ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2024-12-26 17:01:14 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
ffc65a80d1
openwrt/package/libs/openssl/patches/200-eng_devcrypto-don-t-leak-methods-tables.patch
Eneas U de Queiroz d872d00b2f openssl: update to version 1.1.1a 
This version adds the following functionality:
  * TLS 1.3
  * AFALG engine support for hardware accelleration
  * x25519 ECC curve support
  * CRIME protection: disable use of compression by default
  * Support for ChaCha20 and Poly1305

Patches fixing bugs in the /dev/crypto engine were applied, from
https://github.com/openssl/openssl/pull/7585

This increses the size of the ipk binray on MIPS32 by about 32%:
old:
693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk

new:
912.493 bin/packages/mips_24kc/base/libopenssl1.1_1.1.1a-2_mips_24kc.ipk
239.316 bin/packages/mips_24kc/base/openssl-util_1.1.1a-2_mips_24kc.ipk

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-02-12 22:23:26 +01:00

43 lines
1.3 KiB
Diff
Raw Blame History

From be5cf61caa425070ec4f3e925d4e9aa484c8315b Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
Date: Mon, 5 Nov 2018 17:59:42 -0200
Subject: [PATCH 1/7] eng_devcrypto: don't leak methods tables
Call functions to prepare methods after confirming that /dev/crytpo was
sucessfully open and that the destroy function has been set.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
(cherry picked from commit d9d4dff5c640990d45af115353fc9f88a497a56c)
--- a/crypto/engine/eng_devcrypto.c
+++ b/crypto/engine/eng_devcrypto.c
@@ -619,11 +619,6 @@ void engine_load_devcrypto_int()
return;
}
- prepare_cipher_methods();
-#ifdef IMPLEMENT_DIGEST
- prepare_digest_methods();
-#endif
-
if ((e = ENGINE_new()) == NULL
|| !ENGINE_set_destroy_function(e, devcrypto_unload)) {
ENGINE_free(e);
@@ -636,6 +631,11 @@ void engine_load_devcrypto_int()
return;
}
+ prepare_cipher_methods();
+#ifdef IMPLEMENT_DIGEST
+ prepare_digest_methods();
+#endif
+
if (!ENGINE_set_id(e, "devcrypto")
|| !ENGINE_set_name(e, "/dev/crypto engine")
Reference in New Issue View Git Blame Copy Permalink