From b3b3428a0e5d50eaddabd80100eb23ab04899293 Mon Sep 17 00:00:00 2001 From: John Audia Date: Thu, 3 Nov 2022 09:27:49 -0400 Subject: openssl: bump to 1.1.1s Changes between 1.1.1r and 1.1.1s [1 Nov 2022] *) Fixed a regression introduced in 1.1.1r version not refreshing the certificate data to be signed before signing the certificate. [Gibeom Gwon] Changes between 1.1.1q and 1.1.1r [11 Oct 2022] *) Fixed the linux-mips64 Configure target which was missing the SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that platform. [Adam Joseph] *) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was causing incorrect results in some cases as a result. [Paul Dale] *) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to report correct results in some cases [Matt Caswell] *) Fixed a regression introduced in 1.1.1o for re-signing certificates with different key sizes [Todd Short] *) Added the loongarch64 target [Shi Pujin] *) Fixed a DRBG seed propagation thread safety issue [Bernd Edlinger] *) Fixed a memory leak in tls13_generate_secret [Bernd Edlinger] *) Fixed reported performance degradation on aarch64. Restored the implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") for 64bit targets only, since it is reportedly 2-17% slower and the silicon errata only affects 32bit targets. The new algorithm is still used for 32 bit targets. [Bernd Edlinger] *) Added a missing header for memcmp that caused compilation failure on some platforms [Gregor Jasny] Build system: x86_64 Build-tested: bcm2711/RPi4B Run-tested: bcm2711/RPi4B Signed-off-by: John Audia (cherry picked from commit a0814f04ed955eb10b25df0ce6666ed91f11ca1b) --- ...410-eng_devcrypto-add-configuration-options.patch | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) (limited to 'package/libs/openssl/patches/410-eng_devcrypto-add-configuration-options.patch') diff --git a/package/libs/openssl/patches/410-eng_devcrypto-add-configuration-options.patch b/package/libs/openssl/patches/410-eng_devcrypto-add-configuration-options.patch index 6d0fbfc982..bad7a37256 100644 --- a/package/libs/openssl/patches/410-eng_devcrypto-add-configuration-options.patch +++ b/package/libs/openssl/patches/410-eng_devcrypto-add-configuration-options.patch @@ -13,7 +13,6 @@ Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7585) -diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c --- a/crypto/engine/eng_devcrypto.c +++ b/crypto/engine/eng_devcrypto.c @@ -16,6 +16,7 @@ @@ -79,7 +78,7 @@ diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c /* * Code further down must make sure that only NIDs in the table above -@@ -333,19 +367,40 @@ static int cipher_cleanup(EVP_CIPHER_CTX *ctx) +@@ -333,19 +367,40 @@ static int cipher_cleanup(EVP_CIPHER_CTX } /* @@ -185,7 +184,7 @@ diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c static const EVP_CIPHER *get_cipher_method(int nid) { size_t i = get_cipher_data_index(nid); -@@ -438,6 +520,36 @@ static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher, +@@ -438,6 +520,36 @@ static int devcrypto_ciphers(ENGINE *e, return *cipher != NULL; } @@ -246,7 +245,7 @@ diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c /* * Code further down must make sure that only NIDs in the table above -@@ -516,8 +637,8 @@ static const struct digest_data_st *get_digest_data(int nid) +@@ -516,8 +637,8 @@ static const struct digest_data_st *get_ } /* @@ -257,7 +256,7 @@ diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c */ static int digest_init(EVP_MD_CTX *ctx) -@@ -630,52 +751,94 @@ static int digest_cleanup(EVP_MD_CTX *ctx) +@@ -630,52 +751,94 @@ static int digest_cleanup(EVP_MD_CTX *ct return clean_devcrypto_session(&digest_ctx->sess); } @@ -402,7 +401,7 @@ diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c } } -@@ -739,8 +909,154 @@ static int devcrypto_digests(ENGINE *e, const EVP_MD **digest, +@@ -739,7 +909,153 @@ static int devcrypto_digests(ENGINE *e, return *digest != NULL; } @@ -478,8 +477,8 @@ diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c + "DIGESTS", + "either ALL, NONE, or a comma-separated list of digests to enable [default=ALL]", + ENGINE_CMD_FLAG_STRING}, - #endif - ++#endif ++ + {0, NULL, NULL, 0} +}; + @@ -503,7 +502,7 @@ diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c + use_softdrivers = i; +#ifdef IMPLEMENT_DIGEST + rebuild_known_digest_nids(e); -+#endif + #endif + rebuild_known_cipher_nids(e); + return 1; +#endif /* CIOCGSESSINFO */ @@ -553,10 +552,9 @@ diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c + } + return 0; +} -+ + /****************************************************************************** * - * LOAD / UNLOAD @@ -806,6 +1122,8 @@ void engine_load_devcrypto_int() if (!ENGINE_set_id(e, "devcrypto") -- cgit v1.2.3