openssl: update to version 1.1.1c
Highlights of this version: - Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543) - Fix OPENSSL_config bug (patch removed) - Change the default RSA, DSA and DH size to 2048 bit instead of 1024. - Enable SHA3 pre-hashing for ECDSA and DSA Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [DMARC removal]
This commit is contained in:
Eneas U de Queiroz
committed by
Christian Lamparter
Christian Lamparter
parent
4d6da05683
commit
f22ef1f1de
@@ -9,9 +9,9 @@ include $(TOPDIR)/rules.mk
|
|||||||
|
|
||||||
PKG_NAME:=openssl
|
PKG_NAME:=openssl
|
||||||
PKG_BASE:=1.1.1
|
PKG_BASE:=1.1.1
|
||||||
PKG_BUGFIX:=b
|
PKG_BUGFIX:=c
|
||||||
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
|
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
|
||||||
PKG_RELEASE:=5
|
PKG_RELEASE:=1
|
||||||
PKG_USE_MIPS16:=0
|
PKG_USE_MIPS16:=0
|
||||||
ENGINES_DIR=engines-1.1
|
ENGINES_DIR=engines-1.1
|
||||||
|
|
||||||
@@ -24,7 +24,7 @@ PKG_SOURCE_URL:= \
|
|||||||
ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
|
ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
|
||||||
http://www.openssl.org/source/ \
|
http://www.openssl.org/source/ \
|
||||||
http://www.openssl.org/source/old/$(PKG_BASE)/
|
http://www.openssl.org/source/old/$(PKG_BASE)/
|
||||||
PKG_HASH:=5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b
|
PKG_HASH:=f6fb3079ad15076154eda9413fed42877d668e7069d9b87396d0804fdb3f4c90
|
||||||
|
|
||||||
PKG_LICENSE:=OpenSSL
|
PKG_LICENSE:=OpenSSL
|
||||||
PKG_LICENSE_FILES:=LICENSE
|
PKG_LICENSE_FILES:=LICENSE
|
||||||
|
|||||||
@@ -1,31 +0,0 @@
|
|||||||
From 9933d4a06bd0a0b5b757f072944e8cd54d4bddd3 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Richard Levitte <levitte@openssl.org>
|
|
||||||
Date: Wed, 20 Mar 2019 10:18:13 +0100
|
|
||||||
Subject: [PATCH] OPENSSL_config(): restore error agnosticism
|
|
||||||
|
|
||||||
Great effort has been made to make initialization more configurable.
|
|
||||||
However, the behavior of OPENSSL_config() was lost in the process,
|
|
||||||
having it suddenly generate errors it didn't previously, which is not
|
|
||||||
how it's documented to behave.
|
|
||||||
|
|
||||||
A simple setting of default flags fixes this problem.
|
|
||||||
|
|
||||||
Fixes #8528
|
|
||||||
|
|
||||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
||||||
(Merged from https://github.com/openssl/openssl/pull/8533)
|
|
||||||
|
|
||||||
(cherry picked from commit 905c9a72a708701597891527b422c7f374125c52)
|
|
||||||
|
|
||||||
diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
|
|
||||||
index 2ce42f0c67..3805c426d8 100644
|
|
||||||
--- a/crypto/conf/conf_sap.c
|
|
||||||
+++ b/crypto/conf/conf_sap.c
|
|
||||||
@@ -35,6 +35,7 @@ void OPENSSL_config(const char *appname)
|
|
||||||
memset(&settings, 0, sizeof(settings));
|
|
||||||
if (appname != NULL)
|
|
||||||
settings.appname = strdup(appname);
|
|
||||||
+ settings.flags = DEFAULT_CONF_MFLAGS;
|
|
||||||
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
Reference in New Issue
Block a user