diff --git a/checkin_notes b/checkin_notes index 8024c2e857..b165baac38 100755 --- a/checkin_notes +++ b/checkin_notes @@ -2220,3 +2220,9 @@ Rom 6 Mar 2007 clientgui/ ProjectInfoPage.cpp + +Rom 7 Mar 2007 + - Update OpenSSL modules for windows to OpenSSL 0.9.8e. + + openssl/ + diff --git a/openssl/README b/openssl/README index 74cb76a4c7..907e2354bf 100644 --- a/openssl/README +++ b/openssl/README @@ -1,7 +1,7 @@ - OpenSSL 0.9.8 05 Jul 2005 + OpenSSL 0.9.8e 23 Feb 2007 - Copyright (c) 1998-2005 The OpenSSL Project + Copyright (c) 1998-2007 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. @@ -113,6 +113,10 @@ The MDC2 algorithm is patented by IBM. + NTT and Mitsubishi have patents and pending patents on the Camellia + algorithm, but allow use at no charge without requiring an explicit + licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html + INSTALLATION ------------ diff --git a/openssl/include/openssl/aes.h b/openssl/include/openssl/aes.h index 05cd382577..e6fc44a24d 100644 --- a/openssl/include/openssl/aes.h +++ b/openssl/include/openssl/aes.h @@ -119,10 +119,20 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned int *num); +/* For IGE, see also http://www.links.org/files/openssl-ige.pdf */ +/* NB: the IV is _two_ blocks long */ +void AES_ige_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const AES_KEY *key, + unsigned char *ivec, const int enc); +/* NB: the IV is _four_ blocks long */ +void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, + const unsigned long length, const AES_KEY *key, + const AES_KEY *key2, const unsigned char *ivec, + const int enc); + #ifdef __cplusplus } #endif #endif /* !HEADER_AES_H */ - \ No newline at end of file diff --git a/openssl/include/openssl/applink.c b/openssl/include/openssl/applink.c index f4b1329ad9..54a0a64262 100644 --- a/openssl/include/openssl/applink.c +++ b/openssl/include/openssl/applink.c @@ -39,7 +39,20 @@ static int app_fileno(FILE *fp) { return _fileno(fp); } static int app_fsetmod(FILE *fp,char mod) { return _setmode (_fileno(fp),mod=='b'?_O_BINARY:_O_TEXT); } -__declspec(dllexport) void **OPENSSL_Applink(void) +#ifdef __cplusplus +extern "C" { +#endif + +__declspec(dllexport) +void ** +#if defined(__BORLANDC__) +__stdcall /* __stdcall appears to be the only way to get the name + * decoration right with Borland C. Otherwise it works + * purely incidentally, as we pass no parameters. */ +#else +__cdecl +#endif +OPENSSL_Applink(void) { static int once=1; static void *OPENSSL_ApplinkTable[APPLINK_MAX+1]={(void *)APPLINK_MAX}; @@ -74,5 +87,8 @@ __declspec(dllexport) void **OPENSSL_Applink(void) return OPENSSL_ApplinkTable; } + +#ifdef __cplusplus +} +#endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/asn1.h b/openssl/include/openssl/asn1.h index cb4b9db7bd..30f1eecd5b 100644 --- a/openssl/include/openssl/asn1.h +++ b/openssl/include/openssl/asn1.h @@ -149,6 +149,7 @@ extern "C" { #define B_ASN1_UTF8STRING 0x2000 #define B_ASN1_UTCTIME 0x4000 #define B_ASN1_GENERALIZEDTIME 0x8000 +#define B_ASN1_SEQUENCE 0x10000 /* For use with ASN1_mbstring_copy() */ #define MBSTRING_FLAG 0x1000 @@ -594,6 +595,7 @@ typedef struct BIT_STRING_BITNAME_st { B_ASN1_UNIVERSALSTRING|\ B_ASN1_BMPSTRING|\ B_ASN1_UTF8STRING|\ + B_ASN1_SEQUENCE|\ B_ASN1_UNKNOWN #define B_ASN1_DIRECTORYSTRING \ @@ -1045,7 +1047,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_I2D_FP 117 #define ASN1_F_ASN1_INTEGER_SET 118 #define ASN1_F_ASN1_INTEGER_TO_BN 119 -#define ASN1_F_ASN1_ITEM_D2I_FP 190 +#define ASN1_F_ASN1_ITEM_D2I_FP 206 #define ASN1_F_ASN1_ITEM_DUP 191 #define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121 #define ASN1_F_ASN1_ITEM_EX_D2I 120 @@ -1229,4 +1231,3 @@ void ERR_load_ASN1_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/asn1_mac.h b/openssl/include/openssl/asn1_mac.h index 004530977b..d958ca60d9 100644 --- a/openssl/include/openssl/asn1_mac.h +++ b/openssl/include/openssl/asn1_mac.h @@ -569,4 +569,3 @@ void asn1_add_error(const unsigned char *address,int offset); #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/asn1t.h b/openssl/include/openssl/asn1t.h index a51fe55a0b..adbc2a63dd 100644 --- a/openssl/include/openssl/asn1t.h +++ b/openssl/include/openssl/asn1t.h @@ -99,7 +99,7 @@ extern "C" { #define ASN1_ITEM_start(itname) \ const ASN1_ITEM * itname##_it(void) \ { \ - static const ASN1_ITEM local_it = { \ + static const ASN1_ITEM local_it = { #define ASN1_ITEM_end(itname) \ }; \ @@ -884,4 +884,3 @@ int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const A } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/bio.h b/openssl/include/openssl/bio.h index d3f45aa6c8..2c9e8a7c80 100644 --- a/openssl/include/openssl/bio.h +++ b/openssl/include/openssl/bio.h @@ -196,28 +196,32 @@ extern "C" { */ #define BIO_FLAGS_MEM_RDONLY 0x200 -#define BIO_set_flags(b,f) ((b)->flags|=(f)) -#define BIO_get_flags(b) ((b)->flags) +typedef struct bio_st BIO; + +void BIO_set_flags(BIO *b, int flags); +int BIO_test_flags(const BIO *b, int flags); +void BIO_clear_flags(BIO *b, int flags); + +#define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) #define BIO_set_retry_special(b) \ - ((b)->flags|=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) + BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) #define BIO_set_retry_read(b) \ - ((b)->flags|=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) + BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) #define BIO_set_retry_write(b) \ - ((b)->flags|=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) + BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) /* These are normally used internally in BIOs */ -#define BIO_clear_flags(b,f) ((b)->flags&= ~(f)) #define BIO_clear_retry_flags(b) \ - ((b)->flags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) + BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) #define BIO_get_retry_flags(b) \ - ((b)->flags&(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) + BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) /* These should be used by the application to tell why we should retry */ -#define BIO_should_read(a) ((a)->flags & BIO_FLAGS_READ) -#define BIO_should_write(a) ((a)->flags & BIO_FLAGS_WRITE) -#define BIO_should_io_special(a) ((a)->flags & BIO_FLAGS_IO_SPECIAL) -#define BIO_retry_type(a) ((a)->flags & BIO_FLAGS_RWS) -#define BIO_should_retry(a) ((a)->flags & BIO_FLAGS_SHOULD_RETRY) +#define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) +#define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) +#define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) +#define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) +#define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) /* The next three are used in conjunction with the * BIO_should_io_special() condition. After this returns true, @@ -246,14 +250,14 @@ extern "C" { #define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) #define BIO_cb_post(a) ((a)&BIO_CB_RETURN) -#define BIO_set_callback(b,cb) ((b)->callback=(cb)) -#define BIO_set_callback_arg(b,arg) ((b)->cb_arg=(char *)(arg)) -#define BIO_get_callback_arg(b) ((b)->cb_arg) -#define BIO_get_callback(b) ((b)->callback) -#define BIO_method_name(b) ((b)->method->name) -#define BIO_method_type(b) ((b)->method->type) +long (*BIO_get_callback(const BIO *b)) (struct bio_st *,int,const char *,int, long,long); +void BIO_set_callback(BIO *b, + long (*callback)(struct bio_st *,int,const char *,int, long,long)); +char *BIO_get_callback_arg(const BIO *b); +void BIO_set_callback_arg(BIO *b, char *arg); -typedef struct bio_st BIO; +const char * BIO_method_name(const BIO *b); +int BIO_method_type(const BIO *b); typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long); @@ -386,6 +390,7 @@ typedef struct bio_f_buffer_ctx_struct #define BIO_C_NWRITE0 145 #define BIO_C_NWRITE 146 #define BIO_C_RESET_READ_REQUEST 147 +#define BIO_C_SET_MD_CTX 148 #define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) @@ -676,17 +681,20 @@ void BIO_copy_next_retry(BIO *b); /*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/ -#ifndef __GNUC__ -#define __attribute__(x) +#ifdef __GNUC__ +# define __bio_h__attr__ __attribute__ +#else +# define __bio_h__attr__(x) #endif int BIO_printf(BIO *bio, const char *format, ...) - __attribute__((__format__(__printf__,2,3))); + __bio_h__attr__((__format__(__printf__,2,3))); int BIO_vprintf(BIO *bio, const char *format, va_list args) - __attribute__((__format__(__printf__,2,0))); + __bio_h__attr__((__format__(__printf__,2,0))); int BIO_snprintf(char *buf, size_t n, const char *format, ...) - __attribute__((__format__(__printf__,3,4))); + __bio_h__attr__((__format__(__printf__,3,4))); int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) - __attribute__((__format__(__printf__,3,0))); + __bio_h__attr__((__format__(__printf__,3,0))); +#undef __bio_h__attr__ /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -765,4 +773,3 @@ void ERR_load_BIO_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/blowfish.h b/openssl/include/openssl/blowfish.h index e090f8e592..cd49e85ab2 100644 --- a/openssl/include/openssl/blowfish.h +++ b/openssl/include/openssl/blowfish.h @@ -125,4 +125,3 @@ const char *BF_options(void); #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/bn.h b/openssl/include/openssl/bn.h index 62603c4219..95c5d643cb 100644 --- a/openssl/include/openssl/bn.h +++ b/openssl/include/openssl/bn.h @@ -412,9 +412,15 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx); -/* BN_set_negative(): sets sign of a bignum */ +/** BN_set_negative sets sign of a BIGNUM + * \param b pointer to the BIGNUM object + * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise + */ void BN_set_negative(BIGNUM *b, int n); -/* BN_get_negative(): returns 1 if the bignum is < 0 and 0 otherwise */ +/** BN_is_negative returns 1 if the BIGNUM is negative + * \param a pointer to the BIGNUM object + * \return 1 if a < 0 and 0 otherwise + */ #define BN_is_negative(a) ((a)->neg != 0) int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, @@ -819,4 +825,3 @@ void ERR_load_BN_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/buffer.h b/openssl/include/openssl/buffer.h index 7badf8bda3..1db9607450 100644 --- a/openssl/include/openssl/buffer.h +++ b/openssl/include/openssl/buffer.h @@ -116,4 +116,3 @@ void ERR_load_BUF_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/cast.h b/openssl/include/openssl/cast.h index f00eb3f486..90b45b950a 100644 --- a/openssl/include/openssl/cast.h +++ b/openssl/include/openssl/cast.h @@ -103,4 +103,3 @@ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/comp.h b/openssl/include/openssl/comp.h index 615dd94ae5..5d59354a57 100644 --- a/openssl/include/openssl/comp.h +++ b/openssl/include/openssl/comp.h @@ -64,4 +64,3 @@ void ERR_load_COMP_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/conf.h b/openssl/include/openssl/conf.h index 1ca10eda65..4c073dd831 100644 --- a/openssl/include/openssl/conf.h +++ b/openssl/include/openssl/conf.h @@ -251,4 +251,3 @@ void ERR_load_CONF_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/conf_api.h b/openssl/include/openssl/conf_api.h index 3e1ded21d5..87a954aff6 100644 --- a/openssl/include/openssl/conf_api.h +++ b/openssl/include/openssl/conf_api.h @@ -87,4 +87,3 @@ void _CONF_free_data(CONF *conf); #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/crypto.h b/openssl/include/openssl/crypto.h index 435082b661..d2b5ffe332 100644 --- a/openssl/include/openssl/crypto.h +++ b/openssl/include/openssl/crypto.h @@ -548,4 +548,3 @@ void ERR_load_CRYPTO_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/des.h b/openssl/include/openssl/des.h index 2ab6127cc1..3cbc2b568e 100644 --- a/openssl/include/openssl/des.h +++ b/openssl/include/openssl/des.h @@ -242,4 +242,3 @@ int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt, #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/des_old.h b/openssl/include/openssl/des_old.h index d4f192005a..1b0620c3a2 100644 --- a/openssl/include/openssl/des_old.h +++ b/openssl/include/openssl/des_old.h @@ -443,4 +443,3 @@ void _ossl_096_des_random_seed(des_cblock *key); #include #endif - \ No newline at end of file diff --git a/openssl/include/openssl/dh.h b/openssl/include/openssl/dh.h index 6e8e39f869..ccdf35ae1c 100644 --- a/openssl/include/openssl/dh.h +++ b/openssl/include/openssl/dh.h @@ -73,6 +73,10 @@ #include #endif +#ifndef OPENSSL_DH_MAX_MODULUS_BITS +# define OPENSSL_DH_MAX_MODULUS_BITS 10000 +#endif + #define DH_FLAG_CACHE_MONT_P 0x01 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH * implementation now uses constant time @@ -220,11 +224,11 @@ void ERR_load_DH_strings(void); /* Reason codes. */ #define DH_R_BAD_GENERATOR 101 -#define DH_R_NO_PRIVATE_VALUE 100 #define DH_R_INVALID_PUBKEY 102 +#define DH_R_MODULUS_TOO_LARGE 103 +#define DH_R_NO_PRIVATE_VALUE 100 #ifdef __cplusplus } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/dsa.h b/openssl/include/openssl/dsa.h index 5a0d7f51ad..3a8fe5b56b 100644 --- a/openssl/include/openssl/dsa.h +++ b/openssl/include/openssl/dsa.h @@ -84,6 +84,10 @@ #endif #endif +#ifndef OPENSSL_DSA_MAX_MODULUS_BITS +# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 +#endif + #define DSA_FLAG_CACHE_MONT_P 0x01 #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA * implementation now uses constant time @@ -270,11 +274,12 @@ void ERR_load_DSA_strings(void); #define DSA_F_SIG_CB 114 /* Reason codes. */ +#define DSA_R_BAD_Q_VALUE 102 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 #define DSA_R_MISSING_PARAMETERS 101 +#define DSA_R_MODULUS_TOO_LARGE 103 #ifdef __cplusplus } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/dso.h b/openssl/include/openssl/dso.h index 1aa7fcbe70..3e51913a72 100644 --- a/openssl/include/openssl/dso.h +++ b/openssl/include/openssl/dso.h @@ -125,7 +125,7 @@ typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); * file specifications and added together in whatever fashion that is * sensible for the DSO method in question. The only rule that really * applies is that if the two specification contain pieces of the same - * type, the copy from the string string takes priority. One could see + * type, the copy from the first string takes priority. One could see * it as the first specification is the one given by the user and the * second being a bunch of defaults to add on if they're missing in the * first. */ @@ -366,4 +366,3 @@ void ERR_load_DSO_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/dtls1.h b/openssl/include/openssl/dtls1.h index 2123465308..b377cc5f6b 100644 --- a/openssl/include/openssl/dtls1.h +++ b/openssl/include/openssl/dtls1.h @@ -210,4 +210,3 @@ typedef struct dtls1_record_data_st #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/e_os2.h b/openssl/include/openssl/e_os2.h index 5c411226b0..9da0b65448 100644 --- a/openssl/include/openssl/e_os2.h +++ b/openssl/include/openssl/e_os2.h @@ -84,6 +84,13 @@ extern "C" { /* ---------------------- Microsoft operating systems ---------------------- */ +/* Note that MSDOS actually denotes 32-bit environments running on top of + MS-DOS, such as DJGPP one. */ +#if defined(OPENSSL_SYSNAME_MSDOS) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_MSDOS +#endif + /* For 32 bit environment, there seems to be the CygWin environment and then all the others that try to do the same thing Microsoft does... */ #if defined(OPENSSL_SYSNAME_UWIN) @@ -270,4 +277,3 @@ extern "C" { } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/ebcdic.h b/openssl/include/openssl/ebcdic.h index 92a3ae9d4e..6d65afcf9e 100644 --- a/openssl/include/openssl/ebcdic.h +++ b/openssl/include/openssl/ebcdic.h @@ -17,4 +17,3 @@ void *ebcdic2ascii(void *dest, const void *srce, size_t count); void *ascii2ebcdic(void *dest, const void *srce, size_t count); #endif - \ No newline at end of file diff --git a/openssl/include/openssl/ec.h b/openssl/include/openssl/ec.h index 693e5d3bcb..3c96fbd0d8 100644 --- a/openssl/include/openssl/ec.h +++ b/openssl/include/openssl/ec.h @@ -93,6 +93,10 @@ extern "C" { #endif +#ifndef OPENSSL_ECC_MAX_FIELD_BITS +# define OPENSSL_ECC_MAX_FIELD_BITS 661 +#endif + typedef enum { /* values as defined in X9.62 (ECDSA) and elsewhere */ POINT_CONVERSION_COMPRESSED = 2, @@ -385,6 +389,7 @@ void ERR_load_EC_strings(void); #define EC_F_EC_ASN1_GROUP2PKPARAMETERS 156 #define EC_F_EC_ASN1_PARAMETERS2GROUP 157 #define EC_F_EC_ASN1_PKPARAMETERS2GROUP 158 +#define EC_F_EC_EX_DATA_SET_DATA 211 #define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 #define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 #define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 @@ -428,7 +433,6 @@ void ERR_load_EC_strings(void); #define EC_F_EC_GROUP_GET_ORDER 141 #define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 #define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 -#define EC_F_EC_GROUP_GROUP2NID 147 #define EC_F_EC_GROUP_NEW 108 #define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 #define EC_F_EC_GROUP_NEW_FROM_DATA 175 @@ -482,6 +486,7 @@ void ERR_load_EC_strings(void); #define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 #define EC_R_DISCRIMINANT_IS_ZERO 118 #define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +#define EC_R_FIELD_TOO_LARGE 138 #define EC_R_GROUP2PKPARAMETERS_FAILURE 120 #define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 #define EC_R_INCOMPATIBLE_OBJECTS 101 @@ -492,7 +497,9 @@ void ERR_load_EC_strings(void); #define EC_R_INVALID_FIELD 103 #define EC_R_INVALID_FORM 104 #define EC_R_INVALID_GROUP_ORDER 122 +#define EC_R_INVALID_PENTANOMIAL_BASIS 132 #define EC_R_INVALID_PRIVATE_KEY 123 +#define EC_R_INVALID_TRINOMIAL_BASIS 137 #define EC_R_MISSING_PARAMETERS 124 #define EC_R_MISSING_PRIVATE_KEY 125 #define EC_R_NOT_A_NIST_PRIME 135 @@ -516,4 +523,3 @@ void ERR_load_EC_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/ecdh.h b/openssl/include/openssl/ecdh.h index e1c9866c26..b4b58ee65b 100644 --- a/openssl/include/openssl/ecdh.h +++ b/openssl/include/openssl/ecdh.h @@ -121,4 +121,3 @@ void ERR_load_ECDH_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/ecdsa.h b/openssl/include/openssl/ecdsa.h index 857f26b06d..f20c8ee738 100644 --- a/openssl/include/openssl/ecdsa.h +++ b/openssl/include/openssl/ecdsa.h @@ -261,6 +261,7 @@ void ERR_load_ECDSA_strings(void); #define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 101 #define ECDSA_R_ERR_EC_LIB 102 #define ECDSA_R_MISSING_PARAMETERS 103 +#define ECDSA_R_NEED_NEW_SETUP_VALUES 106 #define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104 #define ECDSA_R_SIGNATURE_MALLOC_FAILED 105 @@ -268,4 +269,3 @@ void ERR_load_ECDSA_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/engine.h b/openssl/include/openssl/engine.h index ca317b6d05..3ec59338ff 100644 --- a/openssl/include/openssl/engine.h +++ b/openssl/include/openssl/engine.h @@ -637,7 +637,7 @@ typedef struct st_dynamic_fns { * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */ typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); #define IMPLEMENT_DYNAMIC_CHECK_FN() \ - unsigned long v_check(unsigned long v) { \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ return 0; } @@ -659,6 +659,7 @@ typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, const dynamic_fns *fns); #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ + OPENSSL_EXPORT \ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ @@ -782,4 +783,3 @@ void ERR_load_ENGINE_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/err.h b/openssl/include/openssl/err.h index 143220c01a..b723cd977a 100644 --- a/openssl/include/openssl/err.h +++ b/openssl/include/openssl/err.h @@ -316,4 +316,3 @@ int ERR_set_implementation(const ERR_FNS *fns); #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/evp.h b/openssl/include/openssl/evp.h index 704e6fc79b..636f426c69 100644 --- a/openssl/include/openssl/evp.h +++ b/openssl/include/openssl/evp.h @@ -429,36 +429,36 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) -#define EVP_MD_type(e) ((e)->type) +int EVP_MD_type(const EVP_MD *md); #define EVP_MD_nid(e) EVP_MD_type(e) #define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) -#define EVP_MD_pkey_type(e) ((e)->pkey_type) -#define EVP_MD_size(e) ((e)->md_size) -#define EVP_MD_block_size(e) ((e)->block_size) +int EVP_MD_pkey_type(const EVP_MD *md); +int EVP_MD_size(const EVP_MD *md); +int EVP_MD_block_size(const EVP_MD *md); -#define EVP_MD_CTX_md(e) ((e)->digest) -#define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest) -#define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) -#define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) +const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +#define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) +#define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) +#define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) -#define EVP_CIPHER_nid(e) ((e)->nid) +int EVP_CIPHER_nid(const EVP_CIPHER *cipher); #define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) -#define EVP_CIPHER_block_size(e) ((e)->block_size) -#define EVP_CIPHER_key_length(e) ((e)->key_len) -#define EVP_CIPHER_iv_length(e) ((e)->iv_len) -#define EVP_CIPHER_flags(e) ((e)->flags) -#define EVP_CIPHER_mode(e) (((e)->flags) & EVP_CIPH_MODE) +int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); +int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); +unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); +#define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) -#define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) -#define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) -#define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) -#define EVP_CIPHER_CTX_key_length(e) ((e)->key_len) -#define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) -#define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) -#define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) +const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) -#define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) -#define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE) +unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); +#define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) #define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) #define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) @@ -479,10 +479,14 @@ void BIO_set_md(BIO *,const EVP_MD *md); #endif #define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) #define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) +#define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp) #define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) #define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) -#define EVP_Cipher(c,o,i,l) (c)->cipher->do_cipher((c),(o),(i),(l)) +int EVP_Cipher(EVP_CIPHER_CTX *c, + unsigned char *out, + const unsigned char *in, + unsigned int inl); #define EVP_add_cipher_alias(n,alias) \ OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) @@ -498,9 +502,9 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); EVP_MD_CTX *EVP_MD_CTX_create(void); void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); -#define EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) -#define EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) -#define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) +void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags); int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, size_t cnt); @@ -580,6 +584,8 @@ int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a); int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); @@ -736,6 +742,29 @@ const EVP_CIPHER *EVP_aes_256_ofb(void); const EVP_CIPHER *EVP_aes_256_ctr(void); #endif #endif +#ifndef OPENSSL_NO_CAMELLIA +const EVP_CIPHER *EVP_camellia_128_ecb(void); +const EVP_CIPHER *EVP_camellia_128_cbc(void); +const EVP_CIPHER *EVP_camellia_128_cfb1(void); +const EVP_CIPHER *EVP_camellia_128_cfb8(void); +const EVP_CIPHER *EVP_camellia_128_cfb128(void); +# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 +const EVP_CIPHER *EVP_camellia_128_ofb(void); +const EVP_CIPHER *EVP_camellia_192_ecb(void); +const EVP_CIPHER *EVP_camellia_192_cbc(void); +const EVP_CIPHER *EVP_camellia_192_cfb1(void); +const EVP_CIPHER *EVP_camellia_192_cfb8(void); +const EVP_CIPHER *EVP_camellia_192_cfb128(void); +# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 +const EVP_CIPHER *EVP_camellia_192_ofb(void); +const EVP_CIPHER *EVP_camellia_256_ecb(void); +const EVP_CIPHER *EVP_camellia_256_cbc(void); +const EVP_CIPHER *EVP_camellia_256_cfb1(void); +const EVP_CIPHER *EVP_camellia_256_cfb8(void); +const EVP_CIPHER *EVP_camellia_256_cfb128(void); +# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 +const EVP_CIPHER *EVP_camellia_256_ofb(void); +#endif void OPENSSL_add_all_algorithms_noconf(void); void OPENSSL_add_all_algorithms_conf(void); @@ -852,6 +881,7 @@ void ERR_load_EVP_strings(void); /* Function codes. */ #define EVP_F_AES_INIT_KEY 133 +#define EVP_F_CAMELLIA_INIT_KEY 159 #define EVP_F_D2I_PKEY 100 #define EVP_F_DSAPKEY2PKCS8 134 #define EVP_F_DSA_PKEY2PKCS8 135 @@ -895,6 +925,7 @@ void ERR_load_EVP_strings(void); #define EVP_R_BAD_KEY_LENGTH 137 #define EVP_R_BN_DECODE_ERROR 112 #define EVP_R_BN_PUBKEY_ERROR 113 +#define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 #define EVP_R_CIPHER_PARAMETER_ERROR 122 #define EVP_R_CTRL_NOT_IMPLEMENTED 132 #define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 @@ -937,4 +968,3 @@ void ERR_load_EVP_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/hmac.h b/openssl/include/openssl/hmac.h index 833530f753..719fc408ac 100644 --- a/openssl/include/openssl/hmac.h +++ b/openssl/include/openssl/hmac.h @@ -106,4 +106,3 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/idea.h b/openssl/include/openssl/idea.h index 202dc9125f..bf97a37e39 100644 --- a/openssl/include/openssl/idea.h +++ b/openssl/include/openssl/idea.h @@ -84,7 +84,7 @@ const char *idea_options(void); void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, IDEA_KEY_SCHEDULE *ks); void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); -void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); +void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc); void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, @@ -98,4 +98,3 @@ void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/krb5_asn.h b/openssl/include/openssl/krb5_asn.h index 6409d03ddc..41725d0dc4 100644 --- a/openssl/include/openssl/krb5_asn.h +++ b/openssl/include/openssl/krb5_asn.h @@ -254,4 +254,3 @@ DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT) #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/kssl.h b/openssl/include/openssl/kssl.h index 5ccf32d156..a3d20e1ccb 100644 --- a/openssl/include/openssl/kssl.h +++ b/openssl/include/openssl/kssl.h @@ -177,4 +177,3 @@ unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); #endif #endif /* OPENSSL_NO_KRB5 */ #endif /* KSSL_H */ - \ No newline at end of file diff --git a/openssl/include/openssl/lhash.h b/openssl/include/openssl/lhash.h index 203690c363..d392d0cd80 100644 --- a/openssl/include/openssl/lhash.h +++ b/openssl/include/openssl/lhash.h @@ -198,4 +198,3 @@ void lh_node_usage_stats_bio(const LHASH *lh, BIO *out); #endif - \ No newline at end of file diff --git a/openssl/include/openssl/md2.h b/openssl/include/openssl/md2.h index 1c14bdb88b..a46120e7d4 100644 --- a/openssl/include/openssl/md2.h +++ b/openssl/include/openssl/md2.h @@ -63,6 +63,7 @@ #ifdef OPENSSL_NO_MD2 #error MD2 is disabled. #endif +#include #define MD2_DIGEST_LENGTH 16 #define MD2_BLOCK 16 @@ -89,4 +90,3 @@ unsigned char *MD2(const unsigned char *d, size_t n,unsigned char *md); #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/md4.h b/openssl/include/openssl/md4.h index 8e459c48d9..5598c93a4f 100644 --- a/openssl/include/openssl/md4.h +++ b/openssl/include/openssl/md4.h @@ -60,6 +60,7 @@ #define HEADER_MD4_H #include +#include #ifdef __cplusplus extern "C" { @@ -114,4 +115,3 @@ void MD4_Transform(MD4_CTX *c, const unsigned char *b); #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/md5.h b/openssl/include/openssl/md5.h index 978095558e..dbdc0e1abc 100644 --- a/openssl/include/openssl/md5.h +++ b/openssl/include/openssl/md5.h @@ -60,6 +60,7 @@ #define HEADER_MD5_H #include +#include #ifdef __cplusplus extern "C" { @@ -114,4 +115,3 @@ void MD5_Transform(MD5_CTX *c, const unsigned char *b); #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/obj_mac.h b/openssl/include/openssl/obj_mac.h index 79d58a39a3..f447bbe69a 100644 --- a/openssl/include/openssl/obj_mac.h +++ b/openssl/include/openssl/obj_mac.h @@ -2044,6 +2044,11 @@ #define NID_id_ce 81 #define OBJ_id_ce OBJ_X500,29L +#define SN_subject_directory_attributes "subjectDirectoryAttributes" +#define LN_subject_directory_attributes "X509v3 Subject Directory Attributes" +#define NID_subject_directory_attributes 769 +#define OBJ_subject_directory_attributes OBJ_id_ce,9L + #define SN_subject_key_identifier "subjectKeyIdentifier" #define LN_subject_key_identifier "X509v3 Subject Key Identifier" #define NID_subject_key_identifier 82 @@ -2094,6 +2099,16 @@ #define NID_delta_crl 140 #define OBJ_delta_crl OBJ_id_ce,27L +#define SN_issuing_distribution_point "issuingDistributionPoint" +#define LN_issuing_distribution_point "X509v3 Issuing Distrubution Point" +#define NID_issuing_distribution_point 770 +#define OBJ_issuing_distribution_point OBJ_id_ce,28L + +#define SN_certificate_issuer "certificateIssuer" +#define LN_certificate_issuer "X509v3 Certificate Issuer" +#define NID_certificate_issuer 771 +#define OBJ_certificate_issuer OBJ_id_ce,29L + #define SN_name_constraints "nameConstraints" #define LN_name_constraints "X509v3 Name Constraints" #define NID_name_constraints 666 @@ -3303,4 +3318,91 @@ #define LN_ipsec4 "ipsec4" #define NID_ipsec4 750 - \ No newline at end of file +#define SN_camellia_128_cbc "CAMELLIA-128-CBC" +#define LN_camellia_128_cbc "camellia-128-cbc" +#define NID_camellia_128_cbc 751 +#define OBJ_camellia_128_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,2L + +#define SN_camellia_192_cbc "CAMELLIA-192-CBC" +#define LN_camellia_192_cbc "camellia-192-cbc" +#define NID_camellia_192_cbc 752 +#define OBJ_camellia_192_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,3L + +#define SN_camellia_256_cbc "CAMELLIA-256-CBC" +#define LN_camellia_256_cbc "camellia-256-cbc" +#define NID_camellia_256_cbc 753 +#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L + +#define OBJ_ntt_ds 0L,3L,4401L,5L + +#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L + +#define SN_camellia_128_ecb "CAMELLIA-128-ECB" +#define LN_camellia_128_ecb "camellia-128-ecb" +#define NID_camellia_128_ecb 754 +#define OBJ_camellia_128_ecb OBJ_camellia,1L + +#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB" +#define LN_camellia_128_ofb128 "camellia-128-ofb" +#define NID_camellia_128_ofb128 766 +#define OBJ_camellia_128_ofb128 OBJ_camellia,3L + +#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB" +#define LN_camellia_128_cfb128 "camellia-128-cfb" +#define NID_camellia_128_cfb128 757 +#define OBJ_camellia_128_cfb128 OBJ_camellia,4L + +#define SN_camellia_192_ecb "CAMELLIA-192-ECB" +#define LN_camellia_192_ecb "camellia-192-ecb" +#define NID_camellia_192_ecb 755 +#define OBJ_camellia_192_ecb OBJ_camellia,21L + +#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB" +#define LN_camellia_192_ofb128 "camellia-192-ofb" +#define NID_camellia_192_ofb128 767 +#define OBJ_camellia_192_ofb128 OBJ_camellia,23L + +#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB" +#define LN_camellia_192_cfb128 "camellia-192-cfb" +#define NID_camellia_192_cfb128 758 +#define OBJ_camellia_192_cfb128 OBJ_camellia,24L + +#define SN_camellia_256_ecb "CAMELLIA-256-ECB" +#define LN_camellia_256_ecb "camellia-256-ecb" +#define NID_camellia_256_ecb 756 +#define OBJ_camellia_256_ecb OBJ_camellia,41L + +#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB" +#define LN_camellia_256_ofb128 "camellia-256-ofb" +#define NID_camellia_256_ofb128 768 +#define OBJ_camellia_256_ofb128 OBJ_camellia,43L + +#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB" +#define LN_camellia_256_cfb128 "camellia-256-cfb" +#define NID_camellia_256_cfb128 759 +#define OBJ_camellia_256_cfb128 OBJ_camellia,44L + +#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" +#define LN_camellia_128_cfb1 "camellia-128-cfb1" +#define NID_camellia_128_cfb1 760 + +#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1" +#define LN_camellia_192_cfb1 "camellia-192-cfb1" +#define NID_camellia_192_cfb1 761 + +#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1" +#define LN_camellia_256_cfb1 "camellia-256-cfb1" +#define NID_camellia_256_cfb1 762 + +#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8" +#define LN_camellia_128_cfb8 "camellia-128-cfb8" +#define NID_camellia_128_cfb8 763 + +#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8" +#define LN_camellia_192_cfb8 "camellia-192-cfb8" +#define NID_camellia_192_cfb8 764 + +#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8" +#define LN_camellia_256_cfb8 "camellia-256-cfb8" +#define NID_camellia_256_cfb8 765 + diff --git a/openssl/include/openssl/objects.h b/openssl/include/openssl/objects.h index 83cf00adda..7242f76fb0 100644 --- a/openssl/include/openssl/objects.h +++ b/openssl/include/openssl/objects.h @@ -1047,4 +1047,3 @@ void ERR_load_OBJ_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/ocsp.h b/openssl/include/openssl/ocsp.h index 54020b7159..53f3364af0 100644 --- a/openssl/include/openssl/ocsp.h +++ b/openssl/include/openssl/ocsp.h @@ -612,4 +612,3 @@ void ERR_load_OCSP_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/opensslconf.h b/openssl/include/openssl/opensslconf.h index f42d44f404..b4609d9755 100644 --- a/openssl/include/openssl/opensslconf.h +++ b/openssl/include/openssl/opensslconf.h @@ -7,6 +7,9 @@ #endif #ifndef OPENSSL_DOING_MAKEDEPEND +#ifndef OPENSSL_NO_CAMELLIA +# define OPENSSL_NO_CAMELLIA +#endif #ifndef OPENSSL_NO_GMP # define OPENSSL_NO_GMP #endif @@ -19,20 +22,23 @@ #ifndef OPENSSL_NO_RC5 # define OPENSSL_NO_RC5 #endif +#ifndef OPENSSL_NO_RFC3779 +# define OPENSSL_NO_RFC3779 +#endif #endif /* OPENSSL_DOING_MAKEDEPEND */ #ifndef OPENSSL_THREADS # define OPENSSL_THREADS #endif -#ifndef OPENSSL_NO_DYNAMIC_ENGINE -# define OPENSSL_NO_DYNAMIC_ENGINE -#endif /* The OPENSSL_NO_* macros are also defined as NO_* if the application asks for it. This is a transient feature that is provided for those who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) +# define NO_CAMELLIA +# endif # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) # define NO_GMP # endif @@ -45,6 +51,9 @@ # if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) # define NO_RC5 # endif +# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) +# define NO_RFC3779 +# endif #endif /* crypto/opensslconf.h.in */ @@ -54,8 +63,8 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) -#define ENGINESDIR "/usr/local/ssl/lib/engines" -#define OPENSSLDIR "/usr/local/ssl" +#define ENGINESDIR "c:/Src/BOINC/SDKs/openssl-0.9.8e/lib/engines" +#define OPENSSLDIR "c:/Src/BOINC/SDKs/openssl-0.9.8e/ssl" #endif #endif @@ -207,4 +216,3 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* DES_DEFAULT_OPTIONS */ #endif /* HEADER_DES_LOCL_H */ - \ No newline at end of file diff --git a/openssl/include/openssl/opensslv.h b/openssl/include/openssl/opensslv.h index 8436988c79..8a5b34e4f0 100644 --- a/openssl/include/openssl/opensslv.h +++ b/openssl/include/openssl/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090801fL +#define OPENSSL_VERSION_NUMBER 0x0090805fL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8a-fips 11 Oct 2005" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8e-fips 23 Feb 2007" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8a 11 Oct 2005" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8e 23 Feb 2007" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT @@ -87,4 +87,3 @@ #endif /* HEADER_OPENSSLV_H */ - \ No newline at end of file diff --git a/openssl/include/openssl/ossl_typ.h b/openssl/include/openssl/ossl_typ.h index 7d94ee3612..9c335a1819 100644 --- a/openssl/include/openssl/ossl_typ.h +++ b/openssl/include/openssl/ossl_typ.h @@ -172,4 +172,3 @@ typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d int idx, long argl, void *argp); #endif /* def HEADER_OPENSSL_TYPES_H */ - \ No newline at end of file diff --git a/openssl/include/openssl/pem.h b/openssl/include/openssl/pem.h index 2348b20b57..c28706ddc0 100644 --- a/openssl/include/openssl/pem.h +++ b/openssl/include/openssl/pem.h @@ -221,7 +221,7 @@ typedef struct pem_ctx_st type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ { \ return(((type *(*)(D2I_OF(type),char *,FILE *,type **,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_read))(d2i_##asn1, str,fp,x,cb,u)); \ -} \ +} #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ int PEM_write_##name(FILE *fp, type *x) \ @@ -735,4 +735,3 @@ void ERR_load_PEM_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/pem2.h b/openssl/include/openssl/pem2.h index 5bd2be4f48..f31790d69c 100644 --- a/openssl/include/openssl/pem2.h +++ b/openssl/include/openssl/pem2.h @@ -68,4 +68,3 @@ void ERR_load_PEM_strings(void); #ifdef __cplusplus } #endif - \ No newline at end of file diff --git a/openssl/include/openssl/pkcs12.h b/openssl/include/openssl/pkcs12.h index 58c543c83b..a2d7e359a0 100644 --- a/openssl/include/openssl/pkcs12.h +++ b/openssl/include/openssl/pkcs12.h @@ -331,4 +331,3 @@ void ERR_load_PKCS12_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/pkcs7.h b/openssl/include/openssl/pkcs7.h index 9a4a0fee38..cc092d262d 100644 --- a/openssl/include/openssl/pkcs7.h +++ b/openssl/include/openssl/pkcs7.h @@ -462,4 +462,3 @@ void ERR_load_PKCS7_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/pq_compat.h b/openssl/include/openssl/pq_compat.h index 6e7dd46e00..28c58a0261 100644 --- a/openssl/include/openssl/pq_compat.h +++ b/openssl/include/openssl/pq_compat.h @@ -145,4 +145,3 @@ *(x) |= mask; \ } while(0) #endif /* OPENSSL_SYS_VMS */ - \ No newline at end of file diff --git a/openssl/include/openssl/pqueue.h b/openssl/include/openssl/pqueue.h index 7359aa3a79..02386d130e 100644 --- a/openssl/include/openssl/pqueue.h +++ b/openssl/include/openssl/pqueue.h @@ -93,4 +93,3 @@ pitem *pqueue_next(piterator *iter); void pqueue_print(pqueue pq); #endif /* ! HEADER_PQUEUE_H */ - \ No newline at end of file diff --git a/openssl/include/openssl/rand.h b/openssl/include/openssl/rand.h index 3f7f6951fc..ac6c021763 100644 --- a/openssl/include/openssl/rand.h +++ b/openssl/include/openssl/rand.h @@ -138,4 +138,3 @@ void ERR_load_RAND_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/rc2.h b/openssl/include/openssl/rc2.h index ea3ce8c04f..34c8362317 100644 --- a/openssl/include/openssl/rc2.h +++ b/openssl/include/openssl/rc2.h @@ -99,4 +99,3 @@ void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/rc4.h b/openssl/include/openssl/rc4.h index 2547594da6..7aec04fe93 100644 --- a/openssl/include/openssl/rc4.h +++ b/openssl/include/openssl/rc4.h @@ -85,4 +85,3 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/ripemd.h b/openssl/include/openssl/ripemd.h index 906ef8d7ce..033a5965b5 100644 --- a/openssl/include/openssl/ripemd.h +++ b/openssl/include/openssl/ripemd.h @@ -60,6 +60,7 @@ #define HEADER_RIPEMD_H #include +#include #ifdef __cplusplus extern "C" { @@ -101,4 +102,3 @@ void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b); #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/rsa.h b/openssl/include/openssl/rsa.h index b832ede48f..b19c556930 100644 --- a/openssl/include/openssl/rsa.h +++ b/openssl/include/openssl/rsa.h @@ -159,6 +159,17 @@ struct rsa_st BN_BLINDING *mt_blinding; }; +#ifndef OPENSSL_RSA_MAX_MODULUS_BITS +# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 +#endif + +#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS +# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 +#endif +#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS +# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */ +#endif + #define RSA_3 0x3L #define RSA_F4 0x10001L @@ -407,24 +418,24 @@ void ERR_load_RSA_strings(void); #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 #define RSA_R_KEY_SIZE_TOO_SMALL 120 #define RSA_R_LAST_OCTET_INVALID 134 +#define RSA_R_MODULUS_TOO_LARGE 105 #define RSA_R_NO_PUBLIC_EXPONENT 140 #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 #define RSA_R_OAEP_DECODING_ERROR 121 -#define RSA_R_SLEN_RECOVERY_FAILED 135 #define RSA_R_PADDING_CHECK_FAILED 114 #define RSA_R_P_NOT_PRIME 128 #define RSA_R_Q_NOT_PRIME 129 #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 +#define RSA_R_SLEN_CHECK_FAILED 136 +#define RSA_R_SLEN_RECOVERY_FAILED 135 #define RSA_R_SSLV3_ROLLBACK_ATTACK 115 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 #define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 #define RSA_R_UNKNOWN_PADDING_TYPE 118 #define RSA_R_WRONG_SIGNATURE_LENGTH 119 -#define RSA_R_SLEN_CHECK_FAILED 136 #ifdef __cplusplus } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/safestack.h b/openssl/include/openssl/safestack.h index ba2c4b36a6..d496f365c2 100644 --- a/openssl/include/openssl/safestack.h +++ b/openssl/include/openssl/safestack.h @@ -234,6 +234,28 @@ STACK_OF(type) \ #define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) #define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st)) +#define sk_ASIdOrRange_new(st) SKM_sk_new(ASIdOrRange, (st)) +#define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange) +#define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st)) +#define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st)) +#define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i)) +#define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val)) +#define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st)) +#define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val)) +#define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val)) +#define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val)) +#define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val)) +#define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i)) +#define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr)) +#define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i)) +#define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp)) +#define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st) +#define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func)) +#define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st)) +#define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st)) +#define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st)) +#define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st)) + #define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st)) #define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) #define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st)) @@ -608,6 +630,50 @@ STACK_OF(type) \ #define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) #define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st)) +#define sk_IPAddressFamily_new(st) SKM_sk_new(IPAddressFamily, (st)) +#define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily) +#define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st)) +#define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st)) +#define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i)) +#define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val)) +#define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st)) +#define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val)) +#define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val)) +#define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val)) +#define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val)) +#define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i)) +#define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr)) +#define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i)) +#define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp)) +#define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st) +#define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func)) +#define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st)) +#define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st)) +#define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st)) +#define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st)) + +#define sk_IPAddressOrRange_new(st) SKM_sk_new(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange) +#define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i)) +#define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val)) +#define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val)) +#define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val)) +#define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val)) +#define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val)) +#define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i)) +#define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr)) +#define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i)) +#define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp)) +#define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st) +#define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func)) +#define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st)) + #define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st)) #define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) #define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) @@ -1782,4 +1848,3 @@ STACK_OF(type) \ /* End of util/mkstack.pl block, you may now edit :-) */ #endif /* !defined HEADER_SAFESTACK_H */ - \ No newline at end of file diff --git a/openssl/include/openssl/sha.h b/openssl/include/openssl/sha.h index 39cb403dd9..eed44d7f94 100644 --- a/openssl/include/openssl/sha.h +++ b/openssl/include/openssl/sha.h @@ -60,6 +60,7 @@ #define HEADER_SHA_H #include +#include #ifdef __cplusplus extern "C" { @@ -197,4 +198,3 @@ void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/ssl.h b/openssl/include/openssl/ssl.h index 7644c4ecfd..2e067e7a78 100644 --- a/openssl/include/openssl/ssl.h +++ b/openssl/include/openssl/ssl.h @@ -109,7 +109,7 @@ * */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -282,6 +282,7 @@ extern "C" { #define SSL_TXT_RC2 "RC2" #define SSL_TXT_IDEA "IDEA" #define SSL_TXT_AES "AES" +#define SSL_TXT_CAMELLIA "CAMELLIA" #define SSL_TXT_MD5 "MD5" #define SSL_TXT_SHA1 "SHA1" #define SSL_TXT_SHA "SHA" @@ -315,7 +316,11 @@ extern "C" { /* The following cipher list is used by default. * It also is substituted when an application-defined cipher list string * starts with 'DEFAULT'. */ -#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ +#ifdef OPENSSL_NO_CAMELLIA +# define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ +#else +# define SSL_DEFAULT_CIPHER_LIST "AES:CAMELLIA:ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ +#endif /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ #define SSL_SENT_SHUTDOWN 1 @@ -786,18 +791,18 @@ struct ssl_ctx_st #define SSL_CTX_sess_cache_full(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) -#define SSL_CTX_sess_set_new_cb(ctx,cb) ((ctx)->new_session_cb=(cb)) -#define SSL_CTX_sess_get_new_cb(ctx) ((ctx)->new_session_cb) -#define SSL_CTX_sess_set_remove_cb(ctx,cb) ((ctx)->remove_session_cb=(cb)) -#define SSL_CTX_sess_get_remove_cb(ctx) ((ctx)->remove_session_cb) -#define SSL_CTX_sess_set_get_cb(ctx,cb) ((ctx)->get_session_cb=(cb)) -#define SSL_CTX_sess_get_get_cb(ctx) ((ctx)->get_session_cb) -#define SSL_CTX_set_info_callback(ctx,cb) ((ctx)->info_callback=(cb)) -#define SSL_CTX_get_info_callback(ctx) ((ctx)->info_callback) -#define SSL_CTX_set_client_cert_cb(ctx,cb) ((ctx)->client_cert_cb=(cb)) -#define SSL_CTX_get_client_cert_cb(ctx) ((ctx)->client_cert_cb) -#define SSL_CTX_set_cookie_generate_cb(ctx,cb) ((ctx)->app_gen_cookie_cb=(cb)) -#define SSL_CTX_set_cookie_verify_cb(ctx,cb) ((ctx)->app_verify_cookie_cb=(cb)) +void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess)); +int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); +void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess)); +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess); +void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy)); +SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy); +void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val)); +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val); +void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); +int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); +void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); +void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); #define SSL_NOTHING 1 #define SSL_WRITING 2 @@ -1543,35 +1548,35 @@ void ERR_load_SSL_strings(void); /* Function codes. */ #define SSL_F_CLIENT_CERTIFICATE 100 -#define SSL_F_CLIENT_FINISHED 238 +#define SSL_F_CLIENT_FINISHED 167 #define SSL_F_CLIENT_HELLO 101 #define SSL_F_CLIENT_MASTER_KEY 102 #define SSL_F_D2I_SSL_SESSION 103 -#define SSL_F_DO_DTLS1_WRITE 1003 +#define SSL_F_DO_DTLS1_WRITE 245 #define SSL_F_DO_SSL3_WRITE 104 -#define SSL_F_DTLS1_ACCEPT 1004 -#define SSL_F_DTLS1_BUFFER_RECORD 1005 -#define SSL_F_DTLS1_CLIENT_HELLO 1006 -#define SSL_F_DTLS1_CONNECT 1007 -#define SSL_F_DTLS1_ENC 1008 -#define SSL_F_DTLS1_GET_HELLO_VERIFY 1009 -#define SSL_F_DTLS1_GET_MESSAGE 1010 -#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 1011 -#define SSL_F_DTLS1_GET_RECORD 1012 -#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 1013 -#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 1014 -#define SSL_F_DTLS1_PROCESS_RECORD 1015 -#define SSL_F_DTLS1_READ_BYTES 1016 -#define SSL_F_DTLS1_READ_FAILED 1001 -#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 1017 -#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 1018 -#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 1019 -#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 1020 -#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 1002 -#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 1021 -#define SSL_F_DTLS1_SEND_SERVER_HELLO 1022 -#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 1023 -#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 1024 +#define SSL_F_DTLS1_ACCEPT 246 +#define SSL_F_DTLS1_BUFFER_RECORD 247 +#define SSL_F_DTLS1_CLIENT_HELLO 248 +#define SSL_F_DTLS1_CONNECT 249 +#define SSL_F_DTLS1_ENC 250 +#define SSL_F_DTLS1_GET_HELLO_VERIFY 251 +#define SSL_F_DTLS1_GET_MESSAGE 252 +#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 +#define SSL_F_DTLS1_GET_RECORD 254 +#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 +#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 +#define SSL_F_DTLS1_PROCESS_RECORD 257 +#define SSL_F_DTLS1_READ_BYTES 258 +#define SSL_F_DTLS1_READ_FAILED 259 +#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 +#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 +#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 +#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 +#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 +#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 +#define SSL_F_DTLS1_SEND_SERVER_HELLO 266 +#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 +#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 #define SSL_F_GET_CLIENT_FINISHED 105 #define SSL_F_GET_CLIENT_HELLO 106 #define SSL_F_GET_CLIENT_MASTER_KEY 107 @@ -1655,7 +1660,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_CTRL 232 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 #define SSL_F_SSL_CTX_NEW 169 -#define SSL_F_SSL_CTX_SET_CIPHER_LIST 1026 +#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 #define SSL_F_SSL_CTX_SET_PURPOSE 226 #define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 #define SSL_F_SSL_CTX_SET_SSL_VERSION 170 @@ -1678,7 +1683,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_INIT_WBIO_BUFFER 184 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 #define SSL_F_SSL_NEW 186 -#define SSL_F_SSL_PEEK 1025 +#define SSL_F_SSL_PEEK 270 #define SSL_F_SSL_READ 223 #define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 @@ -1686,7 +1691,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_SESSION_PRINT_FP 190 #define SSL_F_SSL_SESS_CERT_NEW 225 #define SSL_F_SSL_SET_CERT 191 -#define SSL_F_SSL_SET_CIPHER_LIST 1027 +#define SSL_F_SSL_SET_CIPHER_LIST 271 #define SSL_F_SSL_SET_FD 192 #define SSL_F_SSL_SET_PKEY 193 #define SSL_F_SSL_SET_PURPOSE 227 @@ -1729,9 +1734,9 @@ void ERR_load_SSL_strings(void); #define SSL_R_BAD_DH_P_LENGTH 110 #define SSL_R_BAD_DIGEST_LENGTH 111 #define SSL_R_BAD_DSA_SIGNATURE 112 -#define SSL_R_BAD_ECC_CERT 1117 -#define SSL_R_BAD_ECDSA_SIGNATURE 1112 -#define SSL_R_BAD_ECPOINT 1113 +#define SSL_R_BAD_ECC_CERT 304 +#define SSL_R_BAD_ECDSA_SIGNATURE 305 +#define SSL_R_BAD_ECPOINT 306 #define SSL_R_BAD_HELLO_REQUEST 105 #define SSL_R_BAD_LENGTH 271 #define SSL_R_BAD_MAC_DECODE 113 @@ -1763,50 +1768,49 @@ void ERR_load_SSL_strings(void); #define SSL_R_CIPHER_TABLE_SRC_ERROR 139 #define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 #define SSL_R_COMPRESSION_FAILURE 141 -#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 1120 +#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 #define SSL_R_COMPRESSION_LIBRARY_ERROR 142 #define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 #define SSL_R_CONNECTION_TYPE_NOT_SET 144 -#define SSL_R_COOKIE_MISMATCH 2002 +#define SSL_R_COOKIE_MISMATCH 308 #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 #define SSL_R_DATA_LENGTH_TOO_LONG 146 #define SSL_R_DECRYPTION_FAILED 147 -#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 1109 +#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 #define SSL_R_DIGEST_CHECK_FAILED 149 -#define SSL_R_DUPLICATE_COMPRESSION_ID 1121 -#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 1119 +#define SSL_R_DUPLICATE_COMPRESSION_ID 309 +#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 -#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 1092 +#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 #define SSL_R_EXTRA_DATA_IN_MESSAGE 153 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 #define SSL_R_HTTPS_PROXY_REQUEST 155 #define SSL_R_HTTP_REQUEST 156 -#define SSL_R_ILLEGAL_PADDING 1110 +#define SSL_R_ILLEGAL_PADDING 283 #define SSL_R_INVALID_CHALLENGE_LENGTH 158 #define SSL_R_INVALID_COMMAND 280 #define SSL_R_INVALID_PURPOSE 278 #define SSL_R_INVALID_TRUST 279 -#define SSL_R_KEY_ARG_TOO_LONG 1112 -#define SSL_R_KRB5 1104 -#define SSL_R_KRB5_C_CC_PRINC 1094 -#define SSL_R_KRB5_C_GET_CRED 1095 -#define SSL_R_KRB5_C_INIT 1096 -#define SSL_R_KRB5_C_MK_REQ 1097 -#define SSL_R_KRB5_S_BAD_TICKET 1098 -#define SSL_R_KRB5_S_INIT 1099 -#define SSL_R_KRB5_S_RD_REQ 1108 -#define SSL_R_KRB5_S_TKT_EXPIRED 1105 -#define SSL_R_KRB5_S_TKT_NYV 1106 -#define SSL_R_KRB5_S_TKT_SKEW 1107 +#define SSL_R_KEY_ARG_TOO_LONG 284 +#define SSL_R_KRB5 285 +#define SSL_R_KRB5_C_CC_PRINC 286 +#define SSL_R_KRB5_C_GET_CRED 287 +#define SSL_R_KRB5_C_INIT 288 +#define SSL_R_KRB5_C_MK_REQ 289 +#define SSL_R_KRB5_S_BAD_TICKET 290 +#define SSL_R_KRB5_S_INIT 291 +#define SSL_R_KRB5_S_RD_REQ 292 +#define SSL_R_KRB5_S_TKT_EXPIRED 293 +#define SSL_R_KRB5_S_TKT_NYV 294 +#define SSL_R_KRB5_S_TKT_SKEW 295 #define SSL_R_LENGTH_MISMATCH 159 #define SSL_R_LENGTH_TOO_SHORT 160 #define SSL_R_LIBRARY_BUG 274 #define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 -#define SSL_R_MASTER_KEY_TOO_LONG 1112 -#define SSL_R_MESSAGE_TOO_LONG 1111 +#define SSL_R_MESSAGE_TOO_LONG 296 #define SSL_R_MISSING_DH_DSA_CERT 162 #define SSL_R_MISSING_DH_KEY 163 #define SSL_R_MISSING_DH_RSA_CERT 164 @@ -1817,7 +1821,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 #define SSL_R_MISSING_RSA_SIGNING_CERT 170 #define SSL_R_MISSING_TMP_DH_KEY 171 -#define SSL_R_MISSING_TMP_ECDH_KEY 1114 +#define SSL_R_MISSING_TMP_ECDH_KEY 311 #define SSL_R_MISSING_TMP_RSA_KEY 172 #define SSL_R_MISSING_TMP_RSA_PKEY 173 #define SSL_R_MISSING_VERIFY_MESSAGE 174 @@ -1844,6 +1848,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_NULL_SSL_CTX 195 #define SSL_R_NULL_SSL_METHOD_PASSED 196 #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 +#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 #define SSL_R_PACKET_LENGTH_TOO_LONG 198 #define SSL_R_PATH_TOO_LONG 270 #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 @@ -1859,11 +1864,11 @@ void ERR_load_SSL_strings(void); #define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 #define SSL_R_PUBLIC_KEY_NOT_RSA 210 #define SSL_R_READ_BIO_NOT_SET 211 -#define SSL_R_READ_TIMEOUT_EXPIRED 2001 +#define SSL_R_READ_TIMEOUT_EXPIRED 312 #define SSL_R_READ_WRONG_PACKET_TYPE 212 #define SSL_R_RECORD_LENGTH_MISMATCH 213 #define SSL_R_RECORD_TOO_LARGE 214 -#define SSL_R_RECORD_TOO_SMALL 1093 +#define SSL_R_RECORD_TOO_SMALL 298 #define SSL_R_REQUIRED_CIPHER_MISSING 215 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 @@ -1872,8 +1877,8 @@ void ERR_load_SSL_strings(void); #define SSL_R_SHORT_READ 219 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 -#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 1114 -#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113 +#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 +#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 @@ -1884,20 +1889,15 @@ void ERR_load_SSL_strings(void); #define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 #define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 #define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 -#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 223 -#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 224 -#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 225 -#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 226 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 -#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 227 #define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 #define SSL_R_SSL_HANDSHAKE_FAILURE 229 #define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 -#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 1102 -#define SSL_R_SSL_SESSION_ID_CONFLICT 1103 +#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 +#define SSL_R_SSL_SESSION_ID_CONFLICT 302 #define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 -#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 1101 +#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 #define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 #define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 @@ -1916,10 +1916,10 @@ void ERR_load_SSL_strings(void); #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 #define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 -#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 1115 +#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 #define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 #define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 -#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 1116 +#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 #define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 #define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 #define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 @@ -1940,8 +1940,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_UNKNOWN_STATE 255 #define SSL_R_UNSUPPORTED_CIPHER 256 #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 -#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 1118 -#define SSL_R_UNSUPPORTED_OPTION 1091 +#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 #define SSL_R_UNSUPPORTED_PROTOCOL 258 #define SSL_R_UNSUPPORTED_SSL_VERSION 259 #define SSL_R_WRITE_BIO_NOT_SET 260 @@ -1959,4 +1958,3 @@ void ERR_load_SSL_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/ssl2.h b/openssl/include/openssl/ssl2.h index 2920c9674b..99a52ea0dd 100644 --- a/openssl/include/openssl/ssl2.h +++ b/openssl/include/openssl/ssl2.h @@ -266,4 +266,3 @@ typedef struct ssl2_state_st #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/ssl23.h b/openssl/include/openssl/ssl23.h index 1ef10ffa8f..d3228983c7 100644 --- a/openssl/include/openssl/ssl23.h +++ b/openssl/include/openssl/ssl23.h @@ -81,4 +81,3 @@ extern "C" { #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/ssl3.h b/openssl/include/openssl/ssl3.h index c374fa077e..bacaff157e 100644 --- a/openssl/include/openssl/ssl3.h +++ b/openssl/include/openssl/ssl3.h @@ -553,4 +553,3 @@ typedef struct ssl3_state_st #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/stack.h b/openssl/include/openssl/stack.h index 19044b463c..5cbb116a8b 100644 --- a/openssl/include/openssl/stack.h +++ b/openssl/include/openssl/stack.h @@ -107,4 +107,3 @@ int sk_is_sorted(const STACK *st); #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/store.h b/openssl/include/openssl/store.h index f3fbfd6307..64583377a9 100644 --- a/openssl/include/openssl/store.h +++ b/openssl/include/openssl/store.h @@ -552,4 +552,3 @@ void ERR_load_STORE_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/symhacks.h b/openssl/include/openssl/symhacks.h index 1a44c43a37..7e3602d2ea 100644 --- a/openssl/include/openssl/symhacks.h +++ b/openssl/include/openssl/symhacks.h @@ -381,4 +381,3 @@ #endif /* ! defined HEADER_VMS_IDHACKS_H */ - \ No newline at end of file diff --git a/openssl/include/openssl/tls1.h b/openssl/include/openssl/tls1.h index 100fbaab13..e5f9aa1ef6 100644 --- a/openssl/include/openssl/tls1.h +++ b/openssl/include/openssl/tls1.h @@ -78,7 +78,7 @@ extern "C" { #endif -#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1 +#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 #define TLS1_VERSION 0x0301 #define TLS1_VERSION_MAJOR 0x03 @@ -125,51 +125,51 @@ extern "C" { #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 #define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A -/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001). - * XXX NOTE: There is a bug in the draft, cipher numbers 4B, and 4C - * are defined twice so we define ECDH_ECDSA_EXPORT cipher - * suites to use 5B and 5C instead (this may change with future - * updates to the IETF draft). - */ -/* draft-ietf-tls-ecc-03.txt (June 2003) gives a changed list of - * ciphersuites, but does not define numbers for all of them - * because of possible conflicts with other Internet Drafts; - * most numbers are still subject to change. */ -#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x03000047 -#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x03000048 -#define TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA 0x03000049 -#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300004A -#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300004B -#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300004C -#define TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA 0x0300005B -#define TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA 0x0300005C +/* Camellia ciphersuites from RFC4132 */ +#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 +#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 +#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 +#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 +#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 +#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 -#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300004D -#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300004E -#define TLS1_CK_ECDH_RSA_WITH_DES_CBC_SHA 0x0300004F -#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x03000050 -#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x03000051 -#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x03000052 -#define TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_40_SHA 0x03000053 -#define TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_56_SHA 0x03000054 +#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 +#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 +#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 +#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 +#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 +#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 -#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x03000055 -#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x03000056 -#define TLS1_CK_ECDH_anon_WITH_DES_CBC_SHA 0x03000057 -#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x03000058 -#define TLS1_CK_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA 0x03000059 -#define TLS1_CK_ECDH_anon_EXPORT_WITH_RC4_40_SHA 0x0300005A +/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */ +#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 +#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 +#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 +#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 +#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 -/* XXX: ECC ciphersuites offering forward secrecy are not yet specified - * in the ECC/TLS draft but our code allows them to be implemented - * very easily. To add such a cipher suite, one needs to add two constant - * definitions to this file and a new structure in s3_lib.c. We illustrate - * the process for the made-up ciphers ECDHE-ECDSA-AES128-SHA and - * ECDHE-RSA-AES128-SHA. - */ -#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x03000077 -#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x03000078 +#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 +#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 +#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A +#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B +#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C +#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D +#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E +#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F + +#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 +#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 +#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 +#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 +#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 + +#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 +#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 +#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 +#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 +#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 /* XXX * Inconsistency alert: @@ -204,43 +204,57 @@ extern "C" { /* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ #define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" -#define TLS1_TXT_ECDH_ECDSA_WITH_DES_CBC_SHA "ECDH-ECDSA-DES-CBC-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" -#define TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA "EXP-ECDH-ECDSA-RC4-40-SHA" -#define TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA "EXP-ECDH-ECDSA-RC4-56-SHA" + +#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" #define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" #define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" -#define TLS1_TXT_ECDH_RSA_WITH_DES_CBC_SHA "ECDH-RSA-DES-CBC-SHA" #define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" #define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" #define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" -#define TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_40_SHA "EXP-ECDH-RSA-RC4-40-SHA" -#define TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_56_SHA "EXP-ECDH-RSA-RC4-56-SHA" + +#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" #define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" #define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" -#define TLS1_TXT_ECDH_anon_WITH_DES_CBC_SHA "AECDH-DES-CBC-SHA" #define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" -#define TLS1_TXT_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA "EXP-AECDH-DES-40-CBC-SHA" -#define TLS1_TXT_ECDH_anon_EXPORT_WITH_RC4_40_SHA "EXP-AECDH-RC4-40-SHA" +#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" +#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" -/* XXX: Made-up ECC cipher suites offering forward secrecy. This is for - * illustration only. - */ -#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" -#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" +/* Camellia ciphersuites form RFC4132 */ +#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" +#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" +#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" +#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" +#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" +#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" + +#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" +#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" +#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" +#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" +#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" +#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" #define TLS_CT_RSA_SIGN 1 #define TLS_CT_DSS_SIGN 2 #define TLS_CT_RSA_FIXED_DH 3 #define TLS_CT_DSS_FIXED_DH 4 -#define TLS_CT_ECDSA_SIGN 5 -#define TLS_CT_RSA_FIXED_ECDH 6 -#define TLS_CT_ECDSA_FIXED_ECDH 7 +#define TLS_CT_ECDSA_SIGN 64 +#define TLS_CT_RSA_FIXED_ECDH 65 +#define TLS_CT_ECDSA_FIXED_ECDH 66 #define TLS_CT_NUMBER 7 #define TLS1_FINISH_MAC_LENGTH 12 @@ -289,4 +303,3 @@ extern "C" { - \ No newline at end of file diff --git a/openssl/include/openssl/tmdiff.h b/openssl/include/openssl/tmdiff.h index 43ccd9fb95..af5c41c649 100644 --- a/openssl/include/openssl/tmdiff.h +++ b/openssl/include/openssl/tmdiff.h @@ -91,4 +91,3 @@ int ms_time_cmp(const MS_TM *ap, const MS_TM *bp); #endif - \ No newline at end of file diff --git a/openssl/include/openssl/txt_db.h b/openssl/include/openssl/txt_db.h index 31cb4f5964..307e1ba23f 100644 --- a/openssl/include/openssl/txt_db.h +++ b/openssl/include/openssl/txt_db.h @@ -107,4 +107,3 @@ int TXT_DB_insert(TXT_DB *db,char **value); #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/ui.h b/openssl/include/openssl/ui.h index 067ef1eb1a..018296412b 100644 --- a/openssl/include/openssl/ui.h +++ b/openssl/include/openssl/ui.h @@ -379,4 +379,3 @@ void ERR_load_UI_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/ui_compat.h b/openssl/include/openssl/ui_compat.h index 6acbb18962..b35c9bb7fd 100644 --- a/openssl/include/openssl/ui_compat.h +++ b/openssl/include/openssl/ui_compat.h @@ -81,4 +81,3 @@ int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int v } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/x509.h b/openssl/include/openssl/x509.h index 85d499f90d..16a954f709 100644 --- a/openssl/include/openssl/x509.h +++ b/openssl/include/openssl/x509.h @@ -288,6 +288,10 @@ struct x509_st ASN1_OCTET_STRING *skid; struct AUTHORITY_KEYID_st *akid; X509_POLICY_CACHE *policy_cache; +#ifndef OPENSSL_NO_RFC3779 + STACK_OF(IPAddressFamily) *rfc3779_addr; + struct ASIdentifiers_st *rfc3779_asid; +#endif #ifndef OPENSSL_NO_SHA unsigned char sha1_hash[SHA_DIGEST_LENGTH]; #endif @@ -1338,4 +1342,3 @@ void ERR_load_X509_strings(void); } #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/x509_vfy.h b/openssl/include/openssl/x509_vfy.h index d4e055e381..76c76e1719 100644 --- a/openssl/include/openssl/x509_vfy.h +++ b/openssl/include/openssl/x509_vfy.h @@ -331,6 +331,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); #define X509_V_ERR_INVALID_POLICY_EXTENSION 42 #define X509_V_ERR_NO_EXPLICIT_POLICY 43 +#define X509_V_ERR_UNNESTED_RESOURCE 44 /* The application is not happy */ #define X509_V_ERR_APPLICATION_VERIFICATION 50 @@ -528,4 +529,3 @@ const X509_POLICY_NODE * #endif #endif - \ No newline at end of file diff --git a/openssl/include/openssl/x509v3.h b/openssl/include/openssl/x509v3.h index 61ee9e4310..91d2fb5b8b 100644 --- a/openssl/include/openssl/x509v3.h +++ b/openssl/include/openssl/x509v3.h @@ -620,11 +620,161 @@ void X509_email_free(STACK *sk); ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); +int a2i_ipadd(unsigned char *ipout, const char *ipasc); int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, unsigned long chtype); void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); +#ifndef OPENSSL_NO_RFC3779 + +typedef struct ASRange_st { + ASN1_INTEGER *min, *max; +} ASRange; + +#define ASIdOrRange_id 0 +#define ASIdOrRange_range 1 + +typedef struct ASIdOrRange_st { + int type; + union { + ASN1_INTEGER *id; + ASRange *range; + } u; +} ASIdOrRange; + +typedef STACK_OF(ASIdOrRange) ASIdOrRanges; +DECLARE_STACK_OF(ASIdOrRange) + +#define ASIdentifierChoice_inherit 0 +#define ASIdentifierChoice_asIdsOrRanges 1 + +typedef struct ASIdentifierChoice_st { + int type; + union { + ASN1_NULL *inherit; + ASIdOrRanges *asIdsOrRanges; + } u; +} ASIdentifierChoice; + +typedef struct ASIdentifiers_st { + ASIdentifierChoice *asnum, *rdi; +} ASIdentifiers; + +DECLARE_ASN1_FUNCTIONS(ASRange) +DECLARE_ASN1_FUNCTIONS(ASIdOrRange) +DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice) +DECLARE_ASN1_FUNCTIONS(ASIdentifiers) + + +typedef struct IPAddressRange_st { + ASN1_BIT_STRING *min, *max; +} IPAddressRange; + +#define IPAddressOrRange_addressPrefix 0 +#define IPAddressOrRange_addressRange 1 + +typedef struct IPAddressOrRange_st { + int type; + union { + ASN1_BIT_STRING *addressPrefix; + IPAddressRange *addressRange; + } u; +} IPAddressOrRange; + +typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; +DECLARE_STACK_OF(IPAddressOrRange) + +#define IPAddressChoice_inherit 0 +#define IPAddressChoice_addressesOrRanges 1 + +typedef struct IPAddressChoice_st { + int type; + union { + ASN1_NULL *inherit; + IPAddressOrRanges *addressesOrRanges; + } u; +} IPAddressChoice; + +typedef struct IPAddressFamily_st { + ASN1_OCTET_STRING *addressFamily; + IPAddressChoice *ipAddressChoice; +} IPAddressFamily; + +typedef STACK_OF(IPAddressFamily) IPAddrBlocks; +DECLARE_STACK_OF(IPAddressFamily) + +DECLARE_ASN1_FUNCTIONS(IPAddressRange) +DECLARE_ASN1_FUNCTIONS(IPAddressOrRange) +DECLARE_ASN1_FUNCTIONS(IPAddressChoice) +DECLARE_ASN1_FUNCTIONS(IPAddressFamily) + +/* + * API tag for elements of the ASIdentifer SEQUENCE. + */ +#define V3_ASID_ASNUM 0 +#define V3_ASID_RDI 1 + +/* + * AFI values, assigned by IANA. It'd be nice to make the AFI + * handling code totally generic, but there are too many little things + * that would need to be defined for other address families for it to + * be worth the trouble. + */ +#define IANA_AFI_IPV4 1 +#define IANA_AFI_IPV6 2 + +/* + * Utilities to construct and extract values from RFC3779 extensions, + * since some of the encodings (particularly for IP address prefixes + * and ranges) are a bit tedious to work with directly. + */ +int v3_asid_add_inherit(ASIdentifiers *asid, int which); +int v3_asid_add_id_or_range(ASIdentifiers *asid, int which, + ASN1_INTEGER *min, ASN1_INTEGER *max); +int v3_addr_add_inherit(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi); +int v3_addr_add_prefix(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *a, const int prefixlen); +int v3_addr_add_range(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *min, unsigned char *max); +unsigned v3_addr_get_afi(const IPAddressFamily *f); +int v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, + unsigned char *min, unsigned char *max, + const int length); + +/* + * Canonical forms. + */ +int v3_asid_is_canonical(ASIdentifiers *asid); +int v3_addr_is_canonical(IPAddrBlocks *addr); +int v3_asid_canonize(ASIdentifiers *asid); +int v3_addr_canonize(IPAddrBlocks *addr); + +/* + * Tests for inheritance and containment. + */ +int v3_asid_inherits(ASIdentifiers *asid); +int v3_addr_inherits(IPAddrBlocks *addr); +int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); +int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); + +/* + * Check whether RFC 3779 extensions nest properly in chains. + */ +int v3_asid_validate_path(X509_STORE_CTX *); +int v3_addr_validate_path(X509_STORE_CTX *); +int v3_asid_validate_resource_set(STACK_OF(X509) *chain, + ASIdentifiers *ext, + int allow_inheritance); +int v3_addr_validate_resource_set(STACK_OF(X509) *chain, + IPAddrBlocks *ext, + int allow_inheritance); + +#endif /* OPENSSL_NO_RFC3779 */ + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -634,6 +784,8 @@ void ERR_load_X509V3_strings(void); /* Error codes for the X509V3 functions. */ /* Function codes. */ +#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 156 +#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 157 #define X509V3_F_COPY_EMAIL 122 #define X509V3_F_COPY_ISSUER 123 #define X509V3_F_DO_DIRNAME 144 @@ -651,7 +803,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_F_POLICY_SECTION 131 #define X509V3_F_PROCESS_PCI_VALUE 150 #define X509V3_F_R2I_CERTPOL 130 -#define X509V3_F_R2I_PCI 149 +#define X509V3_F_R2I_PCI 155 #define X509V3_F_S2I_ASN1_IA5STRING 100 #define X509V3_F_S2I_ASN1_INTEGER 108 #define X509V3_F_S2I_ASN1_OCTET_STRING 112 @@ -663,6 +815,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_F_SXNET_ADD_ID_ULONG 127 #define X509V3_F_SXNET_GET_ID_ASC 128 #define X509V3_F_SXNET_GET_ID_ULONG 129 +#define X509V3_F_V2I_ASIDENTIFIERS 158 #define X509V3_F_V2I_ASN1_BIT_STRING 101 #define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 #define X509V3_F_V2I_AUTHORITY_KEYID 119 @@ -671,11 +824,13 @@ void ERR_load_X509V3_strings(void); #define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 #define X509V3_F_V2I_GENERAL_NAMES 118 #define X509V3_F_V2I_GENERAL_NAME_EX 117 +#define X509V3_F_V2I_IPADDRBLOCKS 159 #define X509V3_F_V2I_ISSUER_ALT 153 #define X509V3_F_V2I_NAME_CONSTRAINTS 147 #define X509V3_F_V2I_POLICY_CONSTRAINTS 146 #define X509V3_F_V2I_POLICY_MAPPINGS 145 #define X509V3_F_V2I_SUBJECT_ALT 154 +#define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL 160 #define X509V3_F_V3_GENERIC_EXTENSION 116 #define X509V3_F_X509V3_ADD1_I2D 140 #define X509V3_F_X509V3_ADD_VALUE 105 @@ -710,8 +865,12 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 #define X509V3_R_ILLEGAL_HEX_DIGIT 113 #define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 +#define X509V3_R_INVALID_ASNUMBER 160 +#define X509V3_R_INVALID_ASRANGE 161 #define X509V3_R_INVALID_BOOLEAN_STRING 104 #define X509V3_R_INVALID_EXTENSION_STRING 105 +#define X509V3_R_INVALID_INHERITANCE 162 +#define X509V3_R_INVALID_IPADDRESS 163 #define X509V3_R_INVALID_NAME 106 #define X509V3_R_INVALID_NULL_ARGUMENT 107 #define X509V3_R_INVALID_NULL_NAME 108 @@ -723,6 +882,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_INVALID_POLICY_IDENTIFIER 134 #define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 #define X509V3_R_INVALID_PURPOSE 146 +#define X509V3_R_INVALID_SAFI 164 #define X509V3_R_INVALID_SECTION 135 #define X509V3_R_INVALID_SYNTAX 143 #define X509V3_R_ISSUER_DECODE_ERROR 126 @@ -757,4 +917,3 @@ void ERR_load_X509V3_strings(void); } #endif #endif - \ No newline at end of file