Skip to content

Commit

Permalink
deps: upgrade openssl sources to 1.0.2s
Browse files Browse the repository at this point in the history
PR-URL: #28230
Reviewed-By: Beth Griggs <[email protected]>
  • Loading branch information
sam-github authored and BethGriggs committed Sep 19, 2019
1 parent 3ee076f commit dc9d645
Show file tree
Hide file tree
Showing 107 changed files with 569 additions and 38,796 deletions.
17 changes: 17 additions & 0 deletions deps/openssl/openssl/CHANGES
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,23 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.

Changes between 1.0.2r and 1.0.2s [28 May 2019]

*) Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
This changes the size when using the genpkey app when no size is given. It
fixes an omission in earlier changes that changed all RSA, DSA and DH
generation apps to use 2048 bits by default.
[Kurt Roeckx]

*) Add FIPS support for Android Arm 64-bit

Support for Android Arm 64-bit was added to the OpenSSL FIPS Object
Module in Version 2.0.10. For some reason, the corresponding target
'android64-aarch64' was missing OpenSSL 1.0.2, whence it could not be
built with FIPS support on Android Arm 64-bit. This omission has been
fixed.
[Matthias St. Pierre]

Changes between 1.0.2q and 1.0.2r [26 Feb 2019]

*) 0-byte record padding oracle
Expand Down
1 change: 1 addition & 0 deletions deps/openssl/openssl/Configure
Original file line number Diff line number Diff line change
Expand Up @@ -475,6 +475,7 @@ my %table=(
"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android64-aarch64","gcc:-mandroid -fPIC -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-pie%-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

#### *BSD [do see comment about ${BSDthreads} above!]
"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
Expand Down
4 changes: 2 additions & 2 deletions deps/openssl/openssl/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
## Makefile for OpenSSL
##

VERSION=1.0.2r
VERSION=1.0.2s
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
Expand Down Expand Up @@ -70,7 +70,7 @@ AR= ar $(ARFLAGS) r
RANLIB= /usr/bin/ranlib
RC= windres
NM= nm
PERL= /usr/bin/perl
PERL= /usr/local/bin/perl
TAR= tar
TARFLAGS= --no-recursion
MAKEDEPPROG= gcc
Expand Down
4 changes: 2 additions & 2 deletions deps/openssl/openssl/README
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@

OpenSSL 1.0.2r 26 Feb 2019
OpenSSL 1.0.2s 28 May 2019

Copyright (c) 1998-2018 The OpenSSL Project
Copyright (c) 1998-2019 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.

Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/apps/CA.pl
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/usr/bin/perl
#!/usr/local/bin/perl
#
# CA - wrapper around ca to make it easier to use ... basically ca requires
# some setup stuff to be done before you can use it and this makes
Expand Down
11 changes: 1 addition & 10 deletions deps/openssl/openssl/apps/app_rand.c
Original file line number Diff line number Diff line change
Expand Up @@ -124,16 +124,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
char buffer[200];

#ifdef OPENSSL_SYS_WINDOWS
/*
* allocate 2 to dont_warn not to use RAND_screen() via
* -no_rand_screen option in s_client
*/
if (dont_warn != 2) {
BIO_printf(bio_e, "Loading 'screen' into random state -");
BIO_flush(bio_e);
RAND_screen();
BIO_printf(bio_e, " done\n");
}
RAND_screen();
#endif

if (file == NULL)
Expand Down
31 changes: 8 additions & 23 deletions deps/openssl/openssl/apps/s_client.c
Original file line number Diff line number Diff line change
Expand Up @@ -180,13 +180,6 @@ typedef unsigned int u_int;
# include <fcntl.h>
#endif

/* Use Windows API with STD_INPUT_HANDLE when checking for input?
Don't look at OPENSSL_SYS_MSDOS for this, since it is always defined if
OPENSSL_SYS_WINDOWS is defined */
#if defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WINCE) && defined(STD_INPUT_HANDLE)
#define OPENSSL_USE_STD_INPUT_HANDLE
#endif

#undef PROG
#define PROG s_client_main

Expand Down Expand Up @@ -236,7 +229,6 @@ static BIO *bio_c_msg = NULL;
static int c_quiet = 0;
static int c_ign_eof = 0;
static int c_brief = 0;
static int c_no_rand_screen = 0;

#ifndef OPENSSL_NO_PSK
/* Default PSK identity and key */
Expand Down Expand Up @@ -452,10 +444,6 @@ static void sc_usage(void)
" -keymatexport label - Export keying material using label\n");
BIO_printf(bio_err,
" -keymatexportlen len - Export len bytes of keying material (default 20)\n");
#ifdef OPENSSL_SYS_WINDOWS
BIO_printf(bio_err,
" -no_rand_screen - Do not use RAND_screen() to initialize random state\n");
#endif
}

#ifndef OPENSSL_NO_TLSEXT
Expand Down Expand Up @@ -1149,10 +1137,6 @@ int MAIN(int argc, char **argv)
keymatexportlen = atoi(*(++argv));
if (keymatexportlen == 0)
goto bad;
#ifdef OPENSSL_SYS_WINDOWS
} else if (strcmp(*argv, "-no_rand_screen") == 0) {
c_no_rand_screen = 1;
#endif
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badop = 1;
Expand Down Expand Up @@ -1269,7 +1253,7 @@ int MAIN(int argc, char **argv)
if (!load_excert(&exc, bio_err))
goto end;

if (!app_RAND_load_file(NULL, bio_err, ++c_no_rand_screen) && inrand == NULL
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status()) {
BIO_printf(bio_err,
"warning, not much extra random data, consider using the -rand option\n");
Expand Down Expand Up @@ -1809,16 +1793,17 @@ int MAIN(int argc, char **argv)
tv.tv_usec = 0;
i = select(width, (void *)&readfds, (void *)&writefds,
NULL, &tv);
#if defined(OPENSSL_USE_STD_INPUT_HANDLE)
# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
if (!i && (!_kbhit() || !read_tty))
continue;
# else
if (!i && (!((_kbhit())
|| (WAIT_OBJECT_0 ==
WaitForSingleObject(GetStdHandle
(STD_INPUT_HANDLE),
0)))
|| !read_tty))
continue;
#else
if(!i && (!_kbhit() || !read_tty) ) continue;
# endif
} else
i = select(width, (void *)&readfds, (void *)&writefds,
Expand Down Expand Up @@ -2020,12 +2005,12 @@ int MAIN(int argc, char **argv)
}
}
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
#if defined(OPENSSL_USE_STD_INPUT_HANDLE)
# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
else if (_kbhit())
# else
else if ((_kbhit())
|| (WAIT_OBJECT_0 ==
WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
#else
else if (_kbhit())
# endif
#elif defined (OPENSSL_SYS_NETWARE)
else if (_kbhit())
Expand Down
1 change: 1 addition & 0 deletions deps/openssl/openssl/config
Original file line number Diff line number Diff line change
Expand Up @@ -871,6 +871,7 @@ case "$GUESSOS" in
*-*-qnx6) OUT="QNX6" ;;
x86-*-android|i?86-*-android) OUT="android-x86" ;;
armv[7-9]*-*-android) OUT="android-armv7" ;;
aarch64-*-android) OUT="android64-aarch64" ;;
*) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
esac

Expand Down
4 changes: 2 additions & 2 deletions deps/openssl/openssl/crypto/dh/dh_pmeth.c
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
* 2006.
*/
/* ====================================================================
* Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
* Copyright (c) 2006-2019 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
Expand Down Expand Up @@ -101,7 +101,7 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx)
dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX));
if (!dctx)
return 0;
dctx->prime_len = 1024;
dctx->prime_len = 2048;
dctx->subprime_len = -1;
dctx->generator = 2;
dctx->use_dsa = 0;
Expand Down
10 changes: 5 additions & 5 deletions deps/openssl/openssl/crypto/dsa/dsa_pmeth.c
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
* 2006.
*/
/* ====================================================================
* Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
* Copyright (c) 2006-2019 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
Expand Down Expand Up @@ -69,8 +69,8 @@

typedef struct {
/* Parameter gen parameters */
int nbits; /* size of p in bits (default: 1024) */
int qbits; /* size of q in bits (default: 160) */
int nbits; /* size of p in bits (default: 2048) */
int qbits; /* size of q in bits (default: 224) */
const EVP_MD *pmd; /* MD for parameter generation */
/* Keygen callback info */
int gentmp[2];
Expand All @@ -84,8 +84,8 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
dctx = OPENSSL_malloc(sizeof(DSA_PKEY_CTX));
if (!dctx)
return 0;
dctx->nbits = 1024;
dctx->qbits = 160;
dctx->nbits = 2048;
dctx->qbits = 224;
dctx->pmd = NULL;
dctx->md = NULL;

Expand Down
21 changes: 10 additions & 11 deletions deps/openssl/openssl/crypto/ec/ec2_oct.c
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
*
*/
/* ====================================================================
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
Expand Down Expand Up @@ -299,7 +299,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
BN_CTX *ctx)
{
point_conversion_form_t form;
int y_bit;
int y_bit, m;
BN_CTX *new_ctx = NULL;
BIGNUM *x, *y, *yxi;
size_t field_len, enc_len;
Expand Down Expand Up @@ -332,7 +332,8 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
return EC_POINT_set_to_infinity(group, point);
}

field_len = (EC_GROUP_get_degree(group) + 7) / 8;
m = EC_GROUP_get_degree(group);
field_len = (m + 7) / 8;
enc_len =
(form ==
POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
Expand All @@ -357,7 +358,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,

if (!BN_bin2bn(buf + 1, field_len, x))
goto err;
if (BN_ucmp(x, &group->field) >= 0) {
if (BN_num_bits(x) > m) {
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
goto err;
}
Expand All @@ -369,7 +370,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
} else {
if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
goto err;
if (BN_ucmp(y, &group->field) >= 0) {
if (BN_num_bits(y) > m) {
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
goto err;
}
Expand All @@ -382,16 +383,14 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
}
}

/*
* EC_POINT_set_affine_coordinates_GF2m is responsible for checking that
* the point is on the curve.
*/
if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx))
goto err;
}

/* test required by X9.62 */
if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
}

ret = 1;

err:
Expand Down
22 changes: 19 additions & 3 deletions deps/openssl/openssl/crypto/ec/ec_lib.c
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
* Originally written by Bodo Moeller for the OpenSSL project.
*/
/* ====================================================================
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
Expand Down Expand Up @@ -872,7 +872,15 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
return 0;

if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
EC_R_POINT_IS_NOT_ON_CURVE);
return 0;
}
return 1;
}

#ifndef OPENSSL_NO_EC2M
Expand All @@ -890,7 +898,15 @@ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
return 0;

if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
EC_R_POINT_IS_NOT_ON_CURVE);
return 0;
}
return 1;
}
#endif

Expand Down
4 changes: 2 additions & 2 deletions deps/openssl/openssl/crypto/ec/ec_mult.c
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
* Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
*/
/* ====================================================================
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
Expand Down Expand Up @@ -519,7 +519,7 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r,
ret = 1;

err:
EC_POINT_free(s);
EC_POINT_clear_free(s);
BN_CTX_end(ctx);
BN_CTX_free(new_ctx);

Expand Down
11 changes: 8 additions & 3 deletions deps/openssl/openssl/crypto/ec/ecp_nistp521.c
Original file line number Diff line number Diff line change
Expand Up @@ -356,10 +356,15 @@ static void felem_diff64(felem out, const felem in)
static void felem_diff_128_64(largefelem out, const felem in)
{
/*
* In order to prevent underflow, we add 0 mod p before subtracting.
* In order to prevent underflow, we add 64p mod p (which is equivalent
* to 0 mod p) before subtracting. p is 2^521 - 1, i.e. in binary a 521
* digit number with all bits set to 1. See "The representation of field
* elements" comment above for a description of how limbs are used to
* represent a number. 64p is represented with 8 limbs containing a number
* with 58 bits set and one limb with a number with 57 bits set.
*/
static const limb two63m6 = (((limb) 1) << 62) - (((limb) 1) << 5);
static const limb two63m5 = (((limb) 1) << 62) - (((limb) 1) << 4);
static const limb two63m6 = (((limb) 1) << 63) - (((limb) 1) << 6);
static const limb two63m5 = (((limb) 1) << 63) - (((limb) 1) << 5);

out[0] += two63m6 - in[0];
out[1] += two63m5 - in[1];
Expand Down
Loading

0 comments on commit dc9d645

Please sign in to comment.