src - FreeBSD source tree

diff options


context:
space:
mode:

author	Jung-uk Kim <jkim@FreeBSD.org>	2018-11-20 18:59:41 +0000
committer	Jung-uk Kim <jkim@FreeBSD.org>	2018-11-20 18:59:41 +0000
commit	8c3f9abd70b3f447a4795c1b00b386b044fb322d (patch)
tree	884976f2693f42bade35b92edc3c1f7f8c53825b /include
parent	a43ce912fc025d11e1395506111f75fc194d7ba5 (diff)
download	src-8c3f9abd70b3f447a4795c1b00b386b044fb322d.tar.gz src-8c3f9abd70b3f447a4795c1b00b386b044fb322d.zip

Import OpenSSL 1.1.1a.vendor/openssl/1.1.1a

Notes

Notes: svn path=/vendor-crypto/openssl/dist/; revision=340690 svn path=/vendor-crypto/openssl/1.1.1a/; revision=340691; tag=vendor/openssl/1.1.1a

Diffstat (limited to 'include')

-rw-r--r--

include/internal/cryptlib.h

-rw-r--r--

include/internal/tsan_assist.h

-rw-r--r--

include/openssl/cryptoerr.h

-rw-r--r--

include/openssl/ec.h

-rw-r--r--

include/openssl/ocsp.h

-rw-r--r--

include/openssl/opensslv.h

-rw-r--r--

include/openssl/rand_drbg.h

-rw-r--r--

include/openssl/randerr.h

-rw-r--r--

include/openssl/rsa.h

-rw-r--r--

include/openssl/ssl.h

-rw-r--r--

include/openssl/symhacks.h

-rw-r--r--

include/openssl/tls1.h

12 files changed, 63 insertions, 35 deletions

diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
index a608735187f8..329ef62014f6 100644
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h

@@ -81,6 +81,8 @@ void OPENSSL_showfatal(const char *fmta, ...);

void crypto_cleanup_all_ex_data_int(void);

int openssl_init_fork_handlers(void);

+char *ossl_safe_getenv(const char *name);

extern CRYPTO_RWLOCK *memdbg_lock;

int openssl_strerror_r(int errnum, char *buf, size_t buflen);

# if !defined(OPENSSL_NO_STDIO)

diff --git a/include/internal/tsan_assist.h b/include/internal/tsan_assist.h
index 2c7638344a00..f30ffe398ac7 100644
--- a/include/internal/tsan_assist.h
+++ b/include/internal/tsan_assist.h

@@ -57,6 +57,7 @@

# define tsan_load(ptr) atomic_load_explicit((ptr), memory_order_relaxed)

# define tsan_store(ptr, val) atomic_store_explicit((ptr), (val), memory_order_relaxed)

# define tsan_counter(ptr) atomic_fetch_add_explicit((ptr), 1, memory_order_relaxed)

+# define tsan_decr(ptr) atomic_fetch_add_explicit((ptr), -1, memory_order_relaxed)

# define tsan_ld_acq(ptr) atomic_load_explicit((ptr), memory_order_acquire)

# define tsan_st_rel(ptr, val) atomic_store_explicit((ptr), (val), memory_order_release)

# endif

@@ -69,6 +70,7 @@

# define tsan_load(ptr) __atomic_load_n((ptr), __ATOMIC_RELAXED)

# define tsan_store(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELAXED)

# define tsan_counter(ptr) __atomic_fetch_add((ptr), 1, __ATOMIC_RELAXED)

+# define tsan_decr(ptr) __atomic_fetch_add((ptr), -1, __ATOMIC_RELAXED)

# define tsan_ld_acq(ptr) __atomic_load_n((ptr), __ATOMIC_ACQUIRE)

# define tsan_st_rel(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELEASE)

# endif

@@ -113,8 +115,11 @@

# pragma intrinsic(_InterlockedExchangeAdd64)

# define tsan_counter(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), 1) \

: _InterlockedExchangeAdd((ptr), 1))

+# define tsan_decr(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), -1) \

+ : _InterlockedExchangeAdd((ptr), -1))

# else

# define tsan_counter(ptr) _InterlockedExchangeAdd((ptr), 1)

+# define tsan_decr(ptr) _InterlockedExchangeAdd((ptr), -1)

# endif

# if !defined(_ISO_VOLATILE)

# define tsan_ld_acq(ptr) (*(ptr))

@@ -129,6 +134,7 @@

# define tsan_load(ptr) (*(ptr))

# define tsan_store(ptr, val) (*(ptr) = (val))

# define tsan_counter(ptr) ((*(ptr))++)

+# define tsan_decr(ptr) ((*(ptr))--)

* Lack of tsan_ld_acq and tsan_ld_rel means that compiler support is not

* sophisticated enough to support them. Code that relies on them should be

diff --git a/include/openssl/cryptoerr.h b/include/openssl/cryptoerr.h
index e127ff602c4b..10723d0454b3 100644
--- a/include/openssl/cryptoerr.h
+++ b/include/openssl/cryptoerr.h

@@ -14,6 +14,9 @@

# ifdef __cplusplus

extern "C"

# endif

+# include <openssl/symhacks.h>

int ERR_load_CRYPTO_strings(void);

diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 4d70da70a614..347cfb6d097b 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h

@@ -1107,6 +1107,11 @@ const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);

int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);

EC_KEY *EC_KEY_new_method(ENGINE *engine);

+/** The old name for ecdh_KDF_X9_63

+ * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,

+ * it is actually specified in ANSI X9.63.

+ * This identifier is retained for backwards compatibility

+ */

int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,

const unsigned char *Z, size_t Zlen,

const unsigned char *sinfo, size_t sinfolen,

@@ -1457,7 +1462,13 @@ void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,

# define EVP_PKEY_CTRL_GET1_ID_LEN (EVP_PKEY_ALG_CTRL + 13)

/* KDF types */

# define EVP_PKEY_ECDH_KDF_NONE 1

-# define EVP_PKEY_ECDH_KDF_X9_62 2

+# define EVP_PKEY_ECDH_KDF_X9_63 2

+/** The old name for EVP_PKEY_ECDH_KDF_X9_63

+ * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,

+ * it is actually specified in ANSI X9.63.

+ * This identifier is retained for backwards compatibility

+ */

+# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63

# ifdef __cplusplus

diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h
index 937b32271b21..0a17166b5bf6 100644
--- a/include/openssl/ocsp.h
+++ b/include/openssl/ocsp.h

@@ -93,7 +93,6 @@ typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES;

# define V_OCSP_RESPID_KEY 1

DEFINE_STACK_OF(OCSP_RESPID)

-DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)

typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO;

@@ -162,8 +161,6 @@ int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it,

int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval,

const ASN1_ITEM *it);

BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx);

-int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it,

- ASN1_VALUE *val);

int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path);

int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);

int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,

diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h
index 9e66fc13faab..af7a3b564e9d 100644
--- a/include/openssl/opensslv.h
+++ b/include/openssl/opensslv.h

@@ -39,8 +39,8 @@ extern "C" {

* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for

* major minor fix final patch/beta)

-# define OPENSSL_VERSION_NUMBER 0x1010100fL

-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1 11 Sep 2018"

+# define OPENSSL_VERSION_NUMBER 0x1010101fL

+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1a 20 Nov 2018"

/*-

* The macros below are to be used for shared library (.so, .dll, ...)

diff --git a/include/openssl/rand_drbg.h b/include/openssl/rand_drbg.h
index 282356e16176..45b731b73c26 100644
--- a/include/openssl/rand_drbg.h
+++ b/include/openssl/rand_drbg.h

@@ -12,23 +12,31 @@

# include <time.h>

# include <openssl/ossl_typ.h>

+# include <openssl/obj_mac.h>

+/*

+ * RAND_DRBG flags

+ *

+ * Note: if new flags are added, the constant `rand_drbg_used_flags`

+ * in drbg_lib.c needs to be updated accordingly.

+ */

/* In CTR mode, disable derivation function ctr_df */

# define RAND_DRBG_FLAG_CTR_NO_DF 0x1

-/* A logical OR of all used flag bits (currently there is only one) */

-# define RAND_DRBG_USED_FLAGS ( \

- RAND_DRBG_FLAG_CTR_NO_DF \

- )

+# if OPENSSL_API_COMPAT < 0x10200000L

+/* This #define was replaced by an internal constant and should not be used. */

+# define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF)

+# endif

* Default security strength (in the sense of [NIST SP 800-90Ar1])

* NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that

- * of the cipher by collecting less entropy. The current DRBG implemantion does

- * not take RAND_DRBG_STRENGTH into account and sets the strength of the DRBG

- * to that of the cipher.

+ * of the cipher by collecting less entropy. The current DRBG implementation

+ * does not take RAND_DRBG_STRENGTH into account and sets the strength of the

+ * DRBG to that of the cipher.

* RAND_DRBG_STRENGTH is currently only used for the legacy RAND

* implementation.

@@ -37,7 +45,9 @@

* NID_aes_256_ctr

# define RAND_DRBG_STRENGTH 256

+/* Default drbg type */

# define RAND_DRBG_TYPE NID_aes_256_ctr

+/* Default drbg flags */

# define RAND_DRBG_FLAGS 0

diff --git a/include/openssl/randerr.h b/include/openssl/randerr.h
index 128f4dea751c..599a2a18d41f 100644
--- a/include/openssl/randerr.h
+++ b/include/openssl/randerr.h

@@ -40,6 +40,7 @@ int ERR_load_RAND_strings(void);

# define RAND_F_RAND_POOL_ADD 103

# define RAND_F_RAND_POOL_ADD_BEGIN 113

# define RAND_F_RAND_POOL_ADD_END 114

+# define RAND_F_RAND_POOL_ATTACH 124

# define RAND_F_RAND_POOL_BYTES_NEEDED 115

# define RAND_F_RAND_POOL_NEW 116

# define RAND_F_RAND_WRITE_FILE 112

diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index a611b6a0be92..cdce1264eb5c 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h

@@ -160,7 +160,7 @@ extern "C" {

# define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \

EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \

- EVP_PKEY_OP_TYPE_KEYGEN, EVP_PKEY_CTRL_MD, \

+ EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, \

0, (void *)(md))

# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1)

@@ -456,9 +456,9 @@ int RSA_meth_set_priv_dec(RSA_METHOD *rsa,

unsigned char *to, RSA *rsa,

int padding));

int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))

- (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);

+ (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);

int RSA_meth_set_mod_exp(RSA_METHOD *rsa,

- int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa,

+ int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa,

BN_CTX *ctx));

int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))

(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 0a18a43544cb..d6b1b4e6a670 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -1271,7 +1271,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)

# define SSL_CTRL_SET_VERIFY_CERT_STORE 106

# define SSL_CTRL_SET_CHAIN_CERT_STORE 107

# define SSL_CTRL_GET_PEER_SIGNATURE_NID 108

-# define SSL_CTRL_GET_SERVER_TMP_KEY 109

+# define SSL_CTRL_GET_PEER_TMP_KEY 109

# define SSL_CTRL_GET_RAW_CIPHERLIST 110

# define SSL_CTRL_GET_EC_POINT_FORMATS 111

# define SSL_CTRL_GET_CHAIN_CERTS 115

@@ -1290,6 +1290,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)

# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129

# define SSL_CTRL_GET_MIN_PROTO_VERSION 130

# define SSL_CTRL_GET_MAX_PROTO_VERSION 131

+# define SSL_CTRL_GET_SIGNATURE_NID 132

+# define SSL_CTRL_GET_TMP_KEY 133

# define SSL_CERT_SET_FIRST 1

# define SSL_CERT_SET_NEXT 2

# define SSL_CERT_SET_SERVER 3

@@ -1410,10 +1412,14 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)

(char *)(clist))

# define SSL_set1_client_certificate_types(s, clist, clistlen) \

SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist))

+# define SSL_get_signature_nid(s, pn) \

+ SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn)

# define SSL_get_peer_signature_nid(s, pn) \

SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)

-# define SSL_get_server_tmp_key(s, pk) \

- SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)

+# define SSL_get_peer_tmp_key(s, pk) \

+ SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk)

+# define SSL_get_tmp_key(s, pk) \

+ SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk)

# define SSL_get0_raw_cipherlist(s, plst) \

SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst)

# define SSL_get0_ec_point_formats(s, plst) \

@@ -1435,6 +1441,12 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)

# define SSL_get_max_proto_version(s) \

SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)

+/* Backwards compatibility, original 1.1.0 names */

+# define SSL_CTRL_GET_SERVER_TMP_KEY \

+ SSL_CTRL_GET_PEER_TMP_KEY

+# define SSL_get_server_tmp_key(s, pk) \

+ SSL_get_peer_tmp_key(s, pk)

* The following symbol names are old and obsolete. They are kept

* for compatibility reasons only and should not be used anymore.

diff --git a/include/openssl/symhacks.h b/include/openssl/symhacks.h
index caf1f1a75d02..156ea6e4ee95 100644
--- a/include/openssl/symhacks.h
+++ b/include/openssl/symhacks.h

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -28,21 +28,6 @@

# undef i2d_ECPKPARAMETERS

# define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS

-/*

- * These functions do not seem to exist! However, I'm paranoid... Original

- * command in x509v3.h: These functions are being redefined in another

- * directory, and clash when the linker is case-insensitive, so let's hide

- * them a little, by giving them an extra 'o' at the beginning of the name...

- */

-# undef X509v3_cleanup_extensions

-# define X509v3_cleanup_extensions oX509v3_cleanup_extensions

-# undef X509v3_add_extension

-# define X509v3_add_extension oX509v3_add_extension

-# undef X509v3_add_netscape_extensions

-# define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions

-# undef X509v3_add_standard_extensions

-# define X509v3_add_standard_extensions oX509v3_add_standard_extensions

/* This one clashes with CMS_data_create */

# undef cms_Data_create

# define cms_Data_create priv_cms_Data_create

diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 2e46cf80d342..e13b5dd4bc65 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h

@@ -241,6 +241,7 @@ __owur int SSL_export_keying_material_early(SSL *s, unsigned char *out,

size_t contextlen);

int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid);

+int SSL_get_signature_type_nid(const SSL *s, int *pnid);

int SSL_get_sigalgs(SSL *s, int idx,

int *psign, int *phash, int *psignandhash,