From a4ccf06808422400a6a0673b452d388e95a455fd Mon Sep 17 00:00:00 2001 From: Viktor Dukhovni Date: Thu, 7 Apr 2016 14:19:16 -0400 Subject: [PATCH] make update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Rob Percival Reviewed-by: Emilia Käsper --- crypto/ct/ct_err.c | 3 --- include/openssl/ct.h | 2 -- include/openssl/ssl.h | 7 +++++-- ssl/ssl_err.c | 14 ++++++++------ util/libcrypto.num | 3 +-- util/libssl.num | 6 ++++-- 6 files changed, 18 insertions(+), 17 deletions(-) diff --git a/crypto/ct/ct_err.c b/crypto/ct/ct_err.c index 9d4548c4da..175439507e 100644 --- a/crypto/ct/ct_err.c +++ b/crypto/ct/ct_err.c @@ -91,9 +91,6 @@ static ERR_STRING_DATA CT_str_functs[] = { {ERR_FUNC(CT_F_CT_POLICY_EVAL_CTX_SET0_LOG_STORE), "CT_POLICY_EVAL_CTX_set0_log_store"}, {ERR_FUNC(CT_F_CT_V1_LOG_ID_FROM_PKEY), "ct_v1_log_id_from_pkey"}, - {ERR_FUNC(CT_F_CT_VERIFY_AT_LEAST_ONE_GOOD_SCT), - "CT_verify_at_least_one_good_sct"}, - {ERR_FUNC(CT_F_CT_VERIFY_NO_BAD_SCTS), "CT_verify_no_bad_scts"}, {ERR_FUNC(CT_F_D2I_SCT_LIST), "d2i_SCT_LIST"}, {ERR_FUNC(CT_F_I2D_SCT_LIST), "i2d_SCT_LIST"}, {ERR_FUNC(CT_F_I2O_SCT), "i2o_SCT"}, diff --git a/include/openssl/ct.h b/include/openssl/ct.h index 9b0ce2f119..f12ca92f0d 100644 --- a/include/openssl/ct.h +++ b/include/openssl/ct.h @@ -544,8 +544,6 @@ void ERR_load_CT_strings(void); # define CT_F_CT_POLICY_EVAL_CTX_SET0_ISSUER 135 # define CT_F_CT_POLICY_EVAL_CTX_SET0_LOG_STORE 136 # define CT_F_CT_V1_LOG_ID_FROM_PKEY 125 -# define CT_F_CT_VERIFY_AT_LEAST_ONE_GOOD_SCT 137 -# define CT_F_CT_VERIFY_NO_BAD_SCTS 138 # define CT_F_D2I_SCT_LIST 105 # define CT_F_I2D_SCT_LIST 106 # define CT_F_I2O_SCT 107 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 0b103f495d..ae9d8f27eb 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2106,6 +2106,7 @@ void ERR_load_SSL_strings(void); /* Function codes. */ # define SSL_F_CHECK_SUITEB_CIPHER_LIST 331 # define SSL_F_CT_MOVE_SCTS 345 +# define SSL_F_CT_STRICT 349 # define SSL_F_D2I_SSL_SESSION 103 # define SSL_F_DANE_CTX_ENABLE 347 # define SSL_F_DANE_MTYPE_SET 393 @@ -2188,7 +2189,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_CREATE_CIPHER_LIST 166 # define SSL_F_SSL_CTRL 232 # define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 -# define SSL_F_SSL_CTX_GET_CT_VALIDATION_CALLBACK 349 +# define SSL_F_SSL_CTX_ENABLE_CT 398 # define SSL_F_SSL_CTX_MAKE_PROFILES 309 # define SSL_F_SSL_CTX_NEW 169 # define SSL_F_SSL_CTX_SET_ALPN_PROTOS 343 @@ -2214,8 +2215,8 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_DANE_ENABLE 395 # define SSL_F_SSL_DO_CONFIG 391 # define SSL_F_SSL_DO_HANDSHAKE 180 +# define SSL_F_SSL_ENABLE_CT 402 # define SSL_F_SSL_GET0_PEER_SCTS 397 -# define SSL_F_SSL_GET_CT_VALIDATION_CALLBACK 398 # define SSL_F_SSL_GET_NEW_SESSION 181 # define SSL_F_SSL_GET_PREV_SESSION 217 # define SSL_F_SSL_GET_SERVER_CERT_INDEX 322 @@ -2438,6 +2439,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_INVALID_COMMAND 280 # define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 # define SSL_R_INVALID_CONFIGURATION_NAME 113 +# define SSL_R_INVALID_CT_VALIDATION_TYPE 212 # define SSL_R_INVALID_NULL_CMD_NAME 385 # define SSL_R_INVALID_PURPOSE 278 # define SSL_R_INVALID_SEQUENCE_NUMBER 402 @@ -2486,6 +2488,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_NO_SHARED_CIPHER 193 # define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 376 # define SSL_R_NO_SRTP_PROFILES 359 +# define SSL_R_NO_VALID_SCTS 216 # define SSL_R_NO_VERIFY_CALLBACK 194 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 # define SSL_R_NULL_SSL_CTX 195 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index d0cadc60f0..df98c76538 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -70,7 +70,8 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_CHECK_SUITEB_CIPHER_LIST), "check_suiteb_cipher_list"}, - {ERR_FUNC(SSL_F_CT_MOVE_SCTS), "CT_move_scts"}, + {ERR_FUNC(SSL_F_CT_MOVE_SCTS), "ct_move_scts"}, + {ERR_FUNC(SSL_F_CT_STRICT), "ct_strict"}, {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, {ERR_FUNC(SSL_F_DANE_CTX_ENABLE), "dane_ctx_enable"}, {ERR_FUNC(SSL_F_DANE_MTYPE_SET), "dane_mtype_set"}, @@ -170,8 +171,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "ssl_create_cipher_list"}, {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"}, {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, - {ERR_FUNC(SSL_F_SSL_CTX_GET_CT_VALIDATION_CALLBACK), - "SSL_CTX_get_ct_validation_callback"}, + {ERR_FUNC(SSL_F_SSL_CTX_ENABLE_CT), "SSL_CTX_enable_ct"}, {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "ssl_ctx_make_profiles"}, {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, {ERR_FUNC(SSL_F_SSL_CTX_SET_ALPN_PROTOS), "SSL_CTX_set_alpn_protos"}, @@ -208,9 +208,8 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL_DANE_ENABLE), "SSL_dane_enable"}, {ERR_FUNC(SSL_F_SSL_DO_CONFIG), "ssl_do_config"}, {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, + {ERR_FUNC(SSL_F_SSL_ENABLE_CT), "SSL_enable_ct"}, {ERR_FUNC(SSL_F_SSL_GET0_PEER_SCTS), "SSL_get0_peer_scts"}, - {ERR_FUNC(SSL_F_SSL_GET_CT_VALIDATION_CALLBACK), - "SSL_get_ct_validation_callback"}, {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "ssl_get_new_session"}, {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "ssl_get_prev_session"}, {ERR_FUNC(SSL_F_SSL_GET_SERVER_CERT_INDEX), "ssl_get_server_cert_index"}, @@ -280,7 +279,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"}, {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"}, - {ERR_FUNC(SSL_F_SSL_VALIDATE_CT), "SSL_validate_ct"}, + {ERR_FUNC(SSL_F_SSL_VALIDATE_CT), "ssl_validate_ct"}, {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "ssl_verify_cert_chain"}, {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, {ERR_FUNC(SSL_F_STATE_MACHINE), "state_machine"}, @@ -502,6 +501,8 @@ static ERR_STRING_DATA SSL_str_reasons[] = { "invalid compression algorithm"}, {ERR_REASON(SSL_R_INVALID_CONFIGURATION_NAME), "invalid configuration name"}, + {ERR_REASON(SSL_R_INVALID_CT_VALIDATION_TYPE), + "invalid ct validation type"}, {ERR_REASON(SSL_R_INVALID_NULL_CMD_NAME), "invalid null cmd name"}, {ERR_REASON(SSL_R_INVALID_PURPOSE), "invalid purpose"}, {ERR_REASON(SSL_R_INVALID_SEQUENCE_NUMBER), "invalid sequence number"}, @@ -555,6 +556,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = { {ERR_REASON(SSL_R_NO_SHARED_SIGATURE_ALGORITHMS), "no shared sigature algorithms"}, {ERR_REASON(SSL_R_NO_SRTP_PROFILES), "no srtp profiles"}, + {ERR_REASON(SSL_R_NO_VALID_SCTS), "no valid scts"}, {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK), "no verify callback"}, {ERR_REASON(SSL_R_NO_VERIFY_COOKIE_CALLBACK), "no verify cookie callback"}, {ERR_REASON(SSL_R_NULL_SSL_CTX), "null ssl ctx"}, diff --git a/util/libcrypto.num b/util/libcrypto.num index 5cbdfcc690..2d4c0e67b7 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -238,7 +238,6 @@ EVP_PKEY_meth_set_decrypt 233 1_1_0 EXIST::FUNCTION: EVP_rc2_ecb 234 1_1_0 EXIST::FUNCTION:RC2 i2b_PublicKey_bio 235 1_1_0 EXIST::FUNCTION: d2i_ASN1_SET_ANY 236 1_1_0 EXIST::FUNCTION: -CT_verify_no_bad_scts 237 1_1_0 EXIST::FUNCTION:CT ASN1_item_i2d 238 1_1_0 EXIST::FUNCTION: OCSP_copy_nonce 239 1_1_0 EXIST::FUNCTION: OBJ_txt2nid 240 1_1_0 EXIST::FUNCTION: @@ -716,7 +715,6 @@ OPENSSL_isservice 697 1_1_0 EXIST::FUNCTION: DH_compute_key 698 1_1_0 EXIST::FUNCTION:DH TS_RESP_CTX_set_signer_key 699 1_1_0 EXIST::FUNCTION:TS i2d_DSAPrivateKey_bio 700 1_1_0 EXIST::FUNCTION:DSA -CT_verify_at_least_one_good_sct 701 1_1_0 EXIST::FUNCTION:CT ASN1_item_d2i 702 1_1_0 EXIST::FUNCTION: BIO_int_ctrl 703 1_1_0 EXIST::FUNCTION: CMS_ReceiptRequest_it 704 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS @@ -1240,6 +1238,7 @@ OBJ_obj2nid 1202 1_1_0 EXIST::FUNCTION: PKCS12_SAFEBAG_free 1203 1_1_0 EXIST::FUNCTION: EVP_cast5_cfb64 1204 1_1_0 EXIST::FUNCTION:CAST OPENSSL_uni2asc 1205 1_1_0 EXIST::FUNCTION: +SCT_validation_status_string 1206 1_1_0 EXIST::FUNCTION:CT PKCS7_add_attribute 1207 1_1_0 EXIST::FUNCTION: ENGINE_register_DSA 1208 1_1_0 EXIST::FUNCTION:ENGINE lh_node_stats 1209 1_1_0 EXIST::FUNCTION:STDIO diff --git a/util/libssl.num b/util/libssl.num index 8b2155ec9f..950ca03913 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -377,10 +377,10 @@ SSL_CTX_set_ctlog_list_file 376 1_1_0 EXIST::FUNCTION:CT SSL_set_ct_validation_callback 377 1_1_0 EXIST::FUNCTION:CT SSL_CTX_set_default_ctlog_list_file 378 1_1_0 EXIST::FUNCTION:CT SSL_CTX_has_client_custom_ext 379 1_1_0 EXIST::FUNCTION: -SSL_get_ct_validation_callback 380 1_1_0 EXIST::FUNCTION:CT +SSL_ct_is_enabled 380 1_1_0 EXIST::FUNCTION:CT SSL_get0_peer_scts 381 1_1_0 EXIST::FUNCTION:CT SSL_CTX_set_ct_validation_callback 382 1_1_0 EXIST::FUNCTION:CT -SSL_CTX_get_ct_validation_callback 383 1_1_0 EXIST::FUNCTION:CT +SSL_CTX_ct_is_enabled 383 1_1_0 EXIST::FUNCTION:CT SSL_set_default_read_buffer_len 384 1_1_0 EXIST::FUNCTION: SSL_CTX_set_default_read_buffer_len 385 1_1_0 EXIST::FUNCTION: SSL_has_pending 386 1_1_0 EXIST::FUNCTION: @@ -390,3 +390,5 @@ SSL_CIPHER_is_aead 389 1_1_0 EXIST::FUNCTION: SSL_SESSION_up_ref 390 1_1_0 EXIST::FUNCTION: SSL_CTX_set0_ctlog_store 391 1_1_0 EXIST::FUNCTION:CT SSL_CTX_get0_ctlog_store 392 1_1_0 EXIST::FUNCTION:CT +SSL_enable_ct 393 1_1_0 EXIST::FUNCTION:CT +SSL_CTX_enable_ct 394 1_1_0 EXIST::FUNCTION:CT -- GitLab