diff --git a/amd64/LICENSE b/amd64/LICENSE index 8fbabd8..e953f59 100644 --- a/amd64/LICENSE +++ b/amd64/LICENSE @@ -10,7 +10,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/amd64/include/openssl/asn1.h b/amd64/include/openssl/asn1.h index 35637cc..05ae1db 100644 --- a/amd64/include/openssl/asn1.h +++ b/amd64/include/openssl/asn1.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1051,6 +1051,7 @@ int ERR_load_ASN1_strings(void); # define ASN1_R_MSTRING_NOT_UNIVERSAL 139 # define ASN1_R_MSTRING_WRONG_TAG 140 # define ASN1_R_NESTED_ASN1_STRING 197 +# define ASN1_R_NESTED_TOO_DEEP 201 # define ASN1_R_NON_HEX_CHARACTERS 141 # define ASN1_R_NOT_ASCII_FORMAT 190 # define ASN1_R_NOT_ENOUGH_DATA 142 diff --git a/amd64/include/openssl/asn1_mac.h b/amd64/include/openssl/asn1_mac.h new file mode 100644 index 0000000..7ac1782 --- /dev/null +++ b/amd64/include/openssl/asn1_mac.h @@ -0,0 +1,10 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#error "This file is obsolete; please update your software." diff --git a/amd64/include/openssl/bio.h b/amd64/include/openssl/bio.h index 7812851..f435bd8 100644 --- a/amd64/include/openssl/bio.h +++ b/amd64/include/openssl/bio.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -125,11 +125,10 @@ extern "C" { # define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 -# define BIO_CTRL_DGRAM_SET_PEEK_MODE 50 - +/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */ +# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 # ifndef OPENSSL_NO_SCTP /* SCTP stuff */ -# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 # define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51 # define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52 # define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53 @@ -142,6 +141,8 @@ extern "C" { # define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70 # endif +# define BIO_CTRL_DGRAM_SET_PEEK_MODE 71 + /* modifiers */ # define BIO_FP_READ 0x02 # define BIO_FP_WRITE 0x04 @@ -245,7 +246,8 @@ typedef struct bio_method_st BIO_METHOD; const char *BIO_method_name(const BIO *b); int BIO_method_type(const BIO *b); -typedef void bio_info_cb(BIO *, int, const char *, int, long, long); +typedef int BIO_info_cb(BIO *, int, int); +typedef BIO_info_cb bio_info_cb; /* backward compatibility */ DEFINE_STACK_OF(BIO) @@ -546,8 +548,7 @@ int BIO_write(BIO *b, const void *data, int len); int BIO_puts(BIO *bp, const char *buf); int BIO_indent(BIO *b, int indent, int max); long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); -long BIO_callback_ctrl(BIO *b, int cmd, - void (*fp) (BIO *, int, const char *, int, long, long)); +long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); BIO *BIO_push(BIO *b, BIO *append); @@ -749,10 +750,10 @@ int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *); int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) - (BIO *, int, bio_info_cb *); + (BIO *, int, BIO_info_cb *); int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl) (BIO *, int, - bio_info_cb *)); + BIO_info_cb *)); /* BEGIN ERROR CODES */ /* @@ -780,6 +781,7 @@ int ERR_load_BIO_strings(void); # define BIO_F_BIO_LISTEN 139 # define BIO_F_BIO_LOOKUP 135 # define BIO_F_BIO_MAKE_PAIR 121 +# define BIO_F_BIO_METH_NEW 146 # define BIO_F_BIO_NEW 108 # define BIO_F_BIO_NEW_FILE 109 # define BIO_F_BIO_NEW_MEM_BUF 126 diff --git a/amd64/include/openssl/bn.h b/amd64/include/openssl/bn.h index 17bd521..54ae760 100644 --- a/amd64/include/openssl/bn.h +++ b/amd64/include/openssl/bn.h @@ -196,7 +196,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); */ void BN_set_negative(BIGNUM *b, int n); /** BN_is_negative returns 1 if the BIGNUM is negative - * \param a pointer to the BIGNUM object + * \param b pointer to the BIGNUM object * \return 1 if a < 0 and 0 otherwise */ int BN_is_negative(const BIGNUM *b); diff --git a/amd64/include/openssl/buffer.h b/amd64/include/openssl/buffer.h index 91f0e07..35160b4 100644 --- a/amd64/include/openssl/buffer.h +++ b/amd64/include/openssl/buffer.h @@ -21,10 +21,7 @@ extern "C" { #endif # include - -# if !defined(NO_SYS_TYPES_H) -# include -# endif +# include /* * These names are outdated as of OpenSSL 1.1; a future release diff --git a/amd64/include/openssl/crypto.h b/amd64/include/openssl/crypto.h index 55e8020..1ba7f25 100644 --- a/amd64/include/openssl/crypto.h +++ b/amd64/include/openssl/crypto.h @@ -146,6 +146,8 @@ int CRYPTO_mem_ctrl(int mode); CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) # define OPENSSL_secure_free(addr) \ CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_clear_free(addr, num) \ + CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) # define OPENSSL_secure_actual_size(ptr) \ CRYPTO_secure_actual_size(ptr) @@ -285,6 +287,8 @@ int CRYPTO_secure_malloc_done(void); void *CRYPTO_secure_malloc(size_t num, const char *file, int line); void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); void CRYPTO_secure_free(void *ptr, const char *file, int line); +void CRYPTO_secure_clear_free(void *ptr, size_t num, + const char *file, int line); int CRYPTO_secure_allocated(const void *ptr); int CRYPTO_secure_malloc_initialized(void); size_t CRYPTO_secure_actual_size(void *ptr); diff --git a/amd64/include/openssl/e_os2.h b/amd64/include/openssl/e_os2.h index 4aec51f..9800e15 100644 --- a/amd64/include/openssl/e_os2.h +++ b/amd64/include/openssl/e_os2.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -49,7 +49,6 @@ extern "C" { # define OPENSSL_SYS_WIN32_UWIN # else # if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN) -# undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32_CYGWIN # else # if defined(_WIN32) || defined(OPENSSL_SYS_WIN32) diff --git a/amd64/include/openssl/ec.h b/amd64/include/openssl/ec.h index 6f7548c..f06680a 100644 --- a/amd64/include/openssl/ec.h +++ b/amd64/include/openssl/ec.h @@ -1223,7 +1223,7 @@ void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, const ECDSA_SIG *sig, EC_KEY *eckey)); -void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth, +void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth, int (**pinit)(EC_KEY *key), void (**pfinish)(EC_KEY *key), int (**pcopy)(EC_KEY *dest, const EC_KEY *src), @@ -1234,16 +1234,16 @@ void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth, int (**pset_public)(EC_KEY *key, const EC_POINT *pub_key)); -void EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth, +void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, int (**pkeygen)(EC_KEY *key)); -void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth, +void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth, int (**pck)(unsigned char **psec, size_t *pseclen, const EC_POINT *pub_key, const EC_KEY *ecdh)); -void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth, +void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth, int (**psign)(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, @@ -1257,7 +1257,7 @@ void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth, const BIGNUM *in_r, EC_KEY *eckey)); -void EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth, +void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, int (**pverify)(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, diff --git a/amd64/include/openssl/evp.h b/amd64/include/openssl/evp.h index 01f51b7..43c97a7 100644 --- a/amd64/include/openssl/evp.h +++ b/amd64/include/openssl/evp.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -900,6 +900,9 @@ int EVP_PKEY_security_bits(const EVP_PKEY *pkey); int EVP_PKEY_size(EVP_PKEY *pkey); int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); +# ifndef OPENSSL_NO_ENGINE +int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e); +# endif int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); void *EVP_PKEY_get0(const EVP_PKEY *pkey); const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); @@ -1482,6 +1485,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_PBE_SCRYPT 181 # define EVP_F_EVP_PKCS82PKEY 111 # define EVP_F_EVP_PKEY2PKCS8 113 +# define EVP_F_EVP_PKEY_ASN1_ADD0 168 # define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 # define EVP_F_EVP_PKEY_CTX_CTRL 137 # define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 @@ -1505,6 +1509,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_PKEY_NEW 106 # define EVP_F_EVP_PKEY_PARAMGEN 148 # define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 +# define EVP_F_EVP_PKEY_SET1_ENGINE 187 # define EVP_F_EVP_PKEY_SIGN 140 # define EVP_F_EVP_PKEY_SIGN_INIT 141 # define EVP_F_EVP_PKEY_VERIFY 142 @@ -1565,6 +1570,8 @@ int ERR_load_EVP_strings(void); # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 # define EVP_R_OPERATON_NOT_INITIALIZED 151 # define EVP_R_PARTIALLY_OVERLAPPING 162 +# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 175 +# define EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED 164 # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 # define EVP_R_PUBLIC_KEY_NOT_RSA 106 diff --git a/amd64/include/openssl/ocsp.h b/amd64/include/openssl/ocsp.h index 08debc5..90ebe5c 100644 --- a/amd64/include/openssl/ocsp.h +++ b/amd64/include/openssl/ocsp.h @@ -137,22 +137,6 @@ typedef struct ocsp_service_locator_st OCSP_SERVICELOC; # define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) -# define OCSP_REQUEST_sign(o,pkey,md) \ - ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ - &o->optionalSignature->signatureAlgorithm,NULL,\ - o->optionalSignature->signature,&o->tbsRequest,pkey,md) - -# define OCSP_BASICRESP_sign(o,pkey,md,d) \ - ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&o->signatureAlgorithm,NULL,\ - o->signature,&o->tbsResponseData,pkey,md) - -# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ - &a->optionalSignature->signatureAlgorithm,\ - a->optionalSignature->signature,&a->tbsRequest,r) - -# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ - &a->signatureAlgorithm,a->signature,&a->tbsResponseData,r) - # define ASN1_BIT_STRING_digest(data,type,md,len) \ ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) @@ -210,6 +194,8 @@ int OCSP_response_status(OCSP_RESPONSE *resp); OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs); int OCSP_resp_count(OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); diff --git a/amd64/include/openssl/opensslconf.h b/amd64/include/openssl/opensslconf.h index 91fefc2..e52b31f 100644 --- a/amd64/include/openssl/opensslconf.h +++ b/amd64/include/openssl/opensslconf.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by makefile from ..\include\openssl\opensslconf.h.in * - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/amd64/include/openssl/opensslv.h b/amd64/include/openssl/opensslv.h index f3f1d41..4fb437f 100644 --- a/amd64/include/openssl/opensslv.h +++ b/amd64/include/openssl/opensslv.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,13 +39,18 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1010006fL +# define OPENSSL_VERSION_NUMBER 0x1010008fL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0f-fips 25 May 2017" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0h-fips 27 Mar 2018" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0f 25 May 2017" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0h 27 Mar 2018" # endif +#define OPENSSL_MAKE_VERSION(maj,min,fix,patch) ((0x10000000L)+((maj&0xff)<<20)+((min&0xff)<<12)+((fix&0xff)<<4)+patch) + +/* use this for #if tests, should never depend upon fix/patch */ +#define OPENSSL_VERSION_AT_LEAST(maj,min) (OPENSSL_MAKE_VERSION(maj,min, 0, 0) >= OPENSSL_VERSION_NUMBER) + /*- * The macros below are to be used for shared library (.so, .dll, ...) * versioning. That kind of versioning works a bit differently between diff --git a/amd64/include/openssl/seed.h b/amd64/include/openssl/seed.h index bb97131..de10b08 100644 --- a/amd64/include/openssl/seed.h +++ b/amd64/include/openssl/seed.h @@ -52,9 +52,7 @@ extern "C" { # endif # endif -# if !defined(NO_SYS_TYPES_H) -# include -# endif +# include # define SEED_BLOCK_SIZE 16 # define SEED_KEY_LENGTH 16 diff --git a/amd64/include/openssl/srtp.h b/amd64/include/openssl/srtp.h index 5ddfa46..0b57c23 100644 --- a/amd64/include/openssl/srtp.h +++ b/amd64/include/openssl/srtp.h @@ -36,7 +36,7 @@ extern "C" { # ifndef OPENSSL_NO_SRTP __owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); -__owur int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); +__owur int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); __owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); __owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); diff --git a/amd64/include/openssl/ssl.h b/amd64/include/openssl/ssl.h index 6f0f361..f070bd2 100644 --- a/amd64/include/openssl/ssl.h +++ b/amd64/include/openssl/ssl.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -95,14 +95,14 @@ extern "C" { # define SSL_TXT_NULL "NULL" # define SSL_TXT_kRSA "kRSA" -# define SSL_TXT_kDHr "kDHr" -# define SSL_TXT_kDHd "kDHd" -# define SSL_TXT_kDH "kDH" +# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */ +# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */ +# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */ # define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ # define SSL_TXT_kDHE "kDHE" -# define SSL_TXT_kECDHr "kECDHr" -# define SSL_TXT_kECDHe "kECDHe" -# define SSL_TXT_kECDH "kECDH" +# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */ +# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */ +# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */ # define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ # define SSL_TXT_kECDHE "kECDHE" # define SSL_TXT_kPSK "kPSK" @@ -114,8 +114,8 @@ extern "C" { # define SSL_TXT_aRSA "aRSA" # define SSL_TXT_aDSS "aDSS" -# define SSL_TXT_aDH "aDH" -# define SSL_TXT_aECDH "aECDH" +# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */ +# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */ # define SSL_TXT_aECDSA "aECDSA" # define SSL_TXT_aPSK "aPSK" # define SSL_TXT_aGOST94 "aGOST94" @@ -297,6 +297,8 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); # define SSL_OP_NO_COMPRESSION 0x00020000U /* Permit unsafe legacy renegotiation */ # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U +/* Disable encrypt-then-mac */ +# define SSL_OP_NO_ENCRYPT_THEN_MAC 0x00080000U /* * Set on servers to choose the cipher according to the server's preferences */ @@ -321,6 +323,9 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) # define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2) +/* Disallow all renegotiation */ +# define SSL_OP_NO_RENEGOTIATION 0x40000000U + /* * Make server add server-hello extension from early version of cryptopro * draft, when GOST ciphersuite is negotiated. Required for interoperability @@ -1158,6 +1163,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 +# define SSL_CTRL_GET_MIN_PROTO_VERSION 130 +# define SSL_CTRL_GET_MAX_PROTO_VERSION 131 # define SSL_CERT_SET_FIRST 1 # define SSL_CERT_SET_NEXT 2 # define SSL_CERT_SET_SERVER 3 @@ -1289,10 +1296,18 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) #define SSL_CTX_set_max_proto_version(ctx, version) \ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +#define SSL_CTX_get_min_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +#define SSL_CTX_get_max_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) #define SSL_set_min_proto_version(s, version) \ SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) #define SSL_set_max_proto_version(s, version) \ SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +#define SSL_get_min_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +#define SSL_get_max_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) #if OPENSSL_API_COMPAT < 0x10100000L /* Provide some compatibility macros for removed functionality. */ @@ -1444,7 +1459,7 @@ int SSL_SESSION_up_ref(SSL_SESSION *ses); void SSL_SESSION_free(SSL_SESSION *ses); __owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); __owur int SSL_set_session(SSL *to, SSL_SESSION *session); -__owur int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); +int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); __owur int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); __owur int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); @@ -1517,7 +1532,7 @@ __owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype, uint8_t ord); __owur int SSL_dane_enable(SSL *s, const char *basedomain); __owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, - uint8_t mtype, unsigned char *data, size_t dlen); + uint8_t mtype, unsigned const char *data, size_t dlen); __owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); __owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, uint8_t *mtype, unsigned const char **data, @@ -2095,6 +2110,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385 # define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 # define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 +# define SSL_F_DTLS_WAIT_FOR_DRY 592 # define SSL_F_OPENSSL_INIT_SSL 342 # define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417 # define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 @@ -2116,6 +2132,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_SSL3_SETUP_KEY_BLOCK 157 # define SSL_F_SSL3_SETUP_READ_BUFFER 156 # define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 +# define SSL_F_SSL3_TAKE_MAC 425 # define SSL_F_SSL3_WRITE_BYTES 158 # define SSL_F_SSL3_WRITE_PENDING 159 # define SSL_F_SSL_ADD_CERT_CHAIN 316 @@ -2189,6 +2206,8 @@ int ERR_load_SSL_strings(void); # define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 # define SSL_F_SSL_PEEK 270 # define SSL_F_SSL_READ 223 +# define SSL_F_SSL_RENEGOTIATE 516 +# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED 546 # define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 # define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 # define SSL_F_SSL_SESSION_DUP 348 diff --git a/amd64/include/openssl/tls1.h b/amd64/include/openssl/tls1.h index 23e382c..3fe01fe 100644 --- a/amd64/include/openssl/tls1.h +++ b/amd64/include/openssl/tls1.h @@ -226,12 +226,12 @@ __owur int SSL_get_servername_type(const SSL *s); * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and * optional context. (Since a zero length context is allowed, the |use_context| * flag controls whether a context is included.) It returns 1 on success and - * zero otherwise. + * 0 or -1 otherwise. */ __owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, - const unsigned char *p, size_t plen, - int use_context); + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context); int SSL_get_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignandhash, @@ -298,9 +298,9 @@ SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb) SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) # define SSL_CTX_get_tlsext_status_arg(ssl, arg) \ -SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) # define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ -SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) #define SSL_CTX_set_tlsext_status_type(ssl, type) \ SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, type, NULL) diff --git a/amd64/include/openssl/x509v3.h b/amd64/include/openssl/x509v3.h index 1d8ef87..c93b112 100644 --- a/amd64/include/openssl/x509v3.h +++ b/amd64/include/openssl/x509v3.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -658,6 +658,7 @@ uint32_t X509_get_extension_flags(X509 *x); uint32_t X509_get_key_usage(X509 *x); uint32_t X509_get_extended_key_usage(X509 *x); const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); +const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); int X509_PURPOSE_get_count(void); X509_PURPOSE *X509_PURPOSE_get0(int idx); @@ -876,6 +877,7 @@ int ERR_load_X509V3_strings(void); # define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 166 # define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 # define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 +# define X509V3_F_BIGNUM_TO_STRING 167 # define X509V3_F_COPY_EMAIL 122 # define X509V3_F_COPY_ISSUER 123 # define X509V3_F_DO_DIRNAME 144 diff --git a/amd64/libcrypto-1_1-x64.dll b/amd64/libcrypto-1_1-x64.dll index 9f8b368..14a26a7 100644 Binary files a/amd64/libcrypto-1_1-x64.dll and b/amd64/libcrypto-1_1-x64.dll differ diff --git a/amd64/libcrypto-1_1-x64.pdb b/amd64/libcrypto-1_1-x64.pdb index 16acb30..1c3fed0 100644 Binary files a/amd64/libcrypto-1_1-x64.pdb and b/amd64/libcrypto-1_1-x64.pdb differ diff --git a/amd64/libcrypto.lib b/amd64/libcrypto.lib index 4f6aaf4..11c0b09 100644 Binary files a/amd64/libcrypto.lib and b/amd64/libcrypto.lib differ diff --git a/amd64/libssl-1_1-x64.dll b/amd64/libssl-1_1-x64.dll index f8bd222..710adc4 100644 Binary files a/amd64/libssl-1_1-x64.dll and b/amd64/libssl-1_1-x64.dll differ diff --git a/amd64/libssl-1_1-x64.pdb b/amd64/libssl-1_1-x64.pdb index f6a44be..34b2a10 100644 Binary files a/amd64/libssl-1_1-x64.pdb and b/amd64/libssl-1_1-x64.pdb differ diff --git a/amd64/libssl.lib b/amd64/libssl.lib index 43a6f6f..99f2ff7 100644 Binary files a/amd64/libssl.lib and b/amd64/libssl.lib differ diff --git a/win32/LICENSE b/win32/LICENSE index 8fbabd8..e953f59 100644 --- a/win32/LICENSE +++ b/win32/LICENSE @@ -10,7 +10,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/win32/include/openssl/asn1.h b/win32/include/openssl/asn1.h index 35637cc..05ae1db 100644 --- a/win32/include/openssl/asn1.h +++ b/win32/include/openssl/asn1.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1051,6 +1051,7 @@ int ERR_load_ASN1_strings(void); # define ASN1_R_MSTRING_NOT_UNIVERSAL 139 # define ASN1_R_MSTRING_WRONG_TAG 140 # define ASN1_R_NESTED_ASN1_STRING 197 +# define ASN1_R_NESTED_TOO_DEEP 201 # define ASN1_R_NON_HEX_CHARACTERS 141 # define ASN1_R_NOT_ASCII_FORMAT 190 # define ASN1_R_NOT_ENOUGH_DATA 142 diff --git a/win32/include/openssl/asn1_mac.h b/win32/include/openssl/asn1_mac.h new file mode 100644 index 0000000..7ac1782 --- /dev/null +++ b/win32/include/openssl/asn1_mac.h @@ -0,0 +1,10 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#error "This file is obsolete; please update your software." diff --git a/win32/include/openssl/bio.h b/win32/include/openssl/bio.h index 7812851..f435bd8 100644 --- a/win32/include/openssl/bio.h +++ b/win32/include/openssl/bio.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -125,11 +125,10 @@ extern "C" { # define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 -# define BIO_CTRL_DGRAM_SET_PEEK_MODE 50 - +/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */ +# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 # ifndef OPENSSL_NO_SCTP /* SCTP stuff */ -# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 # define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51 # define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52 # define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53 @@ -142,6 +141,8 @@ extern "C" { # define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70 # endif +# define BIO_CTRL_DGRAM_SET_PEEK_MODE 71 + /* modifiers */ # define BIO_FP_READ 0x02 # define BIO_FP_WRITE 0x04 @@ -245,7 +246,8 @@ typedef struct bio_method_st BIO_METHOD; const char *BIO_method_name(const BIO *b); int BIO_method_type(const BIO *b); -typedef void bio_info_cb(BIO *, int, const char *, int, long, long); +typedef int BIO_info_cb(BIO *, int, int); +typedef BIO_info_cb bio_info_cb; /* backward compatibility */ DEFINE_STACK_OF(BIO) @@ -546,8 +548,7 @@ int BIO_write(BIO *b, const void *data, int len); int BIO_puts(BIO *bp, const char *buf); int BIO_indent(BIO *b, int indent, int max); long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); -long BIO_callback_ctrl(BIO *b, int cmd, - void (*fp) (BIO *, int, const char *, int, long, long)); +long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); BIO *BIO_push(BIO *b, BIO *append); @@ -749,10 +750,10 @@ int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *); int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) - (BIO *, int, bio_info_cb *); + (BIO *, int, BIO_info_cb *); int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl) (BIO *, int, - bio_info_cb *)); + BIO_info_cb *)); /* BEGIN ERROR CODES */ /* @@ -780,6 +781,7 @@ int ERR_load_BIO_strings(void); # define BIO_F_BIO_LISTEN 139 # define BIO_F_BIO_LOOKUP 135 # define BIO_F_BIO_MAKE_PAIR 121 +# define BIO_F_BIO_METH_NEW 146 # define BIO_F_BIO_NEW 108 # define BIO_F_BIO_NEW_FILE 109 # define BIO_F_BIO_NEW_MEM_BUF 126 diff --git a/win32/include/openssl/bn.h b/win32/include/openssl/bn.h index 17bd521..54ae760 100644 --- a/win32/include/openssl/bn.h +++ b/win32/include/openssl/bn.h @@ -196,7 +196,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); */ void BN_set_negative(BIGNUM *b, int n); /** BN_is_negative returns 1 if the BIGNUM is negative - * \param a pointer to the BIGNUM object + * \param b pointer to the BIGNUM object * \return 1 if a < 0 and 0 otherwise */ int BN_is_negative(const BIGNUM *b); diff --git a/win32/include/openssl/buffer.h b/win32/include/openssl/buffer.h index 91f0e07..35160b4 100644 --- a/win32/include/openssl/buffer.h +++ b/win32/include/openssl/buffer.h @@ -21,10 +21,7 @@ extern "C" { #endif # include - -# if !defined(NO_SYS_TYPES_H) -# include -# endif +# include /* * These names are outdated as of OpenSSL 1.1; a future release diff --git a/win32/include/openssl/crypto.h b/win32/include/openssl/crypto.h index 55e8020..1ba7f25 100644 --- a/win32/include/openssl/crypto.h +++ b/win32/include/openssl/crypto.h @@ -146,6 +146,8 @@ int CRYPTO_mem_ctrl(int mode); CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) # define OPENSSL_secure_free(addr) \ CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_clear_free(addr, num) \ + CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) # define OPENSSL_secure_actual_size(ptr) \ CRYPTO_secure_actual_size(ptr) @@ -285,6 +287,8 @@ int CRYPTO_secure_malloc_done(void); void *CRYPTO_secure_malloc(size_t num, const char *file, int line); void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); void CRYPTO_secure_free(void *ptr, const char *file, int line); +void CRYPTO_secure_clear_free(void *ptr, size_t num, + const char *file, int line); int CRYPTO_secure_allocated(const void *ptr); int CRYPTO_secure_malloc_initialized(void); size_t CRYPTO_secure_actual_size(void *ptr); diff --git a/win32/include/openssl/e_os2.h b/win32/include/openssl/e_os2.h index 4aec51f..9800e15 100644 --- a/win32/include/openssl/e_os2.h +++ b/win32/include/openssl/e_os2.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -49,7 +49,6 @@ extern "C" { # define OPENSSL_SYS_WIN32_UWIN # else # if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN) -# undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32_CYGWIN # else # if defined(_WIN32) || defined(OPENSSL_SYS_WIN32) diff --git a/win32/include/openssl/ec.h b/win32/include/openssl/ec.h index 6f7548c..f06680a 100644 --- a/win32/include/openssl/ec.h +++ b/win32/include/openssl/ec.h @@ -1223,7 +1223,7 @@ void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, const ECDSA_SIG *sig, EC_KEY *eckey)); -void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth, +void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth, int (**pinit)(EC_KEY *key), void (**pfinish)(EC_KEY *key), int (**pcopy)(EC_KEY *dest, const EC_KEY *src), @@ -1234,16 +1234,16 @@ void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth, int (**pset_public)(EC_KEY *key, const EC_POINT *pub_key)); -void EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth, +void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, int (**pkeygen)(EC_KEY *key)); -void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth, +void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth, int (**pck)(unsigned char **psec, size_t *pseclen, const EC_POINT *pub_key, const EC_KEY *ecdh)); -void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth, +void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth, int (**psign)(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, @@ -1257,7 +1257,7 @@ void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth, const BIGNUM *in_r, EC_KEY *eckey)); -void EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth, +void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, int (**pverify)(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, diff --git a/win32/include/openssl/evp.h b/win32/include/openssl/evp.h index 01f51b7..43c97a7 100644 --- a/win32/include/openssl/evp.h +++ b/win32/include/openssl/evp.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -900,6 +900,9 @@ int EVP_PKEY_security_bits(const EVP_PKEY *pkey); int EVP_PKEY_size(EVP_PKEY *pkey); int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); +# ifndef OPENSSL_NO_ENGINE +int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e); +# endif int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); void *EVP_PKEY_get0(const EVP_PKEY *pkey); const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); @@ -1482,6 +1485,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_PBE_SCRYPT 181 # define EVP_F_EVP_PKCS82PKEY 111 # define EVP_F_EVP_PKEY2PKCS8 113 +# define EVP_F_EVP_PKEY_ASN1_ADD0 168 # define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 # define EVP_F_EVP_PKEY_CTX_CTRL 137 # define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 @@ -1505,6 +1509,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_PKEY_NEW 106 # define EVP_F_EVP_PKEY_PARAMGEN 148 # define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 +# define EVP_F_EVP_PKEY_SET1_ENGINE 187 # define EVP_F_EVP_PKEY_SIGN 140 # define EVP_F_EVP_PKEY_SIGN_INIT 141 # define EVP_F_EVP_PKEY_VERIFY 142 @@ -1565,6 +1570,8 @@ int ERR_load_EVP_strings(void); # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 # define EVP_R_OPERATON_NOT_INITIALIZED 151 # define EVP_R_PARTIALLY_OVERLAPPING 162 +# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 175 +# define EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED 164 # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 # define EVP_R_PUBLIC_KEY_NOT_RSA 106 diff --git a/win32/include/openssl/ocsp.h b/win32/include/openssl/ocsp.h index 08debc5..90ebe5c 100644 --- a/win32/include/openssl/ocsp.h +++ b/win32/include/openssl/ocsp.h @@ -137,22 +137,6 @@ typedef struct ocsp_service_locator_st OCSP_SERVICELOC; # define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) -# define OCSP_REQUEST_sign(o,pkey,md) \ - ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ - &o->optionalSignature->signatureAlgorithm,NULL,\ - o->optionalSignature->signature,&o->tbsRequest,pkey,md) - -# define OCSP_BASICRESP_sign(o,pkey,md,d) \ - ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&o->signatureAlgorithm,NULL,\ - o->signature,&o->tbsResponseData,pkey,md) - -# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ - &a->optionalSignature->signatureAlgorithm,\ - a->optionalSignature->signature,&a->tbsRequest,r) - -# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ - &a->signatureAlgorithm,a->signature,&a->tbsResponseData,r) - # define ASN1_BIT_STRING_digest(data,type,md,len) \ ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) @@ -210,6 +194,8 @@ int OCSP_response_status(OCSP_RESPONSE *resp); OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs); int OCSP_resp_count(OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); diff --git a/win32/include/openssl/opensslconf.h b/win32/include/openssl/opensslconf.h index 4b89af4..47ee3ba 100644 --- a/win32/include/openssl/opensslconf.h +++ b/win32/include/openssl/opensslconf.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by makefile from ..\include\openssl\opensslconf.h.in * - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/win32/include/openssl/opensslv.h b/win32/include/openssl/opensslv.h index f3f1d41..4fb437f 100644 --- a/win32/include/openssl/opensslv.h +++ b/win32/include/openssl/opensslv.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,13 +39,18 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1010006fL +# define OPENSSL_VERSION_NUMBER 0x1010008fL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0f-fips 25 May 2017" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0h-fips 27 Mar 2018" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0f 25 May 2017" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0h 27 Mar 2018" # endif +#define OPENSSL_MAKE_VERSION(maj,min,fix,patch) ((0x10000000L)+((maj&0xff)<<20)+((min&0xff)<<12)+((fix&0xff)<<4)+patch) + +/* use this for #if tests, should never depend upon fix/patch */ +#define OPENSSL_VERSION_AT_LEAST(maj,min) (OPENSSL_MAKE_VERSION(maj,min, 0, 0) >= OPENSSL_VERSION_NUMBER) + /*- * The macros below are to be used for shared library (.so, .dll, ...) * versioning. That kind of versioning works a bit differently between diff --git a/win32/include/openssl/seed.h b/win32/include/openssl/seed.h index bb97131..de10b08 100644 --- a/win32/include/openssl/seed.h +++ b/win32/include/openssl/seed.h @@ -52,9 +52,7 @@ extern "C" { # endif # endif -# if !defined(NO_SYS_TYPES_H) -# include -# endif +# include # define SEED_BLOCK_SIZE 16 # define SEED_KEY_LENGTH 16 diff --git a/win32/include/openssl/srtp.h b/win32/include/openssl/srtp.h index 5ddfa46..0b57c23 100644 --- a/win32/include/openssl/srtp.h +++ b/win32/include/openssl/srtp.h @@ -36,7 +36,7 @@ extern "C" { # ifndef OPENSSL_NO_SRTP __owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); -__owur int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); +__owur int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); __owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); __owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); diff --git a/win32/include/openssl/ssl.h b/win32/include/openssl/ssl.h index 6f0f361..f070bd2 100644 --- a/win32/include/openssl/ssl.h +++ b/win32/include/openssl/ssl.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -95,14 +95,14 @@ extern "C" { # define SSL_TXT_NULL "NULL" # define SSL_TXT_kRSA "kRSA" -# define SSL_TXT_kDHr "kDHr" -# define SSL_TXT_kDHd "kDHd" -# define SSL_TXT_kDH "kDH" +# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */ +# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */ +# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */ # define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ # define SSL_TXT_kDHE "kDHE" -# define SSL_TXT_kECDHr "kECDHr" -# define SSL_TXT_kECDHe "kECDHe" -# define SSL_TXT_kECDH "kECDH" +# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */ +# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */ +# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */ # define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ # define SSL_TXT_kECDHE "kECDHE" # define SSL_TXT_kPSK "kPSK" @@ -114,8 +114,8 @@ extern "C" { # define SSL_TXT_aRSA "aRSA" # define SSL_TXT_aDSS "aDSS" -# define SSL_TXT_aDH "aDH" -# define SSL_TXT_aECDH "aECDH" +# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */ +# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */ # define SSL_TXT_aECDSA "aECDSA" # define SSL_TXT_aPSK "aPSK" # define SSL_TXT_aGOST94 "aGOST94" @@ -297,6 +297,8 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); # define SSL_OP_NO_COMPRESSION 0x00020000U /* Permit unsafe legacy renegotiation */ # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U +/* Disable encrypt-then-mac */ +# define SSL_OP_NO_ENCRYPT_THEN_MAC 0x00080000U /* * Set on servers to choose the cipher according to the server's preferences */ @@ -321,6 +323,9 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) # define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2) +/* Disallow all renegotiation */ +# define SSL_OP_NO_RENEGOTIATION 0x40000000U + /* * Make server add server-hello extension from early version of cryptopro * draft, when GOST ciphersuite is negotiated. Required for interoperability @@ -1158,6 +1163,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 +# define SSL_CTRL_GET_MIN_PROTO_VERSION 130 +# define SSL_CTRL_GET_MAX_PROTO_VERSION 131 # define SSL_CERT_SET_FIRST 1 # define SSL_CERT_SET_NEXT 2 # define SSL_CERT_SET_SERVER 3 @@ -1289,10 +1296,18 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) #define SSL_CTX_set_max_proto_version(ctx, version) \ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +#define SSL_CTX_get_min_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +#define SSL_CTX_get_max_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) #define SSL_set_min_proto_version(s, version) \ SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) #define SSL_set_max_proto_version(s, version) \ SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +#define SSL_get_min_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +#define SSL_get_max_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) #if OPENSSL_API_COMPAT < 0x10100000L /* Provide some compatibility macros for removed functionality. */ @@ -1444,7 +1459,7 @@ int SSL_SESSION_up_ref(SSL_SESSION *ses); void SSL_SESSION_free(SSL_SESSION *ses); __owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); __owur int SSL_set_session(SSL *to, SSL_SESSION *session); -__owur int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); +int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); __owur int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); __owur int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); @@ -1517,7 +1532,7 @@ __owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype, uint8_t ord); __owur int SSL_dane_enable(SSL *s, const char *basedomain); __owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, - uint8_t mtype, unsigned char *data, size_t dlen); + uint8_t mtype, unsigned const char *data, size_t dlen); __owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); __owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, uint8_t *mtype, unsigned const char **data, @@ -2095,6 +2110,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385 # define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 # define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 +# define SSL_F_DTLS_WAIT_FOR_DRY 592 # define SSL_F_OPENSSL_INIT_SSL 342 # define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417 # define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 @@ -2116,6 +2132,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_SSL3_SETUP_KEY_BLOCK 157 # define SSL_F_SSL3_SETUP_READ_BUFFER 156 # define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 +# define SSL_F_SSL3_TAKE_MAC 425 # define SSL_F_SSL3_WRITE_BYTES 158 # define SSL_F_SSL3_WRITE_PENDING 159 # define SSL_F_SSL_ADD_CERT_CHAIN 316 @@ -2189,6 +2206,8 @@ int ERR_load_SSL_strings(void); # define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 # define SSL_F_SSL_PEEK 270 # define SSL_F_SSL_READ 223 +# define SSL_F_SSL_RENEGOTIATE 516 +# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED 546 # define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 # define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 # define SSL_F_SSL_SESSION_DUP 348 diff --git a/win32/include/openssl/tls1.h b/win32/include/openssl/tls1.h index 23e382c..3fe01fe 100644 --- a/win32/include/openssl/tls1.h +++ b/win32/include/openssl/tls1.h @@ -226,12 +226,12 @@ __owur int SSL_get_servername_type(const SSL *s); * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and * optional context. (Since a zero length context is allowed, the |use_context| * flag controls whether a context is included.) It returns 1 on success and - * zero otherwise. + * 0 or -1 otherwise. */ __owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, - const char *label, size_t llen, - const unsigned char *p, size_t plen, - int use_context); + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context); int SSL_get_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignandhash, @@ -298,9 +298,9 @@ SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb) SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) # define SSL_CTX_get_tlsext_status_arg(ssl, arg) \ -SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) # define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ -SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) #define SSL_CTX_set_tlsext_status_type(ssl, type) \ SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, type, NULL) diff --git a/win32/include/openssl/x509v3.h b/win32/include/openssl/x509v3.h index 1d8ef87..c93b112 100644 --- a/win32/include/openssl/x509v3.h +++ b/win32/include/openssl/x509v3.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -658,6 +658,7 @@ uint32_t X509_get_extension_flags(X509 *x); uint32_t X509_get_key_usage(X509 *x); uint32_t X509_get_extended_key_usage(X509 *x); const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); +const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); int X509_PURPOSE_get_count(void); X509_PURPOSE *X509_PURPOSE_get0(int idx); @@ -876,6 +877,7 @@ int ERR_load_X509V3_strings(void); # define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 166 # define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 # define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 +# define X509V3_F_BIGNUM_TO_STRING 167 # define X509V3_F_COPY_EMAIL 122 # define X509V3_F_COPY_ISSUER 123 # define X509V3_F_DO_DIRNAME 144 diff --git a/win32/libcrypto-1_1.dll b/win32/libcrypto-1_1.dll index a8d0f97..a1010f7 100644 Binary files a/win32/libcrypto-1_1.dll and b/win32/libcrypto-1_1.dll differ diff --git a/win32/libcrypto-1_1.pdb b/win32/libcrypto-1_1.pdb index f6c72d5..ebb0428 100644 Binary files a/win32/libcrypto-1_1.pdb and b/win32/libcrypto-1_1.pdb differ diff --git a/win32/libcrypto.lib b/win32/libcrypto.lib index 3a922f0..de8c17b 100644 Binary files a/win32/libcrypto.lib and b/win32/libcrypto.lib differ diff --git a/win32/libssl-1_1.dll b/win32/libssl-1_1.dll index 2200acd..651d25a 100644 Binary files a/win32/libssl-1_1.dll and b/win32/libssl-1_1.dll differ diff --git a/win32/libssl-1_1.pdb b/win32/libssl-1_1.pdb index 811690e..f2dd19e 100644 Binary files a/win32/libssl-1_1.pdb and b/win32/libssl-1_1.pdb differ diff --git a/win32/libssl.lib b/win32/libssl.lib index c50eb4c..a29a0aa 100644 Binary files a/win32/libssl.lib and b/win32/libssl.lib differ