From 7989a2660997b909e0b99fc1dfb3bcfbb0528df3 Mon Sep 17 00:00:00 2001 From: vnugent Date: Tue, 6 Aug 2024 19:42:25 -0400 Subject: update openssl to 3.3.1 --- vendor/openssl/include/openssl/cmp.h.in | 27 +-------- vendor/openssl/include/openssl/cmperr.h | 4 -- vendor/openssl/include/openssl/comp.h.in | 76 ++++++++++++++++++++++++++ vendor/openssl/include/openssl/crypto.h.in | 9 --- vendor/openssl/include/openssl/e_os2.h | 4 +- vendor/openssl/include/openssl/indicator.h | 31 +++++++++++ vendor/openssl/include/openssl/pem.h | 1 - vendor/openssl/include/openssl/sslerr.h | 1 - vendor/openssl/include/openssl/tls1.h | 6 -- vendor/openssl/include/openssl/x509.h.in | 28 ++++------ vendor/openssl/include/openssl/x509_acert.h.in | 36 ++++++++++++ vendor/openssl/include/openssl/x509v3.h.in | 22 +++----- 12 files changed, 165 insertions(+), 80 deletions(-) create mode 100644 vendor/openssl/include/openssl/comp.h.in create mode 100644 vendor/openssl/include/openssl/indicator.h (limited to 'vendor/openssl/include') diff --git a/vendor/openssl/include/openssl/cmp.h.in b/vendor/openssl/include/openssl/cmp.h.in index c46b9ab..ad9eb34 100644 --- a/vendor/openssl/include/openssl/cmp.h.in +++ b/vendor/openssl/include/openssl/cmp.h.in @@ -228,12 +228,6 @@ DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV) {- generate_stack_macros("OSSL_CMP_ITAV"); -} - -typedef struct ossl_cmp_crlstatus_st OSSL_CMP_CRLSTATUS; -{- - generate_stack_macros("OSSL_CMP_CRLSTATUS"); --} - typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT; typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI; DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI) @@ -263,7 +257,7 @@ void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, ASN1_TYPE *value); ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav); ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); -int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **sk_p, +int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, OSSL_CMP_ITAV *itav); void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); @@ -284,22 +278,6 @@ int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav, X509 **newWithOld, X509 **oldWithNew); -OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_create(const X509_CRL *crl, - const X509 *cert, int only_DN); -OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_new1(const DIST_POINT_NAME *dpn, - const GENERAL_NAMES *issuer, - const ASN1_TIME *thisUpdate); -int OSSL_CMP_CRLSTATUS_get0(const OSSL_CMP_CRLSTATUS *crlstatus, - DIST_POINT_NAME **dpn, GENERAL_NAMES **issuer, - ASN1_TIME **thisUpdate); -void OSSL_CMP_CRLSTATUS_free(OSSL_CMP_CRLSTATUS *crlstatus); -OSSL_CMP_ITAV -*OSSL_CMP_ITAV_new0_crlStatusList(STACK_OF(OSSL_CMP_CRLSTATUS) *crlStatusList); -int OSSL_CMP_ITAV_get0_crlStatusList(const OSSL_CMP_ITAV *itav, - STACK_OF(OSSL_CMP_CRLSTATUS) **out); -OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_crls(const X509_CRL *crls); -int OSSL_CMP_ITAV_get0_crls(const OSSL_CMP_ITAV *it, STACK_OF(X509_CRL) **out); - void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); /* from cmp_ctx.c */ @@ -543,9 +521,6 @@ int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out); int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx, const X509 *oldWithOld, X509 **newWithNew, X509 **newWithOld, X509 **oldWithNew); -int OSSL_CMP_get1_crlUpdate(OSSL_CMP_CTX *ctx, const X509 *crlcert, - const X509_CRL *last_crl, - X509_CRL **crl); # ifdef __cplusplus } diff --git a/vendor/openssl/include/openssl/cmperr.h b/vendor/openssl/include/openssl/cmperr.h index 700ffbe..0d876e5 100644 --- a/vendor/openssl/include/openssl/cmperr.h +++ b/vendor/openssl/include/openssl/cmperr.h @@ -60,9 +60,7 @@ # define CMP_R_FAILED_EXTRACTING_PUBKEY 141 # define CMP_R_FAILURE_OBTAINING_RANDOM 110 # define CMP_R_FAIL_INFO_OUT_OF_RANGE 129 -# define CMP_R_GENERATE_CRLSTATUS 198 # define CMP_R_GETTING_GENP 192 -# define CMP_R_GET_ITAV 199 # define CMP_R_INVALID_ARGS 100 # define CMP_R_INVALID_GENP 193 # define CMP_R_INVALID_OPTION 174 @@ -102,7 +100,6 @@ # define CMP_R_TRANSFER_ERROR 159 # define CMP_R_UNCLEAN_CTX 191 # define CMP_R_UNEXPECTED_CERTPROFILE 196 -# define CMP_R_UNEXPECTED_CRLSTATUSLIST 201 # define CMP_R_UNEXPECTED_PKIBODY 133 # define CMP_R_UNEXPECTED_PKISTATUS 185 # define CMP_R_UNEXPECTED_POLLREQ 105 @@ -110,7 +107,6 @@ # define CMP_R_UNEXPECTED_SENDER 106 # define CMP_R_UNKNOWN_ALGORITHM_ID 134 # define CMP_R_UNKNOWN_CERT_TYPE 135 -# define CMP_R_UNKNOWN_CRL_ISSUER 200 # define CMP_R_UNKNOWN_PKISTATUS 186 # define CMP_R_UNSUPPORTED_ALGORITHM 136 # define CMP_R_UNSUPPORTED_KEY_TYPE 137 diff --git a/vendor/openssl/include/openssl/comp.h.in b/vendor/openssl/include/openssl/comp.h.in new file mode 100644 index 0000000..bd1efdc --- /dev/null +++ b/vendor/openssl/include/openssl/comp.h.in @@ -0,0 +1,76 @@ +/* + * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::stackhash qw(generate_stack_macros); +-} + +#ifndef OPENSSL_COMP_H +# define OPENSSL_COMP_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_COMP_H +# endif + +# include + +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + + + +# ifndef OPENSSL_NO_COMP + +COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); +const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx); +int COMP_CTX_get_type(const COMP_CTX* comp); +int COMP_get_type(const COMP_METHOD *meth); +const char *COMP_get_name(const COMP_METHOD *meth); +void COMP_CTX_free(COMP_CTX *ctx); + +int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); +int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); + +COMP_METHOD *COMP_zlib(void); +COMP_METHOD *COMP_zlib_oneshot(void); +COMP_METHOD *COMP_brotli(void); +COMP_METHOD *COMP_brotli_oneshot(void); +COMP_METHOD *COMP_zstd(void); +COMP_METHOD *COMP_zstd_oneshot(void); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define COMP_zlib_cleanup() while(0) continue +# endif + +# ifdef OPENSSL_BIO_H +const BIO_METHOD *BIO_f_zlib(void); +const BIO_METHOD *BIO_f_brotli(void); +const BIO_METHOD *BIO_f_zstd(void); +# endif + +# endif + +typedef struct ssl_comp_st SSL_COMP; + +{- + generate_stack_macros("SSL_COMP"); +-} + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/vendor/openssl/include/openssl/crypto.h.in b/vendor/openssl/include/openssl/crypto.h.in index 034f150..b2d691b 100644 --- a/vendor/openssl/include/openssl/crypto.h.in +++ b/vendor/openssl/include/openssl/crypto.h.in @@ -90,7 +90,6 @@ int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, CRYPTO_RWLOCK *lock); int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock); int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock); -int CRYPTO_atomic_store(uint64_t *dst, uint64_t val, CRYPTO_RWLOCK *lock); /* No longer needed, so this is a no-op */ #define OPENSSL_malloc_init() while(0) continue @@ -99,9 +98,6 @@ int CRYPTO_atomic_store(uint64_t *dst, uint64_t val, CRYPTO_RWLOCK *lock); CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE) # define OPENSSL_zalloc(num) \ CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_aligned_alloc(num, alignment, freeptr) \ - CRYPTO_aligned_alloc(num, alignment, freeptr, \ - OPENSSL_FILE, OPENSSL_LINE) # define OPENSSL_realloc(addr, num) \ CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE) # define OPENSSL_clear_realloc(addr, old_num, num) \ @@ -325,9 +321,6 @@ void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn, OSSL_CRYPTO_ALLOC void *CRYPTO_malloc(size_t num, const char *file, int line); OSSL_CRYPTO_ALLOC void *CRYPTO_zalloc(size_t num, const char *file, int line); -OSSL_CRYPTO_ALLOC void *CRYPTO_aligned_alloc(size_t num, size_t align, - void **freeptr, const char *file, - int line); OSSL_CRYPTO_ALLOC void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); OSSL_CRYPTO_ALLOC char *CRYPTO_strdup(const char *str, const char *file, int line); OSSL_CRYPTO_ALLOC char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); @@ -536,8 +529,6 @@ int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file); void OSSL_LIB_CTX_free(OSSL_LIB_CTX *); OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void); OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx); -int OSSL_LIB_CTX_get_conf_diagnostics(OSSL_LIB_CTX *ctx); -void OSSL_LIB_CTX_set_conf_diagnostics(OSSL_LIB_CTX *ctx, int value); void OSSL_sleep(uint64_t millis); diff --git a/vendor/openssl/include/openssl/e_os2.h b/vendor/openssl/include/openssl/e_os2.h index a4aea0b..f1e1795 100644 --- a/vendor/openssl/include/openssl/e_os2.h +++ b/vendor/openssl/include/openssl/e_os2.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -200,7 +200,6 @@ extern "C" { # endif # ifndef ossl_ssize_t -# include # define ossl_ssize_t ssize_t # if defined(SSIZE_MAX) # define OSSL_SSIZE_MAX SSIZE_MAX @@ -229,6 +228,7 @@ typedef INT32 int32_t; typedef UINT32 uint32_t; typedef INT64 int64_t; typedef UINT64 uint64_t; +typedef UINTN uintptr_t; # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ defined(__osf__) || defined(__sgi) || defined(__hpux) || \ defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) diff --git a/vendor/openssl/include/openssl/indicator.h b/vendor/openssl/include/openssl/indicator.h new file mode 100644 index 0000000..3ea0122 --- /dev/null +++ b/vendor/openssl/include/openssl/indicator.h @@ -0,0 +1,31 @@ +/* + * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_INDICATOR_H +# define OPENSSL_INDICATOR_H +# pragma once + +# ifdef __cplusplus +extern "C" { +# endif + +#include + +typedef int (OSSL_INDICATOR_CALLBACK)(const char *type, const char *desc, + const OSSL_PARAM params[]); + +void OSSL_INDICATOR_set_callback(OSSL_LIB_CTX *libctx, + OSSL_INDICATOR_CALLBACK *cb); +void OSSL_INDICATOR_get_callback(OSSL_LIB_CTX *libctx, + OSSL_INDICATOR_CALLBACK **cb); + +# ifdef __cplusplus +} +# endif +#endif /* OPENSSL_INDICATOR_H */ diff --git a/vendor/openssl/include/openssl/pem.h b/vendor/openssl/include/openssl/pem.h index 6ea1a49..0446c77 100644 --- a/vendor/openssl/include/openssl/pem.h +++ b/vendor/openssl/include/openssl/pem.h @@ -58,7 +58,6 @@ extern "C" { # define PEM_STRING_PARAMETERS "PARAMETERS" # define PEM_STRING_CMS "CMS" # define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS" -# define PEM_STRING_ACERT "ATTRIBUTE CERTIFICATE" # define PEM_TYPE_ENCRYPTED 10 # define PEM_TYPE_MIC_ONLY 20 diff --git a/vendor/openssl/include/openssl/sslerr.h b/vendor/openssl/include/openssl/sslerr.h index 8222b25..ec35df6 100644 --- a/vendor/openssl/include/openssl/sslerr.h +++ b/vendor/openssl/include/openssl/sslerr.h @@ -117,7 +117,6 @@ # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 -# define SSL_R_ERROR_IN_SYSTEM_DEFAULT_CONFIG 419 # define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204 # define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE 194 # define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 diff --git a/vendor/openssl/include/openssl/tls1.h b/vendor/openssl/include/openssl/tls1.h index 8ff39e3..7e3d1a7 100644 --- a/vendor/openssl/include/openssl/tls1.h +++ b/vendor/openssl/include/openssl/tls1.h @@ -622,10 +622,6 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb # define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 # define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305 -/* Integrity-only ciphersuites from RFC 9150 */ -# define TLS1_3_CK_SHA256_SHA256 0x0300C0B4 -# define TLS1_3_CK_SHA384_SHA384 0x0300C0B5 - /* Aria ciphersuites from RFC6209 */ # define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C050 # define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C051 @@ -703,8 +699,6 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb # define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" # define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" # define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" -# define TLS1_3_RFC_SHA256_SHA256 "TLS_SHA256_SHA256" -# define TLS1_3_RFC_SHA384_SHA384 "TLS_SHA384_SHA384" # define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" # define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" # define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA" diff --git a/vendor/openssl/include/openssl/x509.h.in b/vendor/openssl/include/openssl/x509.h.in index 7d7ffa2..7210391 100644 --- a/vendor/openssl/include/openssl/x509.h.in +++ b/vendor/openssl/include/openssl/x509.h.in @@ -67,24 +67,16 @@ extern "C" { # define X509_FILETYPE_ASN1 2 # define X509_FILETYPE_DEFAULT 3 -/*- - * : - * The KeyUsage BITSTRING is treated as a little-endian integer, hence bit `0` - * is 0x80, while bit `7` is 0x01 (the LSB of the integer value), bit `8` is - * then the MSB of the second octet, or 0x8000. - */ -# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 /* (0) */ -# define X509v3_KU_NON_REPUDIATION 0x0040 /* (1) */ -# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 /* (2) */ -# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 /* (3) */ -# define X509v3_KU_KEY_AGREEMENT 0x0008 /* (4) */ -# define X509v3_KU_KEY_CERT_SIGN 0x0004 /* (5) */ -# define X509v3_KU_CRL_SIGN 0x0002 /* (6) */ -# define X509v3_KU_ENCIPHER_ONLY 0x0001 /* (7) */ -# define X509v3_KU_DECIPHER_ONLY 0x8000 /* (8) */ -# ifndef OPENSSL_NO_DEPRECATED_3_4 -# define X509v3_KU_UNDEF 0xffff /* vestigial, not used */ -# endif +# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 +# define X509v3_KU_NON_REPUDIATION 0x0040 +# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 +# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 +# define X509v3_KU_KEY_AGREEMENT 0x0008 +# define X509v3_KU_KEY_CERT_SIGN 0x0004 +# define X509v3_KU_CRL_SIGN 0x0002 +# define X509v3_KU_ENCIPHER_ONLY 0x0001 +# define X509v3_KU_DECIPHER_ONLY 0x8000 +# define X509v3_KU_UNDEF 0xffff struct X509_algor_st { ASN1_OBJECT *algorithm; diff --git a/vendor/openssl/include/openssl/x509_acert.h.in b/vendor/openssl/include/openssl/x509_acert.h.in index 42376a6..70facf8 100644 --- a/vendor/openssl/include/openssl/x509_acert.h.in +++ b/vendor/openssl/include/openssl/x509_acert.h.in @@ -153,4 +153,40 @@ int OSSL_IETF_ATTR_SYNTAX_add1_value(OSSL_IETF_ATTR_SYNTAX *a, int type, void *data); int OSSL_IETF_ATTR_SYNTAX_print(BIO *bp, OSSL_IETF_ATTR_SYNTAX *a, int indent); +struct TARGET_CERT_st { + OSSL_ISSUER_SERIAL *targetCertificate; + GENERAL_NAME *targetName; + OSSL_OBJECT_DIGEST_INFO *certDigestInfo; +}; + +typedef struct TARGET_CERT_st OSSL_TARGET_CERT; + +# define OSSL_TGT_TARGET_NAME 0 +# define OSSL_TGT_TARGET_GROUP 1 +# define OSSL_TGT_TARGET_CERT 2 + +typedef struct TARGET_st { + int type; + union { + GENERAL_NAME *targetName; + GENERAL_NAME *targetGroup; + OSSL_TARGET_CERT *targetCert; + } choice; +} OSSL_TARGET; + +typedef STACK_OF(OSSL_TARGET) OSSL_TARGETS; +typedef STACK_OF(OSSL_TARGETS) OSSL_TARGETING_INFORMATION; + +{- + generate_stack_macros("OSSL_TARGET"); +-} + +{- + generate_stack_macros("OSSL_TARGETS"); +-} + +DECLARE_ASN1_FUNCTIONS(OSSL_TARGET) +DECLARE_ASN1_FUNCTIONS(OSSL_TARGETS) +DECLARE_ASN1_FUNCTIONS(OSSL_TARGETING_INFORMATION) + #endif diff --git a/vendor/openssl/include/openssl/x509v3.h.in b/vendor/openssl/include/openssl/x509v3.h.in index a967064..5696803 100644 --- a/vendor/openssl/include/openssl/x509v3.h.in +++ b/vendor/openssl/include/openssl/x509v3.h.in @@ -178,8 +178,6 @@ typedef struct ACCESS_DESCRIPTION_st { GENERAL_NAME *location; } ACCESS_DESCRIPTION; -int GENERAL_NAME_set1_X509_NAME(GENERAL_NAME **tgt, const X509_NAME *src); - {- generate_stack_macros("ACCESS_DESCRIPTION") .generate_stack_macros("GENERAL_NAME"); @@ -203,7 +201,6 @@ typedef struct DIST_POINT_NAME_st { /* If relativename then this contains the full distribution point name */ X509_NAME *dpname; } DIST_POINT_NAME; -DECLARE_ASN1_DUP_FUNCTION(DIST_POINT_NAME) /* All existing reasons */ # define CRLDP_ALL_REASONS 0x807f @@ -425,16 +422,15 @@ struct ISSUING_DIST_POINT_st { # define EXFLAG_SAN_CRITICAL 0x80000 # define EXFLAG_NO_FINGERPRINT 0x100000 -/* https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3 */ -# define KU_DIGITAL_SIGNATURE X509v3_KU_DIGITAL_SIGNATURE -# define KU_NON_REPUDIATION X509v3_KU_NON_REPUDIATION -# define KU_KEY_ENCIPHERMENT X509v3_KU_KEY_ENCIPHERMENT -# define KU_DATA_ENCIPHERMENT X509v3_KU_DATA_ENCIPHERMENT -# define KU_KEY_AGREEMENT X509v3_KU_KEY_AGREEMENT -# define KU_KEY_CERT_SIGN X509v3_KU_KEY_CERT_SIGN -# define KU_CRL_SIGN X509v3_KU_CRL_SIGN -# define KU_ENCIPHER_ONLY X509v3_KU_ENCIPHER_ONLY -# define KU_DECIPHER_ONLY X509v3_KU_DECIPHER_ONLY +# define KU_DIGITAL_SIGNATURE 0x0080 +# define KU_NON_REPUDIATION 0x0040 +# define KU_KEY_ENCIPHERMENT 0x0020 +# define KU_DATA_ENCIPHERMENT 0x0010 +# define KU_KEY_AGREEMENT 0x0008 +# define KU_KEY_CERT_SIGN 0x0004 +# define KU_CRL_SIGN 0x0002 +# define KU_ENCIPHER_ONLY 0x0001 +# define KU_DECIPHER_ONLY 0x8000 # define NS_SSL_CLIENT 0x80 # define NS_SSL_SERVER 0x40 -- cgit