deps: upgrade openssl sources to 1.0.2r

This replaces all sources of openssl-1.0.2r.tar.gz into deps/openssl/openssl
shigeki · Feb 26, 2019 · 73985e5 · 73985e5
1 parent 03e2a82
commit 73985e5
Show file tree

Hide file tree

Showing 119 changed files with 813 additions and 40,168 deletions.
diff --git a/deps/openssl/openssl/CHANGES b/deps/openssl/openssl/CHANGES
@@ -7,6 +7,33 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.0.2q and 1.0.2r [26 Feb 2019]
+
+  *) 0-byte record padding oracle
+
+     If an application encounters a fatal protocol error and then calls
+     SSL_shutdown() twice (once to send a close_notify, and once to receive one)
+     then OpenSSL can respond differently to the calling application if a 0 byte
+     record is received with invalid padding compared to if a 0 byte record is
+     received with an invalid MAC. If the application then behaves differently
+     based on that in a way that is detectable to the remote peer, then this
+     amounts to a padding oracle that could be used to decrypt data.
+
+     In order for this to be exploitable "non-stitched" ciphersuites must be in
+     use. Stitched ciphersuites are optimised implementations of certain
+     commonly used ciphersuites. Also the application must call SSL_shutdown()
+     twice even if a protocol error has occurred (applications should not do
+     this but some do anyway).
+
+     This issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod
+     Aviram, with additional investigation by Steven Collison and Andrew
+     Hourselt. It was reported to OpenSSL on 10th December 2018.
+     (CVE-2019-1559)
+     [Matt Caswell]
+
+  *) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0().
+     [Richard Levitte]
+
  Changes between 1.0.2p and 1.0.2q [20 Nov 2018]
 
   *) Microarchitecture timing vulnerability in ECC scalar multiplication

diff --git a/deps/openssl/openssl/Makefile b/deps/openssl/openssl/Makefile
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=1.0.2q
+VERSION=1.0.2r
 MAJOR=1
 MINOR=0.2
 SHLIB_VERSION_NUMBER=1.0.0
@@ -521,7 +521,7 @@ $(TARFILE).list:
 	find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
 	       \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \
 	       \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
-	       \! -name '.#*' \! -name '*~' \! -type l \
+	       \! -name '.#*' \! -name '*.bak' \! -name '*~' \! -type l \
 	    | sort > $(TARFILE).list
 
 tar: $(TARFILE).list