SDK version 1.2.16
authorVictor Kirhenshtein <victor@netxms.org>
Thu, 7 Aug 2014 09:48:20 +0000 (12:48 +0300)
committerVictor Kirhenshtein <victor@netxms.org>
Thu, 7 Aug 2014 09:48:20 +0000 (12:48 +0300)
59 files changed:
sdk/install/netxms-sdk.iss
sdk/openssl/include/aes.h
sdk/openssl/include/asn1.h
sdk/openssl/include/bio.h
sdk/openssl/include/blowfish.h
sdk/openssl/include/bn.h
sdk/openssl/include/camellia.h
sdk/openssl/include/cast.h
sdk/openssl/include/cmac.h [copied from sdk/openssl/include/ecdh.h with 53% similarity]
sdk/openssl/include/cms.h
sdk/openssl/include/crypto.h
sdk/openssl/include/des.h
sdk/openssl/include/dh.h
sdk/openssl/include/dsa.h
sdk/openssl/include/dtls1.h
sdk/openssl/include/e_os2.h
sdk/openssl/include/ec.h
sdk/openssl/include/ecdh.h
sdk/openssl/include/ecdsa.h
sdk/openssl/include/engine.h
sdk/openssl/include/err.h
sdk/openssl/include/evp.h
sdk/openssl/include/idea.h
sdk/openssl/include/kssl.h
sdk/openssl/include/md4.h
sdk/openssl/include/md5.h
sdk/openssl/include/mdc2.h
sdk/openssl/include/modes.h
sdk/openssl/include/obj_mac.h
sdk/openssl/include/opensslconf.h
sdk/openssl/include/opensslv.h
sdk/openssl/include/ossl_typ.h
sdk/openssl/include/pem.h
sdk/openssl/include/rand.h
sdk/openssl/include/rc2.h
sdk/openssl/include/rc4.h
sdk/openssl/include/ripemd.h
sdk/openssl/include/rsa.h
sdk/openssl/include/safestack.h
sdk/openssl/include/seed.h
sdk/openssl/include/sha.h
sdk/openssl/include/srp.h [copied from sdk/openssl/include/ecdh.h with 50% similarity]
sdk/openssl/include/srtp.h [copied from sdk/openssl/include/seed.h with 52% similarity]
sdk/openssl/include/ssl.h
sdk/openssl/include/ssl2.h
sdk/openssl/include/ssl3.h
sdk/openssl/include/symhacks.h
sdk/openssl/include/tls1.h
sdk/openssl/include/ts.h
sdk/openssl/include/ui.h
sdk/openssl/include/whrlpool.h
sdk/openssl/include/x509.h
sdk/openssl/lib/x64/libeay32.lib
sdk/openssl/lib/x64/ssleay32.lib
sdk/openssl/lib/x86/libeay32.lib
sdk/openssl/lib/x86/ssleay32.lib
sdk/samples/Java/get-dci-from-server/pom.xml
src/agent/subagents/java/java/pom.xml
src/java/nxshell/pom.xml

index d0243f3..2a5da1c 100644 (file)
@@ -3,8 +3,8 @@
 
 [Setup]
 AppName=NetXMS SDK
-AppVerName=NetXMS SDK 1.1.10
-AppVersion=1.1.10
+AppVerName=NetXMS SDK 1.2.16
+AppVersion=1.2.16
 AppPublisher=Raden Solutions
 AppPublisherURL=http://www.radensolutions.com
 AppSupportURL=http://www.radensolutions.com
@@ -16,13 +16,19 @@ LicenseFile=..\..\LGPL.txt
 Compression=lzma
 SolidCompression=yes
 LanguageDetectionMethod=none
-OutputBaseFilename=netxms-sdk-1.1.10
+OutputBaseFilename=netxms-sdk-1.2.16
 
 [Files]
 ; Header files
+Source: "..\..\include\appagent.h"; DestDir: "{app}\include"; Flags: ignoreversion;
+Source: "..\..\include\ata.h"; DestDir: "{app}\include"; Flags: ignoreversion;
 Source: "..\..\include\base64.h"; DestDir: "{app}\include"; Flags: ignoreversion;
+Source: "..\..\include\build.h"; DestDir: "{app}\include"; Flags: ignoreversion;
 Source: "..\..\include\dbdrv.h"; DestDir: "{app}\include"; Flags: ignoreversion;
 Source: "..\..\include\geolocation.h"; DestDir: "{app}\include"; Flags: ignoreversion;
+Source: "..\..\include\ieee8021x.h"; DestDir: "{app}\include"; Flags: ignoreversion;
+Source: "..\..\include\jansson.h"; DestDir: "{app}\include"; Flags: ignoreversion;
+Source: "..\..\include\jansson_config.h"; DestDir: "{app}\include"; Flags: ignoreversion;
 Source: "..\..\include\netxms-regex.h"; DestDir: "{app}\include"; Flags: ignoreversion;
 Source: "..\..\include\netxms-version.h"; DestDir: "{app}\include"; Flags: ignoreversion;
 Source: "..\..\include\netxms_getopt.h"; DestDir: "{app}\include"; Flags: ignoreversion;
@@ -43,14 +49,20 @@ Source: "..\..\include\nxlog.h"; DestDir: "{app}\include"; Flags: ignoreversion;
 Source: "..\..\include\nxlpapi.h"; DestDir: "{app}\include"; Flags: ignoreversion;
 Source: "..\..\include\nxmbapi.h"; DestDir: "{app}\include"; Flags: ignoreversion;
 Source: "..\..\include\nxqueue.h"; DestDir: "{app}\include"; Flags: ignoreversion;
+Source: "..\..\include\nxsdapi.h"; DestDir: "{app}\include"; Flags: ignoreversion;
 Source: "..\..\include\nxsl.h"; DestDir: "{app}\include"; Flags: ignoreversion;
 Source: "..\..\include\nxsl_classes.h"; DestDir: "{app}\include"; Flags: ignoreversion;
 Source: "..\..\include\nxsnmp.h"; DestDir: "{app}\include"; Flags: ignoreversion;
+Source: "..\..\include\nxstat.h"; DestDir: "{app}\include"; Flags: ignoreversion;
 Source: "..\..\include\nxtools.h"; DestDir: "{app}\include"; Flags: ignoreversion;
 Source: "..\..\include\rwlock.h"; DestDir: "{app}\include"; Flags: ignoreversion;
+Source: "..\..\include\strophe.h"; DestDir: "{app}\include"; Flags: ignoreversion;
 Source: "..\..\include\unicode.h"; DestDir: "{app}\include"; Flags: ignoreversion;
+Source: "..\..\include\uthash.h"; DestDir: "{app}\include"; Flags: ignoreversion;
 Source: "..\..\include\uuid.h"; DestDir: "{app}\include"; Flags: ignoreversion;
+Source: "..\..\src\server\include\hdlink.h"; DestDir: "{app}\include\server"; Flags: ignoreversion;
 Source: "..\..\src\server\include\nddrv.h"; DestDir: "{app}\include\server"; Flags: ignoreversion;
+Source: "..\..\src\server\include\netxms_mt.h"; DestDir: "{app}\include\server"; Flags: ignoreversion;
 Source: "..\..\src\server\include\nms_actions.h"; DestDir: "{app}\include\server"; Flags: ignoreversion;
 Source: "..\..\src\server\include\nms_alarm.h"; DestDir: "{app}\include\server"; Flags: ignoreversion;
 Source: "..\..\src\server\include\nms_core.h"; DestDir: "{app}\include\server"; Flags: ignoreversion;
@@ -65,53 +77,59 @@ Source: "..\..\src\server\include\nms_users.h"; DestDir: "{app}\include\server";
 Source: "..\..\src\server\include\nxcore_jobs.h"; DestDir: "{app}\include\server"; Flags: ignoreversion;
 Source: "..\..\src\server\include\nxcore_logs.h"; DestDir: "{app}\include\server"; Flags: ignoreversion;
 Source: "..\..\src\server\include\nxcore_situations.h"; DestDir: "{app}\include\server"; Flags: ignoreversion;
+Source: "..\..\src\server\include\nxcore_smclp.h"; DestDir: "{app}\include\server"; Flags: ignoreversion;
+Source: "..\..\src\server\include\nxcore_winperf.h"; DestDir: "{app}\include\server"; Flags: ignoreversion;
 Source: "..\..\src\server\include\nxmodule.h"; DestDir: "{app}\include\server"; Flags: ignoreversion;
 Source: "..\..\src\server\include\nxsrvapi.h"; DestDir: "{app}\include\server"; Flags: ignoreversion;
 ; x86 libraries
+Source: "..\..\release\appagent.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
+Source: "..\..\release\jansson.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
 Source: "..\..\release\libexpat.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
 Source: "..\..\release\libnetxms.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
-Source: "..\..\release\libnetxmsw.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
 Source: "..\..\release\libnxcl.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
-Source: "..\..\release\libnxclw.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
 Source: "..\..\release\libnxdb.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
-Source: "..\..\release\libnxdbw.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
 Source: "..\..\release\libnxlp.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
 Source: "..\..\release\libnxmap.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
-Source: "..\..\release\libnxmapw.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
 Source: "..\..\release\libnxmb.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
 Source: "..\..\release\libnxsl.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
 Source: "..\..\release\libnxsnmp.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
 Source: "..\..\release\libnxsrv.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
+Source: "..\..\release\libstrophe.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
 Source: "..\..\release\libtre.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
 Source: "..\..\release\nxcore.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
 Source: "..\..\release\nxsqlite.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
 Source: "..\..\release\nxzlib.lib"; DestDir: "{app}\lib\x86"; Flags: ignoreversion;
 ; x64 libraries
+Source: "..\..\x64\release\appagent.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
+Source: "..\..\x64\release\jansson.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
 Source: "..\..\x64\release\libexpat.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
 Source: "..\..\x64\release\libnetxms.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
-Source: "..\..\x64\release\libnetxmsw.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
 Source: "..\..\x64\release\libnxcl.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
-Source: "..\..\x64\release\libnxclw.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
 Source: "..\..\x64\release\libnxdb.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
-Source: "..\..\x64\release\libnxdbw.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
 Source: "..\..\x64\release\libnxlp.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
 Source: "..\..\x64\release\libnxmap.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
-Source: "..\..\x64\release\libnxmapw.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
 Source: "..\..\x64\release\libnxmb.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
 Source: "..\..\x64\release\libnxsl.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
 Source: "..\..\x64\release\libnxsnmp.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
 Source: "..\..\x64\release\libnxsrv.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
+Source: "..\..\x64\release\libstrophe.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
 Source: "..\..\x64\release\libtre.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
 Source: "..\..\x64\release\nxcore.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
 Source: "..\..\x64\release\nxsqlite.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
 Source: "..\..\x64\release\nxzlib.lib"; DestDir: "{app}\lib\x64"; Flags: ignoreversion;
 ; Java API
-Source: "..\..\src\java\netxms-base\target\netxms-base-1.1.10.jar"; DestDir: "{app}\java"; Flags: ignoreversion;
-Source: "..\..\src\java\netxms-base\target\netxms-base-1.1.10-javadoc.jar"; DestDir: "{app}\java"; Flags: ignoreversion;
-Source: "..\..\src\java\netxms-client\target\netxms-client-1.1.10.jar"; DestDir: "{app}\java"; Flags: ignoreversion;
-Source: "..\..\src\java\netxms-client\target\netxms-client-1.1.10-javadoc.jar"; DestDir: "{app}\java"; Flags: ignoreversion;
-Source: "..\..\src\java\netxms-client-api\target\netxms-client-api-1.1.10.jar"; DestDir: "{app}\java"; Flags: ignoreversion;
-Source: "..\..\src\java\netxms-client-api\target\netxms-client-api-1.1.10-javadoc.jar"; DestDir: "{app}\java"; Flags: ignoreversion;
+Source: "..\..\src\agent\subagents\java\java\target\netxms-agent-1.2.16.jar"; DestDir: "{app}\java"; Flags: ignoreversion;
+Source: "..\..\src\agent\subagents\java\java\target\netxms-agent-1.2.16-javadoc.jar"; DestDir: "{app}\java"; Flags: ignoreversion;
+Source: "..\..\src\java\certificate-manager\target\certificate-manager-1.2.16.jar"; DestDir: "{app}\java"; Flags: ignoreversion;
+Source: "..\..\src\java\certificate-manager\target\certificate-manager-1.2.16-javadoc.jar"; DestDir: "{app}\java"; Flags: ignoreversion;
+Source: "..\..\src\java\mobile-agent\target\netxms-mobile-agent-1.2.16.jar"; DestDir: "{app}\java"; Flags: ignoreversion;
+Source: "..\..\src\java\mobile-agent\target\netxms-mobile-agent-1.2.16-javadoc.jar"; DestDir: "{app}\java"; Flags: ignoreversion;
+Source: "..\..\src\java\netxms-base\target\netxms-base-1.2.16.jar"; DestDir: "{app}\java"; Flags: ignoreversion;
+Source: "..\..\src\java\netxms-base\target\netxms-base-1.2.16-javadoc.jar"; DestDir: "{app}\java"; Flags: ignoreversion;
+Source: "..\..\src\java\netxms-client\target\netxms-client-1.2.16.jar"; DestDir: "{app}\java"; Flags: ignoreversion;
+Source: "..\..\src\java\netxms-client\target\netxms-client-1.2.16-javadoc.jar"; DestDir: "{app}\java"; Flags: ignoreversion;
+Source: "..\..\src\java\netxms-client-api\target\netxms-client-api-1.2.16.jar"; DestDir: "{app}\java"; Flags: ignoreversion;
+Source: "..\..\src\java\netxms-client-api\target\netxms-client-api-1.2.16-javadoc.jar"; DestDir: "{app}\java"; Flags: ignoreversion;
 ; Documentation
 Source: "..\..\doc\internal\event_code_ranges.txt"; DestDir: "{app}\doc"; Flags: ignoreversion;
 Source: "..\..\doc\internal\nxcp_command_ranges.txt"; DestDir: "{app}\doc"; Flags: ignoreversion;
index d2c9973..031abf0 100644 (file)
@@ -90,6 +90,11 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
        AES_KEY *key);
 
+int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+       AES_KEY *key);
+int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+       AES_KEY *key);
+
 void AES_encrypt(const unsigned char *in, unsigned char *out,
        const AES_KEY *key);
 void AES_decrypt(const unsigned char *in, unsigned char *out,
index f7718b5..220a0c8 100644 (file)
@@ -235,7 +235,7 @@ typedef struct asn1_object_st
  */
 #define ASN1_STRING_FLAG_MSTRING 0x040 
 /* This is the base type that holds just about everything :-) */
-typedef struct asn1_string_st
+struct asn1_string_st
        {
        int length;
        int type;
@@ -245,7 +245,7 @@ typedef struct asn1_string_st
         * input data has a non-zero 'unused bits' value, it will be
         * handled correctly */
        long flags;
-       } ASN1_STRING;
+       };
 
 /* ASN1_ENCODING structure: this is used to save the received
  * encoding of an ASN1 type. This is useful to get round
@@ -293,7 +293,6 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE)
  * see asn1t.h
  */
 typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
-typedef struct ASN1_ITEM_st ASN1_ITEM;
 typedef struct ASN1_TLC_st ASN1_TLC;
 /* This is just an opaque pointer */
 typedef struct ASN1_VALUE_st ASN1_VALUE;
@@ -1067,7 +1066,7 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
 
 void ASN1_STRING_set_default_mask(unsigned long mask);
-int ASN1_STRING_set_default_mask_asc(char *p);
+int ASN1_STRING_set_default_mask_asc(const char *p);
 unsigned long ASN1_STRING_get_default_mask(void);
 int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
                                        int inform, unsigned long mask);
@@ -1194,6 +1193,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_ITEM_I2D_FP                                 193
 #define ASN1_F_ASN1_ITEM_PACK                           198
 #define ASN1_F_ASN1_ITEM_SIGN                           195
+#define ASN1_F_ASN1_ITEM_SIGN_CTX                       220
 #define ASN1_F_ASN1_ITEM_UNPACK                                 199
 #define ASN1_F_ASN1_ITEM_VERIFY                                 197
 #define ASN1_F_ASN1_MBSTRING_NCOPY                      122
@@ -1266,6 +1266,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_PKCS5_PBE2_SET_IV                        167
 #define ASN1_F_PKCS5_PBE_SET                            202
 #define ASN1_F_PKCS5_PBE_SET0_ALGOR                     215
+#define ASN1_F_PKCS5_PBKDF2_SET                                 219
 #define ASN1_F_SMIME_READ_ASN1                          212
 #define ASN1_F_SMIME_TEXT                               213
 #define ASN1_F_X509_CINF_NEW                            168
@@ -1291,6 +1292,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                  106
 #define ASN1_R_BUFFER_TOO_SMALL                                 107
 #define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER          108
+#define ASN1_R_CONTEXT_NOT_INITIALISED                  217
 #define ASN1_R_DATA_IS_WRONG                            109
 #define ASN1_R_DECODE_ERROR                             110
 #define ASN1_R_DECODING_ERROR                           111
index 152802f..05699ab 100644 (file)
 
 #include <openssl/crypto.h>
 
+#ifndef OPENSSL_NO_SCTP
+# ifndef OPENSSL_SYS_VMS
+# include <stdint.h>
+# else
+# include <inttypes.h>
+# endif
+#endif
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -95,6 +103,9 @@ extern "C" {
 #define BIO_TYPE_BIO           (19|0x0400)             /* (half a) BIO pair */
 #define BIO_TYPE_LINEBUFFER    (20|0x0200)             /* filter */
 #define BIO_TYPE_DGRAM         (21|0x0400|0x0100)
+#ifndef OPENSSL_NO_SCTP
+#define BIO_TYPE_DGRAM_SCTP    (24|0x0400|0x0100)
+#endif
 #define BIO_TYPE_ASN1          (22|0x0200)             /* filter */
 #define BIO_TYPE_COMP          (23|0x0200)             /* filter */
 
@@ -146,6 +157,7 @@ extern "C" {
 /* #endif */
 
 #define BIO_CTRL_DGRAM_QUERY_MTU          40 /* as kernel for current MTU */
+#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU   47
 #define BIO_CTRL_DGRAM_GET_MTU            41 /* get cached value for MTU */
 #define BIO_CTRL_DGRAM_SET_MTU            42 /* set cached value for
                                              * MTU. want to use this
@@ -161,7 +173,22 @@ extern "C" {
 #define BIO_CTRL_DGRAM_SET_PEER           44 /* Destination for the data */
 
 #define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT   45 /* Next DTLS handshake timeout to
-                                                                                         * adjust socket timeouts */
+                                              * adjust socket timeouts */
+
+#ifndef OPENSSL_NO_SCTP
+/* SCTP stuff */
+#define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE   50
+#define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY               51
+#define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY              52
+#define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD              53
+#define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO                60
+#define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO                61
+#define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO                62
+#define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO                63
+#define BIO_CTRL_DGRAM_SCTP_GET_PRINFO                 64
+#define BIO_CTRL_DGRAM_SCTP_SET_PRINFO                 65
+#define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN              70
+#endif
 
 /* modifiers */
 #define BIO_FP_READ            0x02
@@ -306,6 +333,15 @@ DECLARE_STACK_OF(BIO)
 
 typedef struct bio_f_buffer_ctx_struct
        {
+       /* Buffers are setup like this:
+        *
+        * <---------------------- size ----------------------->
+        * +---------------------------------------------------+
+        * | consumed | remaining          | free space        |
+        * +---------------------------------------------------+
+        * <-- off --><------- len ------->
+        */
+
        /* BIO *bio; */ /* this is now in the BIO struct */
        int ibuf_size;  /* how big is the input buffer */
        int obuf_size;  /* how big is the output buffer */
@@ -322,6 +358,34 @@ typedef struct bio_f_buffer_ctx_struct
 /* Prefix and suffix callback in ASN1 BIO */
 typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, void *parg);
 
+#ifndef OPENSSL_NO_SCTP
+/* SCTP parameter structs */
+struct bio_dgram_sctp_sndinfo
+       {
+       uint16_t snd_sid;
+       uint16_t snd_flags;
+       uint32_t snd_ppid;
+       uint32_t snd_context;
+       };
+
+struct bio_dgram_sctp_rcvinfo
+       {
+       uint16_t rcv_sid;
+       uint16_t rcv_ssn;
+       uint16_t rcv_flags;
+       uint32_t rcv_ppid;
+       uint32_t rcv_tsn;
+       uint32_t rcv_cumtsn;
+       uint32_t rcv_context;
+       };
+
+struct bio_dgram_sctp_prinfo
+       {
+       uint16_t pr_policy;
+       uint32_t pr_value;
+       };
+#endif
+
 /* connect BIO stuff */
 #define BIO_CONN_S_BEFORE              1
 #define BIO_CONN_S_GET_IP              2
@@ -619,6 +683,9 @@ BIO_METHOD *BIO_f_linebuffer(void);
 BIO_METHOD *BIO_f_nbio_test(void);
 #ifndef OPENSSL_NO_DGRAM
 BIO_METHOD *BIO_s_datagram(void);
+#ifndef OPENSSL_NO_SCTP
+BIO_METHOD *BIO_s_datagram_sctp(void);
+#endif
 #endif
 
 /* BIO_METHOD *BIO_f_ber(void); */
@@ -661,6 +728,15 @@ int BIO_set_tcp_ndelay(int sock,int turn_on);
 
 BIO *BIO_new_socket(int sock, int close_flag);
 BIO *BIO_new_dgram(int fd, int close_flag);
+#ifndef OPENSSL_NO_SCTP
+BIO *BIO_new_dgram_sctp(int fd, int close_flag);
+int BIO_dgram_is_sctp(BIO *bio);
+int BIO_dgram_sctp_notification_cb(BIO *b,
+                                   void (*handle_notifications)(BIO *bio, void *context, void *buf),
+                                   void *context);
+int BIO_dgram_sctp_wait_for_dry(BIO *b);
+int BIO_dgram_sctp_msg_waiting(BIO *b);
+#endif
 BIO *BIO_new_fd(int fd, int close_flag);
 BIO *BIO_new_connect(char *host_port);
 BIO *BIO_new_accept(char *host_port);
@@ -725,6 +801,7 @@ void ERR_load_BIO_strings(void);
 #define BIO_F_BUFFER_CTRL                               114
 #define BIO_F_CONN_CTRL                                         127
 #define BIO_F_CONN_STATE                                115
+#define BIO_F_DGRAM_SCTP_READ                           132
 #define BIO_F_FILE_CTRL                                         116
 #define BIO_F_FILE_READ                                         130
 #define BIO_F_LINEBUFFER_CTRL                           129
index b97e76f..4b6c892 100644 (file)
@@ -104,7 +104,9 @@ typedef struct bf_key_st
        BF_LONG S[4*256];
        } BF_KEY;
 
+#ifdef OPENSSL_FIPS 
+void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+#endif
 void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
 
 void BF_encrypt(BF_LONG *data,const BF_KEY *key);
index e484b7f..f34248e 100644 (file)
@@ -253,6 +253,24 @@ extern "C" {
 #define BN_HEX_FMT2    "%08X"
 #endif
 
+/* 2011-02-22 SMS.
+ * In various places, a size_t variable or a type cast to size_t was
+ * used to perform integer-only operations on pointers.  This failed on
+ * VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t is
+ * still only 32 bits.  What's needed in these cases is an integer type
+ * with the same size as a pointer, which size_t is not certain to be. 
+ * The only fix here is VMS-specific.
+ */
+#if defined(OPENSSL_SYS_VMS)
+# if __INITIAL_POINTER_SIZE == 64
+#  define PTR_SIZE_INT long long
+# else /* __INITIAL_POINTER_SIZE == 64 */
+#  define PTR_SIZE_INT int
+# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+#else /* defined(OPENSSL_SYS_VMS) */
+# define PTR_SIZE_INT size_t
+#endif /* defined(OPENSSL_SYS_VMS) [else] */
+
 #define BN_DEFAULT_BITS        1280
 
 #define BN_FLG_MALLOCED                0x01
@@ -540,6 +558,17 @@ int        BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);
 int    BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
                int do_trial_division, BN_GENCB *cb);
 
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
+
+int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+                       const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
+                       const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb);
+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+                       BIGNUM *Xp1, BIGNUM *Xp2,
+                       const BIGNUM *Xp,
+                       const BIGNUM *e, BN_CTX *ctx,
+                       BN_GENCB *cb);
+
 BN_MONT_CTX *BN_MONT_CTX_new(void );
 void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
 int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
@@ -594,6 +623,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 int    BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
        BN_RECP_CTX *recp, BN_CTX *ctx);
 
+#ifndef OPENSSL_NO_EC2M
+
 /* Functions for arithmetic over binary polynomials represented by BIGNUMs. 
  *
  * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
@@ -645,6 +676,8 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
 int    BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max);
 int    BN_GF2m_arr2poly(const int p[], BIGNUM *a);
 
+#endif
+
 /* faster mod functions for the 'NIST primes' 
  * 0 <= a < p^2 */
 int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
index cf0457d..67911e0 100644 (file)
@@ -88,6 +88,10 @@ struct camellia_key_st
        };
 typedef struct camellia_key_st CAMELLIA_KEY;
 
+#ifdef OPENSSL_FIPS
+int private_Camellia_set_key(const unsigned char *userKey, const int bits,
+       CAMELLIA_KEY *key);
+#endif
 int Camellia_set_key(const unsigned char *userKey, const int bits,
        CAMELLIA_KEY *key);
 
index 1a264f8..203922e 100644 (file)
@@ -83,7 +83,9 @@ typedef struct cast_key_st
        int short_key;  /* Use reduced rounds for short key */
        } CAST_KEY;
 
+#ifdef OPENSSL_FIPS 
+void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
+#endif
 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
 void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key,
                      int enc);
similarity index 53%
copy from sdk/openssl/include/ecdh.h
copy to sdk/openssl/include/cmac.h
index b4b58ee..712e92d 100644 (file)
@@ -1,20 +1,9 @@
-/* crypto/ecdh/ecdh.h */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH software is originally written by Douglas Stebila of
- * Sun Microsystems Laboratories.
- *
+/* crypto/cmac/cmac.h */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
  */
 /* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
  */
-#ifndef HEADER_ECDH_H
-#define HEADER_ECDH_H
-
-#include <openssl/opensslconf.h>
 
-#ifdef OPENSSL_NO_ECDH
-#error ECDH is disabled.
-#endif
 
-#include <openssl/ec.h>
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
+#ifndef HEADER_CMAC_H
+#define HEADER_CMAC_H
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-const ECDH_METHOD *ECDH_OpenSSL(void);
-
-void     ECDH_set_default_method(const ECDH_METHOD *);
-const ECDH_METHOD *ECDH_get_default_method(void);
-int      ECDH_set_method(EC_KEY *, const ECDH_METHOD *);
-
-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
-                     void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
-
-int      ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new 
-               *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int      ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);
-void     *ECDH_get_ex_data(EC_KEY *d, int idx);
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_ECDH_strings(void);
+#include <openssl/evp.h>
 
-/* Error codes for the ECDH functions. */
+/* Opaque */
+typedef struct CMAC_CTX_st CMAC_CTX;
 
-/* Function codes. */
-#define ECDH_F_ECDH_COMPUTE_KEY                                 100
-#define ECDH_F_ECDH_DATA_NEW_METHOD                     101
+CMAC_CTX *CMAC_CTX_new(void);
+void CMAC_CTX_cleanup(CMAC_CTX *ctx);
+void CMAC_CTX_free(CMAC_CTX *ctx);
+EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx);
+int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in);
 
-/* Reason codes. */
-#define ECDH_R_KDF_FAILED                               102
-#define ECDH_R_NO_PRIVATE_VALUE                                 100
-#define ECDH_R_POINT_ARITHMETIC_FAILURE                         101
+int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, 
+                       const EVP_CIPHER *cipher, ENGINE *impl);
+int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen);
+int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen);
+int CMAC_resume(CMAC_CTX *ctx);
 
 #ifdef  __cplusplus
 }
index 09c45d0..36994fa 100644 (file)
@@ -111,6 +111,7 @@ DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
 #define CMS_PARTIAL                    0x4000
 #define CMS_REUSE_DIGEST               0x8000
 #define CMS_USE_KEYID                  0x10000
+#define CMS_DEBUG_DECRYPT              0x20000
 
 const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
 
@@ -184,6 +185,8 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
 int CMS_decrypt_set1_key(CMS_ContentInfo *cms, 
                                unsigned char *key, size_t keylen,
                                unsigned char *id, size_t idlen);
+int CMS_decrypt_set1_password(CMS_ContentInfo *cms, 
+                               unsigned char *pass, ossl_ssize_t passlen);
 
 STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
 int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
@@ -219,6 +222,16 @@ int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
 int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, 
                                        const unsigned char *id, size_t idlen);
 
+int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, 
+                                       unsigned char *pass,
+                                       ossl_ssize_t passlen);
+
+CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
+                                       int iter, int wrap_nid, int pbe_nid,
+                                       unsigned char *pass,
+                                       ossl_ssize_t passlen,
+                                       const EVP_CIPHER *kekciph);
+
 int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
        
 int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
@@ -330,6 +343,7 @@ void ERR_load_CMS_strings(void);
 #define CMS_F_CHECK_CONTENT                             99
 #define CMS_F_CMS_ADD0_CERT                             164
 #define CMS_F_CMS_ADD0_RECIPIENT_KEY                    100
+#define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD               165
 #define CMS_F_CMS_ADD1_RECEIPTREQUEST                   158
 #define CMS_F_CMS_ADD1_RECIPIENT_CERT                   101
 #define CMS_F_CMS_ADD1_SIGNER                           102
@@ -344,6 +358,7 @@ void ERR_load_CMS_strings(void);
 #define CMS_F_CMS_DATAINIT                              111
 #define CMS_F_CMS_DECRYPT                               112
 #define CMS_F_CMS_DECRYPT_SET1_KEY                      113
+#define CMS_F_CMS_DECRYPT_SET1_PASSWORD                         166
 #define CMS_F_CMS_DECRYPT_SET1_PKEY                     114
 #define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX              115
 #define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO              116
@@ -378,7 +393,9 @@ void ERR_load_CMS_strings(void);
 #define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT            141
 #define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS          142
 #define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID     143
+#define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT              167
 #define CMS_F_CMS_RECIPIENTINFO_SET0_KEY                144
+#define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD           168
 #define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY               145
 #define CMS_F_CMS_SET1_SIGNERIDENTIFIER                         146
 #define CMS_F_CMS_SET_DETACHED                          147
@@ -419,6 +436,7 @@ void ERR_load_CMS_strings(void);
 #define CMS_R_ERROR_SETTING_KEY                                 115
 #define CMS_R_ERROR_SETTING_RECIPIENTINFO               116
 #define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH              117
+#define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER          176
 #define CMS_R_INVALID_KEY_LENGTH                        118
 #define CMS_R_MD_BIO_INIT_ERROR                                 119
 #define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH      120
@@ -431,6 +449,7 @@ void ERR_load_CMS_strings(void);
 #define CMS_R_NOT_ENCRYPTED_DATA                        122
 #define CMS_R_NOT_KEK                                   123
 #define CMS_R_NOT_KEY_TRANSPORT                                 124
+#define CMS_R_NOT_PWRI                                  177
 #define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE           125
 #define CMS_R_NO_CIPHER                                         126
 #define CMS_R_NO_CONTENT                                127
@@ -443,6 +462,7 @@ void ERR_load_CMS_strings(void);
 #define CMS_R_NO_MATCHING_RECIPIENT                     132
 #define CMS_R_NO_MATCHING_SIGNATURE                     166
 #define CMS_R_NO_MSGSIGDIGEST                           167
+#define CMS_R_NO_PASSWORD                               178
 #define CMS_R_NO_PRIVATE_KEY                            133
 #define CMS_R_NO_PUBLIC_KEY                             134
 #define CMS_R_NO_RECEIPT_REQUEST                        168
@@ -466,10 +486,12 @@ void ERR_load_CMS_strings(void);
 #define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM                 151
 #define CMS_R_UNSUPPORTED_CONTENT_TYPE                  152
 #define CMS_R_UNSUPPORTED_KEK_ALGORITHM                         153
+#define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM      179
 #define CMS_R_UNSUPPORTED_RECIPIENT_TYPE                154
 #define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE             155
 #define CMS_R_UNSUPPORTED_TYPE                          156
 #define CMS_R_UNWRAP_ERROR                              157
+#define CMS_R_UNWRAP_FAILURE                            180
 #define CMS_R_VERIFICATION_FAILURE                      158
 #define CMS_R_WRAP_ERROR                                159
 
index b0360ce..f92fc51 100644 (file)
@@ -488,10 +488,10 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
                                    long (**go)(void));
 
 void *CRYPTO_malloc_locked(int num, const char *file, int line);
-void CRYPTO_free_locked(void *);
+void CRYPTO_free_locked(void *ptr);
 void *CRYPTO_malloc(int num, const char *file, int line);
 char *CRYPTO_strdup(const char *str, const char *file, int line);
-void CRYPTO_free(void *);
+void CRYPTO_free(void *ptr);
 void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
 void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
                           int line);
@@ -547,6 +547,40 @@ unsigned long *OPENSSL_ia32cap_loc(void);
 #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
 int OPENSSL_isservice(void);
 
+int FIPS_mode(void);
+int FIPS_mode_set(int r);
+
+void OPENSSL_init(void);
+
+#define fips_md_init(alg) fips_md_init_ctx(alg, alg)
+
+#ifdef OPENSSL_FIPS
+#define fips_md_init_ctx(alg, cx) \
+       int alg##_Init(cx##_CTX *c) \
+       { \
+       if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
+               "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
+       return private_##alg##_Init(c); \
+       } \
+       int private_##alg##_Init(cx##_CTX *c)
+
+#define fips_cipher_abort(alg) \
+       if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
+               "Low level API call to cipher " #alg " forbidden in FIPS mode!")
+
+#else
+#define fips_md_init_ctx(alg, cx) \
+       int alg##_Init(cx##_CTX *c)
+#define fips_cipher_abort(alg) while(0)
+#endif
+
+/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
+ * takes an amount of time dependent on |len|, but independent of the contents
+ * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
+ * defined order as the return value when a != b is undefined, other than to be
+ * non-zero. */
+int CRYPTO_memcmp(const void *a, const void *b, size_t len);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -562,11 +596,13 @@ void ERR_load_CRYPTO_strings(void);
 #define CRYPTO_F_CRYPTO_SET_EX_DATA                     102
 #define CRYPTO_F_DEF_ADD_INDEX                          104
 #define CRYPTO_F_DEF_GET_CLASS                          105
+#define CRYPTO_F_FIPS_MODE_SET                          109
 #define CRYPTO_F_INT_DUP_EX_DATA                        106
 #define CRYPTO_F_INT_FREE_EX_DATA                       107
 #define CRYPTO_F_INT_NEW_EX_DATA                        108
 
 /* Reason codes. */
+#define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED                101
 #define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK             100
 
 #ifdef  __cplusplus
index 92b6663..1eaedcb 100644 (file)
@@ -224,6 +224,9 @@ int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule);
 int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
 int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
 void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
+#ifdef OPENSSL_FIPS
+void private_DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
+#endif
 void DES_string_to_key(const char *str,DES_cblock *key);
 void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
 void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
index 849309a..ea59e61 100644 (file)
                                        * be used for all exponents.
                                        */
 
+/* If this flag is set the DH method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its reposibility
+ * to ensure the result is compliant.
+ */
+
+#define DH_FLAG_FIPS_METHOD                    0x0400
+
+/* If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+#define DH_FLAG_NON_FIPS_ALLOW                 0x0400
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -230,6 +245,9 @@ void ERR_load_DH_strings(void);
 #define DH_F_COMPUTE_KEY                                102
 #define DH_F_DHPARAMS_PRINT_FP                          101
 #define DH_F_DH_BUILTIN_GENPARAMS                       106
+#define DH_F_DH_COMPUTE_KEY                             114
+#define DH_F_DH_GENERATE_KEY                            115
+#define DH_F_DH_GENERATE_PARAMETERS_EX                  116
 #define DH_F_DH_NEW_METHOD                              105
 #define DH_F_DH_PARAM_DECODE                            107
 #define DH_F_DH_PRIV_DECODE                             110
@@ -249,7 +267,9 @@ void ERR_load_DH_strings(void);
 #define DH_R_DECODE_ERROR                               104
 #define DH_R_INVALID_PUBKEY                             102
 #define DH_R_KEYS_NOT_SET                               108
+#define DH_R_KEY_SIZE_TOO_SMALL                                 110
 #define DH_R_MODULUS_TOO_LARGE                          103
+#define DH_R_NON_FIPS_METHOD                            111
 #define DH_R_NO_PARAMETERS_SET                          107
 #define DH_R_NO_PRIVATE_VALUE                           100
 #define DH_R_PARAMETER_ENCODING_ERROR                   105
index ac50a5c..a6f6d0b 100644 (file)
                                               * be used for all exponents.
                                               */
 
+/* If this flag is set the DSA method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its reposibility
+ * to ensure the result is compliant.
+ */
+
+#define DSA_FLAG_FIPS_METHOD                   0x0400
+
+/* If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+#define DSA_FLAG_NON_FIPS_ALLOW                        0x0400
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -272,6 +287,8 @@ void ERR_load_DSA_strings(void);
 #define DSA_F_DSAPARAMS_PRINT_FP                        101
 #define DSA_F_DSA_DO_SIGN                               112
 #define DSA_F_DSA_DO_VERIFY                             113
+#define DSA_F_DSA_GENERATE_KEY                          124
+#define DSA_F_DSA_GENERATE_PARAMETERS_EX                123
 #define DSA_F_DSA_NEW_METHOD                            103
 #define DSA_F_DSA_PARAM_DECODE                          119
 #define DSA_F_DSA_PRINT_FP                              105
@@ -282,6 +299,7 @@ void ERR_load_DSA_strings(void);
 #define DSA_F_DSA_SIGN                                  106
 #define DSA_F_DSA_SIGN_SETUP                            107
 #define DSA_F_DSA_SIG_NEW                               109
+#define DSA_F_DSA_SIG_PRINT                             125
 #define DSA_F_DSA_VERIFY                                108
 #define DSA_F_I2D_DSA_SIG                               111
 #define DSA_F_OLD_DSA_PRIV_DECODE                       122
@@ -298,6 +316,8 @@ void ERR_load_DSA_strings(void);
 #define DSA_R_INVALID_DIGEST_TYPE                       106
 #define DSA_R_MISSING_PARAMETERS                        101
 #define DSA_R_MODULUS_TOO_LARGE                                 103
+#define DSA_R_NEED_NEW_SETUP_VALUES                     110
+#define DSA_R_NON_FIPS_DSA_METHOD                       111
 #define DSA_R_NO_PARAMETERS_SET                                 107
 #define DSA_R_PARAMETER_ENCODING_ERROR                  105
 
index af363a9..e65d501 100644 (file)
@@ -57,8 +57,8 @@
  *
  */
 
-#ifndef HEADER_DTLS1_H 
-#define HEADER_DTLS1_H 
+#ifndef HEADER_DTLS1_H
+#define HEADER_DTLS1_H
 
 #include <openssl/buffer.h>
 #include <openssl/pqueue.h>
 #elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
 #include <sys/timeval.h>
 #else
+#if defined(OPENSSL_SYS_VXWORKS)
+#include <sys/times.h>
+#else
 #include <sys/time.h>
 #endif
+#endif
 
 #ifdef  __cplusplus
 extern "C" {
@@ -105,6 +109,11 @@ extern "C" {
 #define DTLS1_AL_HEADER_LENGTH                   2
 #endif
 
+#ifndef OPENSSL_NO_SSL_INTERN
+
+#ifndef OPENSSL_NO_SCTP
+#define DTLS1_SCTP_AUTH_LABEL  "EXPORTER_DTLS_OVER_SCTP"
+#endif
 
 typedef struct dtls1_bitmap_st
        {
@@ -167,6 +176,7 @@ typedef struct hm_fragment_st
        {
        struct hm_header_st msg_header;
        unsigned char *fragment;
+       unsigned char *reassembly;
        } hm_fragment;
 
 typedef struct dtls1_state_st
@@ -226,7 +236,7 @@ typedef struct dtls1_state_st
 
        struct dtls1_timeout_st timeout;
 
-       /* Indicates when the last handshake msg sent will timeout */
+       /* Indicates when the last handshake msg or heartbeat sent will timeout */
        struct timeval next_timeout;
 
        /* Timeout duration */
@@ -242,6 +252,13 @@ typedef struct dtls1_state_st
        unsigned int retransmitting;
        unsigned int change_cipher_spec_ok;
 
+#ifndef OPENSSL_NO_SCTP
+       /* used when SSL_ST_XX_FLUSH is entered */
+       int next_state;
+
+       int shutdown_received;
+#endif
+
        } DTLS1_STATE;
 
 typedef struct dtls1_record_data_st
@@ -250,8 +267,12 @@ typedef struct dtls1_record_data_st
        unsigned int   packet_length;
        SSL3_BUFFER    rbuf;
        SSL3_RECORD    rrec;
+#ifndef OPENSSL_NO_SCTP
+       struct bio_dgram_sctp_rcvinfo recordinfo;
+#endif
        } DTLS1_RECORD_DATA;
 
+#endif
 
 /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
 #define DTLS1_TMO_READ_COUNT                      2
index 4c785c6..d22c036 100644 (file)
@@ -193,8 +193,14 @@ extern "C" {
 #endif
 
 /* --------------------------------- VOS ----------------------------------- */
-#ifdef OPENSSL_SYSNAME_VOS
+#if defined(__VOS__) || defined(OPENSSL_SYSNAME_VOS)
 # define OPENSSL_SYS_VOS
+#ifdef __HPPA__
+# define OPENSSL_SYS_VOS_HPPA
+#endif
+#ifdef __IA32__
+# define OPENSSL_SYS_VOS_IA32
+#endif
 #endif
 
 /* ------------------------------- VxWorks --------------------------------- */
@@ -283,6 +289,26 @@ extern "C" {
 # define OPENSSL_GLOBAL_REF(name) _shadow_##name
 #endif
 
+#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && macintosh==1 && !defined(MAC_OS_GUSI_SOURCE)
+#  define ossl_ssize_t long
+#endif
+
+#ifdef OPENSSL_SYS_MSDOS
+#  define ossl_ssize_t long
+#endif
+
+#if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS)
+#  define ssize_t int
+#endif
+
+#if defined(__ultrix) && !defined(ssize_t)
+#  define ossl_ssize_t int 
+#endif
+
+#ifndef ossl_ssize_t
+#  define ossl_ssize_t ssize_t
+#endif
+
 #ifdef  __cplusplus
 }
 #endif
index ee70781..dfe8710 100644 (file)
@@ -151,7 +151,24 @@ const EC_METHOD *EC_GFp_mont_method(void);
  */
 const EC_METHOD *EC_GFp_nist_method(void);
 
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+/** Returns 64-bit optimized methods for nistp224
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nistp224_method(void);
+
+/** Returns 64-bit optimized methods for nistp256
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nistp256_method(void);
+
+/** Returns 64-bit optimized methods for nistp521
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nistp521_method(void);
+#endif
 
+#ifndef OPENSSL_NO_EC2M
 /********************************************************************/ 
 /*           EC_METHOD for curves over GF(2^m)                      */
 /********************************************************************/
@@ -161,6 +178,8 @@ const EC_METHOD *EC_GFp_nist_method(void);
  */
 const EC_METHOD *EC_GF2m_simple_method(void);
 
+#endif
+
 
 /********************************************************************/
 /*                   EC_GROUP functions                             */
@@ -255,10 +274,10 @@ int EC_GROUP_get_curve_name(const EC_GROUP *group);
 void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
 int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
 
-void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t);
+void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
 point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
 
-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *);
+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
 size_t EC_GROUP_get_seed_len(const EC_GROUP *);
 size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
 
@@ -282,6 +301,7 @@ int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, co
  */
 int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
 
+#ifndef OPENSSL_NO_EC2M
 /** Sets the parameter of a ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b
  *  \param  group  EC_GROUP object
  *  \param  p      BIGNUM with the polynomial defining the underlying field
@@ -301,7 +321,7 @@ int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, c
  *  \return 1 on success and 0 if an error occured
  */
 int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-
+#endif
 /** Returns the number of bits needed to represent a field element 
  *  \param  group  EC_GROUP object
  *  \return number of bits needed to represent a field element
@@ -342,7 +362,7 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
  *  \return newly created EC_GROUP object with the specified parameters
  */
 EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-
+#ifndef OPENSSL_NO_EC2M
 /** Creates a new EC_GROUP object with the specified parameters defined
  *  over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b)
  *  \param  p    BIGNUM with the polynomial defining the underlying field
@@ -352,7 +372,7 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM
  *  \return newly created EC_GROUP object with the specified parameters
  */
 EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-
+#endif
 /** Creates a EC_GROUP object with a curve specified by a NID
  *  \param  nid  NID of the OID of the curve name
  *  \return newly created EC_GROUP object with specified curve or NULL
@@ -481,7 +501,7 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
  */
 int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
        const BIGNUM *x, int y_bit, BN_CTX *ctx);
-
+#ifndef OPENSSL_NO_EC2M
 /** Sets the affine coordinates of a EC_POINT over GF2m
  *  \param  group  underlying EC_GROUP object
  *  \param  p      EC_POINT object
@@ -514,7 +534,7 @@ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
  */
 int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
        const BIGNUM *x, int y_bit, BN_CTX *ctx);
-
+#endif
 /** Encodes a EC_POINT object to a octet string
  *  \param  group  underlying EC_GROUP object
  *  \param  p      EC_POINT object
@@ -606,8 +626,8 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *c
  */
 int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
 
-int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
+int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
 
 /** Computes r = generator * n sum_{i=0}^num p[i] * m[i]
  *  \param  group  underlying EC_GROUP object
@@ -653,9 +673,11 @@ int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
 /* EC_GROUP_get_basis_type() returns the NID of the basis type
  * used to represent the field elements */
 int EC_GROUP_get_basis_type(const EC_GROUP *);
+#ifndef OPENSSL_NO_EC2M
 int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
 int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, 
        unsigned int *k2, unsigned int *k3);
+#endif
 
 #define OPENSSL_EC_NAMED_CURVE 0x001
 
@@ -689,11 +711,21 @@ typedef struct ec_key_st EC_KEY;
 #define EC_PKEY_NO_PARAMETERS  0x001
 #define EC_PKEY_NO_PUBKEY      0x002
 
+/* some values for the flags field */
+#define EC_FLAG_NON_FIPS_ALLOW 0x1
+#define EC_FLAG_FIPS_CHECKED   0x2
+
 /** Creates a new EC_KEY object.
  *  \return EC_KEY object or NULL if an error occurred.
  */
 EC_KEY *EC_KEY_new(void);
 
+int EC_KEY_get_flags(const EC_KEY *key);
+
+void EC_KEY_set_flags(EC_KEY *key, int flags);
+
+void EC_KEY_clear_flags(EC_KEY *key, int flags);
+
 /** Creates a new EC_KEY object using a named curve as underlying
  *  EC_GROUP object.
  *  \param  nid  NID of the named curve.
@@ -768,16 +800,24 @@ const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
 int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
 
 unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
-void EC_KEY_set_enc_flags(EC_KEY *, unsigned int);
-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *);
-void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t);
+void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
+void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
 /* functions to set/get method specific data  */
-void *EC_KEY_get_key_method_data(EC_KEY *, 
+void *EC_KEY_get_key_method_data(EC_KEY *key
        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void EC_KEY_insert_key_method_data(EC_KEY *, void *data,
+/** Sets the key method data of an EC_KEY object, if none has yet been set.
+ *  \param  key              EC_KEY object
+ *  \param  data             opaque data to install.
+ *  \param  dup_func         a function that duplicates |data|.
+ *  \param  free_func        a function that frees |data|.
+ *  \param  clear_free_func  a function that wipes and frees |data|.
+ *  \return the previously set data pointer, or NULL if |data| was inserted.
+ */
+void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
 /* wrapper functions for the underlying EC_GROUP object */
-void EC_KEY_set_asn1_flag(EC_KEY *, int);
+void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
 
 /** Creates a table of pre-computed multiples of the generator to 
  *  accelerate further EC_KEY operations.
@@ -799,6 +839,15 @@ int EC_KEY_generate_key(EC_KEY *key);
  */
 int EC_KEY_check_key(const EC_KEY *key);
 
+/** Sets a public key from affine coordindates performing
+ *  neccessary NIST PKV tests.
+ *  \param  key  the EC_KEY object
+ *  \param  x    public key x coordinate
+ *  \param  y    public key y coordinate
+ *  \return 1 on success and 0 otherwise.
+ */
+int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y);
+
 
 /********************************************************************/
 /*        de- and encoding functions for SEC1 ECPrivateKey          */
@@ -926,6 +975,7 @@ void ERR_load_EC_strings(void);
 /* Error codes for the EC functions. */
 
 /* Function codes. */
+#define EC_F_BN_TO_FELEM                                224
 #define EC_F_COMPUTE_WNAF                               143
 #define EC_F_D2I_ECPARAMETERS                           144
 #define EC_F_D2I_ECPKPARAMETERS                                 145
@@ -968,6 +1018,15 @@ void ERR_load_EC_strings(void);
 #define EC_F_EC_GFP_MONT_FIELD_SQR                      132
 #define EC_F_EC_GFP_MONT_GROUP_SET_CURVE                189
 #define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP            135
+#define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE            225
+#define EC_F_EC_GFP_NISTP224_POINTS_MUL                         228
+#define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226
+#define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE            230
+#define EC_F_EC_GFP_NISTP256_POINTS_MUL                         231
+#define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232
+#define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE            233
+#define EC_F_EC_GFP_NISTP521_POINTS_MUL                         234
+#define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235
 #define EC_F_EC_GFP_NIST_FIELD_MUL                      200
 #define EC_F_EC_GFP_NIST_FIELD_SQR                      201
 #define EC_F_EC_GFP_NIST_GROUP_SET_CURVE                202
@@ -1010,6 +1069,7 @@ void ERR_load_EC_strings(void);
 #define EC_F_EC_KEY_NEW                                         182
 #define EC_F_EC_KEY_PRINT                               180
 #define EC_F_EC_KEY_PRINT_FP                            181
+#define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES   229
 #define EC_F_EC_POINTS_MAKE_AFFINE                      136
 #define EC_F_EC_POINT_ADD                               112
 #define EC_F_EC_POINT_CMP                               113
@@ -1040,6 +1100,9 @@ void ERR_load_EC_strings(void);
 #define EC_F_I2D_ECPKPARAMETERS                                 191
 #define EC_F_I2D_ECPRIVATEKEY                           192
 #define EC_F_I2O_ECPUBLICKEY                            151
+#define EC_F_NISTP224_PRE_COMP_NEW                      227
+#define EC_F_NISTP256_PRE_COMP_NEW                      236
+#define EC_F_NISTP521_PRE_COMP_NEW                      237
 #define EC_F_O2I_ECPUBLICKEY                            152
 #define EC_F_OLD_EC_PRIV_DECODE                                 222
 #define EC_F_PKEY_EC_CTRL                               197
@@ -1052,12 +1115,15 @@ void ERR_load_EC_strings(void);
 /* Reason codes. */
 #define EC_R_ASN1_ERROR                                         115
 #define EC_R_ASN1_UNKNOWN_FIELD                                 116
+#define EC_R_BIGNUM_OUT_OF_RANGE                        144
 #define EC_R_BUFFER_TOO_SMALL                           100
+#define EC_R_COORDINATES_OUT_OF_RANGE                   146
 #define EC_R_D2I_ECPKPARAMETERS_FAILURE                         117
 #define EC_R_DECODE_ERROR                               142
 #define EC_R_DISCRIMINANT_IS_ZERO                       118
 #define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE               119
 #define EC_R_FIELD_TOO_LARGE                            143
+#define EC_R_GF2M_NOT_SUPPORTED                                 147
 #define EC_R_GROUP2PKPARAMETERS_FAILURE                         120
 #define EC_R_I2D_ECPKPARAMETERS_FAILURE                         121
 #define EC_R_INCOMPATIBLE_OBJECTS                       101
@@ -1092,6 +1158,7 @@ void ERR_load_EC_strings(void);
 #define EC_R_UNKNOWN_GROUP                              129
 #define EC_R_UNKNOWN_ORDER                              114
 #define EC_R_UNSUPPORTED_FIELD                          131
+#define EC_R_WRONG_CURVE_PARAMETERS                     145
 #define EC_R_WRONG_ORDER                                130
 
 #ifdef  __cplusplus
index b4b58ee..8887102 100644 (file)
@@ -109,11 +109,13 @@ void ERR_load_ECDH_strings(void);
 /* Error codes for the ECDH functions. */
 
 /* Function codes. */
+#define ECDH_F_ECDH_CHECK                               102
 #define ECDH_F_ECDH_COMPUTE_KEY                                 100
 #define ECDH_F_ECDH_DATA_NEW_METHOD                     101
 
 /* Reason codes. */
 #define ECDH_R_KDF_FAILED                               102
+#define ECDH_R_NON_FIPS_METHOD                          103
 #define ECDH_R_NO_PRIVATE_VALUE                                 100
 #define ECDH_R_POINT_ARITHMETIC_FAILURE                         101
 
index e61c539..7fb5254 100644 (file)
@@ -238,6 +238,7 @@ void ERR_load_ECDSA_strings(void);
 /* Error codes for the ECDSA functions. */
 
 /* Function codes. */
+#define ECDSA_F_ECDSA_CHECK                             104
 #define ECDSA_F_ECDSA_DATA_NEW_METHOD                   100
 #define ECDSA_F_ECDSA_DO_SIGN                           101
 #define ECDSA_F_ECDSA_DO_VERIFY                                 102
@@ -249,6 +250,7 @@ void ERR_load_ECDSA_strings(void);
 #define ECDSA_R_ERR_EC_LIB                              102
 #define ECDSA_R_MISSING_PARAMETERS                      103
 #define ECDSA_R_NEED_NEW_SETUP_VALUES                   106
+#define ECDSA_R_NON_FIPS_METHOD                                 107
 #define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED                 104
 #define ECDSA_R_SIGNATURE_MALLOC_FAILED                         105
 
index 7fbd95f..f8be497 100644 (file)
@@ -141,6 +141,13 @@ extern "C" {
  * the existing ENGINE's structural reference count. */
 #define ENGINE_FLAGS_BY_ID_COPY                (int)0x0004
 
+/* This flag if for an ENGINE that does not want its methods registered as 
+ * part of ENGINE_register_all_complete() for example if the methods are
+ * not usable as default methods.
+ */
+
+#define ENGINE_FLAGS_NO_REGISTER_ALL   (int)0x0008
+
 /* ENGINEs can support their own command types, and these flags are used in
  * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each
  * command expects. Currently only numeric and string input is supported. If a
@@ -344,6 +351,8 @@ void ENGINE_load_gost(void);
 #endif
 #endif
 void ENGINE_load_cryptodev(void);
+void ENGINE_load_rsax(void);
+void ENGINE_load_rdrand(void);
 void ENGINE_load_builtin_engines(void);
 
 /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
@@ -677,6 +686,7 @@ typedef struct st_dynamic_fns {
  * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
 typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
 #define IMPLEMENT_DYNAMIC_CHECK_FN() \
+       OPENSSL_EXPORT unsigned long v_check(unsigned long v); \
        OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
                if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
                return 0; }
@@ -699,6 +709,8 @@ typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
 typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
                                const dynamic_fns *fns);
 #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
+       OPENSSL_EXPORT \
+       int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
        OPENSSL_EXPORT \
        int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
                if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
index b9f8c16..974cc9c 100644 (file)
@@ -344,8 +344,9 @@ void ERR_print_errors_fp(FILE *fp);
 #endif
 #ifndef OPENSSL_NO_BIO
 void ERR_print_errors(BIO *bp);
-void ERR_add_error_data(int num, ...);
 #endif
+void ERR_add_error_data(int num, ...);
+void ERR_add_error_vdata(int num, va_list args);
 void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
 void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
 void ERR_load_ERR_strings(void);
index 9f9795e..faeb3c2 100644 (file)
@@ -83,7 +83,7 @@
 #define EVP_RC5_32_12_16_KEY_SIZE      16
 */
 #define EVP_MAX_MD_SIZE                        64      /* longest known is SHA512 */
-#define EVP_MAX_KEY_LENGTH             32
+#define EVP_MAX_KEY_LENGTH             64
 #define EVP_MAX_IV_LENGTH              16
 #define EVP_MAX_BLOCK_LENGTH           32
 
 #define EVP_PKEY_DH    NID_dhKeyAgreement
 #define EVP_PKEY_EC    NID_X9_62_id_ecPublicKey
 #define EVP_PKEY_HMAC  NID_hmac
+#define EVP_PKEY_CMAC  NID_cmac
 
 #ifdef __cplusplus
 extern "C" {
@@ -216,6 +217,8 @@ typedef int evp_verify_method(int type,const unsigned char *m,
 
 #define EVP_MD_FLAG_DIGALGID_CUSTOM            0x0018
 
+#define EVP_MD_FLAG_FIPS       0x0400 /* Note if suitable for use in FIPS mode */
+
 /* Digest ctrls */
 
 #define        EVP_MD_CTRL_DIGALGID                    0x1
@@ -325,6 +328,10 @@ struct evp_cipher_st
 #define                EVP_CIPH_CBC_MODE               0x2
 #define                EVP_CIPH_CFB_MODE               0x3
 #define                EVP_CIPH_OFB_MODE               0x4
+#define                EVP_CIPH_CTR_MODE               0x5
+#define                EVP_CIPH_GCM_MODE               0x6
+#define                EVP_CIPH_CCM_MODE               0x7
+#define                EVP_CIPH_XTS_MODE               0x10001
 #define        EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 #define        EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -346,6 +353,15 @@ struct evp_cipher_st
 #define                EVP_CIPH_FLAG_DEFAULT_ASN1      0x1000
 /* Buffer length in bits not bytes: CFB1 mode only */
 #define                EVP_CIPH_FLAG_LENGTH_BITS       0x2000
+/* Note if suitable for use in FIPS mode */
+#define                EVP_CIPH_FLAG_FIPS              0x4000
+/* Allow non FIPS cipher in FIPS mode */
+#define                EVP_CIPH_FLAG_NON_FIPS_ALLOW    0x8000
+/* Cipher handles any and all padding logic as well
+ * as finalisation.
+ */
+#define        EVP_CIPH_FLAG_CUSTOM_CIPHER     0x100000
+#define                EVP_CIPH_FLAG_AEAD_CIPHER       0x200000
 
 /* ctrl() values */
 
@@ -358,6 +374,33 @@ struct evp_cipher_st
 #define        EVP_CTRL_RAND_KEY               0x6
 #define        EVP_CTRL_PBE_PRF_NID            0x7
 #define        EVP_CTRL_COPY                   0x8
+#define        EVP_CTRL_GCM_SET_IVLEN          0x9
+#define        EVP_CTRL_GCM_GET_TAG            0x10
+#define        EVP_CTRL_GCM_SET_TAG            0x11
+#define                EVP_CTRL_GCM_SET_IV_FIXED       0x12
+#define                EVP_CTRL_GCM_IV_GEN             0x13
+#define                EVP_CTRL_CCM_SET_IVLEN          EVP_CTRL_GCM_SET_IVLEN
+#define                EVP_CTRL_CCM_GET_TAG            EVP_CTRL_GCM_GET_TAG
+#define                EVP_CTRL_CCM_SET_TAG            EVP_CTRL_GCM_SET_TAG
+#define                EVP_CTRL_CCM_SET_L              0x14
+#define                EVP_CTRL_CCM_SET_MSGLEN         0x15
+/* AEAD cipher deduces payload length and returns number of bytes
+ * required to store MAC and eventual padding. Subsequent call to
+ * EVP_Cipher even appends/verifies MAC.
+ */
+#define                EVP_CTRL_AEAD_TLS1_AAD          0x16
+/* Used by composite AEAD ciphers, no-op in GCM, CCM... */
+#define                EVP_CTRL_AEAD_SET_MAC_KEY       0x17
+/* Set the GCM invocation field, decrypt only */
+#define                EVP_CTRL_GCM_SET_IV_INV         0x18
+
+/* GCM TLS constants */
+/* Length of fixed part of IV derived from PRF */
+#define EVP_GCM_TLS_FIXED_IV_LEN                       4
+/* Length of explicit part of IV part of TLS records */
+#define EVP_GCM_TLS_EXPLICIT_IV_LEN                    8
+/* Length of tag for TLS */
+#define EVP_GCM_TLS_TAG_LEN                            16
 
 typedef struct evp_cipher_info_st
        {
@@ -375,7 +418,7 @@ struct evp_cipher_ctx_st
        unsigned char  oiv[EVP_MAX_IV_LENGTH];  /* original iv */
        unsigned char  iv[EVP_MAX_IV_LENGTH];   /* working iv */
        unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */
-       int num;                                /* used by cfb/ofb mode */
+       int num;                                /* used by cfb/ofb/ctr mode */
 
        void *app_data;         /* application stuff */
        int key_len;            /* May change for variable length cipher */
@@ -695,6 +738,9 @@ const EVP_MD *EVP_dev_crypto_md5(void);
 #ifndef OPENSSL_NO_RC4
 const EVP_CIPHER *EVP_rc4(void);
 const EVP_CIPHER *EVP_rc4_40(void);
+#ifndef OPENSSL_NO_MD5
+const EVP_CIPHER *EVP_rc4_hmac_md5(void);
+#endif
 #endif
 #ifndef OPENSSL_NO_IDEA
 const EVP_CIPHER *EVP_idea_ecb(void);
@@ -741,9 +787,10 @@ const EVP_CIPHER *EVP_aes_128_cfb8(void);
 const EVP_CIPHER *EVP_aes_128_cfb128(void);
 # define EVP_aes_128_cfb EVP_aes_128_cfb128
 const EVP_CIPHER *EVP_aes_128_ofb(void);
-#if 0
 const EVP_CIPHER *EVP_aes_128_ctr(void);
-#endif
+const EVP_CIPHER *EVP_aes_128_ccm(void);
+const EVP_CIPHER *EVP_aes_128_gcm(void);
+const EVP_CIPHER *EVP_aes_128_xts(void);
 const EVP_CIPHER *EVP_aes_192_ecb(void);
 const EVP_CIPHER *EVP_aes_192_cbc(void);
 const EVP_CIPHER *EVP_aes_192_cfb1(void);
@@ -751,9 +798,9 @@ const EVP_CIPHER *EVP_aes_192_cfb8(void);
 const EVP_CIPHER *EVP_aes_192_cfb128(void);
 # define EVP_aes_192_cfb EVP_aes_192_cfb128
 const EVP_CIPHER *EVP_aes_192_ofb(void);
-#if 0
 const EVP_CIPHER *EVP_aes_192_ctr(void);
-#endif
+const EVP_CIPHER *EVP_aes_192_ccm(void);
+const EVP_CIPHER *EVP_aes_192_gcm(void);
 const EVP_CIPHER *EVP_aes_256_ecb(void);
 const EVP_CIPHER *EVP_aes_256_cbc(void);
 const EVP_CIPHER *EVP_aes_256_cfb1(void);
@@ -761,8 +808,13 @@ const EVP_CIPHER *EVP_aes_256_cfb8(void);
 const EVP_CIPHER *EVP_aes_256_cfb128(void);
 # define EVP_aes_256_cfb EVP_aes_256_cfb128
 const EVP_CIPHER *EVP_aes_256_ofb(void);
-#if 0
 const EVP_CIPHER *EVP_aes_256_ctr(void);
+const EVP_CIPHER *EVP_aes_256_ccm(void);
+const EVP_CIPHER *EVP_aes_256_gcm(void);
+const EVP_CIPHER *EVP_aes_256_xts(void);
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);
 #endif
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
@@ -1047,13 +1099,22 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
 #define EVP_PKEY_CTRL_CMS_DECRYPT      10
 #define EVP_PKEY_CTRL_CMS_SIGN         11
 
+#define EVP_PKEY_CTRL_CIPHER           12
+
 #define EVP_PKEY_ALG_CTRL              0x1000
 
 
 #define EVP_PKEY_FLAG_AUTOARGLEN       2
+/* Method handles all operations: don't assume any digest related
+ * defaults.
+ */
+#define EVP_PKEY_FLAG_SIGCTX_CUSTOM    4
 
 const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
 EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags);
+void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
+                               const EVP_PKEY_METHOD *meth);
+void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src);
 void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
 int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
 
@@ -1071,7 +1132,7 @@ int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx);
 void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
 
 EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
-                               unsigned char *key, int keylen);
+                               const unsigned char *key, int keylen);
 
 void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
 void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
@@ -1181,6 +1242,8 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
        int (*ctrl_str)(EVP_PKEY_CTX *ctx,
                                        const char *type, const char *value));
 
+void EVP_add_alg_module(void);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -1190,8 +1253,14 @@ void ERR_load_EVP_strings(void);
 /* Error codes for the EVP functions. */
 
 /* Function codes. */
+#define EVP_F_AESNI_INIT_KEY                            165
+#define EVP_F_AESNI_XTS_CIPHER                          176
 #define EVP_F_AES_INIT_KEY                              133
+#define EVP_F_AES_XTS                                   172
+#define EVP_F_AES_XTS_CIPHER                            175
+#define EVP_F_ALG_MODULE_INIT                           177
 #define EVP_F_CAMELLIA_INIT_KEY                                 159
+#define EVP_F_CMAC_INIT                                         173
 #define EVP_F_D2I_PKEY                                  100
 #define EVP_F_DO_SIGVER_INIT                            161
 #define EVP_F_DSAPKEY2PKCS8                             134
@@ -1246,15 +1315,24 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_EVP_RIJNDAEL                              126
 #define EVP_F_EVP_SIGNFINAL                             107
 #define EVP_F_EVP_VERIFYFINAL                           108
+#define EVP_F_FIPS_CIPHERINIT                           166
+#define EVP_F_FIPS_CIPHER_CTX_COPY                      170
+#define EVP_F_FIPS_CIPHER_CTX_CTRL                      167
+#define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH            171
+#define EVP_F_FIPS_DIGESTINIT                           168
+#define EVP_F_FIPS_MD_CTX_COPY                          169
+#define EVP_F_HMAC_INIT_EX                              174
 #define EVP_F_INT_CTX_NEW                               157
 #define EVP_F_PKCS5_PBE_KEYIVGEN                        117
 #define EVP_F_PKCS5_V2_PBE_KEYIVGEN                     118
+#define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN                  164
 #define EVP_F_PKCS8_SET_BROKEN                          112
 #define EVP_F_PKEY_SET_TYPE                             158
 #define EVP_F_RC2_MAGIC_TO_METH                                 109
 #define EVP_F_RC5_CTRL                                  125
 
 /* Reason codes. */
+#define EVP_R_AES_IV_SETUP_FAILED                       162
 #define EVP_R_AES_KEY_SETUP_FAILED                      143
 #define EVP_R_ASN1_LIB                                  140
 #define EVP_R_BAD_BLOCK_LENGTH                          136
@@ -1272,16 +1350,21 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_DECODE_ERROR                              114
 #define EVP_R_DIFFERENT_KEY_TYPES                       101
 #define EVP_R_DIFFERENT_PARAMETERS                      153
+#define EVP_R_DISABLED_FOR_FIPS                                 163
 #define EVP_R_ENCODE_ERROR                              115
+#define EVP_R_ERROR_LOADING_SECTION                     165
+#define EVP_R_ERROR_SETTING_FIPS_MODE                   166
 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR                  119
 #define EVP_R_EXPECTING_AN_RSA_KEY                      127
 #define EVP_R_EXPECTING_A_DH_KEY                        128
 #define EVP_R_EXPECTING_A_DSA_KEY                       129
 #define EVP_R_EXPECTING_A_ECDSA_KEY                     141
 #define EVP_R_EXPECTING_A_EC_KEY                        142
+#define EVP_R_FIPS_MODE_NOT_SUPPORTED                   167
 #define EVP_R_INITIALIZATION_ERROR                      134
 #define EVP_R_INPUT_NOT_INITIALIZED                     111
 #define EVP_R_INVALID_DIGEST                            152
+#define EVP_R_INVALID_FIPS_MODE                                 168
 #define EVP_R_INVALID_KEY_LENGTH                        130
 #define EVP_R_INVALID_OPERATION                                 148
 #define EVP_R_IV_TOO_LARGE                              102
@@ -1303,8 +1386,10 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_PRIVATE_KEY_DECODE_ERROR                  145
 #define EVP_R_PRIVATE_KEY_ENCODE_ERROR                  146
 #define EVP_R_PUBLIC_KEY_NOT_RSA                        106
+#define EVP_R_TOO_LARGE                                         164
 #define EVP_R_UNKNOWN_CIPHER                            160
 #define EVP_R_UNKNOWN_DIGEST                            161
+#define EVP_R_UNKNOWN_OPTION                            169
 #define EVP_R_UNKNOWN_PBE_ALGORITHM                     121
 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS               135
 #define EVP_R_UNSUPPORTED_ALGORITHM                     156
index 5782e54..e9a1e7f 100644 (file)
@@ -83,6 +83,9 @@ typedef struct idea_key_st
 const char *idea_options(void);
 void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
        IDEA_KEY_SCHEDULE *ks);
+#ifdef OPENSSL_FIPS
+void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
+#endif
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
 void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
 void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
index a3d20e1..8242fd5 100644 (file)
@@ -172,6 +172,10 @@ krb5_error_code  kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
                                    krb5_timestamp *atimep, KSSL_ERR *kssl_err);
 unsigned char  *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
 
+void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx);
+KSSL_CTX * SSL_get0_kssl_ctx(SSL *s);
+char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx);
+
 #ifdef  __cplusplus
 }
 #endif
index c3ed9b3..a55368a 100644 (file)
@@ -105,6 +105,9 @@ typedef struct MD4state_st
        unsigned int num;
        } MD4_CTX;
 
+#ifdef OPENSSL_FIPS
+int private_MD4_Init(MD4_CTX *c);
+#endif
 int MD4_Init(MD4_CTX *c);
 int MD4_Update(MD4_CTX *c, const void *data, size_t len);
 int MD4_Final(unsigned char *md, MD4_CTX *c);
index 4cbf843..541cc92 100644 (file)
@@ -105,6 +105,9 @@ typedef struct MD5state_st
        unsigned int num;
        } MD5_CTX;
 
+#ifdef OPENSSL_FIPS
+int private_MD5_Init(MD5_CTX *c);
+#endif
 int MD5_Init(MD5_CTX *c);
 int MD5_Update(MD5_CTX *c, const void *data, size_t len);
 int MD5_Final(unsigned char *md, MD5_CTX *c);
index 72778a5..f3e8e57 100644 (file)
@@ -81,6 +81,9 @@ typedef struct mdc2_ctx_st
        } MDC2_CTX;
 
 
+#ifdef OPENSSL_FIPS
+int private_MDC2_Init(MDC2_CTX *c);
+#endif
 int MDC2_Init(MDC2_CTX *c);
 int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
 int MDC2_Final(unsigned char *md, MDC2_CTX *c);
index af8d97d..f18215b 100644 (file)
@@ -15,6 +15,14 @@ typedef void (*cbc128_f)(const unsigned char *in, unsigned char *out,
                        size_t len, const void *key,
                        unsigned char ivec[16], int enc);
 
+typedef void (*ctr128_f)(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       const unsigned char ivec[16]);
+
+typedef void (*ccm128_f)(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       const unsigned char ivec[16],unsigned char cmac[16]);
+
 void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
                        size_t len, const void *key,
                        unsigned char ivec[16], block128_f block);
@@ -27,6 +35,11 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
                        unsigned char ivec[16], unsigned char ecount_buf[16],
                        unsigned int *num, block128_f block);
 
+void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], unsigned char ecount_buf[16],
+                       unsigned int *num, ctr128_f ctr);
+
 void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
                        size_t len, const void *key,
                        unsigned char ivec[16], int *num,
@@ -57,3 +70,66 @@ size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out,
 size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
                        size_t len, const void *key,
                        unsigned char ivec[16], cbc128_f cbc);
+
+size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], block128_f block);
+size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], cbc128_f cbc);
+size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], block128_f block);
+size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], cbc128_f cbc);
+
+typedef struct gcm128_context GCM128_CONTEXT;
+
+GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block);
+void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block);
+void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
+                       size_t len);
+int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad,
+                       size_t len);
+int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
+                       const unsigned char *in, unsigned char *out,
+                       size_t len);
+int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
+                       const unsigned char *in, unsigned char *out,
+                       size_t len);
+int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
+                       const unsigned char *in, unsigned char *out,
+                       size_t len, ctr128_f stream);
+int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
+                       const unsigned char *in, unsigned char *out,
+                       size_t len, ctr128_f stream);
+int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag,
+                       size_t len);
+void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len);
+void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx);
+
+typedef struct ccm128_context CCM128_CONTEXT;
+
+void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx,
+       unsigned int M, unsigned int L, void *key,block128_f block);
+int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx,
+       const unsigned char *nonce, size_t nlen, size_t mlen);
+void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx,
+       const unsigned char *aad, size_t alen);
+int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx,
+       const unsigned char *inp, unsigned char *out, size_t len);
+int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx,
+       const unsigned char *inp, unsigned char *out, size_t len);
+int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx,
+       const unsigned char *inp, unsigned char *out, size_t len,
+       ccm128_f stream);
+int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx,
+       const unsigned char *inp, unsigned char *out, size_t len,
+       ccm128_f stream);
+size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len);
+
+typedef struct xts128_context XTS128_CONTEXT;
+
+int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16],
+       const unsigned char *inp, unsigned char *out, size_t len, int enc);
index 282f11a..b5ea7cd 100644 (file)
 #define NID_sha1WithRSAEncryption              65
 #define OBJ_sha1WithRSAEncryption              OBJ_pkcs1,5L
 
+#define SN_rsaesOaep           "RSAES-OAEP"
+#define LN_rsaesOaep           "rsaesOaep"
+#define NID_rsaesOaep          919
+#define OBJ_rsaesOaep          OBJ_pkcs1,7L
+
+#define SN_mgf1                "MGF1"
+#define LN_mgf1                "mgf1"
+#define NID_mgf1               911
+#define OBJ_mgf1               OBJ_pkcs1,8L
+
+#define SN_rsassaPss           "RSASSA-PSS"
+#define LN_rsassaPss           "rsassaPss"
+#define NID_rsassaPss          912
+#define OBJ_rsassaPss          OBJ_pkcs1,10L
+
 #define SN_sha256WithRSAEncryption             "RSA-SHA256"
 #define LN_sha256WithRSAEncryption             "sha256WithRSAEncryption"
 #define NID_sha256WithRSAEncryption            668
 #define NID_id_smime_alg_CMSRC2wrap            247
 #define OBJ_id_smime_alg_CMSRC2wrap            OBJ_id_smime_alg,7L
 
+#define SN_id_alg_PWRI_KEK             "id-alg-PWRI-KEK"
+#define NID_id_alg_PWRI_KEK            893
+#define OBJ_id_alg_PWRI_KEK            OBJ_id_smime_alg,9L
+
 #define SN_id_smime_cd_ldap            "id-smime-cd-ldap"
 #define NID_id_smime_cd_ldap           248
 #define OBJ_id_smime_cd_ldap           OBJ_id_smime_cd,1L
 #define NID_no_rev_avail               403
 #define OBJ_no_rev_avail               OBJ_id_ce,56L
 
+#define SN_anyExtendedKeyUsage         "anyExtendedKeyUsage"
+#define LN_anyExtendedKeyUsage         "Any Extended Key Usage"
+#define NID_anyExtendedKeyUsage                910
+#define OBJ_anyExtendedKeyUsage                OBJ_ext_key_usage,0L
+
 #define SN_netscape            "Netscape"
 #define LN_netscape            "Netscape Communications Corp."
 #define NID_netscape           57
 #define NID_aes_128_cfb128             421
 #define OBJ_aes_128_cfb128             OBJ_aes,4L
 
+#define SN_id_aes128_wrap              "id-aes128-wrap"
+#define NID_id_aes128_wrap             788
+#define OBJ_id_aes128_wrap             OBJ_aes,5L
+
+#define SN_aes_128_gcm         "id-aes128-GCM"
+#define LN_aes_128_gcm         "aes-128-gcm"
+#define NID_aes_128_gcm                895
+#define OBJ_aes_128_gcm                OBJ_aes,6L
+
+#define SN_aes_128_ccm         "id-aes128-CCM"
+#define LN_aes_128_ccm         "aes-128-ccm"
+#define NID_aes_128_ccm                896
+#define OBJ_aes_128_ccm                OBJ_aes,7L
+
+#define SN_id_aes128_wrap_pad          "id-aes128-wrap-pad"
+#define NID_id_aes128_wrap_pad         897
+#define OBJ_id_aes128_wrap_pad         OBJ_aes,8L
+
 #define SN_aes_192_ecb         "AES-192-ECB"
 #define LN_aes_192_ecb         "aes-192-ecb"
 #define NID_aes_192_ecb                422
 #define NID_aes_192_cfb128             425
 #define OBJ_aes_192_cfb128             OBJ_aes,24L
 
+#define SN_id_aes192_wrap              "id-aes192-wrap"
+#define NID_id_aes192_wrap             789
+#define OBJ_id_aes192_wrap             OBJ_aes,25L
+
+#define SN_aes_192_gcm         "id-aes192-GCM"
+#define LN_aes_192_gcm         "aes-192-gcm"
+#define NID_aes_192_gcm                898
+#define OBJ_aes_192_gcm                OBJ_aes,26L
+
+#define SN_aes_192_ccm         "id-aes192-CCM"
+#define LN_aes_192_ccm         "aes-192-ccm"
+#define NID_aes_192_ccm                899
+#define OBJ_aes_192_ccm                OBJ_aes,27L
+
+#define SN_id_aes192_wrap_pad          "id-aes192-wrap-pad"
+#define NID_id_aes192_wrap_pad         900
+#define OBJ_id_aes192_wrap_pad         OBJ_aes,28L
+
 #define SN_aes_256_ecb         "AES-256-ECB"
 #define LN_aes_256_ecb         "aes-256-ecb"
 #define NID_aes_256_ecb                426
 #define NID_aes_256_cfb128             429
 #define OBJ_aes_256_cfb128             OBJ_aes,44L
 
+#define SN_id_aes256_wrap              "id-aes256-wrap"
+#define NID_id_aes256_wrap             790
+#define OBJ_id_aes256_wrap             OBJ_aes,45L
+
+#define SN_aes_256_gcm         "id-aes256-GCM"
+#define LN_aes_256_gcm         "aes-256-gcm"
+#define NID_aes_256_gcm                901
+#define OBJ_aes_256_gcm                OBJ_aes,46L
+
+#define SN_aes_256_ccm         "id-aes256-CCM"
+#define LN_aes_256_ccm         "aes-256-ccm"
+#define NID_aes_256_ccm                902
+#define OBJ_aes_256_ccm                OBJ_aes,47L
+
+#define SN_id_aes256_wrap_pad          "id-aes256-wrap-pad"
+#define NID_id_aes256_wrap_pad         903
+#define OBJ_id_aes256_wrap_pad         OBJ_aes,48L
+
 #define SN_aes_128_cfb1                "AES-128-CFB1"
 #define LN_aes_128_cfb1                "aes-128-cfb1"
 #define NID_aes_128_cfb1               650
 #define LN_aes_256_cfb8                "aes-256-cfb8"
 #define NID_aes_256_cfb8               655
 
+#define SN_aes_128_ctr         "AES-128-CTR"
+#define LN_aes_128_ctr         "aes-128-ctr"
+#define NID_aes_128_ctr                904
+
+#define SN_aes_192_ctr         "AES-192-CTR"
+#define LN_aes_192_ctr         "aes-192-ctr"
+#define NID_aes_192_ctr                905
+
+#define SN_aes_256_ctr         "AES-256-CTR"
+#define LN_aes_256_ctr         "aes-256-ctr"
+#define NID_aes_256_ctr                906
+
+#define SN_aes_128_xts         "AES-128-XTS"
+#define LN_aes_128_xts         "aes-128-xts"
+#define NID_aes_128_xts                913
+
+#define SN_aes_256_xts         "AES-256-XTS"
+#define LN_aes_256_xts         "aes-256-xts"
+#define NID_aes_256_xts                914
+
 #define SN_des_cfb1            "DES-CFB1"
 #define LN_des_cfb1            "des-cfb1"
 #define NID_des_cfb1           656
 #define LN_des_ede3_cfb8               "des-ede3-cfb8"
 #define NID_des_ede3_cfb8              659
 
-#define SN_id_aes128_wrap              "id-aes128-wrap"
-#define NID_id_aes128_wrap             788
-#define OBJ_id_aes128_wrap             OBJ_aes,5L
-
-#define SN_id_aes192_wrap              "id-aes192-wrap"
-#define NID_id_aes192_wrap             789
-#define OBJ_id_aes192_wrap             OBJ_aes,25L
-
-#define SN_id_aes256_wrap              "id-aes256-wrap"
-#define NID_id_aes256_wrap             790
-#define OBJ_id_aes256_wrap             OBJ_aes,45L
-
 #define OBJ_nist_hashalgs              OBJ_nistAlgorithms,2L
 
 #define SN_sha256              "SHA256"
 #define NID_camellia_256_cbc           753
 #define OBJ_camellia_256_cbc           1L,2L,392L,200011L,61L,1L,1L,1L,4L
 
+#define SN_id_camellia128_wrap         "id-camellia128-wrap"
+#define NID_id_camellia128_wrap                907
+#define OBJ_id_camellia128_wrap                1L,2L,392L,200011L,61L,1L,1L,3L,2L
+
+#define SN_id_camellia192_wrap         "id-camellia192-wrap"
+#define NID_id_camellia192_wrap                908
+#define OBJ_id_camellia192_wrap                1L,2L,392L,200011L,61L,1L,1L,3L,3L
+
+#define SN_id_camellia256_wrap         "id-camellia256-wrap"
+#define NID_id_camellia256_wrap                909
+#define OBJ_id_camellia256_wrap                1L,2L,392L,200011L,61L,1L,1L,3L,4L
+
 #define OBJ_ntt_ds             0L,3L,4401L,5L
 
 #define OBJ_camellia           OBJ_ntt_ds,3L,1L,9L
 #define LN_hmac                "hmac"
 #define NID_hmac               855
 
+#define SN_cmac                "CMAC"
+#define LN_cmac                "cmac"
+#define NID_cmac               894
+
+#define SN_rc4_hmac_md5                "RC4-HMAC-MD5"
+#define LN_rc4_hmac_md5                "rc4-hmac-md5"
+#define NID_rc4_hmac_md5               915
+
+#define SN_aes_128_cbc_hmac_sha1               "AES-128-CBC-HMAC-SHA1"
+#define LN_aes_128_cbc_hmac_sha1               "aes-128-cbc-hmac-sha1"
+#define NID_aes_128_cbc_hmac_sha1              916
+
+#define SN_aes_192_cbc_hmac_sha1               "AES-192-CBC-HMAC-SHA1"
+#define LN_aes_192_cbc_hmac_sha1               "aes-192-cbc-hmac-sha1"
+#define NID_aes_192_cbc_hmac_sha1              917
+
+#define SN_aes_256_cbc_hmac_sha1               "AES-256-CBC-HMAC-SHA1"
+#define LN_aes_256_cbc_hmac_sha1               "aes-256-cbc-hmac-sha1"
+#define NID_aes_256_cbc_hmac_sha1              918
+
index 7d75bc2..f07a711 100644 (file)
@@ -8,6 +8,9 @@
 #ifndef OPENSSL_DOING_MAKEDEPEND
 
 
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
 #ifndef OPENSSL_NO_GMP
 # define OPENSSL_NO_GMP
 #endif
@@ -26,6 +29,9 @@
 #ifndef OPENSSL_NO_RFC3779
 # define OPENSSL_NO_RFC3779
 #endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
 #ifndef OPENSSL_NO_STORE
 # define OPENSSL_NO_STORE
 #endif
@@ -41,6 +47,9 @@
    who haven't had the time to do the appropriate changes in their
    applications.  */
 #ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
 # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
 #  define NO_GMP
 # endif
@@ -59,6 +68,9 @@
 # if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
 #  define NO_RFC3779
 # endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
 # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
 #  define NO_STORE
 # endif
index cbe5264..5bc8e53 100644 (file)
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER 0x1000000fL
+#define OPENSSL_VERSION_NUMBER 0x1000105fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.0-fips 29 Mar 2010"
+#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.1e-fips 11 Feb 2013"
 #else
-#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.0 29 Mar 2010"
+#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.1e 11 Feb 2013"
 #endif
 #define OPENSSL_VERSION_PTEXT  " part of " OPENSSL_VERSION_TEXT
 
index 12bd701..ea9227f 100644 (file)
@@ -91,10 +91,12 @@ typedef struct asn1_string_st ASN1_TIME;
 typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
 typedef struct asn1_string_st ASN1_VISIBLESTRING;
 typedef struct asn1_string_st ASN1_UTF8STRING;
+typedef struct asn1_string_st ASN1_STRING;
 typedef int ASN1_BOOLEAN;
 typedef int ASN1_NULL;
 #endif
 
+typedef struct ASN1_ITEM_st ASN1_ITEM;
 typedef struct asn1_pctx_st ASN1_PCTX;
 
 #ifdef OPENSSL_SYS_WIN32
index 22231c2..8a6abab 100644 (file)
@@ -548,10 +548,11 @@ EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
 EVP_PKEY *b2i_PublicKey_bio(BIO *in);
 int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
 int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
-
+#ifndef OPENSSL_NO_RC4
 EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
 int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
                pem_password_cb *cb, void *u);
+#endif
 
 
 /* BEGIN ERROR CODES */
index ac6c021..dc8fcf9 100644 (file)
@@ -119,6 +119,11 @@ int RAND_event(UINT, WPARAM, LPARAM);
 
 #endif
 
+#ifdef OPENSSL_FIPS
+void RAND_set_fips_drbg_type(int type, int flags);
+int RAND_init_fips(void);
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -129,9 +134,13 @@ void ERR_load_RAND_strings(void);
 
 /* Function codes. */
 #define RAND_F_RAND_GET_RAND_METHOD                     101
+#define RAND_F_RAND_INIT_FIPS                           102
 #define RAND_F_SSLEAY_RAND_BYTES                        100
 
 /* Reason codes. */
+#define RAND_R_ERROR_INITIALISING_DRBG                  102
+#define RAND_R_ERROR_INSTANTIATING_DRBG                         103
+#define RAND_R_NO_FIPS_RANDOM_METHOD_SET                101
 #define RAND_R_PRNG_NOT_SEEDED                          100
 
 #ifdef  __cplusplus
index 34c8362..e542ec9 100644 (file)
@@ -79,7 +79,9 @@ typedef struct rc2_key_st
        RC2_INT data[64];
        } RC2_KEY;
 
+#ifdef OPENSSL_FIPS 
+void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
+#endif
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
 void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
                     int enc);
index 29d1acc..88ceb46 100644 (file)
@@ -79,6 +79,7 @@ typedef struct rc4_key_st
  
 const char *RC4_options(void);
 void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
 void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
                unsigned char *outdata);
 
index 5942eb6..189bd8c 100644 (file)
@@ -91,6 +91,9 @@ typedef struct RIPEMD160state_st
        unsigned int   num;
        } RIPEMD160_CTX;
 
+#ifdef OPENSSL_FIPS
+int private_RIPEMD160_Init(RIPEMD160_CTX *c);
+#endif
 int RIPEMD160_Init(RIPEMD160_CTX *c);
 int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
 int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
index cf74343..5f269e5 100644 (file)
@@ -222,12 +222,22 @@ struct rsa_st
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \
                                pad, NULL)
 
+#define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \
+       EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, \
+                               EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad)
+
 #define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
                                (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
                                EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \
                                len, NULL)
 
+#define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \
+       EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
+                               (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
+                               EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, \
+                               0, plen)
+
 #define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
                                EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
@@ -236,11 +246,24 @@ struct rsa_st
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
                                EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
 
+#define         EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md)  \
+               EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG,  \
+                               EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md)
+
+#define         EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \
+               EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG,  \
+                               EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)pmd)
+
 #define EVP_PKEY_CTRL_RSA_PADDING      (EVP_PKEY_ALG_CTRL + 1)
 #define EVP_PKEY_CTRL_RSA_PSS_SALTLEN  (EVP_PKEY_ALG_CTRL + 2)
 
 #define EVP_PKEY_CTRL_RSA_KEYGEN_BITS  (EVP_PKEY_ALG_CTRL + 3)
 #define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP        (EVP_PKEY_ALG_CTRL + 4)
+#define EVP_PKEY_CTRL_RSA_MGF1_MD      (EVP_PKEY_ALG_CTRL + 5)
+
+#define EVP_PKEY_CTRL_GET_RSA_PADDING          (EVP_PKEY_ALG_CTRL + 6)
+#define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN      (EVP_PKEY_ALG_CTRL + 7)
+#define EVP_PKEY_CTRL_GET_RSA_MGF1_MD          (EVP_PKEY_ALG_CTRL + 8)
 
 #define RSA_PKCS1_PADDING      1
 #define RSA_SSLV23_PADDING     2
@@ -257,7 +280,7 @@ struct rsa_st
 
 RSA *  RSA_new(void);
 RSA *  RSA_new_method(ENGINE *engine);
-int    RSA_size(const RSA *);
+int    RSA_size(const RSA *rsa);
 
 /* Deprecated version */
 #ifndef OPENSSL_NO_DEPRECATED
@@ -300,6 +323,16 @@ const RSA_METHOD *RSA_null_method(void);
 DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
 DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
 
+typedef struct rsa_pss_params_st
+       {
+       X509_ALGOR *hashAlgorithm;
+       X509_ALGOR *maskGenAlgorithm;
+       ASN1_INTEGER *saltLength;
+       ASN1_INTEGER *trailerField;
+       } RSA_PSS_PARAMS;
+
+DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
+
 #ifndef OPENSSL_NO_FP_API
 int    RSA_print_fp(FILE *fp, const RSA *r,int offset);
 #endif
@@ -380,6 +413,14 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
                        const unsigned char *mHash,
                        const EVP_MD *Hash, int sLen);
 
+int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
+                       const EVP_MD *Hash, const EVP_MD *mgf1Hash, 
+                       const unsigned char *EM, int sLen);
+
+int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
+                       const unsigned char *mHash,
+                       const EVP_MD *Hash, const EVP_MD *mgf1Hash, int sLen);
+
 int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int RSA_set_ex_data(RSA *r,int idx,void *arg);
@@ -388,6 +429,25 @@ void *RSA_get_ex_data(const RSA *r, int idx);
 RSA *RSAPublicKey_dup(RSA *rsa);
 RSA *RSAPrivateKey_dup(RSA *rsa);
 
+/* If this flag is set the RSA method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its responsibility
+ * to ensure the result is compliant.
+ */
+
+#define RSA_FLAG_FIPS_METHOD                   0x0400
+
+/* If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+#define RSA_FLAG_NON_FIPS_ALLOW                        0x0400
+/* Application has decided PRNG is good enough to generate a key: don't
+ * check.
+ */
+#define RSA_FLAG_CHECKED                       0x0800
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -405,6 +465,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_F_PKEY_RSA_CTRL                             143
 #define RSA_F_PKEY_RSA_CTRL_STR                                 144
 #define RSA_F_PKEY_RSA_SIGN                             142
+#define RSA_F_PKEY_RSA_VERIFY                           154
 #define RSA_F_PKEY_RSA_VERIFYRECOVER                    141
 #define RSA_F_RSA_BUILTIN_KEYGEN                        129
 #define RSA_F_RSA_CHECK_KEY                             123
@@ -413,6 +474,8 @@ void ERR_load_RSA_strings(void);
 #define RSA_F_RSA_EAY_PUBLIC_DECRYPT                    103
 #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT                    104
 #define RSA_F_RSA_GENERATE_KEY                          105
+#define RSA_F_RSA_GENERATE_KEY_EX                       155
+#define RSA_F_RSA_ITEM_VERIFY                           156
 #define RSA_F_RSA_MEMORY_LOCK                           130
 #define RSA_F_RSA_NEW_METHOD                            106
 #define RSA_F_RSA_NULL                                  124
@@ -424,6 +487,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_F_RSA_PADDING_ADD_NONE                      107
 #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP                121
 #define RSA_F_RSA_PADDING_ADD_PKCS1_PSS                         125
+#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1            148
 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1              108
 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2              109
 #define RSA_F_RSA_PADDING_ADD_SSLV23                    110
@@ -436,8 +500,12 @@ void ERR_load_RSA_strings(void);
 #define RSA_F_RSA_PADDING_CHECK_X931                    128
 #define RSA_F_RSA_PRINT                                         115
 #define RSA_F_RSA_PRINT_FP                              116
+#define RSA_F_RSA_PRIVATE_DECRYPT                       150
+#define RSA_F_RSA_PRIVATE_ENCRYPT                       151
 #define RSA_F_RSA_PRIV_DECODE                           137
 #define RSA_F_RSA_PRIV_ENCODE                           138
+#define RSA_F_RSA_PUBLIC_DECRYPT                        152
+#define RSA_F_RSA_PUBLIC_ENCRYPT                        153
 #define RSA_F_RSA_PUB_DECODE                            139
 #define RSA_F_RSA_SETUP_BLINDING                        136
 #define RSA_F_RSA_SIGN                                  117
@@ -445,6 +513,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_F_RSA_VERIFY                                119
 #define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING              120
 #define RSA_F_RSA_VERIFY_PKCS1_PSS                      126
+#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1                         149
 
 /* Reason codes. */
 #define RSA_R_ALGORITHM_MISMATCH                        100
@@ -470,19 +539,24 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_INVALID_HEADER                            137
 #define RSA_R_INVALID_KEYBITS                           145
 #define RSA_R_INVALID_MESSAGE_LENGTH                    131
+#define RSA_R_INVALID_MGF1_MD                           156
 #define RSA_R_INVALID_PADDING                           138
 #define RSA_R_INVALID_PADDING_MODE                      141
+#define RSA_R_INVALID_PSS_PARAMETERS                    149
 #define RSA_R_INVALID_PSS_SALTLEN                       146
+#define RSA_R_INVALID_SALT_LENGTH                       150
 #define RSA_R_INVALID_TRAILER                           139
 #define RSA_R_INVALID_X931_DIGEST                       142
 #define RSA_R_IQMP_NOT_INVERSE_OF_Q                     126
 #define RSA_R_KEY_SIZE_TOO_SMALL                        120
 #define RSA_R_LAST_OCTET_INVALID                        134
 #define RSA_R_MODULUS_TOO_LARGE                                 105
+#define RSA_R_NON_FIPS_RSA_METHOD                       157
 #define RSA_R_NO_PUBLIC_EXPONENT                        140
 #define RSA_R_NULL_BEFORE_BLOCK_MISSING                         113
 #define RSA_R_N_DOES_NOT_EQUAL_P_Q                      127
 #define RSA_R_OAEP_DECODING_ERROR                       121
+#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE        158
 #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE  148
 #define RSA_R_PADDING_CHECK_FAILED                      114
 #define RSA_R_P_NOT_PRIME                               128
@@ -493,7 +567,12 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_SSLV3_ROLLBACK_ATTACK                     115
 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
 #define RSA_R_UNKNOWN_ALGORITHM_TYPE                    117
+#define RSA_R_UNKNOWN_MASK_DIGEST                       151
 #define RSA_R_UNKNOWN_PADDING_TYPE                      118
+#define RSA_R_UNKNOWN_PSS_DIGEST                        152
+#define RSA_R_UNSUPPORTED_MASK_ALGORITHM                153
+#define RSA_R_UNSUPPORTED_MASK_PARAMETER                154
+#define RSA_R_UNSUPPORTED_SIGNATURE_TYPE                155
 #define RSA_R_VALUE_MISSING                             147
 #define RSA_R_WRONG_SIGNATURE_LENGTH                    119
 
index d616b4a..ea3aa0d 100644 (file)
@@ -179,7 +179,8 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
        sk_is_sorted(CHECKED_STACK_OF(type, st))
 
 #define        SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-       (STACK_OF(type) *)d2i_ASN1_SET(CHECKED_STACK_OF(type, st), \
+  (STACK_OF(type) *)d2i_ASN1_SET( \
+                               (STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \
                                pp, length, \
                                CHECKED_D2I_OF(type, d2i_func), \
                                CHECKED_SK_FREE_FUNC(type, free_func), \
@@ -1458,6 +1459,94 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 #define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st))
 #define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st))
 
+#define sk_SRP_gN_new(cmp) SKM_sk_new(SRP_gN, (cmp))
+#define sk_SRP_gN_new_null() SKM_sk_new_null(SRP_gN)
+#define sk_SRP_gN_free(st) SKM_sk_free(SRP_gN, (st))
+#define sk_SRP_gN_num(st) SKM_sk_num(SRP_gN, (st))
+#define sk_SRP_gN_value(st, i) SKM_sk_value(SRP_gN, (st), (i))
+#define sk_SRP_gN_set(st, i, val) SKM_sk_set(SRP_gN, (st), (i), (val))
+#define sk_SRP_gN_zero(st) SKM_sk_zero(SRP_gN, (st))
+#define sk_SRP_gN_push(st, val) SKM_sk_push(SRP_gN, (st), (val))
+#define sk_SRP_gN_unshift(st, val) SKM_sk_unshift(SRP_gN, (st), (val))
+#define sk_SRP_gN_find(st, val) SKM_sk_find(SRP_gN, (st), (val))
+#define sk_SRP_gN_find_ex(st, val) SKM_sk_find_ex(SRP_gN, (st), (val))
+#define sk_SRP_gN_delete(st, i) SKM_sk_delete(SRP_gN, (st), (i))
+#define sk_SRP_gN_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN, (st), (ptr))
+#define sk_SRP_gN_insert(st, val, i) SKM_sk_insert(SRP_gN, (st), (val), (i))
+#define sk_SRP_gN_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN, (st), (cmp))
+#define sk_SRP_gN_dup(st) SKM_sk_dup(SRP_gN, st)
+#define sk_SRP_gN_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN, (st), (free_func))
+#define sk_SRP_gN_shift(st) SKM_sk_shift(SRP_gN, (st))
+#define sk_SRP_gN_pop(st) SKM_sk_pop(SRP_gN, (st))
+#define sk_SRP_gN_sort(st) SKM_sk_sort(SRP_gN, (st))
+#define sk_SRP_gN_is_sorted(st) SKM_sk_is_sorted(SRP_gN, (st))
+
+#define sk_SRP_gN_cache_new(cmp) SKM_sk_new(SRP_gN_cache, (cmp))
+#define sk_SRP_gN_cache_new_null() SKM_sk_new_null(SRP_gN_cache)
+#define sk_SRP_gN_cache_free(st) SKM_sk_free(SRP_gN_cache, (st))
+#define sk_SRP_gN_cache_num(st) SKM_sk_num(SRP_gN_cache, (st))
+#define sk_SRP_gN_cache_value(st, i) SKM_sk_value(SRP_gN_cache, (st), (i))
+#define sk_SRP_gN_cache_set(st, i, val) SKM_sk_set(SRP_gN_cache, (st), (i), (val))
+#define sk_SRP_gN_cache_zero(st) SKM_sk_zero(SRP_gN_cache, (st))
+#define sk_SRP_gN_cache_push(st, val) SKM_sk_push(SRP_gN_cache, (st), (val))
+#define sk_SRP_gN_cache_unshift(st, val) SKM_sk_unshift(SRP_gN_cache, (st), (val))
+#define sk_SRP_gN_cache_find(st, val) SKM_sk_find(SRP_gN_cache, (st), (val))
+#define sk_SRP_gN_cache_find_ex(st, val) SKM_sk_find_ex(SRP_gN_cache, (st), (val))
+#define sk_SRP_gN_cache_delete(st, i) SKM_sk_delete(SRP_gN_cache, (st), (i))
+#define sk_SRP_gN_cache_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN_cache, (st), (ptr))
+#define sk_SRP_gN_cache_insert(st, val, i) SKM_sk_insert(SRP_gN_cache, (st), (val), (i))
+#define sk_SRP_gN_cache_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN_cache, (st), (cmp))
+#define sk_SRP_gN_cache_dup(st) SKM_sk_dup(SRP_gN_cache, st)
+#define sk_SRP_gN_cache_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN_cache, (st), (free_func))
+#define sk_SRP_gN_cache_shift(st) SKM_sk_shift(SRP_gN_cache, (st))
+#define sk_SRP_gN_cache_pop(st) SKM_sk_pop(SRP_gN_cache, (st))
+#define sk_SRP_gN_cache_sort(st) SKM_sk_sort(SRP_gN_cache, (st))
+#define sk_SRP_gN_cache_is_sorted(st) SKM_sk_is_sorted(SRP_gN_cache, (st))
+
+#define sk_SRP_user_pwd_new(cmp) SKM_sk_new(SRP_user_pwd, (cmp))
+#define sk_SRP_user_pwd_new_null() SKM_sk_new_null(SRP_user_pwd)
+#define sk_SRP_user_pwd_free(st) SKM_sk_free(SRP_user_pwd, (st))
+#define sk_SRP_user_pwd_num(st) SKM_sk_num(SRP_user_pwd, (st))
+#define sk_SRP_user_pwd_value(st, i) SKM_sk_value(SRP_user_pwd, (st), (i))
+#define sk_SRP_user_pwd_set(st, i, val) SKM_sk_set(SRP_user_pwd, (st), (i), (val))
+#define sk_SRP_user_pwd_zero(st) SKM_sk_zero(SRP_user_pwd, (st))
+#define sk_SRP_user_pwd_push(st, val) SKM_sk_push(SRP_user_pwd, (st), (val))
+#define sk_SRP_user_pwd_unshift(st, val) SKM_sk_unshift(SRP_user_pwd, (st), (val))
+#define sk_SRP_user_pwd_find(st, val) SKM_sk_find(SRP_user_pwd, (st), (val))
+#define sk_SRP_user_pwd_find_ex(st, val) SKM_sk_find_ex(SRP_user_pwd, (st), (val))
+#define sk_SRP_user_pwd_delete(st, i) SKM_sk_delete(SRP_user_pwd, (st), (i))
+#define sk_SRP_user_pwd_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_user_pwd, (st), (ptr))
+#define sk_SRP_user_pwd_insert(st, val, i) SKM_sk_insert(SRP_user_pwd, (st), (val), (i))
+#define sk_SRP_user_pwd_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_user_pwd, (st), (cmp))
+#define sk_SRP_user_pwd_dup(st) SKM_sk_dup(SRP_user_pwd, st)
+#define sk_SRP_user_pwd_pop_free(st, free_func) SKM_sk_pop_free(SRP_user_pwd, (st), (free_func))
+#define sk_SRP_user_pwd_shift(st) SKM_sk_shift(SRP_user_pwd, (st))
+#define sk_SRP_user_pwd_pop(st) SKM_sk_pop(SRP_user_pwd, (st))
+#define sk_SRP_user_pwd_sort(st) SKM_sk_sort(SRP_user_pwd, (st))
+#define sk_SRP_user_pwd_is_sorted(st) SKM_sk_is_sorted(SRP_user_pwd, (st))
+
+#define sk_SRTP_PROTECTION_PROFILE_new(cmp) SKM_sk_new(SRTP_PROTECTION_PROFILE, (cmp))
+#define sk_SRTP_PROTECTION_PROFILE_new_null() SKM_sk_new_null(SRTP_PROTECTION_PROFILE)
+#define sk_SRTP_PROTECTION_PROFILE_free(st) SKM_sk_free(SRTP_PROTECTION_PROFILE, (st))
+#define sk_SRTP_PROTECTION_PROFILE_num(st) SKM_sk_num(SRTP_PROTECTION_PROFILE, (st))
+#define sk_SRTP_PROTECTION_PROFILE_value(st, i) SKM_sk_value(SRTP_PROTECTION_PROFILE, (st), (i))
+#define sk_SRTP_PROTECTION_PROFILE_set(st, i, val) SKM_sk_set(SRTP_PROTECTION_PROFILE, (st), (i), (val))
+#define sk_SRTP_PROTECTION_PROFILE_zero(st) SKM_sk_zero(SRTP_PROTECTION_PROFILE, (st))
+#define sk_SRTP_PROTECTION_PROFILE_push(st, val) SKM_sk_push(SRTP_PROTECTION_PROFILE, (st), (val))
+#define sk_SRTP_PROTECTION_PROFILE_unshift(st, val) SKM_sk_unshift(SRTP_PROTECTION_PROFILE, (st), (val))
+#define sk_SRTP_PROTECTION_PROFILE_find(st, val) SKM_sk_find(SRTP_PROTECTION_PROFILE, (st), (val))
+#define sk_SRTP_PROTECTION_PROFILE_find_ex(st, val) SKM_sk_find_ex(SRTP_PROTECTION_PROFILE, (st), (val))
+#define sk_SRTP_PROTECTION_PROFILE_delete(st, i) SKM_sk_delete(SRTP_PROTECTION_PROFILE, (st), (i))
+#define sk_SRTP_PROTECTION_PROFILE_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRTP_PROTECTION_PROFILE, (st), (ptr))
+#define sk_SRTP_PROTECTION_PROFILE_insert(st, val, i) SKM_sk_insert(SRTP_PROTECTION_PROFILE, (st), (val), (i))
+#define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRTP_PROTECTION_PROFILE, (st), (cmp))
+#define sk_SRTP_PROTECTION_PROFILE_dup(st) SKM_sk_dup(SRTP_PROTECTION_PROFILE, st)
+#define sk_SRTP_PROTECTION_PROFILE_pop_free(st, free_func) SKM_sk_pop_free(SRTP_PROTECTION_PROFILE, (st), (free_func))
+#define sk_SRTP_PROTECTION_PROFILE_shift(st) SKM_sk_shift(SRTP_PROTECTION_PROFILE, (st))
+#define sk_SRTP_PROTECTION_PROFILE_pop(st) SKM_sk_pop(SRTP_PROTECTION_PROFILE, (st))
+#define sk_SRTP_PROTECTION_PROFILE_sort(st) SKM_sk_sort(SRTP_PROTECTION_PROFILE, (st))
+#define sk_SRTP_PROTECTION_PROFILE_is_sorted(st) SKM_sk_is_sorted(SRTP_PROTECTION_PROFILE, (st))
+
 #define sk_SSL_CIPHER_new(cmp) SKM_sk_new(SSL_CIPHER, (cmp))
 #define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER)
 #define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st))
@@ -2030,81 +2119,81 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 #define sk_void_sort(st) SKM_sk_sort(void, (st))
 #define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st))
 
+#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp)))
+#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null())
+#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i))
+#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st)
+#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func))
+#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i)
+#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st)
+#define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st))
+#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i))
+#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr))
+#define sk_OPENSSL_STRING_set_cmp_func(st, cmp)  \
+       ((int (*)(const char * const *,const char * const *)) \
+       sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp)))
+#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st)
+#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st))
+#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st))
+#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st))
+#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
+
+
 #define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
 #define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
-#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i))
+#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i))
 #define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func))
-#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val), i)
+#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func))
+#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i)
 #define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i, CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val))
 #define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
 #define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
 #define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i))
-#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, ptr))
+#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr))
 #define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp)  \
        ((int (*)(const void * const *,const void * const *)) \
-       sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp)))
+       sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp)))
 #define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st)
 #define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st))
+#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st))
 #define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st))
 #define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
 
 
 #define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
 #define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null())
-#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i))
+#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i))
 #define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st)
-#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func))
-#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val), i)
+#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func))
+#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i)
 #define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st)
-#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i, CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val))
 #define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st))
-#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
 #define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val))
 #define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i))
-#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, ptr))
+#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr))
 #define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp)  \
        ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \
-       sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
+       sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
 #define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st)
 #define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st))
-#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st))
+#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st))
 #define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st))
 #define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st))
 
 
-#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp)))
-#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null())
-#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i))
-#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st)
-#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func))
-#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val), i)
-#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st)
-#define sk_OPENSSL_STRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i, CHECKED_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st))
-#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i))
-#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, ptr))
-#define sk_OPENSSL_STRING_set_cmp_func(st, cmp)  \
-       ((int (*)(const char * const *,const char * const *)) \
-       sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_CMP_FUNC(char, cmp)))
-#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st)
-#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st))
-#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st))
-#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st))
-#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
-
-
 #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
        SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
 #define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
index 6ffa5f0..c50fdd3 100644 (file)
@@ -116,7 +116,9 @@ typedef struct seed_key_st {
 #endif
 } SEED_KEY_SCHEDULE;
 
-
+#ifdef OPENSSL_FIPS
+void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
+#endif
 void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
 
 void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);
index 16cacf9..8a6bf4b 100644 (file)
@@ -106,6 +106,9 @@ typedef struct SHAstate_st
        } SHA_CTX;
 
 #ifndef OPENSSL_NO_SHA0
+#ifdef OPENSSL_FIPS
+int private_SHA_Init(SHA_CTX *c);
+#endif
 int SHA_Init(SHA_CTX *c);
 int SHA_Update(SHA_CTX *c, const void *data, size_t len);
 int SHA_Final(unsigned char *md, SHA_CTX *c);
@@ -113,6 +116,9 @@ unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md);
 void SHA_Transform(SHA_CTX *c, const unsigned char *data);
 #endif
 #ifndef OPENSSL_NO_SHA1
+#ifdef OPENSSL_FIPS
+int private_SHA1_Init(SHA_CTX *c);
+#endif
 int SHA1_Init(SHA_CTX *c);
 int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
 int SHA1_Final(unsigned char *md, SHA_CTX *c);
@@ -135,6 +141,10 @@ typedef struct SHA256state_st
        } SHA256_CTX;
 
 #ifndef OPENSSL_NO_SHA256
+#ifdef OPENSSL_FIPS
+int private_SHA224_Init(SHA256_CTX *c);
+int private_SHA256_Init(SHA256_CTX *c);
+#endif
 int SHA224_Init(SHA256_CTX *c);
 int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
 int SHA224_Final(unsigned char *md, SHA256_CTX *c);
@@ -182,6 +192,10 @@ typedef struct SHA512state_st
 #endif
 
 #ifndef OPENSSL_NO_SHA512
+#ifdef OPENSSL_FIPS
+int private_SHA384_Init(SHA512_CTX *c);
+int private_SHA512_Init(SHA512_CTX *c);
+#endif
 int SHA384_Init(SHA512_CTX *c);
 int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
 int SHA384_Final(unsigned char *md, SHA512_CTX *c);
similarity index 50%
copy from sdk/openssl/include/ecdh.h
copy to sdk/openssl/include/srp.h
index b4b58ee..7ec7825 100644 (file)
@@ -1,20 +1,10 @@
-/* crypto/ecdh/ecdh.h */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH software is originally written by Douglas Stebila of
- * Sun Microsystems Laboratories.
- *
+/* crypto/srp/srp.h */
+/* Written by Christophe Renou (christophe.renou@edelweb.fr) with 
+ * the precious help of Peter Sylvester (peter.sylvester@edelweb.fr) 
+ * for the EdelKey project and contributed to the OpenSSL project 2004.
  */
 /* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * Hudson (tjh@cryptsoft.com).
  *
  */
-#ifndef HEADER_ECDH_H
-#define HEADER_ECDH_H
+#ifndef __SRP_H__
+#define __SRP_H__
+
+#ifndef OPENSSL_NO_SRP
 
-#include <openssl/opensslconf.h>
+#include <stdio.h>
+#include <string.h>
 
-#ifdef OPENSSL_NO_ECDH
-#error ECDH is disabled.
+#ifdef  __cplusplus
+extern "C" {
 #endif
 
-#include <openssl/ec.h>
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
+#include <openssl/safestack.h>
 #include <openssl/bn.h>
-#endif
+#include <openssl/crypto.h>
 
-#ifdef __cplusplus
-extern "C" {
-#endif
+typedef struct SRP_gN_cache_st
+       {
+       char *b64_bn;
+       BIGNUM *bn;
+       } SRP_gN_cache;
 
-const ECDH_METHOD *ECDH_OpenSSL(void);
 
-void     ECDH_set_default_method(const ECDH_METHOD *);
-const ECDH_METHOD *ECDH_get_default_method(void);
-int      ECDH_set_method(EC_KEY *, const ECDH_METHOD *);
+DECLARE_STACK_OF(SRP_gN_cache)
 
-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
-                     void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
+typedef struct SRP_user_pwd_st
+       {
+       char *id;
+       BIGNUM *s;
+       BIGNUM *v;
+       const BIGNUM *g;
+       const BIGNUM *N;
+       char *info;
+       } SRP_user_pwd;
 
-int      ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new 
-               *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int      ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);
-void     *ECDH_get_ex_data(EC_KEY *d, int idx);
+DECLARE_STACK_OF(SRP_user_pwd)
 
+typedef struct SRP_VBASE_st
+       {
+       STACK_OF(SRP_user_pwd) *users_pwd;
+       STACK_OF(SRP_gN_cache) *gN_cache;
+/* to simulate a user */
+       char *seed_key;
+       BIGNUM *default_g;
+       BIGNUM *default_N;
+       } SRP_VBASE;
 
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_ECDH_strings(void);
 
-/* Error codes for the ECDH functions. */
+/*Structure interne pour retenir les couples N et g*/
+typedef struct SRP_gN_st
+       {
+       char *id;
+       BIGNUM *g;
+       BIGNUM *N;
+       } SRP_gN;
+
+DECLARE_STACK_OF(SRP_gN)
 
-/* Function codes. */
-#define ECDH_F_ECDH_COMPUTE_KEY                                 100
-#define ECDH_F_ECDH_DATA_NEW_METHOD                     101
+SRP_VBASE *SRP_VBASE_new(char *seed_key);
+int SRP_VBASE_free(SRP_VBASE *vb);
+int SRP_VBASE_init(SRP_VBASE *vb, char * verifier_file);
+SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
+char *SRP_create_verifier(const char *user, const char *pass, char **salt,
+                         char **verifier, const char *N, const char *g);
+int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, BIGNUM **verifier, BIGNUM *N, BIGNUM *g);
 
-/* Reason codes. */
-#define ECDH_R_KDF_FAILED                               102
-#define ECDH_R_NO_PRIVATE_VALUE                                 100
-#define ECDH_R_POINT_ARITHMETIC_FAILURE                         101
+
+#define SRP_NO_ERROR 0
+#define SRP_ERR_VBASE_INCOMPLETE_FILE 1
+#define SRP_ERR_VBASE_BN_LIB 2
+#define SRP_ERR_OPEN_FILE 3
+#define SRP_ERR_MEMORY 4
+
+#define DB_srptype     0
+#define DB_srpverifier 1
+#define DB_srpsalt     2
+#define DB_srpid       3              
+#define DB_srpgN       4       
+#define DB_srpinfo     5 
+#undef  DB_NUMBER      
+#define DB_NUMBER       6
+
+#define DB_SRP_INDEX   'I'
+#define DB_SRP_VALID   'V'
+#define DB_SRP_REVOKED 'R'
+#define DB_SRP_MODIF   'v'
+
+
+/* see srp.c */
+char * SRP_check_known_gN_param(BIGNUM* g, BIGNUM* N); 
+SRP_gN *SRP_get_default_gN(const char * id) ;
+
+/* server side .... */
+BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, BIGNUM *N);
+BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v);
+int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N);
+BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) ;
+
+
+
+/* client side .... */
+BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass);
+BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g);
+BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, BIGNUM *a, BIGNUM *u);
+int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N);
+
+#define SRP_MINIMAL_N 1024
 
 #ifdef  __cplusplus
 }
+#endif
+
 #endif
 #endif
similarity index 52%
copy from sdk/openssl/include/seed.h
copy to sdk/openssl/include/srtp.h
index 6ffa5f0..c0cf33e 100644 (file)
@@ -1,19 +1,47 @@
-/*
- * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.  
+/* ssl/tls1.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
  *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the above copyright
+ * 1. Redistributions of source code must retain the copyright
  *    notice, this list of conditions and the following disclaimer.
- * 2. Neither the name of author nor the names of its contributors may
- *    be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * Hudson (tjh@cryptsoft.com).
  *
  */
+/*
+  DTLS code by Eric Rescorla <ekr@rtfm.com>
 
+  Copyright (C) 2006, Network Resonance, Inc.
+  Copyright (C) 2011, RTFM, Inc.
+*/
 
-#ifndef HEADER_SEED_H
-#define HEADER_SEED_H
-
-#include <openssl/opensslconf.h>
-#include <openssl/e_os2.h>
-#include <openssl/crypto.h>
-
-#ifdef OPENSSL_NO_SEED
-#error SEED is disabled.
-#endif
-
-#ifdef AES_LONG /* look whether we need 'long' to get 32 bits */
-# ifndef SEED_LONG
-#  define SEED_LONG 1
-# endif
-#endif
-
-#if !defined(NO_SYS_TYPES_H)
-# include <sys/types.h>
-#endif
-
-#define SEED_BLOCK_SIZE 16
-#define SEED_KEY_LENGTH        16
-
+#ifndef HEADER_D1_SRTP_H
+#define HEADER_D1_SRTP_H
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
+     
+#define SRTP_AES128_CM_SHA1_80 0x0001
+#define SRTP_AES128_CM_SHA1_32 0x0002
+#define SRTP_AES128_F8_SHA1_80 0x0003
+#define SRTP_AES128_F8_SHA1_32 0x0004
+#define SRTP_NULL_SHA1_80      0x0005
+#define SRTP_NULL_SHA1_32      0x0006
 
-typedef struct seed_key_st {
-#ifdef SEED_LONG
-    unsigned long data[32];
-#else
-    unsigned int data[32];
-#endif
-} SEED_KEY_SCHEDULE;
-
-
-void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
-
-void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);
-void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);
+int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
+int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
+SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
 
-void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, const SEED_KEY_SCHEDULE *ks, int enc);
-void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
-        size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int enc);
-void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-        size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num, int enc);
-void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-        size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num);
+STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
+SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
 
 #ifdef  __cplusplus
 }
 #endif
 
-#endif /* HEADER_SEED_H */
+#endif
+
index e4c3f65..593579e 100644 (file)
@@ -252,6 +252,7 @@ extern "C" {
 #define SSL_TXT_kEECDH         "kEECDH"
 #define SSL_TXT_kPSK            "kPSK"
 #define SSL_TXT_kGOST          "kGOST"
+#define SSL_TXT_kSRP           "kSRP"
 
 #define        SSL_TXT_aRSA            "aRSA"
 #define        SSL_TXT_aDSS            "aDSS"
@@ -275,6 +276,7 @@ extern "C" {
 #define SSL_TXT_ECDSA          "ECDSA"
 #define SSL_TXT_KRB5           "KRB5"
 #define SSL_TXT_PSK             "PSK"
+#define SSL_TXT_SRP            "SRP"
 
 #define SSL_TXT_DES            "DES"
 #define SSL_TXT_3DES           "3DES"
@@ -285,6 +287,7 @@ extern "C" {
 #define SSL_TXT_AES128         "AES128"
 #define SSL_TXT_AES256         "AES256"
 #define SSL_TXT_AES            "AES"
+#define SSL_TXT_AES_GCM                "AESGCM"
 #define SSL_TXT_CAMELLIA128    "CAMELLIA128"
 #define SSL_TXT_CAMELLIA256    "CAMELLIA256"
 #define SSL_TXT_CAMELLIA       "CAMELLIA"
@@ -294,10 +297,14 @@ extern "C" {
 #define SSL_TXT_SHA            "SHA" /* same as "SHA1" */
 #define SSL_TXT_GOST94         "GOST94" 
 #define SSL_TXT_GOST89MAC              "GOST89MAC" 
+#define SSL_TXT_SHA256         "SHA256"
+#define SSL_TXT_SHA384         "SHA384"
 
 #define SSL_TXT_SSLV2          "SSLv2"
 #define SSL_TXT_SSLV3          "SSLv3"
 #define SSL_TXT_TLSV1          "TLSv1"
+#define SSL_TXT_TLSV1_1                "TLSv1.1"
+#define SSL_TXT_TLSV1_2                "TLSv1.2"
 
 #define SSL_TXT_EXP            "EXP"
 #define SSL_TXT_EXPORT         "EXPORT"
@@ -356,9 +363,29 @@ extern "C" {
  * in SSL_CTX. */
 typedef struct ssl_st *ssl_crock_st;
 typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
+typedef struct ssl_method_st SSL_METHOD;
+typedef struct ssl_cipher_st SSL_CIPHER;
+typedef struct ssl_session_st SSL_SESSION;
+
+DECLARE_STACK_OF(SSL_CIPHER)
+
+/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
+typedef struct srtp_protection_profile_st
+       {
+       const char *name;
+       unsigned long id;
+       } SRTP_PROTECTION_PROFILE;
+
+DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
+
+typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
+typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
+
+
+#ifndef OPENSSL_NO_SSL_INTERN
 
 /* used to hold info on the particular ciphers used */
-typedef struct ssl_cipher_st
+struct ssl_cipher_st
        {
        int valid;
        const char *name;               /* text name */
@@ -375,15 +402,11 @@ typedef struct ssl_cipher_st
        unsigned long algorithm2;       /* Extra flags */
        int strength_bits;              /* Number of bits really used */
        int alg_bits;                   /* Number of bits for algorithm */
-       } SSL_CIPHER;
-
-DECLARE_STACK_OF(SSL_CIPHER)
+       };
 
-typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
-typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
 
 /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
-typedef struct ssl_method_st
+struct ssl_method_st
        {
        int version;
        int (*ssl_new)(SSL *s);
@@ -416,7 +439,7 @@ typedef struct ssl_method_st
        int (*ssl_version)(void);
        long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
        long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
-       } SSL_METHOD;
+       };
 
 /* Lets make this into an ASN.1 type structure as follows
  * SSL_SESSION_ID ::= SEQUENCE {
@@ -433,14 +456,17 @@ typedef struct ssl_method_st
  *     Session_ID_context [ 4 ] EXPLICIT OCTET STRING,   -- the Session ID context
  *     Verify_result [ 5 ] EXPLICIT INTEGER,   -- X509_V_... code for `Peer'
  *     HostName [ 6 ] EXPLICIT OCTET STRING,   -- optional HostName from servername TLS extension 
- *     ECPointFormatList [ 7 ] OCTET STRING,     -- optional EC point format list from TLS extension
- *     PSK_identity_hint [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
- *     PSK_identity [ 9 ] EXPLICIT OCTET STRING -- optional PSK identity
+ *     PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
+ *     PSK_identity [ 8 ] EXPLICIT OCTET STRING,  -- optional PSK identity
+ *     Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
+ *     Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
+ *     Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
+ *     SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
  *     }
  * Look in ssl/ssl_asn1.c for more details
  * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
  */
-typedef struct ssl_session_st
+struct ssl_session_st
        {
        int ssl_version;        /* what ssl version session info is
                                 * being kept in here? */
@@ -467,6 +493,9 @@ typedef struct ssl_session_st
        char *psk_identity_hint;
        char *psk_identity;
 #endif
+       /* Used to indicate that session resumption is not allowed.
+        * Applications can also set this bit for a new session via
+        * not_resumable_session_cb to disable session caching and tickets. */
        int not_resumable;
 
        /* The cert is the certificate used to establish this connection */
@@ -509,11 +538,15 @@ typedef struct ssl_session_st
 #endif /* OPENSSL_NO_EC */
        /* RFC4507 info */
        unsigned char *tlsext_tick;     /* Session ticket */
-       size_t  tlsext_ticklen;         /* Session ticket length */     
+       size_t tlsext_ticklen;          /* Session ticket length */
        long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
 #endif
-       } SSL_SESSION;
+#ifndef OPENSSL_NO_SRP
+       char *srp_username;
+#endif
+       };
 
+#endif
 
 #define SSL_OP_MICROSOFT_SESS_ID_BUG                   0x00000001L
 #define SSL_OP_NETSCAPE_CHALLENGE_BUG                  0x00000002L
@@ -536,7 +569,7 @@ typedef struct ssl_session_st
 
 /* SSL_OP_ALL: various bug workarounds that should be rather harmless.
  *             This used to be 0x000FFFFFL before 0.9.7. */
-#define SSL_OP_ALL                                     0x80000FFFL
+#define SSL_OP_ALL                                     0x80000BFFL
 
 /* DTLS options */
 #define SSL_OP_NO_QUERY_MTU                 0x00001000L
@@ -572,11 +605,17 @@ typedef struct ssl_session_st
 #define SSL_OP_NO_SSLv2                                        0x01000000L
 #define SSL_OP_NO_SSLv3                                        0x02000000L
 #define SSL_OP_NO_TLSv1                                        0x04000000L
+#define SSL_OP_NO_TLSv1_2                              0x08000000L
+#define SSL_OP_NO_TLSv1_1                              0x10000000L
 
+/* These next two were never actually used for anything since SSLeay
+ * zap so we have some more flags.
+ */
 /* The next flag deliberately changes the ciphertest, this is a check
  * for the PKCS#1 attack */
-#define SSL_OP_PKCS1_CHECK_1                           0x08000000L
-#define SSL_OP_PKCS1_CHECK_2                           0x10000000L
+#define SSL_OP_PKCS1_CHECK_1                           0x0
+#define SSL_OP_PKCS1_CHECK_2                           0x0
+
 #define SSL_OP_NETSCAPE_CA_DN_BUG                      0x20000000L
 #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG         0x40000000L
 /* Make server add server-hello extension from early version of
@@ -637,12 +676,53 @@ typedef struct ssl_session_st
 #define SSL_get_secure_renegotiation_support(ssl) \
        SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
 
+#ifndef OPENSSL_NO_HEARTBEATS
+#define SSL_heartbeat(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL)
+#endif
+
 void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
 void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
 #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
 #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
 
+#ifndef OPENSSL_NO_SRP
 
+#ifndef OPENSSL_NO_SSL_INTERN
+
+typedef struct srp_ctx_st
+       {
+       /* param for all the callbacks */
+       void *SRP_cb_arg;
+       /* set client Hello login callback */
+       int (*TLS_ext_srp_username_callback)(SSL *, int *, void *);
+       /* set SRP N/g param callback for verification */
+       int (*SRP_verify_param_callback)(SSL *, void *);
+       /* set SRP client passwd callback */
+       char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *);
+
+       char *login;
+       BIGNUM *N,*g,*s,*B,*A;
+       BIGNUM *a,*b,*v;
+       char *info;
+       int strength;
+
+       unsigned long srp_Mask;
+       } SRP_CTX;
+
+#endif
+
+/* see tls_srp.c */
+int SSL_SRP_CTX_init(SSL *s);
+int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
+int SSL_SRP_CTX_free(SSL *ctx);
+int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
+int SSL_srp_server_param_with_username(SSL *s, int *ad);
+int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key);
+int SRP_Calc_A_param(SSL *s);
+int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key);
+
+#endif
 
 #if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
 #define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */
@@ -668,7 +748,11 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
 typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
                                unsigned int *id_len);
 
-typedef struct ssl_comp_st
+typedef struct ssl_comp_st SSL_COMP;
+
+#ifndef OPENSSL_NO_SSL_INTERN
+
+struct ssl_comp_st
        {
        int id;
        const char *name;
@@ -677,7 +761,7 @@ typedef struct ssl_comp_st
 #else
        char *method;
 #endif
-       } SSL_COMP;
+       };
 
 DECLARE_STACK_OF(SSL_COMP)
 DECLARE_LHASH_OF(SSL_SESSION);
@@ -866,9 +950,38 @@ struct ssl_ctx_st
        unsigned int freelist_max_len;
        struct ssl3_buf_freelist_st *wbuf_freelist;
        struct ssl3_buf_freelist_st *rbuf_freelist;
+#endif
+#ifndef OPENSSL_NO_SRP
+       SRP_CTX srp_ctx; /* ctx for SRP authentication */
+#endif
+
+#ifndef OPENSSL_NO_TLSEXT
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+       /* Next protocol negotiation information */
+       /* (for experimental NPN extension). */
+
+       /* For a server, this contains a callback function by which the set of
+        * advertised protocols can be provided. */
+       int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
+                                        unsigned int *len, void *arg);
+       void *next_protos_advertised_cb_arg;
+       /* For a client, this contains a callback function that selects the
+        * next protocol from the list provided by the server. */
+       int (*next_proto_select_cb)(SSL *s, unsigned char **out,
+                                   unsigned char *outlen,
+                                   const unsigned char *in,
+                                   unsigned int inlen,
+                                   void *arg);
+       void *next_proto_select_cb_arg;
+# endif
+        /* SRTP profiles we are willing to do from RFC 5764 */
+        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  
 #endif
        };
 
+#endif
+
 #define SSL_SESS_CACHE_OFF                     0x0000
 #define SSL_SESS_CACHE_CLIENT                  0x0001
 #define SSL_SESS_CACHE_SERVER                  0x0002
@@ -921,6 +1034,32 @@ int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
 #endif
 void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
+#ifndef OPENSSL_NO_NEXTPROTONEG
+void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
+                                          int (*cb) (SSL *ssl,
+                                                     const unsigned char **out,
+                                                     unsigned int *outlen,
+                                                     void *arg),
+                                          void *arg);
+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
+                                     int (*cb) (SSL *ssl,
+                                                unsigned char **out,
+                                                unsigned char *outlen,
+                                                const unsigned char *in,
+                                                unsigned int inlen,
+                                                void *arg),
+                                     void *arg);
+
+int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
+                         const unsigned char *in, unsigned int inlen,
+                         const unsigned char *client, unsigned int client_len);
+void SSL_get0_next_proto_negotiated(const SSL *s,
+                                   const unsigned char **data, unsigned *len);
+
+#define OPENSSL_NPN_UNSUPPORTED        0
+#define OPENSSL_NPN_NEGOTIATED 1
+#define OPENSSL_NPN_NO_OVERLAP 2
+#endif
 
 #ifndef OPENSSL_NO_PSK
 /* the maximum length of the buffer given to callbacks containing the
@@ -961,6 +1100,8 @@ const char *SSL_get_psk_identity(const SSL *s);
 #define SSL_MAC_FLAG_READ_MAC_STREAM 1
 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
 
+#ifndef OPENSSL_NO_SSL_INTERN
+
 struct ssl_st
        {
        /* protocol version
@@ -1005,9 +1146,7 @@ struct ssl_st
 
        int server;     /* are we the server side? - mostly used by SSL_clear*/
 
-       int new_session;/* 1 if we are to use a new session.
-                        * 2 if we are a server and are inside a handshake
-                        *   (i.e. not just sending a HelloRequest)
+       int new_session;/* Generate a new session or reuse an old one.
                         * NB: For servers, the 'new' session may actually be a previously
                         * cached session or even the previous session unless
                         * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
@@ -1177,12 +1316,46 @@ struct ssl_st
        void *tls_session_secret_cb_arg;
 
        SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+       /* Next protocol negotiation. For the client, this is the protocol that
+        * we sent in NextProtocol and is set when handling ServerHello
+        * extensions.
+        *
+        * For a server, this is the client's selected_protocol from
+        * NextProtocol and is set when handling the NextProtocol message,
+        * before the Finished message. */
+       unsigned char *next_proto_negotiated;
+       unsigned char next_proto_negotiated_len;
+#endif
+
 #define session_ctx initial_ctx
+
+       STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  /* What we'll do */
+       SRTP_PROTECTION_PROFILE *srtp_profile;            /* What's been chosen */
+
+       unsigned int tlsext_heartbeat;  /* Is use of the Heartbeat extension negotiated?
+                                          0: disabled
+                                          1: enabled
+                                          2: enabled, but not allowed to send Requests
+                                        */
+       unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
+       unsigned int tlsext_hb_seq;     /* HeartbeatRequest sequence number */
 #else
 #define session_ctx ctx
 #endif /* OPENSSL_NO_TLSEXT */
+
+       int renegotiate;/* 1 if we are renegotiating.
+                        * 2 if we are a server and are inside a handshake
+                        * (i.e. not just sending a HelloRequest) */
+
+#ifndef OPENSSL_NO_SRP
+       SRP_CTX srp_ctx; /* ctx for SRP authentication */
+#endif
        };
 
+#endif
+
 #ifdef __cplusplus
 }
 #endif
@@ -1192,6 +1365,7 @@ struct ssl_st
 #include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
 #include <openssl/dtls1.h> /* Datagram TLS */
 #include <openssl/ssl23.h>
+#include <openssl/srtp.h>  /* Support for the use_srtp extension */
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1408,6 +1582,20 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP       71
 
 #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB      72
+
+#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB   75
+#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB               76
+#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB            77
+
+#define SSL_CTRL_SET_SRP_ARG           78
+#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME              79
+#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH              80
+#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD              81
+#ifndef OPENSSL_NO_HEARTBEATS
+#define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT                                85
+#define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING         86
+#define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS     87
+#endif
 #endif
 
 #define DTLS_CTRL_GET_TIMEOUT          73
@@ -1418,6 +1606,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_CLEAR_OPTIONS                 77
 #define SSL_CTRL_CLEAR_MODE                    78
 
+#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS         82
+#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS       83
+
 #define DTLSv1_get_timeout(ssl, arg) \
        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
 #define DTLSv1_handle_timeout(ssl) \
@@ -1454,6 +1645,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 #define SSL_CTX_add_extra_chain_cert(ctx,x509) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
+#define SSL_CTX_get_extra_chain_certs(ctx,px509) \
+       SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
+#define SSL_CTX_clear_extra_chain_certs(ctx) \
+       SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
 
 #ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_ssl(void);
@@ -1481,6 +1676,7 @@ const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
 int    SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
 char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
 const char *   SSL_CIPHER_get_name(const SSL_CIPHER *c);
+unsigned long  SSL_CIPHER_get_id(const SSL_CIPHER *c);
 
 int    SSL_get_fd(const SSL *s);
 int    SSL_get_rfd(const SSL *s);
@@ -1546,10 +1742,14 @@ long    SSL_SESSION_set_time(SSL_SESSION *s, long t);
 long   SSL_SESSION_get_timeout(const SSL_SESSION *s);
 long   SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
 void   SSL_copy_session_id(SSL *to,const SSL *from);
+X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
+int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
+                              unsigned int sid_ctx_len);
 
 SSL_SESSION *SSL_SESSION_new(void);
 const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
                                        unsigned int *len);
+unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
 #ifndef OPENSSL_NO_FP_API
 int    SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
 #endif
@@ -1612,6 +1812,30 @@ int SSL_set_trust(SSL *s, int trust);
 int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
 int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
 
+#ifndef OPENSSL_NO_SRP
+int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name);
+int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password);
+int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
+int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
+                                       char *(*cb)(SSL *,void *));
+int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
+                                         int (*cb)(SSL *,void *));
+int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
+                                     int (*cb)(SSL *,int *,void *));
+int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
+
+int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
+                            BIGNUM *sa, BIGNUM *v, char *info);
+int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
+                               const char *grp);
+
+BIGNUM *SSL_get_srp_g(SSL *s);
+BIGNUM *SSL_get_srp_N(SSL *s);
+
+char *SSL_get_srp_username(SSL *s);
+char *SSL_get_srp_userinfo(SSL *s);
+#endif
+
 void   SSL_free(SSL *ssl);
 int    SSL_accept(SSL *ssl);
 int    SSL_connect(SSL *ssl);
@@ -1647,6 +1871,15 @@ const SSL_METHOD *TLSv1_method(void);            /* TLSv1.0 */
 const SSL_METHOD *TLSv1_server_method(void);   /* TLSv1.0 */
 const SSL_METHOD *TLSv1_client_method(void);   /* TLSv1.0 */
 
+const SSL_METHOD *TLSv1_1_method(void);                /* TLSv1.1 */
+const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */
+const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */
+
+const SSL_METHOD *TLSv1_2_method(void);                /* TLSv1.2 */
+const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */
+const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */
+
+
 const SSL_METHOD *DTLSv1_method(void);         /* DTLSv1.0 */
 const SSL_METHOD *DTLSv1_server_method(void);  /* DTLSv1.0 */
 const SSL_METHOD *DTLSv1_client_method(void);  /* DTLSv1.0 */
@@ -1655,6 +1888,7 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
 
 int SSL_do_handshake(SSL *s);
 int SSL_renegotiate(SSL *s);
+int SSL_renegotiate_abbreviated(SSL *s);
 int SSL_renegotiate_pending(SSL *s);
 int SSL_shutdown(SSL *s);
 
@@ -1706,6 +1940,7 @@ void SSL_set_info_callback(SSL *ssl,
                           void (*cb)(const SSL *ssl,int type,int val));
 void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
 int SSL_state(const SSL *ssl);
+void SSL_set_state(SSL *ssl, int state);
 
 void SSL_set_verify_result(SSL *ssl,long v);
 long SSL_get_verify_result(const SSL *ssl);
@@ -1806,6 +2041,9 @@ int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
 /* Pre-shared secret session resumption functions */
 int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
 
+void SSL_set_debug(SSL *s, int debug);
+int SSL_cache_hit(SSL *s);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -1825,6 +2063,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_DTLS1_ACCEPT                              246
 #define SSL_F_DTLS1_ADD_CERT_TO_BUF                     295
 #define SSL_F_DTLS1_BUFFER_RECORD                       247
+#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM                   316
 #define SSL_F_DTLS1_CLIENT_HELLO                        248
 #define SSL_F_DTLS1_CONNECT                             249
 #define SSL_F_DTLS1_ENC                                         250
@@ -1833,6 +2072,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT                253
 #define SSL_F_DTLS1_GET_RECORD                          254
 #define SSL_F_DTLS1_HANDLE_TIMEOUT                      297
+#define SSL_F_DTLS1_HEARTBEAT                           305
 #define SSL_F_DTLS1_OUTPUT_CERT_CHAIN                   255
 #define SSL_F_DTLS1_PREPROCESS_FRAGMENT                         288
 #define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE          256
@@ -1882,6 +2122,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_CALLBACK_CTRL                        233
 #define SSL_F_SSL3_CHANGE_CIPHER_STATE                  129
 #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM             130
+#define SSL_F_SSL3_CHECK_CLIENT_HELLO                   304
 #define SSL_F_SSL3_CLIENT_HELLO                                 131
 #define SSL_F_SSL3_CONNECT                              132
 #define SSL_F_SSL3_CTRL                                         213
@@ -1900,6 +2141,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_GET_KEY_EXCHANGE                     141
 #define SSL_F_SSL3_GET_MESSAGE                          142
 #define SSL_F_SSL3_GET_NEW_SESSION_TICKET               283
+#define SSL_F_SSL3_GET_NEXT_PROTO                       306
 #define SSL_F_SSL3_GET_RECORD                           143
 #define SSL_F_SSL3_GET_SERVER_CERTIFICATE               144
 #define SSL_F_SSL3_GET_SERVER_DONE                      145
@@ -1924,10 +2166,12 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_WRITE_PENDING                        159
 #define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT       298
 #define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT                277
+#define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT          307
 #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK        215
 #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK       216
 #define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT       299
 #define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT                278
+#define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT          308
 #define SSL_F_SSL_BAD_METHOD                            160
 #define SSL_F_SSL_BYTES_TO_CIPHER_LIST                  161
 #define SSL_F_SSL_CERT_DUP                              221
@@ -1944,6 +2188,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_CREATE_CIPHER_LIST                    166
 #define SSL_F_SSL_CTRL                                  232
 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                         168
+#define SSL_F_SSL_CTX_MAKE_PROFILES                     309
 #define SSL_F_SSL_CTX_NEW                               169
 #define SSL_F_SSL_CTX_SET_CIPHER_LIST                   269
 #define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE            290
@@ -1966,14 +2211,17 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_GET_NEW_SESSION                       181
 #define SSL_F_SSL_GET_PREV_SESSION                      217
 #define SSL_F_SSL_GET_SERVER_SEND_CERT                  182
+#define SSL_F_SSL_GET_SERVER_SEND_PKEY                  317
 #define SSL_F_SSL_GET_SIGN_PKEY                                 183
 #define SSL_F_SSL_INIT_WBIO_BUFFER                      184
 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE                   185
 #define SSL_F_SSL_NEW                                   186
 #define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT     300
 #define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT              302
+#define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT        310
 #define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT     301
 #define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT              303
+#define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT        311
 #define SSL_F_SSL_PEEK                                  270
 #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT            281
 #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT            282
@@ -1982,6 +2230,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT                    188
 #define SSL_F_SSL_SESSION_NEW                           189
 #define SSL_F_SSL_SESSION_PRINT_FP                      190
+#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT               312
 #define SSL_F_SSL_SESS_CERT_NEW                                 225
 #define SSL_F_SSL_SET_CERT                              191
 #define SSL_F_SSL_SET_CIPHER_LIST                       271
@@ -1995,6 +2244,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_SET_TRUST                             228
 #define SSL_F_SSL_SET_WFD                               196
 #define SSL_F_SSL_SHUTDOWN                              224
+#define SSL_F_SSL_SRP_CTX_INIT                          313
 #define SSL_F_SSL_UNDEFINED_CONST_FUNCTION              243
 #define SSL_F_SSL_UNDEFINED_FUNCTION                    197
 #define SSL_F_SSL_UNDEFINED_VOID_FUNCTION               244
@@ -2014,6 +2264,8 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_TLS1_CHANGE_CIPHER_STATE                  209
 #define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT             274
 #define SSL_F_TLS1_ENC                                  210
+#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL               314
+#define SSL_F_TLS1_HEARTBEAT                            315
 #define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT           275
 #define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT           276
 #define SSL_F_TLS1_PRF                                  284
@@ -2053,6 +2305,13 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_BAD_RSA_MODULUS_LENGTH                    121
 #define SSL_R_BAD_RSA_SIGNATURE                                 122
 #define SSL_R_BAD_SIGNATURE                             123
+#define SSL_R_BAD_SRP_A_LENGTH                          347
+#define SSL_R_BAD_SRP_B_LENGTH                          348
+#define SSL_R_BAD_SRP_G_LENGTH                          349
+#define SSL_R_BAD_SRP_N_LENGTH                          350
+#define SSL_R_BAD_SRP_S_LENGTH                          351
+#define SSL_R_BAD_SRTP_MKI_VALUE                        352
+#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST          353
 #define SSL_R_BAD_SSL_FILETYPE                          124
 #define SSL_R_BAD_SSL_SESSION_ID_LENGTH                         125
 #define SSL_R_BAD_STATE                                         126
@@ -2091,12 +2350,15 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE        322
 #define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE       323
 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER              310
+#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST        354
 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                         150
 #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY              282
 #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST             151
 #define SSL_R_EXCESSIVE_MESSAGE_SIZE                    152
 #define SSL_R_EXTRA_DATA_IN_MESSAGE                     153
 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS                    154
+#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS               355
+#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION          356
 #define SSL_R_HTTPS_PROXY_REQUEST                       155
 #define SSL_R_HTTP_REQUEST                              156
 #define SSL_R_ILLEGAL_PADDING                           283
@@ -2105,6 +2367,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_INVALID_COMMAND                           280
 #define SSL_R_INVALID_COMPRESSION_ALGORITHM             341
 #define SSL_R_INVALID_PURPOSE                           278
+#define SSL_R_INVALID_SRP_USERNAME                      357
 #define SSL_R_INVALID_STATUS_RESPONSE                   328
 #define SSL_R_INVALID_TICKET_KEYS_LENGTH                325
 #define SSL_R_INVALID_TRUST                             279
@@ -2134,11 +2397,13 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_MISSING_RSA_CERTIFICATE                   168
 #define SSL_R_MISSING_RSA_ENCRYPTING_CERT               169
 #define SSL_R_MISSING_RSA_SIGNING_CERT                  170
+#define SSL_R_MISSING_SRP_PARAM                                 358
 #define SSL_R_MISSING_TMP_DH_KEY                        171
 #define SSL_R_MISSING_TMP_ECDH_KEY                      311
 #define SSL_R_MISSING_TMP_RSA_KEY                       172
 #define SSL_R_MISSING_TMP_RSA_PKEY                      173
 #define SSL_R_MISSING_VERIFY_MESSAGE                    174
+#define SSL_R_MULTIPLE_SGC_RESTARTS                     346
 #define SSL_R_NON_SSLV2_INITIAL_PACKET                  175
 #define SSL_R_NO_CERTIFICATES_RETURNED                  176
 #define SSL_R_NO_CERTIFICATE_ASSIGNED                   177
@@ -2162,6 +2427,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_NO_RENEGOTIATION                          339
 #define SSL_R_NO_REQUIRED_DIGEST                        324
 #define SSL_R_NO_SHARED_CIPHER                          193
+#define SSL_R_NO_SRTP_PROFILES                          359
 #define SSL_R_NO_VERIFY_CALLBACK                        194
 #define SSL_R_NULL_SSL_CTX                              195
 #define SSL_R_NULL_SSL_METHOD_PASSED                    196
@@ -2205,7 +2471,12 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_SERVERHELLO_TLSEXT                        275
 #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED          277
 #define SSL_R_SHORT_READ                                219
+#define SSL_R_SIGNATURE_ALGORITHMS_ERROR                360
 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE     220
+#define SSL_R_SRP_A_CALC                                361
+#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES          362
+#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG     363
+#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE           364
 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE              221
 #define SSL_R_SSL2_CONNECTION_ID_TOO_LONG               299
 #define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT            321
@@ -2250,6 +2521,9 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_TLSV1_UNRECOGNIZED_NAME                   1112
 #define SSL_R_TLSV1_UNSUPPORTED_EXTENSION               1110
 #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER      232
+#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT          365
+#define SSL_R_TLS_HEARTBEAT_PENDING                     366
+#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL                367
 #define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST            157
 #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
 #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG   234
@@ -2271,6 +2545,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_UNKNOWN_CERTIFICATE_TYPE                  247
 #define SSL_R_UNKNOWN_CIPHER_RETURNED                   248
 #define SSL_R_UNKNOWN_CIPHER_TYPE                       249
+#define SSL_R_UNKNOWN_DIGEST                            368
 #define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                         250
 #define SSL_R_UNKNOWN_PKEY_TYPE                                 251
 #define SSL_R_UNKNOWN_PROTOCOL                          252
@@ -2285,12 +2560,14 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_UNSUPPORTED_PROTOCOL                      258
 #define SSL_R_UNSUPPORTED_SSL_VERSION                   259
 #define SSL_R_UNSUPPORTED_STATUS_TYPE                   329
+#define SSL_R_USE_SRTP_NOT_NEGOTIATED                   369
 #define SSL_R_WRITE_BIO_NOT_SET                                 260
 #define SSL_R_WRONG_CIPHER_RETURNED                     261
 #define SSL_R_WRONG_MESSAGE_TYPE                        262
 #define SSL_R_WRONG_NUMBER_OF_KEY_BITS                  263
 #define SSL_R_WRONG_SIGNATURE_LENGTH                    264
 #define SSL_R_WRONG_SIGNATURE_SIZE                      265
+#define SSL_R_WRONG_SIGNATURE_TYPE                      370
 #define SSL_R_WRONG_SSL_VERSION                                 266
 #define SSL_R_WRONG_VERSION_NUMBER                      267
 #define SSL_R_X509_LIB                                  268
index 99a52ea..eb25dcb 100644 (file)
@@ -155,6 +155,8 @@ extern "C" {
 #define  CERT          char
 #endif
 
+#ifndef OPENSSL_NO_SSL_INTERN
+
 typedef struct ssl2_state_st
        {
        int three_byte_header;
@@ -219,6 +221,8 @@ typedef struct ssl2_state_st
                } tmp;
        } SSL2_STATE;
 
+#endif
+
 /* SSLv2 */
 /* client */
 #define SSL2_ST_SEND_CLIENT_HELLO_A            (0x10|SSL_ST_CONNECT)
index baaa89e..247e88c 100644 (file)
@@ -322,6 +322,7 @@ extern "C" {
 #define SSL3_RT_ALERT                  21
 #define SSL3_RT_HANDSHAKE              22
 #define SSL3_RT_APPLICATION_DATA       23
+#define TLS1_RT_HEARTBEAT              24
 
 #define SSL3_AL_WARNING                        1
 #define SSL3_AL_FATAL                  2
@@ -339,6 +340,11 @@ extern "C" {
 #define SSL3_AD_CERTIFICATE_UNKNOWN    46
 #define SSL3_AD_ILLEGAL_PARAMETER      47      /* fatal */
 
+#define TLS1_HB_REQUEST                1
+#define TLS1_HB_RESPONSE       2
+       
+#ifndef OPENSSL_NO_SSL_INTERN
+
 typedef struct ssl3_record_st
        {
 /*r */ int type;               /* type of record */
@@ -360,6 +366,8 @@ typedef struct ssl3_buffer_st
        int left;               /* how many bytes left */
        } SSL3_BUFFER;
 
+#endif
+
 #define SSL3_CT_RSA_SIGN                       1
 #define SSL3_CT_DSS_SIGN                       2
 #define SSL3_CT_RSA_FIXED_DH                   3
@@ -379,6 +387,20 @@ typedef struct ssl3_buffer_st
 #define SSL3_FLAGS_POP_BUFFER                  0x0004
 #define TLS1_FLAGS_TLS_PADDING_BUG             0x0008
 #define TLS1_FLAGS_SKIP_CERT_VERIFY            0x0010
+#define TLS1_FLAGS_KEEP_HANDSHAKE              0x0020
+/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
+ * restart a handshake because of MS SGC and so prevents us
+ * from restarting the handshake in a loop. It's reset on a
+ * renegotiation, so effectively limits the client to one restart
+ * per negotiation. This limits the possibility of a DDoS
+ * attack where the client handshakes in a loop using SGC to
+ * restart. Servers which permit renegotiation can still be
+ * effected, but we can't prevent that.
+ */
+#define SSL3_FLAGS_SGC_RESTART_DONE            0x0040
+
+#ifndef OPENSSL_NO_SSL_INTERN
 
 typedef struct ssl3_state_st
        {
@@ -464,7 +486,7 @@ typedef struct ssl3_state_st
                int finish_md_len;
                unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
                int peer_finish_md_len;
-               
+
                unsigned long message_size;
                int message_type;
 
@@ -512,13 +534,23 @@ typedef struct ssl3_state_st
         unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
         unsigned char previous_server_finished_len;
         int send_connection_binding; /* TODOEKR */
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+       /* Set if we saw the Next Protocol Negotiation extension from our peer. */
+       int next_proto_neg_seen;
+#endif
        } SSL3_STATE;
 
+#endif
 
 /* SSLv3 */
 /*client */
 /* extra state */
 #define SSL3_ST_CW_FLUSH               (0x100|SSL_ST_CONNECT)
+#ifndef OPENSSL_NO_SCTP
+#define DTLS1_SCTP_ST_CW_WRITE_SOCK                    (0x310|SSL_ST_CONNECT)
+#define DTLS1_SCTP_ST_CR_READ_SOCK                     (0x320|SSL_ST_CONNECT)
+#endif 
 /* write to server */
 #define SSL3_ST_CW_CLNT_HELLO_A                (0x110|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CLNT_HELLO_B                (0x111|SSL_ST_CONNECT)
@@ -546,6 +578,10 @@ typedef struct ssl3_state_st
 #define SSL3_ST_CW_CERT_VRFY_B         (0x191|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CHANGE_A            (0x1A0|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CHANGE_B            (0x1A1|SSL_ST_CONNECT)
+#ifndef OPENSSL_NO_NEXTPROTONEG
+#define SSL3_ST_CW_NEXT_PROTO_A                (0x200|SSL_ST_CONNECT)
+#define SSL3_ST_CW_NEXT_PROTO_B                (0x201|SSL_ST_CONNECT)
+#endif
 #define SSL3_ST_CW_FINISHED_A          (0x1B0|SSL_ST_CONNECT)
 #define SSL3_ST_CW_FINISHED_B          (0x1B1|SSL_ST_CONNECT)
 /* read from server */
@@ -561,6 +597,10 @@ typedef struct ssl3_state_st
 /* server */
 /* extra state */
 #define SSL3_ST_SW_FLUSH               (0x100|SSL_ST_ACCEPT)
+#ifndef OPENSSL_NO_SCTP
+#define DTLS1_SCTP_ST_SW_WRITE_SOCK                    (0x310|SSL_ST_ACCEPT)
+#define DTLS1_SCTP_ST_SR_READ_SOCK                     (0x320|SSL_ST_ACCEPT)
+#endif 
 /* read from client */
 /* Do not change the number values, they do matter */
 #define SSL3_ST_SR_CLNT_HELLO_A                (0x110|SSL_ST_ACCEPT)
@@ -591,6 +631,10 @@ typedef struct ssl3_state_st
 #define SSL3_ST_SR_CERT_VRFY_B         (0x1A1|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CHANGE_A            (0x1B0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CHANGE_B            (0x1B1|SSL_ST_ACCEPT)
+#ifndef OPENSSL_NO_NEXTPROTONEG
+#define SSL3_ST_SR_NEXT_PROTO_A                (0x210|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_NEXT_PROTO_B                (0x211|SSL_ST_ACCEPT)
+#endif
 #define SSL3_ST_SR_FINISHED_A          (0x1C0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_FINISHED_B          (0x1C1|SSL_ST_ACCEPT)
 /* write to client */
@@ -615,6 +659,9 @@ typedef struct ssl3_state_st
 #define SSL3_MT_CLIENT_KEY_EXCHANGE            16
 #define SSL3_MT_FINISHED                       20
 #define SSL3_MT_CERTIFICATE_STATUS             22
+#ifndef OPENSSL_NO_NEXTPROTONEG
+#define SSL3_MT_NEXT_PROTO                     67
+#endif
 #define DTLS1_MT_HELLO_VERIFY_REQUEST    3
 
 
index 151b683..07a412f 100644 (file)
 #define SSL_CTX_set_default_passwd_cb_userdata  SSL_CTX_set_def_passwd_cb_ud
 #undef SSL_COMP_get_compression_methods
 #define SSL_COMP_get_compression_methods       SSL_COMP_get_compress_methods
-
 #undef ssl_add_clienthello_renegotiate_ext
 #define ssl_add_clienthello_renegotiate_ext    ssl_add_clienthello_reneg_ext
 #undef ssl_add_serverhello_renegotiate_ext
 #define ssl_parse_clienthello_renegotiate_ext  ssl_parse_clienthello_reneg_ext
 #undef ssl_parse_serverhello_renegotiate_ext
 #define ssl_parse_serverhello_renegotiate_ext  ssl_parse_serverhello_reneg_ext
+#undef SSL_srp_server_param_with_username
+#define SSL_srp_server_param_with_username     SSL_srp_server_param_with_un
+#undef SSL_CTX_set_srp_client_pwd_callback
+#define SSL_CTX_set_srp_client_pwd_callback    SSL_CTX_set_srp_client_pwd_cb
+#undef SSL_CTX_set_srp_verify_param_callback
+#define SSL_CTX_set_srp_verify_param_callback  SSL_CTX_set_srp_vfy_param_cb
+#undef SSL_CTX_set_srp_username_callback
+#define SSL_CTX_set_srp_username_callback      SSL_CTX_set_srp_un_cb
+#undef ssl_add_clienthello_use_srtp_ext
+#define ssl_add_clienthello_use_srtp_ext       ssl_add_clihello_use_srtp_ext
+#undef ssl_add_serverhello_use_srtp_ext
+#define ssl_add_serverhello_use_srtp_ext       ssl_add_serhello_use_srtp_ext
+#undef ssl_parse_clienthello_use_srtp_ext
+#define ssl_parse_clienthello_use_srtp_ext     ssl_parse_clihello_use_srtp_ext
+#undef ssl_parse_serverhello_use_srtp_ext
+#define ssl_parse_serverhello_use_srtp_ext     ssl_parse_serhello_use_srtp_ext
+#undef SSL_CTX_set_next_protos_advertised_cb
+#define SSL_CTX_set_next_protos_advertised_cb  SSL_CTX_set_next_protos_adv_cb
+#undef SSL_CTX_set_next_proto_select_cb
+#define SSL_CTX_set_next_proto_select_cb       SSL_CTX_set_next_proto_sel_cb
 
 /* Hack some long ENGINE names */
 #undef ENGINE_get_default_BN_mod_exp_crt
 #define EC_GROUP_get_point_conversion_form     EC_GROUP_get_point_conv_form
 #undef EC_GROUP_clear_free_all_extra_data
 #define EC_GROUP_clear_free_all_extra_data     EC_GROUP_clr_free_all_xtra_data
+#undef EC_KEY_set_public_key_affine_coordinates
+#define EC_KEY_set_public_key_affine_coordinates \
+                                               EC_KEY_set_pub_key_aff_coords
 #undef EC_POINT_set_Jprojective_coordinates_GFp
 #define EC_POINT_set_Jprojective_coordinates_GFp \
                                                 EC_POINT_set_Jproj_coords_GFp
 #define ec_GFp_simple_point_set_to_infinity     ec_GFp_simple_pt_set_to_inf
 #undef ec_GFp_simple_points_make_affine
 #define ec_GFp_simple_points_make_affine       ec_GFp_simple_pts_make_affine
-#undef ec_GFp_simple_group_get_curve_GFp
-#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
 #undef ec_GFp_simple_set_Jprojective_coordinates_GFp
 #define ec_GFp_simple_set_Jprojective_coordinates_GFp \
                                                 ec_GFp_smp_set_Jproj_coords_GFp
 #undef dtls1_retransmit_buffered_messages
 #define dtls1_retransmit_buffered_messages     dtls1_retransmit_buffered_msgs
 
+/* Hack some long SRP names */
+#undef SRP_generate_server_master_secret
+#define SRP_generate_server_master_secret      SRP_gen_server_master_secret
+#undef SRP_generate_client_master_secret
+#define SRP_generate_client_master_secret      SRP_gen_client_master_secret
+
+/* Hack some long UI names */
+#undef UI_method_get_prompt_constructor
+#define UI_method_get_prompt_constructor       UI_method_get_prompt_constructr
+#undef UI_method_set_prompt_constructor
+#define UI_method_set_prompt_constructor       UI_method_set_prompt_constructr
+
 #endif /* defined OPENSSL_SYS_VMS */
 
 
index b3cc8f0..c39c267 100644 (file)
@@ -159,10 +159,24 @@ extern "C" {
 
 #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES   0
 
+#define TLS1_2_VERSION                 0x0303
+#define TLS1_2_VERSION_MAJOR           0x03
+#define TLS1_2_VERSION_MINOR           0x03
+
+#define TLS1_1_VERSION                 0x0302
+#define TLS1_1_VERSION_MAJOR           0x03
+#define TLS1_1_VERSION_MINOR           0x02
+
 #define TLS1_VERSION                   0x0301
 #define TLS1_VERSION_MAJOR             0x03
 #define TLS1_VERSION_MINOR             0x01
 
+#define TLS1_get_version(s) \
+               ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
+
+#define TLS1_get_client_version(s) \
+               ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
+
 #define TLS1_AD_DECRYPTION_FAILED      21
 #define TLS1_AD_RECORD_OVERFLOW                22
 #define TLS1_AD_UNKNOWN_CA             48      /* fatal */
@@ -183,17 +197,42 @@ extern "C" {
 #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
 #define TLS1_AD_UNKNOWN_PSK_IDENTITY   115     /* fatal */
 
-/* ExtensionType values from RFC3546 / RFC4366 */
+/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
 #define TLSEXT_TYPE_server_name                        0
 #define TLSEXT_TYPE_max_fragment_length                1
 #define TLSEXT_TYPE_client_certificate_url     2
 #define TLSEXT_TYPE_trusted_ca_keys            3
 #define TLSEXT_TYPE_truncated_hmac             4
 #define TLSEXT_TYPE_status_request             5
+/* ExtensionType values from RFC4681 */
+#define TLSEXT_TYPE_user_mapping               6
+
+/* ExtensionType values from RFC5878 */
+#define TLSEXT_TYPE_client_authz               7
+#define TLSEXT_TYPE_server_authz               8
+
+/* ExtensionType values from RFC6091 */
+#define TLSEXT_TYPE_cert_type          9
+
 /* ExtensionType values from RFC4492 */
 #define TLSEXT_TYPE_elliptic_curves            10
 #define TLSEXT_TYPE_ec_point_formats           11
+
+/* ExtensionType value from RFC5054 */
+#define TLSEXT_TYPE_srp                                12
+
+/* ExtensionType values from RFC5246 */
+#define TLSEXT_TYPE_signature_algorithms       13
+
+/* ExtensionType value from RFC5764 */
+#define TLSEXT_TYPE_use_srtp   14
+
+/* ExtensionType value from RFC5620 */
+#define TLSEXT_TYPE_heartbeat  15
+
+/* ExtensionType value from RFC4507 */
 #define TLSEXT_TYPE_session_ticket             35
+
 /* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
 #if 0 /* will have to be provided externally for now ,
        * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
@@ -204,6 +243,11 @@ extern "C" {
 /* Temporary extension type */
 #define TLSEXT_TYPE_renegotiate                 0xff01
 
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/* This is not an IANA defined extension number */
+#define TLSEXT_TYPE_next_proto_neg             13172
+#endif
+
 /* NameType value from RFC 3546 */
 #define TLSEXT_NAMETYPE_host_name 0
 /* status request value from RFC 3546 */
@@ -216,12 +260,37 @@ extern "C" {
 #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2
 #define TLSEXT_ECPOINTFORMAT_last                      2
 
+/* Signature and hash algorithms from RFC 5246 */
+
+#define TLSEXT_signature_anonymous                     0
+#define TLSEXT_signature_rsa                           1
+#define TLSEXT_signature_dsa                           2
+#define TLSEXT_signature_ecdsa                         3
+
+#define TLSEXT_hash_none                               0
+#define TLSEXT_hash_md5                                        1
+#define TLSEXT_hash_sha1                               2
+#define TLSEXT_hash_sha224                             3
+#define TLSEXT_hash_sha256                             4
+#define TLSEXT_hash_sha384                             5
+#define TLSEXT_hash_sha512                             6
+
 #ifndef OPENSSL_NO_TLSEXT
 
 #define TLSEXT_MAXLEN_host_name 255
 
-const char *SSL_get_servername(const SSL *s, const int type) ;
-int SSL_get_servername_type(const SSL *s) ;
+const char *SSL_get_servername(const SSL *s, const int type);
+int SSL_get_servername_type(const SSL *s);
+/* SSL_export_keying_material exports a value derived from the master secret,
+ * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
+ * optional context. (Since a zero length context is allowed, the |use_context|
+ * flag controls whether a context is included.)
+ *
+ * It returns 1 on success and zero otherwise.
+ */
+int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+       const char *label, size_t llen, const unsigned char *p, size_t plen,
+       int use_context);
 
 #define SSL_set_tlsext_host_name(s,name) \
 SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
@@ -285,6 +354,16 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
 #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
 SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 
+#ifndef OPENSSL_NO_HEARTBEATS
+#define SSL_TLSEXT_HB_ENABLED                          0x01
+#define SSL_TLSEXT_HB_DONT_SEND_REQUESTS       0x02
+#define SSL_TLSEXT_HB_DONT_RECV_REQUESTS       0x04
+
+#define SSL_get_tlsext_heartbeat_pending(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL)
+#define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
+        SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
+#endif
 #endif
 
 /* PSK ciphersuites from 4279 */
@@ -322,6 +401,14 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA               0x03000039
 #define TLS1_CK_ADH_WITH_AES_256_SHA                   0x0300003A
 
+/* TLS v1.2 ciphersuites */
+#define TLS1_CK_RSA_WITH_NULL_SHA256                   0x0300003B
+#define TLS1_CK_RSA_WITH_AES_128_SHA256                        0x0300003C
+#define TLS1_CK_RSA_WITH_AES_256_SHA256                        0x0300003D
+#define TLS1_CK_DH_DSS_WITH_AES_128_SHA256             0x0300003E
+#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256             0x0300003F
+#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256            0x03000040
+
 /* Camellia ciphersuites from RFC4132 */
 #define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA          0x03000041
 #define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA       0x03000042
@@ -330,6 +417,16 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA      0x03000045
 #define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA          0x03000046
 
+/* TLS v1.2 ciphersuites */
+#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256            0x03000067
+#define TLS1_CK_DH_DSS_WITH_AES_256_SHA256             0x03000068
+#define TLS1_CK_DH_RSA_WITH_AES_256_SHA256             0x03000069
+#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256            0x0300006A
+#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256            0x0300006B
+#define TLS1_CK_ADH_WITH_AES_128_SHA256                        0x0300006C
+#define TLS1_CK_ADH_WITH_AES_256_SHA256                        0x0300006D
+
+/* Camellia ciphersuites from RFC4132 */
 #define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA          0x03000084
 #define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA       0x03000085
 #define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA       0x03000086
@@ -345,6 +442,20 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_DHE_RSA_WITH_SEED_SHA                   0x0300009A
 #define TLS1_CK_ADH_WITH_SEED_SHA                      0x0300009B
 
+/* TLS v1.2 GCM ciphersuites from RFC5288 */
+#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256            0x0300009C
+#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384            0x0300009D
+#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256                0x0300009E
+#define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384                0x0300009F
+#define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256         0x030000A0
+#define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384         0x030000A1
+#define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256                0x030000A2
+#define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384                0x030000A3
+#define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256         0x030000A4
+#define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384         0x030000A5
+#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256            0x030000A6
+#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384            0x030000A7
+
 /* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
 #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001
 #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002
@@ -376,6 +487,38 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA          0x0300C018
 #define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA          0x0300C019
 
+/* SRP ciphersuites from RFC 5054 */
+#define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA          0x0300C01A
+#define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA      0x0300C01B
+#define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA      0x0300C01C
+#define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA           0x0300C01D
+#define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA       0x0300C01E
+#define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA       0x0300C01F
+#define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA           0x0300C020
+#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA       0x0300C021
+#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA       0x0300C022
+
+/* ECDH HMAC based ciphersuites from RFC5289 */
+
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256         0x0300C023
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384         0x0300C024
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256          0x0300C025
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384          0x0300C026
+#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256           0x0300C027
+#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384           0x0300C028
+#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256            0x0300C029
+#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384            0x0300C02A
+
+/* ECDH GCM based ciphersuites from RFC5289 */
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    0x0300C02B
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    0x0300C02C
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256      0x0300C02D
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384      0x0300C02E
+#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256       0x0300C02F
+#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384       0x0300C030
+#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256        0x0300C031
+#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384        0x0300C032
+
 /* XXX
  * Inconsistency alert:
  * The OpenSSL names of ciphers with ephemeral DH here include the string
@@ -443,6 +586,17 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA              "PSK-AES128-CBC-SHA"
 #define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA              "PSK-AES256-CBC-SHA"
 
+/* SRP ciphersuite from RFC 5054 */
+#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA         "SRP-3DES-EDE-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA     "SRP-RSA-3DES-EDE-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA     "SRP-DSS-3DES-EDE-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA          "SRP-AES-128-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA      "SRP-RSA-AES-128-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA      "SRP-DSS-AES-128-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA          "SRP-AES-256-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA      "SRP-RSA-AES-256-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA      "SRP-DSS-AES-256-CBC-SHA"
+
 /* Camellia ciphersuites from RFC4132 */
 #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA         "CAMELLIA128-SHA"
 #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA      "DH-DSS-CAMELLIA128-SHA"
@@ -466,6 +620,55 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_TXT_DHE_RSA_WITH_SEED_SHA                  "DHE-RSA-SEED-SHA"
 #define TLS1_TXT_ADH_WITH_SEED_SHA                      "ADH-SEED-SHA"
 
+/* TLS v1.2 ciphersuites */
+#define TLS1_TXT_RSA_WITH_NULL_SHA256                  "NULL-SHA256"
+#define TLS1_TXT_RSA_WITH_AES_128_SHA256               "AES128-SHA256"
+#define TLS1_TXT_RSA_WITH_AES_256_SHA256               "AES256-SHA256"
+#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256            "DH-DSS-AES128-SHA256"
+#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256            "DH-RSA-AES128-SHA256"
+#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256           "DHE-DSS-AES128-SHA256"
+#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256           "DHE-RSA-AES128-SHA256"
+#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256            "DH-DSS-AES256-SHA256"
+#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256            "DH-RSA-AES256-SHA256"
+#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256           "DHE-DSS-AES256-SHA256"
+#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256           "DHE-RSA-AES256-SHA256"
+#define TLS1_TXT_ADH_WITH_AES_128_SHA256               "ADH-AES128-SHA256"
+#define TLS1_TXT_ADH_WITH_AES_256_SHA256               "ADH-AES256-SHA256"
+
+/* TLS v1.2 GCM ciphersuites from RFC5288 */
+#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256           "AES128-GCM-SHA256"
+#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384           "AES256-GCM-SHA384"
+#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256       "DHE-RSA-AES128-GCM-SHA256"
+#define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384       "DHE-RSA-AES256-GCM-SHA384"
+#define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256                "DH-RSA-AES128-GCM-SHA256"
+#define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384                "DH-RSA-AES256-GCM-SHA384"
+#define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256       "DHE-DSS-AES128-GCM-SHA256"
+#define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384       "DHE-DSS-AES256-GCM-SHA384"
+#define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256                "DH-DSS-AES128-GCM-SHA256"
+#define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384                "DH-DSS-AES256-GCM-SHA384"
+#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256           "ADH-AES128-GCM-SHA256"
+#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384           "ADH-AES256-GCM-SHA384"
+
+/* ECDH HMAC based ciphersuites from RFC5289 */
+
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256    "ECDHE-ECDSA-AES128-SHA256"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384    "ECDHE-ECDSA-AES256-SHA384"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256     "ECDH-ECDSA-AES128-SHA256"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384     "ECDH-ECDSA-AES256-SHA384"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256      "ECDHE-RSA-AES128-SHA256"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384      "ECDHE-RSA-AES256-SHA384"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256       "ECDH-RSA-AES128-SHA256"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384       "ECDH-RSA-AES256-SHA384"
+
+/* ECDH GCM based ciphersuites from RFC5289 */
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    "ECDHE-ECDSA-AES128-GCM-SHA256"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    "ECDHE-ECDSA-AES256-GCM-SHA384"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256     "ECDH-ECDSA-AES128-GCM-SHA256"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384     "ECDH-ECDSA-AES256-GCM-SHA384"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256      "ECDHE-RSA-AES128-GCM-SHA256"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384      "ECDHE-RSA-AES256-GCM-SHA384"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256       "ECDH-RSA-AES128-GCM-SHA256"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384       "ECDH-RSA-AES256-GCM-SHA384"
 
 #define TLS_CT_RSA_SIGN                        1
 #define TLS_CT_DSS_SIGN                        2
index 190e8a1..c2448e3 100644 (file)
@@ -86,9 +86,6 @@
 #include <openssl/dh.h>
 #endif
 
-#include <openssl/evp.h>
-
-
 #ifdef  __cplusplus
 extern "C" {
 #endif
index 2b1cfa2..bd78aa4 100644 (file)
@@ -316,7 +316,7 @@ int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*);
 int (*UI_method_get_flusher(UI_METHOD *method))(UI*);
 int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*);
 int (*UI_method_get_closer(UI_METHOD *method))(UI*);
-char* (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*);
+char * (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*);
 
 /* The following functions are helpers for method writers to access relevant
    data from a UI_STRING. */
index 03c91da..9e01f5b 100644 (file)
@@ -24,6 +24,9 @@ typedef struct        {
        } WHIRLPOOL_CTX;
 
 #ifndef OPENSSL_NO_WHIRLPOOL
+#ifdef OPENSSL_FIPS
+int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c);
+#endif
 int WHIRLPOOL_Init     (WHIRLPOOL_CTX *c);
 int WHIRLPOOL_Update   (WHIRLPOOL_CTX *c,const void *inp,size_t bytes);
 void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits);
index 604f4fb..092dd74 100644 (file)
@@ -258,6 +258,7 @@ typedef struct x509_cinf_st
        ASN1_BIT_STRING *issuerUID;             /* [ 1 ] optional in v2 */
        ASN1_BIT_STRING *subjectUID;            /* [ 2 ] optional in v2 */
        STACK_OF(X509_EXTENSION) *extensions;   /* [ 3 ] optional in v3 */
+       ASN1_ENCODING enc;
        } X509_CINF;
 
 /* This stuff is certificate "auxiliary info"
@@ -656,11 +657,15 @@ int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
 
 int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
 
+int X509_signature_dump(BIO *bp,const ASN1_STRING *sig, int indent);
 int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig);
 
 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
 
 int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
@@ -762,6 +767,7 @@ X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
 int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
 void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
                                                X509_ALGOR *algor);
+void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
 
 X509_NAME *X509_NAME_dup(X509_NAME *xn);
 X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
@@ -895,6 +901,9 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
 int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
        ASN1_BIT_STRING *signature,
        void *data, EVP_PKEY *pkey, const EVP_MD *type);
+int ASN1_item_sign_ctx(const ASN1_ITEM *it,
+               X509_ALGOR *algor1, X509_ALGOR *algor2,
+               ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx);
 #endif
 
 int            X509_set_version(X509 *x,long version);
@@ -1160,6 +1169,9 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
                                 unsigned char *salt, int saltlen,
                                 unsigned char *aiv, int prf_nid);
 
+X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
+                               int prf_nid, int keylen);
+
 /* PKCS#8 utilities */
 
 DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
index d9c4bf1..ca812e5 100644 (file)
Binary files a/sdk/openssl/lib/x64/libeay32.lib and b/sdk/openssl/lib/x64/libeay32.lib differ
index 190808f..df38610 100644 (file)
Binary files a/sdk/openssl/lib/x64/ssleay32.lib and b/sdk/openssl/lib/x64/ssleay32.lib differ
index 48bd451..552df58 100644 (file)
Binary files a/sdk/openssl/lib/x86/libeay32.lib and b/sdk/openssl/lib/x86/libeay32.lib differ
index a448f82..7c528f7 100644 (file)
Binary files a/sdk/openssl/lib/x86/ssleay32.lib and b/sdk/openssl/lib/x86/ssleay32.lib differ
index 21158b2..a0d1908 100644 (file)
@@ -52,7 +52,7 @@
         <dependency>
             <groupId>org.netxms</groupId>
             <artifactId>netxms-client</artifactId>
-            <version>1.1.10</version>
+            <version>1.2.16</version>
             <scope>compile</scope>
         </dependency>
     </dependencies>
index 9385311..ac0eb33 100644 (file)
@@ -4,7 +4,7 @@
   <groupId>org.netxms</groupId>
   <artifactId>netxms-agent</artifactId>
   <packaging>jar</packaging>
-  <version>1.2.10</version>
+  <version>1.2.16</version>
   <name>NetXMS Java Agent</name>
   <url>http://www.netxms.org</url>
 
index 7cebe64..b7f2fcb 100644 (file)
@@ -5,7 +5,7 @@
     <parent>
       <groupId>org.netxms</groupId>
       <artifactId>netxms</artifactId>
-      <version>1.2.15</version>
+      <version>1.2.16</version>
     </parent>
 
     <groupId>org.netxms</groupId>