[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Richard Levitte
levitte at openssl.org
Tue Apr 4 09:35:12 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via 4b3a20dc7e66c6c0683a7a1b6521dbc5d287ac1b (commit)
via 8b6277538350008a19f8015895972a5edf13da11 (commit)
via 6fb4f30611e8e5a5598234463f644cb950de760d (commit)
via 93c2fb6f2706b2f2836128436f4541bd22e9ff40 (commit)
via 150fe6b6ea2c67b24ec7b5d8da33a8452e4a125f (commit)
from 133b9756e7357128954f28d4fcbb4db8b39d4f9a (commit)
- Log -----------------------------------------------------------------
commit 4b3a20dc7e66c6c0683a7a1b6521dbc5d287ac1b
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Mar 31 21:31:43 2017 +0200
Fix faulty check of padding in x_long.c
Bug uncovered by test
[extended tests]
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3120)
commit 8b6277538350008a19f8015895972a5edf13da11
Author: Matt Caswell <matt at openssl.org>
Date: Mon Mar 27 16:11:11 2017 +0100
Fix a possible integer overflow in long_c2i
Credit to OSS-Fuzz for finding this.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3120)
commit 6fb4f30611e8e5a5598234463f644cb950de760d
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Mar 30 13:33:33 2017 +0200
Convert SSL_SESSION_ASN1 to use size specific integers
This increases portability of SSL_SESSION files between architectures
where the size of |long| may vary. Before this, SSL_SESSION files
produced on a 64-bit long architecture may break on a 32-bit long
architecture.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3120)
commit 93c2fb6f2706b2f2836128436f4541bd22e9ff40
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Mar 30 13:33:20 2017 +0200
make update
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3120)
commit 150fe6b6ea2c67b24ec7b5d8da33a8452e4a125f
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Mar 30 13:31:16 2017 +0200
Implement internal ASN.1 types INT32, UINT32, INT64, UINT64
Also Z varieties.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3120)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/a_int.c | 31 ++++++-
crypto/asn1/asn1_err.c | 5 +-
crypto/asn1/asn1_locl.h | 6 +-
crypto/asn1/build.info | 2 +-
crypto/asn1/x_int64.c | 213 +++++++++++++++++++++++++++++++++++++++++++++++
crypto/asn1/x_long.c | 11 ++-
include/internal/asn1t.h | 19 +++++
include/openssl/asn1.h | 3 +
ssl/ssl_asn1.c | 32 +++----
util/libcrypto.num | 16 ++++
util/mkdef.pl | 1 +
11 files changed, 317 insertions(+), 22 deletions(-)
create mode 100644 crypto/asn1/x_int64.c
create mode 100644 include/internal/asn1t.h
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index c40c7fa..4981ddb 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -622,3 +622,32 @@ BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn)
{
return asn1_string_to_bn(ai, bn, V_ASN1_ENUMERATED);
}
+
+/* Internal functions used by x_int64.c */
+int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len)
+{
+ unsigned char buf[sizeof(uint64_t)];
+ size_t buflen;
+
+ buflen = c2i_ibuf(NULL, NULL, *pp, len);
+ if (buflen == 0)
+ return 0;
+ if (buflen > sizeof(uint64_t)) {
+ ASN1err(ASN1_F_C2I_UINT64_INT, ASN1_R_TOO_LARGE);
+ return 0;
+ }
+ (void)c2i_ibuf(buf, neg, *pp, len);
+ return asn1_get_uint64(ret, buf, buflen);
+}
+
+int i2c_uint64_int(unsigned char *p, uint64_t r, int neg)
+{
+ unsigned char buf[sizeof(uint64_t)];
+ size_t buflen;
+
+ buflen = asn1_put_uint64(buf, r);
+ if (p == NULL)
+ return i2c_ibuf(buf, buflen, neg, NULL);
+ return i2c_ibuf(buf, buflen, neg, &p);
+}
+
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index 97c3dec..dd0e99e 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -85,6 +85,7 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"},
{ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"},
{ERR_FUNC(ASN1_F_C2I_IBUF), "c2i_ibuf"},
+ {ERR_FUNC(ASN1_F_C2I_UINT64_INT), "c2i_uint64_int"},
{ERR_FUNC(ASN1_F_COLLECT_DATA), "collect_data"},
{ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"},
{ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"},
@@ -110,6 +111,8 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"},
{ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"},
{ERR_FUNC(ASN1_F_STBL_MODULE_INIT), "stbl_module_init"},
+ {ERR_FUNC(ASN1_F_UINT32_C2I), "uint32_c2i"},
+ {ERR_FUNC(ASN1_F_UINT64_C2I), "uint64_c2i"},
{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"},
{ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"},
{ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "x509_name_encode"},
diff --git a/crypto/asn1/asn1_locl.h b/crypto/asn1/asn1_locl.h
index 5f597bd..9470c7d 100644
--- a/crypto/asn1/asn1_locl.h
+++ b/crypto/asn1/asn1_locl.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -76,3 +76,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp);
ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
long length);
+
+/* Internal functions used by x_int64.c */
+int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len);
+int i2c_uint64_int(unsigned char *p, uint64_t r, int neg);
diff --git a/crypto/asn1/build.info b/crypto/asn1/build.info
index 02d1120..c1afb71 100644
--- a/crypto/asn1/build.info
+++ b/crypto/asn1/build.info
@@ -4,7 +4,7 @@ SOURCE[../../libcrypto]=\
a_print.c a_type.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
x_algor.c x_val.c x_sig.c x_bignum.c \
- x_long.c x_info.c x_spki.c nsseq.c \
+ x_long.c x_int64.c x_info.c x_spki.c nsseq.c \
d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
t_pkey.c t_spki.c t_bitst.c \
tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
diff --git a/crypto/asn1/x_int64.c b/crypto/asn1/x_int64.c
new file mode 100644
index 0000000..d180a3b
--- /dev/null
+++ b/crypto/asn1/x_int64.c
@@ -0,0 +1,213 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/asn1t.h"
+#include "internal/numbers.h"
+#include <openssl/bn.h>
+#include "asn1_locl.h"
+
+/*
+ * Custom primitive types for handling int32_t, int64_t, uint32_t, uint64_t.
+ * This converts between an ASN1_INTEGER and those types directly.
+ * This is preferred to using the LONG / ZLONG primitives.
+ */
+
+/*
+ * We abuse the ASN1_ITEM fields |size| as a flags field
+ */
+#define INTxx_FLAG_ZERO_DEFAULT (1<<0)
+#define INTxx_FLAG_SIGNED (1<<1)
+
+static int uint64_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ *(uint64_t *)pval = 0;
+ return 1;
+}
+
+static void uint64_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ *(uint64_t *)pval = 0;
+}
+
+static int uint64_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+ const ASN1_ITEM *it)
+{
+ uint64_t utmp;
+ int neg = 0;
+ /* this exists to bypass broken gcc optimization */
+ char *cp = (char *)pval;
+
+ /* use memcpy, because we may not be uint64_t aligned */
+ memcpy(&utmp, cp, sizeof(utmp));
+
+ if ((it->size & INTxx_FLAG_ZERO_DEFAULT) == INTxx_FLAG_ZERO_DEFAULT
+ && utmp == 0)
+ return -1;
+ if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+ && (int64_t)utmp < 0)
+ neg = 1;
+
+ return i2c_uint64_int(cont, utmp, neg);
+}
+
+static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+ int utype, char *free_cont, const ASN1_ITEM *it)
+{
+ uint64_t utmp = 0;
+ char *cp = (char *)pval;
+ int neg = 0;
+
+ if (!c2i_uint64_int(&utmp, &neg, &cont, len))
+ return 0;
+ if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
+ ASN1err(ASN1_F_UINT64_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
+ return 0;
+ }
+ memcpy(cp, &utmp, sizeof(utmp));
+ return 1;
+}
+
+static int uint64_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+ int indent, const ASN1_PCTX *pctx)
+{
+ if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED)
+ return BIO_printf(out, "%jd\n", *(int64_t *)pval);
+ return BIO_printf(out, "%ju\n", *(uint64_t *)pval);
+}
+
+/* 32-bit variants */
+
+static int uint32_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ *(uint32_t *)pval = 0;
+ return 1;
+}
+
+static void uint32_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ *(uint32_t *)pval = 0;
+}
+
+static int uint32_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+ const ASN1_ITEM *it)
+{
+ uint32_t utmp;
+ int neg = 0;
+ /* this exists to bypass broken gcc optimization */
+ char *cp = (char *)pval;
+
+ /* use memcpy, because we may not be uint32_t aligned */
+ memcpy(&utmp, cp, sizeof(utmp));
+
+ if ((it->size & INTxx_FLAG_ZERO_DEFAULT) == INTxx_FLAG_ZERO_DEFAULT
+ && utmp == 0)
+ return -1;
+ if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+ && (int32_t)utmp < 0)
+ neg = 1;
+
+ return i2c_uint64_int(cont, (uint64_t)utmp, neg);
+}
+
+static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+ int utype, char *free_cont, const ASN1_ITEM *it)
+{
+ uint64_t utmp = 0;
+ uint32_t utmp2 = 0;
+ char *cp = (char *)pval;
+ int neg = 0;
+
+ if (!c2i_uint64_int(&utmp, &neg, &cont, len))
+ return 0;
+ if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
+ ASN1err(ASN1_F_UINT32_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
+ return 0;
+ }
+ utmp2 = (uint32_t)utmp;
+ if (utmp != utmp2
+ || ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+ && !neg && utmp2 > INT32_MAX)) {
+ ASN1err(ASN1_F_UINT32_C2I, ASN1_R_TOO_LARGE);
+ return 0;
+ }
+ memcpy(cp, &utmp2, sizeof(utmp2));
+ return 1;
+}
+
+static int uint32_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+ int indent, const ASN1_PCTX *pctx)
+{
+ if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED)
+ return BIO_printf(out, "%d\n", *(int32_t *)pval);
+ return BIO_printf(out, "%u\n", *(uint32_t *)pval);
+}
+
+
+/* Define the primitives themselves */
+
+static ASN1_PRIMITIVE_FUNCS uint32_pf = {
+ NULL, 0,
+ uint32_new,
+ uint32_free,
+ uint32_free, /* Clear should set to initial value */
+ uint32_c2i,
+ uint32_i2c,
+ uint32_print
+};
+
+static ASN1_PRIMITIVE_FUNCS uint64_pf = {
+ NULL, 0,
+ uint64_new,
+ uint64_free,
+ uint64_free, /* Clear should set to initial value */
+ uint64_c2i,
+ uint64_i2c,
+ uint64_print
+};
+
+ASN1_ITEM_start(INT32)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
+ INTxx_FLAG_SIGNED, "INT32"
+ASN1_ITEM_end(INT32)
+
+ASN1_ITEM_start(UINT32)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf, 0, "UINT32"
+ASN1_ITEM_end(UINT32)
+
+ASN1_ITEM_start(INT64)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
+ INTxx_FLAG_SIGNED, "INT64"
+ASN1_ITEM_end(INT64)
+
+ASN1_ITEM_start(UINT64)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, 0, "UINT64"
+ASN1_ITEM_end(UINT64)
+
+ASN1_ITEM_start(ZINT32)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
+ INTxx_FLAG_ZERO_DEFAULT|INTxx_FLAG_SIGNED, "ZINT32"
+ASN1_ITEM_end(ZINT32)
+
+ASN1_ITEM_start(ZUINT32)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
+ INTxx_FLAG_ZERO_DEFAULT, "ZUINT32"
+ASN1_ITEM_end(ZUINT32)
+
+ASN1_ITEM_start(ZINT64)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
+ INTxx_FLAG_ZERO_DEFAULT|INTxx_FLAG_SIGNED, "ZINT64"
+ASN1_ITEM_end(ZINT64)
+
+ASN1_ITEM_start(ZUINT64)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
+ INTxx_FLAG_ZERO_DEFAULT, "ZUINT64"
+ASN1_ITEM_end(ZUINT64)
+
diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c
index 233725f..a7b9023 100644
--- a/crypto/asn1/x_long.c
+++ b/crypto/asn1/x_long.c
@@ -110,7 +110,7 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
unsigned long utmp = 0;
char *cp = (char *)pval;
- if (len) {
+ if (len > 1) {
/*
* Check possible pad byte. Worst case, we're skipping past actual
* content, but since that's only with 0x00 and 0xff and we set neg
@@ -120,7 +120,7 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
case 0xff:
cont++;
len--;
- neg = 1;
+ neg = 0x80;
break;
case 0:
cont++;
@@ -139,6 +139,9 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
neg = 1;
else
neg = 0;
+ } else if (neg == (cont[0] & 0x80)) {
+ ASN1err(ASN1_F_LONG_C2I, ASN1_R_ILLEGAL_PADDING);
+ return 0;
}
utmp = 0;
for (i = 0; i < len; i++) {
@@ -149,6 +152,10 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
utmp |= cont[i];
}
ltmp = (long)utmp;
+ if (ltmp < 0) {
+ ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+ return 0;
+ }
if (neg) {
ltmp = -ltmp;
ltmp--;
diff --git a/include/internal/asn1t.h b/include/internal/asn1t.h
new file mode 100644
index 0000000..32d637d
--- /dev/null
+++ b/include/internal/asn1t.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+
+DECLARE_ASN1_ITEM(INT32)
+DECLARE_ASN1_ITEM(ZINT32)
+DECLARE_ASN1_ITEM(UINT32)
+DECLARE_ASN1_ITEM(ZUINT32)
+DECLARE_ASN1_ITEM(INT64)
+DECLARE_ASN1_ITEM(ZINT64)
+DECLARE_ASN1_ITEM(UINT64)
+DECLARE_ASN1_ITEM(ZUINT64)
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index 7cf6116..df764c5 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -946,6 +946,7 @@ int ERR_load_ASN1_strings(void);
# define ASN1_F_C2I_ASN1_INTEGER 194
# define ASN1_F_C2I_ASN1_OBJECT 196
# define ASN1_F_C2I_IBUF 226
+# define ASN1_F_C2I_UINT64_INT 101
# define ASN1_F_COLLECT_DATA 140
# define ASN1_F_D2I_ASN1_OBJECT 147
# define ASN1_F_D2I_ASN1_UINTEGER 150
@@ -971,6 +972,8 @@ int ERR_load_ASN1_strings(void);
# define ASN1_F_SMIME_READ_ASN1 212
# define ASN1_F_SMIME_TEXT 213
# define ASN1_F_STBL_MODULE_INIT 223
+# define ASN1_F_UINT32_C2I 105
+# define ASN1_F_UINT64_C2I 112
# define ASN1_F_X509_CRL_ADD0_REVOKED 169
# define ASN1_F_X509_INFO_NEW 170
# define ASN1_F_X509_NAME_ENCODE 203
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 8f55d8f..39fe4e1 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -37,24 +37,24 @@
#include <stdio.h>
#include <stdlib.h>
#include "ssl_locl.h"
-#include <openssl/asn1t.h>
+#include "internal/asn1t.h"
#include <openssl/x509.h>
typedef struct {
- long version;
- long ssl_version;
+ uint32_t version;
+ int32_t ssl_version;
ASN1_OCTET_STRING *cipher;
ASN1_OCTET_STRING *comp_id;
ASN1_OCTET_STRING *master_key;
ASN1_OCTET_STRING *session_id;
ASN1_OCTET_STRING *key_arg;
- long time;
- long timeout;
+ int64_t time;
+ int64_t timeout;
X509 *peer;
ASN1_OCTET_STRING *session_id_context;
- long verify_result;
+ int32_t verify_result;
ASN1_OCTET_STRING *tlsext_hostname;
- long tlsext_tick_lifetime_hint;
+ int64_t tlsext_tick_lifetime_hint;
ASN1_OCTET_STRING *tlsext_tick;
#ifndef OPENSSL_NO_PSK
ASN1_OCTET_STRING *psk_identity_hint;
@@ -63,33 +63,33 @@ typedef struct {
#ifndef OPENSSL_NO_SRP
ASN1_OCTET_STRING *srp_username;
#endif
- long flags;
+ uint64_t flags;
} SSL_SESSION_ASN1;
ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
- ASN1_SIMPLE(SSL_SESSION_ASN1, version, LONG),
- ASN1_SIMPLE(SSL_SESSION_ASN1, ssl_version, LONG),
+ ASN1_SIMPLE(SSL_SESSION_ASN1, version, UINT32),
+ ASN1_SIMPLE(SSL_SESSION_ASN1, ssl_version, INT32),
ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING),
ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING),
ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING),
ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0),
- ASN1_EXP_OPT(SSL_SESSION_ASN1, time, ZLONG, 1),
- ASN1_EXP_OPT(SSL_SESSION_ASN1, timeout, ZLONG, 2),
+ ASN1_EXP_OPT(SSL_SESSION_ASN1, time, ZINT64, 1),
+ ASN1_EXP_OPT(SSL_SESSION_ASN1, timeout, ZINT64, 2),
ASN1_EXP_OPT(SSL_SESSION_ASN1, peer, X509, 3),
ASN1_EXP_OPT(SSL_SESSION_ASN1, session_id_context, ASN1_OCTET_STRING, 4),
- ASN1_EXP_OPT(SSL_SESSION_ASN1, verify_result, ZLONG, 5),
+ ASN1_EXP_OPT(SSL_SESSION_ASN1, verify_result, ZINT32, 5),
ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_hostname, ASN1_OCTET_STRING, 6),
#ifndef OPENSSL_NO_PSK
ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity_hint, ASN1_OCTET_STRING, 7),
ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity, ASN1_OCTET_STRING, 8),
#endif
- ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZLONG, 9),
+ ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZUINT64, 9),
ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick, ASN1_OCTET_STRING, 10),
ASN1_EXP_OPT(SSL_SESSION_ASN1, comp_id, ASN1_OCTET_STRING, 11),
#ifndef OPENSSL_NO_SRP
ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12),
#endif
- ASN1_EXP_OPT(SSL_SESSION_ASN1, flags, ZLONG, 13)
+ ASN1_EXP_OPT(SSL_SESSION_ASN1, flags, ZUINT64, 13)
} static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
diff --git a/util/libcrypto.num b/util/libcrypto.num
index b84d961..814926f 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4214,3 +4214,19 @@ X509_VERIFY_PARAM_set_inh_flags 4174 1_1_0d EXIST::FUNCTION:
X509_VERIFY_PARAM_get_inh_flags 4175 1_1_0d EXIST::FUNCTION:
X509_VERIFY_PARAM_get_time 4181 1_1_0d EXIST::FUNCTION:
DH_check_params 4183 1_1_0d EXIST::FUNCTION:DH
+INT32_it 4208 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+INT32_it 4208 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UINT64_it 4209 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+UINT64_it 4209 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ZINT32_it 4210 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZINT32_it 4210 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ZUINT64_it 4211 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZUINT64_it 4211 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+INT64_it 4212 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+INT64_it 4212 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ZUINT32_it 4213 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZUINT32_it 4213 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UINT32_it 4214 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+UINT32_it 4214 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ZINT64_it 4215 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZINT64_it 4215 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
diff --git a/util/mkdef.pl b/util/mkdef.pl
index aebea30..f54d7d4 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -238,6 +238,7 @@ my $crypto ="include/openssl/crypto.h";
$crypto.=" include/internal/o_dir.h";
$crypto.=" include/internal/o_str.h";
$crypto.=" include/internal/err.h";
+$crypto.=" include/internal/asn1t.h";
$crypto.=" include/openssl/des.h" ; # unless $no_des;
$crypto.=" include/openssl/idea.h" ; # unless $no_idea;
$crypto.=" include/openssl/rc4.h" ; # unless $no_rc4;
More information about the openssl-commits
mailing list