Skip to content

Commit

Permalink
deps: upgrade openssl sources to 1.1.0i
Browse files Browse the repository at this point in the history
This updates all sources in deps/openssl/openssl with openssl-1.1.0i.

PR-URL: nodejs#22318
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Rod Vagg <[email protected]>
  • Loading branch information
shigeki authored and rvagg committed Aug 16, 2018
1 parent 32902d0 commit 6090e1f
Show file tree
Hide file tree
Showing 406 changed files with 6,034 additions and 2,897 deletions.
175 changes: 175 additions & 0 deletions deps/openssl/openssl/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,175 @@
# Ignore editor artefacts
/.dir-locals.el

# Top level excludes
/Makefile.orig
/MINFO
/TABLE
/*.a
/*.pc
/rehash.time
/inc.*
/makefile.*
/out.*
/tmp.*
/configdata.pm

# *all* Makefiles
Makefile
# ... except in demos
!/demos/*/Makefile

# Links under apps
/apps/CA.pl
/apps/tsget
/apps/tsget.pl
/apps/md4.c

# Auto generated headers
/crypto/buildinf.h
/apps/progs.h
/crypto/include/internal/*_conf.h
/openssl/include/opensslconf.h
/util/domd

# Executables
/apps/openssl
/test/sha256t
/test/sha512t
/test/gost2814789t
/test/ssltest_old
/test/*test
/test/fips_aesavs
/test/fips_desmovs
/test/fips_dhvs
/test/fips_drbgvs
/test/fips_dssvs
/test/fips_ecdhvs
/test/fips_ecdsavs
/test/fips_rngvs
/test/fips_test_suite
/test/ssltest_old
/test/x509aux
/test/v3ext
/test/versions

# Certain files that get created by tests on the fly
/test/test-runs
/test/buildtest_*

# Fuzz stuff.
# Anything without an extension is an executable on Unix, so we keep files
# with extensions. And we keep the corpora subddir versioned as well.
# Anything more generic with extensions that should be ignored will be taken
# care of by general ignores for those extensions (*.o, *.obj, *.exe, ...)
/fuzz/*
!/fuzz/README*
!/fuzz/corpora
!/fuzz/*.*

# Misc auto generated files
/include/openssl/opensslconf.h
/tools/c_rehash
/tools/c_rehash.pl
/util/shlib_wrap.sh
/tags
/TAGS
/crypto.map
/ssl.map

# Windows (legacy)
/tmp32
/tmp32.dbg
/tmp32dll
/tmp32dll.dbg
/out32
/out32.dbg
/out32dll
/out32dll.dbg
/inc32
/MINFO
/ms/.rnd
/ms/bcb.mak
/ms/libeay32.def
/ms/nt.mak
/ms/ntdll.mak
/ms/ssleay32.def
/ms/version32.rc

# Files created on other branches that are not held in git, and are not
# needed on this branch
/include/openssl/asn1_mac.h
/include/openssl/des_old.h
/include/openssl/fips.h
/include/openssl/fips_rand.h
/include/openssl/krb5_asn.h
/include/openssl/kssl.h
/include/openssl/pq_compat.h
/include/openssl/ssl23.h
/include/openssl/tmdiff.h
/include/openssl/ui_compat.h
/test/fips_aesavs.c
/test/fips_desmovs.c
/test/fips_dsatest.c
/test/fips_dssvs.c
/test/fips_hmactest.c
/test/fips_randtest.c
/test/fips_rngvs.c
/test/fips_rsagtest.c
/test/fips_rsastest.c
/test/fips_rsavtest.c
/test/fips_shatest.c
/test/fips_test_suite.c
/test/shatest.c

##### Generic patterns
# Auto generated assembly language source files
*.s
!/crypto/*/asm/*.s
/crypto/arm*.S
/crypto/*/*.S
*.asm
!/crypto/*/asm/*.asm

# Object files
*.o
*.obj

# editor artefacts
*.swp
.#*
\#*#
*~

# Certificate symbolic links
*.0

# All kinds of executables
*.so
*.so.*
*.dylib
*.dylib.*
*.dll
*.dll.*
*.exe
*.pyc
*.exp
*.lib
*.pdb
*.ilk
*.def
*.rc
*.res

# Misc generated stuff
Makefile.save
/crypto/**/lib
/engines/**/lib
/ssl/**/lib
*.bak
cscope.*
*.d
pod2htmd.tmp

# Windows manifest files
*.manifest
12 changes: 8 additions & 4 deletions deps/openssl/openssl/.travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -61,15 +61,15 @@ matrix:
sources:
- ubuntu-toolchain-r-test
compiler: gcc-5
env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC"
env: UBUNTU_GCC_HACK="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC"
- os: linux
addons:
apt:
packages:
- binutils-mingw-w64
- gcc-mingw-w64
compiler: i686-w64-mingw32-gcc
env: CONFIG_OPTS="no-pic" TESTS="-test_fuzz"
env: CONFIG_OPTS="no-pic"
- os: linux
addons:
apt:
Expand All @@ -85,7 +85,7 @@ matrix:
- binutils-mingw-w64
- gcc-mingw-w64
compiler: x86_64-w64-mingw32-gcc
env: CONFIG_OPTS="no-pic" TESTS="-test_fuzz"
env: CONFIG_OPTS="no-pic"
- os: linux
addons:
apt:
Expand All @@ -112,6 +112,10 @@ before_script:
srcdir=.;
top=.;
fi
- if [ -n "$UBUNTU_GCC_HACK" ]; then
$CC -dumpspecs | sed "s/--push-state//g; s/--pop-state/--as-needed/g" > gcc-specs.txt;
CC="$CC -specs=gcc-specs.txt";
fi
- if [ "$CC" == i686-w64-mingw32-gcc ]; then
export CROSS_COMPILE=${CC%%gcc}; unset CC;
$srcdir/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format;
Expand Down Expand Up @@ -186,7 +190,7 @@ script:
fi
- if [ -n "$DESTDIR" ]; then
mkdir "../$DESTDIR";
if $make install install_docs DESTDIR="../$DESTDIR"; then
if $make install DESTDIR="../$DESTDIR"; then
echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS OK';
else
echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS FAILED'; false;
Expand Down
95 changes: 85 additions & 10 deletions deps/openssl/openssl/CHANGES
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,81 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.

Changes between 1.1.0h and 1.1.0i [14 Aug 2018]

*) Client DoS due to large DH parameter

During key agreement in a TLS handshake using a DH(E) based ciphersuite a
malicious server can send a very large prime value to the client. This will
cause the client to spend an unreasonably long period of time generating a
key for this prime resulting in a hang until the client has finished. This
could be exploited in a Denial Of Service attack.

This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken
(CVE-2018-0732)
[Guido Vranken]

*) Cache timing vulnerability in RSA Key Generation

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to
a cache timing side channel attack. An attacker with sufficient access to
mount cache timing attacks during the RSA key generation process could
recover the private key.

This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera
Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
(CVE-2018-0737)
[Billy Brumley]

*) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
parameter is no longer accepted, as it leads to a corrupt table. NULL
pem_str is reserved for alias entries only.
[Richard Levitte]

*) Revert blinding in ECDSA sign and instead make problematic addition
length-invariant. Switch even to fixed-length Montgomery multiplication.
[Andy Polyakov]

*) Change generating and checking of primes so that the error rate of not
being prime depends on the intended use based on the size of the input.
For larger primes this will result in more rounds of Miller-Rabin.
The maximal error rate for primes with more than 1080 bits is lowered
to 2^-128.
[Kurt Roeckx, Annie Yousar]

*) Increase the number of Miller-Rabin rounds for DSA key generating to 64.
[Kurt Roeckx]

*) Add blinding to ECDSA and DSA signatures to protect against side channel
attacks discovered by Keegan Ryan (NCC Group).
[Matt Caswell]

*) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
now allow empty (zero character) pass phrases.
[Richard Levitte]

*) Certificate time validation (X509_cmp_time) enforces stricter
compliance with RFC 5280. Fractional seconds and timezone offsets
are no longer allowed.
[Emilia Käsper]

*) Fixed a text canonicalisation bug in CMS

Where a CMS detached signature is used with text content the text goes
through a canonicalisation process first prior to signing or verifying a
signature. This process strips trailing space at the end of lines, converts
line terminators to CRLF and removes additional trailing line terminators
at the end of a file. A bug in the canonicalisation process meant that
some characters, such as form-feed, were incorrectly treated as whitespace
and removed. This is contrary to the specification (RFC5485). This fix
could mean that detached text data signed with an earlier version of
OpenSSL 1.1.0 may fail to verify using the fixed version, or text data
signed with a fixed OpenSSL may fail to verify with an earlier version of
OpenSSL 1.1.0. A workaround is to only verify the canonicalised text data
and use the "-binary" flag (for the "cms" command line application) or set
the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify()).
[Matt Caswell]

Changes between 1.1.0g and 1.1.0h [27 Mar 2018]

*) Constructed ASN.1 types with a recursive definition could exceed the stack
Expand Down Expand Up @@ -1144,13 +1219,13 @@
[Steve Henson]

*) Experimental encrypt-then-mac support.

Experimental support for encrypt then mac from
draft-gutmann-tls-encrypt-then-mac-02.txt

To enable it set the appropriate extension number (0x42 for the test
server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x42

For non-compliant peers (i.e. just about everything) this should have no
effect.

Expand Down Expand Up @@ -1201,7 +1276,7 @@

*) Use separate DRBG fields for internal and external flags. New function
FIPS_drbg_health_check() to perform on demand health checking. Add
generation tests to fips_test_suite with reduced health check interval to
generation tests to fips_test_suite with reduced health check interval to
demonstrate periodic health checking. Add "nodh" option to
fips_test_suite to skip very slow DH test.
[Steve Henson]
Expand All @@ -1215,7 +1290,7 @@
combination: call this in fips_test_suite.
[Steve Henson]

*) Add support for canonical generation of DSA parameter 'g'. See
*) Add support for canonical generation of DSA parameter 'g'. See
FIPS 186-3 A.2.3.

*) Add support for HMAC DRBG from SP800-90. Update DRBG algorithm test and
Expand All @@ -1239,7 +1314,7 @@
requested amount of entropy.
[Steve Henson]

*) Add PRNG security strength checks to RSA, DSA and ECDSA using
*) Add PRNG security strength checks to RSA, DSA and ECDSA using
information in FIPS186-3, SP800-57 and SP800-131A.
[Steve Henson]

Expand Down Expand Up @@ -1331,7 +1406,7 @@
can be set or retrieved with a ctrl. The IV length is by default 12
bytes (96 bits) but can be set to an alternative value. If the IV
length exceeds the maximum IV length (currently 16 bytes) it cannot be
set before the key.
set before the key.
[Steve Henson]

*) New flag in ciphers: EVP_CIPH_FLAG_CUSTOM_CIPHER. This means the
Expand Down Expand Up @@ -1374,7 +1449,7 @@
Add CMAC pkey methods.
[Steve Henson]

*) Experimental renegotiation in s_server -www mode. If the client
*) Experimental renegotiation in s_server -www mode. If the client
browses /reneg connection is renegotiated. If /renegcert it is
renegotiated requesting a certificate.
[Steve Henson]
Expand All @@ -1394,7 +1469,7 @@
*) New macro __owur for "OpenSSL Warn Unused Result". This makes use of
a gcc attribute to warn if the result of a function is ignored. This
is enable if DEBUG_UNUSED is set. Add to several functions in evp.h
whose return value is often ignored.
whose return value is often ignored.
[Steve Henson]

*) New -noct, -requestct, -requirect and -ctlogfile options for s_client.
Expand Down Expand Up @@ -3628,7 +3703,7 @@

*) New option -sigopt to dgst utility. Update dgst to use
EVP_Digest{Sign,Verify}*. These two changes make it possible to use
alternative signing parameters such as X9.31 or PSS in the dgst
alternative signing parameters such as X9.31 or PSS in the dgst
utility.
[Steve Henson]

Expand Down Expand Up @@ -12379,7 +12454,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) Fixed sk_insert which never worked properly.
[Steve Henson]

*) Fix ASN1 macros so they can handle indefinite length constructed
*) Fix ASN1 macros so they can handle indefinite length constructed
EXPLICIT tags. Some non standard certificates use these: they can now
be read in.
[Steve Henson]
Expand Down
Loading

0 comments on commit 6090e1f

Please sign in to comment.