-6.12.1
+6.12.2
+6.12.1
6.12.0
6.11.5
6.11.4
diff --git a/deps/openssl/asm/arm-void-gas/aes/aes-armv4.S b/deps/openssl/asm/arm-void-gas/aes/aes-armv4.S
index 333a522730ba6c..bd01abddce1d55 100644
--- a/deps/openssl/asm/arm-void-gas/aes/aes-armv4.S
+++ b/deps/openssl/asm/arm-void-gas/aes/aes-armv4.S
@@ -164,7 +164,7 @@ AES_encrypt:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_encrypt
#else
- adr r3,AES_encrypt
+ adr r3,.
#endif
stmdb sp!,{r1,r4-r12,lr}
mov r12,r0 @ inp
@@ -410,7 +410,7 @@ _armv4_AES_set_encrypt_key:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_set_encrypt_key
#else
- adr r3,private_AES_set_encrypt_key
+ adr r3,.
#endif
teq r0,#0
#if __ARM_ARCH__>=7
@@ -927,7 +927,7 @@ AES_decrypt:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_decrypt
#else
- adr r3,AES_decrypt
+ adr r3,.
#endif
stmdb sp!,{r1,r4-r12,lr}
mov r12,r0 @ inp
diff --git a/deps/openssl/asm/arm-void-gas/aes/bsaes-armv7.S b/deps/openssl/asm/arm-void-gas/aes/bsaes-armv7.S
index b21ed7078b194a..aa15709abb403a 100644
--- a/deps/openssl/asm/arm-void-gas/aes/bsaes-armv7.S
+++ b/deps/openssl/asm/arm-void-gas/aes/bsaes-armv7.S
@@ -81,7 +81,7 @@
.type _bsaes_decrypt8,%function
.align 4
_bsaes_decrypt8:
- adr r6,_bsaes_decrypt8
+ adr r6,.
vldmia r4!, {q9} @ round 0 key
add r6,r6,#.LM0ISR-_bsaes_decrypt8
@@ -567,7 +567,7 @@ _bsaes_const:
.type _bsaes_encrypt8,%function
.align 4
_bsaes_encrypt8:
- adr r6,_bsaes_encrypt8
+ adr r6,.
vldmia r4!, {q9} @ round 0 key
sub r6,r6,#_bsaes_encrypt8-.LM0SR
@@ -998,7 +998,7 @@ _bsaes_encrypt8_bitslice:
.type _bsaes_key_convert,%function
.align 4
_bsaes_key_convert:
- adr r6,_bsaes_key_convert
+ adr r6,.
vld1.8 {q7}, [r4]! @ load round 0 key
sub r6,r6,#_bsaes_key_convert-.LM0
vld1.8 {q15}, [r4]! @ load round 1 key
diff --git a/deps/openssl/asm/arm-void-gas/sha/sha256-armv4.S b/deps/openssl/asm/arm-void-gas/sha/sha256-armv4.S
index 683f1cc0c874b5..4e1f0226e84bc0 100644
--- a/deps/openssl/asm/arm-void-gas/sha/sha256-armv4.S
+++ b/deps/openssl/asm/arm-void-gas/sha/sha256-armv4.S
@@ -88,7 +88,7 @@ sha256_block_data_order:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ sha256_block_data_order
#else
- adr r3,sha256_block_data_order
+ adr r3,.
#endif
#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
ldr r12,.LOPENSSL_armcap
diff --git a/deps/openssl/asm/x64-elf-gas/bn/rsaz-avx2.s b/deps/openssl/asm/x64-elf-gas/bn/rsaz-avx2.s
index d3d84e3f7a4b78..a2cccde63604f4 100644
--- a/deps/openssl/asm/x64-elf-gas/bn/rsaz-avx2.s
+++ b/deps/openssl/asm/x64-elf-gas/bn/rsaz-avx2.s
@@ -66,7 +66,7 @@ rsaz_1024_sqr_avx2:
vmovdqu 256-128(%rsi),%ymm8
leaq 192(%rsp),%rbx
- vpbroadcastq .Land_mask(%rip),%ymm15
+ vmovdqu .Land_mask(%rip),%ymm15
jmp .LOOP_GRANDE_SQR_1024
.align 32
@@ -799,10 +799,10 @@ rsaz_1024_mul_avx2:
vpmuludq 192-128(%rcx),%ymm11,%ymm12
vpaddq %ymm12,%ymm6,%ymm6
vpmuludq 224-128(%rcx),%ymm11,%ymm13
- vpblendd $3,%ymm14,%ymm9,%ymm9
+ vpblendd $3,%ymm14,%ymm9,%ymm12
vpaddq %ymm13,%ymm7,%ymm7
vpmuludq 256-128(%rcx),%ymm11,%ymm0
- vpaddq %ymm9,%ymm3,%ymm3
+ vpaddq %ymm12,%ymm3,%ymm3
vpaddq %ymm0,%ymm8,%ymm8
movq %rbx,%rax
@@ -815,7 +815,9 @@ rsaz_1024_mul_avx2:
vmovdqu -8+64-128(%rsi),%ymm13
movq %r10,%rax
+ vpblendd $0xfc,%ymm14,%ymm9,%ymm9
imull %r8d,%eax
+ vpaddq %ymm9,%ymm4,%ymm4
andl $0x1fffffff,%eax
imulq 16-128(%rsi),%rbx
@@ -1044,7 +1046,6 @@ rsaz_1024_mul_avx2:
decl %r14d
jnz .Loop_mul_1024
- vpermq $0,%ymm15,%ymm15
vpaddq (%rsp),%ymm12,%ymm0
vpsrlq $29,%ymm0,%ymm12
@@ -1684,7 +1685,7 @@ rsaz_avx2_eligible:
.align 64
.Land_mask:
-.quad 0x1fffffff,0x1fffffff,0x1fffffff,-1
+.quad 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff
.Lscatter_permd:
.long 0,2,4,6,7,7,7,7
.Lgather_permd:
diff --git a/deps/openssl/asm/x64-macosx-gas/bn/rsaz-avx2.s b/deps/openssl/asm/x64-macosx-gas/bn/rsaz-avx2.s
index 1dea50d90463e7..f2bc63be34eee2 100644
--- a/deps/openssl/asm/x64-macosx-gas/bn/rsaz-avx2.s
+++ b/deps/openssl/asm/x64-macosx-gas/bn/rsaz-avx2.s
@@ -66,7 +66,7 @@ L$sqr_1024_no_n_copy:
vmovdqu 256-128(%rsi),%ymm8
leaq 192(%rsp),%rbx
- vpbroadcastq L$and_mask(%rip),%ymm15
+ vmovdqu L$and_mask(%rip),%ymm15
jmp L$OOP_GRANDE_SQR_1024
.p2align 5
@@ -799,10 +799,10 @@ L$oop_mul_1024:
vpmuludq 192-128(%rcx),%ymm11,%ymm12
vpaddq %ymm12,%ymm6,%ymm6
vpmuludq 224-128(%rcx),%ymm11,%ymm13
- vpblendd $3,%ymm14,%ymm9,%ymm9
+ vpblendd $3,%ymm14,%ymm9,%ymm12
vpaddq %ymm13,%ymm7,%ymm7
vpmuludq 256-128(%rcx),%ymm11,%ymm0
- vpaddq %ymm9,%ymm3,%ymm3
+ vpaddq %ymm12,%ymm3,%ymm3
vpaddq %ymm0,%ymm8,%ymm8
movq %rbx,%rax
@@ -815,7 +815,9 @@ L$oop_mul_1024:
vmovdqu -8+64-128(%rsi),%ymm13
movq %r10,%rax
+ vpblendd $0xfc,%ymm14,%ymm9,%ymm9
imull %r8d,%eax
+ vpaddq %ymm9,%ymm4,%ymm4
andl $0x1fffffff,%eax
imulq 16-128(%rsi),%rbx
@@ -1044,7 +1046,6 @@ L$oop_mul_1024:
decl %r14d
jnz L$oop_mul_1024
- vpermq $0,%ymm15,%ymm15
vpaddq (%rsp),%ymm12,%ymm0
vpsrlq $29,%ymm0,%ymm12
@@ -1684,7 +1685,7 @@ _rsaz_avx2_eligible:
.p2align 6
L$and_mask:
-.quad 0x1fffffff,0x1fffffff,0x1fffffff,-1
+.quad 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff
L$scatter_permd:
.long 0,2,4,6,7,7,7,7
L$gather_permd:
diff --git a/deps/openssl/asm/x64-win32-masm/bn/rsaz-avx2.asm b/deps/openssl/asm/x64-win32-masm/bn/rsaz-avx2.asm
index c24d0c5e6a3d3d..40ce01fdc61a9b 100644
--- a/deps/openssl/asm/x64-win32-masm/bn/rsaz-avx2.asm
+++ b/deps/openssl/asm/x64-win32-masm/bn/rsaz-avx2.asm
@@ -90,7 +90,7 @@ $L$sqr_1024_no_n_copy::
vmovdqu ymm8,YMMWORD PTR[((256-128))+rsi]
lea rbx,QWORD PTR[192+rsp]
- vpbroadcastq ymm15,QWORD PTR[$L$and_mask]
+ vmovdqu ymm15,YMMWORD PTR[$L$and_mask]
jmp $L$OOP_GRANDE_SQR_1024
ALIGN 32
@@ -860,10 +860,10 @@ $L$oop_mul_1024::
vpmuludq ymm12,ymm11,YMMWORD PTR[((192-128))+rcx]
vpaddq ymm6,ymm6,ymm12
vpmuludq ymm13,ymm11,YMMWORD PTR[((224-128))+rcx]
- vpblendd ymm9,ymm9,ymm14,3
+ vpblendd ymm12,ymm9,ymm14,3
vpaddq ymm7,ymm7,ymm13
vpmuludq ymm0,ymm11,YMMWORD PTR[((256-128))+rcx]
- vpaddq ymm3,ymm3,ymm9
+ vpaddq ymm3,ymm3,ymm12
vpaddq ymm8,ymm8,ymm0
mov rax,rbx
@@ -876,7 +876,9 @@ $L$oop_mul_1024::
vmovdqu ymm13,YMMWORD PTR[((-8+64-128))+rsi]
mov rax,r10
+ vpblendd ymm9,ymm9,ymm14,0fch
imul eax,r8d
+ vpaddq ymm4,ymm4,ymm9
and eax,01fffffffh
imul rbx,QWORD PTR[((16-128))+rsi]
@@ -1105,7 +1107,6 @@ $L$oop_mul_1024::
dec r14d
jnz $L$oop_mul_1024
- vpermq ymm15,ymm15,0
vpaddq ymm0,ymm12,YMMWORD PTR[rsp]
vpsrlq ymm12,ymm0,29
@@ -1783,7 +1784,7 @@ rsaz_avx2_eligible ENDP
ALIGN 64
$L$and_mask::
- DQ 01fffffffh,01fffffffh,01fffffffh,-1
+ DQ 01fffffffh,01fffffffh,01fffffffh,01fffffffh
$L$scatter_permd::
DD 0,2,4,6,7,7,7,7
$L$gather_permd::
diff --git a/deps/openssl/asm_obsolete/arm-void-gas/aes/aes-armv4.S b/deps/openssl/asm_obsolete/arm-void-gas/aes/aes-armv4.S
index 333a522730ba6c..bd01abddce1d55 100644
--- a/deps/openssl/asm_obsolete/arm-void-gas/aes/aes-armv4.S
+++ b/deps/openssl/asm_obsolete/arm-void-gas/aes/aes-armv4.S
@@ -164,7 +164,7 @@ AES_encrypt:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_encrypt
#else
- adr r3,AES_encrypt
+ adr r3,.
#endif
stmdb sp!,{r1,r4-r12,lr}
mov r12,r0 @ inp
@@ -410,7 +410,7 @@ _armv4_AES_set_encrypt_key:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_set_encrypt_key
#else
- adr r3,private_AES_set_encrypt_key
+ adr r3,.
#endif
teq r0,#0
#if __ARM_ARCH__>=7
@@ -927,7 +927,7 @@ AES_decrypt:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_decrypt
#else
- adr r3,AES_decrypt
+ adr r3,.
#endif
stmdb sp!,{r1,r4-r12,lr}
mov r12,r0 @ inp
diff --git a/deps/openssl/asm_obsolete/arm-void-gas/aes/bsaes-armv7.S b/deps/openssl/asm_obsolete/arm-void-gas/aes/bsaes-armv7.S
index b21ed7078b194a..aa15709abb403a 100644
--- a/deps/openssl/asm_obsolete/arm-void-gas/aes/bsaes-armv7.S
+++ b/deps/openssl/asm_obsolete/arm-void-gas/aes/bsaes-armv7.S
@@ -81,7 +81,7 @@
.type _bsaes_decrypt8,%function
.align 4
_bsaes_decrypt8:
- adr r6,_bsaes_decrypt8
+ adr r6,.
vldmia r4!, {q9} @ round 0 key
add r6,r6,#.LM0ISR-_bsaes_decrypt8
@@ -567,7 +567,7 @@ _bsaes_const:
.type _bsaes_encrypt8,%function
.align 4
_bsaes_encrypt8:
- adr r6,_bsaes_encrypt8
+ adr r6,.
vldmia r4!, {q9} @ round 0 key
sub r6,r6,#_bsaes_encrypt8-.LM0SR
@@ -998,7 +998,7 @@ _bsaes_encrypt8_bitslice:
.type _bsaes_key_convert,%function
.align 4
_bsaes_key_convert:
- adr r6,_bsaes_key_convert
+ adr r6,.
vld1.8 {q7}, [r4]! @ load round 0 key
sub r6,r6,#_bsaes_key_convert-.LM0
vld1.8 {q15}, [r4]! @ load round 1 key
diff --git a/deps/openssl/asm_obsolete/arm-void-gas/sha/sha256-armv4.S b/deps/openssl/asm_obsolete/arm-void-gas/sha/sha256-armv4.S
index 683f1cc0c874b5..4e1f0226e84bc0 100644
--- a/deps/openssl/asm_obsolete/arm-void-gas/sha/sha256-armv4.S
+++ b/deps/openssl/asm_obsolete/arm-void-gas/sha/sha256-armv4.S
@@ -88,7 +88,7 @@ sha256_block_data_order:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ sha256_block_data_order
#else
- adr r3,sha256_block_data_order
+ adr r3,.
#endif
#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
ldr r12,.LOPENSSL_armcap
diff --git a/deps/openssl/openssl/CHANGES b/deps/openssl/openssl/CHANGES
index e3d57b328c58e3..f2fc31a25c54b1 100644
--- a/deps/openssl/openssl/CHANGES
+++ b/deps/openssl/openssl/CHANGES
@@ -7,6 +7,51 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.0.2m and 1.0.2n [7 Dec 2017]
+
+ *) Read/write after SSL object in error state
+
+ OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state"
+ mechanism. The intent was that if a fatal error occurred during a handshake
+ then OpenSSL would move into the error state and would immediately fail if
+ you attempted to continue the handshake. This works as designed for the
+ explicit handshake functions (SSL_do_handshake(), SSL_accept() and
+ SSL_connect()), however due to a bug it does not work correctly if
+ SSL_read() or SSL_write() is called directly. In that scenario, if the
+ handshake fails then a fatal error will be returned in the initial function
+ call. If SSL_read()/SSL_write() is subsequently called by the application
+ for the same SSL object then it will succeed and the data is passed without
+ being decrypted/encrypted directly from the SSL/TLS record layer.
+
+ In order to exploit this issue an application bug would have to be present
+ that resulted in a call to SSL_read()/SSL_write() being issued after having
+ already received a fatal error.
+
+ This issue was reported to OpenSSL by David Benjamin (Google).
+ (CVE-2017-3737)
+ [Matt Caswell]
+
+ *) rsaz_1024_mul_avx2 overflow bug on x86_64
+
+ There is an overflow bug in the AVX2 Montgomery multiplication procedure
+ used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
+ Analysis suggests that attacks against RSA and DSA as a result of this
+ defect would be very difficult to perform and are not believed likely.
+ Attacks against DH1024 are considered just feasible, because most of the
+ work necessary to deduce information about a private key may be performed
+ offline. The amount of resources required for such an attack would be
+ significant. However, for an attack on TLS to be meaningful, the server
+ would have to share the DH1024 private key among multiple clients, which is
+ no longer an option since CVE-2016-0701.
+
+ This only affects processors that support the AVX2 but not ADX extensions
+ like Intel Haswell (4th generation).
+
+ This issue was reported to OpenSSL by David Benjamin (Google). The issue
+ was originally found via the OSS-Fuzz project.
+ (CVE-2017-3738)
+ [Andy Polyakov]
+
Changes between 1.0.2l and 1.0.2m [2 Nov 2017]
*) bn_sqrx8x_internal carry bug on x86_64
diff --git a/deps/openssl/openssl/Configure b/deps/openssl/openssl/Configure
index fd7988e2b3d93a..60386d39598758 100755
--- a/deps/openssl/openssl/Configure
+++ b/deps/openssl/openssl/Configure
@@ -592,9 +592,9 @@ my %table=(
"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
-"VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
+"VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_WINSOCK_DEPRECATED_NO_WARNINGS:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
# Unified CE target
-"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
+"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_WINSOCK_DEPRECATED_NO_WARNINGS:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
# Borland C++ 4.5
diff --git a/deps/openssl/openssl/Makefile b/deps/openssl/openssl/Makefile
index 484f2f45f77667..9212c288527852 100644
--- a/deps/openssl/openssl/Makefile
+++ b/deps/openssl/openssl/Makefile
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.2m
+VERSION=1.0.2n
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
diff --git a/deps/openssl/openssl/Makefile.bak b/deps/openssl/openssl/Makefile.bak
index b545261eaeee19..e766d35764ffb7 100644
--- a/deps/openssl/openssl/Makefile.bak
+++ b/deps/openssl/openssl/Makefile.bak
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.2m
+VERSION=1.0.2n
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
diff --git a/deps/openssl/openssl/NEWS b/deps/openssl/openssl/NEWS
index 1b72013ad18624..6f0c5c47b654bc 100644
--- a/deps/openssl/openssl/NEWS
+++ b/deps/openssl/openssl/NEWS
@@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017]
+
+ o Read/write after SSL object in error state (CVE-2017-3737)
+ o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
+
Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017]
o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
diff --git a/deps/openssl/openssl/README b/deps/openssl/openssl/README
index b5aae6260ce889..80de6886a766b0 100644
--- a/deps/openssl/openssl/README
+++ b/deps/openssl/openssl/README
@@ -1,5 +1,5 @@
- OpenSSL 1.0.2m 2 Nov 2017
+ OpenSSL 1.0.2n 7 Dec 2017
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/deps/openssl/openssl/apps/apps.c b/deps/openssl/openssl/apps/apps.c
index c487bd92db2a63..29de1b75dd600b 100644
--- a/deps/openssl/openssl/apps/apps.c
+++ b/deps/openssl/openssl/apps/apps.c
@@ -148,6 +148,10 @@
#ifdef _WIN32
static int WIN32_rename(const char *from, const char *to);
# define rename(from,to) WIN32_rename((from),(to))
+# ifdef fileno
+# undef fileno
+# endif
+# define fileno(a) (int)_fileno(a)
#endif
typedef struct {
@@ -2788,13 +2792,13 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
OPENSSL_free(out);
return NULL;
}
- out[start] = i - start;
+ out[start] = (unsigned char)(i - start);
start = i + 1;
} else
out[i + 1] = in[i];
}
- *outlen = len + 1;
+ *outlen = (unsigned char)(len + 1);
return out;
}
#endif /* ndef OPENSSL_NO_TLSEXT */
diff --git a/deps/openssl/openssl/apps/dsa.c b/deps/openssl/openssl/apps/dsa.c
index 4ed21d891e8698..82a870eb291004 100644
--- a/deps/openssl/openssl/apps/dsa.c
+++ b/deps/openssl/openssl/apps/dsa.c
@@ -327,6 +327,9 @@ int MAIN(int argc, char **argv)
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
+ if (pk == NULL)
+ goto end;
+
EVP_PKEY_set1_DSA(pk, dsa);
if (outformat == FORMAT_PVK)
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
diff --git a/deps/openssl/openssl/apps/s_client.c b/deps/openssl/openssl/apps/s_client.c
index 19914a19dae818..8f33a8d884614e 100644
--- a/deps/openssl/openssl/apps/s_client.c
+++ b/deps/openssl/openssl/apps/s_client.c
@@ -642,10 +642,11 @@ static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
unsigned char ext_buf[4 + 65536];
/* Reconstruct the type/len fields prior to extension data */
- ext_buf[0] = ext_type >> 8;
- ext_buf[1] = ext_type & 0xFF;
- ext_buf[2] = inlen >> 8;
- ext_buf[3] = inlen & 0xFF;
+ inlen &= 0xffff; /* for formal memcpy correctness */
+ ext_buf[0] = (unsigned char)(ext_type >> 8);
+ ext_buf[1] = (unsigned char)(ext_type);
+ ext_buf[2] = (unsigned char)(inlen >> 8);
+ ext_buf[3] = (unsigned char)(inlen);
memcpy(ext_buf + 4, in, inlen);
BIO_snprintf(pem_name, sizeof(pem_name), "SERVERINFO FOR EXTENSION %d",
diff --git a/deps/openssl/openssl/apps/speed.c b/deps/openssl/openssl/apps/speed.c
index 5259c16f1218a3..5383678b98644f 100644
--- a/deps/openssl/openssl/apps/speed.c
+++ b/deps/openssl/openssl/apps/speed.c
@@ -2829,8 +2829,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher)
RAND_bytes(out, 16);
len += 16;
- aad[11] = len >> 8;
- aad[12] = len;
+ aad[11] = (unsigned char)(len >> 8);
+ aad[12] = (unsigned char)(len);
pad = EVP_CIPHER_CTX_ctrl(&ctx,
EVP_CTRL_AEAD_TLS1_AAD,
EVP_AEAD_TLS1_AAD_LEN, aad);
diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-armv4.pl b/deps/openssl/openssl/crypto/aes/asm/aes-armv4.pl
index 4f8917089f6c2a..c1b5e352d76ff4 100644
--- a/deps/openssl/openssl/crypto/aes/asm/aes-armv4.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aes-armv4.pl
@@ -184,7 +184,7 @@
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_encrypt
#else
- adr r3,AES_encrypt
+ adr r3,.
#endif
stmdb sp!,{r1,r4-r12,lr}
mov $rounds,r0 @ inp
@@ -430,7 +430,7 @@
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_set_encrypt_key
#else
- adr r3,private_AES_set_encrypt_key
+ adr r3,.
#endif
teq r0,#0
#if __ARM_ARCH__>=7
@@ -952,7 +952,7 @@
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_decrypt
#else
- adr r3,AES_decrypt
+ adr r3,.
#endif
stmdb sp!,{r1,r4-r12,lr}
mov $rounds,r0 @ inp
diff --git a/deps/openssl/openssl/crypto/aes/asm/bsaes-armv7.pl b/deps/openssl/openssl/crypto/aes/asm/bsaes-armv7.pl
index 70b3f9656f4fa7..ec66b0502a6459 100644
--- a/deps/openssl/openssl/crypto/aes/asm/bsaes-armv7.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/bsaes-armv7.pl
@@ -724,7 +724,7 @@ sub bitslice {
.type _bsaes_decrypt8,%function
.align 4
_bsaes_decrypt8:
- adr $const,_bsaes_decrypt8
+ adr $const,.
vldmia $key!, {@XMM[9]} @ round 0 key
add $const,$const,#.LM0ISR-_bsaes_decrypt8
@@ -819,7 +819,7 @@ sub bitslice {
.type _bsaes_encrypt8,%function
.align 4
_bsaes_encrypt8:
- adr $const,_bsaes_encrypt8
+ adr $const,.
vldmia $key!, {@XMM[9]} @ round 0 key
sub $const,$const,#_bsaes_encrypt8-.LM0SR
@@ -923,7 +923,7 @@ sub bitslice_key {
.type _bsaes_key_convert,%function
.align 4
_bsaes_key_convert:
- adr $const,_bsaes_key_convert
+ adr $const,.
vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key
sub $const,$const,#_bsaes_key_convert-.LM0
vld1.8 {@XMM[15]}, [$inp]! @ load round 1 key
diff --git a/deps/openssl/openssl/crypto/asn1/a_i2d_fp.c b/deps/openssl/openssl/crypto/asn1/a_i2d_fp.c
index 0f56cd4e07451b..2e85e041e4cf40 100644
--- a/deps/openssl/openssl/crypto/asn1/a_i2d_fp.c
+++ b/deps/openssl/openssl/crypto/asn1/a_i2d_fp.c
@@ -87,6 +87,9 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
int i, j = 0, n, ret = 1;
n = i2d(x, NULL);
+ if (n <= 0)
+ return 0;
+
b = (char *)OPENSSL_malloc(n);
if (b == NULL) {
ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE);
diff --git a/deps/openssl/openssl/crypto/bio/b_print.c b/deps/openssl/openssl/crypto/bio/b_print.c
index eb3ab759349cde..1c82f53d5a074d 100644
--- a/deps/openssl/openssl/crypto/bio/b_print.c
+++ b/deps/openssl/openssl/crypto/bio/b_print.c
@@ -385,7 +385,7 @@ _dopr(char **sbuffer,
if (cflags == DP_C_SHORT) {
short int *num;
num = va_arg(args, short int *);
- *num = currlen;
+ *num = (short int)currlen;
} else if (cflags == DP_C_LONG) { /* XXX */
long int *num;
num = va_arg(args, long int *);
@@ -502,7 +502,7 @@ fmtint(char **sbuffer,
if (!(flags & DP_F_UNSIGNED)) {
if (value < 0) {
signvalue = '-';
- uvalue = -(unsigned LLONG)value;
+ uvalue = 0 - (unsigned LLONG)value;
} else if (flags & DP_F_PLUS)
signvalue = '+';
else if (flags & DP_F_SPACE)
diff --git a/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl b/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl
index 712a77fe8ca3ab..2b3f8b0e21ecef 100755
--- a/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl
@@ -239,7 +239,7 @@
vmovdqu 32*8-128($ap), $ACC8
lea 192(%rsp), $tp0 # 64+128=192
- vpbroadcastq .Land_mask(%rip), $AND_MASK
+ vmovdqu .Land_mask(%rip), $AND_MASK
jmp .LOOP_GRANDE_SQR_1024
.align 32
@@ -1070,10 +1070,10 @@
vpmuludq 32*6-128($np),$Yi,$TEMP1
vpaddq $TEMP1,$ACC6,$ACC6
vpmuludq 32*7-128($np),$Yi,$TEMP2
- vpblendd \$3, $ZERO, $ACC9, $ACC9 # correct $ACC3
+ vpblendd \$3, $ZERO, $ACC9, $TEMP1 # correct $ACC3
vpaddq $TEMP2,$ACC7,$ACC7
vpmuludq 32*8-128($np),$Yi,$TEMP0
- vpaddq $ACC9, $ACC3, $ACC3 # correct $ACC3
+ vpaddq $TEMP1, $ACC3, $ACC3 # correct $ACC3
vpaddq $TEMP0,$ACC8,$ACC8
mov %rbx, %rax
@@ -1086,7 +1086,9 @@
vmovdqu -8+32*2-128($ap),$TEMP2
mov $r1, %rax
+ vpblendd \$0xfc, $ZERO, $ACC9, $ACC9 # correct $ACC3
imull $n0, %eax
+ vpaddq $ACC9,$ACC4,$ACC4 # correct $ACC3
and \$0x1fffffff, %eax
imulq 16-128($ap),%rbx
@@ -1322,15 +1324,12 @@
# But as we underutilize resources, it's possible to correct in
# each iteration with marginal performance loss. But then, as
# we do it in each iteration, we can correct less digits, and
-# avoid performance penalties completely. Also note that we
-# correct only three digits out of four. This works because
-# most significant digit is subjected to less additions.
+# avoid performance penalties completely.
$TEMP0 = $ACC9;
$TEMP3 = $Bi;
$TEMP4 = $Yi;
$code.=<<___;
- vpermq \$0, $AND_MASK, $AND_MASK
vpaddq (%rsp), $TEMP1, $ACC0
vpsrlq \$29, $ACC0, $TEMP1
@@ -1763,7 +1762,7 @@
.align 64
.Land_mask:
- .quad 0x1fffffff,0x1fffffff,0x1fffffff,-1
+ .quad 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff
.Lscatter_permd:
.long 0,2,4,6,7,7,7,7
.Lgather_permd:
diff --git a/deps/openssl/openssl/crypto/bn/bn_exp.c b/deps/openssl/openssl/crypto/bn/bn_exp.c
index 35facd213a253d..c4b63e44ba369a 100644
--- a/deps/openssl/openssl/crypto/bn/bn_exp.c
+++ b/deps/openssl/openssl/crypto/bn/bn_exp.c
@@ -149,7 +149,7 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return -1;
+ return 0;
}
BN_CTX_start(ctx);
@@ -285,7 +285,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return -1;
+ return 0;
}
bits = BN_num_bits(p);
@@ -1228,7 +1228,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return -1;
+ return 0;
}
bn_check_top(p);
@@ -1361,7 +1361,7 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return -1;
+ return 0;
}
bits = BN_num_bits(p);
diff --git a/deps/openssl/openssl/crypto/dsa/dsa_ameth.c b/deps/openssl/openssl/crypto/dsa/dsa_ameth.c
index aac253095141a3..e22627f85152a1 100644
--- a/deps/openssl/openssl/crypto/dsa/dsa_ameth.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_ameth.c
@@ -133,6 +133,7 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
unsigned char *penc = NULL;
int penclen;
ASN1_STRING *str = NULL;
+ ASN1_OBJECT *aobj;
dsa = pkey->pkey.dsa;
if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
@@ -159,8 +160,11 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
goto err;
}
- if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA),
- ptype, str, penc, penclen))
+ aobj = OBJ_nid2obj(EVP_PKEY_DSA);
+ if (aobj == NULL)
+ goto err;
+
+ if (X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen))
return 1;
err:
diff --git a/deps/openssl/openssl/crypto/engine/eng_fat.c b/deps/openssl/openssl/crypto/engine/eng_fat.c
index 4279dd94b135b7..55d3858bb1c6df 100644
--- a/deps/openssl/openssl/crypto/engine/eng_fat.c
+++ b/deps/openssl/openssl/crypto/engine/eng_fat.c
@@ -167,6 +167,7 @@ int ENGINE_register_complete(ENGINE *e)
#endif
ENGINE_register_RAND(e);
ENGINE_register_pkey_meths(e);
+ ENGINE_register_pkey_asn1_meths(e);
return 1;
}
diff --git a/deps/openssl/openssl/crypto/lhash/lhash.c b/deps/openssl/openssl/crypto/lhash/lhash.c
index f3798872598a44..51bb258e74b8ac 100644
--- a/deps/openssl/openssl/crypto/lhash/lhash.c
+++ b/deps/openssl/openssl/crypto/lhash/lhash.c
@@ -107,7 +107,7 @@
* https://en.wikipedia.org/wiki/Linear_hashing
*
* Litwin, Witold (1980), "Linear hashing: A new tool for file and table
- * addressing", Proc. 6th Conference on Very Large Databases: 212–223
+ * addressing", Proc. 6th Conference on Very Large Databases: 212-223
* http://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf
*
* From the wikipedia article "Linear hashing is used in the BDB Berkeley
diff --git a/deps/openssl/openssl/crypto/opensslv.h b/deps/openssl/openssl/crypto/opensslv.h
index c944d562dae0a9..baee2d0865fd1d 100644
--- a/deps/openssl/openssl/crypto/opensslv.h
+++ b/deps/openssl/openssl/crypto/opensslv.h
@@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x100020dfL
+# define OPENSSL_VERSION_NUMBER 0x100020efL
# ifdef OPENSSL_FIPS
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2m-fips 2 Nov 2017"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2n-fips 7 Dec 2017"
# else
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2m 2 Nov 2017"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2n 7 Dec 2017"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_gen.c b/deps/openssl/openssl/crypto/rsa/rsa_gen.c
index 082c8da2efc2a7..a85493d6097b8e 100644
--- a/deps/openssl/openssl/crypto/rsa/rsa_gen.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_gen.c
@@ -110,6 +110,16 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
int bitsp, bitsq, ok = -1, n = 0;
BN_CTX *ctx = NULL;
+ /*
+ * When generating ridiculously small keys, we can get stuck
+ * continually regenerating the same prime values.
+ */
+ if (bits < 16) {
+ ok = 0; /* we set our own err */
+ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
+ goto err;
+ }
+
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
@@ -161,21 +171,10 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
if (!BN_GENCB_call(cb, 3, 0))
goto err;
for (;;) {
- /*
- * When generating ridiculously small keys, we can get stuck
- * continually regenerating the same prime values. Check for this and
- * bail if it happens 3 times.
- */
- unsigned int degenerate = 0;
do {
if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
goto err;
- } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
- if (degenerate == 3) {
- ok = 0; /* we set our own err */
- RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
- goto err;
- }
+ } while (BN_cmp(rsa->p, rsa->q) == 0);
if (!BN_sub(r2, rsa->q, BN_value_one()))
goto err;
if (!BN_gcd(r1, r2, rsa->e, ctx))
diff --git a/deps/openssl/openssl/crypto/sha/asm/sha256-armv4.pl b/deps/openssl/openssl/crypto/sha/asm/sha256-armv4.pl
index 4fee74d832d100..750216eb426704 100644
--- a/deps/openssl/openssl/crypto/sha/asm/sha256-armv4.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha256-armv4.pl
@@ -205,7 +205,7 @@ sub BODY_16_XX {
#if __ARM_ARCH__<7
sub r3,pc,#8 @ sha256_block_data_order
#else
- adr r3,sha256_block_data_order
+ adr r3,.
#endif
#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
ldr r12,.LOPENSSL_armcap
diff --git a/deps/openssl/openssl/crypto/symhacks.h b/deps/openssl/openssl/crypto/symhacks.h
index 239fa4fb1b77e7..3001957988f7d5 100644
--- a/deps/openssl/openssl/crypto/symhacks.h
+++ b/deps/openssl/openssl/crypto/symhacks.h
@@ -280,6 +280,8 @@
# define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf
# undef EVP_PKEY_meth_set_verify_recover
# define EVP_PKEY_meth_set_verify_recover EVP_PKEY_meth_set_vrfy_recover
+# undef EVP_PKEY_meth_get_verify_recover
+# define EVP_PKEY_meth_get_verify_recover EVP_PKEY_meth_get_vrfy_recover
/* Hack some long EC names */
# undef EC_GROUP_set_point_conversion_form
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_lib.c b/deps/openssl/openssl/crypto/x509v3/v3_lib.c
index 8350429aafbe31..1112802483a1d6 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_lib.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_lib.c
@@ -286,9 +286,9 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
int crit, unsigned long flags)
{
- int extidx = -1;
- int errcode;
- X509_EXTENSION *ext, *extmp;
+ int errcode, extidx = -1;
+ X509_EXTENSION *ext = NULL, *extmp;
+ STACK_OF(X509_EXTENSION) *ret = NULL;
unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
/*
@@ -347,13 +347,21 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
return 1;
}
- if (!*x && !(*x = sk_X509_EXTENSION_new_null()))
- return -1;
- if (!sk_X509_EXTENSION_push(*x, ext))
- return -1;
+ if ((ret = *x) == NULL
+ && (ret = sk_X509_EXTENSION_new_null()) == NULL)
+ goto m_fail;
+ if (!sk_X509_EXTENSION_push(ret, ext))
+ goto m_fail;
+ *x = ret;
return 1;
+ m_fail:
+ if (ret != *x)
+ sk_X509_EXTENSION_free(ret);
+ X509_EXTENSION_free(ext);
+ return -1;
+
err:
if (!(flags & X509V3_ADD_SILENT))
X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);
diff --git a/deps/openssl/openssl/crypto/x509v3/v3_scts.c b/deps/openssl/openssl/crypto/x509v3/v3_scts.c
index 0b7c68180e7883..87a6ae1da9822b 100644
--- a/deps/openssl/openssl/crypto/x509v3/v3_scts.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_scts.c
@@ -156,7 +156,7 @@ static void timestamp_print(BIO *out, SCT_TIMESTAMP timestamp)
gen = ASN1_GENERALIZEDTIME_new();
ASN1_GENERALIZEDTIME_adj(gen, (time_t)0,
(int)(timestamp / 86400000),
- (timestamp % 86400000) / 1000);
+ (int)(timestamp % 86400000) / 1000);
/*
* Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15
* characters long with a final Z. Update it with fractional seconds.
diff --git a/deps/openssl/openssl/doc/crypto/EVP_EncryptInit.pod b/deps/openssl/openssl/doc/crypto/EVP_EncryptInit.pod
index dc9a2d76c5f60c..4cd24d7e0169f6 100644
--- a/deps/openssl/openssl/doc/crypto/EVP_EncryptInit.pod
+++ b/deps/openssl/openssl/doc/crypto/EVP_EncryptInit.pod
@@ -40,14 +40,14 @@ EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256
int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
ENGINE *impl, unsigned char *key, unsigned char *iv);
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, unsigned char *in, int inl);
+ int *outl, const unsigned char *in, int inl);
int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl);
int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
ENGINE *impl, unsigned char *key, unsigned char *iv);
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, unsigned char *in, int inl);
+ int *outl, const unsigned char *in, int inl);
int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
int *outl);
diff --git a/deps/openssl/openssl/include/openssl/opensslv.h b/deps/openssl/openssl/include/openssl/opensslv.h
index c944d562dae0a9..baee2d0865fd1d 100644
--- a/deps/openssl/openssl/include/openssl/opensslv.h
+++ b/deps/openssl/openssl/include/openssl/opensslv.h
@@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x100020dfL
+# define OPENSSL_VERSION_NUMBER 0x100020efL
# ifdef OPENSSL_FIPS
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2m-fips 2 Nov 2017"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2n-fips 7 Dec 2017"
# else
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2m 2 Nov 2017"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2n 7 Dec 2017"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/deps/openssl/openssl/include/openssl/ssl.h b/deps/openssl/openssl/include/openssl/ssl.h
index 90aeb0ce4e1ead..3cf96a239bab44 100644
--- a/deps/openssl/openssl/include/openssl/ssl.h
+++ b/deps/openssl/openssl/include/openssl/ssl.h
@@ -1727,7 +1727,7 @@ extern "C" {
# define SSL_ST_BEFORE 0x4000
# define SSL_ST_OK 0x03
# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
-# define SSL_ST_ERR 0x05
+# define SSL_ST_ERR (0x05|SSL_ST_INIT)
# define SSL_CB_LOOP 0x01
# define SSL_CB_EXIT 0x02
diff --git a/deps/openssl/openssl/include/openssl/symhacks.h b/deps/openssl/openssl/include/openssl/symhacks.h
index 239fa4fb1b77e7..3001957988f7d5 100644
--- a/deps/openssl/openssl/include/openssl/symhacks.h
+++ b/deps/openssl/openssl/include/openssl/symhacks.h
@@ -280,6 +280,8 @@
# define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf
# undef EVP_PKEY_meth_set_verify_recover
# define EVP_PKEY_meth_set_verify_recover EVP_PKEY_meth_set_vrfy_recover
+# undef EVP_PKEY_meth_get_verify_recover
+# define EVP_PKEY_meth_get_verify_recover EVP_PKEY_meth_get_vrfy_recover
/* Hack some long EC names */
# undef EC_GROUP_set_point_conversion_form
diff --git a/deps/openssl/openssl/openssl.spec b/deps/openssl/openssl/openssl.spec
index 18e23acc3b8912..b5cb87ecec40c8 100644
--- a/deps/openssl/openssl/openssl.spec
+++ b/deps/openssl/openssl/openssl.spec
@@ -7,7 +7,7 @@ Release: 1
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
-Version: 1.0.2m
+Version: 1.0.2n
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
License: OpenSSL
Group: System Environment/Libraries
diff --git a/deps/openssl/openssl/ssl/Makefile b/deps/openssl/openssl/ssl/Makefile
index dd1296225006ef..7866a3ccd77bab 100644
--- a/deps/openssl/openssl/ssl/Makefile
+++ b/deps/openssl/openssl/ssl/Makefile
@@ -15,7 +15,8 @@ KRB5_INCLUDES=
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile README ssl-lib.com install.com
-TEST=ssltest.c heartbeat_test.c clienthellotest.c sslv2conftest.c dtlstest.c bad_dtls_test.c
+TEST=ssltest.c heartbeat_test.c clienthellotest.c sslv2conftest.c dtlstest.c \
+ bad_dtls_test.c fatalerrtest.c
APPS=
LIB=$(TOP)/libssl.a
diff --git a/deps/openssl/openssl/ssl/bad_dtls_test.c b/deps/openssl/openssl/ssl/bad_dtls_test.c
index 70d8578b588317..34af37d9a9f409 100644
--- a/deps/openssl/openssl/ssl/bad_dtls_test.c
+++ b/deps/openssl/openssl/ssl/bad_dtls_test.c
@@ -590,13 +590,13 @@ static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr,
unsigned char *enc;
#ifdef SIXTY_FOUR_BIT_LONG
- seq[0] = (seqnr >> 40) & 0xff;
- seq[1] = (seqnr >> 32) & 0xff;
+ seq[0] = (unsigned char)(seqnr >> 40);
+ seq[1] = (unsigned char)(seqnr >> 32);
#endif
- seq[2] = (seqnr >> 24) & 0xff;
- seq[3] = (seqnr >> 16) & 0xff;
- seq[4] = (seqnr >> 8) & 0xff;
- seq[5] = seqnr & 0xff;
+ seq[2] = (unsigned char)(seqnr >> 24);
+ seq[3] = (unsigned char)(seqnr >> 16);
+ seq[4] = (unsigned char)(seqnr >> 8);
+ seq[5] = (unsigned char)(seqnr);
pad = 15 - ((len + SHA_DIGEST_LENGTH) % 16);
enc = OPENSSL_malloc(len + SHA_DIGEST_LENGTH + 1 + pad);
@@ -612,8 +612,8 @@ static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr,
HMAC_Update(&ctx, seq, 6);
HMAC_Update(&ctx, &type, 1);
HMAC_Update(&ctx, ver, 2); /* Version */
- lenbytes[0] = len >> 8;
- lenbytes[1] = len & 0xff;
+ lenbytes[0] = (unsigned char)(len >> 8);
+ lenbytes[1] = (unsigned char)(len);
HMAC_Update(&ctx, lenbytes, 2); /* Length */
HMAC_Update(&ctx, enc, len); /* Finally the data itself */
HMAC_Final(&ctx, enc + len, NULL);
@@ -637,8 +637,8 @@ static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr,
BIO_write(rbio, ver, 2);
BIO_write(rbio, epoch, 2);
BIO_write(rbio, seq, 6);
- lenbytes[0] = (len + sizeof(iv)) >> 8;
- lenbytes[1] = (len + sizeof(iv)) & 0xff;
+ lenbytes[0] = (unsigned char)((len + sizeof(iv)) >> 8);
+ lenbytes[1] = (unsigned char)(len + sizeof(iv));
BIO_write(rbio, lenbytes, 2);
BIO_write(rbio, iv, sizeof(iv));
diff --git a/deps/openssl/openssl/ssl/fatalerrtest.c b/deps/openssl/openssl/ssl/fatalerrtest.c
new file mode 100644
index 00000000000000..0288c33fa2eb9c
--- /dev/null
+++ b/deps/openssl/openssl/ssl/fatalerrtest.c
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include
+#include
+#include "ssltestlib.h"
+
+int main(int argc, char *argv[])
+{
+ SSL_CTX *sctx, *cctx;
+ SSL *sssl, *cssl;
+ const char *msg = "Dummy";
+ BIO *err = NULL, *wbio = NULL;
+ int ret = 1, len;
+ char buf[80];
+ unsigned char dummyrec[] = {
+ 0x17, 0x03, 0x03, 0x00, 0x05, 'D', 'u', 'm', 'm', 'y'
+ };
+
+ if (argc != 3) {
+ printf("Incorrect number of parameters\n");
+ return 1;
+ }
+
+ SSL_library_init();
+ SSL_load_error_strings();
+ err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+ CRYPTO_malloc_debug_init();
+ CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ if (!create_ssl_ctx_pair(SSLv23_method(), SSLv23_method(), &sctx, &cctx,
+ argv[1], argv[2])) {
+ printf("Failed to create SSL_CTX pair\n");
+ goto err;
+ }
+
+ /*
+ * Deliberately set the cipher lists for client and server to be different
+ * to force a handshake failure.
+ */
+ if (!SSL_CTX_set_cipher_list(sctx, "AES128-SHA")
+ || !SSL_CTX_set_cipher_list(cctx, "AES256-SHA")) {
+ printf("Failed to set cipher lists\n");
+ goto err;
+ }
+
+ if (!create_ssl_objects(sctx, cctx, &sssl, &cssl, NULL, NULL)) {
+ printf("Failed to create SSL objectx\n");
+ goto err;
+ }
+
+ wbio = SSL_get_wbio(cssl);
+ if (wbio == NULL) {
+ printf("Unexpected NULL bio received\n");
+ goto err;
+ }
+
+ if (create_ssl_connection(sssl, cssl)) {
+ printf("Unexpected success creating a connection\n");
+ goto err;
+ }
+
+ ERR_clear_error();
+
+ /* Inject a plaintext record from client to server */
+ if (BIO_write(wbio, dummyrec, sizeof(dummyrec)) <= 0) {
+ printf("Unexpected failure injecting dummy record\n");
+ goto err;
+ }
+
+ /* SSL_read()/SSL_write should fail because of a previous fatal error */
+ if ((len = SSL_read(sssl, buf, sizeof(buf - 1))) > 0) {
+ buf[len] = '\0';
+ printf("Unexpected success reading data: %s\n", buf);
+ goto err;
+ }
+ if (SSL_write(sssl, msg, strlen(msg)) > 0) {
+ printf("Unexpected success writing data\n");
+ goto err;
+ }
+
+ ret = 0;
+ err:
+ SSL_free(sssl);
+ SSL_free(cssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ ERR_print_errors_fp(stderr);
+
+ if (ret) {
+ printf("Fatal err test: FAILED\n");
+ }
+
+ ERR_free_strings();
+ ERR_remove_thread_state(NULL);
+ EVP_cleanup();
+ CRYPTO_cleanup_all_ex_data();
+ CRYPTO_mem_leaks(err);
+ BIO_free(err);
+
+ return ret;
+}
diff --git a/deps/openssl/openssl/ssl/s23_clnt.c b/deps/openssl/openssl/ssl/s23_clnt.c
index 92f41dd549ad64..add8c9916c8feb 100644
--- a/deps/openssl/openssl/ssl/s23_clnt.c
+++ b/deps/openssl/openssl/ssl/s23_clnt.c
@@ -757,10 +757,12 @@ static int ssl23_get_server_hello(SSL *s)
s->version = TLS1_VERSION;
s->method = TLSv1_client_method();
break;
+#ifndef OPENSSL_NO_SSL3
case SSL3_VERSION:
s->version = SSL3_VERSION;
s->method = SSLv3_client_method();
break;
+#endif
}
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
diff --git a/deps/openssl/openssl/ssl/s3_pkt.c b/deps/openssl/openssl/ssl/s3_pkt.c
index 04212c51e726d7..b9145684304176 100644
--- a/deps/openssl/openssl/ssl/s3_pkt.c
+++ b/deps/openssl/openssl/ssl/s3_pkt.c
@@ -1324,10 +1324,16 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
}
#ifndef OPENSSL_NO_HEARTBEATS
else if (rr->type == TLS1_RT_HEARTBEAT) {
- tls1_process_heartbeat(s);
+ i = tls1_process_heartbeat(s);
+
+ if (i < 0)
+ return i;
- /* Exit and notify application to read again */
rr->length = 0;
+ if (s->mode & SSL_MODE_AUTO_RETRY)
+ goto start;
+
+ /* Exit and notify application to read again */
s->rwstate = SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s));
BIO_set_retry_read(SSL_get_rbio(s));
diff --git a/deps/openssl/openssl/ssl/ssl.h b/deps/openssl/openssl/ssl/ssl.h
index 90aeb0ce4e1ead..3cf96a239bab44 100644
--- a/deps/openssl/openssl/ssl/ssl.h
+++ b/deps/openssl/openssl/ssl/ssl.h
@@ -1727,7 +1727,7 @@ extern "C" {
# define SSL_ST_BEFORE 0x4000
# define SSL_ST_OK 0x03
# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
-# define SSL_ST_ERR 0x05
+# define SSL_ST_ERR (0x05|SSL_ST_INIT)
# define SSL_CB_LOOP 0x01
# define SSL_CB_EXIT 0x02
diff --git a/deps/openssl/openssl/ssl/ssltest.c b/deps/openssl/openssl/ssl/ssltest.c
index 2d6141cd954e00..f6a8f195eeb716 100644
--- a/deps/openssl/openssl/ssl/ssltest.c
+++ b/deps/openssl/openssl/ssl/ssltest.c
@@ -423,13 +423,13 @@ static unsigned char *next_protos_parse(unsigned short *outlen,
OPENSSL_free(out);
return NULL;
}
- out[start] = i - start;
+ out[start] = (unsigned char)(i - start);
start = i + 1;
} else
out[i + 1] = in[i];
}
- *outlen = len + 1;
+ *outlen = (unsigned char)(len + 1);
return out;
}
@@ -554,6 +554,7 @@ static int cb_ticket2(SSL* s, unsigned char* key_name, unsigned char *iv, EVP_CI
{
fprintf(stderr, "ticket callback for SNI context should never be called\n");
EXIT(1);
+ return 0;
}
#endif
diff --git a/deps/openssl/openssl/ssl/t1_lib.c b/deps/openssl/openssl/ssl/t1_lib.c
index 6587e8bb685c94..1a4387b78eb93f 100644
--- a/deps/openssl/openssl/ssl/t1_lib.c
+++ b/deps/openssl/openssl/ssl/t1_lib.c
@@ -1916,7 +1916,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
s2n(3 + len, ret);
s2n(1 + len, ret);
- *ret++ = len;
+ *ret++ = (unsigned char)len;
memcpy(ret, selected, len);
ret += len;
}
diff --git a/deps/openssl/openssl/test/Makefile b/deps/openssl/openssl/test/Makefile
index a324eeb39ac317..a1f7eeb0ddeb3f 100644
--- a/deps/openssl/openssl/test/Makefile
+++ b/deps/openssl/openssl/test/Makefile
@@ -73,6 +73,7 @@ CLIENTHELLOTEST= clienthellotest
BADDTLSTEST= bad_dtls_test
SSLV2CONFTEST = sslv2conftest
DTLSTEST = dtlstest
+FATALERRTEST = fatalerrtest
TESTS= alltests
@@ -87,7 +88,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)
$(ASN1TEST)$(EXE_EXT) $(V3NAMETEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) \
$(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) \
$(CLIENTHELLOTEST)$(EXE_EXT) $(SSLV2CONFTEST)$(EXE_EXT) $(DTLSTEST)$(EXE_EXT) \
- $(BADDTLSTEST)$(EXE_EXT)
+ $(BADDTLSTEST)$(EXE_EXT) $(FATALERRTEST)$(EXE_EXT)
# $(METHTEST)$(EXE_EXT)
@@ -102,7 +103,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \
$(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o $(V3NAMETEST).o \
$(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o \
$(CLIENTHELLOTEST).o $(SSLV2CONFTEST).o $(DTLSTEST).o ssltestlib.o \
- $(BADDTLSTEST).o
+ $(BADDTLSTEST).o $(FATALERRTEST).o
SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
@@ -114,7 +115,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \
$(V3NAMETEST).c $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c \
$(CLIENTHELLOTEST).c $(SSLV2CONFTEST).c $(DTLSTEST).c ssltestlib.c \
- $(BADDTLSTEST).c
+ $(BADDTLSTEST).c $(FATALERRTEST).c
EXHEADER=
HEADER= testutil.h ssltestlib.h $(EXHEADER)
@@ -159,7 +160,7 @@ alltests: \
test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \
test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \
test_constant_time test_verify_extra test_clienthello test_sslv2conftest \
- test_dtls test_bad_dtls
+ test_dtls test_bad_dtls test_fatalerr
test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
@@ -373,6 +374,10 @@ test_bad_dtls: $(BADDTLSTEST)$(EXE_EXT)
@echo $(START) $@
../util/shlib_wrap.sh ./$(BADDTLSTEST)
+test_fatalerr: $(FATALERRTEST)$(EXE_EXT)
+ @echo $(START) $@
+ ../util/shlib_wrap.sh ./$(FATALERRTEST) ../apps/server.pem ../apps/server.pem
+
test_sslv2conftest: $(SSLV2CONFTEST)$(EXE_EXT)
@echo $(START) $@
../util/shlib_wrap.sh ./$(SSLV2CONFTEST)
@@ -561,6 +566,9 @@ $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
$(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o
@target=$(BADDTLSTEST) $(BUILD_CMD)
+$(FATALERRTEST)$(EXE_EXT): $(FATALERRTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
+ @target=$(FATALERRTEST); exobj=ssltestlib.o; $(BUILD_CMD)
+
$(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
@target=$(SSLV2CONFTEST) $(BUILD_CMD)
@@ -776,6 +784,25 @@ exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
exptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
exptest.o: ../include/openssl/symhacks.h exptest.c
+fatalerrtest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+fatalerrtest.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+fatalerrtest.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+fatalerrtest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+fatalerrtest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+fatalerrtest.o: ../include/openssl/err.h ../include/openssl/evp.h
+fatalerrtest.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+fatalerrtest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+fatalerrtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+fatalerrtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+fatalerrtest.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+fatalerrtest.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+fatalerrtest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+fatalerrtest.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+fatalerrtest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+fatalerrtest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+fatalerrtest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+fatalerrtest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+fatalerrtest.o: fatalerrtest.c ssltestlib.h
heartbeat_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
heartbeat_test.o: ../include/openssl/buffer.h ../include/openssl/comp.h
heartbeat_test.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
diff --git a/deps/openssl/openssl/util/copy-if-different.pl b/deps/openssl/openssl/util/copy-if-different.pl
index e1245f54aff120..5420f3f2bd3041 100644
--- a/deps/openssl/openssl/util/copy-if-different.pl
+++ b/deps/openssl/openssl/util/copy-if-different.pl
@@ -12,7 +12,8 @@
foreach my $arg (@ARGV) {
$arg =~ s|\\|/|g; # compensate for bug/feature in cygwin glob...
- foreach (glob qq("$arg"))
+ $arg = qq("$arg") if ($arg =~ /\s/); # compensate for bug in 5.10...
+ foreach (glob $arg)
{
push @filelist, $_;
}
diff --git a/deps/openssl/openssl/util/copy.pl b/deps/openssl/openssl/util/copy.pl
index a6b2a54ec6f06a..9c0e68c41467ab 100644
--- a/deps/openssl/openssl/util/copy.pl
+++ b/deps/openssl/openssl/util/copy.pl
@@ -19,7 +19,8 @@
next;
}
$arg =~ s|\\|/|g; # compensate for bug/feature in cygwin glob...
- foreach (glob qq("$arg"))
+ $arg = qq("$arg") if ($arg =~ /\s/); # compensate for bug in 5.10...
+ foreach (glob $arg)
{
push @filelist, $_;
}
diff --git a/deps/openssl/openssl/util/libeay.num b/deps/openssl/openssl/util/libeay.num
index fddfe1cbb2024f..f5b4f215098ed5 100755
--- a/deps/openssl/openssl/util/libeay.num
+++ b/deps/openssl/openssl/util/libeay.num
@@ -4417,7 +4417,8 @@ EC_GROUP_get_mont_data 4772 EXIST::FUNCTION:EC
i2d_re_X509_tbs 4773 EXIST::FUNCTION:
EVP_PKEY_asn1_set_item 4774 EXIST::FUNCTION:
EVP_PKEY_meth_get_init 4775 EXIST::FUNCTION:
-EVP_PKEY_meth_get_verify_recover 4776 EXIST::FUNCTION:
+EVP_PKEY_meth_get_verify_recover 4776 EXIST:!VMS:FUNCTION:
+EVP_PKEY_meth_get_vrfy_recover 4776 EXIST:VMS:FUNCTION:
EVP_PKEY_meth_get_keygen 4777 EXIST::FUNCTION:
EVP_PKEY_meth_get_derive 4778 EXIST::FUNCTION:
EVP_PKEY_meth_get_verifyctx 4779 EXIST::FUNCTION:
diff --git a/deps/openssl/openssl/util/mk1mf.pl b/deps/openssl/openssl/util/mk1mf.pl
index 6b31496ed1e694..ee14dafea6e0ec 100755
--- a/deps/openssl/openssl/util/mk1mf.pl
+++ b/deps/openssl/openssl/util/mk1mf.pl
@@ -765,7 +765,7 @@ sub fix_asm
{
$t=&bname($_);
$tt="\$(OBJ_D)${o}$t${obj}";
- $tt.=" \$(OBJ_D)${o}ssltestlib${obj}" if $t eq "dtlstest";
+ $tt.=" \$(OBJ_D)${o}ssltestlib${obj}" if $t eq "dtlstest" or $t eq "fatalerrtest";
$rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
}
diff --git a/doc/changelogs/CHANGELOG_V6.md b/doc/changelogs/CHANGELOG_V6.md
index 2d544881688d1d..dffe344620feee 100644
--- a/doc/changelogs/CHANGELOG_V6.md
+++ b/doc/changelogs/CHANGELOG_V6.md
@@ -7,6 +7,7 @@
|