diff options
author | Jung-uk Kim <jkim@FreeBSD.org> | 2018-11-20 18:59:41 +0000 |
---|---|---|
committer | Jung-uk Kim <jkim@FreeBSD.org> | 2018-11-20 18:59:41 +0000 |
commit | 8c3f9abd70b3f447a4795c1b00b386b044fb322d (patch) | |
tree | 884976f2693f42bade35b92edc3c1f7f8c53825b /include | |
parent | a43ce912fc025d11e1395506111f75fc194d7ba5 (diff) | |
download | src-8c3f9abd70b3f447a4795c1b00b386b044fb322d.tar.gz src-8c3f9abd70b3f447a4795c1b00b386b044fb322d.zip |
Import OpenSSL 1.1.1a.vendor/openssl/1.1.1a
Notes
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=340690
svn path=/vendor-crypto/openssl/1.1.1a/; revision=340691; tag=vendor/openssl/1.1.1a
Diffstat (limited to 'include')
-rw-r--r-- | include/internal/cryptlib.h | 2 | ||||
-rw-r--r-- | include/internal/tsan_assist.h | 6 | ||||
-rw-r--r-- | include/openssl/cryptoerr.h | 3 | ||||
-rw-r--r-- | include/openssl/ec.h | 13 | ||||
-rw-r--r-- | include/openssl/ocsp.h | 3 | ||||
-rw-r--r-- | include/openssl/opensslv.h | 4 | ||||
-rw-r--r-- | include/openssl/rand_drbg.h | 24 | ||||
-rw-r--r-- | include/openssl/randerr.h | 1 | ||||
-rw-r--r-- | include/openssl/rsa.h | 6 | ||||
-rw-r--r-- | include/openssl/ssl.h | 18 | ||||
-rw-r--r-- | include/openssl/symhacks.h | 17 | ||||
-rw-r--r-- | include/openssl/tls1.h | 1 |
12 files changed, 63 insertions, 35 deletions
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h index a608735187f8..329ef62014f6 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -81,6 +81,8 @@ void OPENSSL_showfatal(const char *fmta, ...); void crypto_cleanup_all_ex_data_int(void); int openssl_init_fork_handlers(void); +char *ossl_safe_getenv(const char *name); + extern CRYPTO_RWLOCK *memdbg_lock; int openssl_strerror_r(int errnum, char *buf, size_t buflen); # if !defined(OPENSSL_NO_STDIO) diff --git a/include/internal/tsan_assist.h b/include/internal/tsan_assist.h index 2c7638344a00..f30ffe398ac7 100644 --- a/include/internal/tsan_assist.h +++ b/include/internal/tsan_assist.h @@ -57,6 +57,7 @@ # define tsan_load(ptr) atomic_load_explicit((ptr), memory_order_relaxed) # define tsan_store(ptr, val) atomic_store_explicit((ptr), (val), memory_order_relaxed) # define tsan_counter(ptr) atomic_fetch_add_explicit((ptr), 1, memory_order_relaxed) +# define tsan_decr(ptr) atomic_fetch_add_explicit((ptr), -1, memory_order_relaxed) # define tsan_ld_acq(ptr) atomic_load_explicit((ptr), memory_order_acquire) # define tsan_st_rel(ptr, val) atomic_store_explicit((ptr), (val), memory_order_release) # endif @@ -69,6 +70,7 @@ # define tsan_load(ptr) __atomic_load_n((ptr), __ATOMIC_RELAXED) # define tsan_store(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELAXED) # define tsan_counter(ptr) __atomic_fetch_add((ptr), 1, __ATOMIC_RELAXED) +# define tsan_decr(ptr) __atomic_fetch_add((ptr), -1, __ATOMIC_RELAXED) # define tsan_ld_acq(ptr) __atomic_load_n((ptr), __ATOMIC_ACQUIRE) # define tsan_st_rel(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELEASE) # endif @@ -113,8 +115,11 @@ # pragma intrinsic(_InterlockedExchangeAdd64) # define tsan_counter(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), 1) \ : _InterlockedExchangeAdd((ptr), 1)) +# define tsan_decr(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), -1) \ + : _InterlockedExchangeAdd((ptr), -1)) # else # define tsan_counter(ptr) _InterlockedExchangeAdd((ptr), 1) +# define tsan_decr(ptr) _InterlockedExchangeAdd((ptr), -1) # endif # if !defined(_ISO_VOLATILE) # define tsan_ld_acq(ptr) (*(ptr)) @@ -129,6 +134,7 @@ # define tsan_load(ptr) (*(ptr)) # define tsan_store(ptr, val) (*(ptr) = (val)) # define tsan_counter(ptr) ((*(ptr))++) +# define tsan_decr(ptr) ((*(ptr))--) /* * Lack of tsan_ld_acq and tsan_ld_rel means that compiler support is not * sophisticated enough to support them. Code that relies on them should be diff --git a/include/openssl/cryptoerr.h b/include/openssl/cryptoerr.h index e127ff602c4b..10723d0454b3 100644 --- a/include/openssl/cryptoerr.h +++ b/include/openssl/cryptoerr.h @@ -14,6 +14,9 @@ # ifdef __cplusplus extern "C" # endif + +# include <openssl/symhacks.h> + int ERR_load_CRYPTO_strings(void); /* diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 4d70da70a614..347cfb6d097b 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1107,6 +1107,11 @@ const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); EC_KEY *EC_KEY_new_method(ENGINE *engine); +/** The old name for ecdh_KDF_X9_63 + * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, const unsigned char *sinfo, size_t sinfolen, @@ -1457,7 +1462,13 @@ void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, # define EVP_PKEY_CTRL_GET1_ID_LEN (EVP_PKEY_ALG_CTRL + 13) /* KDF types */ # define EVP_PKEY_ECDH_KDF_NONE 1 -# define EVP_PKEY_ECDH_KDF_X9_62 2 +# define EVP_PKEY_ECDH_KDF_X9_63 2 +/** The old name for EVP_PKEY_ECDH_KDF_X9_63 + * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ +# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63 # ifdef __cplusplus diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h index 937b32271b21..0a17166b5bf6 100644 --- a/include/openssl/ocsp.h +++ b/include/openssl/ocsp.h @@ -93,7 +93,6 @@ typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; # define V_OCSP_RESPID_KEY 1 DEFINE_STACK_OF(OCSP_RESPID) -DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; @@ -162,8 +161,6 @@ int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval, const ASN1_ITEM *it); BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx); -int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, - ASN1_VALUE *val); int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path); int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index 9e66fc13faab..af7a3b564e9d 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1010100fL -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1 11 Sep 2018" +# define OPENSSL_VERSION_NUMBER 0x1010101fL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1a 20 Nov 2018" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/include/openssl/rand_drbg.h b/include/openssl/rand_drbg.h index 282356e16176..45b731b73c26 100644 --- a/include/openssl/rand_drbg.h +++ b/include/openssl/rand_drbg.h @@ -12,23 +12,31 @@ # include <time.h> # include <openssl/ossl_typ.h> +# include <openssl/obj_mac.h> +/* + * RAND_DRBG flags + * + * Note: if new flags are added, the constant `rand_drbg_used_flags` + * in drbg_lib.c needs to be updated accordingly. + */ /* In CTR mode, disable derivation function ctr_df */ # define RAND_DRBG_FLAG_CTR_NO_DF 0x1 -/* A logical OR of all used flag bits (currently there is only one) */ -# define RAND_DRBG_USED_FLAGS ( \ - RAND_DRBG_FLAG_CTR_NO_DF \ - ) + +# if OPENSSL_API_COMPAT < 0x10200000L +/* This #define was replaced by an internal constant and should not be used. */ +# define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF) +# endif /* * Default security strength (in the sense of [NIST SP 800-90Ar1]) * * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that - * of the cipher by collecting less entropy. The current DRBG implemantion does - * not take RAND_DRBG_STRENGTH into account and sets the strength of the DRBG - * to that of the cipher. + * of the cipher by collecting less entropy. The current DRBG implementation + * does not take RAND_DRBG_STRENGTH into account and sets the strength of the + * DRBG to that of the cipher. * * RAND_DRBG_STRENGTH is currently only used for the legacy RAND * implementation. @@ -37,7 +45,9 @@ * NID_aes_256_ctr */ # define RAND_DRBG_STRENGTH 256 +/* Default drbg type */ # define RAND_DRBG_TYPE NID_aes_256_ctr +/* Default drbg flags */ # define RAND_DRBG_FLAGS 0 diff --git a/include/openssl/randerr.h b/include/openssl/randerr.h index 128f4dea751c..599a2a18d41f 100644 --- a/include/openssl/randerr.h +++ b/include/openssl/randerr.h @@ -40,6 +40,7 @@ int ERR_load_RAND_strings(void); # define RAND_F_RAND_POOL_ADD 103 # define RAND_F_RAND_POOL_ADD_BEGIN 113 # define RAND_F_RAND_POOL_ADD_END 114 +# define RAND_F_RAND_POOL_ATTACH 124 # define RAND_F_RAND_POOL_BYTES_NEEDED 115 # define RAND_F_RAND_POOL_NEW 116 # define RAND_F_RAND_WRITE_FILE 112 diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index a611b6a0be92..cdce1264eb5c 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -160,7 +160,7 @@ extern "C" { # define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \ - EVP_PKEY_OP_TYPE_KEYGEN, EVP_PKEY_CTRL_MD, \ + EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, \ 0, (void *)(md)) # define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) @@ -456,9 +456,9 @@ int RSA_meth_set_priv_dec(RSA_METHOD *rsa, unsigned char *to, RSA *rsa, int padding)); int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) - (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); + (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); int RSA_meth_set_mod_exp(RSA_METHOD *rsa, - int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, + int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx)); int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 0a18a43544cb..d6b1b4e6a670 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1271,7 +1271,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_SET_VERIFY_CERT_STORE 106 # define SSL_CTRL_SET_CHAIN_CERT_STORE 107 # define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 -# define SSL_CTRL_GET_SERVER_TMP_KEY 109 +# define SSL_CTRL_GET_PEER_TMP_KEY 109 # define SSL_CTRL_GET_RAW_CIPHERLIST 110 # define SSL_CTRL_GET_EC_POINT_FORMATS 111 # define SSL_CTRL_GET_CHAIN_CERTS 115 @@ -1290,6 +1290,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 # define SSL_CTRL_GET_MIN_PROTO_VERSION 130 # define SSL_CTRL_GET_MAX_PROTO_VERSION 131 +# define SSL_CTRL_GET_SIGNATURE_NID 132 +# define SSL_CTRL_GET_TMP_KEY 133 # define SSL_CERT_SET_FIRST 1 # define SSL_CERT_SET_NEXT 2 # define SSL_CERT_SET_SERVER 3 @@ -1410,10 +1412,14 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) (char *)(clist)) # define SSL_set1_client_certificate_types(s, clist, clistlen) \ SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist)) +# define SSL_get_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn) # define SSL_get_peer_signature_nid(s, pn) \ SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) -# define SSL_get_server_tmp_key(s, pk) \ - SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) +# define SSL_get_peer_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk) +# define SSL_get_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk) # define SSL_get0_raw_cipherlist(s, plst) \ SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) # define SSL_get0_ec_point_formats(s, plst) \ @@ -1435,6 +1441,12 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_get_max_proto_version(s) \ SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) +/* Backwards compatibility, original 1.1.0 names */ +# define SSL_CTRL_GET_SERVER_TMP_KEY \ + SSL_CTRL_GET_PEER_TMP_KEY +# define SSL_get_server_tmp_key(s, pk) \ + SSL_get_peer_tmp_key(s, pk) + /* * The following symbol names are old and obsolete. They are kept * for compatibility reasons only and should not be used anymore. diff --git a/include/openssl/symhacks.h b/include/openssl/symhacks.h index caf1f1a75d02..156ea6e4ee95 100644 --- a/include/openssl/symhacks.h +++ b/include/openssl/symhacks.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,21 +28,6 @@ # undef i2d_ECPKPARAMETERS # define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS -/* - * These functions do not seem to exist! However, I'm paranoid... Original - * command in x509v3.h: These functions are being redefined in another - * directory, and clash when the linker is case-insensitive, so let's hide - * them a little, by giving them an extra 'o' at the beginning of the name... - */ -# undef X509v3_cleanup_extensions -# define X509v3_cleanup_extensions oX509v3_cleanup_extensions -# undef X509v3_add_extension -# define X509v3_add_extension oX509v3_add_extension -# undef X509v3_add_netscape_extensions -# define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions -# undef X509v3_add_standard_extensions -# define X509v3_add_standard_extensions oX509v3_add_standard_extensions - /* This one clashes with CMS_data_create */ # undef cms_Data_create # define cms_Data_create priv_cms_Data_create diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 2e46cf80d342..e13b5dd4bc65 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -241,6 +241,7 @@ __owur int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t contextlen); int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid); +int SSL_get_signature_type_nid(const SSL *s, int *pnid); int SSL_get_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignandhash, |