diff --git a/README b/README index 2551315..8c3c9d5 100644 --- a/README +++ b/README @@ -52,8 +52,7 @@ own convenience. But you should really not trust me and do two things: 1) Verify that the openssl-1.0.1g.tar.gz file is authentic by comparing it's SHA1 hash to the one found on http://www.openssl.org/source/ You can do this with - the 'openssl sha1 openssl-1.0.1g.tar.gz' command. + the 'openssl sha1 openssl-1.0.1h.tar.gz' command. 2) Compile your own version of the library as explained above Enjoy :-) - diff --git a/build.sh b/build.sh index 5248ec4..5fcd7f6 100755 --- a/build.sh +++ b/build.sh @@ -8,7 +8,7 @@ set -x # Setup paths to stuff we need -OPENSSL_VERSION="1.0.1g" +OPENSSL_VERSION="1.0.1h" DEVELOPER="/Applications/Xcode.app/Contents/Developer" @@ -111,4 +111,3 @@ lipo \ rm -rf "/tmp/openssl-${OPENSSL_VERSION}-*" rm -rf "/tmp/openssl-${OPENSSL_VERSION}-*.*-log" - diff --git a/include/openssl/opensslconf.h b/include/openssl/opensslconf.h index 95cce55..ef409a1 100644 --- a/include/openssl/opensslconf.h +++ b/include/openssl/opensslconf.h @@ -83,8 +83,8 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) -#define ENGINESDIR "/tmp/openssl-1.0.1g-i386/lib/engines" -#define OPENSSLDIR "/tmp/openssl-1.0.1g-i386" +#define ENGINESDIR "/tmp/openssl-1.0.1h-i386/lib/engines" +#define OPENSSLDIR "/tmp/openssl-1.0.1h-i386" #endif #endif diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index ebe7180..c3b6ace 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x1000107fL +#define OPENSSL_VERSION_NUMBER 0x1000108fL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-fips 7 Apr 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1h-fips 5 Jun 2014" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g 7 Apr 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1h 5 Jun 2014" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/include/openssl/pkcs7.h b/include/openssl/pkcs7.h index e4d4431..04f6037 100644 --- a/include/openssl/pkcs7.h +++ b/include/openssl/pkcs7.h @@ -453,6 +453,7 @@ void ERR_load_PKCS7_strings(void); #define PKCS7_R_ERROR_SETTING_CIPHER 121 #define PKCS7_R_INVALID_MIME_TYPE 131 #define PKCS7_R_INVALID_NULL_POINTER 143 +#define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 #define PKCS7_R_MIME_NO_CONTENT_TYPE 132 #define PKCS7_R_MIME_PARSE_ERROR 133 #define PKCS7_R_MIME_SIG_PARSE_ERROR 134 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 7219a0e..4c1242c 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -553,7 +553,7 @@ struct ssl_session_st /* Allow initial connection to servers that don't support RI */ #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L -#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L +#define SSL_OP_TLSEXT_PADDING 0x00000010L #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L @@ -562,6 +562,8 @@ struct ssl_session_st /* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ #define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 +/* Refers to ancient SSLREF and SSLv2, retained for compatibility */ +#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added * in OpenSSL 0.9.6d. Usually (depending on the application protocol) diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index cb8b249..37f19e3 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 +#define SSL3_FLAGS_CCS_OK 0x0080 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we * restart a handshake because of MS SGC and so prevents us diff --git a/lib/libcrypto.a b/lib/libcrypto.a index ed65ba0..a8ecfe0 100644 Binary files a/lib/libcrypto.a and b/lib/libcrypto.a differ diff --git a/lib/libssl.a b/lib/libssl.a index ab37b17..ca511ef 100644 Binary files a/lib/libssl.a and b/lib/libssl.a differ diff --git a/openssl-1.0.1g.tar.gz b/openssl-1.0.1g.tar.gz deleted file mode 100644 index ac40275..0000000 Binary files a/openssl-1.0.1g.tar.gz and /dev/null differ diff --git a/openssl-1.0.1h.tar.gz b/openssl-1.0.1h.tar.gz new file mode 100644 index 0000000..54730a7 Binary files /dev/null and b/openssl-1.0.1h.tar.gz differ