diff options
author | vnugent <public@vaughnnugent.com> | 2024-05-26 11:47:17 -0400 |
---|---|---|
committer | vnugent <public@vaughnnugent.com> | 2024-05-26 11:47:17 -0400 |
commit | aeaac8d328b75911541be64d6f09d58fca294a08 (patch) | |
tree | 86f48cd3cef91dd5320215aebd44ea56c2571c74 | |
parent | 86b02540cce6015cfe4a2a56499a9a2f45d4e368 (diff) |
refactor: Dep update, openssl chacha20 added
-rw-r--r-- | CMakePresets.json | 14 | ||||
-rw-r--r-- | Taskfile.yaml | 20 | ||||
-rw-r--r-- | src/crypto/impl/openssl.c | 57 | ||||
-rw-r--r-- | vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h | 6 | ||||
-rw-r--r-- | vendor/mbedtls/include/mbedtls/config_psa.h | 2 | ||||
-rw-r--r-- | vendor/mbedtls/include/psa/crypto_adjust_config_dependencies.h | 43 | ||||
-rw-r--r-- | vendor/openssl/include/openssl/cmp.h.in | 27 | ||||
-rw-r--r-- | vendor/openssl/include/openssl/cmperr.h | 4 | ||||
-rw-r--r-- | vendor/openssl/include/openssl/crypto.h.in | 2 | ||||
-rw-r--r-- | vendor/openssl/include/openssl/e_os2.h | 1 | ||||
-rw-r--r-- | vendor/openssl/include/openssl/sslerr.h | 3 | ||||
-rw-r--r-- | vendor/openssl/include/openssl/tls1.h | 6 | ||||
-rw-r--r-- | vendor/openssl/include/openssl/x509v3.h.in | 3 |
13 files changed, 169 insertions, 19 deletions
diff --git a/CMakePresets.json b/CMakePresets.json index 5c60edf..1c8038d 100644 --- a/CMakePresets.json +++ b/CMakePresets.json @@ -30,6 +30,20 @@ "NC_BUILD_TESTS": true } }, + { + "name": "x64-debug-openssl", + "displayName": "x64 Debug Openssl", + "inherits": "x64-debug", + "architecture": { + "value": "x64", + "strategy": "external" + }, + "cacheVariables": { + "CMAKE_BUILD_TYPE": "Debug", + "NC_BUILD_TESTS": true, + "CRYPTO_LIB": "openssl" + } + }, { "name": "x64-release", "displayName": "x64 Release", diff --git a/Taskfile.yaml b/Taskfile.yaml index b45ccdf..a917f1c 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -121,10 +121,16 @@ tasks: #tar up the source - tar -czf "{{.TARGET_SOURCE}}" {{.SOURCE_FILES}} +################################# +# +# DEV TASKS +# +################################# dev-update-deps: desc: "Updates vendored projects files (headers mostly) from their source repositories to the latest version" cmds: + - defer: powershell rm -Recurse '.update/' -Force - task: dev-update-monocypher - task: dev-update-mbedtls-headers - task: dev-update-openssl-headers @@ -134,13 +140,11 @@ tasks: MC_GIT_URL: 'https://github.com/LoupVaillant/Monocypher' MC_GIT_BRANCH: 'master' #NOTE: Always update to the latest master branch, then verify changes manually MC_DIR: 'vendor/monocypher' - TMP_DIR: '.task/mc' + TMP_DIR: '.update/mc' cmds: - cmd: powershell mkdir '{{.TMP_DIR}}' -Force ignore_error: true - - defer: powershell rm -Recurse '{{.TMP_DIR}}' -Force - - git clone --branch {{.MC_GIT_BRANCH}} {{.MC_GIT_URL}} '{{.TMP_DIR}}' - for: [ 'src/monocypher.h', 'src/monocypher.c' ] @@ -151,13 +155,11 @@ tasks: MBEDTLS_GIT_URL: 'https://github.com/Mbed-TLS/mbedtls' MBEDTLS_GIT_BRANCH: 'development' MBEDTLS_DIR: 'vendor/mbedtls' - TMP_DIR: '.task/mbedtls' + TMP_DIR: '.update/mbedtls' cmds: - cmd: powershell mkdir '{{.TMP_DIR}}' -Force ignore_error: true - - defer: powershell rm -Recurse '{{.TMP_DIR}}' -Force - - git clone --branch {{ .MBEDTLS_GIT_BRANCH }} {{ .MBEDTLS_GIT_URL }} '{{ .TMP_DIR }}' - for: [ 'include/mbedtls', 'include/psa' ] @@ -168,14 +170,12 @@ tasks: OPENSSL_GIT_URL: 'git://git.openssl.org/openssl.git' OPENSSL_GIT_BRANCH: 'master' OPENSSL_DIR: 'vendor/openssl' - TMP_DIR: '.task/openssl' + TMP_DIR: '.update/openssl' cmds: - cmd: powershell mkdir '{{.TMP_DIR}}' -Force ignore_error: true - - defer: powershell rm -Recurse '{{.TMP_DIR}}' -Force - - git clone --branch {{ .OPENSSL_GIT_BRANCH }} {{ .OPENSSL_GIT_URL }} '{{ .TMP_DIR }}' - for: [ 'include/openssl' ] - cmd: powershell cp -Recurse -Force '{{ .TMP_DIR }}/{{ .ITEM }}' '{{.OPENSSL_DIR}}/include/openssl/'
\ No newline at end of file + cmd: powershell cp -Recurse -Force '{{ .TMP_DIR }}/{{ .ITEM }}' '{{.OPENSSL_DIR}}/include/'
\ No newline at end of file diff --git a/src/crypto/impl/openssl.c b/src/crypto/impl/openssl.c index fd3b4e6..132c643 100644 --- a/src/crypto/impl/openssl.c +++ b/src/crypto/impl/openssl.c @@ -150,6 +150,8 @@ EVP_MD_CTX* ctx; cstatus_t result; struct nc_hkdf_fn_cb_struct handler; + + result = CSTATUS_FAIL; /* * NOTE! Hmac reusable flag must be set to allow for multiple @@ -161,15 +163,23 @@ return CSTATUS_FAIL; } - _OSSL_FAIL(EVP_DigestInit_ex2(ctx, EVP_sha256(), NULL)) + if (!EVP_DigestInit_ex2(ctx, EVP_sha256(), NULL)) + { + goto Cleanup; + } - _OSSL_FAIL(EVP_DigestUpdate(ctx, prk->data, prk->size)); + if (!EVP_DigestUpdate(ctx, prk->data, prk->size)) + { + goto Cleanup; + } handler.update = _ossl_hkdf_update; handler.finish = _ossl_hkdf_finish; result = hkdfExpandProcess(&handler, ctx, info, okm); + Cleanup: + EVP_MD_CTX_destroy(ctx); return result; @@ -177,4 +187,47 @@ #endif /* !_IMPL_CRYPTO_SHA256_HKDF_EXPAND */ +#ifndef _IMPL_CHACHA20_CRYPT + + #define _IMPL_CHACHA20_CRYPT _ossl_chacha20_crypt + + _IMPLSTB cstatus_t _ossl_chacha20_crypt( + const uint8_t* key, + const uint8_t* nonce, + const uint8_t* input, + uint8_t* output, + uint32_t dataLen + ) + { + cstatus_t result; + EVP_CIPHER_CTX* ctx; + + result = CSTATUS_FAIL; + + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) + { + return CSTATUS_FAIL; + } + + if (!EVP_EncryptInit_ex(ctx, EVP_chacha20(), NULL, key, nonce)) + { + goto Cleanup; + } + + if (!EVP_EncryptUpdate(ctx, output, (int*)&dataLen, input, dataLen)) + { + goto Cleanup; + } + + result = CSTATUS_OK; + + Cleanup: + + EVP_CIPHER_CTX_free(ctx); + + return result; + } + +#endif + #endif /*!OPENSSL_CRYPTO_LIB */
\ No newline at end of file diff --git a/vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h b/vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h index 0091e24..0e4759d 100644 --- a/vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h @@ -498,7 +498,6 @@ * The PSA implementation has its own implementation of HKDF, separate from * hkdf.c. No need to enable MBEDTLS_HKDF_C here. */ -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 #endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */ #endif /* PSA_WANT_ALG_HKDF */ @@ -509,7 +508,6 @@ * The PSA implementation has its own implementation of HKDF, separate from * hkdf.c. No need to enable MBEDTLS_HKDF_C here. */ -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1 #endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT */ #endif /* PSA_WANT_ALG_HKDF_EXTRACT */ @@ -520,7 +518,6 @@ * The PSA implementation has its own implementation of HKDF, separate from * hkdf.c. No need to enable MBEDTLS_HKDF_C here. */ -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1 #endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND */ #endif /* PSA_WANT_ALG_HKDF_EXPAND */ @@ -630,9 +627,6 @@ #if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC) #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 #define PSA_HAVE_SOFT_PBKDF2_HMAC 1 -#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */ #endif /* !MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ #endif /* PSA_WANT_ALG_PBKDF2_HMAC */ diff --git a/vendor/mbedtls/include/mbedtls/config_psa.h b/vendor/mbedtls/include/mbedtls/config_psa.h index 17da61b..de961ec 100644 --- a/vendor/mbedtls/include/mbedtls/config_psa.h +++ b/vendor/mbedtls/include/mbedtls/config_psa.h @@ -22,6 +22,8 @@ #include "psa/crypto_adjust_config_synonyms.h" +#include "psa/crypto_adjust_config_dependencies.h" + #include "mbedtls/config_adjust_psa_superset_legacy.h" #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) diff --git a/vendor/mbedtls/include/psa/crypto_adjust_config_dependencies.h b/vendor/mbedtls/include/psa/crypto_adjust_config_dependencies.h new file mode 100644 index 0000000..5a22205 --- /dev/null +++ b/vendor/mbedtls/include/psa/crypto_adjust_config_dependencies.h @@ -0,0 +1,43 @@ +/** + * \file psa/crypto_adjust_config_dependencies.h + * \brief Adjust PSA configuration by resolving some dependencies. + * + * This is an internal header. Do not include it directly. + * + * See docs/proposed/psa-conditional-inclusion-c.md. + * If the Mbed TLS implementation of a cryptographic mechanism A depends on a + * cryptographic mechanism B then if the cryptographic mechanism A is enabled + * and not accelerated enable B. Note that if A is enabled and accelerated, it + * is not necessary to enable B for A support. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H +#define PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H + +#if (defined(PSA_WANT_ALG_TLS12_PRF) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)) || \ + (defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)) || \ + (defined(PSA_WANT_ALG_HKDF) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)) || \ + (defined(PSA_WANT_ALG_HKDF_EXTRACT) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT)) || \ + (defined(PSA_WANT_ALG_HKDF_EXPAND) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND)) || \ + (defined(PSA_WANT_ALG_PBKDF2_HMAC) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC)) +#define PSA_WANT_ALG_HMAC 1 +#define PSA_WANT_KEY_TYPE_HMAC 1 +#endif + +#if (defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128)) +#define PSA_WANT_KEY_TYPE_AES 1 +#define PSA_WANT_ALG_CMAC 1 +#endif + +#endif /* PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H */ diff --git a/vendor/openssl/include/openssl/cmp.h.in b/vendor/openssl/include/openssl/cmp.h.in index ad9eb34..c46b9ab 100644 --- a/vendor/openssl/include/openssl/cmp.h.in +++ b/vendor/openssl/include/openssl/cmp.h.in @@ -228,6 +228,12 @@ DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV) {- generate_stack_macros("OSSL_CMP_ITAV"); -} + +typedef struct ossl_cmp_crlstatus_st OSSL_CMP_CRLSTATUS; +{- + generate_stack_macros("OSSL_CMP_CRLSTATUS"); +-} + typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT; typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI; DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI) @@ -257,7 +263,7 @@ void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, ASN1_TYPE *value); ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav); ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); -int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, +int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **sk_p, OSSL_CMP_ITAV *itav); void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); @@ -278,6 +284,22 @@ int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav, X509 **newWithOld, X509 **oldWithNew); +OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_create(const X509_CRL *crl, + const X509 *cert, int only_DN); +OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_new1(const DIST_POINT_NAME *dpn, + const GENERAL_NAMES *issuer, + const ASN1_TIME *thisUpdate); +int OSSL_CMP_CRLSTATUS_get0(const OSSL_CMP_CRLSTATUS *crlstatus, + DIST_POINT_NAME **dpn, GENERAL_NAMES **issuer, + ASN1_TIME **thisUpdate); +void OSSL_CMP_CRLSTATUS_free(OSSL_CMP_CRLSTATUS *crlstatus); +OSSL_CMP_ITAV +*OSSL_CMP_ITAV_new0_crlStatusList(STACK_OF(OSSL_CMP_CRLSTATUS) *crlStatusList); +int OSSL_CMP_ITAV_get0_crlStatusList(const OSSL_CMP_ITAV *itav, + STACK_OF(OSSL_CMP_CRLSTATUS) **out); +OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_crls(const X509_CRL *crls); +int OSSL_CMP_ITAV_get0_crls(const OSSL_CMP_ITAV *it, STACK_OF(X509_CRL) **out); + void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); /* from cmp_ctx.c */ @@ -521,6 +543,9 @@ int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out); int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx, const X509 *oldWithOld, X509 **newWithNew, X509 **newWithOld, X509 **oldWithNew); +int OSSL_CMP_get1_crlUpdate(OSSL_CMP_CTX *ctx, const X509 *crlcert, + const X509_CRL *last_crl, + X509_CRL **crl); # ifdef __cplusplus } diff --git a/vendor/openssl/include/openssl/cmperr.h b/vendor/openssl/include/openssl/cmperr.h index 0d876e5..700ffbe 100644 --- a/vendor/openssl/include/openssl/cmperr.h +++ b/vendor/openssl/include/openssl/cmperr.h @@ -60,7 +60,9 @@ # define CMP_R_FAILED_EXTRACTING_PUBKEY 141 # define CMP_R_FAILURE_OBTAINING_RANDOM 110 # define CMP_R_FAIL_INFO_OUT_OF_RANGE 129 +# define CMP_R_GENERATE_CRLSTATUS 198 # define CMP_R_GETTING_GENP 192 +# define CMP_R_GET_ITAV 199 # define CMP_R_INVALID_ARGS 100 # define CMP_R_INVALID_GENP 193 # define CMP_R_INVALID_OPTION 174 @@ -100,6 +102,7 @@ # define CMP_R_TRANSFER_ERROR 159 # define CMP_R_UNCLEAN_CTX 191 # define CMP_R_UNEXPECTED_CERTPROFILE 196 +# define CMP_R_UNEXPECTED_CRLSTATUSLIST 201 # define CMP_R_UNEXPECTED_PKIBODY 133 # define CMP_R_UNEXPECTED_PKISTATUS 185 # define CMP_R_UNEXPECTED_POLLREQ 105 @@ -107,6 +110,7 @@ # define CMP_R_UNEXPECTED_SENDER 106 # define CMP_R_UNKNOWN_ALGORITHM_ID 134 # define CMP_R_UNKNOWN_CERT_TYPE 135 +# define CMP_R_UNKNOWN_CRL_ISSUER 200 # define CMP_R_UNKNOWN_PKISTATUS 186 # define CMP_R_UNSUPPORTED_ALGORITHM 136 # define CMP_R_UNSUPPORTED_KEY_TYPE 137 diff --git a/vendor/openssl/include/openssl/crypto.h.in b/vendor/openssl/include/openssl/crypto.h.in index 5d7d3fd..034f150 100644 --- a/vendor/openssl/include/openssl/crypto.h.in +++ b/vendor/openssl/include/openssl/crypto.h.in @@ -536,6 +536,8 @@ int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file); void OSSL_LIB_CTX_free(OSSL_LIB_CTX *); OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void); OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx); +int OSSL_LIB_CTX_get_conf_diagnostics(OSSL_LIB_CTX *ctx); +void OSSL_LIB_CTX_set_conf_diagnostics(OSSL_LIB_CTX *ctx, int value); void OSSL_sleep(uint64_t millis); diff --git a/vendor/openssl/include/openssl/e_os2.h b/vendor/openssl/include/openssl/e_os2.h index e01f627..a4aea0b 100644 --- a/vendor/openssl/include/openssl/e_os2.h +++ b/vendor/openssl/include/openssl/e_os2.h @@ -200,6 +200,7 @@ extern "C" { # endif # ifndef ossl_ssize_t +# include <sys/types.h> # define ossl_ssize_t ssize_t # if defined(SSIZE_MAX) # define OSSL_SSIZE_MAX SSIZE_MAX diff --git a/vendor/openssl/include/openssl/sslerr.h b/vendor/openssl/include/openssl/sslerr.h index 980a6c7..8222b25 100644 --- a/vendor/openssl/include/openssl/sslerr.h +++ b/vendor/openssl/include/openssl/sslerr.h @@ -117,6 +117,7 @@ # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 +# define SSL_R_ERROR_IN_SYSTEM_DEFAULT_CONFIG 419 # define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204 # define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE 194 # define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 @@ -308,10 +309,12 @@ # define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 # define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 # define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +# define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120 # define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 # define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 # define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 # define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 +# define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115 # define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 # define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 # define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 diff --git a/vendor/openssl/include/openssl/tls1.h b/vendor/openssl/include/openssl/tls1.h index 7e3d1a7..8ff39e3 100644 --- a/vendor/openssl/include/openssl/tls1.h +++ b/vendor/openssl/include/openssl/tls1.h @@ -622,6 +622,10 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb # define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 # define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305 +/* Integrity-only ciphersuites from RFC 9150 */ +# define TLS1_3_CK_SHA256_SHA256 0x0300C0B4 +# define TLS1_3_CK_SHA384_SHA384 0x0300C0B5 + /* Aria ciphersuites from RFC6209 */ # define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C050 # define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C051 @@ -699,6 +703,8 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb # define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" # define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" # define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" +# define TLS1_3_RFC_SHA256_SHA256 "TLS_SHA256_SHA256" +# define TLS1_3_RFC_SHA384_SHA384 "TLS_SHA384_SHA384" # define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" # define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" # define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA" diff --git a/vendor/openssl/include/openssl/x509v3.h.in b/vendor/openssl/include/openssl/x509v3.h.in index b8711d5..a967064 100644 --- a/vendor/openssl/include/openssl/x509v3.h.in +++ b/vendor/openssl/include/openssl/x509v3.h.in @@ -178,6 +178,8 @@ typedef struct ACCESS_DESCRIPTION_st { GENERAL_NAME *location; } ACCESS_DESCRIPTION; +int GENERAL_NAME_set1_X509_NAME(GENERAL_NAME **tgt, const X509_NAME *src); + {- generate_stack_macros("ACCESS_DESCRIPTION") .generate_stack_macros("GENERAL_NAME"); @@ -201,6 +203,7 @@ typedef struct DIST_POINT_NAME_st { /* If relativename then this contains the full distribution point name */ X509_NAME *dpname; } DIST_POINT_NAME; +DECLARE_ASN1_DUP_FUNCTION(DIST_POINT_NAME) /* All existing reasons */ # define CRLDP_ALL_REASONS 0x807f |