openssl: Update to pristine 1.0.2u (security update)

2020-08-14 12:40:55 +02:00 · 2020-08-14 12:40:55 +02:00 · 1394bbd443
parent 0f436f10d0
commit 1394bbd443
7 changed files with 36 additions and 17 deletions
--- a/thirdparty/README.md
+++ b/thirdparty/README.md
@ -248,7 +248,7 @@ Collection of single-file libraries used in Godot components.
 ## openssl

 - Upstream: https://www.openssl.org
- Version: 1.0.2t
+- Version: 1.0.2u
 - License: OpenSSL license / BSD-like

 Files extracted from the upstream source:
--- a/thirdparty/openssl/crypto/asn1/x_bignum.c
+++ b/thirdparty/openssl/crypto/asn1/x_bignum.c
@ -4,7 +4,7 @@
 * 2000.
 */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2019 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@ -102,7 +102,7 @@ ASN1_ITEM_end(CBIGNUM)
 static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
    *pval = (ASN1_VALUE *)BN_new();
-    if (*pval)
+    if (*pval != NULL)
        return 1;
    else
        return 0;
@ -110,7 +110,7 @@ static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)

 static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-    if (!*pval)
+    if (*pval == NULL)
        return;
    if (it->size & BN_SENSITIVE)
        BN_clear_free((BIGNUM *)*pval);
@ -124,7 +124,7 @@ static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
 {
    BIGNUM *bn;
    int pad;
-    if (!*pval)
+    if (*pval == NULL)
        return -1;
    bn = (BIGNUM *)*pval;
    /* If MSB set in an octet we need a padding byte */
--- a/thirdparty/openssl/crypto/cryptlib.c
+++ b/thirdparty/openssl/crypto/cryptlib.c
@ -1,6 +1,6 @@
 /* crypto/cryptlib.c */
 /* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2019 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@ -745,6 +745,11 @@ int OPENSSL_NONPIC_relocated = 0;
 void OPENSSL_cpuid_setup(void)
 {
 }
+
+unsigned long OPENSSL_rdtsc(void)
+{
+    return 0;
+}
 #endif

 #if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL)
--- a/thirdparty/openssl/crypto/ec/ec_asn1.c
+++ b/thirdparty/openssl/crypto/ec/ec_asn1.c
@ -973,6 +973,20 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
         * 0x0 = OPENSSL_EC_EXPLICIT_CURVE
         */
        EC_GROUP_set_asn1_flag(ret, 0x0);
+
+        /*
+         * If the input params do not contain the optional seed field we make
+         * sure it is not added to the returned group.
+         *
+         * The seed field is not really used inside libcrypto anyway, and
+         * adding it to parsed explicit parameter keys would alter their DER
+         * encoding output (because of the extra field) which could impact
+         * applications fingerprinting keys by their DER encoding.
+         */
+        if (params->curve->seed == NULL) {
+            if (EC_GROUP_set_seed(ret, NULL, 0) != 1)
+                goto err;
+        }
    }

    ok = 1;
--- a/thirdparty/openssl/openssl/opensslv.h
+++ b/thirdparty/openssl/openssl/opensslv.h
@ -30,11 +30,11 @@ extern "C" {
 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
 *  major minor fix final patch/beta)
 */
-# define OPENSSL_VERSION_NUMBER  0x1000214fL
+# define OPENSSL_VERSION_NUMBER  0x1000215fL
 # ifdef OPENSSL_FIPS
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2t-fips  10 Sep 2019"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2u-fips  20 Dec 2019"
 # else
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2t  10 Sep 2019"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2u  20 Dec 2019"
 # endif
 # define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT

--- a/thirdparty/openssl/patches/winrt_fix.patch
+++ b/thirdparty/openssl/patches/winrt_fix.patch
@ -1,5 +1,5 @@
 diff --git a/thirdparty/openssl/crypto/rand/rand_win.c b/thirdparty/openssl/crypto/rand/rand_win.c
-index 06670ae01..cb4093128 100644
+index b4be3097e9..63a9e9975a 100644
 --- a/thirdparty/openssl/crypto/rand/rand_win.c
 +++ b/thirdparty/openssl/crypto/rand/rand_win.c
@@ -118,8 +118,10 @@
@ -22,15 +22,15 @@ index 06670ae01..cb4093128 100644
 typedef BOOL(WINAPI *CRYPTACQUIRECONTEXTW) (HCRYPTPROV *, LPCWSTR, LPCWSTR,
                                             DWORD, DWORD);
 typedef BOOL(WINAPI *CRYPTGENRANDOM) (HCRYPTPROV, DWORD, BYTE *);
-@@ -196,6 +198,7 @@ typedef NET_API_STATUS(NET_API_FUNCTION *NETFREE) (LPBYTE);
- #  endif                        /* 1 */
- # endif                         /* !OPENSSL_SYS_WINCE */
+@@ -198,6 +200,7 @@ typedef NET_API_STATUS(NET_API_FUNCTION *NETFREE) (LPBYTE);
+ 
+ #define NOTTOOLONG(start) ((GetTickCount() - (start)) < MAXDELAY)
 
 +#if !defined(WINRT_ENABLED) // -- GODOT --
 int RAND_poll(void)
 {
     MEMORYSTATUS m;
-@@ -580,6 +583,8 @@ int RAND_poll(void)
+@@ -576,6 +579,8 @@ int RAND_poll(void)
     return (1);
 }
 
@ -39,7 +39,7 @@ index 06670ae01..cb4093128 100644
 int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
 {
     double add_entropy = 0;
-@@ -682,7 +687,7 @@ static void readtimer(void)
+@@ -678,7 +683,7 @@ static void readtimer(void)
 
 static void readscreen(void)
 {
@ -49,7 +49,7 @@ index 06670ae01..cb4093128 100644
     HBITMAP hBitmap;            /* handle for our bitmap */
     BITMAP bm;                  /* bitmap properties */
 diff --git a/thirdparty/openssl/openssl/dtls1.h b/thirdparty/openssl/openssl/dtls1.h
-index 30bbcf278..81d28c29c 100644
+index 30bbcf278a..31cb6d7eb9 100644
 --- a/thirdparty/openssl/openssl/dtls1.h
 +++ b/thirdparty/openssl/openssl/dtls1.h
@@ -78,6 +78,9 @@