deps: upgrade openssl sources to 1.1.1i

This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1i.tar.gz
    $ mv openssl-1.1.1i openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #36521
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>

Author: MylesBorins

deps/openssl/openssl/CHANGES

@@ -7,6 +7,69 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.1.1h and 1.1.1i [8 Dec 2020]
+
+  *) Fixed NULL pointer deref in the GENERAL_NAME_cmp function
+     This function could crash if both GENERAL_NAMEs contain an EDIPARTYNAME.
+     If an attacker can control both items being compared  then this could lead
+     to a possible denial of service attack. OpenSSL itself uses the
+     GENERAL_NAME_cmp function for two purposes:
+     1) Comparing CRL distribution point names between an available CRL and a
+        CRL distribution point embedded in an X509 certificate
+     2) When verifying that a timestamp response token signer matches the
+        timestamp authority name (exposed via the API functions
+        TS_RESP_verify_response and TS_RESP_verify_token)
+     (CVE-2020-1971)
+     [Matt Caswell]
+
+  *) Add support for Apple Silicon M1 Macs with the darwin64-arm64-cc target.
+     [Stuart Carnie]
+
+  *) The security callback, which can be customised by application code, supports
+     the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY
+     in the "other" parameter. In most places this is what is passed. All these
+     places occur server side. However there was one client side call of this
+     security operation and it passed a DH object instead. This is incorrect
+     according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all
+     of the other locations. Therefore this client side call has been changed to
+     pass an EVP_PKEY instead.
+     [Matt Caswell]
+
+  *) In 1.1.1h, an expired trusted (root) certificate was not anymore rejected
+     when validating a certificate path. This check is restored in 1.1.1i.
+     [David von Oheimb]
+
+ Changes between 1.1.1g and 1.1.1h [22 Sep 2020]
+
+  *) Certificates with explicit curve parameters are now disallowed in
+     verification chains if the X509_V_FLAG_X509_STRICT flag is used.
+     [Tomas Mraz]
+
+  *) The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
+     ignore TLS protocol version bounds when configuring DTLS-based contexts, and
+     conversely, silently ignore DTLS protocol version bounds when configuring
+     TLS-based contexts.  The commands can be repeated to set bounds of both
+     types.  The same applies with the corresponding "min_protocol" and
+     "max_protocol" command-line switches, in case some application uses both TLS
+     and DTLS.
+
+     SSL_CTX instances that are created for a fixed protocol version (e.g.
+     TLSv1_server_method()) also silently ignore version bounds.  Previously
+     attempts to apply bounds to these protocol versions would result in an
+     error.  Now only the "version-flexible" SSL_CTX instances are subject to
+     limits in configuration files in command-line options.
+     [Viktor Dukhovni]
+
+  *) Handshake now fails if Extended Master Secret extension is dropped
+     on renegotiation.
+     [Tomas Mraz]
+
+  *) Accidentally, an expired trusted (root) certificate is not anymore rejected
+     when validating a certificate path.
+     [David von Oheimb]
+
+  *) The Oracle Developer Studio compiler will start reporting deprecated APIs
+
  Changes between 1.1.1f and 1.1.1g [21 Apr 2020]
 
   *) Fixed segmentation fault in SSL_check_chain()

deps/openssl/openssl/Configurations/10-main.conf

@@ -741,7 +741,7 @@ my %targets = (
         inherit_from     => [ "linux-generic32", asm("mips64_asm") ],
         cflags           => add("-mabi=n32"),
         cxxflags         => add("-mabi=n32"),
-        bn_ops           => "SIXTY_FOUR_BIT RC4_CHAR",
+        bn_ops           => "RC4_CHAR",
         perlasm_scheme   => "n32",
         multilib         => "32",
     },
@@ -1125,7 +1125,7 @@ my %targets = (
         CFLAGS           => picker(debug   => "-O0 -g",
                                    release => "-O"),
         cflags           => add(threads("-pthread")),
-        ex_libs          => threads("-pthread"),
+        ex_libs          => add(threads("-pthread")),
         bn_ops           => "BN_LLONG RC4_CHAR",
         perlasm_scheme   => "aix32",
         shared_ldflag    => add_before("-shared -static-libgcc"),
@@ -1138,7 +1138,7 @@ my %targets = (
         CFLAGS           => picker(debug   => "-O0 -g",
                                    release => "-O"),
         cflags           => combine("-maix64", threads("-pthread")),
-        ex_libs          => threads("-pthread"),
+        ex_libs          => add(threads("-pthread")),
         bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
         perlasm_scheme   => "aix64",
         shared_ldflag    => add_before("-shared -static-libgcc"),
@@ -1154,7 +1154,7 @@ my %targets = (
         cflags           => combine("-q32 -qmaxmem=16384 -qro -qroconst",
                                     threads("-qthreaded")),
         cppflags         => threads("-D_THREAD_SAFE"),
-        ex_libs          => threads("-lpthreads"),
+        ex_libs          => add(threads("-lpthreads")),
         bn_ops           => "BN_LLONG RC4_CHAR",
         perlasm_scheme   => "aix32",
         shared_cflag     => "-qpic",
@@ -1169,7 +1169,7 @@ my %targets = (
         cflags           => combine("-q64 -qmaxmem=16384 -qro -qroconst",
                                     threads("-qthreaded")),
         cppflags         => threads("-D_THREAD_SAFE"),
-        ex_libs          => threads("-lpthreads"),
+        ex_libs          => add(threads("-lpthreads")),
         bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
         perlasm_scheme   => "aix64",
         dso_scheme       => "dlfcn",
@@ -1365,9 +1365,9 @@ my %targets = (
             }
             push @ex_libs, '$(PORTSDK_LIBPATH)/portlib.lib'
                 if (defined(env('PORTSDK_LIBPATH')));
-            push @ex_libs, ' /nodefaultlib coredll.lib corelibc.lib'
-                if (env('TARGETCPU') eq "X86");
-            return @ex_libs;
+            push @ex_libs, '/nodefaultlib coredll.lib corelibc.lib'
+                if (env('TARGETCPU') =~ /^X86|^ARMV4[IT]/);
+            return join(" ", @ex_libs);
         }),
     },