diff options
| author | Shigeki Ohtsu <ohtsu@ohtsu.org> | 2018-08-14 23:11:54 +0900 |
|---|---|---|
| committer | Rod Vagg <rod@vagg.org> | 2018-08-16 11:52:37 +1000 |
| commit | 6090e1f54d8e6e8c4ba18091e19faf46c0b09ece (patch) | |
| tree | a2d2fb7b4b4a5e365ac4b6515cf4d7a5c8262d23 /deps/openssl/openssl/include/openssl | |
| parent | 32902d09b43e9d7f19eb6178ef5db835652d97c1 (diff) | |
| download | android-node-v8-6090e1f54d8e6e8c4ba18091e19faf46c0b09ece.tar.gz android-node-v8-6090e1f54d8e6e8c4ba18091e19faf46c0b09ece.tar.bz2 android-node-v8-6090e1f54d8e6e8c4ba18091e19faf46c0b09ece.zip | |
deps: upgrade openssl sources to 1.1.0i
This updates all sources in deps/openssl/openssl with openssl-1.1.0i.
PR-URL: https://github.com/nodejs/node/pull/22318
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Diffstat (limited to 'deps/openssl/openssl/include/openssl')
19 files changed, 239 insertions, 83 deletions
diff --git a/deps/openssl/openssl/include/openssl/asn1.h b/deps/openssl/openssl/include/openssl/asn1.h index 05ae1dbe1c..d0b1099a4f 100644 --- a/deps/openssl/openssl/include/openssl/asn1.h +++ b/deps/openssl/openssl/include/openssl/asn1.h @@ -953,8 +953,10 @@ int ERR_load_ASN1_strings(void); # define ASN1_F_D2I_AUTOPRIVATEKEY 207 # define ASN1_F_D2I_PRIVATEKEY 154 # define ASN1_F_D2I_PUBLICKEY 155 +# define ASN1_F_DO_BUF 142 # define ASN1_F_DO_TCREATE 222 # define ASN1_F_I2D_ASN1_BIO_STREAM 211 +# define ASN1_F_I2D_ASN1_OBJECT 143 # define ASN1_F_I2D_DSA_PUBKEY 161 # define ASN1_F_I2D_EC_PUBKEY 181 # define ASN1_F_I2D_PRIVATEKEY 163 diff --git a/deps/openssl/openssl/include/openssl/bio.h b/deps/openssl/openssl/include/openssl/bio.h index f435bd8ef6..3a72862561 100644 --- a/deps/openssl/openssl/include/openssl/bio.h +++ b/deps/openssl/openssl/include/openssl/bio.h @@ -730,26 +730,26 @@ __bio_h__attr__((__format__(__printf__, 3, 0))); BIO_METHOD *BIO_meth_new(int type, const char *name); void BIO_meth_free(BIO_METHOD *biom); -int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int); +int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int); int BIO_meth_set_write(BIO_METHOD *biom, int (*write) (BIO *, const char *, int)); -int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int); +int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); int BIO_meth_set_read(BIO_METHOD *biom, int (*read) (BIO *, char *, int)); -int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *); +int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts) (BIO *, const char *)); -int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int); +int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); int BIO_meth_set_gets(BIO_METHOD *biom, int (*gets) (BIO *, char *, int)); -long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *); +long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *)); -int (*BIO_meth_get_create(BIO_METHOD *bion)) (BIO *); +int (*BIO_meth_get_create(const BIO_METHOD *bion)) (BIO *); int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); -int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *); +int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *); int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); -long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) +long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) (BIO *, int, BIO_info_cb *); int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl) (BIO *, int, diff --git a/deps/openssl/openssl/include/openssl/bn.h b/deps/openssl/openssl/include/openssl/bn.h index 54ae760152..301edd5250 100644 --- a/deps/openssl/openssl/include/openssl/bn.h +++ b/deps/openssl/openssl/include/openssl/bn.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -119,25 +119,76 @@ void *BN_GENCB_get_arg(BN_GENCB *cb); * on the size of the number */ /* - * number of Miller-Rabin iterations for an error rate of less than 2^-80 for - * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of - * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; - * original paper: Damgaard, Landrock, Pomerance: Average case error - * estimates for the strong probable prime test. -- Math. Comp. 61 (1993) - * 177-194) + * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations + * that will be done for checking that a random number is probably prime. The + * error rate for accepting a composite number as prime depends on the size of + * the prime |b|. The error rates used are for calculating an RSA key with 2 primes, + * and so the level is what you would expect for a key of double the size of the + * prime. + * + * This table is generated using the algorithm of FIPS PUB 186-4 + * Digital Signature Standard (DSS), section F.1, page 117. + * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) + * + * The following magma script was used to generate the output: + * securitybits:=125; + * k:=1024; + * for t:=1 to 65 do + * for M:=3 to Floor(2*Sqrt(k-1)-1) do + * S:=0; + * // Sum over m + * for m:=3 to M do + * s:=0; + * // Sum over j + * for j:=2 to m do + * s+:=(RealField(32)!2)^-(j+(k-1)/j); + * end for; + * S+:=2^(m-(m-1)*t)*s; + * end for; + * A:=2^(k-2-M*t); + * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S; + * pkt:=2.00743*Log(2)*k*2^-k*(A+B); + * seclevel:=Floor(-Log(2,pkt)); + * if seclevel ge securitybits then + * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M; + * break; + * end if; + * end for; + * if seclevel ge securitybits then break; end if; + * end for; + * + * It can be run online at: + * http://magma.maths.usyd.edu.au/calc + * + * And will output: + * k: 1024, security: 129 bits (t: 6, M: 23) + * + * k is the number of bits of the prime, securitybits is the level we want to + * reach. + * + * prime length | RSA key size | # MR tests | security level + * -------------+--------------|------------+--------------- + * (b) >= 6394 | >= 12788 | 3 | 256 bit + * (b) >= 3747 | >= 7494 | 3 | 192 bit + * (b) >= 1345 | >= 2690 | 4 | 128 bit + * (b) >= 1080 | >= 2160 | 5 | 128 bit + * (b) >= 852 | >= 1704 | 5 | 112 bit + * (b) >= 476 | >= 952 | 5 | 80 bit + * (b) >= 400 | >= 800 | 6 | 80 bit + * (b) >= 347 | >= 694 | 7 | 80 bit + * (b) >= 308 | >= 616 | 8 | 80 bit + * (b) >= 55 | >= 110 | 27 | 64 bit + * (b) >= 6 | >= 12 | 34 | 64 bit */ -# define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ - (b) >= 850 ? 3 : \ - (b) >= 650 ? 4 : \ - (b) >= 550 ? 5 : \ - (b) >= 450 ? 6 : \ - (b) >= 400 ? 7 : \ - (b) >= 350 ? 8 : \ - (b) >= 300 ? 9 : \ - (b) >= 250 ? 12 : \ - (b) >= 200 ? 15 : \ - (b) >= 150 ? 18 : \ - /* b >= 100 */ 27) + +# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \ + (b) >= 1345 ? 4 : \ + (b) >= 476 ? 5 : \ + (b) >= 400 ? 6 : \ + (b) >= 347 ? 7 : \ + (b) >= 308 ? 8 : \ + (b) >= 55 ? 27 : \ + /* b >= 6 */ 34) # define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) diff --git a/deps/openssl/openssl/include/openssl/conf.h b/deps/openssl/openssl/include/openssl/conf.h index 980a51b157..e0539e3128 100644 --- a/deps/openssl/openssl/include/openssl/conf.h +++ b/deps/openssl/openssl/include/openssl/conf.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -191,6 +191,7 @@ int ERR_load_CONF_strings(void); # define CONF_F_NCONF_LOAD_BIO 110 # define CONF_F_NCONF_LOAD_FP 114 # define CONF_F_NCONF_NEW 111 +# define CONF_F_SSL_MODULE_INIT 123 # define CONF_F_STR_COPY 101 /* Reason codes. */ @@ -206,6 +207,10 @@ int ERR_load_CONF_strings(void); # define CONF_R_NO_SECTION 107 # define CONF_R_NO_SUCH_FILE 114 # define CONF_R_NO_VALUE 108 +# define CONF_R_SSL_COMMAND_SECTION_EMPTY 117 +# define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118 +# define CONF_R_SSL_SECTION_EMPTY 119 +# define CONF_R_SSL_SECTION_NOT_FOUND 120 # define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 # define CONF_R_UNKNOWN_MODULE_NAME 113 # define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 diff --git a/deps/openssl/openssl/include/openssl/crypto.h b/deps/openssl/openssl/include/openssl/crypto.h index 1ba7f25f01..fa3f12af3b 100644 --- a/deps/openssl/openssl/include/openssl/crypto.h +++ b/deps/openssl/openssl/include/openssl/crypto.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -371,7 +371,9 @@ int CRYPTO_memcmp(const volatile void * volatile in_a, # define OPENSSL_INIT_ENGINE_CAPI 0x00002000L # define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L # define OPENSSL_INIT_ENGINE_AFALG 0x00008000L -/* OPENSSL_INIT flag 0x00010000 reserved for internal use */ +/* OPENSSL_INIT_ZLIB 0x00010000L */ +/* currently unused 0x00020000L */ +/* OPENSSL_INIT_BASE_ONLY 0x00040000L */ /* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */ /* Max OPENSSL_INIT flag value is 0x80000000 */ diff --git a/deps/openssl/openssl/include/openssl/dh.h b/deps/openssl/openssl/include/openssl/dh.h index fbd479039e..8cf879e14f 100644 --- a/deps/openssl/openssl/include/openssl/dh.h +++ b/deps/openssl/openssl/include/openssl/dh.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -187,7 +187,7 @@ void DH_meth_free(DH_METHOD *dhm); DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); const char *DH_meth_get0_name(const DH_METHOD *dhm); int DH_meth_set1_name(DH_METHOD *dhm, const char *name); -int DH_meth_get_flags(DH_METHOD *dhm); +int DH_meth_get_flags(const DH_METHOD *dhm); int DH_meth_set_flags(DH_METHOD *dhm, int flags); void *DH_meth_get0_app_data(const DH_METHOD *dhm); int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); diff --git a/deps/openssl/openssl/include/openssl/dsa.h b/deps/openssl/openssl/include/openssl/dsa.h index 139718edb9..3a7b1a626e 100644 --- a/deps/openssl/openssl/include/openssl/dsa.h +++ b/deps/openssl/openssl/include/openssl/dsa.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -146,10 +146,12 @@ int DSAparams_print_fp(FILE *fp, const DSA *x); int DSA_print_fp(FILE *bp, const DSA *x, int off); # endif -# define DSS_prime_checks 50 +# define DSS_prime_checks 64 /* - * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of - * Rabin-Miller + * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only + * have one value here we set the number of checks to 64 which is the 128 bit + * security level that is the highest level and valid for creating a 3072 bit + * DSA key. */ # define DSA_is_prime(n, callback, cb_arg) \ BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) @@ -186,7 +188,7 @@ void DSA_meth_free(DSA_METHOD *dsam); DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam); const char *DSA_meth_get0_name(const DSA_METHOD *dsam); int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); -int DSA_meth_get_flags(DSA_METHOD *dsam); +int DSA_meth_get_flags(const DSA_METHOD *dsam); int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); @@ -260,6 +262,7 @@ int ERR_load_DSA_strings(void); # define DSA_F_DSA_SIG_NEW 102 # define DSA_F_OLD_DSA_PRIV_DECODE 122 # define DSA_F_PKEY_DSA_CTRL 120 +# define DSA_F_PKEY_DSA_CTRL_STR 104 # define DSA_F_PKEY_DSA_KEYGEN 121 /* Reason codes. */ diff --git a/deps/openssl/openssl/include/openssl/evp.h b/deps/openssl/openssl/include/openssl/evp.h index 43c97a7560..36e2934485 100644 --- a/deps/openssl/openssl/include/openssl/evp.h +++ b/deps/openssl/openssl/include/openssl/evp.h @@ -1351,34 +1351,34 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, const char *type, const char *value)); -void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, int (**pinit) (EVP_PKEY_CTX *ctx)); -void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, int (**pcopy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)); -void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, void (**pcleanup) (EVP_PKEY_CTX *ctx)); -void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, int (**pparamgen_init) (EVP_PKEY_CTX *ctx), int (**pparamgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); -void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, int (**pkeygen_init) (EVP_PKEY_CTX *ctx), int (**pkeygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); -void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, int (**psign_init) (EVP_PKEY_CTX *ctx), int (**psign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen)); -void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, int (**pverify_init) (EVP_PKEY_CTX *ctx), int (**pverify) (EVP_PKEY_CTX *ctx, const unsigned char *sig, @@ -1386,7 +1386,7 @@ void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, const unsigned char *tbs, size_t tbslen)); -void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, int (**pverify_recover_init) (EVP_PKEY_CTX *ctx), int (**pverify_recover) (EVP_PKEY_CTX @@ -1398,7 +1398,7 @@ void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, char *tbs, size_t tbslen)); -void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, int (**psignctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), int (**psignctx) (EVP_PKEY_CTX *ctx, @@ -1406,7 +1406,7 @@ void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, size_t *siglen, EVP_MD_CTX *mctx)); -void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), int (**pverifyctx) (EVP_PKEY_CTX *ctx, @@ -1414,7 +1414,7 @@ void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, int siglen, EVP_MD_CTX *mctx)); -void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, int (**pencrypt_init) (EVP_PKEY_CTX *ctx), int (**pencryptfn) (EVP_PKEY_CTX *ctx, unsigned char *out, @@ -1422,7 +1422,7 @@ void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, const unsigned char *in, size_t inlen)); -void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), int (**pdecrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, @@ -1430,13 +1430,13 @@ void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, const unsigned char *in, size_t inlen)); -void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, int (**pderive_init) (EVP_PKEY_CTX *ctx), int (**pderive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)); -void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2), int (**pctrl_str) (EVP_PKEY_CTX *ctx, @@ -1506,6 +1506,8 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_PKEY_GET0_RSA 121 # define EVP_F_EVP_PKEY_KEYGEN 146 # define EVP_F_EVP_PKEY_KEYGEN_INIT 147 +# define EVP_F_EVP_PKEY_METH_ADD0 172 +# define EVP_F_EVP_PKEY_METH_NEW 173 # define EVP_F_EVP_PKEY_NEW 106 # define EVP_F_EVP_PKEY_PARAMGEN 148 # define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 @@ -1570,6 +1572,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 # define EVP_R_OPERATON_NOT_INITIALIZED 151 # define EVP_R_PARTIALLY_OVERLAPPING 162 +# define EVP_R_PBKDF2_ERROR 176 # define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 175 # define EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED 164 # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 diff --git a/deps/openssl/openssl/include/openssl/lhash.h b/deps/openssl/openssl/include/openssl/lhash.h index 82d40c1e0e..8ecc588484 100644 --- a/deps/openssl/openssl/include/openssl/lhash.h +++ b/deps/openssl/openssl/include/openssl/lhash.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -95,7 +95,7 @@ void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); # define _LHASH OPENSSL_LHASH # define LHASH_NODE OPENSSL_LH_NODE # define lh_error OPENSSL_LH_error -# define lh_new OPENSSL_lh_new +# define lh_new OPENSSL_LH_new # define lh_free OPENSSL_LH_free # define lh_insert OPENSSL_LH_insert # define lh_delete OPENSSL_LH_delete diff --git a/deps/openssl/openssl/include/openssl/opensslconf.h b/deps/openssl/openssl/include/openssl/opensslconf.h deleted file mode 100644 index 76c99d433a..0000000000 --- a/deps/openssl/openssl/include/openssl/opensslconf.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../config/opensslconf.h" diff --git a/deps/openssl/openssl/include/openssl/opensslconf.h.in b/deps/openssl/openssl/include/openssl/opensslconf.h.in index 9f8634a3a2..17807fb6bd 100644 --- a/deps/openssl/openssl/include/openssl/opensslconf.h.in +++ b/deps/openssl/openssl/include/openssl/opensslconf.h.in @@ -68,12 +68,18 @@ extern "C" { * still won't see them if the library has been built to disable deprecated * functions. */ -#if defined(OPENSSL_NO_DEPRECATED) -# define DECLARE_DEPRECATED(f) -#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); -#else -# define DECLARE_DEPRECATED(f) f; +#ifndef DECLARE_DEPRECATED +# if defined(OPENSSL_NO_DEPRECATED) +# define DECLARE_DEPRECATED(f) +# else +# define DECLARE_DEPRECATED(f) f; +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# endif +# endif #endif #ifndef OPENSSL_FILE diff --git a/deps/openssl/openssl/include/openssl/opensslv.h b/deps/openssl/openssl/include/openssl/opensslv.h index 4fb437f2ee..c5ef2a7535 100644 --- a/deps/openssl/openssl/include/openssl/opensslv.h +++ b/deps/openssl/openssl/include/openssl/opensslv.h @@ -39,18 +39,13 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1010008fL +# define OPENSSL_VERSION_NUMBER 0x1010009fL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0h-fips 27 Mar 2018" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0i-fips 14 Aug 2018" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0h 27 Mar 2018" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0i 14 Aug 2018" # endif -#define OPENSSL_MAKE_VERSION(maj,min,fix,patch) ((0x10000000L)+((maj&0xff)<<20)+((min&0xff)<<12)+((fix&0xff)<<4)+patch) - -/* use this for #if tests, should never depend upon fix/patch */ -#define OPENSSL_VERSION_AT_LEAST(maj,min) (OPENSSL_MAKE_VERSION(maj,min, 0, 0) >= OPENSSL_VERSION_NUMBER) - /*- * The macros below are to be used for shared library (.so, .dll, ...) * versioning. That kind of versioning works a bit differently between diff --git a/deps/openssl/openssl/include/openssl/pem.h b/deps/openssl/openssl/include/openssl/pem.h index 2375d63553..f7ce3c61f5 100644 --- a/deps/openssl/openssl/include/openssl/pem.h +++ b/deps/openssl/openssl/include/openssl/pem.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -322,7 +322,8 @@ int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey); -int PEM_def_callback(char *buf, int num, int w, void *key); +/* The default pem_password_cb that's used internally */ +int PEM_def_callback(char *buf, int num, int rwflag, void *userdata); void PEM_proc_type(char *buf, int type); void PEM_dek_info(char *buf, const char *type, int len, char *str); diff --git a/deps/openssl/openssl/include/openssl/rsa.h b/deps/openssl/openssl/include/openssl/rsa.h index d97d6e075a..790831b945 100644 --- a/deps/openssl/openssl/include/openssl/rsa.h +++ b/deps/openssl/openssl/include/openssl/rsa.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -374,7 +374,7 @@ void RSA_meth_free(RSA_METHOD *meth); RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); const char *RSA_meth_get0_name(const RSA_METHOD *meth); int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); -int RSA_meth_get_flags(RSA_METHOD *meth); +int RSA_meth_get_flags(const RSA_METHOD *meth); int RSA_meth_set_flags(RSA_METHOD *meth, int flags); void *RSA_meth_get0_app_data(const RSA_METHOD *meth); int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); diff --git a/deps/openssl/openssl/include/openssl/ssl.h b/deps/openssl/openssl/include/openssl/ssl.h index 1cb3462f48..56e2056260 100644 --- a/deps/openssl/openssl/include/openssl/ssl.h +++ b/deps/openssl/openssl/include/openssl/ssl.h @@ -381,7 +381,7 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); # define SSL_OP_PKCS1_CHECK_1 0x0 /* Removed from OpenSSL 1.0.1. Was 0x10000000L */ # define SSL_OP_PKCS1_CHECK_2 0x0 -/* Removed from OpenSSL 1.1.0. Was 0x20000000L */ +/* Removed from OpenSSL 1.1.0. Was 0x20000000L */ # define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 /* Removed from OpenSSL 1.1.0. Was 0x40000000L */ # define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0 @@ -967,8 +967,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); # define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 # define SSL_VERIFY_CLIENT_ONCE 0x04 -# define OpenSSL_add_ssl_algorithms() SSL_library_init() # if OPENSSL_API_COMPAT < 0x10100000L +# define OpenSSL_add_ssl_algorithms() SSL_library_init() # define SSLeay_add_ssl_algorithms() SSL_library_init() # endif @@ -1358,7 +1358,7 @@ __owur int SSL_get_fd(const SSL *s); __owur int SSL_get_rfd(const SSL *s); __owur int SSL_get_wfd(const SSL *s); __owur const char *SSL_get_cipher_list(const SSL *s, int n); -__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len); +__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); __owur int SSL_get_read_ahead(const SSL *s); __owur int SSL_pending(const SSL *s); __owur int SSL_has_pending(const SSL *s); diff --git a/deps/openssl/openssl/include/openssl/ssl3.h b/deps/openssl/openssl/include/openssl/ssl3.h index 4ca434e760..115940ad31 100644 --- a/deps/openssl/openssl/include/openssl/ssl3.h +++ b/deps/openssl/openssl/include/openssl/ssl3.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -252,9 +252,15 @@ extern "C" { # define SSL3_CT_FORTEZZA_DMS 20 /* * SSL3_CT_NUMBER is used to size arrays and it must be large enough to - * contain all of the cert types defined either for SSLv3 and TLSv1. + * contain all of the cert types defined for *either* SSLv3 and TLSv1. */ -# define SSL3_CT_NUMBER 9 +# define SSL3_CT_NUMBER 10 + +# if defined(TLS_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif # define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 diff --git a/deps/openssl/openssl/include/openssl/tls1.h b/deps/openssl/openssl/include/openssl/tls1.h index 3fe01fe813..732e87ab35 100644 --- a/deps/openssl/openssl/include/openssl/tls1.h +++ b/deps/openssl/openssl/include/openssl/tls1.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -883,7 +883,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see * comment there) */ -# define TLS_CT_NUMBER 9 +# define TLS_CT_NUMBER 10 + +# if defined(SSL3_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif # define TLS1_FINISH_MAC_LENGTH 12 diff --git a/deps/openssl/openssl/include/openssl/x509.h b/deps/openssl/openssl/include/openssl/x509.h index d23fad8e35..780386d530 100644 --- a/deps/openssl/openssl/include/openssl/x509.h +++ b/deps/openssl/openssl/include/openssl/x509.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -805,7 +805,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const unsigned char *bytes, int len); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, - int type, + int type, const unsigned char *bytes, int len); int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, @@ -1055,6 +1055,7 @@ int ERR_load_X509_strings(void); # define X509_F_X509_LOAD_CERT_CRL_FILE 132 # define X509_F_X509_LOAD_CERT_FILE 111 # define X509_F_X509_LOAD_CRL_FILE 112 +# define X509_F_X509_LOOKUP_METH_NEW 160 # define X509_F_X509_NAME_ADD_ENTRY 113 # define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 # define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 diff --git a/deps/openssl/openssl/include/openssl/x509_vfy.h b/deps/openssl/openssl/include/openssl/x509_vfy.h index 1aa0a33b8a..d91581c773 100644 --- a/deps/openssl/openssl/include/openssl/x509_vfy.h +++ b/deps/openssl/openssl/include/openssl/x509_vfy.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -257,7 +257,9 @@ X509_OBJECT *X509_OBJECT_new(void); void X509_OBJECT_free(X509_OBJECT *a); X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); +int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a); +int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); X509_STORE *X509_STORE_new(void); void X509_STORE_free(X509_STORE *v); int X509_STORE_lock(X509_STORE *ctx); @@ -364,6 +366,76 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); X509_LOOKUP_METHOD *X509_LOOKUP_file(void); +typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); +typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + ASN1_INTEGER *serial, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const unsigned char* bytes, + int len, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const char *str, + int len, + X509_OBJECT *ret); + +X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); +void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, + int (*new_item) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, + void (*free) (X509_LOOKUP *ctx)); +void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, + int (*init) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, + int (*shutdown) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, + X509_LOOKUP_ctrl_fn ctrl_fn); +X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_subject_fn fn); +X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_issuer_serial_fn fn); +X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_fingerprint_fn fn); +X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn fn); +X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method); + + int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); @@ -393,6 +465,9 @@ int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, X509_OBJECT *ret); int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const char *str, int len, X509_OBJECT *ret); +int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); +void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); +X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); int X509_STORE_load_locations(X509_STORE *ctx, @@ -475,6 +550,7 @@ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, const char *name, size_t namelen); void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); +unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, |