• R/O
  • HTTP
  • SSH
  • HTTPS

提交

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

Loweynet


Commit MetaInfo

修訂b2ca3cbfefb9f644d74e81b6dbb28c759def7249 (tree)
時間2017-11-04 21:00:12
作者s_kawamoto <s_kawamoto@user...>
Commiters_kawamoto

Log Message

Update OpenSSL to 1.1.0g.

Change Summary

差異

Binary files a/FFFTP_Eng_Release/FFFTP.exe and b/FFFTP_Eng_Release/FFFTP.exe differ
Binary files a/FFFTP_Eng_Release_64/FFFTP.exe and b/FFFTP_Eng_Release_64/FFFTP.exe differ
--- a/Package/make_update.bat
+++ b/Package/make_update.bat
@@ -11,8 +11,8 @@ set PREFIX_JPN=update.jpn.file.
1111 set PREFIX_ENG=update.eng.file.
1212 set PREFIX_AMD64_JPN=update.amd64.jpn.file.
1313 set PREFIX_AMD64_ENG=update.amd64.eng.file.
14-set DESC_JPN="“¯ŽžÚ‘±”‚ª1‚æ‚è‘å‚«‚¢ƒzƒXƒg‚©‚çØ’f‚µ‚½’¼Œã‚ɕʂ̃zƒXƒg‚Å“]‘—‚ÉŽ¸”s‚·‚éƒoƒO‚ðC³‚µ‚Ü‚µ‚½B"
15-set DESC_ENG="Fixed bugs that transfer fails at a host right after disconnection from another host whose number of simultaneous connections is more than 1."
14+set DESC_JPN="OpenSSL‚ðXV‚µ‚Ü‚µ‚½B"
15+set DESC_ENG="Updated OpenSSL."
1616 set DESC_AMD64_JPN=%DESC_JPN%
1717 set DESC_AMD64_ENG=%DESC_ENG%
1818
Binary files a/Release/FFFTP.exe and b/Release/FFFTP.exe differ
Binary files a/Release_64/FFFTP.exe and b/Release_64/FFFTP.exe differ
--- a/Resource/FFFTP.rc
+++ b/Resource/FFFTP.rc
@@ -242,7 +242,7 @@ FONT 9, "MS Shell Dlg", 0, 0, 0x0
242242 BEGIN
243243 DEFPUSHBUTTON "OK",IDOK,133,294,50,14
244244 ICON ffftp,-1,7,4,20,20
245- CTEXT "FFFTP Ver 1.99a-20171029",-1,113,11,90,8
245+ CTEXT "FFFTP Ver 1.99a-20171104",-1,113,11,90,8
246246 CTEXT "FFFTP‚Ífreeware‚Å‚·",-1,7,279,305,8
247247 CTEXT "Copyright(C) 1997-2010 Sota & ‚²‹¦—Í‚¢‚½‚¾‚¢‚½•ûX\nCopyright (C) 2011-2017 FFFTP Project (Hiromichi Matsushima, Suguru Kawamoto, IWAMOTO Kouichi, vitamin0x, ‚¤‚ȁ[, Asami, fortran90, tomo1192, Yuji Tanaka, Moriguchi Hirokazu, ‚Ó‚¤‚¹‚ñ)",-1,7,25,305,44,SS_NOPREFIX
248248 CTEXT "",ABOUT_JRE,7,96,305,8
@@ -2213,8 +2213,8 @@ nodrop_csr CURSOR "nodrop_c.cur"
22132213 //
22142214
22152215 VS_VERSION_INFO VERSIONINFO
2216- FILEVERSION 1,99,1,18
2217- PRODUCTVERSION 1,99,1,18
2216+ FILEVERSION 1,99,1,19
2217+ PRODUCTVERSION 1,99,1,19
22182218 FILEFLAGSMASK 0x3fL
22192219 #ifdef _DEBUG
22202220 FILEFLAGS 0x1L
@@ -2232,12 +2232,12 @@ BEGIN
22322232 VALUE "Comments", "‚±‚ê‚̓tƒŠ[ƒ\ƒtƒgƒEƒGƒA‚Å‚·B"
22332233 VALUE "CompanyName", "Sota, FFFTP Project"
22342234 VALUE "FileDescription", "FFFTP"
2235- VALUE "FileVersion", "1, 99, 1, 18"
2235+ VALUE "FileVersion", "1, 99, 1, 19"
22362236 VALUE "InternalName", "FFFTP"
22372237 VALUE "LegalCopyright", "Copyright (C) 1997-2010 Sota & ‚²‹¦—Í‚¢‚½‚¾‚¢‚½•ûX\nCopyright (C) 2011-2017 FFFTP Project (Hiromichi Matsushima, Suguru Kawamoto, IWAMOTO Kouichi, vitamin0x, ‚¤‚ȁ[, Asami, fortran90, tomo1192, Yuji Tanaka, Moriguchi Hirokazu, ‚Ó‚¤‚¹‚ñ)."
22382238 VALUE "OriginalFilename", "FFFTP.exe"
22392239 VALUE "ProductName", "FFFTP"
2240- VALUE "ProductVersion", "1, 99, 1, 18"
2240+ VALUE "ProductVersion", "1, 99, 1, 19"
22412241 END
22422242 END
22432243 BLOCK "VarFileInfo"
--- a/Resource_eng/ffftp.rc
+++ b/Resource_eng/ffftp.rc
@@ -242,7 +242,7 @@ FONT 9, "MS Shell Dlg", 0, 0, 0x0
242242 BEGIN
243243 DEFPUSHBUTTON "OK",IDOK,132,296,50,14
244244 ICON ffftp,-1,7,4,20,20
245- CTEXT "FFFTP Ver 1.99a-20171029",-1,110,11,90,8
245+ CTEXT "FFFTP Ver 1.99a-20171104",-1,110,11,90,8
246246 CTEXT "FFFTP is freeware",-1,7,281,301,8
247247 CTEXT "Copyright(C) 1997-2010 Sota && cooperators\nCopyright (C) 2011-2017 FFFTP Project (Hiromichi Matsushima, Suguru Kawamoto, IWAMOTO Kouichi, vitamin0x, unarist, Asami, fortran90, tomo1192, Yuji Tanaka, Moriguchi Hirokazu, Fu-sen)",-1,7,25,301,44
248248 CTEXT "",ABOUT_JRE,7,93,301,8
@@ -2253,8 +2253,8 @@ nodrop_csr CURSOR "nodrop_c.cur"
22532253 //
22542254
22552255 VS_VERSION_INFO VERSIONINFO
2256- FILEVERSION 1,99,1,18
2257- PRODUCTVERSION 1,99,1,18
2256+ FILEVERSION 1,99,1,19
2257+ PRODUCTVERSION 1,99,1,19
22582258 FILEFLAGSMASK 0x3fL
22592259 #ifdef _DEBUG
22602260 FILEFLAGS 0x1L
@@ -2272,12 +2272,12 @@ BEGIN
22722272 VALUE "Comments", "This software is Free Software"
22732273 VALUE "CompanyName", "Sota, FFFTP Project"
22742274 VALUE "FileDescription", "FFFTP"
2275- VALUE "FileVersion", "1, 99, 1, 18"
2275+ VALUE "FileVersion", "1, 99, 1, 19"
22762276 VALUE "InternalName", "FFFTP"
22772277 VALUE "LegalCopyright", "Copyright (C) 1997-2010 Sota & cooperators\nCopyright (C) 2011-2017 FFFTP Project (Hiromichi Matsushima, Suguru Kawamoto, IWAMOTO Kouichi, vitamin0x, unarist, Asami, fortran90, tomo1192, Yuji Tanaka, Moriguchi Hirokazu, Fu-sen)."
22782278 VALUE "OriginalFilename", "FFFTP.exe"
22792279 VALUE "ProductName", "FFFTP"
2280- VALUE "ProductVersion", "1, 99, 1, 18"
2280+ VALUE "ProductVersion", "1, 99, 1, 19"
22812281 END
22822282 END
22832283 BLOCK "VarFileInfo"
--- a/common.h
+++ b/common.h
@@ -72,16 +72,16 @@
7272 //#define PROGRAM_VERSION_NUM 1972 /* バージョン */
7373 // 64ビット対応
7474 #ifdef _WIN64
75-#define VER_STR "1.99a-20171029 64bit"
75+#define VER_STR "1.99a-20171104 64bit"
7676 #else
77-#define VER_STR "1.99a-20171029"
77+#define VER_STR "1.99a-20171104"
7878 #endif
7979 #define VER_NUM 1990 /* 設定バージョン */
8080 #define PROGRAM_VERSION_NUM 1990 /* バージョン */
8181 // ソフトウェア自動更新
8282 // リリースバージョンはリリース予定年(10進数4桁)+月(2桁)+日(2桁)+通し番号(0スタート2桁)とする
8383 // 2014年7月31日中の30個目のリリースは2014073129
84-#define RELEASE_VERSION_NUM 2017102900 /* リリースバージョン */
84+#define RELEASE_VERSION_NUM 2017110400 /* リリースバージョン */
8585
8686
8787 // SourceForge.JPによるフォーク
--- a/contrib/openssl/CHANGES
+++ b/contrib/openssl/CHANGES
@@ -2,6 +2,51 @@
22 OpenSSL CHANGES
33 _______________
44
5+ This is a high-level summary of the most important changes.
6+ For a full list of changes, see the git commit log; for example,
7+ https://github.com/openssl/openssl/commits/ and pick the appropriate
8+ release branch.
9+
10+ Changes between 1.1.0f and 1.1.0g [2 Nov 2017]
11+
12+ *) bn_sqrx8x_internal carry bug on x86_64
13+
14+ There is a carry propagating bug in the x86_64 Montgomery squaring
15+ procedure. No EC algorithms are affected. Analysis suggests that attacks
16+ against RSA and DSA as a result of this defect would be very difficult to
17+ perform and are not believed likely. Attacks against DH are considered just
18+ feasible (although very difficult) because most of the work necessary to
19+ deduce information about a private key may be performed offline. The amount
20+ of resources required for such an attack would be very significant and
21+ likely only accessible to a limited number of attackers. An attacker would
22+ additionally need online access to an unpatched system using the target
23+ private key in a scenario with persistent DH parameters and a private
24+ key that is shared between multiple clients.
25+
26+ This only affects processors that support the BMI1, BMI2 and ADX extensions
27+ like Intel Broadwell (5th generation) and later or AMD Ryzen.
28+
29+ This issue was reported to OpenSSL by the OSS-Fuzz project.
30+ (CVE-2017-3736)
31+ [Andy Polyakov]
32+
33+ *) Malformed X.509 IPAddressFamily could cause OOB read
34+
35+ If an X.509 certificate has a malformed IPAddressFamily extension,
36+ OpenSSL could do a one-byte buffer overread. The most likely result
37+ would be an erroneous display of the certificate in text format.
38+
39+ This issue was reported to OpenSSL by the OSS-Fuzz project.
40+ (CVE-2017-3735)
41+ [Rich Salz]
42+
43+ *) Ignore the '-named_curve auto' value for compatibility of applications
44+ with OpenSSL 1.0.2.
45+ [Tomas Mraz <tmraz@fedoraproject.org>]
46+
47+ *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd.
48+ [Emilia Käsper]
49+
550 Changes between 1.1.0e and 1.1.0f [25 May 2017]
651
752 *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target
--- a/contrib/openssl/NEWS
+++ b/contrib/openssl/NEWS
@@ -5,6 +5,11 @@
55 This file gives a brief overview of the major changes between each OpenSSL
66 release. For more details please read the CHANGES file.
77
8+ Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017]
9+
10+ o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
11+ o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
12+
813 Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017]
914
1015 o config now recognises 64-bit mingw and chooses mingw64 instead of mingw
--- a/contrib/openssl/README
+++ b/contrib/openssl/README
@@ -1,5 +1,5 @@
11
2- OpenSSL 1.1.0f 25 May 2017
2+ OpenSSL 1.1.0g 2 Nov 2017
33
44 Copyright (c) 1998-2016 The OpenSSL Project
55 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
--- a/contrib/openssl/include/openssl/bio.h
+++ b/contrib/openssl/include/openssl/bio.h
@@ -125,11 +125,10 @@ extern "C" {
125125
126126 # define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49
127127
128-# define BIO_CTRL_DGRAM_SET_PEEK_MODE 50
129-
128+/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */
129+# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50
130130 # ifndef OPENSSL_NO_SCTP
131131 /* SCTP stuff */
132-# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50
133132 # define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51
134133 # define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52
135134 # define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53
@@ -142,6 +141,8 @@ extern "C" {
142141 # define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70
143142 # endif
144143
144+# define BIO_CTRL_DGRAM_SET_PEEK_MODE 71
145+
145146 /* modifiers */
146147 # define BIO_FP_READ 0x02
147148 # define BIO_FP_WRITE 0x04
--- a/contrib/openssl/include/openssl/bn.h
+++ b/contrib/openssl/include/openssl/bn.h
@@ -196,7 +196,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
196196 */
197197 void BN_set_negative(BIGNUM *b, int n);
198198 /** BN_is_negative returns 1 if the BIGNUM is negative
199- * \param a pointer to the BIGNUM object
199+ * \param b pointer to the BIGNUM object
200200 * \return 1 if a < 0 and 0 otherwise
201201 */
202202 int BN_is_negative(const BIGNUM *b);
--- a/contrib/openssl/include/openssl/buffer.h
+++ b/contrib/openssl/include/openssl/buffer.h
@@ -21,10 +21,7 @@ extern "C" {
2121 #endif
2222
2323 # include <stddef.h>
24-
25-# if !defined(NO_SYS_TYPES_H)
26-# include <sys/types.h>
27-# endif
24+# include <sys/types.h>
2825
2926 /*
3027 * These names are outdated as of OpenSSL 1.1; a future release
--- a/contrib/openssl/include/openssl/crypto.h
+++ b/contrib/openssl/include/openssl/crypto.h
@@ -146,6 +146,8 @@ int CRYPTO_mem_ctrl(int mode);
146146 CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE)
147147 # define OPENSSL_secure_free(addr) \
148148 CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE)
149+# define OPENSSL_secure_clear_free(addr, num) \
150+ CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE)
149151 # define OPENSSL_secure_actual_size(ptr) \
150152 CRYPTO_secure_actual_size(ptr)
151153
@@ -285,6 +287,8 @@ int CRYPTO_secure_malloc_done(void);
285287 void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
286288 void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
287289 void CRYPTO_secure_free(void *ptr, const char *file, int line);
290+void CRYPTO_secure_clear_free(void *ptr, size_t num,
291+ const char *file, int line);
288292 int CRYPTO_secure_allocated(const void *ptr);
289293 int CRYPTO_secure_malloc_initialized(void);
290294 size_t CRYPTO_secure_actual_size(void *ptr);
--- a/contrib/openssl/include/openssl/ec.h
+++ b/contrib/openssl/include/openssl/ec.h
@@ -1223,7 +1223,7 @@ void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
12231223 const ECDSA_SIG *sig,
12241224 EC_KEY *eckey));
12251225
1226-void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth,
1226+void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth,
12271227 int (**pinit)(EC_KEY *key),
12281228 void (**pfinish)(EC_KEY *key),
12291229 int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
@@ -1234,16 +1234,16 @@ void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth,
12341234 int (**pset_public)(EC_KEY *key,
12351235 const EC_POINT *pub_key));
12361236
1237-void EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth,
1237+void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
12381238 int (**pkeygen)(EC_KEY *key));
12391239
1240-void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth,
1240+void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth,
12411241 int (**pck)(unsigned char **psec,
12421242 size_t *pseclen,
12431243 const EC_POINT *pub_key,
12441244 const EC_KEY *ecdh));
12451245
1246-void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,
1246+void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth,
12471247 int (**psign)(int type, const unsigned char *dgst,
12481248 int dlen, unsigned char *sig,
12491249 unsigned int *siglen,
@@ -1257,7 +1257,7 @@ void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,
12571257 const BIGNUM *in_r,
12581258 EC_KEY *eckey));
12591259
1260-void EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth,
1260+void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
12611261 int (**pverify)(int type, const unsigned
12621262 char *dgst, int dgst_len,
12631263 const unsigned char *sigbuf,
--- a/contrib/openssl/include/openssl/evp.h
+++ b/contrib/openssl/include/openssl/evp.h
@@ -900,6 +900,9 @@ int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
900900 int EVP_PKEY_size(EVP_PKEY *pkey);
901901 int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
902902 int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
903+# ifndef OPENSSL_NO_ENGINE
904+int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e);
905+# endif
903906 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
904907 void *EVP_PKEY_get0(const EVP_PKEY *pkey);
905908 const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
@@ -1482,6 +1485,7 @@ int ERR_load_EVP_strings(void);
14821485 # define EVP_F_EVP_PBE_SCRYPT 181
14831486 # define EVP_F_EVP_PKCS82PKEY 111
14841487 # define EVP_F_EVP_PKEY2PKCS8 113
1488+# define EVP_F_EVP_PKEY_ASN1_ADD0 168
14851489 # define EVP_F_EVP_PKEY_COPY_PARAMETERS 103
14861490 # define EVP_F_EVP_PKEY_CTX_CTRL 137
14871491 # define EVP_F_EVP_PKEY_CTX_CTRL_STR 150
@@ -1505,6 +1509,7 @@ int ERR_load_EVP_strings(void);
15051509 # define EVP_F_EVP_PKEY_NEW 106
15061510 # define EVP_F_EVP_PKEY_PARAMGEN 148
15071511 # define EVP_F_EVP_PKEY_PARAMGEN_INIT 149
1512+# define EVP_F_EVP_PKEY_SET1_ENGINE 187
15081513 # define EVP_F_EVP_PKEY_SIGN 140
15091514 # define EVP_F_EVP_PKEY_SIGN_INIT 141
15101515 # define EVP_F_EVP_PKEY_VERIFY 142
@@ -1565,6 +1570,7 @@ int ERR_load_EVP_strings(void);
15651570 # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
15661571 # define EVP_R_OPERATON_NOT_INITIALIZED 151
15671572 # define EVP_R_PARTIALLY_OVERLAPPING 162
1573+# define EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED 164
15681574 # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
15691575 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
15701576 # define EVP_R_PUBLIC_KEY_NOT_RSA 106
--- a/contrib/openssl/include/openssl/opensslv.h
+++ b/contrib/openssl/include/openssl/opensslv.h
@@ -39,11 +39,11 @@ extern "C" {
3939 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
4040 * major minor fix final patch/beta)
4141 */
42-# define OPENSSL_VERSION_NUMBER 0x1010006fL
42+# define OPENSSL_VERSION_NUMBER 0x1010007fL
4343 # ifdef OPENSSL_FIPS
44-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0f-fips 25 May 2017"
44+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0g-fips 2 Nov 2017"
4545 # else
46-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0f 25 May 2017"
46+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0g 2 Nov 2017"
4747 # endif
4848
4949 /*-
--- a/contrib/openssl/include/openssl/seed.h
+++ b/contrib/openssl/include/openssl/seed.h
@@ -52,9 +52,7 @@ extern "C" {
5252 # endif
5353 # endif
5454
55-# if !defined(NO_SYS_TYPES_H)
56-# include <sys/types.h>
57-# endif
55+# include <sys/types.h>
5856
5957 # define SEED_BLOCK_SIZE 16
6058 # define SEED_KEY_LENGTH 16
--- a/contrib/openssl/include/openssl/srtp.h
+++ b/contrib/openssl/include/openssl/srtp.h
@@ -36,7 +36,7 @@ extern "C" {
3636 # ifndef OPENSSL_NO_SRTP
3737
3838 __owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
39-__owur int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
39+__owur int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles);
4040
4141 __owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
4242 __owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
--- a/contrib/openssl/include/openssl/ssl.h
+++ b/contrib/openssl/include/openssl/ssl.h
@@ -297,6 +297,8 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
297297 # define SSL_OP_NO_COMPRESSION 0x00020000U
298298 /* Permit unsafe legacy renegotiation */
299299 # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U
300+/* Disable encrypt-then-mac */
301+# define SSL_OP_NO_ENCRYPT_THEN_MAC 0x00080000U
300302 /*
301303 * Set on servers to choose the cipher according to the server's preferences
302304 */
@@ -1158,6 +1160,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
11581160 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127
11591161 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128
11601162 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129
1163+# define SSL_CTRL_GET_MIN_PROTO_VERSION 130
1164+# define SSL_CTRL_GET_MAX_PROTO_VERSION 131
11611165 # define SSL_CERT_SET_FIRST 1
11621166 # define SSL_CERT_SET_NEXT 2
11631167 # define SSL_CERT_SET_SERVER 3
@@ -1289,10 +1293,18 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
12891293 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
12901294 #define SSL_CTX_set_max_proto_version(ctx, version) \
12911295 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
1296+#define SSL_CTX_get_min_proto_version(ctx) \
1297+ SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, NULL, NULL)
1298+#define SSL_CTX_get_max_proto_version(ctx) \
1299+ SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, NULL, NULL)
12921300 #define SSL_set_min_proto_version(s, version) \
12931301 SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
12941302 #define SSL_set_max_proto_version(s, version) \
12951303 SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
1304+#define SSL_get_min_proto_version(s) \
1305+ SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, NULL, NULL)
1306+#define SSL_get_max_proto_version(s) \
1307+ SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, NULL, NULL)
12961308
12971309 #if OPENSSL_API_COMPAT < 0x10100000L
12981310 /* Provide some compatibility macros for removed functionality. */
@@ -1444,7 +1456,7 @@ int SSL_SESSION_up_ref(SSL_SESSION *ses);
14441456 void SSL_SESSION_free(SSL_SESSION *ses);
14451457 __owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
14461458 __owur int SSL_set_session(SSL *to, SSL_SESSION *session);
1447-__owur int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
1459+int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
14481460 int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
14491461 __owur int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
14501462 __owur int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
--- a/contrib/openssl/include/openssl/tls1.h
+++ b/contrib/openssl/include/openssl/tls1.h
@@ -226,12 +226,12 @@ __owur int SSL_get_servername_type(const SSL *s);
226226 * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
227227 * optional context. (Since a zero length context is allowed, the |use_context|
228228 * flag controls whether a context is included.) It returns 1 on success and
229- * zero otherwise.
229+ * 0 or -1 otherwise.
230230 */
231231 __owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
232- const char *label, size_t llen,
233- const unsigned char *p, size_t plen,
234- int use_context);
232+ const char *label, size_t llen,
233+ const unsigned char *context,
234+ size_t contextlen, int use_context);
235235
236236 int SSL_get_sigalgs(SSL *s, int idx,
237237 int *psign, int *phash, int *psignandhash,
@@ -298,9 +298,9 @@ SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb)
298298 SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
299299
300300 # define SSL_CTX_get_tlsext_status_arg(ssl, arg) \
301-SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg
301+ SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
302302 # define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
303-SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
303+ SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
304304
305305 #define SSL_CTX_set_tlsext_status_type(ssl, type) \
306306 SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, type, NULL)
Binary files a/dist/amd64/libeay32.dll and b/dist/amd64/libeay32.dll differ
Binary files a/dist/amd64/ssleay32.dll and b/dist/amd64/ssleay32.dll differ
Binary files a/dist/libeay32.dll and b/dist/libeay32.dll differ
Binary files a/dist/ssleay32.dll and b/dist/ssleay32.dll differ
--- a/filehash.h
+++ b/filehash.h
@@ -5,13 +5,13 @@
55 #define FILEHASH_SSL_PEM_SHA1 "\xB5\x0E\xE9\xDC\x25\x9D\xAC\x83\x09\xB3\x42\xA3\xB9\x7C\xF2\x1A\xAD\xA8\x27\xA6"
66 #if defined(_M_IX86)
77 // libeay32.dll
8-#define FILEHASH_LIBEAY32_DLL_SHA1 "\x8A\xA1\x22\x87\x9D\x06\xCE\x61\x2A\x0D\x12\xCE\xCD\x05\x6F\x44\x04\xEB\x08\x8F"
8+#define FILEHASH_LIBEAY32_DLL_SHA1 "\xE4\xA5\x2E\xB0\x80\xB5\x07\x4B\x40\xB0\x15\x71\xC5\xAA\x6F\xF8\xF3\xC4\x97\xFC"
99 // ssleay32.dll
10-#define FILEHASH_SSLEAY32_DLL_SHA1 "\x83\x84\x23\x50\xDB\x61\xA3\xBC\xCA\xA0\xF0\xA7\xE4\x33\x87\xBB\x47\xCC\xE0\x05"
10+#define FILEHASH_SSLEAY32_DLL_SHA1 "\x93\x4D\xF4\xDA\x2C\x4A\x65\x53\x56\xA7\xB3\xD3\x2F\x9C\x86\xBA\xB4\xF8\xDD\x48"
1111 #elif defined(_M_AMD64)
1212 // libeay32.dll
13-#define FILEHASH_LIBEAY32_DLL_SHA1 "\xDA\x6A\xF5\x14\x91\xE1\x6C\x23\xB8\xB9\xA9\x2D\x55\x84\xF5\x9E\xE3\x1B\xE9\x78"
13+#define FILEHASH_LIBEAY32_DLL_SHA1 "\x70\xA9\xCC\x67\x1B\xE5\x18\xF4\x29\x20\xD6\x3F\xBD\xAA\x57\xA6\x12\x43\xE5\xFB"
1414 // ssleay32.dll
15-#define FILEHASH_SSLEAY32_DLL_SHA1 "\x8C\x6E\x78\x40\x04\x46\x10\x9B\x02\x95\xE1\xAC\xA2\x02\x47\x37\xF9\xDE\x32\x6A"
15+#define FILEHASH_SSLEAY32_DLL_SHA1 "\xF8\xF1\xF0\x1E\x7E\x20\xC6\xBF\x01\x84\xF6\x86\x90\x72\x5F\x8C\xF4\xF3\x2F\x57"
1616 #endif
1717