ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-02-01 08:48:08 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

openssl: update to version 1.1.1c

Browse Source 
Highlights of this version:
 - Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
 - Fix OPENSSL_config bug (patch removed)
 - Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
 - Enable SHA3 pre-hashing for ECDSA and DSA

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [DMARC removal]
This commit is contained in:
Eneas U de Queiroz 2019-05-28 20:07:57 +00:00 committed by Christian Lamparter
parent 4d6da05683
commit f22ef1f1de
2 changed files with 3 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
package/libs/openssl/Makefile
View File

@ -9,9 +9,9 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=openssl PKG_NAME:=openssl
PKG_BASE:=1.1.1 PKG_BASE:=1.1.1
PKG_BUGFIX:=b PKG_BUGFIX:=c
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
PKG_RELEASE:=5 PKG_RELEASE:=1
PKG_USE_MIPS16:=0 PKG_USE_MIPS16:=0
ENGINES_DIR=engines-1.1 ENGINES_DIR=engines-1.1
@ -24,7 +24,7 @@ PKG_SOURCE_URL:= \
ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \ ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
http://www.openssl.org/source/ \ http://www.openssl.org/source/ \
http://www.openssl.org/source/old/$(PKG_BASE)/ http://www.openssl.org/source/old/$(PKG_BASE)/
PKG_HASH:=5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b PKG_HASH:=f6fb3079ad15076154eda9413fed42877d668e7069d9b87396d0804fdb3f4c90
PKG_LICENSE:=OpenSSL PKG_LICENSE:=OpenSSL
PKG_LICENSE_FILES:=LICENSE PKG_LICENSE_FILES:=LICENSE

31
package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch
View File

@ -1,31 +0,0 @@
From 9933d4a06bd0a0b5b757f072944e8cd54d4bddd3 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Wed, 20 Mar 2019 10:18:13 +0100
Subject: [PATCH] OPENSSL_config(): restore error agnosticism
Great effort has been made to make initialization more configurable.
However, the behavior of OPENSSL_config() was lost in the process,
having it suddenly generate errors it didn't previously, which is not
how it's documented to behave.
A simple setting of default flags fixes this problem.
Fixes #8528
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8533)
(cherry picked from commit 905c9a72a708701597891527b422c7f374125c52)
diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
index 2ce42f0c67..3805c426d8 100644
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -35,6 +35,7 @@ void OPENSSL_config(const char *appname)
memset(&settings, 0, sizeof(settings));
if (appname != NULL)
settings.appname = strdup(appname);
+ settings.flags = DEFAULT_CONF_MFLAGS;
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
}
#endif