Loweynet
修訂 | 6b46c6c27c57c33b05c427685bfdbf56c969a3ac (tree) |
---|---|
時間 | 2018-03-29 21:02:45 |
作者 | s_kawamoto <s_kawamoto@user...> |
Commiter | s_kawamoto |
Update OpenSSL to 1.1.0h.
@@ -7,6 +7,79 @@ | ||
7 | 7 | https://github.com/openssl/openssl/commits/ and pick the appropriate |
8 | 8 | release branch. |
9 | 9 | |
10 | + Changes between 1.1.0g and 1.1.0h [27 Mar 2018] | |
11 | + | |
12 | + *) Constructed ASN.1 types with a recursive definition could exceed the stack | |
13 | + | |
14 | + Constructed ASN.1 types with a recursive definition (such as can be found | |
15 | + in PKCS7) could eventually exceed the stack given malicious input with | |
16 | + excessive recursion. This could result in a Denial Of Service attack. There | |
17 | + are no such structures used within SSL/TLS that come from untrusted sources | |
18 | + so this is considered safe. | |
19 | + | |
20 | + This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz | |
21 | + project. | |
22 | + (CVE-2018-0739) | |
23 | + [Matt Caswell] | |
24 | + | |
25 | + *) Incorrect CRYPTO_memcmp on HP-UX PA-RISC | |
26 | + | |
27 | + Because of an implementation bug the PA-RISC CRYPTO_memcmp function is | |
28 | + effectively reduced to only comparing the least significant bit of each | |
29 | + byte. This allows an attacker to forge messages that would be considered as | |
30 | + authenticated in an amount of tries lower than that guaranteed by the | |
31 | + security claims of the scheme. The module can only be compiled by the | |
32 | + HP-UX assembler, so that only HP-UX PA-RISC targets are affected. | |
33 | + | |
34 | + This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg | |
35 | + (IBM). | |
36 | + (CVE-2018-0733) | |
37 | + [Andy Polyakov] | |
38 | + | |
39 | + *) Add a build target 'build_all_generated', to build all generated files | |
40 | + and only that. This can be used to prepare everything that requires | |
41 | + things like perl for a system that lacks perl and then move everything | |
42 | + to that system and do the rest of the build there. | |
43 | + [Richard Levitte] | |
44 | + | |
45 | + *) Backport SSL_OP_NO_RENGOTIATION | |
46 | + | |
47 | + OpenSSL 1.0.2 and below had the ability to disable renegotiation using the | |
48 | + (undocumented) SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag. Due to the opacity | |
49 | + changes this is no longer possible in 1.1.0. Therefore the new | |
50 | + SSL_OP_NO_RENEGOTIATION option from 1.1.1-dev has been backported to | |
51 | + 1.1.0 to provide equivalent functionality. | |
52 | + | |
53 | + Note that if an application built against 1.1.0h headers (or above) is run | |
54 | + using an older version of 1.1.0 (prior to 1.1.0h) then the option will be | |
55 | + accepted but nothing will happen, i.e. renegotiation will not be prevented. | |
56 | + [Matt Caswell] | |
57 | + | |
58 | + *) Removed the OS390-Unix config target. It relied on a script that doesn't | |
59 | + exist. | |
60 | + [Rich Salz] | |
61 | + | |
62 | + *) rsaz_1024_mul_avx2 overflow bug on x86_64 | |
63 | + | |
64 | + There is an overflow bug in the AVX2 Montgomery multiplication procedure | |
65 | + used in exponentiation with 1024-bit moduli. No EC algorithms are affected. | |
66 | + Analysis suggests that attacks against RSA and DSA as a result of this | |
67 | + defect would be very difficult to perform and are not believed likely. | |
68 | + Attacks against DH1024 are considered just feasible, because most of the | |
69 | + work necessary to deduce information about a private key may be performed | |
70 | + offline. The amount of resources required for such an attack would be | |
71 | + significant. However, for an attack on TLS to be meaningful, the server | |
72 | + would have to share the DH1024 private key among multiple clients, which is | |
73 | + no longer an option since CVE-2016-0701. | |
74 | + | |
75 | + This only affects processors that support the AVX2 but not ADX extensions | |
76 | + like Intel Haswell (4th generation). | |
77 | + | |
78 | + This issue was reported to OpenSSL by David Benjamin (Google). The issue | |
79 | + was originally found via the OSS-Fuzz project. | |
80 | + (CVE-2017-3738) | |
81 | + [Andy Polyakov] | |
82 | + | |
10 | 83 | Changes between 1.1.0f and 1.1.0g [2 Nov 2017] |
11 | 84 | |
12 | 85 | *) bn_sqrx8x_internal carry bug on x86_64 |
@@ -2989,8 +3062,11 @@ | ||
2989 | 3062 | to work with OPENSSL_NO_SSL_INTERN defined. |
2990 | 3063 | [Steve Henson] |
2991 | 3064 | |
2992 | - *) Add SRP support. | |
2993 | - [Tom Wu <tjw@cs.stanford.edu> and Ben Laurie] | |
3065 | + *) A long standing patch to add support for SRP from EdelWeb (Peter | |
3066 | + Sylvester and Christophe Renou) was integrated. | |
3067 | + [Christophe Renou <christophe.renou@edelweb.fr>, Peter Sylvester | |
3068 | + <peter.sylvester@edelweb.fr>, Tom Wu <tjw@cs.stanford.edu>, and | |
3069 | + Ben Laurie] | |
2994 | 3070 | |
2995 | 3071 | *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. |
2996 | 3072 | [Steve Henson] |
@@ -10,7 +10,7 @@ | ||
10 | 10 | --------------- |
11 | 11 | |
12 | 12 | /* ==================================================================== |
13 | - * Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved. | |
13 | + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. | |
14 | 14 | * |
15 | 15 | * Redistribution and use in source and binary forms, with or without |
16 | 16 | * modification, are permitted provided that the following conditions |
@@ -5,6 +5,13 @@ | ||
5 | 5 | This file gives a brief overview of the major changes between each OpenSSL |
6 | 6 | release. For more details please read the CHANGES file. |
7 | 7 | |
8 | + Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018] | |
9 | + | |
10 | + o Constructed ASN.1 types with a recursive definition could exceed the | |
11 | + stack (CVE-2018-0739) | |
12 | + o Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733) | |
13 | + o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) | |
14 | + | |
8 | 15 | Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017] |
9 | 16 | |
10 | 17 | o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) |
@@ -1,5 +1,5 @@ | ||
1 | 1 | |
2 | - OpenSSL 1.1.0g 2 Nov 2017 | |
2 | + OpenSSL 1.1.0h 27 Mar 2018 | |
3 | 3 | |
4 | 4 | Copyright (c) 1998-2016 The OpenSSL Project |
5 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
@@ -1,5 +1,5 @@ | ||
1 | 1 | /* |
2 | - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
2 | + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
3 | 3 | * |
4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | 5 | * this file except in compliance with the License. You can obtain a copy |
@@ -1051,6 +1051,7 @@ int ERR_load_ASN1_strings(void); | ||
1051 | 1051 | # define ASN1_R_MSTRING_NOT_UNIVERSAL 139 |
1052 | 1052 | # define ASN1_R_MSTRING_WRONG_TAG 140 |
1053 | 1053 | # define ASN1_R_NESTED_ASN1_STRING 197 |
1054 | +# define ASN1_R_NESTED_TOO_DEEP 201 | |
1054 | 1055 | # define ASN1_R_NON_HEX_CHARACTERS 141 |
1055 | 1056 | # define ASN1_R_NOT_ASCII_FORMAT 190 |
1056 | 1057 | # define ASN1_R_NOT_ENOUGH_DATA 142 |
@@ -1,5 +1,5 @@ | ||
1 | 1 | /* |
2 | - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
2 | + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
3 | 3 | * |
4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | 5 | * this file except in compliance with the License. You can obtain a copy |
@@ -246,7 +246,8 @@ typedef struct bio_method_st BIO_METHOD; | ||
246 | 246 | const char *BIO_method_name(const BIO *b); |
247 | 247 | int BIO_method_type(const BIO *b); |
248 | 248 | |
249 | -typedef void bio_info_cb(BIO *, int, const char *, int, long, long); | |
249 | +typedef int BIO_info_cb(BIO *, int, int); | |
250 | +typedef BIO_info_cb bio_info_cb; /* backward compatibility */ | |
250 | 251 | |
251 | 252 | DEFINE_STACK_OF(BIO) |
252 | 253 |
@@ -547,8 +548,7 @@ int BIO_write(BIO *b, const void *data, int len); | ||
547 | 548 | int BIO_puts(BIO *bp, const char *buf); |
548 | 549 | int BIO_indent(BIO *b, int indent, int max); |
549 | 550 | long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); |
550 | -long BIO_callback_ctrl(BIO *b, int cmd, | |
551 | - void (*fp) (BIO *, int, const char *, int, long, long)); | |
551 | +long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); | |
552 | 552 | void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); |
553 | 553 | long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); |
554 | 554 | BIO *BIO_push(BIO *b, BIO *append); |
@@ -750,10 +750,10 @@ int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); | ||
750 | 750 | int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *); |
751 | 751 | int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); |
752 | 752 | long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) |
753 | - (BIO *, int, bio_info_cb *); | |
753 | + (BIO *, int, BIO_info_cb *); | |
754 | 754 | int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, |
755 | 755 | long (*callback_ctrl) (BIO *, int, |
756 | - bio_info_cb *)); | |
756 | + BIO_info_cb *)); | |
757 | 757 | |
758 | 758 | /* BEGIN ERROR CODES */ |
759 | 759 | /* |
@@ -781,6 +781,7 @@ int ERR_load_BIO_strings(void); | ||
781 | 781 | # define BIO_F_BIO_LISTEN 139 |
782 | 782 | # define BIO_F_BIO_LOOKUP 135 |
783 | 783 | # define BIO_F_BIO_MAKE_PAIR 121 |
784 | +# define BIO_F_BIO_METH_NEW 146 | |
784 | 785 | # define BIO_F_BIO_NEW 108 |
785 | 786 | # define BIO_F_BIO_NEW_FILE 109 |
786 | 787 | # define BIO_F_BIO_NEW_MEM_BUF 126 |
@@ -1,5 +1,5 @@ | ||
1 | 1 | /* |
2 | - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
2 | + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
3 | 3 | * |
4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | 5 | * this file except in compliance with the License. You can obtain a copy |
@@ -49,7 +49,6 @@ extern "C" { | ||
49 | 49 | # define OPENSSL_SYS_WIN32_UWIN |
50 | 50 | # else |
51 | 51 | # if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN) |
52 | -# undef OPENSSL_SYS_UNIX | |
53 | 52 | # define OPENSSL_SYS_WIN32_CYGWIN |
54 | 53 | # else |
55 | 54 | # if defined(_WIN32) || defined(OPENSSL_SYS_WIN32) |
@@ -1,5 +1,5 @@ | ||
1 | 1 | /* |
2 | - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
2 | + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
3 | 3 | * |
4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | 5 | * this file except in compliance with the License. You can obtain a copy |
@@ -1570,6 +1570,7 @@ int ERR_load_EVP_strings(void); | ||
1570 | 1570 | # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 |
1571 | 1571 | # define EVP_R_OPERATON_NOT_INITIALIZED 151 |
1572 | 1572 | # define EVP_R_PARTIALLY_OVERLAPPING 162 |
1573 | +# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 175 | |
1573 | 1574 | # define EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED 164 |
1574 | 1575 | # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 |
1575 | 1576 | # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 |
@@ -137,22 +137,6 @@ typedef struct ocsp_service_locator_st OCSP_SERVICELOC; | ||
137 | 137 | |
138 | 138 | # define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) |
139 | 139 | |
140 | -# define OCSP_REQUEST_sign(o,pkey,md) \ | |
141 | - ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ | |
142 | - &o->optionalSignature->signatureAlgorithm,NULL,\ | |
143 | - o->optionalSignature->signature,&o->tbsRequest,pkey,md) | |
144 | - | |
145 | -# define OCSP_BASICRESP_sign(o,pkey,md,d) \ | |
146 | - ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&o->signatureAlgorithm,NULL,\ | |
147 | - o->signature,&o->tbsResponseData,pkey,md) | |
148 | - | |
149 | -# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ | |
150 | - &a->optionalSignature->signatureAlgorithm,\ | |
151 | - a->optionalSignature->signature,&a->tbsRequest,r) | |
152 | - | |
153 | -# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ | |
154 | - &a->signatureAlgorithm,a->signature,&a->tbsResponseData,r) | |
155 | - | |
156 | 140 | # define ASN1_BIT_STRING_digest(data,type,md,len) \ |
157 | 141 | ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) |
158 | 142 |
@@ -210,6 +194,8 @@ int OCSP_response_status(OCSP_RESPONSE *resp); | ||
210 | 194 | OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); |
211 | 195 | |
212 | 196 | const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); |
197 | +int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, | |
198 | + STACK_OF(X509) *extra_certs); | |
213 | 199 | |
214 | 200 | int OCSP_resp_count(OCSP_BASICRESP *bs); |
215 | 201 | OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); |
@@ -2,7 +2,7 @@ | ||
2 | 2 | * WARNING: do not edit! |
3 | 3 | * Generated by makefile from include\openssl\opensslconf.h.in |
4 | 4 | * |
5 | - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | |
5 | + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. | |
6 | 6 | * |
7 | 7 | * Licensed under the OpenSSL license (the "License"). You may not use |
8 | 8 | * this file except in compliance with the License. You can obtain a copy |
@@ -1,5 +1,5 @@ | ||
1 | 1 | /* |
2 | - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. | |
2 | + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. | |
3 | 3 | * |
4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | 5 | * this file except in compliance with the License. You can obtain a copy |
@@ -39,13 +39,18 @@ extern "C" { | ||
39 | 39 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
40 | 40 | * major minor fix final patch/beta) |
41 | 41 | */ |
42 | -# define OPENSSL_VERSION_NUMBER 0x1010007fL | |
42 | +# define OPENSSL_VERSION_NUMBER 0x1010008fL | |
43 | 43 | # ifdef OPENSSL_FIPS |
44 | -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0g-fips 2 Nov 2017" | |
44 | +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0h-fips 27 Mar 2018" | |
45 | 45 | # else |
46 | -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0g 2 Nov 2017" | |
46 | +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0h 27 Mar 2018" | |
47 | 47 | # endif |
48 | 48 | |
49 | +#define OPENSSL_MAKE_VERSION(maj,min,fix,patch) ((0x10000000L)+((maj&0xff)<<20)+((min&0xff)<<12)+((fix&0xff)<<4)+patch) | |
50 | + | |
51 | +/* use this for #if tests, should never depend upon fix/patch */ | |
52 | +#define OPENSSL_VERSION_AT_LEAST(maj,min) (OPENSSL_MAKE_VERSION(maj,min, 0, 0) >= OPENSSL_VERSION_NUMBER) | |
53 | + | |
49 | 54 | /*- |
50 | 55 | * The macros below are to be used for shared library (.so, .dll, ...) |
51 | 56 | * versioning. That kind of versioning works a bit differently between |
@@ -1,5 +1,5 @@ | ||
1 | 1 | /* |
2 | - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
2 | + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
3 | 3 | * |
4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | 5 | * this file except in compliance with the License. You can obtain a copy |
@@ -95,14 +95,14 @@ extern "C" { | ||
95 | 95 | # define SSL_TXT_NULL "NULL" |
96 | 96 | |
97 | 97 | # define SSL_TXT_kRSA "kRSA" |
98 | -# define SSL_TXT_kDHr "kDHr" | |
99 | -# define SSL_TXT_kDHd "kDHd" | |
100 | -# define SSL_TXT_kDH "kDH" | |
98 | +# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */ | |
99 | +# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */ | |
100 | +# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */ | |
101 | 101 | # define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ |
102 | 102 | # define SSL_TXT_kDHE "kDHE" |
103 | -# define SSL_TXT_kECDHr "kECDHr" | |
104 | -# define SSL_TXT_kECDHe "kECDHe" | |
105 | -# define SSL_TXT_kECDH "kECDH" | |
103 | +# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */ | |
104 | +# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */ | |
105 | +# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */ | |
106 | 106 | # define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ |
107 | 107 | # define SSL_TXT_kECDHE "kECDHE" |
108 | 108 | # define SSL_TXT_kPSK "kPSK" |
@@ -114,8 +114,8 @@ extern "C" { | ||
114 | 114 | |
115 | 115 | # define SSL_TXT_aRSA "aRSA" |
116 | 116 | # define SSL_TXT_aDSS "aDSS" |
117 | -# define SSL_TXT_aDH "aDH" | |
118 | -# define SSL_TXT_aECDH "aECDH" | |
117 | +# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */ | |
118 | +# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */ | |
119 | 119 | # define SSL_TXT_aECDSA "aECDSA" |
120 | 120 | # define SSL_TXT_aPSK "aPSK" |
121 | 121 | # define SSL_TXT_aGOST94 "aGOST94" |
@@ -323,6 +323,9 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); | ||
323 | 323 | SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) |
324 | 324 | # define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2) |
325 | 325 | |
326 | +/* Disallow all renegotiation */ | |
327 | +# define SSL_OP_NO_RENEGOTIATION 0x40000000U | |
328 | + | |
326 | 329 | /* |
327 | 330 | * Make server add server-hello extension from early version of cryptopro |
328 | 331 | * draft, when GOST ciphersuite is negotiated. Required for interoperability |
@@ -1294,17 +1297,17 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) | ||
1294 | 1297 | #define SSL_CTX_set_max_proto_version(ctx, version) \ |
1295 | 1298 | SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) |
1296 | 1299 | #define SSL_CTX_get_min_proto_version(ctx) \ |
1297 | - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, NULL, NULL) | |
1300 | + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) | |
1298 | 1301 | #define SSL_CTX_get_max_proto_version(ctx) \ |
1299 | - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, NULL, NULL) | |
1302 | + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) | |
1300 | 1303 | #define SSL_set_min_proto_version(s, version) \ |
1301 | 1304 | SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) |
1302 | 1305 | #define SSL_set_max_proto_version(s, version) \ |
1303 | 1306 | SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) |
1304 | 1307 | #define SSL_get_min_proto_version(s) \ |
1305 | - SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, NULL, NULL) | |
1308 | + SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) | |
1306 | 1309 | #define SSL_get_max_proto_version(s) \ |
1307 | - SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, NULL, NULL) | |
1310 | + SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) | |
1308 | 1311 | |
1309 | 1312 | #if OPENSSL_API_COMPAT < 0x10100000L |
1310 | 1313 | /* Provide some compatibility macros for removed functionality. */ |
@@ -1529,7 +1532,7 @@ __owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, | ||
1529 | 1532 | uint8_t mtype, uint8_t ord); |
1530 | 1533 | __owur int SSL_dane_enable(SSL *s, const char *basedomain); |
1531 | 1534 | __owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, |
1532 | - uint8_t mtype, unsigned char *data, size_t dlen); | |
1535 | + uint8_t mtype, unsigned const char *data, size_t dlen); | |
1533 | 1536 | __owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); |
1534 | 1537 | __owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, |
1535 | 1538 | uint8_t *mtype, unsigned const char **data, |
@@ -2107,6 +2110,7 @@ int ERR_load_SSL_strings(void); | ||
2107 | 2110 | # define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385 |
2108 | 2111 | # define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 |
2109 | 2112 | # define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 |
2113 | +# define SSL_F_DTLS_WAIT_FOR_DRY 592 | |
2110 | 2114 | # define SSL_F_OPENSSL_INIT_SSL 342 |
2111 | 2115 | # define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417 |
2112 | 2116 | # define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 |
@@ -2128,6 +2132,7 @@ int ERR_load_SSL_strings(void); | ||
2128 | 2132 | # define SSL_F_SSL3_SETUP_KEY_BLOCK 157 |
2129 | 2133 | # define SSL_F_SSL3_SETUP_READ_BUFFER 156 |
2130 | 2134 | # define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 |
2135 | +# define SSL_F_SSL3_TAKE_MAC 425 | |
2131 | 2136 | # define SSL_F_SSL3_WRITE_BYTES 158 |
2132 | 2137 | # define SSL_F_SSL3_WRITE_PENDING 159 |
2133 | 2138 | # define SSL_F_SSL_ADD_CERT_CHAIN 316 |
@@ -2201,6 +2206,8 @@ int ERR_load_SSL_strings(void); | ||
2201 | 2206 | # define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 |
2202 | 2207 | # define SSL_F_SSL_PEEK 270 |
2203 | 2208 | # define SSL_F_SSL_READ 223 |
2209 | +# define SSL_F_SSL_RENEGOTIATE 516 | |
2210 | +# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED 546 | |
2204 | 2211 | # define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 |
2205 | 2212 | # define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 |
2206 | 2213 | # define SSL_F_SSL_SESSION_DUP 348 |
@@ -1,5 +1,5 @@ | ||
1 | 1 | /* |
2 | - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. | |
2 | + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. | |
3 | 3 | * |
4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | 5 | * this file except in compliance with the License. You can obtain a copy |
@@ -658,6 +658,7 @@ uint32_t X509_get_extension_flags(X509 *x); | ||
658 | 658 | uint32_t X509_get_key_usage(X509 *x); |
659 | 659 | uint32_t X509_get_extended_key_usage(X509 *x); |
660 | 660 | const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); |
661 | +const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); | |
661 | 662 | |
662 | 663 | int X509_PURPOSE_get_count(void); |
663 | 664 | X509_PURPOSE *X509_PURPOSE_get0(int idx); |
@@ -876,6 +877,7 @@ int ERR_load_X509V3_strings(void); | ||
876 | 877 | # define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 166 |
877 | 878 | # define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 |
878 | 879 | # define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 |
880 | +# define X509V3_F_BIGNUM_TO_STRING 167 | |
879 | 881 | # define X509V3_F_COPY_EMAIL 122 |
880 | 882 | # define X509V3_F_COPY_ISSUER 123 |
881 | 883 | # define X509V3_F_DO_DIRNAME 144 |
@@ -5,13 +5,13 @@ | ||
5 | 5 | #define FILEHASH_SSL_PEM_SHA1 "\xF8\xD2\xBB\x6D\xDE\x84\xF5\x8B\x2C\x8C\xAF\x58\x4E\xAF\x0C\x04\x0E\x7A\xFC\x97" |
6 | 6 | #if defined(_M_IX86) |
7 | 7 | // libcrypto-1_1.dll |
8 | -#define FILEHASH_LIBCRYPTO_DLL_SHA1 "\x8F\xA8\x54\xD1\x27\x65\x18\xE4\x43\xA5\x5C\xAF\x65\x39\x66\xB8\x3A\x05\xE8\x0B" | |
8 | +#define FILEHASH_LIBCRYPTO_DLL_SHA1 "\xFD\x80\x51\xB6\x63\xA5\xFD\x0E\x37\xF3\x0B\xBF\xDF\x80\xE8\xFC\x3B\x61\x18\x31" | |
9 | 9 | // libssl-1_1.dll |
10 | -#define FILEHASH_LIBSSL_DLL_SHA1 "\x42\x65\x00\x4A\xC9\xF8\xFE\x28\x49\xE2\x90\x51\x58\x2B\x57\x09\x97\xB0\x3B\xAD" | |
10 | +#define FILEHASH_LIBSSL_DLL_SHA1 "\x90\xDE\xFB\x90\x3D\xBD\x41\xFC\x3C\x0D\x66\x27\xEF\x4F\xB9\x56\xBB\xEE\x0F\xC2" | |
11 | 11 | #elif defined(_M_AMD64) |
12 | 12 | // libcrypto-1_1-x64.dll |
13 | -#define FILEHASH_LIBCRYPTO_DLL_SHA1 "\xAF\xD4\xCF\x21\x2B\x87\x92\x25\x6B\x6F\x8E\x49\x36\x85\xD4\xC9\x2E\xFC\x88\xC7" | |
13 | +#define FILEHASH_LIBCRYPTO_DLL_SHA1 "\x4B\x11\x71\x1E\x32\xD0\xF0\x35\xEC\x72\x22\x7F\xD9\x34\x15\xFC\xDA\x9C\x6C\xC1" | |
14 | 14 | // libssl-1_1-x64.dll |
15 | -#define FILEHASH_LIBSSL_DLL_SHA1 "\x91\xE6\xC3\x0B\xAF\x9A\x13\x24\x12\x73\x3D\x96\x3A\xBA\xB2\xA1\x0D\x43\x44\x5E" | |
15 | +#define FILEHASH_LIBSSL_DLL_SHA1 "\x96\x35\x5C\x4B\x71\x61\xF2\xB8\x3D\x2A\xB4\x12\xD6\x48\x77\xA2\x8D\xB5\x14\x8A" | |
16 | 16 | #endif |
17 | 17 |