external/boringssl: bump revision.
This change bumps the BoringSSL revision to the current tip-of-tree.
Change-Id: I91d5bf467e16e8d86cb19a4de873985f524e5faa
diff --git a/src/include/openssl/aead.h b/src/include/openssl/aead.h
index 61cf3cd..dc453e3 100644
--- a/src/include/openssl/aead.h
+++ b/src/include/openssl/aead.h
@@ -115,18 +115,28 @@
* See |EVP_aead_aes_128_key_wrap| for details. */
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_key_wrap(void);
+/* EVP_aead_aes_128_ctr_hmac_sha256 is AES-128 in CTR mode with HMAC-SHA256 for
+ * authentication. The nonce is 12 bytes; the bottom 32-bits are used as the
+ * block counter, thus the maximum plaintext size is 64GB. */
+OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ctr_hmac_sha256(void);
+
+/* EVP_aead_aes_128_ctr_hmac_sha256 is AES-256 in CTR mode with HMAC-SHA256 for
+ * authentication. See |EVP_aead_aes_128_ctr_hmac_sha256| for details. */
+OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_ctr_hmac_sha256(void);
+
/* EVP_has_aes_hardware returns one if we enable hardware support for fast and
* constant-time AES-GCM. */
OPENSSL_EXPORT int EVP_has_aes_hardware(void);
-/* TLS specific AEAD algorithms.
+/* TLS-specific AEAD algorithms.
*
* These AEAD primitives do not meet the definition of generic AEADs. They are
- * all specific to TLS in some fashion and should not be used outside of that
- * context. They require an additional data of length 11 (the standard TLS one
- * with the length omitted). They are also stateful, so a given |EVP_AEAD_CTX|
- * may only be used for one of seal or open, but not both. */
+ * all specific to TLS and should not be used outside of that context. They must
+ * be initialized with |EVP_AEAD_CTX_init_with_direction|, are stateful, and may
+ * not be used concurrently. Any nonces are used as IVs, so they must be
+ * unpredictable. They only accept an |ad| parameter of length 11 (the standard
+ * TLS one with length omitted). */
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_rc4_md5_tls(void);
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_rc4_sha1_tls(void);
@@ -144,11 +154,13 @@
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv(void);
-/* SSLv3 specific AEAD algorithms.
+/* SSLv3-specific AEAD algorithms.
*
* These AEAD primitives do not meet the definition of generic AEADs. They are
- * all specific to SSLv3 in some fashion and should not be used outside of that
- * context. */
+ * all specific to SSLv3 and should not be used outside of that context. They
+ * must be initialized with |EVP_AEAD_CTX_init_with_direction|, are stateful,
+ * and may not be used concurrently. They only accept an |ad| parameter of
+ * length 9 (the standard TLS one with length and version omitted). */
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_rc4_md5_ssl3(void);
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_rc4_sha1_ssl3(void);
@@ -205,17 +217,35 @@
* be used. */
#define EVP_AEAD_DEFAULT_TAG_LENGTH 0
-/* EVP_AEAD_init initializes |ctx| for the given AEAD algorithm from |impl|.
+/* evp_aead_direction_t denotes the direction of an AEAD operation. */
+enum evp_aead_direction_t {
+ evp_aead_open,
+ evp_aead_seal,
+};
+
+/* EVP_AEAD_CTX_init initializes |ctx| for the given AEAD algorithm from |impl|.
* The |impl| argument may be NULL to choose the default implementation.
* Authentication tags may be truncated by passing a size as |tag_len|. A
* |tag_len| of zero indicates the default tag length and this is defined as
* EVP_AEAD_DEFAULT_TAG_LENGTH for readability.
- * Returns 1 on success. Otherwise returns 0 and pushes to the error stack. */
+ *
+ * Returns 1 on success. Otherwise returns 0 and pushes to the error stack. In
+ * the error case, you do not need to call |EVP_AEAD_CTX_cleanup|, but it's
+ * harmless to do so. */
OPENSSL_EXPORT int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
const uint8_t *key, size_t key_len,
size_t tag_len, ENGINE *impl);
-/* EVP_AEAD_CTX_cleanup frees any data allocated by |ctx|. */
+/* EVP_AEAD_CTX_init_with_direction calls |EVP_AEAD_CTX_init| for normal
+ * AEADs. For TLS-specific and SSL3-specific AEADs, it initializes |ctx| for a
+ * given direction. */
+OPENSSL_EXPORT int EVP_AEAD_CTX_init_with_direction(
+ EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, const uint8_t *key, size_t key_len,
+ size_t tag_len, enum evp_aead_direction_t dir);
+
+/* EVP_AEAD_CTX_cleanup frees any data allocated by |ctx|. It is a no-op to
+ * call |EVP_AEAD_CTX_cleanup| on a |EVP_AEAD_CTX| that has been |memset| to
+ * all zeros. */
OPENSSL_EXPORT void EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx);
/* EVP_AEAD_CTX_seal encrypts and authenticates |in_len| bytes from |in| and
@@ -270,6 +300,14 @@
const uint8_t *ad, size_t ad_len);
+/* Obscure functions. */
+
+/* EVP_AEAD_CTX_get_rc4_state sets |*out_key| to point to an RC4 key structure.
+ * It returns one on success or zero if |ctx| doesn't have an RC4 key. */
+OPENSSL_EXPORT int EVP_AEAD_CTX_get_rc4_state(const EVP_AEAD_CTX *ctx,
+ const RC4_KEY **out_key);
+
+
#if defined(__cplusplus)
} /* extern C */
#endif
diff --git a/src/include/openssl/asn1.h b/src/include/openssl/asn1.h
index 941b156..4baf81c 100644
--- a/src/include/openssl/asn1.h
+++ b/src/include/openssl/asn1.h
@@ -517,7 +517,7 @@
} /* X509_ALGOR */;
DEFINE_STACK_OF(X509_ALGOR);
-DECLARE_ASN1_FUNCTIONS(X509_ALGOR);
+DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
typedef struct NETSCAPE_X509_st
{
@@ -1078,187 +1078,157 @@
}
#endif
-#define ASN1_F_asn1_template_ex_d2i 100
-#define ASN1_F_ASN1_dup 101
-#define ASN1_F_a2i_ASN1_STRING 102
-#define ASN1_F_ASN1_d2i_fp 103
-#define ASN1_F_d2i_ASN1_OBJECT 104
-#define ASN1_F_asn1_item_ex_combine_new 105
-#define ASN1_F_ASN1_template_new 106
-#define ASN1_F_asn1_do_adb 107
-#define ASN1_F_asn1_d2i_read_bio 108
-#define ASN1_F_asn1_ex_c2i 109
-#define ASN1_F_c2i_ASN1_INTEGER 110
-#define ASN1_F_ASN1_PCTX_new 111
-#define ASN1_F_ASN1_item_unpack 112
-#define ASN1_F_d2i_ASN1_type_bytes 113
-#define ASN1_F_a2i_ASN1_INTEGER 114
-#define ASN1_F_asn1_collect 115
-#define ASN1_F_ASN1_item_dup 116
-#define ASN1_F_ASN1_ENUMERATED_set 117
-#define ASN1_F_c2i_ASN1_OBJECT 118
-#define ASN1_F_ASN1_unpack_string 119
-#define ASN1_F_d2i_ASN1_UINTEGER 120
-#define ASN1_F_long_c2i 121
-#define ASN1_F_ASN1_seq_pack 122
-#define ASN1_F_a2d_ASN1_OBJECT 123
-#define ASN1_F_ASN1_STRING_type_new 124
-#define ASN1_F_ASN1_INTEGER_set 125
-#define ASN1_F_BN_to_ASN1_INTEGER 126
-#define ASN1_F_BIO_new_NDEF 127
-#define ASN1_F_ASN1_ENUMERATED_to_BN 128
-#define ASN1_F_ASN1_item_ex_d2i 129
-#define ASN1_F_ASN1_INTEGER_to_BN 130
-#define ASN1_F_i2d_ASN1_TIME 131
-#define ASN1_F_ASN1_TIME_adj 132
-#define ASN1_F_ASN1_BIT_STRING_set_bit 133
-#define ASN1_F_ASN1_seq_unpack 134
-#define ASN1_F_ASN1_item_pack 135
-#define ASN1_F_ASN1_STRING_set 136
-#define ASN1_F_ASN1_UTCTIME_adj 137
-#define ASN1_F_ASN1_mbstring_ncopy 138
-#define ASN1_F_d2i_ASN1_BOOLEAN 139
-#define ASN1_F_ASN1_OBJECT_new 140
-#define ASN1_F_asn1_template_noexp_d2i 141
-#define ASN1_F_c2i_ASN1_BIT_STRING 142
-#define ASN1_F_BN_to_ASN1_ENUMERATED 143
-#define ASN1_F_asn1_d2i_ex_primitive 144
-#define ASN1_F_ASN1_i2d_bio 145
-#define ASN1_F_ASN1_item_i2d_bio 146
-#define ASN1_F_d2i_ASN1_UTCTIME 147
-#define ASN1_F_ASN1_STRING_TABLE_add 148
-#define ASN1_F_asn1_find_end 149
-#define ASN1_F_ASN1_item_d2i_fp 150
-#define ASN1_F_collect_data 151
-#define ASN1_F_asn1_check_tlen 152
-#define ASN1_F_ASN1_i2d_fp 153
-#define ASN1_F_ASN1_item_i2d_fp 154
-#define ASN1_F_ASN1_GENERALIZEDTIME_adj 155
-#define ASN1_F_asn1_collate_primitive 156
-#define ASN1_F_ASN1_pack_string 157
-#define ASN1_F_ASN1_get_object 158
-#define ASN1_F_d2i_ASN1_bytes 159
-#define ASN1_F_a2i_ASN1_ENUMERATED 160
-#define ASN1_R_ASN1_SIG_PARSE_ERROR 100
-#define ASN1_R_ADDING_OBJECT 101
-#define ASN1_R_MIME_NO_CONTENT_TYPE 102
-#define ASN1_R_UNKNOWN_OBJECT_TYPE 103
-#define ASN1_R_ILLEGAL_FORMAT 104
-#define ASN1_R_HEADER_TOO_LONG 105
-#define ASN1_R_INVALID_UTF8STRING 106
-#define ASN1_R_EXPLICIT_LENGTH_MISMATCH 107
-#define ASN1_R_ILLEGAL_TAGGED_ANY 108
-#define ASN1_R_DATA_IS_WRONG 109
-#define ASN1_R_NOT_ASCII_FORMAT 110
-#define ASN1_R_NOT_ENOUGH_DATA 111
-#define ASN1_R_MSTRING_NOT_UNIVERSAL 112
-#define ASN1_R_UNKNOWN_FORMAT 113
-#define ASN1_R_BAD_PASSWORD_READ 115
-#define ASN1_R_BAD_OBJECT_HEADER 116
-#define ASN1_R_ILLEGAL_CHARACTERS 117
-#define ASN1_R_CONTEXT_NOT_INITIALISED 118
-#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 119
-#define ASN1_R_BN_LIB 120
-#define ASN1_R_NO_MATCHING_CHOICE_TYPE 121
-#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 122
-#define ASN1_R_ASN1_PARSE_ERROR 123
-#define ASN1_R_NO_MULTIPART_BOUNDARY 124
-#define ASN1_R_INVALID_SEPARATOR 125
-#define ASN1_R_MALLOC_FAILURE 126
-#define ASN1_R_ILLEGAL_NULL 127
-#define ASN1_R_INVALID_MIME_TYPE 128
-#define ASN1_R_INVALID_NUMBER 129
-#define ASN1_R_STRING_TOO_LONG 130
-#define ASN1_R_BAD_GET_ASN1_OBJECT_CALL 131
-#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 132
-#define ASN1_R_EXPECTING_A_TIME 133
-#define ASN1_R_TAG_VALUE_TOO_HIGH 134
-#define ASN1_R_NESTED_ASN1_STRING 135
-#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 136
-#define ASN1_R_MISSING_SECOND_NUMBER 137
-#define ASN1_R_TIME_NOT_ASCII_FORMAT 138
-#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 139
-#define ASN1_R_WRONG_TYPE 140
-#define ASN1_R_EXPECTING_AN_INTEGER 141
-#define ASN1_R_DEPTH_EXCEEDED 142
-#define ASN1_R_ILLEGAL_OBJECT 143
-#define ASN1_R_UNKNOWN_TAG 144
-#define ASN1_R_ILLEGAL_IMPLICIT_TAG 145
-#define ASN1_R_AUX_ERROR 146
-#define ASN1_R_SEQUENCE_LENGTH_MISMATCH 147
-#define ASN1_R_FIELD_MISSING 148
-#define ASN1_R_TYPE_NOT_CONSTRUCTED 149
-#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 150
-#define ASN1_R_FIRST_NUM_TOO_LARGE 151
-#define ASN1_R_INVALID_DIGIT 152
-#define ASN1_R_MSTRING_WRONG_TAG 153
-#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 154
-#define ASN1_R_UNSUPPORTED_TYPE 155
-#define ASN1_R_ERROR_LOADING_SECTION 156
-#define ASN1_R_ODD_NUMBER_OF_CHARS 157
-#define ASN1_R_ASN1_LENGTH_MISMATCH 158
-#define ASN1_R_MISSING_EOC 159
-#define ASN1_R_ILLEGAL_INTEGER 160
-#define ASN1_R_ILLEGAL_HEX 161
-#define ASN1_R_NESTED_ASN1_ERROR 162
-#define ASN1_R_TOO_LONG 163
-#define ASN1_R_LENGTH_ERROR 164
-#define ASN1_R_DECODING_ERROR 165
-#define ASN1_R_MIME_SIG_PARSE_ERROR 166
-#define ASN1_R_ILLEGAL_NULL_VALUE 167
-#define ASN1_R_EXPECTING_A_BOOLEAN 168
-#define ASN1_R_STREAMING_NOT_SUPPORTED 169
-#define ASN1_R_INVALID_BMPSTRING_LENGTH 170
-#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 171
-#define ASN1_R_INVALID_MODIFIER 172
-#define ASN1_R_UNEXPECTED_EOC 173
-#define ASN1_R_ILLEGAL_NESTED_TAGGING 174
-#define ASN1_R_IV_TOO_LARGE 175
-#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 176
-#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 177
-#define ASN1_R_BUFFER_TOO_SMALL 178
-#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 179
-#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 181
-#define ASN1_R_MIME_PARSE_ERROR 182
-#define ASN1_R_INVALID_OBJECT_ENCODING 183
-#define ASN1_R_PRIVATE_KEY_HEADER_MISSING 184
-#define ASN1_R_UNSUPPORTED_CIPHER 185
-#define ASN1_R_NO_MULTIPART_BODY_FAILURE 186
-#define ASN1_R_NO_CONTENT_TYPE 187
-#define ASN1_R_SECOND_NUMBER_TOO_LARGE 188
-#define ASN1_R_INVALID_TIME_FORMAT 189
-#define ASN1_R_NO_DEFAULT_DIGEST 190
-#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 191
-#define ASN1_R_EXPECTING_AN_OBJECT 192
-#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 193
-#define ASN1_R_ERROR_GETTING_TIME 194
-#define ASN1_R_MISSING_VALUE 195
-#define ASN1_R_LIST_ERROR 196
-#define ASN1_R_DECODE_ERROR 197
-#define ASN1_R_NON_HEX_CHARACTERS 198
-#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 199
-#define ASN1_R_EXPECTING_AN_ASN1_SEQUENCE 201
-#define ASN1_R_STRING_TOO_SHORT 203
-#define ASN1_R_ILLEGAL_OPTIONAL_ANY 204
-#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 205
-#define ASN1_R_NO_SIG_CONTENT_TYPE 206
-#define ASN1_R_ENCODE_ERROR 207
-#define ASN1_R_SHORT_LINE 208
-#define ASN1_R_ILLEGAL_TIME_VALUE 209
-#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 210
-#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 211
-#define ASN1_R_BAD_CLASS 212
-#define ASN1_R_BAD_TAG 213
-#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 214
-#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 215
-#define ASN1_R_ILLEGAL_BOOLEAN 216
-#define ASN1_R_SIG_INVALID_MIME_TYPE 217
-#define ASN1_R_NULL_IS_WRONG_LENGTH 218
-#define ASN1_R_MISSING_ASN1_EOS 219
-#define ASN1_R_ERROR_PARSING_SET_ELEMENT 220
-#define ASN1_R_WRONG_TAG 221
-#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 222
-#define ASN1_R_TYPE_NOT_PRIMITIVE 223
-#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 224
+#define ASN1_F_ASN1_BIT_STRING_set_bit 100
+#define ASN1_F_ASN1_ENUMERATED_set 101
+#define ASN1_F_ASN1_ENUMERATED_to_BN 102
+#define ASN1_F_ASN1_GENERALIZEDTIME_adj 103
+#define ASN1_F_ASN1_INTEGER_set 104
+#define ASN1_F_ASN1_INTEGER_to_BN 105
+#define ASN1_F_ASN1_OBJECT_new 106
+#define ASN1_F_ASN1_PCTX_new 107
+#define ASN1_F_ASN1_STRING_TABLE_add 108
+#define ASN1_F_ASN1_STRING_set 109
+#define ASN1_F_ASN1_STRING_type_new 110
+#define ASN1_F_ASN1_TIME_adj 111
+#define ASN1_F_ASN1_UTCTIME_adj 112
+#define ASN1_F_ASN1_d2i_fp 113
+#define ASN1_F_ASN1_dup 114
+#define ASN1_F_ASN1_generate_v3 115
+#define ASN1_F_ASN1_get_object 116
+#define ASN1_F_ASN1_i2d_bio 117
+#define ASN1_F_ASN1_i2d_fp 118
+#define ASN1_F_ASN1_item_d2i_fp 119
+#define ASN1_F_ASN1_item_dup 120
+#define ASN1_F_ASN1_item_ex_d2i 121
+#define ASN1_F_ASN1_item_i2d_bio 122
+#define ASN1_F_ASN1_item_i2d_fp 123
+#define ASN1_F_ASN1_item_pack 124
+#define ASN1_F_ASN1_item_unpack 125
+#define ASN1_F_ASN1_mbstring_ncopy 126
+#define ASN1_F_ASN1_template_new 127
+#define ASN1_F_BIO_new_NDEF 128
+#define ASN1_F_BN_to_ASN1_ENUMERATED 129
+#define ASN1_F_BN_to_ASN1_INTEGER 130
+#define ASN1_F_a2d_ASN1_OBJECT 131
+#define ASN1_F_a2i_ASN1_ENUMERATED 132
+#define ASN1_F_a2i_ASN1_INTEGER 133
+#define ASN1_F_a2i_ASN1_STRING 134
+#define ASN1_F_append_exp 135
+#define ASN1_F_asn1_cb 136
+#define ASN1_F_asn1_check_tlen 137
+#define ASN1_F_asn1_collate_primitive 138
+#define ASN1_F_asn1_collect 139
+#define ASN1_F_asn1_d2i_ex_primitive 140
+#define ASN1_F_asn1_d2i_read_bio 141
+#define ASN1_F_asn1_do_adb 142
+#define ASN1_F_asn1_ex_c2i 143
+#define ASN1_F_asn1_find_end 144
+#define ASN1_F_asn1_item_ex_combine_new 145
+#define ASN1_F_asn1_str2type 146
+#define ASN1_F_asn1_template_ex_d2i 147
+#define ASN1_F_asn1_template_noexp_d2i 148
+#define ASN1_F_bitstr_cb 149
+#define ASN1_F_c2i_ASN1_BIT_STRING 150
+#define ASN1_F_c2i_ASN1_INTEGER 151
+#define ASN1_F_c2i_ASN1_OBJECT 152
+#define ASN1_F_collect_data 153
+#define ASN1_F_d2i_ASN1_BOOLEAN 154
+#define ASN1_F_d2i_ASN1_OBJECT 155
+#define ASN1_F_d2i_ASN1_UINTEGER 156
+#define ASN1_F_d2i_ASN1_UTCTIME 157
+#define ASN1_F_d2i_ASN1_bytes 158
+#define ASN1_F_d2i_ASN1_type_bytes 159
+#define ASN1_F_i2d_ASN1_TIME 160
+#define ASN1_F_i2d_PrivateKey 161
+#define ASN1_F_long_c2i 162
+#define ASN1_F_parse_tagging 163
+#define ASN1_R_ASN1_LENGTH_MISMATCH 100
+#define ASN1_R_AUX_ERROR 101
+#define ASN1_R_BAD_GET_ASN1_OBJECT_CALL 102
+#define ASN1_R_BAD_OBJECT_HEADER 103
+#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 104
+#define ASN1_R_BN_LIB 105
+#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
+#define ASN1_R_BUFFER_TOO_SMALL 107
+#define ASN1_R_DECODE_ERROR 108
+#define ASN1_R_DEPTH_EXCEEDED 109
+#define ASN1_R_ENCODE_ERROR 110
+#define ASN1_R_ERROR_GETTING_TIME 111
+#define ASN1_R_EXPECTING_AN_ASN1_SEQUENCE 112
+#define ASN1_R_EXPECTING_AN_INTEGER 113
+#define ASN1_R_EXPECTING_AN_OBJECT 114
+#define ASN1_R_EXPECTING_A_BOOLEAN 115
+#define ASN1_R_EXPECTING_A_TIME 116
+#define ASN1_R_EXPLICIT_LENGTH_MISMATCH 117
+#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 118
+#define ASN1_R_FIELD_MISSING 119
+#define ASN1_R_FIRST_NUM_TOO_LARGE 120
+#define ASN1_R_HEADER_TOO_LONG 121
+#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 122
+#define ASN1_R_ILLEGAL_BOOLEAN 123
+#define ASN1_R_ILLEGAL_CHARACTERS 124
+#define ASN1_R_ILLEGAL_FORMAT 125
+#define ASN1_R_ILLEGAL_HEX 126
+#define ASN1_R_ILLEGAL_IMPLICIT_TAG 127
+#define ASN1_R_ILLEGAL_INTEGER 128
+#define ASN1_R_ILLEGAL_NESTED_TAGGING 129
+#define ASN1_R_ILLEGAL_NULL 130
+#define ASN1_R_ILLEGAL_NULL_VALUE 131
+#define ASN1_R_ILLEGAL_OBJECT 132
+#define ASN1_R_ILLEGAL_OPTIONAL_ANY 133
+#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 134
+#define ASN1_R_ILLEGAL_TAGGED_ANY 135
+#define ASN1_R_ILLEGAL_TIME_VALUE 136
+#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 137
+#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 138
+#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 139
+#define ASN1_R_INVALID_BMPSTRING_LENGTH 140
+#define ASN1_R_INVALID_DIGIT 141
+#define ASN1_R_INVALID_MODIFIER 142
+#define ASN1_R_INVALID_NUMBER 143
+#define ASN1_R_INVALID_OBJECT_ENCODING 144
+#define ASN1_R_INVALID_SEPARATOR 145
+#define ASN1_R_INVALID_TIME_FORMAT 146
+#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 147
+#define ASN1_R_INVALID_UTF8STRING 148
+#define ASN1_R_LIST_ERROR 149
+#define ASN1_R_MALLOC_FAILURE 150
+#define ASN1_R_MISSING_ASN1_EOS 151
+#define ASN1_R_MISSING_EOC 152
+#define ASN1_R_MISSING_SECOND_NUMBER 153
+#define ASN1_R_MISSING_VALUE 154
+#define ASN1_R_MSTRING_NOT_UNIVERSAL 155
+#define ASN1_R_MSTRING_WRONG_TAG 156
+#define ASN1_R_NESTED_ASN1_ERROR 157
+#define ASN1_R_NESTED_ASN1_STRING 158
+#define ASN1_R_NON_HEX_CHARACTERS 159
+#define ASN1_R_NOT_ASCII_FORMAT 160
+#define ASN1_R_NOT_ENOUGH_DATA 161
+#define ASN1_R_NO_MATCHING_CHOICE_TYPE 162
+#define ASN1_R_NULL_IS_WRONG_LENGTH 163
+#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 164
+#define ASN1_R_ODD_NUMBER_OF_CHARS 165
+#define ASN1_R_SECOND_NUMBER_TOO_LARGE 166
+#define ASN1_R_SEQUENCE_LENGTH_MISMATCH 167
+#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 168
+#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 169
+#define ASN1_R_SHORT_LINE 170
+#define ASN1_R_STREAMING_NOT_SUPPORTED 171
+#define ASN1_R_STRING_TOO_LONG 172
+#define ASN1_R_STRING_TOO_SHORT 173
+#define ASN1_R_TAG_VALUE_TOO_HIGH 174
+#define ASN1_R_TIME_NOT_ASCII_FORMAT 175
+#define ASN1_R_TOO_LONG 176
+#define ASN1_R_TYPE_NOT_CONSTRUCTED 177
+#define ASN1_R_TYPE_NOT_PRIMITIVE 178
+#define ASN1_R_UNEXPECTED_EOC 179
+#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 180
+#define ASN1_R_UNKNOWN_FORMAT 181
+#define ASN1_R_UNKNOWN_TAG 182
+#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 183
+#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 184
+#define ASN1_R_UNSUPPORTED_TYPE 185
+#define ASN1_R_WRONG_TAG 186
+#define ASN1_R_WRONG_TYPE 187
#endif
diff --git a/src/include/openssl/asn1_mac.h b/src/include/openssl/asn1_mac.h
index 3e8eebb..49b2a28 100644
--- a/src/include/openssl/asn1_mac.h
+++ b/src/include/openssl/asn1_mac.h
@@ -65,512 +65,10 @@
extern "C" {
#endif
-#ifndef ASN1_MAC_ERR_LIB
-#define ASN1_MAC_ERR_LIB ERR_LIB_ASN1
-#endif
-
-#define ASN1_MAC_H_err(f,r,line) \
- ERR_put_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
-
-#define M_ASN1_D2I_vars(a,type,func) \
- ASN1_const_CTX c; \
- type ret=NULL; \
- \
- c.pp=(const unsigned char **)pp; \
- c.q= *(const unsigned char **)pp; \
- c.error=ASN1_R_NESTED_ASN1_ERROR; \
- if ((a == NULL) || ((*a) == NULL)) \
- { if ((ret=(type)func()) == NULL) \
- { c.line=__LINE__; goto err; } } \
- else ret=(*a);
-
-#define M_ASN1_D2I_Init() \
- c.p= *(const unsigned char **)pp; \
- c.max=(length == 0)?0:(c.p+length);
-
-#define M_ASN1_D2I_Finish_2(a) \
- if (!asn1_const_Finish(&c)) \
- { c.line=__LINE__; goto err; } \
- *(const unsigned char **)pp=c.p; \
- if (a != NULL) (*a)=ret; \
- return(ret);
-
-#define M_ASN1_D2I_Finish(a,func,e) \
- M_ASN1_D2I_Finish_2(a); \
-err:\
- ASN1_MAC_H_err((e),c.error,c.line); \
- asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \
- if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
- return(NULL)
-
-#define M_ASN1_D2I_start_sequence() \
- if (!asn1_GetSequence(&c,&length)) \
- { c.line=__LINE__; goto err; }
-/* Begin reading ASN1 without a surrounding sequence */
-#define M_ASN1_D2I_begin() \
- c.slen = length;
-
-/* End reading ASN1 with no check on length */
-#define M_ASN1_D2I_Finish_nolen(a, func, e) \
- *pp=c.p; \
- if (a != NULL) (*a)=ret; \
- return(ret); \
-err:\
- ASN1_MAC_H_err((e),c.error,c.line); \
- asn1_add_error(*pp,(int)(c.q- *pp)); \
- if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
- return(NULL)
-
-#define M_ASN1_D2I_end_sequence() \
- (((c.inf&1) == 0)?(c.slen <= 0): \
- (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen)))
-
-/* Don't use this with d2i_ASN1_BOOLEAN() */
-#define M_ASN1_D2I_get(b, func) \
- c.q=c.p; \
- if (func(&(b),&c.p,c.slen) == NULL) \
- {c.line=__LINE__; goto err; } \
- c.slen-=(c.p-c.q);
-
-/* Don't use this with d2i_ASN1_BOOLEAN() */
-#define M_ASN1_D2I_get_x(type,b,func) \
- c.q=c.p; \
- if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \
- {c.line=__LINE__; goto err; } \
- c.slen-=(c.p-c.q);
-
-/* use this instead () */
-#define M_ASN1_D2I_get_int(b,func) \
- c.q=c.p; \
- if (func(&(b),&c.p,c.slen) < 0) \
- {c.line=__LINE__; goto err; } \
- c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_opt(b,func,type) \
- if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
- == (V_ASN1_UNIVERSAL|(type)))) \
- { \
- M_ASN1_D2I_get(b,func); \
- }
-
-#define M_ASN1_D2I_get_int_opt(b,func,type) \
- if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
- == (V_ASN1_UNIVERSAL|(type)))) \
- { \
- M_ASN1_D2I_get_int(b,func); \
- }
-
-#define M_ASN1_D2I_get_imp(b,func, type) \
- M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
- c.q=c.p; \
- if (func(&(b),&c.p,c.slen) == NULL) \
- {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
- c.slen-=(c.p-c.q);\
- M_ASN1_next_prev=_tmp;
-
-#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \
- if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \
- (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \
- { \
- unsigned char _tmp = M_ASN1_next; \
- M_ASN1_D2I_get_imp(b,func, type);\
- }
-
-#define M_ASN1_D2I_get_set(r,func,free_func) \
- M_ASN1_D2I_get_imp_set(r,func,free_func, \
- V_ASN1_SET,V_ASN1_UNIVERSAL);
-
-#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \
- M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \
- V_ASN1_SET,V_ASN1_UNIVERSAL);
-
-#define M_ASN1_D2I_get_set_opt(r,func,free_func) \
- if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
- V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
- { M_ASN1_D2I_get_set(r,func,free_func); }
-
-#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \
- if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
- V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
- { M_ASN1_D2I_get_set_type(type,r,func,free_func); }
-
-#define M_ASN1_I2D_len_SET_opt(a,f) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- M_ASN1_I2D_len_SET(a,f);
-
-#define M_ASN1_I2D_put_SET_opt(a,f) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- M_ASN1_I2D_put_SET(a,f);
-
-#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- M_ASN1_I2D_put_SEQUENCE(a,f);
-
-#define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
-
-#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
- if ((c.slen != 0) && \
- (M_ASN1_next == \
- (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
- { \
- M_ASN1_D2I_get_imp_set(b,func,free_func,\
- tag,V_ASN1_CONTEXT_SPECIFIC); \
- }
-
-#define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \
- if ((c.slen != 0) && \
- (M_ASN1_next == \
- (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
- { \
- M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\
- tag,V_ASN1_CONTEXT_SPECIFIC); \
- }
-
-#define M_ASN1_D2I_get_seq(r,func,free_func) \
- M_ASN1_D2I_get_imp_set(r,func,free_func,\
- V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-
-#define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \
- M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
- V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
-
-#define M_ASN1_D2I_get_seq_opt(r,func,free_func) \
- if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
- V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
- { M_ASN1_D2I_get_seq(r,func,free_func); }
-
-#define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \
- if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
- V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
- { M_ASN1_D2I_get_seq_type(type,r,func,free_func); }
-
-#define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \
- M_ASN1_D2I_get_imp_set(r,func,free_func,\
- x,V_ASN1_CONTEXT_SPECIFIC);
-
-#define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \
- M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
- x,V_ASN1_CONTEXT_SPECIFIC);
-
-#define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \
- c.q=c.p; \
- if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\
- (void (*)())free_func,a,b) == NULL) \
- { c.line=__LINE__; goto err; } \
- c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
- c.q=c.p; \
- if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
- free_func,a,b) == NULL) \
- { c.line=__LINE__; goto err; } \
- c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_set_strings(r,func,a,b) \
- c.q=c.p; \
- if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
- { c.line=__LINE__; goto err; } \
- c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
- if ((c.slen != 0L) && (M_ASN1_next == \
- (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
- { \
- int Tinf,Ttag,Tclass; \
- long Tlen; \
- \
- c.q=c.p; \
- Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
- if (Tinf & 0x80) \
- { c.error=ASN1_R_BAD_OBJECT_HEADER; \
- c.line=__LINE__; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
- Tlen = c.slen - (c.p - c.q) - 2; \
- if (func(&(r),&c.p,Tlen) == NULL) \
- { c.line=__LINE__; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
- Tlen = c.slen - (c.p - c.q); \
- if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \
- { c.error=ASN1_R_MISSING_ASN1_EOS; \
- c.line=__LINE__; goto err; } \
- }\
- c.slen-=(c.p-c.q); \
- }
-
-#define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \
- if ((c.slen != 0) && (M_ASN1_next == \
- (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
- { \
- int Tinf,Ttag,Tclass; \
- long Tlen; \
- \
- c.q=c.p; \
- Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
- if (Tinf & 0x80) \
- { c.error=ASN1_R_BAD_OBJECT_HEADER; \
- c.line=__LINE__; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
- Tlen = c.slen - (c.p - c.q) - 2; \
- if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
- (void (*)())free_func, \
- b,V_ASN1_UNIVERSAL) == NULL) \
- { c.line=__LINE__; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
- Tlen = c.slen - (c.p - c.q); \
- if(!ASN1_check_infinite_end(&c.p, Tlen)) \
- { c.error=ASN1_R_MISSING_ASN1_EOS; \
- c.line=__LINE__; goto err; } \
- }\
- c.slen-=(c.p-c.q); \
- }
-
-#define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \
- if ((c.slen != 0) && (M_ASN1_next == \
- (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
- { \
- int Tinf,Ttag,Tclass; \
- long Tlen; \
- \
- c.q=c.p; \
- Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
- if (Tinf & 0x80) \
- { c.error=ASN1_R_BAD_OBJECT_HEADER; \
- c.line=__LINE__; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
- Tlen = c.slen - (c.p - c.q) - 2; \
- if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
- free_func,b,V_ASN1_UNIVERSAL) == NULL) \
- { c.line=__LINE__; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
- Tlen = c.slen - (c.p - c.q); \
- if(!ASN1_check_infinite_end(&c.p, Tlen)) \
- { c.error=ASN1_R_MISSING_ASN1_EOS; \
- c.line=__LINE__; goto err; } \
- }\
- c.slen-=(c.p-c.q); \
- }
-
-/* New macros */
-#define M_ASN1_New_Malloc(ret,type) \
- if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
- { c.line=__LINE__; goto err2; }
-
-#define M_ASN1_New(arg,func) \
- if (((arg)=func()) == NULL) return(NULL)
-
-#define M_ASN1_New_Error(a) \
-/* err: ASN1_MAC_H_err((a),ASN1_R_NESTED_ASN1_ERROR,c.line); \
- return(NULL);*/ \
- err2: ASN1_MAC_H_err((a),ASN1_R_MALLOC_FAILURE,c.line); \
- return(NULL)
-
-
-/* BIG UGLY WARNING! This is so damn ugly I wanna puke. Unfortunately,
- some macros that use ASN1_const_CTX still insist on writing in the input
- stream. ARGH! ARGH! ARGH! Let's get rid of this macro package.
- Please? -- Richard Levitte */
-#define M_ASN1_next (*((unsigned char *)(c.p)))
-#define M_ASN1_next_prev (*((unsigned char *)(c.q)))
-
-/*************************************************/
-
-#define M_ASN1_I2D_vars(a) int r=0,ret=0; \
- unsigned char *p; \
- if (a == NULL) return(0)
-
-/* Length Macros */
-#define M_ASN1_I2D_len(a,f) ret+=f(a,NULL)
-#define M_ASN1_I2D_len_IMP_opt(a,f) if (a != NULL) M_ASN1_I2D_len(a,f)
-
-#define M_ASN1_I2D_len_SET(a,f) \
- ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
-
-#define M_ASN1_I2D_len_SET_type(type,a,f) \
- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \
- V_ASN1_UNIVERSAL,IS_SET);
-
-#define M_ASN1_I2D_len_SEQUENCE(a,f) \
- ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
- IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \
- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \
- V_ASN1_UNIVERSAL,IS_SEQUENCE)
-
-#define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- M_ASN1_I2D_len_SEQUENCE(a,f);
-
-#define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
-
-#define M_ASN1_I2D_len_IMP_SET(a,f,x) \
- ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \
- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
- V_ASN1_CONTEXT_SPECIFIC,IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
- IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
- V_ASN1_CONTEXT_SPECIFIC,IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \
- ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
- IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
- IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
- V_ASN1_CONTEXT_SPECIFIC, \
- IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \
- if (a != NULL)\
- { \
- v=f(a,NULL); \
- ret+=ASN1_object_size(1,v,mtag); \
- }
-
-#define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \
- if ((a != NULL) && (sk_num(a) != 0))\
- { \
- v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
- ret+=ASN1_object_size(1,v,mtag); \
- }
-
-#define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
- if ((a != NULL) && (sk_num(a) != 0))\
- { \
- v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \
- IS_SEQUENCE); \
- ret+=ASN1_object_size(1,v,mtag); \
- }
-
-#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
- if ((a != NULL) && (sk_##type##_num(a) != 0))\
- { \
- v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
- V_ASN1_UNIVERSAL, \
- IS_SEQUENCE); \
- ret+=ASN1_object_size(1,v,mtag); \
- }
-
-/* Put Macros */
-#define M_ASN1_I2D_put(a,f) f(a,&p)
-
-#define M_ASN1_I2D_put_IMP_opt(a,f,t) \
- if (a != NULL) \
- { \
- unsigned char *q=p; \
- f(a,&p); \
- *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\
- }
-
-#define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\
- V_ASN1_UNIVERSAL,IS_SET)
-#define M_ASN1_I2D_put_SET_type(type,a,f) \
- i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET)
-#define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
- V_ASN1_CONTEXT_SPECIFIC,IS_SET)
-#define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \
- i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET)
-#define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
- V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE)
-
-#define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\
- V_ASN1_UNIVERSAL,IS_SEQUENCE)
-
-#define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \
- i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
- IS_SEQUENCE)
-
-#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- M_ASN1_I2D_put_SEQUENCE(a,f);
-
-#define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
- IS_SET); }
-
-#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- { i2d_ASN1_SET_OF_##type(a,&p,f,x, \
- V_ASN1_CONTEXT_SPECIFIC, \
- IS_SET); }
-
-#define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
- IS_SEQUENCE); }
-
-#define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- { i2d_ASN1_SET_OF_##type(a,&p,f,x, \
- V_ASN1_CONTEXT_SPECIFIC, \
- IS_SEQUENCE); }
-
-#define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \
- if (a != NULL) \
- { \
- ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \
- f(a,&p); \
- }
-
-#define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- { \
- ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
- i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
- }
-
-#define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- { \
- ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
- i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \
- }
-
-#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- { \
- ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
- i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
- IS_SEQUENCE); \
- }
-
-#define M_ASN1_I2D_seq_total() \
- r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
- if (pp == NULL) return(r); \
- p= *pp; \
- ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
-
-#define M_ASN1_I2D_INF_seq_start(tag,ctx) \
- *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \
- *(p++)=0x80
-
-#define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00
-
-#define M_ASN1_I2D_finish() *pp=p; \
- return(r);
OPENSSL_EXPORT int asn1_GetSequence(ASN1_const_CTX *c, long *length);
-OPENSSL_EXPORT void asn1_add_error(const unsigned char *address, int offset);
+
+
#ifdef __cplusplus
}
#endif
diff --git a/src/include/openssl/asn1t.h b/src/include/openssl/asn1t.h
index 72eb2cb..6c91134 100644
--- a/src/include/openssl/asn1t.h
+++ b/src/include/openssl/asn1t.h
@@ -58,7 +58,7 @@
#ifndef HEADER_ASN1T_H
#define HEADER_ASN1T_H
-#include <stddef.h>
+#include <openssl/base.h>
#include <openssl/asn1.h>
#ifdef OPENSSL_BUILD_SHLIBCRYPTO
diff --git a/src/include/openssl/base.h b/src/include/openssl/base.h
index d73f269..b769ad5 100644
--- a/src/include/openssl/base.h
+++ b/src/include/openssl/base.h
@@ -56,8 +56,8 @@
/* This file should be the first included by all BoringSSL headers. */
+#include <stddef.h>
#include <stdint.h>
-#include <stdlib.h>
#include <sys/types.h>
#include <openssl/opensslfeatures.h>
@@ -103,6 +103,11 @@
#define OPENSSL_WINDOWS
#endif
+#if defined(TRUSTY)
+#define OPENSSL_TRUSTY
+#define OPENSSL_NO_THREADS
+#endif
+
#define OPENSSL_IS_BORINGSSL
#define OPENSSL_VERSION_NUMBER 0x10002000
@@ -132,6 +137,9 @@
#endif /* defined(BORINGSSL_SHARED_LIBRARY) */
+/* CRYPTO_THREADID is a dummy value. */
+typedef int CRYPTO_THREADID;
+
typedef int ASN1_BOOLEAN;
typedef int ASN1_NULL;
typedef struct ASN1_ITEM_st ASN1_ITEM;
@@ -174,7 +182,9 @@
typedef struct buf_mem_st BUF_MEM;
typedef struct cbb_st CBB;
typedef struct cbs_st CBS;
+typedef struct cmac_ctx_st CMAC_CTX;
typedef struct conf_st CONF;
+typedef struct conf_value_st CONF_VALUE;
typedef struct dh_method DH_METHOD;
typedef struct dh_st DH;
typedef struct dsa_method DSA_METHOD;
@@ -198,6 +208,7 @@
typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
typedef struct pkcs12_st PKCS12;
typedef struct rand_meth_st RAND_METHOD;
+typedef struct rc4_key_st RC4_KEY;
typedef struct rsa_meth_st RSA_METHOD;
typedef struct rsa_st RSA;
typedef struct sha256_state_st SHA256_CTX;
diff --git a/src/include/openssl/bio.h b/src/include/openssl/bio.h
index 4d89d11..b70b42f 100644
--- a/src/include/openssl/bio.h
+++ b/src/include/openssl/bio.h
@@ -59,9 +59,9 @@
#include <openssl/base.h>
-#include <stdarg.h>
#include <stdio.h> /* For FILE */
+#include <openssl/err.h> /* for ERR_print_errors_fp */
#include <openssl/ex_data.h>
#include <openssl/stack.h>
@@ -96,6 +96,9 @@
* TODO(fork): remove. */
OPENSSL_EXPORT void BIO_vfree(BIO *bio);
+/* BIO_up_ref increments the reference count of |bio| and returns it. */
+OPENSSL_EXPORT BIO *BIO_up_ref(BIO *bio);
+
/* Basic I/O. */
@@ -331,10 +334,6 @@
OPENSSL_EXPORT int BIO_hexdump(BIO *bio, const uint8_t *data, size_t len,
unsigned indent);
-/* BIO_print_errors_fp prints the current contents of the error stack to |out|
- * using human readable strings where possible. */
-OPENSSL_EXPORT void BIO_print_errors_fp(FILE *out);
-
/* BIO_print_errors prints the current contents of the error stack to |bio|
* using human readable strings where possible. */
OPENSSL_EXPORT void BIO_print_errors(BIO *bio);
@@ -652,7 +651,7 @@
* stack.
*
* The zero copy write operation is completed by calling
- * |BIO_zero_copy_write_buf_don|e. Neither |BIO_zero_copy_get_write_buf_done|
+ * |BIO_zero_copy_write_buf_done|. Neither |BIO_zero_copy_get_write_buf|
* nor any other I/O write operation may be called while a zero copy write
* operation is active. */
OPENSSL_EXPORT int BIO_zero_copy_get_write_buf(BIO* bio,
@@ -693,8 +692,6 @@
#define BIO_CTRL_INFO 3 /* opt - extra tit-bits */
#define BIO_CTRL_SET 4 /* man - set the 'IO' type */
#define BIO_CTRL_GET 5 /* man - get the 'IO' type */
-#define BIO_CTRL_PUSH 6 /* opt - internal, used to signify change */
-#define BIO_CTRL_POP 7 /* opt - internal, used to signify change */
#define BIO_CTRL_GET_CLOSE 8 /* man - set the 'close' on free */
#define BIO_CTRL_SET_CLOSE 9 /* man - set the 'close' on free */
#define BIO_CTRL_PENDING 10 /* opt - is their more data buffered */
@@ -706,6 +703,14 @@
#define BIO_CTRL_SET_FILENAME 30 /* BIO_s_file special */
+/* Android compatibility section.
+ *
+ * A previous version of BoringSSL used in Android renamed ERR_print_errors_fp
+ * to BIO_print_errors_fp. It has subsequently been renamed back to
+ * ERR_print_errors_fp. */
+#define BIO_print_errors_fp ERR_print_errors_fp
+
+
/* Private functions */
#define BIO_FLAGS_READ 0x01
@@ -779,17 +784,12 @@
/* num is a BIO-specific value. For example, in fd BIOs it's used to store a
* file descriptor. */
int num;
- /* TODO(fork): reference counting is only used by the SSL BIO code. If we can
- * dump that then we can remove this. We could also drop
- * BIO_CTRL_PUSH/BIO_CTRL_POP. */
int references;
void *ptr;
/* next_bio points to the next |BIO| in a chain. This |BIO| owns a reference
* to |next_bio|. */
struct bio_st *next_bio; /* used by filter BIOs */
size_t num_read, num_write;
-
- CRYPTO_EX_DATA ex_data;
};
#define BIO_C_SET_CONNECT 100
@@ -854,43 +854,40 @@
} /* extern C */
#endif
-#define BIO_F_bio_make_pair 100
-#define BIO_F_bio_ctrl 101
-#define BIO_F_buffer_ctrl 102
+#define BIO_F_BIO_callback_ctrl 100
+#define BIO_F_BIO_ctrl 101
+#define BIO_F_BIO_new 102
#define BIO_F_BIO_new_file 103
-#define BIO_F_file_read 104
-#define BIO_F_BIO_new 105
-#define BIO_F_bio_io 106
-#define BIO_F_BIO_new_mem_buf 107
-#define BIO_F_mem_write 108
-#define BIO_F_conn_state 109
-#define BIO_F_conn_ctrl 110
-#define BIO_F_file_ctrl 111
-#define BIO_F_BIO_callback_ctrl 112
-#define BIO_F_bio_ip_and_port_to_socket_and_addr 113
-#define BIO_F_bio_write 114
-#define BIO_F_BIO_ctrl 115
-#define BIO_F_BIO_zero_copy_get_write_buf 116
-#define BIO_F_BIO_zero_copy_get_write_buf_done 117
-#define BIO_F_BIO_zero_copy_get_read_buf 118
-#define BIO_F_BIO_zero_copy_get_read_buf_done 119
-#define BIO_R_UNSUPPORTED_METHOD 100
-#define BIO_R_NO_PORT_SPECIFIED 101
-#define BIO_R_NO_HOSTNAME_SPECIFIED 102
-#define BIO_R_IN_USE 103
-#define BIO_R_UNINITIALIZED 104
-#define BIO_R_CONNECT_ERROR 105
+#define BIO_F_BIO_new_mem_buf 104
+#define BIO_F_BIO_zero_copy_get_read_buf 105
+#define BIO_F_BIO_zero_copy_get_read_buf_done 106
+#define BIO_F_BIO_zero_copy_get_write_buf 107
+#define BIO_F_BIO_zero_copy_get_write_buf_done 108
+#define BIO_F_bio_io 109
+#define BIO_F_bio_make_pair 110
+#define BIO_F_bio_write 111
+#define BIO_F_buffer_ctrl 112
+#define BIO_F_conn_ctrl 113
+#define BIO_F_conn_state 114
+#define BIO_F_file_ctrl 115
+#define BIO_F_file_read 116
+#define BIO_F_mem_write 117
+#define BIO_R_BAD_FOPEN_MODE 100
+#define BIO_R_BROKEN_PIPE 101
+#define BIO_R_CONNECT_ERROR 102
+#define BIO_R_ERROR_SETTING_NBIO 103
+#define BIO_R_INVALID_ARGUMENT 104
+#define BIO_R_IN_USE 105
#define BIO_R_KEEPALIVE 106
-#define BIO_R_BROKEN_PIPE 107
-#define BIO_R_NBIO_CONNECT_ERROR 108
-#define BIO_R_BAD_FOPEN_MODE 109
-#define BIO_R_ASN1_OBJECT_TOO_LONG 110
-#define BIO_R_INVALID_ARGUMENT 111
-#define BIO_R_WRITE_TO_READ_ONLY_BIO 112
-#define BIO_R_ERROR_SETTING_NBIO 113
-#define BIO_R_SYS_LIB 114
-#define BIO_R_NO_SUCH_FILE 115
-#define BIO_R_NULL_PARAMETER 116
-#define BIO_R_UNABLE_TO_CREATE_SOCKET 117
+#define BIO_R_NBIO_CONNECT_ERROR 107
+#define BIO_R_NO_HOSTNAME_SPECIFIED 108
+#define BIO_R_NO_PORT_SPECIFIED 109
+#define BIO_R_NO_SUCH_FILE 110
+#define BIO_R_NULL_PARAMETER 111
+#define BIO_R_SYS_LIB 112
+#define BIO_R_UNABLE_TO_CREATE_SOCKET 113
+#define BIO_R_UNINITIALIZED 114
+#define BIO_R_UNSUPPORTED_METHOD 115
+#define BIO_R_WRITE_TO_READ_ONLY_BIO 116
#endif /* OPENSSL_HEADER_BIO_H */
diff --git a/src/include/openssl/blowfish.h b/src/include/openssl/blowfish.h
new file mode 100644
index 0000000..fa60d53
--- /dev/null
+++ b/src/include/openssl/blowfish.h
@@ -0,0 +1,93 @@
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.] */
+
+#ifndef OPENSSL_HEADER_BLOWFISH_H
+#define OPENSSL_HEADER_BLOWFISH_H
+
+#include <openssl/base.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define BF_ENCRYPT 1
+#define BF_DECRYPT 0
+
+#define BF_ROUNDS 16
+#define BF_BLOCK 8
+
+typedef struct bf_key_st {
+ uint32_t P[BF_ROUNDS + 2];
+ uint32_t S[4 * 256];
+} BF_KEY;
+
+OPENSSL_EXPORT void BF_set_key(BF_KEY *key, size_t len, const uint8_t *data);
+OPENSSL_EXPORT void BF_encrypt(uint32_t *data, const BF_KEY *key);
+OPENSSL_EXPORT void BF_decrypt(uint32_t *data, const BF_KEY *key);
+
+OPENSSL_EXPORT void BF_ecb_encrypt(const uint8_t *in, uint8_t *out,
+ const BF_KEY *key, int enc);
+OPENSSL_EXPORT void BF_cbc_encrypt(const uint8_t *in, uint8_t *out, long length,
+ const BF_KEY *schedule, uint8_t *ivec,
+ int enc);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* OPENSSL_HEADER_BLOWFISH_H */
diff --git a/src/include/openssl/bn.h b/src/include/openssl/bn.h
index 0631b8c..2cd0224 100644
--- a/src/include/openssl/bn.h
+++ b/src/include/openssl/bn.h
@@ -124,7 +124,9 @@
#define OPENSSL_HEADER_BN_H
#include <openssl/base.h>
+#include <openssl/thread.h>
+#include <inttypes.h> /* for PRIu64 and friends */
#include <stdio.h> /* for FILE* */
#if defined(__cplusplus)
@@ -137,13 +139,24 @@
* will allow you to work with numbers until you run out of memory. */
-/* BN_ULONG is the native word size when working with big integers. */
+/* BN_ULONG is the native word size when working with big integers.
+ *
+ * Note: on some platforms, inttypes.h does not define print format macros in
+ * C++ unless |__STDC_FORMAT_MACROS| defined. As this is a public header, bn.h
+ * does not define |__STDC_FORMAT_MACROS| itself. C++ source files which use the
+ * FMT macros must define it externally. */
#if defined(OPENSSL_64_BIT)
#define BN_ULONG uint64_t
#define BN_BITS2 64
+#define BN_DEC_FMT1 "%" PRIu64
+#define BN_DEC_FMT2 "%019" PRIu64
+#define BN_HEX_FMT1 "%" PRIx64
#elif defined(OPENSSL_32_BIT)
#define BN_ULONG uint32_t
#define BN_BITS2 32
+#define BN_DEC_FMT1 "%" PRIu32
+#define BN_DEC_FMT2 "%09" PRIu32
+#define BN_HEX_FMT1 "%" PRIx32
#else
#error "Must define either OPENSSL_32_BIT or OPENSSL_64_BIT"
#endif
@@ -473,7 +486,8 @@
BN_div(NULL, (rem), (numerator), (divisor), (ctx))
/* BN_nnmod is a non-negative modulo function. It acts like |BN_mod|, but 0 <=
- * |rem| < |divisor| is always true. */
+ * |rem| < |divisor| is always true. It returns one on success and zero on
+ * error. */
OPENSSL_EXPORT int BN_nnmod(BIGNUM *rem, const BIGNUM *numerator,
const BIGNUM *divisor, BN_CTX *ctx);
@@ -710,15 +724,13 @@
OPENSSL_EXPORT int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod,
BN_CTX *ctx);
-/* BN_MONT_CTX_set_locked takes the lock indicated by |lock| and checks whether
- * |*pmont| is NULL. If so, it creates a new |BN_MONT_CTX| and sets the modulus
- * for it to |mod|. It then stores it as |*pmont| and returns it, or NULL on
- * error.
+/* BN_MONT_CTX_set_locked takes |lock| and checks whether |*pmont| is NULL. If
+ * so, it creates a new |BN_MONT_CTX| and sets the modulus for it to |mod|. It
+ * then stores it as |*pmont| and returns it, or NULL on error.
*
* If |*pmont| is already non-NULL then the existing value is returned. */
-OPENSSL_EXPORT BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont,
- int lock, const BIGNUM *mod,
- BN_CTX *ctx);
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_MUTEX *lock,
+ const BIGNUM *mod, BN_CTX *bn_ctx);
/* BN_to_montgomery sets |ret| equal to |a| in the Montgomery domain. It
* returns one on success and zero on error. */
@@ -815,47 +827,47 @@
} /* extern C */
#endif
-#define BN_F_BN_bn2hex 100
-#define BN_F_BN_new 101
-#define BN_F_BN_exp 102
-#define BN_F_mod_exp_recp 103
-#define BN_F_BN_mod_sqrt 104
-#define BN_F_BN_rand 105
-#define BN_F_BN_rand_range 106
-#define BN_F_bn_wexpand 107
-#define BN_F_BN_mod_exp_mont 108
-#define BN_F_BN_mod_exp2_mont 109
-#define BN_F_BN_CTX_get 110
-#define BN_F_BN_mod_inverse 111
-#define BN_F_BN_bn2dec 112
-#define BN_F_BN_div 113
-#define BN_F_BN_div_recp 114
-#define BN_F_BN_mod_exp_mont_consttime 115
-#define BN_F_BN_mod_exp_mont_word 116
-#define BN_F_BN_CTX_start 117
-#define BN_F_BN_usub 118
-#define BN_F_BN_mod_lshift_quick 119
-#define BN_F_BN_CTX_new 120
-#define BN_F_BN_mod_inverse_no_branch 121
-#define BN_F_BN_generate_dsa_nonce 122
-#define BN_F_BN_generate_prime_ex 123
-#define BN_F_BN_sqrt 124
-#define BN_R_NOT_A_SQUARE 100
-#define BN_R_TOO_MANY_ITERATIONS 101
-#define BN_R_INPUT_NOT_REDUCED 102
-#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 103
-#define BN_R_NO_INVERSE 104
-#define BN_R_NOT_INITIALIZED 105
-#define BN_R_DIV_BY_ZERO 106
-#define BN_R_CALLED_WITH_EVEN_MODULUS 107
-#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 108
-#define BN_R_BAD_RECIPROCAL 109
-#define BN_R_P_IS_NOT_PRIME 110
-#define BN_R_INVALID_RANGE 111
-#define BN_R_ARG2_LT_ARG3 112
-#define BN_R_BIGNUM_TOO_LONG 113
-#define BN_R_PRIVATE_KEY_TOO_LARGE 114
-#define BN_R_BITS_TOO_SMALL 115
-#define BN_R_NEGATIVE_NUMBER 116
+#define BN_F_BN_CTX_get 100
+#define BN_F_BN_CTX_new 101
+#define BN_F_BN_CTX_start 102
+#define BN_F_BN_bn2dec 103
+#define BN_F_BN_bn2hex 104
+#define BN_F_BN_div 105
+#define BN_F_BN_div_recp 106
+#define BN_F_BN_exp 107
+#define BN_F_BN_generate_dsa_nonce 108
+#define BN_F_BN_generate_prime_ex 109
+#define BN_F_BN_mod_exp2_mont 110
+#define BN_F_BN_mod_exp_mont 111
+#define BN_F_BN_mod_exp_mont_consttime 112
+#define BN_F_BN_mod_exp_mont_word 113
+#define BN_F_BN_mod_inverse 114
+#define BN_F_BN_mod_inverse_no_branch 115
+#define BN_F_BN_mod_lshift_quick 116
+#define BN_F_BN_mod_sqrt 117
+#define BN_F_BN_new 118
+#define BN_F_BN_rand 119
+#define BN_F_BN_rand_range 120
+#define BN_F_BN_sqrt 121
+#define BN_F_BN_usub 122
+#define BN_F_bn_wexpand 123
+#define BN_F_mod_exp_recp 124
+#define BN_R_ARG2_LT_ARG3 100
+#define BN_R_BAD_RECIPROCAL 101
+#define BN_R_BIGNUM_TOO_LONG 102
+#define BN_R_BITS_TOO_SMALL 103
+#define BN_R_CALLED_WITH_EVEN_MODULUS 104
+#define BN_R_DIV_BY_ZERO 105
+#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 106
+#define BN_R_INPUT_NOT_REDUCED 107
+#define BN_R_INVALID_RANGE 108
+#define BN_R_NEGATIVE_NUMBER 109
+#define BN_R_NOT_A_SQUARE 110
+#define BN_R_NOT_INITIALIZED 111
+#define BN_R_NO_INVERSE 112
+#define BN_R_PRIVATE_KEY_TOO_LARGE 113
+#define BN_R_P_IS_NOT_PRIME 114
+#define BN_R_TOO_MANY_ITERATIONS 115
+#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 116
#endif /* OPENSSL_HEADER_BN_H */
diff --git a/src/include/openssl/buf.h b/src/include/openssl/buf.h
index 0a0a9b8..2b36ce4 100644
--- a/src/include/openssl/buf.h
+++ b/src/include/openssl/buf.h
@@ -116,8 +116,8 @@
#endif
#define BUF_F_BUF_MEM_new 100
-#define BUF_F_buf_mem_grow 101
+#define BUF_F_BUF_memdup 101
#define BUF_F_BUF_strndup 102
-#define BUF_F_BUF_memdup 103
+#define BUF_F_buf_mem_grow 103
#endif /* OPENSSL_HEADER_BUFFER_H */
diff --git a/src/include/openssl/bytestring.h b/src/include/openssl/bytestring.h
index 2bff3f5..e10621a 100644
--- a/src/include/openssl/bytestring.h
+++ b/src/include/openssl/bytestring.h
@@ -47,7 +47,7 @@
* otherwise. */
OPENSSL_EXPORT int CBS_skip(CBS *cbs, size_t len);
-/* CBS_data returns a pointer to the contains of |cbs|. */
+/* CBS_data returns a pointer to the contents of |cbs|. */
OPENSSL_EXPORT const uint8_t *CBS_data(const CBS *cbs);
/* CBS_len returns the number of bytes remaining in |cbs|. */
@@ -134,7 +134,7 @@
* element must match |tag_value|. It returns one on success and zero
* on error.
*
- * Tag numbers greater than 31 are not supported. */
+ * Tag numbers greater than 30 are not supported (i.e. short form only). */
OPENSSL_EXPORT int CBS_get_asn1(CBS *cbs, CBS *out, unsigned tag_value);
/* CBS_get_asn1_element acts like |CBS_get_asn1| but |out| will include the
@@ -155,7 +155,7 @@
* header. Each of |out|, |out_tag|, and |out_header_len| may be NULL to ignore
* the value.
*
- * Tag numbers greater than 31 are not supported. */
+ * Tag numbers greater than 30 are not supported (i.e. short form only). */
OPENSSL_EXPORT int CBS_get_any_asn1_element(CBS *cbs, CBS *out,
unsigned *out_tag,
size_t *out_header_len);
@@ -287,7 +287,9 @@
/* CBB_add_asn sets |*out_contents| to a |CBB| into which the contents of an
* ASN.1 object can be written. The |tag| argument will be used as the tag for
- * the object. It returns one on success or zero on error. */
+ * the object. Passing in |tag| number 31 will return in an error since only
+ * single octet identifiers are supported. It returns one on success or zero
+ * on error. */
OPENSSL_EXPORT int CBB_add_asn1(CBB *cbb, CBB *out_contents, uint8_t tag);
/* CBB_add_bytes appends |len| bytes from |data| to |cbb|. It returns one on
diff --git a/src/include/openssl/cast.h b/src/include/openssl/cast.h
new file mode 100644
index 0000000..8021723
--- /dev/null
+++ b/src/include/openssl/cast.h
@@ -0,0 +1,96 @@
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.] */
+
+#ifndef OPENSSL_HEADER_CAST_H
+#define OPENSSL_HEADER_CAST_H
+
+#include <openssl/base.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define CAST_ENCRYPT 1
+#define CAST_DECRYPT 0
+
+#define CAST_BLOCK 8
+#define CAST_KEY_LENGTH 16
+
+typedef struct cast_key_st {
+ uint32_t data[32];
+ int short_key; /* Use reduced rounds for short key */
+} CAST_KEY;
+
+OPENSSL_EXPORT void CAST_set_key(CAST_KEY *key, size_t len,
+ const uint8_t *data);
+OPENSSL_EXPORT void CAST_ecb_encrypt(const uint8_t *in, uint8_t *out,
+ const CAST_KEY *key, int enc);
+OPENSSL_EXPORT void CAST_encrypt(uint32_t *data, const CAST_KEY *key);
+OPENSSL_EXPORT void CAST_decrypt(uint32_t *data, const CAST_KEY *key);
+OPENSSL_EXPORT void CAST_cbc_encrypt(const uint8_t *in, uint8_t *out,
+ long length, const CAST_KEY *ks,
+ uint8_t *iv, int enc);
+
+OPENSSL_EXPORT void CAST_cfb64_encrypt(const uint8_t *in, uint8_t *out,
+ long length, const CAST_KEY *schedule,
+ uint8_t *ivec, int *num, int enc);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* OPENSSL_HEADER_CAST_H */
diff --git a/src/include/openssl/cipher.h b/src/include/openssl/cipher.h
index adca5a9..f1469a0 100644
--- a/src/include/openssl/cipher.h
+++ b/src/include/openssl/cipher.h
@@ -80,10 +80,12 @@
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ecb(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cbc(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ctr(void);
+OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ofb(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ecb(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cbc(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ctr(void);
+OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ofb(void);
/* Deprecated AES-GCM implementations that set |EVP_CIPH_FLAG_CUSTOM_CIPHER|.
* Use |EVP_aead_aes_128_gcm| and |EVP_aead_aes_256_gcm| instead. */
@@ -91,9 +93,9 @@
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_gcm(void);
/* Deprecated 192-bit version of AES. */
+OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ecb(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_cbc(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ctr(void);
-OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ecb(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_gcm(void);
/* EVP_enc_null returns a 'cipher' that passes plaintext through as
@@ -123,8 +125,8 @@
* |EVP_CIPHER_CTX_init| and returns it, or NULL on allocation failure. */
OPENSSL_EXPORT EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
-/* EVP_CIPHER_CTX_cleanup frees any memory referenced by |ctx|. It returns one
- * on success and zero otherwise. */
+/* EVP_CIPHER_CTX_cleanup frees any memory referenced by |ctx|. It returns
+ * one. */
OPENSSL_EXPORT int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *ctx);
/* EVP_CIPHER_CTX_free calls |EVP_CIPHER_CTX_cleanup| on |ctx| and then frees
@@ -236,7 +238,8 @@
const EVP_CIPHER_CTX *ctx);
/* EVP_CIPHER_CTX_nid returns a NID identifying the |EVP_CIPHER| underlying
- * |ctx| (e.g. |NID_rc4|). It will crash if no cipher has been configured. */
+ * |ctx| (e.g. |NID_aes_128_gcm|). It will crash if no cipher has been
+ * configured. */
OPENSSL_EXPORT int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
/* EVP_CIPHER_CTX_block_size returns the block size, in bytes, of the cipher
@@ -289,13 +292,9 @@
/* Cipher accessors. */
/* EVP_CIPHER_nid returns a NID identifing |cipher|. (For example,
- * |NID_rc4|.) */
+ * |NID_aes_128_gcm|.) */
OPENSSL_EXPORT int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
-/* EVP_CIPHER_name returns the short name for |cipher| or NULL if no name is
- * known. */
-OPENSSL_EXPORT const char *EVP_CIPHER_name(const EVP_CIPHER *cipher);
-
/* EVP_CIPHER_block_size returns the block size, in bytes, for |cipher|, or one
* if |cipher| is a stream cipher. */
OPENSSL_EXPORT unsigned EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
@@ -491,7 +490,7 @@
} EVP_CIPHER_INFO;
struct evp_cipher_st {
- /* type contains a NID identifing the cipher. (For example, NID_rc4.) */
+ /* type contains a NID identifing the cipher. (e.g. NID_aes_128_gcm.) */
int nid;
/* block_size contains the block size, in bytes, of the cipher, or 1 for a
@@ -521,7 +520,7 @@
int (*cipher)(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
size_t inl);
- int (*cleanup)(EVP_CIPHER_CTX *);
+ void (*cleanup)(EVP_CIPHER_CTX *);
int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
};
@@ -531,62 +530,65 @@
} /* extern C */
#endif
-#define CIPHER_F_EVP_CipherInit_ex 100
-#define CIPHER_F_EVP_EncryptFinal_ex 101
-#define CIPHER_F_EVP_DecryptFinal_ex 102
-#define CIPHER_F_EVP_CIPHER_CTX_ctrl 103
-#define CIPHER_F_aes_init_key 104
-#define CIPHER_F_aesni_init_key 105
-#define CIPHER_F_EVP_CIPHER_CTX_copy 106
-#define CIPHER_F_EVP_AEAD_CTX_open 107
-#define CIPHER_F_EVP_AEAD_CTX_init 108
-#define CIPHER_F_EVP_AEAD_CTX_seal 109
-#define CIPHER_F_aead_aes_gcm_seal 110
-#define CIPHER_F_aead_aes_gcm_open 111
-#define CIPHER_F_aead_aes_gcm_init 112
-#define CIPHER_F_aead_chacha20_poly1305_init 113
-#define CIPHER_F_aead_chacha20_poly1305_open 114
-#define CIPHER_F_aead_chacha20_poly1305_seal 115
-#define CIPHER_F_aead_rc4_md5_tls_init 116
-#define CIPHER_F_aead_rc4_md5_tls_seal 117
-#define CIPHER_F_aead_rc4_md5_tls_open 118
-#define CIPHER_F_aead_aes_key_wrap_seal 119
-#define CIPHER_F_aead_aes_key_wrap_init 120
-#define CIPHER_F_aead_aes_key_wrap_open 121
-#define CIPHER_F_EVP_CIPHER_CTX_set_key_length 122
-#define CIPHER_F_aead_tls_init 123
-#define CIPHER_F_aead_tls_open 124
-#define CIPHER_F_aead_tls_seal 125
-#define CIPHER_F_aead_tls_ensure_cipher_init 126
-#define CIPHER_F_aead_ssl3_open 127
-#define CIPHER_F_aead_ssl3_seal 128
-#define CIPHER_F_aead_ssl3_init 129
-#define CIPHER_F_aead_ssl3_ensure_cipher_init 130
-#define CIPHER_R_WRAP_MODE_NOT_ALLOWED 100
-#define CIPHER_R_AES_KEY_SETUP_FAILED 101
-#define CIPHER_R_INPUT_NOT_INITIALIZED 102
-#define CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 103
-#define CIPHER_R_INITIALIZATION_ERROR 104
-#define CIPHER_R_CTRL_NOT_IMPLEMENTED 105
-#define CIPHER_R_NO_CIPHER_SET 106
-#define CIPHER_R_BAD_DECRYPT 107
-#define CIPHER_R_WRONG_FINAL_BLOCK_LENGTH 108
-#define CIPHER_R_CTRL_OPERATION_NOT_IMPLEMENTED 109
-#define CIPHER_R_TAG_TOO_LARGE 110
-#define CIPHER_R_BAD_KEY_LENGTH 111
-#define CIPHER_R_BUFFER_TOO_SMALL 112
-#define CIPHER_R_OUTPUT_ALIASES_INPUT 113
-#define CIPHER_R_UNSUPPORTED_KEY_SIZE 114
-#define CIPHER_R_TOO_LARGE 115
-#define CIPHER_R_IV_TOO_LARGE 116
-#define CIPHER_R_INVALID_AD_SIZE 117
-#define CIPHER_R_INVALID_AD 118
-#define CIPHER_R_UNSUPPORTED_TAG_SIZE 119
-#define CIPHER_R_UNSUPPORTED_INPUT_SIZE 120
-#define CIPHER_R_UNSUPPORTED_AD_SIZE 121
-#define CIPHER_R_UNSUPPORTED_NONCE_SIZE 122
-#define CIPHER_R_INVALID_KEY_LENGTH 123
-#define CIPHER_R_INVALID_OPERATION 124
-#define CIPHER_R_INVALID_NONCE_SIZE 125
+#define CIPHER_F_EVP_AEAD_CTX_init 100
+#define CIPHER_F_EVP_AEAD_CTX_open 101
+#define CIPHER_F_EVP_AEAD_CTX_seal 102
+#define CIPHER_F_EVP_CIPHER_CTX_copy 103
+#define CIPHER_F_EVP_CIPHER_CTX_ctrl 104
+#define CIPHER_F_EVP_CIPHER_CTX_set_key_length 105
+#define CIPHER_F_EVP_CipherInit_ex 106
+#define CIPHER_F_EVP_DecryptFinal_ex 107
+#define CIPHER_F_EVP_EncryptFinal_ex 108
+#define CIPHER_F_aead_aes_gcm_init 109
+#define CIPHER_F_aead_aes_gcm_open 110
+#define CIPHER_F_aead_aes_gcm_seal 111
+#define CIPHER_F_aead_aes_key_wrap_init 112
+#define CIPHER_F_aead_aes_key_wrap_open 113
+#define CIPHER_F_aead_aes_key_wrap_seal 114
+#define CIPHER_F_aead_chacha20_poly1305_init 115
+#define CIPHER_F_aead_chacha20_poly1305_open 116
+#define CIPHER_F_aead_chacha20_poly1305_seal 117
+#define CIPHER_F_aead_rc4_md5_tls_init 118
+#define CIPHER_F_aead_rc4_md5_tls_open 119
+#define CIPHER_F_aead_rc4_md5_tls_seal 120
+#define CIPHER_F_aead_ssl3_ensure_cipher_init 121
+#define CIPHER_F_aead_ssl3_init 122
+#define CIPHER_F_aead_ssl3_open 123
+#define CIPHER_F_aead_ssl3_seal 124
+#define CIPHER_F_aead_tls_ensure_cipher_init 125
+#define CIPHER_F_aead_tls_init 126
+#define CIPHER_F_aead_tls_open 127
+#define CIPHER_F_aead_tls_seal 128
+#define CIPHER_F_aes_init_key 129
+#define CIPHER_F_aesni_init_key 130
+#define CIPHER_F_EVP_AEAD_CTX_init_with_direction 131
+#define CIPHER_F_aead_aes_ctr_hmac_sha256_init 132
+#define CIPHER_F_aead_aes_ctr_hmac_sha256_open 133
+#define CIPHER_F_aead_aes_ctr_hmac_sha256_seal 134
+#define CIPHER_R_AES_KEY_SETUP_FAILED 100
+#define CIPHER_R_BAD_DECRYPT 101
+#define CIPHER_R_BAD_KEY_LENGTH 102
+#define CIPHER_R_BUFFER_TOO_SMALL 103
+#define CIPHER_R_CTRL_NOT_IMPLEMENTED 104
+#define CIPHER_R_CTRL_OPERATION_NOT_IMPLEMENTED 105
+#define CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 106
+#define CIPHER_R_INITIALIZATION_ERROR 107
+#define CIPHER_R_INPUT_NOT_INITIALIZED 108
+#define CIPHER_R_INVALID_AD_SIZE 109
+#define CIPHER_R_INVALID_KEY_LENGTH 110
+#define CIPHER_R_INVALID_NONCE_SIZE 111
+#define CIPHER_R_INVALID_OPERATION 112
+#define CIPHER_R_IV_TOO_LARGE 113
+#define CIPHER_R_NO_CIPHER_SET 114
+#define CIPHER_R_OUTPUT_ALIASES_INPUT 115
+#define CIPHER_R_TAG_TOO_LARGE 116
+#define CIPHER_R_TOO_LARGE 117
+#define CIPHER_R_UNSUPPORTED_AD_SIZE 118
+#define CIPHER_R_UNSUPPORTED_INPUT_SIZE 119
+#define CIPHER_R_UNSUPPORTED_KEY_SIZE 120
+#define CIPHER_R_UNSUPPORTED_NONCE_SIZE 121
+#define CIPHER_R_UNSUPPORTED_TAG_SIZE 122
+#define CIPHER_R_WRONG_FINAL_BLOCK_LENGTH 123
+#define CIPHER_R_NO_DIRECTION_SET 124
#endif /* OPENSSL_HEADER_CIPHER_H */
diff --git a/src/include/openssl/cmac.h b/src/include/openssl/cmac.h
new file mode 100644
index 0000000..183f41b
--- /dev/null
+++ b/src/include/openssl/cmac.h
@@ -0,0 +1,76 @@
+/* Copyright (c) 2015, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_CMAC_H
+#define OPENSSL_HEADER_CMAC_H
+
+#include <openssl/base.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+/* CMAC.
+ *
+ * CMAC is a MAC based on AES-CBC and defined in
+ * https://tools.ietf.org/html/rfc4493#section-2.3. */
+
+
+/* One-shot functions. */
+
+/* AES_CMAC calculates the 16-byte, CMAC authenticator of |in_len| bytes of
+ * |in| and writes it to |out|. The |key_len| may be 16 or 32 bytes to select
+ * between AES-128 and AES-256. It returns one on success or zero on error. */
+OPENSSL_EXPORT int AES_CMAC(uint8_t out[16], const uint8_t *key, size_t key_len,
+ const uint8_t *in, size_t in_len);
+
+
+/* Incremental interface. */
+
+/* CMAC_CTX_new allocates a fresh |CMAC_CTX| and returns it, or NULL on
+ * error. */
+OPENSSL_EXPORT CMAC_CTX *CMAC_CTX_new(void);
+
+/* CMAC_CTX_free frees a |CMAC_CTX|. */
+OPENSSL_EXPORT void CMAC_CTX_free(CMAC_CTX *ctx);
+
+/* CMAC_Init configures |ctx| to use the given |key| and |cipher|. The CMAC RFC
+ * only specifies the use of AES-128 thus |key_len| should be 16 and |cipher|
+ * should be |EVP_aes_128_cbc()|. However, this implementation also supports
+ * AES-256 by setting |key_len| to 32 and |cipher| to |EVP_aes_256_cbc()|. The
+ * |engine| argument is ignored.
+ *
+ * It returns one on success or zero on error. */
+OPENSSL_EXPORT int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t key_len,
+ const EVP_CIPHER *cipher, ENGINE *engine);
+
+
+/* CMAC_Reset resets |ctx| so that a fresh message can be authenticated. */
+OPENSSL_EXPORT int CMAC_Reset(CMAC_CTX *ctx);
+
+/* CMAC_Update processes |in_len| bytes of message from |in|. It returns one on
+ * success or zero on error. */
+OPENSSL_EXPORT int CMAC_Update(CMAC_CTX *ctx, const uint8_t *in, size_t in_len);
+
+/* CMAC_Final sets |*out_len| to 16 and, if |out| is not NULL, writes 16 bytes
+ * of authenticator to it. It returns one on success or zero on error. */
+OPENSSL_EXPORT int CMAC_Final(CMAC_CTX *ctx, uint8_t *out, size_t *out_len);
+
+
+#if defined(__cplusplus)
+} /* extern C */
+#endif
+
+#endif /* OPENSSL_HEADER_CBC_H */
diff --git a/src/include/openssl/conf.h b/src/include/openssl/conf.h
index 0918c0c..84fc94f 100644
--- a/src/include/openssl/conf.h
+++ b/src/include/openssl/conf.h
@@ -79,19 +79,20 @@
*
* Config files are representated by a |CONF|. */
-typedef struct {
+struct conf_value_st {
char *section;
char *name;
char *value;
-} CONF_VALUE;
+};
struct conf_st {
LHASH_OF(CONF_VALUE) *data;
};
-/* NCONF_new returns a fresh, empty |CONF|, or NULL on error. */
-CONF *NCONF_new(void);
+/* NCONF_new returns a fresh, empty |CONF|, or NULL on error. The |method|
+ * argument must be NULL. */
+CONF *NCONF_new(void *method);
/* NCONF_free frees all the data owned by |conf| and then |conf| itself. */
void NCONF_free(CONF *conf);
@@ -102,6 +103,10 @@
* number of the line that contained the error. */
int NCONF_load(CONF *conf, const char *filename, long *out_error_line);
+/* NCONF_load_bio acts like |NCONF_load| but reads from |bio| rather than from
+ * a named file. */
+int NCONF_load_bio(CONF *conf, BIO *bio, long *out_error_line);
+
/* NCONF_get_section returns a stack of values for a given section in |conf|.
* If |section| is NULL, the default section is returned. It returns NULL on
* error. */
@@ -131,14 +136,14 @@
#endif
#define CONF_F_CONF_parse_list 100
-#define CONF_F_str_copy 101
+#define CONF_F_NCONF_load 101
#define CONF_F_def_load_bio 102
-#define CONF_F_NCONF_load 103
-#define CONF_R_MISSING_EQUAL_SIGN 100
-#define CONF_R_LIST_CANNOT_BE_NULL 101
-#define CONF_R_NO_CLOSE_BRACE 102
-#define CONF_R_VARIABLE_HAS_NO_VALUE 103
+#define CONF_F_str_copy 103
+#define CONF_R_LIST_CANNOT_BE_NULL 100
+#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 101
+#define CONF_R_MISSING_EQUAL_SIGN 102
+#define CONF_R_NO_CLOSE_BRACE 103
#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 104
-#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 105
+#define CONF_R_VARIABLE_HAS_NO_VALUE 105
#endif /* OPENSSL_HEADER_THREAD_H */
diff --git a/src/include/openssl/cpu.h b/src/include/openssl/cpu.h
index 79441ae..83ec473 100644
--- a/src/include/openssl/cpu.h
+++ b/src/include/openssl/cpu.h
@@ -78,7 +78,6 @@
* Index 0:
* EDX for CPUID where EAX = 1
* Bit 30 is used to indicate an Intel CPU
- * Bit 20 is used to indicate RC4_CHAR
* Index 1:
* ECX for CPUID where EAX = 1
* Index 2:
diff --git a/src/include/openssl/crypto.h b/src/include/openssl/crypto.h
index e58d5f0..5c974f8 100644
--- a/src/include/openssl/crypto.h
+++ b/src/include/openssl/crypto.h
@@ -17,8 +17,11 @@
#include <openssl/base.h>
+/* Upstream OpenSSL defines |OPENSSL_malloc|, etc., in crypto.h rather than
+ * mem.h. */
#include <openssl/mem.h>
+
#if defined(__cplusplus)
extern "C" {
#endif
@@ -32,6 +35,9 @@
* nothing and a static initializer is used instead. */
OPENSSL_EXPORT void CRYPTO_library_init(void);
+
+/* Deprecated functions. */
+
#define OPENSSL_VERSION_TEXT "BoringSSL"
#define SSLEAY_VERSION 0
@@ -48,9 +54,9 @@
} /* extern C */
#endif
-#define CRYPTO_F_CRYPTO_set_ex_data 100
-#define CRYPTO_F_get_class 101
-#define CRYPTO_F_get_new_index 102
+#define CRYPTO_F_CRYPTO_get_ex_new_index 100
+#define CRYPTO_F_CRYPTO_set_ex_data 101
+#define CRYPTO_F_get_class 102
#define CRYPTO_F_get_func_pointers 103
#endif /* OPENSSL_HEADER_CRYPTO_H */
diff --git a/src/include/openssl/des.h b/src/include/openssl/des.h
index 1f0dbad..f3804c3 100644
--- a/src/include/openssl/des.h
+++ b/src/include/openssl/des.h
@@ -94,6 +94,10 @@
OPENSSL_EXPORT void DES_set_key(const DES_cblock *key,
DES_key_schedule *schedule);
+/* DES_set_odd_parity sets the parity bits (the least-significant bits in each
+ * byte) of |key| given the other bits in each byte. */
+OPENSSL_EXPORT void DES_set_odd_parity(DES_cblock *key);
+
/* DES_ecb_encrypt encrypts (or decrypts, if |is_encrypt| is |DES_DECRYPT|) a
* single DES block (8 bytes) from in to out, using the key configured in
* |schedule|. */
@@ -108,6 +112,15 @@
const DES_key_schedule *schedule,
DES_cblock *ivec, int enc);
+/* DES_ecb3_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) a single
+ * block (8 bytes) of data from |input| to |output| using 3DES. */
+OPENSSL_EXPORT void DES_ecb3_encrypt(const DES_cblock *input,
+ DES_cblock *output,
+ const DES_key_schedule *ks1,
+ const DES_key_schedule *ks2,
+ const DES_key_schedule *ks3,
+ int enc);
+
/* DES_ede3_cbc_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) |len|
* bytes from |in| to |out| with 3DES in CBC mode. 3DES uses three keys, thus
* the function takes three different |DES_key_schedule|s. */
diff --git a/src/include/openssl/dh.h b/src/include/openssl/dh.h
index 9d8bda2..60a030d 100644
--- a/src/include/openssl/dh.h
+++ b/src/include/openssl/dh.h
@@ -61,6 +61,7 @@
#include <openssl/engine.h>
#include <openssl/ex_data.h>
+#include <openssl/thread.h>
#if defined(__cplusplus)
extern "C" {
@@ -144,6 +145,10 @@
#define DH_CHECK_INVALID_Q_VALUE 0x20
#define DH_CHECK_INVALID_J_VALUE 0x40
+/* These are compatibility defines. */
+#define DH_NOT_SUITABLE_GENERATOR DH_CHECK_NOT_SUITABLE_GENERATOR
+#define DH_UNABLE_TO_CHECK_GENERATOR DH_CHECK_UNABLE_TO_CHECK_GENERATOR
+
/* DH_check checks the suitability of |dh| as a Diffie-Hellman group. and sets
* |DH_CHECK_*| flags in |*out_flags| if it finds any errors. It returns one if
* |*out_flags| was successfully set and zero on error.
@@ -185,7 +190,7 @@
/* ex_data functions.
*
- * These functions are wrappers. See |ex_data.h| for details. */
+ * See |ex_data.h| for details. */
OPENSSL_EXPORT int DH_get_ex_new_index(long argl, void *argp,
CRYPTO_EX_new *new_func,
@@ -232,6 +237,8 @@
/* priv_length contains the length, in bits, of the private value. If zero,
* the private value will be the same length as |p|. */
unsigned priv_length;
+
+ CRYPTO_MUTEX method_mont_p_lock;
BN_MONT_CTX *method_mont_p;
/* Place holders if we want to do X9.42 DH */
@@ -251,12 +258,12 @@
} /* extern C */
#endif
-#define DH_F_generate_parameters 100
-#define DH_F_generate_key 101
-#define DH_F_compute_key 102
-#define DH_F_DH_new_method 103
-#define DH_R_INVALID_PUBKEY 100
-#define DH_R_BAD_GENERATOR 101
+#define DH_F_DH_new_method 100
+#define DH_F_compute_key 101
+#define DH_F_generate_key 102
+#define DH_F_generate_parameters 103
+#define DH_R_BAD_GENERATOR 100
+#define DH_R_INVALID_PUBKEY 101
#define DH_R_MODULUS_TOO_LARGE 102
#define DH_R_NO_PRIVATE_VALUE 103
diff --git a/src/include/openssl/digest.h b/src/include/openssl/digest.h
index 95a35e7..8285dce 100644
--- a/src/include/openssl/digest.h
+++ b/src/include/openssl/digest.h
@@ -171,12 +171,9 @@
* These functions allow code to learn details about an abstract hash
* function. */
-/* EVP_MD_type returns a NID identifing |md|. (For example, |NID_md5|.) */
+/* EVP_MD_type returns a NID identifing |md|. (For example, |NID_sha256|.) */
OPENSSL_EXPORT int EVP_MD_type(const EVP_MD *md);
-/* EVP_MD_name returns the short name for |md| or NULL if no name is known. */
-OPENSSL_EXPORT const char *EVP_MD_name(const EVP_MD *md);
-
/* EVP_MD_flags returns the flags for |md|, which is a set of |EVP_MD_FLAG_*|
* values, ORed together. */
OPENSSL_EXPORT uint32_t EVP_MD_flags(const EVP_MD *md);
@@ -224,7 +221,7 @@
OPENSSL_EXPORT unsigned EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx);
/* EVP_MD_CTX_type returns a NID describing the digest function used by |ctx|.
- * (For example, |NID_md5|.) It will crash if a digest hasn't been set on
+ * (For example, |NID_sha256|.) It will crash if a digest hasn't been set on
* |ctx|. */
OPENSSL_EXPORT int EVP_MD_CTX_type(const EVP_MD_CTX *ctx);
diff --git a/src/include/openssl/dsa.h b/src/include/openssl/dsa.h
index 8a182c2..2271915 100644
--- a/src/include/openssl/dsa.h
+++ b/src/include/openssl/dsa.h
@@ -64,6 +64,7 @@
#include <openssl/engine.h>
#include <openssl/ex_data.h>
+#include <openssl/thread.h>
#if defined(__cplusplus)
extern "C" {
@@ -301,7 +302,7 @@
/* ex_data functions.
*
- * These functions are wrappers. See |ex_data.h| for details. */
+ * See |ex_data.h| for details. */
OPENSSL_EXPORT int DSA_get_ex_new_index(long argl, void *argp,
CRYPTO_EX_new *new_func,
@@ -351,6 +352,7 @@
int flags;
/* Normally used to cache montgomery values */
+ CRYPTO_MUTEX method_mont_p_lock;
BN_MONT_CTX *method_mont_p;
int references;
CRYPTO_EX_DATA ex_data;
@@ -364,14 +366,14 @@
} /* extern C */
#endif
-#define DSA_F_sign 100
-#define DSA_F_verify 101
-#define DSA_F_dsa_sig_cb 102
-#define DSA_F_DSA_new_method 103
-#define DSA_F_sign_setup 104
-#define DSA_R_NEED_NEW_SETUP_VALUES 100
-#define DSA_R_BAD_Q_VALUE 101
+#define DSA_F_DSA_new_method 100
+#define DSA_F_dsa_sig_cb 101
+#define DSA_F_sign 102
+#define DSA_F_sign_setup 103
+#define DSA_F_verify 104
+#define DSA_R_BAD_Q_VALUE 100
+#define DSA_R_MISSING_PARAMETERS 101
#define DSA_R_MODULUS_TOO_LARGE 102
-#define DSA_R_MISSING_PARAMETERS 103
+#define DSA_R_NEED_NEW_SETUP_VALUES 103
#endif /* OPENSSL_HEADER_DSA_H */
diff --git a/src/include/openssl/dtls1.h b/src/include/openssl/dtls1.h
index 0fc3ae6..38ca801 100644
--- a/src/include/openssl/dtls1.h
+++ b/src/include/openssl/dtls1.h
@@ -1,255 +1,16 @@
-/* ssl/dtls1.h */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+/* Copyright (c) 2015, Google Inc.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com). */
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#ifndef HEADER_DTLS1_H
-#define HEADER_DTLS1_H
-
-#include <openssl/base.h>
-#include <openssl/buf.h>
-#include <openssl/pqueue.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-#define DTLS1_VERSION 0xFEFF
-#define DTLS1_2_VERSION 0xFEFD
-
-/* lengths of messages */
-#define DTLS1_COOKIE_LENGTH 256
-
-#define DTLS1_RT_HEADER_LENGTH 13
-
-#define DTLS1_HM_HEADER_LENGTH 12
-
-#define DTLS1_HM_BAD_FRAGMENT -2
-#define DTLS1_HM_FRAGMENT_RETRY -3
-
-#define DTLS1_CCS_HEADER_LENGTH 1
-
-#define DTLS1_AL_HEADER_LENGTH 2
-
-#ifndef OPENSSL_NO_SSL_INTERN
-
-
-#if defined(OPENSSL_WINDOWS)
-/* Because of Windows header issues, we can't get the normal declaration of
- * timeval. */
-typedef struct OPENSSL_timeval_st {
- long tv_sec;
- long tv_usec;
-} OPENSSL_timeval;
-#else
-#include <sys/time.h>
-typedef struct timeval OPENSSL_timeval;
-#endif
-
-typedef struct dtls1_bitmap_st
- {
- /* map is a bit mask of the last 64 sequence numbers. Bit
- * |1<<i| corresponds to |max_seq_num - i|. */
- uint64_t map;
- /* max_seq_num is the largest sequence number seen so far. It
- * is a 64-bit value in big-endian encoding. */
- uint8_t max_seq_num[8];
- } DTLS1_BITMAP;
-
-struct dtls1_retransmit_state
- {
- SSL_AEAD_CTX *aead_write_ctx;
- SSL_SESSION *session;
- unsigned short epoch;
- };
-
-struct hm_header_st
- {
- unsigned char type;
- unsigned long msg_len;
- unsigned short seq;
- unsigned long frag_off;
- unsigned long frag_len;
- unsigned int is_ccs;
- struct dtls1_retransmit_state saved_retransmit_state;
- };
-
-struct ccs_header_st
- {
- unsigned char type;
- unsigned short seq;
- };
-
-struct dtls1_timeout_st
- {
- /* Number of read timeouts so far */
- unsigned int read_timeouts;
-
- /* Number of write timeouts so far */
- unsigned int write_timeouts;
-
- /* Number of alerts received so far */
- unsigned int num_alerts;
- };
-
-typedef struct record_pqueue_st
- {
- unsigned short epoch;
- pqueue q;
- } record_pqueue;
-
-typedef struct hm_fragment_st
- {
- struct hm_header_st msg_header;
- unsigned char *fragment;
- unsigned char *reassembly;
- } hm_fragment;
-
-typedef struct dtls1_state_st
- {
- /* send_cookie is true if we are resending the ClientHello
- * with a cookie from a HelloVerifyRequest. */
- unsigned int send_cookie;
-
- uint8_t cookie[DTLS1_COOKIE_LENGTH];
- size_t cookie_len;
-
- /*
- * The current data and handshake epoch. This is initially
- * undefined, and starts at zero once the initial handshake is
- * completed
- */
- unsigned short r_epoch;
- unsigned short w_epoch;
-
- /* records being received in the current epoch */
- DTLS1_BITMAP bitmap;
-
- /* renegotiation starts a new set of sequence numbers */
- DTLS1_BITMAP next_bitmap;
-
- /* handshake message numbers */
- unsigned short handshake_write_seq;
- unsigned short next_handshake_write_seq;
-
- unsigned short handshake_read_seq;
-
- /* save last sequence number for retransmissions */
- unsigned char last_write_sequence[8];
-
- /* Received handshake records (processed and unprocessed) */
- record_pqueue unprocessed_rcds;
- record_pqueue processed_rcds;
-
- /* Buffered handshake messages */
- pqueue buffered_messages;
-
- /* Buffered (sent) handshake records */
- pqueue sent_messages;
-
- /* Buffered application records.
- * Only for records between CCS and Finished
- * to prevent either protocol violation or
- * unnecessary message loss.
- */
- record_pqueue buffered_app_data;
-
- unsigned int mtu; /* max DTLS packet size */
-
- struct hm_header_st w_msg_hdr;
- struct hm_header_st r_msg_hdr;
-
- struct dtls1_timeout_st timeout;
-
- /* Indicates when the last handshake msg or heartbeat sent will
- * timeout. Because of header issues on Windows, this cannot actually
- * be a struct timeval. */
- OPENSSL_timeval next_timeout;
-
- /* Timeout duration */
- unsigned short timeout_duration;
-
- /* storage for Alert/Handshake protocol data received but not
- * yet processed by ssl3_read_bytes: */
- unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
- unsigned int alert_fragment_len;
- unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
- unsigned int handshake_fragment_len;
-
- unsigned int change_cipher_spec_ok;
- } DTLS1_STATE;
-
-typedef struct dtls1_record_data_st
- {
- unsigned char *packet;
- unsigned int packet_length;
- SSL3_BUFFER rbuf;
- SSL3_RECORD rrec;
- } DTLS1_RECORD_DATA;
-
-#endif
-
-/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
-#define DTLS1_TMO_READ_COUNT 2
-#define DTLS1_TMO_WRITE_COUNT 2
-
-#define DTLS1_TMO_ALERT_COUNT 12
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-
+/* This header is provided in order to make compiling against code that expects
+ OpenSSL easier. */
diff --git a/src/include/openssl/ec.h b/src/include/openssl/ec.h
index 2662c01..633b11b 100644
--- a/src/include/openssl/ec.h
+++ b/src/include/openssl/ec.h
@@ -107,10 +107,6 @@
/* EC_GROUP_free frees |group| and the data that it points to. */
OPENSSL_EXPORT void EC_GROUP_free(EC_GROUP *group);
-/* EC_GROUP_copy sets |*dest| equal to |*src|. It returns one on success and
- * zero otherwise. */
-OPENSSL_EXPORT int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src);
-
/* EC_GROUP_dup returns a fresh |EC_GROUP| which is equal to |a| or NULL on
* error. */
OPENSSL_EXPORT EC_GROUP *EC_GROUP_dup(const EC_GROUP *a);
@@ -319,91 +315,99 @@
} /* extern C */
#endif
-#define EC_F_ec_pre_comp_new 100
-#define EC_F_ec_GFp_mont_field_decode 101
-#define EC_F_ec_group_new_from_data 102
-#define EC_F_ec_GFp_simple_point_get_affine_coordinates 103
-#define EC_F_ec_GFp_simple_make_affine 104
-#define EC_F_EC_KEY_new_method 105
-#define EC_F_ec_GFp_mont_field_encode 106
-#define EC_F_EC_GROUP_new_by_curve_name 107
-#define EC_F_ec_group_new 108
-#define EC_F_ec_asn1_group2pkparameters 109
-#define EC_F_EC_POINT_set_compressed_coordinates_GFp 110
-#define EC_F_ec_GFp_mont_field_sqr 111
-#define EC_F_EC_POINT_make_affine 112
-#define EC_F_i2d_ECParameters 113
-#define EC_F_ec_wNAF_mul 114
-#define EC_F_EC_GROUP_copy 115
-#define EC_F_EC_POINT_cmp 116
-#define EC_F_ec_GFp_mont_field_mul 117
-#define EC_F_EC_POINT_dup 118
-#define EC_F_EC_POINT_invert 119
-#define EC_F_ec_GFp_simple_point_set_affine_coordinates 120
-#define EC_F_ec_GFp_simple_points_make_affine 121
-#define EC_F_i2o_ECPublicKey 122
-#define EC_F_EC_KEY_check_key 123
-#define EC_F_ec_wNAF_precompute_mult 124
-#define EC_F_EC_POINT_oct2point 125
-#define EC_F_EC_POINT_is_at_infinity 126
-#define EC_F_EC_POINT_get_affine_coordinates_GFp 127
-#define EC_F_ec_point_set_Jprojective_coordinates_GFp 128
-#define EC_F_o2i_ECPublicKey 129
-#define EC_F_ec_GFp_mont_field_set_to_one 130
-#define EC_F_ec_group_new_curve_GFp 131
-#define EC_F_EC_POINT_dbl 132
-#define EC_F_ec_asn1_pkparameters2group 133
-#define EC_F_i2d_ECPKParameters 134
-#define EC_F_EC_KEY_copy 135
-#define EC_F_EC_POINT_new 136
-#define EC_F_EC_POINT_point2oct 137
-#define EC_F_EC_POINT_copy 138
-#define EC_F_EC_POINT_is_on_curve 139
-#define EC_F_ec_GFp_simple_group_set_curve 140
-#define EC_F_i2d_ECPrivateKey 141
-#define EC_F_d2i_ECParameters 142
-#define EC_F_ec_GFp_mont_group_set_curve 143
-#define EC_F_EC_POINT_set_to_infinity 144
-#define EC_F_EC_POINTs_make_affine 145
-#define EC_F_compute_wNAF 146
-#define EC_F_ec_GFp_simple_point2oct 147
-#define EC_F_EC_GROUP_get_degree 148
-#define EC_F_ec_GFp_simple_group_check_discriminant 149
-#define EC_F_d2i_ECPKParameters 150
-#define EC_F_d2i_ECPrivateKey 151
-#define EC_F_ec_GFp_simple_oct2point 152
-#define EC_F_EC_POINT_set_affine_coordinates_GFp 153
-#define EC_F_EC_KEY_set_public_key_affine_coordinates 154
-#define EC_F_EC_KEY_generate_key 155
-#define EC_F_ec_GFp_simple_set_compressed_coordinates 156
-#define EC_F_EC_POINT_add 157
-#define EC_F_EC_GROUP_get_curve_GFp 158
-#define EC_R_PKPARAMETERS2GROUP_FAILURE 100
-#define EC_R_NON_NAMED_CURVE 101
-#define EC_R_COORDINATES_OUT_OF_RANGE 102
-#define EC_R_POINT_AT_INFINITY 103
-#define EC_R_NOT_INITIALIZED 104
-#define EC_R_MISSING_PRIVATE_KEY 105
-#define EC_R_GROUP2PKPARAMETERS_FAILURE 106
-#define EC_R_INVALID_ENCODING 107
-#define EC_R_BUFFER_TOO_SMALL 108
-#define EC_R_D2I_ECPKPARAMETERS_FAILURE 109
-#define EC_R_INVALID_FORM 110
-#define EC_R_INVALID_PRIVATE_KEY 111
-#define EC_R_INVALID_COMPRESSED_POINT 112
-#define EC_R_MISSING_PARAMETERS 113
-#define EC_R_INVALID_FIELD 114
-#define EC_R_INVALID_COMPRESSION_BIT 115
-#define EC_R_GF2M_NOT_SUPPORTED 116
-#define EC_R_POINT_IS_NOT_ON_CURVE 117
-#define EC_R_UNKNOWN_ORDER 118
-#define EC_R_UNKNOWN_GROUP 119
-#define EC_R_WRONG_ORDER 120
-#define EC_R_UNDEFINED_GENERATOR 121
-#define EC_R_INCOMPATIBLE_OBJECTS 122
-#define EC_R_I2D_ECPKPARAMETERS_FAILURE 123
-#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 124
-#define EC_R_INVALID_GROUP_ORDER 125
-#define EC_R_SLOT_FULL 126
+#define EC_F_EC_GROUP_copy 100
+#define EC_F_EC_GROUP_get_curve_GFp 101
+#define EC_F_EC_GROUP_get_degree 102
+#define EC_F_EC_GROUP_new_by_curve_name 103
+#define EC_F_EC_KEY_check_key 104
+#define EC_F_EC_KEY_copy 105
+#define EC_F_EC_KEY_generate_key 106
+#define EC_F_EC_KEY_new_method 107
+#define EC_F_EC_KEY_set_public_key_affine_coordinates 108
+#define EC_F_EC_POINT_add 109
+#define EC_F_EC_POINT_cmp 110
+#define EC_F_EC_POINT_copy 111
+#define EC_F_EC_POINT_dbl 112
+#define EC_F_EC_POINT_dup 113
+#define EC_F_EC_POINT_get_affine_coordinates_GFp 114
+#define EC_F_EC_POINT_invert 115
+#define EC_F_EC_POINT_is_at_infinity 116
+#define EC_F_EC_POINT_is_on_curve 117
+#define EC_F_EC_POINT_make_affine 118
+#define EC_F_EC_POINT_new 119
+#define EC_F_EC_POINT_oct2point 120
+#define EC_F_EC_POINT_point2oct 121
+#define EC_F_EC_POINT_set_affine_coordinates_GFp 122
+#define EC_F_EC_POINT_set_compressed_coordinates_GFp 123
+#define EC_F_EC_POINT_set_to_infinity 124
+#define EC_F_EC_POINTs_make_affine 125
+#define EC_F_compute_wNAF 126
+#define EC_F_d2i_ECPKParameters 127
+#define EC_F_d2i_ECParameters 128
+#define EC_F_d2i_ECPrivateKey 129
+#define EC_F_ec_GFp_mont_field_decode 130
+#define EC_F_ec_GFp_mont_field_encode 131
+#define EC_F_ec_GFp_mont_field_mul 132
+#define EC_F_ec_GFp_mont_field_set_to_one 133
+#define EC_F_ec_GFp_mont_field_sqr 134
+#define EC_F_ec_GFp_mont_group_set_curve 135
+#define EC_F_ec_GFp_simple_group_check_discriminant 136
+#define EC_F_ec_GFp_simple_group_set_curve 137
+#define EC_F_ec_GFp_simple_make_affine 138
+#define EC_F_ec_GFp_simple_oct2point 139
+#define EC_F_ec_GFp_simple_point2oct 140
+#define EC_F_ec_GFp_simple_point_get_affine_coordinates 141
+#define EC_F_ec_GFp_simple_point_set_affine_coordinates 142
+#define EC_F_ec_GFp_simple_points_make_affine 143
+#define EC_F_ec_GFp_simple_set_compressed_coordinates 144
+#define EC_F_ec_asn1_group2pkparameters 145
+#define EC_F_ec_asn1_pkparameters2group 146
+#define EC_F_ec_group_new 147
+#define EC_F_ec_group_new_curve_GFp 148
+#define EC_F_ec_group_new_from_data 149
+#define EC_F_ec_point_set_Jprojective_coordinates_GFp 150
+#define EC_F_ec_pre_comp_new 151
+#define EC_F_ec_wNAF_mul 152
+#define EC_F_ec_wNAF_precompute_mult 153
+#define EC_F_i2d_ECPKParameters 154
+#define EC_F_i2d_ECParameters 155
+#define EC_F_i2d_ECPrivateKey 156
+#define EC_F_i2o_ECPublicKey 157
+#define EC_F_o2i_ECPublicKey 158
+#define EC_F_BN_to_felem 159
+#define EC_F_ec_GFp_nistp256_group_set_curve 160
+#define EC_F_ec_GFp_nistp256_point_get_affine_coordinates 161
+#define EC_F_ec_GFp_nistp256_points_mul 162
+#define EC_F_ec_group_copy 163
+#define EC_F_nistp256_pre_comp_new 164
+#define EC_F_EC_KEY_new_by_curve_name 165
+#define EC_R_BUFFER_TOO_SMALL 100
+#define EC_R_COORDINATES_OUT_OF_RANGE 101
+#define EC_R_D2I_ECPKPARAMETERS_FAILURE 102
+#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 103
+#define EC_R_GROUP2PKPARAMETERS_FAILURE 104
+#define EC_R_I2D_ECPKPARAMETERS_FAILURE 105
+#define EC_R_INCOMPATIBLE_OBJECTS 106
+#define EC_R_INVALID_COMPRESSED_POINT 107
+#define EC_R_INVALID_COMPRESSION_BIT 108
+#define EC_R_INVALID_ENCODING 109
+#define EC_R_INVALID_FIELD 110
+#define EC_R_INVALID_FORM 111
+#define EC_R_INVALID_GROUP_ORDER 112
+#define EC_R_INVALID_PRIVATE_KEY 113
+#define EC_R_MISSING_PARAMETERS 114
+#define EC_R_MISSING_PRIVATE_KEY 115
+#define EC_R_NON_NAMED_CURVE 116
+#define EC_R_NOT_INITIALIZED 117
+#define EC_R_PKPARAMETERS2GROUP_FAILURE 118
+#define EC_R_POINT_AT_INFINITY 119
+#define EC_R_POINT_IS_NOT_ON_CURVE 120
+#define EC_R_SLOT_FULL 121
+#define EC_R_UNDEFINED_GENERATOR 122
+#define EC_R_UNKNOWN_GROUP 123
+#define EC_R_UNKNOWN_ORDER 124
+#define EC_R_WRONG_ORDER 125
+#define EC_R_BIGNUM_OUT_OF_RANGE 126
+#define EC_R_WRONG_CURVE_PARAMETERS 127
#endif /* OPENSSL_HEADER_EC_H */
diff --git a/src/include/openssl/ec_key.h b/src/include/openssl/ec_key.h
index 115c0cd..ee64030 100644
--- a/src/include/openssl/ec_key.h
+++ b/src/include/openssl/ec_key.h
@@ -79,7 +79,7 @@
#endif
-/* ec_key.h conatins functions that handle elliptic-curve points that are
+/* ec_key.h contains functions that handle elliptic-curve points that are
* public/private keys. */
diff --git a/src/include/openssl/ecdh.h b/src/include/openssl/ecdh.h
index 46cf839..27a8578 100644
--- a/src/include/openssl/ecdh.h
+++ b/src/include/openssl/ecdh.h
@@ -96,8 +96,8 @@
#endif
#define ECDH_F_ECDH_compute_key 100
-#define ECDH_R_POINT_ARITHMETIC_FAILURE 100
-#define ECDH_R_KDF_FAILED 101
-#define ECDH_R_NO_PRIVATE_VALUE 102
+#define ECDH_R_KDF_FAILED 100
+#define ECDH_R_NO_PRIVATE_VALUE 101
+#define ECDH_R_POINT_ARITHMETIC_FAILURE 102
#endif /* OPENSSL_HEADER_ECDH_H */
diff --git a/src/include/openssl/ecdsa.h b/src/include/openssl/ecdsa.h
index f3ff49f..e045463 100644
--- a/src/include/openssl/ecdsa.h
+++ b/src/include/openssl/ecdsa.h
@@ -107,17 +107,13 @@
OPENSSL_EXPORT void ECDSA_SIG_free(ECDSA_SIG *sig);
/* ECDSA_sign signs |digest_len| bytes from |digest| with |key| and returns the
- * resulting signature structure, or NULL on error.
- *
- * TODO(fork): remove this function. */
+ * resulting signature structure, or NULL on error. */
OPENSSL_EXPORT ECDSA_SIG *ECDSA_do_sign(const uint8_t *digest,
size_t digest_len, EC_KEY *key);
/* ECDSA_verify verifies that |sig| constitutes a valid signature by |key| of
* |digest|. It returns one on success or zero if the signature is invalid or
- * on error.
- *
- * TODO(fork): remove this function. */
+ * on error. */
OPENSSL_EXPORT int ECDSA_do_verify(const uint8_t *digest, size_t digest_len,
const ECDSA_SIG *sig, EC_KEY *key);
@@ -172,16 +168,15 @@
} /* extern C */
#endif
-#define ECDSA_F_digest_to_bn 100
+#define ECDSA_F_ECDSA_do_sign_ex 100
#define ECDSA_F_ECDSA_do_verify 101
-#define ECDSA_F_ECDSA_sign_setup 102
-#define ECDSA_F_ECDSA_do_sign_ex 103
-#define ECDSA_F_ECDSA_sign_ex 104
-#define ECDSA_F_ecdsa_sign_setup 105
-#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 100
-#define ECDSA_R_NEED_NEW_SETUP_VALUES 101
-#define ECDSA_R_MISSING_PARAMETERS 102
-#define ECDSA_R_BAD_SIGNATURE 103
-#define ECDSA_R_NOT_IMPLEMENTED 104
+#define ECDSA_F_ECDSA_sign_ex 102
+#define ECDSA_F_digest_to_bn 103
+#define ECDSA_F_ecdsa_sign_setup 104
+#define ECDSA_R_BAD_SIGNATURE 100
+#define ECDSA_R_MISSING_PARAMETERS 101
+#define ECDSA_R_NEED_NEW_SETUP_VALUES 102
+#define ECDSA_R_NOT_IMPLEMENTED 103
+#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104
#endif /* OPENSSL_HEADER_ECDSA_H */
diff --git a/src/include/openssl/engine.h b/src/include/openssl/engine.h
index 4a4f37d..da242f6 100644
--- a/src/include/openssl/engine.h
+++ b/src/include/openssl/engine.h
@@ -78,12 +78,14 @@
* These functions take a void* type but actually operate on all method
* structures. */
-/* METHOD_ref increments the reference count of |method|. */
-OPENSSL_EXPORT void METHOD_ref(void *method);
+/* METHOD_ref increments the reference count of |method|. This is a no-op for
+ * now because all methods are currently static. */
+void METHOD_ref(void *method);
/* METHOD_unref decrements the reference count of |method| and frees it if the
- * reference count drops to zero. */
-OPENSSL_EXPORT void METHOD_unref(void *method);
+ * reference count drops to zero. This is a no-op for now because all methods
+ * are currently static. */
+void METHOD_unref(void *method);
/* Private functions. */
diff --git a/src/include/openssl/err.h b/src/include/openssl/err.h
index c749659..e591534 100644
--- a/src/include/openssl/err.h
+++ b/src/include/openssl/err.h
@@ -109,9 +109,9 @@
#ifndef OPENSSL_HEADER_ERR_H
#define OPENSSL_HEADER_ERR_H
+#include <stdio.h>
+
#include <openssl/base.h>
-#include <openssl/thread.h>
-#include <openssl/lhash.h>
#if defined(__cplusplus)
extern "C" {
@@ -142,16 +142,18 @@
/* Startup and shutdown. */
-/* ERR_load_crypto_strings initialises the error string hash with builtin
- * values. If this is not called then the string forms of errors produced by
- * the functions below will contain numeric identifiers rather than
- * human-readable strings. */
+/* ERR_load_BIO_strings does nothing.
+ *
+ * TODO(fork): remove. libjingle calls this. */
+OPENSSL_EXPORT void ERR_load_BIO_strings(void);
+
+/* ERR_load_ERR_strings does nothing. */
+OPENSSL_EXPORT void ERR_load_ERR_strings(void);
+
+/* ERR_load_crypto_strings does nothing. */
OPENSSL_EXPORT void ERR_load_crypto_strings(void);
-/* ERR_free_strings frees any memory retained by the error system, expect for
- * per-thread structures which are assumed to have already been freed with
- * |ERR_remove_thread_state|. This should only be called at process
- * shutdown. */
+/* ERR_free_strings does nothing. */
OPENSSL_EXPORT void ERR_free_strings(void);
@@ -257,13 +259,21 @@
void *ctx);
+/* ERR_print_errors_fp prints the current contents of the error stack to |file|
+ * using human readable strings where possible. */
+OPENSSL_EXPORT void ERR_print_errors_fp(FILE *file);
+
/* Clearing errors. */
/* ERR_clear_error clears the error queue for the current thread. */
OPENSSL_EXPORT void ERR_clear_error(void);
-/* ERR_remove_thread_state deletes the error queue for the given thread. If
- * |tid| is NULL then the error queue for the current thread is deleted. */
+/* ERR_remove_thread_state clears the error queue for the current thread if
+ * |tid| is NULL. Otherwise it does nothing because it's no longer possible to
+ * delete the error queue for other threads.
+ *
+ * Error queues are thread-local data and are deleted automatically. You do not
+ * need to call this function. See |ERR_clear_error|. */
OPENSSL_EXPORT void ERR_remove_thread_state(const CRYPTO_THREADID *tid);
@@ -357,9 +367,6 @@
/* ERR_STATE contains the per-thread, error queue. */
typedef struct err_state_st {
- /* tid is the identifier of the thread that owns this queue. */
- CRYPTO_THREADID tid;
-
/* errors contains the ERR_NUM_ERRORS most recent errors, organised as a ring
* buffer. */
struct err_error_st errors[ERR_NUM_ERRORS];
@@ -474,40 +481,6 @@
#define ERR_GET_FUNC(packed_error) ((int)(((packed_error) >> 12) & 0xfff))
#define ERR_GET_REASON(packed_error) ((int)((packed_error) & 0xfff))
-/* ERR_STRING_DATA is the type of an lhash node that contains a mapping from a
- * library, function or reason code to a string representation of it. */
-typedef struct err_string_data_st {
- uint32_t error;
- const char *string;
-} ERR_STRING_DATA;
-
-/* ERR_load_strings loads an array of ERR_STRING_DATA into the hash table. The
- * array must be terminated by an entry with a NULL string. */
-OPENSSL_EXPORT void ERR_load_strings(const ERR_STRING_DATA *str);
-
-/* ERR_FNS_st is a structure of function pointers that contains the actual
- * implementation of the error queue handling functions. */
-struct ERR_FNS_st {
- void (*shutdown)(void (*err_state_free_cb)(ERR_STATE*));
- ERR_STRING_DATA *(*get_item)(uint32_t packed_error);
- ERR_STRING_DATA *(*set_item)(const ERR_STRING_DATA *);
- ERR_STRING_DATA *(*del_item)(uint32_t packed_error);
-
- /* get_state returns the ERR_STATE for the current thread. This function
- * never returns NULL. */
- ERR_STATE *(*get_state)(void);
-
- /* release_state returns the |ERR_STATE| for the given thread, or NULL if
- * none exists. It the return value is not NULL, it also returns ownership of
- * the |ERR_STATE| and deletes it from its data structures. */
- ERR_STATE *(*release_state)(const CRYPTO_THREADID *tid);
-
- /* get_next_library returns a unique value suitable for passing as the
- * |library| to error calls. It will be distinct from all built-in library
- * values. */
- int (*get_next_library)(void);
-};
-
/* OPENSSL_DECLARE_ERROR_REASON is used by util/make_errors.h (which generates
* the error defines) to recognise that an additional reason value is needed.
* This is needed when the reason value is used outside of an
@@ -522,11 +495,6 @@
* ${lib}_F_${reason}. */
#define OPENSSL_DECLARE_ERROR_FUNCTION(lib, function_name)
-/* ERR_load_BIO_strings does nothing.
- *
- * TODO(fork): remove. libjingle calls this. */
-OPENSSL_EXPORT void ERR_load_BIO_strings(void);
-
/* Android compatibility section.
*
diff --git a/src/include/openssl/evp.h b/src/include/openssl/evp.h
index 39da689..54ad4be 100644
--- a/src/include/openssl/evp.h
+++ b/src/include/openssl/evp.h
@@ -58,7 +58,6 @@
#define OPENSSL_HEADER_EVP_H
#include <openssl/base.h>
-#include <openssl/stack.h>
/* OpenSSL included digest and cipher functions in this header so we include
* them for users that still expect that.
@@ -67,9 +66,7 @@
#include <openssl/aead.h>
#include <openssl/cipher.h>
#include <openssl/digest.h>
-#include <openssl/mem.h>
#include <openssl/obj.h>
-#include <openssl/thread.h>
#if defined(__cplusplus)
extern "C" {
@@ -89,6 +86,9 @@
* itself. */
OPENSSL_EXPORT void EVP_PKEY_free(EVP_PKEY *pkey);
+/* EVP_PKEY_up_ref increments the reference count of |pkey| and returns it. */
+OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_up_ref(EVP_PKEY *pkey);
+
/* EVP_PKEY_is_opaque returns one if |pkey| is opaque. Opaque keys are backed by
* custom implementations which do not expose key material and parameters. It is
* an error to attempt to duplicate, export, or compare an opaque key. */
@@ -107,10 +107,6 @@
* function. */
OPENSSL_EXPORT int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
-/* EVP_PKEY_dup adds one to the reference count of |pkey| and returns
- * |pkey|. */
-OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey);
-
/* EVP_PKEY_copy_parameters sets the parameters of |to| to equal the parameters
* of |from|. It returns one on success and zero on error. */
OPENSSL_EXPORT int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
@@ -119,12 +115,15 @@
* parameters or zero if not, or if the algorithm doesn't take parameters. */
OPENSSL_EXPORT int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
-/* EVP_PKEY_size returns the "size", in bytes, of |pkey|. For example, for an
- * RSA key this returns the number of bytes needed to represent the modulus. */
+/* EVP_PKEY_size returns the maximum size, in bytes, of a signature signed by
+ * |pkey|. For an RSA key, this returns the number of bytes needed to represent
+ * the modulus. For an EC key, this returns the maximum size of a DER-encoded
+ * ECDSA signature. */
OPENSSL_EXPORT int EVP_PKEY_size(const EVP_PKEY *pkey);
-/* EVP_PKEY_bits returns the "size", in bits, of |pkey|. For example, for an
- * RSA key, this returns the bit length of the modulus. */
+/* EVP_PKEY_bits returns the "size", in bits, of |pkey|. For an RSA key, this
+ * returns the bit length of the modulus. For an EC key, this returns the bit
+ * length of the group order. */
OPENSSL_EXPORT int EVP_PKEY_bits(EVP_PKEY *pkey);
/* EVP_PKEY_id returns the type of |pkey|, which is one of the |EVP_PKEY_*|
@@ -444,18 +443,6 @@
* set. */
OPENSSL_EXPORT void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
-/* EVP_PKEY_CTX_ctrl performs |cmd| on |ctx|. The |keytype| and |optype|
- * arguments can be -1 to specify that any type and operation are acceptable,
- * otherwise |keytype| must match the type of |ctx| and the bits of |optype|
- * must intersect the operation flags set on |ctx|.
- *
- * The |p1| and |p2| arguments depend on the value of |cmd|.
- *
- * It returns -2 if |cmd| is not recognised, -1 on error or a |cmd| specific
- * value otherwise. */
-OPENSSL_EXPORT int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
- int cmd, int p1, void *p2);
-
/* EVP_PKEY_sign_init initialises an |EVP_PKEY_CTX| for a signing operation. It
* should be called before |EVP_PKEY_sign|.
*
@@ -569,64 +556,28 @@
OPENSSL_EXPORT int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
-/* EVP_PKEY_CTX_ctrl operations.
- *
- * These values are passed as the |cmd| argument to
- * EVP_PKEY_CTX_ctrl */
-
-/* Generic. */
+/* Generic control functions. */
/* EVP_PKEY_CTX_set_signature_md sets |md| as the digest to be used in a
- * signature operation. It returns one on success or otherwise on error. See
- * the return values of |EVP_PKEY_CTX_ctrl| for details. */
+ * signature operation. It returns one on success or zero on error. */
OPENSSL_EXPORT int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx,
const EVP_MD *md);
/* EVP_PKEY_CTX_get_signature_md sets |*out_md| to the digest to be used in a
- * signature operation. It returns one on success or otherwise on error. See
- * the return values of |EVP_PKEY_CTX_ctrl| for details. */
+ * signature operation. It returns one on success or zero on error. */
OPENSSL_EXPORT int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx,
const EVP_MD **out_md);
-/* EVP_PKEY_CTRL_DIGESTINIT is an internal value. It's called by
- * EVP_DigestInit_ex to signal the |EVP_PKEY| that a digest operation is
- * starting. */
-#define EVP_PKEY_CTRL_DIGESTINIT 3
-
-/* EVP_PKEY_CTRL_PEER_KEY is called with different values of |p1|:
- * 0: Is called from |EVP_PKEY_derive_set_peer| and |p2| contains a peer key.
- * If the return value is <= 0, the key is rejected.
- * 1: Is called at the end of |EVP_PKEY_derive_set_peer| and |p2| contains a
- * peer key. If the return value is <= 0, the key is rejected.
- * 2: Is called with |p2| == NULL to test whether the peer's key was used.
- * (EC)DH always return one in this case.
- * 3: Is called with |p2| == NULL to set whether the peer's key was used.
- * (EC)DH always return one in this case. This was only used for GOST. */
-#define EVP_PKEY_CTRL_PEER_KEY 4
-
-/* EVP_PKEY_CTRL_SET_MAC_KEY sets a MAC key. For example, this can be done an
- * |EVP_PKEY_CTX| prior to calling |EVP_PKEY_keygen| in order to generate an
- * HMAC |EVP_PKEY| with the given key. It returns one on success and zero on
- * error. */
-#define EVP_PKEY_CTRL_SET_MAC_KEY 5
-
-/* EVP_PKEY_ALG_CTRL is the base value from which key-type specific ctrl
- * commands are numbered. */
-#define EVP_PKEY_ALG_CTRL 0x1000
-
/* RSA specific control functions. */
/* EVP_PKEY_CTX_set_rsa_padding sets the padding type to use. It should be one
- * of the |RSA_*_PADDING| values. Returns one on success or another value on
- * error. See |EVP_PKEY_CTX_ctrl| for the other return values, which are
- * non-standard. */
+ * of the |RSA_*_PADDING| values. Returns one on success or zero on error. */
OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int padding);
/* EVP_PKEY_CTX_get_rsa_padding sets |*out_padding| to the current padding
* value, which is one of the |RSA_*_PADDING| values. Returns one on success or
- * another value on error. See |EVP_PKEY_CTX_ctrl| for the other return values,
- * which are non-standard. */
+ * zero on error. */
OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx,
int *out_padding);
@@ -635,8 +586,7 @@
* in the signature. A value of -2 causes the salt to be the maximum length
* that will fit. Otherwise the value gives the size of the salt in bytes.
*
- * Returns one on success or another value on error. See |EVP_PKEY_CTX_ctrl|
- * for the other return values, which are non-standard. */
+ * Returns one on success or zero on error. */
OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx,
int salt_len);
@@ -645,68 +595,68 @@
* |EVP_PKEY_CTX_set_rsa_pss_saltlen| for details of the special values that it
* can take.
*
- * Returns one on success or another value on error. See |EVP_PKEY_CTX_ctrl|
- * for the other return values, which are non-standard. */
+ * Returns one on success or zero on error. */
OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx,
int *out_salt_len);
/* EVP_PKEY_CTX_set_rsa_keygen_bits sets the size of the desired RSA modulus,
- * in bits, for key generation. Returns one on success or another value on
- * error. See |EVP_PKEY_CTX_ctrl| for the other return values, which are
- * non-standard. */
+ * in bits, for key generation. Returns one on success or zero on
+ * error. */
OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx,
int bits);
/* EVP_PKEY_CTX_set_rsa_keygen_pubexp sets |e| as the public exponent for key
- * generation. Returns one on success or another value on error. See
- * |EVP_PKEY_CTX_ctrl| for the other return values, which are non-standard. */
+ * generation. Returns one on success or zero on error. */
OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx,
BIGNUM *e);
/* EVP_PKEY_CTX_set_rsa_oaep_md sets |md| as the digest used in OAEP padding.
- * Returns one on success or another value on error. See |EVP_PKEY_CTX_ctrl|
- * for the other return values, which are non-standard. */
+ * Returns one on success or zero on error. */
OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx,
const EVP_MD *md);
/* EVP_PKEY_CTX_get_rsa_oaep_md sets |*out_md| to the digest function used in
- * OAEP padding. Returns one on success or another value on error. See
- * |EVP_PKEY_CTX_ctrl| for the other return values, which are non-standard. */
+ * OAEP padding. Returns one on success or zero on error. */
OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx,
const EVP_MD **out_md);
/* EVP_PKEY_CTX_set_rsa_mgf1_md sets |md| as the digest used in MGF1. Returns
- * one on success or another value on error. See |EVP_PKEY_CTX_ctrl| for the
- * other return values, which are non-standard. */
+ * one on success or zero on error. */
OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx,
const EVP_MD *md);
/* EVP_PKEY_CTX_get_rsa_mgf1_md sets |*out_md| to the digest function used in
- * MGF1. Returns one on success or another value on error. See
- * |EVP_PKEY_CTX_ctrl| for the other return values, which are non-standard. */
+ * MGF1. Returns one on success or zero on error. */
OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx,
const EVP_MD **out_md);
/* EVP_PKEY_CTX_set0_rsa_oaep_label sets |label_len| bytes from |label| as the
- * label used in OAEP. DANGER: this call takes ownership of |label| and will
- * call |free| on it when |ctx| is destroyed.
+ * label used in OAEP. DANGER: On success, this call takes ownership of |label|
+ * and will call |OPENSSL_free| on it when |ctx| is destroyed.
*
- * Returns one on success or another value on error. See |EVP_PKEY_CTX_ctrl|
- * for the other return values, which are non-standard. */
+ * Returns one on success or zero on error. */
OPENSSL_EXPORT int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx,
const uint8_t *label,
size_t label_len);
/* EVP_PKEY_CTX_get0_rsa_oaep_label sets |*out_label| to point to the internal
* buffer containing the OAEP label (which may be NULL) and returns the length
- * of the label or a negative value on error. */
+ * of the label or a negative value on error.
+ *
+ * WARNING: the return value differs from the usual return value convention. */
OPENSSL_EXPORT int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx,
const uint8_t **out_label);
-/* EC specific */
+/* Deprecated functions. */
-#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1)
+/* EVP_PKEY_dup adds one to the reference count of |pkey| and returns
+ * |pkey|.
+ *
+ * WARNING: this is a |_dup| function that doesn't actually duplicate! Use
+ * |EVP_PKEY_up_ref| if you want to increment the reference count without
+ * confusion. */
+OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey);
/* Private functions */
@@ -734,9 +684,6 @@
* which element (if any) of the |pkey| union is valid. */
int type;
- /* TODO(fork): document */
- int save_type;
-
union {
char *ptr;
struct rsa_st *rsa; /* RSA */
@@ -745,16 +692,9 @@
struct ec_key_st *ec; /* ECC */
} pkey;
- ENGINE *engine;
-
- /* TODO(fork): document */
- int save_parameters;
/* ameth contains a pointer to a method table that contains many ASN.1
* methods for the key type. */
const EVP_PKEY_ASN1_METHOD *ameth;
-
- /* TODO(fork): document; */
- STACK_OF(X509_ATTRIBUTE) * attributes; /* [ 0 ] */
} /* EVP_PKEY */;
@@ -762,105 +702,105 @@
} /* extern C */
#endif
-#define EVP_F_rsa_item_verify 100
-#define EVP_F_do_sigver_init 101
-#define EVP_F_eckey_priv_decode 102
-#define EVP_F_pkey_ec_sign 103
-#define EVP_F_EVP_PKEY_sign_init 104
-#define EVP_F_d2i_PrivateKey 105
-#define EVP_F_rsa_priv_encode 106
-#define EVP_F_rsa_mgf1_to_md 107
-#define EVP_F_EVP_PKEY_get1_DH 108
-#define EVP_F_EVP_PKEY_sign 109
-#define EVP_F_old_ec_priv_decode 110
-#define EVP_F_EVP_PKEY_get1_RSA 111
-#define EVP_F_pkey_ec_ctrl 112
-#define EVP_F_evp_pkey_ctx_new 113
-#define EVP_F_EVP_PKEY_verify 114
-#define EVP_F_EVP_PKEY_encrypt 115
+#define EVP_F_EVP_PKEY_derive_init 108
+#define EVP_F_EVP_PKEY_encrypt 110
+#define EVP_F_EVP_PKEY_encrypt_init 111
+#define EVP_F_EVP_PKEY_get1_DH 112
+#define EVP_F_EVP_PKEY_get1_EC_KEY 114
+#define EVP_F_EVP_PKEY_get1_RSA 115
#define EVP_F_EVP_PKEY_keygen 116
-#define EVP_F_eckey_type2param 117
-#define EVP_F_eckey_priv_encode 118
-#define EVP_F_do_EC_KEY_print 119
-#define EVP_F_pkey_ec_keygen 120
-#define EVP_F_EVP_PKEY_encrypt_init 121
-#define EVP_F_pkey_rsa_ctrl 122
-#define EVP_F_rsa_priv_decode 123
-#define EVP_F_rsa_pss_to_ctx 124
-#define EVP_F_EVP_PKEY_get1_EC_KEY 125
-#define EVP_F_EVP_PKEY_verify_init 126
-#define EVP_F_EVP_PKEY_derive_init 127
-#define EVP_F_eckey_param2type 128
-#define EVP_F_eckey_pub_decode 129
-#define EVP_F_d2i_AutoPrivateKey 130
+#define EVP_F_EVP_PKEY_sign 120
+#define EVP_F_EVP_PKEY_sign_init 121
+#define EVP_F_EVP_PKEY_verify 122
+#define EVP_F_EVP_PKEY_verify_init 123
+#define EVP_F_d2i_AutoPrivateKey 125
+#define EVP_F_d2i_PrivateKey 126
+#define EVP_F_do_EC_KEY_print 127
+#define EVP_F_do_sigver_init 129
+#define EVP_F_eckey_param2type 130
#define EVP_F_eckey_param_decode 131
-#define EVP_F_EVP_PKEY_new 132
-#define EVP_F_pkey_ec_derive 133
-#define EVP_F_pkey_ec_paramgen 134
-#define EVP_F_EVP_PKEY_CTX_ctrl 135
-#define EVP_F_EVP_PKEY_decrypt_init 136
-#define EVP_F_EVP_PKEY_decrypt 137
-#define EVP_F_EVP_PKEY_copy_parameters 138
-#define EVP_F_EVP_PKEY_set_type 139
-#define EVP_F_EVP_PKEY_derive 140
-#define EVP_F_EVP_PKEY_keygen_init 141
-#define EVP_F_do_rsa_print 142
-#define EVP_F_old_rsa_priv_decode 143
-#define EVP_F_rsa_algor_to_md 144
-#define EVP_F_eckey_pub_encode 145
-#define EVP_F_EVP_PKEY_derive_set_peer 146
-#define EVP_F_pkey_rsa_sign 147
-#define EVP_F_check_padding_md 148
-#define EVP_F_i2d_PublicKey 149
-#define EVP_F_rsa_pub_decode 150
-#define EVP_F_EVP_PKEY_get1_DSA 151
-#define EVP_F_pkey_rsa_encrypt 152
-#define EVP_F_pkey_rsa_decrypt 153
-#define EVP_F_hmac_signctx 154
-#define EVP_F_EVP_DigestVerifyInitFromAlgorithm 155
-#define EVP_F_EVP_DigestSignAlgorithm 156
-#define EVP_F_rsa_digest_verify_init_from_algorithm 157
-#define EVP_F_EVP_PKEY_CTX_dup 158
-#define EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE 100
-#define EVP_R_UNSUPPORTED_SIGNATURE_TYPE 101
-#define EVP_R_INVALID_DIGEST_TYPE 102
-#define EVP_R_EXPECTING_A_DH_KEY 103
-#define EVP_R_OPERATON_NOT_INITIALIZED 104
-#define EVP_R_MISSING_PARAMETERS 105
-#define EVP_R_NO_DEFAULT_DIGEST 106
-#define EVP_R_UNKNOWN_DIGEST 107
-#define EVP_R_KEYS_NOT_SET 108
-#define EVP_R_X931_UNSUPPORTED 109
-#define EVP_R_DIGEST_DOES_NOT_MATCH 110
-#define EVP_R_DIFFERENT_PARAMETERS 111
-#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 112
-#define EVP_R_DIFFERENT_KEY_TYPES 113
-#define EVP_R_NO_PARAMETERS_SET 114
-#define EVP_R_NO_NID_FOR_CURVE 115
-#define EVP_R_NO_OPERATION_SET 116
-#define EVP_R_UNSUPPORTED_ALGORITHM 117
-#define EVP_R_EXPECTING_AN_DSA_KEY 118
-#define EVP_R_UNKNOWN_MASK_DIGEST 119
-#define EVP_R_INVALID_SALT_LENGTH 120
-#define EVP_R_BUFFER_TOO_SMALL 121
-#define EVP_R_INVALID_PADDING_MODE 122
-#define EVP_R_INVALID_MGF1_MD 123
-#define EVP_R_SHARED_INFO_ERROR 124
-#define EVP_R_INVALID_KEYBITS 125
-#define EVP_R_PEER_KEY_ERROR 126
-#define EVP_R_EXPECTING_A_DSA_KEY 127
-#define EVP_R_UNSUPPORTED_MASK_ALGORITHM 128
-#define EVP_R_EXPECTING_AN_EC_KEY_KEY 129
-#define EVP_R_INVALID_TRAILER 130
-#define EVP_R_INVALID_DIGEST_LENGTH 131
-#define EVP_R_COMMAND_NOT_SUPPORTED 132
-#define EVP_R_EXPLICIT_EC_PARAMETERS_NOT_SUPPORTED 133
-#define EVP_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 134
-#define EVP_R_NO_MDC2_SUPPORT 135
-#define EVP_R_INVALID_CURVE 136
-#define EVP_R_NO_KEY_SET 137
-#define EVP_R_INVALID_PSS_PARAMETERS 138
-#define EVP_R_KDF_PARAMETER_ERROR 139
+#define EVP_F_eckey_priv_decode 132
+#define EVP_F_eckey_priv_encode 133
+#define EVP_F_eckey_pub_decode 134
+#define EVP_F_eckey_pub_encode 135
+#define EVP_F_eckey_type2param 136
+#define EVP_F_evp_pkey_ctx_new 137
+#define EVP_F_hmac_signctx 138
+#define EVP_F_i2d_PublicKey 139
+#define EVP_F_old_ec_priv_decode 140
+#define EVP_F_old_rsa_priv_decode 141
+#define EVP_F_pkey_ec_ctrl 142
+#define EVP_F_pkey_ec_derive 143
+#define EVP_F_pkey_ec_keygen 144
+#define EVP_F_pkey_ec_paramgen 145
+#define EVP_F_pkey_ec_sign 146
+#define EVP_F_pkey_rsa_ctrl 147
+#define EVP_F_pkey_rsa_decrypt 148
+#define EVP_F_pkey_rsa_encrypt 149
+#define EVP_F_pkey_rsa_sign 150
+#define EVP_F_rsa_algor_to_md 151
+#define EVP_F_rsa_digest_verify_init_from_algorithm 152
+#define EVP_F_rsa_mgf1_to_md 153
+#define EVP_F_rsa_priv_decode 154
+#define EVP_F_rsa_priv_encode 155
+#define EVP_F_rsa_pss_to_ctx 156
+#define EVP_F_rsa_pub_decode 157
+#define EVP_F_pkey_hmac_ctrl 158
+#define EVP_F_EVP_PKEY_CTX_get0_rsa_oaep_label 159
+#define EVP_F_EVP_DigestSignAlgorithm 160
+#define EVP_F_EVP_DigestVerifyInitFromAlgorithm 161
+#define EVP_F_EVP_PKEY_CTX_ctrl 162
+#define EVP_F_EVP_PKEY_CTX_dup 163
+#define EVP_F_EVP_PKEY_copy_parameters 164
+#define EVP_F_EVP_PKEY_decrypt 165
+#define EVP_F_EVP_PKEY_decrypt_init 166
+#define EVP_F_EVP_PKEY_derive 167
+#define EVP_F_EVP_PKEY_derive_set_peer 168
+#define EVP_F_EVP_PKEY_get1_DSA 169
+#define EVP_F_EVP_PKEY_keygen_init 170
+#define EVP_F_EVP_PKEY_new 171
+#define EVP_F_EVP_PKEY_set_type 172
+#define EVP_F_check_padding_md 173
+#define EVP_F_do_dsa_print 174
+#define EVP_F_do_rsa_print 175
+#define EVP_F_dsa_param_decode 176
+#define EVP_F_dsa_priv_decode 177
+#define EVP_F_dsa_priv_encode 178
+#define EVP_F_dsa_pub_decode 179
+#define EVP_F_dsa_pub_encode 180
+#define EVP_F_dsa_sig_print 181
+#define EVP_F_old_dsa_priv_decode 182
+#define EVP_R_BUFFER_TOO_SMALL 100
+#define EVP_R_COMMAND_NOT_SUPPORTED 101
+#define EVP_R_DIFFERENT_KEY_TYPES 104
+#define EVP_R_DIFFERENT_PARAMETERS 105
+#define EVP_R_EXPECTING_AN_EC_KEY_KEY 107
+#define EVP_R_EXPECTING_A_DH_KEY 109
+#define EVP_R_EXPECTING_A_DSA_KEY 110
+#define EVP_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 111
+#define EVP_R_INVALID_CURVE 112
+#define EVP_R_INVALID_DIGEST_LENGTH 113
+#define EVP_R_INVALID_DIGEST_TYPE 114
+#define EVP_R_INVALID_KEYBITS 115
+#define EVP_R_INVALID_MGF1_MD 116
+#define EVP_R_INVALID_PADDING_MODE 118
+#define EVP_R_INVALID_PSS_PARAMETERS 119
+#define EVP_R_INVALID_SALT_LENGTH 121
+#define EVP_R_INVALID_TRAILER 122
+#define EVP_R_KEYS_NOT_SET 123
+#define EVP_R_MISSING_PARAMETERS 124
+#define EVP_R_NO_DEFAULT_DIGEST 125
+#define EVP_R_NO_KEY_SET 126
+#define EVP_R_NO_MDC2_SUPPORT 127
+#define EVP_R_NO_NID_FOR_CURVE 128
+#define EVP_R_NO_OPERATION_SET 129
+#define EVP_R_NO_PARAMETERS_SET 130
+#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 131
+#define EVP_R_OPERATON_NOT_INITIALIZED 132
+#define EVP_R_UNKNOWN_DIGEST 133
+#define EVP_R_UNKNOWN_MASK_DIGEST 134
+#define EVP_R_UNSUPPORTED_ALGORITHM 138
+#define EVP_R_UNSUPPORTED_MASK_ALGORITHM 139
#define EVP_R_UNSUPPORTED_MASK_PARAMETER 140
#define EVP_R_EXPECTING_AN_RSA_KEY 141
#define EVP_R_INVALID_OPERATION 142
@@ -872,5 +812,9 @@
#define EVP_R_WRONG_PUBLIC_KEY_TYPE 148
#define EVP_R_UNKNOWN_SIGNATURE_ALGORITHM 149
#define EVP_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 150
+#define EVP_R_BN_DECODE_ERROR 151
+#define EVP_R_PARAMETER_ENCODING_ERROR 152
+#define EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE 153
+#define EVP_R_UNSUPPORTED_SIGNATURE_TYPE 154
#endif /* OPENSSL_HEADER_EVP_H */
diff --git a/src/include/openssl/ex_data.h b/src/include/openssl/ex_data.h
index f61501a..2303eb4 100644
--- a/src/include/openssl/ex_data.h
+++ b/src/include/openssl/ex_data.h
@@ -119,21 +119,51 @@
/* ex_data is a mechanism for associating arbitrary extra data with objects.
- * The different types of objects which can have data associated with them are
- * called "classes" and there are predefined classes for all the OpenSSL
- * objects that support ex_data.
- *
- * Within a given class, different users can be assigned indexes in which to
- * store their data. Each index has callback functions that are called when a
- * new object of that type is created, freed and duplicated. */
+ * For each type of object that supports ex_data, different users can be
+ * assigned indexes in which to store their data. Each index has callback
+ * functions that are called when a new object of that type is created, freed
+ * and duplicated. */
typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
+
+/* Type-specific functions.
+ *
+ * Each type that supports ex_data provides three functions: */
+
+#if 0 /* Sample */
+
+/* |TYPE_get_ex_new_index| allocates a new index for |TYPE|. See the
+ * descriptions of the callback typedefs for details of when they are
+ * called. Any of the callback arguments may be NULL. The |argl| and |argp|
+ * arguments are opaque values that are passed to the callbacks. It returns the
+ * new index or a negative number on error.
+ *
+ * TODO(fork): this should follow the standard calling convention. */
+OPENSSL_EXPORT int TYPE_get_ex_new_index(long argl, void *argp,
+ CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
+
+/* |TYPE_set_ex_data| sets an extra data pointer on |t|. The |index| argument
+ * should have been returned from a previous call to |TYPE_get_ex_new_index|. */
+OPENSSL_EXPORT int TYPE_set_ex_data(TYPE *t, int index, void *arg);
+
+/* |TYPE_get_ex_data| returns an extra data pointer for |t|, or NULL if no such
+ * pointer exists. The |index| argument should have been returned from a
+ * previous call to |TYPE_get_ex_new_index|. */
+OPENSSL_EXPORT void *TYPE_get_ex_data(const TYPE *t, int index);
+
+#endif /* Sample */
+
+
+/* Callback types. */
+
/* CRYPTO_EX_new is the type of a callback function that is called whenever a
* new object of a given class is created. For example, if this callback has
- * been passed to |CRYPTO_get_ex_new_index| with a |class| of
- * |CRYPTO_EX_INDEX_SSL| then it'll be called each time an SSL* is created.
+ * been passed to |SSL_get_ex_new_index| then it'll be called each time an SSL*
+ * is created.
*
* The callback is passed the new object (i.e. the SSL*) in |parent|. The
* arguments |argl| and |argp| contain opaque values that were given to
@@ -166,126 +196,10 @@
typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
void **from_d, int index, long argl, void *argp);
-/* CRYPTO_get_ex_new_index allocates a new index for ex_data linked with
- * objects of the given |class|. This should not be called directly, rather
- * each class of object should provide a wrapper function that sets
- * |class_value| correctly.
- *
- * The |class_value| argument should be one of |CRYPTO_EX_INDEX_*| or a
- * user-defined class value returned from |CRYPTO_ex_data_new_class|.
- *
- * See the descriptions of the callback typedefs for details of when they are
- * called. Any of the callback arguments may be NULL. The |argl| and |argp|
- * arguments are opaque values that are passed to the callbacks.
- *
- * It returns the new index, or a negative number on error.
- *
- * TODO(fork): this should follow the standard calling convention.
- *
- * TODO(fork): replace the class_value with a pointer to EX_CLASS_ITEM. Saves
- * having that hash table and some of the lock-bouncing. Maybe have every
- * module have a private global EX_CLASS_ITEM somewhere and any direct callers
- * of CRYPTO_{get,set}_ex_data{,_index} would have to always call the
- * wrappers. */
-OPENSSL_EXPORT int CRYPTO_get_ex_new_index(int class_value, long argl,
- void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func);
-/* CRYPTO_set_ex_data sets an extra data pointer on a given object. This should
- * not be called directly, rather each class of object should provide a wrapper
- * function.
- *
- * The |index| argument should have been returned from a previous call to
- * |CRYPTO_get_ex_new_index|. */
-OPENSSL_EXPORT int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int index, void *val);
+/* Deprecated functions. */
-/* CRYPTO_set_ex_data return an extra data pointer for a given object, or NULL
- * if no such index exists. This should not be called directly, rather each
- * class of object should provide a wrapper function.
- *
- * The |index| argument should have been returned from a previous call to
- * |CRYPTO_get_ex_new_index|. */
-OPENSSL_EXPORT void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int index);
-
-/* CRYPTO_EX_INDEX_* are the built-in classes of objects.
- *
- * User defined classes start at 100.
- *
- * TODO(fork): WARNING: these are called "INDEX", but they aren't! */
-#define CRYPTO_EX_INDEX_BIO 0
-#define CRYPTO_EX_INDEX_SSL 1
-#define CRYPTO_EX_INDEX_SSL_CTX 2
-#define CRYPTO_EX_INDEX_SSL_SESSION 3
-#define CRYPTO_EX_INDEX_X509_STORE 4
-#define CRYPTO_EX_INDEX_X509_STORE_CTX 5
-#define CRYPTO_EX_INDEX_RSA 6
-#define CRYPTO_EX_INDEX_DSA 7
-#define CRYPTO_EX_INDEX_DH 8
-#define CRYPTO_EX_INDEX_ENGINE 9
-#define CRYPTO_EX_INDEX_X509 10
-#define CRYPTO_EX_INDEX_UI 11
-#define CRYPTO_EX_INDEX_EC_KEY 12
-#define CRYPTO_EX_INDEX_EC_GROUP 13
-#define CRYPTO_EX_INDEX_COMP 14
-#define CRYPTO_EX_INDEX_STORE 15
-
-
-/* User-defined classes of objects.
- *
- * Core OpenSSL code has predefined class values given above (the
- * |CRYPTO_EX_INDEX_*| values). It's possible to get dynamic class values
- * assigned for user-defined objects. */
-
-/* CRYPTO_ex_data_new_class returns a fresh class value for a user-defined type
- * that wishes to use ex_data.
- *
- * TODO(fork): hopefully remove this. */
-OPENSSL_EXPORT int CRYPTO_ex_data_new_class(void);
-
-
-/* Embedding, allocating and freeing |CRYPTO_EX_DATA| structures for objects
- * that embed them. */
-
-/* CRYPTO_new_ex_data initialises a newly allocated |CRYPTO_EX_DATA| which is
- * embedded inside of |obj| which is of class |class_value|. Returns one on
- * success and zero otherwise. */
-OPENSSL_EXPORT int CRYPTO_new_ex_data(int class_value, void *obj,
- CRYPTO_EX_DATA *ad);
-
-/* CRYPTO_dup_ex_data duplicates |from| into a freshly allocated
- * |CRYPTO_EX_DATA|, |to|. Both of which are inside objects of the given
- * class. It returns one on success and zero otherwise. */
-OPENSSL_EXPORT int CRYPTO_dup_ex_data(int class_value, CRYPTO_EX_DATA *to,
- const CRYPTO_EX_DATA *from);
-
-/* CRYPTO_free_ex_data frees |ad|, which is embedded inside |obj|, which is an
- * object of the given class. */
-OPENSSL_EXPORT void CRYPTO_free_ex_data(int class_value, void *obj,
- CRYPTO_EX_DATA *ad);
-
-
-/* Handling different ex_data implementations. */
-
-/* CRYPTO_EX_DATA_IMPL is the opaque type of an implementation of ex_data. */
-typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL;
-
-/* CRYPTO_get_ex_data_implementation returns the current implementation of
- * ex_data. */
-OPENSSL_EXPORT const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(
- void);
-
-/* CRYPTO_set_ex_data_implementation sets the implementation of ex_data to use,
- * unless ex_data has already been used and the default implementation
- * installed. It returns one on success and zero otherwise. */
-OPENSSL_EXPORT int CRYPTO_set_ex_data_implementation(
- const CRYPTO_EX_DATA_IMPL *impl);
-
-
-/* Private functions. */
-
-/* CRYPTO_cleanup_all_ex_data cleans up all ex_data state. It assumes that no
- * other threads are executing code that might call ex_data functions. */
+/* CRYPTO_cleanup_all_ex_data does nothing. */
OPENSSL_EXPORT void CRYPTO_cleanup_all_ex_data(void);
struct crypto_ex_data_st {
diff --git a/src/include/openssl/hmac.h b/src/include/openssl/hmac.h
index 6c34cdc..89cdf8f 100644
--- a/src/include/openssl/hmac.h
+++ b/src/include/openssl/hmac.h
@@ -94,9 +94,14 @@
OPENSSL_EXPORT void HMAC_CTX_cleanup(HMAC_CTX *ctx);
/* HMAC_Init_ex sets up an initialised |HMAC_CTX| to use |md| as the hash
- * function and |key| as the key. Any of |md| or |key| can be NULL, in which
- * case the previous value will be used. It returns one on success or zero
- * otherwise. */
+ * function and |key| as the key. For a non-initial call, |md| may be NULL, in
+ * which case the previous hash function will be used. If the hash function has
+ * not changed and |key| is NULL, |ctx| reuses the previous key. It returns one
+ * on success or zero otherwise.
+ *
+ * WARNING: NULL and empty keys are ambiguous on non-initial calls. Passing NULL
+ * |key| but repeating the previous |md| reuses the previous key rather than the
+ * empty key. */
OPENSSL_EXPORT int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t key_len,
const EVP_MD *md, ENGINE *impl);
@@ -152,8 +157,6 @@
EVP_MD_CTX md_ctx;
EVP_MD_CTX i_ctx;
EVP_MD_CTX o_ctx;
- unsigned int key_length;
- unsigned char key[HMAC_MAX_MD_CBLOCK];
} /* HMAC_CTX */;
diff --git a/src/include/openssl/lhash.h b/src/include/openssl/lhash.h
index c8628d1..d2ee982 100644
--- a/src/include/openssl/lhash.h
+++ b/src/include/openssl/lhash.h
@@ -96,9 +96,6 @@
*
* LHASH_OF:ASN1_OBJECT
* LHASH_OF:CONF_VALUE
- * LHASH_OF:ERR_STATE
- * LHASH_OF:ERR_STRING_DATA
- * LHASH_OF:EX_CLASS_ITEM
* LHASH_OF:SSL_SESSION */
#define IN_LHASH_H
diff --git a/src/include/openssl/lhash_macros.h b/src/include/openssl/lhash_macros.h
index f84b5ed..1d98107 100644
--- a/src/include/openssl/lhash_macros.h
+++ b/src/include/openssl/lhash_macros.h
@@ -92,122 +92,6 @@
void (*)(CONF_VALUE *, void *), func), \
arg);
-/* ERR_STATE */
-#define lh_ERR_STATE_new(hash, comp) \
- ((LHASH_OF(ERR_STATE) *)lh_new( \
- CHECKED_CAST(lhash_hash_func, uint32_t (*)(const ERR_STATE *), hash), \
- CHECKED_CAST(lhash_cmp_func, \
- int (*)(const ERR_STATE *a, const ERR_STATE *b), comp)))
-
-#define lh_ERR_STATE_free(lh) \
- lh_free(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh));
-
-#define lh_ERR_STATE_num_items(lh) \
- lh_num_items(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh))
-
-#define lh_ERR_STATE_retrieve(lh, data) \
- ((ERR_STATE *)lh_retrieve(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh), \
- CHECKED_CAST(void *, ERR_STATE *, data)))
-
-#define lh_ERR_STATE_insert(lh, old_data, data) \
- lh_insert(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh), \
- CHECKED_CAST(void **, ERR_STATE **, old_data), \
- CHECKED_CAST(void *, ERR_STATE *, data))
-
-#define lh_ERR_STATE_delete(lh, data) \
- ((ERR_STATE *)lh_delete(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh), \
- CHECKED_CAST(void *, ERR_STATE *, data)))
-
-#define lh_ERR_STATE_doall(lh, func) \
- lh_doall(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh), \
- CHECKED_CAST(void (*)(void *), void (*)(ERR_STATE *), func));
-
-#define lh_ERR_STATE_doall_arg(lh, func, arg) \
- lh_doall_arg(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh), \
- CHECKED_CAST(void (*)(void *, void *), \
- void (*)(ERR_STATE *, void *), func), \
- arg);
-
-/* ERR_STRING_DATA */
-#define lh_ERR_STRING_DATA_new(hash, comp) \
- ((LHASH_OF(ERR_STRING_DATA) *)lh_new( \
- CHECKED_CAST(lhash_hash_func, uint32_t (*)(const ERR_STRING_DATA *), \
- hash), \
- CHECKED_CAST( \
- lhash_cmp_func, \
- int (*)(const ERR_STRING_DATA *a, const ERR_STRING_DATA *b), comp)))
-
-#define lh_ERR_STRING_DATA_free(lh) \
- lh_free(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh));
-
-#define lh_ERR_STRING_DATA_num_items(lh) \
- lh_num_items(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh))
-
-#define lh_ERR_STRING_DATA_retrieve(lh, data) \
- ((ERR_STRING_DATA *)lh_retrieve( \
- CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh), \
- CHECKED_CAST(void *, ERR_STRING_DATA *, data)))
-
-#define lh_ERR_STRING_DATA_insert(lh, old_data, data) \
- lh_insert(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh), \
- CHECKED_CAST(void **, ERR_STRING_DATA **, old_data), \
- CHECKED_CAST(void *, ERR_STRING_DATA *, data))
-
-#define lh_ERR_STRING_DATA_delete(lh, data) \
- ((ERR_STRING_DATA *)lh_delete( \
- CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh), \
- CHECKED_CAST(void *, ERR_STRING_DATA *, data)))
-
-#define lh_ERR_STRING_DATA_doall(lh, func) \
- lh_doall(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh), \
- CHECKED_CAST(void (*)(void *), void (*)(ERR_STRING_DATA *), func));
-
-#define lh_ERR_STRING_DATA_doall_arg(lh, func, arg) \
- lh_doall_arg(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh), \
- CHECKED_CAST(void (*)(void *, void *), \
- void (*)(ERR_STRING_DATA *, void *), func), \
- arg);
-
-/* EX_CLASS_ITEM */
-#define lh_EX_CLASS_ITEM_new(hash, comp) \
- ((LHASH_OF(EX_CLASS_ITEM) *)lh_new( \
- CHECKED_CAST(lhash_hash_func, uint32_t (*)(const EX_CLASS_ITEM *), \
- hash), \
- CHECKED_CAST(lhash_cmp_func, \
- int (*)(const EX_CLASS_ITEM *a, const EX_CLASS_ITEM *b), \
- comp)))
-
-#define lh_EX_CLASS_ITEM_free(lh) \
- lh_free(CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh));
-
-#define lh_EX_CLASS_ITEM_num_items(lh) \
- lh_num_items(CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh))
-
-#define lh_EX_CLASS_ITEM_retrieve(lh, data) \
- ((EX_CLASS_ITEM *)lh_retrieve( \
- CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh), \
- CHECKED_CAST(void *, EX_CLASS_ITEM *, data)))
-
-#define lh_EX_CLASS_ITEM_insert(lh, old_data, data) \
- lh_insert(CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh), \
- CHECKED_CAST(void **, EX_CLASS_ITEM **, old_data), \
- CHECKED_CAST(void *, EX_CLASS_ITEM *, data))
-
-#define lh_EX_CLASS_ITEM_delete(lh, data) \
- ((EX_CLASS_ITEM *)lh_delete( \
- CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh), \
- CHECKED_CAST(void *, EX_CLASS_ITEM *, data)))
-
-#define lh_EX_CLASS_ITEM_doall(lh, func) \
- lh_doall(CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh), \
- CHECKED_CAST(void (*)(void *), void (*)(EX_CLASS_ITEM *), func));
-
-#define lh_EX_CLASS_ITEM_doall_arg(lh, func, arg) \
- lh_doall_arg(CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh), \
- CHECKED_CAST(void (*)(void *, void *), \
- void (*)(EX_CLASS_ITEM *, void *), func), \
- arg);
-
/* SSL_SESSION */
#define lh_SSL_SESSION_new(hash, comp) \
((LHASH_OF(SSL_SESSION) *)lh_new( \
diff --git a/src/include/openssl/mem.h b/src/include/openssl/mem.h
index 3bd01c0..42ec46a 100644
--- a/src/include/openssl/mem.h
+++ b/src/include/openssl/mem.h
@@ -58,6 +58,7 @@
#include <openssl/base.h>
+#include <stdlib.h>
#include <stdarg.h>
#if defined(__cplusplus)
diff --git a/src/include/openssl/obj.h b/src/include/openssl/obj.h
index 5dd8886..f476617 100644
--- a/src/include/openssl/obj.h
+++ b/src/include/openssl/obj.h
@@ -193,10 +193,10 @@
} /* extern C */
#endif
-#define OBJ_F_OBJ_txt2obj 100
-#define OBJ_F_OBJ_create 101
-#define OBJ_F_OBJ_dup 102
-#define OBJ_F_OBJ_nid2obj 103
+#define OBJ_F_OBJ_create 100
+#define OBJ_F_OBJ_dup 101
+#define OBJ_F_OBJ_nid2obj 102
+#define OBJ_F_OBJ_txt2obj 103
#define OBJ_R_UNKNOWN_NID 100
#endif /* OPENSSL_HEADER_OBJECTS_H */
diff --git a/src/include/openssl/opensslfeatures.h b/src/include/openssl/opensslfeatures.h
index 4f5cb31..c3f97d5 100644
--- a/src/include/openssl/opensslfeatures.h
+++ b/src/include/openssl/opensslfeatures.h
@@ -22,12 +22,15 @@
#define OPENSSL_NO_BF
#define OPENSSL_NO_BUF_FREELISTS
#define OPENSSL_NO_CAMELLIA
+#define OPENSSL_NO_CAPIENG
#define OPENSSL_NO_CAST
#define OPENSSL_NO_CMS
#define OPENSSL_NO_COMP
#define OPENSSL_NO_DANE
#define OPENSSL_NO_DEPRECATED
#define OPENSSL_NO_DYNAMIC_ENGINE
+#define OPENSSL_NO_EC_NISTP_64_GCC_128
+#define OPENSSL_NO_EC2M
#define OPENSSL_NO_ENGINE
#define OPENSSL_NO_GMP
#define OPENSSL_NO_GOST
@@ -38,11 +41,13 @@
#define OPENSSL_NO_KRB5
#define OPENSSL_NO_MD2
#define OPENSSL_NO_MDC2
+#define OPENSSL_NO_OCB
#define OPENSSL_NO_OCSP
#define OPENSSL_NO_RC2
#define OPENSSL_NO_RC5
#define OPENSSL_NO_RFC3779
#define OPENSSL_NO_RIPEMD
+#define OPENSSL_NO_RMD160
#define OPENSSL_NO_SCTP
#define OPENSSL_NO_SEED
#define OPENSSL_NO_SRP
diff --git a/src/include/openssl/opensslv.h b/src/include/openssl/opensslv.h
index a3555d4..22f7e25 100644
--- a/src/include/openssl/opensslv.h
+++ b/src/include/openssl/opensslv.h
@@ -15,4 +15,4 @@
/* This header is provided in order to make compiling against code that expects
OpenSSL easier. */
-#include "crypto.h"
+#include "ssl.h"
diff --git a/src/include/openssl/pem.h b/src/include/openssl/pem.h
index 5f61cab..adc8d86 100644
--- a/src/include/openssl/pem.h
+++ b/src/include/openssl/pem.h
@@ -502,57 +502,44 @@
}
#endif
-#define PEM_F_PEM_read_bio_DHparams 100
-#define PEM_F_load_iv 101
-#define PEM_F_PEM_write 102
-#define PEM_F_do_pk8pkey_fp 103
-#define PEM_F_PEM_read_PrivateKey 104
-#define PEM_F_PEM_read_DHparams 105
-#define PEM_F_PEM_ASN1_read_bio 106
-#define PEM_F_PEM_ASN1_read 107
+#define PEM_F_PEM_ASN1_read 100
+#define PEM_F_PEM_ASN1_read_bio 101
+#define PEM_F_PEM_ASN1_write 102
+#define PEM_F_PEM_ASN1_write_bio 103
+#define PEM_F_PEM_X509_INFO_read 104
+#define PEM_F_PEM_X509_INFO_read_bio 105
+#define PEM_F_PEM_X509_INFO_write_bio 106
+#define PEM_F_PEM_do_header 107
#define PEM_F_PEM_get_EVP_CIPHER_INFO 108
-#define PEM_F_PEM_X509_INFO_read 109
-#define PEM_F_PEM_read_bio_Parameters 110
-#define PEM_F_PEM_read 111
-#define PEM_F_PEM_X509_INFO_read_bio 112
-#define PEM_F_PEM_X509_INFO_write_bio 113
-#define PEM_F_PEM_ASN1_write 114
-#define PEM_F_d2i_PKCS8PrivateKey_bio 115
-#define PEM_F_d2i_PKCS8PrivateKey_fp 116
-#define PEM_F_PEM_read_bio_PrivateKey 117
-#define PEM_F_PEM_write_PrivateKey 118
-#define PEM_F_PEM_ASN1_write_bio 119
-#define PEM_F_PEM_do_header 120
-#define PEM_F_PEM_write_bio 121
-#define PEM_F_do_pk8pkey 122
-#define PEM_F_PEM_read_bio 123
-#define PEM_R_NO_START_LINE 100
-#define PEM_R_NOT_PROC_TYPE 101
-#define PEM_R_SHORT_HEADER 102
+#define PEM_F_PEM_read 109
+#define PEM_F_PEM_read_DHparams 110
+#define PEM_F_PEM_read_PrivateKey 111
+#define PEM_F_PEM_read_bio 112
+#define PEM_F_PEM_read_bio_DHparams 113
+#define PEM_F_PEM_read_bio_Parameters 114
+#define PEM_F_PEM_read_bio_PrivateKey 115
+#define PEM_F_PEM_write 116
+#define PEM_F_PEM_write_PrivateKey 117
+#define PEM_F_PEM_write_bio 118
+#define PEM_F_d2i_PKCS8PrivateKey_bio 119
+#define PEM_F_d2i_PKCS8PrivateKey_fp 120
+#define PEM_F_do_pk8pkey 121
+#define PEM_F_do_pk8pkey_fp 122
+#define PEM_F_load_iv 123
+#define PEM_R_BAD_BASE64_DECODE 100
+#define PEM_R_BAD_DECRYPT 101
+#define PEM_R_BAD_END_LINE 102
#define PEM_R_BAD_IV_CHARS 103
-#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 104
-#define PEM_R_BAD_END_LINE 105
-#define PEM_R_CIPHER_IS_NULL 106
-#define PEM_R_BAD_MAGIC_NUMBER 107
-#define PEM_R_BAD_DECRYPT 108
-#define PEM_R_UNSUPPORTED_ENCRYPTION 109
-#define PEM_R_PVK_DATA_TOO_SHORT 110
-#define PEM_R_PROBLEMS_GETTING_PASSWORD 111
-#define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 112
-#define PEM_R_BIO_WRITE_FAILURE 113
-#define PEM_R_INCONSISTENT_HEADER 114
-#define PEM_R_PUBLIC_KEY_NO_RSA 115
-#define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 116
-#define PEM_R_KEYBLOB_TOO_SHORT 117
-#define PEM_R_BAD_BASE64_DECODE 118
-#define PEM_R_READ_KEY 119
-#define PEM_R_BAD_PASSWORD_READ 120
-#define PEM_R_UNSUPPORTED_KEY_COMPONENTS 121
-#define PEM_R_UNSUPPORTED_CIPHER 122
-#define PEM_R_NOT_ENCRYPTED 123
-#define PEM_R_NOT_DEK_INFO 124
-#define PEM_R_BAD_VERSION_NUMBER 125
-#define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 126
-#define PEM_R_PVK_TOO_SHORT 127
+#define PEM_R_BAD_PASSWORD_READ 104
+#define PEM_R_CIPHER_IS_NULL 105
+#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 106
+#define PEM_R_NOT_DEK_INFO 107
+#define PEM_R_NOT_ENCRYPTED 108
+#define PEM_R_NOT_PROC_TYPE 109
+#define PEM_R_NO_START_LINE 110
+#define PEM_R_READ_KEY 111
+#define PEM_R_SHORT_HEADER 112
+#define PEM_R_UNSUPPORTED_CIPHER 113
+#define PEM_R_UNSUPPORTED_ENCRYPTION 114
#endif /* OPENSSL_HEADER_PEM_H */
diff --git a/src/include/openssl/pkcs8.h b/src/include/openssl/pkcs8.h
index 826ac7f..8dc7731 100644
--- a/src/include/openssl/pkcs8.h
+++ b/src/include/openssl/pkcs8.h
@@ -58,11 +58,9 @@
#define OPENSSL_HEADER_PKCS8_H
#include <openssl/base.h>
-
-#include <stdio.h>
-
#include <openssl/x509.h>
+
#if defined(__cplusplus)
extern "C" {
#endif
@@ -172,52 +170,48 @@
} /* extern C */
#endif
-#define PKCS8_F_PKCS8_encrypt 100
+#define PKCS8_F_EVP_PKCS82PKEY 100
#define PKCS8_F_EVP_PKEY2PKCS8 101
-#define PKCS8_F_EVP_PKCS82PKEY 102
-#define PKCS8_F_PKCS5_pbe_set0_algor 103
-#define PKCS8_F_pbe_crypt 104
-#define PKCS8_F_pkcs12_item_decrypt_d2i 105
+#define PKCS8_F_PKCS12_get_key_and_certs 102
+#define PKCS8_F_PKCS12_handle_content_info 103
+#define PKCS8_F_PKCS12_handle_content_infos 104
+#define PKCS8_F_PKCS5_pbe2_set_iv 105
#define PKCS8_F_PKCS5_pbe_set 106
-#define PKCS8_F_pkcs12_key_gen_uni 107
-#define PKCS8_F_pkcs12_key_gen_asc 108
-#define PKCS8_F_pkcs12_pbe_keyivgen 109
-#define PKCS8_F_pbe_cipher_init 110
-#define PKCS8_F_pkcs12_item_i2d_encrypt 111
-#define PKCS8_F_PKCS5_pbe2_set_iv 112
-#define PKCS8_F_PKCS5_pbkdf2_set 113
-#define PKCS8_F_pkcs12_key_gen_raw 114
-#define PKCS8_F_PKCS8_decrypt 115
-#define PKCS8_F_PKCS8_encrypt_pbe 116
-#define PKCS8_F_PKCS12_parse 117
-#define PKCS8_F_PKCS12_handle_content_info 118
-#define PKCS8_F_PKCS12_handle_content_infos 119
-#define PKCS8_F_PKCS12_get_key_and_certs 120
-#define PKCS8_R_ERROR_SETTING_CIPHER_PARAMS 100
-#define PKCS8_R_PRIVATE_KEY_ENCODE_ERROR 101
-#define PKCS8_R_UNKNOWN_ALGORITHM 102
-#define PKCS8_R_UNKNOWN_CIPHER 103
-#define PKCS8_R_UNKNOWN_DIGEST 104
+#define PKCS8_F_PKCS5_pbe_set0_algor 107
+#define PKCS8_F_PKCS5_pbkdf2_set 108
+#define PKCS8_F_PKCS8_decrypt 109
+#define PKCS8_F_PKCS8_encrypt 110
+#define PKCS8_F_PKCS8_encrypt_pbe 111
+#define PKCS8_F_pbe_cipher_init 112
+#define PKCS8_F_pbe_crypt 113
+#define PKCS8_F_pkcs12_item_decrypt_d2i 114
+#define PKCS8_F_pkcs12_item_i2d_encrypt 115
+#define PKCS8_F_pkcs12_key_gen_raw 116
+#define PKCS8_F_pkcs12_pbe_keyivgen 117
+#define PKCS8_R_BAD_PKCS12_DATA 100
+#define PKCS8_R_BAD_PKCS12_VERSION 101
+#define PKCS8_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 102
+#define PKCS8_R_CRYPT_ERROR 103
+#define PKCS8_R_DECODE_ERROR 104
#define PKCS8_R_ENCODE_ERROR 105
-#define PKCS8_R_DECODE_ERROR 106
-#define PKCS8_R_ENCRYPT_ERROR 107
-#define PKCS8_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 108
-#define PKCS8_R_PRIVATE_KEY_DECODE_ERROR 109
-#define PKCS8_R_UNKNOWN_CIPHER_ALGORITHM 110
-#define PKCS8_R_KEYGEN_FAILURE 111
-#define PKCS8_R_TOO_LONG 112
-#define PKCS8_R_CRYPT_ERROR 113
-#define PKCS8_R_METHOD_NOT_SUPPORTED 114
-#define PKCS8_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 115
-#define PKCS8_R_KEY_GEN_ERROR 116
-#define PKCS8_R_BAD_PKCS12_DATA 117
-#define PKCS8_R_PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED 118
-#define PKCS8_R_BAD_PKCS12_VERSION 119
-#define PKCS8_R_PKCS12_TOO_DEEPLY_NESTED 120
-#define PKCS8_R_MULTIPLE_PRIVATE_KEYS_IN_PKCS12 121
-#define PKCS8_R_UNKNOWN_HASH 122
-#define PKCS8_R_BAD_MAC 123
-#define PKCS8_R_MISSING_MAC 124
-#define PKCS8_R_INCORRECT_PASSWORD 125
+#define PKCS8_R_ENCRYPT_ERROR 106
+#define PKCS8_R_ERROR_SETTING_CIPHER_PARAMS 107
+#define PKCS8_R_INCORRECT_PASSWORD 108
+#define PKCS8_R_KEYGEN_FAILURE 109
+#define PKCS8_R_KEY_GEN_ERROR 110
+#define PKCS8_R_METHOD_NOT_SUPPORTED 111
+#define PKCS8_R_MISSING_MAC 112
+#define PKCS8_R_MULTIPLE_PRIVATE_KEYS_IN_PKCS12 113
+#define PKCS8_R_PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED 114
+#define PKCS8_R_PKCS12_TOO_DEEPLY_NESTED 115
+#define PKCS8_R_PRIVATE_KEY_DECODE_ERROR 116
+#define PKCS8_R_PRIVATE_KEY_ENCODE_ERROR 117
+#define PKCS8_R_TOO_LONG 118
+#define PKCS8_R_UNKNOWN_ALGORITHM 119
+#define PKCS8_R_UNKNOWN_CIPHER 120
+#define PKCS8_R_UNKNOWN_CIPHER_ALGORITHM 121
+#define PKCS8_R_UNKNOWN_DIGEST 122
+#define PKCS8_R_UNKNOWN_HASH 123
+#define PKCS8_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 124
#endif /* OPENSSL_HEADER_PKCS8_H */
diff --git a/src/include/openssl/rand.h b/src/include/openssl/rand.h
index 6186044..01ef4f8 100644
--- a/src/include/openssl/rand.h
+++ b/src/include/openssl/rand.h
@@ -22,8 +22,10 @@
#endif
-/* RAND_bytes writes |len| bytes of random data to |buf|. It returns one on
- * success and zero on otherwise. */
+/* Random number generation. */
+
+
+/* RAND_bytes writes |len| bytes of random data to |buf| and returns one. */
OPENSSL_EXPORT int RAND_bytes(uint8_t *buf, size_t len);
/* RAND_cleanup frees any resources used by the RNG. This is not safe if other
diff --git a/src/include/openssl/rc4.h b/src/include/openssl/rc4.h
index 727b474..0619cac 100644
--- a/src/include/openssl/rc4.h
+++ b/src/include/openssl/rc4.h
@@ -67,13 +67,10 @@
/* RC4. */
-typedef struct rc4_key_st {
+struct rc4_key_st {
uint32_t x, y;
- /* data is sometimes used as an array of 32-bit values and sometimes as 8-bit
- * values, depending on the platform. */
uint32_t data[256];
-} RC4_KEY;
-
+} /* RC4_KEY */;
/* RC4_set_key performs an RC4 key schedule and initialises |rc4key| with |len|
* bytes of key material from |key|. */
diff --git a/src/include/openssl/rsa.h b/src/include/openssl/rsa.h
index a4596c7..2e24231 100644
--- a/src/include/openssl/rsa.h
+++ b/src/include/openssl/rsa.h
@@ -61,6 +61,7 @@
#include <openssl/engine.h>
#include <openssl/ex_data.h>
+#include <openssl/thread.h>
#if defined(__cplusplus)
extern "C" {
@@ -190,7 +191,7 @@
unsigned int *out_len, RSA *rsa);
/* RSA_sign_raw signs |in_len| bytes from |in| with the public key from |rsa|
- * and writes, at most, |max_out| bytes of encrypted data to |out|. The
+ * and writes, at most, |max_out| bytes of signature data to |out|. The
* |max_out| argument must be, at least, |RSA_size| in order to ensure success.
*
* It returns 1 on success or zero on error.
@@ -254,7 +255,7 @@
/* Utility functions. */
/* RSA_size returns the number of bytes in the modulus, which is also the size
- * of a signature of encrypted value using |rsa|. */
+ * of a signature or encrypted value using |rsa|. */
OPENSSL_EXPORT unsigned RSA_size(const RSA *rsa);
/* RSA_is_opaque returns one if |rsa| is opaque and doesn't expose its key
@@ -286,11 +287,12 @@
OPENSSL_EXPORT int RSA_recover_crt_params(RSA *rsa);
/* RSA_verify_PKCS1_PSS_mgf1 verifies that |EM| is a correct PSS padding of
- * |mHash|, where |mHash| is a digest produced by |Hash|. The |mgf1Hash|
- * argument specifies the hash function for generating the mask. If NULL,
- * |Hash| is used. The |sLen| argument specifies the expected salt length in
- * bytes. If |sLen| is -1 then the salt length is the same as the hash length.
- * If -2, then the salt length is maximal and is taken from the size of |EM|.
+ * |mHash|, where |mHash| is a digest produced by |Hash|. |EM| must point to
+ * exactly |RSA_size(rsa)| bytes of data. The |mgf1Hash| argument specifies the
+ * hash function for generating the mask. If NULL, |Hash| is used. The |sLen|
+ * argument specifies the expected salt length in bytes. If |sLen| is -1 then
+ * the salt length is the same as the hash length. If -2, then the salt length
+ * is maximal and is taken from the size of |EM|.
*
* It returns one on success or zero on error. */
OPENSSL_EXPORT int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash,
@@ -299,12 +301,12 @@
const uint8_t *EM, int sLen);
/* RSA_padding_add_PKCS1_PSS_mgf1 writes a PSS padding of |mHash| to |EM|,
- * where |mHash| is a digest produced by |Hash|. There must be at least
- * |RSA_size(rsa)| bytes of space in |EM|. The |mgf1Hash| argument specifies
- * the hash function for generating the mask. If NULL, |Hash| is used. The
- * |sLen| argument specifies the expected salt length in bytes. If |sLen| is -1
- * then the salt length is the same as the hash length. If -2, then the salt
- * length is maximal given the space in |EM|.
+ * where |mHash| is a digest produced by |Hash|. |RSA_size(rsa)| bytes of
+ * output will be written to |EM|. The |mgf1Hash| argument specifies the hash
+ * function for generating the mask. If NULL, |Hash| is used. The |sLen|
+ * argument specifies the expected salt length in bytes. If |sLen| is -1 then
+ * the salt length is the same as the hash length. If -2, then the salt length
+ * is maximal given the space in |EM|.
*
* It returns one on success or zero on error. */
OPENSSL_EXPORT int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, uint8_t *EM,
@@ -314,7 +316,6 @@
int sLen);
-
/* ASN.1 functions. */
/* d2i_RSAPublicKey parses an ASN.1, DER-encoded, RSA public key from |len|
@@ -348,7 +349,7 @@
/* ex_data functions.
*
- * These functions are wrappers. See |ex_data.h| for details. */
+ * See |ex_data.h| for details. */
OPENSSL_EXPORT int RSA_get_ex_new_index(long argl, void *argp,
CRYPTO_EX_new *new_func,
@@ -477,18 +478,21 @@
int references;
int flags;
- /* Used to cache montgomery values */
+ CRYPTO_MUTEX lock;
+
+ /* Used to cache montgomery values. The creation of these values is protected
+ * by |lock|. */
BN_MONT_CTX *_method_mod_n;
BN_MONT_CTX *_method_mod_p;
BN_MONT_CTX *_method_mod_q;
/* num_blindings contains the size of the |blindings| and |blindings_inuse|
* arrays. This member and the |blindings_inuse| array are protected by
- * CRYPTO_LOCK_RSA_BLINDING. */
+ * |lock|. */
unsigned num_blindings;
/* blindings is an array of BN_BLINDING structures that can be reserved by a
- * thread by locking CRYPTO_LOCK_RSA_BLINDING and changing the corresponding
- * element in |blindings_inuse| from 0 to 1. */
+ * thread by locking |lock| and changing the corresponding element in
+ * |blindings_inuse| from 0 to 1. */
BN_BLINDING **blindings;
unsigned char *blindings_inuse;
};
@@ -498,79 +502,74 @@
} /* extern C */
#endif
-#define RSA_F_RSA_padding_check_none 100
-#define RSA_F_RSA_padding_add_none 101
-#define RSA_F_RSA_padding_check_PKCS1_OAEP_mgf1 102
-#define RSA_F_RSA_verify_PKCS1_PSS_mgf1 103
-#define RSA_F_RSA_padding_add_PKCS1_PSS_mgf1 104
-#define RSA_F_RSA_verify 105
-#define RSA_F_rsa_setup_blinding 106
-#define RSA_F_verify_raw 107
-#define RSA_F_RSA_padding_add_PKCS1_type_1 108
-#define RSA_F_keygen 109
-#define RSA_F_RSA_padding_add_PKCS1_OAEP_mgf1 110
-#define RSA_F_pkcs1_prefixed_msg 111
-#define RSA_F_BN_BLINDING_update 112
-#define RSA_F_RSA_padding_check_SSLv23 113
-#define RSA_F_RSA_padding_add_SSLv23 114
-#define RSA_F_BN_BLINDING_new 115
-#define RSA_F_RSA_padding_add_PKCS1_type_2 116
-#define RSA_F_BN_BLINDING_convert_ex 117
-#define RSA_F_BN_BLINDING_invert_ex 118
-#define RSA_F_encrypt 119
-#define RSA_F_sign_raw 120
-#define RSA_F_RSA_new_method 121
-#define RSA_F_RSA_padding_check_PKCS1_type_1 122
-#define RSA_F_RSA_sign 123
-#define RSA_F_BN_BLINDING_create_param 124
-#define RSA_F_decrypt 125
-#define RSA_F_RSA_padding_check_PKCS1_type_2 126
-#define RSA_F_RSA_recover_crt_params 127
-#define RSA_F_RSA_check_key 128
-#define RSA_F_private_transform 129
-#define RSA_R_INVALID_MESSAGE_LENGTH 100
-#define RSA_R_NO_PUBLIC_EXPONENT 102
-#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 103
-#define RSA_R_BLOCK_TYPE_IS_NOT_01 104
-#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 105
-#define RSA_R_UNKNOWN_PADDING_TYPE 106
-#define RSA_R_TOO_MANY_ITERATIONS 107
-#define RSA_R_SLEN_RECOVERY_FAILED 108
-#define RSA_R_WRONG_SIGNATURE_LENGTH 109
-#define RSA_R_MODULUS_TOO_LARGE 110
-#define RSA_R_NULL_BEFORE_BLOCK_MISSING 111
-#define RSA_R_DATA_TOO_LARGE 112
-#define RSA_R_OUTPUT_BUFFER_TOO_SMALL 113
-#define RSA_R_SLEN_CHECK_FAILED 114
-#define RSA_R_FIRST_OCTET_INVALID 115
-#define RSA_R_BAD_E_VALUE 116
-#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 117
-#define RSA_R_EMPTY_PUBLIC_KEY 118
-#define RSA_R_BAD_PAD_BYTE_COUNT 119
-#define RSA_R_OAEP_DECODING_ERROR 120
-#define RSA_R_TOO_LONG 121
-#define RSA_R_BAD_FIXED_HEADER_DECRYPT 122
-#define RSA_R_DATA_TOO_SMALL 123
-#define RSA_R_UNKNOWN_ALGORITHM_TYPE 124
-#define RSA_R_PADDING_CHECK_FAILED 125
-#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 126
-#define RSA_R_BLOCK_TYPE_IS_NOT_02 127
-#define RSA_R_LAST_OCTET_INVALID 128
-#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 129
-#define RSA_R_SSLV3_ROLLBACK_ATTACK 130
-#define RSA_R_KEY_SIZE_TOO_SMALL 131
-#define RSA_R_BAD_SIGNATURE 132
-#define RSA_R_BN_NOT_INITIALIZED 133
-#define RSA_R_PKCS_DECODING_ERROR 134
-#define RSA_R_BAD_RSA_PARAMETERS 135
-#define RSA_R_INTERNAL_ERROR 136
-#define RSA_R_CRT_PARAMS_ALREADY_GIVEN 137
-#define RSA_R_D_E_NOT_CONGRUENT_TO_1 138
+#define RSA_F_BN_BLINDING_convert_ex 100
+#define RSA_F_BN_BLINDING_create_param 101
+#define RSA_F_BN_BLINDING_invert_ex 102
+#define RSA_F_BN_BLINDING_new 103
+#define RSA_F_BN_BLINDING_update 104
+#define RSA_F_RSA_check_key 105
+#define RSA_F_RSA_new_method 106
+#define RSA_F_RSA_padding_add_PKCS1_OAEP_mgf1 107
+#define RSA_F_RSA_padding_add_PKCS1_PSS_mgf1 108
+#define RSA_F_RSA_padding_add_PKCS1_type_1 109
+#define RSA_F_RSA_padding_add_PKCS1_type_2 110
+#define RSA_F_RSA_padding_add_none 111
+#define RSA_F_RSA_padding_check_PKCS1_OAEP_mgf1 112
+#define RSA_F_RSA_padding_check_PKCS1_type_1 113
+#define RSA_F_RSA_padding_check_PKCS1_type_2 114
+#define RSA_F_RSA_padding_check_none 115
+#define RSA_F_RSA_recover_crt_params 116
+#define RSA_F_RSA_sign 117
+#define RSA_F_RSA_verify 118
+#define RSA_F_RSA_verify_PKCS1_PSS_mgf1 119
+#define RSA_F_decrypt 120
+#define RSA_F_encrypt 121
+#define RSA_F_keygen 122
+#define RSA_F_pkcs1_prefixed_msg 123
+#define RSA_F_private_transform 124
+#define RSA_F_rsa_setup_blinding 125
+#define RSA_F_sign_raw 126
+#define RSA_F_verify_raw 127
+#define RSA_R_BAD_E_VALUE 100
+#define RSA_R_BAD_FIXED_HEADER_DECRYPT 101
+#define RSA_R_BAD_PAD_BYTE_COUNT 102
+#define RSA_R_BAD_RSA_PARAMETERS 103
+#define RSA_R_BAD_SIGNATURE 104
+#define RSA_R_BLOCK_TYPE_IS_NOT_01 105
+#define RSA_R_BN_NOT_INITIALIZED 106
+#define RSA_R_CRT_PARAMS_ALREADY_GIVEN 107
+#define RSA_R_CRT_VALUES_INCORRECT 108
+#define RSA_R_DATA_LEN_NOT_EQUAL_TO_MOD_LEN 109
+#define RSA_R_DATA_TOO_LARGE 110
+#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 111
+#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 112
+#define RSA_R_DATA_TOO_SMALL 113
+#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 114
+#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 115
+#define RSA_R_D_E_NOT_CONGRUENT_TO_1 116
+#define RSA_R_EMPTY_PUBLIC_KEY 117
+#define RSA_R_FIRST_OCTET_INVALID 118
+#define RSA_R_INCONSISTENT_SET_OF_CRT_VALUES 119
+#define RSA_R_INTERNAL_ERROR 120
+#define RSA_R_INVALID_MESSAGE_LENGTH 121
+#define RSA_R_KEY_SIZE_TOO_SMALL 122
+#define RSA_R_LAST_OCTET_INVALID 123
+#define RSA_R_MODULUS_TOO_LARGE 124
+#define RSA_R_NO_PUBLIC_EXPONENT 125
+#define RSA_R_NULL_BEFORE_BLOCK_MISSING 126
+#define RSA_R_N_NOT_EQUAL_P_Q 127
+#define RSA_R_OAEP_DECODING_ERROR 128
+#define RSA_R_ONLY_ONE_OF_P_Q_GIVEN 129
+#define RSA_R_OUTPUT_BUFFER_TOO_SMALL 130
+#define RSA_R_PADDING_CHECK_FAILED 131
+#define RSA_R_PKCS_DECODING_ERROR 132
+#define RSA_R_SLEN_CHECK_FAILED 133
+#define RSA_R_SLEN_RECOVERY_FAILED 134
+#define RSA_R_TOO_LONG 135
+#define RSA_R_TOO_MANY_ITERATIONS 136
+#define RSA_R_UNKNOWN_ALGORITHM_TYPE 137
+#define RSA_R_UNKNOWN_PADDING_TYPE 138
#define RSA_R_VALUE_MISSING 139
-#define RSA_R_N_NOT_EQUAL_P_Q 140
-#define RSA_R_CRT_VALUES_INCORRECT 141
-#define RSA_R_INCONSISTENT_SET_OF_CRT_VALUES 142
-#define RSA_R_ONLY_ONE_OF_P_Q_GIVEN 143
-#define RSA_R_DATA_LEN_NOT_EQUAL_TO_MOD_LEN 144
+#define RSA_R_WRONG_SIGNATURE_LENGTH 140
#endif /* OPENSSL_HEADER_RSA_H */
diff --git a/src/include/openssl/safe_stack.h b/src/include/openssl/safestack.h
similarity index 100%
rename from src/include/openssl/safe_stack.h
rename to src/include/openssl/safestack.h
diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h
index ef73c8d..b746007 100644
--- a/src/include/openssl/ssl.h
+++ b/src/include/openssl/ssl.h
@@ -140,8 +140,8 @@
* OTHERWISE.
*/
-#ifndef HEADER_SSL_H
-#define HEADER_SSL_H
+#ifndef OPENSSL_HEADER_SSL_H
+#define OPENSSL_HEADER_SSL_H
#include <openssl/base.h>
@@ -152,17 +152,132 @@
#include <openssl/pem.h>
#include <openssl/x509.h>
+#if !defined(OPENSSL_WINDOWS)
+#include <sys/time.h>
+#endif
+
/* Some code expected to get the threading functions by including ssl.h. */
#include <openssl/thread.h>
/* wpa_supplicant expects to get the version functions from ssl.h */
#include <openssl/crypto.h>
-#ifdef __cplusplus
+/* Forward-declare struct timeval. On Windows, it is defined in winsock2.h and
+ * Windows headers define too many macros to be included in public headers.
+ * However, only a forward declaration is needed. */
+struct timeval;
+
+#if defined(__cplusplus)
extern "C" {
#endif
+/* SSL implementation. */
+
+
+/* Initialization. */
+
+/* SSL_library_init initializes the crypto and SSL libraries and returns one. */
+OPENSSL_EXPORT int SSL_library_init(void);
+
+
+/* Protocol version constants */
+
+#define SSL3_VERSION 0x0300
+#define SSL3_VERSION_MAJOR 0x03
+#define SSL3_VERSION_MINOR 0x00
+
+#define TLS1_2_VERSION 0x0303
+#define TLS1_2_VERSION_MAJOR 0x03
+#define TLS1_2_VERSION_MINOR 0x03
+
+#define TLS1_1_VERSION 0x0302
+#define TLS1_1_VERSION_MAJOR 0x03
+#define TLS1_1_VERSION_MINOR 0x02
+
+#define TLS1_VERSION 0x0301
+#define TLS1_VERSION_MAJOR 0x03
+#define TLS1_VERSION_MINOR 0x01
+
+#define DTLS1_VERSION 0xFEFF
+#define DTLS1_2_VERSION 0xFEFD
+
+
+/* Cipher suites. */
+
+/* An SSL_CIPHER represents a cipher suite. */
+typedef struct ssl_cipher_st {
+ /* name is the OpenSSL name for the cipher. */
+ const char *name;
+ /* id is the cipher suite value bitwise OR-d with 0x03000000. */
+ uint32_t id;
+
+ /* The following are internal fields. See ssl/internal.h for their values. */
+
+ uint32_t algorithm_mkey;
+ uint32_t algorithm_auth;
+ uint32_t algorithm_enc;
+ uint32_t algorithm_mac;
+ uint32_t algorithm_ssl;
+ uint32_t algo_strength;
+
+ /* algorithm2 contains extra flags. See ssl/internal.h. */
+ uint32_t algorithm2;
+
+ /* strength_bits is the strength of the cipher in bits. */
+ int strength_bits;
+ /* alg_bits is the number of bits of key material used by the algorithm. */
+ int alg_bits;
+} SSL_CIPHER;
+
+DECLARE_STACK_OF(SSL_CIPHER)
+
+/* SSL_get_cipher_by_value returns the structure representing a TLS cipher
+ * suite based on its assigned number, or NULL if unknown. See
+ * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4. */
+OPENSSL_EXPORT const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value);
+
+/* SSL_CIPHER_get_id returns |cipher|'s id. It may be cast to a |uint16_t| to
+ * get the cipher suite value. */
+OPENSSL_EXPORT uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher);
+
+/* SSL_CIPHER_is_AES returns one if |cipher| uses AES (either GCM or CBC
+ * mode). */
+OPENSSL_EXPORT int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher);
+
+/* SSL_CIPHER_has_MD5_HMAC returns one if |cipher| uses HMAC-MD5. */
+OPENSSL_EXPORT int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *cipher);
+
+/* SSL_CIPHER_is_AESGCM returns one if |cipher| uses AES-GCM. */
+OPENSSL_EXPORT int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *cipher);
+
+/* SSL_CIPHER_is_CHACHA20POLY1305 returns one if |cipher| uses
+ * CHACHA20_POLY1305. */
+OPENSSL_EXPORT int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *cipher);
+
+/* SSL_CIPHER_get_name returns the OpenSSL name of |cipher|. */
+OPENSSL_EXPORT const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
+
+/* SSL_CIPHER_get_kx_name returns a string that describes the key-exchange
+ * method used by |cipher|. For example, "ECDHE_ECDSA". */
+OPENSSL_EXPORT const char *SSL_CIPHER_get_kx_name(const SSL_CIPHER *cipher);
+
+/* SSL_CIPHER_get_rfc_name returns a newly-allocated string with the standard
+ * name for |cipher|. For example, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256". The
+ * caller is responsible for calling |OPENSSL_free| on the result. */
+OPENSSL_EXPORT char *SSL_CIPHER_get_rfc_name(const SSL_CIPHER *cipher);
+
+/* SSL_CIPHER_get_bits returns the strength, in bits, of |cipher|. If
+ * |out_alg_bits| is not NULL, it writes the number of bits consumed by the
+ * symmetric algorithm to |*out_alg_bits|. */
+OPENSSL_EXPORT int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher,
+ int *out_alg_bits);
+
+
+/* Underdocumented functions.
+ *
+ * Functions below here haven't been touched up and may be underdocumented. */
+
/* SSLeay version number for ASN.1 encoding of the session information */
/* Version 0 - initial version
* Version 1 - added the optional peer certificate. */
@@ -178,11 +293,11 @@
#define SSL_TXT_HIGH "HIGH"
#define SSL_TXT_FIPS "FIPS"
-#define SSL_TXT_aNULL "aNULL"
-
#define SSL_TXT_kRSA "kRSA"
-#define SSL_TXT_kEDH "kEDH"
-#define SSL_TXT_kEECDH "kEECDH"
+#define SSL_TXT_kDHE "kDHE"
+#define SSL_TXT_kEDH "kEDH" /* same as "kDHE" */
+#define SSL_TXT_kECDHE "kECDHE"
+#define SSL_TXT_kEECDH "kEECDH" /* same as "kECDHE" */
#define SSL_TXT_kPSK "kPSK"
#define SSL_TXT_aRSA "aRSA"
@@ -190,12 +305,12 @@
#define SSL_TXT_aPSK "aPSK"
#define SSL_TXT_DH "DH"
-#define SSL_TXT_EDH "EDH" /* same as "kEDH:-ADH" */
-#define SSL_TXT_ADH "ADH"
+#define SSL_TXT_DHE "DHE" /* same as "kDHE" */
+#define SSL_TXT_EDH "EDH" /* same as "DHE" */
#define SSL_TXT_RSA "RSA"
#define SSL_TXT_ECDH "ECDH"
-#define SSL_TXT_EECDH "EECDH" /* same as "kEECDH:-AECDH" */
-#define SSL_TXT_AECDH "AECDH"
+#define SSL_TXT_ECDHE "ECDHE" /* same as "kECDHE" */
+#define SSL_TXT_EECDH "EECDH" /* same as "ECDHE" */
#define SSL_TXT_ECDSA "ECDSA"
#define SSL_TXT_PSK "PSK"
@@ -237,7 +352,7 @@
/* The following cipher list is used by default. It also is substituted when an
* application-defined cipher list string starts with 'DEFAULT'. */
-#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
+#define SSL_DEFAULT_CIPHER_LIST "ALL"
/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
* starts with a reasonable order, and all we have to do for DEFAULT is
@@ -253,14 +368,11 @@
typedef struct ssl_method_st SSL_METHOD;
typedef struct ssl_protocol_method_st SSL_PROTOCOL_METHOD;
-typedef struct ssl_cipher_st SSL_CIPHER;
typedef struct ssl_session_st SSL_SESSION;
typedef struct tls_sigalgs_st TLS_SIGALGS;
typedef struct ssl_conf_ctx_st SSL_CONF_CTX;
typedef struct ssl3_enc_method SSL3_ENC_METHOD;
-DECLARE_STACK_OF(SSL_CIPHER)
-
/* SRTP protection profiles for use with the use_srtp extension (RFC 5764). */
typedef struct srtp_protection_profile_st {
const char *name;
@@ -269,28 +381,6 @@
DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
-/* used to hold info on the particular ciphers used */
-struct ssl_cipher_st {
- int valid;
- const char *name; /* text name */
- unsigned long id; /* id, 4 bytes, first is version */
-
- /* changed in 0.9.9: these four used to be portions of a single value
- * 'algorithms' */
- unsigned long algorithm_mkey; /* key exchange algorithm */
- unsigned long algorithm_auth; /* server authentication */
- unsigned long algorithm_enc; /* symmetric encryption */
- unsigned long algorithm_mac; /* symmetric authentication */
- unsigned long algorithm_ssl; /* (major) protocol version */
-
- unsigned long algo_strength; /* strength and export flags */
- unsigned long algorithm2; /* Extra flags. See SSL2_CF_* in ssl2.h
- and algorithm2 section in
- ssl_locl.h */
- int strength_bits; /* Number of bits really used */
- int alg_bits; /* Number of bits for algorithm */
-};
-
/* An SSL_SESSION represents an SSL session that may be resumed in an
* abbreviated handshake. */
struct ssl_session_st {
@@ -382,8 +472,6 @@
/* DTLS options */
#define SSL_OP_NO_QUERY_MTU 0x00001000L
-/* Turn on Cookie Exchange (on relevant for servers) */
-#define SSL_OP_COOKIE_EXCHANGE 0x00002000L
/* Don't use RFC4507 ticket extension */
#define SSL_OP_NO_TICKET 0x00004000L
@@ -393,9 +481,9 @@
#define SSL_OP_NO_COMPRESSION 0x00020000L
/* Permit unsafe legacy renegotiation */
#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L
-/* If set, always create a new key when using tmp_ecdh parameters */
+/* SSL_OP_SINGLE_ECDH_USE does nothing. */
#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
-/* If set, always create a new key when using tmp_dh parameters */
+/* SSL_OP_SINGLE_DH_USE does nothing. */
#define SSL_OP_SINGLE_DH_USE 0x00100000L
/* Set on servers to choose the cipher according to the server's preferences */
#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
@@ -435,14 +523,11 @@
#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
/* Don't attempt to automatically build certificate chain */
#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
-/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and
- * TLS only.) "Released" buffers are put onto a free-list in the context or
- * just freed (depending on the context's setting for freelist_max_len). */
-#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
/* The following flags do nothing and are included only to make it easier to
* compile code with BoringSSL. */
#define SSL_MODE_AUTO_RETRY 0
+#define SSL_MODE_RELEASE_BUFFERS 0
/* Send the current time in the Random fields of the ClientHello and
* ServerHello records for compatibility with hypothetical implementations that
@@ -467,9 +552,14 @@
/* Clear verification errors from queue */
#define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10
-/* When set, clients may send application data before receipt of CCS and
- * Finished. This mode enables full-handshakes to 'complete' in one RTT. */
-#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000080L
+/* SSL_MODE_ENABLE_FALSE_START allows clients to send application data before
+ * receipt of CCS and Finished. This mode enables full-handshakes to 'complete'
+ * in one RTT. See draft-bmoeller-tls-falsestart-01. */
+#define SSL_MODE_ENABLE_FALSE_START 0x00000080L
+
+/* Deprecated: SSL_MODE_HANDSHAKE_CUTTHROUGH is the same as
+ * SSL_MODE_ENABLE_FALSE_START. */
+#define SSL_MODE_HANDSHAKE_CUTTHROUGH SSL_MODE_ENABLE_FALSE_START
/* When set, TLS 1.0 and SSLv3, multi-byte, CBC records will be split in two:
* the first record will contain a single byte and the second will contain the
@@ -482,7 +572,7 @@
* session resumption is used for a given SSL*. */
#define SSL_MODE_NO_SESSION_CREATION 0x00000200L
-/* SSL_MODE_SEND_SERVERHELLO_TIME sends TLS_FALLBACK_SCSV in the ClientHello.
+/* SSL_MODE_SEND_FALLBACK_SCSV sends TLS_FALLBACK_SCSV in the ClientHello.
* To be set only by applications that reconnect with a downgraded protocol
* version; see https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-05
* for details.
@@ -492,38 +582,69 @@
* draft-ietf-tls-downgrade-scsv-05. */
#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000400L
-/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they
- * cannot be used to clear bits. */
+/* SSL_CTX_set_options enables all options set in |options| (which should be one
+ * or more of the |SSL_OP_*| values, ORed together) in |ctx|. It returns a
+ * bitmask representing the resulting enabled options. */
+OPENSSL_EXPORT uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options);
-#define SSL_CTX_set_options(ctx, op) \
- SSL_CTX_ctrl((ctx), SSL_CTRL_OPTIONS, (op), NULL)
-#define SSL_CTX_clear_options(ctx, op) \
- SSL_CTX_ctrl((ctx), SSL_CTRL_CLEAR_OPTIONS, (op), NULL)
-#define SSL_CTX_get_options(ctx) SSL_CTX_ctrl((ctx), SSL_CTRL_OPTIONS, 0, NULL)
-#define SSL_set_options(ssl, op) SSL_ctrl((ssl), SSL_CTRL_OPTIONS, (op), NULL)
-#define SSL_clear_options(ssl, op) \
- SSL_ctrl((ssl), SSL_CTRL_CLEAR_OPTIONS, (op), NULL)
-#define SSL_get_options(ssl) SSL_ctrl((ssl), SSL_CTRL_OPTIONS, 0, NULL)
+/* SSL_CTX_clear_options disables all options set in |options| (which should be
+ * one or more of the |SSL_OP_*| values, ORed together) in |ctx|. It returns a
+ * bitmask representing the resulting enabled options. */
+OPENSSL_EXPORT uint32_t SSL_CTX_clear_options(SSL_CTX *ctx, uint32_t options);
-#define SSL_CTX_set_mode(ctx, op) SSL_CTX_ctrl((ctx), SSL_CTRL_MODE, (op), NULL)
-#define SSL_CTX_clear_mode(ctx, op) \
- SSL_CTX_ctrl((ctx), SSL_CTRL_CLEAR_MODE, (op), NULL)
-#define SSL_CTX_get_mode(ctx) SSL_CTX_ctrl((ctx), SSL_CTRL_MODE, 0, NULL)
-#define SSL_clear_mode(ssl, op) SSL_ctrl((ssl), SSL_CTRL_CLEAR_MODE, (op), NULL)
-#define SSL_set_mode(ssl, op) SSL_ctrl((ssl), SSL_CTRL_MODE, (op), NULL)
-#define SSL_get_mode(ssl) SSL_ctrl((ssl), SSL_CTRL_MODE, 0, NULL)
-#define SSL_set_mtu(ssl, mtu) SSL_ctrl((ssl), SSL_CTRL_SET_MTU, (mtu), NULL)
+/* SSL_CTX_get_options returns a bitmask of |SSL_OP_*| values that represent all
+ * the options enabled for |ctx|. */
+OPENSSL_EXPORT uint32_t SSL_CTX_get_options(const SSL_CTX *ctx);
-#define SSL_get_secure_renegotiation_support(ssl) \
- SSL_ctrl((SSL *)(ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
+/* SSL_set_options enables all options set in |options| (which should be one or
+ * more of the |SSL_OP_*| values, ORed together) in |ssl|. It returns a bitmask
+ * representing the resulting enabled options. */
+OPENSSL_EXPORT uint32_t SSL_set_options(SSL *ssl, uint32_t options);
-#define SSL_CTX_set_cert_flags(ctx, op) \
- SSL_CTX_ctrl((ctx), SSL_CTRL_CERT_FLAGS, (op), NULL)
-#define SSL_set_cert_flags(s, op) SSL_ctrl((s), SSL_CTRL_CERT_FLAGS, (op), NULL)
-#define SSL_CTX_clear_cert_flags(ctx, op) \
- SSL_CTX_ctrl((ctx), SSL_CTRL_CLEAR_CERT_FLAGS, (op), NULL)
-#define SSL_clear_cert_flags(s, op) \
- SSL_ctrl((s), SSL_CTRL_CLEAR_CERT_FLAGS, (op), NULL)
+/* SSL_clear_options disables all options set in |options| (which should be one
+ * or more of the |SSL_OP_*| values, ORed together) in |ssl|. It returns a
+ * bitmask representing the resulting enabled options. */
+OPENSSL_EXPORT uint32_t SSL_clear_options(SSL *ssl, uint32_t options);
+
+/* SSL_get_options returns a bitmask of |SSL_OP_*| values that represent all the
+ * options enabled for |ssl|. */
+OPENSSL_EXPORT uint32_t SSL_get_options(const SSL *ssl);
+
+/* SSL_CTX_set_mode enables all modes set in |mode| (which should be one or more
+ * of the |SSL_MODE_*| values, ORed together) in |ctx|. It returns a bitmask
+ * representing the resulting enabled modes. */
+OPENSSL_EXPORT uint32_t SSL_CTX_set_mode(SSL_CTX *ctx, uint32_t mode);
+
+/* SSL_CTX_clear_mode disables all modes set in |mode| (which should be one or
+ * more of the |SSL_MODE_*| values, ORed together) in |ctx|. It returns a
+ * bitmask representing the resulting enabled modes. */
+OPENSSL_EXPORT uint32_t SSL_CTX_clear_mode(SSL_CTX *ctx, uint32_t mode);
+
+/* SSL_CTX_get_mode returns a bitmask of |SSL_MODE_*| values that represent all
+ * the modes enabled for |ssl|. */
+OPENSSL_EXPORT uint32_t SSL_CTX_get_mode(const SSL_CTX *ctx);
+
+/* SSL_set_mode enables all modes set in |mode| (which should be one or more of
+ * the |SSL_MODE_*| values, ORed together) in |ssl|. It returns a bitmask
+ * representing the resulting enabled modes. */
+OPENSSL_EXPORT uint32_t SSL_set_mode(SSL *ssl, uint32_t mode);
+
+/* SSL_clear_mode disables all modes set in |mode| (which should be one or more
+ * of the |SSL_MODE_*| values, ORed together) in |ssl|. It returns a bitmask
+ * representing the resulting enabled modes. */
+OPENSSL_EXPORT uint32_t SSL_clear_mode(SSL *ssl, uint32_t mode);
+
+/* SSL_get_mode returns a bitmask of |SSL_MODE_*| values that represent all the
+ * modes enabled for |ssl|. */
+OPENSSL_EXPORT uint32_t SSL_get_mode(const SSL *ssl);
+
+/* SSL_set_mtu sets the |ssl|'s MTU in DTLS to |mtu|. It returns one on success
+ * and zero on failure. */
+OPENSSL_EXPORT int SSL_set_mtu(SSL *ssl, unsigned mtu);
+
+/* SSL_get_secure_renegotiation_support returns one if the peer supports secure
+ * renegotiation (RFC 5746) and zero otherwise. */
+OPENSSL_EXPORT int SSL_get_secure_renegotiation_support(const SSL *ssl);
/* SSL_CTX_set_min_version sets the minimum protocol version for |ctx| to
* |version|. */
@@ -541,16 +662,36 @@
* |version|. */
OPENSSL_EXPORT void SSL_set_max_version(SSL *ssl, uint16_t version);
+/* SSL_CTX_set_msg_callback installs |cb| as the message callback for |ctx|.
+ * This callback will be called when sending or receiving low-level record
+ * headers, complete handshake messages, ChangeCipherSpec, and alerts.
+ * |write_p| is one for outgoing messages and zero for incoming messages.
+ *
+ * For each record header, |cb| is called with |version| = 0 and |content_type|
+ * = |SSL3_RT_HEADER|. The |len| bytes from |buf| contain the header. Note that
+ * this does not include the record body. If the record is sealed, the length
+ * in the header is the length of the ciphertext.
+ *
+ * For each handshake message, ChangeCipherSpec, and alert, |version| is the
+ * protocol version and |content_type| is the corresponding record type. The
+ * |len| bytes from |buf| contain the handshake message, one-byte
+ * ChangeCipherSpec body, and two-byte alert, respectively. */
OPENSSL_EXPORT void SSL_CTX_set_msg_callback(
SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg));
+
+/* SSL_CTX_set_msg_callback_arg sets the |arg| parameter of the message
+ * callback. */
+OPENSSL_EXPORT void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
+
+/* SSL_set_msg_callback installs |cb| as the message callback of |ssl|. See
+ * |SSL_CTX_set_msg_callback| for when this callback is called. */
OPENSSL_EXPORT void SSL_set_msg_callback(
SSL *ssl, void (*cb)(int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg));
-#define SSL_CTX_set_msg_callback_arg(ctx, arg) \
- SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
-#define SSL_set_msg_callback_arg(ssl, arg) \
- SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+
+/* set_msg_callback_arg sets the |arg| parameter of the message callback. */
+OPENSSL_EXPORT void SSL_set_msg_callback_arg(SSL *ssl, void *arg);
/* SSL_CTX_set_keylog_bio sets configures all SSL objects attached to |ctx| to
* log session material to |keylog_bio|. This is intended for debugging use
@@ -686,6 +827,10 @@
struct ssl_session_st *session_cache_head;
struct ssl_session_st *session_cache_tail;
+ /* handshakes_since_cache_flush is the number of successful handshakes since
+ * the last cache flush. */
+ int handshakes_since_cache_flush;
+
/* This can have one of 2 values, ored together,
* SSL_SESS_CACHE_CLIENT,
* SSL_SESS_CACHE_SERVER,
@@ -709,26 +854,6 @@
SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, uint8_t *data, int len,
int *copy);
- /* TODO(agl): remove the stats stuff. */
- struct {
- int sess_connect; /* SSL new conn - started */
- int sess_connect_renegotiate; /* SSL reneg - requested */
- int sess_connect_good; /* SSL new conne/reneg - finished */
- int sess_accept; /* SSL new accept - started */
- int sess_accept_renegotiate; /* SSL reneg - requested */
- int sess_accept_good; /* SSL accept/reneg - finished */
- int sess_miss; /* session lookup misses */
- int sess_timeout; /* reuse attempt on timeouted session */
- int sess_cache_full; /* session removed due to full cache */
- int sess_hit; /* session reuse actually done */
- int sess_cb_hit; /* session-id that was not
- * in the cache was
- * passed back via the callback. This
- * indicates that the application is
- * supplying session-id's from other
- * processes - spooky :-) */
- } stats;
-
int references;
/* if defined, these override the X509_verify_cert() calls */
@@ -749,13 +874,6 @@
/* get channel id callback */
void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey);
- /* cookie generate callback */
- int (*app_gen_cookie_cb)(SSL *ssl, uint8_t *cookie, size_t *cookie_len);
-
- /* verify cookie callback */
- int (*app_verify_cookie_cb)(SSL *ssl, const uint8_t *cookie,
- size_t cookie_len);
-
CRYPTO_EX_DATA ex_data;
STACK_OF(X509) *extra_certs;
@@ -773,9 +891,9 @@
/* Default values to use in SSL structures follow (these are copied by
* SSL_new) */
- unsigned long options;
- unsigned long mode;
- long max_cert_list;
+ uint32_t options;
+ uint32_t mode;
+ uint32_t max_cert_list;
struct cert_st /* CERT */ *cert;
int read_ahead;
@@ -800,16 +918,22 @@
* before the decision whether to resume a session is made. It may return one
* to continue the handshake or zero to cause the handshake loop to return
* with an error and cause SSL_get_error to return
- * SSL_ERROR_PENDING_CERTIFICATE. */
+ * SSL_ERROR_PENDING_CERTIFICATE. Note: when the handshake loop is resumed, it
+ * will not call the callback a second time. */
int (*select_certificate_cb)(const struct ssl_early_callback_ctx *);
+ /* dos_protection_cb is called once the resumption decision for a ClientHello
+ * has been made. It returns one to continue the handshake or zero to
+ * abort. */
+ int (*dos_protection_cb) (const struct ssl_early_callback_ctx *);
+
/* quiet_shutdown is true if the connection should not send a close_notify on
* shutdown. */
int quiet_shutdown;
/* Maximum amount of data to send in one fragment. actual record size can be
* more than this due to padding and MAC overheads. */
- unsigned int max_send_fragment;
+ uint16_t max_send_fragment;
/* TLS extensions servername callback */
int (*tlsext_servername_callback)(SSL *, int *, void *);
@@ -822,11 +946,6 @@
int (*tlsext_ticket_key_cb)(SSL *ssl, uint8_t *name, uint8_t *iv,
EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
- /* certificate status request info */
- /* Callback for status request */
- int (*tlsext_status_cb)(SSL *ssl, void *arg);
- void *tlsext_status_arg;
-
/* Server-only: psk_identity_hint is the default identity hint to send in
* PSK-based key exchanges. */
char *psk_identity_hint;
@@ -906,47 +1025,17 @@
/* If not NULL, session key material will be logged to this BIO for debugging
* purposes. The format matches NSS's and is readable by Wireshark. */
BIO *keylog_bio;
+
+ /* current_time_cb, if not NULL, is the function to use to get the current
+ * time. It sets |*out_clock| to the current time. */
+ void (*current_time_cb)(const SSL *ssl, struct timeval *out_clock);
};
-#define SSL_SESS_CACHE_OFF 0x0000
-#define SSL_SESS_CACHE_CLIENT 0x0001
-#define SSL_SESS_CACHE_SERVER 0x0002
-#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER)
-#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
-/* See SSL_CTX_set_session_cache_mode(3) */
-#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
-#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200
-#define SSL_SESS_CACHE_NO_INTERNAL \
- (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE)
-
OPENSSL_EXPORT LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
-#define SSL_CTX_sess_number(ctx) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_NUMBER, 0, NULL)
-#define SSL_CTX_sess_connect(ctx) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CONNECT, 0, NULL)
-#define SSL_CTX_sess_connect_good(ctx) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CONNECT_GOOD, 0, NULL)
-#define SSL_CTX_sess_connect_renegotiate(ctx) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CONNECT_RENEGOTIATE, 0, NULL)
-#define SSL_CTX_sess_accept(ctx) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_ACCEPT, 0, NULL)
-#define SSL_CTX_sess_accept_renegotiate(ctx) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_ACCEPT_RENEGOTIATE, 0, NULL)
-#define SSL_CTX_sess_accept_good(ctx) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_ACCEPT_GOOD, 0, NULL)
-#define SSL_CTX_sess_hits(ctx) SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_HIT, 0, NULL)
-#define SSL_CTX_sess_cb_hits(ctx) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CB_HIT, 0, NULL)
-#define SSL_CTX_sess_misses(ctx) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_MISSES, 0, NULL)
-#define SSL_CTX_sess_timeouts(ctx) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_TIMEOUTS, 0, NULL)
-#define SSL_CTX_sess_cache_full(ctx) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CACHE_FULL, 0, NULL)
-/* SSL_CTX_enable_tls_channel_id configures a TLS server to accept TLS client
- * IDs from clients. Returns 1 on success. */
-#define SSL_CTX_enable_tls_channel_id(ctx) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_CHANNEL_ID, 0, NULL)
+
+/* SSL_CTX_sess_number returns the number of sessions in |ctx|'s internal
+ * session cache. */
+OPENSSL_EXPORT size_t SSL_CTX_sess_number(const SSL_CTX *ctx);
OPENSSL_EXPORT void SSL_CTX_sess_set_new_cb(
SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess));
@@ -984,13 +1073,6 @@
SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey));
OPENSSL_EXPORT void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl,
EVP_PKEY **pkey);
-OPENSSL_EXPORT void SSL_CTX_set_cookie_generate_cb(
- SSL_CTX *ctx,
- int (*app_gen_cookie_cb)(SSL *ssl, uint8_t *cookie, size_t *cookie_len));
-OPENSSL_EXPORT void SSL_CTX_set_cookie_verify_cb(
- SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, const uint8_t *cookie,
- size_t cookie_len));
-
/* SSL_enable_signed_cert_timestamps causes |ssl| (which must be the client end
* of a connection) to request SCTs from the server. See
@@ -1051,10 +1133,24 @@
#define OPENSSL_NPN_NEGOTIATED 1
#define OPENSSL_NPN_NO_OVERLAP 2
+/* SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
+ * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
+ * length-prefixed strings). It returns zero on success and one on failure.
+ *
+ * WARNING: this function is dangerous because it breaks the usual return value
+ * convention. */
OPENSSL_EXPORT int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos,
unsigned protos_len);
+
+/* SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
+ * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
+ * length-prefixed strings). It returns zero on success and one on failure.
+ *
+ * WARNING: this function is dangerous because it breaks the usual return value
+ * convention. */
OPENSSL_EXPORT int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos,
unsigned protos_len);
+
OPENSSL_EXPORT void SSL_CTX_set_alpn_select_cb(
SSL_CTX *ctx, int (*cb)(SSL *ssl, const uint8_t **out, uint8_t *outlen,
const uint8_t *in, unsigned int inlen, void *arg),
@@ -1067,6 +1163,11 @@
* causes 3G radios to switch to DCH mode (high data rate). */
OPENSSL_EXPORT void SSL_enable_fastradio_padding(SSL *ssl, char on_off);
+/* SSL_set_reject_peer_renegotiations controls whether renegotiation attempts by
+ * the peer are rejected. It may be set at any point in a connection's lifetime
+ * to disallow future renegotiations programmatically. */
+OPENSSL_EXPORT void SSL_set_reject_peer_renegotiations(SSL *ssl, int reject);
+
/* the maximum length of the buffer given to callbacks containing the resulting
* identity/psk */
#define PSK_MAX_IDENTITY_LEN 128
@@ -1259,17 +1360,12 @@
/* for server side, keep the list of CA_dn we can use */
STACK_OF(X509_NAME) *client_CA;
- int references;
- unsigned long options; /* protocol behaviour */
- unsigned long mode; /* API behaviour */
- long max_cert_list;
+ uint32_t options; /* protocol behaviour */
+ uint32_t mode; /* API behaviour */
+ uint32_t max_cert_list;
int client_version; /* what was passed, used for
* SSLv3/TLS rollback check */
- unsigned int max_send_fragment;
- /* TLS extension debug callback */
- void (*tlsext_debug_cb)(SSL *s, int client_server, int type, uint8_t *data,
- int len, void *arg);
- void *tlsext_debug_arg;
+ uint16_t max_send_fragment;
char *tlsext_hostname;
/* should_ack_sni is true if the SNI extension should be acked. This is
* only used by a server. */
@@ -1328,6 +1424,10 @@
* data rate) state in 3G networks. */
char fastradio_padding;
+ /* reject_peer_renegotiations, if one, causes causes renegotiation attempts
+ * from the peer to be rejected with a fatal error. */
+ char reject_peer_renegotiations;
+
/* These fields are always NULL and exist only to keep wpa_supplicant happy
* about the change to EVP_AEAD. They are only needed for EAP-FAST, which we
* don't support. */
@@ -1335,21 +1435,6 @@
EVP_MD_CTX *read_hash;
};
-#ifdef __cplusplus
-}
-#endif
-
-#include <openssl/ssl2.h>
-#include <openssl/ssl3.h>
-#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
-#include <openssl/dtls1.h> /* Datagram TLS */
-#include <openssl/ssl23.h>
-#include <openssl/srtp.h> /* Support for the use_srtp extension */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
/* compatibility */
#define SSL_set_app_data(s, arg) (SSL_set_ex_data(s, 0, (char *)arg))
#define SSL_get_app_data(s) (SSL_get_ex_data(s, 0))
@@ -1391,12 +1476,15 @@
/* Is the SSL_connection established? */
#define SSL_get_state(a) SSL_state(a)
#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK)
-#define SSL_in_init(a) \
- ((SSL_state(a) & SSL_ST_INIT) && !SSL_cutthrough_complete(a))
+#define SSL_in_init(a) (SSL_state(a) & SSL_ST_INIT)
#define SSL_in_before(a) (SSL_state(a) & SSL_ST_BEFORE)
#define SSL_in_connect_init(a) (SSL_state(a) & SSL_ST_CONNECT)
#define SSL_in_accept_init(a) (SSL_state(a) & SSL_ST_ACCEPT)
-OPENSSL_EXPORT int SSL_cutthrough_complete(const SSL *s);
+
+/* SSL_in_false_start returns one if |s| has a pending unfinished handshake that
+ * is in False Start. |SSL_write| may be called at this point without waiting
+ * for the peer, but |SSL_read| will require the handshake to be completed. */
+OPENSSL_EXPORT int SSL_in_false_start(const SSL *s);
/* The following 2 states are kept in ssl->rstate when reads fail,
* you should not need these */
@@ -1493,84 +1581,17 @@
#define SSL_ERROR_PENDING_SESSION 11
#define SSL_ERROR_PENDING_CERTIFICATE 12
-#define SSL_CTRL_NEED_TMP_RSA 1
-#define SSL_CTRL_SET_TMP_RSA 2
-#define SSL_CTRL_SET_TMP_DH 3
-#define SSL_CTRL_SET_TMP_ECDH 4
-#define SSL_CTRL_SET_TMP_RSA_CB 5
-#define SSL_CTRL_SET_TMP_DH_CB 6
-#define SSL_CTRL_SET_TMP_ECDH_CB 7
-
-#define SSL_CTRL_GET_SESSION_REUSED 8
-#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9
-#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10
-#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11
-#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12
-#define SSL_CTRL_GET_FLAGS 13
#define SSL_CTRL_EXTRA_CHAIN_CERT 14
-#define SSL_CTRL_SET_MSG_CALLBACK 15
-#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16
-
-/* only applies to datagram connections */
-#define SSL_CTRL_SET_MTU 17
-/* Stats */
-#define SSL_CTRL_SESS_NUMBER 20
-#define SSL_CTRL_SESS_CONNECT 21
-#define SSL_CTRL_SESS_CONNECT_GOOD 22
-#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23
-#define SSL_CTRL_SESS_ACCEPT 24
-#define SSL_CTRL_SESS_ACCEPT_GOOD 25
-#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26
-#define SSL_CTRL_SESS_HIT 27
-#define SSL_CTRL_SESS_CB_HIT 28
-#define SSL_CTRL_SESS_MISSES 29
-#define SSL_CTRL_SESS_TIMEOUTS 30
-#define SSL_CTRL_SESS_CACHE_FULL 31
-#define SSL_CTRL_OPTIONS 32
-#define SSL_CTRL_MODE 33
-
-#define SSL_CTRL_GET_READ_AHEAD 40
-#define SSL_CTRL_SET_READ_AHEAD 41
-#define SSL_CTRL_SET_SESS_CACHE_SIZE 42
-#define SSL_CTRL_GET_SESS_CACHE_SIZE 43
-#define SSL_CTRL_SET_SESS_CACHE_MODE 44
-#define SSL_CTRL_GET_SESS_CACHE_MODE 45
-
-#define SSL_CTRL_GET_MAX_CERT_LIST 50
-#define SSL_CTRL_SET_MAX_CERT_LIST 51
-
-#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52
-
/* see tls1.h for macros based on these */
-#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
-#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
-#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
-#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56
-#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
-
-#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
-
-#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75
-#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76
-#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77
#define SSL_CTRL_SET_SRP_ARG 78
#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79
#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80
#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81
-#define DTLS_CTRL_GET_TIMEOUT 73
-#define DTLS_CTRL_HANDLE_TIMEOUT 74
-
-#define SSL_CTRL_GET_RI_SUPPORT 76
-#define SSL_CTRL_CLEAR_OPTIONS 77
-#define SSL_CTRL_CLEAR_MODE 78
-
#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
@@ -1580,11 +1601,8 @@
#define SSL_CTRL_GET_CURVES 90
#define SSL_CTRL_SET_CURVES 91
#define SSL_CTRL_SET_CURVES_LIST 92
-#define SSL_CTRL_SET_ECDH_AUTO 94
#define SSL_CTRL_SET_SIGALGS 97
#define SSL_CTRL_SET_SIGALGS_LIST 98
-#define SSL_CTRL_CERT_FLAGS 99
-#define SSL_CTRL_CLEAR_CERT_FLAGS 100
#define SSL_CTRL_SET_CLIENT_SIGALGS 101
#define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102
#define SSL_CTRL_GET_CLIENT_CERT_TYPES 103
@@ -1593,70 +1611,97 @@
#define SSL_CTRL_SET_VERIFY_CERT_STORE 106
#define SSL_CTRL_SET_CHAIN_CERT_STORE 107
#define SSL_CTRL_GET_SERVER_TMP_KEY 109
-#define SSL_CTRL_GET_RAW_CIPHERLIST 110
#define SSL_CTRL_GET_EC_POINT_FORMATS 111
#define SSL_CTRL_GET_CHAIN_CERTS 115
#define SSL_CTRL_SELECT_CURRENT_CERT 116
-#define SSL_CTRL_CHANNEL_ID 117
-#define SSL_CTRL_GET_CHANNEL_ID 118
-#define SSL_CTRL_SET_CHANNEL_ID 119
-
/* DTLSv1_get_timeout queries the next DTLS handshake timeout. If there is a
- * timeout in progress, it sets |*((OPENSSL_timeval*)arg)| to the time remaining
- * and returns one. Otherwise, it returns zero. */
-#define DTLSv1_get_timeout(ssl, arg) \
- SSL_ctrl(ssl, DTLS_CTRL_GET_TIMEOUT, 0, (void *)arg)
-#define DTLSv1_handle_timeout(ssl) \
- SSL_ctrl(ssl, DTLS_CTRL_HANDLE_TIMEOUT, 0, NULL)
+ * timeout in progress, it sets |*out| to the time remaining and returns one.
+ * Otherwise, it returns zero.
+ *
+ * When the timeout expires, call |DTLSv1_handle_timeout| to handle the
+ * retransmit behavior.
+ *
+ * NOTE: This function must be queried again whenever the handshake state
+ * machine changes, including when |DTLSv1_handle_timeout| is called. */
+OPENSSL_EXPORT int DTLSv1_get_timeout(const SSL *ssl, struct timeval *out);
-#define SSL_session_reused(ssl) \
- SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL)
-#define SSL_num_renegotiations(ssl) \
- SSL_ctrl((ssl), SSL_CTRL_GET_NUM_RENEGOTIATIONS, 0, NULL)
-#define SSL_clear_num_renegotiations(ssl) \
- SSL_ctrl((ssl), SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS, 0, NULL)
-#define SSL_total_renegotiations(ssl) \
- SSL_ctrl((ssl), SSL_CTRL_GET_TOTAL_RENEGOTIATIONS, 0, NULL)
+/* DTLSv1_handle_timeout is called when a DTLS handshake timeout expires. If no
+ * timeout had expired, it returns 0. Otherwise, it retransmits the previous
+ * flight of handshake messages and returns 1. If too many timeouts had expired
+ * without progress or an error occurs, it returns -1.
+ *
+ * NOTE: The caller's external timer should be compatible with the one |ssl|
+ * queries within some fudge factor. Otherwise, the call will be a no-op, but
+ * |DTLSv1_get_timeout| will return an updated timeout.
+ *
+ * WARNING: This function breaks the usual return value convention. */
+OPENSSL_EXPORT int DTLSv1_handle_timeout(SSL *ssl);
-#define SSL_CTX_need_tmp_RSA(ctx) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_NEED_TMP_RSA, 0, NULL)
-#define SSL_CTX_set_tmp_rsa(ctx, rsa) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_RSA, 0, (char *)rsa)
-#define SSL_CTX_set_tmp_dh(ctx, dh) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, (char *)dh)
-#define SSL_CTX_set_tmp_ecdh(ctx, ecdh) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, (char *)ecdh)
+/* SSL_session_reused returns one if |ssl| performed an abbreviated handshake
+ * and zero otherwise.
+ *
+ * TODO(davidben): Hammer down the semantics of this API while a handshake,
+ * initial or renego, is in progress. */
+OPENSSL_EXPORT int SSL_session_reused(const SSL *ssl);
-#define SSL_need_tmp_RSA(ssl) SSL_ctrl(ssl, SSL_CTRL_NEED_TMP_RSA, 0, NULL)
-#define SSL_set_tmp_rsa(ssl, rsa) \
- SSL_ctrl(ssl, SSL_CTRL_SET_TMP_RSA, 0, (char *)rsa)
-#define SSL_set_tmp_dh(ssl, dh) \
- SSL_ctrl(ssl, SSL_CTRL_SET_TMP_DH, 0, (char *)dh)
-#define SSL_set_tmp_ecdh(ssl, ecdh) \
- SSL_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH, 0, (char *)ecdh)
+/* SSL_total_renegotiations returns the total number of renegotiation handshakes
+ * peformed by |ssl|. This includes the pending renegotiation, if any. */
+OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl);
+
+/* SSL_CTX_set_tmp_dh configures |ctx| to use the group from |dh| as the group
+ * for DHE. Only the group is used, so |dh| needn't have a keypair. It returns
+ * one on success and zero on error. */
+OPENSSL_EXPORT int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh);
+
+/* SSL_set_tmp_dh configures |ssl| to use the group from |dh| as the group for
+ * DHE. Only the group is used, so |dh| needn't have a keypair. It returns one
+ * on success and zero on error. */
+OPENSSL_EXPORT int SSL_set_tmp_dh(SSL *ssl, const DH *dh);
+
+/* SSL_CTX_set_tmp_ecdh configures |ctx| to use the curve from |ecdh| as the
+ * curve for ephemeral ECDH keys. For historical reasons, this API expects an
+ * |EC_KEY|, but only the curve is used. It returns one on success and zero on
+ * error. If unset, an appropriate curve will be chosen automatically. (This is
+ * recommended.) */
+OPENSSL_EXPORT int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key);
+
+/* SSL_set_tmp_ecdh configures |ssl| to use the curve from |ecdh| as the curve
+ * for ephemeral ECDH keys. For historical reasons, this API expects an
+ * |EC_KEY|, but only the curve is used. It returns one on success and zero on
+ * error. If unset, an appropriate curve will be chosen automatically. (This is
+ * recommended.) */
+OPENSSL_EXPORT int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key);
+
+/* SSL_CTX_enable_tls_channel_id either configures a TLS server to accept TLS
+ * client IDs from clients, or configures a client to send TLS client IDs to
+ * a server. It returns one. */
+OPENSSL_EXPORT int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx);
/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS
* client IDs from clients, or configure a client to send TLS client IDs to
- * server. Returns 1 on success. */
-#define SSL_enable_tls_channel_id(s) SSL_ctrl(s, SSL_CTRL_CHANNEL_ID, 0, NULL)
+ * server. It returns one. */
+OPENSSL_EXPORT int SSL_enable_tls_channel_id(SSL *ssl);
+
+/* SSL_CTX_set1_tls_channel_id configures a TLS client to send a TLS Channel ID
+ * to compatible servers. |private_key| must be a P-256 EC key. It returns one
+ * on success and zero on error. */
+OPENSSL_EXPORT int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx,
+ EVP_PKEY *private_key);
/* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to
- * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on
- * success. */
-#define SSL_set1_tls_channel_id(s, private_key) \
- SSL_ctrl(s, SSL_CTRL_SET_CHANNEL_ID, 0, (void *)private_key)
-#define SSL_CTX_set1_tls_channel_id(ctx, private_key) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SET_CHANNEL_ID, 0, (void *)private_key)
+ * compatible servers. |private_key| must be a P-256 EC key. It returns one on
+ * success and zero on error. */
+OPENSSL_EXPORT int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key);
/* SSL_get_tls_channel_id gets the client's TLS Channel ID from a server SSL*
- * and copies up to the first |channel_id_len| bytes into |channel_id|. The
- * Channel ID consists of the client's P-256 public key as an (x,y) pair where
- * each is a 32-byte, big-endian field element. Returns 0 if the client didn't
- * offer a Channel ID and the length of the complete Channel ID otherwise. */
-#define SSL_get_tls_channel_id(ctx, channel_id, channel_id_len) \
- SSL_ctrl(ctx, SSL_CTRL_GET_CHANNEL_ID, channel_id_len, (void *)channel_id)
+ * and copies up to the first |max_out| bytes into |out|. The Channel ID
+ * consists of the client's P-256 public key as an (x,y) pair where each is a
+ * 32-byte, big-endian field element. It returns 0 if the client didn't offer a
+ * Channel ID and the length of the complete Channel ID otherwise. */
+OPENSSL_EXPORT size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out,
+ size_t max_out);
#define SSL_CTX_add_extra_chain_cert(ctx, x509) \
SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, (char *)x509)
@@ -1724,10 +1769,6 @@
SSL_ctrl(ctx, SSL_CTRL_SET_CURVES, clistlen, (char *)clist)
#define SSL_set1_curves_list(ctx, s) \
SSL_ctrl(ctx, SSL_CTRL_SET_CURVES_LIST, 0, (char *)s)
-#define SSL_CTX_set_ecdh_auto(ctx, onoff) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SET_ECDH_AUTO, onoff, NULL)
-#define SSL_set_ecdh_auto(s, onoff) \
- SSL_ctrl(s, SSL_CTRL_SET_ECDH_AUTO, onoff, NULL)
#define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SIGALGS, slistlen, (int *)slist)
@@ -1758,9 +1799,6 @@
#define SSL_get_server_tmp_key(s, pk) \
SSL_ctrl(s, SSL_CTRL_GET_SERVER_TMP_KEY, 0, pk)
-#define SSL_get0_raw_cipherlist(s, plst) \
- SSL_ctrl(s, SSL_CTRL_GET_RAW_CIPHERLIST, 0, (char *)plst)
-
#define SSL_get0_ec_point_formats(s, plst) \
SSL_ctrl(s, SSL_CTRL_GET_EC_POINT_FORMATS, 0, (char *)plst)
@@ -1778,13 +1816,6 @@
OPENSSL_EXPORT void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
OPENSSL_EXPORT const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
-OPENSSL_EXPORT int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
-OPENSSL_EXPORT const char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
-OPENSSL_EXPORT const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
-/* SSL_CIPHER_get_kx_name returns a string that describes the key-exchange
- * method used by |c|. For example, "ECDHE-ECDSA". */
-OPENSSL_EXPORT const char *SSL_CIPHER_get_kx_name(const SSL_CIPHER *cipher);
-OPENSSL_EXPORT unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
OPENSSL_EXPORT int SSL_get_fd(const SSL *s);
OPENSSL_EXPORT int SSL_get_rfd(const SSL *s);
@@ -1862,7 +1893,15 @@
unsigned int *len);
OPENSSL_EXPORT int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
OPENSSL_EXPORT int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
-OPENSSL_EXPORT void SSL_SESSION_free(SSL_SESSION *ses);
+
+/* SSL_SESSION_up_ref, if |session| is not NULL, increments the reference count
+ * of |session|. It then returns |session|. */
+OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_up_ref(SSL_SESSION *session);
+
+/* SSL_SESSION_free decrements the reference count of |session|. If it reaches
+ * zero, all data referenced by |session| and |session| itself are released. */
+OPENSSL_EXPORT void SSL_SESSION_free(SSL_SESSION *session);
+
OPENSSL_EXPORT int SSL_set_session(SSL *to, SSL_SESSION *session);
OPENSSL_EXPORT int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
OPENSSL_EXPORT int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
@@ -1968,9 +2007,7 @@
OPENSSL_EXPORT int SSL_peek(SSL *ssl, void *buf, int num);
OPENSSL_EXPORT int SSL_write(SSL *ssl, const void *buf, int num);
OPENSSL_EXPORT long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
-OPENSSL_EXPORT long SSL_callback_ctrl(SSL *, int, void (*)(void));
OPENSSL_EXPORT long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
-OPENSSL_EXPORT long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
OPENSSL_EXPORT int SSL_get_error(const SSL *s, int ret_code);
/* SSL_get_version returns a string describing the TLS version used by |s|. For
@@ -1980,58 +2017,16 @@
* |sess|. For example, "TLSv1.2" or "SSLv3". */
OPENSSL_EXPORT const char *SSL_SESSION_get_version(const SSL_SESSION *sess);
-OPENSSL_EXPORT int SSL_CIPHER_is_AES(const SSL_CIPHER *c);
-OPENSSL_EXPORT int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *c);
-OPENSSL_EXPORT int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *c);
-OPENSSL_EXPORT int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *c);
-
/* TLS_method is the SSL_METHOD used for TLS (and SSLv3) connections. */
OPENSSL_EXPORT const SSL_METHOD *TLS_method(void);
/* DTLS_method is the SSL_METHOD used for DTLS connections. */
OPENSSL_EXPORT const SSL_METHOD *DTLS_method(void);
-
-/* Deprecated methods. */
-
-/* SSLv23_method calls TLS_method. */
-OPENSSL_EXPORT const SSL_METHOD *SSLv23_method(void);
-
-/* Version-specific methods behave exactly like TLS_method and DTLS_method
- * except they also call SSL_CTX_set_min_version and SSL_CTX_set_max_version to
- * lock connections to that protocol version. */
-OPENSSL_EXPORT const SSL_METHOD *SSLv3_method(void);
-OPENSSL_EXPORT const SSL_METHOD *TLSv1_method(void);
-OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_method(void);
-OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_method(void);
-OPENSSL_EXPORT const SSL_METHOD *DTLSv1_method(void);
-OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_method(void);
-
-/* Client- and server-specific methods call their corresponding generic
- * methods. */
-OPENSSL_EXPORT const SSL_METHOD *SSLv23_server_method(void);
-OPENSSL_EXPORT const SSL_METHOD *SSLv23_client_method(void);
-OPENSSL_EXPORT const SSL_METHOD *SSLv3_server_method(void);
-OPENSSL_EXPORT const SSL_METHOD *SSLv3_client_method(void);
-OPENSSL_EXPORT const SSL_METHOD *TLSv1_server_method(void);
-OPENSSL_EXPORT const SSL_METHOD *TLSv1_client_method(void);
-OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_server_method(void);
-OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_client_method(void);
-OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_server_method(void);
-OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_client_method(void);
-OPENSSL_EXPORT const SSL_METHOD *DTLS_server_method(void);
-OPENSSL_EXPORT const SSL_METHOD *DTLS_client_method(void);
-OPENSSL_EXPORT const SSL_METHOD *DTLSv1_server_method(void);
-OPENSSL_EXPORT const SSL_METHOD *DTLSv1_client_method(void);
-OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_server_method(void);
-OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_client_method(void);
-
-
OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
OPENSSL_EXPORT int SSL_do_handshake(SSL *s);
OPENSSL_EXPORT int SSL_renegotiate(SSL *s);
-OPENSSL_EXPORT int SSL_renegotiate_abbreviated(SSL *s);
OPENSSL_EXPORT int SSL_renegotiate_pending(SSL *s);
OPENSSL_EXPORT int SSL_shutdown(SSL *s);
@@ -2055,12 +2050,6 @@
OPENSSL_EXPORT long SSL_get_default_timeout(const SSL *s);
-/* SSL_library_init initializes the crypto and SSL libraries, loads their error
- * strings, and returns one. */
-OPENSSL_EXPORT int SSL_library_init(void);
-
-OPENSSL_EXPORT const char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf,
- int size);
OPENSSL_EXPORT STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
OPENSSL_EXPORT X509 *SSL_get_certificate(const SSL *ssl);
@@ -2122,61 +2111,132 @@
OPENSSL_EXPORT int SSL_get_ex_data_X509_STORE_CTX_idx(void);
-#define SSL_CTX_sess_set_cache_size(ctx, t) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_SIZE, t, NULL)
-#define SSL_CTX_sess_get_cache_size(ctx) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_GET_SESS_CACHE_SIZE, 0, NULL)
-#define SSL_CTX_set_session_cache_mode(ctx, m) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_MODE, m, NULL)
-#define SSL_CTX_get_session_cache_mode(ctx) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_GET_SESS_CACHE_MODE, 0, NULL)
+/* SSL_CTX_sess_set_cache_size sets the maximum size of |ctx|'s session cache to
+ * |size|. It returns the previous value. */
+OPENSSL_EXPORT unsigned long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx,
+ unsigned long size);
-#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
-#define SSL_CTX_set_default_read_ahead(ctx, m) SSL_CTX_set_read_ahead(ctx, m)
-#define SSL_CTX_get_read_ahead(ctx) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_GET_READ_AHEAD, 0, NULL)
-#define SSL_CTX_set_read_ahead(ctx, m) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SET_READ_AHEAD, m, NULL)
-#define SSL_CTX_get_max_cert_list(ctx) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_CERT_LIST, 0, NULL)
-#define SSL_CTX_set_max_cert_list(ctx, m) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_CERT_LIST, m, NULL)
-#define SSL_get_max_cert_list(ssl) \
- SSL_ctrl(ssl, SSL_CTRL_GET_MAX_CERT_LIST, 0, NULL)
-#define SSL_set_max_cert_list(ssl, m) \
- SSL_ctrl(ssl, SSL_CTRL_SET_MAX_CERT_LIST, m, NULL)
+/* SSL_CTX_sess_set_cache_size returns the maximum size of |ctx|'s session
+ * cache. */
+OPENSSL_EXPORT unsigned long SSL_CTX_sess_get_cache_size(const SSL_CTX *ctx);
-#define SSL_CTX_set_max_send_fragment(ctx, m) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_SEND_FRAGMENT, m, NULL)
-#define SSL_set_max_send_fragment(ssl, m) \
- SSL_ctrl(ssl, SSL_CTRL_SET_MAX_SEND_FRAGMENT, m, NULL)
+/* SSL_SESS_CACHE_* are the possible session cache mode bits.
+ * TODO(davidben): Document. */
+#define SSL_SESS_CACHE_OFF 0x0000
+#define SSL_SESS_CACHE_CLIENT 0x0001
+#define SSL_SESS_CACHE_SERVER 0x0002
+#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER)
+#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
+#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
+#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200
+#define SSL_SESS_CACHE_NO_INTERNAL \
+ (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE)
-/* NB: the keylength is only applicable when is_export is true */
-OPENSSL_EXPORT void SSL_CTX_set_tmp_rsa_callback(
- SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, int keylength));
+/* SSL_CTX_set_session_cache_mode sets the session cache mode bits for |ctx| to
+ * |mode|. It returns the previous value. */
+OPENSSL_EXPORT int SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode);
-OPENSSL_EXPORT void SSL_set_tmp_rsa_callback(SSL *ssl,
- RSA *(*cb)(SSL *ssl, int is_export,
- int keylength));
+/* SSL_CTX_get_session_cache_mode returns the session cache mode bits for
+ * |ctx| */
+OPENSSL_EXPORT int SSL_CTX_get_session_cache_mode(const SSL_CTX *ctx);
+
+/* TODO(davidben): Deprecate read_ahead functions after https://crbug.com/447431
+ * is resolved. */
+OPENSSL_EXPORT int SSL_CTX_get_read_ahead(const SSL_CTX *ctx);
+OPENSSL_EXPORT void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes);
+
+/* SSL_CTX_get_max_cert_list returns the maximum length, in bytes, of a peer
+ * certificate chain accepted by |ctx|. */
+OPENSSL_EXPORT size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx);
+
+/* SSL_CTX_set_max_cert_list sets the maximum length, in bytes, of a peer
+ * certificate chain to |max_cert_list|. This affects how much memory may be
+ * consumed during the handshake. */
+OPENSSL_EXPORT void SSL_CTX_set_max_cert_list(SSL_CTX *ctx,
+ size_t max_cert_list);
+
+/* SSL_get_max_cert_list returns the maximum length, in bytes, of a peer
+ * certificate chain accepted by |ssl|. */
+OPENSSL_EXPORT size_t SSL_get_max_cert_list(const SSL *ssl);
+
+/* SSL_set_max_cert_list sets the maximum length, in bytes, of a peer
+ * certificate chain to |max_cert_list|. This affects how much memory may be
+ * consumed during the handshake. */
+OPENSSL_EXPORT void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list);
+
+/* SSL_CTX_set_max_send_fragment sets the maximum length, in bytes, of records
+ * sent by |ctx|. Beyond this length, handshake messages and application data
+ * will be split into multiple records. */
+OPENSSL_EXPORT void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx,
+ size_t max_send_fragment);
+
+/* SSL_set_max_send_fragment sets the maximum length, in bytes, of records
+ * sent by |ssl|. Beyond this length, handshake messages and application data
+ * will be split into multiple records. */
+OPENSSL_EXPORT void SSL_set_max_send_fragment(SSL *ssl,
+ size_t max_send_fragment);
+
+/* SSL_CTX_set_tmp_dh_callback configures |ctx| to use |callback| to determine
+ * the group for DHE ciphers. |callback| should ignore |is_export| and
+ * |keylength| and return a |DH| of the selected group or NULL on error. Only
+ * the parameters are used, so the |DH| needn't have a generated keypair.
+ *
+ * WARNING: The caller does not take ownership of the resulting |DH|, so
+ * |callback| must save and release the object elsewhere. */
OPENSSL_EXPORT void SSL_CTX_set_tmp_dh_callback(
- SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export, int keylength));
+ SSL_CTX *ctx, DH *(*callback)(SSL *ssl, int is_export, int keylength));
+
+/* SSL_set_tmp_dh_callback configures |ssl| to use |callback| to determine the
+ * group for DHE ciphers. |callback| should ignore |is_export| and |keylength|
+ * and return a |DH| of the selected group or NULL on error. Only the
+ * parameters are used, so the |DH| needn't have a generated keypair.
+ *
+ * WARNING: The caller does not take ownership of the resulting |DH|, so
+ * |callback| must save and release the object elsewhere. */
OPENSSL_EXPORT void SSL_set_tmp_dh_callback(SSL *ssl,
DH *(*dh)(SSL *ssl, int is_export,
int keylength));
+
+/* SSL_CTX_set_tmp_ecdh_callback configures |ctx| to use |callback| to determine
+ * the curve for ephemeral ECDH keys. |callback| should ignore |is_export| and
+ * |keylength| and return an |EC_KEY| of the selected curve or NULL on
+ * error. Only the curve is used, so the |EC_KEY| needn't have a generated
+ * keypair.
+ *
+ * If the callback is unset, an appropriate curve will be chosen automatically.
+ * (This is recommended.)
+ *
+ * WARNING: The caller does not take ownership of the resulting |EC_KEY|, so
+ * |callback| must save and release the object elsewhere. */
OPENSSL_EXPORT void SSL_CTX_set_tmp_ecdh_callback(
- SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
+ SSL_CTX *ctx, EC_KEY *(*callback)(SSL *ssl, int is_export, int keylength));
+
+/* SSL_set_tmp_ecdh_callback configures |ssl| to use |callback| to determine the
+ * curve for ephemeral ECDH keys. |callback| should ignore |is_export| and
+ * |keylength| and return an |EC_KEY| of the selected curve or NULL on
+ * error. Only the curve is used, so the |EC_KEY| needn't have a generated
+ * keypair.
+ *
+ * If the callback is unset, an appropriate curve will be chosen automatically.
+ * (This is recommended.)
+ *
+ * WARNING: The caller does not take ownership of the resulting |EC_KEY|, so
+ * |callback| must save and release the object elsewhere. */
OPENSSL_EXPORT void SSL_set_tmp_ecdh_callback(
- SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
+ SSL *ssl, EC_KEY *(*callback)(SSL *ssl, int is_export, int keylength));
OPENSSL_EXPORT const void *SSL_get_current_compression(SSL *s);
OPENSSL_EXPORT const void *SSL_get_current_expansion(SSL *s);
-OPENSSL_EXPORT const char *SSL_COMP_get_name(const void *comp);
-OPENSSL_EXPORT void *SSL_COMP_get_compression_methods(void);
-OPENSSL_EXPORT int SSL_COMP_add_compression_method(int id, void *cm);
OPENSSL_EXPORT int SSL_cache_hit(SSL *s);
OPENSSL_EXPORT int SSL_is_server(SSL *s);
+/* SSL_CTX_set_dos_protection_cb sets a callback that is called once the
+ * resumption decision for a ClientHello has been made. It can return 1 to
+ * allow the handshake to continue or zero to cause the handshake to abort. */
+OPENSSL_EXPORT void SSL_CTX_set_dos_protection_cb(
+ SSL_CTX *ctx, int (*cb)(const struct ssl_early_callback_ctx *));
+
/* SSL_get_structure_sizes returns the sizes of the SSL, SSL_CTX and
* SSL_SESSION structures so that a test can ensure that outside code agrees on
* these values. */
@@ -2186,6 +2246,130 @@
OPENSSL_EXPORT void ERR_load_SSL_strings(void);
+/* SSL_get_rc4_state sets |*read_key| and |*write_key| to the RC4 states for
+ * the read and write directions. It returns one on success or zero if |ssl|
+ * isn't using an RC4-based cipher suite. */
+OPENSSL_EXPORT int SSL_get_rc4_state(const SSL *ssl, const RC4_KEY **read_key,
+ const RC4_KEY **write_key);
+
+
+/* Deprecated functions. */
+
+/* SSL_CIPHER_description writes a description of |cipher| into |buf| and
+ * returns |buf|. If |buf| is NULL, it returns a newly allocated string, to be
+ * freed with |OPENSSL_free|, or NULL on error.
+ *
+ * The description includes a trailing newline and has the form:
+ * AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
+ *
+ * Consider |SSL_CIPHER_get_name| or |SSL_CIPHER_get_rfc_name| instead. */
+OPENSSL_EXPORT const char *SSL_CIPHER_description(const SSL_CIPHER *cipher,
+ char *buf, int len);
+
+/* SSL_CIPHER_get_version returns the string "TLSv1/SSLv3". */
+OPENSSL_EXPORT const char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
+
+/* SSL_COMP_get_compression_methods returns NULL. */
+OPENSSL_EXPORT void *SSL_COMP_get_compression_methods(void);
+
+/* SSL_COMP_add_compression_method returns one. */
+OPENSSL_EXPORT int SSL_COMP_add_compression_method(int id, void *cm);
+
+/* SSL_COMP_get_name returns NULL. */
+OPENSSL_EXPORT const char *SSL_COMP_get_name(const void *comp);
+
+/* SSLv23_method calls |TLS_method|. */
+OPENSSL_EXPORT const SSL_METHOD *SSLv23_method(void);
+
+/* Version-specific methods behave exactly like |TLS_method| and |DTLS_method|
+ * except they also call |SSL_CTX_set_min_version| and |SSL_CTX_set_max_version|
+ * to lock connections to that protocol version. */
+OPENSSL_EXPORT const SSL_METHOD *SSLv3_method(void);
+OPENSSL_EXPORT const SSL_METHOD *TLSv1_method(void);
+OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_method(void);
+OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_method(void);
+OPENSSL_EXPORT const SSL_METHOD *DTLSv1_method(void);
+OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_method(void);
+
+/* Client- and server-specific methods call their corresponding generic
+ * methods. */
+OPENSSL_EXPORT const SSL_METHOD *SSLv23_server_method(void);
+OPENSSL_EXPORT const SSL_METHOD *SSLv23_client_method(void);
+OPENSSL_EXPORT const SSL_METHOD *SSLv3_server_method(void);
+OPENSSL_EXPORT const SSL_METHOD *SSLv3_client_method(void);
+OPENSSL_EXPORT const SSL_METHOD *TLSv1_server_method(void);
+OPENSSL_EXPORT const SSL_METHOD *TLSv1_client_method(void);
+OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_server_method(void);
+OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_client_method(void);
+OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_server_method(void);
+OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_client_method(void);
+OPENSSL_EXPORT const SSL_METHOD *DTLS_server_method(void);
+OPENSSL_EXPORT const SSL_METHOD *DTLS_client_method(void);
+OPENSSL_EXPORT const SSL_METHOD *DTLSv1_server_method(void);
+OPENSSL_EXPORT const SSL_METHOD *DTLSv1_client_method(void);
+OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_server_method(void);
+OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_client_method(void);
+
+/* SSL_CTX_set_tmp_rsa_callback does nothing. */
+OPENSSL_EXPORT void SSL_CTX_set_tmp_rsa_callback(
+ SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, int keylength));
+
+/* SSL_set_tmp_rsa_callback does nothing. */
+OPENSSL_EXPORT void SSL_set_tmp_rsa_callback(SSL *ssl,
+ RSA *(*cb)(SSL *ssl, int is_export,
+ int keylength));
+
+/* SSL_CTX_sess_connect returns zero. */
+OPENSSL_EXPORT int SSL_CTX_sess_connect(const SSL_CTX *ctx);
+
+/* SSL_CTX_sess_connect_good returns zero. */
+OPENSSL_EXPORT int SSL_CTX_sess_connect_good(const SSL_CTX *ctx);
+
+/* SSL_CTX_sess_connect_renegotiate returns zero. */
+OPENSSL_EXPORT int SSL_CTX_sess_connect_renegotiate(const SSL_CTX *ctx);
+
+/* SSL_CTX_sess_accept returns zero. */
+OPENSSL_EXPORT int SSL_CTX_sess_accept(const SSL_CTX *ctx);
+
+/* SSL_CTX_sess_accept_renegotiate returns zero. */
+OPENSSL_EXPORT int SSL_CTX_sess_accept_renegotiate(const SSL_CTX *ctx);
+
+/* SSL_CTX_sess_accept_good returns zero. */
+OPENSSL_EXPORT int SSL_CTX_sess_accept_good(const SSL_CTX *ctx);
+
+/* SSL_CTX_sess_hits returns zero. */
+OPENSSL_EXPORT int SSL_CTX_sess_hits(const SSL_CTX *ctx);
+
+/* SSL_CTX_sess_cb_hits returns zero. */
+OPENSSL_EXPORT int SSL_CTX_sess_cb_hits(const SSL_CTX *ctx);
+
+/* SSL_CTX_sess_misses returns zero. */
+OPENSSL_EXPORT int SSL_CTX_sess_misses(const SSL_CTX *ctx);
+
+/* SSL_CTX_sess_timeouts returns zero. */
+OPENSSL_EXPORT int SSL_CTX_sess_timeouts(const SSL_CTX *ctx);
+
+/* SSL_CTX_sess_cache_full returns zero. */
+OPENSSL_EXPORT int SSL_CTX_sess_cache_full(const SSL_CTX *ctx);
+
+/* SSL_cutthrough_complete calls |SSL_in_false_start|. */
+OPENSSL_EXPORT int SSL_cutthrough_complete(const SSL *s);
+
+/* SSL_num_renegotiations calls |SSL_total_renegotiations|. */
+OPENSSL_EXPORT int SSL_num_renegotiations(const SSL *ssl);
+
+/* SSL_CTX_need_tmp_RSA returns zero. */
+OPENSSL_EXPORT int SSL_CTX_need_tmp_RSA(const SSL_CTX *ctx);
+
+/* SSL_need_tmp_RSA returns zero. */
+OPENSSL_EXPORT int SSL_need_tmp_RSA(const SSL *ssl);
+
+/* SSL_CTX_set_tmp_rsa returns one. */
+OPENSSL_EXPORT int SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, const RSA *rsa);
+
+/* SSL_set_tmp_rsa returns one. */
+OPENSSL_EXPORT int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa);
+
/* Android compatibility section.
*
@@ -2201,530 +2385,483 @@
OPENSSL_EXPORT int SSL_set_session_ticket_ext_cb(SSL *s, void *cb, void *arg);
OPENSSL_EXPORT int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
+#define OPENSSL_VERSION_TEXT "BoringSSL"
-#ifdef __cplusplus
-}
+#define SSLEAY_VERSION 0
+
+/* SSLeay_version is a compatibility function that returns the string
+ * "BoringSSL". */
+OPENSSL_EXPORT const char *SSLeay_version(int unused);
+
+
+/* Preprocessor compatibility section.
+ *
+ * Historically, a number of APIs were implemented in OpenSSL as macros and
+ * constants to 'ctrl' functions. To avoid breaking #ifdefs in consumers, this
+ * section defines a number of legacy macros. */
+
+#define SSL_CTRL_NEED_TMP_RSA doesnt_exist
+#define SSL_CTRL_SET_TMP_RSA doesnt_exist
+#define SSL_CTRL_SET_TMP_DH doesnt_exist
+#define SSL_CTRL_SET_TMP_ECDH doesnt_exist
+#define SSL_CTRL_SET_TMP_RSA_CB doesnt_exist
+#define SSL_CTRL_SET_TMP_DH_CB doesnt_exist
+#define SSL_CTRL_SET_TMP_ECDH_CB doesnt_exist
+#define SSL_CTRL_GET_SESSION_REUSED doesnt_exist
+#define SSL_CTRL_GET_NUM_RENEGOTIATIONS doesnt_exist
+#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS doesnt_exist
+#define SSL_CTRL_SET_MSG_CALLBACK doesnt_exist
+#define SSL_CTRL_SET_MSG_CALLBACK_ARG doesnt_exist
+#define SSL_CTRL_SET_MTU doesnt_exist
+#define SSL_CTRL_SESS_NUMBER doesnt_exist
+#define SSL_CTRL_OPTIONS doesnt_exist
+#define SSL_CTRL_MODE doesnt_exist
+#define SSL_CTRL_GET_READ_AHEAD doesnt_exist
+#define SSL_CTRL_SET_READ_AHEAD doesnt_exist
+#define SSL_CTRL_SET_SESS_CACHE_SIZE doesnt_exist
+#define SSL_CTRL_GET_SESS_CACHE_SIZE doesnt_exist
+#define SSL_CTRL_SET_SESS_CACHE_MODE doesnt_exist
+#define SSL_CTRL_GET_SESS_CACHE_MODE doesnt_exist
+#define SSL_CTRL_GET_MAX_CERT_LIST doesnt_exist
+#define SSL_CTRL_SET_MAX_CERT_LIST doesnt_exist
+#define SSL_CTRL_SET_MAX_SEND_FRAGMENT doesnt_exist
+#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB doesnt_exist
+#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG doesnt_exist
+#define SSL_CTRL_SET_TLSEXT_HOSTNAME doesnt_exist
+#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB doesnt_exist
+#define DTLS_CTRL_GET_TIMEOUT doesnt_exist
+#define DTLS_CTRL_HANDLE_TIMEOUT doesnt_exist
+#define SSL_CTRL_GET_RI_SUPPORT doesnt_exist
+#define SSL_CTRL_CLEAR_OPTIONS doesnt_exist
+#define SSL_CTRL_CLEAR_MODE doesnt_exist
+#define SSL_CTRL_CHANNEL_ID doesnt_exist
+#define SSL_CTRL_GET_CHANNEL_ID doesnt_exist
+#define SSL_CTRL_SET_CHANNEL_ID doesnt_exist
+
+#define SSL_CTX_need_tmp_RSA SSL_CTX_need_tmp_RSA
+#define SSL_need_tmp_RSA SSL_need_tmp_RSA
+#define SSL_CTX_set_tmp_rsa SSL_CTX_set_tmp_rsa
+#define SSL_set_tmp_rsa SSL_set_tmp_rsa
+#define SSL_CTX_set_tmp_dh SSL_CTX_set_tmp_dh
+#define SSL_set_tmp_dh SSL_set_tmp_dh
+#define SSL_CTX_set_tmp_ecdh SSL_CTX_set_tmp_ecdh
+#define SSL_set_tmp_ecdh SSL_set_tmp_ecdh
+#define SSL_session_reused SSL_session_reused
+#define SSL_num_renegotiations SSL_num_renegotiations
+#define SSL_total_renegotiations SSL_total_renegotiations
+#define SSL_CTX_set_msg_callback_arg SSL_CTX_set_msg_callback_arg
+#define SSL_set_msg_callback_arg SSL_set_msg_callback_arg
+#define SSL_set_mtu SSL_set_mtu
+#define SSL_CTX_sess_number SSL_CTX_sess_number
+#define SSL_CTX_get_options SSL_CTX_get_options
+#define SSL_CTX_set_options SSL_CTX_set_options
+#define SSL_get_options SSL_get_options
+#define SSL_set_options SSL_set_options
+#define SSL_CTX_get_mode SSL_CTX_get_mode
+#define SSL_CTX_set_mode SSL_CTX_set_mode
+#define SSL_get_mode SSL_get_mode
+#define SSL_set_mode SSL_set_mode
+#define SSL_CTX_get_read_ahead SSL_CTX_get_read_ahead
+#define SSL_CTX_set_read_ahead SSL_CTX_set_read_ahead
+#define SSL_CTX_sess_set_cache_size SSL_CTX_sess_set_cache_size
+#define SSL_CTX_sess_get_cache_size SSL_CTX_sess_get_cache_size
+#define SSL_CTX_set_session_cache_mode SSL_CTX_set_session_cache_mode
+#define SSL_CTX_get_session_cache_mode SSL_CTX_get_session_cache_mode
+#define SSL_CTX_get_max_cert_list SSL_CTX_get_max_cert_list
+#define SSL_get_max_cert_list SSL_get_max_cert_list
+#define SSL_CTX_set_max_cert_list SSL_CTX_set_max_cert_list
+#define SSL_set_max_cert_list SSL_set_max_cert_list
+#define SSL_CTX_set_max_send_fragment SSL_CTX_set_max_send_fragment
+#define SSL_set_max_send_fragment SSL_set_max_send_fragment
+#define SSL_CTX_set_tlsext_servername_callback \
+ SSL_CTX_set_tlsext_servername_callback
+#define SSL_CTX_set_tlsext_servername_arg SSL_CTX_set_tlsext_servername_arg
+#define SSL_set_tlsext_host_name SSL_set_tlsext_host_name
+#define SSL_CTX_set_tlsext_ticket_key_cb SSL_CTX_set_tlsext_ticket_key_cb
+#define DTLSv1_get_timeout DTLSv1_get_timeout
+#define DTLSv1_handle_timeout DTLSv1_handle_timeout
+#define SSL_get_secure_renegotiation_support \
+ SSL_get_secure_renegotiation_support
+#define SSL_CTX_clear_options SSL_CTX_clear_options
+#define SSL_clear_options SSL_clear_options
+#define SSL_CTX_clear_mode SSL_CTX_clear_mode
+#define SSL_clear_mode SSL_clear_mode
+#define SSL_CTX_enable_tls_channel_id SSL_CTX_enable_tls_channel_id
+#define SSL_enable_tls_channel_id SSL_enable_tls_channel_id
+#define SSL_set1_tls_channel_id SSL_set1_tls_channel_id
+#define SSL_CTX_set1_tls_channel_id SSL_CTX_set1_tls_channel_id
+#define SSL_get_tls_channel_id SSL_get_tls_channel_id
+
+
+#if defined(__cplusplus)
+} /* extern C */
#endif
+
+/* Library consumers assume these headers are included by ssl.h, but they depend
+ * on ssl.h, so include them after all declarations.
+ *
+ * TODO(davidben): The separation between ssl.h and these version-specific
+ * headers introduces circular dependencies and is inconsistent. The function
+ * declarations should move to ssl.h. Many of the constants can probably be
+ * pruned or unexported. */
+#include <openssl/ssl2.h>
+#include <openssl/ssl3.h>
+#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
+#include <openssl/ssl23.h>
+#include <openssl/srtp.h> /* Support for the use_srtp extension */
+
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script make_errors.go. Any
* changes made after this point may be overwritten when the script is next run.
*/
-#define SSL_F_SSL_use_PrivateKey_file 100
-#define SSL_F_dtls1_write_app_data_bytes 101
-#define SSL_F_ssl_cipher_process_rulestr 102
-#define SSL_F_SSL_set_session_id_context 103
-#define SSL_F_SSL_read 104
-#define SSL_F_ssl_cert_new 105
-#define SSL_F_dtls1_heartbeat 106
-#define SSL_F_ssl3_digest_cached_records 107
-#define SSL_F_SSL_set_wfd 108
-#define SSL_F_ssl_set_pkey 110
+#define SSL_F_SSL_CTX_check_private_key 100
+#define SSL_F_SSL_CTX_new 101
+#define SSL_F_SSL_CTX_set_cipher_list 102
+#define SSL_F_SSL_CTX_set_cipher_list_tls11 103
+#define SSL_F_SSL_CTX_set_session_id_context 104
+#define SSL_F_SSL_CTX_use_PrivateKey 105
+#define SSL_F_SSL_CTX_use_PrivateKey_ASN1 106
+#define SSL_F_SSL_CTX_use_PrivateKey_file 107
+#define SSL_F_SSL_CTX_use_RSAPrivateKey 108
+#define SSL_F_SSL_CTX_use_RSAPrivateKey_ASN1 109
+#define SSL_F_SSL_CTX_use_RSAPrivateKey_file 110
#define SSL_F_SSL_CTX_use_certificate 111
-#define SSL_F_dtls1_read_bytes 112
-#define SSL_F_ssl23_write 113
-#define SSL_F_ssl3_check_client_hello 114
-#define SSL_F_SSL_use_certificate_ASN1 115
-#define SSL_F_ssl_verify_cert_chain 116
-#define SSL_F_ssl_parse_serverhello_renegotiate_ext 117
-#define SSL_F_ssl_undefined_const_function 118
-#define SSL_F_ssl3_get_server_certificate 119
-#define SSL_F_tls1_get_server_supplemental_data 120
-#define SSL_F_dtls1_buffer_record 121
-#define SSL_F_ssl_prepare_clienthello_tlsext 122
-#define SSL_F_ssl3_get_server_hello 123
-#define SSL_F_ssl3_send_client_key_exchange 124
-#define SSL_F_ssl3_write_bytes 125
-#define SSL_F_SSL_use_RSAPrivateKey_file 126
-#define SSL_F_ssl_bad_method 127
-#define SSL_F_ssl3_connect 128
-#define SSL_F_dtls1_connect 129
-#define SSL_F_SSL_use_RSAPrivateKey 130
-#define SSL_F_tls1_prf 131
-#define SSL_F_ssl_bytes_to_cipher_list 132
-#define SSL_F_ssl3_do_change_cipher_spec 133
-#define SSL_F_SSL_SESSION_set1_id_context 134
-#define SSL_F_ssl_add_serverhello_tlsext 135
-#define SSL_F_read_authz 136
-#define SSL_F_ssl3_get_client_hello 137
-#define SSL_F_ssl3_get_certificate_request 138
-#define SSL_F_authz_find_data 139
-#define SSL_F_ssl_add_cert_to_buf 140
-#define SSL_F_ssl_add_serverhello_renegotiate_ext 141
-#define SSL_F_ssl3_get_message 142
-#define SSL_F_ssl_check_srvr_ecc_cert_and_alg 143
-#define SSL_F_ssl_parse_clienthello_tlsext 144
-#define SSL_F_SSL_add_file_cert_subjects_to_stack 145
-#define SSL_F_ssl3_ctx_ctrl 146
-#define SSL_F_ssl3_get_record 147
-#define SSL_F_SSL_CTX_use_RSAPrivateKey 148
-#define SSL_F_SSL_use_certificate_file 149
-#define SSL_F_SSL_load_client_CA_file 151
-#define SSL_F_dtls1_preprocess_fragment 152
-#define SSL_F_SSL_CTX_check_private_key 153
-#define SSL_F_ssl3_get_cert_status 154
-#define SSL_F_printf 155
-#define SSL_F_SSL_CTX_new 156
-#define SSL_F_ssl23_accept 157
-#define SSL_F_SSL_use_authz 158
-#define SSL_F_ssl_undefined_function 159
-#define SSL_F_dtls1_send_hello_verify_request 160
-#define SSL_F_ssl_build_cert_chain 161
-#define SSL_F_SSL_SESSION_print_fp 162
-#define SSL_F_tls1_change_cipher_state 163
-#define SSL_F_tls12_check_peer_sigalg 164
-#define SSL_F_ssl_sess_cert_new 165
-#define SSL_F_ssl3_read_bytes 166
-#define SSL_F_dtls1_get_hello_verify 167
-#define SSL_F_tls1_cert_verify_mac 168
-#define SSL_F_ssl23_client_hello 169
-#define SSL_F_SSL_shutdown 170
-#define SSL_F_ssl_init_wbio_buffer 171
-#define SSL_F_SSL_use_certificate 172
-#define SSL_F_SSL_CTX_use_RSAPrivateKey_ASN1 173
-#define SSL_F_ssl_set_authz 174
-#define SSL_F_ssl23_peek 175
-#define SSL_F_SSL_use_psk_identity_hint 176
-#define SSL_F_ssl3_get_cert_verify 177
-#define SSL_F_ssl_ctx_make_profiles 178
-#define SSL_F_ssl_add_clienthello_use_srtp_ext 179
-#define SSL_F_ssl3_get_client_key_exchange 180
-#define SSL_F_do_ssl3_write 181
-#define SSL_F_ssl3_handshake_mac 182
-#define SSL_F_tls1_setup_key_block 183
-#define SSL_F_SSL_set_fd 184
-#define SSL_F_SSL_check_private_key 185
-#define SSL_F_ssl3_send_cert_verify 186
-#define SSL_F_ssl3_write_pending 187
-#define SSL_F_ssl_cert_inst 188
-#define SSL_F_ssl3_change_cipher_state 189
-#define SSL_F_ssl23_get_server_hello 190
-#define SSL_F_SSL_write 191
-#define SSL_F_ssl_get_sign_pkey 192
-#define SSL_F_ssl_set_cert 193
-#define SSL_F_SSL_CTX_use_RSAPrivateKey_file 194
-#define SSL_F_SSL_CTX_use_authz 195
-#define SSL_F_ssl_get_new_session 196
-#define SSL_F_SSL_set_session_ticket_ext 197
-#define SSL_F_ssl_add_clienthello_renegotiate_ext 198
-#define SSL_F_ssl3_send_server_key_exchange 199
-#define SSL_F_fprintf 200
-#define SSL_F_ssl3_get_new_session_ticket 201
-#define SSL_F_SSL_CTX_use_certificate_ASN1 202
-#define SSL_F_ssl_add_cert_chain 203
-#define SSL_F_ssl_create_cipher_list 204
-#define SSL_F_ssl3_callback_ctrl 205
-#define SSL_F_SSL_CTX_set_cipher_list 206
-#define SSL_F_ssl3_send_certificate_request 207
-#define SSL_F_SSL_use_PrivateKey_ASN1 208
-#define SSL_F_SSL_CTX_use_certificate_chain_file 209
-#define SSL_F_SSL_SESSION_new 210
-#define SSL_F_check_suiteb_cipher_list 211
-#define SSL_F_ssl_scan_clienthello_tlsext 212
-#define SSL_F_ssl3_send_client_hello 213
-#define SSL_F_SSL_use_RSAPrivateKey_ASN1 214
-#define SSL_F_ssl3_ctrl 215
-#define SSL_F_ssl3_setup_write_buffer 216
-#define SSL_F_ssl_parse_serverhello_use_srtp_ext 217
-#define SSL_F_ssl3_get_server_key_exchange 218
-#define SSL_F_ssl3_send_server_hello 219
-#define SSL_F_SSL_add_dir_cert_subjects_to_stack 220
-#define SSL_F_ssl_check_serverhello_tlsext 221
-#define SSL_F_ssl3_get_server_done 222
-#define SSL_F_ssl3_check_cert_and_algorithm 223
-#define SSL_F_do_dtls1_write 224
-#define SSL_F_dtls1_check_timeout_num 225
-#define SSL_F_tls1_export_keying_material 226
-#define SSL_F_SSL_CTX_set_session_id_context 227
-#define SSL_F_SSL_set_rfd 228
-#define SSL_F_ssl3_send_client_certificate 229
-#define SSL_F_ssl_cert_dup 230
-#define SSL_F_dtls1_process_record 231
-#define SSL_F_ssl_new 232
-#define SSL_F_ssl_get_server_cert_index 233
-#define SSL_F_tls1_send_server_supplemental_data 234
-#define SSL_F_D2I_SSL_SESSION 235
-#define SSL_F_ssl_cipher_strength_sort 236
-#define SSL_F_dtls1_get_message 237
-#define SSL_F_ssl23_connect 238
-#define SSL_F_tls1_heartbeat 239
-#define SSL_F_ssl3_read_n 240
-#define SSL_F_ssl_get_prev_session 241
-#define SSL_F_ssl_parse_clienthello_renegotiate_ext 242
-#define SSL_F_ssl3_setup_read_buffer 243
-#define SSL_F_SSL_CTX_set_ssl_version 244
-#define SSL_F_SSL_peek 245
-#define SSL_F_ssl3_send_server_certificate 246
-#define SSL_F_SSL_do_handshake 247
-#define SSL_F_ssl_undefined_void_function 248
-#define SSL_F_ssl_add_serverhello_use_srtp_ext 249
-#define SSL_F_fclose 250
-#define SSL_F_SSL_use_PrivateKey 251
-#define SSL_F_SSL_CTX_use_certificate_file 252
-#define SSL_F_SSL_CTX_use_PrivateKey 253
-#define SSL_F_SSL_set_session 254
-#define SSL_F_SSL_CTX_use_psk_identity_hint 255
-#define SSL_F_ssl_scan_serverhello_tlsext 256
-#define SSL_F_ssl23_read 257
-#define SSL_F_ssl_parse_clienthello_use_srtp_ext 258
-#define SSL_F_ssl3_accept 259
-#define SSL_F_ssl3_get_client_certificate 260
-#define SSL_F_SSL_CTX_use_PrivateKey_ASN1 261
-#define SSL_F_dtls1_get_message_fragment 262
-#define SSL_F_SSL_clear 263
-#define SSL_F_dtls1_accept 264
-#define SSL_F_ssl3_get_next_proto 265
-#define SSL_F_SSL_set_cipher_list 266
-#define SSL_F_ssl_add_clienthello_tlsext 267
-#define SSL_F_ssl23_get_client_hello 268
-#define SSL_F_SSL_CTX_use_PrivateKey_file 269
-#define SSL_F_ssl3_get_finished 270
-#define SSL_F_ssl3_generate_key_block 271
-#define SSL_F_ssl3_setup_key_block 272
-#define SSL_F_SSL_new 273
-#define SSL_F_ssl_parse_serverhello_tlsext 274
-#define SSL_F_ssl3_get_channel_id 275
-#define SSL_F_ssl3_send_channel_id 276
-#define SSL_F_SSL_CTX_set_cipher_list_tls11 277
-#define SSL_F_tls1_change_cipher_state_cipher 278
-#define SSL_F_tls1_change_cipher_state_aead 279
-#define SSL_F_tls1_aead_ctx_init 280
-#define SSL_F_tls1_check_duplicate_extensions 281
-#define SSL_F_ssl3_expect_change_cipher_spec 282
-#define SSL_F_ssl23_get_v2_client_hello 283
-#define SSL_F_ssl3_cert_verify_hash 284
-#define SSL_F_ssl_ctx_log_rsa_client_key_exchange 285
-#define SSL_F_ssl_ctx_log_master_secret 286
-#define SSL_F_d2i_SSL_SESSION 287
-#define SSL_F_i2d_SSL_SESSION 288
-#define SSL_F_d2i_SSL_SESSION_get_octet_string 289
-#define SSL_F_d2i_SSL_SESSION_get_string 290
-#define SSL_F_ssl3_send_new_session_ticket 291
-#define SSL_F_SSL_SESSION_to_bytes_full 292
-#define SSL_F_SSL_accept 293
-#define SSL_F_SSL_connect 294
-#define SSL_F_ssl3_get_v2_client_hello 295
-#define SSL_F_ssl3_get_initial_bytes 296
-#define SSL_F_tls1_enc 297
-#define SSL_F_ssl3_prf 298
-#define SSL_F_dtls1_do_write 299
-#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 100
-#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 101
-#define SSL_R_INVALID_NULL_CMD_NAME 102
-#define SSL_R_BAD_RSA_DECRYPT 103
-#define SSL_R_NO_SHARED_CIPHER 104
-#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 105
-#define SSL_R_SSL_HANDSHAKE_FAILURE 106
-#define SSL_R_INVALID_TICKET_KEYS_LENGTH 107
-#define SSL_R_PEER_ERROR 108
-#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 109
-#define SSL_R_INCONSISTENT_COMPRESSION 110
+#define SSL_F_SSL_CTX_use_certificate_ASN1 112
+#define SSL_F_SSL_CTX_use_certificate_chain_file 113
+#define SSL_F_SSL_CTX_use_certificate_file 114
+#define SSL_F_SSL_CTX_use_psk_identity_hint 115
+#define SSL_F_SSL_SESSION_new 116
+#define SSL_F_SSL_SESSION_print_fp 117
+#define SSL_F_SSL_SESSION_set1_id_context 118
+#define SSL_F_SSL_SESSION_to_bytes_full 119
+#define SSL_F_SSL_accept 120
+#define SSL_F_SSL_add_dir_cert_subjects_to_stack 121
+#define SSL_F_SSL_add_file_cert_subjects_to_stack 122
+#define SSL_F_SSL_check_private_key 123
+#define SSL_F_SSL_clear 124
+#define SSL_F_SSL_connect 125
+#define SSL_F_SSL_do_handshake 126
+#define SSL_F_SSL_load_client_CA_file 127
+#define SSL_F_SSL_new 128
+#define SSL_F_SSL_peek 129
+#define SSL_F_SSL_read 130
+#define SSL_F_SSL_renegotiate 131
+#define SSL_F_SSL_set_cipher_list 132
+#define SSL_F_SSL_set_fd 133
+#define SSL_F_SSL_set_rfd 134
+#define SSL_F_SSL_set_session_id_context 135
+#define SSL_F_SSL_set_wfd 136
+#define SSL_F_SSL_shutdown 137
+#define SSL_F_SSL_use_PrivateKey 138
+#define SSL_F_SSL_use_PrivateKey_ASN1 139
+#define SSL_F_SSL_use_PrivateKey_file 140
+#define SSL_F_SSL_use_RSAPrivateKey 141
+#define SSL_F_SSL_use_RSAPrivateKey_ASN1 142
+#define SSL_F_SSL_use_RSAPrivateKey_file 143
+#define SSL_F_SSL_use_certificate 144
+#define SSL_F_SSL_use_certificate_ASN1 145
+#define SSL_F_SSL_use_certificate_file 146
+#define SSL_F_SSL_use_psk_identity_hint 147
+#define SSL_F_SSL_write 148
+#define SSL_F_d2i_SSL_SESSION 149
+#define SSL_F_d2i_SSL_SESSION_get_octet_string 150
+#define SSL_F_d2i_SSL_SESSION_get_string 151
+#define SSL_F_do_ssl3_write 152
+#define SSL_F_dtls1_accept 153
+#define SSL_F_dtls1_buffer_record 154
+#define SSL_F_dtls1_check_timeout_num 155
+#define SSL_F_dtls1_connect 156
+#define SSL_F_dtls1_do_write 157
+#define SSL_F_dtls1_get_hello_verify 158
+#define SSL_F_dtls1_get_message 159
+#define SSL_F_dtls1_get_message_fragment 160
+#define SSL_F_dtls1_preprocess_fragment 161
+#define SSL_F_dtls1_process_record 162
+#define SSL_F_dtls1_read_bytes 163
+#define SSL_F_dtls1_send_hello_verify_request 164
+#define SSL_F_dtls1_write_app_data_bytes 165
+#define SSL_F_i2d_SSL_SESSION 166
+#define SSL_F_ssl3_accept 167
+#define SSL_F_ssl3_cert_verify_hash 169
+#define SSL_F_ssl3_check_cert_and_algorithm 170
+#define SSL_F_ssl3_connect 171
+#define SSL_F_ssl3_ctrl 172
+#define SSL_F_ssl3_ctx_ctrl 173
+#define SSL_F_ssl3_digest_cached_records 174
+#define SSL_F_ssl3_do_change_cipher_spec 175
+#define SSL_F_ssl3_expect_change_cipher_spec 176
+#define SSL_F_ssl3_get_cert_status 177
+#define SSL_F_ssl3_get_cert_verify 178
+#define SSL_F_ssl3_get_certificate_request 179
+#define SSL_F_ssl3_get_channel_id 180
+#define SSL_F_ssl3_get_client_certificate 181
+#define SSL_F_ssl3_get_client_hello 182
+#define SSL_F_ssl3_get_client_key_exchange 183
+#define SSL_F_ssl3_get_finished 184
+#define SSL_F_ssl3_get_initial_bytes 185
+#define SSL_F_ssl3_get_message 186
+#define SSL_F_ssl3_get_new_session_ticket 187
+#define SSL_F_ssl3_get_next_proto 188
+#define SSL_F_ssl3_get_record 189
+#define SSL_F_ssl3_get_server_certificate 190
+#define SSL_F_ssl3_get_server_done 191
+#define SSL_F_ssl3_get_server_hello 192
+#define SSL_F_ssl3_get_server_key_exchange 193
+#define SSL_F_ssl3_get_v2_client_hello 194
+#define SSL_F_ssl3_handshake_mac 195
+#define SSL_F_ssl3_prf 196
+#define SSL_F_ssl3_read_bytes 197
+#define SSL_F_ssl3_read_n 198
+#define SSL_F_ssl3_send_cert_verify 199
+#define SSL_F_ssl3_send_certificate_request 200
+#define SSL_F_ssl3_send_channel_id 201
+#define SSL_F_ssl3_send_client_certificate 202
+#define SSL_F_ssl3_send_client_hello 203
+#define SSL_F_ssl3_send_client_key_exchange 204
+#define SSL_F_ssl3_send_server_certificate 205
+#define SSL_F_ssl3_send_server_hello 206
+#define SSL_F_ssl3_send_server_key_exchange 207
+#define SSL_F_ssl3_setup_read_buffer 208
+#define SSL_F_ssl3_setup_write_buffer 209
+#define SSL_F_ssl3_write_bytes 210
+#define SSL_F_ssl3_write_pending 211
+#define SSL_F_ssl_add_cert_chain 212
+#define SSL_F_ssl_add_cert_to_buf 213
+#define SSL_F_ssl_add_clienthello_renegotiate_ext 214
+#define SSL_F_ssl_add_clienthello_tlsext 215
+#define SSL_F_ssl_add_clienthello_use_srtp_ext 216
+#define SSL_F_ssl_add_serverhello_renegotiate_ext 217
+#define SSL_F_ssl_add_serverhello_tlsext 218
+#define SSL_F_ssl_add_serverhello_use_srtp_ext 219
+#define SSL_F_ssl_build_cert_chain 220
+#define SSL_F_ssl_bytes_to_cipher_list 221
+#define SSL_F_ssl_cert_dup 222
+#define SSL_F_ssl_cert_inst 223
+#define SSL_F_ssl_cert_new 224
+#define SSL_F_ssl_check_serverhello_tlsext 225
+#define SSL_F_ssl_check_srvr_ecc_cert_and_alg 226
+#define SSL_F_ssl_cipher_process_rulestr 227
+#define SSL_F_ssl_cipher_strength_sort 228
+#define SSL_F_ssl_create_cipher_list 229
+#define SSL_F_ssl_ctx_log_master_secret 230
+#define SSL_F_ssl_ctx_log_rsa_client_key_exchange 231
+#define SSL_F_ssl_ctx_make_profiles 232
+#define SSL_F_ssl_get_new_session 233
+#define SSL_F_ssl_get_prev_session 234
+#define SSL_F_ssl_get_server_cert_index 235
+#define SSL_F_ssl_get_sign_pkey 236
+#define SSL_F_ssl_init_wbio_buffer 237
+#define SSL_F_ssl_parse_clienthello_renegotiate_ext 238
+#define SSL_F_ssl_parse_clienthello_tlsext 239
+#define SSL_F_ssl_parse_clienthello_use_srtp_ext 240
+#define SSL_F_ssl_parse_serverhello_renegotiate_ext 241
+#define SSL_F_ssl_parse_serverhello_tlsext 242
+#define SSL_F_ssl_parse_serverhello_use_srtp_ext 243
+#define SSL_F_ssl_scan_clienthello_tlsext 244
+#define SSL_F_ssl_scan_serverhello_tlsext 245
+#define SSL_F_ssl_sess_cert_new 246
+#define SSL_F_ssl_set_cert 247
+#define SSL_F_ssl_set_pkey 248
+#define SSL_F_ssl_verify_cert_chain 252
+#define SSL_F_tls12_check_peer_sigalg 253
+#define SSL_F_tls1_aead_ctx_init 254
+#define SSL_F_tls1_cert_verify_mac 255
+#define SSL_F_tls1_change_cipher_state 256
+#define SSL_F_tls1_change_cipher_state_aead 257
+#define SSL_F_tls1_check_duplicate_extensions 258
+#define SSL_F_tls1_enc 259
+#define SSL_F_tls1_export_keying_material 260
+#define SSL_F_tls1_prf 261
+#define SSL_F_tls1_setup_key_block 262
+#define SSL_F_dtls1_get_buffered_message 263
+#define SSL_F_dtls1_process_fragment 264
+#define SSL_F_dtls1_hm_fragment_new 265
+#define SSL_F_ssl3_seal_record 266
+#define SSL_F_ssl3_record_sequence_update 267
+#define SSL_F_SSL_CTX_set_tmp_dh 268
+#define SSL_F_SSL_CTX_set_tmp_ecdh 269
+#define SSL_F_SSL_set_tmp_dh 270
+#define SSL_F_SSL_set_tmp_ecdh 271
+#define SSL_F_SSL_CTX_set1_tls_channel_id 272
+#define SSL_F_SSL_set1_tls_channel_id 273
+#define SSL_F_SSL_set_tlsext_host_name 274
+#define SSL_F_ssl3_output_cert_chain 275
+#define SSL_R_APP_DATA_IN_HANDSHAKE 100
+#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 101
+#define SSL_R_BAD_ALERT 102
+#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
+#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 104
+#define SSL_R_BAD_DH_P_LENGTH 105
+#define SSL_R_BAD_DIGEST_LENGTH 106
+#define SSL_R_BAD_ECC_CERT 107
+#define SSL_R_BAD_ECPOINT 108
+#define SSL_R_BAD_HANDSHAKE_LENGTH 109
+#define SSL_R_BAD_HANDSHAKE_RECORD 110
#define SSL_R_BAD_HELLO_REQUEST 111
-#define SSL_R_NULL_SSL_METHOD_PASSED 112
-#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 113
-#define SSL_R_BAD_ECDSA_SIGNATURE 114
-#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 115
-#define SSL_R_BAD_DH_PUB_KEY_LENGTH 116
-#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 117
-#define SSL_R_APP_DATA_IN_HANDSHAKE 118
-#define SSL_R_NO_PEM_EXTENSIONS 119
-#define SSL_R_BAD_SRP_B_LENGTH 120
-#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 121
-#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 122
-#define SSL_R_MISSING_SRP_PARAM 123
-#define SSL_R_MISSING_RSA_SIGNING_CERT 124
-#define SSL_R_MISSING_DSA_SIGNING_CERT 125
-#define SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE 126
-#define SSL_R_UNEXPECTED_RECORD 127
-#define SSL_R_BAD_DIGEST_LENGTH 128
-#define SSL_R_READ_TIMEOUT_EXPIRED 129
-#define SSL_R_KRB5_C_GET_CRED 130
-#define SSL_R_NULL_SSL_CTX 131
-#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 134
-#define SSL_R_SSL3_SESSION_ID_TOO_LONG 135
-#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 136
-#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 137
-#define SSL_R_COOKIE_MISMATCH 139
-#define SSL_R_UNINITIALIZED 140
-#define SSL_R_BAD_CHANGE_CIPHER_SPEC 141
-#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 142
-#define SSL_R_BAD_SRP_G_LENGTH 143
-#define SSL_R_NO_CERTIFICATE_ASSIGNED 144
-#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 145
-#define SSL_R_PEM_NAME_TOO_SHORT 146
-#define SSL_R_PROTOCOL_IS_SHUTDOWN 148
-#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 149
-#define SSL_R_WRONG_MESSAGE_TYPE 150
-#define SSL_R_BAD_RSA_MODULUS_LENGTH 151
-#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 152
-#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 153
-#define SSL_R_NO_CLIENT_CERT_RECEIVED 154
-#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 155
-#define SSL_R_CERT_LENGTH_MISMATCH 156
-#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 157
-#define SSL_R_DUPLICATE_COMPRESSION_ID 158
-#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 159
-#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 160
-#define SSL_R_DATA_LENGTH_TOO_LONG 161
-#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 162
-#define SSL_R_WRONG_SIGNATURE_LENGTH 163
-#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 164
-#define SSL_R_WRONG_VERSION_NUMBER 165
-#define SSL_R_RECORD_TOO_LARGE 166
-#define SSL_R_BIO_NOT_SET 167
-#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 168
-#define SSL_R_UNKNOWN_PKEY_TYPE 170
-#define SSL_R_CIPHER_CODE_WRONG_LENGTH 171
-#define SSL_R_SSL_SESSION_ID_CONFLICT 172
-#define SSL_R_INVALID_COMMAND 173
-#define SSL_R_NO_PROTOCOLS_AVAILABLE 174
-#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 175
-#define SSL_R_LIBRARY_BUG 176
-#define SSL_R_UNSUPPORTED_CIPHER 177
-#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 178
-#define SSL_R_WRONG_SIGNATURE_TYPE 179
-#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 180
-#define SSL_R_PSK_NO_SERVER_CB 181
-#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 182
-#define SSL_R_INVALID_TRUST 183
-#define SSL_R_PARSE_TLSEXT 184
-#define SSL_R_NO_SRTP_PROFILES 185
-#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 186
-#define SSL_R_UNKNOWN_STATE 187
-#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 188
-#define SSL_R_WRONG_CIPHER_RETURNED 189
-#define SSL_R_BAD_DH_G_LENGTH 190
-#define SSL_R_BAD_ALERT_RECORD 191
-#define SSL_R_CIPHER_TABLE_SRC_ERROR 192
-#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 194
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 195
-#define SSL_R_MESSAGE_TOO_LONG 196
-#define SSL_R_BAD_RSA_SIGNATURE 197
-#define SSL_R_X509_LIB 198
-#define SSL_R_BAD_SRP_N_LENGTH 199
-#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 200
-#define SSL_R_UNKNOWN_CIPHER_TYPE 201
-#define SSL_R_BAD_DH_P_LENGTH 202
-#define SSL_R_MISSING_DH_RSA_CERT 203
-#define SSL_R_NO_METHOD_SPECIFIED 204
-#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 205
-#define SSL_R_MULTIPLE_SGC_RESTARTS 206
-#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 207
-#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 208
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 209
-#define SSL_R_BAD_SRP_S_LENGTH 210
-#define SSL_R_MISSING_TMP_RSA_KEY 211
-#define SSL_R_PSK_NO_CLIENT_CB 212
-#define SSL_R_PEM_NAME_BAD_PREFIX 213
-#define SSL_R_BAD_CHECKSUM 214
-#define SSL_R_NO_CIPHER_MATCH 216
-#define SSL_R_MISSING_TMP_DH_KEY 217
-#define SSL_R_UNSUPPORTED_STATUS_TYPE 218
-#define SSL_R_UNKNOWN_AUTHZ_DATA_TYPE 219
-#define SSL_R_CONNECTION_TYPE_NOT_SET 220
-#define SSL_R_MISSING_DH_KEY 221
-#define SSL_R_CHANNEL_ID_NOT_P256 222
-#define SSL_R_UNKNOWN_SUPPLEMENTAL_DATA_TYPE 223
-#define SSL_R_UNKNOWN_PROTOCOL 224
-#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 225
-#define SSL_R_KRB5_S_TKT_SKEW 226
-#define SSL_R_PUBLIC_KEY_NOT_RSA 227
-#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 228
-#define SSL_R_GOST_NOT_SUPPORTED 229
-#define SSL_R_KRB5_C_CC_PRINC 230
-#define SSL_R_INVALID_PURPOSE 234
-#define SSL_R_KRB5_C_MK_REQ 235
-#define SSL_R_BAD_SRTP_MKI_VALUE 237
-#define SSL_R_EVP_DIGESTSIGNINIT_FAILED 238
-#define SSL_R_DIGEST_CHECK_FAILED 239
-#define SSL_R_BAD_SRP_A_LENGTH 240
-#define SSL_R_SERVERHELLO_TLSEXT 241
-#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 242
-#define SSL_R_NO_CIPHERS_AVAILABLE 243
-#define SSL_R_COMPRESSION_FAILURE 244
-#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 245
-#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 246
-#define SSL_R_BAD_RSA_ENCRYPT 247
-#define SSL_R_EXCESSIVE_MESSAGE_SIZE 248
-#define SSL_R_INVALID_COMPRESSION_ALGORITHM 249
-#define SSL_R_SHORT_READ 250
-#define SSL_R_CA_DN_LENGTH_MISMATCH 252
-#define SSL_R_BAD_ECC_CERT 253
-#define SSL_R_NON_SSLV2_INITIAL_PACKET 254
-#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 255
-#define SSL_R_MISSING_TMP_RSA_PKEY 256
-#define SSL_R_BN_LIB 257
-#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 258
-#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 259
-#define SSL_R_NO_RENEGOTIATION 260
-#define SSL_R_NO_COMPRESSION_SPECIFIED 261
+#define SSL_R_BAD_LENGTH 112
+#define SSL_R_BAD_PACKET_LENGTH 113
+#define SSL_R_BAD_RSA_ENCRYPT 114
+#define SSL_R_BAD_SIGNATURE 115
+#define SSL_R_BAD_SRTP_MKI_VALUE 116
+#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 117
+#define SSL_R_BAD_SSL_FILETYPE 118
+#define SSL_R_BAD_WRITE_RETRY 119
+#define SSL_R_BIO_NOT_SET 120
+#define SSL_R_BN_LIB 121
+#define SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY 122
+#define SSL_R_CA_DN_LENGTH_MISMATCH 123
+#define SSL_R_CA_DN_TOO_LONG 124
+#define SSL_R_CCS_RECEIVED_EARLY 125
+#define SSL_R_CERTIFICATE_VERIFY_FAILED 126
+#define SSL_R_CERT_CB_ERROR 127
+#define SSL_R_CERT_LENGTH_MISMATCH 128
+#define SSL_R_CHANNEL_ID_NOT_P256 129
+#define SSL_R_CHANNEL_ID_SIGNATURE_INVALID 130
+#define SSL_R_CIPHER_CODE_WRONG_LENGTH 131
+#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 132
+#define SSL_R_CLIENTHELLO_PARSE_FAILED 133
+#define SSL_R_CLIENTHELLO_TLSEXT 134
+#define SSL_R_CONNECTION_REJECTED 135
+#define SSL_R_CONNECTION_TYPE_NOT_SET 136
+#define SSL_R_COOKIE_MISMATCH 137
+#define SSL_R_D2I_ECDSA_SIG 138
+#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 139
+#define SSL_R_DATA_LENGTH_TOO_LONG 140
+#define SSL_R_DECODE_ERROR 141
+#define SSL_R_DECRYPTION_FAILED 142
+#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 143
+#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 144
+#define SSL_R_DIGEST_CHECK_FAILED 145
+#define SSL_R_DTLS_MESSAGE_TOO_BIG 146
+#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 147
+#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 148
+#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 149
+#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 150
+#define SSL_R_EVP_DIGESTSIGNFINAL_FAILED 151
+#define SSL_R_EVP_DIGESTSIGNINIT_FAILED 152
+#define SSL_R_EXCESSIVE_MESSAGE_SIZE 153
+#define SSL_R_EXTRA_DATA_IN_MESSAGE 154
+#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 155
+#define SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS 156
+#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 157
+#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 158
+#define SSL_R_HANDSHAKE_FAILURE_ON_CLIENT_HELLO 159
+#define SSL_R_HANDSHAKE_RECORD_BEFORE_CCS 160
+#define SSL_R_HTTPS_PROXY_REQUEST 161
+#define SSL_R_HTTP_REQUEST 162
+#define SSL_R_INAPPROPRIATE_FALLBACK 163
+#define SSL_R_INVALID_COMMAND 164
+#define SSL_R_INVALID_MESSAGE 165
+#define SSL_R_INVALID_SSL_SESSION 166
+#define SSL_R_INVALID_TICKET_KEYS_LENGTH 167
+#define SSL_R_LENGTH_MISMATCH 168
+#define SSL_R_LIBRARY_HAS_NO_CIPHERS 169
+#define SSL_R_MISSING_DH_KEY 170
+#define SSL_R_MISSING_ECDSA_SIGNING_CERT 171
+#define SSL_R_MISSING_RSA_CERTIFICATE 172
+#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 173
+#define SSL_R_MISSING_RSA_SIGNING_CERT 174
+#define SSL_R_MISSING_TMP_DH_KEY 175
+#define SSL_R_MISSING_TMP_ECDH_KEY 176
+#define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 177
+#define SSL_R_MTU_TOO_SMALL 178
+#define SSL_R_NESTED_GROUP 179
+#define SSL_R_NO_CERTIFICATES_RETURNED 180
+#define SSL_R_NO_CERTIFICATE_ASSIGNED 181
+#define SSL_R_NO_CERTIFICATE_SET 182
+#define SSL_R_NO_CIPHERS_AVAILABLE 183
+#define SSL_R_NO_CIPHERS_PASSED 184
+#define SSL_R_NO_CIPHERS_SPECIFIED 185
+#define SSL_R_NO_CIPHER_MATCH 186
+#define SSL_R_NO_COMPRESSION_SPECIFIED 187
+#define SSL_R_NO_METHOD_SPECIFIED 188
+#define SSL_R_NO_P256_SUPPORT 189
+#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
+#define SSL_R_NO_RENEGOTIATION 191
+#define SSL_R_NO_REQUIRED_DIGEST 192
+#define SSL_R_NO_SHARED_CIPHER 193
+#define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 194
+#define SSL_R_NO_SRTP_PROFILES 195
+#define SSL_R_NULL_SSL_CTX 196
+#define SSL_R_NULL_SSL_METHOD_PASSED 197
+#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 198
+#define SSL_R_PACKET_LENGTH_TOO_LONG 199
+#define SSL_R_PARSE_TLSEXT 200
+#define SSL_R_PATH_TOO_LONG 201
+#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 202
+#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 203
+#define SSL_R_PROTOCOL_IS_SHUTDOWN 204
+#define SSL_R_PSK_IDENTITY_NOT_FOUND 205
+#define SSL_R_PSK_NO_CLIENT_CB 206
+#define SSL_R_PSK_NO_SERVER_CB 207
+#define SSL_R_READ_BIO_NOT_SET 208
+#define SSL_R_READ_TIMEOUT_EXPIRED 209
+#define SSL_R_RECORD_LENGTH_MISMATCH 210
+#define SSL_R_RECORD_TOO_LARGE 211
+#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 212
+#define SSL_R_RENEGOTIATION_ENCODING_ERR 213
+#define SSL_R_RENEGOTIATION_MISMATCH 214
+#define SSL_R_REQUIRED_CIPHER_MISSING 215
+#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 216
+#define SSL_R_SERVERHELLO_TLSEXT 217
+#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 218
+#define SSL_R_SESSION_MAY_NOT_BE_CREATED 219
+#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 220
+#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 221
+#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 222
+#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 223
+#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 224
+#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 225
+#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 226
+#define SSL_R_SSL_HANDSHAKE_FAILURE 227
+#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 228
+#define SSL_R_SSL_SESSION_ID_CONFLICT 229
+#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 230
+#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 231
+#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
+#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 233
+#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 234
+#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 235
+#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 236
+#define SSL_R_TOO_MANY_EMPTY_FRAGMENTS 237
+#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 238
+#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
+#define SSL_R_UNEXPECTED_GROUP_CLOSE 240
+#define SSL_R_UNEXPECTED_MESSAGE 241
+#define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 242
+#define SSL_R_UNEXPECTED_RECORD 243
+#define SSL_R_UNINITIALIZED 244
+#define SSL_R_UNKNOWN_ALERT_TYPE 245
+#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 246
+#define SSL_R_UNKNOWN_CIPHER_RETURNED 247
+#define SSL_R_UNKNOWN_CIPHER_TYPE 248
+#define SSL_R_UNKNOWN_DIGEST 249
+#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
+#define SSL_R_UNKNOWN_PROTOCOL 251
+#define SSL_R_UNKNOWN_SSL_VERSION 252
+#define SSL_R_UNKNOWN_STATE 253
+#define SSL_R_UNPROCESSED_HANDSHAKE_DATA 254
+#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 255
+#define SSL_R_UNSUPPORTED_CIPHER 256
+#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
+#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 258
+#define SSL_R_UNSUPPORTED_PROTOCOL 259
+#define SSL_R_UNSUPPORTED_SSL_VERSION 260
+#define SSL_R_USE_SRTP_NOT_NEGOTIATED 261
#define SSL_R_WRONG_CERTIFICATE_TYPE 262
-#define SSL_R_CHANNEL_ID_SIGNATURE_INVALID 264
-#define SSL_R_READ_BIO_NOT_SET 265
-#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 266
-#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 267
-#define SSL_R_INVALID_CHALLENGE_LENGTH 268
-#define SSL_R_LIBRARY_HAS_NO_CIPHERS 270
-#define SSL_R_WRONG_CURVE 271
-#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 272
-#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 275
-#define SSL_R_MISSING_RSA_CERTIFICATE 276
-#define SSL_R_NO_P256_SUPPORT 277
-#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 278
-#define SSL_R_INVALID_SERVERINFO_DATA 279
-#define SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS 280
-#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 281
-#define SSL_R_KRB5_S_BAD_TICKET 282
-#define SSL_R_EVP_DIGESTSIGNFINAL_FAILED 283
-#define SSL_R_PACKET_LENGTH_TOO_LONG 284
-#define SSL_R_BAD_STATE 285
-#define SSL_R_USE_SRTP_NOT_NEGOTIATED 286
-#define SSL_R_BAD_RSA_E_LENGTH 287
-#define SSL_R_ILLEGAL_PADDING 288
-#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 289
-#define SSL_R_BAD_VALUE 290
-#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 291
-#define SSL_R_COMPRESSION_DISABLED 292
-#define SSL_R_BAD_DECOMPRESSION 293
-#define SSL_R_CHALLENGE_IS_DIFFERENT 294
-#define SSL_R_NO_CLIENT_CERT_METHOD 295
-#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 296
-#define SSL_R_INVALID_MESSAGE 297
-#define SSL_R_HTTPS_PROXY_REQUEST 298
-#define SSL_R_AUTHZ_DATA_TOO_LARGE 299
-#define SSL_R_KRB5_S_TKT_EXPIRED 300
-#define SSL_R_NO_CERTIFICATE_SPECIFIED 301
-#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 302
-#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 303
-#define SSL_R_INVALID_STATUS_RESPONSE 304
-#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 305
-#define SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE 306
-#define SSL_R_MISSING_TMP_ECDH_KEY 307
-#define SSL_R_CERTIFICATE_VERIFY_FAILED 308
-#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 309
-#define SSL_R_RENEGOTIATION_ENCODING_ERR 310
-#define SSL_R_NO_PRIVATEKEY 311
-#define SSL_R_READ_WRONG_PACKET_TYPE 313
-#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 314
-#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 315
-#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 316
-#define SSL_R_HTTP_REQUEST 317
-#define SSL_R_KRB5_S_INIT 318
-#define SSL_R_RECORD_LENGTH_MISMATCH 320
-#define SSL_R_BAD_LENGTH 321
-#define SSL_R_NO_REQUIRED_DIGEST 322
-#define SSL_R_KRB5 323
-#define SSL_R_CCS_RECEIVED_EARLY 325
-#define SSL_R_MISSING_ECDSA_SIGNING_CERT 326
-#define SSL_R_D2I_ECDSA_SIG 327
-#define SSL_R_PATH_TOO_LONG 328
-#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 329
-#define SSL_R_UNSUPPORTED_DIGEST_TYPE 330
-#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 331
-#define SSL_R_PEER_ERROR_CERTIFICATE 332
-#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 333
-#define SSL_R_NO_CERTIFICATE_SET 334
-#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 335
-#define SSL_R_NO_CERTIFICATES_RETURNED 337
-#define SSL_R_BAD_WRITE_RETRY 338
-#define SSL_R_BAD_SSL_FILETYPE 339
-#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 340
-#define SSL_R_NO_CIPHERS_SPECIFIED 341
-#define SSL_R_LENGTH_MISMATCH 342
-#define SSL_R_NO_CIPHERS_PASSED 343
-#define SSL_R_NO_VERIFY_CALLBACK 344
-#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 345
-#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 347
-#define SSL_R_UNEXPECTED_MESSAGE 348
-#define SSL_R_MISSING_DH_DSA_CERT 349
-#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 350
-#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 351
-#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 352
-#define SSL_R_ILLEGAL_SUITEB_DIGEST 353
-#define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 354
-#define SSL_R_CLIENTHELLO_TLSEXT 355
-#define SSL_R_INVALID_AUTHZ_DATA 356
-#define SSL_R_BAD_RESPONSE_ARGUMENT 357
-#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 358
-#define SSL_R_REQUIRED_CIPHER_MISSING 359
-#define SSL_R_INVALID_AUDIT_PROOF 360
-#define SSL_R_PSK_IDENTITY_NOT_FOUND 361
-#define SSL_R_UNKNOWN_ALERT_TYPE 362
-#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 363
-#define SSL_R_BAD_AUTHENTICATION_TYPE 365
-#define SSL_R_DECRYPTION_FAILED 366
-#define SSL_R_WRONG_SSL_VERSION 367
-#define SSL_R_NO_CERTIFICATE_RETURNED 368
-#define SSL_R_CA_DN_TOO_LONG 370
-#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 371
-#define SSL_R_COMPRESSION_LIBRARY_ERROR 372
-#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 374
-#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 375
-#define SSL_R_BAD_ECPOINT 376
-#define SSL_R_BAD_HANDSHAKE_LENGTH 377
-#define SSL_R_KRB5_S_RD_REQ 380
-#define SSL_R_PEER_ERROR_NO_CERTIFICATE 381
-#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 382
-#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 383
-#define SSL_R_UNKNOWN_DIGEST 384
-#define SSL_R_WRONG_SIGNATURE_SIZE 385
-#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 386
-#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 387
-#define SSL_R_BAD_SIGNATURE 388
-#define SSL_R_BAD_PACKET_LENGTH 389
-#define SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY 390
-#define SSL_R_RENEGOTIATION_MISMATCH 391
-#define SSL_R_BAD_MAC_LENGTH 392
-#define SSL_R_NO_PUBLICKEY 393
-#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 394
-#define SSL_R_BAD_MAC_DECODE 395
-#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 396
-#define SSL_R_EXTRA_DATA_IN_MESSAGE 397
-#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 398
-#define SSL_R_CONNECTION_ID_IS_DIFFERENT 399
-#define SSL_R_MISSING_VERIFY_MESSAGE 402
-#define SSL_R_BAD_DSA_SIGNATURE 403
-#define SSL_R_UNKNOWN_SSL_VERSION 404
-#define SSL_R_KEY_ARG_TOO_LONG 405
-#define SSL_R_KRB5_C_INIT 406
-#define SSL_R_NO_CIPHER_LIST 407
-#define SSL_R_PEER_ERROR_NO_CIPHER 408
-#define SSL_R_UNKNOWN_CMD_NAME 409
-#define SSL_R_UNKNOWN_CIPHER_RETURNED 410
-#define SSL_R_RECORD_TOO_SMALL 411
-#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 412
-#define SSL_R_UNSUPPORTED_SSL_VERSION 413
-#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 415
-#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 416
-#define SSL_R_BAD_DATA 417
-#define SSL_R_KRB5_S_TKT_NYV 418
-#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 420
-#define SSL_R_BAD_MESSAGE_TYPE 421
-#define SSL_R_MISSING_ECDH_CERT 422
-#define SSL_R_UNSUPPORTED_PROTOCOL 423
-#define SSL_R_SRP_A_CALC 424
-#define SSL_R_WRITE_BIO_NOT_SET 425
-#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 426
-#define SSL_R_LENGTH_TOO_SHORT 427
-#define SSL_R_CERT_CB_ERROR 428
-#define SSL_R_DTLS_MESSAGE_TOO_BIG 429
-#define SSL_R_INVALID_SRP_USERNAME 430
-#define SSL_R_TOO_MANY_EMPTY_FRAGMENTS 431
-#define SSL_R_NESTED_GROUP 432
-#define SSL_R_UNEXPECTED_GROUP_CLOSE 433
-#define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 434
-#define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 435
-#define SSL_R_INAPPROPRIATE_FALLBACK 436
-#define SSL_R_CLIENTHELLO_PARSE_FAILED 437
-#define SSL_R_CONNECTION_REJECTED 438
-#define SSL_R_DECODE_ERROR 439
-#define SSL_R_UNPROCESSED_HANDSHAKE_DATA 440
-#define SSL_R_HANDSHAKE_RECORD_BEFORE_CCS 441
-#define SSL_R_SESSION_MAY_NOT_BE_CREATED 442
-#define SSL_R_INVALID_SSL_SESSION 443
-#define SSL_R_BAD_ALERT 444
-#define SSL_R_HANDSHAKE_FAILURE_ON_CLIENT_HELLO 445
-#define SSL_R_MTU_TOO_SMALL 446
+#define SSL_R_WRONG_CIPHER_RETURNED 263
+#define SSL_R_WRONG_CURVE 264
+#define SSL_R_WRONG_MESSAGE_TYPE 265
+#define SSL_R_WRONG_SIGNATURE_TYPE 266
+#define SSL_R_WRONG_SSL_VERSION 267
+#define SSL_R_WRONG_VERSION_NUMBER 268
+#define SSL_R_X509_LIB 269
+#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 270
+#define SSL_R_FRAGMENT_MISMATCH 271
+#define SSL_R_BUFFER_TOO_SMALL 272
+#define SSL_R_OLD_SESSION_VERSION_NOT_RETURNED 273
#define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
@@ -2756,4 +2893,4 @@
#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
-#endif
+#endif /* OPENSSL_HEADER_SSL_H */
diff --git a/src/include/openssl/ssl2.h b/src/include/openssl/ssl2.h
index eb25dcb..b8401fa 100644
--- a/src/include/openssl/ssl2.h
+++ b/src/include/openssl/ssl2.h
@@ -151,10 +151,6 @@
#define SSL2_MIN_CERT_CHALLENGE_LENGTH 16
#define SSL2_MAX_KEY_MATERIAL_LENGTH 24
-#ifndef HEADER_SSL_LOCL_H
-#define CERT char
-#endif
-
#ifndef OPENSSL_NO_SSL_INTERN
typedef struct ssl2_state_st
diff --git a/src/include/openssl/ssl3.h b/src/include/openssl/ssl3.h
index 8745281..96f00cf 100644
--- a/src/include/openssl/ssl3.h
+++ b/src/include/openssl/ssl3.h
@@ -117,9 +117,11 @@
#ifndef HEADER_SSL3_H
#define HEADER_SSL3_H
+#include <openssl/aead.h>
#include <openssl/buf.h>
#include <openssl/evp.h>
#include <openssl/ssl.h>
+#include <openssl/type_check.h>
#ifdef __cplusplus
extern "C" {
@@ -237,19 +239,28 @@
/* The standards give a maximum encryption overhead of 1024 bytes. In practice
* the value is lower than this. The overhead is the maximum number of padding
- * bytes (256) plus the mac size. */
+ * bytes (256) plus the mac size.
+ *
+ * TODO(davidben): This derivation doesn't take AEADs into account, or TLS 1.1
+ * explicit nonces. It happens to work because |SSL3_RT_MAX_MD_SIZE| is larger
+ * than necessary and no true AEAD has variable overhead in TLS 1.2. */
#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)
-/* OpenSSL currently only uses a padding length of at most one block so the
- * send overhead is smaller. */
-
+/* SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD is the maximum overhead in encrypting a
+ * record. This does not include the record header. Some ciphers use explicit
+ * nonces, so it includes both the AEAD overhead as well as the nonce. */
#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
- (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
+ (EVP_AEAD_MAX_OVERHEAD + EVP_AEAD_MAX_NONCE_LENGTH)
-/* If compression isn't used don't include the compression overhead */
+OPENSSL_COMPILE_ASSERT(
+ SSL3_RT_MAX_ENCRYPTED_OVERHEAD >= SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD,
+ max_overheads_are_consistent);
-#define SSL3_RT_MAX_COMPRESSED_LENGTH \
- (SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_COMPRESSED_OVERHEAD)
+/* SSL3_RT_MAX_COMPRESSED_LENGTH is an alias for
+ * |SSL3_RT_MAX_PLAIN_LENGTH|. Compression is gone, so don't include the
+ * compression overhead. */
+#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
+
#define SSL3_RT_MAX_ENCRYPTED_LENGTH \
(SSL3_RT_MAX_ENCRYPTED_OVERHEAD + SSL3_RT_MAX_COMPRESSED_LENGTH)
#define SSL3_RT_MAX_PACKET_SIZE \
@@ -347,7 +358,6 @@
/* flags for countermeasure against known-IV weakness */
int need_record_splitting;
- int record_split_done;
/* The value of 'extra' when the buffers were initialized */
int init_extra;
@@ -399,9 +409,6 @@
* no more data in the read or write buffers */
int renegotiate;
int total_renegotiations;
- int num_renegotiations;
-
- int in_read_app_data;
/* State pertaining to the pending handshake.
*
@@ -486,6 +493,10 @@
/* new_mac_secret_size is unused and exists only until wpa_supplicant can
* be updated. It is only needed for EAP-FAST, which we don't support. */
uint8_t new_mac_secret_size;
+
+ /* Client-only: in_false_start is one if there is a pending handshake in
+ * False Start. The client may write data at this point. */
+ char in_false_start;
} tmp;
/* Connection binding to prevent renegotiation attacks */
@@ -528,7 +539,7 @@
/* client */
/* extra state */
#define SSL3_ST_CW_FLUSH (0x100 | SSL_ST_CONNECT)
-#define SSL3_ST_CUTTHROUGH_COMPLETE (0x101 | SSL_ST_CONNECT)
+#define SSL3_ST_FALSE_START (0x101 | SSL_ST_CONNECT)
/* write to server */
#define SSL3_ST_CW_CLNT_HELLO_A (0x110 | SSL_ST_CONNECT)
#define SSL3_ST_CW_CLNT_HELLO_B (0x111 | SSL_ST_CONNECT)
@@ -583,8 +594,6 @@
#define SSL3_ST_SR_CLNT_HELLO_C (0x112 | SSL_ST_ACCEPT)
#define SSL3_ST_SR_CLNT_HELLO_D (0x115 | SSL_ST_ACCEPT)
/* write to client */
-#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113 | SSL_ST_ACCEPT)
-#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114 | SSL_ST_ACCEPT)
#define SSL3_ST_SW_HELLO_REQ_A (0x120 | SSL_ST_ACCEPT)
#define SSL3_ST_SW_HELLO_REQ_B (0x121 | SSL_ST_ACCEPT)
#define SSL3_ST_SW_HELLO_REQ_C (0x122 | SSL_ST_ACCEPT)
diff --git a/src/include/openssl/stack.h b/src/include/openssl/stack.h
index 0eeda7f..350fa14 100644
--- a/src/include/openssl/stack.h
+++ b/src/include/openssl/stack.h
@@ -114,7 +114,7 @@
#define DEFINE_STACK_OF(type) \
STACK_OF(type) {\
_STACK stack; \
-};
+}
#define DECLARE_STACK_OF(type) STACK_OF(type);
@@ -286,6 +286,13 @@
* the previous one. */
OPENSSL_EXPORT stack_cmp_func sk_set_cmp_func(_STACK *sk, stack_cmp_func comp);
+/* sk_deep_copy performs a copy of |sk| and of each of the non-NULL elements in
+ * |sk| by using |copy_func|. If an error occurs, |free_func| is used to free
+ * any copies already made and NULL is returned. */
+OPENSSL_EXPORT _STACK *sk_deep_copy(const _STACK *sk,
+ void *(*copy_func)(void *),
+ void (*free_func)(void *));
+
#if defined(__cplusplus)
} /* extern C */
diff --git a/src/include/openssl/stack_macros.h b/src/include/openssl/stack_macros.h
index a62fce3..dadcf6b 100644
--- a/src/include/openssl/stack_macros.h
+++ b/src/include/openssl/stack_macros.h
@@ -88,14 +88,21 @@
#define sk_ACCESS_DESCRIPTION_is_sorted(sk) \
sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(ACCESS_DESCRIPTION) *, sk))
-#define sk_ACCESS_DESCRIPTION_set_cmp_func(sk, comp) \
- ((int (*)(const ACCESS_DESCRIPTION **a, const ACCESS_DESCRIPTION **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(ACCESS_DESCRIPTION) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const ACCESS_DESCRIPTION **a, \
- const ACCESS_DESCRIPTION **b), \
- comp)))
+#define sk_ACCESS_DESCRIPTION_set_cmp_func(sk, comp) \
+ ((int (*)(const ACCESS_DESCRIPTION **a, const ACCESS_DESCRIPTION **b)) \
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(ACCESS_DESCRIPTION) *, sk), \
+ CHECKED_CAST(stack_cmp_func, int (*)(const ACCESS_DESCRIPTION **a, \
+ const ACCESS_DESCRIPTION **b), \
+ comp)))
+#define sk_ACCESS_DESCRIPTION_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(ACCESS_DESCRIPTION) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(ACCESS_DESCRIPTION) *, sk), \
+ CHECKED_CAST(void *(*)(void *), \
+ ACCESS_DESCRIPTION *(*)(ACCESS_DESCRIPTION *), copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(ACCESS_DESCRIPTION *), \
+ free_func)))
/* ASN1_ADB_TABLE */
#define sk_ASN1_ADB_TABLE_new(comp) \
@@ -167,14 +174,20 @@
#define sk_ASN1_ADB_TABLE_is_sorted(sk) \
sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(ASN1_ADB_TABLE) *, sk))
-#define sk_ASN1_ADB_TABLE_set_cmp_func(sk, comp) \
- ((int (*)(const ASN1_ADB_TABLE **a, const ASN1_ADB_TABLE **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(ASN1_ADB_TABLE) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const ASN1_ADB_TABLE **a, \
- const ASN1_ADB_TABLE **b), \
- comp)))
+#define sk_ASN1_ADB_TABLE_set_cmp_func(sk, comp) \
+ ((int (*)(const ASN1_ADB_TABLE **a, const ASN1_ADB_TABLE **b)) \
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(ASN1_ADB_TABLE) *, sk), \
+ CHECKED_CAST(stack_cmp_func, int (*)(const ASN1_ADB_TABLE **a, \
+ const ASN1_ADB_TABLE **b), \
+ comp)))
+#define sk_ASN1_ADB_TABLE_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(ASN1_ADB_TABLE) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_ADB_TABLE) *, sk), \
+ CHECKED_CAST(void *(*)(void *), ASN1_ADB_TABLE *(*)(ASN1_ADB_TABLE *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(ASN1_ADB_TABLE *), free_func)))
/* ASN1_GENERALSTRING */
#define sk_ASN1_GENERALSTRING_new(comp) \
@@ -248,14 +261,21 @@
#define sk_ASN1_GENERALSTRING_is_sorted(sk) \
sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(ASN1_GENERALSTRING) *, sk))
-#define sk_ASN1_GENERALSTRING_set_cmp_func(sk, comp) \
- ((int (*)(const ASN1_GENERALSTRING **a, const ASN1_GENERALSTRING **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(ASN1_GENERALSTRING) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const ASN1_GENERALSTRING **a, \
- const ASN1_GENERALSTRING **b), \
- comp)))
+#define sk_ASN1_GENERALSTRING_set_cmp_func(sk, comp) \
+ ((int (*)(const ASN1_GENERALSTRING **a, const ASN1_GENERALSTRING **b)) \
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(ASN1_GENERALSTRING) *, sk), \
+ CHECKED_CAST(stack_cmp_func, int (*)(const ASN1_GENERALSTRING **a, \
+ const ASN1_GENERALSTRING **b), \
+ comp)))
+#define sk_ASN1_GENERALSTRING_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(ASN1_GENERALSTRING) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_GENERALSTRING) *, sk), \
+ CHECKED_CAST(void *(*)(void *), \
+ ASN1_GENERALSTRING *(*)(ASN1_GENERALSTRING *), copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(ASN1_GENERALSTRING *), \
+ free_func)))
/* ASN1_INTEGER */
#define sk_ASN1_INTEGER_new(comp) \
@@ -333,6 +353,12 @@
int (*)(const ASN1_INTEGER **a, const ASN1_INTEGER **b), \
comp)))
+#define sk_ASN1_INTEGER_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(ASN1_INTEGER) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_INTEGER) *, sk), \
+ CHECKED_CAST(void *(*)(void *), ASN1_INTEGER *(*)(ASN1_INTEGER *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(ASN1_INTEGER *), free_func)))
/* ASN1_OBJECT */
#define sk_ASN1_OBJECT_new(comp) \
@@ -408,6 +434,12 @@
int (*)(const ASN1_OBJECT **a, const ASN1_OBJECT **b), \
comp)))
+#define sk_ASN1_OBJECT_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(ASN1_OBJECT) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_OBJECT) *, sk), \
+ CHECKED_CAST(void *(*)(void *), ASN1_OBJECT *(*)(ASN1_OBJECT *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(ASN1_OBJECT *), free_func)))
/* ASN1_STRING_TABLE */
#define sk_ASN1_STRING_TABLE_new(comp) \
@@ -481,14 +513,21 @@
#define sk_ASN1_STRING_TABLE_is_sorted(sk) \
sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(ASN1_STRING_TABLE) *, sk))
-#define sk_ASN1_STRING_TABLE_set_cmp_func(sk, comp) \
- ((int (*)(const ASN1_STRING_TABLE **a, const ASN1_STRING_TABLE **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(ASN1_STRING_TABLE) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const ASN1_STRING_TABLE **a, \
- const ASN1_STRING_TABLE **b), \
- comp)))
+#define sk_ASN1_STRING_TABLE_set_cmp_func(sk, comp) \
+ ((int (*)(const ASN1_STRING_TABLE **a, const ASN1_STRING_TABLE **b)) \
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(ASN1_STRING_TABLE) *, sk), \
+ CHECKED_CAST(stack_cmp_func, int (*)(const ASN1_STRING_TABLE **a, \
+ const ASN1_STRING_TABLE **b), \
+ comp)))
+#define sk_ASN1_STRING_TABLE_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(ASN1_STRING_TABLE) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_STRING_TABLE) *, sk), \
+ CHECKED_CAST(void *(*)(void *), \
+ ASN1_STRING_TABLE *(*)(ASN1_STRING_TABLE *), copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(ASN1_STRING_TABLE *), \
+ free_func)))
/* ASN1_TYPE */
#define sk_ASN1_TYPE_new(comp) \
@@ -563,6 +602,11 @@
CHECKED_CAST(stack_cmp_func, \
int (*)(const ASN1_TYPE **a, const ASN1_TYPE **b), comp)))
+#define sk_ASN1_TYPE_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(ASN1_TYPE) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_TYPE) *, sk), \
+ CHECKED_CAST(void *(*)(void *), ASN1_TYPE *(*)(ASN1_TYPE *), copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(ASN1_TYPE *), free_func)))
/* ASN1_VALUE */
#define sk_ASN1_VALUE_new(comp) \
@@ -638,6 +682,12 @@
int (*)(const ASN1_VALUE **a, const ASN1_VALUE **b), \
comp)))
+#define sk_ASN1_VALUE_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(ASN1_VALUE) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_VALUE) *, sk), \
+ CHECKED_CAST(void *(*)(void *), ASN1_VALUE *(*)(ASN1_VALUE *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(ASN1_VALUE *), free_func)))
/* BIO */
#define sk_BIO_new(comp) \
@@ -702,6 +752,11 @@
CHECKED_CAST(stack_cmp_func, int (*)(const BIO **a, const BIO **b), \
comp)))
+#define sk_BIO_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(BIO) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(BIO) *, sk), \
+ CHECKED_CAST(void *(*)(void *), BIO *(*)(BIO *), copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(BIO *), free_func)))
/* BY_DIR_ENTRY */
#define sk_BY_DIR_ENTRY_new(comp) \
@@ -779,6 +834,12 @@
int (*)(const BY_DIR_ENTRY **a, const BY_DIR_ENTRY **b), \
comp)))
+#define sk_BY_DIR_ENTRY_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(BY_DIR_ENTRY) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(BY_DIR_ENTRY) *, sk), \
+ CHECKED_CAST(void *(*)(void *), BY_DIR_ENTRY *(*)(BY_DIR_ENTRY *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(BY_DIR_ENTRY *), free_func)))
/* BY_DIR_HASH */
#define sk_BY_DIR_HASH_new(comp) \
@@ -854,6 +915,12 @@
int (*)(const BY_DIR_HASH **a, const BY_DIR_HASH **b), \
comp)))
+#define sk_BY_DIR_HASH_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(BY_DIR_HASH) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(BY_DIR_HASH) *, sk), \
+ CHECKED_CAST(void *(*)(void *), BY_DIR_HASH *(*)(BY_DIR_HASH *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(BY_DIR_HASH *), free_func)))
/* CONF_VALUE */
#define sk_CONF_VALUE_new(comp) \
@@ -929,6 +996,12 @@
int (*)(const CONF_VALUE **a, const CONF_VALUE **b), \
comp)))
+#define sk_CONF_VALUE_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(CONF_VALUE) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(CONF_VALUE) *, sk), \
+ CHECKED_CAST(void *(*)(void *), CONF_VALUE *(*)(CONF_VALUE *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(CONF_VALUE *), free_func)))
/* CRYPTO_EX_DATA_FUNCS */
#define sk_CRYPTO_EX_DATA_FUNCS_new(comp) \
@@ -1006,12 +1079,22 @@
#define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(sk, comp) \
((int (*)(const CRYPTO_EX_DATA_FUNCS **a, const CRYPTO_EX_DATA_FUNCS **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(CRYPTO_EX_DATA_FUNCS) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const CRYPTO_EX_DATA_FUNCS **a, \
- const CRYPTO_EX_DATA_FUNCS **b), \
- comp)))
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(CRYPTO_EX_DATA_FUNCS) *, sk), \
+ CHECKED_CAST(stack_cmp_func, \
+ int (*)(const CRYPTO_EX_DATA_FUNCS **a, \
+ const CRYPTO_EX_DATA_FUNCS **b), \
+ comp)))
+#define sk_CRYPTO_EX_DATA_FUNCS_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(CRYPTO_EX_DATA_FUNCS) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(CRYPTO_EX_DATA_FUNCS) *, \
+ sk), \
+ CHECKED_CAST(void *(*)(void *), \
+ CRYPTO_EX_DATA_FUNCS *(*)(CRYPTO_EX_DATA_FUNCS *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(CRYPTO_EX_DATA_FUNCS *), \
+ free_func)))
/* DIST_POINT */
#define sk_DIST_POINT_new(comp) \
@@ -1087,6 +1170,12 @@
int (*)(const DIST_POINT **a, const DIST_POINT **b), \
comp)))
+#define sk_DIST_POINT_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(DIST_POINT) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(DIST_POINT) *, sk), \
+ CHECKED_CAST(void *(*)(void *), DIST_POINT *(*)(DIST_POINT *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(DIST_POINT *), free_func)))
/* GENERAL_NAME */
#define sk_GENERAL_NAME_new(comp) \
@@ -1164,6 +1253,12 @@
int (*)(const GENERAL_NAME **a, const GENERAL_NAME **b), \
comp)))
+#define sk_GENERAL_NAME_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(GENERAL_NAME) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(GENERAL_NAME) *, sk), \
+ CHECKED_CAST(void *(*)(void *), GENERAL_NAME *(*)(GENERAL_NAME *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(GENERAL_NAME *), free_func)))
/* GENERAL_NAMES */
#define sk_GENERAL_NAMES_new(comp) \
@@ -1242,6 +1337,12 @@
int (*)(const GENERAL_NAMES **a, const GENERAL_NAMES **b), \
comp)))
+#define sk_GENERAL_NAMES_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(GENERAL_NAMES) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(GENERAL_NAMES) *, sk), \
+ CHECKED_CAST(void *(*)(void *), GENERAL_NAMES *(*)(GENERAL_NAMES *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(GENERAL_NAMES *), free_func)))
/* GENERAL_SUBTREE */
#define sk_GENERAL_SUBTREE_new(comp) \
@@ -1314,14 +1415,20 @@
#define sk_GENERAL_SUBTREE_is_sorted(sk) \
sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(GENERAL_SUBTREE) *, sk))
-#define sk_GENERAL_SUBTREE_set_cmp_func(sk, comp) \
- ((int (*)(const GENERAL_SUBTREE **a, const GENERAL_SUBTREE **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(GENERAL_SUBTREE) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const GENERAL_SUBTREE **a, \
- const GENERAL_SUBTREE **b), \
- comp)))
+#define sk_GENERAL_SUBTREE_set_cmp_func(sk, comp) \
+ ((int (*)(const GENERAL_SUBTREE **a, const GENERAL_SUBTREE **b)) \
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(GENERAL_SUBTREE) *, sk), \
+ CHECKED_CAST(stack_cmp_func, int (*)(const GENERAL_SUBTREE **a, \
+ const GENERAL_SUBTREE **b), \
+ comp)))
+#define sk_GENERAL_SUBTREE_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(GENERAL_SUBTREE) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(GENERAL_SUBTREE) *, sk), \
+ CHECKED_CAST(void *(*)(void *), GENERAL_SUBTREE *(*)(GENERAL_SUBTREE *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(GENERAL_SUBTREE *), free_func)))
/* MIME_HEADER */
#define sk_MIME_HEADER_new(comp) \
@@ -1397,6 +1504,12 @@
int (*)(const MIME_HEADER **a, const MIME_HEADER **b), \
comp)))
+#define sk_MIME_HEADER_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(MIME_HEADER) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(MIME_HEADER) *, sk), \
+ CHECKED_CAST(void *(*)(void *), MIME_HEADER *(*)(MIME_HEADER *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(MIME_HEADER *), free_func)))
/* PKCS7_SIGNER_INFO */
#define sk_PKCS7_SIGNER_INFO_new(comp) \
@@ -1470,14 +1583,21 @@
#define sk_PKCS7_SIGNER_INFO_is_sorted(sk) \
sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(PKCS7_SIGNER_INFO) *, sk))
-#define sk_PKCS7_SIGNER_INFO_set_cmp_func(sk, comp) \
- ((int (*)(const PKCS7_SIGNER_INFO **a, const PKCS7_SIGNER_INFO **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(PKCS7_SIGNER_INFO) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const PKCS7_SIGNER_INFO **a, \
- const PKCS7_SIGNER_INFO **b), \
- comp)))
+#define sk_PKCS7_SIGNER_INFO_set_cmp_func(sk, comp) \
+ ((int (*)(const PKCS7_SIGNER_INFO **a, const PKCS7_SIGNER_INFO **b)) \
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(PKCS7_SIGNER_INFO) *, sk), \
+ CHECKED_CAST(stack_cmp_func, int (*)(const PKCS7_SIGNER_INFO **a, \
+ const PKCS7_SIGNER_INFO **b), \
+ comp)))
+#define sk_PKCS7_SIGNER_INFO_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(PKCS7_SIGNER_INFO) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(PKCS7_SIGNER_INFO) *, sk), \
+ CHECKED_CAST(void *(*)(void *), \
+ PKCS7_SIGNER_INFO *(*)(PKCS7_SIGNER_INFO *), copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(PKCS7_SIGNER_INFO *), \
+ free_func)))
/* PKCS7_RECIP_INFO */
#define sk_PKCS7_RECIP_INFO_new(comp) \
@@ -1550,14 +1670,21 @@
#define sk_PKCS7_RECIP_INFO_is_sorted(sk) \
sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(PKCS7_RECIP_INFO) *, sk))
-#define sk_PKCS7_RECIP_INFO_set_cmp_func(sk, comp) \
- ((int (*)(const PKCS7_RECIP_INFO **a, const PKCS7_RECIP_INFO **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(PKCS7_RECIP_INFO) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const PKCS7_RECIP_INFO **a, \
- const PKCS7_RECIP_INFO **b), \
- comp)))
+#define sk_PKCS7_RECIP_INFO_set_cmp_func(sk, comp) \
+ ((int (*)(const PKCS7_RECIP_INFO **a, const PKCS7_RECIP_INFO **b)) \
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(PKCS7_RECIP_INFO) *, sk), \
+ CHECKED_CAST(stack_cmp_func, int (*)(const PKCS7_RECIP_INFO **a, \
+ const PKCS7_RECIP_INFO **b), \
+ comp)))
+#define sk_PKCS7_RECIP_INFO_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(PKCS7_RECIP_INFO) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(PKCS7_RECIP_INFO) *, sk), \
+ CHECKED_CAST(void *(*)(void *), \
+ PKCS7_RECIP_INFO *(*)(PKCS7_RECIP_INFO *), copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(PKCS7_RECIP_INFO *), \
+ free_func)))
/* POLICYINFO */
#define sk_POLICYINFO_new(comp) \
@@ -1633,6 +1760,12 @@
int (*)(const POLICYINFO **a, const POLICYINFO **b), \
comp)))
+#define sk_POLICYINFO_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(POLICYINFO) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(POLICYINFO) *, sk), \
+ CHECKED_CAST(void *(*)(void *), POLICYINFO *(*)(POLICYINFO *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(POLICYINFO *), free_func)))
/* POLICYQUALINFO */
#define sk_POLICYQUALINFO_new(comp) \
@@ -1704,14 +1837,20 @@
#define sk_POLICYQUALINFO_is_sorted(sk) \
sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(POLICYQUALINFO) *, sk))
-#define sk_POLICYQUALINFO_set_cmp_func(sk, comp) \
- ((int (*)(const POLICYQUALINFO **a, const POLICYQUALINFO **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(POLICYQUALINFO) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const POLICYQUALINFO **a, \
- const POLICYQUALINFO **b), \
- comp)))
+#define sk_POLICYQUALINFO_set_cmp_func(sk, comp) \
+ ((int (*)(const POLICYQUALINFO **a, const POLICYQUALINFO **b)) \
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(POLICYQUALINFO) *, sk), \
+ CHECKED_CAST(stack_cmp_func, int (*)(const POLICYQUALINFO **a, \
+ const POLICYQUALINFO **b), \
+ comp)))
+#define sk_POLICYQUALINFO_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(POLICYQUALINFO) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(POLICYQUALINFO) *, sk), \
+ CHECKED_CAST(void *(*)(void *), POLICYQUALINFO *(*)(POLICYQUALINFO *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(POLICYQUALINFO *), free_func)))
/* POLICY_MAPPING */
#define sk_POLICY_MAPPING_new(comp) \
@@ -1783,14 +1922,20 @@
#define sk_POLICY_MAPPING_is_sorted(sk) \
sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(POLICY_MAPPING) *, sk))
-#define sk_POLICY_MAPPING_set_cmp_func(sk, comp) \
- ((int (*)(const POLICY_MAPPING **a, const POLICY_MAPPING **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(POLICY_MAPPING) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const POLICY_MAPPING **a, \
- const POLICY_MAPPING **b), \
- comp)))
+#define sk_POLICY_MAPPING_set_cmp_func(sk, comp) \
+ ((int (*)(const POLICY_MAPPING **a, const POLICY_MAPPING **b)) \
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(POLICY_MAPPING) *, sk), \
+ CHECKED_CAST(stack_cmp_func, int (*)(const POLICY_MAPPING **a, \
+ const POLICY_MAPPING **b), \
+ comp)))
+#define sk_POLICY_MAPPING_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(POLICY_MAPPING) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(POLICY_MAPPING) *, sk), \
+ CHECKED_CAST(void *(*)(void *), POLICY_MAPPING *(*)(POLICY_MAPPING *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(POLICY_MAPPING *), free_func)))
/* SSL_COMP */
#define sk_SSL_COMP_new(comp) \
@@ -1862,6 +2007,11 @@
CHECKED_CAST(stack_cmp_func, \
int (*)(const SSL_COMP **a, const SSL_COMP **b), comp)))
+#define sk_SSL_COMP_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(SSL_COMP) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(SSL_COMP) *, sk), \
+ CHECKED_CAST(void *(*)(void *), SSL_COMP *(*)(SSL_COMP *), copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(SSL_COMP *), free_func)))
/* STACK_OF_X509_NAME_ENTRY */
#define sk_STACK_OF_X509_NAME_ENTRY_new(comp) \
@@ -1939,16 +2089,25 @@
sk_is_sorted( \
CHECKED_CAST(_STACK *, const STACK_OF(STACK_OF_X509_NAME_ENTRY) *, sk))
-#define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(sk, comp) \
- ((int (*)(const STACK_OF_X509_NAME_ENTRY **a, \
- const STACK_OF_X509_NAME_ENTRY **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(STACK_OF_X509_NAME_ENTRY) *, sk), \
- CHECKED_CAST(stack_cmp_func, \
- int (*)(const STACK_OF_X509_NAME_ENTRY **a, \
- const STACK_OF_X509_NAME_ENTRY **b), \
- comp)))
+#define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(sk, comp) \
+ ((int (*)(const STACK_OF_X509_NAME_ENTRY **a, \
+ const STACK_OF_X509_NAME_ENTRY **b)) \
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(STACK_OF_X509_NAME_ENTRY) *, sk), \
+ CHECKED_CAST(stack_cmp_func, \
+ int (*)(const STACK_OF_X509_NAME_ENTRY **a, \
+ const STACK_OF_X509_NAME_ENTRY **b), \
+ comp)))
+#define sk_STACK_OF_X509_NAME_ENTRY_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(STACK_OF_X509_NAME_ENTRY) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(STACK_OF_X509_NAME_ENTRY) *, \
+ sk), \
+ CHECKED_CAST(void *(*)(void *), \
+ STACK_OF_X509_NAME_ENTRY *(*)(STACK_OF_X509_NAME_ENTRY *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(STACK_OF_X509_NAME_ENTRY *), \
+ free_func)))
/* SXNETID */
#define sk_SXNETID_new(comp) \
@@ -2020,6 +2179,11 @@
CHECKED_CAST(stack_cmp_func, \
int (*)(const SXNETID **a, const SXNETID **b), comp)))
+#define sk_SXNETID_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(SXNETID) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(SXNETID) *, sk), \
+ CHECKED_CAST(void *(*)(void *), SXNETID *(*)(SXNETID *), copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(SXNETID *), free_func)))
/* X509 */
#define sk_X509_new(comp) \
@@ -2084,6 +2248,11 @@
CHECKED_CAST(stack_cmp_func, int (*)(const X509 **a, const X509 **b), \
comp)))
+#define sk_X509_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(X509) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(X509) *, sk), \
+ CHECKED_CAST(void *(*)(void *), X509 *(*)(X509 *), copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(X509 *), free_func)))
/* X509V3_EXT_METHOD */
#define sk_X509V3_EXT_METHOD_new(comp) \
@@ -2157,14 +2326,21 @@
#define sk_X509V3_EXT_METHOD_is_sorted(sk) \
sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509V3_EXT_METHOD) *, sk))
-#define sk_X509V3_EXT_METHOD_set_cmp_func(sk, comp) \
- ((int (*)(const X509V3_EXT_METHOD **a, const X509V3_EXT_METHOD **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(X509V3_EXT_METHOD) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const X509V3_EXT_METHOD **a, \
- const X509V3_EXT_METHOD **b), \
- comp)))
+#define sk_X509V3_EXT_METHOD_set_cmp_func(sk, comp) \
+ ((int (*)(const X509V3_EXT_METHOD **a, const X509V3_EXT_METHOD **b)) \
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(X509V3_EXT_METHOD) *, sk), \
+ CHECKED_CAST(stack_cmp_func, int (*)(const X509V3_EXT_METHOD **a, \
+ const X509V3_EXT_METHOD **b), \
+ comp)))
+#define sk_X509V3_EXT_METHOD_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(X509V3_EXT_METHOD) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(X509V3_EXT_METHOD) *, sk), \
+ CHECKED_CAST(void *(*)(void *), \
+ X509V3_EXT_METHOD *(*)(X509V3_EXT_METHOD *), copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(X509V3_EXT_METHOD *), \
+ free_func)))
/* X509_ALGOR */
#define sk_X509_ALGOR_new(comp) \
@@ -2240,6 +2416,12 @@
int (*)(const X509_ALGOR **a, const X509_ALGOR **b), \
comp)))
+#define sk_X509_ALGOR_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(X509_ALGOR) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(X509_ALGOR) *, sk), \
+ CHECKED_CAST(void *(*)(void *), X509_ALGOR *(*)(X509_ALGOR *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(X509_ALGOR *), free_func)))
/* X509_ATTRIBUTE */
#define sk_X509_ATTRIBUTE_new(comp) \
@@ -2311,14 +2493,20 @@
#define sk_X509_ATTRIBUTE_is_sorted(sk) \
sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509_ATTRIBUTE) *, sk))
-#define sk_X509_ATTRIBUTE_set_cmp_func(sk, comp) \
- ((int (*)(const X509_ATTRIBUTE **a, const X509_ATTRIBUTE **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(X509_ATTRIBUTE) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const X509_ATTRIBUTE **a, \
- const X509_ATTRIBUTE **b), \
- comp)))
+#define sk_X509_ATTRIBUTE_set_cmp_func(sk, comp) \
+ ((int (*)(const X509_ATTRIBUTE **a, const X509_ATTRIBUTE **b)) \
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(X509_ATTRIBUTE) *, sk), \
+ CHECKED_CAST(stack_cmp_func, int (*)(const X509_ATTRIBUTE **a, \
+ const X509_ATTRIBUTE **b), \
+ comp)))
+#define sk_X509_ATTRIBUTE_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(X509_ATTRIBUTE) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(X509_ATTRIBUTE) *, sk), \
+ CHECKED_CAST(void *(*)(void *), X509_ATTRIBUTE *(*)(X509_ATTRIBUTE *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(X509_ATTRIBUTE *), free_func)))
/* X509_CRL */
#define sk_X509_CRL_new(comp) \
@@ -2390,6 +2578,11 @@
CHECKED_CAST(stack_cmp_func, \
int (*)(const X509_CRL **a, const X509_CRL **b), comp)))
+#define sk_X509_CRL_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(X509_CRL) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(X509_CRL) *, sk), \
+ CHECKED_CAST(void *(*)(void *), X509_CRL *(*)(X509_CRL *), copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(X509_CRL *), free_func)))
/* X509_EXTENSION */
#define sk_X509_EXTENSION_new(comp) \
@@ -2461,14 +2654,20 @@
#define sk_X509_EXTENSION_is_sorted(sk) \
sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509_EXTENSION) *, sk))
-#define sk_X509_EXTENSION_set_cmp_func(sk, comp) \
- ((int (*)(const X509_EXTENSION **a, const X509_EXTENSION **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(X509_EXTENSION) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const X509_EXTENSION **a, \
- const X509_EXTENSION **b), \
- comp)))
+#define sk_X509_EXTENSION_set_cmp_func(sk, comp) \
+ ((int (*)(const X509_EXTENSION **a, const X509_EXTENSION **b)) \
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(X509_EXTENSION) *, sk), \
+ CHECKED_CAST(stack_cmp_func, int (*)(const X509_EXTENSION **a, \
+ const X509_EXTENSION **b), \
+ comp)))
+#define sk_X509_EXTENSION_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(X509_EXTENSION) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(X509_EXTENSION) *, sk), \
+ CHECKED_CAST(void *(*)(void *), X509_EXTENSION *(*)(X509_EXTENSION *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(X509_EXTENSION *), free_func)))
/* X509_INFO */
#define sk_X509_INFO_new(comp) \
@@ -2543,6 +2742,11 @@
CHECKED_CAST(stack_cmp_func, \
int (*)(const X509_INFO **a, const X509_INFO **b), comp)))
+#define sk_X509_INFO_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(X509_INFO) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(X509_INFO) *, sk), \
+ CHECKED_CAST(void *(*)(void *), X509_INFO *(*)(X509_INFO *), copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(X509_INFO *), free_func)))
/* X509_LOOKUP */
#define sk_X509_LOOKUP_new(comp) \
@@ -2618,6 +2822,12 @@
int (*)(const X509_LOOKUP **a, const X509_LOOKUP **b), \
comp)))
+#define sk_X509_LOOKUP_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(X509_LOOKUP) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(X509_LOOKUP) *, sk), \
+ CHECKED_CAST(void *(*)(void *), X509_LOOKUP *(*)(X509_LOOKUP *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(X509_LOOKUP *), free_func)))
/* X509_NAME */
#define sk_X509_NAME_new(comp) \
@@ -2692,6 +2902,11 @@
CHECKED_CAST(stack_cmp_func, \
int (*)(const X509_NAME **a, const X509_NAME **b), comp)))
+#define sk_X509_NAME_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(X509_NAME) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(X509_NAME) *, sk), \
+ CHECKED_CAST(void *(*)(void *), X509_NAME *(*)(X509_NAME *), copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(X509_NAME *), free_func)))
/* X509_NAME_ENTRY */
#define sk_X509_NAME_ENTRY_new(comp) \
@@ -2764,14 +2979,20 @@
#define sk_X509_NAME_ENTRY_is_sorted(sk) \
sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509_NAME_ENTRY) *, sk))
-#define sk_X509_NAME_ENTRY_set_cmp_func(sk, comp) \
- ((int (*)(const X509_NAME_ENTRY **a, const X509_NAME_ENTRY **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(X509_NAME_ENTRY) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const X509_NAME_ENTRY **a, \
- const X509_NAME_ENTRY **b), \
- comp)))
+#define sk_X509_NAME_ENTRY_set_cmp_func(sk, comp) \
+ ((int (*)(const X509_NAME_ENTRY **a, const X509_NAME_ENTRY **b)) \
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(X509_NAME_ENTRY) *, sk), \
+ CHECKED_CAST(stack_cmp_func, int (*)(const X509_NAME_ENTRY **a, \
+ const X509_NAME_ENTRY **b), \
+ comp)))
+#define sk_X509_NAME_ENTRY_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(X509_NAME_ENTRY) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(X509_NAME_ENTRY) *, sk), \
+ CHECKED_CAST(void *(*)(void *), X509_NAME_ENTRY *(*)(X509_NAME_ENTRY *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(X509_NAME_ENTRY *), free_func)))
/* X509_OBJECT */
#define sk_X509_OBJECT_new(comp) \
@@ -2847,6 +3068,12 @@
int (*)(const X509_OBJECT **a, const X509_OBJECT **b), \
comp)))
+#define sk_X509_OBJECT_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(X509_OBJECT) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(X509_OBJECT) *, sk), \
+ CHECKED_CAST(void *(*)(void *), X509_OBJECT *(*)(X509_OBJECT *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(X509_OBJECT *), free_func)))
/* X509_POLICY_DATA */
#define sk_X509_POLICY_DATA_new(comp) \
@@ -2919,14 +3146,21 @@
#define sk_X509_POLICY_DATA_is_sorted(sk) \
sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509_POLICY_DATA) *, sk))
-#define sk_X509_POLICY_DATA_set_cmp_func(sk, comp) \
- ((int (*)(const X509_POLICY_DATA **a, const X509_POLICY_DATA **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(X509_POLICY_DATA) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const X509_POLICY_DATA **a, \
- const X509_POLICY_DATA **b), \
- comp)))
+#define sk_X509_POLICY_DATA_set_cmp_func(sk, comp) \
+ ((int (*)(const X509_POLICY_DATA **a, const X509_POLICY_DATA **b)) \
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(X509_POLICY_DATA) *, sk), \
+ CHECKED_CAST(stack_cmp_func, int (*)(const X509_POLICY_DATA **a, \
+ const X509_POLICY_DATA **b), \
+ comp)))
+#define sk_X509_POLICY_DATA_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(X509_POLICY_DATA) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(X509_POLICY_DATA) *, sk), \
+ CHECKED_CAST(void *(*)(void *), \
+ X509_POLICY_DATA *(*)(X509_POLICY_DATA *), copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(X509_POLICY_DATA *), \
+ free_func)))
/* X509_POLICY_NODE */
#define sk_X509_POLICY_NODE_new(comp) \
@@ -2999,14 +3233,21 @@
#define sk_X509_POLICY_NODE_is_sorted(sk) \
sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509_POLICY_NODE) *, sk))
-#define sk_X509_POLICY_NODE_set_cmp_func(sk, comp) \
- ((int (*)(const X509_POLICY_NODE **a, const X509_POLICY_NODE **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(X509_POLICY_NODE) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const X509_POLICY_NODE **a, \
- const X509_POLICY_NODE **b), \
- comp)))
+#define sk_X509_POLICY_NODE_set_cmp_func(sk, comp) \
+ ((int (*)(const X509_POLICY_NODE **a, const X509_POLICY_NODE **b)) \
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(X509_POLICY_NODE) *, sk), \
+ CHECKED_CAST(stack_cmp_func, int (*)(const X509_POLICY_NODE **a, \
+ const X509_POLICY_NODE **b), \
+ comp)))
+#define sk_X509_POLICY_NODE_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(X509_POLICY_NODE) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(X509_POLICY_NODE) *, sk), \
+ CHECKED_CAST(void *(*)(void *), \
+ X509_POLICY_NODE *(*)(X509_POLICY_NODE *), copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(X509_POLICY_NODE *), \
+ free_func)))
/* X509_PURPOSE */
#define sk_X509_PURPOSE_new(comp) \
@@ -3084,6 +3325,12 @@
int (*)(const X509_PURPOSE **a, const X509_PURPOSE **b), \
comp)))
+#define sk_X509_PURPOSE_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(X509_PURPOSE) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(X509_PURPOSE) *, sk), \
+ CHECKED_CAST(void *(*)(void *), X509_PURPOSE *(*)(X509_PURPOSE *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(X509_PURPOSE *), free_func)))
/* X509_REVOKED */
#define sk_X509_REVOKED_new(comp) \
@@ -3161,6 +3408,12 @@
int (*)(const X509_REVOKED **a, const X509_REVOKED **b), \
comp)))
+#define sk_X509_REVOKED_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(X509_REVOKED) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(X509_REVOKED) *, sk), \
+ CHECKED_CAST(void *(*)(void *), X509_REVOKED *(*)(X509_REVOKED *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(X509_REVOKED *), free_func)))
/* X509_TRUST */
#define sk_X509_TRUST_new(comp) \
@@ -3236,6 +3489,12 @@
int (*)(const X509_TRUST **a, const X509_TRUST **b), \
comp)))
+#define sk_X509_TRUST_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(X509_TRUST) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(X509_TRUST) *, sk), \
+ CHECKED_CAST(void *(*)(void *), X509_TRUST *(*)(X509_TRUST *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(X509_TRUST *), free_func)))
/* X509_VERIFY_PARAM */
#define sk_X509_VERIFY_PARAM_new(comp) \
@@ -3309,14 +3568,21 @@
#define sk_X509_VERIFY_PARAM_is_sorted(sk) \
sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509_VERIFY_PARAM) *, sk))
-#define sk_X509_VERIFY_PARAM_set_cmp_func(sk, comp) \
- ((int (*)(const X509_VERIFY_PARAM **a, const X509_VERIFY_PARAM **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(X509_VERIFY_PARAM) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const X509_VERIFY_PARAM **a, \
- const X509_VERIFY_PARAM **b), \
- comp)))
+#define sk_X509_VERIFY_PARAM_set_cmp_func(sk, comp) \
+ ((int (*)(const X509_VERIFY_PARAM **a, const X509_VERIFY_PARAM **b)) \
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(X509_VERIFY_PARAM) *, sk), \
+ CHECKED_CAST(stack_cmp_func, int (*)(const X509_VERIFY_PARAM **a, \
+ const X509_VERIFY_PARAM **b), \
+ comp)))
+#define sk_X509_VERIFY_PARAM_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(X509_VERIFY_PARAM) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(X509_VERIFY_PARAM) *, sk), \
+ CHECKED_CAST(void *(*)(void *), \
+ X509_VERIFY_PARAM *(*)(X509_VERIFY_PARAM *), copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(X509_VERIFY_PARAM *), \
+ free_func)))
/* void */
#define sk_void_new(comp) \
@@ -3381,6 +3647,11 @@
CHECKED_CAST(stack_cmp_func, int (*)(const void **a, const void **b), \
comp)))
+#define sk_void_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(void)*)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(void)*, sk), \
+ CHECKED_CAST(void *(*)(void *), void *(*)(void *), copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(void *), free_func)))
/* SRTP_PROTECTION_PROFILE */
#define sk_SRTP_PROTECTION_PROFILE_new(comp) \
@@ -3459,16 +3730,25 @@
sk_is_sorted( \
CHECKED_CAST(_STACK *, const STACK_OF(SRTP_PROTECTION_PROFILE) *, sk))
-#define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(sk, comp) \
- ((int (*)(const SRTP_PROTECTION_PROFILE **a, \
- const SRTP_PROTECTION_PROFILE **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \
- CHECKED_CAST(stack_cmp_func, \
- int (*)(const SRTP_PROTECTION_PROFILE **a, \
- const SRTP_PROTECTION_PROFILE **b), \
- comp)))
+#define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(sk, comp) \
+ ((int (*)(const SRTP_PROTECTION_PROFILE **a, \
+ const SRTP_PROTECTION_PROFILE **b)) \
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \
+ CHECKED_CAST(stack_cmp_func, \
+ int (*)(const SRTP_PROTECTION_PROFILE **a, \
+ const SRTP_PROTECTION_PROFILE **b), \
+ comp)))
+#define sk_SRTP_PROTECTION_PROFILE_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(SRTP_PROTECTION_PROFILE) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(SRTP_PROTECTION_PROFILE) *, \
+ sk), \
+ CHECKED_CAST(void *(*)(void *), const SRTP_PROTECTION_PROFILE *(*)( \
+ const SRTP_PROTECTION_PROFILE *), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), \
+ void (*)(const SRTP_PROTECTION_PROFILE *), free_func)))
/* SSL_CIPHER */
#define sk_SSL_CIPHER_new(comp) \
@@ -3547,6 +3827,13 @@
int (*)(const SSL_CIPHER **a, const SSL_CIPHER **b), \
comp)))
+#define sk_SSL_CIPHER_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(SSL_CIPHER) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(SSL_CIPHER) *, sk), \
+ CHECKED_CAST(void *(*)(void *), \
+ const SSL_CIPHER *(*)(const SSL_CIPHER *), copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(const SSL_CIPHER *), \
+ free_func)))
/* OPENSSL_STRING */
#define sk_OPENSSL_STRING_new(comp) \
@@ -3618,14 +3905,20 @@
#define sk_OPENSSL_STRING_is_sorted(sk) \
sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(OPENSSL_STRING) *, sk))
-#define sk_OPENSSL_STRING_set_cmp_func(sk, comp) \
- ((int (*)(const OPENSSL_STRING **a, const OPENSSL_STRING **b)) \
- sk_set_cmp_func( \
- CHECKED_CAST(_STACK *, STACK_OF(OPENSSL_STRING) *, sk), \
- CHECKED_CAST(stack_cmp_func, int (*)(const OPENSSL_STRING **a, \
- const OPENSSL_STRING **b), \
- comp)))
+#define sk_OPENSSL_STRING_set_cmp_func(sk, comp) \
+ ((int (*)(const OPENSSL_STRING **a, const OPENSSL_STRING **b)) \
+ sk_set_cmp_func( \
+ CHECKED_CAST(_STACK *, STACK_OF(OPENSSL_STRING) *, sk), \
+ CHECKED_CAST(stack_cmp_func, int (*)(const OPENSSL_STRING **a, \
+ const OPENSSL_STRING **b), \
+ comp)))
+#define sk_OPENSSL_STRING_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(OPENSSL_STRING) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(OPENSSL_STRING) *, sk), \
+ CHECKED_CAST(void *(*)(void *), OPENSSL_STRING (*)(OPENSSL_STRING), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(OPENSSL_STRING), free_func)))
/* OPENSSL_BLOCK */
#define sk_OPENSSL_BLOCK_new(comp) \
@@ -3702,3 +3995,10 @@
CHECKED_CAST(stack_cmp_func, \
int (*)(const OPENSSL_BLOCK **a, const OPENSSL_BLOCK **b), \
comp)))
+
+#define sk_OPENSSL_BLOCK_deep_copy(sk, copy_func, free_func) \
+ ((STACK_OF(OPENSSL_BLOCK) *)sk_deep_copy( \
+ CHECKED_CAST(const _STACK *, const STACK_OF(OPENSSL_BLOCK) *, sk), \
+ CHECKED_CAST(void *(*)(void *), OPENSSL_BLOCK (*)(OPENSSL_BLOCK), \
+ copy_func), \
+ CHECKED_CAST(void (*)(void *), void (*)(OPENSSL_BLOCK), free_func)))
diff --git a/src/include/openssl/thread.h b/src/include/openssl/thread.h
index ea65405..f6e7529 100644
--- a/src/include/openssl/thread.h
+++ b/src/include/openssl/thread.h
@@ -57,6 +57,8 @@
#ifndef OPENSSL_HEADER_THREAD_H
#define OPENSSL_HEADER_THREAD_H
+#include <sys/types.h>
+
#include <openssl/base.h>
#if defined(__cplusplus)
@@ -64,21 +66,40 @@
#endif
+#if defined(OPENSSL_NO_THREADS)
+typedef struct crypto_mutex_st {} CRYPTO_MUTEX;
+#elif defined(OPENSSL_WINDOWS)
+/* CRYPTO_MUTEX can appear in public header files so we really don't want to
+ * pull in windows.h. It's statically asserted that this structure is large
+ * enough to contain a Windows CRITICAL_SECTION by thread_win.c. */
+typedef union crypto_mutex_st {
+ double alignment;
+ uint8_t padding[4*sizeof(void*) + 2*sizeof(int)];
+} CRYPTO_MUTEX;
+#elif defined(__MACH__) && defined(__APPLE__)
+typedef pthread_rwlock_t CRYPTO_MUTEX;
+#else
+/* It is reasonable to include pthread.h on non-Windows systems, however the
+ * |pthread_rwlock_t| that we need is hidden under feature flags, and we can't
+ * ensure that we'll be able to get it. It's statically asserted that this
+ * structure is large enough to contain a |pthread_rwlock_t| by
+ * thread_pthread.c. */
+typedef union crypto_mutex_st {
+ double alignment;
+ uint8_t padding[3*sizeof(int) + 5*sizeof(unsigned) + 16 + 8];
+} CRYPTO_MUTEX;
+#endif
+
+
/* Functions to support multithreading.
*
* OpenSSL can safely be used in multi-threaded applications provided that at
- * least two callback functions are set with |CRYPTO_set_locking_callback| and
- * |CRYPTO_THREADID_set_callback|.
+ * least |CRYPTO_set_locking_callback| is set.
*
* The locking callback performs mutual exclusion. Rather than using a single
* lock for all, shared data-structures, OpenSSL requires that the locking
* callback support a fixed (at run-time) number of different locks, given by
- * |CRYPTO_num_locks|.
- *
- * The thread ID callback is called to record the currently executing thread's
- * identifier in a |CRYPTO_THREADID| structure. If this callback is not
- * provided then the address of |errno| is used as the thread identifier. This
- * is sufficient only if the system has a thread-local |errno| value. */
+ * |CRYPTO_num_locks|. */
/* CRYPTO_num_locks returns the number of static locks that the callback
@@ -116,27 +137,22 @@
OPENSSL_EXPORT const char *CRYPTO_get_lock_name(int lock_num);
-/* CRYPTO_THREADID identifies a thread in a multithreaded program. This
- * structure should not be used directly. Rather applications should use
- * |CRYPTO_THREADID_set_numeric| and |CRYPTO_THREADID_set_pointer|. */
-typedef struct crypto_threadid_st {
- void *ptr;
- unsigned long val;
-} CRYPTO_THREADID;
+/* Deprecated functions */
-/* CRYPTO_THREADID_set_callback sets a callback function that stores an
- * identifier of the currently executing thread into |threadid|. The
- * CRYPTO_THREADID structure should not be accessed directly. Rather one of
- * |CRYPTO_THREADID_set_numeric| or |CRYPTO_THREADID_set_pointer| should be
- * used depending on whether thread IDs are numbers or pointers on the host
- * system. */
+/* CRYPTO_THREADID_set_callback does nothing. */
OPENSSL_EXPORT int CRYPTO_THREADID_set_callback(
void (*threadid_func)(CRYPTO_THREADID *threadid));
+/* CRYPTO_THREADID_set_numeric does nothing. */
OPENSSL_EXPORT void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id,
unsigned long val);
+
+/* CRYPTO_THREADID_set_pointer does nothing. */
OPENSSL_EXPORT void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr);
+/* CRYPTO_THREADID_current does nothing. */
+OPENSSL_EXPORT void CRYPTO_THREADID_current(CRYPTO_THREADID *id);
+
/* Private functions: */
@@ -158,70 +174,43 @@
/* CRYPTO_add_lock adds |amount| to |*pointer|, protected by the lock specified
* by |lock_num|. It returns the new value of |*pointer|. Don't call this
- * function directly, rather use the |CRYPTO_add_lock| macro.
- *
- * TODO(fork): rename to CRYPTO_add_locked. */
+ * function directly, rather use the |CRYPTO_add| macro. */
OPENSSL_EXPORT int CRYPTO_add_lock(int *pointer, int amount, int lock_num,
const char *file, int line);
+/* Lock IDs start from 1. CRYPTO_LOCK_INVALID_LOCK is an unused placeholder
+ * used to ensure no lock has ID 0. */
+#define CRYPTO_LOCK_LIST \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_INVALID_LOCK), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_BIO), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_DH), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_DSA), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_EC), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_EC_PRE_COMP), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_ERR), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_EVP_PKEY), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_EX_DATA), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_OBJ), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_RAND), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_READDIR), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_RSA), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_RSA_BLINDING), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_SSL_CTX), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_SSL_SESSION), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509_INFO), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509_PKEY), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509_CRL), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509_REQ), \
+ CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509_STORE), \
-/* CRYPTO_THREADID_current stores the current thread identifier in |id|. */
-OPENSSL_EXPORT void CRYPTO_THREADID_current(CRYPTO_THREADID *id);
+#define CRYPTO_LOCK_ITEM(x) x
-/* CRYPTO_THREADID_cmp returns < 0, 0 or > 0 if |a| is less than, equal to or
- * greater than |b|, respectively. */
-int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b);
+enum {
+ CRYPTO_LOCK_LIST
+};
-/* CRYPTO_THREADID_cpy sets |*dest| equal to |*src|. */
-void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src);
-
-/* CRYPTO_THREADID_hash returns a hash of the numeric value of |id|. */
-uint32_t CRYPTO_THREADID_hash(const CRYPTO_THREADID *id);
-
-/* These are the locks used by OpenSSL. These values should match up with the
- * table in thread.c. */
-#define CRYPTO_LOCK_ERR 1
-#define CRYPTO_LOCK_EX_DATA 2
-#define CRYPTO_LOCK_X509 3
-#define CRYPTO_LOCK_X509_INFO 4
-#define CRYPTO_LOCK_X509_PKEY 5
-#define CRYPTO_LOCK_X509_CRL 6
-#define CRYPTO_LOCK_X509_REQ 7
-#define CRYPTO_LOCK_DSA 8
-#define CRYPTO_LOCK_RSA 9
-#define CRYPTO_LOCK_EVP_PKEY 10
-#define CRYPTO_LOCK_X509_STORE 11
-#define CRYPTO_LOCK_SSL_CTX 12
-#define CRYPTO_LOCK_SSL_CERT 13
-#define CRYPTO_LOCK_SSL_SESSION 14
-#define CRYPTO_LOCK_SSL_SESS_CERT 15
-#define CRYPTO_LOCK_SSL 16
-#define CRYPTO_LOCK_SSL_METHOD 17
-#define CRYPTO_LOCK_RAND 18
-#define CRYPTO_LOCK_RAND2 19
-#define CRYPTO_LOCK_MALLOC 20
-#define CRYPTO_LOCK_BIO 21
-#define CRYPTO_LOCK_GETHOSTBYNAME 22
-#define CRYPTO_LOCK_GETSERVBYNAME 23
-#define CRYPTO_LOCK_READDIR 24
-#define CRYPTO_LOCK_RSA_BLINDING 25
-#define CRYPTO_LOCK_DH 26
-#define CRYPTO_LOCK_MALLOC2 27
-#define CRYPTO_LOCK_DSO 28
-#define CRYPTO_LOCK_DYNLOCK 29
-#define CRYPTO_LOCK_ENGINE 30
-#define CRYPTO_LOCK_UI 31
-#define CRYPTO_LOCK_ECDSA 32
-#define CRYPTO_LOCK_EC 33
-#define CRYPTO_LOCK_ECDH 34
-#define CRYPTO_LOCK_BN 35
-#define CRYPTO_LOCK_EC_PRE_COMP 36
-#define CRYPTO_LOCK_STORE 37
-#define CRYPTO_LOCK_COMP 38
-#define CRYPTO_LOCK_FIPS 39
-#define CRYPTO_LOCK_FIPS2 40
-#define CRYPTO_LOCK_OBJ 40
-#define CRYPTO_NUM_LOCKS 42
+#undef CRYPTO_LOCK_ITEM
#define CRYPTO_LOCK 1
#define CRYPTO_UNLOCK 2
diff --git a/src/include/openssl/time_support.h b/src/include/openssl/time_support.h
index d03a99d..912e672 100644
--- a/src/include/openssl/time_support.h
+++ b/src/include/openssl/time_support.h
@@ -60,7 +60,6 @@
#include <openssl/base.h>
-#include <time.h>
#if defined(__cplusplus)
extern "C" {
diff --git a/src/include/openssl/tls1.h b/src/include/openssl/tls1.h
index 95731ff..e085e15 100644
--- a/src/include/openssl/tls1.h
+++ b/src/include/openssl/tls1.h
@@ -161,24 +161,6 @@
#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
-#define TLS1_2_VERSION 0x0303
-#define TLS1_2_VERSION_MAJOR 0x03
-#define TLS1_2_VERSION_MINOR 0x03
-
-#define TLS1_1_VERSION 0x0302
-#define TLS1_1_VERSION_MAJOR 0x03
-#define TLS1_1_VERSION_MINOR 0x02
-
-#define TLS1_VERSION 0x0301
-#define TLS1_VERSION_MAJOR 0x03
-#define TLS1_VERSION_MINOR 0x01
-
-#define TLS1_get_version(s) \
- ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
-
-#define TLS1_get_client_version(s) \
- ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
-
#define TLS1_AD_DECRYPTION_FAILED 21
#define TLS1_AD_RECORD_OVERFLOW 22
#define TLS1_AD_UNKNOWN_CA 48 /* fatal */
@@ -298,16 +280,16 @@
OPENSSL_EXPORT const char *SSL_get_servername(const SSL *s, const int type);
OPENSSL_EXPORT int SSL_get_servername_type(const SSL *s);
-/* SSL_export_keying_material exports a value derived from the master secret,
- * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
+
+/* SSL_export_keying_material exports a value derived from the master secret, as
+ * specified in RFC 5705. It writes |out_len| bytes to |out| given a label and
* optional context. (Since a zero length context is allowed, the |use_context|
* flag controls whether a context is included.)
*
- * It returns 1 on success and zero otherwise. */
-OPENSSL_EXPORT int SSL_export_keying_material(SSL *s, uint8_t *out, size_t olen,
- const char *label, size_t llen,
- const uint8_t *p, size_t plen,
- int use_context);
+ * It returns one on success and zero otherwise. */
+OPENSSL_EXPORT int SSL_export_keying_material(
+ SSL *s, uint8_t *out, size_t out_len, const char *label, size_t label_len,
+ const uint8_t *context, size_t context_len, int use_context);
OPENSSL_EXPORT int SSL_get_sigalgs(SSL *s, int idx, int *psign, int *phash,
int *psignandhash, uint8_t *rsig,
@@ -317,44 +299,61 @@
int *phash, int *psignandhash,
uint8_t *rsig, uint8_t *rhash);
-#define SSL_set_tlsext_host_name(s, name) \
- SSL_ctrl(s, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, \
- (char *)name)
+/* SSL_set_tlsext_host_name, for a client, configures |ssl| to advertise |name|
+ * in the server_name extension. It returns one on success and zero on error. */
+OPENSSL_EXPORT int SSL_set_tlsext_host_name(SSL *ssl, const char *name);
-#define SSL_set_tlsext_debug_callback(ssl, cb) \
- SSL_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_DEBUG_CB, (void (*)(void))cb)
-
-#define SSL_set_tlsext_debug_arg(ssl, arg) \
- SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_DEBUG_ARG, 0, (void *)arg)
-
-#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
- SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_CB, \
- (void (*)(void))cb)
+/* SSL_CTX_set_tlsext_servername_callback configures |callback| to be called on
+ * the server after ClientHello extensions have been parsed and returns one.
+ * |callback| may use |SSL_get_servername| to examine the server_name extension
+ * and return a |SSL_TLSEXT_ERR_*| value. If it returns |SSL_TLSEXT_ERR_NOACK|,
+ * the server_name extension is not acknowledged in the ServerHello. If the
+ * return value signals an alert, |callback| should set |*out_alert| to the
+ * alert to send. */
+OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_callback(
+ SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg));
#define SSL_TLSEXT_ERR_OK 0
#define SSL_TLSEXT_ERR_ALERT_WARNING 1
#define SSL_TLSEXT_ERR_ALERT_FATAL 2
#define SSL_TLSEXT_ERR_NOACK 3
-#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG, 0, (void *)arg)
+/* SSL_CTX_set_tlsext_servername_arg sets the argument to the servername
+ * callback and returns one. See |SSL_CTX_set_tlsext_servername_callback|. */
+OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg);
#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
SSL_CTX_ctrl((ctx), SSL_CTRL_GET_TLSEXT_TICKET_KEYS, (keylen), (keys))
#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
SSL_CTX_ctrl((ctx), SSL_CTRL_SET_TLSEXT_TICKET_KEYS, (keylen), (keys))
-#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
- SSL_CTX_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB, \
- (void (*)(void))cb)
-
-#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
- SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG, 0, (void *)arg)
-
-#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
- SSL_CTX_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB, \
- (void (*)(void))cb)
-
+/* SSL_CTX_set_tlsext_ticket_key_cb sets the ticket callback to |callback| and
+ * returns one. |callback| will be called when encrypting a new ticket and when
+ * decrypting a ticket from the client.
+ *
+ * In both modes, |ctx| and |hmac_ctx| will already have been initialized with
+ * |EVP_CIPHER_CTX_init| and |HMAC_CTX_init|, respectively. |callback|
+ * configures |hmac_ctx| with an HMAC digest and key, and configures |ctx|
+ * for encryption or decryption, based on the mode.
+ *
+ * When encrypting a new ticket, |encrypt| will be one. It writes a public
+ * 16-byte key name to |key_name| and a fresh IV to |iv|. The output IV length
+ * must match |EVP_CIPHER_CTX_iv_length| of the cipher selected. In this mode,
+ * |callback| returns 1 on success and -1 on error.
+ *
+ * When decrypting a ticket, |encrypt| will be zero. |key_name| will point to a
+ * 16-byte key name and |iv| points to an IV. The length of the IV consumed must
+ * match |EVP_CIPHER_CTX_iv_length| of the cipher selected. In this mode,
+ * |callback| returns -1 to abort the handshake, 0 if decrypting the ticket
+ * failed, and 1 or 2 on success. If it returns 2, the ticket will be renewed.
+ * This may be used to re-key the ticket.
+ *
+ * WARNING: |callback| wildly breaks the usual return value convention and is
+ * called in two different modes. */
+OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_key_cb(
+ SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv,
+ EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
+ int encrypt));
/* PSK ciphersuites from 4279 */
#define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A
@@ -689,8 +688,6 @@
#define TLS_CT_RSA_FIXED_ECDH 65
#define TLS_CT_ECDSA_FIXED_ECDH 66
-#define TLS1_FINISH_MAC_LENGTH 12
-
#define TLS_MD_MAX_CONST_SIZE 20
#define TLS_MD_CLIENT_FINISH_CONST "client finished"
#define TLS_MD_CLIENT_FINISH_CONST_SIZE 15
diff --git a/src/include/openssl/x509.h b/src/include/openssl/x509.h
index 2a79887..ef1d7fb 100644
--- a/src/include/openssl/x509.h
+++ b/src/include/openssl/x509.h
@@ -748,8 +748,6 @@
OPENSSL_EXPORT int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
OPENSSL_EXPORT EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key);
-OPENSSL_EXPORT int X509_get_pubkey_parameters(EVP_PKEY *pkey,
- STACK_OF(X509) *chain);
OPENSSL_EXPORT int i2d_PUBKEY(const EVP_PKEY *a,unsigned char **pp);
OPENSSL_EXPORT EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp,
long length);
@@ -1221,112 +1219,101 @@
}
#endif
-#define X509_F_x509_name_ex_new 100
-#define X509_F_X509_EXTENSION_create_by_NID 101
-#define X509_F_X509_load_crl_file 102
-#define X509_F_X509_TRUST_set 103
-#define X509_F_X509_EXTENSION_create_by_OBJ 104
-#define X509_F_by_file_ctrl 105
-#define X509_F_X509_load_cert_crl_file 106
-#define X509_F_X509_CRL_add0_revoked 107
-#define X509_F_bitstr_cb 108
-#define X509_F_X509_STORE_CTX_new 109
-#define X509_F_X509_REQ_to_X509 110
-#define X509_F_X509v3_add_ext 111
-#define X509_F_ASN1_sign 112
-#define X509_F_asn1_str2type 113
-#define X509_F_i2d_RSA_PUBKEY 114
-#define X509_F_ASN1_item_sign_ctx 115
-#define X509_F_x509_name_encode 116
-#define X509_F_d2i_X509_PKEY 117
-#define X509_F_ASN1_generate_v3 118
-#define X509_F_dir_ctrl 119
-#define X509_F_X509_print_ex_fp 120
-#define X509_F_X509_ATTRIBUTE_get0_data 121
-#define X509_F_X509_NAME_oneline 122
-#define X509_F_X509_CRL_print_fp 123
-#define X509_F_X509_STORE_CTX_get1_issuer 124
-#define X509_F_add_cert_dir 125
-#define X509_F_PKCS7_get_certificates 126
-#define X509_F_X509_ATTRIBUTE_create_by_NID 127
-#define X509_F_X509_ATTRIBUTE_set1_data 128
+#define X509_F_ASN1_digest 100
+#define X509_F_ASN1_item_sign_ctx 101
+#define X509_F_ASN1_item_verify 102
+#define X509_F_NETSCAPE_SPKI_b64_decode 103
+#define X509_F_NETSCAPE_SPKI_b64_encode 104
+#define X509_F_PKCS7_get_certificates 105
+#define X509_F_X509_ATTRIBUTE_create_by_NID 106
+#define X509_F_X509_ATTRIBUTE_create_by_OBJ 107
+#define X509_F_X509_ATTRIBUTE_create_by_txt 108
+#define X509_F_X509_ATTRIBUTE_get0_data 109
+#define X509_F_X509_ATTRIBUTE_set1_data 110
+#define X509_F_X509_CRL_add0_revoked 111
+#define X509_F_X509_CRL_diff 112
+#define X509_F_X509_CRL_print_fp 113
+#define X509_F_X509_EXTENSION_create_by_NID 114
+#define X509_F_X509_EXTENSION_create_by_OBJ 115
+#define X509_F_X509_INFO_new 116
+#define X509_F_X509_NAME_ENTRY_create_by_NID 117
+#define X509_F_X509_NAME_ENTRY_create_by_txt 118
+#define X509_F_X509_NAME_ENTRY_set_object 119
+#define X509_F_X509_NAME_add_entry 120
+#define X509_F_X509_NAME_oneline 121
+#define X509_F_X509_NAME_print 122
+#define X509_F_X509_PKEY_new 123
+#define X509_F_X509_PUBKEY_get 124
+#define X509_F_X509_PUBKEY_set 125
+#define X509_F_X509_REQ_check_private_key 126
+#define X509_F_X509_REQ_to_X509 127
+#define X509_F_X509_STORE_CTX_get1_issuer 128
#define X509_F_X509_STORE_CTX_init 129
-#define X509_F_NETSCAPE_SPKI_b64_decode 130
-#define X509_F_X509_NAME_print 131
-#define X509_F_x509_name_ex_d2i 132
-#define X509_F_X509_PKEY_new 133
-#define X509_F_X509_STORE_add_cert 134
-#define X509_F_parse_tagging 135
-#define X509_F_check_policy 136
-#define X509_F_ASN1_digest 137
-#define X509_F_X509_load_cert_file 138
-#define X509_F_X509_ATTRIBUTE_create_by_txt 139
-#define X509_F_X509_PUBKEY_set 140
-#define X509_F_X509_PUBKEY_get 141
-#define X509_F_get_cert_by_subject 142
-#define X509_F_X509_NAME_add_entry 143
+#define X509_F_X509_STORE_CTX_new 130
+#define X509_F_X509_STORE_CTX_purpose_inherit 131
+#define X509_F_X509_STORE_add_cert 132
+#define X509_F_X509_STORE_add_crl 133
+#define X509_F_X509_TRUST_add 134
+#define X509_F_X509_TRUST_set 135
+#define X509_F_X509_check_private_key 136
+#define X509_F_X509_get_pubkey_parameters 137
+#define X509_F_X509_load_cert_crl_file 138
+#define X509_F_X509_load_cert_file 139
+#define X509_F_X509_load_crl_file 140
+#define X509_F_X509_print_ex_fp 141
+#define X509_F_X509_to_X509_REQ 142
+#define X509_F_X509_verify_cert 143
#define X509_F_X509at_add1_attr 144
-#define X509_F_X509_check_private_key 145
-#define X509_F_append_exp 146
-#define X509_F_i2d_EC_PUBKEY 147
-#define X509_F_X509_INFO_new 148
-#define X509_F_X509_STORE_CTX_purpose_inherit 149
-#define X509_F_NETSCAPE_SPKI_b64_encode 150
-#define X509_F_X509_to_X509_REQ 151
-#define X509_F_X509_NAME_ENTRY_create_by_txt 152
-#define X509_F_X509_NAME_ENTRY_set_object 153
-#define X509_F_asn1_cb 154
-#define X509_F_X509_verify_cert 155
-#define X509_F_X509_CRL_diff 156
-#define X509_F_i2d_PrivateKey 157
-#define X509_F_X509_REQ_check_private_key 158
-#define X509_F_X509_STORE_add_crl 159
-#define X509_F_X509_get_pubkey_parameters 160
-#define X509_F_ASN1_item_verify 161
-#define X509_F_X509_ATTRIBUTE_create_by_OBJ 162
-#define X509_F_i2d_DSA_PUBKEY 163
-#define X509_F_X509_TRUST_add 164
-#define X509_F_X509_NAME_ENTRY_create_by_NID 165
-#define X509_F_PKCS7_get_CRLs 166
-#define X509_F_pkcs7_parse_header 167
-#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 100
-#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 101
-#define X509_R_METHOD_NOT_SUPPORTED 102
-#define X509_R_UNSUPPORTED_ALGORITHM 103
-#define X509_R_CRL_VERIFY_FAILURE 104
-#define X509_R_BASE64_DECODE_ERROR 105
-#define X509_R_INVALID_TRUST 106
-#define X509_R_UNKNOWN_NID 107
-#define X509_R_INVALID_DIRECTORY 108
-#define X509_R_KEY_VALUES_MISMATCH 109
-#define X509_R_CERT_ALREADY_IN_HASH_TABLE 110
-#define X509_R_PUBLIC_KEY_DECODE_ERROR 111
-#define X509_R_NOT_PKCS7_SIGNED_DATA 112
-#define X509_R_PUBLIC_KEY_ENCODE_ERROR 113
-#define X509_R_LOADING_CERT_DIR 114
-#define X509_R_WRONG_TYPE 115
-#define X509_R_UNKNOWN_PURPOSE_ID 116
-#define X509_R_NEWER_CRL_NOT_NEWER 117
-#define X509_R_UNKNOWN_TRUST_ID 118
-#define X509_R_KEY_TYPE_MISMATCH 120
-#define X509_R_UNKNOWN_KEY_TYPE 121
-#define X509_R_BAD_X509_FILETYPE 122
-#define X509_R_ISSUER_MISMATCH 123
-#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 124
-#define X509_R_WRONG_LOOKUP_TYPE 125
-#define X509_R_CONTEXT_NOT_INITIALISED 126
-#define X509_R_CANT_CHECK_DH_KEY 127
-#define X509_R_NO_CERTIFICATES_INCLUDED 128
-#define X509_R_INVALID_FIELD_NAME 129
-#define X509_R_SHOULD_RETRY 130
-#define X509_R_NO_CRL_NUMBER 131
-#define X509_R_IDP_MISMATCH 132
-#define X509_R_LOADING_DEFAULTS 133
-#define X509_R_BAD_PKCS7_VERSION 134
-#define X509_R_CRL_ALREADY_DELTA 135
-#define X509_R_ERR_ASN1_LIB 136
-#define X509_R_AKID_MISMATCH 137
-#define X509_R_INVALID_BIT_STRING_BITS_LEFT 138
-#define X509_R_NO_CRLS_INCLUDED 139
+#define X509_F_X509v3_add_ext 145
+#define X509_F_add_cert_dir 146
+#define X509_F_by_file_ctrl 147
+#define X509_F_check_policy 148
+#define X509_F_dir_ctrl 149
+#define X509_F_get_cert_by_subject 150
+#define X509_F_i2d_DSA_PUBKEY 151
+#define X509_F_i2d_EC_PUBKEY 152
+#define X509_F_i2d_RSA_PUBKEY 153
+#define X509_F_x509_name_encode 154
+#define X509_F_x509_name_ex_d2i 155
+#define X509_F_x509_name_ex_new 156
+#define X509_F_pkcs7_parse_header 157
+#define X509_F_PKCS7_get_CRLs 158
+#define X509_R_AKID_MISMATCH 100
+#define X509_R_BAD_PKCS7_VERSION 101
+#define X509_R_BAD_X509_FILETYPE 102
+#define X509_R_BASE64_DECODE_ERROR 103
+#define X509_R_CANT_CHECK_DH_KEY 104
+#define X509_R_CERT_ALREADY_IN_HASH_TABLE 105
+#define X509_R_CRL_ALREADY_DELTA 106
+#define X509_R_CRL_VERIFY_FAILURE 107
+#define X509_R_IDP_MISMATCH 108
+#define X509_R_INVALID_BIT_STRING_BITS_LEFT 109
+#define X509_R_INVALID_DIRECTORY 110
+#define X509_R_INVALID_FIELD_NAME 111
+#define X509_R_INVALID_TRUST 112
+#define X509_R_ISSUER_MISMATCH 113
+#define X509_R_KEY_TYPE_MISMATCH 114
+#define X509_R_KEY_VALUES_MISMATCH 115
+#define X509_R_LOADING_CERT_DIR 116
+#define X509_R_LOADING_DEFAULTS 117
+#define X509_R_METHOD_NOT_SUPPORTED 118
+#define X509_R_NEWER_CRL_NOT_NEWER 119
+#define X509_R_NOT_PKCS7_SIGNED_DATA 120
+#define X509_R_NO_CERTIFICATES_INCLUDED 121
+#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 122
+#define X509_R_NO_CRL_NUMBER 123
+#define X509_R_PUBLIC_KEY_DECODE_ERROR 124
+#define X509_R_PUBLIC_KEY_ENCODE_ERROR 125
+#define X509_R_SHOULD_RETRY 126
+#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 127
+#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 128
+#define X509_R_UNKNOWN_KEY_TYPE 129
+#define X509_R_UNKNOWN_NID 130
+#define X509_R_UNKNOWN_PURPOSE_ID 131
+#define X509_R_UNKNOWN_TRUST_ID 132
+#define X509_R_UNSUPPORTED_ALGORITHM 133
+#define X509_R_WRONG_LOOKUP_TYPE 134
+#define X509_R_WRONG_TYPE 135
+#define X509_R_NO_CRLS_INCLUDED 136
#endif
diff --git a/src/include/openssl/x509_vfy.h b/src/include/openssl/x509_vfy.h
index c65bfde..299cad7 100644
--- a/src/include/openssl/x509_vfy.h
+++ b/src/include/openssl/x509_vfy.h
@@ -202,7 +202,6 @@
STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
int (*cleanup)(X509_STORE_CTX *ctx);
- CRYPTO_EX_DATA ex_data;
int references;
} /* X509_STORE */;
@@ -554,11 +553,15 @@
STACK_OF(ASN1_OBJECT) *policies);
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
- const unsigned char *name, size_t namelen);
+ const char *name, size_t namelen);
+OPENSSL_EXPORT int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
+ const char *name,
+ size_t namelen);
OPENSSL_EXPORT void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
unsigned int flags);
+OPENSSL_EXPORT char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
- const unsigned char *email, size_t emaillen);
+ const char *email, size_t emaillen);
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
const unsigned char *ip, size_t iplen);
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);
diff --git a/src/include/openssl/x509v3.h b/src/include/openssl/x509v3.h
index c891022..5caa5c1 100644
--- a/src/include/openssl/x509v3.h
+++ b/src/include/openssl/x509v3.h
@@ -607,14 +607,6 @@
OPENSSL_EXPORT int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
OPENSSL_EXPORT int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
-OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- int ext_nid, char *value);
-OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- char *name, char *value);
-OPENSSL_EXPORT int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- char *section, X509 *cert);
-OPENSSL_EXPORT int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- char *section, X509_REQ *req);
OPENSSL_EXPORT int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
char *section, X509_CRL *crl);
@@ -623,7 +615,6 @@
OPENSSL_EXPORT int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
OPENSSL_EXPORT int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
OPENSSL_EXPORT void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
-OPENSSL_EXPORT void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
OPENSSL_EXPORT char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
OPENSSL_EXPORT STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
@@ -713,9 +704,9 @@
*/
#define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
-OPENSSL_EXPORT int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
- unsigned int flags);
-OPENSSL_EXPORT int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen,
+OPENSSL_EXPORT int X509_check_host(X509 *x, const char *chk, size_t chklen,
+ unsigned int flags, char **peername);
+OPENSSL_EXPORT int X509_check_email(X509 *x, const char *chk, size_t chklen,
unsigned int flags);
OPENSSL_EXPORT int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
unsigned int flags);
@@ -740,131 +731,125 @@
#ifdef __cplusplus
}
#endif
-#define X509V3_F_do_ext_i2d 100
-#define X509V3_F_v2i_AUTHORITY_KEYID 101
-#define X509V3_F_X509V3_parse_list 102
-#define X509V3_F_SXNET_add_id_asc 103
+#define X509V3_F_SXNET_add_id_INTEGER 100
+#define X509V3_F_SXNET_add_id_asc 101
+#define X509V3_F_SXNET_add_id_ulong 102
+#define X509V3_F_SXNET_get_id_asc 103
#define X509V3_F_SXNET_get_id_ulong 104
-#define X509V3_F_v2i_AUTHORITY_INFO_ACCESS 105
-#define X509V3_F_X509V3_EXT_add 106
-#define X509V3_F_i2s_ASN1_INTEGER 107
-#define X509V3_F_s2i_ASN1_OCTET_STRING 108
-#define X509V3_F_copy_issuer 109
-#define X509V3_F_v2i_subject_alt 110
-#define X509V3_F_copy_email 111
-#define X509V3_F_X509V3_EXT_i2d 112
-#define X509V3_F_v2i_crld 113
-#define X509V3_F_policy_section 114
-#define X509V3_F_a2i_GENERAL_NAME 115
-#define X509V3_F_hex_to_string 116
-#define X509V3_F_i2s_ASN1_IA5STRING 117
-#define X509V3_F_string_to_hex 118
-#define X509V3_F_v3_generic_extension 119
-#define X509V3_F_X509V3_get_section 120
-#define X509V3_F_s2i_skey_id 121
-#define X509V3_F_nref_nos 122
-#define X509V3_F_X509V3_get_value_bool 123
-#define X509V3_F_v2i_NAME_CONSTRAINTS 124
-#define X509V3_F_v2i_POLICY_MAPPINGS 125
-#define X509V3_F_v2i_GENERAL_NAMES 126
-#define X509V3_F_do_dirname 127
-#define X509V3_F_v2i_ASN1_BIT_STRING 128
-#define X509V3_F_SXNET_add_id_ulong 129
-#define X509V3_F_X509V3_EXT_add_alias 130
-#define X509V3_F_X509V3_add1_i2d 131
-#define X509V3_F_r2i_pci 132
-#define X509V3_F_X509V3_get_string 133
-#define X509V3_F_gnames_from_sectname 134
-#define X509V3_F_r2i_certpol 135
-#define X509V3_F_X509V3_add_value 136
+#define X509V3_F_X509V3_EXT_add 105
+#define X509V3_F_X509V3_EXT_add_alias 106
+#define X509V3_F_X509V3_EXT_free 107
+#define X509V3_F_X509V3_EXT_i2d 108
+#define X509V3_F_X509V3_EXT_nconf 109
+#define X509V3_F_X509V3_add1_i2d 110
+#define X509V3_F_X509V3_add_value 111
+#define X509V3_F_X509V3_get_section 112
+#define X509V3_F_X509V3_get_string 113
+#define X509V3_F_X509V3_get_value_bool 114
+#define X509V3_F_X509V3_parse_list 115
+#define X509V3_F_X509_PURPOSE_add 116
+#define X509V3_F_X509_PURPOSE_set 117
+#define X509V3_F_a2i_GENERAL_NAME 118
+#define X509V3_F_copy_email 119
+#define X509V3_F_copy_issuer 120
+#define X509V3_F_do_dirname 121
+#define X509V3_F_do_ext_i2d 122
+#define X509V3_F_do_ext_nconf 123
+#define X509V3_F_gnames_from_sectname 124
+#define X509V3_F_hex_to_string 125
+#define X509V3_F_i2s_ASN1_ENUMERATED 126
+#define X509V3_F_i2s_ASN1_IA5STRING 127
+#define X509V3_F_i2s_ASN1_INTEGER 128
+#define X509V3_F_i2v_AUTHORITY_INFO_ACCESS 129
+#define X509V3_F_notice_section 130
+#define X509V3_F_nref_nos 131
+#define X509V3_F_policy_section 132
+#define X509V3_F_process_pci_value 133
+#define X509V3_F_r2i_certpol 134
+#define X509V3_F_r2i_pci 135
+#define X509V3_F_s2i_ASN1_IA5STRING 136
#define X509V3_F_s2i_ASN1_INTEGER 137
-#define X509V3_F_v2i_issuer_alt 138
-#define X509V3_F_v2i_GENERAL_NAME_ex 139
-#define X509V3_F_X509V3_EXT_nconf 140
-#define X509V3_F_v2i_BASIC_CONSTRAINTS 141
-#define X509V3_F_process_pci_value 142
-#define X509V3_F_notice_section 143
-#define X509V3_F_X509_PURPOSE_set 144
-#define X509V3_F_do_ext_nconf 145
-#define X509V3_F_i2s_ASN1_ENUMERATED 146
-#define X509V3_F_s2i_ASN1_IA5STRING 147
-#define X509V3_F_v2i_POLICY_CONSTRAINTS 148
-#define X509V3_F_v2i_EXTENDED_KEY_USAGE 149
-#define X509V3_F_SXNET_get_id_asc 150
-#define X509V3_F_set_dist_point_name 151
-#define X509V3_F_v2i_idp 152
-#define X509V3_F_X509_PURPOSE_add 153
-#define X509V3_F_SXNET_add_id_INTEGER 154
-#define X509V3_F_i2v_AUTHORITY_INFO_ACCESS 155
-#define X509V3_F_X509V3_EXT_free 156
-#define X509V3_R_INVALID_BOOLEAN_STRING 100
-#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 101
-#define X509V3_R_INVALID_NAME 102
-#define X509V3_R_OPERATION_NOT_DEFINED 103
-#define X509V3_R_POLICY_PATH_LENGTH 104
-#define X509V3_R_INVALID_PROXY_POLICY_SETTING 105
-#define X509V3_R_INVALID_ASRANGE 106
-#define X509V3_R_ERROR_CREATING_EXTENSION 107
-#define X509V3_R_ISSUER_DECODE_ERROR 108
-#define X509V3_R_OTHERNAME_ERROR 109
-#define X509V3_R_ILLEGAL_HEX_DIGIT 110
-#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 111
-#define X509V3_R_USER_TOO_LONG 112
-#define X509V3_R_INVALID_INHERITANCE 113
-#define X509V3_R_INVALID_SAFI 114
-#define X509V3_R_INVALID_NULL_VALUE 115
-#define X509V3_R_NO_SUBJECT_DETAILS 116
-#define X509V3_R_BAD_OBJECT 117
-#define X509V3_R_DIRNAME_ERROR 118
-#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 119
-#define X509V3_R_INVALID_EXTENSION_STRING 120
-#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 121
-#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 122
-#define X509V3_R_INVALID_OPTION 123
-#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 124
-#define X509V3_R_INVALID_POLICY_IDENTIFIER 125
-#define X509V3_R_INVALID_PURPOSE 126
-#define X509V3_R_UNKNOWN_EXTENSION 127
-#define X509V3_R_NO_ISSUER_CERTIFICATE 128
-#define X509V3_R_BN_DEC2BN_ERROR 129
-#define X509V3_R_EXPECTED_A_SECTION_NAME 130
-#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 131
-#define X509V3_R_MISSING_VALUE 132
-#define X509V3_R_SECTION_NOT_FOUND 133
-#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 134
-#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 135
-#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 136
-#define X509V3_R_NO_POLICY_IDENTIFIER 137
-#define X509V3_R_NO_ISSUER_DETAILS 138
+#define X509V3_F_s2i_ASN1_OCTET_STRING 138
+#define X509V3_F_s2i_skey_id 139
+#define X509V3_F_set_dist_point_name 140
+#define X509V3_F_string_to_hex 141
+#define X509V3_F_v2i_ASN1_BIT_STRING 142
+#define X509V3_F_v2i_AUTHORITY_INFO_ACCESS 143
+#define X509V3_F_v2i_AUTHORITY_KEYID 144
+#define X509V3_F_v2i_BASIC_CONSTRAINTS 145
+#define X509V3_F_v2i_EXTENDED_KEY_USAGE 146
+#define X509V3_F_v2i_GENERAL_NAMES 147
+#define X509V3_F_v2i_GENERAL_NAME_ex 148
+#define X509V3_F_v2i_NAME_CONSTRAINTS 149
+#define X509V3_F_v2i_POLICY_CONSTRAINTS 150
+#define X509V3_F_v2i_POLICY_MAPPINGS 151
+#define X509V3_F_v2i_crld 152
+#define X509V3_F_v2i_idp 153
+#define X509V3_F_v2i_issuer_alt 154
+#define X509V3_F_v2i_subject_alt 155
+#define X509V3_F_v3_generic_extension 156
+#define X509V3_R_BAD_IP_ADDRESS 100
+#define X509V3_R_BAD_OBJECT 101
+#define X509V3_R_BN_DEC2BN_ERROR 102
+#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 103
+#define X509V3_R_CANNOT_FIND_FREE_FUNCTION 104
+#define X509V3_R_DIRNAME_ERROR 105
+#define X509V3_R_DISTPOINT_ALREADY_SET 106
+#define X509V3_R_DUPLICATE_ZONE_ID 107
+#define X509V3_R_ERROR_CONVERTING_ZONE 108
+#define X509V3_R_ERROR_CREATING_EXTENSION 109
+#define X509V3_R_ERROR_IN_EXTENSION 110
+#define X509V3_R_EXPECTED_A_SECTION_NAME 111
+#define X509V3_R_EXTENSION_EXISTS 112
+#define X509V3_R_EXTENSION_NAME_ERROR 113
+#define X509V3_R_EXTENSION_NOT_FOUND 114
+#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 115
+#define X509V3_R_EXTENSION_VALUE_ERROR 116
+#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 117
+#define X509V3_R_ILLEGAL_HEX_DIGIT 118
+#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 119
+#define X509V3_R_INVALID_BOOLEAN_STRING 120
+#define X509V3_R_INVALID_EXTENSION_STRING 121
+#define X509V3_R_INVALID_MULTIPLE_RDNS 122
+#define X509V3_R_INVALID_NAME 123
+#define X509V3_R_INVALID_NULL_ARGUMENT 124
+#define X509V3_R_INVALID_NULL_NAME 125
+#define X509V3_R_INVALID_NULL_VALUE 126
+#define X509V3_R_INVALID_NUMBER 127
+#define X509V3_R_INVALID_NUMBERS 128
+#define X509V3_R_INVALID_OBJECT_IDENTIFIER 129
+#define X509V3_R_INVALID_OPTION 130
+#define X509V3_R_INVALID_POLICY_IDENTIFIER 131
+#define X509V3_R_INVALID_PROXY_POLICY_SETTING 132
+#define X509V3_R_INVALID_PURPOSE 133
+#define X509V3_R_INVALID_SECTION 134
+#define X509V3_R_INVALID_SYNTAX 135
+#define X509V3_R_ISSUER_DECODE_ERROR 136
+#define X509V3_R_MISSING_VALUE 137
+#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 138
#define X509V3_R_NO_CONFIG_DATABASE 139
-#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 140
-#define X509V3_R_INVALID_SECTION 141
-#define X509V3_R_INVALID_IPADDRESS 142
-#define X509V3_R_EXTENSION_VALUE_ERROR 143
-#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 144
-#define X509V3_R_INVALID_NULL_ARGUMENT 145
-#define X509V3_R_ERROR_IN_EXTENSION 146
-#define X509V3_R_INVALID_NULL_NAME 147
-#define X509V3_R_BAD_IP_ADDRESS 148
-#define X509V3_R_UNSUPPORTED_OPTION 149
-#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 150
-#define X509V3_R_EXTENSION_EXISTS 151
-#define X509V3_R_UNKNOWN_OPTION 152
-#define X509V3_R_ERROR_CONVERTING_ZONE 153
-#define X509V3_R_NO_PUBLIC_KEY 154
-#define X509V3_R_INVALID_MULTIPLE_RDNS 155
-#define X509V3_R_INVALID_SYNTAX 156
-#define X509V3_R_UNKNOWN_EXTENSION_NAME 157
-#define X509V3_R_ODD_NUMBER_OF_DIGITS 158
-#define X509V3_R_DISTPOINT_ALREADY_SET 159
-#define X509V3_R_UNSUPPORTED_TYPE 160
-#define X509V3_R_EXTENSION_NAME_ERROR 161
-#define X509V3_R_INVALID_NUMBERS 162
-#define X509V3_R_INVALID_NUMBER 163
-#define X509V3_R_INVALID_OBJECT_IDENTIFIER 164
-#define X509V3_R_DUPLICATE_ZONE_ID 165
-#define X509V3_R_EXTENSION_NOT_FOUND 166
-#define X509V3_R_INVALID_ASNUMBER 167
-#define X509V3_R_CANNOT_FIND_FREE_FUNCTION 168
+#define X509V3_R_NO_ISSUER_CERTIFICATE 140
+#define X509V3_R_NO_ISSUER_DETAILS 141
+#define X509V3_R_NO_POLICY_IDENTIFIER 142
+#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 143
+#define X509V3_R_NO_PUBLIC_KEY 144
+#define X509V3_R_NO_SUBJECT_DETAILS 145
+#define X509V3_R_ODD_NUMBER_OF_DIGITS 146
+#define X509V3_R_OPERATION_NOT_DEFINED 147
+#define X509V3_R_OTHERNAME_ERROR 148
+#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 149
+#define X509V3_R_POLICY_PATH_LENGTH 150
+#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 151
+#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 152
+#define X509V3_R_SECTION_NOT_FOUND 153
+#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 154
+#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 155
+#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 156
+#define X509V3_R_UNKNOWN_EXTENSION 157
+#define X509V3_R_UNKNOWN_EXTENSION_NAME 158
+#define X509V3_R_UNKNOWN_OPTION 159
+#define X509V3_R_UNSUPPORTED_OPTION 160
+#define X509V3_R_UNSUPPORTED_TYPE 161
+#define X509V3_R_USER_TOO_LONG 162
#endif