Permalink
Browse files

Fixes #19 Upgrade to Xcode 5.1.1, SDK 7.1 and OpenSSL 1.0.1g

  • Loading branch information...
1 parent 1327982 commit d37913fd6b9849bf3933a06bcb565bcbbe32002a @st3fan committed May 2, 2014
View
8 README
@@ -9,8 +9,8 @@ Intel targets for running in the simulator.
This script is known to work with the following combination of software versions:
- * MacOS X 10.9
- * XCode 5.0.2 & iOS SDK 7.0
+ * MacOS X 10.9.2
+ * XCode 5.1.1 & iOS SDK 7.1
The compiled libraries should be downward compatible to iOS 4.3 at least.
@@ -42,9 +42,9 @@ IMPORTANT
I included pre-compiled binaries of the openssl libraries in this project mostly for my
own convenience. But you should really not trust me and do two things:
- 1) Verify that the openssl-1.0.1e.tar.gz file is authentic by comparing it's SHA1
+ 1) Verify that the openssl-1.0.1g.tar.gz file is authentic by comparing it's SHA1
hash to the one found on http://www.openssl.org/source/ You can do this with
- the 'openssl sha1 openssl-1.0.1e.tar.gz' command.
+ the 'openssl sha1 openssl-1.0.1g.tar.gz' command.
2) Compile your own version of the library as explained above
Enjoy :-)
View
@@ -8,11 +8,11 @@ set -x
# Setup paths to stuff we need
-OPENSSL_VERSION="1.0.1e"
+OPENSSL_VERSION="1.0.1g"
DEVELOPER="/Applications/Xcode.app/Contents/Developer"
-SDK_VERSION="7.0"
+SDK_VERSION="7.1"
MIN_VERSION="4.3"
IPHONEOS_PLATFORM="${DEVELOPER}/Platforms/iPhoneOS.platform"
View
@@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
BIGNUM *BN_mod_sqrt(BIGNUM *ret,
const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
/* Deprecated versions */
#ifndef OPENSSL_NO_DEPRECATED
BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
@@ -774,11 +776,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
#define bn_fix_top(a) bn_check_top(a)
+#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+#define bn_wcheck_size(bn, words) \
+ do { \
+ const BIGNUM *_bnum2 = (bn); \
+ assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
+ } while(0)
+
#else /* !BN_DEBUG */
#define bn_pollute(a)
#define bn_check_top(a)
#define bn_fix_top(a) bn_correct_top(a)
+#define bn_check_size(bn, bits)
+#define bn_wcheck_size(bn, words)
#endif
View
@@ -88,7 +88,7 @@ int BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
char * BUF_strdup(const char *str);
char * BUF_strndup(const char *str, size_t siz);
void * BUF_memdup(const void *data, size_t siz);
-void BUF_reverse(unsigned char *out, unsigned char *in, size_t siz);
+void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
/* safe string functions */
size_t BUF_strlcpy(char *dst,const char *src,size_t siz);
View
@@ -70,6 +70,15 @@
#include <stdio.h>
#include <ctype.h>
#include <krb5.h>
+#ifdef OPENSSL_SYS_WIN32
+/* These can sometimes get redefined indirectly by krb5 header files
+ * after they get undefed in ossl_typ.h
+ */
+#undef X509_NAME
+#undef X509_EXTENSIONS
+#undef OCSP_REQUEST
+#undef OCSP_RESPONSE
+#endif
#ifdef __cplusplus
extern "C" {
@@ -83,8 +83,8 @@
#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/tmp/openssl-1.0.1e-i386/lib/engines"
-#define OPENSSLDIR "/tmp/openssl-1.0.1e-i386"
+#define ENGINESDIR "/tmp/openssl-1.0.1g-i386/lib/engines"
+#define OPENSSLDIR "/tmp/openssl-1.0.1g-i386"
#endif
#endif
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x1000105fL
+#define OPENSSL_VERSION_NUMBER 0x1000107fL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1e-fips 11 Feb 2013"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-fips 7 Apr 2014"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1e 11 Feb 2013"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g 7 Apr 2014"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
View
@@ -138,6 +138,7 @@ void ERR_load_RAND_strings(void);
#define RAND_F_SSLEAY_RAND_BYTES 100
/* Reason codes. */
+#define RAND_R_DUAL_EC_DRBG_DISABLED 104
#define RAND_R_ERROR_INITIALISING_DRBG 102
#define RAND_R_ERROR_INSTANTIATING_DRBG 103
#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101
View
@@ -555,11 +555,14 @@ struct ssl_session_st
#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
+#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L
#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
#define SSL_OP_TLS_D5_BUG 0x00000100L
#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
+/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0
+
/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
* in OpenSSL 0.9.6d. Usually (depending on the application protocol)
* the workaround is not needed. Unfortunately some broken SSL/TLS
@@ -641,6 +644,12 @@ struct ssl_session_st
* TLS only.) "Released" buffers are put onto a free-list in the context
* or just freed (depending on the context's setting for freelist_max_len). */
#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
+/* Send the current time in the Random fields of the ClientHello and
+ * ServerHello records for compatibility with hypothetical implementations
+ * that require it.
+ */
+#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
+#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
* they cannot be used to clear bits. */
@@ -906,7 +915,7 @@ struct ssl_ctx_st
*/
unsigned int max_send_fragment;
-#ifndef OPENSSL_ENGINE
+#ifndef OPENSSL_NO_ENGINE
/* Engine to pass requests for client certs to
*/
ENGINE *client_cert_engine;
View
@@ -539,6 +539,15 @@ typedef struct ssl3_state_st
/* Set if we saw the Next Protocol Negotiation extension from our peer. */
int next_proto_neg_seen;
#endif
+
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_EC
+ /* This is set to true if we believe that this is a version of Safari
+ * running on OS X 10.6 or newer. We wish to know this because Safari
+ * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
+ char is_probably_safari;
+#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_TLSEXT */
} SSL3_STATE;
#endif
@@ -204,6 +204,12 @@
#define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb
#undef SSL_CTX_set_next_proto_select_cb
#define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb
+#undef ssl3_cbc_record_digest_supported
+#define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support
+#undef ssl_check_clienthello_tlsext_late
+#define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late
+#undef ssl_check_clienthello_tlsext_early
+#define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early
/* Hack some long ENGINE names */
#undef ENGINE_get_default_BN_mod_exp_crt
View
@@ -230,6 +230,12 @@ extern "C" {
/* ExtensionType value from RFC5620 */
#define TLSEXT_TYPE_heartbeat 15
+/* ExtensionType value for TLS padding extension.
+ * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ * http://tools.ietf.org/html/draft-agl-tls-padding-03
+ */
+#define TLSEXT_TYPE_padding 21
+
/* ExtensionType value from RFC4507 */
#define TLSEXT_TYPE_session_ticket 35
View
Binary file not shown.
View
Binary file not shown.
View
Binary file not shown.
View
Binary file not shown.

0 comments on commit d37913f

Please sign in to comment.