aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs/openssl/patches/140-allow-prefer-chacha20.patch
diff options
context:
space:
mode:
authorEneas U de Queiroz <cotequeiroz@gmail.com>2019-09-17 10:52:11 -0300
committerPetr Štetiar <ynezz@true.cz>2019-09-23 07:42:30 +0200
commitb610572a9baf18a913231e5d90348af873986ddc (patch)
treed145d426dabbceba8bd37fcdafcd25ff2cc6db90 /package/libs/openssl/patches/140-allow-prefer-chacha20.patch
parent0b9f3c28ef6c37b42abdd02c19c96fe34d81ea33 (diff)
downloadupstream-b610572a9baf18a913231e5d90348af873986ddc.tar.gz
upstream-b610572a9baf18a913231e5d90348af873986ddc.tar.bz2
upstream-b610572a9baf18a913231e5d90348af873986ddc.zip
openssl: bump to 1.1.1d
This version fixes 3 low-severity vulnerabilities: - CVE-2019-1547: ECDSA remote timing attack - CVE-2019-1549: Fork Protection - CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey Patches were refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit d868d0a5d7e1d76bb1a8980346d222fae55fa18b)
Diffstat (limited to 'package/libs/openssl/patches/140-allow-prefer-chacha20.patch')
-rw-r--r--package/libs/openssl/patches/140-allow-prefer-chacha20.patch10
1 files changed, 7 insertions, 3 deletions
diff --git a/package/libs/openssl/patches/140-allow-prefer-chacha20.patch b/package/libs/openssl/patches/140-allow-prefer-chacha20.patch
index ecbb5c61db..b293db28f7 100644
--- a/package/libs/openssl/patches/140-allow-prefer-chacha20.patch
+++ b/package/libs/openssl/patches/140-allow-prefer-chacha20.patch
@@ -1,4 +1,4 @@
-From 286e015bf0d30530707a5e7b3b871509f2ab50d7 Mon Sep 17 00:00:00 2001
+From 4f7ab2040bb71f03a8f8388911144559aa2a5b60 Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
Date: Thu, 27 Sep 2018 08:44:39 -0300
Subject: Add OPENSSL_PREFER_CHACHA_OVER_GCM option
@@ -14,6 +14,8 @@ when the client has it on top of its ciphersuite preference.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
+index 6724ccf2d2..96d959427e 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -173,9 +173,15 @@ extern "C" {
@@ -35,9 +37,11 @@ Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
# else
# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
"TLS_AES_128_GCM_SHA256"
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index 27a1b2ec68..7039811323 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
-@@ -1466,11 +1466,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1467,11 +1467,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
&tail);
@@ -67,7 +71,7 @@ Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
/*
* ...and generally, our preferred cipher is AES.
-@@ -1526,7 +1544,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1527,7 +1545,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* Within each group, ciphers remain sorted by strength and previous
* preference, i.e.,
* 1) ECDHE > DHE