Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 59da7c1

Browse filesBrowse files
richardlaurichardlau
committed
deps: upgrade openssl sources to 1.1.1m
This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1m.tar.gz $ mv openssl-1.1.1m openssl $ git add --all openssl $ git commit openssl PR-URL: #41173 Refs: https://mta.openssl.org/pipermail/openssl-announce/2021-December/000211.html Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Derek Lewis <DerekNonGeneric@inf.is>
1 parent cede1f2 commit 59da7c1
Copy full SHA for 59da7c1

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Dismiss banner
Expand file treeCollapse file tree

95 files changed

+1180
-322
lines changed
Open diff view settings
Collapse file

‎deps/openssl/openssl/CHANGES‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/CHANGES
+20Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,26 @@
77
https://github.com/openssl/openssl/commits/ and pick the appropriate
88
release branch.
99

10+
Changes between 1.1.1l and 1.1.1m [14 Dec 2021]
11+
12+
*) Avoid loading of a dynamic engine twice.
13+
14+
[Bernd Edlinger]
15+
16+
*) Fixed building on Debian with kfreebsd kernels
17+
18+
[Mattias Ellert]
19+
20+
*) Prioritise DANE TLSA issuer certs over peer certs
21+
22+
[Viktor Dukhovni]
23+
24+
*) Fixed random API for MacOS prior to 10.12
25+
26+
These MacOS versions don't support the CommonCrypto APIs
27+
28+
[Lenny Primak]
29+
1030
Changes between 1.1.1k and 1.1.1l [24 Aug 2021]
1131

1232
*) Fixed an SM2 Decryption Buffer Overflow.
Collapse file

‎deps/openssl/openssl/Configure‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/Configure
+3Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1304,16 +1304,19 @@ if ($disabled{"dynamic-engine"}) {
13041304

13051305
unless ($disabled{asan}) {
13061306
push @{$config{cflags}}, "-fsanitize=address";
1307+
push @{$config{cxxflags}}, "-fsanitize=address" if $config{CXX};
13071308
}
13081309

13091310
unless ($disabled{ubsan}) {
13101311
# -DPEDANTIC or -fnosanitize=alignment may also be required on some
13111312
# platforms.
13121313
push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all";
1314+
push @{$config{cxxflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all" if $config{CXX};
13131315
}
13141316

13151317
unless ($disabled{msan}) {
13161318
push @{$config{cflags}}, "-fsanitize=memory";
1319+
push @{$config{cxxflags}}, "-fsanitize=memory" if $config{CXX};
13171320
}
13181321

13191322
unless ($disabled{"fuzz-libfuzzer"} && $disabled{"fuzz-afl"}
Collapse file

‎deps/openssl/openssl/NEWS‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/NEWS
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,10 @@
55
This file gives a brief overview of the major changes between each OpenSSL
66
release. For more details please read the CHANGES file.
77

8+
Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021]
9+
10+
o None
11+
812
Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021]
913

1014
o Fixed an SM2 Decryption Buffer Overflow (CVE-2021-3711)
Collapse file

‎deps/openssl/openssl/README‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/README
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11

2-
OpenSSL 1.1.1l 24 Aug 2021
2+
OpenSSL 1.1.1m 14 Dec 2021
33

44
Copyright (c) 1998-2021 The OpenSSL Project
55
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Collapse file

‎deps/openssl/openssl/apps/ciphers.c‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/apps/ciphers.c
+2-1Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
2+
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
33
*
44
* Licensed under the OpenSSL license (the "License"). You may not use
55
* this file except in compliance with the License. You can obtain a copy
@@ -172,6 +172,7 @@ int ciphers_main(int argc, char **argv)
172172
if (convert != NULL) {
173173
BIO_printf(bio_out, "OpenSSL cipher name: %s\n",
174174
OPENSSL_cipher_name(convert));
175+
ret = 0;
175176
goto end;
176177
}
177178

Collapse file

‎deps/openssl/openssl/apps/dgst.c‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/apps/dgst.c
+3-3Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
2+
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
33
*
44
* Licensed under the OpenSSL license (the "License"). You may not use
55
* this file except in compliance with the License. You can obtain a copy
@@ -316,7 +316,7 @@ int dgst_main(int argc, char **argv)
316316
EVP_MD_CTX *mctx = NULL;
317317
EVP_PKEY_CTX *pctx = NULL;
318318
int r;
319-
if (!BIO_get_md_ctx(bmd, &mctx)) {
319+
if (BIO_get_md_ctx(bmd, &mctx) <= 0) {
320320
BIO_printf(bio_err, "Error getting context\n");
321321
ERR_print_errors(bio_err);
322322
goto end;
@@ -345,7 +345,7 @@ int dgst_main(int argc, char **argv)
345345
/* we use md as a filter, reading from 'in' */
346346
else {
347347
EVP_MD_CTX *mctx = NULL;
348-
if (!BIO_get_md_ctx(bmd, &mctx)) {
348+
if (BIO_get_md_ctx(bmd, &mctx) <= 0) {
349349
BIO_printf(bio_err, "Error getting context\n");
350350
ERR_print_errors(bio_err);
351351
goto end;
Collapse file

‎deps/openssl/openssl/apps/s_cb.c‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/apps/s_cb.c
+3-1Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -819,7 +819,9 @@ int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
819819
{
820820
unsigned int temp;
821821
int res = generate_cookie_callback(ssl, cookie, &temp);
822-
*cookie_len = temp;
822+
823+
if (res != 0)
824+
*cookie_len = temp;
823825
return res;
824826
}
825827

Collapse file

‎deps/openssl/openssl/apps/s_client.c‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/apps/s_client.c
+3-1Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
2+
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
33
* Copyright 2005 Nokia. All rights reserved.
44
*
55
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -3151,6 +3151,8 @@ int s_client_main(int argc, char **argv)
31513151
#endif
31523152
OPENSSL_free(connectstr);
31533153
OPENSSL_free(bindstr);
3154+
OPENSSL_free(bindhost);
3155+
OPENSSL_free(bindport);
31543156
OPENSSL_free(host);
31553157
OPENSSL_free(port);
31563158
X509_VERIFY_PARAM_free(vpm);
Collapse file

‎deps/openssl/openssl/apps/s_server.c‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/apps/s_server.c
+5-5Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -134,12 +134,12 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
134134
if (s_debug)
135135
BIO_printf(bio_s_out, "psk_server_cb\n");
136136

137-
if (SSL_version(ssl) >= TLS1_3_VERSION) {
137+
if (!SSL_is_dtls(ssl) && SSL_version(ssl) >= TLS1_3_VERSION) {
138138
/*
139-
* This callback is designed for use in TLSv1.2. It is possible to use
140-
* a single callback for all protocol versions - but it is preferred to
141-
* use a dedicated callback for TLSv1.3. For TLSv1.3 we have
142-
* psk_find_session_cb.
139+
* This callback is designed for use in (D)TLSv1.2 (or below). It is
140+
* possible to use a single callback for all protocol versions - but it
141+
* is preferred to use a dedicated callback for TLSv1.3. For TLSv1.3 we
142+
* have psk_find_session_cb.
143143
*/
144144
return 0;
145145
}
Collapse file

‎deps/openssl/openssl/apps/speed.c‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/apps/speed.c
+7-3Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
2+
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
33
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
44
*
55
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -1590,6 +1590,10 @@ int speed_main(int argc, char **argv)
15901590
case OPT_MULTI:
15911591
#ifndef NO_FORK
15921592
multi = atoi(opt_arg());
1593+
if (multi >= INT_MAX / (int)sizeof(int)) {
1594+
BIO_printf(bio_err, "%s: multi argument too large\n", prog);
1595+
return 0;
1596+
}
15931597
#endif
15941598
break;
15951599
case OPT_ASYNCJOBS:
@@ -3490,7 +3494,7 @@ static int do_multi(int multi, int size_num)
34903494
close(fd[1]);
34913495
mr = 1;
34923496
usertime = 0;
3493-
free(fds);
3497+
OPENSSL_free(fds);
34943498
return 0;
34953499
}
34963500
printf("Forked child %d\n", n);
@@ -3603,7 +3607,7 @@ static int do_multi(int multi, int size_num)
36033607

36043608
fclose(f);
36053609
}
3606-
free(fds);
3610+
OPENSSL_free(fds);
36073611
return 1;
36083612
}
36093613
#endif

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.