aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLibravatar vnugent <public@vaughnnugent.com>2024-04-23 18:19:31 -0400
committerLibravatar vnugent <public@vaughnnugent.com>2024-04-23 18:19:31 -0400
commit7cb7a93de4f6f5e741bc5129e3d928e44f050930 (patch)
treeae5c564a0c3c60d0b4dac13ac8e8e3ebf7906ab1
parent30e8dda6cbea86bdee6d5dfe48514385d3b9f81b (diff)
refactor!: MbedTLS on Windows, switch to uint32
-rw-r--r--CMakeLists.txt71
-rw-r--r--include/nc-util.h (renamed from src/internal/nc-util.h)11
-rw-r--r--include/noscrypt.h (renamed from src/noscrypt.h)10
-rw-r--r--include/platform.h (renamed from src/platform.h)0
-rw-r--r--src/crypto/impl/bcrypt.c (renamed from src/internal/impl/bcrypt.c)14
-rw-r--r--src/crypto/impl/mbedtls.c (renamed from src/internal/impl/mbedtls.c)104
-rw-r--r--src/crypto/impl/monocypher.c (renamed from src/internal/impl/monocypher.c)5
-rw-r--r--src/crypto/impl/openssl.c (renamed from src/internal/impl/openssl.c)3
-rw-r--r--src/crypto/nc-crypto.c (renamed from src/internal/nc-crypto.c)15
-rw-r--r--src/crypto/nc-crypto.h (renamed from src/internal/nc-crypto.h)6
-rw-r--r--src/noscrypt.c20
-rw-r--r--tests/hex.h2
-rw-r--r--tests/test.c3
-rw-r--r--vendor/mbedtls/aes.h (renamed from include/mbedtls/aes.h)0
-rw-r--r--vendor/mbedtls/aria.h (renamed from include/mbedtls/aria.h)0
-rw-r--r--vendor/mbedtls/asn1.h (renamed from include/mbedtls/asn1.h)0
-rw-r--r--vendor/mbedtls/asn1write.h (renamed from include/mbedtls/asn1write.h)0
-rw-r--r--vendor/mbedtls/base64.h (renamed from include/mbedtls/base64.h)0
-rw-r--r--vendor/mbedtls/bignum.h (renamed from include/mbedtls/bignum.h)0
-rw-r--r--vendor/mbedtls/build_info.h (renamed from include/mbedtls/build_info.h)0
-rw-r--r--vendor/mbedtls/camellia.h (renamed from include/mbedtls/camellia.h)0
-rw-r--r--vendor/mbedtls/ccm.h (renamed from include/mbedtls/ccm.h)0
-rw-r--r--vendor/mbedtls/chacha20.h (renamed from include/mbedtls/chacha20.h)0
-rw-r--r--vendor/mbedtls/chachapoly.h (renamed from include/mbedtls/chachapoly.h)0
-rw-r--r--vendor/mbedtls/check_config.h (renamed from include/mbedtls/check_config.h)0
-rw-r--r--vendor/mbedtls/cipher.h (renamed from include/mbedtls/cipher.h)0
-rw-r--r--vendor/mbedtls/cmac.h (renamed from include/mbedtls/cmac.h)0
-rw-r--r--vendor/mbedtls/compat-2.x.h (renamed from include/mbedtls/compat-2.x.h)0
-rw-r--r--vendor/mbedtls/config_adjust_legacy_crypto.h (renamed from include/mbedtls/config_adjust_legacy_crypto.h)0
-rw-r--r--vendor/mbedtls/config_adjust_legacy_from_psa.h (renamed from include/mbedtls/config_adjust_legacy_from_psa.h)0
-rw-r--r--vendor/mbedtls/config_adjust_psa_from_legacy.h (renamed from include/mbedtls/config_adjust_psa_from_legacy.h)0
-rw-r--r--vendor/mbedtls/config_adjust_psa_superset_legacy.h (renamed from include/mbedtls/config_adjust_psa_superset_legacy.h)0
-rw-r--r--vendor/mbedtls/config_adjust_ssl.h (renamed from include/mbedtls/config_adjust_ssl.h)0
-rw-r--r--vendor/mbedtls/config_adjust_x509.h (renamed from include/mbedtls/config_adjust_x509.h)0
-rw-r--r--vendor/mbedtls/config_psa.h (renamed from include/mbedtls/config_psa.h)0
-rw-r--r--vendor/mbedtls/constant_time.h (renamed from include/mbedtls/constant_time.h)0
-rw-r--r--vendor/mbedtls/ctr_drbg.h (renamed from include/mbedtls/ctr_drbg.h)0
-rw-r--r--vendor/mbedtls/debug.h (renamed from include/mbedtls/debug.h)0
-rw-r--r--vendor/mbedtls/des.h (renamed from include/mbedtls/des.h)0
-rw-r--r--vendor/mbedtls/dhm.h (renamed from include/mbedtls/dhm.h)0
-rw-r--r--vendor/mbedtls/ecdh.h (renamed from include/mbedtls/ecdh.h)0
-rw-r--r--vendor/mbedtls/ecdsa.h (renamed from include/mbedtls/ecdsa.h)0
-rw-r--r--vendor/mbedtls/ecjpake.h (renamed from include/mbedtls/ecjpake.h)0
-rw-r--r--vendor/mbedtls/ecp.h (renamed from include/mbedtls/ecp.h)0
-rw-r--r--vendor/mbedtls/entropy.h (renamed from include/mbedtls/entropy.h)0
-rw-r--r--vendor/mbedtls/error.h (renamed from include/mbedtls/error.h)0
-rw-r--r--vendor/mbedtls/gcm.h (renamed from include/mbedtls/gcm.h)0
-rw-r--r--vendor/mbedtls/hkdf.h (renamed from include/mbedtls/hkdf.h)0
-rw-r--r--vendor/mbedtls/hmac_drbg.h (renamed from include/mbedtls/hmac_drbg.h)0
-rw-r--r--vendor/mbedtls/lms.h (renamed from include/mbedtls/lms.h)0
-rw-r--r--vendor/mbedtls/mbedtls_config.h (renamed from include/mbedtls/mbedtls_config.h)0
-rw-r--r--vendor/mbedtls/md.h (renamed from include/mbedtls/md.h)0
-rw-r--r--vendor/mbedtls/md5.h (renamed from include/mbedtls/md5.h)0
-rw-r--r--vendor/mbedtls/memory_buffer_alloc.h (renamed from include/mbedtls/memory_buffer_alloc.h)0
-rw-r--r--vendor/mbedtls/net_sockets.h (renamed from include/mbedtls/net_sockets.h)0
-rw-r--r--vendor/mbedtls/nist_kw.h (renamed from include/mbedtls/nist_kw.h)0
-rw-r--r--vendor/mbedtls/oid.h (renamed from include/mbedtls/oid.h)0
-rw-r--r--vendor/mbedtls/pem.h (renamed from include/mbedtls/pem.h)0
-rw-r--r--vendor/mbedtls/pk.h (renamed from include/mbedtls/pk.h)0
-rw-r--r--vendor/mbedtls/pkcs12.h (renamed from include/mbedtls/pkcs12.h)0
-rw-r--r--vendor/mbedtls/pkcs5.h (renamed from include/mbedtls/pkcs5.h)0
-rw-r--r--vendor/mbedtls/pkcs7.h (renamed from include/mbedtls/pkcs7.h)0
-rw-r--r--vendor/mbedtls/platform.h (renamed from include/mbedtls/platform.h)0
-rw-r--r--vendor/mbedtls/platform_time.h (renamed from include/mbedtls/platform_time.h)0
-rw-r--r--vendor/mbedtls/platform_util.h (renamed from include/mbedtls/platform_util.h)0
-rw-r--r--vendor/mbedtls/poly1305.h (renamed from include/mbedtls/poly1305.h)0
-rw-r--r--vendor/mbedtls/private_access.h (renamed from include/mbedtls/private_access.h)0
-rw-r--r--vendor/mbedtls/psa/build_info.h (renamed from include/psa/build_info.h)0
-rw-r--r--vendor/mbedtls/psa/crypto.h (renamed from include/psa/crypto.h)0
-rw-r--r--vendor/mbedtls/psa/crypto_adjust_auto_enabled.h (renamed from include/psa/crypto_adjust_auto_enabled.h)0
-rw-r--r--vendor/mbedtls/psa/crypto_adjust_config_key_pair_types.h (renamed from include/psa/crypto_adjust_config_key_pair_types.h)0
-rw-r--r--vendor/mbedtls/psa/crypto_adjust_config_synonyms.h (renamed from include/psa/crypto_adjust_config_synonyms.h)0
-rw-r--r--vendor/mbedtls/psa/crypto_builtin_composites.h (renamed from include/psa/crypto_builtin_composites.h)0
-rw-r--r--vendor/mbedtls/psa/crypto_builtin_key_derivation.h (renamed from include/psa/crypto_builtin_key_derivation.h)0
-rw-r--r--vendor/mbedtls/psa/crypto_builtin_primitives.h (renamed from include/psa/crypto_builtin_primitives.h)0
-rw-r--r--vendor/mbedtls/psa/crypto_compat.h (renamed from include/psa/crypto_compat.h)0
-rw-r--r--vendor/mbedtls/psa/crypto_config.h (renamed from include/psa/crypto_config.h)0
-rw-r--r--vendor/mbedtls/psa/crypto_driver_common.h (renamed from include/psa/crypto_driver_common.h)0
-rw-r--r--vendor/mbedtls/psa/crypto_driver_contexts_composites.h (renamed from include/psa/crypto_driver_contexts_composites.h)0
-rw-r--r--vendor/mbedtls/psa/crypto_driver_contexts_key_derivation.h (renamed from include/psa/crypto_driver_contexts_key_derivation.h)0
-rw-r--r--vendor/mbedtls/psa/crypto_driver_contexts_primitives.h (renamed from include/psa/crypto_driver_contexts_primitives.h)0
-rw-r--r--vendor/mbedtls/psa/crypto_extra.h (renamed from include/psa/crypto_extra.h)0
-rw-r--r--vendor/mbedtls/psa/crypto_legacy.h (renamed from include/psa/crypto_legacy.h)0
-rw-r--r--vendor/mbedtls/psa/crypto_platform.h (renamed from include/psa/crypto_platform.h)0
-rw-r--r--vendor/mbedtls/psa/crypto_se_driver.h (renamed from include/psa/crypto_se_driver.h)0
-rw-r--r--vendor/mbedtls/psa/crypto_sizes.h (renamed from include/psa/crypto_sizes.h)0
-rw-r--r--vendor/mbedtls/psa/crypto_struct.h (renamed from include/psa/crypto_struct.h)0
-rw-r--r--vendor/mbedtls/psa/crypto_types.h (renamed from include/psa/crypto_types.h)0
-rw-r--r--vendor/mbedtls/psa/crypto_values.h (renamed from include/psa/crypto_values.h)0
-rw-r--r--vendor/mbedtls/psa_util.h (renamed from include/mbedtls/psa_util.h)0
-rw-r--r--vendor/mbedtls/ripemd160.h (renamed from include/mbedtls/ripemd160.h)0
-rw-r--r--vendor/mbedtls/rsa.h (renamed from include/mbedtls/rsa.h)0
-rw-r--r--vendor/mbedtls/sha1.h (renamed from include/mbedtls/sha1.h)0
-rw-r--r--vendor/mbedtls/sha256.h (renamed from include/mbedtls/sha256.h)0
-rw-r--r--vendor/mbedtls/sha3.h (renamed from include/mbedtls/sha3.h)0
-rw-r--r--vendor/mbedtls/sha512.h (renamed from include/mbedtls/sha512.h)0
-rw-r--r--vendor/mbedtls/ssl.h (renamed from include/mbedtls/ssl.h)0
-rw-r--r--vendor/mbedtls/ssl_cache.h (renamed from include/mbedtls/ssl_cache.h)0
-rw-r--r--vendor/mbedtls/ssl_ciphersuites.h (renamed from include/mbedtls/ssl_ciphersuites.h)0
-rw-r--r--vendor/mbedtls/ssl_cookie.h (renamed from include/mbedtls/ssl_cookie.h)0
-rw-r--r--vendor/mbedtls/ssl_ticket.h (renamed from include/mbedtls/ssl_ticket.h)0
-rw-r--r--vendor/mbedtls/threading.h (renamed from include/mbedtls/threading.h)0
-rw-r--r--vendor/mbedtls/timing.h (renamed from include/mbedtls/timing.h)0
-rw-r--r--vendor/mbedtls/version.h (renamed from include/mbedtls/version.h)0
-rw-r--r--vendor/mbedtls/x509.h (renamed from include/mbedtls/x509.h)0
-rw-r--r--vendor/mbedtls/x509_crl.h (renamed from include/mbedtls/x509_crl.h)0
-rw-r--r--vendor/mbedtls/x509_crt.h (renamed from include/mbedtls/x509_crt.h)0
-rw-r--r--vendor/mbedtls/x509_csr.h (renamed from include/mbedtls/x509_csr.h)0
-rw-r--r--vendor/secp256k1/secp256k1.h (renamed from include/secp256k1.h)0
-rw-r--r--vendor/secp256k1/secp256k1_ecdh.h (renamed from include/secp256k1_ecdh.h)0
-rw-r--r--vendor/secp256k1/secp256k1_extrakeys.h (renamed from include/secp256k1_extrakeys.h)0
-rw-r--r--vendor/secp256k1/secp256k1_schnorrsig.h (renamed from include/secp256k1_schnorrsig.h)0
112 files changed, 151 insertions, 113 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 008a54c..b5bdd54 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -9,6 +9,7 @@ option(NC_DISABLE_INPUT_VALIDATION "Disables public function input validation" O
option(NC_FETCH_MBEDTLS "Fetch Mbed-TLS from it's source repository locally" OFF)
option(NC_INCLUDE_MONOCYPHER "Statically link to vendored monocypher library" ON)
set(CRYPTO_LIB "none" CACHE STRING "The crypto library to link to (mbedtls, openssl, none)")
+set(CRYPTO_LIB_DIR "" CACHE STRING "The path to the crypto library if it's not globally available")
string(TOLOWER ${CMAKE_BUILD_TYPE} build_type)
@@ -72,14 +73,14 @@ set(CMAKE_POSITION_INDEPENDENT_CODE ON)
set(NOSCRYPT_SRCS
"src/noscrypt.c"
- "src/internal/nc-crypto.c" #pulls in c impl files as needed
+ "src/crypto/nc-crypto.c" #pulls in c impl files as needed
)
set(NOSCRYPT_HEADERS
- "src/noscrypt.h"
- "src/platform.h"
- "src/internal/nc-crypto.h"
- "src/internal/nc-util.h"
+ "include/noscrypt.h"
+ "include/platform.h"
+ "include/nc-util.h"
+ "src/crypto/nc-crypto.h"
)
#static/shared library
@@ -104,11 +105,36 @@ if(CRYPTO_LIB STREQUAL "mbedtls")
message(STATUS "Linking to MbedTLS crypto library")
- target_link_libraries(${CMAKE_PROJECT_NAME} PRIVATE mbedcrypto PRIVATE mbedtls)
- target_link_libraries(${CMAKE_PROJECT_NAME}_static PRIVATE mbedcrypto PRIVATE mbedtls)
+ target_include_directories(${CMAKE_PROJECT_NAME} SYSTEM PRIVATE vendor)
+ target_include_directories(${CMAKE_PROJECT_NAME}_static SYSTEM PRIVATE vendor)
+
+ if(NC_FETCH_MBEDTLS)
+ #link to included mbedtls
+ target_link_libraries(${CMAKE_PROJECT_NAME} PRIVATE mbedcrypto PRIVATE mbedtls)
+ target_link_libraries(${CMAKE_PROJECT_NAME}_static PRIVATE mbedcrypto PRIVATE mbedtls)
+ else()
+ #find the library
+ find_library(MBEDTLS_LIB_CRYPTO
+ NAMES mbedcrypto libmbedcrypto
+ PATHS ${CRYPTO_LIB_DIR}
+ )
+
+ find_library(MBEDTLS_LIB_TLS
+ NAMES mbedtls libmbedtls
+ PATHS ${CRYPTO_LIB_DIR}
+ )
+
+ message(STATUS "Found mbedtls crypto library at ${MBEDTLS_LIB_CRYPTO}")
+ message(STATUS "Found mbedtls tls library at ${MBEDTLS_LIB_TLS}")
+
+ #link to the library
+ target_link_libraries(${CMAKE_PROJECT_NAME} PRIVATE ${MBEDTLS_LIB_CRYPTO} PRIVATE ${MBEDTLS_LIB_TLS})
+ target_link_libraries(${CMAKE_PROJECT_NAME}_static PRIVATE ${MBEDTLS_LIB_CRYPTO} PRIVATE ${MBEDTLS_LIB_TLS})
+ endif()
#enable mbedtls crypto library bindings
target_compile_definitions(${CMAKE_PROJECT_NAME} PRIVATE MBEDTLS_CRYPTO_LIB)
+ target_compile_definitions(${CMAKE_PROJECT_NAME}_static PRIVATE MBEDTLS_CRYPTO_LIB)
elseif(CRYPTO_LIB STREQUAL "openssl")
@@ -119,6 +145,7 @@ elseif(CRYPTO_LIB STREQUAL "openssl")
#enable openssl crypto library bindings
target_compile_definitions(${CMAKE_PROJECT_NAME} PRIVATE OPENSSL_CRYPTO_LIB)
+ target_compile_definitions(${CMAKE_PROJECT_NAME}_static PRIVATE OPENSSL_CRYPTO_LIB)
else()
#the library should be self sufficient in handling default crypto implementations
@@ -135,6 +162,7 @@ endif()
#setup flags for windows compilation
if(MSVC)
+ #link bcrypt for Windows platforms
target_link_libraries(${CMAKE_PROJECT_NAME} PRIVATE "bcrypt.lib")
target_link_libraries(${CMAKE_PROJECT_NAME}_static PRIVATE "bcrypt.lib")
@@ -176,7 +204,7 @@ elseif(CMAKE_COMPILER_IS_GNUCC)
PRIVATE
-g
- -0g
+ -Og
-Wall
-Werror
-pedantic
@@ -197,8 +225,8 @@ endif()
if(NC_INCLUDE_MONOCYPHER)
- target_include_directories(${CMAKE_PROJECT_NAME} PRIVATE "vendor/monocypher")
- target_include_directories(${CMAKE_PROJECT_NAME}_static PRIVATE "vendor/monocypher")
+ target_include_directories(${CMAKE_PROJECT_NAME} SYSTEM PRIVATE "vendor/monocypher")
+ target_include_directories(${CMAKE_PROJECT_NAME}_static SYSTEM PRIVATE "vendor/monocypher")
#add monocypher as a static dep to the project
add_library(monocypher STATIC
@@ -208,10 +236,6 @@ if(NC_INCLUDE_MONOCYPHER)
target_link_libraries(${CMAKE_PROJECT_NAME} PRIVATE monocypher)
target_link_libraries(${CMAKE_PROJECT_NAME}_static PRIVATE monocypher)
-
- #enable monocypher crypto library bindings
- target_compile_definitions(${CMAKE_PROJECT_NAME} PRIVATE NC_ENABLE_MONOCYPHER)
- target_compile_definitions(${CMAKE_PROJECT_NAME}_static PRIVATE NC_ENABLE_MONOCYPHER)
target_compile_features(monocypher PRIVATE c_std_99) #targets c99
@@ -220,16 +244,21 @@ if(NC_INCLUDE_MONOCYPHER)
/sdl #enable additional security checks
/TC #compile as c
/GS #buffer security check
-
- $<$<CONFIG:Debug>:/FC> #show full path in diagnostics
- $<$<CONFIG:Debug>:/showIncludes> #show a list of all included header files during build
-
- #$<$<CONFIG:Debug>:/wd4820> #disable warnings for struct padding and spectre mitigation wuen WX is enabled
- #$<$<CONFIG:Debug>:/wd5045> #disable warnings for spectre mitigation insertion
)
+
+ #enable monocypher crypto library bindings
+ target_compile_definitions(${CMAKE_PROJECT_NAME} PRIVATE NC_ENABLE_MONOCYPHER)
+ target_compile_definitions(${CMAKE_PROJECT_NAME}_static PRIVATE NC_ENABLE_MONOCYPHER)
+
elseif(CMAKE_COMPILER_IS_GNUCC)
#from monocypher's Makefile
target_compile_options(monocypher PRIVATE -pedantic -Wall -Wextra -O3 -march=native)
+
+ #enable monocypher crypto library bindings
+ target_compile_definitions(${CMAKE_PROJECT_NAME} PRIVATE NC_ENABLE_MONOCYPHER)
+ target_compile_definitions(${CMAKE_PROJECT_NAME}_static PRIVATE NC_ENABLE_MONOCYPHER)
+ else()
+ message(WARNING "Monocypher is not supported on this platform")
endif()
endif()
@@ -240,7 +269,7 @@ if(NC_BUILD_TESTS)
#add test executable and link to library
add_executable(nctest tests/test.c)
target_link_libraries(nctest ${CMAKE_PROJECT_NAME}_static)
- target_include_directories(nctest PRIVATE "src")
+ target_include_directories(nctest PRIVATE include)
#enable c11 for testing
target_compile_features(nctest PRIVATE c_std_11)
diff --git a/src/internal/nc-util.h b/include/nc-util.h
index 9f72470..23399e8 100644
--- a/src/internal/nc-util.h
+++ b/include/nc-util.h
@@ -24,12 +24,13 @@
#ifndef NC_UTIL_H
#define NC_UTIL_H
+#include "platform.h"
+
/* NULL */
#ifndef NULL
#define NULL ((void*)0)
#endif /* !NULL */
-
#ifdef DEBUG
/* Must include assert.h for assertions */
#include <assert.h>
@@ -64,22 +65,22 @@
typedef struct memory_span_struct
{
uint8_t* data;
- uint64_t size;
+ uint32_t size;
} span_t;
typedef struct read_only_memory_span_struct
{
const uint8_t* data;
- uint64_t size;
+ uint32_t size;
} cspan_t;
-static void ncSpanInitC(cspan_t* span, const uint8_t* data, uint64_t size)
+_nc_fn_inline void ncSpanInitC(cspan_t* span, const uint8_t* data, uint32_t size)
{
span->data = data;
span->size = size;
}
-static void ncSpanInit(span_t* span, uint8_t* data, uint64_t size)
+_nc_fn_inline void ncSpanInit(span_t* span, uint8_t* data, uint32_t size)
{
span->data = data;
span->size = size;
diff --git a/src/noscrypt.h b/include/noscrypt.h
index a8a42ee..68ae8f7 100644
--- a/src/noscrypt.h
+++ b/include/noscrypt.h
@@ -158,7 +158,7 @@ typedef struct nc_encryption_struct {
/* The size of the data buffers. Buffers must
* be the same size or larger than this value
*/
- uint64_t dataSize;
+ uint32_t dataSize;
} NCEncryptionArgs;
@@ -178,7 +178,7 @@ typedef struct nc_mac_verify {
const uint8_t* payload;
/* The size of the payload data */
- uint64_t payloadSize;
+ uint32_t payloadSize;
} NCMacVerifyArgs;
@@ -319,7 +319,7 @@ NC_EXPORT NCResult NC_CC NCSignData(
const NCSecretKey* sk,
const uint8_t random32[32],
const uint8_t* data,
- const uint64_t dataSize,
+ const uint32_t dataSize,
uint8_t sig64[64]
);
@@ -336,7 +336,7 @@ NC_EXPORT NCResult NC_CC NCVerifyData(
const NCContext* ctx,
const NCPublicKey* pk,
const uint8_t* data,
- const uint64_t dataSize,
+ const uint32_t dataSize,
const uint8_t sig64[64]
);
@@ -555,7 +555,7 @@ NC_EXPORT NCResult NCComputeMac(
const NCContext* ctx,
const uint8_t hmacKey[NC_HMAC_KEY_SIZE],
const uint8_t* payload,
- uint64_t payloadSize,
+ uint32_t payloadSize,
uint8_t hmacOut[NC_ENCRYPTION_MAC_SIZE]
);
diff --git a/src/platform.h b/include/platform.h
index 8abaadd..8abaadd 100644
--- a/src/platform.h
+++ b/include/platform.h
diff --git a/src/internal/impl/bcrypt.c b/src/crypto/impl/bcrypt.c
index 8ae6c5a..970f68f 100644
--- a/src/internal/impl/bcrypt.c
+++ b/src/crypto/impl/bcrypt.c
@@ -31,8 +31,7 @@
#include <Windows.h>
#include <bcrypt.h>
-#include "../../platform.h"
-#include "../nc-util.h"
+#include "nc-util.h"
#define IF_BC_FAIL(x) if(!BCRYPT_SUCCESS(x))
@@ -97,7 +96,7 @@ _IMPLSTB NTSTATUS _bcCreate(struct _bcrypt_ctx* ctx)
return _bcCreateHmac(ctx, &key);
}
-_IMPLSTB NTSTATUS _bcHashDataRaw(const struct _bcrypt_ctx* ctx, const uint8_t* data, uint64_t len)
+_IMPLSTB NTSTATUS _bcHashDataRaw(const struct _bcrypt_ctx* ctx, const uint8_t* data, uint32_t len)
{
return BCryptHashData(ctx->hHash, (uint8_t*)data, len, 0);
}
@@ -213,12 +212,12 @@ _IMPLSTB void _bcDestroyCtx(struct _bcrypt_ctx* ctx)
#ifndef _IMPL_CRYPTO_SHA256_HKDF_EXPAND
- #define _IMPL_CRYPTO_SHA256_HKDF_EXPAND _fallbackHkdfExpand
+ #define _IMPL_CRYPTO_SHA256_HKDF_EXPAND _bcrypt_fallback_hkdf_expand
/* Include string for memmove */
#include <string.h>
- static void ncWriteSpanS(span_t* span, uint64_t offset, const uint8_t* data, uint64_t size)
+ static void ncWriteSpanS(span_t* span, uint32_t offset, const uint8_t* data, uint32_t size)
{
DEBUG_ASSERT2(span != NULL, "Expected span to be non-null")
DEBUG_ASSERT2(data != NULL, "Expected data to be non-null")
@@ -239,13 +238,13 @@ _IMPLSTB void _bcDestroyCtx(struct _bcrypt_ctx* ctx)
#define _BC_MIN(a, b) (a < b ? a : b)
- _IMPLSTB cstatus_t _fallbackHkdfExpand(const cspan_t* prk, const cspan_t* info, span_t* okm)
+ _IMPLSTB cstatus_t _bcrypt_fallback_hkdf_expand(const cspan_t* prk, const cspan_t* info, span_t* okm)
{
cstatus_t result;
struct _bcrypt_ctx ctx;
uint8_t counter;
- uint64_t tLen, okmOffset;
+ uint32_t tLen, okmOffset;
uint8_t t[HKDF_IN_BUF_SIZE];
_IMPL_SECURE_ZERO_MEMSET(t, sizeof(t));
@@ -274,7 +273,6 @@ _IMPLSTB void _bcDestroyCtx(struct _bcrypt_ctx* ctx)
tLen = _BC_MIN(okm->size - okmOffset, SHA256_DIGEST_SIZE);
DEBUG_ASSERT(tLen <= sizeof(t));
- DEBUG_ASSERT((tLen + okmOffset) < okm->size);
/* write the T buffer back to okm */
ncWriteSpanS(okm, okmOffset, t, tLen);
diff --git a/src/internal/impl/mbedtls.c b/src/crypto/impl/mbedtls.c
index 54caa44..ae36bbd 100644
--- a/src/internal/impl/mbedtls.c
+++ b/src/crypto/impl/mbedtls.c
@@ -35,8 +35,7 @@
#include <mbedtls/chacha20.h>
#include <mbedtls/constant_time.h>
-#include "../../platform.h"
-#include "../nc-util.h"
+#include "nc-util.h"
/*
* EXPORT SUPPORTED FUNCTION OVERRIDES
@@ -51,21 +50,38 @@ _IMPLSTB const mbedtls_md_info_t* _mbed_sha256_alg(void)
return info;
}
+#if SIZE_MAX < UINT64_MAX
+ #define _ssize_guard(x) if(x > SIZE_MAX) return CSTATUS_FAIL;
+ #define _ssize_guard_int(x) if(x > SIZE_MAX) return 1;
+#else
+ #define _ssize_guard(x)
+ #define _ssize_guard_int(x)
+#endif
+
#ifndef _IMPL_CHACHA20_CRYPT
/* Export chacha20 computation */
#define _IMPL_CHACHA20_CRYPT _mbed_chacha20_encrypt
- _IMPLSTB int _mbed_chacha20_encrypt(
+ _IMPLSTB cstatus_t _mbed_chacha20_encrypt(
const uint8_t* key,
const uint8_t* nonce,
const uint8_t* input,
uint8_t* output,
- size_t dataLen
+ uint32_t dataLen
)
{
+ _ssize_guard(dataLen)
+
/* Counter always starts at 0 */
- return mbedtls_chacha20_crypt(key, nonce, 0x00u, dataLen, input, output);
+ return mbedtls_chacha20_crypt(
+ key,
+ nonce,
+ 0x00u, /* nip-44 counter version */
+ dataLen,
+ input,
+ output
+ ) == 0 ? CSTATUS_OK : CSTATUS_FAIL;
}
#endif
@@ -75,9 +91,16 @@ _IMPLSTB const mbedtls_md_info_t* _mbed_sha256_alg(void)
#define _IMPL_CRYPTO_SHA256_DIGEST _mbed_sha256_digest
- _IMPLSTB CStatus _mbed_sha256_digest(const uint8_t* data, size_t dataSize,uint8_t* digestOut32)
+ _IMPLSTB cstatus_t _mbed_sha256_digest(const cspan_t* data, sha256_t digestOut32)
{
- return mbedtls_sha256(data, dataSize, digestOut32, 0);
+ _ssize_guard(data->size)
+
+ return mbedtls_sha256(
+ data->data,
+ data->size,
+ digestOut32,
+ 0 /* Set 0 for sha256 mode */
+ ) == 0 ? CSTATUS_OK : CSTATUS_FAIL;
}
#endif
@@ -87,18 +110,21 @@ _IMPLSTB const mbedtls_md_info_t* _mbed_sha256_alg(void)
#define _IMPL_CRYPTO_SHA256_HMAC _mbed_sha256_hmac
- _IMPLSTB CStatus _mbed_sha256_hmac(
- const uint8_t* key, size_t keyLen,
- const uint8_t* data, size_t dataLen,
- void* hmacOut32
- )
+ _IMPLSTB cstatus_t _mbed_sha256_hmac(const cspan_t* key, const cspan_t* data, sha256_t hmacOut32)
{
+ _ssize_guard(data->size)
+
+ /* Keys should never be large enough for this to matter, but sanity check. */
+ DEBUG_ASSERT2(key->size < SIZE_MAX, "Expected key size to be less than SIZE_MAX")
+
return mbedtls_md_hmac(
_mbed_sha256_alg(),
- key, keyLen,
- data, dataLen,
+ key->data,
+ key->size,
+ data->data,
+ data->size,
hmacOut32
- );
+ ) == 0 ? CSTATUS_OK : CSTATUS_FAIL;
}
#endif
@@ -107,51 +133,37 @@ _IMPLSTB const mbedtls_md_info_t* _mbed_sha256_alg(void)
#define _IMPL_CRYPTO_SHA256_HKDF_EXPAND _mbed_sha256_hkdf_expand
- _IMPLSTB int _mbed_sha256_hkdf_expand(
- const uint8_t* prk, size_t prkLen,
- const uint8_t* info, size_t infoLen,
- void* okm, size_t okmLen
- )
+ _IMPLSTB cstatus_t _mbed_sha256_hkdf_expand(const cspan_t* prk, const cspan_t* info, span_t* okm)
{
+ /* These sizes should never be large enough to overflow on <64bit platforms, but sanity check */
+ DEBUG_ASSERT(okm->size < SIZE_MAX)
+ DEBUG_ASSERT(prk->size < SIZE_MAX)
+ DEBUG_ASSERT(info->size < SIZE_MAX)
+
return mbedtls_hkdf_expand(
_mbed_sha256_alg(),
- prk, prkLen,
- info, infoLen,
- okm, okmLen
- );
+ prk->data,
+ prk->size,
+ info->data,
+ info->size,
+ okm->data,
+ okm->size
+ ) == 0 ? CSTATUS_OK : CSTATUS_FAIL;
}
#endif
-/* Export hkdf extract if not already defined */
-#ifndef _IMPL_CRYPTO_SHA256_HKDF_EXTRACT
-
- #define _IMPL_CRYPTO_SHA256_HKDF_EXTRACT _mbed_sha256_hkdf_extract
-
- _IMPLSTB int _mbed_sha256_hkdf_extract(
- const uint8_t* salt, size_t saltLen,
- const uint8_t* ikm, size_t ikmLen,
- void* prk
- )
- {
- return mbedtls_hkdf_extract(
- _mbed_sha256_alg(),
- salt, saltLen,
- ikm, ikmLen,
- prk
- );
- }
-#endif
-
/* Export fixed-time compare if not already defined */
#ifndef _IMPL_CRYPTO_FIXED_TIME_COMPARE
#define _IMPL_CRYPTO_FIXED_TIME_COMPARE _mbed_fixed_time_compare
/* fixed-time memcmp */
- _IMPLSTB int _mbed_fixed_time_compare(const uint8_t* a, const uint8_t* b, size_t size)
+ _IMPLSTB uint32_t _mbed_fixed_time_compare(const uint8_t* a, const uint8_t* b, uint32_t size)
{
- return mbedtls_ct_memcmp(a, b, size);
+ _ssize_guard_int(size)
+
+ return (uint32_t)mbedtls_ct_memcmp(a, b, size);
}
#endif
diff --git a/src/internal/impl/monocypher.c b/src/crypto/impl/monocypher.c
index 6e93c63..790f5e9 100644
--- a/src/internal/impl/monocypher.c
+++ b/src/crypto/impl/monocypher.c
@@ -31,8 +31,7 @@
#include <monocypher.h>
-#include "../../platform.h"
-#include "../nc-util.h"
+#include "nc-util.h"
/* Export secure memse0 */
#ifndef _IMPL_SECURE_ZERO_MEMSET
@@ -51,7 +50,7 @@
const uint8_t* nonce,
const uint8_t* input,
uint8_t* output,
- uint64_t dataLen
+ uint32_t dataLen
)
{
if(dataLen > SIZE_MAX)
diff --git a/src/internal/impl/openssl.c b/src/crypto/impl/openssl.c
index d0cdb8c..1217e60 100644
--- a/src/internal/impl/openssl.c
+++ b/src/crypto/impl/openssl.c
@@ -25,8 +25,7 @@
#include <openssl/sha.h>
-#include "../../platform.h"
-#include "../nc-util.h"
+#include "nc-util.h"
/*
* EXPORT SUPPORTED FUNCTIONS AS MACROS
diff --git a/src/internal/nc-crypto.c b/src/crypto/nc-crypto.c
index 9cd2c3e..fb2c0da 100644
--- a/src/internal/nc-crypto.c
+++ b/src/crypto/nc-crypto.c
@@ -20,7 +20,6 @@
#include "nc-util.h"
#include "nc-crypto.h"
-#include "../platform.h"
/*
* Functions are not forced inline, just suggested.
@@ -131,7 +130,7 @@
* integer size
*/
- static uint32_t _fallbackFixedTimeCompare(const uint8_t* a, const uint8_t* b, uint64_t size)
+ static uint32_t _fallbackFixedTimeCompare(const uint8_t* a, const uint8_t* b, uint32_t size)
{
size_t i;
uint32_t result;
@@ -164,7 +163,7 @@
* for the desired crypto impl.
*/
-void ncCryptoSecureZero(void* ptr, uint64_t size)
+void ncCryptoSecureZero(void* ptr, uint32_t size)
{
DEBUG_ASSERT2(ptr != NULL, "Expected ptr to be non-null")
@@ -175,7 +174,7 @@ void ncCryptoSecureZero(void* ptr, uint64_t size)
_IMPL_SECURE_ZERO_MEMSET(ptr, size);
}
-uint32_t ncCryptoFixedTimeComp(const uint8_t* a, const uint8_t* b, uint64_t size)
+uint32_t ncCryptoFixedTimeComp(const uint8_t* a, const uint8_t* b, uint32_t size)
{
DEBUG_ASSERT2(a != NULL, "Expected a to be non-null")
DEBUG_ASSERT2(b != NULL, "Expected b to be non-null")
@@ -226,7 +225,7 @@ cstatus_t ncCryptoSha256HkdfExpand(const cspan_t* prk, const cspan_t* info, span
* "length of output keying material in octets (<= 255 * HashLen)"
*/
- if(okm->size > (uint64_t)(0xFFu * SHA256_DIGEST_SIZE))
+ if(okm->size > (uint32_t)(0xFFu * SHA256_DIGEST_SIZE))
{
return CSTATUS_FAIL;
}
@@ -257,7 +256,7 @@ cstatus_t ncCryptoChacha20(
const uint8_t nonce[CHACHA_NONCE_SIZE],
const uint8_t* input,
uint8_t* output,
- uint64_t dataSize
+ uint32_t dataSize
)
{
DEBUG_ASSERT2(key != NULL, "Expected key to be non-null")
@@ -265,5 +264,9 @@ cstatus_t ncCryptoChacha20(
DEBUG_ASSERT2(input != NULL, "Expected input to be non-null")
DEBUG_ASSERT2(output != NULL, "Expected output to be non-null")
+#ifndef _IMPL_CHACHA20_CRYPT
+ #error "No chacha20 implementation defined"
+#endif /* !_IMPL_CHACHA20_CRYPT */
+
return _IMPL_CHACHA20_CRYPT(key, nonce, input, output, dataSize);
}
diff --git a/src/internal/nc-crypto.h b/src/crypto/nc-crypto.h
index 3487b2b..64d4ad8 100644
--- a/src/internal/nc-crypto.h
+++ b/src/crypto/nc-crypto.h
@@ -50,9 +50,9 @@ typedef uint8_t sha256_t[SHA256_DIGEST_SIZE];
#endif
-uint32_t ncCryptoFixedTimeComp(const uint8_t* a, const uint8_t* b, uint64_t size);
+uint32_t ncCryptoFixedTimeComp(const uint8_t* a, const uint8_t* b, uint32_t size);
-void ncCryptoSecureZero(void* ptr, uint64_t size);
+void ncCryptoSecureZero(void* ptr, uint32_t size);
cstatus_t ncCryptoDigestSha256(const cspan_t* data, sha256_t digestOut32);
@@ -67,7 +67,7 @@ cstatus_t ncCryptoChacha20(
const uint8_t nonce[CHACHA_NONCE_SIZE],
const uint8_t* input,
uint8_t* output,
- uint64_t dataSize
+ uint32_t dataSize
);
#endif /* !_NC_CRYPTO_H */
diff --git a/src/noscrypt.c b/src/noscrypt.c
index 4715d50..00684b8 100644
--- a/src/noscrypt.c
+++ b/src/noscrypt.c
@@ -20,8 +20,8 @@
#include "noscrypt.h"
-#include "internal/nc-util.h"
-#include "internal/nc-crypto.h"
+#include "nc-util.h"
+#include "crypto/nc-crypto.h"
#include <secp256k1_ecdh.h>
#include <secp256k1_schnorrsig.h>
@@ -84,7 +84,7 @@ struct nc_expand_keys {
/* Pointer typecast must work between expanded keys
* and message key, size must be identical to work
*/
-STATIC_ASSERT(sizeof(struct nc_expand_keys) == sizeof(struct message_key), "Expected struct nc_expand_keys to be the same size as struct message_key");
+STATIC_ASSERT(sizeof(struct nc_expand_keys) == sizeof(struct message_key), "Expected struct nc_expand_keys to be the same size as struct message_key")
/*
* Check that the fallback hkdf extract internal buffer is large enough
@@ -569,7 +569,7 @@ NC_EXPORT NCResult NC_CC NCSignData(
const NCSecretKey* sk,
const uint8_t random32[32],
const uint8_t* data,
- uint64_t dataSize,
+ uint32_t dataSize,
uint8_t sig64[64]
)
{
@@ -630,7 +630,7 @@ NC_EXPORT NCResult NC_CC NCVerifyData(
const NCContext* ctx,
const NCPublicKey* pk,
const uint8_t* data,
- const uint64_t dataSize,
+ const uint32_t dataSize,
const uint8_t sig64[64]
)
{
@@ -857,7 +857,7 @@ NC_EXPORT NCResult NCComputeMac(
const NCContext* ctx,
const uint8_t hmacKey[NC_HMAC_KEY_SIZE],
const uint8_t* payload,
- uint64_t payloadSize,
+ uint32_t payloadSize,
uint8_t hmacOut[NC_ENCRYPTION_MAC_SIZE]
)
{
@@ -905,6 +905,10 @@ NC_EXPORT NCResult NC_CC NCVerifyMac(
NCMacVerifyArgs* args
)
{
+ NCResult result;
+ struct shared_secret sharedSecret;
+ struct conversation_key conversationKey;
+
CHECK_NULL_ARG(ctx, 0)
CHECK_CONTEXT_STATE(ctx, 0)
CHECK_NULL_ARG(sk, 1)
@@ -916,10 +920,6 @@ NC_EXPORT NCResult NC_CC NCVerifyMac(
CHECK_INVALID_ARG(args->nonce32, 3)
CHECK_ARG_RANGE(args->payloadSize, NIP44_MIN_ENC_MESSAGE_SIZE, NIP44_MAX_ENC_MESSAGE_SIZE, 3)
- NCResult result;
- struct shared_secret sharedSecret;
- struct conversation_key conversationKey;
-
/* Computed the shared point so we can get the converstation key */
if ((result = _computeSharedSecret(ctx, sk, pk, &sharedSecret)) != NC_SUCCESS)
{
diff --git a/tests/hex.h b/tests/hex.h
index 3348028..5e90ce9 100644
--- a/tests/hex.h
+++ b/tests/hex.h
@@ -26,7 +26,7 @@
#include <stdlib.h>
#include <string.h>
-#include "../src/internal/nc-util.h"
+#include <nc-util.h>
typedef struct hexBytes
{
diff --git a/tests/test.c b/tests/test.c
index e94e3fd..2503925 100644
--- a/tests/test.c
+++ b/tests/test.c
@@ -24,9 +24,6 @@
#include <stdlib.h>
#include <noscrypt.h>
-#include <mbedtls/sha256.h>
-#include <mbedtls/platform_util.h>
-
#ifdef _NC_IS_WINDOWS
#define IS_WINDOWS
#endif
diff --git a/include/mbedtls/aes.h b/vendor/mbedtls/aes.h
index 77ecffd..77ecffd 100644
--- a/include/mbedtls/aes.h
+++ b/vendor/mbedtls/aes.h
diff --git a/include/mbedtls/aria.h b/vendor/mbedtls/aria.h
index abb8a3d..abb8a3d 100644
--- a/include/mbedtls/aria.h
+++ b/vendor/mbedtls/aria.h
diff --git a/include/mbedtls/asn1.h b/vendor/mbedtls/asn1.h
index 830458b..830458b 100644
--- a/include/mbedtls/asn1.h
+++ b/vendor/mbedtls/asn1.h
diff --git a/include/mbedtls/asn1write.h b/vendor/mbedtls/asn1write.h
index 7af4aba..7af4aba 100644
--- a/include/mbedtls/asn1write.h
+++ b/vendor/mbedtls/asn1write.h
diff --git a/include/mbedtls/base64.h b/vendor/mbedtls/base64.h
index 8f459b7..8f459b7 100644
--- a/include/mbedtls/base64.h
+++ b/vendor/mbedtls/base64.h
diff --git a/include/mbedtls/bignum.h b/vendor/mbedtls/bignum.h
index 931e06d..931e06d 100644
--- a/include/mbedtls/bignum.h
+++ b/vendor/mbedtls/bignum.h
diff --git a/include/mbedtls/build_info.h b/vendor/mbedtls/build_info.h
index 87e3c2e..87e3c2e 100644
--- a/include/mbedtls/build_info.h
+++ b/vendor/mbedtls/build_info.h
diff --git a/include/mbedtls/camellia.h b/vendor/mbedtls/camellia.h
index 6c674fe..6c674fe 100644
--- a/include/mbedtls/camellia.h
+++ b/vendor/mbedtls/camellia.h
diff --git a/include/mbedtls/ccm.h b/vendor/mbedtls/ccm.h
index a98111b..a98111b 100644
--- a/include/mbedtls/ccm.h
+++ b/vendor/mbedtls/ccm.h
diff --git a/include/mbedtls/chacha20.h b/vendor/mbedtls/chacha20.h
index 680fe36..680fe36 100644
--- a/include/mbedtls/chacha20.h
+++ b/vendor/mbedtls/chacha20.h
diff --git a/include/mbedtls/chachapoly.h b/vendor/mbedtls/chachapoly.h
index 3dc21e3..3dc21e3 100644
--- a/include/mbedtls/chachapoly.h
+++ b/vendor/mbedtls/chachapoly.h
diff --git a/include/mbedtls/check_config.h b/vendor/mbedtls/check_config.h
index e479ef3..e479ef3 100644
--- a/include/mbedtls/check_config.h
+++ b/vendor/mbedtls/check_config.h
diff --git a/include/mbedtls/cipher.h b/vendor/mbedtls/cipher.h
index 2596baa..2596baa 100644
--- a/include/mbedtls/cipher.h
+++ b/vendor/mbedtls/cipher.h
diff --git a/include/mbedtls/cmac.h b/vendor/mbedtls/cmac.h
index 97b86fc..97b86fc 100644
--- a/include/mbedtls/cmac.h
+++ b/vendor/mbedtls/cmac.h
diff --git a/include/mbedtls/compat-2.x.h b/vendor/mbedtls/compat-2.x.h
index 096341b..096341b 100644
--- a/include/mbedtls/compat-2.x.h
+++ b/vendor/mbedtls/compat-2.x.h
diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/vendor/mbedtls/config_adjust_legacy_crypto.h
index f769765..f769765 100644
--- a/include/mbedtls/config_adjust_legacy_crypto.h
+++ b/vendor/mbedtls/config_adjust_legacy_crypto.h
diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/vendor/mbedtls/config_adjust_legacy_from_psa.h
index ab18d98..ab18d98 100644
--- a/include/mbedtls/config_adjust_legacy_from_psa.h
+++ b/vendor/mbedtls/config_adjust_legacy_from_psa.h
diff --git a/include/mbedtls/config_adjust_psa_from_legacy.h b/vendor/mbedtls/config_adjust_psa_from_legacy.h
index c31a462..c31a462 100644
--- a/include/mbedtls/config_adjust_psa_from_legacy.h
+++ b/vendor/mbedtls/config_adjust_psa_from_legacy.h
diff --git a/include/mbedtls/config_adjust_psa_superset_legacy.h b/vendor/mbedtls/config_adjust_psa_superset_legacy.h
index 3a55c3f..3a55c3f 100644
--- a/include/mbedtls/config_adjust_psa_superset_legacy.h
+++ b/vendor/mbedtls/config_adjust_psa_superset_legacy.h
diff --git a/include/mbedtls/config_adjust_ssl.h b/vendor/mbedtls/config_adjust_ssl.h
index 8415f3e..8415f3e 100644
--- a/include/mbedtls/config_adjust_ssl.h
+++ b/vendor/mbedtls/config_adjust_ssl.h
diff --git a/include/mbedtls/config_adjust_x509.h b/vendor/mbedtls/config_adjust_x509.h
index 346c8ae..346c8ae 100644
--- a/include/mbedtls/config_adjust_x509.h
+++ b/vendor/mbedtls/config_adjust_x509.h
diff --git a/include/mbedtls/config_psa.h b/vendor/mbedtls/config_psa.h
index 17da61b..17da61b 100644
--- a/include/mbedtls/config_psa.h
+++ b/vendor/mbedtls/config_psa.h
diff --git a/include/mbedtls/constant_time.h b/vendor/mbedtls/constant_time.h
index d31bff6..d31bff6 100644
--- a/include/mbedtls/constant_time.h
+++ b/vendor/mbedtls/constant_time.h
diff --git a/include/mbedtls/ctr_drbg.h b/vendor/mbedtls/ctr_drbg.h
index d1f19e6..d1f19e6 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/vendor/mbedtls/ctr_drbg.h
diff --git a/include/mbedtls/debug.h b/vendor/mbedtls/debug.h
index 0aef2ed..0aef2ed 100644
--- a/include/mbedtls/debug.h
+++ b/vendor/mbedtls/debug.h
diff --git a/include/mbedtls/des.h b/vendor/mbedtls/des.h
index 2b097a1..2b097a1 100644
--- a/include/mbedtls/des.h
+++ b/vendor/mbedtls/des.h
diff --git a/include/mbedtls/dhm.h b/vendor/mbedtls/dhm.h
index fcba3d2..fcba3d2 100644
--- a/include/mbedtls/dhm.h
+++ b/vendor/mbedtls/dhm.h
diff --git a/include/mbedtls/ecdh.h b/vendor/mbedtls/ecdh.h
index 792db79..792db79 100644
--- a/include/mbedtls/ecdh.h
+++ b/vendor/mbedtls/ecdh.h
diff --git a/include/mbedtls/ecdsa.h b/vendor/mbedtls/ecdsa.h
index 2ecf349..2ecf349 100644
--- a/include/mbedtls/ecdsa.h
+++ b/vendor/mbedtls/ecdsa.h
diff --git a/include/mbedtls/ecjpake.h b/vendor/mbedtls/ecjpake.h
index c2148a2..c2148a2 100644
--- a/include/mbedtls/ecjpake.h
+++ b/vendor/mbedtls/ecjpake.h
diff --git a/include/mbedtls/ecp.h b/vendor/mbedtls/ecp.h
index 7f5e880..7f5e880 100644
--- a/include/mbedtls/ecp.h
+++ b/vendor/mbedtls/ecp.h
diff --git a/include/mbedtls/entropy.h b/vendor/mbedtls/entropy.h
index 20fd687..20fd687 100644
--- a/include/mbedtls/entropy.h
+++ b/vendor/mbedtls/entropy.h
diff --git a/include/mbedtls/error.h b/vendor/mbedtls/error.h
index 186589a..186589a 100644
--- a/include/mbedtls/error.h
+++ b/vendor/mbedtls/error.h
diff --git a/include/mbedtls/gcm.h b/vendor/mbedtls/gcm.h
index 837cecc..837cecc 100644
--- a/include/mbedtls/gcm.h
+++ b/vendor/mbedtls/gcm.h
diff --git a/include/mbedtls/hkdf.h b/vendor/mbedtls/hkdf.h
index 930e93f..930e93f 100644
--- a/include/mbedtls/hkdf.h
+++ b/vendor/mbedtls/hkdf.h
diff --git a/include/mbedtls/hmac_drbg.h b/vendor/mbedtls/hmac_drbg.h
index 18b1b75..18b1b75 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/vendor/mbedtls/hmac_drbg.h
diff --git a/include/mbedtls/lms.h b/vendor/mbedtls/lms.h
index 95fce21..95fce21 100644
--- a/include/mbedtls/lms.h
+++ b/vendor/mbedtls/lms.h
diff --git a/include/mbedtls/mbedtls_config.h b/vendor/mbedtls/mbedtls_config.h
index e1456b9..e1456b9 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/vendor/mbedtls/mbedtls_config.h
diff --git a/include/mbedtls/md.h b/vendor/mbedtls/md.h
index ff7b133..ff7b133 100644
--- a/include/mbedtls/md.h
+++ b/vendor/mbedtls/md.h
diff --git a/include/mbedtls/md5.h b/vendor/mbedtls/md5.h
index 6bf0754..6bf0754 100644
--- a/include/mbedtls/md5.h
+++ b/vendor/mbedtls/md5.h
diff --git a/include/mbedtls/memory_buffer_alloc.h b/vendor/mbedtls/memory_buffer_alloc.h
index b527d9b..b527d9b 100644
--- a/include/mbedtls/memory_buffer_alloc.h
+++ b/vendor/mbedtls/memory_buffer_alloc.h
diff --git a/include/mbedtls/net_sockets.h b/vendor/mbedtls/net_sockets.h
index 026f627..026f627 100644
--- a/include/mbedtls/net_sockets.h
+++ b/vendor/mbedtls/net_sockets.h
diff --git a/include/mbedtls/nist_kw.h b/vendor/mbedtls/nist_kw.h
index d353f3d..d353f3d 100644
--- a/include/mbedtls/nist_kw.h
+++ b/vendor/mbedtls/nist_kw.h
diff --git a/include/mbedtls/oid.h b/vendor/mbedtls/oid.h
index e48817d..e48817d 100644
--- a/include/mbedtls/oid.h
+++ b/vendor/mbedtls/oid.h
diff --git a/include/mbedtls/pem.h b/vendor/mbedtls/pem.h
index cc617a9..cc617a9 100644
--- a/include/mbedtls/pem.h
+++ b/vendor/mbedtls/pem.h
diff --git a/include/mbedtls/pk.h b/vendor/mbedtls/pk.h
index 24b1188..24b1188 100644
--- a/include/mbedtls/pk.h
+++ b/vendor/mbedtls/pk.h
diff --git a/include/mbedtls/pkcs12.h b/vendor/mbedtls/pkcs12.h
index 42e8453..42e8453 100644
--- a/include/mbedtls/pkcs12.h
+++ b/vendor/mbedtls/pkcs12.h
diff --git a/include/mbedtls/pkcs5.h b/vendor/mbedtls/pkcs5.h
index e004f45..e004f45 100644
--- a/include/mbedtls/pkcs5.h
+++ b/vendor/mbedtls/pkcs5.h
diff --git a/include/mbedtls/pkcs7.h b/vendor/mbedtls/pkcs7.h
index 70b25a9..70b25a9 100644
--- a/include/mbedtls/pkcs7.h
+++ b/vendor/mbedtls/pkcs7.h
diff --git a/include/mbedtls/platform.h b/vendor/mbedtls/platform.h
index de3d71d..de3d71d 100644
--- a/include/mbedtls/platform.h
+++ b/vendor/mbedtls/platform.h
diff --git a/include/mbedtls/platform_time.h b/vendor/mbedtls/platform_time.h
index 97f1963..97f1963 100644
--- a/include/mbedtls/platform_time.h
+++ b/vendor/mbedtls/platform_time.h
diff --git a/include/mbedtls/platform_util.h b/vendor/mbedtls/platform_util.h
index cba02ab..cba02ab 100644
--- a/include/mbedtls/platform_util.h
+++ b/vendor/mbedtls/platform_util.h
diff --git a/include/mbedtls/poly1305.h b/vendor/mbedtls/poly1305.h
index 61bcaa6..61bcaa6 100644
--- a/include/mbedtls/poly1305.h
+++ b/vendor/mbedtls/poly1305.h
diff --git a/include/mbedtls/private_access.h b/vendor/mbedtls/private_access.h
index 580f3eb..580f3eb 100644
--- a/include/mbedtls/private_access.h
+++ b/vendor/mbedtls/private_access.h
diff --git a/include/psa/build_info.h b/vendor/mbedtls/psa/build_info.h
index 3ee6cd7..3ee6cd7 100644
--- a/include/psa/build_info.h
+++ b/vendor/mbedtls/psa/build_info.h
diff --git a/include/psa/crypto.h b/vendor/mbedtls/psa/crypto.h
index fe10ee0..fe10ee0 100644
--- a/include/psa/crypto.h
+++ b/vendor/mbedtls/psa/crypto.h
diff --git a/include/psa/crypto_adjust_auto_enabled.h b/vendor/mbedtls/psa/crypto_adjust_auto_enabled.h
index 63fb29e..63fb29e 100644
--- a/include/psa/crypto_adjust_auto_enabled.h
+++ b/vendor/mbedtls/psa/crypto_adjust_auto_enabled.h
diff --git a/include/psa/crypto_adjust_config_key_pair_types.h b/vendor/mbedtls/psa/crypto_adjust_config_key_pair_types.h
index 63afc0e..63afc0e 100644
--- a/include/psa/crypto_adjust_config_key_pair_types.h
+++ b/vendor/mbedtls/psa/crypto_adjust_config_key_pair_types.h
diff --git a/include/psa/crypto_adjust_config_synonyms.h b/vendor/mbedtls/psa/crypto_adjust_config_synonyms.h
index cf33465..cf33465 100644
--- a/include/psa/crypto_adjust_config_synonyms.h
+++ b/vendor/mbedtls/psa/crypto_adjust_config_synonyms.h
diff --git a/include/psa/crypto_builtin_composites.h b/vendor/mbedtls/psa/crypto_builtin_composites.h
index 35c2e29..35c2e29 100644
--- a/include/psa/crypto_builtin_composites.h
+++ b/vendor/mbedtls/psa/crypto_builtin_composites.h
diff --git a/include/psa/crypto_builtin_key_derivation.h b/vendor/mbedtls/psa/crypto_builtin_key_derivation.h
index 6b91ae7..6b91ae7 100644
--- a/include/psa/crypto_builtin_key_derivation.h
+++ b/vendor/mbedtls/psa/crypto_builtin_key_derivation.h
diff --git a/include/psa/crypto_builtin_primitives.h b/vendor/mbedtls/psa/crypto_builtin_primitives.h
index 98ab4d3..98ab4d3 100644
--- a/include/psa/crypto_builtin_primitives.h
+++ b/vendor/mbedtls/psa/crypto_builtin_primitives.h
diff --git a/include/psa/crypto_compat.h b/vendor/mbedtls/psa/crypto_compat.h
index f896fae..f896fae 100644
--- a/include/psa/crypto_compat.h
+++ b/vendor/mbedtls/psa/crypto_compat.h
diff --git a/include/psa/crypto_config.h b/vendor/mbedtls/psa/crypto_config.h
index 5bf00f4..5bf00f4 100644
--- a/include/psa/crypto_config.h
+++ b/vendor/mbedtls/psa/crypto_config.h
diff --git a/include/psa/crypto_driver_common.h b/vendor/mbedtls/psa/crypto_driver_common.h
index cc11d3b..cc11d3b 100644
--- a/include/psa/crypto_driver_common.h
+++ b/vendor/mbedtls/psa/crypto_driver_common.h
diff --git a/include/psa/crypto_driver_contexts_composites.h b/vendor/mbedtls/psa/crypto_driver_contexts_composites.h
index d717c51..d717c51 100644
--- a/include/psa/crypto_driver_contexts_composites.h
+++ b/vendor/mbedtls/psa/crypto_driver_contexts_composites.h
diff --git a/include/psa/crypto_driver_contexts_key_derivation.h b/vendor/mbedtls/psa/crypto_driver_contexts_key_derivation.h
index 2119051..2119051 100644
--- a/include/psa/crypto_driver_contexts_key_derivation.h
+++ b/vendor/mbedtls/psa/crypto_driver_contexts_key_derivation.h
diff --git a/include/psa/crypto_driver_contexts_primitives.h b/vendor/mbedtls/psa/crypto_driver_contexts_primitives.h
index c90a5fb..c90a5fb 100644
--- a/include/psa/crypto_driver_contexts_primitives.h
+++ b/vendor/mbedtls/psa/crypto_driver_contexts_primitives.h
diff --git a/include/psa/crypto_extra.h b/vendor/mbedtls/psa/crypto_extra.h
index ef29b77..ef29b77 100644
--- a/include/psa/crypto_extra.h
+++ b/vendor/mbedtls/psa/crypto_extra.h
diff --git a/include/psa/crypto_legacy.h b/vendor/mbedtls/psa/crypto_legacy.h
index 7df3614..7df3614 100644
--- a/include/psa/crypto_legacy.h
+++ b/vendor/mbedtls/psa/crypto_legacy.h
diff --git a/include/psa/crypto_platform.h b/vendor/mbedtls/psa/crypto_platform.h
index f32a101..f32a101 100644
--- a/include/psa/crypto_platform.h
+++ b/vendor/mbedtls/psa/crypto_platform.h
diff --git a/include/psa/crypto_se_driver.h b/vendor/mbedtls/psa/crypto_se_driver.h
index 9ce14bb..9ce14bb 100644
--- a/include/psa/crypto_se_driver.h
+++ b/vendor/mbedtls/psa/crypto_se_driver.h
diff --git a/include/psa/crypto_sizes.h b/vendor/mbedtls/psa/crypto_sizes.h
index d22bf10..d22bf10 100644
--- a/include/psa/crypto_sizes.h
+++ b/vendor/mbedtls/psa/crypto_sizes.h
diff --git a/include/psa/crypto_struct.h b/vendor/mbedtls/psa/crypto_struct.h
index d5ea8d5..d5ea8d5 100644
--- a/include/psa/crypto_struct.h
+++ b/vendor/mbedtls/psa/crypto_struct.h
diff --git a/include/psa/crypto_types.h b/vendor/mbedtls/psa/crypto_types.h
index 5a1318d..5a1318d 100644
--- a/include/psa/crypto_types.h
+++ b/vendor/mbedtls/psa/crypto_types.h
diff --git a/include/psa/crypto_values.h b/vendor/mbedtls/psa/crypto_values.h
index a17879b..a17879b 100644
--- a/include/psa/crypto_values.h
+++ b/vendor/mbedtls/psa/crypto_values.h
diff --git a/include/mbedtls/psa_util.h b/vendor/mbedtls/psa_util.h
index 643e8aa..643e8aa 100644
--- a/include/mbedtls/psa_util.h
+++ b/vendor/mbedtls/psa_util.h
diff --git a/include/mbedtls/ripemd160.h b/vendor/mbedtls/ripemd160.h
index 279f92b..279f92b 100644
--- a/include/mbedtls/ripemd160.h
+++ b/vendor/mbedtls/ripemd160.h
diff --git a/include/mbedtls/rsa.h b/vendor/mbedtls/rsa.h
index be831f1..be831f1 100644
--- a/include/mbedtls/rsa.h
+++ b/vendor/mbedtls/rsa.h
diff --git a/include/mbedtls/sha1.h b/vendor/mbedtls/sha1.h
index 592ffd1..592ffd1 100644
--- a/include/mbedtls/sha1.h
+++ b/vendor/mbedtls/sha1.h
diff --git a/include/mbedtls/sha256.h b/vendor/mbedtls/sha256.h
index 4ee780f..4ee780f 100644
--- a/include/mbedtls/sha256.h
+++ b/vendor/mbedtls/sha256.h
diff --git a/include/mbedtls/sha3.h b/vendor/mbedtls/sha3.h
index 3eeee65..3eeee65 100644
--- a/include/mbedtls/sha3.h
+++ b/vendor/mbedtls/sha3.h
diff --git a/include/mbedtls/sha512.h b/vendor/mbedtls/sha512.h
index 1c20e4c..1c20e4c 100644
--- a/include/mbedtls/sha512.h
+++ b/vendor/mbedtls/sha512.h
diff --git a/include/mbedtls/ssl.h b/vendor/mbedtls/ssl.h
index 89f7b81..89f7b81 100644
--- a/include/mbedtls/ssl.h
+++ b/vendor/mbedtls/ssl.h
diff --git a/include/mbedtls/ssl_cache.h b/vendor/mbedtls/ssl_cache.h
index a1307b4..a1307b4 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/vendor/mbedtls/ssl_cache.h
diff --git a/include/mbedtls/ssl_ciphersuites.h b/vendor/mbedtls/ssl_ciphersuites.h
index 8cecbb6..8cecbb6 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/vendor/mbedtls/ssl_ciphersuites.h
diff --git a/include/mbedtls/ssl_cookie.h b/vendor/mbedtls/ssl_cookie.h
index 71c258e..71c258e 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/vendor/mbedtls/ssl_cookie.h
diff --git a/include/mbedtls/ssl_ticket.h b/vendor/mbedtls/ssl_ticket.h
index 6d59c12..6d59c12 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/vendor/mbedtls/ssl_ticket.h
diff --git a/include/mbedtls/threading.h b/vendor/mbedtls/threading.h
index ed16a23..ed16a23 100644
--- a/include/mbedtls/threading.h
+++ b/vendor/mbedtls/threading.h
diff --git a/include/mbedtls/timing.h b/vendor/mbedtls/timing.h
index 62ae102..62ae102 100644
--- a/include/mbedtls/timing.h
+++ b/vendor/mbedtls/timing.h
diff --git a/include/mbedtls/version.h b/vendor/mbedtls/version.h
index 637f9d3..637f9d3 100644
--- a/include/mbedtls/version.h
+++ b/vendor/mbedtls/version.h
diff --git a/include/mbedtls/x509.h b/vendor/mbedtls/x509.h
index e2e0667..e2e0667 100644
--- a/include/mbedtls/x509.h
+++ b/vendor/mbedtls/x509.h
diff --git a/include/mbedtls/x509_crl.h b/vendor/mbedtls/x509_crl.h
index 6625a44..6625a44 100644
--- a/include/mbedtls/x509_crl.h
+++ b/vendor/mbedtls/x509_crl.h
diff --git a/include/mbedtls/x509_crt.h b/vendor/mbedtls/x509_crt.h
index 3f1a1e7..3f1a1e7 100644
--- a/include/mbedtls/x509_crt.h
+++ b/vendor/mbedtls/x509_crt.h
diff --git a/include/mbedtls/x509_csr.h b/vendor/mbedtls/x509_csr.h
index e54010b..e54010b 100644
--- a/include/mbedtls/x509_csr.h
+++ b/vendor/mbedtls/x509_csr.h
diff --git a/include/secp256k1.h b/vendor/secp256k1/secp256k1.h
index f4053f2..f4053f2 100644
--- a/include/secp256k1.h
+++ b/vendor/secp256k1/secp256k1.h
diff --git a/include/secp256k1_ecdh.h b/vendor/secp256k1/secp256k1_ecdh.h
index 4d9da34..4d9da34 100644
--- a/include/secp256k1_ecdh.h
+++ b/vendor/secp256k1/secp256k1_ecdh.h
diff --git a/include/secp256k1_extrakeys.h b/vendor/secp256k1/secp256k1_extrakeys.h
index 4cc6d4f..4cc6d4f 100644
--- a/include/secp256k1_extrakeys.h
+++ b/vendor/secp256k1/secp256k1_extrakeys.h
diff --git a/include/secp256k1_schnorrsig.h b/vendor/secp256k1/secp256k1_schnorrsig.h
index 5c338f4..5c338f4 100644
--- a/include/secp256k1_schnorrsig.h
+++ b/vendor/secp256k1/secp256k1_schnorrsig.h