diff options
Diffstat (limited to 'vendor')
46 files changed, 1400 insertions, 239 deletions
diff --git a/vendor/mbedtls/include/mbedtls/bignum.h b/vendor/mbedtls/include/mbedtls/bignum.h index 71d7b97..8367cd3 100644 --- a/vendor/mbedtls/include/mbedtls/bignum.h +++ b/vendor/mbedtls/include/mbedtls/bignum.h @@ -880,7 +880,7 @@ int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b); /** - * \brief Perform a sliding-window exponentiation: X = A^E mod N + * \brief Perform a modular exponentiation: X = A^E mod N * * \param X The destination MPI. This must point to an initialized MPI. * This must not alias E or N. diff --git a/vendor/mbedtls/include/mbedtls/build_info.h b/vendor/mbedtls/include/mbedtls/build_info.h index cf38f90..d91d296 100644 --- a/vendor/mbedtls/include/mbedtls/build_info.h +++ b/vendor/mbedtls/include/mbedtls/build_info.h @@ -26,16 +26,16 @@ */ #define MBEDTLS_VERSION_MAJOR 3 #define MBEDTLS_VERSION_MINOR 6 -#define MBEDTLS_VERSION_PATCH 0 +#define MBEDTLS_VERSION_PATCH 2 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x03060000 -#define MBEDTLS_VERSION_STRING "3.6.0" -#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.6.0" +#define MBEDTLS_VERSION_NUMBER 0x03060200 +#define MBEDTLS_VERSION_STRING "3.6.2" +#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.6.2" /* Macros for build-time platform detection */ diff --git a/vendor/mbedtls/include/mbedtls/check_config.h b/vendor/mbedtls/include/mbedtls/check_config.h index 2673229..67a05f8 100644 --- a/vendor/mbedtls/include/mbedtls/check_config.h +++ b/vendor/mbedtls/include/mbedtls/check_config.h @@ -189,7 +189,9 @@ defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \ defined(MBEDTLS_ECDSA_SIGN_ALT) || \ defined(MBEDTLS_ECDSA_VERIFY_ALT) || \ - defined(MBEDTLS_ECDSA_GENKEY_ALT) ) + defined(MBEDTLS_ECDSA_GENKEY_ALT) || \ + defined(MBEDTLS_ECP_INTERNAL_ALT) || \ + defined(MBEDTLS_ECP_ALT) ) #error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation" #endif @@ -267,6 +269,42 @@ #error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) +#error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) +#error "MBEDTLS_ECP_ADD_MIXED_ALT defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) +#error "MBEDTLS_ECP_DOUBLE_JAC_ALT defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) +#error "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) +#error "MBEDTLS_ECP_NORMALIZE_JAC_ALT defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) +#error "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) +#error "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT) +#error "MBEDTLS_ECP_NORMALIZE_MXZ_ALT defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_ECP_NO_FALLBACK) && !defined(MBEDTLS_ECP_INTERNAL_ALT) +#error "MBEDTLS_ECP_NO_FALLBACK defined, but no alternative implementation enabled" +#endif + #if defined(MBEDTLS_HKDF_C) && !defined(MBEDTLS_MD_C) #error "MBEDTLS_HKDF_C defined, but not all prerequisites" #endif @@ -730,8 +768,8 @@ #if !defined(MBEDTLS_SHA512_C) #error "MBEDTLS_SHA512_USE_A64_CRYPTO_* defined without MBEDTLS_SHA512_C" #endif -#if defined(MBEDTLS_SHA512_PROCESS_ALT) -#error "MBEDTLS_SHA512_PROCESS_ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*" +#if defined(MBEDTLS_SHA512_ALT) || defined(MBEDTLS_SHA512_PROCESS_ALT) +#error "MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*" #endif #endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */ @@ -750,8 +788,8 @@ #if !defined(MBEDTLS_SHA256_C) #error "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_* defined without MBEDTLS_SHA256_C" #endif -#if defined(MBEDTLS_SHA256_PROCESS_ALT) -#error "MBEDTLS_SHA256_PROCESS_ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*" +#if defined(MBEDTLS_SHA256_ALT) || defined(MBEDTLS_SHA256_PROCESS_ALT) +#error "MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*" #endif #endif diff --git a/vendor/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h b/vendor/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h index 7a375d8..3ba987e 100644 --- a/vendor/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h +++ b/vendor/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h @@ -428,7 +428,7 @@ /* psa_util file features some ECDSA conversion functions, to convert between * legacy's ASN.1 DER format and PSA's raw one. */ -#if defined(MBEDTLS_ECDSA_C) || (defined(MBEDTLS_PSA_CRYPTO_C) && \ +#if (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \ (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA))) #define MBEDTLS_PSA_UTIL_HAVE_ECDSA #endif diff --git a/vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h b/vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h index 0e4759d..04bdae6 100644 --- a/vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h @@ -2,6 +2,8 @@ * \file mbedtls/config_adjust_legacy_from_psa.h * \brief Adjust PSA configuration: activate legacy implementations * + * This is an internal header. Do not include it directly. + * * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, activate legacy implementations * of cryptographic mechanisms as needed to fulfill the needs of the PSA * configuration. Generally speaking, we activate a legacy mechanism if @@ -16,6 +18,14 @@ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H #define MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right point." +#endif /* */ + /* Define appropriate ACCEL macros for the p256-m driver. * In the future, those should be generated from the drivers JSON description. */ diff --git a/vendor/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h b/vendor/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h index 3a55c3f..ef65cce 100644 --- a/vendor/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h +++ b/vendor/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h @@ -2,6 +2,8 @@ * \file mbedtls/config_adjust_psa_superset_legacy.h * \brief Adjust PSA configuration: automatic enablement from legacy * + * This is an internal header. Do not include it directly. + * * To simplify some edge cases, we automatically enable certain cryptographic * mechanisms in the PSA API if they are enabled in the legacy API. The general * idea is that if legacy module M uses mechanism A internally, and A has @@ -17,6 +19,14 @@ #ifndef MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H #define MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right point." +#endif /* */ + /****************************************************************/ /* Hashes that are built in are also enabled in PSA. * This simplifies dependency declarations especially diff --git a/vendor/mbedtls/include/mbedtls/config_psa.h b/vendor/mbedtls/include/mbedtls/config_psa.h index de961ec..5f3d0f3 100644 --- a/vendor/mbedtls/include/mbedtls/config_psa.h +++ b/vendor/mbedtls/include/mbedtls/config_psa.h @@ -34,7 +34,11 @@ * before we deduce what built-ins are required. */ #include "psa/crypto_adjust_config_key_pair_types.h" +#if defined(MBEDTLS_PSA_CRYPTO_C) +/* If we are implementing PSA crypto ourselves, then we want to enable the + * required built-ins. Otherwise, PSA features will be provided by the server. */ #include "mbedtls/config_adjust_legacy_from_psa.h" +#endif #else /* MBEDTLS_PSA_CRYPTO_CONFIG */ diff --git a/vendor/mbedtls/include/mbedtls/ctr_drbg.h b/vendor/mbedtls/include/mbedtls/ctr_drbg.h index c00756d..0b7cce1 100644 --- a/vendor/mbedtls/include/mbedtls/ctr_drbg.h +++ b/vendor/mbedtls/include/mbedtls/ctr_drbg.h @@ -32,12 +32,27 @@ #include "mbedtls/build_info.h" -/* In case AES_C is defined then it is the primary option for backward - * compatibility purposes. If that's not available, PSA is used instead */ -#if defined(MBEDTLS_AES_C) -#include "mbedtls/aes.h" -#else +/* The CTR_DRBG implementation can either directly call the low-level AES + * module (gated by MBEDTLS_AES_C) or call the PSA API to perform AES + * operations. Calling the AES module directly is the default, both for + * maximum backward compatibility and because it's a bit more efficient + * (less glue code). + * + * When MBEDTLS_AES_C is disabled, the CTR_DRBG module calls PSA crypto and + * thus benefits from the PSA AES accelerator driver. + * It is technically possible to enable MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO + * to use PSA even when MBEDTLS_AES_C is enabled, but there is very little + * reason to do so other than testing purposes and this is not officially + * supported. + */ +#if !defined(MBEDTLS_AES_C) +#define MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO +#endif + +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) #include "psa/crypto.h" +#else +#include "mbedtls/aes.h" #endif #include "entropy.h" @@ -157,7 +172,7 @@ extern "C" { #define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2 #endif -#if !defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) typedef struct mbedtls_ctr_drbg_psa_context { mbedtls_svc_key_id_t key_id; psa_cipher_operation_t operation; @@ -189,10 +204,10 @@ typedef struct mbedtls_ctr_drbg_context { * This is the maximum number of requests * that can be made between reseedings. */ -#if defined(MBEDTLS_AES_C) - mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */ -#else +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) mbedtls_ctr_drbg_psa_context MBEDTLS_PRIVATE(psa_ctx); /*!< The PSA context. */ +#else + mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */ #endif /* diff --git a/vendor/mbedtls/include/mbedtls/ecdh.h b/vendor/mbedtls/include/mbedtls/ecdh.h index a0909d6..a6a5069 100644 --- a/vendor/mbedtls/include/mbedtls/ecdh.h +++ b/vendor/mbedtls/include/mbedtls/ecdh.h @@ -325,7 +325,7 @@ int mbedtls_ecdh_read_params(mbedtls_ecdh_context *ctx, * \brief This function sets up an ECDH context from an EC key. * * It is used by clients and servers in place of the - * ServerKeyEchange for static ECDH, and imports ECDH + * ServerKeyExchange for static ECDH, and imports ECDH * parameters from the EC key information of a certificate. * * \see ecp.h diff --git a/vendor/mbedtls/include/mbedtls/ecp.h b/vendor/mbedtls/include/mbedtls/ecp.h index d8f73ae..623910b 100644 --- a/vendor/mbedtls/include/mbedtls/ecp.h +++ b/vendor/mbedtls/include/mbedtls/ecp.h @@ -216,7 +216,7 @@ mbedtls_ecp_point; * range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer * which is congruent mod \p P to the given MPI, and is close enough to \p pbits * in size, so that it may be efficiently brought in the 0..P-1 range by a few - * additions or subtractions. Therefore, it is only an approximative modular + * additions or subtractions. Therefore, it is only an approximate modular * reduction. It must return 0 on success and non-zero on failure. * * \note Alternative implementations of the ECP module must obey the diff --git a/vendor/mbedtls/include/mbedtls/mbedtls_config.h b/vendor/mbedtls/include/mbedtls/mbedtls_config.h index 0f1b54e..bd3f71d 100644 --- a/vendor/mbedtls/include/mbedtls/mbedtls_config.h +++ b/vendor/mbedtls/include/mbedtls/mbedtls_config.h @@ -40,10 +40,12 @@ * library/aria.c * library/bn_mul.h * library/constant_time.c + * library/padlock.h * * Required by: * MBEDTLS_AESCE_C * MBEDTLS_AESNI_C (on some platforms) + * MBEDTLS_PADLOCK_C * * Comment to disable the use of assembly code. */ @@ -351,6 +353,62 @@ //#define MBEDTLS_TIMING_ALT /** + * \def MBEDTLS_AES_ALT + * + * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let Mbed TLS use your + * alternate core implementation of a symmetric crypto, an arithmetic or hash + * module (e.g. platform specific assembly optimized implementations). Keep + * in mind that the function prototypes should remain the same. + * + * This replaces the whole module. If you only want to replace one of the + * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. + * + * Example: In case you uncomment MBEDTLS_AES_ALT, Mbed TLS will no longer + * provide the "struct mbedtls_aes_context" definition and omit the base + * function declarations and implementations. "aes_alt.h" will be included from + * "aes.h" to include the new function definitions. + * + * Uncomment a macro to enable alternate implementation of the corresponding + * module. + * + * \warning MD5, DES and SHA-1 are considered weak and their + * use constitutes a security risk. If possible, we recommend + * avoiding dependencies on them, and considering stronger message + * digests and ciphers instead. + * + */ +//#define MBEDTLS_AES_ALT +//#define MBEDTLS_ARIA_ALT +//#define MBEDTLS_CAMELLIA_ALT +//#define MBEDTLS_CCM_ALT +//#define MBEDTLS_CHACHA20_ALT +//#define MBEDTLS_CHACHAPOLY_ALT +//#define MBEDTLS_CMAC_ALT +//#define MBEDTLS_DES_ALT +//#define MBEDTLS_DHM_ALT +//#define MBEDTLS_ECJPAKE_ALT +//#define MBEDTLS_GCM_ALT +//#define MBEDTLS_NIST_KW_ALT +//#define MBEDTLS_MD5_ALT +//#define MBEDTLS_POLY1305_ALT +//#define MBEDTLS_RIPEMD160_ALT +//#define MBEDTLS_RSA_ALT +//#define MBEDTLS_SHA1_ALT +//#define MBEDTLS_SHA256_ALT +//#define MBEDTLS_SHA512_ALT + +/* + * When replacing the elliptic curve module, please consider, that it is + * implemented with two .c files: + * - ecp.c + * - ecp_curves.c + * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT + * macros as described above. The only difference is that you have to make sure + * that you provide functionality for both .c files. + */ +//#define MBEDTLS_ECP_ALT + +/** * \def MBEDTLS_SHA256_PROCESS_ALT * * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use you @@ -406,6 +464,71 @@ //#define MBEDTLS_ECDSA_GENKEY_ALT /** + * \def MBEDTLS_ECP_INTERNAL_ALT + * + * Expose a part of the internal interface of the Elliptic Curve Point module. + * + * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use your + * alternative core implementation of elliptic curve arithmetic. Keep in mind + * that function prototypes should remain the same. + * + * This partially replaces one function. The header file from Mbed TLS is still + * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation + * is still present and it is used for group structures not supported by the + * alternative. + * + * The original implementation can in addition be removed by setting the + * MBEDTLS_ECP_NO_FALLBACK option, in which case any function for which the + * corresponding MBEDTLS_ECP__FUNCTION_NAME__ALT macro is defined will not be + * able to fallback to curves not supported by the alternative implementation. + * + * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT + * and implementing the following functions: + * unsigned char mbedtls_internal_ecp_grp_capable( + * const mbedtls_ecp_group *grp ) + * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) + * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp ) + * The mbedtls_internal_ecp_grp_capable function should return 1 if the + * replacement functions implement arithmetic for the given group and 0 + * otherwise. + * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are + * called before and after each point operation and provide an opportunity to + * implement optimized set up and tear down instructions. + * + * Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and + * MBEDTLS_ECP_DOUBLE_JAC_ALT, Mbed TLS will still provide the ecp_double_jac() + * function, but will use your mbedtls_internal_ecp_double_jac() if the group + * for the operation is supported by your implementation (i.e. your + * mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the + * group is not supported by your implementation, then the original Mbed TLS + * implementation of ecp_double_jac() is used instead, unless this fallback + * behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case + * ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE). + * + * The function prototypes and the definition of mbedtls_ecp_group and + * mbedtls_ecp_point will not change based on MBEDTLS_ECP_INTERNAL_ALT, so your + * implementation of mbedtls_internal_ecp__function_name__ must be compatible + * with their definitions. + * + * Uncomment a macro to enable alternate implementation of the corresponding + * function. + */ +/* Required for all the functions in this section */ +//#define MBEDTLS_ECP_INTERNAL_ALT +/* Turn off software fallback for curves not supported in hardware */ +//#define MBEDTLS_ECP_NO_FALLBACK +/* Support for Weierstrass curves with Jacobi representation */ +//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT +//#define MBEDTLS_ECP_ADD_MIXED_ALT +//#define MBEDTLS_ECP_DOUBLE_JAC_ALT +//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT +//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT +/* Support for curves with Montgomery arithmetic */ +//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT +//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT +//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT + +/** * \def MBEDTLS_ENTROPY_HARDWARE_ALT * * Uncomment this macro to let Mbed TLS use your own implementation of a @@ -707,7 +830,7 @@ * * \note This option only works with the default software implementation of * elliptic curve functionality. It is incompatible with - * MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT. + * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT. * * Requires: MBEDTLS_ECP_C * @@ -1292,6 +1415,23 @@ //#define MBEDTLS_PSA_CRYPTO_SPM /** + * \def MBEDTLS_PSA_KEY_STORE_DYNAMIC + * + * Dynamically resize the PSA key store to accommodate any number of + * volatile keys (until the heap memory is exhausted). + * + * If this option is disabled, the key store has a fixed size + * #MBEDTLS_PSA_KEY_SLOT_COUNT for volatile keys and loaded persistent keys + * together. + * + * This option has no effect when #MBEDTLS_PSA_CRYPTO_C is disabled. + * + * Module: library/psa_crypto.c + * Requires: MBEDTLS_PSA_CRYPTO_C + */ +#define MBEDTLS_PSA_KEY_STORE_DYNAMIC + +/** * Uncomment to enable p256-m. This is an alternative implementation of * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1. * Compared to the default implementation: @@ -1658,8 +1798,9 @@ * Requires: MBEDTLS_PSA_CRYPTO_C * * \note TLS 1.3 uses PSA crypto for cryptographic operations that are - * directly performed by TLS 1.3 code. As a consequence, you must - * call psa_crypto_init() before the first TLS 1.3 handshake. + * directly performed by TLS 1.3 code. As a consequence, when TLS 1.3 + * is enabled, a TLS handshake may call psa_crypto_init(), even + * if it ends up negotiating a different TLS version. * * \note Cryptographic operations performed indirectly via another module * (X.509, PK) or by code shared with TLS 1.2 (record protection, @@ -2483,6 +2624,11 @@ * Enable the CMAC (Cipher-based Message Authentication Code) mode for block * ciphers. * + * \note When #MBEDTLS_CMAC_ALT is active, meaning that the underlying + * implementation of the CMAC algorithm is provided by an alternate + * implementation, that alternate implementation may opt to not support + * AES-192 or 3DES as underlying block ciphers for the CMAC operation. + * * Module: library/cmac.c * * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_DES_C @@ -2883,6 +3029,20 @@ #define MBEDTLS_OID_C /** + * \def MBEDTLS_PADLOCK_C + * + * Enable VIA Padlock support on x86. + * + * Module: library/padlock.c + * Caller: library/aes.c + * + * Requires: MBEDTLS_HAVE_ASM + * + * This modules adds support for the VIA PadLock on x86. + */ +#define MBEDTLS_PADLOCK_C + +/** * \def MBEDTLS_PEM_PARSE_C * * Enable PEM decoding / parsing. @@ -3874,22 +4034,38 @@ * Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the * PSA crypto subsystem. * - * If this option is unset: - * - If CTR_DRBG is available, the PSA subsystem uses it rather than HMAC_DRBG. - * - Otherwise, the PSA subsystem uses HMAC_DRBG with either - * #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and - * on unspecified heuristics. + * If this option is unset, the library chooses a hash (currently between + * #MBEDTLS_MD_SHA512 and #MBEDTLS_MD_SHA256) based on availability and + * unspecified heuristics. + * + * \note The PSA crypto subsystem uses the first available mechanism amongst + * the following: + * - #MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG if enabled; + * - Entropy from #MBEDTLS_ENTROPY_C plus CTR_DRBG with AES + * if #MBEDTLS_CTR_DRBG_C is enabled; + * - Entropy from #MBEDTLS_ENTROPY_C plus HMAC_DRBG. + * + * A future version may reevaluate the prioritization of DRBG mechanisms. */ //#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 /** \def MBEDTLS_PSA_KEY_SLOT_COUNT - * Restrict the PSA library to supporting a maximum amount of simultaneously - * loaded keys. A loaded key is a key stored by the PSA Crypto core as a - * volatile key, or a persistent key which is loaded temporarily by the - * library as part of a crypto operation in flight. * - * If this option is unset, the library will fall back to a default value of - * 32 keys. + * When #MBEDTLS_PSA_KEY_STORE_DYNAMIC is disabled, + * the maximum amount of PSA keys simultaneously in memory. This counts all + * volatile keys, plus loaded persistent keys. + * + * When #MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled, + * the maximum number of loaded persistent keys. + * + * Currently, persistent keys do not need to be loaded all the time while + * a multipart operation is in progress, only while the operation is being + * set up. This may change in future versions of the library. + * + * Currently, the library traverses of the whole table on each access to a + * persistent key. Therefore large values may cause poor performance. + * + * This option has no effect when #MBEDTLS_PSA_CRYPTO_C is disabled. */ //#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 diff --git a/vendor/mbedtls/include/mbedtls/ssl.h b/vendor/mbedtls/include/mbedtls/ssl.h index 5b22517..42fffbf 100644 --- a/vendor/mbedtls/include/mbedtls/ssl.h +++ b/vendor/mbedtls/include/mbedtls/ssl.h @@ -83,10 +83,7 @@ /** Processing of the Certificate handshake message failed. */ #define MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00 /* Error space gap */ -/** - * Received NewSessionTicket Post Handshake Message. - * This error code is experimental and may be changed or removed without notice. - */ +/** A TLS 1.3 NewSessionTicket message has been received. */ #define MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET -0x7B00 /** Not possible to read early data */ #define MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA -0x7B80 @@ -324,6 +321,9 @@ #define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0 #define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1 +#define MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_DISABLED 0 +#define MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED 1 + #define MBEDTLS_SSL_PRESET_DEFAULT 0 #define MBEDTLS_SSL_PRESET_SUITEB 2 @@ -643,8 +643,8 @@ */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(PSA_WANT_KEY_TYPE_AES) && defined(PSA_WANT_ALG_GCM) && \ - defined(PSA_WANT_ALG_SHA_384) + defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_GCM) && \ + defined(MBEDTLS_MD_CAN_SHA384) #define MBEDTLS_PSK_MAX_LEN 48 /* 384 bits */ #else #define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */ @@ -1153,10 +1153,10 @@ typedef void mbedtls_ssl_async_cancel_t(mbedtls_ssl_context *ssl); #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) #define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN 48 -#if defined(PSA_WANT_ALG_SHA_256) +#if defined(MBEDTLS_MD_CAN_SHA256) #define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256 #define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 32 -#elif defined(PSA_WANT_ALG_SHA_384) +#elif defined(MBEDTLS_MD_CAN_SHA384) #define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA384 #define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 48 #elif defined(MBEDTLS_MD_CAN_SHA1) @@ -1446,6 +1446,12 @@ struct mbedtls_ssl_config { #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ defined(MBEDTLS_SSL_CLI_C) + /** Encodes two booleans, one stating whether TLS 1.2 session tickets are + * enabled or not, the other one whether the handling of TLS 1.3 + * NewSessionTicket messages is enabled or not. They are respectively set + * by mbedtls_ssl_conf_session_tickets() and + * mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets(). + */ uint8_t MBEDTLS_PRIVATE(session_tickets); /*!< use session tickets? */ #endif @@ -4465,21 +4471,50 @@ int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_co void mbedtls_ssl_conf_preference_order(mbedtls_ssl_config *conf, int order); #endif /* MBEDTLS_SSL_SRV_C */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_CLI_C) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) /** - * \brief Enable / Disable session tickets (client only). - * (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.) + * \brief Enable / Disable TLS 1.2 session tickets (client only, + * TLS 1.2 only). Enabled by default. * * \note On server, use \c mbedtls_ssl_conf_session_tickets_cb(). * * \param conf SSL configuration - * \param use_tickets Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or - * MBEDTLS_SSL_SESSION_TICKETS_DISABLED) + * \param use_tickets Enable or disable (#MBEDTLS_SSL_SESSION_TICKETS_ENABLED or + * #MBEDTLS_SSL_SESSION_TICKETS_DISABLED) */ void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets); -#endif /* MBEDTLS_SSL_SESSION_TICKETS && - MBEDTLS_SSL_CLI_C */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +/** + * \brief Enable / Disable handling of TLS 1.3 NewSessionTicket messages + * (client only, TLS 1.3 only). + * + * The handling of TLS 1.3 NewSessionTicket messages is disabled by + * default. + * + * In TLS 1.3, servers may send a NewSessionTicket message at any time, + * and may send multiple NewSessionTicket messages. By default, TLS 1.3 + * clients ignore NewSessionTicket messages. + * + * To support session tickets in TLS 1.3 clients, call this function + * with #MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED. When + * this is enabled, when a client receives a NewSessionTicket message, + * the next call to a message processing functions (notably + * mbedtls_ssl_handshake() and mbedtls_ssl_read()) will return + * #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET. The client should then + * call mbedtls_ssl_get_session() to retrieve the session ticket before + * calling the same message processing function again. + * + * \param conf SSL configuration + * \param signal_new_session_tickets Enable or disable + * (#MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED or + * #MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_DISABLED) + */ +void mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets( + mbedtls_ssl_config *conf, int signal_new_session_tickets); + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ +#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ defined(MBEDTLS_SSL_SRV_C) && \ @@ -4887,6 +4922,10 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * \return #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use * and the client did not demonstrate reachability yet - in * this case you must stop using the context (see below). + * \return #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET if a TLS 1.3 + * NewSessionTicket message has been received. See the + * documentation of mbedtls_ssl_read() for more information + * about this error code. * \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as * defined in RFC 8446 (TLS 1.3 specification), has been * received as part of the handshake. This is server specific @@ -4903,6 +4942,7 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * #MBEDTLS_ERR_SSL_WANT_WRITE, * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or + * #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET or * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, * you must stop using the SSL context for reading or writing, * and either free it or call \c mbedtls_ssl_session_reset() @@ -4923,10 +4963,13 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * currently being processed might or might not contain further * DTLS records. * - * \note If the context is configured to allow TLS 1.3, or if - * #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto * subsystem must have been initialized by calling * psa_crypto_init() before calling this function. + * Otherwise, the handshake may call psa_crypto_init() + * if a negotiation involving TLS 1.3 takes place (this may + * be the case even if TLS 1.3 is offered but eventually + * not selected). */ int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl); @@ -4974,6 +5017,7 @@ static inline int mbedtls_ssl_is_handshake_over(mbedtls_ssl_context *ssl) * #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE, * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or + * #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET or * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, you must stop using * the SSL context for reading or writing, and either free it * or call \c mbedtls_ssl_session_reset() on it before @@ -5042,6 +5086,17 @@ int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl); * \return #MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server * side of a DTLS connection and the client is initiating a * new connection using the same source port. See below. + * \return #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET if a TLS 1.3 + * NewSessionTicket message has been received. + * This error code is only returned on the client side. It is + * only returned if handling of TLS 1.3 NewSessionTicket + * messages has been enabled through + * mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets(). + * This error code indicates that a TLS 1.3 NewSessionTicket + * message has been received and parsed successfully by the + * client. The ticket data can be retrieved from the SSL + * context by calling mbedtls_ssl_get_session(). It remains + * available until the next call to mbedtls_ssl_read(). * \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as * defined in RFC 8446 (TLS 1.3 specification), has been * received as part of the handshake. This is server specific @@ -5059,6 +5114,7 @@ int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl); * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, * #MBEDTLS_ERR_SSL_CLIENT_RECONNECT or + * #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET or * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, * you must stop using the SSL context for reading or writing, * and either free it or call \c mbedtls_ssl_session_reset() @@ -5124,6 +5180,10 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len); * operation is in progress (see mbedtls_ecp_set_max_ops()) - * in this case you must call this function again to complete * the handshake when you're done attending other tasks. + * \return #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET if a TLS 1.3 + * NewSessionTicket message has been received. See the + * documentation of mbedtls_ssl_read() for more information + * about this error code. * \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as * defined in RFC 8446 (TLS 1.3 specification), has been * received as part of the handshake. This is server specific @@ -5140,6 +5200,7 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len); * #MBEDTLS_ERR_SSL_WANT_WRITE, * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or + * #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET or * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, * you must stop using the SSL context for reading or writing, * and either free it or call \c mbedtls_ssl_session_reset() diff --git a/vendor/openssl/include/openssl/cmp.h.in b/vendor/openssl/include/openssl/cmp.h.in index ad9eb34..d659331 100644 --- a/vendor/openssl/include/openssl/cmp.h.in +++ b/vendor/openssl/include/openssl/cmp.h.in @@ -228,6 +228,22 @@ DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV) {- generate_stack_macros("OSSL_CMP_ITAV"); -} + +typedef struct ossl_cmp_crlstatus_st OSSL_CMP_CRLSTATUS; +{- + generate_stack_macros("OSSL_CMP_CRLSTATUS"); +-} + +typedef OSSL_CRMF_ATTRIBUTETYPEANDVALUE OSSL_CMP_ATAV; +# define OSSL_CMP_ATAV_free OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free +typedef STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) OSSL_CMP_ATAVS; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_ATAVS) +# define stack_st_OSSL_CMP_ATAV stack_st_OSSL_CRMF_ATTRIBUTETYPEANDVALUE +# define sk_OSSL_CMP_ATAV_num sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_num +# define sk_OSSL_CMP_ATAV_value sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_value +# define sk_OSSL_CMP_ATAV_push sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_push +# define sk_OSSL_CMP_ATAV_pop_free sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_pop_free + typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT; typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI; DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI) @@ -257,7 +273,7 @@ void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, ASN1_TYPE *value); ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav); ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); -int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, +int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **sk_p, OSSL_CMP_ITAV *itav); void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); @@ -278,6 +294,39 @@ int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav, X509 **newWithOld, X509 **oldWithNew); +OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_create(const X509_CRL *crl, + const X509 *cert, int only_DN); +OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_new1(const DIST_POINT_NAME *dpn, + const GENERAL_NAMES *issuer, + const ASN1_TIME *thisUpdate); +int OSSL_CMP_CRLSTATUS_get0(const OSSL_CMP_CRLSTATUS *crlstatus, + DIST_POINT_NAME **dpn, GENERAL_NAMES **issuer, + ASN1_TIME **thisUpdate); +void OSSL_CMP_CRLSTATUS_free(OSSL_CMP_CRLSTATUS *crlstatus); +OSSL_CMP_ITAV +*OSSL_CMP_ITAV_new0_crlStatusList(STACK_OF(OSSL_CMP_CRLSTATUS) *crlStatusList); +int OSSL_CMP_ITAV_get0_crlStatusList(const OSSL_CMP_ITAV *itav, + STACK_OF(OSSL_CMP_CRLSTATUS) **out); +OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_crls(const X509_CRL *crls); +int OSSL_CMP_ITAV_get0_crls(const OSSL_CMP_ITAV *it, STACK_OF(X509_CRL) **out); +OSSL_CMP_ITAV +*OSSL_CMP_ITAV_new0_certReqTemplate(OSSL_CRMF_CERTTEMPLATE *certTemplate, + OSSL_CMP_ATAVS *keySpec); +int OSSL_CMP_ITAV_get1_certReqTemplate(const OSSL_CMP_ITAV *itav, + OSSL_CRMF_CERTTEMPLATE **certTemplate, + OSSL_CMP_ATAVS **keySpec); + +OSSL_CMP_ATAV *OSSL_CMP_ATAV_create(ASN1_OBJECT *type, ASN1_TYPE *value); +void OSSL_CMP_ATAV_set0(OSSL_CMP_ATAV *itav, ASN1_OBJECT *type, + ASN1_TYPE *value); +ASN1_OBJECT *OSSL_CMP_ATAV_get0_type(const OSSL_CMP_ATAV *itav); +ASN1_TYPE *OSSL_CMP_ATAV_get0_value(const OSSL_CMP_ATAV *itav); +OSSL_CMP_ATAV *OSSL_CMP_ATAV_new_algId(const X509_ALGOR *alg); +X509_ALGOR *OSSL_CMP_ATAV_get0_algId(const OSSL_CMP_ATAV *atav); +OSSL_CMP_ATAV *OSSL_CMP_ATAV_new_rsaKeyLen(int len); +int OSSL_CMP_ATAV_get_rsaKeyLen(const OSSL_CMP_ATAV *atav); +int OSSL_CMP_ATAV_push1(OSSL_CMP_ATAVS **sk_p, const OSSL_CMP_ATAV *atav); + void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); /* from cmp_ctx.c */ @@ -521,6 +570,12 @@ int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out); int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx, const X509 *oldWithOld, X509 **newWithNew, X509 **newWithOld, X509 **oldWithNew); +int OSSL_CMP_get1_crlUpdate(OSSL_CMP_CTX *ctx, const X509 *crlcert, + const X509_CRL *last_crl, + X509_CRL **crl); +int OSSL_CMP_get1_certReqTemplate(OSSL_CMP_CTX *ctx, + OSSL_CRMF_CERTTEMPLATE **certTemplate, + OSSL_CMP_ATAVS **keySpec); # ifdef __cplusplus } diff --git a/vendor/openssl/include/openssl/cmperr.h b/vendor/openssl/include/openssl/cmperr.h index 0d876e5..d196924 100644 --- a/vendor/openssl/include/openssl/cmperr.h +++ b/vendor/openssl/include/openssl/cmperr.h @@ -60,9 +60,13 @@ # define CMP_R_FAILED_EXTRACTING_PUBKEY 141 # define CMP_R_FAILURE_OBTAINING_RANDOM 110 # define CMP_R_FAIL_INFO_OUT_OF_RANGE 129 +# define CMP_R_GENERATE_CERTREQTEMPLATE 197 +# define CMP_R_GENERATE_CRLSTATUS 198 # define CMP_R_GETTING_GENP 192 +# define CMP_R_GET_ITAV 199 # define CMP_R_INVALID_ARGS 100 # define CMP_R_INVALID_GENP 193 +# define CMP_R_INVALID_KEYSPEC 202 # define CMP_R_INVALID_OPTION 174 # define CMP_R_INVALID_ROOTCAKEYUPDATE 195 # define CMP_R_MISSING_CERTID 165 @@ -100,6 +104,7 @@ # define CMP_R_TRANSFER_ERROR 159 # define CMP_R_UNCLEAN_CTX 191 # define CMP_R_UNEXPECTED_CERTPROFILE 196 +# define CMP_R_UNEXPECTED_CRLSTATUSLIST 201 # define CMP_R_UNEXPECTED_PKIBODY 133 # define CMP_R_UNEXPECTED_PKISTATUS 185 # define CMP_R_UNEXPECTED_POLLREQ 105 @@ -107,6 +112,7 @@ # define CMP_R_UNEXPECTED_SENDER 106 # define CMP_R_UNKNOWN_ALGORITHM_ID 134 # define CMP_R_UNKNOWN_CERT_TYPE 135 +# define CMP_R_UNKNOWN_CRL_ISSUER 200 # define CMP_R_UNKNOWN_PKISTATUS 186 # define CMP_R_UNSUPPORTED_ALGORITHM 136 # define CMP_R_UNSUPPORTED_KEY_TYPE 137 diff --git a/vendor/openssl/include/openssl/core_dispatch.h b/vendor/openssl/include/openssl/core_dispatch.h index a5bc2cf..03838dd 100644 --- a/vendor/openssl/include/openssl/core_dispatch.h +++ b/vendor/openssl/include/openssl/core_dispatch.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,6 +13,7 @@ # include <stdarg.h> # include <openssl/core.h> +# include <openssl/indicator.h> # ifdef __cplusplus extern "C" { @@ -182,6 +183,9 @@ OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO *bio, #define OSSL_FUNC_GET_USER_ENTROPY 98 #define OSSL_FUNC_GET_USER_NONCE 99 +#define OSSL_FUNC_INDICATOR_CB 95 +OSSL_CORE_MAKE_FUNC(void, indicator_cb, (OPENSSL_CORE_CTX *ctx, + OSSL_INDICATOR_CALLBACK **cb)) #define OSSL_FUNC_SELF_TEST_CB 100 OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg)) @@ -588,6 +592,9 @@ OSSL_CORE_MAKE_FUNC(void *, keymgmt_new, (void *provctx)) # define OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS 5 # define OSSL_FUNC_KEYMGMT_GEN 6 # define OSSL_FUNC_KEYMGMT_GEN_CLEANUP 7 +# define OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS 15 +# define OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS 16 + OSSL_CORE_MAKE_FUNC(void *, keymgmt_gen_init, (void *provctx, int selection, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_set_template, @@ -597,6 +604,10 @@ OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_set_params, OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_gen_settable_params, (void *genctx, void *provctx)) +OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_get_params, + (void *genctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_gen_gettable_params, + (void *genctx, void *provctx)) OSSL_CORE_MAKE_FUNC(void *, keymgmt_gen, (void *genctx, OSSL_CALLBACK *cb, void *cbarg)) OSSL_CORE_MAKE_FUNC(void, keymgmt_gen_cleanup, (void *genctx)) @@ -730,22 +741,45 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keyexch_gettable_ctx_params, # define OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS 23 # define OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS 24 # define OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS 25 +# define OSSL_FUNC_SIGNATURE_QUERY_KEY_TYPES 26 +# define OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_INIT 27 +# define OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_UPDATE 28 +# define OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_FINAL 29 +# define OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT 30 +# define OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_UPDATE 31 +# define OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_FINAL 32 OSSL_CORE_MAKE_FUNC(void *, signature_newctx, (void *provctx, - const char *propq)) + const char *propq)) OSSL_CORE_MAKE_FUNC(int, signature_sign_init, (void *ctx, void *provkey, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, signature_sign, (void *ctx, unsigned char *sig, - size_t *siglen, size_t sigsize, - const unsigned char *tbs, - size_t tbslen)) + size_t *siglen, size_t sigsize, + const unsigned char *tbs, + size_t tbslen)) +OSSL_CORE_MAKE_FUNC(int, signature_sign_message_init, + (void *ctx, void *provkey, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, signature_sign_message_update, + (void *ctx, const unsigned char *in, size_t inlen)) +OSSL_CORE_MAKE_FUNC(int, signature_sign_message_final, + (void *ctx, unsigned char *sig, + size_t *siglen, size_t sigsize)) OSSL_CORE_MAKE_FUNC(int, signature_verify_init, (void *ctx, void *provkey, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, signature_verify, (void *ctx, - const unsigned char *sig, - size_t siglen, - const unsigned char *tbs, - size_t tbslen)) + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)) +OSSL_CORE_MAKE_FUNC(int, signature_verify_message_init, + (void *ctx, void *provkey, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, signature_verify_message_update, + (void *ctx, const unsigned char *in, size_t inlen)) +/* + * signature_verify_final requires that the signature to be verified against + * is specified via an OSSL_PARAM. + */ +OSSL_CORE_MAKE_FUNC(int, signature_verify_message_final, (void *ctx)) OSSL_CORE_MAKE_FUNC(int, signature_verify_recover_init, (void *ctx, void *provkey, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, signature_verify_recover, @@ -790,7 +824,7 @@ OSSL_CORE_MAKE_FUNC(int, signature_set_ctx_md_params, (void *ctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, signature_settable_ctx_md_params, (void *ctx)) - +OSSL_CORE_MAKE_FUNC(const char **, signature_query_key_types, (void)) /* Asymmetric Ciphers */ diff --git a/vendor/openssl/include/openssl/crmf.h.in b/vendor/openssl/include/openssl/crmf.h.in index 43411fa..17dc4d9 100644 --- a/vendor/openssl/include/openssl/crmf.h.in +++ b/vendor/openssl/include/openssl/crmf.h.in @@ -1,7 +1,7 @@ /*- * {- join("\n * ", @autowarntext) -} * - * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -54,6 +54,12 @@ DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG) generate_stack_macros("OSSL_CRMF_MSG"); -} typedef struct ossl_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE; +void OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(OSSL_CRMF_ATTRIBUTETYPEANDVALUE *v); +DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) +{- + generate_stack_macros("OSSL_CRMF_ATTRIBUTETYPEANDVALUE"); +-} + typedef struct ossl_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER) typedef struct ossl_crmf_poposigningkey_st OSSL_CRMF_POPOSIGNINGKEY; @@ -71,6 +77,7 @@ typedef struct ossl_crmf_singlepubinfo_st OSSL_CRMF_SINGLEPUBINFO; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO) typedef struct ossl_crmf_certtemplate_st OSSL_CRMF_CERTTEMPLATE; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE) +DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTTEMPLATE) typedef STACK_OF(OSSL_CRMF_MSG) OSSL_CRMF_MSGS; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSGS) diff --git a/vendor/openssl/include/openssl/crypto.h.in b/vendor/openssl/include/openssl/crypto.h.in index b2d691b..101719a 100644 --- a/vendor/openssl/include/openssl/crypto.h.in +++ b/vendor/openssl/include/openssl/crypto.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -86,10 +86,15 @@ int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock); void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock); int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); +int CRYPTO_atomic_add64(uint64_t *val, uint64_t op, uint64_t *ret, + CRYPTO_RWLOCK *lock); +int CRYPTO_atomic_and(uint64_t *val, uint64_t op, uint64_t *ret, + CRYPTO_RWLOCK *lock); int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, CRYPTO_RWLOCK *lock); int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock); int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock); +int CRYPTO_atomic_store(uint64_t *dst, uint64_t val, CRYPTO_RWLOCK *lock); /* No longer needed, so this is a no-op */ #define OPENSSL_malloc_init() while(0) continue @@ -98,6 +103,9 @@ int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock); CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE) # define OPENSSL_zalloc(num) \ CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_aligned_alloc(num, alignment, freeptr) \ + CRYPTO_aligned_alloc(num, alignment, freeptr, \ + OPENSSL_FILE, OPENSSL_LINE) # define OPENSSL_realloc(addr, num) \ CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE) # define OPENSSL_clear_realloc(addr, old_num, num) \ @@ -126,6 +134,7 @@ int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock); size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz); size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz); size_t OPENSSL_strnlen(const char *str, size_t maxlen); +int OPENSSL_strtoul(const char *str, char **endptr, int base, unsigned long *num); int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlength, const unsigned char *buf, size_t buflen, const char sep); @@ -162,6 +171,7 @@ const char *OpenSSL_version(int type); # define OPENSSL_FULL_VERSION_STRING 7 # define OPENSSL_MODULES_DIR 8 # define OPENSSL_CPU_INFO 9 +# define OPENSSL_WINCTX 10 const char *OPENSSL_info(int type); /* @@ -176,6 +186,7 @@ const char *OPENSSL_info(int type); # define OPENSSL_INFO_LIST_SEPARATOR 1006 # define OPENSSL_INFO_SEED_SOURCE 1007 # define OPENSSL_INFO_CPU_SETTINGS 1008 +# define OPENSSL_INFO_WINDOWS_CONTEXT 1009 int OPENSSL_issetugid(void); @@ -321,6 +332,9 @@ void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn, OSSL_CRYPTO_ALLOC void *CRYPTO_malloc(size_t num, const char *file, int line); OSSL_CRYPTO_ALLOC void *CRYPTO_zalloc(size_t num, const char *file, int line); +OSSL_CRYPTO_ALLOC void *CRYPTO_aligned_alloc(size_t num, size_t align, + void **freeptr, const char *file, + int line); OSSL_CRYPTO_ALLOC void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); OSSL_CRYPTO_ALLOC char *CRYPTO_strdup(const char *str, const char *file, int line); OSSL_CRYPTO_ALLOC char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); @@ -529,9 +543,14 @@ int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file); void OSSL_LIB_CTX_free(OSSL_LIB_CTX *); OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void); OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx); +int OSSL_LIB_CTX_get_conf_diagnostics(OSSL_LIB_CTX *ctx); +void OSSL_LIB_CTX_set_conf_diagnostics(OSSL_LIB_CTX *ctx, int value); void OSSL_sleep(uint64_t millis); + +void *OSSL_LIB_CTX_get_data(OSSL_LIB_CTX *ctx, int index); + # ifdef __cplusplus } # endif diff --git a/vendor/openssl/include/openssl/cryptoerr.h b/vendor/openssl/include/openssl/cryptoerr.h index e84b12d..7fa79cf 100644 --- a/vendor/openssl/include/openssl/cryptoerr.h +++ b/vendor/openssl/include/openssl/cryptoerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -47,6 +47,7 @@ # define CRYPTO_R_SECURE_MALLOC_FAILURE 111 # define CRYPTO_R_STRING_TOO_LONG 112 # define CRYPTO_R_TOO_MANY_BYTES 113 +# define CRYPTO_R_TOO_MANY_NAMES 132 # define CRYPTO_R_TOO_MANY_RECORDS 114 # define CRYPTO_R_TOO_SMALL_BUFFER 116 # define CRYPTO_R_UNKNOWN_NAME_IN_RANDOM_SECTION 120 diff --git a/vendor/openssl/include/openssl/e_os2.h b/vendor/openssl/include/openssl/e_os2.h index f1e1795..b8c6107 100644 --- a/vendor/openssl/include/openssl/e_os2.h +++ b/vendor/openssl/include/openssl/e_os2.h @@ -200,6 +200,7 @@ extern "C" { # endif # ifndef ossl_ssize_t +# include <sys/types.h> # define ossl_ssize_t ssize_t # if defined(SSIZE_MAX) # define OSSL_SSIZE_MAX SSIZE_MAX @@ -288,7 +289,7 @@ typedef uint64_t ossl_uintmax_t; # endif # if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && \ - !defined(__cplusplus) + !defined(__cplusplus) # define ossl_noreturn _Noreturn # elif defined(__GNUC__) && __GNUC__ >= 2 # define ossl_noreturn __attribute__((noreturn)) diff --git a/vendor/openssl/include/openssl/evp.h b/vendor/openssl/include/openssl/evp.h index f70b9d7..5466327 100644 --- a/vendor/openssl/include/openssl/evp.h +++ b/vendor/openssl/include/openssl/evp.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -552,6 +552,7 @@ int EVP_MD_get_block_size(const EVP_MD *md); # define EVP_MD_block_size EVP_MD_get_block_size unsigned long EVP_MD_get_flags(const EVP_MD *md); # define EVP_MD_flags EVP_MD_get_flags +int EVP_MD_xof(const EVP_MD *md); const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx); EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx); @@ -566,9 +567,11 @@ void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count)); # endif +int EVP_MD_CTX_get_size_ex(const EVP_MD_CTX *ctx); + # define EVP_MD_CTX_get0_name(e) EVP_MD_get0_name(EVP_MD_CTX_get0_md(e)) -# define EVP_MD_CTX_get_size(e) EVP_MD_get_size(EVP_MD_CTX_get0_md(e)) -# define EVP_MD_CTX_size EVP_MD_CTX_get_size +# define EVP_MD_CTX_get_size(e) EVP_MD_CTX_get_size_ex(e) +# define EVP_MD_CTX_size EVP_MD_CTX_get_size_ex # define EVP_MD_CTX_get_block_size(e) EVP_MD_get_block_size(EVP_MD_CTX_get0_md(e)) # define EVP_MD_CTX_block_size EVP_MD_CTX_get_block_size # define EVP_MD_CTX_get_type(e) EVP_MD_get_type(EVP_MD_CTX_get0_md(e)) @@ -895,6 +898,10 @@ const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher); const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *ctx); const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_set_algor_params(EVP_CIPHER_CTX *ctx, const X509_ALGOR *alg); +int EVP_CIPHER_CTX_get_algor_params(EVP_CIPHER_CTX *ctx, X509_ALGOR *alg); +int EVP_CIPHER_CTX_get_algor(EVP_CIPHER_CTX *ctx, X509_ALGOR **alg); + const BIO_METHOD *BIO_f_md(void); const BIO_METHOD *BIO_f_base64(void); const BIO_METHOD *BIO_f_cipher(void); @@ -1690,33 +1697,47 @@ int EVP_PKEY_CTX_set_kem_op(EVP_PKEY_CTX *ctx, const char *op); const char *EVP_PKEY_get0_type_name(const EVP_PKEY *key); # define EVP_PKEY_OP_UNDEFINED 0 -# define EVP_PKEY_OP_PARAMGEN (1<<1) -# define EVP_PKEY_OP_KEYGEN (1<<2) -# define EVP_PKEY_OP_FROMDATA (1<<3) -# define EVP_PKEY_OP_SIGN (1<<4) -# define EVP_PKEY_OP_VERIFY (1<<5) -# define EVP_PKEY_OP_VERIFYRECOVER (1<<6) -# define EVP_PKEY_OP_SIGNCTX (1<<7) -# define EVP_PKEY_OP_VERIFYCTX (1<<8) -# define EVP_PKEY_OP_ENCRYPT (1<<9) -# define EVP_PKEY_OP_DECRYPT (1<<10) -# define EVP_PKEY_OP_DERIVE (1<<11) -# define EVP_PKEY_OP_ENCAPSULATE (1<<12) -# define EVP_PKEY_OP_DECAPSULATE (1<<13) - -# define EVP_PKEY_OP_TYPE_SIG \ - (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \ - | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) - -# define EVP_PKEY_OP_TYPE_CRYPT \ - (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) - -# define EVP_PKEY_OP_TYPE_NOGEN \ - (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE) - -# define EVP_PKEY_OP_TYPE_GEN \ - (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) - +# define EVP_PKEY_OP_PARAMGEN (1 << 1) +# define EVP_PKEY_OP_KEYGEN (1 << 2) +# define EVP_PKEY_OP_FROMDATA (1 << 3) +# define EVP_PKEY_OP_SIGN (1 << 4) +# define EVP_PKEY_OP_VERIFY (1 << 5) +# define EVP_PKEY_OP_VERIFYRECOVER (1 << 6) +# define EVP_PKEY_OP_SIGNCTX (1 << 7) +# define EVP_PKEY_OP_VERIFYCTX (1 << 8) +# define EVP_PKEY_OP_ENCRYPT (1 << 9) +# define EVP_PKEY_OP_DECRYPT (1 << 10) +# define EVP_PKEY_OP_DERIVE (1 << 11) +# define EVP_PKEY_OP_ENCAPSULATE (1 << 12) +# define EVP_PKEY_OP_DECAPSULATE (1 << 13) +# define EVP_PKEY_OP_SIGNMSG (1 << 14) +# define EVP_PKEY_OP_VERIFYMSG (1 << 15) +/* Update the following when adding new EVP_PKEY_OPs */ +# define EVP_PKEY_OP_ALL ((1 << 16) - 1) + +# define EVP_PKEY_OP_TYPE_SIG \ + (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG \ + | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYMSG \ + | EVP_PKEY_OP_VERIFYRECOVER \ + | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) + +# define EVP_PKEY_OP_TYPE_CRYPT \ + (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) + +# define EVP_PKEY_OP_TYPE_DERIVE \ + (EVP_PKEY_OP_DERIVE) + +# define EVP_PKEY_OP_TYPE_DATA \ + (EVP_PKEY_OP_FROMDATA) + +# define EVP_PKEY_OP_TYPE_KEM \ + (EVP_PKEY_OP_ENCAPSULATE | EVP_PKEY_OP_DECAPSULATE) + +# define EVP_PKEY_OP_TYPE_GEN \ + (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) + +# define EVP_PKEY_OP_TYPE_NOGEN \ + (EVP_PKEY_OP_ALL & ~EVP_PKEY_OP_TYPE_GEN) int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, const unsigned char *key, int keylen); @@ -1780,6 +1801,7 @@ int EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt, const OSSL_PARAM *EVP_KEYMGMT_gettable_params(const EVP_KEYMGMT *keymgmt); const OSSL_PARAM *EVP_KEYMGMT_settable_params(const EVP_KEYMGMT *keymgmt); const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt); +const OSSL_PARAM *EVP_KEYMGMT_gen_gettable_params(const EVP_KEYMGMT *keymgmt); EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); @@ -1796,6 +1818,11 @@ int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx); int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params); const OSSL_PARAM *EVP_PKEY_CTX_settable_params(const EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_set_algor_params(EVP_PKEY_CTX *ctx, const X509_ALGOR *alg); +int EVP_PKEY_CTX_get_algor_params(EVP_PKEY_CTX *ctx, X509_ALGOR *alg); +int EVP_PKEY_CTX_get_algor(EVP_PKEY_CTX *ctx, X509_ALGOR **alg); + int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2); int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, @@ -1846,6 +1873,9 @@ EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); +int EVP_PKEY_CTX_set_signature(EVP_PKEY_CTX *pctx, + const unsigned char *sig, size_t siglen); + void EVP_SIGNATURE_free(EVP_SIGNATURE *signature); int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature); OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature); @@ -1899,17 +1929,35 @@ const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem); int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); +int EVP_PKEY_sign_init_ex2(EVP_PKEY_CTX *ctx, + EVP_SIGNATURE *algo, const OSSL_PARAM params[]); int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_sign_message_init(EVP_PKEY_CTX *ctx, + EVP_SIGNATURE *algo, const OSSL_PARAM params[]); +int EVP_PKEY_sign_message_update(EVP_PKEY_CTX *ctx, + const unsigned char *in, size_t inlen); +int EVP_PKEY_sign_message_final(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen); int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); +int EVP_PKEY_verify_init_ex2(EVP_PKEY_CTX *ctx, + EVP_SIGNATURE *algo, const OSSL_PARAM params[]); int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_message_init(EVP_PKEY_CTX *ctx, + EVP_SIGNATURE *algo, const OSSL_PARAM params[]); +int EVP_PKEY_verify_message_update(EVP_PKEY_CTX *ctx, + const unsigned char *in, size_t inlen); +int EVP_PKEY_verify_message_final(EVP_PKEY_CTX *ctx); int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); +int EVP_PKEY_verify_recover_init_ex2(EVP_PKEY_CTX *ctx, + EVP_SIGNATURE *algo, + const OSSL_PARAM params[]); int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, unsigned char *rout, size_t *routlen, const unsigned char *sig, size_t siglen); diff --git a/vendor/openssl/include/openssl/evperr.h b/vendor/openssl/include/openssl/evperr.h index 11f3faa..0a991f7 100644 --- a/vendor/openssl/include/openssl/evperr.h +++ b/vendor/openssl/include/openssl/evperr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -54,6 +54,7 @@ # define EVP_R_EXPECTING_A_SIPHASH_KEY 175 # define EVP_R_FINAL_ERROR 188 # define EVP_R_GENERATE_ERROR 214 +# define EVP_R_GETTING_ALGORITHMIDENTIFIER_NOT_SUPPORTED 229 # define EVP_R_GET_RAW_KEY_FAILED 182 # define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171 # define EVP_R_INACCESSIBLE_DOMAIN_PARAMETERS 204 @@ -94,6 +95,7 @@ # define EVP_R_ONLY_ONESHOT_SUPPORTED 177 # define EVP_R_OPERATION_NOT_INITIALIZED 151 # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 +# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_SIGNATURE_TYPE 226 # define EVP_R_OUTPUT_WOULD_OVERFLOW 202 # define EVP_R_PARAMETER_TOO_LARGE 187 # define EVP_R_PARTIALLY_OVERLAPPING 162 @@ -104,6 +106,7 @@ # define EVP_R_PUBLIC_KEY_NOT_RSA 106 # define EVP_R_SETTING_XOF_FAILED 227 # define EVP_R_SET_DEFAULT_PROPERTY_FAILURE 209 +# define EVP_R_SIGNATURE_TYPE_AND_KEY_TYPE_INCOMPATIBLE 228 # define EVP_R_TOO_MANY_RECORDS 183 # define EVP_R_UNABLE_TO_ENABLE_LOCKING 212 # define EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE 215 diff --git a/vendor/openssl/include/openssl/fips_names.h b/vendor/openssl/include/openssl/fips_names.h index 5c77f6d..fa481fc 100644 --- a/vendor/openssl/include/openssl/fips_names.h +++ b/vendor/openssl/include/openssl/fips_names.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,27 +17,18 @@ extern "C" { /* * Parameter names that the FIPS Provider defines + * All parameters are of type: OSSL_PARAM_UTF8_STRING */ -/* - * The calculated MAC of the module file (Used for FIPS Self Testing) - * Type: OSSL_PARAM_UTF8_STRING - */ +/* The following 4 Parameters are used for FIPS Self Testing */ + +/* The calculated MAC of the module file */ # define OSSL_PROV_FIPS_PARAM_MODULE_MAC "module-mac" -/* - * A version number for the fips install process (Used for FIPS Self Testing) - * Type: OSSL_PARAM_UTF8_STRING - */ +/* The Version number for the fips install process */ # define OSSL_PROV_FIPS_PARAM_INSTALL_VERSION "install-version" -/* - * The calculated MAC of the install status indicator (Used for FIPS Self Testing) - * Type: OSSL_PARAM_UTF8_STRING - */ +/* The calculated MAC of the install status indicator */ # define OSSL_PROV_FIPS_PARAM_INSTALL_MAC "install-mac" -/* - * The install status indicator (Used for FIPS Self Testing) - * Type: OSSL_PARAM_UTF8_STRING - */ +/* The install status indicator */ # define OSSL_PROV_FIPS_PARAM_INSTALL_STATUS "install-status" /* @@ -47,28 +38,10 @@ extern "C" { */ # define OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS "conditional-errors" -/* - * A boolean that determines if the runtime FIPS security checks are performed. - * This is enabled by default. - * Type: OSSL_PARAM_UTF8_STRING - */ -# define OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS "security-checks" - -/* - * A boolean that determines if the runtime FIPS check for TLS1_PRF EMS is performed. - * This is disabled by default. - * Type: OSSL_PARAM_UTF8_STRING - */ -# define OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check" - -/* - * A boolean that determines if truncated digests can be used with Hash and HMAC - * DRBGs. FIPS 140-3 IG D.R disallows such use for efficiency rather than - * security reasons. - * This is disabled by default. - * Type: OSSL_PARAM_UTF8_STRING - */ -# define OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md" +/* The following are provided for backwards compatibility */ +# define OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS OSSL_PROV_PARAM_SECURITY_CHECKS +# define OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK +# define OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST # ifdef __cplusplus } diff --git a/vendor/openssl/include/openssl/fipskey.h.in b/vendor/openssl/include/openssl/fipskey.h.in index 56b947e..c53012a 100644 --- a/vendor/openssl/include/openssl/fipskey.h.in +++ b/vendor/openssl/include/openssl/fipskey.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,6 +28,11 @@ extern "C" { */ #define FIPS_KEY_STRING "{- $config{FIPSKEY} -}" +/* + * The FIPS provider vendor name, as a string. + */ +#define FIPS_VENDOR "{- $config{FIPS_VENDOR} -}" + # ifdef __cplusplus } # endif diff --git a/vendor/openssl/include/openssl/http.h b/vendor/openssl/include/openssl/http.h index 8f4e9da..339b567 100644 --- a/vendor/openssl/include/openssl/http.h +++ b/vendor/openssl/include/openssl/http.h @@ -35,9 +35,10 @@ extern "C" { # ifndef OPENSSL_NO_HTTP -#define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024) -#define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024) -#define OSSL_HTTP_DEFAULT_MAX_RESP_HDR_LINES 256 +# define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024) +# define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024) +# define OSSL_HTTP_DEFAULT_MAX_CRL_LEN (32 * 1024 * 1024) +# define OSSL_HTTP_DEFAULT_MAX_RESP_HDR_LINES 256 /* Low-level HTTP API */ diff --git a/vendor/openssl/include/openssl/macros.h b/vendor/openssl/include/openssl/macros.h index e9ef938..8330c75 100644 --- a/vendor/openssl/include/openssl/macros.h +++ b/vendor/openssl/include/openssl/macros.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -169,6 +169,7 @@ * 'no-deprecated'. */ +# undef OPENSSL_NO_DEPRECATED_3_4 # undef OPENSSL_NO_DEPRECATED_3_1 # undef OPENSSL_NO_DEPRECATED_3_0 # undef OPENSSL_NO_DEPRECATED_1_1_1 @@ -178,6 +179,17 @@ # undef OPENSSL_NO_DEPRECATED_1_0_0 # undef OPENSSL_NO_DEPRECATED_0_9_8 +# if OPENSSL_API_LEVEL >= 30400 +# ifndef OPENSSL_NO_DEPRECATED +# define OSSL_DEPRECATEDIN_3_4 OSSL_DEPRECATED(3.4) +# define OSSL_DEPRECATEDIN_3_4_FOR(msg) OSSL_DEPRECATED_FOR(3.4, msg) +# else +# define OPENSSL_NO_DEPRECATED_3_4 +# endif +# else +# define OSSL_DEPRECATEDIN_3_4 +# define OSSL_DEPRECATEDIN_3_4_FOR(msg) +# endif # if OPENSSL_API_LEVEL >= 30100 # ifndef OPENSSL_NO_DEPRECATED # define OSSL_DEPRECATEDIN_3_1 OSSL_DEPRECATED(3.1) diff --git a/vendor/openssl/include/openssl/obj_mac.h b/vendor/openssl/include/openssl/obj_mac.h index 1b7d924..ea603c2 100644 --- a/vendor/openssl/include/openssl/obj_mac.h +++ b/vendor/openssl/include/openssl/obj_mac.h @@ -1583,9 +1583,13 @@ #define NID_qcStatements 286 #define OBJ_qcStatements OBJ_id_pe,3L -#define SN_ac_auditEntity "ac-auditEntity" -#define NID_ac_auditEntity 287 -#define OBJ_ac_auditEntity OBJ_id_pe,4L +#define SN_ac_auditIdentity "ac-auditIdentity" +#define LN_ac_auditIdentity "X509v3 Audit Identity" +#define NID_ac_auditIdentity 287 +#define OBJ_ac_auditIdentity OBJ_id_pe,4L + +#define NID_ac_auditEntity 1323 +#define OBJ_ac_auditEntity OBJ_ac_auditIdentity #define SN_ac_targeting "ac-targeting" #define NID_ac_targeting 288 @@ -2022,6 +2026,11 @@ #define NID_id_on_permanentIdentifier 858 #define OBJ_id_on_permanentIdentifier OBJ_id_on,3L +#define SN_id_on_hardwareModuleName "id-on-hardwareModuleName" +#define LN_id_on_hardwareModuleName "Hardware Module Name" +#define NID_id_on_hardwareModuleName 1321 +#define OBJ_id_on_hardwareModuleName OBJ_id_on,4L + #define SN_XmppAddr "id-on-xmppAddr" #define LN_XmppAddr "XmppAddr" #define NID_XmppAddr 1209 @@ -3019,6 +3028,11 @@ #define NID_dcObject 390 #define OBJ_dcObject OBJ_Enterprises,1466L,344L +#define SN_id_kp_wisun_fan_device "id-kp-wisun-fan-device" +#define LN_id_kp_wisun_fan_device "Wi-SUN Alliance Field Area Network (FAN)" +#define NID_id_kp_wisun_fan_device 1322 +#define OBJ_id_kp_wisun_fan_device OBJ_Enterprises,45605L,1L + #define SN_mime_mhs "mime-mhs" #define LN_mime_mhs "MIME MHS" #define NID_mime_mhs 504 diff --git a/vendor/openssl/include/openssl/objects.h b/vendor/openssl/include/openssl/objects.h index 9ea91c2..cc9f3c5 100644 --- a/vendor/openssl/include/openssl/objects.h +++ b/vendor/openssl/include/openssl/objects.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -176,6 +176,7 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); int OBJ_add_sigid(int signid, int dig_id, int pkey_id); void OBJ_sigid_free(void); +#define SN_ac_auditEntity SN_ac_auditIdentity # ifdef __cplusplus } diff --git a/vendor/openssl/include/openssl/pem.h b/vendor/openssl/include/openssl/pem.h index 0446c77..6b7b66a 100644 --- a/vendor/openssl/include/openssl/pem.h +++ b/vendor/openssl/include/openssl/pem.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -58,6 +58,7 @@ extern "C" { # define PEM_STRING_PARAMETERS "PARAMETERS" # define PEM_STRING_CMS "CMS" # define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS" +# define PEM_STRING_ACERT "ATTRIBUTE CERTIFICATE" # define PEM_TYPE_ENCRYPTED 10 # define PEM_TYPE_MIC_ONLY 20 diff --git a/vendor/openssl/include/openssl/pkcs12.h.in b/vendor/openssl/include/openssl/pkcs12.h.in index 35759d4..097afba 100644 --- a/vendor/openssl/include/openssl/pkcs12.h.in +++ b/vendor/openssl/include/openssl/pkcs12.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -269,6 +269,9 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type); +int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + const EVP_MD *md_type, const char *prf_md_name); int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, const EVP_MD *md_type); unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, diff --git a/vendor/openssl/include/openssl/proverr.h b/vendor/openssl/include/openssl/proverr.h index d9ef568..d10b653 100644 --- a/vendor/openssl/include/openssl/proverr.h +++ b/vendor/openssl/include/openssl/proverr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -30,9 +30,11 @@ # define PROV_R_BAD_TLS_CLIENT_VERSION 161 # define PROV_R_BN_ERROR 160 # define PROV_R_CIPHER_OPERATION_FAILED 102 +# define PROV_R_COFACTOR_REQUIRED 236 # define PROV_R_DERIVATION_FUNCTION_INIT_FAILED 205 # define PROV_R_DIGEST_NOT_ALLOWED 174 # define PROV_R_EMS_NOT_ENABLED 233 +# define PROV_R_ENTROPY_SOURCE_FAILED_CONTINUOUS_TESTS 244 # define PROV_R_ENTROPY_SOURCE_STRENGTH_TOO_WEAK 186 # define PROV_R_ERROR_INSTANTIATING_DRBG 188 # define PROV_R_ERROR_RETRIEVING_ENTROPY 189 @@ -44,12 +46,14 @@ # define PROV_R_FAILED_TO_GET_PARAMETER 103 # define PROV_R_FAILED_TO_SET_PARAMETER 104 # define PROV_R_FAILED_TO_SIGN 175 +# define PROV_R_FINAL_CALL_OUT_OF_ORDER 237 # define PROV_R_FIPS_MODULE_CONDITIONAL_ERROR 227 # define PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE 224 # define PROV_R_FIPS_MODULE_IN_ERROR_STATE 225 # define PROV_R_GENERATE_ERROR 191 # define PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 165 # define PROV_R_INDICATOR_INTEGRITY_FAILURE 210 +# define PROV_R_INIT_CALL_OUT_OF_ORDER 238 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH 181 # define PROV_R_INVALID_AAD 108 # define PROV_R_INVALID_AEAD 231 @@ -61,6 +65,7 @@ # define PROV_R_INVALID_DIGEST 122 # define PROV_R_INVALID_DIGEST_LENGTH 166 # define PROV_R_INVALID_DIGEST_SIZE 218 +# define PROV_R_INVALID_EDDSA_INSTANCE_FOR_ATTEMPTED_OPERATION 243 # define PROV_R_INVALID_INPUT_LENGTH 230 # define PROV_R_INVALID_ITERATION_COUNT 123 # define PROV_R_INVALID_IV_LENGTH 109 @@ -73,6 +78,7 @@ # define PROV_R_INVALID_MODE 125 # define PROV_R_INVALID_OUTPUT_LENGTH 217 # define PROV_R_INVALID_PADDING_MODE 168 +# define PROV_R_INVALID_PREHASHED_DIGEST_LENGTH 241 # define PROV_R_INVALID_PUBINFO 198 # define PROV_R_INVALID_SALT_LENGTH 112 # define PROV_R_INVALID_SEED_LENGTH 154 @@ -110,8 +116,10 @@ # define PROV_R_NOT_PARAMETERS 226 # define PROV_R_NOT_SUPPORTED 136 # define PROV_R_NOT_XOF_OR_INVALID_LENGTH 113 +# define PROV_R_NO_INSTANCE_ALLOWED 242 # define PROV_R_NO_KEY_SET 114 # define PROV_R_NO_PARAMETERS_SET 177 +# define PROV_R_ONESHOT_CALL_OUT_OF_ORDER 239 # define PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 178 # define PROV_R_OUTPUT_BUFFER_TOO_SMALL 106 # define PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS 228 @@ -142,6 +150,7 @@ # define PROV_R_UNSUPPORTED_KEY_SIZE 153 # define PROV_R_UNSUPPORTED_MAC_TYPE 137 # define PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS 152 +# define PROV_R_UPDATE_CALL_OUT_OF_ORDER 240 # define PROV_R_URI_AUTHORITY_UNSUPPORTED 223 # define PROV_R_VALUE_ERROR 138 # define PROV_R_WRONG_FINAL_BLOCK_LENGTH 107 diff --git a/vendor/openssl/include/openssl/self_test.h b/vendor/openssl/include/openssl/self_test.h index 1782204..98652f9 100644 --- a/vendor/openssl/include/openssl/self_test.h +++ b/vendor/openssl/include/openssl/self_test.h @@ -44,6 +44,7 @@ extern "C" { /* Test event sub categories */ # define OSSL_SELF_TEST_DESC_NONE "None" # define OSSL_SELF_TEST_DESC_INTEGRITY_HMAC "HMAC" +# define OSSL_SELF_TEST_DESC_PCT_RSA "RSA" # define OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1 "RSA" # define OSSL_SELF_TEST_DESC_PCT_ECDSA "ECDSA" # define OSSL_SELF_TEST_DESC_PCT_EDDSA "EDDSA" @@ -59,6 +60,7 @@ extern "C" { # define OSSL_SELF_TEST_DESC_SIGN_DSA "DSA" # define OSSL_SELF_TEST_DESC_SIGN_RSA "RSA" # define OSSL_SELF_TEST_DESC_SIGN_ECDSA "ECDSA" +# define OSSL_SELF_TEST_DESC_SIGN_EDDSA "EDDSA" # define OSSL_SELF_TEST_DESC_DRBG_CTR "CTR" # define OSSL_SELF_TEST_DESC_DRBG_HASH "HASH" # define OSSL_SELF_TEST_DESC_DRBG_HMAC "HMAC" diff --git a/vendor/openssl/include/openssl/ssl.h.in b/vendor/openssl/include/openssl/ssl.h.in index 442d5cb..4bab2ac 100644 --- a/vendor/openssl/include/openssl/ssl.h.in +++ b/vendor/openssl/include/openssl/ssl.h.in @@ -236,10 +236,8 @@ typedef struct ssl_cipher_st SSL_CIPHER; typedef struct ssl_session_st SSL_SESSION; typedef struct tls_sigalgs_st TLS_SIGALGS; typedef struct ssl_conf_ctx_st SSL_CONF_CTX; -typedef struct ssl_comp_st SSL_COMP; STACK_OF(SSL_CIPHER); -STACK_OF(SSL_COMP); /* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ typedef struct srtp_protection_profile_st { @@ -975,8 +973,7 @@ extern "C" { * in VisualStudio 2015 */ {- - generate_const_stack_macros("SSL_CIPHER") - .generate_stack_macros("SSL_COMP"); + generate_const_stack_macros("SSL_CIPHER"); -} /* compatibility */ @@ -1572,7 +1569,11 @@ void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *); __owur int SSL_want(const SSL *s); __owur int SSL_clear(SSL *s); +#ifndef OPENSSL_NO_DEPRECATED_3_4 +OSSL_DEPRECATEDIN_3_4_FOR("not Y2038-safe, replace with SSL_CTX_flush_sessions_ex()") void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); +#endif +void SSL_CTX_flush_sessions_ex(SSL_CTX *ctx, time_t tm); __owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); __owur const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s); @@ -1684,8 +1685,13 @@ __owur const char *SSL_state_string(const SSL *s); __owur const char *SSL_rstate_string(const SSL *s); __owur const char *SSL_state_string_long(const SSL *s); __owur const char *SSL_rstate_string_long(const SSL *s); + +#ifndef OPENSSL_NO_DEPRECATED_3_4 +OSSL_DEPRECATEDIN_3_4_FOR("not Y2038-safe, replace with SSL_SESSION_get_time_ex()") __owur long SSL_SESSION_get_time(const SSL_SESSION *s); +OSSL_DEPRECATEDIN_3_4_FOR("not Y2038-safe, replace with SSL_SESSION_set_time_ex()") __owur long SSL_SESSION_set_time(SSL_SESSION *s, long t); +#endif __owur long SSL_SESSION_get_timeout(const SSL_SESSION *s); __owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); __owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); @@ -2257,6 +2263,8 @@ void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); +int SSL_CTX_set_block_padding_ex(SSL_CTX *ctx, size_t app_block_size, + size_t hs_block_size); int SSL_set_record_padding_callback(SSL *ssl, size_t (*cb) (SSL *ssl, int type, @@ -2264,7 +2272,8 @@ int SSL_set_record_padding_callback(SSL *ssl, void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); void *SSL_get_record_padding_callback_arg(const SSL *ssl); int SSL_set_block_padding(SSL *ssl, size_t block_size); - +int SSL_set_block_padding_ex(SSL *ssl, size_t app_block_size, + size_t hs_block_size); int SSL_set_num_tickets(SSL *s, size_t num_tickets); size_t SSL_get_num_tickets(const SSL *s); int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); diff --git a/vendor/openssl/include/openssl/sslerr.h b/vendor/openssl/include/openssl/sslerr.h index ec35df6..d6ae547 100644 --- a/vendor/openssl/include/openssl/sslerr.h +++ b/vendor/openssl/include/openssl/sslerr.h @@ -117,6 +117,7 @@ # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 +# define SSL_R_ERROR_IN_SYSTEM_DEFAULT_CONFIG 419 # define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204 # define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE 194 # define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 @@ -178,6 +179,7 @@ # define SSL_R_MISSING_SIGNING_CERT 221 # define SSL_R_MISSING_SRP_PARAM 358 # define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION 209 +# define SSL_R_MISSING_SUPPORTED_VERSIONS_EXTENSION 420 # define SSL_R_MISSING_TMP_DH_KEY 171 # define SSL_R_MISSING_TMP_ECDH_KEY 311 # define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293 diff --git a/vendor/openssl/include/openssl/tls1.h b/vendor/openssl/include/openssl/tls1.h index 7e3d1a7..8e9b110 100644 --- a/vendor/openssl/include/openssl/tls1.h +++ b/vendor/openssl/include/openssl/tls1.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -231,6 +231,8 @@ extern "C" { # define TLSEXT_max_fragment_length_1024 2 # define TLSEXT_max_fragment_length_2048 3 # define TLSEXT_max_fragment_length_4096 4 +/* OpenSSL value for unset maximum fragment length extension */ +# define TLSEXT_max_fragment_length_UNSPECIFIED 255 /* * TLS Certificate Type (for RFC7250) @@ -280,6 +282,8 @@ int SSL_get_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignandhash, unsigned char *rsig, unsigned char *rhash); +char *SSL_get1_builtin_sigalgs(OSSL_LIB_CTX *libctx); + int SSL_get_shared_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignandhash, unsigned char *rsig, unsigned char *rhash); @@ -622,6 +626,10 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb # define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 # define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305 +/* Integrity-only ciphersuites from RFC 9150 */ +# define TLS1_3_CK_SHA256_SHA256 0x0300C0B4 +# define TLS1_3_CK_SHA384_SHA384 0x0300C0B5 + /* Aria ciphersuites from RFC6209 */ # define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C050 # define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C051 @@ -699,6 +707,8 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb # define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" # define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" # define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" +# define TLS1_3_RFC_SHA256_SHA256 "TLS_SHA256_SHA256" +# define TLS1_3_RFC_SHA384_SHA384 "TLS_SHA384_SHA384" # define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" # define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" # define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA" diff --git a/vendor/openssl/include/openssl/ts.h b/vendor/openssl/include/openssl/ts.h index b09b646..31c78b5 100644 --- a/vendor/openssl/include/openssl/ts.h +++ b/vendor/openssl/include/openssl/ts.h @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -418,14 +418,31 @@ void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f); int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f); +# ifndef OPENSSL_NO_DEPRECATED_3_4 +OSSL_DEPRECATEDIN_3_4_FOR("Unclear semantics, replace with TS_VERIFY_CTX_set0_data().") BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b); +# endif +int TS_VERIFY_CTX_set0_data(TS_VERIFY_CTX *ctx, BIO *b); +# ifndef OPENSSL_NO_DEPRECATED_3_4 +OSSL_DEPRECATEDIN_3_4_FOR("Unclear semantics, replace with TS_VERIFY_CTX_set0_imprint().") unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, unsigned char *hexstr, long len); +# endif +int TS_VERIFY_CTX_set0_imprint(TS_VERIFY_CTX *ctx, + unsigned char *hexstr, long len); +# ifndef OPENSSL_NO_DEPRECATED_3_4 +OSSL_DEPRECATEDIN_3_4_FOR("Unclear semantics, replace with TS_VERIFY_CTX_set0_store().") X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s); +# endif +int TS_VERIFY_CTX_set0_store(TS_VERIFY_CTX *ctx, X509_STORE *s); # ifndef OPENSSL_NO_DEPRECATED_3_0 # define TS_VERIFY_CTS_set_certs(ctx, cert) TS_VERIFY_CTX_set_certs(ctx,cert) # endif +# ifndef OPENSSL_NO_DEPRECATED_3_4 +OSSL_DEPRECATEDIN_3_4_FOR("Unclear semantics, replace with TS_VERIFY_CTX_set0_certs().") STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs); +# endif +int TS_VERIFY_CTX_set0_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs); /*- * If ctx is NULL, it allocates and returns a new object, otherwise diff --git a/vendor/openssl/include/openssl/types.h b/vendor/openssl/include/openssl/types.h index c280286..e05a350 100644 --- a/vendor/openssl/include/openssl/types.h +++ b/vendor/openssl/include/openssl/types.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -33,6 +33,12 @@ extern "C" { # include <openssl/safestack.h> # include <openssl/macros.h> +# if OPENSSL_VERSION_MAJOR >= 4 +# define OSSL_FUTURE_CONST const +# else +# define OSSL_FUTURE_CONST +# endif + typedef struct ossl_provider_st OSSL_PROVIDER; /* Provider Object */ # ifdef NO_ASN1_TYPEDEFS diff --git a/vendor/openssl/include/openssl/x509.h.in b/vendor/openssl/include/openssl/x509.h.in index 7210391..2100790 100644 --- a/vendor/openssl/include/openssl/x509.h.in +++ b/vendor/openssl/include/openssl/x509.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -67,16 +67,24 @@ extern "C" { # define X509_FILETYPE_ASN1 2 # define X509_FILETYPE_DEFAULT 3 -# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 -# define X509v3_KU_NON_REPUDIATION 0x0040 -# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 -# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 -# define X509v3_KU_KEY_AGREEMENT 0x0008 -# define X509v3_KU_KEY_CERT_SIGN 0x0004 -# define X509v3_KU_CRL_SIGN 0x0002 -# define X509v3_KU_ENCIPHER_ONLY 0x0001 -# define X509v3_KU_DECIPHER_ONLY 0x8000 -# define X509v3_KU_UNDEF 0xffff +/*- + * <https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3>: + * The KeyUsage BITSTRING is treated as a little-endian integer, hence bit `0` + * is 0x80, while bit `7` is 0x01 (the LSB of the integer value), bit `8` is + * then the MSB of the second octet, or 0x8000. + */ +# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 /* (0) */ +# define X509v3_KU_NON_REPUDIATION 0x0040 /* (1) */ +# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 /* (2) */ +# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 /* (3) */ +# define X509v3_KU_KEY_AGREEMENT 0x0008 /* (4) */ +# define X509v3_KU_KEY_CERT_SIGN 0x0004 /* (5) */ +# define X509v3_KU_CRL_SIGN 0x0002 /* (6) */ +# define X509v3_KU_ENCIPHER_ONLY 0x0001 /* (7) */ +# define X509v3_KU_DECIPHER_ONLY 0x8000 /* (8) */ +# ifndef OPENSSL_NO_DEPRECATED_3_4 +# define X509v3_KU_UNDEF 0xffff /* vestigial, not used */ +# endif struct X509_algor_st { ASN1_OBJECT *algorithm; @@ -271,7 +279,12 @@ typedef struct PBKDF2PARAM_st { X509_ALGOR *prf; } PBKDF2PARAM; -#ifndef OPENSSL_NO_SCRYPT +typedef struct { + X509_ALGOR *keyDerivationFunc; + X509_ALGOR *messageAuthScheme; +} PBMAC1PARAM; + +# ifndef OPENSSL_NO_SCRYPT typedef struct SCRYPT_PARAMS_st { ASN1_OCTET_STRING *salt; ASN1_INTEGER *costParameter; @@ -279,7 +292,7 @@ typedef struct SCRYPT_PARAMS_st { ASN1_INTEGER *parallelizationParameter; ASN1_INTEGER *keyLength; } SCRYPT_PARAMS; -#endif +# endif #ifdef __cplusplus } @@ -702,7 +715,7 @@ X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req); int X509_REQ_extension_nid(int nid); int *X509_REQ_get_extension_nids(void); void X509_REQ_set_extension_nids(int *nids); -STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); +STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(OSSL_FUTURE_CONST X509_REQ *req); int X509_REQ_add_extensions_nid(X509_REQ *req, const STACK_OF(X509_EXTENSION) *exts, int nid); int X509_REQ_add_extensions(X509_REQ *req, const STACK_OF(X509_EXTENSION) *ext); @@ -891,6 +904,9 @@ X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ex, int loc); +STACK_OF(X509_EXTENSION) + *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target, + const STACK_OF(X509_EXTENSION) *exts); int X509_get_ext_count(const X509 *x); int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); @@ -1012,9 +1028,10 @@ X509 *X509_find_by_subject(STACK_OF(X509) *sk, const X509_NAME *name); DECLARE_ASN1_FUNCTIONS(PBEPARAM) DECLARE_ASN1_FUNCTIONS(PBE2PARAM) DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) -#ifndef OPENSSL_NO_SCRYPT +DECLARE_ASN1_FUNCTIONS(PBMAC1PARAM) +# ifndef OPENSSL_NO_SCRYPT DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS) -#endif +# endif int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, const unsigned char *salt, int saltlen); @@ -1051,6 +1068,7 @@ X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen, int prf_nid, int keylen, OSSL_LIB_CTX *libctx); +PBKDF2PARAM *PBMAC1_get1_pbkdf2_param(const X509_ALGOR *macalg); /* PKCS#8 utilities */ DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) diff --git a/vendor/openssl/include/openssl/x509_acert.h.in b/vendor/openssl/include/openssl/x509_acert.h.in index 70facf8..76570d4 100644 --- a/vendor/openssl/include/openssl/x509_acert.h.in +++ b/vendor/openssl/include/openssl/x509_acert.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/include/openssl/x509err.h b/vendor/openssl/include/openssl/x509err.h index 71b557a..77b91c8 100644 --- a/vendor/openssl/include/openssl/x509err.h +++ b/vendor/openssl/include/openssl/x509err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -63,6 +63,7 @@ # define X509_R_UNKNOWN_SIGID_ALGS 144 # define X509_R_UNKNOWN_TRUST_ID 120 # define X509_R_UNSUPPORTED_ALGORITHM 111 +# define X509_R_UNSUPPORTED_VERSION 145 # define X509_R_WRONG_LOOKUP_TYPE 112 # define X509_R_WRONG_TYPE 122 diff --git a/vendor/openssl/include/openssl/x509v3.h.in b/vendor/openssl/include/openssl/x509v3.h.in index 5696803..0f37e13 100644 --- a/vendor/openssl/include/openssl/x509v3.h.in +++ b/vendor/openssl/include/openssl/x509v3.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -126,6 +126,11 @@ typedef struct BASIC_CONSTRAINTS_st { ASN1_INTEGER *pathlen; } BASIC_CONSTRAINTS; +typedef struct OSSL_BASIC_ATTR_CONSTRAINTS_st { + int authority; + ASN1_INTEGER *pathlen; +} OSSL_BASIC_ATTR_CONSTRAINTS; + typedef struct PKEY_USAGE_PERIOD_st { ASN1_GENERALIZEDTIME *notBefore; ASN1_GENERALIZEDTIME *notAfter; @@ -178,6 +183,8 @@ typedef struct ACCESS_DESCRIPTION_st { GENERAL_NAME *location; } ACCESS_DESCRIPTION; +int GENERAL_NAME_set1_X509_NAME(GENERAL_NAME **tgt, const X509_NAME *src); + {- generate_stack_macros("ACCESS_DESCRIPTION") .generate_stack_macros("GENERAL_NAME"); @@ -201,6 +208,7 @@ typedef struct DIST_POINT_NAME_st { /* If relativename then this contains the full distribution point name */ X509_NAME *dpname; } DIST_POINT_NAME; +DECLARE_ASN1_DUP_FUNCTION(DIST_POINT_NAME) /* All existing reasons */ # define CRLDP_ALL_REASONS 0x807f @@ -422,15 +430,16 @@ struct ISSUING_DIST_POINT_st { # define EXFLAG_SAN_CRITICAL 0x80000 # define EXFLAG_NO_FINGERPRINT 0x100000 -# define KU_DIGITAL_SIGNATURE 0x0080 -# define KU_NON_REPUDIATION 0x0040 -# define KU_KEY_ENCIPHERMENT 0x0020 -# define KU_DATA_ENCIPHERMENT 0x0010 -# define KU_KEY_AGREEMENT 0x0008 -# define KU_KEY_CERT_SIGN 0x0004 -# define KU_CRL_SIGN 0x0002 -# define KU_ENCIPHER_ONLY 0x0001 -# define KU_DECIPHER_ONLY 0x8000 +/* https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3 */ +# define KU_DIGITAL_SIGNATURE X509v3_KU_DIGITAL_SIGNATURE +# define KU_NON_REPUDIATION X509v3_KU_NON_REPUDIATION +# define KU_KEY_ENCIPHERMENT X509v3_KU_KEY_ENCIPHERMENT +# define KU_DATA_ENCIPHERMENT X509v3_KU_DATA_ENCIPHERMENT +# define KU_KEY_AGREEMENT X509v3_KU_KEY_AGREEMENT +# define KU_KEY_CERT_SIGN X509v3_KU_KEY_CERT_SIGN +# define KU_CRL_SIGN X509v3_KU_CRL_SIGN +# define KU_ENCIPHER_ONLY X509v3_KU_ENCIPHER_ONLY +# define KU_DECIPHER_ONLY X509v3_KU_DECIPHER_ONLY # define NS_SSL_CLIENT 0x80 # define NS_SSL_SERVER 0x40 @@ -507,6 +516,7 @@ typedef struct x509_purpose_st { # define X509V3_ADD_SILENT 0x10 DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) +DECLARE_ASN1_FUNCTIONS(OSSL_BASIC_ATTR_CONSTRAINTS) DECLARE_ASN1_FUNCTIONS(SXNET) DECLARE_ASN1_FUNCTIONS(SXNETID) @@ -1015,6 +1025,18 @@ const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber( void PROFESSION_INFO_set0_registrationNumber( PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); +int OSSL_GENERAL_NAMES_print(BIO *out, GENERAL_NAMES *gens, int indent); + +typedef STACK_OF(X509_ATTRIBUTE) OSSL_ATTRIBUTES_SYNTAX; +DECLARE_ASN1_FUNCTIONS(OSSL_ATTRIBUTES_SYNTAX) + +typedef STACK_OF(USERNOTICE) OSSL_USER_NOTICE_SYNTAX; +DECLARE_ASN1_FUNCTIONS(OSSL_USER_NOTICE_SYNTAX) + +{- + generate_stack_macros("USERNOTICE"); +-} + # ifdef __cplusplus } # endif diff --git a/vendor/secp256k1/include/secp256k1/secp256k1.h b/vendor/secp256k1/include/secp256k1/secp256k1.h index cfbdd52..c6e9417 100644 --- a/vendor/secp256k1/include/secp256k1/secp256k1.h +++ b/vendor/secp256k1/include/secp256k1/secp256k1.h @@ -49,19 +49,6 @@ extern "C" { */ typedef struct secp256k1_context_struct secp256k1_context; -/** Opaque data structure that holds rewritable "scratch space" - * - * The purpose of this structure is to replace dynamic memory allocations, - * because we target architectures where this may not be available. It is - * essentially a resizable (within specified parameters) block of bytes, - * which is initially created either by memory allocation or TODO as a pointer - * into some fixed rewritable space. - * - * Unlike the context object, this cannot safely be shared between threads - * without additional synchronization logic. - */ -typedef struct secp256k1_scratch_space_struct secp256k1_scratch_space; - /** Opaque data structure that holds a parsed and valid public key. * * The exact representation of data inside is implementation defined and not @@ -71,11 +58,11 @@ typedef struct secp256k1_scratch_space_struct secp256k1_scratch_space; * use secp256k1_ec_pubkey_serialize and secp256k1_ec_pubkey_parse. To * compare keys, use secp256k1_ec_pubkey_cmp. */ -typedef struct { +typedef struct secp256k1_pubkey { unsigned char data[64]; } secp256k1_pubkey; -/** Opaque data structured that holds a parsed ECDSA signature. +/** Opaque data structure that holds a parsed ECDSA signature. * * The exact representation of data inside is implementation defined and not * guaranteed to be portable between different platforms or versions. It is @@ -84,7 +71,7 @@ typedef struct { * comparison, use the secp256k1_ecdsa_signature_serialize_* and * secp256k1_ecdsa_signature_parse_* functions. */ -typedef struct { +typedef struct secp256k1_ecdsa_signature { unsigned char data[64]; } secp256k1_ecdsa_signature; @@ -147,6 +134,15 @@ typedef int (*secp256k1_nonce_function)( * 1. If using Libtool, it defines DLL_EXPORT automatically. * 2. In other cases, SECP256K1_DLL_EXPORT must be defined. */ # define SECP256K1_API extern __declspec (dllexport) +# else + /* Building libsecp256k1 as a static library on Windows. + * No declspec is needed, and so we would want the non-Windows-specific + * logic below take care of this case. However, this may result in setting + * __attribute__ ((visibility("default"))), which is supposed to be a noop + * on Windows but may trigger warnings when compiling with -flto due to a + * bug in GCC, see + * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116478 . */ +# define SECP256K1_API extern # endif /* The user must define SECP256K1_STATIC when consuming libsecp256k1 as a static * library on Windows. */ @@ -156,11 +152,12 @@ typedef int (*secp256k1_nonce_function)( # endif #endif #ifndef SECP256K1_API +/* All cases not captured by the Windows-specific logic. */ # if defined(__GNUC__) && (__GNUC__ >= 4) && defined(SECP256K1_BUILD) - /* Building libsecp256k1 on non-Windows using GCC or compatible. */ + /* Building libsecp256k1 using GCC or compatible. */ # define SECP256K1_API extern __attribute__ ((visibility ("default"))) # else - /* All cases not captured above. */ + /* Fall back to standard C's extern. */ # define SECP256K1_API extern # endif #endif @@ -392,29 +389,6 @@ SECP256K1_API void secp256k1_context_set_error_callback( const void *data ) SECP256K1_ARG_NONNULL(1); -/** Create a secp256k1 scratch space object. - * - * Returns: a newly created scratch space. - * Args: ctx: pointer to a context object. - * In: size: amount of memory to be available as scratch space. Some extra - * (<100 bytes) will be allocated for extra accounting. - */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT secp256k1_scratch_space *secp256k1_scratch_space_create( - const secp256k1_context *ctx, - size_t size -) SECP256K1_ARG_NONNULL(1); - -/** Destroy a secp256k1 scratch space. - * - * The pointer may not be used afterwards. - * Args: ctx: pointer to a context object. - * scratch: space to destroy - */ -SECP256K1_API void secp256k1_scratch_space_destroy( - const secp256k1_context *ctx, - secp256k1_scratch_space *scratch -) SECP256K1_ARG_NONNULL(1); - /** Parse a variable-length public key into the pubkey object. * * Returns: 1 if the public key was fully valid. @@ -679,12 +653,14 @@ SECP256K1_API int secp256k1_ecdsa_sign( const void *ndata ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); -/** Verify an ECDSA secret key. +/** Verify an elliptic curve secret key. * * A secret key is valid if it is not 0 and less than the secp256k1 curve order * when interpreted as an integer (most significant byte first). The * probability of choosing a 32-byte string uniformly at random which is an - * invalid secret key is negligible. + * invalid secret key is negligible. However, if it does happen it should + * be assumed that the randomness source is severely broken and there should + * be no retry. * * Returns: 1: secret key is valid * 0: secret key is invalid diff --git a/vendor/secp256k1/include/secp256k1/secp256k1_ellswift.h b/vendor/secp256k1/include/secp256k1/secp256k1_ellswift.h index ae37287..0d1293e 100644 --- a/vendor/secp256k1/include/secp256k1/secp256k1_ellswift.h +++ b/vendor/secp256k1/include/secp256k1/secp256k1_ellswift.h @@ -35,7 +35,7 @@ extern "C" { * * If the Y coordinate is relevant, it is given the same parity as t. * - * Changes w.r.t. the the paper: + * Changes w.r.t. the paper: * - The u=0, t=0, and u^3+t^2+7=0 conditions result in decoding to the point * at infinity in the paper. Here they are remapped to finite points. * - The paper uses an additional encoding bit for the parity of y. Here the diff --git a/vendor/secp256k1/include/secp256k1/secp256k1_extrakeys.h b/vendor/secp256k1/include/secp256k1/secp256k1_extrakeys.h index ad70b92..48c9869 100644 --- a/vendor/secp256k1/include/secp256k1/secp256k1_extrakeys.h +++ b/vendor/secp256k1/include/secp256k1/secp256k1_extrakeys.h @@ -19,7 +19,7 @@ extern "C" { * use secp256k1_xonly_pubkey_serialize and secp256k1_xonly_pubkey_parse. To * compare keys, use secp256k1_xonly_pubkey_cmp. */ -typedef struct { +typedef struct secp256k1_xonly_pubkey { unsigned char data[64]; } secp256k1_xonly_pubkey; @@ -30,7 +30,7 @@ typedef struct { * guaranteed to be portable between different platforms or versions. It is * however guaranteed to be 96 bytes in size, and can be safely copied/moved. */ -typedef struct { +typedef struct secp256k1_keypair { unsigned char data[96]; } secp256k1_keypair; @@ -155,10 +155,13 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add_ const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5); -/** Compute the keypair for a secret key. +/** Compute the keypair for a valid secret key. * - * Returns: 1: secret was valid, keypair is ready to use - * 0: secret was invalid, try again with a different secret + * See the documentation of `secp256k1_ec_seckey_verify` for more information + * about the validity of secret keys. + * + * Returns: 1: secret key is valid + * 0: secret key is invalid * Args: ctx: pointer to a context object (not secp256k1_context_static). * Out: keypair: pointer to the created keypair. * In: seckey: pointer to a 32-byte secret key. diff --git a/vendor/secp256k1/include/secp256k1/secp256k1_musig.h b/vendor/secp256k1/include/secp256k1/secp256k1_musig.h new file mode 100644 index 0000000..11b8f08 --- /dev/null +++ b/vendor/secp256k1/include/secp256k1/secp256k1_musig.h @@ -0,0 +1,588 @@ +#ifndef SECP256K1_MUSIG_H +#define SECP256K1_MUSIG_H + +#include "secp256k1_extrakeys.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#include <stddef.h> +#include <stdint.h> + +/** This module implements BIP 327 "MuSig2 for BIP340-compatible + * Multi-Signatures" + * (https://github.com/bitcoin/bips/blob/master/bip-0327.mediawiki) + * v1.0.0. You can find an example demonstrating the musig module in + * examples/musig.c. + * + * The module also supports BIP 341 ("Taproot") public key tweaking. + * + * It is recommended to read the documentation in this include file carefully. + * Further notes on API usage can be found in doc/musig.md + * + * Since the first version of MuSig is essentially replaced by MuSig2, we use + * MuSig, musig and MuSig2 synonymously unless noted otherwise. + */ + +/** Opaque data structures + * + * The exact representation of data inside the opaque data structures is + * implementation defined and not guaranteed to be portable between different + * platforms or versions. With the exception of `secp256k1_musig_secnonce`, the + * data structures can be safely copied/moved. If you need to convert to a + * format suitable for storage, transmission, or comparison, use the + * corresponding serialization and parsing functions. + */ + +/** Opaque data structure that caches information about public key aggregation. + * + * Guaranteed to be 197 bytes in size. No serialization and parsing functions + * (yet). + */ +typedef struct secp256k1_musig_keyagg_cache { + unsigned char data[197]; +} secp256k1_musig_keyagg_cache; + +/** Opaque data structure that holds a signer's _secret_ nonce. + * + * Guaranteed to be 132 bytes in size. + * + * WARNING: This structure MUST NOT be copied or read or written to directly. A + * signer who is online throughout the whole process and can keep this + * structure in memory can use the provided API functions for a safe standard + * workflow. + * + * Copying this data structure can result in nonce reuse which will leak the + * secret signing key. + */ +typedef struct secp256k1_musig_secnonce { + unsigned char data[132]; +} secp256k1_musig_secnonce; + +/** Opaque data structure that holds a signer's public nonce. + * + * Guaranteed to be 132 bytes in size. Serialized and parsed with + * `musig_pubnonce_serialize` and `musig_pubnonce_parse`. + */ +typedef struct secp256k1_musig_pubnonce { + unsigned char data[132]; +} secp256k1_musig_pubnonce; + +/** Opaque data structure that holds an aggregate public nonce. + * + * Guaranteed to be 132 bytes in size. Serialized and parsed with + * `musig_aggnonce_serialize` and `musig_aggnonce_parse`. + */ +typedef struct secp256k1_musig_aggnonce { + unsigned char data[132]; +} secp256k1_musig_aggnonce; + +/** Opaque data structure that holds a MuSig session. + * + * This structure is not required to be kept secret for the signing protocol to + * be secure. Guaranteed to be 133 bytes in size. No serialization and parsing + * functions (yet). + */ +typedef struct secp256k1_musig_session { + unsigned char data[133]; +} secp256k1_musig_session; + +/** Opaque data structure that holds a partial MuSig signature. + * + * Guaranteed to be 36 bytes in size. Serialized and parsed with + * `musig_partial_sig_serialize` and `musig_partial_sig_parse`. + */ +typedef struct secp256k1_musig_partial_sig { + unsigned char data[36]; +} secp256k1_musig_partial_sig; + +/** Parse a signer's public nonce. + * + * Returns: 1 when the nonce could be parsed, 0 otherwise. + * Args: ctx: pointer to a context object + * Out: nonce: pointer to a nonce object + * In: in66: pointer to the 66-byte nonce to be parsed + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubnonce_parse( + const secp256k1_context *ctx, + secp256k1_musig_pubnonce *nonce, + const unsigned char *in66 +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Serialize a signer's public nonce + * + * Returns: 1 always + * Args: ctx: pointer to a context object + * Out: out66: pointer to a 66-byte array to store the serialized nonce + * In: nonce: pointer to the nonce + */ +SECP256K1_API int secp256k1_musig_pubnonce_serialize( + const secp256k1_context *ctx, + unsigned char *out66, + const secp256k1_musig_pubnonce *nonce +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Parse an aggregate public nonce. + * + * Returns: 1 when the nonce could be parsed, 0 otherwise. + * Args: ctx: pointer to a context object + * Out: nonce: pointer to a nonce object + * In: in66: pointer to the 66-byte nonce to be parsed + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_aggnonce_parse( + const secp256k1_context *ctx, + secp256k1_musig_aggnonce *nonce, + const unsigned char *in66 +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Serialize an aggregate public nonce + * + * Returns: 1 always + * Args: ctx: pointer to a context object + * Out: out66: pointer to a 66-byte array to store the serialized nonce + * In: nonce: pointer to the nonce + */ +SECP256K1_API int secp256k1_musig_aggnonce_serialize( + const secp256k1_context *ctx, + unsigned char *out66, + const secp256k1_musig_aggnonce *nonce +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Parse a MuSig partial signature. + * + * Returns: 1 when the signature could be parsed, 0 otherwise. + * Args: ctx: pointer to a context object + * Out: sig: pointer to a signature object + * In: in32: pointer to the 32-byte signature to be parsed + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_partial_sig_parse( + const secp256k1_context *ctx, + secp256k1_musig_partial_sig *sig, + const unsigned char *in32 +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Serialize a MuSig partial signature + * + * Returns: 1 always + * Args: ctx: pointer to a context object + * Out: out32: pointer to a 32-byte array to store the serialized signature + * In: sig: pointer to the signature + */ +SECP256K1_API int secp256k1_musig_partial_sig_serialize( + const secp256k1_context *ctx, + unsigned char *out32, + const secp256k1_musig_partial_sig *sig +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Computes an aggregate public key and uses it to initialize a keyagg_cache + * + * Different orders of `pubkeys` result in different `agg_pk`s. + * + * Before aggregating, the pubkeys can be sorted with `secp256k1_ec_pubkey_sort` + * which ensures the same `agg_pk` result for the same multiset of pubkeys. + * This is useful to do before `pubkey_agg`, such that the order of pubkeys + * does not affect the aggregate public key. + * + * Returns: 0 if the arguments are invalid, 1 otherwise + * Args: ctx: pointer to a context object + * Out: agg_pk: the MuSig-aggregated x-only public key. If you do not need it, + * this arg can be NULL. + * keyagg_cache: if non-NULL, pointer to a musig_keyagg_cache struct that + * is required for signing (or observing the signing session + * and verifying partial signatures). + * In: pubkeys: input array of pointers to public keys to aggregate. The order + * is important; a different order will result in a different + * aggregate public key. + * n_pubkeys: length of pubkeys array. Must be greater than 0. + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_agg( + const secp256k1_context *ctx, + secp256k1_xonly_pubkey *agg_pk, + secp256k1_musig_keyagg_cache *keyagg_cache, + const secp256k1_pubkey * const *pubkeys, + size_t n_pubkeys +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(4); + +/** Obtain the aggregate public key from a keyagg_cache. + * + * This is only useful if you need the non-xonly public key, in particular for + * plain (non-xonly) tweaking or batch-verifying multiple key aggregations + * (not implemented). + * + * Returns: 0 if the arguments are invalid, 1 otherwise + * Args: ctx: pointer to a context object + * Out: agg_pk: the MuSig-aggregated public key. + * In: keyagg_cache: pointer to a `musig_keyagg_cache` struct initialized by + * `musig_pubkey_agg` + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_get( + const secp256k1_context *ctx, + secp256k1_pubkey *agg_pk, + const secp256k1_musig_keyagg_cache *keyagg_cache +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Apply plain "EC" tweaking to a public key in a given keyagg_cache by adding + * the generator multiplied with `tweak32` to it. This is useful for deriving + * child keys from an aggregate public key via BIP 32 where `tweak32` is set to + * a hash as defined in BIP 32. + * + * Callers are responsible for deriving `tweak32` in a way that does not reduce + * the security of MuSig (for example, by following BIP 32). + * + * The tweaking method is the same as `secp256k1_ec_pubkey_tweak_add`. So after + * the following pseudocode buf and buf2 have identical contents (absent + * earlier failures). + * + * secp256k1_musig_pubkey_agg(..., keyagg_cache, pubkeys, ...) + * secp256k1_musig_pubkey_get(..., agg_pk, keyagg_cache) + * secp256k1_musig_pubkey_ec_tweak_add(..., output_pk, tweak32, keyagg_cache) + * secp256k1_ec_pubkey_serialize(..., buf, ..., output_pk, ...) + * secp256k1_ec_pubkey_tweak_add(..., agg_pk, tweak32) + * secp256k1_ec_pubkey_serialize(..., buf2, ..., agg_pk, ...) + * + * This function is required if you want to _sign_ for a tweaked aggregate key. + * If you are only computing a public key but not intending to create a + * signature for it, use `secp256k1_ec_pubkey_tweak_add` instead. + * + * Returns: 0 if the arguments are invalid, 1 otherwise + * Args: ctx: pointer to a context object + * Out: output_pubkey: pointer to a public key to store the result. Will be set + * to an invalid value if this function returns 0. If you + * do not need it, this arg can be NULL. + * In/Out: keyagg_cache: pointer to a `musig_keyagg_cache` struct initialized by + * `musig_pubkey_agg` + * In: tweak32: pointer to a 32-byte tweak. The tweak is valid if it passes + * `secp256k1_ec_seckey_verify` and is not equal to the + * secret key corresponding to the public key represented + * by keyagg_cache or its negation. For uniformly random + * 32-byte arrays the chance of being invalid is + * negligible (around 1 in 2^128). + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_ec_tweak_add( + const secp256k1_context *ctx, + secp256k1_pubkey *output_pubkey, + secp256k1_musig_keyagg_cache *keyagg_cache, + const unsigned char *tweak32 +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +/** Apply x-only tweaking to a public key in a given keyagg_cache by adding the + * generator multiplied with `tweak32` to it. This is useful for creating + * Taproot outputs where `tweak32` is set to a TapTweak hash as defined in BIP + * 341. + * + * Callers are responsible for deriving `tweak32` in a way that does not reduce + * the security of MuSig (for example, by following Taproot BIP 341). + * + * The tweaking method is the same as `secp256k1_xonly_pubkey_tweak_add`. So in + * the following pseudocode xonly_pubkey_tweak_add_check (absent earlier + * failures) returns 1. + * + * secp256k1_musig_pubkey_agg(..., agg_pk, keyagg_cache, pubkeys, ...) + * secp256k1_musig_pubkey_xonly_tweak_add(..., output_pk, keyagg_cache, tweak32) + * secp256k1_xonly_pubkey_serialize(..., buf, output_pk) + * secp256k1_xonly_pubkey_tweak_add_check(..., buf, ..., agg_pk, tweak32) + * + * This function is required if you want to _sign_ for a tweaked aggregate key. + * If you are only computing a public key but not intending to create a + * signature for it, use `secp256k1_xonly_pubkey_tweak_add` instead. + * + * Returns: 0 if the arguments are invalid, 1 otherwise + * Args: ctx: pointer to a context object + * Out: output_pubkey: pointer to a public key to store the result. Will be set + * to an invalid value if this function returns 0. If you + * do not need it, this arg can be NULL. + * In/Out: keyagg_cache: pointer to a `musig_keyagg_cache` struct initialized by + * `musig_pubkey_agg` + * In: tweak32: pointer to a 32-byte tweak. The tweak is valid if it passes + * `secp256k1_ec_seckey_verify` and is not equal to the + * secret key corresponding to the public key represented + * by keyagg_cache or its negation. For uniformly random + * 32-byte arrays the chance of being invalid is + * negligible (around 1 in 2^128). + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_xonly_tweak_add( + const secp256k1_context *ctx, + secp256k1_pubkey *output_pubkey, + secp256k1_musig_keyagg_cache *keyagg_cache, + const unsigned char *tweak32 +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +/** Starts a signing session by generating a nonce + * + * This function outputs a secret nonce that will be required for signing and a + * corresponding public nonce that is intended to be sent to other signers. + * + * MuSig differs from regular Schnorr signing in that implementers _must_ take + * special care to not reuse a nonce. This can be ensured by following these rules: + * + * 1. Each call to this function must have a UNIQUE session_secrand32 that must + * NOT BE REUSED in subsequent calls to this function and must be KEPT + * SECRET (even from other signers). + * 2. If you already know the seckey, message or aggregate public key + * cache, they can be optionally provided to derive the nonce and increase + * misuse-resistance. The extra_input32 argument can be used to provide + * additional data that does not repeat in normal scenarios, such as the + * current time. + * 3. Avoid copying (or serializing) the secnonce. This reduces the possibility + * that it is used more than once for signing. + * + * If you don't have access to good randomness for session_secrand32, but you + * have access to a non-repeating counter, then see + * secp256k1_musig_nonce_gen_counter. + * + * Remember that nonce reuse will leak the secret key! + * Note that using the same seckey for multiple MuSig sessions is fine. + * + * Returns: 0 if the arguments are invalid and 1 otherwise + * Args: ctx: pointer to a context object (not secp256k1_context_static) + * Out: secnonce: pointer to a structure to store the secret nonce + * pubnonce: pointer to a structure to store the public nonce + * In/Out: + * session_secrand32: a 32-byte session_secrand32 as explained above. Must be unique to this + * call to secp256k1_musig_nonce_gen and must be uniformly + * random. If the function call is successful, the + * session_secrand32 buffer is invalidated to prevent reuse. + * In: + * seckey: the 32-byte secret key that will later be used for signing, if + * already known (can be NULL) + * pubkey: public key of the signer creating the nonce. The secnonce + * output of this function cannot be used to sign for any + * other public key. While the public key should correspond + * to the provided seckey, a mismatch will not cause the + * function to return 0. + * msg32: the 32-byte message that will later be signed, if already known + * (can be NULL) + * keyagg_cache: pointer to the keyagg_cache that was used to create the aggregate + * (and potentially tweaked) public key if already known + * (can be NULL) + * extra_input32: an optional 32-byte array that is input to the nonce + * derivation function (can be NULL) + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_nonce_gen( + const secp256k1_context *ctx, + secp256k1_musig_secnonce *secnonce, + secp256k1_musig_pubnonce *pubnonce, + unsigned char *session_secrand32, + const unsigned char *seckey, + const secp256k1_pubkey *pubkey, + const unsigned char *msg32, + const secp256k1_musig_keyagg_cache *keyagg_cache, + const unsigned char *extra_input32 +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(6); + + +/** Alternative way to generate a nonce and start a signing session + * + * This function outputs a secret nonce that will be required for signing and a + * corresponding public nonce that is intended to be sent to other signers. + * + * This function differs from `secp256k1_musig_nonce_gen` by accepting a + * non-repeating counter value instead of a secret random value. This requires + * that a secret key is provided to `secp256k1_musig_nonce_gen_counter` + * (through the keypair argument), as opposed to `secp256k1_musig_nonce_gen` + * where the seckey argument is optional. + * + * MuSig differs from regular Schnorr signing in that implementers _must_ take + * special care to not reuse a nonce. This can be ensured by following these rules: + * + * 1. The nonrepeating_cnt argument must be a counter value that never repeats, + * i.e., you must never call `secp256k1_musig_nonce_gen_counter` twice with + * the same keypair and nonrepeating_cnt value. For example, this implies + * that if the same keypair is used with `secp256k1_musig_nonce_gen_counter` + * on multiple devices, none of the devices should have the same counter + * value as any other device. + * 2. If the seckey, message or aggregate public key cache is already available + * at this stage, any of these can be optionally provided, in which case + * they will be used in the derivation of the nonce and increase + * misuse-resistance. The extra_input32 argument can be used to provide + * additional data that does not repeat in normal scenarios, such as the + * current time. + * 3. Avoid copying (or serializing) the secnonce. This reduces the possibility + * that it is used more than once for signing. + * + * Remember that nonce reuse will leak the secret key! + * Note that using the same keypair for multiple MuSig sessions is fine. + * + * Returns: 0 if the arguments are invalid and 1 otherwise + * Args: ctx: pointer to a context object (not secp256k1_context_static) + * Out: secnonce: pointer to a structure to store the secret nonce + * pubnonce: pointer to a structure to store the public nonce + * In: + * nonrepeating_cnt: the value of a counter as explained above. Must be + * unique to this call to secp256k1_musig_nonce_gen. + * keypair: keypair of the signer creating the nonce. The secnonce + * output of this function cannot be used to sign for any + * other keypair. + * msg32: the 32-byte message that will later be signed, if already known + * (can be NULL) + * keyagg_cache: pointer to the keyagg_cache that was used to create the aggregate + * (and potentially tweaked) public key if already known + * (can be NULL) + * extra_input32: an optional 32-byte array that is input to the nonce + * derivation function (can be NULL) + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_nonce_gen_counter( + const secp256k1_context *ctx, + secp256k1_musig_secnonce *secnonce, + secp256k1_musig_pubnonce *pubnonce, + uint64_t nonrepeating_cnt, + const secp256k1_keypair *keypair, + const unsigned char *msg32, + const secp256k1_musig_keyagg_cache *keyagg_cache, + const unsigned char *extra_input32 +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(5); + +/** Aggregates the nonces of all signers into a single nonce + * + * This can be done by an untrusted party to reduce the communication + * between signers. Instead of everyone sending nonces to everyone else, there + * can be one party receiving all nonces, aggregating the nonces with this + * function and then sending only the aggregate nonce back to the signers. + * + * If the aggregator does not compute the aggregate nonce correctly, the final + * signature will be invalid. + * + * Returns: 0 if the arguments are invalid, 1 otherwise + * Args: ctx: pointer to a context object + * Out: aggnonce: pointer to an aggregate public nonce object for + * musig_nonce_process + * In: pubnonces: array of pointers to public nonces sent by the + * signers + * n_pubnonces: number of elements in the pubnonces array. Must be + * greater than 0. + */ +SECP256K1_API int secp256k1_musig_nonce_agg( + const secp256k1_context *ctx, + secp256k1_musig_aggnonce *aggnonce, + const secp256k1_musig_pubnonce * const *pubnonces, + size_t n_pubnonces +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Takes the aggregate nonce and creates a session that is required for signing + * and verification of partial signatures. + * + * Returns: 0 if the arguments are invalid, 1 otherwise + * Args: ctx: pointer to a context object + * Out: session: pointer to a struct to store the session + * In: aggnonce: pointer to an aggregate public nonce object that is the + * output of musig_nonce_agg + * msg32: the 32-byte message to sign + * keyagg_cache: pointer to the keyagg_cache that was used to create the + * aggregate (and potentially tweaked) pubkey + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_nonce_process( + const secp256k1_context *ctx, + secp256k1_musig_session *session, + const secp256k1_musig_aggnonce *aggnonce, + const unsigned char *msg32, + const secp256k1_musig_keyagg_cache *keyagg_cache +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5); + +/** Produces a partial signature + * + * This function overwrites the given secnonce with zeros and will abort if given a + * secnonce that is all zeros. This is a best effort attempt to protect against nonce + * reuse. However, this is of course easily defeated if the secnonce has been + * copied (or serialized). Remember that nonce reuse will leak the secret key! + * + * For signing to succeed, the secnonce provided to this function must have + * been generated for the provided keypair. This means that when signing for a + * keypair consisting of a seckey and pubkey, the secnonce must have been + * created by calling musig_nonce_gen with that pubkey. Otherwise, the + * illegal_callback is called. + * + * This function does not verify the output partial signature, deviating from + * the BIP 327 specification. It is recommended to verify the output partial + * signature with `secp256k1_musig_partial_sig_verify` to prevent random or + * adversarially provoked computation errors. + * + * Returns: 0 if the arguments are invalid or the provided secnonce has already + * been used for signing, 1 otherwise + * Args: ctx: pointer to a context object + * Out: partial_sig: pointer to struct to store the partial signature + * In/Out: secnonce: pointer to the secnonce struct created in + * musig_nonce_gen that has been never used in a + * partial_sign call before and has been created for the + * keypair + * In: keypair: pointer to keypair to sign the message with + * keyagg_cache: pointer to the keyagg_cache that was output when the + * aggregate public key for this session + * session: pointer to the session that was created with + * musig_nonce_process + */ +SECP256K1_API int secp256k1_musig_partial_sign( + const secp256k1_context *ctx, + secp256k1_musig_partial_sig *partial_sig, + secp256k1_musig_secnonce *secnonce, + const secp256k1_keypair *keypair, + const secp256k1_musig_keyagg_cache *keyagg_cache, + const secp256k1_musig_session *session +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(6); + +/** Verifies an individual signer's partial signature + * + * The signature is verified for a specific signing session. In order to avoid + * accidentally verifying a signature from a different or non-existing signing + * session, you must ensure the following: + * 1. The `keyagg_cache` argument is identical to the one used to create the + * `session` with `musig_nonce_process`. + * 2. The `pubkey` argument must be identical to the one sent by the signer + * before aggregating it with `musig_pubkey_agg` to create the + * `keyagg_cache`. + * 3. The `pubnonce` argument must be identical to the one sent by the signer + * before aggregating it with `musig_nonce_agg` and using the result to + * create the `session` with `musig_nonce_process`. + * + * It is not required to call this function in regular MuSig sessions, because + * if any partial signature does not verify, the final signature will not + * verify either, so the problem will be caught. However, this function + * provides the ability to identify which specific partial signature fails + * verification. + * + * Returns: 0 if the arguments are invalid or the partial signature does not + * verify, 1 otherwise + * Args ctx: pointer to a context object + * In: partial_sig: pointer to partial signature to verify, sent by + * the signer associated with `pubnonce` and `pubkey` + * pubnonce: public nonce of the signer in the signing session + * pubkey: public key of the signer in the signing session + * keyagg_cache: pointer to the keyagg_cache that was output when the + * aggregate public key for this signing session + * session: pointer to the session that was created with + * `musig_nonce_process` + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_partial_sig_verify( + const secp256k1_context *ctx, + const secp256k1_musig_partial_sig *partial_sig, + const secp256k1_musig_pubnonce *pubnonce, + const secp256k1_pubkey *pubkey, + const secp256k1_musig_keyagg_cache *keyagg_cache, + const secp256k1_musig_session *session +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(6); + +/** Aggregates partial signatures + * + * Returns: 0 if the arguments are invalid, 1 otherwise (which does NOT mean + * the resulting signature verifies). + * Args: ctx: pointer to a context object + * Out: sig64: complete (but possibly invalid) Schnorr signature + * In: session: pointer to the session that was created with + * musig_nonce_process + * partial_sigs: array of pointers to partial signatures to aggregate + * n_sigs: number of elements in the partial_sigs array. Must be + * greater than 0. + */ +SECP256K1_API int secp256k1_musig_partial_sig_agg( + const secp256k1_context *ctx, + unsigned char *sig64, + const secp256k1_musig_session *session, + const secp256k1_musig_partial_sig * const *partial_sigs, + size_t n_sigs +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/vendor/secp256k1/include/secp256k1/secp256k1_recovery.h b/vendor/secp256k1/include/secp256k1/secp256k1_recovery.h index 341b8ba..93a2e4c 100644 --- a/vendor/secp256k1/include/secp256k1/secp256k1_recovery.h +++ b/vendor/secp256k1/include/secp256k1/secp256k1_recovery.h @@ -7,7 +7,7 @@ extern "C" { #endif -/** Opaque data structured that holds a parsed ECDSA signature, +/** Opaque data structure that holds a parsed ECDSA signature, * supporting pubkey recovery. * * The exact representation of data inside is implementation defined and not @@ -21,7 +21,7 @@ extern "C" { * recoverability) will have identical representation, so they can be * memcmp'ed. */ -typedef struct { +typedef struct secp256k1_ecdsa_recoverable_signature { unsigned char data[65]; } secp256k1_ecdsa_recoverable_signature; diff --git a/vendor/secp256k1/include/secp256k1/secp256k1_schnorrsig.h b/vendor/secp256k1/include/secp256k1/secp256k1_schnorrsig.h index 23163de..013d4ee 100644 --- a/vendor/secp256k1/include/secp256k1/secp256k1_schnorrsig.h +++ b/vendor/secp256k1/include/secp256k1/secp256k1_schnorrsig.h @@ -79,7 +79,7 @@ SECP256K1_API const secp256k1_nonce_function_hardened secp256k1_nonce_function_b * secp256k1_nonce_function_bip340 is used, then ndata must be a * pointer to 32-byte auxiliary randomness as per BIP-340. */ -typedef struct { +typedef struct secp256k1_schnorrsig_extraparams { unsigned char magic[4]; secp256k1_nonce_function_hardened noncefp; void *ndata; |