From 75bb942faf046b0aeaa1e67288184d33e8d8b7c0 Mon Sep 17 00:00:00 2001 From: Fs Date: Sat, 9 Nov 2024 09:10:28 +0800 Subject: [PATCH] 3.4 --- CMakeLists.txt | 7 +- apps/fipskey.h.cmake.in | 7 +- crypto/CMakeLists.txt | 115 ++++--- crypto/_cryptoDir/objects.cmake | 3 + crypto/configuration.h.cmake.in | 14 +- crypto/hashtable/objects.cmake | 5 + crypto/paramnames.cmake | 571 ++++++++++++++++--------------- crypto/thread/objects.cmake | 2 +- crypto/x509/objects.cmake | 10 + doc/CMakeLists.txt | 22 +- openssl | 2 +- providers/default/CMakeLists.txt | 3 +- providers/legacy/CMakeLists.txt | 1 + readme.md | 6 +- ssl/CMakeLists.txt | 1 - 15 files changed, 426 insertions(+), 343 deletions(-) create mode 100644 crypto/hashtable/objects.cmake diff --git a/CMakeLists.txt b/CMakeLists.txt index f18c275..d574f81 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -195,7 +195,8 @@ unset(OPENSSL_KNOWN_RAND_SEED) # no- set(OPENSSL_DEFAULT_DISABLED_CIPHERS asan buildtest-c++ crypto-mdebug crypto-mdebug-backtrace devcryptoeng ec_nistp_64_gcc_128 egd external-tests fuzz-afl fuzz-libfuzzer ktls md2 - msan rc5 sctp ssl3 ssl3-method trace ubsan unit-test weak-ssl-ciphers brotli brotli-dynamic tfo zstd zstd-dynamic zlib zlib-dynamic + msan rc5 sctp ssl3 ssl3-method trace ubsan unit-test weak-ssl-ciphers brotli brotli-dynamic tfo zstd zstd-dynamic zlib zlib-dynamic jitter + demos h3demo pie jitter ) set(OPENSSL_MIN_API_LEVEL "3.0.0" CACHE STRING "OpenSSL SSL minimum API LEVEL") @@ -327,13 +328,13 @@ foreach (_CIPHER IN ITEMS bulk ssl des ec sock dgram dtls tls engine stdio tests sm3 unit-test msan cmac legacy cmp comp brotli-dynamic zstd-dynamic zlib-dynamic thread-pool blake2 # dependent dtls1_2-method dtls1-method tls1_2-method tls1_1-method tls1-method ssl3-method # method aes asn1 bio bn buffer conf crmf encode_decode ess evp ffc hmac hpke http kdf lhash md5 modes objects pem pkcs7 pkcs12 property rand rsa sha stack store thread txt_db - x509 # directories + x509 hashtable # directories dtls1_2 dtls1 tls1_3 tls1_2 tls1_1 tls1 ssl3 # TLS protocol acvp-tests afalgeng aria apps argon2 asan async atexit autoalginit autoerrinit autoload-config bf brotli buildtest-c++ cached-fetch camellia capieng winstore cast chacha cms crypto-mdebug ct default-thread-pool devcryptoeng dh dsa docs ec2m ec_nistp_64_gcc_128 ecdh ecdsa ecx egd external-tests filenames fips fips-securitychecks fuzz-afl fuzz-libfuzzer gost idea ktls loadereng makedepend md2 md4 mdc2 multiblock nextprotoneg ocb ocsp padlockeng pinshared poly1305 posix-io psk quic unstable-qlog qlog rc2 rc4 rc5 rdrand rfc3779 rmd160 scrypt sctp secure-memory seed siphash siv sm2 sm2-precomp sm4 srp srtp ssl-trace tfo trace ts ubsan ui-console uplink weak-ssl-ciphers whirlpool zlib - zstd + zstd jitter demos h3demo fips-post pie integrity-only-ciphers ) list(FIND OPENSSL_DEFAULT_DISABLED_CIPHERS ${_CIPHER} _CIPHER_IS_DEFAULT_DISABLED) diff --git a/apps/fipskey.h.cmake.in b/apps/fipskey.h.cmake.in index 458835c..bc6f61d 100644 --- a/apps/fipskey.h.cmake.in +++ b/apps/fipskey.h.cmake.in @@ -3,7 +3,7 @@ * Generated by CMake * via fipskey.h.cmake.in * - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -30,6 +30,11 @@ extern "C" { */ #define FIPS_KEY_STRING "@OPENSSL_FIPS_KEY@" +/* + * The FIPS provider vendor name, as a string. + */ +#define FIPS_VENDOR "OpenSSL-externalCMake @OPENSSL_VERSION_STR@ non-compliant FIPS Provider for OpenSSL" + # ifdef __cplusplus } # endif diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index 6a036bb..4721d00 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -336,6 +336,7 @@ endif() foreach (_DIRECTORY IN ITEMS aes aria asn1 bf bio bn buffer camellia cast chacha cmac cmp cms comp conf crmf ct des dh dsa ec encode_decode engine ess evp ffc hmac hpke http idea kdf lhash md2 md4 md5 mdc2 modes objects ocsp pem pkcs7 pkcs12 poly1305 property rand rc2 rc4 rc5 ripemd rsa seed sha siphash sm2 sm3 sm4 srp stack store thread ts txt_db ui whrlpool x509 uplink + hashtable ) set(_CIPHER ${_DIRECTORY}) if (_CIPHER STREQUAL "whrlpool") @@ -361,6 +362,7 @@ foreach (_STACKHASH_HEADER_FILE_PATH IN ITEMS ${CMAKE_SOURCE_DIR}/openssl/include/openssl/bio.h.in ${CMAKE_SOURCE_DIR}/openssl/include/openssl/cmp.h.in ${CMAKE_SOURCE_DIR}/openssl/include/openssl/cms.h.in + ${CMAKE_SOURCE_DIR}/openssl/include/openssl/comp.h.in ${CMAKE_SOURCE_DIR}/openssl/include/openssl/conf.h.in ${CMAKE_SOURCE_DIR}/openssl/include/openssl/crmf.h.in ${CMAKE_SOURCE_DIR}/openssl/include/openssl/crypto.h.in @@ -376,6 +378,7 @@ foreach (_STACKHASH_HEADER_FILE_PATH IN ITEMS ${CMAKE_SOURCE_DIR}/openssl/include/openssl/ssl.h.in ${CMAKE_SOURCE_DIR}/openssl/include/openssl/ui.h.in ${CMAKE_SOURCE_DIR}/openssl/include/openssl/x509.h.in + ${CMAKE_SOURCE_DIR}/openssl/include/openssl/x509_acert.h.in ${CMAKE_SOURCE_DIR}/openssl/include/openssl/x509_vfy.h.in ${CMAKE_SOURCE_DIR}/openssl/include/openssl/x509v3.h.in ) @@ -416,6 +419,7 @@ add_custom_target(generate_crypto_src SOURCES ${CMAKE_BINARY_DIR}/include/openssl/bio.h ${CMAKE_BINARY_DIR}/include/openssl/cmp.h ${CMAKE_BINARY_DIR}/include/openssl/cms.h + ${CMAKE_BINARY_DIR}/include/openssl/comp.h ${CMAKE_BINARY_DIR}/include/openssl/conf.h ${CMAKE_BINARY_DIR}/include/openssl/crmf.h ${CMAKE_BINARY_DIR}/include/openssl/crypto.h @@ -431,6 +435,7 @@ add_custom_target(generate_crypto_src SOURCES ${CMAKE_BINARY_DIR}/include/openssl/ssl.h ${CMAKE_BINARY_DIR}/include/openssl/ui.h ${CMAKE_BINARY_DIR}/include/openssl/x509.h + ${CMAKE_BINARY_DIR}/include/openssl/x509_acert.h ${CMAKE_BINARY_DIR}/include/openssl/x509_vfy.h ${CMAKE_BINARY_DIR}/include/openssl/x509v3.h @@ -560,6 +565,7 @@ add_library(crypto ${CMAKE_BINARY_DIR}/include/openssl/bio.h ${CMAKE_BINARY_DIR}/include/openssl/cmp.h ${CMAKE_BINARY_DIR}/include/openssl/cms.h + ${CMAKE_BINARY_DIR}/include/openssl/comp.h ${CMAKE_BINARY_DIR}/include/openssl/conf.h ${CMAKE_BINARY_DIR}/include/openssl/core_names.h ${CMAKE_BINARY_DIR}/include/openssl/crmf.h @@ -567,39 +573,43 @@ add_library(crypto ${CMAKE_BINARY_DIR}/include/openssl/ct.h ${CMAKE_BINARY_DIR}/include/openssl/err.h ${CMAKE_BINARY_DIR}/include/openssl/ess.h + ${CMAKE_BINARY_DIR}/include/openssl/fipskey.h ${CMAKE_BINARY_DIR}/include/openssl/lhash.h ${CMAKE_BINARY_DIR}/include/openssl/ocsp.h - ${CMAKE_BINARY_DIR}/include/openssl/pkcs7.h ${CMAKE_BINARY_DIR}/include/openssl/pkcs12.h + ${CMAKE_BINARY_DIR}/include/openssl/pkcs7.h ${CMAKE_BINARY_DIR}/include/openssl/safestack.h ${CMAKE_BINARY_DIR}/include/openssl/srp.h ${CMAKE_BINARY_DIR}/include/openssl/ssl.h ${CMAKE_BINARY_DIR}/include/openssl/ui.h ${CMAKE_BINARY_DIR}/include/openssl/x509.h + ${CMAKE_BINARY_DIR}/include/openssl/x509_acert.h ${CMAKE_BINARY_DIR}/include/openssl/x509_vfy.h ${CMAKE_BINARY_DIR}/include/openssl/x509v3.h - ${CMAKE_BINARY_DIR}/include/crypto/dso_conf.h ${CMAKE_BINARY_DIR}/include/crypto/bn_conf.h + ${CMAKE_BINARY_DIR}/include/crypto/dso_conf.h ${CMAKE_BINARY_DIR}/include/internal/param_names.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/aes_platform.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/aria.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/asn1.h - ${CMAKE_SOURCE_DIR}/openssl/include/crypto/asn1err.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/asn1_dsa.h + ${CMAKE_SOURCE_DIR}/openssl/include/crypto/asn1err.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/async.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/asyncerr.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/bioerr.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/bn.h - ${CMAKE_SOURCE_DIR}/openssl/include/crypto/bnerr.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/bn_dh.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/bn_srp.h + ${CMAKE_SOURCE_DIR}/openssl/include/crypto/bnerr.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/buffererr.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/chacha.h + ${CMAKE_SOURCE_DIR}/openssl/include/crypto/cmac.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/cmll_platform.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/cmperr.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/cmserr.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/comperr.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/conferr.h + ${CMAKE_SOURCE_DIR}/openssl/include/crypto/context.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/crmferr.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/cryptlib.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/cryptoerr.h @@ -640,8 +650,9 @@ add_library(crypto ${CMAKE_SOURCE_DIR}/openssl/include/crypto/ppc_arch.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/punycode.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/rand.h - ${CMAKE_SOURCE_DIR}/openssl/include/crypto/randerr.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/rand_pool.h + ${CMAKE_SOURCE_DIR}/openssl/include/crypto/randerr.h + ${CMAKE_SOURCE_DIR}/openssl/include/crypto/riscv_arch.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/rsa.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/rsaerr.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/security_bits.h @@ -651,6 +662,7 @@ add_library(crypto ${CMAKE_SOURCE_DIR}/openssl/include/crypto/sm2.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/sm2err.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/sm4.h + ${CMAKE_SOURCE_DIR}/openssl/include/crypto/sm4_platform.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/sparc_arch.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/sparse_array.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/store.h @@ -659,70 +671,72 @@ add_library(crypto ${CMAKE_SOURCE_DIR}/openssl/include/crypto/types.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/uierr.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/x509.h + ${CMAKE_SOURCE_DIR}/openssl/include/crypto/x509_acert.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/x509err.h ${CMAKE_SOURCE_DIR}/openssl/include/crypto/x509v3err.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/asn1.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/bio.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/bio_addr.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/bio_tfo.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/common.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/comp.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/conf.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/constant_time.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/core.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/crmf.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/cryptlib.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/dane.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/deprecated.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/der.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/deterministic_nonce.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/dso.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/dsoerr.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/e_os.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/endian.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/err.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/ffc.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/hashtable.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/hpke_util.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/json_enc.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/ktls.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/list.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/namemap.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/nelem.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/numbers.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/o_dir.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/packet.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/packet_quic.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/param_build_set.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/params.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/passphrase.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/priority_queue.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/property.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/propertyerr.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/provider.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/refcount.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/sha3.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/sizes.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/sm3.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/sockets.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/sslconf.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/symhacks.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/thread_once.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/tlsgroups.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/tsan_assist.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/unicode.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/bio_addr.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/bio_tfo.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/common.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/deterministic_nonce.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/event_queue.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/hpke_util.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/list.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/packet_quic.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/params.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/priority_queue.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/qlog.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/qlog_event_helpers.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/qlog_events.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_ackm.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_cc.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_cfq.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_channel.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_demux.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_engine.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_error.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_fc.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_fifd.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_lcidm.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_port.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_predef.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_rcidm.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_reactor.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_record_rx.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_record_tx.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_record_util.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_rx_depack.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_sf_list.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_srt_gen.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_srtm.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_ssl.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_statm.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_stream.h @@ -736,31 +750,32 @@ add_library(crypto ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_vlint.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_wire.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_wire_pkt.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/rcu.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/recordmethod.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/refcount.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/ring_buf.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/safe_math.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/sha3.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/sizes.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/sm3.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/sockets.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/ssl.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/ssl3_cbc.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/sslconf.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/statem.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/symhacks.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/thread.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/thread_arch.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/thread_once.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/time.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/tlsgroups.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/to_hex.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/tsan_assist.h ${CMAKE_SOURCE_DIR}/openssl/include/internal/uint_set.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/json_enc.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/qlog.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/qlog_event_helpers.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/qlog_events.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_engine.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_lcidm.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_port.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_predef.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_rcidm.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_srt_gen.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/quic_srtm.h - ${CMAKE_SOURCE_DIR}/openssl/include/internal/rcu.h + ${CMAKE_SOURCE_DIR}/openssl/include/internal/unicode.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/aes.h - ${CMAKE_SOURCE_DIR}/openssl/include/openssl/asn1err.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/asn1_mac.h + ${CMAKE_SOURCE_DIR}/openssl/include/openssl/asn1err.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/async.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/asyncerr.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/bioerr.h @@ -772,14 +787,13 @@ add_library(crypto ${CMAKE_SOURCE_DIR}/openssl/include/openssl/camellia.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/cast.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/cmac.h - ${CMAKE_SOURCE_DIR}/openssl/include/openssl/cmperr.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/cmp_util.h + ${CMAKE_SOURCE_DIR}/openssl/include/openssl/cmperr.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/cmserr.h - ${CMAKE_SOURCE_DIR}/openssl/include/openssl/comp.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/comperr.h + ${CMAKE_SOURCE_DIR}/openssl/include/openssl/conf_api.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/conferr.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/conftypes.h - ${CMAKE_SOURCE_DIR}/openssl/include/openssl/conf_api.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/core.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/core_dispatch.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/core_object.h @@ -795,6 +809,8 @@ add_library(crypto ${CMAKE_SOURCE_DIR}/openssl/include/openssl/dsa.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/dsaerr.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/dtls1.h + ${CMAKE_SOURCE_DIR}/openssl/include/openssl/e_os2.h + ${CMAKE_SOURCE_DIR}/openssl/include/openssl/e_ostime.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/ebcdic.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/ec.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/ecdh.h @@ -807,12 +823,13 @@ add_library(crypto ${CMAKE_SOURCE_DIR}/openssl/include/openssl/esserr.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/evp.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/evperr.h - ${CMAKE_SOURCE_DIR}/openssl/include/openssl/e_os2.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/fips_names.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/hmac.h + ${CMAKE_SOURCE_DIR}/openssl/include/openssl/hpke.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/http.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/httperr.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/idea.h + ${CMAKE_SOURCE_DIR}/openssl/include/openssl/indicator.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/kdf.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/kdferr.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/macros.h @@ -821,22 +838,23 @@ add_library(crypto ${CMAKE_SOURCE_DIR}/openssl/include/openssl/md5.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/mdc2.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/modes.h + ${CMAKE_SOURCE_DIR}/openssl/include/openssl/obj_mac.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/objects.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/objectserr.h - ${CMAKE_SOURCE_DIR}/openssl/include/openssl/obj_mac.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/ocsperr.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/opensslconf.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/ossl_typ.h - ${CMAKE_SOURCE_DIR}/openssl/include/openssl/params.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/param_build.h + ${CMAKE_SOURCE_DIR}/openssl/include/openssl/params.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/pem.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/pem2.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/pemerr.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/pkcs12err.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/pkcs7err.h + ${CMAKE_SOURCE_DIR}/openssl/include/openssl/prov_ssl.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/proverr.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/provider.h - ${CMAKE_SOURCE_DIR}/openssl/include/openssl/prov_ssl.h + ${CMAKE_SOURCE_DIR}/openssl/include/openssl/quic.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/rand.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/randerr.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/rc2.h @@ -857,6 +875,7 @@ add_library(crypto ${CMAKE_SOURCE_DIR}/openssl/include/openssl/store.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/storeerr.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/symhacks.h + ${CMAKE_SOURCE_DIR}/openssl/include/openssl/thread.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/tls1.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/trace.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/ts.h @@ -867,10 +886,6 @@ add_library(crypto ${CMAKE_SOURCE_DIR}/openssl/include/openssl/whrlpool.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/x509err.h ${CMAKE_SOURCE_DIR}/openssl/include/openssl/x509v3err.h - ${CMAKE_SOURCE_DIR}/openssl/include/openssl/e_ostime.h - ${CMAKE_SOURCE_DIR}/openssl/include/openssl/hpke.h - ${CMAKE_SOURCE_DIR}/openssl/include/openssl/quic.h - ${CMAKE_SOURCE_DIR}/openssl/include/openssl/thread.h ${LIBCRYPTO_SOURCES} ${LIBCRYPTO_PROVIDER_SOURCES} ) diff --git a/crypto/_cryptoDir/objects.cmake b/crypto/_cryptoDir/objects.cmake index 18b2c5e..be0a9e6 100644 --- a/crypto/_cryptoDir/objects.cmake +++ b/crypto/_cryptoDir/objects.cmake @@ -19,6 +19,7 @@ set(LIBCRYPTO_CURRENTDIR_SOURCES ${CMAKE_SOURCE_DIR}/openssl/crypto/core_namemap.c ${CMAKE_SOURCE_DIR}/openssl/crypto/self_test_core.c ${CMAKE_SOURCE_DIR}/openssl/crypto/provider_conf.c + ${CMAKE_SOURCE_DIR}/openssl/crypto/indicator_core.c ${CMAKE_SOURCE_DIR}/openssl/crypto/cryptlib.c ${CMAKE_SOURCE_DIR}/openssl/crypto/params.c ${CMAKE_SOURCE_DIR}/openssl/crypto/params_from_text.c @@ -40,6 +41,7 @@ set(LIBCRYPTO_CURRENTDIR_SOURCES ${CMAKE_SOURCE_DIR}/openssl/crypto/params_dup.c ${CMAKE_SOURCE_DIR}/openssl/crypto/mem.c ${CMAKE_SOURCE_DIR}/openssl/crypto/mem_sec.c + ${CMAKE_SOURCE_DIR}/openssl/crypto/comp_methods.c ${CMAKE_SOURCE_DIR}/openssl/crypto/cversion.c ${CMAKE_SOURCE_DIR}/openssl/crypto/info.c ${CMAKE_SOURCE_DIR}/openssl/crypto/cpt_err.c @@ -65,6 +67,7 @@ set(LIBCRYPTO_CURRENTDIR_SOURCES ${CMAKE_SOURCE_DIR}/openssl/crypto/sleep.c ${CMAKE_SOURCE_DIR}/openssl/crypto/deterministic_nonce.c ${CMAKE_SOURCE_DIR}/openssl/crypto/quic_vlint.c + ${CMAKE_SOURCE_DIR}/openssl/crypto/defaults.c params_idx.c buildinf.h ) diff --git a/crypto/configuration.h.cmake.in b/crypto/configuration.h.cmake.in index 1b0ec31..06133e5 100644 --- a/crypto/configuration.h.cmake.in +++ b/crypto/configuration.h.cmake.in @@ -62,6 +62,7 @@ extern "C" #cmakedefine OPENSSL_NO_ASM #cmakedefine OPENSSL_NO_ASN1 #cmakedefine OPENSSL_NO_ASYNC +#cmakedefine OPENSSL_NO_ATEXIT #cmakedefine OPENSSL_NO_AUTOALGINIT #cmakedefine OPENSSL_NO_AUTOERRINIT #cmakedefine OPENSSL_NO_AUTOLOAD_CONFIG @@ -87,6 +88,7 @@ extern "C" #cmakedefine OPENSSL_NO_CRYPTO_MDEBUG #cmakedefine OPENSSL_NO_CT #cmakedefine OPENSSL_NO_DEFAULT_THREAD_POOL +#cmakedefine OPENSSL_NO_DEMOS #cmakedefine OPENSSL_NO_DEPRECATED #cmakedefine OPENSSL_NO_DEPRECATED_0_9_8 #cmakedefine OPENSSL_NO_DEPRECATED_1_0_0 @@ -113,8 +115,8 @@ extern "C" #cmakedefine OPENSSL_NO_EC2M #cmakedefine OPENSSL_NO_ECDH #cmakedefine OPENSSL_NO_ECDSA -#cmakedefine OPENSSL_NO_EC_NISTP_64_GCC_128 #cmakedefine OPENSSL_NO_ECX +#cmakedefine OPENSSL_NO_EC_NISTP_64_GCC_128 #cmakedefine OPENSSL_NO_EGD #cmakedefine OPENSSL_NO_ENCODE_DECODE #cmakedefine OPENSSL_NO_ENGINE @@ -125,15 +127,20 @@ extern "C" #cmakedefine OPENSSL_NO_FFC #cmakedefine OPENSSL_NO_FILENAMES #cmakedefine OPENSSL_NO_FIPS +#cmakedefine OPENSSL_NO_FIPS_POST #cmakedefine OPENSSL_NO_FIPS_SECURITYCHECKS #cmakedefine OPENSSL_NO_FUZZ_AFL #cmakedefine OPENSSL_NO_FUZZ_LIBFUZZER #cmakedefine OPENSSL_NO_GOST +#cmakedefine OPENSSL_NO_H3DEMO +#cmakedefine OPENSSL_NO_HASHTABLE #cmakedefine OPENSSL_NO_HMAC #cmakedefine OPENSSL_NO_HPKE #cmakedefine OPENSSL_NO_HTTP #cmakedefine OPENSSL_NO_HW #cmakedefine OPENSSL_NO_IDEA +#cmakedefine OPENSSL_NO_INTEGRITY_ONLY_CIPHERS +#cmakedefine OPENSSL_NO_JITTER #cmakedefine OPENSSL_NO_KDF #cmakedefine OPENSSL_NO_KTLS #cmakedefine OPENSSL_NO_LEGACY @@ -154,6 +161,7 @@ extern "C" #cmakedefine OPENSSL_NO_OCSP #cmakedefine OPENSSL_NO_PADLOCKENG #cmakedefine OPENSSL_NO_PEM +#cmakedefine OPENSSL_NO_PIE #cmakedefine OPENSSL_NO_PINSHARED #cmakedefine OPENSSL_NO_PKCS12 #cmakedefine OPENSSL_NO_PKCS7 @@ -161,6 +169,7 @@ extern "C" #cmakedefine OPENSSL_NO_POSIX_IO #cmakedefine OPENSSL_NO_PROPERTY #cmakedefine OPENSSL_NO_PSK +#cmakedefine OPENSSL_NO_QLOG #cmakedefine OPENSSL_NO_QUIC #cmakedefine OPENSSL_NO_RAND #cmakedefine OPENSSL_NO_RC2 @@ -195,8 +204,8 @@ extern "C" #cmakedefine OPENSSL_NO_TESTS #cmakedefine OPENSSL_NO_TFO #cmakedefine OPENSSL_NO_THREAD -#cmakedefine OPENSSL_NO_THREAD_POOL #cmakedefine OPENSSL_NO_THREADS +#cmakedefine OPENSSL_NO_THREAD_POOL #cmakedefine OPENSSL_NO_TLS #cmakedefine OPENSSL_NO_TLS1 #cmakedefine OPENSSL_NO_TLS1_1 @@ -211,6 +220,7 @@ extern "C" #cmakedefine OPENSSL_NO_UBSAN #cmakedefine OPENSSL_NO_UI_CONSOLE #cmakedefine OPENSSL_NO_UNIT_TEST +#cmakedefine OPENSSL_NO_UNSTABLE_QLOG #cmakedefine OPENSSL_NO_UPLINK #cmakedefine OPENSSL_NO_WEAK_SSL_CIPHERS #cmakedefine OPENSSL_NO_WHIRLPOOL diff --git a/crypto/hashtable/objects.cmake b/crypto/hashtable/objects.cmake new file mode 100644 index 0000000..b04822b --- /dev/null +++ b/crypto/hashtable/objects.cmake @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: Unlicense + +set(LIBCRYPTO_CURRENTDIR_SOURCES + ${CMAKE_SOURCE_DIR}/openssl/crypto/hashtable/hashtable.c +) diff --git a/crypto/paramnames.cmake b/crypto/paramnames.cmake index 36f9e81..a1af344 100644 --- a/crypto/paramnames.cmake +++ b/crypto/paramnames.cmake @@ -19,8 +19,33 @@ set(PARAM_NAMES "PROV_PARAM_BUILDINFO" "PROV_PARAM_STATUS" "PROV_PARAM_SECURITY_CHECKS" + "PROV_PARAM_HMAC_KEY_CHECK" + "PROV_PARAM_KMAC_KEY_CHECK" "PROV_PARAM_TLS1_PRF_EMS_CHECK" + "PROV_PARAM_NO_SHORT_MAC" "PROV_PARAM_DRBG_TRUNC_DIGEST" + "PROV_PARAM_HKDF_DIGEST_CHECK" + "PROV_PARAM_TLS13_KDF_DIGEST_CHECK" + "PROV_PARAM_TLS1_PRF_DIGEST_CHECK" + "PROV_PARAM_SSHKDF_DIGEST_CHECK" + "PROV_PARAM_SSKDF_DIGEST_CHECK" + "PROV_PARAM_X963KDF_DIGEST_CHECK" + "PROV_PARAM_DSA_SIGN_DISABLED" + "PROV_PARAM_TDES_ENCRYPT_DISABLED" + "PROV_PARAM_RSA_PSS_SALTLEN_CHECK" + "PROV_PARAM_RSA_SIGN_X931_PAD_DISABLED" + "PROV_PARAM_RSA_PKCS15_PAD_DISABLED" + "PROV_PARAM_HKDF_KEY_CHECK" + "PROV_PARAM_KBKDF_KEY_CHECK" + "PROV_PARAM_TLS13_KDF_KEY_CHECK" + "PROV_PARAM_TLS1_PRF_KEY_CHECK" + "PROV_PARAM_SSHKDF_KEY_CHECK" + "PROV_PARAM_SSKDF_KEY_CHECK" + "PROV_PARAM_X963KDF_KEY_CHECK" + "PROV_PARAM_X942KDF_KEY_CHECK" + "PROV_PARAM_PBKDF2_LOWER_BOUND_CHECK" + "PROV_PARAM_ECDH_COFACTOR_CHECK" + "PROV_PARAM_SIGNATURE_DIGEST_CHECK" "PROV_PARAM_SELF_TEST_PHASE" "PROV_PARAM_SELF_TEST_TYPE" "PROV_PARAM_SELF_TEST_DESC" @@ -35,6 +60,9 @@ set(PARAM_NAMES "ALG_PARAM_ENGINE" "ALG_PARAM_MAC" "ALG_PARAM_PROPERTIES" + "ALG_PARAM_FIPS_APPROVED_INDICATOR" + "ALG_PARAM_ALGORITHM_ID" + "ALG_PARAM_ALGORITHM_ID_PARAMS" "CIPHER_PARAM_PADDING" "CIPHER_PARAM_USE_BITS" "CIPHER_PARAM_TLS_VERSION" @@ -60,13 +88,19 @@ set(PARAM_NAMES "CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN" "CIPHER_PARAM_AEAD_TLS1_SET_IV_INV" "CIPHER_PARAM_AEAD_IVLEN" + "CIPHER_PARAM_AEAD_IV_GENERATED" "CIPHER_PARAM_AEAD_TAGLEN" "CIPHER_PARAM_AEAD_MAC_KEY" "CIPHER_PARAM_RANDOM_KEY" "CIPHER_PARAM_RC2_KEYBITS" "CIPHER_PARAM_SPEED" "CIPHER_PARAM_CTS_MODE" + "CIPHER_PARAM_DECRYPT_ONLY" + "CIPHER_PARAM_FIPS_ENCRYPT_CHECK" + "CIPHER_PARAM_FIPS_APPROVED_INDICATOR" + "CIPHER_PARAM_ALGORITHM_ID" "CIPHER_PARAM_ALGORITHM_ID_PARAMS" + "CIPHER_PARAM_ALGORITHM_ID_PARAMS_OLD" "CIPHER_PARAM_XTS_STANDARD" "CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT" "CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE" @@ -99,6 +133,9 @@ set(PARAM_NAMES "MAC_PARAM_SIZE" "MAC_PARAM_BLOCK_SIZE" "MAC_PARAM_TLS_DATA_SIZE" + "MAC_PARAM_FIPS_NO_SHORT_MAC" + "MAC_PARAM_FIPS_KEY_CHECK" + "MAC_PARAM_FIPS_APPROVED_INDICATOR" "KDF_PARAM_SECRET" "KDF_PARAM_KEY" "KDF_PARAM_SALT" @@ -145,12 +182,17 @@ set(PARAM_NAMES "KDF_PARAM_ARGON2_LANES" "KDF_PARAM_ARGON2_MEMCOST" "KDF_PARAM_ARGON2_VERSION" + "KDF_PARAM_FIPS_EMS_CHECK" + "KDF_PARAM_FIPS_DIGEST_CHECK" + "KDF_PARAM_FIPS_KEY_CHECK" + "KDF_PARAM_FIPS_APPROVED_INDICATOR" "RAND_PARAM_STATE" "RAND_PARAM_STRENGTH" "RAND_PARAM_MAX_REQUEST" "RAND_PARAM_TEST_ENTROPY" "RAND_PARAM_TEST_NONCE" "RAND_PARAM_GENERATE" + "RAND_PARAM_FIPS_APPROVED_INDICATOR" "DRBG_PARAM_RESEED_REQUESTS" "DRBG_PARAM_RESEED_TIME_INTERVAL" "DRBG_PARAM_MIN_ENTROPYLEN" @@ -166,6 +208,8 @@ set(PARAM_NAMES "DRBG_PARAM_CIPHER" "DRBG_PARAM_MAC" "DRBG_PARAM_USE_DF" + "DRBG_PARAM_FIPS_DIGEST_CHECK" + "DRBG_PARAM_FIPS_APPROVED_INDICATOR" "DRBG_PARAM_ENTROPY_REQUIRED" "DRBG_PARAM_PREDICTION_RESISTANCE" "DRBG_PARAM_MIN_LENGTH" @@ -192,6 +236,10 @@ set(PARAM_NAMES "PKEY_PARAM_PUB_KEY" "PKEY_PARAM_PRIV_KEY" "PKEY_PARAM_IMPLICIT_REJECTION" + "PKEY_PARAM_FIPS_DIGEST_CHECK" + "PKEY_PARAM_FIPS_KEY_CHECK" + "PKEY_PARAM_ALGORITHM_ID" + "PKEY_PARAM_ALGORITHM_ID_PARAMS" "PKEY_PARAM_FFC_P" "PKEY_PARAM_FFC_G" "PKEY_PARAM_FFC_Q" @@ -277,6 +325,8 @@ set(PARAM_NAMES "PKEY_PARAM_EC_POINT_CONVERSION_FORMAT" "PKEY_PARAM_EC_GROUP_CHECK_TYPE" "PKEY_PARAM_EC_INCLUDE_PUBLIC" + "PKEY_PARAM_FIPS_SIGN_CHECK" + "PKEY_PARAM_FIPS_APPROVED_INDICATOR" "EXCHANGE_PARAM_PAD" "EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE" "EXCHANGE_PARAM_KDF_TYPE" @@ -284,7 +334,12 @@ set(PARAM_NAMES "EXCHANGE_PARAM_KDF_DIGEST_PROPS" "EXCHANGE_PARAM_KDF_OUTLEN" "EXCHANGE_PARAM_KDF_UKM" + "EXCHANGE_PARAM_FIPS_DIGEST_CHECK" + "EXCHANGE_PARAM_FIPS_KEY_CHECK" + "EXCHANGE_PARAM_FIPS_ECDH_COFACTOR_CHECK" + "EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR" "SIGNATURE_PARAM_ALGORITHM_ID" + "SIGNATURE_PARAM_ALGORITHM_ID_PARAMS" "SIGNATURE_PARAM_PAD_MODE" "SIGNATURE_PARAM_DIGEST" "SIGNATURE_PARAM_PROPERTIES" @@ -295,6 +350,14 @@ set(PARAM_NAMES "SIGNATURE_PARAM_NONCE_TYPE" "SIGNATURE_PARAM_INSTANCE" "SIGNATURE_PARAM_CONTEXT_STRING" + "SIGNATURE_PARAM_FIPS_DIGEST_CHECK" + "SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE" + "SIGNATURE_PARAM_FIPS_KEY_CHECK" + "SIGNATURE_PARAM_FIPS_SIGN_CHECK" + "SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK" + "SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK" + "SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR" + "SIGNATURE_PARAM_SIGNATURE" "ASYM_CIPHER_PARAM_DIGEST" "ASYM_CIPHER_PARAM_PROPERTIES" "ASYM_CIPHER_PARAM_ENGINE" @@ -307,6 +370,9 @@ set(PARAM_NAMES "ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION" "ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION" "ASYM_CIPHER_PARAM_IMPLICIT_REJECTION" + "ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED" + "ASYM_CIPHER_PARAM_FIPS_KEY_CHECK" + "ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR" "ENCODER_PARAM_CIPHER" "ENCODER_PARAM_PROPERTIES" "ENCODER_PARAM_ENCRYPT_LEVEL" @@ -328,6 +394,8 @@ set(PARAM_NAMES "SIGNATURE_PARAM_KAT" "KEM_PARAM_OPERATION" "KEM_PARAM_IKME" + "KEM_PARAM_FIPS_KEY_CHECK" + "KEM_PARAM_FIPS_APPROVED_INDICATOR" "CAPABILITY_TLS_GROUP_NAME" "CAPABILITY_TLS_GROUP_NAME_INTERNAL" "CAPABILITY_TLS_GROUP_ID" @@ -370,165 +438,167 @@ set(PARAM_NAMES "LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN" "LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA" "LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING" + "LIBSSL_RECORD_LAYER_PARAM_HS_PADDING" ) -# Well known parameter names that core passes to providers -set("PROV_PARAM_CORE_VERSION" "openssl-version")# utf8_ptr -set("PROV_PARAM_CORE_PROV_NAME" "provider-name") # utf8_ptr -set("PROV_PARAM_CORE_MODULE_FILENAME" "module-filename")# utf8_ptr - -# Well known parameter names that Providers can define -set("PROV_PARAM_NAME" "name") # utf8_ptr -set("PROV_PARAM_VERSION" "version") # utf8_ptr -set("PROV_PARAM_BUILDINFO" "buildinfo") # utf8_ptr -set("PROV_PARAM_STATUS" "status") # uint -set("PROV_PARAM_SECURITY_CHECKS" "security-checks") # uint -set("PROV_PARAM_TLS1_PRF_EMS_CHECK" "tls1-prf-ems-check") # uint -set("PROV_PARAM_DRBG_TRUNC_DIGEST" "drbg-no-trunc-md") # uint - -# Self test callback parameters -set("PROV_PARAM_SELF_TEST_PHASE" "st-phase")# utf8_string -set("PROV_PARAM_SELF_TEST_TYPE" "st-type") # utf8_string -set("PROV_PARAM_SELF_TEST_DESC" "st-desc") # utf8_string - -# Provider-native object abstractions -# -# These are used when a provider wants to pass object data or an object -# reference back to libcrypto. This is only useful for provider functions -# that take a callback to which an PARAM array with these parameters -# can be passed. -# -# This set of parameter names is explained in detail in provider-object(7) -# (doc/man7/provider-object.pod) - -set("OBJECT_PARAM_TYPE" "type") # INTEGER -set("OBJECT_PARAM_DATA_TYPE" "data-type")# UTF8_STRING -set("OBJECT_PARAM_DATA_STRUCTURE" "data-structure")# UTF8_STRING -set("OBJECT_PARAM_REFERENCE" "reference")# OCTET_STRING -set("OBJECT_PARAM_DATA" "data")# OCTET_STRING or UTF8_STRING -set("OBJECT_PARAM_DESC" "desc") # UTF8_STRING - -# Algorithm parameters -# If "engine",or "properties",are specified, they should always be paired -# with the algorithm type. -# Note these are common names that are shared by many types (such as kdf, mac, -# and pkey) e.g: see MAC_PARAM_DIGEST below. - -set("ALG_PARAM_DIGEST" "digest") # utf8_string -set("ALG_PARAM_CIPHER" "cipher") # utf8_string -set("ALG_PARAM_ENGINE" "engine") # utf8_string -set("ALG_PARAM_MAC" "mac") # utf8_string -set("ALG_PARAM_PROPERTIES" "properties") # utf8_string - -# cipher parameters -set("CIPHER_PARAM_PADDING" "padding") # uint -set("CIPHER_PARAM_USE_BITS" "use-bits") # uint -set("CIPHER_PARAM_TLS_VERSION" "tls-version") # uint -set("CIPHER_PARAM_TLS_MAC" "tls-mac") # octet_ptr -set("CIPHER_PARAM_TLS_MAC_SIZE" "tls-mac-size")# size_t -set("CIPHER_PARAM_MODE" "mode") # uint -set("CIPHER_PARAM_BLOCK_SIZE" "blocksize") # size_t -set("CIPHER_PARAM_AEAD" "aead") # int, 0 or 1 -set("CIPHER_PARAM_CUSTOM_IV" "custom-iv") # int, 0 or 1 -set("CIPHER_PARAM_CTS" "cts") # int, 0 or 1 -set("CIPHER_PARAM_TLS1_MULTIBLOCK" "tls-multi") # int, 0 or 1 -set("CIPHER_PARAM_HAS_RAND_KEY" "has-randkey") # int, 0 or 1 -set("CIPHER_PARAM_KEYLEN" "keylen") # size_t -set("CIPHER_PARAM_IVLEN" "ivlen") # size_t -set("CIPHER_PARAM_IV" "iv") # octet_string OR octet_ptr -set("CIPHER_PARAM_UPDATED_IV" "updated-iv") # octet_string OR octet_ptr -set("CIPHER_PARAM_NUM" "num") # uint -set("CIPHER_PARAM_ROUNDS" "rounds") # uint -set("CIPHER_PARAM_AEAD_TAG" "tag") # octet_string -set("CIPHER_PARAM_AEAD_TLS1_AAD" "tlsaad") # octet_string -set("CIPHER_PARAM_AEAD_TLS1_AAD_PAD" "tlsaadpad") # size_t -set("CIPHER_PARAM_AEAD_TLS1_IV_FIXED" "tlsivfixed") # octet_string -set("CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN" "tlsivgen") # octet_string -set("CIPHER_PARAM_AEAD_TLS1_SET_IV_INV" "tlsivinv") # octet_string +set("PROV_PARAM_CORE_VERSION" "openssl-version") +set("PROV_PARAM_CORE_PROV_NAME" "provider-name") +set("PROV_PARAM_CORE_MODULE_FILENAME" "module-filename") +set("PROV_PARAM_NAME" "name") +set("PROV_PARAM_VERSION" "version") +set("PROV_PARAM_BUILDINFO" "buildinfo") +set("PROV_PARAM_STATUS" "status") +set("PROV_PARAM_SECURITY_CHECKS" "security-checks") +set("PROV_PARAM_HMAC_KEY_CHECK" "hmac-key-check") +set("PROV_PARAM_KMAC_KEY_CHECK" "kmac-key-check") +set("PROV_PARAM_TLS1_PRF_EMS_CHECK" "tls1-prf-ems-check") +set("PROV_PARAM_NO_SHORT_MAC" "no-short-mac") +set("PROV_PARAM_DRBG_TRUNC_DIGEST" "drbg-no-trunc-md") +set("PROV_PARAM_HKDF_DIGEST_CHECK" "hkdf-digest-check") +set("PROV_PARAM_TLS13_KDF_DIGEST_CHECK" "tls13-kdf-digest-check") +set("PROV_PARAM_TLS1_PRF_DIGEST_CHECK" "tls1-prf-digest-check") +set("PROV_PARAM_SSHKDF_DIGEST_CHECK" "sshkdf-digest-check") +set("PROV_PARAM_SSKDF_DIGEST_CHECK" "sskdf-digest-check") +set("PROV_PARAM_X963KDF_DIGEST_CHECK" "x963kdf-digest-check") +set("PROV_PARAM_DSA_SIGN_DISABLED" "dsa-sign-disabled") +set("PROV_PARAM_TDES_ENCRYPT_DISABLED" "tdes-encrypt-disabled") +set("PROV_PARAM_RSA_PSS_SALTLEN_CHECK" "rsa-pss-saltlen-check") +set("PROV_PARAM_RSA_SIGN_X931_PAD_DISABLED" "rsa-sign-x931-pad-disabled") +set("PROV_PARAM_RSA_PKCS15_PAD_DISABLED" "rsa-pkcs15-pad-disabled") +set("PROV_PARAM_HKDF_KEY_CHECK" "hkdf-key-check") +set("PROV_PARAM_KBKDF_KEY_CHECK" "kbkdf-key-check") +set("PROV_PARAM_TLS13_KDF_KEY_CHECK" "tls13-kdf-key-check") +set("PROV_PARAM_TLS1_PRF_KEY_CHECK" "tls1-prf-key-check") +set("PROV_PARAM_SSHKDF_KEY_CHECK" "sshkdf-key-check") +set("PROV_PARAM_SSKDF_KEY_CHECK" "sskdf-key-check") +set("PROV_PARAM_X963KDF_KEY_CHECK" "x963kdf-key-check") +set("PROV_PARAM_X942KDF_KEY_CHECK" "x942kdf-key-check") +set("PROV_PARAM_PBKDF2_LOWER_BOUND_CHECK" "pbkdf2-lower-bound-check") +set("PROV_PARAM_ECDH_COFACTOR_CHECK" "ecdh-cofactor-check") +set("PROV_PARAM_SIGNATURE_DIGEST_CHECK" "signature-digest-check") +set("PROV_PARAM_SELF_TEST_PHASE" "st-phase") +set("PROV_PARAM_SELF_TEST_TYPE" "st-type") +set("PROV_PARAM_SELF_TEST_DESC" "st-desc") +set("OBJECT_PARAM_TYPE" "type") +set("OBJECT_PARAM_DATA_TYPE" "data-type") +set("OBJECT_PARAM_DATA_STRUCTURE" "data-structure") +set("OBJECT_PARAM_REFERENCE" "reference") +set("OBJECT_PARAM_DATA" "data") +set("OBJECT_PARAM_DESC" "desc") +set("ALG_PARAM_DIGEST" "digest") +set("ALG_PARAM_CIPHER" "cipher") +set("ALG_PARAM_ENGINE" "engine") +set("ALG_PARAM_MAC" "mac") +set("ALG_PARAM_PROPERTIES" "properties") +set("ALG_PARAM_FIPS_APPROVED_INDICATOR" "fips-indicator") +set("ALG_PARAM_ALGORITHM_ID" "algorithm-id") +set("ALG_PARAM_ALGORITHM_ID_PARAMS" "algorithm-id-params") +set("CIPHER_PARAM_PADDING" "padding") +set("CIPHER_PARAM_USE_BITS" "use-bits") +set("CIPHER_PARAM_TLS_VERSION" "tls-version") +set("CIPHER_PARAM_TLS_MAC" "tls-mac") +set("CIPHER_PARAM_TLS_MAC_SIZE" "tls-mac-size") +set("CIPHER_PARAM_MODE" "mode") +set("CIPHER_PARAM_BLOCK_SIZE" "blocksize") +set("CIPHER_PARAM_AEAD" "aead") +set("CIPHER_PARAM_CUSTOM_IV" "custom-iv") +set("CIPHER_PARAM_CTS" "cts") +set("CIPHER_PARAM_TLS1_MULTIBLOCK" "tls-multi") +set("CIPHER_PARAM_HAS_RAND_KEY" "has-randkey") +set("CIPHER_PARAM_KEYLEN" "keylen") +set("CIPHER_PARAM_IVLEN" "ivlen") +set("CIPHER_PARAM_IV" "iv") +set("CIPHER_PARAM_UPDATED_IV" "updated-iv") +set("CIPHER_PARAM_NUM" "num") +set("CIPHER_PARAM_ROUNDS" "rounds") +set("CIPHER_PARAM_AEAD_TAG" "tag") +set("CIPHER_PARAM_AEAD_TLS1_AAD" "tlsaad") +set("CIPHER_PARAM_AEAD_TLS1_AAD_PAD" "tlsaadpad") +set("CIPHER_PARAM_AEAD_TLS1_IV_FIXED" "tlsivfixed") +set("CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN" "tlsivgen") +set("CIPHER_PARAM_AEAD_TLS1_SET_IV_INV" "tlsivinv") set("CIPHER_PARAM_AEAD_IVLEN" "*CIPHER_PARAM_IVLEN") -set("CIPHER_PARAM_AEAD_TAGLEN" "taglen") # size_t -set("CIPHER_PARAM_AEAD_MAC_KEY" "mackey") # octet_string -set("CIPHER_PARAM_RANDOM_KEY" "randkey") # octet_string -set("CIPHER_PARAM_RC2_KEYBITS" "keybits") # size_t -set("CIPHER_PARAM_SPEED" "speed") # uint -set("CIPHER_PARAM_CTS_MODE" "cts_mode") # utf8_string -# For passing the AlgorithmIdentifier parameter in DER form -set("CIPHER_PARAM_ALGORITHM_ID_PARAMS" "alg_id_param")# octet_string -set("CIPHER_PARAM_XTS_STANDARD" "xts_standard")# utf8_string - -set("CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT" "tls1multi_maxsndfrag")# uint -set("CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE" "tls1multi_maxbufsz") # size_t -set("CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE" "tls1multi_interleave")# uint -set("CIPHER_PARAM_TLS1_MULTIBLOCK_AAD" "tls1multi_aad") # octet_string -set("CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN" "tls1multi_aadpacklen")# uint -set("CIPHER_PARAM_TLS1_MULTIBLOCK_ENC" "tls1multi_enc") # octet_string -set("CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN" "tls1multi_encin") # octet_string -set("CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN" "tls1multi_enclen") # size_t - -# digest parameters -set("DIGEST_PARAM_XOFLEN" "xoflen") # size_t -set("DIGEST_PARAM_SSL3_MS" "ssl3-ms") # octet string -set("DIGEST_PARAM_PAD_TYPE" "pad-type") # uint -set("DIGEST_PARAM_MICALG" "micalg") # utf8 string -set("DIGEST_PARAM_BLOCK_SIZE" "blocksize") # size_t -set("DIGEST_PARAM_SIZE" "size") # size_t -set("DIGEST_PARAM_XOF" "xof") # int, 0 or 1 -set("DIGEST_PARAM_ALGID_ABSENT" "algid-absent") # int, 0 or 1 - -# MAC parameters -set("MAC_PARAM_KEY" "key") # octet string -set("MAC_PARAM_IV" "iv") # octet string -set("MAC_PARAM_CUSTOM" "custom") # utf8 string -set("MAC_PARAM_SALT" "salt") # octet string -set("MAC_PARAM_XOF" "xof") # int, 0 or 1 -set("MAC_PARAM_DIGEST_NOINIT" "digest-noinit") # int, 0 or 1 -set("MAC_PARAM_DIGEST_ONESHOT" "digest-oneshot")# int, 0 or 1 -set("MAC_PARAM_C_ROUNDS" "c-rounds") # unsigned int -set("MAC_PARAM_D_ROUNDS" "d-rounds") # unsigned int - -# If "engine",or "properties",are specified, they should always be paired -# with "cipher",or "digest". - -set("MAC_PARAM_CIPHER" "*ALG_PARAM_CIPHER") # utf8 string -set("MAC_PARAM_DIGEST" "*ALG_PARAM_DIGEST") # utf8 string -set("MAC_PARAM_PROPERTIES" "*ALG_PARAM_PROPERTIES") # utf8 string -set("MAC_PARAM_SIZE" "size") # size_t -set("MAC_PARAM_BLOCK_SIZE" "block-size") # size_t -set("MAC_PARAM_TLS_DATA_SIZE" "tls-data-size") # size_t - -# KDF / PRF parameters -set("KDF_PARAM_SECRET" "secret") # octet string -set("KDF_PARAM_KEY" "key") # octet string -set("KDF_PARAM_SALT" "salt") # octet string -set("KDF_PARAM_PASSWORD" "pass") # octet string -set("KDF_PARAM_PREFIX" "prefix") # octet string -set("KDF_PARAM_LABEL" "label") # octet string -set("KDF_PARAM_DATA" "data") # octet string -set("KDF_PARAM_DIGEST" "*ALG_PARAM_DIGEST") # utf8 string -set("KDF_PARAM_CIPHER" "*ALG_PARAM_CIPHER") # utf8 string -set("KDF_PARAM_MAC" "*ALG_PARAM_MAC") # utf8 string -set("KDF_PARAM_MAC_SIZE" "maclen") # size_t -set("KDF_PARAM_PROPERTIES" "*ALG_PARAM_PROPERTIES") # utf8 string -set("KDF_PARAM_ITER" "iter") # unsigned int -set("KDF_PARAM_MODE" "mode") # utf8 string or int -set("KDF_PARAM_PKCS5" "pkcs5") # int -set("KDF_PARAM_UKM" "ukm") # octet string -set("KDF_PARAM_CEK_ALG" "cekalg") # utf8 string -set("KDF_PARAM_SCRYPT_N" "n") # uint64_t -set("KDF_PARAM_SCRYPT_R" "r") # uint32_t -set("KDF_PARAM_SCRYPT_P" "p") # uint32_t -set("KDF_PARAM_SCRYPT_MAXMEM" "maxmem_bytes") # uint64_t -set("KDF_PARAM_INFO" "info") # octet string -set("KDF_PARAM_SEED" "seed") # octet string -set("KDF_PARAM_SSHKDF_XCGHASH" "xcghash") # octet string -set("KDF_PARAM_SSHKDF_SESSION_ID" "session_id") # octet string -set("KDF_PARAM_SSHKDF_TYPE" "type") # int -set("KDF_PARAM_SIZE" "size") # size_t -set("KDF_PARAM_CONSTANT" "constant") # octet string -set("KDF_PARAM_PKCS12_ID" "id") # int -set("KDF_PARAM_KBKDF_USE_L" "use-l") # int -set("KDF_PARAM_KBKDF_USE_SEPARATOR" "use-separator") # int -set("KDF_PARAM_KBKDF_R" "r") # int +set("CIPHER_PARAM_AEAD_IV_GENERATED" "iv-generated") +set("CIPHER_PARAM_AEAD_TAGLEN" "taglen") +set("CIPHER_PARAM_AEAD_MAC_KEY" "mackey") +set("CIPHER_PARAM_RANDOM_KEY" "randkey") +set("CIPHER_PARAM_RC2_KEYBITS" "keybits") +set("CIPHER_PARAM_SPEED" "speed") +set("CIPHER_PARAM_CTS_MODE" "cts_mode") +set("CIPHER_PARAM_DECRYPT_ONLY" "decrypt-only") +set("CIPHER_PARAM_FIPS_ENCRYPT_CHECK" "encrypt-check") +set("CIPHER_PARAM_FIPS_APPROVED_INDICATOR" "*ALG_PARAM_FIPS_APPROVED_INDICATOR") +set("CIPHER_PARAM_ALGORITHM_ID" "*ALG_PARAM_ALGORITHM_ID") +set("CIPHER_PARAM_ALGORITHM_ID_PARAMS" "*ALG_PARAM_ALGORITHM_ID_PARAMS") +set("CIPHER_PARAM_ALGORITHM_ID_PARAMS_OLD" "alg_id_param") +set("CIPHER_PARAM_XTS_STANDARD" "xts_standard") +set("CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT" "tls1multi_maxsndfrag") +set("CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE" "tls1multi_maxbufsz") +set("CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE" "tls1multi_interleave") +set("CIPHER_PARAM_TLS1_MULTIBLOCK_AAD" "tls1multi_aad") +set("CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN" "tls1multi_aadpacklen") +set("CIPHER_PARAM_TLS1_MULTIBLOCK_ENC" "tls1multi_enc") +set("CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN" "tls1multi_encin") +set("CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN" "tls1multi_enclen") +set("DIGEST_PARAM_XOFLEN" "xoflen") +set("DIGEST_PARAM_SSL3_MS" "ssl3-ms") +set("DIGEST_PARAM_PAD_TYPE" "pad-type") +set("DIGEST_PARAM_MICALG" "micalg") +set("DIGEST_PARAM_BLOCK_SIZE" "blocksize") +set("DIGEST_PARAM_SIZE" "size") +set("DIGEST_PARAM_XOF" "xof") +set("DIGEST_PARAM_ALGID_ABSENT" "algid-absent") +set("MAC_PARAM_KEY" "key") +set("MAC_PARAM_IV" "iv") +set("MAC_PARAM_CUSTOM" "custom") +set("MAC_PARAM_SALT" "salt") +set("MAC_PARAM_XOF" "xof") +set("MAC_PARAM_DIGEST_NOINIT" "digest-noinit") +set("MAC_PARAM_DIGEST_ONESHOT" "digest-oneshot") +set("MAC_PARAM_C_ROUNDS" "c-rounds") +set("MAC_PARAM_D_ROUNDS" "d-rounds") +set("MAC_PARAM_CIPHER" "*ALG_PARAM_CIPHER") +set("MAC_PARAM_DIGEST" "*ALG_PARAM_DIGEST") +set("MAC_PARAM_PROPERTIES" "*ALG_PARAM_PROPERTIES") +set("MAC_PARAM_SIZE" "size") +set("MAC_PARAM_BLOCK_SIZE" "block-size") +set("MAC_PARAM_TLS_DATA_SIZE" "tls-data-size") +set("MAC_PARAM_FIPS_NO_SHORT_MAC" "*PROV_PARAM_NO_SHORT_MAC") +set("MAC_PARAM_FIPS_KEY_CHECK" "*PKEY_PARAM_FIPS_KEY_CHECK") +set("MAC_PARAM_FIPS_APPROVED_INDICATOR" "*ALG_PARAM_FIPS_APPROVED_INDICATOR") +set("MAC_PARAM_FIPS_NO_SHORT_MAC" "*PROV_PARAM_NO_SHORT_MAC") +set("KDF_PARAM_SECRET" "secret") +set("KDF_PARAM_KEY" "key") +set("KDF_PARAM_SALT" "salt") +set("KDF_PARAM_PASSWORD" "pass") +set("KDF_PARAM_PREFIX" "prefix") +set("KDF_PARAM_LABEL" "label") +set("KDF_PARAM_DATA" "data") +set("KDF_PARAM_DIGEST" "*ALG_PARAM_DIGEST") +set("KDF_PARAM_CIPHER" "*ALG_PARAM_CIPHER") +set("KDF_PARAM_MAC" "*ALG_PARAM_MAC") +set("KDF_PARAM_MAC_SIZE" "maclen") +set("KDF_PARAM_PROPERTIES" "*ALG_PARAM_PROPERTIES") +set("KDF_PARAM_ITER" "iter") +set("KDF_PARAM_MODE" "mode") +set("KDF_PARAM_PKCS5" "pkcs5") +set("KDF_PARAM_UKM" "ukm") +set("KDF_PARAM_CEK_ALG" "cekalg") +set("KDF_PARAM_SCRYPT_N" "n") +set("KDF_PARAM_SCRYPT_R" "r") +set("KDF_PARAM_SCRYPT_P" "p") +set("KDF_PARAM_SCRYPT_MAXMEM" "maxmem_bytes") +set("KDF_PARAM_INFO" "info") +set("KDF_PARAM_SEED" "seed") +set("KDF_PARAM_SSHKDF_XCGHASH" "xcghash") +set("KDF_PARAM_SSHKDF_SESSION_ID" "session_id") +set("KDF_PARAM_SSHKDF_TYPE" "type") +set("KDF_PARAM_SIZE" "size") +set("KDF_PARAM_CONSTANT" "constant") +set("KDF_PARAM_PKCS12_ID" "id") +set("KDF_PARAM_KBKDF_USE_L" "use-l") +set("KDF_PARAM_KBKDF_USE_SEPARATOR" "use-separator") +set("KDF_PARAM_KBKDF_R" "r") set("KDF_PARAM_X942_ACVPINFO" "acvp-info") set("KDF_PARAM_X942_PARTYUINFO" "partyu-info") set("KDF_PARAM_X942_PARTYVINFO" "partyv-info") @@ -537,22 +607,23 @@ set("KDF_PARAM_X942_SUPP_PRIVINFO" "supp-privinfo") set("KDF_PARAM_X942_USE_KEYBITS" "use-keybits") set("KDF_PARAM_HMACDRBG_ENTROPY" "entropy") set("KDF_PARAM_HMACDRBG_NONCE" "nonce") -set("KDF_PARAM_THREADS" "threads") # uint32_t -set("KDF_PARAM_EARLY_CLEAN" "early_clean") # uint32_t -set("KDF_PARAM_ARGON2_AD" "ad") # octet string -set("KDF_PARAM_ARGON2_LANES" "lanes") # uint32_t -set("KDF_PARAM_ARGON2_MEMCOST" "memcost") # uint32_t -set("KDF_PARAM_ARGON2_VERSION" "version") # uint32_t - -# Known RAND names +set("KDF_PARAM_THREADS" "threads") +set("KDF_PARAM_EARLY_CLEAN" "early_clean") +set("KDF_PARAM_ARGON2_AD" "ad") +set("KDF_PARAM_ARGON2_LANES" "lanes") +set("KDF_PARAM_ARGON2_MEMCOST" "memcost") +set("KDF_PARAM_ARGON2_VERSION" "version") +set("KDF_PARAM_FIPS_EMS_CHECK" "ems_check") +set("KDF_PARAM_FIPS_DIGEST_CHECK" "*PKEY_PARAM_FIPS_DIGEST_CHECK") +set("KDF_PARAM_FIPS_KEY_CHECK" "*PKEY_PARAM_FIPS_KEY_CHECK") +set("KDF_PARAM_FIPS_APPROVED_INDICATOR" "*ALG_PARAM_FIPS_APPROVED_INDICATOR") set("RAND_PARAM_STATE" "state") set("RAND_PARAM_STRENGTH" "strength") set("RAND_PARAM_MAX_REQUEST" "max_request") set("RAND_PARAM_TEST_ENTROPY" "test_entropy") set("RAND_PARAM_TEST_NONCE" "test_nonce") set("RAND_PARAM_GENERATE" "generate") - -# RAND/DRBG names +set("RAND_PARAM_FIPS_APPROVED_INDICATOR" "*ALG_PARAM_FIPS_APPROVED_INDICATOR") set("DRBG_PARAM_RESEED_REQUESTS" "reseed_requests") set("DRBG_PARAM_RESEED_TIME_INTERVAL" "reseed_time_interval") set("DRBG_PARAM_MIN_ENTROPYLEN" "min_entropylen") @@ -568,26 +639,23 @@ set("DRBG_PARAM_DIGEST" "*ALG_PARAM_DIGEST") set("DRBG_PARAM_CIPHER" "*ALG_PARAM_CIPHER") set("DRBG_PARAM_MAC" "*ALG_PARAM_MAC") set("DRBG_PARAM_USE_DF" "use_derivation_function") - -# DRBG call back parameters +set("DRBG_PARAM_FIPS_DIGEST_CHECK" "*PKEY_PARAM_FIPS_DIGEST_CHECK") +set("DRBG_PARAM_FIPS_APPROVED_INDICATOR" "*ALG_PARAM_FIPS_APPROVED_INDICATOR") set("DRBG_PARAM_ENTROPY_REQUIRED" "entropy_required") set("DRBG_PARAM_PREDICTION_RESISTANCE" "prediction_resistance") set("DRBG_PARAM_MIN_LENGTH" "minium_length") set("DRBG_PARAM_MAX_LENGTH" "maxium_length") set("DRBG_PARAM_RANDOM_DATA" "random_data") set("DRBG_PARAM_SIZE" "size") - -# PKEY parameters -# Common PKEY parameters -set("PKEY_PARAM_BITS" "bits")# integer -set("PKEY_PARAM_MAX_SIZE" "max-size")# integer -set("PKEY_PARAM_SECURITY_BITS" "security-bits")# integer +set("PKEY_PARAM_BITS" "bits") +set("PKEY_PARAM_MAX_SIZE" "max-size") +set("PKEY_PARAM_SECURITY_BITS" "security-bits") set("PKEY_PARAM_DIGEST" "*ALG_PARAM_DIGEST") -set("PKEY_PARAM_CIPHER" "*ALG_PARAM_CIPHER") # utf8 string -set("PKEY_PARAM_ENGINE" "*ALG_PARAM_ENGINE") # utf8 string +set("PKEY_PARAM_CIPHER" "*ALG_PARAM_CIPHER") +set("PKEY_PARAM_ENGINE" "*ALG_PARAM_ENGINE") set("PKEY_PARAM_PROPERTIES" "*ALG_PARAM_PROPERTIES") -set("PKEY_PARAM_DEFAULT_DIGEST" "default-digest")# utf8 string -set("PKEY_PARAM_MANDATORY_DIGEST" "mandatory-digest")# utf8 string +set("PKEY_PARAM_DEFAULT_DIGEST" "default-digest") +set("PKEY_PARAM_MANDATORY_DIGEST" "mandatory-digest") set("PKEY_PARAM_PAD_MODE" "pad-mode") set("PKEY_PARAM_DIGEST_SIZE" "digest-size") set("PKEY_PARAM_MASKGENFUNC" "mgf") @@ -599,8 +667,10 @@ set("PKEY_PARAM_DIST_ID" "distid") set("PKEY_PARAM_PUB_KEY" "pub") set("PKEY_PARAM_PRIV_KEY" "priv") set("PKEY_PARAM_IMPLICIT_REJECTION" "implicit-rejection") - -# Diffie-Hellman/DSA Parameters +set("PKEY_PARAM_FIPS_DIGEST_CHECK" "digest-check") +set("PKEY_PARAM_FIPS_KEY_CHECK" "key-check") +set("PKEY_PARAM_ALGORITHM_ID" "*ALG_PARAM_ALGORITHM_ID") +set("PKEY_PARAM_ALGORITHM_ID_PARAMS" "*ALG_PARAM_ALGORITHM_ID_PARAMS") set("PKEY_PARAM_FFC_P" "p") set("PKEY_PARAM_FFC_G" "g") set("PKEY_PARAM_FFC_Q" "q") @@ -612,16 +682,10 @@ set("PKEY_PARAM_FFC_H" "hindex") set("PKEY_PARAM_FFC_VALIDATE_PQ" "validate-pq") set("PKEY_PARAM_FFC_VALIDATE_G" "validate-g") set("PKEY_PARAM_FFC_VALIDATE_LEGACY" "validate-legacy") - -# Diffie-Hellman params set("PKEY_PARAM_DH_GENERATOR" "safeprime-generator") set("PKEY_PARAM_DH_PRIV_LEN" "priv_len") - -# Elliptic Curve Domain Parameters set("PKEY_PARAM_EC_PUB_X" "qx") set("PKEY_PARAM_EC_PUB_Y" "qy") - -# Elliptic Curve Explicit Domain Parameters set("PKEY_PARAM_EC_FIELD_TYPE" "field-type") set("PKEY_PARAM_EC_P" "p") set("PKEY_PARAM_EC_A" "a") @@ -637,25 +701,8 @@ set("PKEY_PARAM_EC_CHAR2_PP_K1" "k1") set("PKEY_PARAM_EC_CHAR2_PP_K2" "k2") set("PKEY_PARAM_EC_CHAR2_PP_K3" "k3") set("PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS" "decoded-from-explicit") - -# Elliptic Curve Key Parameters set("PKEY_PARAM_USE_COFACTOR_FLAG" "use-cofactor-flag") set("PKEY_PARAM_USE_COFACTOR_ECDH" "*PKEY_PARAM_USE_COFACTOR_FLAG") - -# RSA Keys -# -# n, e, d are the usual public and private key components -# -# rsa-num is the number of factors, including p and q -# rsa-factor is used for each factor: p, q, r_i (i = 3, ...) -# rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...) -# rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...) -# -# The number of rsa-factor items must be equal to the number of rsa-exponent -# items, and the number of rsa-coefficients must be one less. -# (the base i for the coefficients is 2, not 1, at least as implied by -# RFC 8017) - set("PKEY_PARAM_RSA_N" "n") set("PKEY_PARAM_RSA_E" "e") set("PKEY_PARAM_RSA_D" "d") @@ -691,8 +738,6 @@ set("PKEY_PARAM_RSA_COEFFICIENT6" "rsa-coefficient6") set("PKEY_PARAM_RSA_COEFFICIENT7" "rsa-coefficient7") set("PKEY_PARAM_RSA_COEFFICIENT8" "rsa-coefficient8") set("PKEY_PARAM_RSA_COEFFICIENT9" "rsa-coefficient9") - -# Key generation parameters set("PKEY_PARAM_RSA_BITS" "*PKEY_PARAM_BITS") set("PKEY_PARAM_RSA_PRIMES" "primes") set("PKEY_PARAM_RSA_DIGEST" "*PKEY_PARAM_DIGEST") @@ -701,34 +746,31 @@ set("PKEY_PARAM_RSA_MASKGENFUNC" "*PKEY_PARAM_MASKGENFUNC") set("PKEY_PARAM_RSA_MGF1_DIGEST" "*PKEY_PARAM_MGF1_DIGEST") set("PKEY_PARAM_RSA_PSS_SALTLEN" "saltlen") set("PKEY_PARAM_RSA_DERIVE_FROM_PQ" "rsa-derive-from-pq") - -# EC, X25519 and X448 Key generation parameters set("PKEY_PARAM_DHKEM_IKM" "dhkem-ikm") - -# Key generation parameters set("PKEY_PARAM_FFC_TYPE" "type") set("PKEY_PARAM_FFC_PBITS" "pbits") set("PKEY_PARAM_FFC_QBITS" "qbits") set("PKEY_PARAM_FFC_DIGEST" "*PKEY_PARAM_DIGEST") set("PKEY_PARAM_FFC_DIGEST_PROPS" "*PKEY_PARAM_PROPERTIES") - -set("PKEY_PARAM_EC_ENCODING" "encoding")# utf8_string +set("PKEY_PARAM_EC_ENCODING" "encoding") set("PKEY_PARAM_EC_POINT_CONVERSION_FORMAT" "point-format") set("PKEY_PARAM_EC_GROUP_CHECK_TYPE" "group-check") set("PKEY_PARAM_EC_INCLUDE_PUBLIC" "include-public") - -# Key Exchange parameters -set("EXCHANGE_PARAM_PAD" "pad")# uint -set("EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE" "ecdh-cofactor-mode")# int -set("EXCHANGE_PARAM_KDF_TYPE" "kdf-type")# utf8_string -set("EXCHANGE_PARAM_KDF_DIGEST" "kdf-digest")# utf8_string -set("EXCHANGE_PARAM_KDF_DIGEST_PROPS" "kdf-digest-props")# utf8_string -set("EXCHANGE_PARAM_KDF_OUTLEN" "kdf-outlen")# size_t -# The following parameter is an octet_string on set and an octet_ptr on get +set("PKEY_PARAM_FIPS_SIGN_CHECK" "sign-check") +set("PKEY_PARAM_FIPS_APPROVED_INDICATOR" "*ALG_PARAM_FIPS_APPROVED_INDICATOR") +set("EXCHANGE_PARAM_PAD" "pad") +set("EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE" "ecdh-cofactor-mode") +set("EXCHANGE_PARAM_KDF_TYPE" "kdf-type") +set("EXCHANGE_PARAM_KDF_DIGEST" "kdf-digest") +set("EXCHANGE_PARAM_KDF_DIGEST_PROPS" "kdf-digest-props") +set("EXCHANGE_PARAM_KDF_OUTLEN" "kdf-outlen") set("EXCHANGE_PARAM_KDF_UKM" "kdf-ukm") - -# Signature parameters -set("SIGNATURE_PARAM_ALGORITHM_ID" "algorithm-id") +set("EXCHANGE_PARAM_FIPS_DIGEST_CHECK" "*PKEY_PARAM_FIPS_DIGEST_CHECK") +set("EXCHANGE_PARAM_FIPS_KEY_CHECK" "*PKEY_PARAM_FIPS_KEY_CHECK") +set("EXCHANGE_PARAM_FIPS_ECDH_COFACTOR_CHECK" "*PROV_PARAM_ECDH_COFACTOR_CHECK") +set("EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR" "*ALG_PARAM_FIPS_APPROVED_INDICATOR") +set("SIGNATURE_PARAM_ALGORITHM_ID" "*PKEY_PARAM_ALGORITHM_ID") +set("SIGNATURE_PARAM_ALGORITHM_ID_PARAMS" "*PKEY_PARAM_ALGORITHM_ID_PARAMS") set("SIGNATURE_PARAM_PAD_MODE" "*PKEY_PARAM_PAD_MODE") set("SIGNATURE_PARAM_DIGEST" "*PKEY_PARAM_DIGEST") set("SIGNATURE_PARAM_PROPERTIES" "*PKEY_PARAM_PROPERTIES") @@ -739,8 +781,14 @@ set("SIGNATURE_PARAM_DIGEST_SIZE" "*PKEY_PARAM_DIGEST_SIZE") set("SIGNATURE_PARAM_NONCE_TYPE" "nonce-type") set("SIGNATURE_PARAM_INSTANCE" "instance") set("SIGNATURE_PARAM_CONTEXT_STRING" "context-string") - -# Asym cipher parameters +set("SIGNATURE_PARAM_FIPS_DIGEST_CHECK" "*PKEY_PARAM_FIPS_DIGEST_CHECK") +set("SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE" "verify-message") +set("SIGNATURE_PARAM_FIPS_KEY_CHECK" "*PKEY_PARAM_FIPS_KEY_CHECK") +set("SIGNATURE_PARAM_FIPS_SIGN_CHECK" "*PKEY_PARAM_FIPS_SIGN_CHECK") +set("SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK" "rsa-pss-saltlen-check") +set("SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK" "sign-x931-pad-check") +set("SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR" "*ALG_PARAM_FIPS_APPROVED_INDICATOR") +set("SIGNATURE_PARAM_SIGNATURE" "signature") set("ASYM_CIPHER_PARAM_DIGEST" "*PKEY_PARAM_DIGEST") set("ASYM_CIPHER_PARAM_PROPERTIES" "*PKEY_PARAM_PROPERTIES") set("ASYM_CIPHER_PARAM_ENGINE" "*PKEY_PARAM_ENGINE") @@ -749,30 +797,21 @@ set("ASYM_CIPHER_PARAM_MGF1_DIGEST" "*PKEY_PARAM_MGF1_DIGEST") set("ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS" "*PKEY_PARAM_MGF1_PROPERTIES") set("ASYM_CIPHER_PARAM_OAEP_DIGEST" "*ALG_PARAM_DIGEST") set("ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS" "digest-props") -# The following parameter is an octet_string on set and an octet_ptr on get set("ASYM_CIPHER_PARAM_OAEP_LABEL" "oaep-label") set("ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION" "tls-client-version") set("ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION" "tls-negotiated-version") set("ASYM_CIPHER_PARAM_IMPLICIT_REJECTION" "implicit-rejection") - -# Encoder / decoder parameters - +set("ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED" "*PROV_PARAM_RSA_PKCS15_PAD_DISABLED") +set("ASYM_CIPHER_PARAM_FIPS_KEY_CHECK" "*PKEY_PARAM_FIPS_KEY_CHECK") +set("ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR" "*ALG_PARAM_FIPS_APPROVED_INDICATOR") set("ENCODER_PARAM_CIPHER" "*ALG_PARAM_CIPHER") set("ENCODER_PARAM_PROPERTIES" "*ALG_PARAM_PROPERTIES") -# Currently PVK only, but reusable for others as needed set("ENCODER_PARAM_ENCRYPT_LEVEL" "encrypt-level") -set("ENCODER_PARAM_SAVE_PARAMETERS" "save-parameters")# integer - +set("ENCODER_PARAM_SAVE_PARAMETERS" "save-parameters") set("DECODER_PARAM_PROPERTIES" "*ALG_PARAM_PROPERTIES") - -# Passphrase callback parameters set("PASSPHRASE_PARAM_INFO" "info") - -# Keygen callback parameters, from provider to libcrypto -set("GEN_PARAM_POTENTIAL" "potential")# integer -set("GEN_PARAM_ITERATION" "iteration")# integer - -# ACVP Test parameters : These should not be used normally +set("GEN_PARAM_POTENTIAL" "potential") +set("GEN_PARAM_ITERATION" "iteration") set("PKEY_PARAM_RSA_TEST_XP1" "xp1") set("PKEY_PARAM_RSA_TEST_XP2" "xp2") set("PKEY_PARAM_RSA_TEST_XP" "xp") @@ -784,14 +823,10 @@ set("PKEY_PARAM_RSA_TEST_P2" "p2") set("PKEY_PARAM_RSA_TEST_Q1" "q1") set("PKEY_PARAM_RSA_TEST_Q2" "q2") set("SIGNATURE_PARAM_KAT" "kat") - -# KEM parameters set("KEM_PARAM_OPERATION" "operation") set("KEM_PARAM_IKME" "ikme") - -# Capabilities - -# TLS-GROUP Capability +set("KEM_PARAM_FIPS_KEY_CHECK" "*PKEY_PARAM_FIPS_KEY_CHECK") +set("KEM_PARAM_FIPS_APPROVED_INDICATOR" "*ALG_PARAM_FIPS_APPROVED_INDICATOR") set("CAPABILITY_TLS_GROUP_NAME" "tls-group-name") set("CAPABILITY_TLS_GROUP_NAME_INTERNAL" "tls-group-name-internal") set("CAPABILITY_TLS_GROUP_ID" "tls-group-id") @@ -802,8 +837,6 @@ set("CAPABILITY_TLS_GROUP_MIN_TLS" "tls-min-tls") set("CAPABILITY_TLS_GROUP_MAX_TLS" "tls-max-tls") set("CAPABILITY_TLS_GROUP_MIN_DTLS" "tls-min-dtls") set("CAPABILITY_TLS_GROUP_MAX_DTLS" "tls-max-dtls") - -# TLS-SIGALG Capability set("CAPABILITY_TLS_SIGALG_IANA_NAME" "tls-sigalg-iana-name") set("CAPABILITY_TLS_SIGALG_CODE_POINT" "tls-sigalg-code-point") set("CAPABILITY_TLS_SIGALG_NAME" "tls-sigalg-name") @@ -817,37 +850,15 @@ set("CAPABILITY_TLS_SIGALG_KEYTYPE_OID" "tls-sigalg-keytype-oid") set("CAPABILITY_TLS_SIGALG_SECURITY_BITS" "tls-sigalg-sec-bits") set("CAPABILITY_TLS_SIGALG_MIN_TLS" "tls-min-tls") set("CAPABILITY_TLS_SIGALG_MAX_TLS" "tls-max-tls") - -# storemgmt parameters - - -# Used by storemgmt_ctx_set_params(): -# -# - STORE_PARAM_EXPECT is an INTEGER, and the value is any of the -# STORE_INFO numbers. This is used to set the expected type of -# object loaded. -# -# - STORE_PARAM_SUBJECT, STORE_PARAM_ISSUER, -# STORE_PARAM_SERIAL, STORE_PARAM_FINGERPRINT, -# STORE_PARAM_DIGEST, STORE_PARAM_ALIAS -# are used as search criteria. -# (STORE_PARAM_DIGEST is used with STORE_PARAM_FINGERPRINT) - -set("STORE_PARAM_EXPECT" "expect") # INTEGER -set("STORE_PARAM_SUBJECT" "subject") # DER blob => OCTET_STRING -set("STORE_PARAM_ISSUER" "name") # DER blob => OCTET_STRING -set("STORE_PARAM_SERIAL" "serial") # INTEGER -set("STORE_PARAM_DIGEST" "digest") # UTF8_STRING -set("STORE_PARAM_FINGERPRINT" "fingerprint") # OCTET_STRING -set("STORE_PARAM_ALIAS" "alias") # UTF8_STRING - -# You may want to pass properties for the provider implementation to use -set("STORE_PARAM_PROPERTIES" "properties") # utf8_string -# DECODER input type if a decoder is used by the store -set("STORE_PARAM_INPUT_TYPE" "input-type") # UTF8_STRING - - -# Libssl record layer +set("STORE_PARAM_EXPECT" "expect") +set("STORE_PARAM_SUBJECT" "subject") +set("STORE_PARAM_ISSUER" "name") +set("STORE_PARAM_SERIAL" "serial") +set("STORE_PARAM_DIGEST" "digest") +set("STORE_PARAM_FINGERPRINT" "fingerprint") +set("STORE_PARAM_ALIAS" "alias") +set("STORE_PARAM_PROPERTIES" "properties") +set("STORE_PARAM_INPUT_TYPE" "input-type") set("LIBSSL_RECORD_LAYER_PARAM_OPTIONS" "options") set("LIBSSL_RECORD_LAYER_PARAM_MODE" "mode") set("LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD" "read_ahead") @@ -858,6 +869,8 @@ set("LIBSSL_RECORD_LAYER_PARAM_TLSTREE" "tlstree") set("LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN" "max_frag_len") set("LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA" "max_early_data") set("LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING" "block_padding") +set("LIBSSL_RECORD_LAYER_PARAM_HS_PADDING" "hs_padding") + function(generate_public_macros) set(macros) diff --git a/crypto/thread/objects.cmake b/crypto/thread/objects.cmake index 3788569..f598041 100644 --- a/crypto/thread/objects.cmake +++ b/crypto/thread/objects.cmake @@ -2,6 +2,7 @@ set(LIBCRYPTO_CURRENTDIR_SOURCES ${CMAKE_SOURCE_DIR}/openssl/crypto/thread/api.c + ${CMAKE_SOURCE_DIR}/openssl/crypto/thread/arch/thread_win.c ) if (OPENSSL_THREAD_POOL) @@ -10,7 +11,6 @@ if (OPENSSL_THREAD_POOL) ${CMAKE_SOURCE_DIR}/openssl/crypto/thread/arch.c ${CMAKE_SOURCE_DIR}/openssl/crypto/thread/arch/thread_none.c ${CMAKE_SOURCE_DIR}/openssl/crypto/thread/arch/thread_posix.c - ${CMAKE_SOURCE_DIR}/openssl/crypto/thread/arch/thread_win.c ${CMAKE_SOURCE_DIR}/openssl/crypto/thread/internal.c ) endif() diff --git a/crypto/x509/objects.cmake b/crypto/x509/objects.cmake index b3ed809..ebc5e85 100644 --- a/crypto/x509/objects.cmake +++ b/crypto/x509/objects.cmake @@ -87,6 +87,16 @@ set(LIBCRYPTO_CURRENTDIR_SOURCES ${CMAKE_SOURCE_DIR}/openssl/crypto/x509/v3_no_rev_avail.c ${CMAKE_SOURCE_DIR}/openssl/crypto/x509/v3_single_use.c ${CMAKE_SOURCE_DIR}/openssl/crypto/x509/v3_soa_id.c + ${CMAKE_SOURCE_DIR}/openssl/crypto/x509/x509_acert.c + ${CMAKE_SOURCE_DIR}/openssl/crypto/x509/x509aset.c + ${CMAKE_SOURCE_DIR}/openssl/crypto/x509/t_acert.c + ${CMAKE_SOURCE_DIR}/openssl/crypto/x509/x_ietfatt.c + ${CMAKE_SOURCE_DIR}/openssl/crypto/x509/v3_ac_tgt.c + ${CMAKE_SOURCE_DIR}/openssl/crypto/x509/v3_sda.c + ${CMAKE_SOURCE_DIR}/openssl/crypto/x509/v3_usernotice.c + ${CMAKE_SOURCE_DIR}/openssl/crypto/x509/v3_battcons.c + ${CMAKE_SOURCE_DIR}/openssl/crypto/x509/v3_audit_id.c + ${CMAKE_SOURCE_DIR}/openssl/crypto/x509/v3_iobo.c ) if ( OPENSSL_DEPRECATED_3_0 ) diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt index 3afa6a4..48da0e4 100644 --- a/doc/CMakeLists.txt +++ b/doc/CMakeLists.txt @@ -236,6 +236,7 @@ foreach (PODFILE IN ITEMS "${CMAKE_SOURCE_DIR}/openssl/doc/man3/BN_swap.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/BN_zero.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/BUF_MEM_new.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man3/CMAC_CTX.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/CMS_add0_cert.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/CMS_add1_recipient_cert.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/CMS_add1_signer.pod" @@ -362,6 +363,7 @@ foreach (PODFILE IN ITEMS "${CMAKE_SOURCE_DIR}/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/EVP_PKEY_CTX_get0_libctx.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/EVP_PKEY_CTX_get0_pkey.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man3/EVP_PKEY_CTX_get_algor.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/EVP_PKEY_CTX_new.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/EVP_PKEY_CTX_set1_pbe_pass.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod" @@ -413,6 +415,7 @@ foreach (PODFILE IN ITEMS "${CMAKE_SOURCE_DIR}/openssl/doc/man3/EVP_sm4_cbc.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/EVP_VerifyInit.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/EVP_whirlpool.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man3/GENERAL_NAME.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/HMAC.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/i2d_CMS_bio_stream.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/i2d_PKCS7_bio_stream.pod" @@ -443,12 +446,14 @@ foreach (PODFILE IN ITEMS "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OPENSSL_LH_stats.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OPENSSL_load_builtin_modules.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OPENSSL_malloc.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OPENSSL_riscvcap.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OPENSSL_s390xcap.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OPENSSL_secure_malloc.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OPENSSL_strcasecmp.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OpenSSL_version.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_ALGORITHM.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_CALLBACK.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_CMP_ATAV_set0.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_CMP_CTX_new.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_CMP_exec_certreq.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_CMP_HDR_get0_transactionID.pod" @@ -477,12 +482,17 @@ foreach (PODFILE IN ITEMS "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_ENCODER_to_bio.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_ERR_STATE_save.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_ESS_check_signing_certs.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_GENERAL_NAMES_print.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_HPKE_CTX_new.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_HTTP_parse_url.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_HTTP_REQ_CTX.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_HTTP_transfer.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_IETF_ATTR_SYNTAX.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_IETF_ATTR_SYNTAX_print.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_INDICATOR_set_callback.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_ITEM.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_LIB_CTX.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_LIB_CTX_set_conf_diagnostics.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_PARAM.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_PARAM_allocate_from_text.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_PARAM_BLD.pod" @@ -502,6 +512,7 @@ foreach (PODFILE IN ITEMS "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_trace_enabled.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_trace_get_category_num.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/OSSL_trace_set_channel.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man3/PBMAC1_get1_pbkdf2_param.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/PEM_bytes_read_bio.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/PEM_read.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/PEM_read_bio_ex.pod" @@ -668,6 +679,7 @@ foreach (PODFILE IN ITEMS "${CMAKE_SOURCE_DIR}/openssl/doc/man3/SSL_get0_group_name.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/SSL_get0_peer_rpk.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/SSL_get0_peer_scts.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man3/SSL_get1_builtin_sigalgs.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/SSL_get_all_async_fds.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/SSL_get_certificate.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/SSL_get_ciphers.pod" @@ -744,7 +756,7 @@ foreach (PODFILE IN ITEMS "${CMAKE_SOURCE_DIR}/openssl/doc/man3/SSL_want.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/SSL_write.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/TS_RESP_CTX_new.pod" - "${CMAKE_SOURCE_DIR}/openssl/doc/man3/TS_VERIFY_CTX_set_certs.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man3/TS_VERIFY_CTX.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/UI_create_method.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/UI_new.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/UI_STRING.pod" @@ -752,6 +764,11 @@ foreach (PODFILE IN ITEMS "${CMAKE_SOURCE_DIR}/openssl/doc/man3/X509V3_get_d2i.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/X509v3_get_ext_by_NID.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/X509V3_set_ctx.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man3/X509_ACERT_add1_attr.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man3/X509_ACERT_add_attr_nconf.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man3/X509_ACERT_get0_holder_baseCertId.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man3/X509_ACERT_get_attr.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man3/X509_ACERT_print_ex.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/X509_add_cert.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/X509_ALGOR_dup.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man3/X509_ATTRIBUTE.pod" @@ -889,9 +906,11 @@ foreach (PODFILE IN ITEMS "${CMAKE_SOURCE_DIR}/openssl/doc/man7/EVP_PKEY-RSA.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man7/EVP_PKEY-SM2.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man7/EVP_PKEY-X25519.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man7/EVP_RAND-CRNG-TEST.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man7/EVP_RAND-CTR-DRBG.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man7/EVP_RAND-HASH-DRBG.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man7/EVP_RAND-HMAC-DRBG.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man7/EVP_RAND-JITTER.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man7/EVP_RAND-SEED-SRC.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man7/EVP_RAND-TEST-RAND.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man7/EVP_RAND.pod" @@ -928,6 +947,7 @@ foreach (PODFILE IN ITEMS "${CMAKE_SOURCE_DIR}/openssl/doc/man7/ossl-guide-tls-client-block.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man7/ossl-guide-tls-client-non-block.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man7/ossl-guide-tls-introduction.pod" + "${CMAKE_SOURCE_DIR}/openssl/doc/man7/ossl-guide-tls-server-block.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man7/OSSL_PROVIDER-base.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man7/OSSL_PROVIDER-default.pod" "${CMAKE_SOURCE_DIR}/openssl/doc/man7/OSSL_PROVIDER-FIPS.pod" diff --git a/openssl b/openssl index fb7fab9..98acb6b 160000 --- a/openssl +++ b/openssl @@ -1 +1 @@ -Subproject commit fb7fab9fa6f4869eaa8fbb97e0d593159f03ffe4 +Subproject commit 98acb6b02839c609ef5b837794e08d906d965335 diff --git a/providers/default/CMakeLists.txt b/providers/default/CMakeLists.txt index edabe21..59f7aff 100644 --- a/providers/default/CMakeLists.txt +++ b/providers/default/CMakeLists.txt @@ -94,8 +94,8 @@ set(LIBDEFAULT_SOURCES ${CMAKE_SOURCE_DIR}/openssl/providers/implementations/rands/drbg_ctr.c ${CMAKE_SOURCE_DIR}/openssl/providers/implementations/rands/drbg_hash.c ${CMAKE_SOURCE_DIR}/openssl/providers/implementations/rands/drbg_hmac.c - ${CMAKE_SOURCE_DIR}/openssl/providers/implementations/rands/crngt.c ${CMAKE_SOURCE_DIR}/openssl/providers/implementations/rands/seed_src.c + ${CMAKE_SOURCE_DIR}/openssl/providers/implementations/rands/seed_src_jitter.c ${CMAKE_SOURCE_DIR}/openssl/providers/implementations/signature/rsa_sig.c ${CMAKE_SOURCE_DIR}/openssl/providers/implementations/signature/mac_legacy_sig.c ${CMAKE_SOURCE_DIR}/openssl/providers/implementations/storemgmt/file_store.c @@ -369,6 +369,7 @@ target_include_directories(libdefault ${CMAKE_SOURCE_DIR}/openssl/crypto ${CMAKE_BINARY_DIR}/providers/common/include ${CMAKE_SOURCE_DIR}/openssl/providers/include + ${CMAKE_SOURCE_DIR}/openssl/providers/fips/include ) target_compile_definitions(libdefault diff --git a/providers/legacy/CMakeLists.txt b/providers/legacy/CMakeLists.txt index b570d02..f13f4a3 100644 --- a/providers/legacy/CMakeLists.txt +++ b/providers/legacy/CMakeLists.txt @@ -314,6 +314,7 @@ target_include_directories(legacy ${CMAKE_SOURCE_DIR}/openssl/crypto ${CMAKE_BINARY_DIR}/providers/common/include ${CMAKE_SOURCE_DIR}/openssl/providers/include + ${CMAKE_SOURCE_DIR}/openssl/providers/fips/include ) # workaround! diff --git a/readme.md b/readme.md index f74a517..16132ea 100644 --- a/readme.md +++ b/readme.md @@ -1,10 +1,10 @@ # openssl-externalCMake -![Build Status](https://github.com/Fsu0413/openssl-externalCMake/actions/workflows/cmake.yml/badge.svg?branch=3.3) +![Build Status](https://github.com/Fsu0413/openssl-externalCMake/actions/workflows/cmake.yml/badge.svg?branch=3.4) This is a totally external CMake project for building OpenSSL. -This branch is for OpenSSL 3.2 series. +This branch is for OpenSSL 3.4 series. ## Disclaimer @@ -108,6 +108,6 @@ Just typical CMake procedure will work. See [Mapping.md](Mapping.md) for argumen Sort by priority -### On 3.2 branch: +### On 3.4 branch: 1. `make check` support diff --git a/ssl/CMakeLists.txt b/ssl/CMakeLists.txt index a5f163c..6b46c45 100644 --- a/ssl/CMakeLists.txt +++ b/ssl/CMakeLists.txt @@ -76,7 +76,6 @@ if (OPENSSL_QUIC) set(LIBSSL_SOURCES ${LIBSSL_SOURCES} ${CMAKE_SOURCE_DIR}/openssl/ssl/priority_queue.c - ${CMAKE_SOURCE_DIR}/openssl/ssl/event_queue.c ) include(quic.cmake) endif()