[PATCH] openssl: update to version 1.1.1c

Eneas U de Queiroz cote2004-github at yahoo.com
Tue May 28 13:07:33 PDT 2019


Highlights of this version:
 - Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
 - Fix OPENSSL_config bug (patch removed)
 - Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
 - Enable SHA3 pre-hashing for ECDSA and DSA

Signed-off-by: Eneas U de Queiroz <cote2004-github at yahoo.com>

diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index c173ede9b3..f16c24f7c6 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -9,9 +9,9 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_BASE:=1.1.1
-PKG_BUGFIX:=b
+PKG_BUGFIX:=c
 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
-PKG_RELEASE:=5
+PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
 ENGINES_DIR=engines-1.1
 
@@ -24,7 +24,7 @@ PKG_SOURCE_URL:= \
 	ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
 	http://www.openssl.org/source/ \
 	http://www.openssl.org/source/old/$(PKG_BASE)/
-PKG_HASH:=5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b
+PKG_HASH:=f6fb3079ad15076154eda9413fed42877d668e7069d9b87396d0804fdb3f4c90
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE
diff --git a/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch b/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch
deleted file mode 100644
index 3923ac41da..0000000000
--- a/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 9933d4a06bd0a0b5b757f072944e8cd54d4bddd3 Mon Sep 17 00:00:00 2001
-From: Richard Levitte <levitte at openssl.org>
-Date: Wed, 20 Mar 2019 10:18:13 +0100
-Subject: [PATCH] OPENSSL_config(): restore error agnosticism
-
-Great effort has been made to make initialization more configurable.
-However, the behavior of OPENSSL_config() was lost in the process,
-having it suddenly generate errors it didn't previously, which is not
-how it's documented to behave.
-
-A simple setting of default flags fixes this problem.
-
-Fixes #8528
-
-Reviewed-by: Matt Caswell <matt at openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/8533)
-
-(cherry picked from commit 905c9a72a708701597891527b422c7f374125c52)
-
-diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
-index 2ce42f0c67..3805c426d8 100644
---- a/crypto/conf/conf_sap.c
-+++ b/crypto/conf/conf_sap.c
-@@ -35,6 +35,7 @@ void OPENSSL_config(const char *appname)
-     memset(&settings, 0, sizeof(settings));
-     if (appname != NULL)
-         settings.appname = strdup(appname);
-+    settings.flags = DEFAULT_CONF_MFLAGS;
-     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
- }
- #endif



More information about the openwrt-devel mailing list