size_t index; --// EXPECT_FALSE(sk_TEST_INT_find(sk.get(), &index, ten.get())); -- --// auto three = TEST_INT_new(3); --// ASSERT_TRUE(three); --// ASSERT_TRUE(sk_TEST_INT_find(sk.get(), &index, three.get())); --// EXPECT_EQ(3, *sk_TEST_INT_value(sk.get(), index)); -- --// sk_TEST_INT_sort(sk.get()); --// EXPECT_TRUE(sk_TEST_INT_is_sorted(sk.get())); --// ExpectStackEquals(sk.get(), vec_sorted); -- --// // Sorting an already-sorted list is a no-op. --// uint64_t old_compare_count = g_compare_count; --// sk_TEST_INT_sort(sk.get()); --// EXPECT_EQ(old_compare_count, g_compare_count); --// EXPECT_TRUE(sk_TEST_INT_is_sorted(sk.get())); --// ExpectStackEquals(sk.get(), vec_sorted); -- --// // When sorted, find uses binary search. --// ASSERT_TRUE(ten); --// EXPECT_FALSE(sk_TEST_INT_find(sk.get(), &index, ten.get())); -- --// ASSERT_TRUE(three); --// ASSERT_TRUE(sk_TEST_INT_find(sk.get(), &index, three.get())); --// EXPECT_EQ(3u, index); -- --// // Copies preserve comparison and sorted information. --// bssl::UniquePtr copy(sk_TEST_INT_deep_copy( --// sk.get(), --// [](TEST_INT *x) -> TEST_INT * { return TEST_INT_new(*x).release(); }, --// TEST_INT_free)); --// ASSERT_TRUE(copy); --// EXPECT_TRUE(sk_TEST_INT_is_sorted(copy.get())); --// ASSERT_TRUE(sk_TEST_INT_find(copy.get(), &index, three.get())); --// EXPECT_EQ(3u, index); -- --// ShallowStack copy2(sk_TEST_INT_dup(sk.get())); --// ASSERT_TRUE(copy2); --// EXPECT_TRUE(sk_TEST_INT_is_sorted(copy2.get())); --// ASSERT_TRUE(sk_TEST_INT_find(copy2.get(), &index, three.get())); --// EXPECT_EQ(3u, index); -- --// // Removing elements does not affect sortedness. --// TEST_INT_free(sk_TEST_INT_delete(sk.get(), 0)); --// EXPECT_TRUE(sk_TEST_INT_is_sorted(sk.get())); -- --// // Changing the comparison function invalidates sortedness. --// sk_TEST_INT_set_cmp_func(sk.get(), compare_reverse); --// EXPECT_FALSE(sk_TEST_INT_is_sorted(sk.get())); --// ASSERT_TRUE(sk_TEST_INT_find(sk.get(), &index, three.get())); --// EXPECT_EQ(2u, index); -- --// sk_TEST_INT_sort(sk.get()); --// ExpectStackEquals(sk.get(), {6, 5, 4, 3, 2, 1}); --// ASSERT_TRUE(sk_TEST_INT_find(sk.get(), &index, three.get())); --// EXPECT_EQ(3u, index); -- --// // Inserting a new element invalidates sortedness. --// auto tmp = TEST_INT_new(10); --// ASSERT_TRUE(tmp); --// ASSERT_TRUE(bssl::PushToStack(sk.get(), std::move(tmp))); --// EXPECT_FALSE(sk_TEST_INT_is_sorted(sk.get())); --// ASSERT_TRUE(sk_TEST_INT_find(sk.get(), &index, ten.get())); --// EXPECT_EQ(6u, index); --// } while (std::next_permutation(vec.begin(), vec.end())); --// } -+static void ExpectStackEquals(const STACK_OF(TEST_INT) *sk, -+ const std::vector &vec) { -+ EXPECT_EQ(vec.size(), sk_TEST_INT_num(sk)); -+ for (size_t i = 0; i < vec.size(); i++) { -+ SCOPED_TRACE(i); -+ const TEST_INT *obj = sk_TEST_INT_value(sk, i); -+ if (vec[i] == kNull) { -+ EXPECT_FALSE(obj); -+ } else { -+ EXPECT_TRUE(obj); -+ if (obj) { -+ EXPECT_EQ(vec[i], *obj); -+ } -+ } -+ } -+ -+ // Reading out-of-bounds fails. -+ EXPECT_FALSE(sk_TEST_INT_value(sk, vec.size())); -+ EXPECT_FALSE(sk_TEST_INT_value(sk, vec.size() + 1)); -+} -+ -+TEST(StackTest, Basic) { -+ bssl::UniquePtr sk(sk_TEST_INT_new_null()); -+ ASSERT_TRUE(sk); -+ -+ // The stack starts out empty. -+ ExpectStackEquals(sk.get(), {}); -+ -+ // Removing elements from an empty stack does nothing. -+ EXPECT_FALSE(sk_TEST_INT_pop(sk.get())); -+ EXPECT_FALSE(sk_TEST_INT_shift(sk.get())); -+ EXPECT_FALSE(sk_TEST_INT_delete(sk.get(), 0)); -+ -+ // Push some elements. -+ for (int i = 0; i < 6; i++) { -+ auto value = TEST_INT_new(i); -+ ASSERT_TRUE(value); -+ ASSERT_TRUE(bssl::PushToStack(sk.get(), std::move(value))); -+ } -+ -+ ExpectStackEquals(sk.get(), {0, 1, 2, 3, 4, 5}); -+ -+ // Items may be inserted in the middle. -+ auto value = TEST_INT_new(6); -+ ASSERT_TRUE(value); -+ // Hold on to the object for later. -+ TEST_INT *raw = value.get(); -+ ASSERT_TRUE(sk_TEST_INT_insert(sk.get(), value.get(), 4)); -+ value.release(); // sk_TEST_INT_insert takes ownership on success. -+ -+ ExpectStackEquals(sk.get(), {0, 1, 2, 3, 6, 4, 5}); -+ -+ // Without a comparison function, find searches by pointer. -+ value = TEST_INT_new(6); -+ ASSERT_TRUE(value); -+ size_t index; -+ EXPECT_FALSE(sk_TEST_INT_find(sk.get(), &index, value.get())); -+ ASSERT_TRUE(sk_TEST_INT_find(sk.get(), &index, raw)); -+ EXPECT_EQ(4u, index); -+ -+ // sk_TEST_INT_insert can also insert values at the end. -+ value = TEST_INT_new(7); -+ ASSERT_TRUE(value); -+ ASSERT_TRUE(sk_TEST_INT_insert(sk.get(), value.get(), 7)); -+ value.release(); // sk_TEST_INT_insert takes ownership on success. -+ -+ ExpectStackEquals(sk.get(), {0, 1, 2, 3, 6, 4, 5, 7}); -+ -+ // Out-of-bounds indices are clamped. -+ value = TEST_INT_new(8); -+ ASSERT_TRUE(value); -+ ASSERT_TRUE(sk_TEST_INT_insert(sk.get(), value.get(), 999)); -+ value.release(); // sk_TEST_INT_insert takes ownership on success. -+ -+ ExpectStackEquals(sk.get(), {0, 1, 2, 3, 6, 4, 5, 7, 8}); -+ -+ // Test removing elements from various places. -+ bssl::UniquePtr removed(sk_TEST_INT_pop(sk.get())); -+ EXPECT_EQ(8, *removed); -+ ExpectStackEquals(sk.get(), {0, 1, 2, 3, 6, 4, 5, 7}); -+ -+ removed.reset(sk_TEST_INT_shift(sk.get())); -+ EXPECT_EQ(0, *removed); -+ ExpectStackEquals(sk.get(), {1, 2, 3, 6, 4, 5, 7}); -+ -+ removed.reset(sk_TEST_INT_delete(sk.get(), 2)); -+ EXPECT_EQ(3, *removed); -+ ExpectStackEquals(sk.get(), {1, 2, 6, 4, 5, 7}); -+ -+ // Objects may also be deleted by pointer. -+ removed.reset(sk_TEST_INT_delete_ptr(sk.get(), raw)); -+ EXPECT_EQ(raw, removed.get()); -+ ExpectStackEquals(sk.get(), {1, 2, 4, 5, 7}); -+ -+ // Deleting is a no-op is the object is not found. -+ value = TEST_INT_new(100); -+ ASSERT_TRUE(value); -+ EXPECT_FALSE(sk_TEST_INT_delete_ptr(sk.get(), value.get())); -+ -+ // Insert nullptr to test deep copy handling of it. -+ ASSERT_TRUE(sk_TEST_INT_insert(sk.get(), nullptr, 0)); -+ ExpectStackEquals(sk.get(), {kNull, 1, 2, 4, 5, 7}); -+ -+ // Test both deep and shallow copies. -+ bssl::UniquePtr copy(sk_TEST_INT_deep_copy( -+ sk.get(), -+ [](TEST_INT *x) -> TEST_INT * { -+ return x == nullptr ? nullptr : TEST_INT_new(*x).release(); -+ }, -+ TEST_INT_free)); -+ ASSERT_TRUE(copy); -+ ExpectStackEquals(copy.get(), {kNull, 1, 2, 4, 5, 7}); -+ -+ ShallowStack shallow(sk_TEST_INT_dup(sk.get())); -+ ASSERT_TRUE(shallow); -+ ASSERT_EQ(sk_TEST_INT_num(sk.get()), sk_TEST_INT_num(shallow.get())); -+ for (size_t i = 0; i < sk_TEST_INT_num(sk.get()); i++) { -+ EXPECT_EQ(sk_TEST_INT_value(sk.get(), i), -+ sk_TEST_INT_value(shallow.get(), i)); -+ } -+ -+ // Deep copies may fail. This should clean up temporaries. -+ EXPECT_FALSE(sk_TEST_INT_deep_copy(sk.get(), -+ [](TEST_INT *x) -> TEST_INT * { -+ return x == nullptr || *x == 4 -+ ? nullptr -+ : TEST_INT_new(*x).release(); -+ }, -+ TEST_INT_free)); -+ -+ // sk_TEST_INT_zero clears a stack, but does not free the elements. -+ ShallowStack shallow2(sk_TEST_INT_dup(sk.get())); -+ ASSERT_TRUE(shallow2); -+ sk_TEST_INT_zero(shallow2.get()); -+ ExpectStackEquals(shallow2.get(), {}); -+} -+ -+TEST(StackTest, BigStack) { -+ bssl::UniquePtr sk(sk_TEST_INT_new_null()); -+ ASSERT_TRUE(sk); -+ -+ std::vector expected; -+ static const int kCount = 100000; -+ for (int i = 0; i < kCount; i++) { -+ auto value = TEST_INT_new(i); -+ ASSERT_TRUE(value); -+ ASSERT_TRUE(bssl::PushToStack(sk.get(), std::move(value))); -+ expected.push_back(i); -+ } -+ ExpectStackEquals(sk.get(), expected); -+} -+ -+static uint64_t g_compare_count = 0; -+ -+static int compare(const TEST_INT **a, const TEST_INT **b) { -+ g_compare_count++; -+ if (**a < **b) { -+ return -1; -+ } -+ if (**a > **b) { -+ return 1; -+ } -+ return 0; -+} -+ -+static int compare_reverse(const TEST_INT **a, const TEST_INT **b) { -+ return -compare(a, b); -+} -+ -+TEST(StackTest, Sorted) { -+ std::vector vec_sorted = {0, 1, 2, 3, 4, 5, 6}; -+ std::vector vec = vec_sorted; -+ do { -+ bssl::UniquePtr sk(sk_TEST_INT_new(compare)); -+ ASSERT_TRUE(sk); -+ for (int v : vec) { -+ auto value = TEST_INT_new(v); -+ ASSERT_TRUE(value); -+ ASSERT_TRUE(bssl::PushToStack(sk.get(), std::move(value))); -+ } -+ -+ // The stack is not (known to be) sorted. -+ EXPECT_FALSE(sk_TEST_INT_is_sorted(sk.get())); -+ -+ // With a comparison function, find matches by value. -+ auto ten = TEST_INT_new(10); -+ ASSERT_TRUE(ten); -+ size_t index; -+ EXPECT_FALSE(sk_TEST_INT_find(sk.get(), &index, ten.get())); -+ -+ auto three = TEST_INT_new(3); -+ ASSERT_TRUE(three); -+ ASSERT_TRUE(sk_TEST_INT_find(sk.get(), &index, three.get())); -+ EXPECT_EQ(3, *sk_TEST_INT_value(sk.get(), index)); -+ -+ sk_TEST_INT_sort(sk.get()); -+ EXPECT_TRUE(sk_TEST_INT_is_sorted(sk.get())); -+ ExpectStackEquals(sk.get(), vec_sorted); -+ -+ // Sorting an already-sorted list is a no-op. -+ uint64_t old_compare_count = g_compare_count; -+ sk_TEST_INT_sort(sk.get()); -+ EXPECT_EQ(old_compare_count, g_compare_count); -+ EXPECT_TRUE(sk_TEST_INT_is_sorted(sk.get())); -+ ExpectStackEquals(sk.get(), vec_sorted); -+ -+ // When sorted, find uses binary search. -+ ASSERT_TRUE(ten); -+ EXPECT_FALSE(sk_TEST_INT_find(sk.get(), &index, ten.get())); -+ -+ ASSERT_TRUE(three); -+ ASSERT_TRUE(sk_TEST_INT_find(sk.get(), &index, three.get())); -+ EXPECT_EQ(3u, index); -+ -+ // Copies preserve comparison and sorted information. -+ bssl::UniquePtr copy(sk_TEST_INT_deep_copy( -+ sk.get(), -+ [](TEST_INT *x) -> TEST_INT * { return TEST_INT_new(*x).release(); }, -+ TEST_INT_free)); -+ ASSERT_TRUE(copy); -+ EXPECT_TRUE(sk_TEST_INT_is_sorted(copy.get())); -+ ASSERT_TRUE(sk_TEST_INT_find(copy.get(), &index, three.get())); -+ EXPECT_EQ(3u, index); -+ -+ ShallowStack copy2(sk_TEST_INT_dup(sk.get())); -+ ASSERT_TRUE(copy2); -+ EXPECT_TRUE(sk_TEST_INT_is_sorted(copy2.get())); -+ ASSERT_TRUE(sk_TEST_INT_find(copy2.get(), &index, three.get())); -+ EXPECT_EQ(3u, index); -+ -+ // Removing elements does not affect sortedness. -+ TEST_INT_free(sk_TEST_INT_delete(sk.get(), 0)); -+ EXPECT_TRUE(sk_TEST_INT_is_sorted(sk.get())); -+ -+ // Changing the comparison function invalidates sortedness. -+ sk_TEST_INT_set_cmp_func(sk.get(), compare_reverse); -+ EXPECT_FALSE(sk_TEST_INT_is_sorted(sk.get())); -+ ASSERT_TRUE(sk_TEST_INT_find(sk.get(), &index, three.get())); -+ EXPECT_EQ(2u, index); -+ -+ sk_TEST_INT_sort(sk.get()); -+ ExpectStackEquals(sk.get(), {6, 5, 4, 3, 2, 1}); -+ ASSERT_TRUE(sk_TEST_INT_find(sk.get(), &index, three.get())); -+ EXPECT_EQ(3u, index); -+ -+ // Inserting a new element invalidates sortedness. -+ auto tmp = TEST_INT_new(10); -+ ASSERT_TRUE(tmp); -+ ASSERT_TRUE(bssl::PushToStack(sk.get(), std::move(tmp))); -+ EXPECT_FALSE(sk_TEST_INT_is_sorted(sk.get())); -+ ASSERT_TRUE(sk_TEST_INT_find(sk.get(), &index, ten.get())); -+ EXPECT_EQ(6u, index); -+ } while (std::next_permutation(vec.begin(), vec.end())); -+} - - // sk_*_find should return the first matching element in all cases. --// TEST(StackTest, FindFirst) { --// bssl::UniquePtr sk(sk_TEST_INT_new(compare)); --// auto value = TEST_INT_new(1); --// ASSERT_TRUE(value); --// ASSERT_TRUE(bssl::PushToStack(sk.get(), std::move(value))); --// for (int i = 0; i < 10; i++) { --// value = TEST_INT_new(2); --// ASSERT_TRUE(value); --// ASSERT_TRUE(bssl::PushToStack(sk.get(), std::move(value))); --// } -- --// const TEST_INT *two = sk_TEST_INT_value(sk.get(), 1); --// // Pointer-based equality. --// size_t index; --// ASSERT_TRUE(sk_TEST_INT_find(sk.get(), &index, two)); --// EXPECT_EQ(1u, index); -- --// // Comparator-based equality, unsorted. --// sk_TEST_INT_set_cmp_func(sk.get(), compare); --// EXPECT_FALSE(sk_TEST_INT_is_sorted(sk.get())); --// ASSERT_TRUE(sk_TEST_INT_find(sk.get(), &index, two)); --// EXPECT_EQ(1u, index); -- --// // Comparator-based equality, sorted. --// sk_TEST_INT_sort(sk.get()); --// EXPECT_TRUE(sk_TEST_INT_is_sorted(sk.get())); --// ASSERT_TRUE(sk_TEST_INT_find(sk.get(), &index, two)); --// EXPECT_EQ(1u, index); -- --// // Comparator-based equality, sorted and at the front. --// sk_TEST_INT_set_cmp_func(sk.get(), compare_reverse); --// sk_TEST_INT_sort(sk.get()); --// EXPECT_TRUE(sk_TEST_INT_is_sorted(sk.get())); --// ASSERT_TRUE(sk_TEST_INT_find(sk.get(), &index, two)); --// EXPECT_EQ(0u, index); --// } -+TEST(StackTest, FindFirst) { -+ bssl::UniquePtr sk(sk_TEST_INT_new(compare)); -+ auto value = TEST_INT_new(1); -+ ASSERT_TRUE(value); -+ ASSERT_TRUE(bssl::PushToStack(sk.get(), std::move(value))); -+ for (int i = 0; i < 10; i++) { -+ value = TEST_INT_new(2); -+ ASSERT_TRUE(value); -+ ASSERT_TRUE(bssl::PushToStack(sk.get(), std::move(value))); -+ } -+ -+ const TEST_INT *two = sk_TEST_INT_value(sk.get(), 1); -+ // Pointer-based equality. -+ size_t index; -+ ASSERT_TRUE(sk_TEST_INT_find(sk.get(), &index, two)); -+ EXPECT_EQ(1u, index); -+ -+ // Comparator-based equality, unsorted. -+ sk_TEST_INT_set_cmp_func(sk.get(), compare); -+ EXPECT_FALSE(sk_TEST_INT_is_sorted(sk.get())); -+ ASSERT_TRUE(sk_TEST_INT_find(sk.get(), &index, two)); -+ EXPECT_EQ(1u, index); -+ -+ // Comparator-based equality, sorted. -+ sk_TEST_INT_sort(sk.get()); -+ EXPECT_TRUE(sk_TEST_INT_is_sorted(sk.get())); -+ ASSERT_TRUE(sk_TEST_INT_find(sk.get(), &index, two)); -+ EXPECT_EQ(1u, index); -+ -+ // Comparator-based equality, sorted and at the front. -+ sk_TEST_INT_set_cmp_func(sk.get(), compare_reverse); -+ sk_TEST_INT_sort(sk.get()); -+ EXPECT_TRUE(sk_TEST_INT_is_sorted(sk.get())); -+ ASSERT_TRUE(sk_TEST_INT_find(sk.get(), &index, two)); -+ EXPECT_EQ(0u, index); -+} - - // Exhaustively test the binary search. --// TEST(StackTest, BinarySearch) { --// static const size_t kCount = 100; --// for (size_t i = 0; i < kCount; i++) { --// SCOPED_TRACE(i); --// for (size_t j = i; j <= kCount; j++) { --// SCOPED_TRACE(j); --// // Make a stack where [0, i) are below, [i, j) match, and [j, kCount) are --// // above. --// bssl::UniquePtr sk(sk_TEST_INT_new(compare)); --// ASSERT_TRUE(sk); --// for (size_t k = 0; k < i; k++) { --// auto value = TEST_INT_new(-1); --// ASSERT_TRUE(value); --// ASSERT_TRUE(bssl::PushToStack(sk.get(), std::move(value))); --// } --// for (size_t k = i; k < j; k++) { --// auto value = TEST_INT_new(0); --// ASSERT_TRUE(value); --// ASSERT_TRUE(bssl::PushToStack(sk.get(), std::move(value))); --// } --// for (size_t k = j; k < kCount; k++) { --// auto value = TEST_INT_new(1); --// ASSERT_TRUE(value); --// ASSERT_TRUE(bssl::PushToStack(sk.get(), std::move(value))); --// } --// sk_TEST_INT_sort(sk.get()); -- --// auto key = TEST_INT_new(0); --// ASSERT_TRUE(key); -- --// size_t idx; --// int found = sk_TEST_INT_find(sk.get(), &idx, key.get()); --// if (i == j) { --// EXPECT_FALSE(found); --// } else { --// ASSERT_TRUE(found); --// EXPECT_EQ(i, idx); --// } --// } --// } --// } -+TEST(StackTest, BinarySearch) { -+ static const size_t kCount = 100; -+ for (size_t i = 0; i < kCount; i++) { -+ SCOPED_TRACE(i); -+ for (size_t j = i; j <= kCount; j++) { -+ SCOPED_TRACE(j); -+ // Make a stack where [0, i) are below, [i, j) match, and [j, kCount) are -+ // above. -+ bssl::UniquePtr sk(sk_TEST_INT_new(compare)); -+ ASSERT_TRUE(sk); -+ for (size_t k = 0; k < i; k++) { -+ auto value = TEST_INT_new(-1); -+ ASSERT_TRUE(value); -+ ASSERT_TRUE(bssl::PushToStack(sk.get(), std::move(value))); -+ } -+ for (size_t k = i; k < j; k++) { -+ auto value = TEST_INT_new(0); -+ ASSERT_TRUE(value); -+ ASSERT_TRUE(bssl::PushToStack(sk.get(), std::move(value))); -+ } -+ for (size_t k = j; k < kCount; k++) { -+ auto value = TEST_INT_new(1); -+ ASSERT_TRUE(value); -+ ASSERT_TRUE(bssl::PushToStack(sk.get(), std::move(value))); -+ } -+ sk_TEST_INT_sort(sk.get()); -+ -+ auto key = TEST_INT_new(0); -+ ASSERT_TRUE(key); -+ -+ size_t idx; -+ int found = sk_TEST_INT_find(sk.get(), &idx, key.get()); -+ if (i == j) { -+ EXPECT_FALSE(found); -+ } else { -+ ASSERT_TRUE(found); -+ EXPECT_EQ(i, idx); -+ } -+ } -+ } -+} diff --git a/bssl-compat/patch/source/crypto/stack/stack_test.cc.sh b/bssl-compat/patch/source/crypto/stack/stack_test.cc.sh new file mode 100755 index 0000000000..35ae348739 --- /dev/null +++ b/bssl-compat/patch/source/crypto/stack/stack_test.cc.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" \ + --comment-gtest-func StackTest DeleteIf \ \ No newline at end of file diff --git a/bssl-compat/patch/source/crypto/test/file_test.cc.patch b/bssl-compat/patch/source/crypto/test/file_test.cc.patch deleted file mode 100644 index bf1b993790..0000000000 --- a/bssl-compat/patch/source/crypto/test/file_test.cc.patch +++ /dev/null @@ -1,582 +0,0 @@ ---- a/source/crypto/test/file_test.cc -+++ b/source/crypto/test/file_test.cc -@@ -12,256 +12,256 @@ - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - --// #include "file_test.h" -+#include "file_test.h" - --// #include --// #include -+#include -+#include - --// #include --// #include --// #include --// #include --// #include --// #include --// #include -+#include -+#include -+#include -+#include -+#include -+#include -+#include - --// #include -+#include - --// #include "../internal.h" --// #include "./test_util.h" -+#include "../internal.h" -+#include "./test_util.h" - - --// FileTest::FileTest(std::unique_ptr reader, --// std::function comment_callback, --// bool is_kas_test) --// : reader_(std::move(reader)), --// is_kas_test_(is_kas_test), --// comment_callback_(std::move(comment_callback)) {} -+FileTest::FileTest(std::unique_ptr reader, -+ std::function comment_callback, -+ bool is_kas_test) -+ : reader_(std::move(reader)), -+ is_kas_test_(is_kas_test), -+ comment_callback_(std::move(comment_callback)) {} - --// FileTest::~FileTest() {} -+FileTest::~FileTest() {} - - // FindDelimiter returns a pointer to the first '=' or ':' in |str| or nullptr - // if there is none. --// static const char *FindDelimiter(const char *str) { --// while (*str) { --// if (*str == ':' || *str == '=') { --// return str; --// } --// str++; --// } --// return nullptr; --// } -+static const char *FindDelimiter(const char *str) { -+ while (*str) { -+ if (*str == ':' || *str == '=') { -+ return str; -+ } -+ str++; -+ } -+ return nullptr; -+} - - // StripSpace returns a string containing up to |len| characters from |str| with - // leading and trailing whitespace removed. --// static std::string StripSpace(const char *str, size_t len) { --// // Remove leading space. --// while (len > 0 && isspace(*str)) { --// str++; --// len--; --// } --// while (len > 0 && isspace(str[len - 1])) { --// len--; --// } --// return std::string(str, len); --// } -- --// static std::pair ParseKeyValue(const char *str, const size_t len) { --// const char *delimiter = FindDelimiter(str); --// std::string key, value; --// if (delimiter == nullptr) { --// key = StripSpace(str, len); --// } else { --// key = StripSpace(str, delimiter - str); --// value = StripSpace(delimiter + 1, str + len - delimiter - 1); --// } --// return {key, value}; --// } -- --// FileTest::ReadResult FileTest::ReadNext() { --// // If the previous test had unused attributes or instructions, it is an error. --// if (!unused_attributes_.empty()) { --// for (const std::string &key : unused_attributes_) { --// PrintLine("Unused attribute: %s", key.c_str()); --// } --// return kReadError; --// } --// if (!unused_instructions_.empty()) { --// for (const std::string &key : unused_instructions_) { --// PrintLine("Unused instruction: %s", key.c_str()); --// } --// return kReadError; --// } -- --// ClearTest(); -- --// static const size_t kBufLen = 8192 * 4; --// std::unique_ptr buf(new char[kBufLen]); -- --// bool in_instruction_block = false; --// is_at_new_instruction_block_ = false; -- --// while (true) { --// // Read the next line. --// switch (reader_->ReadLine(buf.get(), kBufLen)) { --// case kReadError: --// fprintf(stderr, "Error reading from input at line %u.\n", line_ + 1); --// return kReadError; --// case kReadEOF: --// // EOF is a valid terminator for a test. --// return start_line_ > 0 ? kReadSuccess : kReadEOF; --// case kReadSuccess: --// break; --// } -- --// line_++; --// size_t len = strlen(buf.get()); --// if (buf[0] == '\n' || buf[0] == '\r' || buf[0] == '\0') { --// // Empty lines delimit tests. --// if (start_line_ > 0) { --// return kReadSuccess; --// } --// if (in_instruction_block) { --// in_instruction_block = false; --// // Delimit instruction block from test with a blank line. --// current_test_ += "\r\n"; --// } else if (is_kas_test_) { --// // KAS tests have random blank lines scattered around. --// current_test_ += "\r\n"; --// } --// } else if (buf[0] == '#') { --// if (is_kas_test_ && seen_non_comment_) { --// // KAS tests have comments after the initial comment block which need --// // to be included in the corresponding place in the output. --// current_test_ += std::string(buf.get()); --// } else if (comment_callback_) { --// comment_callback_(buf.get()); --// } --// // Otherwise ignore comments. --// } else if (strcmp("[B.4.2 Key Pair Generation by Testing Candidates]\r\n", --// buf.get()) == 0) { --// // The above instruction-like line is ignored because the FIPS lab's --// // request files are hopelessly inconsistent. --// } else if (buf[0] == '[') { // Inside an instruction block. --// is_at_new_instruction_block_ = true; --// seen_non_comment_ = true; --// if (start_line_ != 0) { --// // Instructions should be separate blocks. --// fprintf(stderr, "Line %u is an instruction in a test case.\n", line_); --// return kReadError; --// } --// if (!in_instruction_block) { --// ClearInstructions(); --// in_instruction_block = true; --// } -- --// // Parse the line as an instruction ("[key = value]" or "[key]"). -- --// // KAS tests contain invalid syntax. --// std::string kv = buf.get(); --// const bool is_broken_kas_instruction = --// is_kas_test_ && --// (kv == "[SHA(s) supported (Used for hashing Z): SHA512 \r\n"); -- --// if (!is_broken_kas_instruction) { --// kv = StripSpace(buf.get(), len); --// if (kv[kv.size() - 1] != ']') { --// fprintf(stderr, "Line %u, invalid instruction: '%s'\n", line_, --// kv.c_str()); --// return kReadError; --// } --// } else { --// // Just remove the newline for the broken instruction. --// kv = kv.substr(0, kv.size() - 2); --// } -- --// current_test_ += kv + "\r\n"; --// kv = std::string(kv.begin() + 1, kv.end() - 1); -- --// for (;;) { --// size_t idx = kv.find(','); --// if (idx == std::string::npos) { --// idx = kv.size(); --// } --// std::string key, value; --// std::tie(key, value) = ParseKeyValue(kv.c_str(), idx); --// instructions_[key] = value; --// if (idx == kv.size()) --// break; --// kv = kv.substr(idx + 1); --// } --// } else { --// // Parsing a test case. --// if (in_instruction_block) { --// // Some NIST CAVP test files (TDES) have a test case immediately --// // following an instruction block, without a separate blank line, some --// // of the time. --// in_instruction_block = false; --// } -- --// current_test_ += std::string(buf.get(), len); --// std::string key, value; --// std::tie(key, value) = ParseKeyValue(buf.get(), len); -- --// // Duplicate keys are rewritten to have “/2”, “/3”, … suffixes. --// std::string mapped_key = key; --// // If absent, the value will be zero-initialized. --// const size_t num_occurrences = ++attribute_count_[key]; --// if (num_occurrences > 1) { --// mapped_key += "/" + std::to_string(num_occurrences); --// } -- --// unused_attributes_.insert(mapped_key); --// attributes_[mapped_key] = value; --// if (start_line_ == 0) { --// // This is the start of a test. --// type_ = mapped_key; --// parameter_ = value; --// start_line_ = line_; --// for (const auto &kv : instructions_) { --// unused_instructions_.insert(kv.first); --// } --// } --// } --// } --// } -- --// void FileTest::PrintLine(const char *format, ...) { --// va_list args; --// va_start(args, format); -- --// fprintf(stderr, "Line %u: ", start_line_); --// vfprintf(stderr, format, args); --// fprintf(stderr, "\n"); -- --// va_end(args); --// } -- --// const std::string &FileTest::GetType() { --// OnKeyUsed(type_); --// return type_; --// } -- --// const std::string &FileTest::GetParameter() { --// OnKeyUsed(type_); --// return parameter_; --// } -- --// bool FileTest::HasAttribute(const std::string &key) { --// OnKeyUsed(key); --// return attributes_.count(key) > 0; --// } -- --// bool FileTest::GetAttribute(std::string *out_value, const std::string &key) { --// OnKeyUsed(key); --// auto iter = attributes_.find(key); --// if (iter == attributes_.end()) { --// PrintLine("Missing attribute '%s'.", key.c_str()); --// return false; --// } --// *out_value = iter->second; --// return true; --// } -+static std::string StripSpace(const char *str, size_t len) { -+ // Remove leading space. -+ while (len > 0 && isspace(*str)) { -+ str++; -+ len--; -+ } -+ while (len > 0 && isspace(str[len - 1])) { -+ len--; -+ } -+ return std::string(str, len); -+} -+ -+static std::pair ParseKeyValue(const char *str, const size_t len) { -+ const char *delimiter = FindDelimiter(str); -+ std::string key, value; -+ if (delimiter == nullptr) { -+ key = StripSpace(str, len); -+ } else { -+ key = StripSpace(str, delimiter - str); -+ value = StripSpace(delimiter + 1, str + len - delimiter - 1); -+ } -+ return {key, value}; -+} -+ -+FileTest::ReadResult FileTest::ReadNext() { -+ // If the previous test had unused attributes or instructions, it is an error. -+ if (!unused_attributes_.empty()) { -+ for (const std::string &key : unused_attributes_) { -+ PrintLine("Unused attribute: %s", key.c_str()); -+ } -+ return kReadError; -+ } -+ if (!unused_instructions_.empty()) { -+ for (const std::string &key : unused_instructions_) { -+ PrintLine("Unused instruction: %s", key.c_str()); -+ } -+ return kReadError; -+ } -+ -+ ClearTest(); -+ -+ static const size_t kBufLen = 8192 * 4; -+ std::unique_ptr buf(new char[kBufLen]); -+ -+ bool in_instruction_block = false; -+ is_at_new_instruction_block_ = false; -+ -+ while (true) { -+ // Read the next line. -+ switch (reader_->ReadLine(buf.get(), kBufLen)) { -+ case kReadError: -+ fprintf(stderr, "Error reading from input at line %u.\n", line_ + 1); -+ return kReadError; -+ case kReadEOF: -+ // EOF is a valid terminator for a test. -+ return start_line_ > 0 ? kReadSuccess : kReadEOF; -+ case kReadSuccess: -+ break; -+ } -+ -+ line_++; -+ size_t len = strlen(buf.get()); -+ if (buf[0] == '\n' || buf[0] == '\r' || buf[0] == '\0') { -+ // Empty lines delimit tests. -+ if (start_line_ > 0) { -+ return kReadSuccess; -+ } -+ if (in_instruction_block) { -+ in_instruction_block = false; -+ // Delimit instruction block from test with a blank line. -+ current_test_ += "\r\n"; -+ } else if (is_kas_test_) { -+ // KAS tests have random blank lines scattered around. -+ current_test_ += "\r\n"; -+ } -+ } else if (buf[0] == '#') { -+ if (is_kas_test_ && seen_non_comment_) { -+ // KAS tests have comments after the initial comment block which need -+ // to be included in the corresponding place in the output. -+ current_test_ += std::string(buf.get()); -+ } else if (comment_callback_) { -+ comment_callback_(buf.get()); -+ } -+ // Otherwise ignore comments. -+ } else if (strcmp("[B.4.2 Key Pair Generation by Testing Candidates]\r\n", -+ buf.get()) == 0) { -+ // The above instruction-like line is ignored because the FIPS lab's -+ // request files are hopelessly inconsistent. -+ } else if (buf[0] == '[') { // Inside an instruction block. -+ is_at_new_instruction_block_ = true; -+ seen_non_comment_ = true; -+ if (start_line_ != 0) { -+ // Instructions should be separate blocks. -+ fprintf(stderr, "Line %u is an instruction in a test case.\n", line_); -+ return kReadError; -+ } -+ if (!in_instruction_block) { -+ ClearInstructions(); -+ in_instruction_block = true; -+ } -+ -+ // Parse the line as an instruction ("[key = value]" or "[key]"). -+ -+ // KAS tests contain invalid syntax. -+ std::string kv = buf.get(); -+ const bool is_broken_kas_instruction = -+ is_kas_test_ && -+ (kv == "[SHA(s) supported (Used for hashing Z): SHA512 \r\n"); -+ -+ if (!is_broken_kas_instruction) { -+ kv = StripSpace(buf.get(), len); -+ if (kv[kv.size() - 1] != ']') { -+ fprintf(stderr, "Line %u, invalid instruction: '%s'\n", line_, -+ kv.c_str()); -+ return kReadError; -+ } -+ } else { -+ // Just remove the newline for the broken instruction. -+ kv = kv.substr(0, kv.size() - 2); -+ } -+ -+ current_test_ += kv + "\r\n"; -+ kv = std::string(kv.begin() + 1, kv.end() - 1); -+ -+ for (;;) { -+ size_t idx = kv.find(','); -+ if (idx == std::string::npos) { -+ idx = kv.size(); -+ } -+ std::string key, value; -+ std::tie(key, value) = ParseKeyValue(kv.c_str(), idx); -+ instructions_[key] = value; -+ if (idx == kv.size()) -+ break; -+ kv = kv.substr(idx + 1); -+ } -+ } else { -+ // Parsing a test case. -+ if (in_instruction_block) { -+ // Some NIST CAVP test files (TDES) have a test case immediately -+ // following an instruction block, without a separate blank line, some -+ // of the time. -+ in_instruction_block = false; -+ } -+ -+ current_test_ += std::string(buf.get(), len); -+ std::string key, value; -+ std::tie(key, value) = ParseKeyValue(buf.get(), len); -+ -+ // Duplicate keys are rewritten to have “/2”, “/3”, … suffixes. -+ std::string mapped_key = key; -+ // If absent, the value will be zero-initialized. -+ const size_t num_occurrences = ++attribute_count_[key]; -+ if (num_occurrences > 1) { -+ mapped_key += "/" + std::to_string(num_occurrences); -+ } -+ -+ unused_attributes_.insert(mapped_key); -+ attributes_[mapped_key] = value; -+ if (start_line_ == 0) { -+ // This is the start of a test. -+ type_ = mapped_key; -+ parameter_ = value; -+ start_line_ = line_; -+ for (const auto &kv : instructions_) { -+ unused_instructions_.insert(kv.first); -+ } -+ } -+ } -+ } -+} -+ -+void FileTest::PrintLine(const char *format, ...) { -+ va_list args; -+ va_start(args, format); -+ -+ fprintf(stderr, "Line %u: ", start_line_); -+ vfprintf(stderr, format, args); -+ fprintf(stderr, "\n"); -+ -+ va_end(args); -+} -+ -+const std::string &FileTest::GetType() { -+ OnKeyUsed(type_); -+ return type_; -+} -+ -+const std::string &FileTest::GetParameter() { -+ OnKeyUsed(type_); -+ return parameter_; -+} -+ -+bool FileTest::HasAttribute(const std::string &key) { -+ OnKeyUsed(key); -+ return attributes_.count(key) > 0; -+} -+ -+bool FileTest::GetAttribute(std::string *out_value, const std::string &key) { -+ OnKeyUsed(key); -+ auto iter = attributes_.find(key); -+ if (iter == attributes_.end()) { -+ PrintLine("Missing attribute '%s'.", key.c_str()); -+ return false; -+ } -+ *out_value = iter->second; -+ return true; -+} - - // const std::string &FileTest::GetAttributeOrDie(const std::string &key) { - // if (!HasAttribute(key)) { -@@ -307,48 +307,48 @@ - // return current_test_; - // } - --// bool FileTest::GetBytes(std::vector *out, const std::string &key) { --// std::string value; --// return GetAttribute(&value, key) && ConvertToBytes(out, value); --// } -- --// void FileTest::ClearTest() { --// start_line_ = 0; --// type_.clear(); --// parameter_.clear(); --// attribute_count_.clear(); --// attributes_.clear(); --// unused_attributes_.clear(); --// unused_instructions_.clear(); --// current_test_ = ""; --// } -- --// void FileTest::ClearInstructions() { --// instructions_.clear(); --// unused_attributes_.clear(); --// } -- --// void FileTest::OnKeyUsed(const std::string &key) { --// unused_attributes_.erase(key); --// } -+bool FileTest::GetBytes(std::vector *out, const std::string &key) { -+ std::string value; -+ return GetAttribute(&value, key) && ConvertToBytes(out, value); -+} -+ -+void FileTest::ClearTest() { -+ start_line_ = 0; -+ type_.clear(); -+ parameter_.clear(); -+ attribute_count_.clear(); -+ attributes_.clear(); -+ unused_attributes_.clear(); -+ unused_instructions_.clear(); -+ current_test_ = ""; -+} -+ -+void FileTest::ClearInstructions() { -+ instructions_.clear(); -+ unused_attributes_.clear(); -+} -+ -+void FileTest::OnKeyUsed(const std::string &key) { -+ unused_attributes_.erase(key); -+} - - // void FileTest::OnInstructionUsed(const std::string &key) { - // unused_instructions_.erase(key); - // } - --// bool FileTest::ConvertToBytes(std::vector *out, --// const std::string &value) { --// if (value.size() >= 2 && value[0] == '"' && value[value.size() - 1] == '"') { --// out->assign(value.begin() + 1, value.end() - 1); --// return true; --// } -- --// if (!DecodeHex(out, value)) { --// PrintLine("Error decoding value: %s", value.c_str()); --// return false; --// } --// return true; --// } -+bool FileTest::ConvertToBytes(std::vector *out, -+ const std::string &value) { -+ if (value.size() >= 2 && value[0] == '"' && value[value.size() - 1] == '"') { -+ out->assign(value.begin() + 1, value.end() - 1); -+ return true; -+ } -+ -+ if (!DecodeHex(out, value)) { -+ PrintLine("Error decoding value: %s", value.c_str()); -+ return false; -+ } -+ return true; -+} - - // bool FileTest::IsAtNewInstructionBlock() const { - // return is_at_new_instruction_block_; diff --git a/bssl-compat/patch/source/crypto/test/file_test.cc.sh b/bssl-compat/patch/source/crypto/test/file_test.cc.sh new file mode 100755 index 0000000000..000e648fe3 --- /dev/null +++ b/bssl-compat/patch/source/crypto/test/file_test.cc.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +# Do nothing here so the file just gets copied +# without commenting or uncommenting anything diff --git a/bssl-compat/patch/source/crypto/test/file_test.h.patch b/bssl-compat/patch/source/crypto/test/file_test.h.patch deleted file mode 100644 index 7125b22f8f..0000000000 --- a/bssl-compat/patch/source/crypto/test/file_test.h.patch +++ /dev/null @@ -1,383 +0,0 @@ ---- a/source/crypto/test/file_test.h -+++ b/source/crypto/test/file_test.h -@@ -12,24 +12,24 @@ - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - --// #ifndef OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H --// #define OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H -+#ifndef OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H -+#define OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H - --// #include -+#include - --// #include -+#include - --// OPENSSL_MSVC_PRAGMA(warning(push)) --// OPENSSL_MSVC_PRAGMA(warning(disable : 4702)) -+OPENSSL_MSVC_PRAGMA(warning(push)) -+OPENSSL_MSVC_PRAGMA(warning(disable : 4702)) - --// #include --// #include --// #include --// #include --// #include --// #include -+#include -+#include -+#include -+#include -+#include -+#include - --// OPENSSL_MSVC_PRAGMA(warning(pop)) -+OPENSSL_MSVC_PRAGMA(warning(pop)) - - // File-based test framework. - // -@@ -84,170 +84,170 @@ - // consumed. When a test completes, if any attributes or insturctions haven't - // been processed, the framework reports an error. - --// class FileTest; --// typedef bool (*FileTestFunc)(FileTest *t, void *arg); -+class FileTest; -+typedef bool (*FileTestFunc)(FileTest *t, void *arg); - --// class FileTest { --// public: --// enum ReadResult { --// kReadSuccess, --// kReadEOF, --// kReadError, --// }; -- --// class LineReader { --// public: --// virtual ~LineReader() {} --// virtual ReadResult ReadLine(char *out, size_t len) = 0; --// }; -- --// struct Options { --// // path is the path to the input file. --// const char *path = nullptr; --// // callback is called for each test. It should get the parameters from this --// // object and signal any errors by returning false. --// FileTestFunc callback = nullptr; --// // arg is an opaque pointer that is passed to |callback|. --// void *arg = nullptr; --// // silent suppressed the "PASS" string that is otherwise printed after --// // successful runs. --// bool silent = false; --// // comment_callback is called after each comment in the input is parsed. --// std::function comment_callback; --// // is_kas_test is true if a NIST “KAS” test is being parsed. These tests --// // are inconsistent with the other NIST files to such a degree that they --// // need their own boolean. --// bool is_kas_test = false; --// }; -- --// explicit FileTest(std::unique_ptr reader, --// std::function comment_callback, --// bool is_kas_test); --// ~FileTest(); -- --// // ReadNext reads the next test from the file. It returns |kReadSuccess| if --// // successfully reading a test and |kReadEOF| at the end of the file. On --// // error or if the previous test had unconsumed attributes, it returns --// // |kReadError|. --// ReadResult ReadNext(); -- --// // PrintLine is a variant of printf which prepends the line number and appends --// // a trailing newline. --// void PrintLine(const char *format, ...) OPENSSL_PRINTF_FORMAT_FUNC(2, 3); -- --// unsigned start_line() const { return start_line_; } -- --// // GetType returns the name of the first attribute of the current test. --// const std::string &GetType(); --// // GetParameter returns the value of the first attribute of the current test. --// const std::string &GetParameter(); -- --// // HasAttribute returns true if the current test has an attribute named |key|. --// bool HasAttribute(const std::string &key); -- --// // GetAttribute looks up the attribute with key |key|. It sets |*out_value| to --// // the value and returns true if it exists and returns false with an error to --// // |stderr| otherwise. --// bool GetAttribute(std::string *out_value, const std::string &key); -- --// // GetAttributeOrDie looks up the attribute with key |key| and aborts if it is --// // missing. It should only be used after a |HasAttribute| call. --// const std::string &GetAttributeOrDie(const std::string &key); -- --// // IgnoreAttribute marks the attribute with key |key| as used. --// void IgnoreAttribute(const std::string &key) { HasAttribute(key); } -- --// // GetBytes looks up the attribute with key |key| and decodes it as a byte --// // string. On success, it writes the result to |*out| and returns --// // true. Otherwise it returns false with an error to |stderr|. The value may --// // be either a hexadecimal string or a quoted ASCII string. It returns true on --// // success and returns false with an error to |stderr| on failure. --// bool GetBytes(std::vector *out, const std::string &key); -- --// // AtNewInstructionBlock returns true if the current test was immediately --// // preceded by an instruction block. --// bool IsAtNewInstructionBlock() const; -- --// // HasInstruction returns true if the current test has an instruction. --// bool HasInstruction(const std::string &key); -- --// // IgnoreInstruction marks the instruction with key |key| as used. --// void IgnoreInstruction(const std::string &key) { HasInstruction(key); } -- --// // IgnoreAllUnusedInstructions disables checking for unused instructions. --// void IgnoreAllUnusedInstructions(); -- --// // GetInstruction looks up the instruction with key |key|. It sets --// // |*out_value| to the value (empty string if the instruction has no value) --// // and returns true if it exists and returns false with an error to |stderr| --// // otherwise. --// bool GetInstruction(std::string *out_value, const std::string &key); -- --// // GetInstructionOrDie looks up the instruction with key |key| and aborts if --// // it is missing. It should only be used after a |HasInstruction| call. --// const std::string &GetInstructionOrDie(const std::string &key); -- --// // GetInstructionBytes behaves like GetBytes, but looks up the corresponding --// // instruction. --// bool GetInstructionBytes(std::vector *out, const std::string &key); -- --// // CurrentTestToString returns the file content parsed for the current test. --// // If the current test was preceded by an instruction block, the return test --// // case is preceded by the instruction block and a single blank line. All --// // other blank or comment lines are omitted. --// const std::string &CurrentTestToString() const; -- --// // InjectInstruction adds a key value pair to the most recently parsed set of --// // instructions. --// void InjectInstruction(const std::string &key, const std::string &value); -- --// // SkipCurrent passes the current test case. Unused attributes are ignored. --// void SkipCurrent(); -- --// private: --// void ClearTest(); --// void ClearInstructions(); --// void OnKeyUsed(const std::string &key); --// void OnInstructionUsed(const std::string &key); --// bool ConvertToBytes(std::vector *out, const std::string &value); -- --// std::unique_ptr reader_; --// // line_ is the number of lines read. --// unsigned line_ = 0; -- --// // start_line_ is the line number of the first attribute of the test. --// unsigned start_line_ = 0; --// // type_ is the name of the first attribute of the test. --// std::string type_; --// // parameter_ is the value of the first attribute. --// std::string parameter_; --// // attribute_count_ maps unsuffixed attribute names to the number of times --// // they have occurred so far. --// std::map attribute_count_; --// // attributes_ contains all attributes in the test, including the first. --// std::map attributes_; --// // instructions_ contains all instructions in scope for the test. --// std::map instructions_; -- --// // unused_attributes_ is the set of attributes that have not been queried. --// std::set unused_attributes_; -- --// // unused_instructions_ is the set of instructions that have not been queried. --// std::set unused_instructions_; -- --// std::string current_test_; -- --// bool is_at_new_instruction_block_ = false; --// bool seen_non_comment_ = false; --// bool is_kas_test_ = false; -- --// // comment_callback_, if set, is a callback function that is called with the --// // contents of each comment as they are parsed. --// std::function comment_callback_; -- --// FileTest(const FileTest &) = delete; --// FileTest &operator=(const FileTest &) = delete; --// }; -+class FileTest { -+ public: -+ enum ReadResult { -+ kReadSuccess, -+ kReadEOF, -+ kReadError, -+ }; -+ -+ class LineReader { -+ public: -+ virtual ~LineReader() {} -+ virtual ReadResult ReadLine(char *out, size_t len) = 0; -+ }; -+ -+ struct Options { -+ // path is the path to the input file. -+ const char *path = nullptr; -+ // callback is called for each test. It should get the parameters from this -+ // object and signal any errors by returning false. -+ FileTestFunc callback = nullptr; -+ // arg is an opaque pointer that is passed to |callback|. -+ void *arg = nullptr; -+ // silent suppressed the "PASS" string that is otherwise printed after -+ // successful runs. -+ bool silent = false; -+ // comment_callback is called after each comment in the input is parsed. -+ std::function comment_callback; -+ // is_kas_test is true if a NIST “KAS” test is being parsed. These tests -+ // are inconsistent with the other NIST files to such a degree that they -+ // need their own boolean. -+ bool is_kas_test = false; -+ }; -+ -+ explicit FileTest(std::unique_ptr reader, -+ std::function comment_callback, -+ bool is_kas_test); -+ ~FileTest(); -+ -+ // ReadNext reads the next test from the file. It returns |kReadSuccess| if -+ // successfully reading a test and |kReadEOF| at the end of the file. On -+ // error or if the previous test had unconsumed attributes, it returns -+ // |kReadError|. -+ ReadResult ReadNext(); -+ -+ // PrintLine is a variant of printf which prepends the line number and appends -+ // a trailing newline. -+ void PrintLine(const char *format, ...) OPENSSL_PRINTF_FORMAT_FUNC(2, 3); -+ -+ unsigned start_line() const { return start_line_; } -+ -+ // GetType returns the name of the first attribute of the current test. -+ const std::string &GetType(); -+ // GetParameter returns the value of the first attribute of the current test. -+ const std::string &GetParameter(); -+ -+ // HasAttribute returns true if the current test has an attribute named |key|. -+ bool HasAttribute(const std::string &key); -+ -+ // GetAttribute looks up the attribute with key |key|. It sets |*out_value| to -+ // the value and returns true if it exists and returns false with an error to -+ // |stderr| otherwise. -+ bool GetAttribute(std::string *out_value, const std::string &key); -+ -+ // GetAttributeOrDie looks up the attribute with key |key| and aborts if it is -+ // missing. It should only be used after a |HasAttribute| call. -+ const std::string &GetAttributeOrDie(const std::string &key); -+ -+ // IgnoreAttribute marks the attribute with key |key| as used. -+ void IgnoreAttribute(const std::string &key) { HasAttribute(key); } -+ -+ // GetBytes looks up the attribute with key |key| and decodes it as a byte -+ // string. On success, it writes the result to |*out| and returns -+ // true. Otherwise it returns false with an error to |stderr|. The value may -+ // be either a hexadecimal string or a quoted ASCII string. It returns true on -+ // success and returns false with an error to |stderr| on failure. -+ bool GetBytes(std::vector *out, const std::string &key); -+ -+ // AtNewInstructionBlock returns true if the current test was immediately -+ // preceded by an instruction block. -+ bool IsAtNewInstructionBlock() const; -+ -+ // HasInstruction returns true if the current test has an instruction. -+ bool HasInstruction(const std::string &key); -+ -+ // IgnoreInstruction marks the instruction with key |key| as used. -+ void IgnoreInstruction(const std::string &key) { HasInstruction(key); } -+ -+ // IgnoreAllUnusedInstructions disables checking for unused instructions. -+ void IgnoreAllUnusedInstructions(); -+ -+ // GetInstruction looks up the instruction with key |key|. It sets -+ // |*out_value| to the value (empty string if the instruction has no value) -+ // and returns true if it exists and returns false with an error to |stderr| -+ // otherwise. -+ bool GetInstruction(std::string *out_value, const std::string &key); -+ -+ // GetInstructionOrDie looks up the instruction with key |key| and aborts if -+ // it is missing. It should only be used after a |HasInstruction| call. -+ const std::string &GetInstructionOrDie(const std::string &key); -+ -+ // GetInstructionBytes behaves like GetBytes, but looks up the corresponding -+ // instruction. -+ bool GetInstructionBytes(std::vector *out, const std::string &key); -+ -+ // CurrentTestToString returns the file content parsed for the current test. -+ // If the current test was preceded by an instruction block, the return test -+ // case is preceded by the instruction block and a single blank line. All -+ // other blank or comment lines are omitted. -+ const std::string &CurrentTestToString() const; -+ -+ // InjectInstruction adds a key value pair to the most recently parsed set of -+ // instructions. -+ void InjectInstruction(const std::string &key, const std::string &value); -+ -+ // SkipCurrent passes the current test case. Unused attributes are ignored. -+ void SkipCurrent(); -+ -+ private: -+ void ClearTest(); -+ void ClearInstructions(); -+ void OnKeyUsed(const std::string &key); -+ void OnInstructionUsed(const std::string &key); -+ bool ConvertToBytes(std::vector *out, const std::string &value); -+ -+ std::unique_ptr reader_; -+ // line_ is the number of lines read. -+ unsigned line_ = 0; -+ -+ // start_line_ is the line number of the first attribute of the test. -+ unsigned start_line_ = 0; -+ // type_ is the name of the first attribute of the test. -+ std::string type_; -+ // parameter_ is the value of the first attribute. -+ std::string parameter_; -+ // attribute_count_ maps unsuffixed attribute names to the number of times -+ // they have occurred so far. -+ std::map attribute_count_; -+ // attributes_ contains all attributes in the test, including the first. -+ std::map attributes_; -+ // instructions_ contains all instructions in scope for the test. -+ std::map instructions_; -+ -+ // unused_attributes_ is the set of attributes that have not been queried. -+ std::set unused_attributes_; -+ -+ // unused_instructions_ is the set of instructions that have not been queried. -+ std::set unused_instructions_; -+ -+ std::string current_test_; -+ -+ bool is_at_new_instruction_block_ = false; -+ bool seen_non_comment_ = false; -+ bool is_kas_test_ = false; -+ -+ // comment_callback_, if set, is a callback function that is called with the -+ // contents of each comment as they are parsed. -+ std::function comment_callback_; -+ -+ FileTest(const FileTest &) = delete; -+ FileTest &operator=(const FileTest &) = delete; -+}; - - // FileTestMain runs a file-based test out of |path| and returns an exit code - // suitable to return out of |main|. |run_test| should return true on pass and -@@ -267,6 +267,6 @@ - - // FileTestGTest behaves like FileTestMain, but for GTest. |path| must be the - // name of a test file embedded in the test binary. --// void FileTestGTest(const char *path, std::function run_test); -+void FileTestGTest(const char *path, std::function run_test); - --// #endif // OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H -+#endif // OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H diff --git a/bssl-compat/patch/source/crypto/test/file_test.h.sh b/bssl-compat/patch/source/crypto/test/file_test.h.sh new file mode 100755 index 0000000000..000e648fe3 --- /dev/null +++ b/bssl-compat/patch/source/crypto/test/file_test.h.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +# Do nothing here so the file just gets copied +# without commenting or uncommenting anything diff --git a/bssl-compat/patch/source/crypto/test/file_test_gtest.cc.patch b/bssl-compat/patch/source/crypto/test/file_test_gtest.cc.patch deleted file mode 100644 index 9e88bd4630..0000000000 --- a/bssl-compat/patch/source/crypto/test/file_test_gtest.cc.patch +++ /dev/null @@ -1,190 +0,0 @@ ---- a/source/crypto/test/file_test_gtest.cc -+++ b/source/crypto/test/file_test_gtest.cc -@@ -12,96 +12,96 @@ - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - --// #include "file_test.h" -+#include "file_test.h" - --// #include --// #include -+#include -+#include - --// #include --// #include --// #include -- --// #include -- --// #include -- -- --// std::string GetTestData(const char *path); -- --// class StringLineReader : public FileTest::LineReader { --// public: --// explicit StringLineReader(const std::string &data) --// : data_(data), offset_(0) {} -- --// FileTest::ReadResult ReadLine(char *out, size_t len) override { --// assert(len > 0); --// if (offset_ == data_.size()) { --// return FileTest::kReadEOF; --// } -- --// size_t idx = data_.find('\n', offset_); --// if (idx == std::string::npos) { --// idx = data_.size(); --// } else { --// idx++; // Include the newline. --// } -- --// if (idx - offset_ > len - 1) { --// ADD_FAILURE() << "Line too long."; --// return FileTest::kReadError; --// } -- --// memcpy(out, data_.data() + offset_, idx - offset_); --// out[idx - offset_] = '\0'; --// offset_ = idx; --// return FileTest::kReadSuccess; --// } -- --// private: --// std::string data_; --// size_t offset_; -- --// StringLineReader(const StringLineReader &) = delete; --// StringLineReader &operator=(const StringLineReader &) = delete; --// }; -- --// void FileTestGTest(const char *path, std::function run_test) { --// std::unique_ptr reader( --// new StringLineReader(GetTestData(path))); --// FileTest t(std::move(reader), nullptr, false); -- --// while (true) { --// switch (t.ReadNext()) { --// case FileTest::kReadError: --// ADD_FAILURE() << "Error reading test."; --// return; --// case FileTest::kReadEOF: --// return; --// case FileTest::kReadSuccess: --// break; --// } -- --// const testing::TestResult *test_result = --// testing::UnitTest::GetInstance()->current_test_info()->result(); --// int before_part_count = test_result->total_part_count(); -- --// SCOPED_TRACE(testing::Message() << path << ", line " << t.start_line()); --// run_test(&t); -- --// // Check for failures from the most recent test. --// bool failed = false; --// for (int i = before_part_count; i < test_result->total_part_count(); i++) { --// if (test_result->GetTestPartResult(i).failed()) { --// failed = true; --// break; --// } --// } -- --// // Clean up the error queue for the next test, reporting it on failure. --// if (failed) { --// ERR_print_errors_fp(stdout); --// } else { --// ERR_clear_error(); --// } --// } --// } -+#include -+#include -+#include -+ -+#include -+ -+#include -+ -+ -+std::string GetTestData(const char *path); -+ -+class StringLineReader : public FileTest::LineReader { -+ public: -+ explicit StringLineReader(const std::string &data) -+ : data_(data), offset_(0) {} -+ -+ FileTest::ReadResult ReadLine(char *out, size_t len) override { -+ assert(len > 0); -+ if (offset_ == data_.size()) { -+ return FileTest::kReadEOF; -+ } -+ -+ size_t idx = data_.find('\n', offset_); -+ if (idx == std::string::npos) { -+ idx = data_.size(); -+ } else { -+ idx++; // Include the newline. -+ } -+ -+ if (idx - offset_ > len - 1) { -+ ADD_FAILURE() << "Line too long."; -+ return FileTest::kReadError; -+ } -+ -+ memcpy(out, data_.data() + offset_, idx - offset_); -+ out[idx - offset_] = '\0'; -+ offset_ = idx; -+ return FileTest::kReadSuccess; -+ } -+ -+ private: -+ std::string data_; -+ size_t offset_; -+ -+ StringLineReader(const StringLineReader &) = delete; -+ StringLineReader &operator=(const StringLineReader &) = delete; -+}; -+ -+void FileTestGTest(const char *path, std::function run_test) { -+ std::unique_ptr reader( -+ new StringLineReader(GetTestData(path))); -+ FileTest t(std::move(reader), nullptr, false); -+ -+ while (true) { -+ switch (t.ReadNext()) { -+ case FileTest::kReadError: -+ ADD_FAILURE() << "Error reading test."; -+ return; -+ case FileTest::kReadEOF: -+ return; -+ case FileTest::kReadSuccess: -+ break; -+ } -+ -+ const testing::TestResult *test_result = -+ testing::UnitTest::GetInstance()->current_test_info()->result(); -+ int before_part_count = test_result->total_part_count(); -+ -+ SCOPED_TRACE(testing::Message() << path << ", line " << t.start_line()); -+ run_test(&t); -+ -+ // Check for failures from the most recent test. -+ bool failed = false; -+ for (int i = before_part_count; i < test_result->total_part_count(); i++) { -+ if (test_result->GetTestPartResult(i).failed()) { -+ failed = true; -+ break; -+ } -+ } -+ -+ // Clean up the error queue for the next test, reporting it on failure. -+ if (failed) { -+ ERR_print_errors_fp(stdout); -+ } else { -+ ERR_clear_error(); -+ } -+ } -+} diff --git a/bssl-compat/patch/source/crypto/test/file_test_gtest.cc.sh b/bssl-compat/patch/source/crypto/test/file_test_gtest.cc.sh new file mode 100755 index 0000000000..000e648fe3 --- /dev/null +++ b/bssl-compat/patch/source/crypto/test/file_test_gtest.cc.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +# Do nothing here so the file just gets copied +# without commenting or uncommenting anything diff --git a/bssl-compat/patch/source/crypto/test/test_util.cc.patch b/bssl-compat/patch/source/crypto/test/test_util.cc.patch deleted file mode 100644 index 6d238c0153..0000000000 --- a/bssl-compat/patch/source/crypto/test/test_util.cc.patch +++ /dev/null @@ -1,128 +0,0 @@ ---- a/source/crypto/test/test_util.cc -+++ b/source/crypto/test/test_util.cc -@@ -12,11 +12,11 @@ - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - --// #include "test_util.h" -+#include "test_util.h" - --// #include -+#include - --// #include "../internal.h" -+#include "../internal.h" - - - // void hexdump(FILE *fp, const char *msg, const void *in, size_t len) { -@@ -29,57 +29,57 @@ - // fputs("\n", fp); - // } - --// std::ostream &operator<<(std::ostream &os, const Bytes &in) { --// if (in.span_.empty()) { --// return os << ""; --// } -- --// // Print a byte slice as hex. --// os << EncodeHex(in.span_); --// return os; --// } -- --// static bool FromHexDigit(uint8_t *out, char c) { --// if ('0' <= c && c <= '9') { --// *out = c - '0'; --// return true; --// } --// if ('a' <= c && c <= 'f') { --// *out = c - 'a' + 10; --// return true; --// } --// if ('A' <= c && c <= 'F') { --// *out = c - 'A' + 10; --// return true; --// } --// return false; --// } -- --// bool DecodeHex(std::vector *out, const std::string &in) { --// out->clear(); --// if (in.size() % 2 != 0) { --// return false; --// } --// out->reserve(in.size() / 2); --// for (size_t i = 0; i < in.size(); i += 2) { --// uint8_t hi, lo; --// if (!FromHexDigit(&hi, in[i]) || --// !FromHexDigit(&lo, in[i + 1])) { --// return false; --// } --// out->push_back((hi << 4) | lo); --// } --// return true; --// } -- --// std::string EncodeHex(bssl::Span in) { --// static const char kHexDigits[] = "0123456789abcdef"; --// std::string ret; --// ret.reserve(in.size() * 2); --// for (uint8_t b : in) { --// ret += kHexDigits[b >> 4]; --// ret += kHexDigits[b & 0xf]; --// } --// return ret; --// } -+std::ostream &operator<<(std::ostream &os, const Bytes &in) { -+ if (in.span_.empty()) { -+ return os << ""; -+ } -+ -+ // Print a byte slice as hex. -+ os << EncodeHex(in.span_); -+ return os; -+} -+ -+static bool FromHexDigit(uint8_t *out, char c) { -+ if ('0' <= c && c <= '9') { -+ *out = c - '0'; -+ return true; -+ } -+ if ('a' <= c && c <= 'f') { -+ *out = c - 'a' + 10; -+ return true; -+ } -+ if ('A' <= c && c <= 'F') { -+ *out = c - 'A' + 10; -+ return true; -+ } -+ return false; -+} -+ -+bool DecodeHex(std::vector *out, const std::string &in) { -+ out->clear(); -+ if (in.size() % 2 != 0) { -+ return false; -+ } -+ out->reserve(in.size() / 2); -+ for (size_t i = 0; i < in.size(); i += 2) { -+ uint8_t hi, lo; -+ if (!FromHexDigit(&hi, in[i]) || -+ !FromHexDigit(&lo, in[i + 1])) { -+ return false; -+ } -+ out->push_back((hi << 4) | lo); -+ } -+ return true; -+} -+ -+std::string EncodeHex(bssl::Span in) { -+ static const char kHexDigits[] = "0123456789abcdef"; -+ std::string ret; -+ ret.reserve(in.size() * 2); -+ for (uint8_t b : in) { -+ ret += kHexDigits[b >> 4]; -+ ret += kHexDigits[b & 0xf]; -+ } -+ return ret; -+} - diff --git a/bssl-compat/patch/source/crypto/test/test_util.cc.sh b/bssl-compat/patch/source/crypto/test/test_util.cc.sh new file mode 100755 index 0000000000..de7a1f500d --- /dev/null +++ b/bssl-compat/patch/source/crypto/test/test_util.cc.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --uncomment-func-impl 'operator<<' \ + --uncomment-func-impl DecodeHex \ + --uncomment-func-impl EncodeHex \ diff --git a/bssl-compat/patch/source/crypto/test/test_util.h.patch b/bssl-compat/patch/source/crypto/test/test_util.h.patch deleted file mode 100644 index 0afc88003b..0000000000 --- a/bssl-compat/patch/source/crypto/test/test_util.h.patch +++ /dev/null @@ -1,97 +0,0 @@ ---- a/source/crypto/test/test_util.h -+++ b/source/crypto/test/test_util.h -@@ -12,21 +12,21 @@ - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - --// #ifndef OPENSSL_HEADER_CRYPTO_TEST_TEST_UTIL_H --// #define OPENSSL_HEADER_CRYPTO_TEST_TEST_UTIL_H -+#ifndef OPENSSL_HEADER_CRYPTO_TEST_TEST_UTIL_H -+#define OPENSSL_HEADER_CRYPTO_TEST_TEST_UTIL_H - --// #include --// #include --// #include --// #include -+#include -+#include -+#include -+#include - --// #include --// #include --// #include -+#include -+#include -+#include - --// #include -+#include - --// #include "../internal.h" -+#include "../internal.h" - - - // hexdump writes |msg| to |fp| followed by the hex encoding of |len| bytes -@@ -35,37 +35,37 @@ - - // Bytes is a wrapper over a byte slice which may be compared for equality. This - // allows it to be used in EXPECT_EQ macros. --// struct Bytes { --// Bytes(const uint8_t *data_arg, size_t len_arg) --// : span_(data_arg, len_arg) {} --// Bytes(const char *data_arg, size_t len_arg) --// : span_(reinterpret_cast(data_arg), len_arg) {} -- --// explicit Bytes(const char *str) --// : span_(reinterpret_cast(str), strlen(str)) {} --// explicit Bytes(const std::string &str) --// : span_(reinterpret_cast(str.data()), str.size()) {} --// explicit Bytes(bssl::Span span) --// : span_(span) {} -- --// bssl::Span span_; --// }; -- --// inline bool operator==(const Bytes &a, const Bytes &b) { --// return a.span_ == b.span_; --// } -+struct Bytes { -+ Bytes(const uint8_t *data_arg, size_t len_arg) -+ : span_(data_arg, len_arg) {} -+ Bytes(const char *data_arg, size_t len_arg) -+ : span_(reinterpret_cast(data_arg), len_arg) {} -+ -+ explicit Bytes(const char *str) -+ : span_(reinterpret_cast(str), strlen(str)) {} -+ explicit Bytes(const std::string &str) -+ : span_(reinterpret_cast(str.data()), str.size()) {} -+ explicit Bytes(bssl::Span span) -+ : span_(span) {} -+ -+ bssl::Span span_; -+}; -+ -+inline bool operator==(const Bytes &a, const Bytes &b) { -+ return a.span_ == b.span_; -+} - --// inline bool operator!=(const Bytes &a, const Bytes &b) { return !(a == b); } -+inline bool operator!=(const Bytes &a, const Bytes &b) { return !(a == b); } - --// std::ostream &operator<<(std::ostream &os, const Bytes &in); -+std::ostream &operator<<(std::ostream &os, const Bytes &in); - - // DecodeHex decodes |in| from hexadecimal and writes the output to |out|. It - // returns true on success and false if |in| is not a valid hexadecimal byte - // string. --// bool DecodeHex(std::vector *out, const std::string &in); -+bool DecodeHex(std::vector *out, const std::string &in); - - // EncodeHex returns |in| encoded in hexadecimal. --// std::string EncodeHex(bssl::Span in); -+std::string EncodeHex(bssl::Span in); - - --// #endif // OPENSSL_HEADER_CRYPTO_TEST_TEST_UTIL_H -+#endif // OPENSSL_HEADER_CRYPTO_TEST_TEST_UTIL_H diff --git a/bssl-compat/patch/source/crypto/test/test_util.h.sh b/bssl-compat/patch/source/crypto/test/test_util.h.sh new file mode 100755 index 0000000000..3b67ce3c71 --- /dev/null +++ b/bssl-compat/patch/source/crypto/test/test_util.h.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --uncomment-struct Bytes \ + --uncomment-regex-range 'inline bool operator==(' '}' \ + --uncomment-regex 'inline bool operator!=(' \ + --uncomment-regex 'std::ostream &operator<<(' \ + --uncomment-regex 'bool DecodeHex(' \ + --uncomment-regex 'std::string EncodeHex(' diff --git a/bssl-compat/patch/source/crypto/x509/x509_test.cc.patch b/bssl-compat/patch/source/crypto/x509/x509_test.cc.patch index 9079525ad6..b649dd580e 100644 --- a/bssl-compat/patch/source/crypto/x509/x509_test.cc.patch +++ b/bssl-compat/patch/source/crypto/x509/x509_test.cc.patch @@ -1,3216 +1,87 @@ --- a/source/crypto/x509/x509_test.cc +++ b/source/crypto/x509/x509_test.cc -@@ -12,248 +12,248 @@ - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +@@ -1717,14 +1717,22 @@ --// #include --// #include --// #include --// #include -- --// #include -- --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include -+#include -+#include -+#include -+#include -+ -+#include -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include - - // #include "internal.h" --// #include "../internal.h" --// #include "../test/test_util.h" --// #include "../x509v3/internal.h" -- -- --// std::string GetTestData(const char *path); -- --// static const char kCrossSigningRootPEM[] = R"( --// -----BEGIN CERTIFICATE----- --// MIICcTCCAdqgAwIBAgIIagJHiPvE0MowDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE --// ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v --// dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowPDEaMBgGA1UE --// ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v --// dCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwo3qFvSB9Zmlbpzn9wJp --// ikI75Rxkatez8VkLqyxbOhPYl2Haz8F5p1gDG96dCI6jcLGgu3AKT9uhEQyyUko5 --// EKYasazSeA9CQrdyhPg0mkTYVETnPM1W/ebid1YtqQbq1CMWlq2aTDoSGAReGFKP --// RTdXAbuAXzpCfi/d8LqV13UCAwEAAaN6MHgwDgYDVR0PAQH/BAQDAgIEMB0GA1Ud --// JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAQH/MBkGA1Ud --// DgQSBBBHKHC7V3Z/3oLvEZx0RZRwMBsGA1UdIwQUMBKAEEcocLtXdn/egu8RnHRF --// lHAwDQYJKoZIhvcNAQELBQADgYEAnglibsy6mGtpIXivtlcz4zIEnHw/lNW+r/eC --// CY7evZTmOoOuC/x9SS3MF9vawt1HFUummWM6ZgErqVBOXIB4//ykrcCgf5ZbF5Hr --// +3EFprKhBqYiXdD8hpBkrBoXwn85LPYWNd2TceCrx0YtLIprE2R5MB2RIq8y4Jk3 --// YFXvkME= --// -----END CERTIFICATE----- --// )"; -- --// static const char kRootCAPEM[] = R"( --// -----BEGIN CERTIFICATE----- --// MIICVTCCAb6gAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwLjEaMBgGA1UE --// ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwIBcNMTUwMTAx --// MDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMC4xGjAYBgNVBAoTEUJvcmluZ1NTTCBU --// RVNUSU5HMRAwDgYDVQQDEwdSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB --// iQKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1siSSOO4mYgLHlPE+oXdqwI/VImi2XeJM --// 2uCFETXCknJJjYG0iJdrt/yyRFvZTQZw+QzGj+mz36NqhGxDWb6dstB2m8PX+plZ --// w7jl81MDvUnWs8yiQ/6twgu5AbhWKZQDJKcNKCEpqa6UW0r5nwIDAQABo3oweDAO --// BgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8G --// A1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEEA31wH7QC+4HH5UBCeMWQEwGwYDVR0j --// BBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOBgQDXylEK77Za --// kKeY6ZerrScWyZhrjIGtHFu09qVpdJEzrk87k2G7iHHR9CAvSofCgEExKtWNS9dN --// +9WiZp/U48iHLk7qaYXdEuO07No4BYtXn+lkOykE+FUxmA4wvOF1cTd2tdj3MzX2 --// kfGIBAYhzGZWhY3JbhIfTEfY1PNM1pWChQ== --// -----END CERTIFICATE----- --// )"; -- --// static const char kRootCrossSignedPEM[] = R"( --// -----BEGIN CERTIFICATE----- --// MIICYzCCAcygAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE --// ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v --// dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowLjEaMBgGA1UE --// ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwgZ8wDQYJKoZI --// hvcNAQEBBQADgY0AMIGJAoGBAOkOfxEM5lrmhoNw9lEHLgJ4EfWyJJI47iZiAseU --// 8T6hd2rAj9UiaLZd4kza4IURNcKSckmNgbSIl2u3/LJEW9lNBnD5DMaP6bPfo2qE --// bENZvp2y0Habw9f6mVnDuOXzUwO9SdazzKJD/q3CC7kBuFYplAMkpw0oISmprpRb --// SvmfAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEFBQcD --// AQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQQDfXAftAL7gc --// flQEJ4xZATAbBgNVHSMEFDASgBBHKHC7V3Z/3oLvEZx0RZRwMA0GCSqGSIb3DQEB --// CwUAA4GBAErTxYJ0en9HVRHAAr5OO5wuk5Iq3VMc79TMyQLCXVL8YH8Uk7KEwv+q --// 9MEKZv2eR/Vfm4HlXlUuIqfgUXbwrAYC/YVVX86Wnbpy/jc73NYVCq8FEZeO+0XU --// 90SWAPDdp+iL7aZdimnMtG1qlM1edmz8AKbrhN/R3IbA2CL0nCWV --// -----END CERTIFICATE----- --// )"; -- --// static const char kIntermediatePEM[] = R"( --// -----BEGIN CERTIFICATE----- --// MIICXjCCAcegAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMC4xGjAYBgNV --// BAoTEUJvcmluZ1NTTCBURVNUSU5HMRAwDgYDVQQDEwdSb290IENBMCAXDTE1MDEw --// MTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjA2MRowGAYDVQQKExFCb3JpbmdTU0wg --// VEVTVElORzEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIENBMIGfMA0GCSqGSIb3DQEB --// AQUAA4GNADCBiQKBgQC7YtI0l8ocTYJ0gKyXTtPL4iMJCNY4OcxXl48jkncVG1Hl --// blicgNUa1r9m9YFtVkxvBinb8dXiUpEGhVg4awRPDcatlsBSEBuJkiZGYbRcAmSu --// CmZYnf6u3aYQ18SU8WqVERPpE4cwVVs+6kwlzRw0+XDoZAczu8ZezVhCUc6NbQID --// AQABo3oweDAOBgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG --// AQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEIwaaKi1dttdV3sfjRSy --// BqMwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOB --// gQCvnolNWEHuQS8PFVVyuLR+FKBeUUdrVbSfHSzTqNAqQGp0C9fk5oCzDq6ZgTfY --// ESXM4cJhb3IAnW0UM0NFsYSKQJ50JZL2L3z5ZLQhHdbs4RmODGoC40BVdnJ4/qgB --// aGSh09eQRvAVmbVCviDK2ipkWNegdyI19jFfNP5uIkGlYg== --// -----END CERTIFICATE----- --// )"; -- --// static const char kIntermediateSelfSignedPEM[] = R"( --// -----BEGIN CERTIFICATE----- --// MIICZjCCAc+gAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV --// BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew --// IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDYxGjAYBgNVBAoTEUJv --// cmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0EwgZ8wDQYJ --// KoZIhvcNAQEBBQADgY0AMIGJAoGBALti0jSXyhxNgnSArJdO08viIwkI1jg5zFeX --// jyOSdxUbUeVuWJyA1RrWv2b1gW1WTG8GKdvx1eJSkQaFWDhrBE8Nxq2WwFIQG4mS --// JkZhtFwCZK4KZlid/q7dphDXxJTxapURE+kThzBVWz7qTCXNHDT5cOhkBzO7xl7N --// WEJRzo1tAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEF --// BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQjBpoqLV2 --// 211Xex+NFLIGozAbBgNVHSMEFDASgBCMGmiotXbbXVd7H40UsgajMA0GCSqGSIb3 --// DQEBCwUAA4GBALcccSrAQ0/EqQBsx0ZDTUydHXXNP2DrUkpUKmAXIe8McqIVSlkT --// 6H4xz7z8VRKBo9j+drjjtCw2i0CQc8aOLxRb5WJ8eVLnaW2XRlUqAzhF0CrulfVI --// E4Vs6ZLU+fra1WAuIj6qFiigRja+3YkZArG8tMA9vtlhTX/g7YBZIkqH --// -----END CERTIFICATE----- --// )"; -- --// static const char kLeafPEM[] = R"( --// -----BEGIN CERTIFICATE----- --// MIICXjCCAcegAwIBAgIIWjO48ufpunYwDQYJKoZIhvcNAQELBQAwNjEaMBgGA1UE --// ChMRQm9yaW5nU1NMIFRFU1RJTkcxGDAWBgNVBAMTD0ludGVybWVkaWF0ZSBDQTAg --// Fw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowMjEaMBgGA1UEChMRQm9y --// aW5nU1NMIFRFU1RJTkcxFDASBgNVBAMTC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3 --// DQEBAQUAA4GNADCBiQKBgQDD0U0ZYgqShJ7oOjsyNKyVXEHqeafmk/bAoPqY/h1c --// oPw2E8KmeqiUSoTPjG5IXSblOxcqpbAXgnjPzo8DI3GNMhAf8SYNYsoH7gc7Uy7j --// 5x8bUrisGnuTHqkqH6d4/e7ETJ7i3CpR8bvK16DggEvQTudLipz8FBHtYhFakfdh --// TwIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG --// CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEKN5pvbur7mlXjeMEYA0 --// 4nUwGwYDVR0jBBQwEoAQjBpoqLV2211Xex+NFLIGozANBgkqhkiG9w0BAQsFAAOB --// gQBj/p+JChp//LnXWC1k121LM/ii7hFzQzMrt70bny406SGz9jAjaPOX4S3gt38y --// rhjpPukBlSzgQXFg66y6q5qp1nQTD1Cw6NkKBe9WuBlY3iYfmsf7WT8nhlT1CttU --// xNCwyMX9mtdXdQicOfNjIGUCD5OLV5PgHFPRKiHHioBAhg== --// -----END CERTIFICATE----- --// )"; -- --// static const char kLeafNoKeyUsagePEM[] = R"( --// -----BEGIN CERTIFICATE----- --// MIICNTCCAZ6gAwIBAgIJAIFQGaLQ0G2mMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV --// BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew --// IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDcxGjAYBgNVBAoTEUJv --// cmluZ1NTTCBURVNUSU5HMRkwFwYDVQQDExBldmlsLmV4YW1wbGUuY29tMIGfMA0G --// CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOKoZe75NPz77EOaMMl4/0s3PyQw++zJvp --// ejHAxZiTPCJgMbEHLrSzNoHdopg+CLUH5bE4wTXM8w9Inv5P8OAFJt7gJuPUunmk --// j+NoU3QfzOR6BroePcz1vXX9jyVHRs087M/sLqWRHu9IR+/A+UTcBaWaFiDVUxtJ --// YOwFMwjNPQIDAQABo0gwRjAMBgNVHRMBAf8EAjAAMBkGA1UdDgQSBBBJfLEUWHq1 --// 27rZ1AVx2J5GMBsGA1UdIwQUMBKAEIwaaKi1dttdV3sfjRSyBqMwDQYJKoZIhvcN --// AQELBQADgYEALVKN2Y3LZJOtu6SxFIYKxbLaXhTGTdIjxipZhmbBRDFjbZjZZOTe --// 6Oo+VDNPYco4rBexK7umYXJyfTqoY0E8dbiImhTcGTEj7OAB3DbBomgU1AYe+t2D --// uwBqh4Y3Eto+Zn4pMVsxGEfUpjzjZDel7bN1/oU/9KWPpDfywfUmjgk= --// -----END CERTIFICATE----- --// )"; -- --// static const char kForgeryPEM[] = R"( --// -----BEGIN CERTIFICATE----- --// MIICZzCCAdCgAwIBAgIIdTlMzQoKkeMwDQYJKoZIhvcNAQELBQAwNzEaMBgGA1UE --// ChMRQm9yaW5nU1NMIFRFU1RJTkcxGTAXBgNVBAMTEGV2aWwuZXhhbXBsZS5jb20w --// IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDoxGjAYBgNVBAoTEUJv --// cmluZ1NTTCBURVNUSU5HMRwwGgYDVQQDExNmb3JnZXJ5LmV4YW1wbGUuY29tMIGf --// MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDADTwruBQZGb7Ay6s9HiYv5d1lwtEy --// xQdA2Sy8Rn8uA20Q4KgqwVY7wzIZ+z5Butrsmwb70gdG1XU+yRaDeE7XVoW6jSpm --// 0sw35/5vJbTcL4THEFbnX0OPZnvpuZDFUkvVtq5kxpDWsVyM24G8EEq7kPih3Sa3 --// OMhXVXF8kso6UQIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI --// KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEEYJ/WHM --// 8p64erPWIg4/liwwGwYDVR0jBBQwEoAQSXyxFFh6tdu62dQFcdieRjANBgkqhkiG --// 9w0BAQsFAAOBgQA+zH7bHPElWRWJvjxDqRexmYLn+D3Aivs8XgXQJsM94W0EzSUf --// DSLfRgaQwcb2gg2xpDFoG+W0vc6O651uF23WGt5JaFFJJxqjII05IexfCNhuPmp4 --// 4UZAXPttuJXpn74IY1tuouaM06B3vXKZR+/ityKmfJvSwxacmFcK+2ziAg== --// -----END CERTIFICATE----- --// )"; -+#include "../internal.h" -+#include "../test/test_util.h" -+#include "../x509v3/internal.h" -+ -+ -+std::string GetTestData(const char *path); -+ -+static const char kCrossSigningRootPEM[] = R"( -+-----BEGIN CERTIFICATE----- -+MIICcTCCAdqgAwIBAgIIagJHiPvE0MowDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE -+ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v -+dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowPDEaMBgGA1UE -+ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v -+dCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwo3qFvSB9Zmlbpzn9wJp -+ikI75Rxkatez8VkLqyxbOhPYl2Haz8F5p1gDG96dCI6jcLGgu3AKT9uhEQyyUko5 -+EKYasazSeA9CQrdyhPg0mkTYVETnPM1W/ebid1YtqQbq1CMWlq2aTDoSGAReGFKP -+RTdXAbuAXzpCfi/d8LqV13UCAwEAAaN6MHgwDgYDVR0PAQH/BAQDAgIEMB0GA1Ud -+JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAQH/MBkGA1Ud -+DgQSBBBHKHC7V3Z/3oLvEZx0RZRwMBsGA1UdIwQUMBKAEEcocLtXdn/egu8RnHRF -+lHAwDQYJKoZIhvcNAQELBQADgYEAnglibsy6mGtpIXivtlcz4zIEnHw/lNW+r/eC -+CY7evZTmOoOuC/x9SS3MF9vawt1HFUummWM6ZgErqVBOXIB4//ykrcCgf5ZbF5Hr -++3EFprKhBqYiXdD8hpBkrBoXwn85LPYWNd2TceCrx0YtLIprE2R5MB2RIq8y4Jk3 -+YFXvkME= -+-----END CERTIFICATE----- -+)"; -+ -+static const char kRootCAPEM[] = R"( -+-----BEGIN CERTIFICATE----- -+MIICVTCCAb6gAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwLjEaMBgGA1UE -+ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwIBcNMTUwMTAx -+MDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMC4xGjAYBgNVBAoTEUJvcmluZ1NTTCBU -+RVNUSU5HMRAwDgYDVQQDEwdSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB -+iQKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1siSSOO4mYgLHlPE+oXdqwI/VImi2XeJM -+2uCFETXCknJJjYG0iJdrt/yyRFvZTQZw+QzGj+mz36NqhGxDWb6dstB2m8PX+plZ -+w7jl81MDvUnWs8yiQ/6twgu5AbhWKZQDJKcNKCEpqa6UW0r5nwIDAQABo3oweDAO -+BgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8G -+A1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEEA31wH7QC+4HH5UBCeMWQEwGwYDVR0j -+BBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOBgQDXylEK77Za -+kKeY6ZerrScWyZhrjIGtHFu09qVpdJEzrk87k2G7iHHR9CAvSofCgEExKtWNS9dN -++9WiZp/U48iHLk7qaYXdEuO07No4BYtXn+lkOykE+FUxmA4wvOF1cTd2tdj3MzX2 -+kfGIBAYhzGZWhY3JbhIfTEfY1PNM1pWChQ== -+-----END CERTIFICATE----- -+)"; -+ -+static const char kRootCrossSignedPEM[] = R"( -+-----BEGIN CERTIFICATE----- -+MIICYzCCAcygAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE -+ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v -+dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowLjEaMBgGA1UE -+ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwgZ8wDQYJKoZI -+hvcNAQEBBQADgY0AMIGJAoGBAOkOfxEM5lrmhoNw9lEHLgJ4EfWyJJI47iZiAseU -+8T6hd2rAj9UiaLZd4kza4IURNcKSckmNgbSIl2u3/LJEW9lNBnD5DMaP6bPfo2qE -+bENZvp2y0Habw9f6mVnDuOXzUwO9SdazzKJD/q3CC7kBuFYplAMkpw0oISmprpRb -+SvmfAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEFBQcD -+AQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQQDfXAftAL7gc -+flQEJ4xZATAbBgNVHSMEFDASgBBHKHC7V3Z/3oLvEZx0RZRwMA0GCSqGSIb3DQEB -+CwUAA4GBAErTxYJ0en9HVRHAAr5OO5wuk5Iq3VMc79TMyQLCXVL8YH8Uk7KEwv+q -+9MEKZv2eR/Vfm4HlXlUuIqfgUXbwrAYC/YVVX86Wnbpy/jc73NYVCq8FEZeO+0XU -+90SWAPDdp+iL7aZdimnMtG1qlM1edmz8AKbrhN/R3IbA2CL0nCWV -+-----END CERTIFICATE----- -+)"; -+ -+static const char kIntermediatePEM[] = R"( -+-----BEGIN CERTIFICATE----- -+MIICXjCCAcegAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMC4xGjAYBgNV -+BAoTEUJvcmluZ1NTTCBURVNUSU5HMRAwDgYDVQQDEwdSb290IENBMCAXDTE1MDEw -+MTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjA2MRowGAYDVQQKExFCb3JpbmdTU0wg -+VEVTVElORzEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIENBMIGfMA0GCSqGSIb3DQEB -+AQUAA4GNADCBiQKBgQC7YtI0l8ocTYJ0gKyXTtPL4iMJCNY4OcxXl48jkncVG1Hl -+blicgNUa1r9m9YFtVkxvBinb8dXiUpEGhVg4awRPDcatlsBSEBuJkiZGYbRcAmSu -+CmZYnf6u3aYQ18SU8WqVERPpE4cwVVs+6kwlzRw0+XDoZAczu8ZezVhCUc6NbQID -+AQABo3oweDAOBgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG -+AQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEIwaaKi1dttdV3sfjRSy -+BqMwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOB -+gQCvnolNWEHuQS8PFVVyuLR+FKBeUUdrVbSfHSzTqNAqQGp0C9fk5oCzDq6ZgTfY -+ESXM4cJhb3IAnW0UM0NFsYSKQJ50JZL2L3z5ZLQhHdbs4RmODGoC40BVdnJ4/qgB -+aGSh09eQRvAVmbVCviDK2ipkWNegdyI19jFfNP5uIkGlYg== -+-----END CERTIFICATE----- -+)"; -+ -+static const char kIntermediateSelfSignedPEM[] = R"( -+-----BEGIN CERTIFICATE----- -+MIICZjCCAc+gAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV -+BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew -+IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDYxGjAYBgNVBAoTEUJv -+cmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0EwgZ8wDQYJ -+KoZIhvcNAQEBBQADgY0AMIGJAoGBALti0jSXyhxNgnSArJdO08viIwkI1jg5zFeX -+jyOSdxUbUeVuWJyA1RrWv2b1gW1WTG8GKdvx1eJSkQaFWDhrBE8Nxq2WwFIQG4mS -+JkZhtFwCZK4KZlid/q7dphDXxJTxapURE+kThzBVWz7qTCXNHDT5cOhkBzO7xl7N -+WEJRzo1tAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEF -+BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQjBpoqLV2 -+211Xex+NFLIGozAbBgNVHSMEFDASgBCMGmiotXbbXVd7H40UsgajMA0GCSqGSIb3 -+DQEBCwUAA4GBALcccSrAQ0/EqQBsx0ZDTUydHXXNP2DrUkpUKmAXIe8McqIVSlkT -+6H4xz7z8VRKBo9j+drjjtCw2i0CQc8aOLxRb5WJ8eVLnaW2XRlUqAzhF0CrulfVI -+E4Vs6ZLU+fra1WAuIj6qFiigRja+3YkZArG8tMA9vtlhTX/g7YBZIkqH -+-----END CERTIFICATE----- -+)"; -+ -+static const char kLeafPEM[] = R"( -+-----BEGIN CERTIFICATE----- -+MIICXjCCAcegAwIBAgIIWjO48ufpunYwDQYJKoZIhvcNAQELBQAwNjEaMBgGA1UE -+ChMRQm9yaW5nU1NMIFRFU1RJTkcxGDAWBgNVBAMTD0ludGVybWVkaWF0ZSBDQTAg -+Fw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowMjEaMBgGA1UEChMRQm9y -+aW5nU1NMIFRFU1RJTkcxFDASBgNVBAMTC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3 -+DQEBAQUAA4GNADCBiQKBgQDD0U0ZYgqShJ7oOjsyNKyVXEHqeafmk/bAoPqY/h1c -+oPw2E8KmeqiUSoTPjG5IXSblOxcqpbAXgnjPzo8DI3GNMhAf8SYNYsoH7gc7Uy7j -+5x8bUrisGnuTHqkqH6d4/e7ETJ7i3CpR8bvK16DggEvQTudLipz8FBHtYhFakfdh -+TwIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG -+CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEKN5pvbur7mlXjeMEYA0 -+4nUwGwYDVR0jBBQwEoAQjBpoqLV2211Xex+NFLIGozANBgkqhkiG9w0BAQsFAAOB -+gQBj/p+JChp//LnXWC1k121LM/ii7hFzQzMrt70bny406SGz9jAjaPOX4S3gt38y -+rhjpPukBlSzgQXFg66y6q5qp1nQTD1Cw6NkKBe9WuBlY3iYfmsf7WT8nhlT1CttU -+xNCwyMX9mtdXdQicOfNjIGUCD5OLV5PgHFPRKiHHioBAhg== -+-----END CERTIFICATE----- -+)"; -+ -+static const char kLeafNoKeyUsagePEM[] = R"( -+-----BEGIN CERTIFICATE----- -+MIICNTCCAZ6gAwIBAgIJAIFQGaLQ0G2mMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV -+BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew -+IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDcxGjAYBgNVBAoTEUJv -+cmluZ1NTTCBURVNUSU5HMRkwFwYDVQQDExBldmlsLmV4YW1wbGUuY29tMIGfMA0G -+CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOKoZe75NPz77EOaMMl4/0s3PyQw++zJvp -+ejHAxZiTPCJgMbEHLrSzNoHdopg+CLUH5bE4wTXM8w9Inv5P8OAFJt7gJuPUunmk -+j+NoU3QfzOR6BroePcz1vXX9jyVHRs087M/sLqWRHu9IR+/A+UTcBaWaFiDVUxtJ -+YOwFMwjNPQIDAQABo0gwRjAMBgNVHRMBAf8EAjAAMBkGA1UdDgQSBBBJfLEUWHq1 -+27rZ1AVx2J5GMBsGA1UdIwQUMBKAEIwaaKi1dttdV3sfjRSyBqMwDQYJKoZIhvcN -+AQELBQADgYEALVKN2Y3LZJOtu6SxFIYKxbLaXhTGTdIjxipZhmbBRDFjbZjZZOTe -+6Oo+VDNPYco4rBexK7umYXJyfTqoY0E8dbiImhTcGTEj7OAB3DbBomgU1AYe+t2D -+uwBqh4Y3Eto+Zn4pMVsxGEfUpjzjZDel7bN1/oU/9KWPpDfywfUmjgk= -+-----END CERTIFICATE----- -+)"; -+ -+static const char kForgeryPEM[] = R"( -+-----BEGIN CERTIFICATE----- -+MIICZzCCAdCgAwIBAgIIdTlMzQoKkeMwDQYJKoZIhvcNAQELBQAwNzEaMBgGA1UE -+ChMRQm9yaW5nU1NMIFRFU1RJTkcxGTAXBgNVBAMTEGV2aWwuZXhhbXBsZS5jb20w -+IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDoxGjAYBgNVBAoTEUJv -+cmluZ1NTTCBURVNUSU5HMRwwGgYDVQQDExNmb3JnZXJ5LmV4YW1wbGUuY29tMIGf -+MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDADTwruBQZGb7Ay6s9HiYv5d1lwtEy -+xQdA2Sy8Rn8uA20Q4KgqwVY7wzIZ+z5Butrsmwb70gdG1XU+yRaDeE7XVoW6jSpm -+0sw35/5vJbTcL4THEFbnX0OPZnvpuZDFUkvVtq5kxpDWsVyM24G8EEq7kPih3Sa3 -+OMhXVXF8kso6UQIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI -+KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEEYJ/WHM -+8p64erPWIg4/liwwGwYDVR0jBBQwEoAQSXyxFFh6tdu62dQFcdieRjANBgkqhkiG -+9w0BAQsFAAOBgQA+zH7bHPElWRWJvjxDqRexmYLn+D3Aivs8XgXQJsM94W0EzSUf -+DSLfRgaQwcb2gg2xpDFoG+W0vc6O651uF23WGt5JaFFJJxqjII05IexfCNhuPmp4 -+4UZAXPttuJXpn74IY1tuouaM06B3vXKZR+/ityKmfJvSwxacmFcK+2ziAg== -+-----END CERTIFICATE----- -+)"; - - // kExamplePSSCert is an example RSA-PSS self-signed certificate, signed with - // the default hash functions. --// static const char kExamplePSSCert[] = R"( --// -----BEGIN CERTIFICATE----- --// MIICYjCCAcagAwIBAgIJAI3qUyT6SIfzMBIGCSqGSIb3DQEBCjAFogMCAWowRTEL --// MAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVy --// bmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xNDEwMDkxOTA5NTVaFw0xNTEwMDkxOTA5 --// NTVaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK --// DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0A --// MIGJAoGBAPi4bIO0vNmoV8CltFl2jFQdeesiUgR+0zfrQf2D+fCmhRU0dXFahKg8 --// 0u9aTtPel4rd/7vPCqqGkr64UOTNb4AzMHYTj8p73OxaymPHAyXvqIqDWHYg+hZ3 --// 13mSYwFIGth7Z/FSVUlO1m5KXNd6NzYM3t2PROjCpywrta9kS2EHAgMBAAGjUDBO --// MB0GA1UdDgQWBBTQQfuJQR6nrVrsNF1JEflVgXgfEzAfBgNVHSMEGDAWgBTQQfuJ --// QR6nrVrsNF1JEflVgXgfEzAMBgNVHRMEBTADAQH/MBIGCSqGSIb3DQEBCjAFogMC --// AWoDgYEASUy2RZcgNbNQZA0/7F+V1YTLEXwD16bm+iSVnzGwtexmQVEYIZG74K/w --// xbdZQdTbpNJkp1QPjPfh0zsatw6dmt5QoZ8K8No0DjR9dgf+Wvv5WJvJUIQBoAVN --// Z0IL+OQFz6+LcTHxD27JJCebrATXZA0wThGTQDm7crL+a+SujBY= --// -----END CERTIFICATE----- --// )"; -+static const char kExamplePSSCert[] = R"( -+-----BEGIN CERTIFICATE----- -+MIICYjCCAcagAwIBAgIJAI3qUyT6SIfzMBIGCSqGSIb3DQEBCjAFogMCAWowRTEL -+MAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVy -+bmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xNDEwMDkxOTA5NTVaFw0xNTEwMDkxOTA5 -+NTVaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK -+DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0A -+MIGJAoGBAPi4bIO0vNmoV8CltFl2jFQdeesiUgR+0zfrQf2D+fCmhRU0dXFahKg8 -+0u9aTtPel4rd/7vPCqqGkr64UOTNb4AzMHYTj8p73OxaymPHAyXvqIqDWHYg+hZ3 -+13mSYwFIGth7Z/FSVUlO1m5KXNd6NzYM3t2PROjCpywrta9kS2EHAgMBAAGjUDBO -+MB0GA1UdDgQWBBTQQfuJQR6nrVrsNF1JEflVgXgfEzAfBgNVHSMEGDAWgBTQQfuJ -+QR6nrVrsNF1JEflVgXgfEzAMBgNVHRMEBTADAQH/MBIGCSqGSIb3DQEBCjAFogMC -+AWoDgYEASUy2RZcgNbNQZA0/7F+V1YTLEXwD16bm+iSVnzGwtexmQVEYIZG74K/w -+xbdZQdTbpNJkp1QPjPfh0zsatw6dmt5QoZ8K8No0DjR9dgf+Wvv5WJvJUIQBoAVN -+Z0IL+OQFz6+LcTHxD27JJCebrATXZA0wThGTQDm7crL+a+SujBY= -+-----END CERTIFICATE----- -+)"; - - // kBadPSSCertPEM is a self-signed RSA-PSS certificate with bad parameters. --// static const char kBadPSSCertPEM[] = R"( --// -----BEGIN CERTIFICATE----- --// MIIDdjCCAjqgAwIBAgIJANcwZLyfEv7DMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI --// AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3jAnMSUwIwYD --// VQQDDBxUZXN0IEludmFsaWQgUFNTIGNlcnRpZmljYXRlMB4XDTE1MTEwNDE2MDIz --// NVoXDTE1MTIwNDE2MDIzNVowJzElMCMGA1UEAwwcVGVzdCBJbnZhbGlkIFBTUyBj --// ZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTaM7WH --// qVCAGAIA+zL1KWvvASTrhlq+1ePdO7wsrWX2KiYoTYrJYTnxhLnn0wrHqApt79nL --// IBG7cfShyZqFHOY/IzlYPMVt+gPo293gw96Fds5JBsjhjkyGnOyr9OUntFqvxDbT --// IIFU7o9IdxD4edaqjRv+fegVE+B79pDk4s0ujsk6dULtCg9Rst0ucGFo19mr+b7k --// dbfn8pZ72ZNDJPueVdrUAWw9oll61UcYfk75XdrLk6JlL41GrYHc8KlfXf43gGQq --// QfrpHkg4Ih2cI6Wt2nhFGAzrlcorzLliQIUJRIhM8h4IgDfpBpaPdVQLqS2pFbXa --// 5eQjqiyJwak2vJ8CAwEAAaNQME4wHQYDVR0OBBYEFCt180N4oGUt5LbzBwQ4Ia+2 --// 4V97MB8GA1UdIwQYMBaAFCt180N4oGUt5LbzBwQ4Ia+24V97MAwGA1UdEwQFMAMB --// Af8wMQYJKoZIhvcNAQEKMCSgDTALBglghkgBZQMEAgGhDTALBgkqhkiG9w0BAQii --// BAICAN4DggEBAAjBtm90lGxgddjc4Xu/nbXXFHVs2zVcHv/mqOZoQkGB9r/BVgLb --// xhHrFZ2pHGElbUYPfifdS9ztB73e1d4J+P29o0yBqfd4/wGAc/JA8qgn6AAEO/Xn --// plhFeTRJQtLZVl75CkHXgUGUd3h+ADvKtcBuW9dSUncaUrgNKR8u/h/2sMG38RWY --// DzBddC/66YTa3r7KkVUfW7yqRQfELiGKdcm+bjlTEMsvS+EhHup9CzbpoCx2Fx9p --// NPtFY3yEObQhmL1JyoCRWqBE75GzFPbRaiux5UpEkns+i3trkGssZzsOuVqHNTNZ --// lC9+9hPHIoc9UMmAQNo1vGIW3NWVoeGbaJ8= --// -----END CERTIFICATE----- --// )"; -- --// static const char kRSAKey[] = R"( --// -----BEGIN RSA PRIVATE KEY----- --// MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92 --// kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF --// KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB --// AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe --// i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+ --// WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ --// m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj --// QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk --// aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj --// LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk --// 104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/ --// tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd --// moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ== --// -----END RSA PRIVATE KEY----- --// )"; -- --// static const char kP256Key[] = R"( --// -----BEGIN PRIVATE KEY----- --// MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ --// TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N --// Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB --// -----END PRIVATE KEY----- --// )"; -+static const char kBadPSSCertPEM[] = R"( -+-----BEGIN CERTIFICATE----- -+MIIDdjCCAjqgAwIBAgIJANcwZLyfEv7DMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI -+AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3jAnMSUwIwYD -+VQQDDBxUZXN0IEludmFsaWQgUFNTIGNlcnRpZmljYXRlMB4XDTE1MTEwNDE2MDIz -+NVoXDTE1MTIwNDE2MDIzNVowJzElMCMGA1UEAwwcVGVzdCBJbnZhbGlkIFBTUyBj -+ZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTaM7WH -+qVCAGAIA+zL1KWvvASTrhlq+1ePdO7wsrWX2KiYoTYrJYTnxhLnn0wrHqApt79nL -+IBG7cfShyZqFHOY/IzlYPMVt+gPo293gw96Fds5JBsjhjkyGnOyr9OUntFqvxDbT -+IIFU7o9IdxD4edaqjRv+fegVE+B79pDk4s0ujsk6dULtCg9Rst0ucGFo19mr+b7k -+dbfn8pZ72ZNDJPueVdrUAWw9oll61UcYfk75XdrLk6JlL41GrYHc8KlfXf43gGQq -+QfrpHkg4Ih2cI6Wt2nhFGAzrlcorzLliQIUJRIhM8h4IgDfpBpaPdVQLqS2pFbXa -+5eQjqiyJwak2vJ8CAwEAAaNQME4wHQYDVR0OBBYEFCt180N4oGUt5LbzBwQ4Ia+2 -+4V97MB8GA1UdIwQYMBaAFCt180N4oGUt5LbzBwQ4Ia+24V97MAwGA1UdEwQFMAMB -+Af8wMQYJKoZIhvcNAQEKMCSgDTALBglghkgBZQMEAgGhDTALBgkqhkiG9w0BAQii -+BAICAN4DggEBAAjBtm90lGxgddjc4Xu/nbXXFHVs2zVcHv/mqOZoQkGB9r/BVgLb -+xhHrFZ2pHGElbUYPfifdS9ztB73e1d4J+P29o0yBqfd4/wGAc/JA8qgn6AAEO/Xn -+plhFeTRJQtLZVl75CkHXgUGUd3h+ADvKtcBuW9dSUncaUrgNKR8u/h/2sMG38RWY -+DzBddC/66YTa3r7KkVUfW7yqRQfELiGKdcm+bjlTEMsvS+EhHup9CzbpoCx2Fx9p -+NPtFY3yEObQhmL1JyoCRWqBE75GzFPbRaiux5UpEkns+i3trkGssZzsOuVqHNTNZ -+lC9+9hPHIoc9UMmAQNo1vGIW3NWVoeGbaJ8= -+-----END CERTIFICATE----- -+)"; -+ -+static const char kRSAKey[] = R"( -+-----BEGIN RSA PRIVATE KEY----- -+MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92 -+kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF -+KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB -+AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe -+i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+ -+WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ -+m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj -+QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk -+aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj -+LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk -+104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/ -+tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd -+moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ== -+-----END RSA PRIVATE KEY----- -+)"; -+ -+static const char kP256Key[] = R"( -+-----BEGIN PRIVATE KEY----- -+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ -+TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N -+Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB -+-----END PRIVATE KEY----- -+)"; - - // kCRLTestRoot is a test root certificate. It has private key: - // -@@ -333,19 +333,19 @@ - // -----END CERTIFICATE----- - // )"; - --// static const char kBasicCRL[] = R"( --// -----BEGIN X509 CRL----- --// MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE --// CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ --// Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV --// HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN --// ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo --// eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os --// dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv --// diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho --// /vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw== --// -----END X509 CRL----- --// )"; -+static const char kBasicCRL[] = R"( -+-----BEGIN X509 CRL----- -+MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE -+CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ -+Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV -+HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN -+ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo -+eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os -+dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv -+diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho -+/vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw== -+-----END X509 CRL----- -+)"; - - // static const char kRevokedCRL[] = R"( - // -----BEGIN X509 CRL----- -@@ -479,19 +479,19 @@ - // )"; - - // kEd25519Cert is a self-signed Ed25519 certificate. --// static const char kEd25519Cert[] = R"( --// -----BEGIN CERTIFICATE----- --// MIIBkTCCAUOgAwIBAgIJAJwooam0UCDmMAUGAytlcDBFMQswCQYDVQQGEwJBVTET --// MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ --// dHkgTHRkMB4XDTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UE --// BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp --// ZGdpdHMgUHR5IEx0ZDAqMAUGAytlcAMhANdamAGCsQq31Uv+08lkBzoO4XLz2qYj --// Ja8CGmj3B1Eao1AwTjAdBgNVHQ4EFgQUoux7eV+fJK2v3ah6QPU/lj1/+7UwHwYD --// VR0jBBgwFoAUoux7eV+fJK2v3ah6QPU/lj1/+7UwDAYDVR0TBAUwAwEB/zAFBgMr --// ZXADQQBuCzqji8VP9xU8mHEMjXGChX7YP5J664UyVKHKH9Z1u4wEbB8dJ3ScaWSL --// r+VHVKUhsrvcdCelnXRrrSD7xWAL --// -----END CERTIFICATE----- --// )"; -+static const char kEd25519Cert[] = R"( -+-----BEGIN CERTIFICATE----- -+MIIBkTCCAUOgAwIBAgIJAJwooam0UCDmMAUGAytlcDBFMQswCQYDVQQGEwJBVTET -+MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ -+dHkgTHRkMB4XDTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UE -+BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp -+ZGdpdHMgUHR5IEx0ZDAqMAUGAytlcAMhANdamAGCsQq31Uv+08lkBzoO4XLz2qYj -+Ja8CGmj3B1Eao1AwTjAdBgNVHQ4EFgQUoux7eV+fJK2v3ah6QPU/lj1/+7UwHwYD -+VR0jBBgwFoAUoux7eV+fJK2v3ah6QPU/lj1/+7UwDAYDVR0TBAUwAwEB/zAFBgMr -+ZXADQQBuCzqji8VP9xU8mHEMjXGChX7YP5J664UyVKHKH9Z1u4wEbB8dJ3ScaWSL -+r+VHVKUhsrvcdCelnXRrrSD7xWAL -+-----END CERTIFICATE----- -+)"; - - // kEd25519CertNull is an invalid self-signed Ed25519 with an explicit NULL in - // the signature algorithm. -@@ -562,23 +562,23 @@ - // YvJUG1zoHwUVrxxbR3DbpTODlktLcl/0b97D0IkH3w== - // -----END RSA PRIVATE KEY----- - --// static const char kSANTypesRoot[] = R"( --// -----BEGIN CERTIFICATE----- --// MIICTTCCAbagAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwKzEXMBUGA1UE --// ChMOQm9yaW5nU1NMIFRlc3QxEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMTUwMTAxMDAw --// MDAwWhcNMjUwMTAxMDAwMDAwWjArMRcwFQYDVQQKEw5Cb3JpbmdTU0wgVGVzdDEQ --// MA4GA1UEAxMHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6Q5/ --// EQzmWuaGg3D2UQcuAngR9bIkkjjuJmICx5TxPqF3asCP1SJotl3iTNrghRE1wpJy --// SY2BtIiXa7f8skRb2U0GcPkMxo/ps9+jaoRsQ1m+nbLQdpvD1/qZWcO45fNTA71J --// 1rPMokP+rcILuQG4VimUAySnDSghKamulFtK+Z8CAwEAAaN6MHgwDgYDVR0PAQH/ --// BAQDAgIEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8E --// BTADAQH/MBkGA1UdDgQSBBBAN9cB+0AvuBx+VAQnjFkBMBsGA1UdIwQUMBKAEEA3 --// 1wH7QC+4HH5UBCeMWQEwDQYJKoZIhvcNAQELBQADgYEAc4N6hTE62/3gwg+kyc2f --// c/Jj1mHrOt+0NRaBnmvbmNpsEjHS96Ef4Wt/ZlPXPkkv1C1VosJnOIMF3Q522wRH --// bqaxARldS12VAa3gcWisDWD+SqSyDxjyojz0XDiJkTrFuCTCUiZO+1GLB7SO10Ms --// d5YVX0c90VMnUhF/dlrqS9U= --// -----END CERTIFICATE----- --// )"; -+static const char kSANTypesRoot[] = R"( -+-----BEGIN CERTIFICATE----- -+MIICTTCCAbagAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwKzEXMBUGA1UE -+ChMOQm9yaW5nU1NMIFRlc3QxEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMTUwMTAxMDAw -+MDAwWhcNMjUwMTAxMDAwMDAwWjArMRcwFQYDVQQKEw5Cb3JpbmdTU0wgVGVzdDEQ -+MA4GA1UEAxMHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6Q5/ -+EQzmWuaGg3D2UQcuAngR9bIkkjjuJmICx5TxPqF3asCP1SJotl3iTNrghRE1wpJy -+SY2BtIiXa7f8skRb2U0GcPkMxo/ps9+jaoRsQ1m+nbLQdpvD1/qZWcO45fNTA71J -+1rPMokP+rcILuQG4VimUAySnDSghKamulFtK+Z8CAwEAAaN6MHgwDgYDVR0PAQH/ -+BAQDAgIEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8E -+BTADAQH/MBkGA1UdDgQSBBBAN9cB+0AvuBx+VAQnjFkBMBsGA1UdIwQUMBKAEEA3 -+1wH7QC+4HH5UBCeMWQEwDQYJKoZIhvcNAQELBQADgYEAc4N6hTE62/3gwg+kyc2f -+c/Jj1mHrOt+0NRaBnmvbmNpsEjHS96Ef4Wt/ZlPXPkkv1C1VosJnOIMF3Q522wRH -+bqaxARldS12VAa3gcWisDWD+SqSyDxjyojz0XDiJkTrFuCTCUiZO+1GLB7SO10Ms -+d5YVX0c90VMnUhF/dlrqS9U= -+-----END CERTIFICATE----- -+)"; - - // -----BEGIN RSA PRIVATE KEY----- - // MIICXAIBAAKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1siSSOO4mYgLHlPE+oXdqwI/V -@@ -675,62 +675,62 @@ - - // kNoBasicConstraintsCertSignIntermediate doesn't have isCA set, but contains - // certSign in the keyUsage. --// static const char kNoBasicConstraintsCertSignIntermediate[] = R"( --// -----BEGIN CERTIFICATE----- --// MIIBqjCCAROgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp --// bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y --// MDk5MDEwMTAwMDAwMFowHzEdMBsGA1UEAxMUTm8gQmFzaWMgQ29uc3RyYWludHMw --// WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASEFMblfxIEDO8My7wHtHWTuDzNyID1 --// OsPkMGkn32O/pSyXxXuAqDeFoMVffUMTyfm8JcYugSEbrv2qEXXM4bZRoy8wLTAO --// BgNVHQ8BAf8EBAMCAgQwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkq --// hkiG9w0BAQsFAAOBgQC1Lh6hIAm3K5kRh5iIydU0YAEm7eV6ZSskERDUq3DLJyl9 --// ZUZCHUzvb464dkwZjeNzaUVS1pdElJslwX3DtGgeJLJGCnk8zUjBjaNrrDm0kzPW --// xKt/6oif1ci/KCKqKNXJAIFbc4e+IiBpenwpxHk3If4NM+Ek0nKoO8Uj0NkgTQ== --// -----END CERTIFICATE----- --// )"; -- --// static const char kNoBasicConstraintsCertSignLeaf[] = R"( --// -----BEGIN CERTIFICATE----- --// MIIBUDCB96ADAgECAgEDMAoGCCqGSM49BAMCMB8xHTAbBgNVBAMTFE5vIEJhc2lj --// IENvbnN0cmFpbnRzMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkwMTAxMDAwMDAwWjAx --// MS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNpYyBDb25zdHJhaW50 --// czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEsYPMwzdJKjB+2gpC90ib2ilHoB --// w/arQ6ikUX0CNUDDaKaOu/jF39ogzVlg4lDFrjCKShSfCCcrwgONv70IZGijEDAO --// MAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIgbV7R99yM+okXSIs6Fp3o --// eCOXiDL60IBxaTOcLS44ywcCIQDbn87Gj5cFgHBYAkzdHqDsyGXkxQTHDq9jmX24 --// Djy3Zw== --// -----END CERTIFICATE----- --// )"; -+static const char kNoBasicConstraintsCertSignIntermediate[] = R"( -+-----BEGIN CERTIFICATE----- -+MIIBqjCCAROgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp -+bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y -+MDk5MDEwMTAwMDAwMFowHzEdMBsGA1UEAxMUTm8gQmFzaWMgQ29uc3RyYWludHMw -+WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASEFMblfxIEDO8My7wHtHWTuDzNyID1 -+OsPkMGkn32O/pSyXxXuAqDeFoMVffUMTyfm8JcYugSEbrv2qEXXM4bZRoy8wLTAO -+BgNVHQ8BAf8EBAMCAgQwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkq -+hkiG9w0BAQsFAAOBgQC1Lh6hIAm3K5kRh5iIydU0YAEm7eV6ZSskERDUq3DLJyl9 -+ZUZCHUzvb464dkwZjeNzaUVS1pdElJslwX3DtGgeJLJGCnk8zUjBjaNrrDm0kzPW -+xKt/6oif1ci/KCKqKNXJAIFbc4e+IiBpenwpxHk3If4NM+Ek0nKoO8Uj0NkgTQ== -+-----END CERTIFICATE----- -+)"; -+ -+static const char kNoBasicConstraintsCertSignLeaf[] = R"( -+-----BEGIN CERTIFICATE----- -+MIIBUDCB96ADAgECAgEDMAoGCCqGSM49BAMCMB8xHTAbBgNVBAMTFE5vIEJhc2lj -+IENvbnN0cmFpbnRzMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkwMTAxMDAwMDAwWjAx -+MS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNpYyBDb25zdHJhaW50 -+czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEsYPMwzdJKjB+2gpC90ib2ilHoB -+w/arQ6ikUX0CNUDDaKaOu/jF39ogzVlg4lDFrjCKShSfCCcrwgONv70IZGijEDAO -+MAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIgbV7R99yM+okXSIs6Fp3o -+eCOXiDL60IBxaTOcLS44ywcCIQDbn87Gj5cFgHBYAkzdHqDsyGXkxQTHDq9jmX24 -+Djy3Zw== -+-----END CERTIFICATE----- -+)"; - - // kNoBasicConstraintsNetscapeCAIntermediate doesn't have isCA set, but contains - // a Netscape certificate-type extension that asserts a type of "SSL CA". --// static const char kNoBasicConstraintsNetscapeCAIntermediate[] = R"( --// -----BEGIN CERTIFICATE----- --// MIIBuDCCASGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp --// bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y --// MDk5MDEwMTAwMDAwMFowKjEoMCYGA1UEAxMfTm8gQmFzaWMgQ29uc3RyYWludHMg --// KE5ldHNjYXBlKTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCeMbmCaOtMzXBqi --// PrCdNOH23CkaawUA+pAezitAN4RXS1O2CGK5sJjGPVVeogROU8G7/b+mU+ciZIzH --// 1PP8FJKjMjAwMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEwEQYJYIZIAYb4 --// QgEBBAQDAgIEMA0GCSqGSIb3DQEBCwUAA4GBAAgNWjh7cfBTClTAk+Ml//5xb9Ju --// tkBhG6Rm+kkMD+qiSMO6t7xS7CsA0+jIBjkdEYaLZ3oxtQCBdZsVNxUvRxZ0AUfF --// G3DtRFTsrI1f7IQhpMuqEMF4shPW+5x54hrq0Fo6xMs6XoinJZcTUaaB8EeXRF6M --// P9p6HuyLrmn0c/F0 --// -----END CERTIFICATE----- --// )"; -- --// static const char kNoBasicConstraintsNetscapeCALeaf[] = R"( --// -----BEGIN CERTIFICATE----- --// MIIBXDCCAQKgAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9ObyBCYXNp --// YyBDb25zdHJhaW50cyAoTmV0c2NhcGUpMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkw --// MTAxMDAwMDAwWjAxMS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNp --// YyBDb25zdHJhaW50czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDlJKolDu3R2 --// tPqSDycr0QJcWhxdBv76V0EEVflcHRxED6vAioTEcnQszt1OfKtBZvjlo0yp6i6Q --// DaYit0ZInmWjEDAOMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIhAJsh --// aZL6BHeEfoUBj1oZ2Ln91qzj3UCVMJ+vrmwAFdYyAiA3wp2JphgchvmoUFuzPXwj --// XyPwWPbymSTpzKhB4xB7qQ== --// -----END CERTIFICATE----- --// )"; -+static const char kNoBasicConstraintsNetscapeCAIntermediate[] = R"( -+-----BEGIN CERTIFICATE----- -+MIIBuDCCASGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp -+bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y -+MDk5MDEwMTAwMDAwMFowKjEoMCYGA1UEAxMfTm8gQmFzaWMgQ29uc3RyYWludHMg -+KE5ldHNjYXBlKTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCeMbmCaOtMzXBqi -+PrCdNOH23CkaawUA+pAezitAN4RXS1O2CGK5sJjGPVVeogROU8G7/b+mU+ciZIzH -+1PP8FJKjMjAwMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEwEQYJYIZIAYb4 -+QgEBBAQDAgIEMA0GCSqGSIb3DQEBCwUAA4GBAAgNWjh7cfBTClTAk+Ml//5xb9Ju -+tkBhG6Rm+kkMD+qiSMO6t7xS7CsA0+jIBjkdEYaLZ3oxtQCBdZsVNxUvRxZ0AUfF -+G3DtRFTsrI1f7IQhpMuqEMF4shPW+5x54hrq0Fo6xMs6XoinJZcTUaaB8EeXRF6M -+P9p6HuyLrmn0c/F0 -+-----END CERTIFICATE----- -+)"; -+ -+static const char kNoBasicConstraintsNetscapeCALeaf[] = R"( -+-----BEGIN CERTIFICATE----- -+MIIBXDCCAQKgAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9ObyBCYXNp -+YyBDb25zdHJhaW50cyAoTmV0c2NhcGUpMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkw -+MTAxMDAwMDAwWjAxMS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNp -+YyBDb25zdHJhaW50czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDlJKolDu3R2 -+tPqSDycr0QJcWhxdBv76V0EEVflcHRxED6vAioTEcnQszt1OfKtBZvjlo0yp6i6Q -+DaYit0ZInmWjEDAOMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIhAJsh -+aZL6BHeEfoUBj1oZ2Ln91qzj3UCVMJ+vrmwAFdYyAiA3wp2JphgchvmoUFuzPXwj -+XyPwWPbymSTpzKhB4xB7qQ== -+-----END CERTIFICATE----- -+)"; - - // static const char kSelfSignedMismatchAlgorithms[] = R"( - // -----BEGIN CERTIFICATE----- -@@ -1049,19 +1049,19 @@ - - // CertFromPEM parses the given, NUL-terminated PEM block and returns an - // |X509*|. --// static bssl::UniquePtr CertFromPEM(const char *pem) { --// bssl::UniquePtr bio(BIO_new_mem_buf(pem, strlen(pem))); --// return bssl::UniquePtr( --// PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr)); --// } -+static bssl::UniquePtr CertFromPEM(const char *pem) { -+ bssl::UniquePtr bio(BIO_new_mem_buf(pem, strlen(pem))); -+ return bssl::UniquePtr( -+ PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr)); -+} - - // CRLFromPEM parses the given, NUL-terminated PEM block and returns an - // |X509_CRL*|. --// static bssl::UniquePtr CRLFromPEM(const char *pem) { --// bssl::UniquePtr bio(BIO_new_mem_buf(pem, strlen(pem))); --// return bssl::UniquePtr( --// PEM_read_bio_X509_CRL(bio.get(), nullptr, nullptr, nullptr)); --// } -+static bssl::UniquePtr CRLFromPEM(const char *pem) { -+ bssl::UniquePtr bio(BIO_new_mem_buf(pem, strlen(pem))); -+ return bssl::UniquePtr( -+ PEM_read_bio_X509_CRL(bio.get(), nullptr, nullptr, nullptr)); -+} - - // CSRFromPEM parses the given, NUL-terminated PEM block and returns an - // |X509_REQ*|. -@@ -1073,199 +1073,199 @@ - - // PrivateKeyFromPEM parses the given, NUL-terminated PEM block and returns an - // |EVP_PKEY*|. --// static bssl::UniquePtr PrivateKeyFromPEM(const char *pem) { --// bssl::UniquePtr bio( --// BIO_new_mem_buf(const_cast(pem), strlen(pem))); --// return bssl::UniquePtr( --// PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr)); --// } -+static bssl::UniquePtr PrivateKeyFromPEM(const char *pem) { -+ bssl::UniquePtr bio( -+ BIO_new_mem_buf(const_cast(pem), strlen(pem))); -+ return bssl::UniquePtr( -+ PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr)); -+} - - // CertsToStack converts a vector of |X509*| to an OpenSSL STACK_OF(X509), - // bumping the reference counts for each certificate in question. --// static bssl::UniquePtr CertsToStack( --// const std::vector &certs) { --// bssl::UniquePtr stack(sk_X509_new_null()); --// if (!stack) { --// return nullptr; --// } --// for (auto cert : certs) { --// if (!bssl::PushToStack(stack.get(), bssl::UpRef(cert))) { --// return nullptr; --// } --// } -+static bssl::UniquePtr CertsToStack( -+ const std::vector &certs) { -+ bssl::UniquePtr stack(sk_X509_new_null()); -+ if (!stack) { -+ return nullptr; -+ } -+ for (auto cert : certs) { -+ if (!bssl::PushToStack(stack.get(), bssl::UpRef(cert))) { -+ return nullptr; -+ } -+ } - --// return stack; --// } -+ return stack; -+} - - // CRLsToStack converts a vector of |X509_CRL*| to an OpenSSL - // STACK_OF(X509_CRL), bumping the reference counts for each CRL in question. --// static bssl::UniquePtr CRLsToStack( --// const std::vector &crls) { --// bssl::UniquePtr stack(sk_X509_CRL_new_null()); --// if (!stack) { --// return nullptr; --// } --// for (auto crl : crls) { --// if (!bssl::PushToStack(stack.get(), bssl::UpRef(crl))) { --// return nullptr; --// } --// } -- --// return stack; --// } -- --// static const time_t kReferenceTime = 1474934400 /* Sep 27th, 2016 */; -- --// static int Verify( --// X509 *leaf, const std::vector &roots, --// const std::vector &intermediates, --// const std::vector &crls, unsigned long flags = 0, --// std::function configure_callback = nullptr, --// int (*verify_callback)(int, X509_STORE_CTX *) = nullptr) { --// bssl::UniquePtr roots_stack(CertsToStack(roots)); --// bssl::UniquePtr intermediates_stack( --// CertsToStack(intermediates)); --// bssl::UniquePtr crls_stack(CRLsToStack(crls)); -- --// if (!roots_stack || --// !intermediates_stack || --// !crls_stack) { --// return X509_V_ERR_UNSPECIFIED; --// } -- --// bssl::UniquePtr ctx(X509_STORE_CTX_new()); --// bssl::UniquePtr store(X509_STORE_new()); --// if (!ctx || --// !store) { --// return X509_V_ERR_UNSPECIFIED; --// } -- --// if (!X509_STORE_CTX_init(ctx.get(), store.get(), leaf, --// intermediates_stack.get())) { --// return X509_V_ERR_UNSPECIFIED; --// } -- --// X509_STORE_CTX_trusted_stack(ctx.get(), roots_stack.get()); --// X509_STORE_CTX_set0_crls(ctx.get(), crls_stack.get()); -- --// X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx.get()); --// X509_VERIFY_PARAM_set_time(param, kReferenceTime); --// if (configure_callback) { --// configure_callback(param); --// } --// if (flags) { --// X509_VERIFY_PARAM_set_flags(param, flags); --// } -- --// ERR_clear_error(); --// if (X509_verify_cert(ctx.get()) != 1) { --// return X509_STORE_CTX_get_error(ctx.get()); --// } -- --// return X509_V_OK; --// } -- --// TEST(X509Test, TestVerify) { --// // cross_signing_root --// // | --// // root_cross_signed root --// // \ / --// // intermediate --// // | | --// // leaf leaf_no_key_usage --// // | --// // forgery --// bssl::UniquePtr cross_signing_root(CertFromPEM(kCrossSigningRootPEM)); --// bssl::UniquePtr root(CertFromPEM(kRootCAPEM)); --// bssl::UniquePtr root_cross_signed(CertFromPEM(kRootCrossSignedPEM)); --// bssl::UniquePtr intermediate(CertFromPEM(kIntermediatePEM)); --// bssl::UniquePtr intermediate_self_signed( --// CertFromPEM(kIntermediateSelfSignedPEM)); --// bssl::UniquePtr leaf(CertFromPEM(kLeafPEM)); --// bssl::UniquePtr leaf_no_key_usage(CertFromPEM(kLeafNoKeyUsagePEM)); --// bssl::UniquePtr forgery(CertFromPEM(kForgeryPEM)); -- --// ASSERT_TRUE(cross_signing_root); --// ASSERT_TRUE(root); --// ASSERT_TRUE(root_cross_signed); --// ASSERT_TRUE(intermediate); --// ASSERT_TRUE(intermediate_self_signed); --// ASSERT_TRUE(leaf); --// ASSERT_TRUE(forgery); --// ASSERT_TRUE(leaf_no_key_usage); -- --// // Most of these tests work with or without |X509_V_FLAG_TRUSTED_FIRST|, --// // though in different ways. --// for (bool trusted_first : {true, false}) { --// SCOPED_TRACE(trusted_first); --// std::function configure_callback; --// if (!trusted_first) { --// // Note we need the callback to clear the flag. Setting |flags| to zero --// // only skips setting new flags. --// configure_callback = [&](X509_VERIFY_PARAM *param) { --// X509_VERIFY_PARAM_clear_flags(param, X509_V_FLAG_TRUSTED_FIRST); --// }; --// } -- --// // No trust anchors configured. --// ASSERT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, --// Verify(leaf.get(), /*roots=*/{}, /*intermediates=*/{}, --// /*crls=*/{}, /*flags=*/0, configure_callback)); --// ASSERT_EQ( --// X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, --// Verify(leaf.get(), /*roots=*/{}, {intermediate.get()}, /*crls=*/{}, --// /*flags=*/0, configure_callback)); -- --// // Each chain works individually. --// ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {intermediate.get()}, --// /*crls=*/{}, /*flags=*/0, configure_callback)); --// ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {cross_signing_root.get()}, --// {intermediate.get(), root_cross_signed.get()}, --// /*crls=*/{}, /*flags=*/0, configure_callback)); -- --// // When both roots are available, we pick one or the other. --// ASSERT_EQ(X509_V_OK, --// Verify(leaf.get(), {cross_signing_root.get(), root.get()}, --// {intermediate.get(), root_cross_signed.get()}, /*crls=*/{}, --// /*flags=*/0, configure_callback)); -- --// // This is the “altchains” test – we remove the cross-signing CA but include --// // the cross-sign in the intermediates. With |trusted_first|, we --// // preferentially stop path-building at |intermediate|. Without --// // |trusted_first|, the "altchains" logic repairs it. --// ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, --// {intermediate.get(), root_cross_signed.get()}, --// /*crls=*/{}, /*flags=*/0, configure_callback)); -- --// // If |X509_V_FLAG_NO_ALT_CHAINS| is set and |trusted_first| is disabled, we --// // get stuck on |root_cross_signed|. If either feature is enabled, we can --// // build the path. --// // --// // This test exists to confirm our current behavior, but these modes are --// // just workarounds for not having an actual path-building verifier. If we --// // fix it, this test can be removed. --// ASSERT_EQ(trusted_first ? X509_V_OK --// : X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, --// Verify(leaf.get(), {root.get()}, --// {intermediate.get(), root_cross_signed.get()}, /*crls=*/{}, --// /*flags=*/X509_V_FLAG_NO_ALT_CHAINS, configure_callback)); -- --// // |forgery| is signed by |leaf_no_key_usage|, but is rejected because the --// // leaf is not a CA. --// ASSERT_EQ(X509_V_ERR_INVALID_CA, --// Verify(forgery.get(), {intermediate_self_signed.get()}, --// {leaf_no_key_usage.get()}, /*crls=*/{}, /*flags=*/0, --// configure_callback)); -- --// // Test that one cannot skip Basic Constraints checking with a contorted set --// // of roots and intermediates. This is a regression test for CVE-2015-1793. --// ASSERT_EQ(X509_V_ERR_INVALID_CA, --// Verify(forgery.get(), --// {intermediate_self_signed.get(), root_cross_signed.get()}, --// {leaf_no_key_usage.get(), intermediate.get()}, /*crls=*/{}, --// /*flags=*/0, configure_callback)); --// } --// } -+static bssl::UniquePtr CRLsToStack( -+ const std::vector &crls) { -+ bssl::UniquePtr stack(sk_X509_CRL_new_null()); -+ if (!stack) { -+ return nullptr; -+ } -+ for (auto crl : crls) { -+ if (!bssl::PushToStack(stack.get(), bssl::UpRef(crl))) { -+ return nullptr; -+ } -+ } -+ -+ return stack; -+} -+ -+static const time_t kReferenceTime = 1474934400 /* Sep 27th, 2016 */; -+ -+static int Verify( -+ X509 *leaf, const std::vector &roots, -+ const std::vector &intermediates, -+ const std::vector &crls, unsigned long flags = 0, -+ std::function configure_callback = nullptr, -+ int (*verify_callback)(int, X509_STORE_CTX *) = nullptr) { -+ bssl::UniquePtr roots_stack(CertsToStack(roots)); -+ bssl::UniquePtr intermediates_stack( -+ CertsToStack(intermediates)); -+ bssl::UniquePtr crls_stack(CRLsToStack(crls)); -+ -+ if (!roots_stack || -+ !intermediates_stack || -+ !crls_stack) { -+ return X509_V_ERR_UNSPECIFIED; -+ } -+ -+ bssl::UniquePtr ctx(X509_STORE_CTX_new()); -+ bssl::UniquePtr store(X509_STORE_new()); -+ if (!ctx || -+ !store) { -+ return X509_V_ERR_UNSPECIFIED; -+ } -+ -+ if (!X509_STORE_CTX_init(ctx.get(), store.get(), leaf, -+ intermediates_stack.get())) { -+ return X509_V_ERR_UNSPECIFIED; -+ } -+ -+ X509_STORE_CTX_trusted_stack(ctx.get(), roots_stack.get()); -+ X509_STORE_CTX_set0_crls(ctx.get(), crls_stack.get()); -+ -+ X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx.get()); -+ X509_VERIFY_PARAM_set_time(param, kReferenceTime); -+ if (configure_callback) { -+ configure_callback(param); -+ } -+ if (flags) { -+ X509_VERIFY_PARAM_set_flags(param, flags); -+ } -+ -+ ERR_clear_error(); -+ if (X509_verify_cert(ctx.get()) != 1) { -+ return X509_STORE_CTX_get_error(ctx.get()); -+ } -+ -+ return X509_V_OK; -+} -+ -+TEST(X509Test, TestVerify) { -+ // cross_signing_root -+ // | -+ // root_cross_signed root -+ // \ / -+ // intermediate -+ // | | -+ // leaf leaf_no_key_usage -+ // | -+ // forgery -+ bssl::UniquePtr cross_signing_root(CertFromPEM(kCrossSigningRootPEM)); -+ bssl::UniquePtr root(CertFromPEM(kRootCAPEM)); -+ bssl::UniquePtr root_cross_signed(CertFromPEM(kRootCrossSignedPEM)); -+ bssl::UniquePtr intermediate(CertFromPEM(kIntermediatePEM)); -+ bssl::UniquePtr intermediate_self_signed( -+ CertFromPEM(kIntermediateSelfSignedPEM)); -+ bssl::UniquePtr leaf(CertFromPEM(kLeafPEM)); -+ bssl::UniquePtr leaf_no_key_usage(CertFromPEM(kLeafNoKeyUsagePEM)); -+ bssl::UniquePtr forgery(CertFromPEM(kForgeryPEM)); -+ -+ ASSERT_TRUE(cross_signing_root); -+ ASSERT_TRUE(root); -+ ASSERT_TRUE(root_cross_signed); -+ ASSERT_TRUE(intermediate); -+ ASSERT_TRUE(intermediate_self_signed); -+ ASSERT_TRUE(leaf); -+ ASSERT_TRUE(forgery); -+ ASSERT_TRUE(leaf_no_key_usage); -+ -+ // Most of these tests work with or without |X509_V_FLAG_TRUSTED_FIRST|, -+ // though in different ways. -+ for (bool trusted_first : {true, false}) { -+ SCOPED_TRACE(trusted_first); -+ std::function configure_callback; -+ if (!trusted_first) { -+ // Note we need the callback to clear the flag. Setting |flags| to zero -+ // only skips setting new flags. -+ configure_callback = [&](X509_VERIFY_PARAM *param) { -+ X509_VERIFY_PARAM_clear_flags(param, X509_V_FLAG_TRUSTED_FIRST); -+ }; -+ } -+ -+ // No trust anchors configured. -+ ASSERT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, -+ Verify(leaf.get(), /*roots=*/{}, /*intermediates=*/{}, -+ /*crls=*/{}, /*flags=*/0, configure_callback)); -+ ASSERT_EQ( -+ X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, -+ Verify(leaf.get(), /*roots=*/{}, {intermediate.get()}, /*crls=*/{}, -+ /*flags=*/0, configure_callback)); -+ -+ // Each chain works individually. -+ ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {intermediate.get()}, -+ /*crls=*/{}, /*flags=*/0, configure_callback)); -+ ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {cross_signing_root.get()}, -+ {intermediate.get(), root_cross_signed.get()}, -+ /*crls=*/{}, /*flags=*/0, configure_callback)); -+ -+ // When both roots are available, we pick one or the other. -+ ASSERT_EQ(X509_V_OK, -+ Verify(leaf.get(), {cross_signing_root.get(), root.get()}, -+ {intermediate.get(), root_cross_signed.get()}, /*crls=*/{}, -+ /*flags=*/0, configure_callback)); -+ -+ // This is the “altchains” test – we remove the cross-signing CA but include -+ // the cross-sign in the intermediates. With |trusted_first|, we -+ // preferentially stop path-building at |intermediate|. Without -+ // |trusted_first|, the "altchains" logic repairs it. -+ ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, -+ {intermediate.get(), root_cross_signed.get()}, -+ /*crls=*/{}, /*flags=*/0, configure_callback)); -+ -+ // If |X509_V_FLAG_NO_ALT_CHAINS| is set and |trusted_first| is disabled, we -+ // get stuck on |root_cross_signed|. If either feature is enabled, we can -+ // build the path. -+ // -+ // This test exists to confirm our current behavior, but these modes are -+ // just workarounds for not having an actual path-building verifier. If we -+ // fix it, this test can be removed. -+ ASSERT_EQ(trusted_first ? X509_V_OK -+ : X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, -+ Verify(leaf.get(), {root.get()}, -+ {intermediate.get(), root_cross_signed.get()}, /*crls=*/{}, -+ /*flags=*/X509_V_FLAG_NO_ALT_CHAINS, configure_callback)); -+ -+ // |forgery| is signed by |leaf_no_key_usage|, but is rejected because the -+ // leaf is not a CA. -+ ASSERT_EQ(X509_V_ERR_INVALID_CA, -+ Verify(forgery.get(), {intermediate_self_signed.get()}, -+ {leaf_no_key_usage.get()}, /*crls=*/{}, /*flags=*/0, -+ configure_callback)); -+ -+ // Test that one cannot skip Basic Constraints checking with a contorted set -+ // of roots and intermediates. This is a regression test for CVE-2015-1793. -+ ASSERT_EQ(X509_V_ERR_INVALID_CA, -+ Verify(forgery.get(), -+ {intermediate_self_signed.get(), root_cross_signed.get()}, -+ {leaf_no_key_usage.get(), intermediate.get()}, /*crls=*/{}, -+ /*flags=*/0, configure_callback)); -+ } -+} - - // static const char kHostname[] = "example.com"; - // static const char kWrongHostname[] = "example2.com"; -@@ -1474,249 +1474,257 @@ - // EXPECT_FALSE(CRLFromPEM(kBadExtensionCRL)); - // } - --// TEST(X509Test, ManyNamesAndConstraints) { --// bssl::UniquePtr many_constraints(CertFromPEM( --// GetTestData("crypto/x509/test/many_constraints.pem").c_str())); --// ASSERT_TRUE(many_constraints); --// bssl::UniquePtr many_names1( --// CertFromPEM(GetTestData("crypto/x509/test/many_names1.pem").c_str())); --// ASSERT_TRUE(many_names1); --// bssl::UniquePtr many_names2( --// CertFromPEM(GetTestData("crypto/x509/test/many_names2.pem").c_str())); --// ASSERT_TRUE(many_names2); --// bssl::UniquePtr many_names3( --// CertFromPEM(GetTestData("crypto/x509/test/many_names3.pem").c_str())); --// ASSERT_TRUE(many_names3); --// bssl::UniquePtr some_names1( --// CertFromPEM(GetTestData("crypto/x509/test/some_names1.pem").c_str())); --// ASSERT_TRUE(some_names1); --// bssl::UniquePtr some_names2( --// CertFromPEM(GetTestData("crypto/x509/test/some_names2.pem").c_str())); --// ASSERT_TRUE(some_names2); --// bssl::UniquePtr some_names3( --// CertFromPEM(GetTestData("crypto/x509/test/some_names3.pem").c_str())); --// ASSERT_TRUE(some_names3); -- --// EXPECT_EQ(X509_V_ERR_UNSPECIFIED, --// Verify(many_names1.get(), {many_constraints.get()}, --// {many_constraints.get()}, {})); --// EXPECT_EQ(X509_V_ERR_UNSPECIFIED, --// Verify(many_names2.get(), {many_constraints.get()}, --// {many_constraints.get()}, {})); --// EXPECT_EQ(X509_V_ERR_UNSPECIFIED, --// Verify(many_names3.get(), {many_constraints.get()}, --// {many_constraints.get()}, {})); -- --// EXPECT_EQ(X509_V_OK, Verify(some_names1.get(), {many_constraints.get()}, --// {many_constraints.get()}, {})); --// EXPECT_EQ(X509_V_OK, Verify(some_names2.get(), {many_constraints.get()}, --// {many_constraints.get()}, {})); --// EXPECT_EQ(X509_V_OK, Verify(some_names3.get(), {many_constraints.get()}, --// {many_constraints.get()}, {})); --// } -- --// static bssl::UniquePtr MakeGeneralName(int type, --// const std::string &value) { --// if (type != GEN_EMAIL && type != GEN_DNS && type != GEN_URI) { --// // This function only supports the IA5String types. --// return nullptr; --// } --// bssl::UniquePtr str(ASN1_IA5STRING_new()); --// bssl::UniquePtr name(GENERAL_NAME_new()); --// if (!str || !name || --// !ASN1_STRING_set(str.get(), value.data(), value.size())) { --// return nullptr; --// } -- --// name->type = type; --// name->d.ia5 = str.release(); --// return name; --// } -- --// static bssl::UniquePtr MakeTestCert(const char *issuer, --// const char *subject, EVP_PKEY *key, --// bool is_ca) { --// bssl::UniquePtr cert(X509_new()); --// if (!cert || // --// !X509_set_version(cert.get(), X509_VERSION_3) || --// !X509_NAME_add_entry_by_txt( --// X509_get_issuer_name(cert.get()), "CN", MBSTRING_UTF8, --// reinterpret_cast(issuer), -1, -1, 0) || --// !X509_NAME_add_entry_by_txt( --// X509_get_subject_name(cert.get()), "CN", MBSTRING_UTF8, --// reinterpret_cast(subject), -1, -1, 0) || --// !X509_set_pubkey(cert.get(), key) || --// !ASN1_TIME_adj(X509_getm_notBefore(cert.get()), kReferenceTime, -1, 0) || --// !ASN1_TIME_adj(X509_getm_notAfter(cert.get()), kReferenceTime, 1, 0)) { --// return nullptr; --// } --// bssl::UniquePtr bc(BASIC_CONSTRAINTS_new()); --// if (!bc) { --// return nullptr; --// } --// bc->ca = is_ca ? 0xff : 0x00; --// if (!X509_add1_ext_i2d(cert.get(), NID_basic_constraints, bc.get(), --// /*crit=*/1, /*flags=*/0)) { --// return nullptr; --// } --// return cert; --// } -- --// TEST(X509Test, NameConstraints) { --// bssl::UniquePtr key = PrivateKeyFromPEM(kP256Key); --// ASSERT_TRUE(key); -- --// const struct { --// int type; --// std::string name; --// std::string constraint; --// int result; --// } kTests[] = { --// // Empty string matches everything. --// {GEN_DNS, "foo.example.com", "", X509_V_OK}, --// // Name constraints match the entire subtree. --// {GEN_DNS, "foo.example.com", "example.com", X509_V_OK}, --// {GEN_DNS, "foo.example.com", "EXAMPLE.COM", X509_V_OK}, --// {GEN_DNS, "foo.example.com", "xample.com", --// X509_V_ERR_PERMITTED_VIOLATION}, --// {GEN_DNS, "foo.example.com", "unrelated.much.longer.name.example", --// X509_V_ERR_PERMITTED_VIOLATION}, --// // A leading dot means at least one component must be added. --// {GEN_DNS, "foo.example.com", ".example.com", X509_V_OK}, --// {GEN_DNS, "foo.example.com", "foo.example.com", X509_V_OK}, --// {GEN_DNS, "foo.example.com", ".foo.example.com", --// X509_V_ERR_PERMITTED_VIOLATION}, --// {GEN_DNS, "foo.example.com", ".xample.com", --// X509_V_ERR_PERMITTED_VIOLATION}, --// {GEN_DNS, "foo.example.com", ".unrelated.much.longer.name.example", --// X509_V_ERR_PERMITTED_VIOLATION}, --// // NUL bytes, if not rejected, should not confuse the matching logic. --// {GEN_DNS, std::string({'a', '\0', 'a'}), std::string({'a', '\0', 'b'}), --// X509_V_ERR_PERMITTED_VIOLATION}, -- --// // Names must be emails. --// {GEN_EMAIL, "not-an-email.example", "not-an-email.example", --// X509_V_ERR_UNSUPPORTED_NAME_SYNTAX}, --// // A leading dot matches all local names and all subdomains --// {GEN_EMAIL, "foo@bar.example.com", ".example.com", X509_V_OK}, --// {GEN_EMAIL, "foo@bar.example.com", ".EXAMPLE.COM", X509_V_OK}, --// {GEN_EMAIL, "foo@bar.example.com", ".bar.example.com", --// X509_V_ERR_PERMITTED_VIOLATION}, --// // Without a leading dot, the host must match exactly. --// {GEN_EMAIL, "foo@example.com", "example.com", X509_V_OK}, --// {GEN_EMAIL, "foo@example.com", "EXAMPLE.COM", X509_V_OK}, --// {GEN_EMAIL, "foo@bar.example.com", "example.com", --// X509_V_ERR_PERMITTED_VIOLATION}, --// // If the constraint specifies a mailbox, it specifies the whole thing. --// // The halves are compared insensitively. --// {GEN_EMAIL, "foo@example.com", "foo@example.com", X509_V_OK}, --// {GEN_EMAIL, "foo@example.com", "foo@EXAMPLE.COM", X509_V_OK}, --// {GEN_EMAIL, "foo@example.com", "FOO@example.com", --// X509_V_ERR_PERMITTED_VIOLATION}, --// {GEN_EMAIL, "foo@example.com", "bar@example.com", --// X509_V_ERR_PERMITTED_VIOLATION}, --// // OpenSSL ignores a stray leading @. --// {GEN_EMAIL, "foo@example.com", "@example.com", X509_V_OK}, --// {GEN_EMAIL, "foo@example.com", "@EXAMPLE.COM", X509_V_OK}, --// {GEN_EMAIL, "foo@bar.example.com", "@example.com", --// X509_V_ERR_PERMITTED_VIOLATION}, -- --// // Basic syntax check. --// {GEN_URI, "not-a-url", "not-a-url", X509_V_ERR_UNSUPPORTED_NAME_SYNTAX}, --// {GEN_URI, "foo:not-a-url", "not-a-url", --// X509_V_ERR_UNSUPPORTED_NAME_SYNTAX}, --// {GEN_URI, "foo:/not-a-url", "not-a-url", --// X509_V_ERR_UNSUPPORTED_NAME_SYNTAX}, --// {GEN_URI, "foo:///not-a-url", "not-a-url", --// X509_V_ERR_UNSUPPORTED_NAME_SYNTAX}, --// {GEN_URI, "foo://:not-a-url", "not-a-url", --// X509_V_ERR_UNSUPPORTED_NAME_SYNTAX}, --// {GEN_URI, "foo://", "not-a-url", X509_V_ERR_UNSUPPORTED_NAME_SYNTAX}, --// // Hosts are an exact match. --// {GEN_URI, "foo://example.com", "example.com", X509_V_OK}, --// {GEN_URI, "foo://example.com:443", "example.com", X509_V_OK}, --// {GEN_URI, "foo://example.com/whatever", "example.com", X509_V_OK}, --// {GEN_URI, "foo://bar.example.com", "example.com", --// X509_V_ERR_PERMITTED_VIOLATION}, --// {GEN_URI, "foo://bar.example.com:443", "example.com", --// X509_V_ERR_PERMITTED_VIOLATION}, --// {GEN_URI, "foo://bar.example.com/whatever", "example.com", --// X509_V_ERR_PERMITTED_VIOLATION}, --// {GEN_URI, "foo://bar.example.com", "xample.com", --// X509_V_ERR_PERMITTED_VIOLATION}, --// {GEN_URI, "foo://bar.example.com:443", "xample.com", --// X509_V_ERR_PERMITTED_VIOLATION}, --// {GEN_URI, "foo://bar.example.com/whatever", "xample.com", --// X509_V_ERR_PERMITTED_VIOLATION}, --// {GEN_URI, "foo://example.com", "some-other-name.example", --// X509_V_ERR_PERMITTED_VIOLATION}, --// {GEN_URI, "foo://example.com:443", "some-other-name.example", --// X509_V_ERR_PERMITTED_VIOLATION}, --// {GEN_URI, "foo://example.com/whatever", "some-other-name.example", --// X509_V_ERR_PERMITTED_VIOLATION}, --// // A leading dot allows components to be added. --// {GEN_URI, "foo://example.com", ".example.com", --// X509_V_ERR_PERMITTED_VIOLATION}, --// {GEN_URI, "foo://example.com:443", ".example.com", --// X509_V_ERR_PERMITTED_VIOLATION}, --// {GEN_URI, "foo://example.com/whatever", ".example.com", --// X509_V_ERR_PERMITTED_VIOLATION}, --// {GEN_URI, "foo://bar.example.com", ".example.com", X509_V_OK}, --// {GEN_URI, "foo://bar.example.com:443", ".example.com", X509_V_OK}, --// {GEN_URI, "foo://bar.example.com/whatever", ".example.com", X509_V_OK}, --// {GEN_URI, "foo://example.com", ".some-other-name.example", --// X509_V_ERR_PERMITTED_VIOLATION}, --// {GEN_URI, "foo://example.com:443", ".some-other-name.example", --// X509_V_ERR_PERMITTED_VIOLATION}, --// {GEN_URI, "foo://example.com/whatever", ".some-other-name.example", --// X509_V_ERR_PERMITTED_VIOLATION}, --// {GEN_URI, "foo://example.com", ".xample.com", --// X509_V_ERR_PERMITTED_VIOLATION}, --// {GEN_URI, "foo://example.com:443", ".xample.com", --// X509_V_ERR_PERMITTED_VIOLATION}, --// {GEN_URI, "foo://example.com/whatever", ".xample.com", --// X509_V_ERR_PERMITTED_VIOLATION}, --// }; --// for (const auto &t : kTests) { --// SCOPED_TRACE(t.type); --// SCOPED_TRACE(t.name); --// SCOPED_TRACE(t.constraint); -- --// bssl::UniquePtr name = MakeGeneralName(t.type, t.name); --// ASSERT_TRUE(name); --// bssl::UniquePtr names(GENERAL_NAMES_new()); --// ASSERT_TRUE(names); --// ASSERT_TRUE(bssl::PushToStack(names.get(), std::move(name))); -- --// bssl::UniquePtr nc(NAME_CONSTRAINTS_new()); --// ASSERT_TRUE(nc); --// nc->permittedSubtrees = sk_GENERAL_SUBTREE_new_null(); --// ASSERT_TRUE(nc->permittedSubtrees); --// bssl::UniquePtr subtree(GENERAL_SUBTREE_new()); --// ASSERT_TRUE(subtree); --// GENERAL_NAME_free(subtree->base); --// subtree->base = MakeGeneralName(t.type, t.constraint).release(); --// ASSERT_TRUE(subtree->base); --// ASSERT_TRUE(bssl::PushToStack(nc->permittedSubtrees, std::move(subtree))); -- --// bssl::UniquePtr root = --// MakeTestCert("Root", "Root", key.get(), /*is_ca=*/true); --// ASSERT_TRUE(root); --// ASSERT_TRUE(X509_add1_ext_i2d(root.get(), NID_name_constraints, nc.get(), --// /*crit=*/1, /*flags=*/0)); --// ASSERT_TRUE(X509_sign(root.get(), key.get(), EVP_sha256())); -- --// bssl::UniquePtr leaf = --// MakeTestCert("Root", "Leaf", key.get(), /*is_ca=*/false); --// ASSERT_TRUE(leaf); --// ASSERT_TRUE(X509_add1_ext_i2d(leaf.get(), NID_subject_alt_name, names.get(), --// /*crit=*/0, /*flags=*/0)); --// ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256())); -- --// int ret = Verify(leaf.get(), {root.get()}, {}, {}, 0); --// EXPECT_EQ(t.result, ret) << X509_verify_cert_error_string(ret); --// } --// } -+TEST(X509Test, ManyNamesAndConstraints) { -+ bssl::UniquePtr many_constraints(CertFromPEM( -+ GetTestData("crypto/x509/test/many_constraints.pem").c_str())); -+ ASSERT_TRUE(many_constraints); -+ bssl::UniquePtr many_names1( -+ CertFromPEM(GetTestData("crypto/x509/test/many_names1.pem").c_str())); -+ ASSERT_TRUE(many_names1); -+ bssl::UniquePtr many_names2( -+ CertFromPEM(GetTestData("crypto/x509/test/many_names2.pem").c_str())); -+ ASSERT_TRUE(many_names2); -+ bssl::UniquePtr many_names3( -+ CertFromPEM(GetTestData("crypto/x509/test/many_names3.pem").c_str())); -+ ASSERT_TRUE(many_names3); -+ bssl::UniquePtr some_names1( -+ CertFromPEM(GetTestData("crypto/x509/test/some_names1.pem").c_str())); -+ ASSERT_TRUE(some_names1); -+ bssl::UniquePtr some_names2( -+ CertFromPEM(GetTestData("crypto/x509/test/some_names2.pem").c_str())); -+ ASSERT_TRUE(some_names2); -+ bssl::UniquePtr some_names3( -+ CertFromPEM(GetTestData("crypto/x509/test/some_names3.pem").c_str())); -+ ASSERT_TRUE(some_names3); -+ -+ EXPECT_EQ(X509_V_ERR_UNSPECIFIED, -+ Verify(many_names1.get(), {many_constraints.get()}, -+ {many_constraints.get()}, {})); -+ EXPECT_EQ(X509_V_ERR_UNSPECIFIED, -+ Verify(many_names2.get(), {many_constraints.get()}, -+ {many_constraints.get()}, {})); -+ EXPECT_EQ(X509_V_ERR_UNSPECIFIED, -+ Verify(many_names3.get(), {many_constraints.get()}, -+ {many_constraints.get()}, {})); -+ -+ EXPECT_EQ(X509_V_OK, Verify(some_names1.get(), {many_constraints.get()}, -+ {many_constraints.get()}, {})); -+ EXPECT_EQ(X509_V_OK, Verify(some_names2.get(), {many_constraints.get()}, -+ {many_constraints.get()}, {})); -+ EXPECT_EQ(X509_V_OK, Verify(some_names3.get(), {many_constraints.get()}, -+ {many_constraints.get()}, {})); -+} -+ -+bssl::UniquePtr MakeGeneralName(int type, -+ const std::string &value) { -+ if (type != GEN_EMAIL && type != GEN_DNS && type != GEN_URI) { -+ // This function only supports the IA5String types. -+ return nullptr; -+ } -+ bssl::UniquePtr str(ASN1_IA5STRING_new()); -+ bssl::UniquePtr name(GENERAL_NAME_new()); -+ if (!str || !name || -+ !ASN1_STRING_set(str.get(), value.data(), value.size())) { -+ return nullptr; -+ } -+ -+ name->type = type; -+ name->d.ia5 = str.release(); -+ return name; -+} -+ -+static bssl::UniquePtr MakeTestCert(const char *issuer, -+ const char *subject, EVP_PKEY *key, -+ bool is_ca) { -+ bssl::UniquePtr cert(X509_new()); -+ if (!cert || // -+ !X509_set_version(cert.get(), X509_VERSION_3) || -+ !X509_NAME_add_entry_by_txt( -+ X509_get_issuer_name(cert.get()), "CN", MBSTRING_UTF8, -+ reinterpret_cast(issuer), -1, -1, 0) || -+ !X509_NAME_add_entry_by_txt( -+ X509_get_subject_name(cert.get()), "CN", MBSTRING_UTF8, -+ reinterpret_cast(subject), -1, -1, 0) || -+ !X509_set_pubkey(cert.get(), key) || -+ !ASN1_TIME_adj(X509_getm_notBefore(cert.get()), kReferenceTime, -1, 0) || -+ !ASN1_TIME_adj(X509_getm_notAfter(cert.get()), kReferenceTime, 1, 0)) { -+ return nullptr; -+ } -+ bssl::UniquePtr bc(BASIC_CONSTRAINTS_new()); -+ if (!bc) { -+ return nullptr; -+ } -+ bc->ca = is_ca ? 0xff : 0x00; -+ if (!X509_add1_ext_i2d(cert.get(), NID_basic_constraints, bc.get(), -+ /*crit=*/1, /*flags=*/0)) { -+ return nullptr; -+ } -+ return cert; -+} -+ -+TEST(X509Test, NameConstraints) { -+ bssl::UniquePtr key = PrivateKeyFromPEM(kP256Key); -+ ASSERT_TRUE(key); -+ -+ const struct { -+ int type; -+ std::string name; -+ std::string constraint; -+ int result; -+ } kTests[] = { -+ // Empty string matches everything. -+ {GEN_DNS, "foo.example.com", "", X509_V_OK}, -+ // Name constraints match the entire subtree. -+ {GEN_DNS, "foo.example.com", "example.com", X509_V_OK}, -+ {GEN_DNS, "foo.example.com", "EXAMPLE.COM", X509_V_OK}, -+ {GEN_DNS, "foo.example.com", "xample.com", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ {GEN_DNS, "foo.example.com", "unrelated.much.longer.name.example", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ // A leading dot means at least one component must be added. -+ {GEN_DNS, "foo.example.com", ".example.com", X509_V_OK}, -+ {GEN_DNS, "foo.example.com", "foo.example.com", X509_V_OK}, -+ {GEN_DNS, "foo.example.com", ".foo.example.com", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ {GEN_DNS, "foo.example.com", ".xample.com", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ {GEN_DNS, "foo.example.com", ".unrelated.much.longer.name.example", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ // NUL bytes, if not rejected, should not confuse the matching logic. -+ {GEN_DNS, std::string({'a', '\0', 'a'}), std::string({'a', '\0', 'b'}), -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ -+ // Names must be emails. -+ {GEN_EMAIL, "not-an-email.example", "not-an-email.example", -+ X509_V_ERR_UNSUPPORTED_NAME_SYNTAX}, -+ // A leading dot matches all local names and all subdomains -+ {GEN_EMAIL, "foo@bar.example.com", ".example.com", X509_V_OK}, -+ {GEN_EMAIL, "foo@bar.example.com", ".EXAMPLE.COM", X509_V_OK}, -+ {GEN_EMAIL, "foo@bar.example.com", ".bar.example.com", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ // Without a leading dot, the host must match exactly. -+ {GEN_EMAIL, "foo@example.com", "example.com", X509_V_OK}, -+ {GEN_EMAIL, "foo@example.com", "EXAMPLE.COM", X509_V_OK}, -+ {GEN_EMAIL, "foo@bar.example.com", "example.com", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ // If the constraint specifies a mailbox, it specifies the whole thing. -+ // The halves are compared insensitively. -+ {GEN_EMAIL, "foo@example.com", "foo@example.com", X509_V_OK}, -+ {GEN_EMAIL, "foo@example.com", "foo@EXAMPLE.COM", X509_V_OK}, -+ {GEN_EMAIL, "foo@example.com", "FOO@example.com", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ {GEN_EMAIL, "foo@example.com", "bar@example.com", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ // OpenSSL ignores a stray leading @. -+ {GEN_EMAIL, "foo@example.com", "@example.com", X509_V_OK}, -+ {GEN_EMAIL, "foo@example.com", "@EXAMPLE.COM", X509_V_OK}, -+ {GEN_EMAIL, "foo@bar.example.com", "@example.com", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ -+ // Basic syntax check. -+ {GEN_URI, "not-a-url", "not-a-url", X509_V_ERR_UNSUPPORTED_NAME_SYNTAX}, -+ {GEN_URI, "foo:not-a-url", "not-a-url", -+ X509_V_ERR_UNSUPPORTED_NAME_SYNTAX}, -+ {GEN_URI, "foo:/not-a-url", "not-a-url", -+ X509_V_ERR_UNSUPPORTED_NAME_SYNTAX}, -+ {GEN_URI, "foo:///not-a-url", "not-a-url", -+ X509_V_ERR_UNSUPPORTED_NAME_SYNTAX}, -+ {GEN_URI, "foo://:not-a-url", "not-a-url", -+ X509_V_ERR_UNSUPPORTED_NAME_SYNTAX}, -+ {GEN_URI, "foo://", "not-a-url", X509_V_ERR_UNSUPPORTED_NAME_SYNTAX}, -+ // Hosts are an exact match. -+ {GEN_URI, "foo://example.com", "example.com", X509_V_OK}, -+ {GEN_URI, "foo://example.com:443", "example.com", X509_V_OK}, -+ {GEN_URI, "foo://example.com/whatever", "example.com", X509_V_OK}, -+ {GEN_URI, "foo://bar.example.com", "example.com", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ {GEN_URI, "foo://bar.example.com:443", "example.com", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ {GEN_URI, "foo://bar.example.com/whatever", "example.com", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ {GEN_URI, "foo://bar.example.com", "xample.com", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ {GEN_URI, "foo://bar.example.com:443", "xample.com", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ {GEN_URI, "foo://bar.example.com/whatever", "xample.com", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ {GEN_URI, "foo://example.com", "some-other-name.example", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ {GEN_URI, "foo://example.com:443", "some-other-name.example", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ {GEN_URI, "foo://example.com/whatever", "some-other-name.example", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ // A leading dot allows components to be added. -+ {GEN_URI, "foo://example.com", ".example.com", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ {GEN_URI, "foo://example.com:443", ".example.com", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ {GEN_URI, "foo://example.com/whatever", ".example.com", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ {GEN_URI, "foo://bar.example.com", ".example.com", X509_V_OK}, -+ {GEN_URI, "foo://bar.example.com:443", ".example.com", X509_V_OK}, -+ {GEN_URI, "foo://bar.example.com/whatever", ".example.com", X509_V_OK}, -+ {GEN_URI, "foo://example.com", ".some-other-name.example", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ {GEN_URI, "foo://example.com:443", ".some-other-name.example", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ {GEN_URI, "foo://example.com/whatever", ".some-other-name.example", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ {GEN_URI, "foo://example.com", ".xample.com", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ {GEN_URI, "foo://example.com:443", ".xample.com", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ {GEN_URI, "foo://example.com/whatever", ".xample.com", -+ X509_V_ERR_PERMITTED_VIOLATION}, -+ }; -+ for (const auto &t : kTests) { -+ SCOPED_TRACE(t.type); -+ SCOPED_TRACE(t.name); -+ SCOPED_TRACE(t.constraint); -+ -+ bssl::UniquePtr name = MakeGeneralName(t.type, t.name); -+ ASSERT_TRUE(name); -+ bssl::UniquePtr names(GENERAL_NAMES_new()); -+ ASSERT_TRUE(names); -+ ASSERT_TRUE(bssl::PushToStack(names.get(), std::move(name))); -+ -+ bssl::UniquePtr nc(NAME_CONSTRAINTS_new()); -+ ASSERT_TRUE(nc); + bssl::UniquePtr nc(NAME_CONSTRAINTS_new()); + ASSERT_TRUE(nc); +#ifdef BSSL_COMPAT // FIXME: See StackTest.test4 + nc->permittedSubtrees = reinterpret_cast(sk_GENERAL_SUBTREE_new_null()); +#else -+ nc->permittedSubtrees = sk_GENERAL_SUBTREE_new_null(); + nc->permittedSubtrees = sk_GENERAL_SUBTREE_new_null(); +#endif -+ ASSERT_TRUE(nc->permittedSubtrees); -+ bssl::UniquePtr subtree(GENERAL_SUBTREE_new()); -+ ASSERT_TRUE(subtree); -+ GENERAL_NAME_free(subtree->base); -+ subtree->base = MakeGeneralName(t.type, t.constraint).release(); -+ ASSERT_TRUE(subtree->base); + ASSERT_TRUE(nc->permittedSubtrees); + bssl::UniquePtr subtree(GENERAL_SUBTREE_new()); + ASSERT_TRUE(subtree); + GENERAL_NAME_free(subtree->base); + subtree->base = MakeGeneralName(t.type, t.constraint).release(); + ASSERT_TRUE(subtree->base); +#ifdef BSSL_COMPAT // FIXME: + ASSERT_TRUE(bssl::PushToStack(reinterpret_cast(nc->permittedSubtrees), std::move(subtree))); +#else -+ ASSERT_TRUE(bssl::PushToStack(nc->permittedSubtrees, std::move(subtree))); -+#endif -+ -+ bssl::UniquePtr root = -+ MakeTestCert("Root", "Root", key.get(), /*is_ca=*/true); -+ ASSERT_TRUE(root); -+ ASSERT_TRUE(X509_add1_ext_i2d(root.get(), NID_name_constraints, nc.get(), -+ /*crit=*/1, /*flags=*/0)); -+ ASSERT_TRUE(X509_sign(root.get(), key.get(), EVP_sha256())); -+ -+ bssl::UniquePtr leaf = -+ MakeTestCert("Root", "Leaf", key.get(), /*is_ca=*/false); -+ ASSERT_TRUE(leaf); -+ ASSERT_TRUE(X509_add1_ext_i2d(leaf.get(), NID_subject_alt_name, names.get(), -+ /*crit=*/0, /*flags=*/0)); -+ ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256())); -+ -+ int ret = Verify(leaf.get(), {root.get()}, {}, {}, 0); -+ EXPECT_EQ(t.result, ret) << X509_verify_cert_error_string(ret); -+ } -+} - - // TEST(X509Test, PrintGeneralName) { - // // TODO(https://crbug.com/boringssl/430): Add more tests. Also fix the -@@ -1732,36 +1740,36 @@ - // EXPECT_STREQ(value->value, "example.com"); - // } - --// TEST(X509Test, TestPSS) { --// bssl::UniquePtr cert(CertFromPEM(kExamplePSSCert)); --// ASSERT_TRUE(cert); -+TEST(X509Test, TestPSS) { -+ bssl::UniquePtr cert(CertFromPEM(kExamplePSSCert)); -+ ASSERT_TRUE(cert); - --// bssl::UniquePtr pkey(X509_get_pubkey(cert.get())); --// ASSERT_TRUE(pkey); -+ bssl::UniquePtr pkey(X509_get_pubkey(cert.get())); -+ ASSERT_TRUE(pkey); - --// ASSERT_TRUE(X509_verify(cert.get(), pkey.get())); --// } -+ ASSERT_TRUE(X509_verify(cert.get(), pkey.get())); -+} - --// TEST(X509Test, TestPSSBadParameters) { --// bssl::UniquePtr cert(CertFromPEM(kBadPSSCertPEM)); --// ASSERT_TRUE(cert); -+TEST(X509Test, TestPSSBadParameters) { -+ bssl::UniquePtr cert(CertFromPEM(kBadPSSCertPEM)); -+ ASSERT_TRUE(cert); - --// bssl::UniquePtr pkey(X509_get_pubkey(cert.get())); --// ASSERT_TRUE(pkey); -+ bssl::UniquePtr pkey(X509_get_pubkey(cert.get())); -+ ASSERT_TRUE(pkey); - --// ASSERT_FALSE(X509_verify(cert.get(), pkey.get())); --// ERR_clear_error(); --// } -+ ASSERT_FALSE(X509_verify(cert.get(), pkey.get())); -+ ERR_clear_error(); -+} - --// TEST(X509Test, TestEd25519) { --// bssl::UniquePtr cert(CertFromPEM(kEd25519Cert)); --// ASSERT_TRUE(cert); -+TEST(X509Test, TestEd25519) { -+ bssl::UniquePtr cert(CertFromPEM(kEd25519Cert)); -+ ASSERT_TRUE(cert); - --// bssl::UniquePtr pkey(X509_get_pubkey(cert.get())); --// ASSERT_TRUE(pkey); -+ bssl::UniquePtr pkey(X509_get_pubkey(cert.get())); -+ ASSERT_TRUE(pkey); - --// ASSERT_TRUE(X509_verify(cert.get(), pkey.get())); --// } -+ ASSERT_TRUE(X509_verify(cert.get(), pkey.get())); -+} - - // TEST(X509Test, TestEd25519BadParameters) { - // bssl::UniquePtr cert(CertFromPEM(kEd25519CertNull)); -@@ -2204,61 +2212,61 @@ - // } - // } - --// TEST(X509Test, X509NameSet) { --// bssl::UniquePtr name(X509_NAME_new()); --// EXPECT_TRUE(X509_NAME_add_entry_by_txt( --// name.get(), "C", MBSTRING_ASC, reinterpret_cast("US"), --// -1, -1, 0)); --// EXPECT_EQ(X509_NAME_entry_count(name.get()), 1); --// EXPECT_TRUE(X509_NAME_add_entry_by_txt( --// name.get(), "C", MBSTRING_ASC, reinterpret_cast("CA"), --// -1, -1, 0)); --// EXPECT_EQ(X509_NAME_entry_count(name.get()), 2); --// EXPECT_TRUE(X509_NAME_add_entry_by_txt( --// name.get(), "C", MBSTRING_ASC, reinterpret_cast("UK"), --// -1, -1, 0)); --// EXPECT_EQ(X509_NAME_entry_count(name.get()), 3); --// EXPECT_TRUE(X509_NAME_add_entry_by_txt( --// name.get(), "C", MBSTRING_ASC, reinterpret_cast("JP"), --// -1, 1, 0)); --// EXPECT_EQ(X509_NAME_entry_count(name.get()), 4); -- --// // Check that the correct entries get incremented when inserting new entry. --// EXPECT_EQ(X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), 1)), 1); --// EXPECT_EQ(X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), 2)), 2); --// } -- --// TEST(X509Test, NoBasicConstraintsCertSign) { --// bssl::UniquePtr root(CertFromPEM(kSANTypesRoot)); --// bssl::UniquePtr intermediate( --// CertFromPEM(kNoBasicConstraintsCertSignIntermediate)); --// bssl::UniquePtr leaf(CertFromPEM(kNoBasicConstraintsCertSignLeaf)); -- --// ASSERT_TRUE(root); --// ASSERT_TRUE(intermediate); --// ASSERT_TRUE(leaf); -- --// // The intermediate has keyUsage certSign, but is not marked as a CA in the --// // basicConstraints. --// EXPECT_EQ(X509_V_ERR_INVALID_CA, --// Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0)); --// } -- --// TEST(X509Test, NoBasicConstraintsNetscapeCA) { --// bssl::UniquePtr root(CertFromPEM(kSANTypesRoot)); --// bssl::UniquePtr intermediate( --// CertFromPEM(kNoBasicConstraintsNetscapeCAIntermediate)); --// bssl::UniquePtr leaf(CertFromPEM(kNoBasicConstraintsNetscapeCALeaf)); -- --// ASSERT_TRUE(root); --// ASSERT_TRUE(intermediate); --// ASSERT_TRUE(leaf); -- --// // The intermediate has a Netscape certificate type of "SSL CA", but is not --// // marked as a CA in the basicConstraints. --// EXPECT_EQ(X509_V_ERR_INVALID_CA, --// Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0)); --// } -+TEST(X509Test, X509NameSet) { -+ bssl::UniquePtr name(X509_NAME_new()); -+ EXPECT_TRUE(X509_NAME_add_entry_by_txt( -+ name.get(), "C", MBSTRING_ASC, reinterpret_cast("US"), -+ -1, -1, 0)); -+ EXPECT_EQ(X509_NAME_entry_count(name.get()), 1); -+ EXPECT_TRUE(X509_NAME_add_entry_by_txt( -+ name.get(), "C", MBSTRING_ASC, reinterpret_cast("CA"), -+ -1, -1, 0)); -+ EXPECT_EQ(X509_NAME_entry_count(name.get()), 2); -+ EXPECT_TRUE(X509_NAME_add_entry_by_txt( -+ name.get(), "C", MBSTRING_ASC, reinterpret_cast("UK"), -+ -1, -1, 0)); -+ EXPECT_EQ(X509_NAME_entry_count(name.get()), 3); -+ EXPECT_TRUE(X509_NAME_add_entry_by_txt( -+ name.get(), "C", MBSTRING_ASC, reinterpret_cast("JP"), -+ -1, 1, 0)); -+ EXPECT_EQ(X509_NAME_entry_count(name.get()), 4); -+ -+ // Check that the correct entries get incremented when inserting new entry. -+ EXPECT_EQ(X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), 1)), 1); -+ EXPECT_EQ(X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), 2)), 2); -+} -+ -+TEST(X509Test, NoBasicConstraintsCertSign) { -+ bssl::UniquePtr root(CertFromPEM(kSANTypesRoot)); -+ bssl::UniquePtr intermediate( -+ CertFromPEM(kNoBasicConstraintsCertSignIntermediate)); -+ bssl::UniquePtr leaf(CertFromPEM(kNoBasicConstraintsCertSignLeaf)); -+ -+ ASSERT_TRUE(root); -+ ASSERT_TRUE(intermediate); -+ ASSERT_TRUE(leaf); -+ -+ // The intermediate has keyUsage certSign, but is not marked as a CA in the -+ // basicConstraints. -+ EXPECT_EQ(X509_V_ERR_INVALID_CA, -+ Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0)); -+} -+ -+TEST(X509Test, NoBasicConstraintsNetscapeCA) { -+ bssl::UniquePtr root(CertFromPEM(kSANTypesRoot)); -+ bssl::UniquePtr intermediate( -+ CertFromPEM(kNoBasicConstraintsNetscapeCAIntermediate)); -+ bssl::UniquePtr leaf(CertFromPEM(kNoBasicConstraintsNetscapeCALeaf)); -+ -+ ASSERT_TRUE(root); -+ ASSERT_TRUE(intermediate); -+ ASSERT_TRUE(leaf); -+ -+ // The intermediate has a Netscape certificate type of "SSL CA", but is not -+ // marked as a CA in the basicConstraints. -+ EXPECT_EQ(X509_V_ERR_INVALID_CA, -+ Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0)); -+} - - // TEST(X509Test, MismatchAlgorithms) { - // bssl::UniquePtr cert(CertFromPEM(kSelfSignedMismatchAlgorithms)); -@@ -2273,127 +2281,127 @@ - // EXPECT_EQ(X509_R_SIGNATURE_ALGORITHM_MISMATCH, ERR_GET_REASON(err)); - // } - --// TEST(X509Test, PEMX509Info) { --// std::string cert = kRootCAPEM; --// auto cert_obj = CertFromPEM(kRootCAPEM); --// ASSERT_TRUE(cert_obj); -- --// std::string rsa = kRSAKey; --// auto rsa_obj = PrivateKeyFromPEM(kRSAKey); --// ASSERT_TRUE(rsa_obj); -- --// std::string crl = kBasicCRL; --// auto crl_obj = CRLFromPEM(kBasicCRL); --// ASSERT_TRUE(crl_obj); -- --// std::string unknown = --// "-----BEGIN UNKNOWN-----\n" --// "AAAA\n" --// "-----END UNKNOWN-----\n"; -- --// std::string invalid = --// "-----BEGIN CERTIFICATE-----\n" --// "AAAA\n" --// "-----END CERTIFICATE-----\n"; -- --// // Each X509_INFO contains at most one certificate, CRL, etc. The format --// // creates a new X509_INFO when a repeated type is seen. --// std::string pem = --// // The first few entries have one of everything in different orders. --// cert + rsa + crl + --// rsa + crl + cert + --// // Unknown types are ignored. --// crl + unknown + cert + rsa + --// // Seeing a new certificate starts a new entry, so now we have a bunch of --// // certificate-only entries. --// cert + cert + cert + --// // The key folds into the certificate's entry. --// cert + rsa + --// // Doubled keys also start new entries. --// rsa + rsa + rsa + rsa + crl + --// // As do CRLs. --// crl + crl; -- --// const struct ExpectedInfo { --// const X509 *cert; --// const EVP_PKEY *key; --// const X509_CRL *crl; --// } kExpected[] = { --// {cert_obj.get(), rsa_obj.get(), crl_obj.get()}, --// {cert_obj.get(), rsa_obj.get(), crl_obj.get()}, --// {cert_obj.get(), rsa_obj.get(), crl_obj.get()}, --// {cert_obj.get(), nullptr, nullptr}, --// {cert_obj.get(), nullptr, nullptr}, --// {cert_obj.get(), nullptr, nullptr}, --// {cert_obj.get(), rsa_obj.get(), nullptr}, --// {nullptr, rsa_obj.get(), nullptr}, --// {nullptr, rsa_obj.get(), nullptr}, --// {nullptr, rsa_obj.get(), nullptr}, --// {nullptr, rsa_obj.get(), crl_obj.get()}, --// {nullptr, nullptr, crl_obj.get()}, --// {nullptr, nullptr, crl_obj.get()}, --// }; -- --// auto check_info = [](const ExpectedInfo *expected, const X509_INFO *info) { --// if (expected->cert != nullptr) { --// EXPECT_EQ(0, X509_cmp(expected->cert, info->x509)); --// } else { --// EXPECT_EQ(nullptr, info->x509); --// } --// if (expected->crl != nullptr) { --// EXPECT_EQ(0, X509_CRL_cmp(expected->crl, info->crl)); --// } else { --// EXPECT_EQ(nullptr, info->crl); --// } --// if (expected->key != nullptr) { --// ASSERT_NE(nullptr, info->x_pkey); --// // EVP_PKEY_cmp returns one if the keys are equal. --// EXPECT_EQ(1, EVP_PKEY_cmp(expected->key, info->x_pkey->dec_pkey)); --// } else { --// EXPECT_EQ(nullptr, info->x_pkey); --// } --// }; -- --// bssl::UniquePtr bio(BIO_new_mem_buf(pem.data(), pem.size())); --// ASSERT_TRUE(bio); --// bssl::UniquePtr infos( --// PEM_X509_INFO_read_bio(bio.get(), nullptr, nullptr, nullptr)); --// ASSERT_TRUE(infos); --// ASSERT_EQ(OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get())); --// for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kExpected); i++) { --// SCOPED_TRACE(i); --// check_info(&kExpected[i], sk_X509_INFO_value(infos.get(), i)); --// } -- --// // Passing an existing stack appends to it. --// bio.reset(BIO_new_mem_buf(pem.data(), pem.size())); --// ASSERT_TRUE(bio); --// ASSERT_EQ(infos.get(), --// PEM_X509_INFO_read_bio(bio.get(), infos.get(), nullptr, nullptr)); --// ASSERT_EQ(2 * OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get())); --// for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kExpected); i++) { --// SCOPED_TRACE(i); --// check_info(&kExpected[i], sk_X509_INFO_value(infos.get(), i)); --// check_info( --// &kExpected[i], --// sk_X509_INFO_value(infos.get(), i + OPENSSL_ARRAY_SIZE(kExpected))); --// } -- --// // Gracefully handle errors in both the append and fresh cases. --// std::string bad_pem = cert + cert + invalid; -- --// bio.reset(BIO_new_mem_buf(bad_pem.data(), bad_pem.size())); --// ASSERT_TRUE(bio); --// bssl::UniquePtr infos2( --// PEM_X509_INFO_read_bio(bio.get(), nullptr, nullptr, nullptr)); --// EXPECT_FALSE(infos2); -- --// bio.reset(BIO_new_mem_buf(bad_pem.data(), bad_pem.size())); --// ASSERT_TRUE(bio); --// EXPECT_FALSE( --// PEM_X509_INFO_read_bio(bio.get(), infos.get(), nullptr, nullptr)); --// EXPECT_EQ(2 * OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get())); --// } -+TEST(X509Test, PEMX509Info) { -+ std::string cert = kRootCAPEM; -+ auto cert_obj = CertFromPEM(kRootCAPEM); -+ ASSERT_TRUE(cert_obj); -+ -+ std::string rsa = kRSAKey; -+ auto rsa_obj = PrivateKeyFromPEM(kRSAKey); -+ ASSERT_TRUE(rsa_obj); -+ -+ std::string crl = kBasicCRL; -+ auto crl_obj = CRLFromPEM(kBasicCRL); -+ ASSERT_TRUE(crl_obj); -+ -+ std::string unknown = -+ "-----BEGIN UNKNOWN-----\n" -+ "AAAA\n" -+ "-----END UNKNOWN-----\n"; -+ -+ std::string invalid = -+ "-----BEGIN CERTIFICATE-----\n" -+ "AAAA\n" -+ "-----END CERTIFICATE-----\n"; -+ -+ // Each X509_INFO contains at most one certificate, CRL, etc. The format -+ // creates a new X509_INFO when a repeated type is seen. -+ std::string pem = -+ // The first few entries have one of everything in different orders. -+ cert + rsa + crl + -+ rsa + crl + cert + -+ // Unknown types are ignored. -+ crl + unknown + cert + rsa + -+ // Seeing a new certificate starts a new entry, so now we have a bunch of -+ // certificate-only entries. -+ cert + cert + cert + -+ // The key folds into the certificate's entry. -+ cert + rsa + -+ // Doubled keys also start new entries. -+ rsa + rsa + rsa + rsa + crl + -+ // As do CRLs. -+ crl + crl; -+ -+ const struct ExpectedInfo { -+ const X509 *cert; -+ const EVP_PKEY *key; -+ const X509_CRL *crl; -+ } kExpected[] = { -+ {cert_obj.get(), rsa_obj.get(), crl_obj.get()}, -+ {cert_obj.get(), rsa_obj.get(), crl_obj.get()}, -+ {cert_obj.get(), rsa_obj.get(), crl_obj.get()}, -+ {cert_obj.get(), nullptr, nullptr}, -+ {cert_obj.get(), nullptr, nullptr}, -+ {cert_obj.get(), nullptr, nullptr}, -+ {cert_obj.get(), rsa_obj.get(), nullptr}, -+ {nullptr, rsa_obj.get(), nullptr}, -+ {nullptr, rsa_obj.get(), nullptr}, -+ {nullptr, rsa_obj.get(), nullptr}, -+ {nullptr, rsa_obj.get(), crl_obj.get()}, -+ {nullptr, nullptr, crl_obj.get()}, -+ {nullptr, nullptr, crl_obj.get()}, -+ }; -+ -+ auto check_info = [](const ExpectedInfo *expected, const X509_INFO *info) { -+ if (expected->cert != nullptr) { -+ EXPECT_EQ(0, X509_cmp(expected->cert, info->x509)); -+ } else { -+ EXPECT_EQ(nullptr, info->x509); -+ } -+ if (expected->crl != nullptr) { -+ EXPECT_EQ(0, X509_CRL_cmp(expected->crl, info->crl)); -+ } else { -+ EXPECT_EQ(nullptr, info->crl); -+ } -+ if (expected->key != nullptr) { -+ ASSERT_NE(nullptr, info->x_pkey); -+ // EVP_PKEY_cmp returns one if the keys are equal. -+ EXPECT_EQ(1, EVP_PKEY_cmp(expected->key, info->x_pkey->dec_pkey)); -+ } else { -+ EXPECT_EQ(nullptr, info->x_pkey); -+ } -+ }; -+ -+ bssl::UniquePtr bio(BIO_new_mem_buf(pem.data(), pem.size())); -+ ASSERT_TRUE(bio); -+ bssl::UniquePtr infos( -+ PEM_X509_INFO_read_bio(bio.get(), nullptr, nullptr, nullptr)); -+ ASSERT_TRUE(infos); -+ ASSERT_EQ(OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get())); -+ for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kExpected); i++) { -+ SCOPED_TRACE(i); -+ check_info(&kExpected[i], sk_X509_INFO_value(infos.get(), i)); -+ } -+ -+ // Passing an existing stack appends to it. -+ bio.reset(BIO_new_mem_buf(pem.data(), pem.size())); -+ ASSERT_TRUE(bio); -+ ASSERT_EQ(infos.get(), -+ PEM_X509_INFO_read_bio(bio.get(), infos.get(), nullptr, nullptr)); -+ ASSERT_EQ(2 * OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get())); -+ for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kExpected); i++) { -+ SCOPED_TRACE(i); -+ check_info(&kExpected[i], sk_X509_INFO_value(infos.get(), i)); -+ check_info( -+ &kExpected[i], -+ sk_X509_INFO_value(infos.get(), i + OPENSSL_ARRAY_SIZE(kExpected))); -+ } -+ -+ // Gracefully handle errors in both the append and fresh cases. -+ std::string bad_pem = cert + cert + invalid; -+ -+ bio.reset(BIO_new_mem_buf(bad_pem.data(), bad_pem.size())); -+ ASSERT_TRUE(bio); -+ bssl::UniquePtr infos2( -+ PEM_X509_INFO_read_bio(bio.get(), nullptr, nullptr, nullptr)); -+ EXPECT_FALSE(infos2); -+ -+ bio.reset(BIO_new_mem_buf(bad_pem.data(), bad_pem.size())); -+ ASSERT_TRUE(bio); -+ EXPECT_FALSE( -+ PEM_X509_INFO_read_bio(bio.get(), infos.get(), nullptr, nullptr)); -+ EXPECT_EQ(2 * OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get())); -+} - - // TEST(X509Test, ReadBIOEmpty) { - // bssl::UniquePtr bio(BIO_new_mem_buf(nullptr, 0)); -@@ -2411,7 +2419,7 @@ - // TEST(X509Test, ReadBIOOneByte) { - // bssl::UniquePtr bio(BIO_new_mem_buf("\x30", 1)); - // ASSERT_TRUE(bio); -- -+// - // // CPython expects |ASN1_R_HEADER_TOO_LONG| on EOF, to terminate a series of - // // certificates. This EOF appeared after some data, however, so we do not wish - // // to signal EOF. -@@ -2678,81 +2686,84 @@ - - // Test that invalid extensions are rejected by, if not the parser, at least the - // verifier. --// TEST(X509Test, InvalidExtensions) { --// bssl::UniquePtr root = CertFromPEM( --// GetTestData("crypto/x509/test/invalid_extension_root.pem").c_str()); --// ASSERT_TRUE(root); --// bssl::UniquePtr intermediate = CertFromPEM( --// GetTestData("crypto/x509/test/invalid_extension_intermediate.pem") --// .c_str()); --// ASSERT_TRUE(intermediate); --// bssl::UniquePtr leaf = CertFromPEM( --// GetTestData("crypto/x509/test/invalid_extension_leaf.pem").c_str()); --// ASSERT_TRUE(leaf); -- --// // Sanity-check that the baseline chain is accepted. --// EXPECT_EQ(X509_V_OK, --// Verify(leaf.get(), {root.get()}, {intermediate.get()}, {})); -- --// static const char *kExtensions[] = { --// "authority_key_identifier", --// "basic_constraints", --// "ext_key_usage", --// "key_usage", --// "name_constraints", --// "subject_alt_name", --// "subject_key_identifier", --// }; --// for (const char *ext : kExtensions) { --// SCOPED_TRACE(ext); --// bssl::UniquePtr invalid_root = CertFromPEM( --// GetTestData((std::string("crypto/x509/test/invalid_extension_root_") + --// ext + ".pem") --// .c_str()) --// .c_str()); --// ASSERT_TRUE(invalid_root); -- --// bssl::UniquePtr invalid_intermediate = CertFromPEM( --// GetTestData( --// (std::string("crypto/x509/test/invalid_extension_intermediate_") + --// ext + ".pem") --// .c_str()) --// .c_str()); --// ASSERT_TRUE(invalid_intermediate); -- --// bssl::UniquePtr invalid_leaf = CertFromPEM( --// GetTestData((std::string("crypto/x509/test/invalid_extension_leaf_") + --// ext + ".pem") --// .c_str()) --// .c_str()); --// ASSERT_TRUE(invalid_leaf); -- --// bssl::UniquePtr trailing_leaf = CertFromPEM( --// GetTestData((std::string("crypto/x509/test/trailing_data_leaf_") + --// ext + ".pem") --// .c_str()) --// .c_str()); --// ASSERT_TRUE(trailing_leaf); -- --// EXPECT_EQ( --// X509_V_ERR_INVALID_EXTENSION, --// Verify(invalid_leaf.get(), {root.get()}, {intermediate.get()}, {})); -- --// EXPECT_EQ( --// X509_V_ERR_INVALID_EXTENSION, --// Verify(trailing_leaf.get(), {root.get()}, {intermediate.get()}, {})); -- --// // If the invalid extension is on an intermediate or root, --// // |X509_verify_cert| notices by way of being unable to build a path to --// // a valid issuer. --// EXPECT_EQ( --// X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, --// Verify(leaf.get(), {root.get()}, {invalid_intermediate.get()}, {})); --// EXPECT_EQ( --// X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, --// Verify(leaf.get(), {invalid_root.get()}, {intermediate.get()}, {})); --// } --// } -+TEST(X509Test, InvalidExtensions) { -+#ifdef BSSL_COMPAT -+ GTEST_SKIP() << "TODO: Investigate failures on BSSL_COMPAT"; + ASSERT_TRUE(bssl::PushToStack(nc->permittedSubtrees, std::move(subtree))); +#endif -+ bssl::UniquePtr root = CertFromPEM( -+ GetTestData("crypto/x509/test/invalid_extension_root.pem").c_str()); -+ ASSERT_TRUE(root); -+ bssl::UniquePtr intermediate = CertFromPEM( -+ GetTestData("crypto/x509/test/invalid_extension_intermediate.pem") -+ .c_str()); -+ ASSERT_TRUE(intermediate); -+ bssl::UniquePtr leaf = CertFromPEM( -+ GetTestData("crypto/x509/test/invalid_extension_leaf.pem").c_str()); -+ ASSERT_TRUE(leaf); -+ -+ // Sanity-check that the baseline chain is accepted. -+ EXPECT_EQ(X509_V_OK, -+ Verify(leaf.get(), {root.get()}, {intermediate.get()}, {})); -+ -+ static const char *kExtensions[] = { -+ "authority_key_identifier", -+ "basic_constraints", -+ "ext_key_usage", -+ "key_usage", -+ "name_constraints", -+ "subject_alt_name", -+ "subject_key_identifier", -+ }; -+ for (const char *ext : kExtensions) { -+ SCOPED_TRACE(ext); -+ bssl::UniquePtr invalid_root = CertFromPEM( -+ GetTestData((std::string("crypto/x509/test/invalid_extension_root_") + -+ ext + ".pem") -+ .c_str()) -+ .c_str()); -+ ASSERT_TRUE(invalid_root); -+ -+ bssl::UniquePtr invalid_intermediate = CertFromPEM( -+ GetTestData( -+ (std::string("crypto/x509/test/invalid_extension_intermediate_") + -+ ext + ".pem") -+ .c_str()) -+ .c_str()); -+ ASSERT_TRUE(invalid_intermediate); -+ -+ bssl::UniquePtr invalid_leaf = CertFromPEM( -+ GetTestData((std::string("crypto/x509/test/invalid_extension_leaf_") + -+ ext + ".pem") -+ .c_str()) -+ .c_str()); -+ ASSERT_TRUE(invalid_leaf); -+ -+ bssl::UniquePtr trailing_leaf = CertFromPEM( -+ GetTestData((std::string("crypto/x509/test/trailing_data_leaf_") + -+ ext + ".pem") -+ .c_str()) -+ .c_str()); -+ ASSERT_TRUE(trailing_leaf); -+ -+ EXPECT_EQ( -+ X509_V_ERR_INVALID_EXTENSION, -+ Verify(invalid_leaf.get(), {root.get()}, {intermediate.get()}, {})); -+ -+ EXPECT_EQ( -+ X509_V_ERR_INVALID_EXTENSION, -+ Verify(trailing_leaf.get(), {root.get()}, {intermediate.get()}, {})); -+ -+ // If the invalid extension is on an intermediate or root, -+ // |X509_verify_cert| notices by way of being unable to build a path to -+ // a valid issuer. -+ EXPECT_EQ( -+ X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, -+ Verify(leaf.get(), {root.get()}, {invalid_intermediate.get()}, {})); -+ EXPECT_EQ( -+ X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, -+ Verify(leaf.get(), {invalid_root.get()}, {intermediate.get()}, {})); -+ } -+} - - // kExplicitDefaultVersionPEM is an X.509v1 certificate with the version number - // encoded explicitly, rather than omitted as required by DER. -@@ -2991,336 +3002,344 @@ - - // Unlike upstream OpenSSL, we require a non-null store in - // |X509_STORE_CTX_init|. --// TEST(X509Test, NullStore) { --// bssl::UniquePtr leaf(CertFromPEM(kLeafPEM)); --// ASSERT_TRUE(leaf); --// bssl::UniquePtr ctx(X509_STORE_CTX_new()); --// ASSERT_TRUE(ctx); --// EXPECT_FALSE(X509_STORE_CTX_init(ctx.get(), nullptr, leaf.get(), nullptr)); --// } -- --// TEST(X509Test, BasicConstraints) { --// const uint32_t kFlagMask = EXFLAG_CA | EXFLAG_BCONS | EXFLAG_INVALID; -- --// static const struct { --// const char *file; --// uint32_t flags; --// int path_len; --// } kTests[] = { --// {"basic_constraints_none.pem", 0, -1}, --// {"basic_constraints_ca.pem", EXFLAG_CA | EXFLAG_BCONS, -1}, --// {"basic_constraints_ca_pathlen_0.pem", EXFLAG_CA | EXFLAG_BCONS, 0}, --// {"basic_constraints_ca_pathlen_1.pem", EXFLAG_CA | EXFLAG_BCONS, 1}, --// {"basic_constraints_ca_pathlen_10.pem", EXFLAG_CA | EXFLAG_BCONS, 10}, --// {"basic_constraints_leaf.pem", EXFLAG_BCONS, -1}, --// {"invalid_extension_leaf_basic_constraints.pem", EXFLAG_INVALID, -1}, --// }; -- --// for (const auto &test : kTests) { --// SCOPED_TRACE(test.file); -- --// std::string path = "crypto/x509/test/"; --// path += test.file; -- --// bssl::UniquePtr cert = CertFromPEM(GetTestData(path.c_str()).c_str()); --// ASSERT_TRUE(cert); --// EXPECT_EQ(test.flags, X509_get_extension_flags(cert.get()) & kFlagMask); --// EXPECT_EQ(test.path_len, X509_get_pathlen(cert.get())); --// } --// } -+TEST(X509Test, NullStore) { -+ bssl::UniquePtr leaf(CertFromPEM(kLeafPEM)); -+ ASSERT_TRUE(leaf); -+ bssl::UniquePtr ctx(X509_STORE_CTX_new()); -+ ASSERT_TRUE(ctx); -+ EXPECT_FALSE(X509_STORE_CTX_init(ctx.get(), nullptr, leaf.get(), nullptr)); -+} -+ -+TEST(X509Test, BasicConstraints) { -+ const uint32_t kFlagMask = EXFLAG_CA | EXFLAG_BCONS | EXFLAG_INVALID; -+ -+ static const struct { -+ const char *file; -+ uint32_t flags; -+ int path_len; -+ } kTests[] = { -+ {"basic_constraints_none.pem", 0, -1}, -+ {"basic_constraints_ca.pem", EXFLAG_CA | EXFLAG_BCONS, -1}, -+ {"basic_constraints_ca_pathlen_0.pem", EXFLAG_CA | EXFLAG_BCONS, 0}, -+ {"basic_constraints_ca_pathlen_1.pem", EXFLAG_CA | EXFLAG_BCONS, 1}, -+ {"basic_constraints_ca_pathlen_10.pem", EXFLAG_CA | EXFLAG_BCONS, 10}, -+ {"basic_constraints_leaf.pem", EXFLAG_BCONS, -1}, -+ {"invalid_extension_leaf_basic_constraints.pem", EXFLAG_INVALID, -1}, -+ }; -+ -+ for (const auto &test : kTests) { -+ SCOPED_TRACE(test.file); -+ -+ std::string path = "crypto/x509/test/"; -+ path += test.file; -+ -+ bssl::UniquePtr cert = CertFromPEM(GetTestData(path.c_str()).c_str()); -+ ASSERT_TRUE(cert); -+ EXPECT_EQ(test.flags, X509_get_extension_flags(cert.get()) & kFlagMask); -+ EXPECT_EQ(test.path_len, X509_get_pathlen(cert.get())); -+ } -+} - // The following strings are test certificates signed by kP256Key and kRSAKey, - // with missing, NULL, or invalid algorithm parameters. --// static const char kP256NoParam[] = R"( --// -----BEGIN CERTIFICATE----- --// MIIBIDCBxqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX --// DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0 --// MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke --// DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQMA4w --// DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEAqdIiF+bN9Cl44oUeICpy --// aXd7HqhpVUaglYKw9ChmNUACIQCpMdL0fNkFNDbRww9dSl/y7kBdk/tp16HiqeSy --// gGzFYg== --// -----END CERTIFICATE----- --// )"; --// static const char kP256NullParam[] = R"( --// -----BEGIN CERTIFICATE----- --// MIIBJDCByKADAgECAgIE0jAMBggqhkjOPQQDAgUAMA8xDTALBgNVBAMTBFRlc3Qw --// IBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMA8xDTALBgNVBAMTBFRl --// c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2niv2Wfl74vHg2UikzVl2u3 --// qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLBoxAw --// DjAMBgNVHRMEBTADAQH/MAwGCCqGSM49BAMCBQADSQAwRgIhAKILHmyo+F3Cn/VX --// UUeSXOQQKX5aLzsQitwwmNF3ZgH3AiEAsYHcrVj/ftmoQIORARkQ/+PrqntXev8r --// t6uPxHrmpUY= --// -----END CERTIFICATE----- --// )"; --// static const char kP256InvalidParam[] = R"( --// -----BEGIN CERTIFICATE----- --// MIIBMTCBz6ADAgECAgIE0jATBggqhkjOPQQDAgQHZ2FyYmFnZTAPMQ0wCwYDVQQD --// EwRUZXN0MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYD --// VQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4N --// lIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1L --// z3IiwaMQMA4wDAYDVR0TBAUwAwEB/zATBggqhkjOPQQDAgQHZ2FyYmFnZQNIADBF --// AiAglpDf/YhN89LeJ2WAs/F0SJIrsuhS4uoInIz6WXUiuQIhAIu5Pwhp5E3Pbo8y --// fLULTZnynuQUULQkRcF7S7T2WpIL --// -----END CERTIFICATE----- --// )"; --// static const char kRSANoParam[] = R"( --// -----BEGIN CERTIFICATE----- --// MIIBWzCBx6ADAgECAgIE0jALBgkqhkiG9w0BAQswDzENMAsGA1UEAxMEVGVzdDAg --// Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz --// dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep --// Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO --// MAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4GBAC1f8W3W0Ao7CPfIBQYDSbPh --// brZpbxdBU5x27JOS7iSa+Lc9pEH5VCX9vIypHVHXLPEfZ38yIt11eiyrmZB6w62N --// l9kIeZ6FVPmC30d3sXx70Jjs+ZX9yt7kD1gLyNAQQfeYfa4rORAZT1n2YitD74NY --// TWUH2ieFP3l+ecj1SeQR --// -----END CERTIFICATE----- --// )"; --// static const char kRSANullParam[] = R"( --// -----BEGIN CERTIFICATE----- --// MIIBXzCByaADAgECAgIE0jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRUZXN0 --// MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRU --// ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdr --// t6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQ --// MA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAzVcfIv+Rq1KrMXqIL --// fPq/cWZjgqFZA1RGaGElNaqp+rkJfamq5tDGzckWpebrK+jjRN7yIlcWDtPpy3Gy --// seZfvtBDR0TwJm0S/pQl8prKB4wgALcwe3bmi56Rq85nzY5ZLNcP16LQxL+jAAua --// SwmQUz4bRpckRBj+sIyp1We+pg== --// -----END CERTIFICATE----- --// )"; --// static const char kRSAInvalidParam[] = R"( --// -----BEGIN CERTIFICATE----- --// MIIBbTCB0KADAgECAgIE0jAUBgkqhkiG9w0BAQsEB2dhcmJhZ2UwDzENMAsGA1UE --// AxMEVGVzdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsG --// A1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8e --// DZSKTNWXa7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQt --// S89yIsGjEDAOMAwGA1UdEwQFMAMBAf8wFAYJKoZIhvcNAQELBAdnYXJiYWdlA4GB --// AHTJ6cWWjCNrZhqiWWVI3jdK+h5xpRG8jGMXxR4JnjtoYRRusJLOXhmapwCB6fA0 --// 4vc+66O27v36yDmQX+tIc/hDrTpKNJptU8q3n2VagREvoHhkOTYkcCeS8vmnMtn8 --// 5OMNZ/ajVwOssw61GcAlScRqEHkZFBoGp7e+QpgB2tf9 --// -----END CERTIFICATE----- --// )"; -- --// TEST(X509Test, AlgorithmParameters) { --// // P-256 parameters should be omitted, but we accept NULL ones. --// bssl::UniquePtr key = PrivateKeyFromPEM(kP256Key); --// ASSERT_TRUE(key); -- --// bssl::UniquePtr cert = CertFromPEM(kP256NoParam); --// ASSERT_TRUE(cert); --// EXPECT_TRUE(X509_verify(cert.get(), key.get())); -- --// cert = CertFromPEM(kP256NullParam); --// ASSERT_TRUE(cert); --// EXPECT_TRUE(X509_verify(cert.get(), key.get())); -- --// cert = CertFromPEM(kP256InvalidParam); --// ASSERT_TRUE(cert); --// EXPECT_FALSE(X509_verify(cert.get(), key.get())); --// uint32_t err = ERR_get_error(); --// EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err)); --// EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err)); -- --// // RSA parameters should be NULL, but we accept omitted ones. --// key = PrivateKeyFromPEM(kRSAKey); --// ASSERT_TRUE(key); -- --// cert = CertFromPEM(kRSANoParam); --// ASSERT_TRUE(cert); --// EXPECT_TRUE(X509_verify(cert.get(), key.get())); -- --// cert = CertFromPEM(kRSANullParam); --// ASSERT_TRUE(cert); --// EXPECT_TRUE(X509_verify(cert.get(), key.get())); -- --// cert = CertFromPEM(kRSAInvalidParam); --// ASSERT_TRUE(cert); --// EXPECT_FALSE(X509_verify(cert.get(), key.get())); --// err = ERR_get_error(); --// EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err)); --// EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err)); --// } -- --// TEST(X509Test, GeneralName) { --// const std::vector kNames[] = { --// // [0] { --// // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } --// // [0] { --// // SEQUENCE {} --// // } --// // } --// {0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, --// 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00}, --// // [0] { --// // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } --// // [0] { --// // [APPLICATION 0] {} --// // } --// // } --// {0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, --// 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00}, --// // [0] { --// // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } --// // [0] { --// // UTF8String { "a" } --// // } --// // } --// {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, --// 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61}, --// // [0] { --// // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 } --// // [0] { --// // UTF8String { "a" } --// // } --// // } --// {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, --// 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61}, --// // [0] { --// // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } --// // [0] { --// // UTF8String { "b" } --// // } --// // } --// {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, --// 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62}, --// // [0] { --// // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } --// // [0] { --// // BOOLEAN { TRUE } --// // } --// // } --// {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, --// 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff}, --// // [0] { --// // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } --// // [0] { --// // BOOLEAN { FALSE } --// // } --// // } --// {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, --// 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00}, --// // [1 PRIMITIVE] { "a" } --// {0x81, 0x01, 0x61}, --// // [1 PRIMITIVE] { "b" } --// {0x81, 0x01, 0x62}, --// // [2 PRIMITIVE] { "a" } --// {0x82, 0x01, 0x61}, --// // [2 PRIMITIVE] { "b" } --// {0x82, 0x01, 0x62}, --// // [4] { --// // SEQUENCE { --// // SET { --// // SEQUENCE { --// // # commonName --// // OBJECT_IDENTIFIER { 2.5.4.3 } --// // UTF8String { "a" } --// // } --// // } --// // } --// // } --// {0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, --// 0x03, 0x0c, 0x01, 0x61}, --// // [4] { --// // SEQUENCE { --// // SET { --// // SEQUENCE { --// // # commonName --// // OBJECT_IDENTIFIER { 2.5.4.3 } --// // UTF8String { "b" } --// // } --// // } --// // } --// // } --// {0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, --// 0x03, 0x0c, 0x01, 0x62}, --// // [5] { --// // [1] { --// // UTF8String { "a" } --// // } --// // } --// {0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61}, --// // [5] { --// // [1] { --// // UTF8String { "b" } --// // } --// // } --// {0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62}, --// // [5] { --// // [0] { --// // UTF8String {} --// // } --// // [1] { --// // UTF8String { "a" } --// // } --// // } --// {0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61}, --// // [5] { --// // [0] { --// // UTF8String { "a" } --// // } --// // [1] { --// // UTF8String { "a" } --// // } --// // } --// {0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01, 0x61}, --// // [5] { --// // [0] { --// // UTF8String { "b" } --// // } --// // [1] { --// // UTF8String { "a" } --// // } --// // } --// {0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01, 0x61}, --// // [6 PRIMITIVE] { "a" } --// {0x86, 0x01, 0x61}, --// // [6 PRIMITIVE] { "b" } --// {0x86, 0x01, 0x62}, --// // [7 PRIMITIVE] { `11111111` } --// {0x87, 0x04, 0x11, 0x11, 0x11, 0x11}, --// // [7 PRIMITIVE] { `22222222`} --// {0x87, 0x04, 0x22, 0x22, 0x22, 0x22}, --// // [7 PRIMITIVE] { `11111111111111111111111111111111` } --// {0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, --// 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, --// // [7 PRIMITIVE] { `22222222222222222222222222222222` } --// {0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, --// 0x22, 0x22, 0x22, 0x22, 0x22, 0x22}, --// // [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } --// {0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, --// 0x09, 0x02, 0x01}, --// // [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } --// {0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, --// 0x09, 0x02, 0x02}, --// }; -- --// // Every name should be equal to itself and not equal to any others. --// for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kNames); i++) { --// SCOPED_TRACE(Bytes(kNames[i])); -- --// const uint8_t *ptr = kNames[i].data(); --// bssl::UniquePtr a( --// d2i_GENERAL_NAME(nullptr, &ptr, kNames[i].size())); --// ASSERT_TRUE(a); --// ASSERT_EQ(ptr, kNames[i].data() + kNames[i].size()); -- --// for (size_t j = 0; j < OPENSSL_ARRAY_SIZE(kNames); j++) { --// SCOPED_TRACE(Bytes(kNames[j])); -- --// ptr = kNames[j].data(); --// bssl::UniquePtr b( --// d2i_GENERAL_NAME(nullptr, &ptr, kNames[j].size())); --// ASSERT_TRUE(b); --// ASSERT_EQ(ptr, kNames[j].data() + kNames[j].size()); -- --// if (i == j) { --// EXPECT_EQ(GENERAL_NAME_cmp(a.get(), b.get()), 0); --// } else { --// EXPECT_NE(GENERAL_NAME_cmp(a.get(), b.get()), 0); --// } --// } --// } --// } -+static const char kP256NoParam[] = R"( -+-----BEGIN CERTIFICATE----- -+MIIBIDCBxqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX -+DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0 -+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke -+DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQMA4w -+DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEAqdIiF+bN9Cl44oUeICpy -+aXd7HqhpVUaglYKw9ChmNUACIQCpMdL0fNkFNDbRww9dSl/y7kBdk/tp16HiqeSy -+gGzFYg== -+-----END CERTIFICATE----- -+)"; -+static const char kP256NullParam[] = R"( -+-----BEGIN CERTIFICATE----- -+MIIBJDCByKADAgECAgIE0jAMBggqhkjOPQQDAgUAMA8xDTALBgNVBAMTBFRlc3Qw -+IBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMA8xDTALBgNVBAMTBFRl -+c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2niv2Wfl74vHg2UikzVl2u3 -+qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLBoxAw -+DjAMBgNVHRMEBTADAQH/MAwGCCqGSM49BAMCBQADSQAwRgIhAKILHmyo+F3Cn/VX -+UUeSXOQQKX5aLzsQitwwmNF3ZgH3AiEAsYHcrVj/ftmoQIORARkQ/+PrqntXev8r -+t6uPxHrmpUY= -+-----END CERTIFICATE----- -+)"; -+#ifndef BSSL_COMPAT -+static const char kP256InvalidParam[] = R"( -+-----BEGIN CERTIFICATE----- -+MIIBMTCBz6ADAgECAgIE0jATBggqhkjOPQQDAgQHZ2FyYmFnZTAPMQ0wCwYDVQQD -+EwRUZXN0MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYD -+VQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4N -+lIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1L -+z3IiwaMQMA4wDAYDVR0TBAUwAwEB/zATBggqhkjOPQQDAgQHZ2FyYmFnZQNIADBF -+AiAglpDf/YhN89LeJ2WAs/F0SJIrsuhS4uoInIz6WXUiuQIhAIu5Pwhp5E3Pbo8y -+fLULTZnynuQUULQkRcF7S7T2WpIL -+-----END CERTIFICATE----- -+)"; -+#endif -+static const char kRSANoParam[] = R"( -+-----BEGIN CERTIFICATE----- -+MIIBWzCBx6ADAgECAgIE0jALBgkqhkiG9w0BAQswDzENMAsGA1UEAxMEVGVzdDAg -+Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz -+dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep -+Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO -+MAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4GBAC1f8W3W0Ao7CPfIBQYDSbPh -+brZpbxdBU5x27JOS7iSa+Lc9pEH5VCX9vIypHVHXLPEfZ38yIt11eiyrmZB6w62N -+l9kIeZ6FVPmC30d3sXx70Jjs+ZX9yt7kD1gLyNAQQfeYfa4rORAZT1n2YitD74NY -+TWUH2ieFP3l+ecj1SeQR -+-----END CERTIFICATE----- -+)"; -+static const char kRSANullParam[] = R"( -+-----BEGIN CERTIFICATE----- -+MIIBXzCByaADAgECAgIE0jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRUZXN0 -+MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRU -+ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdr -+t6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQ -+MA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAzVcfIv+Rq1KrMXqIL -+fPq/cWZjgqFZA1RGaGElNaqp+rkJfamq5tDGzckWpebrK+jjRN7yIlcWDtPpy3Gy -+seZfvtBDR0TwJm0S/pQl8prKB4wgALcwe3bmi56Rq85nzY5ZLNcP16LQxL+jAAua -+SwmQUz4bRpckRBj+sIyp1We+pg== -+-----END CERTIFICATE----- -+)"; -+#ifndef BSSL_COMPAT -+static const char kRSAInvalidParam[] = R"( -+-----BEGIN CERTIFICATE----- -+MIIBbTCB0KADAgECAgIE0jAUBgkqhkiG9w0BAQsEB2dhcmJhZ2UwDzENMAsGA1UE -+AxMEVGVzdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsG -+A1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8e -+DZSKTNWXa7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQt -+S89yIsGjEDAOMAwGA1UdEwQFMAMBAf8wFAYJKoZIhvcNAQELBAdnYXJiYWdlA4GB -+AHTJ6cWWjCNrZhqiWWVI3jdK+h5xpRG8jGMXxR4JnjtoYRRusJLOXhmapwCB6fA0 -+4vc+66O27v36yDmQX+tIc/hDrTpKNJptU8q3n2VagREvoHhkOTYkcCeS8vmnMtn8 -+5OMNZ/ajVwOssw61GcAlScRqEHkZFBoGp7e+QpgB2tf9 -+-----END CERTIFICATE----- -+)"; -+#endif -+ -+TEST(X509Test, AlgorithmParameters) { -+ // P-256 parameters should be omitted, but we accept NULL ones. -+ bssl::UniquePtr key = PrivateKeyFromPEM(kP256Key); -+ ASSERT_TRUE(key); -+ -+ bssl::UniquePtr cert = CertFromPEM(kP256NoParam); -+ ASSERT_TRUE(cert); -+ EXPECT_TRUE(X509_verify(cert.get(), key.get())); -+ -+ cert = CertFromPEM(kP256NullParam); -+ ASSERT_TRUE(cert); -+ EXPECT_TRUE(X509_verify(cert.get(), key.get())); -+ + bssl::UniquePtr root = + MakeTestCert("Root", "Root", key.get(), /*is_ca=*/true); +@@ -3453,6 +3461,7 @@ + t6uPxHrmpUY= + -----END CERTIFICATE----- + )"; +#ifndef BSSL_COMPAT -+ cert = CertFromPEM(kP256InvalidParam); -+ ASSERT_TRUE(cert); -+ EXPECT_FALSE(X509_verify(cert.get(), key.get())); -+ uint32_t err = ERR_get_error(); -+ EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err)); -+ EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err)); + static const char kP256InvalidParam[] = R"( + -----BEGIN CERTIFICATE----- + MIIBMTCBz6ADAgECAgIE0jATBggqhkjOPQQDAgQHZ2FyYmFnZTAPMQ0wCwYDVQQD +@@ -3464,6 +3473,7 @@ + fLULTZnynuQUULQkRcF7S7T2WpIL + -----END CERTIFICATE----- + )"; +#endif -+ -+ // RSA parameters should be NULL, but we accept omitted ones. -+ key = PrivateKeyFromPEM(kRSAKey); -+ ASSERT_TRUE(key); -+ -+ cert = CertFromPEM(kRSANoParam); -+ ASSERT_TRUE(cert); -+ EXPECT_TRUE(X509_verify(cert.get(), key.get())); -+ -+ cert = CertFromPEM(kRSANullParam); -+ ASSERT_TRUE(cert); -+ EXPECT_TRUE(X509_verify(cert.get(), key.get())); -+ + static const char kRSANoParam[] = R"( + -----BEGIN CERTIFICATE----- + MIIBWzCBx6ADAgECAgIE0jALBgkqhkiG9w0BAQswDzENMAsGA1UEAxMEVGVzdDAg +@@ -3488,6 +3498,7 @@ + SwmQUz4bRpckRBj+sIyp1We+pg== + -----END CERTIFICATE----- + )"; +#ifndef BSSL_COMPAT -+ cert = CertFromPEM(kRSAInvalidParam); -+ ASSERT_TRUE(cert); -+ EXPECT_FALSE(X509_verify(cert.get(), key.get())); -+ err = ERR_get_error(); -+ EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err)); -+ EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err)); + static const char kRSAInvalidParam[] = R"( + -----BEGIN CERTIFICATE----- + MIIBbTCB0KADAgECAgIE0jAUBgkqhkiG9w0BAQsEB2dhcmJhZ2UwDzENMAsGA1UE +@@ -3500,6 +3511,7 @@ + 5OMNZ/ajVwOssw61GcAlScRqEHkZFBoGp7e+QpgB2tf9 + -----END CERTIFICATE----- + )"; +#endif -+} -+ -+TEST(X509Test, GeneralName) { -+ const std::vector kNames[] = { -+ // [0] { -+ // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } -+ // [0] { -+ // SEQUENCE {} -+ // } -+ // } -+ {0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00}, -+ // [0] { -+ // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } -+ // [0] { -+ // [APPLICATION 0] {} -+ // } -+ // } -+ {0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00}, -+ // [0] { -+ // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } -+ // [0] { -+ // UTF8String { "a" } -+ // } -+ // } -+ {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61}, -+ // [0] { -+ // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 } -+ // [0] { -+ // UTF8String { "a" } -+ // } -+ // } -+ {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61}, -+ // [0] { -+ // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } -+ // [0] { -+ // UTF8String { "b" } -+ // } -+ // } -+ {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62}, -+ // [0] { -+ // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } -+ // [0] { -+ // BOOLEAN { TRUE } -+ // } -+ // } -+ {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff}, -+ // [0] { -+ // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } -+ // [0] { -+ // BOOLEAN { FALSE } -+ // } -+ // } -+ {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, -+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00}, -+ // [1 PRIMITIVE] { "a" } -+ {0x81, 0x01, 0x61}, -+ // [1 PRIMITIVE] { "b" } -+ {0x81, 0x01, 0x62}, -+ // [2 PRIMITIVE] { "a" } -+ {0x82, 0x01, 0x61}, -+ // [2 PRIMITIVE] { "b" } -+ {0x82, 0x01, 0x62}, -+ // [4] { -+ // SEQUENCE { -+ // SET { -+ // SEQUENCE { -+ // # commonName -+ // OBJECT_IDENTIFIER { 2.5.4.3 } -+ // UTF8String { "a" } -+ // } -+ // } -+ // } -+ // } -+ {0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, -+ 0x03, 0x0c, 0x01, 0x61}, -+ // [4] { -+ // SEQUENCE { -+ // SET { -+ // SEQUENCE { -+ // # commonName -+ // OBJECT_IDENTIFIER { 2.5.4.3 } -+ // UTF8String { "b" } -+ // } -+ // } -+ // } -+ // } -+ {0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, -+ 0x03, 0x0c, 0x01, 0x62}, -+ // [5] { -+ // [1] { -+ // UTF8String { "a" } -+ // } -+ // } -+ {0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61}, -+ // [5] { -+ // [1] { -+ // UTF8String { "b" } -+ // } -+ // } -+ {0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62}, -+ // [5] { -+ // [0] { -+ // UTF8String {} -+ // } -+ // [1] { -+ // UTF8String { "a" } -+ // } -+ // } -+ {0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61}, -+ // [5] { -+ // [0] { -+ // UTF8String { "a" } -+ // } -+ // [1] { -+ // UTF8String { "a" } -+ // } -+ // } -+ {0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01, 0x61}, -+ // [5] { -+ // [0] { -+ // UTF8String { "b" } -+ // } -+ // [1] { -+ // UTF8String { "a" } -+ // } -+ // } -+ {0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01, 0x61}, -+ // [6 PRIMITIVE] { "a" } -+ {0x86, 0x01, 0x61}, -+ // [6 PRIMITIVE] { "b" } -+ {0x86, 0x01, 0x62}, -+ // [7 PRIMITIVE] { `11111111` } -+ {0x87, 0x04, 0x11, 0x11, 0x11, 0x11}, -+ // [7 PRIMITIVE] { `22222222`} -+ {0x87, 0x04, 0x22, 0x22, 0x22, 0x22}, -+ // [7 PRIMITIVE] { `11111111111111111111111111111111` } -+ {0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, -+ 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, -+ // [7 PRIMITIVE] { `22222222222222222222222222222222` } -+ {0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, -+ 0x22, 0x22, 0x22, 0x22, 0x22, 0x22}, -+ // [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } -+ {0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, -+ 0x09, 0x02, 0x01}, -+ // [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } -+ {0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, -+ 0x09, 0x02, 0x02}, -+ }; -+ -+ // Every name should be equal to itself and not equal to any others. -+ for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kNames); i++) { -+ SCOPED_TRACE(Bytes(kNames[i])); -+ -+ const uint8_t *ptr = kNames[i].data(); -+ bssl::UniquePtr a( -+ d2i_GENERAL_NAME(nullptr, &ptr, kNames[i].size())); -+ ASSERT_TRUE(a); -+ ASSERT_EQ(ptr, kNames[i].data() + kNames[i].size()); -+ -+ for (size_t j = 0; j < OPENSSL_ARRAY_SIZE(kNames); j++) { -+ SCOPED_TRACE(Bytes(kNames[j])); -+ -+ ptr = kNames[j].data(); -+ bssl::UniquePtr b( -+ d2i_GENERAL_NAME(nullptr, &ptr, kNames[j].size())); -+ ASSERT_TRUE(b); -+ ASSERT_EQ(ptr, kNames[j].data() + kNames[j].size()); -+ -+ if (i == j) { -+ EXPECT_EQ(GENERAL_NAME_cmp(a.get(), b.get()), 0); -+ } else { -+ EXPECT_NE(GENERAL_NAME_cmp(a.get(), b.get()), 0); -+ } -+ } -+ } -+} - - // Test that extracting fields of an |X509_ALGOR| works correctly. - // TEST(X509Test, X509AlgorExtract) { -@@ -3487,171 +3506,174 @@ - // Test that, by default, |X509_V_FLAG_TRUSTED_FIRST| is set, which means we'll - // skip over server-sent expired intermediates when there is a local trust - // anchor that works better. --// TEST(X509Test, TrustedFirst) { --// // Generate the following certificates: --// // --// // Root 2 (in store, expired) --// // | --// // Root 1 (in store) Root 1 (cross-sign) --// // \ / --// // Intermediate --// // | --// // Leaf --// bssl::UniquePtr key = PrivateKeyFromPEM(kP256Key); --// ASSERT_TRUE(key); -- --// bssl::UniquePtr root2 = --// MakeTestCert("Root 2", "Root 2", key.get(), /*is_ca=*/true); --// ASSERT_TRUE(root2); --// ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notAfter(root2.get()), kReferenceTime, --// /*offset_day=*/0, --// /*offset_sec=*/-1)); --// ASSERT_TRUE(X509_sign(root2.get(), key.get(), EVP_sha256())); -- --// bssl::UniquePtr root1 = --// MakeTestCert("Root 1", "Root 1", key.get(), /*is_ca=*/true); --// ASSERT_TRUE(root1); --// ASSERT_TRUE(X509_sign(root1.get(), key.get(), EVP_sha256())); -- --// bssl::UniquePtr root1_cross = --// MakeTestCert("Root 2", "Root 1", key.get(), /*is_ca=*/true); --// ASSERT_TRUE(root1_cross); --// ASSERT_TRUE(X509_sign(root1_cross.get(), key.get(), EVP_sha256())); -- --// bssl::UniquePtr intermediate = --// MakeTestCert("Root 1", "Intermediate", key.get(), /*is_ca=*/true); --// ASSERT_TRUE(intermediate); --// ASSERT_TRUE(X509_sign(intermediate.get(), key.get(), EVP_sha256())); -- --// bssl::UniquePtr leaf = --// MakeTestCert("Intermediate", "Leaf", key.get(), /*is_ca=*/false); --// ASSERT_TRUE(leaf); --// ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256())); -- --// // As a control, confirm that |leaf| -> |intermediate| -> |root1| is valid, --// // but the path through |root1_cross| is expired. --// EXPECT_EQ(X509_V_OK, --// Verify(leaf.get(), {root1.get()}, {intermediate.get()}, {})); --// EXPECT_EQ(X509_V_ERR_CERT_HAS_EXPIRED, --// Verify(leaf.get(), {root2.get()}, --// {intermediate.get(), root1_cross.get()}, {})); -- --// // By default, we should find the |leaf| -> |intermediate| -> |root2| chain, --// // skipping |root1_cross|. --// EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root1.get(), root2.get()}, --// {intermediate.get(), root1_cross.get()}, {})); -- --// // When |X509_V_FLAG_TRUSTED_FIRST| is disabled, we get stuck on the expired --// // intermediate. Note we need the callback to clear the flag. Setting |flags| --// // to zero only skips setting new flags. --// // --// // This test exists to confirm our current behavior, but these modes are just --// // workarounds for not having an actual path-building verifier. If we fix it, --// // this test can be removed. --// EXPECT_EQ(X509_V_ERR_CERT_HAS_EXPIRED, --// Verify(leaf.get(), {root1.get(), root2.get()}, --// {intermediate.get(), root1_cross.get()}, {}, /*flags=*/0, --// [&](X509_VERIFY_PARAM *param) { --// X509_VERIFY_PARAM_clear_flags(param, --// X509_V_FLAG_TRUSTED_FIRST); --// })); -- --// // Even when |X509_V_FLAG_TRUSTED_FIRST| is disabled, if |root2| is not --// // trusted, the alt chains logic recovers the path. --// EXPECT_EQ( --// X509_V_OK, --// Verify(leaf.get(), {root1.get()}, {intermediate.get(), root1_cross.get()}, --// {}, /*flags=*/0, [&](X509_VERIFY_PARAM *param) { --// X509_VERIFY_PARAM_clear_flags(param, X509_V_FLAG_TRUSTED_FIRST); --// })); --// } -+TEST(X509Test, TrustedFirst) { -+ // Generate the following certificates: -+ // -+ // Root 2 (in store, expired) -+ // | -+ // Root 1 (in store) Root 1 (cross-sign) -+ // \ / -+ // Intermediate -+ // | -+ // Leaf -+ bssl::UniquePtr key = PrivateKeyFromPEM(kP256Key); -+ ASSERT_TRUE(key); -+ -+ bssl::UniquePtr root2 = -+ MakeTestCert("Root 2", "Root 2", key.get(), /*is_ca=*/true); -+ ASSERT_TRUE(root2); -+ ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notAfter(root2.get()), kReferenceTime, -+ /*offset_day=*/0, -+ /*offset_sec=*/-1)); -+ ASSERT_TRUE(X509_sign(root2.get(), key.get(), EVP_sha256())); -+ -+ bssl::UniquePtr root1 = -+ MakeTestCert("Root 1", "Root 1", key.get(), /*is_ca=*/true); -+ ASSERT_TRUE(root1); -+ ASSERT_TRUE(X509_sign(root1.get(), key.get(), EVP_sha256())); -+ -+ bssl::UniquePtr root1_cross = -+ MakeTestCert("Root 2", "Root 1", key.get(), /*is_ca=*/true); -+ ASSERT_TRUE(root1_cross); -+ ASSERT_TRUE(X509_sign(root1_cross.get(), key.get(), EVP_sha256())); -+ -+ bssl::UniquePtr intermediate = -+ MakeTestCert("Root 1", "Intermediate", key.get(), /*is_ca=*/true); -+ ASSERT_TRUE(intermediate); -+ ASSERT_TRUE(X509_sign(intermediate.get(), key.get(), EVP_sha256())); -+ -+ bssl::UniquePtr leaf = -+ MakeTestCert("Intermediate", "Leaf", key.get(), /*is_ca=*/false); -+ ASSERT_TRUE(leaf); -+ ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256())); -+ -+ // As a control, confirm that |leaf| -> |intermediate| -> |root1| is valid, -+ // but the path through |root1_cross| is expired. -+ EXPECT_EQ(X509_V_OK, -+ Verify(leaf.get(), {root1.get()}, {intermediate.get()}, {})); -+ EXPECT_EQ(X509_V_ERR_CERT_HAS_EXPIRED, -+ Verify(leaf.get(), {root2.get()}, -+ {intermediate.get(), root1_cross.get()}, {})); -+ -+ // By default, we should find the |leaf| -> |intermediate| -> |root2| chain, -+ // skipping |root1_cross|. -+ EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root1.get(), root2.get()}, -+ {intermediate.get(), root1_cross.get()}, {})); -+ -+ // When |X509_V_FLAG_TRUSTED_FIRST| is disabled, we get stuck on the expired -+ // intermediate. Note we need the callback to clear the flag. Setting |flags| -+ // to zero only skips setting new flags. -+ // -+ // This test exists to confirm our current behavior, but these modes are just -+ // workarounds for not having an actual path-building verifier. If we fix it, -+ // this test can be removed. -+ EXPECT_EQ(X509_V_ERR_CERT_HAS_EXPIRED, -+ Verify(leaf.get(), {root1.get(), root2.get()}, -+ {intermediate.get(), root1_cross.get()}, {}, /*flags=*/0, -+ [&](X509_VERIFY_PARAM *param) { -+ X509_VERIFY_PARAM_clear_flags(param, -+ X509_V_FLAG_TRUSTED_FIRST); -+ })); -+ -+ // Even when |X509_V_FLAG_TRUSTED_FIRST| is disabled, if |root2| is not -+ // trusted, the alt chains logic recovers the path. -+ EXPECT_EQ( -+ X509_V_OK, -+ Verify(leaf.get(), {root1.get()}, {intermediate.get(), root1_cross.get()}, -+ {}, /*flags=*/0, [&](X509_VERIFY_PARAM *param) { -+ X509_VERIFY_PARAM_clear_flags(param, X509_V_FLAG_TRUSTED_FIRST); -+ })); -+} - - // kConstructedBitString is an X.509 certificate where the signature is encoded - // as a BER constructed BIT STRING. Note that, while OpenSSL's parser accepts - // this input, it interprets the value incorrectly. --// static const char kConstructedBitString[] = R"( --// -----BEGIN CERTIFICATE----- --// MIIBJTCBxqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX --// DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0 --// MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke --// DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQMA4w --// DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAiNOAyQAMEYCIQCp0iIX5s30KXjihR4g --// KnJpd3seqGlVRqCVgrD0KGYDJgA1QAIhAKkx0vR82QU0NtHDD11KX/LuQF2T+2nX --// oeKp5LKAbMVi --// -----END CERTIFICATE----- --// )"; -+static const char kConstructedBitString[] = R"( -+-----BEGIN CERTIFICATE----- -+MIIBJTCBxqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX -+DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0 -+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke -+DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQMA4w -+DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAiNOAyQAMEYCIQCp0iIX5s30KXjihR4g -+KnJpd3seqGlVRqCVgrD0KGYDJgA1QAIhAKkx0vR82QU0NtHDD11KX/LuQF2T+2nX -+oeKp5LKAbMVi -+-----END CERTIFICATE----- -+)"; - // kConstructedOctetString is an X.509 certificate where an extension is encoded - // as a BER constructed OCTET STRING. --// static const char kConstructedOctetString[] = R"( --// -----BEGIN CERTIFICATE----- --// MIIBJDCByqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX --// DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0 --// MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke --// DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMUMBIw --// EAYDVR0TJAkEAzADAQQCAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKF --// HiAqcml3ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh --// 4qnksoBsxWI= --// -----END CERTIFICATE----- --// )"; -+static const char kConstructedOctetString[] = R"( -+-----BEGIN CERTIFICATE----- -+MIIBJDCByqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX -+DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0 -+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke -+DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMUMBIw -+EAYDVR0TJAkEAzADAQQCAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKF -+HiAqcml3ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh -+4qnksoBsxWI= -+-----END CERTIFICATE----- -+)"; + TEST(X509Test, AlgorithmParameters) { + // P-256 parameters should be omitted, but we accept NULL ones. +@@ -3514,12 +3526,14 @@ + ASSERT_TRUE(cert); + EXPECT_TRUE(X509_verify(cert.get(), key.get())); - // kIndefiniteLength is an X.509 certificate where the outermost SEQUENCE uses - // BER indefinite-length encoding. --// static const char kIndefiniteLength[] = R"( --// -----BEGIN CERTIFICATE----- --// MIAwgcagAwIBAgICBNIwCgYIKoZIzj0EAwIwDzENMAsGA1UEAxMEVGVzdDAgFw0w --// MDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVzdDBZ --// MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7epHg1G --// +92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAOMAwG --// A1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKFHiAqcml3 --// ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh4qnksoBs --// xWIAAA== --// -----END CERTIFICATE----- --// )"; -+static const char kIndefiniteLength[] = R"( -+-----BEGIN CERTIFICATE----- -+MIAwgcagAwIBAgICBNIwCgYIKoZIzj0EAwIwDzENMAsGA1UEAxMEVGVzdDAgFw0w -+MDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVzdDBZ -+MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7epHg1G -++92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAOMAwG -+A1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKFHiAqcml3 -+ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh4qnksoBs -+xWIAAA== -+-----END CERTIFICATE----- -+)"; ++#ifndef BSSL_COMPAT + cert = CertFromPEM(kP256InvalidParam); + ASSERT_TRUE(cert); + EXPECT_FALSE(X509_verify(cert.get(), key.get())); + uint32_t err = ERR_get_error(); + EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err)); + EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err)); ++#endif - // kNonZeroPadding is an X.09 certificate where the BIT STRING signature field - // has non-zero padding values. --// static const char kNonZeroPadding[] = R"( --// -----BEGIN CERTIFICATE----- --// MIIB0DCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC --// QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp --// dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ --// BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l --// dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni --// v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa --// HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw --// HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ --// BgcqhkjOPQQBA0kBMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E --// BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQB --// -----END CERTIFICATE----- --// )"; -+static const char kNonZeroPadding[] = R"( -+-----BEGIN CERTIFICATE----- -+MIIB0DCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC -+QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp -+dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ -+BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l -+dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni -+v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa -+HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw -+HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ -+BgcqhkjOPQQBA0kBMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E -+BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQB -+-----END CERTIFICATE----- -+)"; + // RSA parameters should be NULL, but we accept omitted ones. + key = PrivateKeyFromPEM(kRSAKey); +@@ -3533,12 +3547,14 @@ + ASSERT_TRUE(cert); + EXPECT_TRUE(X509_verify(cert.get(), key.get())); - // kHighTagNumber is an X.509 certificate where the outermost SEQUENCE tag uses - // high tag number form. --// static const char kHighTagNumber[] = R"( --// -----BEGIN CERTIFICATE----- --// PxCCASAwgcagAwIBAgICBNIwCgYIKoZIzj0EAwIwDzENMAsGA1UEAxMEVGVzdDAg --// Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz --// dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep --// Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO --// MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKFHiAq --// cml3ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh4qnk --// soBsxWI= --// -----END CERTIFICATE----- --// )"; -- --// TEST(X509Test, BER) { --// // Constructed strings are forbidden in DER. --// EXPECT_FALSE(CertFromPEM(kConstructedBitString)); --// EXPECT_FALSE(CertFromPEM(kConstructedOctetString)); --// // Indefinite lengths are forbidden in DER. --// EXPECT_FALSE(CertFromPEM(kIndefiniteLength)); --// // Padding bits in BIT STRINGs must be zero in BER. --// EXPECT_FALSE(CertFromPEM(kNonZeroPadding)); --// // Tags must be minimal in both BER and DER, though many BER decoders --// // incorrectly support non-minimal tags. --// EXPECT_FALSE(CertFromPEM(kHighTagNumber)); --// } -+static const char kHighTagNumber[] = R"( -+-----BEGIN CERTIFICATE----- -+PxCCASAwgcagAwIBAgICBNIwCgYIKoZIzj0EAwIwDzENMAsGA1UEAxMEVGVzdDAg -+Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz -+dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep -+Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO -+MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKFHiAq -+cml3ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh4qnk -+soBsxWI= -+-----END CERTIFICATE----- -+)"; -+ -+TEST(X509Test, BER) { -+#ifdef BSSL_COMPAT -+ GTEST_SKIP() << "TODO: Investigate failures on BSSL_COMPAT"; ++#ifndef BSSL_COMPAT + cert = CertFromPEM(kRSAInvalidParam); + ASSERT_TRUE(cert); + EXPECT_FALSE(X509_verify(cert.get(), key.get())); + err = ERR_get_error(); + EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err)); + EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err)); +#endif -+ // Constructed strings are forbidden in DER. -+ EXPECT_FALSE(CertFromPEM(kConstructedBitString)); -+ EXPECT_FALSE(CertFromPEM(kConstructedOctetString)); -+ // Indefinite lengths are forbidden in DER. -+ EXPECT_FALSE(CertFromPEM(kIndefiniteLength)); -+ // Padding bits in BIT STRINGs must be zero in BER. -+ EXPECT_FALSE(CertFromPEM(kNonZeroPadding)); -+ // Tags must be minimal in both BER and DER, though many BER decoders -+ // incorrectly support non-minimal tags. -+ EXPECT_FALSE(CertFromPEM(kHighTagNumber)); -+} + } - // TEST(X509Test, Names) { - // bssl::UniquePtr key = PrivateKeyFromPEM(kP256Key); + // TEST(X509Test, GeneralName) { diff --git a/bssl-compat/patch/source/crypto/x509/x509_test.cc.sh b/bssl-compat/patch/source/crypto/x509/x509_test.cc.sh new file mode 100755 index 0000000000..5bbbc0de98 --- /dev/null +++ b/bssl-compat/patch/source/crypto/x509/x509_test.cc.sh @@ -0,0 +1,37 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment \ + --uncomment-regex '#include' \ + --comment-regex '#include\s*"internal\.h"' \ + --uncomment-regex 'std::string GetTestData(.*);' \ + --uncomment-func-impl CertFromPEM \ + --uncomment-func-impl CRLFromPEM \ + --uncomment-func-impl PrivateKeyFromPEM \ + --uncomment-static-func-impl CertsToStack \ + --uncomment-static-func-impl CRLsToStack \ + --uncomment-regex 'static const .* kReferenceTime =' \ + --uncomment-static-func-impl Verify \ + --uncomment-gtest-func X509Test TestVerify \ + --uncomment-gtest-func X509Test VerifyThreads \ + --uncomment-gtest-func X509Test ManyNamesAndConstraints \ + --uncomment-static-func-impl MakeGeneralName \ + --uncomment-static-func-impl MakeTestCert \ + --uncomment-gtest-func X509Test NameConstraints \ + --uncomment-gtest-func X509Test TestPSSBadParameters \ + --uncomment-gtest-func X509Test TestEd25519 \ + --uncomment-gtest-func X509Test X509NameSet \ + --uncomment-gtest-func X509Test NoBasicConstraintsCertSign \ + --uncomment-gtest-func X509Test NoBasicConstraintsNetscapeCA \ + --uncomment-gtest-func X509Test PEMX509Info \ + --uncomment-gtest-func-skip X509Test InvalidExtensions \ + --uncomment-gtest-func X509Test NullStore \ + --uncomment-gtest-func X509Test BasicConstraints \ + --uncomment-gtest-func X509Test AlgorithmParameters \ + --uncomment-gtest-func X509Test TrustedFirst \ + --uncomment-gtest-func-skip X509Test BER \ + +for VAR in kCrossSigningRootPEM kRootCAPEM kRootCrossSignedPEM kIntermediatePEM kIntermediateSelfSignedPEM kLeafPEM kLeafNoKeyUsagePEM kForgeryPEM kBadPSSCertPEM kRSAKey kP256Key kBasicCRL kEd25519Cert kSANTypesRoot kNoBasicConstraintsCertSignIntermediate kNoBasicConstraintsCertSignLeaf kNoBasicConstraintsNetscapeCAIntermediate kNoBasicConstraintsNetscapeCALeaf kP256NoParam kP256NullParam kP256InvalidParam kRSANoParam kRSANullParam kRSAInvalidParam kConstructedBitString kConstructedOctetString kIndefiniteLength kNonZeroPadding kHighTagNumber; do + uncomment.sh "$1" --uncomment-regex-range 'static\s*const\s*.*\<'$VAR'\[\]\s*=' '[^;]*;\s*$' +done diff --git a/bssl-compat/patch/source/crypto/x509v3/internal.h.patch b/bssl-compat/patch/source/crypto/x509v3/internal.h.patch deleted file mode 100644 index c76489903e..0000000000 --- a/bssl-compat/patch/source/crypto/x509v3/internal.h.patch +++ /dev/null @@ -1,48 +0,0 @@ ---- a/source/crypto/x509v3/internal.h -+++ b/source/crypto/x509v3/internal.h -@@ -56,23 +56,23 @@ - * - */ - --// #ifndef OPENSSL_HEADER_X509V3_INTERNAL_H --// #define OPENSSL_HEADER_X509V3_INTERNAL_H -+#ifndef OPENSSL_HEADER_X509V3_INTERNAL_H -+#define OPENSSL_HEADER_X509V3_INTERNAL_H - --// #include -+#include - --// #include --// #include --// #include -+#include -+#include -+#include - - // TODO(davidben): Merge x509 and x509v3. This include is needed because some - // internal typedefs are shared between the two, but the two modules depend on - // each other circularly. - // #include "../x509/internal.h" - --// #if defined(__cplusplus) --// extern "C" { --// #endif -+#if defined(__cplusplus) -+extern "C" { -+#endif - - - // x509v3_bytes_to_hex encodes |len| bytes from |in| to hex and returns a -@@ -285,8 +285,8 @@ - // const X509_POLICY_CACHE *policy_cache_set(X509 *x); - - --// #if defined(__cplusplus) --// } // extern C --// #endif -+#if defined(__cplusplus) -+} // extern C -+#endif - --// #endif // OPENSSL_HEADER_X509V3_INTERNAL_H -+#endif // OPENSSL_HEADER_X509V3_INTERNAL_H diff --git a/bssl-compat/patch/source/crypto/x509v3/internal.h.sh b/bssl-compat/patch/source/crypto/x509v3/internal.h.sh new file mode 100755 index 0000000000..848310fe00 --- /dev/null +++ b/bssl-compat/patch/source/crypto/x509v3/internal.h.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --comment-regex '#include\s*"\.\./x509/internal\.h"' \ No newline at end of file diff --git a/bssl-compat/patch/source/ssl/ssl_c_test.c.patch b/bssl-compat/patch/source/ssl/ssl_c_test.c.patch deleted file mode 100644 index 0b4c2e0a15..0000000000 --- a/bssl-compat/patch/source/ssl/ssl_c_test.c.patch +++ /dev/null @@ -1,30 +0,0 @@ ---- a/source/ssl/ssl_c_test.c -+++ b/source/ssl/ssl_c_test.c -@@ -1,15 +1,15 @@ --// #include -+#include - --// int BORINGSSL_enum_c_type_test(void); -+int BORINGSSL_enum_c_type_test(void); - --// int BORINGSSL_enum_c_type_test(void) { --// #if defined(__cplusplus) --// #error "This is testing the behaviour of the C compiler." --// #error "It's pointless to build it in C++ mode." --// #endif -+int BORINGSSL_enum_c_type_test(void) { -+#if defined(__cplusplus) -+#error "This is testing the behaviour of the C compiler." -+#error "It's pointless to build it in C++ mode." -+#endif - --// // In C++, the enums in ssl.h are explicitly typed as ints to allow them to --// // be predeclared. This function confirms that the C compiler believes them --// // to be the same size as ints. They may differ in signedness, however. --// return sizeof(enum ssl_private_key_result_t) == sizeof(int); --// } -+ // In C++, the enums in ssl.h are explicitly typed as ints to allow them to -+ // be predeclared. This function confirms that the C compiler believes them -+ // to be the same size as ints. They may differ in signedness, however. -+ return sizeof(enum ssl_private_key_result_t) == sizeof(int); -+} diff --git a/bssl-compat/patch/source/ssl/ssl_c_test.c.sh b/bssl-compat/patch/source/ssl/ssl_c_test.c.sh new file mode 100755 index 0000000000..000e648fe3 --- /dev/null +++ b/bssl-compat/patch/source/ssl/ssl_c_test.c.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +# Do nothing here so the file just gets copied +# without commenting or uncommenting anything diff --git a/bssl-compat/patch/source/ssl/ssl_test.cc.patch b/bssl-compat/patch/source/ssl/ssl_test.cc.patch index 9c744872ca..46e3acd67a 100644 --- a/bssl-compat/patch/source/ssl/ssl_test.cc.patch +++ b/bssl-compat/patch/source/ssl/ssl_test.cc.patch @@ -1,2221 +1,133 @@ --- a/source/ssl/ssl_test.cc +++ b/source/ssl/ssl_test.cc -@@ -12,82 +12,91 @@ - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - --// #include --// #include --// #include -- --// #include --// #include --// #include --// #include --// #include -- --// #include -- --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include --// #include -+#include -+#include -+#include -+ -+#include -+#include -+#include -+#include -+#include -+ -+#include -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include - - // #include "internal.h" - // #include "../crypto/internal.h" --// #include "../crypto/test/test_util.h" -- --// #if defined(OPENSSL_WINDOWS) --// Windows defines struct timeval in winsock2.h. --// OPENSSL_MSVC_PRAGMA(warning(push, 3)) --// #include --// OPENSSL_MSVC_PRAGMA(warning(pop)) --// #else --// #include --// #endif -- --// #if defined(OPENSSL_THREADS) --// #include --// #endif -+#include "../crypto/test/test_util.h" - -+#ifdef BSSL_COMPAT -+#include -+#include -+#endif - --// BSSL_NAMESPACE_BEGIN -- --// namespace { -- --// #define TRACED_CALL(code) \ --// do { \ --// SCOPED_TRACE("<- called from here"); \ --// code; \ --// if (::testing::Test::HasFatalFailure()) { \ --// return; \ --// } \ --// } while (false) -- --// struct VersionParam { --// uint16_t version; --// enum { is_tls, is_dtls } ssl_method; --// const char name[8]; --// }; -+#if defined(OPENSSL_WINDOWS) -+// Windows defines struct timeval in winsock2.h. -+OPENSSL_MSVC_PRAGMA(warning(push, 3)) -+#include -+OPENSSL_MSVC_PRAGMA(warning(pop)) -+#else -+#include -+#endif -+ -+#if defined(OPENSSL_THREADS) -+#include -+#endif -+ -+ -+BSSL_NAMESPACE_BEGIN -+ -+namespace { -+ -+#define TRACED_CALL(code) \ -+ do { \ -+ SCOPED_TRACE("<- called from here"); \ -+ code; \ -+ if (::testing::Test::HasFatalFailure()) { \ -+ return; \ -+ } \ -+ } while (false) -+ -+struct VersionParam { -+ uint16_t version; -+ enum { is_tls, is_dtls } ssl_method; -+ const char name[8]; -+}; - +@@ -81,11 +81,15 @@ // static const size_t kTicketKeyLen = 48; --// static const VersionParam kAllVersions[] = { --// {TLS1_VERSION, VersionParam::is_tls, "TLS1"}, --// {TLS1_1_VERSION, VersionParam::is_tls, "TLS1_1"}, --// {TLS1_2_VERSION, VersionParam::is_tls, "TLS1_2"}, --// {TLS1_3_VERSION, VersionParam::is_tls, "TLS1_3"}, --// {DTLS1_VERSION, VersionParam::is_dtls, "DTLS1"}, --// {DTLS1_2_VERSION, VersionParam::is_dtls, "DTLS1_2"}, --// }; -+static const VersionParam kAllVersions[] = { + static const VersionParam kAllVersions[] = { +#ifndef BSSL_COMPAT // OpenSSL 3.0.x no longer supports TLS 1.0 or TLS1.1 -+ {TLS1_VERSION, VersionParam::is_tls, "TLS1"}, -+ {TLS1_1_VERSION, VersionParam::is_tls, "TLS1_1"}, + {TLS1_VERSION, VersionParam::is_tls, "TLS1"}, + {TLS1_1_VERSION, VersionParam::is_tls, "TLS1_1"}, +#endif -+ {TLS1_2_VERSION, VersionParam::is_tls, "TLS1_2"}, -+ {TLS1_3_VERSION, VersionParam::is_tls, "TLS1_3"}, + {TLS1_2_VERSION, VersionParam::is_tls, "TLS1_2"}, + {TLS1_3_VERSION, VersionParam::is_tls, "TLS1_3"}, +#ifndef BSSL_COMPAT // OpenSSL 3.0.x no longer supports DTLS 1.0 -+ {DTLS1_VERSION, VersionParam::is_dtls, "DTLS1"}, + {DTLS1_VERSION, VersionParam::is_dtls, "DTLS1"}, +#endif -+ {DTLS1_2_VERSION, VersionParam::is_dtls, "DTLS1_2"}, -+}; - - // struct ExpectedCipher { - // unsigned long id; -@@ -110,25 +119,25 @@ - // std::vector expected; - // }; - --// template --// class UnownedSSLExData { --// public: --// UnownedSSLExData() { --// index_ = SSL_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr); --// } -- --// T *Get(const SSL *ssl) { --// return index_ < 0 ? nullptr --// : static_cast(SSL_get_ex_data(ssl, index_)); --// } -- --// bool Set(SSL *ssl, T *t) { --// return index_ >= 0 && SSL_set_ex_data(ssl, index_, t); --// } -- --// private: --// int index_; --// }; -+template -+class UnownedSSLExData { -+ public: -+ UnownedSSLExData() { -+ index_ = SSL_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr); -+ } -+ -+ T *Get(const SSL *ssl) { -+ return index_ < 0 ? nullptr -+ : static_cast(SSL_get_ex_data(ssl, index_)); -+ } -+ -+ bool Set(SSL *ssl, T *t) { -+ return index_ >= 0 && SSL_set_ex_data(ssl, index_, t); -+ } -+ -+ private: -+ int index_; -+}; + {DTLS1_2_VERSION, VersionParam::is_dtls, "DTLS1_2"}, + }; - // static const CipherTest kCipherTests[] = { - // // Selecting individual ciphers should work. -@@ -901,153 +910,155 @@ - // ExpectDefaultVersion(DTLS1_2_VERSION, DTLS1_2_VERSION, &DTLSv1_2_method); - // } - --// TEST(SSLTest, CipherProperties) { --// static const struct { --// int id; --// const char *standard_name; --// int cipher_nid; --// int digest_nid; --// int kx_nid; --// int auth_nid; --// int prf_nid; --// } kTests[] = { --// { --// SSL3_CK_RSA_DES_192_CBC3_SHA, --// "TLS_RSA_WITH_3DES_EDE_CBC_SHA", --// NID_des_ede3_cbc, --// NID_sha1, --// NID_kx_rsa, --// NID_auth_rsa, --// NID_md5_sha1, --// }, --// { --// TLS1_CK_RSA_WITH_AES_128_SHA, --// "TLS_RSA_WITH_AES_128_CBC_SHA", --// NID_aes_128_cbc, --// NID_sha1, --// NID_kx_rsa, --// NID_auth_rsa, --// NID_md5_sha1, --// }, --// { --// TLS1_CK_PSK_WITH_AES_256_CBC_SHA, --// "TLS_PSK_WITH_AES_256_CBC_SHA", --// NID_aes_256_cbc, --// NID_sha1, --// NID_kx_psk, --// NID_auth_psk, --// NID_md5_sha1, --// }, --// { --// TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, --// "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", --// NID_aes_128_cbc, --// NID_sha1, --// NID_kx_ecdhe, --// NID_auth_rsa, --// NID_md5_sha1, --// }, --// { --// TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, --// "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", --// NID_aes_256_cbc, --// NID_sha1, --// NID_kx_ecdhe, --// NID_auth_rsa, --// NID_md5_sha1, --// }, --// { --// TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, --// "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", --// NID_aes_128_gcm, --// NID_undef, --// NID_kx_ecdhe, --// NID_auth_rsa, --// NID_sha256, --// }, --// { --// TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, --// "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", --// NID_aes_128_gcm, --// NID_undef, --// NID_kx_ecdhe, --// NID_auth_ecdsa, --// NID_sha256, --// }, --// { --// TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, --// "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", --// NID_aes_256_gcm, --// NID_undef, --// NID_kx_ecdhe, --// NID_auth_ecdsa, --// NID_sha384, --// }, --// { --// TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA, --// "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", --// NID_aes_128_cbc, --// NID_sha1, --// NID_kx_ecdhe, --// NID_auth_psk, --// NID_md5_sha1, --// }, --// { --// TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, --// "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", --// NID_chacha20_poly1305, --// NID_undef, --// NID_kx_ecdhe, --// NID_auth_rsa, --// NID_sha256, --// }, --// { --// TLS1_3_CK_AES_256_GCM_SHA384, --// "TLS_AES_256_GCM_SHA384", --// NID_aes_256_gcm, --// NID_undef, --// NID_kx_any, --// NID_auth_any, --// NID_sha384, --// }, --// { --// TLS1_3_CK_AES_128_GCM_SHA256, --// "TLS_AES_128_GCM_SHA256", --// NID_aes_128_gcm, --// NID_undef, --// NID_kx_any, --// NID_auth_any, --// NID_sha256, --// }, --// { --// TLS1_3_CK_CHACHA20_POLY1305_SHA256, --// "TLS_CHACHA20_POLY1305_SHA256", --// NID_chacha20_poly1305, --// NID_undef, --// NID_kx_any, --// NID_auth_any, --// NID_sha256, --// }, --// }; -- --// for (const auto &t : kTests) { --// SCOPED_TRACE(t.standard_name); -- --// const SSL_CIPHER *cipher = SSL_get_cipher_by_value(t.id & 0xffff); --// ASSERT_TRUE(cipher); --// EXPECT_STREQ(t.standard_name, SSL_CIPHER_standard_name(cipher)); -- --// bssl::UniquePtr rfc_name(SSL_CIPHER_get_rfc_name(cipher)); --// ASSERT_TRUE(rfc_name); --// EXPECT_STREQ(t.standard_name, rfc_name.get()); -- --// EXPECT_EQ(t.cipher_nid, SSL_CIPHER_get_cipher_nid(cipher)); --// EXPECT_EQ(t.digest_nid, SSL_CIPHER_get_digest_nid(cipher)); --// EXPECT_EQ(t.kx_nid, SSL_CIPHER_get_kx_nid(cipher)); --// EXPECT_EQ(t.auth_nid, SSL_CIPHER_get_auth_nid(cipher)); --// EXPECT_EQ(t.prf_nid, SSL_CIPHER_get_prf_nid(cipher)); --// } --// } -+TEST(SSLTest, CipherProperties) { -+ static const struct { -+ int id; -+ const char *standard_name; -+ int cipher_nid; -+ int digest_nid; -+ int kx_nid; -+ int auth_nid; -+ int prf_nid; -+ } kTests[] = { +@@ -911,6 +915,7 @@ + int auth_nid; + int prf_nid; + } kTests[] = { +#ifdef SSL3_CK_RSA_DES_192_CBC3_SHA -+ { -+ SSL3_CK_RSA_DES_192_CBC3_SHA, -+ "TLS_RSA_WITH_3DES_EDE_CBC_SHA", -+ NID_des_ede3_cbc, -+ NID_sha1, -+ NID_kx_rsa, -+ NID_auth_rsa, -+ NID_md5_sha1, -+ }, -+#endif -+ { -+ TLS1_CK_RSA_WITH_AES_128_SHA, -+ "TLS_RSA_WITH_AES_128_CBC_SHA", -+ NID_aes_128_cbc, -+ NID_sha1, -+ NID_kx_rsa, -+ NID_auth_rsa, -+ NID_md5_sha1, -+ }, -+ { -+ TLS1_CK_PSK_WITH_AES_256_CBC_SHA, -+ "TLS_PSK_WITH_AES_256_CBC_SHA", -+ NID_aes_256_cbc, -+ NID_sha1, -+ NID_kx_psk, -+ NID_auth_psk, -+ NID_md5_sha1, -+ }, -+ { -+ TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, -+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", -+ NID_aes_128_cbc, -+ NID_sha1, -+ NID_kx_ecdhe, -+ NID_auth_rsa, -+ NID_md5_sha1, -+ }, -+ { -+ TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, -+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", -+ NID_aes_256_cbc, -+ NID_sha1, -+ NID_kx_ecdhe, -+ NID_auth_rsa, -+ NID_md5_sha1, -+ }, -+ { -+ TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, -+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", -+ NID_aes_128_gcm, -+ NID_undef, -+ NID_kx_ecdhe, -+ NID_auth_rsa, -+ NID_sha256, -+ }, -+ { -+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, -+ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", -+ NID_aes_128_gcm, -+ NID_undef, -+ NID_kx_ecdhe, -+ NID_auth_ecdsa, -+ NID_sha256, -+ }, -+ { -+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, -+ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", -+ NID_aes_256_gcm, -+ NID_undef, -+ NID_kx_ecdhe, -+ NID_auth_ecdsa, -+ NID_sha384, -+ }, -+ { -+ TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA, -+ "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", -+ NID_aes_128_cbc, -+ NID_sha1, -+ NID_kx_ecdhe, -+ NID_auth_psk, -+ NID_md5_sha1, -+ }, -+ { -+ TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, -+ "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", -+ NID_chacha20_poly1305, -+ NID_undef, -+ NID_kx_ecdhe, -+ NID_auth_rsa, -+ NID_sha256, -+ }, -+ { -+ TLS1_3_CK_AES_256_GCM_SHA384, -+ "TLS_AES_256_GCM_SHA384", -+ NID_aes_256_gcm, -+ NID_undef, -+ NID_kx_any, -+ NID_auth_any, -+ NID_sha384, -+ }, -+ { -+ TLS1_3_CK_AES_128_GCM_SHA256, -+ "TLS_AES_128_GCM_SHA256", -+ NID_aes_128_gcm, -+ NID_undef, -+ NID_kx_any, -+ NID_auth_any, -+ NID_sha256, -+ }, -+ { -+ TLS1_3_CK_CHACHA20_POLY1305_SHA256, -+ "TLS_CHACHA20_POLY1305_SHA256", -+ NID_chacha20_poly1305, -+ NID_undef, -+ NID_kx_any, -+ NID_auth_any, -+ NID_sha256, -+ }, -+ }; -+ -+ for (const auto &t : kTests) { -+ SCOPED_TRACE(t.standard_name); -+ -+ const SSL_CIPHER *cipher = SSL_get_cipher_by_value(t.id & 0xffff); -+ ASSERT_TRUE(cipher); -+ EXPECT_STREQ(t.standard_name, SSL_CIPHER_standard_name(cipher)); -+ -+ bssl::UniquePtr rfc_name(SSL_CIPHER_get_rfc_name(cipher)); -+ ASSERT_TRUE(rfc_name); -+ EXPECT_STREQ(t.standard_name, rfc_name.get()); -+ -+ EXPECT_EQ(t.cipher_nid, SSL_CIPHER_get_cipher_nid(cipher)); -+ EXPECT_EQ(t.digest_nid, SSL_CIPHER_get_digest_nid(cipher)); -+ EXPECT_EQ(t.kx_nid, SSL_CIPHER_get_kx_nid(cipher)); -+ EXPECT_EQ(t.auth_nid, SSL_CIPHER_get_auth_nid(cipher)); -+ EXPECT_EQ(t.prf_nid, SSL_CIPHER_get_prf_nid(cipher)); -+ } -+} - - // CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified - // version and ticket length or nullptr on failure. -@@ -1196,63 +1207,63 @@ - // } - // } - --// static bssl::UniquePtr CertFromPEM(const char *pem) { --// bssl::UniquePtr bio(BIO_new_mem_buf(pem, strlen(pem))); --// if (!bio) { --// return nullptr; --// } --// return bssl::UniquePtr( --// PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr)); --// } -- --// static bssl::UniquePtr KeyFromPEM(const char *pem) { --// bssl::UniquePtr bio(BIO_new_mem_buf(pem, strlen(pem))); --// if (!bio) { --// return nullptr; --// } --// return bssl::UniquePtr( --// PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr)); --// } -- --// static bssl::UniquePtr GetTestCertificate() { --// static const char kCertPEM[] = --// "-----BEGIN CERTIFICATE-----\n" --// "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n" --// "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n" --// "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n" --// "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n" --// "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" --// "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n" --// "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n" --// "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n" --// "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n" --// "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n" --// "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n" --// "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n" --// "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n" --// "-----END CERTIFICATE-----\n"; --// return CertFromPEM(kCertPEM); --// } -- --// static bssl::UniquePtr GetTestKey() { --// static const char kKeyPEM[] = --// "-----BEGIN RSA PRIVATE KEY-----\n" --// "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n" --// "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n" --// "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n" --// "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n" --// "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n" --// "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n" --// "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n" --// "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n" --// "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n" --// "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n" --// "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n" --// "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n" --// "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n" --// "-----END RSA PRIVATE KEY-----\n"; --// return KeyFromPEM(kKeyPEM); --// } -+static bssl::UniquePtr CertFromPEM(const char *pem) { -+ bssl::UniquePtr bio(BIO_new_mem_buf(pem, strlen(pem))); -+ if (!bio) { -+ return nullptr; -+ } -+ return bssl::UniquePtr( -+ PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr)); -+} -+ -+static bssl::UniquePtr KeyFromPEM(const char *pem) { -+ bssl::UniquePtr bio(BIO_new_mem_buf(pem, strlen(pem))); -+ if (!bio) { -+ return nullptr; -+ } -+ return bssl::UniquePtr( -+ PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr)); -+} -+ -+static bssl::UniquePtr GetTestCertificate() { -+ static const char kCertPEM[] = -+ "-----BEGIN CERTIFICATE-----\n" -+ "MIICWDCCAcGgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n" -+ "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n" -+ "aWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBF\n" -+ "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n" -+ "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" -+ "gQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLci\n" -+ "HnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfV\n" -+ "W28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNV\n" -+ "HQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4f\n" -+ "Zbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76Hht\n" -+ "ldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhr\n" -+ "T5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4f\n" -+ "j2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg==\n" -+ "-----END CERTIFICATE-----\n"; -+ return CertFromPEM(kCertPEM); -+} -+ -+static bssl::UniquePtr GetTestKey() { -+ static const char kKeyPEM[] = -+ "-----BEGIN RSA PRIVATE KEY-----\n" -+ "MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92\n" -+ "kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF\n" -+ "KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB\n" -+ "AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe\n" -+ "i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+\n" -+ "WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ\n" -+ "m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj\n" -+ "QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk\n" -+ "aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj\n" -+ "LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk\n" -+ "104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/\n" -+ "tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd\n" -+ "moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==\n" -+ "-----END RSA PRIVATE KEY-----\n"; -+ return KeyFromPEM(kKeyPEM); -+} - - // static bssl::UniquePtr CreateContextWithTestCertificate( - // const SSL_METHOD *method) { -@@ -1408,198 +1419,222 @@ - // return KeyFromPEM(kKeyPEM); - // } - --// static bool CompleteHandshakes(SSL *client, SSL *server) { --// // Drive both their handshakes to completion. --// for (;;) { --// int client_ret = SSL_do_handshake(client); --// int client_err = SSL_get_error(client, client_ret); --// if (client_err != SSL_ERROR_NONE && --// client_err != SSL_ERROR_WANT_READ && --// client_err != SSL_ERROR_WANT_WRITE && --// client_err != SSL_ERROR_PENDING_TICKET) { --// fprintf(stderr, "Client error: %s\n", SSL_error_description(client_err)); --// return false; --// } -- --// int server_ret = SSL_do_handshake(server); --// int server_err = SSL_get_error(server, server_ret); --// if (server_err != SSL_ERROR_NONE && --// server_err != SSL_ERROR_WANT_READ && --// server_err != SSL_ERROR_WANT_WRITE && --// server_err != SSL_ERROR_PENDING_TICKET) { --// fprintf(stderr, "Server error: %s\n", SSL_error_description(server_err)); --// return false; --// } -- --// if (client_ret == 1 && server_ret == 1) { --// break; --// } --// } -- --// return true; --// } -- --// static bool FlushNewSessionTickets(SSL *client, SSL *server) { --// // NewSessionTickets are deferred on the server to |SSL_write|, and clients do --// // not pick them up until |SSL_read|. --// for (;;) { --// int server_ret = SSL_write(server, nullptr, 0); --// int server_err = SSL_get_error(server, server_ret); --// // The server may either succeed (|server_ret| is zero) or block on write --// // (|server_ret| is -1 and |server_err| is |SSL_ERROR_WANT_WRITE|). --// if (server_ret > 0 || --// (server_ret < 0 && server_err != SSL_ERROR_WANT_WRITE)) { --// fprintf(stderr, "Unexpected server result: %d %d\n", server_ret, --// server_err); --// return false; --// } -- --// int client_ret = SSL_read(client, nullptr, 0); --// int client_err = SSL_get_error(client, client_ret); --// // The client must always block on read. --// if (client_ret != -1 || client_err != SSL_ERROR_WANT_READ) { --// fprintf(stderr, "Unexpected client result: %d %d\n", client_ret, --// client_err); --// return false; --// } -- --// // The server flushed everything it had to write. --// if (server_ret == 0) { --// return true; --// } --// } --// } -+static bool CompleteHandshakes(SSL *client, SSL *server) { -+ // Drive both their handshakes to completion. -+ for (;;) { -+ int client_ret = SSL_do_handshake(client); -+ int client_err = SSL_get_error(client, client_ret); -+ if (client_err != SSL_ERROR_NONE && -+ client_err != SSL_ERROR_WANT_READ && -+ client_err != SSL_ERROR_WANT_WRITE && + { + SSL3_CK_RSA_DES_192_CBC3_SHA, + "TLS_RSA_WITH_3DES_EDE_CBC_SHA", +@@ -920,6 +925,7 @@ + NID_auth_rsa, + NID_md5_sha1, + }, ++#endif + { + TLS1_CK_RSA_WITH_AES_128_SHA, + "TLS_RSA_WITH_AES_128_CBC_SHA", +@@ -1422,7 +1428,11 @@ + if (client_err != SSL_ERROR_NONE && + client_err != SSL_ERROR_WANT_READ && + client_err != SSL_ERROR_WANT_WRITE && +#ifdef SSL_ERROR_PENDING_TICKET -+ client_err != SSL_ERROR_PENDING_TICKET) { + client_err != SSL_ERROR_PENDING_TICKET) { +#else + true) { +#endif -+ fprintf(stderr, "Client error: %s\n", SSL_error_description(client_err)); -+ return false; -+ } -+ -+ int server_ret = SSL_do_handshake(server); -+ int server_err = SSL_get_error(server, server_ret); -+ if (server_err != SSL_ERROR_NONE && -+ server_err != SSL_ERROR_WANT_READ && -+ server_err != SSL_ERROR_WANT_WRITE && + fprintf(stderr, "Client error: %s\n", SSL_error_description(client_err)); + return false; + } +@@ -1432,7 +1442,11 @@ + if (server_err != SSL_ERROR_NONE && + server_err != SSL_ERROR_WANT_READ && + server_err != SSL_ERROR_WANT_WRITE && +#ifdef SSL_ERROR_PENDING_TICKET -+ server_err != SSL_ERROR_PENDING_TICKET) { + server_err != SSL_ERROR_PENDING_TICKET) { +#else + true) { +#endif -+ fprintf(stderr, "Server error: %s\n", SSL_error_description(server_err)); -+ return false; -+ } -+ -+ if (client_ret == 1 && server_ret == 1) { -+ break; -+ } -+ } -+ -+ return true; -+} -+ -+static bool FlushNewSessionTickets(SSL *client, SSL *server) { -+ // NewSessionTickets are deferred on the server to |SSL_write|, and clients do -+ // not pick them up until |SSL_read|. -+ for (;;) { -+ int server_ret = SSL_write(server, nullptr, 0); -+ int server_err = SSL_get_error(server, server_ret); -+ // The server may either succeed (|server_ret| is zero) or block on write -+ // (|server_ret| is -1 and |server_err| is |SSL_ERROR_WANT_WRITE|). -+ if (server_ret > 0 || -+ (server_ret < 0 && server_err != SSL_ERROR_WANT_WRITE)) { -+ fprintf(stderr, "Unexpected server result: %d %d\n", server_ret, -+ server_err); -+ return false; -+ } -+ -+ int client_ret = SSL_read(client, nullptr, 0); -+ int client_err = SSL_get_error(client, client_ret); -+ // The client must always block on read. -+ if (client_ret != -1 || client_err != SSL_ERROR_WANT_READ) { -+ fprintf(stderr, "Unexpected client result: %d %d\n", client_ret, -+ client_err); -+ return false; -+ } -+ -+ // The server flushed everything it had to write. -+ if (server_ret == 0) { -+ return true; -+ } -+ } -+} - - // CreateClientAndServer creates a client and server |SSL| objects whose |BIO|s - // are paired with each other. It does not run the handshake. The caller is - // expected to configure the objects and drive the handshake as needed. --// static bool CreateClientAndServer(bssl::UniquePtr *out_client, --// bssl::UniquePtr *out_server, --// SSL_CTX *client_ctx, SSL_CTX *server_ctx) { --// bssl::UniquePtr client(SSL_new(client_ctx)), server(SSL_new(server_ctx)); --// if (!client || !server) { --// return false; --// } --// SSL_set_connect_state(client.get()); --// SSL_set_accept_state(server.get()); -- --// BIO *bio1, *bio2; --// if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) { --// return false; --// } --// // SSL_set_bio takes ownership. --// SSL_set_bio(client.get(), bio1, bio1); --// SSL_set_bio(server.get(), bio2, bio2); -- --// *out_client = std::move(client); --// *out_server = std::move(server); --// return true; --// } -- --// struct ClientConfig { --// SSL_SESSION *session = nullptr; --// std::string servername; --// std::string verify_hostname; --// unsigned hostflags = 0; --// bool early_data = false; --// }; -- --// static bool ConnectClientAndServer(bssl::UniquePtr *out_client, --// bssl::UniquePtr *out_server, --// SSL_CTX *client_ctx, SSL_CTX *server_ctx, --// const ClientConfig &config = ClientConfig(), --// bool shed_handshake_config = true) { --// bssl::UniquePtr client, server; --// if (!CreateClientAndServer(&client, &server, client_ctx, server_ctx)) { --// return false; --// } --// if (config.early_data) { --// SSL_set_early_data_enabled(client.get(), 1); --// } --// if (config.session) { --// SSL_set_session(client.get(), config.session); --// } --// if (!config.servername.empty() && --// !SSL_set_tlsext_host_name(client.get(), config.servername.c_str())) { --// return false; --// } --// if (!config.verify_hostname.empty()) { --// if (!SSL_set1_host(client.get(), config.verify_hostname.c_str())) { --// return false; --// } --// SSL_set_hostflags(client.get(), config.hostflags); --// } -- --// SSL_set_shed_handshake_config(client.get(), shed_handshake_config); --// SSL_set_shed_handshake_config(server.get(), shed_handshake_config); -- --// if (!CompleteHandshakes(client.get(), server.get())) { --// return false; --// } -- --// *out_client = std::move(client); --// *out_server = std::move(server); --// return true; --// } -- --// static bssl::UniquePtr g_last_session; -- --// static int SaveLastSession(SSL *ssl, SSL_SESSION *session) { --// // Save the most recent session. --// g_last_session.reset(session); --// return 1; --// } -- --// static bssl::UniquePtr CreateClientSession( --// SSL_CTX *client_ctx, SSL_CTX *server_ctx, --// const ClientConfig &config = ClientConfig()) { --// g_last_session = nullptr; --// SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession); -- --// // Connect client and server to get a session. --// bssl::UniquePtr client, server; --// if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx, --// config) || --// !FlushNewSessionTickets(client.get(), server.get())) { --// fprintf(stderr, "Failed to connect client and server.\n"); --// return nullptr; --// } -- --// SSL_CTX_sess_set_new_cb(client_ctx, nullptr); -- --// if (!g_last_session) { --// fprintf(stderr, "Client did not receive a session.\n"); --// return nullptr; --// } --// return std::move(g_last_session); --// } -+static bool CreateClientAndServer(bssl::UniquePtr *out_client, -+ bssl::UniquePtr *out_server, -+ SSL_CTX *client_ctx, SSL_CTX *server_ctx) { -+ bssl::UniquePtr client(SSL_new(client_ctx)), server(SSL_new(server_ctx)); -+ if (!client || !server) { -+ return false; -+ } -+ SSL_set_connect_state(client.get()); -+ SSL_set_accept_state(server.get()); -+ -+ BIO *bio1, *bio2; -+ if (!BIO_new_bio_pair(&bio1, 0, &bio2, 0)) { -+ return false; -+ } -+ // SSL_set_bio takes ownership. -+ SSL_set_bio(client.get(), bio1, bio1); -+ SSL_set_bio(server.get(), bio2, bio2); -+ -+ *out_client = std::move(client); -+ *out_server = std::move(server); -+ return true; -+} -+ -+struct ClientConfig { -+ SSL_SESSION *session = nullptr; -+ std::string servername; -+ std::string verify_hostname; -+ unsigned hostflags = 0; -+ bool early_data = false; -+}; -+ -+static bool ConnectClientAndServer(bssl::UniquePtr *out_client, -+ bssl::UniquePtr *out_server, -+ SSL_CTX *client_ctx, SSL_CTX *server_ctx, -+ const ClientConfig &config = ClientConfig(), -+ bool shed_handshake_config = true) { -+ bssl::UniquePtr client, server; -+ if (!CreateClientAndServer(&client, &server, client_ctx, server_ctx)) { -+ return false; -+ } -+ if (config.early_data) { + fprintf(stderr, "Server error: %s\n", SSL_error_description(server_err)); + return false; + } +@@ -1520,7 +1534,12 @@ + return false; + } + if (config.early_data) { +#ifndef BSSL_COMPAT -+ SSL_set_early_data_enabled(client.get(), 1); + SSL_set_early_data_enabled(client.get(), 1); +#else + std::cout << "WARNING: Skipped SSL_set_early_data_enabled()" << std::endl; + return false; +#endif -+ } -+ if (config.session) { -+ SSL_set_session(client.get(), config.session); -+ } -+ if (!config.servername.empty() && -+ !SSL_set_tlsext_host_name(client.get(), config.servername.c_str())) { -+ return false; -+ } -+ if (!config.verify_hostname.empty()) { + } + if (config.session) { + SSL_set_session(client.get(), config.session); +@@ -1530,14 +1549,25 @@ + return false; + } + if (!config.verify_hostname.empty()) { +#ifndef BSSL_COMPAT -+ if (!SSL_set1_host(client.get(), config.verify_hostname.c_str())) { -+ return false; -+ } -+ SSL_set_hostflags(client.get(), config.hostflags); + if (!SSL_set1_host(client.get(), config.verify_hostname.c_str())) { + return false; + } + SSL_set_hostflags(client.get(), config.hostflags); +#else + std::cout << "WARNING: Skipped SSL_set1_host() & SSL_set_hostflags()" << std::endl; + return false; +#endif -+ } -+ + } + +#ifndef BSSL_COMPAT -+ SSL_set_shed_handshake_config(client.get(), shed_handshake_config); -+ SSL_set_shed_handshake_config(server.get(), shed_handshake_config); + SSL_set_shed_handshake_config(client.get(), shed_handshake_config); + SSL_set_shed_handshake_config(server.get(), shed_handshake_config); +#else + if(shed_handshake_config) { + std::cout << "WARNING: Skipped SSL_set_shed_handshake_config()" << std::endl; + } +#endif -+ -+ if (!CompleteHandshakes(client.get(), server.get())) { -+ return false; -+ } -+ -+ *out_client = std::move(client); -+ *out_server = std::move(server); -+ return true; -+} -+ -+static bssl::UniquePtr g_last_session; -+ -+static int SaveLastSession(SSL *ssl, SSL_SESSION *session) { -+ // Save the most recent session. -+ g_last_session.reset(session); -+ return 1; -+} -+ -+static bssl::UniquePtr CreateClientSession( -+ SSL_CTX *client_ctx, SSL_CTX *server_ctx, -+ const ClientConfig &config = ClientConfig()) { -+ g_last_session = nullptr; -+ SSL_CTX_sess_set_new_cb(client_ctx, SaveLastSession); -+ -+ // Connect client and server to get a session. -+ bssl::UniquePtr client, server; -+ if (!ConnectClientAndServer(&client, &server, client_ctx, server_ctx, -+ config) || -+ !FlushNewSessionTickets(client.get(), server.get())) { -+ fprintf(stderr, "Failed to connect client and server.\n"); -+ return nullptr; -+ } -+ -+ SSL_CTX_sess_set_new_cb(client_ctx, nullptr); -+ -+ if (!g_last_session) { -+ fprintf(stderr, "Client did not receive a session.\n"); -+ return nullptr; -+ } -+ return std::move(g_last_session); -+} - // Test that |SSL_get_client_CA_list| echoes back the configured parameter even - // before configuring as a server. --// TEST(SSLTest, ClientCAList) { --// bssl::UniquePtr ctx(SSL_CTX_new(TLS_method())); --// ASSERT_TRUE(ctx); --// bssl::UniquePtr ssl(SSL_new(ctx.get())); --// ASSERT_TRUE(ssl); -- --// bssl::UniquePtr name(X509_NAME_new()); --// ASSERT_TRUE(name); -- --// bssl::UniquePtr name_dup(X509_NAME_dup(name.get())); --// ASSERT_TRUE(name_dup); -- --// bssl::UniquePtr stack(sk_X509_NAME_new_null()); --// ASSERT_TRUE(stack); --// ASSERT_TRUE(PushToStack(stack.get(), std::move(name_dup))); -- --// // |SSL_set_client_CA_list| takes ownership. --// SSL_set_client_CA_list(ssl.get(), stack.release()); -- --// STACK_OF(X509_NAME) *result = SSL_get_client_CA_list(ssl.get()); --// ASSERT_TRUE(result); --// ASSERT_EQ(1u, sk_X509_NAME_num(result)); --// EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(result, 0), name.get())); --// } -+TEST(SSLTest, ClientCAList) { -+ bssl::UniquePtr ctx(SSL_CTX_new(TLS_method())); -+ ASSERT_TRUE(ctx); -+ bssl::UniquePtr ssl(SSL_new(ctx.get())); -+ ASSERT_TRUE(ssl); -+ -+ bssl::UniquePtr name(X509_NAME_new()); -+ ASSERT_TRUE(name); -+ -+ bssl::UniquePtr name_dup(X509_NAME_dup(name.get())); -+ ASSERT_TRUE(name_dup); -+ -+ bssl::UniquePtr stack(sk_X509_NAME_new_null()); -+ ASSERT_TRUE(stack); -+ ASSERT_TRUE(PushToStack(stack.get(), std::move(name_dup))); -+ -+ // |SSL_set_client_CA_list| takes ownership. -+ SSL_set_client_CA_list(ssl.get(), stack.release()); -+ -+ STACK_OF(X509_NAME) *result = SSL_get_client_CA_list(ssl.get()); -+ ASSERT_TRUE(result); -+ ASSERT_EQ(1u, sk_X509_NAME_num(result)); -+ EXPECT_EQ(0, X509_NAME_cmp(sk_X509_NAME_value(result, 0), name.get())); -+} - - // TEST(SSLTest, AddClientCA) { - // bssl::UniquePtr ctx(SSL_CTX_new(TLS_method())); -@@ -2495,62 +2530,62 @@ - // SSLVersionTest executes its test cases under all available protocol versions. - // Test cases call |Connect| to create a connection using context objects with - // the protocol version fixed to the current version under test. --// class SSLVersionTest : public ::testing::TestWithParam { --// protected: --// SSLVersionTest() : cert_(GetTestCertificate()), key_(GetTestKey()) {} -- --// void SetUp() { ResetContexts(); } -- --// bssl::UniquePtr CreateContext() const { --// const SSL_METHOD *method = is_dtls() ? DTLS_method() : TLS_method(); --// bssl::UniquePtr ctx(SSL_CTX_new(method)); --// if (!ctx || !SSL_CTX_set_min_proto_version(ctx.get(), version()) || --// !SSL_CTX_set_max_proto_version(ctx.get(), version())) { --// return nullptr; --// } --// return ctx; --// } -- --// void ResetContexts() { --// ASSERT_TRUE(cert_); --// ASSERT_TRUE(key_); --// client_ctx_ = CreateContext(); --// ASSERT_TRUE(client_ctx_); --// server_ctx_ = CreateContext(); --// ASSERT_TRUE(server_ctx_); --// // Set up a server cert. Client certs can be set up explicitly. --// ASSERT_TRUE(UseCertAndKey(server_ctx_.get())); --// } -- --// bool UseCertAndKey(SSL_CTX *ctx) const { --// return SSL_CTX_use_certificate(ctx, cert_.get()) && --// SSL_CTX_use_PrivateKey(ctx, key_.get()); --// } -- --// bool Connect(const ClientConfig &config = ClientConfig()) { --// return ConnectClientAndServer(&client_, &server_, client_ctx_.get(), --// server_ctx_.get(), config, --// shed_handshake_config_); --// } -- --// uint16_t version() const { return GetParam().version; } -- --// bool is_dtls() const { --// return GetParam().ssl_method == VersionParam::is_dtls; --// } -- --// bool shed_handshake_config_ = true; --// bssl::UniquePtr client_, server_; --// bssl::UniquePtr server_ctx_, client_ctx_; --// bssl::UniquePtr cert_; --// bssl::UniquePtr key_; --// }; -- --// INSTANTIATE_TEST_SUITE_P(WithVersion, SSLVersionTest, --// testing::ValuesIn(kAllVersions), --// [](const testing::TestParamInfo &i) { --// return i.param.name; --// }); -+class SSLVersionTest : public ::testing::TestWithParam { -+ protected: -+ SSLVersionTest() : cert_(GetTestCertificate()), key_(GetTestKey()) {} -+ -+ void SetUp() { ResetContexts(); } -+ -+ bssl::UniquePtr CreateContext() const { -+ const SSL_METHOD *method = is_dtls() ? DTLS_method() : TLS_method(); -+ bssl::UniquePtr ctx(SSL_CTX_new(method)); -+ if (!ctx || !SSL_CTX_set_min_proto_version(ctx.get(), version()) || -+ !SSL_CTX_set_max_proto_version(ctx.get(), version())) { -+ return nullptr; -+ } -+ return ctx; -+ } -+ -+ void ResetContexts() { -+ ASSERT_TRUE(cert_); -+ ASSERT_TRUE(key_); -+ client_ctx_ = CreateContext(); -+ ASSERT_TRUE(client_ctx_); -+ server_ctx_ = CreateContext(); -+ ASSERT_TRUE(server_ctx_); -+ // Set up a server cert. Client certs can be set up explicitly. -+ ASSERT_TRUE(UseCertAndKey(server_ctx_.get())) << ERR_error_string(ERR_get_error(), nullptr); -+ } -+ -+ bool UseCertAndKey(SSL_CTX *ctx) const { -+ return SSL_CTX_use_certificate(ctx, cert_.get()) && -+ SSL_CTX_use_PrivateKey(ctx, key_.get()); -+ } -+ -+ bool Connect(const ClientConfig &config = ClientConfig()) { -+ return ConnectClientAndServer(&client_, &server_, client_ctx_.get(), -+ server_ctx_.get(), config, -+ shed_handshake_config_); -+ } -+ -+ uint16_t version() const { return GetParam().version; } -+ -+ bool is_dtls() const { -+ return GetParam().ssl_method == VersionParam::is_dtls; -+ } -+ -+ bool shed_handshake_config_ = true; -+ bssl::UniquePtr client_, server_; -+ bssl::UniquePtr server_ctx_, client_ctx_; -+ bssl::UniquePtr cert_; -+ bssl::UniquePtr key_; -+}; -+ -+INSTANTIATE_TEST_SUITE_P(WithVersion, SSLVersionTest, -+ testing::ValuesIn(kAllVersions), -+ [](const testing::TestParamInfo &i) { -+ return i.param.name; -+ }); - - // TEST_P(SSLVersionTest, SequenceNumber) { - // ASSERT_TRUE(Connect()); -@@ -2591,110 +2626,110 @@ - // EXPECT_EQ(server_read_seq + 1, SSL_get_read_sequence(server_.get())); - // } - --// TEST_P(SSLVersionTest, OneSidedShutdown) { --// // SSL_shutdown is a no-op in DTLS. --// if (is_dtls()) { --// return; --// } --// ASSERT_TRUE(Connect()); -- --// // Shut down half the connection. |SSL_shutdown| will return 0 to signal only --// // one side has shut down. --// ASSERT_EQ(SSL_shutdown(client_.get()), 0); -- --// // Reading from the server should consume the EOF. --// uint8_t byte; --// ASSERT_EQ(SSL_read(server_.get(), &byte, 1), 0); --// ASSERT_EQ(SSL_get_error(server_.get(), 0), SSL_ERROR_ZERO_RETURN); -- --// // However, the server may continue to write data and then shut down the --// // connection. --// byte = 42; --// ASSERT_EQ(SSL_write(server_.get(), &byte, 1), 1); --// ASSERT_EQ(SSL_read(client_.get(), &byte, 1), 1); --// ASSERT_EQ(byte, 42); -- --// // The server may then shutdown the connection. --// EXPECT_EQ(SSL_shutdown(server_.get()), 1); --// EXPECT_EQ(SSL_shutdown(client_.get()), 1); --// } -+TEST_P(SSLVersionTest, OneSidedShutdown) { -+ // SSL_shutdown is a no-op in DTLS. -+ if (is_dtls()) { -+ return; -+ } -+ ASSERT_TRUE(Connect()); -+ -+ // Shut down half the connection. |SSL_shutdown| will return 0 to signal only -+ // one side has shut down. -+ ASSERT_EQ(SSL_shutdown(client_.get()), 0); -+ -+ // Reading from the server should consume the EOF. -+ uint8_t byte; -+ ASSERT_EQ(SSL_read(server_.get(), &byte, 1), 0); -+ ASSERT_EQ(SSL_get_error(server_.get(), 0), SSL_ERROR_ZERO_RETURN); -+ -+ // However, the server may continue to write data and then shut down the -+ // connection. -+ byte = 42; -+ ASSERT_EQ(SSL_write(server_.get(), &byte, 1), 1); -+ ASSERT_EQ(SSL_read(client_.get(), &byte, 1), 1); -+ ASSERT_EQ(byte, 42); -+ -+ // The server may then shutdown the connection. -+ EXPECT_EQ(SSL_shutdown(server_.get()), 1); -+ EXPECT_EQ(SSL_shutdown(client_.get()), 1); -+} - - // Test that, after calling |SSL_shutdown|, |SSL_write| fails. --// TEST_P(SSLVersionTest, WriteAfterShutdown) { --// ASSERT_TRUE(Connect()); -- --// for (SSL *ssl : {client_.get(), server_.get()}) { --// SCOPED_TRACE(SSL_is_server(ssl) ? "server" : "client"); -- --// bssl::UniquePtr mem(BIO_new(BIO_s_mem())); --// ASSERT_TRUE(mem); --// SSL_set0_wbio(ssl, bssl::UpRef(mem).release()); -- --// // Shut down half the connection. |SSL_shutdown| will return 0 to signal --// // only one side has shut down. --// ASSERT_EQ(SSL_shutdown(ssl), 0); -- --// // |ssl| should have written an alert to the transport. --// const uint8_t *unused; --// size_t len; --// ASSERT_TRUE(BIO_mem_contents(mem.get(), &unused, &len)); --// EXPECT_NE(0u, len); --// EXPECT_TRUE(BIO_reset(mem.get())); -+TEST_P(SSLVersionTest, WriteAfterShutdown) { -+ ASSERT_TRUE(Connect()); - --// // Writing should fail. --// EXPECT_EQ(-1, SSL_write(ssl, "a", 1)); -+ for (SSL *ssl : {client_.get(), server_.get()}) { -+ SCOPED_TRACE(SSL_is_server(ssl) ? "server" : "client"); - --// // Nothing should be written to the transport. --// ASSERT_TRUE(BIO_mem_contents(mem.get(), &unused, &len)); --// EXPECT_EQ(0u, len); --// } --// } -+ bssl::UniquePtr mem(BIO_new(BIO_s_mem())); -+ ASSERT_TRUE(mem); -+ SSL_set0_wbio(ssl, bssl::UpRef(mem).release()); -+ -+ // Shut down half the connection. |SSL_shutdown| will return 0 to signal -+ // only one side has shut down. -+ ASSERT_EQ(SSL_shutdown(ssl), 0); -+ -+ // |ssl| should have written an alert to the transport. -+ const uint8_t *unused; -+ size_t len; -+ ASSERT_TRUE(BIO_mem_contents(mem.get(), &unused, &len)); -+ EXPECT_NE(0u, len); -+ EXPECT_TRUE(BIO_reset(mem.get())); -+ -+ // Writing should fail. -+ EXPECT_EQ(-1, SSL_write(ssl, "a", 1)); -+ -+ // Nothing should be written to the transport. -+ ASSERT_TRUE(BIO_mem_contents(mem.get(), &unused, &len)); -+ EXPECT_EQ(0u, len); -+ } -+} - - // Test that, after sending a fatal alert in a failed |SSL_read|, |SSL_write| - // fails. --// TEST_P(SSLVersionTest, WriteAfterReadSentFatalAlert) { --// // Decryption failures are not fatal in DTLS. --// if (is_dtls()) { --// return; --// } -- --// ASSERT_TRUE(Connect()); -- --// // Save the write |BIO|s as the test will overwrite them. --// bssl::UniquePtr client_wbio = bssl::UpRef(SSL_get_wbio(client_.get())); --// bssl::UniquePtr server_wbio = bssl::UpRef(SSL_get_wbio(server_.get())); -- --// for (bool test_server : {false, true}) { --// SCOPED_TRACE(test_server ? "server" : "client"); --// SSL *ssl = test_server ? server_.get() : client_.get(); --// BIO *other_wbio = test_server ? client_wbio.get() : server_wbio.get(); -- --// bssl::UniquePtr mem(BIO_new(BIO_s_mem())); --// ASSERT_TRUE(mem); --// SSL_set0_wbio(ssl, bssl::UpRef(mem).release()); -- --// // Read an invalid record from the peer. --// static const uint8_t kInvalidRecord[] = "invalid record"; --// EXPECT_EQ(int{sizeof(kInvalidRecord)}, --// BIO_write(other_wbio, kInvalidRecord, sizeof(kInvalidRecord))); --// char buf[256]; --// EXPECT_EQ(-1, SSL_read(ssl, buf, sizeof(buf))); -- --// // |ssl| should have written an alert to the transport. --// const uint8_t *unused; --// size_t len; --// ASSERT_TRUE(BIO_mem_contents(mem.get(), &unused, &len)); --// EXPECT_NE(0u, len); --// EXPECT_TRUE(BIO_reset(mem.get())); -- --// // Writing should fail. --// EXPECT_EQ(-1, SSL_write(ssl, "a", 1)); -- --// // Nothing should be written to the transport. --// ASSERT_TRUE(BIO_mem_contents(mem.get(), &unused, &len)); --// EXPECT_EQ(0u, len); --// } --// } -+TEST_P(SSLVersionTest, WriteAfterReadSentFatalAlert) { -+ // Decryption failures are not fatal in DTLS. -+ if (is_dtls()) { -+ return; -+ } -+ -+ ASSERT_TRUE(Connect()); -+ -+ // Save the write |BIO|s as the test will overwrite them. -+ bssl::UniquePtr client_wbio = bssl::UpRef(SSL_get_wbio(client_.get())); -+ bssl::UniquePtr server_wbio = bssl::UpRef(SSL_get_wbio(server_.get())); -+ -+ for (bool test_server : {false, true}) { -+ SCOPED_TRACE(test_server ? "server" : "client"); -+ SSL *ssl = test_server ? server_.get() : client_.get(); -+ BIO *other_wbio = test_server ? client_wbio.get() : server_wbio.get(); -+ -+ bssl::UniquePtr mem(BIO_new(BIO_s_mem())); -+ ASSERT_TRUE(mem); -+ SSL_set0_wbio(ssl, bssl::UpRef(mem).release()); -+ -+ // Read an invalid record from the peer. -+ static const uint8_t kInvalidRecord[] = "invalid record"; -+ EXPECT_EQ(int{sizeof(kInvalidRecord)}, -+ BIO_write(other_wbio, kInvalidRecord, sizeof(kInvalidRecord))); -+ char buf[256]; -+ EXPECT_EQ(-1, SSL_read(ssl, buf, sizeof(buf))); -+ -+ // |ssl| should have written an alert to the transport. -+ const uint8_t *unused; -+ size_t len; -+ ASSERT_TRUE(BIO_mem_contents(mem.get(), &unused, &len)); -+ EXPECT_NE(0u, len); -+ EXPECT_TRUE(BIO_reset(mem.get())); -+ -+ // Writing should fail. -+ EXPECT_EQ(-1, SSL_write(ssl, "a", 1)); -+ -+ // Nothing should be written to the transport. -+ ASSERT_TRUE(BIO_mem_contents(mem.get(), &unused, &len)); -+ EXPECT_EQ(0u, len); -+ } -+} - - // Test that, after sending a fatal alert from the handshake, |SSL_write| fails. - // TEST_P(SSLVersionTest, WriteAfterHandshakeSentFatalAlert) { -@@ -2935,110 +2970,116 @@ - // // is correct. - // } - --// TEST(SSLTest, SetBIO) { --// bssl::UniquePtr ctx(SSL_CTX_new(TLS_method())); --// ASSERT_TRUE(ctx); -- --// bssl::UniquePtr ssl(SSL_new(ctx.get())); --// bssl::UniquePtr bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())), --// bio3(BIO_new(BIO_s_mem())); --// ASSERT_TRUE(ssl); --// ASSERT_TRUE(bio1); --// ASSERT_TRUE(bio2); --// ASSERT_TRUE(bio3); -- --// // SSL_set_bio takes one reference when the parameters are the same. --// BIO_up_ref(bio1.get()); --// SSL_set_bio(ssl.get(), bio1.get(), bio1.get()); -- --// // Repeating the call does nothing. --// SSL_set_bio(ssl.get(), bio1.get(), bio1.get()); -- --// // It takes one reference each when the parameters are different. --// BIO_up_ref(bio2.get()); --// BIO_up_ref(bio3.get()); --// SSL_set_bio(ssl.get(), bio2.get(), bio3.get()); -- --// // Repeating the call does nothing. --// SSL_set_bio(ssl.get(), bio2.get(), bio3.get()); -- --// // It takes one reference when changing only wbio. --// BIO_up_ref(bio1.get()); --// SSL_set_bio(ssl.get(), bio2.get(), bio1.get()); -- --// // It takes one reference when changing only rbio and the two are different. --// BIO_up_ref(bio3.get()); --// SSL_set_bio(ssl.get(), bio3.get(), bio1.get()); -- --// // If setting wbio to rbio, it takes no additional references. --// SSL_set_bio(ssl.get(), bio3.get(), bio3.get()); -- --// // From there, wbio may be switched to something else. --// BIO_up_ref(bio1.get()); --// SSL_set_bio(ssl.get(), bio3.get(), bio1.get()); -- --// // If setting rbio to wbio, it takes no additional references. --// SSL_set_bio(ssl.get(), bio1.get(), bio1.get()); -- --// // From there, rbio may be switched to something else, but, for historical --// // reasons, it takes a reference to both parameters. --// BIO_up_ref(bio1.get()); --// BIO_up_ref(bio2.get()); --// SSL_set_bio(ssl.get(), bio2.get(), bio1.get()); -- --// // ASAN builds will implicitly test that the internal |BIO| reference-counting --// // is correct. --// } -- --// static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; } -- --// TEST_P(SSLVersionTest, GetPeerCertificate) { --// ASSERT_TRUE(UseCertAndKey(client_ctx_.get())); -- --// // Configure both client and server to accept any certificate. --// SSL_CTX_set_verify(client_ctx_.get(), --// SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, --// nullptr); --// SSL_CTX_set_cert_verify_callback(client_ctx_.get(), VerifySucceed, NULL); --// SSL_CTX_set_verify(server_ctx_.get(), --// SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, --// nullptr); --// SSL_CTX_set_cert_verify_callback(server_ctx_.get(), VerifySucceed, NULL); -- --// ASSERT_TRUE(Connect()); -- --// // Client and server should both see the leaf certificate. --// bssl::UniquePtr peer(SSL_get_peer_certificate(server_.get())); --// ASSERT_TRUE(peer); --// ASSERT_EQ(X509_cmp(cert_.get(), peer.get()), 0); -- --// peer.reset(SSL_get_peer_certificate(client_.get())); --// ASSERT_TRUE(peer); --// ASSERT_EQ(X509_cmp(cert_.get(), peer.get()), 0); -- --// // However, for historical reasons, the X509 chain includes the leaf on the --// // client, but does not on the server. --// EXPECT_EQ(sk_X509_num(SSL_get_peer_cert_chain(client_.get())), 1u); --// EXPECT_EQ(sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(client_.get())), --// 1u); -- --// EXPECT_EQ(sk_X509_num(SSL_get_peer_cert_chain(server_.get())), 0u); --// EXPECT_EQ(sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(server_.get())), --// 1u); --// } -- --// TEST_P(SSLVersionTest, NoPeerCertificate) { --// SSL_CTX_set_verify(server_ctx_.get(), SSL_VERIFY_PEER, nullptr); --// SSL_CTX_set_cert_verify_callback(server_ctx_.get(), VerifySucceed, NULL); --// SSL_CTX_set_cert_verify_callback(client_ctx_.get(), VerifySucceed, NULL); -- --// ASSERT_TRUE(Connect()); -- --// // Server should not see a peer certificate. --// bssl::UniquePtr peer(SSL_get_peer_certificate(server_.get())); --// ASSERT_FALSE(peer); --// ASSERT_FALSE(SSL_get0_peer_certificates(server_.get())); --// } -+TEST(SSLTest, SetBIO) { -+ bssl::UniquePtr ctx(SSL_CTX_new(TLS_method())); -+ ASSERT_TRUE(ctx); -+ -+ bssl::UniquePtr ssl(SSL_new(ctx.get())); -+ bssl::UniquePtr bio1(BIO_new(BIO_s_mem())), bio2(BIO_new(BIO_s_mem())), -+ bio3(BIO_new(BIO_s_mem())); -+ ASSERT_TRUE(ssl); -+ ASSERT_TRUE(bio1); -+ ASSERT_TRUE(bio2); -+ ASSERT_TRUE(bio3); -+ -+ // SSL_set_bio takes one reference when the parameters are the same. -+ BIO_up_ref(bio1.get()); -+ SSL_set_bio(ssl.get(), bio1.get(), bio1.get()); -+ -+ // Repeating the call does nothing. -+ SSL_set_bio(ssl.get(), bio1.get(), bio1.get()); -+ -+ // It takes one reference each when the parameters are different. -+ BIO_up_ref(bio2.get()); -+ BIO_up_ref(bio3.get()); -+ SSL_set_bio(ssl.get(), bio2.get(), bio3.get()); -+ -+ // Repeating the call does nothing. -+ SSL_set_bio(ssl.get(), bio2.get(), bio3.get()); -+ -+ // It takes one reference when changing only wbio. -+ BIO_up_ref(bio1.get()); -+ SSL_set_bio(ssl.get(), bio2.get(), bio1.get()); -+ -+ // It takes one reference when changing only rbio and the two are different. -+ BIO_up_ref(bio3.get()); -+ SSL_set_bio(ssl.get(), bio3.get(), bio1.get()); -+ -+ // If setting wbio to rbio, it takes no additional references. -+ SSL_set_bio(ssl.get(), bio3.get(), bio3.get()); -+ -+ // From there, wbio may be switched to something else. -+ BIO_up_ref(bio1.get()); -+ SSL_set_bio(ssl.get(), bio3.get(), bio1.get()); -+ -+ // If setting rbio to wbio, it takes no additional references. -+ SSL_set_bio(ssl.get(), bio1.get(), bio1.get()); -+ -+ // From there, rbio may be switched to something else, but, for historical -+ // reasons, it takes a reference to both parameters. -+ BIO_up_ref(bio1.get()); -+ BIO_up_ref(bio2.get()); -+ SSL_set_bio(ssl.get(), bio2.get(), bio1.get()); -+ -+ // ASAN builds will implicitly test that the internal |BIO| reference-counting -+ // is correct. -+} -+ -+static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { return 1; } -+ -+TEST_P(SSLVersionTest, GetPeerCertificate) { -+ ASSERT_TRUE(UseCertAndKey(client_ctx_.get())); -+ -+ // Configure both client and server to accept any certificate. -+ SSL_CTX_set_verify(client_ctx_.get(), -+ SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, -+ nullptr); -+ SSL_CTX_set_cert_verify_callback(client_ctx_.get(), VerifySucceed, NULL); -+ SSL_CTX_set_verify(server_ctx_.get(), -+ SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, -+ nullptr); -+ SSL_CTX_set_cert_verify_callback(server_ctx_.get(), VerifySucceed, NULL); -+ -+ ASSERT_TRUE(Connect()); -+ -+ // Client and server should both see the leaf certificate. -+ bssl::UniquePtr peer(SSL_get_peer_certificate(server_.get())); -+ ASSERT_TRUE(peer); -+ ASSERT_EQ(X509_cmp(cert_.get(), peer.get()), 0); -+ -+ peer.reset(SSL_get_peer_certificate(client_.get())); -+ ASSERT_TRUE(peer); -+ ASSERT_EQ(X509_cmp(cert_.get(), peer.get()), 0); -+ -+ // However, for historical reasons, the X509 chain includes the leaf on the -+ // client, but does not on the server. -+ EXPECT_EQ(sk_X509_num(SSL_get_peer_cert_chain(client_.get())), 1u); + if (!CompleteHandshakes(client.get(), server.get())) { + return false; +@@ -3104,12 +3134,16 @@ + // However, for historical reasons, the X509 chain includes the leaf on the + // client, but does not on the server. + EXPECT_EQ(sk_X509_num(SSL_get_peer_cert_chain(client_.get())), 1u); +#ifndef BSSL_COMPAT // Envoy doesn't need SSL_get0_peer_certificates() so skip this -+ EXPECT_EQ(sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(client_.get())), -+ 1u); + EXPECT_EQ(sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(client_.get())), + 1u); +#endif -+ -+ EXPECT_EQ(sk_X509_num(SSL_get_peer_cert_chain(server_.get())), 0u); + + EXPECT_EQ(sk_X509_num(SSL_get_peer_cert_chain(server_.get())), 0u); +#ifndef BSSL_COMPAT // Envoy doesn't need SSL_get0_peer_certificates() so skip this -+ EXPECT_EQ(sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(server_.get())), -+ 1u); + EXPECT_EQ(sk_CRYPTO_BUFFER_num(SSL_get0_peer_certificates(server_.get())), + 1u); +#endif -+} -+ -+TEST_P(SSLVersionTest, NoPeerCertificate) { -+ SSL_CTX_set_verify(server_ctx_.get(), SSL_VERIFY_PEER, nullptr); -+ SSL_CTX_set_cert_verify_callback(server_ctx_.get(), VerifySucceed, NULL); -+ SSL_CTX_set_cert_verify_callback(client_ctx_.get(), VerifySucceed, NULL); -+ -+ ASSERT_TRUE(Connect()); -+ -+ // Server should not see a peer certificate. -+ bssl::UniquePtr peer(SSL_get_peer_certificate(server_.get())); -+ ASSERT_FALSE(peer); + } + + TEST_P(SSLVersionTest, NoPeerCertificate) { +@@ -3122,7 +3156,9 @@ + // Server should not see a peer certificate. + bssl::UniquePtr peer(SSL_get_peer_certificate(server_.get())); + ASSERT_FALSE(peer); +#ifndef BSSL_COMPAT // Envoy doesn't need SSL_get0_peer_certificates() so skip this -+ ASSERT_FALSE(SSL_get0_peer_certificates(server_.get())); + ASSERT_FALSE(SSL_get0_peer_certificates(server_.get())); +#endif -+} + } // TEST_P(SSLVersionTest, RetainOnlySHA256OfCerts) { - // uint8_t *cert_der = NULL; -@@ -3167,19 +3208,19 @@ - // } - // } - --// static void ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx, --// SSL_SESSION *session, bool want_reused) { --// bssl::UniquePtr client, server; --// ClientConfig config; --// config.session = session; --// EXPECT_TRUE( --// ConnectClientAndServer(&client, &server, client_ctx, server_ctx, config)); -- --// EXPECT_EQ(SSL_session_reused(client.get()), SSL_session_reused(server.get())); -- --// bool was_reused = !!SSL_session_reused(client.get()); --// EXPECT_EQ(was_reused, want_reused); --// } -+static void ExpectSessionReused(SSL_CTX *client_ctx, SSL_CTX *server_ctx, -+ SSL_SESSION *session, bool want_reused) { -+ bssl::UniquePtr client, server; -+ ClientConfig config; -+ config.session = session; -+ EXPECT_TRUE( -+ ConnectClientAndServer(&client, &server, client_ctx, server_ctx, config)); -+ -+ EXPECT_EQ(SSL_session_reused(client.get()), SSL_session_reused(server.get())); -+ -+ bool was_reused = !!SSL_session_reused(client.get()); -+ EXPECT_EQ(was_reused, want_reused); -+} - - // static bssl::UniquePtr ExpectSessionRenewed(SSL_CTX *client_ctx, - // SSL_CTX *server_ctx, -@@ -3229,73 +3270,76 @@ - // OPENSSL_memcpy(inout_key, new_key, kTicketKeyLen); - // } - --// static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) { --// static const uint8_t kContext[] = {3}; -- --// if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) { --// return SSL_TLSEXT_ERR_ALERT_FATAL; --// } -- --// return SSL_TLSEXT_ERR_OK; --// } -- --// TEST_P(SSLVersionTest, SessionIDContext) { --// static const uint8_t kContext1[] = {1}; --// static const uint8_t kContext2[] = {2}; -- --// ASSERT_TRUE(SSL_CTX_set_session_id_context(server_ctx_.get(), kContext1, --// sizeof(kContext1))); -- --// SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH); --// SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH); -- --// bssl::UniquePtr session = --// CreateClientSession(client_ctx_.get(), server_ctx_.get()); --// ASSERT_TRUE(session); -- --// TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(), --// session.get(), --// true /* expect session reused */)); -- --// // Change the session ID context. --// ASSERT_TRUE(SSL_CTX_set_session_id_context(server_ctx_.get(), kContext2, --// sizeof(kContext2))); -- --// TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(), --// session.get(), --// false /* expect session not reused */)); -- --// // Change the session ID context back and install an SNI callback to switch --// // it. --// ASSERT_TRUE(SSL_CTX_set_session_id_context(server_ctx_.get(), kContext1, --// sizeof(kContext1))); -- --// SSL_CTX_set_tlsext_servername_callback(server_ctx_.get(), --// SwitchSessionIDContextSNI); -+static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) { -+ static const uint8_t kContext[] = {3}; - --// TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(), --// session.get(), --// false /* expect session not reused */)); -- --// // Switch the session ID context with the early callback instead. --// SSL_CTX_set_tlsext_servername_callback(server_ctx_.get(), nullptr); --// SSL_CTX_set_select_certificate_cb( --// server_ctx_.get(), --// [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t { --// static const uint8_t kContext[] = {3}; -- --// if (!SSL_set_session_id_context(client_hello->ssl, kContext, --// sizeof(kContext))) { --// return ssl_select_cert_error; --// } -- --// return ssl_select_cert_success; --// }); -- --// TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(), --// session.get(), --// false /* expect session not reused */)); --// } -+ if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) { -+ return SSL_TLSEXT_ERR_ALERT_FATAL; -+ } -+ -+ return SSL_TLSEXT_ERR_OK; -+} -+ -+TEST_P(SSLVersionTest, SessionIDContext) { -+#ifdef BSSL_COMPAT -+ GTEST_SKIP(); // TODO: Investigate failures on BSSL_COMPAT -+#endif -+ static const uint8_t kContext1[] = {1}; -+ static const uint8_t kContext2[] = {2}; -+ -+ ASSERT_TRUE(SSL_CTX_set_session_id_context(server_ctx_.get(), kContext1, -+ sizeof(kContext1))); -+ -+ SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH); -+ SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH); -+ -+ bssl::UniquePtr session = -+ CreateClientSession(client_ctx_.get(), server_ctx_.get()); -+ ASSERT_TRUE(session); -+ -+ TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(), -+ session.get(), -+ true /* expect session reused */)); -+ -+ // Change the session ID context. -+ ASSERT_TRUE(SSL_CTX_set_session_id_context(server_ctx_.get(), kContext2, -+ sizeof(kContext2))); -+ -+ TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(), -+ session.get(), -+ false /* expect session not reused */)); -+ -+ // Change the session ID context back and install an SNI callback to switch -+ // it. -+ ASSERT_TRUE(SSL_CTX_set_session_id_context(server_ctx_.get(), kContext1, -+ sizeof(kContext1))); -+ -+ SSL_CTX_set_tlsext_servername_callback(server_ctx_.get(), -+ SwitchSessionIDContextSNI); -+ -+ TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(), -+ session.get(), -+ false /* expect session not reused */)); -+ -+ // Switch the session ID context with the early callback instead. -+ SSL_CTX_set_tlsext_servername_callback(server_ctx_.get(), nullptr); -+ SSL_CTX_set_select_certificate_cb( -+ server_ctx_.get(), -+ [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t { -+ static const uint8_t kContext[] = {3}; -+ -+ if (!SSL_set_session_id_context(client_hello->ssl, kContext, -+ sizeof(kContext))) { -+ return ssl_select_cert_error; -+ } -+ -+ return ssl_select_cert_success; -+ }); -+ -+ TRACED_CALL(ExpectSessionReused(client_ctx_.get(), server_ctx_.get(), -+ session.get(), -+ false /* expect session not reused */)); -+} - - // static timeval g_current_time; - -@@ -3719,44 +3763,44 @@ - // EXPECT_EQ(DTLS1_VERSION, SSL_CTX_get_min_proto_version(ctx.get())); - // } - --// static const char *GetVersionName(uint16_t version) { --// switch (version) { --// case TLS1_VERSION: --// return "TLSv1"; --// case TLS1_1_VERSION: --// return "TLSv1.1"; --// case TLS1_2_VERSION: --// return "TLSv1.2"; --// case TLS1_3_VERSION: --// return "TLSv1.3"; --// case DTLS1_VERSION: --// return "DTLSv1"; --// case DTLS1_2_VERSION: --// return "DTLSv1.2"; --// default: --// return "???"; --// } --// } -- --// TEST_P(SSLVersionTest, Version) { --// ASSERT_TRUE(Connect()); -- --// EXPECT_EQ(SSL_version(client_.get()), version()); --// EXPECT_EQ(SSL_version(server_.get()), version()); -- --// // Test the version name is reported as expected. --// const char *version_name = GetVersionName(version()); --// EXPECT_EQ(strcmp(version_name, SSL_get_version(client_.get())), 0); --// EXPECT_EQ(strcmp(version_name, SSL_get_version(server_.get())), 0); -- --// // Test SSL_SESSION reports the same name. --// const char *client_name = --// SSL_SESSION_get_version(SSL_get_session(client_.get())); --// const char *server_name = --// SSL_SESSION_get_version(SSL_get_session(server_.get())); --// EXPECT_EQ(strcmp(version_name, client_name), 0); --// EXPECT_EQ(strcmp(version_name, server_name), 0); --// } -+static const char *GetVersionName(uint16_t version) { -+ switch (version) { -+ case TLS1_VERSION: -+ return "TLSv1"; -+ case TLS1_1_VERSION: -+ return "TLSv1.1"; -+ case TLS1_2_VERSION: -+ return "TLSv1.2"; -+ case TLS1_3_VERSION: -+ return "TLSv1.3"; -+ case DTLS1_VERSION: -+ return "DTLSv1"; -+ case DTLS1_2_VERSION: -+ return "DTLSv1.2"; -+ default: -+ return "???"; -+ } -+} -+ -+TEST_P(SSLVersionTest, Version) { -+ ASSERT_TRUE(Connect()); -+ -+ EXPECT_EQ(SSL_version(client_.get()), version()); -+ EXPECT_EQ(SSL_version(server_.get()), version()); -+ -+ // Test the version name is reported as expected. -+ const char *version_name = GetVersionName(version()); -+ EXPECT_EQ(strcmp(version_name, SSL_get_version(client_.get())), 0); -+ EXPECT_EQ(strcmp(version_name, SSL_get_version(server_.get())), 0); -+ -+ // Test SSL_SESSION reports the same name. -+ const char *client_name = -+ SSL_SESSION_get_version(SSL_get_session(client_.get())); -+ const char *server_name = -+ SSL_SESSION_get_version(SSL_get_session(server_.get())); -+ EXPECT_EQ(strcmp(version_name, client_name), 0); -+ EXPECT_EQ(strcmp(version_name, server_name), 0); -+} - - // Tests that that |SSL_get_pending_cipher| is available during the ALPN - // selection callback. -@@ -4076,40 +4120,40 @@ - // } - // } - --// TEST_P(SSLVersionTest, GetServerName) { --// ClientConfig config; --// config.servername = "host1"; -- --// SSL_CTX_set_tlsext_servername_callback( --// server_ctx_.get(), [](SSL *ssl, int *out_alert, void *arg) -> int { --// // During the handshake, |SSL_get_servername| must match |config|. --// ClientConfig *config_p = reinterpret_cast(arg); --// EXPECT_STREQ(config_p->servername.c_str(), --// SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)); --// return SSL_TLSEXT_ERR_OK; --// }); --// SSL_CTX_set_tlsext_servername_arg(server_ctx_.get(), &config); -- --// ASSERT_TRUE(Connect(config)); --// // After the handshake, it must also be available. --// EXPECT_STREQ(config.servername.c_str(), --// SSL_get_servername(server_.get(), TLSEXT_NAMETYPE_host_name)); -- --// // Establish a session under host1. --// SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH); --// SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH); --// bssl::UniquePtr session = --// CreateClientSession(client_ctx_.get(), server_ctx_.get(), config); -- --// // If the client resumes a session with a different name, |SSL_get_servername| --// // must return the new name. --// ASSERT_TRUE(session); --// config.session = session.get(); --// config.servername = "host2"; --// ASSERT_TRUE(Connect(config)); --// EXPECT_STREQ(config.servername.c_str(), --// SSL_get_servername(server_.get(), TLSEXT_NAMETYPE_host_name)); --// } -+TEST_P(SSLVersionTest, GetServerName) { -+ ClientConfig config; -+ config.servername = "host1"; -+ -+ SSL_CTX_set_tlsext_servername_callback( -+ server_ctx_.get(), [](SSL *ssl, int *out_alert, void *arg) -> int { -+ // During the handshake, |SSL_get_servername| must match |config|. -+ ClientConfig *config_p = reinterpret_cast(arg); -+ EXPECT_STREQ(config_p->servername.c_str(), -+ SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)); -+ return SSL_TLSEXT_ERR_OK; -+ }); -+ SSL_CTX_set_tlsext_servername_arg(server_ctx_.get(), &config); -+ -+ ASSERT_TRUE(Connect(config)); -+ // After the handshake, it must also be available. -+ EXPECT_STREQ(config.servername.c_str(), -+ SSL_get_servername(server_.get(), TLSEXT_NAMETYPE_host_name)); -+ -+ // Establish a session under host1. -+ SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH); -+ SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH); -+ bssl::UniquePtr session = -+ CreateClientSession(client_ctx_.get(), server_ctx_.get(), config); -+ -+ // If the client resumes a session with a different name, |SSL_get_servername| -+ // must return the new name. -+ ASSERT_TRUE(session); -+ config.session = session.get(); -+ config.servername = "host2"; -+ ASSERT_TRUE(Connect(config)); -+ EXPECT_STREQ(config.servername.c_str(), -+ SSL_get_servername(server_.get(), TLSEXT_NAMETYPE_host_name)); -+} - - // Test that session cache mode bits are honored in the client session callback. - // TEST_P(SSLVersionTest, ClientSessionCacheMode) { -@@ -4214,43 +4258,43 @@ - // X509_cmp(cert, cert); - // } - --// TEST(SSLTest, GetCertificate) { --// bssl::UniquePtr ctx(SSL_CTX_new(TLS_method())); --// ASSERT_TRUE(ctx); --// bssl::UniquePtr cert = GetTestCertificate(); --// ASSERT_TRUE(cert); --// ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get())); --// bssl::UniquePtr ssl(SSL_new(ctx.get())); --// ASSERT_TRUE(ssl); -- --// X509 *cert2 = SSL_CTX_get0_certificate(ctx.get()); --// ASSERT_TRUE(cert2); --// X509 *cert3 = SSL_get_certificate(ssl.get()); --// ASSERT_TRUE(cert3); -- --// // The old and new certificates must be identical. --// EXPECT_EQ(0, X509_cmp(cert.get(), cert2)); --// EXPECT_EQ(0, X509_cmp(cert.get(), cert3)); -- --// uint8_t *der = nullptr; --// long der_len = i2d_X509(cert.get(), &der); --// ASSERT_LT(0, der_len); --// bssl::UniquePtr free_der(der); -- --// uint8_t *der2 = nullptr; --// long der2_len = i2d_X509(cert2, &der2); --// ASSERT_LT(0, der2_len); --// bssl::UniquePtr free_der2(der2); -- --// uint8_t *der3 = nullptr; --// long der3_len = i2d_X509(cert3, &der3); --// ASSERT_LT(0, der3_len); --// bssl::UniquePtr free_der3(der3); -- --// // They must also encode identically. --// EXPECT_EQ(Bytes(der, der_len), Bytes(der2, der2_len)); --// EXPECT_EQ(Bytes(der, der_len), Bytes(der3, der3_len)); --// } -+TEST(SSLTest, GetCertificate) { -+ bssl::UniquePtr ctx(SSL_CTX_new(TLS_method())); -+ ASSERT_TRUE(ctx); -+ bssl::UniquePtr cert = GetTestCertificate(); -+ ASSERT_TRUE(cert); -+ ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get())); -+ bssl::UniquePtr ssl(SSL_new(ctx.get())); -+ ASSERT_TRUE(ssl); -+ -+ X509 *cert2 = SSL_CTX_get0_certificate(ctx.get()); -+ ASSERT_TRUE(cert2); -+ X509 *cert3 = SSL_get_certificate(ssl.get()); -+ ASSERT_TRUE(cert3); -+ -+ // The old and new certificates must be identical. -+ EXPECT_EQ(0, X509_cmp(cert.get(), cert2)); -+ EXPECT_EQ(0, X509_cmp(cert.get(), cert3)); -+ -+ uint8_t *der = nullptr; -+ long der_len = i2d_X509(cert.get(), &der); -+ ASSERT_LT(0, der_len); -+ bssl::UniquePtr free_der(der); -+ -+ uint8_t *der2 = nullptr; -+ long der2_len = i2d_X509(cert2, &der2); -+ ASSERT_LT(0, der2_len); -+ bssl::UniquePtr free_der2(der2); -+ -+ uint8_t *der3 = nullptr; -+ long der3_len = i2d_X509(cert3, &der3); -+ ASSERT_LT(0, der3_len); -+ bssl::UniquePtr free_der3(der3); -+ -+ // They must also encode identically. -+ EXPECT_EQ(Bytes(der, der_len), Bytes(der2, der2_len)); -+ EXPECT_EQ(Bytes(der, der_len), Bytes(der3, der3_len)); -+} - - // TEST(SSLTest, SetChainAndKeyMismatch) { - // bssl::UniquePtr ctx(SSL_CTX_new(TLS_with_buffers_method())); -@@ -4920,33 +4964,33 @@ - // } - - // The client should gracefully handle no suitable ciphers being enabled. --// TEST(SSLTest, NoCiphersAvailable) { --// bssl::UniquePtr ctx(SSL_CTX_new(TLS_method())); --// ASSERT_TRUE(ctx); -- --// // Configure |client_ctx| with a cipher list that does not intersect with its --// // version configuration. --// ASSERT_TRUE(SSL_CTX_set_strict_cipher_list( --// ctx.get(), "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256")); --// ASSERT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION)); -- --// bssl::UniquePtr ssl(SSL_new(ctx.get())); --// ASSERT_TRUE(ssl); --// SSL_set_connect_state(ssl.get()); -- --// UniquePtr rbio(BIO_new(BIO_s_mem())), wbio(BIO_new(BIO_s_mem())); --// ASSERT_TRUE(rbio); --// ASSERT_TRUE(wbio); --// SSL_set0_rbio(ssl.get(), rbio.release()); --// SSL_set0_wbio(ssl.get(), wbio.release()); -- --// int ret = SSL_do_handshake(ssl.get()); --// EXPECT_EQ(-1, ret); --// EXPECT_EQ(SSL_ERROR_SSL, SSL_get_error(ssl.get(), ret)); --// uint32_t err = ERR_get_error(); --// EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err)); --// EXPECT_EQ(SSL_R_NO_CIPHERS_AVAILABLE, ERR_GET_REASON(err)); --// } -+TEST(SSLTest, NoCiphersAvailable) { -+ bssl::UniquePtr ctx(SSL_CTX_new(TLS_method())); -+ ASSERT_TRUE(ctx); -+ -+ // Configure |client_ctx| with a cipher list that does not intersect with its -+ // version configuration. -+ ASSERT_TRUE(SSL_CTX_set_strict_cipher_list( +@@ -4935,7 +4971,7 @@ + // Configure |client_ctx| with a cipher list that does not intersect with its + // version configuration. + ASSERT_TRUE(SSL_CTX_set_strict_cipher_list( +- ctx.get(), "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256")); + ctx.get(), "ECDHE-RSA-AES128-GCM-SHA256")); -+ ASSERT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION)); -+ -+ bssl::UniquePtr ssl(SSL_new(ctx.get())); -+ ASSERT_TRUE(ssl); -+ SSL_set_connect_state(ssl.get()); -+ -+ UniquePtr rbio(BIO_new(BIO_s_mem())), wbio(BIO_new(BIO_s_mem())); -+ ASSERT_TRUE(rbio); -+ ASSERT_TRUE(wbio); -+ SSL_set0_rbio(ssl.get(), rbio.release()); -+ SSL_set0_wbio(ssl.get(), wbio.release()); -+ -+ int ret = SSL_do_handshake(ssl.get()); -+ EXPECT_EQ(-1, ret); -+ EXPECT_EQ(SSL_ERROR_SSL, SSL_get_error(ssl.get(), ret)); -+ uint32_t err = ERR_get_error(); -+ EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err)); -+ EXPECT_EQ(SSL_R_NO_CIPHERS_AVAILABLE, ERR_GET_REASON(err)); -+} - - // TEST_P(SSLVersionTest, SessionVersion) { - // SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH); -@@ -5721,25 +5765,25 @@ - // } - - // SSL_CTX_get0_certificate needs to lock internally. Test this works. --// TEST(SSLTest, GetCertificateThreads) { --// bssl::UniquePtr ctx(SSL_CTX_new(TLS_method())); --// ASSERT_TRUE(ctx); --// bssl::UniquePtr cert = GetTestCertificate(); --// ASSERT_TRUE(cert); --// ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get())); -- --// // Existing code expects |SSL_CTX_get0_certificate| to be callable from two --// // threads concurrently. It originally was an immutable operation. Now we --// // implement it with a thread-safe cache, so it is worth testing. --// X509 *cert2_thread; --// std::thread thread( --// [&] { cert2_thread = SSL_CTX_get0_certificate(ctx.get()); }); --// X509 *cert2 = SSL_CTX_get0_certificate(ctx.get()); --// thread.join(); -- --// EXPECT_EQ(cert2, cert2_thread); --// EXPECT_EQ(0, X509_cmp(cert.get(), cert2)); --// } -+TEST(SSLTest, GetCertificateThreads) { -+ bssl::UniquePtr ctx(SSL_CTX_new(TLS_method())); -+ ASSERT_TRUE(ctx); -+ bssl::UniquePtr cert = GetTestCertificate(); -+ ASSERT_TRUE(cert); -+ ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get())); -+ -+ // Existing code expects |SSL_CTX_get0_certificate| to be callable from two -+ // threads concurrently. It originally was an immutable operation. Now we -+ // implement it with a thread-safe cache, so it is worth testing. -+ X509 *cert2_thread; -+ std::thread thread( -+ [&] { cert2_thread = SSL_CTX_get0_certificate(ctx.get()); }); -+ X509 *cert2 = SSL_CTX_get0_certificate(ctx.get()); -+ thread.join(); -+ -+ EXPECT_EQ(cert2, cert2_thread); -+ EXPECT_EQ(0, X509_cmp(cert.get(), cert2)); -+} - - // Functions which access properties on the negotiated session are thread-safe - // where needed. Prior to TLS 1.3, clients resuming sessions and servers -@@ -7167,14 +7211,14 @@ - // ASSERT_TRUE(CompleteHandshakesForQUIC()); - // } - --// extern "C" { --// int BORINGSSL_enum_c_type_test(void); --// } -- --// TEST(SSLTest, EnumTypes) { --// EXPECT_EQ(sizeof(int), sizeof(ssl_private_key_result_t)); --// EXPECT_EQ(1, BORINGSSL_enum_c_type_test()); --// } -+extern "C" { -+int BORINGSSL_enum_c_type_test(void); -+} -+ -+TEST(SSLTest, EnumTypes) { -+ EXPECT_EQ(sizeof(int), sizeof(ssl_private_key_result_t)); -+ EXPECT_EQ(1, BORINGSSL_enum_c_type_test()); -+} - - // TEST_P(SSLVersionTest, DoubleSSLError) { - // // Connect the inner SSL connections. -@@ -7265,42 +7309,46 @@ - // } - // } - --// TEST_P(SSLVersionTest, SameKeyResume) { --// uint8_t key[48]; --// RAND_bytes(key, sizeof(key)); - --// bssl::UniquePtr server_ctx2 = CreateContext(); --// ASSERT_TRUE(server_ctx2); --// ASSERT_TRUE(UseCertAndKey(server_ctx2.get())); --// ASSERT_TRUE( --// SSL_CTX_set_tlsext_ticket_keys(server_ctx_.get(), key, sizeof(key))); --// ASSERT_TRUE( --// SSL_CTX_set_tlsext_ticket_keys(server_ctx2.get(), key, sizeof(key))); -- --// SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH); --// SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH); --// SSL_CTX_set_session_cache_mode(server_ctx2.get(), SSL_SESS_CACHE_BOTH); -- --// // Establish a session for |server_ctx_|. --// bssl::UniquePtr session = --// CreateClientSession(client_ctx_.get(), server_ctx_.get()); --// ASSERT_TRUE(session); --// ClientConfig config; --// config.session = session.get(); -- --// // Resuming with |server_ctx_| again works. --// bssl::UniquePtr client, server; --// ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(), --// server_ctx_.get(), config)); --// EXPECT_TRUE(SSL_session_reused(client.get())); --// EXPECT_TRUE(SSL_session_reused(server.get())); -- --// // Resuming with |server_ctx2| also works. --// ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(), --// server_ctx2.get(), config)); --// EXPECT_TRUE(SSL_session_reused(client.get())); --// EXPECT_TRUE(SSL_session_reused(server.get())); --// } -+TEST_P(SSLVersionTest, SameKeyResume) { -+#ifdef BSSL_COMPAT -+ GTEST_SKIP(); // FIXME: Investigate failures on bssl-compat -+#endif -+ uint8_t key[48]; -+ RAND_bytes(key, sizeof(key)); -+ -+ bssl::UniquePtr server_ctx2 = CreateContext(); -+ ASSERT_TRUE(server_ctx2); -+ ASSERT_TRUE(UseCertAndKey(server_ctx2.get())); -+ ASSERT_TRUE( -+ SSL_CTX_set_tlsext_ticket_keys(server_ctx_.get(), key, sizeof(key))); -+ ASSERT_TRUE( -+ SSL_CTX_set_tlsext_ticket_keys(server_ctx2.get(), key, sizeof(key))); -+ -+ SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH); -+ SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH); -+ SSL_CTX_set_session_cache_mode(server_ctx2.get(), SSL_SESS_CACHE_BOTH); -+ -+ // Establish a session for |server_ctx_|. -+ bssl::UniquePtr session = -+ CreateClientSession(client_ctx_.get(), server_ctx_.get()); -+ ASSERT_TRUE(session); -+ ClientConfig config; -+ config.session = session.get(); -+ -+ // Resuming with |server_ctx_| again works. -+ bssl::UniquePtr client, server; -+ ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(), -+ server_ctx_.get(), config)); -+ EXPECT_TRUE(SSL_session_reused(client.get())); -+ EXPECT_TRUE(SSL_session_reused(server.get())); -+ -+ // Resuming with |server_ctx2| also works. -+ ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(), -+ server_ctx2.get(), config)); -+ EXPECT_TRUE(SSL_session_reused(client.get())); -+ EXPECT_TRUE(SSL_session_reused(server.get())); -+} - - // TEST_P(SSLVersionTest, DifferentKeyNoResume) { - // uint8_t key1[48], key2[48]; -@@ -8260,5 +8308,5 @@ - // } - // } + ASSERT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION)); --// } // namespace --// BSSL_NAMESPACE_END -+} // namespace -+BSSL_NAMESPACE_END + bssl::UniquePtr ssl(SSL_new(ctx.get())); diff --git a/bssl-compat/patch/source/ssl/ssl_test.cc.sh b/bssl-compat/patch/source/ssl/ssl_test.cc.sh new file mode 100755 index 0000000000..8c6aeff213 --- /dev/null +++ b/bssl-compat/patch/source/ssl/ssl_test.cc.sh @@ -0,0 +1,48 @@ +#!/bin/bash + +set -euo pipefail + +uncomment.sh "$1" --comment -h \ + --comment-regex '#include\s*".*internal\.h' \ + --uncomment-regex 'namespace\s*{\s*$' \ + --uncomment-macro TRACED_CALL \ + --uncomment-struct VersionParam \ + --uncomment-regex-range 'static\s*const\s*VersionParam\s*kAllVersions\[\]\s*=' '};' \ + --uncomment-regex 'template\s*' \ + --uncomment-class UnownedSSLExData \ + --uncomment-gtest-func SSLTest CipherProperties \ + --uncomment-static-func-impl CertFromPEM \ + --uncomment-static-func-impl KeyFromPEM \ + --uncomment-static-func-impl GetTestCertificate \ + --uncomment-static-func-impl GetTestKey \ + --uncomment-static-func-impl CompleteHandshakes \ + --uncomment-static-func-impl FlushNewSessionTickets \ + --uncomment-static-func-impl CreateClientAndServer \ + --uncomment-struct ClientConfig \ + --uncomment-static-func-impl ConnectClientAndServer \ + --uncomment-regex 'static\s*.*\bg_last_session;\s*$' \ + --uncomment-static-func-impl SaveLastSession \ + --uncomment-static-func-impl CreateClientSession \ + --uncomment-gtest-func SSLTest ClientCAList \ + --uncomment-class SSLVersionTest \ + --uncomment-regex-range 'INSTANTIATE_TEST_SUITE_P(WithVersion, SSLVersionTest' '.*);' \ + --uncomment-gtest-func SSLVersionTest OneSidedShutdown \ + --uncomment-gtest-func SSLVersionTest WriteAfterShutdown \ + --uncomment-gtest-func SSLVersionTest WriteAfterReadSentFatalAlert \ + --uncomment-gtest-func SSLTest SetBIO \ + --uncomment-static-func-impl VerifySucceed \ + --uncomment-gtest-func SSLVersionTest GetPeerCertificate \ + --uncomment-gtest-func SSLVersionTest NoPeerCertificate \ + --uncomment-static-func-impl ExpectSessionReused \ + --uncomment-static-func-impl SwitchSessionIDContextSNI \ + --uncomment-gtest-func-skip SSLVersionTest SessionIDContext \ + --uncomment-static-func-impl GetVersionName \ + --uncomment-gtest-func SSLVersionTest Version \ + --uncomment-gtest-func SSLVersionTest GetServerName \ + --uncomment-gtest-func SSLTest GetCertificate \ + --uncomment-gtest-func SSLTest NoCiphersAvailable \ + --uncomment-gtest-func SSLTest GetCertificateThreads \ + --uncomment-regex 'int BORINGSSL_enum_c_type_test' '}' \ + --uncomment-gtest-func SSLTest EnumTypes \ + --uncomment-gtest-func-skip SSLVersionTest SameKeyResume \ + --uncomment-regex '}\s*//\s*namespace\s*$' \ No newline at end of file diff --git a/bssl-compat/source/GENERAL_NAME_cmp.cc b/bssl-compat/source/GENERAL_NAME_cmp.cc deleted file mode 100644 index a3a9088bb8..0000000000 --- a/bssl-compat/source/GENERAL_NAME_cmp.cc +++ /dev/null @@ -1,11 +0,0 @@ -#include -#include - - -/* - * https://github.com/google/boringssl/blob/09b8fd44c3d36cab0860a8e520ecbfe58b02a7fa/include/openssl/x509v3.h#L509 - * https://www.openssl.org/docs/man3.0/man3/GENERAL_NAME_cmp.html - */ -extern "C" int GENERAL_NAME_cmp(const GENERAL_NAME *a, const GENERAL_NAME *b) { - return ossl.ossl_GENERAL_NAME_cmp(const_cast(a), const_cast(b)); -} diff --git a/bssl-compat/source/X509_STORE_CTX_set0_trusted_stack.cc b/bssl-compat/source/X509_STORE_CTX_set0_trusted_stack.cc new file mode 100644 index 0000000000..876a36609e --- /dev/null +++ b/bssl-compat/source/X509_STORE_CTX_set0_trusted_stack.cc @@ -0,0 +1,7 @@ +#include +#include + + +extern "C" void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) { + ossl.ossl_X509_STORE_CTX_set0_trusted_stack(ctx, reinterpret_cast(sk)); +} diff --git a/bssl-compat/source/X509_STORE_CTX_trusted_stack.cc b/bssl-compat/source/X509_STORE_CTX_trusted_stack.cc deleted file mode 100644 index 1ffb3757c8..0000000000 --- a/bssl-compat/source/X509_STORE_CTX_trusted_stack.cc +++ /dev/null @@ -1,11 +0,0 @@ -#include -#include - - -/* - * https://github.com/google/boringssl/blob/557b80f1a3e599459367391540488c132a000d55/include/openssl/x509.h#L2843 - * https://www.openssl.org/docs/man3.0/man3/X509_STORE_CTX_trusted_stack.html - */ -extern "C" void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) { - ossl.ossl_X509_STORE_CTX_trusted_stack(ctx, reinterpret_cast(sk)); -} diff --git a/bssl-compat/source/X509_VERIFY_PARAM_set_time_posix.cc b/bssl-compat/source/X509_VERIFY_PARAM_set_time_posix.cc new file mode 100644 index 0000000000..82c3f6f615 --- /dev/null +++ b/bssl-compat/source/X509_VERIFY_PARAM_set_time_posix.cc @@ -0,0 +1,7 @@ +#include +#include + + +void X509_VERIFY_PARAM_set_time_posix(X509_VERIFY_PARAM *param, int64_t t) { + return ossl.ossl_X509_VERIFY_PARAM_set_time(param, t); +} \ No newline at end of file diff --git a/bssl-compat/source/stack.c b/bssl-compat/source/stack.c index abb15622e4..34a033e678 100644 --- a/bssl-compat/source/stack.c +++ b/bssl-compat/source/stack.c @@ -26,11 +26,11 @@ * supplied copyfunc() and freeing by freefunc(). The function freefunc() is * only called if an error occurs. */ -OPENSSL_EXPORT _STACK *sk_deep_copy(const _STACK *sk, - stack_call_copy_func call_copy_func, - stack_copy_func copy_func, - stack_call_free_func call_free_func, - stack_free_func free_func) { +_STACK *sk_deep_copy(const _STACK *sk, + OPENSSL_sk_call_copy_func call_copy_func, + OPENSSL_sk_copy_func copy_func, + OPENSSL_sk_call_free_func call_free_func, + OPENSSL_sk_free_func free_func) { return ossl.ossl_OPENSSL_sk_deep_copy(sk, (ossl_OPENSSL_sk_copyfunc)copy_func, free_func); } @@ -110,7 +110,7 @@ _STACK *sk_dup(const _STACK *sk) { * rather than the pointers themselves and the order of elements in sk can * change. */ -int sk_find(const _STACK *sk, size_t *out_index, const void *p, stack_call_cmp_func call_cmp_func) { +int sk_find(const _STACK *sk, size_t *out_index, const void *p, OPENSSL_sk_call_cmp_func call_cmp_func) { (void)call_cmp_func; int idx = -1; @@ -222,7 +222,19 @@ size_t sk_insert(_STACK *sk, void *p, size_t where) { * sk_TYPE_is_sorted() returns 1 if sk is sorted and 0 otherwise */ int sk_is_sorted(const _STACK *sk) { - return ossl.ossl_OPENSSL_sk_is_sorted(sk); + int sorted = ossl.ossl_OPENSSL_sk_is_sorted(sk); + + if (!sorted) { + // BoringSSL also considers a stack to be sorted if + // it has a comparison function and a size of 0 or 1 + ossl_OPENSSL_sk_compfunc compfunc = ossl.ossl_OPENSSL_sk_set_cmp_func((_STACK*)sk, NULL); + if (compfunc) { + sorted = (sk_num(sk) < 2); + ossl.ossl_OPENSSL_sk_set_cmp_func((_STACK*)sk, compfunc); + } + } + + return sorted; } /* @@ -252,7 +264,7 @@ size_t sk_num(const _STACK *sk) { * equivalent to sk_TYPE_new_reserve(compare, 0). sk_TYPE_new() return an * empty stack or NULL if an error occurs. */ -_STACK *sk_new(stack_cmp_func comp) { +_STACK *sk_new(OPENSSL_sk_cmp_func comp) { return ossl.ossl_OPENSSL_sk_new((ossl_OPENSSL_sk_compfunc)comp); } @@ -299,8 +311,8 @@ void *sk_pop(_STACK *sk) { * function freefunc() is called on each element to free it. */ OPENSSL_EXPORT void sk_pop_free_ex(_STACK *sk, - stack_call_free_func call_free_func, - stack_free_func free_func) { + OPENSSL_sk_call_free_func call_free_func, + OPENSSL_sk_free_func free_func) { (void)call_free_func; ossl.ossl_OPENSSL_sk_pop_free(sk, free_func); } @@ -333,8 +345,8 @@ size_t sk_push(_STACK *sk, void *p) { * previous comparison function is returned or NULL if there was no previous * comparison function. */ -stack_cmp_func sk_set_cmp_func(_STACK *sk, stack_cmp_func comp) { - return (stack_cmp_func)ossl.ossl_OPENSSL_sk_set_cmp_func(sk, (ossl_OPENSSL_sk_compfunc)comp); +OPENSSL_sk_cmp_func sk_set_cmp_func(_STACK *sk, OPENSSL_sk_cmp_func comp) { + return (OPENSSL_sk_cmp_func)ossl.ossl_OPENSSL_sk_set_cmp_func(sk, (ossl_OPENSSL_sk_compfunc)comp); } /* @@ -365,7 +377,7 @@ void *sk_shift(_STACK *sk) { * ======= * sk_TYPE_sort() sorts sk using the supplied comparison function. */ -void sk_sort(_STACK *sk, stack_call_cmp_func call_cmp_func) { +void sk_sort(_STACK *sk, OPENSSL_sk_call_cmp_func call_cmp_func) { (void)call_cmp_func; ossl.ossl_OPENSSL_sk_sort(sk); } diff --git a/bssl-compat/tools/generate.c.sh b/bssl-compat/tools/generate.c.sh index 1e4dc8e530..e405a37f15 100755 --- a/bssl-compat/tools/generate.c.sh +++ b/bssl-compat/tools/generate.c.sh @@ -25,7 +25,7 @@ function error { exit 1 } -INCLUDE_DIR="$TOP_DIR/include" +INCLUDE_DIR="$TOP_DIR/external/boringssl/include" [[ -d "$INCLUDE_DIR" ]] || error "INCLUDE_DIR $INCLUDE_DIR does not exist" ################################################################################ @@ -76,8 +76,3 @@ $FUNC_SIG_ONE_LINE { #endif } EOF - -################################################################################ -# Uncomment the signature in the header file -################################################################################ -sed -i "${FUNC_SIG_LINE_FROM},${FUNC_SIG_LINE_TO}s|^// ||g" "$HDR_FILE" diff --git a/bssl-compat/tools/generate.h.sh b/bssl-compat/tools/generate.h.sh index 52e27a7134..d36f418163 100755 --- a/bssl-compat/tools/generate.h.sh +++ b/bssl-compat/tools/generate.h.sh @@ -7,6 +7,10 @@ function status { cmake -E cmake_echo_color --blue "$1" } +function warn { + cmake -E cmake_echo_color --yellow "$1" +} + function error { cmake -E cmake_echo_color --red "$1" exit 1 @@ -35,33 +39,22 @@ mkdir -p "$(dirname "$GEN_DIR/$DST_FILE")" # -# Phase 1 - Comment everything out by default -# =========================================== -# -# Attempts to comment out everything in the specified file, without unecessarily -# commenting out blank lines, existing line comments, or existing block comments -# -GEN_APPLIED_COMMENTS="$GEN_DIR/$DST_FILE.0.applied.comments" -sed -e 's|^|// |' -e 's|^// $||' -e 's|^// //|//|' -e 's|^// /\*|/*|' \ - -e 's|^// \*$| *|' -e 's|^// \* | * |' -e 's|^// \*/$| */|' \ - "$SRC_DIR/$SRC_FILE" > "$GEN_APPLIED_COMMENTS" - - -# -# Phase 2 - Apply script file from $PATCH_DIR -# =========================================== +# Apply script file from $PATCH_DIR +# ================================= # PATCH_SCRIPT="$PATCH_DIR/$DST_FILE.sh" GEN_APPLIED_SCRIPT="$GEN_DIR/$DST_FILE.1.applied.script" -cp "$GEN_APPLIED_COMMENTS" "$GEN_APPLIED_SCRIPT" +cp "$SRC_DIR/$SRC_FILE" "$GEN_APPLIED_SCRIPT" if [ -f "$PATCH_SCRIPT" ]; then - "$PATCH_SCRIPT" "$GEN_APPLIED_SCRIPT" + PATH="$(dirname "$0"):$PATH" "$PATCH_SCRIPT" "$GEN_APPLIED_SCRIPT" +else # Comment out the whole file contents + "$(dirname "$0")/uncomment.sh" "$GEN_APPLIED_SCRIPT" --comment fi # -# Phase 3 - Apply patch file from $PATCH_DIR -# ========================================== +# Apply patch file from $PATCH_DIR +# ================================ # PATCH_FILE="$PATCH_DIR/$DST_FILE.patch" GEN_APPLIED_PATCH="$GEN_DIR/$DST_FILE.2.applied.patch" @@ -73,39 +66,18 @@ fi # -# Phase 4 - Copy result to the destination or create/update the patch file -# ======================================================================== -# -# If the destination file doesn't exist, just copy the last scratch file to it. -# -# Otherwise, check if the previous content matches the new content that we just -# generated. If it doesn't match, then we assume that that the destination file -# has been hand edited. Therefore, create or update the corresponding patch file -# so that the generated content does match the destination content (or at least -# it will next time we run). -# -# The most important thing is never to modify the destination content because -# doing so may cause hand edits to be discarded. +# Copy result to the destination +# ============================== # if [ ! -f "$CMAKE_CURRENT_SOURCE_DIR/$DST_FILE" ]; then mkdir -p "$(dirname "$CMAKE_CURRENT_SOURCE_DIR/$DST_FILE")" - cp "$GEN_APPLIED_PATCH" "$CMAKE_CURRENT_SOURCE_DIR/$DST_FILE" - status "Created $DST_FILE" -else # "$CMAKE_CURRENT_SOURCE_DIR/$DST_FILE" exists - if ! cmp -s "$GEN_APPLIED_PATCH" "$CMAKE_CURRENT_SOURCE_DIR/$DST_FILE"; then - [[ -f "$PATCH_FILE" ]] || mkdir -p "$(dirname "$PATCH_FILE")" - if diff -au --label "a/$DST_FILE" "$GEN_APPLIED_SCRIPT" --label "b/$DST_FILE" "$CMAKE_CURRENT_SOURCE_DIR/$DST_FILE" > "$PATCH_FILE"; then - rm -f "$PATCH_FILE" - status "Deleted patch/$(realpath -m --relative-to="$PATCH_DIR" "$PATCH_FILE")" - else - status "Updated patch/$(realpath -m --relative-to="$PATCH_DIR" "$PATCH_FILE")" - fi - fi fi +cp "$GEN_APPLIED_PATCH" "$CMAKE_CURRENT_SOURCE_DIR/$DST_FILE" # -# Add the generated file to .gitignore file so it doesn't get checked into git +# Add the generated file to .gitignore file +# ========================================= # GITIGNORE="$CMAKE_CURRENT_SOURCE_DIR/.gitignore" if ! grep "^$DST_FILE$" "$GITIGNORE" > /dev/null; then diff --git a/bssl-compat/tools/generate.patch.sh b/bssl-compat/tools/generate.patch.sh new file mode 100755 index 0000000000..c15aa3d7e0 --- /dev/null +++ b/bssl-compat/tools/generate.patch.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +set -euo pipefail + +BSSL_COMPAT_DIR="$(cd "$(dirname "$0")/.." && pwd)" +BUILD_DIR="${1?"BUILD_DIR not specified"}" +SOURCE_FILE="${2?"SOURCE_FILE not specified"}" + +SOURCE_FILE="$(realpath --canonicalize-existing --relative-to="$BSSL_COMPAT_DIR" "$SOURCE_FILE")" +PATCH_FILE="$BSSL_COMPAT_DIR/patch/$SOURCE_FILE.patch" + +mkdir -p "$(dirname "$PATCH_FILE")" + +diff -au --label "a/$SOURCE_FILE" "$BUILD_DIR/generate/$SOURCE_FILE.1.applied.script" \ + --label "b/$SOURCE_FILE" "$BSSL_COMPAT_DIR/$SOURCE_FILE" > "$PATCH_FILE" diff --git a/bssl-compat/tools/uncomment.sh b/bssl-compat/tools/uncomment.sh new file mode 100755 index 0000000000..45efd69ca9 --- /dev/null +++ b/bssl-compat/tools/uncomment.sh @@ -0,0 +1,300 @@ +#!/bin/bash + +set -euo pipefail + +TOP_DIR="$(cd "$(dirname "$0")/.." && pwd)" +HDR_FILE="${1?"HDR_FILE not specified"}" +shift + +function info { + false || cmake -E cmake_echo_color --cyan "$1" +} + +function warn { + false || cmake -E cmake_echo_color --yellow "$1" +} + +function error { + cmake -E cmake_echo_color --red "ERROR: $1" + exit 1 +} + +cleanup() { + if [[ $? != 0 ]]; then + error "While processing option \"$OPTION\"" + fi +} +trap cleanup EXIT + +[[ -f "$HDR_FILE" ]] || error "HDR_FILE $HDR_FILE does not exist" + + +# This contains the current command line option being processed. It is used +# when reporting low level errors, to provide some context for the error +OPTION="" +option_start() { + OPTION=$1 +} +option_add() { + while [[ $# > 0 ]]; do + OPTION="$OPTION '$1'" + shift + done +} +option_end() { + option_add $* + info " $OPTION" +} + +run_sed_expression() { + [[ $# == 2 ]] || error "run_sed_expression(): Two arguments required" + local EXPECT_CHANGE="$1" # 0 or 1 + local SED_EXPRESSION="$2" + if [[ $EXPECT_CHANGE == 0 ]]; then + sed -i -e "$SED_EXPRESSION" "$HDR_FILE" + else # $EXPECT_CHANGE == 1 + sed -i.bak -e "$SED_EXPRESSION" "$HDR_FILE" + if cmp -s "$HDR_FILE" "$HDR_FILE.bak"; then + rm -f "$HDR_FILE.bak" + error "The sed expression \"$SED_EXPRESSION\" made no changes" + elif [[ -v MELD ]]; then + meld "$HDR_FILE.bak" "$HDR_FILE" + fi + rm -f "$HDR_FILE.bak" + fi +} + +uncomment_line_range() { + [[ $# == 2 ]] || error "uncomment_line_range(): Two line numbers required" + run_sed_expression 1 "${1},${2}s%^// %%g" +} + +uncomment_regex_range() { + [[ $# == 2 ]] || error "uncomment_regex_range(): Two regexes required" + L1=$(grep -n "^// $1" "$HDR_FILE" | head -1 | cut -d: -f1) + L2=$(awk '(NR == '$L1'),/^\/\/ '$2'/{print NR}' "$HDR_FILE" | tail -1) + [ -z "$L1" ] && error "Failed to locate first pattern in -R $1 $2" + [ -z "$L2" ] && error "Failed to locate second pattern in -R $1 $2" + uncomment_line_range $L1 $L2 +} + +uncomment_preproc_directive() { + [[ $# == 1 ]] || error "uncomment_preproc_directive(): One regex required" + for L1 in $(grep -n "^// #\s*$1" "$HDR_FILE" | cut -d: -f1); do + L2=$(awk '(NR == '$L1'),/[^\\]$/{print NR}' "$HDR_FILE" | tail -1) + uncomment_line_range $L1 $L2 + done +} + +comment_line_range() { + [[ $# == 2 ]] || error "comment_line_range(): Two line numbers required" + run_sed_expression 1 "${1},${2}s%^%//%g" +} + +comment_regex_range() { + [[ $# == 2 ]] || error "comment_regex_range(): Two regexes required" + L1=$(grep -n "$1" "$HDR_FILE" | head -1 | cut -d: -f1) + L2=$(awk '(NR == '$L1'),/'$2'/{print NR}' "$HDR_FILE" | tail -1) + [ -z "$L1" ] && error "comment_regex_range(): Failed to locate first pattern" + [ -z "$L2" ] && error "comment_regex_range(): Failed to locate second pattern" + comment_line_range $L1 $L2 +} + + +while [ $# -ne 0 ]; do + option_start "$1" + case "$1" in + --comment) # Comment everything out + option_end + run_sed_expression 1 's|^|// |' + run_sed_expression 0 's|^// $||' + run_sed_expression 0 's|^// //|//|' + run_sed_expression 0 's|^// /\*|/*|' + run_sed_expression 0 's|^// \*$| *|' + run_sed_expression 0 's|^// \* | * |' + run_sed_expression 0 's|^// \*/$| */|' + ;; + "-h") # Set of general stuff like include guards, extern, and #if/else/end + option_end + for DIRECTIVE in include if ifdef ifndef else elif endif undef error warning; do + uncomment_preproc_directive "\<$DIRECTIVE\>" + done + uncomment_preproc_directive "define\s*OPENSSL_HEADER_.*" + run_sed_expression 0 "s%^// \(extern\s*\"C+\?+\?\".*\)$%\1%g" + run_sed_expression 0 "s%^// \(}\s*/[/\*]\s*extern\s*\"\?C+\?+\?\"\?.*\)$%\1%g" + run_sed_expression 0 "s%^// \(BSSL_NAMESPACE_\(BEGIN\|END\)\)$%\1%g" + ;; + --uncomment-func-decl) # Function name + [[ $2 ]] && [[ $2 != -* ]] || error "Insufficient arguments for $1" + option_end $2 + FUNC_SIG_MULTI_LINE="$(grep -Pzob "OPENSSL_EXPORT\s*[^;]*[^A-Za-z0-9_]$2\s*\([^;]*\)" "$HDR_FILE" | sed -e 's/OPENSSL_EXPORT\s*//g' -e 's%^// %%' -e 's/\x0//g')" + FUNC_SIG_LINE_COUNT="$(echo "$FUNC_SIG_MULTI_LINE" | wc -l)" + FUNC_SIG_OFFSET="$(echo "$FUNC_SIG_MULTI_LINE" | head -1 | cut -d: -f1)" + FUNC_SIG_LINE_FROM=$(echo $(head -c+$FUNC_SIG_OFFSET "$HDR_FILE" | wc -l) + 1 | bc -q) + FUNC_SIG_LINE_TO="$(echo $FUNC_SIG_LINE_FROM + $FUNC_SIG_LINE_COUNT - 1 | bc -q)" + uncomment_line_range ${FUNC_SIG_LINE_FROM} ${FUNC_SIG_LINE_TO} + shift + ;; + --uncomment-regex) # Uncomment consecutive lines matching regexes + PATTERNS=() + while [[ $# > 1 ]] && [[ $2 != -* ]]; do + shift && PATTERNS[${#PATTERNS[@]}]="$1" + option_add "$1" + done + option_end + if [[ ${#PATTERNS[@]} == 1 ]]; then + run_sed_expression 1 "s%^// \(${PATTERNS[0]}\)%\1%" + else + AWK= + for ((i=0; i < ${#PATTERNS[@]} ; i++)); do + AWK="$AWK /^\/\/ ${PATTERNS[i]}/" + [[ $i == 0 ]] && AWK="$AWK {l1=NR}" || AWK="$AWK && NR==(l1+$i) {}" + done + AWK="${AWK::-2} {printf \"%d %d\n\", l1, NR; exit 0}" + RANGE=$(awk "$AWK" "$HDR_FILE") + [ -z "$RANGE" ] && error "Failed to locate --uncomment-regex ${PATTERNS[@]}" + uncomment_line_range $RANGE + fi + ;; + --uncomment-macro-redef) # -d Redefine macro to be ossl_ + [[ $2 ]] && [[ $2 != -* ]] || error "Insufficient arguments for $1" + option_end "$2" + run_sed_expression 1 "s%^//\(\s\)#\s*define\s*\<\($2\)\>.*$%#ifdef\1ossl_\2\n#define\1\2\1ossl_\2\n#endif%" + shift + ;; + --uncomment-typedef-redef) # -t Redefine "typedef struct " to be "typedef struct ossl_ " + [[ $2 ]] && [[ $2 != -* ]] || error "Insufficient arguments for $1" + option_end "$2" + run_sed_expression 1 "s%^//\(\s*\)typedef\s*struct\s*\([[:alnum:]_]*\)\s*\(\<$2\>\);%typedef\1struct\1ossl_\2\1\3;%" + shift + ;; + --uncomment-macro) # Uncomment #define .... (including continuation lines) + [[ $2 ]] && [[ $2 != -* ]] || error "Insufficient arguments for $1" + option_end "$2" + for L1 in $(grep -n "^// #\s*define\s*$2\>" "$HDR_FILE" | cut -d: -f1); do + L2=$(awk '(NR == '$L1'),/[^\\]$/{print NR}' "$HDR_FILE" | tail -1) + uncomment_line_range $L1 $L2 + done + shift + ;; + --uncomment-regex-range) # Uncomment multi-line matching regex + [[ $3 ]] && [[ $2 != -* ]] && [[ $3 != -* ]] || error "Insufficient arguments for $1" + option_end "$2" "$3" + uncomment_regex_range "$2" "$3" + shift 2 + ;; + --uncomment-gtest-func) + [[ $3 ]] && [[ $2 != -* ]] && [[ $3 != -* ]] || error "Insufficient arguments for $1" + option_end "$2" "$3" + uncomment_regex_range "\s*\(TEST\|TEST_P\)\s*($2\s*,\s*$3\s*)\s*{" "}" + shift 2 + ;; + --uncomment-gtest-func-skip) + [[ $3 ]] && [[ $2 != -* ]] && [[ $3 != -* ]] || error "Insufficient arguments for $1" + option_end "$2" "$3" + uncomment_regex_range "\(TEST\|TEST_P\)\s*($2\s*,\s*$3\s*)\s*{" "}" + run_sed_expression 1 '/^\(TEST\|TEST_P\)\s*(\s*'$2'\s*,\s*'$3'\s*)\s*{/a #ifdef BSSL_COMPAT\nGTEST_SKIP() << "TODO: Investigate failure on BSSL_COMPAT";\n#endif' + shift 2 + ;; + --uncomment-struct) # Uncomment struct + [[ $2 ]] && [[ $2 != -* ]] || error "Insufficient arguments for $1" + option_end "$2" + uncomment_regex_range "struct\s*$2\>.*{$" "}.*;$" + shift + ;; + --uncomment-class-fwd) # Uncomment class forward decl + [[ $2 ]] && [[ $2 != -* ]] || error "Insufficient arguments for $1" + option_end "$2" + run_sed_expression 1 "s%^// \(class\s*$2\s*;\s*\)$%\1%" + shift + ;; + --uncomment-class) # Uncomment class + [[ $2 ]] && [[ $2 != -* ]] || error "Insufficient arguments for $1" + option_end "$2" + uncomment_regex_range "class\s*\<$2\>" "};$" + shift + ;; + --uncomment-enum) # Uncomment enum + [[ $2 ]] && [[ $2 != -* ]] || error "Insufficient arguments for $1" + option_end "$2" + uncomment_regex_range "enum\s*\<$2\>" "};$" + shift + ;; + --uncomment-typedef) # Uncomment typedef + [[ $2 ]] && [[ $2 != -* ]] || error "Insufficient arguments for $1" + option_end "$2" + LINE=$(grep -n "^// \s*\.*\<$2\>.*" "$HDR_FILE" | head -1) + L1=$(echo "$LINE" | cut -d: -f1) && L2=$L1 + if [[ ! "$LINE" =~ \;$ ]]; then # multi-line + L2=$(awk '(NR == '$L1'),/^\/\/ .*;$/{print NR}' "$HDR_FILE" | tail -1) + fi + uncomment_line_range $L1 $L2 + shift + ;; + --uncomment-func-impl) + [[ $2 ]] && [[ $2 != -* ]] || error "Insufficient arguments for $1" + option_end "$2" + uncomment_regex_range "[^!]*\<$2\s*(.*) {" "}" + shift + ;; + --uncomment-static-func-impl) + [[ $2 ]] && [[ $2 != -* ]] || error "Insufficient arguments for $1" + option_end "$2" + LINE=$(grep -n "^// static\s*.*\b$2\b\s*(" "$HDR_FILE" | head -1) + L1=$(echo "$LINE" | cut -d: -f1) && L2=$L1 + if [[ ! "$LINE" =~ }$ ]]; then # multi-line + L2=$(awk '(NR == '$L1'),/^\/\/ }$/{print NR}' "$HDR_FILE" | tail -1) + fi + uncomment_line_range $L1 $L2 + shift + ;; + --uncomment-using) + [[ $2 ]] && [[ $2 != -* ]] || error "Insufficient arguments for $1" + option_end "$2" + uncomment_regex_range "using\s*$2\>" ".*;$" + shift + ;; + --comment-regex-range) # comment multi-line matching regex + [[ $3 ]] && [[ $2 != -* ]] && [[ $3 != -* ]] || error "Insufficient arguments for $1" + option_end "$2" "$3" + comment_regex_range "$2" "$3" + shift 2 + ;; + --comment-gtest-func) + [[ $3 ]] && [[ $2 != -* ]] && [[ $3 != -* ]] || error "Insufficient arguments for $1" + option_end "$2" "$3" + comment_regex_range "^\s*\(TEST\|TEST_P\)\s*($2\s*,\s*$3\s*)\s*{" "^}" + shift 2 + ;; + --comment-regex) + [[ $2 ]] && [[ $2 != -* ]] || error "Insufficient arguments for $1" + option_end $2 + run_sed_expression 1 "s%\($2\)%// \1%" + shift + ;; + "--sed") # sed expression + [[ $2 ]] && [[ $2 != -* ]] || error "Insufficient arguments for $1" + option_end "$2" + run_sed_expression 1 "$2" + shift + ;; + --echo-on) + set -x + ;; + --echo-off) + set +x + ;; + --meld-on) + MELD=1 + ;; + --meld-off) + unset MELD + ;; + *) + error "Unknown option $1" + ;; + esac + shift +done + + diff --git a/envoy b/envoy index afa98867c8..ea9d25e93c 160000 --- a/envoy +++ b/envoy @@ -1 +1 @@ -Subproject commit afa98867c807dee0d833da701ba3ab0c9ace9ada +Subproject commit ea9d25e93cef74b023c95ca1a3f79449cdf7fa9a