From 0c5af0c28f23f75f93e253aeccb00c5ad20c116e Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Wed, 23 Apr 2014 12:31:35 +0200 Subject: Update OpenSSL to 1.0.1g --- main/openssl/include/openssl/bn.h | 11 +++++++++++ main/openssl/include/openssl/kssl.h | 9 +++++++++ main/openssl/include/openssl/opensslv.h | 6 +++--- main/openssl/include/openssl/ssl.h | 2 +- main/openssl/include/openssl/symhacks.h | 6 ++++++ main/openssl/include/openssl/tls1.h | 10 ++++++---- 6 files changed, 36 insertions(+), 8 deletions(-) (limited to 'main/openssl/include') diff --git a/main/openssl/include/openssl/bn.h b/main/openssl/include/openssl/bn.h index 9281ce59..e776c07a 100644 --- a/main/openssl/include/openssl/bn.h +++ b/main/openssl/include/openssl/bn.h @@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, BIGNUM *BN_mod_sqrt(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + /* Deprecated versions */ #ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, @@ -778,11 +780,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num); #define bn_fix_top(a) bn_check_top(a) +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +#define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ + } while(0) + #else /* !BN_DEBUG */ #define bn_pollute(a) #define bn_check_top(a) #define bn_fix_top(a) bn_correct_top(a) +#define bn_check_size(bn, bits) +#define bn_wcheck_size(bn, words) #endif diff --git a/main/openssl/include/openssl/kssl.h b/main/openssl/include/openssl/kssl.h index 8242fd5e..e4df8430 100644 --- a/main/openssl/include/openssl/kssl.h +++ b/main/openssl/include/openssl/kssl.h @@ -70,6 +70,15 @@ #include #include #include +#ifdef OPENSSL_SYS_WIN32 +/* These can sometimes get redefined indirectly by krb5 header files + * after they get undefed in ossl_typ.h + */ +#undef X509_NAME +#undef X509_EXTENSIONS +#undef OCSP_REQUEST +#undef OCSP_RESPONSE +#endif #ifdef __cplusplus extern "C" { diff --git a/main/openssl/include/openssl/opensslv.h b/main/openssl/include/openssl/opensslv.h index b27a5bb8..ebe71807 100644 --- a/main/openssl/include/openssl/opensslv.h +++ b/main/openssl/include/openssl/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x1000106fL +#define OPENSSL_VERSION_NUMBER 0x1000107fL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f-fips 6 Jan 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-fips 7 Apr 2014" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f 6 Jan 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g 7 Apr 2014" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/main/openssl/include/openssl/ssl.h b/main/openssl/include/openssl/ssl.h index 4c38f6ed..40c4d9cf 100644 --- a/main/openssl/include/openssl/ssl.h +++ b/main/openssl/include/openssl/ssl.h @@ -928,7 +928,7 @@ struct ssl_ctx_st */ unsigned int max_send_fragment; -#ifndef OPENSSL_ENGINE +#ifndef OPENSSL_NO_ENGINE /* Engine to pass requests for client certs to */ ENGINE *client_cert_engine; diff --git a/main/openssl/include/openssl/symhacks.h b/main/openssl/include/openssl/symhacks.h index 07a412f8..bd2f000d 100644 --- a/main/openssl/include/openssl/symhacks.h +++ b/main/openssl/include/openssl/symhacks.h @@ -204,6 +204,12 @@ #define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb #undef SSL_CTX_set_next_proto_select_cb #define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb +#undef ssl3_cbc_record_digest_supported +#define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support +#undef ssl_check_clienthello_tlsext_late +#define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late +#undef ssl_check_clienthello_tlsext_early +#define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early /* Hack some long ENGINE names */ #undef ENGINE_get_default_BN_mod_exp_crt diff --git a/main/openssl/include/openssl/tls1.h b/main/openssl/include/openssl/tls1.h index 6f031a44..6283c6a7 100644 --- a/main/openssl/include/openssl/tls1.h +++ b/main/openssl/include/openssl/tls1.h @@ -230,6 +230,12 @@ extern "C" { /* ExtensionType value from RFC5620 */ #define TLSEXT_TYPE_heartbeat 15 +/* ExtensionType value for TLS padding extension. + * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml + * http://tools.ietf.org/html/draft-agl-tls-padding-03 + */ +#define TLSEXT_TYPE_padding 21 + /* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */ #define TLSEXT_TYPE_application_layer_protocol_negotiation 16 @@ -254,10 +260,6 @@ extern "C" { /* This is not an IANA defined extension number */ #define TLSEXT_TYPE_channel_id 30031 -/* See https://tools.ietf.org/html/draft-agl-tls-padding-02 - * Number not yet IANA assigned. */ -#define TLSEXT_TYPE_padding 35655 - /* NameType value from RFC 3546 */ #define TLSEXT_NAMETYPE_host_name 0 /* status request value from RFC 3546 */ -- cgit v1.2.3