deps: upgrade openssl sources to 1.1.0j

This updates all sources in deps/openssl/openssl with openssl-1.1.0j. PR-URL: nodejs#24523 Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org>
refack · Jan 10, 2019 · 629a2bd · 629a2bd
1 parent dfb4044
commit 629a2bd
Show file tree

Hide file tree

Showing 120 changed files with 9,123 additions and 3,636 deletions.
diff --git a/deps/openssl/openssl/.gitignore b/deps/openssl/openssl/.gitignore
@@ -0,0 +1,176 @@
+# Ignore editor artefacts
+/.dir-locals.el
+
+# Top level excludes
+/Makefile.orig
+/MINFO
+/TABLE
+/*.a
+/*.pc
+/rehash.time
+/inc.*
+/makefile.*
+/out.*
+/tmp.*
+/configdata.pm
+
+# *all* Makefiles
+Makefile
+# ... except in demos
+!/demos/*/Makefile
+
+# Links under apps
+/apps/CA.pl
+/apps/tsget
+/apps/tsget.pl
+/apps/md4.c
+
+# Auto generated headers
+/crypto/buildinf.h
+/apps/progs.h
+/crypto/include/internal/*_conf.h
+/openssl/include/opensslconf.h
+/util/domd
+
+# Executables
+/apps/openssl
+/test/sha256t
+/test/sha512t
+/test/gost2814789t
+/test/ssltest_old
+/test/*test
+/test/fips_aesavs
+/test/fips_desmovs
+/test/fips_dhvs
+/test/fips_drbgvs
+/test/fips_dssvs
+/test/fips_ecdhvs
+/test/fips_ecdsavs
+/test/fips_rngvs
+/test/fips_test_suite
+/test/ssltest_old
+/test/x509aux
+/test/v3ext
+/test/versions
+/test/rsa_complex
+
+# Certain files that get created by tests on the fly
+/test/test-runs
+/test/buildtest_*
+
+# Fuzz stuff.
+# Anything without an extension is an executable on Unix, so we keep files
+# with extensions.  And we keep the corpora subddir versioned as well.
+# Anything more generic with extensions that should be ignored will be taken
+# care of by general ignores for those extensions (*.o, *.obj, *.exe, ...)
+/fuzz/*
+!/fuzz/README*
+!/fuzz/corpora
+!/fuzz/*.*
+
+# Misc auto generated files
+/include/openssl/opensslconf.h
+/tools/c_rehash
+/tools/c_rehash.pl
+/util/shlib_wrap.sh
+/tags
+/TAGS
+/crypto.map
+/ssl.map
+
+# Windows (legacy)
+/tmp32
+/tmp32.dbg
+/tmp32dll
+/tmp32dll.dbg
+/out32
+/out32.dbg
+/out32dll
+/out32dll.dbg
+/inc32
+/MINFO
+/ms/.rnd
+/ms/bcb.mak
+/ms/libeay32.def
+/ms/nt.mak
+/ms/ntdll.mak
+/ms/ssleay32.def
+/ms/version32.rc
+
+# Files created on other branches that are not held in git, and are not
+# needed on this branch
+/include/openssl/asn1_mac.h
+/include/openssl/des_old.h
+/include/openssl/fips.h
+/include/openssl/fips_rand.h
+/include/openssl/krb5_asn.h
+/include/openssl/kssl.h
+/include/openssl/pq_compat.h
+/include/openssl/ssl23.h
+/include/openssl/tmdiff.h
+/include/openssl/ui_compat.h
+/test/fips_aesavs.c
+/test/fips_desmovs.c
+/test/fips_dsatest.c
+/test/fips_dssvs.c
+/test/fips_hmactest.c
+/test/fips_randtest.c
+/test/fips_rngvs.c
+/test/fips_rsagtest.c
+/test/fips_rsastest.c
+/test/fips_rsavtest.c
+/test/fips_shatest.c
+/test/fips_test_suite.c
+/test/shatest.c
+
+##### Generic patterns
+# Auto generated assembly language source files
+*.s
+!/crypto/*/asm/*.s
+/crypto/arm*.S
+/crypto/*/*.S
+*.asm
+!/crypto/*/asm/*.asm
+
+# Object files
+*.o
+*.obj
+
+# editor artefacts
+*.swp
+.#*
+\#*#
+*~
+
+# Certificate symbolic links
+*.0
+
+# All kinds of executables
+*.so
+*.so.*
+*.dylib
+*.dylib.*
+*.dll
+*.dll.*
+*.exe
+*.pyc
+*.exp
+*.lib
+*.pdb
+*.ilk
+*.def
+*.rc
+*.res
+
+# Misc generated stuff
+Makefile.save
+/crypto/**/lib
+/engines/**/lib
+/ssl/**/lib
+*.bak
+cscope.*
+*.d
+pod2htmd.tmp
+
+# Windows manifest files
+*.manifest
diff --git a/deps/openssl/openssl/CHANGES b/deps/openssl/openssl/CHANGES
@@ -7,6 +7,33 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.1.0i and 1.1.0j [20 Nov 2018]
+
+  *) Timing vulnerability in DSA signature generation
+
+     The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
+     timing side channel attack. An attacker could use variations in the signing
+     algorithm to recover the private key.
+
+     This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
+     (CVE-2018-0734)
+     [Paul Dale]
+
+  *) Timing vulnerability in ECDSA signature generation
+
+     The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
+     timing side channel attack. An attacker could use variations in the signing
+     algorithm to recover the private key.
+
+     This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
+     (CVE-2018-0735)
+     [Paul Dale]
+
+  *) Add coordinate blinding for EC_POINT and implement projective
+     coordinate blinding for generic prime curves as a countermeasure to
+     chosen point SCA attacks.
+     [Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley]
+
  Changes between 1.1.0h and 1.1.0i [14 Aug 2018]
 
   *) Client DoS due to large DH parameter

diff --git a/deps/openssl/openssl/Configurations/00-base-templates.conf b/deps/openssl/openssl/Configurations/00-base-templates.conf
@@ -68,6 +68,8 @@
                 }
                 return (); },
 
+        shared_extension => ".so",
+
         build_scheme    => [ "unified", "unix" ],
         build_file      => "Makefile",
     },
@@ -99,6 +101,8 @@
         mtinflag        => "-manifest ",
         mtoutflag       => "-outputresource:",
 
+        shared_extension => ".dll",
+
         build_file      => "makefile",
         build_scheme    => [ "unified", "windows" ],
     },
@@ -107,6 +111,8 @@
         inherit_from    => [ "BASE_common" ],
         template        => 1,
 
+        shared_extension => ".exe",
+
         build_file       => "descrip.mms",
         build_scheme     => [ "unified", "VMS" ],
     },

diff --git a/deps/openssl/openssl/Configurations/descrip.mms.tmpl b/deps/openssl/openssl/Configurations/descrip.mms.tmpl
@@ -368,12 +368,10 @@ descrip.mms : FORCE
 
 # Install helper targets #############################################
 
-install_sw : all install_shared _install_dev_ns -
-             install_engines _install_runtime_ns -
+install_sw : install_dev install_engines install_runtime -
              install_startup install_ivp
 
-uninstall_sw : uninstall_shared _uninstall_dev_ns -
-               uninstall_engines _uninstall_runtime_ns -
+uninstall_sw : uninstall_dev uninstall_engines uninstall_runtime -
                uninstall_startup uninstall_ivp
 
 install_docs : install_html_docs
@@ -396,17 +394,7 @@ install_ssldirs : check_INSTALLTOP
                 COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} -
                         ossl_dataroot:[000000]openssl.cnf
 
-install_shared : check_INSTALLTOP
-        @ {- output_off() if $disabled{shared}; "" -} !
-        @ WRITE SYS$OUTPUT "*** Installing shareable images"
-        @ ! Install shared (runtime) libraries
-        - CREATE/DIR ossl_installroot:[LIB.'arch']
-        {- join("\n        ",
-                map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" }
-                @install_shlibs) -}
-        @ {- output_on() if $disabled{shared}; "" -} !
-
-_install_dev_ns : check_INSTALLTOP
+install_dev : check_INSTALLTOP install_runtime_libs
         @ WRITE SYS$OUTPUT "*** Installing development files"
         @ ! Install header files
         - CREATE/DIR ossl_installroot:[include.openssl]
@@ -417,9 +405,29 @@ _install_dev_ns : check_INSTALLTOP
                 map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" }
                 @{$unified_info{install}->{libraries}}) -}
 
-install_dev : install_shared _install_dev_ns
+install_engines : check_INSTALLTOP install_runtime_libs build_engines
+        @ {- output_off() unless scalar @{$unified_info{engines}}; "" -} !
+        @ WRITE SYS$OUTPUT "*** Installing engines"
+        - CREATE/DIR ossl_installroot:[ENGINES{- $sover.$target{pointer_size} -}.'arch']
+        {- join("\n        ",
+                map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES$sover$target{pointer_size}.'arch']" }
+                @{$unified_info{install}->{engines}}) -}
+        @ {- output_on() unless scalar @{$unified_info{engines}}; "" -} !
 
-_install_runtime_ns : check_INSTALLTOP
+install_runtime : install_programs
+
+install_runtime_libs : check_INSTALLTOP build_libs
+        @ {- output_off() if $disabled{shared}; "" -} !
+        @ WRITE SYS$OUTPUT "*** Installing shareable images"
+        @ ! Install shared (runtime) libraries
+        - CREATE/DIR ossl_installroot:[LIB.'arch']
+        {- join("\n        ",
+                map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" }
+                @install_shlibs) -}
+        @ {- output_on() if $disabled{shared}; "" -} !
+
+install_programs : check_INSTALLTOP install_runtime_libs build_programs
+        @ {- output_off() if $disabled{apps}; "" -} !
         @ ! Install the main program
         - CREATE/DIR ossl_installroot:[EXE.'arch']
         COPY/PROT=W:RE [.APPS]openssl.EXE -
@@ -428,17 +436,6 @@ _install_runtime_ns : check_INSTALLTOP
         COPY/PROT=W:RE $(BIN_SCRIPTS) ossl_installroot:[EXE]
         @ ! {- output_on() if $disabled{apps}; "" -}
 
-install_runtime : install_shared _install_runtime_ns
-
-install_engines : check_INSTALLTOP
-        @ {- output_off() unless scalar @{$unified_info{engines}}; "" -} !
-        @ WRITE SYS$OUTPUT "*** Installing engines"
-        - CREATE/DIR ossl_installroot:[ENGINES{- $sover.$target{pointer_size} -}.'arch']
-        {- join("\n        ",
-                map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES$sover$target{pointer_size}.'arch']" }
-                @{$unified_info{install}->{engines}}) -}
-        @ {- output_on() unless scalar @{$unified_info{engines}}; "" -} !
-
 install_startup : [.VMS]openssl_startup.com [.VMS]openssl_shutdown.com -
                  [.VMS]openssl_utils.com, check_INSTALLTOP
         - CREATE/DIR ossl_installroot:[SYS$STARTUP]