cosmopolitan/third_party/mbedtls/x509_csr.h

#ifndef MBEDTLS_X509_CSR_H_
#define MBEDTLS_X509_CSR_H_
#include "third_party/mbedtls/config.h"
#include "third_party/mbedtls/x509.h"
COSMOPOLITAN_C_START_

/**
 * Certificate Signing Request (CSR) structure.
 */
typedef struct mbedtls_x509_csr {
    mbedtls_x509_buf raw;           /*< The raw CSR data (DER). */
    mbedtls_x509_buf cri;           /*< The raw CertificateRequestInfo body (DER). */
    int version;                    /*< CSR version (1=v1). */
    mbedtls_x509_buf  subject_raw;  /*< The raw subject data (DER). */
    mbedtls_x509_name subject;      /*< The parsed subject data (named information object). */
    mbedtls_pk_context pk;          /*< Container for the public key context. */
    mbedtls_x509_buf sig_oid;
    mbedtls_x509_buf sig;
    mbedtls_md_type_t sig_md;       /*< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
    mbedtls_pk_type_t sig_pk;       /*< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
    void *sig_opts;                 /*< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
} mbedtls_x509_csr;

/**
 * Container for writing a CSR
 */
typedef struct mbedtls_x509write_csr {
    mbedtls_pk_context *key;
    mbedtls_asn1_named_data *subject;
    mbedtls_md_type_t md_alg;
    mbedtls_asn1_named_data *extensions;
} mbedtls_x509write_csr;

int mbedtls_x509_csr_info( char *, size_t, const char *, const mbedtls_x509_csr * );
int mbedtls_x509_csr_parse( mbedtls_x509_csr *, const unsigned char *, size_t );
int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *, const unsigned char *, size_t );
int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *, const char * );
int mbedtls_x509write_csr_der( mbedtls_x509write_csr *, unsigned char *, size_t, int (*)(void *, unsigned char *, size_t), void * );
int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *, unsigned char *, size_t, int (*)(void *, unsigned char *, size_t), void * );
int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *, const char *, size_t, const unsigned char *, size_t );
int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *, unsigned char );
int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *, unsigned char );
int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *, const char * );
void mbedtls_x509_csr_free( mbedtls_x509_csr * );
void mbedtls_x509_csr_init( mbedtls_x509_csr * );
void mbedtls_x509write_csr_free( mbedtls_x509write_csr * );
void mbedtls_x509write_csr_init( mbedtls_x509write_csr * );
void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *, mbedtls_pk_context * );
void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *, mbedtls_md_type_t );

COSMOPOLITAN_C_END_
#endif /* MBEDTLS_X509_CSR_H_ */
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`#ifndef MBEDTLS_X509_CSR_H_`
			`#define MBEDTLS_X509_CSR_H_`
Flatten Mbed TLS directory structure 2021-06-16 03:18:59 +00:00			`#include "third_party/mbedtls/config.h"`
			`#include "third_party/mbedtls/x509.h"`
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`COSMOPOLITAN_C_START_`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00
			`/**`
			`* Certificate Signing Request (CSR) structure.`
			`*/`
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`typedef struct mbedtls_x509_csr {`
Make it possible to compile redbean with chibicc This cuts build latency down from 5 seconds to 500 milliseconds. 2022-04-22 22:03:32 +00:00			`mbedtls_x509_buf raw; /< The raw CSR data (DER). /`
			`mbedtls_x509_buf cri; /< The raw CertificateRequestInfo body (DER). /`
			`int version; /< CSR version (1=v1). /`
			`mbedtls_x509_buf subject_raw; /< The raw subject data (DER). /`
			`mbedtls_x509_name subject; /< The parsed subject data (named information object). /`
			`mbedtls_pk_context pk; /< Container for the public key context. /`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00			`mbedtls_x509_buf sig_oid;`
			`mbedtls_x509_buf sig;`
Make it possible to compile redbean with chibicc This cuts build latency down from 5 seconds to 500 milliseconds. 2022-04-22 22:03:32 +00:00			`mbedtls_md_type_t sig_md; /< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 /`
			`mbedtls_pk_type_t sig_pk; /< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA /`
			`void sig_opts; /< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */`
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`} mbedtls_x509_csr;`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00
			`/**`
			`* Container for writing a CSR`
			`*/`
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`typedef struct mbedtls_x509write_csr {`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00			`mbedtls_pk_context *key;`
			`mbedtls_asn1_named_data *subject;`
			`mbedtls_md_type_t md_alg;`
			`mbedtls_asn1_named_data *extensions;`
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`} mbedtls_x509write_csr;`

			`int mbedtls_x509_csr_info( char , size_t, const char , const mbedtls_x509_csr * );`
			`int mbedtls_x509_csr_parse( mbedtls_x509_csr , const unsigned char , size_t );`
			`int mbedtls_x509_csr_parse_der( mbedtls_x509_csr , const unsigned char , size_t );`
			`int mbedtls_x509_csr_parse_file( mbedtls_x509_csr , const char );`
			`int mbedtls_x509write_csr_der( mbedtls_x509write_csr , unsigned char , size_t, int ()(void , unsigned char , size_t), void );`
			`int mbedtls_x509write_csr_pem( mbedtls_x509write_csr , unsigned char , size_t, int ()(void , unsigned char , size_t), void );`
			`int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr , const char , size_t, const unsigned char *, size_t );`
			`int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *, unsigned char );`
			`int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *, unsigned char );`
			`int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr , const char );`
			`void mbedtls_x509_csr_free( mbedtls_x509_csr * );`
			`void mbedtls_x509_csr_init( mbedtls_x509_csr * );`
			`void mbedtls_x509write_csr_free( mbedtls_x509write_csr * );`
			`void mbedtls_x509write_csr_init( mbedtls_x509write_csr * );`
			`void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr , mbedtls_pk_context );`
			`void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *, mbedtls_md_type_t );`

			`COSMOPOLITAN_C_END_`
			`#endif /* MBEDTLS_X509_CSR_H_ */`