From 36373c5ddb1b6fc81fa239a1f898c5abc3f24f40 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Tue, 31 Mar 2020 17:51:45 -0300 Subject: [PATCH] openssl: bump to 1.1.1f There were two changes between 1.1.1e and 1.1.1f: - a change in BN prime generation to avoid possible fingerprinting of newly generated RSA modules - the patch reversing EOF detection we had already applied. Signed-off-by: Eneas U de Queiroz (cherry picked from commit af5ccfbac74b859801cf174460fb8dbf9ed9e181) --- package/libs/openssl/Makefile | 6 +- ...t-Detect-EOF-while-reading-in-libssl.patch | 80 ------------------- 2 files changed, 3 insertions(+), 83 deletions(-) delete mode 100644 package/libs/openssl/patches/200-Partially-revert-Detect-EOF-while-reading-in-libssl.patch diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index ca45549800..e2f2661566 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -9,9 +9,9 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl PKG_BASE:=1.1.1 -PKG_BUGFIX:=e +PKG_BUGFIX:=f PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) -PKG_RELEASE:=2 +PKG_RELEASE:=1 PKG_USE_MIPS16:=0 ENGINES_DIR=engines-1.1 @@ -24,7 +24,7 @@ PKG_SOURCE_URL:= \ ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \ http://www.openssl.org/source/ \ http://www.openssl.org/source/old/$(PKG_BASE)/ -PKG_HASH:=694f61ac11cb51c9bf73f54e771ff6022b0327a43bbdfa1b2f19de1662a6dcbe +PKG_HASH:=186c6bfe6ecfba7a5b48c47f8a1673d0f3b0e5ba2e25602dd23b629975da3f35 PKG_LICENSE:=OpenSSL PKG_LICENSE_FILES:=LICENSE diff --git a/package/libs/openssl/patches/200-Partially-revert-Detect-EOF-while-reading-in-libssl.patch b/package/libs/openssl/patches/200-Partially-revert-Detect-EOF-while-reading-in-libssl.patch deleted file mode 100644 index c269dff07c..0000000000 --- a/package/libs/openssl/patches/200-Partially-revert-Detect-EOF-while-reading-in-libssl.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 30d190caf311d534867df97e26b552e628cb7d85 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Wed, 25 Mar 2020 14:15:31 +0100 -Subject: [PATCH] Partially revert "Detect EOF while reading in libssl" - -This partially reverts commit db943f43a60d1b5b1277e4b5317e8f288e7a0a3a. - -Reviewed-by: Matt Caswell -(Merged from https://github.com/openssl/openssl/pull/11400) - -diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt -index f5324c6819..35512f9caf 100644 ---- a/crypto/err/openssl.txt -+++ b/crypto/err/openssl.txt -@@ -2852,7 +2852,6 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines - SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines - SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message - SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data --SSL_R_UNEXPECTED_EOF_WHILE_READING:294:unexpected eof while reading - SSL_R_UNEXPECTED_MESSAGE:244:unexpected message - SSL_R_UNEXPECTED_RECORD:245:unexpected record - SSL_R_UNINITIALIZED:276:uninitialized -diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h -index 0ef684f3c1..ba4c4ae5fb 100644 ---- a/include/openssl/sslerr.h -+++ b/include/openssl/sslerr.h -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -734,7 +734,6 @@ int ERR_load_SSL_strings(void); - # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 - # define SSL_R_UNEXPECTED_CCS_MESSAGE 262 - # define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 --# define SSL_R_UNEXPECTED_EOF_WHILE_READING 294 - # define SSL_R_UNEXPECTED_MESSAGE 244 - # define SSL_R_UNEXPECTED_RECORD 245 - # define SSL_R_UNINITIALIZED 276 -diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c -index 1c885a664f..b2a7a47eb0 100644 ---- a/ssl/record/rec_layer_s3.c -+++ b/ssl/record/rec_layer_s3.c -@@ -296,12 +296,6 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, - ret = BIO_read(s->rbio, pkt + len + left, max - left); - if (ret >= 0) - bioread = ret; -- if (ret <= 0 -- && !BIO_should_retry(s->rbio) -- && BIO_eof(s->rbio)) { -- SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_READ_N, -- SSL_R_UNEXPECTED_EOF_WHILE_READING); -- } - } else { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N, - SSL_R_READ_BIO_NOT_SET); -diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c -index a0c7b79659..4b12ed1485 100644 ---- a/ssl/ssl_err.c -+++ b/ssl/ssl_err.c -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -1205,8 +1205,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { - "unexpected ccs message"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA), - "unexpected end of early data"}, -- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING), -- "unexpected eof while reading"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},