diff --git a/amd64/include/openssl/asn1.h b/amd64/include/openssl/asn1.h index 05ae1db..d0b1099 100644 --- a/amd64/include/openssl/asn1.h +++ b/amd64/include/openssl/asn1.h @@ -953,8 +953,10 @@ int ERR_load_ASN1_strings(void); # define ASN1_F_D2I_AUTOPRIVATEKEY 207 # define ASN1_F_D2I_PRIVATEKEY 154 # define ASN1_F_D2I_PUBLICKEY 155 +# define ASN1_F_DO_BUF 142 # define ASN1_F_DO_TCREATE 222 # define ASN1_F_I2D_ASN1_BIO_STREAM 211 +# define ASN1_F_I2D_ASN1_OBJECT 143 # define ASN1_F_I2D_DSA_PUBKEY 161 # define ASN1_F_I2D_EC_PUBKEY 181 # define ASN1_F_I2D_PRIVATEKEY 163 diff --git a/amd64/include/openssl/asn1_mac.h b/amd64/include/openssl/asn1_mac.h deleted file mode 100644 index 7ac1782..0000000 --- a/amd64/include/openssl/asn1_mac.h +++ /dev/null @@ -1,10 +0,0 @@ -/* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#error "This file is obsolete; please update your software." diff --git a/amd64/include/openssl/bio.h b/amd64/include/openssl/bio.h index f435bd8..3a72862 100644 --- a/amd64/include/openssl/bio.h +++ b/amd64/include/openssl/bio.h @@ -730,26 +730,26 @@ __bio_h__attr__((__format__(__printf__, 3, 0))); BIO_METHOD *BIO_meth_new(int type, const char *name); void BIO_meth_free(BIO_METHOD *biom); -int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int); +int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int); int BIO_meth_set_write(BIO_METHOD *biom, int (*write) (BIO *, const char *, int)); -int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int); +int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); int BIO_meth_set_read(BIO_METHOD *biom, int (*read) (BIO *, char *, int)); -int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *); +int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts) (BIO *, const char *)); -int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int); +int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); int BIO_meth_set_gets(BIO_METHOD *biom, int (*gets) (BIO *, char *, int)); -long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *); +long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *)); -int (*BIO_meth_get_create(BIO_METHOD *bion)) (BIO *); +int (*BIO_meth_get_create(const BIO_METHOD *bion)) (BIO *); int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); -int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *); +int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *); int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); -long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) +long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) (BIO *, int, BIO_info_cb *); int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl) (BIO *, int, diff --git a/amd64/include/openssl/bn.h b/amd64/include/openssl/bn.h index 54ae760..301edd5 100644 --- a/amd64/include/openssl/bn.h +++ b/amd64/include/openssl/bn.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -119,25 +119,76 @@ void *BN_GENCB_get_arg(BN_GENCB *cb); * on the size of the number */ /* - * number of Miller-Rabin iterations for an error rate of less than 2^-80 for - * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of - * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; - * original paper: Damgaard, Landrock, Pomerance: Average case error - * estimates for the strong probable prime test. -- Math. Comp. 61 (1993) - * 177-194) + * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations + * that will be done for checking that a random number is probably prime. The + * error rate for accepting a composite number as prime depends on the size of + * the prime |b|. The error rates used are for calculating an RSA key with 2 primes, + * and so the level is what you would expect for a key of double the size of the + * prime. + * + * This table is generated using the algorithm of FIPS PUB 186-4 + * Digital Signature Standard (DSS), section F.1, page 117. + * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) + * + * The following magma script was used to generate the output: + * securitybits:=125; + * k:=1024; + * for t:=1 to 65 do + * for M:=3 to Floor(2*Sqrt(k-1)-1) do + * S:=0; + * // Sum over m + * for m:=3 to M do + * s:=0; + * // Sum over j + * for j:=2 to m do + * s+:=(RealField(32)!2)^-(j+(k-1)/j); + * end for; + * S+:=2^(m-(m-1)*t)*s; + * end for; + * A:=2^(k-2-M*t); + * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S; + * pkt:=2.00743*Log(2)*k*2^-k*(A+B); + * seclevel:=Floor(-Log(2,pkt)); + * if seclevel ge securitybits then + * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M; + * break; + * end if; + * end for; + * if seclevel ge securitybits then break; end if; + * end for; + * + * It can be run online at: + * http://magma.maths.usyd.edu.au/calc + * + * And will output: + * k: 1024, security: 129 bits (t: 6, M: 23) + * + * k is the number of bits of the prime, securitybits is the level we want to + * reach. + * + * prime length | RSA key size | # MR tests | security level + * -------------+--------------|------------+--------------- + * (b) >= 6394 | >= 12788 | 3 | 256 bit + * (b) >= 3747 | >= 7494 | 3 | 192 bit + * (b) >= 1345 | >= 2690 | 4 | 128 bit + * (b) >= 1080 | >= 2160 | 5 | 128 bit + * (b) >= 852 | >= 1704 | 5 | 112 bit + * (b) >= 476 | >= 952 | 5 | 80 bit + * (b) >= 400 | >= 800 | 6 | 80 bit + * (b) >= 347 | >= 694 | 7 | 80 bit + * (b) >= 308 | >= 616 | 8 | 80 bit + * (b) >= 55 | >= 110 | 27 | 64 bit + * (b) >= 6 | >= 12 | 34 | 64 bit */ -# define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ - (b) >= 850 ? 3 : \ - (b) >= 650 ? 4 : \ - (b) >= 550 ? 5 : \ - (b) >= 450 ? 6 : \ - (b) >= 400 ? 7 : \ - (b) >= 350 ? 8 : \ - (b) >= 300 ? 9 : \ - (b) >= 250 ? 12 : \ - (b) >= 200 ? 15 : \ - (b) >= 150 ? 18 : \ - /* b >= 100 */ 27) + +# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \ + (b) >= 1345 ? 4 : \ + (b) >= 476 ? 5 : \ + (b) >= 400 ? 6 : \ + (b) >= 347 ? 7 : \ + (b) >= 308 ? 8 : \ + (b) >= 55 ? 27 : \ + /* b >= 6 */ 34) # define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) diff --git a/amd64/include/openssl/conf.h b/amd64/include/openssl/conf.h index 980a51b..e0539e3 100644 --- a/amd64/include/openssl/conf.h +++ b/amd64/include/openssl/conf.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -191,6 +191,7 @@ int ERR_load_CONF_strings(void); # define CONF_F_NCONF_LOAD_BIO 110 # define CONF_F_NCONF_LOAD_FP 114 # define CONF_F_NCONF_NEW 111 +# define CONF_F_SSL_MODULE_INIT 123 # define CONF_F_STR_COPY 101 /* Reason codes. */ @@ -206,6 +207,10 @@ int ERR_load_CONF_strings(void); # define CONF_R_NO_SECTION 107 # define CONF_R_NO_SUCH_FILE 114 # define CONF_R_NO_VALUE 108 +# define CONF_R_SSL_COMMAND_SECTION_EMPTY 117 +# define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118 +# define CONF_R_SSL_SECTION_EMPTY 119 +# define CONF_R_SSL_SECTION_NOT_FOUND 120 # define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 # define CONF_R_UNKNOWN_MODULE_NAME 113 # define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 diff --git a/amd64/include/openssl/crypto.h b/amd64/include/openssl/crypto.h index 1ba7f25..fa3f12a 100644 --- a/amd64/include/openssl/crypto.h +++ b/amd64/include/openssl/crypto.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -371,7 +371,9 @@ int CRYPTO_memcmp(const volatile void * volatile in_a, # define OPENSSL_INIT_ENGINE_CAPI 0x00002000L # define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L # define OPENSSL_INIT_ENGINE_AFALG 0x00008000L -/* OPENSSL_INIT flag 0x00010000 reserved for internal use */ +/* OPENSSL_INIT_ZLIB 0x00010000L */ +/* currently unused 0x00020000L */ +/* OPENSSL_INIT_BASE_ONLY 0x00040000L */ /* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */ /* Max OPENSSL_INIT flag value is 0x80000000 */ diff --git a/amd64/include/openssl/dh.h b/amd64/include/openssl/dh.h index fbd4790..8cf879e 100644 --- a/amd64/include/openssl/dh.h +++ b/amd64/include/openssl/dh.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -187,7 +187,7 @@ void DH_meth_free(DH_METHOD *dhm); DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); const char *DH_meth_get0_name(const DH_METHOD *dhm); int DH_meth_set1_name(DH_METHOD *dhm, const char *name); -int DH_meth_get_flags(DH_METHOD *dhm); +int DH_meth_get_flags(const DH_METHOD *dhm); int DH_meth_set_flags(DH_METHOD *dhm, int flags); void *DH_meth_get0_app_data(const DH_METHOD *dhm); int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); diff --git a/amd64/include/openssl/dsa.h b/amd64/include/openssl/dsa.h index 139718e..3a7b1a6 100644 --- a/amd64/include/openssl/dsa.h +++ b/amd64/include/openssl/dsa.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -146,10 +146,12 @@ int DSAparams_print_fp(FILE *fp, const DSA *x); int DSA_print_fp(FILE *bp, const DSA *x, int off); # endif -# define DSS_prime_checks 50 +# define DSS_prime_checks 64 /* - * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of - * Rabin-Miller + * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only + * have one value here we set the number of checks to 64 which is the 128 bit + * security level that is the highest level and valid for creating a 3072 bit + * DSA key. */ # define DSA_is_prime(n, callback, cb_arg) \ BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) @@ -186,7 +188,7 @@ void DSA_meth_free(DSA_METHOD *dsam); DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam); const char *DSA_meth_get0_name(const DSA_METHOD *dsam); int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); -int DSA_meth_get_flags(DSA_METHOD *dsam); +int DSA_meth_get_flags(const DSA_METHOD *dsam); int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); @@ -260,6 +262,7 @@ int ERR_load_DSA_strings(void); # define DSA_F_DSA_SIG_NEW 102 # define DSA_F_OLD_DSA_PRIV_DECODE 122 # define DSA_F_PKEY_DSA_CTRL 120 +# define DSA_F_PKEY_DSA_CTRL_STR 104 # define DSA_F_PKEY_DSA_KEYGEN 121 /* Reason codes. */ diff --git a/amd64/include/openssl/evp.h b/amd64/include/openssl/evp.h index 43c97a7..36e2934 100644 --- a/amd64/include/openssl/evp.h +++ b/amd64/include/openssl/evp.h @@ -1351,34 +1351,34 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, const char *type, const char *value)); -void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, int (**pinit) (EVP_PKEY_CTX *ctx)); -void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, int (**pcopy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)); -void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, void (**pcleanup) (EVP_PKEY_CTX *ctx)); -void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, int (**pparamgen_init) (EVP_PKEY_CTX *ctx), int (**pparamgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); -void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, int (**pkeygen_init) (EVP_PKEY_CTX *ctx), int (**pkeygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); -void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, int (**psign_init) (EVP_PKEY_CTX *ctx), int (**psign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen)); -void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, int (**pverify_init) (EVP_PKEY_CTX *ctx), int (**pverify) (EVP_PKEY_CTX *ctx, const unsigned char *sig, @@ -1386,7 +1386,7 @@ void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, const unsigned char *tbs, size_t tbslen)); -void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, int (**pverify_recover_init) (EVP_PKEY_CTX *ctx), int (**pverify_recover) (EVP_PKEY_CTX @@ -1398,7 +1398,7 @@ void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, char *tbs, size_t tbslen)); -void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, int (**psignctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), int (**psignctx) (EVP_PKEY_CTX *ctx, @@ -1406,7 +1406,7 @@ void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, size_t *siglen, EVP_MD_CTX *mctx)); -void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), int (**pverifyctx) (EVP_PKEY_CTX *ctx, @@ -1414,7 +1414,7 @@ void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, int siglen, EVP_MD_CTX *mctx)); -void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, int (**pencrypt_init) (EVP_PKEY_CTX *ctx), int (**pencryptfn) (EVP_PKEY_CTX *ctx, unsigned char *out, @@ -1422,7 +1422,7 @@ void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, const unsigned char *in, size_t inlen)); -void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), int (**pdecrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, @@ -1430,13 +1430,13 @@ void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, const unsigned char *in, size_t inlen)); -void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, int (**pderive_init) (EVP_PKEY_CTX *ctx), int (**pderive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)); -void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2), int (**pctrl_str) (EVP_PKEY_CTX *ctx, @@ -1506,6 +1506,8 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_PKEY_GET0_RSA 121 # define EVP_F_EVP_PKEY_KEYGEN 146 # define EVP_F_EVP_PKEY_KEYGEN_INIT 147 +# define EVP_F_EVP_PKEY_METH_ADD0 172 +# define EVP_F_EVP_PKEY_METH_NEW 173 # define EVP_F_EVP_PKEY_NEW 106 # define EVP_F_EVP_PKEY_PARAMGEN 148 # define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 @@ -1570,6 +1572,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 # define EVP_R_OPERATON_NOT_INITIALIZED 151 # define EVP_R_PARTIALLY_OVERLAPPING 162 +# define EVP_R_PBKDF2_ERROR 176 # define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 175 # define EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED 164 # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 diff --git a/amd64/include/openssl/lhash.h b/amd64/include/openssl/lhash.h index 82d40c1..8ecc588 100644 --- a/amd64/include/openssl/lhash.h +++ b/amd64/include/openssl/lhash.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -95,7 +95,7 @@ void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); # define _LHASH OPENSSL_LHASH # define LHASH_NODE OPENSSL_LH_NODE # define lh_error OPENSSL_LH_error -# define lh_new OPENSSL_lh_new +# define lh_new OPENSSL_LH_new # define lh_free OPENSSL_LH_free # define lh_insert OPENSSL_LH_insert # define lh_delete OPENSSL_LH_delete diff --git a/amd64/include/openssl/opensslconf.h b/amd64/include/openssl/opensslconf.h index e52b31f..7ac11cd 100644 --- a/amd64/include/openssl/opensslconf.h +++ b/amd64/include/openssl/opensslconf.h @@ -1,6 +1,6 @@ /* * WARNING: do not edit! - * Generated by makefile from ..\include\openssl\opensslconf.h.in + * Generated by makefile from ..\s\include\openssl\opensslconf.h.in * * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * @@ -102,12 +102,18 @@ extern "C" { * still won't see them if the library has been built to disable deprecated * functions. */ -#if defined(OPENSSL_NO_DEPRECATED) -# define DECLARE_DEPRECATED(f) -#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); -#else -# define DECLARE_DEPRECATED(f) f; +#ifndef DECLARE_DEPRECATED +# if defined(OPENSSL_NO_DEPRECATED) +# define DECLARE_DEPRECATED(f) +# else +# define DECLARE_DEPRECATED(f) f; +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# endif +# endif #endif #ifndef OPENSSL_FILE diff --git a/amd64/include/openssl/opensslconf.h.in b/amd64/include/openssl/opensslconf.h.in new file mode 100644 index 0000000..17807fb --- /dev/null +++ b/amd64/include/openssl/opensslconf.h.in @@ -0,0 +1,147 @@ +/* + * {- join("\n * ", @autowarntext) -} + * + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL_ALGORITHM_DEFINES +# error OPENSSL_ALGORITHM_DEFINES no longer supported +#endif + +/* + * OpenSSL was configured with the following options: + */ + +{- if (@{$config{openssl_sys_defines}}) { + foreach (@{$config{openssl_sys_defines}}) { + $OUT .= "#ifndef $_\n"; + $OUT .= "# define $_ 1\n"; + $OUT .= "#endif\n"; + } + } + foreach (@{$config{openssl_api_defines}}) { + (my $macro, my $value) = $_ =~ /^(.*?)=(.*?)$/; + $OUT .= "#define $macro $value\n"; + } + if (@{$config{openssl_algorithm_defines}}) { + foreach (@{$config{openssl_algorithm_defines}}) { + $OUT .= "#ifndef $_\n"; + $OUT .= "# define $_\n"; + $OUT .= "#endif\n"; + } + } + if (@{$config{openssl_thread_defines}}) { + foreach (@{$config{openssl_thread_defines}}) { + $OUT .= "#ifndef $_\n"; + $OUT .= "# define $_\n"; + $OUT .= "#endif\n"; + } + } + if (@{$config{openssl_other_defines}}) { + foreach (@{$config{openssl_other_defines}}) { + $OUT .= "#ifndef $_\n"; + $OUT .= "# define $_\n"; + $OUT .= "#endif\n"; + } + } + ""; +-} + +/* + * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers + * don't like that. This will hopefully silence them. + */ +#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy; + +/* + * Applications should use -DOPENSSL_API_COMPAT= to suppress the + * declarations of functions deprecated in or before . Otherwise, they + * still won't see them if the library has been built to disable deprecated + * functions. + */ +#ifndef DECLARE_DEPRECATED +# if defined(OPENSSL_NO_DEPRECATED) +# define DECLARE_DEPRECATED(f) +# else +# define DECLARE_DEPRECATED(f) f; +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# endif +# endif +#endif + +#ifndef OPENSSL_FILE +# ifdef OPENSSL_NO_FILENAMES +# define OPENSSL_FILE "" +# define OPENSSL_LINE 0 +# else +# define OPENSSL_FILE __FILE__ +# define OPENSSL_LINE __LINE__ +# endif +#endif + +#ifndef OPENSSL_MIN_API +# define OPENSSL_MIN_API 0 +#endif + +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API +# undef OPENSSL_API_COMPAT +# define OPENSSL_API_COMPAT OPENSSL_MIN_API +#endif + +#if OPENSSL_API_COMPAT < 0x10100000L +# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_1_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10000000L +# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_0_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x00908000L +# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_0_9_8(f) +#endif + +{- $target{cpuid_obj} ne "mem_clr.o" ? "#define OPENSSL_CPUID_OBJ" : "" -} + +/* Generate 80386 code? */ +{- $config{processor} eq "386" ? "#define" : "#undef" -} I386_ONLY + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD {- $target{unistd} -} + +{- $config{export_var_as_fn} ? "#define" : "#undef" -} OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* + * The following are cipher-specific, but are part of the public API. + */ +#if !defined(OPENSSL_SYS_UEFI) +{- $config{bn_ll} ? "# define" : "# undef" -} BN_LLONG +/* Only one for the following should be defined */ +{- $config{b64l} ? "# define" : "# undef" -} SIXTY_FOUR_BIT_LONG +{- $config{b64} ? "# define" : "# undef" -} SIXTY_FOUR_BIT +{- $config{b32} ? "# define" : "# undef" -} THIRTY_TWO_BIT +#endif + +#define RC4_INT {- $config{rc4_int} -} + +#ifdef __cplusplus +} +#endif diff --git a/amd64/include/openssl/opensslv.h b/amd64/include/openssl/opensslv.h index 4fb437f..c5ef2a7 100644 --- a/amd64/include/openssl/opensslv.h +++ b/amd64/include/openssl/opensslv.h @@ -39,18 +39,13 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1010008fL +# define OPENSSL_VERSION_NUMBER 0x1010009fL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0h-fips 27 Mar 2018" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0i-fips 14 Aug 2018" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0h 27 Mar 2018" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0i 14 Aug 2018" # endif -#define OPENSSL_MAKE_VERSION(maj,min,fix,patch) ((0x10000000L)+((maj&0xff)<<20)+((min&0xff)<<12)+((fix&0xff)<<4)+patch) - -/* use this for #if tests, should never depend upon fix/patch */ -#define OPENSSL_VERSION_AT_LEAST(maj,min) (OPENSSL_MAKE_VERSION(maj,min, 0, 0) >= OPENSSL_VERSION_NUMBER) - /*- * The macros below are to be used for shared library (.so, .dll, ...) * versioning. That kind of versioning works a bit differently between diff --git a/amd64/include/openssl/pem.h b/amd64/include/openssl/pem.h index 2375d63..f7ce3c6 100644 --- a/amd64/include/openssl/pem.h +++ b/amd64/include/openssl/pem.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -322,7 +322,8 @@ int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey); -int PEM_def_callback(char *buf, int num, int w, void *key); +/* The default pem_password_cb that's used internally */ +int PEM_def_callback(char *buf, int num, int rwflag, void *userdata); void PEM_proc_type(char *buf, int type); void PEM_dek_info(char *buf, const char *type, int len, char *str); diff --git a/amd64/include/openssl/rsa.h b/amd64/include/openssl/rsa.h index d97d6e0..790831b 100644 --- a/amd64/include/openssl/rsa.h +++ b/amd64/include/openssl/rsa.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -374,7 +374,7 @@ void RSA_meth_free(RSA_METHOD *meth); RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); const char *RSA_meth_get0_name(const RSA_METHOD *meth); int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); -int RSA_meth_get_flags(RSA_METHOD *meth); +int RSA_meth_get_flags(const RSA_METHOD *meth); int RSA_meth_set_flags(RSA_METHOD *meth, int flags); void *RSA_meth_get0_app_data(const RSA_METHOD *meth); int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); diff --git a/amd64/include/openssl/ssl.h b/amd64/include/openssl/ssl.h index f070bd2..56e2056 100644 --- a/amd64/include/openssl/ssl.h +++ b/amd64/include/openssl/ssl.h @@ -967,8 +967,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); # define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 # define SSL_VERIFY_CLIENT_ONCE 0x04 -# define OpenSSL_add_ssl_algorithms() SSL_library_init() # if OPENSSL_API_COMPAT < 0x10100000L +# define OpenSSL_add_ssl_algorithms() SSL_library_init() # define SSLeay_add_ssl_algorithms() SSL_library_init() # endif @@ -1358,7 +1358,7 @@ __owur int SSL_get_fd(const SSL *s); __owur int SSL_get_rfd(const SSL *s); __owur int SSL_get_wfd(const SSL *s); __owur const char *SSL_get_cipher_list(const SSL *s, int n); -__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len); +__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); __owur int SSL_get_read_ahead(const SSL *s); __owur int SSL_pending(const SSL *s); __owur int SSL_has_pending(const SSL *s); diff --git a/amd64/include/openssl/ssl3.h b/amd64/include/openssl/ssl3.h index 4ca434e..115940a 100644 --- a/amd64/include/openssl/ssl3.h +++ b/amd64/include/openssl/ssl3.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -252,9 +252,15 @@ extern "C" { # define SSL3_CT_FORTEZZA_DMS 20 /* * SSL3_CT_NUMBER is used to size arrays and it must be large enough to - * contain all of the cert types defined either for SSLv3 and TLSv1. + * contain all of the cert types defined for *either* SSLv3 and TLSv1. */ -# define SSL3_CT_NUMBER 9 +# define SSL3_CT_NUMBER 10 + +# if defined(TLS_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif # define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 diff --git a/amd64/include/openssl/tls1.h b/amd64/include/openssl/tls1.h index 3fe01fe..732e87a 100644 --- a/amd64/include/openssl/tls1.h +++ b/amd64/include/openssl/tls1.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -883,7 +883,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see * comment there) */ -# define TLS_CT_NUMBER 9 +# define TLS_CT_NUMBER 10 + +# if defined(SSL3_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif # define TLS1_FINISH_MAC_LENGTH 12 diff --git a/amd64/include/openssl/x509.h b/amd64/include/openssl/x509.h index ee98df8..780386d 100644 --- a/amd64/include/openssl/x509.h +++ b/amd64/include/openssl/x509.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1055,6 +1055,7 @@ int ERR_load_X509_strings(void); # define X509_F_X509_LOAD_CERT_CRL_FILE 132 # define X509_F_X509_LOAD_CERT_FILE 111 # define X509_F_X509_LOAD_CRL_FILE 112 +# define X509_F_X509_LOOKUP_METH_NEW 160 # define X509_F_X509_NAME_ADD_ENTRY 113 # define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 # define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 diff --git a/amd64/include/openssl/x509_vfy.h b/amd64/include/openssl/x509_vfy.h index 1aa0a33..d91581c 100644 --- a/amd64/include/openssl/x509_vfy.h +++ b/amd64/include/openssl/x509_vfy.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -257,7 +257,9 @@ X509_OBJECT *X509_OBJECT_new(void); void X509_OBJECT_free(X509_OBJECT *a); X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); +int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a); +int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); X509_STORE *X509_STORE_new(void); void X509_STORE_free(X509_STORE *v); int X509_STORE_lock(X509_STORE *ctx); @@ -364,6 +366,76 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); X509_LOOKUP_METHOD *X509_LOOKUP_file(void); +typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); +typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + ASN1_INTEGER *serial, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const unsigned char* bytes, + int len, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const char *str, + int len, + X509_OBJECT *ret); + +X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); +void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, + int (*new_item) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, + void (*free) (X509_LOOKUP *ctx)); +void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, + int (*init) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, + int (*shutdown) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, + X509_LOOKUP_ctrl_fn ctrl_fn); +X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_subject_fn fn); +X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_issuer_serial_fn fn); +X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_fingerprint_fn fn); +X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn fn); +X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method); + + int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); @@ -393,6 +465,9 @@ int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, X509_OBJECT *ret); int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const char *str, int len, X509_OBJECT *ret); +int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); +void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); +X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); int X509_STORE_load_locations(X509_STORE *ctx, @@ -475,6 +550,7 @@ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, const char *name, size_t namelen); void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); +unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, diff --git a/amd64/libcrypto-1_1-x64.dll b/amd64/libcrypto-1_1-x64.dll index 14a26a7..98bc522 100644 Binary files a/amd64/libcrypto-1_1-x64.dll and b/amd64/libcrypto-1_1-x64.dll differ diff --git a/amd64/libcrypto-1_1-x64.pdb b/amd64/libcrypto-1_1-x64.pdb index 1c3fed0..8571b08 100644 Binary files a/amd64/libcrypto-1_1-x64.pdb and b/amd64/libcrypto-1_1-x64.pdb differ diff --git a/amd64/libcrypto.lib b/amd64/libcrypto.lib index 11c0b09..10d53e3 100644 Binary files a/amd64/libcrypto.lib and b/amd64/libcrypto.lib differ diff --git a/amd64/libssl-1_1-x64.dll b/amd64/libssl-1_1-x64.dll index 710adc4..dbe1aa7 100644 Binary files a/amd64/libssl-1_1-x64.dll and b/amd64/libssl-1_1-x64.dll differ diff --git a/amd64/libssl-1_1-x64.pdb b/amd64/libssl-1_1-x64.pdb index 34b2a10..8158c20 100644 Binary files a/amd64/libssl-1_1-x64.pdb and b/amd64/libssl-1_1-x64.pdb differ diff --git a/amd64/libssl.lib b/amd64/libssl.lib index 99f2ff7..354991d 100644 Binary files a/amd64/libssl.lib and b/amd64/libssl.lib differ diff --git a/win32/include/openssl/asn1.h b/win32/include/openssl/asn1.h index 05ae1db..d0b1099 100644 --- a/win32/include/openssl/asn1.h +++ b/win32/include/openssl/asn1.h @@ -953,8 +953,10 @@ int ERR_load_ASN1_strings(void); # define ASN1_F_D2I_AUTOPRIVATEKEY 207 # define ASN1_F_D2I_PRIVATEKEY 154 # define ASN1_F_D2I_PUBLICKEY 155 +# define ASN1_F_DO_BUF 142 # define ASN1_F_DO_TCREATE 222 # define ASN1_F_I2D_ASN1_BIO_STREAM 211 +# define ASN1_F_I2D_ASN1_OBJECT 143 # define ASN1_F_I2D_DSA_PUBKEY 161 # define ASN1_F_I2D_EC_PUBKEY 181 # define ASN1_F_I2D_PRIVATEKEY 163 diff --git a/win32/include/openssl/asn1_mac.h b/win32/include/openssl/asn1_mac.h deleted file mode 100644 index 7ac1782..0000000 --- a/win32/include/openssl/asn1_mac.h +++ /dev/null @@ -1,10 +0,0 @@ -/* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#error "This file is obsolete; please update your software." diff --git a/win32/include/openssl/bio.h b/win32/include/openssl/bio.h index f435bd8..3a72862 100644 --- a/win32/include/openssl/bio.h +++ b/win32/include/openssl/bio.h @@ -730,26 +730,26 @@ __bio_h__attr__((__format__(__printf__, 3, 0))); BIO_METHOD *BIO_meth_new(int type, const char *name); void BIO_meth_free(BIO_METHOD *biom); -int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int); +int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int); int BIO_meth_set_write(BIO_METHOD *biom, int (*write) (BIO *, const char *, int)); -int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int); +int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); int BIO_meth_set_read(BIO_METHOD *biom, int (*read) (BIO *, char *, int)); -int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *); +int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts) (BIO *, const char *)); -int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int); +int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); int BIO_meth_set_gets(BIO_METHOD *biom, int (*gets) (BIO *, char *, int)); -long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *); +long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *)); -int (*BIO_meth_get_create(BIO_METHOD *bion)) (BIO *); +int (*BIO_meth_get_create(const BIO_METHOD *bion)) (BIO *); int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); -int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *); +int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *); int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); -long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) +long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) (BIO *, int, BIO_info_cb *); int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl) (BIO *, int, diff --git a/win32/include/openssl/bn.h b/win32/include/openssl/bn.h index 54ae760..301edd5 100644 --- a/win32/include/openssl/bn.h +++ b/win32/include/openssl/bn.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -119,25 +119,76 @@ void *BN_GENCB_get_arg(BN_GENCB *cb); * on the size of the number */ /* - * number of Miller-Rabin iterations for an error rate of less than 2^-80 for - * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of - * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; - * original paper: Damgaard, Landrock, Pomerance: Average case error - * estimates for the strong probable prime test. -- Math. Comp. 61 (1993) - * 177-194) + * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations + * that will be done for checking that a random number is probably prime. The + * error rate for accepting a composite number as prime depends on the size of + * the prime |b|. The error rates used are for calculating an RSA key with 2 primes, + * and so the level is what you would expect for a key of double the size of the + * prime. + * + * This table is generated using the algorithm of FIPS PUB 186-4 + * Digital Signature Standard (DSS), section F.1, page 117. + * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) + * + * The following magma script was used to generate the output: + * securitybits:=125; + * k:=1024; + * for t:=1 to 65 do + * for M:=3 to Floor(2*Sqrt(k-1)-1) do + * S:=0; + * // Sum over m + * for m:=3 to M do + * s:=0; + * // Sum over j + * for j:=2 to m do + * s+:=(RealField(32)!2)^-(j+(k-1)/j); + * end for; + * S+:=2^(m-(m-1)*t)*s; + * end for; + * A:=2^(k-2-M*t); + * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S; + * pkt:=2.00743*Log(2)*k*2^-k*(A+B); + * seclevel:=Floor(-Log(2,pkt)); + * if seclevel ge securitybits then + * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M; + * break; + * end if; + * end for; + * if seclevel ge securitybits then break; end if; + * end for; + * + * It can be run online at: + * http://magma.maths.usyd.edu.au/calc + * + * And will output: + * k: 1024, security: 129 bits (t: 6, M: 23) + * + * k is the number of bits of the prime, securitybits is the level we want to + * reach. + * + * prime length | RSA key size | # MR tests | security level + * -------------+--------------|------------+--------------- + * (b) >= 6394 | >= 12788 | 3 | 256 bit + * (b) >= 3747 | >= 7494 | 3 | 192 bit + * (b) >= 1345 | >= 2690 | 4 | 128 bit + * (b) >= 1080 | >= 2160 | 5 | 128 bit + * (b) >= 852 | >= 1704 | 5 | 112 bit + * (b) >= 476 | >= 952 | 5 | 80 bit + * (b) >= 400 | >= 800 | 6 | 80 bit + * (b) >= 347 | >= 694 | 7 | 80 bit + * (b) >= 308 | >= 616 | 8 | 80 bit + * (b) >= 55 | >= 110 | 27 | 64 bit + * (b) >= 6 | >= 12 | 34 | 64 bit */ -# define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ - (b) >= 850 ? 3 : \ - (b) >= 650 ? 4 : \ - (b) >= 550 ? 5 : \ - (b) >= 450 ? 6 : \ - (b) >= 400 ? 7 : \ - (b) >= 350 ? 8 : \ - (b) >= 300 ? 9 : \ - (b) >= 250 ? 12 : \ - (b) >= 200 ? 15 : \ - (b) >= 150 ? 18 : \ - /* b >= 100 */ 27) + +# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \ + (b) >= 1345 ? 4 : \ + (b) >= 476 ? 5 : \ + (b) >= 400 ? 6 : \ + (b) >= 347 ? 7 : \ + (b) >= 308 ? 8 : \ + (b) >= 55 ? 27 : \ + /* b >= 6 */ 34) # define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) diff --git a/win32/include/openssl/conf.h b/win32/include/openssl/conf.h index 980a51b..e0539e3 100644 --- a/win32/include/openssl/conf.h +++ b/win32/include/openssl/conf.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -191,6 +191,7 @@ int ERR_load_CONF_strings(void); # define CONF_F_NCONF_LOAD_BIO 110 # define CONF_F_NCONF_LOAD_FP 114 # define CONF_F_NCONF_NEW 111 +# define CONF_F_SSL_MODULE_INIT 123 # define CONF_F_STR_COPY 101 /* Reason codes. */ @@ -206,6 +207,10 @@ int ERR_load_CONF_strings(void); # define CONF_R_NO_SECTION 107 # define CONF_R_NO_SUCH_FILE 114 # define CONF_R_NO_VALUE 108 +# define CONF_R_SSL_COMMAND_SECTION_EMPTY 117 +# define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118 +# define CONF_R_SSL_SECTION_EMPTY 119 +# define CONF_R_SSL_SECTION_NOT_FOUND 120 # define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 # define CONF_R_UNKNOWN_MODULE_NAME 113 # define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 diff --git a/win32/include/openssl/crypto.h b/win32/include/openssl/crypto.h index 1ba7f25..fa3f12a 100644 --- a/win32/include/openssl/crypto.h +++ b/win32/include/openssl/crypto.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -371,7 +371,9 @@ int CRYPTO_memcmp(const volatile void * volatile in_a, # define OPENSSL_INIT_ENGINE_CAPI 0x00002000L # define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L # define OPENSSL_INIT_ENGINE_AFALG 0x00008000L -/* OPENSSL_INIT flag 0x00010000 reserved for internal use */ +/* OPENSSL_INIT_ZLIB 0x00010000L */ +/* currently unused 0x00020000L */ +/* OPENSSL_INIT_BASE_ONLY 0x00040000L */ /* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */ /* Max OPENSSL_INIT flag value is 0x80000000 */ diff --git a/win32/include/openssl/dh.h b/win32/include/openssl/dh.h index fbd4790..8cf879e 100644 --- a/win32/include/openssl/dh.h +++ b/win32/include/openssl/dh.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -187,7 +187,7 @@ void DH_meth_free(DH_METHOD *dhm); DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); const char *DH_meth_get0_name(const DH_METHOD *dhm); int DH_meth_set1_name(DH_METHOD *dhm, const char *name); -int DH_meth_get_flags(DH_METHOD *dhm); +int DH_meth_get_flags(const DH_METHOD *dhm); int DH_meth_set_flags(DH_METHOD *dhm, int flags); void *DH_meth_get0_app_data(const DH_METHOD *dhm); int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); diff --git a/win32/include/openssl/dsa.h b/win32/include/openssl/dsa.h index 139718e..3a7b1a6 100644 --- a/win32/include/openssl/dsa.h +++ b/win32/include/openssl/dsa.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -146,10 +146,12 @@ int DSAparams_print_fp(FILE *fp, const DSA *x); int DSA_print_fp(FILE *bp, const DSA *x, int off); # endif -# define DSS_prime_checks 50 +# define DSS_prime_checks 64 /* - * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of - * Rabin-Miller + * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only + * have one value here we set the number of checks to 64 which is the 128 bit + * security level that is the highest level and valid for creating a 3072 bit + * DSA key. */ # define DSA_is_prime(n, callback, cb_arg) \ BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) @@ -186,7 +188,7 @@ void DSA_meth_free(DSA_METHOD *dsam); DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam); const char *DSA_meth_get0_name(const DSA_METHOD *dsam); int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); -int DSA_meth_get_flags(DSA_METHOD *dsam); +int DSA_meth_get_flags(const DSA_METHOD *dsam); int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); @@ -260,6 +262,7 @@ int ERR_load_DSA_strings(void); # define DSA_F_DSA_SIG_NEW 102 # define DSA_F_OLD_DSA_PRIV_DECODE 122 # define DSA_F_PKEY_DSA_CTRL 120 +# define DSA_F_PKEY_DSA_CTRL_STR 104 # define DSA_F_PKEY_DSA_KEYGEN 121 /* Reason codes. */ diff --git a/win32/include/openssl/evp.h b/win32/include/openssl/evp.h index 43c97a7..36e2934 100644 --- a/win32/include/openssl/evp.h +++ b/win32/include/openssl/evp.h @@ -1351,34 +1351,34 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, const char *type, const char *value)); -void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, int (**pinit) (EVP_PKEY_CTX *ctx)); -void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, int (**pcopy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)); -void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, void (**pcleanup) (EVP_PKEY_CTX *ctx)); -void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, int (**pparamgen_init) (EVP_PKEY_CTX *ctx), int (**pparamgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); -void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, int (**pkeygen_init) (EVP_PKEY_CTX *ctx), int (**pkeygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); -void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, int (**psign_init) (EVP_PKEY_CTX *ctx), int (**psign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen)); -void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, int (**pverify_init) (EVP_PKEY_CTX *ctx), int (**pverify) (EVP_PKEY_CTX *ctx, const unsigned char *sig, @@ -1386,7 +1386,7 @@ void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, const unsigned char *tbs, size_t tbslen)); -void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, int (**pverify_recover_init) (EVP_PKEY_CTX *ctx), int (**pverify_recover) (EVP_PKEY_CTX @@ -1398,7 +1398,7 @@ void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, char *tbs, size_t tbslen)); -void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, int (**psignctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), int (**psignctx) (EVP_PKEY_CTX *ctx, @@ -1406,7 +1406,7 @@ void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, size_t *siglen, EVP_MD_CTX *mctx)); -void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), int (**pverifyctx) (EVP_PKEY_CTX *ctx, @@ -1414,7 +1414,7 @@ void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, int siglen, EVP_MD_CTX *mctx)); -void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, int (**pencrypt_init) (EVP_PKEY_CTX *ctx), int (**pencryptfn) (EVP_PKEY_CTX *ctx, unsigned char *out, @@ -1422,7 +1422,7 @@ void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, const unsigned char *in, size_t inlen)); -void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), int (**pdecrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, @@ -1430,13 +1430,13 @@ void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, const unsigned char *in, size_t inlen)); -void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, int (**pderive_init) (EVP_PKEY_CTX *ctx), int (**pderive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)); -void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2), int (**pctrl_str) (EVP_PKEY_CTX *ctx, @@ -1506,6 +1506,8 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_PKEY_GET0_RSA 121 # define EVP_F_EVP_PKEY_KEYGEN 146 # define EVP_F_EVP_PKEY_KEYGEN_INIT 147 +# define EVP_F_EVP_PKEY_METH_ADD0 172 +# define EVP_F_EVP_PKEY_METH_NEW 173 # define EVP_F_EVP_PKEY_NEW 106 # define EVP_F_EVP_PKEY_PARAMGEN 148 # define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 @@ -1570,6 +1572,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 # define EVP_R_OPERATON_NOT_INITIALIZED 151 # define EVP_R_PARTIALLY_OVERLAPPING 162 +# define EVP_R_PBKDF2_ERROR 176 # define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 175 # define EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED 164 # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 diff --git a/win32/include/openssl/lhash.h b/win32/include/openssl/lhash.h index 82d40c1..8ecc588 100644 --- a/win32/include/openssl/lhash.h +++ b/win32/include/openssl/lhash.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -95,7 +95,7 @@ void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); # define _LHASH OPENSSL_LHASH # define LHASH_NODE OPENSSL_LH_NODE # define lh_error OPENSSL_LH_error -# define lh_new OPENSSL_lh_new +# define lh_new OPENSSL_LH_new # define lh_free OPENSSL_LH_free # define lh_insert OPENSSL_LH_insert # define lh_delete OPENSSL_LH_delete diff --git a/win32/include/openssl/opensslconf.h b/win32/include/openssl/opensslconf.h index 47ee3ba..e1635c8 100644 --- a/win32/include/openssl/opensslconf.h +++ b/win32/include/openssl/opensslconf.h @@ -1,6 +1,6 @@ /* * WARNING: do not edit! - * Generated by makefile from ..\include\openssl\opensslconf.h.in + * Generated by makefile from ..\s\include\openssl\opensslconf.h.in * * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * @@ -102,12 +102,18 @@ extern "C" { * still won't see them if the library has been built to disable deprecated * functions. */ -#if defined(OPENSSL_NO_DEPRECATED) -# define DECLARE_DEPRECATED(f) -#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); -#else -# define DECLARE_DEPRECATED(f) f; +#ifndef DECLARE_DEPRECATED +# if defined(OPENSSL_NO_DEPRECATED) +# define DECLARE_DEPRECATED(f) +# else +# define DECLARE_DEPRECATED(f) f; +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# endif +# endif #endif #ifndef OPENSSL_FILE diff --git a/win32/include/openssl/opensslconf.h.in b/win32/include/openssl/opensslconf.h.in new file mode 100644 index 0000000..17807fb --- /dev/null +++ b/win32/include/openssl/opensslconf.h.in @@ -0,0 +1,147 @@ +/* + * {- join("\n * ", @autowarntext) -} + * + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL_ALGORITHM_DEFINES +# error OPENSSL_ALGORITHM_DEFINES no longer supported +#endif + +/* + * OpenSSL was configured with the following options: + */ + +{- if (@{$config{openssl_sys_defines}}) { + foreach (@{$config{openssl_sys_defines}}) { + $OUT .= "#ifndef $_\n"; + $OUT .= "# define $_ 1\n"; + $OUT .= "#endif\n"; + } + } + foreach (@{$config{openssl_api_defines}}) { + (my $macro, my $value) = $_ =~ /^(.*?)=(.*?)$/; + $OUT .= "#define $macro $value\n"; + } + if (@{$config{openssl_algorithm_defines}}) { + foreach (@{$config{openssl_algorithm_defines}}) { + $OUT .= "#ifndef $_\n"; + $OUT .= "# define $_\n"; + $OUT .= "#endif\n"; + } + } + if (@{$config{openssl_thread_defines}}) { + foreach (@{$config{openssl_thread_defines}}) { + $OUT .= "#ifndef $_\n"; + $OUT .= "# define $_\n"; + $OUT .= "#endif\n"; + } + } + if (@{$config{openssl_other_defines}}) { + foreach (@{$config{openssl_other_defines}}) { + $OUT .= "#ifndef $_\n"; + $OUT .= "# define $_\n"; + $OUT .= "#endif\n"; + } + } + ""; +-} + +/* + * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers + * don't like that. This will hopefully silence them. + */ +#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy; + +/* + * Applications should use -DOPENSSL_API_COMPAT= to suppress the + * declarations of functions deprecated in or before . Otherwise, they + * still won't see them if the library has been built to disable deprecated + * functions. + */ +#ifndef DECLARE_DEPRECATED +# if defined(OPENSSL_NO_DEPRECATED) +# define DECLARE_DEPRECATED(f) +# else +# define DECLARE_DEPRECATED(f) f; +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# endif +# endif +#endif + +#ifndef OPENSSL_FILE +# ifdef OPENSSL_NO_FILENAMES +# define OPENSSL_FILE "" +# define OPENSSL_LINE 0 +# else +# define OPENSSL_FILE __FILE__ +# define OPENSSL_LINE __LINE__ +# endif +#endif + +#ifndef OPENSSL_MIN_API +# define OPENSSL_MIN_API 0 +#endif + +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API +# undef OPENSSL_API_COMPAT +# define OPENSSL_API_COMPAT OPENSSL_MIN_API +#endif + +#if OPENSSL_API_COMPAT < 0x10100000L +# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_1_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10000000L +# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_0_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x00908000L +# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_0_9_8(f) +#endif + +{- $target{cpuid_obj} ne "mem_clr.o" ? "#define OPENSSL_CPUID_OBJ" : "" -} + +/* Generate 80386 code? */ +{- $config{processor} eq "386" ? "#define" : "#undef" -} I386_ONLY + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD {- $target{unistd} -} + +{- $config{export_var_as_fn} ? "#define" : "#undef" -} OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* + * The following are cipher-specific, but are part of the public API. + */ +#if !defined(OPENSSL_SYS_UEFI) +{- $config{bn_ll} ? "# define" : "# undef" -} BN_LLONG +/* Only one for the following should be defined */ +{- $config{b64l} ? "# define" : "# undef" -} SIXTY_FOUR_BIT_LONG +{- $config{b64} ? "# define" : "# undef" -} SIXTY_FOUR_BIT +{- $config{b32} ? "# define" : "# undef" -} THIRTY_TWO_BIT +#endif + +#define RC4_INT {- $config{rc4_int} -} + +#ifdef __cplusplus +} +#endif diff --git a/win32/include/openssl/opensslv.h b/win32/include/openssl/opensslv.h index 4fb437f..c5ef2a7 100644 --- a/win32/include/openssl/opensslv.h +++ b/win32/include/openssl/opensslv.h @@ -39,18 +39,13 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1010008fL +# define OPENSSL_VERSION_NUMBER 0x1010009fL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0h-fips 27 Mar 2018" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0i-fips 14 Aug 2018" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0h 27 Mar 2018" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0i 14 Aug 2018" # endif -#define OPENSSL_MAKE_VERSION(maj,min,fix,patch) ((0x10000000L)+((maj&0xff)<<20)+((min&0xff)<<12)+((fix&0xff)<<4)+patch) - -/* use this for #if tests, should never depend upon fix/patch */ -#define OPENSSL_VERSION_AT_LEAST(maj,min) (OPENSSL_MAKE_VERSION(maj,min, 0, 0) >= OPENSSL_VERSION_NUMBER) - /*- * The macros below are to be used for shared library (.so, .dll, ...) * versioning. That kind of versioning works a bit differently between diff --git a/win32/include/openssl/pem.h b/win32/include/openssl/pem.h index 2375d63..f7ce3c6 100644 --- a/win32/include/openssl/pem.h +++ b/win32/include/openssl/pem.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -322,7 +322,8 @@ int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey); -int PEM_def_callback(char *buf, int num, int w, void *key); +/* The default pem_password_cb that's used internally */ +int PEM_def_callback(char *buf, int num, int rwflag, void *userdata); void PEM_proc_type(char *buf, int type); void PEM_dek_info(char *buf, const char *type, int len, char *str); diff --git a/win32/include/openssl/rsa.h b/win32/include/openssl/rsa.h index d97d6e0..790831b 100644 --- a/win32/include/openssl/rsa.h +++ b/win32/include/openssl/rsa.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -374,7 +374,7 @@ void RSA_meth_free(RSA_METHOD *meth); RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); const char *RSA_meth_get0_name(const RSA_METHOD *meth); int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); -int RSA_meth_get_flags(RSA_METHOD *meth); +int RSA_meth_get_flags(const RSA_METHOD *meth); int RSA_meth_set_flags(RSA_METHOD *meth, int flags); void *RSA_meth_get0_app_data(const RSA_METHOD *meth); int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); diff --git a/win32/include/openssl/ssl.h b/win32/include/openssl/ssl.h index f070bd2..56e2056 100644 --- a/win32/include/openssl/ssl.h +++ b/win32/include/openssl/ssl.h @@ -967,8 +967,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); # define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 # define SSL_VERIFY_CLIENT_ONCE 0x04 -# define OpenSSL_add_ssl_algorithms() SSL_library_init() # if OPENSSL_API_COMPAT < 0x10100000L +# define OpenSSL_add_ssl_algorithms() SSL_library_init() # define SSLeay_add_ssl_algorithms() SSL_library_init() # endif @@ -1358,7 +1358,7 @@ __owur int SSL_get_fd(const SSL *s); __owur int SSL_get_rfd(const SSL *s); __owur int SSL_get_wfd(const SSL *s); __owur const char *SSL_get_cipher_list(const SSL *s, int n); -__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len); +__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); __owur int SSL_get_read_ahead(const SSL *s); __owur int SSL_pending(const SSL *s); __owur int SSL_has_pending(const SSL *s); diff --git a/win32/include/openssl/ssl3.h b/win32/include/openssl/ssl3.h index 4ca434e..115940a 100644 --- a/win32/include/openssl/ssl3.h +++ b/win32/include/openssl/ssl3.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -252,9 +252,15 @@ extern "C" { # define SSL3_CT_FORTEZZA_DMS 20 /* * SSL3_CT_NUMBER is used to size arrays and it must be large enough to - * contain all of the cert types defined either for SSLv3 and TLSv1. + * contain all of the cert types defined for *either* SSLv3 and TLSv1. */ -# define SSL3_CT_NUMBER 9 +# define SSL3_CT_NUMBER 10 + +# if defined(TLS_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif # define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 diff --git a/win32/include/openssl/tls1.h b/win32/include/openssl/tls1.h index 3fe01fe..732e87a 100644 --- a/win32/include/openssl/tls1.h +++ b/win32/include/openssl/tls1.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -883,7 +883,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see * comment there) */ -# define TLS_CT_NUMBER 9 +# define TLS_CT_NUMBER 10 + +# if defined(SSL3_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif # define TLS1_FINISH_MAC_LENGTH 12 diff --git a/win32/include/openssl/x509.h b/win32/include/openssl/x509.h index ee98df8..780386d 100644 --- a/win32/include/openssl/x509.h +++ b/win32/include/openssl/x509.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1055,6 +1055,7 @@ int ERR_load_X509_strings(void); # define X509_F_X509_LOAD_CERT_CRL_FILE 132 # define X509_F_X509_LOAD_CERT_FILE 111 # define X509_F_X509_LOAD_CRL_FILE 112 +# define X509_F_X509_LOOKUP_METH_NEW 160 # define X509_F_X509_NAME_ADD_ENTRY 113 # define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 # define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 diff --git a/win32/include/openssl/x509_vfy.h b/win32/include/openssl/x509_vfy.h index 1aa0a33..d91581c 100644 --- a/win32/include/openssl/x509_vfy.h +++ b/win32/include/openssl/x509_vfy.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -257,7 +257,9 @@ X509_OBJECT *X509_OBJECT_new(void); void X509_OBJECT_free(X509_OBJECT *a); X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); +int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a); +int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); X509_STORE *X509_STORE_new(void); void X509_STORE_free(X509_STORE *v); int X509_STORE_lock(X509_STORE *ctx); @@ -364,6 +366,76 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); X509_LOOKUP_METHOD *X509_LOOKUP_file(void); +typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); +typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + ASN1_INTEGER *serial, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const unsigned char* bytes, + int len, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const char *str, + int len, + X509_OBJECT *ret); + +X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); +void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, + int (*new_item) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, + void (*free) (X509_LOOKUP *ctx)); +void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, + int (*init) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, + int (*shutdown) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, + X509_LOOKUP_ctrl_fn ctrl_fn); +X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_subject_fn fn); +X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_issuer_serial_fn fn); +X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_fingerprint_fn fn); +X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn fn); +X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method); + + int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); @@ -393,6 +465,9 @@ int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, X509_OBJECT *ret); int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const char *str, int len, X509_OBJECT *ret); +int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); +void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); +X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); int X509_STORE_load_locations(X509_STORE *ctx, @@ -475,6 +550,7 @@ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, const char *name, size_t namelen); void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); +unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, diff --git a/win32/libcrypto-1_1.dll b/win32/libcrypto-1_1.dll index a1010f7..d2b21d6 100644 Binary files a/win32/libcrypto-1_1.dll and b/win32/libcrypto-1_1.dll differ diff --git a/win32/libcrypto-1_1.pdb b/win32/libcrypto-1_1.pdb index ebb0428..b27d5ae 100644 Binary files a/win32/libcrypto-1_1.pdb and b/win32/libcrypto-1_1.pdb differ diff --git a/win32/libcrypto.lib b/win32/libcrypto.lib index de8c17b..78250dd 100644 Binary files a/win32/libcrypto.lib and b/win32/libcrypto.lib differ diff --git a/win32/libssl-1_1.dll b/win32/libssl-1_1.dll index 651d25a..4d75d54 100644 Binary files a/win32/libssl-1_1.dll and b/win32/libssl-1_1.dll differ diff --git a/win32/libssl-1_1.pdb b/win32/libssl-1_1.pdb index f2dd19e..fb6c136 100644 Binary files a/win32/libssl-1_1.pdb and b/win32/libssl-1_1.pdb differ diff --git a/win32/libssl.lib b/win32/libssl.lib index a29a0aa..bc7be0f 100644 Binary files a/win32/libssl.lib and b/win32/libssl.lib differ