summaryrefslogtreecommitdiff
path: root/app/openssl/include
diff options
context:
space:
mode:
Diffstat (limited to 'app/openssl/include')
-rw-r--r--app/openssl/include/openssl/dtls1.h3
-rw-r--r--app/openssl/include/openssl/ebcdic.h7
-rw-r--r--app/openssl/include/openssl/ec.h2
-rw-r--r--app/openssl/include/openssl/modes.h6
-rw-r--r--app/openssl/include/openssl/opensslconf-32.h12
-rw-r--r--app/openssl/include/openssl/opensslconf-64.h12
-rw-r--r--app/openssl/include/openssl/opensslconf-static-32.h12
-rw-r--r--app/openssl/include/openssl/opensslconf-static-64.h12
-rw-r--r--app/openssl/include/openssl/opensslconf-static-trusty.h12
-rw-r--r--app/openssl/include/openssl/opensslconf-trusty.h12
-rw-r--r--app/openssl/include/openssl/opensslv.h13
-rw-r--r--app/openssl/include/openssl/ossl_typ.h7
-rw-r--r--app/openssl/include/openssl/pkcs7.h4
-rw-r--r--app/openssl/include/openssl/pqueue.h6
-rw-r--r--app/openssl/include/openssl/rsa.h1
-rw-r--r--app/openssl/include/openssl/safestack.h8
-rw-r--r--app/openssl/include/openssl/srtp.h4
-rw-r--r--app/openssl/include/openssl/ssl.h17
-rw-r--r--app/openssl/include/openssl/ssl3.h7
-rw-r--r--app/openssl/include/openssl/tls1.h15
20 files changed, 155 insertions, 17 deletions
diff --git a/app/openssl/include/openssl/dtls1.h b/app/openssl/include/openssl/dtls1.h
index e65d5011..192c5def 100644
--- a/app/openssl/include/openssl/dtls1.h
+++ b/app/openssl/include/openssl/dtls1.h
@@ -84,6 +84,8 @@ extern "C" {
#endif
#define DTLS1_VERSION 0xFEFF
+#define DTLS_MAX_VERSION DTLS1_VERSION
+
#define DTLS1_BAD_VER 0x0100
#if 0
@@ -284,4 +286,3 @@ typedef struct dtls1_record_data_st
}
#endif
#endif
-
diff --git a/app/openssl/include/openssl/ebcdic.h b/app/openssl/include/openssl/ebcdic.h
index 6d65afcf..85f3cf7f 100644
--- a/app/openssl/include/openssl/ebcdic.h
+++ b/app/openssl/include/openssl/ebcdic.h
@@ -5,6 +5,10 @@
#include <sys/types.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* Avoid name clashes with other applications */
#define os_toascii _openssl_os_toascii
#define os_toebcdic _openssl_os_toebcdic
@@ -16,4 +20,7 @@ extern const unsigned char os_toebcdic[256];
void *ebcdic2ascii(void *dest, const void *srce, size_t count);
void *ascii2ebcdic(void *dest, const void *srce, size_t count);
+#ifdef __cplusplus
+}
+#endif
#endif
diff --git a/app/openssl/include/openssl/ec.h b/app/openssl/include/openssl/ec.h
index d008a0da..b6e745b8 100644
--- a/app/openssl/include/openssl/ec.h
+++ b/app/openssl/include/openssl/ec.h
@@ -629,7 +629,7 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN
int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
-/** Computes r = generator * n sum_{i=0}^num p[i] * m[i]
+/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i]
* \param group underlying EC_GROUP object
* \param r EC_POINT object for the result
* \param n BIGNUM with the multiplier for the group generator (optional)
diff --git a/app/openssl/include/openssl/modes.h b/app/openssl/include/openssl/modes.h
index f18215bb..7773c254 100644
--- a/app/openssl/include/openssl/modes.h
+++ b/app/openssl/include/openssl/modes.h
@@ -7,6 +7,9 @@
#include <stddef.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
typedef void (*block128_f)(const unsigned char in[16],
unsigned char out[16],
const void *key);
@@ -133,3 +136,6 @@ typedef struct xts128_context XTS128_CONTEXT;
int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16],
const unsigned char *inp, unsigned char *out, size_t len, int enc);
+#ifdef __cplusplus
+}
+#endif
diff --git a/app/openssl/include/openssl/opensslconf-32.h b/app/openssl/include/openssl/opensslconf-32.h
index caf6f1b8..b5b3dd2b 100644
--- a/app/openssl/include/openssl/opensslconf-32.h
+++ b/app/openssl/include/openssl/opensslconf-32.h
@@ -1,6 +1,9 @@
/* opensslconf.h */
/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+#ifdef __cplusplus
+extern "C" {
+#endif
/* OpenSSL was configured with the following options: */
#ifndef OPENSSL_DOING_MAKEDEPEND
@@ -74,6 +77,9 @@
#ifndef OPENSSL_NO_STORE
# define OPENSSL_NO_STORE
#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
#ifndef OPENSSL_NO_WHIRLPOOL
# define OPENSSL_NO_WHIRLPOOL
#endif
@@ -161,6 +167,9 @@
# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
# define NO_STORE
# endif
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+# define NO_UNIT_TEST
+# endif
# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
# define NO_WHIRLPOOL
# endif
@@ -320,3 +329,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
#endif /* DES_DEFAULT_OPTIONS */
#endif /* HEADER_DES_LOCL_H */
+#ifdef __cplusplus
+}
+#endif
diff --git a/app/openssl/include/openssl/opensslconf-64.h b/app/openssl/include/openssl/opensslconf-64.h
index 88fb0419..30e7ad86 100644
--- a/app/openssl/include/openssl/opensslconf-64.h
+++ b/app/openssl/include/openssl/opensslconf-64.h
@@ -1,6 +1,9 @@
/* opensslconf.h */
/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+#ifdef __cplusplus
+extern "C" {
+#endif
/* OpenSSL was configured with the following options: */
#ifndef OPENSSL_DOING_MAKEDEPEND
@@ -74,6 +77,9 @@
#ifndef OPENSSL_NO_STORE
# define OPENSSL_NO_STORE
#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
#ifndef OPENSSL_NO_WHIRLPOOL
# define OPENSSL_NO_WHIRLPOOL
#endif
@@ -161,6 +167,9 @@
# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
# define NO_STORE
# endif
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+# define NO_UNIT_TEST
+# endif
# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
# define NO_WHIRLPOOL
# endif
@@ -320,3 +329,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
#endif /* DES_DEFAULT_OPTIONS */
#endif /* HEADER_DES_LOCL_H */
+#ifdef __cplusplus
+}
+#endif
diff --git a/app/openssl/include/openssl/opensslconf-static-32.h b/app/openssl/include/openssl/opensslconf-static-32.h
index caf6f1b8..b5b3dd2b 100644
--- a/app/openssl/include/openssl/opensslconf-static-32.h
+++ b/app/openssl/include/openssl/opensslconf-static-32.h
@@ -1,6 +1,9 @@
/* opensslconf.h */
/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+#ifdef __cplusplus
+extern "C" {
+#endif
/* OpenSSL was configured with the following options: */
#ifndef OPENSSL_DOING_MAKEDEPEND
@@ -74,6 +77,9 @@
#ifndef OPENSSL_NO_STORE
# define OPENSSL_NO_STORE
#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
#ifndef OPENSSL_NO_WHIRLPOOL
# define OPENSSL_NO_WHIRLPOOL
#endif
@@ -161,6 +167,9 @@
# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
# define NO_STORE
# endif
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+# define NO_UNIT_TEST
+# endif
# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
# define NO_WHIRLPOOL
# endif
@@ -320,3 +329,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
#endif /* DES_DEFAULT_OPTIONS */
#endif /* HEADER_DES_LOCL_H */
+#ifdef __cplusplus
+}
+#endif
diff --git a/app/openssl/include/openssl/opensslconf-static-64.h b/app/openssl/include/openssl/opensslconf-static-64.h
index 88fb0419..30e7ad86 100644
--- a/app/openssl/include/openssl/opensslconf-static-64.h
+++ b/app/openssl/include/openssl/opensslconf-static-64.h
@@ -1,6 +1,9 @@
/* opensslconf.h */
/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+#ifdef __cplusplus
+extern "C" {
+#endif
/* OpenSSL was configured with the following options: */
#ifndef OPENSSL_DOING_MAKEDEPEND
@@ -74,6 +77,9 @@
#ifndef OPENSSL_NO_STORE
# define OPENSSL_NO_STORE
#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
#ifndef OPENSSL_NO_WHIRLPOOL
# define OPENSSL_NO_WHIRLPOOL
#endif
@@ -161,6 +167,9 @@
# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
# define NO_STORE
# endif
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+# define NO_UNIT_TEST
+# endif
# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
# define NO_WHIRLPOOL
# endif
@@ -320,3 +329,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
#endif /* DES_DEFAULT_OPTIONS */
#endif /* HEADER_DES_LOCL_H */
+#ifdef __cplusplus
+}
+#endif
diff --git a/app/openssl/include/openssl/opensslconf-static-trusty.h b/app/openssl/include/openssl/opensslconf-static-trusty.h
index 06f9f982..bff5910c 100644
--- a/app/openssl/include/openssl/opensslconf-static-trusty.h
+++ b/app/openssl/include/openssl/opensslconf-static-trusty.h
@@ -1,6 +1,9 @@
/* opensslconf.h */
/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+#ifdef __cplusplus
+extern "C" {
+#endif
/* OpenSSL was configured with the following options: */
#ifndef OPENSSL_DOING_MAKEDEPEND
@@ -137,6 +140,9 @@
#ifndef OPENSSL_NO_UI
# define OPENSSL_NO_UI
#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
#ifndef OPENSSL_NO_WHIRLPOOL
# define OPENSSL_NO_WHIRLPOOL
#endif
@@ -287,6 +293,9 @@
# if defined(OPENSSL_NO_UI) && !defined(NO_UI)
# define NO_UI
# endif
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+# define NO_UNIT_TEST
+# endif
# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
# define NO_WHIRLPOOL
# endif
@@ -446,3 +455,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
#endif /* DES_DEFAULT_OPTIONS */
#endif /* HEADER_DES_LOCL_H */
+#ifdef __cplusplus
+}
+#endif
diff --git a/app/openssl/include/openssl/opensslconf-trusty.h b/app/openssl/include/openssl/opensslconf-trusty.h
index 06f9f982..bff5910c 100644
--- a/app/openssl/include/openssl/opensslconf-trusty.h
+++ b/app/openssl/include/openssl/opensslconf-trusty.h
@@ -1,6 +1,9 @@
/* opensslconf.h */
/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+#ifdef __cplusplus
+extern "C" {
+#endif
/* OpenSSL was configured with the following options: */
#ifndef OPENSSL_DOING_MAKEDEPEND
@@ -137,6 +140,9 @@
#ifndef OPENSSL_NO_UI
# define OPENSSL_NO_UI
#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
#ifndef OPENSSL_NO_WHIRLPOOL
# define OPENSSL_NO_WHIRLPOOL
#endif
@@ -287,6 +293,9 @@
# if defined(OPENSSL_NO_UI) && !defined(NO_UI)
# define NO_UI
# endif
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+# define NO_UNIT_TEST
+# endif
# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
# define NO_WHIRLPOOL
# endif
@@ -446,3 +455,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
#endif /* DES_DEFAULT_OPTIONS */
#endif /* HEADER_DES_LOCL_H */
+#ifdef __cplusplus
+}
+#endif
diff --git a/app/openssl/include/openssl/opensslv.h b/app/openssl/include/openssl/opensslv.h
index c3b6acec..f375967e 100644
--- a/app/openssl/include/openssl/opensslv.h
+++ b/app/openssl/include/openssl/opensslv.h
@@ -1,6 +1,10 @@
#ifndef HEADER_OPENSSLV_H
#define HEADER_OPENSSLV_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* Numeric release version identifier:
* MNNFFPPS: major minor fix patch status
* The status nibble has one of the values 0 for development, 1 to e for betas
@@ -25,11 +29,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x1000108fL
+#define OPENSSL_VERSION_NUMBER 0x100010afL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1h-fips 5 Jun 2014"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j-fips 15 Oct 2014"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1h 5 Jun 2014"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j 15 Oct 2014"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
@@ -86,4 +90,7 @@
#define SHLIB_VERSION_NUMBER "1.0.0"
+#ifdef __cplusplus
+}
+#endif
#endif /* HEADER_OPENSSLV_H */
diff --git a/app/openssl/include/openssl/ossl_typ.h b/app/openssl/include/openssl/ossl_typ.h
index ea9227f6..12cdd43b 100644
--- a/app/openssl/include/openssl/ossl_typ.h
+++ b/app/openssl/include/openssl/ossl_typ.h
@@ -55,6 +55,10 @@
#ifndef HEADER_OPENSSL_TYPES_H
#define HEADER_OPENSSL_TYPES_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+
#include <openssl/e_os2.h>
#ifdef NO_ASN1_TYPEDEFS
@@ -199,4 +203,7 @@ typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
typedef struct ocsp_response_st OCSP_RESPONSE;
typedef struct ocsp_responder_id_st OCSP_RESPID;
+#ifdef __cplusplus
+}
+#endif
#endif /* def HEADER_OPENSSL_TYPES_H */
diff --git a/app/openssl/include/openssl/pkcs7.h b/app/openssl/include/openssl/pkcs7.h
index 04f60379..5d54c4ac 100644
--- a/app/openssl/include/openssl/pkcs7.h
+++ b/app/openssl/include/openssl/pkcs7.h
@@ -233,10 +233,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
(OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
#define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
-#define PKCS7_type_is_encrypted(a) \
- (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
-
-#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
#define PKCS7_set_detached(p,v) \
PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)
diff --git a/app/openssl/include/openssl/pqueue.h b/app/openssl/include/openssl/pqueue.h
index 87fc9037..26b53480 100644
--- a/app/openssl/include/openssl/pqueue.h
+++ b/app/openssl/include/openssl/pqueue.h
@@ -64,6 +64,9 @@
#include <stdlib.h>
#include <string.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
typedef struct _pqueue *pqueue;
typedef struct _pitem
@@ -91,4 +94,7 @@ pitem *pqueue_next(piterator *iter);
void pqueue_print(pqueue pq);
int pqueue_size(pqueue pq);
+#ifdef __cplusplus
+}
+#endif
#endif /* ! HEADER_PQUEUE_H */
diff --git a/app/openssl/include/openssl/rsa.h b/app/openssl/include/openssl/rsa.h
index 5f269e57..11853fee 100644
--- a/app/openssl/include/openssl/rsa.h
+++ b/app/openssl/include/openssl/rsa.h
@@ -559,6 +559,7 @@ void ERR_load_RSA_strings(void);
#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158
#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
#define RSA_R_PADDING_CHECK_FAILED 114
+#define RSA_R_PKCS_DECODING_ERROR 159
#define RSA_R_P_NOT_PRIME 128
#define RSA_R_Q_NOT_PRIME 129
#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
diff --git a/app/openssl/include/openssl/safestack.h b/app/openssl/include/openssl/safestack.h
index ea3aa0d8..bc194cb2 100644
--- a/app/openssl/include/openssl/safestack.h
+++ b/app/openssl/include/openssl/safestack.h
@@ -57,6 +57,10 @@
#include <openssl/stack.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
+
#ifndef CHECKED_PTR_OF
#define CHECKED_PTR_OF(type, p) \
((void*) (1 ? p : (type*)0))
@@ -2660,4 +2664,8 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
#define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh)
/* End of util/mkstack.pl block, you may now edit :-) */
+
+#ifdef __cplusplus
+}
+#endif
#endif /* !defined HEADER_SAFESTACK_H */
diff --git a/app/openssl/include/openssl/srtp.h b/app/openssl/include/openssl/srtp.h
index c0cf33ef..24f23309 100644
--- a/app/openssl/include/openssl/srtp.h
+++ b/app/openssl/include/openssl/srtp.h
@@ -130,6 +130,8 @@ extern "C" {
#define SRTP_NULL_SHA1_80 0x0005
#define SRTP_NULL_SHA1_32 0x0006
+#ifndef OPENSSL_NO_SRTP
+
int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
@@ -137,6 +139,8 @@ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
+#endif
+
#ifdef __cplusplus
}
#endif
diff --git a/app/openssl/include/openssl/ssl.h b/app/openssl/include/openssl/ssl.h
index 7566f2df..7a1fce89 100644
--- a/app/openssl/include/openssl/ssl.h
+++ b/app/openssl/include/openssl/ssl.h
@@ -264,6 +264,7 @@ extern "C" {
#define SSL_TXT_aGOST94 "aGOST94"
#define SSL_TXT_aGOST01 "aGOST01"
#define SSL_TXT_aGOST "aGOST"
+#define SSL_TXT_aSRP "aSRP"
#define SSL_TXT_DSS "DSS"
#define SSL_TXT_DH "DH"
@@ -664,11 +665,15 @@ struct ssl_session_st
*/
#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
+/* Send TLS_FALLBACK_SCSV in the ClientHello.
+ * To be set by applications that reconnect with a downgraded protocol
+ * version; see draft-ietf-tls-downgrade-scsv-00 for details. */
+#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L
/* When set, clients may send application data before receipt of CCS
* and Finished. This mode enables full-handshakes to 'complete' in
* one RTT. */
-#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000080L
+#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000200L
/* When set, TLS 1.0 and SSLv3, multi-byte, CBC records will be split in two:
* the first record will contain a single byte and the second will contain the
@@ -1615,6 +1620,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
+#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */
#define SSL_ERROR_NONE 0
#define SSL_ERROR_SSL 1
@@ -1729,6 +1735,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
+#define SSL_CTRL_CHECK_PROTO_VERSION 119
+
#define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
#define DTLSv1_handle_timeout(ssl) \
@@ -2191,6 +2199,10 @@ int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secre
void SSL_set_debug(SSL *s, int debug);
int SSL_cache_hit(SSL *s);
+#ifndef OPENSSL_NO_UNIT_TEST
+const struct openssl_ssl_test_functions *SSL_test_functions(void);
+#endif
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
@@ -2459,6 +2471,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_BAD_SRP_B_LENGTH 348
#define SSL_R_BAD_SRP_G_LENGTH 349
#define SSL_R_BAD_SRP_N_LENGTH 350
+#define SSL_R_BAD_SRP_PARAMETERS 371
#define SSL_R_BAD_SRP_S_LENGTH 351
#define SSL_R_BAD_SRTP_MKI_VALUE 352
#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353
@@ -2519,6 +2532,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_HTTPS_PROXY_REQUEST 155
#define SSL_R_HTTP_REQUEST 156
#define SSL_R_ILLEGAL_PADDING 283
+#define SSL_R_INAPPROPRIATE_FALLBACK 373
#define SSL_R_INCONSISTENT_COMPRESSION 340
#define SSL_R_INVALID_CHALLENGE_LENGTH 158
#define SSL_R_INVALID_COMMAND 280
@@ -2668,6 +2682,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
+#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086
#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
diff --git a/app/openssl/include/openssl/ssl3.h b/app/openssl/include/openssl/ssl3.h
index 83d59bff..cba94345 100644
--- a/app/openssl/include/openssl/ssl3.h
+++ b/app/openssl/include/openssl/ssl3.h
@@ -128,9 +128,14 @@
extern "C" {
#endif
-/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */
+/* Signalling cipher suite value from RFC 5746
+ * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */
#define SSL3_CK_SCSV 0x030000FF
+/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00
+ * (TLS_FALLBACK_SCSV) */
+#define SSL3_CK_FALLBACK_SCSV 0x03005600
+
#define SSL3_CK_RSA_NULL_MD5 0x03000001
#define SSL3_CK_RSA_NULL_SHA 0x03000002
#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
diff --git a/app/openssl/include/openssl/tls1.h b/app/openssl/include/openssl/tls1.h
index b9a0899e..dc36f79f 100644
--- a/app/openssl/include/openssl/tls1.h
+++ b/app/openssl/include/openssl/tls1.h
@@ -159,17 +159,19 @@ extern "C" {
#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
+#define TLS1_VERSION 0x0301
+#define TLS1_1_VERSION 0x0302
#define TLS1_2_VERSION 0x0303
-#define TLS1_2_VERSION_MAJOR 0x03
-#define TLS1_2_VERSION_MINOR 0x03
+#define TLS_MAX_VERSION TLS1_2_VERSION
+
+#define TLS1_VERSION_MAJOR 0x03
+#define TLS1_VERSION_MINOR 0x01
-#define TLS1_1_VERSION 0x0302
#define TLS1_1_VERSION_MAJOR 0x03
#define TLS1_1_VERSION_MINOR 0x02
-#define TLS1_VERSION 0x0301
-#define TLS1_VERSION_MAJOR 0x03
-#define TLS1_VERSION_MINOR 0x01
+#define TLS1_2_VERSION_MAJOR 0x03
+#define TLS1_2_VERSION_MINOR 0x03
#define TLS1_get_version(s) \
((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
@@ -187,6 +189,7 @@ extern "C" {
#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */
#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */
#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */
+#define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */
#define TLS1_AD_USER_CANCELLED 90
#define TLS1_AD_NO_RENEGOTIATION 100
/* codes 110-114 are from RFC3546 */