deps: upgrade to openssl 1.0.1q

Contains fixes for:

* CVE-2015-3194 Certificate verify crash with missing PSS parameter
* CVE-2015-3195 X509_ATTRIBUTE memory leak

fixup! character encoding noise

fixup! update opensslconf.h

PR-URL: #4133
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

Author: bnoordhuis

deps/openssl/asm/arm-elf-gas/bn/armv4-gf2m.S

@@ -11,13 +11,13 @@
 mul_1x1_neon:
 	vshl.u64	d2,d16,#8	@ q1-q3 are slided
 
-	vmull.p8	q0,d16,d17	@ a·bb
+	vmull.p8	q0,d16,d17	@ a·bb
 	vshl.u64	d4,d16,#16
-	vmull.p8	q1,d2,d17	@ a<<8·bb
+	vmull.p8	q1,d2,d17	@ a<<8·bb
 	vshl.u64	d6,d16,#24
-	vmull.p8	q2,d4,d17	@ a<<16·bb
+	vmull.p8	q2,d4,d17	@ a<<16·bb
 	vshr.u64	d2,#8
-	vmull.p8	q3,d6,d17	@ a<<24·bb
+	vmull.p8	q3,d6,d17	@ a<<24·bb
 	vshl.u64	d3,#24
 	veor		d0,d2
 	vshr.u64	d4,#16
@@ -132,20 +132,20 @@ bn_GF2m_mul_2x2:
 
 	vmov	d16,d18
 	vmov	d17,d19
-	bl	mul_1x1_neon		@ a1·b1
+	bl	mul_1x1_neon		@ a1·b1
 	vmov	d22,d0
 
 	vmov	d16,d20
 	vmov	d17,d21
-	bl	mul_1x1_neon		@ a0·b0
+	bl	mul_1x1_neon		@ a0·b0
 	vmov	d23,d0
 
 	veor	d16,d20,d18
 	veor	d17,d21,d19
 	veor	d20,d23,d22
-	bl	mul_1x1_neon		@ (a0+a1)·(b0+b1)
+	bl	mul_1x1_neon		@ (a0+a1)·(b0+b1)
 
-	veor	d0,d20			@ (a0+a1)·(b0+b1)-a0·b0-a1·b1
+	veor	d0,d20			@ (a0+a1)·(b0+b1)-a0·b0-a1·b1
 	vshl.u64 d1,d0,#32
 	vshr.u64 d0,d0,#32
 	veor	d23,d1
@@ -165,7 +165,7 @@ bn_GF2m_mul_2x2:
 	mov	r12,#7<<2
 	sub	sp,sp,#32		@ allocate tab[8]
 
-	bl	mul_1x1_ialu		@ a1·b1
+	bl	mul_1x1_ialu		@ a1·b1
 	str	r5,[r10,#8]
 	str	r4,[r10,#12]
 
@@ -175,13 +175,13 @@ bn_GF2m_mul_2x2:
 	 eor	r2,r2,r1
 	eor	r0,r0,r3
 	 eor	r1,r1,r2
-	bl	mul_1x1_ialu		@ a0·b0
+	bl	mul_1x1_ialu		@ a0·b0
 	str	r5,[r10]
 	str	r4,[r10,#4]
 
 	eor	r1,r1,r2
 	eor	r0,r0,r3
-	bl	mul_1x1_ialu		@ (a1+a0)·(b1+b0)
+	bl	mul_1x1_ialu		@ (a1+a0)·(b1+b0)
 	ldmia	r10,{r6-r9}
 	eor	r5,r5,r4
 	eor	r4,r4,r7

deps/openssl/asm/arm-elf-gas/modes/ghash-armv4.S

@@ -368,8 +368,8 @@ gcm_ghash_neon:
 	vdup.8		d4,d28[0]	@ broadcast lowest byte
 .Linner_neon:
 	subs		r1,r1,#1
-	vmull.p8	q9,d1,d4		@ H.lo·Xi[i]
-	vmull.p8	q8,d0,d4		@ H.hi·Xi[i]
+	vmull.p8	q9,d1,d4		@ H.lo·Xi[i]
+	vmull.p8	q8,d0,d4		@ H.hi·Xi[i]
 	vext.8		q14,q12,#1		@ IN>>=8
 
 	veor		q10,q13		@ modulo-scheduled part
@@ -382,7 +382,7 @@ gcm_ghash_neon:
 	vsli.8		d2,d3,#1		@ compose the "carry" byte
 	vext.8		q10,q12,#1		@ Z>>=8
 
-	vmull.p8	q11,d2,d5		@ "carry"·0xe1
+	vmull.p8	q11,d2,d5		@ "carry"·0xe1
 	vshr.u8		d2,d3,#7		@ save Z's bottom bit
 	vext.8		q13,q9,q12,#1	@ Qlo>>=8
 	veor		q10,q8

deps/openssl/config/opensslconf.h

@@ -299,7 +299,7 @@
       even newer MIPS CPU's, but at the moment one size fits all for
       optimization options.  Older Sparc's work better with only UNROLL, but
       there's no way to tell at compile time what it is you're running on */
-#  if defined( sun )		/* Newer Sparc's */
+#  if defined( __sun ) || defined ( sun )		/* Newer Sparc's */
 #    define DES_PTR
 #    define DES_RISC1
 #    define DES_UNROLL

deps/openssl/openssl/apps/Makefile

@@ -135,7 +135,7 @@ update: openssl-vms.cnf local_depend
 depend: local_depend
 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
 local_depend:
-	@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
+	@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
 
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

deps/openssl/openssl/apps/apps.c

@@ -119,9 +119,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
-# include <strings.h>
-#endif
 #include <sys/types.h>
 #include <ctype.h>
 #include <errno.h>
@@ -1247,7 +1244,11 @@ int set_name_ex(unsigned long *flags, const char *arg)
         {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
         {NULL, 0, 0}
     };
-    return set_multi_opts(flags, arg, ex_tbl);
+    if (set_multi_opts(flags, arg, ex_tbl) == 0)
+        return 0;
+    if ((*flags & XN_FLAG_SEP_MASK) == 0)
+        *flags |= XN_FLAG_SEP_CPLUS_SPC;
+    return 1;
 }
 
 int set_ext_copy(int *copy_type, const char *arg)

deps/openssl/openssl/apps/asn1pars.c

@@ -313,9 +313,9 @@ int MAIN(int argc, char **argv)
             }
             typ = ASN1_TYPE_get(at);
             if ((typ == V_ASN1_OBJECT)
+                || (typ == V_ASN1_BOOLEAN)
                 || (typ == V_ASN1_NULL)) {
-                BIO_printf(bio_err, "Can't parse %s type\n",
-                           typ == V_ASN1_NULL ? "NULL" : "OBJECT");
+                BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
                 ERR_print_errors(bio_err);
                 goto end;
             }

deps/openssl/openssl/apps/ca.c

@@ -99,25 +99,19 @@
 #undef PROG
 #define PROG ca_main
 
-#define BASE_SECTION    "ca"
-#define CONFIG_FILE "openssl.cnf"
+#define BASE_SECTION            "ca"
+#define CONFIG_FILE             "openssl.cnf"
 
 #define ENV_DEFAULT_CA          "default_ca"
 
-#define STRING_MASK     "string_mask"
+#define STRING_MASK             "string_mask"
 #define UTF8_IN                 "utf8"
 
-#define ENV_DIR                 "dir"
-#define ENV_CERTS               "certs"
-#define ENV_CRL_DIR             "crl_dir"
-#define ENV_CA_DB               "CA_DB"
 #define ENV_NEW_CERTS_DIR       "new_certs_dir"
 #define ENV_CERTIFICATE         "certificate"
 #define ENV_SERIAL              "serial"
 #define ENV_CRLNUMBER           "crlnumber"
-#define ENV_CRL                 "crl"
 #define ENV_PRIVATE_KEY         "private_key"
-#define ENV_RANDFILE            "RANDFILE"
 #define ENV_DEFAULT_DAYS        "default_days"
 #define ENV_DEFAULT_STARTDATE   "default_startdate"
 #define ENV_DEFAULT_ENDDATE     "default_enddate"
@@ -2520,6 +2514,8 @@ static int do_updatedb(CA_DB *db)
     char **rrow, *a_tm_s;
 
     a_tm = ASN1_UTCTIME_new();
+    if (a_tm == NULL)
+        return -1;
 
     /* get actual time and make a string */
     a_tm = X509_gmtime_adj(a_tm, 0);

deps/openssl/openssl/apps/ecparam.c

@@ -413,14 +413,13 @@ int MAIN(int argc, char **argv)
     }
 
     if (check) {
-        if (group == NULL)
-            BIO_printf(bio_err, "no elliptic curve parameters\n");
         BIO_printf(bio_err, "checking elliptic curve parameters: ");
         if (!EC_GROUP_check(group, NULL)) {
             BIO_printf(bio_err, "failed\n");
             ERR_print_errors(bio_err);
-        } else
-            BIO_printf(bio_err, "ok\n");
+            goto end;
+        }
+        BIO_printf(bio_err, "ok\n");
 
     }
 

deps/openssl/openssl/apps/engine.c

@@ -99,8 +99,6 @@ static void identity(char *ptr)
 
 static int append_buf(char **buf, const char *s, int *size, int step)
 {
-    int l = strlen(s);
-
     if (*buf == NULL) {
         *size = step;
         *buf = OPENSSL_malloc(*size);
@@ -109,9 +107,6 @@ static int append_buf(char **buf, const char *s, int *size, int step)
         **buf = '\0';
     }
 
-    if (**buf != '\0')
-        l += 2;                 /* ", " */
-
     if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
         *size += step;
         *buf = OPENSSL_realloc(*buf, *size);

deps/openssl/openssl/apps/md4.c

@@ -1 +1 @@
-../crypto/md4/md4.c
+openssl-1.0.1q/../crypto/md4/md4.c