aboutsummaryrefslogtreecommitdiff
path: root/vendor/openssl/include
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/openssl/include')
-rw-r--r--vendor/openssl/include/openssl/cmp.h.in57
-rw-r--r--vendor/openssl/include/openssl/cmperr.h6
-rw-r--r--vendor/openssl/include/openssl/core_dispatch.h54
-rw-r--r--vendor/openssl/include/openssl/crmf.h.in9
-rw-r--r--vendor/openssl/include/openssl/crypto.h.in21
-rw-r--r--vendor/openssl/include/openssl/cryptoerr.h3
-rw-r--r--vendor/openssl/include/openssl/e_os2.h3
-rw-r--r--vendor/openssl/include/openssl/evp.h108
-rw-r--r--vendor/openssl/include/openssl/evperr.h5
-rw-r--r--vendor/openssl/include/openssl/fips_names.h51
-rw-r--r--vendor/openssl/include/openssl/fipskey.h.in7
-rw-r--r--vendor/openssl/include/openssl/http.h7
-rw-r--r--vendor/openssl/include/openssl/macros.h14
-rw-r--r--vendor/openssl/include/openssl/obj_mac.h20
-rw-r--r--vendor/openssl/include/openssl/objects.h3
-rw-r--r--vendor/openssl/include/openssl/pem.h3
-rw-r--r--vendor/openssl/include/openssl/pkcs12.h.in5
-rw-r--r--vendor/openssl/include/openssl/proverr.h11
-rw-r--r--vendor/openssl/include/openssl/self_test.h2
-rw-r--r--vendor/openssl/include/openssl/ssl.h.in19
-rw-r--r--vendor/openssl/include/openssl/sslerr.h2
-rw-r--r--vendor/openssl/include/openssl/tls1.h12
-rw-r--r--vendor/openssl/include/openssl/ts.h19
-rw-r--r--vendor/openssl/include/openssl/types.h8
-rw-r--r--vendor/openssl/include/openssl/x509.h.in50
-rw-r--r--vendor/openssl/include/openssl/x509_acert.h.in2
-rw-r--r--vendor/openssl/include/openssl/x509err.h3
-rw-r--r--vendor/openssl/include/openssl/x509v3.h.in42
28 files changed, 413 insertions, 133 deletions
diff --git a/vendor/openssl/include/openssl/cmp.h.in b/vendor/openssl/include/openssl/cmp.h.in
index ad9eb34..d659331 100644
--- a/vendor/openssl/include/openssl/cmp.h.in
+++ b/vendor/openssl/include/openssl/cmp.h.in
@@ -228,6 +228,22 @@ DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
{-
generate_stack_macros("OSSL_CMP_ITAV");
-}
+
+typedef struct ossl_cmp_crlstatus_st OSSL_CMP_CRLSTATUS;
+{-
+ generate_stack_macros("OSSL_CMP_CRLSTATUS");
+-}
+
+typedef OSSL_CRMF_ATTRIBUTETYPEANDVALUE OSSL_CMP_ATAV;
+# define OSSL_CMP_ATAV_free OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free
+typedef STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) OSSL_CMP_ATAVS;
+DECLARE_ASN1_FUNCTIONS(OSSL_CMP_ATAVS)
+# define stack_st_OSSL_CMP_ATAV stack_st_OSSL_CRMF_ATTRIBUTETYPEANDVALUE
+# define sk_OSSL_CMP_ATAV_num sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_num
+# define sk_OSSL_CMP_ATAV_value sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_value
+# define sk_OSSL_CMP_ATAV_push sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_push
+# define sk_OSSL_CMP_ATAV_pop_free sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_pop_free
+
typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT;
typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI;
DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
@@ -257,7 +273,7 @@ void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type,
ASN1_TYPE *value);
ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav);
ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
-int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
+int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **sk_p,
OSSL_CMP_ITAV *itav);
void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
@@ -278,6 +294,39 @@ int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
X509 **newWithOld,
X509 **oldWithNew);
+OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_create(const X509_CRL *crl,
+ const X509 *cert, int only_DN);
+OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_new1(const DIST_POINT_NAME *dpn,
+ const GENERAL_NAMES *issuer,
+ const ASN1_TIME *thisUpdate);
+int OSSL_CMP_CRLSTATUS_get0(const OSSL_CMP_CRLSTATUS *crlstatus,
+ DIST_POINT_NAME **dpn, GENERAL_NAMES **issuer,
+ ASN1_TIME **thisUpdate);
+void OSSL_CMP_CRLSTATUS_free(OSSL_CMP_CRLSTATUS *crlstatus);
+OSSL_CMP_ITAV
+*OSSL_CMP_ITAV_new0_crlStatusList(STACK_OF(OSSL_CMP_CRLSTATUS) *crlStatusList);
+int OSSL_CMP_ITAV_get0_crlStatusList(const OSSL_CMP_ITAV *itav,
+ STACK_OF(OSSL_CMP_CRLSTATUS) **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_crls(const X509_CRL *crls);
+int OSSL_CMP_ITAV_get0_crls(const OSSL_CMP_ITAV *it, STACK_OF(X509_CRL) **out);
+OSSL_CMP_ITAV
+*OSSL_CMP_ITAV_new0_certReqTemplate(OSSL_CRMF_CERTTEMPLATE *certTemplate,
+ OSSL_CMP_ATAVS *keySpec);
+int OSSL_CMP_ITAV_get1_certReqTemplate(const OSSL_CMP_ITAV *itav,
+ OSSL_CRMF_CERTTEMPLATE **certTemplate,
+ OSSL_CMP_ATAVS **keySpec);
+
+OSSL_CMP_ATAV *OSSL_CMP_ATAV_create(ASN1_OBJECT *type, ASN1_TYPE *value);
+void OSSL_CMP_ATAV_set0(OSSL_CMP_ATAV *itav, ASN1_OBJECT *type,
+ ASN1_TYPE *value);
+ASN1_OBJECT *OSSL_CMP_ATAV_get0_type(const OSSL_CMP_ATAV *itav);
+ASN1_TYPE *OSSL_CMP_ATAV_get0_value(const OSSL_CMP_ATAV *itav);
+OSSL_CMP_ATAV *OSSL_CMP_ATAV_new_algId(const X509_ALGOR *alg);
+X509_ALGOR *OSSL_CMP_ATAV_get0_algId(const OSSL_CMP_ATAV *atav);
+OSSL_CMP_ATAV *OSSL_CMP_ATAV_new_rsaKeyLen(int len);
+int OSSL_CMP_ATAV_get_rsaKeyLen(const OSSL_CMP_ATAV *atav);
+int OSSL_CMP_ATAV_push1(OSSL_CMP_ATAVS **sk_p, const OSSL_CMP_ATAV *atav);
+
void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
/* from cmp_ctx.c */
@@ -521,6 +570,12 @@ int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
const X509 *oldWithOld, X509 **newWithNew,
X509 **newWithOld, X509 **oldWithNew);
+int OSSL_CMP_get1_crlUpdate(OSSL_CMP_CTX *ctx, const X509 *crlcert,
+ const X509_CRL *last_crl,
+ X509_CRL **crl);
+int OSSL_CMP_get1_certReqTemplate(OSSL_CMP_CTX *ctx,
+ OSSL_CRMF_CERTTEMPLATE **certTemplate,
+ OSSL_CMP_ATAVS **keySpec);
# ifdef __cplusplus
}
diff --git a/vendor/openssl/include/openssl/cmperr.h b/vendor/openssl/include/openssl/cmperr.h
index 0d876e5..d196924 100644
--- a/vendor/openssl/include/openssl/cmperr.h
+++ b/vendor/openssl/include/openssl/cmperr.h
@@ -60,9 +60,13 @@
# define CMP_R_FAILED_EXTRACTING_PUBKEY 141
# define CMP_R_FAILURE_OBTAINING_RANDOM 110
# define CMP_R_FAIL_INFO_OUT_OF_RANGE 129
+# define CMP_R_GENERATE_CERTREQTEMPLATE 197
+# define CMP_R_GENERATE_CRLSTATUS 198
# define CMP_R_GETTING_GENP 192
+# define CMP_R_GET_ITAV 199
# define CMP_R_INVALID_ARGS 100
# define CMP_R_INVALID_GENP 193
+# define CMP_R_INVALID_KEYSPEC 202
# define CMP_R_INVALID_OPTION 174
# define CMP_R_INVALID_ROOTCAKEYUPDATE 195
# define CMP_R_MISSING_CERTID 165
@@ -100,6 +104,7 @@
# define CMP_R_TRANSFER_ERROR 159
# define CMP_R_UNCLEAN_CTX 191
# define CMP_R_UNEXPECTED_CERTPROFILE 196
+# define CMP_R_UNEXPECTED_CRLSTATUSLIST 201
# define CMP_R_UNEXPECTED_PKIBODY 133
# define CMP_R_UNEXPECTED_PKISTATUS 185
# define CMP_R_UNEXPECTED_POLLREQ 105
@@ -107,6 +112,7 @@
# define CMP_R_UNEXPECTED_SENDER 106
# define CMP_R_UNKNOWN_ALGORITHM_ID 134
# define CMP_R_UNKNOWN_CERT_TYPE 135
+# define CMP_R_UNKNOWN_CRL_ISSUER 200
# define CMP_R_UNKNOWN_PKISTATUS 186
# define CMP_R_UNSUPPORTED_ALGORITHM 136
# define CMP_R_UNSUPPORTED_KEY_TYPE 137
diff --git a/vendor/openssl/include/openssl/core_dispatch.h b/vendor/openssl/include/openssl/core_dispatch.h
index a5bc2cf..03838dd 100644
--- a/vendor/openssl/include/openssl/core_dispatch.h
+++ b/vendor/openssl/include/openssl/core_dispatch.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -13,6 +13,7 @@
# include <stdarg.h>
# include <openssl/core.h>
+# include <openssl/indicator.h>
# ifdef __cplusplus
extern "C" {
@@ -182,6 +183,9 @@ OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO *bio,
#define OSSL_FUNC_GET_USER_ENTROPY 98
#define OSSL_FUNC_GET_USER_NONCE 99
+#define OSSL_FUNC_INDICATOR_CB 95
+OSSL_CORE_MAKE_FUNC(void, indicator_cb, (OPENSSL_CORE_CTX *ctx,
+ OSSL_INDICATOR_CALLBACK **cb))
#define OSSL_FUNC_SELF_TEST_CB 100
OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb,
void **cbarg))
@@ -588,6 +592,9 @@ OSSL_CORE_MAKE_FUNC(void *, keymgmt_new, (void *provctx))
# define OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS 5
# define OSSL_FUNC_KEYMGMT_GEN 6
# define OSSL_FUNC_KEYMGMT_GEN_CLEANUP 7
+# define OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS 15
+# define OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS 16
+
OSSL_CORE_MAKE_FUNC(void *, keymgmt_gen_init,
(void *provctx, int selection, const OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_set_template,
@@ -597,6 +604,10 @@ OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_set_params,
OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *,
keymgmt_gen_settable_params,
(void *genctx, void *provctx))
+OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_get_params,
+ (void *genctx, OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_gen_gettable_params,
+ (void *genctx, void *provctx))
OSSL_CORE_MAKE_FUNC(void *, keymgmt_gen,
(void *genctx, OSSL_CALLBACK *cb, void *cbarg))
OSSL_CORE_MAKE_FUNC(void, keymgmt_gen_cleanup, (void *genctx))
@@ -730,22 +741,45 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keyexch_gettable_ctx_params,
# define OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS 23
# define OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS 24
# define OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS 25
+# define OSSL_FUNC_SIGNATURE_QUERY_KEY_TYPES 26
+# define OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_INIT 27
+# define OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_UPDATE 28
+# define OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_FINAL 29
+# define OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT 30
+# define OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_UPDATE 31
+# define OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_FINAL 32
OSSL_CORE_MAKE_FUNC(void *, signature_newctx, (void *provctx,
- const char *propq))
+ const char *propq))
OSSL_CORE_MAKE_FUNC(int, signature_sign_init, (void *ctx, void *provkey,
const OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(int, signature_sign, (void *ctx, unsigned char *sig,
- size_t *siglen, size_t sigsize,
- const unsigned char *tbs,
- size_t tbslen))
+ size_t *siglen, size_t sigsize,
+ const unsigned char *tbs,
+ size_t tbslen))
+OSSL_CORE_MAKE_FUNC(int, signature_sign_message_init,
+ (void *ctx, void *provkey, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, signature_sign_message_update,
+ (void *ctx, const unsigned char *in, size_t inlen))
+OSSL_CORE_MAKE_FUNC(int, signature_sign_message_final,
+ (void *ctx, unsigned char *sig,
+ size_t *siglen, size_t sigsize))
OSSL_CORE_MAKE_FUNC(int, signature_verify_init, (void *ctx, void *provkey,
const OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(int, signature_verify, (void *ctx,
- const unsigned char *sig,
- size_t siglen,
- const unsigned char *tbs,
- size_t tbslen))
+ const unsigned char *sig,
+ size_t siglen,
+ const unsigned char *tbs,
+ size_t tbslen))
+OSSL_CORE_MAKE_FUNC(int, signature_verify_message_init,
+ (void *ctx, void *provkey, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, signature_verify_message_update,
+ (void *ctx, const unsigned char *in, size_t inlen))
+/*
+ * signature_verify_final requires that the signature to be verified against
+ * is specified via an OSSL_PARAM.
+ */
+OSSL_CORE_MAKE_FUNC(int, signature_verify_message_final, (void *ctx))
OSSL_CORE_MAKE_FUNC(int, signature_verify_recover_init,
(void *ctx, void *provkey, const OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(int, signature_verify_recover,
@@ -790,7 +824,7 @@ OSSL_CORE_MAKE_FUNC(int, signature_set_ctx_md_params,
(void *ctx, const OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, signature_settable_ctx_md_params,
(void *ctx))
-
+OSSL_CORE_MAKE_FUNC(const char **, signature_query_key_types, (void))
/* Asymmetric Ciphers */
diff --git a/vendor/openssl/include/openssl/crmf.h.in b/vendor/openssl/include/openssl/crmf.h.in
index 43411fa..17dc4d9 100644
--- a/vendor/openssl/include/openssl/crmf.h.in
+++ b/vendor/openssl/include/openssl/crmf.h.in
@@ -1,7 +1,7 @@
/*-
* {- join("\n * ", @autowarntext) -}
*
- * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@@ -54,6 +54,12 @@ DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG)
generate_stack_macros("OSSL_CRMF_MSG");
-}
typedef struct ossl_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE;
+void OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(OSSL_CRMF_ATTRIBUTETYPEANDVALUE *v);
+DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
+{-
+ generate_stack_macros("OSSL_CRMF_ATTRIBUTETYPEANDVALUE");
+-}
+
typedef struct ossl_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER)
typedef struct ossl_crmf_poposigningkey_st OSSL_CRMF_POPOSIGNINGKEY;
@@ -71,6 +77,7 @@ typedef struct ossl_crmf_singlepubinfo_st OSSL_CRMF_SINGLEPUBINFO;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO)
typedef struct ossl_crmf_certtemplate_st OSSL_CRMF_CERTTEMPLATE;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE)
+DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTTEMPLATE)
typedef STACK_OF(OSSL_CRMF_MSG) OSSL_CRMF_MSGS;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSGS)
diff --git a/vendor/openssl/include/openssl/crypto.h.in b/vendor/openssl/include/openssl/crypto.h.in
index b2d691b..101719a 100644
--- a/vendor/openssl/include/openssl/crypto.h.in
+++ b/vendor/openssl/include/openssl/crypto.h.in
@@ -1,7 +1,7 @@
/*
* {- join("\n * ", @autowarntext) -}
*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -86,10 +86,15 @@ int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock);
void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock);
int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_add64(uint64_t *val, uint64_t op, uint64_t *ret,
+ CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_and(uint64_t *val, uint64_t op, uint64_t *ret,
+ CRYPTO_RWLOCK *lock);
int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
CRYPTO_RWLOCK *lock);
int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_store(uint64_t *dst, uint64_t val, CRYPTO_RWLOCK *lock);
/* No longer needed, so this is a no-op */
#define OPENSSL_malloc_init() while(0) continue
@@ -98,6 +103,9 @@ int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE)
# define OPENSSL_zalloc(num) \
CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_aligned_alloc(num, alignment, freeptr) \
+ CRYPTO_aligned_alloc(num, alignment, freeptr, \
+ OPENSSL_FILE, OPENSSL_LINE)
# define OPENSSL_realloc(addr, num) \
CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE)
# define OPENSSL_clear_realloc(addr, old_num, num) \
@@ -126,6 +134,7 @@ int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz);
size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz);
size_t OPENSSL_strnlen(const char *str, size_t maxlen);
+int OPENSSL_strtoul(const char *str, char **endptr, int base, unsigned long *num);
int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlength,
const unsigned char *buf, size_t buflen,
const char sep);
@@ -162,6 +171,7 @@ const char *OpenSSL_version(int type);
# define OPENSSL_FULL_VERSION_STRING 7
# define OPENSSL_MODULES_DIR 8
# define OPENSSL_CPU_INFO 9
+# define OPENSSL_WINCTX 10
const char *OPENSSL_info(int type);
/*
@@ -176,6 +186,7 @@ const char *OPENSSL_info(int type);
# define OPENSSL_INFO_LIST_SEPARATOR 1006
# define OPENSSL_INFO_SEED_SOURCE 1007
# define OPENSSL_INFO_CPU_SETTINGS 1008
+# define OPENSSL_INFO_WINDOWS_CONTEXT 1009
int OPENSSL_issetugid(void);
@@ -321,6 +332,9 @@ void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn,
OSSL_CRYPTO_ALLOC void *CRYPTO_malloc(size_t num, const char *file, int line);
OSSL_CRYPTO_ALLOC void *CRYPTO_zalloc(size_t num, const char *file, int line);
+OSSL_CRYPTO_ALLOC void *CRYPTO_aligned_alloc(size_t num, size_t align,
+ void **freeptr, const char *file,
+ int line);
OSSL_CRYPTO_ALLOC void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line);
OSSL_CRYPTO_ALLOC char *CRYPTO_strdup(const char *str, const char *file, int line);
OSSL_CRYPTO_ALLOC char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line);
@@ -529,9 +543,14 @@ int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file);
void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
+int OSSL_LIB_CTX_get_conf_diagnostics(OSSL_LIB_CTX *ctx);
+void OSSL_LIB_CTX_set_conf_diagnostics(OSSL_LIB_CTX *ctx, int value);
void OSSL_sleep(uint64_t millis);
+
+void *OSSL_LIB_CTX_get_data(OSSL_LIB_CTX *ctx, int index);
+
# ifdef __cplusplus
}
# endif
diff --git a/vendor/openssl/include/openssl/cryptoerr.h b/vendor/openssl/include/openssl/cryptoerr.h
index e84b12d..7fa79cf 100644
--- a/vendor/openssl/include/openssl/cryptoerr.h
+++ b/vendor/openssl/include/openssl/cryptoerr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -47,6 +47,7 @@
# define CRYPTO_R_SECURE_MALLOC_FAILURE 111
# define CRYPTO_R_STRING_TOO_LONG 112
# define CRYPTO_R_TOO_MANY_BYTES 113
+# define CRYPTO_R_TOO_MANY_NAMES 132
# define CRYPTO_R_TOO_MANY_RECORDS 114
# define CRYPTO_R_TOO_SMALL_BUFFER 116
# define CRYPTO_R_UNKNOWN_NAME_IN_RANDOM_SECTION 120
diff --git a/vendor/openssl/include/openssl/e_os2.h b/vendor/openssl/include/openssl/e_os2.h
index f1e1795..b8c6107 100644
--- a/vendor/openssl/include/openssl/e_os2.h
+++ b/vendor/openssl/include/openssl/e_os2.h
@@ -200,6 +200,7 @@ extern "C" {
# endif
# ifndef ossl_ssize_t
+# include <sys/types.h>
# define ossl_ssize_t ssize_t
# if defined(SSIZE_MAX)
# define OSSL_SSIZE_MAX SSIZE_MAX
@@ -288,7 +289,7 @@ typedef uint64_t ossl_uintmax_t;
# endif
# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && \
- !defined(__cplusplus)
+ !defined(__cplusplus)
# define ossl_noreturn _Noreturn
# elif defined(__GNUC__) && __GNUC__ >= 2
# define ossl_noreturn __attribute__((noreturn))
diff --git a/vendor/openssl/include/openssl/evp.h b/vendor/openssl/include/openssl/evp.h
index f70b9d7..5466327 100644
--- a/vendor/openssl/include/openssl/evp.h
+++ b/vendor/openssl/include/openssl/evp.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -552,6 +552,7 @@ int EVP_MD_get_block_size(const EVP_MD *md);
# define EVP_MD_block_size EVP_MD_get_block_size
unsigned long EVP_MD_get_flags(const EVP_MD *md);
# define EVP_MD_flags EVP_MD_get_flags
+int EVP_MD_xof(const EVP_MD *md);
const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx);
EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx);
@@ -566,9 +567,11 @@ void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
int (*update) (EVP_MD_CTX *ctx,
const void *data, size_t count));
# endif
+int EVP_MD_CTX_get_size_ex(const EVP_MD_CTX *ctx);
+
# define EVP_MD_CTX_get0_name(e) EVP_MD_get0_name(EVP_MD_CTX_get0_md(e))
-# define EVP_MD_CTX_get_size(e) EVP_MD_get_size(EVP_MD_CTX_get0_md(e))
-# define EVP_MD_CTX_size EVP_MD_CTX_get_size
+# define EVP_MD_CTX_get_size(e) EVP_MD_CTX_get_size_ex(e)
+# define EVP_MD_CTX_size EVP_MD_CTX_get_size_ex
# define EVP_MD_CTX_get_block_size(e) EVP_MD_get_block_size(EVP_MD_CTX_get0_md(e))
# define EVP_MD_CTX_block_size EVP_MD_CTX_get_block_size
# define EVP_MD_CTX_get_type(e) EVP_MD_get_type(EVP_MD_CTX_get0_md(e))
@@ -895,6 +898,10 @@ const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher);
const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *ctx);
const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_set_algor_params(EVP_CIPHER_CTX *ctx, const X509_ALGOR *alg);
+int EVP_CIPHER_CTX_get_algor_params(EVP_CIPHER_CTX *ctx, X509_ALGOR *alg);
+int EVP_CIPHER_CTX_get_algor(EVP_CIPHER_CTX *ctx, X509_ALGOR **alg);
+
const BIO_METHOD *BIO_f_md(void);
const BIO_METHOD *BIO_f_base64(void);
const BIO_METHOD *BIO_f_cipher(void);
@@ -1690,33 +1697,47 @@ int EVP_PKEY_CTX_set_kem_op(EVP_PKEY_CTX *ctx, const char *op);
const char *EVP_PKEY_get0_type_name(const EVP_PKEY *key);
# define EVP_PKEY_OP_UNDEFINED 0
-# define EVP_PKEY_OP_PARAMGEN (1<<1)
-# define EVP_PKEY_OP_KEYGEN (1<<2)
-# define EVP_PKEY_OP_FROMDATA (1<<3)
-# define EVP_PKEY_OP_SIGN (1<<4)
-# define EVP_PKEY_OP_VERIFY (1<<5)
-# define EVP_PKEY_OP_VERIFYRECOVER (1<<6)
-# define EVP_PKEY_OP_SIGNCTX (1<<7)
-# define EVP_PKEY_OP_VERIFYCTX (1<<8)
-# define EVP_PKEY_OP_ENCRYPT (1<<9)
-# define EVP_PKEY_OP_DECRYPT (1<<10)
-# define EVP_PKEY_OP_DERIVE (1<<11)
-# define EVP_PKEY_OP_ENCAPSULATE (1<<12)
-# define EVP_PKEY_OP_DECAPSULATE (1<<13)
-
-# define EVP_PKEY_OP_TYPE_SIG \
- (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \
- | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX)
-
-# define EVP_PKEY_OP_TYPE_CRYPT \
- (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)
-
-# define EVP_PKEY_OP_TYPE_NOGEN \
- (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE)
-
-# define EVP_PKEY_OP_TYPE_GEN \
- (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
-
+# define EVP_PKEY_OP_PARAMGEN (1 << 1)
+# define EVP_PKEY_OP_KEYGEN (1 << 2)
+# define EVP_PKEY_OP_FROMDATA (1 << 3)
+# define EVP_PKEY_OP_SIGN (1 << 4)
+# define EVP_PKEY_OP_VERIFY (1 << 5)
+# define EVP_PKEY_OP_VERIFYRECOVER (1 << 6)
+# define EVP_PKEY_OP_SIGNCTX (1 << 7)
+# define EVP_PKEY_OP_VERIFYCTX (1 << 8)
+# define EVP_PKEY_OP_ENCRYPT (1 << 9)
+# define EVP_PKEY_OP_DECRYPT (1 << 10)
+# define EVP_PKEY_OP_DERIVE (1 << 11)
+# define EVP_PKEY_OP_ENCAPSULATE (1 << 12)
+# define EVP_PKEY_OP_DECAPSULATE (1 << 13)
+# define EVP_PKEY_OP_SIGNMSG (1 << 14)
+# define EVP_PKEY_OP_VERIFYMSG (1 << 15)
+/* Update the following when adding new EVP_PKEY_OPs */
+# define EVP_PKEY_OP_ALL ((1 << 16) - 1)
+
+# define EVP_PKEY_OP_TYPE_SIG \
+ (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG \
+ | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYMSG \
+ | EVP_PKEY_OP_VERIFYRECOVER \
+ | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX)
+
+# define EVP_PKEY_OP_TYPE_CRYPT \
+ (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)
+
+# define EVP_PKEY_OP_TYPE_DERIVE \
+ (EVP_PKEY_OP_DERIVE)
+
+# define EVP_PKEY_OP_TYPE_DATA \
+ (EVP_PKEY_OP_FROMDATA)
+
+# define EVP_PKEY_OP_TYPE_KEM \
+ (EVP_PKEY_OP_ENCAPSULATE | EVP_PKEY_OP_DECAPSULATE)
+
+# define EVP_PKEY_OP_TYPE_GEN \
+ (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
+
+# define EVP_PKEY_OP_TYPE_NOGEN \
+ (EVP_PKEY_OP_ALL & ~EVP_PKEY_OP_TYPE_GEN)
int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, const unsigned char *key,
int keylen);
@@ -1780,6 +1801,7 @@ int EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt,
const OSSL_PARAM *EVP_KEYMGMT_gettable_params(const EVP_KEYMGMT *keymgmt);
const OSSL_PARAM *EVP_KEYMGMT_settable_params(const EVP_KEYMGMT *keymgmt);
const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt);
+const OSSL_PARAM *EVP_KEYMGMT_gen_gettable_params(const EVP_KEYMGMT *keymgmt);
EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
@@ -1796,6 +1818,11 @@ int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx);
int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params);
const OSSL_PARAM *EVP_PKEY_CTX_settable_params(const EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_CTX_set_algor_params(EVP_PKEY_CTX *ctx, const X509_ALGOR *alg);
+int EVP_PKEY_CTX_get_algor_params(EVP_PKEY_CTX *ctx, X509_ALGOR *alg);
+int EVP_PKEY_CTX_get_algor(EVP_PKEY_CTX *ctx, X509_ALGOR **alg);
+
int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
int cmd, int p1, void *p2);
int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
@@ -1846,6 +1873,9 @@ EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx);
void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_CTX_set_signature(EVP_PKEY_CTX *pctx,
+ const unsigned char *sig, size_t siglen);
+
void EVP_SIGNATURE_free(EVP_SIGNATURE *signature);
int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature);
OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature);
@@ -1899,17 +1929,35 @@ const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem);
int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_sign_init_ex2(EVP_PKEY_CTX *ctx,
+ EVP_SIGNATURE *algo, const OSSL_PARAM params[]);
int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
unsigned char *sig, size_t *siglen,
const unsigned char *tbs, size_t tbslen);
+int EVP_PKEY_sign_message_init(EVP_PKEY_CTX *ctx,
+ EVP_SIGNATURE *algo, const OSSL_PARAM params[]);
+int EVP_PKEY_sign_message_update(EVP_PKEY_CTX *ctx,
+ const unsigned char *in, size_t inlen);
+int EVP_PKEY_sign_message_final(EVP_PKEY_CTX *ctx,
+ unsigned char *sig, size_t *siglen);
int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_verify_init_ex2(EVP_PKEY_CTX *ctx,
+ EVP_SIGNATURE *algo, const OSSL_PARAM params[]);
int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
const unsigned char *sig, size_t siglen,
const unsigned char *tbs, size_t tbslen);
+int EVP_PKEY_verify_message_init(EVP_PKEY_CTX *ctx,
+ EVP_SIGNATURE *algo, const OSSL_PARAM params[]);
+int EVP_PKEY_verify_message_update(EVP_PKEY_CTX *ctx,
+ const unsigned char *in, size_t inlen);
+int EVP_PKEY_verify_message_final(EVP_PKEY_CTX *ctx);
int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx,
const OSSL_PARAM params[]);
+int EVP_PKEY_verify_recover_init_ex2(EVP_PKEY_CTX *ctx,
+ EVP_SIGNATURE *algo,
+ const OSSL_PARAM params[]);
int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
unsigned char *rout, size_t *routlen,
const unsigned char *sig, size_t siglen);
diff --git a/vendor/openssl/include/openssl/evperr.h b/vendor/openssl/include/openssl/evperr.h
index 11f3faa..0a991f7 100644
--- a/vendor/openssl/include/openssl/evperr.h
+++ b/vendor/openssl/include/openssl/evperr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -54,6 +54,7 @@
# define EVP_R_EXPECTING_A_SIPHASH_KEY 175
# define EVP_R_FINAL_ERROR 188
# define EVP_R_GENERATE_ERROR 214
+# define EVP_R_GETTING_ALGORITHMIDENTIFIER_NOT_SUPPORTED 229
# define EVP_R_GET_RAW_KEY_FAILED 182
# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171
# define EVP_R_INACCESSIBLE_DOMAIN_PARAMETERS 204
@@ -94,6 +95,7 @@
# define EVP_R_ONLY_ONESHOT_SUPPORTED 177
# define EVP_R_OPERATION_NOT_INITIALIZED 151
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
+# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_SIGNATURE_TYPE 226
# define EVP_R_OUTPUT_WOULD_OVERFLOW 202
# define EVP_R_PARAMETER_TOO_LARGE 187
# define EVP_R_PARTIALLY_OVERLAPPING 162
@@ -104,6 +106,7 @@
# define EVP_R_PUBLIC_KEY_NOT_RSA 106
# define EVP_R_SETTING_XOF_FAILED 227
# define EVP_R_SET_DEFAULT_PROPERTY_FAILURE 209
+# define EVP_R_SIGNATURE_TYPE_AND_KEY_TYPE_INCOMPATIBLE 228
# define EVP_R_TOO_MANY_RECORDS 183
# define EVP_R_UNABLE_TO_ENABLE_LOCKING 212
# define EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE 215
diff --git a/vendor/openssl/include/openssl/fips_names.h b/vendor/openssl/include/openssl/fips_names.h
index 5c77f6d..fa481fc 100644
--- a/vendor/openssl/include/openssl/fips_names.h
+++ b/vendor/openssl/include/openssl/fips_names.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -17,27 +17,18 @@ extern "C" {
/*
* Parameter names that the FIPS Provider defines
+ * All parameters are of type: OSSL_PARAM_UTF8_STRING
*/
-/*
- * The calculated MAC of the module file (Used for FIPS Self Testing)
- * Type: OSSL_PARAM_UTF8_STRING
- */
+/* The following 4 Parameters are used for FIPS Self Testing */
+
+/* The calculated MAC of the module file */
# define OSSL_PROV_FIPS_PARAM_MODULE_MAC "module-mac"
-/*
- * A version number for the fips install process (Used for FIPS Self Testing)
- * Type: OSSL_PARAM_UTF8_STRING
- */
+/* The Version number for the fips install process */
# define OSSL_PROV_FIPS_PARAM_INSTALL_VERSION "install-version"
-/*
- * The calculated MAC of the install status indicator (Used for FIPS Self Testing)
- * Type: OSSL_PARAM_UTF8_STRING
- */
+/* The calculated MAC of the install status indicator */
# define OSSL_PROV_FIPS_PARAM_INSTALL_MAC "install-mac"
-/*
- * The install status indicator (Used for FIPS Self Testing)
- * Type: OSSL_PARAM_UTF8_STRING
- */
+/* The install status indicator */
# define OSSL_PROV_FIPS_PARAM_INSTALL_STATUS "install-status"
/*
@@ -47,28 +38,10 @@ extern "C" {
*/
# define OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS "conditional-errors"
-/*
- * A boolean that determines if the runtime FIPS security checks are performed.
- * This is enabled by default.
- * Type: OSSL_PARAM_UTF8_STRING
- */
-# define OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS "security-checks"
-
-/*
- * A boolean that determines if the runtime FIPS check for TLS1_PRF EMS is performed.
- * This is disabled by default.
- * Type: OSSL_PARAM_UTF8_STRING
- */
-# define OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
-
-/*
- * A boolean that determines if truncated digests can be used with Hash and HMAC
- * DRBGs. FIPS 140-3 IG D.R disallows such use for efficiency rather than
- * security reasons.
- * This is disabled by default.
- * Type: OSSL_PARAM_UTF8_STRING
- */
-# define OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+/* The following are provided for backwards compatibility */
+# define OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS OSSL_PROV_PARAM_SECURITY_CHECKS
+# define OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK
+# define OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST
# ifdef __cplusplus
}
diff --git a/vendor/openssl/include/openssl/fipskey.h.in b/vendor/openssl/include/openssl/fipskey.h.in
index 56b947e..c53012a 100644
--- a/vendor/openssl/include/openssl/fipskey.h.in
+++ b/vendor/openssl/include/openssl/fipskey.h.in
@@ -1,7 +1,7 @@
/*
* {- join("\n * ", @autowarntext) -}
*
- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -28,6 +28,11 @@ extern "C" {
*/
#define FIPS_KEY_STRING "{- $config{FIPSKEY} -}"
+/*
+ * The FIPS provider vendor name, as a string.
+ */
+#define FIPS_VENDOR "{- $config{FIPS_VENDOR} -}"
+
# ifdef __cplusplus
}
# endif
diff --git a/vendor/openssl/include/openssl/http.h b/vendor/openssl/include/openssl/http.h
index 8f4e9da..339b567 100644
--- a/vendor/openssl/include/openssl/http.h
+++ b/vendor/openssl/include/openssl/http.h
@@ -35,9 +35,10 @@ extern "C" {
# ifndef OPENSSL_NO_HTTP
-#define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
-#define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
-#define OSSL_HTTP_DEFAULT_MAX_RESP_HDR_LINES 256
+# define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
+# define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
+# define OSSL_HTTP_DEFAULT_MAX_CRL_LEN (32 * 1024 * 1024)
+# define OSSL_HTTP_DEFAULT_MAX_RESP_HDR_LINES 256
/* Low-level HTTP API */
diff --git a/vendor/openssl/include/openssl/macros.h b/vendor/openssl/include/openssl/macros.h
index e9ef938..8330c75 100644
--- a/vendor/openssl/include/openssl/macros.h
+++ b/vendor/openssl/include/openssl/macros.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -169,6 +169,7 @@
* 'no-deprecated'.
*/
+# undef OPENSSL_NO_DEPRECATED_3_4
# undef OPENSSL_NO_DEPRECATED_3_1
# undef OPENSSL_NO_DEPRECATED_3_0
# undef OPENSSL_NO_DEPRECATED_1_1_1
@@ -178,6 +179,17 @@
# undef OPENSSL_NO_DEPRECATED_1_0_0
# undef OPENSSL_NO_DEPRECATED_0_9_8
+# if OPENSSL_API_LEVEL >= 30400
+# ifndef OPENSSL_NO_DEPRECATED
+# define OSSL_DEPRECATEDIN_3_4 OSSL_DEPRECATED(3.4)
+# define OSSL_DEPRECATEDIN_3_4_FOR(msg) OSSL_DEPRECATED_FOR(3.4, msg)
+# else
+# define OPENSSL_NO_DEPRECATED_3_4
+# endif
+# else
+# define OSSL_DEPRECATEDIN_3_4
+# define OSSL_DEPRECATEDIN_3_4_FOR(msg)
+# endif
# if OPENSSL_API_LEVEL >= 30100
# ifndef OPENSSL_NO_DEPRECATED
# define OSSL_DEPRECATEDIN_3_1 OSSL_DEPRECATED(3.1)
diff --git a/vendor/openssl/include/openssl/obj_mac.h b/vendor/openssl/include/openssl/obj_mac.h
index 1b7d924..ea603c2 100644
--- a/vendor/openssl/include/openssl/obj_mac.h
+++ b/vendor/openssl/include/openssl/obj_mac.h
@@ -1583,9 +1583,13 @@
#define NID_qcStatements 286
#define OBJ_qcStatements OBJ_id_pe,3L
-#define SN_ac_auditEntity "ac-auditEntity"
-#define NID_ac_auditEntity 287
-#define OBJ_ac_auditEntity OBJ_id_pe,4L
+#define SN_ac_auditIdentity "ac-auditIdentity"
+#define LN_ac_auditIdentity "X509v3 Audit Identity"
+#define NID_ac_auditIdentity 287
+#define OBJ_ac_auditIdentity OBJ_id_pe,4L
+
+#define NID_ac_auditEntity 1323
+#define OBJ_ac_auditEntity OBJ_ac_auditIdentity
#define SN_ac_targeting "ac-targeting"
#define NID_ac_targeting 288
@@ -2022,6 +2026,11 @@
#define NID_id_on_permanentIdentifier 858
#define OBJ_id_on_permanentIdentifier OBJ_id_on,3L
+#define SN_id_on_hardwareModuleName "id-on-hardwareModuleName"
+#define LN_id_on_hardwareModuleName "Hardware Module Name"
+#define NID_id_on_hardwareModuleName 1321
+#define OBJ_id_on_hardwareModuleName OBJ_id_on,4L
+
#define SN_XmppAddr "id-on-xmppAddr"
#define LN_XmppAddr "XmppAddr"
#define NID_XmppAddr 1209
@@ -3019,6 +3028,11 @@
#define NID_dcObject 390
#define OBJ_dcObject OBJ_Enterprises,1466L,344L
+#define SN_id_kp_wisun_fan_device "id-kp-wisun-fan-device"
+#define LN_id_kp_wisun_fan_device "Wi-SUN Alliance Field Area Network (FAN)"
+#define NID_id_kp_wisun_fan_device 1322
+#define OBJ_id_kp_wisun_fan_device OBJ_Enterprises,45605L,1L
+
#define SN_mime_mhs "mime-mhs"
#define LN_mime_mhs "MIME MHS"
#define NID_mime_mhs 504
diff --git a/vendor/openssl/include/openssl/objects.h b/vendor/openssl/include/openssl/objects.h
index 9ea91c2..cc9f3c5 100644
--- a/vendor/openssl/include/openssl/objects.h
+++ b/vendor/openssl/include/openssl/objects.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -176,6 +176,7 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
void OBJ_sigid_free(void);
+#define SN_ac_auditEntity SN_ac_auditIdentity
# ifdef __cplusplus
}
diff --git a/vendor/openssl/include/openssl/pem.h b/vendor/openssl/include/openssl/pem.h
index 0446c77..6b7b66a 100644
--- a/vendor/openssl/include/openssl/pem.h
+++ b/vendor/openssl/include/openssl/pem.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -58,6 +58,7 @@ extern "C" {
# define PEM_STRING_PARAMETERS "PARAMETERS"
# define PEM_STRING_CMS "CMS"
# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
+# define PEM_STRING_ACERT "ATTRIBUTE CERTIFICATE"
# define PEM_TYPE_ENCRYPTED 10
# define PEM_TYPE_MIC_ONLY 20
diff --git a/vendor/openssl/include/openssl/pkcs12.h.in b/vendor/openssl/include/openssl/pkcs12.h.in
index 35759d4..097afba 100644
--- a/vendor/openssl/include/openssl/pkcs12.h.in
+++ b/vendor/openssl/include/openssl/pkcs12.h.in
@@ -1,7 +1,7 @@
/*
* {- join("\n * ", @autowarntext) -}
*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -269,6 +269,9 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
unsigned char *salt, int saltlen, int iter,
const EVP_MD *md_type);
+int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen,
+ unsigned char *salt, int saltlen, int iter,
+ const EVP_MD *md_type, const char *prf_md_name);
int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
int saltlen, const EVP_MD *md_type);
unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
diff --git a/vendor/openssl/include/openssl/proverr.h b/vendor/openssl/include/openssl/proverr.h
index d9ef568..d10b653 100644
--- a/vendor/openssl/include/openssl/proverr.h
+++ b/vendor/openssl/include/openssl/proverr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -30,9 +30,11 @@
# define PROV_R_BAD_TLS_CLIENT_VERSION 161
# define PROV_R_BN_ERROR 160
# define PROV_R_CIPHER_OPERATION_FAILED 102
+# define PROV_R_COFACTOR_REQUIRED 236
# define PROV_R_DERIVATION_FUNCTION_INIT_FAILED 205
# define PROV_R_DIGEST_NOT_ALLOWED 174
# define PROV_R_EMS_NOT_ENABLED 233
+# define PROV_R_ENTROPY_SOURCE_FAILED_CONTINUOUS_TESTS 244
# define PROV_R_ENTROPY_SOURCE_STRENGTH_TOO_WEAK 186
# define PROV_R_ERROR_INSTANTIATING_DRBG 188
# define PROV_R_ERROR_RETRIEVING_ENTROPY 189
@@ -44,12 +46,14 @@
# define PROV_R_FAILED_TO_GET_PARAMETER 103
# define PROV_R_FAILED_TO_SET_PARAMETER 104
# define PROV_R_FAILED_TO_SIGN 175
+# define PROV_R_FINAL_CALL_OUT_OF_ORDER 237
# define PROV_R_FIPS_MODULE_CONDITIONAL_ERROR 227
# define PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE 224
# define PROV_R_FIPS_MODULE_IN_ERROR_STATE 225
# define PROV_R_GENERATE_ERROR 191
# define PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 165
# define PROV_R_INDICATOR_INTEGRITY_FAILURE 210
+# define PROV_R_INIT_CALL_OUT_OF_ORDER 238
# define PROV_R_INSUFFICIENT_DRBG_STRENGTH 181
# define PROV_R_INVALID_AAD 108
# define PROV_R_INVALID_AEAD 231
@@ -61,6 +65,7 @@
# define PROV_R_INVALID_DIGEST 122
# define PROV_R_INVALID_DIGEST_LENGTH 166
# define PROV_R_INVALID_DIGEST_SIZE 218
+# define PROV_R_INVALID_EDDSA_INSTANCE_FOR_ATTEMPTED_OPERATION 243
# define PROV_R_INVALID_INPUT_LENGTH 230
# define PROV_R_INVALID_ITERATION_COUNT 123
# define PROV_R_INVALID_IV_LENGTH 109
@@ -73,6 +78,7 @@
# define PROV_R_INVALID_MODE 125
# define PROV_R_INVALID_OUTPUT_LENGTH 217
# define PROV_R_INVALID_PADDING_MODE 168
+# define PROV_R_INVALID_PREHASHED_DIGEST_LENGTH 241
# define PROV_R_INVALID_PUBINFO 198
# define PROV_R_INVALID_SALT_LENGTH 112
# define PROV_R_INVALID_SEED_LENGTH 154
@@ -110,8 +116,10 @@
# define PROV_R_NOT_PARAMETERS 226
# define PROV_R_NOT_SUPPORTED 136
# define PROV_R_NOT_XOF_OR_INVALID_LENGTH 113
+# define PROV_R_NO_INSTANCE_ALLOWED 242
# define PROV_R_NO_KEY_SET 114
# define PROV_R_NO_PARAMETERS_SET 177
+# define PROV_R_ONESHOT_CALL_OUT_OF_ORDER 239
# define PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 178
# define PROV_R_OUTPUT_BUFFER_TOO_SMALL 106
# define PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS 228
@@ -142,6 +150,7 @@
# define PROV_R_UNSUPPORTED_KEY_SIZE 153
# define PROV_R_UNSUPPORTED_MAC_TYPE 137
# define PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS 152
+# define PROV_R_UPDATE_CALL_OUT_OF_ORDER 240
# define PROV_R_URI_AUTHORITY_UNSUPPORTED 223
# define PROV_R_VALUE_ERROR 138
# define PROV_R_WRONG_FINAL_BLOCK_LENGTH 107
diff --git a/vendor/openssl/include/openssl/self_test.h b/vendor/openssl/include/openssl/self_test.h
index 1782204..98652f9 100644
--- a/vendor/openssl/include/openssl/self_test.h
+++ b/vendor/openssl/include/openssl/self_test.h
@@ -44,6 +44,7 @@ extern "C" {
/* Test event sub categories */
# define OSSL_SELF_TEST_DESC_NONE "None"
# define OSSL_SELF_TEST_DESC_INTEGRITY_HMAC "HMAC"
+# define OSSL_SELF_TEST_DESC_PCT_RSA "RSA"
# define OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1 "RSA"
# define OSSL_SELF_TEST_DESC_PCT_ECDSA "ECDSA"
# define OSSL_SELF_TEST_DESC_PCT_EDDSA "EDDSA"
@@ -59,6 +60,7 @@ extern "C" {
# define OSSL_SELF_TEST_DESC_SIGN_DSA "DSA"
# define OSSL_SELF_TEST_DESC_SIGN_RSA "RSA"
# define OSSL_SELF_TEST_DESC_SIGN_ECDSA "ECDSA"
+# define OSSL_SELF_TEST_DESC_SIGN_EDDSA "EDDSA"
# define OSSL_SELF_TEST_DESC_DRBG_CTR "CTR"
# define OSSL_SELF_TEST_DESC_DRBG_HASH "HASH"
# define OSSL_SELF_TEST_DESC_DRBG_HMAC "HMAC"
diff --git a/vendor/openssl/include/openssl/ssl.h.in b/vendor/openssl/include/openssl/ssl.h.in
index 442d5cb..4bab2ac 100644
--- a/vendor/openssl/include/openssl/ssl.h.in
+++ b/vendor/openssl/include/openssl/ssl.h.in
@@ -236,10 +236,8 @@ typedef struct ssl_cipher_st SSL_CIPHER;
typedef struct ssl_session_st SSL_SESSION;
typedef struct tls_sigalgs_st TLS_SIGALGS;
typedef struct ssl_conf_ctx_st SSL_CONF_CTX;
-typedef struct ssl_comp_st SSL_COMP;
STACK_OF(SSL_CIPHER);
-STACK_OF(SSL_COMP);
/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
typedef struct srtp_protection_profile_st {
@@ -975,8 +973,7 @@ extern "C" {
* in VisualStudio 2015
*/
{-
- generate_const_stack_macros("SSL_CIPHER")
- .generate_stack_macros("SSL_COMP");
+ generate_const_stack_macros("SSL_CIPHER");
-}
/* compatibility */
@@ -1572,7 +1569,11 @@ void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *);
__owur int SSL_want(const SSL *s);
__owur int SSL_clear(SSL *s);
+#ifndef OPENSSL_NO_DEPRECATED_3_4
+OSSL_DEPRECATEDIN_3_4_FOR("not Y2038-safe, replace with SSL_CTX_flush_sessions_ex()")
void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
+#endif
+void SSL_CTX_flush_sessions_ex(SSL_CTX *ctx, time_t tm);
__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
__owur const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s);
@@ -1684,8 +1685,13 @@ __owur const char *SSL_state_string(const SSL *s);
__owur const char *SSL_rstate_string(const SSL *s);
__owur const char *SSL_state_string_long(const SSL *s);
__owur const char *SSL_rstate_string_long(const SSL *s);
+
+#ifndef OPENSSL_NO_DEPRECATED_3_4
+OSSL_DEPRECATEDIN_3_4_FOR("not Y2038-safe, replace with SSL_SESSION_get_time_ex()")
__owur long SSL_SESSION_get_time(const SSL_SESSION *s);
+OSSL_DEPRECATEDIN_3_4_FOR("not Y2038-safe, replace with SSL_SESSION_set_time_ex()")
__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t);
+#endif
__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s);
__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
@@ -2257,6 +2263,8 @@ void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg);
void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx);
int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size);
+int SSL_CTX_set_block_padding_ex(SSL_CTX *ctx, size_t app_block_size,
+ size_t hs_block_size);
int SSL_set_record_padding_callback(SSL *ssl,
size_t (*cb) (SSL *ssl, int type,
@@ -2264,7 +2272,8 @@ int SSL_set_record_padding_callback(SSL *ssl,
void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg);
void *SSL_get_record_padding_callback_arg(const SSL *ssl);
int SSL_set_block_padding(SSL *ssl, size_t block_size);
-
+int SSL_set_block_padding_ex(SSL *ssl, size_t app_block_size,
+ size_t hs_block_size);
int SSL_set_num_tickets(SSL *s, size_t num_tickets);
size_t SSL_get_num_tickets(const SSL *s);
int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
diff --git a/vendor/openssl/include/openssl/sslerr.h b/vendor/openssl/include/openssl/sslerr.h
index ec35df6..d6ae547 100644
--- a/vendor/openssl/include/openssl/sslerr.h
+++ b/vendor/openssl/include/openssl/sslerr.h
@@ -117,6 +117,7 @@
# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354
# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
+# define SSL_R_ERROR_IN_SYSTEM_DEFAULT_CONFIG 419
# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204
# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE 194
# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
@@ -178,6 +179,7 @@
# define SSL_R_MISSING_SIGNING_CERT 221
# define SSL_R_MISSING_SRP_PARAM 358
# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION 209
+# define SSL_R_MISSING_SUPPORTED_VERSIONS_EXTENSION 420
# define SSL_R_MISSING_TMP_DH_KEY 171
# define SSL_R_MISSING_TMP_ECDH_KEY 311
# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293
diff --git a/vendor/openssl/include/openssl/tls1.h b/vendor/openssl/include/openssl/tls1.h
index 7e3d1a7..8e9b110 100644
--- a/vendor/openssl/include/openssl/tls1.h
+++ b/vendor/openssl/include/openssl/tls1.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -231,6 +231,8 @@ extern "C" {
# define TLSEXT_max_fragment_length_1024 2
# define TLSEXT_max_fragment_length_2048 3
# define TLSEXT_max_fragment_length_4096 4
+/* OpenSSL value for unset maximum fragment length extension */
+# define TLSEXT_max_fragment_length_UNSPECIFIED 255
/*
* TLS Certificate Type (for RFC7250)
@@ -280,6 +282,8 @@ int SSL_get_sigalgs(SSL *s, int idx,
int *psign, int *phash, int *psignandhash,
unsigned char *rsig, unsigned char *rhash);
+char *SSL_get1_builtin_sigalgs(OSSL_LIB_CTX *libctx);
+
int SSL_get_shared_sigalgs(SSL *s, int idx,
int *psign, int *phash, int *psignandhash,
unsigned char *rsig, unsigned char *rhash);
@@ -622,6 +626,10 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb
# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304
# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305
+/* Integrity-only ciphersuites from RFC 9150 */
+# define TLS1_3_CK_SHA256_SHA256 0x0300C0B4
+# define TLS1_3_CK_SHA384_SHA384 0x0300C0B5
+
/* Aria ciphersuites from RFC6209 */
# define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C050
# define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C051
@@ -699,6 +707,8 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb
# define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256"
# define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384"
# define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256"
+# define TLS1_3_RFC_SHA256_SHA256 "TLS_SHA256_SHA256"
+# define TLS1_3_RFC_SHA384_SHA384 "TLS_SHA384_SHA384"
# define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256"
# define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256"
# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA"
diff --git a/vendor/openssl/include/openssl/ts.h b/vendor/openssl/include/openssl/ts.h
index b09b646..31c78b5 100644
--- a/vendor/openssl/include/openssl/ts.h
+++ b/vendor/openssl/include/openssl/ts.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -418,14 +418,31 @@ void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);
void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);
int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f);
int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f);
+# ifndef OPENSSL_NO_DEPRECATED_3_4
+OSSL_DEPRECATEDIN_3_4_FOR("Unclear semantics, replace with TS_VERIFY_CTX_set0_data().")
BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b);
+# endif
+int TS_VERIFY_CTX_set0_data(TS_VERIFY_CTX *ctx, BIO *b);
+# ifndef OPENSSL_NO_DEPRECATED_3_4
+OSSL_DEPRECATEDIN_3_4_FOR("Unclear semantics, replace with TS_VERIFY_CTX_set0_imprint().")
unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
unsigned char *hexstr, long len);
+# endif
+int TS_VERIFY_CTX_set0_imprint(TS_VERIFY_CTX *ctx,
+ unsigned char *hexstr, long len);
+# ifndef OPENSSL_NO_DEPRECATED_3_4
+OSSL_DEPRECATEDIN_3_4_FOR("Unclear semantics, replace with TS_VERIFY_CTX_set0_store().")
X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s);
+# endif
+int TS_VERIFY_CTX_set0_store(TS_VERIFY_CTX *ctx, X509_STORE *s);
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define TS_VERIFY_CTS_set_certs(ctx, cert) TS_VERIFY_CTX_set_certs(ctx,cert)
# endif
+# ifndef OPENSSL_NO_DEPRECATED_3_4
+OSSL_DEPRECATEDIN_3_4_FOR("Unclear semantics, replace with TS_VERIFY_CTX_set0_certs().")
STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs);
+# endif
+int TS_VERIFY_CTX_set0_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs);
/*-
* If ctx is NULL, it allocates and returns a new object, otherwise
diff --git a/vendor/openssl/include/openssl/types.h b/vendor/openssl/include/openssl/types.h
index c280286..e05a350 100644
--- a/vendor/openssl/include/openssl/types.h
+++ b/vendor/openssl/include/openssl/types.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -33,6 +33,12 @@ extern "C" {
# include <openssl/safestack.h>
# include <openssl/macros.h>
+# if OPENSSL_VERSION_MAJOR >= 4
+# define OSSL_FUTURE_CONST const
+# else
+# define OSSL_FUTURE_CONST
+# endif
+
typedef struct ossl_provider_st OSSL_PROVIDER; /* Provider Object */
# ifdef NO_ASN1_TYPEDEFS
diff --git a/vendor/openssl/include/openssl/x509.h.in b/vendor/openssl/include/openssl/x509.h.in
index 7210391..2100790 100644
--- a/vendor/openssl/include/openssl/x509.h.in
+++ b/vendor/openssl/include/openssl/x509.h.in
@@ -1,7 +1,7 @@
/*
* {- join("\n * ", @autowarntext) -}
*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -67,16 +67,24 @@ extern "C" {
# define X509_FILETYPE_ASN1 2
# define X509_FILETYPE_DEFAULT 3
-# define X509v3_KU_DIGITAL_SIGNATURE 0x0080
-# define X509v3_KU_NON_REPUDIATION 0x0040
-# define X509v3_KU_KEY_ENCIPHERMENT 0x0020
-# define X509v3_KU_DATA_ENCIPHERMENT 0x0010
-# define X509v3_KU_KEY_AGREEMENT 0x0008
-# define X509v3_KU_KEY_CERT_SIGN 0x0004
-# define X509v3_KU_CRL_SIGN 0x0002
-# define X509v3_KU_ENCIPHER_ONLY 0x0001
-# define X509v3_KU_DECIPHER_ONLY 0x8000
-# define X509v3_KU_UNDEF 0xffff
+/*-
+ * <https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3>:
+ * The KeyUsage BITSTRING is treated as a little-endian integer, hence bit `0`
+ * is 0x80, while bit `7` is 0x01 (the LSB of the integer value), bit `8` is
+ * then the MSB of the second octet, or 0x8000.
+ */
+# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 /* (0) */
+# define X509v3_KU_NON_REPUDIATION 0x0040 /* (1) */
+# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 /* (2) */
+# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 /* (3) */
+# define X509v3_KU_KEY_AGREEMENT 0x0008 /* (4) */
+# define X509v3_KU_KEY_CERT_SIGN 0x0004 /* (5) */
+# define X509v3_KU_CRL_SIGN 0x0002 /* (6) */
+# define X509v3_KU_ENCIPHER_ONLY 0x0001 /* (7) */
+# define X509v3_KU_DECIPHER_ONLY 0x8000 /* (8) */
+# ifndef OPENSSL_NO_DEPRECATED_3_4
+# define X509v3_KU_UNDEF 0xffff /* vestigial, not used */
+# endif
struct X509_algor_st {
ASN1_OBJECT *algorithm;
@@ -271,7 +279,12 @@ typedef struct PBKDF2PARAM_st {
X509_ALGOR *prf;
} PBKDF2PARAM;
-#ifndef OPENSSL_NO_SCRYPT
+typedef struct {
+ X509_ALGOR *keyDerivationFunc;
+ X509_ALGOR *messageAuthScheme;
+} PBMAC1PARAM;
+
+# ifndef OPENSSL_NO_SCRYPT
typedef struct SCRYPT_PARAMS_st {
ASN1_OCTET_STRING *salt;
ASN1_INTEGER *costParameter;
@@ -279,7 +292,7 @@ typedef struct SCRYPT_PARAMS_st {
ASN1_INTEGER *parallelizationParameter;
ASN1_INTEGER *keyLength;
} SCRYPT_PARAMS;
-#endif
+# endif
#ifdef __cplusplus
}
@@ -702,7 +715,7 @@ X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
int X509_REQ_extension_nid(int nid);
int *X509_REQ_get_extension_nids(void);
void X509_REQ_set_extension_nids(int *nids);
-STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
+STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(OSSL_FUTURE_CONST X509_REQ *req);
int X509_REQ_add_extensions_nid(X509_REQ *req,
const STACK_OF(X509_EXTENSION) *exts, int nid);
int X509_REQ_add_extensions(X509_REQ *req, const STACK_OF(X509_EXTENSION) *ext);
@@ -891,6 +904,9 @@ X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
X509_EXTENSION *ex, int loc);
+STACK_OF(X509_EXTENSION)
+ *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target,
+ const STACK_OF(X509_EXTENSION) *exts);
int X509_get_ext_count(const X509 *x);
int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
@@ -1012,9 +1028,10 @@ X509 *X509_find_by_subject(STACK_OF(X509) *sk, const X509_NAME *name);
DECLARE_ASN1_FUNCTIONS(PBEPARAM)
DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
-#ifndef OPENSSL_NO_SCRYPT
+DECLARE_ASN1_FUNCTIONS(PBMAC1PARAM)
+# ifndef OPENSSL_NO_SCRYPT
DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS)
-#endif
+# endif
int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
const unsigned char *salt, int saltlen);
@@ -1051,6 +1068,7 @@ X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen,
int prf_nid, int keylen,
OSSL_LIB_CTX *libctx);
+PBKDF2PARAM *PBMAC1_get1_pbkdf2_param(const X509_ALGOR *macalg);
/* PKCS#8 utilities */
DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
diff --git a/vendor/openssl/include/openssl/x509_acert.h.in b/vendor/openssl/include/openssl/x509_acert.h.in
index 70facf8..76570d4 100644
--- a/vendor/openssl/include/openssl/x509_acert.h.in
+++ b/vendor/openssl/include/openssl/x509_acert.h.in
@@ -1,7 +1,7 @@
/*
* {- join("\n * ", @autowarntext) -}
*
- * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/vendor/openssl/include/openssl/x509err.h b/vendor/openssl/include/openssl/x509err.h
index 71b557a..77b91c8 100644
--- a/vendor/openssl/include/openssl/x509err.h
+++ b/vendor/openssl/include/openssl/x509err.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -63,6 +63,7 @@
# define X509_R_UNKNOWN_SIGID_ALGS 144
# define X509_R_UNKNOWN_TRUST_ID 120
# define X509_R_UNSUPPORTED_ALGORITHM 111
+# define X509_R_UNSUPPORTED_VERSION 145
# define X509_R_WRONG_LOOKUP_TYPE 112
# define X509_R_WRONG_TYPE 122
diff --git a/vendor/openssl/include/openssl/x509v3.h.in b/vendor/openssl/include/openssl/x509v3.h.in
index 5696803..0f37e13 100644
--- a/vendor/openssl/include/openssl/x509v3.h.in
+++ b/vendor/openssl/include/openssl/x509v3.h.in
@@ -1,7 +1,7 @@
/*
* {- join("\n * ", @autowarntext) -}
*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -126,6 +126,11 @@ typedef struct BASIC_CONSTRAINTS_st {
ASN1_INTEGER *pathlen;
} BASIC_CONSTRAINTS;
+typedef struct OSSL_BASIC_ATTR_CONSTRAINTS_st {
+ int authority;
+ ASN1_INTEGER *pathlen;
+} OSSL_BASIC_ATTR_CONSTRAINTS;
+
typedef struct PKEY_USAGE_PERIOD_st {
ASN1_GENERALIZEDTIME *notBefore;
ASN1_GENERALIZEDTIME *notAfter;
@@ -178,6 +183,8 @@ typedef struct ACCESS_DESCRIPTION_st {
GENERAL_NAME *location;
} ACCESS_DESCRIPTION;
+int GENERAL_NAME_set1_X509_NAME(GENERAL_NAME **tgt, const X509_NAME *src);
+
{-
generate_stack_macros("ACCESS_DESCRIPTION")
.generate_stack_macros("GENERAL_NAME");
@@ -201,6 +208,7 @@ typedef struct DIST_POINT_NAME_st {
/* If relativename then this contains the full distribution point name */
X509_NAME *dpname;
} DIST_POINT_NAME;
+DECLARE_ASN1_DUP_FUNCTION(DIST_POINT_NAME)
/* All existing reasons */
# define CRLDP_ALL_REASONS 0x807f
@@ -422,15 +430,16 @@ struct ISSUING_DIST_POINT_st {
# define EXFLAG_SAN_CRITICAL 0x80000
# define EXFLAG_NO_FINGERPRINT 0x100000
-# define KU_DIGITAL_SIGNATURE 0x0080
-# define KU_NON_REPUDIATION 0x0040
-# define KU_KEY_ENCIPHERMENT 0x0020
-# define KU_DATA_ENCIPHERMENT 0x0010
-# define KU_KEY_AGREEMENT 0x0008
-# define KU_KEY_CERT_SIGN 0x0004
-# define KU_CRL_SIGN 0x0002
-# define KU_ENCIPHER_ONLY 0x0001
-# define KU_DECIPHER_ONLY 0x8000
+/* https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3 */
+# define KU_DIGITAL_SIGNATURE X509v3_KU_DIGITAL_SIGNATURE
+# define KU_NON_REPUDIATION X509v3_KU_NON_REPUDIATION
+# define KU_KEY_ENCIPHERMENT X509v3_KU_KEY_ENCIPHERMENT
+# define KU_DATA_ENCIPHERMENT X509v3_KU_DATA_ENCIPHERMENT
+# define KU_KEY_AGREEMENT X509v3_KU_KEY_AGREEMENT
+# define KU_KEY_CERT_SIGN X509v3_KU_KEY_CERT_SIGN
+# define KU_CRL_SIGN X509v3_KU_CRL_SIGN
+# define KU_ENCIPHER_ONLY X509v3_KU_ENCIPHER_ONLY
+# define KU_DECIPHER_ONLY X509v3_KU_DECIPHER_ONLY
# define NS_SSL_CLIENT 0x80
# define NS_SSL_SERVER 0x40
@@ -507,6 +516,7 @@ typedef struct x509_purpose_st {
# define X509V3_ADD_SILENT 0x10
DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
+DECLARE_ASN1_FUNCTIONS(OSSL_BASIC_ATTR_CONSTRAINTS)
DECLARE_ASN1_FUNCTIONS(SXNET)
DECLARE_ASN1_FUNCTIONS(SXNETID)
@@ -1015,6 +1025,18 @@ const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber(
void PROFESSION_INFO_set0_registrationNumber(
PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn);
+int OSSL_GENERAL_NAMES_print(BIO *out, GENERAL_NAMES *gens, int indent);
+
+typedef STACK_OF(X509_ATTRIBUTE) OSSL_ATTRIBUTES_SYNTAX;
+DECLARE_ASN1_FUNCTIONS(OSSL_ATTRIBUTES_SYNTAX)
+
+typedef STACK_OF(USERNOTICE) OSSL_USER_NOTICE_SYNTAX;
+DECLARE_ASN1_FUNCTIONS(OSSL_USER_NOTICE_SYNTAX)
+
+{-
+ generate_stack_macros("USERNOTICE");
+-}
+
# ifdef __cplusplus
}
# endif