Update OpenSSL to 1.0.1g

author: Arne Schwabe <arne@rfc2549.org> 2014-04-23 12:31:35 +0200
committer: Arne Schwabe <arne@rfc2549.org> 2014-04-23 12:31:35 +0200
commit: 0c5af0c28f23f75f93e253aeccb00c5ad20c116e (patch)
tree: fae9826018c36f1011007d029b728c290c50485c /main/openssl/include
parent: c69ba1780496c260a1b4498596bae428e0df232d (diff)
6 files changed, 36 insertions, 8 deletions
diff --git a/main/openssl/include/openssl/bn.h b/main/openssl/include/openssl/bn.h
index 9281ce59..e776c07a 100644
--- a/main/openssl/include/openssl/bn.h
+++ b/main/openssl/include/openssl/bn.h
@@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
 BIGNUM *BN_mod_sqrt(BIGNUM *ret,
 	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
 
+void	BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
 /* Deprecated versions */
 #ifndef OPENSSL_NO_DEPRECATED
 BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
@@ -778,11 +780,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
 
 #define bn_fix_top(a)		bn_check_top(a)
 
+#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+#define bn_wcheck_size(bn, words) \
+	do { \
+		const BIGNUM *_bnum2 = (bn); \
+		assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
+	} while(0)
+
 #else /* !BN_DEBUG */
 
 #define bn_pollute(a)
 #define bn_check_top(a)
 #define bn_fix_top(a)		bn_correct_top(a)
+#define bn_check_size(bn, bits)
+#define bn_wcheck_size(bn, words)
 
 #endif
 
diff --git a/main/openssl/include/openssl/kssl.h b/main/openssl/include/openssl/kssl.h
index 8242fd5e..e4df8430 100644
--- a/main/openssl/include/openssl/kssl.h
+++ b/main/openssl/include/openssl/kssl.h
@@ -70,6 +70,15 @@
 #include <stdio.h>
 #include <ctype.h>
 #include <krb5.h>
+#ifdef OPENSSL_SYS_WIN32
+/* These can sometimes get redefined indirectly by krb5 header files
+ * after they get undefed in ossl_typ.h
+ */
+#undef X509_NAME
+#undef X509_EXTENSIONS
+#undef OCSP_REQUEST
+#undef OCSP_RESPONSE
+#endif
 
 #ifdef  __cplusplus
 extern "C" {
diff --git a/main/openssl/include/openssl/opensslv.h b/main/openssl/include/openssl/opensslv.h
index b27a5bb8..ebe71807 100644
--- a/main/openssl/include/openssl/opensslv.h
+++ b/main/openssl/include/openssl/opensslv.h
@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x1000106fL
+#define OPENSSL_VERSION_NUMBER	0x1000107fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1f-fips 6 Jan 2014"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1g-fips 7 Apr 2014"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1f 6 Jan 2014"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1g 7 Apr 2014"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 
diff --git a/main/openssl/include/openssl/ssl.h b/main/openssl/include/openssl/ssl.h
index 4c38f6ed..40c4d9cf 100644
--- a/main/openssl/include/openssl/ssl.h
+++ b/main/openssl/include/openssl/ssl.h
@@ -928,7 +928,7 @@ struct ssl_ctx_st
 	 */
 	unsigned int max_send_fragment;
 
-#ifndef OPENSSL_ENGINE
+#ifndef OPENSSL_NO_ENGINE
 	/* Engine to pass requests for client certs to
 	 */
 	ENGINE *client_cert_engine;
diff --git a/main/openssl/include/openssl/symhacks.h b/main/openssl/include/openssl/symhacks.h
index 07a412f8..bd2f000d 100644
--- a/main/openssl/include/openssl/symhacks.h
+++ b/main/openssl/include/openssl/symhacks.h
@@ -204,6 +204,12 @@
 #define SSL_CTX_set_next_protos_advertised_cb	SSL_CTX_set_next_protos_adv_cb
 #undef SSL_CTX_set_next_proto_select_cb
 #define SSL_CTX_set_next_proto_select_cb	SSL_CTX_set_next_proto_sel_cb
+#undef ssl3_cbc_record_digest_supported
+#define ssl3_cbc_record_digest_supported        ssl3_cbc_record_digest_support
+#undef ssl_check_clienthello_tlsext_late
+#define ssl_check_clienthello_tlsext_late       ssl_check_clihello_tlsext_late
+#undef ssl_check_clienthello_tlsext_early
+#define ssl_check_clienthello_tlsext_early      ssl_check_clihello_tlsext_early
 
 /* Hack some long ENGINE names */
 #undef ENGINE_get_default_BN_mod_exp_crt
diff --git a/main/openssl/include/openssl/tls1.h b/main/openssl/include/openssl/tls1.h
index 6f031a44..6283c6a7 100644
--- a/main/openssl/include/openssl/tls1.h
+++ b/main/openssl/include/openssl/tls1.h
@@ -230,6 +230,12 @@ extern "C" {
 /* ExtensionType value from RFC5620 */
 #define TLSEXT_TYPE_heartbeat	15
 
+/* ExtensionType value for TLS padding extension.
+ * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ * http://tools.ietf.org/html/draft-agl-tls-padding-03
+ */
+#define TLSEXT_TYPE_padding	21
+
 /* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */
 #define TLSEXT_TYPE_application_layer_protocol_negotiation 16
 
@@ -254,10 +260,6 @@ extern "C" {
 /* This is not an IANA defined extension number */
 #define TLSEXT_TYPE_channel_id			30031
 
-/* See https://tools.ietf.org/html/draft-agl-tls-padding-02
- * Number not yet IANA assigned. */
-#define TLSEXT_TYPE_padding			35655
-
 /* NameType value from RFC 3546 */
 #define TLSEXT_NAMETYPE_host_name 0
 /* status request value from RFC 3546 */
author	Arne Schwabe <arne@rfc2549.org>	2014-04-23 12:31:35 +0200
committer	Arne Schwabe <arne@rfc2549.org>	2014-04-23 12:31:35 +0200
commit	0c5af0c28f23f75f93e253aeccb00c5ad20c116e (patch)
tree	fae9826018c36f1011007d029b728c290c50485c /main/openssl/include
parent	c69ba1780496c260a1b4498596bae428e0df232d (diff)