From 405119928c8c824c6873c2e0a21d4ef53453976a Mon Sep 17 00:00:00 2001 From: Felix Schulze Date: Mon, 7 Apr 2014 21:33:14 +0200 Subject: [PATCH] OpenSSL 1.0.1g --- README.md | 1 + build-libssl.sh | 2 +- include/openssl/bn.h | 11 +++++++++++ include/openssl/kssl.h | 9 +++++++++ include/openssl/opensslv.h | 6 +++--- include/openssl/ssl.h | 2 +- include/openssl/symhacks.h | 6 ++++++ include/openssl/tls1.h | 6 ++++++ 8 files changed, 38 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 7c8f26a..28f8b27 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,7 @@ For iOS < 4.3 you must use iOS SDK < 6.0 and an older version of the build scrip * ## Changelog +* 2014-04-07: OpenSSL 1.0.1g * 2014-03-12: iOS 7.1 support * 2014-01-07: OpenSSL 1.0.1f * 2013-10-12: x86_64 support, Migrate project to iOS 7.0 diff --git a/build-libssl.sh b/build-libssl.sh index dcd5a84..0a997e6 100755 --- a/build-libssl.sh +++ b/build-libssl.sh @@ -21,7 +21,7 @@ ########################################################################### # Change values here # # -VERSION="1.0.1f" # +VERSION="1.0.1g" # SDKVERSION="7.1" # # # ########################################################################### diff --git a/include/openssl/bn.h b/include/openssl/bn.h index f34248e..21a1a3f 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, BIGNUM *BN_mod_sqrt(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + /* Deprecated versions */ #ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, @@ -774,11 +776,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num); #define bn_fix_top(a) bn_check_top(a) +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +#define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ + } while(0) + #else /* !BN_DEBUG */ #define bn_pollute(a) #define bn_check_top(a) #define bn_fix_top(a) bn_correct_top(a) +#define bn_check_size(bn, bits) +#define bn_wcheck_size(bn, words) #endif diff --git a/include/openssl/kssl.h b/include/openssl/kssl.h index 8242fd5..e4df843 100644 --- a/include/openssl/kssl.h +++ b/include/openssl/kssl.h @@ -70,6 +70,15 @@ #include #include #include +#ifdef OPENSSL_SYS_WIN32 +/* These can sometimes get redefined indirectly by krb5 header files + * after they get undefed in ossl_typ.h + */ +#undef X509_NAME +#undef X509_EXTENSIONS +#undef OCSP_REQUEST +#undef OCSP_RESPONSE +#endif #ifdef __cplusplus extern "C" { diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index b27a5bb..ebe7180 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x1000106fL +#define OPENSSL_VERSION_NUMBER 0x1000107fL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f-fips 6 Jan 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-fips 7 Apr 2014" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f 6 Jan 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g 7 Apr 2014" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index dece04d..7219a0e 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -915,7 +915,7 @@ struct ssl_ctx_st */ unsigned int max_send_fragment; -#ifndef OPENSSL_ENGINE +#ifndef OPENSSL_NO_ENGINE /* Engine to pass requests for client certs to */ ENGINE *client_cert_engine; diff --git a/include/openssl/symhacks.h b/include/openssl/symhacks.h index 07a412f..bd2f000 100644 --- a/include/openssl/symhacks.h +++ b/include/openssl/symhacks.h @@ -204,6 +204,12 @@ #define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb #undef SSL_CTX_set_next_proto_select_cb #define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb +#undef ssl3_cbc_record_digest_supported +#define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support +#undef ssl_check_clienthello_tlsext_late +#define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late +#undef ssl_check_clienthello_tlsext_early +#define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early /* Hack some long ENGINE names */ #undef ENGINE_get_default_BN_mod_exp_crt diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index c39c267..c992091 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -230,6 +230,12 @@ extern "C" { /* ExtensionType value from RFC5620 */ #define TLSEXT_TYPE_heartbeat 15 +/* ExtensionType value for TLS padding extension. + * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml + * http://tools.ietf.org/html/draft-agl-tls-padding-03 + */ +#define TLSEXT_TYPE_padding 21 + /* ExtensionType value from RFC4507 */ #define TLSEXT_TYPE_session_ticket 35