Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 0a2353e

Browse filesBrowse files
sam-githubBridgeAR
sam-github
authored and
BridgeAR
committed
deps: upgrade openssl sources to 1.1.1c
This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1c.tar.gz $ mv openssl-1.1.1c openssl $ git add --all openssl $ git commit openssl PR-URL: #28211 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
1 parent e46d9e9 commit 0a2353e
Copy full SHA for 0a2353e

File tree

Expand file treeCollapse file tree

196 files changed

+38803
-2656
lines changed
Open diff view settings
Filter options

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Dismiss banner
Expand file treeCollapse file tree

196 files changed

+38803
-2656
lines changed
Open diff view settings
Collapse file

‎deps/openssl/openssl/CHANGES‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/CHANGES
+71Lines changed: 71 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,77 @@
77
https://github.com/openssl/openssl/commits/ and pick the appropriate
88
release branch.
99

10+
Changes between 1.1.1b and 1.1.1c [28 May 2019]
11+
12+
*) Add build tests for C++. These are generated files that only do one
13+
thing, to include one public OpenSSL head file each. This tests that
14+
the public header files can be usefully included in a C++ application.
15+
16+
This test isn't enabled by default. It can be enabled with the option
17+
'enable-buildtest-c++'.
18+
[Richard Levitte]
19+
20+
*) Enable SHA3 pre-hashing for ECDSA and DSA.
21+
[Patrick Steuer]
22+
23+
*) Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
24+
This changes the size when using the genpkey app when no size is given. It
25+
fixes an omission in earlier changes that changed all RSA, DSA and DH
26+
generation apps to use 2048 bits by default.
27+
[Kurt Roeckx]
28+
29+
*) Reorganize the manual pages to consistently have RETURN VALUES,
30+
EXAMPLES, SEE ALSO and HISTORY come in that order, and adjust
31+
util/fix-doc-nits accordingly.
32+
[Paul Yang, Joshua Lock]
33+
34+
*) Add the missing accessor EVP_PKEY_get0_engine()
35+
[Matt Caswell]
36+
37+
*) Have apps like 's_client' and 's_server' output the signature scheme
38+
along with other cipher suite parameters when debugging.
39+
[Lorinczy Zsigmond]
40+
41+
*) Make OPENSSL_config() error agnostic again.
42+
[Richard Levitte]
43+
44+
*) Do the error handling in RSA decryption constant time.
45+
[Bernd Edlinger]
46+
47+
*) Prevent over long nonces in ChaCha20-Poly1305.
48+
49+
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input
50+
for every encryption operation. RFC 7539 specifies that the nonce value
51+
(IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length
52+
and front pads the nonce with 0 bytes if it is less than 12
53+
bytes. However it also incorrectly allows a nonce to be set of up to 16
54+
bytes. In this case only the last 12 bytes are significant and any
55+
additional leading bytes are ignored.
56+
57+
It is a requirement of using this cipher that nonce values are
58+
unique. Messages encrypted using a reused nonce value are susceptible to
59+
serious confidentiality and integrity attacks. If an application changes
60+
the default nonce length to be longer than 12 bytes and then makes a
61+
change to the leading bytes of the nonce expecting the new value to be a
62+
new unique nonce then such an application could inadvertently encrypt
63+
messages with a reused nonce.
64+
65+
Additionally the ignored bytes in a long nonce are not covered by the
66+
integrity guarantee of this cipher. Any application that relies on the
67+
integrity of these ignored leading bytes of a long nonce may be further
68+
affected. Any OpenSSL internal use of this cipher, including in SSL/TLS,
69+
is safe because no such use sets such a long nonce value. However user
70+
applications that use this cipher directly and set a non-default nonce
71+
length to be longer than 12 bytes may be vulnerable.
72+
73+
This issue was reported to OpenSSL on 16th of March 2019 by Joran Dirk
74+
Greef of Ronomon.
75+
(CVE-2019-1543)
76+
[Matt Caswell]
77+
78+
*) Ensure that SM2 only uses SM3 as digest algorithm
79+
[Paul Yang]
80+
1081
Changes between 1.1.1a and 1.1.1b [26 Feb 2019]
1182

1283
*) Added SCA hardening for modular field inversion in EC_GROUP through
Collapse file

‎deps/openssl/openssl/Configurations/unix-Makefile.tmpl‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/Configurations/unix-Makefile.tmpl
+6-2Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -260,8 +260,8 @@ LIB_CPPFLAGS={- our $lib_cppflags =
260260
join(' ', $target{lib_cppflags} || (),
261261
$target{shared_cppflag} || (),
262262
(map { '-D'.$_ }
263-
@{$config{lib_defines}},
264-
@{$config{shared_defines}}),
263+
@{$config{lib_defines} || ()},
264+
@{$config{shared_defines} || ()}),
265265
@{$config{lib_cppflags}},
266266
@{$config{shared_cppflag}});
267267
join(' ', $lib_cppflags,
@@ -285,6 +285,9 @@ LIB_LDFLAGS={- join(' ', $target{shared_ldflag} || (),
285285
LIB_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
286286
DSO_CPPFLAGS={- join(' ', $target{dso_cppflags} || (),
287287
$target{module_cppflags} || (),
288+
(map { '-D'.$_ }
289+
@{$config{dso_defines} || ()},
290+
@{$config{module_defines} || ()}),
288291
@{$config{dso_cppflags}},
289292
@{$config{module_cppflags}},
290293
'$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
@@ -305,6 +308,7 @@ DSO_LDFLAGS={- join(' ', $target{dso_ldflags} || (),
305308
'$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
306309
DSO_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
307310
BIN_CPPFLAGS={- join(' ', $target{bin_cppflags} || (),
311+
(map { '-D'.$_ } @{$config{bin_defines} || ()}),
308312
@{$config{bin_cppflags}},
309313
'$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
310314
BIN_CFLAGS={- join(' ', $target{bin_cflags} || (),
Collapse file

‎deps/openssl/openssl/Configurations/windows-makefile.tmpl‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/Configurations/windows-makefile.tmpl
+2-1Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -187,6 +187,7 @@ AS={- $config{AS} -}
187187
ASFLAGS={- join(' ', @{$config{ASFLAGS}}) -}
188188

189189
RC={- $config{RC} -}
190+
RCFLAGS={- join(' ', @{$config{RCFLAGS}}) -}
190191

191192
ECHO="$(PERL)" "$(SRCDIR)\util\echo.pl"
192193

@@ -586,7 +587,7 @@ EOF
586587
if ($srcs[0] =~ /\.rc$/) {
587588
return <<"EOF";
588589
$args{obj}: $deps
589-
\$(RC) \$(RCOUTFLAG)\$\@ $srcs
590+
\$(RC) \$(RCFLAGS) \$(RCOUTFLAG)\$\@ $srcs
590591
EOF
591592
}
592593
(my $obj = $args{obj}) =~ s|\.o$||;

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.