aboutsummaryrefslogtreecommitdiff
path: root/vendor
diff options
context:
space:
mode:
Diffstat (limited to 'vendor')
-rw-r--r--vendor/mbedtls/include/mbedtls/bignum.h2
-rw-r--r--vendor/mbedtls/include/mbedtls/build_info.h8
-rw-r--r--vendor/mbedtls/include/mbedtls/check_config.h48
-rw-r--r--vendor/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h2
-rw-r--r--vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h10
-rw-r--r--vendor/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h10
-rw-r--r--vendor/mbedtls/include/mbedtls/config_psa.h4
-rw-r--r--vendor/mbedtls/include/mbedtls/ctr_drbg.h33
-rw-r--r--vendor/mbedtls/include/mbedtls/ecdh.h2
-rw-r--r--vendor/mbedtls/include/mbedtls/ecp.h2
-rw-r--r--vendor/mbedtls/include/mbedtls/mbedtls_config.h204
-rw-r--r--vendor/mbedtls/include/mbedtls/ssl.h97
-rw-r--r--vendor/openssl/include/openssl/cmp.h.in57
-rw-r--r--vendor/openssl/include/openssl/cmperr.h6
-rw-r--r--vendor/openssl/include/openssl/core_dispatch.h54
-rw-r--r--vendor/openssl/include/openssl/crmf.h.in9
-rw-r--r--vendor/openssl/include/openssl/crypto.h.in21
-rw-r--r--vendor/openssl/include/openssl/cryptoerr.h3
-rw-r--r--vendor/openssl/include/openssl/e_os2.h3
-rw-r--r--vendor/openssl/include/openssl/evp.h108
-rw-r--r--vendor/openssl/include/openssl/evperr.h5
-rw-r--r--vendor/openssl/include/openssl/fips_names.h51
-rw-r--r--vendor/openssl/include/openssl/fipskey.h.in7
-rw-r--r--vendor/openssl/include/openssl/http.h7
-rw-r--r--vendor/openssl/include/openssl/macros.h14
-rw-r--r--vendor/openssl/include/openssl/obj_mac.h20
-rw-r--r--vendor/openssl/include/openssl/objects.h3
-rw-r--r--vendor/openssl/include/openssl/pem.h3
-rw-r--r--vendor/openssl/include/openssl/pkcs12.h.in5
-rw-r--r--vendor/openssl/include/openssl/proverr.h11
-rw-r--r--vendor/openssl/include/openssl/self_test.h2
-rw-r--r--vendor/openssl/include/openssl/ssl.h.in19
-rw-r--r--vendor/openssl/include/openssl/sslerr.h2
-rw-r--r--vendor/openssl/include/openssl/tls1.h12
-rw-r--r--vendor/openssl/include/openssl/ts.h19
-rw-r--r--vendor/openssl/include/openssl/types.h8
-rw-r--r--vendor/openssl/include/openssl/x509.h.in50
-rw-r--r--vendor/openssl/include/openssl/x509_acert.h.in2
-rw-r--r--vendor/openssl/include/openssl/x509err.h3
-rw-r--r--vendor/openssl/include/openssl/x509v3.h.in42
-rw-r--r--vendor/secp256k1/include/secp256k1/secp256k1.h62
-rw-r--r--vendor/secp256k1/include/secp256k1/secp256k1_ellswift.h2
-rw-r--r--vendor/secp256k1/include/secp256k1/secp256k1_extrakeys.h13
-rw-r--r--vendor/secp256k1/include/secp256k1/secp256k1_musig.h588
-rw-r--r--vendor/secp256k1/include/secp256k1/secp256k1_recovery.h4
-rw-r--r--vendor/secp256k1/include/secp256k1/secp256k1_schnorrsig.h2
46 files changed, 1400 insertions, 239 deletions
diff --git a/vendor/mbedtls/include/mbedtls/bignum.h b/vendor/mbedtls/include/mbedtls/bignum.h
index 71d7b97..8367cd3 100644
--- a/vendor/mbedtls/include/mbedtls/bignum.h
+++ b/vendor/mbedtls/include/mbedtls/bignum.h
@@ -880,7 +880,7 @@ int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A,
mbedtls_mpi_sint b);
/**
- * \brief Perform a sliding-window exponentiation: X = A^E mod N
+ * \brief Perform a modular exponentiation: X = A^E mod N
*
* \param X The destination MPI. This must point to an initialized MPI.
* This must not alias E or N.
diff --git a/vendor/mbedtls/include/mbedtls/build_info.h b/vendor/mbedtls/include/mbedtls/build_info.h
index cf38f90..d91d296 100644
--- a/vendor/mbedtls/include/mbedtls/build_info.h
+++ b/vendor/mbedtls/include/mbedtls/build_info.h
@@ -26,16 +26,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 3
#define MBEDTLS_VERSION_MINOR 6
-#define MBEDTLS_VERSION_PATCH 0
+#define MBEDTLS_VERSION_PATCH 2
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x03060000
-#define MBEDTLS_VERSION_STRING "3.6.0"
-#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.6.0"
+#define MBEDTLS_VERSION_NUMBER 0x03060200
+#define MBEDTLS_VERSION_STRING "3.6.2"
+#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.6.2"
/* Macros for build-time platform detection */
diff --git a/vendor/mbedtls/include/mbedtls/check_config.h b/vendor/mbedtls/include/mbedtls/check_config.h
index 2673229..67a05f8 100644
--- a/vendor/mbedtls/include/mbedtls/check_config.h
+++ b/vendor/mbedtls/include/mbedtls/check_config.h
@@ -189,7 +189,9 @@
defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \
defined(MBEDTLS_ECDSA_SIGN_ALT) || \
defined(MBEDTLS_ECDSA_VERIFY_ALT) || \
- defined(MBEDTLS_ECDSA_GENKEY_ALT) )
+ defined(MBEDTLS_ECDSA_GENKEY_ALT) || \
+ defined(MBEDTLS_ECP_INTERNAL_ALT) || \
+ defined(MBEDTLS_ECP_ALT) )
#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation"
#endif
@@ -267,6 +269,42 @@
#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
+#error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
+#error "MBEDTLS_ECP_ADD_MIXED_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
+#error "MBEDTLS_ECP_DOUBLE_JAC_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
+#error "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
+#error "MBEDTLS_ECP_NORMALIZE_JAC_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
+#error "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
+#error "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
+#error "MBEDTLS_ECP_NORMALIZE_MXZ_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_NO_FALLBACK) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
+#error "MBEDTLS_ECP_NO_FALLBACK defined, but no alternative implementation enabled"
+#endif
+
#if defined(MBEDTLS_HKDF_C) && !defined(MBEDTLS_MD_C)
#error "MBEDTLS_HKDF_C defined, but not all prerequisites"
#endif
@@ -730,8 +768,8 @@
#if !defined(MBEDTLS_SHA512_C)
#error "MBEDTLS_SHA512_USE_A64_CRYPTO_* defined without MBEDTLS_SHA512_C"
#endif
-#if defined(MBEDTLS_SHA512_PROCESS_ALT)
-#error "MBEDTLS_SHA512_PROCESS_ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*"
+#if defined(MBEDTLS_SHA512_ALT) || defined(MBEDTLS_SHA512_PROCESS_ALT)
+#error "MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*"
#endif
#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
@@ -750,8 +788,8 @@
#if !defined(MBEDTLS_SHA256_C)
#error "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_* defined without MBEDTLS_SHA256_C"
#endif
-#if defined(MBEDTLS_SHA256_PROCESS_ALT)
-#error "MBEDTLS_SHA256_PROCESS_ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*"
+#if defined(MBEDTLS_SHA256_ALT) || defined(MBEDTLS_SHA256_PROCESS_ALT)
+#error "MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*"
#endif
#endif
diff --git a/vendor/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h b/vendor/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h
index 7a375d8..3ba987e 100644
--- a/vendor/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h
+++ b/vendor/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h
@@ -428,7 +428,7 @@
/* psa_util file features some ECDSA conversion functions, to convert between
* legacy's ASN.1 DER format and PSA's raw one. */
-#if defined(MBEDTLS_ECDSA_C) || (defined(MBEDTLS_PSA_CRYPTO_C) && \
+#if (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
(defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)))
#define MBEDTLS_PSA_UTIL_HAVE_ECDSA
#endif
diff --git a/vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h b/vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h
index 0e4759d..04bdae6 100644
--- a/vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h
+++ b/vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h
@@ -2,6 +2,8 @@
* \file mbedtls/config_adjust_legacy_from_psa.h
* \brief Adjust PSA configuration: activate legacy implementations
*
+ * This is an internal header. Do not include it directly.
+ *
* When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, activate legacy implementations
* of cryptographic mechanisms as needed to fulfill the needs of the PSA
* configuration. Generally speaking, we activate a legacy mechanism if
@@ -16,6 +18,14 @@
#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H
#define MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H
+#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
+ "up to and including runtime errors such as buffer overflows. " \
+ "If you're trying to fix a complaint from check_config.h, just remove " \
+ "it from your configuration file: since Mbed TLS 3.0, it is included " \
+ "automatically at the right point."
+#endif /* */
+
/* Define appropriate ACCEL macros for the p256-m driver.
* In the future, those should be generated from the drivers JSON description.
*/
diff --git a/vendor/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h b/vendor/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h
index 3a55c3f..ef65cce 100644
--- a/vendor/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h
+++ b/vendor/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h
@@ -2,6 +2,8 @@
* \file mbedtls/config_adjust_psa_superset_legacy.h
* \brief Adjust PSA configuration: automatic enablement from legacy
*
+ * This is an internal header. Do not include it directly.
+ *
* To simplify some edge cases, we automatically enable certain cryptographic
* mechanisms in the PSA API if they are enabled in the legacy API. The general
* idea is that if legacy module M uses mechanism A internally, and A has
@@ -17,6 +19,14 @@
#ifndef MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H
#define MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H
+#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
+ "up to and including runtime errors such as buffer overflows. " \
+ "If you're trying to fix a complaint from check_config.h, just remove " \
+ "it from your configuration file: since Mbed TLS 3.0, it is included " \
+ "automatically at the right point."
+#endif /* */
+
/****************************************************************/
/* Hashes that are built in are also enabled in PSA.
* This simplifies dependency declarations especially
diff --git a/vendor/mbedtls/include/mbedtls/config_psa.h b/vendor/mbedtls/include/mbedtls/config_psa.h
index de961ec..5f3d0f3 100644
--- a/vendor/mbedtls/include/mbedtls/config_psa.h
+++ b/vendor/mbedtls/include/mbedtls/config_psa.h
@@ -34,7 +34,11 @@
* before we deduce what built-ins are required. */
#include "psa/crypto_adjust_config_key_pair_types.h"
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+/* If we are implementing PSA crypto ourselves, then we want to enable the
+ * required built-ins. Otherwise, PSA features will be provided by the server. */
#include "mbedtls/config_adjust_legacy_from_psa.h"
+#endif
#else /* MBEDTLS_PSA_CRYPTO_CONFIG */
diff --git a/vendor/mbedtls/include/mbedtls/ctr_drbg.h b/vendor/mbedtls/include/mbedtls/ctr_drbg.h
index c00756d..0b7cce1 100644
--- a/vendor/mbedtls/include/mbedtls/ctr_drbg.h
+++ b/vendor/mbedtls/include/mbedtls/ctr_drbg.h
@@ -32,12 +32,27 @@
#include "mbedtls/build_info.h"
-/* In case AES_C is defined then it is the primary option for backward
- * compatibility purposes. If that's not available, PSA is used instead */
-#if defined(MBEDTLS_AES_C)
-#include "mbedtls/aes.h"
-#else
+/* The CTR_DRBG implementation can either directly call the low-level AES
+ * module (gated by MBEDTLS_AES_C) or call the PSA API to perform AES
+ * operations. Calling the AES module directly is the default, both for
+ * maximum backward compatibility and because it's a bit more efficient
+ * (less glue code).
+ *
+ * When MBEDTLS_AES_C is disabled, the CTR_DRBG module calls PSA crypto and
+ * thus benefits from the PSA AES accelerator driver.
+ * It is technically possible to enable MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO
+ * to use PSA even when MBEDTLS_AES_C is enabled, but there is very little
+ * reason to do so other than testing purposes and this is not officially
+ * supported.
+ */
+#if !defined(MBEDTLS_AES_C)
+#define MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO
+#endif
+
+#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
#include "psa/crypto.h"
+#else
+#include "mbedtls/aes.h"
#endif
#include "entropy.h"
@@ -157,7 +172,7 @@ extern "C" {
#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2
#endif
-#if !defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
typedef struct mbedtls_ctr_drbg_psa_context {
mbedtls_svc_key_id_t key_id;
psa_cipher_operation_t operation;
@@ -189,10 +204,10 @@ typedef struct mbedtls_ctr_drbg_context {
* This is the maximum number of requests
* that can be made between reseedings. */
-#if defined(MBEDTLS_AES_C)
- mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */
-#else
+#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
mbedtls_ctr_drbg_psa_context MBEDTLS_PRIVATE(psa_ctx); /*!< The PSA context. */
+#else
+ mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */
#endif
/*
diff --git a/vendor/mbedtls/include/mbedtls/ecdh.h b/vendor/mbedtls/include/mbedtls/ecdh.h
index a0909d6..a6a5069 100644
--- a/vendor/mbedtls/include/mbedtls/ecdh.h
+++ b/vendor/mbedtls/include/mbedtls/ecdh.h
@@ -325,7 +325,7 @@ int mbedtls_ecdh_read_params(mbedtls_ecdh_context *ctx,
* \brief This function sets up an ECDH context from an EC key.
*
* It is used by clients and servers in place of the
- * ServerKeyEchange for static ECDH, and imports ECDH
+ * ServerKeyExchange for static ECDH, and imports ECDH
* parameters from the EC key information of a certificate.
*
* \see ecp.h
diff --git a/vendor/mbedtls/include/mbedtls/ecp.h b/vendor/mbedtls/include/mbedtls/ecp.h
index d8f73ae..623910b 100644
--- a/vendor/mbedtls/include/mbedtls/ecp.h
+++ b/vendor/mbedtls/include/mbedtls/ecp.h
@@ -216,7 +216,7 @@ mbedtls_ecp_point;
* range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer
* which is congruent mod \p P to the given MPI, and is close enough to \p pbits
* in size, so that it may be efficiently brought in the 0..P-1 range by a few
- * additions or subtractions. Therefore, it is only an approximative modular
+ * additions or subtractions. Therefore, it is only an approximate modular
* reduction. It must return 0 on success and non-zero on failure.
*
* \note Alternative implementations of the ECP module must obey the
diff --git a/vendor/mbedtls/include/mbedtls/mbedtls_config.h b/vendor/mbedtls/include/mbedtls/mbedtls_config.h
index 0f1b54e..bd3f71d 100644
--- a/vendor/mbedtls/include/mbedtls/mbedtls_config.h
+++ b/vendor/mbedtls/include/mbedtls/mbedtls_config.h
@@ -40,10 +40,12 @@
* library/aria.c
* library/bn_mul.h
* library/constant_time.c
+ * library/padlock.h
*
* Required by:
* MBEDTLS_AESCE_C
* MBEDTLS_AESNI_C (on some platforms)
+ * MBEDTLS_PADLOCK_C
*
* Comment to disable the use of assembly code.
*/
@@ -351,6 +353,62 @@
//#define MBEDTLS_TIMING_ALT
/**
+ * \def MBEDTLS_AES_ALT
+ *
+ * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let Mbed TLS use your
+ * alternate core implementation of a symmetric crypto, an arithmetic or hash
+ * module (e.g. platform specific assembly optimized implementations). Keep
+ * in mind that the function prototypes should remain the same.
+ *
+ * This replaces the whole module. If you only want to replace one of the
+ * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
+ *
+ * Example: In case you uncomment MBEDTLS_AES_ALT, Mbed TLS will no longer
+ * provide the "struct mbedtls_aes_context" definition and omit the base
+ * function declarations and implementations. "aes_alt.h" will be included from
+ * "aes.h" to include the new function definitions.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * module.
+ *
+ * \warning MD5, DES and SHA-1 are considered weak and their
+ * use constitutes a security risk. If possible, we recommend
+ * avoiding dependencies on them, and considering stronger message
+ * digests and ciphers instead.
+ *
+ */
+//#define MBEDTLS_AES_ALT
+//#define MBEDTLS_ARIA_ALT
+//#define MBEDTLS_CAMELLIA_ALT
+//#define MBEDTLS_CCM_ALT
+//#define MBEDTLS_CHACHA20_ALT
+//#define MBEDTLS_CHACHAPOLY_ALT
+//#define MBEDTLS_CMAC_ALT
+//#define MBEDTLS_DES_ALT
+//#define MBEDTLS_DHM_ALT
+//#define MBEDTLS_ECJPAKE_ALT
+//#define MBEDTLS_GCM_ALT
+//#define MBEDTLS_NIST_KW_ALT
+//#define MBEDTLS_MD5_ALT
+//#define MBEDTLS_POLY1305_ALT
+//#define MBEDTLS_RIPEMD160_ALT
+//#define MBEDTLS_RSA_ALT
+//#define MBEDTLS_SHA1_ALT
+//#define MBEDTLS_SHA256_ALT
+//#define MBEDTLS_SHA512_ALT
+
+/*
+ * When replacing the elliptic curve module, please consider, that it is
+ * implemented with two .c files:
+ * - ecp.c
+ * - ecp_curves.c
+ * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
+ * macros as described above. The only difference is that you have to make sure
+ * that you provide functionality for both .c files.
+ */
+//#define MBEDTLS_ECP_ALT
+
+/**
* \def MBEDTLS_SHA256_PROCESS_ALT
*
* MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use you
@@ -406,6 +464,71 @@
//#define MBEDTLS_ECDSA_GENKEY_ALT
/**
+ * \def MBEDTLS_ECP_INTERNAL_ALT
+ *
+ * Expose a part of the internal interface of the Elliptic Curve Point module.
+ *
+ * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use your
+ * alternative core implementation of elliptic curve arithmetic. Keep in mind
+ * that function prototypes should remain the same.
+ *
+ * This partially replaces one function. The header file from Mbed TLS is still
+ * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
+ * is still present and it is used for group structures not supported by the
+ * alternative.
+ *
+ * The original implementation can in addition be removed by setting the
+ * MBEDTLS_ECP_NO_FALLBACK option, in which case any function for which the
+ * corresponding MBEDTLS_ECP__FUNCTION_NAME__ALT macro is defined will not be
+ * able to fallback to curves not supported by the alternative implementation.
+ *
+ * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
+ * and implementing the following functions:
+ * unsigned char mbedtls_internal_ecp_grp_capable(
+ * const mbedtls_ecp_group *grp )
+ * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
+ * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp )
+ * The mbedtls_internal_ecp_grp_capable function should return 1 if the
+ * replacement functions implement arithmetic for the given group and 0
+ * otherwise.
+ * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are
+ * called before and after each point operation and provide an opportunity to
+ * implement optimized set up and tear down instructions.
+ *
+ * Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and
+ * MBEDTLS_ECP_DOUBLE_JAC_ALT, Mbed TLS will still provide the ecp_double_jac()
+ * function, but will use your mbedtls_internal_ecp_double_jac() if the group
+ * for the operation is supported by your implementation (i.e. your
+ * mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the
+ * group is not supported by your implementation, then the original Mbed TLS
+ * implementation of ecp_double_jac() is used instead, unless this fallback
+ * behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case
+ * ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE).
+ *
+ * The function prototypes and the definition of mbedtls_ecp_group and
+ * mbedtls_ecp_point will not change based on MBEDTLS_ECP_INTERNAL_ALT, so your
+ * implementation of mbedtls_internal_ecp__function_name__ must be compatible
+ * with their definitions.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * function.
+ */
+/* Required for all the functions in this section */
+//#define MBEDTLS_ECP_INTERNAL_ALT
+/* Turn off software fallback for curves not supported in hardware */
+//#define MBEDTLS_ECP_NO_FALLBACK
+/* Support for Weierstrass curves with Jacobi representation */
+//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
+//#define MBEDTLS_ECP_ADD_MIXED_ALT
+//#define MBEDTLS_ECP_DOUBLE_JAC_ALT
+//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
+//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
+/* Support for curves with Montgomery arithmetic */
+//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
+//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
+//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
+
+/**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
*
* Uncomment this macro to let Mbed TLS use your own implementation of a
@@ -707,7 +830,7 @@
*
* \note This option only works with the default software implementation of
* elliptic curve functionality. It is incompatible with
- * MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT.
+ * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT.
*
* Requires: MBEDTLS_ECP_C
*
@@ -1292,6 +1415,23 @@
//#define MBEDTLS_PSA_CRYPTO_SPM
/**
+ * \def MBEDTLS_PSA_KEY_STORE_DYNAMIC
+ *
+ * Dynamically resize the PSA key store to accommodate any number of
+ * volatile keys (until the heap memory is exhausted).
+ *
+ * If this option is disabled, the key store has a fixed size
+ * #MBEDTLS_PSA_KEY_SLOT_COUNT for volatile keys and loaded persistent keys
+ * together.
+ *
+ * This option has no effect when #MBEDTLS_PSA_CRYPTO_C is disabled.
+ *
+ * Module: library/psa_crypto.c
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ */
+#define MBEDTLS_PSA_KEY_STORE_DYNAMIC
+
+/**
* Uncomment to enable p256-m. This is an alternative implementation of
* key generation, ECDH and (randomized) ECDSA on the curve SECP256R1.
* Compared to the default implementation:
@@ -1658,8 +1798,9 @@
* Requires: MBEDTLS_PSA_CRYPTO_C
*
* \note TLS 1.3 uses PSA crypto for cryptographic operations that are
- * directly performed by TLS 1.3 code. As a consequence, you must
- * call psa_crypto_init() before the first TLS 1.3 handshake.
+ * directly performed by TLS 1.3 code. As a consequence, when TLS 1.3
+ * is enabled, a TLS handshake may call psa_crypto_init(), even
+ * if it ends up negotiating a different TLS version.
*
* \note Cryptographic operations performed indirectly via another module
* (X.509, PK) or by code shared with TLS 1.2 (record protection,
@@ -2483,6 +2624,11 @@
* Enable the CMAC (Cipher-based Message Authentication Code) mode for block
* ciphers.
*
+ * \note When #MBEDTLS_CMAC_ALT is active, meaning that the underlying
+ * implementation of the CMAC algorithm is provided by an alternate
+ * implementation, that alternate implementation may opt to not support
+ * AES-192 or 3DES as underlying block ciphers for the CMAC operation.
+ *
* Module: library/cmac.c
*
* Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_DES_C
@@ -2883,6 +3029,20 @@
#define MBEDTLS_OID_C
/**
+ * \def MBEDTLS_PADLOCK_C
+ *
+ * Enable VIA Padlock support on x86.
+ *
+ * Module: library/padlock.c
+ * Caller: library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM
+ *
+ * This modules adds support for the VIA PadLock on x86.
+ */
+#define MBEDTLS_PADLOCK_C
+
+/**
* \def MBEDTLS_PEM_PARSE_C
*
* Enable PEM decoding / parsing.
@@ -3874,22 +4034,38 @@
* Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
* PSA crypto subsystem.
*
- * If this option is unset:
- * - If CTR_DRBG is available, the PSA subsystem uses it rather than HMAC_DRBG.
- * - Otherwise, the PSA subsystem uses HMAC_DRBG with either
- * #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and
- * on unspecified heuristics.
+ * If this option is unset, the library chooses a hash (currently between
+ * #MBEDTLS_MD_SHA512 and #MBEDTLS_MD_SHA256) based on availability and
+ * unspecified heuristics.
+ *
+ * \note The PSA crypto subsystem uses the first available mechanism amongst
+ * the following:
+ * - #MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG if enabled;
+ * - Entropy from #MBEDTLS_ENTROPY_C plus CTR_DRBG with AES
+ * if #MBEDTLS_CTR_DRBG_C is enabled;
+ * - Entropy from #MBEDTLS_ENTROPY_C plus HMAC_DRBG.
+ *
+ * A future version may reevaluate the prioritization of DRBG mechanisms.
*/
//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
/** \def MBEDTLS_PSA_KEY_SLOT_COUNT
- * Restrict the PSA library to supporting a maximum amount of simultaneously
- * loaded keys. A loaded key is a key stored by the PSA Crypto core as a
- * volatile key, or a persistent key which is loaded temporarily by the
- * library as part of a crypto operation in flight.
*
- * If this option is unset, the library will fall back to a default value of
- * 32 keys.
+ * When #MBEDTLS_PSA_KEY_STORE_DYNAMIC is disabled,
+ * the maximum amount of PSA keys simultaneously in memory. This counts all
+ * volatile keys, plus loaded persistent keys.
+ *
+ * When #MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled,
+ * the maximum number of loaded persistent keys.
+ *
+ * Currently, persistent keys do not need to be loaded all the time while
+ * a multipart operation is in progress, only while the operation is being
+ * set up. This may change in future versions of the library.
+ *
+ * Currently, the library traverses of the whole table on each access to a
+ * persistent key. Therefore large values may cause poor performance.
+ *
+ * This option has no effect when #MBEDTLS_PSA_CRYPTO_C is disabled.
*/
//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
diff --git a/vendor/mbedtls/include/mbedtls/ssl.h b/vendor/mbedtls/include/mbedtls/ssl.h
index 5b22517..42fffbf 100644
--- a/vendor/mbedtls/include/mbedtls/ssl.h
+++ b/vendor/mbedtls/include/mbedtls/ssl.h
@@ -83,10 +83,7 @@
/** Processing of the Certificate handshake message failed. */
#define MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00
/* Error space gap */
-/**
- * Received NewSessionTicket Post Handshake Message.
- * This error code is experimental and may be changed or removed without notice.
- */
+/** A TLS 1.3 NewSessionTicket message has been received. */
#define MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET -0x7B00
/** Not possible to read early data */
#define MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA -0x7B80
@@ -324,6 +321,9 @@
#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0
#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1
+#define MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_DISABLED 0
+#define MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED 1
+
#define MBEDTLS_SSL_PRESET_DEFAULT 0
#define MBEDTLS_SSL_PRESET_SUITEB 2
@@ -643,8 +643,8 @@
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_SESSION_TICKETS) && \
- defined(PSA_WANT_KEY_TYPE_AES) && defined(PSA_WANT_ALG_GCM) && \
- defined(PSA_WANT_ALG_SHA_384)
+ defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_GCM) && \
+ defined(MBEDTLS_MD_CAN_SHA384)
#define MBEDTLS_PSK_MAX_LEN 48 /* 384 bits */
#else
#define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */
@@ -1153,10 +1153,10 @@ typedef void mbedtls_ssl_async_cancel_t(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
#define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN 48
-#if defined(PSA_WANT_ALG_SHA_256)
+#if defined(MBEDTLS_MD_CAN_SHA256)
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 32
-#elif defined(PSA_WANT_ALG_SHA_384)
+#elif defined(MBEDTLS_MD_CAN_SHA384)
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA384
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 48
#elif defined(MBEDTLS_MD_CAN_SHA1)
@@ -1446,6 +1446,12 @@ struct mbedtls_ssl_config {
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
defined(MBEDTLS_SSL_CLI_C)
+ /** Encodes two booleans, one stating whether TLS 1.2 session tickets are
+ * enabled or not, the other one whether the handling of TLS 1.3
+ * NewSessionTicket messages is enabled or not. They are respectively set
+ * by mbedtls_ssl_conf_session_tickets() and
+ * mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets().
+ */
uint8_t MBEDTLS_PRIVATE(session_tickets); /*!< use session tickets? */
#endif
@@ -4465,21 +4471,50 @@ int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_co
void mbedtls_ssl_conf_preference_order(mbedtls_ssl_config *conf, int order);
#endif /* MBEDTLS_SSL_SRV_C */
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
- defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
/**
- * \brief Enable / Disable session tickets (client only).
- * (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.)
+ * \brief Enable / Disable TLS 1.2 session tickets (client only,
+ * TLS 1.2 only). Enabled by default.
*
* \note On server, use \c mbedtls_ssl_conf_session_tickets_cb().
*
* \param conf SSL configuration
- * \param use_tickets Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or
- * MBEDTLS_SSL_SESSION_TICKETS_DISABLED)
+ * \param use_tickets Enable or disable (#MBEDTLS_SSL_SESSION_TICKETS_ENABLED or
+ * #MBEDTLS_SSL_SESSION_TICKETS_DISABLED)
*/
void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets);
-#endif /* MBEDTLS_SSL_SESSION_TICKETS &&
- MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+/**
+ * \brief Enable / Disable handling of TLS 1.3 NewSessionTicket messages
+ * (client only, TLS 1.3 only).
+ *
+ * The handling of TLS 1.3 NewSessionTicket messages is disabled by
+ * default.
+ *
+ * In TLS 1.3, servers may send a NewSessionTicket message at any time,
+ * and may send multiple NewSessionTicket messages. By default, TLS 1.3
+ * clients ignore NewSessionTicket messages.
+ *
+ * To support session tickets in TLS 1.3 clients, call this function
+ * with #MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED. When
+ * this is enabled, when a client receives a NewSessionTicket message,
+ * the next call to a message processing functions (notably
+ * mbedtls_ssl_handshake() and mbedtls_ssl_read()) will return
+ * #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET. The client should then
+ * call mbedtls_ssl_get_session() to retrieve the session ticket before
+ * calling the same message processing function again.
+ *
+ * \param conf SSL configuration
+ * \param signal_new_session_tickets Enable or disable
+ * (#MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED or
+ * #MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_DISABLED)
+ */
+void mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets(
+ mbedtls_ssl_config *conf, int signal_new_session_tickets);
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
defined(MBEDTLS_SSL_SRV_C) && \
@@ -4887,6 +4922,10 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
* \return #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use
* and the client did not demonstrate reachability yet - in
* this case you must stop using the context (see below).
+ * \return #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET if a TLS 1.3
+ * NewSessionTicket message has been received. See the
+ * documentation of mbedtls_ssl_read() for more information
+ * about this error code.
* \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as
* defined in RFC 8446 (TLS 1.3 specification), has been
* received as part of the handshake. This is server specific
@@ -4903,6 +4942,7 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
* #MBEDTLS_ERR_SSL_WANT_WRITE,
* #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
* #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or
+ * #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET or
* #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA,
* you must stop using the SSL context for reading or writing,
* and either free it or call \c mbedtls_ssl_session_reset()
@@ -4923,10 +4963,13 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
* currently being processed might or might not contain further
* DTLS records.
*
- * \note If the context is configured to allow TLS 1.3, or if
- * #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
+ * Otherwise, the handshake may call psa_crypto_init()
+ * if a negotiation involving TLS 1.3 takes place (this may
+ * be the case even if TLS 1.3 is offered but eventually
+ * not selected).
*/
int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl);
@@ -4974,6 +5017,7 @@ static inline int mbedtls_ssl_is_handshake_over(mbedtls_ssl_context *ssl)
* #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE,
* #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS,
* #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or
+ * #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET or
* #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, you must stop using
* the SSL context for reading or writing, and either free it
* or call \c mbedtls_ssl_session_reset() on it before
@@ -5042,6 +5086,17 @@ int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl);
* \return #MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server
* side of a DTLS connection and the client is initiating a
* new connection using the same source port. See below.
+ * \return #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET if a TLS 1.3
+ * NewSessionTicket message has been received.
+ * This error code is only returned on the client side. It is
+ * only returned if handling of TLS 1.3 NewSessionTicket
+ * messages has been enabled through
+ * mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets().
+ * This error code indicates that a TLS 1.3 NewSessionTicket
+ * message has been received and parsed successfully by the
+ * client. The ticket data can be retrieved from the SSL
+ * context by calling mbedtls_ssl_get_session(). It remains
+ * available until the next call to mbedtls_ssl_read().
* \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as
* defined in RFC 8446 (TLS 1.3 specification), has been
* received as part of the handshake. This is server specific
@@ -5059,6 +5114,7 @@ int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl);
* #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS,
* #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
* #MBEDTLS_ERR_SSL_CLIENT_RECONNECT or
+ * #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET or
* #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA,
* you must stop using the SSL context for reading or writing,
* and either free it or call \c mbedtls_ssl_session_reset()
@@ -5124,6 +5180,10 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len);
* operation is in progress (see mbedtls_ecp_set_max_ops()) -
* in this case you must call this function again to complete
* the handshake when you're done attending other tasks.
+ * \return #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET if a TLS 1.3
+ * NewSessionTicket message has been received. See the
+ * documentation of mbedtls_ssl_read() for more information
+ * about this error code.
* \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as
* defined in RFC 8446 (TLS 1.3 specification), has been
* received as part of the handshake. This is server specific
@@ -5140,6 +5200,7 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len);
* #MBEDTLS_ERR_SSL_WANT_WRITE,
* #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS,
* #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or
+ * #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET or
* #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA,
* you must stop using the SSL context for reading or writing,
* and either free it or call \c mbedtls_ssl_session_reset()
diff --git a/vendor/openssl/include/openssl/cmp.h.in b/vendor/openssl/include/openssl/cmp.h.in
index ad9eb34..d659331 100644
--- a/vendor/openssl/include/openssl/cmp.h.in
+++ b/vendor/openssl/include/openssl/cmp.h.in
@@ -228,6 +228,22 @@ DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
{-
generate_stack_macros("OSSL_CMP_ITAV");
-}
+
+typedef struct ossl_cmp_crlstatus_st OSSL_CMP_CRLSTATUS;
+{-
+ generate_stack_macros("OSSL_CMP_CRLSTATUS");
+-}
+
+typedef OSSL_CRMF_ATTRIBUTETYPEANDVALUE OSSL_CMP_ATAV;
+# define OSSL_CMP_ATAV_free OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free
+typedef STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) OSSL_CMP_ATAVS;
+DECLARE_ASN1_FUNCTIONS(OSSL_CMP_ATAVS)
+# define stack_st_OSSL_CMP_ATAV stack_st_OSSL_CRMF_ATTRIBUTETYPEANDVALUE
+# define sk_OSSL_CMP_ATAV_num sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_num
+# define sk_OSSL_CMP_ATAV_value sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_value
+# define sk_OSSL_CMP_ATAV_push sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_push
+# define sk_OSSL_CMP_ATAV_pop_free sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_pop_free
+
typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT;
typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI;
DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
@@ -257,7 +273,7 @@ void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type,
ASN1_TYPE *value);
ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav);
ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
-int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
+int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **sk_p,
OSSL_CMP_ITAV *itav);
void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
@@ -278,6 +294,39 @@ int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
X509 **newWithOld,
X509 **oldWithNew);
+OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_create(const X509_CRL *crl,
+ const X509 *cert, int only_DN);
+OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_new1(const DIST_POINT_NAME *dpn,
+ const GENERAL_NAMES *issuer,
+ const ASN1_TIME *thisUpdate);
+int OSSL_CMP_CRLSTATUS_get0(const OSSL_CMP_CRLSTATUS *crlstatus,
+ DIST_POINT_NAME **dpn, GENERAL_NAMES **issuer,
+ ASN1_TIME **thisUpdate);
+void OSSL_CMP_CRLSTATUS_free(OSSL_CMP_CRLSTATUS *crlstatus);
+OSSL_CMP_ITAV
+*OSSL_CMP_ITAV_new0_crlStatusList(STACK_OF(OSSL_CMP_CRLSTATUS) *crlStatusList);
+int OSSL_CMP_ITAV_get0_crlStatusList(const OSSL_CMP_ITAV *itav,
+ STACK_OF(OSSL_CMP_CRLSTATUS) **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_crls(const X509_CRL *crls);
+int OSSL_CMP_ITAV_get0_crls(const OSSL_CMP_ITAV *it, STACK_OF(X509_CRL) **out);
+OSSL_CMP_ITAV
+*OSSL_CMP_ITAV_new0_certReqTemplate(OSSL_CRMF_CERTTEMPLATE *certTemplate,
+ OSSL_CMP_ATAVS *keySpec);
+int OSSL_CMP_ITAV_get1_certReqTemplate(const OSSL_CMP_ITAV *itav,
+ OSSL_CRMF_CERTTEMPLATE **certTemplate,
+ OSSL_CMP_ATAVS **keySpec);
+
+OSSL_CMP_ATAV *OSSL_CMP_ATAV_create(ASN1_OBJECT *type, ASN1_TYPE *value);
+void OSSL_CMP_ATAV_set0(OSSL_CMP_ATAV *itav, ASN1_OBJECT *type,
+ ASN1_TYPE *value);
+ASN1_OBJECT *OSSL_CMP_ATAV_get0_type(const OSSL_CMP_ATAV *itav);
+ASN1_TYPE *OSSL_CMP_ATAV_get0_value(const OSSL_CMP_ATAV *itav);
+OSSL_CMP_ATAV *OSSL_CMP_ATAV_new_algId(const X509_ALGOR *alg);
+X509_ALGOR *OSSL_CMP_ATAV_get0_algId(const OSSL_CMP_ATAV *atav);
+OSSL_CMP_ATAV *OSSL_CMP_ATAV_new_rsaKeyLen(int len);
+int OSSL_CMP_ATAV_get_rsaKeyLen(const OSSL_CMP_ATAV *atav);
+int OSSL_CMP_ATAV_push1(OSSL_CMP_ATAVS **sk_p, const OSSL_CMP_ATAV *atav);
+
void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
/* from cmp_ctx.c */
@@ -521,6 +570,12 @@ int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
const X509 *oldWithOld, X509 **newWithNew,
X509 **newWithOld, X509 **oldWithNew);
+int OSSL_CMP_get1_crlUpdate(OSSL_CMP_CTX *ctx, const X509 *crlcert,
+ const X509_CRL *last_crl,
+ X509_CRL **crl);
+int OSSL_CMP_get1_certReqTemplate(OSSL_CMP_CTX *ctx,
+ OSSL_CRMF_CERTTEMPLATE **certTemplate,
+ OSSL_CMP_ATAVS **keySpec);
# ifdef __cplusplus
}
diff --git a/vendor/openssl/include/openssl/cmperr.h b/vendor/openssl/include/openssl/cmperr.h
index 0d876e5..d196924 100644
--- a/vendor/openssl/include/openssl/cmperr.h
+++ b/vendor/openssl/include/openssl/cmperr.h
@@ -60,9 +60,13 @@
# define CMP_R_FAILED_EXTRACTING_PUBKEY 141
# define CMP_R_FAILURE_OBTAINING_RANDOM 110
# define CMP_R_FAIL_INFO_OUT_OF_RANGE 129
+# define CMP_R_GENERATE_CERTREQTEMPLATE 197
+# define CMP_R_GENERATE_CRLSTATUS 198
# define CMP_R_GETTING_GENP 192
+# define CMP_R_GET_ITAV 199
# define CMP_R_INVALID_ARGS 100
# define CMP_R_INVALID_GENP 193
+# define CMP_R_INVALID_KEYSPEC 202
# define CMP_R_INVALID_OPTION 174
# define CMP_R_INVALID_ROOTCAKEYUPDATE 195
# define CMP_R_MISSING_CERTID 165
@@ -100,6 +104,7 @@
# define CMP_R_TRANSFER_ERROR 159
# define CMP_R_UNCLEAN_CTX 191
# define CMP_R_UNEXPECTED_CERTPROFILE 196
+# define CMP_R_UNEXPECTED_CRLSTATUSLIST 201
# define CMP_R_UNEXPECTED_PKIBODY 133
# define CMP_R_UNEXPECTED_PKISTATUS 185
# define CMP_R_UNEXPECTED_POLLREQ 105
@@ -107,6 +112,7 @@
# define CMP_R_UNEXPECTED_SENDER 106
# define CMP_R_UNKNOWN_ALGORITHM_ID 134
# define CMP_R_UNKNOWN_CERT_TYPE 135
+# define CMP_R_UNKNOWN_CRL_ISSUER 200
# define CMP_R_UNKNOWN_PKISTATUS 186
# define CMP_R_UNSUPPORTED_ALGORITHM 136
# define CMP_R_UNSUPPORTED_KEY_TYPE 137
diff --git a/vendor/openssl/include/openssl/core_dispatch.h b/vendor/openssl/include/openssl/core_dispatch.h
index a5bc2cf..03838dd 100644
--- a/vendor/openssl/include/openssl/core_dispatch.h
+++ b/vendor/openssl/include/openssl/core_dispatch.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -13,6 +13,7 @@
# include <stdarg.h>
# include <openssl/core.h>
+# include <openssl/indicator.h>
# ifdef __cplusplus
extern "C" {
@@ -182,6 +183,9 @@ OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO *bio,
#define OSSL_FUNC_GET_USER_ENTROPY 98
#define OSSL_FUNC_GET_USER_NONCE 99
+#define OSSL_FUNC_INDICATOR_CB 95
+OSSL_CORE_MAKE_FUNC(void, indicator_cb, (OPENSSL_CORE_CTX *ctx,
+ OSSL_INDICATOR_CALLBACK **cb))
#define OSSL_FUNC_SELF_TEST_CB 100
OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb,
void **cbarg))
@@ -588,6 +592,9 @@ OSSL_CORE_MAKE_FUNC(void *, keymgmt_new, (void *provctx))
# define OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS 5
# define OSSL_FUNC_KEYMGMT_GEN 6
# define OSSL_FUNC_KEYMGMT_GEN_CLEANUP 7
+# define OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS 15
+# define OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS 16
+
OSSL_CORE_MAKE_FUNC(void *, keymgmt_gen_init,
(void *provctx, int selection, const OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_set_template,
@@ -597,6 +604,10 @@ OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_set_params,
OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *,
keymgmt_gen_settable_params,
(void *genctx, void *provctx))
+OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_get_params,
+ (void *genctx, OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_gen_gettable_params,
+ (void *genctx, void *provctx))
OSSL_CORE_MAKE_FUNC(void *, keymgmt_gen,
(void *genctx, OSSL_CALLBACK *cb, void *cbarg))
OSSL_CORE_MAKE_FUNC(void, keymgmt_gen_cleanup, (void *genctx))
@@ -730,22 +741,45 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keyexch_gettable_ctx_params,
# define OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS 23
# define OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS 24
# define OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS 25
+# define OSSL_FUNC_SIGNATURE_QUERY_KEY_TYPES 26
+# define OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_INIT 27
+# define OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_UPDATE 28
+# define OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_FINAL 29
+# define OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT 30
+# define OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_UPDATE 31
+# define OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_FINAL 32
OSSL_CORE_MAKE_FUNC(void *, signature_newctx, (void *provctx,
- const char *propq))
+ const char *propq))
OSSL_CORE_MAKE_FUNC(int, signature_sign_init, (void *ctx, void *provkey,
const OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(int, signature_sign, (void *ctx, unsigned char *sig,
- size_t *siglen, size_t sigsize,
- const unsigned char *tbs,
- size_t tbslen))
+ size_t *siglen, size_t sigsize,
+ const unsigned char *tbs,
+ size_t tbslen))
+OSSL_CORE_MAKE_FUNC(int, signature_sign_message_init,
+ (void *ctx, void *provkey, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, signature_sign_message_update,
+ (void *ctx, const unsigned char *in, size_t inlen))
+OSSL_CORE_MAKE_FUNC(int, signature_sign_message_final,
+ (void *ctx, unsigned char *sig,
+ size_t *siglen, size_t sigsize))
OSSL_CORE_MAKE_FUNC(int, signature_verify_init, (void *ctx, void *provkey,
const OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(int, signature_verify, (void *ctx,
- const unsigned char *sig,
- size_t siglen,
- const unsigned char *tbs,
- size_t tbslen))
+ const unsigned char *sig,
+ size_t siglen,
+ const unsigned char *tbs,
+ size_t tbslen))
+OSSL_CORE_MAKE_FUNC(int, signature_verify_message_init,
+ (void *ctx, void *provkey, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, signature_verify_message_update,
+ (void *ctx, const unsigned char *in, size_t inlen))
+/*
+ * signature_verify_final requires that the signature to be verified against
+ * is specified via an OSSL_PARAM.
+ */
+OSSL_CORE_MAKE_FUNC(int, signature_verify_message_final, (void *ctx))
OSSL_CORE_MAKE_FUNC(int, signature_verify_recover_init,
(void *ctx, void *provkey, const OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(int, signature_verify_recover,
@@ -790,7 +824,7 @@ OSSL_CORE_MAKE_FUNC(int, signature_set_ctx_md_params,
(void *ctx, const OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, signature_settable_ctx_md_params,
(void *ctx))
-
+OSSL_CORE_MAKE_FUNC(const char **, signature_query_key_types, (void))
/* Asymmetric Ciphers */
diff --git a/vendor/openssl/include/openssl/crmf.h.in b/vendor/openssl/include/openssl/crmf.h.in
index 43411fa..17dc4d9 100644
--- a/vendor/openssl/include/openssl/crmf.h.in
+++ b/vendor/openssl/include/openssl/crmf.h.in
@@ -1,7 +1,7 @@
/*-
* {- join("\n * ", @autowarntext) -}
*
- * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@@ -54,6 +54,12 @@ DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG)
generate_stack_macros("OSSL_CRMF_MSG");
-}
typedef struct ossl_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE;
+void OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(OSSL_CRMF_ATTRIBUTETYPEANDVALUE *v);
+DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
+{-
+ generate_stack_macros("OSSL_CRMF_ATTRIBUTETYPEANDVALUE");
+-}
+
typedef struct ossl_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER)
typedef struct ossl_crmf_poposigningkey_st OSSL_CRMF_POPOSIGNINGKEY;
@@ -71,6 +77,7 @@ typedef struct ossl_crmf_singlepubinfo_st OSSL_CRMF_SINGLEPUBINFO;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO)
typedef struct ossl_crmf_certtemplate_st OSSL_CRMF_CERTTEMPLATE;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE)
+DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTTEMPLATE)
typedef STACK_OF(OSSL_CRMF_MSG) OSSL_CRMF_MSGS;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSGS)
diff --git a/vendor/openssl/include/openssl/crypto.h.in b/vendor/openssl/include/openssl/crypto.h.in
index b2d691b..101719a 100644
--- a/vendor/openssl/include/openssl/crypto.h.in
+++ b/vendor/openssl/include/openssl/crypto.h.in
@@ -1,7 +1,7 @@
/*
* {- join("\n * ", @autowarntext) -}
*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -86,10 +86,15 @@ int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock);
void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock);
int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_add64(uint64_t *val, uint64_t op, uint64_t *ret,
+ CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_and(uint64_t *val, uint64_t op, uint64_t *ret,
+ CRYPTO_RWLOCK *lock);
int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
CRYPTO_RWLOCK *lock);
int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
+int CRYPTO_atomic_store(uint64_t *dst, uint64_t val, CRYPTO_RWLOCK *lock);
/* No longer needed, so this is a no-op */
#define OPENSSL_malloc_init() while(0) continue
@@ -98,6 +103,9 @@ int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE)
# define OPENSSL_zalloc(num) \
CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_aligned_alloc(num, alignment, freeptr) \
+ CRYPTO_aligned_alloc(num, alignment, freeptr, \
+ OPENSSL_FILE, OPENSSL_LINE)
# define OPENSSL_realloc(addr, num) \
CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE)
# define OPENSSL_clear_realloc(addr, old_num, num) \
@@ -126,6 +134,7 @@ int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz);
size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz);
size_t OPENSSL_strnlen(const char *str, size_t maxlen);
+int OPENSSL_strtoul(const char *str, char **endptr, int base, unsigned long *num);
int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlength,
const unsigned char *buf, size_t buflen,
const char sep);
@@ -162,6 +171,7 @@ const char *OpenSSL_version(int type);
# define OPENSSL_FULL_VERSION_STRING 7
# define OPENSSL_MODULES_DIR 8
# define OPENSSL_CPU_INFO 9
+# define OPENSSL_WINCTX 10
const char *OPENSSL_info(int type);
/*
@@ -176,6 +186,7 @@ const char *OPENSSL_info(int type);
# define OPENSSL_INFO_LIST_SEPARATOR 1006
# define OPENSSL_INFO_SEED_SOURCE 1007
# define OPENSSL_INFO_CPU_SETTINGS 1008
+# define OPENSSL_INFO_WINDOWS_CONTEXT 1009
int OPENSSL_issetugid(void);
@@ -321,6 +332,9 @@ void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn,
OSSL_CRYPTO_ALLOC void *CRYPTO_malloc(size_t num, const char *file, int line);
OSSL_CRYPTO_ALLOC void *CRYPTO_zalloc(size_t num, const char *file, int line);
+OSSL_CRYPTO_ALLOC void *CRYPTO_aligned_alloc(size_t num, size_t align,
+ void **freeptr, const char *file,
+ int line);
OSSL_CRYPTO_ALLOC void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line);
OSSL_CRYPTO_ALLOC char *CRYPTO_strdup(const char *str, const char *file, int line);
OSSL_CRYPTO_ALLOC char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line);
@@ -529,9 +543,14 @@ int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file);
void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
+int OSSL_LIB_CTX_get_conf_diagnostics(OSSL_LIB_CTX *ctx);
+void OSSL_LIB_CTX_set_conf_diagnostics(OSSL_LIB_CTX *ctx, int value);
void OSSL_sleep(uint64_t millis);
+
+void *OSSL_LIB_CTX_get_data(OSSL_LIB_CTX *ctx, int index);
+
# ifdef __cplusplus
}
# endif
diff --git a/vendor/openssl/include/openssl/cryptoerr.h b/vendor/openssl/include/openssl/cryptoerr.h
index e84b12d..7fa79cf 100644
--- a/vendor/openssl/include/openssl/cryptoerr.h
+++ b/vendor/openssl/include/openssl/cryptoerr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -47,6 +47,7 @@
# define CRYPTO_R_SECURE_MALLOC_FAILURE 111
# define CRYPTO_R_STRING_TOO_LONG 112
# define CRYPTO_R_TOO_MANY_BYTES 113
+# define CRYPTO_R_TOO_MANY_NAMES 132
# define CRYPTO_R_TOO_MANY_RECORDS 114
# define CRYPTO_R_TOO_SMALL_BUFFER 116
# define CRYPTO_R_UNKNOWN_NAME_IN_RANDOM_SECTION 120
diff --git a/vendor/openssl/include/openssl/e_os2.h b/vendor/openssl/include/openssl/e_os2.h
index f1e1795..b8c6107 100644
--- a/vendor/openssl/include/openssl/e_os2.h
+++ b/vendor/openssl/include/openssl/e_os2.h
@@ -200,6 +200,7 @@ extern "C" {
# endif
# ifndef ossl_ssize_t
+# include <sys/types.h>
# define ossl_ssize_t ssize_t
# if defined(SSIZE_MAX)
# define OSSL_SSIZE_MAX SSIZE_MAX
@@ -288,7 +289,7 @@ typedef uint64_t ossl_uintmax_t;
# endif
# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && \
- !defined(__cplusplus)
+ !defined(__cplusplus)
# define ossl_noreturn _Noreturn
# elif defined(__GNUC__) && __GNUC__ >= 2
# define ossl_noreturn __attribute__((noreturn))
diff --git a/vendor/openssl/include/openssl/evp.h b/vendor/openssl/include/openssl/evp.h
index f70b9d7..5466327 100644
--- a/vendor/openssl/include/openssl/evp.h
+++ b/vendor/openssl/include/openssl/evp.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -552,6 +552,7 @@ int EVP_MD_get_block_size(const EVP_MD *md);
# define EVP_MD_block_size EVP_MD_get_block_size
unsigned long EVP_MD_get_flags(const EVP_MD *md);
# define EVP_MD_flags EVP_MD_get_flags
+int EVP_MD_xof(const EVP_MD *md);
const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx);
EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx);
@@ -566,9 +567,11 @@ void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
int (*update) (EVP_MD_CTX *ctx,
const void *data, size_t count));
# endif
+int EVP_MD_CTX_get_size_ex(const EVP_MD_CTX *ctx);
+
# define EVP_MD_CTX_get0_name(e) EVP_MD_get0_name(EVP_MD_CTX_get0_md(e))
-# define EVP_MD_CTX_get_size(e) EVP_MD_get_size(EVP_MD_CTX_get0_md(e))
-# define EVP_MD_CTX_size EVP_MD_CTX_get_size
+# define EVP_MD_CTX_get_size(e) EVP_MD_CTX_get_size_ex(e)
+# define EVP_MD_CTX_size EVP_MD_CTX_get_size_ex
# define EVP_MD_CTX_get_block_size(e) EVP_MD_get_block_size(EVP_MD_CTX_get0_md(e))
# define EVP_MD_CTX_block_size EVP_MD_CTX_get_block_size
# define EVP_MD_CTX_get_type(e) EVP_MD_get_type(EVP_MD_CTX_get0_md(e))
@@ -895,6 +898,10 @@ const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher);
const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *ctx);
const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_set_algor_params(EVP_CIPHER_CTX *ctx, const X509_ALGOR *alg);
+int EVP_CIPHER_CTX_get_algor_params(EVP_CIPHER_CTX *ctx, X509_ALGOR *alg);
+int EVP_CIPHER_CTX_get_algor(EVP_CIPHER_CTX *ctx, X509_ALGOR **alg);
+
const BIO_METHOD *BIO_f_md(void);
const BIO_METHOD *BIO_f_base64(void);
const BIO_METHOD *BIO_f_cipher(void);
@@ -1690,33 +1697,47 @@ int EVP_PKEY_CTX_set_kem_op(EVP_PKEY_CTX *ctx, const char *op);
const char *EVP_PKEY_get0_type_name(const EVP_PKEY *key);
# define EVP_PKEY_OP_UNDEFINED 0
-# define EVP_PKEY_OP_PARAMGEN (1<<1)
-# define EVP_PKEY_OP_KEYGEN (1<<2)
-# define EVP_PKEY_OP_FROMDATA (1<<3)
-# define EVP_PKEY_OP_SIGN (1<<4)
-# define EVP_PKEY_OP_VERIFY (1<<5)
-# define EVP_PKEY_OP_VERIFYRECOVER (1<<6)
-# define EVP_PKEY_OP_SIGNCTX (1<<7)
-# define EVP_PKEY_OP_VERIFYCTX (1<<8)
-# define EVP_PKEY_OP_ENCRYPT (1<<9)
-# define EVP_PKEY_OP_DECRYPT (1<<10)
-# define EVP_PKEY_OP_DERIVE (1<<11)
-# define EVP_PKEY_OP_ENCAPSULATE (1<<12)
-# define EVP_PKEY_OP_DECAPSULATE (1<<13)
-
-# define EVP_PKEY_OP_TYPE_SIG \
- (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \
- | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX)
-
-# define EVP_PKEY_OP_TYPE_CRYPT \
- (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)
-
-# define EVP_PKEY_OP_TYPE_NOGEN \
- (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE)
-
-# define EVP_PKEY_OP_TYPE_GEN \
- (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
-
+# define EVP_PKEY_OP_PARAMGEN (1 << 1)
+# define EVP_PKEY_OP_KEYGEN (1 << 2)
+# define EVP_PKEY_OP_FROMDATA (1 << 3)
+# define EVP_PKEY_OP_SIGN (1 << 4)
+# define EVP_PKEY_OP_VERIFY (1 << 5)
+# define EVP_PKEY_OP_VERIFYRECOVER (1 << 6)
+# define EVP_PKEY_OP_SIGNCTX (1 << 7)
+# define EVP_PKEY_OP_VERIFYCTX (1 << 8)
+# define EVP_PKEY_OP_ENCRYPT (1 << 9)
+# define EVP_PKEY_OP_DECRYPT (1 << 10)
+# define EVP_PKEY_OP_DERIVE (1 << 11)
+# define EVP_PKEY_OP_ENCAPSULATE (1 << 12)
+# define EVP_PKEY_OP_DECAPSULATE (1 << 13)
+# define EVP_PKEY_OP_SIGNMSG (1 << 14)
+# define EVP_PKEY_OP_VERIFYMSG (1 << 15)
+/* Update the following when adding new EVP_PKEY_OPs */
+# define EVP_PKEY_OP_ALL ((1 << 16) - 1)
+
+# define EVP_PKEY_OP_TYPE_SIG \
+ (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG \
+ | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYMSG \
+ | EVP_PKEY_OP_VERIFYRECOVER \
+ | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX)
+
+# define EVP_PKEY_OP_TYPE_CRYPT \
+ (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)
+
+# define EVP_PKEY_OP_TYPE_DERIVE \
+ (EVP_PKEY_OP_DERIVE)
+
+# define EVP_PKEY_OP_TYPE_DATA \
+ (EVP_PKEY_OP_FROMDATA)
+
+# define EVP_PKEY_OP_TYPE_KEM \
+ (EVP_PKEY_OP_ENCAPSULATE | EVP_PKEY_OP_DECAPSULATE)
+
+# define EVP_PKEY_OP_TYPE_GEN \
+ (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
+
+# define EVP_PKEY_OP_TYPE_NOGEN \
+ (EVP_PKEY_OP_ALL & ~EVP_PKEY_OP_TYPE_GEN)
int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, const unsigned char *key,
int keylen);
@@ -1780,6 +1801,7 @@ int EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt,
const OSSL_PARAM *EVP_KEYMGMT_gettable_params(const EVP_KEYMGMT *keymgmt);
const OSSL_PARAM *EVP_KEYMGMT_settable_params(const EVP_KEYMGMT *keymgmt);
const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt);
+const OSSL_PARAM *EVP_KEYMGMT_gen_gettable_params(const EVP_KEYMGMT *keymgmt);
EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
@@ -1796,6 +1818,11 @@ int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx);
int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params);
const OSSL_PARAM *EVP_PKEY_CTX_settable_params(const EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_CTX_set_algor_params(EVP_PKEY_CTX *ctx, const X509_ALGOR *alg);
+int EVP_PKEY_CTX_get_algor_params(EVP_PKEY_CTX *ctx, X509_ALGOR *alg);
+int EVP_PKEY_CTX_get_algor(EVP_PKEY_CTX *ctx, X509_ALGOR **alg);
+
int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
int cmd, int p1, void *p2);
int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
@@ -1846,6 +1873,9 @@ EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx);
void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_CTX_set_signature(EVP_PKEY_CTX *pctx,
+ const unsigned char *sig, size_t siglen);
+
void EVP_SIGNATURE_free(EVP_SIGNATURE *signature);
int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature);
OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature);
@@ -1899,17 +1929,35 @@ const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem);
int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_sign_init_ex2(EVP_PKEY_CTX *ctx,
+ EVP_SIGNATURE *algo, const OSSL_PARAM params[]);
int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
unsigned char *sig, size_t *siglen,
const unsigned char *tbs, size_t tbslen);
+int EVP_PKEY_sign_message_init(EVP_PKEY_CTX *ctx,
+ EVP_SIGNATURE *algo, const OSSL_PARAM params[]);
+int EVP_PKEY_sign_message_update(EVP_PKEY_CTX *ctx,
+ const unsigned char *in, size_t inlen);
+int EVP_PKEY_sign_message_final(EVP_PKEY_CTX *ctx,
+ unsigned char *sig, size_t *siglen);
int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_PKEY_verify_init_ex2(EVP_PKEY_CTX *ctx,
+ EVP_SIGNATURE *algo, const OSSL_PARAM params[]);
int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
const unsigned char *sig, size_t siglen,
const unsigned char *tbs, size_t tbslen);
+int EVP_PKEY_verify_message_init(EVP_PKEY_CTX *ctx,
+ EVP_SIGNATURE *algo, const OSSL_PARAM params[]);
+int EVP_PKEY_verify_message_update(EVP_PKEY_CTX *ctx,
+ const unsigned char *in, size_t inlen);
+int EVP_PKEY_verify_message_final(EVP_PKEY_CTX *ctx);
int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx,
const OSSL_PARAM params[]);
+int EVP_PKEY_verify_recover_init_ex2(EVP_PKEY_CTX *ctx,
+ EVP_SIGNATURE *algo,
+ const OSSL_PARAM params[]);
int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
unsigned char *rout, size_t *routlen,
const unsigned char *sig, size_t siglen);
diff --git a/vendor/openssl/include/openssl/evperr.h b/vendor/openssl/include/openssl/evperr.h
index 11f3faa..0a991f7 100644
--- a/vendor/openssl/include/openssl/evperr.h
+++ b/vendor/openssl/include/openssl/evperr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -54,6 +54,7 @@
# define EVP_R_EXPECTING_A_SIPHASH_KEY 175
# define EVP_R_FINAL_ERROR 188
# define EVP_R_GENERATE_ERROR 214
+# define EVP_R_GETTING_ALGORITHMIDENTIFIER_NOT_SUPPORTED 229
# define EVP_R_GET_RAW_KEY_FAILED 182
# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171
# define EVP_R_INACCESSIBLE_DOMAIN_PARAMETERS 204
@@ -94,6 +95,7 @@
# define EVP_R_ONLY_ONESHOT_SUPPORTED 177
# define EVP_R_OPERATION_NOT_INITIALIZED 151
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
+# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_SIGNATURE_TYPE 226
# define EVP_R_OUTPUT_WOULD_OVERFLOW 202
# define EVP_R_PARAMETER_TOO_LARGE 187
# define EVP_R_PARTIALLY_OVERLAPPING 162
@@ -104,6 +106,7 @@
# define EVP_R_PUBLIC_KEY_NOT_RSA 106
# define EVP_R_SETTING_XOF_FAILED 227
# define EVP_R_SET_DEFAULT_PROPERTY_FAILURE 209
+# define EVP_R_SIGNATURE_TYPE_AND_KEY_TYPE_INCOMPATIBLE 228
# define EVP_R_TOO_MANY_RECORDS 183
# define EVP_R_UNABLE_TO_ENABLE_LOCKING 212
# define EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE 215
diff --git a/vendor/openssl/include/openssl/fips_names.h b/vendor/openssl/include/openssl/fips_names.h
index 5c77f6d..fa481fc 100644
--- a/vendor/openssl/include/openssl/fips_names.h
+++ b/vendor/openssl/include/openssl/fips_names.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -17,27 +17,18 @@ extern "C" {
/*
* Parameter names that the FIPS Provider defines
+ * All parameters are of type: OSSL_PARAM_UTF8_STRING
*/
-/*
- * The calculated MAC of the module file (Used for FIPS Self Testing)
- * Type: OSSL_PARAM_UTF8_STRING
- */
+/* The following 4 Parameters are used for FIPS Self Testing */
+
+/* The calculated MAC of the module file */
# define OSSL_PROV_FIPS_PARAM_MODULE_MAC "module-mac"
-/*
- * A version number for the fips install process (Used for FIPS Self Testing)
- * Type: OSSL_PARAM_UTF8_STRING
- */
+/* The Version number for the fips install process */
# define OSSL_PROV_FIPS_PARAM_INSTALL_VERSION "install-version"
-/*
- * The calculated MAC of the install status indicator (Used for FIPS Self Testing)
- * Type: OSSL_PARAM_UTF8_STRING
- */
+/* The calculated MAC of the install status indicator */
# define OSSL_PROV_FIPS_PARAM_INSTALL_MAC "install-mac"
-/*
- * The install status indicator (Used for FIPS Self Testing)
- * Type: OSSL_PARAM_UTF8_STRING
- */
+/* The install status indicator */
# define OSSL_PROV_FIPS_PARAM_INSTALL_STATUS "install-status"
/*
@@ -47,28 +38,10 @@ extern "C" {
*/
# define OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS "conditional-errors"
-/*
- * A boolean that determines if the runtime FIPS security checks are performed.
- * This is enabled by default.
- * Type: OSSL_PARAM_UTF8_STRING
- */
-# define OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS "security-checks"
-
-/*
- * A boolean that determines if the runtime FIPS check for TLS1_PRF EMS is performed.
- * This is disabled by default.
- * Type: OSSL_PARAM_UTF8_STRING
- */
-# define OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
-
-/*
- * A boolean that determines if truncated digests can be used with Hash and HMAC
- * DRBGs. FIPS 140-3 IG D.R disallows such use for efficiency rather than
- * security reasons.
- * This is disabled by default.
- * Type: OSSL_PARAM_UTF8_STRING
- */
-# define OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
+/* The following are provided for backwards compatibility */
+# define OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS OSSL_PROV_PARAM_SECURITY_CHECKS
+# define OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK
+# define OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST
# ifdef __cplusplus
}
diff --git a/vendor/openssl/include/openssl/fipskey.h.in b/vendor/openssl/include/openssl/fipskey.h.in
index 56b947e..c53012a 100644
--- a/vendor/openssl/include/openssl/fipskey.h.in
+++ b/vendor/openssl/include/openssl/fipskey.h.in
@@ -1,7 +1,7 @@
/*
* {- join("\n * ", @autowarntext) -}
*
- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -28,6 +28,11 @@ extern "C" {
*/
#define FIPS_KEY_STRING "{- $config{FIPSKEY} -}"
+/*
+ * The FIPS provider vendor name, as a string.
+ */
+#define FIPS_VENDOR "{- $config{FIPS_VENDOR} -}"
+
# ifdef __cplusplus
}
# endif
diff --git a/vendor/openssl/include/openssl/http.h b/vendor/openssl/include/openssl/http.h
index 8f4e9da..339b567 100644
--- a/vendor/openssl/include/openssl/http.h
+++ b/vendor/openssl/include/openssl/http.h
@@ -35,9 +35,10 @@ extern "C" {
# ifndef OPENSSL_NO_HTTP
-#define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
-#define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
-#define OSSL_HTTP_DEFAULT_MAX_RESP_HDR_LINES 256
+# define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
+# define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
+# define OSSL_HTTP_DEFAULT_MAX_CRL_LEN (32 * 1024 * 1024)
+# define OSSL_HTTP_DEFAULT_MAX_RESP_HDR_LINES 256
/* Low-level HTTP API */
diff --git a/vendor/openssl/include/openssl/macros.h b/vendor/openssl/include/openssl/macros.h
index e9ef938..8330c75 100644
--- a/vendor/openssl/include/openssl/macros.h
+++ b/vendor/openssl/include/openssl/macros.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -169,6 +169,7 @@
* 'no-deprecated'.
*/
+# undef OPENSSL_NO_DEPRECATED_3_4
# undef OPENSSL_NO_DEPRECATED_3_1
# undef OPENSSL_NO_DEPRECATED_3_0
# undef OPENSSL_NO_DEPRECATED_1_1_1
@@ -178,6 +179,17 @@
# undef OPENSSL_NO_DEPRECATED_1_0_0
# undef OPENSSL_NO_DEPRECATED_0_9_8
+# if OPENSSL_API_LEVEL >= 30400
+# ifndef OPENSSL_NO_DEPRECATED
+# define OSSL_DEPRECATEDIN_3_4 OSSL_DEPRECATED(3.4)
+# define OSSL_DEPRECATEDIN_3_4_FOR(msg) OSSL_DEPRECATED_FOR(3.4, msg)
+# else
+# define OPENSSL_NO_DEPRECATED_3_4
+# endif
+# else
+# define OSSL_DEPRECATEDIN_3_4
+# define OSSL_DEPRECATEDIN_3_4_FOR(msg)
+# endif
# if OPENSSL_API_LEVEL >= 30100
# ifndef OPENSSL_NO_DEPRECATED
# define OSSL_DEPRECATEDIN_3_1 OSSL_DEPRECATED(3.1)
diff --git a/vendor/openssl/include/openssl/obj_mac.h b/vendor/openssl/include/openssl/obj_mac.h
index 1b7d924..ea603c2 100644
--- a/vendor/openssl/include/openssl/obj_mac.h
+++ b/vendor/openssl/include/openssl/obj_mac.h
@@ -1583,9 +1583,13 @@
#define NID_qcStatements 286
#define OBJ_qcStatements OBJ_id_pe,3L
-#define SN_ac_auditEntity "ac-auditEntity"
-#define NID_ac_auditEntity 287
-#define OBJ_ac_auditEntity OBJ_id_pe,4L
+#define SN_ac_auditIdentity "ac-auditIdentity"
+#define LN_ac_auditIdentity "X509v3 Audit Identity"
+#define NID_ac_auditIdentity 287
+#define OBJ_ac_auditIdentity OBJ_id_pe,4L
+
+#define NID_ac_auditEntity 1323
+#define OBJ_ac_auditEntity OBJ_ac_auditIdentity
#define SN_ac_targeting "ac-targeting"
#define NID_ac_targeting 288
@@ -2022,6 +2026,11 @@
#define NID_id_on_permanentIdentifier 858
#define OBJ_id_on_permanentIdentifier OBJ_id_on,3L
+#define SN_id_on_hardwareModuleName "id-on-hardwareModuleName"
+#define LN_id_on_hardwareModuleName "Hardware Module Name"
+#define NID_id_on_hardwareModuleName 1321
+#define OBJ_id_on_hardwareModuleName OBJ_id_on,4L
+
#define SN_XmppAddr "id-on-xmppAddr"
#define LN_XmppAddr "XmppAddr"
#define NID_XmppAddr 1209
@@ -3019,6 +3028,11 @@
#define NID_dcObject 390
#define OBJ_dcObject OBJ_Enterprises,1466L,344L
+#define SN_id_kp_wisun_fan_device "id-kp-wisun-fan-device"
+#define LN_id_kp_wisun_fan_device "Wi-SUN Alliance Field Area Network (FAN)"
+#define NID_id_kp_wisun_fan_device 1322
+#define OBJ_id_kp_wisun_fan_device OBJ_Enterprises,45605L,1L
+
#define SN_mime_mhs "mime-mhs"
#define LN_mime_mhs "MIME MHS"
#define NID_mime_mhs 504
diff --git a/vendor/openssl/include/openssl/objects.h b/vendor/openssl/include/openssl/objects.h
index 9ea91c2..cc9f3c5 100644
--- a/vendor/openssl/include/openssl/objects.h
+++ b/vendor/openssl/include/openssl/objects.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -176,6 +176,7 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
void OBJ_sigid_free(void);
+#define SN_ac_auditEntity SN_ac_auditIdentity
# ifdef __cplusplus
}
diff --git a/vendor/openssl/include/openssl/pem.h b/vendor/openssl/include/openssl/pem.h
index 0446c77..6b7b66a 100644
--- a/vendor/openssl/include/openssl/pem.h
+++ b/vendor/openssl/include/openssl/pem.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -58,6 +58,7 @@ extern "C" {
# define PEM_STRING_PARAMETERS "PARAMETERS"
# define PEM_STRING_CMS "CMS"
# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
+# define PEM_STRING_ACERT "ATTRIBUTE CERTIFICATE"
# define PEM_TYPE_ENCRYPTED 10
# define PEM_TYPE_MIC_ONLY 20
diff --git a/vendor/openssl/include/openssl/pkcs12.h.in b/vendor/openssl/include/openssl/pkcs12.h.in
index 35759d4..097afba 100644
--- a/vendor/openssl/include/openssl/pkcs12.h.in
+++ b/vendor/openssl/include/openssl/pkcs12.h.in
@@ -1,7 +1,7 @@
/*
* {- join("\n * ", @autowarntext) -}
*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -269,6 +269,9 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
unsigned char *salt, int saltlen, int iter,
const EVP_MD *md_type);
+int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen,
+ unsigned char *salt, int saltlen, int iter,
+ const EVP_MD *md_type, const char *prf_md_name);
int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
int saltlen, const EVP_MD *md_type);
unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
diff --git a/vendor/openssl/include/openssl/proverr.h b/vendor/openssl/include/openssl/proverr.h
index d9ef568..d10b653 100644
--- a/vendor/openssl/include/openssl/proverr.h
+++ b/vendor/openssl/include/openssl/proverr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -30,9 +30,11 @@
# define PROV_R_BAD_TLS_CLIENT_VERSION 161
# define PROV_R_BN_ERROR 160
# define PROV_R_CIPHER_OPERATION_FAILED 102
+# define PROV_R_COFACTOR_REQUIRED 236
# define PROV_R_DERIVATION_FUNCTION_INIT_FAILED 205
# define PROV_R_DIGEST_NOT_ALLOWED 174
# define PROV_R_EMS_NOT_ENABLED 233
+# define PROV_R_ENTROPY_SOURCE_FAILED_CONTINUOUS_TESTS 244
# define PROV_R_ENTROPY_SOURCE_STRENGTH_TOO_WEAK 186
# define PROV_R_ERROR_INSTANTIATING_DRBG 188
# define PROV_R_ERROR_RETRIEVING_ENTROPY 189
@@ -44,12 +46,14 @@
# define PROV_R_FAILED_TO_GET_PARAMETER 103
# define PROV_R_FAILED_TO_SET_PARAMETER 104
# define PROV_R_FAILED_TO_SIGN 175
+# define PROV_R_FINAL_CALL_OUT_OF_ORDER 237
# define PROV_R_FIPS_MODULE_CONDITIONAL_ERROR 227
# define PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE 224
# define PROV_R_FIPS_MODULE_IN_ERROR_STATE 225
# define PROV_R_GENERATE_ERROR 191
# define PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 165
# define PROV_R_INDICATOR_INTEGRITY_FAILURE 210
+# define PROV_R_INIT_CALL_OUT_OF_ORDER 238
# define PROV_R_INSUFFICIENT_DRBG_STRENGTH 181
# define PROV_R_INVALID_AAD 108
# define PROV_R_INVALID_AEAD 231
@@ -61,6 +65,7 @@
# define PROV_R_INVALID_DIGEST 122
# define PROV_R_INVALID_DIGEST_LENGTH 166
# define PROV_R_INVALID_DIGEST_SIZE 218
+# define PROV_R_INVALID_EDDSA_INSTANCE_FOR_ATTEMPTED_OPERATION 243
# define PROV_R_INVALID_INPUT_LENGTH 230
# define PROV_R_INVALID_ITERATION_COUNT 123
# define PROV_R_INVALID_IV_LENGTH 109
@@ -73,6 +78,7 @@
# define PROV_R_INVALID_MODE 125
# define PROV_R_INVALID_OUTPUT_LENGTH 217
# define PROV_R_INVALID_PADDING_MODE 168
+# define PROV_R_INVALID_PREHASHED_DIGEST_LENGTH 241
# define PROV_R_INVALID_PUBINFO 198
# define PROV_R_INVALID_SALT_LENGTH 112
# define PROV_R_INVALID_SEED_LENGTH 154
@@ -110,8 +116,10 @@
# define PROV_R_NOT_PARAMETERS 226
# define PROV_R_NOT_SUPPORTED 136
# define PROV_R_NOT_XOF_OR_INVALID_LENGTH 113
+# define PROV_R_NO_INSTANCE_ALLOWED 242
# define PROV_R_NO_KEY_SET 114
# define PROV_R_NO_PARAMETERS_SET 177
+# define PROV_R_ONESHOT_CALL_OUT_OF_ORDER 239
# define PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 178
# define PROV_R_OUTPUT_BUFFER_TOO_SMALL 106
# define PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS 228
@@ -142,6 +150,7 @@
# define PROV_R_UNSUPPORTED_KEY_SIZE 153
# define PROV_R_UNSUPPORTED_MAC_TYPE 137
# define PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS 152
+# define PROV_R_UPDATE_CALL_OUT_OF_ORDER 240
# define PROV_R_URI_AUTHORITY_UNSUPPORTED 223
# define PROV_R_VALUE_ERROR 138
# define PROV_R_WRONG_FINAL_BLOCK_LENGTH 107
diff --git a/vendor/openssl/include/openssl/self_test.h b/vendor/openssl/include/openssl/self_test.h
index 1782204..98652f9 100644
--- a/vendor/openssl/include/openssl/self_test.h
+++ b/vendor/openssl/include/openssl/self_test.h
@@ -44,6 +44,7 @@ extern "C" {
/* Test event sub categories */
# define OSSL_SELF_TEST_DESC_NONE "None"
# define OSSL_SELF_TEST_DESC_INTEGRITY_HMAC "HMAC"
+# define OSSL_SELF_TEST_DESC_PCT_RSA "RSA"
# define OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1 "RSA"
# define OSSL_SELF_TEST_DESC_PCT_ECDSA "ECDSA"
# define OSSL_SELF_TEST_DESC_PCT_EDDSA "EDDSA"
@@ -59,6 +60,7 @@ extern "C" {
# define OSSL_SELF_TEST_DESC_SIGN_DSA "DSA"
# define OSSL_SELF_TEST_DESC_SIGN_RSA "RSA"
# define OSSL_SELF_TEST_DESC_SIGN_ECDSA "ECDSA"
+# define OSSL_SELF_TEST_DESC_SIGN_EDDSA "EDDSA"
# define OSSL_SELF_TEST_DESC_DRBG_CTR "CTR"
# define OSSL_SELF_TEST_DESC_DRBG_HASH "HASH"
# define OSSL_SELF_TEST_DESC_DRBG_HMAC "HMAC"
diff --git a/vendor/openssl/include/openssl/ssl.h.in b/vendor/openssl/include/openssl/ssl.h.in
index 442d5cb..4bab2ac 100644
--- a/vendor/openssl/include/openssl/ssl.h.in
+++ b/vendor/openssl/include/openssl/ssl.h.in
@@ -236,10 +236,8 @@ typedef struct ssl_cipher_st SSL_CIPHER;
typedef struct ssl_session_st SSL_SESSION;
typedef struct tls_sigalgs_st TLS_SIGALGS;
typedef struct ssl_conf_ctx_st SSL_CONF_CTX;
-typedef struct ssl_comp_st SSL_COMP;
STACK_OF(SSL_CIPHER);
-STACK_OF(SSL_COMP);
/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
typedef struct srtp_protection_profile_st {
@@ -975,8 +973,7 @@ extern "C" {
* in VisualStudio 2015
*/
{-
- generate_const_stack_macros("SSL_CIPHER")
- .generate_stack_macros("SSL_COMP");
+ generate_const_stack_macros("SSL_CIPHER");
-}
/* compatibility */
@@ -1572,7 +1569,11 @@ void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *);
__owur int SSL_want(const SSL *s);
__owur int SSL_clear(SSL *s);
+#ifndef OPENSSL_NO_DEPRECATED_3_4
+OSSL_DEPRECATEDIN_3_4_FOR("not Y2038-safe, replace with SSL_CTX_flush_sessions_ex()")
void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
+#endif
+void SSL_CTX_flush_sessions_ex(SSL_CTX *ctx, time_t tm);
__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
__owur const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s);
@@ -1684,8 +1685,13 @@ __owur const char *SSL_state_string(const SSL *s);
__owur const char *SSL_rstate_string(const SSL *s);
__owur const char *SSL_state_string_long(const SSL *s);
__owur const char *SSL_rstate_string_long(const SSL *s);
+
+#ifndef OPENSSL_NO_DEPRECATED_3_4
+OSSL_DEPRECATEDIN_3_4_FOR("not Y2038-safe, replace with SSL_SESSION_get_time_ex()")
__owur long SSL_SESSION_get_time(const SSL_SESSION *s);
+OSSL_DEPRECATEDIN_3_4_FOR("not Y2038-safe, replace with SSL_SESSION_set_time_ex()")
__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t);
+#endif
__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s);
__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
@@ -2257,6 +2263,8 @@ void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg);
void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx);
int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size);
+int SSL_CTX_set_block_padding_ex(SSL_CTX *ctx, size_t app_block_size,
+ size_t hs_block_size);
int SSL_set_record_padding_callback(SSL *ssl,
size_t (*cb) (SSL *ssl, int type,
@@ -2264,7 +2272,8 @@ int SSL_set_record_padding_callback(SSL *ssl,
void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg);
void *SSL_get_record_padding_callback_arg(const SSL *ssl);
int SSL_set_block_padding(SSL *ssl, size_t block_size);
-
+int SSL_set_block_padding_ex(SSL *ssl, size_t app_block_size,
+ size_t hs_block_size);
int SSL_set_num_tickets(SSL *s, size_t num_tickets);
size_t SSL_get_num_tickets(const SSL *s);
int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
diff --git a/vendor/openssl/include/openssl/sslerr.h b/vendor/openssl/include/openssl/sslerr.h
index ec35df6..d6ae547 100644
--- a/vendor/openssl/include/openssl/sslerr.h
+++ b/vendor/openssl/include/openssl/sslerr.h
@@ -117,6 +117,7 @@
# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354
# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
+# define SSL_R_ERROR_IN_SYSTEM_DEFAULT_CONFIG 419
# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204
# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE 194
# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
@@ -178,6 +179,7 @@
# define SSL_R_MISSING_SIGNING_CERT 221
# define SSL_R_MISSING_SRP_PARAM 358
# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION 209
+# define SSL_R_MISSING_SUPPORTED_VERSIONS_EXTENSION 420
# define SSL_R_MISSING_TMP_DH_KEY 171
# define SSL_R_MISSING_TMP_ECDH_KEY 311
# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293
diff --git a/vendor/openssl/include/openssl/tls1.h b/vendor/openssl/include/openssl/tls1.h
index 7e3d1a7..8e9b110 100644
--- a/vendor/openssl/include/openssl/tls1.h
+++ b/vendor/openssl/include/openssl/tls1.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -231,6 +231,8 @@ extern "C" {
# define TLSEXT_max_fragment_length_1024 2
# define TLSEXT_max_fragment_length_2048 3
# define TLSEXT_max_fragment_length_4096 4
+/* OpenSSL value for unset maximum fragment length extension */
+# define TLSEXT_max_fragment_length_UNSPECIFIED 255
/*
* TLS Certificate Type (for RFC7250)
@@ -280,6 +282,8 @@ int SSL_get_sigalgs(SSL *s, int idx,
int *psign, int *phash, int *psignandhash,
unsigned char *rsig, unsigned char *rhash);
+char *SSL_get1_builtin_sigalgs(OSSL_LIB_CTX *libctx);
+
int SSL_get_shared_sigalgs(SSL *s, int idx,
int *psign, int *phash, int *psignandhash,
unsigned char *rsig, unsigned char *rhash);
@@ -622,6 +626,10 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb
# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304
# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305
+/* Integrity-only ciphersuites from RFC 9150 */
+# define TLS1_3_CK_SHA256_SHA256 0x0300C0B4
+# define TLS1_3_CK_SHA384_SHA384 0x0300C0B5
+
/* Aria ciphersuites from RFC6209 */
# define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C050
# define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C051
@@ -699,6 +707,8 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb
# define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256"
# define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384"
# define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256"
+# define TLS1_3_RFC_SHA256_SHA256 "TLS_SHA256_SHA256"
+# define TLS1_3_RFC_SHA384_SHA384 "TLS_SHA384_SHA384"
# define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256"
# define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256"
# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA"
diff --git a/vendor/openssl/include/openssl/ts.h b/vendor/openssl/include/openssl/ts.h
index b09b646..31c78b5 100644
--- a/vendor/openssl/include/openssl/ts.h
+++ b/vendor/openssl/include/openssl/ts.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -418,14 +418,31 @@ void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);
void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);
int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f);
int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f);
+# ifndef OPENSSL_NO_DEPRECATED_3_4
+OSSL_DEPRECATEDIN_3_4_FOR("Unclear semantics, replace with TS_VERIFY_CTX_set0_data().")
BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b);
+# endif
+int TS_VERIFY_CTX_set0_data(TS_VERIFY_CTX *ctx, BIO *b);
+# ifndef OPENSSL_NO_DEPRECATED_3_4
+OSSL_DEPRECATEDIN_3_4_FOR("Unclear semantics, replace with TS_VERIFY_CTX_set0_imprint().")
unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
unsigned char *hexstr, long len);
+# endif
+int TS_VERIFY_CTX_set0_imprint(TS_VERIFY_CTX *ctx,
+ unsigned char *hexstr, long len);
+# ifndef OPENSSL_NO_DEPRECATED_3_4
+OSSL_DEPRECATEDIN_3_4_FOR("Unclear semantics, replace with TS_VERIFY_CTX_set0_store().")
X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s);
+# endif
+int TS_VERIFY_CTX_set0_store(TS_VERIFY_CTX *ctx, X509_STORE *s);
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define TS_VERIFY_CTS_set_certs(ctx, cert) TS_VERIFY_CTX_set_certs(ctx,cert)
# endif
+# ifndef OPENSSL_NO_DEPRECATED_3_4
+OSSL_DEPRECATEDIN_3_4_FOR("Unclear semantics, replace with TS_VERIFY_CTX_set0_certs().")
STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs);
+# endif
+int TS_VERIFY_CTX_set0_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs);
/*-
* If ctx is NULL, it allocates and returns a new object, otherwise
diff --git a/vendor/openssl/include/openssl/types.h b/vendor/openssl/include/openssl/types.h
index c280286..e05a350 100644
--- a/vendor/openssl/include/openssl/types.h
+++ b/vendor/openssl/include/openssl/types.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -33,6 +33,12 @@ extern "C" {
# include <openssl/safestack.h>
# include <openssl/macros.h>
+# if OPENSSL_VERSION_MAJOR >= 4
+# define OSSL_FUTURE_CONST const
+# else
+# define OSSL_FUTURE_CONST
+# endif
+
typedef struct ossl_provider_st OSSL_PROVIDER; /* Provider Object */
# ifdef NO_ASN1_TYPEDEFS
diff --git a/vendor/openssl/include/openssl/x509.h.in b/vendor/openssl/include/openssl/x509.h.in
index 7210391..2100790 100644
--- a/vendor/openssl/include/openssl/x509.h.in
+++ b/vendor/openssl/include/openssl/x509.h.in
@@ -1,7 +1,7 @@
/*
* {- join("\n * ", @autowarntext) -}
*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -67,16 +67,24 @@ extern "C" {
# define X509_FILETYPE_ASN1 2
# define X509_FILETYPE_DEFAULT 3
-# define X509v3_KU_DIGITAL_SIGNATURE 0x0080
-# define X509v3_KU_NON_REPUDIATION 0x0040
-# define X509v3_KU_KEY_ENCIPHERMENT 0x0020
-# define X509v3_KU_DATA_ENCIPHERMENT 0x0010
-# define X509v3_KU_KEY_AGREEMENT 0x0008
-# define X509v3_KU_KEY_CERT_SIGN 0x0004
-# define X509v3_KU_CRL_SIGN 0x0002
-# define X509v3_KU_ENCIPHER_ONLY 0x0001
-# define X509v3_KU_DECIPHER_ONLY 0x8000
-# define X509v3_KU_UNDEF 0xffff
+/*-
+ * <https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3>:
+ * The KeyUsage BITSTRING is treated as a little-endian integer, hence bit `0`
+ * is 0x80, while bit `7` is 0x01 (the LSB of the integer value), bit `8` is
+ * then the MSB of the second octet, or 0x8000.
+ */
+# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 /* (0) */
+# define X509v3_KU_NON_REPUDIATION 0x0040 /* (1) */
+# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 /* (2) */
+# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 /* (3) */
+# define X509v3_KU_KEY_AGREEMENT 0x0008 /* (4) */
+# define X509v3_KU_KEY_CERT_SIGN 0x0004 /* (5) */
+# define X509v3_KU_CRL_SIGN 0x0002 /* (6) */
+# define X509v3_KU_ENCIPHER_ONLY 0x0001 /* (7) */
+# define X509v3_KU_DECIPHER_ONLY 0x8000 /* (8) */
+# ifndef OPENSSL_NO_DEPRECATED_3_4
+# define X509v3_KU_UNDEF 0xffff /* vestigial, not used */
+# endif
struct X509_algor_st {
ASN1_OBJECT *algorithm;
@@ -271,7 +279,12 @@ typedef struct PBKDF2PARAM_st {
X509_ALGOR *prf;
} PBKDF2PARAM;
-#ifndef OPENSSL_NO_SCRYPT
+typedef struct {
+ X509_ALGOR *keyDerivationFunc;
+ X509_ALGOR *messageAuthScheme;
+} PBMAC1PARAM;
+
+# ifndef OPENSSL_NO_SCRYPT
typedef struct SCRYPT_PARAMS_st {
ASN1_OCTET_STRING *salt;
ASN1_INTEGER *costParameter;
@@ -279,7 +292,7 @@ typedef struct SCRYPT_PARAMS_st {
ASN1_INTEGER *parallelizationParameter;
ASN1_INTEGER *keyLength;
} SCRYPT_PARAMS;
-#endif
+# endif
#ifdef __cplusplus
}
@@ -702,7 +715,7 @@ X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
int X509_REQ_extension_nid(int nid);
int *X509_REQ_get_extension_nids(void);
void X509_REQ_set_extension_nids(int *nids);
-STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
+STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(OSSL_FUTURE_CONST X509_REQ *req);
int X509_REQ_add_extensions_nid(X509_REQ *req,
const STACK_OF(X509_EXTENSION) *exts, int nid);
int X509_REQ_add_extensions(X509_REQ *req, const STACK_OF(X509_EXTENSION) *ext);
@@ -891,6 +904,9 @@ X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
X509_EXTENSION *ex, int loc);
+STACK_OF(X509_EXTENSION)
+ *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target,
+ const STACK_OF(X509_EXTENSION) *exts);
int X509_get_ext_count(const X509 *x);
int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
@@ -1012,9 +1028,10 @@ X509 *X509_find_by_subject(STACK_OF(X509) *sk, const X509_NAME *name);
DECLARE_ASN1_FUNCTIONS(PBEPARAM)
DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
-#ifndef OPENSSL_NO_SCRYPT
+DECLARE_ASN1_FUNCTIONS(PBMAC1PARAM)
+# ifndef OPENSSL_NO_SCRYPT
DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS)
-#endif
+# endif
int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
const unsigned char *salt, int saltlen);
@@ -1051,6 +1068,7 @@ X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen,
int prf_nid, int keylen,
OSSL_LIB_CTX *libctx);
+PBKDF2PARAM *PBMAC1_get1_pbkdf2_param(const X509_ALGOR *macalg);
/* PKCS#8 utilities */
DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
diff --git a/vendor/openssl/include/openssl/x509_acert.h.in b/vendor/openssl/include/openssl/x509_acert.h.in
index 70facf8..76570d4 100644
--- a/vendor/openssl/include/openssl/x509_acert.h.in
+++ b/vendor/openssl/include/openssl/x509_acert.h.in
@@ -1,7 +1,7 @@
/*
* {- join("\n * ", @autowarntext) -}
*
- * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/vendor/openssl/include/openssl/x509err.h b/vendor/openssl/include/openssl/x509err.h
index 71b557a..77b91c8 100644
--- a/vendor/openssl/include/openssl/x509err.h
+++ b/vendor/openssl/include/openssl/x509err.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -63,6 +63,7 @@
# define X509_R_UNKNOWN_SIGID_ALGS 144
# define X509_R_UNKNOWN_TRUST_ID 120
# define X509_R_UNSUPPORTED_ALGORITHM 111
+# define X509_R_UNSUPPORTED_VERSION 145
# define X509_R_WRONG_LOOKUP_TYPE 112
# define X509_R_WRONG_TYPE 122
diff --git a/vendor/openssl/include/openssl/x509v3.h.in b/vendor/openssl/include/openssl/x509v3.h.in
index 5696803..0f37e13 100644
--- a/vendor/openssl/include/openssl/x509v3.h.in
+++ b/vendor/openssl/include/openssl/x509v3.h.in
@@ -1,7 +1,7 @@
/*
* {- join("\n * ", @autowarntext) -}
*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -126,6 +126,11 @@ typedef struct BASIC_CONSTRAINTS_st {
ASN1_INTEGER *pathlen;
} BASIC_CONSTRAINTS;
+typedef struct OSSL_BASIC_ATTR_CONSTRAINTS_st {
+ int authority;
+ ASN1_INTEGER *pathlen;
+} OSSL_BASIC_ATTR_CONSTRAINTS;
+
typedef struct PKEY_USAGE_PERIOD_st {
ASN1_GENERALIZEDTIME *notBefore;
ASN1_GENERALIZEDTIME *notAfter;
@@ -178,6 +183,8 @@ typedef struct ACCESS_DESCRIPTION_st {
GENERAL_NAME *location;
} ACCESS_DESCRIPTION;
+int GENERAL_NAME_set1_X509_NAME(GENERAL_NAME **tgt, const X509_NAME *src);
+
{-
generate_stack_macros("ACCESS_DESCRIPTION")
.generate_stack_macros("GENERAL_NAME");
@@ -201,6 +208,7 @@ typedef struct DIST_POINT_NAME_st {
/* If relativename then this contains the full distribution point name */
X509_NAME *dpname;
} DIST_POINT_NAME;
+DECLARE_ASN1_DUP_FUNCTION(DIST_POINT_NAME)
/* All existing reasons */
# define CRLDP_ALL_REASONS 0x807f
@@ -422,15 +430,16 @@ struct ISSUING_DIST_POINT_st {
# define EXFLAG_SAN_CRITICAL 0x80000
# define EXFLAG_NO_FINGERPRINT 0x100000
-# define KU_DIGITAL_SIGNATURE 0x0080
-# define KU_NON_REPUDIATION 0x0040
-# define KU_KEY_ENCIPHERMENT 0x0020
-# define KU_DATA_ENCIPHERMENT 0x0010
-# define KU_KEY_AGREEMENT 0x0008
-# define KU_KEY_CERT_SIGN 0x0004
-# define KU_CRL_SIGN 0x0002
-# define KU_ENCIPHER_ONLY 0x0001
-# define KU_DECIPHER_ONLY 0x8000
+/* https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3 */
+# define KU_DIGITAL_SIGNATURE X509v3_KU_DIGITAL_SIGNATURE
+# define KU_NON_REPUDIATION X509v3_KU_NON_REPUDIATION
+# define KU_KEY_ENCIPHERMENT X509v3_KU_KEY_ENCIPHERMENT
+# define KU_DATA_ENCIPHERMENT X509v3_KU_DATA_ENCIPHERMENT
+# define KU_KEY_AGREEMENT X509v3_KU_KEY_AGREEMENT
+# define KU_KEY_CERT_SIGN X509v3_KU_KEY_CERT_SIGN
+# define KU_CRL_SIGN X509v3_KU_CRL_SIGN
+# define KU_ENCIPHER_ONLY X509v3_KU_ENCIPHER_ONLY
+# define KU_DECIPHER_ONLY X509v3_KU_DECIPHER_ONLY
# define NS_SSL_CLIENT 0x80
# define NS_SSL_SERVER 0x40
@@ -507,6 +516,7 @@ typedef struct x509_purpose_st {
# define X509V3_ADD_SILENT 0x10
DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
+DECLARE_ASN1_FUNCTIONS(OSSL_BASIC_ATTR_CONSTRAINTS)
DECLARE_ASN1_FUNCTIONS(SXNET)
DECLARE_ASN1_FUNCTIONS(SXNETID)
@@ -1015,6 +1025,18 @@ const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber(
void PROFESSION_INFO_set0_registrationNumber(
PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn);
+int OSSL_GENERAL_NAMES_print(BIO *out, GENERAL_NAMES *gens, int indent);
+
+typedef STACK_OF(X509_ATTRIBUTE) OSSL_ATTRIBUTES_SYNTAX;
+DECLARE_ASN1_FUNCTIONS(OSSL_ATTRIBUTES_SYNTAX)
+
+typedef STACK_OF(USERNOTICE) OSSL_USER_NOTICE_SYNTAX;
+DECLARE_ASN1_FUNCTIONS(OSSL_USER_NOTICE_SYNTAX)
+
+{-
+ generate_stack_macros("USERNOTICE");
+-}
+
# ifdef __cplusplus
}
# endif
diff --git a/vendor/secp256k1/include/secp256k1/secp256k1.h b/vendor/secp256k1/include/secp256k1/secp256k1.h
index cfbdd52..c6e9417 100644
--- a/vendor/secp256k1/include/secp256k1/secp256k1.h
+++ b/vendor/secp256k1/include/secp256k1/secp256k1.h
@@ -49,19 +49,6 @@ extern "C" {
*/
typedef struct secp256k1_context_struct secp256k1_context;
-/** Opaque data structure that holds rewritable "scratch space"
- *
- * The purpose of this structure is to replace dynamic memory allocations,
- * because we target architectures where this may not be available. It is
- * essentially a resizable (within specified parameters) block of bytes,
- * which is initially created either by memory allocation or TODO as a pointer
- * into some fixed rewritable space.
- *
- * Unlike the context object, this cannot safely be shared between threads
- * without additional synchronization logic.
- */
-typedef struct secp256k1_scratch_space_struct secp256k1_scratch_space;
-
/** Opaque data structure that holds a parsed and valid public key.
*
* The exact representation of data inside is implementation defined and not
@@ -71,11 +58,11 @@ typedef struct secp256k1_scratch_space_struct secp256k1_scratch_space;
* use secp256k1_ec_pubkey_serialize and secp256k1_ec_pubkey_parse. To
* compare keys, use secp256k1_ec_pubkey_cmp.
*/
-typedef struct {
+typedef struct secp256k1_pubkey {
unsigned char data[64];
} secp256k1_pubkey;
-/** Opaque data structured that holds a parsed ECDSA signature.
+/** Opaque data structure that holds a parsed ECDSA signature.
*
* The exact representation of data inside is implementation defined and not
* guaranteed to be portable between different platforms or versions. It is
@@ -84,7 +71,7 @@ typedef struct {
* comparison, use the secp256k1_ecdsa_signature_serialize_* and
* secp256k1_ecdsa_signature_parse_* functions.
*/
-typedef struct {
+typedef struct secp256k1_ecdsa_signature {
unsigned char data[64];
} secp256k1_ecdsa_signature;
@@ -147,6 +134,15 @@ typedef int (*secp256k1_nonce_function)(
* 1. If using Libtool, it defines DLL_EXPORT automatically.
* 2. In other cases, SECP256K1_DLL_EXPORT must be defined. */
# define SECP256K1_API extern __declspec (dllexport)
+# else
+ /* Building libsecp256k1 as a static library on Windows.
+ * No declspec is needed, and so we would want the non-Windows-specific
+ * logic below take care of this case. However, this may result in setting
+ * __attribute__ ((visibility("default"))), which is supposed to be a noop
+ * on Windows but may trigger warnings when compiling with -flto due to a
+ * bug in GCC, see
+ * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116478 . */
+# define SECP256K1_API extern
# endif
/* The user must define SECP256K1_STATIC when consuming libsecp256k1 as a static
* library on Windows. */
@@ -156,11 +152,12 @@ typedef int (*secp256k1_nonce_function)(
# endif
#endif
#ifndef SECP256K1_API
+/* All cases not captured by the Windows-specific logic. */
# if defined(__GNUC__) && (__GNUC__ >= 4) && defined(SECP256K1_BUILD)
- /* Building libsecp256k1 on non-Windows using GCC or compatible. */
+ /* Building libsecp256k1 using GCC or compatible. */
# define SECP256K1_API extern __attribute__ ((visibility ("default")))
# else
- /* All cases not captured above. */
+ /* Fall back to standard C's extern. */
# define SECP256K1_API extern
# endif
#endif
@@ -392,29 +389,6 @@ SECP256K1_API void secp256k1_context_set_error_callback(
const void *data
) SECP256K1_ARG_NONNULL(1);
-/** Create a secp256k1 scratch space object.
- *
- * Returns: a newly created scratch space.
- * Args: ctx: pointer to a context object.
- * In: size: amount of memory to be available as scratch space. Some extra
- * (<100 bytes) will be allocated for extra accounting.
- */
-SECP256K1_API SECP256K1_WARN_UNUSED_RESULT secp256k1_scratch_space *secp256k1_scratch_space_create(
- const secp256k1_context *ctx,
- size_t size
-) SECP256K1_ARG_NONNULL(1);
-
-/** Destroy a secp256k1 scratch space.
- *
- * The pointer may not be used afterwards.
- * Args: ctx: pointer to a context object.
- * scratch: space to destroy
- */
-SECP256K1_API void secp256k1_scratch_space_destroy(
- const secp256k1_context *ctx,
- secp256k1_scratch_space *scratch
-) SECP256K1_ARG_NONNULL(1);
-
/** Parse a variable-length public key into the pubkey object.
*
* Returns: 1 if the public key was fully valid.
@@ -679,12 +653,14 @@ SECP256K1_API int secp256k1_ecdsa_sign(
const void *ndata
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
-/** Verify an ECDSA secret key.
+/** Verify an elliptic curve secret key.
*
* A secret key is valid if it is not 0 and less than the secp256k1 curve order
* when interpreted as an integer (most significant byte first). The
* probability of choosing a 32-byte string uniformly at random which is an
- * invalid secret key is negligible.
+ * invalid secret key is negligible. However, if it does happen it should
+ * be assumed that the randomness source is severely broken and there should
+ * be no retry.
*
* Returns: 1: secret key is valid
* 0: secret key is invalid
diff --git a/vendor/secp256k1/include/secp256k1/secp256k1_ellswift.h b/vendor/secp256k1/include/secp256k1/secp256k1_ellswift.h
index ae37287..0d1293e 100644
--- a/vendor/secp256k1/include/secp256k1/secp256k1_ellswift.h
+++ b/vendor/secp256k1/include/secp256k1/secp256k1_ellswift.h
@@ -35,7 +35,7 @@ extern "C" {
*
* If the Y coordinate is relevant, it is given the same parity as t.
*
- * Changes w.r.t. the the paper:
+ * Changes w.r.t. the paper:
* - The u=0, t=0, and u^3+t^2+7=0 conditions result in decoding to the point
* at infinity in the paper. Here they are remapped to finite points.
* - The paper uses an additional encoding bit for the parity of y. Here the
diff --git a/vendor/secp256k1/include/secp256k1/secp256k1_extrakeys.h b/vendor/secp256k1/include/secp256k1/secp256k1_extrakeys.h
index ad70b92..48c9869 100644
--- a/vendor/secp256k1/include/secp256k1/secp256k1_extrakeys.h
+++ b/vendor/secp256k1/include/secp256k1/secp256k1_extrakeys.h
@@ -19,7 +19,7 @@ extern "C" {
* use secp256k1_xonly_pubkey_serialize and secp256k1_xonly_pubkey_parse. To
* compare keys, use secp256k1_xonly_pubkey_cmp.
*/
-typedef struct {
+typedef struct secp256k1_xonly_pubkey {
unsigned char data[64];
} secp256k1_xonly_pubkey;
@@ -30,7 +30,7 @@ typedef struct {
* guaranteed to be portable between different platforms or versions. It is
* however guaranteed to be 96 bytes in size, and can be safely copied/moved.
*/
-typedef struct {
+typedef struct secp256k1_keypair {
unsigned char data[96];
} secp256k1_keypair;
@@ -155,10 +155,13 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add_
const unsigned char *tweak32
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5);
-/** Compute the keypair for a secret key.
+/** Compute the keypair for a valid secret key.
*
- * Returns: 1: secret was valid, keypair is ready to use
- * 0: secret was invalid, try again with a different secret
+ * See the documentation of `secp256k1_ec_seckey_verify` for more information
+ * about the validity of secret keys.
+ *
+ * Returns: 1: secret key is valid
+ * 0: secret key is invalid
* Args: ctx: pointer to a context object (not secp256k1_context_static).
* Out: keypair: pointer to the created keypair.
* In: seckey: pointer to a 32-byte secret key.
diff --git a/vendor/secp256k1/include/secp256k1/secp256k1_musig.h b/vendor/secp256k1/include/secp256k1/secp256k1_musig.h
new file mode 100644
index 0000000..11b8f08
--- /dev/null
+++ b/vendor/secp256k1/include/secp256k1/secp256k1_musig.h
@@ -0,0 +1,588 @@
+#ifndef SECP256K1_MUSIG_H
+#define SECP256K1_MUSIG_H
+
+#include "secp256k1_extrakeys.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+/** This module implements BIP 327 "MuSig2 for BIP340-compatible
+ * Multi-Signatures"
+ * (https://github.com/bitcoin/bips/blob/master/bip-0327.mediawiki)
+ * v1.0.0. You can find an example demonstrating the musig module in
+ * examples/musig.c.
+ *
+ * The module also supports BIP 341 ("Taproot") public key tweaking.
+ *
+ * It is recommended to read the documentation in this include file carefully.
+ * Further notes on API usage can be found in doc/musig.md
+ *
+ * Since the first version of MuSig is essentially replaced by MuSig2, we use
+ * MuSig, musig and MuSig2 synonymously unless noted otherwise.
+ */
+
+/** Opaque data structures
+ *
+ * The exact representation of data inside the opaque data structures is
+ * implementation defined and not guaranteed to be portable between different
+ * platforms or versions. With the exception of `secp256k1_musig_secnonce`, the
+ * data structures can be safely copied/moved. If you need to convert to a
+ * format suitable for storage, transmission, or comparison, use the
+ * corresponding serialization and parsing functions.
+ */
+
+/** Opaque data structure that caches information about public key aggregation.
+ *
+ * Guaranteed to be 197 bytes in size. No serialization and parsing functions
+ * (yet).
+ */
+typedef struct secp256k1_musig_keyagg_cache {
+ unsigned char data[197];
+} secp256k1_musig_keyagg_cache;
+
+/** Opaque data structure that holds a signer's _secret_ nonce.
+ *
+ * Guaranteed to be 132 bytes in size.
+ *
+ * WARNING: This structure MUST NOT be copied or read or written to directly. A
+ * signer who is online throughout the whole process and can keep this
+ * structure in memory can use the provided API functions for a safe standard
+ * workflow.
+ *
+ * Copying this data structure can result in nonce reuse which will leak the
+ * secret signing key.
+ */
+typedef struct secp256k1_musig_secnonce {
+ unsigned char data[132];
+} secp256k1_musig_secnonce;
+
+/** Opaque data structure that holds a signer's public nonce.
+ *
+ * Guaranteed to be 132 bytes in size. Serialized and parsed with
+ * `musig_pubnonce_serialize` and `musig_pubnonce_parse`.
+ */
+typedef struct secp256k1_musig_pubnonce {
+ unsigned char data[132];
+} secp256k1_musig_pubnonce;
+
+/** Opaque data structure that holds an aggregate public nonce.
+ *
+ * Guaranteed to be 132 bytes in size. Serialized and parsed with
+ * `musig_aggnonce_serialize` and `musig_aggnonce_parse`.
+ */
+typedef struct secp256k1_musig_aggnonce {
+ unsigned char data[132];
+} secp256k1_musig_aggnonce;
+
+/** Opaque data structure that holds a MuSig session.
+ *
+ * This structure is not required to be kept secret for the signing protocol to
+ * be secure. Guaranteed to be 133 bytes in size. No serialization and parsing
+ * functions (yet).
+ */
+typedef struct secp256k1_musig_session {
+ unsigned char data[133];
+} secp256k1_musig_session;
+
+/** Opaque data structure that holds a partial MuSig signature.
+ *
+ * Guaranteed to be 36 bytes in size. Serialized and parsed with
+ * `musig_partial_sig_serialize` and `musig_partial_sig_parse`.
+ */
+typedef struct secp256k1_musig_partial_sig {
+ unsigned char data[36];
+} secp256k1_musig_partial_sig;
+
+/** Parse a signer's public nonce.
+ *
+ * Returns: 1 when the nonce could be parsed, 0 otherwise.
+ * Args: ctx: pointer to a context object
+ * Out: nonce: pointer to a nonce object
+ * In: in66: pointer to the 66-byte nonce to be parsed
+ */
+SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubnonce_parse(
+ const secp256k1_context *ctx,
+ secp256k1_musig_pubnonce *nonce,
+ const unsigned char *in66
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
+
+/** Serialize a signer's public nonce
+ *
+ * Returns: 1 always
+ * Args: ctx: pointer to a context object
+ * Out: out66: pointer to a 66-byte array to store the serialized nonce
+ * In: nonce: pointer to the nonce
+ */
+SECP256K1_API int secp256k1_musig_pubnonce_serialize(
+ const secp256k1_context *ctx,
+ unsigned char *out66,
+ const secp256k1_musig_pubnonce *nonce
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
+
+/** Parse an aggregate public nonce.
+ *
+ * Returns: 1 when the nonce could be parsed, 0 otherwise.
+ * Args: ctx: pointer to a context object
+ * Out: nonce: pointer to a nonce object
+ * In: in66: pointer to the 66-byte nonce to be parsed
+ */
+SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_aggnonce_parse(
+ const secp256k1_context *ctx,
+ secp256k1_musig_aggnonce *nonce,
+ const unsigned char *in66
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
+
+/** Serialize an aggregate public nonce
+ *
+ * Returns: 1 always
+ * Args: ctx: pointer to a context object
+ * Out: out66: pointer to a 66-byte array to store the serialized nonce
+ * In: nonce: pointer to the nonce
+ */
+SECP256K1_API int secp256k1_musig_aggnonce_serialize(
+ const secp256k1_context *ctx,
+ unsigned char *out66,
+ const secp256k1_musig_aggnonce *nonce
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
+
+/** Parse a MuSig partial signature.
+ *
+ * Returns: 1 when the signature could be parsed, 0 otherwise.
+ * Args: ctx: pointer to a context object
+ * Out: sig: pointer to a signature object
+ * In: in32: pointer to the 32-byte signature to be parsed
+ */
+SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_partial_sig_parse(
+ const secp256k1_context *ctx,
+ secp256k1_musig_partial_sig *sig,
+ const unsigned char *in32
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
+
+/** Serialize a MuSig partial signature
+ *
+ * Returns: 1 always
+ * Args: ctx: pointer to a context object
+ * Out: out32: pointer to a 32-byte array to store the serialized signature
+ * In: sig: pointer to the signature
+ */
+SECP256K1_API int secp256k1_musig_partial_sig_serialize(
+ const secp256k1_context *ctx,
+ unsigned char *out32,
+ const secp256k1_musig_partial_sig *sig
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
+
+/** Computes an aggregate public key and uses it to initialize a keyagg_cache
+ *
+ * Different orders of `pubkeys` result in different `agg_pk`s.
+ *
+ * Before aggregating, the pubkeys can be sorted with `secp256k1_ec_pubkey_sort`
+ * which ensures the same `agg_pk` result for the same multiset of pubkeys.
+ * This is useful to do before `pubkey_agg`, such that the order of pubkeys
+ * does not affect the aggregate public key.
+ *
+ * Returns: 0 if the arguments are invalid, 1 otherwise
+ * Args: ctx: pointer to a context object
+ * Out: agg_pk: the MuSig-aggregated x-only public key. If you do not need it,
+ * this arg can be NULL.
+ * keyagg_cache: if non-NULL, pointer to a musig_keyagg_cache struct that
+ * is required for signing (or observing the signing session
+ * and verifying partial signatures).
+ * In: pubkeys: input array of pointers to public keys to aggregate. The order
+ * is important; a different order will result in a different
+ * aggregate public key.
+ * n_pubkeys: length of pubkeys array. Must be greater than 0.
+ */
+SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_agg(
+ const secp256k1_context *ctx,
+ secp256k1_xonly_pubkey *agg_pk,
+ secp256k1_musig_keyagg_cache *keyagg_cache,
+ const secp256k1_pubkey * const *pubkeys,
+ size_t n_pubkeys
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(4);
+
+/** Obtain the aggregate public key from a keyagg_cache.
+ *
+ * This is only useful if you need the non-xonly public key, in particular for
+ * plain (non-xonly) tweaking or batch-verifying multiple key aggregations
+ * (not implemented).
+ *
+ * Returns: 0 if the arguments are invalid, 1 otherwise
+ * Args: ctx: pointer to a context object
+ * Out: agg_pk: the MuSig-aggregated public key.
+ * In: keyagg_cache: pointer to a `musig_keyagg_cache` struct initialized by
+ * `musig_pubkey_agg`
+ */
+SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_get(
+ const secp256k1_context *ctx,
+ secp256k1_pubkey *agg_pk,
+ const secp256k1_musig_keyagg_cache *keyagg_cache
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
+
+/** Apply plain "EC" tweaking to a public key in a given keyagg_cache by adding
+ * the generator multiplied with `tweak32` to it. This is useful for deriving
+ * child keys from an aggregate public key via BIP 32 where `tweak32` is set to
+ * a hash as defined in BIP 32.
+ *
+ * Callers are responsible for deriving `tweak32` in a way that does not reduce
+ * the security of MuSig (for example, by following BIP 32).
+ *
+ * The tweaking method is the same as `secp256k1_ec_pubkey_tweak_add`. So after
+ * the following pseudocode buf and buf2 have identical contents (absent
+ * earlier failures).
+ *
+ * secp256k1_musig_pubkey_agg(..., keyagg_cache, pubkeys, ...)
+ * secp256k1_musig_pubkey_get(..., agg_pk, keyagg_cache)
+ * secp256k1_musig_pubkey_ec_tweak_add(..., output_pk, tweak32, keyagg_cache)
+ * secp256k1_ec_pubkey_serialize(..., buf, ..., output_pk, ...)
+ * secp256k1_ec_pubkey_tweak_add(..., agg_pk, tweak32)
+ * secp256k1_ec_pubkey_serialize(..., buf2, ..., agg_pk, ...)
+ *
+ * This function is required if you want to _sign_ for a tweaked aggregate key.
+ * If you are only computing a public key but not intending to create a
+ * signature for it, use `secp256k1_ec_pubkey_tweak_add` instead.
+ *
+ * Returns: 0 if the arguments are invalid, 1 otherwise
+ * Args: ctx: pointer to a context object
+ * Out: output_pubkey: pointer to a public key to store the result. Will be set
+ * to an invalid value if this function returns 0. If you
+ * do not need it, this arg can be NULL.
+ * In/Out: keyagg_cache: pointer to a `musig_keyagg_cache` struct initialized by
+ * `musig_pubkey_agg`
+ * In: tweak32: pointer to a 32-byte tweak. The tweak is valid if it passes
+ * `secp256k1_ec_seckey_verify` and is not equal to the
+ * secret key corresponding to the public key represented
+ * by keyagg_cache or its negation. For uniformly random
+ * 32-byte arrays the chance of being invalid is
+ * negligible (around 1 in 2^128).
+ */
+SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_ec_tweak_add(
+ const secp256k1_context *ctx,
+ secp256k1_pubkey *output_pubkey,
+ secp256k1_musig_keyagg_cache *keyagg_cache,
+ const unsigned char *tweak32
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
+
+/** Apply x-only tweaking to a public key in a given keyagg_cache by adding the
+ * generator multiplied with `tweak32` to it. This is useful for creating
+ * Taproot outputs where `tweak32` is set to a TapTweak hash as defined in BIP
+ * 341.
+ *
+ * Callers are responsible for deriving `tweak32` in a way that does not reduce
+ * the security of MuSig (for example, by following Taproot BIP 341).
+ *
+ * The tweaking method is the same as `secp256k1_xonly_pubkey_tweak_add`. So in
+ * the following pseudocode xonly_pubkey_tweak_add_check (absent earlier
+ * failures) returns 1.
+ *
+ * secp256k1_musig_pubkey_agg(..., agg_pk, keyagg_cache, pubkeys, ...)
+ * secp256k1_musig_pubkey_xonly_tweak_add(..., output_pk, keyagg_cache, tweak32)
+ * secp256k1_xonly_pubkey_serialize(..., buf, output_pk)
+ * secp256k1_xonly_pubkey_tweak_add_check(..., buf, ..., agg_pk, tweak32)
+ *
+ * This function is required if you want to _sign_ for a tweaked aggregate key.
+ * If you are only computing a public key but not intending to create a
+ * signature for it, use `secp256k1_xonly_pubkey_tweak_add` instead.
+ *
+ * Returns: 0 if the arguments are invalid, 1 otherwise
+ * Args: ctx: pointer to a context object
+ * Out: output_pubkey: pointer to a public key to store the result. Will be set
+ * to an invalid value if this function returns 0. If you
+ * do not need it, this arg can be NULL.
+ * In/Out: keyagg_cache: pointer to a `musig_keyagg_cache` struct initialized by
+ * `musig_pubkey_agg`
+ * In: tweak32: pointer to a 32-byte tweak. The tweak is valid if it passes
+ * `secp256k1_ec_seckey_verify` and is not equal to the
+ * secret key corresponding to the public key represented
+ * by keyagg_cache or its negation. For uniformly random
+ * 32-byte arrays the chance of being invalid is
+ * negligible (around 1 in 2^128).
+ */
+SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_xonly_tweak_add(
+ const secp256k1_context *ctx,
+ secp256k1_pubkey *output_pubkey,
+ secp256k1_musig_keyagg_cache *keyagg_cache,
+ const unsigned char *tweak32
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
+
+/** Starts a signing session by generating a nonce
+ *
+ * This function outputs a secret nonce that will be required for signing and a
+ * corresponding public nonce that is intended to be sent to other signers.
+ *
+ * MuSig differs from regular Schnorr signing in that implementers _must_ take
+ * special care to not reuse a nonce. This can be ensured by following these rules:
+ *
+ * 1. Each call to this function must have a UNIQUE session_secrand32 that must
+ * NOT BE REUSED in subsequent calls to this function and must be KEPT
+ * SECRET (even from other signers).
+ * 2. If you already know the seckey, message or aggregate public key
+ * cache, they can be optionally provided to derive the nonce and increase
+ * misuse-resistance. The extra_input32 argument can be used to provide
+ * additional data that does not repeat in normal scenarios, such as the
+ * current time.
+ * 3. Avoid copying (or serializing) the secnonce. This reduces the possibility
+ * that it is used more than once for signing.
+ *
+ * If you don't have access to good randomness for session_secrand32, but you
+ * have access to a non-repeating counter, then see
+ * secp256k1_musig_nonce_gen_counter.
+ *
+ * Remember that nonce reuse will leak the secret key!
+ * Note that using the same seckey for multiple MuSig sessions is fine.
+ *
+ * Returns: 0 if the arguments are invalid and 1 otherwise
+ * Args: ctx: pointer to a context object (not secp256k1_context_static)
+ * Out: secnonce: pointer to a structure to store the secret nonce
+ * pubnonce: pointer to a structure to store the public nonce
+ * In/Out:
+ * session_secrand32: a 32-byte session_secrand32 as explained above. Must be unique to this
+ * call to secp256k1_musig_nonce_gen and must be uniformly
+ * random. If the function call is successful, the
+ * session_secrand32 buffer is invalidated to prevent reuse.
+ * In:
+ * seckey: the 32-byte secret key that will later be used for signing, if
+ * already known (can be NULL)
+ * pubkey: public key of the signer creating the nonce. The secnonce
+ * output of this function cannot be used to sign for any
+ * other public key. While the public key should correspond
+ * to the provided seckey, a mismatch will not cause the
+ * function to return 0.
+ * msg32: the 32-byte message that will later be signed, if already known
+ * (can be NULL)
+ * keyagg_cache: pointer to the keyagg_cache that was used to create the aggregate
+ * (and potentially tweaked) public key if already known
+ * (can be NULL)
+ * extra_input32: an optional 32-byte array that is input to the nonce
+ * derivation function (can be NULL)
+ */
+SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_nonce_gen(
+ const secp256k1_context *ctx,
+ secp256k1_musig_secnonce *secnonce,
+ secp256k1_musig_pubnonce *pubnonce,
+ unsigned char *session_secrand32,
+ const unsigned char *seckey,
+ const secp256k1_pubkey *pubkey,
+ const unsigned char *msg32,
+ const secp256k1_musig_keyagg_cache *keyagg_cache,
+ const unsigned char *extra_input32
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(6);
+
+
+/** Alternative way to generate a nonce and start a signing session
+ *
+ * This function outputs a secret nonce that will be required for signing and a
+ * corresponding public nonce that is intended to be sent to other signers.
+ *
+ * This function differs from `secp256k1_musig_nonce_gen` by accepting a
+ * non-repeating counter value instead of a secret random value. This requires
+ * that a secret key is provided to `secp256k1_musig_nonce_gen_counter`
+ * (through the keypair argument), as opposed to `secp256k1_musig_nonce_gen`
+ * where the seckey argument is optional.
+ *
+ * MuSig differs from regular Schnorr signing in that implementers _must_ take
+ * special care to not reuse a nonce. This can be ensured by following these rules:
+ *
+ * 1. The nonrepeating_cnt argument must be a counter value that never repeats,
+ * i.e., you must never call `secp256k1_musig_nonce_gen_counter` twice with
+ * the same keypair and nonrepeating_cnt value. For example, this implies
+ * that if the same keypair is used with `secp256k1_musig_nonce_gen_counter`
+ * on multiple devices, none of the devices should have the same counter
+ * value as any other device.
+ * 2. If the seckey, message or aggregate public key cache is already available
+ * at this stage, any of these can be optionally provided, in which case
+ * they will be used in the derivation of the nonce and increase
+ * misuse-resistance. The extra_input32 argument can be used to provide
+ * additional data that does not repeat in normal scenarios, such as the
+ * current time.
+ * 3. Avoid copying (or serializing) the secnonce. This reduces the possibility
+ * that it is used more than once for signing.
+ *
+ * Remember that nonce reuse will leak the secret key!
+ * Note that using the same keypair for multiple MuSig sessions is fine.
+ *
+ * Returns: 0 if the arguments are invalid and 1 otherwise
+ * Args: ctx: pointer to a context object (not secp256k1_context_static)
+ * Out: secnonce: pointer to a structure to store the secret nonce
+ * pubnonce: pointer to a structure to store the public nonce
+ * In:
+ * nonrepeating_cnt: the value of a counter as explained above. Must be
+ * unique to this call to secp256k1_musig_nonce_gen.
+ * keypair: keypair of the signer creating the nonce. The secnonce
+ * output of this function cannot be used to sign for any
+ * other keypair.
+ * msg32: the 32-byte message that will later be signed, if already known
+ * (can be NULL)
+ * keyagg_cache: pointer to the keyagg_cache that was used to create the aggregate
+ * (and potentially tweaked) public key if already known
+ * (can be NULL)
+ * extra_input32: an optional 32-byte array that is input to the nonce
+ * derivation function (can be NULL)
+ */
+SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_nonce_gen_counter(
+ const secp256k1_context *ctx,
+ secp256k1_musig_secnonce *secnonce,
+ secp256k1_musig_pubnonce *pubnonce,
+ uint64_t nonrepeating_cnt,
+ const secp256k1_keypair *keypair,
+ const unsigned char *msg32,
+ const secp256k1_musig_keyagg_cache *keyagg_cache,
+ const unsigned char *extra_input32
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(5);
+
+/** Aggregates the nonces of all signers into a single nonce
+ *
+ * This can be done by an untrusted party to reduce the communication
+ * between signers. Instead of everyone sending nonces to everyone else, there
+ * can be one party receiving all nonces, aggregating the nonces with this
+ * function and then sending only the aggregate nonce back to the signers.
+ *
+ * If the aggregator does not compute the aggregate nonce correctly, the final
+ * signature will be invalid.
+ *
+ * Returns: 0 if the arguments are invalid, 1 otherwise
+ * Args: ctx: pointer to a context object
+ * Out: aggnonce: pointer to an aggregate public nonce object for
+ * musig_nonce_process
+ * In: pubnonces: array of pointers to public nonces sent by the
+ * signers
+ * n_pubnonces: number of elements in the pubnonces array. Must be
+ * greater than 0.
+ */
+SECP256K1_API int secp256k1_musig_nonce_agg(
+ const secp256k1_context *ctx,
+ secp256k1_musig_aggnonce *aggnonce,
+ const secp256k1_musig_pubnonce * const *pubnonces,
+ size_t n_pubnonces
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
+
+/** Takes the aggregate nonce and creates a session that is required for signing
+ * and verification of partial signatures.
+ *
+ * Returns: 0 if the arguments are invalid, 1 otherwise
+ * Args: ctx: pointer to a context object
+ * Out: session: pointer to a struct to store the session
+ * In: aggnonce: pointer to an aggregate public nonce object that is the
+ * output of musig_nonce_agg
+ * msg32: the 32-byte message to sign
+ * keyagg_cache: pointer to the keyagg_cache that was used to create the
+ * aggregate (and potentially tweaked) pubkey
+ */
+SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_nonce_process(
+ const secp256k1_context *ctx,
+ secp256k1_musig_session *session,
+ const secp256k1_musig_aggnonce *aggnonce,
+ const unsigned char *msg32,
+ const secp256k1_musig_keyagg_cache *keyagg_cache
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5);
+
+/** Produces a partial signature
+ *
+ * This function overwrites the given secnonce with zeros and will abort if given a
+ * secnonce that is all zeros. This is a best effort attempt to protect against nonce
+ * reuse. However, this is of course easily defeated if the secnonce has been
+ * copied (or serialized). Remember that nonce reuse will leak the secret key!
+ *
+ * For signing to succeed, the secnonce provided to this function must have
+ * been generated for the provided keypair. This means that when signing for a
+ * keypair consisting of a seckey and pubkey, the secnonce must have been
+ * created by calling musig_nonce_gen with that pubkey. Otherwise, the
+ * illegal_callback is called.
+ *
+ * This function does not verify the output partial signature, deviating from
+ * the BIP 327 specification. It is recommended to verify the output partial
+ * signature with `secp256k1_musig_partial_sig_verify` to prevent random or
+ * adversarially provoked computation errors.
+ *
+ * Returns: 0 if the arguments are invalid or the provided secnonce has already
+ * been used for signing, 1 otherwise
+ * Args: ctx: pointer to a context object
+ * Out: partial_sig: pointer to struct to store the partial signature
+ * In/Out: secnonce: pointer to the secnonce struct created in
+ * musig_nonce_gen that has been never used in a
+ * partial_sign call before and has been created for the
+ * keypair
+ * In: keypair: pointer to keypair to sign the message with
+ * keyagg_cache: pointer to the keyagg_cache that was output when the
+ * aggregate public key for this session
+ * session: pointer to the session that was created with
+ * musig_nonce_process
+ */
+SECP256K1_API int secp256k1_musig_partial_sign(
+ const secp256k1_context *ctx,
+ secp256k1_musig_partial_sig *partial_sig,
+ secp256k1_musig_secnonce *secnonce,
+ const secp256k1_keypair *keypair,
+ const secp256k1_musig_keyagg_cache *keyagg_cache,
+ const secp256k1_musig_session *session
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(6);
+
+/** Verifies an individual signer's partial signature
+ *
+ * The signature is verified for a specific signing session. In order to avoid
+ * accidentally verifying a signature from a different or non-existing signing
+ * session, you must ensure the following:
+ * 1. The `keyagg_cache` argument is identical to the one used to create the
+ * `session` with `musig_nonce_process`.
+ * 2. The `pubkey` argument must be identical to the one sent by the signer
+ * before aggregating it with `musig_pubkey_agg` to create the
+ * `keyagg_cache`.
+ * 3. The `pubnonce` argument must be identical to the one sent by the signer
+ * before aggregating it with `musig_nonce_agg` and using the result to
+ * create the `session` with `musig_nonce_process`.
+ *
+ * It is not required to call this function in regular MuSig sessions, because
+ * if any partial signature does not verify, the final signature will not
+ * verify either, so the problem will be caught. However, this function
+ * provides the ability to identify which specific partial signature fails
+ * verification.
+ *
+ * Returns: 0 if the arguments are invalid or the partial signature does not
+ * verify, 1 otherwise
+ * Args ctx: pointer to a context object
+ * In: partial_sig: pointer to partial signature to verify, sent by
+ * the signer associated with `pubnonce` and `pubkey`
+ * pubnonce: public nonce of the signer in the signing session
+ * pubkey: public key of the signer in the signing session
+ * keyagg_cache: pointer to the keyagg_cache that was output when the
+ * aggregate public key for this signing session
+ * session: pointer to the session that was created with
+ * `musig_nonce_process`
+ */
+SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_partial_sig_verify(
+ const secp256k1_context *ctx,
+ const secp256k1_musig_partial_sig *partial_sig,
+ const secp256k1_musig_pubnonce *pubnonce,
+ const secp256k1_pubkey *pubkey,
+ const secp256k1_musig_keyagg_cache *keyagg_cache,
+ const secp256k1_musig_session *session
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(6);
+
+/** Aggregates partial signatures
+ *
+ * Returns: 0 if the arguments are invalid, 1 otherwise (which does NOT mean
+ * the resulting signature verifies).
+ * Args: ctx: pointer to a context object
+ * Out: sig64: complete (but possibly invalid) Schnorr signature
+ * In: session: pointer to the session that was created with
+ * musig_nonce_process
+ * partial_sigs: array of pointers to partial signatures to aggregate
+ * n_sigs: number of elements in the partial_sigs array. Must be
+ * greater than 0.
+ */
+SECP256K1_API int secp256k1_musig_partial_sig_agg(
+ const secp256k1_context *ctx,
+ unsigned char *sig64,
+ const secp256k1_musig_session *session,
+ const secp256k1_musig_partial_sig * const *partial_sigs,
+ size_t n_sigs
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/vendor/secp256k1/include/secp256k1/secp256k1_recovery.h b/vendor/secp256k1/include/secp256k1/secp256k1_recovery.h
index 341b8ba..93a2e4c 100644
--- a/vendor/secp256k1/include/secp256k1/secp256k1_recovery.h
+++ b/vendor/secp256k1/include/secp256k1/secp256k1_recovery.h
@@ -7,7 +7,7 @@
extern "C" {
#endif
-/** Opaque data structured that holds a parsed ECDSA signature,
+/** Opaque data structure that holds a parsed ECDSA signature,
* supporting pubkey recovery.
*
* The exact representation of data inside is implementation defined and not
@@ -21,7 +21,7 @@ extern "C" {
* recoverability) will have identical representation, so they can be
* memcmp'ed.
*/
-typedef struct {
+typedef struct secp256k1_ecdsa_recoverable_signature {
unsigned char data[65];
} secp256k1_ecdsa_recoverable_signature;
diff --git a/vendor/secp256k1/include/secp256k1/secp256k1_schnorrsig.h b/vendor/secp256k1/include/secp256k1/secp256k1_schnorrsig.h
index 23163de..013d4ee 100644
--- a/vendor/secp256k1/include/secp256k1/secp256k1_schnorrsig.h
+++ b/vendor/secp256k1/include/secp256k1/secp256k1_schnorrsig.h
@@ -79,7 +79,7 @@ SECP256K1_API const secp256k1_nonce_function_hardened secp256k1_nonce_function_b
* secp256k1_nonce_function_bip340 is used, then ndata must be a
* pointer to 32-byte auxiliary randomness as per BIP-340.
*/
-typedef struct {
+typedef struct secp256k1_schnorrsig_extraparams {
unsigned char magic[4];
secp256k1_nonce_function_hardened noncefp;
void *ndata;