Skip to content

Commit

Permalink
deps: upgrade openssl sources to 1.1.0j
Browse files Browse the repository at this point in the history
This updates all sources in deps/openssl/openssl with openssl-1.1.0j.

PR-URL: #24523
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
  • Loading branch information
sam-github committed Nov 22, 2018
1 parent 33a25b2 commit 790fae5
Show file tree
Hide file tree
Showing 120 changed files with 9,123 additions and 3,636 deletions.
176 changes: 176 additions & 0 deletions deps/openssl/openssl/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,176 @@
# Ignore editor artefacts
/.dir-locals.el

# Top level excludes
/Makefile.orig
/MINFO
/TABLE
/*.a
/*.pc
/rehash.time
/inc.*
/makefile.*
/out.*
/tmp.*
/configdata.pm

# *all* Makefiles
Makefile
# ... except in demos
!/demos/*/Makefile

# Links under apps
/apps/CA.pl
/apps/tsget
/apps/tsget.pl
/apps/md4.c

# Auto generated headers
/crypto/buildinf.h
/apps/progs.h
/crypto/include/internal/*_conf.h
/openssl/include/opensslconf.h
/util/domd

# Executables
/apps/openssl
/test/sha256t
/test/sha512t
/test/gost2814789t
/test/ssltest_old
/test/*test
/test/fips_aesavs
/test/fips_desmovs
/test/fips_dhvs
/test/fips_drbgvs
/test/fips_dssvs
/test/fips_ecdhvs
/test/fips_ecdsavs
/test/fips_rngvs
/test/fips_test_suite
/test/ssltest_old
/test/x509aux
/test/v3ext
/test/versions
/test/rsa_complex

# Certain files that get created by tests on the fly
/test/test-runs
/test/buildtest_*

# Fuzz stuff.
# Anything without an extension is an executable on Unix, so we keep files
# with extensions. And we keep the corpora subddir versioned as well.
# Anything more generic with extensions that should be ignored will be taken
# care of by general ignores for those extensions (*.o, *.obj, *.exe, ...)
/fuzz/*
!/fuzz/README*
!/fuzz/corpora
!/fuzz/*.*

# Misc auto generated files
/include/openssl/opensslconf.h
/tools/c_rehash
/tools/c_rehash.pl
/util/shlib_wrap.sh
/tags
/TAGS
/crypto.map
/ssl.map

# Windows (legacy)
/tmp32
/tmp32.dbg
/tmp32dll
/tmp32dll.dbg
/out32
/out32.dbg
/out32dll
/out32dll.dbg
/inc32
/MINFO
/ms/.rnd
/ms/bcb.mak
/ms/libeay32.def
/ms/nt.mak
/ms/ntdll.mak
/ms/ssleay32.def
/ms/version32.rc

# Files created on other branches that are not held in git, and are not
# needed on this branch
/include/openssl/asn1_mac.h
/include/openssl/des_old.h
/include/openssl/fips.h
/include/openssl/fips_rand.h
/include/openssl/krb5_asn.h
/include/openssl/kssl.h
/include/openssl/pq_compat.h
/include/openssl/ssl23.h
/include/openssl/tmdiff.h
/include/openssl/ui_compat.h
/test/fips_aesavs.c
/test/fips_desmovs.c
/test/fips_dsatest.c
/test/fips_dssvs.c
/test/fips_hmactest.c
/test/fips_randtest.c
/test/fips_rngvs.c
/test/fips_rsagtest.c
/test/fips_rsastest.c
/test/fips_rsavtest.c
/test/fips_shatest.c
/test/fips_test_suite.c
/test/shatest.c

##### Generic patterns
# Auto generated assembly language source files
*.s
!/crypto/*/asm/*.s
/crypto/arm*.S
/crypto/*/*.S
*.asm
!/crypto/*/asm/*.asm

# Object files
*.o
*.obj

# editor artefacts
*.swp
.#*
\#*#
*~

# Certificate symbolic links
*.0

# All kinds of executables
*.so
*.so.*
*.dylib
*.dylib.*
*.dll
*.dll.*
*.exe
*.pyc
*.exp
*.lib
*.pdb
*.ilk
*.def
*.rc
*.res

# Misc generated stuff
Makefile.save
/crypto/**/lib
/engines/**/lib
/ssl/**/lib
*.bak
cscope.*
*.d
pod2htmd.tmp

# Windows manifest files
*.manifest
27 changes: 27 additions & 0 deletions deps/openssl/openssl/CHANGES
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,33 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.

Changes between 1.1.0i and 1.1.0j [20 Nov 2018]

*) Timing vulnerability in DSA signature generation

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.

This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
(CVE-2018-0734)
[Paul Dale]

*) Timing vulnerability in ECDSA signature generation

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.

This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
(CVE-2018-0735)
[Paul Dale]

*) Add coordinate blinding for EC_POINT and implement projective
coordinate blinding for generic prime curves as a countermeasure to
chosen point SCA attacks.
[Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley]

Changes between 1.1.0h and 1.1.0i [14 Aug 2018]

*) Client DoS due to large DH parameter
Expand Down
6 changes: 6 additions & 0 deletions deps/openssl/openssl/Configurations/00-base-templates.conf
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,8 @@
}
return (); },

shared_extension => ".so",

build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
},
Expand Down Expand Up @@ -99,6 +101,8 @@
mtinflag => "-manifest ",
mtoutflag => "-outputresource:",

shared_extension => ".dll",

build_file => "makefile",
build_scheme => [ "unified", "windows" ],
},
Expand All @@ -107,6 +111,8 @@
inherit_from => [ "BASE_common" ],
template => 1,

shared_extension => ".exe",

build_file => "descrip.mms",
build_scheme => [ "unified", "VMS" ],
},
Expand Down
53 changes: 25 additions & 28 deletions deps/openssl/openssl/Configurations/descrip.mms.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -368,12 +368,10 @@ descrip.mms : FORCE

# Install helper targets #############################################

install_sw : all install_shared _install_dev_ns -
install_engines _install_runtime_ns -
install_sw : install_dev install_engines install_runtime -
install_startup install_ivp

uninstall_sw : uninstall_shared _uninstall_dev_ns -
uninstall_engines _uninstall_runtime_ns -
uninstall_sw : uninstall_dev uninstall_engines uninstall_runtime -
uninstall_startup uninstall_ivp

install_docs : install_html_docs
Expand All @@ -396,17 +394,7 @@ install_ssldirs : check_INSTALLTOP
COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} -
ossl_dataroot:[000000]openssl.cnf

install_shared : check_INSTALLTOP
@ {- output_off() if $disabled{shared}; "" -} !
@ WRITE SYS$OUTPUT "*** Installing shareable images"
@ ! Install shared (runtime) libraries
- CREATE/DIR ossl_installroot:[LIB.'arch']
{- join("\n ",
map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" }
@install_shlibs) -}
@ {- output_on() if $disabled{shared}; "" -} !

_install_dev_ns : check_INSTALLTOP
install_dev : check_INSTALLTOP install_runtime_libs
@ WRITE SYS$OUTPUT "*** Installing development files"
@ ! Install header files
- CREATE/DIR ossl_installroot:[include.openssl]
Expand All @@ -417,9 +405,29 @@ _install_dev_ns : check_INSTALLTOP
map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" }
@{$unified_info{install}->{libraries}}) -}

install_dev : install_shared _install_dev_ns
install_engines : check_INSTALLTOP install_runtime_libs build_engines
@ {- output_off() unless scalar @{$unified_info{engines}}; "" -} !
@ WRITE SYS$OUTPUT "*** Installing engines"
- CREATE/DIR ossl_installroot:[ENGINES{- $sover.$target{pointer_size} -}.'arch']
{- join("\n ",
map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES$sover$target{pointer_size}.'arch']" }
@{$unified_info{install}->{engines}}) -}
@ {- output_on() unless scalar @{$unified_info{engines}}; "" -} !

_install_runtime_ns : check_INSTALLTOP
install_runtime : install_programs

install_runtime_libs : check_INSTALLTOP build_libs
@ {- output_off() if $disabled{shared}; "" -} !
@ WRITE SYS$OUTPUT "*** Installing shareable images"
@ ! Install shared (runtime) libraries
- CREATE/DIR ossl_installroot:[LIB.'arch']
{- join("\n ",
map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" }
@install_shlibs) -}
@ {- output_on() if $disabled{shared}; "" -} !

install_programs : check_INSTALLTOP install_runtime_libs build_programs
@ {- output_off() if $disabled{apps}; "" -} !
@ ! Install the main program
- CREATE/DIR ossl_installroot:[EXE.'arch']
COPY/PROT=W:RE [.APPS]openssl.EXE -
Expand All @@ -428,17 +436,6 @@ _install_runtime_ns : check_INSTALLTOP
COPY/PROT=W:RE $(BIN_SCRIPTS) ossl_installroot:[EXE]
@ ! {- output_on() if $disabled{apps}; "" -}

install_runtime : install_shared _install_runtime_ns

install_engines : check_INSTALLTOP
@ {- output_off() unless scalar @{$unified_info{engines}}; "" -} !
@ WRITE SYS$OUTPUT "*** Installing engines"
- CREATE/DIR ossl_installroot:[ENGINES{- $sover.$target{pointer_size} -}.'arch']
{- join("\n ",
map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES$sover$target{pointer_size}.'arch']" }
@{$unified_info{install}->{engines}}) -}
@ {- output_on() unless scalar @{$unified_info{engines}}; "" -} !

install_startup : [.VMS]openssl_startup.com [.VMS]openssl_shutdown.com -
[.VMS]openssl_utils.com, check_INSTALLTOP
- CREATE/DIR ossl_installroot:[SYS$STARTUP]
Expand Down
Loading

0 comments on commit 790fae5

Please sign in to comment.