Skip to content
Permalink
Browse files

deps: upgrade openssl sources to 1.0.2r

This replaces all sources of openssl-1.0.2r.tar.gz into
deps/openssl/openssl
  • Loading branch information...
shigeki authored and rvagg committed Feb 26, 2019
1 parent 76d52c5 commit d71517fd43a06cad78cfa516d109c5166b46db39
Showing with 813 additions and 40,168 deletions.
  1. +27 −0 deps/openssl/openssl/CHANGES
  2. +2 −2 deps/openssl/openssl/Makefile
  3. +0 −692 deps/openssl/openssl/Makefile.bak
  4. +1 −1 deps/openssl/openssl/Makefile.org
  5. +4 −0 deps/openssl/openssl/NEWS
  6. +1 −1 deps/openssl/openssl/README
  7. +0 −188 deps/openssl/openssl/apps/CA.pl.bak
  8. +1 −10 deps/openssl/openssl/apps/app_rand.c
  9. +8 −23 deps/openssl/openssl/apps/s_client.c
  10. +15 −12 deps/openssl/openssl/crypto/asn1/ameth_lib.c
  11. +9 −2 deps/openssl/openssl/crypto/bio/bss_file.c
  12. +3 −1 deps/openssl/openssl/crypto/bn/bn_ctx.c
  13. +3 −0 deps/openssl/openssl/crypto/bn/bn_lib.c
  14. +101 −0 deps/openssl/openssl/crypto/bn/bntest.c
  15. +6 −0 deps/openssl/openssl/crypto/constant_time_locl.h
  16. +1 −1 deps/openssl/openssl/crypto/ec/ec_ameth.c
  17. +1 −1 deps/openssl/openssl/crypto/err/Makefile
  18. +38 −0 deps/openssl/openssl/crypto/err/err.c
  19. +2 −0 deps/openssl/openssl/crypto/evp/evp.h
  20. +36 −4 deps/openssl/openssl/crypto/evp/evp_enc.c
  21. +3 −1 deps/openssl/openssl/crypto/evp/evp_err.c
  22. +2 −2 deps/openssl/openssl/crypto/evp/evp_test.c
  23. +270 −1 deps/openssl/openssl/crypto/opensslconf.h
  24. +0 −265 deps/openssl/openssl/crypto/opensslconf.h.bak
  25. +3 −3 deps/openssl/openssl/crypto/opensslv.h
  26. +7 −7 deps/openssl/openssl/crypto/perlasm/x86masm.pl
  27. +4 −2 deps/openssl/openssl/crypto/rsa/Makefile
  28. +8 −7 deps/openssl/openssl/crypto/rsa/rsa_eay.c
  29. +56 −40 deps/openssl/openssl/crypto/rsa/rsa_oaep.c
  30. +52 −46 deps/openssl/openssl/crypto/rsa/rsa_pk1.c
  31. +97 −37 deps/openssl/openssl/crypto/rsa/rsa_ssl.c
  32. +1 −1 deps/openssl/openssl/doc/apps/ca.pod
  33. +2 −1 deps/openssl/openssl/doc/crypto/PKCS12_parse.pod
  34. +6 −1 deps/openssl/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
  35. +0 −3 deps/openssl/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod
  36. +1 −1 deps/openssl/openssl/doc/{man3 → crypto}/X509_cmp_time.pod
  37. +8 −5 deps/openssl/openssl/doc/ssl/SSL_get_error.pod
  38. +4 −0 deps/openssl/openssl/doc/ssl/SSL_shutdown.pod
  39. +0 −149 deps/openssl/openssl/include/openssl/aes.h
  40. +0 −1,424 deps/openssl/openssl/include/openssl/asn1.h
  41. +0 −579 deps/openssl/openssl/include/openssl/asn1_mac.h
  42. +0 −973 deps/openssl/openssl/include/openssl/asn1t.h
  43. +0 −883 deps/openssl/openssl/include/openssl/bio.h
  44. +0 −130 deps/openssl/openssl/include/openssl/blowfish.h
  45. +0 −1,015 deps/openssl/openssl/include/openssl/bn.h
  46. +0 −125 deps/openssl/openssl/include/openssl/buffer.h
  47. +0 −132 deps/openssl/openssl/include/openssl/camellia.h
  48. +0 −107 deps/openssl/openssl/include/openssl/cast.h
  49. +0 −82 deps/openssl/openssl/include/openssl/cmac.h
  50. +0 −555 deps/openssl/openssl/include/openssl/cms.h
  51. +0 −83 deps/openssl/openssl/include/openssl/comp.h
  52. +0 −268 deps/openssl/openssl/include/openssl/conf.h
  53. +0 −89 deps/openssl/openssl/include/openssl/conf_api.h
  54. +0 −661 deps/openssl/openssl/include/openssl/crypto.h
  55. +0 −257 deps/openssl/openssl/include/openssl/des.h
  56. +0 −497 deps/openssl/openssl/include/openssl/des_old.h
  57. +0 −412 deps/openssl/openssl/include/openssl/dh.h
  58. +0 −335 deps/openssl/openssl/include/openssl/dsa.h
  59. +0 −451 deps/openssl/openssl/include/openssl/dso.h
  60. +0 −272 deps/openssl/openssl/include/openssl/dtls1.h
  61. +0 −328 deps/openssl/openssl/include/openssl/e_os2.h
  62. +0 −26 deps/openssl/openssl/include/openssl/ebcdic.h
  63. +0 −1,282 deps/openssl/openssl/include/openssl/ec.h
  64. +0 −134 deps/openssl/openssl/include/openssl/ecdh.h
  65. +0 −335 deps/openssl/openssl/include/openssl/ecdsa.h
  66. +0 −960 deps/openssl/openssl/include/openssl/engine.h
  67. +0 −390 deps/openssl/openssl/include/openssl/err.h
  68. +0 −1,628 deps/openssl/openssl/include/openssl/evp.h
  69. +0 −109 deps/openssl/openssl/include/openssl/hmac.h
  70. +0 −105 deps/openssl/openssl/include/openssl/idea.h
  71. +0 −240 deps/openssl/openssl/include/openssl/krb5_asn.h
  72. +0 −197 deps/openssl/openssl/include/openssl/kssl.h
  73. +0 −240 deps/openssl/openssl/include/openssl/lhash.h
  74. +0 −119 deps/openssl/openssl/include/openssl/md4.h
  75. +0 −119 deps/openssl/openssl/include/openssl/md5.h
  76. +0 −94 deps/openssl/openssl/include/openssl/mdc2.h
  77. +0 −163 deps/openssl/openssl/include/openssl/modes.h
  78. +0 −4,194 deps/openssl/openssl/include/openssl/obj_mac.h
  79. +0 −1,143 deps/openssl/openssl/include/openssl/objects.h
  80. +0 −637 deps/openssl/openssl/include/openssl/ocsp.h
  81. +0 −1 deps/openssl/openssl/include/openssl/opensslconf.h
  82. +0 −97 deps/openssl/openssl/include/openssl/opensslv.h
  83. +0 −213 deps/openssl/openssl/include/openssl/ossl_typ.h
  84. +0 −618 deps/openssl/openssl/include/openssl/pem.h
  85. +0 −70 deps/openssl/openssl/include/openssl/pem2.h
  86. +0 −342 deps/openssl/openssl/include/openssl/pkcs12.h
  87. +0 −481 deps/openssl/openssl/include/openssl/pkcs7.h
  88. +0 −99 deps/openssl/openssl/include/openssl/pqueue.h
  89. +0 −150 deps/openssl/openssl/include/openssl/rand.h
  90. +0 −103 deps/openssl/openssl/include/openssl/rc2.h
  91. +0 −88 deps/openssl/openssl/include/openssl/rc4.h
  92. +0 −105 deps/openssl/openssl/include/openssl/ripemd.h
  93. +0 −664 deps/openssl/openssl/include/openssl/rsa.h
  94. +0 −2,672 deps/openssl/openssl/include/openssl/safestack.h
  95. +0 −149 deps/openssl/openssl/include/openssl/seed.h
  96. +0 −214 deps/openssl/openssl/include/openssl/sha.h
  97. +0 −179 deps/openssl/openssl/include/openssl/srp.h
  98. +0 −147 deps/openssl/openssl/include/openssl/srtp.h
  99. +0 −3,164 deps/openssl/openssl/include/openssl/ssl.h
  100. +0 −265 deps/openssl/openssl/include/openssl/ssl2.h
  101. +0 −84 deps/openssl/openssl/include/openssl/ssl23.h
  102. +0 −774 deps/openssl/openssl/include/openssl/ssl3.h
  103. +0 −107 deps/openssl/openssl/include/openssl/stack.h
  104. +0 −518 deps/openssl/openssl/include/openssl/symhacks.h
  105. +0 −810 deps/openssl/openssl/include/openssl/tls1.h
  106. +0 −865 deps/openssl/openssl/include/openssl/ts.h
  107. +0 −112 deps/openssl/openssl/include/openssl/txt_db.h
  108. +0 −415 deps/openssl/openssl/include/openssl/ui.h
  109. +0 −88 deps/openssl/openssl/include/openssl/ui_compat.h
  110. +0 −41 deps/openssl/openssl/include/openssl/whrlpool.h
  111. +0 −1,330 deps/openssl/openssl/include/openssl/x509.h
  112. +0 −652 deps/openssl/openssl/include/openssl/x509_vfy.h
  113. +0 −1,055 deps/openssl/openssl/include/openssl/x509v3.h
  114. +1 −1 deps/openssl/openssl/openssl.spec
  115. +1 −0 deps/openssl/openssl/ssl/d1_pkt.c
  116. +7 −3 deps/openssl/openssl/ssl/s3_pkt.c
  117. +20 −0 deps/openssl/openssl/ssl/t1_lib.c
  118. +1 −0 deps/openssl/openssl/test/maketests.com
  119. +0 −209 deps/openssl/openssl/tools/c_rehash.bak
@@ -7,6 +7,33 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.

Changes between 1.0.2q and 1.0.2r [26 Feb 2019]

*) 0-byte record padding oracle

If an application encounters a fatal protocol error and then calls
SSL_shutdown() twice (once to send a close_notify, and once to receive one)
then OpenSSL can respond differently to the calling application if a 0 byte
record is received with invalid padding compared to if a 0 byte record is
received with an invalid MAC. If the application then behaves differently
based on that in a way that is detectable to the remote peer, then this
amounts to a padding oracle that could be used to decrypt data.

In order for this to be exploitable "non-stitched" ciphersuites must be in
use. Stitched ciphersuites are optimised implementations of certain
commonly used ciphersuites. Also the application must call SSL_shutdown()
twice even if a protocol error has occurred (applications should not do
this but some do anyway).

This issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod
Aviram, with additional investigation by Steven Collison and Andrew
Hourselt. It was reported to OpenSSL on 10th December 2018.
(CVE-2019-1559)
[Matt Caswell]

*) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0().
[Richard Levitte]

Changes between 1.0.2p and 1.0.2q [20 Nov 2018]

*) Microarchitecture timing vulnerability in ECC scalar multiplication
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##

VERSION=1.0.2q
VERSION=1.0.2r
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
@@ -521,7 +521,7 @@ $(TARFILE).list:
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
\! -name '.#*' \! -name '*~' \! -type l \
\! -name '.#*' \! -name '*.bak' \! -name '*~' \! -type l \
| sort > $(TARFILE).list

tar: $(TARFILE).list

0 comments on commit d71517f

Please sign in to comment.
You can’t perform that action at this time.