deps: upgrade openssl sources to 1.1.0j

This updates all sources in deps/openssl/openssl with openssl-1.1.0j.

PR-URL: https://github.com/nodejs/node/pull/24523
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>

6 files changed, 38 insertions, 16 deletions

diff --git a/deps/openssl/openssl/doc/crypto/EVP_DigestInit.pod b/deps/openssl/openssl/doc/crypto/EVP_DigestInit.pod
index 1dc76cbdf8..9fda29ba07 100644
--- a/deps/openssl/openssl/doc/crypto/EVP_DigestInit.pod
+++ b/deps/openssl/openssl/doc/crypto/EVP_DigestInit.pod
@@ -223,7 +223,7 @@ EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context
 instead of initializing and cleaning it up on each call and allow non default
 implementations of digests to be specified.
 
-If digest contexts are not cleaned up after use
+If digest contexts are not cleaned up after use,
 memory leaks will occur.
 
 EVP_MD_CTX_size(), EVP_MD_CTX_block_size(), EVP_MD_CTX_type(),
diff --git a/deps/openssl/openssl/doc/crypto/EVP_DigestSignInit.pod b/deps/openssl/openssl/doc/crypto/EVP_DigestSignInit.pod
index 5fadc82e6a..a3938d5800 100644
--- a/deps/openssl/openssl/doc/crypto/EVP_DigestSignInit.pod
+++ b/deps/openssl/openssl/doc/crypto/EVP_DigestSignInit.pod
@@ -19,14 +19,16 @@ The EVP signature routines are a high level interface to digital signatures.
 
 EVP_DigestSignInit() sets up signing context B<ctx> to use digest B<type> from
 ENGINE B<impl> and private key B<pkey>. B<ctx> must be created with
-EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL the
+EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL, the
 EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can
-be used to set alternative signing options. The digest B<type> may be NULL if
-the signing algorithm supports it.
+be used to set alternative signing options. Note that any existing value in
+B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be freed
+directly by the application (it will be freed automatically when the EVP_MD_CTX
+is freed). The digest B<type> may be NULL if the signing algorithm supports it.
 
 Only EVP_PKEY types that support signing can be used with these functions. This
 includes MAC algorithms where the MAC generation is considered as a form of
-"signing." Built-in EVP_PKEY types supported by these functions are CMAC, DSA,
+"signing". Built-in EVP_PKEY types supported by these functions are CMAC, DSA,
 ECDSA, HMAC and RSA.
 
 Not all digests can be used for all key types. The following combinations apply.
@@ -69,17 +71,17 @@ signature context B<ctx>. This function can be called several times on the
 same B<ctx> to include additional data. This function is currently implemented
 using a macro.
 
-EVP_DigestSignFinal() signs the data in B<ctx> places the signature in B<sig>.
+EVP_DigestSignFinal() signs the data in B<ctx> and places the signature in B<sig>.
 If B<sig> is B<NULL> then the maximum size of the output buffer is written to
 the B<siglen> parameter. If B<sig> is not B<NULL> then before the call the
-B<siglen> parameter should contain the length of the B<sig> buffer, if the
+B<siglen> parameter should contain the length of the B<sig> buffer. If the
 call is successful the signature is written to B<sig> and the amount of data
 written to B<siglen>.
 
 =head1 RETURN VALUES
 
 EVP_DigestSignInit() EVP_DigestSignUpdate() and EVP_DigestSignaFinal() return
-1 for success and 0 or a negative value for failure. In particular a return
+1 for success and 0 or a negative value for failure. In particular, a return
 value of -2 indicates the operation is not supported by the public key
 algorithm.
 
@@ -103,7 +105,7 @@ The call to EVP_DigestSignFinal() internally finalizes a copy of the digest
 context. This means that calls to EVP_DigestSignUpdate() and
 EVP_DigestSignFinal() can be called later to digest and sign additional data.
 
-Since only a copy of the digest context is ever finalized the context must
+Since only a copy of the digest context is ever finalized, the context must
 be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
 will occur.
 
diff --git a/deps/openssl/openssl/doc/crypto/EVP_DigestVerifyInit.pod b/deps/openssl/openssl/doc/crypto/EVP_DigestVerifyInit.pod
index ce59422d3e..ff1153b644 100644
--- a/deps/openssl/openssl/doc/crypto/EVP_DigestVerifyInit.pod
+++ b/deps/openssl/openssl/doc/crypto/EVP_DigestVerifyInit.pod
@@ -19,9 +19,12 @@ The EVP signature routines are a high level interface to digital signatures.
 
 EVP_DigestVerifyInit() sets up verification context B<ctx> to use digest
 B<type> from ENGINE B<impl> and public key B<pkey>. B<ctx> must be created
-with EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL the
+with EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL, the
 EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this
-can be used to set alternative verification options.
+can be used to set alternative verification options. Note that any existing
+value in B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be
+freed directly by the application (it will be freed automatically when the
+EVP_MD_CTX is freed).
 
 EVP_DigestVerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
 verification context B<ctx>. This function can be called several times on the
@@ -62,7 +65,7 @@ The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest
 context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can
 be called later to digest and verify additional data.
 
-Since only a copy of the digest context is ever finalized the context must
+Since only a copy of the digest context is ever finalized, the context must
 be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
 will occur.
 
@@ -81,7 +84,7 @@ were first added to OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
-Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/deps/openssl/openssl/doc/crypto/OCSP_resp_find_status.pod b/deps/openssl/openssl/doc/crypto/OCSP_resp_find_status.pod
index e014df500b..a4e3c1c2f0 100644
--- a/deps/openssl/openssl/doc/crypto/OCSP_resp_find_status.pod
+++ b/deps/openssl/openssl/doc/crypto/OCSP_resp_find_status.pod
@@ -6,6 +6,9 @@ OCSP_resp_get0_certs,
 OCSP_resp_get0_signer,
 OCSP_resp_get0_id,
 OCSP_resp_get0_produced_at,
+OCSP_resp_get0_signature,
+OCSP_resp_get0_tbs_sigalg,
+OCSP_resp_get0_respdata,
 OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find,
 OCSP_single_get0_status, OCSP_check_validity,
 OCSP_basic_verify
@@ -32,6 +35,9 @@ OCSP_basic_verify
  const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(
                              const OCSP_BASICRESP* single);
 
+ const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs);
+ const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs);
+ const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs);
  const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
 
  int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
@@ -78,6 +84,12 @@ B<*revtime>, B<*thisupd> and B<*nextupd>.
 OCSP_resp_get0_produced_at() extracts the B<producedAt> field from the
 single response B<bs>.
 
+OCSP_resp_get0_signature() returns the signature from B<bs>.
+
+OCSP_resp_get0_tbs_sigalg() returns the B<signatureAlgorithm> from B<bs>.
+
+OCSP_resp_get0_respdata() returns the B<tbsResponseData> from B<bs>.
+
 OCSP_resp_get0_certs() returns any certificates included in B<bs>.
 
 OCSP_resp_get0_signer() attempts to retrieve the certificate that directly
diff --git a/deps/openssl/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/deps/openssl/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod
index f5429d217e..01623bac76 100644
--- a/deps/openssl/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod
+++ b/deps/openssl/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod
@@ -2,13 +2,14 @@
 
 =head1 NAME
 
-OPENSSL_VERSION_NUMBER, OpenSSL_version,
+OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, OpenSSL_version,
 OpenSSL_version_num - get OpenSSL version number
 
 =head1 SYNOPSIS
 
  #include <openssl/opensslv.h>
  #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
+ #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx"
 
  #include <openssl/crypto.h>
 
@@ -45,6 +46,10 @@ Version 0.9.5a had an interim interpretation that is like the current one,
 except the patch level got the highest bit set, to keep continuity.  The
 number was therefore 0x0090581f.
 
+OPENSSL_VERSION_TEXT is the text variant of the version number and the
+release date.  For example,
+"OpenSSL 1.0.1a 15 Oct 2015".
+
 OpenSSL_version_num() returns the version number.
 
 OpenSSL_version() returns different strings depending on B<t>:
diff --git a/deps/openssl/openssl/doc/crypto/RSA_meth_new.pod b/deps/openssl/openssl/doc/crypto/RSA_meth_new.pod
index 9c89426a9a..8f6d428afc 100644
--- a/deps/openssl/openssl/doc/crypto/RSA_meth_new.pod
+++ b/deps/openssl/openssl/doc/crypto/RSA_meth_new.pod
@@ -58,9 +58,9 @@ RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen
                                             int padding));
      /* Can be null */
  int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
-     (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+     (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);
  int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
-                          int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                          int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa,
                                           BN_CTX *ctx));
      /* Can be null */
  int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))