Skip to content

Commit

Permalink
deps: upgrade openssl sources to 1.1.1f
Browse files Browse the repository at this point in the history
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1f.tar.gz
    $ mv openssl-1.1.0h openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: nodejs#32583
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
  • Loading branch information
hassaanp authored and richardlau committed Jul 1, 2020
1 parent 89a306b commit 663bbf3
Show file tree
Hide file tree
Showing 30 changed files with 367 additions and 345 deletions.
18 changes: 18 additions & 0 deletions deps/openssl/openssl/CHANGES
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,24 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.

Changes between 1.1.1e and 1.1.1f [31 Mar 2020]

*) Revert the change of EOF detection while reading in libssl to avoid
regressions in applications depending on the current way of reporting
the EOF. As the existing method is not fully accurate the change to
reporting the EOF via SSL_ERROR_SSL is kept on the current development
branch and will be present in the 3.0 release.
[Tomas Mraz]

*) Revised BN_generate_prime_ex to not avoid factors 3..17863 in p-1
when primes for RSA keys are computed.
Since we previously always generated primes == 2 (mod 3) for RSA keys,
the 2-prime and 3-prime RSA modules were easy to distinguish, since
N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore fingerprinting
2-prime vs. 3-prime RSA keys was possible by computing N mod 3.
This avoids possible fingerprinting of newly generated RSA modules.
[Bernd Edlinger]

Changes between 1.1.1d and 1.1.1e [17 Mar 2020]
*) Properly detect EOF while reading in libssl. Previously if we hit an EOF
while reading in libssl then we would report an error back to the
Expand Down
200 changes: 100 additions & 100 deletions deps/openssl/openssl/Configurations/unix-Makefile.tmpl

Large diffs are not rendered by default.

6 changes: 6 additions & 0 deletions deps/openssl/openssl/NEWS
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,16 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.

Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020]

o Revert the unexpected EOF reporting via SSL_ERROR_SSL

Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]

o Fixed an overflow bug in the x64_64 Montgomery squaring procedure
used in exponentiation with 512-bit moduli (CVE-2019-1551)
o Properly detect unexpected EOF while reading in libssl and report
it via SSL_ERROR_SSL

Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]

Expand Down
4 changes: 2 additions & 2 deletions deps/openssl/openssl/README
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@

OpenSSL 1.1.1e 17 Mar 2020
OpenSSL 1.1.1f 31 Mar 2020

Copyright (c) 1998-2019 The OpenSSL Project
Copyright (c) 1998-2020 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.

Expand Down
14 changes: 11 additions & 3 deletions deps/openssl/openssl/apps/rehash.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com>
*
* Licensed under the OpenSSL license (the "License"). You may not use
Expand Down Expand Up @@ -274,11 +274,19 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h)
if (x->x509 != NULL) {
type = TYPE_CERT;
name = X509_get_subject_name(x->x509);
X509_digest(x->x509, evpmd, digest, NULL);
if (!X509_digest(x->x509, evpmd, digest, NULL)) {
BIO_printf(bio_err, "out of memory\n");
++errs;
goto end;
}
} else if (x->crl != NULL) {
type = TYPE_CRL;
name = X509_CRL_get_issuer(x->crl);
X509_CRL_digest(x->crl, evpmd, digest, NULL);
if (!X509_CRL_digest(x->crl, evpmd, digest, NULL)) {
BIO_printf(bio_err, "out of memory\n");
++errs;
goto end;
}
} else {
++errs;
goto end;
Expand Down
4 changes: 2 additions & 2 deletions deps/openssl/openssl/apps/s_server.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
Expand Down Expand Up @@ -1904,7 +1904,7 @@ int s_server_main(int argc, char *argv[])
BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");

if (sdebug)
ssl_ctx_security_debug(ctx, sdebug);
ssl_ctx_security_debug(ctx2, sdebug);

if (session_id_prefix) {
if (strlen(session_id_prefix) >= 32)
Expand Down
5 changes: 1 addition & 4 deletions deps/openssl/openssl/crypto/bn/bn_local.h
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -654,9 +654,6 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
int *noinv);

int bn_probable_prime_dh(BIGNUM *rnd, int bits,
const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);

static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits)
{
if (bits > (INT_MAX - BN_BITS2 + 1))
Expand Down
Loading

0 comments on commit 663bbf3

Please sign in to comment.