deps: downgrade openssl to v1.0.0f

Several people have reported issues with IIS and Resin servers (or maybe
SSL terminators sitting in front of those servers) that are fixed by
downgrading OpenSSL. The AESNI performance improvements were nice but
stability is more important. Downgrade OpenSSL from 1.0.1e to 1.0.0f.

Fixes #5360 (and others).

1 files changed, 0 insertions, 27 deletions

diff --git a/deps/openssl/openssl/crypto/evp/digest.c b/deps/openssl/openssl/crypto/evp/digest.c
index 6fc469f9c4..982ba2b136 100644
--- a/deps/openssl/openssl/crypto/evp/digest.c
+++ b/deps/openssl/openssl/crypto/evp/digest.c
@@ -117,10 +117,6 @@
 #include <openssl/engine.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
 	{
 	memset(ctx,'\0',sizeof *ctx);
@@ -229,26 +225,12 @@ skip_to_init:
 		}
 	if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
 		return 1;
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode())
-		{
-		if (FIPS_digestinit(ctx, type))
-			return 1;
-		OPENSSL_free(ctx->md_data);
-		ctx->md_data = NULL;
-		return 0;
-		}
-#endif
 	return ctx->digest->init(ctx);
 	}
 
 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
 	{
-#ifdef OPENSSL_FIPS
-	return FIPS_digestupdate(ctx, data, count);
-#else
 	return ctx->update(ctx,data,count);
-#endif
 	}
 
 /* The caller can assume that this removes any secret data from the context */
@@ -263,9 +245,6 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 /* The caller can assume that this removes any secret data from the context */
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 	{
-#ifdef OPENSSL_FIPS
-	return FIPS_digestfinal(ctx, md, size);
-#else
 	int ret;
 
 	OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
@@ -279,7 +258,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 		}
 	memset(ctx->md_data,0,ctx->digest->ctx_size);
 	return ret;
-#endif
 	}
 
 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
@@ -373,7 +351,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
 /* This call frees resources associated with the context */
 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
 	{
-#ifndef OPENSSL_FIPS
 	/* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
 	 * because sometimes only copies of the context are ever finalised.
 	 */
@@ -386,7 +363,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
 		OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
 		OPENSSL_free(ctx->md_data);
 		}
-#endif
 	if (ctx->pctx)
 		EVP_PKEY_CTX_free(ctx->pctx);
 #ifndef OPENSSL_NO_ENGINE
@@ -395,9 +371,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
 		 * functional reference we held for this reason. */
 		ENGINE_finish(ctx->engine);
 #endif
-#ifdef OPENSSL_FIPS
-	FIPS_md_ctx_cleanup(ctx);
-#endif
 	memset(ctx,'\0',sizeof *ctx);
 
 	return 1;