Skip to content

Commit

Permalink
deps: upgrade openssl sources to 1.0.2d
Browse files Browse the repository at this point in the history
This just replaces all sources of openssl-1.0.2d.tar.gz
into deps/openssl/openssl

deps: copy all openssl header files to include dir

All symlink files in `deps/openssl/openssl/include/openssl/`
 are removed and replaced with real header files to avoid
issues on Windows.

deps: fix openssl assembly error on ia32 win32

`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Shigeki Ohtsu <[email protected]>

deps: fix asm build error of openssl in x86_win32

See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>

openssl: fix keypress requirement in apps on win32

Reapply b910613 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>

deps: add -no_rand_screen to openssl s_client

In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: nodejs#1461
PR-URL: nodejs#1836
Reviewed-By: Ben Noordhuis <[email protected]>

PR-URL: nodejs#2141
Reviewed-By: Ben Noordhuis <[email protected]>
  • Loading branch information
Shigeki Ohtsu authored and bnoordhuis committed Jul 9, 2015
1 parent 6bef15a commit ca93f7f
Show file tree
Hide file tree
Showing 54 changed files with 965 additions and 270 deletions.
15 changes: 15 additions & 0 deletions deps/openssl/openssl/CHANGES
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,21 @@
OpenSSL CHANGES
_______________

Changes between 1.0.2c and 1.0.2d [9 Jul 2015]

*) Alternate chains certificate forgery

During certificate verfification, OpenSSL will attempt to find an
alternative certificate chain if the first attempt to build such a chain
fails. An error in the implementation of this logic can mean that an
attacker could cause certain checks on untrusted certificates to be
bypassed, such as the CA flag, enabling them to use a valid leaf
certificate to act as a CA and "issue" an invalid certificate.

This issue was reported to OpenSSL by Adam Langley/David Benjamin
(Google/BoringSSL).
[Matt Caswell]

Changes between 1.0.2b and 1.0.2c [12 Jun 2015]

*) Fix HMAC ABI incompatibility. The previous version introduced an ABI
Expand Down
13 changes: 7 additions & 6 deletions deps/openssl/openssl/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
## Makefile for OpenSSL
##

VERSION=1.0.2c
VERSION=1.0.2d
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
Expand Down Expand Up @@ -271,6 +271,7 @@ reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)

sub_all: build_all

build_all: build_libs build_apps build_tests build_tools

build_libs: build_libcrypto build_libssl openssl.pc
Expand All @@ -280,15 +281,15 @@ build_libssl: build_ssl libssl.pc

build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
build_ssl:
build_ssl: build_crypto
@dir=ssl; target=all; $(BUILD_ONE_CMD)
build_engines:
build_engines: build_crypto
@dir=engines; target=all; $(BUILD_ONE_CMD)
build_apps:
build_apps: build_libs
@dir=apps; target=all; $(BUILD_ONE_CMD)
build_tests:
build_tests: build_libs
@dir=test; target=all; $(BUILD_ONE_CMD)
build_tools:
build_tools: build_libs
@dir=tools; target=all; $(BUILD_ONE_CMD)

all_testapps: build_libs build_testapps
Expand Down
13 changes: 7 additions & 6 deletions deps/openssl/openssl/Makefile.bak
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
## Makefile for OpenSSL
##

VERSION=1.0.2c-dev
VERSION=1.0.2d-dev
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
Expand Down Expand Up @@ -271,6 +271,7 @@ reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)

sub_all: build_all

build_all: build_libs build_apps build_tests build_tools

build_libs: build_libcrypto build_libssl openssl.pc
Expand All @@ -280,15 +281,15 @@ build_libssl: build_ssl libssl.pc

build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
build_ssl:
build_ssl: build_crypto
@dir=ssl; target=all; $(BUILD_ONE_CMD)
build_engines:
build_engines: build_crypto
@dir=engines; target=all; $(BUILD_ONE_CMD)
build_apps:
build_apps: build_libs
@dir=apps; target=all; $(BUILD_ONE_CMD)
build_tests:
build_tests: build_libs
@dir=test; target=all; $(BUILD_ONE_CMD)
build_tools:
build_tools: build_libs
@dir=tools; target=all; $(BUILD_ONE_CMD)

all_testapps: build_libs build_testapps
Expand Down
11 changes: 6 additions & 5 deletions deps/openssl/openssl/Makefile.org
Original file line number Diff line number Diff line change
Expand Up @@ -269,6 +269,7 @@ reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)

sub_all: build_all

build_all: build_libs build_apps build_tests build_tools

build_libs: build_libcrypto build_libssl openssl.pc
Expand All @@ -278,15 +279,15 @@ build_libssl: build_ssl libssl.pc

build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
build_ssl:
build_ssl: build_crypto
@dir=ssl; target=all; $(BUILD_ONE_CMD)
build_engines:
build_engines: build_crypto
@dir=engines; target=all; $(BUILD_ONE_CMD)
build_apps:
build_apps: build_libs
@dir=apps; target=all; $(BUILD_ONE_CMD)
build_tests:
build_tests: build_libs
@dir=test; target=all; $(BUILD_ONE_CMD)
build_tools:
build_tools: build_libs
@dir=tools; target=all; $(BUILD_ONE_CMD)

all_testapps: build_libs build_testapps
Expand Down
4 changes: 4 additions & 0 deletions deps/openssl/openssl/NEWS
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.

Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015]

o Alternate chains certificate forgery (CVE-2015-1793)

Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]

o Fix HMAC ABI incompatibility
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/README
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@

OpenSSL 1.0.2c 12 Jun 2015
OpenSSL 1.0.2d 9 Jul 2015

Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Expand Down
1 change: 1 addition & 0 deletions deps/openssl/openssl/apps/ocsp.c
Original file line number Diff line number Diff line change
Expand Up @@ -209,6 +209,7 @@ int MAIN(int argc, char **argv)
OPENSSL_free(tport);
if (tpath)
OPENSSL_free(tpath);
thost = tport = tpath = NULL;
if (args[1]) {
args++;
if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl)) {
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/crypto/bio/bio.h
Original file line number Diff line number Diff line change
Expand Up @@ -291,7 +291,7 @@ void BIO_clear_flags(BIO *b, int flags);
* BIO_CB_RETURN flag indicates if it is after the call
*/
# define BIO_CB_RETURN 0x80
# define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)
# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN))
# define BIO_cb_post(a) ((a)&BIO_CB_RETURN)

Expand Down
1 change: 1 addition & 0 deletions deps/openssl/openssl/crypto/bn/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -253,6 +253,7 @@ bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp.c bn_lcl.h
bn_exp.o: rsaz_exp.h
bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
Expand Down
8 changes: 1 addition & 7 deletions deps/openssl/openssl/crypto/bn/bn_exp.c
Original file line number Diff line number Diff line change
Expand Up @@ -126,13 +126,7 @@
# include <alloca.h>
#endif

#undef RSAZ_ENABLED
#if defined(OPENSSL_BN_ASM_MONT) && \
(defined(__x86_64) || defined(__x86_64__) || \
defined(_M_AMD64) || defined(_M_X64))
# include "rsaz_exp.h"
# define RSAZ_ENABLED
#endif
#include "rsaz_exp.h"

#undef SPARC_T4_MONT
#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc))
Expand Down
3 changes: 1 addition & 2 deletions deps/openssl/openssl/crypto/bn/bntest.c
Original file line number Diff line number Diff line change
Expand Up @@ -1042,15 +1042,13 @@ int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx)
{
BIGNUM *a, *p, *m, *d, *e;

BN_MONT_CTX *mont;

a = BN_new();
p = BN_new();
m = BN_new();
d = BN_new();
e = BN_new();

mont = BN_MONT_CTX_new();

BN_bntest_rand(m, 1024, 0, 1); /* must be odd for montgomery */
Expand Down Expand Up @@ -1099,6 +1097,7 @@ int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx)
fprintf(stderr, "Modular exponentiation test failed!\n");
return 0;
}
BN_MONT_CTX_free(mont);
BN_free(a);
BN_free(p);
BN_free(m);
Expand Down
10 changes: 10 additions & 0 deletions deps/openssl/openssl/crypto/bn/rsaz_exp.c
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@

#include "rsaz_exp.h"

#ifdef RSAZ_ENABLED

/*
* See crypto/bn/asm/rsaz-avx2.pl for further details.
*/
Expand Down Expand Up @@ -334,3 +336,11 @@ void RSAZ_512_mod_exp(BN_ULONG result[8],

OPENSSL_cleanse(storage, sizeof(storage));
}

#else

# if defined(PEDANTIC) || defined(__DECC) || defined(__clang__)
static void *dummy = &dummy;
# endif

#endif
11 changes: 10 additions & 1 deletion deps/openssl/openssl/crypto/bn/rsaz_exp.h
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,13 @@
#ifndef RSAZ_EXP_H
# define RSAZ_EXP_H

# include <openssl/bn.h>
# undef RSAZ_ENABLED
# if defined(OPENSSL_BN_ASM_MONT) && \
(defined(__x86_64) || defined(__x86_64__) || \
defined(_M_AMD64) || defined(_M_X64))
# define RSAZ_ENABLED

# include <openssl/bn.h>

void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16],
const BN_ULONG base_norm[16],
Expand All @@ -44,4 +50,7 @@ void RSAZ_512_mod_exp(BN_ULONG result[8],
const BN_ULONG base_norm[8], const BN_ULONG exponent[8],
const BN_ULONG m_norm[8], BN_ULONG k0,
const BN_ULONG RR[8]);

# endif

#endif
3 changes: 2 additions & 1 deletion deps/openssl/openssl/crypto/cms/cms_smime.c
Original file line number Diff line number Diff line change
Expand Up @@ -374,7 +374,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
tmpin = BIO_new_mem_buf(ptr, len);
if (tmpin == NULL) {
CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE);
return 0;
goto err2;
}
} else
tmpin = dcont;
Expand Down Expand Up @@ -405,6 +405,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
else
BIO_free_all(cmsbio);

err2:
if (cms_certs)
sk_X509_pop_free(cms_certs, X509_free);
if (crls)
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/crypto/evp/e_aes.c
Original file line number Diff line number Diff line change
Expand Up @@ -1771,7 +1771,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
case EVP_CTRL_CCM_SET_TAG:
if ((arg & 1) || arg < 4 || arg > 16)
return 0;
if ((c->encrypt && ptr) || (!c->encrypt && !ptr))
if (c->encrypt && ptr)
return 0;
if (ptr) {
cctx->tag_set = 1;
Expand Down
3 changes: 3 additions & 0 deletions deps/openssl/openssl/crypto/hmac/hmactest.c
Original file line number Diff line number Diff line change
Expand Up @@ -195,6 +195,7 @@ int main(int argc, char *argv[])
}
printf("test 4 ok\n");
test5:
HMAC_CTX_cleanup(&ctx);
HMAC_CTX_init(&ctx);
if (HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, NULL, NULL)) {
printf("Should fail to initialise HMAC with empty MD (test 5)\n");
Expand Down Expand Up @@ -284,6 +285,7 @@ int main(int argc, char *argv[])
printf("test 5 ok\n");
}
test6:
HMAC_CTX_cleanup(&ctx);
HMAC_CTX_init(&ctx);
if (!HMAC_Init_ex(&ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) {
printf("Failed to initialise HMAC (test 6)\n");
Expand Down Expand Up @@ -314,6 +316,7 @@ int main(int argc, char *argv[])
printf("test 6 ok\n");
}
end:
HMAC_CTX_cleanup(&ctx);
EXIT(err);
return (0);
}
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/crypto/opensslconf.h.in
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@
#endif

#if defined(DES_RISC1) && defined(DES_RISC2)
YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
#endif

/* Unroll the inner loop, this sometimes helps, sometimes hinders.
Expand Down
6 changes: 3 additions & 3 deletions deps/openssl/openssl/crypto/opensslv.h
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
# define OPENSSL_VERSION_NUMBER 0x1000203fL
# define OPENSSL_VERSION_NUMBER 0x1000204fL
# ifdef OPENSSL_FIPS
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2c-fips 12 Jun 2015"
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2d-fips 9 Jul 2015"
# else
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2c 12 Jun 2015"
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2d 9 Jul 2015"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

Expand Down
2 changes: 2 additions & 0 deletions deps/openssl/openssl/crypto/pkcs12/p12_kiss.c
Original file line number Diff line number Diff line change
Expand Up @@ -135,10 +135,12 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,

while ((x = sk_X509_pop(ocerts))) {
if (pkey && *pkey && cert && !*cert) {
ERR_set_mark();
if (X509_check_private_key(x, *pkey)) {
*cert = x;
x = NULL;
}
ERR_pop_to_mark();
}

if (ca && x) {
Expand Down
1 change: 1 addition & 0 deletions deps/openssl/openssl/crypto/srp/srptest.c
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,7 @@ int main(int argc, char **argv)
ERR_remove_thread_state(NULL);
ERR_free_strings();
CRYPTO_mem_leaks(bio_err);
BIO_free(bio_err);

return 0;
}
Expand Down
Loading

0 comments on commit ca93f7f

Please sign in to comment.