openssl: Update to pristine 1.0.2u (security update)

thirdparty/README.md

@@ -248,7 +248,7 @@ Collection of single-file libraries used in Godot components.
 ## openssl
 
 - Upstream: https://www.openssl.org
-- Version: 1.0.2t
+- Version: 1.0.2u
 - License: OpenSSL license / BSD-like
 
 Files extracted from the upstream source:

thirdparty/openssl/crypto/asn1/x_bignum.c

@@ -4,7 +4,7 @@
  * 2000.
  */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2019 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -102,7 +102,7 @@ ASN1_ITEM_end(CBIGNUM)
 static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
     *pval = (ASN1_VALUE *)BN_new();
-    if (*pval)
+    if (*pval != NULL)
         return 1;
     else
         return 0;
@@ -110,7 +110,7 @@ static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 
 static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-    if (!*pval)
+    if (*pval == NULL)
         return;
     if (it->size & BN_SENSITIVE)
         BN_clear_free((BIGNUM *)*pval);
@@ -124,7 +124,7 @@ static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
 {
     BIGNUM *bn;
     int pad;
-    if (!*pval)
+    if (*pval == NULL)
         return -1;
     bn = (BIGNUM *)*pval;
     /* If MSB set in an octet we need a padding byte */

thirdparty/openssl/crypto/cryptlib.c

@@ -1,6 +1,6 @@
 /* crypto/cryptlib.c */
 /* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2019 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -745,6 +745,11 @@ int OPENSSL_NONPIC_relocated = 0;
 void OPENSSL_cpuid_setup(void)
 {
 }
+
+unsigned long OPENSSL_rdtsc(void)
+{
+    return 0;
+}
 #endif
 
 #if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL)

thirdparty/openssl/crypto/ec/ec_asn1.c

@@ -973,6 +973,20 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
          * 0x0 = OPENSSL_EC_EXPLICIT_CURVE
          */
         EC_GROUP_set_asn1_flag(ret, 0x0);
+
+        /*
+         * If the input params do not contain the optional seed field we make
+         * sure it is not added to the returned group.
+         *
+         * The seed field is not really used inside libcrypto anyway, and
+         * adding it to parsed explicit parameter keys would alter their DER
+         * encoding output (because of the extra field) which could impact
+         * applications fingerprinting keys by their DER encoding.
+         */
+        if (params->curve->seed == NULL) {
+            if (EC_GROUP_set_seed(ret, NULL, 0) != 1)
+                goto err;
+        }
     }
 
     ok = 1;

thirdparty/openssl/openssl/opensslconf.h

@@ -255,7 +255,7 @@ extern "C" {
    even newer MIPS CPU's, but at the moment one size fits all for
    optimization options.  Older Sparc's work better with only UNROLL, but
    there's no way to tell at compile time what it is you're running on */
-
+ 
 #if defined( __sun ) || defined ( sun )		/* Newer Sparc's */
 #  define DES_PTR
 #  define DES_RISC1

thirdparty/openssl/openssl/opensslv.h

@@ -30,11 +30,11 @@ extern "C" {
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-# define OPENSSL_VERSION_NUMBER  0x1000214fL
+# define OPENSSL_VERSION_NUMBER  0x1000215fL
 # ifdef OPENSSL_FIPS
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2t-fips  10 Sep 2019"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2u-fips  20 Dec 2019"
 # else
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2t  10 Sep 2019"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2u  20 Dec 2019"
 # endif
 # define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
 

thirdparty/openssl/patches/winrt_fix.patch

@@ -1,5 +1,5 @@
 diff --git a/thirdparty/openssl/crypto/rand/rand_win.c b/thirdparty/openssl/crypto/rand/rand_win.c
-index 06670ae01..cb4093128 100644
+index b4be3097e9..63a9e9975a 100644
 --- a/thirdparty/openssl/crypto/rand/rand_win.c
 +++ b/thirdparty/openssl/crypto/rand/rand_win.c
 @@ -118,8 +118,10 @@
@@ -22,15 +22,15 @@ index 06670ae01..cb4093128 100644
  typedef BOOL(WINAPI *CRYPTACQUIRECONTEXTW) (HCRYPTPROV *, LPCWSTR, LPCWSTR,
                                              DWORD, DWORD);
  typedef BOOL(WINAPI *CRYPTGENRANDOM) (HCRYPTPROV, DWORD, BYTE *);
-@@ -196,6 +198,7 @@ typedef NET_API_STATUS(NET_API_FUNCTION *NETFREE) (LPBYTE);
- #  endif                        /* 1 */
- # endif                         /* !OPENSSL_SYS_WINCE */
+@@ -198,6 +200,7 @@ typedef NET_API_STATUS(NET_API_FUNCTION *NETFREE) (LPBYTE);
+ 
+ #define NOTTOOLONG(start) ((GetTickCount() - (start)) < MAXDELAY)
  
 +#if !defined(WINRT_ENABLED) // -- GODOT --
  int RAND_poll(void)
  {
      MEMORYSTATUS m;
-@@ -580,6 +583,8 @@ int RAND_poll(void)
+@@ -576,6 +579,8 @@ int RAND_poll(void)
      return (1);
  }
  
@@ -39,7 +39,7 @@ index 06670ae01..cb4093128 100644
  int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
  {
      double add_entropy = 0;
-@@ -682,7 +687,7 @@ static void readtimer(void)
+@@ -678,7 +683,7 @@ static void readtimer(void)
  
  static void readscreen(void)
  {
@@ -49,7 +49,7 @@ index 06670ae01..cb4093128 100644
      HBITMAP hBitmap;            /* handle for our bitmap */
      BITMAP bm;                  /* bitmap properties */
 diff --git a/thirdparty/openssl/openssl/dtls1.h b/thirdparty/openssl/openssl/dtls1.h
-index 30bbcf278..81d28c29c 100644
+index 30bbcf278a..31cb6d7eb9 100644
 --- a/thirdparty/openssl/openssl/dtls1.h
 +++ b/thirdparty/openssl/openssl/dtls1.h
 @@ -78,6 +78,9 @@