Highlights of this version: - Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543) - Fix OPENSSL_config bug (patch removed) - Change the default RSA, DSA and DH size to 2048 bit instead of 1024. - Enable SHA3 pre-hashing for ECDSA and DSA Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [DMARC removal]master
parent
4d6da05683
commit
f22ef1f1de
@ -1,31 +0,0 @@ |
||||
From 9933d4a06bd0a0b5b757f072944e8cd54d4bddd3 Mon Sep 17 00:00:00 2001
|
||||
From: Richard Levitte <levitte@openssl.org>
|
||||
Date: Wed, 20 Mar 2019 10:18:13 +0100
|
||||
Subject: [PATCH] OPENSSL_config(): restore error agnosticism
|
||||
|
||||
Great effort has been made to make initialization more configurable.
|
||||
However, the behavior of OPENSSL_config() was lost in the process,
|
||||
having it suddenly generate errors it didn't previously, which is not
|
||||
how it's documented to behave.
|
||||
|
||||
A simple setting of default flags fixes this problem.
|
||||
|
||||
Fixes #8528
|
||||
|
||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/8533)
|
||||
|
||||
(cherry picked from commit 905c9a72a708701597891527b422c7f374125c52)
|
||||
|
||||
diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
|
||||
index 2ce42f0c67..3805c426d8 100644
|
||||
--- a/crypto/conf/conf_sap.c
|
||||
+++ b/crypto/conf/conf_sap.c
|
||||
@@ -35,6 +35,7 @@ void OPENSSL_config(const char *appname)
|
||||
memset(&settings, 0, sizeof(settings));
|
||||
if (appname != NULL)
|
||||
settings.appname = strdup(appname);
|
||||
+ settings.flags = DEFAULT_CONF_MFLAGS;
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
|
||||
}
|
||||
#endif
|
Loading…
Reference in new issue