search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
patches: more minor updates
[git-osx-installer.git] / patches / curl / stcompat.h
blob0bd3939a9c57e6f46ac397a3e090e849f113289a
1 /*
2
3 stcompat.h -- SecureTransport compatibility header
4 Copyright (C) 2014,2015 Kyle J. McKay. All rights reserved.
5
6 If this software is included as part of a build of
7 the cURL library, it may be used under the same license
8 terms as the cURL library.
9
10 Otherwise the GPLv2 license applies.
11
12 This software is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
15
16 */
17
18 #ifndef STCOMPAT_H
19 #define STCOMPAT_H
20
21 #include <TargetConditionals.h>
22 #include <AvailabilityMacros.h>
23 #include <CoreFoundation/CoreFoundation.h>
24 #include <stdarg.h>
25
26 #undef noErr
27 #define noErr 0 /* from MacTypes.h */
28 #undef errSecSuccess
29 #define errSecSuccess 0 /* from SecBase.h */
30 #undef unimpErr
31 #define unimpErr -4 /* from MacErrors.h */
32 #undef errSecUnimplemented
33 #define errSecUnimplemented -4 /* from SecBase.h */
34 #undef ioErr
35 #define ioErr -36 /* from MacErrors.h */
36 #undef paramErr
37 #define paramErr -50 /* from MacErrors.h */
38 #undef errSecParam
39 #define errSecParam -50 /* from SecBase.h */
40 #undef memFullErr
41 #define memFullErr -108 /* from MacErrors.h */
42 #undef errSecAllocate
43 #define errSecAllocate -108 /* from SecBase.h */
44
45 #ifndef TARGET_OS_EMBEDDED
46 #define TARGET_OS_EMBEDDED 0
47 #endif
48 #ifndef TARGET_OS_IPHONE
49 #define TARGET_OS_IPHONE 0
50 #endif
51
52 /* Some missing error defines */
53 #undef errSecSuccess
54 #define errSecSuccess 0 /* alias for noErr 10.6+ */
55 #undef errSSLServerAuthCompleted
56 #define errSSLServerAuthCompleted -9841 /* original name */
57 #undef errSSLClientAuthCompleted
58 #define errSSLClientAuthCompleted -9841 /* added alias */
59 #undef errSSLPeerAuthCompleted
60 #define errSSLPeerAuthCompleted -9841 /* new name */
61 #undef errSSLClientCertRequested
62 #define errSSLClientCertRequested -9842
63 #undef errSecTrustSettingDeny
64 #define errSecTrustSettingDeny -67654
65 #undef errSecNotTrusted
66 #define errSecNotTrusted -67843
67
68 /* Custom error defines -- see Technical Q&A QA1499 */
69 #undef errSecPinnedKeyMismatch
70 #define errSecPinnedKeyMismatch 200001 /* user-defined error code */
71
72 /* Some missing session option defines */
73 #undef kSSLSessionOptionBreakOnServerAuth
74 #define kSSLSessionOptionBreakOnServerAuth 0
75 #undef kSSLSessionOptionBreakOnCertRequested
76 #define kSSLSessionOptionBreakOnCertRequested 1
77 #undef kSSLSessionOptionBreakOnClientAuth
78 #define kSSLSessionOptionBreakOnClientAuth 2
79 #undef kSSLSessionOptionFalseStart
80 #define kSSLSessionOptionFalseStart 3
81 #undef kSSLSessionOptionSendOneByteRecord
82 #define kSSLSessionOptionSendOneByteRecord 4
83 #undef kSSLSessionOptionAllowServerIdentityChange
84 #define kSSLSessionOptionAllowServerIdentityChange 5
85
86 /* The entire known cipher suite list */
87 #undef SSL_NULL_WITH_NULL_NULL
88 #define SSL_NULL_WITH_NULL_NULL 0x0000
89 #undef TLS_NULL_WITH_NULL_NULL
90 #define TLS_NULL_WITH_NULL_NULL 0x0000
91 #undef SSL_RSA_WITH_NULL_MD5
92 #define SSL_RSA_WITH_NULL_MD5 0x0001
93 #undef TLS_RSA_WITH_NULL_MD5
94 #define TLS_RSA_WITH_NULL_MD5 0x0001
95 #undef SSL_RSA_WITH_NULL_SHA
96 #define SSL_RSA_WITH_NULL_SHA 0x0002
97 #undef TLS_RSA_WITH_NULL_SHA
98 #define TLS_RSA_WITH_NULL_SHA 0x0002
99 #undef SSL_RSA_EXPORT_WITH_RC4_40_MD5
100 #define SSL_RSA_EXPORT_WITH_RC4_40_MD5 0x0003
101 #undef SSL_RSA_WITH_RC4_128_MD5
102 #define SSL_RSA_WITH_RC4_128_MD5 0x0004
103 #undef TLS_RSA_WITH_RC4_128_MD5
104 #define TLS_RSA_WITH_RC4_128_MD5 0x0004
105 #undef SSL_RSA_WITH_RC4_128_SHA
106 #define SSL_RSA_WITH_RC4_128_SHA 0x0005
107 #undef TLS_RSA_WITH_RC4_128_SHA
108 #define TLS_RSA_WITH_RC4_128_SHA 0x0005
109 #undef SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
110 #define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006
111 #undef SSL_RSA_WITH_IDEA_CBC_SHA
112 #define SSL_RSA_WITH_IDEA_CBC_SHA 0x0007
113 #undef SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
114 #define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008
115 #undef SSL_RSA_WITH_DES_CBC_SHA
116 #define SSL_RSA_WITH_DES_CBC_SHA 0x0009
117 #undef SSL_RSA_WITH_3DES_EDE_CBC_SHA
118 #define SSL_RSA_WITH_3DES_EDE_CBC_SHA 0x000A
119 #undef TLS_RSA_WITH_3DES_EDE_CBC_SHA
120 #define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000A
121 #undef SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
122 #define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000B
123 #undef SSL_DH_DSS_WITH_DES_CBC_SHA
124 #define SSL_DH_DSS_WITH_DES_CBC_SHA 0x000C
125 #undef SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA
126 #define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000D
127 #undef TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
128 #define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000D
129 #undef SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
130 #define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000E
131 #undef SSL_DH_RSA_WITH_DES_CBC_SHA
132 #define SSL_DH_RSA_WITH_DES_CBC_SHA 0x000F
133 #undef SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA
134 #define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010
135 #undef TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
136 #define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010
137 #undef SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
138 #define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011
139 #undef SSL_DHE_DSS_WITH_DES_CBC_SHA
140 #define SSL_DHE_DSS_WITH_DES_CBC_SHA 0x0012
141 #undef SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
142 #define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013
143 #undef TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
144 #define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013
145 #undef SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
146 #define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014
147 #undef SSL_DHE_RSA_WITH_DES_CBC_SHA
148 #define SSL_DHE_RSA_WITH_DES_CBC_SHA 0x0015
149 #undef SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
150 #define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016
151 #undef TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
152 #define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016
153 #undef SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
154 #define SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017
155 #undef SSL_DH_anon_WITH_RC4_128_MD5
156 #define SSL_DH_anon_WITH_RC4_128_MD5 0x0018
157 #undef TLS_DH_anon_WITH_RC4_128_MD5
158 #define TLS_DH_anon_WITH_RC4_128_MD5 0x0018
159 #undef SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
160 #define SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019
161 #undef SSL_DH_anon_WITH_DES_CBC_SHA
162 #define SSL_DH_anon_WITH_DES_CBC_SHA 0x001A
163 #undef SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
164 #define SSL_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001B
165 #undef TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
166 #define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001B
167 #undef SSL_FORTEZZA_DMS_WITH_NULL_SHA
168 #define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001C
169 #undef SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA
170 #define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001D
171 #undef TLS_PSK_WITH_NULL_SHA
172 #define TLS_PSK_WITH_NULL_SHA 0x002C
173 #undef TLS_DHE_PSK_WITH_NULL_SHA
174 #define TLS_DHE_PSK_WITH_NULL_SHA 0x002D
175 #undef TLS_RSA_PSK_WITH_NULL_SHA
176 #define TLS_RSA_PSK_WITH_NULL_SHA 0x002E
177 #undef TLS_RSA_WITH_AES_128_CBC_SHA
178 #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F
179 #undef TLS_DH_DSS_WITH_AES_128_CBC_SHA
180 #define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030
181 #undef TLS_DH_RSA_WITH_AES_128_CBC_SHA
182 #define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031
183 #undef TLS_DHE_DSS_WITH_AES_128_CBC_SHA
184 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032
185 #undef TLS_DHE_RSA_WITH_AES_128_CBC_SHA
186 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033
187 #undef TLS_DH_anon_WITH_AES_128_CBC_SHA
188 #define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034
189 #undef TLS_RSA_WITH_AES_256_CBC_SHA
190 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
191 #undef TLS_DH_DSS_WITH_AES_256_CBC_SHA
192 #define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036
193 #undef TLS_DH_RSA_WITH_AES_256_CBC_SHA
194 #define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037
195 #undef TLS_DHE_DSS_WITH_AES_256_CBC_SHA
196 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038
197 #undef TLS_DHE_RSA_WITH_AES_256_CBC_SHA
198 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039
199 #undef TLS_DH_anon_WITH_AES_256_CBC_SHA
200 #define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A
201 #undef TLS_RSA_WITH_NULL_SHA256
202 #define TLS_RSA_WITH_NULL_SHA256 0x003B
203 #undef TLS_RSA_WITH_AES_128_CBC_SHA256
204 #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C
205 #undef TLS_RSA_WITH_AES_256_CBC_SHA256
206 #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D
207 #undef TLS_DH_DSS_WITH_AES_128_CBC_SHA256
208 #define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 0x003E
209 #undef TLS_DH_RSA_WITH_AES_128_CBC_SHA256
210 #define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 0x003F
211 #undef TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
212 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 0x0040
213 #undef TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
214 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067
215 #undef TLS_DH_DSS_WITH_AES_256_CBC_SHA256
216 #define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 0x0068
217 #undef TLS_DH_RSA_WITH_AES_256_CBC_SHA256
218 #define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 0x0069
219 #undef TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
220 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 0x006A
221 #undef TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
222 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B
223 #undef TLS_DH_anon_WITH_AES_128_CBC_SHA256
224 #define TLS_DH_anon_WITH_AES_128_CBC_SHA256 0x006C
225 #undef TLS_DH_anon_WITH_AES_256_CBC_SHA256
226 #define TLS_DH_anon_WITH_AES_256_CBC_SHA256 0x006D
227 #undef TLS_PSK_WITH_RC4_128_SHA
228 #define TLS_PSK_WITH_RC4_128_SHA 0x008A
229 #undef TLS_PSK_WITH_3DES_EDE_CBC_SHA
230 #define TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x008B
231 #undef TLS_PSK_WITH_AES_128_CBC_SHA
232 #define TLS_PSK_WITH_AES_128_CBC_SHA 0x008C
233 #undef TLS_PSK_WITH_AES_256_CBC_SHA
234 #define TLS_PSK_WITH_AES_256_CBC_SHA 0x008D
235 #undef TLS_DHE_PSK_WITH_RC4_128_SHA
236 #define TLS_DHE_PSK_WITH_RC4_128_SHA 0x008E
237 #undef TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
238 #define TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x008F
239 #undef TLS_DHE_PSK_WITH_AES_128_CBC_SHA
240 #define TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x0090
241 #undef TLS_DHE_PSK_WITH_AES_256_CBC_SHA
242 #define TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x0091
243 #undef TLS_RSA_PSK_WITH_RC4_128_SHA
244 #define TLS_RSA_PSK_WITH_RC4_128_SHA 0x0092
245 #undef TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
246 #define TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x0093
247 #undef TLS_RSA_PSK_WITH_AES_128_CBC_SHA
248 #define TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x0094
249 #undef TLS_RSA_PSK_WITH_AES_256_CBC_SHA
250 #define TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x0095
251 #undef TLS_RSA_WITH_AES_128_GCM_SHA256
252 #define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C
253 #undef TLS_RSA_WITH_AES_256_GCM_SHA384
254 #define TLS_RSA_WITH_AES_256_GCM_SHA384 0x009D
255 #undef TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
256 #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E
257 #undef TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
258 #define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x009F
259 #undef TLS_DH_RSA_WITH_AES_128_GCM_SHA256
260 #define TLS_DH_RSA_WITH_AES_128_GCM_SHA256 0x00A0
261 #undef TLS_DH_RSA_WITH_AES_256_GCM_SHA384
262 #define TLS_DH_RSA_WITH_AES_256_GCM_SHA384 0x00A1
263 #undef TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
264 #define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 0x00A2
265 #undef TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
266 #define TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 0x00A3
267 #undef TLS_DH_DSS_WITH_AES_128_GCM_SHA256
268 #define TLS_DH_DSS_WITH_AES_128_GCM_SHA256 0x00A4
269 #undef TLS_DH_DSS_WITH_AES_256_GCM_SHA384
270 #define TLS_DH_DSS_WITH_AES_256_GCM_SHA384 0x00A5
271 #undef TLS_DH_anon_WITH_AES_128_GCM_SHA256
272 #define TLS_DH_anon_WITH_AES_128_GCM_SHA256 0x00A6
273 #undef TLS_DH_anon_WITH_AES_256_GCM_SHA384
274 #define TLS_DH_anon_WITH_AES_256_GCM_SHA384 0x00A7
275 #undef TLS_PSK_WITH_AES_128_GCM_SHA256
276 #define TLS_PSK_WITH_AES_128_GCM_SHA256 0x00A8
277 #undef TLS_PSK_WITH_AES_256_GCM_SHA384
278 #define TLS_PSK_WITH_AES_256_GCM_SHA384 0x00A9
279 #undef TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
280 #define TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0x00AA
281 #undef TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
282 #define TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0x00AB
283 #undef TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
284 #define TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0x00AC
285 #undef TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
286 #define TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0x00AD
287 #undef TLS_PSK_WITH_AES_128_CBC_SHA256
288 #define TLS_PSK_WITH_AES_128_CBC_SHA256 0x00AE
289 #undef TLS_PSK_WITH_AES_256_CBC_SHA384
290 #define TLS_PSK_WITH_AES_256_CBC_SHA384 0x00AF
291 #undef TLS_PSK_WITH_NULL_SHA256
292 #define TLS_PSK_WITH_NULL_SHA256 0x00B0
293 #undef TLS_PSK_WITH_NULL_SHA384
294 #define TLS_PSK_WITH_NULL_SHA384 0x00B1
295 #undef TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
296 #define TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0x00B2
297 #undef TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
298 #define TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0x00B3
299 #undef TLS_DHE_PSK_WITH_NULL_SHA256
300 #define TLS_DHE_PSK_WITH_NULL_SHA256 0x00B4
301 #undef TLS_DHE_PSK_WITH_NULL_SHA384
302 #define TLS_DHE_PSK_WITH_NULL_SHA384 0x00B5
303 #undef TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
304 #define TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0x00B6
305 #undef TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
306 #define TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0x00B7
307 #undef TLS_RSA_PSK_WITH_NULL_SHA256
308 #define TLS_RSA_PSK_WITH_NULL_SHA256 0x00B8
309 #undef TLS_RSA_PSK_WITH_NULL_SHA384
310 #define TLS_RSA_PSK_WITH_NULL_SHA384 0x00B9
311 #undef TLS_EMPTY_RENEGOTIATION_INFO_SCSV
312 #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF
313 #undef TLS_FALLBACK_SCSV
314 #define TLS_FALLBACK_SCSV 0x5600
315 #undef TLS_ECDH_ECDSA_WITH_NULL_SHA
316 #define TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001
317 #undef TLS_ECDH_ECDSA_WITH_RC4_128_SHA
318 #define TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002
319 #undef TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
320 #define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003
321 #undef TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
322 #define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
323 #undef TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
324 #define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
325 #undef TLS_ECDHE_ECDSA_WITH_NULL_SHA
326 #define TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006
327 #undef TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
328 #define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007
329 #undef TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
330 #define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008
331 #undef TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
332 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
333 #undef TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
334 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
335 #undef TLS_ECDH_RSA_WITH_NULL_SHA
336 #define TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B
337 #undef TLS_ECDH_RSA_WITH_RC4_128_SHA
338 #define TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C
339 #undef TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
340 #define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D
341 #undef TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
342 #define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
343 #undef TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
344 #define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
345 #undef TLS_ECDHE_RSA_WITH_NULL_SHA
346 #define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010
347 #undef TLS_ECDHE_RSA_WITH_RC4_128_SHA
348 #define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011
349 #undef TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
350 #define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012
351 #undef TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
352 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
353 #undef TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
354 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
355 #undef TLS_ECDH_anon_WITH_NULL_SHA
356 #define TLS_ECDH_anon_WITH_NULL_SHA 0xC015
357 #undef TLS_ECDH_anon_WITH_RC4_128_SHA
358 #define TLS_ECDH_anon_WITH_RC4_128_SHA 0xC016
359 #undef TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
360 #define TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA 0xC017
361 #undef TLS_ECDH_anon_WITH_AES_128_CBC_SHA
362 #define TLS_ECDH_anon_WITH_AES_128_CBC_SHA 0xC018
363 #undef TLS_ECDH_anon_WITH_AES_256_CBC_SHA
364 #define TLS_ECDH_anon_WITH_AES_256_CBC_SHA 0xC019
365 #undef TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
366 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
367 #undef TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
368 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
369 #undef TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
370 #define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025
371 #undef TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
372 #define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026
373 #undef TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
374 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
375 #undef TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
376 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028
377 #undef TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
378 #define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029
379 #undef TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
380 #define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A
381 #undef TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
382 #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
383 #undef TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
384 #define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
385 #undef TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
386 #define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
387 #undef TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
388 #define TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E
389 #undef TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
390 #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
391 #undef TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
392 #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
393 #undef TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
394 #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
395 #undef TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
396 #define TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032
397 #undef SSL_RSA_WITH_RC2_CBC_MD5
398 #define SSL_RSA_WITH_RC2_CBC_MD5 0xFF80
399 #undef SSL_RSA_WITH_IDEA_CBC_MD5
400 #define SSL_RSA_WITH_IDEA_CBC_MD5 0xFF81
401 #undef SSL_RSA_WITH_DES_CBC_MD5
402 #define SSL_RSA_WITH_DES_CBC_MD5 0xFF82
403 #undef SSL_RSA_WITH_3DES_EDE_CBC_MD5
404 #define SSL_RSA_WITH_3DES_EDE_CBC_MD5 0xFF83
405 #undef SSL_NO_SUCH_CIPHERSUITE
406 #define SSL_NO_SUCH_CIPHERSUITE 0xFFFF
407
408 #undef kTLSProtocol11
409 #define kTLSProtocol11 7
410 #undef kTLSProtocol12
411 #define kTLSProtocol12 8
412 #undef kDTLSProtocol1
413 #define kDTLSProtocol1 9
414
415 #if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
416
417 #include <Security/cssmapple.h>
418
419 #undef CSSM_CERT_STATUS_EXPIRED
420 #define CSSM_CERT_STATUS_EXPIRED 0x00000001
421 #undef CSSM_CERT_STATUS_NOT_VALID_YET
422 #define CSSM_CERT_STATUS_NOT_VALID_YET 0x00000002
423 #undef CSSM_CERT_STATUS_IS_IN_INPUT_CERTS
424 #define CSSM_CERT_STATUS_IS_IN_INPUT_CERTS 0x00000004
425 #undef CSSM_CERT_STATUS_IS_IN_ANCHORS
426 #define CSSM_CERT_STATUS_IS_IN_ANCHORS 0x00000008
427 #undef CSSM_CERT_STATUS_IS_ROOT
428 #define CSSM_CERT_STATUS_IS_ROOT 0x00000010
429 #undef CSSM_CERT_STATUS_IS_FROM_NET
430 #define CSSM_CERT_STATUS_IS_FROM_NET 0x00000020
431 #undef CSSM_CERT_STATUS_TRUST_SETTINGS_FOUND_USER
432 #define CSSM_CERT_STATUS_TRUST_SETTINGS_FOUND_USER 0x00000040
433 #undef CSSM_CERT_STATUS_TRUST_SETTINGS_FOUND_ADMIN
434 #define CSSM_CERT_STATUS_TRUST_SETTINGS_FOUND_ADMIN 0x00000080
435 #undef CSSM_CERT_STATUS_TRUST_SETTINGS_FOUND_SYSTEM
436 #define CSSM_CERT_STATUS_TRUST_SETTINGS_FOUND_SYSTEM 0x00000100
437 #undef CSSM_CERT_STATUS_TRUST_SETTINGS_TRUST
438 #define CSSM_CERT_STATUS_TRUST_SETTINGS_TRUST 0x00000200
439 #undef CSSM_CERT_STATUS_TRUST_SETTINGS_DENY
440 #define CSSM_CERT_STATUS_TRUST_SETTINGS_DENY 0x00000400
441 #undef CSSM_CERT_STATUS_TRUST_SETTINGS_IGNORED_ERROR
442 #define CSSM_CERT_STATUS_TRUST_SETTINGS_IGNORED_ERROR 0x00000800
443
444 #undef kSSLServerSide
445 #define kSSLServerSide 0
446 #undef kSSLClientSide
447 #define kSSLClientSide 1
448
449 #undef kSSLStreamType
450 #define kSSLStreamType 0
451 #undef kSSLDatagramType
452 #define kSSLDatagramType 1
453
454 #undef SecItemImportExportKeyParameters
455 typedef struct {
456 uint32_t version;
457 SecKeyImportExportFlags flags;
458 CFTypeRef passphrase;
459 CFStringRef alertTitle;
460 CFStringRef alertPrompt;
461 SecAccessRef accessRef;
462 CFArrayRef keyUsage;
463 CFArrayRef keyAttributes;
464 } cSecItemImportExportKeyParameters;
465 #define SecItemImportExportKeyParameters cSecItemImportExportKeyParameters
466
467 typedef void (*errinfo_func_t)(void *, const char *, ...);
468
469 typedef struct {
470 errinfo_func_t f;
471 void *u;
472 } errinfo_t;
473
474 CFDataRef CFDataCreateWithContentsOfFile(CFAllocatorRef a, const char *f);
475 /* Never returns a 0-element array, returns NULL instead */
476 CFArrayRef CreateCertsArrayWithData(CFDataRef d, const errinfo_t *e);
477 Boolean CheckCertOkay(SecCertificateRef cert);
478 /* Never returns a 0-element array, returns NULL instead. As a convenience
479 * certificates may be used in place of or in addition to public keys and their
480 * public keys will be automatically extracted and added to the pinning set. */
481 CFArrayRef CreatePubKeyArrayWithData(CFDataRef d, const errinfo_t *e);
482 Boolean CheckPubKeyOkay(CFDataRef pubkey);
483 /* Never returns a 0-element array, returns NULL instead. Input should
484 * be a semicolon-separated list of sha256//... where the ... part is the base64
485 * encoding of the binary sha256 hash of a DER format public key. */
486 CFArrayRef CreatePubKeySha256Array(const char *hashlist, const errinfo_t *e);
487 Boolean IsSha256HashList(const char *hashlist);
488 /* caller must free() result unless NULL. If s is NULL will return NULL.
489 * if s is not NULL and release is true will CFRelease(s) before return */
490 char *CFStringCreateUTF8String(CFStringRef s, Boolean release);
491 /* Returns true if name is an IPv4 literal as defined in RFC 3986 section 3.2.2 */
492 Boolean IsIPv4Name(const void *name, size_t namelen);
493
494 OSStatus cSSLSetSessionOption(SSLContextRef cxt, int option, Boolean value);
495 SecCertificateRef cSecCertificateCreateWithData(CFAllocatorRef a, CFDataRef d);
496 CFDataRef cSecCertificateCopyData(SecCertificateRef c);
497 OSStatus cSecIdentityCreateWithCertificate(CFTypeRef k, SecCertificateRef c,
498 SecIdentityRef *i);
499 SecIdentityRef cSecIdentityCreateWithCertificateAndKeyData(
500 SecCertificateRef certificateRef, CFDataRef keydata, CFTypeRef pw,
501 CFStringRef hint, void **kh);
502 void CopyCertValidity(SecCertificateRef cert, CFStringRef *nb, CFStringRef *na);
503 CFStringRef CopyCertSubject(SecCertificateRef cert);
504 CFStringRef CopyCertSubjectAltNamesString(SecCertificateRef cert);
505 CFStringRef CopyCertSubjectKeyId(SecCertificateRef cert);
506 CFStringRef CopyCertIssuer(SecCertificateRef cert);
507 CFStringRef CopyCertIssuerKeyId(SecCertificateRef cert);
508 OSStatus CopyIdentityWithLabel(const char *label, SecIdentityRef *out);
509 CFArrayRef CreateClientAuthWithCertificatesAndKeyData(CFArrayRef certs,
510 CFDataRef keydata, CFTypeRef pw,
511 CFStringRef hint, void **kh);
512 void DisposeIdentityKeychainHandle(void *);
513 OSStatus cSecItemImport(
514 CFDataRef importedData, CFStringRef fileNameOrExtension,
515 SecExternalFormat *inputFormat, SecExternalItemType *itemType,
516 SecItemImportExportFlags flags, const SecItemImportExportKeyParameters *keyParams,
517 SecKeychainRef importKeychain, CFArrayRef *outItems);
518 SSLContextRef cSSLCreateContext(CFAllocatorRef a, int ps, int ct);
519 void cSSLDisposeContext(SSLContextRef);
520 /* Sorts list of ciphers into most secure to least secure order and returns count
521 * of how many at the front of the list are not completely weak and worthless */
522 size_t cSSLSortCiphers(SSLCipherSuite *array, size_t entries);
523 OSStatus cSSLSetTrustedRoots(SSLContextRef cxt, CFArrayRef rts, Boolean replace);
524 OSStatus cSSLCopyPeerTrust(SSLContextRef cxt, SecTrustRef *trust);
525 OSStatus cSecTrustSetAnchorCertificatesOnly(SecTrustRef cxt, Boolean anchorsOnly);
526 OSStatus cSSLCopyPeerCertificates(SSLContextRef cxt, CFArrayRef *certs);
527 OSStatus cSSLSetProtocolVersionMinMax(SSLContextRef cxt, int minVer, int maxVer);
528 OSStatus cSecTrustGetResult(
529 SecTrustRef trust,
530 SecTrustResultType *result,
531 CFArrayRef *certChain,
532 CSSM_TP_APPLE_EVIDENCE_INFO **statusChain);
533 /* If customRootsOrNull is not null, the root of the chain MUST be in
534 customRootsOrNull. If certFlags & 0x01 then all certs in the
535 chain EXCEPT the root must come from the peer -- no magically appearing
536 intermediate certs from who-knows-where are allowed. The trust will
537 automatically be evaluated if it has not already been. If the chain is
538 otherwise okay (would return errSecSuccess) but the trust result is other
539 than unspecified or proceed then either errSecTrustSettingDeny (for
540 kSecTrustResultDeny) or errSecNotTrusted (other codes) will be returned.
541 Flags are CSSM_APPLE_TP_ACTION_FLAGS, pass 0 for normal behavior, only
542 bits 0x1, 0x2 and 0x8 are checked in any case. If peername is not NULL
543 and not the empty string then it must match the leaf certificate.
544 If pinnedKeySetOrNull is not NULL then the peer certificate's public key
545 MUST be found in pinnedKeySetOrNull or errSecPinnedKeyMismatch will be
546 returned. This check is done last and only if no other error occurs.
547 Setting certFlags & 0x02 causes ALL other checks to be skipped making
548 it a pinned-key-check-only call. If certFlags & 0x02 is set then
549 pinnedKeySetOrNull MUST NOT be NULL. If pinnedKeySetOrNull is not NULL
550 it MUST have at least one element in it. If certFlags & 0x04 is set
551 then certificate chain validation errors are ignored (but host name
552 matching will still be done if certFlags & 0x02 is NOT set). If
553 certFlags & 0x04 is set AND certFlags & 0x02 is NOT set then peername
554 MUST NOT be NULL or the empty string. If certFlags & 0x08 IS set
555 then pinnedKeySetOrNull is actually an array of binary sha256
556 hash(es) of the DER form of the public key(s) to match. */
557 OSStatus VerifyTrustChain(SecTrustRef trust, CFArrayRef customRootsOrNull,
558 unsigned certFlags, unsigned flags,
559 const char *peername, CFArrayRef pinnedKeySetOrNull);
560 /* returns true iff both certs are not NULL AND are DER byte-wise identical */
561 Boolean SecCertsEqual(SecCertificateRef c1, SecCertificateRef c2);
562 /* returns true iff at least one cert in a is SecCertsEqual to c */
563 Boolean SecCertInArray(SecCertificateRef c, CFArrayRef a);
564 /* returns true iff both items are not NULL AND are byte-wise identical */
565 Boolean BlobsEqual(CFDataRef b1, CFDataRef b2);
566 /* returns true iff at least one item in a is BlobsEqual to b */
567 Boolean BlobInArray(CFDataRef b, CFArrayRef a);
568
569 #elif TARGET_OS_EMBEDDED || TARGET_OS_IPHONE
570
571 #error iOS is not currently supported
572
573 #endif /* TARGET_OS_EMBEDDED || TARGET_OS_IPHONE */
574
575 #endif /* STCOMPAT_H */
Git OS X Installer Patch Sources