diff options
author | Eneas U de Queiroz <cote2004-github@yahoo.com> | 2019-05-28 20:07:57 +0000 |
---|---|---|
committer | Christian Lamparter <chunkeey@gmail.com> | 2019-05-31 11:21:22 +0200 |
commit | f22ef1f1de8816201c6d8551e1bb3f3fc58c4328 (patch) | |
tree | 964df5bc8a2429113ffa17a8938379269fd1a1c5 /package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch | |
parent | 4d6da056836aa017e1006ff8dd463dfd5d7341df (diff) | |
download | upstream-f22ef1f1de8816201c6d8551e1bb3f3fc58c4328.tar.gz upstream-f22ef1f1de8816201c6d8551e1bb3f3fc58c4328.tar.bz2 upstream-f22ef1f1de8816201c6d8551e1bb3f3fc58c4328.zip |
openssl: update to version 1.1.1c
Highlights of this version:
- Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
- Fix OPENSSL_config bug (patch removed)
- Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
- Enable SHA3 pre-hashing for ECDSA and DSA
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [DMARC removal]
Diffstat (limited to 'package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch')
-rw-r--r-- | package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch | 31 |
1 files changed, 0 insertions, 31 deletions
diff --git a/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch b/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch deleted file mode 100644 index 3923ac41da..0000000000 --- a/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 9933d4a06bd0a0b5b757f072944e8cd54d4bddd3 Mon Sep 17 00:00:00 2001 -From: Richard Levitte <levitte@openssl.org> -Date: Wed, 20 Mar 2019 10:18:13 +0100 -Subject: [PATCH] OPENSSL_config(): restore error agnosticism - -Great effort has been made to make initialization more configurable. -However, the behavior of OPENSSL_config() was lost in the process, -having it suddenly generate errors it didn't previously, which is not -how it's documented to behave. - -A simple setting of default flags fixes this problem. - -Fixes #8528 - -Reviewed-by: Matt Caswell <matt@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/8533) - -(cherry picked from commit 905c9a72a708701597891527b422c7f374125c52) - -diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c -index 2ce42f0c67..3805c426d8 100644 ---- a/crypto/conf/conf_sap.c -+++ b/crypto/conf/conf_sap.c -@@ -35,6 +35,7 @@ void OPENSSL_config(const char *appname) - memset(&settings, 0, sizeof(settings)); - if (appname != NULL) - settings.appname = strdup(appname); -+ settings.flags = DEFAULT_CONF_MFLAGS; - OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings); - } - #endif |