• R/O
  • HTTP
  • SSH
  • HTTPS

提交

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

Loweynet


Commit MetaInfo

修訂6b46c6c27c57c33b05c427685bfdbf56c969a3ac (tree)
時間2018-03-29 21:02:45
作者s_kawamoto <s_kawamoto@user...>
Commiters_kawamoto

Log Message

Update OpenSSL to 1.1.0h.

Change Summary

差異

Binary files a/FFFTP_Eng_Release/FFFTP.exe and b/FFFTP_Eng_Release/FFFTP.exe differ
Binary files a/FFFTP_Eng_Release_64/FFFTP.exe and b/FFFTP_Eng_Release_64/FFFTP.exe differ
Binary files a/Release/FFFTP.exe and b/Release/FFFTP.exe differ
Binary files a/Release_64/FFFTP.exe and b/Release_64/FFFTP.exe differ
--- a/contrib/openssl/CHANGES
+++ b/contrib/openssl/CHANGES
@@ -7,6 +7,79 @@
77 https://github.com/openssl/openssl/commits/ and pick the appropriate
88 release branch.
99
10+ Changes between 1.1.0g and 1.1.0h [27 Mar 2018]
11+
12+ *) Constructed ASN.1 types with a recursive definition could exceed the stack
13+
14+ Constructed ASN.1 types with a recursive definition (such as can be found
15+ in PKCS7) could eventually exceed the stack given malicious input with
16+ excessive recursion. This could result in a Denial Of Service attack. There
17+ are no such structures used within SSL/TLS that come from untrusted sources
18+ so this is considered safe.
19+
20+ This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
21+ project.
22+ (CVE-2018-0739)
23+ [Matt Caswell]
24+
25+ *) Incorrect CRYPTO_memcmp on HP-UX PA-RISC
26+
27+ Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
28+ effectively reduced to only comparing the least significant bit of each
29+ byte. This allows an attacker to forge messages that would be considered as
30+ authenticated in an amount of tries lower than that guaranteed by the
31+ security claims of the scheme. The module can only be compiled by the
32+ HP-UX assembler, so that only HP-UX PA-RISC targets are affected.
33+
34+ This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg
35+ (IBM).
36+ (CVE-2018-0733)
37+ [Andy Polyakov]
38+
39+ *) Add a build target 'build_all_generated', to build all generated files
40+ and only that. This can be used to prepare everything that requires
41+ things like perl for a system that lacks perl and then move everything
42+ to that system and do the rest of the build there.
43+ [Richard Levitte]
44+
45+ *) Backport SSL_OP_NO_RENGOTIATION
46+
47+ OpenSSL 1.0.2 and below had the ability to disable renegotiation using the
48+ (undocumented) SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag. Due to the opacity
49+ changes this is no longer possible in 1.1.0. Therefore the new
50+ SSL_OP_NO_RENEGOTIATION option from 1.1.1-dev has been backported to
51+ 1.1.0 to provide equivalent functionality.
52+
53+ Note that if an application built against 1.1.0h headers (or above) is run
54+ using an older version of 1.1.0 (prior to 1.1.0h) then the option will be
55+ accepted but nothing will happen, i.e. renegotiation will not be prevented.
56+ [Matt Caswell]
57+
58+ *) Removed the OS390-Unix config target. It relied on a script that doesn't
59+ exist.
60+ [Rich Salz]
61+
62+ *) rsaz_1024_mul_avx2 overflow bug on x86_64
63+
64+ There is an overflow bug in the AVX2 Montgomery multiplication procedure
65+ used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
66+ Analysis suggests that attacks against RSA and DSA as a result of this
67+ defect would be very difficult to perform and are not believed likely.
68+ Attacks against DH1024 are considered just feasible, because most of the
69+ work necessary to deduce information about a private key may be performed
70+ offline. The amount of resources required for such an attack would be
71+ significant. However, for an attack on TLS to be meaningful, the server
72+ would have to share the DH1024 private key among multiple clients, which is
73+ no longer an option since CVE-2016-0701.
74+
75+ This only affects processors that support the AVX2 but not ADX extensions
76+ like Intel Haswell (4th generation).
77+
78+ This issue was reported to OpenSSL by David Benjamin (Google). The issue
79+ was originally found via the OSS-Fuzz project.
80+ (CVE-2017-3738)
81+ [Andy Polyakov]
82+
1083 Changes between 1.1.0f and 1.1.0g [2 Nov 2017]
1184
1285 *) bn_sqrx8x_internal carry bug on x86_64
@@ -2989,8 +3062,11 @@
29893062 to work with OPENSSL_NO_SSL_INTERN defined.
29903063 [Steve Henson]
29913064
2992- *) Add SRP support.
2993- [Tom Wu <tjw@cs.stanford.edu> and Ben Laurie]
3065+ *) A long standing patch to add support for SRP from EdelWeb (Peter
3066+ Sylvester and Christophe Renou) was integrated.
3067+ [Christophe Renou <christophe.renou@edelweb.fr>, Peter Sylvester
3068+ <peter.sylvester@edelweb.fr>, Tom Wu <tjw@cs.stanford.edu>, and
3069+ Ben Laurie]
29943070
29953071 *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
29963072 [Steve Henson]
--- a/contrib/openssl/LICENSE
+++ b/contrib/openssl/LICENSE
@@ -10,7 +10,7 @@
1010 ---------------
1111
1212 /* ====================================================================
13- * Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved.
13+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
1414 *
1515 * Redistribution and use in source and binary forms, with or without
1616 * modification, are permitted provided that the following conditions
--- a/contrib/openssl/NEWS
+++ b/contrib/openssl/NEWS
@@ -5,6 +5,13 @@
55 This file gives a brief overview of the major changes between each OpenSSL
66 release. For more details please read the CHANGES file.
77
8+ Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018]
9+
10+ o Constructed ASN.1 types with a recursive definition could exceed the
11+ stack (CVE-2018-0739)
12+ o Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
13+ o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
14+
815 Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017]
916
1017 o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
--- a/contrib/openssl/README
+++ b/contrib/openssl/README
@@ -1,5 +1,5 @@
11
2- OpenSSL 1.1.0g 2 Nov 2017
2+ OpenSSL 1.1.0h 27 Mar 2018
33
44 Copyright (c) 1998-2016 The OpenSSL Project
55 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
--- a/contrib/openssl/include/openssl/asn1.h
+++ b/contrib/openssl/include/openssl/asn1.h
@@ -1,5 +1,5 @@
11 /*
2- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
2+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
33 *
44 * Licensed under the OpenSSL license (the "License"). You may not use
55 * this file except in compliance with the License. You can obtain a copy
@@ -1051,6 +1051,7 @@ int ERR_load_ASN1_strings(void);
10511051 # define ASN1_R_MSTRING_NOT_UNIVERSAL 139
10521052 # define ASN1_R_MSTRING_WRONG_TAG 140
10531053 # define ASN1_R_NESTED_ASN1_STRING 197
1054+# define ASN1_R_NESTED_TOO_DEEP 201
10541055 # define ASN1_R_NON_HEX_CHARACTERS 141
10551056 # define ASN1_R_NOT_ASCII_FORMAT 190
10561057 # define ASN1_R_NOT_ENOUGH_DATA 142
--- a/contrib/openssl/include/openssl/bio.h
+++ b/contrib/openssl/include/openssl/bio.h
@@ -1,5 +1,5 @@
11 /*
2- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
2+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
33 *
44 * Licensed under the OpenSSL license (the "License"). You may not use
55 * this file except in compliance with the License. You can obtain a copy
@@ -246,7 +246,8 @@ typedef struct bio_method_st BIO_METHOD;
246246 const char *BIO_method_name(const BIO *b);
247247 int BIO_method_type(const BIO *b);
248248
249-typedef void bio_info_cb(BIO *, int, const char *, int, long, long);
249+typedef int BIO_info_cb(BIO *, int, int);
250+typedef BIO_info_cb bio_info_cb; /* backward compatibility */
250251
251252 DEFINE_STACK_OF(BIO)
252253
@@ -547,8 +548,7 @@ int BIO_write(BIO *b, const void *data, int len);
547548 int BIO_puts(BIO *bp, const char *buf);
548549 int BIO_indent(BIO *b, int indent, int max);
549550 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
550-long BIO_callback_ctrl(BIO *b, int cmd,
551- void (*fp) (BIO *, int, const char *, int, long, long));
551+long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp);
552552 void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
553553 long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
554554 BIO *BIO_push(BIO *b, BIO *append);
@@ -750,10 +750,10 @@ int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *));
750750 int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *);
751751 int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *));
752752 long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom))
753- (BIO *, int, bio_info_cb *);
753+ (BIO *, int, BIO_info_cb *);
754754 int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
755755 long (*callback_ctrl) (BIO *, int,
756- bio_info_cb *));
756+ BIO_info_cb *));
757757
758758 /* BEGIN ERROR CODES */
759759 /*
@@ -781,6 +781,7 @@ int ERR_load_BIO_strings(void);
781781 # define BIO_F_BIO_LISTEN 139
782782 # define BIO_F_BIO_LOOKUP 135
783783 # define BIO_F_BIO_MAKE_PAIR 121
784+# define BIO_F_BIO_METH_NEW 146
784785 # define BIO_F_BIO_NEW 108
785786 # define BIO_F_BIO_NEW_FILE 109
786787 # define BIO_F_BIO_NEW_MEM_BUF 126
--- a/contrib/openssl/include/openssl/e_os2.h
+++ b/contrib/openssl/include/openssl/e_os2.h
@@ -1,5 +1,5 @@
11 /*
2- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
2+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
33 *
44 * Licensed under the OpenSSL license (the "License"). You may not use
55 * this file except in compliance with the License. You can obtain a copy
@@ -49,7 +49,6 @@ extern "C" {
4949 # define OPENSSL_SYS_WIN32_UWIN
5050 # else
5151 # if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN)
52-# undef OPENSSL_SYS_UNIX
5352 # define OPENSSL_SYS_WIN32_CYGWIN
5453 # else
5554 # if defined(_WIN32) || defined(OPENSSL_SYS_WIN32)
--- a/contrib/openssl/include/openssl/evp.h
+++ b/contrib/openssl/include/openssl/evp.h
@@ -1,5 +1,5 @@
11 /*
2- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
2+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
33 *
44 * Licensed under the OpenSSL license (the "License"). You may not use
55 * this file except in compliance with the License. You can obtain a copy
@@ -1570,6 +1570,7 @@ int ERR_load_EVP_strings(void);
15701570 # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
15711571 # define EVP_R_OPERATON_NOT_INITIALIZED 151
15721572 # define EVP_R_PARTIALLY_OVERLAPPING 162
1573+# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 175
15731574 # define EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED 164
15741575 # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
15751576 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
--- a/contrib/openssl/include/openssl/ocsp.h
+++ b/contrib/openssl/include/openssl/ocsp.h
@@ -137,22 +137,6 @@ typedef struct ocsp_service_locator_st OCSP_SERVICELOC;
137137
138138 # define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)
139139
140-# define OCSP_REQUEST_sign(o,pkey,md) \
141- ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
142- &o->optionalSignature->signatureAlgorithm,NULL,\
143- o->optionalSignature->signature,&o->tbsRequest,pkey,md)
144-
145-# define OCSP_BASICRESP_sign(o,pkey,md,d) \
146- ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&o->signatureAlgorithm,NULL,\
147- o->signature,&o->tbsResponseData,pkey,md)
148-
149-# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
150- &a->optionalSignature->signatureAlgorithm,\
151- a->optionalSignature->signature,&a->tbsRequest,r)
152-
153-# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
154- &a->signatureAlgorithm,a->signature,&a->tbsResponseData,r)
155-
156140 # define ASN1_BIT_STRING_digest(data,type,md,len) \
157141 ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
158142
@@ -210,6 +194,8 @@ int OCSP_response_status(OCSP_RESPONSE *resp);
210194 OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
211195
212196 const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs);
197+int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
198+ STACK_OF(X509) *extra_certs);
213199
214200 int OCSP_resp_count(OCSP_BASICRESP *bs);
215201 OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
--- a/contrib/openssl/include/openssl/opensslconf.h
+++ b/contrib/openssl/include/openssl/opensslconf.h
@@ -2,7 +2,7 @@
22 * WARNING: do not edit!
33 * Generated by makefile from include\openssl\opensslconf.h.in
44 *
5- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
5+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
66 *
77 * Licensed under the OpenSSL license (the "License"). You may not use
88 * this file except in compliance with the License. You can obtain a copy
--- a/contrib/openssl/include/openssl/opensslv.h
+++ b/contrib/openssl/include/openssl/opensslv.h
@@ -1,5 +1,5 @@
11 /*
2- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
2+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
33 *
44 * Licensed under the OpenSSL license (the "License"). You may not use
55 * this file except in compliance with the License. You can obtain a copy
@@ -39,13 +39,18 @@ extern "C" {
3939 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
4040 * major minor fix final patch/beta)
4141 */
42-# define OPENSSL_VERSION_NUMBER 0x1010007fL
42+# define OPENSSL_VERSION_NUMBER 0x1010008fL
4343 # ifdef OPENSSL_FIPS
44-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0g-fips 2 Nov 2017"
44+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0h-fips 27 Mar 2018"
4545 # else
46-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0g 2 Nov 2017"
46+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0h 27 Mar 2018"
4747 # endif
4848
49+#define OPENSSL_MAKE_VERSION(maj,min,fix,patch) ((0x10000000L)+((maj&0xff)<<20)+((min&0xff)<<12)+((fix&0xff)<<4)+patch)
50+
51+/* use this for #if tests, should never depend upon fix/patch */
52+#define OPENSSL_VERSION_AT_LEAST(maj,min) (OPENSSL_MAKE_VERSION(maj,min, 0, 0) >= OPENSSL_VERSION_NUMBER)
53+
4954 /*-
5055 * The macros below are to be used for shared library (.so, .dll, ...)
5156 * versioning. That kind of versioning works a bit differently between
--- a/contrib/openssl/include/openssl/ssl.h
+++ b/contrib/openssl/include/openssl/ssl.h
@@ -1,5 +1,5 @@
11 /*
2- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
2+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
33 *
44 * Licensed under the OpenSSL license (the "License"). You may not use
55 * this file except in compliance with the License. You can obtain a copy
@@ -95,14 +95,14 @@ extern "C" {
9595 # define SSL_TXT_NULL "NULL"
9696
9797 # define SSL_TXT_kRSA "kRSA"
98-# define SSL_TXT_kDHr "kDHr"
99-# define SSL_TXT_kDHd "kDHd"
100-# define SSL_TXT_kDH "kDH"
98+# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */
99+# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */
100+# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */
101101 # define SSL_TXT_kEDH "kEDH"/* alias for kDHE */
102102 # define SSL_TXT_kDHE "kDHE"
103-# define SSL_TXT_kECDHr "kECDHr"
104-# define SSL_TXT_kECDHe "kECDHe"
105-# define SSL_TXT_kECDH "kECDH"
103+# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */
104+# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */
105+# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */
106106 # define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */
107107 # define SSL_TXT_kECDHE "kECDHE"
108108 # define SSL_TXT_kPSK "kPSK"
@@ -114,8 +114,8 @@ extern "C" {
114114
115115 # define SSL_TXT_aRSA "aRSA"
116116 # define SSL_TXT_aDSS "aDSS"
117-# define SSL_TXT_aDH "aDH"
118-# define SSL_TXT_aECDH "aECDH"
117+# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */
118+# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */
119119 # define SSL_TXT_aECDSA "aECDSA"
120120 # define SSL_TXT_aPSK "aPSK"
121121 # define SSL_TXT_aGOST94 "aGOST94"
@@ -323,6 +323,9 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
323323 SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2)
324324 # define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2)
325325
326+/* Disallow all renegotiation */
327+# define SSL_OP_NO_RENEGOTIATION 0x40000000U
328+
326329 /*
327330 * Make server add server-hello extension from early version of cryptopro
328331 * draft, when GOST ciphersuite is negotiated. Required for interoperability
@@ -1294,17 +1297,17 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
12941297 #define SSL_CTX_set_max_proto_version(ctx, version) \
12951298 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
12961299 #define SSL_CTX_get_min_proto_version(ctx) \
1297- SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, NULL, NULL)
1300+ SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL)
12981301 #define SSL_CTX_get_max_proto_version(ctx) \
1299- SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, NULL, NULL)
1302+ SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
13001303 #define SSL_set_min_proto_version(s, version) \
13011304 SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
13021305 #define SSL_set_max_proto_version(s, version) \
13031306 SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
13041307 #define SSL_get_min_proto_version(s) \
1305- SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, NULL, NULL)
1308+ SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL)
13061309 #define SSL_get_max_proto_version(s) \
1307- SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, NULL, NULL)
1310+ SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
13081311
13091312 #if OPENSSL_API_COMPAT < 0x10100000L
13101313 /* Provide some compatibility macros for removed functionality. */
@@ -1529,7 +1532,7 @@ __owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md,
15291532 uint8_t mtype, uint8_t ord);
15301533 __owur int SSL_dane_enable(SSL *s, const char *basedomain);
15311534 __owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
1532- uint8_t mtype, unsigned char *data, size_t dlen);
1535+ uint8_t mtype, unsigned const char *data, size_t dlen);
15331536 __owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki);
15341537 __owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
15351538 uint8_t *mtype, unsigned const char **data,
@@ -2107,6 +2110,7 @@ int ERR_load_SSL_strings(void);
21072110 # define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385
21082111 # define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370
21092112 # define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386
2113+# define SSL_F_DTLS_WAIT_FOR_DRY 592
21102114 # define SSL_F_OPENSSL_INIT_SSL 342
21112115 # define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417
21122116 # define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418
@@ -2128,6 +2132,7 @@ int ERR_load_SSL_strings(void);
21282132 # define SSL_F_SSL3_SETUP_KEY_BLOCK 157
21292133 # define SSL_F_SSL3_SETUP_READ_BUFFER 156
21302134 # define SSL_F_SSL3_SETUP_WRITE_BUFFER 291
2135+# define SSL_F_SSL3_TAKE_MAC 425
21312136 # define SSL_F_SSL3_WRITE_BYTES 158
21322137 # define SSL_F_SSL3_WRITE_PENDING 159
21332138 # define SSL_F_SSL_ADD_CERT_CHAIN 316
@@ -2201,6 +2206,8 @@ int ERR_load_SSL_strings(void);
22012206 # define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311
22022207 # define SSL_F_SSL_PEEK 270
22032208 # define SSL_F_SSL_READ 223
2209+# define SSL_F_SSL_RENEGOTIATE 516
2210+# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED 546
22042211 # define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320
22052212 # define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321
22062213 # define SSL_F_SSL_SESSION_DUP 348
--- a/contrib/openssl/include/openssl/x509v3.h
+++ b/contrib/openssl/include/openssl/x509v3.h
@@ -1,5 +1,5 @@
11 /*
2- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
2+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
33 *
44 * Licensed under the OpenSSL license (the "License"). You may not use
55 * this file except in compliance with the License. You can obtain a copy
@@ -658,6 +658,7 @@ uint32_t X509_get_extension_flags(X509 *x);
658658 uint32_t X509_get_key_usage(X509 *x);
659659 uint32_t X509_get_extended_key_usage(X509 *x);
660660 const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
661+const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
661662
662663 int X509_PURPOSE_get_count(void);
663664 X509_PURPOSE *X509_PURPOSE_get0(int idx);
@@ -876,6 +877,7 @@ int ERR_load_X509V3_strings(void);
876877 # define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 166
877878 # define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161
878879 # define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162
880+# define X509V3_F_BIGNUM_TO_STRING 167
879881 # define X509V3_F_COPY_EMAIL 122
880882 # define X509V3_F_COPY_ISSUER 123
881883 # define X509V3_F_DO_DIRNAME 144
Binary files a/dist/amd64/libcrypto-1_1-x64.dll and b/dist/amd64/libcrypto-1_1-x64.dll differ
Binary files a/dist/amd64/libssl-1_1-x64.dll and b/dist/amd64/libssl-1_1-x64.dll differ
Binary files a/dist/libcrypto-1_1.dll and b/dist/libcrypto-1_1.dll differ
Binary files a/dist/libssl-1_1.dll and b/dist/libssl-1_1.dll differ
--- a/src/filehash.h
+++ b/src/filehash.h
@@ -5,13 +5,13 @@
55 #define FILEHASH_SSL_PEM_SHA1 "\xF8\xD2\xBB\x6D\xDE\x84\xF5\x8B\x2C\x8C\xAF\x58\x4E\xAF\x0C\x04\x0E\x7A\xFC\x97"
66 #if defined(_M_IX86)
77 // libcrypto-1_1.dll
8-#define FILEHASH_LIBCRYPTO_DLL_SHA1 "\x8F\xA8\x54\xD1\x27\x65\x18\xE4\x43\xA5\x5C\xAF\x65\x39\x66\xB8\x3A\x05\xE8\x0B"
8+#define FILEHASH_LIBCRYPTO_DLL_SHA1 "\xFD\x80\x51\xB6\x63\xA5\xFD\x0E\x37\xF3\x0B\xBF\xDF\x80\xE8\xFC\x3B\x61\x18\x31"
99 // libssl-1_1.dll
10-#define FILEHASH_LIBSSL_DLL_SHA1 "\x42\x65\x00\x4A\xC9\xF8\xFE\x28\x49\xE2\x90\x51\x58\x2B\x57\x09\x97\xB0\x3B\xAD"
10+#define FILEHASH_LIBSSL_DLL_SHA1 "\x90\xDE\xFB\x90\x3D\xBD\x41\xFC\x3C\x0D\x66\x27\xEF\x4F\xB9\x56\xBB\xEE\x0F\xC2"
1111 #elif defined(_M_AMD64)
1212 // libcrypto-1_1-x64.dll
13-#define FILEHASH_LIBCRYPTO_DLL_SHA1 "\xAF\xD4\xCF\x21\x2B\x87\x92\x25\x6B\x6F\x8E\x49\x36\x85\xD4\xC9\x2E\xFC\x88\xC7"
13+#define FILEHASH_LIBCRYPTO_DLL_SHA1 "\x4B\x11\x71\x1E\x32\xD0\xF0\x35\xEC\x72\x22\x7F\xD9\x34\x15\xFC\xDA\x9C\x6C\xC1"
1414 // libssl-1_1-x64.dll
15-#define FILEHASH_LIBSSL_DLL_SHA1 "\x91\xE6\xC3\x0B\xAF\x9A\x13\x24\x12\x73\x3D\x96\x3A\xBA\xB2\xA1\x0D\x43\x44\x5E"
15+#define FILEHASH_LIBSSL_DLL_SHA1 "\x96\x35\x5C\x4B\x71\x61\xF2\xB8\x3D\x2A\xB4\x12\xD6\x48\x77\xA2\x8D\xB5\x14\x8A"
1616 #endif
1717