diff options
author | Eneas U de Queiroz <cotequeiroz@gmail.com> | 2019-09-17 10:52:11 -0300 |
---|---|---|
committer | Petr Štetiar <ynezz@true.cz> | 2019-09-23 07:42:30 +0200 |
commit | b610572a9baf18a913231e5d90348af873986ddc (patch) | |
tree | d145d426dabbceba8bd37fcdafcd25ff2cc6db90 /package/libs/openssl/patches/140-allow-prefer-chacha20.patch | |
parent | 0b9f3c28ef6c37b42abdd02c19c96fe34d81ea33 (diff) | |
download | upstream-b610572a9baf18a913231e5d90348af873986ddc.tar.gz upstream-b610572a9baf18a913231e5d90348af873986ddc.tar.bz2 upstream-b610572a9baf18a913231e5d90348af873986ddc.zip |
openssl: bump to 1.1.1d
This version fixes 3 low-severity vulnerabilities:
- CVE-2019-1547: ECDSA remote timing attack
- CVE-2019-1549: Fork Protection
- CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and
CMS_decrypt_set1_pkey
Patches were refreshed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit d868d0a5d7e1d76bb1a8980346d222fae55fa18b)
Diffstat (limited to 'package/libs/openssl/patches/140-allow-prefer-chacha20.patch')
-rw-r--r-- | package/libs/openssl/patches/140-allow-prefer-chacha20.patch | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/package/libs/openssl/patches/140-allow-prefer-chacha20.patch b/package/libs/openssl/patches/140-allow-prefer-chacha20.patch index ecbb5c61db..b293db28f7 100644 --- a/package/libs/openssl/patches/140-allow-prefer-chacha20.patch +++ b/package/libs/openssl/patches/140-allow-prefer-chacha20.patch @@ -1,4 +1,4 @@ -From 286e015bf0d30530707a5e7b3b871509f2ab50d7 Mon Sep 17 00:00:00 2001 +From 4f7ab2040bb71f03a8f8388911144559aa2a5b60 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz <cote2004-github@yahoo.com> Date: Thu, 27 Sep 2018 08:44:39 -0300 Subject: Add OPENSSL_PREFER_CHACHA_OVER_GCM option @@ -14,6 +14,8 @@ when the client has it on top of its ciphersuite preference. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> +diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h +index 6724ccf2d2..96d959427e 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -173,9 +173,15 @@ extern "C" { @@ -35,9 +37,11 @@ Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> # else # define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ "TLS_AES_128_GCM_SHA256" +diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c +index 27a1b2ec68..7039811323 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c -@@ -1466,11 +1466,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1467,11 +1467,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); @@ -67,7 +71,7 @@ Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> /* * ...and generally, our preferred cipher is AES. -@@ -1526,7 +1544,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1527,7 +1545,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, * Within each group, ciphers remain sorted by strength and previous * preference, i.e., * 1) ECDHE > DHE |