deps: downgrade openssl to v1.0.0f

Several people have reported issues with IIS and Resin servers (or maybe
SSL terminators sitting in front of those servers) that are fixed by
downgrading OpenSSL. The AESNI performance improvements were nice but
stability is more important. Downgrade OpenSSL from 1.0.1e to 1.0.0f.

Fixes #5360 (and others).

1 files changed, 2 insertions, 31 deletions

diff --git a/deps/openssl/openssl/crypto/dh/dh_key.c b/deps/openssl/openssl/crypto/dh/dh_key.c
index 89a74db4e6..e7db440342 100644
--- a/deps/openssl/openssl/crypto/dh/dh_key.c
+++ b/deps/openssl/openssl/crypto/dh/dh_key.c
@@ -73,27 +73,11 @@ static int dh_finish(DH *dh);
 
 int DH_generate_key(DH *dh)
 	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-			&& !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
-		{
-		DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD);
-		return 0;
-		}
-#endif
 	return dh->meth->generate_key(dh);
 	}
 
 int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-			&& !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
-		{
-		DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD);
-		return 0;
-		}
-#endif
 	return dh->meth->compute_key(key, pub_key, dh);
 	}
 
@@ -154,21 +138,8 @@ static int generate_key(DH *dh)
 
 	if (generate_new_key)
 		{
-		if (dh->q)
-			{
-			do
-				{
-				if (!BN_rand_range(priv_key, dh->q))
-					goto err;
-				}
-			while (BN_is_zero(priv_key) || BN_is_one(priv_key));
-			}
-		else
-			{
-			/* secret exponent length */
-			l = dh->length ? dh->length : BN_num_bits(dh->p)-1;
-			if (!BN_rand(priv_key, l, 0, 0)) goto err;
-			}
+		l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
+		if (!BN_rand(priv_key, l, 0, 0)) goto err;
 		}
 
 	{