diff options
author | Arne Schwabe <arne@rfc2549.org> | 2015-02-12 22:22:25 +0100 |
---|---|---|
committer | Arne Schwabe <arne@rfc2549.org> | 2015-02-12 22:22:25 +0100 |
commit | 9f0928c6593f937a17b7974b04051c57e3874b20 (patch) | |
tree | 1aaffa07a5c177fef2c1386f1850a688045bec2e /main/openssl/include | |
parent | 68d26e1b1b5b411adce714c88532fc8889289f34 (diff) |
Update OpenSSL to AOSP -master
Diffstat (limited to 'main/openssl/include')
-rw-r--r-- | main/openssl/include/openssl/asn1.h | 4 | ||||
-rw-r--r-- | main/openssl/include/openssl/bio.h | 4 | ||||
-rw-r--r-- | main/openssl/include/openssl/bn.h | 4 | ||||
-rw-r--r-- | main/openssl/include/openssl/dtls1.h | 8 | ||||
-rw-r--r-- | main/openssl/include/openssl/opensslv.h | 6 | ||||
-rw-r--r-- | main/openssl/include/openssl/srtp.h | 4 | ||||
-rw-r--r-- | main/openssl/include/openssl/ssl.h | 30 | ||||
-rw-r--r-- | main/openssl/include/openssl/ssl3.h | 13 | ||||
-rw-r--r-- | main/openssl/include/openssl/x509.h | 1 |
9 files changed, 56 insertions, 18 deletions
diff --git a/main/openssl/include/openssl/asn1.h b/main/openssl/include/openssl/asn1.h index 220a0c8c..3c45d5d0 100644 --- a/main/openssl/include/openssl/asn1.h +++ b/main/openssl/include/openssl/asn1.h @@ -776,7 +776,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) int ASN1_TYPE_get(ASN1_TYPE *a); void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); -int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); ASN1_OBJECT * ASN1_OBJECT_new(void ); void ASN1_OBJECT_free(ASN1_OBJECT *a); @@ -1329,6 +1329,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_ILLEGAL_TIME_VALUE 184 #define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 #define ASN1_R_INVALID_BMPSTRING_LENGTH 129 #define ASN1_R_INVALID_DIGIT 130 #define ASN1_R_INVALID_MIME_TYPE 205 @@ -1378,6 +1379,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_TIME_NOT_ASCII_FORMAT 193 #define ASN1_R_TOO_LONG 155 #define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +#define ASN1_R_TYPE_NOT_PRIMITIVE 218 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 #define ASN1_R_UNEXPECTED_EOC 159 diff --git a/main/openssl/include/openssl/bio.h b/main/openssl/include/openssl/bio.h index d05fa22a..3ff67275 100644 --- a/main/openssl/include/openssl/bio.h +++ b/main/openssl/include/openssl/bio.h @@ -175,6 +175,8 @@ extern "C" { #define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to * adjust socket timeouts */ +#define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 + #ifndef OPENSSL_NO_SCTP /* SCTP stuff */ #define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 @@ -610,6 +612,8 @@ int BIO_ctrl_reset_read_request(BIO *b); (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer) #define BIO_dgram_set_peer(b,peer) \ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer) +#define BIO_dgram_get_mtu_overhead(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) /* These two aren't currently implemented */ /* int BIO_get_ex_num(BIO *bio); */ diff --git a/main/openssl/include/openssl/bn.h b/main/openssl/include/openssl/bn.h index e776c07a..0dd8d889 100644 --- a/main/openssl/include/openssl/bn.h +++ b/main/openssl/include/openssl/bn.h @@ -784,7 +784,9 @@ int RAND_pseudo_bytes(unsigned char *buf,int num); #define bn_wcheck_size(bn, words) \ do { \ const BIGNUM *_bnum2 = (bn); \ - assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ + assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \ + /* avoid unused variable warning with NDEBUG */ \ + (void)(_bnum2); \ } while(0) #else /* !BN_DEBUG */ diff --git a/main/openssl/include/openssl/dtls1.h b/main/openssl/include/openssl/dtls1.h index 192c5def..33857526 100644 --- a/main/openssl/include/openssl/dtls1.h +++ b/main/openssl/include/openssl/dtls1.h @@ -117,6 +117,9 @@ extern "C" { #define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" #endif +/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */ +#define DTLS1_MAX_MTU_OVERHEAD 48 + typedef struct dtls1_bitmap_st { unsigned long map; /* track 32 packets on 32-bit systems @@ -231,6 +234,7 @@ typedef struct dtls1_state_st /* Is set when listening for new connections with dtls1_listen() */ unsigned int listen; + unsigned int link_mtu; /* max on-the-wire DTLS packet size */ unsigned int mtu; /* max DTLS packet size */ struct hm_header_st w_msg_hdr; @@ -252,6 +256,10 @@ typedef struct dtls1_state_st unsigned int handshake_fragment_len; unsigned int retransmitting; + /* + * Set when the handshake is ready to process peer's ChangeCipherSpec message. + * Cleared after the message has been processed. + */ unsigned int change_cipher_spec_ok; #ifndef OPENSSL_NO_SCTP diff --git a/main/openssl/include/openssl/opensslv.h b/main/openssl/include/openssl/opensslv.h index f375967e..4a1df08f 100644 --- a/main/openssl/include/openssl/opensslv.h +++ b/main/openssl/include/openssl/opensslv.h @@ -29,11 +29,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x100010afL +#define OPENSSL_VERSION_NUMBER 0x100010cfL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j-fips 15 Oct 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1l-fips 15 Jan 2015" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j 15 Oct 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1l 15 Jan 2015" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/main/openssl/include/openssl/srtp.h b/main/openssl/include/openssl/srtp.h index 24f23309..096b624d 100644 --- a/main/openssl/include/openssl/srtp.h +++ b/main/openssl/include/openssl/srtp.h @@ -1,4 +1,4 @@ -/* ssl/tls1.h */ +/* ssl/srtp.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -118,6 +118,8 @@ #ifndef HEADER_D1_SRTP_H #define HEADER_D1_SRTP_H +#include <openssl/ssl.h> + #ifdef __cplusplus extern "C" { #endif diff --git a/main/openssl/include/openssl/ssl.h b/main/openssl/include/openssl/ssl.h index 7a1fce89..90862dd6 100644 --- a/main/openssl/include/openssl/ssl.h +++ b/main/openssl/include/openssl/ssl.h @@ -607,9 +607,8 @@ struct ssl_session_st #define SSL_OP_SINGLE_ECDH_USE 0x00080000L /* If set, always create a new key when using tmp_dh parameters */ #define SSL_OP_SINGLE_DH_USE 0x00100000L -/* Set to always use the tmp_rsa key when doing RSA operations, - * even when this violates protocol specs */ -#define SSL_OP_EPHEMERAL_RSA 0x00200000L +/* Does nothing: retained for compatibiity */ +#define SSL_OP_EPHEMERAL_RSA 0x0 /* Set on servers to choose the cipher according to the server's * preferences */ #define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L @@ -666,8 +665,13 @@ struct ssl_session_st #define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L #define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L /* Send TLS_FALLBACK_SCSV in the ClientHello. - * To be set by applications that reconnect with a downgraded protocol - * version; see draft-ietf-tls-downgrade-scsv-00 for details. */ + * To be set only by applications that reconnect with a downgraded protocol + * version; see draft-ietf-tls-downgrade-scsv-00 for details. + * + * DO NOT ENABLE THIS if your application attempts a normal handshake. + * Only use this in explicit fallback retries, following the guidance + * in draft-ietf-tls-downgrade-scsv-00. + */ #define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L /* When set, clients may send application data before receipt of CCS @@ -711,6 +715,10 @@ struct ssl_session_st SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) #define SSL_set_mtu(ssl, mtu) \ SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) +#define DTLS_set_link_mtu(ssl, mtu) \ + SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) +#define DTLS_get_link_min_mtu(ssl) \ + SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) #define SSL_get_secure_renegotiation_support(ssl) \ SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) @@ -1736,6 +1744,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 #define SSL_CTRL_CHECK_PROTO_VERSION 119 +#define DTLS_CTRL_SET_LINK_MTU 120 +#define DTLS_CTRL_GET_LINK_MIN_MTU 121 #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) @@ -2014,13 +2024,15 @@ const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ #endif +#ifndef OPENSSL_NO_SSL3_METHOD const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ +#endif -const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ -const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ -const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ +const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS version */ +const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available SSL/TLS version */ +const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available SSL/TLS version */ const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ @@ -2592,7 +2604,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_NO_COMPRESSION_SPECIFIED 187 #define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 #define SSL_R_NO_METHOD_SPECIFIED 188 -#define SSL_R_NO_P256_SUPPORT 373 +#define SSL_R_NO_P256_SUPPORT 380 #define SSL_R_NO_PRIVATEKEY 189 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 #define SSL_R_NO_PROTOCOLS_AVAILABLE 191 diff --git a/main/openssl/include/openssl/ssl3.h b/main/openssl/include/openssl/ssl3.h index cba94345..6dc08179 100644 --- a/main/openssl/include/openssl/ssl3.h +++ b/main/openssl/include/openssl/ssl3.h @@ -393,8 +393,12 @@ typedef struct ssl3_buffer_st #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 +/* + * Set when the handshake is ready to process peer's ChangeCipherSpec message. + * Cleared after the message has been processed. + */ #define SSL3_FLAGS_CCS_OK 0x0080 - + /* SSL3_FLAGS_SGC_RESTART_DONE is set when we * restart a handshake because of MS SGC and so prevents us * from restarting the handshake in a loop. It's reset on a @@ -456,8 +460,11 @@ typedef struct ssl3_state_st * and freed and MD_CTX-es for all required digests are stored in * this array */ EVP_MD_CTX **handshake_dgst; - /* this is set whenerver we see a change_cipher_spec message - * come in when we are not looking for one */ + /* + * Set whenever an expected ChangeCipherSpec message is processed. + * Unset when the peer's Finished message is received. + * Unexpected ChangeCipherSpec messages trigger a fatal alert. + */ int change_cipher_spec; int warn_alert; diff --git a/main/openssl/include/openssl/x509.h b/main/openssl/include/openssl/x509.h index 092dd745..ed767f84 100644 --- a/main/openssl/include/openssl/x509.h +++ b/main/openssl/include/openssl/x509.h @@ -768,6 +768,7 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, X509_ALGOR *algor); void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); X509_NAME *X509_NAME_dup(X509_NAME *xn); X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); |