Loweynet
| Revision | 6b46c6c27c57c33b05c427685bfdbf56c969a3ac (tree) |
|---|---|
| Zeit | 2018-03-29 21:02:45 |
| Autor | s_kawamoto <s_kawamoto@user...> |
| Commiter | s_kawamoto |
Update OpenSSL to 1.1.0h.
FFFTP_Eng_Release/FFFTP.exe (diff) FFFTP_Eng_Release_64/FFFTP.exe (diff) Release/FFFTP.exe (diff) Release_64/FFFTP.exe (diff)
contrib/openssl/CHANGES (diff) contrib/openssl/LICENSE (diff) contrib/openssl/NEWS (diff) contrib/openssl/README (diff)
contrib/openssl/include/openssl/asn1.h (diff) contrib/openssl/include/openssl/bio.h (diff) contrib/openssl/include/openssl/e_os2.h (diff) contrib/openssl/include/openssl/evp.h (diff) contrib/openssl/include/openssl/ocsp.h (diff) contrib/openssl/include/openssl/opensslconf.h (diff) contrib/openssl/include/openssl/opensslv.h (diff) contrib/openssl/include/openssl/ssl.h (diff) contrib/openssl/include/openssl/x509v3.h (diff) dist/amd64/libcrypto-1_1-x64.dll (diff) dist/amd64/libssl-1_1-x64.dll (diff) dist/libcrypto-1_1.dll (diff) dist/libssl-1_1.dll (diff) src/filehash.h (diff)| @@ -7,6 +7,79 @@ | ||
| 7 | 7 | https://github.com/openssl/openssl/commits/ and pick the appropriate |
| 8 | 8 | release branch. |
| 9 | 9 | |
| 10 | + Changes between 1.1.0g and 1.1.0h [27 Mar 2018] | |
| 11 | + | |
| 12 | + *) Constructed ASN.1 types with a recursive definition could exceed the stack | |
| 13 | + | |
| 14 | + Constructed ASN.1 types with a recursive definition (such as can be found | |
| 15 | + in PKCS7) could eventually exceed the stack given malicious input with | |
| 16 | + excessive recursion. This could result in a Denial Of Service attack. There | |
| 17 | + are no such structures used within SSL/TLS that come from untrusted sources | |
| 18 | + so this is considered safe. | |
| 19 | + | |
| 20 | + This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz | |
| 21 | + project. | |
| 22 | + (CVE-2018-0739) | |
| 23 | + [Matt Caswell] | |
| 24 | + | |
| 25 | + *) Incorrect CRYPTO_memcmp on HP-UX PA-RISC | |
| 26 | + | |
| 27 | + Because of an implementation bug the PA-RISC CRYPTO_memcmp function is | |
| 28 | + effectively reduced to only comparing the least significant bit of each | |
| 29 | + byte. This allows an attacker to forge messages that would be considered as | |
| 30 | + authenticated in an amount of tries lower than that guaranteed by the | |
| 31 | + security claims of the scheme. The module can only be compiled by the | |
| 32 | + HP-UX assembler, so that only HP-UX PA-RISC targets are affected. | |
| 33 | + | |
| 34 | + This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg | |
| 35 | + (IBM). | |
| 36 | + (CVE-2018-0733) | |
| 37 | + [Andy Polyakov] | |
| 38 | + | |
| 39 | + *) Add a build target 'build_all_generated', to build all generated files | |
| 40 | + and only that. This can be used to prepare everything that requires | |
| 41 | + things like perl for a system that lacks perl and then move everything | |
| 42 | + to that system and do the rest of the build there. | |
| 43 | + [Richard Levitte] | |
| 44 | + | |
| 45 | + *) Backport SSL_OP_NO_RENGOTIATION | |
| 46 | + | |
| 47 | + OpenSSL 1.0.2 and below had the ability to disable renegotiation using the | |
| 48 | + (undocumented) SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag. Due to the opacity | |
| 49 | + changes this is no longer possible in 1.1.0. Therefore the new | |
| 50 | + SSL_OP_NO_RENEGOTIATION option from 1.1.1-dev has been backported to | |
| 51 | + 1.1.0 to provide equivalent functionality. | |
| 52 | + | |
| 53 | + Note that if an application built against 1.1.0h headers (or above) is run | |
| 54 | + using an older version of 1.1.0 (prior to 1.1.0h) then the option will be | |
| 55 | + accepted but nothing will happen, i.e. renegotiation will not be prevented. | |
| 56 | + [Matt Caswell] | |
| 57 | + | |
| 58 | + *) Removed the OS390-Unix config target. It relied on a script that doesn't | |
| 59 | + exist. | |
| 60 | + [Rich Salz] | |
| 61 | + | |
| 62 | + *) rsaz_1024_mul_avx2 overflow bug on x86_64 | |
| 63 | + | |
| 64 | + There is an overflow bug in the AVX2 Montgomery multiplication procedure | |
| 65 | + used in exponentiation with 1024-bit moduli. No EC algorithms are affected. | |
| 66 | + Analysis suggests that attacks against RSA and DSA as a result of this | |
| 67 | + defect would be very difficult to perform and are not believed likely. | |
| 68 | + Attacks against DH1024 are considered just feasible, because most of the | |
| 69 | + work necessary to deduce information about a private key may be performed | |
| 70 | + offline. The amount of resources required for such an attack would be | |
| 71 | + significant. However, for an attack on TLS to be meaningful, the server | |
| 72 | + would have to share the DH1024 private key among multiple clients, which is | |
| 73 | + no longer an option since CVE-2016-0701. | |
| 74 | + | |
| 75 | + This only affects processors that support the AVX2 but not ADX extensions | |
| 76 | + like Intel Haswell (4th generation). | |
| 77 | + | |
| 78 | + This issue was reported to OpenSSL by David Benjamin (Google). The issue | |
| 79 | + was originally found via the OSS-Fuzz project. | |
| 80 | + (CVE-2017-3738) | |
| 81 | + [Andy Polyakov] | |
| 82 | + | |
| 10 | 83 | Changes between 1.1.0f and 1.1.0g [2 Nov 2017] |
| 11 | 84 | |
| 12 | 85 | *) bn_sqrx8x_internal carry bug on x86_64 |
| @@ -2989,8 +3062,11 @@ | ||
| 2989 | 3062 | to work with OPENSSL_NO_SSL_INTERN defined. |
| 2990 | 3063 | [Steve Henson] |
| 2991 | 3064 | |
| 2992 | - *) Add SRP support. | |
| 2993 | - [Tom Wu <tjw@cs.stanford.edu> and Ben Laurie] | |
| 3065 | + *) A long standing patch to add support for SRP from EdelWeb (Peter | |
| 3066 | + Sylvester and Christophe Renou) was integrated. | |
| 3067 | + [Christophe Renou <christophe.renou@edelweb.fr>, Peter Sylvester | |
| 3068 | + <peter.sylvester@edelweb.fr>, Tom Wu <tjw@cs.stanford.edu>, and | |
| 3069 | + Ben Laurie] | |
| 2994 | 3070 | |
| 2995 | 3071 | *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. |
| 2996 | 3072 | [Steve Henson] |
| @@ -10,7 +10,7 @@ | ||
| 10 | 10 | --------------- |
| 11 | 11 | |
| 12 | 12 | /* ==================================================================== |
| 13 | - * Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved. | |
| 13 | + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. | |
| 14 | 14 | * |
| 15 | 15 | * Redistribution and use in source and binary forms, with or without |
| 16 | 16 | * modification, are permitted provided that the following conditions |
| @@ -5,6 +5,13 @@ | ||
| 5 | 5 | This file gives a brief overview of the major changes between each OpenSSL |
| 6 | 6 | release. For more details please read the CHANGES file. |
| 7 | 7 | |
| 8 | + Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018] | |
| 9 | + | |
| 10 | + o Constructed ASN.1 types with a recursive definition could exceed the | |
| 11 | + stack (CVE-2018-0739) | |
| 12 | + o Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733) | |
| 13 | + o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) | |
| 14 | + | |
| 8 | 15 | Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017] |
| 9 | 16 | |
| 10 | 17 | o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) |
| @@ -1,5 +1,5 @@ | ||
| 1 | 1 | |
| 2 | - OpenSSL 1.1.0g 2 Nov 2017 | |
| 2 | + OpenSSL 1.1.0h 27 Mar 2018 | |
| 3 | 3 | |
| 4 | 4 | Copyright (c) 1998-2016 The OpenSSL Project |
| 5 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
| @@ -1,5 +1,5 @@ | ||
| 1 | 1 | /* |
| 2 | - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| @@ -1051,6 +1051,7 @@ int ERR_load_ASN1_strings(void); | ||
| 1051 | 1051 | # define ASN1_R_MSTRING_NOT_UNIVERSAL 139 |
| 1052 | 1052 | # define ASN1_R_MSTRING_WRONG_TAG 140 |
| 1053 | 1053 | # define ASN1_R_NESTED_ASN1_STRING 197 |
| 1054 | +# define ASN1_R_NESTED_TOO_DEEP 201 | |
| 1054 | 1055 | # define ASN1_R_NON_HEX_CHARACTERS 141 |
| 1055 | 1056 | # define ASN1_R_NOT_ASCII_FORMAT 190 |
| 1056 | 1057 | # define ASN1_R_NOT_ENOUGH_DATA 142 |
| @@ -1,5 +1,5 @@ | ||
| 1 | 1 | /* |
| 2 | - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| @@ -246,7 +246,8 @@ typedef struct bio_method_st BIO_METHOD; | ||
| 246 | 246 | const char *BIO_method_name(const BIO *b); |
| 247 | 247 | int BIO_method_type(const BIO *b); |
| 248 | 248 | |
| 249 | -typedef void bio_info_cb(BIO *, int, const char *, int, long, long); | |
| 249 | +typedef int BIO_info_cb(BIO *, int, int); | |
| 250 | +typedef BIO_info_cb bio_info_cb; /* backward compatibility */ | |
| 250 | 251 | |
| 251 | 252 | DEFINE_STACK_OF(BIO) |
| 252 | 253 |
| @@ -547,8 +548,7 @@ int BIO_write(BIO *b, const void *data, int len); | ||
| 547 | 548 | int BIO_puts(BIO *bp, const char *buf); |
| 548 | 549 | int BIO_indent(BIO *b, int indent, int max); |
| 549 | 550 | long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); |
| 550 | -long BIO_callback_ctrl(BIO *b, int cmd, | |
| 551 | - void (*fp) (BIO *, int, const char *, int, long, long)); | |
| 551 | +long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); | |
| 552 | 552 | void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); |
| 553 | 553 | long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); |
| 554 | 554 | BIO *BIO_push(BIO *b, BIO *append); |
| @@ -750,10 +750,10 @@ int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); | ||
| 750 | 750 | int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *); |
| 751 | 751 | int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); |
| 752 | 752 | long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) |
| 753 | - (BIO *, int, bio_info_cb *); | |
| 753 | + (BIO *, int, BIO_info_cb *); | |
| 754 | 754 | int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, |
| 755 | 755 | long (*callback_ctrl) (BIO *, int, |
| 756 | - bio_info_cb *)); | |
| 756 | + BIO_info_cb *)); | |
| 757 | 757 | |
| 758 | 758 | /* BEGIN ERROR CODES */ |
| 759 | 759 | /* |
| @@ -781,6 +781,7 @@ int ERR_load_BIO_strings(void); | ||
| 781 | 781 | # define BIO_F_BIO_LISTEN 139 |
| 782 | 782 | # define BIO_F_BIO_LOOKUP 135 |
| 783 | 783 | # define BIO_F_BIO_MAKE_PAIR 121 |
| 784 | +# define BIO_F_BIO_METH_NEW 146 | |
| 784 | 785 | # define BIO_F_BIO_NEW 108 |
| 785 | 786 | # define BIO_F_BIO_NEW_FILE 109 |
| 786 | 787 | # define BIO_F_BIO_NEW_MEM_BUF 126 |
| @@ -1,5 +1,5 @@ | ||
| 1 | 1 | /* |
| 2 | - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| @@ -49,7 +49,6 @@ extern "C" { | ||
| 49 | 49 | # define OPENSSL_SYS_WIN32_UWIN |
| 50 | 50 | # else |
| 51 | 51 | # if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN) |
| 52 | -# undef OPENSSL_SYS_UNIX | |
| 53 | 52 | # define OPENSSL_SYS_WIN32_CYGWIN |
| 54 | 53 | # else |
| 55 | 54 | # if defined(_WIN32) || defined(OPENSSL_SYS_WIN32) |
| @@ -1,5 +1,5 @@ | ||
| 1 | 1 | /* |
| 2 | - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| @@ -1570,6 +1570,7 @@ int ERR_load_EVP_strings(void); | ||
| 1570 | 1570 | # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 |
| 1571 | 1571 | # define EVP_R_OPERATON_NOT_INITIALIZED 151 |
| 1572 | 1572 | # define EVP_R_PARTIALLY_OVERLAPPING 162 |
| 1573 | +# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 175 | |
| 1573 | 1574 | # define EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED 164 |
| 1574 | 1575 | # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 |
| 1575 | 1576 | # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 |
| @@ -137,22 +137,6 @@ typedef struct ocsp_service_locator_st OCSP_SERVICELOC; | ||
| 137 | 137 | |
| 138 | 138 | # define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) |
| 139 | 139 | |
| 140 | -# define OCSP_REQUEST_sign(o,pkey,md) \ | |
| 141 | - ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ | |
| 142 | - &o->optionalSignature->signatureAlgorithm,NULL,\ | |
| 143 | - o->optionalSignature->signature,&o->tbsRequest,pkey,md) | |
| 144 | - | |
| 145 | -# define OCSP_BASICRESP_sign(o,pkey,md,d) \ | |
| 146 | - ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&o->signatureAlgorithm,NULL,\ | |
| 147 | - o->signature,&o->tbsResponseData,pkey,md) | |
| 148 | - | |
| 149 | -# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ | |
| 150 | - &a->optionalSignature->signatureAlgorithm,\ | |
| 151 | - a->optionalSignature->signature,&a->tbsRequest,r) | |
| 152 | - | |
| 153 | -# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ | |
| 154 | - &a->signatureAlgorithm,a->signature,&a->tbsResponseData,r) | |
| 155 | - | |
| 156 | 140 | # define ASN1_BIT_STRING_digest(data,type,md,len) \ |
| 157 | 141 | ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) |
| 158 | 142 |
| @@ -210,6 +194,8 @@ int OCSP_response_status(OCSP_RESPONSE *resp); | ||
| 210 | 194 | OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); |
| 211 | 195 | |
| 212 | 196 | const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); |
| 197 | +int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, | |
| 198 | + STACK_OF(X509) *extra_certs); | |
| 213 | 199 | |
| 214 | 200 | int OCSP_resp_count(OCSP_BASICRESP *bs); |
| 215 | 201 | OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); |
| @@ -2,7 +2,7 @@ | ||
| 2 | 2 | * WARNING: do not edit! |
| 3 | 3 | * Generated by makefile from include\openssl\opensslconf.h.in |
| 4 | 4 | * |
| 5 | - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 5 | + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 6 | 6 | * |
| 7 | 7 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 8 | 8 | * this file except in compliance with the License. You can obtain a copy |
| @@ -1,5 +1,5 @@ | ||
| 1 | 1 | /* |
| 2 | - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| @@ -39,13 +39,18 @@ extern "C" { | ||
| 39 | 39 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
| 40 | 40 | * major minor fix final patch/beta) |
| 41 | 41 | */ |
| 42 | -# define OPENSSL_VERSION_NUMBER 0x1010007fL | |
| 42 | +# define OPENSSL_VERSION_NUMBER 0x1010008fL | |
| 43 | 43 | # ifdef OPENSSL_FIPS |
| 44 | -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0g-fips 2 Nov 2017" | |
| 44 | +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0h-fips 27 Mar 2018" | |
| 45 | 45 | # else |
| 46 | -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0g 2 Nov 2017" | |
| 46 | +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0h 27 Mar 2018" | |
| 47 | 47 | # endif |
| 48 | 48 | |
| 49 | +#define OPENSSL_MAKE_VERSION(maj,min,fix,patch) ((0x10000000L)+((maj&0xff)<<20)+((min&0xff)<<12)+((fix&0xff)<<4)+patch) | |
| 50 | + | |
| 51 | +/* use this for #if tests, should never depend upon fix/patch */ | |
| 52 | +#define OPENSSL_VERSION_AT_LEAST(maj,min) (OPENSSL_MAKE_VERSION(maj,min, 0, 0) >= OPENSSL_VERSION_NUMBER) | |
| 53 | + | |
| 49 | 54 | /*- |
| 50 | 55 | * The macros below are to be used for shared library (.so, .dll, ...) |
| 51 | 56 | * versioning. That kind of versioning works a bit differently between |
| @@ -1,5 +1,5 @@ | ||
| 1 | 1 | /* |
| 2 | - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| @@ -95,14 +95,14 @@ extern "C" { | ||
| 95 | 95 | # define SSL_TXT_NULL "NULL" |
| 96 | 96 | |
| 97 | 97 | # define SSL_TXT_kRSA "kRSA" |
| 98 | -# define SSL_TXT_kDHr "kDHr" | |
| 99 | -# define SSL_TXT_kDHd "kDHd" | |
| 100 | -# define SSL_TXT_kDH "kDH" | |
| 98 | +# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */ | |
| 99 | +# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */ | |
| 100 | +# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */ | |
| 101 | 101 | # define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ |
| 102 | 102 | # define SSL_TXT_kDHE "kDHE" |
| 103 | -# define SSL_TXT_kECDHr "kECDHr" | |
| 104 | -# define SSL_TXT_kECDHe "kECDHe" | |
| 105 | -# define SSL_TXT_kECDH "kECDH" | |
| 103 | +# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */ | |
| 104 | +# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */ | |
| 105 | +# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */ | |
| 106 | 106 | # define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ |
| 107 | 107 | # define SSL_TXT_kECDHE "kECDHE" |
| 108 | 108 | # define SSL_TXT_kPSK "kPSK" |
| @@ -114,8 +114,8 @@ extern "C" { | ||
| 114 | 114 | |
| 115 | 115 | # define SSL_TXT_aRSA "aRSA" |
| 116 | 116 | # define SSL_TXT_aDSS "aDSS" |
| 117 | -# define SSL_TXT_aDH "aDH" | |
| 118 | -# define SSL_TXT_aECDH "aECDH" | |
| 117 | +# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */ | |
| 118 | +# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */ | |
| 119 | 119 | # define SSL_TXT_aECDSA "aECDSA" |
| 120 | 120 | # define SSL_TXT_aPSK "aPSK" |
| 121 | 121 | # define SSL_TXT_aGOST94 "aGOST94" |
| @@ -323,6 +323,9 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); | ||
| 323 | 323 | SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) |
| 324 | 324 | # define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2) |
| 325 | 325 | |
| 326 | +/* Disallow all renegotiation */ | |
| 327 | +# define SSL_OP_NO_RENEGOTIATION 0x40000000U | |
| 328 | + | |
| 326 | 329 | /* |
| 327 | 330 | * Make server add server-hello extension from early version of cryptopro |
| 328 | 331 | * draft, when GOST ciphersuite is negotiated. Required for interoperability |
| @@ -1294,17 +1297,17 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) | ||
| 1294 | 1297 | #define SSL_CTX_set_max_proto_version(ctx, version) \ |
| 1295 | 1298 | SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) |
| 1296 | 1299 | #define SSL_CTX_get_min_proto_version(ctx) \ |
| 1297 | - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, NULL, NULL) | |
| 1300 | + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) | |
| 1298 | 1301 | #define SSL_CTX_get_max_proto_version(ctx) \ |
| 1299 | - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, NULL, NULL) | |
| 1302 | + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) | |
| 1300 | 1303 | #define SSL_set_min_proto_version(s, version) \ |
| 1301 | 1304 | SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) |
| 1302 | 1305 | #define SSL_set_max_proto_version(s, version) \ |
| 1303 | 1306 | SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) |
| 1304 | 1307 | #define SSL_get_min_proto_version(s) \ |
| 1305 | - SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, NULL, NULL) | |
| 1308 | + SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) | |
| 1306 | 1309 | #define SSL_get_max_proto_version(s) \ |
| 1307 | - SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, NULL, NULL) | |
| 1310 | + SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) | |
| 1308 | 1311 | |
| 1309 | 1312 | #if OPENSSL_API_COMPAT < 0x10100000L |
| 1310 | 1313 | /* Provide some compatibility macros for removed functionality. */ |
| @@ -1529,7 +1532,7 @@ __owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, | ||
| 1529 | 1532 | uint8_t mtype, uint8_t ord); |
| 1530 | 1533 | __owur int SSL_dane_enable(SSL *s, const char *basedomain); |
| 1531 | 1534 | __owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, |
| 1532 | - uint8_t mtype, unsigned char *data, size_t dlen); | |
| 1535 | + uint8_t mtype, unsigned const char *data, size_t dlen); | |
| 1533 | 1536 | __owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); |
| 1534 | 1537 | __owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, |
| 1535 | 1538 | uint8_t *mtype, unsigned const char **data, |
| @@ -2107,6 +2110,7 @@ int ERR_load_SSL_strings(void); | ||
| 2107 | 2110 | # define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385 |
| 2108 | 2111 | # define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 |
| 2109 | 2112 | # define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 |
| 2113 | +# define SSL_F_DTLS_WAIT_FOR_DRY 592 | |
| 2110 | 2114 | # define SSL_F_OPENSSL_INIT_SSL 342 |
| 2111 | 2115 | # define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417 |
| 2112 | 2116 | # define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 |
| @@ -2128,6 +2132,7 @@ int ERR_load_SSL_strings(void); | ||
| 2128 | 2132 | # define SSL_F_SSL3_SETUP_KEY_BLOCK 157 |
| 2129 | 2133 | # define SSL_F_SSL3_SETUP_READ_BUFFER 156 |
| 2130 | 2134 | # define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 |
| 2135 | +# define SSL_F_SSL3_TAKE_MAC 425 | |
| 2131 | 2136 | # define SSL_F_SSL3_WRITE_BYTES 158 |
| 2132 | 2137 | # define SSL_F_SSL3_WRITE_PENDING 159 |
| 2133 | 2138 | # define SSL_F_SSL_ADD_CERT_CHAIN 316 |
| @@ -2201,6 +2206,8 @@ int ERR_load_SSL_strings(void); | ||
| 2201 | 2206 | # define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 |
| 2202 | 2207 | # define SSL_F_SSL_PEEK 270 |
| 2203 | 2208 | # define SSL_F_SSL_READ 223 |
| 2209 | +# define SSL_F_SSL_RENEGOTIATE 516 | |
| 2210 | +# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED 546 | |
| 2204 | 2211 | # define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 |
| 2205 | 2212 | # define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 |
| 2206 | 2213 | # define SSL_F_SSL_SESSION_DUP 348 |
| @@ -1,5 +1,5 @@ | ||
| 1 | 1 | /* |
| 2 | - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| @@ -658,6 +658,7 @@ uint32_t X509_get_extension_flags(X509 *x); | ||
| 658 | 658 | uint32_t X509_get_key_usage(X509 *x); |
| 659 | 659 | uint32_t X509_get_extended_key_usage(X509 *x); |
| 660 | 660 | const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); |
| 661 | +const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); | |
| 661 | 662 | |
| 662 | 663 | int X509_PURPOSE_get_count(void); |
| 663 | 664 | X509_PURPOSE *X509_PURPOSE_get0(int idx); |
| @@ -876,6 +877,7 @@ int ERR_load_X509V3_strings(void); | ||
| 876 | 877 | # define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 166 |
| 877 | 878 | # define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 |
| 878 | 879 | # define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 |
| 880 | +# define X509V3_F_BIGNUM_TO_STRING 167 | |
| 879 | 881 | # define X509V3_F_COPY_EMAIL 122 |
| 880 | 882 | # define X509V3_F_COPY_ISSUER 123 |
| 881 | 883 | # define X509V3_F_DO_DIRNAME 144 |
| @@ -5,13 +5,13 @@ | ||
| 5 | 5 | #define FILEHASH_SSL_PEM_SHA1 "\xF8\xD2\xBB\x6D\xDE\x84\xF5\x8B\x2C\x8C\xAF\x58\x4E\xAF\x0C\x04\x0E\x7A\xFC\x97" |
| 6 | 6 | #if defined(_M_IX86) |
| 7 | 7 | // libcrypto-1_1.dll |
| 8 | -#define FILEHASH_LIBCRYPTO_DLL_SHA1 "\x8F\xA8\x54\xD1\x27\x65\x18\xE4\x43\xA5\x5C\xAF\x65\x39\x66\xB8\x3A\x05\xE8\x0B" | |
| 8 | +#define FILEHASH_LIBCRYPTO_DLL_SHA1 "\xFD\x80\x51\xB6\x63\xA5\xFD\x0E\x37\xF3\x0B\xBF\xDF\x80\xE8\xFC\x3B\x61\x18\x31" | |
| 9 | 9 | // libssl-1_1.dll |
| 10 | -#define FILEHASH_LIBSSL_DLL_SHA1 "\x42\x65\x00\x4A\xC9\xF8\xFE\x28\x49\xE2\x90\x51\x58\x2B\x57\x09\x97\xB0\x3B\xAD" | |
| 10 | +#define FILEHASH_LIBSSL_DLL_SHA1 "\x90\xDE\xFB\x90\x3D\xBD\x41\xFC\x3C\x0D\x66\x27\xEF\x4F\xB9\x56\xBB\xEE\x0F\xC2" | |
| 11 | 11 | #elif defined(_M_AMD64) |
| 12 | 12 | // libcrypto-1_1-x64.dll |
| 13 | -#define FILEHASH_LIBCRYPTO_DLL_SHA1 "\xAF\xD4\xCF\x21\x2B\x87\x92\x25\x6B\x6F\x8E\x49\x36\x85\xD4\xC9\x2E\xFC\x88\xC7" | |
| 13 | +#define FILEHASH_LIBCRYPTO_DLL_SHA1 "\x4B\x11\x71\x1E\x32\xD0\xF0\x35\xEC\x72\x22\x7F\xD9\x34\x15\xFC\xDA\x9C\x6C\xC1" | |
| 14 | 14 | // libssl-1_1-x64.dll |
| 15 | -#define FILEHASH_LIBSSL_DLL_SHA1 "\x91\xE6\xC3\x0B\xAF\x9A\x13\x24\x12\x73\x3D\x96\x3A\xBA\xB2\xA1\x0D\x43\x44\x5E" | |
| 15 | +#define FILEHASH_LIBSSL_DLL_SHA1 "\x96\x35\x5C\x4B\x71\x61\xF2\xB8\x3D\x2A\xB4\x12\xD6\x48\x77\xA2\x8D\xB5\x14\x8A" | |
| 16 | 16 | #endif |
| 17 | 17 |
amalsyah1
Fork