Skip to content

Commit

Permalink
deps: upgrade openssl sources to 1.0.2o
Browse files Browse the repository at this point in the history
This replaces all sources of openssl-1.0.2o.tar.gz into
deps/openssl/openssl

PR-URL: #19638
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Rod Vagg <rod@vagg.org>
  • Loading branch information
shigeki authored and MylesBorins committed Mar 28, 2018
1 parent df62e69 commit d10b7f1
Show file tree
Hide file tree
Showing 250 changed files with 1,387 additions and 39,509 deletions.
22 changes: 20 additions & 2 deletions deps/openssl/openssl/CHANGES
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,21 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.

Changes between 1.0.2n and 1.0.2o [27 Mar 2018]

*) Constructed ASN.1 types with a recursive definition could exceed the stack

Constructed ASN.1 types with a recursive definition (such as can be found
in PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. This could result in a Denial Of Service attack. There
are no such structures used within SSL/TLS that come from untrusted sources
so this is considered safe.

This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
project.
(CVE-2018-0739)
[Matt Caswell]

Changes between 1.0.2m and 1.0.2n [7 Dec 2017]

*) Read/write after SSL object in error state
Expand Down Expand Up @@ -2012,8 +2027,11 @@
to work with OPENSSL_NO_SSL_INTERN defined.
[Steve Henson]

*) Add SRP support.
[Tom Wu <tjw@cs.stanford.edu> and Ben Laurie]
*) A long standing patch to add support for SRP from EdelWeb (Peter
Sylvester and Christophe Renou) was integrated.
[Christophe Renou <christophe.renou@edelweb.fr>, Peter Sylvester
<peter.sylvester@edelweb.fr>, Tom Wu <tjw@cs.stanford.edu>, and
Ben Laurie]

*) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
[Steve Henson]
Expand Down
24 changes: 15 additions & 9 deletions deps/openssl/openssl/Configure
Original file line number Diff line number Diff line change
Expand Up @@ -354,7 +354,7 @@ my %table=(
"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
"MPE/iX-gcc", "gcc:-DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",

# DEC Alpha OSF/1/Tru64 targets.
#
Expand Down Expand Up @@ -1269,7 +1269,7 @@ my ($prelflags,$postlflags)=split('%',$lflags);
if (defined($postlflags)) { $lflags=$postlflags; }
else { $lflags=$prelflags; undef $prelflags; }

if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
if ($target =~ /^mingw/ && `$cross_compile_prefix$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
{
$cflags =~ s/\-mno\-cygwin\s*//;
$shared_ldflag =~ s/\-mno\-cygwin\s*//;
Expand Down Expand Up @@ -1661,18 +1661,25 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
$shlib_minor=$2;
}

my $ecc = $cc;
$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
my %predefined;

# collect compiler pre-defines from gcc or gcc-alike...
open(PIPE, "$cross_compile_prefix$cc -dM -E -x c /dev/null 2>&1 |");
while (<PIPE>) {
m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last;
$predefined{$1} = defined($2) ? $2 : "";
}
close(PIPE);

if ($strict_warnings)
{
my $wopt;
die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
die "ERROR --strict-warnings requires gcc or clang" unless defined($predefined{__GNUC__});
foreach $wopt (split /\s+/, $gcc_devteam_warn)
{
$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
}
if ($ecc eq "clang")
if (defined($predefined{__clang__}))
{
foreach $wopt (split /\s+/, $clang_devteam_warn)
{
Expand Down Expand Up @@ -1723,15 +1730,14 @@ while (<IN>)
s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $predefined{__GNUC__} >= 3;
}
else {
s/^CC=.*$/CC= $cc/;
s/^AR=\s*ar/AR= $ar/;
s/^RANLIB=.*/RANLIB= $ranlib/;
s/^RC=.*/RC= $windres/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang";
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $predefined{__GNUC__} >= 3;
}
s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/LICENSE
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
---------------

/* ====================================================================
* Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
Expand Down
14 changes: 7 additions & 7 deletions deps/openssl/openssl/MacOS/Randomizer.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -266,7 +266,7 @@ void CRandomizer::AddCurrentMouse (void)

if (labs (mLastMouse.h - mouseLoc.h) > kMouseResolution/2 &&
labs (mLastMouse.v - mouseLoc.v) > kMouseResolution/2)
AddBytes (&mouseLoc, sizeof (mouseLoc),
AddBytes (&mouseLoc, sizeof(mouseLoc),
kMousePositionEntropy);

if (mLastMouse.h == mouseLoc.h && mLastMouse.v == mouseLoc.v)
Expand All @@ -286,7 +286,7 @@ void CRandomizer::AddCurrentMouse (void)
(kTypicalMouseIdleTicks/(double)lastCheck);
if (entropy < 0.0)
entropy = 0.0;
AddBytes (&mMouseStill, sizeof (mMouseStill), entropy);
AddBytes (&mMouseStill, sizeof(mMouseStill), entropy);
mMouseStill = 0;
}
mLastMouse = mouseLoc;
Expand All @@ -299,7 +299,7 @@ void CRandomizer::AddAbsoluteSystemStartupTime (void)
GetDateTime (&now);
now -= TickCount() / 60; // Time in ticks since machine
// startup
AddBytes (&now, sizeof (now), kSysStartupEntropy);
AddBytes (&now, sizeof(now), kSysStartupEntropy);
}

void CRandomizer::AddTimeSinceMachineStartup (void)
Expand All @@ -314,7 +314,7 @@ void CRandomizer::AddAppRunningTime (void)
ProcessSerialNumber PSN;
ProcessInfoRec ProcessInfo;

ProcessInfo.processInfoLength = sizeof (ProcessInfoRec);
ProcessInfo.processInfoLength = sizeof(ProcessInfoRec);
ProcessInfo.processName = nil;
ProcessInfo.processAppSpec = nil;

Expand All @@ -324,7 +324,7 @@ void CRandomizer::AddAppRunningTime (void)
// Now add the amount of time in ticks that the current process
// has been active

AddBytes (&ProcessInfo, sizeof (ProcessInfoRec),
AddBytes (&ProcessInfo, sizeof(ProcessInfoRec),
kApplicationUpTimeEntropy);
}

Expand Down Expand Up @@ -353,7 +353,7 @@ void CRandomizer::AddStartupVolumeInfo (void)
// unpredictable, so might as well toss the whole block in. See
// comments for entropy estimate justifications.

AddBytes (&pb, sizeof (pb),
AddBytes (&pb, sizeof(pb),
kVolumeBytesEntropy +
log2l (((pb.ioVTotalBytes.hi - pb.ioVFreeBytes.hi)
* 4294967296.0D +
Expand Down Expand Up @@ -419,7 +419,7 @@ void CRandomizer::AddBytes (void *data, long size, double entropy)
void CRandomizer::AddNow (double millisecondUncertainty)
{
long time = SysTimer();
AddBytes (&time, sizeof (time), log2l (millisecondUncertainty *
AddBytes (&time, sizeof(time), log2l (millisecondUncertainty *
mTimebaseTicksPerMillisec));
}

Expand Down
4 changes: 2 additions & 2 deletions deps/openssl/openssl/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
## Makefile for OpenSSL
##

VERSION=1.0.2n
VERSION=1.0.2o
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
Expand Down Expand Up @@ -73,7 +73,7 @@ NM= nm
PERL= /usr/bin/perl
TAR= tar
TARFLAGS= --no-recursion
MAKEDEPPROG=makedepend
MAKEDEPPROG= cc
LIBDIR=lib

# We let the C compiler driver to take care of .s files. This is done in
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/Makefile.bak
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
## Makefile for OpenSSL
##

VERSION=1.0.2n
VERSION=1.0.2o
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
Expand Down
5 changes: 5 additions & 0 deletions deps/openssl/openssl/NEWS
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.

Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018]

o Constructed ASN.1 types with a recursive definition could exceed the
stack (CVE-2018-0739)

Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017]

o Read/write after SSL object in error state (CVE-2017-3737)
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/README
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@

OpenSSL 1.0.2n 7 Dec 2017
OpenSSL 1.0.2o 27 Mar 2018

Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Expand Down
15 changes: 3 additions & 12 deletions deps/openssl/openssl/apps/app_rand.c
Original file line number Diff line number Diff line change
Expand Up @@ -124,20 +124,11 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
char buffer[200];

#ifdef OPENSSL_SYS_WINDOWS
/*
* allocate 2 to dont_warn not to use RAND_screen() via
* -no_rand_screen option in s_client
*/
if (dont_warn != 2) {
BIO_printf(bio_e, "Loading 'screen' into random state -");
BIO_flush(bio_e);
RAND_screen();
BIO_printf(bio_e, " done\n");
}
RAND_screen();
#endif

if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer);
file = RAND_file_name(buffer, sizeof(buffer));
else if (RAND_egd(file) > 0) {
/*
* we try if the given filename is an EGD socket. if it is, we don't
Expand Down Expand Up @@ -212,7 +203,7 @@ int app_RAND_write_file(const char *file, BIO *bio_e)
return 0;

if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer);
file = RAND_file_name(buffer, sizeof(buffer));
if (file == NULL || !RAND_write_file(file)) {
BIO_printf(bio_e, "unable to write 'random state'\n");
return 0;
Expand Down
Loading

0 comments on commit d10b7f1

Please sign in to comment.