From 97aded26654ede8204a313dd6967b678a72a2a10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Fri, 12 Dec 2014 18:02:40 +0100 Subject: Updated ics-openvpn to last rev 14 Nov 2014. Material design! It still doesn't run properly on my tablet, openvpn keeps getting down and exiting. --- app/openssl/include/openssl/dtls1.h | 3 ++- app/openssl/include/openssl/ebcdic.h | 7 +++++++ app/openssl/include/openssl/ec.h | 2 +- app/openssl/include/openssl/modes.h | 6 ++++++ app/openssl/include/openssl/opensslconf-32.h | 12 ++++++++++++ app/openssl/include/openssl/opensslconf-64.h | 12 ++++++++++++ app/openssl/include/openssl/opensslconf-static-32.h | 12 ++++++++++++ app/openssl/include/openssl/opensslconf-static-64.h | 12 ++++++++++++ app/openssl/include/openssl/opensslconf-static-trusty.h | 12 ++++++++++++ app/openssl/include/openssl/opensslconf-trusty.h | 12 ++++++++++++ app/openssl/include/openssl/opensslv.h | 13 ++++++++++--- app/openssl/include/openssl/ossl_typ.h | 7 +++++++ app/openssl/include/openssl/pkcs7.h | 4 ---- app/openssl/include/openssl/pqueue.h | 6 ++++++ app/openssl/include/openssl/rsa.h | 1 + app/openssl/include/openssl/safestack.h | 8 ++++++++ app/openssl/include/openssl/srtp.h | 4 ++++ app/openssl/include/openssl/ssl.h | 17 ++++++++++++++++- app/openssl/include/openssl/ssl3.h | 7 ++++++- app/openssl/include/openssl/tls1.h | 15 +++++++++------ 20 files changed, 155 insertions(+), 17 deletions(-) (limited to 'app/openssl/include') diff --git a/app/openssl/include/openssl/dtls1.h b/app/openssl/include/openssl/dtls1.h index e65d5011..192c5def 100644 --- a/app/openssl/include/openssl/dtls1.h +++ b/app/openssl/include/openssl/dtls1.h @@ -84,6 +84,8 @@ extern "C" { #endif #define DTLS1_VERSION 0xFEFF +#define DTLS_MAX_VERSION DTLS1_VERSION + #define DTLS1_BAD_VER 0x0100 #if 0 @@ -284,4 +286,3 @@ typedef struct dtls1_record_data_st } #endif #endif - diff --git a/app/openssl/include/openssl/ebcdic.h b/app/openssl/include/openssl/ebcdic.h index 6d65afcf..85f3cf7f 100644 --- a/app/openssl/include/openssl/ebcdic.h +++ b/app/openssl/include/openssl/ebcdic.h @@ -5,6 +5,10 @@ #include +#ifdef __cplusplus +extern "C" { +#endif + /* Avoid name clashes with other applications */ #define os_toascii _openssl_os_toascii #define os_toebcdic _openssl_os_toebcdic @@ -16,4 +20,7 @@ extern const unsigned char os_toebcdic[256]; void *ebcdic2ascii(void *dest, const void *srce, size_t count); void *ascii2ebcdic(void *dest, const void *srce, size_t count); +#ifdef __cplusplus +} +#endif #endif diff --git a/app/openssl/include/openssl/ec.h b/app/openssl/include/openssl/ec.h index d008a0da..b6e745b8 100644 --- a/app/openssl/include/openssl/ec.h +++ b/app/openssl/include/openssl/ec.h @@ -629,7 +629,7 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx); -/** Computes r = generator * n sum_{i=0}^num p[i] * m[i] +/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i] * \param group underlying EC_GROUP object * \param r EC_POINT object for the result * \param n BIGNUM with the multiplier for the group generator (optional) diff --git a/app/openssl/include/openssl/modes.h b/app/openssl/include/openssl/modes.h index f18215bb..7773c254 100644 --- a/app/openssl/include/openssl/modes.h +++ b/app/openssl/include/openssl/modes.h @@ -7,6 +7,9 @@ #include +#ifdef __cplusplus +extern "C" { +#endif typedef void (*block128_f)(const unsigned char in[16], unsigned char out[16], const void *key); @@ -133,3 +136,6 @@ typedef struct xts128_context XTS128_CONTEXT; int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16], const unsigned char *inp, unsigned char *out, size_t len, int enc); +#ifdef __cplusplus +} +#endif diff --git a/app/openssl/include/openssl/opensslconf-32.h b/app/openssl/include/openssl/opensslconf-32.h index caf6f1b8..b5b3dd2b 100644 --- a/app/openssl/include/openssl/opensslconf-32.h +++ b/app/openssl/include/openssl/opensslconf-32.h @@ -1,6 +1,9 @@ /* opensslconf.h */ /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ +#ifdef __cplusplus +extern "C" { +#endif /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND @@ -74,6 +77,9 @@ #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif +#ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +#endif #ifndef OPENSSL_NO_WHIRLPOOL # define OPENSSL_NO_WHIRLPOOL #endif @@ -161,6 +167,9 @@ # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif +# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) +# define NO_UNIT_TEST +# endif # if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL) # define NO_WHIRLPOOL # endif @@ -320,3 +329,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* DES_DEFAULT_OPTIONS */ #endif /* HEADER_DES_LOCL_H */ +#ifdef __cplusplus +} +#endif diff --git a/app/openssl/include/openssl/opensslconf-64.h b/app/openssl/include/openssl/opensslconf-64.h index 88fb0419..30e7ad86 100644 --- a/app/openssl/include/openssl/opensslconf-64.h +++ b/app/openssl/include/openssl/opensslconf-64.h @@ -1,6 +1,9 @@ /* opensslconf.h */ /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ +#ifdef __cplusplus +extern "C" { +#endif /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND @@ -74,6 +77,9 @@ #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif +#ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +#endif #ifndef OPENSSL_NO_WHIRLPOOL # define OPENSSL_NO_WHIRLPOOL #endif @@ -161,6 +167,9 @@ # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif +# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) +# define NO_UNIT_TEST +# endif # if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL) # define NO_WHIRLPOOL # endif @@ -320,3 +329,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* DES_DEFAULT_OPTIONS */ #endif /* HEADER_DES_LOCL_H */ +#ifdef __cplusplus +} +#endif diff --git a/app/openssl/include/openssl/opensslconf-static-32.h b/app/openssl/include/openssl/opensslconf-static-32.h index caf6f1b8..b5b3dd2b 100644 --- a/app/openssl/include/openssl/opensslconf-static-32.h +++ b/app/openssl/include/openssl/opensslconf-static-32.h @@ -1,6 +1,9 @@ /* opensslconf.h */ /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ +#ifdef __cplusplus +extern "C" { +#endif /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND @@ -74,6 +77,9 @@ #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif +#ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +#endif #ifndef OPENSSL_NO_WHIRLPOOL # define OPENSSL_NO_WHIRLPOOL #endif @@ -161,6 +167,9 @@ # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif +# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) +# define NO_UNIT_TEST +# endif # if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL) # define NO_WHIRLPOOL # endif @@ -320,3 +329,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* DES_DEFAULT_OPTIONS */ #endif /* HEADER_DES_LOCL_H */ +#ifdef __cplusplus +} +#endif diff --git a/app/openssl/include/openssl/opensslconf-static-64.h b/app/openssl/include/openssl/opensslconf-static-64.h index 88fb0419..30e7ad86 100644 --- a/app/openssl/include/openssl/opensslconf-static-64.h +++ b/app/openssl/include/openssl/opensslconf-static-64.h @@ -1,6 +1,9 @@ /* opensslconf.h */ /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ +#ifdef __cplusplus +extern "C" { +#endif /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND @@ -74,6 +77,9 @@ #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif +#ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +#endif #ifndef OPENSSL_NO_WHIRLPOOL # define OPENSSL_NO_WHIRLPOOL #endif @@ -161,6 +167,9 @@ # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif +# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) +# define NO_UNIT_TEST +# endif # if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL) # define NO_WHIRLPOOL # endif @@ -320,3 +329,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* DES_DEFAULT_OPTIONS */ #endif /* HEADER_DES_LOCL_H */ +#ifdef __cplusplus +} +#endif diff --git a/app/openssl/include/openssl/opensslconf-static-trusty.h b/app/openssl/include/openssl/opensslconf-static-trusty.h index 06f9f982..bff5910c 100644 --- a/app/openssl/include/openssl/opensslconf-static-trusty.h +++ b/app/openssl/include/openssl/opensslconf-static-trusty.h @@ -1,6 +1,9 @@ /* opensslconf.h */ /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ +#ifdef __cplusplus +extern "C" { +#endif /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND @@ -137,6 +140,9 @@ #ifndef OPENSSL_NO_UI # define OPENSSL_NO_UI #endif +#ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +#endif #ifndef OPENSSL_NO_WHIRLPOOL # define OPENSSL_NO_WHIRLPOOL #endif @@ -287,6 +293,9 @@ # if defined(OPENSSL_NO_UI) && !defined(NO_UI) # define NO_UI # endif +# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) +# define NO_UNIT_TEST +# endif # if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL) # define NO_WHIRLPOOL # endif @@ -446,3 +455,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* DES_DEFAULT_OPTIONS */ #endif /* HEADER_DES_LOCL_H */ +#ifdef __cplusplus +} +#endif diff --git a/app/openssl/include/openssl/opensslconf-trusty.h b/app/openssl/include/openssl/opensslconf-trusty.h index 06f9f982..bff5910c 100644 --- a/app/openssl/include/openssl/opensslconf-trusty.h +++ b/app/openssl/include/openssl/opensslconf-trusty.h @@ -1,6 +1,9 @@ /* opensslconf.h */ /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ +#ifdef __cplusplus +extern "C" { +#endif /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND @@ -137,6 +140,9 @@ #ifndef OPENSSL_NO_UI # define OPENSSL_NO_UI #endif +#ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +#endif #ifndef OPENSSL_NO_WHIRLPOOL # define OPENSSL_NO_WHIRLPOOL #endif @@ -287,6 +293,9 @@ # if defined(OPENSSL_NO_UI) && !defined(NO_UI) # define NO_UI # endif +# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) +# define NO_UNIT_TEST +# endif # if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL) # define NO_WHIRLPOOL # endif @@ -446,3 +455,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* DES_DEFAULT_OPTIONS */ #endif /* HEADER_DES_LOCL_H */ +#ifdef __cplusplus +} +#endif diff --git a/app/openssl/include/openssl/opensslv.h b/app/openssl/include/openssl/opensslv.h index c3b6acec..f375967e 100644 --- a/app/openssl/include/openssl/opensslv.h +++ b/app/openssl/include/openssl/opensslv.h @@ -1,6 +1,10 @@ #ifndef HEADER_OPENSSLV_H #define HEADER_OPENSSLV_H +#ifdef __cplusplus +extern "C" { +#endif + /* Numeric release version identifier: * MNNFFPPS: major minor fix patch status * The status nibble has one of the values 0 for development, 1 to e for betas @@ -25,11 +29,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x1000108fL +#define OPENSSL_VERSION_NUMBER 0x100010afL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1h-fips 5 Jun 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j-fips 15 Oct 2014" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1h 5 Jun 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j 15 Oct 2014" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT @@ -86,4 +90,7 @@ #define SHLIB_VERSION_NUMBER "1.0.0" +#ifdef __cplusplus +} +#endif #endif /* HEADER_OPENSSLV_H */ diff --git a/app/openssl/include/openssl/ossl_typ.h b/app/openssl/include/openssl/ossl_typ.h index ea9227f6..12cdd43b 100644 --- a/app/openssl/include/openssl/ossl_typ.h +++ b/app/openssl/include/openssl/ossl_typ.h @@ -55,6 +55,10 @@ #ifndef HEADER_OPENSSL_TYPES_H #define HEADER_OPENSSL_TYPES_H +#ifdef __cplusplus +extern "C" { +#endif + #include #ifdef NO_ASN1_TYPEDEFS @@ -199,4 +203,7 @@ typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; typedef struct ocsp_response_st OCSP_RESPONSE; typedef struct ocsp_responder_id_st OCSP_RESPID; +#ifdef __cplusplus +} +#endif #endif /* def HEADER_OPENSSL_TYPES_H */ diff --git a/app/openssl/include/openssl/pkcs7.h b/app/openssl/include/openssl/pkcs7.h index 04f60379..5d54c4ac 100644 --- a/app/openssl/include/openssl/pkcs7.h +++ b/app/openssl/include/openssl/pkcs7.h @@ -233,10 +233,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7) (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) #define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) #define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) -#define PKCS7_type_is_encrypted(a) \ - (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) - -#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) #define PKCS7_set_detached(p,v) \ PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) diff --git a/app/openssl/include/openssl/pqueue.h b/app/openssl/include/openssl/pqueue.h index 87fc9037..26b53480 100644 --- a/app/openssl/include/openssl/pqueue.h +++ b/app/openssl/include/openssl/pqueue.h @@ -64,6 +64,9 @@ #include #include +#ifdef __cplusplus +extern "C" { +#endif typedef struct _pqueue *pqueue; typedef struct _pitem @@ -91,4 +94,7 @@ pitem *pqueue_next(piterator *iter); void pqueue_print(pqueue pq); int pqueue_size(pqueue pq); +#ifdef __cplusplus +} +#endif #endif /* ! HEADER_PQUEUE_H */ diff --git a/app/openssl/include/openssl/rsa.h b/app/openssl/include/openssl/rsa.h index 5f269e57..11853fee 100644 --- a/app/openssl/include/openssl/rsa.h +++ b/app/openssl/include/openssl/rsa.h @@ -559,6 +559,7 @@ void ERR_load_RSA_strings(void); #define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158 #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 #define RSA_R_PADDING_CHECK_FAILED 114 +#define RSA_R_PKCS_DECODING_ERROR 159 #define RSA_R_P_NOT_PRIME 128 #define RSA_R_Q_NOT_PRIME 129 #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 diff --git a/app/openssl/include/openssl/safestack.h b/app/openssl/include/openssl/safestack.h index ea3aa0d8..bc194cb2 100644 --- a/app/openssl/include/openssl/safestack.h +++ b/app/openssl/include/openssl/safestack.h @@ -57,6 +57,10 @@ #include +#ifdef __cplusplus +extern "C" { +#endif + #ifndef CHECKED_PTR_OF #define CHECKED_PTR_OF(type, p) \ ((void*) (1 ? p : (type*)0)) @@ -2660,4 +2664,8 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) #define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh) /* End of util/mkstack.pl block, you may now edit :-) */ + +#ifdef __cplusplus +} +#endif #endif /* !defined HEADER_SAFESTACK_H */ diff --git a/app/openssl/include/openssl/srtp.h b/app/openssl/include/openssl/srtp.h index c0cf33ef..24f23309 100644 --- a/app/openssl/include/openssl/srtp.h +++ b/app/openssl/include/openssl/srtp.h @@ -130,6 +130,8 @@ extern "C" { #define SRTP_NULL_SHA1_80 0x0005 #define SRTP_NULL_SHA1_32 0x0006 +#ifndef OPENSSL_NO_SRTP + int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); @@ -137,6 +139,8 @@ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); +#endif + #ifdef __cplusplus } #endif diff --git a/app/openssl/include/openssl/ssl.h b/app/openssl/include/openssl/ssl.h index 7566f2df..7a1fce89 100644 --- a/app/openssl/include/openssl/ssl.h +++ b/app/openssl/include/openssl/ssl.h @@ -264,6 +264,7 @@ extern "C" { #define SSL_TXT_aGOST94 "aGOST94" #define SSL_TXT_aGOST01 "aGOST01" #define SSL_TXT_aGOST "aGOST" +#define SSL_TXT_aSRP "aSRP" #define SSL_TXT_DSS "DSS" #define SSL_TXT_DH "DH" @@ -664,11 +665,15 @@ struct ssl_session_st */ #define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L #define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L +/* Send TLS_FALLBACK_SCSV in the ClientHello. + * To be set by applications that reconnect with a downgraded protocol + * version; see draft-ietf-tls-downgrade-scsv-00 for details. */ +#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L /* When set, clients may send application data before receipt of CCS * and Finished. This mode enables full-handshakes to 'complete' in * one RTT. */ -#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000080L +#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000200L /* When set, TLS 1.0 and SSLv3, multi-byte, CBC records will be split in two: * the first record will contain a single byte and the second will contain the @@ -1615,6 +1620,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE #define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ +#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */ #define SSL_ERROR_NONE 0 #define SSL_ERROR_SSL 1 @@ -1729,6 +1735,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 +#define SSL_CTRL_CHECK_PROTO_VERSION 119 + #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) #define DTLSv1_handle_timeout(ssl) \ @@ -2191,6 +2199,10 @@ int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secre void SSL_set_debug(SSL *s, int debug); int SSL_cache_hit(SSL *s); +#ifndef OPENSSL_NO_UNIT_TEST +const struct openssl_ssl_test_functions *SSL_test_functions(void); +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -2459,6 +2471,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_BAD_SRP_B_LENGTH 348 #define SSL_R_BAD_SRP_G_LENGTH 349 #define SSL_R_BAD_SRP_N_LENGTH 350 +#define SSL_R_BAD_SRP_PARAMETERS 371 #define SSL_R_BAD_SRP_S_LENGTH 351 #define SSL_R_BAD_SRTP_MKI_VALUE 352 #define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 @@ -2519,6 +2532,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_HTTPS_PROXY_REQUEST 155 #define SSL_R_HTTP_REQUEST 156 #define SSL_R_ILLEGAL_PADDING 283 +#define SSL_R_INAPPROPRIATE_FALLBACK 373 #define SSL_R_INCONSISTENT_COMPRESSION 340 #define SSL_R_INVALID_CHALLENGE_LENGTH 158 #define SSL_R_INVALID_COMMAND 280 @@ -2668,6 +2682,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 #define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 #define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 #define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 diff --git a/app/openssl/include/openssl/ssl3.h b/app/openssl/include/openssl/ssl3.h index 83d59bff..cba94345 100644 --- a/app/openssl/include/openssl/ssl3.h +++ b/app/openssl/include/openssl/ssl3.h @@ -128,9 +128,14 @@ extern "C" { #endif -/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ +/* Signalling cipher suite value from RFC 5746 + * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */ #define SSL3_CK_SCSV 0x030000FF +/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 + * (TLS_FALLBACK_SCSV) */ +#define SSL3_CK_FALLBACK_SCSV 0x03005600 + #define SSL3_CK_RSA_NULL_MD5 0x03000001 #define SSL3_CK_RSA_NULL_SHA 0x03000002 #define SSL3_CK_RSA_RC4_40_MD5 0x03000003 diff --git a/app/openssl/include/openssl/tls1.h b/app/openssl/include/openssl/tls1.h index b9a0899e..dc36f79f 100644 --- a/app/openssl/include/openssl/tls1.h +++ b/app/openssl/include/openssl/tls1.h @@ -159,17 +159,19 @@ extern "C" { #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 +#define TLS1_VERSION 0x0301 +#define TLS1_1_VERSION 0x0302 #define TLS1_2_VERSION 0x0303 -#define TLS1_2_VERSION_MAJOR 0x03 -#define TLS1_2_VERSION_MINOR 0x03 +#define TLS_MAX_VERSION TLS1_2_VERSION + +#define TLS1_VERSION_MAJOR 0x03 +#define TLS1_VERSION_MINOR 0x01 -#define TLS1_1_VERSION 0x0302 #define TLS1_1_VERSION_MAJOR 0x03 #define TLS1_1_VERSION_MINOR 0x02 -#define TLS1_VERSION 0x0301 -#define TLS1_VERSION_MAJOR 0x03 -#define TLS1_VERSION_MINOR 0x01 +#define TLS1_2_VERSION_MAJOR 0x03 +#define TLS1_2_VERSION_MINOR 0x03 #define TLS1_get_version(s) \ ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) @@ -187,6 +189,7 @@ extern "C" { #define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ #define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ +#define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */ #define TLS1_AD_USER_CANCELLED 90 #define TLS1_AD_NO_RENEGOTIATION 100 /* codes 110-114 are from RFC3546 */ -- cgit v1.2.3