Skip to content

Commit 1149ead

Browse files
RafaelGSSrichardlau
authored andcommitted
deps: upgrade openssl sources to OpenSSL_1_1_1s
This updates all sources in deps/openssl/openssl by: $ git clone https://github.com/quictls/openssl $ cd openssl $ git checkout OpenSSL_1_1_1s+quic $ cd ../node/deps/openssl $ rm -rf openssl $ cp -R ../openssl openssl $ rm -rf openssl/.git* openssl/.travis* $ git add --all openssl $ git commit openssl PR-URL: #45274 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-November/000242.html Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
1 parent ac24c80 commit 1149ead

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

64 files changed

+1299
-444
lines changed

deps/openssl/openssl/CHANGES

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,52 @@
77
https://github.com/openssl/openssl/commits/ and pick the appropriate
88
release branch.
99

10+
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
11+
12+
*) Fixed a regression introduced in 1.1.1r version not refreshing the
13+
certificate data to be signed before signing the certificate.
14+
15+
[Gibeom Gwon]
16+
17+
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
18+
19+
*) Fixed the linux-mips64 Configure target which was missing the
20+
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
21+
platform.
22+
[Adam Joseph]
23+
24+
*) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
25+
causing incorrect results in some cases as a result.
26+
[Paul Dale]
27+
28+
*) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
29+
report correct results in some cases
30+
[Matt Caswell]
31+
32+
*) Fixed a regression introduced in 1.1.1o for re-signing certificates with
33+
different key sizes
34+
[Todd Short]
35+
36+
*) Added the loongarch64 target
37+
[Shi Pujin]
38+
39+
*) Fixed a DRBG seed propagation thread safety issue
40+
[Bernd Edlinger]
41+
42+
*) Fixed a memory leak in tls13_generate_secret
43+
[Bernd Edlinger]
44+
45+
*) Fixed reported performance degradation on aarch64. Restored the
46+
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
47+
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
48+
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
49+
The new algorithm is still used for 32 bit targets.
50+
[Bernd Edlinger]
51+
52+
*) Added a missing header for memcmp that caused compilation failure on some
53+
platforms
54+
[Gregor Jasny]
55+
1056
Changes between 1.1.1p and 1.1.1q [5 Jul 2022]
1157

1258
*) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised

deps/openssl/openssl/Configurations/10-main.conf

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -742,7 +742,7 @@ my %targets = (
742742
inherit_from => [ "linux-generic32", asm("mips64_asm") ],
743743
cflags => add("-mabi=n32"),
744744
cxxflags => add("-mabi=n32"),
745-
bn_ops => "RC4_CHAR",
745+
bn_ops => "RC4_CHAR SIXTY_FOUR_BIT",
746746
perlasm_scheme => "n32",
747747
multilib => "32",
748748
},
@@ -761,6 +761,13 @@ my %targets = (
761761
perlasm_scheme => "linux64",
762762
},
763763

764+
# loongarch64 below refers to contemporary LoongArch Architecture
765+
# specifications,
766+
"linux64-loongarch64" => {
767+
inherit_from => [ "linux-generic64"],
768+
perlasm_scheme => "linux64",
769+
},
770+
764771
#### IA-32 targets...
765772
#### These two targets are a bit aged and are to be used on older Linux
766773
#### machines where gcc doesn't understand -m32 and -m64

deps/openssl/openssl/NEWS

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,16 @@
55
This file gives a brief overview of the major changes between each OpenSSL
66
release. For more details please read the CHANGES file.
77

8+
Major changes between OpenSSL 1.1.1r and OpenSSL 1.1.1s [1 Nov 2022]
9+
10+
o Fixed a regression introduced in OpenSSL 1.1.1r not refreshing the
11+
certificate data to be signed before signing the certificate.
12+
13+
Major changes between OpenSSL 1.1.1q and OpenSSL 1.1.1r [11 Oct 2022]
14+
15+
o Added a missing header for memcmp that caused compilation failure on
16+
some platforms
17+
818
Major changes between OpenSSL 1.1.1p and OpenSSL 1.1.1q [5 Jul 2022]
919

1020
o Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms

deps/openssl/openssl/README-OpenSSL.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11

2-
OpenSSL 1.1.1q 5 Jul 2022
2+
OpenSSL 1.1.1s 1 Nov 2022
33

44
Copyright (c) 1998-2022 The OpenSSL Project
55
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

deps/openssl/openssl/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ What This Is
44
This is a fork of [OpenSSL](https://www.openssl.org) to enable QUIC. In addition
55
to the website, the official source distribution is at
66
<https://github.com/openssl/openssl>. The OpenSSL `README` can be found at
7-
[README-OpenSSL.md](https://github.com/quictls/openssl/blob/OpenSSL_1_1_1q%2Bquic/README-OpenSSL.md).
7+
[README-OpenSSL.md](https://github.com/quictls/openssl/blob/OpenSSL_1_1_1s%2Bquic/README-OpenSSL.md).
88

99
This fork adds APIs that can be used by QUIC implementations for connection
1010
handshakes. Quoting the IETF Working group

deps/openssl/openssl/apps/apps.c

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1376,7 +1376,8 @@ static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
13761376
static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
13771377
#undef BSIZE
13781378
#define BSIZE 256
1379-
BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai)
1379+
BIGNUM *load_serial(const char *serialfile, int *exists, int create,
1380+
ASN1_INTEGER **retai)
13801381
{
13811382
BIO *in = NULL;
13821383
BIGNUM *ret = NULL;
@@ -1388,15 +1389,23 @@ BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai)
13881389
goto err;
13891390

13901391
in = BIO_new_file(serialfile, "r");
1392+
if (exists != NULL)
1393+
*exists = in != NULL;
13911394
if (in == NULL) {
13921395
if (!create) {
13931396
perror(serialfile);
13941397
goto err;
13951398
}
13961399
ERR_clear_error();
13971400
ret = BN_new();
1398-
if (ret == NULL || !rand_serial(ret, ai))
1401+
if (ret == NULL) {
13991402
BIO_printf(bio_err, "Out of memory\n");
1403+
} else if (!rand_serial(ret, ai)) {
1404+
BIO_printf(bio_err, "Error creating random number to store in %s\n",
1405+
serialfile);
1406+
BN_free(ret);
1407+
ret = NULL;
1408+
}
14001409
} else {
14011410
if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) {
14021411
BIO_printf(bio_err, "unable to load number from %s\n",
@@ -1416,6 +1425,8 @@ BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai)
14161425
ai = NULL;
14171426
}
14181427
err:
1428+
if (ret == NULL)
1429+
ERR_print_errors(bio_err);
14191430
BIO_free(in);
14201431
ASN1_INTEGER_free(ai);
14211432
return ret;

deps/openssl/openssl/apps/apps.h

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
2+
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
33
*
44
* Licensed under the OpenSSL license (the "License"). You may not use
55
* this file except in compliance with the License. You can obtain a copy
@@ -527,9 +527,12 @@ typedef struct ca_db_st {
527527
} CA_DB;
528528

529529
void* app_malloc(int sz, const char *what);
530-
BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai);
531-
int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial,
532-
ASN1_INTEGER **retai);
530+
531+
/* load_serial, save_serial, and rotate_serial are also used for CRL numbers */
532+
BIGNUM *load_serial(const char *serialfile, int *exists, int create,
533+
ASN1_INTEGER **retai);
534+
int save_serial(const char *serialfile, const char *suffix,
535+
const BIGNUM *serial, ASN1_INTEGER **retai);
533536
int rotate_serial(const char *serialfile, const char *new_suffix,
534537
const char *old_suffix);
535538
int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);

deps/openssl/openssl/apps/ca.c

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2+
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
33
*
44
* Licensed under the OpenSSL license (the "License"). You may not use
55
* this file except in compliance with the License. You can obtain a copy
@@ -842,7 +842,8 @@ int ca_main(int argc, char **argv)
842842
goto end;
843843
}
844844
} else {
845-
if ((serial = load_serial(serialfile, create_ser, NULL)) == NULL) {
845+
serial = load_serial(serialfile, NULL, create_ser, NULL);
846+
if (serial == NULL) {
846847
BIO_printf(bio_err, "error while loading serial number\n");
847848
goto end;
848849
}
@@ -1078,7 +1079,8 @@ int ca_main(int argc, char **argv)
10781079

10791080
if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER))
10801081
!= NULL)
1081-
if ((crlnumber = load_serial(crlnumberfile, 0, NULL)) == NULL) {
1082+
if ((crlnumber = load_serial(crlnumberfile, NULL, 0, NULL))
1083+
== NULL) {
10821084
BIO_printf(bio_err, "error while loading CRL number\n");
10831085
goto end;
10841086
}

deps/openssl/openssl/apps/ocsp.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
2+
* Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
33
*
44
* Licensed under the OpenSSL license (the "License"). You may not use
55
* this file except in compliance with the License. You can obtain a copy
@@ -176,7 +176,7 @@ const OPTIONS ocsp_options[] = {
176176
{"no_intern", OPT_NO_INTERN, '-',
177177
"Don't search certificates contained in response for signer"},
178178
{"badsig", OPT_BADSIG, '-',
179-
"Corrupt last byte of loaded OSCP response signature (for test)"},
179+
"Corrupt last byte of loaded OCSP response signature (for test)"},
180180
{"text", OPT_TEXT, '-', "Print text form of request and response"},
181181
{"req_text", OPT_REQ_TEXT, '-', "Print text form of request"},
182182
{"resp_text", OPT_RESP_TEXT, '-', "Print text form of response"},

deps/openssl/openssl/apps/s_cb.c

Lines changed: 17 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2+
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
33
*
44
* Licensed under the OpenSSL license (the "License"). You may not use
55
* this file except in compliance with the License. You can obtain a copy
@@ -74,22 +74,28 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
7474
}
7575
switch (err) {
7676
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
77-
BIO_puts(bio_err, "issuer= ");
78-
X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
79-
0, get_nameopt());
80-
BIO_puts(bio_err, "\n");
77+
if (err_cert != NULL) {
78+
BIO_puts(bio_err, "issuer= ");
79+
X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
80+
0, get_nameopt());
81+
BIO_puts(bio_err, "\n");
82+
}
8183
break;
8284
case X509_V_ERR_CERT_NOT_YET_VALID:
8385
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
84-
BIO_printf(bio_err, "notBefore=");
85-
ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert));
86-
BIO_printf(bio_err, "\n");
86+
if (err_cert != NULL) {
87+
BIO_printf(bio_err, "notBefore=");
88+
ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert));
89+
BIO_printf(bio_err, "\n");
90+
}
8791
break;
8892
case X509_V_ERR_CERT_HAS_EXPIRED:
8993
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
90-
BIO_printf(bio_err, "notAfter=");
91-
ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert));
92-
BIO_printf(bio_err, "\n");
94+
if (err_cert != NULL) {
95+
BIO_printf(bio_err, "notAfter=");
96+
ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert));
97+
BIO_printf(bio_err, "\n");
98+
}
9399
break;
94100
case X509_V_ERR_NO_EXPLICIT_POLICY:
95101
if (!verify_args.quiet)

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy