diff --git a/package/openssl/Makefile b/package/openssl/Makefile index f0bcd1d842..06a39fd445 100644 --- a/package/openssl/Makefile +++ b/package/openssl/Makefile @@ -8,15 +8,15 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl -PKG_VERSION:=0.9.8m -PKG_RELEASE:=4 +PKG_VERSION:=0.9.8n +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.openssl.org/source/ \ ftp://ftp.funet.fi/pub/crypt/cryptography/libs/openssl/source/ \ ftp://ftp.webmonster.de/pub/openssl/source/ \ ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/ -PKG_MD5SUM:=898bf125370926d5f692a2201124f8ec +PKG_MD5SUM:=076d8efc3ed93646bd01f04e23c07066 PKG_BUILD_DEPENDS:=ocf-crypto-headers PKG_CONFIG_DEPENDS:=CONFIG_OPENSSL_ENGINE diff --git a/package/openssl/patches/200-ocf-20100325.patch b/package/openssl/patches/200-ocf-20100325.patch index da941b37ac..16d8451395 100644 --- a/package/openssl/patches/200-ocf-20100325.patch +++ b/package/openssl/patches/200-ocf-20100325.patch @@ -1121,16 +1121,6 @@ if (kop->crk_param[i].crp_p) free(kop->crk_param[i].crp_p); kop->crk_param[i].crp_p = NULL; -@@ -757,6 +1025,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BI - - if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) { - const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); -+ fprintf(stderr, "cryptodev_asym: CRK_MOD_EXP %s failed, " -+ "Running in software\n", errno==kop.crk_status ? -+ "hardware operation" : "asym process"); - ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); - } - err: @@ -768,7 +1039,6 @@ static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { @@ -1139,16 +1129,6 @@ r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); return (r); } -@@ -803,6 +1073,9 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const - - if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) { - const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); -+ fprintf(stderr, "cryptodev_asym: CRK_MOD_EXP_CRT %s failed, " -+ "Running in software\n", errno==kop.crk_status ? -+ "hardware operation" : "asym process"); - ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); - } - err: @@ -904,6 +1177,9 @@ cryptodev_dsa_do_sign(const unsigned cha const DSA_METHOD *meth = DSA_OpenSSL(); BN_free(r); diff --git a/package/openssl/patches/400-cve-2010-0740.patch b/package/openssl/patches/400-cve-2010-0740.patch deleted file mode 100644 index 4c893eb38d..0000000000 --- a/package/openssl/patches/400-cve-2010-0740.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- a/ssl/s3_pkt.c -+++ b/ssl/s3_pkt.c -@@ -291,9 +291,9 @@ again: - if (version != s->version) - { - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); -- /* Send back error using their -- * version number :-) */ -- s->version=version; -+ if ((s->version & 0xFF00) == (version & 0xFF00)) -+ /* Send back error using their minor version number :-) */ -+ s->version = (unsigned short)version; - al=SSL_AD_PROTOCOL_VERSION; - goto f_err; - }