Loweynet
修訂 | b2ca3cbfefb9f644d74e81b6dbb28c759def7249 (tree) |
---|---|
時間 | 2017-11-04 21:00:12 |
作者 | s_kawamoto <s_kawamoto@user...> |
Commiter | s_kawamoto |
Update OpenSSL to 1.1.0g.
@@ -11,8 +11,8 @@ set PREFIX_JPN=update.jpn.file. | ||
11 | 11 | set PREFIX_ENG=update.eng.file. |
12 | 12 | set PREFIX_AMD64_JPN=update.amd64.jpn.file. |
13 | 13 | set PREFIX_AMD64_ENG=update.amd64.eng.file. |
14 | -set DESC_JPN="¯Ú±ª1æèå«¢zXg©çØfµ½¼ãÉÊÌzXgÅ]ɸs·éoOðC³µÜµ½B" | |
15 | -set DESC_ENG="Fixed bugs that transfer fails at a host right after disconnection from another host whose number of simultaneous connections is more than 1." | |
14 | +set DESC_JPN="OpenSSLðXVµÜµ½B" | |
15 | +set DESC_ENG="Updated OpenSSL." | |
16 | 16 | set DESC_AMD64_JPN=%DESC_JPN% |
17 | 17 | set DESC_AMD64_ENG=%DESC_ENG% |
18 | 18 |
@@ -242,7 +242,7 @@ FONT 9, "MS Shell Dlg", 0, 0, 0x0 | ||
242 | 242 | BEGIN |
243 | 243 | DEFPUSHBUTTON "OK",IDOK,133,294,50,14 |
244 | 244 | ICON ffftp,-1,7,4,20,20 |
245 | - CTEXT "FFFTP Ver 1.99a-20171029",-1,113,11,90,8 | |
245 | + CTEXT "FFFTP Ver 1.99a-20171104",-1,113,11,90,8 | |
246 | 246 | CTEXT "FFFTPÍfreewareÅ·",-1,7,279,305,8 |
247 | 247 | CTEXT "Copyright(C) 1997-2010 Sota & ²¦Í¢½¾¢½ûX\nCopyright (C) 2011-2017 FFFTP Project (Hiromichi Matsushima, Suguru Kawamoto, IWAMOTO Kouichi, vitamin0x, ¤È[, Asami, fortran90, tomo1192, Yuji Tanaka, Moriguchi Hirokazu, Ó¤¹ñ)",-1,7,25,305,44,SS_NOPREFIX |
248 | 248 | CTEXT "",ABOUT_JRE,7,96,305,8 |
@@ -2213,8 +2213,8 @@ nodrop_csr CURSOR "nodrop_c.cur" | ||
2213 | 2213 | // |
2214 | 2214 | |
2215 | 2215 | VS_VERSION_INFO VERSIONINFO |
2216 | - FILEVERSION 1,99,1,18 | |
2217 | - PRODUCTVERSION 1,99,1,18 | |
2216 | + FILEVERSION 1,99,1,19 | |
2217 | + PRODUCTVERSION 1,99,1,19 | |
2218 | 2218 | FILEFLAGSMASK 0x3fL |
2219 | 2219 | #ifdef _DEBUG |
2220 | 2220 | FILEFLAGS 0x1L |
@@ -2232,12 +2232,12 @@ BEGIN | ||
2232 | 2232 | VALUE "Comments", "±êÍt[\tgEGAÅ·B" |
2233 | 2233 | VALUE "CompanyName", "Sota, FFFTP Project" |
2234 | 2234 | VALUE "FileDescription", "FFFTP" |
2235 | - VALUE "FileVersion", "1, 99, 1, 18" | |
2235 | + VALUE "FileVersion", "1, 99, 1, 19" | |
2236 | 2236 | VALUE "InternalName", "FFFTP" |
2237 | 2237 | VALUE "LegalCopyright", "Copyright (C) 1997-2010 Sota & ²¦Í¢½¾¢½ûX\nCopyright (C) 2011-2017 FFFTP Project (Hiromichi Matsushima, Suguru Kawamoto, IWAMOTO Kouichi, vitamin0x, ¤È[, Asami, fortran90, tomo1192, Yuji Tanaka, Moriguchi Hirokazu, Ó¤¹ñ)." |
2238 | 2238 | VALUE "OriginalFilename", "FFFTP.exe" |
2239 | 2239 | VALUE "ProductName", "FFFTP" |
2240 | - VALUE "ProductVersion", "1, 99, 1, 18" | |
2240 | + VALUE "ProductVersion", "1, 99, 1, 19" | |
2241 | 2241 | END |
2242 | 2242 | END |
2243 | 2243 | BLOCK "VarFileInfo" |
@@ -242,7 +242,7 @@ FONT 9, "MS Shell Dlg", 0, 0, 0x0 | ||
242 | 242 | BEGIN |
243 | 243 | DEFPUSHBUTTON "OK",IDOK,132,296,50,14 |
244 | 244 | ICON ffftp,-1,7,4,20,20 |
245 | - CTEXT "FFFTP Ver 1.99a-20171029",-1,110,11,90,8 | |
245 | + CTEXT "FFFTP Ver 1.99a-20171104",-1,110,11,90,8 | |
246 | 246 | CTEXT "FFFTP is freeware",-1,7,281,301,8 |
247 | 247 | CTEXT "Copyright(C) 1997-2010 Sota && cooperators\nCopyright (C) 2011-2017 FFFTP Project (Hiromichi Matsushima, Suguru Kawamoto, IWAMOTO Kouichi, vitamin0x, unarist, Asami, fortran90, tomo1192, Yuji Tanaka, Moriguchi Hirokazu, Fu-sen)",-1,7,25,301,44 |
248 | 248 | CTEXT "",ABOUT_JRE,7,93,301,8 |
@@ -2253,8 +2253,8 @@ nodrop_csr CURSOR "nodrop_c.cur" | ||
2253 | 2253 | // |
2254 | 2254 | |
2255 | 2255 | VS_VERSION_INFO VERSIONINFO |
2256 | - FILEVERSION 1,99,1,18 | |
2257 | - PRODUCTVERSION 1,99,1,18 | |
2256 | + FILEVERSION 1,99,1,19 | |
2257 | + PRODUCTVERSION 1,99,1,19 | |
2258 | 2258 | FILEFLAGSMASK 0x3fL |
2259 | 2259 | #ifdef _DEBUG |
2260 | 2260 | FILEFLAGS 0x1L |
@@ -2272,12 +2272,12 @@ BEGIN | ||
2272 | 2272 | VALUE "Comments", "This software is Free Software" |
2273 | 2273 | VALUE "CompanyName", "Sota, FFFTP Project" |
2274 | 2274 | VALUE "FileDescription", "FFFTP" |
2275 | - VALUE "FileVersion", "1, 99, 1, 18" | |
2275 | + VALUE "FileVersion", "1, 99, 1, 19" | |
2276 | 2276 | VALUE "InternalName", "FFFTP" |
2277 | 2277 | VALUE "LegalCopyright", "Copyright (C) 1997-2010 Sota & cooperators\nCopyright (C) 2011-2017 FFFTP Project (Hiromichi Matsushima, Suguru Kawamoto, IWAMOTO Kouichi, vitamin0x, unarist, Asami, fortran90, tomo1192, Yuji Tanaka, Moriguchi Hirokazu, Fu-sen)." |
2278 | 2278 | VALUE "OriginalFilename", "FFFTP.exe" |
2279 | 2279 | VALUE "ProductName", "FFFTP" |
2280 | - VALUE "ProductVersion", "1, 99, 1, 18" | |
2280 | + VALUE "ProductVersion", "1, 99, 1, 19" | |
2281 | 2281 | END |
2282 | 2282 | END |
2283 | 2283 | BLOCK "VarFileInfo" |
@@ -72,16 +72,16 @@ | ||
72 | 72 | //#define PROGRAM_VERSION_NUM 1972 /* バージョン */ |
73 | 73 | // 64ビット対応 |
74 | 74 | #ifdef _WIN64 |
75 | -#define VER_STR "1.99a-20171029 64bit" | |
75 | +#define VER_STR "1.99a-20171104 64bit" | |
76 | 76 | #else |
77 | -#define VER_STR "1.99a-20171029" | |
77 | +#define VER_STR "1.99a-20171104" | |
78 | 78 | #endif |
79 | 79 | #define VER_NUM 1990 /* 設定バージョン */ |
80 | 80 | #define PROGRAM_VERSION_NUM 1990 /* バージョン */ |
81 | 81 | // ソフトウェア自動更新 |
82 | 82 | // リリースバージョンはリリース予定年(10進数4桁)+月(2桁)+日(2桁)+通し番号(0スタート2桁)とする |
83 | 83 | // 2014年7月31日中の30個目のリリースは2014073129 |
84 | -#define RELEASE_VERSION_NUM 2017102900 /* リリースバージョン */ | |
84 | +#define RELEASE_VERSION_NUM 2017110400 /* リリースバージョン */ | |
85 | 85 | |
86 | 86 | |
87 | 87 | // SourceForge.JPによるフォーク |
@@ -2,6 +2,51 @@ | ||
2 | 2 | OpenSSL CHANGES |
3 | 3 | _______________ |
4 | 4 | |
5 | + This is a high-level summary of the most important changes. | |
6 | + For a full list of changes, see the git commit log; for example, | |
7 | + https://github.com/openssl/openssl/commits/ and pick the appropriate | |
8 | + release branch. | |
9 | + | |
10 | + Changes between 1.1.0f and 1.1.0g [2 Nov 2017] | |
11 | + | |
12 | + *) bn_sqrx8x_internal carry bug on x86_64 | |
13 | + | |
14 | + There is a carry propagating bug in the x86_64 Montgomery squaring | |
15 | + procedure. No EC algorithms are affected. Analysis suggests that attacks | |
16 | + against RSA and DSA as a result of this defect would be very difficult to | |
17 | + perform and are not believed likely. Attacks against DH are considered just | |
18 | + feasible (although very difficult) because most of the work necessary to | |
19 | + deduce information about a private key may be performed offline. The amount | |
20 | + of resources required for such an attack would be very significant and | |
21 | + likely only accessible to a limited number of attackers. An attacker would | |
22 | + additionally need online access to an unpatched system using the target | |
23 | + private key in a scenario with persistent DH parameters and a private | |
24 | + key that is shared between multiple clients. | |
25 | + | |
26 | + This only affects processors that support the BMI1, BMI2 and ADX extensions | |
27 | + like Intel Broadwell (5th generation) and later or AMD Ryzen. | |
28 | + | |
29 | + This issue was reported to OpenSSL by the OSS-Fuzz project. | |
30 | + (CVE-2017-3736) | |
31 | + [Andy Polyakov] | |
32 | + | |
33 | + *) Malformed X.509 IPAddressFamily could cause OOB read | |
34 | + | |
35 | + If an X.509 certificate has a malformed IPAddressFamily extension, | |
36 | + OpenSSL could do a one-byte buffer overread. The most likely result | |
37 | + would be an erroneous display of the certificate in text format. | |
38 | + | |
39 | + This issue was reported to OpenSSL by the OSS-Fuzz project. | |
40 | + (CVE-2017-3735) | |
41 | + [Rich Salz] | |
42 | + | |
43 | + *) Ignore the '-named_curve auto' value for compatibility of applications | |
44 | + with OpenSSL 1.0.2. | |
45 | + [Tomas Mraz <tmraz@fedoraproject.org>] | |
46 | + | |
47 | + *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd. | |
48 | + [Emilia Käsper] | |
49 | + | |
5 | 50 | Changes between 1.1.0e and 1.1.0f [25 May 2017] |
6 | 51 | |
7 | 52 | *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target |
@@ -5,6 +5,11 @@ | ||
5 | 5 | This file gives a brief overview of the major changes between each OpenSSL |
6 | 6 | release. For more details please read the CHANGES file. |
7 | 7 | |
8 | + Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017] | |
9 | + | |
10 | + o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) | |
11 | + o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) | |
12 | + | |
8 | 13 | Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017] |
9 | 14 | |
10 | 15 | o config now recognises 64-bit mingw and chooses mingw64 instead of mingw |
@@ -1,5 +1,5 @@ | ||
1 | 1 | |
2 | - OpenSSL 1.1.0f 25 May 2017 | |
2 | + OpenSSL 1.1.0g 2 Nov 2017 | |
3 | 3 | |
4 | 4 | Copyright (c) 1998-2016 The OpenSSL Project |
5 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
@@ -125,11 +125,10 @@ extern "C" { | ||
125 | 125 | |
126 | 126 | # define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 |
127 | 127 | |
128 | -# define BIO_CTRL_DGRAM_SET_PEEK_MODE 50 | |
129 | - | |
128 | +/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */ | |
129 | +# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 | |
130 | 130 | # ifndef OPENSSL_NO_SCTP |
131 | 131 | /* SCTP stuff */ |
132 | -# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 | |
133 | 132 | # define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51 |
134 | 133 | # define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52 |
135 | 134 | # define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53 |
@@ -142,6 +141,8 @@ extern "C" { | ||
142 | 141 | # define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70 |
143 | 142 | # endif |
144 | 143 | |
144 | +# define BIO_CTRL_DGRAM_SET_PEEK_MODE 71 | |
145 | + | |
145 | 146 | /* modifiers */ |
146 | 147 | # define BIO_FP_READ 0x02 |
147 | 148 | # define BIO_FP_WRITE 0x04 |
@@ -196,7 +196,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); | ||
196 | 196 | */ |
197 | 197 | void BN_set_negative(BIGNUM *b, int n); |
198 | 198 | /** BN_is_negative returns 1 if the BIGNUM is negative |
199 | - * \param a pointer to the BIGNUM object | |
199 | + * \param b pointer to the BIGNUM object | |
200 | 200 | * \return 1 if a < 0 and 0 otherwise |
201 | 201 | */ |
202 | 202 | int BN_is_negative(const BIGNUM *b); |
@@ -21,10 +21,7 @@ extern "C" { | ||
21 | 21 | #endif |
22 | 22 | |
23 | 23 | # include <stddef.h> |
24 | - | |
25 | -# if !defined(NO_SYS_TYPES_H) | |
26 | -# include <sys/types.h> | |
27 | -# endif | |
24 | +# include <sys/types.h> | |
28 | 25 | |
29 | 26 | /* |
30 | 27 | * These names are outdated as of OpenSSL 1.1; a future release |
@@ -146,6 +146,8 @@ int CRYPTO_mem_ctrl(int mode); | ||
146 | 146 | CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) |
147 | 147 | # define OPENSSL_secure_free(addr) \ |
148 | 148 | CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE) |
149 | +# define OPENSSL_secure_clear_free(addr, num) \ | |
150 | + CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) | |
149 | 151 | # define OPENSSL_secure_actual_size(ptr) \ |
150 | 152 | CRYPTO_secure_actual_size(ptr) |
151 | 153 |
@@ -285,6 +287,8 @@ int CRYPTO_secure_malloc_done(void); | ||
285 | 287 | void *CRYPTO_secure_malloc(size_t num, const char *file, int line); |
286 | 288 | void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); |
287 | 289 | void CRYPTO_secure_free(void *ptr, const char *file, int line); |
290 | +void CRYPTO_secure_clear_free(void *ptr, size_t num, | |
291 | + const char *file, int line); | |
288 | 292 | int CRYPTO_secure_allocated(const void *ptr); |
289 | 293 | int CRYPTO_secure_malloc_initialized(void); |
290 | 294 | size_t CRYPTO_secure_actual_size(void *ptr); |
@@ -1223,7 +1223,7 @@ void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, | ||
1223 | 1223 | const ECDSA_SIG *sig, |
1224 | 1224 | EC_KEY *eckey)); |
1225 | 1225 | |
1226 | -void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth, | |
1226 | +void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth, | |
1227 | 1227 | int (**pinit)(EC_KEY *key), |
1228 | 1228 | void (**pfinish)(EC_KEY *key), |
1229 | 1229 | int (**pcopy)(EC_KEY *dest, const EC_KEY *src), |
@@ -1234,16 +1234,16 @@ void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth, | ||
1234 | 1234 | int (**pset_public)(EC_KEY *key, |
1235 | 1235 | const EC_POINT *pub_key)); |
1236 | 1236 | |
1237 | -void EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth, | |
1237 | +void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, | |
1238 | 1238 | int (**pkeygen)(EC_KEY *key)); |
1239 | 1239 | |
1240 | -void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth, | |
1240 | +void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth, | |
1241 | 1241 | int (**pck)(unsigned char **psec, |
1242 | 1242 | size_t *pseclen, |
1243 | 1243 | const EC_POINT *pub_key, |
1244 | 1244 | const EC_KEY *ecdh)); |
1245 | 1245 | |
1246 | -void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth, | |
1246 | +void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth, | |
1247 | 1247 | int (**psign)(int type, const unsigned char *dgst, |
1248 | 1248 | int dlen, unsigned char *sig, |
1249 | 1249 | unsigned int *siglen, |
@@ -1257,7 +1257,7 @@ void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth, | ||
1257 | 1257 | const BIGNUM *in_r, |
1258 | 1258 | EC_KEY *eckey)); |
1259 | 1259 | |
1260 | -void EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth, | |
1260 | +void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, | |
1261 | 1261 | int (**pverify)(int type, const unsigned |
1262 | 1262 | char *dgst, int dgst_len, |
1263 | 1263 | const unsigned char *sigbuf, |
@@ -900,6 +900,9 @@ int EVP_PKEY_security_bits(const EVP_PKEY *pkey); | ||
900 | 900 | int EVP_PKEY_size(EVP_PKEY *pkey); |
901 | 901 | int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); |
902 | 902 | int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); |
903 | +# ifndef OPENSSL_NO_ENGINE | |
904 | +int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e); | |
905 | +# endif | |
903 | 906 | int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); |
904 | 907 | void *EVP_PKEY_get0(const EVP_PKEY *pkey); |
905 | 908 | const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); |
@@ -1482,6 +1485,7 @@ int ERR_load_EVP_strings(void); | ||
1482 | 1485 | # define EVP_F_EVP_PBE_SCRYPT 181 |
1483 | 1486 | # define EVP_F_EVP_PKCS82PKEY 111 |
1484 | 1487 | # define EVP_F_EVP_PKEY2PKCS8 113 |
1488 | +# define EVP_F_EVP_PKEY_ASN1_ADD0 168 | |
1485 | 1489 | # define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 |
1486 | 1490 | # define EVP_F_EVP_PKEY_CTX_CTRL 137 |
1487 | 1491 | # define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 |
@@ -1505,6 +1509,7 @@ int ERR_load_EVP_strings(void); | ||
1505 | 1509 | # define EVP_F_EVP_PKEY_NEW 106 |
1506 | 1510 | # define EVP_F_EVP_PKEY_PARAMGEN 148 |
1507 | 1511 | # define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 |
1512 | +# define EVP_F_EVP_PKEY_SET1_ENGINE 187 | |
1508 | 1513 | # define EVP_F_EVP_PKEY_SIGN 140 |
1509 | 1514 | # define EVP_F_EVP_PKEY_SIGN_INIT 141 |
1510 | 1515 | # define EVP_F_EVP_PKEY_VERIFY 142 |
@@ -1565,6 +1570,7 @@ int ERR_load_EVP_strings(void); | ||
1565 | 1570 | # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 |
1566 | 1571 | # define EVP_R_OPERATON_NOT_INITIALIZED 151 |
1567 | 1572 | # define EVP_R_PARTIALLY_OVERLAPPING 162 |
1573 | +# define EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED 164 | |
1568 | 1574 | # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 |
1569 | 1575 | # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 |
1570 | 1576 | # define EVP_R_PUBLIC_KEY_NOT_RSA 106 |
@@ -39,11 +39,11 @@ extern "C" { | ||
39 | 39 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
40 | 40 | * major minor fix final patch/beta) |
41 | 41 | */ |
42 | -# define OPENSSL_VERSION_NUMBER 0x1010006fL | |
42 | +# define OPENSSL_VERSION_NUMBER 0x1010007fL | |
43 | 43 | # ifdef OPENSSL_FIPS |
44 | -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0f-fips 25 May 2017" | |
44 | +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0g-fips 2 Nov 2017" | |
45 | 45 | # else |
46 | -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0f 25 May 2017" | |
46 | +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0g 2 Nov 2017" | |
47 | 47 | # endif |
48 | 48 | |
49 | 49 | /*- |
@@ -52,9 +52,7 @@ extern "C" { | ||
52 | 52 | # endif |
53 | 53 | # endif |
54 | 54 | |
55 | -# if !defined(NO_SYS_TYPES_H) | |
56 | -# include <sys/types.h> | |
57 | -# endif | |
55 | +# include <sys/types.h> | |
58 | 56 | |
59 | 57 | # define SEED_BLOCK_SIZE 16 |
60 | 58 | # define SEED_KEY_LENGTH 16 |
@@ -36,7 +36,7 @@ extern "C" { | ||
36 | 36 | # ifndef OPENSSL_NO_SRTP |
37 | 37 | |
38 | 38 | __owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); |
39 | -__owur int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); | |
39 | +__owur int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); | |
40 | 40 | |
41 | 41 | __owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); |
42 | 42 | __owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); |
@@ -297,6 +297,8 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); | ||
297 | 297 | # define SSL_OP_NO_COMPRESSION 0x00020000U |
298 | 298 | /* Permit unsafe legacy renegotiation */ |
299 | 299 | # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U |
300 | +/* Disable encrypt-then-mac */ | |
301 | +# define SSL_OP_NO_ENCRYPT_THEN_MAC 0x00080000U | |
300 | 302 | /* |
301 | 303 | * Set on servers to choose the cipher according to the server's preferences |
302 | 304 | */ |
@@ -1158,6 +1160,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) | ||
1158 | 1160 | # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 |
1159 | 1161 | # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 |
1160 | 1162 | # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 |
1163 | +# define SSL_CTRL_GET_MIN_PROTO_VERSION 130 | |
1164 | +# define SSL_CTRL_GET_MAX_PROTO_VERSION 131 | |
1161 | 1165 | # define SSL_CERT_SET_FIRST 1 |
1162 | 1166 | # define SSL_CERT_SET_NEXT 2 |
1163 | 1167 | # define SSL_CERT_SET_SERVER 3 |
@@ -1289,10 +1293,18 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) | ||
1289 | 1293 | SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) |
1290 | 1294 | #define SSL_CTX_set_max_proto_version(ctx, version) \ |
1291 | 1295 | SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) |
1296 | +#define SSL_CTX_get_min_proto_version(ctx) \ | |
1297 | + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, NULL, NULL) | |
1298 | +#define SSL_CTX_get_max_proto_version(ctx) \ | |
1299 | + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, NULL, NULL) | |
1292 | 1300 | #define SSL_set_min_proto_version(s, version) \ |
1293 | 1301 | SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) |
1294 | 1302 | #define SSL_set_max_proto_version(s, version) \ |
1295 | 1303 | SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) |
1304 | +#define SSL_get_min_proto_version(s) \ | |
1305 | + SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, NULL, NULL) | |
1306 | +#define SSL_get_max_proto_version(s) \ | |
1307 | + SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, NULL, NULL) | |
1296 | 1308 | |
1297 | 1309 | #if OPENSSL_API_COMPAT < 0x10100000L |
1298 | 1310 | /* Provide some compatibility macros for removed functionality. */ |
@@ -1444,7 +1456,7 @@ int SSL_SESSION_up_ref(SSL_SESSION *ses); | ||
1444 | 1456 | void SSL_SESSION_free(SSL_SESSION *ses); |
1445 | 1457 | __owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); |
1446 | 1458 | __owur int SSL_set_session(SSL *to, SSL_SESSION *session); |
1447 | -__owur int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); | |
1459 | +int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); | |
1448 | 1460 | int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); |
1449 | 1461 | __owur int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); |
1450 | 1462 | __owur int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); |
@@ -226,12 +226,12 @@ __owur int SSL_get_servername_type(const SSL *s); | ||
226 | 226 | * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and |
227 | 227 | * optional context. (Since a zero length context is allowed, the |use_context| |
228 | 228 | * flag controls whether a context is included.) It returns 1 on success and |
229 | - * zero otherwise. | |
229 | + * 0 or -1 otherwise. | |
230 | 230 | */ |
231 | 231 | __owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, |
232 | - const char *label, size_t llen, | |
233 | - const unsigned char *p, size_t plen, | |
234 | - int use_context); | |
232 | + const char *label, size_t llen, | |
233 | + const unsigned char *context, | |
234 | + size_t contextlen, int use_context); | |
235 | 235 | |
236 | 236 | int SSL_get_sigalgs(SSL *s, int idx, |
237 | 237 | int *psign, int *phash, int *psignandhash, |
@@ -298,9 +298,9 @@ SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb) | ||
298 | 298 | SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) |
299 | 299 | |
300 | 300 | # define SSL_CTX_get_tlsext_status_arg(ssl, arg) \ |
301 | -SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg | |
301 | + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) | |
302 | 302 | # define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ |
303 | -SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) | |
303 | + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) | |
304 | 304 | |
305 | 305 | #define SSL_CTX_set_tlsext_status_type(ssl, type) \ |
306 | 306 | SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, type, NULL) |
@@ -5,13 +5,13 @@ | ||
5 | 5 | #define FILEHASH_SSL_PEM_SHA1 "\xB5\x0E\xE9\xDC\x25\x9D\xAC\x83\x09\xB3\x42\xA3\xB9\x7C\xF2\x1A\xAD\xA8\x27\xA6" |
6 | 6 | #if defined(_M_IX86) |
7 | 7 | // libeay32.dll |
8 | -#define FILEHASH_LIBEAY32_DLL_SHA1 "\x8A\xA1\x22\x87\x9D\x06\xCE\x61\x2A\x0D\x12\xCE\xCD\x05\x6F\x44\x04\xEB\x08\x8F" | |
8 | +#define FILEHASH_LIBEAY32_DLL_SHA1 "\xE4\xA5\x2E\xB0\x80\xB5\x07\x4B\x40\xB0\x15\x71\xC5\xAA\x6F\xF8\xF3\xC4\x97\xFC" | |
9 | 9 | // ssleay32.dll |
10 | -#define FILEHASH_SSLEAY32_DLL_SHA1 "\x83\x84\x23\x50\xDB\x61\xA3\xBC\xCA\xA0\xF0\xA7\xE4\x33\x87\xBB\x47\xCC\xE0\x05" | |
10 | +#define FILEHASH_SSLEAY32_DLL_SHA1 "\x93\x4D\xF4\xDA\x2C\x4A\x65\x53\x56\xA7\xB3\xD3\x2F\x9C\x86\xBA\xB4\xF8\xDD\x48" | |
11 | 11 | #elif defined(_M_AMD64) |
12 | 12 | // libeay32.dll |
13 | -#define FILEHASH_LIBEAY32_DLL_SHA1 "\xDA\x6A\xF5\x14\x91\xE1\x6C\x23\xB8\xB9\xA9\x2D\x55\x84\xF5\x9E\xE3\x1B\xE9\x78" | |
13 | +#define FILEHASH_LIBEAY32_DLL_SHA1 "\x70\xA9\xCC\x67\x1B\xE5\x18\xF4\x29\x20\xD6\x3F\xBD\xAA\x57\xA6\x12\x43\xE5\xFB" | |
14 | 14 | // ssleay32.dll |
15 | -#define FILEHASH_SSLEAY32_DLL_SHA1 "\x8C\x6E\x78\x40\x04\x46\x10\x9B\x02\x95\xE1\xAC\xA2\x02\x47\x37\xF9\xDE\x32\x6A" | |
15 | +#define FILEHASH_SSLEAY32_DLL_SHA1 "\xF8\xF1\xF0\x1E\x7E\x20\xC6\xBF\x01\x84\xF6\x86\x90\x72\x5F\x8C\xF4\xF3\x2F\x57" | |
16 | 16 | #endif |
17 | 17 |