From 51d0aff9166ddaa3c74dbc2d7c1dcbdefa8405e1 Mon Sep 17 00:00:00 2001
From: vnugent <public@vaughnnugent.com>
Date: Wed, 29 May 2024 13:36:07 -0400
Subject: Squashed commit of the following:

commit 1c26ef86a04690120f4f752c7c5018a570ec5880
Author: vnugent <public@vaughnnugent.com>
Date:   Wed May 29 13:34:20 2024 -0400

    missed extra argument

commit 88c9095743a12cf8fc1793c607ba3a1e4fa86483
Author: vnugent <public@vaughnnugent.com>
Date:   Wed May 29 13:25:51 2024 -0400

    refactor!: return NC_SUCCESS when validating secret key

commit 718be80a4810b9352de7eb0707da54020aa6b649
Author: vnugent <public@vaughnnugent.com>
Date:   Mon May 27 14:52:41 2024 -0400

    fix: Properly build mbedtls & cmake fixes

commit a8a6efb2319f739e5faae550561dc27d9dd1e88d
Author: vnugent <public@vaughnnugent.com>
Date:   Sun May 26 17:39:40 2024 -0400

    chore: Update libs, reorder files, internalize private headers

commit 72e1b7be4031e2fd4d258fcf434ad049c0029201
Author: vnugent <public@vaughnnugent.com>
Date:   Sun May 26 13:39:08 2024 -0400

    fix: Add c++ extern prototypes in noscrypt.h

commit aeaac8d328b75911541be64d6f09d58fca294a08
Author: vnugent <public@vaughnnugent.com>
Date:   Sun May 26 11:47:17 2024 -0400

    refactor: Dep update, openssl chacha20 added

commit 86b02540cce6015cfe4a2a56499a9a2f45d4e368
Author: vnugent <public@vaughnnugent.com>
Date:   Sat May 18 12:24:17 2024 -0400

    refactor: Remove NCContext structure definition

commit d09d9330415d463ca19be9394b02ce11b3366f7e
Author: vnugent <public@vaughnnugent.com>
Date:   Mon May 13 22:33:50 2024 -0400

    fix: update mbedtls inline issue includes

commit 7838cb4bb15d4f453f92f56ece75e2b03986fe42
Author: vnugent <public@vaughnnugent.com>
Date:   Mon May 13 22:29:16 2024 -0400

    fix: force fPIC for secp256k1 targets

commit d76f7708bc6ae81a638ca708230ac9153ac754e2
Merge: aa8033d a526139
Author: vnugent <public@vaughnnugent.com>
Date:   Sun May 12 00:37:01 2024 -0400

    Merge branch 'master' into develop

commit aa8033d4dbfebeb72b6fd7a0cd218ebde0eb54dd
Author: vnugent <public@vaughnnugent.com>
Date:   Sun May 12 00:34:20 2024 -0400

    Final overview and test before tag

commit 4e3ead2cf1d3068e77f0959dfdc17e20e9102a0f
Merge: 2cee801 872c49d
Author: vnugent <public@vaughnnugent.com>
Date:   Mon May 6 22:08:09 2024 -0400

    Merge branch 'master' into develop

commit 2cee801979bfbcb3b0e53f592ce8c779b57cb679
Author: vnugent <public@vaughnnugent.com>
Date:   Mon May 6 22:02:39 2024 -0400

    Ensure static and dynamic libs get same args

commit f533694023133552d0d42933d779c95a5854343f
Author: vnugent <public@vaughnnugent.com>
Date:   Mon May 6 21:50:29 2024 -0400

    feat: CMake install & fetch-content test & updates

commit 940ff20348b13d0bc30d9e9f4289dd6de20b16ba
Author: vnugent <public@vaughnnugent.com>
Date:   Sun May 5 14:07:28 2024 -0400

    codeberg readonly push

commit b34ed055c0b7d143561ce8798e0a95313b9224bd
Merge: 0a40e20 e737556
Author: vnugent <public@vaughnnugent.com>
Date:   Sat May 4 14:06:45 2024 -0400

    Merge branch 'master' into develop

commit 0a40e209d03e8ff9b6f81cd5969d3e845c633bfc
Author: vnugent <public@vaughnnugent.com>
Date:   Sat May 4 13:55:19 2024 -0400

    ci: Force disable testing for win ci builds

commit 55fae189fffc86f07a3448370f0a746670819712
Author: vnugent <public@vaughnnugent.com>
Date:   Thu May 2 21:54:35 2024 -0400

    feat: Working and tested openssl impl & defaults

commit 6ff8bb11774c51fd341b7699a3938fd894995fbf
Author: vnugent <public@vaughnnugent.com>
Date:   Thu Apr 25 17:45:42 2024 -0400

    refactor: Finish support and testing for mbedtls

commit 7cb7a93de4f6f5e741bc5129e3d928e44f050930
Author: vnugent <public@vaughnnugent.com>
Date:   Tue Apr 23 18:19:31 2024 -0400

    refactor!: MbedTLS on Windows, switch to uint32

commit 30e8dda6cbea86bdee6d5dfe48514385d3b9f81b
Author: vnugent <public@vaughnnugent.com>
Date:   Tue Apr 23 14:48:05 2024 -0400

    refactor: Crypto dep redesign working on Windows

commit d09c6c1bd5da3e2d79351daeba304ca99976a726
Author: vnugent <public@vaughnnugent.com>
Date:   Thu Apr 18 00:28:51 2024 -0400

    refactor!: Pushing what I have to dev

commit 54e06ada7d624ed0d28c6a6db04a149708841bf8
Author: vnugent <public@vaughnnugent.com>
Date:   Sat Apr 13 01:24:00 2024 -0400

    fix: convert constants to hex, inline macro, ParseErrorCode

commit 4215e3100d9a0d23119080d09638fa5b60d0c6d4
Merge: d3328f4 7485aa5
Author: vnugent <public@vaughnnugent.com>
Date:   Wed Apr 3 18:26:30 2024 -0400

    Merge branch 'master' into develop

commit d3328f4152b22b28f24c43dda62464287f1efff5
Author: vnugent <public@vaughnnugent.com>
Date:   Wed Apr 3 18:22:56 2024 -0400

    build: Included dependency and versions in client builds

commit b11bc0bac955fd5c6db65f0da48456bf5e748805
Author: vnugent <public@vaughnnugent.com>
Date:   Wed Apr 3 18:10:08 2024 -0400

    fix: Fix c89 compatabilty comments and struct assignment

commit 9915bd41799a72413e6b400e150aa9f5fa797e25
Merge: 8e3d6ea 5184d7d
Author: vnugent <public@vaughnnugent.com>
Date:   Sat Mar 30 09:57:30 2024 -0400

    Merge branch 'master' into develop

commit 8e3d6ea5e3c83fe42cb904b6ccc4fe2b73f76aae
Author: vnugent <public@vaughnnugent.com>
Date:   Sat Mar 30 09:52:55 2024 -0400

    refactor!: Some api (struct) changes and updated tests

commit e88e8420520204e20802516f01d4488bb0b1d6ea
Merge: 490dfee 21f6c0a
Author: vnugent <public@vaughnnugent.com>
Date:   Sun Mar 3 15:02:34 2024 -0500

    Merge branch 'master' into develop

commit 490dfee4ef22479009627435c6ad728c3cbbab54
Author: vnugent <public@vaughnnugent.com>
Date:   Sun Mar 3 14:59:25 2024 -0500

    test: #3 tests for encryption/description and Macs

commit efa97490b7ed47f4e2f05bee52e2b33e14e439e6
Merge: 1b84e3c 120022a
Author: vnugent <public@vaughnnugent.com>
Date:   Sun Mar 3 14:55:48 2024 -0500

    merge master

commit 1b84e3c7c2e55b1ff9ffdd09b66873e11c131441
Author: vnugent <public@vaughnnugent.com>
Date:   Sat Mar 2 22:57:36 2024 -0500

    fix: #2 constent usage of sizeof() operator on struct types

commit 9de5a214c66adea0ef2d0bac63c59449de202a88
Author: vnugent <public@vaughnnugent.com>
Date:   Fri Mar 1 14:30:36 2024 -0500

    perf: avoid nc_key struct copy, cast and verify instead

commit b917b761120ed684af28d0707673ffadcf14b8fe
Author: vnugent <public@vaughnnugent.com>
Date:   Mon Feb 12 22:06:50 2024 -0500

    fix: found the constant time memcompare function

commit 9f85fff3b9f25da7410569ea94f994b88feb3910
Author: vnugent <public@vaughnnugent.com>
Date:   Fri Feb 9 22:48:35 2024 -0500

    feat: added/update MAC functions to sign or verify nip44 payload

commit aa5113741bb419b02d6ea416bba571fa3d65db46
Author: vnugent <public@vaughnnugent.com>
Date:   Wed Feb 7 01:37:53 2024 -0500

    add missing hmac-key output buffer

commit 55f47d22cc9ce4d1e22b70814d608c7ef3b1bbc9
Author: vnugent <public@vaughnnugent.com>
Date:   Sun Feb 4 21:08:13 2024 -0500

    simple bug fixes, and public api argument validation tests

commit 73c5a713fb164ae8b4ac8a891a8020e08eae0a3b
Author: vnugent <public@vaughnnugent.com>
Date:   Fri Feb 2 23:05:48 2024 -0500

    update api to return secpvalidate return code instead of internal return codes

commit 06c73004e1a39a7ea4ea3a89c22dee0f66adb236
Author: vnugent <public@vaughnnugent.com>
Date:   Fri Feb 2 19:25:17 2024 -0500

    change to lgpl license

commit 6e79fdb3b6b6739fc7797d47e55a7691306cf736
Author: vnugent <public@vaughnnugent.com>
Date:   Wed Jan 31 21:30:49 2024 -0500

    move validation macros, and optionally disable them

commit ac1e58837f1ba687939f78b5c03cadd346c10ddd
Author: vnugent <public@vaughnnugent.com>
Date:   Tue Jan 30 12:25:05 2024 -0500

    couple more tests, renable range checks, set flags for all projects
---
 vendor/openssl/include/openssl/cmp.h.in    | 27 ++++++++++++++++++++++++++-
 vendor/openssl/include/openssl/cmperr.h    |  4 ++++
 vendor/openssl/include/openssl/crypto.h.in |  2 ++
 vendor/openssl/include/openssl/e_os2.h     |  1 +
 vendor/openssl/include/openssl/sslerr.h    |  3 +++
 vendor/openssl/include/openssl/tls1.h      |  6 ++++++
 vendor/openssl/include/openssl/x509v3.h.in |  3 +++
 7 files changed, 45 insertions(+), 1 deletion(-)

(limited to 'vendor/openssl')

diff --git a/vendor/openssl/include/openssl/cmp.h.in b/vendor/openssl/include/openssl/cmp.h.in
index ad9eb34..c46b9ab 100644
--- a/vendor/openssl/include/openssl/cmp.h.in
+++ b/vendor/openssl/include/openssl/cmp.h.in
@@ -228,6 +228,12 @@ DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
 {-
     generate_stack_macros("OSSL_CMP_ITAV");
 -}
+
+typedef struct ossl_cmp_crlstatus_st OSSL_CMP_CRLSTATUS;
+{-
+    generate_stack_macros("OSSL_CMP_CRLSTATUS");
+-}
+
 typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT;
 typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI;
 DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
@@ -257,7 +263,7 @@ void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type,
                         ASN1_TYPE *value);
 ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav);
 ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
-int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
+int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **sk_p,
                                    OSSL_CMP_ITAV *itav);
 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
 
@@ -278,6 +284,22 @@ int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
                                        X509 **newWithOld,
                                        X509 **oldWithNew);
 
+OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_create(const X509_CRL *crl,
+                                              const X509 *cert, int only_DN);
+OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_new1(const DIST_POINT_NAME *dpn,
+                                            const GENERAL_NAMES *issuer,
+                                            const ASN1_TIME *thisUpdate);
+int OSSL_CMP_CRLSTATUS_get0(const OSSL_CMP_CRLSTATUS *crlstatus,
+                            DIST_POINT_NAME **dpn, GENERAL_NAMES **issuer,
+                            ASN1_TIME **thisUpdate);
+void OSSL_CMP_CRLSTATUS_free(OSSL_CMP_CRLSTATUS *crlstatus);
+OSSL_CMP_ITAV
+*OSSL_CMP_ITAV_new0_crlStatusList(STACK_OF(OSSL_CMP_CRLSTATUS) *crlStatusList);
+int OSSL_CMP_ITAV_get0_crlStatusList(const OSSL_CMP_ITAV *itav,
+                                     STACK_OF(OSSL_CMP_CRLSTATUS) **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_crls(const X509_CRL *crls);
+int OSSL_CMP_ITAV_get0_crls(const OSSL_CMP_ITAV *it, STACK_OF(X509_CRL) **out);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
@@ -521,6 +543,9 @@ int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
 int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
                                   const X509 *oldWithOld, X509 **newWithNew,
                                   X509 **newWithOld, X509 **oldWithNew);
+int OSSL_CMP_get1_crlUpdate(OSSL_CMP_CTX *ctx, const X509 *crlcert,
+                            const X509_CRL *last_crl,
+                            X509_CRL **crl);
 
 #  ifdef  __cplusplus
 }
diff --git a/vendor/openssl/include/openssl/cmperr.h b/vendor/openssl/include/openssl/cmperr.h
index 0d876e5..700ffbe 100644
--- a/vendor/openssl/include/openssl/cmperr.h
+++ b/vendor/openssl/include/openssl/cmperr.h
@@ -60,7 +60,9 @@
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
 #  define CMP_R_FAILURE_OBTAINING_RANDOM                   110
 #  define CMP_R_FAIL_INFO_OUT_OF_RANGE                     129
+#  define CMP_R_GENERATE_CRLSTATUS                         198
 #  define CMP_R_GETTING_GENP                               192
+#  define CMP_R_GET_ITAV                                   199
 #  define CMP_R_INVALID_ARGS                               100
 #  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
@@ -100,6 +102,7 @@
 #  define CMP_R_TRANSFER_ERROR                             159
 #  define CMP_R_UNCLEAN_CTX                                191
 #  define CMP_R_UNEXPECTED_CERTPROFILE                     196
+#  define CMP_R_UNEXPECTED_CRLSTATUSLIST                   201
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
 #  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_POLLREQ                         105
@@ -107,6 +110,7 @@
 #  define CMP_R_UNEXPECTED_SENDER                          106
 #  define CMP_R_UNKNOWN_ALGORITHM_ID                       134
 #  define CMP_R_UNKNOWN_CERT_TYPE                          135
+#  define CMP_R_UNKNOWN_CRL_ISSUER                         200
 #  define CMP_R_UNKNOWN_PKISTATUS                          186
 #  define CMP_R_UNSUPPORTED_ALGORITHM                      136
 #  define CMP_R_UNSUPPORTED_KEY_TYPE                       137
diff --git a/vendor/openssl/include/openssl/crypto.h.in b/vendor/openssl/include/openssl/crypto.h.in
index 5d7d3fd..034f150 100644
--- a/vendor/openssl/include/openssl/crypto.h.in
+++ b/vendor/openssl/include/openssl/crypto.h.in
@@ -536,6 +536,8 @@ int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file);
 void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
+int OSSL_LIB_CTX_get_conf_diagnostics(OSSL_LIB_CTX *ctx);
+void OSSL_LIB_CTX_set_conf_diagnostics(OSSL_LIB_CTX *ctx, int value);
 
 void OSSL_sleep(uint64_t millis);
 
diff --git a/vendor/openssl/include/openssl/e_os2.h b/vendor/openssl/include/openssl/e_os2.h
index e01f627..a4aea0b 100644
--- a/vendor/openssl/include/openssl/e_os2.h
+++ b/vendor/openssl/include/openssl/e_os2.h
@@ -200,6 +200,7 @@ extern "C" {
 # endif
 
 # ifndef ossl_ssize_t
+#  include <sys/types.h>
 #  define ossl_ssize_t ssize_t
 #  if defined(SSIZE_MAX)
 #   define OSSL_SSIZE_MAX SSIZE_MAX
diff --git a/vendor/openssl/include/openssl/sslerr.h b/vendor/openssl/include/openssl/sslerr.h
index 980a6c7..8222b25 100644
--- a/vendor/openssl/include/openssl/sslerr.h
+++ b/vendor/openssl/include/openssl/sslerr.h
@@ -117,6 +117,7 @@
 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
+# define SSL_R_ERROR_IN_SYSTEM_DEFAULT_CONFIG             419
 # define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN             204
 # define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE                  194
 # define SSL_R_EXCESSIVE_MESSAGE_SIZE                     152
@@ -308,10 +309,12 @@
 # define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK         1086
 # define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY          1071
 # define SSL_R_TLSV1_ALERT_INTERNAL_ERROR                 1080
+# define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL        1120
 # define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION               1100
 # define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION               1070
 # define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW                1022
 # define SSL_R_TLSV1_ALERT_UNKNOWN_CA                     1048
+# define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY           1115
 # define SSL_R_TLSV1_ALERT_USER_CANCELLED                 1090
 # define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE           1114
 # define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE      1113
diff --git a/vendor/openssl/include/openssl/tls1.h b/vendor/openssl/include/openssl/tls1.h
index 7e3d1a7..8ff39e3 100644
--- a/vendor/openssl/include/openssl/tls1.h
+++ b/vendor/openssl/include/openssl/tls1.h
@@ -622,6 +622,10 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb
 # define TLS1_3_CK_AES_128_CCM_SHA256                     0x03001304
 # define TLS1_3_CK_AES_128_CCM_8_SHA256                   0x03001305
 
+/* Integrity-only ciphersuites from RFC 9150 */
+# define TLS1_3_CK_SHA256_SHA256                          0x0300C0B4
+# define TLS1_3_CK_SHA384_SHA384                          0x0300C0B5
+
 /* Aria ciphersuites from RFC6209 */
 # define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256             0x0300C050
 # define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384             0x0300C051
@@ -699,6 +703,8 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb
 # define TLS1_3_RFC_AES_128_GCM_SHA256                   "TLS_AES_128_GCM_SHA256"
 # define TLS1_3_RFC_AES_256_GCM_SHA384                   "TLS_AES_256_GCM_SHA384"
 # define TLS1_3_RFC_CHACHA20_POLY1305_SHA256             "TLS_CHACHA20_POLY1305_SHA256"
+# define TLS1_3_RFC_SHA256_SHA256                        "TLS_SHA256_SHA256"
+# define TLS1_3_RFC_SHA384_SHA384                        "TLS_SHA384_SHA384"
 # define TLS1_3_RFC_AES_128_CCM_SHA256                   "TLS_AES_128_CCM_SHA256"
 # define TLS1_3_RFC_AES_128_CCM_8_SHA256                 "TLS_AES_128_CCM_8_SHA256"
 # define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA              "TLS_ECDHE_ECDSA_WITH_NULL_SHA"
diff --git a/vendor/openssl/include/openssl/x509v3.h.in b/vendor/openssl/include/openssl/x509v3.h.in
index b8711d5..a967064 100644
--- a/vendor/openssl/include/openssl/x509v3.h.in
+++ b/vendor/openssl/include/openssl/x509v3.h.in
@@ -178,6 +178,8 @@ typedef struct ACCESS_DESCRIPTION_st {
     GENERAL_NAME *location;
 } ACCESS_DESCRIPTION;
 
+int GENERAL_NAME_set1_X509_NAME(GENERAL_NAME **tgt, const X509_NAME *src);
+
 {-
     generate_stack_macros("ACCESS_DESCRIPTION")
     .generate_stack_macros("GENERAL_NAME");
@@ -201,6 +203,7 @@ typedef struct DIST_POINT_NAME_st {
 /* If relativename then this contains the full distribution point name */
     X509_NAME *dpname;
 } DIST_POINT_NAME;
+DECLARE_ASN1_DUP_FUNCTION(DIST_POINT_NAME)
 /* All existing reasons */
 # define CRLDP_ALL_REASONS       0x807f
 
-- 
cgit