Update to openssl 1.0.2h

Signed-off-by: Gary Lin <glin@suse.com>

7 files changed, 18 insertions, 11 deletions

diff --git a/Cryptlib/Include/openssl/comp.h b/Cryptlib/Include/openssl/comp.h
index 406c428a..60a07340 100644
--- a/Cryptlib/Include/openssl/comp.h
+++ b/Cryptlib/Include/openssl/comp.h
@@ -4,6 +4,10 @@
 
 # include <openssl/crypto.h>
 
+# ifdef OPENSSL_NO_COMP
+#  error COMP is disabled.
+# endif
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
diff --git a/Cryptlib/Include/openssl/conf.h b/Cryptlib/Include/openssl/conf.h
index 41cf38e2..c29e97dd 100644
--- a/Cryptlib/Include/openssl/conf.h
+++ b/Cryptlib/Include/openssl/conf.h
@@ -135,9 +135,9 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
 long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
                      const char *name);
 void CONF_free(LHASH_OF(CONF_VALUE) *conf);
-#ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_FP_API
 int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
-#endif
+# endif
 int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
 
 void OPENSSL_config(const char *config_name);
@@ -176,9 +176,9 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
 char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
 int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
                        long *result);
-#ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_FP_API
 int NCONF_dump_fp(const CONF *conf, FILE *out);
-#endif
+# endif
 int NCONF_dump_bio(const CONF *conf, BIO *out);
 
 # if 0                          /* The following function has no error
@@ -192,10 +192,10 @@ long NCONF_get_number(CONF *conf, char *group, char *name);
 
 int CONF_modules_load(const CONF *cnf, const char *appname,
                       unsigned long flags);
-#ifndef OPENSSL_NO_STDIO
+# ifndef OPENSSL_NO_STDIO
 int CONF_modules_load_file(const char *filename, const char *appname,
                            unsigned long flags);
-#endif
+# endif
 void CONF_modules_unload(int all);
 void CONF_modules_finish(void);
 void CONF_modules_free(void);
diff --git a/Cryptlib/Include/openssl/opensslv.h b/Cryptlib/Include/openssl/opensslv.h
index 4334fd15..13fe4402 100644
--- a/Cryptlib/Include/openssl/opensslv.h
+++ b/Cryptlib/Include/openssl/opensslv.h
@@ -30,11 +30,11 @@ extern "C" {
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-# define OPENSSL_VERSION_NUMBER  0x1000207fL
+# define OPENSSL_VERSION_NUMBER  0x1000208fL
 # ifdef OPENSSL_FIPS
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2g-fips  1 Mar 2016"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2h-fips  3 May 2016"
 # else
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2g  1 Mar 2016"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2h  3 May 2016"
 # endif
 # define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
 
diff --git a/Cryptlib/Include/openssl/pem.h b/Cryptlib/Include/openssl/pem.h
index 87b0b6a7..5df6ffdf 100644
--- a/Cryptlib/Include/openssl/pem.h
+++ b/Cryptlib/Include/openssl/pem.h
@@ -515,6 +515,7 @@ int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
                               char *kstr, int klen, pem_password_cb *cd,
                               void *u);
 #endif
+
 EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
 int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
 
diff --git a/Cryptlib/Include/openssl/srp.h b/Cryptlib/Include/openssl/srp.h
index 713fc54b..4ed4bfe5 100644
--- a/Cryptlib/Include/openssl/srp.h
+++ b/Cryptlib/Include/openssl/srp.h
@@ -122,6 +122,7 @@ int SRP_VBASE_free(SRP_VBASE *vb);
 #ifndef OPENSSL_NO_STDIO
 int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
 #endif
+
 /* This method ignores the configured seed and fails for an unknown user. */
 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
 /* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/
diff --git a/Cryptlib/Include/openssl/ssl.h b/Cryptlib/Include/openssl/ssl.h
index 04d4007e..5ef56faa 100644
--- a/Cryptlib/Include/openssl/ssl.h
+++ b/Cryptlib/Include/openssl/ssl.h
@@ -338,7 +338,7 @@ extern "C" {
  * The following cipher list is used by default. It also is substituted when
  * an application-defined cipher list string starts with 'DEFAULT'.
  */
-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
 /*
  * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
  * starts with a reasonable order, and all we have to do for DEFAULT is
@@ -2345,7 +2345,7 @@ const char *SSL_get_version(const SSL *s);
 /* This sets the 'default' SSL version that SSL_new() will create */
 int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
 
-# ifndef OPENSSL_NO_SSL2
+# ifndef OPENSSL_NO_SSL2_METHOD
 const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
 const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
 const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
diff --git a/Cryptlib/Include/openssl/x509.h b/Cryptlib/Include/openssl/x509.h
index 99337b84..fc613ce6 100644
--- a/Cryptlib/Include/openssl/x509.h
+++ b/Cryptlib/Include/openssl/x509.h
@@ -1305,6 +1305,7 @@ void ERR_load_X509_strings(void);
 # define X509_R_LOADING_CERT_DIR                          103
 # define X509_R_LOADING_DEFAULTS                          104
 # define X509_R_METHOD_NOT_SUPPORTED                      124
+# define X509_R_NAME_TOO_LONG                             134
 # define X509_R_NEWER_CRL_NOT_NEWER                       132
 # define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY              105
 # define X509_R_NO_CRL_NUMBER                             130