From 1394bbd443f7daed65d97e85ecef759ce6c7643f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20Verschelde?= Date: Fri, 14 Aug 2020 12:40:55 +0200 Subject: [PATCH] openssl: Update to pristine 1.0.2u (security update) --- thirdparty/README.md | 2 +- thirdparty/openssl/crypto/asn1/x_bignum.c | 8 ++++---- thirdparty/openssl/crypto/cryptlib.c | 7 ++++++- thirdparty/openssl/crypto/ec/ec_asn1.c | 14 ++++++++++++++ thirdparty/openssl/openssl/opensslconf.h | 2 +- thirdparty/openssl/openssl/opensslv.h | 6 +++--- thirdparty/openssl/patches/winrt_fix.patch | 14 +++++++------- 7 files changed, 36 insertions(+), 17 deletions(-) diff --git a/thirdparty/README.md b/thirdparty/README.md index a80365236b..3f048221c7 100644 --- a/thirdparty/README.md +++ b/thirdparty/README.md @@ -248,7 +248,7 @@ Collection of single-file libraries used in Godot components. ## openssl - Upstream: https://www.openssl.org -- Version: 1.0.2t +- Version: 1.0.2u - License: OpenSSL license / BSD-like Files extracted from the upstream source: diff --git a/thirdparty/openssl/crypto/asn1/x_bignum.c b/thirdparty/openssl/crypto/asn1/x_bignum.c index c644199c9f..71b733bf47 100644 --- a/thirdparty/openssl/crypto/asn1/x_bignum.c +++ b/thirdparty/openssl/crypto/asn1/x_bignum.c @@ -4,7 +4,7 @@ * 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2019 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -102,7 +102,7 @@ ASN1_ITEM_end(CBIGNUM) static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { *pval = (ASN1_VALUE *)BN_new(); - if (*pval) + if (*pval != NULL) return 1; else return 0; @@ -110,7 +110,7 @@ static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { - if (!*pval) + if (*pval == NULL) return; if (it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval); @@ -124,7 +124,7 @@ static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, { BIGNUM *bn; int pad; - if (!*pval) + if (*pval == NULL) return -1; bn = (BIGNUM *)*pval; /* If MSB set in an octet we need a padding byte */ diff --git a/thirdparty/openssl/crypto/cryptlib.c b/thirdparty/openssl/crypto/cryptlib.c index 5fab45b2ec..79770626fb 100644 --- a/thirdparty/openssl/crypto/cryptlib.c +++ b/thirdparty/openssl/crypto/cryptlib.c @@ -1,6 +1,6 @@ /* crypto/cryptlib.c */ /* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -745,6 +745,11 @@ int OPENSSL_NONPIC_relocated = 0; void OPENSSL_cpuid_setup(void) { } + +unsigned long OPENSSL_rdtsc(void) +{ + return 0; +} #endif #if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL) diff --git a/thirdparty/openssl/crypto/ec/ec_asn1.c b/thirdparty/openssl/crypto/ec/ec_asn1.c index 865130f67e..30b3ebfbe0 100644 --- a/thirdparty/openssl/crypto/ec/ec_asn1.c +++ b/thirdparty/openssl/crypto/ec/ec_asn1.c @@ -973,6 +973,20 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) * 0x0 = OPENSSL_EC_EXPLICIT_CURVE */ EC_GROUP_set_asn1_flag(ret, 0x0); + + /* + * If the input params do not contain the optional seed field we make + * sure it is not added to the returned group. + * + * The seed field is not really used inside libcrypto anyway, and + * adding it to parsed explicit parameter keys would alter their DER + * encoding output (because of the extra field) which could impact + * applications fingerprinting keys by their DER encoding. + */ + if (params->curve->seed == NULL) { + if (EC_GROUP_set_seed(ret, NULL, 0) != 1) + goto err; + } } ok = 1; diff --git a/thirdparty/openssl/openssl/opensslconf.h b/thirdparty/openssl/openssl/opensslconf.h index 0edbf7b1c5..cbc955128d 100644 --- a/thirdparty/openssl/openssl/opensslconf.h +++ b/thirdparty/openssl/openssl/opensslconf.h @@ -255,7 +255,7 @@ extern "C" { even newer MIPS CPU's, but at the moment one size fits all for optimization options. Older Sparc's work better with only UNROLL, but there's no way to tell at compile time what it is you're running on */ - + #if defined( __sun ) || defined ( sun ) /* Newer Sparc's */ # define DES_PTR # define DES_RISC1 diff --git a/thirdparty/openssl/openssl/opensslv.h b/thirdparty/openssl/openssl/opensslv.h index 488e2bc401..81b02e5f33 100644 --- a/thirdparty/openssl/openssl/opensslv.h +++ b/thirdparty/openssl/openssl/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1000214fL +# define OPENSSL_VERSION_NUMBER 0x1000215fL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2t-fips 10 Sep 2019" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2u-fips 20 Dec 2019" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2t 10 Sep 2019" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2u 20 Dec 2019" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/thirdparty/openssl/patches/winrt_fix.patch b/thirdparty/openssl/patches/winrt_fix.patch index 8bb5ce311b..5020d7d782 100644 --- a/thirdparty/openssl/patches/winrt_fix.patch +++ b/thirdparty/openssl/patches/winrt_fix.patch @@ -1,5 +1,5 @@ diff --git a/thirdparty/openssl/crypto/rand/rand_win.c b/thirdparty/openssl/crypto/rand/rand_win.c -index 06670ae01..cb4093128 100644 +index b4be3097e9..63a9e9975a 100644 --- a/thirdparty/openssl/crypto/rand/rand_win.c +++ b/thirdparty/openssl/crypto/rand/rand_win.c @@ -118,8 +118,10 @@ @@ -22,15 +22,15 @@ index 06670ae01..cb4093128 100644 typedef BOOL(WINAPI *CRYPTACQUIRECONTEXTW) (HCRYPTPROV *, LPCWSTR, LPCWSTR, DWORD, DWORD); typedef BOOL(WINAPI *CRYPTGENRANDOM) (HCRYPTPROV, DWORD, BYTE *); -@@ -196,6 +198,7 @@ typedef NET_API_STATUS(NET_API_FUNCTION *NETFREE) (LPBYTE); - # endif /* 1 */ - # endif /* !OPENSSL_SYS_WINCE */ +@@ -198,6 +200,7 @@ typedef NET_API_STATUS(NET_API_FUNCTION *NETFREE) (LPBYTE); + + #define NOTTOOLONG(start) ((GetTickCount() - (start)) < MAXDELAY) +#if !defined(WINRT_ENABLED) // -- GODOT -- int RAND_poll(void) { MEMORYSTATUS m; -@@ -580,6 +583,8 @@ int RAND_poll(void) +@@ -576,6 +579,8 @@ int RAND_poll(void) return (1); } @@ -39,7 +39,7 @@ index 06670ae01..cb4093128 100644 int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) { double add_entropy = 0; -@@ -682,7 +687,7 @@ static void readtimer(void) +@@ -678,7 +683,7 @@ static void readtimer(void) static void readscreen(void) { @@ -49,7 +49,7 @@ index 06670ae01..cb4093128 100644 HBITMAP hBitmap; /* handle for our bitmap */ BITMAP bm; /* bitmap properties */ diff --git a/thirdparty/openssl/openssl/dtls1.h b/thirdparty/openssl/openssl/dtls1.h -index 30bbcf278..81d28c29c 100644 +index 30bbcf278a..31cb6d7eb9 100644 --- a/thirdparty/openssl/openssl/dtls1.h +++ b/thirdparty/openssl/openssl/dtls1.h @@ -78,6 +78,9 @@