aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CMakePresets.json14
-rw-r--r--Taskfile.yaml20
-rw-r--r--src/crypto/impl/openssl.c57
-rw-r--r--vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h6
-rw-r--r--vendor/mbedtls/include/mbedtls/config_psa.h2
-rw-r--r--vendor/mbedtls/include/psa/crypto_adjust_config_dependencies.h43
-rw-r--r--vendor/openssl/include/openssl/cmp.h.in27
-rw-r--r--vendor/openssl/include/openssl/cmperr.h4
-rw-r--r--vendor/openssl/include/openssl/crypto.h.in2
-rw-r--r--vendor/openssl/include/openssl/e_os2.h1
-rw-r--r--vendor/openssl/include/openssl/sslerr.h3
-rw-r--r--vendor/openssl/include/openssl/tls1.h6
-rw-r--r--vendor/openssl/include/openssl/x509v3.h.in3
13 files changed, 169 insertions, 19 deletions
diff --git a/CMakePresets.json b/CMakePresets.json
index 5c60edf..1c8038d 100644
--- a/CMakePresets.json
+++ b/CMakePresets.json
@@ -30,6 +30,20 @@
"NC_BUILD_TESTS": true
}
},
+ {
+ "name": "x64-debug-openssl",
+ "displayName": "x64 Debug Openssl",
+ "inherits": "x64-debug",
+ "architecture": {
+ "value": "x64",
+ "strategy": "external"
+ },
+ "cacheVariables": {
+ "CMAKE_BUILD_TYPE": "Debug",
+ "NC_BUILD_TESTS": true,
+ "CRYPTO_LIB": "openssl"
+ }
+ },
{
"name": "x64-release",
"displayName": "x64 Release",
diff --git a/Taskfile.yaml b/Taskfile.yaml
index b45ccdf..a917f1c 100644
--- a/Taskfile.yaml
+++ b/Taskfile.yaml
@@ -121,10 +121,16 @@ tasks:
#tar up the source
- tar -czf "{{.TARGET_SOURCE}}" {{.SOURCE_FILES}}
+#################################
+#
+# DEV TASKS
+#
+#################################
dev-update-deps:
desc: "Updates vendored projects files (headers mostly) from their source repositories to the latest version"
cmds:
+ - defer: powershell rm -Recurse '.update/' -Force
- task: dev-update-monocypher
- task: dev-update-mbedtls-headers
- task: dev-update-openssl-headers
@@ -134,13 +140,11 @@ tasks:
MC_GIT_URL: 'https://github.com/LoupVaillant/Monocypher'
MC_GIT_BRANCH: 'master' #NOTE: Always update to the latest master branch, then verify changes manually
MC_DIR: 'vendor/monocypher'
- TMP_DIR: '.task/mc'
+ TMP_DIR: '.update/mc'
cmds:
- cmd: powershell mkdir '{{.TMP_DIR}}' -Force
ignore_error: true
- - defer: powershell rm -Recurse '{{.TMP_DIR}}' -Force
-
- git clone --branch {{.MC_GIT_BRANCH}} {{.MC_GIT_URL}} '{{.TMP_DIR}}'
- for: [ 'src/monocypher.h', 'src/monocypher.c' ]
@@ -151,13 +155,11 @@ tasks:
MBEDTLS_GIT_URL: 'https://github.com/Mbed-TLS/mbedtls'
MBEDTLS_GIT_BRANCH: 'development'
MBEDTLS_DIR: 'vendor/mbedtls'
- TMP_DIR: '.task/mbedtls'
+ TMP_DIR: '.update/mbedtls'
cmds:
- cmd: powershell mkdir '{{.TMP_DIR}}' -Force
ignore_error: true
- - defer: powershell rm -Recurse '{{.TMP_DIR}}' -Force
-
- git clone --branch {{ .MBEDTLS_GIT_BRANCH }} {{ .MBEDTLS_GIT_URL }} '{{ .TMP_DIR }}'
- for: [ 'include/mbedtls', 'include/psa' ]
@@ -168,14 +170,12 @@ tasks:
OPENSSL_GIT_URL: 'git://git.openssl.org/openssl.git'
OPENSSL_GIT_BRANCH: 'master'
OPENSSL_DIR: 'vendor/openssl'
- TMP_DIR: '.task/openssl'
+ TMP_DIR: '.update/openssl'
cmds:
- cmd: powershell mkdir '{{.TMP_DIR}}' -Force
ignore_error: true
- - defer: powershell rm -Recurse '{{.TMP_DIR}}' -Force
-
- git clone --branch {{ .OPENSSL_GIT_BRANCH }} {{ .OPENSSL_GIT_URL }} '{{ .TMP_DIR }}'
- for: [ 'include/openssl' ]
- cmd: powershell cp -Recurse -Force '{{ .TMP_DIR }}/{{ .ITEM }}' '{{.OPENSSL_DIR}}/include/openssl/' \ No newline at end of file
+ cmd: powershell cp -Recurse -Force '{{ .TMP_DIR }}/{{ .ITEM }}' '{{.OPENSSL_DIR}}/include/' \ No newline at end of file
diff --git a/src/crypto/impl/openssl.c b/src/crypto/impl/openssl.c
index fd3b4e6..132c643 100644
--- a/src/crypto/impl/openssl.c
+++ b/src/crypto/impl/openssl.c
@@ -150,6 +150,8 @@
EVP_MD_CTX* ctx;
cstatus_t result;
struct nc_hkdf_fn_cb_struct handler;
+
+ result = CSTATUS_FAIL;
/*
* NOTE! Hmac reusable flag must be set to allow for multiple
@@ -161,15 +163,23 @@
return CSTATUS_FAIL;
}
- _OSSL_FAIL(EVP_DigestInit_ex2(ctx, EVP_sha256(), NULL))
+ if (!EVP_DigestInit_ex2(ctx, EVP_sha256(), NULL))
+ {
+ goto Cleanup;
+ }
- _OSSL_FAIL(EVP_DigestUpdate(ctx, prk->data, prk->size));
+ if (!EVP_DigestUpdate(ctx, prk->data, prk->size))
+ {
+ goto Cleanup;
+ }
handler.update = _ossl_hkdf_update;
handler.finish = _ossl_hkdf_finish;
result = hkdfExpandProcess(&handler, ctx, info, okm);
+ Cleanup:
+
EVP_MD_CTX_destroy(ctx);
return result;
@@ -177,4 +187,47 @@
#endif /* !_IMPL_CRYPTO_SHA256_HKDF_EXPAND */
+#ifndef _IMPL_CHACHA20_CRYPT
+
+ #define _IMPL_CHACHA20_CRYPT _ossl_chacha20_crypt
+
+ _IMPLSTB cstatus_t _ossl_chacha20_crypt(
+ const uint8_t* key,
+ const uint8_t* nonce,
+ const uint8_t* input,
+ uint8_t* output,
+ uint32_t dataLen
+ )
+ {
+ cstatus_t result;
+ EVP_CIPHER_CTX* ctx;
+
+ result = CSTATUS_FAIL;
+
+ if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
+ {
+ return CSTATUS_FAIL;
+ }
+
+ if (!EVP_EncryptInit_ex(ctx, EVP_chacha20(), NULL, key, nonce))
+ {
+ goto Cleanup;
+ }
+
+ if (!EVP_EncryptUpdate(ctx, output, (int*)&dataLen, input, dataLen))
+ {
+ goto Cleanup;
+ }
+
+ result = CSTATUS_OK;
+
+ Cleanup:
+
+ EVP_CIPHER_CTX_free(ctx);
+
+ return result;
+ }
+
+#endif
+
#endif /*!OPENSSL_CRYPTO_LIB */ \ No newline at end of file
diff --git a/vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h b/vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h
index 0091e24..0e4759d 100644
--- a/vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h
+++ b/vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h
@@ -498,7 +498,6 @@
* The PSA implementation has its own implementation of HKDF, separate from
* hkdf.c. No need to enable MBEDTLS_HKDF_C here.
*/
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */
#endif /* PSA_WANT_ALG_HKDF */
@@ -509,7 +508,6 @@
* The PSA implementation has its own implementation of HKDF, separate from
* hkdf.c. No need to enable MBEDTLS_HKDF_C here.
*/
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT */
#endif /* PSA_WANT_ALG_HKDF_EXTRACT */
@@ -520,7 +518,6 @@
* The PSA implementation has its own implementation of HKDF, separate from
* hkdf.c. No need to enable MBEDTLS_HKDF_C here.
*/
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND */
#endif /* PSA_WANT_ALG_HKDF_EXPAND */
@@ -630,9 +627,6 @@
#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC)
#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1
#define PSA_HAVE_SOFT_PBKDF2_HMAC 1
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
#endif /* !MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
#endif /* PSA_WANT_ALG_PBKDF2_HMAC */
diff --git a/vendor/mbedtls/include/mbedtls/config_psa.h b/vendor/mbedtls/include/mbedtls/config_psa.h
index 17da61b..de961ec 100644
--- a/vendor/mbedtls/include/mbedtls/config_psa.h
+++ b/vendor/mbedtls/include/mbedtls/config_psa.h
@@ -22,6 +22,8 @@
#include "psa/crypto_adjust_config_synonyms.h"
+#include "psa/crypto_adjust_config_dependencies.h"
+
#include "mbedtls/config_adjust_psa_superset_legacy.h"
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
diff --git a/vendor/mbedtls/include/psa/crypto_adjust_config_dependencies.h b/vendor/mbedtls/include/psa/crypto_adjust_config_dependencies.h
new file mode 100644
index 0000000..5a22205
--- /dev/null
+++ b/vendor/mbedtls/include/psa/crypto_adjust_config_dependencies.h
@@ -0,0 +1,43 @@
+/**
+ * \file psa/crypto_adjust_config_dependencies.h
+ * \brief Adjust PSA configuration by resolving some dependencies.
+ *
+ * This is an internal header. Do not include it directly.
+ *
+ * See docs/proposed/psa-conditional-inclusion-c.md.
+ * If the Mbed TLS implementation of a cryptographic mechanism A depends on a
+ * cryptographic mechanism B then if the cryptographic mechanism A is enabled
+ * and not accelerated enable B. Note that if A is enabled and accelerated, it
+ * is not necessary to enable B for A support.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H
+#define PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H
+
+#if (defined(PSA_WANT_ALG_TLS12_PRF) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)) || \
+ (defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)) || \
+ (defined(PSA_WANT_ALG_HKDF) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)) || \
+ (defined(PSA_WANT_ALG_HKDF_EXTRACT) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT)) || \
+ (defined(PSA_WANT_ALG_HKDF_EXPAND) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND)) || \
+ (defined(PSA_WANT_ALG_PBKDF2_HMAC) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC))
+#define PSA_WANT_ALG_HMAC 1
+#define PSA_WANT_KEY_TYPE_HMAC 1
+#endif
+
+#if (defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128))
+#define PSA_WANT_KEY_TYPE_AES 1
+#define PSA_WANT_ALG_CMAC 1
+#endif
+
+#endif /* PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H */
diff --git a/vendor/openssl/include/openssl/cmp.h.in b/vendor/openssl/include/openssl/cmp.h.in
index ad9eb34..c46b9ab 100644
--- a/vendor/openssl/include/openssl/cmp.h.in
+++ b/vendor/openssl/include/openssl/cmp.h.in
@@ -228,6 +228,12 @@ DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
{-
generate_stack_macros("OSSL_CMP_ITAV");
-}
+
+typedef struct ossl_cmp_crlstatus_st OSSL_CMP_CRLSTATUS;
+{-
+ generate_stack_macros("OSSL_CMP_CRLSTATUS");
+-}
+
typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT;
typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI;
DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
@@ -257,7 +263,7 @@ void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type,
ASN1_TYPE *value);
ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav);
ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
-int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
+int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **sk_p,
OSSL_CMP_ITAV *itav);
void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
@@ -278,6 +284,22 @@ int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
X509 **newWithOld,
X509 **oldWithNew);
+OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_create(const X509_CRL *crl,
+ const X509 *cert, int only_DN);
+OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_new1(const DIST_POINT_NAME *dpn,
+ const GENERAL_NAMES *issuer,
+ const ASN1_TIME *thisUpdate);
+int OSSL_CMP_CRLSTATUS_get0(const OSSL_CMP_CRLSTATUS *crlstatus,
+ DIST_POINT_NAME **dpn, GENERAL_NAMES **issuer,
+ ASN1_TIME **thisUpdate);
+void OSSL_CMP_CRLSTATUS_free(OSSL_CMP_CRLSTATUS *crlstatus);
+OSSL_CMP_ITAV
+*OSSL_CMP_ITAV_new0_crlStatusList(STACK_OF(OSSL_CMP_CRLSTATUS) *crlStatusList);
+int OSSL_CMP_ITAV_get0_crlStatusList(const OSSL_CMP_ITAV *itav,
+ STACK_OF(OSSL_CMP_CRLSTATUS) **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_crls(const X509_CRL *crls);
+int OSSL_CMP_ITAV_get0_crls(const OSSL_CMP_ITAV *it, STACK_OF(X509_CRL) **out);
+
void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
/* from cmp_ctx.c */
@@ -521,6 +543,9 @@ int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
const X509 *oldWithOld, X509 **newWithNew,
X509 **newWithOld, X509 **oldWithNew);
+int OSSL_CMP_get1_crlUpdate(OSSL_CMP_CTX *ctx, const X509 *crlcert,
+ const X509_CRL *last_crl,
+ X509_CRL **crl);
# ifdef __cplusplus
}
diff --git a/vendor/openssl/include/openssl/cmperr.h b/vendor/openssl/include/openssl/cmperr.h
index 0d876e5..700ffbe 100644
--- a/vendor/openssl/include/openssl/cmperr.h
+++ b/vendor/openssl/include/openssl/cmperr.h
@@ -60,7 +60,9 @@
# define CMP_R_FAILED_EXTRACTING_PUBKEY 141
# define CMP_R_FAILURE_OBTAINING_RANDOM 110
# define CMP_R_FAIL_INFO_OUT_OF_RANGE 129
+# define CMP_R_GENERATE_CRLSTATUS 198
# define CMP_R_GETTING_GENP 192
+# define CMP_R_GET_ITAV 199
# define CMP_R_INVALID_ARGS 100
# define CMP_R_INVALID_GENP 193
# define CMP_R_INVALID_OPTION 174
@@ -100,6 +102,7 @@
# define CMP_R_TRANSFER_ERROR 159
# define CMP_R_UNCLEAN_CTX 191
# define CMP_R_UNEXPECTED_CERTPROFILE 196
+# define CMP_R_UNEXPECTED_CRLSTATUSLIST 201
# define CMP_R_UNEXPECTED_PKIBODY 133
# define CMP_R_UNEXPECTED_PKISTATUS 185
# define CMP_R_UNEXPECTED_POLLREQ 105
@@ -107,6 +110,7 @@
# define CMP_R_UNEXPECTED_SENDER 106
# define CMP_R_UNKNOWN_ALGORITHM_ID 134
# define CMP_R_UNKNOWN_CERT_TYPE 135
+# define CMP_R_UNKNOWN_CRL_ISSUER 200
# define CMP_R_UNKNOWN_PKISTATUS 186
# define CMP_R_UNSUPPORTED_ALGORITHM 136
# define CMP_R_UNSUPPORTED_KEY_TYPE 137
diff --git a/vendor/openssl/include/openssl/crypto.h.in b/vendor/openssl/include/openssl/crypto.h.in
index 5d7d3fd..034f150 100644
--- a/vendor/openssl/include/openssl/crypto.h.in
+++ b/vendor/openssl/include/openssl/crypto.h.in
@@ -536,6 +536,8 @@ int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file);
void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
+int OSSL_LIB_CTX_get_conf_diagnostics(OSSL_LIB_CTX *ctx);
+void OSSL_LIB_CTX_set_conf_diagnostics(OSSL_LIB_CTX *ctx, int value);
void OSSL_sleep(uint64_t millis);
diff --git a/vendor/openssl/include/openssl/e_os2.h b/vendor/openssl/include/openssl/e_os2.h
index e01f627..a4aea0b 100644
--- a/vendor/openssl/include/openssl/e_os2.h
+++ b/vendor/openssl/include/openssl/e_os2.h
@@ -200,6 +200,7 @@ extern "C" {
# endif
# ifndef ossl_ssize_t
+# include <sys/types.h>
# define ossl_ssize_t ssize_t
# if defined(SSIZE_MAX)
# define OSSL_SSIZE_MAX SSIZE_MAX
diff --git a/vendor/openssl/include/openssl/sslerr.h b/vendor/openssl/include/openssl/sslerr.h
index 980a6c7..8222b25 100644
--- a/vendor/openssl/include/openssl/sslerr.h
+++ b/vendor/openssl/include/openssl/sslerr.h
@@ -117,6 +117,7 @@
# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354
# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
+# define SSL_R_ERROR_IN_SYSTEM_DEFAULT_CONFIG 419
# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204
# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE 194
# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
@@ -308,10 +309,12 @@
# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086
# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
+# define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120
# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
+# define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115
# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
diff --git a/vendor/openssl/include/openssl/tls1.h b/vendor/openssl/include/openssl/tls1.h
index 7e3d1a7..8ff39e3 100644
--- a/vendor/openssl/include/openssl/tls1.h
+++ b/vendor/openssl/include/openssl/tls1.h
@@ -622,6 +622,10 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb
# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304
# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305
+/* Integrity-only ciphersuites from RFC 9150 */
+# define TLS1_3_CK_SHA256_SHA256 0x0300C0B4
+# define TLS1_3_CK_SHA384_SHA384 0x0300C0B5
+
/* Aria ciphersuites from RFC6209 */
# define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C050
# define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C051
@@ -699,6 +703,8 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb
# define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256"
# define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384"
# define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256"
+# define TLS1_3_RFC_SHA256_SHA256 "TLS_SHA256_SHA256"
+# define TLS1_3_RFC_SHA384_SHA384 "TLS_SHA384_SHA384"
# define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256"
# define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256"
# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA"
diff --git a/vendor/openssl/include/openssl/x509v3.h.in b/vendor/openssl/include/openssl/x509v3.h.in
index b8711d5..a967064 100644
--- a/vendor/openssl/include/openssl/x509v3.h.in
+++ b/vendor/openssl/include/openssl/x509v3.h.in
@@ -178,6 +178,8 @@ typedef struct ACCESS_DESCRIPTION_st {
GENERAL_NAME *location;
} ACCESS_DESCRIPTION;
+int GENERAL_NAME_set1_X509_NAME(GENERAL_NAME **tgt, const X509_NAME *src);
+
{-
generate_stack_macros("ACCESS_DESCRIPTION")
.generate_stack_macros("GENERAL_NAME");
@@ -201,6 +203,7 @@ typedef struct DIST_POINT_NAME_st {
/* If relativename then this contains the full distribution point name */
X509_NAME *dpname;
} DIST_POINT_NAME;
+DECLARE_ASN1_DUP_FUNCTION(DIST_POINT_NAME)
/* All existing reasons */
# define CRLDP_ALL_REASONS 0x807f